--- /dev/null +++ crypto/.gitignore @@ -0,0 +1,78 @@ +# OpenSSL: the following are generated paths that generally should not be committed to FreeBSD. +openssl/apps/tsget.pl +openssl/crypto/buildinf.h +openssl/doc/html +openssl/doc/man +openssl/test/buildtest_*.c +openssl/util/wrap.pl +openssl/**/*.cmake +openssl/**/*.ld +openssl/**/*.s +openssl/*.pc +openssl/Makefile +openssl/Makefile.in +openssl/builddata.pm +openssl/configdata.pm +openssl/installdata.pm +openssl/pod2htmd.tmp + +# .pod files generated from .pod.in files. +# +# List can be easily updated via this command: +# +# % find openssl/doc -name \*.pod.in | sed -e 's,\.in,,g' +openssl/doc/man1/openssl-asn1parse.pod +openssl/doc/man1/openssl-ca.pod +openssl/doc/man1/openssl-ciphers.pod +openssl/doc/man1/openssl-cmds.pod +openssl/doc/man1/openssl-cmp.pod +openssl/doc/man1/openssl-cms.pod +openssl/doc/man1/openssl-crl.pod +openssl/doc/man1/openssl-crl2pkcs7.pod +openssl/doc/man1/openssl-dgst.pod +openssl/doc/man1/openssl-dhparam.pod +openssl/doc/man1/openssl-dsa.pod +openssl/doc/man1/openssl-dsaparam.pod +openssl/doc/man1/openssl-ec.pod +openssl/doc/man1/openssl-ecparam.pod +openssl/doc/man1/openssl-enc.pod +openssl/doc/man1/openssl-engine.pod +openssl/doc/man1/openssl-errstr.pod +openssl/doc/man1/openssl-fipsinstall.pod +openssl/doc/man1/openssl-gendsa.pod +openssl/doc/man1/openssl-genpkey.pod +openssl/doc/man1/openssl-genrsa.pod +openssl/doc/man1/openssl-info.pod +openssl/doc/man1/openssl-kdf.pod +openssl/doc/man1/openssl-list.pod +openssl/doc/man1/openssl-mac.pod +openssl/doc/man1/openssl-nseq.pod +openssl/doc/man1/openssl-ocsp.pod +openssl/doc/man1/openssl-passwd.pod +openssl/doc/man1/openssl-pkcs12.pod +openssl/doc/man1/openssl-pkcs7.pod +openssl/doc/man1/openssl-pkcs8.pod +openssl/doc/man1/openssl-pkey.pod +openssl/doc/man1/openssl-pkeyparam.pod +openssl/doc/man1/openssl-pkeyutl.pod +openssl/doc/man1/openssl-prime.pod +openssl/doc/man1/openssl-rand.pod +openssl/doc/man1/openssl-rehash.pod +openssl/doc/man1/openssl-req.pod +openssl/doc/man1/openssl-rsa.pod +openssl/doc/man1/openssl-rsautl.pod +openssl/doc/man1/openssl-s_client.pod +openssl/doc/man1/openssl-s_server.pod +openssl/doc/man1/openssl-s_time.pod +openssl/doc/man1/openssl-sess_id.pod +openssl/doc/man1/openssl-skeyutl.pod +openssl/doc/man1/openssl-smime.pod +openssl/doc/man1/openssl-speed.pod +openssl/doc/man1/openssl-spkac.pod +openssl/doc/man1/openssl-srp.pod +openssl/doc/man1/openssl-storeutl.pod +openssl/doc/man1/openssl-ts.pod +openssl/doc/man1/openssl-verify.pod +openssl/doc/man1/openssl-version.pod +openssl/doc/man1/openssl-x509.pod +openssl/doc/man7/openssl_user_macros.pod --- crypto/openssl/ACKNOWLEDGEMENTS.md.orig +++ crypto/openssl/ACKNOWLEDGEMENTS.md @@ -1,5 +1,5 @@ -Acknowlegements -=============== +Acknowledgements +================ Please see our [Thanks!][] page for the current acknowledgements. --- /dev/null +++ crypto/openssl/BSDmakefile @@ -0,0 +1,101 @@ +# This BSD makefile helps provide a deterministic means of doing a "clean" +# vendor import of OpenSSL. +# +# Recommended use: +# +# % make clean +# % make all + +NO_OBJ= + +LCRYPTO_SRC= ${SRCTOP}/crypto/openssl +LCRYPTO_DOC= ${LCRYPTO_SRC}/doc + +CAT?= /bin/cat +CC?= cc +GMAKE?= gmake +LD?= ld +MV?= /bin/mv +PERL?= perl +SETENVI= /usr/bin/env -i + +BN_CONF_H= include/crypto/bn_conf.h +BN_CONF_H_ORIG= ${BN_CONF_H}.orig +CONFIGURATION_H= include/openssl/configuration.h +CONFIGURATION_H_ORIG= ${CONFIGURATION_H}.orig + +.PHONY: configure patch all +.ORDER: configure patch all + +LOCALBASE= /usr/local +WRK_ENV= CC=${CC} \ + LD=${LD} \ + PATH=${LOCALBASE}/bin:/bin:/usr/bin + +configure: + @(cd ${.CURDIR} && ${SETENVI} \ + ${WRK_ENV} \ + ${PERL} ./Configure \ + disable-aria \ + disable-egd \ + disable-idea \ + disable-mdc2 \ + disable-sm2 \ + disable-sm3 \ + disable-sm4 \ + enable-ec_nistp_64_gcc_128 \ + enable-ktls \ + enable-sctp \ + --openssldir=etc \ + --prefix=/usr) + +all: patch + @echo "==> Building generated files (headers, manpages, etc)" + @(cd ${.CURDIR} && \ + ${SETENVI} ${WRK_ENV} ${GMAKE} -j ${.MAKE.JOBS} build_all_generated) + + @echo "==> Cleaning / rebuilding ASM" + @(cd ${SRCTOP}/secure/lib/libcrypto && \ + ${SETENVI} ${WRK_ENV} ${MAKE} cleanasm && \ + ${SETENVI} ${WRK_ENV} ${MAKE} buildasm) + + @echo "==> Syncing manpages (section 1)" + @rsync -a --delete \ + --exclude 'Makefile*' --exclude '*.1' \ + ${LCRYPTO_DOC}/man/ \ + ${SRCTOP}/secure/lib/libcrypto/man + + @echo "==> Syncing manpages (sections {3,5,7})" + @rsync -a --delete \ + --exclude 'Makefile*' --exclude '*.[357]' \ + ${LCRYPTO_DOC}/man/man1/ \ + ${SRCTOP}/secure/usr.bin/openssl/man + + +# This doesn't use standard patching since the generated files can vary +# depending on the host architecture. +patch: configure + # Spam arch-specific overrides to config files. + @echo "==> Patching headers" + @(cd ${.CURDIR} && ${SETENVI} ${WRK_ENV} ${GMAKE} ${BN_CONF_H} && \ + ${MV} ${BN_CONF_H} ${BN_CONF_H_ORIG} && \ + ${CAT} ${BN_CONF_H}.orig \ + ${LCRYPTO_SRC}/freebsd/${BN_CONF_H} >> \ + ${BN_CONF_H}) + + @(cd ${.CURDIR} && \ + ${MV} ${CONFIGURATION_H} ${CONFIGURATION_H_ORIG} && \ + ${CAT} ${CONFIGURATION_H_ORIG} \ + ${LCRYPTO_SRC}/freebsd/${CONFIGURATION_H} >> \ + ${CONFIGURATION_H}) + + +clean: .PHONY + @(cd ${.CURDIR} && rm -f ${BN_CONF_H_ORIG} ${CONFIGURATION_H_ORIG}) + + @(cd ${SRCTOP}/secure/lib/libcrypto && \ + ${SETENVI} ${WRK_ENV} ${MAKE} cleanasm) + + -@(cd ${.CURDIR} && ${GMAKE} ${.TARGET}) + +.include --- crypto/openssl/CHANGES.md.orig +++ crypto/openssl/CHANGES.md @@ -28,6 +28,354 @@ [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.19 and 3.0.20 [7 Apr 2026] + + * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. + + Severity: Moderate + + Issue summary: Applications using RSASVE key encapsulation to establish + a secret encryption key can send contents of an uninitialized memory buffer + to a malicious peer. + + Impact summary: The uninitialized buffer might contain sensitive data + from the previous execution of the application process which leads + to sensitive data leakage to an attacker. + + Reported by: Simo Sorce (Red Hat). + + ([CVE-2026-31790]) + + *Nikola Pajkovsky* + + * Fixed potential use-after-free in DANE client code. + + Severity: Low + + Issue summary: An uncommon configuration of clients performing DANE + TLSA-based server authentication, when paired with uncommon server DANE TLSA + records, may result in a use-after-free and/or double-free on the client + side. + + Impact summary: A use after free can have a range of potential consequences + such as the corruption of valid data, crashes, or execution of arbitrary + code. + + Reported by: Igor Morgenstern (Aisle Research). + + ([CVE-2026-28387]) + + *Viktor Dukhovni* + + * Fixed NULL pointer dereference when processing a delta CRL. + + Severity: Low + + Issue summary: When a delta CRL that contains a Delta CRL Indicator extension + is processed, a NULL pointer dereference might happen if the required CRL + Number extension is missing. + + Impact summary: A NULL pointer dereference can trigger a crash which + leads to a Denial of Service for an application. + + Reported by: Igor Morgenstern (Aisle Research). + + ([CVE-2026-28388]) + + *Igor Morgenstern* + + * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. + + Severity: Low + + Issue summary: During processing of a crafted CMS EnvelopedData message + with KeyAgreeRecipientInfo a NULL pointer dereference can happen. + + Impact summary: Applications that process attacker-controlled CMS data may + crash before authentication or cryptographic operations occur resulting in + Denial of Service. + + Reported by: Nathan Sportsman (Praetorian), Daniel Rhea, + Jaeho Nam (Seoul National University), Muhammad Daffa, + Zhanpeng Liu (Tencent Xuanwu Lab), Guannan Wang (Tencent Xuanwu Lab), + Guancheng Li (Tencent Xuanwu Lab), and Joshua Rogers. + + ([CVE-2026-28389]) + + *Neil Horman* + + * Fixed possible NULL dereference when processing CMS + KeyTransportRecipientInfo. + + Severity: Low + + Issue summary: During processing of a crafted CMS EnvelopedData message + with KeyTransportRecipientInfo a NULL pointer dereference can happen. + + Impact summary: Applications that process attacker-controlled CMS data may + crash before authentication or cryptographic operations occur resulting in + Denial of Service. + + Reported by: Muhammad Daffa, Zhanpeng Liu (Tencent Xuanwu Lab), + Guannan Wang (Tencent Xuanwu Lab), Guancheng Li (Tencent Xuanwu Lab), + Joshua Rogers, and Chanho Kim. + + ([CVE-2026-28390]) + + *Neil Horman* + + * Fixed heap buffer overflow in hexadecimal conversion. + + Severity: Low + + Issue summary: Converting an excessively large OCTET STRING value to + a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. + + Impact summary: A heap buffer overflow may lead to a crash or possibly + an attacker controlled code execution or other undefined behavior. + + Reported by: Quoc Tran (Xint.io - US Team). + + ([CVE-2026-31789]) + + *Igor Ustinov* + + * Fixed usage of `openssl s_client -connect HOST -proxy PROXY` with `HOST` + containing a raw IPv6 address. + + + *Peter Zhang* + +### Changes between 3.0.18 and 3.0.19 [27 Jan 2026] + + * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing. + + Severity: High + + Issue summary: Parsing CMS `AuthEnvelopedData` message with maliciously + crafted AEAD parameters can trigger a stack buffer overflow. + + Impact summary: A stack buffer overflow may lead to a crash, causing Denial + of Service, or potentially remote code execution. + + Reported by: Stanislav Fort (Aisle Research) + + ([CVE-2025-15467]) + + *Igor Ustinov* + + * Fixed Heap out-of-bounds write in `BIO_f_linebuffer` on short writes. + + Severity: Low + + Issue summary: Writing large, newline-free data into a BIO chain using the + line-buffering filter where the next BIO performs short writes can trigger + a heap-based out-of-bounds write. + + Impact summary: This out-of-bounds write can cause memory corruption + which typically results in a crash, leading to Denial of Service for + an application. + + Reported by: Petr Simecek (Aisle Research) and Stanislav Fort (Aisle + Research) + + ([CVE-2025-68160]) + + *Stanislav Fort and Neil Horman* + + * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB + function calls. + + Severity: Low + + Issue summary: When using the low-level OCB API directly with AES-NI or + other hardware-accelerated code paths, inputs whose length is not a multiple + of 16 bytes can leave the final partial block unencrypted and + unauthenticated. + + Impact summary: The trailing 1-15 bytes of a message may be exposed in + cleartext on encryption and are not covered by the authentication tag, + allowing an attacker to read or tamper with those bytes without detection. + + Reported by: Stanislav Fort (Aisle Research) + + ([CVE-2025-69418]) + + *Stanislav Fort* + + * Fixed Out of bounds write in `PKCS12_get_friendlyname()` UTF-8 conversion. + + Severity: Low + + Issue summary: Calling `PKCS12_get_friendlyname()` function on a maliciously + crafted PKCS#12 file with a `BMPString` (UTF-16BE) friendly name containing + non-ASCII BMP code point can trigger a one byte write before the allocated + buffer. + + Impact summary: The out-of-bounds write can cause a memory corruption + which can have various consequences including a Denial of Service. + + Reported by: Stanislav Fort (Aisle Research) + + ([CVE-2025-69419]) + + *Norbert Pócs* + + * Fixed Missing `ASN1_TYPE` validation in `TS_RESP_verify_response()` function. + + Severity: Low + + Issue summary: A type confusion vulnerability exists in the TimeStamp + Response verification code where an `ASN1_TYPE` union member is accessed + without first validating the type, causing an invalid or NULL pointer + dereference when processing a malformed `TimeStamp` Response file. + + Impact summary: An application calling `TS_RESP_verify_response()` + with a malformed TimeStamp Response can be caused to dereference an invalid + or NULL pointer when reading, resulting in a Denial of Service. + + Reported by: Luigino Camastra (Aisle Research) + + ([CVE-2025-69420]) + + *Bob Beck* + + * Fixed NULL Pointer Dereference in `PKCS12_item_decrypt_d2i_ex()` function. + + Severity: Low + + Issue summary: Processing a malformed PKCS#12 file can trigger a NULL + pointer dereference in the `PKCS12_item_decrypt_d2i_ex()` function. + + Impact summary: A NULL pointer dereference can trigger a crash which leads + to Denial of Service for an application processing PKCS#12 files. + + Reported by: Luigino Camastra (Aisle Research) + + ([CVE-2025-69421]) + + *Luigino Camastra* + + * Fixed Missing `ASN1_TYPE` validation in PKCS#12 parsing. + + Severity: Low + + Issue summary: An invalid or NULL pointer dereference can happen in + an application processing a malformed PKCS#12 file. + + Impact summary: An application processing a malformed PKCS#12 file can be + caused to dereference an invalid or NULL pointer on memory read, resulting + in a Denial of Service. + + Reported by: Luigino Camastra (Aisle Research) + + ([CVE-2026-22795]) + + *Bob Beck* + + * Fixed `ASN1_TYPE` Type Confusion in the `PKCS7_digest_from_attributes()` + function. + + Severity: Low + + Issue summary: A type confusion vulnerability exists in the signature + verification of signed PKCS#7 data where an `ASN1_TYPE` union member + is accessed without first validating the type, causing an invalid or NULL + pointer dereference when processing malformed PKCS#7 data. + + Impact summary: An application performing signature verification of PKCS#7 + data or calling directly the `PKCS7_digest_from_attributes()` function can be + caused to dereference an invalid or NULL pointer when reading, resulting in + a Denial of Service. + + Reported by: Luigino Camastra (Aisle Research) + + ([CVE-2026-22796]) + + *Bob Beck* + + * Fixed incorrect acceptance of some malformed ECDSA signatures on s390x. + + + *Holger Dengler* + + * Source code has been reformatted with `clang-format`. + + + *Bob Beck* + +### Changes between 3.0.17 and 3.0.18 [30 Sep 2025] + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap + + Issue summary: An application trying to decrypt CMS messages encrypted using + password based encryption can trigger an out-of-bounds read and write. + + Impact summary: This out-of-bounds read may trigger a crash which leads to + Denial of Service for an application. The out-of-bounds write can cause + a memory corruption which can have various consequences including + a Denial of Service or Execution of attacker-supplied code. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9230]) + + *Viktor Dukhovni* + + * Fix Out-of-bounds read in HTTP client no_proxy handling + + Issue summary: An application using the OpenSSL HTTP client API functions + may trigger an out-of-bounds read if the "no_proxy" environment variable is + set and the host portion of the authority component of the HTTP URL is an + IPv6 address. + + Impact summary: An out-of-bounds read can trigger a crash which leads to + Denial of Service for an application. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9232]) + + *Stanislav Fort* + + * Avoided a potential race condition introduced in 3.0.17, where + `OSSL_STORE_CTX` kept open during lookup while potentially being used + by multiple threads simultaneously, that could lead to potential crashes + when multiple concurrent TLS connections are served. + + *Matt Caswell* + + * Secure memory allocation calls are no longer used for HMAC keys. + + *Dr Paul Dale* + + * `openssl req` no longer generates certificates with an empty extension list + when SKID/AKID are set to `none` during generation. + + *David Benjamin* + + * The man page date is now derived from the release date provided + in `VERSION.dat` and not the current date for the released builds. + + *Enji Cooper* + + * Hardened the provider implementation of the RSA public key "encrypt" + operation to add a missing check that the caller-indicated output buffer + size is at least as large as the byte count of the RSA modulus. The issue + was reported by Arash Ale Ebrahim from SYSPWN. + + This operation is typically invoked via `EVP_PKEY_encrypt(3)`. Callers that + in fact provide a sufficiently large buffer, but fail to correctly indicate + its size may now encounter unexpected errors. In applications that attempt + RSA public encryption into a buffer that is too small, an out-of-bounds + write is now avoided and an error is reported instead. + + *Viktor Dukhovni* + +### Changes between 3.0.16 and 3.0.17 [1 Jul 2025] + + * none yet + ### Changes between 3.0.15 and 3.0.16 [11 Feb 2025] * Fixed timing side-channel in ECDSA signature computation. @@ -951,6 +1299,24 @@ ### Changes between 3.0.0 and 3.0.1 [14 Dec 2021] + * Fixed carry bug in BN_mod_exp which may produce incorrect results on MIPS + squaring procedure. Many EC algorithms are affected, including some of the + TLS 1.3 default curves. Impact was not analyzed in detail, because the + pre-requisites for attack are considered unlikely and include reusing + private keys. Analysis suggests that attacks against RSA and DSA as a result + of this defect would be very difficult to perform and are not believed + likely. Attacks against DH are considered just feasible (although very + difficult) because most of the work necessary to deduce information about + a private key may be performed offline. + The amount of resources required for such an attack would be significant. + However, for an attack on TLS to be meaningful, the server would have + to share the DH private key among multiple clients, which is no longer + an option since CVE-2016-0701. + The issue only affects OpenSSL on MIPS platforms. + ([CVE-2021-4160]) + + *Bernd Edlinger* + * Fixed invalid handling of X509_verify_cert() internal errors in libssl Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a @@ -1814,7 +2180,7 @@ *Richard Levitte* - * Fixed an overflow bug in the x64_64 Montgomery squaring procedure + * Fixed an overflow bug in the x86_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very @@ -3273,7 +3639,7 @@ * Support for TLSv1.3 added. Note that users upgrading from an earlier version of OpenSSL should review their configuration settings to ensure that they are still appropriate for TLSv1.3. For further information see: - + *Matt Caswell* @@ -4561,7 +4927,7 @@ * The GOST engine was out of date and therefore it has been removed. An up to date GOST engine is now being maintained in an external repository. - See: . Libssl still retains + See: . Libssl still retains support for GOST ciphersuites (these are only activated if a GOST engine is present). @@ -5340,6 +5706,11 @@ *Rob Percival * + * SSLv3 is by default disabled at build-time. Builds that are not + configured with "enable-ssl3" will not support SSLv3. + + *Kurt Roeckx* + OpenSSL 1.0.2 ------------- @@ -19953,198 +20324,214 @@ -[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 -[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 -[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 -[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 -[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 -[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 -[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 -[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 -[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 -[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 -[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 -[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 -[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 -[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 -[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 -[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 +[CVE-2002-0655]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0655 +[CVE-2002-0656]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0656 +[CVE-2002-0657]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0657 +[CVE-2002-0659]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0659 +[CVE-2003-0078]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0078 +[CVE-2003-0543]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0543 +[CVE-2003-0544]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0544 +[CVE-2003-0545]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0545 +[CVE-2003-0851]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0851 +[CVE-2004-0079]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0079 +[CVE-2004-0112]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0112 +[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969 +[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937 +[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940 +[CVE-2006-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3738 +[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339 +[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343 +[CVE-2007-4995]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-4995 +[CVE-2007-5135]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-5135 +[CVE-2008-0891]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-0891 +[CVE-2008-1672]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1672 +[CVE-2008-1678]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1678 +[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077 +[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590 +[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591 +[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789 +[CVE-2009-1377]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1377 +[CVE-2009-1378]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1378 +[CVE-2009-1379]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1379 +[CVE-2009-1386]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1386 +[CVE-2009-3245]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3245 +[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555 +[CVE-2009-4355]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-4355 +[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433 +[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740 +[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633 +[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864 +[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180 +[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252 +[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014 +[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207 +[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210 +[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108 +[CVE-2011-4109]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4109 +[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576 +[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577 +[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619 +[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027 +[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050 +[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884 +[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110 +[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333 +[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686 +[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166 +[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169 +[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353 +[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450 +[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076 +[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160 +[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195 +[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221 +[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224 +[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470 +[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505 +[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506 +[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507 +[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508 +[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509 +[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510 +[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511 +[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512 +[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513 +[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566 +[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567 +[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568 +[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569 +[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570 +[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571 +[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572 +[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139 +[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275 +[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204 +[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205 +[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206 +[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207 +[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208 +[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209 +[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285 +[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286 +[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287 +[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288 +[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289 +[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290 +[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291 +[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293 +[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787 +[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788 +[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789 +[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790 +[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791 +[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792 +[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793 +[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193 +[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194 +[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195 +[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196 +[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197 +[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701 +[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702 +[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705 +[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797 +[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798 +[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799 +[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800 +[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105 +[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106 +[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107 +[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109 +[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176 +[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177 +[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178 +[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179 +[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180 +[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181 +[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182 +[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183 +[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302 +[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303 +[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304 +[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305 +[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306 +[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307 +[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308 +[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309 +[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052 +[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053 +[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054 +[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055 +[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730 +[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731 +[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732 +[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733 +[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735 +[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736 +[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737 +[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738 +[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732 +[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733 +[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734 +[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735 +[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737 +[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739 +[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407 +[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543 +[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547 +[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549 +[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551 +[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552 +[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559 +[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563 +[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967 +[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971 +[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097 +[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274 +[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996 +[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203 +[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304 +[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450 +[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215 +[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216 +[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217 +[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286 +[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401 +[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464 +[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465 +[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466 +[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255 +[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650 +[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975 +[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446 +[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817 +[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807 +[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363 +[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678 +[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129 +[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237 +[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727 +[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511 +[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603 +[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741 +[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535 +[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119 +[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143 +[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176 +[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230 +[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232 +[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467 +[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160 +[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418 +[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419 +[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420 +[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421 +[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795 +[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796 +[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387 +[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388 +[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389 +[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390 +[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789 +[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790 [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 -[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 -[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 -[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 -[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 -[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 -[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 -[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 -[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 -[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 -[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 -[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 -[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 -[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 -[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 -[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 -[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 -[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 -[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 -[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 -[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 -[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 -[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 -[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 -[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 -[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543 -[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407 -[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739 -[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737 -[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735 -[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734 -[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733 -[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732 -[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738 -[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737 -[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736 -[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735 -[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733 -[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732 -[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731 -[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730 -[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055 -[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054 -[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053 -[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052 -[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309 -[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308 -[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307 -[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306 -[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305 -[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304 -[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303 -[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302 -[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183 -[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182 -[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181 -[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180 -[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179 -[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178 -[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177 -[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176 -[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109 -[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107 -[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106 -[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105 -[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800 -[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799 -[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798 -[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797 -[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705 -[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702 -[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701 -[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197 -[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196 -[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195 -[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194 -[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193 -[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793 -[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792 -[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791 -[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790 -[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789 -[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788 -[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787 -[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293 -[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291 -[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290 -[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289 -[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288 -[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287 -[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286 -[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285 -[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209 -[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208 -[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207 -[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206 -[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205 -[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204 -[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275 -[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139 -[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572 -[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571 -[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570 -[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569 -[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568 -[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567 -[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566 -[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513 -[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512 -[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511 -[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510 -[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509 -[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508 -[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507 -[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506 -[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505 -[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470 -[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224 -[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221 -[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195 -[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160 -[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076 -[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450 -[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353 -[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169 -[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166 -[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686 -[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333 -[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110 -[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884 -[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050 -[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027 -[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619 -[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577 -[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576 -[CVE-2011-4109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4109 -[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108 -[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210 -[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207 -[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014 -[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252 -[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180 -[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864 -[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633 -[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740 -[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433 -[CVE-2009-4355]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-4355 -[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555 -[CVE-2009-3245]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3245 -[CVE-2009-1386]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1386 -[CVE-2009-1379]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1379 -[CVE-2009-1378]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1378 -[CVE-2009-1377]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1377 -[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789 -[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591 -[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590 -[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077 -[CVE-2008-1678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1678 -[CVE-2008-1672]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1672 -[CVE-2008-0891]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-0891 -[CVE-2007-5135]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-5135 -[CVE-2007-4995]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-4995 -[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343 -[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339 -[CVE-2006-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3738 -[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940 -[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937 -[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969 -[CVE-2004-0112]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0112 -[CVE-2004-0079]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0079 -[CVE-2003-0851]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0851 -[CVE-2003-0545]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0545 -[CVE-2003-0544]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0544 -[CVE-2003-0543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0543 -[CVE-2003-0078]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0078 -[CVE-2002-0659]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0659 -[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657 -[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656 -[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655 --- crypto/openssl/Configurations/10-main.conf.orig +++ crypto/openssl/Configurations/10-main.conf @@ -5,7 +5,8 @@ my $vc_win64a_info = {}; sub vc_win64a_info { unless (%$vc_win64a_info) { - if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { + # Minimum NASM version is 2.09 otherwise SHA3 might be miscompiled + if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+)\.([0-9]+)/ && ($1 > 2 || ($1 == 2 && $2 >= 9))) { $vc_win64a_info = { AS => "nasm", ASFLAGS => "-g", asflags => "-Ox -f win64 -DNEAR", --- crypto/openssl/Configurations/50-nonstop.conf.orig +++ crypto/openssl/Configurations/50-nonstop.conf @@ -167,12 +167,14 @@ # Build models 'nonstop-model-put' => { template => 1, + disable => [ 'secure-memory' ], defines => ['_PUT_MODEL_', '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'], ex_libs => '-lput', }, 'nonstop-model-spt' => { template => 1, + disable => [ 'secure-memory' ], defines => ['_SPT_MODEL_', '_REENTRANT', '_ENABLE_FLOSS_THREADS'], ex_libs => '-lspt', --- crypto/openssl/Configurations/unix-Makefile.tmpl.orig +++ crypto/openssl/Configurations/unix-Makefile.tmpl @@ -3,6 +3,8 @@ ## ## {- join("\n## ", @autowarntext) -} {- + use Time::Piece; + use OpenSSL::Util; our $makedep_scheme = $config{makedep_scheme}; @@ -64,10 +66,20 @@ CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -}) SRCDIR={- $config{sourcedir} -} BLDDIR={- $config{builddir} -} +RESULT_D=$(BLDDIR)/test-runs FIPSKEY={- $config{FIPSKEY} -} VERSION={- "$config{full_version}" -} VERSION_NUMBER={- "$config{version}" -} +RELEASE_DATE={- my $t = localtime; + if ($config{"release_date"}) { + # Provide the user with a more meaningful error message + # than the default internal parsing error from + # `Time::Piece->strptime(..)`. + eval { $t = Time::Piece->strptime($config{"release_date"}, "%d %b %Y"); } || + die "Parsing \$config{release_date} ('$config{release_date}') failed: $@"; + } + $t->strftime("%Y-%m-%d") -} MAJOR={- $config{major} -} MINOR={- $config{minor} -} SHLIB_VERSION_NUMBER={- $config{shlib_version} -} @@ -589,7 +601,7 @@ -find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \; $(RM) core $(RM) tags TAGS doc-nits md-nits - $(RM) -r test/test-runs + $(RM) -r $(RESULT_D) $(RM) providers/fips*.new $(RM) openssl.pc libcrypto.pc libssl.pc -find . -type l \! -name '.*' -exec $(RM) {} \; @@ -1540,7 +1552,8 @@ return <<"EOF"; $args{src}: $pod pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ - --release=\$(VERSION) $pod >\$\@ + --date=\$(RELEASE_DATE) --release=\$(VERSION) \\ + $pod >\$\@ EOF } elsif (platform->isdef($args{src})) { # --- crypto/openssl/Configurations/windows-makefile.tmpl.orig +++ crypto/openssl/Configurations/windows-makefile.tmpl @@ -38,6 +38,7 @@ PLATFORM={- $config{target} -} SRCDIR={- $config{sourcedir} -} BLDDIR={- $config{builddir} -} +RESULT_D=$(BLDDIR)\test-runs FIPSKEY={- $config{FIPSKEY} -} VERSION={- "$config{full_version}" -} @@ -217,7 +218,7 @@ LIBDIR={- our $libdir = $config{libdir} || "lib"; file_name_is_absolute($libdir) ? "" : $libdir -} MODULESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath catpath); - our $modulesprefix = catdir($prefix,$libdir); + our $modulesprefix = file_name_is_absolute($libdir) ? $libdir : catdir($prefix,$libdir); our ($modulesprefix_dev, $modulesprefix_dir, $modulesprefix_file) = splitpath($modulesprefix, 1); @@ -477,7 +478,7 @@ -del /Q /S /F engines\*.lib engines\*.exp -del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp -del /Q /S /F test\*.exp - -rd /Q /S test\test-runs + -@if exist "$(RESULT_D)" rd /Q /S "$(RESULT_D)" distclean: clean -del /Q /F include\openssl\configuration.h --- crypto/openssl/Configure.orig +++ crypto/openssl/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -157,6 +157,7 @@ -Wextra -Wno-unused-parameter -Wno-missing-field-initializers + -Wno-unterminated-string-initialization -Wswitch -Wsign-compare -Wshadow @@ -602,7 +603,7 @@ # Without shared libraries, dynamic engines aren't possible. # This is due to them having to link with libcrypto and register features # using the ENGINE functionality, and since that relies on global tables, - # those *have* to be exacty the same as the ones accessed from the app, + # those *have* to be exactly the same as the ones accessed from the app, # which cannot be guaranteed if shared libraries aren't present. # (note that even with shared libraries, both the app and dynamic engines # must be linked with the same library) @@ -1791,7 +1792,7 @@ my %disabled_info = (); # For configdata.pm foreach my $what (sort keys %disabled) { # There are deprecated disablables that translate to themselves. - # They cause disabling cascades, but should otherwise not regiter. + # They cause disabling cascades, but should otherwise not register. next if $deprecated_disablables{$what}; # The generated $disabled{"deprecated-x.y"} entries are special # and treated properly elsewhere --- crypto/openssl/INSTALL.md.orig +++ crypto/openssl/INSTALL.md @@ -1471,7 +1471,7 @@ PERL The name of the Perl executable to use when building OpenSSL. - Only needed if builing should use a different Perl executable + Only needed if building should use a different Perl executable than what is used to run the Configure script. RANLIB @@ -1627,7 +1627,7 @@ Along with a short description of the bug, please provide the complete configure command line and the relevant output including the error message. -Note: To make the output readable, pleace add a 'code fence' (three backquotes +Note: To make the output readable, please add a 'code fence' (three backquotes ` ``` ` on a separate line) before and after your output: ``` --- crypto/openssl/NEWS.md.orig +++ crypto/openssl/NEWS.md @@ -18,6 +18,87 @@ OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.19 and OpenSSL 3.0.20 [7 Apr 2026] + +OpenSSL 3.0.20 is a security patch release. The most severe CVE fixed in this +release is Medium. + +This release incorporates the following bug fixes and mitigations: + + * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. + ([CVE-2026-31790]) + + * Fixed potential use-after-free in DANE client code. + ([CVE-2026-28387]) + + * Fixed NULL pointer dereference when processing a delta CRL. + ([CVE-2026-28388]) + + * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. + ([CVE-2026-28389]) + + * Fixed possible NULL dereference when processing CMS + KeyTransportRecipientInfo. + ([CVE-2026-28390]) + + * Fixed heap buffer overflow in hexadecimal conversion. + ([CVE-2026-31789]) + +### Major changes between OpenSSL 3.0.18 and OpenSSL 3.0.19 [27 Jan 2026] + +OpenSSL 3.0.19 is a security patch release. The most severe CVE fixed in this +release is High. + +This release incorporates the following bug fixes and mitigations: + + * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing. + ([CVE-2025-15467]) + + * Fixed Heap out-of-bounds write in `BIO_f_linebuffer` on short writes. + ([CVE-2025-68160]) + + * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB + function calls. + ([CVE-2025-69418]) + + * Fixed Out of bounds write in `PKCS12_get_friendlyname()` UTF-8 conversion. + ([CVE-2025-69419]) + + * Fixed Missing `ASN1_TYPE` validation in `TS_RESP_verify_response()` + function. + ([CVE-2025-69420]) + + * Fixed NULL Pointer Dereference in `PKCS12_item_decrypt_d2i_ex()` function. + ([CVE-2025-69421]) + + * Fixed Missing `ASN1_TYPE` validation in PKCS#12 parsing. + ([CVE-2026-22795]) + + * Fixed `ASN1_TYPE` Type Confusion in the `PKCS7_digest_from_attributes()` + function. + ([CVE-2026-22796]) + +### Major changes between OpenSSL 3.0.17 and OpenSSL 3.0.18 [30 Sep 2025] + +OpenSSL 3.0.18 is a security patch release. The most severe CVE fixed in this +release is Moderate. + +This release incorporates the following bug fixes and mitigations: + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. + ([CVE-2025-9230]) + + * Fix Out-of-bounds read in HTTP client no_proxy handling. + ([CVE-2025-9232]) + +### Major changes between OpenSSL 3.0.16 and OpenSSL 3.0.17 [1 Jul 2025] + +OpenSSL 3.0.17 is a bug fix release. + +This release incorporates the following bug fixes and mitigations: + + * Miscellaneous minor bug fixes. + ### Major changes between OpenSSL 3.0.15 and OpenSSL 3.0.16 [11 Feb 2025] OpenSSL 3.0.16 is a security patch release. The most severe CVE fixed in this @@ -142,7 +223,7 @@ * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key ([CVE-2022-1434]) * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory - occuppied by the removed hash table entries ([CVE-2022-1473]) + occupied by the removed hash table entries ([CVE-2022-1473]) ### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022] @@ -151,6 +232,8 @@ ### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021] + * Fixed carry bug in BN_mod_exp which may produce incorrect results on MIPS + ([CVE-2021-4160]) * Fixed invalid handling of X509_verify_cert() internal errors in libssl ([CVE-2021-4044]) * Allow fetching an operation from the provider that owns an unexportable key @@ -161,7 +244,7 @@ * Enhanced 'openssl list' with many new options. * Added migration guide to man7. * Implemented support for fully "pluggable" TLSv1.3 groups. - * Added suport for Kernel TLS (KTLS). + * Added support for Kernel TLS (KTLS). * Changed the license to the Apache License v2.0. * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider. @@ -204,7 +287,7 @@ * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(), ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and ERR_func_error_string(). - * Added OSSL_PROVIDER_available(), to check provider availibility. + * Added OSSL_PROVIDER_available(), to check provider availability. * Added 'openssl mac' that uses the EVP_MAC API. * Added 'openssl kdf' that uses the EVP_KDF API. * Add OPENSSL_info() and 'openssl info' to get built-in data. @@ -278,7 +361,7 @@ ### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] - * Fixed an overflow bug in the x64_64 Montgomery squaring procedure + * Fixed an overflow bug in the x86_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli ([CVE-2019-1551]) ### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] @@ -329,7 +412,7 @@ * Rewrite of the packet construction code for "safer" packet handling * Rewrite of the extension handling code For further important information, see the [TLS1.3 page]( - https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki. + https://github.com/openssl/openssl/wiki/TLS1.3) in the OpenSSL Wiki. * Complete rewrite of the OpenSSL random number generator to introduce the following capabilities @@ -1508,179 +1591,194 @@ * Support for various new platforms - -[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 -[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 -[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 -[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 -[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 -[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 -[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 -[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 -[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 -[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 -[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 -[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 -[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 -[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 -[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 -[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 -[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 -[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 -[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 -[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 -[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 -[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 -[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 -[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 -[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 -[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 -[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 -[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 -[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 -[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 -[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 -[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 -[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 -[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 -[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 -[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 -[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 -[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 -[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 -[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 -[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543 -[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407 -[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739 -[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737 -[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735 -[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734 -[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733 -[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732 -[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738 -[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737 -[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736 -[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735 -[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733 -[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732 -[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731 -[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730 -[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055 -[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054 -[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053 -[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052 -[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309 -[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308 -[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307 -[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306 -[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305 -[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304 -[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303 -[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302 -[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183 -[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182 -[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181 -[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180 -[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179 -[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178 -[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177 -[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176 -[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109 -[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107 -[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106 -[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105 -[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800 -[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799 -[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798 -[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797 -[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705 -[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702 -[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701 -[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197 -[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196 -[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195 -[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194 -[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193 -[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793 -[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792 -[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791 -[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790 -[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789 -[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788 -[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787 -[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293 -[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291 -[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290 -[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289 -[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288 -[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287 -[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286 -[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285 -[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209 -[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208 -[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207 -[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206 -[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205 -[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204 -[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275 -[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139 -[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572 -[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571 -[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570 -[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569 -[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568 -[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567 -[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566 -[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513 -[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512 -[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511 -[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510 -[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509 -[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508 -[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507 -[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506 -[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505 -[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470 -[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224 -[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221 -[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198 -[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195 -[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160 -[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076 -[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450 -[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449 -[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353 -[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169 -[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166 -[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686 -[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333 -[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110 -[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884 -[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050 -[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027 -[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619 -[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577 -[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576 -[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108 -[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210 -[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207 -[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014 -[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298 -[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252 -[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180 -[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864 -[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939 -[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633 -[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740 -[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433 -[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555 -[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789 -[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591 -[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590 -[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077 -[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343 -[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339 -[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737 -[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940 -[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937 -[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969 +[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969 +[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937 +[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940 +[CVE-2006-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3737 +[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339 +[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343 +[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077 +[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590 +[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591 +[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789 +[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555 +[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433 +[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740 +[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633 +[CVE-2010-2939]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-2939 +[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864 +[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180 +[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252 +[CVE-2010-5298]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-5298 +[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014 +[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207 +[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210 +[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108 +[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576 +[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577 +[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619 +[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027 +[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050 +[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884 +[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110 +[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333 +[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686 +[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166 +[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169 +[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353 +[CVE-2013-6449]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6449 +[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450 +[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076 +[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160 +[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195 +[CVE-2014-0198]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0198 +[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221 +[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224 +[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470 +[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505 +[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506 +[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507 +[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508 +[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509 +[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510 +[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511 +[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512 +[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513 +[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566 +[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567 +[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568 +[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569 +[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570 +[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571 +[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572 +[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139 +[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275 +[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204 +[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205 +[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206 +[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207 +[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208 +[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209 +[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285 +[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286 +[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287 +[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288 +[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289 +[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290 +[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291 +[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293 +[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787 +[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788 +[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789 +[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790 +[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791 +[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792 +[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793 +[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193 +[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194 +[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195 +[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196 +[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197 +[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701 +[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702 +[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705 +[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797 +[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798 +[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799 +[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800 +[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105 +[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106 +[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107 +[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109 +[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176 +[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177 +[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178 +[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179 +[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180 +[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181 +[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182 +[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183 +[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302 +[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303 +[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304 +[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305 +[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306 +[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307 +[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308 +[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309 +[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052 +[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053 +[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054 +[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055 +[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730 +[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731 +[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732 +[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733 +[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735 +[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736 +[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737 +[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738 +[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732 +[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733 +[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734 +[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735 +[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737 +[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739 +[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407 +[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543 +[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547 +[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549 +[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551 +[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552 +[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559 +[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563 +[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967 +[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971 +[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097 +[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274 +[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996 +[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203 +[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304 +[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450 +[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215 +[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216 +[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217 +[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286 +[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401 +[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464 +[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465 +[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466 +[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255 +[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650 +[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975 +[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446 +[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817 +[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807 +[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363 +[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678 +[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129 +[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237 +[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727 +[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511 +[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603 +[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741 +[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535 +[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119 +[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143 +[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176 +[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230 +[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232 +[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467 +[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160 +[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418 +[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419 +[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420 +[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421 +[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795 +[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796 +[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387 +[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388 +[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389 +[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390 +[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789 +[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790 --- crypto/openssl/NOTES-WINDOWS.md.orig +++ crypto/openssl/NOTES-WINDOWS.md @@ -79,6 +79,11 @@ OpenSSL or - `perl Configure` to let Configure figure out the platform + a. If you don't plan to develop OpenSSL yourself and don't need to rebuild, + in other words, if you always do a new build, turning off the build + dependency feature can speed up build times by up to 50%: + `perl Configure no-makedepend` + 6. `nmake` 7. `nmake test` --- crypto/openssl/README-ENGINES.md.orig +++ crypto/openssl/README-ENGINES.md @@ -8,7 +8,7 @@ interface for adding alternative implementations of cryptographic primitives, most notably for integrating hardware crypto devices. -The ENGINE interface has its limitations and it has been superseeded +The ENGINE interface has its limitations and it has been superseded by the [PROVIDER API](README-PROVIDERS.md), it is deprecated in OpenSSL version 3.0. The following documentation is retained as an aid for users who need to maintain or support existing ENGINE implementations. --- crypto/openssl/README.md.orig +++ crypto/openssl/README.md @@ -128,8 +128,7 @@ Wiki ---- -There is a Wiki at [wiki.openssl.org] which is currently not very active. -It contains a lot of useful information, not all of which is up to date. +There is a [GitHub Wiki] which is currently not very active. License ======= @@ -162,7 +161,7 @@ Copyright ========= -Copyright (c) 1998-2025 The OpenSSL Project +Copyright (c) 1998-2026 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -178,8 +177,8 @@ "OpenSSL GitHub Mirror" -[wiki.openssl.org]: - +[GitHub Wiki]: + "OpenSSL Wiki" [migration_guide(7ossl)]: --- crypto/openssl/VERSION.dat.orig +++ crypto/openssl/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=16 +PATCH=20 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="11 Feb 2025" +RELEASE_DATE="7 Apr 2026" SHLIB_VERSION=3 --- /dev/null +++ crypto/openssl/apps/CA.pl @@ -0,0 +1,383 @@ +#!/usr/bin/env perl +# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# +# Wrapper around the ca to make it easier to use +# +# WARNING: do not edit! +# Generated by Makefile from apps/CA.pl.in + +use strict; +use warnings; + +my $verbose = 1; +my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify"); + +my $openssl = $ENV{'OPENSSL'} // "openssl"; +$ENV{'OPENSSL'} = $openssl; +my @openssl = split_val($openssl); + +my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // ""; +my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG); + +# Command invocations. +my @REQ = (@openssl, "req", @OPENSSL_CONFIG); +my @CA = (@openssl, "ca", @OPENSSL_CONFIG); +my @VERIFY = (@openssl, "verify"); +my @X509 = (@openssl, "x509"); +my @PKCS12 = (@openssl, "pkcs12"); + +# Default values for various configuration settings. +my $CATOP = "./demoCA"; +my $CAKEY = "cakey.pem"; +my $CAREQ = "careq.pem"; +my $CACERT = "cacert.pem"; +my $CACRL = "crl.pem"; +my @DAYS = qw(-days 365); +my @CADAYS = qw(-days 1095); # 3 years +my @EXTENSIONS = qw(-extensions v3_ca); +my @POLICY = qw(-policy policy_anything); +my $NEWKEY = "newkey.pem"; +my $NEWREQ = "newreq.pem"; +my $NEWCERT = "newcert.pem"; +my $NEWP12 = "newcert.p12"; + +# Commandline parsing +my %EXTRA; +my $WHAT = shift @ARGV // ""; +@ARGV = parse_extra(@ARGV); +my $RET = 0; + +sub split_val { + return split_val_win32(@_) if ($^O eq 'MSWin32'); + my ($val) = @_; + my (@ret, @frag); + + # Skip leading whitespace + $val =~ m{\A[ \t]*}ogc; + + # Unix shell-compatible split + # + # Handles backslash escapes outside quotes and + # in double-quoted strings. Parameter and + # command-substitution is silently ignored. + # Bare newlines outside quotes and (trailing) backslashes are disallowed. + + while (1) { + last if (pos($val) == length($val)); + + # The first char is never a SPACE or TAB. Possible matches are: + # 1. Ordinary string fragment + # 2. Single-quoted string + # 3. Double-quoted string + # 4. Backslash escape + # 5. Bare backlash or newline (rejected) + # + if ($val =~ m{\G([^'" \t\n\\]+)}ogc) { + # Ordinary string + push @frag, $1; + } elsif ($val =~ m{\G'([^']*)'}ogc) { + # Single-quoted string + push @frag, $1; + } elsif ($val =~ m{\G"}ogc) { + # Double-quoted string + push @frag, ""; + while (1) { + last if ($val =~ m{\G"}ogc); + if ($val =~ m{\G([^"\\]+)}ogcs) { + # literals + push @frag, $1; + } elsif ($val =~ m{\G.(["\`\$\\])}ogc) { + # backslash-escaped special + push @frag, $1; + } elsif ($val =~ m{\G.(.)}ogcs) { + # backslashed non-special + push @frag, "\\$1" unless $1 eq "\n"; + } else { + die sprintf("Malformed quoted string: %s\n", $val); + } + } + } elsif ($val =~ m{\G\\(.)}ogc) { + # Backslash is unconditional escape outside quoted strings + push @frag, $1 unless $1 eq "\n"; + } else { + die sprintf("Bare backslash or newline in: '%s'\n", $val); + } + # Done if at SPACE, TAB or end, otherwise continue current fragment + # + next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs); + push @ret, join("", splice(@frag)) if (@frag > 0); + } + # Handle final fragment + push @ret, join("", splice(@frag)) if (@frag > 0); + return @ret; +} + +sub split_val_win32 { + my ($val) = @_; + my (@ret, @frag); + + # Skip leading whitespace + $val =~ m{\A[ \t]*}ogc; + + # Windows-compatible split + # See: "Parsing C++ command-line arguments" in: + # https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170 + # + # Backslashes are special only when followed by a double-quote + # Pairs of double-quotes make a single double-quote. + # Closing double-quotes may be omitted. + + while (1) { + last if (pos($val) == length($val)); + + # The first char is never a SPACE or TAB. + # 1. Ordinary string fragment + # 2. Double-quoted string + # 3. Backslashes preceding a double-quote + # 4. Literal backslashes + # 5. Bare newline (rejected) + # + if ($val =~ m{\G([^" \t\n\\]+)}ogc) { + # Ordinary string + push @frag, $1; + } elsif ($val =~ m{\G"}ogc) { + # Double-quoted string + push @frag, ""; + while (1) { + if ($val =~ m{\G("+)}ogc) { + # Two double-quotes make one literal double-quote + my $l = length($1); + push @frag, q{"} x int($l/2) if ($l > 1); + next if ($l % 2 == 0); + last; + } + if ($val =~ m{\G([^"\\]+)}ogc) { + push @frag, $1; + } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) { + # Backslashes before a double-quote are escapes + my $l = length($1); + push @frag, q{\\} x int($l / 2); + if ($l % 2 == 1) { + ++pos($val); + push @frag, q{"}; + } + } elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) { + # Backslashes not before a double-quote are not special + push @frag, $1; + } else { + # Tolerate missing closing double-quote + last; + } + } + } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) { + my $l = length($1); + push @frag, q{\\} x int($l / 2); + if ($l % 2 == 1) { + ++pos($val); + push @frag, q{"}; + } + } elsif ($val =~ m{\G([\\]+)}ogc) { + # Backslashes not before a double-quote are not special + push @frag, $1; + } else { + die sprintf("Bare newline in: '%s'\n", $val); + } + # Done if at SPACE, TAB or end, otherwise continue current fragment + # + next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs); + push @ret, join("", splice(@frag)) if (@frag > 0); + } + # Handle final fragment + push @ret, join("", splice(@frag)) if (@frag); + return @ret; +} + +# Split out "-extra-CMD value", and return new |@ARGV|. Fill in +# |EXTRA{CMD}| with list of values. +sub parse_extra +{ + my @args; + foreach ( @OPENSSL_CMDS ) { + $EXTRA{$_} = []; + } + while (@_) { + my $arg = shift(@_); + if ( $arg !~ m{^-extra-(\w+)$} ) { + push @args, split_val($arg); + next; + } + $arg = $1; + die "Unknown \"-extra-${arg}\" option, exiting\n" + unless grep { $arg eq $_ } @OPENSSL_CMDS; + die "Missing \"-extra-${arg}\" option value, exiting\n" + unless (@_ > 0); + push @{$EXTRA{$arg}}, split_val(shift(@_)); + } + return @args; +} + + +# See if reason for a CRL entry is valid; exit if not. +sub crl_reason_ok +{ + my $r = shift; + + if ($r eq 'unspecified' || $r eq 'keyCompromise' + || $r eq 'CACompromise' || $r eq 'affiliationChanged' + || $r eq 'superseded' || $r eq 'cessationOfOperation' + || $r eq 'certificateHold' || $r eq 'removeFromCRL') { + return 1; + } + print STDERR "Invalid CRL reason; must be one of:\n"; + print STDERR " unspecified, keyCompromise, CACompromise,\n"; + print STDERR " affiliationChanged, superseded, cessationOfOperation\n"; + print STDERR " certificateHold, removeFromCRL"; + exit 1; +} + +# Copy a PEM-format file; return like exit status (zero means ok) +sub copy_pemfile +{ + my ($infile, $outfile, $bound) = @_; + my $found = 0; + + open IN, $infile || die "Cannot open $infile, $!"; + open OUT, ">$outfile" || die "Cannot write to $outfile, $!"; + while () { + $found = 1 if /^-----BEGIN.*$bound/; + print OUT $_ if $found; + $found = 2, last if /^-----END.*$bound/; + } + close IN; + close OUT; + return $found == 2 ? 0 : 1; +} + +# Wrapper around system; useful for debugging. Returns just the exit status +sub run +{ + my ($cmd, @args) = @_; + print "====\n$cmd @args\n" if $verbose; + my $status = system {$cmd} $cmd, @args; + print "==> $status\n====\n" if $verbose; + return $status >> 8; +} + + +if ( $WHAT =~ /^(-\?|-h|-help)$/ ) { + print STDERR <${CATOP}/index.txt"; + close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; + # ask user for existing CA certificate + print "CA certificate filename (or enter to create)\n"; + my $FILE; + $FILE = "" unless defined($FILE = ); + $FILE =~ s{\R$}{}; + if ($FILE ne "") { + copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + } else { + print "Making CA certificate ...\n"; + $RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY", + "-out", "${CATOP}/$CAREQ", @{$EXTRA{req}}); + $RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS, + qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign", + @EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}}) + if $RET == 0; + print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; + } +} elsif ($WHAT eq '-pkcs12' ) { + my $cname = $ARGV[0]; + $cname = "My Certificate" unless defined $cname; + $RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY, + "-certfile", "${CATOP}/$CACERT", "-out", $NEWP12, + qw(-export -name), $cname, @{$EXTRA{pkcs12}}); + print "PKCS#12 file is in $NEWP12\n" if $RET == 0; +} elsif ($WHAT eq '-xsign' ) { + $RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}}); +} elsif ($WHAT eq '-sign' ) { + $RET = run(@CA, @POLICY, "-out", $NEWCERT, + "-infiles", $NEWREQ, @{$EXTRA{ca}}); + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signCA' ) { + $RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS, + "-infiles", $NEWREQ, @{$EXTRA{ca}}); + print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signcert' ) { + $RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ, + qw(-out tmp.pem), @{$EXTRA{x509}}); + $RET = run(@CA, @POLICY, "-out", $NEWCERT, + qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0; + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-verify' ) { + my @files = @ARGV ? @ARGV : ( $NEWCERT ); + foreach my $file (@files) { + my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}}); + $RET = $status if $status != 0; + } +} elsif ($WHAT eq '-crl' ) { + $RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}}); + print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; +} elsif ($WHAT eq '-revoke' ) { + my $cname = $ARGV[0]; + if (!defined $cname) { + print "Certificate filename is required; reason optional.\n"; + exit 1; + } + my @reason; + @reason = ("-crl_reason", $ARGV[1]) + if defined $ARGV[1] && crl_reason_ok($ARGV[1]); + $RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}}); +} else { + print STDERR "Unknown arg \"$WHAT\"\n"; + print STDERR "Use -help for help.\n"; + exit 1; +} + +exit $RET; --- crypto/openssl/apps/CA.pl.in.orig +++ crypto/openssl/apps/CA.pl.in @@ -1,5 +1,5 @@ #!{- $config{HASHBANGPERL} -} -# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,14 +19,17 @@ my $openssl = $ENV{'OPENSSL'} // "openssl"; $ENV{'OPENSSL'} = $openssl; +my @openssl = split_val($openssl); + my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // ""; +my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG); # Command invocations. -my $REQ = "$openssl req $OPENSSL_CONFIG"; -my $CA = "$openssl ca $OPENSSL_CONFIG"; -my $VERIFY = "$openssl verify"; -my $X509 = "$openssl x509"; -my $PKCS12 = "$openssl pkcs12"; +my @REQ = (@openssl, "req", @OPENSSL_CONFIG); +my @CA = (@openssl, "ca", @OPENSSL_CONFIG); +my @VERIFY = (@openssl, "verify"); +my @X509 = (@openssl, "x509"); +my @PKCS12 = (@openssl, "pkcs12"); # Default values for various configuration settings. my $CATOP = "./demoCA"; @@ -34,8 +37,10 @@ my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; my $CACRL = "crl.pem"; -my $DAYS = "-days 365"; -my $CADAYS = "-days 1095"; # 3 years +my @DAYS = qw(-days 365); +my @CADAYS = qw(-days 1095); # 3 years +my @EXTENSIONS = qw(-extensions v3_ca); +my @POLICY = qw(-policy policy_anything); my $NEWKEY = "newkey.pem"; my $NEWREQ = "newreq.pem"; my $NEWCERT = "newcert.pem"; @@ -43,31 +48,177 @@ # Commandline parsing my %EXTRA; -my $WHAT = shift @ARGV || ""; +my $WHAT = shift @ARGV // ""; @ARGV = parse_extra(@ARGV); my $RET = 0; +sub split_val { + return split_val_win32(@_) if ($^O eq 'MSWin32'); + my ($val) = @_; + my (@ret, @frag); + + # Skip leading whitespace + $val =~ m{\A[ \t]*}ogc; + + # Unix shell-compatible split + # + # Handles backslash escapes outside quotes and + # in double-quoted strings. Parameter and + # command-substitution is silently ignored. + # Bare newlines outside quotes and (trailing) backslashes are disallowed. + + while (1) { + last if (pos($val) == length($val)); + + # The first char is never a SPACE or TAB. Possible matches are: + # 1. Ordinary string fragment + # 2. Single-quoted string + # 3. Double-quoted string + # 4. Backslash escape + # 5. Bare backlash or newline (rejected) + # + if ($val =~ m{\G([^'" \t\n\\]+)}ogc) { + # Ordinary string + push @frag, $1; + } elsif ($val =~ m{\G'([^']*)'}ogc) { + # Single-quoted string + push @frag, $1; + } elsif ($val =~ m{\G"}ogc) { + # Double-quoted string + push @frag, ""; + while (1) { + last if ($val =~ m{\G"}ogc); + if ($val =~ m{\G([^"\\]+)}ogcs) { + # literals + push @frag, $1; + } elsif ($val =~ m{\G.(["\`\$\\])}ogc) { + # backslash-escaped special + push @frag, $1; + } elsif ($val =~ m{\G.(.)}ogcs) { + # backslashed non-special + push @frag, "\\$1" unless $1 eq "\n"; + } else { + die sprintf("Malformed quoted string: %s\n", $val); + } + } + } elsif ($val =~ m{\G\\(.)}ogc) { + # Backslash is unconditional escape outside quoted strings + push @frag, $1 unless $1 eq "\n"; + } else { + die sprintf("Bare backslash or newline in: '%s'\n", $val); + } + # Done if at SPACE, TAB or end, otherwise continue current fragment + # + next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs); + push @ret, join("", splice(@frag)) if (@frag > 0); + } + # Handle final fragment + push @ret, join("", splice(@frag)) if (@frag > 0); + return @ret; +} + +sub split_val_win32 { + my ($val) = @_; + my (@ret, @frag); + + # Skip leading whitespace + $val =~ m{\A[ \t]*}ogc; + + # Windows-compatible split + # See: "Parsing C++ command-line arguments" in: + # https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170 + # + # Backslashes are special only when followed by a double-quote + # Pairs of double-quotes make a single double-quote. + # Closing double-quotes may be omitted. + + while (1) { + last if (pos($val) == length($val)); + + # The first char is never a SPACE or TAB. + # 1. Ordinary string fragment + # 2. Double-quoted string + # 3. Backslashes preceding a double-quote + # 4. Literal backslashes + # 5. Bare newline (rejected) + # + if ($val =~ m{\G([^" \t\n\\]+)}ogc) { + # Ordinary string + push @frag, $1; + } elsif ($val =~ m{\G"}ogc) { + # Double-quoted string + push @frag, ""; + while (1) { + if ($val =~ m{\G("+)}ogc) { + # Two double-quotes make one literal double-quote + my $l = length($1); + push @frag, q{"} x int($l/2) if ($l > 1); + next if ($l % 2 == 0); + last; + } + if ($val =~ m{\G([^"\\]+)}ogc) { + push @frag, $1; + } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) { + # Backslashes before a double-quote are escapes + my $l = length($1); + push @frag, q{\\} x int($l / 2); + if ($l % 2 == 1) { + ++pos($val); + push @frag, q{"}; + } + } elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) { + # Backslashes not before a double-quote are not special + push @frag, $1; + } else { + # Tolerate missing closing double-quote + last; + } + } + } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) { + my $l = length($1); + push @frag, q{\\} x int($l / 2); + if ($l % 2 == 1) { + ++pos($val); + push @frag, q{"}; + } + } elsif ($val =~ m{\G([\\]+)}ogc) { + # Backslashes not before a double-quote are not special + push @frag, $1; + } else { + die sprintf("Bare newline in: '%s'\n", $val); + } + # Done if at SPACE, TAB or end, otherwise continue current fragment + # + next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs); + push @ret, join("", splice(@frag)) if (@frag > 0); + } + # Handle final fragment + push @ret, join("", splice(@frag)) if (@frag); + return @ret; +} + # Split out "-extra-CMD value", and return new |@ARGV|. Fill in # |EXTRA{CMD}| with list of values. sub parse_extra { + my @args; foreach ( @OPENSSL_CMDS ) { - $EXTRA{$_} = ''; + $EXTRA{$_} = []; } - - my @result; - while ( scalar(@_) > 0 ) { - my $arg = shift; - if ( $arg !~ m/-extra-([a-z0-9]+)/ ) { - push @result, $arg; + while (@_) { + my $arg = shift(@_); + if ( $arg !~ m{^-extra-(\w+)$} ) { + push @args, split_val($arg); next; } - $arg =~ s/-extra-//; - die("Unknown \"-${arg}-extra\" option, exiting") - unless scalar grep { $arg eq $_ } @OPENSSL_CMDS; - $EXTRA{$arg} .= " " . shift; + $arg = $1; + die "Unknown \"-extra-${arg}\" option, exiting\n" + unless grep { $arg eq $_ } @OPENSSL_CMDS; + die "Missing \"-extra-${arg}\" option value, exiting\n" + unless (@_ > 0); + push @{$EXTRA{$arg}}, split_val(shift(@_)); } - return @result; + return @args; } @@ -110,9 +261,9 @@ # Wrapper around system; useful for debugging. Returns just the exit status sub run { - my $cmd = shift; - print "====\n$cmd\n" if $verbose; - my $status = system($cmd); + my ($cmd, @args) = @_; + print "====\n$cmd @args\n" if $verbose; + my $status = system {$cmd} $cmd, @args; print "==> $status\n====\n" if $verbose; return $status >> 8; } @@ -131,17 +282,15 @@ if ($WHAT eq '-newcert' ) { # create a certificate - $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS" - . " $EXTRA{req}"); + $RET = run(@REQ, qw(-new -x509 -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}}); print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; } elsif ($WHAT eq '-precert' ) { # create a pre-certificate - $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS" - . " $EXTRA{req}"); + $RET = run(@REQ, qw(-x509 -precert -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}}); print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; } elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) { # create a certificate request - $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}"); + $RET = run(@REQ, "-new", (defined $1 ? ($1,) : ()), "-keyout", $NEWKEY, "-out", $NEWREQ, @{$EXTRA{req}}); print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0; } elsif ($WHAT eq '-newca' ) { # create the directory hierarchy @@ -174,48 +323,45 @@ copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); } else { print "Making CA certificate ...\n"; - $RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY" - . " -out ${CATOP}/$CAREQ $EXTRA{req}"); - $RET = run("$CA -create_serial" - . " -out ${CATOP}/$CACERT $CADAYS -batch" - . " -keyfile ${CATOP}/private/$CAKEY -selfsign" - . " -extensions v3_ca" - . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0; + $RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY", + "-out", "${CATOP}/$CAREQ", @{$EXTRA{req}}); + $RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS, + qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign", + @EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}}) + if $RET == 0; print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; } } elsif ($WHAT eq '-pkcs12' ) { my $cname = $ARGV[0]; $cname = "My Certificate" unless defined $cname; - $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY" - . " -certfile ${CATOP}/$CACERT -out $NEWP12" - . " -export -name \"$cname\" $EXTRA{pkcs12}"); - print "PKCS #12 file is in $NEWP12\n" if $RET == 0; + $RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY, + "-certfile", "${CATOP}/$CACERT", "-out", $NEWP12, + qw(-export -name), $cname, @{$EXTRA{pkcs12}}); + print "PKCS#12 file is in $NEWP12\n" if $RET == 0; } elsif ($WHAT eq '-xsign' ) { - $RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}"); + $RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}}); } elsif ($WHAT eq '-sign' ) { - $RET = run("$CA -policy policy_anything -out $NEWCERT" - . " -infiles $NEWREQ $EXTRA{ca}"); + $RET = run(@CA, @POLICY, "-out", $NEWCERT, + "-infiles", $NEWREQ, @{$EXTRA{ca}}); print "Signed certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-signCA' ) { - $RET = run("$CA -policy policy_anything -out $NEWCERT" - . " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}"); + $RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS, + "-infiles", $NEWREQ, @{$EXTRA{ca}}); print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-signcert' ) { - $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ" - . " -out tmp.pem $EXTRA{x509}"); - $RET = run("$CA -policy policy_anything -out $NEWCERT" - . "-infiles tmp.pem $EXTRA{ca}") if $RET == 0; + $RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ, + qw(-out tmp.pem), @{$EXTRA{x509}}); + $RET = run(@CA, @POLICY, "-out", $NEWCERT, + qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0; print "Signed certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-verify' ) { my @files = @ARGV ? @ARGV : ( $NEWCERT ); foreach my $file (@files) { - # -CAfile quoted for VMS, since the C RTL downcases all unquoted - # arguments to C programs - my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}"); + my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}}); $RET = $status if $status != 0; } } elsif ($WHAT eq '-crl' ) { - $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}"); + $RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}}); print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; } elsif ($WHAT eq '-revoke' ) { my $cname = $ARGV[0]; @@ -223,10 +369,10 @@ print "Certificate filename is required; reason optional.\n"; exit 1; } - my $reason = $ARGV[1]; - $reason = " -crl_reason $reason" - if defined $reason && crl_reason_ok($reason); - $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca}); + my @reason; + @reason = ("-crl_reason", $ARGV[1]) + if defined $ARGV[1] && crl_reason_ok($ARGV[1]); + $RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}}); } else { print STDERR "Unknown arg \"$WHAT\"\n"; print STDERR "Use -help for help.\n"; --- crypto/openssl/apps/asn1parse.c.orig +++ crypto/openssl/apps/asn1parse.c @@ -20,40 +20,51 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT, - OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT, - OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM, + OPT_INFORM, + OPT_IN, + OPT_OUT, + OPT_INDENT, + OPT_NOOUT, + OPT_OID, + OPT_OFFSET, + OPT_LENGTH, + OPT_DUMP, + OPT_DLIMIT, + OPT_STRPARSE, + OPT_GENSTR, + OPT_GENCONF, + OPT_STRICTPEM, OPT_ITEM } OPTION_CHOICE; const OPTIONS asn1parse_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"oid", OPT_OID, '<', "file of extra oid definitions"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "oid", OPT_OID, '<', "file of extra oid definitions" }, OPT_SECTION("I/O"), - {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"}, - {"in", OPT_IN, '<', "input file"}, - {"out", OPT_OUT, '>', "output file (output format is always DER)"}, - {"noout", OPT_NOOUT, 0, "do not produce any output"}, - {"offset", OPT_OFFSET, 'p', "offset into file"}, - {"length", OPT_LENGTH, 'p', "length of section in file"}, - {"strparse", OPT_STRPARSE, 'p', - "offset; a series of these can be used to 'dig'"}, - {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, - {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, - {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"}, - {"strictpem", OPT_STRICTPEM, 0, - "do not attempt base64 decode outside PEM markers"}, - {"item", OPT_ITEM, 's', "item to parse and print"}, - {OPT_MORE_STR, 0, 0, "(-inform will be ignored)"}, + { "inform", OPT_INFORM, 'F', "input format - one of DER PEM" }, + { "in", OPT_IN, '<', "input file" }, + { "out", OPT_OUT, '>', "output file (output format is always DER)" }, + { "noout", OPT_NOOUT, 0, "do not produce any output" }, + { "offset", OPT_OFFSET, 'p', "offset into file" }, + { "length", OPT_LENGTH, 'p', "length of section in file" }, + { "strparse", OPT_STRPARSE, 'p', + "offset; a series of these can be used to 'dig'" }, + { OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings" }, + { "genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from" }, + { "genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from" }, + { "strictpem", OPT_STRICTPEM, 0, + "do not attempt base64 decode outside PEM markers" }, + { "item", OPT_ITEM, 's', "item to parse and print" }, + { OPT_MORE_STR, 0, 0, "(-inform will be ignored)" }, OPT_SECTION("Formatting"), - {"i", OPT_INDENT, 0, "indents the output"}, - {"dump", OPT_DUMP, 0, "unknown data in hex form"}, - {"dlimit", OPT_DLIMIT, 'p', - "dump the first arg bytes of unknown data in hex form"}, - {NULL} + { "i", OPT_INDENT, 0, "indents the output" }, + { "dump", OPT_DUMP, 0, "unknown data in hex form" }, + { "dlimit", OPT_DLIMIT, 'p', + "dump the first arg bytes of unknown data in hex form" }, + { NULL } }; static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf); @@ -88,7 +99,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -190,7 +201,7 @@ buf->length = buf->max = num; } else { if (!BUF_MEM_grow(buf, BUFSIZ * 8)) - goto end; /* Pre-allocate :-) */ + goto end; /* Pre-allocate :-) */ if (genstr || genconf) { num = do_generate(genstr, genconf, buf); @@ -222,7 +233,6 @@ } } str = (unsigned char *)buf->data; - } /* If any structs to parse go through in sequence */ @@ -236,7 +246,7 @@ j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0); if (j <= 0 || j >= tmplen) { BIO_printf(bio_err, "'%s' is out of range\n", - sk_OPENSSL_STRING_value(osk, i)); + sk_OPENSSL_STRING_value(osk, i)); continue; } tmpbuf += j; @@ -302,7 +312,7 @@ } } ret = 0; - end: +end: BIO_free(derout); BIO_free(in); BIO_free(b64); @@ -356,7 +366,7 @@ ASN1_TYPE_free(atyp); return len; - err: +err: NCONF_free(cnf); ASN1_TYPE_free(atyp); return -1; --- crypto/openssl/apps/ca.c.orig +++ crypto/openssl/apps/ca.c @@ -24,115 +24,115 @@ #include #ifndef W_OK -# ifdef OPENSSL_SYS_VMS -# include -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_TANDEM) -# include -# endif +#ifdef OPENSSL_SYS_VMS +#include +#elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_TANDEM) +#include +#endif #endif #include "apps.h" #include "progs.h" #ifndef W_OK -# define F_OK 0 -# define W_OK 2 -# define R_OK 4 +#define F_OK 0 +#define W_OK 2 +#define R_OK 4 #endif #ifndef PATH_MAX -# define PATH_MAX 4096 +#define PATH_MAX 4096 #endif -#define BASE_SECTION "ca" - -#define ENV_DEFAULT_CA "default_ca" - -#define STRING_MASK "string_mask" -#define UTF8_IN "utf8" - -#define ENV_NEW_CERTS_DIR "new_certs_dir" -#define ENV_CERTIFICATE "certificate" -#define ENV_SERIAL "serial" -#define ENV_RAND_SERIAL "rand_serial" -#define ENV_CRLNUMBER "crlnumber" -#define ENV_PRIVATE_KEY "private_key" -#define ENV_DEFAULT_DAYS "default_days" -#define ENV_DEFAULT_STARTDATE "default_startdate" -#define ENV_DEFAULT_ENDDATE "default_enddate" -#define ENV_DEFAULT_CRL_DAYS "default_crl_days" -#define ENV_DEFAULT_CRL_HOURS "default_crl_hours" -#define ENV_DEFAULT_MD "default_md" -#define ENV_DEFAULT_EMAIL_DN "email_in_dn" -#define ENV_PRESERVE "preserve" -#define ENV_POLICY "policy" -#define ENV_EXTENSIONS "x509_extensions" -#define ENV_CRLEXT "crl_extensions" -#define ENV_MSIE_HACK "msie_hack" -#define ENV_NAMEOPT "name_opt" -#define ENV_CERTOPT "cert_opt" -#define ENV_EXTCOPY "copy_extensions" -#define ENV_UNIQUE_SUBJECT "unique_subject" - -#define ENV_DATABASE "database" +#define BASE_SECTION "ca" + +#define ENV_DEFAULT_CA "default_ca" + +#define STRING_MASK "string_mask" +#define UTF8_IN "utf8" + +#define ENV_NEW_CERTS_DIR "new_certs_dir" +#define ENV_CERTIFICATE "certificate" +#define ENV_SERIAL "serial" +#define ENV_RAND_SERIAL "rand_serial" +#define ENV_CRLNUMBER "crlnumber" +#define ENV_PRIVATE_KEY "private_key" +#define ENV_DEFAULT_DAYS "default_days" +#define ENV_DEFAULT_STARTDATE "default_startdate" +#define ENV_DEFAULT_ENDDATE "default_enddate" +#define ENV_DEFAULT_CRL_DAYS "default_crl_days" +#define ENV_DEFAULT_CRL_HOURS "default_crl_hours" +#define ENV_DEFAULT_MD "default_md" +#define ENV_DEFAULT_EMAIL_DN "email_in_dn" +#define ENV_PRESERVE "preserve" +#define ENV_POLICY "policy" +#define ENV_EXTENSIONS "x509_extensions" +#define ENV_CRLEXT "crl_extensions" +#define ENV_MSIE_HACK "msie_hack" +#define ENV_NAMEOPT "name_opt" +#define ENV_CERTOPT "cert_opt" +#define ENV_EXTCOPY "copy_extensions" +#define ENV_UNIQUE_SUBJECT "unique_subject" + +#define ENV_DATABASE "database" /* Additional revocation information types */ typedef enum { - REV_VALID = -1, /* Valid (not-revoked) status */ - REV_NONE = 0, /* No additional information */ - REV_CRL_REASON = 1, /* Value is CRL reason code */ - REV_HOLD = 2, /* Value is hold instruction */ - REV_KEY_COMPROMISE = 3, /* Value is cert key compromise time */ - REV_CA_COMPROMISE = 4 /* Value is CA key compromise time */ + REV_VALID = -1, /* Valid (not-revoked) status */ + REV_NONE = 0, /* No additional information */ + REV_CRL_REASON = 1, /* Value is CRL reason code */ + REV_HOLD = 2, /* Value is hold instruction */ + REV_KEY_COMPROMISE = 3, /* Value is cert key compromise time */ + REV_CA_COMPROMISE = 4 /* Value is CA key compromise time */ } REVINFO_TYPE; static char *lookup_conf(const CONF *conf, const char *group, const char *tag); static int certify(X509 **xret, const char *infile, int informat, - EVP_PKEY *pkey, X509 *x509, - const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(OPENSSL_STRING) *vfyopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, - long days, int batch, const char *ext_sect, CONF *conf, - int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign, unsigned long dateopt); + EVP_PKEY *pkey, X509 *x509, + const char *dgst, + STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(OPENSSL_STRING) *vfyopts, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, + long days, int batch, const char *ext_sect, CONF *conf, + int verbose, unsigned long certopt, unsigned long nameopt, + int default_op, int ext_copy, int selfsign, unsigned long dateopt); static int certify_cert(X509 **xret, const char *infile, int certformat, - const char *passin, EVP_PKEY *pkey, X509 *x509, - const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(OPENSSL_STRING) *vfyopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, long days, int batch, const char *ext_sect, - CONF *conf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt); + const char *passin, EVP_PKEY *pkey, X509 *x509, + const char *dgst, + STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(OPENSSL_STRING) *vfyopts, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, long days, int batch, const char *ext_sect, + CONF *conf, int verbose, unsigned long certopt, + unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt); static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, - X509 *x509, const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, long days, const char *ext_sect, CONF *conf, - int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt); + X509 *x509, const char *dgst, + STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, long days, const char *ext_sect, CONF *conf, + int verbose, unsigned long certopt, + unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, - const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, - const char *subj, unsigned long chtype, int multirdn, - int email_dn, const char *startdate, const char *enddate, long days, - int batch, int verbose, X509_REQ *req, const char *ext_sect, - CONF *conf, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign, unsigned long dateopt); + const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, + const char *subj, unsigned long chtype, int multirdn, + int email_dn, const char *startdate, const char *enddate, long days, + int batch, int verbose, X509_REQ *req, const char *ext_sect, + CONF *conf, unsigned long certopt, unsigned long nameopt, + int default_op, int ext_copy, int selfsign, unsigned long dateopt); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); static int check_time_format(const char *str); static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type, - const char *extval); + const char *extval); static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg); static int make_revoked(X509_REVOKED *rev, const char *str); static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str); @@ -144,117 +144,159 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8, - OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE, - OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN, - OPT_KEY, OPT_CERT, OPT_CERTFORM, OPT_SELFSIGN, - OPT_IN, OPT_INFORM, OPT_OUT, OPT_DATEOPT, OPT_OUTDIR, OPT_VFYOPT, - OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN, - OPT_GENCRL, OPT_MSIE_HACK, OPT_CRL_LASTUPDATE, OPT_CRL_NEXTUPDATE, - OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, - OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID, - OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS, + OPT_ENGINE, + OPT_VERBOSE, + OPT_CONFIG, + OPT_NAME, + OPT_SUBJ, + OPT_UTF8, + OPT_CREATE_SERIAL, + OPT_MULTIVALUE_RDN, + OPT_STARTDATE, + OPT_ENDDATE, + OPT_DAYS, + OPT_MD, + OPT_POLICY, + OPT_KEYFILE, + OPT_KEYFORM, + OPT_PASSIN, + OPT_KEY, + OPT_CERT, + OPT_CERTFORM, + OPT_SELFSIGN, + OPT_IN, + OPT_INFORM, + OPT_OUT, + OPT_DATEOPT, + OPT_OUTDIR, + OPT_VFYOPT, + OPT_SIGOPT, + OPT_NOTEXT, + OPT_BATCH, + OPT_PRESERVEDN, + OPT_NOEMAILDN, + OPT_GENCRL, + OPT_MSIE_HACK, + OPT_CRL_LASTUPDATE, + OPT_CRL_NEXTUPDATE, + OPT_CRLDAYS, + OPT_CRLHOURS, + OPT_CRLSEC, + OPT_INFILES, + OPT_SS_CERT, + OPT_SPKAC, + OPT_REVOKE, + OPT_VALID, + OPT_EXTENSIONS, + OPT_EXTFILE, + OPT_STATUS, + OPT_UPDATEDB, + OPT_CRLEXTS, OPT_RAND_SERIAL, - OPT_R_ENUM, OPT_PROV_ENUM, + OPT_R_ENUM, + OPT_PROV_ENUM, /* Do not change the order here; see related case statements below */ - OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE + OPT_CRL_REASON, + OPT_CRL_HOLD, + OPT_CRL_COMPROMISE, + OPT_CRL_CA_COMPROMISE } OPTION_CHOICE; const OPTIONS ca_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [certreq...]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [certreq...]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"}, - {"outdir", OPT_OUTDIR, '/', "Where to put output cert"}, - {"in", OPT_IN, '<', "The input cert request(s)"}, - {"inform", OPT_INFORM, 'F', "CSR input format (DER or PEM); default PEM"}, - {"infiles", OPT_INFILES, '-', "The last argument, requests to process"}, - {"out", OPT_OUT, '>', "Where to put the output file(s)"}, - {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, - {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"}, - {"batch", OPT_BATCH, '-', "Don't ask questions"}, - {"msie_hack", OPT_MSIE_HACK, '-', - "msie modifications to handle all Universal Strings"}, - {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"}, - {"spkac", OPT_SPKAC, '<', - "File contains DN and signed public key and challenge"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "verbose", OPT_VERBOSE, '-', "Verbose output during processing" }, + { "outdir", OPT_OUTDIR, '/', "Where to put output cert" }, + { "in", OPT_IN, '<', "The input cert request(s)" }, + { "inform", OPT_INFORM, 'F', "CSR input format (DER or PEM); default PEM" }, + { "infiles", OPT_INFILES, '-', "The last argument, requests to process" }, + { "out", OPT_OUT, '>', "Where to put the output file(s)" }, + { "dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822." }, + { "notext", OPT_NOTEXT, '-', "Do not print the generated certificate" }, + { "batch", OPT_BATCH, '-', "Don't ask questions" }, + { "msie_hack", OPT_MSIE_HACK, '-', + "msie modifications to handle all Universal Strings" }, + { "ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign" }, + { "spkac", OPT_SPKAC, '<', + "File contains DN and signed public key and challenge" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Configuration"), - {"config", OPT_CONFIG, 's', "A config file"}, - {"name", OPT_NAME, 's', "The particular CA definition to use"}, - {"section", OPT_NAME, 's', "An alias for -name"}, - {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, + { "config", OPT_CONFIG, 's', "A config file" }, + { "name", OPT_NAME, 's', "The particular CA definition to use" }, + { "section", OPT_NAME, 's', "An alias for -name" }, + { "policy", OPT_POLICY, 's', "The CA 'policy' to support" }, OPT_SECTION("Certificate"), - {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"}, - {"utf8", OPT_UTF8, '-', "Input characters are UTF8; default ASCII"}, - {"create_serial", OPT_CREATE_SERIAL, '-', - "If reading serial fails, create a new random serial"}, - {"rand_serial", OPT_RAND_SERIAL, '-', - "Always create a random serial; do not store it"}, - {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', - "Deprecated; multi-valued RDNs support is always on."}, - {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"}, - {"enddate", OPT_ENDDATE, 's', - "YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, - {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, - {"extensions", OPT_EXTENSIONS, 's', - "Extension section (override value in config file)"}, - {"extfile", OPT_EXTFILE, '<', - "Configuration file with X509v3 extensions to add"}, - {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"}, - {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, + { "subj", OPT_SUBJ, 's', "Use arg instead of request's subject" }, + { "utf8", OPT_UTF8, '-', "Input characters are UTF8; default ASCII" }, + { "create_serial", OPT_CREATE_SERIAL, '-', + "If reading serial fails, create a new random serial" }, + { "rand_serial", OPT_RAND_SERIAL, '-', + "Always create a random serial; do not store it" }, + { "multivalue-rdn", OPT_MULTIVALUE_RDN, '-', + "Deprecated; multi-valued RDNs support is always on." }, + { "startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ" }, + { "enddate", OPT_ENDDATE, 's', + "YYMMDDHHMMSSZ cert notAfter (overrides -days)" }, + { "days", OPT_DAYS, 'p', "Number of days to certify the cert for" }, + { "extensions", OPT_EXTENSIONS, 's', + "Extension section (override value in config file)" }, + { "extfile", OPT_EXTFILE, '<', + "Configuration file with X509v3 extensions to add" }, + { "preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN" }, + { "noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN" }, OPT_SECTION("Signing"), - {"md", OPT_MD, 's', "Digest to use, such as sha256"}, - {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, - {"keyform", OPT_KEYFORM, 'f', - "Private key file format (ENGINE, other values ignored)"}, - {"passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source"}, - {"key", OPT_KEY, 's', - "Key to decrypt the private key or cert files if encrypted. Better use -passin"}, - {"cert", OPT_CERT, '<', "The CA cert"}, - {"certform", OPT_CERTFORM, 'F', - "Certificate input format (DER/PEM/P12); has no effect"}, - {"selfsign", OPT_SELFSIGN, '-', - "Sign a cert with the key associated with it"}, - {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, - {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"}, + { "md", OPT_MD, 's', "Digest to use, such as sha256" }, + { "keyfile", OPT_KEYFILE, 's', "The CA private key" }, + { "keyform", OPT_KEYFORM, 'f', + "Private key file format (ENGINE, other values ignored)" }, + { "passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source" }, + { "key", OPT_KEY, 's', + "Key to decrypt the private key or cert files if encrypted. Better use -passin" }, + { "cert", OPT_CERT, '<', "The CA cert" }, + { "certform", OPT_CERTFORM, 'F', + "Certificate input format (DER/PEM/P12); has no effect" }, + { "selfsign", OPT_SELFSIGN, '-', + "Sign a cert with the key associated with it" }, + { "sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form" }, + { "vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form" }, OPT_SECTION("Revocation"), - {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"}, - {"valid", OPT_VALID, 's', - "Add a Valid(not-revoked) DB entry about a cert (given in file)"}, - {"status", OPT_STATUS, 's', "Shows cert status given the serial number"}, - {"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"}, - {"crlexts", OPT_CRLEXTS, 's', - "CRL extension section (override value in config file)"}, - {"crl_reason", OPT_CRL_REASON, 's', "revocation reason"}, - {"crl_hold", OPT_CRL_HOLD, 's', - "the hold instruction, an OID. Sets revocation reason to certificateHold"}, - {"crl_compromise", OPT_CRL_COMPROMISE, 's', - "sets compromise time to val and the revocation reason to keyCompromise"}, - {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's', - "sets compromise time to val and the revocation reason to CACompromise"}, - {"crl_lastupdate", OPT_CRL_LASTUPDATE, 's', - "Sets the CRL lastUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)"}, - {"crl_nextupdate", OPT_CRL_NEXTUPDATE, 's', - "Sets the CRL nextUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)"}, - {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"}, - {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"}, - {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"}, - {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"}, + { "gencrl", OPT_GENCRL, '-', "Generate a new CRL" }, + { "valid", OPT_VALID, 's', + "Add a Valid(not-revoked) DB entry about a cert (given in file)" }, + { "status", OPT_STATUS, 's', "Shows cert status given the serial number" }, + { "updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert" }, + { "crlexts", OPT_CRLEXTS, 's', + "CRL extension section (override value in config file)" }, + { "crl_reason", OPT_CRL_REASON, 's', "revocation reason" }, + { "crl_hold", OPT_CRL_HOLD, 's', + "the hold instruction, an OID. Sets revocation reason to certificateHold" }, + { "crl_compromise", OPT_CRL_COMPROMISE, 's', + "sets compromise time to val and the revocation reason to keyCompromise" }, + { "crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's', + "sets compromise time to val and the revocation reason to CACompromise" }, + { "crl_lastupdate", OPT_CRL_LASTUPDATE, 's', + "Sets the CRL lastUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)" }, + { "crl_nextupdate", OPT_CRL_NEXTUPDATE, 's', + "Sets the CRL nextUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)" }, + { "crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due" }, + { "crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due" }, + { "crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due" }, + { "revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"certreq", 0, 0, "Certificate requests to be signed (optional)"}, - {NULL} + { "certreq", 0, 0, "Certificate requests to be signed (optional)" }, + { NULL } }; int ca_main(int argc, char **argv) @@ -307,7 +349,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -482,7 +524,7 @@ case OPT_CRLEXTS: crl_ext = opt_arg(); break; - case OPT_CRL_REASON: /* := REV_CRL_REASON */ + case OPT_CRL_REASON: /* := REV_CRL_REASON */ case OPT_CRL_HOLD: case OPT_CRL_COMPROMISE: case OPT_CRL_CA_COMPROMISE: @@ -608,7 +650,7 @@ if (!X509_check_private_key(x509, pkey)) { BIO_printf(bio_err, - "CA certificate and CA private key do not match\n"); + "CA certificate and CA private key do not match\n"); goto end; } } @@ -668,7 +710,7 @@ outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR); if (outdir == NULL) { BIO_printf(bio_err, - "there needs to be defined a directory for new certificate to be placed in\n"); + "there needs to be defined a directory for new certificate to be placed in\n"); goto end; } #ifndef OPENSSL_SYS_VMS @@ -704,12 +746,11 @@ pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { BIO_printf(bio_err, - "entry %d: not revoked yet, but has a revocation date\n", - i + 1); + "entry %d: not revoked yet, but has a revocation date\n", + i + 1); goto end; } - if ((pp[DB_type][0] == DB_TYPE_REV) && - !make_revoked(NULL, pp[DB_rev_date])) { + if ((pp[DB_type][0] == DB_TYPE_REV) && !make_revoked(NULL, pp[DB_rev_date])) { BIO_printf(bio_err, " in entry %d\n", i + 1); goto end; } @@ -725,14 +766,14 @@ } if ((j & 1) || (j < 2)) { BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", - i + 1, j); + i + 1, j); goto end; } - for ( ; *p; p++) { + for (; *p; p++) { if (!isxdigit(_UC(*p))) { BIO_printf(bio_err, - "entry %d: bad char 0%o '%c' in serial number\n", - i + 1, *p, *p); + "entry %d: bad char 0%o '%c' in serial number\n", + i + 1, *p, *p); goto end; } } @@ -740,7 +781,7 @@ if (verbose) { TXT_DB_write(bio_out, db->db); BIO_printf(bio_err, "%d entries loaded from the database\n", - sk_OPENSSL_PSTRING_num(db->db->data)); + sk_OPENSSL_PSTRING_num(db->db->data)); BIO_printf(bio_err, "generating index\n"); } @@ -782,7 +823,7 @@ if (verbose) BIO_printf(bio_err, "Successfully loaded extensions file %s\n", - extfile); + extfile); /* We can have sections in the ext file */ if (extensions == NULL) { @@ -815,8 +856,8 @@ if (def_ret == 2 && strcmp(def_dgst, "UNDEF") == 0) { dgst = NULL; } else if (dgst == NULL - && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL - && strcmp(def_dgst, "UNDEF") != 0) { + && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL + && strcmp(def_dgst, "UNDEF") != 0) { goto end; } else { if (strcmp(dgst, "default") == 0 || strcmp(def_dgst, "UNDEF") == 0) { @@ -864,8 +905,8 @@ X509V3_set_nconf(&ctx, extfile_conf); if (!X509V3_EXT_add_nconf(extfile_conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, - "Error checking certificate extensions from extfile section %s\n", - extensions); + "Error checking certificate extensions from extfile section %s\n", + extensions); ret = 1; goto end; } @@ -887,8 +928,8 @@ X509V3_set_nconf(&ctx, conf); if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, - "Error checking certificate extension config section %s\n", - extensions); + "Error checking certificate extension config section %s\n", + extensions); ret = 1; goto end; } @@ -902,7 +943,7 @@ } if (startdate != NULL && !ASN1_TIME_set_string_X509(NULL, startdate)) { BIO_printf(bio_err, - "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); + "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); goto end; } if (startdate == NULL) @@ -915,7 +956,7 @@ } if (enddate != NULL && !ASN1_TIME_set_string_X509(NULL, enddate)) { BIO_printf(bio_err, - "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); + "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); goto end; } @@ -965,10 +1006,10 @@ if (spkac_file != NULL) { total++; j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts, - attribs, db, serial, subj, chtype, multirdn, - email_dn, startdate, enddate, days, extensions, - conf, verbose, certopt, get_nameopt(), default_op, - ext_copy, dateopt); + attribs, db, serial, subj, chtype, multirdn, + email_dn, startdate, enddate, days, extensions, + conf, verbose, certopt, get_nameopt(), default_op, + ext_copy, dateopt); if (j < 0) goto end; if (j > 0) { @@ -985,11 +1026,11 @@ if (ss_cert_file != NULL) { total++; j = certify_cert(&x, ss_cert_file, certformat, passin, pkey, - x509, dgst, sigopts, vfyopts, attribs, - db, serial, subj, chtype, multirdn, email_dn, - startdate, enddate, days, batch, extensions, - conf, verbose, certopt, get_nameopt(), default_op, - ext_copy, dateopt); + x509, dgst, sigopts, vfyopts, attribs, + db, serial, subj, chtype, multirdn, email_dn, + startdate, enddate, days, batch, extensions, + conf, verbose, certopt, get_nameopt(), default_op, + ext_copy, dateopt); if (j < 0) goto end; if (j > 0) { @@ -1006,10 +1047,10 @@ if (infile != NULL) { total++; j = certify(&x, infile, informat, pkey, x509p, dgst, - sigopts, vfyopts, attribs, db, - serial, subj, chtype, multirdn, email_dn, startdate, - enddate, days, batch, extensions, conf, verbose, - certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt); + sigopts, vfyopts, attribs, db, + serial, subj, chtype, multirdn, email_dn, startdate, + enddate, days, batch, extensions, conf, verbose, + certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt); if (j < 0) goto end; if (j > 0) { @@ -1026,11 +1067,11 @@ for (i = 0; i < argc; i++) { total++; j = certify(&x, argv[i], informat, pkey, x509p, dgst, - sigopts, vfyopts, - attribs, db, - serial, subj, chtype, multirdn, email_dn, startdate, - enddate, days, batch, extensions, conf, verbose, - certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt); + sigopts, vfyopts, + attribs, db, + serial, subj, chtype, multirdn, email_dn, startdate, + enddate, days, batch, extensions, conf, verbose, + certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt); if (j < 0) goto end; if (j > 0) { @@ -1055,8 +1096,8 @@ if (sk_X509_num(cert_sk) > 0) { if (!batch) { BIO_printf(bio_err, - "\n%d out of %d certificate requests certified, commit? [y/n]", - total_done, total); + "\n%d out of %d certificate requests certified, commit? [y/n]", + total_done, total); (void)BIO_flush(bio_err); tmp[0] = '\0'; if (fgets(tmp, sizeof(tmp), stdin) == NULL) { @@ -1072,10 +1113,10 @@ } BIO_printf(bio_err, "Write out database with %d new entries\n", - sk_X509_num(cert_sk)); + sk_X509_num(cert_sk)); if (serialfile != NULL - && !save_serial(serialfile, "new", serial, NULL)) + && !save_serial(serialfile, "new", serial, NULL)) goto end; if (!save_index(dbfile, "new", db)) @@ -1119,12 +1160,12 @@ *(n++) = 'p'; *(n++) = 'e'; *(n++) = 'm'; - *n = '\0'; /* closing new_cert */ + *n = '\0'; /* closing new_cert */ if (verbose) BIO_printf(bio_err, "writing %s\n", new_cert); Sout = bio_open_default(outfile, 'w', - output_der ? FORMAT_ASN1 : FORMAT_TEXT); + output_der ? FORMAT_ASN1 : FORMAT_TEXT); if (Sout == NULL) goto end; @@ -1143,7 +1184,7 @@ if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ if (serialfile != NULL - && !rotate_serial(serialfile, "new", "old")) + && !rotate_serial(serialfile, "new", "old")) goto end; if (!rotate_index(dbfile, "new", "old")) @@ -1169,7 +1210,7 @@ X509V3_set_nconf(&ctx, conf); if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) { BIO_printf(bio_err, - "Error checking CRL extension section %s\n", crl_ext); + "Error checking CRL extension section %s\n", crl_ext); ret = 1; goto end; } @@ -1188,20 +1229,19 @@ if (!crldays && !crlhours && !crlsec) { if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_DAYS, &crldays)) { + ENV_DEFAULT_CRL_DAYS, &crldays)) { ERR_clear_error(); crldays = 0; } if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_HOURS, &crlhours)) { + ENV_DEFAULT_CRL_HOURS, &crlhours)) { ERR_clear_error(); crlhours = 0; } } - if ((crl_nextupdate == NULL) && - (crldays == 0) && (crlhours == 0) && (crlsec == 0)) { + if ((crl_nextupdate == NULL) && (crldays == 0) && (crlhours == 0) && (crlsec == 0)) { BIO_printf(bio_err, - "cannot lookup how long until the next CRL is issued\n"); + "cannot lookup how long until the next CRL is issued\n"); goto end; } @@ -1219,7 +1259,7 @@ } if (!set_crl_nextupdate(crl, crl_nextupdate, - crldays, crlhours, crlsec)) { + crldays, crlhours, crlsec)) { BIO_puts(bio_err, "error setting CRL nextUpdate\n"); ret = 1; goto end; @@ -1268,7 +1308,7 @@ if (crl_ext != NULL) if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl)) { BIO_printf(bio_err, - "Error adding CRL extensions from section %s\n", crl_ext); + "Error adding CRL extensions from section %s\n", crl_ext); goto end; } if (crlnumberfile != NULL) { @@ -1289,7 +1329,7 @@ /* we have a CRL number that need updating */ if (crlnumberfile != NULL - && !save_serial(crlnumberfile, "new", crlnumber, NULL)) + && !save_serial(crlnumberfile, "new", crlnumber, NULL)) goto end; BN_free(crlnumber); @@ -1299,7 +1339,7 @@ goto end; Sout = bio_open_default(outfile, 'w', - output_der ? FORMAT_ASN1 : FORMAT_TEXT); + output_der ? FORMAT_ASN1 : FORMAT_TEXT); if (Sout == NULL) goto end; @@ -1307,9 +1347,8 @@ /* Rename the crlnumber file */ if (crlnumberfile != NULL - && !rotate_serial(crlnumberfile, "new", "old")) + && !rotate_serial(crlnumberfile, "new", "old")) goto end; - } /*****************************************************************/ if (dorevoke) { @@ -1320,7 +1359,7 @@ X509 *revcert; revcert = load_cert_pass(infile, informat, 1, passin, - "certificate to be revoked"); + "certificate to be revoked"); if (revcert == NULL) goto end; if (dorevoke == 2) @@ -1341,7 +1380,7 @@ } ret = 0; - end: +end: if (ret) ERR_print_errors(bio_err); BIO_free_all(Sout); @@ -1375,17 +1414,17 @@ } static int certify(X509 **xret, const char *infile, int informat, - EVP_PKEY *pkey, X509 *x509, - const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(OPENSSL_STRING) *vfyopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, - long days, int batch, const char *ext_sect, CONF *lconf, - int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign, unsigned long dateopt) + EVP_PKEY *pkey, X509 *x509, + const char *dgst, + STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(OPENSSL_STRING) *vfyopts, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, + long days, int batch, const char *ext_sect, CONF *lconf, + int verbose, unsigned long certopt, unsigned long nameopt, + int default_op, int ext_copy, int selfsign, unsigned long dateopt) { X509_REQ *req = NULL; EVP_PKEY *pktmp = NULL; @@ -1406,7 +1445,7 @@ if (selfsign && !X509_REQ_check_private_key(req, pkey)) { BIO_printf(bio_err, - "Certificate request and CA private key do not match\n"); + "Certificate request and CA private key do not match\n"); goto end; } i = do_X509_REQ_verify(req, pktmp, vfyopts); @@ -1416,33 +1455,33 @@ } if (i == 0) { BIO_printf(bio_err, - "Signature did not match the certificate request\n"); + "Signature did not match the certificate request\n"); goto end; } BIO_printf(bio_err, "Signature ok\n"); ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, - chtype, multirdn, email_dn, startdate, enddate, days, batch, - verbose, req, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, selfsign, dateopt); + chtype, multirdn, email_dn, startdate, enddate, days, batch, + verbose, req, ext_sect, lconf, certopt, nameopt, default_op, + ext_copy, selfsign, dateopt); - end: +end: ERR_print_errors(bio_err); X509_REQ_free(req); return ok; } static int certify_cert(X509 **xret, const char *infile, int certformat, - const char *passin, EVP_PKEY *pkey, X509 *x509, - const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(OPENSSL_STRING) *vfyopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, long days, int batch, const char *ext_sect, - CONF *lconf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt) + const char *passin, EVP_PKEY *pkey, X509 *x509, + const char *dgst, + STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(OPENSSL_STRING) *vfyopts, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, long days, int batch, const char *ext_sect, + CONF *lconf, int verbose, unsigned long certopt, + unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt) { X509 *template_cert = NULL; X509_REQ *rreq = NULL; @@ -1450,7 +1489,8 @@ int ok = -1, i; if ((template_cert = load_cert_pass(infile, certformat, 1, passin, - "template certificate")) == NULL) + "template certificate")) + == NULL) goto end; if (verbose) X509_print(bio_err, template_cert); @@ -1479,24 +1519,24 @@ goto end; ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, - chtype, multirdn, email_dn, startdate, enddate, days, batch, - verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, 0, dateopt); + chtype, multirdn, email_dn, startdate, enddate, days, batch, + verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op, + ext_copy, 0, dateopt); - end: +end: X509_REQ_free(rreq); X509_free(template_cert); return ok; } static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, - const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, - const char *subj, unsigned long chtype, int multirdn, - int email_dn, const char *startdate, const char *enddate, long days, - int batch, int verbose, X509_REQ *req, const char *ext_sect, - CONF *lconf, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign, unsigned long dateopt) + const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, + const char *subj, unsigned long chtype, int multirdn, + int email_dn, const char *startdate, const char *enddate, long days, + int batch, int verbose, X509_REQ *req, const char *ext_sect, + CONF *lconf, unsigned long certopt, unsigned long nameopt, + int default_op, int ext_copy, int selfsign, unsigned long dateopt) { const X509_NAME *name = NULL; X509_NAME *CAname = NULL, *subject = NULL; @@ -1558,16 +1598,14 @@ /* check some things */ if (nid == NID_pkcs9_emailAddress && str->type != V_ASN1_IA5STRING) { BIO_printf(bio_err, - "\nemailAddress type needs to be of type IA5STRING\n"); + "\nemailAddress type needs to be of type IA5STRING\n"); goto end; } if (str->type != V_ASN1_BMPSTRING && str->type != V_ASN1_UTF8STRING) { j = ASN1_PRINTABLE_type(str->data, str->length); - if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) || - (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING)) - { + if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) || (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING)) { BIO_printf(bio_err, - "\nThe string contains characters that are illegal for the ASN.1 type\n"); + "\nThe string contains characters that are illegal for the ASN.1 type\n"); goto end; } } @@ -1595,8 +1633,8 @@ cv = sk_CONF_VALUE_value(policy, i); /* get the object id */ if ((j = OBJ_txt2nid(cv->name)) == NID_undef) { BIO_printf(bio_err, - "%s:unknown object type in 'policy' configuration\n", - cv->name); + "%s:unknown object type in 'policy' configuration\n", + cv->name); goto end; } obj = OBJ_nid2obj(j); @@ -1623,8 +1661,8 @@ } else if (strcmp(cv->value, "supplied") == 0) { if (tne == NULL) { BIO_printf(bio_err, - "The %s field needed to be supplied and was missing\n", - cv->name); + "The %s field needed to be supplied and was missing\n", + cv->name); goto end; } else { push = tne; @@ -1634,19 +1672,20 @@ if (tne == NULL) { BIO_printf(bio_err, - "The mandatory %s field was missing\n", - cv->name); + "The mandatory %s field was missing\n", + cv->name); goto end; } last2 = -1; - again2: + again2: j = X509_NAME_get_index_by_OBJ(CAname, obj, last2); if ((j < 0) && (last2 == -1)) { BIO_printf(bio_err, - "The %s field does not exist in the CA certificate,\n" - "the 'policy' is misconfigured\n", cv->name); + "The %s field does not exist in the CA certificate,\n" + "the 'policy' is misconfigured\n", + cv->name); goto end; } if (j >= 0) { @@ -1659,17 +1698,17 @@ } if (j < 0) { BIO_printf(bio_err, - "The %s field is different between\n" - "CA certificate (%s) and the request (%s)\n", - cv->name, - ((str2 == NULL) ? "NULL" : (char *)str2->data), - ((str == NULL) ? "NULL" : (char *)str->data)); + "The %s field is different between\n" + "CA certificate (%s) and the request (%s)\n", + cv->name, + ((str2 == NULL) ? "NULL" : (char *)str2->data), + ((str == NULL) ? "NULL" : (char *)str->data)); goto end; } } else { BIO_printf(bio_err, - "%s:invalid type in 'policy' configuration\n", - cv->value); + "%s:invalid type in 'policy' configuration\n", + cv->value); goto end; } @@ -1695,7 +1734,7 @@ /* We are now totally happy, lets make and sign the certificate */ if (verbose) BIO_printf(bio_err, - "Everything appears to be ok, creating and signing the certificate\n"); + "Everything appears to be ok, creating and signing the certificate\n"); if ((ret = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) goto end; @@ -1731,7 +1770,7 @@ /* Initialize the context structure */ X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509, - ret, req, NULL, X509V3_CTX_REPLACE); + ret, req, NULL, X509V3_CTX_REPLACE); /* Lets add the extensions, if there are any */ if (ext_sect) { @@ -1745,27 +1784,27 @@ /* Adds exts contained in the configuration file */ if (!X509V3_EXT_add_nconf(extfile_conf, &ext_ctx, ext_sect, ret)) { BIO_printf(bio_err, - "Error adding certificate extensions from extfile section %s\n", - ext_sect); + "Error adding certificate extensions from extfile section %s\n", + ext_sect); goto end; } if (verbose) BIO_printf(bio_err, - "Successfully added extensions from file.\n"); + "Successfully added extensions from file.\n"); } else if (ext_sect) { /* We found extensions to be set from config file */ X509V3_set_nconf(&ext_ctx, lconf); if (!X509V3_EXT_add_nconf(lconf, &ext_ctx, ext_sect, ret)) { BIO_printf(bio_err, - "Error adding certificate extensions from config section %s\n", - ext_sect); + "Error adding certificate extensions from config section %s\n", + ext_sect); goto end; } if (verbose) BIO_printf(bio_err, - "Successfully added extensions from config\n"); + "Successfully added extensions from config\n"); } } @@ -1778,7 +1817,7 @@ if (verbose) BIO_printf(bio_err, - "The subject name appears to be ok, checking database for clashes\n"); + "The subject name appears to be ok, checking database for clashes\n"); /* Build the correct Subject if no e-mail is wanted in the subject. */ if (!email_dn) { @@ -1795,8 +1834,9 @@ } i = -1; while ((i = X509_NAME_get_index_by_NID(dn_subject, - NID_pkcs9_emailAddress, - i)) >= 0) { + NID_pkcs9_emailAddress, + i)) + >= 0) { tmpne = X509_NAME_delete_entry(dn_subject, i--); X509_NAME_ENTRY_free(tmpne); } @@ -1843,18 +1883,18 @@ rrow = TXT_DB_get_by_index(db->db, DB_name, crow); if (rrow != NULL) { BIO_printf(bio_err, - "ERROR:There is already a certificate for %s\n", - row[DB_name]); + "ERROR:There is already a certificate for %s\n", + row[DB_name]); } } if (rrow == NULL) { rrow = TXT_DB_get_by_index(db->db, DB_serial, row); if (rrow != NULL) { BIO_printf(bio_err, - "ERROR:Serial number %s has already been issued,\n", - row[DB_serial]); + "ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); BIO_printf(bio_err, - " check the database/serial_file for corruption\n"); + " check the database/serial_file for corruption\n"); } } @@ -1868,7 +1908,8 @@ p = "Valid"; else p = "\ninvalid type, Database error\n"; - BIO_printf(bio_err, "Type :%s\n", p);; + BIO_printf(bio_err, "Type :%s\n", p); + ; if (rrow[DB_type][0] == DB_TYPE_REV) { p = rrow[DB_exp_date]; if (p == NULL) @@ -1891,7 +1932,7 @@ if (p == NULL) p = "undef"; BIO_printf(bio_err, "Subject Name :%s\n", p); - ok = -1; /* This is now a 'bad' error. */ + ok = -1; /* This is now a 'bad' error. */ goto end; } @@ -1917,7 +1958,7 @@ buf[0] = '\0'; if (fgets(buf, sizeof(buf), stdin) == NULL) { BIO_printf(bio_err, - "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); + "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); ok = 0; goto end; } @@ -1929,8 +1970,7 @@ } pktmp = X509_get0_pubkey(ret); - if (EVP_PKEY_missing_parameters(pktmp) && - !EVP_PKEY_missing_parameters(pkey)) + if (EVP_PKEY_missing_parameters(pktmp) && !EVP_PKEY_missing_parameters(pkey)) EVP_PKEY_copy_parameters(pktmp, pkey); if (!do_X509_sign(ret, pkey, dgst, sigopts, &ext_ctx)) @@ -1962,7 +2002,7 @@ } irow = NULL; ok = 1; - end: +end: if (ok != 1) { for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); @@ -1991,14 +2031,14 @@ } static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, - X509 *x509, const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, long days, const char *ext_sect, - CONF *lconf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt) + X509 *x509, const char *dgst, + STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, + BIGNUM *serial, const char *subj, unsigned long chtype, + int multirdn, int email_dn, const char *startdate, + const char *enddate, long days, const char *ext_sect, + CONF *lconf, int verbose, unsigned long certopt, + unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt) { STACK_OF(CONF_VALUE) *sk = NULL; LHASH_OF(CONF_VALUE) *parms = NULL; @@ -2069,7 +2109,7 @@ spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); if (spki == NULL) { BIO_printf(bio_err, - "unable to load Netscape SPKAC structure\n"); + "unable to load Netscape SPKAC structure\n"); goto end; } } @@ -2077,12 +2117,12 @@ } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - (unsigned char *)buf, -1, -1, 0)) + (unsigned char *)buf, -1, -1, 0)) goto end; } if (spki == NULL) { BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n", - infile); + infile); goto end; } @@ -2101,7 +2141,7 @@ if (j <= 0) { EVP_PKEY_free(pktmp); BIO_printf(bio_err, - "signature verification failed on SPKAC public key\n"); + "signature verification failed on SPKAC public key\n"); goto end; } BIO_printf(bio_err, "Signature ok\n"); @@ -2109,10 +2149,10 @@ X509_REQ_set_pubkey(req, pktmp); EVP_PKEY_free(pktmp); ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, - chtype, multirdn, email_dn, startdate, enddate, days, 1, - verbose, req, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, 0, dateopt); - end: + chtype, multirdn, email_dn, startdate, enddate, days, 1, + verbose, req, ext_sect, lconf, certopt, nameopt, default_op, + ext_copy, 0, dateopt); +end: X509_REQ_free(req); CONF_free(parms); NETSCAPE_SPKI_free(spki); @@ -2127,7 +2167,7 @@ } static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type, - const char *value) + const char *value) { const ASN1_TIME *tm = NULL; char *row[DB_NUMBER], **rrow, **irow; @@ -2162,8 +2202,8 @@ rrow = TXT_DB_get_by_index(db->db, DB_serial, row); if (rrow == NULL) { BIO_printf(bio_err, - "Adding Entry with serial number %s to DB for %s\n", - row[DB_serial], row[DB_name]); + "Adding Entry with serial number %s to DB for %s\n", + row[DB_serial], row[DB_name]); /* We now just add it to the database as DB_TYPE_REV('V') */ row[DB_type] = OPENSSL_strdup("V"); @@ -2208,11 +2248,11 @@ goto end; } else if (rev_type == REV_VALID) { BIO_printf(bio_err, "ERROR:Already present, serial number %s\n", - row[DB_serial]); + row[DB_serial]); goto end; } else if (rrow[DB_type][0] == DB_TYPE_REV) { BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n", - row[DB_serial]); + row[DB_serial]); goto end; } else { BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]); @@ -2226,7 +2266,7 @@ rrow[DB_rev_date] = rev_str; } ok = 1; - end: +end: for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); return ok; @@ -2273,26 +2313,26 @@ goto end; } else if (rrow[DB_type][0] == DB_TYPE_VAL) { BIO_printf(bio_err, "%s=Valid (%c)\n", - row[DB_serial], rrow[DB_type][0]); + row[DB_serial], rrow[DB_type][0]); goto end; } else if (rrow[DB_type][0] == DB_TYPE_REV) { BIO_printf(bio_err, "%s=Revoked (%c)\n", - row[DB_serial], rrow[DB_type][0]); + row[DB_serial], rrow[DB_type][0]); goto end; } else if (rrow[DB_type][0] == DB_TYPE_EXP) { BIO_printf(bio_err, "%s=Expired (%c)\n", - row[DB_serial], rrow[DB_type][0]); + row[DB_serial], rrow[DB_type][0]); goto end; } else if (rrow[DB_type][0] == DB_TYPE_SUSP) { BIO_printf(bio_err, "%s=Suspended (%c)\n", - row[DB_serial], rrow[DB_type][0]); + row[DB_serial], rrow[DB_type][0]); goto end; } else { BIO_printf(bio_err, "%s=Unknown (%c).\n", - row[DB_serial], rrow[DB_type][0]); + row[DB_serial], rrow[DB_type][0]); ok = -1; } - end: +end: for (i = 0; i < DB_NUMBER; i++) { OPENSSL_free(row[i]); } @@ -2419,8 +2459,8 @@ /* Argument is the key compromise time */ if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) { BIO_printf(bio_err, - "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", - rev_arg); + "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", + rev_arg); return NULL; } other = rev_arg; @@ -2494,13 +2534,11 @@ } if (rev && comp_time) { - if (X509_REVOKED_add1_ext_i2d - (rev, NID_invalidity_date, comp_time, 0, 0) <= 0) + if (X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0) <= 0) goto end; } if (rev && hold) { - if (X509_REVOKED_add1_ext_i2d - (rev, NID_hold_instruction_code, hold, 0, 0) <= 0) + if (X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0) <= 0) goto end; } @@ -2509,7 +2547,7 @@ else ret = 1; - end: +end: OPENSSL_free(tmp); ASN1_OBJECT_free(hold); @@ -2562,7 +2600,7 @@ } int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - ASN1_GENERALIZEDTIME **pinvtm, const char *str) + ASN1_GENERALIZEDTIME **pinvtm, const char *str) { char *tmp; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; @@ -2664,7 +2702,7 @@ ret = 1; - end: +end: OPENSSL_free(tmp); ASN1_GENERALIZEDTIME_free(comp_time); --- crypto/openssl/apps/ciphers.c.orig +++ crypto/openssl/apps/ciphers.c @@ -28,58 +28,61 @@ OPT_PSK, OPT_SRP, OPT_CIPHERSUITES, - OPT_V, OPT_UPPER_V, OPT_S, OPT_PROV_ENUM + OPT_V, + OPT_UPPER_V, + OPT_S, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS ciphers_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Output"), - {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, - {"V", OPT_UPPER_V, '-', "Even more verbose"}, - {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, - {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, + { "v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers" }, + { "V", OPT_UPPER_V, '-', "Even more verbose" }, + { "stdname", OPT_STDNAME, '-', "Show standard cipher names" }, + { "convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name" }, OPT_SECTION("Cipher specification"), - {"s", OPT_S, '-', "Only supported ciphers"}, + { "s", OPT_S, '-', "Only supported ciphers" }, #ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3"}, + { "ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3" }, #endif #ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1"}, + { "tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1" }, #endif #ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1"}, + { "tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1" }, #endif #ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2"}, + { "tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2" }, #endif #ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3"}, + { "tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3" }, #endif #ifndef OPENSSL_NO_PSK - {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"}, + { "psk", OPT_PSK, '-', "Include ciphersuites requiring PSK" }, #endif #ifndef OPENSSL_NO_SRP - {"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"}, + { "srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP" }, #endif - {"ciphersuites", OPT_CIPHERSUITES, 's', - "Configure the TLSv1.3 ciphersuites to use"}, + { "ciphersuites", OPT_CIPHERSUITES, 's', + "Configure the TLSv1.3 ciphersuites to use" }, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"cipher", 0, 0, "Cipher string to decode (optional)"}, - {NULL} + { "cipher", 0, 0, "Cipher string to decode (optional)" }, + { NULL } }; #ifndef OPENSSL_NO_PSK static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len) + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len) { return 0; } @@ -110,7 +113,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -182,7 +185,7 @@ if (convert != NULL) { BIO_printf(bio_out, "OpenSSL cipher name: %s\n", - OPENSSL_cipher_name(convert)); + OPENSSL_cipher_name(convert)); ret = 0; goto end; } @@ -274,9 +277,9 @@ ret = 0; goto end; - err: +err: ERR_print_errors(bio_err); - end: +end: if (use_supported) sk_SSL_CIPHER_free(sk); SSL_CTX_free(ctx); --- crypto/openssl/apps/cmp.c.orig +++ crypto/openssl/apps/cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -23,10 +23,10 @@ /* tweaks needed due to missing unistd.h on Windows */ #if defined(_WIN32) && !defined(__BORLANDC__) -# define access _access +#define access _access #endif #ifndef F_OK -# define F_OK 0 +#define F_OK 0 #endif #include @@ -197,36 +197,69 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_CONFIG, OPT_SECTION, OPT_VERBOSITY, - - OPT_CMD, OPT_INFOTYPE, OPT_GENINFO, - - OPT_NEWKEY, OPT_NEWKEYPASS, OPT_SUBJECT, OPT_ISSUER, - OPT_DAYS, OPT_REQEXTS, - OPT_SANS, OPT_SAN_NODEFAULT, - OPT_POLICIES, OPT_POLICY_OIDS, OPT_POLICY_OIDS_CRITICAL, - OPT_POPO, OPT_CSR, - OPT_OUT_TRUSTED, OPT_IMPLICIT_CONFIRM, OPT_DISABLE_CONFIRM, - OPT_CERTOUT, OPT_CHAINOUT, - - OPT_OLDCERT, OPT_REVREASON, + OPT_CONFIG, + OPT_SECTION, + OPT_VERBOSITY, + + OPT_CMD, + OPT_INFOTYPE, + OPT_GENINFO, + + OPT_NEWKEY, + OPT_NEWKEYPASS, + OPT_SUBJECT, + OPT_ISSUER, + OPT_DAYS, + OPT_REQEXTS, + OPT_SANS, + OPT_SAN_NODEFAULT, + OPT_POLICIES, + OPT_POLICY_OIDS, + OPT_POLICY_OIDS_CRITICAL, + OPT_POPO, + OPT_CSR, + OPT_OUT_TRUSTED, + OPT_IMPLICIT_CONFIRM, + OPT_DISABLE_CONFIRM, + OPT_CERTOUT, + OPT_CHAINOUT, + + OPT_OLDCERT, + OPT_REVREASON, #ifndef OPENSSL_NO_SOCK - OPT_SERVER, OPT_PROXY, OPT_NO_PROXY, + OPT_SERVER, + OPT_PROXY, + OPT_NO_PROXY, #endif - OPT_RECIPIENT, OPT_PATH, - OPT_KEEP_ALIVE, OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT, - - OPT_TRUSTED, OPT_UNTRUSTED, OPT_SRVCERT, + OPT_RECIPIENT, + OPT_PATH, + OPT_KEEP_ALIVE, + OPT_MSG_TIMEOUT, + OPT_TOTAL_TIMEOUT, + + OPT_TRUSTED, + OPT_UNTRUSTED, + OPT_SRVCERT, OPT_EXPECT_SENDER, - OPT_IGNORE_KEYUSAGE, OPT_UNPROTECTED_ERRORS, - OPT_EXTRACERTSOUT, OPT_CACERTSOUT, - - OPT_REF, OPT_SECRET, OPT_CERT, OPT_OWN_TRUSTED, OPT_KEY, OPT_KEYPASS, - OPT_DIGEST, OPT_MAC, OPT_EXTRACERTS, + OPT_IGNORE_KEYUSAGE, + OPT_UNPROTECTED_ERRORS, + OPT_EXTRACERTSOUT, + OPT_CACERTSOUT, + + OPT_REF, + OPT_SECRET, + OPT_CERT, + OPT_OWN_TRUSTED, + OPT_KEY, + OPT_KEYPASS, + OPT_DIGEST, + OPT_MAC, + OPT_EXTRACERTS, OPT_UNPROTECTED_REQUESTS, - OPT_CERTFORM, OPT_KEYFORM, + OPT_CERTFORM, + OPT_KEYFORM, OPT_OTHERPASS, #ifndef OPENSSL_NO_ENGINE OPT_ENGINE, @@ -235,313 +268,335 @@ OPT_R_ENUM, #ifndef OPENSSL_NO_SOCK - OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY, + OPT_TLS_USED, + OPT_TLS_CERT, + OPT_TLS_KEY, OPT_TLS_KEYPASS, - OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST, + OPT_TLS_EXTRA, + OPT_TLS_TRUSTED, + OPT_TLS_HOST, #endif - OPT_BATCH, OPT_REPEAT, - OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT, + OPT_BATCH, + OPT_REPEAT, + OPT_REQIN, + OPT_REQIN_NEW_TID, + OPT_REQOUT, + OPT_RSPIN, + OPT_RSPOUT, OPT_USE_MOCK_SRV, #ifndef OPENSSL_NO_SOCK - OPT_PORT, OPT_MAX_MSGS, + OPT_PORT, + OPT_MAX_MSGS, #endif - OPT_SRV_REF, OPT_SRV_SECRET, - OPT_SRV_CERT, OPT_SRV_KEY, OPT_SRV_KEYPASS, - OPT_SRV_TRUSTED, OPT_SRV_UNTRUSTED, - OPT_RSP_CERT, OPT_RSP_EXTRACERTS, OPT_RSP_CAPUBS, - OPT_POLL_COUNT, OPT_CHECK_AFTER, + OPT_SRV_REF, + OPT_SRV_SECRET, + OPT_SRV_CERT, + OPT_SRV_KEY, + OPT_SRV_KEYPASS, + OPT_SRV_TRUSTED, + OPT_SRV_UNTRUSTED, + OPT_RSP_CERT, + OPT_RSP_EXTRACERTS, + OPT_RSP_CAPUBS, + OPT_POLL_COUNT, + OPT_CHECK_AFTER, OPT_GRANT_IMPLICITCONF, - OPT_PKISTATUS, OPT_FAILURE, - OPT_FAILUREBITS, OPT_STATUSSTRING, - OPT_SEND_ERROR, OPT_SEND_UNPROTECTED, - OPT_SEND_UNPROT_ERR, OPT_ACCEPT_UNPROTECTED, - OPT_ACCEPT_UNPROT_ERR, OPT_ACCEPT_RAVERIFIED, + OPT_PKISTATUS, + OPT_FAILURE, + OPT_FAILUREBITS, + OPT_STATUSSTRING, + OPT_SEND_ERROR, + OPT_SEND_UNPROTECTED, + OPT_SEND_UNPROT_ERR, + OPT_ACCEPT_UNPROTECTED, + OPT_ACCEPT_UNPROT_ERR, + OPT_ACCEPT_RAVERIFIED, OPT_V_ENUM } OPTION_CHOICE; const OPTIONS cmp_options[] = { /* entries must be in the same order as enumerated above!! */ - {"help", OPT_HELP, '-', "Display this summary"}, - {"config", OPT_CONFIG, 's', - "Configuration file to use. \"\" = none. Default from env variable OPENSSL_CONF"}, - {"section", OPT_SECTION, 's', - "Section(s) in config file to get options from. \"\" = 'default'. Default 'cmp'"}, - {"verbosity", OPT_VERBOSITY, 'N', - "Log level; 3=ERR, 4=WARN, 6=INFO, 7=DEBUG, 8=TRACE. Default 6 = INFO"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "config", OPT_CONFIG, 's', + "Configuration file to use. \"\" = none. Default from env variable OPENSSL_CONF" }, + { "section", OPT_SECTION, 's', + "Section(s) in config file to get options from. \"\" = 'default'. Default 'cmp'" }, + { "verbosity", OPT_VERBOSITY, 'N', + "Log level; 3=ERR, 4=WARN, 6=INFO, 7=DEBUG, 8=TRACE. Default 6 = INFO" }, OPT_SECTION("Generic message"), - {"cmd", OPT_CMD, 's', "CMP request to send: ir/cr/kur/p10cr/rr/genm"}, - {"infotype", OPT_INFOTYPE, 's', - "InfoType name for requesting specific info in genm, e.g. 'signKeyPairTypes'"}, - {"geninfo", OPT_GENINFO, 's', - "generalInfo integer values to place in request PKIHeader with given OID"}, - {OPT_MORE_STR, 0, 0, - "specified in the form :int:, e.g. \"1.2.3.4:int:56789\""}, + { "cmd", OPT_CMD, 's', "CMP request to send: ir/cr/kur/p10cr/rr/genm" }, + { "infotype", OPT_INFOTYPE, 's', + "InfoType name for requesting specific info in genm, e.g. 'signKeyPairTypes'" }, + { "geninfo", OPT_GENINFO, 's', + "generalInfo integer values to place in request PKIHeader with given OID" }, + { OPT_MORE_STR, 0, 0, + "specified in the form :int:, e.g. \"1.2.3.4:int:56789\"" }, OPT_SECTION("Certificate enrollment"), - {"newkey", OPT_NEWKEY, 's', - "Private or public key for the requested cert. Default: CSR key or client key"}, - {"newkeypass", OPT_NEWKEYPASS, 's', "New private key pass phrase source"}, - {"subject", OPT_SUBJECT, 's', - "Distinguished Name (DN) of subject to use in the requested cert template"}, - {OPT_MORE_STR, 0, 0, - "For kur, default is subject of -csr arg or reference cert (see -oldcert)"}, - {OPT_MORE_STR, 0, 0, - "this default is used for ir and cr only if no Subject Alt Names are set"}, - {"issuer", OPT_ISSUER, 's', - "DN of the issuer to place in the requested certificate template"}, - {OPT_MORE_STR, 0, 0, - "also used as recipient if neither -recipient nor -srvcert are given"}, - {"days", OPT_DAYS, 'N', - "Requested validity time of the new certificate in number of days"}, - {"reqexts", OPT_REQEXTS, 's', - "Name of config file section defining certificate request extensions."}, - {OPT_MORE_STR, 0, 0, - "Augments or replaces any extensions contained CSR given with -csr"}, - {"sans", OPT_SANS, 's', - "Subject Alt Names (IPADDR/DNS/URI) to add as (critical) cert req extension"}, - {"san_nodefault", OPT_SAN_NODEFAULT, '-', - "Do not take default SANs from reference certificate (see -oldcert)"}, - {"policies", OPT_POLICIES, 's', - "Name of config file section defining policies certificate request extension"}, - {"policy_oids", OPT_POLICY_OIDS, 's', - "Policy OID(s) to add as policies certificate request extension"}, - {"policy_oids_critical", OPT_POLICY_OIDS_CRITICAL, '-', - "Flag the policy OID(s) given with -policy_oids as critical"}, - {"popo", OPT_POPO, 'n', - "Proof-of-Possession (POPO) method to use for ir/cr/kur where"}, - {OPT_MORE_STR, 0, 0, - "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC"}, - {"csr", OPT_CSR, 's', - "PKCS#10 CSR file in PEM or DER format to convert or to use in p10cr"}, - {"out_trusted", OPT_OUT_TRUSTED, 's', - "Certificates to trust when verifying newly enrolled certificates"}, - {"implicit_confirm", OPT_IMPLICIT_CONFIRM, '-', - "Request implicit confirmation of newly enrolled certificates"}, - {"disable_confirm", OPT_DISABLE_CONFIRM, '-', - "Do not confirm newly enrolled certificate w/o requesting implicit"}, - {OPT_MORE_STR, 0, 0, - "confirmation. WARNING: This leads to behavior violating RFC 4210"}, - {"certout", OPT_CERTOUT, 's', - "File to save newly enrolled certificate"}, - {"chainout", OPT_CHAINOUT, 's', - "File to save the chain of newly enrolled certificate"}, + { "newkey", OPT_NEWKEY, 's', + "Private or public key for the requested cert. Default: CSR key or client key" }, + { "newkeypass", OPT_NEWKEYPASS, 's', "New private key pass phrase source" }, + { "subject", OPT_SUBJECT, 's', + "Distinguished Name (DN) of subject to use in the requested cert template" }, + { OPT_MORE_STR, 0, 0, + "For kur, default is subject of -csr arg or reference cert (see -oldcert)" }, + { OPT_MORE_STR, 0, 0, + "this default is used for ir and cr only if no Subject Alt Names are set" }, + { "issuer", OPT_ISSUER, 's', + "DN of the issuer to place in the requested certificate template" }, + { OPT_MORE_STR, 0, 0, + "also used as recipient if neither -recipient nor -srvcert are given" }, + { "days", OPT_DAYS, 'N', + "Requested validity time of the new certificate in number of days" }, + { "reqexts", OPT_REQEXTS, 's', + "Name of config file section defining certificate request extensions." }, + { OPT_MORE_STR, 0, 0, + "Augments or replaces any extensions contained CSR given with -csr" }, + { "sans", OPT_SANS, 's', + "Subject Alt Names (IPADDR/DNS/URI) to add as (critical) cert req extension" }, + { "san_nodefault", OPT_SAN_NODEFAULT, '-', + "Do not take default SANs from reference certificate (see -oldcert)" }, + { "policies", OPT_POLICIES, 's', + "Name of config file section defining policies certificate request extension" }, + { "policy_oids", OPT_POLICY_OIDS, 's', + "Policy OID(s) to add as policies certificate request extension" }, + { "policy_oids_critical", OPT_POLICY_OIDS_CRITICAL, '-', + "Flag the policy OID(s) given with -policy_oids as critical" }, + { "popo", OPT_POPO, 'n', + "Proof-of-Possession (POPO) method to use for ir/cr/kur where" }, + { OPT_MORE_STR, 0, 0, + "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC" }, + { "csr", OPT_CSR, 's', + "PKCS#10 CSR file in PEM or DER format to convert or to use in p10cr" }, + { "out_trusted", OPT_OUT_TRUSTED, 's', + "Certificates to trust when verifying newly enrolled certificates" }, + { "implicit_confirm", OPT_IMPLICIT_CONFIRM, '-', + "Request implicit confirmation of newly enrolled certificates" }, + { "disable_confirm", OPT_DISABLE_CONFIRM, '-', + "Do not confirm newly enrolled certificate w/o requesting implicit" }, + { OPT_MORE_STR, 0, 0, + "confirmation. WARNING: This leads to behavior violating RFC 4210" }, + { "certout", OPT_CERTOUT, 's', + "File to save newly enrolled certificate" }, + { "chainout", OPT_CHAINOUT, 's', + "File to save the chain of newly enrolled certificate" }, OPT_SECTION("Certificate enrollment and revocation"), - {"oldcert", OPT_OLDCERT, 's', - "Certificate to be updated (defaulting to -cert) or to be revoked in rr;"}, - {OPT_MORE_STR, 0, 0, - "also used as reference (defaulting to -cert) for subject DN and SANs."}, - {OPT_MORE_STR, 0, 0, - "Issuer is used as recipient unless -recipient, -srvcert, or -issuer given"}, - {"revreason", OPT_REVREASON, 'n', - "Reason code to include in revocation request (rr); possible values:"}, - {OPT_MORE_STR, 0, 0, - "0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"}, + { "oldcert", OPT_OLDCERT, 's', + "Certificate to be updated (defaulting to -cert) or to be revoked in rr;" }, + { OPT_MORE_STR, 0, 0, + "also used as reference (defaulting to -cert) for subject DN and SANs." }, + { OPT_MORE_STR, 0, 0, + "Issuer is used as recipient unless -recipient, -srvcert, or -issuer given" }, + { "revreason", OPT_REVREASON, 'n', + "Reason code to include in revocation request (rr); possible values:" }, + { OPT_MORE_STR, 0, 0, + "0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included" }, OPT_SECTION("Message transfer"), #ifdef OPENSSL_NO_SOCK - {OPT_MORE_STR, 0, 0, - "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"}, + { OPT_MORE_STR, 0, 0, + "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build" }, #else - {"server", OPT_SERVER, 's', - "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."}, - {OPT_MORE_STR, 0, 0, - "address may be a DNS name or an IP address; path can be overridden by -path"}, - {"proxy", OPT_PROXY, 's', - "[http[s]://]address[:port][/path] of HTTP(S) proxy to use; path is ignored"}, - {"no_proxy", OPT_NO_PROXY, 's', - "List of addresses of servers not to use HTTP(S) proxy for"}, - {OPT_MORE_STR, 0, 0, - "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, + { "server", OPT_SERVER, 's', + "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443." }, + { OPT_MORE_STR, 0, 0, + "address may be a DNS name or an IP address; path can be overridden by -path" }, + { "proxy", OPT_PROXY, 's', + "[http[s]://]address[:port][/path] of HTTP(S) proxy to use; path is ignored" }, + { "no_proxy", OPT_NO_PROXY, 's', + "List of addresses of servers not to use HTTP(S) proxy for" }, + { OPT_MORE_STR, 0, 0, + "Default from environment variable 'no_proxy', else 'NO_PROXY', else none" }, #endif - {"recipient", OPT_RECIPIENT, 's', - "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"}, - {"path", OPT_PATH, 's', - "HTTP path (aka CMP alias) at the CMP server. Default from -server, else \"/\""}, - {"keep_alive", OPT_KEEP_ALIVE, 'N', - "Persistent HTTP connections. 0: no, 1 (the default): request, 2: require"}, - {"msg_timeout", OPT_MSG_TIMEOUT, 'N', - "Number of seconds allowed per CMP message round trip, or 0 for infinite"}, - {"total_timeout", OPT_TOTAL_TIMEOUT, 'N', - "Overall time an enrollment incl. polling may take. Default 0 = infinite"}, + { "recipient", OPT_RECIPIENT, 's', + "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert" }, + { "path", OPT_PATH, 's', + "HTTP path (aka CMP alias) at the CMP server. Default from -server, else \"/\"" }, + { "keep_alive", OPT_KEEP_ALIVE, 'N', + "Persistent HTTP connections. 0: no, 1 (the default): request, 2: require" }, + { "msg_timeout", OPT_MSG_TIMEOUT, 'N', + "Number of seconds allowed per CMP message round trip, or 0 for infinite" }, + { "total_timeout", OPT_TOTAL_TIMEOUT, 'N', + "Overall time an enrollment incl. polling may take. Default 0 = infinite" }, OPT_SECTION("Server authentication"), - {"trusted", OPT_TRUSTED, 's', - "Certificates to use as trust anchors when verifying signed CMP responses"}, - {OPT_MORE_STR, 0, 0, "unless -srvcert is given"}, - {"untrusted", OPT_UNTRUSTED, 's', - "Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"}, - {"srvcert", OPT_SRVCERT, 's', - "Server cert to pin and trust directly when verifying signed CMP responses"}, - {"expect_sender", OPT_EXPECT_SENDER, 's', - "DN of expected sender of responses. Defaults to subject of -srvcert, if any"}, - {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', - "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed"}, - {"unprotected_errors", OPT_UNPROTECTED_ERRORS, '-', - "Accept missing or invalid protection of regular error messages and negative"}, - {OPT_MORE_STR, 0, 0, - "certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf"}, - {OPT_MORE_STR, 0, 0, - "WARNING: This setting leads to behavior allowing violation of RFC 4210"}, - {"extracertsout", OPT_EXTRACERTSOUT, 's', - "File to save extra certificates received in the extraCerts field"}, - {"cacertsout", OPT_CACERTSOUT, 's', - "File to save CA certificates received in the caPubs field of 'ip' messages"}, + { "trusted", OPT_TRUSTED, 's', + "Certificates to use as trust anchors when verifying signed CMP responses" }, + { OPT_MORE_STR, 0, 0, "unless -srvcert is given" }, + { "untrusted", OPT_UNTRUSTED, 's', + "Intermediate CA certs for chain construction for CMP/TLS/enrolled certs" }, + { "srvcert", OPT_SRVCERT, 's', + "Server cert to pin and trust directly when verifying signed CMP responses" }, + { "expect_sender", OPT_EXPECT_SENDER, 's', + "DN of expected sender of responses. Defaults to subject of -srvcert, if any" }, + { "ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', + "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed" }, + { "unprotected_errors", OPT_UNPROTECTED_ERRORS, '-', + "Accept missing or invalid protection of regular error messages and negative" }, + { OPT_MORE_STR, 0, 0, + "certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf" }, + { OPT_MORE_STR, 0, 0, + "WARNING: This setting leads to behavior allowing violation of RFC 4210" }, + { "extracertsout", OPT_EXTRACERTSOUT, 's', + "File to save extra certificates received in the extraCerts field" }, + { "cacertsout", OPT_CACERTSOUT, 's', + "File to save CA certificates received in the caPubs field of 'ip' messages" }, OPT_SECTION("Client authentication"), - {"ref", OPT_REF, 's', - "Reference value to use as senderKID in case no -cert is given"}, - {"secret", OPT_SECRET, 's', - "Prefer PBM (over signatures) for protecting msgs with given password source"}, - {"cert", OPT_CERT, 's', - "Client's CMP signer certificate; its public key must match the -key argument"}, - {OPT_MORE_STR, 0, 0, - "This also used as default reference for subject DN and SANs."}, - {OPT_MORE_STR, 0, 0, - "Any further certs included are appended to the untrusted certs"}, - {"own_trusted", OPT_OWN_TRUSTED, 's', - "Optional certs to verify chain building for own CMP signer cert"}, - {"key", OPT_KEY, 's', "CMP signer private key, not used when -secret given"}, - {"keypass", OPT_KEYPASS, 's', - "Client private key (and cert and old cert) pass phrase source"}, - {"digest", OPT_DIGEST, 's', - "Digest to use in message protection and POPO signatures. Default \"sha256\""}, - {"mac", OPT_MAC, 's', - "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\""}, - {"extracerts", OPT_EXTRACERTS, 's', - "Certificates to append in extraCerts field of outgoing messages."}, - {OPT_MORE_STR, 0, 0, - "This can be used as the default CMP signer cert chain to include"}, - {"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-', - "Send request messages without CMP-level protection"}, + { "ref", OPT_REF, 's', + "Reference value to use as senderKID in case no -cert is given" }, + { "secret", OPT_SECRET, 's', + "Prefer PBM (over signatures) for protecting msgs with given password source" }, + { "cert", OPT_CERT, 's', + "Client's CMP signer certificate; its public key must match the -key argument" }, + { OPT_MORE_STR, 0, 0, + "This also used as default reference for subject DN and SANs." }, + { OPT_MORE_STR, 0, 0, + "Any further certs included are appended to the untrusted certs" }, + { "own_trusted", OPT_OWN_TRUSTED, 's', + "Optional certs to verify chain building for own CMP signer cert" }, + { "key", OPT_KEY, 's', "CMP signer private key, not used when -secret given" }, + { "keypass", OPT_KEYPASS, 's', + "Client private key (and cert and old cert) pass phrase source" }, + { "digest", OPT_DIGEST, 's', + "Digest to use in message protection and POPO signatures. Default \"sha256\"" }, + { "mac", OPT_MAC, 's', + "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\"" }, + { "extracerts", OPT_EXTRACERTS, 's', + "Certificates to append in extraCerts field of outgoing messages." }, + { OPT_MORE_STR, 0, 0, + "This can be used as the default CMP signer cert chain to include" }, + { "unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-', + "Send request messages without CMP-level protection" }, OPT_SECTION("Credentials format"), - {"certform", OPT_CERTFORM, 's', - "Format (PEM or DER) to use when saving a certificate to a file. Default PEM"}, - {"keyform", OPT_KEYFORM, 's', - "Format of the key input (ENGINE, other values ignored)"}, - {"otherpass", OPT_OTHERPASS, 's', - "Pass phrase source potentially needed for loading certificates of others"}, + { "certform", OPT_CERTFORM, 's', + "Format (PEM or DER) to use when saving a certificate to a file. Default PEM" }, + { "keyform", OPT_KEYFORM, 's', + "Format of the key input (ENGINE, other values ignored)" }, + { "otherpass", OPT_OTHERPASS, 's', + "Pass phrase source potentially needed for loading certificates of others" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', - "Use crypto engine with given identifier, possibly a hardware device."}, - {OPT_MORE_STR, 0, 0, - "Engines may also be defined in OpenSSL config file engine section."}, + { "engine", OPT_ENGINE, 's', + "Use crypto engine with given identifier, possibly a hardware device." }, + { OPT_MORE_STR, 0, 0, + "Engines may also be defined in OpenSSL config file engine section." }, #endif OPT_PROV_OPTIONS, OPT_R_OPTIONS, OPT_SECTION("TLS connection"), #ifdef OPENSSL_NO_SOCK - {OPT_MORE_STR, 0, 0, - "NOTE: -tls_used and all other TLS options not supported due to no-sock build"}, + { OPT_MORE_STR, 0, 0, + "NOTE: -tls_used and all other TLS options not supported due to no-sock build" }, #else - {"tls_used", OPT_TLS_USED, '-', - "Enable using TLS (also when other TLS options are not set)"}, - {"tls_cert", OPT_TLS_CERT, 's', - "Client's TLS certificate. May include chain to be provided to TLS server"}, - {"tls_key", OPT_TLS_KEY, 's', - "Private key for the client's TLS certificate"}, - {"tls_keypass", OPT_TLS_KEYPASS, 's', - "Pass phrase source for the client's private TLS key (and TLS cert)"}, - {"tls_extra", OPT_TLS_EXTRA, 's', - "Extra certificates to provide to TLS server during TLS handshake"}, - {"tls_trusted", OPT_TLS_TRUSTED, 's', - "Trusted certificates to use for verifying the TLS server certificate;"}, - {OPT_MORE_STR, 0, 0, "this implies host name validation"}, - {"tls_host", OPT_TLS_HOST, 's', - "Address to be checked (rather than -server) during TLS host name validation"}, + { "tls_used", OPT_TLS_USED, '-', + "Enable using TLS (also when other TLS options are not set)" }, + { "tls_cert", OPT_TLS_CERT, 's', + "Client's TLS certificate. May include chain to be provided to TLS server" }, + { "tls_key", OPT_TLS_KEY, 's', + "Private key for the client's TLS certificate" }, + { "tls_keypass", OPT_TLS_KEYPASS, 's', + "Pass phrase source for the client's private TLS key (and TLS cert)" }, + { "tls_extra", OPT_TLS_EXTRA, 's', + "Extra certificates to provide to TLS server during TLS handshake" }, + { "tls_trusted", OPT_TLS_TRUSTED, 's', + "Trusted certificates to use for verifying the TLS server certificate;" }, + { OPT_MORE_STR, 0, 0, "this implies host name validation" }, + { "tls_host", OPT_TLS_HOST, 's', + "Address to be checked (rather than -server) during TLS host name validation" }, #endif OPT_SECTION("Client-side debugging"), - {"batch", OPT_BATCH, '-', - "Do not interactively prompt for input when a password is required etc."}, - {"repeat", OPT_REPEAT, 'p', - "Invoke the transaction the given positive number of times. Default 1"}, - {"reqin", OPT_REQIN, 's', - "Take sequence of CMP requests to send to server from file(s)"}, - {"reqin_new_tid", OPT_REQIN_NEW_TID, '-', - "Use fresh transactionID for CMP requests read from -reqin"}, - {"reqout", OPT_REQOUT, 's', - "Save sequence of CMP requests created by the client to file(s)"}, - {"rspin", OPT_RSPIN, 's', - "Process sequence of CMP responses provided in file(s), skipping server"}, - {"rspout", OPT_RSPOUT, 's', - "Save sequence of actually used CMP responses to file(s)"}, - - {"use_mock_srv", OPT_USE_MOCK_SRV, '-', - "Use internal mock server at API level, bypassing socket-based HTTP"}, + { "batch", OPT_BATCH, '-', + "Do not interactively prompt for input when a password is required etc." }, + { "repeat", OPT_REPEAT, 'p', + "Invoke the transaction the given positive number of times. Default 1" }, + { "reqin", OPT_REQIN, 's', + "Take sequence of CMP requests to send to server from file(s)" }, + { "reqin_new_tid", OPT_REQIN_NEW_TID, '-', + "Use fresh transactionID for CMP requests read from -reqin" }, + { "reqout", OPT_REQOUT, 's', + "Save sequence of CMP requests created by the client to file(s)" }, + { "rspin", OPT_RSPIN, 's', + "Process sequence of CMP responses provided in file(s), skipping server" }, + { "rspout", OPT_RSPOUT, 's', + "Save sequence of actually used CMP responses to file(s)" }, + + { "use_mock_srv", OPT_USE_MOCK_SRV, '-', + "Use internal mock server at API level, bypassing socket-based HTTP" }, OPT_SECTION("Mock server"), #ifdef OPENSSL_NO_SOCK - {OPT_MORE_STR, 0, 0, - "NOTE: -port and -max_msgs not supported due to no-sock build"}, + { OPT_MORE_STR, 0, 0, + "NOTE: -port and -max_msgs not supported due to no-sock build" }, #else - {"port", OPT_PORT, 's', - "Act as HTTP-based mock server listening on given port"}, - {"max_msgs", OPT_MAX_MSGS, 'N', - "max number of messages handled by HTTP mock server. Default: 0 = unlimited"}, + { "port", OPT_PORT, 's', + "Act as HTTP-based mock server listening on given port" }, + { "max_msgs", OPT_MAX_MSGS, 'N', + "max number of messages handled by HTTP mock server. Default: 0 = unlimited" }, #endif - {"srv_ref", OPT_SRV_REF, 's', - "Reference value to use as senderKID of server in case no -srv_cert is given"}, - {"srv_secret", OPT_SRV_SECRET, 's', - "Password source for server authentication with a pre-shared key (secret)"}, - {"srv_cert", OPT_SRV_CERT, 's', "Certificate of the server"}, - {"srv_key", OPT_SRV_KEY, 's', - "Private key used by the server for signing messages"}, - {"srv_keypass", OPT_SRV_KEYPASS, 's', - "Server private key (and cert) pass phrase source"}, - - {"srv_trusted", OPT_SRV_TRUSTED, 's', - "Trusted certificates for client authentication"}, - {"srv_untrusted", OPT_SRV_UNTRUSTED, 's', - "Intermediate certs that may be useful for verifying CMP protection"}, - {"rsp_cert", OPT_RSP_CERT, 's', - "Certificate to be returned as mock enrollment result"}, - {"rsp_extracerts", OPT_RSP_EXTRACERTS, 's', - "Extra certificates to be included in mock certification responses"}, - {"rsp_capubs", OPT_RSP_CAPUBS, 's', - "CA certificates to be included in mock ip response"}, - {"poll_count", OPT_POLL_COUNT, 'N', - "Number of times the client must poll before receiving a certificate"}, - {"check_after", OPT_CHECK_AFTER, 'N', - "The check_after value (time to wait) to include in poll response"}, - {"grant_implicitconf", OPT_GRANT_IMPLICITCONF, '-', - "Grant implicit confirmation of newly enrolled certificate"}, - - {"pkistatus", OPT_PKISTATUS, 'N', - "PKIStatus to be included in server response. Possible values: 0..6"}, - {"failure", OPT_FAILURE, 'N', - "A single failure info bit number to include in server response, 0..26"}, - {"failurebits", OPT_FAILUREBITS, 'N', - "Number representing failure bits to include in server response, 0..2^27 - 1"}, - {"statusstring", OPT_STATUSSTRING, 's', - "Status string to be included in server response"}, - {"send_error", OPT_SEND_ERROR, '-', - "Force server to reply with error message"}, - {"send_unprotected", OPT_SEND_UNPROTECTED, '-', - "Send response messages without CMP-level protection"}, - {"send_unprot_err", OPT_SEND_UNPROT_ERR, '-', - "In case of negative responses, server shall send unprotected error messages,"}, - {OPT_MORE_STR, 0, 0, - "certificate responses (ip/cp/kup), and revocation responses (rp)."}, - {OPT_MORE_STR, 0, 0, - "WARNING: This setting leads to behavior violating RFC 4210"}, - {"accept_unprotected", OPT_ACCEPT_UNPROTECTED, '-', - "Accept missing or invalid protection of requests"}, - {"accept_unprot_err", OPT_ACCEPT_UNPROT_ERR, '-', - "Accept unprotected error messages from client"}, - {"accept_raverified", OPT_ACCEPT_RAVERIFIED, '-', - "Accept RAVERIFIED as proof-of-possession (POPO)"}, + { "srv_ref", OPT_SRV_REF, 's', + "Reference value to use as senderKID of server in case no -srv_cert is given" }, + { "srv_secret", OPT_SRV_SECRET, 's', + "Password source for server authentication with a pre-shared key (secret)" }, + { "srv_cert", OPT_SRV_CERT, 's', "Certificate of the server" }, + { "srv_key", OPT_SRV_KEY, 's', + "Private key used by the server for signing messages" }, + { "srv_keypass", OPT_SRV_KEYPASS, 's', + "Server private key (and cert) pass phrase source" }, + + { "srv_trusted", OPT_SRV_TRUSTED, 's', + "Trusted certificates for client authentication" }, + { "srv_untrusted", OPT_SRV_UNTRUSTED, 's', + "Intermediate certs that may be useful for verifying CMP protection" }, + { "rsp_cert", OPT_RSP_CERT, 's', + "Certificate to be returned as mock enrollment result" }, + { "rsp_extracerts", OPT_RSP_EXTRACERTS, 's', + "Extra certificates to be included in mock certification responses" }, + { "rsp_capubs", OPT_RSP_CAPUBS, 's', + "CA certificates to be included in mock ip response" }, + { "poll_count", OPT_POLL_COUNT, 'N', + "Number of times the client must poll before receiving a certificate" }, + { "check_after", OPT_CHECK_AFTER, 'N', + "The check_after value (time to wait) to include in poll response" }, + { "grant_implicitconf", OPT_GRANT_IMPLICITCONF, '-', + "Grant implicit confirmation of newly enrolled certificate" }, + + { "pkistatus", OPT_PKISTATUS, 'N', + "PKIStatus to be included in server response. Possible values: 0..6" }, + { "failure", OPT_FAILURE, 'N', + "A single failure info bit number to include in server response, 0..26" }, + { "failurebits", OPT_FAILUREBITS, 'N', + "Number representing failure bits to include in server response, 0..2^27 - 1" }, + { "statusstring", OPT_STATUSSTRING, 's', + "Status string to be included in server response" }, + { "send_error", OPT_SEND_ERROR, '-', + "Force server to reply with error message" }, + { "send_unprotected", OPT_SEND_UNPROTECTED, '-', + "Send response messages without CMP-level protection" }, + { "send_unprot_err", OPT_SEND_UNPROT_ERR, '-', + "In case of negative responses, server shall send unprotected error messages," }, + { OPT_MORE_STR, 0, 0, + "certificate responses (ip/cp/kup), and revocation responses (rp)." }, + { OPT_MORE_STR, 0, 0, + "WARNING: This setting leads to behavior violating RFC 4210" }, + { "accept_unprotected", OPT_ACCEPT_UNPROTECTED, '-', + "Accept missing or invalid protection of requests" }, + { "accept_unprot_err", OPT_ACCEPT_UNPROT_ERR, '-', + "Accept unprotected error messages from client" }, + { "accept_raverified", OPT_ACCEPT_RAVERIFIED, '-', + "Accept RAVERIFIED as proof-of-possession (POPO)" }, OPT_V_OPTIONS, - {NULL} + { NULL } }; typedef union { @@ -550,111 +605,110 @@ long *num_long; } varref; static varref cmp_vars[] = { /* must be in same order as enumerated above! */ - {&opt_config}, {&opt_section}, {(char **)&opt_verbosity}, + { &opt_config }, { &opt_section }, { (char **)&opt_verbosity }, - {&opt_cmd_s}, {&opt_infotype_s}, {&opt_geninfo}, + { &opt_cmd_s }, { &opt_infotype_s }, { &opt_geninfo }, - {&opt_newkey}, {&opt_newkeypass}, {&opt_subject}, {&opt_issuer}, - {(char **)&opt_days}, {&opt_reqexts}, - {&opt_sans}, {(char **)&opt_san_nodefault}, - {&opt_policies}, {&opt_policy_oids}, {(char **)&opt_policy_oids_critical}, - {(char **)&opt_popo}, {&opt_csr}, - {&opt_out_trusted}, - {(char **)&opt_implicit_confirm}, {(char **)&opt_disable_confirm}, - {&opt_certout}, {&opt_chainout}, + { &opt_newkey }, { &opt_newkeypass }, { &opt_subject }, { &opt_issuer }, + { (char **)&opt_days }, { &opt_reqexts }, + { &opt_sans }, { (char **)&opt_san_nodefault }, + { &opt_policies }, { &opt_policy_oids }, { (char **)&opt_policy_oids_critical }, + { (char **)&opt_popo }, { &opt_csr }, + { &opt_out_trusted }, + { (char **)&opt_implicit_confirm }, { (char **)&opt_disable_confirm }, + { &opt_certout }, { &opt_chainout }, - {&opt_oldcert}, {(char **)&opt_revreason}, + { &opt_oldcert }, { (char **)&opt_revreason }, #ifndef OPENSSL_NO_SOCK - {&opt_server}, {&opt_proxy}, {&opt_no_proxy}, + { &opt_server }, { &opt_proxy }, { &opt_no_proxy }, #endif - {&opt_recipient}, {&opt_path}, {(char **)&opt_keep_alive}, - {(char **)&opt_msg_timeout}, {(char **)&opt_total_timeout}, + { &opt_recipient }, { &opt_path }, { (char **)&opt_keep_alive }, + { (char **)&opt_msg_timeout }, { (char **)&opt_total_timeout }, - {&opt_trusted}, {&opt_untrusted}, {&opt_srvcert}, - {&opt_expect_sender}, - {(char **)&opt_ignore_keyusage}, {(char **)&opt_unprotected_errors}, - {&opt_extracertsout}, {&opt_cacertsout}, + { &opt_trusted }, { &opt_untrusted }, { &opt_srvcert }, + { &opt_expect_sender }, + { (char **)&opt_ignore_keyusage }, { (char **)&opt_unprotected_errors }, + { &opt_extracertsout }, { &opt_cacertsout }, - {&opt_ref}, {&opt_secret}, - {&opt_cert}, {&opt_own_trusted}, {&opt_key}, {&opt_keypass}, - {&opt_digest}, {&opt_mac}, {&opt_extracerts}, - {(char **)&opt_unprotected_requests}, + { &opt_ref }, { &opt_secret }, + { &opt_cert }, { &opt_own_trusted }, { &opt_key }, { &opt_keypass }, + { &opt_digest }, { &opt_mac }, { &opt_extracerts }, + { (char **)&opt_unprotected_requests }, - {&opt_certform_s}, {&opt_keyform_s}, - {&opt_otherpass}, + { &opt_certform_s }, { &opt_keyform_s }, + { &opt_otherpass }, #ifndef OPENSSL_NO_ENGINE - {&opt_engine}, + { &opt_engine }, #endif #ifndef OPENSSL_NO_SOCK - {(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key}, - {&opt_tls_keypass}, - {&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host}, + { (char **)&opt_tls_used }, { &opt_tls_cert }, { &opt_tls_key }, + { &opt_tls_keypass }, + { &opt_tls_extra }, { &opt_tls_trusted }, { &opt_tls_host }, #endif - {(char **)&opt_batch}, {(char **)&opt_repeat}, - {&opt_reqin}, {(char **)&opt_reqin_new_tid}, - {&opt_reqout}, {&opt_rspin}, {&opt_rspout}, + { (char **)&opt_batch }, { (char **)&opt_repeat }, + { &opt_reqin }, { (char **)&opt_reqin_new_tid }, + { &opt_reqout }, { &opt_rspin }, { &opt_rspout }, - {(char **)&opt_use_mock_srv}, + { (char **)&opt_use_mock_srv }, #ifndef OPENSSL_NO_SOCK - {&opt_port}, {(char **)&opt_max_msgs}, + { &opt_port }, { (char **)&opt_max_msgs }, #endif - {&opt_srv_ref}, {&opt_srv_secret}, - {&opt_srv_cert}, {&opt_srv_key}, {&opt_srv_keypass}, - {&opt_srv_trusted}, {&opt_srv_untrusted}, - {&opt_rsp_cert}, {&opt_rsp_extracerts}, {&opt_rsp_capubs}, - {(char **)&opt_poll_count}, {(char **)&opt_check_after}, - {(char **)&opt_grant_implicitconf}, - {(char **)&opt_pkistatus}, {(char **)&opt_failure}, - {(char **)&opt_failurebits}, {&opt_statusstring}, - {(char **)&opt_send_error}, {(char **)&opt_send_unprotected}, - {(char **)&opt_send_unprot_err}, {(char **)&opt_accept_unprotected}, - {(char **)&opt_accept_unprot_err}, {(char **)&opt_accept_raverified}, - - {NULL} + { &opt_srv_ref }, { &opt_srv_secret }, + { &opt_srv_cert }, { &opt_srv_key }, { &opt_srv_keypass }, + { &opt_srv_trusted }, { &opt_srv_untrusted }, + { &opt_rsp_cert }, { &opt_rsp_extracerts }, { &opt_rsp_capubs }, + { (char **)&opt_poll_count }, { (char **)&opt_check_after }, + { (char **)&opt_grant_implicitconf }, + { (char **)&opt_pkistatus }, { (char **)&opt_failure }, + { (char **)&opt_failurebits }, { &opt_statusstring }, + { (char **)&opt_send_error }, { (char **)&opt_send_unprotected }, + { (char **)&opt_send_unprot_err }, { (char **)&opt_accept_unprotected }, + { (char **)&opt_accept_unprot_err }, { (char **)&opt_accept_raverified }, + + { NULL } }; -#define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \ - ? "CMP" : OPENSSL_FUNC) +#define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \ + ? "CMP" \ + : OPENSSL_FUNC) #define CMP_print(bio, level, prefix, msg, a1, a2, a3) \ - ((void)(level > opt_verbosity ? 0 : \ - (BIO_printf(bio, "%s:%s:%d:CMP %s: " msg "\n", \ - FUNC, OPENSSL_FILE, OPENSSL_LINE, prefix, a1, a2, a3)))) + ((void)(level > opt_verbosity ? 0 : (BIO_printf(bio, "%s:%s:%d:CMP %s: " msg "\n", FUNC, OPENSSL_FILE, OPENSSL_LINE, prefix, a1, a2, a3)))) #define CMP_DEBUG(m, a1, a2, a3) \ CMP_print(bio_out, OSSL_CMP_LOG_DEBUG, "debug", m, a1, a2, a3) -#define CMP_debug(msg) CMP_DEBUG(msg"%s%s%s", "", "", "") -#define CMP_debug1(msg, a1) CMP_DEBUG(msg"%s%s", a1, "", "") -#define CMP_debug2(msg, a1, a2) CMP_DEBUG(msg"%s", a1, a2, "") -#define CMP_debug3(msg, a1, a2, a3) CMP_DEBUG(msg, a1, a2, a3) +#define CMP_debug(msg) CMP_DEBUG(msg "%s%s%s", "", "", "") +#define CMP_debug1(msg, a1) CMP_DEBUG(msg "%s%s", a1, "", "") +#define CMP_debug2(msg, a1, a2) CMP_DEBUG(msg "%s", a1, a2, "") +#define CMP_debug3(msg, a1, a2, a3) CMP_DEBUG(msg, a1, a2, a3) #define CMP_INFO(msg, a1, a2, a3) \ CMP_print(bio_out, OSSL_CMP_LOG_INFO, "info", msg, a1, a2, a3) -#define CMP_info(msg) CMP_INFO(msg"%s%s%s", "", "", "") -#define CMP_info1(msg, a1) CMP_INFO(msg"%s%s", a1, "", "") -#define CMP_info2(msg, a1, a2) CMP_INFO(msg"%s", a1, a2, "") -#define CMP_info3(msg, a1, a2, a3) CMP_INFO(msg, a1, a2, a3) +#define CMP_info(msg) CMP_INFO(msg "%s%s%s", "", "", "") +#define CMP_info1(msg, a1) CMP_INFO(msg "%s%s", a1, "", "") +#define CMP_info2(msg, a1, a2) CMP_INFO(msg "%s", a1, a2, "") +#define CMP_info3(msg, a1, a2, a3) CMP_INFO(msg, a1, a2, a3) #define CMP_WARN(m, a1, a2, a3) \ CMP_print(bio_out, OSSL_CMP_LOG_WARNING, "warning", m, a1, a2, a3) -#define CMP_warn(msg) CMP_WARN(msg"%s%s%s", "", "", "") -#define CMP_warn1(msg, a1) CMP_WARN(msg"%s%s", a1, "", "") -#define CMP_warn2(msg, a1, a2) CMP_WARN(msg"%s", a1, a2, "") -#define CMP_warn3(msg, a1, a2, a3) CMP_WARN(msg, a1, a2, a3) +#define CMP_warn(msg) CMP_WARN(msg "%s%s%s", "", "", "") +#define CMP_warn1(msg, a1) CMP_WARN(msg "%s%s", a1, "", "") +#define CMP_warn2(msg, a1, a2) CMP_WARN(msg "%s", a1, a2, "") +#define CMP_warn3(msg, a1, a2, a3) CMP_WARN(msg, a1, a2, a3) #define CMP_ERR(msg, a1, a2, a3) \ CMP_print(bio_err, OSSL_CMP_LOG_ERR, "error", msg, a1, a2, a3) -#define CMP_err(msg) CMP_ERR(msg"%s%s%s", "", "", "") -#define CMP_err1(msg, a1) CMP_ERR(msg"%s%s", a1, "", "") -#define CMP_err2(msg, a1, a2) CMP_ERR(msg"%s", a1, a2, "") -#define CMP_err3(msg, a1, a2, a3) CMP_ERR(msg, a1, a2, a3) +#define CMP_err(msg) CMP_ERR(msg "%s%s%s", "", "", "") +#define CMP_err1(msg, a1) CMP_ERR(msg "%s%s", a1, "", "") +#define CMP_err2(msg, a1, a2) CMP_ERR(msg "%s", a1, a2, "") +#define CMP_err3(msg, a1, a2, a3) CMP_ERR(msg, a1, a2, a3) static int print_to_bio_out(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) + OSSL_CMP_severity level, const char *msg) { return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg); } static int print_to_bio_err(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) + OSSL_CMP_severity level, const char *msg) { return OSSL_CMP_print_to_bio(bio_err, func, file, line, level, msg); } @@ -670,7 +724,7 @@ } static EVP_PKEY *load_key_pwd(const char *uri, int format, - const char *pass, ENGINE *eng, const char *desc) + const char *pass, ENGINE *eng, const char *desc) { char *pass_string = get_passwd(pass, desc); EVP_PKEY *pkey = load_key(uri, format, 0, pass_string, eng, desc); @@ -704,7 +758,7 @@ if (csr == NULL) { ERR_print_errors(bio_err); BIO_printf(bio_err, "error: unable to load %s from file '%s'\n", desc, - infile); + infile); } else { EVP_PKEY *pkey = X509_REQ_get0_pubkey(csr); int ret = do_X509_REQ_verify(csr, pkey, NULL /* vfyopts */); @@ -724,12 +778,11 @@ /* first clear any host names, IP, and email addresses */ if (!X509_VERIFY_PARAM_set1_host(ts_vpm, NULL, 0) - || !X509_VERIFY_PARAM_set1_ip(ts_vpm, NULL, 0) - || !X509_VERIFY_PARAM_set1_email(ts_vpm, NULL, 0)) + || !X509_VERIFY_PARAM_set1_ip(ts_vpm, NULL, 0) + || !X509_VERIFY_PARAM_set1_email(ts_vpm, NULL, 0)) return 0; X509_VERIFY_PARAM_set_hostflags(ts_vpm, - X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT | - X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT | X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); return (host != NULL && X509_VERIFY_PARAM_set1_ip_asc(ts_vpm, host)) || X509_VERIFY_PARAM_set1_host(ts_vpm, host, 0); } @@ -790,7 +843,7 @@ * to take the sequence of requests and responses from files. */ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_MSG *req_new = NULL; OSSL_CMP_MSG *res = NULL; @@ -798,7 +851,7 @@ const char *prev_opt_rspin = opt_rspin; if (req != NULL && opt_reqout != NULL - && !write_PKIMESSAGE(req, &opt_reqout)) + && !write_PKIMESSAGE(req, &opt_reqout)) goto err; if (opt_reqin != NULL && opt_rspin == NULL) { if ((req_new = read_PKIMESSAGE("actually sending", &opt_reqin)) == NULL) @@ -809,7 +862,7 @@ * The following workaround unfortunately requires re-protection. */ if (opt_reqin_new_tid - && !OSSL_CMP_MSG_update_transactionID(ctx, req_new)) + && !OSSL_CMP_MSG_update_transactionID(ctx, req_new)) goto err; /* @@ -856,7 +909,7 @@ nonce = OSSL_CMP_HDR_get0_recipNonce(hdr); tid = OSSL_CMP_HDR_get0_transactionID(hdr); if (!OSSL_CMP_CTX_set1_senderNonce(ctx, nonce) - || !OSSL_CMP_CTX_set1_transactionID(ctx, tid)) { + || !OSSL_CMP_CTX_set1_transactionID(ctx, tid)) { OSSL_CMP_MSG_free(res); res = NULL; goto err; @@ -868,21 +921,21 @@ res = NULL; } - err: +err: OSSL_CMP_MSG_free(req_new); return res; } static int set_name(const char *str, - int (*set_fn) (OSSL_CMP_CTX *ctx, const X509_NAME *name), - OSSL_CMP_CTX *ctx, const char *desc) + int (*set_fn)(OSSL_CMP_CTX *ctx, const X509_NAME *name), + OSSL_CMP_CTX *ctx, const char *desc) { if (str != NULL) { - X509_NAME *n = parse_name(str, MBSTRING_ASC, 1, desc); + X509_NAME *n = parse_name(str, MBSTRING_UTF8, 1, desc); if (n == NULL) return 0; - if (!(*set_fn) (ctx, n)) { + if (!(*set_fn)(ctx, n)) { X509_NAME_free(n); CMP_err("out of memory"); return 0; @@ -902,8 +955,8 @@ next = next_item(names); if (strcmp(names, "critical") == 0) { (void)OSSL_CMP_CTX_set_option(ctx, - OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL, - 1); + OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL, + 1); continue; } @@ -912,8 +965,8 @@ n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0); if (n == NULL) n = a2i_GENERAL_NAME(NULL, NULL, NULL, - strchr(names, ':') != NULL ? GEN_URI : GEN_DNS, - names, 0); + strchr(names, ':') != NULL ? GEN_URI : GEN_DNS, + names, 0); (void)ERR_pop_to_mark(); if (n == NULL) { @@ -940,7 +993,7 @@ /* copy vpm to store */ if (X509_STORE_set1_param(ts, vpm /* may be NULL */) - && (for_new_cert || truststore_set_host_etc(ts, NULL))) + && (for_new_cert || truststore_set_host_etc(ts, NULL))) return ts; BIO_printf(bio_err, "error setting verification parameters for %s\n", desc); OSSL_CMP_CTX_print_errors(cmp_ctx); @@ -951,7 +1004,7 @@ typedef int (*add_X509_stack_fn_t)(void *ctx, const STACK_OF(X509) *certs); static int setup_certs(char *files, const char *desc, void *ctx, - add_X509_stack_fn_t set1_fn) + add_X509_stack_fn_t set1_fn) { STACK_OF(X509) *certs; int ok; @@ -965,7 +1018,6 @@ return ok; } - /* * parse and transform some options, checking their syntax. * Returns 1 on success, 0 on error @@ -995,13 +1047,13 @@ } #ifndef OPENSSL_NO_ENGINE -# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_ENGINE) +#define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_ENGINE) #else -# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12) +#define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12) #endif if (opt_keyform_s != NULL - && !opt_format(opt_keyform_s, FORMAT_OPTIONS, &opt_keyform)) { + && !opt_format(opt_keyform_s, FORMAT_OPTIONS, &opt_keyform)) { CMP_err("unknown option given for key loading format"); return 0; } @@ -1009,7 +1061,7 @@ #undef FORMAT_OPTIONS if (opt_certform_s != NULL - && !opt_format(opt_certform_s, OPT_FMT_PEMDER, &opt_certform)) { + && !opt_format(opt_certform_s, OPT_FMT_PEMDER, &opt_certform)) { CMP_err("unknown option given for certificate storing format"); return 0; } @@ -1021,7 +1073,7 @@ { OSSL_CMP_CTX *ctx; /* extra CMP (client) ctx partly used by server */ OSSL_CMP_SRV_CTX *srv_ctx = ossl_cmp_mock_srv_new(app_get0_libctx(), - app_get0_propq()); + app_get0_propq()); if (srv_ctx == NULL) return NULL; @@ -1035,7 +1087,7 @@ } } else { if (!OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_srv_ref, - strlen(opt_srv_ref))) + strlen(opt_srv_ref))) goto err; } @@ -1046,7 +1098,7 @@ if (pass_str != NULL) { cleanse(opt_srv_secret); res = OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)pass_str, - strlen(pass_str)); + strlen(pass_str)); clear_free(pass_str); if (res == 0) goto err; @@ -1059,13 +1111,13 @@ } if (opt_srv_secret == NULL - && ((opt_srv_cert == NULL) != (opt_srv_key == NULL))) { + && ((opt_srv_cert == NULL) != (opt_srv_key == NULL))) { CMP_err("must give both -srv_cert and -srv_key options or neither"); goto err; } if (opt_srv_cert != NULL) { X509 *srv_cert = load_cert_pwd(opt_srv_cert, opt_srv_keypass, - "certificate of the mock server"); + "certificate of the mock server"); if (srv_cert == NULL || !OSSL_CMP_CTX_set1_cert(ctx, srv_cert)) { X509_free(srv_cert); @@ -1075,8 +1127,8 @@ } if (opt_srv_key != NULL) { EVP_PKEY *pkey = load_key_pwd(opt_srv_key, opt_keyform, - opt_srv_keypass, - engine, "private key for mock server cert"); + opt_srv_keypass, + engine, "private key for mock server cert"); if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) { EVP_PKEY_free(pkey); @@ -1087,8 +1139,7 @@ cleanse(opt_srv_keypass); if (opt_srv_trusted != NULL) { - X509_STORE *ts = - load_trusted(opt_srv_trusted, 0, "certs trusted by mock server"); + X509_STORE *ts = load_trusted(opt_srv_trusted, 0, "certs trusted by mock server"); if (ts == NULL || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { X509_STORE_free(ts); @@ -1098,15 +1149,15 @@ CMP_warn("mock server will not be able to handle signature-protected requests since -srv_trusted is not given"); } if (!setup_certs(opt_srv_untrusted, - "untrusted certificates for mock server", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted)) + "untrusted certificates for mock server", ctx, + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted)) goto err; if (opt_rsp_cert == NULL) { CMP_warn("no -rsp_cert given for mock server"); } else { X509 *cert = load_cert_pwd(opt_rsp_cert, opt_keypass, - "cert to be returned by the mock server"); + "cert to be returned by the mock server"); if (cert == NULL) goto err; @@ -1118,21 +1169,21 @@ X509_free(cert); } if (!setup_certs(opt_rsp_extracerts, - "CMP extra certificates for mock server", srv_ctx, - (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut)) + "CMP extra certificates for mock server", srv_ctx, + (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut)) goto err; if (!setup_certs(opt_rsp_capubs, "caPubs for mock server", srv_ctx, - (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_caPubsOut)) + (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_caPubsOut)) goto err; (void)ossl_cmp_mock_srv_set_pollCount(srv_ctx, opt_poll_count); (void)ossl_cmp_mock_srv_set_checkAfterTime(srv_ctx, opt_check_after); if (opt_grant_implicitconf) (void)OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(srv_ctx, 1); - if (opt_failure != INT_MIN) { /* option has been set explicity */ + if (opt_failure != INT_MIN) { /* option has been set explicitly */ if (opt_failure < 0 || OSSL_CMP_PKIFAILUREINFO_MAX < opt_failure) { CMP_err1("-failure out of range, should be >= 0 and <= %d", - OSSL_CMP_PKIFAILUREINFO_MAX); + OSSL_CMP_PKIFAILUREINFO_MAX); goto err; } if (opt_failurebits != 0) @@ -1145,7 +1196,7 @@ goto err; } if (!ossl_cmp_mock_srv_set_statusInfo(srv_ctx, opt_pkistatus, - opt_failurebits, opt_statusstring)) + opt_failurebits, opt_statusstring)) goto err; if (opt_send_error) @@ -1164,7 +1215,7 @@ return srv_ctx; - err: +err: ossl_cmp_mock_srv_free(srv_ctx); return NULL; } @@ -1176,7 +1227,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) { if (!setup_certs(opt_untrusted, "untrusted certificates", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted)) + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted)) return 0; if (opt_srvcert != NULL || opt_trusted != NULL) { @@ -1194,7 +1245,7 @@ opt_recipient = NULL; } srvcert = load_cert_pwd(opt_srvcert, opt_otherpass, - "directly trusted CMP server certificate"); + "directly trusted CMP server certificate"); ok = srvcert != NULL && OSSL_CMP_CTX_set1_srvCert(ctx, srvcert); X509_free(srvcert); if (!ok) @@ -1222,9 +1273,8 @@ if (opt_out_trusted != NULL) { /* for use in OSSL_CMP_certConf_cb() */ X509_VERIFY_PARAM *out_vpm = NULL; - X509_STORE *out_trusted = - load_trusted(opt_out_trusted, 1, - "trusted certs for verifying newly enrolled cert"); + X509_STORE *out_trusted = load_trusted(opt_out_trusted, 1, + "trusted certs for verifying newly enrolled cert"); if (out_trusted == NULL) return 0; @@ -1232,7 +1282,10 @@ out_vpm = X509_STORE_get0_param(out_trusted); X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME); - (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted); + if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) { + X509_STORE_free(out_trusted); + return 0; + } } if (opt_disable_confirm) @@ -1250,7 +1303,7 @@ * Returns pointer on success, NULL on error */ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host, - ENGINE *engine) + ENGINE *engine) { STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted(ctx); EVP_PKEY *pkey = NULL; @@ -1275,8 +1328,8 @@ int ok; if (!load_cert_certs(opt_tls_cert, &cert, &certs, 0, opt_tls_keypass, - "TLS client certificate (optionally with chain)", - vpm)) + "TLS client certificate (optionally with chain)", + vpm)) /* need opt_tls_keypass if opt_tls_cert is encrypted PKCS#12 file */ goto err; @@ -1289,7 +1342,7 @@ */ if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) { CMP_err1("unable to use client TLS certificate file '%s'", - opt_tls_cert); + opt_tls_cert); sk_X509_pop_free(certs, X509_free); goto err; } @@ -1310,15 +1363,14 @@ bak_flags = X509_VERIFY_PARAM_get_flags(tls_vpm); /* disable any cert status/revocation checking etc. */ X509_VERIFY_PARAM_clear_flags(tls_vpm, - ~(X509_V_FLAG_USE_CHECK_TIME - | X509_V_FLAG_NO_CHECK_TIME - | X509_V_FLAG_PARTIAL_CHAIN - | X509_V_FLAG_POLICY_CHECK)); + ~(X509_V_FLAG_USE_CHECK_TIME + | X509_V_FLAG_NO_CHECK_TIME + | X509_V_FLAG_PARTIAL_CHAIN + | X509_V_FLAG_POLICY_CHECK)); } CMP_debug("trying to build cert chain for own TLS cert"); if (SSL_CTX_build_cert_chain(ssl_ctx, - SSL_BUILD_CHAIN_FLAG_UNTRUSTED | - SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { + SSL_BUILD_CHAIN_FLAG_UNTRUSTED | SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { CMP_debug("success building cert chain for own TLS cert"); } else { OSSL_CMP_CTX_print_errors(ctx); @@ -1331,9 +1383,9 @@ /* If present we append to the list also the certs from opt_tls_extra */ if (opt_tls_extra != NULL) { STACK_OF(X509) *tls_extra = load_certs_multifile(opt_tls_extra, - opt_otherpass, - "extra certificates for TLS", - vpm); + opt_otherpass, + "extra certificates for TLS", + vpm); int res = 1; if (tls_extra == NULL) @@ -1353,7 +1405,7 @@ } pkey = load_key_pwd(opt_tls_key, opt_keyform, opt_tls_keypass, - engine, "TLS client private key"); + engine, "TLS client private key"); cleanse(opt_tls_keypass); if (pkey == NULL) goto err; @@ -1363,9 +1415,9 @@ * because it gives poor and sometimes misleading diagnostics */ if (!X509_check_private_key(SSL_CTX_get0_certificate(ssl_ctx), - pkey)) { + pkey)) { CMP_err2("TLS private key '%s' does not match the TLS certificate '%s'\n", - opt_tls_key, opt_tls_cert); + opt_tls_key, opt_tls_cert); EVP_PKEY_free(pkey); pkey = NULL; /* otherwise, for some reason double free! */ goto err; @@ -1381,12 +1433,12 @@ if (opt_tls_trusted != NULL) { /* enable and parameterize server hostname/IP address check */ if (!truststore_set_host_etc(trust_store, - opt_tls_host != NULL ? opt_tls_host : host)) + opt_tls_host != NULL ? opt_tls_host : host)) goto err; SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); } return ssl_ctx; - err: +err: SSL_CTX_free(ssl_ctx); return NULL; } @@ -1420,8 +1472,8 @@ if (pass_string != NULL) { cleanse(opt_secret); res = OSSL_CMP_CTX_set1_secretValue(ctx, - (unsigned char *)pass_string, - strlen(pass_string)); + (unsigned char *)pass_string, + strlen(pass_string)); clear_free(pass_string); if (res == 0) return 0; @@ -1430,13 +1482,13 @@ CMP_warn("-cert and -key not used for protection since -secret is given"); } if (opt_ref != NULL - && !OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_ref, - strlen(opt_ref))) + && !OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_ref, + strlen(opt_ref))) return 0; if (opt_key != NULL) { EVP_PKEY *pkey = load_key_pwd(opt_key, opt_keyform, opt_keypass, engine, - "private key for CMP client certificate"); + "private key for CMP client certificate"); if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) { EVP_PKEY_free(pkey); @@ -1454,8 +1506,8 @@ int ok; if (!load_cert_certs(opt_cert, &cert, &certs, 0, opt_keypass, - "CMP client certificate (optionally with chain)", - vpm)) + "CMP client certificate (optionally with chain)", + vpm)) /* opt_keypass is needed if opt_cert is an encrypted PKCS#12 file */ return 0; ok = OSSL_CMP_CTX_set1_cert(ctx, cert); @@ -1465,7 +1517,7 @@ } else { if (opt_own_trusted != NULL) { own_trusted = load_trusted(opt_own_trusted, 0, - "trusted certs for verifying own CMP signer cert"); + "trusted certs for verifying own CMP signer cert"); ok = own_trusted != NULL; } ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs); @@ -1479,7 +1531,7 @@ } if (!setup_certs(opt_extracerts, "extra certificates for CMP", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_extraCertsOut)) + (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_extraCertsOut)) return 0; cleanse(opt_otherpass); @@ -1523,8 +1575,8 @@ X509V3_CTX ext_ctx; if (opt_subject == NULL - && opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL - && opt_cmd != CMP_RR && opt_cmd != CMP_GENM) + && opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL + && opt_cmd != CMP_RR && opt_cmd != CMP_GENM) CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback"); if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) { @@ -1538,8 +1590,7 @@ && opt_popo != OSSL_CRMF_POPO_RAVERIFIED) { if (opt_csr != NULL) { CMP_err1("no -newkey option given with private key for POPO, -csr option only provides public key%s", - opt_key == NULL ? "" : - ", and -key option superseded by by -csr"); + opt_key == NULL ? "" : ", and -key option superseded by by -csr"); return 0; } if (opt_key == NULL) { @@ -1552,7 +1603,7 @@ return 0; } if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject") - || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer")) + || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer")) return 0; } else { const char *msg = "option is ignored for commands other than 'ir', 'cr', and 'kur'"; @@ -1588,7 +1639,7 @@ } if (opt_subject != NULL) CMP_warn2("given -subject '%s' overrides the subject of '%s' for KUR", - opt_subject, ref_cert != NULL ? ref_cert : opt_csr); + opt_subject, ref_cert != NULL ? ref_cert : opt_csr); } if (opt_cmd == CMP_RR) { if (opt_oldcert == NULL && opt_csr == NULL) { @@ -1604,7 +1655,7 @@ } if (opt_recipient == NULL && opt_srvcert == NULL && opt_issuer == NULL - && opt_oldcert == NULL && opt_cert == NULL) + && opt_oldcert == NULL && opt_cert == NULL) CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient will be set to \"NULL-DN\""); if (opt_cmd == CMP_P10CR || opt_cmd == CMP_RR) { @@ -1633,8 +1684,8 @@ if (pkey == NULL) { ERR_clear_error(); desc = opt_csr == NULL - ? "fallback public key for cert to be enrolled" - : "public key for checking cert resulting from p10cr"; + ? "fallback public key for cert to be enrolled" + : "public key for checking cert resulting from p10cr"; pkey = load_pubkey(file, format, 0, pass, engine, desc); priv = 0; } @@ -1646,8 +1697,8 @@ } if (opt_days > 0 - && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, - opt_days)) { + && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, + opt_days)) { CMP_err("could not set requested cert validity period"); return 0; } @@ -1675,13 +1726,13 @@ if (opt_reqexts != NULL && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_reqexts, &exts)) { CMP_err1("cannot load certificate request extension section '%s'", - opt_reqexts); + opt_reqexts); goto exts_err; } if (opt_policies != NULL && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_policies, &exts)) { CMP_err1("cannot load policy cert request extension section '%s'", - opt_policies); + opt_policies); goto exts_err; } OSSL_CMP_CTX_set0_reqExtensions(ctx, exts); @@ -1700,7 +1751,7 @@ if (opt_sans != NULL) CMP_warn("-opt_san_nodefault has no effect when -sans is used"); (void)OSSL_CMP_CTX_set_option(ctx, - OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT, 1); + OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT, 1); } if (opt_policy_oids_critical) { @@ -1741,11 +1792,8 @@ CMP_warn("-oldcert option is ignored for command 'genm'"); } else { X509 *oldcert = load_cert_pwd(opt_oldcert, opt_keypass, - opt_cmd == CMP_KUR ? - "certificate to be updated" : - opt_cmd == CMP_RR ? - "certificate to be revoked" : - "reference certificate (oldcert)"); + opt_cmd == CMP_KUR ? "certificate to be updated" : opt_cmd == CMP_RR ? "certificate to be revoked" + : "reference certificate (oldcert)"); /* opt_keypass needed if opt_oldcert is an encrypted PKCS#12 file */ if (oldcert == NULL) @@ -1761,13 +1809,13 @@ cleanse(opt_keypass); if (opt_revreason > CRL_REASON_NONE) (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_REVOCATION_REASON, - opt_revreason); + opt_revreason); return 1; - oom: +oom: CMP_err("out of memory"); - exts_err: +exts_err: sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); X509_REQ_free(csr); return 0; @@ -1829,13 +1877,12 @@ } return 1; - oom: +oom: ASN1_OBJECT_free(type); CMP_err("out of memory"); return 0; } - /* * set up the client-side OSSL_CMP_CTX based on options from config file/CLI * while parsing options and checking their consistency. @@ -1878,7 +1925,7 @@ goto set_path; } if (!OSSL_HTTP_parse_url(opt_server, &ssl, NULL /* user */, &host, &port, - &portnum, &path, NULL /* q */, NULL /* frag */)) { + &portnum, &path, NULL /* q */, NULL /* frag */)) { CMP_err1("cannot parse -server URL: %s", opt_server); goto err; } @@ -1891,21 +1938,21 @@ if (opt_path == NULL) used_path = path; if (!OSSL_CMP_CTX_set1_server(ctx, host) - || !OSSL_CMP_CTX_set_serverPort(ctx, portnum)) + || !OSSL_CMP_CTX_set_serverPort(ctx, portnum)) goto oom; if (opt_proxy != NULL && !OSSL_CMP_CTX_set1_proxy(ctx, opt_proxy)) goto oom; if (opt_no_proxy != NULL && !OSSL_CMP_CTX_set1_no_proxy(ctx, opt_no_proxy)) goto oom; (void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s:%s/%s", - opt_tls_used ? "s" : "", host, port, - *used_path == '/' ? used_path + 1 : used_path); + opt_tls_used ? "s" : "", host, port, + *used_path == '/' ? used_path + 1 : used_path); proxy_host = OSSL_HTTP_adapt_proxy(opt_proxy, opt_no_proxy, host, ssl); if (proxy_host != NULL) (void)BIO_snprintf(proxy_buf, sizeof(proxy_buf), " via %s", proxy_host); - set_path: +set_path: #endif if (!OSSL_CMP_CTX_set1_serverPath(ctx, used_path)) @@ -1928,19 +1975,19 @@ if (opt_keep_alive != 1) (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_KEEP_ALIVE, - opt_keep_alive); + opt_keep_alive); if (opt_total_timeout > 0 && opt_msg_timeout > 0 - && opt_total_timeout < opt_msg_timeout) { + && opt_total_timeout < opt_msg_timeout) { CMP_err2("-total_timeout argument = %d must not be < %d (-msg_timeout)", - opt_total_timeout, opt_msg_timeout); + opt_total_timeout, opt_msg_timeout); goto err; } if (opt_msg_timeout >= 0) /* must do this before setup_ssl_ctx() */ (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT, - opt_msg_timeout); + opt_msg_timeout); if (opt_total_timeout >= 0) (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT, - opt_total_timeout); + opt_total_timeout); if (opt_rspin != NULL) { rspin_in_use = 1; @@ -1950,7 +1997,7 @@ if (opt_reqin_new_tid && opt_reqin == NULL) CMP_warn("-reqin_new_tid is ignored since -reqin is not present"); if (opt_reqin != NULL || opt_reqout != NULL - || opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv) + || opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv) (void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp); #ifndef OPENSSL_NO_SOCK @@ -1993,8 +2040,8 @@ goto err; if (!set_name(opt_recipient, OSSL_CMP_CTX_set1_recipient, ctx, "recipient") - || !set_name(opt_expect_sender, OSSL_CMP_CTX_set1_expected_sender, - ctx, "expected sender")) + || !set_name(opt_expect_sender, OSSL_CMP_CTX_set1_expected_sender, + ctx, "expected sender")) goto err; if (opt_geninfo != NULL && !handle_opt_geninfo(ctx)) @@ -2004,18 +2051,18 @@ if (opt_rspin != NULL) CMP_info2("will contact %s%s " "only if -rspin argument gives too few filenames", - server_buf, proxy_buf); + server_buf, proxy_buf); else CMP_info2("will contact %s%s", server_buf, proxy_buf); ret = 1; - err: +err: OPENSSL_free(host); OPENSSL_free(port); OPENSSL_free(path); return ret; - oom: +oom: CMP_err("out of memory"); goto err; } @@ -2028,12 +2075,12 @@ static int write_cert(BIO *bio, X509 *cert) { if ((opt_certform == FORMAT_PEM && PEM_write_bio_X509(bio, cert)) - || (opt_certform == FORMAT_ASN1 && i2d_X509_bio(bio, cert))) + || (opt_certform == FORMAT_ASN1 && i2d_X509_bio(bio, cert))) return 1; if (opt_certform != FORMAT_PEM && opt_certform != FORMAT_ASN1) BIO_printf(bio_err, - "error: unsupported type '%s' for writing certificates\n", - opt_certform_s); + "error: unsupported type '%s' for writing certificates\n", + opt_certform_s); return 0; } @@ -2045,7 +2092,7 @@ * Returns number of written certificates on success, -1 on error. */ static int save_free_certs(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *certs, char *destFile, char *desc) + STACK_OF(X509) *certs, char *destFile, char *desc) { BIO *bio = NULL; int i; @@ -2054,12 +2101,12 @@ if (destFile == NULL) goto end; CMP_info3("received %d %s certificate(s), saving to file '%s'", - n, desc, destFile); + n, desc, destFile); if (n > 1 && opt_certform != FORMAT_PEM) CMP_warn("saving more than one certificate in non-PEM format"); if (destFile == NULL || (bio = BIO_new(BIO_s_file())) == NULL - || !BIO_write_filename(bio, (char *)destFile)) { + || !BIO_write_filename(bio, (char *)destFile)) { CMP_err1("could not open file '%s' for writing", destFile); n = -1; goto end; @@ -2073,7 +2120,7 @@ } } - end: +end: BIO_free(bio); sk_X509_pop_free(certs, X509_free); return n; @@ -2123,7 +2170,7 @@ len = end - beg; if (len > SECTION_NAME_MAX) { CMP_warn3("using only first %d characters of section name starting with \"%.*s\"", - SECTION_NAME_MAX, SECTION_NAME_MAX, beg); + SECTION_NAME_MAX, SECTION_NAME_MAX, beg); len = SECTION_NAME_MAX; } memcpy(opt_item, beg, len); @@ -2140,7 +2187,7 @@ /* get str value for name from a comma-separated hierarchy of config sections */ static char *conf_get_string(const CONF *src_conf, const char *groups, - const char *name) + const char *name) { char *res = NULL; const char *end = groups + strlen(groups); @@ -2155,7 +2202,7 @@ /* get long val for name from a comma-separated hierarchy of config sections */ static int conf_get_number_e(const CONF *conf_, const char *groups, - const char *name, long *result) + const char *name, long *result) { char *str = conf_get_string(conf_, groups, name); char *tailptr; @@ -2192,25 +2239,22 @@ int n_options = OSSL_NELEM(cmp_options) - 1; for (opt = &cmp_options[start_opt], i = start_idx; - opt->name != NULL; i++, opt++) + opt->name != NULL; i++, opt++) if (!strcmp(opt->name, OPT_SECTION_STR) - || !strcmp(opt->name, OPT_MORE_STR)) + || !strcmp(opt->name, OPT_MORE_STR)) n_options--; - OPENSSL_assert(OSSL_NELEM(cmp_vars) == n_options - + OPT_PROV__FIRST + 1 - OPT_PROV__LAST - + OPT_R__FIRST + 1 - OPT_R__LAST - + OPT_V__FIRST + 1 - OPT_V__LAST); + OPENSSL_assert(OSSL_NELEM(cmp_vars) == n_options + OPT_PROV__FIRST + 1 - OPT_PROV__LAST + OPT_R__FIRST + 1 - OPT_R__LAST + OPT_V__FIRST + 1 - OPT_V__LAST); for (opt = &cmp_options[start_opt], i = start_idx; - opt->name != NULL; i++, opt++) { + opt->name != NULL; i++, opt++) { int provider_option = (OPT_PROV__FIRST <= opt->retval - && opt->retval < OPT_PROV__LAST); + && opt->retval < OPT_PROV__LAST); int rand_state_option = (OPT_R__FIRST <= opt->retval - && opt->retval < OPT_R__LAST); + && opt->retval < OPT_R__LAST); int verification_option = (OPT_V__FIRST <= opt->retval - && opt->retval < OPT_V__LAST); + && opt->retval < OPT_V__LAST); if (strcmp(opt->name, OPT_SECTION_STR) == 0 - || strcmp(opt->name, OPT_MORE_STR) == 0) { + || strcmp(opt->name, OPT_MORE_STR) == 0) { i--; continue; } @@ -2228,12 +2272,12 @@ } if (opt->valtype == 'p' && num <= 0) { opt_printf_stderr("Non-positive number \"%ld\" for config option -%s\n", - num, opt->name); + num, opt->name); return -1; } if (opt->valtype == 'N' && num < 0) { opt_printf_stderr("Negative number \"%ld\" for config option -%s\n", - num, opt->name); + num, opt->name); return -1; } break; @@ -2248,7 +2292,7 @@ break; default: CMP_err2("internal: unsupported type '%c' for option '%s'", - opt->valtype, opt->name); + opt->valtype, opt->name); return 0; break; } @@ -2272,10 +2316,10 @@ (void)opt_init(conf_argc, conf_argv, cmp_options); if (provider_option - ? !opt_provider(opt_next()) - : !opt_verify(opt_next(), vpm)) { + ? !opt_provider(opt_next()) + : !opt_verify(opt_next(), vpm)) { CMP_err2("for option '%s' in config file section '%s'", - opt->name, opt_section); + opt->name, opt_section); return 0; } } @@ -2287,8 +2331,8 @@ case 'N': if (num < INT_MIN || INT_MAX < num) { BIO_printf(bio_err, - "integer value out of range for option '%s'\n", - opt->name); + "integer value out of range for option '%s'\n", + opt->name); return 0; } *cmp_vars[i].num = (int)num; @@ -2314,7 +2358,7 @@ if (arg[0] == '\0') { CMP_warn1("%s option argument is empty string, resetting option", - opt_flag()); + opt_flag()); arg = NULL; } else if (arg[0] == '-') { CMP_warn1("%s option argument starts with hyphen", opt_flag()); @@ -2333,7 +2377,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); return 0; case OPT_HELP: @@ -2506,7 +2550,7 @@ case OPT_POPO: opt_popo = opt_int_arg(); if (opt_popo < OSSL_CRMF_POPO_NONE - || opt_popo > OSSL_CRMF_POPO_KEYENC) { + || opt_popo > OSSL_CRMF_POPO_KEYENC) { CMP_err("invalid popo spec. Valid values are -1 .. 2"); goto opthelp; } @@ -2534,9 +2578,9 @@ break; case OPT_REVREASON: opt_revreason = opt_int_arg(); - if (opt_revreason < CRL_REASON_NONE - || opt_revreason > CRL_REASON_AA_COMPROMISE - || opt_revreason == 7) { + if (opt_revreason < CRL_REASON_NONE + || opt_revreason > CRL_REASON_AA_COMPROMISE + || opt_revreason == 7) { CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10"); goto opthelp; } @@ -2678,7 +2722,8 @@ } #ifndef OPENSSL_NO_SOCK -static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) { +static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) +{ BIO *acbio; BIO *cbio = NULL; int keep_alive = 0; @@ -2694,9 +2739,9 @@ OSSL_CMP_MSG *resp = NULL; ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG), - (ASN1_VALUE **)&req, &path, - &cbio, acbio, &keep_alive, - prog, opt_port, 0, 0); + (ASN1_VALUE **)&req, &path, + &cbio, acbio, &keep_alive, + prog, opt_port, 0, 0); if (ret == 0) { /* no request yet */ if (retry) { ossl_sleep(1000); @@ -2715,7 +2760,7 @@ if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) { (void)http_server_send_status(cbio, 404, "Not Found"); CMP_err1("expecting empty path or 'pkix/' but got '%s'", - path); + path); OPENSSL_free(path); OSSL_CMP_MSG_free(req); goto next; @@ -2725,13 +2770,13 @@ OSSL_CMP_MSG_free(req); if (resp == NULL) { (void)http_server_send_status(cbio, - 500, "Internal Server Error"); + 500, "Internal Server Error"); break; /* treated as fatal error */ } ret = http_server_send_asn1_resp(cbio, keep_alive, - "application/pkixcmp", - ASN1_ITEM_rptr(OSSL_CMP_MSG), - (const ASN1_VALUE *)resp); + "application/pkixcmp", + ASN1_ITEM_rptr(OSSL_CMP_MSG), + (const ASN1_VALUE *)resp); OSSL_CMP_MSG_free(resp); if (!ret) break; /* treated as fatal error */ @@ -2760,8 +2805,7 @@ /* print PKIStatusInfo */ int status = OSSL_CMP_CTX_get_status(cmp_ctx); char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf"); - const char *string = - OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN); + const char *string = OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN); const char *from = "", *server = ""; #ifndef OPENSSL_NO_SOCK @@ -2771,16 +2815,17 @@ } #endif CMP_print(bio_err, - status == OSSL_CMP_PKISTATUS_accepted - ? OSSL_CMP_LOG_INFO : - status == OSSL_CMP_PKISTATUS_rejection - || status == OSSL_CMP_PKISTATUS_waiting - ? OSSL_CMP_LOG_ERR : OSSL_CMP_LOG_WARNING, - status == OSSL_CMP_PKISTATUS_accepted ? "info" : - status == OSSL_CMP_PKISTATUS_rejection ? "server error" : - status == OSSL_CMP_PKISTATUS_waiting ? "internal error" - : "warning", "received%s%s %s", from, server, - string != NULL ? string : ""); + status == OSSL_CMP_PKISTATUS_accepted + ? OSSL_CMP_LOG_INFO + : status == OSSL_CMP_PKISTATUS_rejection + || status == OSSL_CMP_PKISTATUS_waiting + ? OSSL_CMP_LOG_ERR + : OSSL_CMP_LOG_WARNING, + status == OSSL_CMP_PKISTATUS_accepted ? "info" : status == OSSL_CMP_PKISTATUS_rejection ? "server error" + : status == OSSL_CMP_PKISTATUS_waiting ? "internal error" + : "warning", + "received%s%s %s", from, server, + string != NULL ? string : ""); OPENSSL_free(buf); } @@ -2808,11 +2853,12 @@ if (!strcmp(argv[i] + 1, cmp_options[OPT_CONFIG - OPT_HELP].name)) opt_config = argv[++i]; else if (!strcmp(argv[i] + 1, - cmp_options[OPT_SECTION - OPT_HELP].name)) + cmp_options[OPT_SECTION - OPT_HELP].name)) opt_section = argv[++i]; else if (strcmp(argv[i] + 1, - cmp_options[OPT_VERBOSITY - OPT_HELP].name) == 0 - && !set_verbosity(atoi(argv[++i]))) + cmp_options[OPT_VERBOSITY - OPT_HELP].name) + == 0 + && !set_verbosity(atoi(argv[++i]))) goto err; } } @@ -2828,9 +2874,9 @@ /* read default values for options from config file */ configfile = opt_config != NULL ? opt_config : default_config_file; if (configfile != NULL && configfile[0] != '\0' /* non-empty string */ - && (configfile != default_config_file || access(configfile, F_OK) != -1)) { + && (configfile != default_config_file || access(configfile, F_OK) != -1)) { CMP_info2("using section(s) '%s' of OpenSSL configuration file '%s'", - opt_section, configfile); + opt_section, configfile); conf = app_load_config(configfile); if (conf == NULL) { goto err; @@ -2839,13 +2885,13 @@ if (!NCONF_get_section(conf, opt_section)) CMP_info2("no [%s] section found in config file '%s';" " will thus use just [default] and unnamed section if present", - opt_section, configfile); + opt_section, configfile); } else { const char *end = opt_section + strlen(opt_section); while ((end = prev_item(opt_section, end)) != NULL) { if (!NCONF_get_section(conf, opt_item)) { CMP_err2("no [%s] section found in config file '%s'", - opt_item, configfile); + opt_item, configfile); goto err; } } @@ -2891,10 +2937,10 @@ #ifndef OPENSSL_NO_SOCK if ((opt_tls_cert != NULL || opt_tls_key != NULL - || opt_tls_keypass != NULL || opt_tls_extra != NULL - || opt_tls_trusted != NULL || opt_tls_host != NULL) - && !opt_tls_used) - CMP_warn("Ingnoring TLS options(s) since -tls_used is not given"); + || opt_tls_keypass != NULL || opt_tls_extra != NULL + || opt_tls_trusted != NULL || opt_tls_host != NULL) + && !opt_tls_used) + CMP_warn("Ignoring TLS options(s) since -tls_used is not given"); if (opt_port != NULL) { if (opt_tls_used) { CMP_err("-tls_used option not supported with -port option"); @@ -2923,7 +2969,7 @@ #ifndef OPENSSL_NO_SOCK || opt_port != NULL #endif - ) { + ) { OSSL_CMP_SRV_CTX *srv_ctx; if ((srv_ctx = setup_srv_ctx(engine)) == NULL) @@ -2988,25 +3034,23 @@ case CMP_RR: ret = OSSL_CMP_exec_RR_ses(cmp_ctx); break; - case CMP_GENM: - { - STACK_OF(OSSL_CMP_ITAV) *itavs; + case CMP_GENM: { + STACK_OF(OSSL_CMP_ITAV) *itavs; - if (opt_infotype != NID_undef) { - OSSL_CMP_ITAV *itav = - OSSL_CMP_ITAV_create(OBJ_nid2obj(opt_infotype), NULL); - if (itav == NULL) - goto err; - OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); - } + if (opt_infotype != NID_undef) { + OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(opt_infotype), NULL); + if (itav == NULL) + goto err; + OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); + } - if ((itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx)) != NULL) { - print_itavs(itavs); - sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); - ret = 1; - } - break; + if ((itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx)) != NULL) { + print_itavs(itavs); + sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); + ret = 1; } + break; + } default: break; } @@ -3015,13 +3059,15 @@ print_status(); if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx), - opt_extracertsout, "extra") < 0) + opt_extracertsout, "extra") + < 0) ret = 0; if (!ret) goto err; ret = 0; if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_caPubs(cmp_ctx), - opt_cacertsout, "CA") < 0) + opt_cacertsout, "CA") + < 0) goto err; if (newcert != NULL) { STACK_OF(X509) *certs = sk_X509_new_null(); @@ -3034,7 +3080,8 @@ goto err; } if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_newChain(cmp_ctx), - opt_chainout, "chain") < 0) + opt_chainout, "chain") + < 0) goto err; if (!OSSL_CMP_CTX_reinit(cmp_ctx)) @@ -3042,7 +3089,7 @@ } ret = 1; - err: +err: /* in case we ended up here on error without proper cleaning */ cleanse(opt_keypass); cleanse(opt_newkeypass); --- crypto/openssl/apps/cms.c.orig +++ crypto/openssl/apps/cms.c @@ -24,31 +24,30 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int cms_cb(int ok, X509_STORE_CTX *ctx); static void receipt_request_print(CMS_ContentInfo *cms); -static CMS_ReceiptRequest -*make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from); +static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, + STACK_OF(OPENSSL_STRING) *rr_from); static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, - STACK_OF(OPENSSL_STRING) *param); - -#define SMIME_OP 0x100 -#define SMIME_IP 0x200 -#define SMIME_SIGNERS 0x400 -#define SMIME_ENCRYPT (1 | SMIME_OP) -#define SMIME_DECRYPT (2 | SMIME_IP) -#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) -#define SMIME_VERIFY (4 | SMIME_IP) -#define SMIME_RESIGN (5 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) -#define SMIME_SIGN_RECEIPT (6 | SMIME_IP | SMIME_OP) -#define SMIME_VERIFY_RECEIPT (7 | SMIME_IP) -#define SMIME_DIGEST_CREATE (8 | SMIME_OP) -#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) -#define SMIME_COMPRESS (10 | SMIME_OP) -#define SMIME_UNCOMPRESS (11 | SMIME_IP) + STACK_OF(OPENSSL_STRING) *param); + +#define SMIME_OP 0x100 +#define SMIME_IP 0x200 +#define SMIME_SIGNERS 0x400 +#define SMIME_ENCRYPT (1 | SMIME_OP) +#define SMIME_DECRYPT (2 | SMIME_IP) +#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) +#define SMIME_VERIFY (4 | SMIME_IP) +#define SMIME_RESIGN (5 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) +#define SMIME_SIGN_RECEIPT (6 | SMIME_IP | SMIME_OP) +#define SMIME_VERIFY_RECEIPT (7 | SMIME_IP) +#define SMIME_DIGEST_CREATE (8 | SMIME_OP) +#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) +#define SMIME_COMPRESS (10 | SMIME_OP) +#define SMIME_UNCOMPRESS (11 | SMIME_IP) #define SMIME_ENCRYPTED_ENCRYPT (12 | SMIME_OP) #define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) -#define SMIME_DATA_CREATE (14 | SMIME_OP) -#define SMIME_DATA_OUT (15 | SMIME_IP) -#define SMIME_CMSOUT (16 | SMIME_IP | SMIME_OP) +#define SMIME_DATA_CREATE (14 | SMIME_OP) +#define SMIME_DATA_OUT (15 | SMIME_IP) +#define SMIME_CMSOUT (16 | SMIME_IP | SMIME_OP) static int verify_err = 0; @@ -62,184 +61,244 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT, - OPT_DECRYPT, OPT_SIGN, OPT_CADES, OPT_SIGN_RECEIPT, OPT_RESIGN, - OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT, - OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY, - OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS, - OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT, - OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS, - OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID, - OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF, - OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, - OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, - OPT_CAPATH, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, - OPT_CONTENT, OPT_PRINT, OPT_NAMEOPT, - OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, - OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, - OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM, - OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP, - OPT_3DES_WRAP, OPT_WRAP, OPT_ENGINE, + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_ENCRYPT, + OPT_DECRYPT, + OPT_SIGN, + OPT_CADES, + OPT_SIGN_RECEIPT, + OPT_RESIGN, + OPT_VERIFY, + OPT_VERIFY_RETCODE, + OPT_VERIFY_RECEIPT, + OPT_CMSOUT, + OPT_DATA_OUT, + OPT_DATA_CREATE, + OPT_DIGEST_VERIFY, + OPT_DIGEST_CREATE, + OPT_COMPRESS, + OPT_UNCOMPRESS, + OPT_ED_DECRYPT, + OPT_ED_ENCRYPT, + OPT_DEBUG_DECRYPT, + OPT_TEXT, + OPT_ASCIICRLF, + OPT_NOINTERN, + OPT_NOVERIFY, + OPT_NOCERTS, + OPT_NOATTR, + OPT_NODETACH, + OPT_NOSMIMECAP, + OPT_BINARY, + OPT_KEYID, + OPT_NOSIGS, + OPT_NO_CONTENT_VERIFY, + OPT_NO_ATTR_VERIFY, + OPT_INDEF, + OPT_NOINDEF, + OPT_CRLFEOL, + OPT_NOOUT, + OPT_RR_PRINT, + OPT_RR_ALL, + OPT_RR_FIRST, + OPT_RCTFORM, + OPT_CERTFILE, + OPT_CAFILE, + OPT_CAPATH, + OPT_CASTORE, + OPT_NOCAPATH, + OPT_NOCAFILE, + OPT_NOCASTORE, + OPT_CONTENT, + OPT_PRINT, + OPT_NAMEOPT, + OPT_SECRETKEY, + OPT_SECRETKEYID, + OPT_PWRI_PASSWORD, + OPT_ECONTENT_TYPE, + OPT_PASSIN, + OPT_TO, + OPT_FROM, + OPT_SUBJECT, + OPT_SIGNER, + OPT_RECIP, + OPT_CERTSOUT, + OPT_MD, + OPT_INKEY, + OPT_KEYFORM, + OPT_KEYOPT, + OPT_RR_FROM, + OPT_RR_TO, + OPT_AES128_WRAP, + OPT_AES192_WRAP, + OPT_AES256_WRAP, + OPT_3DES_WRAP, + OPT_WRAP, + OPT_ENGINE, OPT_R_ENUM, - OPT_PROV_ENUM, OPT_CONFIG, + OPT_PROV_ENUM, + OPT_CONFIG, OPT_V_ENUM, OPT_CIPHER, OPT_ORIGINATOR } OPTION_CHOICE; const OPTIONS cms_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"}, - {"help", OPT_HELP, '-', "Display this summary"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n" }, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("General"), - {"in", OPT_IN, '<', "Input file"}, - {"out", OPT_OUT, '>', "Output file"}, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, OPT_CONFIG_OPTION, OPT_SECTION("Operation"), - {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, - {"sign", OPT_SIGN, '-', "Sign message"}, - {"verify", OPT_VERIFY, '-', "Verify signed message"}, - {"resign", OPT_RESIGN, '-', "Resign a signed message"}, - {"sign_receipt", OPT_SIGN_RECEIPT, '-', - "Generate a signed receipt for a message"}, - {"verify_receipt", OPT_VERIFY_RECEIPT, '<', - "Verify receipts; exit if receipt signatures do not verify"}, - {"digest_create", OPT_DIGEST_CREATE, '-', - "Create a CMS \"DigestedData\" object"}, - {"digest_verify", OPT_DIGEST_VERIFY, '-', - "Verify a CMS \"DigestedData\" object and output it"}, - {"compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object"}, - {"uncompress", OPT_UNCOMPRESS, '-', - "Uncompress a CMS \"CompressedData\" object"}, - {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-', - "Create CMS \"EncryptedData\" object using symmetric key"}, - {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-', - "Decrypt CMS \"EncryptedData\" object using symmetric key"}, - {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"}, - {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"}, - {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"}, + { "encrypt", OPT_ENCRYPT, '-', "Encrypt message" }, + { "decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message" }, + { "sign", OPT_SIGN, '-', "Sign message" }, + { "verify", OPT_VERIFY, '-', "Verify signed message" }, + { "resign", OPT_RESIGN, '-', "Resign a signed message" }, + { "sign_receipt", OPT_SIGN_RECEIPT, '-', + "Generate a signed receipt for a message" }, + { "verify_receipt", OPT_VERIFY_RECEIPT, '<', + "Verify receipts; exit if receipt signatures do not verify" }, + { "digest_create", OPT_DIGEST_CREATE, '-', + "Create a CMS \"DigestedData\" object" }, + { "digest_verify", OPT_DIGEST_VERIFY, '-', + "Verify a CMS \"DigestedData\" object and output it" }, + { "compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object" }, + { "uncompress", OPT_UNCOMPRESS, '-', + "Uncompress a CMS \"CompressedData\" object" }, + { "EncryptedData_encrypt", OPT_ED_ENCRYPT, '-', + "Create CMS \"EncryptedData\" object using symmetric key" }, + { "EncryptedData_decrypt", OPT_ED_DECRYPT, '-', + "Decrypt CMS \"EncryptedData\" object using symmetric key" }, + { "data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object" }, + { "data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output" }, + { "cmsout", OPT_CMSOUT, '-', "Output CMS structure" }, OPT_SECTION("File format"), - {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"}, - {"outform", OPT_OUTFORM, 'c', - "Output format SMIME (default), PEM or DER"}, - {"rctform", OPT_RCTFORM, 'F', "Receipt file format"}, - {"stream", OPT_INDEF, '-', "Enable CMS streaming"}, - {"indef", OPT_INDEF, '-', "Same as -stream"}, - {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, - {"binary", OPT_BINARY, '-', - "Treat input as binary: do not translate to canonical form"}, - {"crlfeol", OPT_CRLFEOL, '-', - "Use CRLF as EOL termination instead of LF only" }, - {"asciicrlf", OPT_ASCIICRLF, '-', - "Perform CRLF canonicalisation when signing"}, + { "inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER" }, + { "outform", OPT_OUTFORM, 'c', + "Output format SMIME (default), PEM or DER" }, + { "rctform", OPT_RCTFORM, 'F', "Receipt file format" }, + { "stream", OPT_INDEF, '-', "Enable CMS streaming" }, + { "indef", OPT_INDEF, '-', "Same as -stream" }, + { "noindef", OPT_NOINDEF, '-', "Disable CMS streaming" }, + { "binary", OPT_BINARY, '-', + "Treat input as binary: do not translate to canonical form" }, + { "crlfeol", OPT_CRLFEOL, '-', + "Use CRLF as EOL termination instead of LF only" }, + { "asciicrlf", OPT_ASCIICRLF, '-', + "Perform CRLF canonicalisation when signing" }, OPT_SECTION("Keys and passwords"), - {"pwri_password", OPT_PWRI_PASSWORD, 's', - "Specific password for recipient"}, - {"secretkey", OPT_SECRETKEY, 's', - "Use specified hex-encoded key to decrypt/encrypt recipients or content"}, - {"secretkeyid", OPT_SECRETKEYID, 's', - "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"}, - {"inkey", OPT_INKEY, 's', - "Input private key (if not signer or recipient)"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, - {"keyform", OPT_KEYFORM, 'f', - "Input private key format (ENGINE, other values ignored)"}, + { "pwri_password", OPT_PWRI_PASSWORD, 's', + "Specific password for recipient" }, + { "secretkey", OPT_SECRETKEY, 's', + "Use specified hex-encoded key to decrypt/encrypt recipients or content" }, + { "secretkeyid", OPT_SECRETKEYID, 's', + "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object" }, + { "inkey", OPT_INKEY, 's', + "Input private key (if not signer or recipient)" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs" }, + { "keyform", OPT_KEYFORM, 'f', + "Input private key format (ENGINE, other values ignored)" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif OPT_PROV_OPTIONS, OPT_R_OPTIONS, OPT_SECTION("Encryption and decryption"), - {"originator", OPT_ORIGINATOR, 's', "Originator certificate file"}, - {"recip", OPT_RECIP, '<', "Recipient cert file"}, - {"cert...", OPT_PARAM, '.', - "Recipient certs (optional; used only when encrypting)"}, - {"", OPT_CIPHER, '-', - "The encryption algorithm to use (any supported cipher)"}, - {"wrap", OPT_WRAP, 's', - "Key wrap algorithm to use when encrypting with key agreement"}, - {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, - {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, - {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"}, - {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"}, - {"debug_decrypt", OPT_DEBUG_DECRYPT, '-', - "Disable MMA protection, return error if no recipient found (see doc)"}, + { "originator", OPT_ORIGINATOR, 's', "Originator certificate file" }, + { "recip", OPT_RECIP, '<', "Recipient cert file" }, + { "cert...", OPT_PARAM, '.', + "Recipient certs (optional; used only when encrypting)" }, + { "", OPT_CIPHER, '-', + "The encryption algorithm to use (any supported cipher)" }, + { "wrap", OPT_WRAP, 's', + "Key wrap algorithm to use when encrypting with key agreement" }, + { "aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key" }, + { "aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key" }, + { "aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key" }, + { "des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key" }, + { "debug_decrypt", OPT_DEBUG_DECRYPT, '-', + "Disable MMA protection, return error if no recipient found (see doc)" }, OPT_SECTION("Signing"), - {"md", OPT_MD, 's', "Digest algorithm to use"}, - {"signer", OPT_SIGNER, 's', "Signer certificate input file"}, - {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, - {"cades", OPT_CADES, '-', - "Include signingCertificate attribute (CAdES-BES)"}, - {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, - {"nocerts", OPT_NOCERTS, '-', - "Don't include signer's certificate when signing"}, - {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, - {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, - {"receipt_request_all", OPT_RR_ALL, '-', - "When signing, create a receipt request for all recipients"}, - {"receipt_request_first", OPT_RR_FIRST, '-', - "When signing, create a receipt request for first recipient"}, - {"receipt_request_from", OPT_RR_FROM, 's', - "Create signed receipt request with specified email address"}, - {"receipt_request_to", OPT_RR_TO, 's', - "Create signed receipt targeted to specified address"}, + { "md", OPT_MD, 's', "Digest algorithm to use" }, + { "signer", OPT_SIGNER, 's', "Signer certificate input file" }, + { "certfile", OPT_CERTFILE, '<', "Other certificates file" }, + { "cades", OPT_CADES, '-', + "Include signingCertificate attribute (CAdES-BES)" }, + { "nodetach", OPT_NODETACH, '-', "Use opaque signing" }, + { "nocerts", OPT_NOCERTS, '-', + "Don't include signer's certificate when signing" }, + { "noattr", OPT_NOATTR, '-', "Don't include any signed attributes" }, + { "nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute" }, + { "receipt_request_all", OPT_RR_ALL, '-', + "When signing, create a receipt request for all recipients" }, + { "receipt_request_first", OPT_RR_FIRST, '-', + "When signing, create a receipt request for first recipient" }, + { "receipt_request_from", OPT_RR_FROM, 's', + "Create signed receipt request with specified email address" }, + { "receipt_request_to", OPT_RR_TO, 's', + "Create signed receipt targeted to specified address" }, OPT_SECTION("Verification"), - {"signer", OPT_DUP, 's', "Signer certificate(s) output file"}, - {"content", OPT_CONTENT, '<', - "Supply or override content for detached signature"}, - {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-', - "Do not verify signed content signatures"}, - {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-', - "Do not verify signed attribute signatures"}, - {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, - {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"}, - {"nointern", OPT_NOINTERN, '-', - "Don't search certificates in message for signer"}, - {"cades", OPT_DUP, '-', "Check signingCertificate (CAdES-BES)"}, - {"verify_retcode", OPT_VERIFY_RETCODE, '-', - "Exit non-zero on verification failure"}, - {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, - {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"}, - {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, + { "signer", OPT_DUP, 's', "Signer certificate(s) output file" }, + { "content", OPT_CONTENT, '<', + "Supply or override content for detached signature" }, + { "no_content_verify", OPT_NO_CONTENT_VERIFY, '-', + "Do not verify signed content signatures" }, + { "no_attr_verify", OPT_NO_ATTR_VERIFY, '-', + "Do not verify signed attribute signatures" }, + { "nosigs", OPT_NOSIGS, '-', "Don't verify message signature" }, + { "noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate" }, + { "nointern", OPT_NOINTERN, '-', + "Don't search certificates in message for signer" }, + { "cades", OPT_DUP, '-', "Check signingCertificate (CAdES-BES)" }, + { "verify_retcode", OPT_VERIFY_RETCODE, '-', + "Exit non-zero on verification failure" }, + { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" }, + { "CApath", OPT_CAPATH, '/', "Trusted certificates directory" }, + { "CAstore", OPT_CASTORE, ':', "Trusted certificates store URI" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store" }, OPT_SECTION("Output"), - {"keyid", OPT_KEYID, '-', "Use subject key identifier"}, - {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"}, - {"text", OPT_TEXT, '-', "Include or delete text MIME headers"}, - {"certsout", OPT_CERTSOUT, '>', "Certificate output file"}, - {"to", OPT_TO, 's', "To address"}, - {"from", OPT_FROM, 's', "From address"}, - {"subject", OPT_SUBJECT, 's', "Subject"}, + { "keyid", OPT_KEYID, '-', "Use subject key identifier" }, + { "econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content" }, + { "text", OPT_TEXT, '-', "Include or delete text MIME headers" }, + { "certsout", OPT_CERTSOUT, '>', "Certificate output file" }, + { "to", OPT_TO, 's', "To address" }, + { "from", OPT_FROM, 's', "From address" }, + { "subject", OPT_SUBJECT, 's', "Subject" }, OPT_SECTION("Printing"), - {"noout", OPT_NOOUT, '-', - "For the -cmsout operation do not output the parsed CMS structure"}, - {"print", OPT_PRINT, '-', - "For the -cmsout operation print out all fields of the CMS structure"}, - {"nameopt", OPT_NAMEOPT, 's', - "For the -print option specifies various strings printing options"}, - {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, + { "noout", OPT_NOOUT, '-', + "For the -cmsout operation do not output the parsed CMS structure" }, + { "print", OPT_PRINT, '-', + "For the -cmsout operation print out all fields of the CMS structure" }, + { "nameopt", OPT_NAMEOPT, 's', + "For the -print option specifies various strings printing options" }, + { "receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, OPT_V_OPTIONS, - {NULL} + { NULL } }; static CMS_ContentInfo *load_content_info(int informat, BIO *in, int flags, - BIO **indata, const char *name) + BIO **indata, const char *name) { CMS_ContentInfo *ret, *ci; @@ -267,7 +326,7 @@ goto err; } return ret; - err: +err: CMS_ContentInfo_free(ret); return NULL; } @@ -319,7 +378,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -460,7 +519,7 @@ break; case OPT_RCTFORM: if (!opt_format(opt_arg(), - OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat)) + OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat)) goto opthelp; break; case OPT_CERTFILE: @@ -514,7 +573,7 @@ case OPT_SECRETKEY: if (secret_key != NULL) { BIO_printf(bio_err, "Invalid key (supplied twice) %s\n", - opt_arg()); + opt_arg()); goto opthelp; } secret_key = OPENSSL_hexstr2buf(opt_arg(), <mp); @@ -527,7 +586,7 @@ case OPT_SECRETKEYID: if (secret_keyid != NULL) { BIO_printf(bio_err, "Invalid id (supplied twice) %s\n", - opt_arg()); + opt_arg()); goto opthelp; } secret_keyid = OPENSSL_hexstr2buf(opt_arg(), <mp); @@ -543,7 +602,7 @@ case OPT_ECONTENT_TYPE: if (econtent_type != NULL) { BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n", - opt_arg()); + opt_arg()); goto opthelp; } econtent_type = OBJ_txt2obj(opt_arg(), 0); @@ -623,7 +682,7 @@ case OPT_RECIP: if (operation == SMIME_ENCRYPT) { cert = load_cert(opt_arg(), FORMAT_UNDEF, - "recipient certificate file"); + "recipient certificate file"); if (cert == NULL) goto end; if (!sk_X509_push(encerts, cert)) @@ -735,13 +794,13 @@ if ((flags & CMS_CADES) != 0) { if ((flags & CMS_NOATTR) != 0) { BIO_puts(bio_err, "Incompatible options: " - "CAdES requires signed attributes\n"); + "CAdES requires signed attributes\n"); goto opthelp; } if (operation == SMIME_VERIFY - && (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY)) != 0) { + && (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY)) != 0) { BIO_puts(bio_err, "Incompatible options: CAdES validation requires" - " certs and signed attributes validations\n"); + " certs and signed attributes validations\n"); goto opthelp; } } @@ -775,7 +834,7 @@ if (recipfile == NULL && keyfile == NULL && secret_key == NULL && pwri_pass == NULL) { BIO_printf(bio_err, - "No recipient certificate or key specified\n"); + "No recipient certificate or key specified\n"); goto opthelp; } } else if (operation == SMIME_ENCRYPT) { @@ -799,16 +858,16 @@ if ((operation & SMIME_SIGNERS) == 0) { if ((flags & CMS_DETACHED) == 0) BIO_printf(bio_err, - "Warning: -nodetach option is ignored for non-signing operation\n"); + "Warning: -nodetach option is ignored for non-signing operation\n"); flags &= ~CMS_DETACHED; } if ((operation & SMIME_IP) == 0 && contfile != NULL) BIO_printf(bio_err, - "Warning: -contfile option is ignored for the given operation\n"); + "Warning: -contfile option is ignored for the given operation\n"); if (operation != SMIME_ENCRYPT && *argv != NULL) BIO_printf(bio_err, - "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n"); + "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n"); if ((flags & CMS_BINARY) != 0) { if (!(operation & SMIME_OP)) @@ -838,7 +897,7 @@ for (; *argv != NULL; argv++) { cert = load_cert(*argv, FORMAT_UNDEF, - "recipient certificate file"); + "recipient certificate file"); if (cert == NULL) goto end; if (!sk_X509_push(encerts, cert)) @@ -856,7 +915,8 @@ if (recipfile != NULL && (operation == SMIME_DECRYPT)) { if ((recip = load_cert(recipfile, FORMAT_UNDEF, - "recipient certificate file")) == NULL) { + "recipient certificate file")) + == NULL) { ERR_print_errors(bio_err); goto end; } @@ -864,7 +924,8 @@ if (originatorfile != NULL) { if ((originator = load_cert(originatorfile, FORMAT_UNDEF, - "originator certificate file")) == NULL) { + "originator certificate file")) + == NULL) { ERR_print_errors(bio_err); goto end; } @@ -872,7 +933,8 @@ if (operation == SMIME_SIGN_RECEIPT) { if ((signer = load_cert(signerfile, FORMAT_UNDEF, - "receipt signer certificate file")) == NULL) { + "receipt signer certificate file")) + == NULL) { ERR_print_errors(bio_err); goto end; } @@ -895,7 +957,7 @@ } in = bio_open_default(infile, 'r', - binary_files ? FORMAT_BINARY : informat); + binary_files ? FORMAT_BINARY : informat); if (in == NULL) goto end; @@ -915,7 +977,7 @@ allcerts = CMS_get1_certs(cms); if (!save_certs(certsoutfile, allcerts)) { BIO_printf(bio_err, - "Error writing certs to %s\n", certsoutfile); + "Error writing certs to %s\n", certsoutfile); ret = 5; goto end; } @@ -937,13 +999,14 @@ } out = bio_open_default(outfile, 'w', - binary_files ? FORMAT_BINARY : outformat); + binary_files ? FORMAT_BINARY : outformat); if (out == NULL) goto end; if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) { if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) == NULL) + CAstore, noCAstore)) + == NULL) goto end; X509_STORE_set_verify_cb(store, cms_cb); if (vpmtouched) @@ -983,19 +1046,19 @@ goto end; pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (kparam != NULL) { + if (pctx != NULL && kparam != NULL) { if (!cms_set_pkey_param(pctx, kparam->param)) goto end; } res = EVP_PKEY_CTX_ctrl(pctx, -1, -1, - EVP_PKEY_CTRL_CIPHER, - EVP_CIPHER_get_nid(cipher), NULL); + EVP_PKEY_CTRL_CIPHER, + EVP_CIPHER_get_nid(cipher), NULL); if (res <= 0 && res != -2) goto end; if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE - && wrap_cipher != NULL) { + && wrap_cipher != NULL) { EVP_CIPHER_CTX *wctx; wctx = CMS_RecipientInfo_kari_get0_ctx(ri); EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL); @@ -1004,9 +1067,9 @@ if (secret_key != NULL) { if (!CMS_add0_recipient_key(cms, NID_undef, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen, - NULL, NULL, NULL)) + secret_key, secret_keylen, + secret_keyid, secret_keyidlen, + NULL, NULL, NULL)) goto end; /* NULL these because call absorbs them */ secret_key = NULL; @@ -1017,8 +1080,9 @@ if (pwri_tmp == NULL) goto end; if (CMS_add0_recipient_password(cms, - -1, NID_undef, NID_undef, - pwri_tmp, -1, NULL) == NULL) + -1, NID_undef, NID_undef, + pwri_tmp, -1, NULL) + == NULL) goto end; pwri_tmp = NULL; } @@ -1026,7 +1090,7 @@ if (!CMS_final(cms, in, NULL, flags)) { if (originator != NULL && ERR_GET_REASON(ERR_peek_error()) - == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) { + == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) { BIO_printf(bio_err, "Cannot use originator for encryption\n"); goto end; } @@ -1035,7 +1099,7 @@ } } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key, - secret_keylen, flags, libctx, app_get0_propq()); + secret_keylen, flags, libctx, app_get0_propq()); } else if (operation == SMIME_SIGN_RECEIPT) { CMS_ContentInfo *srcms = NULL; @@ -1137,8 +1201,8 @@ if (secret_key != NULL) { if (!CMS_decrypt_set1_key(cms, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen)) { + secret_key, secret_keylen, + secret_keyid, secret_keyidlen)) { BIO_puts(bio_err, "Error decrypting CMS using secret key\n"); goto end; } @@ -1177,15 +1241,15 @@ } } else if (operation == SMIME_ENCRYPTED_DECRYPT) { if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, - indata, out, flags)) + indata, out, flags)) goto end; } else if (operation == SMIME_VERIFY) { if (CMS_verify(cms, other, store, indata, out, flags) > 0) { BIO_printf(bio_err, "%s Verification successful\n", - (flags & CMS_CADES) != 0 ? "CAdES" : "CMS"); + (flags & CMS_CADES) != 0 ? "CAdES" : "CMS"); } else { BIO_printf(bio_err, "%s Verification failure\n", - (flags & CMS_CADES) != 0 ? "CAdES" : "CMS"); + (flags & CMS_CADES) != 0 ? "CAdES" : "CMS"); if (verify_retcode) ret = verify_err + 32; goto end; @@ -1195,7 +1259,7 @@ if (!save_certs(signerfile, signers)) { BIO_printf(bio_err, - "Error writing signers to %s\n", signerfile); + "Error writing signers to %s\n", signerfile); ret = 5; goto end; } @@ -1246,12 +1310,13 @@ goto end; } if (ret <= 0) { + BIO_printf(bio_err, "Error writing CMS output\n"); ret = 6; goto end; } } ret = 0; - end: +end: if (ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); @@ -1326,7 +1391,6 @@ policies_print(ctx); return ok; - } static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns) @@ -1370,7 +1434,7 @@ const char *id; int idlen; CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, - &rlist, &rto); + &rlist, &rto); BIO_puts(bio_err, " Signed Content ID:\n"); idlen = ASN1_STRING_length(scid); id = (const char *)ASN1_STRING_get0_data(scid); @@ -1420,16 +1484,15 @@ return ret; - err: +err: sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); GENERAL_NAMES_free(gens); GENERAL_NAME_free(gen); return NULL; } -static CMS_ReceiptRequest -*make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from) +static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, + STACK_OF(OPENSSL_STRING) *rr_from) { STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL; CMS_ReceiptRequest *rr; @@ -1445,18 +1508,18 @@ rct_from = NULL; } rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from, - rct_to, app_get0_libctx()); + rct_to, app_get0_libctx()); if (rr == NULL) goto err; return rr; - err: +err: sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free); sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free); return NULL; } static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, - STACK_OF(OPENSSL_STRING) *param) + STACK_OF(OPENSSL_STRING) *param) { char *keyopt; int i; --- crypto/openssl/apps/crl.c.orig +++ crypto/openssl/apps/crl.c @@ -20,58 +20,81 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY, - OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT, - OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_DATEOPT, OPT_TEXT, OPT_HASH, - OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD, OPT_PROV_ENUM + OPT_INFORM, + OPT_IN, + OPT_OUTFORM, + OPT_OUT, + OPT_KEYFORM, + OPT_KEY, + OPT_ISSUER, + OPT_LASTUPDATE, + OPT_NEXTUPDATE, + OPT_FINGERPRINT, + OPT_CRLNUMBER, + OPT_BADSIG, + OPT_GENDELTA, + OPT_CAPATH, + OPT_CAFILE, + OPT_CASTORE, + OPT_NOCAPATH, + OPT_NOCAFILE, + OPT_NOCASTORE, + OPT_VERIFY, + OPT_DATEOPT, + OPT_TEXT, + OPT_HASH, + OPT_HASH_OLD, + OPT_NOOUT, + OPT_NAMEOPT, + OPT_MD, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS crl_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"verify", OPT_VERIFY, '-', "Verify CRL signature"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "verify", OPT_VERIFY, '-', "Verify CRL signature" }, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file - default stdin"}, - {"inform", OPT_INFORM, 'F', "CRL input format (DER or PEM); has no effect"}, - {"key", OPT_KEY, '<', "CRL signing Private key to use"}, - {"keyform", OPT_KEYFORM, 'F', "Private key file format (DER/PEM/P12); has no effect"}, + { "in", OPT_IN, '<', "Input file - default stdin" }, + { "inform", OPT_INFORM, 'F', "CRL input format (DER or PEM); has no effect" }, + { "key", OPT_KEY, '<', "CRL signing Private key to use" }, + { "keyform", OPT_KEYFORM, 'F', "Private key file format (DER/PEM/P12); has no effect" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "output file - default stdout"}, - {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, - {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, - {"text", OPT_TEXT, '-', "Print out a text format version"}, - {"hash", OPT_HASH, '-', "Print hash value"}, + { "out", OPT_OUT, '>', "output file - default stdout" }, + { "outform", OPT_OUTFORM, 'F', "Output format - default PEM" }, + { "dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822." }, + { "text", OPT_TEXT, '-', "Print out a text format version" }, + { "hash", OPT_HASH, '-', "Print hash value" }, #ifndef OPENSSL_NO_MD5 - {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"}, + { "hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value" }, #endif - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"", OPT_MD, '-', "Any supported digest"}, + { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" }, + { "", OPT_MD, '-', "Any supported digest" }, OPT_SECTION("CRL"), - {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, - {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"}, - {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"}, - {"noout", OPT_NOOUT, '-', "No CRL output"}, - {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"}, - {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"}, - {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" }, - {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"}, + { "issuer", OPT_ISSUER, '-', "Print issuer DN" }, + { "lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field" }, + { "nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field" }, + { "noout", OPT_NOOUT, '-', "No CRL output" }, + { "fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint" }, + { "crlnumber", OPT_CRLNUMBER, '-', "Print CRL number" }, + { "badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" }, + { "gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one" }, OPT_SECTION("Certificate"), - {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"}, - {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"}, - {"CAstore", OPT_CASTORE, ':', "Verify CRL using certificates in store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, + { "CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir" }, + { "CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name" }, + { "CAstore", OPT_CASTORE, ':', "Verify CRL using certificates in store URI" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int crl_main(int argc, char **argv) @@ -103,7 +126,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -147,13 +170,13 @@ do_ver = 1; break; case OPT_NOCAPATH: - noCApath = 1; + noCApath = 1; break; case OPT_NOCAFILE: - noCAfile = 1; + noCAfile = 1; break; case OPT_NOCASTORE: - noCAstore = 1; + noCAstore = 1; break; case OPT_HASH_OLD: #ifndef OPENSSL_NO_MD5 @@ -223,7 +246,8 @@ if (do_ver) { if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) == NULL) + CAstore, noCAstore)) + == NULL) goto end; lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) @@ -235,7 +259,7 @@ } xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, - X509_CRL_get_issuer(x)); + X509_CRL_get_issuer(x)); if (xobj == NULL) { BIO_printf(bio_err, "Error getting CRL issuer certificate\n"); goto end; @@ -310,9 +334,8 @@ } if (hash == i) { int ok; - unsigned long hash_value = - X509_NAME_hash_ex(X509_CRL_get_issuer(x), app_get0_libctx(), - app_get0_propq(), &ok); + unsigned long hash_value = X509_NAME_hash_ex(X509_CRL_get_issuer(x), app_get0_libctx(), + app_get0_propq(), &ok); if (num > 1) BIO_printf(bio_out, "issuer name hash="); @@ -328,7 +351,7 @@ if (num > 1) BIO_printf(bio_out, "issuer name old hash="); BIO_printf(bio_out, "%08lx\n", - X509_NAME_hash_old(X509_CRL_get_issuer(x))); + X509_NAME_hash_old(X509_CRL_get_issuer(x))); } #endif if (lastupdate == i) { @@ -354,10 +377,9 @@ goto end; } BIO_printf(bio_out, "%s Fingerprint=", - EVP_MD_get0_name(digest)); + EVP_MD_get0_name(digest)); for (j = 0; j < (int)n; j++) { - BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n) - ? '\n' : ':'); + BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); } } } @@ -384,7 +406,7 @@ } ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); BIO_free_all(out); --- crypto/openssl/apps/crl2pkcs7.c.orig +++ crypto/openssl/apps/crl2pkcs7.c @@ -23,27 +23,32 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE, + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_NOCRL, + OPT_CERTFILE, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS crl2pkcs7_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, - {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"}, - {"certfile", OPT_CERTFILE, '<', - "File of chain of certs to a trusted CA; can be repeated"}, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, + { "nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'" }, + { "certfile", OPT_CERTFILE, '<', + "File of chain of certs to a trusted CA; can be repeated" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int crl2pkcs7_main(int argc, char **argv) @@ -56,8 +61,7 @@ STACK_OF(X509_CRL) *crl_stack = NULL; X509_CRL *crl = NULL; char *infile = NULL, *outfile = NULL, *prog, *certfile; - int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl = - 0; + int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl = 0; OPTION_CHOICE o; prog = opt_init(argc, argv, crl2pkcs7_options); @@ -65,7 +69,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -140,7 +144,7 @@ goto end; p7s->crl = crl_stack; sk_X509_CRL_push(crl_stack, crl); - crl = NULL; /* now part of p7 for OPENSSL_freeing */ + crl = NULL; /* now part of p7 for OPENSSL_freeing */ } if (certflst != NULL) { @@ -172,7 +176,7 @@ goto end; } ret = 0; - end: +end: sk_OPENSSL_STRING_free(certflst); BIO_free(in); BIO_free_all(out); @@ -225,7 +229,7 @@ } ret = count; - end: +end: /* never need to OPENSSL_free x */ BIO_free(in); sk_X509_INFO_free(sk); --- crypto/openssl/apps/dgst.c.orig +++ crypto/openssl/apps/dgst.c @@ -22,12 +22,12 @@ #include #undef BUFSIZE -#define BUFSIZE 1024*8 +#define BUFSIZE 1024 * 8 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen, - EVP_PKEY *key, unsigned char *sigin, int siglen, - const char *sig_name, const char *md_name, - const char *file); + EVP_PKEY *key, unsigned char *sigin, int siglen, + const char *sig_name, const char *md_name, + const char *file); static void show_digests(const OBJ_NAME *name, void *bio_); struct doall_dgst_digests { @@ -38,57 +38,74 @@ typedef enum OPTION_choice { OPT_COMMON, OPT_LIST, - OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, - OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, - OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, - OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN, + OPT_C, + OPT_R, + OPT_OUT, + OPT_SIGN, + OPT_PASSIN, + OPT_VERIFY, + OPT_PRVERIFY, + OPT_SIGNATURE, + OPT_KEYFORM, + OPT_ENGINE, + OPT_ENGINE_IMPL, + OPT_HEX, + OPT_BINARY, + OPT_DEBUG, + OPT_FIPS_FINGERPRINT, + OPT_HMAC, + OPT_MAC, + OPT_SIGOPT, + OPT_MACOPT, + OPT_XOFLEN, OPT_DIGEST, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS dgst_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"list", OPT_LIST, '-', "List digests"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "list", OPT_LIST, '-', "List digests" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, - {"engine_impl", OPT_ENGINE_IMPL, '-', - "Also use engine given by -engine for digest operations"}, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, + { "engine_impl", OPT_ENGINE_IMPL, '-', + "Also use engine given by -engine for digest operations" }, #endif - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, OPT_SECTION("Output"), - {"c", OPT_C, '-', "Print the digest with separating colons"}, - {"r", OPT_R, '-', "Print the digest in coreutils format"}, - {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, - {"hex", OPT_HEX, '-', "Print as hex dump"}, - {"binary", OPT_BINARY, '-', "Print in binary form"}, - {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"}, - {"d", OPT_DEBUG, '-', "Print debug info"}, - {"debug", OPT_DEBUG, '-', "Print debug info"}, + { "c", OPT_C, '-', "Print the digest with separating colons" }, + { "r", OPT_R, '-', "Print the digest in coreutils format" }, + { "out", OPT_OUT, '>', "Output to filename rather than stdout" }, + { "keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)" }, + { "hex", OPT_HEX, '-', "Print as hex dump" }, + { "binary", OPT_BINARY, '-', "Print in binary form" }, + { "xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256" }, + { "d", OPT_DEBUG, '-', "Print debug info" }, + { "debug", OPT_DEBUG, '-', "Print debug info" }, OPT_SECTION("Signing"), - {"sign", OPT_SIGN, 's', "Sign digest using private key"}, - {"verify", OPT_VERIFY, 's', "Verify a signature using public key"}, - {"prverify", OPT_PRVERIFY, 's', "Verify a signature using private key"}, - {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, - {"signature", OPT_SIGNATURE, '<', "File with signature to verify"}, - {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"}, - {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"}, - {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"}, - {"", OPT_DIGEST, '-', "Any supported digest"}, - {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-', - "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"}, + { "sign", OPT_SIGN, 's', "Sign digest using private key" }, + { "verify", OPT_VERIFY, 's', "Verify a signature using public key" }, + { "prverify", OPT_PRVERIFY, 's', "Verify a signature using private key" }, + { "sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form" }, + { "signature", OPT_SIGNATURE, '<', "File with signature to verify" }, + { "hmac", OPT_HMAC, 's', "Create hashed MAC with key" }, + { "mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)" }, + { "macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key" }, + { "", OPT_DIGEST, '-', "Any supported digest" }, + { "fips-fingerprint", OPT_FIPS_FINGERPRINT, '-', + "Compute HMAC with the key used in OpenSSL-FIPS fingerprint" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"file", 0, 0, "Files to digest (optional; default is stdin)"}, - {NULL} + { "file", 0, 0, "Files to digest (optional; default is stdin)" }, + { NULL } }; int dgst_main(int argc, char **argv) @@ -122,7 +139,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -134,7 +151,7 @@ dec.bio = bio_out; dec.n = 0; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, - show_digests, &dec); + show_digests, &dec); BIO_printf(bio_out, "\n"); ret = EXIT_SUCCESS; goto end; @@ -238,7 +255,7 @@ if (do_verify && sigfile == NULL) { BIO_printf(bio_err, - "No signature to verify: use the -signature option\n"); + "No signature to verify: use the -signature option\n"); goto end; } if (engine_impl) @@ -330,8 +347,8 @@ digestname = SN_sha256; } sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl, - (unsigned char *)hmac_key, - strlen(hmac_key)); + (unsigned char *)hmac_key, + strlen(hmac_key)); if (sigkey == NULL) goto end; } @@ -348,17 +365,16 @@ if (do_verify) if (impl == NULL) res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname, - app_get0_libctx(), - app_get0_propq(), sigkey, NULL); + app_get0_libctx(), + app_get0_propq(), sigkey, NULL); else res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey); + else if (impl == NULL) + res = EVP_DigestSignInit_ex(mctx, &pctx, digestname, + app_get0_libctx(), + app_get0_propq(), sigkey, NULL); else - if (impl == NULL) - res = EVP_DigestSignInit_ex(mctx, &pctx, digestname, - app_get0_libctx(), - app_get0_propq(), sigkey, NULL); - else - res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey); + res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey); if (res == 0) { BIO_printf(bio_err, "Error setting context\n"); goto end; @@ -369,7 +385,7 @@ if (pkey_ctrl_string(pctx, sigopt) <= 0) { BIO_printf(bio_err, "Signature parameter error \"%s\"\n", - sigopt); + sigopt); goto end; } } @@ -436,7 +452,7 @@ if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); ret = do_fp(out, buf, inp, separator, out_bin, xoflen, sigkey, sigbuf, - siglen, NULL, md_name, "stdin"); + siglen, NULL, md_name, "stdin"); } else { const char *sig_name = NULL; @@ -452,13 +468,13 @@ continue; } else { if (do_fp(out, buf, inp, separator, out_bin, xoflen, - sigkey, sigbuf, siglen, sig_name, md_name, argv[i])) + sigkey, sigbuf, siglen, sig_name, md_name, argv[i])) ret = EXIT_FAILURE; } (void)BIO_reset(bmd); } } - end: +end: if (ret != EXIT_SUCCESS) ERR_print_errors(bio_err); OPENSSL_clear_free(buf, BUFSIZE); @@ -515,7 +531,7 @@ * in the '*sum' checksum programs. This aims to preserve backward * compatibility. */ -static const char *newline_escape_filename(const char *file, int * backslash) +static const char *newline_escape_filename(const char *file, int *backslash) { size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0; char *file_cpy = NULL; @@ -528,7 +544,7 @@ file_cpy = app_malloc(mem_len, file); i = 0; - while(e < length) { + while (e < length) { const char c = file[e]; if (c == '\n') { file_cpy[i++] = '\\'; @@ -540,14 +556,13 @@ e++; } file_cpy[i] = '\0'; - return (const char*)file_cpy; + return (const char *)file_cpy; } - int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen, - EVP_PKEY *key, unsigned char *sigin, int siglen, - const char *sig_name, const char *md_name, - const char *file) + EVP_PKEY *key, unsigned char *sigin, int siglen, + const char *sig_name, const char *md_name, + const char *file) { size_t len = BUFSIZE; int i, backslash = 0, ret = EXIT_FAILURE; @@ -650,7 +665,7 @@ } ret = EXIT_SUCCESS; - end: +end: if (allocated_buf != NULL) OPENSSL_clear_free(allocated_buf, len); --- crypto/openssl/apps/dhparam.c.orig +++ crypto/openssl/apps/dhparam.c @@ -35,45 +35,55 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, - OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT, - OPT_DSAPARAM, OPT_2, OPT_3, OPT_5, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_ENGINE, + OPT_CHECK, + OPT_TEXT, + OPT_NOOUT, + OPT_DSAPARAM, + OPT_2, + OPT_3, + OPT_5, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS dhparam_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"check", OPT_CHECK, '-', "Check the DH parameters"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "check", OPT_CHECK, '-', "Check the DH parameters" }, #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0) - {"dsaparam", OPT_DSAPARAM, '-', - "Read or generate DSA parameters, convert to DH"}, + { "dsaparam", OPT_DSAPARAM, '-', + "Read or generate DSA parameters, convert to DH" }, #endif #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format, DER or PEM"}, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format, DER or PEM" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"}, - {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"}, - {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"}, - {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, - {"3", OPT_3, '-', "Generate parameters using 3 as the generator value"}, - {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "Output format, DER or PEM" }, + { "text", OPT_TEXT, '-', "Print a text form of the DH parameters" }, + { "noout", OPT_NOOUT, '-', "Don't output any DH parameters" }, + { "2", OPT_2, '-', "Generate parameters using 2 as the generator value" }, + { "3", OPT_3, '-', "Generate parameters using 3 as the generator value" }, + { "5", OPT_5, '-', "Generate parameters using 5 as the generator value" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"numbits", 0, 0, "Number of bits if generating parameters (optional)"}, - {NULL} + { "numbits", 0, 0, "Number of bits if generating parameters (optional)" }, + { NULL } }; int dhparam_main(int argc, char **argv) @@ -93,7 +103,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -166,7 +176,7 @@ if (dsaparam && g) { BIO_printf(bio_err, - "Error, generator may not be chosen for DSA parameters\n"); + "Error, generator may not be chosen for DSA parameters\n"); goto end; } @@ -188,20 +198,20 @@ ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), alg, app_get0_propq()); if (ctx == NULL) { BIO_printf(bio_err, - "Error, %s param generation context allocation failed\n", - alg); + "Error, %s param generation context allocation failed\n", + alg); goto end; } EVP_PKEY_CTX_set_cb(ctx, gendh_cb); EVP_PKEY_CTX_set_app_data(ctx, bio_err); BIO_printf(bio_err, - "Generating %s parameters, %d bit long %sprime\n", - alg, num, dsaparam ? "" : "safe "); + "Generating %s parameters, %d bit long %sprime\n", + alg, num, dsaparam ? "" : "safe "); if (EVP_PKEY_paramgen_init(ctx) <= 0) { BIO_printf(bio_err, - "Error, unable to initialise %s parameters\n", - alg); + "Error, unable to initialise %s parameters\n", + alg); goto end; } @@ -251,32 +261,34 @@ */ done = 1; /* - * We set NULL for the keytype to allow any key type. We don't know - * if we're going to get DH or DHX (or DSA in the event of dsaparam). - * We check that we got one of those key types afterwards. - */ + * We set NULL for the keytype to allow any key type. We don't know + * if we're going to get DH or DHX (or DSA in the event of dsaparam). + * We check that we got one of those key types afterwards. + */ decoderctx = OSSL_DECODER_CTX_new_for_pkey(&tmppkey, - (informat == FORMAT_ASN1) - ? "DER" : "PEM", - NULL, - (informat == FORMAT_ASN1) - ? keytype : NULL, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - NULL, NULL); + (informat == FORMAT_ASN1) + ? "DER" + : "PEM", + NULL, + (informat == FORMAT_ASN1) + ? keytype + : NULL, + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + NULL, NULL); if (decoderctx != NULL - && !OSSL_DECODER_from_bio(decoderctx, in) - && informat == FORMAT_ASN1 - && strcmp(keytype, "DH") == 0) { + && !OSSL_DECODER_from_bio(decoderctx, in) + && informat == FORMAT_ASN1 + && strcmp(keytype, "DH") == 0) { /* - * When reading DER we explicitly state the expected keytype - * because, unlike PEM, there is no header to declare what - * the contents of the DER file are. The decoders just try - * and guess. Unfortunately with DHX key types they may guess - * wrong and think we have a DSA keytype. Therefore we try - * both DH and DHX sequentially. - */ + * When reading DER we explicitly state the expected keytype + * because, unlike PEM, there is no header to declare what + * the contents of the DER file are. The decoders just try + * and guess. Unfortunately with DHX key types they may guess + * wrong and think we have a DSA keytype. Therefore we try + * both DH and DHX sequentially. + */ keytype = "DHX"; /* * BIO_reset() returns 0 for success for file BIOs only!!! @@ -302,7 +314,7 @@ goto end; } else { if (!EVP_PKEY_is_a(tmppkey, "DH") - && !EVP_PKEY_is_a(tmppkey, "DHX")) { + && !EVP_PKEY_is_a(tmppkey, "DHX")) { BIO_printf(bio_err, "Error, unable to load DH parameters\n"); goto end; } @@ -328,12 +340,12 @@ } if (!noout) { - OSSL_ENCODER_CTX *ectx = - OSSL_ENCODER_CTX_new_for_pkey(pkey, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - outformat == FORMAT_ASN1 - ? "DER" : "PEM", - NULL, NULL); + OSSL_ENCODER_CTX *ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + outformat == FORMAT_ASN1 + ? "DER" + : "PEM", + NULL, NULL); if (ectx == NULL || !OSSL_ENCODER_to_bio(ectx, out)) { OSSL_ENCODER_CTX_free(ectx); @@ -343,7 +355,7 @@ OSSL_ENCODER_CTX_free(ectx); } ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); BIO_free(in); @@ -369,33 +381,33 @@ EVP_PKEY *pkey = NULL; if (!EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_P, &bn_p) - || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_Q, &bn_q) - || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_G, &bn_g)) { + || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_Q, &bn_q) + || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_G, &bn_g)) { BIO_printf(bio_err, "Error, failed to set DH parameters\n"); goto err; } if ((tmpl = OSSL_PARAM_BLD_new()) == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, - bn_p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, - bn_q) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, - bn_g) - || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, + bn_p) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, + bn_q) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, + bn_g) + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { BIO_printf(bio_err, "Error, failed to set DH parameters\n"); goto err; } ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DHX", app_get0_propq()); if (ctx == NULL - || EVP_PKEY_fromdata_init(ctx) <= 0 - || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { + || EVP_PKEY_fromdata_init(ctx) <= 0 + || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { BIO_printf(bio_err, "Error, failed to set DH parameters\n"); goto err; } - err: +err: EVP_PKEY_CTX_free(ctx); OSSL_PARAM_free(params); OSSL_PARAM_BLD_free(tmpl); --- crypto/openssl/apps/dsa.c.orig +++ crypto/openssl/apps/dsa.c @@ -27,51 +27,63 @@ #include #ifndef OPENSSL_NO_RC4 -# define DEFAULT_PVK_ENCR_STRENGTH 2 +#define DEFAULT_PVK_ENCR_STRENGTH 2 #else -# define DEFAULT_PVK_ENCR_STRENGTH 0 +#define DEFAULT_PVK_ENCR_STRENGTH 0 #endif typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_ENGINE, /* Do not change the order here; see case statements below */ - OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG, - OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN, - OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT, + OPT_PVK_NONE, + OPT_PVK_WEAK, + OPT_PVK_STRONG, + OPT_NOOUT, + OPT_TEXT, + OPT_MODULUS, + OPT_PUBIN, + OPT_PUBOUT, + OPT_CIPHER, + OPT_PASSIN, + OPT_PASSOUT, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS dsa_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"", OPT_CIPHER, '-', "Any supported cipher"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "", OPT_CIPHER, '-', "Any supported cipher" }, #ifndef OPENSSL_NO_RC4 - {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, - {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, - {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, + { "pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)" }, + { "pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level" }, + { "pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding" }, #endif #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input key"}, - {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/PVK); has no effect"}, - {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + { "in", OPT_IN, 's', "Input key" }, + { "inform", OPT_INFORM, 'f', "Input format (DER/PEM/PVK); has no effect" }, + { "pubin", OPT_PUBIN, '-', "Expect a public key in input file" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"}, - {"noout", OPT_NOOUT, '-', "Don't print key out"}, - {"text", OPT_TEXT, '-', "Print the key in text"}, - {"modulus", OPT_MODULUS, '-', "Print the DSA public value"}, - {"pubout", OPT_PUBOUT, '-', "Output public key, not private"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK" }, + { "noout", OPT_NOOUT, '-', "Don't print key out" }, + { "text", OPT_TEXT, '-', "Print the key in text" }, + { "modulus", OPT_MODULUS, '-', "Print the DSA public value" }, + { "pubout", OPT_PUBOUT, '-', "Output public key, not private" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int dsa_main(int argc, char **argv) @@ -97,7 +109,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: ret = 0; BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; @@ -128,9 +140,9 @@ case OPT_PASSOUT: passoutarg = opt_arg(); break; - case OPT_PVK_STRONG: /* pvk_encr:= 2 */ - case OPT_PVK_WEAK: /* pvk_encr:= 1 */ - case OPT_PVK_NONE: /* pvk_encr:= 0 */ + case OPT_PVK_STRONG: /* pvk_encr:= 2 */ + case OPT_PVK_WEAK: /* pvk_encr:= 1 */ + case OPT_PVK_NONE: /* pvk_encr:= 0 */ #ifndef OPENSSL_NO_RC4 pvk_encr = (o - OPT_PVK_NONE); #endif @@ -256,12 +268,12 @@ } else { assert(private); selection = (OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); } /* Perform the encoding */ ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, output_type, - output_structure, NULL); + output_structure, NULL); if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { BIO_printf(bio_err, "%s format not supported\n", output_type); goto end; @@ -277,8 +289,8 @@ if (passout != NULL) /* When passout given, override the passphrase prompter */ OSSL_ENCODER_CTX_set_passphrase(ectx, - (const unsigned char *)passout, - strlen(passout)); + (const unsigned char *)passout, + strlen(passout)); } /* PVK requires a bit more */ @@ -297,7 +309,7 @@ goto end; } ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); OSSL_ENCODER_CTX_free(ectx); --- crypto/openssl/apps/dsaparam.c.orig +++ crypto/openssl/apps/dsaparam.c @@ -29,38 +29,46 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, - OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_TEXT, + OPT_NOOUT, + OPT_GENKEY, + OPT_ENGINE, + OPT_VERBOSE, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS dsaparam_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - {"text", OPT_TEXT, '-', "Print as text"}, - {"noout", OPT_NOOUT, '-', "No output"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, + { "text", OPT_TEXT, '-', "Print as text" }, + { "noout", OPT_NOOUT, '-', "No output" }, + { "verbose", OPT_VERBOSE, '-', "Verbose output" }, + { "genkey", OPT_GENKEY, '-', "Generate a DSA key" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"numbits", 0, 0, "Number of bits if generating parameters (optional)"}, - {NULL} + { "numbits", 0, 0, "Number of bits if generating parameters (optional)" }, + { NULL } }; int dsaparam_main(int argc, char **argv) @@ -80,7 +88,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -150,31 +158,31 @@ ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DSA", app_get0_propq()); if (ctx == NULL) { BIO_printf(bio_err, - "Error, DSA parameter generation context allocation failed\n"); + "Error, DSA parameter generation context allocation failed\n"); goto end; } if (numbits > 0) { if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for DSA keys.\n" - " Your key size is %d! Larger key size may behave not as expected.\n", - OPENSSL_DSA_MAX_MODULUS_BITS, numbits); + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, numbits); EVP_PKEY_CTX_set_cb(ctx, gendsa_cb); EVP_PKEY_CTX_set_app_data(ctx, bio_err); if (verbose) { BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", - num); + num); BIO_printf(bio_err, "This could take some time\n"); } if (EVP_PKEY_paramgen_init(ctx) <= 0) { BIO_printf(bio_err, - "Error, DSA key generation paramgen init failed\n"); + "Error, DSA key generation paramgen init failed\n"); goto end; } if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num) <= 0) { BIO_printf(bio_err, - "Error, DSA key generation setting bit length failed\n"); + "Error, DSA key generation setting bit length failed\n"); goto end; } params = app_paramgen(ctx, "DSA"); @@ -206,15 +214,15 @@ if (genkey) { EVP_PKEY_CTX_free(ctx); ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params, - app_get0_propq()); + app_get0_propq()); if (ctx == NULL) { BIO_printf(bio_err, - "Error, DSA key generation context allocation failed\n"); + "Error, DSA key generation context allocation failed\n"); goto end; } if (EVP_PKEY_keygen_init(ctx) <= 0) { BIO_printf(bio_err, - "Error, unable to initialise for key generation\n"); + "Error, unable to initialise for key generation\n"); goto end; } pkey = app_keygen(ctx, "DSA", numbits, verbose); @@ -227,7 +235,7 @@ i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL); } ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); BIO_free_all(out); --- crypto/openssl/apps/ec.c.orig +++ crypto/openssl/apps/ec.c @@ -23,42 +23,56 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, - OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT, - OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER, - OPT_NO_PUBLIC, OPT_CHECK, OPT_PROV_ENUM + OPT_INFORM, + OPT_OUTFORM, + OPT_ENGINE, + OPT_IN, + OPT_OUT, + OPT_NOOUT, + OPT_TEXT, + OPT_PARAM_OUT, + OPT_PUBIN, + OPT_PUBOUT, + OPT_PASSIN, + OPT_PASSOUT, + OPT_PARAM_ENC, + OPT_CONV_FORM, + OPT_CIPHER, + OPT_NO_PUBLIC, + OPT_CHECK, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS ec_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input file"}, - {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"}, - {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"check", OPT_CHECK, '-', "check key consistency"}, - {"", OPT_CIPHER, '-', "Any supported cipher"}, - {"param_enc", OPT_PARAM_ENC, 's', - "Specifies the way the ec parameters are encoded"}, - {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, + { "in", OPT_IN, 's', "Input file" }, + { "inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)" }, + { "pubin", OPT_PUBIN, '-', "Expect a public key in input file" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "check", OPT_CHECK, '-', "check key consistency" }, + { "", OPT_CIPHER, '-', "Any supported cipher" }, + { "param_enc", OPT_PARAM_ENC, 's', + "Specifies the way the ec parameters are encoded" }, + { "conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form " }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - {"noout", OPT_NOOUT, '-', "Don't print key out"}, - {"text", OPT_TEXT, '-', "Print the key"}, - {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"}, - {"pubout", OPT_PUBOUT, '-', "Output public key, not private"}, - {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, + { "noout", OPT_NOOUT, '-', "Don't print key out" }, + { "text", OPT_TEXT, '-', "Print the key" }, + { "param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters" }, + { "pubout", OPT_PUBOUT, '-', "Output public key, not private" }, + { "no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int ec_main(int argc, char **argv) @@ -85,7 +99,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -192,15 +206,15 @@ if (point_format && !EVP_PKEY_set_utf8_string_param( - eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - point_format)) { + eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + point_format)) { BIO_printf(bio_err, "unable to set point conversion format\n"); goto end; } if (asn1_encoding != NULL && !EVP_PKEY_set_utf8_string_param( - eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) { + eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) { BIO_printf(bio_err, "unable to set asn1 encoding format\n"); goto end; } @@ -257,8 +271,8 @@ } ectx = OSSL_ENCODER_CTX_new_for_pkey(eckey, selection, - output_type, output_structure, - NULL); + output_type, output_structure, + NULL); if (enc != NULL) { OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL); /* Default passphrase prompter */ @@ -266,8 +280,8 @@ if (passout != NULL) /* When passout given, override the passphrase prompter */ OSSL_ENCODER_CTX_set_passphrase(ectx, - (const unsigned char *)passout, - strlen(passout)); + (const unsigned char *)passout, + strlen(passout)); } if (!OSSL_ENCODER_to_bio(ectx, out)) { BIO_printf(bio_err, "unable to write EC key\n"); --- crypto/openssl/apps/ecparam.c.orig +++ crypto/openssl/apps/ecparam.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -23,46 +23,59 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, - OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME, - OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_TEXT, + OPT_CHECK, + OPT_LIST_CURVES, + OPT_NO_SEED, + OPT_NOOUT, + OPT_NAME, + OPT_CONV_FORM, + OPT_PARAM_ENC, + OPT_GENKEY, + OPT_ENGINE, + OPT_CHECK_NAMED, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS ecparam_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"list_curves", OPT_LIST_CURVES, '-', - "Prints a list of all curve 'short names'"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "list_curves", OPT_LIST_CURVES, '-', + "Prints a list of all curve 'short names'" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - {"genkey", OPT_GENKEY, '-', "Generate ec key"}, - {"in", OPT_IN, '<', "Input file - default stdin"}, - {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"}, - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, + { "genkey", OPT_GENKEY, '-', "Generate ec key" }, + { "in", OPT_IN, '<', "Input file - default stdin" }, + { "inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)" }, + { "out", OPT_OUT, '>', "Output file - default stdout" }, + { "outform", OPT_OUTFORM, 'F', "Output format - default PEM" }, OPT_SECTION("Output"), - {"text", OPT_TEXT, '-', "Print the ec parameters in text form"}, - {"noout", OPT_NOOUT, '-', "Do not print the ec parameter"}, - {"param_enc", OPT_PARAM_ENC, 's', - "Specifies the way the ec parameters are encoded"}, + { "text", OPT_TEXT, '-', "Print the ec parameters in text form" }, + { "noout", OPT_NOOUT, '-', "Do not print the ec parameter" }, + { "param_enc", OPT_PARAM_ENC, 's', + "Specifies the way the ec parameters are encoded" }, OPT_SECTION("Parameter"), - {"check", OPT_CHECK, '-', "Validate the ec parameters"}, - {"check_named", OPT_CHECK_NAMED, '-', - "Check that named EC curve parameters have not been modified"}, - {"no_seed", OPT_NO_SEED, '-', - "If 'explicit' parameters are chosen do not use the seed"}, - {"name", OPT_NAME, 's', - "Use the ec parameters with specified 'short name'"}, - {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, + { "check", OPT_CHECK, '-', "Validate the ec parameters" }, + { "check_named", OPT_CHECK_NAMED, '-', + "Check that named EC curve parameters have not been modified" }, + { "no_seed", OPT_NO_SEED, '-', + "If 'explicit' parameters are chosen do not use the seed" }, + { "name", OPT_NAME, 's', + "Use the ec parameters with specified 'short name'" }, + { "conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form " }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; static int list_builtin_curves(BIO *out) @@ -116,7 +129,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -211,30 +224,30 @@ if (strcmp(curve_name, "secp192r1") == 0) { BIO_printf(bio_err, - "using curve name prime192v1 instead of secp192r1\n"); + "using curve name prime192v1 instead of secp192r1\n"); curve_name = SN_X9_62_prime192v1; } else if (strcmp(curve_name, "secp256r1") == 0) { BIO_printf(bio_err, - "using curve name prime256v1 instead of secp256r1\n"); + "using curve name prime256v1 instead of secp256r1\n"); curve_name = SN_X9_62_prime256v1; } *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - curve_name, 0); + curve_name, 0); if (asn1_encoding != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, - asn1_encoding, 0); + asn1_encoding, 0); if (point_format != NULL) *p++ = OSSL_PARAM_construct_utf8_string( - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - point_format, 0); + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + point_format, 0); *p = OSSL_PARAM_construct_end(); if (OPENSSL_strcasecmp(curve_name, "SM2") == 0) gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "sm2", - app_get0_propq()); + app_get0_propq()); else gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "ec", - app_get0_propq()); + app_get0_propq()); if (gctx_params == NULL || EVP_PKEY_keygen_init(gctx_params) <= 0 || EVP_PKEY_CTX_set_params(gctx_params, params) <= 0 @@ -243,20 +256,28 @@ goto end; } } else { - params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters"); - if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC")) + params_key = load_keyparams_suppress(infile, informat, 1, "EC", + "EC parameters", 1); + if (params_key == NULL) + params_key = load_keyparams_suppress(infile, informat, 1, "SM2", + "SM2 parameters", 1); + + if (params_key == NULL) { + BIO_printf(bio_err, "Unable to load parameters from %s\n", infile); goto end; + } + if (point_format && !EVP_PKEY_set_utf8_string_param( - params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - point_format)) { + params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + point_format)) { BIO_printf(bio_err, "unable to set point conversion format\n"); goto end; } if (asn1_encoding != NULL && !EVP_PKEY_set_utf8_string_param( - params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) { + params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) { BIO_printf(bio_err, "unable to set asn1 encoding format\n"); goto end; } @@ -264,7 +285,7 @@ if (no_seed && !EVP_PKEY_set_octet_string_param(params_key, OSSL_PKEY_PARAM_EC_SEED, - NULL, 0)) { + NULL, 0)) { BIO_printf(bio_err, "unable to clear seed\n"); goto end; } @@ -280,13 +301,13 @@ if (check_named && !EVP_PKEY_set_utf8_string_param(params_key, - OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, - OSSL_PKEY_EC_GROUP_CHECK_NAMED)) { - BIO_printf(bio_err, "unable to set check_type\n"); - goto end; + OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, + OSSL_PKEY_EC_GROUP_CHECK_NAMED)) { + BIO_printf(bio_err, "unable to set check_type\n"); + goto end; } pctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key, - app_get0_propq()); + app_get0_propq()); if (pctx == NULL || EVP_PKEY_param_check(pctx) <= 0) { BIO_printf(bio_err, "failed\n"); goto end; @@ -299,8 +320,8 @@ if (!noout) { ectx_params = OSSL_ENCODER_CTX_new_for_pkey( - params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL); + params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL); if (!OSSL_ENCODER_to_bio(ectx_params, out)) { BIO_printf(bio_err, "unable to write elliptic curve parameters\n"); goto end; @@ -317,7 +338,7 @@ * EVP_PKEY_keygen(gctx, &key) <= 0) */ gctx_key = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key, - app_get0_propq()); + app_get0_propq()); if (EVP_PKEY_keygen_init(gctx_key) <= 0 || EVP_PKEY_keygen(gctx_key, &key) <= 0) { BIO_printf(bio_err, "unable to generate key\n"); @@ -325,11 +346,11 @@ } assert(private); ectx_key = OSSL_ENCODER_CTX_new_for_pkey( - key, OSSL_KEYMGMT_SELECT_ALL, - outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL); + key, OSSL_KEYMGMT_SELECT_ALL, + outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL); if (!OSSL_ENCODER_to_bio(ectx_key, out)) { BIO_printf(bio_err, "unable to write elliptic " - "curve parameters\n"); + "curve parameters\n"); goto end; } } --- crypto/openssl/apps/enc.c.orig +++ crypto/openssl/apps/enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,16 +21,16 @@ #include #include #ifndef OPENSSL_NO_COMP -# include +#include #endif #include #undef SIZE #undef BSIZE -#define SIZE (512) -#define BSIZE (8*1024) +#define SIZE (512) +#define BSIZE (8 * 1024) -#define PBKDF2_ITER_DEFAULT 10000 +#define PBKDF2_ITER_DEFAULT 10000 #define STR(a) XSTR(a) #define XSTR(a) #a @@ -45,69 +45,93 @@ typedef enum OPTION_choice { OPT_COMMON, OPT_LIST, - OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V, - OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A, - OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE, - OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_E, + OPT_IN, + OPT_OUT, + OPT_PASS, + OPT_ENGINE, + OPT_D, + OPT_P, + OPT_V, + OPT_NOPAD, + OPT_SALT, + OPT_NOSALT, + OPT_DEBUG, + OPT_UPPER_P, + OPT_UPPER_A, + OPT_A, + OPT_Z, + OPT_BUFSIZE, + OPT_K, + OPT_KFILE, + OPT_UPPER_K, + OPT_NONE, + OPT_UPPER_S, + OPT_IV, + OPT_MD, + OPT_ITER, + OPT_PBKDF2, + OPT_CIPHER, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS enc_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"list", OPT_LIST, '-', "List ciphers"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "list", OPT_LIST, '-', "List ciphers" }, #ifndef OPENSSL_NO_DEPRECATED_3_0 - {"ciphers", OPT_LIST, '-', "Alias for -list"}, + { "ciphers", OPT_LIST, '-', "Alias for -list" }, #endif - {"e", OPT_E, '-', "Encrypt"}, - {"d", OPT_D, '-', "Decrypt"}, - {"p", OPT_P, '-', "Print the iv/key"}, - {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"}, + { "e", OPT_E, '-', "Encrypt" }, + { "d", OPT_D, '-', "Decrypt" }, + { "p", OPT_P, '-', "Print the iv/key" }, + { "P", OPT_UPPER_P, '-', "Print the iv/key and exit" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"k", OPT_K, 's', "Passphrase"}, - {"kfile", OPT_KFILE, '<', "Read passphrase from file"}, + { "in", OPT_IN, '<', "Input file" }, + { "k", OPT_K, 's', "Passphrase" }, + { "kfile", OPT_KFILE, '<', "Read passphrase from file" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"pass", OPT_PASS, 's', "Passphrase source"}, - {"v", OPT_V, '-', "Verbose output"}, - {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"}, - {"base64", OPT_A, '-', "Same as option -a"}, - {"A", OPT_UPPER_A, '-', - "Used with -[base64|a] to specify base64 buffer as a single line"}, + { "out", OPT_OUT, '>', "Output file" }, + { "pass", OPT_PASS, 's', "Passphrase source" }, + { "v", OPT_V, '-', "Verbose output" }, + { "a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag" }, + { "base64", OPT_A, '-', "Same as option -a" }, + { "A", OPT_UPPER_A, '-', + "Used with -[base64|a] to specify base64 buffer as a single line" }, OPT_SECTION("Encryption"), - {"nopad", OPT_NOPAD, '-', "Disable standard block padding"}, - {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"}, - {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"}, - {"debug", OPT_DEBUG, '-', "Print debug info"}, - - {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, - {"K", OPT_UPPER_K, 's', "Raw key, in hex"}, - {"S", OPT_UPPER_S, 's', "Salt, in hex"}, - {"iv", OPT_IV, 's', "IV in hex"}, - {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"}, - {"iter", OPT_ITER, 'p', - "Specify the iteration count and force the use of PBKDF2"}, - {OPT_MORE_STR, 0, 0, "Default: " STR(PBKDF2_ITER_DEFAULT)}, - {"pbkdf2", OPT_PBKDF2, '-', - "Use password-based key derivation function 2 (PBKDF2)"}, - {OPT_MORE_STR, 0, 0, - "Use -iter to change the iteration count from " STR(PBKDF2_ITER_DEFAULT)}, - {"none", OPT_NONE, '-', "Don't encrypt"}, + { "nopad", OPT_NOPAD, '-', "Disable standard block padding" }, + { "salt", OPT_SALT, '-', "Use salt in the KDF (default)" }, + { "nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF" }, + { "debug", OPT_DEBUG, '-', "Print debug info" }, + + { "bufsize", OPT_BUFSIZE, 's', "Buffer size" }, + { "K", OPT_UPPER_K, 's', "Raw key, in hex" }, + { "S", OPT_UPPER_S, 's', "Salt, in hex" }, + { "iv", OPT_IV, 's', "IV in hex" }, + { "md", OPT_MD, 's', "Use specified digest to create a key from the passphrase" }, + { "iter", OPT_ITER, 'p', + "Specify the iteration count and force the use of PBKDF2" }, + { OPT_MORE_STR, 0, 0, "Default: " STR(PBKDF2_ITER_DEFAULT) }, + { "pbkdf2", OPT_PBKDF2, '-', + "Use password-based key derivation function 2 (PBKDF2)" }, + { OPT_MORE_STR, 0, 0, + "Use -iter to change the iteration count from " STR(PBKDF2_ITER_DEFAULT) }, + { "none", OPT_NONE, '-', "Don't encrypt" }, #ifdef ZLIB - {"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"}, + { "z", OPT_Z, '-', "Compress or decompress encrypted data using zlib" }, #endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, + { "", OPT_CIPHER, '-', "Any supported cipher" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int enc_main(int argc, char **argv) @@ -115,8 +139,7 @@ static char buf[128]; static const char magic[] = "Salted__"; ENGINE *e = NULL; - BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = - NULL, *wbio = NULL; + BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = NULL, *wbio = NULL; EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER *cipher = NULL; EVP_MD *dgst = NULL; @@ -157,7 +180,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -169,7 +192,7 @@ dec.bio = bio_out; dec.n = 0; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - show_ciphers, &dec); + show_ciphers, &dec); BIO_printf(bio_out, "\n"); ret = 0; goto end; @@ -230,10 +253,12 @@ if (k) p[i] = '\0'; if (!opt_long(opt_arg(), &n) - || n < 0 || (k && n >= LONG_MAX / 1024)) + || n < 0 || (k && n >= LONG_MAX / 1024)) goto opthelp; if (k) n *= 1024; + if (n > INT_MAX) + goto opthelp; bsize = (int)n; break; case OPT_K: @@ -248,7 +273,7 @@ in = NULL; if (i <= 0) { BIO_printf(bio_err, - "%s Can't read key from %s\n", prog, opt_arg()); + "%s Can't read key from %s\n", prog, opt_arg()); goto opthelp; } while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n')) @@ -280,7 +305,7 @@ break; case OPT_PBKDF2: pbkdf2 = 1; - if (iter == 0) /* do not overwrite a chosen value */ + if (iter == 0) /* do not overwrite a chosen value */ iter = PBKDF2_ITER_DEFAULT; break; case OPT_NONE: @@ -361,8 +386,8 @@ char prompt[200]; BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:", - EVP_CIPHER_get0_name(cipher), - (enc) ? "encryption" : "decryption"); + EVP_CIPHER_get0_name(cipher), + (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc); if (i == 0) { @@ -446,7 +471,7 @@ BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - if (enc) { /* encryption */ + if (enc) { /* encryption */ if (hsalt == NULL) { if (RAND_bytes(salt, sizeof(salt)) <= 0) { BIO_printf(bio_err, "RAND_bytes failed\n"); @@ -458,15 +483,17 @@ */ if ((printkey != 2) && (BIO_write(wbio, magic, - sizeof(magic) - 1) != sizeof(magic) - 1 + sizeof(magic) - 1) + != sizeof(magic) - 1 || BIO_write(wbio, - (char *)salt, - sizeof(salt)) != sizeof(salt))) { + (char *)salt, + sizeof(salt)) + != sizeof(salt))) { BIO_printf(bio_err, "error writing output file\n"); goto end; } } - } else { /* decryption */ + } else { /* decryption */ if (hsalt == NULL) { if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) { BIO_printf(bio_err, "error reading input file\n"); @@ -474,7 +501,8 @@ } if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */ if (BIO_read(rbio, salt, - sizeof(salt)) != sizeof(salt)) { + sizeof(salt)) + != sizeof(salt)) { BIO_printf(bio_err, "error reading input file\n"); goto end; } @@ -489,29 +517,29 @@ if (pbkdf2 == 1) { /* - * derive key and default iv - * concatenated into a temporary buffer - */ + * derive key and default iv + * concatenated into a temporary buffer + */ unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; int iklen = EVP_CIPHER_get_key_length(cipher); int ivlen = EVP_CIPHER_get_iv_length(cipher); /* not needed if HASH_UPDATE() is fixed : */ int islen = (sptr != NULL ? sizeof(salt) : 0); if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen, - iter, dgst, iklen+ivlen, tmpkeyiv)) { + iter, dgst, iklen + ivlen, tmpkeyiv)) { BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); goto end; } /* split and move data back to global buffer */ memcpy(key, tmpkeyiv, iklen); - memcpy(iv, tmpkeyiv+iklen, ivlen); + memcpy(iv, tmpkeyiv + iklen, ivlen); } else { BIO_printf(bio_err, "*** WARNING : " "deprecated key derivation used.\n" "Using -iter or -pbkdf2 would be better.\n"); if (!EVP_BytesToKey(cipher, dgst, sptr, - (unsigned char *)str, str_len, - 1, key, iv)) { + (unsigned char *)str, str_len, + 1, key, iv)) { BIO_printf(bio_err, "EVP_BytesToKey failed\n"); goto end; } @@ -564,7 +592,7 @@ if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_get0_name(cipher)); + EVP_CIPHER_get0_name(cipher)); ERR_print_errors(bio_err); goto end; } @@ -574,7 +602,7 @@ if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_get0_name(cipher)); + EVP_CIPHER_get0_name(cipher)); ERR_print_errors(bio_err); goto end; } @@ -636,7 +664,7 @@ BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in)); BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out)); } - end: +end: ERR_print_errors(bio_err); OPENSSL_free(strbuf); OPENSSL_free(buff); @@ -665,8 +693,8 @@ /* Filter out ciphers that we cannot use */ cipher = EVP_get_cipherbyname(name->name); if (cipher == NULL - || (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 - || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE) + || (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 + || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE) return; BIO_printf(dec->bio, "-%-25s", name->name); --- crypto/openssl/apps/engine.c.orig +++ crypto/openssl/apps/engine.c @@ -24,32 +24,39 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST, - OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV + OPT_C, + OPT_T, + OPT_TT, + OPT_PRE, + OPT_POST, + OPT_V = 100, + OPT_VV, + OPT_VVV, + OPT_VVVV } OPTION_CHOICE; const OPTIONS engine_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"t", OPT_T, '-', "Check that specified engine is available"}, - {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"}, - {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "t", OPT_T, '-', "Check that specified engine is available" }, + { "pre", OPT_PRE, 's', "Run command against the ENGINE before loading it" }, + { "post", OPT_POST, 's', "Run command against the ENGINE after loading it" }, OPT_SECTION("Output"), - {"v", OPT_V, '-', "List 'control commands' For each specified engine"}, - {"vv", OPT_VV, '-', "Also display each command's description"}, - {"vvv", OPT_VVV, '-', "Also add the input flags for each command"}, - {"vvvv", OPT_VVVV, '-', "Also show internal input flags"}, - {"c", OPT_C, '-', "List the capabilities of specified engine"}, - {"tt", OPT_TT, '-', "Display error trace for unavailable engines"}, - {OPT_MORE_STR, OPT_EOF, 1, - "Commands are like \"SO_PATH:/lib/libdriver.so\""}, + { "v", OPT_V, '-', "List 'control commands' For each specified engine" }, + { "vv", OPT_VV, '-', "Also display each command's description" }, + { "vvv", OPT_VVV, '-', "Also add the input flags for each command" }, + { "vvvv", OPT_VVVV, '-', "Also show internal input flags" }, + { "c", OPT_C, '-', "List the capabilities of specified engine" }, + { "tt", OPT_TT, '-', "Display error trace for unavailable engines" }, + { OPT_MORE_STR, OPT_EOF, 1, + "Commands are like \"SO_PATH:/lib/libdriver.so\"" }, OPT_PARAMETERS(), - {"engine", 0, 0, "ID of engine(s) to load"}, - {NULL} + { "engine", 0, 0, "ID of engine(s) to load" }, + { NULL } }; static int append_buf(char **buf, int *size, const char *s) @@ -133,9 +140,7 @@ started = 1; } /* Check for unknown flags */ - flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & - ~ENGINE_CMD_FLAG_STRING & - ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL; + flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & ~ENGINE_CMD_FLAG_STRING & ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL; if (flags) { if (started) BIO_printf(out, "|"); @@ -157,9 +162,7 @@ int flags; int xpos = 0; STACK_OF(OPENSSL_STRING) *cmds = NULL; - if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || - ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, - 0, NULL, NULL)) <= 0)) { + if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, 0, NULL, NULL)) <= 0)) { return 1; } @@ -171,25 +174,30 @@ int len; /* Get the command input flags */ if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, - NULL, NULL)) < 0) + NULL, NULL)) + < 0) goto err; if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) { /* Get the command name */ if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, - NULL, NULL)) <= 0) + NULL, NULL)) + <= 0) goto err; name = app_malloc(len + 1, "name buffer"); if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, - NULL) <= 0) + NULL) + <= 0) goto err; /* Get the command description */ if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, - NULL, NULL)) < 0) + NULL, NULL)) + < 0) goto err; if (len > 0) { desc = app_malloc(len + 1, "description buffer"); if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, - NULL) <= 0) + NULL) + <= 0) goto err; } /* Now decide on the output */ @@ -203,8 +211,7 @@ /* * We're just listing names, comma-delimited */ - if ((xpos > (int)strlen(indent)) && - (xpos + (int)strlen(name) > line_wrap)) { + if ((xpos > (int)strlen(indent)) && (xpos + (int)strlen(name) > line_wrap)) { BIO_printf(out, "\n"); xpos = BIO_puts(out, indent); } @@ -212,7 +219,7 @@ } else { /* We're listing names plus descriptions */ BIO_printf(out, "%s: %s\n", name, - (desc == NULL) ? "" : desc); + (desc == NULL) ? "" : desc); /* ... and sometimes input flags */ if ((verbose >= 3) && !util_flags(out, flags, indent)) goto err; @@ -229,7 +236,7 @@ if (xpos > 0) BIO_printf(out, "\n"); ret = 1; - err: +err: sk_OPENSSL_STRING_free(cmds); OPENSSL_free(name); OPENSSL_free(desc); @@ -237,7 +244,7 @@ } static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, - BIO *out, const char *indent) + BIO *out, const char *indent) { int loop, res, num = sk_OPENSSL_STRING_num(cmds); @@ -249,7 +256,7 @@ char buf[256]; const char *cmd, *arg; cmd = sk_OPENSSL_STRING_value(cmds, loop); - res = 1; /* assume success */ + res = 1; /* assume success */ /* Check if this command has no ":arg" */ if ((arg = strstr(cmd, ":")) == NULL) { if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) @@ -261,7 +268,7 @@ } memcpy(buf, cmd, (int)(arg - cmd)); buf[arg - cmd] = '\0'; - arg++; /* Move past the ":" */ + arg++; /* Move past the ":" */ /* Call the command with the argument */ if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) res = 0; @@ -288,7 +295,7 @@ if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) { char buf[256]; BIO_snprintf(buf, sizeof(buf), "STORE(%s)", - OSSL_STORE_LOADER_get0_scheme(loader)); + OSSL_STORE_LOADER_get0_scheme(loader)); if (!append_buf(ctx->cap_buf, ctx->cap_size, buf)) ctx->ok = 0; } @@ -365,10 +372,10 @@ /* Any remaining arguments are engine names. */ argc = opt_num_rest(); argv = opt_rest(); - for ( ; *argv; argv++) { + for (; *argv; argv++) { if (**argv == '-') { BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n", - prog); + prog); BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; } @@ -393,7 +400,7 @@ util_do_cmds(e, pre_cmds, out, indent); if (strcmp(ENGINE_get_id(e), id) != 0) { BIO_printf(out, "Loaded: (%s) %s\n", - ENGINE_get_id(e), ENGINE_get_name(e)); + ENGINE_get_id(e), ENGINE_get_name(e)); } if (list_cap) { int cap_size = 256; @@ -425,7 +432,7 @@ if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) goto end; - skip_ciphers: + skip_ciphers: fn_d = ENGINE_get_digests(e); if (fn_d == NULL) goto skip_digests; @@ -434,7 +441,7 @@ if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) goto end; - skip_digests: + skip_digests: fn_pk = ENGINE_get_pkey_meths(e); if (fn_pk == NULL) goto skip_pmeths; @@ -442,19 +449,18 @@ for (k = 0; k < n; ++k) if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) goto end; - skip_pmeths: - { - struct util_store_cap_data store_ctx; + skip_pmeths: { + struct util_store_cap_data store_ctx; - store_ctx.engine = e; - store_ctx.cap_buf = &cap_buf; - store_ctx.cap_size = &cap_size; - store_ctx.ok = 1; + store_ctx.engine = e; + store_ctx.cap_buf = &cap_buf; + store_ctx.cap_size = &cap_size; + store_ctx.ok = 1; - OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx); - if (!store_ctx.ok) - goto end; - } + OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx); + if (!store_ctx.ok) + goto end; + } if (cap_buf != NULL && (*cap_buf != '\0')) BIO_printf(out, " [%s]\n", cap_buf); @@ -484,7 +490,7 @@ } } - end: +end: ERR_print_errors(bio_err); sk_OPENSSL_CSTRING_free(engines); --- crypto/openssl/apps/errstr.c.orig +++ crypto/openssl/apps/errstr.c @@ -17,18 +17,20 @@ #include typedef enum OPTION_choice { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP + OPT_ERR = -1, + OPT_EOF = 0, + OPT_HELP } OPTION_CHOICE; const OPTIONS errstr_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_PARAMETERS(), - {"errnum", 0, 0, "Error number(s) to decode"}, - {NULL} + { "errnum", 0, 0, "Error number(s) to decode" }, + { NULL } }; int errstr_main(int argc, char **argv) @@ -57,7 +59,8 @@ * we're still interested in SSL error strings */ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, + NULL); /* All remaining arg are error code. */ ret = 0; @@ -69,6 +72,6 @@ BIO_printf(bio_out, "%s\n", buf); } } - end: +end: return ret; } --- crypto/openssl/apps/fipsinstall.c.orig +++ crypto/openssl/apps/fipsinstall.c @@ -22,8 +22,8 @@ #define BUFSIZE 4096 /* Configuration file values */ -#define VERSION_KEY "version" -#define VERSION_VAL "1" +#define VERSION_KEY "version" +#define VERSION_VAL "1" #define INSTALL_STATUS_VAL "INSTALL_SELF_TEST_KATS_RUN" static OSSL_CALLBACK self_test_events; @@ -34,9 +34,19 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_IN, OPT_OUT, OPT_MODULE, - OPT_PROV_NAME, OPT_SECTION_NAME, OPT_MAC_NAME, OPT_MACOPT, OPT_VERIFY, - OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET, OPT_CONFIG, + OPT_IN, + OPT_OUT, + OPT_MODULE, + OPT_PROV_NAME, + OPT_SECTION_NAME, + OPT_MAC_NAME, + OPT_MACOPT, + OPT_VERIFY, + OPT_NO_LOG, + OPT_CORRUPT_DESC, + OPT_CORRUPT_TYPE, + OPT_QUIET, + OPT_CONFIG, OPT_NO_CONDITIONAL_ERRORS, OPT_NO_SECURITY_CHECKS, OPT_SELF_TEST_ONLOAD @@ -44,38 +54,38 @@ const OPTIONS fipsinstall_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"verify", OPT_VERIFY, '-', - "Verify a config file instead of generating one"}, - {"module", OPT_MODULE, '<', "File name of the provider module"}, - {"provider_name", OPT_PROV_NAME, 's', "FIPS provider name"}, - {"section_name", OPT_SECTION_NAME, 's', - "FIPS Provider config section name (optional)"}, - {"no_conditional_errors", OPT_NO_CONDITIONAL_ERRORS, '-', - "Disable the ability of the fips module to enter an error state if" - " any conditional self tests fail"}, - {"no_security_checks", OPT_NO_SECURITY_CHECKS, '-', - "Disable the run-time FIPS security checks in the module"}, - {"self_test_onload", OPT_SELF_TEST_ONLOAD, '-', - "Forces self tests to always run on module load"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "verify", OPT_VERIFY, '-', + "Verify a config file instead of generating one" }, + { "module", OPT_MODULE, '<', "File name of the provider module" }, + { "provider_name", OPT_PROV_NAME, 's', "FIPS provider name" }, + { "section_name", OPT_SECTION_NAME, 's', + "FIPS Provider config section name (optional)" }, + { "no_conditional_errors", OPT_NO_CONDITIONAL_ERRORS, '-', + "Disable the ability of the fips module to enter an error state if" + " any conditional self tests fail" }, + { "no_security_checks", OPT_NO_SECURITY_CHECKS, '-', + "Disable the run-time FIPS security checks in the module" }, + { "self_test_onload", OPT_SELF_TEST_ONLOAD, '-', + "Forces self tests to always run on module load" }, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input config file, used when verifying"}, + { "in", OPT_IN, '<', "Input config file, used when verifying" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output config file, used when generating"}, - {"mac_name", OPT_MAC_NAME, 's', "MAC name"}, - {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form. " - "See 'PARAMETER NAMES' in the EVP_MAC_ docs"}, - {"noout", OPT_NO_LOG, '-', "Disable logging of self test events"}, - {"corrupt_desc", OPT_CORRUPT_DESC, 's', "Corrupt a self test by description"}, - {"corrupt_type", OPT_CORRUPT_TYPE, 's', "Corrupt a self test by type"}, - {"config", OPT_CONFIG, '<', "The parent config to verify"}, - {"quiet", OPT_QUIET, '-', "No messages, just exit status"}, - {NULL} + { "out", OPT_OUT, '>', "Output config file, used when generating" }, + { "mac_name", OPT_MAC_NAME, 's', "MAC name" }, + { "macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form. " + "See 'PARAMETER NAMES' in the EVP_MAC_ docs" }, + { "noout", OPT_NO_LOG, '-', "Disable logging of self test events" }, + { "corrupt_desc", OPT_CORRUPT_DESC, 's', "Corrupt a self test by description" }, + { "corrupt_type", OPT_CORRUPT_TYPE, 's', "Corrupt a self test by type" }, + { "config", OPT_CONFIG, '<', "The parent config to verify" }, + { "quiet", OPT_QUIET, '-', "No messages, just exit status" }, + { NULL } }; static int do_mac(EVP_MAC_CTX *ctx, unsigned char *tmp, BIO *in, - unsigned char *out, size_t *out_len) + unsigned char *out, size_t *out_len) { int ret = 0; int i; @@ -114,7 +124,7 @@ } static int print_mac(BIO *bio, const char *label, const unsigned char *mac, - size_t len) + size_t len) { int ret; char *hexstr = NULL; @@ -128,13 +138,13 @@ } static int write_config_header(BIO *out, const char *prov_name, - const char *section) + const char *section) { return BIO_printf(out, "openssl_conf = openssl_init\n\n") - && BIO_printf(out, "[openssl_init]\n") - && BIO_printf(out, "providers = provider_section\n\n") - && BIO_printf(out, "[provider_section]\n") - && BIO_printf(out, "%s = %s\n\n", prov_name, section); + && BIO_printf(out, "[openssl_init]\n") + && BIO_printf(out, "providers = provider_section\n\n") + && BIO_printf(out, "[provider_section]\n") + && BIO_printf(out, "%s = %s\n\n", prov_name, section); } /* @@ -145,33 +155,37 @@ * Returns 1 if the config file is written otherwise it returns 0 on error. */ static int write_config_fips_section(BIO *out, const char *section, - unsigned char *module_mac, - size_t module_mac_len, - int conditional_errors, - int security_checks, - unsigned char *install_mac, - size_t install_mac_len) + unsigned char *module_mac, + size_t module_mac_len, + int conditional_errors, + int security_checks, + unsigned char *install_mac, + size_t install_mac_len) { int ret = 0; if (BIO_printf(out, "[%s]\n", section) <= 0 || BIO_printf(out, "activate = 1\n") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, - VERSION_VAL) <= 0 + VERSION_VAL) + <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS, - conditional_errors ? "1" : "0") <= 0 + conditional_errors ? "1" : "0") + <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, - security_checks ? "1" : "0") <= 0 + security_checks ? "1" : "0") + <= 0 || !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac, - module_mac_len)) + module_mac_len)) goto end; if (install_mac != NULL && install_mac_len > 0) { if (!print_mac(out, OSSL_PROV_FIPS_PARAM_INSTALL_MAC, install_mac, - install_mac_len) + install_mac_len) || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, - INSTALL_STATUS_VAL) <= 0) - goto end; + INSTALL_STATUS_VAL) + <= 0) + goto end; } ret = 1; end: @@ -179,24 +193,24 @@ } static CONF *generate_config_and_load(const char *prov_name, - const char *section, - unsigned char *module_mac, - size_t module_mac_len, - int conditional_errors, - int security_checks) + const char *section, + unsigned char *module_mac, + size_t module_mac_len, + int conditional_errors, + int security_checks) { BIO *mem_bio = NULL; CONF *conf = NULL; mem_bio = BIO_new(BIO_s_mem()); - if (mem_bio == NULL) + if (mem_bio == NULL) return 0; if (!write_config_header(mem_bio, prov_name, section) - || !write_config_fips_section(mem_bio, section, - module_mac, module_mac_len, - conditional_errors, - security_checks, - NULL, 0)) + || !write_config_fips_section(mem_bio, section, + module_mac, module_mac_len, + conditional_errors, + security_checks, + NULL, 0)) goto end; conf = app_load_config_bio(mem_bio, NULL); @@ -231,8 +245,8 @@ * install_mac values, otherwise it returns 0. */ static int verify_config(const char *infile, const char *section, - unsigned char *module_mac, size_t module_mac_len, - unsigned char *install_mac, size_t install_mac_len) + unsigned char *module_mac, size_t module_mac_len, + unsigned char *install_mac, size_t install_mac_len) { int ret = 0; char *s = NULL; @@ -257,8 +271,8 @@ } buf1 = OPENSSL_hexstr2buf(s, &len); if (buf1 == NULL - || (size_t)len != module_mac_len - || memcmp(module_mac, buf1, module_mac_len) != 0) { + || (size_t)len != module_mac_len + || memcmp(module_mac, buf1, module_mac_len) != 0) { BIO_printf(bio_err, "Module integrity mismatch\n"); goto end; } @@ -275,8 +289,8 @@ } buf2 = OPENSSL_hexstr2buf(s, &len); if (buf2 == NULL - || (size_t)len != install_mac_len - || memcmp(install_mac, buf2, install_mac_len) != 0) { + || (size_t)len != install_mac_len + || memcmp(install_mac, buf2, install_mac_len) != 0) { BIO_printf(bio_err, "Install indicator status mismatch\n"); goto end; } @@ -319,7 +333,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto cleanup; case OPT_HELP: @@ -393,7 +407,7 @@ ret = OSSL_PROVIDER_available(NULL, prov_name) ? 0 : 1; if (!quiet) BIO_printf(bio_err, "FIPS provider is %s\n", - ret == 0 ? "available" : " not available"); + ret == 0 ? "available" : " not available"); } goto end; } @@ -411,8 +425,8 @@ } if (self_test_log - || self_test_corrupt_desc != NULL - || self_test_corrupt_type != NULL) + || self_test_corrupt_desc != NULL + || self_test_corrupt_type != NULL) OSSL_SELF_TEST_set_callback(NULL, self_test_events, NULL); /* Use the default FIPS HMAC digest and key if not specified. */ @@ -445,8 +459,7 @@ if (opts != NULL) { int ok = 1; - OSSL_PARAM *params = - app_params_new_from_opts(opts, EVP_MAC_settable_ctx_params(mac)); + OSSL_PARAM *params = app_params_new_from_opts(opts, EVP_MAC_settable_ctx_params(mac)); if (params == NULL) goto end; @@ -472,7 +485,7 @@ if (self_test_onload == 0) { mem_bio = BIO_new_mem_buf((const void *)INSTALL_STATUS_VAL, - strlen(INSTALL_STATUS_VAL)); + strlen(INSTALL_STATUS_VAL)); if (mem_bio == NULL) { BIO_printf(bio_err, "Unable to create memory BIO\n"); goto end; @@ -485,33 +498,32 @@ if (verify) { if (!verify_config(in_fname, section_name, module_mac, module_mac_len, - install_mac, install_mac_len)) + install_mac, install_mac_len)) goto end; if (!quiet) BIO_printf(bio_err, "VERIFY PASSED\n"); } else { conf = generate_config_and_load(prov_name, section_name, module_mac, - module_mac_len, - enable_conditional_errors, - enable_security_checks); + module_mac_len, + enable_conditional_errors, + enable_security_checks); if (conf == NULL) goto end; if (!load_fips_prov_and_run_self_test(prov_name)) goto end; - fout = - out_fname == NULL ? dup_bio_out(FORMAT_TEXT) - : bio_open_default(out_fname, 'w', FORMAT_TEXT); + fout = out_fname == NULL ? dup_bio_out(FORMAT_TEXT) + : bio_open_default(out_fname, 'w', FORMAT_TEXT); if (fout == NULL) { BIO_printf(bio_err, "Failed to open file\n"); goto end; } if (!write_config_fips_section(fout, section_name, - module_mac, module_mac_len, - enable_conditional_errors, - enable_security_checks, - install_mac, install_mac_len)) + module_mac, module_mac_len, + enable_conditional_errors, + enable_security_checks, + install_mac, install_mac_len)) goto end; if (!quiet) BIO_printf(bio_err, "INSTALL PASSED\n"); @@ -564,7 +576,7 @@ if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0) BIO_printf(bio_err, "%s : (%s) : ", desc, type); else if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0 - || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0) + || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0) BIO_printf(bio_err, "%s\n", phase); } /* @@ -572,13 +584,13 @@ * error is returned during the corrupt phase. */ if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0 - && (self_test_corrupt_desc != NULL - || self_test_corrupt_type != NULL)) { + && (self_test_corrupt_desc != NULL + || self_test_corrupt_type != NULL)) { if (self_test_corrupt_desc != NULL - && strcmp(self_test_corrupt_desc, desc) != 0) + && strcmp(self_test_corrupt_desc, desc) != 0) goto end; if (self_test_corrupt_type != NULL - && strcmp(self_test_corrupt_type, type) != 0) + && strcmp(self_test_corrupt_type, type) != 0) goto end; BIO_printf(bio_err, "%s ", phase); goto err; --- crypto/openssl/apps/gendsa.c.orig +++ crypto/openssl/apps/gendsa.c @@ -24,30 +24,35 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_OUT, + OPT_PASSOUT, + OPT_ENGINE, + OPT_CIPHER, + OPT_VERBOSE, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS gendsa_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] dsaparam-file\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] dsaparam-file\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output the key to the specified file"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, + { "out", OPT_OUT, '>', "Output the key to the specified file" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, - {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, + { "", OPT_CIPHER, '-', "Encrypt the output with any supported cipher" }, + { "verbose", OPT_VERBOSE, '-', "Verbose output" }, OPT_PARAMETERS(), - {"dsaparam-file", 0, 0, "File containing DSA parameters"}, - {NULL} + { "dsaparam-file", 0, 0, "File containing DSA parameters" }, + { NULL } }; int gendsa_main(int argc, char **argv) @@ -67,7 +72,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -130,9 +135,9 @@ nbits = EVP_PKEY_get_bits(pkey); if (nbits > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for DSA keys.\n" - " Your key size is %d! Larger key size may behave not as expected.\n", - OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey)); + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey)); ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, app_get0_propq()); if (ctx == NULL) { @@ -155,10 +160,10 @@ goto end; } ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); - end2: +end2: BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); --- crypto/openssl/apps/genpkey.c.orig +++ crypto/openssl/apps/genpkey.c @@ -18,44 +18,53 @@ static int quiet; static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); static int genpkey_cb(EVP_PKEY_CTX *ctx); typedef enum OPTION_choice { OPT_COMMON, - OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE, - OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER, - OPT_QUIET, OPT_CONFIG, + OPT_ENGINE, + OPT_OUTFORM, + OPT_OUT, + OPT_PASS, + OPT_PARAMFILE, + OPT_ALGORITHM, + OPT_PKEYOPT, + OPT_GENPARAM, + OPT_TEXT, + OPT_CIPHER, + OPT_QUIET, + OPT_CONFIG, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS genpkey_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - {"paramfile", OPT_PARAMFILE, '<', "Parameters file"}, - {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"}, - {"quiet", OPT_QUIET, '-', "Do not output status while generating keys"}, - {"pkeyopt", OPT_PKEYOPT, 's', - "Set the public key algorithm option as opt:value"}, - OPT_CONFIG_OPTION, + { "paramfile", OPT_PARAMFILE, '<', "Parameters file" }, + { "algorithm", OPT_ALGORITHM, 's', "The public key algorithm" }, + { "quiet", OPT_QUIET, '-', "Do not output status while generating keys" }, + { "pkeyopt", OPT_PKEYOPT, 's', + "Set the public key algorithm option as opt:value" }, + OPT_CONFIG_OPTION, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"}, - {"pass", OPT_PASS, 's', "Output file pass phrase source"}, - {"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"}, - {"text", OPT_TEXT, '-', "Print the in text"}, - {"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "output format (DER or PEM)" }, + { "pass", OPT_PASS, 's', "Output file pass phrase source" }, + { "genparam", OPT_GENPARAM, '-', "Generate parameters, not key" }, + { "text", OPT_TEXT, '-', "Print the in text" }, + { "", OPT_CIPHER, '-', "Cipher to use to encrypt the key" }, OPT_PROV_OPTIONS, /* This is deliberately last. */ - {OPT_HELP_STR, 1, 1, - "Order of options may be important! See the documentation.\n"}, - {NULL} + { OPT_HELP_STR, 1, 1, + "Order of options may be important! See the documentation.\n" }, + { NULL } }; int genpkey_main(int argc, char **argv) @@ -82,7 +91,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -218,7 +227,7 @@ } } - end: +end: sk_OPENSSL_STRING_free(keyopt); if (ret != 0) ERR_print_errors(bio_err); @@ -234,7 +243,7 @@ } static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { BIO *pbio; EVP_PKEY *pkey = NULL; @@ -270,18 +279,17 @@ *pctx = ctx; return 1; - err: +err: BIO_puts(bio_err, "Error initializing context\n"); ERR_print_errors(bio_err); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); return 0; - } int init_gen_str(EVP_PKEY_CTX **pctx, - const char *algname, ENGINE *e, int do_param, - OSSL_LIB_CTX *libctx, const char *propq) + const char *algname, ENGINE *e, int do_param, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY_CTX *ctx = NULL; int pkey_id; @@ -310,12 +318,11 @@ *pctx = ctx; return 1; - err: +err: BIO_printf(bio_err, "Error initializing %s context\n", algname); ERR_print_errors(bio_err); EVP_PKEY_CTX_free(ctx); return 0; - } static int genpkey_cb(EVP_PKEY_CTX *ctx) --- crypto/openssl/apps/genrsa.c.orig +++ crypto/openssl/apps/genrsa.c @@ -36,42 +36,49 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 OPT_3, #endif - OPT_F4, OPT_ENGINE, - OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE, - OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL + OPT_F4, + OPT_ENGINE, + OPT_OUT, + OPT_PASSOUT, + OPT_CIPHER, + OPT_PRIMES, + OPT_VERBOSE, + OPT_R_ENUM, + OPT_PROV_ENUM, + OPT_TRADITIONAL } OPTION_CHOICE; const OPTIONS genrsa_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Input"), #ifndef OPENSSL_NO_DEPRECATED_3_0 - {"3", OPT_3, '-', "(deprecated) Use 3 for the E value"}, + { "3", OPT_3, '-', "(deprecated) Use 3 for the E value" }, #endif - {"F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"}, - {"f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"}, + { "F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value" }, + { "f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output the key to specified file"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"primes", OPT_PRIMES, 'p', "Specify number of primes"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - {"traditional", OPT_TRADITIONAL, '-', - "Use traditional format for private keys"}, - {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, + { "out", OPT_OUT, '>', "Output the key to specified file" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "primes", OPT_PRIMES, 'p', "Specify number of primes" }, + { "verbose", OPT_VERBOSE, '-', "Verbose output" }, + { "traditional", OPT_TRADITIONAL, '-', + "Use traditional format for private keys" }, + { "", OPT_CIPHER, '-', "Encrypt the output with any supported cipher" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"numbits", 0, 0, "Size of key in bits"}, - {NULL} + { "numbits", 0, 0, "Size of key in bits" }, + { NULL } }; int genrsa_main(int argc, char **argv) @@ -98,7 +105,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -154,9 +161,9 @@ goto end; if (num > OPENSSL_RSA_MAX_MODULUS_BITS) BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for RSA keys.\n" - " Your key size is %d! Larger key size may behave not as expected.\n", - OPENSSL_RSA_MAX_MODULUS_BITS, num); + "Warning: It is not recommended to use more than %d bit for RSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_RSA_MAX_MODULUS_BITS, num); } else if (argc > 0) { BIO_printf(bio_err, "Extra arguments given.\n"); goto opthelp; @@ -180,7 +187,7 @@ goto end; if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(), - app_get0_propq())) + app_get0_propq())) goto end; EVP_PKEY_CTX_set_cb(ctx, genrsa_cb); @@ -226,7 +233,7 @@ } if (traditional) { if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0, - NULL, passout)) + NULL, passout)) goto end; } else { if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) @@ -234,7 +241,7 @@ } ret = 0; - end: +end: BN_free(bn); BN_GENCB_free(cb); EVP_PKEY_CTX_free(ctx); --- crypto/openssl/apps/include/app_libctx.h.orig +++ crypto/openssl/apps/include/app_libctx.h @@ -8,9 +8,9 @@ */ #ifndef OSSL_APPS_LIBCTX_H -# define OSSL_APPS_LIBCTX_H +#define OSSL_APPS_LIBCTX_H -# include +#include OSSL_LIB_CTX *app_create_libctx(void); OSSL_LIB_CTX *app_get0_libctx(void); --- crypto/openssl/apps/include/app_params.h.orig +++ crypto/openssl/apps/include/app_params.h @@ -11,4 +11,3 @@ int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent); void print_param_value(const OSSL_PARAM *p, int indent); - --- crypto/openssl/apps/include/apps.h.orig +++ crypto/openssl/apps/include/apps.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,44 +8,44 @@ */ #ifndef OSSL_APPS_H -# define OSSL_APPS_H - -# include "e_os.h" /* struct timeval for DTLS */ -# include "internal/nelem.h" -# include "internal/sockets.h" /* for openssl_fdset() */ -# include "internal/cryptlib.h" /* ossl_assert() */ -# include - -# include -# include -# ifndef OPENSSL_NO_POSIX_IO -# include -# include -# endif - -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include "apps_ui.h" -# include "opt.h" -# include "fmt.h" -# include "platform.h" -# include "engine_loader.h" -# include "app_libctx.h" +#define OSSL_APPS_H + +#include "e_os.h" /* struct timeval for DTLS */ +#include "internal/nelem.h" +#include "internal/sockets.h" /* for openssl_fdset() */ +#include "internal/cryptlib.h" /* ossl_assert() */ +#include + +#include +#include +#ifndef OPENSSL_NO_POSIX_IO +#include +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "apps_ui.h" +#include "opt.h" +#include "fmt.h" +#include "platform.h" +#include "engine_loader.h" +#include "app_libctx.h" /* * quick macro when you need to pass an unsigned char instead of a char. * this is true for some implementations of the is*() functions, for * example. */ -# define _UC(c) ((unsigned char)(c)) +#define _UC(c) ((unsigned char)(c)) void app_RAND_load_conf(CONF *c, const char *section); int app_RAND_write(void); @@ -74,16 +74,16 @@ CONF *app_load_config_modules(const char *configfile); void unbuffer(FILE *fp); void wait_for_async(SSL *s); -# if defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_MSDOS) int has_stdin_waiting(void); -# endif +#endif void corrupt_signature(const ASN1_STRING *signature); int set_cert_times(X509 *x, const char *startdate, const char *enddate, - int days); + int days); int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate); int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate, - long days, long hours, long secs); + long days, long hours, long secs); typedef struct args_st { int size; @@ -94,11 +94,10 @@ /* We need both wrap and the "real" function because libcrypto uses both. */ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); -int chopup_args(ARGS *arg, char *buf); void dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, const X509_NAME *nm); -void print_bignum_var(BIO *, const BIGNUM *, const char*, - int, unsigned char *); +void print_bignum_var(BIO *, const BIGNUM *, const char *, + int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); int set_nameopt(const char *arg); unsigned long get_nameopt(void); @@ -112,53 +111,53 @@ int add_oid_section(CONF *conf); X509_REQ *load_csr(const char *file, int format, const char *desc); X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc); + const char *pass, const char *desc); #define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc) X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, - const char *desc); + const char *desc); void cleanse(char *str); void clear_free(char *str); EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *desc); + const char *pass, ENGINE *e, const char *desc); EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *desc); + const char *pass, ENGINE *e, const char *desc); EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc); + const char *keytype, const char *desc); EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc, - int suppress_decode_errors); + const char *keytype, const char *desc, + int suppress_decode_errors); char *next_item(char *opt); /* in list separated by comma and/or space */ int load_cert_certs(const char *uri, - X509 **pcert, STACK_OF(X509) **pcerts, - int exclude_http, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm); + X509 **pcert, STACK_OF(X509) **pcerts, + int exclude_http, const char *pass, const char *desc, + X509_VERIFY_PARAM *vpm); STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, - const char *desc, X509_VERIFY_PARAM *vpm); + const char *desc, X509_VERIFY_PARAM *vpm); X509_STORE *load_certstore(char *input, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm); + X509_VERIFY_PARAM *vpm); int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, - const char *pass, const char *desc); + const char *pass, const char *desc); int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, - const char *pass, const char *desc); + const char *pass, const char *desc); int load_key_certs_crls(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls); + const char *pass, const char *desc, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, + X509 **pcert, STACK_OF(X509) **pcerts, + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls); int load_key_cert_crl(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - X509 **pcert, X509_CRL **pcrl); + const char *pass, const char *desc, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + X509 **pcert, X509_CRL **pcrl); X509_STORE *setup_verify(const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore); + const char *CApath, int noCApath, + const char *CAstore, int noCAstore); __owur int ctx_set_verify_locations(SSL_CTX *ctx, - const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore); + const char *CAfile, int noCAfile, + const char *CApath, int noCApath, + const char *CAstore, int noCAstore); -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT /* * Sets the file to load the Certificate Transparency log list from. @@ -167,10 +166,10 @@ */ __owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path); -# endif +#endif ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug); -# define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug) +#define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug) void release_engine(ENGINE *e); int init_engine(ENGINE *e); int finish_engine(ENGINE *e); @@ -180,31 +179,31 @@ const EVP_MD *get_digest_from_engine(const char *name); const EVP_CIPHER *get_cipher_from_engine(const char *name); -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host, - const char *port, const char *path, - const char *proxy, const char *no_proxy, - int use_ssl, STACK_OF(CONF_VALUE) *headers, - int req_timeout); -# endif + const char *port, const char *path, + const char *proxy, const char *no_proxy, + int use_ssl, STACK_OF(CONF_VALUE) *headers, + int req_timeout); +#endif /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - ASN1_GENERALIZEDTIME **pinvtm, const char *str); - -# define DB_type 0 -# define DB_exp_date 1 -# define DB_rev_date 2 -# define DB_serial 3 /* index - unique */ -# define DB_file 4 -# define DB_name 5 /* index - unique when active and not - * disabled */ -# define DB_NUMBER 6 - -# define DB_TYPE_REV 'R' /* Revoked */ -# define DB_TYPE_EXP 'E' /* Expired */ -# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */ -# define DB_TYPE_SUSP 'S' /* Suspended */ + ASN1_GENERALIZEDTIME **pinvtm, const char *str); + +#define DB_type 0 +#define DB_exp_date 1 +#define DB_rev_date 2 +#define DB_serial 3 /* index - unique */ +#define DB_file 4 +#define DB_name 5 /* index - unique when active and not \ + * disabled */ +#define DB_NUMBER 6 + +#define DB_TYPE_REV 'R' /* Revoked */ +#define DB_TYPE_EXP 'E' /* Expired */ +#define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */ +#define DB_TYPE_SUSP 'S' /* Suspended */ typedef struct db_attr_st { int unique_subject; @@ -213,9 +212,9 @@ DB_ATTR attributes; TXT_DB *db; char *dbfname; -# ifndef OPENSSL_NO_POSIX_IO +#ifndef OPENSSL_NO_POSIX_IO struct stat dbst; -# endif +#endif } CA_DB; void app_bail_out(char *fmt, ...); @@ -223,53 +222,52 @@ /* load_serial, save_serial, and rotate_serial are also used for CRL numbers */ BIGNUM *load_serial(const char *serialfile, int *exists, int create, - ASN1_INTEGER **retai); + ASN1_INTEGER **retai); int save_serial(const char *serialfile, const char *suffix, - const BIGNUM *serial, ASN1_INTEGER **retai); + const BIGNUM *serial, ASN1_INTEGER **retai); int rotate_serial(const char *serialfile, const char *new_suffix, - const char *old_suffix); + const char *old_suffix); int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr); int index_index(CA_DB *db); int save_index(const char *dbfile, const char *suffix, CA_DB *db); int rotate_index(const char *dbfile, const char *new_suffix, - const char *old_suffix); + const char *old_suffix); void free_index(CA_DB *db); -# define index_name_cmp_noconst(a, b) \ - index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ +#define index_name_cmp_noconst(a, b) \ + index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b)) int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b); int parse_yesno(const char *str, int def); X509_NAME *parse_name(const char *str, int chtype, int multirdn, - const char *desc); + const char *desc); void policies_print(X509_STORE_CTX *ctx); int bio_to_mem(unsigned char **out, int maxlen, BIO *in); int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value); int x509_ctrl_string(X509 *x, const char *value); int x509_req_ctrl_string(X509_REQ *x, const char *value); int init_gen_str(EVP_PKEY_CTX **pctx, - const char *algname, ENGINE *e, int do_param, - OSSL_LIB_CTX *libctx, const char *propq); + const char *algname, ENGINE *e, int do_param, + OSSL_LIB_CTX *libctx, const char *propq); int do_X509_sign(X509 *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx); + STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx); int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts); int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts); + STACK_OF(OPENSSL_STRING) *sigopts); int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, - STACK_OF(OPENSSL_STRING) *vfyopts); + STACK_OF(OPENSSL_STRING) *vfyopts); int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts); + STACK_OF(OPENSSL_STRING) *sigopts); extern char *psk_key; - unsigned char *next_protos_parse(size_t *outlen, const char *in); void print_cert_checks(BIO *bio, X509 *x, - const char *checkhost, - const char *checkemail, const char *checkip); + const char *checkhost, + const char *checkemail, const char *checkip); void store_setup_crl_download(X509_STORE *st); @@ -281,38 +279,38 @@ SSL_CTX *ssl_ctx; } APP_HTTP_TLS_INFO; BIO *app_http_tls_cb(BIO *hbio, /* APP_HTTP_TLS_INFO */ void *arg, - int connect, int detail); + int connect, int detail); void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info); -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, - const char *no_proxy, SSL_CTX *ssl_ctx, - const STACK_OF(CONF_VALUE) *headers, - long timeout, const char *expected_content_type, - const ASN1_ITEM *it); + const char *no_proxy, SSL_CTX *ssl_ctx, + const STACK_OF(CONF_VALUE) *headers, + long timeout, const char *expected_content_type, + const ASN1_ITEM *it); ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, - const char *path, const char *proxy, - const char *no_proxy, SSL_CTX *ctx, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, - const char *expected_content_type, - long timeout, const ASN1_ITEM *rsp_it); -# endif + const char *path, const char *proxy, + const char *no_proxy, SSL_CTX *ctx, + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, + ASN1_VALUE *req, const ASN1_ITEM *req_it, + const char *expected_content_type, + long timeout, const ASN1_ITEM *rsp_it); +#endif -# define EXT_COPY_NONE 0 -# define EXT_COPY_ADD 1 -# define EXT_COPY_ALL 2 +#define EXT_COPY_NONE 0 +#define EXT_COPY_ADD 1 +#define EXT_COPY_ALL 2 -# define NETSCAPE_CERT_HDR "certificate" +#define NETSCAPE_CERT_HDR "certificate" -# define APP_PASS_LEN 1024 +#define APP_PASS_LEN 1024 /* * IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits * so that the first bit will never be one, so that the DER encoding * rules won't force a leading octet. */ -# define SERIAL_RAND_BITS 159 +#define SERIAL_RAND_BITS 159 int app_isdir(const char *); int app_access(const char *, int flag); @@ -321,8 +319,8 @@ int raw_read_stdin(void *, int); int raw_write_stdout(const void *, int); -# define TM_START 0 -# define TM_STOP 1 +#define TM_START 0 +#define TM_STOP 1 double app_tminterval(int stop, int usertime); void make_uppercase(char *string); @@ -337,7 +335,7 @@ extern VERIFY_CB_ARGS verify_args; OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, - const OSSL_PARAM *paramdefs); + const OSSL_PARAM *paramdefs); void app_params_free(OSSL_PARAM *params); int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name); void app_providers_cleanup(void); --- crypto/openssl/apps/include/apps_ui.h.orig +++ crypto/openssl/apps/include/apps_ui.h @@ -8,10 +8,9 @@ */ #ifndef OSSL_APPS_UI_H -# define OSSL_APPS_UI_H +#define OSSL_APPS_UI_H - -# define PW_MIN_LENGTH 4 +#define PW_MIN_LENGTH 4 typedef struct pw_cb_data { const void *password; const char *prompt_info; --- crypto/openssl/apps/include/cmp_mock_srv.h.orig +++ crypto/openssl/apps/include/cmp_mock_srv.h @@ -9,27 +9,27 @@ */ #ifndef OSSL_APPS_CMP_MOCK_SRV_H -# define OSSL_APPS_CMP_MOCK_SRV_H +#define OSSL_APPS_CMP_MOCK_SRV_H -# include -# ifndef OPENSSL_NO_CMP +#include +#ifndef OPENSSL_NO_CMP -# include +#include OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx); int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *chain); + STACK_OF(X509) *chain); int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *caPubs); + STACK_OF(X509) *caPubs); int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status, - int fail_info, const char *text); + int fail_info, const char *text); int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype); int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count); int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec); -# endif /* !defined(OPENSSL_NO_CMP) */ +#endif /* !defined(OPENSSL_NO_CMP) */ #endif /* !defined(OSSL_APPS_CMP_MOCK_SRV_H) */ --- crypto/openssl/apps/include/engine_loader.h.orig +++ crypto/openssl/apps/include/engine_loader.h @@ -7,13 +7,13 @@ * https://www.openssl.org/source/license.html */ #ifndef HEADER_ENGINE_LOADER_H -# define HEADER_ENGINE_LOADER_H +#define HEADER_ENGINE_LOADER_H -# include +#include /* this is a private URI scheme */ -# define ENGINE_SCHEME "org.openssl.engine" -# define ENGINE_SCHEME_COLON (ENGINE_SCHEME ":") +#define ENGINE_SCHEME "org.openssl.engine" +#define ENGINE_SCHEME_COLON (ENGINE_SCHEME ":") int setup_engine_loader(void); void destroy_engine_loader(void); --- crypto/openssl/apps/include/fmt.h.orig +++ crypto/openssl/apps/include/fmt.h @@ -23,22 +23,22 @@ * contents. The FORMAT_xxx macros are meant to express an intent with the * file being read or created. */ -# define B_FORMAT_TEXT 0x8000 -# define FORMAT_UNDEF 0 -# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */ -# define FORMAT_BINARY 2 /* Generic binary */ -# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */ -# define FORMAT_ASN1 4 /* ASN.1/DER */ -# define FORMAT_PEM (5 | B_FORMAT_TEXT) -# define FORMAT_PKCS12 6 -# define FORMAT_SMIME (7 | B_FORMAT_TEXT) -# define FORMAT_ENGINE 8 /* Not really a file format */ -# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */ -# define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */ -# define FORMAT_MSBLOB 11 /* MS Key blob format */ -# define FORMAT_PVK 12 /* MS PVK file format */ -# define FORMAT_HTTP 13 /* Download using HTTP */ -# define FORMAT_NSS 14 /* NSS keylog format */ +#define B_FORMAT_TEXT 0x8000 +#define FORMAT_UNDEF 0 +#define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */ +#define FORMAT_BINARY 2 /* Generic binary */ +#define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */ +#define FORMAT_ASN1 4 /* ASN.1/DER */ +#define FORMAT_PEM (5 | B_FORMAT_TEXT) +#define FORMAT_PKCS12 6 +#define FORMAT_SMIME (7 | B_FORMAT_TEXT) +#define FORMAT_ENGINE 8 /* Not really a file format */ +#define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */ +#define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */ +#define FORMAT_MSBLOB 11 /* MS Key blob format */ +#define FORMAT_PVK 12 /* MS PVK file format */ +#define FORMAT_HTTP 13 /* Download using HTTP */ +#define FORMAT_NSS 14 /* NSS keylog format */ int FMT_istext(int format); --- crypto/openssl/apps/include/function.h.orig +++ crypto/openssl/apps/include/function.h @@ -8,16 +8,21 @@ */ #ifndef OSSL_APPS_FUNCTION_H -# define OSSL_APPS_FUNCTION_H +#define OSSL_APPS_FUNCTION_H -# include -# include "opt.h" +#include +#include "opt.h" -#define DEPRECATED_NO_ALTERNATIVE "unknown" +#define DEPRECATED_NO_ALTERNATIVE "unknown" typedef enum FUNC_TYPE { - FT_none, FT_general, FT_md, FT_cipher, FT_pkey, - FT_md_alg, FT_cipher_alg + FT_none, + FT_general, + FT_md, + FT_cipher, + FT_pkey, + FT_md_alg, + FT_cipher_alg } FUNC_TYPE; typedef struct function_st { --- crypto/openssl/apps/include/http_server.h.orig +++ crypto/openssl/apps/include/http_server.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,42 +8,42 @@ */ #ifndef OSSL_HTTP_SERVER_H -# define OSSL_HTTP_SERVER_H +#define OSSL_HTTP_SERVER_H -# include "apps.h" +#include "apps.h" -# ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# endif -# endif +#ifndef HAVE_FORK +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +#define HAVE_FORK 0 +#else +#define HAVE_FORK 1 +#endif +#endif -# if HAVE_FORK -# undef NO_FORK -# else -# define NO_FORK -# endif +#if HAVE_FORK +#undef NO_FORK +#else +#define NO_FORK +#endif -# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ +#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ && !defined(OPENSSL_NO_POSIX_IO) -# define HTTP_DAEMON -# include -# include -# include -# include -# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ -# else -# undef LOG_DEBUG -# undef LOG_INFO -# undef LOG_WARNING -# undef LOG_ERR -# define LOG_DEBUG 7 -# define LOG_INFO 6 -# define LOG_WARNING 4 -# define LOG_ERR 3 -# endif +#define HTTP_DAEMON +#include +#include +#include +#include +#define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ +#else +#undef LOG_DEBUG +#undef LOG_INFO +#undef LOG_WARNING +#undef LOG_ERR +#define LOG_DEBUG 7 +#define LOG_INFO 6 +#define LOG_WARNING 4 +#define LOG_ERR 3 +#endif /*- * Log a message to syslog if multi-threaded HTTP_DAEMON, else to bio_err @@ -54,7 +54,7 @@ */ void log_message(const char *prog, int level, const char *fmt, ...); -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK /*- * Initialize an HTTP server by setting up its listening BIO * prog: the name of the current app @@ -84,24 +84,24 @@ * The caller must free any non-NULL *preq, *ppath, and *pcbio pointers. */ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, - char **ppath, BIO **pcbio, BIO *acbio, - int *found_keep_alive, - const char *prog, const char *port, - int accept_get, int timeout); + char **ppath, BIO **pcbio, BIO *acbio, + int *found_keep_alive, + const char *prog, const char *port, + int accept_get, int timeout); /*- * Send an ASN.1-formatted HTTP response * cbio: destination BIO (typically as returned by http_server_get_asn1_req()) * note: cbio should not do an encoding that changes the output length - * keep_alive: grant persistent connnection + * keep_alive: grant persistent connection * content_type: string identifying the type of the response * it: the response ASN.1 type * resp: the response to send * returns 1 on success, 0 on failure */ int http_server_send_asn1_resp(BIO *cbio, int keep_alive, - const char *content_type, - const ASN1_ITEM *it, const ASN1_VALUE *resp); + const char *content_type, + const ASN1_ITEM *it, const ASN1_VALUE *resp); /*- * Send a trivial HTTP response, typically to report an error or OK @@ -112,14 +112,14 @@ */ int http_server_send_status(BIO *cbio, int status, const char *reason); -# endif +#endif -# ifdef HTTP_DAEMON +#ifdef HTTP_DAEMON extern int multi; extern int acfd; void socket_timeout(int signum); void spawn_loop(const char *prog); -# endif +#endif #endif --- crypto/openssl/apps/include/names.h.orig +++ crypto/openssl/apps/include/names.h @@ -10,7 +10,7 @@ #include /* Standard comparing function for names */ -int name_cmp(const char * const *a, const char * const *b); +int name_cmp(const char *const *a, const char *const *b); /* collect_names is meant to be used with EVP_{type}_doall_names */ void collect_names(const char *name, void *vdata); /* Sorts and prints a stack of names to |out| */ --- crypto/openssl/apps/include/opt.h.orig +++ crypto/openssl/apps/include/opt.h @@ -19,283 +19,294 @@ /* * Common verification options. */ -# define OPT_V_ENUM \ - OPT_V__FIRST=2000, \ - OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \ - OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \ - OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \ - OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \ - OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \ - OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \ - OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ - OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ - OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ - OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \ - OPT_V__LAST - -# define OPT_V_OPTIONS \ - OPT_SECTION("Validation"), \ - { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \ - { "purpose", OPT_V_PURPOSE, 's', \ - "certificate chain purpose"}, \ - { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \ - { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \ - "chain depth limit" }, \ - { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \ - "chain authentication security level" }, \ - { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ - { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ - "expected peer hostname" }, \ - { "verify_email", OPT_V_VERIFY_EMAIL, 's', \ - "expected peer email" }, \ - { "verify_ip", OPT_V_VERIFY_IP, 's', \ - "expected peer IP address" }, \ - { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \ - "permit unhandled critical extensions"}, \ - { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \ - { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \ - { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \ - { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \ - { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \ - "set policy variable require-explicit-policy"}, \ - { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \ - "set policy variable inhibit-any-policy"}, \ - { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \ - "set policy variable inhibit-policy-mapping"}, \ - { "x509_strict", OPT_V_X509_STRICT, '-', \ - "disable certificate compatibility work-arounds"}, \ - { "extended_crl", OPT_V_EXTENDED_CRL, '-', \ - "enable extended CRL features"}, \ - { "use_deltas", OPT_V_USE_DELTAS, '-', \ - "use delta CRLs"}, \ - { "policy_print", OPT_V_POLICY_PRINT, '-', \ - "print policy processing diagnostics"}, \ - { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \ - "check root CA self-signatures"}, \ - { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \ - "search trust store first (default)" }, \ - { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \ - { "suiteB_128", OPT_V_SUITEB_128, '-', \ - "Suite B 128-bit mode allowing 192-bit algorithms"}, \ - { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \ - { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \ - "accept chains anchored by intermediate trust-store CAs"}, \ - { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \ +#define OPT_V_ENUM \ + OPT_V__FIRST = 2000, \ + OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \ + OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \ + OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \ + OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \ + OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \ + OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \ + OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ + OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ + OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ + OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \ + OPT_V__LAST + +#define OPT_V_OPTIONS \ + OPT_SECTION("Validation"), \ + { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set" }, \ + { "purpose", OPT_V_PURPOSE, 's', \ + "certificate chain purpose" }, \ + { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name" }, \ + { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \ + "chain depth limit" }, \ + { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \ + "chain authentication security level" }, \ + { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ + { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ + "expected peer hostname" }, \ + { "verify_email", OPT_V_VERIFY_EMAIL, 's', \ + "expected peer email" }, \ + { "verify_ip", OPT_V_VERIFY_IP, 's', \ + "expected peer IP address" }, \ + { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \ + "permit unhandled critical extensions" }, \ + { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)" }, \ + { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \ + { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \ + { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks" }, \ + { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \ + "set policy variable require-explicit-policy" }, \ + { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \ + "set policy variable inhibit-any-policy" }, \ + { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \ + "set policy variable inhibit-policy-mapping" }, \ + { "x509_strict", OPT_V_X509_STRICT, '-', \ + "disable certificate compatibility work-arounds" }, \ + { "extended_crl", OPT_V_EXTENDED_CRL, '-', \ + "enable extended CRL features" }, \ + { "use_deltas", OPT_V_USE_DELTAS, '-', \ + "use delta CRLs" }, \ + { "policy_print", OPT_V_POLICY_PRINT, '-', \ + "print policy processing diagnostics" }, \ + { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \ + "check root CA self-signatures" }, \ + { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \ + "search trust store first (default)" }, \ + { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode" }, \ + { "suiteB_128", OPT_V_SUITEB_128, '-', \ + "Suite B 128-bit mode allowing 192-bit algorithms" }, \ + { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \ + { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \ + "accept chains anchored by intermediate trust-store CAs" }, \ + { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \ { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \ { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" } -# define OPT_V_CASES \ - OPT_V__FIRST: case OPT_V__LAST: break; \ - case OPT_V_POLICY: \ - case OPT_V_PURPOSE: \ - case OPT_V_VERIFY_NAME: \ - case OPT_V_VERIFY_DEPTH: \ - case OPT_V_VERIFY_AUTH_LEVEL: \ - case OPT_V_ATTIME: \ - case OPT_V_VERIFY_HOSTNAME: \ - case OPT_V_VERIFY_EMAIL: \ - case OPT_V_VERIFY_IP: \ - case OPT_V_IGNORE_CRITICAL: \ - case OPT_V_ISSUER_CHECKS: \ - case OPT_V_CRL_CHECK: \ - case OPT_V_CRL_CHECK_ALL: \ - case OPT_V_POLICY_CHECK: \ - case OPT_V_EXPLICIT_POLICY: \ - case OPT_V_INHIBIT_ANY: \ - case OPT_V_INHIBIT_MAP: \ - case OPT_V_X509_STRICT: \ - case OPT_V_EXTENDED_CRL: \ - case OPT_V_USE_DELTAS: \ - case OPT_V_POLICY_PRINT: \ - case OPT_V_CHECK_SS_SIG: \ - case OPT_V_TRUSTED_FIRST: \ - case OPT_V_SUITEB_128_ONLY: \ - case OPT_V_SUITEB_128: \ - case OPT_V_SUITEB_192: \ - case OPT_V_PARTIAL_CHAIN: \ - case OPT_V_NO_ALT_CHAINS: \ - case OPT_V_NO_CHECK_TIME: \ - case OPT_V_ALLOW_PROXY_CERTS +#define OPT_V_CASES \ + OPT_V__FIRST: \ + case OPT_V__LAST: \ + break; \ + case OPT_V_POLICY: \ + case OPT_V_PURPOSE: \ + case OPT_V_VERIFY_NAME: \ + case OPT_V_VERIFY_DEPTH: \ + case OPT_V_VERIFY_AUTH_LEVEL: \ + case OPT_V_ATTIME: \ + case OPT_V_VERIFY_HOSTNAME: \ + case OPT_V_VERIFY_EMAIL: \ + case OPT_V_VERIFY_IP: \ + case OPT_V_IGNORE_CRITICAL: \ + case OPT_V_ISSUER_CHECKS: \ + case OPT_V_CRL_CHECK: \ + case OPT_V_CRL_CHECK_ALL: \ + case OPT_V_POLICY_CHECK: \ + case OPT_V_EXPLICIT_POLICY: \ + case OPT_V_INHIBIT_ANY: \ + case OPT_V_INHIBIT_MAP: \ + case OPT_V_X509_STRICT: \ + case OPT_V_EXTENDED_CRL: \ + case OPT_V_USE_DELTAS: \ + case OPT_V_POLICY_PRINT: \ + case OPT_V_CHECK_SS_SIG: \ + case OPT_V_TRUSTED_FIRST: \ + case OPT_V_SUITEB_128_ONLY: \ + case OPT_V_SUITEB_128: \ + case OPT_V_SUITEB_192: \ + case OPT_V_PARTIAL_CHAIN: \ + case OPT_V_NO_ALT_CHAINS: \ + case OPT_V_NO_CHECK_TIME: \ + case OPT_V_ALLOW_PROXY_CERTS /* * Common "extended validation" options. */ -# define OPT_X_ENUM \ - OPT_X__FIRST=1000, \ - OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \ - OPT_X_CERTFORM, OPT_X_KEYFORM, \ - OPT_X__LAST - -# define OPT_X_OPTIONS \ - OPT_SECTION("Extended certificate"), \ - { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \ - { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \ - { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \ - { "xchain_build", OPT_X_CHAIN_BUILD, '-', \ - "build certificate chain for the extended certificates"}, \ - { "xcertform", OPT_X_CERTFORM, 'F', \ +#define OPT_X_ENUM \ + OPT_X__FIRST = 1000, \ + OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \ + OPT_X_CERTFORM, OPT_X_KEYFORM, \ + OPT_X__LAST + +#define OPT_X_OPTIONS \ + OPT_SECTION("Extended certificate"), \ + { "xkey", OPT_X_KEY, '<', "key for Extended certificates" }, \ + { "xcert", OPT_X_CERT, '<', "cert for Extended certificates" }, \ + { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates" }, \ + { "xchain_build", OPT_X_CHAIN_BUILD, '-', \ + "build certificate chain for the extended certificates" }, \ + { "xcertform", OPT_X_CERTFORM, 'F', \ "format of Extended certificate (PEM/DER/P12); has no effect" }, \ - { "xkeyform", OPT_X_KEYFORM, 'F', \ - "format of Extended certificate's key (DER/PEM/P12); has no effect"} - -# define OPT_X_CASES \ - OPT_X__FIRST: case OPT_X__LAST: break; \ - case OPT_X_KEY: \ - case OPT_X_CERT: \ - case OPT_X_CHAIN: \ - case OPT_X_CHAIN_BUILD: \ - case OPT_X_CERTFORM: \ - case OPT_X_KEYFORM + { "xkeyform", OPT_X_KEYFORM, 'F', \ + "format of Extended certificate's key (DER/PEM/P12); has no effect" } + +#define OPT_X_CASES \ + OPT_X__FIRST: \ + case OPT_X__LAST: \ + break; \ + case OPT_X_KEY: \ + case OPT_X_CERT: \ + case OPT_X_CHAIN: \ + case OPT_X_CHAIN_BUILD: \ + case OPT_X_CERTFORM: \ + case OPT_X_KEYFORM /* * Common SSL options. * Any changes here must be coordinated with ../ssl/ssl_conf.c */ -# define OPT_S_ENUM \ - OPT_S__FIRST=3000, \ - OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ - OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ - OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \ - OPT_S_LEGACYCONN, \ - OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ - OPT_S_PRIORITIZE_CHACHA, \ - OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ - OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ - OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ - OPT_S_MINPROTO, OPT_S_MAXPROTO, \ - OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST - -# define OPT_S_OPTIONS \ - OPT_SECTION("TLS/SSL"), \ - {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \ - {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \ - {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ - {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \ - {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \ - {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ - {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ - {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ - {"no_ticket", OPT_S_NOTICKET, '-', \ - "Disable use of TLS session tickets"}, \ - {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \ - {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \ - "Enable use of legacy renegotiation (dangerous)"}, \ - {"client_renegotiation", OPT_S_CLIENTRENEG, '-', \ - "Allow client-initiated renegotiation" }, \ - {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \ - "Disable all renegotiation."}, \ - {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \ - "Allow initial connection to servers that don't support RI"}, \ - {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \ - "Disallow session resumption on renegotiation"}, \ - {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \ - "Disallow initial connection to servers that don't support RI"}, \ - {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \ - "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \ - {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \ - "Prioritize ChaCha ciphers when preferred by clients"}, \ - {"strict", OPT_S_STRICT, '-', \ - "Enforce strict certificate checks as per TLS standard"}, \ - {"sigalgs", OPT_S_SIGALGS, 's', \ - "Signature algorithms to support (colon-separated list)" }, \ - {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \ - "Signature algorithms to support for client certificate" \ - " authentication (colon-separated list)" }, \ - {"groups", OPT_S_GROUPS, 's', \ - "Groups to advertise (colon-separated list)" }, \ - {"curves", OPT_S_CURVES, 's', \ - "Groups to advertise (colon-separated list)" }, \ - {"named_curve", OPT_S_NAMEDCURVE, 's', \ - "Elliptic curve used for ECDHE (server-side only)" }, \ - {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \ - {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \ - {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \ - {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \ - {"record_padding", OPT_S_RECORD_PADDING, 's', \ - "Block size to pad TLS 1.3 records to."}, \ - {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ - "Perform all sorts of protocol violations for testing purposes"}, \ - {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ - "Disable TLSv1.3 middlebox compat mode" }, \ - {"no_etm", OPT_S_NO_ETM, '-', \ - "Disable Encrypt-then-Mac extension"} - -# define OPT_S_CASES \ - OPT_S__FIRST: case OPT_S__LAST: break; \ - case OPT_S_NOSSL3: \ - case OPT_S_NOTLS1: \ - case OPT_S_NOTLS1_1: \ - case OPT_S_NOTLS1_2: \ - case OPT_S_NOTLS1_3: \ - case OPT_S_BUGS: \ - case OPT_S_NO_COMP: \ - case OPT_S_COMP: \ - case OPT_S_NOTICKET: \ - case OPT_S_SERVERPREF: \ - case OPT_S_LEGACYRENEG: \ - case OPT_S_CLIENTRENEG: \ - case OPT_S_LEGACYCONN: \ - case OPT_S_ONRESUMP: \ - case OPT_S_NOLEGACYCONN: \ - case OPT_S_ALLOW_NO_DHE_KEX: \ - case OPT_S_PRIORITIZE_CHACHA: \ - case OPT_S_STRICT: \ - case OPT_S_SIGALGS: \ - case OPT_S_CLIENTSIGALGS: \ - case OPT_S_GROUPS: \ - case OPT_S_CURVES: \ - case OPT_S_NAMEDCURVE: \ - case OPT_S_CIPHER: \ - case OPT_S_CIPHERSUITES: \ - case OPT_S_RECORD_PADDING: \ - case OPT_S_NO_RENEGOTIATION: \ - case OPT_S_MINPROTO: \ - case OPT_S_MAXPROTO: \ - case OPT_S_DEBUGBROKE: \ - case OPT_S_NO_MIDDLEBOX: \ - case OPT_S_NO_ETM - -#define IS_NO_PROT_FLAG(o) \ - (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ - || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) +#define OPT_S_ENUM \ + OPT_S__FIRST = 3000, \ + OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ + OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ + OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \ + OPT_S_LEGACYCONN, \ + OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ + OPT_S_PRIORITIZE_CHACHA, \ + OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ + OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ + OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ + OPT_S_MINPROTO, OPT_S_MAXPROTO, \ + OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST + +#define OPT_S_OPTIONS \ + OPT_SECTION("TLS/SSL"), \ + { "no_ssl3", OPT_S_NOSSL3, '-', "Just disable SSLv3" }, \ + { "no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1" }, \ + { "no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ + { "no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2" }, \ + { "no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3" }, \ + { "bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility" }, \ + { "no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ + { "comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ + { "no_ticket", OPT_S_NOTICKET, '-', \ + "Disable use of TLS session tickets" }, \ + { "serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences" }, \ + { "legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \ + "Enable use of legacy renegotiation (dangerous)" }, \ + { "client_renegotiation", OPT_S_CLIENTRENEG, '-', \ + "Allow client-initiated renegotiation" }, \ + { "no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \ + "Disable all renegotiation." }, \ + { "legacy_server_connect", OPT_S_LEGACYCONN, '-', \ + "Allow initial connection to servers that don't support RI" }, \ + { "no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \ + "Disallow session resumption on renegotiation" }, \ + { "no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \ + "Disallow initial connection to servers that don't support RI" }, \ + { "allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \ + "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption" }, \ + { "prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \ + "Prioritize ChaCha ciphers when preferred by clients" }, \ + { "strict", OPT_S_STRICT, '-', \ + "Enforce strict certificate checks as per TLS standard" }, \ + { "sigalgs", OPT_S_SIGALGS, 's', \ + "Signature algorithms to support (colon-separated list)" }, \ + { "client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \ + "Signature algorithms to support for client certificate" \ + " authentication (colon-separated list)" }, \ + { "groups", OPT_S_GROUPS, 's', \ + "Groups to advertise (colon-separated list)" }, \ + { "curves", OPT_S_CURVES, 's', \ + "Groups to advertise (colon-separated list)" }, \ + { "named_curve", OPT_S_NAMEDCURVE, 's', \ + "Elliptic curve used for ECDHE (server-side only)" }, \ + { "cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used" }, \ + { "ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used" }, \ + { "min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used" }, \ + { "max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used" }, \ + { "record_padding", OPT_S_RECORD_PADDING, 's', \ + "Block size to pad TLS 1.3 records to." }, \ + { "debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ + "Perform all sorts of protocol violations for testing purposes" }, \ + { "no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ + "Disable TLSv1.3 middlebox compat mode" }, \ + { "no_etm", OPT_S_NO_ETM, '-', \ + "Disable Encrypt-then-Mac extension" } + +#define OPT_S_CASES \ + OPT_S__FIRST: \ + case OPT_S__LAST: \ + break; \ + case OPT_S_NOSSL3: \ + case OPT_S_NOTLS1: \ + case OPT_S_NOTLS1_1: \ + case OPT_S_NOTLS1_2: \ + case OPT_S_NOTLS1_3: \ + case OPT_S_BUGS: \ + case OPT_S_NO_COMP: \ + case OPT_S_COMP: \ + case OPT_S_NOTICKET: \ + case OPT_S_SERVERPREF: \ + case OPT_S_LEGACYRENEG: \ + case OPT_S_CLIENTRENEG: \ + case OPT_S_LEGACYCONN: \ + case OPT_S_ONRESUMP: \ + case OPT_S_NOLEGACYCONN: \ + case OPT_S_ALLOW_NO_DHE_KEX: \ + case OPT_S_PRIORITIZE_CHACHA: \ + case OPT_S_STRICT: \ + case OPT_S_SIGALGS: \ + case OPT_S_CLIENTSIGALGS: \ + case OPT_S_GROUPS: \ + case OPT_S_CURVES: \ + case OPT_S_NAMEDCURVE: \ + case OPT_S_CIPHER: \ + case OPT_S_CIPHERSUITES: \ + case OPT_S_RECORD_PADDING: \ + case OPT_S_NO_RENEGOTIATION: \ + case OPT_S_MINPROTO: \ + case OPT_S_MAXPROTO: \ + case OPT_S_DEBUGBROKE: \ + case OPT_S_NO_MIDDLEBOX: \ + case OPT_S_NO_ETM + +#define IS_NO_PROT_FLAG(o) \ + (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ + || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) /* * Random state options. */ -# define OPT_R_ENUM \ - OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST +#define OPT_R_ENUM \ + OPT_R__FIRST = 1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST -# define OPT_R_OPTIONS \ - OPT_SECTION("Random state"), \ - {"rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator"}, \ - {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"} +#define OPT_R_OPTIONS \ + OPT_SECTION("Random state"), \ + { "rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator" }, \ + { "writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file" } -# define OPT_R_CASES \ - OPT_R__FIRST: case OPT_R__LAST: break; \ - case OPT_R_RAND: case OPT_R_WRITERAND +#define OPT_R_CASES \ + OPT_R__FIRST: \ + case OPT_R__LAST: \ + break; \ + case OPT_R_RAND: \ + case OPT_R_WRITERAND /* * Provider options. */ -# define OPT_PROV_ENUM \ - OPT_PROV__FIRST=1600, \ - OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \ - OPT_PROV__LAST +#define OPT_PROV_ENUM \ + OPT_PROV__FIRST = 1600, \ + OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \ + OPT_PROV__LAST -# define OPT_CONFIG_OPTION \ - { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" } +#define OPT_CONFIG_OPTION \ + { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" } -# define OPT_PROV_OPTIONS \ - OPT_SECTION("Provider"), \ +#define OPT_PROV_OPTIONS \ + OPT_SECTION("Provider"), \ { "provider-path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \ - { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \ + { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \ { "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms" } -# define OPT_PROV_CASES \ - OPT_PROV__FIRST: case OPT_PROV__LAST: break; \ - case OPT_PROV_PROVIDER: \ - case OPT_PROV_PROVIDER_PATH: \ - case OPT_PROV_PROPQUERY +#define OPT_PROV_CASES \ + OPT_PROV__FIRST: \ + case OPT_PROV__LAST: \ + break; \ + case OPT_PROV_PROVIDER: \ + case OPT_PROV_PROVIDER_PATH: \ + case OPT_PROV_PROPQUERY /* * Option parsing. @@ -332,33 +343,31 @@ } OPT_PAIR, STRINT_PAIR; /* Flags to pass into opt_format; see FORMAT_xxx, below. */ -# define OPT_FMT_PEMDER (1L << 1) -# define OPT_FMT_PKCS12 (1L << 2) -# define OPT_FMT_SMIME (1L << 3) -# define OPT_FMT_ENGINE (1L << 4) -# define OPT_FMT_MSBLOB (1L << 5) +#define OPT_FMT_PEMDER (1L << 1) +#define OPT_FMT_PKCS12 (1L << 2) +#define OPT_FMT_SMIME (1L << 3) +#define OPT_FMT_ENGINE (1L << 4) +#define OPT_FMT_MSBLOB (1L << 5) /* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ -# define OPT_FMT_NSS (1L << 7) -# define OPT_FMT_TEXT (1L << 8) -# define OPT_FMT_HTTP (1L << 9) -# define OPT_FMT_PVK (1L << 10) -# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) -# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) -# define OPT_FMT_ANY ( \ - OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ - OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) +#define OPT_FMT_NSS (1L << 7) +#define OPT_FMT_TEXT (1L << 8) +#define OPT_FMT_HTTP (1L << 9) +#define OPT_FMT_PVK (1L << 10) +#define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) +#define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) +#define OPT_FMT_ANY ( \ + OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) /* Divide options into sections when displaying usage */ #define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" } #define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" } const char *opt_path_end(const char *filename); -char *opt_init(int ac, char **av, const OPTIONS * o); +char *opt_init(int ac, char **av, const OPTIONS *o); char *opt_progname(const char *argv0); char *opt_appname(const char *argv0); char *opt_getprog(void); -void opt_help(const OPTIONS * list); +void opt_help(const OPTIONS *list); void opt_begin(void); int opt_next(void); @@ -383,7 +392,7 @@ void print_format_error(int format, unsigned long flags); int opt_printf_stderr(const char *fmt, ...); int opt_string(const char *name, const char **options); -int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result); +int opt_pair(const char *arg, const OPT_PAIR *pairs, int *result); int opt_verify(int i, X509_VERIFY_PARAM *vpm); int opt_rand(int i); @@ -396,5 +405,4 @@ /* Returns non-zero if legacy paths are still available */ int opt_legacy_okay(void); - #endif /* OSSL_APPS_OPT_H */ --- crypto/openssl/apps/include/platform.h.orig +++ crypto/openssl/apps/include/platform.h @@ -8,25 +8,25 @@ */ #ifndef OSSL_APPS_PLATFORM_H -# define OSSL_APPS_PLATFORM_H +#define OSSL_APPS_PLATFORM_H -# include +#include -# if defined(OPENSSL_SYS_VMS) && defined(__DECC) +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) /* * VMS C only for now, implemented in vms_decc_init.c * If other C compilers forget to terminate argv with NULL, this function * can be re-used. */ char **copy_argv(int *argc, char *argv[]); -# endif +#endif -# ifdef _WIN32 +#ifdef _WIN32 /* * Win32-specific argv initialization that splits OS-supplied UNICODE * command line string to array of UTF8-encoded strings. */ void win32_utf8argv(int *argc, char **argv[]); -# endif +#endif #endif --- crypto/openssl/apps/include/s_apps.h.orig +++ crypto/openssl/apps/include/s_apps.h @@ -12,53 +12,53 @@ #include #include -#define PORT "4433" -#define PROTOCOL "tcp" +#define PORT "4433" +#define PROTOCOL "tcp" typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); int report_server_accept(BIO *out, int asock, int with_address, int with_pid); int do_server(int *accept_sock, const char *host, const char *port, - int family, int type, int protocol, do_server_cb cb, - unsigned char *context, int naccept, BIO *bio_s_out); + int family, int type, int protocol, do_server_cb cb, + unsigned char *context, int naccept, BIO *bio_s_out); int verify_callback(int ok, X509_STORE_CTX *ctx); int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, - STACK_OF(X509) *chain, int build_chain); + STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_groups(BIO *out, SSL *s, int noshared); int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, - const char *bindhost, const char *bindport, - int family, int type, int protocol); + const char *bindhost, const char *bindport, + int family, int type, int protocol); int should_retry(int i); void do_ssl_shutdown(SSL *ssl); long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed); + int argi, long argl, int ret, size_t *processed); void apps_ssl_info_callback(const SSL *s, int where, int ret); void msg_cb(int write_p, int version, int content_type, const void *buf, - size_t len, SSL *ssl, void *arg); + size_t len, SSL *ssl, void *arg); void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data, - int len, void *arg); + int len, void *arg); int generate_cookie_callback(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); + unsigned int *cookie_len); int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len); + unsigned int cookie_len); -#ifdef __VMS /* 31 char symbol name limit */ -# define generate_stateless_cookie_callback generate_stateless_cookie_cb -# define verify_stateless_cookie_callback verify_stateless_cookie_cb +#ifdef __VMS /* 31 char symbol name limit */ +#define generate_stateless_cookie_callback generate_stateless_cookie_cb +#define verify_stateless_cookie_callback verify_stateless_cookie_cb #endif int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, - size_t *cookie_len); + size_t *cookie_len); int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, - size_t cookie_len); + size_t cookie_len); typedef struct ssl_excert_st SSL_EXCERT; @@ -70,12 +70,12 @@ void print_ssl_summary(SSL *s); int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx); int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, - int crl_download); + int crl_download); int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, - const char *vfyCAfile, const char *vfyCAstore, - const char *chCApath, const char *chCAfile, - const char *chCAstore, STACK_OF(X509_CRL) *crls, - int crl_download); + const char *vfyCAfile, const char *vfyCAstore, + const char *chCApath, const char *chCAfile, + const char *chCAstore, STACK_OF(X509_CRL) *crls, + int crl_download); void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); void print_ca_names(BIO *bio, SSL *s); @@ -85,14 +85,14 @@ typedef struct srp_arg_st { char *srppassin; char *srplogin; - int msg; /* copy from c_msg */ - int debug; /* copy from c_debug */ - int amp; /* allow more groups */ - int strength; /* minimal size for N */ + int msg; /* copy from c_msg */ + int debug; /* copy from c_debug */ + int amp; /* allow more groups */ + int strength; /* minimal size for N */ } SRP_ARG; int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg, - int c_debug); + int c_debug); void set_up_dummy_srp(SSL_CTX *ctx); /* The server side SRP context that we pass to all SRP related callbacks */ @@ -103,6 +103,6 @@ } srpsrvparm; int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm, - char *srpuserseed, char *srp_verifier_file); + char *srpuserseed, char *srp_verifier_file); void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out); #endif /* OPENSSL_NO_SRP */ --- crypto/openssl/apps/include/vms_term_sock.h.orig +++ crypto/openssl/apps/include/vms_term_sock.h @@ -9,23 +9,23 @@ */ #ifndef OSSL_APPS_VMS_TERM_SOCK_H -# define OSSL_APPS_VMS_TERM_SOCK_H +#define OSSL_APPS_VMS_TERM_SOCK_H /* ** Terminal Socket Function Codes */ -# define TERM_SOCK_CREATE 1 -# define TERM_SOCK_DELETE 2 +#define TERM_SOCK_CREATE 1 +#define TERM_SOCK_DELETE 2 /* ** Terminal Socket Status Codes */ -# define TERM_SOCK_FAILURE 0 -# define TERM_SOCK_SUCCESS 1 +#define TERM_SOCK_FAILURE 0 +#define TERM_SOCK_SUCCESS 1 /* ** Terminal Socket Prototype */ -int TerminalSocket (int FunctionCode, int *ReturnSocket); +int TerminalSocket(int FunctionCode, int *ReturnSocket); #endif --- crypto/openssl/apps/info.c.orig +++ crypto/openssl/apps/info.c @@ -13,26 +13,32 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP, - OPT_LISTSEP, OPT_SEEDS, OPT_CPUSETTINGS + OPT_CONFIGDIR, + OPT_ENGINESDIR, + OPT_MODULESDIR, + OPT_DSOEXT, + OPT_DIRNAMESEP, + OPT_LISTSEP, + OPT_SEEDS, + OPT_CPUSETTINGS } OPTION_CHOICE; const OPTIONS info_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Output"), - {"configdir", OPT_CONFIGDIR, '-', "Default configuration file directory"}, - {"enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory"}, - {"modulesdir", OPT_MODULESDIR, '-', - "Default module directory (other than engine modules)"}, - {"dsoext", OPT_DSOEXT, '-', "Configured extension for modules"}, - {"dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator"}, - {"listsep", OPT_LISTSEP, '-', "List separator character"}, - {"seeds", OPT_SEEDS, '-', "Seed sources"}, - {"cpusettings", OPT_CPUSETTINGS, '-', "CPU settings info"}, - {NULL} + { "configdir", OPT_CONFIGDIR, '-', "Default configuration file directory" }, + { "enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory" }, + { "modulesdir", OPT_MODULESDIR, '-', + "Default module directory (other than engine modules)" }, + { "dsoext", OPT_DSOEXT, '-', "Configured extension for modules" }, + { "dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator" }, + { "listsep", OPT_LISTSEP, '-', "List separator character" }, + { "seeds", OPT_SEEDS, '-', "Seed sources" }, + { "cpusettings", OPT_CPUSETTINGS, '-', "CPU settings info" }, + { NULL } }; int info_main(int argc, char **argv) @@ -45,7 +51,7 @@ while ((o = opt_next()) != OPT_EOF) { switch (o) { default: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -99,6 +105,6 @@ BIO_printf(bio_out, "%s\n", OPENSSL_info(type)); ret = 0; - end: +end: return ret; } --- crypto/openssl/apps/kdf.c.orig +++ crypto/openssl/apps/kdf.c @@ -19,37 +19,42 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT, - OPT_CIPHER, OPT_DIGEST, OPT_MAC, + OPT_KDFOPT, + OPT_BIN, + OPT_KEYLEN, + OPT_OUT, + OPT_CIPHER, + OPT_DIGEST, + OPT_MAC, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS kdf_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] kdf_name\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] kdf_name\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form"}, - {"cipher", OPT_CIPHER, 's', "Cipher"}, - {"digest", OPT_DIGEST, 's', "Digest"}, - {"mac", OPT_MAC, 's', "MAC"}, - {OPT_MORE_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs\n"}, - {"keylen", OPT_KEYLEN, 's', "The size of the output derived key"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form" }, + { "cipher", OPT_CIPHER, 's', "Cipher" }, + { "digest", OPT_DIGEST, 's', "Digest" }, + { "mac", OPT_MAC, 's', "MAC" }, + { OPT_MORE_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs\n" }, + { "keylen", OPT_KEYLEN, 's', "The size of the output derived key" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"binary", OPT_BIN, '-', - "Output in binary format (default is hexadecimal)"}, + { "out", OPT_OUT, '>', "Output to filename rather than stdout" }, + { "binary", OPT_BIN, '-', + "Output in binary format (default is hexadecimal)" }, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"kdf_name", 0, 0, "Name of the KDF algorithm"}, - {NULL} + { "kdf_name", 0, 0, "Name of the KDF algorithm" }, + { NULL } }; static char *alloc_kdf_algorithm_name(STACK_OF(OPENSSL_STRING) **optp, - const char *name, const char *arg) + const char *name, const char *arg) { size_t len = strlen(name) + strlen(arg) + 2; char *res; @@ -85,7 +90,7 @@ while ((o = opt_next()) != OPT_EOF) { switch (o) { default: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto err; case OPT_HELP: @@ -139,7 +144,8 @@ goto opthelp; if ((kdf = EVP_KDF_fetch(app_get0_libctx(), argv[0], - app_get0_propq())) == NULL) { + app_get0_propq())) + == NULL) { BIO_printf(bio_err, "Invalid KDF name %s\n", argv[0]); goto opthelp; } @@ -150,8 +156,7 @@ if (opts != NULL) { int ok = 1; - OSSL_PARAM *params = - app_params_new_from_opts(opts, EVP_KDF_settable_ctx_params(kdf)); + OSSL_PARAM *params = app_params_new_from_opts(opts, EVP_KDF_settable_ctx_params(kdf)); if (params == NULL) goto err; --- crypto/openssl/apps/lib/app_libctx.c.orig +++ crypto/openssl/apps/lib/app_libctx.c @@ -36,7 +36,7 @@ */ if (app_libctx == NULL) { if (!app_provider_load(NULL, "null")) { - opt_printf_stderr( "Failed to create null provider\n"); + opt_printf_stderr("Failed to create null provider\n"); return NULL; } app_libctx = OSSL_LIB_CTX_new(); @@ -45,4 +45,3 @@ opt_printf_stderr("Failed to create library context\n"); return app_libctx; } - --- crypto/openssl/apps/lib/app_params.c.orig +++ crypto/openssl/apps/lib/app_params.c @@ -63,7 +63,7 @@ printed_len = BIO_snprintf(buf, bufsz, " (arbitrary size)"); else printed_len = BIO_snprintf(buf, bufsz, " (max %zu bytes large)", - param->data_size); + param->data_size); if (printed_len > 0) { buf += printed_len; bufsz -= printed_len; @@ -85,7 +85,7 @@ } else { BIO_printf(bio_out, "%*s%s:\n", indent, "", thing); for (; pdefs->key != NULL; pdefs++) { - char buf[200]; /* This should be ample space */ + char buf[200]; /* This should be ample space */ describe_param_type(buf, sizeof(buf), pdefs); BIO_printf(bio_out, "%*s %s\n", indent, "", buf); @@ -125,8 +125,7 @@ break; default: BIO_printf(bio_out, "unknown type (%u) of %zu bytes\n", - p->data_type, p->data_size); + p->data_type, p->data_size); break; } } - --- crypto/openssl/apps/lib/app_provider.c.orig +++ crypto/openssl/apps/lib/app_provider.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ if (prov == NULL) { opt_printf_stderr("%s: unable to load provider %s\n" "Hint: use -provider-path option or OPENSSL_MODULES environment variable.\n", - opt_getprog(), provider_name); + opt_getprog(), provider_name); ERR_print_errors(bio_err); return 0; } @@ -46,6 +46,7 @@ app_providers = sk_OSSL_PROVIDER_new_null(); if (app_providers == NULL || !sk_OSSL_PROVIDER_push(app_providers, prov)) { + OSSL_PROVIDER_unload(prov); app_providers_cleanup(); return 0; } --- crypto/openssl/apps/lib/app_rand.c.orig +++ crypto/openssl/apps/lib/app_rand.c @@ -43,7 +43,7 @@ char *p; int last, ret = 1; - for ( ; ; ) { + for (;;) { last = 0; for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++) continue; @@ -90,11 +90,10 @@ ret = 0; } OPENSSL_free(save_rand_file); - save_rand_file = NULL; + save_rand_file = NULL; return ret; } - /* * See comments in opt_verify for explanation of this. */ @@ -108,7 +107,7 @@ break; case OPT_R_RAND: if (randfiles == NULL - && (randfiles = sk_OPENSSL_STRING_new_null()) == NULL) + && (randfiles = sk_OPENSSL_STRING_new_null()) == NULL) return 0; if (!sk_OPENSSL_STRING_push(randfiles, opt_arg())) return 0; --- crypto/openssl/apps/lib/app_x509.c.orig +++ crypto/openssl/apps/lib/app_x509.c @@ -38,53 +38,51 @@ { switch (cmd) { #ifdef EVP_PKEY_CTRL_SET1_ID - case EVP_PKEY_CTRL_SET1_ID: - { - ASN1_OCTET_STRING *v = mk_octet_string(value, value_n); - - if (v == NULL) { - BIO_printf(bio_err, - "error: setting distinguishing ID in certificate failed\n"); - return 0; - } - - X509_set0_distinguishing_id(object, v); - return 1; + case EVP_PKEY_CTRL_SET1_ID: { + ASN1_OCTET_STRING *v = mk_octet_string(value, value_n); + + if (v == NULL) { + BIO_printf(bio_err, + "error: setting distinguishing ID in certificate failed\n"); + return 0; } + + X509_set0_distinguishing_id(object, v); + return 1; + } #endif default: break; } - return -2; /* typical EVP_PKEY return for "unsupported" */ + return -2; /* typical EVP_PKEY return for "unsupported" */ } static int x509_req_ctrl(void *object, int cmd, void *value, size_t value_n) { switch (cmd) { #ifdef EVP_PKEY_CTRL_SET1_ID - case EVP_PKEY_CTRL_SET1_ID: - { - ASN1_OCTET_STRING *v = mk_octet_string(value, value_n); - - if (v == NULL) { - BIO_printf(bio_err, - "error: setting distinguishing ID in certificate signing request failed\n"); - return 0; - } - - X509_REQ_set0_distinguishing_id(object, v); - return 1; + case EVP_PKEY_CTRL_SET1_ID: { + ASN1_OCTET_STRING *v = mk_octet_string(value, value_n); + + if (v == NULL) { + BIO_printf(bio_err, + "error: setting distinguishing ID in certificate signing request failed\n"); + return 0; } + + X509_REQ_set0_distinguishing_id(object, v); + return 1; + } #endif default: break; } - return -2; /* typical EVP_PKEY return for "unsupported" */ + return -2; /* typical EVP_PKEY return for "unsupported" */ } static int do_x509_ctrl_string(int (*ctrl)(void *object, int cmd, - void *value, size_t value_n), - void *object, const char *value) + void *value, size_t value_n), + void *object, const char *value) { int rv = 0; char *stmp, *vtmp = NULL; --- crypto/openssl/apps/lib/apps.c.orig +++ crypto/openssl/apps/lib/apps.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,13 +12,13 @@ * On VMS, you need to define this to get the declaration of fileno(). The * value 2 is to make sure no function defined in POSIX-2 is left undefined. */ -# define _POSIX_C_SOURCE 2 +#define _POSIX_C_SOURCE 2 #endif #ifndef OPENSSL_NO_ENGINE /* We need to use some deprecated APIs */ -# define OPENSSL_SUPPRESS_DEPRECATED -# include +#define OPENSSL_SUPPRESS_DEPRECATED +#include #endif #include @@ -26,8 +26,8 @@ #include #include #ifndef OPENSSL_NO_POSIX_IO -# include -# include +#include +#include #endif #include #include @@ -51,19 +51,19 @@ #ifdef _WIN32 static int WIN32_rename(const char *from, const char *to); -# define rename(from,to) WIN32_rename((from),(to)) +#define rename(from, to) WIN32_rename((from), (to)) #endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) -# include +#include #endif #if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) || defined(__BORLANDC__) -# define _kbhit kbhit +#define _kbhit kbhit #endif static BIO *bio_open_default_(const char *filename, char mode, int format, - int quiet); + int quiet); #define PASS_SOURCE_SIZE_MAX 4 @@ -76,68 +76,19 @@ } NAME_EX_TBL; static int set_table_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL * in_tbl); + const NAME_EX_TBL *in_tbl); static int set_multi_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL * in_tbl); -static -int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, - int suppress_decode_errors); + const NAME_EX_TBL *in_tbl); +static int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, + const char *pass, const char *desc, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, + X509 **pcert, STACK_OF(X509) **pcerts, + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, + int suppress_decode_errors); int app_init(long mesgwin); -int chopup_args(ARGS *arg, char *buf) -{ - int quoted; - char c = '\0', *p = NULL; - - arg->argc = 0; - if (arg->size == 0) { - arg->size = 20; - arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); - } - - for (p = buf;;) { - /* Skip whitespace. */ - while (*p && isspace(_UC(*p))) - p++; - if (*p == '\0') - break; - - /* The start of something good :-) */ - if (arg->argc >= arg->size) { - char **tmp; - arg->size += 20; - tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size); - if (tmp == NULL) - return 0; - arg->argv = tmp; - } - quoted = *p == '\'' || *p == '"'; - if (quoted) - c = *p++; - arg->argv[arg->argc++] = p; - - /* now look for the end of this */ - if (quoted) { - while (*p && *p != c) - p++; - *p++ = '\0'; - } else { - while (*p && !isspace(_UC(*p))) - p++; - if (*p) - *p++ = '\0'; - } - } - arg->argv[arg->argc] = NULL; - return 1; -} - #ifndef APP_INIT int app_init(long mesgwin) { @@ -146,9 +97,9 @@ #endif int ctx_set_verify_locations(SSL_CTX *ctx, - const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore) + const char *CAfile, int noCAfile, + const char *CApath, int noCApath, + const char *CAstore, int noCAstore) { if (CAfile == NULL && CApath == NULL && CAstore == NULL) { if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0) @@ -211,7 +162,6 @@ return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata); } - static char *app_get_pass(const char *arg, int keepbio); char *get_passwd(const char *pass, const char *desc) @@ -224,7 +174,7 @@ BIO_printf(bio_err, "Error getting password for %s\n", desc); if (pass != NULL && result == NULL) { BIO_printf(bio_err, - "Trying plain input string (better precede with 'pass:')\n"); + "Trying plain input string (better precede with 'pass:')\n"); result = OPENSSL_strdup(pass); if (result == NULL) BIO_printf(bio_err, "Out of memory getting password for %s\n", desc); @@ -245,8 +195,13 @@ } if (arg2 != NULL) { *pass2 = app_get_pass(arg2, same ? 2 : 0); - if (*pass2 == NULL) + if (*pass2 == NULL) { + if (pass1 != NULL) { + clear_free(*pass1); + *pass1 = NULL; + } return 0; + } } else if (pass2 != NULL) { *pass2 = NULL; } @@ -316,15 +271,15 @@ } } else { /* argument syntax error; do not reveal too much about arg */ - tmp = strchr(arg, ':'); - if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX) + const char *arg_ptr = strchr(arg, ':'); + if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX) BIO_printf(bio_err, - "Invalid password argument, missing ':' within the first %d chars\n", - PASS_SOURCE_SIZE_MAX + 1); + "Invalid password argument, missing ':' within the first %d chars\n", + PASS_SOURCE_SIZE_MAX + 1); else BIO_printf(bio_err, - "Invalid password argument, starting with \"%.*s\"\n", - (int)(tmp - arg + 1), arg); + "Invalid password argument, starting with \"%.*s\"\n", + (int)(arg_ptr - arg + 1), arg); return NULL; } } @@ -358,7 +313,7 @@ BIO_printf(bio_err, "%s: Can't load ", opt_getprog()); } else { BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(), - errorline); + errorline); } if (filename != NULL) BIO_printf(bio_err, "config file \"%s\"\n", filename); @@ -435,7 +390,7 @@ cnf = sk_CONF_VALUE_value(sktmp, i); if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(bio_err, "problem creating object %s=%s\n", - cnf->name, cnf->value); + cnf->name, cnf->value); return 0; } } @@ -458,12 +413,12 @@ } #define IS_HTTP(uri) ((uri) != NULL \ - && strncmp(uri, OSSL_HTTP_PREFIX, strlen(OSSL_HTTP_PREFIX)) == 0) + && strncmp(uri, OSSL_HTTP_PREFIX, strlen(OSSL_HTTP_PREFIX)) == 0) #define IS_HTTPS(uri) ((uri) != NULL \ - && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0) + && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0) X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc) + const char *pass, const char *desc) { X509 *cert = NULL; @@ -475,7 +430,7 @@ cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */); else (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, - NULL, NULL, NULL, &cert, NULL, NULL, NULL); + NULL, NULL, NULL, &cert, NULL, NULL, NULL); if (cert == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); @@ -484,7 +439,7 @@ } X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, - const char *desc) + const char *desc) { X509_CRL *crl = NULL; @@ -496,7 +451,7 @@ crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */); else (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, - NULL, NULL, NULL, NULL, NULL, &crl, NULL); + NULL, NULL, NULL, NULL, NULL, &crl, NULL); if (crl == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); @@ -524,7 +479,7 @@ else print_format_error(format, OPT_FMT_PEMDER); - end: +end: if (req == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); @@ -546,7 +501,7 @@ } EVP_PKEY *load_key(const char *uri, int format, int may_stdin, - const char *pass, ENGINE *e, const char *desc) + const char *pass, ENGINE *e, const char *desc) { EVP_PKEY *pkey = NULL; char *allocated_uri = NULL; @@ -558,14 +513,14 @@ uri = allocated_uri = make_engine_uri(e, uri, desc); } (void)load_key_certs_crls(uri, format, may_stdin, pass, desc, - &pkey, NULL, NULL, NULL, NULL, NULL, NULL); + &pkey, NULL, NULL, NULL, NULL, NULL, NULL); OPENSSL_free(allocated_uri); return pkey; } EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *desc) + const char *pass, ENGINE *e, const char *desc) { EVP_PKEY *pkey = NULL; char *allocated_uri = NULL; @@ -577,15 +532,15 @@ uri = allocated_uri = make_engine_uri(e, uri, desc); } (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, - NULL, &pkey, NULL, NULL, NULL, NULL, NULL); + NULL, &pkey, NULL, NULL, NULL, NULL, NULL); OPENSSL_free(allocated_uri); return pkey; } EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc, - int suppress_decode_errors) + const char *keytype, const char *desc, + int suppress_decode_errors) { EVP_PKEY *params = NULL; @@ -593,13 +548,13 @@ desc = "key parameters"; (void)load_key_certs_crls_suppress(uri, format, maybe_stdin, NULL, desc, - NULL, NULL, ¶ms, NULL, NULL, NULL, - NULL, suppress_decode_errors); + NULL, NULL, ¶ms, NULL, NULL, NULL, + NULL, suppress_decode_errors); if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) { if (!suppress_decode_errors) { BIO_printf(bio_err, - "Unable to load %s from %s (unexpected parameters type)\n", - desc, uri); + "Unable to load %s from %s (unexpected parameters type)\n", + desc, uri); ERR_print_errors(bio_err); } EVP_PKEY_free(params); @@ -609,7 +564,7 @@ } EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc) + const char *keytype, const char *desc) { return load_keyparams_suppress(uri, format, maybe_stdin, keytype, desc, 0); } @@ -631,7 +586,7 @@ if (vp == NULL) app_bail_out("%s: Could not allocate %zu bytes for %s\n", - opt_getprog(), sz, what); + opt_getprog(), sz, what); return vp; } @@ -655,16 +610,16 @@ char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); BIO_printf(bio_err, "Warning: certificate from '%s' with subject '%s' %s\n", - uri, subj, msg); + uri, subj, msg); OPENSSL_free(subj); } static void warn_cert(const char *uri, X509 *cert, int warn_EE, - X509_VERIFY_PARAM *vpm) + X509_VERIFY_PARAM *vpm) { uint32_t ex_flags = X509_get_extension_flags(cert); int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), - X509_get0_notAfter(cert)); + X509_get0_notAfter(cert)); if (res != 0) warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid"); @@ -673,7 +628,7 @@ } static void warn_certs(const char *uri, STACK_OF(X509) *certs, int warn_EE, - X509_VERIFY_PARAM *vpm) + X509_VERIFY_PARAM *vpm) { int i; @@ -682,22 +637,21 @@ } int load_cert_certs(const char *uri, - X509 **pcert, STACK_OF(X509) **pcerts, - int exclude_http, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm) + X509 **pcert, STACK_OF(X509) **pcerts, + int exclude_http, const char *pass, const char *desc, + X509_VERIFY_PARAM *vpm) { int ret = 0; char *pass_string; - if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 - || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) { + if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) { BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); return ret; } pass_string = get_passwd(pass, desc); ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc, - NULL, NULL, NULL, - pcert, pcerts, NULL, NULL); + NULL, NULL, NULL, + pcert, pcerts, NULL, NULL); clear_free(pass_string); if (ret) { @@ -715,7 +669,7 @@ } STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, - const char *desc, X509_VERIFY_PARAM *vpm) + const char *desc, X509_VERIFY_PARAM *vpm) { STACK_OF(X509) *certs = NULL; STACK_OF(X509) *result = sk_X509_new_null(); @@ -731,7 +685,7 @@ if (!load_cert_certs(files, NULL, &certs, 0, pass, desc, vpm)) goto err; if (!X509_add_certs(result, certs, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) goto oom; sk_X509_pop_free(certs, X509_free); certs = NULL; @@ -739,16 +693,16 @@ } return result; - oom: +oom: BIO_printf(bio_err, "out of memory\n"); - err: +err: sk_X509_pop_free(certs, X509_free); sk_X509_pop_free(result, X509_free); return NULL; } static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */, - const STACK_OF(X509) *certs /* may NULL */) + const STACK_OF(X509) *certs /* may NULL */) { int i; @@ -770,7 +724,7 @@ * Returns pointer to created X509_STORE on success, NULL on error. */ X509_STORE *load_certstore(char *input, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm) + X509_VERIFY_PARAM *vpm) { X509_STORE *store = NULL; STACK_OF(X509) *certs = NULL; @@ -798,12 +752,12 @@ * The caller is responsible for freeing *certs if its value is left not NULL. */ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, - const char *pass, const char *desc) + const char *pass, const char *desc) { int was_NULL = *certs == NULL; int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin, - pass, desc, NULL, NULL, - NULL, NULL, certs, NULL, NULL); + pass, desc, NULL, NULL, + NULL, NULL, certs, NULL, NULL); if (!ret && was_NULL) { sk_X509_pop_free(*certs, X509_free); @@ -817,12 +771,12 @@ * The caller is responsible for freeing *crls if its value is left not NULL. */ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, - const char *pass, const char *desc) + const char *pass, const char *desc) { int was_NULL = *crls == NULL; int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc, - NULL, NULL, NULL, - NULL, NULL, NULL, crls); + NULL, NULL, NULL, + NULL, NULL, NULL, crls); if (!ret && was_NULL) { sk_X509_CRL_pop_free(*crls, X509_CRL_free); @@ -833,7 +787,7 @@ static const char *format2string(int format) { - switch(format) { + switch (format) { case FORMAT_PEM: return "PEM"; case FORMAT_ASN1: @@ -857,14 +811,13 @@ * In any case (also on error) the caller is responsible for freeing all members * of *pcerts and *pcrls (as far as they are not NULL). */ -static -int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, - int suppress_decode_errors) +static int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, + const char *pass, const char *desc, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, + X509 **pcert, STACK_OF(X509) **pcerts, + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, + int suppress_decode_errors) { PW_CB_DATA uidata; OSSL_STORE_CTX *ctx = NULL; @@ -872,11 +825,13 @@ const char *propq = app_get0_propq(); int ncerts = 0; int ncrls = 0; - const char *failed = - ppkey != NULL ? "key" : ppubkey != NULL ? "public key" : - pparams != NULL ? "params" : pcert != NULL ? "cert" : - pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" : - pcrls != NULL ? "CRLs" : NULL; + const char *failed = ppkey != NULL ? "key" : ppubkey != NULL ? "public key" + : pparams != NULL ? "params" + : pcert != NULL ? "cert" + : pcrl != NULL ? "CRL" + : pcerts != NULL ? "certs" + : pcrls != NULL ? "CRLs" + : NULL; int cnt_expectations = 0; int expect = -1; const char *input_type; @@ -926,7 +881,7 @@ } if (cnt_expectations == 0) { BIO_printf(bio_err, "Internal error: nothing to load from %s\n", - uri != NULL ? uri : ""); + uri != NULL ? uri : ""); return 0; } @@ -934,10 +889,10 @@ uidata.prompt_info = uri; if ((input_type = format2string(format)) != NULL) { - itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, - (char *)input_type, 0); - itp[1] = OSSL_PARAM_construct_end(); - params = itp; + itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, + (char *)input_type, 0); + itp[1] = OSSL_PARAM_construct_end(); + params = itp; } if (uri == NULL) { @@ -952,13 +907,13 @@ bio = BIO_new_fp(stdin, 0); if (bio != NULL) { ctx = OSSL_STORE_attach(bio, "file", libctx, propq, - get_ui_method(), &uidata, params, - NULL, NULL); + get_ui_method(), &uidata, params, + NULL, NULL); BIO_free(bio); } } else { ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, - params, NULL, NULL); + params, NULL, NULL); } if (ctx == NULL) { BIO_printf(bio_err, "Could not open file or uri for loading"); @@ -1018,19 +973,17 @@ if (pcert != NULL && *pcert == NULL) { ok = (*pcert = OSSL_STORE_INFO_get1_CERT(info)) != NULL; cnt_expectations -= ok; - } - else if (pcerts != NULL) + } else if (pcerts != NULL) ok = X509_add_cert(*pcerts, - OSSL_STORE_INFO_get1_CERT(info), - X509_ADD_FLAG_DEFAULT); + OSSL_STORE_INFO_get1_CERT(info), + X509_ADD_FLAG_DEFAULT); ncerts += ok; break; case OSSL_STORE_INFO_CRL: if (pcrl != NULL && *pcrl == NULL) { ok = (*pcrl = OSSL_STORE_INFO_get1_CRL(info)) != NULL; cnt_expectations -= ok; - } - else if (pcrls != NULL) + } else if (pcrls != NULL) ok = sk_X509_CRL_push(*pcrls, OSSL_STORE_INFO_get1_CRL(info)); ncrls += ok; break; @@ -1046,7 +999,7 @@ } } - end: +end: OSSL_STORE_close(ctx); if (failed == NULL) { int any = 0; @@ -1092,52 +1045,51 @@ } int load_key_certs_crls(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) + const char *pass, const char *desc, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, + X509 **pcert, STACK_OF(X509) **pcerts, + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) { return load_key_certs_crls_suppress(uri, format, maybe_stdin, pass, desc, - ppkey, ppubkey, pparams, pcert, pcerts, - pcrl, pcrls, 0); + ppkey, ppubkey, pparams, pcert, pcerts, + pcrl, pcrls, 0); } -#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) /* Return error for unknown extensions */ -#define X509V3_EXT_DEFAULT 0 +#define X509V3_EXT_DEFAULT 0 /* Print error for unknown extensions */ -#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) /* ASN1 parse unknown extensions */ -#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) /* BIO_dump unknown extensions */ -#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) -#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \ - X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION) +#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION) int set_cert_ex(unsigned long *flags, const char *arg) { static const NAME_EX_TBL cert_tbl[] = { - {"compatible", X509_FLAG_COMPAT, 0xffffffffl}, - {"ca_default", X509_FLAG_CA, 0xffffffffl}, - {"no_header", X509_FLAG_NO_HEADER, 0}, - {"no_version", X509_FLAG_NO_VERSION, 0}, - {"no_serial", X509_FLAG_NO_SERIAL, 0}, - {"no_signame", X509_FLAG_NO_SIGNAME, 0}, - {"no_validity", X509_FLAG_NO_VALIDITY, 0}, - {"no_subject", X509_FLAG_NO_SUBJECT, 0}, - {"no_issuer", X509_FLAG_NO_ISSUER, 0}, - {"no_pubkey", X509_FLAG_NO_PUBKEY, 0}, - {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, - {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, - {"no_aux", X509_FLAG_NO_AUX, 0}, - {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, - {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, - {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {NULL, 0, 0} + { "compatible", X509_FLAG_COMPAT, 0xffffffffl }, + { "ca_default", X509_FLAG_CA, 0xffffffffl }, + { "no_header", X509_FLAG_NO_HEADER, 0 }, + { "no_version", X509_FLAG_NO_VERSION, 0 }, + { "no_serial", X509_FLAG_NO_SERIAL, 0 }, + { "no_signame", X509_FLAG_NO_SIGNAME, 0 }, + { "no_validity", X509_FLAG_NO_VALIDITY, 0 }, + { "no_subject", X509_FLAG_NO_SUBJECT, 0 }, + { "no_issuer", X509_FLAG_NO_ISSUER, 0 }, + { "no_pubkey", X509_FLAG_NO_PUBKEY, 0 }, + { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0 }, + { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0 }, + { "no_aux", X509_FLAG_NO_AUX, 0 }, + { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0 }, + { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK }, + { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK }, + { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK }, + { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK }, + { NULL, 0, 0 } }; return set_multi_opts(flags, arg, cert_tbl); } @@ -1145,35 +1097,35 @@ int set_name_ex(unsigned long *flags, const char *arg) { static const NAME_EX_TBL ex_tbl[] = { - {"esc_2253", ASN1_STRFLGS_ESC_2253, 0}, - {"esc_2254", ASN1_STRFLGS_ESC_2254, 0}, - {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, - {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, - {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0}, - {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0}, - {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0}, - {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0}, - {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0}, - {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0}, - {"dump_der", ASN1_STRFLGS_DUMP_DER, 0}, - {"compat", XN_FLAG_COMPAT, 0xffffffffL}, - {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK}, - {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK}, - {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK}, - {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK}, - {"dn_rev", XN_FLAG_DN_REV, 0}, - {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, - {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, - {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, - {"align", XN_FLAG_FN_ALIGN, 0}, - {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, - {"space_eq", XN_FLAG_SPC_EQ, 0}, - {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, - {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL}, - {"oneline", XN_FLAG_ONELINE, 0xffffffffL}, - {"multiline", XN_FLAG_MULTILINE, 0xffffffffL}, - {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, - {NULL, 0, 0} + { "esc_2253", ASN1_STRFLGS_ESC_2253, 0 }, + { "esc_2254", ASN1_STRFLGS_ESC_2254, 0 }, + { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0 }, + { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0 }, + { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0 }, + { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0 }, + { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0 }, + { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0 }, + { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0 }, + { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0 }, + { "dump_der", ASN1_STRFLGS_DUMP_DER, 0 }, + { "compat", XN_FLAG_COMPAT, 0xffffffffL }, + { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK }, + { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK }, + { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK }, + { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK }, + { "dn_rev", XN_FLAG_DN_REV, 0 }, + { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK }, + { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK }, + { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK }, + { "align", XN_FLAG_FN_ALIGN, 0 }, + { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK }, + { "space_eq", XN_FLAG_SPC_EQ, 0 }, + { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0 }, + { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL }, + { "oneline", XN_FLAG_ONELINE, 0xffffffffL }, + { "multiline", XN_FLAG_MULTILINE, 0xffffffffL }, + { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL }, + { NULL, 0, 0 } }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; @@ -1239,13 +1191,13 @@ } ret = 1; - end: +end: sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); return ret; } static int set_multi_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL * in_tbl) + const NAME_EX_TBL *in_tbl) { STACK_OF(CONF_VALUE) *vals; CONF_VALUE *val; @@ -1263,7 +1215,7 @@ } static int set_table_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL * in_tbl) + const NAME_EX_TBL *in_tbl) { char c; const NAME_EX_TBL *ptbl; @@ -1321,7 +1273,7 @@ } void print_bignum_var(BIO *out, const BIGNUM *in, const char *var, - int len, unsigned char *buffer) + int len, unsigned char *buffer) { BIO_printf(out, " static unsigned char %s_%d[] = {", var, len); if (BN_is_zero(in)) { @@ -1341,7 +1293,7 @@ BIO_printf(out, "\n };\n"); } -void print_array(BIO *out, const char* title, int len, const unsigned char* d) +void print_array(BIO *out, const char *title, int len, const unsigned char *d) { int i; @@ -1358,8 +1310,8 @@ } X509_STORE *setup_verify(const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore) + const char *CApath, int noCApath, + const char *CAstore, int noCAstore) { X509_STORE *store = X509_STORE_new(); X509_LOOKUP *lookup; @@ -1375,13 +1327,14 @@ goto end; if (CAfile != NULL) { if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, - libctx, propq) <= 0) { + libctx, propq) + <= 0) { BIO_printf(bio_err, "Error loading file %s\n", CAfile); goto end; } } else { X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, - libctx, propq); + libctx, propq); } } @@ -1412,7 +1365,7 @@ ERR_clear_error(); return store; - end: +end: ERR_print_errors(bio_err); X509_STORE_free(store); return NULL; @@ -1429,12 +1382,14 @@ } static int index_serial_cmp(const OPENSSL_CSTRING *a, - const OPENSSL_CSTRING *b) + const OPENSSL_CSTRING *b) { const char *aa, *bb; - for (aa = a[DB_serial]; *aa == '0'; aa++) ; - for (bb = b[DB_serial]; *bb == '0'; bb++) ; + for (aa = a[DB_serial]; *aa == '0'; aa++) + ; + for (bb = b[DB_serial]; *bb == '0'; bb++) + ; return strcmp(aa, bb); } @@ -1460,7 +1415,7 @@ #undef BSIZE #define BSIZE 256 BIGNUM *load_serial(const char *serialfile, int *exists, int create, - ASN1_INTEGER **retai) + ASN1_INTEGER **retai) { BIO *in = NULL; BIGNUM *ret = NULL; @@ -1485,14 +1440,14 @@ BIO_printf(bio_err, "Out of memory\n"); } else if (!rand_serial(ret, ai)) { BIO_printf(bio_err, "Error creating random number to store in %s\n", - serialfile); + serialfile); BN_free(ret); ret = NULL; } } else { if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) { BIO_printf(bio_err, "Unable to load number from %s\n", - serialfile); + serialfile); goto err; } ret = ASN1_INTEGER_to_BN(ai, NULL); @@ -1506,7 +1461,7 @@ *retai = ai; ai = NULL; } - err: +err: if (ret == NULL) ERR_print_errors(bio_err); BIO_free(in); @@ -1515,7 +1470,7 @@ } int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, - ASN1_INTEGER **retai) + ASN1_INTEGER **retai) { char buf[1][BSIZE]; BIO *out = NULL; @@ -1557,7 +1512,7 @@ *retai = ai; ai = NULL; } - err: +err: if (!ret) ERR_print_errors(bio_err); BIO_free_all(out); @@ -1566,7 +1521,7 @@ } int rotate_serial(const char *serialfile, const char *new_suffix, - const char *old_suffix) + const char *old_suffix) { char buf[2][BSIZE]; int i, j; @@ -1590,21 +1545,21 @@ #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, - "Unable to rename %s to %s\n", serialfile, buf[1]); + "Unable to rename %s to %s\n", serialfile, buf[1]); perror("reason"); goto err; } if (rename(buf[0], serialfile) < 0) { BIO_printf(bio_err, - "Unable to rename %s to %s\n", buf[0], serialfile); + "Unable to rename %s to %s\n", buf[0], serialfile); perror("reason"); rename(buf[1], serialfile); goto err; } return 1; - err: +err: ERR_print_errors(bio_err); return 0; } @@ -1625,7 +1580,7 @@ ret = 1; - error: +error: if (btmp != b) BN_free(btmp); @@ -1653,7 +1608,7 @@ BIO_get_fp(in, &dbfp); if (fstat(fileno(dbfp), &dbst) == -1) { ERR_raise_data(ERR_LIB_SYS, errno, - "calling fstat(%s)", dbfile); + "calling fstat(%s)", dbfile); goto err; } #endif @@ -1684,15 +1639,17 @@ } else { ERR_clear_error(); } - } retdb->dbfname = OPENSSL_strdup(dbfile); + if (retdb->dbfname == NULL) + goto err; + #ifndef OPENSSL_NO_POSIX_IO retdb->dbst = dbst; #endif - err: +err: ERR_print_errors(bio_err); NCONF_free(dbattr_conf); TXT_DB_free(tmpdb); @@ -1706,24 +1663,24 @@ int index_index(CA_DB *db) { if (!TXT_DB_create_index(db->db, DB_serial, NULL, - LHASH_HASH_FN(index_serial), - LHASH_COMP_FN(index_serial))) { + LHASH_HASH_FN(index_serial), + LHASH_COMP_FN(index_serial))) { BIO_printf(bio_err, - "Error creating serial number index:(%ld,%ld,%ld)\n", - db->db->error, db->db->arg1, db->db->arg2); + "Error creating serial number index:(%ld,%ld,%ld)\n", + db->db->error, db->db->arg1, db->db->arg2); goto err; } if (db->attributes.unique_subject && !TXT_DB_create_index(db->db, DB_name, index_name_qual, - LHASH_HASH_FN(index_name), - LHASH_COMP_FN(index_name))) { + LHASH_HASH_FN(index_name), + LHASH_COMP_FN(index_name))) { BIO_printf(bio_err, "Error creating name index:(%ld,%ld,%ld)\n", - db->db->error, db->db->arg1, db->db->arg2); + db->db->error, db->db->arg1, db->db->arg2); goto err; } return 1; - err: +err: ERR_print_errors(bio_err); return 0; } @@ -1766,17 +1723,17 @@ goto err; } BIO_printf(out, "unique_subject = %s\n", - db->attributes.unique_subject ? "yes" : "no"); + db->attributes.unique_subject ? "yes" : "no"); BIO_free(out); return 1; - err: +err: ERR_print_errors(bio_err); return 0; } int rotate_index(const char *dbfile, const char *new_suffix, - const char *old_suffix) + const char *old_suffix) { char buf[5][BSIZE]; int i, j; @@ -1806,7 +1763,7 @@ #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, "Unable to rename %s to %s\n", dbfile, buf[1]); perror("reason"); goto err; @@ -1821,7 +1778,7 @@ #ifdef ENOTDIR && errno != ENOTDIR #endif - ) { + ) { BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[4], buf[3]); perror("reason"); rename(dbfile, buf[0]); @@ -1837,7 +1794,7 @@ goto err; } return 1; - err: +err: ERR_print_errors(bio_err); return 0; } @@ -1855,17 +1812,17 @@ { if (str) { switch (*str) { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - case '0': /* 0 */ + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + case '0': /* 0 */ return 0; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - case '1': /* 1 */ + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + case '1': /* 1 */ return 1; } } @@ -1878,7 +1835,7 @@ * and characters may be escaped by \ */ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, - const char *desc) + const char *desc) { int nextismulti = 0; char *work; @@ -1886,10 +1843,10 @@ if (*cp++ != '/') { BIO_printf(bio_err, - "%s: %s name is expected to be in the format " - "/type0=value0/type1=value1/type2=... where characters may " - "be escaped by \\. This name is not in that format: '%s'\n", - opt_getprog(), desc, --cp); + "%s: %s name is expected to be in the format " + "/type0=value0/type1=value1/type2=... where characters may " + "be escaped by \\. This name is not in that format: '%s'\n", + opt_getprog(), desc, --cp); return NULL; } @@ -1901,7 +1858,7 @@ work = OPENSSL_strdup(cp); if (work == NULL) { BIO_printf(bio_err, "%s: Error copying %s name input\n", - opt_getprog(), desc); + opt_getprog(), desc); goto err; } @@ -1919,8 +1876,8 @@ *bp++ = '\0'; if (*cp == '\0') { BIO_printf(bio_err, - "%s: Missing '=' after RDN type string '%s' in %s name string\n", - opt_getprog(), typestr, desc); + "%s: Missing '=' after RDN type string '%s' in %s name string\n", + opt_getprog(), typestr, desc); goto err; } ++cp; @@ -1935,8 +1892,8 @@ } if (*cp == '\\' && *++cp == '\0') { BIO_printf(bio_err, - "%s: Escape character at end of %s name string\n", - opt_getprog(), desc); + "%s: Escape character at end of %s name string\n", + opt_getprog(), desc); goto err; } } @@ -1950,27 +1907,27 @@ nid = OBJ_txt2nid(typestr); if (nid == NID_undef) { BIO_printf(bio_err, - "%s warning: Skipping unknown %s name attribute \"%s\"\n", - opt_getprog(), desc, typestr); + "%s warning: Skipping unknown %s name attribute \"%s\"\n", + opt_getprog(), desc, typestr); if (ismulti) BIO_printf(bio_err, - "%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n", - opt_getprog()); + "%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n", + opt_getprog()); continue; } if (*valstr == '\0') { BIO_printf(bio_err, - "%s warning: No value provided for %s name attribute \"%s\", skipped\n", - opt_getprog(), desc, typestr); + "%s warning: No value provided for %s name attribute \"%s\", skipped\n", + opt_getprog(), desc, typestr); continue; } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - valstr, strlen((char *)valstr), - -1, ismulti ? -1 : 0)) { + valstr, strlen((char *)valstr), + -1, ismulti ? -1 : 0)) { ERR_print_errors(bio_err); BIO_printf(bio_err, - "%s: Error adding %s name attribute \"/%s=%s\"\n", - opt_getprog(), desc, typestr ,valstr); + "%s: Error adding %s name attribute \"/%s=%s\"\n", + opt_getprog(), desc, typestr, valstr); goto err; } } @@ -1978,7 +1935,7 @@ OPENSSL_free(work); return n; - err: +err: X509_NAME_free(n); OPENSSL_free(work); return NULL; @@ -2042,7 +1999,7 @@ vtmp++; rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp); - err: +err: OPENSSL_free(stmp); return rv; } @@ -2072,7 +2029,7 @@ explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); BIO_printf(bio_err, "Require explicit Policy: %s\n", - explicit_policy ? "True" : "False"); + explicit_policy ? "True" : "False"); nodes_print("Authority", X509_policy_tree_get0_policies(tree)); nodes_print("User", X509_policy_tree_get0_user_policies(tree)); @@ -2119,7 +2076,7 @@ OPENSSL_free(out); return NULL; } - out[start-skipped] = (unsigned char)(i - start); + out[start - skipped] = (unsigned char)(i - start); start = i + 1; } else { out[i + 1 - skipped] = in[i]; @@ -2136,27 +2093,27 @@ } void print_cert_checks(BIO *bio, X509 *x, - const char *checkhost, - const char *checkemail, const char *checkip) + const char *checkhost, + const char *checkemail, const char *checkip) { if (x == NULL) return; if (checkhost) { BIO_printf(bio, "Hostname %s does%s match certificate\n", - checkhost, - X509_check_host(x, checkhost, 0, 0, NULL) == 1 - ? "" : " NOT"); + checkhost, + X509_check_host(x, checkhost, 0, 0, NULL) == 1 + ? "" + : " NOT"); } if (checkemail) { BIO_printf(bio, "Email %s does%s match certificate\n", - checkemail, X509_check_email(x, checkemail, 0, 0) - ? "" : " NOT"); + checkemail, X509_check_email(x, checkemail, 0, 0) ? "" : " NOT"); } if (checkip) { BIO_printf(bio, "IP %s does%s match certificate\n", - checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT"); + checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT"); } } @@ -2218,7 +2175,7 @@ } static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, - const char *md, STACK_OF(OPENSSL_STRING) *sigopts) + const char *md, STACK_OF(OPENSSL_STRING) *sigopts) { EVP_PKEY_CTX *pkctx = NULL; char def_md[80]; @@ -2230,18 +2187,18 @@ * for this algorithm. */ if (EVP_PKEY_get_default_digest_name(pkey, def_md, sizeof(def_md)) == 2 - && strcmp(def_md, "UNDEF") == 0) { + && strcmp(def_md, "UNDEF") == 0) { /* The signing algorithm requires there to be no digest */ md = NULL; } return EVP_DigestSignInit_ex(ctx, &pkctx, md, app_get0_libctx(), - app_get0_propq(), pkey, NULL) + app_get0_propq(), pkey, NULL) && do_pkey_ctx_init(pkctx, sigopts); } static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx, - const char *name, const char *value, int add_default) + const char *name, const char *value, int add_default) { const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert); X509_EXTENSION *new_ext = X509V3_EXT_nconf(NULL, ext_ctx, name, value); @@ -2261,7 +2218,7 @@ X509_EXTENSION_free(found_ext); } /* else keep existing key identifier, which might be outdated */ rv = 1; - } else { + } else { rv = !add_default || X509_add_ext(cert, new_ext, -1); } X509_EXTENSION_free(new_ext); @@ -2270,7 +2227,7 @@ /* Ensure RFC 5280 compliance, adapt keyIDs as needed, and sign the cert info */ int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx) + STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx) { const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert); EVP_MD_CTX *mctx = EVP_MD_CTX_new(); @@ -2294,20 +2251,20 @@ self_sign = X509_check_private_key(cert, pkey); ERR_pop_to_mark(); if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier", - "keyid, issuer", !self_sign)) + "keyid, issuer", !self_sign)) goto end; } if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0) rv = (X509_sign_ctx(cert, mctx) > 0); - end: +end: EVP_MD_CTX_free(mctx); return rv; } /* Sign the certificate request info */ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts) + STACK_OF(OPENSSL_STRING) *sigopts) { int rv = 0; EVP_MD_CTX *mctx = EVP_MD_CTX_new(); @@ -2320,7 +2277,7 @@ /* Sign the CRL info */ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts) + STACK_OF(OPENSSL_STRING) *sigopts) { int rv = 0; EVP_MD_CTX *mctx = EVP_MD_CTX_new(); @@ -2351,13 +2308,13 @@ * 0 if the signature check fails, or -1 if error occurs. */ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, - STACK_OF(OPENSSL_STRING) *vfyopts) + STACK_OF(OPENSSL_STRING) *vfyopts) { int rv = 0; if (do_x509_req_init(x, vfyopts) > 0) rv = X509_REQ_verify_ex(x, pkey, - app_get0_libctx(), app_get0_propq()); + app_get0_libctx(), app_get0_propq()); else rv = -1; return rv; @@ -2411,7 +2368,7 @@ */ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx, - const X509_NAME *nm) + const X509_NAME *nm) { X509 *x; STACK_OF(X509_CRL) *crls = NULL; @@ -2483,15 +2440,14 @@ BIO *sbio = NULL; X509_STORE *ts = SSL_CTX_get_cert_store(ssl_ctx); X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); - const char *host = vpm == NULL ? NULL : - X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */); + const char *host = vpm == NULL ? NULL : X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */); /* adapt after fixing callback design flaw, see #17088 */ if ((info->use_proxy - && !OSSL_HTTP_proxy_connect(bio, info->server, info->port, - NULL, NULL, /* no proxy credentials */ - info->timeout, bio_err, opt_getprog())) - || (sbio = BIO_new(BIO_f_ssl())) == NULL) { + && !OSSL_HTTP_proxy_connect(bio, info->server, info->port, + NULL, NULL, /* no proxy credentials */ + info->timeout, bio_err, opt_getprog())) + || (sbio = BIO_new(BIO_f_ssl())) == NULL) { return NULL; } if (ssl_ctx == NULL || (ssl = SSL_new(ssl_ctx)) == NULL) { @@ -2537,10 +2493,10 @@ } ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, - const char *no_proxy, SSL_CTX *ssl_ctx, - const STACK_OF(CONF_VALUE) *headers, - long timeout, const char *expected_content_type, - const ASN1_ITEM *it) + const char *no_proxy, SSL_CTX *ssl_ctx, + const STACK_OF(CONF_VALUE) *headers, + long timeout, const char *expected_content_type, + const ASN1_ITEM *it) { APP_HTTP_TLS_INFO info; char *server; @@ -2555,16 +2511,16 @@ } if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL /* userinfo */, &server, &port, - NULL /* port_num, */, NULL, NULL, NULL)) + NULL /* port_num, */, NULL, NULL, NULL)) return NULL; if (use_ssl && ssl_ctx == NULL) { ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER, - "missing SSL_CTX"); + "missing SSL_CTX"); goto end; } if (!use_ssl && ssl_ctx != NULL) { ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT, - "SSL_CTX given but use_ssl == 0"); + "SSL_CTX given but use_ssl == 0"); goto end; } @@ -2575,27 +2531,26 @@ info.timeout = timeout; info.ssl_ctx = ssl_ctx; mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL /* bio */, NULL /* rbio */, - app_http_tls_cb, &info, 0 /* buf_size */, headers, - expected_content_type, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); + app_http_tls_cb, &info, 0 /* buf_size */, headers, + expected_content_type, 1 /* expect_asn1 */, + OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); resp = ASN1_item_d2i_bio(it, mem, NULL); BIO_free(mem); - end: +end: OPENSSL_free(server); OPENSSL_free(port); return resp; - } ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, - const char *path, const char *proxy, - const char *no_proxy, SSL_CTX *ssl_ctx, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, - const char *expected_content_type, - long timeout, const ASN1_ITEM *rsp_it) + const char *path, const char *proxy, + const char *no_proxy, SSL_CTX *ssl_ctx, + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, + ASN1_VALUE *req, const ASN1_ITEM *req_it, + const char *expected_content_type, + long timeout, const ASN1_ITEM *rsp_it) { int use_ssl = ssl_ctx != NULL; APP_HTTP_TLS_INFO info; @@ -2612,12 +2567,12 @@ info.timeout = timeout; info.ssl_ctx = ssl_ctx; rsp = OSSL_HTTP_transfer(NULL, host, port, path, use_ssl, - proxy, no_proxy, NULL /* bio */, NULL /* rbio */, - app_http_tls_cb, &info, - 0 /* buf_size */, headers, content_type, req_mem, - expected_content_type, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout, - 0 /* keep_alive */); + proxy, no_proxy, NULL /* bio */, NULL /* rbio */, + app_http_tls_cb, &info, + 0 /* buf_size */, headers, content_type, req_mem, + expected_content_type, 1 /* expect_asn1 */, + OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout, + 0 /* keep_alive */); BIO_free(req_mem); res = ASN1_item_d2i_bio(rsp_it, rsp, NULL); BIO_free(rsp); @@ -2630,13 +2585,13 @@ * Platform-specific sections */ #if defined(_WIN32) -# ifdef fileno -# undef fileno -# define fileno(a) (int)_fileno(a) -# endif +#ifdef fileno +#undef fileno +#define fileno(a) (int)_fileno(a) +#endif -# include -# include +#include +#include static int WIN32_rename(const char *from, const char *to) { @@ -2647,21 +2602,21 @@ if (sizeof(TCHAR) == 1) { tfrom = (TCHAR *)from; tto = (TCHAR *)to; - } else { /* UNICODE path */ + } else { /* UNICODE path */ size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1; tfrom = malloc(sizeof(*tfrom) * (flen + tlen)); if (tfrom == NULL) goto err; tto = tfrom + flen; -# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 +#if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen)) -# endif +#endif for (i = 0; i < flen; i++) tfrom[i] = (TCHAR)from[i]; -# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 +#if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen)) -# endif +#endif for (i = 0; i < tlen; i++) tto[i] = (TCHAR)to[i]; } @@ -2679,10 +2634,10 @@ else if (err == ERROR_ACCESS_DENIED) errno = EACCES; else - errno = EINVAL; /* we could map more codes... */ - err: + errno = EINVAL; /* we could map more codes... */ +err: ret = -1; - ok: +ok: if (tfrom != NULL && tfrom != (TCHAR *)from) free(tfrom); return ret; @@ -2697,28 +2652,28 @@ double ret = 0; static ULARGE_INTEGER tmstart; static int warning = 1; -# ifdef _WIN32_WINNT +#ifdef _WIN32_WINNT static HANDLE proc = NULL; if (proc == NULL) { if (check_winnt()) proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, - GetCurrentProcessId()); + GetCurrentProcessId()); if (proc == NULL) - proc = (HANDLE) - 1; + proc = (HANDLE)-1; } - if (usertime && proc != (HANDLE) - 1) { + if (usertime && proc != (HANDLE)-1) { FILETIME junk; GetProcessTimes(proc, &junk, &junk, &junk, &now); } else -# endif +#endif { SYSTEMTIME systime; if (usertime && warning) { BIO_printf(bio_err, "To get meaningful results, run " - "this program on idle system.\n"); + "this program on idle system.\n"); warning = 0; } GetSystemTime(&systime); @@ -2740,44 +2695,44 @@ return ret; } #elif defined(OPENSSL_SYS_VXWORKS) -# include +#include double app_tminterval(int stop, int usertime) { double ret = 0; -# ifdef CLOCK_REALTIME +#ifdef CLOCK_REALTIME static struct timespec tmstart; struct timespec now; -# else +#else static unsigned long tmstart; unsigned long now; -# endif +#endif static int warning = 1; if (usertime && warning) { BIO_printf(bio_err, "To get meaningful results, run " - "this program on idle system.\n"); + "this program on idle system.\n"); warning = 0; } -# ifdef CLOCK_REALTIME +#ifdef CLOCK_REALTIME clock_gettime(CLOCK_REALTIME, &now); if (stop == TM_START) tmstart = now; else ret = ((now.tv_sec + now.tv_nsec * 1e-9) - - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9)); -# else + - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9)); +#else now = tickGet(); if (stop == TM_START) tmstart = now; else ret = (now - tmstart) / (double)sysClkRateGet(); -# endif +#endif return ret; } -#elif defined(_SC_CLK_TCK) /* by means of unistd.h */ -# include +#elif defined(_SC_CLK_TCK) /* by means of unistd.h */ +#include double app_tminterval(int stop, int usertime) { @@ -2800,8 +2755,8 @@ } #else -# include -# include +#include +#include double app_tminterval(int stop, int usertime) { @@ -2819,13 +2774,13 @@ tmstart = now; else ret = ((now.tv_sec + now.tv_usec * 1e-6) - - (tmstart.tv_sec + tmstart.tv_usec * 1e-6)); + - (tmstart.tv_sec + tmstart.tv_usec * 1e-6)); return ret; } #endif -int app_access(const char* name, int flag) +int app_access(const char *name, int flag) { #ifdef _WIN32 return _access(name, flag); @@ -2841,12 +2796,12 @@ /* raw_read|write section */ #if defined(__VMS) -# include "vms_term_sock.h" +#include "vms_term_sock.h" static int stdin_sock = -1; static void close_stdin_sock(void) { - TerminalSocket (TERM_SOCK_DELETE, &stdin_sock); + TerminalSocket(TERM_SOCK_DELETE, &stdin_sock); } int fileno_stdin(void) @@ -2880,18 +2835,18 @@ return -1; } #elif defined(__VMS) -# include +#include int raw_read_stdin(void *buf, int siz) { return recv(fileno_stdin(), buf, siz, 0); } #else -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif +#if defined(__TANDEM) +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif +#endif int raw_read_stdin(void *buf, int siz) { return read(fileno_stdin(), buf, siz); @@ -2908,21 +2863,21 @@ return -1; } #elif defined(OPENSSL_SYS_TANDEM) && defined(OPENSSL_THREADS) && defined(_SPT_MODEL_) -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif -int raw_write_stdout(const void *buf,int siz) +#if defined(__TANDEM) +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif +#endif +int raw_write_stdout(const void *buf, int siz) { - return write(fileno(stdout),(void*)buf,siz); + return write(fileno(stdout), (void *)buf, siz); } #else -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif +#if defined(__TANDEM) +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif +#endif int raw_write_stdout(const void *buf, int siz) { return write(fileno_stdout(), buf, siz); @@ -2939,13 +2894,13 @@ BIO *dup_bio_in(int format) { return BIO_new_fp(stdin, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); } BIO *dup_bio_out(int format) { BIO *b = BIO_new_fp(stdout, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); void *prefix = NULL; if (b == NULL) @@ -2968,7 +2923,7 @@ BIO *dup_bio_err(int format) { BIO *b = BIO_new_fp(stderr, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); #ifdef OPENSSL_SYS_VMS if (b != NULL && FMT_istext(format)) b = BIO_push(BIO_new(BIO_f_linebuffer()), b); @@ -2986,12 +2941,12 @@ * temporarily. */ #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment save -# pragma message disable maylosedata2 +#pragma environment save +#pragma message disable maylosedata2 #endif setbuf(fp, NULL); #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment restore +#pragma environment restore #endif } @@ -3042,21 +2997,21 @@ textmode = FMT_istext(format); #ifndef OPENSSL_NO_POSIX_IO mode = O_WRONLY; -# ifdef O_CREAT +#ifdef O_CREAT mode |= O_CREAT; -# endif -# ifdef O_TRUNC +#endif +#ifdef O_TRUNC mode |= O_TRUNC; -# endif +#endif if (!textmode) { -# ifdef O_BINARY +#ifdef O_BINARY mode |= O_BINARY; -# elif defined(_O_BINARY) +#elif defined(_O_BINARY) mode |= _O_BINARY; -# endif +#endif } -# ifdef OPENSSL_SYS_VMS +#ifdef OPENSSL_SYS_VMS /* VMS doesn't have O_BINARY, it just doesn't make sense. But, * it still needs to know that we're going binary, or fdopen() * will fail with "invalid argument"... so we tell VMS what the @@ -3065,15 +3020,15 @@ if (!textmode) fd = open(filename, mode, 0600, "ctx=bin"); else -# endif +#endif fd = open(filename, mode, 0600); if (fd < 0) goto err; fp = fdopen(fd, modestr('w', format)); -#else /* OPENSSL_NO_POSIX_IO */ +#else /* OPENSSL_NO_POSIX_IO */ /* Have stdio but not Posix IO, do the best we can */ fp = fopen(filename, modestr('w', format)); -#endif /* OPENSSL_NO_POSIX_IO */ +#endif /* OPENSSL_NO_POSIX_IO */ if (fp == NULL) goto err; bflags = BIO_CLOSE; @@ -3083,9 +3038,9 @@ if (b != NULL) return b; - err: +err: BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n", - opt_getprog(), filename, strerror(errno)); + opt_getprog(), filename, strerror(errno)); ERR_print_errors(bio_err); /* If we have fp, then fdopen took over fd, so don't close both. */ if (fp != NULL) @@ -3098,7 +3053,7 @@ } static BIO *bio_open_default_(const char *filename, char mode, int format, - int quiet) + int quiet) { BIO *ret; @@ -3111,8 +3066,8 @@ if (ret != NULL) return ret; BIO_printf(bio_err, - "Can't open %s, %s\n", - mode == 'r' ? "stdin" : "stdout", strerror(errno)); + "Can't open %s, %s\n", + mode == 'r' ? "stdin" : "stdout", strerror(errno)); } else { ret = BIO_new_file(filename, modestr(mode, format)); if (quiet) { @@ -3122,8 +3077,8 @@ if (ret != NULL) return ret; BIO_printf(bio_err, - "Can't open \"%s\" for %s, %s\n", - filename, modeverb(mode), strerror(errno)); + "Can't open \"%s\" for %s, %s\n", + filename, modeverb(mode), strerror(errno)); } ERR_print_errors(bio_err); return NULL; @@ -3174,7 +3129,7 @@ #if defined(OPENSSL_SYS_MSDOS) int has_stdin_waiting(void) { -# if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE); DWORD events = 0; INPUT_RECORD inputrec; @@ -3193,7 +3148,7 @@ } return 0; } -# endif +#endif return _kbhit(); } #endif @@ -3201,12 +3156,12 @@ /* Corrupt a signature by modifying final byte */ void corrupt_signature(const ASN1_STRING *signature) { - unsigned char *s = signature->data; - s[signature->length - 1] ^= 0x1; + unsigned char *s = signature->data; + s[signature->length - 1] ^= 0x1; } int set_cert_times(X509 *x, const char *startdate, const char *enddate, - int days) + int days) { if (startdate == NULL || strcmp(startdate, "today") == 0) { if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL) @@ -3251,7 +3206,7 @@ } int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate, - long days, long hours, long secs) + long days, long hours, long secs) { int ret = 0; ASN1_TIME *tm = ASN1_TIME_new(); @@ -3297,7 +3252,7 @@ } OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, - const OSSL_PARAM *paramdefs) + const OSSL_PARAM *paramdefs) { OSSL_PARAM *params = NULL; size_t sz = (size_t)sk_OPENSSL_STRING_num(opts); @@ -3322,7 +3277,7 @@ /* Skip over the separator so that vmtp points to the value */ vtmp++; if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], paramdefs, - stmp, vtmp, strlen(vtmp), &found)) + stmp, vtmp, strlen(vtmp), &found)) goto err; OPENSSL_free(stmp); } @@ -3331,7 +3286,7 @@ err: OPENSSL_free(stmp); BIO_printf(bio_err, "Parameter %s '%s'\n", found ? "error" : "unknown", - opt); + opt); ERR_print_errors(bio_err); app_params_free(params); return NULL; @@ -3361,10 +3316,10 @@ } if (!RAND_status()) BIO_printf(bio_err, "Warning: generating random key material may take a long time\n" - "if the system has a poor entropy source\n"); + "if the system has a poor entropy source\n"); if (EVP_PKEY_keygen(ctx, &res) <= 0) BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(), - alg != NULL ? alg : "asymmetric"); + alg != NULL ? alg : "asymmetric"); return res; } @@ -3374,10 +3329,10 @@ if (!RAND_status()) BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n" - "if the system has a poor entropy source\n"); + "if the system has a poor entropy source\n"); if (EVP_PKEY_paramgen(ctx, &res) <= 0) BIO_printf(bio_err, "%s: Generating %s key parameters failed\n", - opt_getprog(), alg != NULL ? alg : "asymmetric"); + opt_getprog(), alg != NULL ? alg : "asymmetric"); return res; } --- crypto/openssl/apps/lib/apps_ui.c.orig +++ crypto/openssl/apps/lib/apps_ui.c @@ -32,17 +32,14 @@ && UI_get0_user_data(ui)) { switch (UI_get_string_type(uis)) { case UIT_PROMPT: - case UIT_VERIFY: - { - const char *password = - ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - - if (password != NULL) { - UI_set_result(ui, uis, password); - return 1; - } + case UIT_VERIFY: { + const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; + + if (password != NULL) { + UI_set_result(ui, uis, password); + return 1; } - break; + } break; case UIT_NONE: case UIT_BOOLEAN: case UIT_INFO: @@ -67,15 +64,12 @@ && UI_get0_user_data(ui)) { switch (UI_get_string_type(uis)) { case UIT_PROMPT: - case UIT_VERIFY: - { - const char *password = - ((PW_CB_DATA *)UI_get0_user_data(ui))->password; + case UIT_VERIFY: { + const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password != NULL) - return 1; - } - break; + if (password != NULL) + return 1; + } break; case UIT_NONE: case UIT_BOOLEAN: case UIT_INFO: @@ -101,7 +95,7 @@ /* object_name defaults to prompt_info from ui user data if present */ static char *ui_prompt_construct(UI *ui, const char *phrase_desc, - const char *object_name) + const char *object_name) { PW_CB_DATA *cb_data = (PW_CB_DATA *)UI_get0_user_data(ui); @@ -132,8 +126,7 @@ && 0 == UI_method_set_reader(ui_method, ui_read) && 0 == UI_method_set_writer(ui_method, ui_write) && 0 == UI_method_set_closer(ui_method, ui_close) - && 0 == UI_method_set_prompt_constructor(ui_method, - ui_prompt_construct); + && 0 == UI_method_set_prompt_constructor(ui_method, ui_prompt_construct); } void destroy_ui_method(void) @@ -190,12 +183,12 @@ (void)UI_add_user_data(ui, cb_data); ok = UI_add_input_string(ui, prompt, ui_flags, buf, - PW_MIN_LENGTH, bufsiz - 1); + PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = ui_malloc(bufsiz, "password buffer"); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, - PW_MIN_LENGTH, bufsiz - 1, buf); + PW_MIN_LENGTH, bufsiz - 1, buf); } if (ok >= 0) do { --- crypto/openssl/apps/lib/cmp_mock_srv.c.orig +++ crypto/openssl/apps/lib/cmp_mock_srv.c @@ -18,18 +18,17 @@ /* the context for the CMP mock server */ typedef struct { - X509 *certOut; /* certificate to be returned in cp/ip/kup msg */ - STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */ + X509 *certOut; /* certificate to be returned in cp/ip/kup msg */ + STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */ STACK_OF(X509) *caPubsOut; /* certs to return in caPubs field of ip msg */ OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */ - int sendError; /* send error response on given request type */ - OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */ - int pollCount; /* number of polls before actual cert response */ - int curr_pollCount; /* number of polls so far for current request */ - int checkAfterTime; /* time the client should wait between polling */ + int sendError; /* send error response on given request type */ + OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */ + int pollCount; /* number of polls before actual cert response */ + int curr_pollCount; /* number of polls so far for current request */ + int checkAfterTime; /* time the client should wait between polling */ } mock_srv_ctx; - static void mock_srv_ctx_free(mock_srv_ctx *ctx) { if (ctx == NULL) @@ -57,7 +56,7 @@ /* all other elements are initialized to 0 or NULL, respectively */ return ctx; - err: +err: mock_srv_ctx_free(ctx); return NULL; } @@ -79,7 +78,7 @@ } int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *chain) + STACK_OF(X509) *chain) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); STACK_OF(X509) *chain_copy = NULL; @@ -96,7 +95,7 @@ } int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *caPubs) + STACK_OF(X509) *caPubs) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); STACK_OF(X509) *caPubs_copy = NULL; @@ -113,7 +112,7 @@ } int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status, - int fail_info, const char *text) + int fail_info, const char *text) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); OSSL_CMP_PKISI *si; @@ -171,24 +170,24 @@ } static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *cert_req, - ossl_unused int certReqId, - const OSSL_CRMF_MSG *crm, - const X509_REQ *p10cr, - X509 **certOut, - STACK_OF(X509) **chainOut, - STACK_OF(X509) **caPubs) + const OSSL_CMP_MSG *cert_req, + ossl_unused int certReqId, + const OSSL_CRMF_MSG *crm, + const X509_REQ *p10cr, + X509 **certOut, + STACK_OF(X509) **chainOut, + STACK_OF(X509) **caPubs) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); OSSL_CMP_PKISI *si = NULL; if (ctx == NULL || cert_req == NULL - || certOut == NULL || chainOut == NULL || caPubs == NULL) { + || certOut == NULL || chainOut == NULL || caPubs == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return NULL; } if (ctx->sendError == 1 - || ctx->sendError == OSSL_CMP_MSG_get_bodytype(cert_req)) { + || ctx->sendError == OSSL_CMP_MSG_get_bodytype(cert_req)) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return NULL; } @@ -213,7 +212,7 @@ ctx->curr_pollCount = 0; if (OSSL_CMP_MSG_get_bodytype(cert_req) == OSSL_CMP_KUR - && crm != NULL && ctx->certOut != NULL) { + && crm != NULL && ctx->certOut != NULL) { const OSSL_CRMF_CERTID *cid = OSSL_CRMF_MSG_get0_regCtrl_oldCertID(crm); const X509_NAME *issuer = X509_get_issuer_name(ctx->certOut); const ASN1_INTEGER *serial = X509_get0_serialNumber(ctx->certOut); @@ -229,27 +228,28 @@ } if (serial != NULL && ASN1_INTEGER_cmp(serial, - OSSL_CRMF_CERTID_get0_serialNumber(cid)) != 0) { + OSSL_CRMF_CERTID_get0_serialNumber(cid)) + != 0) { ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID); return NULL; } } if (ctx->certOut != NULL - && (*certOut = X509_dup(ctx->certOut)) == NULL) + && (*certOut = X509_dup(ctx->certOut)) == NULL) goto err; if (ctx->chainOut != NULL - && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL) + && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL) goto err; if (ctx->caPubsOut != NULL - && (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL) + && (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL) goto err; if (ctx->statusOut != NULL - && (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL) + && (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL) goto err; return si; - err: +err: X509_free(*certOut); *certOut = NULL; sk_X509_pop_free(*chainOut, X509_free); @@ -260,9 +260,9 @@ } static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *rr, - const X509_NAME *issuer, - const ASN1_INTEGER *serial) + const OSSL_CMP_MSG *rr, + const X509_NAME *issuer, + const ASN1_INTEGER *serial) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); @@ -271,7 +271,7 @@ return NULL; } if (ctx->certOut == NULL || ctx->sendError == 1 - || ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) { + || ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return NULL; } @@ -282,19 +282,20 @@ /* accept revocation only for the certificate we sent in ir/cr/kur */ if (X509_NAME_cmp(issuer, X509_get_issuer_name(ctx->certOut)) != 0 - || ASN1_INTEGER_cmp(serial, - X509_get0_serialNumber(ctx->certOut)) != 0) { + || ASN1_INTEGER_cmp(serial, + X509_get0_serialNumber(ctx->certOut)) + != 0) { ERR_raise_data(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED, - "wrong certificate to revoke"); + "wrong certificate to revoke"); return NULL; } return OSSL_CMP_PKISI_dup(ctx->statusOut); } static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *genm, - const STACK_OF(OSSL_CMP_ITAV) *in, - STACK_OF(OSSL_CMP_ITAV) **out) + const OSSL_CMP_MSG *genm, + const STACK_OF(OSSL_CMP_ITAV) *in, + STACK_OF(OSSL_CMP_ITAV) **out) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); @@ -303,21 +304,21 @@ return 0; } if (ctx->sendError == 1 - || ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm) - || sk_OSSL_CMP_ITAV_num(in) > 1) { + || ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm) + || sk_OSSL_CMP_ITAV_num(in) > 1) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return 0; } *out = sk_OSSL_CMP_ITAV_deep_copy(in, OSSL_CMP_ITAV_dup, - OSSL_CMP_ITAV_free); + OSSL_CMP_ITAV_free); return *out != NULL; } static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error, - const OSSL_CMP_PKISI *statusInfo, - const ASN1_INTEGER *errorCode, - const OSSL_CMP_PKIFREETEXT *errorDetails) + const OSSL_CMP_PKISI *statusInfo, + const ASN1_INTEGER *errorCode, + const OSSL_CMP_PKIFREETEXT *errorDetails) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); char buf[OSSL_CMP_PKISI_BUFLEN]; @@ -336,7 +337,7 @@ } else { sibuf = OSSL_CMP_snprint_PKIStatusInfo(statusInfo, buf, sizeof(buf)); BIO_printf(bio_err, "pkiStatusInfo: %s\n", - sibuf != NULL ? sibuf: ""); + sibuf != NULL ? sibuf : ""); } if (errorCode == NULL) @@ -353,7 +354,7 @@ BIO_printf(bio_err, ", "); BIO_printf(bio_err, "\""); ASN1_STRING_print(bio_err, - sk_ASN1_UTF8STRING_value(errorDetails, i)); + sk_ASN1_UTF8STRING_value(errorDetails, i)); BIO_printf(bio_err, "\""); } BIO_printf(bio_err, "\n"); @@ -361,10 +362,10 @@ } static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *certConf, - ossl_unused int certReqId, - const ASN1_OCTET_STRING *certHash, - const OSSL_CMP_PKISI *si) + const OSSL_CMP_MSG *certConf, + ossl_unused int certReqId, + const ASN1_OCTET_STRING *certHash, + const OSSL_CMP_PKISI *si) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); ASN1_OCTET_STRING *digest; @@ -374,8 +375,8 @@ return 0; } if (ctx->sendError == 1 - || ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf) - || ctx->certOut == NULL) { + || ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf) + || ctx->certOut == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return 0; } @@ -392,19 +393,19 @@ } static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *pollReq, - ossl_unused int certReqId, - OSSL_CMP_MSG **certReq, int64_t *check_after) + const OSSL_CMP_MSG *pollReq, + ossl_unused int certReqId, + OSSL_CMP_MSG **certReq, int64_t *check_after) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); if (ctx == NULL || pollReq == NULL - || certReq == NULL || check_after == NULL) { + || certReq == NULL || check_after == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return 0; } if (ctx->sendError == 1 - || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) { + || ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) { *certReq = NULL; ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return 0; @@ -434,9 +435,9 @@ mock_srv_ctx *ctx = mock_srv_ctx_new(); if (srv_ctx != NULL && ctx != NULL - && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request, - process_rr, process_genm, process_error, - process_certConf, process_pollReq)) + && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request, + process_rr, process_genm, process_error, + process_certConf, process_pollReq)) return srv_ctx; mock_srv_ctx_free(ctx); --- crypto/openssl/apps/lib/columns.c.orig +++ crypto/openssl/apps/lib/columns.c @@ -24,4 +24,3 @@ dc->width = maxlen + 2; dc->columns = (80 - 1) / dc->width; } - --- crypto/openssl/apps/lib/engine.c.orig +++ crypto/openssl/apps/lib/engine.c @@ -19,7 +19,7 @@ #include /* Ensure we have the ENGINE type, regardless */ #include #ifndef OPENSSL_NO_ENGINE -# include +#include #endif #include "apps.h" @@ -60,8 +60,8 @@ if (debug) (void)ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0); if (!ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, - (void *)get_ui_method(), 0, 1) - || !ENGINE_set_default(e, methods)) { + (void *)get_ui_method(), 0, 1) + || !ENGINE_set_default(e, methods)) { BIO_printf(bio_err, "Cannot use engine \"%s\"\n", ENGINE_get_id(e)); ERR_print_errors(bio_err); ENGINE_free(e); @@ -113,8 +113,7 @@ BIO_printf(bio_err, "No engine key id specified for loading %s\n", desc); } else { const char *engineid = ENGINE_get_id(e); - size_t uri_sz = - sizeof(ENGINE_SCHEME_COLON) - 1 + size_t uri_sz = sizeof(ENGINE_SCHEME_COLON) - 1 + strlen(engineid) + 1 /* : */ + strlen(key_id) @@ -151,9 +150,9 @@ ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1); else #endif - /* We're only interested if it comes from an ENGINE */ - if (tmpeng == NULL) - ameth = NULL; + /* We're only interested if it comes from an ENGINE */ + if (tmpeng == NULL) + ameth = NULL; ERR_pop_to_mark(); if (ameth == NULL) --- crypto/openssl/apps/lib/engine_loader.c.orig +++ crypto/openssl/apps/lib/engine_loader.c @@ -18,10 +18,10 @@ #ifndef OPENSSL_NO_ENGINE -# include -# include -# include -# include +#include +#include +#include +#include /* * Support for legacy private engine keys via the 'org.openssl.engine:' scheme @@ -35,10 +35,10 @@ /* Local definition of OSSL_STORE_LOADER_CTX */ struct ossl_store_loader_ctx_st { - ENGINE *e; /* Structural reference */ + ENGINE *e; /* Structural reference */ char *keyid; int expected; - int loaded; /* 0 = key not loaded yet, 1 = key loaded */ + int loaded; /* 0 = key not loaded yet, 1 = key loaded */ }; static OSSL_STORE_LOADER_CTX *OSSL_STORE_LOADER_CTX_new(ENGINE *e, char *keyid) @@ -62,9 +62,9 @@ } static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader, - const char *uri, - const UI_METHOD *ui_method, - void *ui_data) + const char *uri, + const UI_METHOD *ui_method, + void *ui_data) { const char *p = uri, *q; ENGINE *e = NULL; @@ -78,9 +78,9 @@ /* Look for engine ID */ q = strchr(p, ':'); - if (q != NULL /* There is both an engine ID and a key ID */ - && p[0] != ':' /* The engine ID is at least one character */ - && q[1] != '\0') { /* The key ID is at least one character */ + if (q != NULL /* There is both an engine ID and a key ID */ + && p[0] != ':' /* The engine ID is at least one character */ + && q[1] != '\0') { /* The key ID is at least one character */ char engineid[256]; size_t engineid_l = q - p; @@ -114,7 +114,7 @@ } static OSSL_STORE_INFO *engine_load(OSSL_STORE_LOADER_CTX *ctx, - const UI_METHOD *ui_method, void *ui_data) + const UI_METHOD *ui_method, void *ui_data) { EVP_PKEY *pkey = NULL, *pubkey = NULL; OSSL_STORE_INFO *info = NULL; @@ -123,14 +123,12 @@ if (ENGINE_init(ctx->e)) { if (ctx->expected == 0 || ctx->expected == OSSL_STORE_INFO_PKEY) - pkey = - ENGINE_load_private_key(ctx->e, ctx->keyid, - (UI_METHOD *)ui_method, ui_data); + pkey = ENGINE_load_private_key(ctx->e, ctx->keyid, + (UI_METHOD *)ui_method, ui_data); if ((pkey == NULL && ctx->expected == 0) || ctx->expected == OSSL_STORE_INFO_PUBKEY) - pubkey = - ENGINE_load_public_key(ctx->e, ctx->keyid, - (UI_METHOD *)ui_method, ui_data); + pubkey = ENGINE_load_public_key(ctx->e, ctx->keyid, + (UI_METHOD *)ui_method, ui_data); ENGINE_finish(ctx->e); } } @@ -189,7 +187,7 @@ OSSL_STORE_LOADER_free(loader); } -#else /* !OPENSSL_NO_ENGINE */ +#else /* !OPENSSL_NO_ENGINE */ int setup_engine_loader(void) { --- crypto/openssl/apps/lib/http_server.c.orig +++ crypto/openssl/apps/lib/http_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ * On VMS, you need to define this to get the declaration of fileno(). The * value 2 is to make sure no function defined in POSIX-2 is left undefined. */ -# define _POSIX_C_SOURCE 2 +#define _POSIX_C_SOURCE 2 #endif #include @@ -26,22 +26,22 @@ #include "s_apps.h" #if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif #endif static int verbosity = LOG_INFO; #define HTTP_PREFIX "HTTP/" #define HTTP_VERSION_PATT "1." /* allow 1.x */ -#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT -#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */ +#define HTTP_PREFIX_VERSION HTTP_PREFIX "" HTTP_VERSION_PATT +#define HTTP_1_0 HTTP_PREFIX_VERSION "0" /* "HTTP/1.0" */ #ifdef HTTP_DAEMON int multi = 0; /* run multiple responder processes */ -int acfd = (int) INVALID_SOCKET; +int acfd = (int)INVALID_SOCKET; static int print_syslog(const char *str, size_t len, void *levPtr) { @@ -123,7 +123,7 @@ if (setpgid(0, 0)) { syslog(LOG_ERR, "fatal: error detaching from parent process group: %s", - strerror(errno)); + strerror(errno)); exit(1); } kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array"); @@ -151,21 +151,21 @@ } if (i >= multi) { syslog(LOG_ERR, "fatal: internal error: " - "no matching child slot for pid: %ld", - (long) fpid); + "no matching child slot for pid: %ld", + (long)fpid); killall(1, kidpids); } if (status != 0) { if (WIFEXITED(status)) syslog(LOG_WARNING, "child process: %ld, exit status: %d", - (long)fpid, WEXITSTATUS(status)); + (long)fpid, WEXITSTATUS(status)); else if (WIFSIGNALED(status)) syslog(LOG_WARNING, "child process: %ld, term signal %d%s", - (long)fpid, WTERMSIG(status), -# ifdef WCOREDUMP - WCOREDUMP(status) ? " (core dumped)" : -# endif - ""); + (long)fpid, WTERMSIG(status), +#ifdef WCOREDUMP + WCOREDUMP(status) ? " (core dumped)" : +#endif + ""); ossl_sleep(1000); } break; @@ -193,7 +193,7 @@ _exit(1); } return; - default: /* parent */ + default: /* parent */ for (i = 0; i < multi; ++i) { if (kidpids[i] == 0) { kidpids[i] = fpid; @@ -222,7 +222,7 @@ int asock; char name[40]; - snprintf(name, sizeof(name), "[::]:%s", port); /* port may be "0" */ + BIO_snprintf(name, sizeof(name), "[::]:%s", port); /* port may be "0" */ bufbio = BIO_new(BIO_f_buffer()); if (bufbio == NULL) goto err; @@ -251,7 +251,7 @@ return acbio; - err: +err: BIO_free_all(acbio); BIO_free(bufbio); return NULL; @@ -284,10 +284,10 @@ /* if *pcbio != NULL, continue given connected session, else accept new */ /* if found_keep_alive != NULL, return this way connection persistence state */ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, - char **ppath, BIO **pcbio, BIO *acbio, - int *found_keep_alive, - const char *prog, const char *port, - int accept_get, int timeout) + char **ppath, BIO **pcbio, BIO *acbio, + int *found_keep_alive, + const char *prog, const char *port, + int accept_get, int timeout) { BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL; int len; @@ -302,7 +302,7 @@ if (cbio == NULL) { log_message(prog, LOG_DEBUG, - "Awaiting new connection on port %s...", port); + "Awaiting new connection on port %s...", port); if (BIO_do_accept(acbio) <= 0) /* Connection loss before accept() is routine, ignore silently */ return ret; @@ -317,12 +317,12 @@ goto out; } -# ifdef HTTP_DAEMON +#ifdef HTTP_DAEMON if (timeout > 0) { (void)BIO_get_fd(cbio, &acfd); alarm(timeout); } -# endif +#endif /* Read the request line. */ len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); @@ -335,15 +335,15 @@ goto out; } if ((end = strchr(reqbuf, '\r')) != NULL - || (end = strchr(reqbuf, '\n')) != NULL) + || (end = strchr(reqbuf, '\n')) != NULL) *end = '\0'; log_message(prog, LOG_INFO, "Received request, 1st line: %s", reqbuf); meth = reqbuf; url = meth + 3; if ((accept_get && strncmp(meth, "GET ", 4) == 0) - || (url++, strncmp(meth, "POST ", 5) == 0)) { - static const char http_version_str[] = " "HTTP_PREFIX_VERSION; + || (url++, strncmp(meth, "POST ", 5) == 0)) { + static const char http_version_str[] = " " HTTP_PREFIX_VERSION; static const size_t http_version_str_len = sizeof(http_version_str) - 1; /* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */ @@ -352,8 +352,8 @@ url++; if (*url != '/') { log_message(prog, LOG_WARNING, - "Invalid %s -- URL does not begin with '/': %s", - meth, url); + "Invalid %s -- URL does not begin with '/': %s", + meth, url); (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } @@ -365,8 +365,8 @@ break; if (strncmp(end, http_version_str, http_version_str_len) != 0) { log_message(prog, LOG_WARNING, - "Invalid %s -- bad HTTP/version string: %s", - meth, end + 1); + "Invalid %s -- bad HTTP/version string: %s", + meth, end + 1); (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } @@ -388,8 +388,8 @@ len = urldecode(url); if (len < 0) { log_message(prog, LOG_WARNING, - "Invalid %s request -- bad URL encoding: %s", - meth, url); + "Invalid %s request -- bad URL encoding: %s", + meth, url); (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } @@ -397,8 +397,8 @@ if ((getbio = BIO_new_mem_buf(url, len)) == NULL || (b64 = BIO_new(BIO_f_base64())) == NULL) { log_message(prog, LOG_ERR, - "Could not allocate base64 bio with size = %d", - len); + "Could not allocate base64 bio with size = %d", + len); goto fatal; } BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); @@ -406,8 +406,8 @@ } } else { log_message(prog, LOG_WARNING, - "HTTP request does not begin with %sPOST: %s", - accept_get ? "GET or " : "", reqbuf); + "HTTP request does not begin with %sPOST: %s", + accept_get ? "GET or " : "", reqbuf); (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } @@ -437,7 +437,7 @@ value = strchr(key, ':'); if (value == NULL) { log_message(prog, LOG_WARNING, - "Error parsing HTTP header: missing ':'"); + "Error parsing HTTP header: missing ':'"); (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } @@ -449,7 +449,7 @@ line_end = strchr(value, '\n'); if (line_end == NULL) { log_message(prog, LOG_WARNING, - "Error parsing HTTP header: missing end of line"); + "Error parsing HTTP header: missing end of line"); (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } @@ -465,37 +465,37 @@ } } -# ifdef HTTP_DAEMON +#ifdef HTTP_DAEMON /* Clear alarm before we close the client socket */ alarm(0); timeout = 0; -# endif +#endif /* Try to read and parse request */ req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL); if (req == NULL) { log_message(prog, LOG_WARNING, - "Error parsing DER-encoded request content"); + "Error parsing DER-encoded request content"); (void)http_server_send_status(cbio, 400, "Bad Request"); } else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) { log_message(prog, LOG_ERR, - "Out of memory allocating %zu bytes", strlen(url) + 1); + "Out of memory allocating %zu bytes", strlen(url) + 1); ASN1_item_free(req, it); goto fatal; } *preq = req; - out: +out: BIO_free_all(getbio); -# ifdef HTTP_DAEMON +#ifdef HTTP_DAEMON if (timeout > 0) alarm(0); acfd = (int)INVALID_SOCKET; -# endif +#endif return ret; - fatal: +fatal: (void)http_server_send_status(cbio, 500, "Internal Server Error"); if (ppath != NULL) { OPENSSL_free(*ppath); @@ -509,16 +509,17 @@ /* assumes that cbio does not do an encoding that changes the output length */ int http_server_send_asn1_resp(BIO *cbio, int keep_alive, - const char *content_type, - const ASN1_ITEM *it, const ASN1_VALUE *resp) + const char *content_type, + const ASN1_ITEM *it, const ASN1_VALUE *resp) { - int ret = BIO_printf(cbio, HTTP_1_0" 200 OK\r\n%s" - "Content-type: %s\r\n" - "Content-Length: %d\r\n\r\n", - keep_alive ? "Connection: keep-alive\r\n" : "", - content_type, - ASN1_item_i2d(resp, NULL, it)) > 0 - && ASN1_item_i2d_bio(it, cbio, resp) > 0; + int ret = BIO_printf(cbio, HTTP_1_0 " 200 OK\r\n%s" + "Content-type: %s\r\n" + "Content-Length: %d\r\n\r\n", + keep_alive ? "Connection: keep-alive\r\n" : "", + content_type, + ASN1_item_i2d(resp, NULL, it)) + > 0 + && ASN1_item_i2d_bio(it, cbio, resp) > 0; (void)BIO_flush(cbio); return ret; @@ -526,9 +527,10 @@ int http_server_send_status(BIO *cbio, int status, const char *reason) { - int ret = BIO_printf(cbio, HTTP_1_0" %d %s\r\n\r\n", - /* This implicitly cancels keep-alive */ - status, reason) > 0; + int ret = BIO_printf(cbio, HTTP_1_0 " %d %s\r\n\r\n", + /* This implicitly cancels keep-alive */ + status, reason) + > 0; (void)BIO_flush(cbio); return ret; --- crypto/openssl/apps/lib/names.c.orig +++ crypto/openssl/apps/lib/names.c @@ -13,7 +13,7 @@ #include "names.h" #include "openssl/crypto.h" -int name_cmp(const char * const *a, const char * const *b) +int name_cmp(const char *const *a, const char *const *b) { return OPENSSL_strcasecmp(*a, *b); } --- crypto/openssl/apps/lib/opt.c.orig +++ crypto/openssl/apps/lib/opt.c @@ -17,7 +17,7 @@ #include "internal/numbers.h" #include #if !defined(OPENSSL_SYS_MSDOS) -# include +#include #endif #include @@ -55,7 +55,7 @@ const char *p; /* find the last '/', '\' or ':' */ - for (p = filename + strlen(filename); --p > filename; ) + for (p = filename + strlen(filename); --p > filename;) if (*p == '/' || *p == '\\' || *p == ':') { p++; break; @@ -73,8 +73,7 @@ /* Strip off trailing nonsense. */ n = strlen(p); - if (n > 4 && - (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0)) + if (n > 4 && (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0)) n -= 4; /* Copy over the name, in lowercase. */ @@ -178,8 +177,8 @@ #endif if (o->name == OPT_HELP_STR - || o->name == OPT_MORE_STR - || o->name == OPT_SECTION_STR) + || o->name == OPT_MORE_STR + || o->name == OPT_SECTION_STR) continue; #ifndef NDEBUG i = o->valtype; @@ -191,10 +190,25 @@ else OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM); switch (i) { - case 0: case '-': case '.': - case '/': case '<': case '>': case 'E': case 'F': - case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's': - case 'u': case 'c': case ':': case 'N': + case 0: + case '-': + case '.': + case '/': + case '<': + case '>': + case 'E': + case 'F': + case 'M': + case 'U': + case 'f': + case 'l': + case 'n': + case 'p': + case 's': + case 'u': + case 'c': + case ':': + case 'N': break; default: OPENSSL_assert(0); @@ -209,7 +223,7 @@ && strcmp(o->name, next->name) == 0; if (duplicated) { opt_printf_stderr("%s: Internal error: duplicate option %s\n", - prog, o->name); + prog, o->name); OPENSSL_assert(!duplicated); } } @@ -224,16 +238,16 @@ } static OPT_PAIR formats[] = { - {"PEM/DER", OPT_FMT_PEMDER}, - {"pkcs12", OPT_FMT_PKCS12}, - {"smime", OPT_FMT_SMIME}, - {"engine", OPT_FMT_ENGINE}, - {"msblob", OPT_FMT_MSBLOB}, - {"nss", OPT_FMT_NSS}, - {"text", OPT_FMT_TEXT}, - {"http", OPT_FMT_HTTP}, - {"pvk", OPT_FMT_PVK}, - {NULL} + { "PEM/DER", OPT_FMT_PEMDER }, + { "pkcs12", OPT_FMT_PKCS12 }, + { "smime", OPT_FMT_SMIME }, + { "engine", OPT_FMT_ENGINE }, + { "msblob", OPT_FMT_MSBLOB }, + { "nss", OPT_FMT_NSS }, + { "text", OPT_FMT_TEXT }, + { "http", OPT_FMT_HTTP }, + { "pvk", OPT_FMT_PVK }, + { NULL } }; /* Print an error message about a failed format parse. */ @@ -243,10 +257,10 @@ if (flags == OPT_FMT_PEMDER) { opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n", - prog, s); + prog, s); } else { opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n", - prog, s); + prog, s); for (ap = formats; ap->name; ap++) if (flags & ap->retval) opt_printf_stderr(" %s\n", ap->name); @@ -321,7 +335,7 @@ return opt_format_error(s, flags); *result = FORMAT_PVK; } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0 - || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) { + || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) { if ((flags & OPT_FMT_PKCS12) == 0) return opt_format_error(s, flags); *result = FORMAT_PKCS12; @@ -379,7 +393,8 @@ ERR_set_mark(); if ((c = EVP_CIPHER_fetch(app_get0_libctx(), name, - app_get0_propq())) != NULL + app_get0_propq())) + != NULL || (opt_legacy_okay() && (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL)) { ERR_pop_to_mark(); @@ -406,11 +421,11 @@ int opt_cipher(const char *name, EVP_CIPHER **cipherp) { - int mode, ret = 0; - unsigned long int flags; - EVP_CIPHER *c = NULL; + int mode, ret = 0; + unsigned long int flags; + EVP_CIPHER *c = NULL; - if (opt_cipher_any(name, &c)) { + if (opt_cipher_any(name, &c)) { mode = EVP_CIPHER_get_mode(c); flags = EVP_CIPHER_get_flags(c); if (mode == EVP_CIPH_XTS_MODE) { @@ -456,12 +471,12 @@ if ((ret = opt_md_silent(name, mdp)) == 0) opt_printf_stderr("%s: Unknown option or message digest: %s\n", prog, - name != NULL ? name : "\"\""); + name != NULL ? name : "\"\""); return ret; } /* Look through a list of name/value pairs. */ -int opt_pair(const char *name, const OPT_PAIR* pairs, int *result) +int opt_pair(const char *name, const OPT_PAIR *pairs, int *result) { const OPT_PAIR *pp; @@ -500,7 +515,7 @@ *result = (int)l; if (*result != l) { opt_printf_stderr("%s: Value \"%s\" outside integer range\n", - prog, value); + prog, value); return 0; } return 1; @@ -522,15 +537,15 @@ char *prefix; char *name; } b[] = { - {"0x", "a hexadecimal"}, - {"0X", "a hexadecimal"}, - {"0", "an octal"} + { "0x", "a hexadecimal" }, + { "0X", "a hexadecimal" }, + { "0", "an octal" } }; for (i = 0; i < OSSL_NELEM(b); i++) { if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) { opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n", - prog, v, b[i].name); + prog, v, b[i].name); return; } } @@ -548,9 +563,9 @@ errno = 0; l = strtol(value, &endp, 0); if (*endp - || endp == value - || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE) - || (l == 0 && errno != 0)) { + || endp == value + || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE) + || (l == 0 && errno != 0)) { opt_number_error(value); errno = oerrno; return 0; @@ -560,9 +575,7 @@ return 1; } -#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ - defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \ - !defined(OPENSSL_NO_INTTYPES_H) +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && defined(INTMAX_MAX) && defined(UINTMAX_MAX) && !defined(OPENSSL_NO_INTTYPES_H) /* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */ int opt_intmax(const char *value, ossl_intmax_t *result) @@ -574,10 +587,10 @@ errno = 0; m = strtoimax(value, &endp, 0); if (*endp - || endp == value - || ((m == INTMAX_MAX || m == INTMAX_MIN) - && errno == ERANGE) - || (m == 0 && errno != 0)) { + || endp == value + || ((m == INTMAX_MAX || m == INTMAX_MIN) + && errno == ERANGE) + || (m == 0 && errno != 0)) { opt_number_error(value); errno = oerrno; return 0; @@ -603,9 +616,9 @@ errno = 0; m = strtoumax(value, &endp, 0); if (*endp - || endp == value - || (m == UINTMAX_MAX && errno == ERANGE) - || (m == 0 && errno != 0)) { + || endp == value + || (m == UINTMAX_MAX && errno == ERANGE) + || (m == 0 && errno != 0)) { opt_number_error(value); errno = oerrno; return 0; @@ -655,9 +668,9 @@ errno = 0; l = strtoul(value, &endptr, 0); if (*endptr - || endptr == value - || ((l == ULONG_MAX) && errno == ERANGE) - || (l == 0 && errno != 0)) { + || endptr == value + || ((l == ULONG_MAX) && errno == ERANGE) + || (l == 0 && errno != 0)) { opt_number_error(value); errno = oerrno; return 0; @@ -699,7 +712,7 @@ if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) { ASN1_OBJECT_free(otmp); opt_printf_stderr("%s: Internal error adding Policy %s\n", - prog, opt_arg()); + prog, opt_arg()); return 0; } break; @@ -719,7 +732,7 @@ if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) { opt_printf_stderr("%s: Internal error setting purpose %s\n", - prog, opt_arg()); + prog, opt_arg()); return 0; } break; @@ -727,7 +740,7 @@ vtmp = X509_VERIFY_PARAM_lookup(opt_arg()); if (vtmp == NULL) { opt_printf_stderr("%s: Invalid verify name %s\n", - prog, opt_arg()); + prog, opt_arg()); return 0; } X509_VERIFY_PARAM_set1(vpm, vtmp); @@ -747,7 +760,7 @@ return 0; if (t != (time_t)t) { opt_printf_stderr("%s: epoch time out of range %s\n", - prog, opt_arg()); + prog, opt_arg()); return 0; } X509_VERIFY_PARAM_set_time(vpm, (time_t)t); @@ -775,8 +788,7 @@ break; case OPT_V_CRL_CHECK_ALL: X509_VERIFY_PARAM_set_flags(vpm, - X509_V_FLAG_CRL_CHECK | - X509_V_FLAG_CRL_CHECK_ALL); + X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); break; case OPT_V_POLICY_CHECK: X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK); @@ -831,7 +843,6 @@ break; } return 1; - } void opt_begin(void) @@ -881,14 +892,14 @@ for (o = opts; o->name; ++o) { /* If not this option, move on to the next one. */ if (!(strcmp(p, "h") == 0 && strcmp(o->name, "help") == 0) - && strcmp(p, o->name) != 0) + && strcmp(p, o->name) != 0) continue; /* If it doesn't take a value, make sure none was given. */ if (o->valtype == 0 || o->valtype == '-') { if (arg) { opt_printf_stderr("%s: Option -%s does not take a value\n", - prog, p); + prog, p); return -1; } return o->retval; @@ -898,7 +909,7 @@ if (arg == NULL) { if (argv[opt_index] == NULL) { opt_printf_stderr("%s: Option -%s needs a value\n", - prog, o->name); + prog, o->name); return -1; } arg = argv[opt_index++]; @@ -932,12 +943,12 @@ return -1; if (o->valtype == 'p' && ival <= 0) { opt_printf_stderr("%s: Non-positive number \"%s\" for option -%s\n", - prog, arg, o->name); + prog, arg, o->name); return -1; } if (o->valtype == 'N' && ival < 0) { opt_printf_stderr("%s: Negative number \"%s\" for option -%s\n", - prog, arg, o->name); + prog, arg, o->name); return -1; } break; @@ -962,13 +973,13 @@ case 'F': case 'f': if (opt_format(arg, - o->valtype == 'c' ? OPT_FMT_PDS : - o->valtype == 'E' ? OPT_FMT_PDE : - o->valtype == 'F' ? OPT_FMT_PEMDER - : OPT_FMT_ANY, &ival)) + o->valtype == 'c' ? OPT_FMT_PDS : o->valtype == 'E' ? OPT_FMT_PDE + : o->valtype == 'F' ? OPT_FMT_PEMDER + : OPT_FMT_ANY, + &ival)) break; opt_printf_stderr("%s: Invalid format \"%s\" for option -%s\n", - prog, arg, o->name); + prog, arg, o->name); return -1; } @@ -1061,57 +1072,57 @@ static void opt_print(const OPTIONS *o, int doingparams, int width) { - const char* help; + const char *help; char start[80 + 1]; char *p; - help = o->helpstr ? o->helpstr : "(No additional info)"; - if (o->name == OPT_HELP_STR) { - opt_printf_stderr(help, prog); - return; - } - if (o->name == OPT_SECTION_STR) { - opt_printf_stderr("\n"); - opt_printf_stderr(help, prog); - return; - } - if (o->name == OPT_PARAM_STR) { - opt_printf_stderr("\nParameters:\n"); - return; - } - - /* Pad out prefix */ - memset(start, ' ', sizeof(start) - 1); - start[sizeof(start) - 1] = '\0'; + help = o->helpstr ? o->helpstr : "(No additional info)"; + if (o->name == OPT_HELP_STR) { + opt_printf_stderr(help, prog); + return; + } + if (o->name == OPT_SECTION_STR) { + opt_printf_stderr("\n"); + opt_printf_stderr(help, prog); + return; + } + if (o->name == OPT_PARAM_STR) { + opt_printf_stderr("\nParameters:\n"); + return; + } - if (o->name == OPT_MORE_STR) { - /* Continuation of previous line; pad and print. */ - start[width] = '\0'; - opt_printf_stderr("%s %s\n", start, help); - return; - } + /* Pad out prefix */ + memset(start, ' ', sizeof(start) - 1); + start[sizeof(start) - 1] = '\0'; - /* Build up the "-flag [param]" part. */ - p = start; - *p++ = ' '; - if (!doingparams) - *p++ = '-'; - if (o->name[0]) - p += strlen(strcpy(p, o->name)); - else - *p++ = '*'; - if (o->valtype != '-') { - *p++ = ' '; - p += strlen(strcpy(p, valtype2param(o))); - } - *p = ' '; - if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) { - *p = '\0'; - opt_printf_stderr("%s\n", start); - memset(start, ' ', sizeof(start)); - } + if (o->name == OPT_MORE_STR) { + /* Continuation of previous line; pad and print. */ start[width] = '\0'; opt_printf_stderr("%s %s\n", start, help); + return; + } + + /* Build up the "-flag [param]" part. */ + p = start; + *p++ = ' '; + if (!doingparams) + *p++ = '-'; + if (o->name[0]) + p += strlen(strcpy(p, o->name)); + else + *p++ = '*'; + if (o->valtype != '-') { + *p++ = ' '; + p += strlen(strcpy(p, valtype2param(o))); + } + *p = ' '; + if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) { + *p = '\0'; + opt_printf_stderr("%s\n", start); + memset(start, ' ', sizeof(start)); + } + start[width] = '\0'; + opt_printf_stderr("%s %s\n", start, help); } void opt_help(const OPTIONS *list) @@ -1152,52 +1163,52 @@ /* opt_isdir section */ #ifdef _WIN32 -# include +#include int opt_isdir(const char *name) { DWORD attr; -# if defined(UNICODE) || defined(_UNICODE) +#if defined(UNICODE) || defined(_UNICODE) size_t i, len_0 = strlen(name) + 1; WCHAR tempname[MAX_PATH]; if (len_0 > MAX_PATH) return -1; -# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 +#if !defined(_WIN32_WCE) || _WIN32_WCE >= 101 if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH)) -# endif +#endif for (i = 0; i < len_0; i++) tempname[i] = (WCHAR)name[i]; attr = GetFileAttributes(tempname); -# else +#else attr = GetFileAttributes(name); -# endif +#endif if (attr == INVALID_FILE_ATTRIBUTES) return -1; return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0); } #else -# include -# ifndef S_ISDIR -# if defined(_S_IFMT) && defined(_S_IFDIR) -# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) -# else -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) -# endif -# endif +#include +#ifndef S_ISDIR +#if defined(_S_IFMT) && defined(_S_IFDIR) +#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) +#else +#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif +#endif int opt_isdir(const char *name) { -# if defined(S_ISDIR) +#if defined(S_ISDIR) struct stat st; if (stat(name, &st) == 0) return S_ISDIR(st.st_mode); else return -1; -# else +#else return -1; -# endif +#endif } #endif --- crypto/openssl/apps/lib/s_cb.c.orig +++ crypto/openssl/apps/lib/s_cb.c @@ -20,11 +20,11 @@ #include #include #ifndef OPENSSL_NO_DH -# include +#include #endif #include "s_apps.h" -#define COOKIE_SECRET_LENGTH 16 +#define COOKIE_SECRET_LENGTH 16 VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 }; @@ -34,9 +34,9 @@ #endif static BIO *bio_keylog = NULL; -static const char *lookup(int val, const STRINT_PAIR* list, const char* def) +static const char *lookup(int val, const STRINT_PAIR *list, const char *def) { - for ( ; list->name; ++list) + for (; list->name; ++list) if (list->retval == val) return list->name; return def; @@ -55,8 +55,8 @@ BIO_printf(bio_err, "depth=%d ", depth); if (err_cert != NULL) { X509_NAME_print_ex(bio_err, - X509_get_subject_name(err_cert), - 0, get_nameopt()); + X509_get_subject_name(err_cert), + 0, get_nameopt()); BIO_puts(bio_err, "\n"); } else { BIO_puts(bio_err, "\n"); @@ -64,7 +64,7 @@ } if (!ok) { BIO_printf(bio_err, "verify error:num=%d:%s\n", err, - X509_verify_cert_error_string(err)); + X509_verify_cert_error_string(err)); if (verify_args.depth < 0 || verify_args.depth >= depth) { if (!verify_args.return_error) ok = 1; @@ -79,7 +79,7 @@ if (err_cert != NULL) { BIO_puts(bio_err, "issuer= "); X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), - 0, get_nameopt()); + 0, get_nameopt()); BIO_puts(bio_err, "\n"); } break; @@ -115,9 +115,10 @@ { if (cert_file != NULL) { if (SSL_CTX_use_certificate_file(ctx, cert_file, - SSL_FILETYPE_PEM) <= 0) { + SSL_FILETYPE_PEM) + <= 0) { BIO_printf(bio_err, "unable to get certificate from '%s'\n", - cert_file); + cert_file); ERR_print_errors(bio_err); return 0; } @@ -125,7 +126,7 @@ key_file = cert_file; if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { BIO_printf(bio_err, "unable to get private key from '%s'\n", - key_file); + key_file); ERR_print_errors(bio_err); return 0; } @@ -141,7 +142,7 @@ */ if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err, - "Private key does not match the certificate public key\n"); + "Private key does not match the certificate public key\n"); return 0; } } @@ -149,7 +150,7 @@ } int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, - STACK_OF(X509) *chain, int build_chain) + STACK_OF(X509) *chain, int build_chain) { int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0; @@ -172,7 +173,7 @@ */ if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err, - "Private key does not match the certificate public key\n"); + "Private key does not match the certificate public key\n"); return 0; } if (chain && !SSL_CTX_set1_chain(ctx, chain)) { @@ -189,16 +190,16 @@ } static STRINT_PAIR cert_type_list[] = { - {"RSA sign", TLS_CT_RSA_SIGN}, - {"DSA sign", TLS_CT_DSS_SIGN}, - {"RSA fixed DH", TLS_CT_RSA_FIXED_DH}, - {"DSS fixed DH", TLS_CT_DSS_FIXED_DH}, - {"ECDSA sign", TLS_CT_ECDSA_SIGN}, - {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, - {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, - {"GOST01 Sign", TLS_CT_GOST01_SIGN}, - {"GOST12 Sign", TLS_CT_GOST12_IANA_SIGN}, - {NULL} + { "RSA sign", TLS_CT_RSA_SIGN }, + { "DSA sign", TLS_CT_DSS_SIGN }, + { "RSA fixed DH", TLS_CT_RSA_FIXED_DH }, + { "DSS fixed DH", TLS_CT_DSS_FIXED_DH }, + { "ECDSA sign", TLS_CT_ECDSA_SIGN }, + { "RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH }, + { "ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH }, + { "GOST01 Sign", TLS_CT_GOST01_SIGN }, + { "GOST12 Sign", TLS_CT_GOST12_IANA_SIGN }, + { NULL } }; static void ssl_print_client_cert_types(BIO *bio, SSL *s) @@ -283,7 +284,7 @@ const char *sstr = NULL; if (shared) SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL, - &rsign, &rhash); + &rsign, &rhash); else SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); if (i) @@ -366,7 +367,6 @@ default: BIO_printf(out, "unknown(%d)", (int)*pformats); break; - } } BIO_puts(out, "\n"); @@ -426,28 +426,26 @@ BIO_printf(out, "DH, %d bits\n", EVP_PKEY_get_bits(key)); break; #ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - char name[80]; - size_t name_len; - - if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME, - name, sizeof(name), &name_len)) - strcpy(name, "?"); - BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key)); - } - break; + case EVP_PKEY_EC: { + char name[80]; + size_t name_len; + + if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME, + name, sizeof(name), &name_len)) + strcpy(name, "?"); + BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key)); + } break; #endif default: BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_get_id(key)), - EVP_PKEY_get_bits(key)); + EVP_PKEY_get_bits(key)); } EVP_PKEY_free(key); return 1; } long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed) + int argi, long argl, int ret, size_t *processed) { BIO *out; @@ -458,20 +456,20 @@ if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { if (ret > 0 && processed != NULL) { BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n", - (void *)bio, (void *)argp, len, *processed, *processed); + (void *)bio, (void *)argp, len, *processed, *processed); BIO_dump(out, argp, (int)*processed); } else { BIO_printf(out, "read from %p [%p] (%zu bytes => %d)\n", - (void *)bio, (void *)argp, len, ret); + (void *)bio, (void *)argp, len, ret); } } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { if (ret > 0 && processed != NULL) { BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n", - (void *)bio, (void *)argp, len, *processed, *processed); + (void *)bio, (void *)argp, len, *processed, *processed); BIO_dump(out, argp, (int)*processed); } else { BIO_printf(out, "write to %p [%p] (%zu bytes => %d)\n", - (void *)bio, (void *)argp, len, ret); + (void *)bio, (void *)argp, len, ret); } } return ret; @@ -496,108 +494,103 @@ } else if (where & SSL_CB_ALERT) { str = (where & SSL_CB_READ) ? "read" : "write"; BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", - str, - SSL_alert_type_string_long(ret), - SSL_alert_desc_string_long(ret)); + str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); } else if (where & SSL_CB_EXIT) { if (ret == 0) BIO_printf(bio_err, "%s:failed in %s\n", - str, SSL_state_string_long(s)); + str, SSL_state_string_long(s)); else if (ret < 0) BIO_printf(bio_err, "%s:error in %s\n", - str, SSL_state_string_long(s)); + str, SSL_state_string_long(s)); } } static STRINT_PAIR ssl_versions[] = { - {"SSL 3.0", SSL3_VERSION}, - {"TLS 1.0", TLS1_VERSION}, - {"TLS 1.1", TLS1_1_VERSION}, - {"TLS 1.2", TLS1_2_VERSION}, - {"TLS 1.3", TLS1_3_VERSION}, - {"DTLS 1.0", DTLS1_VERSION}, - {"DTLS 1.0 (bad)", DTLS1_BAD_VER}, - {NULL} + { "SSL 3.0", SSL3_VERSION }, + { "TLS 1.0", TLS1_VERSION }, + { "TLS 1.1", TLS1_1_VERSION }, + { "TLS 1.2", TLS1_2_VERSION }, + { "TLS 1.3", TLS1_3_VERSION }, + { "DTLS 1.0", DTLS1_VERSION }, + { "DTLS 1.0 (bad)", DTLS1_BAD_VER }, + { NULL } }; static STRINT_PAIR alert_types[] = { - {" close_notify", 0}, - {" end_of_early_data", 1}, - {" unexpected_message", 10}, - {" bad_record_mac", 20}, - {" decryption_failed", 21}, - {" record_overflow", 22}, - {" decompression_failure", 30}, - {" handshake_failure", 40}, - {" bad_certificate", 42}, - {" unsupported_certificate", 43}, - {" certificate_revoked", 44}, - {" certificate_expired", 45}, - {" certificate_unknown", 46}, - {" illegal_parameter", 47}, - {" unknown_ca", 48}, - {" access_denied", 49}, - {" decode_error", 50}, - {" decrypt_error", 51}, - {" export_restriction", 60}, - {" protocol_version", 70}, - {" insufficient_security", 71}, - {" internal_error", 80}, - {" inappropriate_fallback", 86}, - {" user_canceled", 90}, - {" no_renegotiation", 100}, - {" missing_extension", 109}, - {" unsupported_extension", 110}, - {" certificate_unobtainable", 111}, - {" unrecognized_name", 112}, - {" bad_certificate_status_response", 113}, - {" bad_certificate_hash_value", 114}, - {" unknown_psk_identity", 115}, - {" certificate_required", 116}, - {NULL} + { " close_notify", 0 }, + { " end_of_early_data", 1 }, + { " unexpected_message", 10 }, + { " bad_record_mac", 20 }, + { " decryption_failed", 21 }, + { " record_overflow", 22 }, + { " decompression_failure", 30 }, + { " handshake_failure", 40 }, + { " bad_certificate", 42 }, + { " unsupported_certificate", 43 }, + { " certificate_revoked", 44 }, + { " certificate_expired", 45 }, + { " certificate_unknown", 46 }, + { " illegal_parameter", 47 }, + { " unknown_ca", 48 }, + { " access_denied", 49 }, + { " decode_error", 50 }, + { " decrypt_error", 51 }, + { " export_restriction", 60 }, + { " protocol_version", 70 }, + { " insufficient_security", 71 }, + { " internal_error", 80 }, + { " inappropriate_fallback", 86 }, + { " user_canceled", 90 }, + { " no_renegotiation", 100 }, + { " missing_extension", 109 }, + { " unsupported_extension", 110 }, + { " certificate_unobtainable", 111 }, + { " unrecognized_name", 112 }, + { " bad_certificate_status_response", 113 }, + { " bad_certificate_hash_value", 114 }, + { " unknown_psk_identity", 115 }, + { " certificate_required", 116 }, + { NULL } }; static STRINT_PAIR handshakes[] = { - {", HelloRequest", SSL3_MT_HELLO_REQUEST}, - {", ClientHello", SSL3_MT_CLIENT_HELLO}, - {", ServerHello", SSL3_MT_SERVER_HELLO}, - {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST}, - {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET}, - {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA}, - {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS}, - {", Certificate", SSL3_MT_CERTIFICATE}, - {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE}, - {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST}, - {", ServerHelloDone", SSL3_MT_SERVER_DONE}, - {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY}, - {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE}, - {", Finished", SSL3_MT_FINISHED}, - {", CertificateUrl", SSL3_MT_CERTIFICATE_URL}, - {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS}, - {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA}, - {", KeyUpdate", SSL3_MT_KEY_UPDATE}, + { ", HelloRequest", SSL3_MT_HELLO_REQUEST }, + { ", ClientHello", SSL3_MT_CLIENT_HELLO }, + { ", ServerHello", SSL3_MT_SERVER_HELLO }, + { ", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST }, + { ", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET }, + { ", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA }, + { ", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS }, + { ", Certificate", SSL3_MT_CERTIFICATE }, + { ", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE }, + { ", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST }, + { ", ServerHelloDone", SSL3_MT_SERVER_DONE }, + { ", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY }, + { ", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE }, + { ", Finished", SSL3_MT_FINISHED }, + { ", CertificateUrl", SSL3_MT_CERTIFICATE_URL }, + { ", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS }, + { ", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA }, + { ", KeyUpdate", SSL3_MT_KEY_UPDATE }, #ifndef OPENSSL_NO_NEXTPROTONEG - {", NextProto", SSL3_MT_NEXT_PROTO}, + { ", NextProto", SSL3_MT_NEXT_PROTO }, #endif - {", MessageHash", SSL3_MT_MESSAGE_HASH}, - {NULL} + { ", MessageHash", SSL3_MT_MESSAGE_HASH }, + { NULL } }; void msg_cb(int write_p, int version, int content_type, const void *buf, - size_t len, SSL *ssl, void *arg) + size_t len, SSL *ssl, void *arg) { BIO *bio = arg; const char *str_write_p = write_p ? ">>>" : "<<<"; char tmpbuf[128]; const char *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = ""; - const unsigned char* bp = buf; - - if (version == SSL3_VERSION || - version == TLS1_VERSION || - version == TLS1_1_VERSION || - version == TLS1_2_VERSION || - version == TLS1_3_VERSION || - version == DTLS1_VERSION || version == DTLS1_BAD_VER) { + const unsigned char *bp = buf; + + if (version == SSL3_VERSION || version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { str_version = lookup(version, ssl_versions, "???"); switch (content_type) { case SSL3_RT_CHANGE_CIPHER_SPEC: @@ -640,17 +633,17 @@ str_content_type = ", InnerContent"; break; default: - BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, ", Unknown (content_type=%d)", content_type); + BIO_snprintf(tmpbuf, sizeof(tmpbuf) - 1, ", Unknown (content_type=%d)", content_type); str_content_type = tmpbuf; } } else { - BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, "Not TLS data or unknown version (version=%d, content_type=%d)", version, content_type); + BIO_snprintf(tmpbuf, sizeof(tmpbuf) - 1, "Not TLS data or unknown version (version=%d, content_type=%d)", version, content_type); str_version = tmpbuf; } BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, - str_content_type, (unsigned long)len, str_details1, - str_details2); + str_content_type, (unsigned long)len, str_details1, + str_details2); if (len > 0) { size_t num, i; @@ -670,110 +663,110 @@ } static const STRINT_PAIR tlsext_types[] = { - {"server name", TLSEXT_TYPE_server_name}, - {"max fragment length", TLSEXT_TYPE_max_fragment_length}, - {"client certificate URL", TLSEXT_TYPE_client_certificate_url}, - {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys}, - {"truncated HMAC", TLSEXT_TYPE_truncated_hmac}, - {"status request", TLSEXT_TYPE_status_request}, - {"user mapping", TLSEXT_TYPE_user_mapping}, - {"client authz", TLSEXT_TYPE_client_authz}, - {"server authz", TLSEXT_TYPE_server_authz}, - {"cert type", TLSEXT_TYPE_cert_type}, - {"supported_groups", TLSEXT_TYPE_supported_groups}, - {"EC point formats", TLSEXT_TYPE_ec_point_formats}, - {"SRP", TLSEXT_TYPE_srp}, - {"signature algorithms", TLSEXT_TYPE_signature_algorithms}, - {"use SRTP", TLSEXT_TYPE_use_srtp}, - {"session ticket", TLSEXT_TYPE_session_ticket}, - {"renegotiation info", TLSEXT_TYPE_renegotiate}, - {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp}, - {"TLS padding", TLSEXT_TYPE_padding}, + { "server name", TLSEXT_TYPE_server_name }, + { "max fragment length", TLSEXT_TYPE_max_fragment_length }, + { "client certificate URL", TLSEXT_TYPE_client_certificate_url }, + { "trusted CA keys", TLSEXT_TYPE_trusted_ca_keys }, + { "truncated HMAC", TLSEXT_TYPE_truncated_hmac }, + { "status request", TLSEXT_TYPE_status_request }, + { "user mapping", TLSEXT_TYPE_user_mapping }, + { "client authz", TLSEXT_TYPE_client_authz }, + { "server authz", TLSEXT_TYPE_server_authz }, + { "cert type", TLSEXT_TYPE_cert_type }, + { "supported_groups", TLSEXT_TYPE_supported_groups }, + { "EC point formats", TLSEXT_TYPE_ec_point_formats }, + { "SRP", TLSEXT_TYPE_srp }, + { "signature algorithms", TLSEXT_TYPE_signature_algorithms }, + { "use SRTP", TLSEXT_TYPE_use_srtp }, + { "session ticket", TLSEXT_TYPE_session_ticket }, + { "renegotiation info", TLSEXT_TYPE_renegotiate }, + { "signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp }, + { "TLS padding", TLSEXT_TYPE_padding }, #ifdef TLSEXT_TYPE_next_proto_neg - {"next protocol", TLSEXT_TYPE_next_proto_neg}, + { "next protocol", TLSEXT_TYPE_next_proto_neg }, #endif #ifdef TLSEXT_TYPE_encrypt_then_mac - {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac}, + { "encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac }, #endif #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - {"application layer protocol negotiation", - TLSEXT_TYPE_application_layer_protocol_negotiation}, + { "application layer protocol negotiation", + TLSEXT_TYPE_application_layer_protocol_negotiation }, #endif #ifdef TLSEXT_TYPE_extended_master_secret - {"extended master secret", TLSEXT_TYPE_extended_master_secret}, + { "extended master secret", TLSEXT_TYPE_extended_master_secret }, #endif - {"key share", TLSEXT_TYPE_key_share}, - {"supported versions", TLSEXT_TYPE_supported_versions}, - {"psk", TLSEXT_TYPE_psk}, - {"psk kex modes", TLSEXT_TYPE_psk_kex_modes}, - {"certificate authorities", TLSEXT_TYPE_certificate_authorities}, - {"post handshake auth", TLSEXT_TYPE_post_handshake_auth}, - {"early_data", TLSEXT_TYPE_early_data}, - {NULL} + { "key share", TLSEXT_TYPE_key_share }, + { "supported versions", TLSEXT_TYPE_supported_versions }, + { "psk", TLSEXT_TYPE_psk }, + { "psk kex modes", TLSEXT_TYPE_psk_kex_modes }, + { "certificate authorities", TLSEXT_TYPE_certificate_authorities }, + { "post handshake auth", TLSEXT_TYPE_post_handshake_auth }, + { "early_data", TLSEXT_TYPE_early_data }, + { NULL } }; /* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */ static STRINT_PAIR signature_tls13_scheme_list[] = { - {"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */}, - {"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */}, -/* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */ -/* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */ - {"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */}, - {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */}, - {"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */}, - {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */}, - {"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */}, - {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */}, - {"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */}, - {"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */}, - {"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */}, - {"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */}, - {"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */}, - {"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */}, - {"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */}, - {"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */}, - {"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */}, - {"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */}, - {"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */}, - {NULL} + { "rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */ }, + { "ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */ }, + /* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */ + /* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */ + { "rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */ }, + { "ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */ }, + { "rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */ }, + { "ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */ }, + { "rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */ }, + { "ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */ }, + { "rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */ }, + { "rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */ }, + { "rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */ }, + { "ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */ }, + { "ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */ }, + { "rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */ }, + { "rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */ }, + { "rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */ }, + { "gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */ }, + { "gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */ }, + { "gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */ }, + { NULL } }; /* from rfc5246 7.4.1.4.1. */ static STRINT_PAIR signature_tls12_alg_list[] = { - {"anonymous", TLSEXT_signature_anonymous /* 0 */}, - {"RSA", TLSEXT_signature_rsa /* 1 */}, - {"DSA", TLSEXT_signature_dsa /* 2 */}, - {"ECDSA", TLSEXT_signature_ecdsa /* 3 */}, - {NULL} + { "anonymous", TLSEXT_signature_anonymous /* 0 */ }, + { "RSA", TLSEXT_signature_rsa /* 1 */ }, + { "DSA", TLSEXT_signature_dsa /* 2 */ }, + { "ECDSA", TLSEXT_signature_ecdsa /* 3 */ }, + { NULL } }; /* from rfc5246 7.4.1.4.1. */ static STRINT_PAIR signature_tls12_hash_list[] = { - {"none", TLSEXT_hash_none /* 0 */}, - {"MD5", TLSEXT_hash_md5 /* 1 */}, - {"SHA1", TLSEXT_hash_sha1 /* 2 */}, - {"SHA224", TLSEXT_hash_sha224 /* 3 */}, - {"SHA256", TLSEXT_hash_sha256 /* 4 */}, - {"SHA384", TLSEXT_hash_sha384 /* 5 */}, - {"SHA512", TLSEXT_hash_sha512 /* 6 */}, - {NULL} + { "none", TLSEXT_hash_none /* 0 */ }, + { "MD5", TLSEXT_hash_md5 /* 1 */ }, + { "SHA1", TLSEXT_hash_sha1 /* 2 */ }, + { "SHA224", TLSEXT_hash_sha224 /* 3 */ }, + { "SHA256", TLSEXT_hash_sha256 /* 4 */ }, + { "SHA384", TLSEXT_hash_sha384 /* 5 */ }, + { "SHA512", TLSEXT_hash_sha512 /* 6 */ }, + { NULL } }; void tlsext_cb(SSL *s, int client_server, int type, - const unsigned char *data, int len, void *arg) + const unsigned char *data, int len, void *arg) { BIO *bio = arg; const char *extname = lookup(type, tlsext_types, "unknown"); BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", - client_server ? "server" : "client", extname, type, len); + client_server ? "server" : "client", extname, type, len); BIO_dump(bio, (const char *)data, len); (void)BIO_flush(bio); } #ifndef OPENSSL_NO_SOCK int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, - size_t *cookie_len) + size_t *cookie_len) { unsigned char *buffer = NULL; size_t length = 0; @@ -815,13 +808,15 @@ buffer = app_malloc(length, "cookie generate buffer"); memcpy(buffer, &port, sizeof(port)); - BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL); + if (!BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL)) + goto end; if (EVP_Q_mac(NULL, "HMAC", NULL, "SHA1", NULL, - cookie_secret, COOKIE_SECRET_LENGTH, buffer, length, - cookie, DTLS1_COOKIE_LENGTH, cookie_len) == NULL) { + cookie_secret, COOKIE_SECRET_LENGTH, buffer, length, + cookie, DTLS1_COOKIE_LENGTH, cookie_len) + == NULL) { BIO_printf(bio_err, - "Error calculating HMAC-SHA1 of buffer with secret\n"); + "Error calculating HMAC-SHA1 of buffer with secret\n"); goto end; } res = 1; @@ -833,7 +828,7 @@ } int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, - size_t cookie_len) + size_t cookie_len) { unsigned char result[EVP_MAX_MD_SIZE]; size_t resultlength; @@ -850,7 +845,7 @@ } int generate_cookie_callback(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len) + unsigned int *cookie_len) { size_t temp = 0; int res = generate_stateless_cookie_callback(ssl, cookie, &temp); @@ -861,7 +856,7 @@ } int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len) + unsigned int cookie_len) { return verify_stateless_cookie_callback(ssl, cookie, cookie_len); } @@ -890,16 +885,16 @@ }; static STRINT_PAIR chain_flags[] = { - {"Overall Validity", CERT_PKEY_VALID}, - {"Sign with EE key", CERT_PKEY_SIGN}, - {"EE signature", CERT_PKEY_EE_SIGNATURE}, - {"CA signature", CERT_PKEY_CA_SIGNATURE}, - {"EE key parameters", CERT_PKEY_EE_PARAM}, - {"CA key parameters", CERT_PKEY_CA_PARAM}, - {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN}, - {"Issuer Name", CERT_PKEY_ISSUER_NAME}, - {"Certificate Type", CERT_PKEY_CERT_TYPE}, - {NULL} + { "Overall Validity", CERT_PKEY_VALID }, + { "Sign with EE key", CERT_PKEY_SIGN }, + { "EE signature", CERT_PKEY_EE_SIGNATURE }, + { "CA signature", CERT_PKEY_CA_SIGNATURE }, + { "EE key parameters", CERT_PKEY_EE_PARAM }, + { "CA key parameters", CERT_PKEY_CA_PARAM }, + { "Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN }, + { "Issuer Name", CERT_PKEY_ISSUER_NAME }, + { "Certificate Type", CERT_PKEY_CERT_TYPE }, + { NULL } }; static void print_chain_flags(SSL *s, int flags) @@ -908,8 +903,8 @@ for (pp = chain_flags; pp->name; ++pp) BIO_printf(bio_err, "\t%s: %s\n", - pp->name, - (flags & pp->retval) ? "OK" : "NOT OK"); + pp->name, + (flags & pp->retval) ? "OK" : "NOT OK"); BIO_printf(bio_err, "\tSuite B: "); if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS) BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); @@ -931,8 +926,8 @@ if (retry_cnt < 5) { retry_cnt++; BIO_printf(bio_err, - "Certificate callback retry test: count %d\n", - retry_cnt); + "Certificate callback retry test: count %d\n", + retry_cnt); return -1; } #endif @@ -955,12 +950,12 @@ rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain); BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i); X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0, - get_nameopt()); + get_nameopt()); BIO_puts(bio_err, "\n"); print_chain_flags(ssl, rv); if (rv & CERT_PKEY_VALID) { if (!SSL_use_certificate(ssl, exc->cert) - || !SSL_use_PrivateKey(ssl, exc->key)) { + || !SSL_use_PrivateKey(ssl, exc->key)) { return 0; } /* @@ -1004,7 +999,6 @@ exc->keyform = FORMAT_PEM; } return 1; - } void ssl_excert_free(SSL_EXCERT *exc) @@ -1041,15 +1035,15 @@ return 0; } exc->cert = load_cert(exc->certfile, exc->certform, - "Server Certificate"); + "Server Certificate"); if (exc->cert == NULL) return 0; if (exc->keyfile != NULL) { exc->key = load_key(exc->keyfile, exc->keyform, - 0, NULL, NULL, "server key"); + 0, NULL, NULL, "server key"); } else { exc->key = load_key(exc->certfile, exc->certform, - 0, NULL, NULL, "server key"); + 0, NULL, NULL, "server key"); } if (exc->key == NULL) return 0; @@ -1073,7 +1067,7 @@ if (exc == NULL) { if (!ssl_excert_prepend(&exc)) { BIO_printf(bio_err, " %s: Error initialising xcert\n", - opt_getprog()); + opt_getprog()); goto err; } *pexc = exc; @@ -1101,7 +1095,7 @@ case OPT_X_CHAIN: if (exc->chainfile != NULL) { BIO_printf(bio_err, "%s: Chain already specified\n", - opt_getprog()); + opt_getprog()); goto err; } exc->chainfile = opt_arg(); @@ -1120,7 +1114,7 @@ } return 1; - err: +err: ERR_print_errors(bio_err); ssl_excert_free(exc); *pexc = NULL; @@ -1166,11 +1160,11 @@ char *out; char *cp; size_t outlen = 2 * len + 1; - int ilen = (int) outlen; + int ilen = (int)outlen; if (outlen < len || ilen < 0 || outlen != (size_t)ilen) { BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n", - opt_getprog(), len); + opt_getprog(), len); exit(1); } cp = out = app_malloc(ilen, "TLSA hex data buffer"); @@ -1222,11 +1216,11 @@ else hexdata = hexencode(data, dlen); BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n", - usage, selector, mtype, - (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata, - (mspki != NULL) ? "signed the certificate" : - mdpth ? "matched TA certificate" : "matched EE certificate", - mdpth); + usage, selector, mtype, + (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata, + (mspki != NULL) ? "signed the certificate" : mdpth ? "matched TA certificate" + : "matched EE certificate", + mdpth); OPENSSL_free(hexdata); } } @@ -1247,7 +1241,7 @@ BIO_puts(bio_err, "Peer certificate: "); X509_NAME_print_ex(bio_err, X509_get_subject_name(peer), - 0, get_nameopt()); + 0, get_nameopt()); BIO_puts(bio_err, "\n"); if (SSL_get_peer_signature_nid(s, &nid)) BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid)); @@ -1270,7 +1264,7 @@ } int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, - SSL_CTX *ctx) + SSL_CTX *ctx) { int i; @@ -1281,7 +1275,7 @@ if (SSL_CONF_cmd(cctx, flag, arg) <= 0) { BIO_printf(bio_err, "Call to SSL_CONF_cmd(%s, %s) failed\n", - flag, arg == NULL ? "" : arg); + flag, arg == NULL ? "" : arg); ERR_print_errors(bio_err); return 0; } @@ -1319,11 +1313,11 @@ } int ssl_load_stores(SSL_CTX *ctx, - const char *vfyCApath, const char *vfyCAfile, - const char *vfyCAstore, - const char *chCApath, const char *chCAfile, - const char *chCAstore, - STACK_OF(X509_CRL) *crls, int crl_download) + const char *vfyCApath, const char *vfyCAfile, + const char *vfyCAstore, + const char *chCApath, const char *chCAfile, + const char *chCAstore, + STACK_OF(X509_CRL) *crls, int crl_download) { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; @@ -1358,7 +1352,7 @@ goto err; } rv = 1; - err: +err: X509_STORE_free(vfy); X509_STORE_free(ch); return rv; @@ -1369,38 +1363,38 @@ typedef struct { BIO *out; int verbose; - int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, - void *other, void *ex); + int (*old_cb)(const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, + void *other, void *ex); } security_debug_ex; static STRINT_PAIR callback_types[] = { - {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED}, - {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED}, - {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK}, + { "Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED }, + { "Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED }, + { "Check Ciphersuite", SSL_SECOP_CIPHER_CHECK }, #ifndef OPENSSL_NO_DH - {"Temp DH key bits", SSL_SECOP_TMP_DH}, + { "Temp DH key bits", SSL_SECOP_TMP_DH }, #endif - {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED}, - {"Shared Curve", SSL_SECOP_CURVE_SHARED}, - {"Check Curve", SSL_SECOP_CURVE_CHECK}, - {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED}, - {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED}, - {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK}, - {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK}, - {"Certificate chain EE key", SSL_SECOP_EE_KEY}, - {"Certificate chain CA key", SSL_SECOP_CA_KEY}, - {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY}, - {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY}, - {"Certificate chain CA digest", SSL_SECOP_CA_MD}, - {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD}, - {"SSL compression", SSL_SECOP_COMPRESSION}, - {"Session ticket", SSL_SECOP_TICKET}, - {NULL} + { "Supported Curve", SSL_SECOP_CURVE_SUPPORTED }, + { "Shared Curve", SSL_SECOP_CURVE_SHARED }, + { "Check Curve", SSL_SECOP_CURVE_CHECK }, + { "Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED }, + { "Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED }, + { "Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK }, + { "Signature Algorithm mask", SSL_SECOP_SIGALG_MASK }, + { "Certificate chain EE key", SSL_SECOP_EE_KEY }, + { "Certificate chain CA key", SSL_SECOP_CA_KEY }, + { "Peer Chain EE key", SSL_SECOP_PEER_EE_KEY }, + { "Peer Chain CA key", SSL_SECOP_PEER_CA_KEY }, + { "Certificate chain CA digest", SSL_SECOP_CA_MD }, + { "Peer chain CA digest", SSL_SECOP_PEER_CA_MD }, + { "SSL compression", SSL_SECOP_COMPRESSION }, + { "Session ticket", SSL_SECOP_TICKET }, + { NULL } }; static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex) + int op, int bits, int nid, + void *other, void *ex) { security_debug_ex *sdb = ex; int rv, show_bits = 1, cert_md = 0; @@ -1446,66 +1440,61 @@ break; #ifndef OPENSSL_NO_EC - case SSL_SECOP_OTHER_CURVE: - { - const char *cname; - cname = EC_curve_nid2nist(nid); - if (cname == NULL) - cname = OBJ_nid2sn(nid); - BIO_puts(sdb->out, cname); - } - break; + case SSL_SECOP_OTHER_CURVE: { + const char *cname; + cname = EC_curve_nid2nist(nid); + if (cname == NULL) + cname = OBJ_nid2sn(nid); + BIO_puts(sdb->out, cname); + } break; #endif - case SSL_SECOP_OTHER_CERT: - { - if (cert_md) { - int sig_nid = X509_get_signature_nid(other); + case SSL_SECOP_OTHER_CERT: { + if (cert_md) { + int sig_nid = X509_get_signature_nid(other); - BIO_puts(sdb->out, OBJ_nid2sn(sig_nid)); - } else { - EVP_PKEY *pkey = X509_get0_pubkey(other); + BIO_puts(sdb->out, OBJ_nid2sn(sig_nid)); + } else { + EVP_PKEY *pkey = X509_get0_pubkey(other); - if (pkey == NULL) { - BIO_printf(sdb->out, "Public key missing"); - } else { - const char *algname = ""; + if (pkey == NULL) { + BIO_printf(sdb->out, "Public key missing"); + } else { + const char *algname = ""; - EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, - &algname, EVP_PKEY_get0_asn1(pkey)); - BIO_printf(sdb->out, "%s, bits=%d", - algname, EVP_PKEY_get_bits(pkey)); - } + EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, + &algname, EVP_PKEY_get0_asn1(pkey)); + BIO_printf(sdb->out, "%s, bits=%d", + algname, EVP_PKEY_get_bits(pkey)); } - break; } - case SSL_SECOP_OTHER_SIGALG: - { - const unsigned char *salg = other; - const char *sname = NULL; - int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */ - /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */ - - if (nm != NULL) - BIO_printf(sdb->out, "%s", nm); - else - BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op); + break; + } + case SSL_SECOP_OTHER_SIGALG: { + const unsigned char *salg = other; + const char *sname = NULL; + int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */ + /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */ + + if (nm != NULL) + BIO_printf(sdb->out, "%s", nm); + else + BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op); - sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL); - if (sname != NULL) { - BIO_printf(sdb->out, " scheme=%s", sname); - } else { - int alg_code = salg[1]; - int hash_code = salg[0]; - const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL); - const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL); - - if (alg_str != NULL && hash_str != NULL) - BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str); - else - BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code); - } - } + sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL); + if (sname != NULL) { + BIO_printf(sdb->out, " scheme=%s", sname); + } else { + int alg_code = salg[1]; + int hash_code = salg[0]; + const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL); + const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL); + if (alg_str != NULL && hash_str != NULL) + BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str); + else + BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code); + } + } } if (show_bits) @@ -1565,7 +1554,7 @@ /* Write a header for seekable, empty files (this excludes pipes). */ if (BIO_tell(bio_keylog) == 0) { BIO_puts(bio_keylog, - "# SSL/TLS secrets log file, generated by OpenSSL\n"); + "# SSL/TLS secrets log file, generated by OpenSSL\n"); (void)BIO_flush(bio_keylog); } SSL_CTX_set_keylog_callback(ctx, keylog_callback); @@ -1584,7 +1573,7 @@ return; } - BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs); + BIO_printf(bio, "---\nAcceptable %s certificate CA names\n", cs); for (i = 0; i < sk_X509_NAME_num(sk); i++) { X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt()); BIO_write(bio, "\n", 1); --- crypto/openssl/apps/lib/s_socket.c.orig +++ crypto/openssl/apps/lib/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,33 +22,33 @@ * needed to have fileno() declared correctly... So let's define u_int */ #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -# define __U_INT +#define __U_INT typedef unsigned int u_int; #endif #ifdef _WIN32 -# include +#include /* MSVC renamed some POSIX functions to have an underscore prefix. */ -# ifdef _MSC_VER -# define getpid _getpid -# endif +#ifdef _MSC_VER +#define getpid _getpid +#endif #endif #ifndef OPENSSL_NO_SOCK -# include "apps.h" -# include "s_apps.h" -# include "internal/sockets.h" +#include "apps.h" +#include "s_apps.h" +#include "internal/sockets.h" -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif +#if defined(__TANDEM) +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif +#endif -# include -# include +#include +#include /* Keep track of our peer's address for the cookie callback */ BIO_ADDR *ourpeer = NULL; @@ -75,8 +75,8 @@ * Returns 1 on success, 0 on failure. */ int init_client(int *sock, const char *host, const char *port, - const char *bindhost, const char *bindport, - int family, int type, int protocol) + const char *bindhost, const char *bindport, + int family, int type, int protocol) { BIO_ADDRINFO *res = NULL; BIO_ADDRINFO *bindaddr = NULL; @@ -89,7 +89,7 @@ return 0; ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol, - &res); + &res); if (ret == 0) { ERR_print_errors(bio_err); return 0; @@ -97,9 +97,9 @@ if (bindhost != NULL || bindport != NULL) { ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT, - family, type, protocol, &bindaddr); + family, type, protocol, &bindaddr); if (ret == 0) { - ERR_print_errors (bio_err); + ERR_print_errors(bio_err); goto out; } } @@ -110,10 +110,10 @@ * anything in the BIO_ADDRINFO chain that we haven't * asked for. */ OPENSSL_assert((family == AF_UNSPEC - || family == BIO_ADDRINFO_family(ai)) - && (type == 0 || type == BIO_ADDRINFO_socktype(ai)) - && (protocol == 0 - || protocol == BIO_ADDRINFO_protocol(ai))); + || family == BIO_ADDRINFO_family(ai)) + && (type == 0 || type == BIO_ADDRINFO_socktype(ai)) + && (protocol == 0 + || protocol == BIO_ADDRINFO_protocol(ai))); if (bindaddr != NULL) { for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) { @@ -126,7 +126,7 @@ } *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai), - BIO_ADDRINFO_protocol(ai), 0); + BIO_ADDRINFO_protocol(ai), 0); if (*sock == INVALID_SOCKET) { /* Maybe the kernel doesn't support the socket family, even if * BIO_lookup() added it in the returned result... @@ -136,7 +136,7 @@ if (bi != NULL) { if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi), - BIO_SOCK_REUSEADDR)) { + BIO_SOCK_REUSEADDR)) { BIO_closesocket(*sock); *sock = INVALID_SOCKET; break; @@ -154,15 +154,16 @@ BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE); if (tmpbio == NULL) { - ERR_print_errors(bio_err); - return 0; + BIO_closesocket(*sock); + *sock = INVALID_SOCKET; + continue; } BIO_free(tmpbio); } #endif if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), - BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { + BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { BIO_closesocket(*sock); *sock = INVALID_SOCKET; continue; @@ -176,13 +177,14 @@ if (bindaddr != NULL && !found) { BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n", #ifdef AF_INET6 - BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " : + BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " : #endif - BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " : - BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "", - bindhost != NULL ? bindhost : "", - bindport != NULL ? ":" : "", - bindport != NULL ? bindport : ""); + BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " + : BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " + : "", + bindhost != NULL ? bindhost : "", + bindport != NULL ? ":" : "", + bindport != NULL ? bindport : ""); ERR_clear_error(); ret = 0; } @@ -194,7 +196,7 @@ } out: if (bindaddr != NULL) { - BIO_ADDRINFO_free (bindaddr); + BIO_ADDRINFO_free(bindaddr); } BIO_ADDRINFO_free(res); return ret; @@ -216,10 +218,11 @@ && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL) { success = BIO_printf(out, - strchr(hostname, ':') == NULL - ? /* IPv4 */ " %s:%s" - : /* IPv6 */ " [%s]:%s", - hostname, service) > 0; + strchr(hostname, ':') == NULL + ? /* IPv4 */ " %s:%s" + : /* IPv6 */ " [%s]:%s", + hostname, service) + > 0; } else { (void)BIO_printf(out, "unknown:error\n"); success = 0; @@ -257,8 +260,8 @@ * 0 on failure, something other on success. */ int do_server(int *accept_sock, const char *host, const char *port, - int family, int type, int protocol, do_server_cb cb, - unsigned char *context, int naccept, BIO *bio_s_out) + int family, int type, int protocol, do_server_cb cb, + unsigned char *context, int naccept, BIO *bio_s_out) { int asock = 0; int sock; @@ -276,7 +279,7 @@ return 0; if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol, - &res)) { + &res)) { ERR_print_errors(bio_err); return 0; } @@ -284,8 +287,8 @@ /* Admittedly, these checks are quite paranoid, we should not get * anything in the BIO_ADDRINFO chain that we haven't asked for */ OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res)) - && (type == 0 || type == BIO_ADDRINFO_socktype(res)) - && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res))); + && (type == 0 || type == BIO_ADDRINFO_socktype(res)) + && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res))); sock_family = BIO_ADDRINFO_family(res); sock_type = BIO_ADDRINFO_socktype(res); @@ -296,10 +299,10 @@ if (sock_family == AF_INET6) sock_options |= BIO_SOCK_V6_ONLY; if (next != NULL - && BIO_ADDRINFO_socktype(next) == sock_type - && BIO_ADDRINFO_protocol(next) == sock_protocol) { + && BIO_ADDRINFO_socktype(next) == sock_type + && BIO_ADDRINFO_protocol(next) == sock_protocol) { if (sock_family == AF_INET - && BIO_ADDRINFO_family(next) == AF_INET6) { + && BIO_ADDRINFO_family(next) == AF_INET6) { /* In case AF_INET6 is returned but not supported by the * kernel, retry with the first detected address family */ sock_family_fallback = sock_family; @@ -307,7 +310,7 @@ sock_family = AF_INET6; sock_address = BIO_ADDRINFO_address(next); } else if (sock_family == AF_INET6 - && BIO_ADDRINFO_family(next) == AF_INET) { + && BIO_ADDRINFO_family(next) == AF_INET) { sock_options &= ~BIO_SOCK_V6_ONLY; } } @@ -338,6 +341,7 @@ BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE); if (tmpbio == NULL) { + BIO_ADDRINFO_free(res); BIO_closesocket(asock); ERR_print_errors(bio_err); goto end; @@ -383,8 +387,6 @@ if (naccept != -1) naccept--; - if (naccept == 0) - BIO_closesocket(asock); BIO_set_tcp_ndelay(sock, 1); i = (*cb)(sock, type, protocol, context); @@ -407,12 +409,12 @@ * alerts are passed on...] */ timeout.tv_sec = 0; - timeout.tv_usec = 500000; /* some extreme round-trip */ + timeout.tv_usec = 500000; /* some extreme round-trip */ do { FD_ZERO(&readfds); openssl_fdset(sock, &readfds); } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 - && readsocket(sock, sink, sizeof(sink)) > 0); + && readsocket(sock, sink, sizeof(sink)) > 0); BIO_closesocket(sock); } else { @@ -424,15 +426,16 @@ if (i < 0 || naccept == 0) { BIO_closesocket(asock); + asock = INVALID_SOCKET; ret = i; break; } } - end: -# ifdef AF_UNIX +end: +#ifdef AF_UNIX if (family == AF_UNIX) unlink(host); -# endif +#endif BIO_ADDR_free(ourpeer); ourpeer = NULL; return ret; @@ -459,4 +462,4 @@ } while (ret < 0); } -#endif /* OPENSSL_NO_SOCK */ +#endif /* OPENSSL_NO_SOCK */ --- crypto/openssl/apps/lib/tlssrp_depr.c.orig +++ crypto/openssl/apps/lib/tlssrp_depr.c @@ -29,16 +29,11 @@ BN_CTX *bn_ctx = BN_CTX_new(); BIGNUM *p = BN_new(); BIGNUM *r = BN_new(); - int ret = - g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && - BN_check_prime(N, bn_ctx, NULL) == 1 && - p != NULL && BN_rshift1(p, N) && + int ret = g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && BN_check_prime(N, bn_ctx, NULL) == 1 && p != NULL && BN_rshift1(p, N) && /* p = (N-1)/2 */ - BN_check_prime(p, bn_ctx, NULL) == 1 && - r != NULL && + BN_check_prime(p, bn_ctx, NULL) == 1 && r != NULL && /* verify g^((N-1)/2) == -1 (mod N) */ - BN_mod_exp(r, g, p, N, bn_ctx) && - BN_add_word(r, 1) && BN_cmp(r, N) == 0; + BN_mod_exp(r, g, p, N, bn_ctx) && BN_add_word(r, 1) && BN_cmp(r, N) == 0; BN_free(r); BN_free(p); @@ -84,7 +79,7 @@ if (srp_arg->amp == 1) { if (srp_arg->debug) BIO_printf(bio_err, - "SRP param N and g are not known params, going to check deeper.\n"); + "SRP param N and g are not known params, going to check deeper.\n"); /* * The srp_moregroups is a real debugging feature. Implementors @@ -120,7 +115,7 @@ } int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg, - int c_debug) + int c_debug) { if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg->srplogin)) { BIO_printf(bio_err, "Unable to set SRP username\n"); @@ -144,7 +139,7 @@ void set_up_dummy_srp(SSL_CTX *ctx) { - SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); + SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); } /* @@ -157,7 +152,7 @@ */ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) { - srpsrvparm *p = (srpsrvparm *) arg; + srpsrvparm *p = (srpsrvparm *)arg; int ret = SSL3_AL_FATAL; if (p->login == NULL && p->user == NULL) { @@ -171,18 +166,18 @@ goto err; } - if (SSL_set_srp_server_param - (s, p->user->N, p->user->g, p->user->s, p->user->v, - p->user->info) < 0) { + if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v, + p->user->info) + < 0) { *ad = SSL_AD_INTERNAL_ERROR; goto err; } BIO_printf(bio_err, - "SRP parameters set: username = \"%s\" info=\"%s\" \n", - p->login, p->user->info); + "SRP parameters set: username = \"%s\" info=\"%s\" \n", + p->login, p->user->info); ret = SSL_ERROR_NONE; - err: +err: SRP_user_pwd_free(p->user); p->user = NULL; p->login = NULL; @@ -190,7 +185,7 @@ } int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm, - char *srpuserseed, char *srp_verifier_file) + char *srpuserseed, char *srp_verifier_file) { int ret; @@ -202,12 +197,12 @@ BIO_printf(bio_err, "Failed to initialize SRP verifier file \n"); return 0; } - if ((ret = - SRP_VBASE_init(srp_callback_parm->vb, - srp_verifier_file)) != SRP_NO_ERROR) { + if ((ret = SRP_VBASE_init(srp_callback_parm->vb, + srp_verifier_file)) + != SRP_NO_ERROR) { BIO_printf(bio_err, - "Cannot initialize SRP verifier file \"%s\":ret=%d\n", - srp_verifier_file, ret); + "Cannot initialize SRP verifier file \"%s\":ret=%d\n", + srp_verifier_file, ret); return 0; } SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback); @@ -221,11 +216,11 @@ { SRP_user_pwd_free(srp_callback_parm->user); srp_callback_parm->user = SRP_VBASE_get1_by_user(srp_callback_parm->vb, - srp_callback_parm->login); + srp_callback_parm->login); if (srp_callback_parm->user != NULL) BIO_printf(bio_s_out, "LOOKUP done %s\n", - srp_callback_parm->user->info); + srp_callback_parm->user->info); else BIO_printf(bio_s_out, "LOOKUP not successful\n"); } --- crypto/openssl/apps/lib/vms_decc_argv.c.orig +++ crypto/openssl/apps/lib/vms_decc_argv.c @@ -9,7 +9,7 @@ #include #include -#include "platform.h" /* for copy_argv() */ +#include "platform.h" /* for copy_argv() */ char **newargv = NULL; --- crypto/openssl/apps/lib/vms_term_sock.c.orig +++ crypto/openssl/apps/lib/vms_term_sock.c @@ -9,107 +9,122 @@ */ #ifdef __VMS -# define OPENSSL_SYS_VMS -# pragma message disable DOLLARID +#define OPENSSL_SYS_VMS +#pragma message disable DOLLARID +#include -# include - -# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) +#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) /* * On VMS, you need to define this to get the declaration of fileno(). The * value 2 is to make sure no function defined in POSIX-2 is left undefined. */ -# define _POSIX_C_SOURCE 2 -# endif - -# include - -# undef _POSIX_C_SOURCE - -# include -# include -# include -# include -# include -# include -# include -# include -# include -# ifdef __alpha -# include -# else -typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */ -# pragma __nomember_alignment - __union { - __struct { +#define _POSIX_C_SOURCE 2 +#endif + +#include + +#undef _POSIX_C_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef __alpha +#include +#else +typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */ +#pragma __nomember_alignment + __union + { + __struct + { unsigned short int iosb$w_status; /* Final I/O status */ - __union { - __struct { /* 16-bit byte count variant */ + __union + { + __struct + { /* 16-bit byte count variant */ unsigned short int iosb$w_bcnt; /* 16-bit byte count */ - __union { + __union + { unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */ unsigned int iosb$l_pid; /* 32-bit pid */ - } iosb$r_l; - } iosb$r_bcnt_16; - __struct { /* 32-bit byte count variant */ + } + iosb$r_l; + } + iosb$r_bcnt_16; + __struct + { /* 32-bit byte count variant */ unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */ unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */ - } iosb$r_bcnt_32; - } iosb$r_devdepend; - } iosb$r_io_64; - __struct { - __union { + } + iosb$r_bcnt_32; + } + iosb$r_devdepend; + } + iosb$r_io_64; + __struct + { + __union + { unsigned int iosb$l_getxxi_status; /* Final GETxxI status */ unsigned int iosb$l_reg_status; /* Final $Registry status */ - } iosb$r_l_status; + } + iosb$r_l_status; unsigned int iosb$l_reserved; /* Reserved field */ - } iosb$r_get_64; - } iosb$r_io_get; + } + iosb$r_get_64; + } + iosb$r_io_get; } IOSB; -# if !defined(__VAXC) -# define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status -# define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt -# define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l -# define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend -# define iosb$l_pid iosb$r_l.iosb$l_pid -# define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt -# define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high -# define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status -# define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status -# endif /* #if !defined(__VAXC) */ - -# endif /* End of IOSBDEF */ - -# include -# include -# include -# include -# include -# include - -# include "vms_term_sock.h" - -# ifdef __alpha +#if !defined(__VAXC) +#define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status +#define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt +#define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l +#define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend +#define iosb$l_pid iosb$r_l.iosb$l_pid +#define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt +#define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high +#define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status +#define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status +#endif /* #if !defined(__VAXC) */ + +#endif /* End of IOSBDEF */ + +#include +#include +#include +#include +#include +#include + +#include "vms_term_sock.h" + +#ifdef __alpha static struct _iosb TerminalDeviceIosb; -# else +#else IOSB TerminalDeviceIosb; -# endif +#endif static char TerminalDeviceBuff[255 + 2]; -static int TerminalSocketPair[2] = {0, 0}; +static int TerminalSocketPair[2] = { 0, 0 }; static unsigned short TerminalDeviceChan = 0; -static int CreateSocketPair (int, int, int, int *); -static void SocketPairTimeoutAst (int); -static int TerminalDeviceAst (int); -static void LogMessage (char *, ...); +static int CreateSocketPair(int, int, int, int *); +static void SocketPairTimeoutAst(int); +static int TerminalDeviceAst(int); +static void LogMessage(char *, ...); /* ** Socket Pair Timeout Value (must be 0-59 seconds) */ -# define SOCKET_PAIR_TIMEOUT_VALUE 20 +#define SOCKET_PAIR_TIMEOUT_VALUE 20 /* ** Socket Pair Timeout Block which is passed to timeout AST @@ -119,55 +134,54 @@ unsigned short SockChan2; } SPTB; -# ifdef TERM_SOCK_TEST - +#ifdef TERM_SOCK_TEST + /*----------------------------------------------------------------------------*/ /* */ /*----------------------------------------------------------------------------*/ -int main (int argc, char *argv[], char *envp[]) +int main(int argc, char *argv[], char *envp[]) { char TermBuff[80]; int TermSock, status, len; - LogMessage ("Enter 'q' or 'Q' to quit ..."); - while (OPENSSL_strcasecmp (TermBuff, "Q")) { + LogMessage("Enter 'q' or 'Q' to quit ..."); + while (OPENSSL_strcasecmp(TermBuff, "Q")) { /* ** Create the terminal socket */ - status = TerminalSocket (TERM_SOCK_CREATE, &TermSock); + status = TerminalSocket(TERM_SOCK_CREATE, &TermSock); if (status != TERM_SOCK_SUCCESS) - exit (1); + exit(1); /* ** Process the terminal input */ - LogMessage ("Waiting on terminal I/O ...\n"); - len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ; + LogMessage("Waiting on terminal I/O ...\n"); + len = recv(TermSock, TermBuff, sizeof(TermBuff), 0); TermBuff[len] = '\0'; - LogMessage ("Received terminal I/O [%s]", TermBuff); + LogMessage("Received terminal I/O [%s]", TermBuff); /* ** Delete the terminal socket */ - status = TerminalSocket (TERM_SOCK_DELETE, &TermSock); + status = TerminalSocket(TERM_SOCK_DELETE, &TermSock); if (status != TERM_SOCK_SUCCESS) - exit (1); + exit(1); } return 1; - } -# endif - +#endif + /*----------------------------------------------------------------------------*/ /* */ /*----------------------------------------------------------------------------*/ -int TerminalSocket (int FunctionCode, int *ReturnSocket) +int TerminalSocket(int FunctionCode, int *ReturnSocket) { int status; - $DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND"); + $DESCRIPTOR(TerminalDeviceDesc, "SYS$COMMAND"); /* ** Process the requested function code @@ -177,45 +191,45 @@ /* ** Create a socket pair */ - status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair); + status = CreateSocketPair(AF_INET, SOCK_STREAM, 0, TerminalSocketPair); if (status == -1) { - LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status); + LogMessage("TerminalSocket: CreateSocketPair () - %08X", status); if (TerminalSocketPair[0]) - close (TerminalSocketPair[0]); + close(TerminalSocketPair[0]); if (TerminalSocketPair[1]) - close (TerminalSocketPair[1]); + close(TerminalSocketPair[1]); return TERM_SOCK_FAILURE; } /* ** Assign a channel to the terminal device */ - status = sys$assign (&TerminalDeviceDesc, - &TerminalDeviceChan, - 0, 0, 0); - if (! (status & 1)) { - LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status); - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); + status = sys$assign(&TerminalDeviceDesc, + &TerminalDeviceChan, + 0, 0, 0); + if (!(status & 1)) { + LogMessage("TerminalSocket: SYS$ASSIGN () - %08X", status); + close(TerminalSocketPair[0]); + close(TerminalSocketPair[1]); return TERM_SOCK_FAILURE; } /* ** Queue an async IO to the terminal device */ - status = sys$qio (EFN$C_ENF, - TerminalDeviceChan, - IO$_READVBLK, - &TerminalDeviceIosb, - TerminalDeviceAst, - 0, - TerminalDeviceBuff, - sizeof(TerminalDeviceBuff) - 2, - 0, 0, 0, 0); - if (! (status & 1)) { - LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); + status = sys$qio(EFN$C_ENF, + TerminalDeviceChan, + IO$_READVBLK, + &TerminalDeviceIosb, + TerminalDeviceAst, + 0, + TerminalDeviceBuff, + sizeof(TerminalDeviceBuff) - 2, + 0, 0, 0, 0); + if (!(status & 1)) { + LogMessage("TerminalSocket: SYS$QIO () - %08X", status); + close(TerminalSocketPair[0]); + close(TerminalSocketPair[1]); return TERM_SOCK_FAILURE; } @@ -229,30 +243,30 @@ /* ** Cancel any pending IO on the terminal channel */ - status = sys$cancel (TerminalDeviceChan); - if (! (status & 1)) { - LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status); - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); + status = sys$cancel(TerminalDeviceChan); + if (!(status & 1)) { + LogMessage("TerminalSocket: SYS$CANCEL () - %08X", status); + close(TerminalSocketPair[0]); + close(TerminalSocketPair[1]); return TERM_SOCK_FAILURE; } /* ** Deassign the terminal channel */ - status = sys$dassgn (TerminalDeviceChan); - if (! (status & 1)) { - LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status); - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); + status = sys$dassgn(TerminalDeviceChan); + if (!(status & 1)) { + LogMessage("TerminalSocket: SYS$DASSGN () - %08X", status); + close(TerminalSocketPair[0]); + close(TerminalSocketPair[1]); return TERM_SOCK_FAILURE; } /* ** Close the terminal socket pair */ - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); + close(TerminalSocketPair[0]); + close(TerminalSocketPair[1]); /* ** Return the initialized socket @@ -264,7 +278,7 @@ /* ** Invalid function code */ - LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode); + LogMessage("TerminalSocket: Invalid Function Code - %d", FunctionCode); return TERM_SOCK_FAILURE; break; } @@ -273,21 +287,20 @@ ** Return success */ return TERM_SOCK_SUCCESS; - } - + /*----------------------------------------------------------------------------*/ /* */ /*----------------------------------------------------------------------------*/ -static int CreateSocketPair (int SocketFamily, - int SocketType, - int SocketProtocol, - int *SocketPair) +static int CreateSocketPair(int SocketFamily, + int SocketType, + int SocketProtocol, + int *SocketPair) { - struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL}; - static const char* LocalHostAddr = {"127.0.0.1"}; + struct dsc$descriptor AscTimeDesc = { 0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL }; + static const char *LocalHostAddr = { "127.0.0.1" }; unsigned short TcpAcceptChan = 0, - TcpDeviceChan = 0; + TcpDeviceChan = 0; unsigned long BinTimeBuff[2]; struct sockaddr_in sin; char AscTimeBuff[32]; @@ -295,23 +308,23 @@ int status; unsigned int slen; -# ifdef __alpha +#ifdef __alpha struct _iosb iosb; -# else +#else IOSB iosb; -# endif +#endif int SockDesc1 = 0, SockDesc2 = 0; SPTB sptb; - $DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE"); + $DESCRIPTOR(TcpDeviceDesc, "TCPIP$DEVICE"); /* ** Create a socket */ - SockDesc1 = socket (SocketFamily, SocketType, 0); + SockDesc1 = socket(SocketFamily, SocketType, 0); if (SockDesc1 < 0) { - LogMessage ("CreateSocketPair: socket () - %d", errno); + LogMessage("CreateSocketPair: socket () - %d", errno); return -1; } @@ -319,28 +332,28 @@ ** Initialize the socket information */ slen = sizeof(sin); - memset ((char *) &sin, 0, slen); + memset((char *)&sin, 0, slen); sin.sin_family = SocketFamily; - sin.sin_addr.s_addr = inet_addr (LocalHostAddr); + sin.sin_addr.s_addr = inet_addr(LocalHostAddr); sin.sin_port = 0; /* ** Bind the socket to the local IP */ - status = bind (SockDesc1, (struct sockaddr *) &sin, slen); + status = bind(SockDesc1, (struct sockaddr *)&sin, slen); if (status < 0) { - LogMessage ("CreateSocketPair: bind () - %d", errno); - close (SockDesc1); + LogMessage("CreateSocketPair: bind () - %d", errno); + close(SockDesc1); return -1; } /* ** Get the socket name so we can save the port number */ - status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen); + status = getsockname(SockDesc1, (struct sockaddr *)&sin, &slen); if (status < 0) { - LogMessage ("CreateSocketPair: getsockname () - %d", errno); - close (SockDesc1); + LogMessage("CreateSocketPair: getsockname () - %d", errno); + close(SockDesc1); return -1; } else LocalHostPort = sin.sin_port; @@ -348,18 +361,18 @@ /* ** Setup a listen for the socket */ - listen (SockDesc1, 5); + listen(SockDesc1, 5); /* ** Get the binary (64-bit) time of the specified timeout value */ BIO_snprintf(AscTimeBuff, sizeof(AscTimeBuff), "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE); - AscTimeDesc.dsc$w_length = strlen (AscTimeBuff); + AscTimeDesc.dsc$w_length = strlen(AscTimeBuff); AscTimeDesc.dsc$a_pointer = AscTimeBuff; - status = sys$bintim (&AscTimeDesc, BinTimeBuff); - if (! (status & 1)) { - LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status); - close (SockDesc1); + status = sys$bintim(&AscTimeDesc, BinTimeBuff); + if (!(status & 1)) { + LogMessage("CreateSocketPair: SYS$BINTIM () - %08X", status); + close(SockDesc1); return -1; } @@ -367,87 +380,87 @@ ** Assign another channel to the TCP/IP device for the accept. ** This is the channel that ends up being connected to. */ - status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0); - if (! (status & 1)) { - LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status); - close (SockDesc1); + status = sys$assign(&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0); + if (!(status & 1)) { + LogMessage("CreateSocketPair: SYS$ASSIGN () - %08X", status); + close(SockDesc1); return -1; } /* ** Get the channel of the first socket for the accept */ - TcpAcceptChan = decc$get_sdc (SockDesc1); + TcpAcceptChan = decc$get_sdc(SockDesc1); /* ** Perform the accept using $QIO so we can do this asynchronously */ - status = sys$qio (EFN$C_ENF, - TcpAcceptChan, - IO$_ACCESS | IO$M_ACCEPT, - &iosb, - 0, 0, 0, 0, 0, - &TcpDeviceChan, - 0, 0); - if (! (status & 1)) { - LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status); - close (SockDesc1); - sys$dassgn (TcpDeviceChan); + status = sys$qio(EFN$C_ENF, + TcpAcceptChan, + IO$_ACCESS | IO$M_ACCEPT, + &iosb, + 0, 0, 0, 0, 0, + &TcpDeviceChan, + 0, 0); + if (!(status & 1)) { + LogMessage("CreateSocketPair: SYS$QIO () - %08X", status); + close(SockDesc1); + sys$dassgn(TcpDeviceChan); return -1; } /* ** Create the second socket to do the connect */ - SockDesc2 = socket (SocketFamily, SocketType, 0); + SockDesc2 = socket(SocketFamily, SocketType, 0); if (SockDesc2 < 0) { - LogMessage ("CreateSocketPair: socket () - %d", errno); - sys$cancel (TcpAcceptChan); - close (SockDesc1); - sys$dassgn (TcpDeviceChan); - return (-1) ; + LogMessage("CreateSocketPair: socket () - %d", errno); + sys$cancel(TcpAcceptChan); + close(SockDesc1); + sys$dassgn(TcpDeviceChan); + return (-1); } /* ** Setup the Socket Pair Timeout Block */ sptb.SockChan1 = TcpAcceptChan; - sptb.SockChan2 = decc$get_sdc (SockDesc2); + sptb.SockChan2 = decc$get_sdc(SockDesc2); /* ** Before we block on the connect, set a timer that can cancel I/O on our ** two sockets if it never connects. */ - status = sys$setimr (EFN$C_ENF, - BinTimeBuff, - SocketPairTimeoutAst, - &sptb, - 0); - if (! (status & 1)) { - LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status); - sys$cancel (TcpAcceptChan); - close (SockDesc1); - close (SockDesc2); - sys$dassgn (TcpDeviceChan); + status = sys$setimr(EFN$C_ENF, + BinTimeBuff, + SocketPairTimeoutAst, + &sptb, + 0); + if (!(status & 1)) { + LogMessage("CreateSocketPair: SYS$SETIMR () - %08X", status); + sys$cancel(TcpAcceptChan); + close(SockDesc1); + close(SockDesc2); + sys$dassgn(TcpDeviceChan); return -1; } /* ** Now issue the connect */ - memset ((char *) &sin, 0, sizeof(sin)) ; + memset((char *)&sin, 0, sizeof(sin)); sin.sin_family = SocketFamily; - sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; - sin.sin_port = LocalHostPort ; - - status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin)); - if (status < 0 ) { - LogMessage ("CreateSocketPair: connect () - %d", errno); - sys$cantim (&sptb, 0); - sys$cancel (TcpAcceptChan); - close (SockDesc1); - close (SockDesc2); - sys$dassgn (TcpDeviceChan); + sin.sin_addr.s_addr = inet_addr(LocalHostAddr); + sin.sin_port = LocalHostPort; + + status = connect(SockDesc2, (struct sockaddr *)&sin, sizeof(sin)); + if (status < 0) { + LogMessage("CreateSocketPair: connect () - %d", errno); + sys$cantim(&sptb, 0); + sys$cancel(TcpAcceptChan); + close(SockDesc1); + close(SockDesc2); + sys$dassgn(TcpDeviceChan); return -1; } @@ -456,18 +469,18 @@ ** (SS$_ABORT), then we probably canceled it from the AST routine - so log ** a timeout. */ - status = sys$synch (EFN$C_ENF, &iosb); - if (! (iosb.iosb$w_status & 1)) { + status = sys$synch(EFN$C_ENF, &iosb); + if (!(iosb.iosb$w_status & 1)) { if (iosb.iosb$w_status == SS$_ABORT) - LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout"); + LogMessage("CreateSocketPair: SYS$QIO(iosb) timeout"); else { - LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d", - iosb.iosb$w_status); - sys$cantim (&sptb, 0); + LogMessage("CreateSocketPair: SYS$QIO(iosb) - %d", + iosb.iosb$w_status); + sys$cantim(&sptb, 0); } - close (SockDesc1); - close (SockDesc2); - sys$dassgn (TcpDeviceChan); + close(SockDesc1); + close(SockDesc2); + sys$dassgn(TcpDeviceChan); return -1; } @@ -476,34 +489,32 @@ ** I/O channel to a socket fd, close the listener socket and return the ** connected pair. */ - sys$cantim (&sptb, 0); - - close (SockDesc1) ; - SocketPair[0] = SockDesc2 ; - SocketPair[1] = socket_fd (TcpDeviceChan); + sys$cantim(&sptb, 0); - return (0) ; + close(SockDesc1); + SocketPair[0] = SockDesc2; + SocketPair[1] = socket_fd(TcpDeviceChan); + return (0); } - + /*----------------------------------------------------------------------------*/ /* */ /*----------------------------------------------------------------------------*/ -static void SocketPairTimeoutAst (int astparm) +static void SocketPairTimeoutAst(int astparm) { - SPTB *sptb = (SPTB *) astparm; + SPTB *sptb = (SPTB *)astparm; - sys$cancel (sptb->SockChan2); /* Cancel the connect() */ - sys$cancel (sptb->SockChan1); /* Cancel the accept() */ + sys$cancel(sptb->SockChan2); /* Cancel the connect() */ + sys$cancel(sptb->SockChan1); /* Cancel the accept() */ return; - } - + /*----------------------------------------------------------------------------*/ /* */ /*----------------------------------------------------------------------------*/ -static int TerminalDeviceAst (int astparm) +static int TerminalDeviceAst(int astparm) { int status; @@ -511,41 +522,40 @@ ** Terminate the terminal buffer */ TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0'; - strcat (TerminalDeviceBuff, "\n"); + strcat(TerminalDeviceBuff, "\n"); /* ** Send the data read from the terminal device through the socket pair */ - send (TerminalSocketPair[0], TerminalDeviceBuff, - TerminalDeviceIosb.iosb$w_bcnt + 1, 0); + send(TerminalSocketPair[0], TerminalDeviceBuff, + TerminalDeviceIosb.iosb$w_bcnt + 1, 0); /* ** Queue another async IO to the terminal device */ - status = sys$qio (EFN$C_ENF, - TerminalDeviceChan, - IO$_READVBLK, - &TerminalDeviceIosb, - TerminalDeviceAst, - 0, - TerminalDeviceBuff, - sizeof(TerminalDeviceBuff) - 1, - 0, 0, 0, 0); + status = sys$qio(EFN$C_ENF, + TerminalDeviceChan, + IO$_READVBLK, + &TerminalDeviceIosb, + TerminalDeviceAst, + 0, + TerminalDeviceBuff, + sizeof(TerminalDeviceBuff) - 2, + 0, 0, 0, 0); /* ** Return status */ return status; - } - + /*----------------------------------------------------------------------------*/ /* */ /*----------------------------------------------------------------------------*/ -static void LogMessage (char *msg, ...) +static void LogMessage(char *msg, ...) { - char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; + char *Month[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; static unsigned int pid = 0; va_list args; time_t CurTime; @@ -556,36 +566,35 @@ ** Get the process pid */ if (pid == 0) - pid = getpid (); + pid = getpid(); /* ** Convert the current time into local time */ - CurTime = time (NULL); - LocTime = localtime (&CurTime); + CurTime = time(NULL); + LocTime = localtime(&CurTime); /* ** Format the message buffer */ BIO_snprintf(MsgBuff, sizeof(MsgBuff), "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n", - LocTime->tm_mday, Month[LocTime->tm_mon], - (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min, - LocTime->tm_sec, pid, msg); + LocTime->tm_mday, Month[LocTime->tm_mon], + (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min, + LocTime->tm_sec, pid, msg); /* ** Get any variable arguments and add them to the print of the message ** buffer */ - va_start (args, msg); - vfprintf (stderr, MsgBuff, args); - va_end (args); + va_start(args, msg); + vfprintf(stderr, MsgBuff, args); + va_end(args); /* ** Flush standard error output */ - fsync (fileno (stderr)); + fsync(fileno(stderr)); return; - } #endif --- crypto/openssl/apps/lib/win32_init.c.orig +++ crypto/openssl/apps/lib/win32_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,6 @@ #include #include #include -#include #if defined(CP_UTF8) @@ -81,18 +80,18 @@ break; if (i == wlen) - return 0; /* definitely not a glob */ + return 0; /* definitely not a glob */ saved_char = wstr[wlen]; wstr[wlen] = L'\0'; h = FindFirstFileW(wstr, &data); wstr[wlen] = saved_char; if (h == INVALID_HANDLE_VALUE) - return 0; /* not a valid glob, just pass... */ + return 0; /* not a valid glob, just pass... */ if (slash) udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash, - NULL, 0, NULL, NULL); + NULL, 0, NULL, NULL); else udlen = 0; @@ -104,8 +103,7 @@ * skip over . and .. */ if (data.cFileName[0] == L'.') { - if ((data.cFileName[1] == L'\0') || - (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0')) + if ((data.cFileName[1] == L'\0') || (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0')) continue; } @@ -117,7 +115,7 @@ * so that |uflen| covers even trailing '\0'. */ uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1, - NULL, 0, NULL, NULL); + NULL, 0, NULL, NULL); arg = malloc(udlen + uflen); if (arg == NULL) @@ -125,10 +123,10 @@ if (udlen) WideCharToMultiByte(CP_UTF8, 0, wstr, slash, - arg, udlen, NULL, NULL); + arg, udlen, NULL, NULL); WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1, - arg + udlen, uflen, NULL, NULL); + arg + udlen, uflen, NULL, NULL); newargv[newargc++] = arg; } while (FindNextFileW(h, &data)); @@ -154,7 +152,8 @@ return; wcmdline = GetCommandLineW(); - if (wcmdline == NULL) return; + if (wcmdline == NULL) + return; /* * make a copy of the command line, since we might have to modify it... @@ -178,7 +177,7 @@ */ warg = wend = p; while (*p != L'\0' - && (in_quote || (*p != L' ' && *p != L'\t'))) { + && (in_quote || (*p != L' ' && *p != L'\t'))) { switch (*p) { case L'\\': /* @@ -259,7 +258,7 @@ ulen = 0; if (wlen > 0) { ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen, - NULL, 0, NULL, NULL); + NULL, 0, NULL, NULL); if (ulen <= 0) continue; } @@ -272,7 +271,7 @@ if (wlen > 0) WideCharToMultiByte(CP_UTF8, 0, warg, wlen, - arg, ulen, NULL, NULL); + arg, ulen, NULL, NULL); arg[ulen] = '\0'; newargv[newargc++] = arg; @@ -303,5 +302,7 @@ } #else void win32_utf8argv(int *argc, char **argv[]) -{ return; } +{ + return; +} #endif --- crypto/openssl/apps/list.c.orig +++ crypto/openssl/apps/list.c @@ -31,21 +31,21 @@ static const char *select_name = NULL; /* Checks to see if algorithms are fetchable */ -#define IS_FETCHABLE(type, TYPE) \ - static int is_ ## type ## _fetchable(const TYPE *alg) \ - { \ - TYPE *impl; \ - const char *propq = app_get0_propq(); \ - OSSL_LIB_CTX *libctx = app_get0_libctx(); \ - const char *name = TYPE ## _get0_name(alg); \ - \ - ERR_set_mark(); \ - impl = TYPE ## _fetch(libctx, name, propq); \ - ERR_pop_to_mark(); \ - if (impl == NULL) \ - return 0; \ - TYPE ## _free(impl); \ - return 1; \ +#define IS_FETCHABLE(type, TYPE) \ + static int is_##type##_fetchable(const TYPE *alg) \ + { \ + TYPE *impl; \ + const char *propq = app_get0_propq(); \ + OSSL_LIB_CTX *libctx = app_get0_libctx(); \ + const char *name = TYPE##_get0_name(alg); \ + \ + ERR_set_mark(); \ + impl = TYPE##_fetch(libctx, name, propq); \ + ERR_pop_to_mark(); \ + if (impl == NULL) \ + return 0; \ + TYPE##_free(impl); \ + return 1; \ } IS_FETCHABLE(cipher, EVP_CIPHER) IS_FETCHABLE(digest, EVP_MD) @@ -67,11 +67,11 @@ } static void legacy_cipher_fn(const EVP_CIPHER *c, - const char *from, const char *to, void *arg) + const char *from, const char *to, void *arg) { if (select_name != NULL && (c == NULL - || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) + || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) return; if (c != NULL) { BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c)); @@ -86,11 +86,11 @@ #endif DEFINE_STACK_OF(EVP_CIPHER) -static int cipher_cmp(const EVP_CIPHER * const *a, - const EVP_CIPHER * const *b) +static int cipher_cmp(const EVP_CIPHER *const *a, + const EVP_CIPHER *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b))); } static void collect_ciphers(EVP_CIPHER *cipher, void *stack) @@ -98,7 +98,7 @@ STACK_OF(EVP_CIPHER) *cipher_stack = stack; if (is_cipher_fetchable(cipher) - && sk_EVP_CIPHER_push(cipher_stack, cipher) > 0) + && sk_EVP_CIPHER_push(cipher_stack, cipher) > 0) EVP_CIPHER_up_ref(cipher); } @@ -134,7 +134,7 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(c))); + OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(c))); if (verbose) { const char *desc = EVP_CIPHER_get0_description(c); @@ -142,11 +142,11 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("retrievable algorithm parameters", - EVP_CIPHER_gettable_params(c), 4); + EVP_CIPHER_gettable_params(c), 4); print_param_types("retrievable operation parameters", - EVP_CIPHER_gettable_ctx_params(c), 4); + EVP_CIPHER_gettable_ctx_params(c), 4); print_param_types("settable operation parameters", - EVP_CIPHER_settable_ctx_params(c), 4); + EVP_CIPHER_settable_ctx_params(c), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -156,7 +156,7 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 static void legacy_md_fn(const EVP_MD *m, - const char *from, const char *to, void *arg) + const char *from, const char *to, void *arg) { if (m != NULL) { BIO_printf(arg, " %s\n", EVP_MD_get0_name(m)); @@ -171,10 +171,10 @@ #endif DEFINE_STACK_OF(EVP_MD) -static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b) +static int md_cmp(const EVP_MD *const *a, const EVP_MD *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*b))); } static void collect_digests(EVP_MD *digest, void *stack) @@ -182,7 +182,7 @@ STACK_OF(EVP_MD) *digest_stack = stack; if (is_digest_fetchable(digest) - && sk_EVP_MD_push(digest_stack, digest) > 0) + && sk_EVP_MD_push(digest_stack, digest) > 0) EVP_MD_up_ref(digest); } @@ -218,7 +218,7 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(m))); + OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(m))); if (verbose) { const char *desc = EVP_MD_get0_description(m); @@ -226,11 +226,11 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("retrievable algorithm parameters", - EVP_MD_gettable_params(m), 4); + EVP_MD_gettable_params(m), 4); print_param_types("retrievable operation parameters", - EVP_MD_gettable_ctx_params(m), 4); + EVP_MD_gettable_ctx_params(m), 4); print_param_types("settable operation parameters", - EVP_MD_settable_ctx_params(m), 4); + EVP_MD_settable_ctx_params(m), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -239,10 +239,10 @@ } DEFINE_STACK_OF(EVP_MAC) -static int mac_cmp(const EVP_MAC * const *a, const EVP_MAC * const *b) +static int mac_cmp(const EVP_MAC *const *a, const EVP_MAC *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*b))); } static void collect_macs(EVP_MAC *mac, void *stack) @@ -250,7 +250,7 @@ STACK_OF(EVP_MAC) *mac_stack = stack; if (is_mac_fetchable(mac) - && sk_EVP_MAC_push(mac_stack, mac) > 0) + && sk_EVP_MAC_push(mac_stack, mac) > 0) EVP_MAC_up_ref(mac); } @@ -279,7 +279,7 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(m))); + OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(m))); if (verbose) { const char *desc = EVP_MAC_get0_description(m); @@ -287,11 +287,11 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("retrievable algorithm parameters", - EVP_MAC_gettable_params(m), 4); + EVP_MAC_gettable_params(m), 4); print_param_types("retrievable operation parameters", - EVP_MAC_gettable_ctx_params(m), 4); + EVP_MAC_gettable_ctx_params(m), 4); print_param_types("settable operation parameters", - EVP_MAC_settable_ctx_params(m), 4); + EVP_MAC_settable_ctx_params(m), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -303,10 +303,10 @@ * KDFs and PRFs */ DEFINE_STACK_OF(EVP_KDF) -static int kdf_cmp(const EVP_KDF * const *a, const EVP_KDF * const *b) +static int kdf_cmp(const EVP_KDF *const *a, const EVP_KDF *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*b))); } static void collect_kdfs(EVP_KDF *kdf, void *stack) @@ -314,7 +314,7 @@ STACK_OF(EVP_KDF) *kdf_stack = stack; if (is_kdf_fetchable(kdf) - && sk_EVP_KDF_push(kdf_stack, kdf) > 0) + && sk_EVP_KDF_push(kdf_stack, kdf) > 0) EVP_KDF_up_ref(kdf); } @@ -343,7 +343,7 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(k))); + OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(k))); if (verbose) { const char *desc = EVP_KDF_get0_description(k); @@ -351,11 +351,11 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("retrievable algorithm parameters", - EVP_KDF_gettable_params(k), 4); + EVP_KDF_gettable_params(k), 4); print_param_types("retrievable operation parameters", - EVP_KDF_gettable_ctx_params(k), 4); + EVP_KDF_gettable_ctx_params(k), 4); print_param_types("settable operation parameters", - EVP_KDF_settable_ctx_params(k), 4); + EVP_KDF_settable_ctx_params(k), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -368,13 +368,13 @@ */ DEFINE_STACK_OF(EVP_RAND) -static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b) +static int rand_cmp(const EVP_RAND *const *a, const EVP_RAND *const *b) { int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); if (ret == 0) ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*b))); return ret; } @@ -384,7 +384,7 @@ STACK_OF(EVP_RAND) *rand_stack = stack; if (is_rand_fetchable(rand) - && sk_EVP_RAND_push(rand_stack, rand) > 0) + && sk_EVP_RAND_push(rand_stack, rand) > 0) EVP_RAND_up_ref(rand); } @@ -408,7 +408,7 @@ continue; BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m)); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(m))); + OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(m))); if (verbose) { const char *desc = EVP_RAND_get0_description(m); @@ -416,11 +416,11 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("retrievable algorithm parameters", - EVP_RAND_gettable_params(m), 4); + EVP_RAND_gettable_params(m), 4); print_param_types("retrievable operation parameters", - EVP_RAND_gettable_ctx_params(m), 4); + EVP_RAND_gettable_ctx_params(m), 4); print_param_types("settable operation parameters", - EVP_RAND_settable_ctx_params(m), 4); + EVP_RAND_settable_ctx_params(m), 4); } } sk_EVP_RAND_pop_free(rands, EVP_RAND_free); @@ -441,7 +441,7 @@ BIO_printf(bio_out, " %s", EVP_RAND_get0_name(rand)); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(rand))); + OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(rand))); switch (EVP_RAND_get_state(drbg)) { case EVP_RAND_STATE_UNINITIALISED: @@ -467,13 +467,13 @@ continue; /* Outside of verbose mode, we skip non-string values */ if (gettables->data_type != OSSL_PARAM_UTF8_STRING - && gettables->data_type != OSSL_PARAM_UTF8_PTR - && !verbose) + && gettables->data_type != OSSL_PARAM_UTF8_PTR + && !verbose) continue; params->key = gettables->key; params->data_type = gettables->data_type; if (gettables->data_type == OSSL_PARAM_UNSIGNED_INTEGER - || gettables->data_type == OSSL_PARAM_INTEGER) { + || gettables->data_type == OSSL_PARAM_INTEGER) { params->data = &u; params->data_size = sizeof(u); } else { @@ -498,11 +498,11 @@ * Encoders */ DEFINE_STACK_OF(OSSL_ENCODER) -static int encoder_cmp(const OSSL_ENCODER * const *a, - const OSSL_ENCODER * const *b) +static int encoder_cmp(const OSSL_ENCODER *const *a, + const OSSL_ENCODER *const *b) { return strcmp(OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*b))); + OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*b))); } static void collect_encoders(OSSL_ENCODER *encoder, void *stack) @@ -510,7 +510,7 @@ STACK_OF(OSSL_ENCODER) *encoder_stack = stack; if (is_encoder_fetchable(encoder) - && sk_OSSL_ENCODER_push(encoder_stack, encoder) > 0) + && sk_OSSL_ENCODER_push(encoder_stack, encoder) > 0) OSSL_ENCODER_up_ref(encoder); } @@ -526,7 +526,7 @@ } BIO_printf(bio_out, "Provided ENCODERs:\n"); OSSL_ENCODER_do_all_provided(app_get0_libctx(), collect_encoders, - encoders); + encoders); sk_OSSL_ENCODER_sort(encoders); for (i = 0; i < sk_OSSL_ENCODER_num(encoders); i++) { @@ -542,8 +542,8 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s (%s)\n", - OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(k)), - OSSL_ENCODER_get0_properties(k)); + OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(k)), + OSSL_ENCODER_get0_properties(k)); if (verbose) { const char *desc = OSSL_ENCODER_get0_description(k); @@ -551,7 +551,7 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("settable operation parameters", - OSSL_ENCODER_settable_ctx_params(k), 4); + OSSL_ENCODER_settable_ctx_params(k), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -563,11 +563,11 @@ * Decoders */ DEFINE_STACK_OF(OSSL_DECODER) -static int decoder_cmp(const OSSL_DECODER * const *a, - const OSSL_DECODER * const *b) +static int decoder_cmp(const OSSL_DECODER *const *a, + const OSSL_DECODER *const *b) { return strcmp(OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*b))); + OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*b))); } static void collect_decoders(OSSL_DECODER *decoder, void *stack) @@ -575,7 +575,7 @@ STACK_OF(OSSL_DECODER) *decoder_stack = stack; if (is_decoder_fetchable(decoder) - && sk_OSSL_DECODER_push(decoder_stack, decoder) > 0) + && sk_OSSL_DECODER_push(decoder_stack, decoder) > 0) OSSL_DECODER_up_ref(decoder); } @@ -591,7 +591,7 @@ } BIO_printf(bio_out, "Provided DECODERs:\n"); OSSL_DECODER_do_all_provided(app_get0_libctx(), collect_decoders, - decoders); + decoders); sk_OSSL_DECODER_sort(decoders); for (i = 0; i < sk_OSSL_DECODER_num(decoders); i++) { @@ -607,8 +607,8 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s (%s)\n", - OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(k)), - OSSL_DECODER_get0_properties(k)); + OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(k)), + OSSL_DECODER_get0_properties(k)); if (verbose) { const char *desc = OSSL_DECODER_get0_description(k); @@ -616,7 +616,7 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("settable operation parameters", - OSSL_DECODER_settable_ctx_params(k), 4); + OSSL_DECODER_settable_ctx_params(k), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -625,11 +625,11 @@ } DEFINE_STACK_OF(EVP_KEYMGMT) -static int keymanager_cmp(const EVP_KEYMGMT * const *a, - const EVP_KEYMGMT * const *b) +static int keymanager_cmp(const EVP_KEYMGMT *const *a, + const EVP_KEYMGMT *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*b))); } static void collect_keymanagers(EVP_KEYMGMT *km, void *stack) @@ -637,7 +637,7 @@ STACK_OF(EVP_KEYMGMT) *km_stack = stack; if (is_keymgmt_fetchable(km) - && sk_EVP_KEYMGMT_push(km_stack, km) > 0) + && sk_EVP_KEYMGMT_push(km_stack, km) > 0) EVP_KEYMGMT_up_ref(km); } @@ -647,7 +647,7 @@ STACK_OF(EVP_KEYMGMT) *km_stack = sk_EVP_KEYMGMT_new(keymanager_cmp); EVP_KEYMGMT_do_all_provided(app_get0_libctx(), collect_keymanagers, - km_stack); + km_stack); sk_EVP_KEYMGMT_sort(km_stack); for (i = 0; i < sk_EVP_KEYMGMT_num(km_stack); i++) { @@ -671,15 +671,15 @@ BIO_printf(bio_out, " IDs: "); print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(k))); + OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(k))); if (verbose) { print_param_types("settable key generation parameters", - EVP_KEYMGMT_gen_settable_params(k), 4); + EVP_KEYMGMT_gen_settable_params(k), 4); print_param_types("settable operation parameters", - EVP_KEYMGMT_settable_params(k), 4); + EVP_KEYMGMT_settable_params(k), 4); print_param_types("retrievable operation parameters", - EVP_KEYMGMT_gettable_params(k), 4); + EVP_KEYMGMT_gettable_params(k), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -688,11 +688,11 @@ } DEFINE_STACK_OF(EVP_SIGNATURE) -static int signature_cmp(const EVP_SIGNATURE * const *a, - const EVP_SIGNATURE * const *b) +static int signature_cmp(const EVP_SIGNATURE *const *a, + const EVP_SIGNATURE *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b))); } static void collect_signatures(EVP_SIGNATURE *sig, void *stack) @@ -700,7 +700,7 @@ STACK_OF(EVP_SIGNATURE) *sig_stack = stack; if (is_signature_fetchable(sig) - && sk_EVP_SIGNATURE_push(sig_stack, sig) > 0) + && sk_EVP_SIGNATURE_push(sig_stack, sig) > 0) EVP_SIGNATURE_up_ref(sig); } @@ -710,7 +710,7 @@ STACK_OF(EVP_SIGNATURE) *sig_stack = sk_EVP_SIGNATURE_new(signature_cmp); EVP_SIGNATURE_do_all_provided(app_get0_libctx(), collect_signatures, - sig_stack); + sig_stack); sk_EVP_SIGNATURE_sort(sig_stack); for (i = 0; i < sk_EVP_SIGNATURE_num(sig_stack); i++) { @@ -727,7 +727,7 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(k))); + OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(k))); if (verbose) { const char *desc = EVP_SIGNATURE_get0_description(k); @@ -735,9 +735,9 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("settable operation parameters", - EVP_SIGNATURE_settable_ctx_params(k), 4); + EVP_SIGNATURE_settable_ctx_params(k), 4); print_param_types("retrievable operation parameters", - EVP_SIGNATURE_gettable_ctx_params(k), 4); + EVP_SIGNATURE_gettable_ctx_params(k), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -748,11 +748,11 @@ } DEFINE_STACK_OF(EVP_KEM) -static int kem_cmp(const EVP_KEM * const *a, - const EVP_KEM * const *b) +static int kem_cmp(const EVP_KEM *const *a, + const EVP_KEM *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b))); } static void collect_kem(EVP_KEM *kem, void *stack) @@ -760,7 +760,7 @@ STACK_OF(EVP_KEM) *kem_stack = stack; if (is_kem_fetchable(kem) - && sk_EVP_KEM_push(kem_stack, kem) > 0) + && sk_EVP_KEM_push(kem_stack, kem) > 0) EVP_KEM_up_ref(kem); } @@ -786,7 +786,7 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(k))); + OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(k))); if (verbose) { const char *desc = EVP_KEM_get0_description(k); @@ -794,9 +794,9 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("settable operation parameters", - EVP_KEM_settable_ctx_params(k), 4); + EVP_KEM_settable_ctx_params(k), 4); print_param_types("retrievable operation parameters", - EVP_KEM_gettable_ctx_params(k), 4); + EVP_KEM_gettable_ctx_params(k), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -807,11 +807,11 @@ } DEFINE_STACK_OF(EVP_ASYM_CIPHER) -static int asymcipher_cmp(const EVP_ASYM_CIPHER * const *a, - const EVP_ASYM_CIPHER * const *b) +static int asymcipher_cmp(const EVP_ASYM_CIPHER *const *a, + const EVP_ASYM_CIPHER *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*b))); } static void collect_asymciph(EVP_ASYM_CIPHER *asym_cipher, void *stack) @@ -819,18 +819,17 @@ STACK_OF(EVP_ASYM_CIPHER) *asym_cipher_stack = stack; if (is_asym_cipher_fetchable(asym_cipher) - && sk_EVP_ASYM_CIPHER_push(asym_cipher_stack, asym_cipher) > 0) + && sk_EVP_ASYM_CIPHER_push(asym_cipher_stack, asym_cipher) > 0) EVP_ASYM_CIPHER_up_ref(asym_cipher); } static void list_asymciphers(void) { int i, count = 0; - STACK_OF(EVP_ASYM_CIPHER) *asymciph_stack = - sk_EVP_ASYM_CIPHER_new(asymcipher_cmp); + STACK_OF(EVP_ASYM_CIPHER) *asymciph_stack = sk_EVP_ASYM_CIPHER_new(asymcipher_cmp); EVP_ASYM_CIPHER_do_all_provided(app_get0_libctx(), collect_asymciph, - asymciph_stack); + asymciph_stack); sk_EVP_ASYM_CIPHER_sort(asymciph_stack); for (i = 0; i < sk_EVP_ASYM_CIPHER_num(asymciph_stack); i++) { @@ -842,13 +841,13 @@ names = sk_OPENSSL_CSTRING_new(name_cmp); if (names != NULL - && EVP_ASYM_CIPHER_names_do_all(k, collect_names, names)) { + && EVP_ASYM_CIPHER_names_do_all(k, collect_names, names)) { count++; BIO_printf(bio_out, " "); print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(k))); + OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(k))); if (verbose) { const char *desc = EVP_ASYM_CIPHER_get0_description(k); @@ -856,9 +855,9 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("settable operation parameters", - EVP_ASYM_CIPHER_settable_ctx_params(k), 4); + EVP_ASYM_CIPHER_settable_ctx_params(k), 4); print_param_types("retrievable operation parameters", - EVP_ASYM_CIPHER_gettable_ctx_params(k), 4); + EVP_ASYM_CIPHER_gettable_ctx_params(k), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -869,11 +868,11 @@ } DEFINE_STACK_OF(EVP_KEYEXCH) -static int kex_cmp(const EVP_KEYEXCH * const *a, - const EVP_KEYEXCH * const *b) +static int kex_cmp(const EVP_KEYEXCH *const *a, + const EVP_KEYEXCH *const *b) { return strcmp(OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*b))); + OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*b))); } static void collect_kex(EVP_KEYEXCH *kex, void *stack) @@ -881,7 +880,7 @@ STACK_OF(EVP_KEYEXCH) *kex_stack = stack; if (is_keyexch_fetchable(kex) - && sk_EVP_KEYEXCH_push(kex_stack, kex) > 0) + && sk_EVP_KEYEXCH_push(kex_stack, kex) > 0) EVP_KEYEXCH_up_ref(kex); } @@ -907,7 +906,7 @@ print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(k))); + OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(k))); if (verbose) { const char *desc = EVP_KEYEXCH_get0_description(k); @@ -915,9 +914,9 @@ if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); print_param_types("settable operation parameters", - EVP_KEYEXCH_settable_ctx_params(k), 4); + EVP_KEYEXCH_settable_ctx_params(k), 4); print_param_types("retrievable operation parameters", - EVP_KEYEXCH_gettable_ctx_params(k), 4); + EVP_KEYEXCH_gettable_ctx_params(k), 4); } } sk_OPENSSL_CSTRING_free(names); @@ -956,18 +955,18 @@ continue; } if (n < 0) - break; /* Error */ + break; /* Error */ if (n > oid_size) { oid_buf = OPENSSL_realloc(oid_buf, n + 1); if (oid_buf == NULL) { BIO_printf(bio_err, "ERROR: Memory allocation\n"); - break; /* Error */ + break; /* Error */ } oid_size = n + 1; } if (OBJ_obj2txt(oid_buf, oid_size, obj, 1) < 0) - break; /* Error */ + break; /* Error */ if (ln == NULL || strcmp(sn, ln) == 0) BIO_printf(bio_out, "%s = %s\n", sn, oid_buf); else @@ -987,23 +986,23 @@ break; if (fp->name == NULL) { BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", - command); + command); return; } if ((o = fp->help) == NULL) return; - for ( ; o->name != NULL; o++) { + for (; o->name != NULL; o++) { char c = o->valtype; if (o->name == OPT_PARAM_STR) break; if (o->name == OPT_HELP_STR - || o->name == OPT_MORE_STR - || o->name == OPT_SECTION_STR - || o->name[0] == '\0') + || o->name == OPT_MORE_STR + || o->name == OPT_SECTION_STR + || o->name[0] == '\0') continue; BIO_printf(bio_out, "%s %c\n", o->name, c == '\0' ? '-' : c); } @@ -1096,16 +1095,15 @@ const char *pinfo, *pem_str; ameth = EVP_PKEY_asn1_get0(i); EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, - &pinfo, &pem_str, ameth); + &pinfo, &pem_str, ameth); if (pkey_flags & ASN1_PKEY_ALIAS) { BIO_printf(bio_out, " Name: %s\n", OBJ_nid2ln(pkey_id)); BIO_printf(bio_out, "\tAlias for: %s\n", - OBJ_nid2ln(pkey_base_id)); + OBJ_nid2ln(pkey_base_id)); } else { BIO_printf(bio_out, " Name: %s\n", pinfo); BIO_printf(bio_out, "\tType: %s Algorithm\n", - pkey_flags & ASN1_PKEY_DYNAMIC ? - "External" : "Builtin"); + pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); if (pem_str == NULL) pem_str = "(none)"; @@ -1134,7 +1132,7 @@ EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth); BIO_printf(bio_out, " %s\n", OBJ_nid2ln(pkey_id)); BIO_printf(bio_out, "\tType: %s Algorithm\n", - pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); + pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); } } #endif @@ -1150,11 +1148,11 @@ } DEFINE_STACK_OF(OSSL_STORE_LOADER) -static int store_cmp(const OSSL_STORE_LOADER * const *a, - const OSSL_STORE_LOADER * const *b) +static int store_cmp(const OSSL_STORE_LOADER *const *a, + const OSSL_STORE_LOADER *const *b) { return strcmp(OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*b))); + OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*b))); } static void collect_store_loaders(OSSL_STORE_LOADER *store, void *stack) @@ -1176,7 +1174,7 @@ } BIO_printf(bio_out, "Provided STORE LOADERs:\n"); OSSL_STORE_LOADER_do_all_provided(app_get0_libctx(), collect_store_loaders, - stores); + stores); sk_OSSL_STORE_LOADER_sort(stores); for (i = 0; i < sk_OSSL_STORE_LOADER_num(stores); i++) { const OSSL_STORE_LOADER *m = sk_OSSL_STORE_LOADER_value(stores, i); @@ -1186,13 +1184,12 @@ continue; names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && OSSL_STORE_LOADER_names_do_all(m, collect_names, - names)) { + if (names != NULL && OSSL_STORE_LOADER_names_do_all(m, collect_names, names)) { BIO_printf(bio_out, " "); print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(m))); + OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(m))); } sk_OPENSSL_CSTRING_free(names); } @@ -1200,8 +1197,8 @@ } DEFINE_STACK_OF(OSSL_PROVIDER) -static int provider_cmp(const OSSL_PROVIDER * const *a, - const OSSL_PROVIDER * const *b) +static int provider_cmp(const OSSL_PROVIDER *const *a, + const OSSL_PROVIDER *const *b) { return strcmp(OSSL_PROVIDER_get0_name(*a), OSSL_PROVIDER_get0_name(*b)); } @@ -1245,18 +1242,18 @@ /* Query the "known" information parameters, the order matches below */ params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME, - &name, 0); + &name, 0); params[1] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION, - &version, 0); + &version, 0); params[2] = OSSL_PARAM_construct_int(OSSL_PROV_PARAM_STATUS, &status); params[3] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_BUILDINFO, - &buildinfo, 0); + &buildinfo, 0); params[4] = OSSL_PARAM_construct_end(); OSSL_PARAM_set_all_unmodified(params); if (!OSSL_PROVIDER_get_params(prov, params)) { BIO_printf(bio_err, - "WARNING: Unable to query provider parameters for %s\n", - provname); + "WARNING: Unable to query provider parameters for %s\n", + provname); } else { /* Print out the provider information, the params order matches above */ if (OSSL_PARAM_modified(params)) @@ -1269,7 +1266,7 @@ if (OSSL_PARAM_modified(params + 3)) BIO_printf(bio_out, " build info: %s\n", buildinfo); print_param_types("gettable provider parameters", - OSSL_PROVIDER_gettable_params(prov), 4); + OSSL_PROVIDER_gettable_params(prov), 4); } } } @@ -1279,7 +1276,7 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 static void list_engines(void) { -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE ENGINE *e; BIO_puts(bio_out, "Engines:\n"); @@ -1288,9 +1285,9 @@ BIO_printf(bio_out, "%s\n", ENGINE_get_id(e)); e = ENGINE_get_next(e); } -# else +#else BIO_puts(bio_out, "Engine support is disabled.\n"); -# endif +#endif } #endif @@ -1440,17 +1437,34 @@ /* Unified enum for help and list commands. */ typedef enum HELPLIST_CHOICE { OPT_COMMON, - OPT_ONE, OPT_VERBOSE, - OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS, - OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, - OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, - OPT_KDF_ALGORITHMS, OPT_RANDOM_INSTANCES, OPT_RANDOM_GENERATORS, - OPT_ENCODERS, OPT_DECODERS, OPT_KEYMANAGERS, OPT_KEYEXCHANGE_ALGORITHMS, - OPT_KEM_ALGORITHMS, OPT_SIGNATURE_ALGORITHMS, OPT_ASYM_CIPHER_ALGORITHMS, - OPT_STORE_LOADERS, OPT_PROVIDER_INFO, - OPT_OBJECTS, OPT_SELECT_NAME, + OPT_ONE, + OPT_VERBOSE, + OPT_COMMANDS, + OPT_DIGEST_COMMANDS, + OPT_MAC_ALGORITHMS, + OPT_OPTIONS, + OPT_DIGEST_ALGORITHMS, + OPT_CIPHER_COMMANDS, + OPT_CIPHER_ALGORITHMS, + OPT_PK_ALGORITHMS, + OPT_PK_METHOD, + OPT_DISABLED, + OPT_KDF_ALGORITHMS, + OPT_RANDOM_INSTANCES, + OPT_RANDOM_GENERATORS, + OPT_ENCODERS, + OPT_DECODERS, + OPT_KEYMANAGERS, + OPT_KEYEXCHANGE_ALGORITHMS, + OPT_KEM_ALGORITHMS, + OPT_SIGNATURE_ALGORITHMS, + OPT_ASYM_CIPHER_ALGORITHMS, + OPT_STORE_LOADERS, + OPT_PROVIDER_INFO, + OPT_OBJECTS, + OPT_SELECT_NAME, #ifndef OPENSSL_NO_DEPRECATED_3_0 - OPT_ENGINES, + OPT_ENGINES, #endif OPT_PROV_ENUM } HELPLIST_CHOICE; @@ -1458,65 +1472,65 @@ const OPTIONS list_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Output"), - {"1", OPT_ONE, '-', "List in one column"}, - {"verbose", OPT_VERBOSE, '-', "Verbose listing"}, - {"select", OPT_SELECT_NAME, 's', "Select a single algorithm"}, - {"commands", OPT_COMMANDS, '-', "List of standard commands"}, - {"standard-commands", OPT_COMMANDS, '-', "List of standard commands"}, + { "1", OPT_ONE, '-', "List in one column" }, + { "verbose", OPT_VERBOSE, '-', "Verbose listing" }, + { "select", OPT_SELECT_NAME, 's', "Select a single algorithm" }, + { "commands", OPT_COMMANDS, '-', "List of standard commands" }, + { "standard-commands", OPT_COMMANDS, '-', "List of standard commands" }, #ifndef OPENSSL_NO_DEPRECATED_3_0 - {"digest-commands", OPT_DIGEST_COMMANDS, '-', - "List of message digest commands (deprecated)"}, + { "digest-commands", OPT_DIGEST_COMMANDS, '-', + "List of message digest commands (deprecated)" }, #endif - {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-', - "List of message digest algorithms"}, - {"kdf-algorithms", OPT_KDF_ALGORITHMS, '-', - "List of key derivation and pseudo random function algorithms"}, - {"random-instances", OPT_RANDOM_INSTANCES, '-', - "List the primary, public and private random number generator details"}, - {"random-generators", OPT_RANDOM_GENERATORS, '-', - "List of random number generators"}, - {"mac-algorithms", OPT_MAC_ALGORITHMS, '-', - "List of message authentication code algorithms"}, + { "digest-algorithms", OPT_DIGEST_ALGORITHMS, '-', + "List of message digest algorithms" }, + { "kdf-algorithms", OPT_KDF_ALGORITHMS, '-', + "List of key derivation and pseudo random function algorithms" }, + { "random-instances", OPT_RANDOM_INSTANCES, '-', + "List the primary, public and private random number generator details" }, + { "random-generators", OPT_RANDOM_GENERATORS, '-', + "List of random number generators" }, + { "mac-algorithms", OPT_MAC_ALGORITHMS, '-', + "List of message authentication code algorithms" }, #ifndef OPENSSL_NO_DEPRECATED_3_0 - {"cipher-commands", OPT_CIPHER_COMMANDS, '-', - "List of cipher commands (deprecated)"}, + { "cipher-commands", OPT_CIPHER_COMMANDS, '-', + "List of cipher commands (deprecated)" }, #endif - {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-', - "List of symmetric cipher algorithms"}, - {"encoders", OPT_ENCODERS, '-', "List of encoding methods" }, - {"decoders", OPT_DECODERS, '-', "List of decoding methods" }, - {"key-managers", OPT_KEYMANAGERS, '-', "List of key managers" }, - {"key-exchange-algorithms", OPT_KEYEXCHANGE_ALGORITHMS, '-', - "List of key exchange algorithms" }, - {"kem-algorithms", OPT_KEM_ALGORITHMS, '-', - "List of key encapsulation mechanism algorithms" }, - {"signature-algorithms", OPT_SIGNATURE_ALGORITHMS, '-', - "List of signature algorithms" }, - {"asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-', - "List of asymmetric cipher algorithms" }, - {"public-key-algorithms", OPT_PK_ALGORITHMS, '-', - "List of public key algorithms"}, - {"public-key-methods", OPT_PK_METHOD, '-', - "List of public key methods"}, - {"store-loaders", OPT_STORE_LOADERS, '-', - "List of store loaders"}, - {"providers", OPT_PROVIDER_INFO, '-', - "List of provider information"}, + { "cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-', + "List of symmetric cipher algorithms" }, + { "encoders", OPT_ENCODERS, '-', "List of encoding methods" }, + { "decoders", OPT_DECODERS, '-', "List of decoding methods" }, + { "key-managers", OPT_KEYMANAGERS, '-', "List of key managers" }, + { "key-exchange-algorithms", OPT_KEYEXCHANGE_ALGORITHMS, '-', + "List of key exchange algorithms" }, + { "kem-algorithms", OPT_KEM_ALGORITHMS, '-', + "List of key encapsulation mechanism algorithms" }, + { "signature-algorithms", OPT_SIGNATURE_ALGORITHMS, '-', + "List of signature algorithms" }, + { "asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-', + "List of asymmetric cipher algorithms" }, + { "public-key-algorithms", OPT_PK_ALGORITHMS, '-', + "List of public key algorithms" }, + { "public-key-methods", OPT_PK_METHOD, '-', + "List of public key methods" }, + { "store-loaders", OPT_STORE_LOADERS, '-', + "List of store loaders" }, + { "providers", OPT_PROVIDER_INFO, '-', + "List of provider information" }, #ifndef OPENSSL_NO_DEPRECATED_3_0 - {"engines", OPT_ENGINES, '-', - "List of loaded engines"}, + { "engines", OPT_ENGINES, '-', + "List of loaded engines" }, #endif - {"disabled", OPT_DISABLED, '-', "List of disabled features"}, - {"options", OPT_OPTIONS, 's', - "List options for specified command"}, - {"objects", OPT_OBJECTS, '-', - "List built in objects (OID<->name mappings)"}, + { "disabled", OPT_DISABLED, '-', "List of disabled features" }, + { "options", OPT_OPTIONS, 's', + "List options for specified command" }, + { "objects", OPT_OBJECTS, '-', + "List built in objects (OID<->name mappings)" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int list_main(int argc, char **argv) @@ -1525,42 +1539,44 @@ HELPLIST_CHOICE o; int one = 0, done = 0; struct { - unsigned int commands:1; - unsigned int random_instances:1; - unsigned int random_generators:1; - unsigned int digest_commands:1; - unsigned int digest_algorithms:1; - unsigned int kdf_algorithms:1; - unsigned int mac_algorithms:1; - unsigned int cipher_commands:1; - unsigned int cipher_algorithms:1; - unsigned int encoder_algorithms:1; - unsigned int decoder_algorithms:1; - unsigned int keymanager_algorithms:1; - unsigned int signature_algorithms:1; - unsigned int keyexchange_algorithms:1; - unsigned int kem_algorithms:1; - unsigned int asym_cipher_algorithms:1; - unsigned int pk_algorithms:1; - unsigned int pk_method:1; - unsigned int store_loaders:1; - unsigned int provider_info:1; + unsigned int commands : 1; + unsigned int random_instances : 1; + unsigned int random_generators : 1; + unsigned int digest_commands : 1; + unsigned int digest_algorithms : 1; + unsigned int kdf_algorithms : 1; + unsigned int mac_algorithms : 1; + unsigned int cipher_commands : 1; + unsigned int cipher_algorithms : 1; + unsigned int encoder_algorithms : 1; + unsigned int decoder_algorithms : 1; + unsigned int keymanager_algorithms : 1; + unsigned int signature_algorithms : 1; + unsigned int keyexchange_algorithms : 1; + unsigned int kem_algorithms : 1; + unsigned int asym_cipher_algorithms : 1; + unsigned int pk_algorithms : 1; + unsigned int pk_method : 1; + unsigned int store_loaders : 1; + unsigned int provider_info : 1; #ifndef OPENSSL_NO_DEPRECATED_3_0 - unsigned int engines:1; + unsigned int engines : 1; #endif - unsigned int disabled:1; - unsigned int objects:1; - unsigned int options:1; - } todo = { 0, }; + unsigned int disabled : 1; + unsigned int objects : 1; + unsigned int options : 1; + } todo = { + 0, + }; - verbose = 0; /* Clear a possible previous call */ + verbose = 0; /* Clear a possible previous call */ prog = opt_init(argc, argv, list_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { - case OPT_EOF: /* Never hit, but suppresses warning */ + case OPT_EOF: /* Never hit, but suppresses warning */ case OPT_ERR: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); return 1; case OPT_HELP: --- crypto/openssl/apps/mac.c.orig +++ crypto/openssl/apps/mac.c @@ -18,42 +18,46 @@ #include #undef BUFSIZE -#define BUFSIZE 1024*8 +#define BUFSIZE 1024 * 8 typedef enum OPTION_choice { OPT_COMMON, - OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT, - OPT_CIPHER, OPT_DIGEST, + OPT_MACOPT, + OPT_BIN, + OPT_IN, + OPT_OUT, + OPT_CIPHER, + OPT_DIGEST, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS mac_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] mac_name\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] mac_name\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form"}, - {"cipher", OPT_CIPHER, 's', "Cipher"}, - {"digest", OPT_DIGEST, 's', "Digest"}, - {OPT_MORE_STR, 1, '-', "See 'PARAMETER NAMES' in the EVP_MAC_ docs"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form" }, + { "cipher", OPT_CIPHER, 's', "Cipher" }, + { "digest", OPT_DIGEST, 's', "Digest" }, + { OPT_MORE_STR, 1, '-', "See 'PARAMETER NAMES' in the EVP_MAC_ docs" }, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file to MAC (default is stdin)"}, + { "in", OPT_IN, '<', "Input file to MAC (default is stdin)" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"binary", OPT_BIN, '-', - "Output in binary format (default is hexadecimal)"}, + { "out", OPT_OUT, '>', "Output to filename rather than stdout" }, + { "binary", OPT_BIN, '-', + "Output in binary format (default is hexadecimal)" }, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"mac_name", 0, 0, "MAC algorithm"}, - {NULL} + { "mac_name", 0, 0, "MAC algorithm" }, + { NULL } }; static char *alloc_mac_algorithm_name(STACK_OF(OPENSSL_STRING) **optp, - const char *name, const char *arg) + const char *name, const char *arg) { size_t len = strlen(name) + strlen(arg) + 2; char *res; @@ -95,7 +99,7 @@ while ((o = opt_next()) != OPT_EOF) { switch (o) { default: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto err; case OPT_HELP: @@ -156,7 +160,7 @@ int ok = 1; params = app_params_new_from_opts(opts, - EVP_MAC_settable_ctx_params(mac)); + EVP_MAC_settable_ctx_params(mac)); if (params == NULL) goto err; @@ -218,7 +222,7 @@ for (i = 0; i < (int)len; ++i) BIO_printf(out, "%02X", buf[i]); if (outfile == NULL) - BIO_printf(out,"\n"); + BIO_printf(out, "\n"); } ret = 0; --- crypto/openssl/apps/nseq.c.orig +++ crypto/openssl/apps/nseq.c @@ -16,23 +16,25 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_TOSEQ, OPT_IN, OPT_OUT, + OPT_TOSEQ, + OPT_IN, + OPT_OUT, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS nseq_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, + { "in", OPT_IN, '<', "Input file" }, OPT_SECTION("Output"), - {"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"}, - {"out", OPT_OUT, '>', "Output file"}, + { "toseq", OPT_TOSEQ, '-', "Output NS Sequence file" }, + { "out", OPT_OUT, '>', "Output file" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int nseq_main(int argc, char **argv) @@ -49,7 +51,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -98,7 +100,7 @@ if (!sk_X509_num(seq->certs)) { BIO_printf(bio_err, "%s: Error reading certs file %s\n", - prog, infile); + prog, infile); ERR_print_errors(bio_err); goto end; } @@ -110,7 +112,7 @@ seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL); if (seq == NULL) { BIO_printf(bio_err, "%s: Error reading sequence file %s\n", - prog, infile); + prog, infile); ERR_print_errors(bio_err); goto end; } @@ -121,7 +123,7 @@ PEM_write_bio_X509(out, x509); } ret = 0; - end: +end: BIO_free(in); BIO_free_all(out); NETSCAPE_CERT_SEQUENCE_free(seq); --- crypto/openssl/apps/ocsp.c.orig +++ crypto/openssl/apps/ocsp.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,8 +10,8 @@ #include #ifdef OPENSSL_SYS_VMS - /* So fd_set and friends get properly defined on OpenVMS */ -# define _XOPEN_SOURCE_EXTENDED 1 +/* So fd_set and friends get properly defined on OpenVMS */ +#define _XOPEN_SOURCE_EXTENDED 1 #endif #include @@ -34,9 +34,9 @@ #include #if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif #endif #if defined(OPENSSL_SYS_VXWORKS) @@ -50,33 +50,33 @@ pid_t fork(void) { errno = ENOSYS; - return (pid_t) -1; + return (pid_t)-1; } #endif /* Maximum leeway in validity period: default 5 minutes */ -#define MAX_VALIDITY_PERIOD (5 * 60) +#define MAX_VALIDITY_PERIOD (5 * 60) static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, - const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids); + const EVP_MD *cert_id_md, X509 *issuer, + STACK_OF(OCSP_CERTID) *ids); static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, - const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids); + const EVP_MD *cert_id_md, X509 *issuer, + STACK_OF(OCSP_CERTID) *ids); static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, - STACK_OF(OPENSSL_STRING) *names, - STACK_OF(OCSP_CERTID) *ids, long nsec, - long maxage); + STACK_OF(OPENSSL_STRING) *names, + STACK_OF(OCSP_CERTID) *ids, long nsec, + long maxage); static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req, - CA_DB *db, STACK_OF(X509) *ca, X509 *rcert, - EVP_PKEY *rkey, const EVP_MD *md, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays, int badsig, - const EVP_MD *resp_md); + CA_DB *db, STACK_OF(X509) *ca, X509 *rcert, + EVP_PKEY *rkey, const EVP_MD *md, + STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(X509) *rother, unsigned long flags, + int nmin, int ndays, int badsig, + const EVP_MD *resp_md); static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port, int timeout); + const char *port, int timeout); static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp); static char *prog; @@ -86,129 +86,173 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT, + OPT_OUTFILE, + OPT_TIMEOUT, + OPT_URL, + OPT_HOST, + OPT_PORT, #ifndef OPENSSL_NO_SOCK - OPT_PROXY, OPT_NO_PROXY, + OPT_PROXY, + OPT_NO_PROXY, #endif - OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE, - OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS, - OPT_NO_SIGNATURE_VERIFY, OPT_NO_CERT_VERIFY, OPT_NO_CHAIN, - OPT_NO_CERT_CHECKS, OPT_NO_EXPLICIT, OPT_TRUST_OTHER, - OPT_NO_INTERN, OPT_BADSIG, OPT_TEXT, OPT_REQ_TEXT, OPT_RESP_TEXT, - OPT_REQIN, OPT_RESPIN, OPT_SIGNER, OPT_VAFILE, OPT_SIGN_OTHER, - OPT_VERIFY_OTHER, OPT_CAFILE, OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE, - OPT_NOCAPATH, OPT_NOCASTORE, - OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT, - OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL, - OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER, - OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER, + OPT_IGNORE_ERR, + OPT_NOVERIFY, + OPT_NONCE, + OPT_NO_NONCE, + OPT_RESP_NO_CERTS, + OPT_RESP_KEY_ID, + OPT_NO_CERTS, + OPT_NO_SIGNATURE_VERIFY, + OPT_NO_CERT_VERIFY, + OPT_NO_CHAIN, + OPT_NO_CERT_CHECKS, + OPT_NO_EXPLICIT, + OPT_TRUST_OTHER, + OPT_NO_INTERN, + OPT_BADSIG, + OPT_TEXT, + OPT_REQ_TEXT, + OPT_RESP_TEXT, + OPT_REQIN, + OPT_RESPIN, + OPT_SIGNER, + OPT_VAFILE, + OPT_SIGN_OTHER, + OPT_VERIFY_OTHER, + OPT_CAFILE, + OPT_CAPATH, + OPT_CASTORE, + OPT_NOCAFILE, + OPT_NOCAPATH, + OPT_NOCASTORE, + OPT_VALIDITY_PERIOD, + OPT_STATUS_AGE, + OPT_SIGNKEY, + OPT_REQOUT, + OPT_RESPOUT, + OPT_PATH, + OPT_ISSUER, + OPT_CERT, + OPT_SERIAL, + OPT_INDEX, + OPT_CA, + OPT_NMIN, + OPT_REQUEST, + OPT_NDAYS, + OPT_RSIGNER, + OPT_RKEY, + OPT_ROTHER, + OPT_RMD, + OPT_RSIGOPT, + OPT_HEADER, OPT_PASSIN, OPT_RCID, OPT_V_ENUM, OPT_MD, - OPT_MULTI, OPT_PROV_ENUM + OPT_MULTI, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS ocsp_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"ignore_err", OPT_IGNORE_ERR, '-', - "Ignore error on OCSP request or response and continue running"}, - {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, - {"CApath", OPT_CAPATH, '<', "Trusted certificates directory"}, - {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "ignore_err", OPT_IGNORE_ERR, '-', + "Ignore error on OCSP request or response and continue running" }, + { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" }, + { "CApath", OPT_CAPATH, '<', "Trusted certificates directory" }, + { "CAstore", OPT_CASTORE, ':', "Trusted certificates store URI" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store" }, OPT_SECTION("Responder"), - {"timeout", OPT_TIMEOUT, 'p', - "Connection timeout (in seconds) to the OCSP responder"}, - {"resp_no_certs", OPT_RESP_NO_CERTS, '-', - "Don't include any certificates in response"}, + { "timeout", OPT_TIMEOUT, 'p', + "Connection timeout (in seconds) to the OCSP responder" }, + { "resp_no_certs", OPT_RESP_NO_CERTS, '-', + "Don't include any certificates in response" }, #ifdef HTTP_DAEMON - {"multi", OPT_MULTI, 'p', "run multiple responder processes"}, + { "multi", OPT_MULTI, 'p', "run multiple responder processes" }, #endif - {"no_certs", OPT_NO_CERTS, '-', - "Don't include any certificates in signed request"}, - {"badsig", OPT_BADSIG, '-', - "Corrupt last byte of loaded OCSP response signature (for test)"}, - {"CA", OPT_CA, '<', "CA certificate"}, - {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"}, - {"nrequest", OPT_REQUEST, 'p', - "Number of requests to accept (default unlimited)"}, - {"reqin", OPT_REQIN, 's', "File with the DER-encoded request"}, - {"signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with"}, - {"sign_other", OPT_SIGN_OTHER, '<', - "Additional certificates to include in signed request"}, - {"index", OPT_INDEX, '<', "Certificate status index file"}, - {"ndays", OPT_NDAYS, 'p', "Number of days before next update"}, - {"rsigner", OPT_RSIGNER, '<', - "Responder certificate to sign responses with"}, - {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"}, - {"passin", OPT_PASSIN, 's', "Responder key pass phrase source"}, - {"rother", OPT_ROTHER, '<', "Other certificates to include in response"}, - {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"}, - {"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"}, - {"header", OPT_HEADER, 's', "key=value header to add"}, - {"rcid", OPT_RCID, 's', "Use specified algorithm for cert id in response"}, - {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"}, + { "no_certs", OPT_NO_CERTS, '-', + "Don't include any certificates in signed request" }, + { "badsig", OPT_BADSIG, '-', + "Corrupt last byte of loaded OCSP response signature (for test)" }, + { "CA", OPT_CA, '<', "CA certificate" }, + { "nmin", OPT_NMIN, 'p', "Number of minutes before next update" }, + { "nrequest", OPT_REQUEST, 'p', + "Number of requests to accept (default unlimited)" }, + { "reqin", OPT_REQIN, 's', "File with the DER-encoded request" }, + { "signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with" }, + { "sign_other", OPT_SIGN_OTHER, '<', + "Additional certificates to include in signed request" }, + { "index", OPT_INDEX, '<', "Certificate status index file" }, + { "ndays", OPT_NDAYS, 'p', "Number of days before next update" }, + { "rsigner", OPT_RSIGNER, '<', + "Responder certificate to sign responses with" }, + { "rkey", OPT_RKEY, '<', "Responder key to sign responses with" }, + { "passin", OPT_PASSIN, 's', "Responder key pass phrase source" }, + { "rother", OPT_ROTHER, '<', "Other certificates to include in response" }, + { "rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response" }, + { "rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form" }, + { "header", OPT_HEADER, 's', "key=value header to add" }, + { "rcid", OPT_RCID, 's', "Use specified algorithm for cert id in response" }, + { "", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )" }, OPT_SECTION("Client"), - {"url", OPT_URL, 's', "Responder URL"}, - {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"}, - {"port", OPT_PORT, 'N', "Port to run responder on"}, - {"path", OPT_PATH, 's', "Path to use in OCSP request"}, + { "url", OPT_URL, 's', "Responder URL" }, + { "host", OPT_HOST, 's', "TCP/IP hostname:port to connect to" }, + { "port", OPT_PORT, 'N', "Port to run responder on" }, + { "path", OPT_PATH, 's', "Path to use in OCSP request" }, #ifndef OPENSSL_NO_SOCK - {"proxy", OPT_PROXY, 's', - "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"}, - {"no_proxy", OPT_NO_PROXY, 's', - "List of addresses of servers not to use HTTP(S) proxy for"}, - {OPT_MORE_STR, 0, 0, - "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, + { "proxy", OPT_PROXY, 's', + "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored" }, + { "no_proxy", OPT_NO_PROXY, 's', + "List of addresses of servers not to use HTTP(S) proxy for" }, + { OPT_MORE_STR, 0, 0, + "Default from environment variable 'no_proxy', else 'NO_PROXY', else none" }, #endif - {"out", OPT_OUTFILE, '>', "Output filename"}, - {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"}, - {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"}, - {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"}, - {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-', - "Don't check signature on response"}, - {"resp_key_id", OPT_RESP_KEY_ID, '-', - "Identify response by signing certificate key ID"}, - {"no_cert_verify", OPT_NO_CERT_VERIFY, '-', - "Don't check signing certificate"}, - {"text", OPT_TEXT, '-', "Print text form of request and response"}, - {"req_text", OPT_REQ_TEXT, '-', "Print text form of request"}, - {"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"}, - {"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"}, - {"no_cert_checks", OPT_NO_CERT_CHECKS, '-', - "Don't do additional checks on signing certificate"}, - {"no_explicit", OPT_NO_EXPLICIT, '-', - "Do not explicitly check the chain, just verify the root"}, - {"trust_other", OPT_TRUST_OTHER, '-', - "Don't verify additional certificates"}, - {"no_intern", OPT_NO_INTERN, '-', - "Don't search certificates contained in response for signer"}, - {"respin", OPT_RESPIN, 's', "File with the DER-encoded response"}, - {"VAfile", OPT_VAFILE, '<', "Validator certificates file"}, - {"verify_other", OPT_VERIFY_OTHER, '<', - "Additional certificates to search for signer"}, - {"cert", OPT_CERT, '<', "Certificate to check"}, - {"serial", OPT_SERIAL, 's', "Serial number to check"}, - {"validity_period", OPT_VALIDITY_PERIOD, 'u', - "Maximum validity discrepancy in seconds"}, - {"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"}, - {"reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request"}, - {"respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response"}, - {"issuer", OPT_ISSUER, '<', "Issuer certificate"}, - {"status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds"}, + { "out", OPT_OUTFILE, '>', "Output filename" }, + { "noverify", OPT_NOVERIFY, '-', "Don't verify response at all" }, + { "nonce", OPT_NONCE, '-', "Add OCSP nonce to request" }, + { "no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request" }, + { "no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-', + "Don't check signature on response" }, + { "resp_key_id", OPT_RESP_KEY_ID, '-', + "Identify response by signing certificate key ID" }, + { "no_cert_verify", OPT_NO_CERT_VERIFY, '-', + "Don't check signing certificate" }, + { "text", OPT_TEXT, '-', "Print text form of request and response" }, + { "req_text", OPT_REQ_TEXT, '-', "Print text form of request" }, + { "resp_text", OPT_RESP_TEXT, '-', "Print text form of response" }, + { "no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response" }, + { "no_cert_checks", OPT_NO_CERT_CHECKS, '-', + "Don't do additional checks on signing certificate" }, + { "no_explicit", OPT_NO_EXPLICIT, '-', + "Do not explicitly check the chain, just verify the root" }, + { "trust_other", OPT_TRUST_OTHER, '-', + "Don't verify additional certificates" }, + { "no_intern", OPT_NO_INTERN, '-', + "Don't search certificates contained in response for signer" }, + { "respin", OPT_RESPIN, 's', "File with the DER-encoded response" }, + { "VAfile", OPT_VAFILE, '<', "Validator certificates file" }, + { "verify_other", OPT_VERIFY_OTHER, '<', + "Additional certificates to search for signer" }, + { "cert", OPT_CERT, '<', "Certificate to check" }, + { "serial", OPT_SERIAL, 's', "Serial number to check" }, + { "validity_period", OPT_VALIDITY_PERIOD, 'u', + "Maximum validity discrepancy in seconds" }, + { "signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with" }, + { "reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request" }, + { "respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response" }, + { "issuer", OPT_ISSUER, '<', "Issuer certificate" }, + { "status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds" }, OPT_V_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int ocsp_main(int argc, char **argv) @@ -257,8 +301,8 @@ OPTION_CHOICE o; if ((reqnames = sk_OPENSSL_STRING_new_null()) == NULL - || (ids = sk_OCSP_CERTID_new_null()) == NULL - || (vpm = X509_VERIFY_PARAM_new()) == NULL) + || (ids = sk_OCSP_CERTID_new_null()) == NULL + || (vpm = X509_VERIFY_PARAM_new()) == NULL) goto end; prog = opt_init(argc, argv, ocsp_options); @@ -266,7 +310,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -287,8 +331,8 @@ OPENSSL_free(tpath); thost = tport = tpath = NULL; if (!OSSL_HTTP_parse_url(opt_arg(), &use_ssl, NULL /* userinfo */, - &host, &port, NULL /* port_num */, - &path, NULL /* qry */, NULL /* frag */)) { + &host, &port, NULL /* port_num */, + &path, NULL /* qry */, NULL /* frag */)) { BIO_printf(bio_err, "%s Error parsing -url argument\n", prog); goto end; } @@ -486,7 +530,7 @@ case OPT_ROTHER: rcertfile = opt_arg(); break; - case OPT_RMD: /* Response MessageDigest */ + case OPT_RMD: /* Response MessageDigest */ respdigname = opt_arg(); break; case OPT_RSIGOPT: @@ -514,8 +558,8 @@ case OPT_MD: if (trailing_md) { BIO_printf(bio_err, - "%s: Digest must be before -cert or -serial\n", - prog); + "%s: Digest must be before -cert or -serial\n", + prog); goto opthelp; } if (!opt_md(opt_unknown(), &cert_id_md)) @@ -541,7 +585,7 @@ if (trailing_md) { BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n", - prog); + prog); goto opthelp; } @@ -597,7 +641,7 @@ goto end; if (rcertfile != NULL) { if (!load_certs(rcertfile, 0, &rother, NULL, - "responder other certificates")) + "responder other certificates")) goto end; } if (!app_passwd(passinarg, NULL, &passin, NULL)) { @@ -605,7 +649,7 @@ goto end; } rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL, - "responder private key"); + "responder private key"); if (rkey == NULL) goto end; } @@ -613,7 +657,7 @@ if (ridx_filename != NULL && (rkey == NULL || rsigner == NULL || rca_cert == NULL)) { BIO_printf(bio_err, - "Responder mode requires certificate, key, and CA.\n"); + "Responder mode requires certificate, key, and CA.\n"); goto end; } @@ -651,7 +695,7 @@ } else { free_index(newrdb); log_message(prog, LOG_ERR, "error reloading updated index: %s", - ridx_filename); + ridx_filename); } } #endif @@ -663,10 +707,10 @@ if (req == NULL) { if (res == 1) { - resp = - OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, - NULL); - send_ocsp_response(cbio, resp); + resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, + NULL); + if (resp != NULL) + send_ocsp_response(cbio, resp); } goto done_resp; } @@ -694,16 +738,16 @@ } if (sign_certfile != NULL) { if (!load_certs(sign_certfile, 0, &sign_other, NULL, - "signer certificates")) + "signer certificates")) goto end; } key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL, - "signer private key"); + "signer private key"); if (key == NULL) goto end; if (!OCSP_request_sign(req, signer, key, NULL, - sign_other, sign_flags)) { + sign_other, sign_flags)) { BIO_printf(bio_err, "Error signing OCSP request\n"); goto end; } @@ -722,8 +766,8 @@ if (rdb != NULL) { make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey, - rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, - badsig, resp_certid_md); + rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, + badsig, resp_certid_md); if (resp == NULL) goto end; if (cbio != NULL) @@ -731,12 +775,12 @@ } else if (host != NULL) { #ifndef OPENSSL_NO_SOCK resp = process_responder(req, host, port, path, opt_proxy, opt_no_proxy, - use_ssl, headers, req_timeout); + use_ssl, headers, req_timeout); if (resp == NULL) goto end; #else BIO_printf(bio_err, - "Error creating connect BIO - sockets not supported\n"); + "Error creating connect BIO - sockets not supported\n"); goto end; #endif } else if (respin != NULL) { @@ -754,7 +798,7 @@ goto end; } - done_resp: +done_resp: if (respout != NULL) { derbio = bio_open_default(respout, 'w', FORMAT_ASN1); @@ -764,16 +808,18 @@ BIO_free(derbio); } - i = OCSP_response_status(resp); - if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%d)\n", - OCSP_response_status_str(i), i); - if (!ignore_err) + if (resp != NULL) { + i = OCSP_response_status(resp); + if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + BIO_printf(out, "Responder Error: %s (%d)\n", + OCSP_response_status_str(i), i); + if (!ignore_err) goto end; - } + } - if (resp_text) - OCSP_RESPONSE_print(out, resp, 0); + if (resp_text) + OCSP_RESPONSE_print(out, resp, 0); + } /* If running as responder don't verify our own response */ if (cbio != NULL) { @@ -797,7 +843,7 @@ if (store == NULL) { store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore); + CAstore, noCAstore); if (!store) goto end; } @@ -805,7 +851,7 @@ X509_STORE_set1_param(store, vpm); if (verify_certfile != NULL) { if (!load_certs(verify_certfile, 0, &verify_other, NULL, - "validator certificates")) + "validator certificates")) goto end; } @@ -830,7 +876,7 @@ i = OCSP_basic_verify(bs, verify_other, store, verify_flags); if (i <= 0 && issuers) { - i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER); + i = OCSP_basic_verify(bs, issuers, store, verify_flags); if (i > 0) ERR_clear_error(); } @@ -846,7 +892,7 @@ if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage)) ret = 1; - end: +end: ERR_print_errors(bio_err); X509_free(signer); X509_STORE_free(store); @@ -901,8 +947,8 @@ #endif static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, - const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids) + const EVP_MD *cert_id_md, X509 *issuer, + STACK_OF(OCSP_CERTID) *ids) { OCSP_CERTID *id; @@ -921,14 +967,14 @@ goto err; return 1; - err: +err: BIO_printf(bio_err, "Error Creating OCSP request\n"); return 0; } static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, - const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids) + const EVP_MD *cert_id_md, X509 *issuer, + STACK_OF(OCSP_CERTID) *ids) { OCSP_CERTID *id; const X509_NAME *iname; @@ -958,15 +1004,15 @@ goto err; return 1; - err: +err: BIO_printf(bio_err, "Error Creating OCSP request\n"); return 0; } static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, - STACK_OF(OPENSSL_STRING) *names, - STACK_OF(OCSP_CERTID) *ids, long nsec, - long maxage) + STACK_OF(OPENSSL_STRING) *names, + STACK_OF(OCSP_CERTID) *ids, long nsec, + long maxage) { OCSP_CERTID *id; const char *name; @@ -986,7 +1032,7 @@ BIO_printf(out, "%s: ", name); if (!OCSP_resp_find_status(bs, id, &status, &reason, - &rev, &thisupd, &nextupd)) { + &rev, &thisupd, &nextupd)) { BIO_puts(out, "ERROR: No Status found.\n"); ret = 0; continue; @@ -1026,12 +1072,12 @@ } static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req, - CA_DB *db, STACK_OF(X509) *ca, X509 *rcert, - EVP_PKEY *rkey, const EVP_MD *rmd, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays, int badsig, - const EVP_MD *resp_md) + CA_DB *db, STACK_OF(X509) *ca, X509 *rcert, + EVP_PKEY *rkey, const EVP_MD *rmd, + STACK_OF(OPENSSL_STRING) *sigopts, + STACK_OF(X509) *rother, unsigned long flags, + int nmin, int ndays, int badsig, + const EVP_MD *resp_md) { ASN1_TIME *thisupd = NULL, *nextupd = NULL; OCSP_CERTID *cid; @@ -1043,12 +1089,15 @@ id_count = OCSP_request_onereq_count(req); if (id_count <= 0) { - *resp = - OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); goto end; } bs = OCSP_BASICRESP_new(); + if (bs == NULL) { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs); + goto end; + } thisupd = X509_gmtime_adj(NULL, 0); if (ndays != -1) nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL); @@ -1072,13 +1121,19 @@ cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); if (cert_id_md == NULL) { *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, - NULL); + NULL); goto end; } for (jj = 0; jj < sk_X509_num(ca) && !found; jj++) { X509 *ca_cert = sk_X509_value(ca, jj); OCSP_CERTID *ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca_cert); + if (ca_id == NULL) { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, + NULL); + goto end; + } + if (OCSP_id_issuer_cmp(ca_id, cid) == 0) { found = 1; if (resp_md != NULL) @@ -1094,18 +1149,18 @@ if (!found) { OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_UNKNOWN, - 0, NULL, thisupd, nextupd); + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, thisupd, nextupd); continue; } if (inf == NULL) { OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_UNKNOWN, - 0, NULL, thisupd, nextupd); + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, thisupd, nextupd); } else if (inf[DB_type][0] == DB_TYPE_VAL) { OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_GOOD, - 0, NULL, thisupd, nextupd); + V_OCSP_CERTSTATUS_GOOD, + 0, NULL, thisupd, nextupd); } else if (inf[DB_type][0] == DB_TYPE_REV) { ASN1_OBJECT *inst = NULL; ASN1_TIME *revtm = NULL; @@ -1115,20 +1170,20 @@ unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]); single = OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_REVOKED, - reason, revtm, thisupd, nextupd); + V_OCSP_CERTSTATUS_REVOKED, + reason, revtm, thisupd, nextupd); if (single == NULL) { *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, - NULL); + NULL); goto end; } if (invtm != NULL) OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, - invtm, 0, 0); + invtm, 0, 0); else if (inst != NULL) OCSP_SINGLERESP_add1_ext_i2d(single, - NID_hold_instruction_code, inst, - 0, 0); + NID_hold_instruction_code, inst, + 0, 0); ASN1_OBJECT_free(inst); ASN1_TIME_free(revtm); ASN1_GENERALIZEDTIME_free(invtm); @@ -1139,7 +1194,7 @@ OCSP_copy_nonce(bs, req); mctx = EVP_MD_CTX_new(); - if ( mctx == NULL || !EVP_DigestSignInit(mctx, &pkctx, rmd, NULL, rkey)) { + if (mctx == NULL || !EVP_DigestSignInit(mctx, &pkctx, rmd, NULL, rkey)) { *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, NULL); goto end; } @@ -1150,7 +1205,7 @@ BIO_printf(err, "parameter error \"%s\"\n", sigopt); ERR_print_errors(bio_err); *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, - NULL); + NULL); goto end; } } @@ -1166,7 +1221,7 @@ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); - end: +end: EVP_MD_CTX_free(mctx); ASN1_TIME_free(thisupd); ASN1_TIME_free(nextupd); @@ -1181,8 +1236,8 @@ for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; bn = ASN1_INTEGER_to_BN(ser, NULL); - OPENSSL_assert(bn); /* FIXME: should report an error at this - * point and abort */ + OPENSSL_assert(bn); /* FIXME: should report an error at this + * point and abort */ if (BN_is_zero(bn)) { itmp = OPENSSL_strdup("00"); OPENSSL_assert(itmp); @@ -1197,16 +1252,16 @@ } static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port, int timeout) + const char *port, int timeout) { #ifndef OPENSSL_NO_SOCK return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST), - (ASN1_VALUE **)preq, NULL, pcbio, acbio, - NULL /* found_keep_alive */, - prog, port, 1 /* accept_get */, timeout); + (ASN1_VALUE **)preq, NULL, pcbio, acbio, + NULL /* found_keep_alive */, + prog, port, 1 /* accept_get */, timeout); #else BIO_printf(bio_err, - "Error getting OCSP request - sockets not supported\n"); + "Error getting OCSP request - sockets not supported\n"); *preq = NULL; return 0; #endif @@ -1216,23 +1271,23 @@ { #ifndef OPENSSL_NO_SOCK return http_server_send_asn1_resp(cbio, - 0 /* no keep-alive */, - "application/ocsp-response", - ASN1_ITEM_rptr(OCSP_RESPONSE), - (const ASN1_VALUE *)resp); + 0 /* no keep-alive */, + "application/ocsp-response", + ASN1_ITEM_rptr(OCSP_RESPONSE), + (const ASN1_VALUE *)resp); #else BIO_printf(bio_err, - "Error sending OCSP response - sockets not supported\n"); + "Error sending OCSP response - sockets not supported\n"); return 0; #endif } #ifndef OPENSSL_NO_SOCK OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host, - const char *port, const char *path, - const char *proxy, const char *no_proxy, - int use_ssl, STACK_OF(CONF_VALUE) *headers, - int req_timeout) + const char *port, const char *path, + const char *proxy, const char *no_proxy, + int use_ssl, STACK_OF(CONF_VALUE) *headers, + int req_timeout) { SSL_CTX *ctx = NULL; OCSP_RESPONSE *resp = NULL; @@ -1247,15 +1302,15 @@ resp = (OCSP_RESPONSE *) app_http_post_asn1(host, port, path, proxy, no_proxy, - ctx, headers, "application/ocsp-request", - (ASN1_VALUE *)req, ASN1_ITEM_rptr(OCSP_REQUEST), - "application/ocsp-response", - req_timeout, ASN1_ITEM_rptr(OCSP_RESPONSE)); + ctx, headers, "application/ocsp-request", + (ASN1_VALUE *)req, ASN1_ITEM_rptr(OCSP_REQUEST), + "application/ocsp-response", + req_timeout, ASN1_ITEM_rptr(OCSP_RESPONSE)); if (resp == NULL) BIO_printf(bio_err, "Error querying OCSP responder\n"); - end: +end: SSL_CTX_free(ctx); return resp; } --- crypto/openssl/apps/openssl.c.orig +++ crypto/openssl/apps/openssl.c @@ -19,12 +19,12 @@ #include #include #ifndef OPENSSL_NO_ENGINE -# include +#include #endif #include /* Needed to get the other O_xxx flags. */ #ifdef OPENSSL_SYS_VMS -# include +#include #endif #include "apps.h" #include "progs.h" @@ -47,7 +47,7 @@ { if (fp->deprecated_version != NULL) BIO_printf(bio_err, "The command %s was deprecated in version %s.", - fp->name, fp->deprecated_version); + fp->name, fp->deprecated_version); else BIO_printf(bio_err, "The command %s is deprecated.", fp->name); if (strcmp(fp->deprecated_alternative, DEPRECATED_NO_ALTERNATIVE) != 0) @@ -64,7 +64,8 @@ /* Set non-default library initialisation settings */ if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_LOAD_CONFIG, NULL)) + | OPENSSL_INIT_LOAD_CONFIG, + NULL)) return 0; (void)setup_ui_method(); @@ -94,15 +95,14 @@ destroy_ui_method(); } - #ifndef OPENSSL_NO_TRACE typedef struct tracedata_st { BIO *bio; - unsigned int ingroup:1; + unsigned int ingroup : 1; } tracedata; static size_t internal_trace_cb(const char *buf, size_t cnt, - int category, int cmd, void *vdata) + int category, int cmd, void *vdata) { int ret = 0; tracedata *trace_data = vdata; @@ -120,8 +120,8 @@ tid = CRYPTO_THREAD_get_current_id(); hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid)); BIO_snprintf(buffer, sizeof(buffer), "TRACE[%s]:%s: ", - hex == NULL ? "" : hex, - OSSL_trace_get_category_name(category)); + hex == NULL ? "" : hex, + OSSL_trace_get_category_name(category)); OPENSSL_free(hex); BIO_set_prefix(trace_data->bio, buffer); break; @@ -181,12 +181,13 @@ || bio == NULL || (trace_data->bio = channel) == NULL || OSSL_trace_set_callback(category, internal_trace_cb, - trace_data) == 0 + trace_data) + == 0 || sk_tracedata_push(trace_data_stack, trace_data) == 0) { fprintf(stderr, - "warning: unable to setup trace callback for category '%s'.\n", - OSSL_trace_get_category_name(category)); + "warning: unable to setup trace callback for category '%s'.\n", + OSSL_trace_get_category_name(category)); OSSL_trace_set_callback(category, NULL, NULL); BIO_free_all(channel); @@ -222,7 +223,7 @@ setup_trace_category(category); } else { fprintf(stderr, - "warning: unknown trace category: '%s'.\n", item); + "warning: unknown trace category: '%s'.\n", item); } } } @@ -263,10 +264,10 @@ #endif if ((fname = "apps_startup", !apps_startup()) - || (fname = "prog_init", (prog = prog_init()) == NULL)) { + || (fname = "prog_init", (prog = prog_init()) == NULL)) { BIO_printf(bio_err, - "FATAL: Startup failure (dev note: %s()) for %s\n", - fname, argv[0]); + "FATAL: Startup failure (dev note: %s()) for %s\n", + fname, argv[0]); ERR_print_errors(bio_err); ret = 1; goto end; @@ -297,7 +298,7 @@ ? do_cmd(prog, 1, help_argv) : do_cmd(prog, argc, argv); - end: +end: OPENSSL_free(default_config_file); lh_FUNCTION_free(prog); OPENSSL_free(arg.argv); @@ -312,21 +313,22 @@ } typedef enum HELP_CHOICE { - OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP + OPT_hERR = -1, + OPT_hEOF = 0, + OPT_hHELP } HELP_CHOICE; const OPTIONS help_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: help [options] [command]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: help [options] [command]\n" }, OPT_SECTION("General"), - {"help", OPT_hHELP, '-', "Display this summary"}, + { "help", OPT_hHELP, '-', "Display this summary" }, OPT_PARAMETERS(), - {"command", 0, 0, "Name of command to display help (optional)"}, - {NULL} + { "command", 0, 0, "Name of command to display help (optional)" }, + { NULL } }; - int help_main(int argc, char **argv) { FUNCTION *fp; @@ -379,11 +381,11 @@ if (tp == FT_md) { i = 1; BIO_printf(bio_err, - "\nMessage Digest commands (see the `dgst' command for more details)\n"); + "\nMessage Digest commands (see the `dgst' command for more details)\n"); } else if (tp == FT_cipher) { i = 1; BIO_printf(bio_err, - "\nCipher commands (see the `enc' command for more details)\n"); + "\nCipher commands (see the `enc' command for more details)\n"); } } BIO_printf(bio_err, "%-*s", dc.width, fp->name); @@ -432,16 +434,16 @@ } BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", - argv[0]); + argv[0]); return 1; } -static int function_cmp(const FUNCTION * a, const FUNCTION * b) +static int function_cmp(const FUNCTION *a, const FUNCTION *b) { return strncmp(a->name, b->name, 8); } -static unsigned long function_hash(const FUNCTION * a) +static unsigned long function_hash(const FUNCTION *a) { return OPENSSL_LH_strhash(a->name); } --- crypto/openssl/apps/passwd.c.orig +++ crypto/openssl/apps/passwd.c @@ -17,7 +17,7 @@ #include #include #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) -# include +#include #endif #include #include @@ -46,48 +46,58 @@ } passwd_modes; static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, - char *passwd, BIO *out, int quiet, int table, - int reverse, size_t pw_maxlen, passwd_modes mode); + char *passwd, BIO *out, int quiet, int table, + int reverse, size_t pw_maxlen, passwd_modes mode); typedef enum OPTION_choice { OPT_COMMON, OPT_IN, - OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, - OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_NOVERIFY, + OPT_QUIET, + OPT_TABLE, + OPT_REVERSE, + OPT_APR1, + OPT_1, + OPT_5, + OPT_6, + OPT_AIXMD5, + OPT_SALT, + OPT_STDIN, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS passwd_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Read passwords from file"}, - {"noverify", OPT_NOVERIFY, '-', - "Never verify when reading password from terminal"}, - {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, + { "in", OPT_IN, '<', "Read passwords from file" }, + { "noverify", OPT_NOVERIFY, '-', + "Never verify when reading password from terminal" }, + { "stdin", OPT_STDIN, '-', "Read passwords from stdin" }, OPT_SECTION("Output"), - {"quiet", OPT_QUIET, '-', "No warnings"}, - {"table", OPT_TABLE, '-', "Format output as table"}, - {"reverse", OPT_REVERSE, '-', "Switch table columns"}, + { "quiet", OPT_QUIET, '-', "No warnings" }, + { "table", OPT_TABLE, '-', "Format output as table" }, + { "reverse", OPT_REVERSE, '-', "Switch table columns" }, OPT_SECTION("Cryptographic"), - {"salt", OPT_SALT, 's', "Use provided salt"}, - {"6", OPT_6, '-', "SHA512-based password algorithm"}, - {"5", OPT_5, '-', "SHA256-based password algorithm"}, - {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, - {"1", OPT_1, '-', "MD5-based password algorithm"}, - {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, + { "salt", OPT_SALT, 's', "Use provided salt" }, + { "6", OPT_6, '-', "SHA512-based password algorithm" }, + { "5", OPT_5, '-', "SHA256-based password algorithm" }, + { "apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant" }, + { "1", OPT_1, '-', "MD5-based password algorithm" }, + { "aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"password", 0, 0, "Password text to digest (optional)"}, - {NULL} + { "password", 0, 0, "Password text to digest (optional)" }, + { NULL } }; int passwd_main(int argc, char **argv) @@ -112,7 +122,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -223,8 +233,7 @@ passwd_malloc_size = pw_maxlen + 2; /* longer than necessary so that we can warn about truncation */ - passwd = passwd_malloc = - app_malloc(passwd_malloc_size, "password buffer"); + passwd = passwd_malloc = app_malloc(passwd_malloc_size, "password buffer"); } if ((in == NULL) && (passwds == NULL)) { @@ -240,9 +249,9 @@ passwds = passwds_static; if (in == NULL) { - if (EVP_read_pw_string - (passwd_malloc, passwd_malloc_size, "Password: ", - !(passed_salt || in_noverify)) != 0) + if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", + !(passed_salt || in_noverify)) + != 0) goto end; } passwds[0] = passwd_malloc; @@ -257,10 +266,10 @@ assert(passwds != NULL); assert(*passwds != NULL); - do { /* loop over list of passwords */ + do { /* loop over list of passwords */ passwd = *passwds++; if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, - quiet, table, reverse, pw_maxlen, mode)) + quiet, table, reverse, pw_maxlen, mode)) goto end; } while (*passwds != NULL); } else { @@ -273,7 +282,7 @@ if (r > 0) { char *c = (strchr(passwd, '\n')); if (c != NULL) { - *c = 0; /* truncate at newline */ + *c = 0; /* truncate at newline */ } else { /* ignore rest of line */ char trash[BUFSIZ]; @@ -282,9 +291,8 @@ while ((r > 0) && (!strchr(trash, '\n'))); } - if (!do_passwd - (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, - table, reverse, pw_maxlen, mode)) + if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, + table, reverse, pw_maxlen, mode)) goto end; } done = (r <= 0); @@ -292,7 +300,7 @@ } ret = 0; - end: +end: #if 0 ERR_print_errors(bio_err); #endif @@ -316,8 +324,8 @@ /* "$apr1$..salt..$.......md5hash..........\0" */ static char out_buf[6 + 9 + 24 + 2]; unsigned char buf[MD5_DIGEST_LENGTH]; - char ascii_magic[5]; /* "apr1" plus '\0' */ - char ascii_salt[9]; /* Max 8 chars plus '\0' */ + char ascii_magic[5]; /* "apr1" plus '\0' */ + char ascii_salt[9]; /* Max 8 chars plus '\0' */ char *ascii_passwd = NULL; char *salt_out; int n; @@ -331,7 +339,7 @@ magic_len = strlen(magic); OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); #ifdef CHARSET_EBCDIC - if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ + if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ ebcdic2ascii(ascii_magic, ascii_magic, magic_len); #endif @@ -353,7 +361,7 @@ if (magic_len > 0) { OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); - if (magic_len > 4) /* assert it's "1" or "apr1" */ + if (magic_len > 4) /* assert it's "1" or "apr1" */ goto err; OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); @@ -382,7 +390,7 @@ if (!EVP_DigestUpdate(md, ascii_dollar, 1) || !EVP_DigestUpdate(md, ascii_magic, magic_len) || !EVP_DigestUpdate(md, ascii_dollar, 1)) - goto err; + goto err; if (!EVP_DigestUpdate(md, ascii_salt, salt_len)) goto err; @@ -416,8 +424,8 @@ if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(md2, - (i & 1) ? (const unsigned char *)passwd : buf, - (i & 1) ? passwd_len : sizeof(buf))) + (i & 1) ? (const unsigned char *)passwd : buf, + (i & 1) ? passwd_len : sizeof(buf))) goto err; if (i % 3) { if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) @@ -428,11 +436,11 @@ goto err; } if (!EVP_DigestUpdate(md2, - (i & 1) ? buf : (const unsigned char *)passwd, - (i & 1) ? sizeof(buf) : passwd_len)) - goto err; + (i & 1) ? buf : (const unsigned char *)passwd, + (i & 1) ? sizeof(buf) : passwd_len)) + goto err; if (!EVP_DigestFinal_ex(md2, buf, NULL)) - goto err; + goto err; } EVP_MD_CTX_free(md2); EVP_MD_CTX_free(md); @@ -447,14 +455,14 @@ /* silly output permutation */ for (dest = 0, source = 0; dest < 14; - dest++, source = (source + 6) % 17) + dest++, source = (source + 6) % 17) buf_perm[dest] = buf[source]; buf_perm[14] = buf[5]; buf_perm[15] = buf[11]; -# ifndef PEDANTIC /* Unfortunately, this generates a "no - * effect" warning */ +#ifndef PEDANTIC /* Unfortunately, this generates a "no \ + * effect" warning */ assert(16 == sizeof(buf_perm)); -# endif +#endif output = salt_out + salt_len; assert(output == out_buf + strlen(out_buf)); @@ -463,10 +471,8 @@ for (i = 0; i < 15; i += 3) { *output++ = cov_2char[buf_perm[i + 2] & 0x3f]; - *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | - (buf_perm[i + 2] >> 6)]; - *output++ = cov_2char[((buf_perm[i] & 3) << 4) | - (buf_perm[i + 1] >> 4)]; + *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | (buf_perm[i + 2] >> 6)]; + *output++ = cov_2char[((buf_perm[i] & 3) << 4) | (buf_perm[i + 1] >> 4)]; *output++ = cov_2char[buf_perm[i] >> 2]; } assert(i == 15); @@ -481,7 +487,7 @@ return out_buf; - err: +err: OPENSSL_free(ascii_passwd); EVP_MD_CTX_free(md2); EVP_MD_CTX_free(md); @@ -498,13 +504,13 @@ /* Prefix for optional rounds specification. */ static const char rounds_prefix[] = "rounds="; /* Maximum salt string length. */ -# define SALT_LEN_MAX 16 +#define SALT_LEN_MAX 16 /* Default number of rounds if not explicitly specified. */ -# define ROUNDS_DEFAULT 5000 +#define ROUNDS_DEFAULT 5000 /* Minimum number of rounds. */ -# define ROUNDS_MIN 1000 +#define ROUNDS_MIN 1000 /* Maximum number of rounds. */ -# define ROUNDS_MAX 999999999 +#define ROUNDS_MAX 999999999 /* "$6$rounds=$......salt......$...shahash(up to 86 chars)...\0" */ static char out_buf[3 + 17 + 17 + 86 + 1]; @@ -512,13 +518,13 @@ unsigned char temp_buf[SHA512_DIGEST_LENGTH]; size_t buf_size = 0; char ascii_magic[2]; - char ascii_salt[17]; /* Max 16 chars plus '\0' */ + char ascii_salt[17]; /* Max 16 chars plus '\0' */ char *ascii_passwd = NULL; size_t n; EVP_MD_CTX *md = NULL, *md2 = NULL; const EVP_MD *sha = NULL; size_t passwd_len, salt_len, magic_len; - unsigned int rounds = ROUNDS_DEFAULT; /* Default */ + unsigned int rounds = ROUNDS_DEFAULT; /* Default */ char rounds_custom = 0; char *p_bytes = NULL; char *s_bytes = NULL; @@ -547,7 +553,7 @@ if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) { const char *num = salt + sizeof(rounds_prefix) - 1; char *endp; - unsigned long int srounds = strtoul (num, &endp, 10); + unsigned long int srounds = strtoul(num, &endp, 10); if (*endp == '$') { salt = endp + 1; if (srounds > ROUNDS_MAX) @@ -564,7 +570,7 @@ OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); #ifdef CHARSET_EBCDIC - if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ + if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ ebcdic2ascii(ascii_magic, ascii_magic, magic_len); #endif @@ -593,7 +599,7 @@ BIO_snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds); #ifdef CHARSET_EBCDIC /* In case we're really on a ASCII based platform and just pretend */ - if (tmp_buf[0] != 0x72) /* ASCII 'r' */ + if (tmp_buf[0] != 0x72) /* ASCII 'r' */ ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf)); #endif OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf)); @@ -602,7 +608,7 @@ OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); /* assert "$5$rounds=999999999$......salt......" */ - if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len ) + if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len) goto err; md = EVP_MD_CTX_new(); @@ -631,8 +637,8 @@ n = passwd_len; while (n) { if (!EVP_DigestUpdate(md, - (n & 1) ? buf : (const unsigned char *)passwd, - (n & 1) ? buf_size : passwd_len)) + (n & 1) ? buf : (const unsigned char *)passwd, + (n & 1) ? buf_size : passwd_len)) goto err; n >>= 1; } @@ -677,8 +683,8 @@ if (!EVP_DigestInit_ex(md2, sha, NULL)) goto err; if (!EVP_DigestUpdate(md2, - (n & 1) ? (const unsigned char *)p_bytes : buf, - (n & 1) ? passwd_len : buf_size)) + (n & 1) ? (const unsigned char *)p_bytes : buf, + (n & 1) ? passwd_len : buf_size)) goto err; if (n % 3) { if (!EVP_DigestUpdate(md2, s_bytes, salt_len)) @@ -689,11 +695,11 @@ goto err; } if (!EVP_DigestUpdate(md2, - (n & 1) ? buf : (const unsigned char *)p_bytes, - (n & 1) ? buf_size : passwd_len)) - goto err; + (n & 1) ? buf : (const unsigned char *)p_bytes, + (n & 1) ? buf_size : passwd_len)) + goto err; if (!EVP_DigestFinal_ex(md2, buf, NULL)) - goto err; + goto err; } EVP_MD_CTX_free(md2); EVP_MD_CTX_free(md); @@ -707,54 +713,53 @@ cp = out_buf + strlen(out_buf); *cp++ = ascii_dollar[0]; -# define b64_from_24bit(B2, B1, B0, N) \ - do { \ - unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ - int i = (N); \ - while (i-- > 0) \ - { \ - *cp++ = cov_2char[w & 0x3f]; \ - w >>= 6; \ - } \ +#define b64_from_24bit(B2, B1, B0, N) \ + do { \ + unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ + int i = (N); \ + while (i-- > 0) { \ + *cp++ = cov_2char[w & 0x3f]; \ + w >>= 6; \ + } \ } while (0) switch (magic[0]) { case '5': - b64_from_24bit (buf[0], buf[10], buf[20], 4); - b64_from_24bit (buf[21], buf[1], buf[11], 4); - b64_from_24bit (buf[12], buf[22], buf[2], 4); - b64_from_24bit (buf[3], buf[13], buf[23], 4); - b64_from_24bit (buf[24], buf[4], buf[14], 4); - b64_from_24bit (buf[15], buf[25], buf[5], 4); - b64_from_24bit (buf[6], buf[16], buf[26], 4); - b64_from_24bit (buf[27], buf[7], buf[17], 4); - b64_from_24bit (buf[18], buf[28], buf[8], 4); - b64_from_24bit (buf[9], buf[19], buf[29], 4); - b64_from_24bit (0, buf[31], buf[30], 3); + b64_from_24bit(buf[0], buf[10], buf[20], 4); + b64_from_24bit(buf[21], buf[1], buf[11], 4); + b64_from_24bit(buf[12], buf[22], buf[2], 4); + b64_from_24bit(buf[3], buf[13], buf[23], 4); + b64_from_24bit(buf[24], buf[4], buf[14], 4); + b64_from_24bit(buf[15], buf[25], buf[5], 4); + b64_from_24bit(buf[6], buf[16], buf[26], 4); + b64_from_24bit(buf[27], buf[7], buf[17], 4); + b64_from_24bit(buf[18], buf[28], buf[8], 4); + b64_from_24bit(buf[9], buf[19], buf[29], 4); + b64_from_24bit(0, buf[31], buf[30], 3); break; case '6': - b64_from_24bit (buf[0], buf[21], buf[42], 4); - b64_from_24bit (buf[22], buf[43], buf[1], 4); - b64_from_24bit (buf[44], buf[2], buf[23], 4); - b64_from_24bit (buf[3], buf[24], buf[45], 4); - b64_from_24bit (buf[25], buf[46], buf[4], 4); - b64_from_24bit (buf[47], buf[5], buf[26], 4); - b64_from_24bit (buf[6], buf[27], buf[48], 4); - b64_from_24bit (buf[28], buf[49], buf[7], 4); - b64_from_24bit (buf[50], buf[8], buf[29], 4); - b64_from_24bit (buf[9], buf[30], buf[51], 4); - b64_from_24bit (buf[31], buf[52], buf[10], 4); - b64_from_24bit (buf[53], buf[11], buf[32], 4); - b64_from_24bit (buf[12], buf[33], buf[54], 4); - b64_from_24bit (buf[34], buf[55], buf[13], 4); - b64_from_24bit (buf[56], buf[14], buf[35], 4); - b64_from_24bit (buf[15], buf[36], buf[57], 4); - b64_from_24bit (buf[37], buf[58], buf[16], 4); - b64_from_24bit (buf[59], buf[17], buf[38], 4); - b64_from_24bit (buf[18], buf[39], buf[60], 4); - b64_from_24bit (buf[40], buf[61], buf[19], 4); - b64_from_24bit (buf[62], buf[20], buf[41], 4); - b64_from_24bit (0, 0, buf[63], 2); + b64_from_24bit(buf[0], buf[21], buf[42], 4); + b64_from_24bit(buf[22], buf[43], buf[1], 4); + b64_from_24bit(buf[44], buf[2], buf[23], 4); + b64_from_24bit(buf[3], buf[24], buf[45], 4); + b64_from_24bit(buf[25], buf[46], buf[4], 4); + b64_from_24bit(buf[47], buf[5], buf[26], 4); + b64_from_24bit(buf[6], buf[27], buf[48], 4); + b64_from_24bit(buf[28], buf[49], buf[7], 4); + b64_from_24bit(buf[50], buf[8], buf[29], 4); + b64_from_24bit(buf[9], buf[30], buf[51], 4); + b64_from_24bit(buf[31], buf[52], buf[10], 4); + b64_from_24bit(buf[53], buf[11], buf[32], 4); + b64_from_24bit(buf[12], buf[33], buf[54], 4); + b64_from_24bit(buf[34], buf[55], buf[13], 4); + b64_from_24bit(buf[56], buf[14], buf[35], 4); + b64_from_24bit(buf[15], buf[36], buf[57], 4); + b64_from_24bit(buf[37], buf[58], buf[16], 4); + b64_from_24bit(buf[59], buf[17], buf[38], 4); + b64_from_24bit(buf[18], buf[39], buf[60], 4); + b64_from_24bit(buf[40], buf[61], buf[19], 4); + b64_from_24bit(buf[62], buf[20], buf[41], 4); + b64_from_24bit(0, 0, buf[63], 2); break; default: goto err; @@ -766,7 +771,7 @@ return out_buf; - err: +err: EVP_MD_CTX_free(md2); EVP_MD_CTX_free(md); OPENSSL_free(p_bytes); @@ -776,8 +781,8 @@ } static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, - char *passwd, BIO *out, int quiet, int table, - int reverse, size_t pw_maxlen, passwd_modes mode) + char *passwd, BIO *out, int quiet, int table, + int reverse, size_t pw_maxlen, passwd_modes mode) { char *hash = NULL; @@ -805,10 +810,10 @@ for (i = 0; i < saltlen; i++) (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ (*salt_p)[i] = 0; -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC /* The password encryption function will convert back to ASCII */ ascii2ebcdic(*salt_p, *salt_p, saltlen); -# endif +#endif } assert(*salt_p != NULL); @@ -820,8 +825,8 @@ * XXX: really we should know how to print a size_t, not cast it */ BIO_printf(bio_err, - "Warning: truncating password to %u characters\n", - (unsigned)pw_maxlen); + "Warning: truncating password to %u characters\n", + (unsigned)pw_maxlen); passwd[pw_maxlen] = 0; } assert(strlen(passwd) <= pw_maxlen); @@ -843,6 +848,6 @@ BIO_printf(out, "%s\n", hash); return 1; - end: +end: return 0; } --- crypto/openssl/apps/pkcs12.c.orig +++ crypto/openssl/apps/pkcs12.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,11 +21,11 @@ #include #include -#define NOKEYS 0x1 -#define NOCERTS 0x2 -#define INFO 0x4 -#define CLCERTS 0x8 -#define CACERTS 0x10 +#define NOKEYS 0x1 +#define NOCERTS 0x2 +#define INFO 0x4 +#define CLCERTS 0x8 +#define CACERTS 0x10 #define PASSWD_BUF_SIZE 2048 @@ -35,20 +35,20 @@ BIO_printf(bio_err, "Warning: -%s option ignored without -export\n", opt); static int get_cert_chain(X509 *cert, X509_STORE *store, - STACK_OF(X509) *untrusted_certs, - STACK_OF(X509) **chain); + STACK_OF(X509) *untrusted_certs, + STACK_OF(X509) **chain); int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, - const char *pass, int passlen, int options, - char *pempass, const EVP_CIPHER *enc); + const char *pass, int passlen, int options, + char *pempass, const EVP_CIPHER *enc); int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, - const char *pass, int passlen, int options, - char *pempass, const EVP_CIPHER *enc); + const char *pass, int passlen, int options, + char *pempass, const EVP_CIPHER *enc); int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, - const char *pass, int passlen, - int options, char *pempass, const EVP_CIPHER *enc); + const char *pass, int passlen, + int options, char *pempass, const EVP_CIPHER *enc); void print_attribute(BIO *out, const ASN1_TYPE *av); int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, - const char *name); + const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); static int alg_print(const X509_ALGOR *alg); int cert_load(BIO *in, STACK_OF(X509) *sk); @@ -56,18 +56,54 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS, - OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER, + OPT_CIPHER, + OPT_NOKEYS, + OPT_KEYEX, + OPT_KEYSIG, + OPT_NOCERTS, + OPT_CLCERTS, + OPT_CACERTS, + OPT_NOOUT, + OPT_INFO, + OPT_CHAIN, + OPT_TWOPASS, + OPT_NOMACVER, #ifndef OPENSSL_NO_DES OPT_DESCERT, #endif - OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER, - OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_NOENC, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE, - OPT_INKEY, OPT_CERTFILE, OPT_UNTRUSTED, OPT_PASSCERTS, - OPT_NAME, OPT_CSP, OPT_CANAME, - OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, - OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE, - OPT_R_ENUM, OPT_PROV_ENUM, + OPT_EXPORT, + OPT_ITER, + OPT_NOITER, + OPT_MACITER, + OPT_NOMACITER, + OPT_NOMAC, + OPT_LMK, + OPT_NODES, + OPT_NOENC, + OPT_MACALG, + OPT_CERTPBE, + OPT_KEYPBE, + OPT_INKEY, + OPT_CERTFILE, + OPT_UNTRUSTED, + OPT_PASSCERTS, + OPT_NAME, + OPT_CSP, + OPT_CANAME, + OPT_IN, + OPT_OUT, + OPT_PASSIN, + OPT_PASSOUT, + OPT_PASSWORD, + OPT_CAPATH, + OPT_CAFILE, + OPT_CASTORE, + OPT_NOCAPATH, + OPT_NOCAFILE, + OPT_NOCASTORE, + OPT_ENGINE, + OPT_R_ENUM, + OPT_PROV_ENUM, #ifndef OPENSSL_NO_DES OPT_LEGACY_ALG #endif @@ -75,81 +111,81 @@ const OPTIONS pkcs12_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"in", OPT_IN, '<', "Input file"}, - {"out", OPT_OUT, '>', "Output file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"password", OPT_PASSWORD, 's', "Set PKCS#12 import/export password source"}, - {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, - {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"}, - {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"}, - {"noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "password", OPT_PASSWORD, 's', "Set PKCS#12 import/export password source" }, + { "twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords" }, + { "nokeys", OPT_NOKEYS, '-', "Don't output private keys" }, + { "nocerts", OPT_NOCERTS, '-', "Don't output certificates" }, + { "noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input" }, #ifndef OPENSSL_NO_DES - {"legacy", OPT_LEGACY_ALG, '-', -# ifdef OPENSSL_NO_RC2 - "Use legacy encryption algorithm 3DES_CBC for keys and certs" -# else - "Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs" -# endif + { "legacy", OPT_LEGACY_ALG, '-', +#ifdef OPENSSL_NO_RC2 + "Use legacy encryption algorithm 3DES_CBC for keys and certs" +#else + "Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs" +#endif }, #endif #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_PROV_OPTIONS, OPT_R_OPTIONS, OPT_SECTION("PKCS#12 import (parsing PKCS#12)"), - {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"}, - {"nomacver", OPT_NOMACVER, '-', "Don't verify integrity MAC"}, - {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"}, - {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"}, - {"", OPT_CIPHER, '-', "Any supported cipher for output encryption"}, - {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"}, - {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"}, + { "info", OPT_INFO, '-', "Print info about PKCS#12 structure" }, + { "nomacver", OPT_NOMACVER, '-', "Don't verify integrity MAC" }, + { "clcerts", OPT_CLCERTS, '-', "Only output client certificates" }, + { "cacerts", OPT_CACERTS, '-', "Only output CA certificates" }, + { "", OPT_CIPHER, '-', "Any supported cipher for output encryption" }, + { "noenc", OPT_NOENC, '-', "Don't encrypt private keys" }, + { "nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated" }, OPT_SECTION("PKCS#12 output (export)"), - {"export", OPT_EXPORT, '-', "Create PKCS12 file"}, - {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"}, - {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"}, - {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"}, - {"chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert,"}, - {OPT_MORE_STR, 0, 0, - "which is the 1st cert from -in matching the private key (if given)"}, - {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"}, - {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"}, - {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - {"name", OPT_NAME, 's', "Use name as friendly name"}, - {"caname", OPT_CANAME, 's', - "Use name as CA friendly name (can be repeated)"}, - {"CSP", OPT_CSP, 's', "Microsoft CSP name"}, - {"LMK", OPT_LMK, '-', - "Add local machine keyset attribute to private key"}, - {"keyex", OPT_KEYEX, '-', "Set key type to MS key exchange"}, - {"keysig", OPT_KEYSIG, '-', "Set key type to MS key signature"}, - {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default AES-256 CBC)"}, - {"certpbe", OPT_CERTPBE, 's', - "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)"}, + { "export", OPT_EXPORT, '-', "Create PKCS12 file" }, + { "inkey", OPT_INKEY, 's', "Private key, else read from -in input file" }, + { "certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output" }, + { "passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source" }, + { "chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert," }, + { OPT_MORE_STR, 0, 0, + "which is the 1st cert from -in matching the private key (if given)" }, + { "untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building" }, + { "CAfile", OPT_CAFILE, '<', "PEM-format file of CA's" }, + { "CApath", OPT_CAPATH, '/', "PEM-format directory of CA's" }, + { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store" }, + { "name", OPT_NAME, 's', "Use name as friendly name" }, + { "caname", OPT_CANAME, 's', + "Use name as CA friendly name (can be repeated)" }, + { "CSP", OPT_CSP, 's', "Microsoft CSP name" }, + { "LMK", OPT_LMK, '-', + "Add local machine keyset attribute to private key" }, + { "keyex", OPT_KEYEX, '-', "Set key type to MS key exchange" }, + { "keysig", OPT_KEYSIG, '-', "Set key type to MS key signature" }, + { "keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default AES-256 CBC)" }, + { "certpbe", OPT_CERTPBE, 's', + "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)" }, #ifndef OPENSSL_NO_DES - {"descert", OPT_DESCERT, '-', - "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"}, + { "descert", OPT_DESCERT, '-', + "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)" }, #endif - {"macalg", OPT_MACALG, 's', - "Digest algorithm to use in MAC (default SHA256)"}, - {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"}, - {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, - {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"}, - {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"}, - {"nomac", OPT_NOMAC, '-', "Don't generate MAC"}, - {NULL} + { "macalg", OPT_MACALG, 's', + "Digest algorithm to use in MAC (default SHA256)" }, + { "iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC" }, + { "noiter", OPT_NOITER, '-', "Don't use encryption iteration" }, + { "nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)" }, + { "maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility" }, + { "nomac", OPT_NOMAC, '-', "Don't generate MAC" }, + { NULL } }; int pkcs12_main(int argc, char **argv) @@ -187,7 +223,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -379,7 +415,7 @@ WARN_EXPORT("cacerts"); if (enc != default_enc) BIO_printf(bio_err, - "Warning: output encryption option -%s ignored with -export\n", enc_flag); + "Warning: output encryption option -%s ignored with -export\n", enc_flag); } else { if (keyname != NULL) WARN_NO_EXPORT("inkey"); @@ -440,11 +476,11 @@ } if (cert_pbe == NID_undef) { /* Adapt default algorithm */ -# ifndef OPENSSL_NO_RC2 +#ifndef OPENSSL_NO_RC2 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; -# else +#else cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -# endif +#endif } if (key_pbe == NID_undef) @@ -502,7 +538,7 @@ if (1) { #ifndef OPENSSL_NO_UI_CONSOLE if (EVP_read_pw_string( - macpass, sizeof(macpass), "Enter MAC Password:", export_pkcs12)) { + macpass, sizeof(macpass), "Enter MAC Password:", export_pkcs12)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } @@ -534,10 +570,8 @@ if (!(options & NOKEYS)) { key = load_key(keyname ? keyname : infile, - FORMAT_PEM, 1, passin, e, - keyname ? - "private key from -inkey file" : - "private key from -in file"); + FORMAT_PEM, 1, passin, e, + keyname ? "private key from -inkey file" : "private key from -in file"); if (key == NULL) goto export_end; } @@ -545,7 +579,7 @@ /* Load all certs in input file */ if (!(options & NOCERTS)) { if (!load_certs(infile, 1, &certs, passin, - "certificates from -in file")) + "certificates from -in file")) goto export_end; if (sk_X509_num(certs) < 1) { BIO_printf(bio_err, "No certificate in -in file %s\n", infile); @@ -568,8 +602,8 @@ } if (ee_cert == NULL) { BIO_printf(bio_err, - "No cert in -in file '%s' matches private key\n", - infile); + "No cert in -in file '%s' matches private key\n", + infile); goto export_end; } } @@ -578,7 +612,7 @@ /* Load any untrusted certificates for chain building */ if (untrusted != NULL) { if (!load_certs(untrusted, 0, &untrusted_certs, passcerts, - "untrusted certificates")) + "untrusted certificates")) goto export_end; } @@ -595,13 +629,13 @@ if (ee_cert_tmp == NULL) { BIO_printf(bio_err, - "No end entity certificate to check with -chain\n"); + "No end entity certificate to check with -chain\n"); goto export_end; } if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) - == NULL) + CAstore, noCAstore)) + == NULL) goto export_end; vret = get_cert_chain(ee_cert_tmp, store, untrusted_certs, &chain2); @@ -612,15 +646,14 @@ /* Remove from chain2 the first (end entity) certificate */ X509_free(sk_X509_shift(chain2)); /* Add the remaining certs (except for duplicates) */ - add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF - | X509_ADD_FLAG_NO_DUP); + add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP); sk_X509_pop_free(chain2, X509_free); if (!add_certs) goto export_end; } else { if (vret != X509_V_ERR_UNSPECIFIED) BIO_printf(bio_err, "Error getting chain: %s\n", - X509_verify_cert_error_string(vret)); + X509_verify_cert_error_string(vret)); goto export_end; } } @@ -628,7 +661,7 @@ /* Add any extra certificates asked for */ if (certfile != NULL) { if (!load_certs(certfile, 0, &certs, passcerts, - "extra certificates from -certfile")) + "extra certificates from -certfile")) goto export_end; } @@ -640,8 +673,8 @@ if (csp_name != NULL && key != NULL) EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, - MBSTRING_ASC, (unsigned char *)csp_name, - -1); + MBSTRING_ASC, (unsigned char *)csp_name, + -1); if (add_lmk && key != NULL) EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); @@ -651,7 +684,7 @@ if (1) { #ifndef OPENSSL_NO_UI_CONSOLE if (EVP_read_pw_string(pass, sizeof(pass), - "Enter Export Password:", 1)) { + "Enter Export Password:", 1)) { BIO_printf(bio_err, "Can't read Password\n"); goto export_end; } @@ -666,12 +699,12 @@ OPENSSL_strlcpy(macpass, pass, sizeof(macpass)); p12 = PKCS12_create_ex(cpass, name, key, ee_cert, certs, - key_pbe, cert_pbe, iter, -1, keytype, - app_get0_libctx(), app_get0_propq()); + key_pbe, cert_pbe, iter, -1, keytype, + app_get0_libctx(), app_get0_propq()); if (p12 == NULL) { BIO_printf(bio_err, "Error creating PKCS12 structure for %s\n", - outfile); + outfile); goto export_end; } @@ -697,7 +730,7 @@ ret = 0; - export_end: + export_end: EVP_PKEY_free(key); EVP_MD_free(macmd); @@ -707,7 +740,6 @@ ERR_print_errors(bio_err); goto end; - } in = bio_open_default(infile, 'r', FORMAT_PKCS12); @@ -728,7 +760,7 @@ if (1) { #ifndef OPENSSL_NO_UI_CONSOLE if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:", - 0)) { + 0)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } @@ -756,16 +788,16 @@ BIO_puts(bio_err, "MAC: "); i2a_ASN1_OBJECT(bio_err, macobj); BIO_printf(bio_err, ", Iteration %ld\n", - tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); + tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n", - tmac != NULL ? ASN1_STRING_length(tmac) : 0L, - tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); + tmac != NULL ? ASN1_STRING_length(tmac) : 0L, + tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); } if (macver) { EVP_KDF *pkcs12kdf; pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", - app_get0_propq()); + app_get0_propq()); if (pkcs12kdf == NULL) { BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); @@ -797,6 +829,12 @@ if (utmp == NULL) goto end; badpass = OPENSSL_uni2utf8(utmp, utmplen); + if (badpass == NULL) { + BIO_printf(bio_err, "Verbatim password did not match, and fallback conversion to UTF-8 failed\n" + "The password entered or the input encoding may be wrong\n"); + OPENSSL_free(utmp); + goto end; + } OPENSSL_free(utmp); if (!PKCS12_verify_mac(p12, badpass, -1)) { BIO_printf(bio_err, "Mac verify error: invalid password?\n"); @@ -810,7 +848,7 @@ } } - dump: +dump: assert(private); out = bio_open_owner(outfile, FORMAT_PEM, private); @@ -823,7 +861,7 @@ goto end; } ret = 0; - end: +end: PKCS12_free(p12); release_engine(e); BIO_free(in); @@ -837,8 +875,8 @@ } int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, - int passlen, int options, char *pempass, - const EVP_CIPHER *enc) + int passlen, int options, char *pempass, + const EVP_CIPHER *enc) { STACK_OF(PKCS7) *asafes = NULL; STACK_OF(PKCS12_SAFEBAG) *bags; @@ -871,7 +909,7 @@ if (!bags) goto err; if (!dump_certs_pkeys_bags(out, bags, pass, passlen, - options, pempass, enc)) { + options, pempass, enc)) { sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); goto err; } @@ -880,28 +918,28 @@ } ret = 1; - err: +err: sk_PKCS7_pop_free(asafes, PKCS7_free); return ret; } int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, - const char *pass, int passlen, int options, - char *pempass, const EVP_CIPHER *enc) + const char *pass, int passlen, int options, + char *pempass, const EVP_CIPHER *enc) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { if (!dump_certs_pkeys_bag(out, - sk_PKCS12_SAFEBAG_value(bags, i), - pass, passlen, options, pempass, enc)) + sk_PKCS12_SAFEBAG_value(bags, i), + pass, passlen, options, pempass, enc)) return 0; } return 1; } int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag, - const char *pass, int passlen, int options, - char *pempass, const EVP_CIPHER *enc) + const char *pass, int passlen, int options, + char *pempass, const EVP_CIPHER *enc) { EVP_PKEY *pkey; PKCS8_PRIV_KEY_INFO *p8; @@ -987,7 +1025,7 @@ BIO_printf(bio_err, "Safe Contents bag\n"); print_attribs(out, attrs, "Bag Attributes"); return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag), - pass, passlen, options, pempass, enc); + pass, passlen, options, pempass, enc); default: BIO_printf(bio_err, "Warning unsupported bag type: "); @@ -1001,8 +1039,8 @@ /* Given a single certificate return a verified chain or NULL if error */ static int get_cert_chain(X509 *cert, X509_STORE *store, - STACK_OF(X509) *untrusted_certs, - STACK_OF(X509) **chain) + STACK_OF(X509) *untrusted_certs, + STACK_OF(X509) **chain) { X509_STORE_CTX *store_ctx = NULL; STACK_OF(X509) *chn = NULL; @@ -1010,15 +1048,14 @@ store_ctx = X509_STORE_CTX_new_ex(app_get0_libctx(), app_get0_propq()); if (store_ctx == NULL) { - i = X509_V_ERR_UNSPECIFIED; + i = X509_V_ERR_UNSPECIFIED; goto end; } if (!X509_STORE_CTX_init(store_ctx, store, cert, untrusted_certs)) { - i = X509_V_ERR_UNSPECIFIED; + i = X509_V_ERR_UNSPECIFIED; goto end; } - if (X509_verify_cert(store_ctx) > 0) chn = X509_STORE_CTX_get1_chain(store_ctx); else if ((i = X509_STORE_CTX_get_error(store_ctx)) == 0) @@ -1061,7 +1098,7 @@ X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption); encnid = OBJ_obj2nid(aoid); BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid), - OBJ_nid2sn(encnid)); + OBJ_nid2sn(encnid)); /* If KDF is PBKDF2 decode parameters */ if (pbenid == NID_id_pbkdf2) { PBKDF2PARAM *kdf = NULL; @@ -1080,7 +1117,7 @@ prfnid = OBJ_obj2nid(aoid); } BIO_printf(bio_err, ", Iteration %ld, PRF %s", - ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid)); + ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid)); PBKDF2PARAM_free(kdf); #ifndef OPENSSL_NO_SCRYPT } else if (pbenid == NID_id_scrypt) { @@ -1093,11 +1130,11 @@ goto done; } BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, " - "Block size(r): %ld, Parallelism(p): %ld", - ASN1_STRING_length(kdf->salt), - ASN1_INTEGER_get(kdf->costParameter), - ASN1_INTEGER_get(kdf->blockSize), - ASN1_INTEGER_get(kdf->parallelizationParameter)); + "Block size(r): %ld, Parallelism(p): %ld", + ASN1_STRING_length(kdf->salt), + ASN1_INTEGER_get(kdf->costParameter), + ASN1_INTEGER_get(kdf->blockSize), + ASN1_INTEGER_get(kdf->parallelizationParameter)); SCRYPT_PARAMS_free(kdf); #endif } @@ -1112,7 +1149,7 @@ BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter)); PBEPARAM_free(pbe); } - done: +done: BIO_puts(bio_err, "\n"); return 1; } @@ -1143,25 +1180,25 @@ switch (av->type) { case V_ASN1_BMPSTRING: value = OPENSSL_uni2asc(av->value.bmpstring->data, - av->value.bmpstring->length); + av->value.bmpstring->length); BIO_printf(out, "%s\n", value); OPENSSL_free(value); break; case V_ASN1_UTF8STRING: BIO_printf(out, "%.*s\n", av->value.utf8string->length, - av->value.utf8string->data); + av->value.utf8string->data); break; case V_ASN1_OCTET_STRING: hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); + av->value.octet_string->length); BIO_printf(out, "\n"); break; case V_ASN1_BIT_STRING: hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); + av->value.bit_string->length); BIO_printf(out, "\n"); break; @@ -1174,7 +1211,7 @@ /* Generalised attribute print: handle PKCS#8 and bag attributes */ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, - const char *name) + const char *name) { X509_ATTRIBUTE *attr; ASN1_TYPE *av; @@ -1202,8 +1239,7 @@ } if (X509_ATTRIBUTE_count(attr)) { - for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) - { + for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) { av = X509_ATTRIBUTE_get0_type(attr, j); print_attribute(out, av); } --- crypto/openssl/apps/pkcs7.c.orig +++ crypto/openssl/apps/pkcs7.c @@ -22,33 +22,40 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT, - OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE, + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_NOOUT, + OPT_TEXT, + OPT_PRINT, + OPT_PRINT_CERTS, + OPT_ENGINE, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS pkcs7_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, OPT_SECTION("Output"), - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - {"out", OPT_OUT, '>', "Output file"}, - {"noout", OPT_NOOUT, '-', "Don't output encoded data"}, - {"text", OPT_TEXT, '-', "Print full details of certificates"}, - {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"}, - {"print_certs", OPT_PRINT_CERTS, '-', - "Print_certs print any certs or crl in the input"}, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, + { "out", OPT_OUT, '>', "Output file" }, + { "noout", OPT_NOOUT, '-', "Don't output encoded data" }, + { "text", OPT_TEXT, '-', "Print full details of certificates" }, + { "print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure" }, + { "print_certs", OPT_PRINT_CERTS, '-', + "Print_certs print any certs or crl in the input" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int pkcs7_main(int argc, char **argv) @@ -67,7 +74,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -211,7 +218,7 @@ } } ret = 0; - end: +end: PKCS7_free(p7); release_engine(e); BIO_free(in); --- crypto/openssl/apps/pkcs8.c.orig +++ crypto/openssl/apps/pkcs8.c @@ -19,52 +19,67 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, - OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, + OPT_INFORM, + OPT_OUTFORM, + OPT_ENGINE, + OPT_IN, + OPT_OUT, + OPT_TOPK8, + OPT_NOITER, + OPT_NOCRYPT, #ifndef OPENSSL_NO_SCRYPT - OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P, + OPT_SCRYPT, + OPT_SCRYPT_N, + OPT_SCRYPT_R, + OPT_SCRYPT_P, #endif - OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT, + OPT_V2, + OPT_V1, + OPT_V2PRF, + OPT_ITER, + OPT_PASSIN, + OPT_PASSOUT, OPT_TRADITIONAL, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS pkcs8_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"}, - {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"}, - {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"}, + { "v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher" }, + { "v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher" }, + { "v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0" }, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"}, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format (DER or PEM)" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"}, - {"topk8", OPT_TOPK8, '-', "Output PKCS8 file"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"}, - {"iter", OPT_ITER, 'p', "Specify the iteration count"}, - {"noiter", OPT_NOITER, '-', "Use 1 as iteration count"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)" }, + { "topk8", OPT_TOPK8, '-', "Output PKCS8 file" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "traditional", OPT_TRADITIONAL, '-', "use traditional format private key" }, + { "iter", OPT_ITER, 'p', "Specify the iteration count" }, + { "noiter", OPT_NOITER, '-', "Use 1 as iteration count" }, #ifndef OPENSSL_NO_SCRYPT OPT_SECTION("Scrypt"), - {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"}, - {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"}, - {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"}, - {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"}, + { "scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm" }, + { "scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter" }, + { "scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter" }, + { "scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter" }, #endif OPT_R_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int pkcs8_main(int argc, char **argv) @@ -94,7 +109,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -142,7 +157,7 @@ pbe_nid = OBJ_txt2nid(opt_arg()); if (pbe_nid == NID_undef) { BIO_printf(bio_err, - "%s: Unknown PBE algorithm %s\n", prog, opt_arg()); + "%s: Unknown PBE algorithm %s\n", prog, opt_arg()); goto opthelp; } break; @@ -150,14 +165,14 @@ pbe_nid = OBJ_txt2nid(opt_arg()); if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) { BIO_printf(bio_err, - "%s: Unknown PRF algorithm %s\n", prog, opt_arg()); + "%s: Unknown PRF algorithm %s\n", prog, opt_arg()); goto opthelp; } if (cipher == NULL) cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); break; case OPT_ITER: - iter = opt_int_arg(); + iter = opt_int_arg(); break; case OPT_PASSIN: passinarg = opt_arg(); @@ -215,7 +230,7 @@ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); in = bio_open_default(infile, 'r', - informat == FORMAT_UNDEF ? FORMAT_PEM : informat); + informat == FORMAT_UNDEF ? FORMAT_PEM : informat); if (in == NULL) goto end; out = bio_open_owner(outfile, outformat, private); @@ -247,11 +262,11 @@ #ifndef OPENSSL_NO_SCRYPT if (scrypt_N && scrypt_r && scrypt_p) pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL, - scrypt_N, scrypt_r, scrypt_p); + scrypt_N, scrypt_r, scrypt_p); else #endif pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL, - pbe_nid); + pbe_nid); } else { pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0); } @@ -266,8 +281,7 @@ /* To avoid bit rot */ #ifndef OPENSSL_NO_UI_CONSOLE p8pass = pass; - if (EVP_read_pw_string - (pass, sizeof(pass), "Enter Encryption Password:", 1)) { + if (EVP_read_pw_string(pass, sizeof(pass), "Enter Encryption Password:", 1)) { X509_ALGOR_free(pbe); goto end; } @@ -355,7 +369,7 @@ if (outformat == FORMAT_PEM) { if (traditional) PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0, - NULL, passout); + NULL, passout); else PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); } else if (outformat == FORMAT_ASN1) { @@ -366,7 +380,7 @@ } ret = 0; - end: +end: X509_SIG_free(p8); PKCS8_PRIV_KEY_INFO_free(p8inf); EVP_PKEY_free(pkey); --- crypto/openssl/apps/pkey.c.orig +++ crypto/openssl/apps/pkey.c @@ -19,50 +19,64 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, - OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB, - OPT_TEXT, OPT_NOOUT, OPT_CIPHER, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK, - OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM, + OPT_INFORM, + OPT_OUTFORM, + OPT_PASSIN, + OPT_PASSOUT, + OPT_ENGINE, + OPT_IN, + OPT_OUT, + OPT_PUBIN, + OPT_PUBOUT, + OPT_TEXT_PUB, + OPT_TEXT, + OPT_NOOUT, + OPT_CIPHER, + OPT_TRADITIONAL, + OPT_CHECK, + OPT_PUB_CHECK, + OPT_EC_PARAM_ENC, + OPT_EC_CONV_FORM, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS pkey_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_PROV_OPTIONS, - {"check", OPT_CHECK, '-', "Check key consistency"}, - {"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"}, + { "check", OPT_CHECK, '-', "Check key consistency" }, + { "pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency" }, OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input key"}, - {"inform", OPT_INFORM, 'f', - "Key input format (ENGINE, other values ignored)"}, - {"passin", OPT_PASSIN, 's', "Key input pass phrase source"}, - {"pubin", OPT_PUBIN, '-', - "Read only public components from key input"}, + { "in", OPT_IN, 's', "Input key" }, + { "inform", OPT_INFORM, 'f', + "Key input format (ENGINE, other values ignored)" }, + { "passin", OPT_PASSIN, 's', "Key input pass phrase source" }, + { "pubin", OPT_PUBIN, '-', + "Read only public components from key input" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file for encoded and/or text output"}, - {"outform", OPT_OUTFORM, 'F', "Output encoding format (DER or PEM)"}, - {"", OPT_CIPHER, '-', "Any supported cipher to be used for encryption"}, - {"passout", OPT_PASSOUT, 's', "Output PEM file pass phrase source"}, - {"traditional", OPT_TRADITIONAL, '-', - "Use traditional format for private key PEM output"}, - {"pubout", OPT_PUBOUT, '-', "Restrict encoded output to public components"}, - {"noout", OPT_NOOUT, '-', "Do not output the key in encoded form"}, - {"text", OPT_TEXT, '-', "Output key components in plaintext"}, - {"text_pub", OPT_TEXT_PUB, '-', - "Output only public key components in text form"}, - {"ec_conv_form", OPT_EC_CONV_FORM, 's', - "Specifies the EC point conversion form in the encoding"}, - {"ec_param_enc", OPT_EC_PARAM_ENC, 's', - "Specifies the way the EC parameters are encoded"}, + { "out", OPT_OUT, '>', "Output file for encoded and/or text output" }, + { "outform", OPT_OUTFORM, 'F', "Output encoding format (DER or PEM)" }, + { "", OPT_CIPHER, '-', "Any supported cipher to be used for encryption" }, + { "passout", OPT_PASSOUT, 's', "Output PEM file pass phrase source" }, + { "traditional", OPT_TRADITIONAL, '-', + "Use traditional format for private key PEM output" }, + { "pubout", OPT_PUBOUT, '-', "Restrict encoded output to public components" }, + { "noout", OPT_NOOUT, '-', "Do not output the key in encoded form" }, + { "text", OPT_TEXT, '-', "Output key components in plaintext" }, + { "text_pub", OPT_TEXT_PUB, '-', + "Output only public key components in text form" }, + { "ec_conv_form", OPT_EC_CONV_FORM, 's', + "Specifies the EC point conversion form in the encoding" }, + { "ec_param_enc", OPT_EC_PARAM_ENC, 's', + "Specifies the way the EC parameters are encoded" }, - {NULL} + { NULL } }; int pkey_main(int argc, char **argv) @@ -88,7 +102,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -177,10 +191,10 @@ if (text && text_pub) BIO_printf(bio_err, - "Warning: The -text option is ignored with -text_pub\n"); + "Warning: The -text option is ignored with -text_pub\n"); if (traditional && (noout || outformat != FORMAT_PEM)) BIO_printf(bio_err, - "Warning: The -traditional is ignored since there is no PEM output\n"); + "Warning: The -traditional is ignored since there is no PEM output\n"); /* -pubout and -text is the same as -text_pub */ if (!text_pub && pubout && text) { @@ -197,11 +211,11 @@ if (cipher == NULL) { if (passoutarg != NULL) BIO_printf(bio_err, - "Warning: The -passout option is ignored without a cipher option\n"); + "Warning: The -passout option is ignored without a cipher option\n"); } else { if (noout || outformat != FORMAT_PEM) { BIO_printf(bio_err, - "Error: Cipher options are supported only for PEM output\n"); + "Error: Cipher options are supported only for PEM output\n"); goto end; } } @@ -230,11 +244,11 @@ if (asn1_encoding != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, - asn1_encoding, 0); + asn1_encoding, 0); if (point_format != NULL) *p++ = OSSL_PARAM_construct_utf8_string( - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - point_format, 0); + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + point_format, 0); *p = OSSL_PARAM_construct_end(); if (EVP_PKEY_set_params(pkey, params) <= 0) goto end; @@ -277,19 +291,19 @@ assert(private); if (traditional) { if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher, - NULL, 0, NULL, - passout)) + NULL, 0, NULL, + passout)) goto end; } else { if (!PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout)) + NULL, 0, NULL, passout)) goto end; } } } else if (outformat == FORMAT_ASN1) { if (text || text_pub) { BIO_printf(bio_err, - "Error: Text output cannot be combined with DER output\n"); + "Error: Text output cannot be combined with DER output\n"); goto end; } if (pubout) { @@ -317,7 +331,7 @@ ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); EVP_PKEY_CTX_free(ctx); --- crypto/openssl/apps/pkeyparam.c.orig +++ crypto/openssl/apps/pkeyparam.c @@ -18,29 +18,33 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, - OPT_ENGINE, OPT_CHECK, + OPT_IN, + OPT_OUT, + OPT_TEXT, + OPT_NOOUT, + OPT_ENGINE, + OPT_CHECK, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS pkeyparam_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - {"check", OPT_CHECK, '-', "Check key param consistency"}, + { "check", OPT_CHECK, '-', "Check key param consistency" }, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, + { "in", OPT_IN, '<', "Input file" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"text", OPT_TEXT, '-', "Print parameters as text"}, - {"noout", OPT_NOOUT, '-', "Don't output encoded parameters"}, + { "out", OPT_OUT, '>', "Output file" }, + { "text", OPT_TEXT, '-', "Print parameters as text" }, + { "noout", OPT_NOOUT, '-', "Don't output encoded parameters" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int pkeyparam_main(int argc, char **argv) @@ -58,7 +62,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -102,7 +106,7 @@ if (out == NULL) goto end; pkey = PEM_read_bio_Parameters_ex(in, NULL, app_get0_libctx(), - app_get0_propq()); + app_get0_propq()); if (pkey == NULL) { BIO_printf(bio_err, "Error reading parameters\n"); ERR_print_errors(bio_err); @@ -112,7 +116,7 @@ if (check) { if (e == NULL) ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, - app_get0_propq()); + app_get0_propq()); else ctx = EVP_PKEY_CTX_new(pkey, e); if (ctx == NULL) { @@ -143,7 +147,7 @@ ret = EXIT_SUCCESS; - end: +end: EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); release_engine(e); --- crypto/openssl/apps/pkeyutl.c.orig +++ crypto/openssl/apps/pkeyutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,90 +15,112 @@ #include #include -#define KEY_NONE 0 -#define KEY_PRIVKEY 1 -#define KEY_PUBKEY 2 -#define KEY_CERT 3 +#define KEY_NONE 0 +#define KEY_PRIVKEY 1 +#define KEY_PUBKEY 2 +#define KEY_CERT 3 static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - const char *keyfile, int keyform, int key_type, - char *passinarg, int pkey_op, ENGINE *e, - const int impl, int rawin, EVP_PKEY **ppkey, - EVP_MD_CTX *mctx, const char *digestname, - OSSL_LIB_CTX *libctx, const char *propq); + const char *keyfile, int keyform, int key_type, + char *passinarg, int pkey_op, ENGINE *e, + const int impl, int rawin, EVP_PKEY **ppkey, + EVP_MD_CTX *mctx, const char *digestname, + OSSL_LIB_CTX *libctx, const char *propq); static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, - ENGINE *e); + ENGINE *e); static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, - const unsigned char *in, size_t inlen); + unsigned char *out, size_t *poutlen, + const unsigned char *in, size_t inlen); static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - EVP_PKEY *pkey, BIO *in, - int filesize, unsigned char *sig, int siglen, - unsigned char **out, size_t *poutlen); + EVP_PKEY *pkey, BIO *in, + int filesize, unsigned char *sig, int siglen, + unsigned char **out, size_t *poutlen); typedef enum OPTION_choice { OPT_COMMON, - OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT, - OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN, - OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, - OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, - OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF, - OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM, + OPT_ENGINE, + OPT_ENGINE_IMPL, + OPT_IN, + OPT_OUT, + OPT_PUBIN, + OPT_CERTIN, + OPT_ASN1PARSE, + OPT_HEXDUMP, + OPT_SIGN, + OPT_VERIFY, + OPT_VERIFYRECOVER, + OPT_REV, + OPT_ENCRYPT, + OPT_DECRYPT, + OPT_DERIVE, + OPT_SIGFILE, + OPT_INKEY, + OPT_PEERKEY, + OPT_PASSIN, + OPT_PEERFORM, + OPT_KEYFORM, + OPT_PKEYOPT, + OPT_PKEYOPT_PASSIN, + OPT_KDF, + OPT_KDFLEN, + OPT_R_ENUM, + OPT_PROV_ENUM, OPT_CONFIG, - OPT_RAWIN, OPT_DIGEST + OPT_RAWIN, + OPT_DIGEST } OPTION_CHOICE; const OPTIONS pkeyutl_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"engine_impl", OPT_ENGINE_IMPL, '-', - "Also use engine given by -engine for crypto operations"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, + { "engine_impl", OPT_ENGINE_IMPL, '-', + "Also use engine given by -engine for crypto operations" }, #endif - {"sign", OPT_SIGN, '-', "Sign input data with private key"}, - {"verify", OPT_VERIFY, '-', "Verify with public key"}, - {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, - {"derive", OPT_DERIVE, '-', "Derive shared secret"}, + { "sign", OPT_SIGN, '-', "Sign input data with private key" }, + { "verify", OPT_VERIFY, '-', "Verify with public key" }, + { "encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key" }, + { "decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key" }, + { "derive", OPT_DERIVE, '-', "Derive shared secret" }, OPT_CONFIG_OPTION, OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file - default stdin"}, - {"rawin", OPT_RAWIN, '-', "Indicate the input data is in raw form"}, - {"pubin", OPT_PUBIN, '-', "Input is a public key"}, - {"inkey", OPT_INKEY, 's', "Input private key file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"}, - {"peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12/ENGINE)"}, - {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"}, - {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, - {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, + { "in", OPT_IN, '<', "Input file - default stdin" }, + { "rawin", OPT_RAWIN, '-', "Indicate the input data is in raw form" }, + { "pubin", OPT_PUBIN, '-', "Input is a public key" }, + { "inkey", OPT_INKEY, 's', "Input private key file" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation" }, + { "peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12/ENGINE)" }, + { "certin", OPT_CERTIN, '-', "Input is a cert with a public key" }, + { "rev", OPT_REV, '-', "Reverse the order of the input buffer" }, + { "sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)" }, + { "keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"asn1parse", OPT_ASN1PARSE, '-', - "parse the output as ASN.1 data to check its DER encoding and print errors"}, - {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, - {"verifyrecover", OPT_VERIFYRECOVER, '-', - "Verify RSA signature, recovering original signature input data"}, + { "out", OPT_OUT, '>', "Output file - default stdout" }, + { "asn1parse", OPT_ASN1PARSE, '-', + "parse the output as ASN.1 data to check its DER encoding and print errors" }, + { "hexdump", OPT_HEXDUMP, '-', "Hex dump output" }, + { "verifyrecover", OPT_VERIFYRECOVER, '-', + "Verify RSA signature, recovering original signature input data" }, OPT_SECTION("Signing/Derivation"), - {"digest", OPT_DIGEST, 's', - "Specify the digest algorithm when signing the raw input data"}, - {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, - {"pkeyopt_passin", OPT_PKEYOPT_PASSIN, 's', - "Public key option that is read as a passphrase argument opt:passphrase"}, - {"kdf", OPT_KDF, 's', "Use KDF algorithm"}, - {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"}, + { "digest", OPT_DIGEST, 's', + "Specify the digest algorithm when signing the raw input data" }, + { "pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value" }, + { "pkeyopt_passin", OPT_PKEYOPT_PASSIN, 's', + "Public key option that is read as a passphrase argument opt:passphrase" }, + { "kdf", OPT_KDF, 's', "Use KDF algorithm" }, + { "kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int pkeyutl_main(int argc, char **argv) @@ -135,7 +157,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -229,17 +251,13 @@ rev = 1; break; case OPT_PKEYOPT: - if ((pkeyopts == NULL && - (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) || - sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) { + if ((pkeyopts == NULL && (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) || sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) { BIO_puts(bio_err, "out of memory\n"); goto end; } break; case OPT_PKEYOPT_PASSIN: - if ((pkeyopts_passin == NULL && - (pkeyopts_passin = sk_OPENSSL_STRING_new_null()) == NULL) || - sk_OPENSSL_STRING_push(pkeyopts_passin, opt_arg()) == 0) { + if ((pkeyopts_passin == NULL && (pkeyopts_passin = sk_OPENSSL_STRING_new_null()) == NULL) || sk_OPENSSL_STRING_push(pkeyopts_passin, opt_arg()) == 0) { BIO_puts(bio_err, "out of memory\n"); goto end; } @@ -263,37 +281,37 @@ if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) { BIO_printf(bio_err, - "%s: -rawin can only be used with -sign or -verify\n", - prog); + "%s: -rawin can only be used with -sign or -verify\n", + prog); goto opthelp; } if (digestname != NULL && !rawin) { BIO_printf(bio_err, - "%s: -digest can only be used with -rawin\n", - prog); + "%s: -digest can only be used with -rawin\n", + prog); goto opthelp; } if (rawin && rev) { BIO_printf(bio_err, "%s: -rev cannot be used with raw input\n", - prog); + prog); goto opthelp; } if (kdfalg != NULL) { if (kdflen == 0) { BIO_printf(bio_err, - "%s: no KDF length given (-kdflen parameter).\n", prog); + "%s: no KDF length given (-kdflen parameter).\n", prog); goto opthelp; } } else if (inkey == NULL) { BIO_printf(bio_err, - "%s: no private key given (-inkey parameter).\n", prog); + "%s: no private key given (-inkey parameter).\n", prog); goto opthelp; } else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) { BIO_printf(bio_err, - "%s: no peer key given (-peerkey parameter).\n", prog); + "%s: no peer key given (-peerkey parameter).\n", prog); goto opthelp; } @@ -304,8 +322,8 @@ } } ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, - passinarg, pkey_op, e, engine_impl, rawin, &pkey, - mctx, digestname, libctx, app_get0_propq()); + passinarg, pkey_op, e, engine_impl, rawin, &pkey, + mctx, digestname, libctx, app_get0_propq()); if (ctx == NULL) { BIO_printf(bio_err, "%s: Error initializing context\n", prog); goto end; @@ -323,7 +341,7 @@ if (pkey_ctrl_string(ctx, opt) <= 0) { BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n", - prog, opt); + prog, opt); goto end; } } @@ -344,7 +362,7 @@ BIO_snprintf(passwd_buf, sizeof(passwd_buf), "Enter %s: ", opt); r = EVP_read_pw_string(passwd_buf, sizeof(passwd_buf) - 1, - passwd_buf, 0); + passwd_buf, 0); if (r < 0) { if (r == -2) BIO_puts(bio_err, "user abort\n"); @@ -370,7 +388,8 @@ if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) { BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n", - prog, opt); + prog, opt); + OPENSSL_free(passwd); goto end; } OPENSSL_free(passwd); @@ -379,13 +398,13 @@ if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, - "%s: Signature file specified for non verify\n", prog); + "%s: Signature file specified for non verify\n", prog); goto end; } if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, - "%s: No signature file specified for verify\n", prog); + "%s: No signature file specified for verify\n", prog); goto end; } @@ -441,21 +460,21 @@ /* Sanity check the input if the input is not raw */ if (!rawin - && buf_inlen > EVP_MAX_MD_SIZE - && (pkey_op == EVP_PKEY_OP_SIGN - || pkey_op == EVP_PKEY_OP_VERIFY)) { + && buf_inlen > EVP_MAX_MD_SIZE + && (pkey_op == EVP_PKEY_OP_SIGN + || pkey_op == EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, - "Error: The input data looks too long to be a hash\n"); + "Error: The input data looks too long to be a hash\n"); goto end; } if (pkey_op == EVP_PKEY_OP_VERIFY) { if (rawin) { rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen, - NULL, 0); + NULL, 0); } else { rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, - buf_in, (size_t)buf_inlen); + buf_in, (size_t)buf_inlen); } if (rv == 1) { BIO_puts(out, "Signature Verified Successfully\n"); @@ -468,20 +487,20 @@ if (rawin) { /* rawin allocates the buffer in do_raw_keyop() */ rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0, - &buf_out, (size_t *)&buf_outlen); + &buf_out, (size_t *)&buf_outlen); } else { if (kdflen != 0) { buf_outlen = kdflen; rv = 1; } else { rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); + buf_in, (size_t)buf_inlen); } if (rv > 0 && buf_outlen != 0) { buf_out = app_malloc(buf_outlen, "buffer output"); rv = do_keyop(ctx, pkey_op, - buf_out, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); + buf_out, (size_t *)&buf_outlen, + buf_in, (size_t)buf_inlen); } } if (rv <= 0) { @@ -503,7 +522,7 @@ BIO_write(out, buf_out, buf_outlen); } - end: +end: if (ret != 0) ERR_print_errors(bio_err); EVP_MD_CTX_free(mctx); @@ -522,11 +541,11 @@ } static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - const char *keyfile, int keyform, int key_type, - char *passinarg, int pkey_op, ENGINE *e, - const int engine_impl, int rawin, - EVP_PKEY **ppkey, EVP_MD_CTX *mctx, const char *digestname, - OSSL_LIB_CTX *libctx, const char *propq) + const char *keyfile, int keyform, int key_type, + char *passinarg, int pkey_op, ENGINE *e, + const int engine_impl, int rawin, + EVP_PKEY **ppkey, EVP_MD_CTX *mctx, const char *digestname, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; @@ -536,7 +555,7 @@ X509 *x; if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) - || (pkey_op == EVP_PKEY_OP_DERIVE)) + || (pkey_op == EVP_PKEY_OP_DERIVE)) && (key_type != KEY_PRIVKEY && kdfalg == NULL)) { BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; @@ -564,7 +583,6 @@ case KEY_NONE: break; - } #ifndef OPENSSL_NO_ENGINE @@ -579,7 +597,7 @@ kdfnid = OBJ_ln2nid(kdfalg); if (kdfnid == NID_undef) { BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n", - kdfalg); + kdfalg); goto end; } } @@ -610,12 +628,12 @@ switch (pkey_op) { case EVP_PKEY_OP_SIGN: rv = EVP_DigestSignInit_ex(mctx, NULL, digestname, libctx, propq, - pkey, NULL); + pkey, NULL); break; case EVP_PKEY_OP_VERIFY: rv = EVP_DigestVerifyInit_ex(mctx, NULL, digestname, libctx, propq, - pkey, NULL); + pkey, NULL); break; } @@ -652,14 +670,13 @@ ctx = NULL; } - end: +end: OPENSSL_free(passin); return ctx; - } static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, - ENGINE *e) + ENGINE *e) { EVP_PKEY *peer = NULL; ENGINE *engine = NULL; @@ -680,8 +697,8 @@ } static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, - const unsigned char *in, size_t inlen) + unsigned char *out, size_t *poutlen, + const unsigned char *in, size_t inlen) { int rv = 0; switch (pkey_op) { @@ -704,7 +721,6 @@ case EVP_PKEY_OP_DERIVE: rv = EVP_PKEY_derive(ctx, out, poutlen); break; - } return rv; } @@ -712,9 +728,9 @@ #define TBUF_MAXSIZE 2048 static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - EVP_PKEY *pkey, BIO *in, - int filesize, unsigned char *sig, int siglen, - unsigned char **out, size_t *poutlen) + EVP_PKEY *pkey, BIO *in, + int filesize, unsigned char *sig, int siglen, + unsigned char **out, size_t *poutlen) { int rv = 0; unsigned char tbuf[TBUF_MAXSIZE]; @@ -723,14 +739,14 @@ /* Some algorithms only support oneshot digests */ if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519 - || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) { + || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) { if (filesize < 0) { BIO_printf(bio_err, - "Error: unable to determine file size for oneshot operation\n"); + "Error: unable to determine file size for oneshot operation\n"); goto end; } mbuf = app_malloc(filesize, "oneshot sign/verify buffer"); - switch(pkey_op) { + switch (pkey_op) { case EVP_PKEY_OP_VERIFY: buf_len = BIO_read(in, mbuf, filesize); if (buf_len != filesize) { @@ -755,7 +771,7 @@ goto end; } - switch(pkey_op) { + switch (pkey_op) { case EVP_PKEY_OP_VERIFY: for (;;) { buf_len = BIO_read(in, tbuf, TBUF_MAXSIZE); @@ -796,7 +812,7 @@ break; } - end: +end: OPENSSL_free(mbuf); return rv; } --- crypto/openssl/apps/prime.c.orig +++ crypto/openssl/apps/prime.c @@ -15,29 +15,33 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS, + OPT_HEX, + OPT_GENERATE, + OPT_BITS, + OPT_SAFE, + OPT_CHECKS, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS prime_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"bits", OPT_BITS, 'p', "Size of number in bits"}, - {"checks", OPT_CHECKS, 'p', "Number of checks"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "bits", OPT_BITS, 'p', "Size of number in bits" }, + { "checks", OPT_CHECKS, 'p', "Number of checks" }, OPT_SECTION("Output"), - {"hex", OPT_HEX, '-', "Hex output"}, - {"generate", OPT_GENERATE, '-', "Generate a prime"}, - {"safe", OPT_SAFE, '-', - "When used with -generate, generate a safe prime"}, + { "hex", OPT_HEX, '-', "Hex output" }, + { "generate", OPT_GENERATE, '-', "Generate a prime" }, + { "safe", OPT_SAFE, '-', + "When used with -generate, generate a safe prime" }, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"number", 0, 0, "Number(s) to check for primality if not generating"}, - {NULL} + { "number", 0, 0, "Number(s) to check for primality if not generating" }, + { NULL } }; int prime_main(int argc, char **argv) @@ -52,7 +56,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -116,7 +120,7 @@ BIO_printf(bio_out, "%s\n", s); OPENSSL_free(s); } else { - for ( ; *argv; argv++) { + for (; *argv; argv++) { int r; if (hex) @@ -131,14 +135,15 @@ BN_print(bio_out, bn); BIO_printf(bio_out, " (%s) %s prime\n", - argv[0], - BN_check_prime(bn, NULL, NULL) - ? "is" : "is not"); + argv[0], + BN_check_prime(bn, NULL, NULL) + ? "is" + : "is not"); } } ret = 0; - end: +end: BN_free(bn); return ret; } --- crypto/openssl/apps/progs.c.orig +++ crypto/openssl/apps/progs.c @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by apps/progs.pl * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy --- crypto/openssl/apps/progs.h.orig +++ crypto/openssl/apps/progs.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by apps/progs.pl * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy --- crypto/openssl/apps/progs.pl.orig +++ crypto/openssl/apps/progs.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,10 @@ unless ($opt eq '-H' || $opt eq '-C'); my %commands = (); -my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; +# I think it is best reconsidered in favour of just a table +# of commands instead of this fragile regex. There really are not that +# many commands. +my $cmdre = qr/^\s*(int\s+|)\s*([a-z_][a-z0-9_]*)_main\s*\(\s*int\s+argc\s*,/; my $apps_openssl = shift @ARGV; my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900; @@ -36,7 +39,7 @@ open F, $filename or die "Couldn't open $filename: $!\n"; foreach ( grep /$cmdre/, ) { my @foo = /$cmdre/; - $commands{$1} = 1; + $commands{$2} = 1; } close F; } @@ -104,7 +107,7 @@ # The format of this table is: # [0] = alternative command to use instead # [1] = deprecented in this version -# [2] = preprocessor conditional for exclusing irrespective of deprecation +# [2] = preprocessor conditional for excluding irrespective of deprecation # rsa => [ "pkey", "3_0", "rsa" ], # genrsa => [ "genpkey", "3_0", "rsa" ], rsautl => [ "pkeyutl", "3_0", "rsa" ], --- crypto/openssl/apps/rand.c.orig +++ crypto/openssl/apps/rand.c @@ -20,30 +20,34 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_OUT, + OPT_ENGINE, + OPT_BASE64, + OPT_HEX, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS rand_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] num\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] num\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"base64", OPT_BASE64, '-', "Base64 encode output"}, - {"hex", OPT_HEX, '-', "Hex encode output"}, + { "out", OPT_OUT, '>', "Output file" }, + { "base64", OPT_BASE64, '-', "Base64 encode output" }, + { "hex", OPT_HEX, '-', "Hex encode output" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"num", 0, 0, "Number of bytes to generate"}, - {NULL} + { "num", 0, 0, "Number of bytes to generate" }, + { NULL } }; int rand_main(int argc, char **argv) @@ -59,7 +63,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -140,7 +144,7 @@ ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); release_engine(e); --- crypto/openssl/apps/rehash.c.orig +++ crypto/openssl/apps/rehash.c @@ -11,15 +11,14 @@ #include "apps.h" #include "progs.h" -#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \ - (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000) -# include -# include -# include -# include -# include -# include -# include +#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000) +#include +#include +#include +#include +#include +#include +#include /* * Make sure that the processing of symbol names is treated the same as when @@ -27,32 +26,32 @@ * include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H), * but not for internal headers. */ -# ifdef __VMS -# pragma names save -# pragma names as_is,shortened -# endif +#ifdef __VMS +#pragma names save +#pragma names as_is, shortened +#endif -# include "internal/o_dir.h" +#include "internal/o_dir.h" -# ifdef __VMS -# pragma names restore -# endif +#ifdef __VMS +#pragma names restore +#endif -# include -# include -# include +#include +#include +#include -# ifndef PATH_MAX -# define PATH_MAX 4096 -# endif -# define MAX_COLLISIONS 256 +#ifndef PATH_MAX +#define PATH_MAX 4096 +#endif +#define MAX_COLLISIONS 256 -# if defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) /* * VxWorks has no symbolic links */ -# define lstat(path, buf) stat(path, buf) +#define lstat(path, buf) stat(path, buf) int symlink(const char *target, const char *linkpath) { @@ -65,7 +64,7 @@ errno = ENOSYS; return -1; } -# endif +#endif typedef struct hentry_st { struct hentry_st *next; @@ -85,14 +84,16 @@ enum Type { /* Keep in sync with |suffixes|, below. */ - TYPE_CERT=0, TYPE_CRL=1 + TYPE_CERT = 0, + TYPE_CRL = 1 }; enum Hash { - HASH_OLD, HASH_NEW, HASH_BOTH + HASH_OLD, + HASH_NEW, + HASH_BOTH }; - static int evpmdsize; static const EVP_MD *evpmd; static int remove_links = 1; @@ -102,7 +103,6 @@ static const char *suffixes[] = { "", "r" }; static const char *extensions[] = { "pem", "crt", "cer", "crl" }; - static void bit_set(unsigned char *set, unsigned int bit) { set[bit >> 3] |= 1 << (bit & 0x7); @@ -113,13 +113,12 @@ return set[bit >> 3] & (1 << (bit & 0x7)); } - /* * Process an entry; return number of errors. */ static int add_entry(enum Type type, unsigned int hash, const char *filename, - const unsigned char *digest, int need_symlink, - unsigned short old_id) + const unsigned char *digest, int need_symlink, + unsigned short old_id) { static BUCKET nilbucket; static HENTRY nilhentry; @@ -142,9 +141,9 @@ for (ep = bp->first_entry; ep; ep = ep->next) { if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) { BIO_printf(bio_err, - "%s: warning: skipping duplicate %s in %s\n", - opt_getprog(), - type == TYPE_CERT ? "certificate" : "CRL", filename); + "%s: warning: skipping duplicate %s in %s\n", + opt_getprog(), + type == TYPE_CERT ? "certificate" : "CRL", filename); return 0; } if (strcmp(filename, ep->filename) == 0) { @@ -157,8 +156,8 @@ if (ep == NULL) { if (bp->num_needed >= MAX_COLLISIONS) { BIO_printf(bio_err, - "%s: error: hash table overflow for %s\n", - opt_getprog(), filename); + "%s: error: hash table overflow for %s\n", + opt_getprog(), filename); return 1; } ep = app_malloc(sizeof(*ep), "collision bucket"); @@ -233,7 +232,7 @@ */ static int do_file(const char *filename, const char *fullpath, enum Hash h) { - STACK_OF (X509_INFO) *inf = NULL; + STACK_OF(X509_INFO) *inf = NULL; X509_INFO *x; const X509_NAME *name = NULL; BIO *b; @@ -255,7 +254,7 @@ /* Does it have X.509 data in it? */ if ((b = BIO_new_file(fullpath, "r")) == NULL) { BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n", - opt_getprog(), filename); + opt_getprog(), filename); errs++; goto end; } @@ -266,9 +265,9 @@ if (sk_X509_INFO_num(inf) != 1) { BIO_printf(bio_err, - "%s: warning: skipping %s," - "it does not contain exactly one certificate or CRL\n", - opt_getprog(), filename); + "%s: warning: skipping %s," + "it does not contain exactly one certificate or CRL\n", + opt_getprog(), filename); /* This is not an error. */ goto end; } @@ -296,21 +295,20 @@ if (name != NULL) { if (h == HASH_NEW || h == HASH_BOTH) { int ok; - unsigned long hash_value = - X509_NAME_hash_ex(name, - app_get0_libctx(), app_get0_propq(), &ok); + unsigned long hash_value = X509_NAME_hash_ex(name, + app_get0_libctx(), app_get0_propq(), &ok); if (ok) { errs += add_entry(type, hash_value, filename, digest, 1, ~0); } else { BIO_printf(bio_err, "%s: error calculating SHA1 hash value\n", - opt_getprog()); + opt_getprog()); errs++; } } if ((h == HASH_OLD) || (h == HASH_BOTH)) errs += add_entry(type, X509_NAME_hash_old(name), - filename, digest, 1, ~0); + filename, digest, 1, ~0); } end: @@ -327,17 +325,17 @@ { if (*path != '\0') path += strlen(path) - 1; -# if defined __VMS +#if defined __VMS if (*path == ']' || *path == '>' || *path == ':') return 1; -# elif defined _WIN32 +#elif defined _WIN32 if (*path == '\\') return 1; -# endif +#endif return *path == '/'; } -static int sk_strcmp(const char * const *a, const char * const *b) +static int sk_strcmp(const char *const *a, const char *const *b) { return strcmp(*a, *b); } @@ -381,7 +379,7 @@ size_t fname_len = strlen(filename); if ((copy = OPENSSL_strdup(filename)) == NULL - || sk_OPENSSL_STRING_push(files, copy) == 0) { + || sk_OPENSSL_STRING_push(files, copy) == 0) { OPENSSL_free(copy); OPENSSL_DIR_end(&d); BIO_puts(bio_err, "out of memory\n"); @@ -401,7 +399,8 @@ for (n = 0; n < numfiles; ++n) { filename = sk_OPENSSL_STRING_value(files, n); if (BIO_snprintf(buf, buflen, "%s%s%s", - dirname, pathsep, filename) >= buflen) + dirname, pathsep, filename) + >= buflen) continue; if (lstat(buf, &st) < 0) continue; @@ -424,47 +423,47 @@ if (ep->old_id < bp->num_needed) { /* Link exists, and is used as-is */ BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash, - suffixes[bp->type], ep->old_id); + suffixes[bp->type], ep->old_id); if (verbose) BIO_printf(bio_out, "link %s -> %s\n", - ep->filename, buf); + ep->filename, buf); } else if (ep->need_symlink) { /* New link needed (it may replace something) */ while (bit_isset(idmask, nextid)) nextid++; BIO_snprintf(buf, buflen, "%s%s%08x.%s%d", - dirname, pathsep, bp->hash, - suffixes[bp->type], nextid); + dirname, pathsep, bp->hash, + suffixes[bp->type], nextid); if (verbose) BIO_printf(bio_out, "link %s -> %s\n", - ep->filename, &buf[dirlen]); + ep->filename, &buf[dirlen]); if (unlink(buf) < 0 && errno != ENOENT) { BIO_printf(bio_err, - "%s: Can't unlink %s, %s\n", - opt_getprog(), buf, strerror(errno)); + "%s: Can't unlink %s, %s\n", + opt_getprog(), buf, strerror(errno)); errs++; } if (symlink(ep->filename, buf) < 0) { BIO_printf(bio_err, - "%s: Can't symlink %s, %s\n", - opt_getprog(), ep->filename, - strerror(errno)); + "%s: Can't symlink %s, %s\n", + opt_getprog(), ep->filename, + strerror(errno)); errs++; } bit_set(idmask, nextid); } else if (remove_links) { /* Link to be deleted */ BIO_snprintf(buf, buflen, "%s%s%08x.%s%d", - dirname, pathsep, bp->hash, - suffixes[bp->type], ep->old_id); + dirname, pathsep, bp->hash, + suffixes[bp->type], ep->old_id); if (verbose) BIO_printf(bio_out, "unlink %s\n", - &buf[dirlen]); + &buf[dirlen]); if (unlink(buf) < 0 && errno != ENOENT) { BIO_printf(bio_err, - "%s: Can't unlink %s, %s\n", - opt_getprog(), buf, strerror(errno)); + "%s: Can't unlink %s, %s\n", + opt_getprog(), buf, strerror(errno)); errs++; } } @@ -476,7 +475,7 @@ hash_table[i] = NULL; } - err: +err: sk_OPENSSL_STRING_pop_free(files, str_free); OPENSSL_free(buf); return errs; @@ -484,31 +483,33 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE, + OPT_COMPAT, + OPT_OLD, + OPT_N, + OPT_VERBOSE, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS rehash_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [directory...]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [directory...]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"h", OPT_HELP, '-', "Display this summary"}, - {"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"}, - {"old", OPT_OLD, '-', "Use old-style hash to generate links"}, - {"n", OPT_N, '-', "Do not remove existing links"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "h", OPT_HELP, '-', "Display this summary" }, + { "compat", OPT_COMPAT, '-', "Create both new- and old-style hash links" }, + { "old", OPT_OLD, '-', "Use old-style hash to generate links" }, + { "n", OPT_N, '-', "Do not remove existing links" }, OPT_SECTION("Output"), - {"v", OPT_VERBOSE, '-', "Verbose output"}, + { "v", OPT_VERBOSE, '-', "Verbose output" }, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"directory", 0, 0, "One or more directories to process (optional)"}, - {NULL} + { "directory", 0, 0, "One or more directories to process (optional)" }, + { NULL } }; - int rehash_main(int argc, char **argv) { const char *env, *prog; @@ -571,13 +572,13 @@ errs += do_dir(X509_get_default_cert_dir(), h); } - end: +end: return errs; } #else const OPTIONS rehash_options[] = { - {NULL} + { NULL } }; int rehash_main(int argc, char **argv) --- crypto/openssl/apps/req.c.orig +++ crypto/openssl/apps/req.c @@ -28,51 +28,51 @@ #include #include #ifndef OPENSSL_NO_DSA -# include +#include #endif -#define BITS "default_bits" -#define KEYFILE "default_keyfile" -#define PROMPT "prompt" +#define BITS "default_bits" +#define KEYFILE "default_keyfile" +#define PROMPT "prompt" #define DISTINGUISHED_NAME "distinguished_name" -#define ATTRIBUTES "attributes" -#define V3_EXTENSIONS "x509_extensions" -#define REQ_EXTENSIONS "req_extensions" -#define STRING_MASK "string_mask" -#define UTF8_IN "utf8" +#define ATTRIBUTES "attributes" +#define V3_EXTENSIONS "x509_extensions" +#define REQ_EXTENSIONS "req_extensions" +#define STRING_MASK "string_mask" +#define UTF8_IN "utf8" #define DEFAULT_KEY_LENGTH 2048 -#define MIN_KEY_LENGTH 512 -#define DEFAULT_DAYS 30 /* default cert validity period in days */ -#define UNSET_DAYS -2 /* -1 may be used for testing expiration checks */ -#define EXT_COPY_UNSET -1 +#define MIN_KEY_LENGTH 512 +#define DEFAULT_DAYS 30 /* default cert validity period in days */ +#define UNSET_DAYS -2 /* -1 may be used for testing expiration checks */ +#define EXT_COPY_UNSET -1 static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj, - int mutlirdn, int attribs, unsigned long chtype); + int mutlirdn, int attribs, unsigned long chtype); static int prompt_info(X509_REQ *req, - STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect, - int attribs, unsigned long chtype); + STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect, + STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect, + int attribs, unsigned long chtype); static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, - STACK_OF(CONF_VALUE) *attr, int attribs, - unsigned long chtype); + STACK_OF(CONF_VALUE) *attr, int attribs, + unsigned long chtype); static int add_attribute_object(X509_REQ *req, char *text, const char *def, - char *value, int nid, int n_min, int n_max, - unsigned long chtype); + char *value, int nid, int n_min, int n_max, + unsigned long chtype); static int add_DN_object(X509_NAME *n, char *text, const char *def, - char *value, int nid, int n_min, int n_max, - unsigned long chtype, int mval); + char *value, int nid, int n_min, int n_max, + unsigned long chtype, int mval); static int genpkey_cb(EVP_PKEY_CTX *ctx); static int build_data(char *text, const char *def, char *value, - int n_min, int n_max, char *buf, const int buf_size, - const char *desc1, const char *desc2); + int n_min, int n_max, char *buf, const int buf_size, + const char *desc1, const char *desc2); static int req_check_len(int len, int n_min, int n_max); static int check_end(const char *str, const char *end); static int join(char buf[], size_t buf_size, const char *name, - const char *tail, const char *desc); + const char *tail, const char *desc); static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, - char **pkeytype, long *pkeylen, - ENGINE *keygen_engine); + char **pkeytype, long *pkeylen, + ENGINE *keygen_engine); static const char *section = "req"; static CONF *req_conf = NULL; @@ -81,93 +81,128 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY, - OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT, - OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY, - OPT_PKEYOPT, OPT_SIGOPT, OPT_VFYOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS, - OPT_VERIFY, OPT_NOENC, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8, - OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509, - OPT_CA, OPT_CAKEY, - OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, - OPT_COPY_EXTENSIONS, OPT_ADDEXT, OPT_EXTENSIONS, - OPT_REQEXTS, OPT_PRECERT, OPT_MD, + OPT_INFORM, + OPT_OUTFORM, + OPT_ENGINE, + OPT_KEYGEN_ENGINE, + OPT_KEY, + OPT_PUBKEY, + OPT_NEW, + OPT_CONFIG, + OPT_KEYFORM, + OPT_IN, + OPT_OUT, + OPT_KEYOUT, + OPT_PASSIN, + OPT_PASSOUT, + OPT_NEWKEY, + OPT_PKEYOPT, + OPT_SIGOPT, + OPT_VFYOPT, + OPT_BATCH, + OPT_NEWHDR, + OPT_MODULUS, + OPT_VERIFY, + OPT_NOENC, + OPT_NODES, + OPT_NOOUT, + OPT_VERBOSE, + OPT_UTF8, + OPT_NAMEOPT, + OPT_REQOPT, + OPT_SUBJ, + OPT_SUBJECT, + OPT_TEXT, + OPT_X509, + OPT_CA, + OPT_CAKEY, + OPT_MULTIVALUE_RDN, + OPT_DAYS, + OPT_SET_SERIAL, + OPT_COPY_EXTENSIONS, + OPT_ADDEXT, + OPT_EXTENSIONS, + OPT_REQEXTS, + OPT_PRECERT, + OPT_MD, OPT_SECTION, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS req_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"keygen_engine", OPT_KEYGEN_ENGINE, 's', - "Specify engine to be used for key generation operations"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, + { "keygen_engine", OPT_KEYGEN_ENGINE, 's', + "Specify engine to be used for key generation operations" }, #endif - {"in", OPT_IN, '<', "X.509 request input file (default stdin)"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, - {"verify", OPT_VERIFY, '-', "Verify self-signature on the request"}, + { "in", OPT_IN, '<', "X.509 request input file (default stdin)" }, + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, + { "verify", OPT_VERIFY, '-', "Verify self-signature on the request" }, OPT_SECTION("Certificate"), - {"new", OPT_NEW, '-', "New request"}, - {"config", OPT_CONFIG, '<', "Request template file"}, - {"section", OPT_SECTION, 's', "Config section to use (default \"req\")"}, - {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"}, - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"reqopt", OPT_REQOPT, 's', "Various request text options"}, - {"text", OPT_TEXT, '-', "Text form of request"}, - {"x509", OPT_X509, '-', - "Output an X.509 certificate structure instead of a cert request"}, - {"CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509"}, - {"CAkey", OPT_CAKEY, 's', - "Issuer private key to use with -CA; default is -CA arg"}, - {OPT_MORE_STR, 1, 1, "(Required by some CA's)"}, - {"subj", OPT_SUBJ, 's', "Set or modify subject of request or cert"}, - {"subject", OPT_SUBJECT, '-', - "Print the subject of the output request or cert"}, - {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', - "Deprecated; multi-valued RDNs support is always on."}, - {"days", OPT_DAYS, 'p', "Number of days cert is valid for"}, - {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, - {"copy_extensions", OPT_COPY_EXTENSIONS, 's', - "copy extensions from request when using -x509"}, - {"addext", OPT_ADDEXT, 's', - "Additional cert extension key=value pair (may be given more than once)"}, - {"extensions", OPT_EXTENSIONS, 's', - "Cert extension section (override value in config file)"}, - {"reqexts", OPT_REQEXTS, 's', - "Request extension section (override value in config file)"}, - {"precert", OPT_PRECERT, '-', - "Add a poison extension to the generated cert (implies -new)"}, + { "new", OPT_NEW, '-', "New request" }, + { "config", OPT_CONFIG, '<', "Request template file" }, + { "section", OPT_SECTION, 's', "Config section to use (default \"req\")" }, + { "utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)" }, + { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" }, + { "reqopt", OPT_REQOPT, 's', "Various request text options" }, + { "text", OPT_TEXT, '-', "Text form of request" }, + { "x509", OPT_X509, '-', + "Output an X.509 certificate structure instead of a cert request" }, + { "CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509" }, + { "CAkey", OPT_CAKEY, 's', + "Issuer private key to use with -CA; default is -CA arg" }, + { OPT_MORE_STR, 1, 1, "(Required by some CA's)" }, + { "subj", OPT_SUBJ, 's', "Set or modify subject of request or cert" }, + { "subject", OPT_SUBJECT, '-', + "Print the subject of the output request or cert" }, + { "multivalue-rdn", OPT_MULTIVALUE_RDN, '-', + "Deprecated; multi-valued RDNs support is always on." }, + { "days", OPT_DAYS, 'p', "Number of days cert is valid for" }, + { "set_serial", OPT_SET_SERIAL, 's', "Serial number to use" }, + { "copy_extensions", OPT_COPY_EXTENSIONS, 's', + "copy extensions from request when using -x509" }, + { "addext", OPT_ADDEXT, 's', + "Additional cert extension key=value pair (may be given more than once)" }, + { "extensions", OPT_EXTENSIONS, 's', + "Cert extension section (override value in config file)" }, + { "reqexts", OPT_REQEXTS, 's', + "Request extension section (override value in config file)" }, + { "precert", OPT_PRECERT, '-', + "Add a poison extension to the generated cert (implies -new)" }, OPT_SECTION("Keys and Signing"), - {"key", OPT_KEY, 's', "Key for signing, and to include unless -in given"}, - {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, - {"pubkey", OPT_PUBKEY, '-', "Output public key"}, - {"keyout", OPT_KEYOUT, '>', "File to write private key to"}, - {"passin", OPT_PASSIN, 's', "Private key and certificate password source"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"newkey", OPT_NEWKEY, 's', - "Generate new key with [:] or [:] or param:"}, - {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, - {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, - {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"}, - {"", OPT_MD, '-', "Any supported digest"}, + { "key", OPT_KEY, 's', "Key for signing, and to include unless -in given" }, + { "keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)" }, + { "pubkey", OPT_PUBKEY, '-', "Output public key" }, + { "keyout", OPT_KEYOUT, '>', "File to write private key to" }, + { "passin", OPT_PASSIN, 's', "Private key and certificate password source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "newkey", OPT_NEWKEY, 's', + "Generate new key with [:] or [:] or param:" }, + { "pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value" }, + { "sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form" }, + { "vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form" }, + { "", OPT_MD, '-', "Any supported digest" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - {"batch", OPT_BATCH, '-', - "Do not ask anything during request generation"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"}, - {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"}, - {"noout", OPT_NOOUT, '-', "Do not output REQ"}, - {"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"}, - {"modulus", OPT_MODULUS, '-', "RSA modulus"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, + { "batch", OPT_BATCH, '-', + "Do not ask anything during request generation" }, + { "verbose", OPT_VERBOSE, '-', "Verbose output" }, + { "noenc", OPT_NOENC, '-', "Don't encrypt private keys" }, + { "nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated" }, + { "noout", OPT_NOOUT, '-', "Do not output REQ" }, + { "newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines" }, + { "modulus", OPT_MODULUS, '-', "RSA modulus" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; /* @@ -274,7 +309,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -351,7 +386,7 @@ if (pkeyopts == NULL) pkeyopts = sk_OPENSSL_STRING_new_null(); if (pkeyopts == NULL - || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg())) + || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg())) goto opthelp; break; case OPT_SIGOPT: @@ -416,7 +451,7 @@ days = atoi(opt_arg()); if (days < -1) { BIO_printf(bio_err, "%s: -days parameter arg must be >= -1\n", - prog); + prog); goto end; } break; @@ -441,7 +476,7 @@ case OPT_COPY_EXTENSIONS: if (!set_ext_copy(&ext_copy, opt_arg())) { BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", - opt_arg()); + opt_arg()); goto end; } break; @@ -503,7 +538,7 @@ if (addext_bio != NULL) { if (verbose) BIO_printf(bio_err, - "Using additional configuration from -addext options\n"); + "Using additional configuration from -addext options\n"); if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL) goto end; } @@ -520,7 +555,7 @@ if (oid_bio == NULL) { if (verbose) BIO_printf(bio_err, - "Problems opening '%s' for extra OIDs\n", p); + "Problems opening '%s' for extra OIDs\n", p); } else { OBJ_create_objects(oid_bio); BIO_free(oid_bio); @@ -559,8 +594,8 @@ X509V3_set_nconf(&ctx, req_conf); if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, - "Error checking x509 extension section %s\n", - extensions); + "Error checking x509 extension section %s\n", + extensions); goto end; } } @@ -577,15 +612,13 @@ } if (passin == NULL) { - passin = nofree_passin = - NCONF_get_string(req_conf, section, "input_password"); + passin = nofree_passin = NCONF_get_string(req_conf, section, "input_password"); if (passin == NULL) ERR_clear_error(); } if (passout == NULL) { - passout = nofree_passout = - NCONF_get_string(req_conf, section, "output_password"); + passout = nofree_passout = NCONF_get_string(req_conf, section, "output_password"); if (passout == NULL) ERR_clear_error(); } @@ -620,8 +653,8 @@ X509V3_set_nconf(&ctx, req_conf); if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { BIO_printf(bio_err, - "Error checking request extension section %s\n", - req_exts); + "Error checking request extension section %s\n", + req_exts); goto end; } } @@ -649,7 +682,7 @@ || EVP_PKEY_CTX_is_a(genctx, "RSA-PSS") || EVP_PKEY_CTX_is_a(genctx, "DSA"))) { BIO_printf(bio_err, "Private key length too short, needs to be at least %d bits, not %ld.\n", - MIN_KEY_LENGTH, newkey_len); + MIN_KEY_LENGTH, newkey_len); goto end; } @@ -657,17 +690,17 @@ && (EVP_PKEY_CTX_is_a(genctx, "RSA") || EVP_PKEY_CTX_is_a(genctx, "RSA-PSS"))) BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for RSA keys.\n" - " Your key size is %ld! Larger key size may behave not as expected.\n", - OPENSSL_RSA_MAX_MODULUS_BITS, newkey_len); + "Warning: It is not recommended to use more than %d bit for RSA keys.\n" + " Your key size is %ld! Larger key size may behave not as expected.\n", + OPENSSL_RSA_MAX_MODULUS_BITS, newkey_len); #ifndef OPENSSL_NO_DSA if (EVP_PKEY_CTX_is_a(genctx, "DSA") - && newkey_len > OPENSSL_DSA_MAX_MODULUS_BITS) + && newkey_len > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for DSA keys.\n" - " Your key size is %ld! Larger key size may behave not as expected.\n", - OPENSSL_DSA_MAX_MODULUS_BITS, newkey_len); + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %ld! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, newkey_len); #endif if (pkeyopts != NULL) { @@ -705,7 +738,7 @@ else BIO_printf(bio_err, "'%s'\n", keyout); } - out = bio_open_owner(keyout, outformat, newreq); + out = bio_open_owner(keyout, outformat, 1); if (out == NULL) goto end; @@ -722,11 +755,10 @@ cipher = NULL; i = 0; - loop: + loop: if (!PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout)) { - if ((ERR_GET_REASON(ERR_peek_error()) == - PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) { + NULL, 0, NULL, passout)) { + if ((ERR_GET_REASON(ERR_peek_error()) == PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) { ERR_clear_error(); i++; goto loop; @@ -743,12 +775,12 @@ * where characters may be escaped by \ */ if (subj != NULL - && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL) + && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL) goto end; if (!newreq) { req = load_csr(infile /* if NULL, reads from stdin */, - informat, "X509 request"); + informat, "X509 request"); if (req == NULL) goto end; } @@ -758,30 +790,32 @@ if (CAkeyfile != NULL) { if (CAfile == NULL) { BIO_printf(bio_err, - "Warning: Ignoring -CAkey option since no -CA option is given\n"); + "Warning: Ignoring -CAkey option since no -CA option is given\n"); } else { if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF, - 0, passin, e, - CAkeyfile != CAfile - ? "issuer private key from -CAkey arg" - : "issuer private key from -CA arg")) == NULL) + 0, passin, e, + CAkeyfile != CAfile + ? "issuer private key from -CAkey arg" + : "issuer private key from -CA arg")) + == NULL) goto end; } } if (CAfile != NULL) { if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin, - "issuer cert from -CA arg")) == NULL) + "issuer cert from -CA arg")) + == NULL) goto end; if (!X509_check_private_key(CAcert, CAkey)) { BIO_printf(bio_err, - "Issuer CA certificate and key do not match\n"); + "Issuer CA certificate and key do not match\n"); goto end; } } if (newreq || gen_x509) { if (CAcert == NULL && pkey == NULL) { BIO_printf(bio_err, "Must provide a signature key using -key or" - " provide -CA / -CAkey\n"); + " provide -CA / -CAkey\n"); goto end; } @@ -791,7 +825,7 @@ goto end; } - if (!make_REQ(req, pkey, fsubj, multirdn, !gen_x509, chtype)){ + if (!make_REQ(req, pkey, fsubj, multirdn, !gen_x509, chtype)) { BIO_printf(bio_err, "Error making certificate request\n"); goto end; } @@ -801,13 +835,12 @@ EVP_PKEY *pub_key = X509_REQ_get0_pubkey(req); EVP_PKEY *issuer_key = CAcert != NULL ? CAkey : pkey; X509V3_CTX ext_ctx; - X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) : - X509_REQ_get_subject_name(req); - X509_NAME *n_subj = fsubj != NULL ? fsubj : - X509_REQ_get_subject_name(req); + X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) : X509_REQ_get_subject_name(req); + X509_NAME *n_subj = fsubj != NULL ? fsubj : X509_REQ_get_subject_name(req); if ((new_x509 = X509_new_ex(app_get0_libctx(), - app_get0_propq())) == NULL) + app_get0_propq())) + == NULL) goto end; if (serial != NULL) { @@ -839,7 +872,7 @@ /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509, - new_x509, NULL, NULL, X509V3_CTX_REPLACE); + new_x509, NULL, NULL, X509V3_CTX_REPLACE); /* prepare fallback for AKID, but only if issuer cert == new_x509 */ if (CAcert == NULL) { if (!X509V3_set_issuer_pkey(&ext_ctx, issuer_key)) @@ -847,22 +880,22 @@ ERR_set_mark(); if (!X509_check_private_key(new_x509, issuer_key)) BIO_printf(bio_err, - "Warning: Signature key and public key of cert do not match\n"); + "Warning: Signature key and public key of cert do not match\n"); ERR_pop_to_mark(); } X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ if (extensions != NULL - && !X509V3_EXT_add_nconf(req_conf, &ext_ctx, extensions, - new_x509)) { + && !X509V3_EXT_add_nconf(req_conf, &ext_ctx, extensions, + new_x509)) { BIO_printf(bio_err, "Error adding x509 extensions from section %s\n", - extensions); + extensions); goto end; } if (addext_conf != NULL && !X509V3_EXT_add_nconf(addext_conf, &ext_ctx, "default", - new_x509)) { + new_x509)) { BIO_printf(bio_err, "Error adding extensions defined via -addext\n"); goto end; } @@ -870,7 +903,8 @@ /* If a pre-cert was requested, we need to add a poison extension */ if (precert) { if (X509_add1_ext_i2d(new_x509, NID_ct_precert_poison, - NULL, 1, 0) != 1) { + NULL, 1, 0) + != 1) { BIO_printf(bio_err, "Error adding poison extension\n"); goto end; } @@ -889,14 +923,14 @@ /* Add extensions */ if (req_exts != NULL && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx, - req_exts, req)) { + req_exts, req)) { BIO_printf(bio_err, "Error adding request extensions from section %s\n", - req_exts); + req_exts); goto end; } if (addext_conf != NULL && !X509V3_EXT_REQ_add_nconf(addext_conf, &ext_ctx, "default", - req)) { + req)) { BIO_printf(bio_err, "Error adding extensions defined via -addext\n"); goto end; } @@ -947,9 +981,8 @@ } out = bio_open_default(outfile, - keyout != NULL && outfile != NULL && - strcmp(keyout, outfile) == 0 ? 'a' : 'w', - outformat); + keyout != NULL && outfile != NULL && strcmp(keyout, outfile) == 0 ? 'a' : 'w', + outformat); if (out == NULL) goto end; @@ -979,9 +1012,7 @@ } if (subject) { - print_name(out, "subject=", gen_x509 - ? X509_get_subject_name(new_x509) - : X509_REQ_get_subject_name(req)); + print_name(out, "subject=", gen_x509 ? X509_get_subject_name(new_x509) : X509_REQ_get_subject_name(req)); } if (modulus) { @@ -1032,7 +1063,7 @@ } } ret = 0; - end: +end: if (ret) { ERR_print_errors(bio_err); } @@ -1066,7 +1097,7 @@ } static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj, - int multirdn, int attribs, unsigned long chtype) + int multirdn, int attribs, unsigned long chtype) { int ret = 0, i; char no_prompt = 0; @@ -1111,7 +1142,7 @@ i = auto_info(req, dn_sk, attr_sk, attribs, chtype); else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, - chtype); + chtype); if (!i) goto err; @@ -1119,14 +1150,14 @@ goto err; ret = 1; - err: +err: return ret; } static int prompt_info(X509_REQ *req, - STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect, - int attribs, unsigned long chtype) + STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect, + STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect, + int attribs, unsigned long chtype) { int i; char *p, *q; @@ -1140,22 +1171,22 @@ if (!batch) { BIO_printf(bio_err, - "You are about to be asked to enter information that will be incorporated\n"); + "You are about to be asked to enter information that will be incorporated\n"); BIO_printf(bio_err, "into your certificate request.\n"); BIO_printf(bio_err, - "What you are about to enter is what is called a Distinguished Name or a DN.\n"); + "What you are about to enter is what is called a Distinguished Name or a DN.\n"); BIO_printf(bio_err, - "There are quite a few fields but you can leave some blank\n"); + "There are quite a few fields but you can leave some blank\n"); BIO_printf(bio_err, - "For some fields there will be a default value,\n"); + "For some fields there will be a default value,\n"); BIO_printf(bio_err, - "If you enter '.', the field will be left blank.\n"); + "If you enter '.', the field will be left blank.\n"); BIO_printf(bio_err, "-----\n"); } if (sk_CONF_VALUE_num(dn_sk)) { i = -1; - start: + start: for (;;) { i++; if (sk_CONF_VALUE_num(dn_sk) <= i) @@ -1164,8 +1195,7 @@ v = sk_CONF_VALUE_value(dn_sk, i); p = q = NULL; type = v->name; - if (!check_end(type, "_min") || !check_end(type, "_max") || - !check_end(type, "_default") || !check_end(type, "_value")) + if (!check_end(type, "_min") || !check_end(type, "_max") || !check_end(type, "_default") || !check_end(type, "_value")) continue; /* * Skip past any leading X. X: X, etc to allow for multiple @@ -1216,7 +1246,7 @@ } if (!add_DN_object(subj, v->value, def, value, nid, - n_min, n_max, chtype, mval)) + n_min, n_max, chtype, mval)) return 0; } if (X509_NAME_entry_count(subj) == 0) { @@ -1228,13 +1258,13 @@ if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch)) { BIO_printf(bio_err, - "\nPlease enter the following 'extra' attributes\n"); + "\nPlease enter the following 'extra' attributes\n"); BIO_printf(bio_err, - "to be sent with your certificate request\n"); + "to be sent with your certificate request\n"); } i = -1; - start2: + start2: for (;;) { i++; if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i)) @@ -1276,8 +1306,8 @@ } if (!add_attribute_object(req, - v->value, def, value, nid, n_min, - n_max, chtype)) + v->value, def, value, nid, n_min, + n_max, chtype)) return 0; } } @@ -1287,12 +1317,11 @@ } return 1; - } static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, - STACK_OF(CONF_VALUE) *attr_sk, int attribs, - unsigned long chtype) + STACK_OF(CONF_VALUE) *attr_sk, int attribs, + unsigned long chtype) { int i, spec_char, plus_char; char *p, *q; @@ -1315,7 +1344,7 @@ spec_char = (*p == ':' || *p == ',' || *p == '.'); #else spec_char = (*p == os_toascii[':'] || *p == os_toascii[','] - || *p == os_toascii['.']); + || *p == os_toascii['.']); #endif if (spec_char) { p++; @@ -1336,10 +1365,9 @@ mval = 0; } if (!X509_NAME_add_entry_by_txt(subj, type, chtype, - (unsigned char *)v->value, -1, -1, - mval)) + (unsigned char *)v->value, -1, -1, + mval)) return 0; - } if (!X509_NAME_entry_count(subj)) { @@ -1350,7 +1378,7 @@ for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) { v = sk_CONF_VALUE_value(attr_sk, i); if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype, - (unsigned char *)v->value, -1)) + (unsigned char *)v->value, -1)) return 0; } } @@ -1358,40 +1386,40 @@ } static int add_DN_object(X509_NAME *n, char *text, const char *def, - char *value, int nid, int n_min, int n_max, - unsigned long chtype, int mval) + char *value, int nid, int n_min, int n_max, + unsigned long chtype, int mval) { int ret = 0; char buf[1024]; ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf), - "DN value", "DN default"); + "DN value", "DN default"); if ((ret == 0) || (ret == 1)) return ret; ret = 1; if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - (unsigned char *)buf, -1, -1, mval)) + (unsigned char *)buf, -1, -1, mval)) ret = 0; return ret; } static int add_attribute_object(X509_REQ *req, char *text, const char *def, - char *value, int nid, int n_min, - int n_max, unsigned long chtype) + char *value, int nid, int n_min, + int n_max, unsigned long chtype) { int ret = 0; char buf[1024]; ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf), - "Attribute value", "Attribute default"); + "Attribute value", "Attribute default"); if ((ret == 0) || (ret == 1)) return ret; ret = 1; if (!X509_REQ_add1_attr_by_NID(req, nid, chtype, - (unsigned char *)buf, -1)) { + (unsigned char *)buf, -1)) { BIO_printf(bio_err, "Error adding attribute\n"); ret = 0; } @@ -1400,11 +1428,11 @@ } static int build_data(char *text, const char *def, char *value, - int n_min, int n_max, char *buf, const int buf_size, - const char *desc1, const char *desc2) + int n_min, int n_max, char *buf, const int buf_size, + const char *desc1, const char *desc2) { int i; - start: +start: if (!batch) BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); @@ -1455,12 +1483,12 @@ { if (n_min > 0 && len < n_min) { BIO_printf(bio_err, - "String too short, must be at least %d bytes long\n", n_min); + "String too short, must be at least %d bytes long\n", n_min); return 0; } if (n_max >= 0 && len > n_max) { BIO_printf(bio_err, - "String too long, must be at most %d bytes long\n", n_max); + "String too long, must be at most %d bytes long\n", n_max); return 0; } return 1; @@ -1485,7 +1513,7 @@ * overflow and producing an error message if there is. */ static int join(char buf[], size_t buf_size, const char *name, - const char *tail, const char *desc) + const char *tail, const char *desc) { const size_t name_len = strlen(name), tail_len = strlen(tail); @@ -1499,8 +1527,8 @@ } static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, - char **pkeytype, long *pkeylen, - ENGINE *keygen_engine) + char **pkeytype, long *pkeylen, + ENGINE *keygen_engine) { EVP_PKEY_CTX *gctx = NULL; EVP_PKEY *param = NULL; @@ -1536,8 +1564,8 @@ expect_paramfile = 1; if (p == NULL) { BIO_printf(bio_err, - "Parameter file requested but no path given: %s\n", - gstr); + "Parameter file requested but no path given: %s\n", + gstr); return NULL; } } else { @@ -1620,19 +1648,19 @@ gctx = EVP_PKEY_CTX_new(param, keygen_engine); else gctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), - param, app_get0_propq()); + param, app_get0_propq()); *pkeylen = EVP_PKEY_get_bits(param); EVP_PKEY_free(param); } else { if (keygen_engine != NULL) { int pkey_id = get_legacy_pkey_id(app_get0_libctx(), *pkeytype, - keygen_engine); + keygen_engine); if (pkey_id != NID_undef) gctx = EVP_PKEY_CTX_new_id(pkey_id, keygen_engine); } else { gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), - *pkeytype, app_get0_propq()); + *pkeytype, app_get0_propq()); } } @@ -1646,16 +1674,14 @@ EVP_PKEY_CTX_free(gctx); return NULL; } - if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA") - || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS"))) + if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA") || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS"))) keylen = *pkeylen; if (keylen != -1) { OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; size_t bits = keylen; - params[0] = - OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_BITS, &bits); + params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_BITS, &bits); if (EVP_PKEY_CTX_set_params(gctx, params) <= 0) { BIO_puts(bio_err, "Error setting keysize\n"); EVP_PKEY_CTX_free(gctx); --- crypto/openssl/apps/rsa.c.orig +++ crypto/openssl/apps/rsa.c @@ -34,63 +34,78 @@ #include #ifndef OPENSSL_NO_RC4 -# define DEFAULT_PVK_ENCR_STRENGTH 2 +#define DEFAULT_PVK_ENCR_STRENGTH 2 #else -# define DEFAULT_PVK_ENCR_STRENGTH 0 +#define DEFAULT_PVK_ENCR_STRENGTH 0 #endif typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, - OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN, - OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT, + OPT_INFORM, + OPT_OUTFORM, + OPT_ENGINE, + OPT_IN, + OPT_OUT, + OPT_PUBIN, + OPT_PUBOUT, + OPT_PASSOUT, + OPT_PASSIN, + OPT_RSAPUBKEY_IN, + OPT_RSAPUBKEY_OUT, /* Do not change the order here; see case statements below */ - OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG, - OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER, - OPT_PROV_ENUM, OPT_TRADITIONAL + OPT_PVK_NONE, + OPT_PVK_WEAK, + OPT_PVK_STRONG, + OPT_NOOUT, + OPT_TEXT, + OPT_MODULUS, + OPT_CHECK, + OPT_CIPHER, + OPT_PROV_ENUM, + OPT_TRADITIONAL } OPTION_CHOICE; const OPTIONS rsa_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"check", OPT_CHECK, '-', "Verify key consistency"}, - {"", OPT_CIPHER, '-', "Any supported cipher"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "check", OPT_CHECK, '-', "Verify key consistency" }, + { "", OPT_CIPHER, '-', "Any supported cipher" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input file"}, - {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"}, - {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, - {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + { "in", OPT_IN, 's', "Input file" }, + { "inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)" }, + { "pubin", OPT_PUBIN, '-', "Expect a public key in input file" }, + { "RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"}, - {"pubout", OPT_PUBOUT, '-', "Output a public key"}, - {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"noout", OPT_NOOUT, '-', "Don't print key out"}, - {"text", OPT_TEXT, '-', "Print the key in text"}, - {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, - {"traditional", OPT_TRADITIONAL, '-', - "Use traditional format for private keys"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK" }, + { "pubout", OPT_PUBOUT, '-', "Output a public key" }, + { "RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "noout", OPT_NOOUT, '-', "Don't print key out" }, + { "text", OPT_TEXT, '-', "Print the key in text" }, + { "modulus", OPT_MODULUS, '-', "Print the RSA key modulus" }, + { "traditional", OPT_TRADITIONAL, '-', + "Use traditional format for private keys" }, #ifndef OPENSSL_NO_RC4 OPT_SECTION("PVK"), - {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, - {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, - {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, + { "pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)" }, + { "pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level" }, + { "pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding" }, #endif OPT_PROV_OPTIONS, - {NULL} + { NULL } }; static int try_legacy_encoding(EVP_PKEY *pkey, int outformat, int pubout, - BIO *out) + BIO *out) { int ret = 0; #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -109,10 +124,10 @@ ret = PEM_write_bio_RSAPublicKey(out, rsa) > 0; else ret = PEM_write_bio_RSA_PUBKEY(out, rsa) > 0; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { ret = i2b_PublicKey_bio(out, pkey) > 0; -# endif +#endif } #endif @@ -144,7 +159,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -186,9 +201,9 @@ case OPT_RSAPUBKEY_OUT: pubout = 2; break; - case OPT_PVK_STRONG: /* pvk_encr:= 2 */ - case OPT_PVK_WEAK: /* pvk_encr:= 1 */ - case OPT_PVK_NONE: /* pvk_encr:= 0 */ + case OPT_PVK_STRONG: /* pvk_encr:= 2 */ + case OPT_PVK_WEAK: /* pvk_encr:= 1 */ + case OPT_PVK_NONE: /* pvk_encr:= 0 */ pvk_encr = (o - OPT_PVK_NONE); break; case OPT_NOOUT: @@ -340,7 +355,7 @@ } else { assert(private); selection = (OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); } /* For DER based output, select the desired output structure */ @@ -361,8 +376,8 @@ /* Now, perform the encoding */ ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, - output_type, output_structure, - NULL); + output_type, output_structure, + NULL); if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { if ((!pubout && !pubin) || !try_legacy_encoding(pkey, outformat, pubout, out)) @@ -382,8 +397,8 @@ if (passout != NULL) /* When passout given, override the passphrase prompter */ OSSL_ENCODER_CTX_set_passphrase(ectx, - (const unsigned char *)passout, - strlen(passout)); + (const unsigned char *)passout, + strlen(passout)); } /* PVK is a bit special... */ @@ -403,7 +418,7 @@ goto end; } ret = 0; - end: +end: OSSL_ENCODER_CTX_free(ectx); release_engine(e); BIO_free_all(out); --- crypto/openssl/apps/rsautl.c.orig +++ crypto/openssl/apps/rsautl.c @@ -16,57 +16,73 @@ #include #include -#define RSA_SIGN 1 -#define RSA_VERIFY 2 -#define RSA_ENCRYPT 3 -#define RSA_DECRYPT 4 +#define RSA_SIGN 1 +#define RSA_VERIFY 2 +#define RSA_ENCRYPT 3 +#define RSA_DECRYPT 4 -#define KEY_PRIVKEY 1 -#define KEY_PUBKEY 2 -#define KEY_CERT 3 +#define KEY_PRIVKEY 1 +#define KEY_PUBKEY 2 +#define KEY_CERT 3 typedef enum OPTION_choice { OPT_COMMON, - OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, - OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931, - OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, - OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_ENGINE, + OPT_IN, + OPT_OUT, + OPT_ASN1PARSE, + OPT_HEXDUMP, + OPT_RSA_RAW, + OPT_OAEP, + OPT_PKCS, + OPT_X931, + OPT_SIGN, + OPT_VERIFY, + OPT_REV, + OPT_ENCRYPT, + OPT_DECRYPT, + OPT_PUBIN, + OPT_CERTIN, + OPT_INKEY, + OPT_PASSIN, + OPT_KEYFORM, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS rsautl_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"sign", OPT_SIGN, '-', "Sign with private key"}, - {"verify", OPT_VERIFY, '-', "Verify with public key"}, - {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "sign", OPT_SIGN, '-', "Sign with private key" }, + { "verify", OPT_VERIFY, '-', "Verify with public key" }, + { "encrypt", OPT_ENCRYPT, '-', "Encrypt with public key" }, + { "decrypt", OPT_DECRYPT, '-', "Decrypt with private key" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inkey", OPT_INKEY, 's', "Input key"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, - {"pubin", OPT_PUBIN, '-', "Input is an RSA public"}, - {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"}, - {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + { "in", OPT_IN, '<', "Input file" }, + { "inkey", OPT_INKEY, 's', "Input key" }, + { "keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)" }, + { "pubin", OPT_PUBIN, '-', "Input is an RSA public" }, + { "certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key" }, + { "rev", OPT_REV, '-', "Reverse the order of the input buffer" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"raw", OPT_RSA_RAW, '-', "Use no padding"}, - {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"}, - {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"}, - {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"}, - {"asn1parse", OPT_ASN1PARSE, '-', - "Run output through asn1parse; useful with -verify"}, - {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, + { "out", OPT_OUT, '>', "Output file" }, + { "raw", OPT_RSA_RAW, '-', "Use no padding" }, + { "pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)" }, + { "x931", OPT_X931, '-', "Use ANSI X9.31 padding" }, + { "oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP" }, + { "asn1parse", OPT_ASN1PARSE, '-', + "Run output through asn1parse; useful with -verify" }, + { "hexdump", OPT_HEXDUMP, '-', "Hex dump output" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int rsautl_main(int argc, char **argv) @@ -90,7 +106,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -246,7 +262,8 @@ rv = EVP_PKEY_verify_recover_init(ctx) > 0 && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0 && EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen, - rsa_in, rsa_inlen) > 0; + rsa_in, rsa_inlen) + > 0; break; case RSA_SIGN: rv = EVP_PKEY_sign_init(ctx) > 0 @@ -280,7 +297,7 @@ } else { BIO_write(out, rsa_out, rsa_outlen); } - end: +end: EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); release_engine(e); --- crypto/openssl/apps/s_client.c.orig +++ crypto/openssl/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -25,7 +25,7 @@ * needed to have fileno() declared correctly... So let's define u_int */ #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -# define __U_INT +#define __U_INT typedef unsigned int u_int; #endif @@ -41,20 +41,20 @@ #include #include #ifndef OPENSSL_NO_CT -# include +#include #endif #include "s_apps.h" #include "timeouts.h" #include "internal/sockets.h" #if defined(__has_feature) -# if __has_feature(memory_sanitizer) -# include -# endif +#if __has_feature(memory_sanitizer) +#include +#endif #endif #undef BUFSIZZ -#define BUFSIZZ 1024*8 +#define BUFSIZZ 1024 * 8 #define S_CLIENT_IRC_READ_TIMEOUT 8 static char *prog; @@ -94,9 +94,9 @@ #ifndef OPENSSL_NO_PSK static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len) + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len) { int ret; long key_len; @@ -108,7 +108,7 @@ /* no ServerKeyExchange message */ if (c_debug) BIO_printf(bio_c_out, - "NULL received PSK identity hint, continuing anyway\n"); + "NULL received PSK identity hint, continuing anyway\n"); } else if (c_debug) { BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); } @@ -121,19 +121,19 @@ goto out_err; if (c_debug) BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, - ret); + ret); /* convert the PSK key to binary */ key = OPENSSL_hexstr2buf(psk_key, &key_len); if (key == NULL) { BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", - psk_key); + psk_key); return 0; } if (max_psk_len > INT_MAX || key_len > (long)max_psk_len) { BIO_printf(bio_err, - "psk buffer of callback is too small (%d) for key (%ld)\n", - max_psk_len, key_len); + "psk buffer of callback is too small (%d) for key (%ld)\n", + max_psk_len, key_len); OPENSSL_free(key); return 0; } @@ -145,7 +145,7 @@ BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len); return key_len; - out_err: +out_err: if (c_debug) BIO_printf(bio_err, "Error in PSK client callback\n"); return 0; @@ -156,8 +156,8 @@ const unsigned char tls13_aes256gcmsha384_id[] = { 0x13, 0x02 }; static int psk_use_session_cb(SSL *s, const EVP_MD *md, - const unsigned char **id, size_t *idlen, - SSL_SESSION **sess) + const unsigned char **id, size_t *idlen, + SSL_SESSION **sess) { SSL_SESSION *usesess = NULL; const SSL_CIPHER *cipher = NULL; @@ -171,7 +171,7 @@ if (key == NULL) { BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", - psk_key); + psk_key); return 0; } @@ -185,9 +185,9 @@ usesess = SSL_SESSION_new(); if (usesess == NULL - || !SSL_SESSION_set1_master_key(usesess, key, key_len) - || !SSL_SESSION_set_cipher(usesess, cipher) - || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) { + || !SSL_SESSION_set1_master_key(usesess, key, key_len) + || !SSL_SESSION_set_cipher(usesess, cipher) + || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) { OPENSSL_free(key); goto err; } @@ -212,7 +212,7 @@ return 1; - err: +err: SSL_SESSION_free(usesess); return 0; } @@ -225,7 +225,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) { - tlsextctx *p = (tlsextctx *) arg; + tlsextctx *p = (tlsextctx *)arg; const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); if (SSL_get_servername_type(s) != -1) p->ack = !SSL_session_reused(s) && hn != NULL; @@ -246,8 +246,8 @@ static tlsextnextprotoctx next_proto; static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - void *arg) + const unsigned char *in, unsigned int inlen, + void *arg) { tlsextnextprotoctx *ctx = arg; @@ -264,15 +264,14 @@ BIO_write(bio_c_out, "\n", 1); } - ctx->status = - SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); + ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); return SSL_TLSEXT_ERR_OK; } -#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ +#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, size_t inlen, - int *al, void *arg) + const unsigned char *in, size_t inlen, + int *al, void *arg) { char pem_name[100]; unsigned char ext_buf[4 + 65536]; @@ -286,7 +285,7 @@ memcpy(ext_buf + 4, in, inlen); BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d", - ext_type); + ext_type); PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen); return 1; } @@ -350,9 +349,7 @@ v = strtol(in, &endp, 10); e = restore_errno(); - if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) || - endp == in || !isspace(_UC(*endp)) || - v != (*result = (uint8_t) v)) { + if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) || endp == in || !isspace(_UC(*endp)) || v != (*result = (uint8_t)v)) { return -1; } for (in = endp; isspace(_UC(*in)); ++in) @@ -380,7 +377,9 @@ { &selector, "selector", checked_uint8 }, { &mtype, "mtype", checked_uint8 }, { &data, "data", hexdecode }, - { NULL, } + { + NULL, + } }; struct tlsa_field *f; int ret; @@ -391,7 +390,7 @@ /* Returns number of bytes produced, advances cp to next field */ if ((len = f->parser(&cp, f->var)) <= 0) { BIO_printf(bio_err, "%s: warning: bad TLSA %s field in: %s\n", - prog, f->name, rrdata); + prog, f->name, rrdata); return 0; } } @@ -402,13 +401,13 @@ if (ret == 0) { ERR_print_errors(bio_err); BIO_printf(bio_err, "%s: warning: unusable TLSA rrdata: %s\n", - prog, rrdata); + prog, rrdata); return 0; } if (ret < 0) { ERR_print_errors(bio_err); BIO_printf(bio_err, "%s: warning: error loading TLSA rrdata: %s\n", - prog, rrdata); + prog, rrdata); return 0; } return ret; @@ -430,268 +429,350 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_BIND, OPT_UNIX, - OPT_XMPPHOST, OPT_VERIFY, OPT_NAMEOPT, - OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN, - OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET, - OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO, - OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF, - OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG, - OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG, - OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE, - OPT_PSK_IDENTITY, OPT_PSK, OPT_PSK_SESS, + OPT_4, + OPT_6, + OPT_HOST, + OPT_PORT, + OPT_CONNECT, + OPT_BIND, + OPT_UNIX, + OPT_XMPPHOST, + OPT_VERIFY, + OPT_NAMEOPT, + OPT_CERT, + OPT_CRL, + OPT_CRL_DOWNLOAD, + OPT_SESS_OUT, + OPT_SESS_IN, + OPT_CERTFORM, + OPT_CRLFORM, + OPT_VERIFY_RET_ERROR, + OPT_VERIFY_QUIET, + OPT_BRIEF, + OPT_PREXIT, + OPT_CRLF, + OPT_QUIET, + OPT_NBIO, + OPT_SSL_CLIENT_ENGINE, + OPT_IGN_EOF, + OPT_NO_IGN_EOF, + OPT_DEBUG, + OPT_TLSEXTDEBUG, + OPT_STATUS, + OPT_WDEBUG, + OPT_MSG, + OPT_MSGFILE, + OPT_ENGINE, + OPT_TRACE, + OPT_SECURITY_DEBUG, + OPT_SECURITY_DEBUG_VERBOSE, + OPT_SHOWCERTS, + OPT_NBIO_TEST, + OPT_STATE, + OPT_PSK_IDENTITY, + OPT_PSK, + OPT_PSK_SESS, #ifndef OPENSSL_NO_SRP - OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER, + OPT_SRPUSER, + OPT_SRPPASS, + OPT_SRP_STRENGTH, + OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, #endif - OPT_SSL3, OPT_SSL_CONFIG, - OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, - OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, - OPT_CERT_CHAIN, OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, - OPT_NEXTPROTONEG, OPT_ALPN, - OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, - OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, - OPT_CASTORE, OPT_NOCASTORE, OPT_CHAINCASTORE, OPT_VERIFYCASTORE, - OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_NOSERVERNAME, OPT_ASYNC, - OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST, - OPT_MAXFRAGLEN, OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, - OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE, + OPT_SSL3, + OPT_SSL_CONFIG, + OPT_TLS1_3, + OPT_TLS1_2, + OPT_TLS1_1, + OPT_TLS1, + OPT_DTLS, + OPT_DTLS1, + OPT_DTLS1_2, + OPT_SCTP, + OPT_TIMEOUT, + OPT_MTU, + OPT_KEYFORM, + OPT_PASS, + OPT_CERT_CHAIN, + OPT_KEY, + OPT_RECONNECT, + OPT_BUILD_CHAIN, + OPT_NEXTPROTONEG, + OPT_ALPN, + OPT_CAPATH, + OPT_NOCAPATH, + OPT_CHAINCAPATH, + OPT_VERIFYCAPATH, + OPT_CAFILE, + OPT_NOCAFILE, + OPT_CHAINCAFILE, + OPT_VERIFYCAFILE, + OPT_CASTORE, + OPT_NOCASTORE, + OPT_CHAINCASTORE, + OPT_VERIFYCASTORE, + OPT_SERVERINFO, + OPT_STARTTLS, + OPT_SERVERNAME, + OPT_NOSERVERNAME, + OPT_ASYNC, + OPT_USE_SRTP, + OPT_KEYMATEXPORT, + OPT_KEYMATEXPORTLEN, + OPT_PROTOHOST, + OPT_MAXFRAGLEN, + OPT_MAX_SEND_FRAG, + OPT_SPLIT_SEND_FRAG, + OPT_MAX_PIPELINES, + OPT_READ_BUF, + OPT_KEYLOG_FILE, + OPT_EARLY_DATA, + OPT_REQCAFILE, OPT_V_ENUM, OPT_X_ENUM, - OPT_S_ENUM, OPT_IGNORE_UNEXPECTED_EOF, - OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_PROXY_USER, OPT_PROXY_PASS, + OPT_S_ENUM, + OPT_IGNORE_UNEXPECTED_EOF, + OPT_FALLBACKSCSV, + OPT_NOCMDS, + OPT_PROXY, + OPT_PROXY_USER, + OPT_PROXY_PASS, OPT_DANE_TLSA_DOMAIN, #ifndef OPENSSL_NO_CT - OPT_CT, OPT_NOCT, OPT_CTLOG_FILE, + OPT_CT, + OPT_NOCT, + OPT_CTLOG_FILE, #endif - OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, + OPT_DANE_TLSA_RRDATA, + OPT_DANE_EE_NO_NAME, OPT_ENABLE_PHA, OPT_SCTP_LABEL_BUG, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS s_client_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [host:port]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [host:port]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's', - "Specify engine to be used for client certificate operations"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, + { "ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's', + "Specify engine to be used for client certificate operations" }, #endif - {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified section for SSL_CTX configuration"}, + { "ssl_config", OPT_SSL_CONFIG, 's', "Use specified section for SSL_CTX configuration" }, #ifndef OPENSSL_NO_CT - {"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"}, - {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"}, - {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"}, + { "ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)" }, + { "noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)" }, + { "ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file" }, #endif OPT_SECTION("Network"), - {"host", OPT_HOST, 's', "Use -connect instead"}, - {"port", OPT_PORT, 'p', "Use -connect instead"}, - {"connect", OPT_CONNECT, 's', - "TCP/IP where to connect; default: " PORT ")"}, - {"bind", OPT_BIND, 's', "bind local address for connection"}, - {"proxy", OPT_PROXY, 's', - "Connect to via specified proxy to the real server"}, - {"proxy_user", OPT_PROXY_USER, 's', "UserID for proxy authentication"}, - {"proxy_pass", OPT_PROXY_PASS, 's', "Proxy authentication password source"}, + { "host", OPT_HOST, 's', "Use -connect instead" }, + { "port", OPT_PORT, 'p', "Use -connect instead" }, + { "connect", OPT_CONNECT, 's', + "TCP/IP where to connect; default: " PORT ")" }, + { "bind", OPT_BIND, 's', "bind local address for connection" }, + { "proxy", OPT_PROXY, 's', + "Connect to via specified proxy to the real server" }, + { "proxy_user", OPT_PROXY_USER, 's', "UserID for proxy authentication" }, + { "proxy_pass", OPT_PROXY_PASS, 's', "Proxy authentication password source" }, #ifdef AF_UNIX - {"unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket"}, + { "unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket" }, #endif - {"4", OPT_4, '-', "Use IPv4 only"}, + { "4", OPT_4, '-', "Use IPv4 only" }, #ifdef AF_INET6 - {"6", OPT_6, '-', "Use IPv6 only"}, -#endif - {"maxfraglen", OPT_MAXFRAGLEN, 'p', - "Enable Maximum Fragment Length Negotiation (len values: 512, 1024, 2048 and 4096)"}, - {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "}, - {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', - "Size used to split data for encrypt pipelines"}, - {"max_pipelines", OPT_MAX_PIPELINES, 'p', - "Maximum number of encrypt/decrypt pipelines to be used"}, - {"read_buf", OPT_READ_BUF, 'p', - "Default read buffer size to be used for connections"}, - {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, + { "6", OPT_6, '-', "Use IPv6 only" }, +#endif + { "maxfraglen", OPT_MAXFRAGLEN, 'p', + "Enable Maximum Fragment Length Negotiation (len values: 512, 1024, 2048 and 4096)" }, + { "max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames " }, + { "split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', + "Size used to split data for encrypt pipelines" }, + { "max_pipelines", OPT_MAX_PIPELINES, 'p', + "Maximum number of encrypt/decrypt pipelines to be used" }, + { "read_buf", OPT_READ_BUF, 'p', + "Default read buffer size to be used for connections" }, + { "fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV" }, OPT_SECTION("Identity"), - {"cert", OPT_CERT, '<', "Client certificate file to use"}, - {"certform", OPT_CERTFORM, 'F', - "Client certificate file format (PEM/DER/P12); has no effect"}, - {"cert_chain", OPT_CERT_CHAIN, '<', - "Client certificate chain file (in PEM format)"}, - {"build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain"}, - {"key", OPT_KEY, 's', "Private key file to use; default: -cert file"}, - {"keyform", OPT_KEYFORM, 'E', "Key format (ENGINE, other values ignored)"}, - {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"}, - {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"}, - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, - {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - {"requestCAfile", OPT_REQCAFILE, '<', - "PEM format file of CA names to send to the server"}, - {"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"}, - {"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's', - "DANE TLSA rrdata presentation form"}, - {"dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-', - "Disable name checks when matching DANE-EE(3) TLSA records"}, - {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"}, - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, - {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"}, - {"name", OPT_PROTOHOST, 's', - "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""}, + { "cert", OPT_CERT, '<', "Client certificate file to use" }, + { "certform", OPT_CERTFORM, 'F', + "Client certificate file format (PEM/DER/P12); has no effect" }, + { "cert_chain", OPT_CERT_CHAIN, '<', + "Client certificate chain file (in PEM format)" }, + { "build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain" }, + { "key", OPT_KEY, 's', "Private key file to use; default: -cert file" }, + { "keyform", OPT_KEYFORM, 'E', "Key format (ENGINE, other values ignored)" }, + { "pass", OPT_PASS, 's', "Private key and cert file pass phrase source" }, + { "verify", OPT_VERIFY, 'p', "Turn on peer certificate verification" }, + { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" }, + { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" }, + { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store" }, + { "requestCAfile", OPT_REQCAFILE, '<', + "PEM format file of CA names to send to the server" }, + { "dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain" }, + { "dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's', + "DANE TLSA rrdata presentation form" }, + { "dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-', + "Disable name checks when matching DANE-EE(3) TLSA records" }, + { "psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity" }, + { "psk", OPT_PSK, 's', "PSK in hex (without 0x)" }, + { "psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from" }, + { "name", OPT_PROTOHOST, 's', + "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\"" }, OPT_SECTION("Session"), - {"reconnect", OPT_RECONNECT, '-', - "Drop and re-make the connection with the same Session-ID"}, - {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"}, - {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"}, + { "reconnect", OPT_RECONNECT, '-', + "Drop and re-make the connection with the same Session-ID" }, + { "sess_out", OPT_SESS_OUT, '>', "File to write SSL session to" }, + { "sess_in", OPT_SESS_IN, '<', "File to read SSL session from" }, OPT_SECTION("Input/Output"), - {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, - {"quiet", OPT_QUIET, '-', "No s_client output"}, - {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"}, - {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"}, - {"starttls", OPT_STARTTLS, 's', - "Use the appropriate STARTTLS command before starting TLS"}, - {"xmpphost", OPT_XMPPHOST, 's', - "Alias of -name option for \"-starttls xmpp[-server]\""}, - {"brief", OPT_BRIEF, '-', - "Restrict output to brief summary of connection parameters"}, - {"prexit", OPT_PREXIT, '-', - "Print session information when the program exits"}, + { "crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF" }, + { "quiet", OPT_QUIET, '-', "No s_client output" }, + { "ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)" }, + { "no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof" }, + { "starttls", OPT_STARTTLS, 's', + "Use the appropriate STARTTLS command before starting TLS" }, + { "xmpphost", OPT_XMPPHOST, 's', + "Alias of -name option for \"-starttls xmpp[-server]\"" }, + { "brief", OPT_BRIEF, '-', + "Restrict output to brief summary of connection parameters" }, + { "prexit", OPT_PREXIT, '-', + "Print session information when the program exits" }, OPT_SECTION("Debug"), - {"showcerts", OPT_SHOWCERTS, '-', - "Show all certificates sent by the server"}, - {"debug", OPT_DEBUG, '-', "Extra output"}, - {"msg", OPT_MSG, '-', "Show protocol messages"}, - {"msgfile", OPT_MSGFILE, '>', - "File to send output of -msg or -trace, instead of stdout"}, - {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"}, - {"state", OPT_STATE, '-', "Print the ssl states"}, - {"keymatexport", OPT_KEYMATEXPORT, 's', - "Export keying material using label"}, - {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', - "Export len bytes of keying material; default 20"}, - {"security_debug", OPT_SECURITY_DEBUG, '-', - "Enable security debug messages"}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', - "Output more security debug output"}, + { "showcerts", OPT_SHOWCERTS, '-', + "Show all certificates sent by the server" }, + { "debug", OPT_DEBUG, '-', "Extra output" }, + { "msg", OPT_MSG, '-', "Show protocol messages" }, + { "msgfile", OPT_MSGFILE, '>', + "File to send output of -msg or -trace, instead of stdout" }, + { "nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing" }, + { "state", OPT_STATE, '-', "Print the ssl states" }, + { "keymatexport", OPT_KEYMATEXPORT, 's', + "Export keying material using label" }, + { "keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', + "Export len bytes of keying material; default 20" }, + { "security_debug", OPT_SECURITY_DEBUG, '-', + "Enable security debug messages" }, + { "security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', + "Output more security debug output" }, #ifndef OPENSSL_NO_SSL_TRACE - {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"}, + { "trace", OPT_TRACE, '-', "Show trace output of protocol messages" }, #endif #ifdef WATT32 - {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"}, -#endif - {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, - {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, - {"servername", OPT_SERVERNAME, 's', - "Set TLS extension servername (SNI) in ClientHello (default)"}, - {"noservername", OPT_NOSERVERNAME, '-', - "Do not send the server name (SNI) extension in the ClientHello"}, - {"tlsextdebug", OPT_TLSEXTDEBUG, '-', - "Hex dump of all TLS extensions received"}, - {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', - "Do not treat lack of close_notify from a peer as an error"}, + { "wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging" }, +#endif + { "keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file" }, + { "nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters" }, + { "servername", OPT_SERVERNAME, 's', + "Set TLS extension servername (SNI) in ClientHello (default)" }, + { "noservername", OPT_NOSERVERNAME, '-', + "Do not send the server name (SNI) extension in the ClientHello" }, + { "tlsextdebug", OPT_TLSEXTDEBUG, '-', + "Hex dump of all TLS extensions received" }, + { "ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', + "Do not treat lack of close_notify from a peer as an error" }, #ifndef OPENSSL_NO_OCSP - {"status", OPT_STATUS, '-', "Request certificate status from server"}, + { "status", OPT_STATUS, '-', "Request certificate status from server" }, #endif - {"serverinfo", OPT_SERVERINFO, 's', - "types Send empty ClientHello extensions (comma-separated numbers)"}, - {"alpn", OPT_ALPN, 's', - "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, - {"async", OPT_ASYNC, '-', "Support asynchronous operation"}, - {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, + { "serverinfo", OPT_SERVERINFO, 's', + "types Send empty ClientHello extensions (comma-separated numbers)" }, + { "alpn", OPT_ALPN, 's', + "Enable ALPN extension, considering named protocols supported (comma-separated list)" }, + { "async", OPT_ASYNC, '-', "Support asynchronous operation" }, + { "nbio", OPT_NBIO, '-', "Use non-blocking IO" }, OPT_SECTION("Protocol and version"), #ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, + { "ssl3", OPT_SSL3, '-', "Just use SSLv3" }, #endif #ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, + { "tls1", OPT_TLS1, '-', "Just use TLSv1" }, #endif #ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, + { "tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1" }, #endif #ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, + { "tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2" }, #endif #ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, + { "tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3" }, #endif #ifndef OPENSSL_NO_DTLS - {"dtls", OPT_DTLS, '-', "Use any version of DTLS"}, - {"timeout", OPT_TIMEOUT, '-', - "Enable send/receive timeout on DTLS connections"}, - {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, + { "dtls", OPT_DTLS, '-', "Use any version of DTLS" }, + { "timeout", OPT_TIMEOUT, '-', + "Enable send/receive timeout on DTLS connections" }, + { "mtu", OPT_MTU, 'p', "Set the link layer MTU" }, #endif #ifndef OPENSSL_NO_DTLS1 - {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, + { "dtls1", OPT_DTLS1, '-', "Just use DTLSv1" }, #endif #ifndef OPENSSL_NO_DTLS1_2 - {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"}, + { "dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2" }, #endif #ifndef OPENSSL_NO_SCTP - {"sctp", OPT_SCTP, '-', "Use SCTP"}, - {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, + { "sctp", OPT_SCTP, '-', "Use SCTP" }, + { "sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug" }, #endif #ifndef OPENSSL_NO_NEXTPROTONEG - {"nextprotoneg", OPT_NEXTPROTONEG, 's', - "Enable NPN extension, considering named protocols supported (comma-separated list)"}, + { "nextprotoneg", OPT_NEXTPROTONEG, 's', + "Enable NPN extension, considering named protocols supported (comma-separated list)" }, #endif - {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"}, - {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"}, + { "early_data", OPT_EARLY_DATA, '<', "File to send as early data" }, + { "enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication" }, #ifndef OPENSSL_NO_SRTP - {"use_srtp", OPT_USE_SRTP, 's', - "Offer SRTP key management with a colon-separated profile list"}, + { "use_srtp", OPT_USE_SRTP, 's', + "Offer SRTP key management with a colon-separated profile list" }, #endif #ifndef OPENSSL_NO_SRP - {"srpuser", OPT_SRPUSER, 's', "(deprecated) SRP authentication for 'user'"}, - {"srppass", OPT_SRPPASS, 's', "(deprecated) Password for 'user'"}, - {"srp_lateuser", OPT_SRP_LATEUSER, '-', - "(deprecated) SRP username into second ClientHello message"}, - {"srp_moregroups", OPT_SRP_MOREGROUPS, '-', - "(deprecated) Tolerate other than the known g N values."}, - {"srp_strength", OPT_SRP_STRENGTH, 'p', - "(deprecated) Minimal length in bits for N"}, + { "srpuser", OPT_SRPUSER, 's', "(deprecated) SRP authentication for 'user'" }, + { "srppass", OPT_SRPPASS, 's', "(deprecated) Password for 'user'" }, + { "srp_lateuser", OPT_SRP_LATEUSER, '-', + "(deprecated) SRP username into second ClientHello message" }, + { "srp_moregroups", OPT_SRP_MOREGROUPS, '-', + "(deprecated) Tolerate other than the known g N values." }, + { "srp_strength", OPT_SRP_STRENGTH, 'p', + "(deprecated) Minimal length in bits for N" }, #endif OPT_R_OPTIONS, OPT_S_OPTIONS, OPT_V_OPTIONS, - {"CRL", OPT_CRL, '<', "CRL file to use"}, - {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"}, - {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER); default PEM"}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', - "Close connection on verification error"}, - {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"}, - {"chainCAfile", OPT_CHAINCAFILE, '<', - "CA file for certificate chain (PEM format)"}, - {"chainCApath", OPT_CHAINCAPATH, '/', - "Use dir as certificate store path to build CA certificate chain"}, - {"chainCAstore", OPT_CHAINCASTORE, ':', - "CA store URI for certificate chain"}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<', - "CA file for certificate verification (PEM format)"}, - {"verifyCApath", OPT_VERIFYCAPATH, '/', - "Use dir as certificate store path to verify CA certificate"}, - {"verifyCAstore", OPT_VERIFYCASTORE, ':', - "CA store URI for certificate verification"}, + { "CRL", OPT_CRL, '<', "CRL file to use" }, + { "crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points" }, + { "CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER); default PEM" }, + { "verify_return_error", OPT_VERIFY_RET_ERROR, '-', + "Close connection on verification error" }, + { "verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors" }, + { "chainCAfile", OPT_CHAINCAFILE, '<', + "CA file for certificate chain (PEM format)" }, + { "chainCApath", OPT_CHAINCAPATH, '/', + "Use dir as certificate store path to build CA certificate chain" }, + { "chainCAstore", OPT_CHAINCASTORE, ':', + "CA store URI for certificate chain" }, + { "verifyCAfile", OPT_VERIFYCAFILE, '<', + "CA file for certificate verification (PEM format)" }, + { "verifyCApath", OPT_VERIFYCAPATH, '/', + "Use dir as certificate store path to verify CA certificate" }, + { "verifyCAstore", OPT_VERIFYCASTORE, ':', + "CA store URI for certificate verification" }, OPT_X_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"host:port", 0, 0, "Where to connect; same as -connect option"}, - {NULL} + { "host:port", 0, 0, "Where to connect; same as -connect option" }, + { NULL } }; typedef enum PROTOCOL_choice { @@ -713,30 +794,30 @@ } PROTOCOL_CHOICE; static const OPT_PAIR services[] = { - {"smtp", PROTO_SMTP}, - {"pop3", PROTO_POP3}, - {"imap", PROTO_IMAP}, - {"ftp", PROTO_FTP}, - {"xmpp", PROTO_XMPP}, - {"xmpp-server", PROTO_XMPP_SERVER}, - {"telnet", PROTO_TELNET}, - {"irc", PROTO_IRC}, - {"mysql", PROTO_MYSQL}, - {"postgres", PROTO_POSTGRES}, - {"lmtp", PROTO_LMTP}, - {"nntp", PROTO_NNTP}, - {"sieve", PROTO_SIEVE}, - {"ldap", PROTO_LDAP}, - {NULL, 0} + { "smtp", PROTO_SMTP }, + { "pop3", PROTO_POP3 }, + { "imap", PROTO_IMAP }, + { "ftp", PROTO_FTP }, + { "xmpp", PROTO_XMPP }, + { "xmpp-server", PROTO_XMPP_SERVER }, + { "telnet", PROTO_TELNET }, + { "irc", PROTO_IRC }, + { "mysql", PROTO_MYSQL }, + { "postgres", PROTO_POSTGRES }, + { "lmtp", PROTO_LMTP }, + { "nntp", PROTO_NNTP }, + { "sieve", PROTO_SIEVE }, + { "ldap", PROTO_LDAP }, + { NULL, 0 } }; #define IS_INET_FLAG(o) \ - (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT) + (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT) #define IS_UNIX_FLAG(o) (o == OPT_UNIX) -#define IS_PROT_FLAG(o) \ - (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) +#define IS_PROT_FLAG(o) \ + (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ + || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) /* Free |*dest| and optionally set it to a copy of |source|. */ static void freeandcopy(char **dest, const char *source) @@ -767,7 +848,7 @@ */ if (SSL_version(s) == TLS1_3_VERSION) { BIO_printf(bio_c_out, - "---\nPost-Handshake New Session Ticket arrived:\n"); + "---\nPost-Handshake New Session Ticket arrived:\n"); SSL_SESSION_print(bio_c_out, sess); BIO_printf(bio_c_out, "---\n"); } @@ -869,7 +950,10 @@ int async = 0; unsigned int max_send_fragment = 0; unsigned int split_send_fragment = 0, max_pipelines = 0; - enum { use_inet, use_unix, use_unknown } connect_type = use_unknown; + enum { use_inet, + use_unix, + use_unknown } connect_type + = use_unknown; int count4or6 = 0; uint8_t maxfraglen = 0; int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0; @@ -893,10 +977,10 @@ FD_ZERO(&writefds); /* Known false-positive of MemorySanitizer. */ #if defined(__has_feature) -# if __has_feature(memory_sanitizer) +#if __has_feature(memory_sanitizer) __msan_unpoison(&readfds, sizeof(readfds)); __msan_unpoison(&writefds, sizeof(writefds)); -# endif +#endif #endif c_quiet = 0; @@ -923,14 +1007,14 @@ /* Check for intermixing flags. */ if (connect_type == use_unix && IS_INET_FLAG(o)) { BIO_printf(bio_err, - "%s: Intermixed protocol flags (unix and internet domains)\n", - prog); + "%s: Intermixed protocol flags (unix and internet domains)\n", + prog); goto end; } if (connect_type == use_inet && IS_UNIX_FLAG(o)) { BIO_printf(bio_err, - "%s: Intermixed protocol flags (internet and unix domains)\n", - prog); + "%s: Intermixed protocol flags (internet and unix domains)\n", + prog); goto end; } @@ -942,14 +1026,14 @@ no_prot_opt++; if (prot_opt == 1 && no_prot_opt) { BIO_printf(bio_err, - "Cannot supply both a protocol flag and '-no_'\n"); + "Cannot supply both a protocol flag and '-no_'\n"); goto end; } switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -1184,7 +1268,7 @@ case OPT_SRP_STRENGTH: srp_arg.strength = atoi(opt_arg()); BIO_printf(bio_err, "SRP minimal length for N is %d\n", - srp_arg.strength); + srp_arg.strength); if (min_version < TLS1_VERSION) min_version = TLS1_VERSION; break; @@ -1365,8 +1449,7 @@ case OPT_DANE_TLSA_RRDATA: if (dane_tlsa_rrset == NULL) dane_tlsa_rrset = sk_OPENSSL_STRING_new_null(); - if (dane_tlsa_rrset == NULL || - !sk_OPENSSL_STRING_push(dane_tlsa_rrset, opt_arg())) { + if (dane_tlsa_rrset == NULL || !sk_OPENSSL_STRING_push(dane_tlsa_rrset, opt_arg())) { BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); goto end; } @@ -1435,8 +1518,8 @@ break; default: BIO_printf(bio_err, - "%s: Max Fragment Len %u is out of permitted values", - prog, len); + "%s: Max Fragment Len %u is out of permitted values", + prog, len); goto opthelp; } break; @@ -1470,8 +1553,8 @@ /* Don't allow -connect and a separate argument. */ if (connectstr != NULL) { BIO_printf(bio_err, - "%s: cannot provide both -connect option and target parameter\n", - prog); + "%s: cannot provide both -connect option and target parameter\n", + prog); goto opthelp; } connect_type = use_inet; @@ -1489,14 +1572,14 @@ if (noservername) { if (servername != NULL) { BIO_printf(bio_err, - "%s: Can't use -servername and -noservername together\n", - prog); + "%s: Can't use -servername and -noservername together\n", + prog); goto opthelp; } if (dane_tlsa_domain != NULL) { BIO_printf(bio_err, - "%s: Can't use -dane_tlsa_domain and -noservername together\n", - prog); + "%s: Can't use -dane_tlsa_domain and -noservername together\n", + prog); goto opthelp; } } @@ -1519,8 +1602,8 @@ OPENSSL_free(tmp_port); if (!res) { BIO_printf(bio_err, - "%s: -connect argument or target parameter malformed or ambiguous\n", - prog); + "%s: -connect argument or target parameter malformed or ambiguous\n", + prog); goto end; } } @@ -1557,7 +1640,7 @@ OPENSSL_free(tmp_port); if (!res) { BIO_printf(bio_err, - "%s: -proxy argument malformed or ambiguous\n", prog); + "%s: -proxy argument malformed or ambiguous\n", prog); goto end; } } @@ -1565,11 +1648,11 @@ if (bindstr != NULL) { int res; res = BIO_parse_hostserv(bindstr, &bindhost, &bindport, - BIO_PARSE_PRIO_HOST); + BIO_PARSE_PRIO_HOST); if (!res) { BIO_printf(bio_err, - "%s: -bind argument parameter malformed or ambiguous\n", - prog); + "%s: -bind argument parameter malformed or ambiguous\n", + prog); goto end; } } @@ -1577,7 +1660,7 @@ #ifdef AF_UNIX if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { BIO_printf(bio_err, - "Can't use unix sockets and datagrams together\n"); + "Can't use unix sockets and datagrams together\n"); goto end; } #endif @@ -1596,8 +1679,7 @@ #if !defined(OPENSSL_NO_NEXTPROTONEG) next_proto.status = -1; if (next_proto_neg_in) { - next_proto.data = - next_protos_parse(&next_proto.len, next_proto_neg_in); + next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); if (next_proto.data == NULL) { BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); goto end; @@ -1626,14 +1708,14 @@ if (key_file != NULL) { key = load_key(key_file, key_format, 0, pass, e, - "client certificate private key"); + "client certificate private key"); if (key == NULL) goto end; } if (cert_file != NULL) { cert = load_cert_pass(cert_file, cert_format, 1, pass, - "client certificate"); + "client certificate"); if (cert == NULL) goto end; } @@ -1703,7 +1785,7 @@ if (ssl_config != NULL) { if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", - ssl_config); + ssl_config); ERR_print_errors(bio_err); goto end; } @@ -1737,21 +1819,21 @@ if (max_send_fragment > 0 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", - prog, max_send_fragment); + prog, max_send_fragment); goto end; } if (split_send_fragment > 0 && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n", - prog, split_send_fragment); + prog, split_send_fragment); goto end; } if (max_pipelines > 0 && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n", - prog, max_pipelines); + prog, max_pipelines); goto end; } @@ -1760,17 +1842,18 @@ } if (maxfraglen > 0 - && !SSL_CTX_set_tlsext_max_fragment_length(ctx, maxfraglen)) { + && !SSL_CTX_set_tlsext_max_fragment_length(ctx, maxfraglen)) { BIO_printf(bio_err, - "%s: Max Fragment Length code %u is out of permitted values" - "\n", prog, maxfraglen); + "%s: Max Fragment Length code %u is out of permitted values" + "\n", + prog, maxfraglen); goto end; } if (!ssl_load_stores(ctx, - vfyCApath, vfyCAfile, vfyCAstore, - chCApath, chCAfile, chCAstore, - crls, crl_download)) { + vfyCApath, vfyCAfile, vfyCAstore, + chCApath, chCAfile, chCAstore, + crls, crl_download)) { BIO_printf(bio_err, "Error loading store locations\n"); ERR_print_errors(bio_err); goto end; @@ -1860,12 +1943,12 @@ for (i = 0; i < serverinfo_count; i++) { if (!SSL_CTX_add_client_custom_ext(ctx, - serverinfo_types[i], - NULL, NULL, NULL, - serverinfo_cli_parse_cb, NULL)) { + serverinfo_types[i], + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL)) { BIO_printf(bio_err, - "Warning: Unable to add custom extension %u, skipping\n", - serverinfo_types[i]); + "Warning: Unable to add custom extension %u, skipping\n", + serverinfo_types[i]); } } @@ -1874,8 +1957,7 @@ #ifndef OPENSSL_NO_CT /* Enable SCT processing, without early connection termination */ - if (ct_validation && - !SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) { + if (ct_validation && !SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) { ERR_print_errors(bio_err); goto end; } @@ -1899,7 +1981,7 @@ SSL_CTX_set_verify(ctx, verify, verify_callback); if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) { + CAstore, noCAstore)) { ERR_print_errors(bio_err); goto end; } @@ -1916,15 +1998,15 @@ } #ifndef OPENSSL_NO_SRP if (srp_arg.srplogin != NULL - && !set_up_srp_arg(ctx, &srp_arg, srp_lateuser, c_msg, c_debug)) + && !set_up_srp_arg(ctx, &srp_arg, srp_lateuser, c_msg, c_debug)) goto end; -# endif +#endif if (dane_tlsa_domain != NULL) { if (SSL_CTX_dane_enable(ctx) <= 0) { BIO_printf(bio_err, - "%s: Error enabling DANE TLSA authentication.\n", - prog); + "%s: Error enabling DANE TLSA authentication.\n", + prog); ERR_print_errors(bio_err); goto end; } @@ -1935,8 +2017,7 @@ * come at any time. Therefore we use a callback to write out the session * when we know about it. This approach works for < TLSv1.3 as well. */ - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT - | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE); SSL_CTX_sess_set_new_cb(ctx, new_session_cb); if (set_keylog_file(ctx, keylog_file)) @@ -1978,7 +2059,7 @@ if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) { if (servername == NULL) { - if(host == NULL || is_dNS_name(host)) + if (host == NULL || is_dNS_name(host)) servername = (host == NULL) ? "localhost" : host; } if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) { @@ -1991,31 +2072,36 @@ if (dane_tlsa_domain != NULL) { if (SSL_dane_enable(con, dane_tlsa_domain) <= 0) { BIO_printf(bio_err, "%s: Error enabling DANE TLSA " - "authentication.\n", prog); + "authentication.\n", + prog); ERR_print_errors(bio_err); goto end; } if (dane_tlsa_rrset == NULL) { BIO_printf(bio_err, "%s: DANE TLSA authentication requires at " - "least one -dane_tlsa_rrdata option.\n", prog); + "least one -dane_tlsa_rrdata option.\n", + prog); goto end; } if (tlsa_import_rrset(con, dane_tlsa_rrset) <= 0) { BIO_printf(bio_err, "%s: Failed to import any TLSA " - "records.\n", prog); + "records.\n", + prog); goto end; } if (dane_ee_no_name) SSL_dane_set_flags(con, DANE_FLAG_NO_DANE_EE_NAMECHECKS); } else if (dane_tlsa_rrset != NULL) { BIO_printf(bio_err, "%s: DANE TLSA authentication requires the " - "-dane_tlsa_domain option.\n", prog); + "-dane_tlsa_domain option.\n", + prog); goto end; } - re_start: +re_start: if (init_client(&sock, host, port, bindhost, bindport, socket_family, - socket_type, protocol) == 0) { + socket_type, protocol) + == 0) { BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); BIO_closesocket(sock); goto end; @@ -2048,7 +2134,7 @@ } if (!BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &peer_info)) { BIO_printf(bio_err, "getsockname:errno=%d\n", - get_last_socket_error()); + get_last_socket_error()); BIO_free(sbio); BIO_ADDR_free(peer_info.addr); BIO_closesocket(sock); @@ -2072,7 +2158,7 @@ if (socket_mtu) { if (socket_mtu < DTLS_get_link_min_mtu(con)) { BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", - DTLS_get_link_min_mtu(con)); + DTLS_get_link_min_mtu(con)); BIO_free(sbio); goto shut; } @@ -2158,536 +2244,507 @@ if (proxystr != NULL) { /* Here we must use the connect string target host & port */ if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass, - 0 /* no timeout */, bio_err, prog)) + 0 /* no timeout */, bio_err, prog)) goto shut; } - switch ((PROTOCOL_CHOICE) starttls_proto) { + switch ((PROTOCOL_CHOICE)starttls_proto) { case PROTO_OFF: break; case PROTO_LMTP: - case PROTO_SMTP: - { - /* - * This is an ugly hack that does a lot of assumptions. We do - * have to handle multi-line responses which may come in a single - * packet or not. We therefore have to use BIO_gets() which does - * need a buffering BIO. So during the initial chitchat we do - * push a buffering BIO into the chain that is removed again - * later on to not disturb the rest of the s_client operation. - */ - int foundit = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); + case PROTO_SMTP: { + /* + * This is an ugly hack that does a lot of assumptions. We do + * have to handle multi-line responses which may come in a single + * packet or not. We therefore have to use BIO_gets() which does + * need a buffering BIO. So during the initial chitchat we do + * push a buffering BIO into the chain that is removed again + * later on to not disturb the rest of the s_client operation. + */ + int foundit = 0; + BIO *fbio = BIO_new(BIO_f_buffer()); - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto shut; - } - BIO_push(fbio, sbio); - /* Wait for multi-line response to end from LMTP or SMTP */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - } while (mbuf_len > 3 && mbuf[3] == '-'); - if (protohost == NULL) - protohost = "mail.example.com"; - if (starttls_proto == (int)PROTO_LMTP) - BIO_printf(fbio, "LHLO %s\r\n", protohost); - else - BIO_printf(fbio, "EHLO %s\r\n", protohost); - (void)BIO_flush(fbio); - /* - * Wait for multi-line response to end LHLO LMTP or EHLO SMTP - * response. - */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - if (strstr(mbuf, "STARTTLS")) - foundit = 1; - } while (mbuf_len > 3 && mbuf[3] == '-'); - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - if (!foundit) - BIO_printf(bio_err, - "Didn't find STARTTLS in server response," - " trying anyway...\n"); - BIO_printf(sbio, "STARTTLS\r\n"); - BIO_read(sbio, sbuf, BUFSIZZ); + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto shut; } - break; - case PROTO_POP3: - { - BIO_read(sbio, mbuf, BUFSIZZ); - BIO_printf(sbio, "STLS\r\n"); - mbuf_len = BIO_read(sbio, sbuf, BUFSIZZ); - if (mbuf_len < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } + BIO_push(fbio, sbio); + /* Wait for multi-line response to end from LMTP or SMTP */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + } while (mbuf_len > 3 && mbuf[3] == '-'); + if (protohost == NULL) + protohost = "mail.example.com"; + if (starttls_proto == (int)PROTO_LMTP) + BIO_printf(fbio, "LHLO %s\r\n", protohost); + else + BIO_printf(fbio, "EHLO %s\r\n", protohost); + (void)BIO_flush(fbio); + /* + * Wait for multi-line response to end LHLO LMTP or EHLO SMTP + * response. + */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (strstr(mbuf, "STARTTLS")) + foundit = 1; + } while (mbuf_len > 3 && mbuf[3] == '-'); + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (!foundit) + BIO_printf(bio_err, + "Didn't find STARTTLS in server response," + " trying anyway...\n"); + BIO_printf(sbio, "STARTTLS\r\n"); + BIO_read(sbio, sbuf, BUFSIZZ); + } break; + case PROTO_POP3: { + BIO_read(sbio, mbuf, BUFSIZZ); + BIO_printf(sbio, "STLS\r\n"); + mbuf_len = BIO_read(sbio, sbuf, BUFSIZZ); + if (mbuf_len < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; } - break; - case PROTO_IMAP: - { - int foundit = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); + } break; + case PROTO_IMAP: { + int foundit = 0; + BIO *fbio = BIO_new(BIO_f_buffer()); - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto shut; - } - BIO_push(fbio, sbio); - BIO_gets(fbio, mbuf, BUFSIZZ); - /* STARTTLS command requires CAPABILITY... */ - BIO_printf(fbio, ". CAPABILITY\r\n"); - (void)BIO_flush(fbio); - /* wait for multi-line CAPABILITY response */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - if (strstr(mbuf, "STARTTLS")) - foundit = 1; - } - while (mbuf_len > 3 && mbuf[0] != '.'); - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - if (!foundit) - BIO_printf(bio_err, - "Didn't find STARTTLS in server response," - " trying anyway...\n"); - BIO_printf(sbio, ". STARTTLS\r\n"); - BIO_read(sbio, sbuf, BUFSIZZ); + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto shut; } - break; - case PROTO_FTP: - { - BIO *fbio = BIO_new(BIO_f_buffer()); - - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto shut; - } - BIO_push(fbio, sbio); - /* wait for multi-line response to end from FTP */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - } - while (mbuf_len > 3 && (!isdigit((unsigned char)mbuf[0]) || !isdigit((unsigned char)mbuf[1]) || !isdigit((unsigned char)mbuf[2]) || mbuf[3] != ' ')); - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - BIO_printf(sbio, "AUTH TLS\r\n"); - BIO_read(sbio, sbuf, BUFSIZZ); + BIO_push(fbio, sbio); + BIO_gets(fbio, mbuf, BUFSIZZ); + /* STARTTLS command requires CAPABILITY... */ + BIO_printf(fbio, ". CAPABILITY\r\n"); + (void)BIO_flush(fbio); + /* wait for multi-line CAPABILITY response */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (strstr(mbuf, "STARTTLS")) + foundit = 1; + } while (mbuf_len > 3 && mbuf[0] != '.'); + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (!foundit) + BIO_printf(bio_err, + "Didn't find STARTTLS in server response," + " trying anyway...\n"); + BIO_printf(sbio, ". STARTTLS\r\n"); + BIO_read(sbio, sbuf, BUFSIZZ); + } break; + case PROTO_FTP: { + BIO *fbio = BIO_new(BIO_f_buffer()); + + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto shut; } - break; + BIO_push(fbio, sbio); + /* wait for multi-line response to end from FTP */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + } while (mbuf_len > 3 && (!isdigit((unsigned char)mbuf[0]) || !isdigit((unsigned char)mbuf[1]) || !isdigit((unsigned char)mbuf[2]) || mbuf[3] != ' ')); + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + BIO_printf(sbio, "AUTH TLS\r\n"); + BIO_read(sbio, sbuf, BUFSIZZ); + } break; case PROTO_XMPP: - case PROTO_XMPP_SERVER: - { - int seen = 0; - BIO_printf(sbio, "", - starttls_proto == PROTO_XMPP ? "client" : "server", - protohost ? protohost : host); + case PROTO_XMPP_SERVER: { + int seen = 0; + BIO_printf(sbio, "", + starttls_proto == PROTO_XMPP ? "client" : "server", + protohost ? protohost : host); + seen = BIO_read(sbio, mbuf, BUFSIZZ); + if (seen < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; + } + mbuf[seen] = '\0'; + while (!strstr(mbuf, ""); - seen = BIO_read(sbio, sbuf, BUFSIZZ); - if (seen < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto shut; - } - sbuf[seen] = '\0'; - if (!strstr(sbuf, ""); + seen = BIO_read(sbio, sbuf, BUFSIZZ); + if (seen < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto shut; } - break; - case PROTO_IRC: - { - int numeric; - BIO *fbio = BIO_new(BIO_f_buffer()); - - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto end; - } - BIO_push(fbio, sbio); - BIO_printf(fbio, "STARTTLS\r\n"); - (void)BIO_flush(fbio); - width = SSL_get_fd(con) + 1; - - do { - numeric = 0; - - FD_ZERO(&readfds); - openssl_fdset(SSL_get_fd(con), &readfds); - timeout.tv_sec = S_CLIENT_IRC_READ_TIMEOUT; - timeout.tv_usec = 0; - /* - * If the IRCd doesn't respond within - * S_CLIENT_IRC_READ_TIMEOUT seconds, assume - * it doesn't support STARTTLS. Many IRCds - * will not give _any_ sort of response to a - * STARTTLS command when it's not supported. - */ - if (!BIO_get_buffer_num_lines(fbio) - && !BIO_pending(fbio) - && !BIO_pending(sbio) - && select(width, (void *)&readfds, NULL, NULL, - &timeout) < 1) { - BIO_printf(bio_err, - "Timeout waiting for response (%d seconds).\n", - S_CLIENT_IRC_READ_TIMEOUT); - break; - } + sbuf[seen] = '\0'; + if (!strstr(sbuf, "= bytes) { - BIO_printf(bio_err, "Cannot confirm server version. "); - goto shut; - } else if (packet[pos++] == '\0') { - break; - } - } + do { + numeric = 0; - /* make sure we have at least 15 bytes left in the packet */ - if (pos + 15 > bytes) { + FD_ZERO(&readfds); + openssl_fdset(SSL_get_fd(con), &readfds); + timeout.tv_sec = S_CLIENT_IRC_READ_TIMEOUT; + timeout.tv_usec = 0; + /* + * If the IRCd doesn't respond within + * S_CLIENT_IRC_READ_TIMEOUT seconds, assume + * it doesn't support STARTTLS. Many IRCds + * will not give _any_ sort of response to a + * STARTTLS command when it's not supported. + */ + if (!BIO_get_buffer_num_lines(fbio) + && !BIO_pending(fbio) + && !BIO_pending(sbio) + && select(width, (void *)&readfds, NULL, NULL, + &timeout) + < 1) { BIO_printf(bio_err, - "MySQL server handshake packet is broken.\n"); - goto shut; + "Timeout waiting for response (%d seconds).\n", + S_CLIENT_IRC_READ_TIMEOUT); + break; } - pos += 12; /* skip over conn id[4] + SALT[8] */ - if (packet[pos++] != '\0') { /* verify filler */ - BIO_printf(bio_err, - "MySQL packet is broken.\n"); - goto shut; + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (mbuf_len < 1 || sscanf(mbuf, "%*s %d", &numeric) != 1) + break; + /* :example.net 451 STARTTLS :You have not registered */ + /* :example.net 421 STARTTLS :Unknown command */ + if ((numeric == 451 || numeric == 421) + && strstr(mbuf, "STARTTLS") != NULL) { + BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf); + break; } + if (numeric == 691) { + BIO_printf(bio_err, "STARTTLS negotiation failed: "); + ERR_print_errors(bio_err); + break; + } + } while (numeric != 670); + + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (numeric != 670) { + BIO_printf(bio_err, "Server does not support STARTTLS.\n"); + ret = 1; + goto shut; + } + } break; + case PROTO_MYSQL: { + /* SSL request packet */ + static const unsigned char ssl_req[] = { + /* payload_length, sequence_id */ + 0x20, 0x00, 0x00, 0x01, + /* payload */ + /* capability flags, CLIENT_SSL always set */ + 0x85, 0xae, 0x7f, 0x00, + /* max-packet size */ + 0x00, 0x00, 0x00, 0x01, + /* character set */ + 0x21, + /* string[23] reserved (all [0]) */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + int bytes = 0; + int ssl_flg = 0x800; + int pos; + const unsigned char *packet = (const unsigned char *)sbuf; + + /* Receiving Initial Handshake packet. */ + bytes = BIO_read(sbio, (void *)packet, BUFSIZZ); + if (bytes < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto shut; + /* Packet length[3], Packet number[1] + minimum payload[17] */ + } else if (bytes < 21) { + BIO_printf(bio_err, "MySQL packet too short.\n"); + goto shut; + } else if (bytes != (4 + packet[0] + (packet[1] << 8) + (packet[2] << 16))) { + BIO_printf(bio_err, "MySQL packet length does not match.\n"); + goto shut; + /* protocol version[1] */ + } else if (packet[4] != 0xA) { + BIO_printf(bio_err, + "Only MySQL protocol version 10 is supported.\n"); + goto shut; + } - /* capability flags[2] */ - if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) { - BIO_printf(bio_err, "MySQL server does not support SSL.\n"); + pos = 5; + /* server version[string+NULL] */ + for (;;) { + if (pos >= bytes) { + BIO_printf(bio_err, "Cannot confirm server version. "); goto shut; + } else if (packet[pos++] == '\0') { + break; } + } - /* Sending SSL Handshake packet. */ - BIO_write(sbio, ssl_req, sizeof(ssl_req)); - (void)BIO_flush(sbio); + /* make sure we have at least 15 bytes left in the packet */ + if (pos + 15 > bytes) { + BIO_printf(bio_err, + "MySQL server handshake packet is broken.\n"); + goto shut; } - break; - case PROTO_POSTGRES: - { - static const unsigned char ssl_request[] = { - /* Length SSLRequest */ - 0, 0, 0, 8, 4, 210, 22, 47 - }; - int bytes; - - /* Send SSLRequest packet */ - BIO_write(sbio, ssl_request, 8); - (void)BIO_flush(sbio); - - /* Reply will be a single S if SSL is enabled */ - bytes = BIO_read(sbio, sbuf, BUFSIZZ); - if (bytes != 1 || sbuf[0] != 'S') - goto shut; + + pos += 12; /* skip over conn id[4] + SALT[8] */ + if (packet[pos++] != '\0') { /* verify filler */ + BIO_printf(bio_err, + "MySQL packet is broken.\n"); + goto shut; } - break; - case PROTO_NNTP: - { - int foundit = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto end; - } - BIO_push(fbio, sbio); - BIO_gets(fbio, mbuf, BUFSIZZ); - /* STARTTLS command requires CAPABILITIES... */ - BIO_printf(fbio, "CAPABILITIES\r\n"); - (void)BIO_flush(fbio); - BIO_gets(fbio, mbuf, BUFSIZZ); - /* no point in trying to parse the CAPABILITIES response if there is none */ - if (strstr(mbuf, "101") != NULL) { - /* wait for multi-line CAPABILITIES response */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - if (strstr(mbuf, "STARTTLS")) - foundit = 1; - } while (mbuf_len > 1 && mbuf[0] != '.'); - } - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - if (!foundit) - BIO_printf(bio_err, - "Didn't find STARTTLS in server response," - " trying anyway...\n"); - BIO_printf(sbio, "STARTTLS\r\n"); - mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); - if (mbuf_len < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } - mbuf[mbuf_len] = '\0'; - if (strstr(mbuf, "382") == NULL) { - BIO_printf(bio_err, "STARTTLS failed: %s", mbuf); - goto shut; - } + /* capability flags[2] */ + if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) { + BIO_printf(bio_err, "MySQL server does not support SSL.\n"); + goto shut; } - break; - case PROTO_SIEVE: - { - int foundit = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto end; - } - BIO_push(fbio, sbio); - /* wait for multi-line response to end from Sieve */ + /* Sending SSL Handshake packet. */ + BIO_write(sbio, ssl_req, sizeof(ssl_req)); + (void)BIO_flush(sbio); + } break; + case PROTO_POSTGRES: { + static const unsigned char ssl_request[] = { + /* Length SSLRequest */ + 0, 0, 0, 8, 4, 210, 22, 47 + }; + int bytes; + + /* Send SSLRequest packet */ + BIO_write(sbio, ssl_request, 8); + (void)BIO_flush(sbio); + + /* Reply will be a single S if SSL is enabled */ + bytes = BIO_read(sbio, sbuf, BUFSIZZ); + if (bytes != 1 || sbuf[0] != 'S') + goto shut; + } break; + case PROTO_NNTP: { + int foundit = 0; + BIO *fbio = BIO_new(BIO_f_buffer()); + + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto end; + } + BIO_push(fbio, sbio); + BIO_gets(fbio, mbuf, BUFSIZZ); + /* STARTTLS command requires CAPABILITIES... */ + BIO_printf(fbio, "CAPABILITIES\r\n"); + (void)BIO_flush(fbio); + BIO_gets(fbio, mbuf, BUFSIZZ); + /* no point in trying to parse the CAPABILITIES response if there is none */ + if (strstr(mbuf, "101") != NULL) { + /* wait for multi-line CAPABILITIES response */ do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - /* - * According to RFC 5804 § 1.7, capability - * is case-insensitive, make it uppercase - */ - if (mbuf_len > 1 && mbuf[0] == '"') { - make_uppercase(mbuf); - if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0) - foundit = 1; - } - } while (mbuf_len > 1 && mbuf[0] == '"'); - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - if (!foundit) - BIO_printf(bio_err, - "Didn't find STARTTLS in server response," - " trying anyway...\n"); - BIO_printf(sbio, "STARTTLS\r\n"); - mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); - if (mbuf_len < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } - mbuf[mbuf_len] = '\0'; - if (mbuf_len < 2) { - BIO_printf(bio_err, "STARTTLS failed: %s", mbuf); - goto shut; - } + if (strstr(mbuf, "STARTTLS")) + foundit = 1; + } while (mbuf_len > 1 && mbuf[0] != '.'); + } + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (!foundit) + BIO_printf(bio_err, + "Didn't find STARTTLS in server response," + " trying anyway...\n"); + BIO_printf(sbio, "STARTTLS\r\n"); + mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); + if (mbuf_len < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; + } + mbuf[mbuf_len] = '\0'; + if (strstr(mbuf, "382") == NULL) { + BIO_printf(bio_err, "STARTTLS failed: %s", mbuf); + goto shut; + } + } break; + case PROTO_SIEVE: { + int foundit = 0; + BIO *fbio = BIO_new(BIO_f_buffer()); + + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto end; + } + BIO_push(fbio, sbio); + /* wait for multi-line response to end from Sieve */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); /* - * According to RFC 5804 § 2.2, response codes are case- - * insensitive, make it uppercase but preserve the response. + * According to RFC 5804 § 1.7, capability + * is case-insensitive, make it uppercase */ - strncpy(sbuf, mbuf, 2); - make_uppercase(sbuf); - if (strncmp(sbuf, "OK", 2) != 0) { - BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf); - goto shut; + if (mbuf_len > 1 && mbuf[0] == '"') { + make_uppercase(mbuf); + if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0) + foundit = 1; } + } while (mbuf_len > 1 && mbuf[0] == '"'); + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (!foundit) + BIO_printf(bio_err, + "Didn't find STARTTLS in server response," + " trying anyway...\n"); + BIO_printf(sbio, "STARTTLS\r\n"); + mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); + if (mbuf_len < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; } - break; - case PROTO_LDAP: - { - /* StartTLS Operation according to RFC 4511 */ - static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n" - "[LDAPMessage]\n" - "messageID=INTEGER:1\n" - "extendedReq=EXPLICIT:23A,IMPLICIT:0C," - "FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n"; - long errline = -1; - char *genstr = NULL; - int result = -1; - ASN1_TYPE *atyp = NULL; - BIO *ldapbio = BIO_new(BIO_s_mem()); - CONF *cnf = NCONF_new(NULL); - - if (ldapbio == NULL || cnf == NULL) { - BIO_free(ldapbio); - NCONF_free(cnf); - goto end; - } - BIO_puts(ldapbio, ldap_tls_genconf); - if (NCONF_load_bio(cnf, ldapbio, &errline) <= 0) { - BIO_free(ldapbio); - NCONF_free(cnf); - if (errline <= 0) { - BIO_printf(bio_err, "NCONF_load_bio failed\n"); - goto end; - } else { - BIO_printf(bio_err, "Error on line %ld\n", errline); - goto end; - } - } + mbuf[mbuf_len] = '\0'; + if (mbuf_len < 2) { + BIO_printf(bio_err, "STARTTLS failed: %s", mbuf); + goto shut; + } + /* + * According to RFC 5804 § 2.2, response codes are case- + * insensitive, make it uppercase but preserve the response. + */ + strncpy(sbuf, mbuf, 2); + make_uppercase(sbuf); + if (strncmp(sbuf, "OK", 2) != 0) { + BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf); + goto shut; + } + } break; + case PROTO_LDAP: { + /* StartTLS Operation according to RFC 4511 */ + static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n" + "[LDAPMessage]\n" + "messageID=INTEGER:1\n" + "extendedReq=EXPLICIT:23A,IMPLICIT:0C," + "FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n"; + long errline = -1; + char *genstr = NULL; + int result = -1; + ASN1_TYPE *atyp = NULL; + BIO *ldapbio = BIO_new(BIO_s_mem()); + CONF *cnf = NCONF_new(NULL); + + if (ldapbio == NULL || cnf == NULL) { + BIO_free(ldapbio); + NCONF_free(cnf); + goto end; + } + BIO_puts(ldapbio, ldap_tls_genconf); + if (NCONF_load_bio(cnf, ldapbio, &errline) <= 0) { BIO_free(ldapbio); - genstr = NCONF_get_string(cnf, "default", "asn1"); - if (genstr == NULL) { - NCONF_free(cnf); - BIO_printf(bio_err, "NCONF_get_string failed\n"); + NCONF_free(cnf); + if (errline <= 0) { + BIO_printf(bio_err, "NCONF_load_bio failed\n"); goto end; - } - atyp = ASN1_generate_nconf(genstr, cnf); - if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) { - NCONF_free(cnf); - ASN1_TYPE_free(atyp); - BIO_printf(bio_err, "ASN1_generate_nconf failed\n"); + } else { + BIO_printf(bio_err, "Error on line %ld\n", errline); goto end; } + } + BIO_free(ldapbio); + genstr = NCONF_get_string(cnf, "default", "asn1"); + if (genstr == NULL) { + NCONF_free(cnf); + BIO_printf(bio_err, "NCONF_get_string failed\n"); + goto end; + } + atyp = ASN1_generate_nconf(genstr, cnf); + if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) { NCONF_free(cnf); - - /* Send SSLRequest packet */ - BIO_write(sbio, atyp->value.sequence->data, - atyp->value.sequence->length); - (void)BIO_flush(sbio); ASN1_TYPE_free(atyp); + BIO_printf(bio_err, "ASN1_generate_nconf failed\n"); + goto end; + } + NCONF_free(cnf); - mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); - if (mbuf_len < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } - result = ldap_ExtendedResponse_parse(mbuf, mbuf_len); - if (result < 0) { - BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n"); - goto shut; - } else if (result > 0) { - BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n", - result); - goto shut; - } - mbuf_len = 0; + /* Send SSLRequest packet */ + BIO_write(sbio, atyp->value.sequence->data, + atyp->value.sequence->length); + (void)BIO_flush(sbio); + ASN1_TYPE_free(atyp); + + mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); + if (mbuf_len < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; } - break; + result = ldap_ExtendedResponse_parse(mbuf, mbuf_len); + if (result < 0) { + BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n"); + goto shut; + } else if (result > 0) { + BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n", + result); + goto shut; + } + mbuf_len = 0; + } break; } if (early_data_file != NULL - && ((SSL_get0_session(con) != NULL - && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) - || (psksess != NULL - && SSL_SESSION_get_max_early_data(psksess) > 0))) { + && ((SSL_get0_session(con) != NULL + && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) + || (psksess != NULL + && SSL_SESSION_get_max_early_data(psksess) > 0))) { BIO *edfile = BIO_new_file(early_data_file, "r"); size_t readbytes, writtenbytes; int finish = 0; @@ -2730,7 +2787,7 @@ timeoutp = NULL; if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0 - && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) { + && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) { in_init = 1; tty_on = 0; } else { @@ -2756,7 +2813,7 @@ if (reconnect) { reconnect--; BIO_printf(bio_c_out, - "drop connection and then reconnect\n"); + "drop connection and then reconnect\n"); do_ssl_shutdown(con); SSL_set_connect_state(con); BIO_closesocket(SSL_get_fd(con)); @@ -2816,20 +2873,20 @@ tv.tv_sec = 1; tv.tv_usec = 0; i = select(width, (void *)&readfds, (void *)&writefds, - NULL, &tv); + NULL, &tv); if (!i && (!has_stdin_waiting() || !read_tty)) continue; } else i = select(width, (void *)&readfds, (void *)&writefds, - NULL, timeoutp); + NULL, timeoutp); } #else i = select(width, (void *)&readfds, (void *)&writefds, - NULL, timeoutp); + NULL, timeoutp); #endif if (i < 0) { BIO_printf(bio_err, "bad select %d\n", - get_last_socket_error()); + get_last_socket_error()); goto shut; } } @@ -2849,7 +2906,7 @@ if (cbuf_len <= 0) { read_tty = 1; write_ssl = 0; - } else { /* if (cbuf_len > 0) */ + } else { /* if (cbuf_len > 0) */ read_tty = 0; write_ssl = 1; @@ -2889,7 +2946,7 @@ case SSL_ERROR_SYSCALL: if ((k != 0) || (cbuf_len != 0)) { BIO_printf(bio_err, "write:errno=%d\n", - get_last_socket_error()); + get_last_socket_error()); goto shut; } else { read_tty = 1; @@ -2937,7 +2994,7 @@ } } #endif - k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); + k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */); switch (SSL_get_error(con, k)) { case SSL_ERROR_NONE: @@ -3032,12 +3089,12 @@ BIO_printf(bio_err, "RENEGOTIATING\n"); SSL_renegotiate(con); cbuf_len = 0; - } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) - && cmdletters) { + } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k') + && cmdletters) { BIO_printf(bio_err, "KEYUPDATE\n"); SSL_key_update(con, - cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED - : SSL_KEY_UPDATE_NOT_REQUESTED); + cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED + : SSL_KEY_UPDATE_NOT_REQUESTED); cbuf_len = 0; } else { cbuf_len = i; @@ -3052,7 +3109,7 @@ } } - shut: +shut: if (in_init) print_stuff(bio_c_out, con, full_log); do_ssl_shutdown(con); @@ -3074,15 +3131,15 @@ * data. [In testing context this ensures that alerts are passed on...] */ timeout.tv_sec = 0; - timeout.tv_usec = 500000; /* some extreme round-trip */ + timeout.tv_usec = 500000; /* some extreme round-trip */ do { FD_ZERO(&readfds); openssl_fdset(sock, &readfds); } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 - && BIO_read(sbio, sbuf, BUFSIZZ) > 0); + && BIO_read(sbio, sbuf, BUFSIZZ) > 0); BIO_closesocket(SSL_get_fd(con)); - end: +end: if (con != NULL) { if (prexit != 0) print_stuff(bio_c_out, con, 1); @@ -3162,9 +3219,9 @@ public_key = X509_get_pubkey(sk_X509_value(sk, i)); if (public_key != NULL) { BIO_printf(bio, " a:PKEY: %s, %d (bit); sigalg: %s\n", - OBJ_nid2sn(EVP_PKEY_get_base_id(public_key)), - EVP_PKEY_get_bits(public_key), - OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i)))); + OBJ_nid2sn(EVP_PKEY_get_base_id(public_key)), + EVP_PKEY_get_bits(public_key), + OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i)))); EVP_PKEY_free(public_key); } BIO_printf(bio, " v:NotBefore: "); @@ -3217,7 +3274,7 @@ SCT *sct = sk_SCT_value(scts, i); BIO_printf(bio, "SCT validation status: %s\n", - SCT_validation_status_string(sct)); + SCT_validation_status_string(sct)); SCT_print(sct, bio, 0, log_store); if (i < sct_count - 1) BIO_printf(bio, "\n---\n"); @@ -3228,32 +3285,32 @@ #endif BIO_printf(bio, - "---\nSSL handshake has read %ju bytes " - "and written %ju bytes\n", - BIO_number_read(SSL_get_rbio(s)), - BIO_number_written(SSL_get_wbio(s))); + "---\nSSL handshake has read %ju bytes " + "and written %ju bytes\n", + BIO_number_read(SSL_get_rbio(s)), + BIO_number_written(SSL_get_wbio(s))); } print_verify_detail(s, bio); BIO_printf(bio, (SSL_session_reused(s) ? "---\nReused, " : "---\nNew, ")); c = SSL_get_current_cipher(s); BIO_printf(bio, "%s, Cipher is %s\n", - SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); + SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); if (peer != NULL) { EVP_PKEY *pktmp; pktmp = X509_get0_pubkey(peer); BIO_printf(bio, "Server public key is %d bit\n", - EVP_PKEY_get_bits(pktmp)); + EVP_PKEY_get_bits(pktmp)); } BIO_printf(bio, "Secure Renegotiation IS%s supported\n", - SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); + SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); #ifndef OPENSSL_NO_COMP comp = SSL_get_current_compression(s); expansion = SSL_get_current_expansion(s); BIO_printf(bio, "Compression: %s\n", - comp ? SSL_COMP_get_name(comp) : "NONE"); + comp ? SSL_COMP_get_name(comp) : "NONE"); BIO_printf(bio, "Expansion: %s\n", - expansion ? SSL_COMP_get_name(expansion) : "NONE"); + expansion ? SSL_COMP_get_name(expansion) : "NONE"); #endif #ifndef OPENSSL_NO_KTLS if (BIO_get_ktls_send(SSL_get_wbio(s))) @@ -3271,7 +3328,7 @@ if ((info.addr = BIO_ADDR_new()) != NULL && BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) { BIO_printf(bio_c_out, "LOCAL PORT is %u\n", - ntohs(BIO_ADDR_rawport(info.addr))); + ntohs(BIO_ADDR_rawport(info.addr))); } BIO_ADDR_free(info.addr); } @@ -3300,12 +3357,11 @@ #ifndef OPENSSL_NO_SRTP { - SRTP_PROTECTION_PROFILE *srtp_profile = - SSL_get_selected_srtp_profile(s); + SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(s); if (srtp_profile) BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n", - srtp_profile->name); + srtp_profile->name); } #endif @@ -3322,7 +3378,6 @@ case SSL_EARLY_DATA_ACCEPTED: BIO_printf(bio, "Early data was accepted\n"); break; - } /* @@ -3332,7 +3387,7 @@ */ verify_result = SSL_get_verify_result(s); BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result, - X509_verify_cert_error_string(verify_result)); + X509_verify_cert_error_string(verify_result)); } else { /* In TLSv1.3 we do this on arrival of a NewSessionTicket */ SSL_SESSION_print(bio, SSL_get_session(s)); @@ -3344,10 +3399,11 @@ BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); exportedkeymat = app_malloc(keymatexportlen, "export key"); if (SSL_export_keying_material(s, exportedkeymat, - keymatexportlen, - keymatexportlabel, - strlen(keymatexportlabel), - NULL, 0, 0) <= 0) { + keymatexportlen, + keymatexportlabel, + strlen(keymatexportlabel), + NULL, 0, 0) + <= 0) { BIO_printf(bio, " Error\n"); } else { BIO_printf(bio, " Keying material: "); @@ -3362,7 +3418,7 @@ (void)BIO_flush(bio); } -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg) { const unsigned char *p; @@ -3386,7 +3442,7 @@ OCSP_RESPONSE_free(rsp); return 1; } -# endif +#endif static int ldap_ExtendedResponse_parse(const char *buf, long rem) { @@ -3426,18 +3482,16 @@ /* pull SEQUENCE */ inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); - if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE || - (rem = end - cur, len > rem)) { + if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE || (rem = end - cur, len > rem)) { BIO_printf(bio_err, "Unexpected LDAP response\n"); goto end; } - rem = len; /* ensure that we don't overstep the SEQUENCE */ + rem = len; /* ensure that we don't overstep the SEQUENCE */ /* pull MessageID */ inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); - if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER || - (rem = end - cur, len > rem)) { + if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER || (rem = end - cur, len > rem)) { BIO_printf(bio_err, "No MessageID\n"); goto end; } @@ -3447,8 +3501,7 @@ /* pull [APPLICATION 24] */ rem = end - cur; inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); - if (inf != V_ASN1_CONSTRUCTED || xclass != V_ASN1_APPLICATION || - tag != 24) { + if (inf != V_ASN1_CONSTRUCTED || xclass != V_ASN1_APPLICATION || tag != 24) { BIO_printf(bio_err, "Not ExtendedResponse\n"); goto end; } @@ -3456,8 +3509,7 @@ /* pull resultCode */ rem = end - cur; inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); - if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_ENUMERATED || len == 0 || - (rem = end - cur, len > rem)) { + if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_ENUMERATED || len == 0 || (rem = end - cur, len > rem)) { BIO_printf(bio_err, "Not LDAPResult\n"); goto end; } @@ -3468,7 +3520,7 @@ ret |= cur[inf]; } /* There is more data, but we don't care... */ - end: +end: return ret; } @@ -3537,4 +3589,4 @@ return isdnsname; } -#endif /* OPENSSL_NO_SOCK */ +#endif /* OPENSSL_NO_SOCK */ --- crypto/openssl/apps/s_server.c.orig +++ crypto/openssl/apps/s_server.c @@ -15,7 +15,7 @@ #include #if defined(_WIN32) /* Included before async.h to avoid some warnings */ -# include +#include #endif #include @@ -32,7 +32,7 @@ * needed to have fileno() declared correctly... So let's define u_int */ #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -# define __U_INT +#define __U_INT typedef unsigned int u_int; #endif @@ -46,7 +46,7 @@ #include #include #ifndef OPENSSL_NO_DH -# include +#include #endif #include #include "s_apps.h" @@ -64,7 +64,7 @@ static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp, SSL_CTX *ctx); static int generate_session_id(SSL *ssl, unsigned char *id, - unsigned int *id_len); + unsigned int *id_len); static void init_session_cache_ctx(SSL_CTX *sctx); static void free_sessions(void); static void print_connection_info(SSL *con); @@ -72,8 +72,8 @@ static const int bufsize = 16 * 1024; static int accept_socket = -1; -#define TEST_CERT "server.pem" -#define TEST_CERT2 "server2.pem" +#define TEST_CERT "server.pem" +#define TEST_CERT2 "server2.pem" static int s_nbio = 0; static int s_nbio_test = 0; @@ -116,14 +116,14 @@ static SSL_SESSION *psksess = NULL; static char *psk_identity = "Client_identity"; -char *psk_key = NULL; /* by default PSK is not used */ +char *psk_key = NULL; /* by default PSK is not used */ static char http_server_binmode = 0; /* for now: 0/1 = default/binary */ #ifndef OPENSSL_NO_PSK static unsigned int psk_server_cb(SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len) + unsigned char *psk, + unsigned int max_psk_len) { long key_len = 0; unsigned char *key; @@ -147,28 +147,29 @@ } if (s_debug) BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", - (int)strlen(identity), identity); + (int)strlen(identity), identity); /* here we could lookup the given identity e.g. from a database */ if (strcmp(identity, psk_identity) != 0) { BIO_printf(bio_s_out, "PSK warning: client identity not what we expected" - " (got '%s' expected '%s')\n", identity, psk_identity); + " (got '%s' expected '%s')\n", + identity, psk_identity); } else { - if (s_debug) - BIO_printf(bio_s_out, "PSK client identity found\n"); + if (s_debug) + BIO_printf(bio_s_out, "PSK client identity found\n"); } /* convert the PSK key to binary */ key = OPENSSL_hexstr2buf(psk_key, &key_len); if (key == NULL) { BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", - psk_key); + psk_key); return 0; } if (key_len > (int)max_psk_len) { BIO_printf(bio_err, - "psk buffer of callback is too small (%d) for key (%ld)\n", - max_psk_len, key_len); + "psk buffer of callback is too small (%d) for key (%ld)\n", + max_psk_len, key_len); OPENSSL_free(key); return 0; } @@ -179,7 +180,7 @@ if (s_debug) BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len); return key_len; - out_err: +out_err: if (s_debug) BIO_printf(bio_err, "Error in PSK server callback\n"); (void)BIO_flush(bio_err); @@ -189,7 +190,7 @@ #endif static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, - size_t identity_len, SSL_SESSION **sess) + size_t identity_len, SSL_SESSION **sess) { SSL_SESSION *tmpsess = NULL; unsigned char *key; @@ -197,7 +198,7 @@ const SSL_CIPHER *cipher = NULL; if (strlen(psk_identity) != identity_len - || memcmp(psk_identity, identity, identity_len) != 0) { + || memcmp(psk_identity, identity, identity_len) != 0) { *sess = NULL; return 1; } @@ -211,7 +212,7 @@ key = OPENSSL_hexstr2buf(psk_key, &key_len); if (key == NULL) { BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", - psk_key); + psk_key); return 0; } @@ -225,9 +226,9 @@ tmpsess = SSL_SESSION_new(); if (tmpsess == NULL - || !SSL_SESSION_set1_master_key(tmpsess, key, key_len) - || !SSL_SESSION_set_cipher(tmpsess, cipher) - || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) { + || !SSL_SESSION_set1_master_key(tmpsess, key, key_len) + || !SSL_SESSION_set_cipher(tmpsess, cipher) + || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) { OPENSSL_free(key); SSL_SESSION_free(tmpsess); return 0; @@ -254,7 +255,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size); static int ebcdic_puts(BIO *bp, const char *str); -# define BIO_TYPE_EBCDIC_FILTER (18|0x0200) +#define BIO_TYPE_EBCDIC_FILTER (18 | 0x0200) static BIO_METHOD *methods_ebcdic = NULL; /* This struct is "unwarranted chumminess with the compiler." */ @@ -267,7 +268,7 @@ { if (methods_ebcdic == NULL) { methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER, - "EBCDIC/ASCII filter"); + "EBCDIC/ASCII filter"); if (methods_ebcdic == NULL || !BIO_meth_set_write(methods_ebcdic, ebcdic_write) || !BIO_meth_set_read(methods_ebcdic, ebcdic_read) @@ -336,10 +337,10 @@ if (next == NULL) return 0; - wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b); + wbuf = (EBCDIC_OUTBUFF *)BIO_get_data(b); if (inl > (num = wbuf->alloced)) { - num = num + num; /* double the size */ + num = num + num; /* double the size */ if (num < inl) num = inl; OPENSSL_free(wbuf); @@ -383,7 +384,7 @@ if (next == NULL) return 0; -/* return(BIO_gets(bp->next_bio,buf,size));*/ + /* return(BIO_gets(bp->next_bio,buf,size));*/ for (i = 0; i < size - 1; ++i) { ret = ebcdic_read(bp, &buf[i], 1); if (ret <= 0) @@ -415,7 +416,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) { - tlsextctx *p = (tlsextctx *) arg; + tlsextctx *p = (tlsextctx *)arg; const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); if (servername != NULL && p->biodebug != NULL) { @@ -425,7 +426,7 @@ BIO_printf(p->biodebug, "Hostname in TLS extension: \""); while ((uc = *cp++) != 0) BIO_printf(p->biodebug, - (((uc) & ~127) == 0) && isprint(uc) ? "%c" : "\\x%02x", uc); + (((uc) & ~127) == 0) && isprint(uc) ? "%c" : "\\x%02x", uc); BIO_printf(p->biodebug, "\"\n"); } @@ -467,7 +468,7 @@ * them until they were considered "expired". */ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, - OCSP_RESPONSE **resp) + OCSP_RESPONSE **resp) { char *host = NULL, *port = NULL, *path = NULL; char *proxy = NULL, *no_proxy = NULL; @@ -487,17 +488,17 @@ aia = X509_get1_ocsp(x); if (aia != NULL) { if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), &use_ssl, - NULL, &host, &port, NULL, &path, NULL, NULL)) { + NULL, &host, &port, NULL, &path, NULL, NULL)) { BIO_puts(bio_err, "cert_status: can't parse AIA URL\n"); goto err; } if (srctx->verbose) BIO_printf(bio_err, "cert_status: AIA URL: %s\n", - sk_OPENSSL_STRING_value(aia, 0)); + sk_OPENSSL_STRING_value(aia, 0)); } else { if (srctx->host == NULL) { BIO_puts(bio_err, - "cert_status: no AIA and no default responder URL\n"); + "cert_status: no AIA and no default responder URL\n"); goto done; } host = srctx->host; @@ -512,11 +513,11 @@ if (inctx == NULL) goto err; if (!X509_STORE_CTX_init(inctx, - SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), - NULL, NULL)) + SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), + NULL, NULL)) goto err; obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509, - X509_get_issuer_name(x)); + X509_get_issuer_name(x)); if (obj == NULL) { BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n"); goto done; @@ -539,7 +540,7 @@ goto err; } *resp = process_responder(req, host, port, path, proxy, no_proxy, - use_ssl, NULL /* headers */, srctx->timeout); + use_ssl, NULL /* headers */, srctx->timeout); if (*resp == NULL) { BIO_puts(bio_err, "cert_status: error querying responder\n"); goto done; @@ -548,9 +549,9 @@ ret = SSL_TLSEXT_ERR_OK; goto done; - err: +err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; - done: +done: /* * If we parsed aia we need to free; otherwise they were copied and we * don't @@ -613,7 +614,7 @@ ret = SSL_TLSEXT_ERR_OK; - err: +err: if (ret != SSL_TLSEXT_ERR_OK) ERR_print_errors(bio_err); @@ -631,7 +632,7 @@ } tlsextnextprotoctx; static int next_proto_cb(SSL *s, const unsigned char **data, - unsigned int *len, void *arg) + unsigned int *len, void *arg) { tlsextnextprotoctx *next_proto = arg; @@ -640,7 +641,7 @@ return SSL_TLSEXT_ERR_OK; } -#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ +#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ /* This the context that we pass to alpn_cb */ typedef struct tlsextalpnctx_st { @@ -649,7 +650,7 @@ } tlsextalpnctx; static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg) + const unsigned char *in, unsigned int inlen, void *arg) { tlsextalpnctx *alpn_ctx = arg; @@ -666,9 +667,9 @@ BIO_write(bio_s_out, "\n", 1); } - if (SSL_select_next_proto - ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, - inlen) != OPENSSL_NPN_NEGOTIATED) { + if (SSL_select_next_proto((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, + inlen) + != OPENSSL_NPN_NEGOTIATED) { return SSL_TLSEXT_ERR_ALERT_FATAL; } @@ -690,34 +691,127 @@ typedef enum OPTION_choice { OPT_COMMON, OPT_ENGINE, - OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, - OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL, - OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM, - OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT, - OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT, - OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE, - OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET, - OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, + OPT_4, + OPT_6, + OPT_ACCEPT, + OPT_PORT, + OPT_UNIX, + OPT_UNLINK, + OPT_NACCEPT, + OPT_VERIFY, + OPT_NAMEOPT, + OPT_UPPER_V_VERIFY, + OPT_CONTEXT, + OPT_CERT, + OPT_CRL, + OPT_CRL_DOWNLOAD, + OPT_SERVERINFO, + OPT_CERTFORM, + OPT_KEY, + OPT_KEYFORM, + OPT_PASS, + OPT_CERT_CHAIN, + OPT_DHPARAM, + OPT_DCERTFORM, + OPT_DCERT, + OPT_DKEYFORM, + OPT_DPASS, + OPT_DKEY, + OPT_DCERT_CHAIN, + OPT_NOCERT, + OPT_CAPATH, + OPT_NOCAPATH, + OPT_CHAINCAPATH, + OPT_VERIFYCAPATH, + OPT_NO_CACHE, + OPT_EXT_CACHE, + OPT_CRLFORM, + OPT_VERIFY_RET_ERROR, + OPT_VERIFY_QUIET, + OPT_BUILD_CHAIN, + OPT_CAFILE, + OPT_NOCAFILE, + OPT_CHAINCAFILE, OPT_VERIFYCAFILE, - OPT_CASTORE, OPT_NOCASTORE, OPT_CHAINCASTORE, OPT_VERIFYCASTORE, - OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF, - OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, - OPT_STATUS_TIMEOUT, OPT_PROXY, OPT_NO_PROXY, OPT_STATUS_URL, - OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE, - OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, - OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, - OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK, - OPT_PSK_SESS, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, - OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG, - OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, - OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, - OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS, - OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, - OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SENDFILE, - OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, - OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, - OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, - OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, + OPT_CASTORE, + OPT_NOCASTORE, + OPT_CHAINCASTORE, + OPT_VERIFYCASTORE, + OPT_NBIO, + OPT_NBIO_TEST, + OPT_IGN_EOF, + OPT_NO_IGN_EOF, + OPT_DEBUG, + OPT_TLSEXTDEBUG, + OPT_STATUS, + OPT_STATUS_VERBOSE, + OPT_STATUS_TIMEOUT, + OPT_PROXY, + OPT_NO_PROXY, + OPT_STATUS_URL, + OPT_STATUS_FILE, + OPT_MSG, + OPT_MSGFILE, + OPT_TRACE, + OPT_SECURITY_DEBUG, + OPT_SECURITY_DEBUG_VERBOSE, + OPT_STATE, + OPT_CRLF, + OPT_QUIET, + OPT_BRIEF, + OPT_NO_DHE, + OPT_NO_RESUME_EPHEMERAL, + OPT_PSK_IDENTITY, + OPT_PSK_HINT, + OPT_PSK, + OPT_PSK_SESS, + OPT_SRPVFILE, + OPT_SRPUSERSEED, + OPT_REV, + OPT_WWW, + OPT_UPPER_WWW, + OPT_HTTP, + OPT_ASYNC, + OPT_SSL_CONFIG, + OPT_MAX_SEND_FRAG, + OPT_SPLIT_SEND_FRAG, + OPT_MAX_PIPELINES, + OPT_READ_BUF, + OPT_SSL3, + OPT_TLS1_3, + OPT_TLS1_2, + OPT_TLS1_1, + OPT_TLS1, + OPT_DTLS, + OPT_DTLS1, + OPT_DTLS1_2, + OPT_SCTP, + OPT_TIMEOUT, + OPT_MTU, + OPT_LISTEN, + OPT_STATELESS, + OPT_ID_PREFIX, + OPT_SERVERNAME, + OPT_SERVERNAME_FATAL, + OPT_CERT2, + OPT_KEY2, + OPT_NEXTPROTONEG, + OPT_ALPN, + OPT_SENDFILE, + OPT_SRTP_PROFILES, + OPT_KEYMATEXPORT, + OPT_KEYMATEXPORTLEN, + OPT_KEYLOG_FILE, + OPT_MAX_EARLY, + OPT_RECV_MAX_EARLY, + OPT_EARLY_DATA, + OPT_S_NUM_TICKETS, + OPT_ANTI_REPLAY, + OPT_NO_ANTI_REPLAY, + OPT_SCTP_LABEL_BUG, + OPT_HTTP_SERVER_BINMODE, + OPT_NOCANAMES, + OPT_IGNORE_UNEXPECTED_EOF, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -727,239 +821,239 @@ const OPTIONS s_server_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"ssl_config", OPT_SSL_CONFIG, 's', - "Configure SSL_CTX using the given configuration value"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "ssl_config", OPT_SSL_CONFIG, 's', + "Configure SSL_CTX using the given configuration value" }, #ifndef OPENSSL_NO_SSL_TRACE - {"trace", OPT_TRACE, '-', "trace protocol messages"}, + { "trace", OPT_TRACE, '-', "trace protocol messages" }, #endif #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Network"), - {"port", OPT_PORT, 'p', - "TCP/IP port to listen on for connections (default is " PORT ")"}, - {"accept", OPT_ACCEPT, 's', - "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")"}, + { "port", OPT_PORT, 'p', + "TCP/IP port to listen on for connections (default is " PORT ")" }, + { "accept", OPT_ACCEPT, 's', + "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")" }, #ifdef AF_UNIX - {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"}, - {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"}, + { "unix", OPT_UNIX, 's', "Unix domain socket to accept on" }, + { "unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first" }, #endif - {"4", OPT_4, '-', "Use IPv4 only"}, - {"6", OPT_6, '-', "Use IPv6 only"}, + { "4", OPT_4, '-', "Use IPv4 only" }, + { "6", OPT_6, '-', "Use IPv6 only" }, OPT_SECTION("Identity"), - {"context", OPT_CONTEXT, 's', "Set session ID context"}, - {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store URI"}, - {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, - {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"}, - {"Verify", OPT_UPPER_V_VERIFY, 'n', - "Turn on peer certificate verification, must have a cert"}, - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"cert", OPT_CERT, '<', "Server certificate file to use; default " TEST_CERT}, - {"cert2", OPT_CERT2, '<', - "Certificate file to use for servername; default " TEST_CERT2}, - {"certform", OPT_CERTFORM, 'F', - "Server certificate file format (PEM/DER/P12); has no effect"}, - {"cert_chain", OPT_CERT_CHAIN, '<', - "Server certificate chain file in PEM format"}, - {"build_chain", OPT_BUILD_CHAIN, '-', "Build server certificate chain"}, - {"serverinfo", OPT_SERVERINFO, 's', - "PEM serverinfo file for certificate"}, - {"key", OPT_KEY, 's', - "Private key file to use; default is -cert file or else" TEST_CERT}, - {"key2", OPT_KEY2, '<', - "-Private Key file to use for servername if not in -cert2"}, - {"keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)"}, - {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"}, - {"dcert", OPT_DCERT, '<', - "Second server certificate file to use (usually for DSA)"}, - {"dcertform", OPT_DCERTFORM, 'F', - "Second server certificate file format (PEM/DER/P12); has no effect"}, - {"dcert_chain", OPT_DCERT_CHAIN, '<', - "second server certificate chain file in PEM format"}, - {"dkey", OPT_DKEY, '<', - "Second private key file to use (usually for DSA)"}, - {"dkeyform", OPT_DKEYFORM, 'f', - "Second key file format (ENGINE, other values ignored)"}, - {"dpass", OPT_DPASS, 's', - "Second private key and cert file pass phrase source"}, - {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"}, - {"servername", OPT_SERVERNAME, 's', - "Servername for HostName TLS extension"}, - {"servername_fatal", OPT_SERVERNAME_FATAL, '-', - "On servername mismatch send fatal alert (default warning alert)"}, - {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"}, - {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, - {"quiet", OPT_QUIET, '-', "No server output"}, - {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', - "Disable caching and tickets if ephemeral (EC)DH is used"}, - {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, - {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, - {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', - "Do not treat lack of close_notify from a peer as an error"}, - {"tlsextdebug", OPT_TLSEXTDEBUG, '-', - "Hex dump of all TLS extensions received"}, - {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"}, - {"id_prefix", OPT_ID_PREFIX, 's', - "Generate SSL/TLS session IDs prefixed by arg"}, - {"keymatexport", OPT_KEYMATEXPORT, 's', - "Export keying material using label"}, - {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', - "Export len bytes of keying material; default 20"}, - {"CRL", OPT_CRL, '<', "CRL file to use"}, - {"CRLform", OPT_CRLFORM, 'F', "CRL file format (PEM or DER); default PEM"}, - {"crl_download", OPT_CRL_DOWNLOAD, '-', - "Download CRLs from distribution points in certificate CDP entries"}, - {"chainCAfile", OPT_CHAINCAFILE, '<', - "CA file for certificate chain (PEM format)"}, - {"chainCApath", OPT_CHAINCAPATH, '/', - "use dir as certificate store path to build CA certificate chain"}, - {"chainCAstore", OPT_CHAINCASTORE, ':', - "use URI as certificate store to build CA certificate chain"}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<', - "CA file for certificate verification (PEM format)"}, - {"verifyCApath", OPT_VERIFYCAPATH, '/', - "use dir as certificate store path to verify CA certificate"}, - {"verifyCAstore", OPT_VERIFYCASTORE, ':', - "use URI as certificate store to verify CA certificate"}, - {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"}, - {"ext_cache", OPT_EXT_CACHE, '-', - "Disable internal cache, set up and use external cache"}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', - "Close connection on verification error"}, - {"verify_quiet", OPT_VERIFY_QUIET, '-', - "No verify output except verify errors"}, - {"ign_eof", OPT_IGN_EOF, '-', "Ignore input EOF (default when -quiet)"}, - {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input EOF"}, + { "context", OPT_CONTEXT, 's', "Set session ID context" }, + { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" }, + { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store URI" }, + { "nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)" }, + { "verify", OPT_VERIFY, 'n', "Turn on peer certificate verification" }, + { "Verify", OPT_UPPER_V_VERIFY, 'n', + "Turn on peer certificate verification, must have a cert" }, + { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" }, + { "cert", OPT_CERT, '<', "Server certificate file to use; default " TEST_CERT }, + { "cert2", OPT_CERT2, '<', + "Certificate file to use for servername; default " TEST_CERT2 }, + { "certform", OPT_CERTFORM, 'F', + "Server certificate file format (PEM/DER/P12); has no effect" }, + { "cert_chain", OPT_CERT_CHAIN, '<', + "Server certificate chain file in PEM format" }, + { "build_chain", OPT_BUILD_CHAIN, '-', "Build server certificate chain" }, + { "serverinfo", OPT_SERVERINFO, 's', + "PEM serverinfo file for certificate" }, + { "key", OPT_KEY, 's', + "Private key file to use; default is -cert file or else" TEST_CERT }, + { "key2", OPT_KEY2, '<', + "-Private Key file to use for servername if not in -cert2" }, + { "keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)" }, + { "pass", OPT_PASS, 's', "Private key and cert file pass phrase source" }, + { "dcert", OPT_DCERT, '<', + "Second server certificate file to use (usually for DSA)" }, + { "dcertform", OPT_DCERTFORM, 'F', + "Second server certificate file format (PEM/DER/P12); has no effect" }, + { "dcert_chain", OPT_DCERT_CHAIN, '<', + "second server certificate chain file in PEM format" }, + { "dkey", OPT_DKEY, '<', + "Second private key file to use (usually for DSA)" }, + { "dkeyform", OPT_DKEYFORM, 'f', + "Second key file format (ENGINE, other values ignored)" }, + { "dpass", OPT_DPASS, 's', + "Second private key and cert file pass phrase source" }, + { "dhparam", OPT_DHPARAM, '<', "DH parameters file to use" }, + { "servername", OPT_SERVERNAME, 's', + "Servername for HostName TLS extension" }, + { "servername_fatal", OPT_SERVERNAME_FATAL, '-', + "On servername mismatch send fatal alert (default warning alert)" }, + { "nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio" }, + { "crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF" }, + { "quiet", OPT_QUIET, '-', "No server output" }, + { "no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', + "Disable caching and tickets if ephemeral (EC)DH is used" }, + { "www", OPT_WWW, '-', "Respond to a 'GET /' with a status page" }, + { "WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path" }, + { "ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', + "Do not treat lack of close_notify from a peer as an error" }, + { "tlsextdebug", OPT_TLSEXTDEBUG, '-', + "Hex dump of all TLS extensions received" }, + { "HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers" }, + { "id_prefix", OPT_ID_PREFIX, 's', + "Generate SSL/TLS session IDs prefixed by arg" }, + { "keymatexport", OPT_KEYMATEXPORT, 's', + "Export keying material using label" }, + { "keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', + "Export len bytes of keying material; default 20" }, + { "CRL", OPT_CRL, '<', "CRL file to use" }, + { "CRLform", OPT_CRLFORM, 'F', "CRL file format (PEM or DER); default PEM" }, + { "crl_download", OPT_CRL_DOWNLOAD, '-', + "Download CRLs from distribution points in certificate CDP entries" }, + { "chainCAfile", OPT_CHAINCAFILE, '<', + "CA file for certificate chain (PEM format)" }, + { "chainCApath", OPT_CHAINCAPATH, '/', + "use dir as certificate store path to build CA certificate chain" }, + { "chainCAstore", OPT_CHAINCASTORE, ':', + "use URI as certificate store to build CA certificate chain" }, + { "verifyCAfile", OPT_VERIFYCAFILE, '<', + "CA file for certificate verification (PEM format)" }, + { "verifyCApath", OPT_VERIFYCAPATH, '/', + "use dir as certificate store path to verify CA certificate" }, + { "verifyCAstore", OPT_VERIFYCASTORE, ':', + "use URI as certificate store to verify CA certificate" }, + { "no_cache", OPT_NO_CACHE, '-', "Disable session cache" }, + { "ext_cache", OPT_EXT_CACHE, '-', + "Disable internal cache, set up and use external cache" }, + { "verify_return_error", OPT_VERIFY_RET_ERROR, '-', + "Close connection on verification error" }, + { "verify_quiet", OPT_VERIFY_QUIET, '-', + "No verify output except verify errors" }, + { "ign_eof", OPT_IGN_EOF, '-', "Ignore input EOF (default when -quiet)" }, + { "no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input EOF" }, #ifndef OPENSSL_NO_OCSP OPT_SECTION("OCSP"), - {"status", OPT_STATUS, '-', "Request certificate status from server"}, - {"status_verbose", OPT_STATUS_VERBOSE, '-', - "Print more output in certificate status callback"}, - {"status_timeout", OPT_STATUS_TIMEOUT, 'n', - "Status request responder timeout"}, - {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"}, - {"proxy", OPT_PROXY, 's', - "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"}, - {"no_proxy", OPT_NO_PROXY, 's', - "List of addresses of servers not to use HTTP(S) proxy for"}, - {OPT_MORE_STR, 0, 0, - "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, - {"status_file", OPT_STATUS_FILE, '<', - "File containing DER encoded OCSP Response"}, + { "status", OPT_STATUS, '-', "Request certificate status from server" }, + { "status_verbose", OPT_STATUS_VERBOSE, '-', + "Print more output in certificate status callback" }, + { "status_timeout", OPT_STATUS_TIMEOUT, 'n', + "Status request responder timeout" }, + { "status_url", OPT_STATUS_URL, 's', "Status request fallback URL" }, + { "proxy", OPT_PROXY, 's', + "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored" }, + { "no_proxy", OPT_NO_PROXY, 's', + "List of addresses of servers not to use HTTP(S) proxy for" }, + { OPT_MORE_STR, 0, 0, + "Default from environment variable 'no_proxy', else 'NO_PROXY', else none" }, + { "status_file", OPT_STATUS_FILE, '<', + "File containing DER encoded OCSP Response" }, #endif OPT_SECTION("Debug"), - {"security_debug", OPT_SECURITY_DEBUG, '-', - "Print output from SSL/TLS security framework"}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', - "Print more output from SSL/TLS security framework"}, - {"brief", OPT_BRIEF, '-', - "Restrict output to brief summary of connection parameters"}, - {"rev", OPT_REV, '-', - "act as an echo server that sends back received text reversed"}, - {"debug", OPT_DEBUG, '-', "Print more output"}, - {"msg", OPT_MSG, '-', "Show protocol messages"}, - {"msgfile", OPT_MSGFILE, '>', - "File to send output of -msg or -trace, instead of stdout"}, - {"state", OPT_STATE, '-', "Print the SSL states"}, - {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"}, - {"max_pipelines", OPT_MAX_PIPELINES, 'p', - "Maximum number of encrypt/decrypt pipelines to be used"}, - {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"}, - {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, + { "security_debug", OPT_SECURITY_DEBUG, '-', + "Print output from SSL/TLS security framework" }, + { "security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', + "Print more output from SSL/TLS security framework" }, + { "brief", OPT_BRIEF, '-', + "Restrict output to brief summary of connection parameters" }, + { "rev", OPT_REV, '-', + "act as an echo server that sends back received text reversed" }, + { "debug", OPT_DEBUG, '-', "Print more output" }, + { "msg", OPT_MSG, '-', "Show protocol messages" }, + { "msgfile", OPT_MSGFILE, '>', + "File to send output of -msg or -trace, instead of stdout" }, + { "state", OPT_STATE, '-', "Print the SSL states" }, + { "async", OPT_ASYNC, '-', "Operate in asynchronous mode" }, + { "max_pipelines", OPT_MAX_PIPELINES, 'p', + "Maximum number of encrypt/decrypt pipelines to be used" }, + { "naccept", OPT_NACCEPT, 'p', "Terminate after #num connections" }, + { "keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file" }, OPT_SECTION("Network"), - {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, - {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, - {"mtu", OPT_MTU, 'p', "Set link-layer MTU"}, - {"read_buf", OPT_READ_BUF, 'p', - "Default read buffer size to be used for connections"}, - {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', - "Size used to split data for encrypt pipelines"}, - {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "}, + { "nbio", OPT_NBIO, '-', "Use non-blocking IO" }, + { "timeout", OPT_TIMEOUT, '-', "Enable timeouts" }, + { "mtu", OPT_MTU, 'p', "Set link-layer MTU" }, + { "read_buf", OPT_READ_BUF, 'p', + "Default read buffer size to be used for connections" }, + { "split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', + "Size used to split data for encrypt pipelines" }, + { "max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames " }, OPT_SECTION("Server identity"), - {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"}, + { "psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect" }, #ifndef OPENSSL_NO_PSK - {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, + { "psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use" }, #endif - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, - {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"}, + { "psk", OPT_PSK, 's', "PSK in hex (without 0x)" }, + { "psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from" }, #ifndef OPENSSL_NO_SRP - {"srpvfile", OPT_SRPVFILE, '<', "(deprecated) The verifier file for SRP"}, - {"srpuserseed", OPT_SRPUSERSEED, 's', - "(deprecated) A seed string for a default user salt"}, + { "srpvfile", OPT_SRPVFILE, '<', "(deprecated) The verifier file for SRP" }, + { "srpuserseed", OPT_SRPUSERSEED, 's', + "(deprecated) A seed string for a default user salt" }, #endif OPT_SECTION("Protocol and version"), - {"max_early_data", OPT_MAX_EARLY, 'n', - "The maximum number of bytes of early data as advertised in tickets"}, - {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n', - "The maximum number of bytes of early data (hard limit)"}, - {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, - {"num_tickets", OPT_S_NUM_TICKETS, 'n', - "The number of TLSv1.3 session tickets that a server will automatically issue" }, - {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, - {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, - {"http_server_binmode", OPT_HTTP_SERVER_BINMODE, '-', "opening files in binary mode when acting as http server (-WWW and -HTTP)"}, - {"no_ca_names", OPT_NOCANAMES, '-', - "Disable TLS Extension CA Names"}, - {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"}, + { "max_early_data", OPT_MAX_EARLY, 'n', + "The maximum number of bytes of early data as advertised in tickets" }, + { "recv_max_early_data", OPT_RECV_MAX_EARLY, 'n', + "The maximum number of bytes of early data (hard limit)" }, + { "early_data", OPT_EARLY_DATA, '-', "Attempt to read early data" }, + { "num_tickets", OPT_S_NUM_TICKETS, 'n', + "The number of TLSv1.3 session tickets that a server will automatically issue" }, + { "anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)" }, + { "no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection" }, + { "http_server_binmode", OPT_HTTP_SERVER_BINMODE, '-', "opening files in binary mode when acting as http server (-WWW and -HTTP)" }, + { "no_ca_names", OPT_NOCANAMES, '-', + "Disable TLS Extension CA Names" }, + { "stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies" }, #ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, + { "ssl3", OPT_SSL3, '-', "Just talk SSLv3" }, #endif #ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, + { "tls1", OPT_TLS1, '-', "Just talk TLSv1" }, #endif #ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, + { "tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1" }, #endif #ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, + { "tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2" }, #endif #ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"}, + { "tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3" }, #endif #ifndef OPENSSL_NO_DTLS - {"dtls", OPT_DTLS, '-', "Use any DTLS version"}, - {"listen", OPT_LISTEN, '-', - "Listen for a DTLS ClientHello with a cookie and then connect"}, + { "dtls", OPT_DTLS, '-', "Use any DTLS version" }, + { "listen", OPT_LISTEN, '-', + "Listen for a DTLS ClientHello with a cookie and then connect" }, #endif #ifndef OPENSSL_NO_DTLS1 - {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, + { "dtls1", OPT_DTLS1, '-', "Just talk DTLSv1" }, #endif #ifndef OPENSSL_NO_DTLS1_2 - {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, + { "dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2" }, #endif #ifndef OPENSSL_NO_SCTP - {"sctp", OPT_SCTP, '-', "Use SCTP"}, - {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, + { "sctp", OPT_SCTP, '-', "Use SCTP" }, + { "sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug" }, #endif #ifndef OPENSSL_NO_SRTP - {"use_srtp", OPT_SRTP_PROFILES, 's', - "Offer SRTP key management with a colon-separated profile list"}, + { "use_srtp", OPT_SRTP_PROFILES, 's', + "Offer SRTP key management with a colon-separated profile list" }, #endif - {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, + { "no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH" }, #ifndef OPENSSL_NO_NEXTPROTONEG - {"nextprotoneg", OPT_NEXTPROTONEG, 's', - "Set the advertised protocols for the NPN extension (comma-separated list)"}, + { "nextprotoneg", OPT_NEXTPROTONEG, 's', + "Set the advertised protocols for the NPN extension (comma-separated list)" }, #endif - {"alpn", OPT_ALPN, 's', - "Set the advertised protocols for the ALPN extension (comma-separated list)"}, + { "alpn", OPT_ALPN, 's', + "Set the advertised protocols for the ALPN extension (comma-separated list)" }, #ifndef OPENSSL_NO_KTLS - {"sendfile", OPT_SENDFILE, '-', "Use sendfile to response file with -WWW"}, + { "sendfile", OPT_SENDFILE, '-', "Use sendfile to response file with -WWW" }, #endif OPT_R_OPTIONS, @@ -967,12 +1061,12 @@ OPT_V_OPTIONS, OPT_X_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; -#define IS_PROT_FLAG(o) \ - (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) +#define IS_PROT_FLAG(o) \ + (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ + || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) int s_server_main(int argc, char *argv[]) { @@ -1076,7 +1170,7 @@ if (port == NULL || cctx == NULL || vpm == NULL) goto end; SSL_CONF_CTX_set_flags(cctx, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); prog = opt_init(argc, argv, s_server_options); while ((o = opt_next()) != OPT_EOF) { @@ -1088,13 +1182,13 @@ no_prot_opt++; if (prot_opt == 1 && no_prot_opt) { BIO_printf(bio_err, - "Cannot supply both a protocol flag and '-no_'\n"); + "Cannot supply both a protocol flag and '-no_'\n"); goto end; } switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -1105,8 +1199,10 @@ case OPT_4: #ifdef AF_UNIX if (socket_family == AF_UNIX) { - OPENSSL_free(host); host = NULL; - OPENSSL_free(port); port = NULL; + OPENSSL_free(host); + host = NULL; + OPENSSL_free(port); + port = NULL; } #endif socket_family = AF_INET; @@ -1116,8 +1212,10 @@ #ifdef AF_INET6 #ifdef AF_UNIX if (socket_family == AF_UNIX) { - OPENSSL_free(host); host = NULL; - OPENSSL_free(port); port = NULL; + OPENSSL_free(host); + host = NULL; + OPENSSL_free(port); + port = NULL; } #endif socket_family = AF_INET6; @@ -1133,12 +1231,14 @@ socket_family = AF_UNSPEC; } #endif - OPENSSL_free(port); port = NULL; - OPENSSL_free(host); host = NULL; + OPENSSL_free(port); + port = NULL; + OPENSSL_free(host); + host = NULL; if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) { BIO_printf(bio_err, - "%s: -port argument malformed or ambiguous\n", - port); + "%s: -port argument malformed or ambiguous\n", + prog); goto end; } break; @@ -1148,22 +1248,26 @@ socket_family = AF_UNSPEC; } #endif - OPENSSL_free(port); port = NULL; - OPENSSL_free(host); host = NULL; + OPENSSL_free(port); + port = NULL; + OPENSSL_free(host); + host = NULL; if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) { BIO_printf(bio_err, - "%s: -accept argument malformed or ambiguous\n", - port); + "%s: -accept argument malformed or ambiguous\n", + prog); goto end; } break; #ifdef AF_UNIX case OPT_UNIX: socket_family = AF_UNIX; - OPENSSL_free(host); host = OPENSSL_strdup(opt_arg()); + OPENSSL_free(host); + host = OPENSSL_strdup(opt_arg()); if (host == NULL) goto end; - OPENSSL_free(port); port = NULL; + OPENSSL_free(port); + port = NULL; break; case OPT_UNLINK: unlink_unix_path = 1; @@ -1179,14 +1283,12 @@ BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth); break; case OPT_UPPER_V_VERIFY: - s_server_verify = - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | - SSL_VERIFY_CLIENT_ONCE; + s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; verify_args.depth = atoi(opt_arg()); if (!s_quiet) BIO_printf(bio_err, - "verify depth is %d, must return a certificate\n", - verify_args.depth); + "verify depth is %d, must return a certificate\n", + verify_args.depth); break; case OPT_CONTEXT: context = (unsigned char *)opt_arg(); @@ -1375,8 +1477,8 @@ #ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; if (!OSSL_HTTP_parse_url(opt_arg(), &tlscstatp.use_ssl, NULL, - &tlscstatp.host, &tlscstatp.port, NULL, - &tlscstatp.path, NULL, NULL)) { + &tlscstatp.host, &tlscstatp.port, NULL, + &tlscstatp.path, NULL, NULL)) { BIO_printf(bio_err, "Error parsing -status_url argument\n"); goto end; } @@ -1574,7 +1676,7 @@ s_key_file2 = opt_arg(); break; case OPT_NEXTPROTONEG: -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG next_proto_neg_in = opt_arg(); #endif break; @@ -1685,13 +1787,13 @@ #ifdef AF_UNIX if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { BIO_printf(bio_err, - "Can't use unix sockets and datagrams together\n"); + "Can't use unix sockets and datagrams together\n"); goto end; } #endif if (early_data && (www > 0 || rev)) { BIO_printf(bio_err, - "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n"); + "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n"); goto end; } @@ -1729,29 +1831,29 @@ if (nocert == 0) { s_key = load_key(s_key_file, s_key_format, 0, pass, engine, - "server certificate private key"); + "server certificate private key"); if (s_key == NULL) goto end; s_cert = load_cert_pass(s_cert_file, s_cert_format, 1, pass, - "server certificate"); + "server certificate"); if (s_cert == NULL) goto end; if (s_chain_file != NULL) { if (!load_certs(s_chain_file, 0, &s_chain, NULL, - "server certificate chain")) + "server certificate chain")) goto end; } if (tlsextcbp.servername != NULL) { s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine, - "second server certificate private key"); + "second server certificate private key"); if (s_key2 == NULL) goto end; s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, 1, pass, - "second server certificate"); + "second server certificate"); if (s_cert2 == NULL) goto end; @@ -1791,12 +1893,12 @@ s_dkey_file = s_dcert_file; s_dkey = load_key(s_dkey_file, s_dkey_format, - 0, dpass, engine, "second certificate private key"); + 0, dpass, engine, "second certificate private key"); if (s_dkey == NULL) goto end; s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, 1, dpass, - "second server certificate"); + "second server certificate"); if (s_dcert == NULL) { ERR_print_errors(bio_err); @@ -1804,10 +1906,9 @@ } if (s_dchain_file != NULL) { if (!load_certs(s_dchain_file, 0, &s_dchain, NULL, - "second server certificate chain")) + "second server certificate chain")) goto end; } - } if (bio_s_out == NULL) { @@ -1854,7 +1955,7 @@ if (ssl_config) { if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", - ssl_config); + ssl_config); ERR_print_errors(bio_err); goto end; } @@ -1874,7 +1975,7 @@ if (session_id_prefix) { if (strlen(session_id_prefix) >= 32) BIO_printf(bio_err, - "warning: id_prefix is too long, only one new session will be possible\n"); + "warning: id_prefix is too long, only one new session will be possible\n"); if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { BIO_printf(bio_err, "error setting 'id_prefix'\n"); ERR_print_errors(bio_err); @@ -1908,20 +2009,20 @@ if (max_send_fragment > 0 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", - prog, max_send_fragment); + prog, max_send_fragment); goto end; } if (split_send_fragment > 0 && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n", - prog, split_send_fragment); + prog, split_send_fragment); goto end; } if (max_pipelines > 0 && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n", - prog, max_pipelines); + prog, max_pipelines); goto end; } @@ -1940,7 +2041,7 @@ #endif if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) { + CAstore, noCAstore)) { ERR_print_errors(bio_err); goto end; } @@ -1953,9 +2054,9 @@ ssl_ctx_add_crls(ctx, crls, 0); if (!ssl_load_stores(ctx, - vfyCApath, vfyCAfile, vfyCAstore, - chCApath, chCAfile, chCAstore, - crls, crl_download)) { + vfyCApath, vfyCAfile, vfyCAstore, + chCApath, chCAfile, chCAstore, + crls, crl_download)) { BIO_printf(bio_err, "Error loading store locations\n"); ERR_print_errors(bio_err); goto end; @@ -1978,7 +2079,7 @@ if (session_id_prefix) { if (strlen(session_id_prefix) >= 32) BIO_printf(bio_err, - "warning: id_prefix is too long, only one new session will be possible\n"); + "warning: id_prefix is too long, only one new session will be possible\n"); if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { BIO_printf(bio_err, "error setting 'id_prefix'\n"); ERR_print_errors(bio_err); @@ -2003,7 +2104,7 @@ SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC); if (!ctx_set_verify_locations(ctx2, CAfile, noCAfile, CApath, - noCApath, CAstore, noCAstore)) { + noCApath, CAstore, noCAstore)) { ERR_print_errors(bio_err); goto end; } @@ -2020,7 +2121,7 @@ #ifndef OPENSSL_NO_NEXTPROTONEG if (next_proto.data) SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, - &next_proto); + &next_proto); #endif if (alpn_ctx.data) SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); @@ -2032,7 +2133,7 @@ dhpkey = load_keyparams(dhfile, FORMAT_UNDEF, 0, "DH", "DH parameters"); else if (s_cert_file != NULL) dhpkey = load_keyparams_suppress(s_cert_file, FORMAT_UNDEF, 0, "DH", - "DH parameters", 1); + "DH parameters", 1); if (dhpkey != NULL) { BIO_printf(bio_s_out, "Setting temp DH parameters\n"); @@ -2065,9 +2166,9 @@ if (ctx2 != NULL) { if (dhfile != NULL) { EVP_PKEY *dhpkey2 = load_keyparams_suppress(s_cert_file2, - FORMAT_UNDEF, - 0, "DH", - "DH parameters", 1); + FORMAT_UNDEF, + 0, "DH", + "DH parameters", 1); if (dhpkey2 != NULL) { BIO_printf(bio_s_out, "Setting temp DH parameters\n"); @@ -2110,11 +2211,11 @@ if (no_resume_ephemeral) { SSL_CTX_set_not_resumable_session_callback(ctx, - not_resumable_sess_cb); + not_resumable_sess_cb); if (ctx2 != NULL) SSL_CTX_set_not_resumable_session_callback(ctx2, - not_resumable_sess_cb); + not_resumable_sess_cb); } #ifndef OPENSSL_NO_PSK if (psk_key != NULL) { @@ -2150,7 +2251,6 @@ ERR_print_errors(bio_err); goto end; } - } if (psk_key != NULL || psksess != NULL) @@ -2158,8 +2258,8 @@ SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx, - (void *)&s_server_session_id_context, - sizeof(s_server_session_id_context))) { + (void *)&s_server_session_id_context, + sizeof(s_server_session_id_context))) { BIO_printf(bio_err, "error setting session id context\n"); ERR_print_errors(bio_err); goto end; @@ -2176,8 +2276,8 @@ if (ctx2 != NULL) { SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx2, - (void *)&s_server_session_id_context, - sizeof(s_server_session_id_context))) { + (void *)&s_server_session_id_context, + sizeof(s_server_session_id_context))) { BIO_printf(bio_err, "error setting session id context\n"); ERR_print_errors(bio_err); goto end; @@ -2192,11 +2292,11 @@ #ifndef OPENSSL_NO_SRP if (srp_verifier_file != NULL) { if (!set_up_srp_verifier_file(ctx, &srp_callback_parm, srpuserseed, - srp_verifier_file)) + srp_verifier_file)) goto end; } else #endif - if (CAfile != NULL) { + if (CAfile != NULL) { SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); if (ctx2) @@ -2232,10 +2332,10 @@ unlink(host); #endif do_server(&accept_socket, host, port, socket_family, socket_type, protocol, - server_cb, context, naccept, bio_s_out); + server_cb, context, naccept, bio_s_out); print_stats(bio_s_out, ctx); ret = 0; - end: +end: SSL_CTX_free(ctx); SSL_SESSION_free(psksess); set_keylog_file(NULL, NULL); @@ -2279,38 +2379,38 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) { BIO_printf(bio, "%4ld items in the session cache\n", - SSL_CTX_sess_number(ssl_ctx)); + SSL_CTX_sess_number(ssl_ctx)); BIO_printf(bio, "%4ld client connects (SSL_connect())\n", - SSL_CTX_sess_connect(ssl_ctx)); + SSL_CTX_sess_connect(ssl_ctx)); BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n", - SSL_CTX_sess_connect_renegotiate(ssl_ctx)); + SSL_CTX_sess_connect_renegotiate(ssl_ctx)); BIO_printf(bio, "%4ld client connects that finished\n", - SSL_CTX_sess_connect_good(ssl_ctx)); + SSL_CTX_sess_connect_good(ssl_ctx)); BIO_printf(bio, "%4ld server accepts (SSL_accept())\n", - SSL_CTX_sess_accept(ssl_ctx)); + SSL_CTX_sess_accept(ssl_ctx)); BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n", - SSL_CTX_sess_accept_renegotiate(ssl_ctx)); + SSL_CTX_sess_accept_renegotiate(ssl_ctx)); BIO_printf(bio, "%4ld server accepts that finished\n", - SSL_CTX_sess_accept_good(ssl_ctx)); + SSL_CTX_sess_accept_good(ssl_ctx)); BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx)); BIO_printf(bio, "%4ld session cache misses\n", - SSL_CTX_sess_misses(ssl_ctx)); + SSL_CTX_sess_misses(ssl_ctx)); BIO_printf(bio, "%4ld session cache timeouts\n", - SSL_CTX_sess_timeouts(ssl_ctx)); + SSL_CTX_sess_timeouts(ssl_ctx)); BIO_printf(bio, "%4ld callback cache hits\n", - SSL_CTX_sess_cb_hits(ssl_ctx)); + SSL_CTX_sess_cb_hits(ssl_ctx)); BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", - SSL_CTX_sess_cache_full(ssl_ctx), - SSL_CTX_sess_get_cache_size(ssl_ctx)); + SSL_CTX_sess_cache_full(ssl_ctx), + SSL_CTX_sess_get_cache_size(ssl_ctx)); } static long int count_reads_callback(BIO *bio, int cmd, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed) + int argi, long argl, int ret, size_t *processed) { unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio); switch (cmd) { - case BIO_CB_READ: /* No break here */ + case BIO_CB_READ: /* No break here */ case BIO_CB_GETS: if (p_counter != NULL) ++*p_counter; @@ -2342,11 +2442,11 @@ struct timeval *timeoutp; #endif #ifndef OPENSSL_NO_DTLS -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP int isdtls = (stype == SOCK_DGRAM || prot == IPPROTO_SCTP); -# else +#else int isdtls = (stype == SOCK_DGRAM); -# endif +#endif #endif buf = app_malloc(bufsize, "server buffer"); @@ -2370,7 +2470,7 @@ if (context != NULL && !SSL_set_session_id_context(con, context, - strlen((char *)context))) { + strlen((char *)context))) { BIO_printf(bio_err, "Error setting session id context\n"); ret = -1; goto err; @@ -2383,11 +2483,11 @@ } #ifndef OPENSSL_NO_DTLS if (isdtls) { -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP if (prot == IPPROTO_SCTP) sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE); else -# endif +#endif sbio = BIO_new_dgram(s, BIO_NOCLOSE); if (sbio == NULL) { BIO_printf(bio_err, "Unable to create BIO\n"); @@ -2408,7 +2508,7 @@ if (socket_mtu) { if (socket_mtu < DTLS_get_link_min_mtu(con)) { BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", - DTLS_get_link_min_mtu(con)); + DTLS_get_link_min_mtu(con)); ret = -1; BIO_free(sbio); goto err; @@ -2424,9 +2524,9 @@ /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP if (prot != IPPROTO_SCTP) -# endif +#endif /* Turn on cookie exchange. Not necessary for SCTP */ SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); } else @@ -2526,7 +2626,7 @@ read_from_terminal = 0; read_from_sslcon = SSL_has_pending(con) - || (async && SSL_waiting_for_async(con)); + || (async && SSL_waiting_for_async(con)); if (!read_from_sslcon) { FD_ZERO(&readfds); @@ -2620,24 +2720,22 @@ SSL_renegotiate(con); i = SSL_do_handshake(con); printf("SSL_do_handshake -> %d\n", i); - i = 0; /* 13; */ + i = 0; /* 13; */ continue; } if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) { SSL_set_verify(con, - SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, - NULL); + SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, + NULL); SSL_renegotiate(con); i = SSL_do_handshake(con); printf("SSL_do_handshake -> %d\n", i); - i = 0; /* 13; */ + i = 0; /* 13; */ continue; } if ((buf[0] == 'K' || buf[0] == 'k') - && ((buf[1] == '\n') || (buf[1] == '\r'))) { - SSL_key_update(con, buf[0] == 'K' ? - SSL_KEY_UPDATE_REQUESTED - : SSL_KEY_UPDATE_NOT_REQUESTED); + && ((buf[1] == '\n') || (buf[1] == '\r'))) { + SSL_key_update(con, buf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED : SSL_KEY_UPDATE_NOT_REQUESTED); i = SSL_do_handshake(con); printf("SSL_do_handshake -> %d\n", i); i = 0; @@ -2658,7 +2756,7 @@ } if (buf[0] == 'P') { static const char str[] = "Lets print some clear text\n"; - BIO_write(SSL_get_wbio(con), str, sizeof(str) -1); + BIO_write(SSL_get_wbio(con), str, sizeof(str) - 1); } if (buf[0] == 'S') { print_stats(bio_s_out, SSL_get_SSL_CTX(con)); @@ -2734,7 +2832,7 @@ * init_ssl_connection */ if ((!async || !SSL_waiting_for_async(con)) - && !SSL_is_init_finished(con)) { + && !SSL_is_init_finished(con)) { /* * Count number of reads during init_ssl_connection. * It helps us to distinguish configuration errors from errors @@ -2762,7 +2860,7 @@ goto err; } } else { - again: + again: i = SSL_read(con, (char *)buf, bufsize); #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { @@ -2813,7 +2911,7 @@ } } } - err: +err: if (con != NULL) { BIO_printf(bio_s_out, "shutting down SSL\n"); do_ssl_shutdown(con); @@ -2838,8 +2936,8 @@ /* If it's not a fatal error, it must be retryable */ return (err != SSL_ERROR_SSL) - && (err != SSL_ERROR_SYSCALL) - && (err != SSL_ERROR_ZERO_RETURN); + && (err != SSL_ERROR_SYSCALL) + && (err != SSL_ERROR_ZERO_RETURN); } static int init_ssl_connection(SSL *con) @@ -2895,10 +2993,10 @@ #ifdef CERT_CB_TEST_RETRY { while (i <= 0 - && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP - && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP + && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { BIO_printf(bio_err, - "LOOKUP from certificate callback during accept\n"); + "LOOKUP from certificate callback during accept\n"); i = SSL_accept(con); if (i <= 0) retry = is_retryable(con, i); @@ -2908,9 +3006,9 @@ #ifndef OPENSSL_NO_SRP while (i <= 0 - && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", - srp_callback_parm.login); + srp_callback_parm.login); lookup_srp_user(&srp_callback_parm, bio_s_out); @@ -2924,7 +3022,7 @@ if (i <= 0) { if (((dtlslisten || stateless) && i == 0) - || (!dtlslisten && !stateless && retry)) { + || (!dtlslisten && !stateless && retry)) { BIO_printf(bio_s_out, "DELAY\n"); return 1; } @@ -2934,7 +3032,7 @@ verify_err = SSL_get_verify_result(con); if (verify_err != X509_V_OK) { BIO_printf(bio_err, "verify error:%s\n", - X509_verify_cert_error_string(verify_err)); + X509_verify_cert_error_string(verify_err)); } /* Always print any error messages */ ERR_print_errors(bio_err); @@ -2996,13 +3094,13 @@ if (srtp_profile) BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n", - srtp_profile->name); + srtp_profile->name); } #endif if (SSL_session_reused(con)) BIO_printf(bio_s_out, "Reused session-id\n"); BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", - SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); + SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION)) BIO_printf(bio_s_out, "Renegotiation is DISABLED\n"); @@ -3012,10 +3110,11 @@ BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen); exportedkeymat = app_malloc(keymatexportlen, "export key"); if (SSL_export_keying_material(con, exportedkeymat, - keymatexportlen, - keymatexportlabel, - strlen(keymatexportlabel), - NULL, 0, 0) <= 0) { + keymatexportlen, + keymatexportlabel, + strlen(keymatexportlabel), + NULL, 0, 0) + <= 0) { BIO_printf(bio_s_out, " Error\n"); } else { BIO_printf(bio_s_out, " Keying material: "); @@ -3088,7 +3187,7 @@ if (context != NULL && !SSL_set_session_id_context(con, context, - strlen((char *)context))) { + strlen((char *)context))) { SSL_free(con); goto err; } @@ -3142,7 +3241,7 @@ for (;;) { i = BIO_gets(io, buf, bufsize + 1); - if (i < 0) { /* error */ + if (i < 0) { /* error */ if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { if (!s_quiet) ERR_print_errors(bio_err); @@ -3162,14 +3261,13 @@ ossl_sleep(1000); continue; } - } else if (i == 0) { /* end of input */ + } else if (i == 0) { /* end of input */ ret = 1; goto end; } /* else we have data */ - if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || - ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { + if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { char *p; X509 *peer = NULL; STACK_OF(SSL_CIPHER) *sk; @@ -3178,15 +3276,15 @@ if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) { if (strncmp("GET /renegcert", buf, 14) == 0) SSL_set_verify(con, - SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, - NULL); + SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, + NULL); i = SSL_renegotiate(con); BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i); /* Send the HelloRequest */ i = SSL_do_handshake(con); if (i <= 0) { BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", - SSL_get_error(con, i)); + SSL_get_error(con, i)); ERR_print_errors(bio_err); goto err; } @@ -3196,7 +3294,7 @@ i = select(width, (void *)&readfds, NULL, NULL, NULL); if (i <= 0 || !FD_ISSET(s, &readfds)) { BIO_printf(bio_s_out, - "Error waiting for client response\n"); + "Error waiting for client response\n"); ERR_print_errors(bio_err); goto err; } @@ -3210,7 +3308,7 @@ } BIO_puts(io, - "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); + "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); BIO_puts(io, "\n"); BIO_puts(io, "
\n");
             /* BIO_puts(io, OpenSSL_version(OPENSSL_VERSION)); */
@@ -3237,9 +3335,8 @@
             BIO_puts(io, "\n");
 
             BIO_printf(io,
-                       "Secure Renegotiation IS%s supported\n",
-                       SSL_get_secure_renegotiation_support(con) ?
-                       "" : " NOT");
+                "Secure Renegotiation IS%s supported\n",
+                SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
 
             /*
              * The following is evil and should not really be done
@@ -3250,7 +3347,7 @@
             for (i = 0; i < j; i++) {
                 c = sk_SSL_CIPHER_value(sk, i);
                 BIO_printf(io, "%-11s:%-25s ",
-                           SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+                    SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
                 if ((((i + 1) % 2) == 0) && (i + 1 != j))
                     BIO_puts(io, "\n");
             }
@@ -3258,7 +3355,7 @@
             p = SSL_get_shared_ciphers(con, buf, bufsize);
             if (p != NULL) {
                 BIO_printf(io,
-                           "---\nCiphers common between both SSL end points:\n");
+                    "---\nCiphers common between both SSL end points:\n");
                 j = i = 0;
                 while (*p) {
                     if (*p == ':') {
@@ -3279,11 +3376,10 @@
             ssl_print_groups(io, con, 0);
 #endif
             print_ca_names(io, con);
-            BIO_printf(io, (SSL_session_reused(con)
-                            ? "---\nReused, " : "---\nNew, "));
+            BIO_printf(io, (SSL_session_reused(con) ? "---\nReused, " : "---\nNew, "));
             c = SSL_get_current_cipher(con);
             BIO_printf(io, "%s, Cipher is %s\n",
-                       SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+                SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
             SSL_SESSION_print(io, SSL_get_session(con));
             BIO_printf(io, "---\n");
             print_stats(io, SSL_get_SSL_CTX(con));
@@ -3300,11 +3396,10 @@
             BIO_puts(io, "
\r\n\r\n"); break; } else if ((www == 2 || www == 3) - && (strncmp("GET /", buf, 5) == 0)) { + && (strncmp("GET /", buf, 5) == 0)) { BIO *file; char *p, *e; - static const char *text = - "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; + static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; /* skip the '/' */ p = &(buf[5]); @@ -3376,14 +3471,12 @@ if (www == 2) { i = strlen(p); - if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || - ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || - ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0))) + if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0))) BIO_puts(io, - "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); + "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); else BIO_puts(io, - "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); + "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); } /* send the file */ #ifndef OPENSSL_NO_KTLS @@ -3466,7 +3559,7 @@ } } } - write_error: + write_error: BIO_free(file); break; } @@ -3480,11 +3573,11 @@ } else break; } - end: +end: /* make sure we re-use sessions */ do_ssl_shutdown(con); - err: +err: OPENSSL_free(buf); BIO_free(ssl_bio); BIO_free_all(io); @@ -3523,7 +3616,7 @@ } if (context != NULL && !SSL_set_session_id_context(con, context, - strlen((char *)context))) { + strlen((char *)context))) { SSL_free(con); ERR_print_errors(bio_err); goto err; @@ -3590,7 +3683,7 @@ for (;;) { i = BIO_gets(io, buf, bufsize + 1); - if (i < 0) { /* error */ + if (i < 0) { /* error */ if (!BIO_should_retry(io)) { if (!s_quiet) ERR_print_errors(bio_err); @@ -3610,7 +3703,7 @@ ossl_sleep(1000); continue; } - } else if (i == 0) { /* end of input */ + } else if (i == 0) { /* end of input */ ret = 1; BIO_printf(bio_err, "CONNECTION CLOSED\n"); goto end; @@ -3637,11 +3730,11 @@ } } } - end: +end: /* make sure we re-use sessions */ do_ssl_shutdown(con); - err: +err: OPENSSL_free(buf); BIO_free(ssl_bio); @@ -3651,7 +3744,7 @@ #define MAX_SESSION_ID_ATTEMPTS 10 static int generate_session_id(SSL *ssl, unsigned char *id, - unsigned int *id_len) + unsigned int *id_len) { unsigned int count = 0; unsigned int session_id_prefix_len = strlen(session_id_prefix); @@ -3667,11 +3760,8 @@ * conflicts. */ memcpy(id, session_id_prefix, - (session_id_prefix_len < *id_len) ? - session_id_prefix_len : *id_len); - } - while (SSL_has_matching_session_id(ssl, id, *id_len) && - (++count < MAX_SESSION_ID_ATTEMPTS)); + (session_id_prefix_len < *id_len) ? session_id_prefix_len : *id_len); + } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++count < MAX_SESSION_ID_ATTEMPTS)); if (count >= MAX_SESSION_ID_ATTEMPTS) return 0; return 1; @@ -3734,7 +3824,7 @@ } static SSL_SESSION *get_session(SSL *ssl, const unsigned char *id, int idlen, - int *do_copy) + int *do_copy) { simple_ssl_session *sess; *do_copy = 0; @@ -3773,8 +3863,7 @@ static void init_session_cache_ctx(SSL_CTX *sctx) { SSL_CTX_set_session_cache_mode(sctx, - SSL_SESS_CACHE_NO_INTERNAL | - SSL_SESS_CACHE_SERVER); + SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_SERVER); SSL_CTX_sess_set_new_cb(sctx, add_session); SSL_CTX_sess_set_get_cb(sctx, get_session); SSL_CTX_sess_set_remove_cb(sctx, del_session); @@ -3793,4 +3882,4 @@ first = NULL; } -#endif /* OPENSSL_NO_SOCK */ +#endif /* OPENSSL_NO_SOCK */ --- crypto/openssl/apps/s_time.c.orig +++ crypto/openssl/apps/s_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,10 +24,10 @@ #include #include "internal/sockets.h" #if !defined(OPENSSL_SYS_MSDOS) -# include +#include #endif -#define SSL_CONNECT_NAME "localhost:4433" +#define SSL_CONNECT_NAME "localhost:4433" #define SECONDS 30 #define SECONDSSTR "30" @@ -44,68 +44,86 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY, - OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, - OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3, - OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3, + OPT_CONNECT, + OPT_CIPHER, + OPT_CIPHERSUITES, + OPT_CERT, + OPT_NAMEOPT, + OPT_KEY, + OPT_CAPATH, + OPT_CAFILE, + OPT_CASTORE, + OPT_NOCAPATH, + OPT_NOCAFILE, + OPT_NOCASTORE, + OPT_NEW, + OPT_REUSE, + OPT_BUGS, + OPT_VERIFY, + OPT_TIME, + OPT_SSL3, + OPT_WWW, + OPT_TLS1, + OPT_TLS1_1, + OPT_TLS1_2, + OPT_TLS1_3, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS s_time_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Connection"), - {"connect", OPT_CONNECT, 's', - "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"}, - {"new", OPT_NEW, '-', "Just time new connections"}, - {"reuse", OPT_REUSE, '-', "Just time connection reuse"}, - {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"}, - {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"}, - {"ciphersuites", OPT_CIPHERSUITES, 's', - "Specify TLSv1.3 ciphersuites to be used"}, + { "connect", OPT_CONNECT, 's', + "Where to connect as post:port (default is " SSL_CONNECT_NAME ")" }, + { "new", OPT_NEW, '-', "Just time new connections" }, + { "reuse", OPT_REUSE, '-', "Just time connection reuse" }, + { "bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility" }, + { "cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used" }, + { "ciphersuites", OPT_CIPHERSUITES, 's', + "Specify TLSv1.3 ciphersuites to be used" }, #ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, + { "ssl3", OPT_SSL3, '-', "Just use SSLv3" }, #endif #ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Just use TLSv1.0"}, + { "tls1", OPT_TLS1, '-', "Just use TLSv1.0" }, #endif #ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, + { "tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1" }, #endif #ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, + { "tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2" }, #endif #ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, + { "tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3" }, #endif - {"verify", OPT_VERIFY, 'p', - "Turn on peer certificate verification, set depth"}, - {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR}, - {"www", OPT_WWW, 's', "Fetch specified page from the site"}, + { "verify", OPT_VERIFY, 'p', + "Turn on peer certificate verification, set depth" }, + { "time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR }, + { "www", OPT_WWW, 's', "Fetch specified page from the site" }, OPT_SECTION("Certificate"), - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"}, - {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, - {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store URI"}, + { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" }, + { "cert", OPT_CERT, '<', "Cert file to use, PEM format assumed" }, + { "key", OPT_KEY, '<', "File with key, PEM; default is -cert file" }, + { "cafile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" }, + { "CAstore", OPT_CASTORE, ':', "URI to store of CA's" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store URI" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; -#define START 0 -#define STOP 1 +#define START 0 +#define STOP 1 static double tm_Time_F(int s) { @@ -137,7 +155,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -156,7 +174,7 @@ case OPT_VERIFY: verify_args.depth = opt_int_arg(); BIO_printf(bio_err, "%s: verify depth is %d\n", - prog, verify_args.depth); + prog, verify_args.depth); break; case OPT_CERT: certfile = opt_arg(); @@ -260,7 +278,7 @@ goto end; if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) { + CAstore, noCAstore)) { ERR_print_errors(bio_err); goto end; } @@ -282,7 +300,7 @@ if (www_path != NULL) { buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, - www_path); + www_path); if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) @@ -312,21 +330,21 @@ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ i = (int)((long)time(NULL) - finishtime + maxtime); - printf - ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", - nConn, totalTime, ((double)nConn / totalTime), bytes_read); - printf - ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, - nConn > 0 ? bytes_read / nConn : 0l); + printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", + nConn, totalTime, ((double)nConn / totalTime), bytes_read); + printf("%d connections in %ld real seconds, %ld bytes read per connection\n", + nConn, (long)time(NULL) - finishtime + maxtime, + nConn > 0 ? bytes_read / nConn : 0l); /* * Now loop and time connections using the same session id over and over */ - next: - if (!(perform & 2)) +next: + if (!(perform & 2)) { + ret = 0; goto end; + } printf("\n\nNow timing with session id reuse.\n"); /* Get an SSL object so we can reuse the session id */ @@ -364,7 +382,7 @@ if (www_path != NULL) { buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, - www_path); + www_path); if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) @@ -391,19 +409,17 @@ } totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ - printf - ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", - nConn, totalTime, ((double)nConn / totalTime), bytes_read); + printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", + nConn, totalTime, ((double)nConn / totalTime), bytes_read); if (nConn > 0) - printf - ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); + printf("%d connections in %ld real seconds, %ld bytes read per connection\n", + nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); else printf("0 connections in %ld real seconds\n", - (long)time(NULL) - finishtime + maxtime); + (long)time(NULL) - finishtime + maxtime); ret = 0; - end: +end: SSL_free(scon); SSL_CTX_free(ctx); return ret; @@ -422,7 +438,7 @@ return NULL; if (BIO_set_conn_hostname(conn, host) <= 0 - || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) <= 0) { + || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) <= 0) { BIO_free(conn); return NULL; } @@ -435,6 +451,16 @@ } } else { serverCon = scon; + /* + * Reset the SSL object before reusing it for a new connection. + * This clears prior handshake and I/O state while keeping + * configuration inherited from the SSL_CTX. + */ + if (!SSL_clear(serverCon)) { + ERR_print_errors(bio_err); + BIO_free(conn); + return NULL; + } SSL_set_connect_state(serverCon); } @@ -446,7 +472,7 @@ BIO_printf(bio_err, "ERROR\n"); if (verify_args.error != X509_V_OK) BIO_printf(bio_err, "verify error:%s\n", - X509_verify_cert_error_string(verify_args.error)); + X509_verify_cert_error_string(verify_args.error)); else ERR_print_errors(bio_err); if (scon == NULL) @@ -459,12 +485,12 @@ struct linger no_linger; int fd; - no_linger.l_onoff = 1; + no_linger.l_onoff = 1; no_linger.l_linger = 0; fd = SSL_get_fd(serverCon); if (fd >= 0) - (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger, - sizeof(no_linger)); + (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&no_linger, + sizeof(no_linger)); } #endif --- crypto/openssl/apps/sess_id.c.orig +++ crypto/openssl/apps/sess_id.c @@ -20,27 +20,33 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, - OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_TEXT, + OPT_CERT, + OPT_NOOUT, + OPT_CONTEXT } OPTION_CHOICE; const OPTIONS sess_id_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"context", OPT_CONTEXT, 's', "Set the session ID context"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "context", OPT_CONTEXT, 's', "Set the session ID context" }, OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input file - default stdin"}, - {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"}, + { "in", OPT_IN, 's', "Input file - default stdin" }, + { "inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"outform", OPT_OUTFORM, 'f', - "Output format - default PEM (PEM, DER or NSS)"}, - {"text", OPT_TEXT, '-', "Print ssl session id details"}, - {"cert", OPT_CERT, '-', "Output certificate "}, - {"noout", OPT_NOOUT, '-', "Don't output the encoded session info"}, - {NULL} + { "out", OPT_OUT, '>', "Output file - default stdout" }, + { "outform", OPT_OUTFORM, 'f', + "Output format - default PEM (PEM, DER or NSS)" }, + { "text", OPT_TEXT, '-', "Print ssl session id details" }, + { "cert", OPT_CERT, '-', "Output certificate " }, + { "noout", OPT_NOOUT, '-', "Don't output the encoded session info" }, + { NULL } }; static SSL_SESSION *load_sess_id(char *file, int format); @@ -60,7 +66,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -73,7 +79,7 @@ break; case OPT_OUTFORM: if (!opt_format(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_NSS, - &outformat)) + &outformat)) goto opthelp; break; case OPT_IN: @@ -115,7 +121,7 @@ goto end; } if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context, - ctx_len)) { + ctx_len)) { BIO_printf(bio_err, "Error setting id context\n"); goto end; } @@ -168,7 +174,7 @@ } } ret = 0; - end: +end: BIO_free_all(out); SSL_SESSION_free(x); return ret; @@ -192,7 +198,7 @@ goto end; } - end: +end: BIO_free(in); return x; } --- crypto/openssl/apps/smime.c.orig +++ crypto/openssl/apps/smime.c @@ -22,111 +22,146 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int smime_cb(int ok, X509_STORE_CTX *ctx); -#define SMIME_OP 0x10 -#define SMIME_IP 0x20 -#define SMIME_SIGNERS 0x40 -#define SMIME_ENCRYPT (1 | SMIME_OP) -#define SMIME_DECRYPT (2 | SMIME_IP) -#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) -#define SMIME_VERIFY (4 | SMIME_IP) -#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP) -#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) +#define SMIME_OP 0x10 +#define SMIME_IP 0x20 +#define SMIME_SIGNERS 0x40 +#define SMIME_ENCRYPT (1 | SMIME_OP) +#define SMIME_DECRYPT (2 | SMIME_IP) +#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) +#define SMIME_VERIFY (4 | SMIME_IP) +#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP) +#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) typedef enum OPTION_choice { OPT_COMMON, - OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY, - OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN, - OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, - OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF, - OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN, - OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD, - OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE, - OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE, OPT_NOCAPATH, OPT_NOCASTORE, - OPT_R_ENUM, OPT_PROV_ENUM, OPT_CONFIG, + OPT_ENCRYPT, + OPT_DECRYPT, + OPT_SIGN, + OPT_RESIGN, + OPT_VERIFY, + OPT_PK7OUT, + OPT_TEXT, + OPT_NOINTERN, + OPT_NOVERIFY, + OPT_NOCHAIN, + OPT_NOCERTS, + OPT_NOATTR, + OPT_NODETACH, + OPT_NOSMIMECAP, + OPT_BINARY, + OPT_NOSIGS, + OPT_STREAM, + OPT_INDEF, + OPT_NOINDEF, + OPT_CRLFEOL, + OPT_ENGINE, + OPT_PASSIN, + OPT_TO, + OPT_FROM, + OPT_SUBJECT, + OPT_SIGNER, + OPT_RECIP, + OPT_MD, + OPT_CIPHER, + OPT_INKEY, + OPT_KEYFORM, + OPT_CERTFILE, + OPT_CAFILE, + OPT_CAPATH, + OPT_CASTORE, + OPT_NOCAFILE, + OPT_NOCAPATH, + OPT_NOCASTORE, + OPT_R_ENUM, + OPT_PROV_ENUM, + OPT_CONFIG, OPT_V_ENUM, - OPT_IN, OPT_INFORM, OPT_OUT, - OPT_OUTFORM, OPT_CONTENT + OPT_IN, + OPT_INFORM, + OPT_OUT, + OPT_OUTFORM, + OPT_CONTENT } OPTION_CHOICE; const OPTIONS smime_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"}, - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'c', - "Output format SMIME (default), PEM or DER"}, - {"inkey", OPT_INKEY, 's', - "Input private key (if not signer or recipient)"}, - {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER" }, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'c', + "Output format SMIME (default), PEM or DER" }, + { "inkey", OPT_INKEY, 's', + "Input private key (if not signer or recipient)" }, + { "keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - {"stream", OPT_STREAM, '-', "Enable CMS streaming" }, - {"indef", OPT_INDEF, '-', "Same as -stream" }, - {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, + { "stream", OPT_STREAM, '-', "Enable CMS streaming" }, + { "indef", OPT_INDEF, '-', "Same as -stream" }, + { "noindef", OPT_NOINDEF, '-', "Disable CMS streaming" }, OPT_CONFIG_OPTION, OPT_SECTION("Action"), - {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, - {"sign", OPT_SIGN, '-', "Sign message"}, - {"resign", OPT_RESIGN, '-', "Resign a signed message"}, - {"verify", OPT_VERIFY, '-', "Verify signed message"}, + { "encrypt", OPT_ENCRYPT, '-', "Encrypt message" }, + { "decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message" }, + { "sign", OPT_SIGN, '-', "Sign message" }, + { "resign", OPT_RESIGN, '-', "Resign a signed message" }, + { "verify", OPT_VERIFY, '-', "Verify signed message" }, OPT_SECTION("Signing/Encryption"), - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"}, - {"", OPT_CIPHER, '-', "Any supported cipher"}, - {"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"}, - {"nointern", OPT_NOINTERN, '-', - "Don't search certificates in message for signer"}, - {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, - {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, - {"binary", OPT_BINARY, '-', "Don't translate message to text"}, - {"signer", OPT_SIGNER, 's', "Signer certificate file"}, - {"content", OPT_CONTENT, '<', - "Supply or override content for detached signature"}, - {"nocerts", OPT_NOCERTS, '-', - "Don't include signers certificate when signing"}, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "md", OPT_MD, 's', "Digest algorithm to use when signing or resigning" }, + { "", OPT_CIPHER, '-', "Any supported cipher" }, + { "pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure" }, + { "nointern", OPT_NOINTERN, '-', + "Don't search certificates in message for signer" }, + { "nodetach", OPT_NODETACH, '-', "Use opaque signing" }, + { "noattr", OPT_NOATTR, '-', "Don't include any signed attributes" }, + { "binary", OPT_BINARY, '-', "Don't translate message to text" }, + { "signer", OPT_SIGNER, 's', "Signer certificate file" }, + { "content", OPT_CONTENT, '<', + "Supply or override content for detached signature" }, + { "nocerts", OPT_NOCERTS, '-', + "Don't include signers certificate when signing" }, OPT_SECTION("Verification/Decryption"), - {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, - {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"}, + { "nosigs", OPT_NOSIGS, '-', "Don't verify message signature" }, + { "noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate" }, - {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, - {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"}, + { "certfile", OPT_CERTFILE, '<', "Other certificates file" }, + { "recip", OPT_RECIP, '<', "Recipient certificate file for decryption" }, OPT_SECTION("Email"), - {"to", OPT_TO, 's', "To address"}, - {"from", OPT_FROM, 's', "From address"}, - {"subject", OPT_SUBJECT, 's', "Subject"}, - {"text", OPT_TEXT, '-', "Include or delete text MIME headers"}, - {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, + { "to", OPT_TO, 's', "To address" }, + { "from", OPT_FROM, 's', "From address" }, + { "subject", OPT_SUBJECT, 's', "Subject" }, + { "text", OPT_TEXT, '-', "Include or delete text MIME headers" }, + { "nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute" }, OPT_SECTION("Certificate chain"), - {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"}, - {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, - {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - {"nochain", OPT_NOCHAIN, '-', - "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" }, - {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"}, + { "CApath", OPT_CAPATH, '/', "Trusted certificates directory" }, + { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" }, + { "CAstore", OPT_CASTORE, ':', "Trusted certificates store URI" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store" }, + { "nochain", OPT_NOCHAIN, '-', + "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" }, + { "crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only" }, OPT_R_OPTIONS, OPT_V_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"cert", 0, 0, "Recipient certs, used when encrypting"}, - {NULL} + { "cert", 0, 0, "Recipient certs, used when encrypting" }, + { NULL } }; int smime_main(int argc, char **argv) @@ -150,8 +185,7 @@ OPTION_CHOICE o; int noCApath = 0, noCAfile = 0, noCAstore = 0; int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0; - int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform = - FORMAT_UNDEF; + int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform = FORMAT_UNDEF; int vpmtouched = 0, rv = 0; ENGINE *e = NULL; const char *mime_eol = "\n"; @@ -165,7 +199,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -306,7 +340,7 @@ if (keyfile != NULL) { if (signerfile == NULL) { BIO_printf(bio_err, - "%s: Must have -signer before -inkey\n", prog); + "%s: Must have -signer before -inkey\n", prog); goto opthelp; } if (sksigners == NULL @@ -380,7 +414,7 @@ } if (!operation) { BIO_puts(bio_err, - "No operation (-encrypt|-sign|...) specified\n"); + "No operation (-encrypt|-sign|...) specified\n"); goto opthelp; } @@ -412,7 +446,7 @@ } else if (operation == SMIME_DECRYPT) { if (recipfile == NULL && keyfile == NULL) { BIO_printf(bio_err, - "No recipient certificate or key specified\n"); + "No recipient certificate or key specified\n"); goto opthelp; } } else if (operation == SMIME_ENCRYPT) { @@ -456,7 +490,7 @@ goto end; while (*argv != NULL) { cert = load_cert(*argv, FORMAT_UNDEF, - "recipient certificate file"); + "recipient certificate file"); if (cert == NULL) goto end; if (!sk_X509_push(encerts, cert)) @@ -475,7 +509,8 @@ if (recipfile != NULL && (operation == SMIME_DECRYPT)) { if ((recip = load_cert(recipfile, FORMAT_UNDEF, - "recipient certificate file")) == NULL) { + "recipient certificate file")) + == NULL) { ERR_print_errors(bio_err); goto end; } @@ -539,7 +574,8 @@ if (operation == SMIME_VERIFY) { if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) == NULL) + CAstore, noCAstore)) + == NULL) goto end; X509_STORE_set_verify_cb(store, smime_cb); if (vpmtouched) @@ -657,7 +693,7 @@ } } ret = 0; - end: +end: if (ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); --- crypto/openssl/apps/speed.c.orig +++ crypto/openssl/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -9,16 +9,16 @@ */ #undef SECONDS -#define SECONDS 3 -#define PKEY_SECONDS 10 +#define SECONDS 3 +#define PKEY_SECONDS 10 -#define RSA_SECONDS PKEY_SECONDS -#define DSA_SECONDS PKEY_SECONDS -#define ECDSA_SECONDS PKEY_SECONDS -#define ECDH_SECONDS PKEY_SECONDS -#define EdDSA_SECONDS PKEY_SECONDS -#define SM2_SECONDS PKEY_SECONDS -#define FFDH_SECONDS PKEY_SECONDS +#define RSA_SECONDS PKEY_SECONDS +#define DSA_SECONDS PKEY_SECONDS +#define ECDSA_SECONDS PKEY_SECONDS +#define ECDH_SECONDS PKEY_SECONDS +#define EdDSA_SECONDS PKEY_SECONDS +#define SM2_SECONDS PKEY_SECONDS +#define FFDH_SECONDS PKEY_SECONDS /* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED @@ -38,24 +38,24 @@ #include #include #if !defined(OPENSSL_SYS_MSDOS) -# include +#include #endif #if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif #endif #if defined(_WIN32) -# include +#include #endif #include #include #include "./testrsa.h" #ifndef OPENSSL_NO_DH -# include +#include #endif #include #include @@ -63,27 +63,27 @@ #include #ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# include -# endif +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS) +#define HAVE_FORK 0 +#else +#define HAVE_FORK 1 +#include +#endif #endif #if HAVE_FORK -# undef NO_FORK +#undef NO_FORK #else -# define NO_FORK +#define NO_FORK #endif #define MAX_MISALIGNMENT 63 -#define MAX_ECDH_SIZE 256 -#define MISALIGN 64 +#define MAX_ECDH_SIZE 256 +#define MISALIGN 64 #define MAX_FFDH_SIZE 1024 #ifndef RSA_DEFAULT_PRIME_NUM -# define RSA_DEFAULT_PRIME_NUM 2 +#define RSA_DEFAULT_PRIME_NUM 2 #endif typedef struct openssl_speed_sec_st { @@ -99,13 +99,13 @@ static volatile int run = 0; -static int mr = 0; /* machine-readeable output format to merge fork results */ +static int mr = 0; /* machine-readeable output format to merge fork results */ static int usertime = 1; static double Time_F(int s); static void print_message(const char *s, long num, int length, int tm); static void pkey_print_message(const char *str, const char *str2, - long num, unsigned int bits, int sec); + long num, unsigned int bits, int sec); static void print_result(int alg, int run_no, int count, double time_used); #ifndef NO_FORK static int do_multi(int multi, int size_num); @@ -114,15 +114,15 @@ static const int lengths_list[] = { 16, 64, 256, 1024, 8 * 1024, 16 * 1024 }; -#define SIZE_NUM OSSL_NELEM(lengths_list) +#define SIZE_NUM OSSL_NELEM(lengths_list) static const int *lengths = lengths_list; static const int aead_lengths_list[] = { 2, 31, 136, 1024, 8 * 1024, 16 * 1024 }; -#define START 0 -#define STOP 1 +#define START 0 +#define STOP 1 #ifdef SIGALRM @@ -142,7 +142,7 @@ #elif defined(_WIN32) -# define SIGALRM -1 +#define SIGALRM -1 static unsigned int lapse; static volatile unsigned int schlock; @@ -151,9 +151,9 @@ lapse = secs * 1000; } -# define alarm alarm_win32 +#define alarm alarm_win32 -static DWORD WINAPI sleepy(VOID * arg) +static DWORD WINAPI sleepy(VOID *arg) { schlock = 1; Sleep(lapse); @@ -175,7 +175,7 @@ ExitProcess(err); } while (!schlock) - Sleep(0); /* scheduler spinlock */ + Sleep(0); /* scheduler spinlock */ ret = app_tminterval(s, usertime); } else { ret = app_tminterval(s, usertime); @@ -187,14 +187,14 @@ return ret; } #else -# error "SIGALRM not defined and the platform is not Windows" +#error "SIGALRM not defined and the platform is not Windows" #endif static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, - const openssl_speed_sec_t *seconds); + const openssl_speed_sec_t *seconds); static int opt_found(const char *name, unsigned int *result, - const OPT_PAIR pairs[], unsigned int nbelem) + const OPT_PAIR pairs[], unsigned int nbelem) { unsigned int idx; @@ -205,71 +205,108 @@ } return 0; } -#define opt_found(value, pairs, result)\ +#define opt_found(value, pairs, result) \ opt_found(value, result, pairs, OSSL_NELEM(pairs)) typedef enum OPTION_choice { OPT_COMMON, - OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, - OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM, - OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC + OPT_ELAPSED, + OPT_EVP, + OPT_HMAC, + OPT_DECRYPT, + OPT_ENGINE, + OPT_MULTI, + OPT_MR, + OPT_MB, + OPT_MISALIGN, + OPT_ASYNCJOBS, + OPT_R_ENUM, + OPT_PROV_ENUM, + OPT_PRIMES, + OPT_SECONDS, + OPT_BYTES, + OPT_AEAD, + OPT_CMAC } OPTION_CHOICE; const OPTIONS speed_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"mb", OPT_MB, '-', - "Enable (tls1>=1) multi-block mode on EVP-named cipher"}, - {"mr", OPT_MR, '-', "Produce machine readable output"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "mb", OPT_MB, '-', + "Enable (tls1>=1) multi-block mode on EVP-named cipher" }, + { "mr", OPT_MR, '-', "Produce machine readable output" }, #ifndef NO_FORK - {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, + { "multi", OPT_MULTI, 'p', "Run benchmarks in parallel" }, #endif #ifndef OPENSSL_NO_ASYNC - {"async_jobs", OPT_ASYNCJOBS, 'p', - "Enable async mode and start specified number of jobs"}, + { "async_jobs", OPT_ASYNCJOBS, 'p', + "Enable async mode and start specified number of jobs" }, #endif #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"}, + { "primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)" }, OPT_SECTION("Selection"), - {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, - {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"}, - {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"}, - {"decrypt", OPT_DECRYPT, '-', - "Time decryption instead of encryption (only EVP)"}, - {"aead", OPT_AEAD, '-', - "Benchmark EVP-named AEAD cipher in TLS-like sequence"}, + { "evp", OPT_EVP, 's', "Use EVP-named cipher or digest" }, + { "hmac", OPT_HMAC, 's', "HMAC using EVP-named digest" }, + { "cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher" }, + { "decrypt", OPT_DECRYPT, '-', + "Time decryption instead of encryption (only EVP)" }, + { "aead", OPT_AEAD, '-', + "Benchmark EVP-named AEAD cipher in TLS-like sequence" }, OPT_SECTION("Timing"), - {"elapsed", OPT_ELAPSED, '-', - "Use wall-clock time instead of CPU user time as divisor"}, - {"seconds", OPT_SECONDS, 'p', - "Run benchmarks for specified amount of seconds"}, - {"bytes", OPT_BYTES, 'p', - "Run [non-PKI] benchmarks on custom-sized buffer"}, - {"misalign", OPT_MISALIGN, 'p', - "Use specified offset to mis-align buffers"}, + { "elapsed", OPT_ELAPSED, '-', + "Use wall-clock time instead of CPU user time as divisor" }, + { "seconds", OPT_SECONDS, 'p', + "Run benchmarks for specified amount of seconds" }, + { "bytes", OPT_BYTES, 'p', + "Run [non-PKI] benchmarks on custom-sized buffer" }, + { "misalign", OPT_MISALIGN, 'p', + "Use specified offset to mis-align buffers" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"}, - {NULL} + { "algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)" }, + { NULL } }; enum { - D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160, - D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC, - D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED, - D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST, - D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES, - D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML, - D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM + D_MD2, + D_MDC2, + D_MD4, + D_MD5, + D_SHA1, + D_RMD160, + D_SHA256, + D_SHA512, + D_WHIRLPOOL, + D_HMAC, + D_CBC_DES, + D_EDE3_DES, + D_RC4, + D_CBC_IDEA, + D_CBC_SEED, + D_CBC_RC2, + D_CBC_RC5, + D_CBC_BF, + D_CBC_CAST, + D_CBC_128_AES, + D_CBC_192_AES, + D_CBC_256_AES, + D_CBC_128_CML, + D_CBC_192_CML, + D_CBC_256_CML, + D_EVP, + D_GHASH, + D_RAND, + D_EVP_CMAC, + ALGOR_NUM }; /* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */ static const char *names[ALGOR_NUM] = { @@ -284,173 +321,210 @@ /* list of configured algorithm (remaining), with some few alias */ static const OPT_PAIR doit_choices[] = { - {"md2", D_MD2}, - {"mdc2", D_MDC2}, - {"md4", D_MD4}, - {"md5", D_MD5}, - {"hmac", D_HMAC}, - {"sha1", D_SHA1}, - {"sha256", D_SHA256}, - {"sha512", D_SHA512}, - {"whirlpool", D_WHIRLPOOL}, - {"ripemd", D_RMD160}, - {"rmd160", D_RMD160}, - {"ripemd160", D_RMD160}, - {"rc4", D_RC4}, - {"des-cbc", D_CBC_DES}, - {"des-ede3", D_EDE3_DES}, - {"aes-128-cbc", D_CBC_128_AES}, - {"aes-192-cbc", D_CBC_192_AES}, - {"aes-256-cbc", D_CBC_256_AES}, - {"camellia-128-cbc", D_CBC_128_CML}, - {"camellia-192-cbc", D_CBC_192_CML}, - {"camellia-256-cbc", D_CBC_256_CML}, - {"rc2-cbc", D_CBC_RC2}, - {"rc2", D_CBC_RC2}, - {"rc5-cbc", D_CBC_RC5}, - {"rc5", D_CBC_RC5}, - {"idea-cbc", D_CBC_IDEA}, - {"idea", D_CBC_IDEA}, - {"seed-cbc", D_CBC_SEED}, - {"seed", D_CBC_SEED}, - {"bf-cbc", D_CBC_BF}, - {"blowfish", D_CBC_BF}, - {"bf", D_CBC_BF}, - {"cast-cbc", D_CBC_CAST}, - {"cast", D_CBC_CAST}, - {"cast5", D_CBC_CAST}, - {"ghash", D_GHASH}, - {"rand", D_RAND} + { "md2", D_MD2 }, + { "mdc2", D_MDC2 }, + { "md4", D_MD4 }, + { "md5", D_MD5 }, + { "hmac", D_HMAC }, + { "sha1", D_SHA1 }, + { "sha256", D_SHA256 }, + { "sha512", D_SHA512 }, + { "whirlpool", D_WHIRLPOOL }, + { "ripemd", D_RMD160 }, + { "rmd160", D_RMD160 }, + { "ripemd160", D_RMD160 }, + { "rc4", D_RC4 }, + { "des-cbc", D_CBC_DES }, + { "des-ede3", D_EDE3_DES }, + { "aes-128-cbc", D_CBC_128_AES }, + { "aes-192-cbc", D_CBC_192_AES }, + { "aes-256-cbc", D_CBC_256_AES }, + { "camellia-128-cbc", D_CBC_128_CML }, + { "camellia-192-cbc", D_CBC_192_CML }, + { "camellia-256-cbc", D_CBC_256_CML }, + { "rc2-cbc", D_CBC_RC2 }, + { "rc2", D_CBC_RC2 }, + { "rc5-cbc", D_CBC_RC5 }, + { "rc5", D_CBC_RC5 }, + { "idea-cbc", D_CBC_IDEA }, + { "idea", D_CBC_IDEA }, + { "seed-cbc", D_CBC_SEED }, + { "seed", D_CBC_SEED }, + { "bf-cbc", D_CBC_BF }, + { "blowfish", D_CBC_BF }, + { "bf", D_CBC_BF }, + { "cast-cbc", D_CBC_CAST }, + { "cast", D_CBC_CAST }, + { "cast5", D_CBC_CAST }, + { "ghash", D_GHASH }, + { "rand", D_RAND } }; static double results[ALGOR_NUM][SIZE_NUM]; -enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM }; +enum { R_DSA_512, + R_DSA_1024, + R_DSA_2048, + DSA_NUM }; static const OPT_PAIR dsa_choices[DSA_NUM] = { - {"dsa512", R_DSA_512}, - {"dsa1024", R_DSA_1024}, - {"dsa2048", R_DSA_2048} + { "dsa512", R_DSA_512 }, + { "dsa1024", R_DSA_1024 }, + { "dsa2048", R_DSA_2048 } }; -static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ +static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ enum { - R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680, - R_RSA_15360, RSA_NUM + R_RSA_512, + R_RSA_1024, + R_RSA_2048, + R_RSA_3072, + R_RSA_4096, + R_RSA_7680, + R_RSA_15360, + RSA_NUM }; static const OPT_PAIR rsa_choices[RSA_NUM] = { - {"rsa512", R_RSA_512}, - {"rsa1024", R_RSA_1024}, - {"rsa2048", R_RSA_2048}, - {"rsa3072", R_RSA_3072}, - {"rsa4096", R_RSA_4096}, - {"rsa7680", R_RSA_7680}, - {"rsa15360", R_RSA_15360} + { "rsa512", R_RSA_512 }, + { "rsa1024", R_RSA_1024 }, + { "rsa2048", R_RSA_2048 }, + { "rsa3072", R_RSA_3072 }, + { "rsa4096", R_RSA_4096 }, + { "rsa7680", R_RSA_7680 }, + { "rsa15360", R_RSA_15360 } }; -static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ +static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #ifndef OPENSSL_NO_DH enum ff_params_t { - R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM + R_FFDH_2048, + R_FFDH_3072, + R_FFDH_4096, + R_FFDH_6144, + R_FFDH_8192, + FFDH_NUM }; static const OPT_PAIR ffdh_choices[FFDH_NUM] = { - {"ffdh2048", R_FFDH_2048}, - {"ffdh3072", R_FFDH_3072}, - {"ffdh4096", R_FFDH_4096}, - {"ffdh6144", R_FFDH_6144}, - {"ffdh8192", R_FFDH_8192}, + { "ffdh2048", R_FFDH_2048 }, + { "ffdh3072", R_FFDH_3072 }, + { "ffdh4096", R_FFDH_4096 }, + { "ffdh6144", R_FFDH_6144 }, + { "ffdh8192", R_FFDH_8192 }, }; -static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ +static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ #endif /* OPENSSL_NO_DH */ enum ec_curves_t { - R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, + R_EC_P160, + R_EC_P192, + R_EC_P224, + R_EC_P256, + R_EC_P384, + R_EC_P521, #ifndef OPENSSL_NO_EC2M - R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, - R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, + R_EC_K163, + R_EC_K233, + R_EC_K283, + R_EC_K409, + R_EC_K571, + R_EC_B163, + R_EC_B233, + R_EC_B283, + R_EC_B409, + R_EC_B571, #endif - R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, - R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM + R_EC_BRP256R1, + R_EC_BRP256T1, + R_EC_BRP384R1, + R_EC_BRP384T1, + R_EC_BRP512R1, + R_EC_BRP512T1, + ECDSA_NUM }; /* list of ecdsa curves */ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { - {"ecdsap160", R_EC_P160}, - {"ecdsap192", R_EC_P192}, - {"ecdsap224", R_EC_P224}, - {"ecdsap256", R_EC_P256}, - {"ecdsap384", R_EC_P384}, - {"ecdsap521", R_EC_P521}, + { "ecdsap160", R_EC_P160 }, + { "ecdsap192", R_EC_P192 }, + { "ecdsap224", R_EC_P224 }, + { "ecdsap256", R_EC_P256 }, + { "ecdsap384", R_EC_P384 }, + { "ecdsap521", R_EC_P521 }, #ifndef OPENSSL_NO_EC2M - {"ecdsak163", R_EC_K163}, - {"ecdsak233", R_EC_K233}, - {"ecdsak283", R_EC_K283}, - {"ecdsak409", R_EC_K409}, - {"ecdsak571", R_EC_K571}, - {"ecdsab163", R_EC_B163}, - {"ecdsab233", R_EC_B233}, - {"ecdsab283", R_EC_B283}, - {"ecdsab409", R_EC_B409}, - {"ecdsab571", R_EC_B571}, + { "ecdsak163", R_EC_K163 }, + { "ecdsak233", R_EC_K233 }, + { "ecdsak283", R_EC_K283 }, + { "ecdsak409", R_EC_K409 }, + { "ecdsak571", R_EC_K571 }, + { "ecdsab163", R_EC_B163 }, + { "ecdsab233", R_EC_B233 }, + { "ecdsab283", R_EC_B283 }, + { "ecdsab409", R_EC_B409 }, + { "ecdsab571", R_EC_B571 }, #endif - {"ecdsabrp256r1", R_EC_BRP256R1}, - {"ecdsabrp256t1", R_EC_BRP256T1}, - {"ecdsabrp384r1", R_EC_BRP384R1}, - {"ecdsabrp384t1", R_EC_BRP384T1}, - {"ecdsabrp512r1", R_EC_BRP512R1}, - {"ecdsabrp512t1", R_EC_BRP512T1} + { "ecdsabrp256r1", R_EC_BRP256R1 }, + { "ecdsabrp256t1", R_EC_BRP256T1 }, + { "ecdsabrp384r1", R_EC_BRP384R1 }, + { "ecdsabrp384t1", R_EC_BRP384T1 }, + { "ecdsabrp512r1", R_EC_BRP512R1 }, + { "ecdsabrp512t1", R_EC_BRP512T1 } }; -enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; +enum { R_EC_X25519 = ECDSA_NUM, + R_EC_X448, + EC_NUM }; /* list of ecdh curves, extension of |ecdsa_choices| list above */ static const OPT_PAIR ecdh_choices[EC_NUM] = { - {"ecdhp160", R_EC_P160}, - {"ecdhp192", R_EC_P192}, - {"ecdhp224", R_EC_P224}, - {"ecdhp256", R_EC_P256}, - {"ecdhp384", R_EC_P384}, - {"ecdhp521", R_EC_P521}, + { "ecdhp160", R_EC_P160 }, + { "ecdhp192", R_EC_P192 }, + { "ecdhp224", R_EC_P224 }, + { "ecdhp256", R_EC_P256 }, + { "ecdhp384", R_EC_P384 }, + { "ecdhp521", R_EC_P521 }, #ifndef OPENSSL_NO_EC2M - {"ecdhk163", R_EC_K163}, - {"ecdhk233", R_EC_K233}, - {"ecdhk283", R_EC_K283}, - {"ecdhk409", R_EC_K409}, - {"ecdhk571", R_EC_K571}, - {"ecdhb163", R_EC_B163}, - {"ecdhb233", R_EC_B233}, - {"ecdhb283", R_EC_B283}, - {"ecdhb409", R_EC_B409}, - {"ecdhb571", R_EC_B571}, + { "ecdhk163", R_EC_K163 }, + { "ecdhk233", R_EC_K233 }, + { "ecdhk283", R_EC_K283 }, + { "ecdhk409", R_EC_K409 }, + { "ecdhk571", R_EC_K571 }, + { "ecdhb163", R_EC_B163 }, + { "ecdhb233", R_EC_B233 }, + { "ecdhb283", R_EC_B283 }, + { "ecdhb409", R_EC_B409 }, + { "ecdhb571", R_EC_B571 }, #endif - {"ecdhbrp256r1", R_EC_BRP256R1}, - {"ecdhbrp256t1", R_EC_BRP256T1}, - {"ecdhbrp384r1", R_EC_BRP384R1}, - {"ecdhbrp384t1", R_EC_BRP384T1}, - {"ecdhbrp512r1", R_EC_BRP512R1}, - {"ecdhbrp512t1", R_EC_BRP512T1}, - {"ecdhx25519", R_EC_X25519}, - {"ecdhx448", R_EC_X448} + { "ecdhbrp256r1", R_EC_BRP256R1 }, + { "ecdhbrp256t1", R_EC_BRP256T1 }, + { "ecdhbrp384r1", R_EC_BRP384R1 }, + { "ecdhbrp384t1", R_EC_BRP384T1 }, + { "ecdhbrp512r1", R_EC_BRP512R1 }, + { "ecdhbrp512t1", R_EC_BRP512T1 }, + { "ecdhx25519", R_EC_X25519 }, + { "ecdhx448", R_EC_X448 } }; -static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ -static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ +static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ +static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ -enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM }; +enum { R_EC_Ed25519, + R_EC_Ed448, + EdDSA_NUM }; static const OPT_PAIR eddsa_choices[EdDSA_NUM] = { - {"ed25519", R_EC_Ed25519}, - {"ed448", R_EC_Ed448} + { "ed25519", R_EC_Ed25519 }, + { "ed448", R_EC_Ed448 } }; -static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */ +static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */ #ifndef OPENSSL_NO_SM2 -enum { R_EC_CURVESM2, SM2_NUM }; +enum { R_EC_CURVESM2, + SM2_NUM }; static const OPT_PAIR sm2_choices[SM2_NUM] = { - {"curveSM2", R_EC_CURVESM2} + { "curveSM2", R_EC_CURVESM2 } }; -# define SM2_ID "TLSv1.3+GM+Cipher+Suite" -# define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1 -static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */ +#define SM2_ID "TLSv1.3+GM+Cipher+Suite" +#define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1 +static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_SM2 */ #define COND(unused_cond) (run && count < INT_MAX) @@ -500,8 +574,8 @@ EVP_CIPHER_CTX *ctx; EVP_MAC_CTX *mctx; } loopargs_t; -static int run_benchmark(int async_jobs, int (*loop_function) (void *), - loopargs_t * loopargs); +static int run_benchmark(int async_jobs, int (*loop_function)(void *), + loopargs_t *loopargs); static unsigned int testnum; @@ -549,7 +623,7 @@ static int EVP_Digest_loop(const char *mdname, int algindex, void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char digest[EVP_MAX_MD_SIZE]; int count; @@ -559,7 +633,7 @@ return -1; for (count = 0; COND(c[algindex][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md, - NULL)) { + NULL)) { count = -1; break; } @@ -595,7 +669,7 @@ static int EVP_MAC_loop(int algindex, void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; EVP_MAC_CTX *mctx = tempargs->mctx; unsigned char mac[EVP_MAX_MD_SIZE]; @@ -651,7 +725,7 @@ static int EVP_Cipher_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; int count; @@ -665,7 +739,7 @@ static int GHASH_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; EVP_MAC_CTX *mctx = tempargs->mctx; int count; @@ -683,8 +757,8 @@ static unsigned char iv[2 * MAX_BLOCK_SIZE / 8]; static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername, - const unsigned char *key, - int keylen) + const unsigned char *key, + int keylen) { EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER *cipher = NULL; @@ -720,7 +794,7 @@ static int RAND_bytes_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; int count; @@ -732,7 +806,7 @@ static int decrypt = 0; static int EVP_Update_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; EVP_CIPHER_CTX *ctx = tempargs->ctx; int outl, count, rc; @@ -771,7 +845,7 @@ */ static int EVP_Update_loop_aead_enc(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char *key = tempargs->key; EVP_CIPHER_CTX *ctx = tempargs->ctx; @@ -781,7 +855,7 @@ /* Set length of iv (Doesn't apply to SIV mode) */ if (mode_op != EVP_CIPH_SIV_MODE) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - aead_ivlen, NULL)) { + aead_ivlen, NULL)) { BIO_printf(bio_err, "\nFailed to set iv length\n"); ERR_print_errors(bio_err); exit(1); @@ -791,7 +865,7 @@ if (mode_op != EVP_CIPH_GCM_MODE && mode_op != EVP_CIPH_SIV_MODE) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - TAG_LEN, NULL)) { + TAG_LEN, NULL)) { BIO_printf(bio_err, "\nFailed to set tag length\n"); ERR_print_errors(bio_err); exit(1); @@ -805,7 +879,7 @@ /* Set total length of input. Only required for CCM */ if (mode_op == EVP_CIPH_CCM_MODE) { if (!EVP_EncryptUpdate(ctx, NULL, &outl, - NULL, lengths[testnum])) { + NULL, lengths[testnum])) { BIO_printf(bio_err, "\nCouldn't set input text length\n"); ERR_print_errors(bio_err); exit(1); @@ -840,7 +914,7 @@ */ static int EVP_Update_loop_aead_dec(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char *outbuf = tempargs->buf2; unsigned char *key = tempargs->key; @@ -852,7 +926,7 @@ /* Set the length of iv (Doesn't apply to SIV mode) */ if (mode_op != EVP_CIPH_SIV_MODE) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - aead_ivlen, NULL)) { + aead_ivlen, NULL)) { BIO_printf(bio_err, "\nFailed to set iv length\n"); ERR_print_errors(bio_err); exit(1); @@ -863,7 +937,7 @@ if (mode_op != EVP_CIPH_SIV_MODE && mode_op != EVP_CIPH_GCM_MODE) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - TAG_LEN, NULL)) { + TAG_LEN, NULL)) { BIO_printf(bio_err, "\nFailed to set tag length\n"); ERR_print_errors(bio_err); exit(1); @@ -885,7 +959,7 @@ memcpy(tag, tempargs->tag, TAG_LEN); if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - TAG_LEN, tag)) { + TAG_LEN, tag)) { BIO_printf(bio_err, "\nFailed to set tag\n"); ERR_print_errors(bio_err); exit(1); @@ -893,7 +967,7 @@ /* Set the total length of cipher text. Only required for CCM */ if (mode_op == EVP_CIPH_CCM_MODE) { if (!EVP_DecryptUpdate(ctx, NULL, &outl, - NULL, lengths[testnum])) { + NULL, lengths[testnum])) { BIO_printf(bio_err, "\nCouldn't set cipher text length\n"); ERR_print_errors(bio_err); exit(1); @@ -917,11 +991,11 @@ return realcount; } -static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ +static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ static int RSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; size_t *rsa_num = &tempargs->sigsize; @@ -943,7 +1017,7 @@ static int RSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; size_t rsa_num = tempargs->sigsize; @@ -967,7 +1041,7 @@ static int FFDH_derive_key_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum]; unsigned char *derived_secret = tempargs->secret_ff_a; int count; @@ -985,7 +1059,7 @@ static long dsa_c[DSA_NUM][2]; static int DSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; size_t *dsa_num = &tempargs->sigsize; @@ -1007,7 +1081,7 @@ static int DSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; size_t dsa_num = tempargs->sigsize; @@ -1029,7 +1103,7 @@ static long ecdsa_c[ECDSA_NUM][2]; static int ECDSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; size_t *ecdsa_num = &tempargs->sigsize; @@ -1051,7 +1125,7 @@ static int ECDSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; size_t ecdsa_num = tempargs->sigsize; @@ -1060,7 +1134,7 @@ for (count = 0; COND(ecdsa_c[testnum][1]); count++) { ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num, - buf, 20); + buf, 20); if (ret <= 0) { BIO_printf(bio_err, "ECDSA verify failure\n"); ERR_print_errors(bio_err); @@ -1076,7 +1150,7 @@ static int ECDH_EVP_derive_key_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum]; unsigned char *derived_secret = tempargs->secret_a; int count; @@ -1091,7 +1165,7 @@ static long eddsa_c[EdDSA_NUM][2]; static int EdDSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; EVP_MD_CTX **edctx = tempargs->eddsa_ctx; unsigned char *eddsasig = tempargs->buf2; @@ -1119,7 +1193,7 @@ static int EdDSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; EVP_MD_CTX **edctx = tempargs->eddsa_ctx2; unsigned char *eddsasig = tempargs->buf2; @@ -1149,7 +1223,7 @@ static long sm2_c[SM2_NUM][2]; static int SM2_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx; unsigned char *sm2sig = tempargs->buf2; @@ -1162,14 +1236,14 @@ sm2sigsize = max_size; if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(), - NULL, sm2_pkey[testnum])) { + NULL, sm2_pkey[testnum])) { BIO_printf(bio_err, "SM2 init sign failure\n"); ERR_print_errors(bio_err); count = -1; break; } ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize, - buf, 20); + buf, 20); if (ret == 0) { BIO_printf(bio_err, "SM2 sign failure\n"); ERR_print_errors(bio_err); @@ -1185,7 +1259,7 @@ static int SM2_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; + loopargs_t *tempargs = *(loopargs_t **)args; unsigned char *buf = tempargs->buf; EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx; unsigned char *sm2sig = tempargs->buf2; @@ -1195,14 +1269,14 @@ for (count = 0; COND(sm2_c[testnum][1]); count++) { if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(), - NULL, sm2_pkey[testnum])) { + NULL, sm2_pkey[testnum])) { BIO_printf(bio_err, "SM2 verify init failure\n"); ERR_print_errors(bio_err); count = -1; break; } ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize, - buf, 20); + buf, 20); if (ret != 1) { BIO_printf(bio_err, "SM2 verify failure\n"); ERR_print_errors(bio_err); @@ -1212,10 +1286,10 @@ } return count; } -#endif /* OPENSSL_NO_SM2 */ +#endif /* OPENSSL_NO_SM2 */ static int run_benchmark(int async_jobs, - int (*loop_function) (void *), loopargs_t * loopargs) + int (*loop_function)(void *), loopargs_t *loopargs) { int job_op_count = 0; int total_op_count = 0; @@ -1233,8 +1307,8 @@ /* Copy pointer content (looparg_t item address) into async context */ ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx, - &job_op_count, loop_function, - (void *)&looparg_item, sizeof(looparg_item)); + &job_op_count, loop_function, + (void *)&looparg_item, sizeof(looparg_item)); switch (ret) { case ASYNC_PAUSE: ++num_inprogress; @@ -1269,8 +1343,7 @@ if (loopargs[i].inprogress_job == NULL) continue; - if (!ASYNC_WAIT_CTX_get_all_fds - (loopargs[i].wait_ctx, NULL, &num_job_fds) + if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds) || num_job_fds > 1) { BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n"); ERR_print_errors(bio_err); @@ -1278,7 +1351,7 @@ break; } ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, - &num_job_fds); + &num_job_fds); FD_SET(job_fd, &waitfdset); if (job_fd > max_fd) max_fd = job_fd; @@ -1286,9 +1359,9 @@ if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) { BIO_printf(bio_err, - "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). " - "Decrease the value of async_jobs\n", - max_fd, FD_SETSIZE); + "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). " + "Decrease the value of async_jobs\n", + max_fd, FD_SETSIZE); ERR_print_errors(bio_err); error = 1; break; @@ -1313,8 +1386,7 @@ if (loopargs[i].inprogress_job == NULL) continue; - if (!ASYNC_WAIT_CTX_get_all_fds - (loopargs[i].wait_ctx, NULL, &num_job_fds) + if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds) || num_job_fds > 1) { BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n"); ERR_print_errors(bio_err); @@ -1322,7 +1394,7 @@ break; } ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, - &num_job_fds); + &num_job_fds); #if defined(OPENSSL_SYS_UNIX) if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset)) @@ -1335,9 +1407,9 @@ #endif ret = ASYNC_start_job(&loopargs[i].inprogress_job, - loopargs[i].wait_ctx, &job_op_count, - loop_function, (void *)(loopargs + i), - sizeof(loopargs_t)); + loopargs[i].wait_ctx, &job_op_count, + loop_function, (void *)(loopargs + i), + sizeof(loopargs_t)); switch (ret) { case ASYNC_PAUSE: break; @@ -1380,7 +1452,7 @@ /* Ensure that the error queue is empty */ if (ERR_peek_error()) { BIO_printf(bio_err, - "WARNING: the error queue contains previous unhandled errors.\n"); + "WARNING: the error queue contains previous unhandled errors.\n"); ERR_print_errors(bio_err); } @@ -1412,7 +1484,7 @@ ERR_get_error(); /* pop error from queue */ if (ERR_peek_error()) { BIO_printf(bio_err, - "Unhandled error in the error queue during EC key setup.\n"); + "Unhandled error in the error queue during EC key setup.\n"); ERR_print_errors(bio_err); return NULL; } @@ -1421,7 +1493,8 @@ if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL || EVP_PKEY_paramgen_init(pctx) <= 0 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, - curve->nid) <= 0 + curve->nid) + <= 0 || EVP_PKEY_paramgen(pctx, ¶ms) <= 0) { BIO_printf(bio_err, "EC params init failure.\n"); ERR_print_errors(bio_err); @@ -1445,7 +1518,7 @@ return key; } -#define stop_it(do_it, test_num)\ +#define stop_it(do_it, test_num) \ memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num); int speed_main(int argc, char **argv) @@ -1473,9 +1546,9 @@ #endif long op_count = 1; openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, - ECDSA_SECONDS, ECDH_SECONDS, - EdDSA_SECONDS, SM2_SECONDS, - FFDH_SECONDS }; + ECDSA_SECONDS, ECDH_SECONDS, + EdDSA_SECONDS, SM2_SECONDS, + FFDH_SECONDS }; static const unsigned char key32[32] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, @@ -1486,19 +1559,19 @@ static const unsigned char deskey[] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */ - 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */ + 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */ }; static const struct { const unsigned char *data; unsigned int length; unsigned int bits; } rsa_keys[] = { - { test512, sizeof(test512), 512 }, - { test1024, sizeof(test1024), 1024 }, - { test2048, sizeof(test2048), 2048 }, - { test3072, sizeof(test3072), 3072 }, - { test4096, sizeof(test4096), 4096 }, - { test7680, sizeof(test7680), 7680 }, + { test512, sizeof(test512), 512 }, + { test1024, sizeof(test1024), 1024 }, + { test2048, sizeof(test2048), 2048 }, + { test3072, sizeof(test3072), 3072 }, + { test4096, sizeof(test4096), 4096 }, + { test7680, sizeof(test7680), 7680 }, { test15360, sizeof(test15360), 15360 } }; uint8_t rsa_doit[RSA_NUM] = { 0 }; @@ -1511,11 +1584,11 @@ } FFDH_PARAMS; static const FFDH_PARAMS ffdh_params[FFDH_NUM] = { - {"ffdh2048", NID_ffdhe2048, 2048}, - {"ffdh3072", NID_ffdhe3072, 3072}, - {"ffdh4096", NID_ffdhe4096, 4096}, - {"ffdh6144", NID_ffdhe6144, 6144}, - {"ffdh8192", NID_ffdhe8192, 8192} + { "ffdh2048", NID_ffdhe2048, 2048 }, + { "ffdh3072", NID_ffdhe3072, 3072 }, + { "ffdh4096", NID_ffdhe4096, 4096 }, + { "ffdh6144", NID_ffdhe6144, 6144 }, + { "ffdh8192", NID_ffdhe8192, 8192 } }; uint8_t ffdh_doit[FFDH_NUM] = { 0 }; @@ -1530,44 +1603,44 @@ */ static const EC_CURVE ec_curves[EC_NUM] = { /* Prime Curves */ - {"secp160r1", NID_secp160r1, 160}, - {"nistp192", NID_X9_62_prime192v1, 192}, - {"nistp224", NID_secp224r1, 224}, - {"nistp256", NID_X9_62_prime256v1, 256}, - {"nistp384", NID_secp384r1, 384}, - {"nistp521", NID_secp521r1, 521}, + { "secp160r1", NID_secp160r1, 160 }, + { "nistp192", NID_X9_62_prime192v1, 192 }, + { "nistp224", NID_secp224r1, 224 }, + { "nistp256", NID_X9_62_prime256v1, 256 }, + { "nistp384", NID_secp384r1, 384 }, + { "nistp521", NID_secp521r1, 521 }, #ifndef OPENSSL_NO_EC2M /* Binary Curves */ - {"nistk163", NID_sect163k1, 163}, - {"nistk233", NID_sect233k1, 233}, - {"nistk283", NID_sect283k1, 283}, - {"nistk409", NID_sect409k1, 409}, - {"nistk571", NID_sect571k1, 571}, - {"nistb163", NID_sect163r2, 163}, - {"nistb233", NID_sect233r1, 233}, - {"nistb283", NID_sect283r1, 283}, - {"nistb409", NID_sect409r1, 409}, - {"nistb571", NID_sect571r1, 571}, + { "nistk163", NID_sect163k1, 163 }, + { "nistk233", NID_sect233k1, 233 }, + { "nistk283", NID_sect283k1, 283 }, + { "nistk409", NID_sect409k1, 409 }, + { "nistk571", NID_sect571k1, 571 }, + { "nistb163", NID_sect163r2, 163 }, + { "nistb233", NID_sect233r1, 233 }, + { "nistb283", NID_sect283r1, 283 }, + { "nistb409", NID_sect409r1, 409 }, + { "nistb571", NID_sect571r1, 571 }, #endif - {"brainpoolP256r1", NID_brainpoolP256r1, 256}, - {"brainpoolP256t1", NID_brainpoolP256t1, 256}, - {"brainpoolP384r1", NID_brainpoolP384r1, 384}, - {"brainpoolP384t1", NID_brainpoolP384t1, 384}, - {"brainpoolP512r1", NID_brainpoolP512r1, 512}, - {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + { "brainpoolP256r1", NID_brainpoolP256r1, 256 }, + { "brainpoolP256t1", NID_brainpoolP256t1, 256 }, + { "brainpoolP384r1", NID_brainpoolP384r1, 384 }, + { "brainpoolP384t1", NID_brainpoolP384t1, 384 }, + { "brainpoolP512r1", NID_brainpoolP512r1, 512 }, + { "brainpoolP512t1", NID_brainpoolP512t1, 512 }, /* Other and ECDH only ones */ - {"X25519", NID_X25519, 253}, - {"X448", NID_X448, 448} + { "X25519", NID_X25519, 253 }, + { "X448", NID_X448, 448 } }; static const EC_CURVE ed_curves[EdDSA_NUM] = { /* EdDSA */ - {"Ed25519", NID_ED25519, 253, 64}, - {"Ed448", NID_ED448, 456, 114} + { "Ed25519", NID_ED25519, 253, 64 }, + { "Ed448", NID_ED448, 456, 114 } }; #ifndef OPENSSL_NO_SM2 static const EC_CURVE sm2_curves[SM2_NUM] = { /* SM2 */ - {"CurveSM2", NID_sm2, 256} + { "CurveSM2", NID_sm2, 256 } }; uint8_t sm2_doit[SM2_NUM] = { 0 }; #endif @@ -1575,7 +1648,7 @@ uint8_t ecdh_doit[EC_NUM] = { 0 }; uint8_t eddsa_doit[EdDSA_NUM] = { 0 }; - /* checks declarated curves against choices list. */ + /* checks declared curves against choices list. */ OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448); OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0); @@ -1595,7 +1668,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opterr: + opterr: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -1618,8 +1691,8 @@ if (evp_cipher == NULL && evp_md_name == NULL) { ERR_clear_last_mark(); BIO_printf(bio_err, - "%s: %s is an unknown cipher or digest\n", - prog, opt_arg()); + "%s: %s is an unknown cipher or digest\n", + prog, opt_arg()); goto end; } ERR_pop_to_mark(); @@ -1628,7 +1701,7 @@ case OPT_HMAC: if (!have_md(opt_arg())) { BIO_printf(bio_err, "%s: %s is an unknown digest\n", - prog, opt_arg()); + prog, opt_arg()); goto end; } evp_mac_mdname = opt_arg(); @@ -1637,7 +1710,7 @@ case OPT_CMAC: if (!have_cipher(opt_arg())) { BIO_printf(bio_err, "%s: %s is an unknown cipher\n", - prog, opt_arg()); + prog, opt_arg()); goto end; } evp_mac_ciphername = opt_arg(); @@ -1668,8 +1741,8 @@ async_jobs = atoi(opt_arg()); if (!ASYNC_is_capable()) { BIO_printf(bio_err, - "%s: async_jobs specified but async not supported\n", - prog); + "%s: async_jobs specified but async not supported\n", + prog); goto opterr; } if (async_jobs > 99999) { @@ -1682,7 +1755,7 @@ misalign = opt_int_arg(); if (misalign > MISALIGN) { BIO_printf(bio_err, - "%s: Maximum offset is %d\n", prog, MISALIGN); + "%s: Maximum offset is %d\n", prog, MISALIGN); goto opterr; } break; @@ -1693,8 +1766,8 @@ multiblock = 1; #ifdef OPENSSL_NO_MULTIBLOCK BIO_printf(bio_err, - "%s: -mb specified but multi-block support is disabled\n", - prog); + "%s: -mb specified but multi-block support is disabled\n", + prog); goto end; #endif break; @@ -1711,8 +1784,8 @@ break; case OPT_SECONDS: seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa - = seconds.ecdh = seconds.eddsa - = seconds.sm2 = seconds.ffdh = atoi(opt_arg()); + = seconds.ecdh = seconds.eddsa + = seconds.sm2 = seconds.ffdh = atoi(opt_arg()); break; case OPT_BYTES: lengths_single = atoi(opt_arg()); @@ -1838,10 +1911,9 @@ if (evp_cipher == NULL) { BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n"); goto end; - } else if (!(EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_AEAD_CIPHER)) { + } else if (!(EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { BIO_printf(bio_err, "%s is not an AEAD cipher\n", - EVP_CIPHER_get0_name(evp_cipher)); + EVP_CIPHER_get0_name(evp_cipher)); goto end; } } @@ -1850,10 +1922,9 @@ BIO_printf(bio_err, "-mb can be used only with a multi-block" " capable cipher\n"); goto end; - } else if (!(EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + } else if (!(EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { BIO_printf(bio_err, "%s is not a multi-block capable\n", - EVP_CIPHER_get0_name(evp_cipher)); + EVP_CIPHER_get0_name(evp_cipher)); goto end; } else if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported with -mb"); @@ -1871,8 +1942,7 @@ } loopargs_len = (async_jobs == 0 ? 1 : async_jobs); - loopargs = - app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs"); + loopargs = app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs"); memset(loopargs, 0, loopargs_len * sizeof(loopargs_t)); for (i = 0; i < loopargs_len; i++) { @@ -1885,7 +1955,7 @@ } buflen = lengths[size_num - 1]; - if (buflen < 36) /* size of random vector in RSA benchmark */ + if (buflen < 36) /* size of random vector in RSA benchmark */ buflen = 36; if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) { BIO_printf(bio_err, "Error: buffer size too large\n"); @@ -1932,14 +2002,16 @@ doit[i] = 0; } if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", - app_get0_propq())) != NULL) { + app_get0_propq())) + != NULL) { EVP_MAC_free(mac); mac = NULL; } else { doit[D_GHASH] = 0; } if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", - app_get0_propq())) != NULL) { + app_get0_propq())) + != NULL) { EVP_MAC_free(mac); mac = NULL; } else { @@ -1964,8 +2036,8 @@ if (usertime == 0 && !mr) BIO_printf(bio_err, - "You have chosen to measure elapsed time " - "instead of user CPU time.\n"); + "You have chosen to measure elapsed time " + "instead of user CPU time.\n"); #if SIGALRM > 0 signal(SIGALRM, alarmed); @@ -1974,7 +2046,7 @@ if (doit[D_MD2]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs); d = Time_F(STOP); @@ -1987,7 +2059,7 @@ if (doit[D_MDC2]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs); d = Time_F(STOP); @@ -2000,7 +2072,7 @@ if (doit[D_MD4]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs); d = Time_F(STOP); @@ -2013,7 +2085,7 @@ if (doit[D_MD5]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, MD5_loop, loopargs); d = Time_F(STOP); @@ -2026,7 +2098,7 @@ if (doit[D_SHA1]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA1_loop, loopargs); d = Time_F(STOP); @@ -2039,7 +2111,7 @@ if (doit[D_SHA256]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_SHA256], c[D_SHA256][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA256_loop, loopargs); d = Time_F(STOP); @@ -2052,7 +2124,7 @@ if (doit[D_SHA512]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_SHA512], c[D_SHA512][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA512_loop, loopargs); d = Time_F(STOP); @@ -2065,7 +2137,7 @@ if (doit[D_WHIRLPOOL]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs); d = Time_F(STOP); @@ -2078,7 +2150,7 @@ if (doit[D_RMD160]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_RMD160], c[D_RMD160][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs); d = Time_F(STOP); @@ -2101,12 +2173,10 @@ BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname); names[D_HMAC] = evp_hmac_name; - params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - evp_mac_mdname, 0); - params[1] = - OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - (char *)hmac_key, len); + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + evp_mac_mdname, 0); + params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, + (char *)hmac_key, len); params[2] = OSSL_PARAM_construct_end(); for (i = 0; i < loopargs_len; i++) { @@ -2119,7 +2189,7 @@ } for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, HMAC_loop, loopargs); d = Time_F(STOP); @@ -2138,13 +2208,13 @@ for (i = 0; st && i < loopargs_len; i++) { loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey, - sizeof(deskey) / 3); + sizeof(deskey) / 3); st = loopargs[i].ctx != NULL; } algindex = D_CBC_DES; for (testnum = 0; st && testnum < size_num; testnum++) { print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); d = Time_F(STOP); @@ -2159,16 +2229,15 @@ for (i = 0; st && i < loopargs_len; i++) { loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey, - sizeof(deskey)); + sizeof(deskey)); st = loopargs[i].ctx != NULL; } algindex = D_EDE3_DES; for (testnum = 0; st && testnum < size_num; testnum++) { print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); - count = - run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); + count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); d = Time_F(STOP); print_result(D_EDE3_DES, testnum, count, d); } @@ -2184,16 +2253,15 @@ keylen = 16 + k * 8; for (i = 0; st && i < loopargs_len; i++) { loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], - key32, keylen); + key32, keylen); st = loopargs[i].ctx != NULL; } for (testnum = 0; st && testnum < size_num; testnum++) { print_message(names[algindex], c[algindex][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); - count = - run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); + count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); d = Time_F(STOP); print_result(algindex, testnum, count, d); } @@ -2210,16 +2278,15 @@ keylen = 16 + k * 8; for (i = 0; st && i < loopargs_len; i++) { loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], - key32, keylen); + key32, keylen); st = loopargs[i].ctx != NULL; } for (testnum = 0; st && testnum < size_num; testnum++) { print_message(names[algindex], c[algindex][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); - count = - run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); + count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); d = Time_F(STOP); print_result(algindex, testnum, count, d); } @@ -2235,16 +2302,15 @@ keylen = 16; for (i = 0; st && i < loopargs_len; i++) { loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], - key32, keylen); + key32, keylen); st = loopargs[i].ctx != NULL; } for (testnum = 0; st && testnum < size_num; testnum++) { print_message(names[algindex], c[algindex][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); - count = - run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); + count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); d = Time_F(STOP); print_result(algindex, testnum, count, d); } @@ -2261,10 +2327,10 @@ goto end; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, - "aes-128-gcm", 0); + "aes-128-gcm", 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, - (char *)gmac_iv, - sizeof(gmac_iv) - 1); + (char *)gmac_iv, + sizeof(gmac_iv) - 1); params[2] = OSSL_PARAM_construct_end(); for (i = 0; i < loopargs_len; i++) { @@ -2277,7 +2343,7 @@ } for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, GHASH_loop, loopargs); d = Time_F(STOP); @@ -2294,7 +2360,7 @@ if (doit[D_RAND]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs); d = Time_F(STOP); @@ -2310,12 +2376,11 @@ */ if (doit[D_EVP]) { if (evp_cipher != NULL) { - int (*loopfunc) (void *); + int (*loopfunc)(void *); int outlen = 0; unsigned int ae_mode = 0; - if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) - & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { multiblock_speed(evp_cipher, lengths_single, &seconds); ret = 0; goto end; @@ -2346,7 +2411,7 @@ for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum], - seconds.sym); + seconds.sym); for (k = 0; k < loopargs_len; k++) { loopargs[k].ctx = EVP_CIPHER_CTX_new(); @@ -2362,8 +2427,8 @@ * authenticity and hence decryption will fail. */ if (!EVP_CipherInit_ex(loopargs[k].ctx, - evp_cipher, NULL, NULL, NULL, - ae_mode ? 1 : !decrypt)) { + evp_cipher, NULL, NULL, NULL, + ae_mode ? 1 : !decrypt)) { BIO_printf(bio_err, "\nCouldn't init the context\n"); ERR_print_errors(bio_err); exit(1); @@ -2378,21 +2443,21 @@ if (!ae_mode) { if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, - loopargs[k].key, iv, -1)) { + loopargs[k].key, iv, -1)) { BIO_printf(bio_err, "\nFailed to set the key\n"); ERR_print_errors(bio_err); exit(1); } } else if (mode_op == EVP_CIPH_SIV_MODE) { EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, - EVP_CTRL_SET_SPEED, 1, NULL); + EVP_CTRL_SET_SPEED, 1, NULL); } if (ae_mode && decrypt) { /* Set length of iv (Doesn't apply to SIV mode) */ if (mode_op != EVP_CIPH_SIV_MODE) { if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, - EVP_CTRL_AEAD_SET_IVLEN, - aead_ivlen, NULL)) { + EVP_CTRL_AEAD_SET_IVLEN, + aead_ivlen, NULL)) { BIO_printf(bio_err, "\nFailed to set iv length\n"); ERR_print_errors(bio_err); exit(1); @@ -2402,16 +2467,16 @@ if (mode_op != EVP_CIPH_GCM_MODE && mode_op != EVP_CIPH_SIV_MODE) { if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, - EVP_CTRL_AEAD_SET_TAG, - TAG_LEN, NULL)) { + EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, NULL)) { BIO_printf(bio_err, - "\nFailed to set tag length\n"); + "\nFailed to set tag length\n"); ERR_print_errors(bio_err); exit(1); } } if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, - loopargs[k].key, aead_iv, -1)) { + loopargs[k].key, aead_iv, -1)) { BIO_printf(bio_err, "\nFailed to set the key\n"); ERR_print_errors(bio_err); exit(1); @@ -2419,43 +2484,43 @@ /* Set total length of input. Only required for CCM */ if (mode_op == EVP_CIPH_CCM_MODE) { if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL, - &outlen, NULL, - lengths[testnum])) { + &outlen, NULL, + lengths[testnum])) { BIO_printf(bio_err, - "\nCouldn't set input text length\n"); + "\nCouldn't set input text length\n"); ERR_print_errors(bio_err); exit(1); } } if (aead) { if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL, - &outlen, aad, sizeof(aad))) { + &outlen, aad, sizeof(aad))) { BIO_printf(bio_err, - "\nCouldn't insert AAD when encrypting\n"); + "\nCouldn't insert AAD when encrypting\n"); ERR_print_errors(bio_err); exit(1); } } if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf, - &outlen, loopargs[k].buf, - lengths[testnum])) { + &outlen, loopargs[k].buf, + lengths[testnum])) { BIO_printf(bio_err, - "\nFailed to to encrypt the data\n"); + "\nFailed to to encrypt the data\n"); ERR_print_errors(bio_err); exit(1); } if (!EVP_EncryptFinal_ex(loopargs[k].ctx, - loopargs[k].buf, &outlen)) { + loopargs[k].buf, &outlen)) { BIO_printf(bio_err, - "\nFailed finalize the encryption\n"); + "\nFailed finalize the encryption\n"); ERR_print_errors(bio_err); exit(1); } if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, - EVP_CTRL_AEAD_GET_TAG, - TAG_LEN, &loopargs[k].tag)) { + EVP_CTRL_AEAD_GET_TAG, + TAG_LEN, &loopargs[k].tag)) { BIO_printf(bio_err, "\nFailed to get the tag\n"); ERR_print_errors(bio_err); exit(1); @@ -2465,13 +2530,13 @@ loopargs[k].ctx = EVP_CIPHER_CTX_new(); if (loopargs[k].ctx == NULL) { BIO_printf(bio_err, - "\nEVP_CIPHER_CTX_new failure\n"); + "\nEVP_CIPHER_CTX_new failure\n"); exit(1); } if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, - NULL, NULL, NULL, 0)) { + NULL, NULL, NULL, 0)) { BIO_printf(bio_err, - "\nFailed initializing the context\n"); + "\nFailed initializing the context\n"); ERR_print_errors(bio_err); exit(1); } @@ -2481,7 +2546,7 @@ /* SIV only allows for one Update operation */ if (mode_op == EVP_CIPH_SIV_MODE) EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, - EVP_CTRL_SET_SPEED, 1, NULL); + EVP_CTRL_SET_SPEED, 1, NULL); } } @@ -2499,7 +2564,7 @@ for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum], - seconds.sym); + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs); d = Time_F(STOP); @@ -2532,9 +2597,9 @@ names[D_EVP_CMAC] = evp_cmac_name; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, - evp_mac_ciphername, 0); + evp_mac_ciphername, 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - (char *)key32, keylen); + (char *)key32, keylen); params[2] = OSSL_PARAM_construct_end(); for (i = 0; i < loopargs_len; i++) { @@ -2548,7 +2613,7 @@ for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum], - lengths[testnum], seconds.sym); + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, CMAC_loop, loopargs); d = Time_F(STOP); @@ -2591,7 +2656,8 @@ const unsigned char *p = rsa_keys[testnum].data; st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, - rsa_keys[testnum].length)) != NULL; + rsa_keys[testnum].length)) + != NULL; } for (i = 0; st && i < loopargs_len; i++) { @@ -2600,59 +2666,61 @@ if (loopargs[i].rsa_sign_ctx[testnum] == NULL || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0 || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum], - loopargs[i].buf2, - &loopargs[i].sigsize, - loopargs[i].buf, 36) <= 0) + loopargs[i].buf2, + &loopargs[i].sigsize, + loopargs[i].buf, 36) + <= 0) st = 0; } if (!st) { BIO_printf(bio_err, - "RSA sign setup failure. No RSA sign will be done.\n"); + "RSA sign setup failure. No RSA sign will be done.\n"); ERR_print_errors(bio_err); op_count = 1; } else { pkey_print_message("private", "rsa", - rsa_c[testnum][0], rsa_keys[testnum].bits, - seconds.rsa); + rsa_c[testnum][0], rsa_keys[testnum].bits, + seconds.rsa); /* RSA_blinding_on(rsa_key[testnum],NULL); */ Time_F(START); count = run_benchmark(async_jobs, RSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R1:%ld:%d:%.2f\n" - : "%ld %u bits private RSA's in %.2fs\n", - count, rsa_keys[testnum].bits, d); + mr ? "+R1:%ld:%d:%.2f\n" + : "%ld %u bits private RSA's in %.2fs\n", + count, rsa_keys[testnum].bits, d); rsa_results[testnum][0] = (double)count / d; op_count = count; } for (i = 0; st && i < loopargs_len; i++) { loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, - NULL); + NULL); if (loopargs[i].rsa_verify_ctx[testnum] == NULL || EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0 || EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum], - loopargs[i].buf2, - loopargs[i].sigsize, - loopargs[i].buf, 36) <= 0) + loopargs[i].buf2, + loopargs[i].sigsize, + loopargs[i].buf, 36) + <= 0) st = 0; } if (!st) { BIO_printf(bio_err, - "RSA verify setup failure. No RSA verify will be done.\n"); + "RSA verify setup failure. No RSA verify will be done.\n"); ERR_print_errors(bio_err); rsa_doit[testnum] = 0; } else { pkey_print_message("public", "rsa", - rsa_c[testnum][1], rsa_keys[testnum].bits, - seconds.rsa); + rsa_c[testnum][1], rsa_keys[testnum].bits, + seconds.rsa); Time_F(START); count = run_benchmark(async_jobs, RSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R2:%ld:%d:%.2f\n" - : "%ld %u bits public RSA's in %.2fs\n", - count, rsa_keys[testnum].bits, d); + mr ? "+R2:%ld:%d:%.2f\n" + : "%ld %u bits public RSA's in %.2fs\n", + count, rsa_keys[testnum].bits, d); rsa_results[testnum][1] = (double)count / d; } @@ -2674,64 +2742,66 @@ for (i = 0; st && i < loopargs_len; i++) { loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key, - NULL); + NULL); loopargs[i].sigsize = loopargs[i].buflen; if (loopargs[i].dsa_sign_ctx[testnum] == NULL || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0 || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum], - loopargs[i].buf2, - &loopargs[i].sigsize, - loopargs[i].buf, 20) <= 0) + loopargs[i].buf2, + &loopargs[i].sigsize, + loopargs[i].buf, 20) + <= 0) st = 0; } if (!st) { BIO_printf(bio_err, - "DSA sign setup failure. No DSA sign will be done.\n"); + "DSA sign setup failure. No DSA sign will be done.\n"); ERR_print_errors(bio_err); op_count = 1; } else { pkey_print_message("sign", "dsa", - dsa_c[testnum][0], dsa_bits[testnum], - seconds.dsa); + dsa_c[testnum][0], dsa_bits[testnum], + seconds.dsa); Time_F(START); count = run_benchmark(async_jobs, DSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R3:%ld:%u:%.2f\n" - : "%ld %u bits DSA signs in %.2fs\n", - count, dsa_bits[testnum], d); + mr ? "+R3:%ld:%u:%.2f\n" + : "%ld %u bits DSA signs in %.2fs\n", + count, dsa_bits[testnum], d); dsa_results[testnum][0] = (double)count / d; op_count = count; } for (i = 0; st && i < loopargs_len; i++) { loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key, - NULL); + NULL); if (loopargs[i].dsa_verify_ctx[testnum] == NULL || EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0 || EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum], - loopargs[i].buf2, - loopargs[i].sigsize, - loopargs[i].buf, 36) <= 0) + loopargs[i].buf2, + loopargs[i].sigsize, + loopargs[i].buf, 36) + <= 0) st = 0; } if (!st) { BIO_printf(bio_err, - "DSA verify setup failure. No DSA verify will be done.\n"); + "DSA verify setup failure. No DSA verify will be done.\n"); ERR_print_errors(bio_err); dsa_doit[testnum] = 0; } else { pkey_print_message("verify", "dsa", - dsa_c[testnum][1], dsa_bits[testnum], - seconds.dsa); + dsa_c[testnum][1], dsa_bits[testnum], + seconds.dsa); Time_F(START); count = run_benchmark(async_jobs, DSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R4:%ld:%u:%.2f\n" - : "%ld %u bits DSA verify in %.2fs\n", - count, dsa_bits[testnum], d); + mr ? "+R4:%ld:%u:%.2f\n" + : "%ld %u bits DSA verify in %.2fs\n", + count, dsa_bits[testnum], d); dsa_results[testnum][1] = (double)count / d; } @@ -2753,64 +2823,66 @@ for (i = 0; st && i < loopargs_len; i++) { loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key, - NULL); + NULL); loopargs[i].sigsize = loopargs[i].buflen; if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0 || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum], - loopargs[i].buf2, - &loopargs[i].sigsize, - loopargs[i].buf, 20) <= 0) + loopargs[i].buf2, + &loopargs[i].sigsize, + loopargs[i].buf, 20) + <= 0) st = 0; } if (!st) { BIO_printf(bio_err, - "ECDSA sign setup failure. No ECDSA sign will be done.\n"); + "ECDSA sign setup failure. No ECDSA sign will be done.\n"); ERR_print_errors(bio_err); op_count = 1; } else { pkey_print_message("sign", "ecdsa", - ecdsa_c[testnum][0], ec_curves[testnum].bits, - seconds.ecdsa); + ecdsa_c[testnum][0], ec_curves[testnum].bits, + seconds.ecdsa); Time_F(START); count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R5:%ld:%u:%.2f\n" - : "%ld %u bits ECDSA signs in %.2fs\n", - count, ec_curves[testnum].bits, d); + mr ? "+R5:%ld:%u:%.2f\n" + : "%ld %u bits ECDSA signs in %.2fs\n", + count, ec_curves[testnum].bits, d); ecdsa_results[testnum][0] = (double)count / d; op_count = count; } for (i = 0; st && i < loopargs_len; i++) { loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key, - NULL); + NULL); if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL || EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0 || EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum], - loopargs[i].buf2, - loopargs[i].sigsize, - loopargs[i].buf, 20) <= 0) + loopargs[i].buf2, + loopargs[i].sigsize, + loopargs[i].buf, 20) + <= 0) st = 0; } if (!st) { BIO_printf(bio_err, - "ECDSA verify setup failure. No ECDSA verify will be done.\n"); + "ECDSA verify setup failure. No ECDSA verify will be done.\n"); ERR_print_errors(bio_err); ecdsa_doit[testnum] = 0; } else { pkey_print_message("verify", "ecdsa", - ecdsa_c[testnum][1], ec_curves[testnum].bits, - seconds.ecdsa); + ecdsa_c[testnum][1], ec_curves[testnum].bits, + seconds.ecdsa); Time_F(START); count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R6:%ld:%u:%.2f\n" - : "%ld %u bits ECDSA verify in %.2fs\n", - count, ec_curves[testnum].bits, d); + mr ? "+R6:%ld:%u:%.2f\n" + : "%ld %u bits ECDSA verify in %.2fs\n", + count, ec_curves[testnum].bits, d); ecdsa_results[testnum][1] = (double)count / d; } @@ -2871,7 +2943,7 @@ /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */ if (CRYPTO_memcmp(loopargs[i].secret_a, - loopargs[i].secret_b, outlen)) { + loopargs[i].secret_b, outlen)) { ecdh_checks = 0; BIO_printf(bio_err, "ECDH computations don't match.\n"); ERR_print_errors(bio_err); @@ -2889,16 +2961,14 @@ } if (ecdh_checks != 0) { pkey_print_message("", "ecdh", - ecdh_c[testnum][0], - ec_curves[testnum].bits, seconds.ecdh); + ecdh_c[testnum][0], + ec_curves[testnum].bits, seconds.ecdh); Time_F(START); - count = - run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs); + count = run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R7:%ld:%d:%.2f\n" : - "%ld %u-bits ECDH ops in %.2fs\n", count, - ec_curves[testnum].bits, d); + mr ? "+R7:%ld:%d:%.2f\n" : "%ld %u-bits ECDH ops in %.2fs\n", count, + ec_curves[testnum].bits, d); ecdh_results[testnum][0] = (double)count / d; op_count = count; } @@ -2915,7 +2985,7 @@ EVP_PKEY_CTX *ed_pctx = NULL; if (!eddsa_doit[testnum]) - continue; /* Ignore Curve */ + continue; /* Ignore Curve */ for (i = 0; i < loopargs_len; i++) { loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new(); if (loopargs[i].eddsa_ctx[testnum] == NULL) { @@ -2929,7 +2999,8 @@ } if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid, - NULL)) == NULL + NULL)) + == NULL || EVP_PKEY_keygen_init(ed_pctx) <= 0 || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) { st = 0; @@ -2939,13 +3010,13 @@ EVP_PKEY_CTX_free(ed_pctx); if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL, - NULL, ed_pkey)) { + NULL, ed_pkey)) { st = 0; EVP_PKEY_free(ed_pkey); break; } if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL, - NULL, NULL, ed_pkey)) { + NULL, NULL, ed_pkey)) { st = 0; EVP_PKEY_free(ed_pkey); break; @@ -2963,57 +3034,56 @@ /* Perform EdDSA signature test */ loopargs[i].sigsize = ed_curves[testnum].sigsize; st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum], - loopargs[i].buf2, &loopargs[i].sigsize, - loopargs[i].buf, 20); + loopargs[i].buf2, &loopargs[i].sigsize, + loopargs[i].buf, 20); if (st == 0) break; } if (st == 0) { BIO_printf(bio_err, - "EdDSA sign failure. No EdDSA sign will be done.\n"); + "EdDSA sign failure. No EdDSA sign will be done.\n"); ERR_print_errors(bio_err); op_count = 1; } else { pkey_print_message("sign", ed_curves[testnum].name, - eddsa_c[testnum][0], - ed_curves[testnum].bits, seconds.eddsa); + eddsa_c[testnum][0], + ed_curves[testnum].bits, seconds.eddsa); Time_F(START); count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R8:%ld:%u:%s:%.2f\n" : - "%ld %u bits %s signs in %.2fs \n", - count, ed_curves[testnum].bits, - ed_curves[testnum].name, d); + mr ? "+R8:%ld:%u:%s:%.2f\n" : "%ld %u bits %s signs in %.2fs \n", + count, ed_curves[testnum].bits, + ed_curves[testnum].name, d); eddsa_results[testnum][0] = (double)count / d; op_count = count; } /* Perform EdDSA verification test */ for (i = 0; i < loopargs_len; i++) { st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum], - loopargs[i].buf2, loopargs[i].sigsize, - loopargs[i].buf, 20); + loopargs[i].buf2, loopargs[i].sigsize, + loopargs[i].buf, 20); if (st != 1) break; } if (st != 1) { BIO_printf(bio_err, - "EdDSA verify failure. No EdDSA verify will be done.\n"); + "EdDSA verify failure. No EdDSA verify will be done.\n"); ERR_print_errors(bio_err); eddsa_doit[testnum] = 0; } else { pkey_print_message("verify", ed_curves[testnum].name, - eddsa_c[testnum][1], - ed_curves[testnum].bits, seconds.eddsa); + eddsa_c[testnum][1], + ed_curves[testnum].bits, seconds.eddsa); Time_F(START); count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R9:%ld:%u:%s:%.2f\n" - : "%ld %u bits %s verify in %.2fs\n", - count, ed_curves[testnum].bits, - ed_curves[testnum].name, d); + mr ? "+R9:%ld:%u:%s:%.2f\n" + : "%ld %u bits %s verify in %.2fs\n", + count, ed_curves[testnum].bits, + ed_curves[testnum].name, d); eddsa_results[testnum][1] = (double)count / d; } @@ -3030,7 +3100,7 @@ EVP_PKEY *sm2_pkey = NULL; if (!sm2_doit[testnum]) - continue; /* Ignore Curve */ + continue; /* Ignore Curve */ /* Init signing and verification */ for (i = 0; i < loopargs_len; i++) { EVP_PKEY_CTX *sm2_pctx = NULL; @@ -3041,7 +3111,7 @@ loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new(); loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new(); if (loopargs[i].sm2_ctx[testnum] == NULL - || loopargs[i].sm2_vfy_ctx[testnum] == NULL) + || loopargs[i].sm2_vfy_ctx[testnum] == NULL) break; sm2_pkey = NULL; @@ -3049,7 +3119,8 @@ st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL || EVP_PKEY_keygen_init(pctx) <= 0 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, - sm2_curves[testnum].nid) <= 0 + sm2_curves[testnum].nid) + <= 0 || EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0); EVP_PKEY_CTX_free(pctx); if (st == 0) @@ -3080,12 +3151,12 @@ break; if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL, - EVP_sm3(), NULL, sm2_pkey)) + EVP_sm3(), NULL, sm2_pkey)) break; if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL, - EVP_sm3(), NULL, sm2_pkey)) + EVP_sm3(), NULL, sm2_pkey)) break; - st = 1; /* mark loop as succeeded */ + st = 1; /* mark loop as succeeded */ } if (st == 0) { BIO_printf(bio_err, "SM2 init failure.\n"); @@ -3095,29 +3166,28 @@ for (i = 0; i < loopargs_len; i++) { /* Perform SM2 signature test */ st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum], - loopargs[i].buf2, &loopargs[i].sigsize, - loopargs[i].buf, 20); + loopargs[i].buf2, &loopargs[i].sigsize, + loopargs[i].buf, 20); if (st == 0) break; } if (st == 0) { BIO_printf(bio_err, - "SM2 sign failure. No SM2 sign will be done.\n"); + "SM2 sign failure. No SM2 sign will be done.\n"); ERR_print_errors(bio_err); op_count = 1; } else { pkey_print_message("sign", sm2_curves[testnum].name, - sm2_c[testnum][0], - sm2_curves[testnum].bits, seconds.sm2); + sm2_c[testnum][0], + sm2_curves[testnum].bits, seconds.sm2); Time_F(START); count = run_benchmark(async_jobs, SM2_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R10:%ld:%u:%s:%.2f\n" : - "%ld %u bits %s signs in %.2fs \n", - count, sm2_curves[testnum].bits, - sm2_curves[testnum].name, d); + mr ? "+R10:%ld:%u:%s:%.2f\n" : "%ld %u bits %s signs in %.2fs \n", + count, sm2_curves[testnum].bits, + sm2_curves[testnum].name, d); sm2_results[testnum][0] = (double)count / d; op_count = count; } @@ -3125,28 +3195,28 @@ /* Perform SM2 verification test */ for (i = 0; i < loopargs_len; i++) { st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum], - loopargs[i].buf2, loopargs[i].sigsize, - loopargs[i].buf, 20); + loopargs[i].buf2, loopargs[i].sigsize, + loopargs[i].buf, 20); if (st != 1) break; } if (st != 1) { BIO_printf(bio_err, - "SM2 verify failure. No SM2 verify will be done.\n"); + "SM2 verify failure. No SM2 verify will be done.\n"); ERR_print_errors(bio_err); sm2_doit[testnum] = 0; } else { pkey_print_message("verify", sm2_curves[testnum].name, - sm2_c[testnum][1], - sm2_curves[testnum].bits, seconds.sm2); + sm2_c[testnum][1], + sm2_curves[testnum].bits, seconds.sm2); Time_F(START); count = run_benchmark(async_jobs, SM2_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R11:%ld:%u:%s:%.2f\n" - : "%ld %u bits %s verify in %.2fs\n", - count, sm2_curves[testnum].bits, - sm2_curves[testnum].name, d); + mr ? "+R11:%ld:%u:%s:%.2f\n" + : "%ld %u bits %s verify in %.2fs\n", + count, sm2_curves[testnum].bits, + sm2_curves[testnum].name, d); sm2_results[testnum][1] = (double)count / d; } @@ -3157,7 +3227,7 @@ } } } -#endif /* OPENSSL_NO_SM2 */ +#endif /* OPENSSL_NO_SM2 */ #ifndef OPENSSL_NO_DH for (testnum = 0; testnum < FFDH_NUM; testnum++) { @@ -3177,7 +3247,7 @@ /* Ensure that the error queue is empty */ if (ERR_peek_error()) { BIO_printf(bio_err, - "WARNING: the error queue contains previous unhandled errors.\n"); + "WARNING: the error queue contains previous unhandled errors.\n"); ERR_print_errors(bio_err); } @@ -3222,8 +3292,7 @@ break; } - if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 || - EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) { + if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 || EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) { BIO_printf(bio_err, "FFDH key generation failure.\n"); ERR_print_errors(bio_err); op_count = 1; @@ -3274,8 +3343,9 @@ break; } if (EVP_PKEY_derive(ffdh_ctx, - loopargs[i].secret_ff_a, - &secret_size) <= 0) { + loopargs[i].secret_ff_a, + &secret_size) + <= 0) { BIO_printf(bio_err, "Shared secret derive failure.\n"); ERR_print_errors(bio_err); op_count = 1; @@ -3291,11 +3361,7 @@ ffdh_checks = 0; break; } - if (EVP_PKEY_derive_init(test_ctx) <= 0 || - EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 || - EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 || - EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 || - test_out != secret_size) { + if (EVP_PKEY_derive_init(test_ctx) <= 0 || EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 || EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 || EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 || test_out != secret_size) { BIO_printf(bio_err, "FFDH computation failure.\n"); op_count = 1; ffdh_checks = 0; @@ -3304,7 +3370,7 @@ /* compare the computed secrets */ if (CRYPTO_memcmp(loopargs[i].secret_ff_a, - loopargs[i].secret_ff_b, secret_size)) { + loopargs[i].secret_ff_b, secret_size)) { BIO_printf(bio_err, "FFDH computations don't match.\n"); ERR_print_errors(bio_err); op_count = 1; @@ -3323,15 +3389,13 @@ } if (ffdh_checks != 0) { pkey_print_message("", "ffdh", ffdh_c[testnum][0], - ffdh_params[testnum].bits, seconds.ffdh); + ffdh_params[testnum].bits, seconds.ffdh); Time_F(START); - count = - run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs); + count = run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R12:%ld:%d:%.2f\n" : - "%ld %u-bits FFDH ops in %.2fs\n", count, - ffdh_params[testnum].bits, d); + mr ? "+R12:%ld:%d:%.2f\n" : "%ld %u-bits FFDH ops in %.2fs\n", count, + ffdh_params[testnum].bits, d); ffdh_results[testnum][0] = (double)count / d; op_count = count; } @@ -3340,9 +3404,9 @@ stop_it(ffdh_doit, testnum); } } -#endif /* OPENSSL_NO_DH */ +#endif /* OPENSSL_NO_DH */ #ifndef NO_FORK - show_res: +show_res: #endif if (!mr) { printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING)); @@ -3399,11 +3463,11 @@ } if (mr) printf("+F2:%u:%u:%f:%f\n", - k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]); + k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]); else printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", - rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1], - rsa_results[k][0], rsa_results[k][1]); + rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1], + rsa_results[k][0], rsa_results[k][1]); } testnum = 1; for (k = 0; k < DSA_NUM; k++) { @@ -3415,11 +3479,11 @@ } if (mr) printf("+F3:%u:%u:%f:%f\n", - k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]); + k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]); else printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", - dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1], - dsa_results[k][0], dsa_results[k][1]); + dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1], + dsa_results[k][0], dsa_results[k][1]); } testnum = 1; for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) { @@ -3432,13 +3496,13 @@ if (mr) printf("+F4:%u:%u:%f:%f\n", - k, ec_curves[k].bits, - ecdsa_results[k][0], ecdsa_results[k][1]); + k, ec_curves[k].bits, + ecdsa_results[k][0], ecdsa_results[k][1]); else printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - ec_curves[k].bits, ec_curves[k].name, - 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1], - ecdsa_results[k][0], ecdsa_results[k][1]); + ec_curves[k].bits, ec_curves[k].name, + 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1], + ecdsa_results[k][0], ecdsa_results[k][1]); } testnum = 1; @@ -3451,13 +3515,13 @@ } if (mr) printf("+F5:%u:%u:%f:%f\n", - k, ec_curves[k].bits, - ecdh_results[k][0], 1.0 / ecdh_results[k][0]); + k, ec_curves[k].bits, + ecdh_results[k][0], 1.0 / ecdh_results[k][0]); else printf("%4u bits ecdh (%s) %8.4fs %8.1f\n", - ec_curves[k].bits, ec_curves[k].name, - 1.0 / ecdh_results[k][0], ecdh_results[k][0]); + ec_curves[k].bits, ec_curves[k].name, + 1.0 / ecdh_results[k][0], ecdh_results[k][0]); } testnum = 1; @@ -3471,13 +3535,13 @@ if (mr) printf("+F6:%u:%u:%s:%f:%f\n", - k, ed_curves[k].bits, ed_curves[k].name, - eddsa_results[k][0], eddsa_results[k][1]); + k, ed_curves[k].bits, ed_curves[k].name, + eddsa_results[k][0], eddsa_results[k][1]); else printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - ed_curves[k].bits, ed_curves[k].name, - 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1], - eddsa_results[k][0], eddsa_results[k][1]); + ed_curves[k].bits, ed_curves[k].name, + 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1], + eddsa_results[k][0], eddsa_results[k][1]); } #ifndef OPENSSL_NO_SM2 @@ -3492,13 +3556,13 @@ if (mr) printf("+F7:%u:%u:%s:%f:%f\n", - k, sm2_curves[k].bits, sm2_curves[k].name, - sm2_results[k][0], sm2_results[k][1]); + k, sm2_curves[k].bits, sm2_curves[k].name, + sm2_results[k][0], sm2_results[k][1]); else printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - sm2_curves[k].bits, sm2_curves[k].name, - 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1], - sm2_results[k][0], sm2_results[k][1]); + sm2_curves[k].bits, sm2_curves[k].name, + 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1], + sm2_results[k][0], sm2_results[k][1]); } #endif #ifndef OPENSSL_NO_DH @@ -3512,19 +3576,19 @@ } if (mr) printf("+F8:%u:%u:%f:%f\n", - k, ffdh_params[k].bits, - ffdh_results[k][0], 1.0 / ffdh_results[k][0]); + k, ffdh_params[k].bits, + ffdh_results[k][0], 1.0 / ffdh_results[k][0]); else printf("%4u bits ffdh %8.4fs %8.1f\n", - ffdh_params[k].bits, - 1.0 / ffdh_results[k][0], ffdh_results[k][0]); + ffdh_params[k].bits, + 1.0 / ffdh_results[k][0], ffdh_results[k][0]); } #endif /* OPENSSL_NO_DH */ ret = 0; - end: +end: ERR_print_errors(bio_err); for (i = 0; i < loopargs_len; i++) { OPENSSL_free(loopargs[i].buf_malloc); @@ -3598,19 +3662,21 @@ static void print_message(const char *s, long num, int length, int tm) { BIO_printf(bio_err, - mr ? "+DT:%s:%d:%d\n" - : "Doing %s for %ds on %d size blocks: ", s, tm, length); + mr ? "+DT:%s:%d:%d\n" + : "Doing %s for %ds on %d size blocks: ", + s, tm, length); (void)BIO_flush(bio_err); run = 1; alarm(tm); } static void pkey_print_message(const char *str, const char *str2, long num, - unsigned int bits, int tm) + unsigned int bits, int tm) { BIO_printf(bio_err, - mr ? "+DTP:%d:%s:%s:%d\n" - : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); + mr ? "+DTP:%d:%s:%s:%d\n" + : "Doing %u bits %s %s's for %ds: ", + bits, str, str2, tm); (void)BIO_flush(bio_err); run = 1; alarm(tm); @@ -3624,8 +3690,9 @@ return; } BIO_printf(bio_err, - mr ? "+R:%d:%s:%f\n" - : "%d %s's in %.2fs\n", count, names[alg], time_used); + mr ? "+R:%d:%s:%f\n" + : "%d %s's in %.2fs\n", + count, names[alg], time_used); results[alg][run_no] = ((double)count) / time_used * lengths[run_no]; } @@ -3700,7 +3767,7 @@ if ((f = fdopen(fds[n], "r")) == NULL) { BIO_printf(bio_err, "fdopen failure with 0x%x\n", - errno); + errno); OPENSSL_free(fds); return 1; } @@ -3710,8 +3777,8 @@ *p = '\0'; if (buf[0] != '+') { BIO_printf(bio_err, - "Don't understand line '%s' from child %d\n", buf, - n); + "Don't understand line '%s' from child %d\n", buf, + n); continue; } printf("Got: %s from %d\n", buf, n); @@ -3787,7 +3854,7 @@ d = atof(sstrsep(&p, sep)); eddsa_results[k][1] += d; -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 } else if (strncmp(buf, "+F7:", 4) == 0) { int k; double d; @@ -3802,8 +3869,8 @@ d = atof(sstrsep(&p, sep)); sm2_results[k][1] += d; -# endif /* OPENSSL_NO_SM2 */ -# ifndef OPENSSL_NO_DH +#endif /* OPENSSL_NO_SM2 */ +#ifndef OPENSSL_NO_DH } else if (strncmp(buf, "+F8:", 4) == 0) { int k; double d; @@ -3814,12 +3881,12 @@ d = atof(sstrsep(&p, sep)); ffdh_results[k][0] += d; -# endif /* OPENSSL_NO_DH */ +#endif /* OPENSSL_NO_DH */ } else if (strncmp(buf, "+H:", 3) == 0) { ; } else { BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, - n); + n); } } @@ -3830,14 +3897,14 @@ while (wait(&status) == -1) if (errno != EINTR) { BIO_printf(bio_err, "Waitng for child failed with 0x%x\n", - errno); + errno); return 1; } if (WIFEXITED(status) && WEXITSTATUS(status)) { BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status)); } else if (WIFSIGNALED(status)) { BIO_printf(bio_err, "Child terminated by signal %d\n", - WTERMSIG(status)); + WTERMSIG(status)); } } return 1; @@ -3845,10 +3912,9 @@ #endif static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, - const openssl_speed_sec_t *seconds) + const openssl_speed_sec_t *seconds) { - static const int mblengths_list[] = - { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 }; + static const int mblengths_list[] = { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 }; const int *mblengths = mblengths_list; int j, count, keylen, num = OSSL_NELEM(mblengths_list); const char *alg_name; @@ -3880,7 +3946,8 @@ OPENSSL_clear_free(key, keylen); if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, - sizeof(no_key), no_key) <= 0) + sizeof(no_key), no_key) + <= 0) app_bail_out("failed to set AEAD key\n"); if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL) app_bail_out("failed to get cipher name\n"); @@ -3893,11 +3960,11 @@ size_t len = mblengths[j]; int packlen; - memset(aad, 0, 8); /* avoid uninitialized values */ - aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */ - aad[9] = 3; /* version */ + memset(aad, 0, 8); /* avoid uninitialized values */ + aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */ + aad[9] = 3; /* version */ aad[10] = 2; - aad[11] = 0; /* length */ + aad[11] = 0; /* length */ aad[12] = 0; mb_param.out = NULL; mb_param.inp = aad; @@ -3905,15 +3972,15 @@ mb_param.interleave = 8; packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, - sizeof(mb_param), &mb_param); + sizeof(mb_param), &mb_param); if (packlen > 0) { mb_param.out = out; mb_param.inp = inp; mb_param.len = len; (void)EVP_CIPHER_CTX_ctrl(ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, - sizeof(mb_param), &mb_param); + EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, + sizeof(mb_param), &mb_param); } else { int pad; @@ -3923,13 +3990,12 @@ aad[11] = (unsigned char)(len >> 8); aad[12] = (unsigned char)(len); pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, - EVP_AEAD_TLS1_AAD_LEN, aad); + EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(ctx, out, inp, len + pad); } } d = Time_F(STOP); - BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n" - : "%d %s's in %.2fs\n", count, "evp", d); + BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n" : "%d %s's in %.2fs\n", count, "evp", d); results[D_EVP][j] = ((double)count) / d * mblengths[j]; } @@ -3944,7 +4010,7 @@ fprintf(stdout, "\n"); } else { fprintf(stdout, - "The 'numbers' are in 1000s of bytes per second processed.\n"); + "The 'numbers' are in 1000s of bytes per second processed.\n"); fprintf(stdout, "type "); for (j = 0; j < num; j++) fprintf(stdout, "%7d bytes", mblengths[j]); @@ -3960,7 +4026,7 @@ fprintf(stdout, "\n"); } - err: +err: OPENSSL_free(inp); OPENSSL_free(out); EVP_CIPHER_CTX_free(ctx); --- crypto/openssl/apps/spkac.c.orig +++ crypto/openssl/apps/spkac.c @@ -22,38 +22,48 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT, - OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC, - OPT_SPKSECT, OPT_KEYFORM, OPT_DIGEST, + OPT_NOOUT, + OPT_PUBKEY, + OPT_VERIFY, + OPT_IN, + OPT_OUT, + OPT_ENGINE, + OPT_KEY, + OPT_CHALLENGE, + OPT_PASSIN, + OPT_SPKAC, + OPT_SPKSECT, + OPT_KEYFORM, + OPT_DIGEST, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS spkac_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"spksect", OPT_SPKSECT, 's', - "Specify the name of an SPKAC-dedicated section of configuration"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "spksect", OPT_SPKSECT, 's', + "Specify the name of an SPKAC-dedicated section of configuration" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"key", OPT_KEY, '<', "Create SPKAC using private key"}, - {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"challenge", OPT_CHALLENGE, 's', "Challenge string"}, - {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, + { "in", OPT_IN, '<', "Input file" }, + { "key", OPT_KEY, '<', "Create SPKAC using private key" }, + { "keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "challenge", OPT_CHALLENGE, 's', "Challenge string" }, + { "spkac", OPT_SPKAC, 's', "Alternative SPKAC name" }, OPT_SECTION("Output"), - {"digest", OPT_DIGEST, 's', "Sign new SPKAC with the specified digest (default: MD5)" }, - {"out", OPT_OUT, '>', "Output file"}, - {"noout", OPT_NOOUT, '-', "Don't print SPKAC"}, - {"pubkey", OPT_PUBKEY, '-', "Output public key"}, - {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"}, + { "digest", OPT_DIGEST, 's', "Sign new SPKAC with the specified digest (default: MD5)" }, + { "out", OPT_OUT, '>', "Output file" }, + { "noout", OPT_NOOUT, '-', "Don't print SPKAC" }, + { "pubkey", OPT_PUBKEY, '-', "Output public key" }, + { "verify", OPT_VERIFY, '-', "Verify SPKAC signature" }, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; int spkac_main(int argc, char **argv) @@ -78,7 +88,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -147,7 +157,7 @@ goto end; pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, - keyformat, 1, passin, e, "private key"); + keyformat, 1, passin, e, "private key"); if (pkey == NULL) goto end; spki = NETSCAPE_SPKI_new(); @@ -155,7 +165,7 @@ goto end; if (challenge != NULL) ASN1_STRING_set(spki->spkac->challenge, - challenge, (int)strlen(challenge)); + challenge, (int)strlen(challenge)); if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) { BIO_printf(bio_err, "Error setting public key\n"); goto end; @@ -221,7 +231,7 @@ ret = 0; - end: +end: EVP_MD_free(md); NCONF_free(conf); NETSCAPE_SPKI_free(spki); --- crypto/openssl/apps/srp.c.orig +++ crypto/openssl/apps/srp.c @@ -28,12 +28,11 @@ #include "apps.h" #include "progs.h" -#define BASE_SECTION "srp" +#define BASE_SECTION "srp" #define CONFIG_FILE "openssl.cnf" - -#define ENV_DATABASE "srpvfile" -#define ENV_DEFAULT_SRP "default_srp" +#define ENV_DATABASE "srpvfile" +#define ENV_DEFAULT_SRP "default_srp" static int get_index(CA_DB *db, char *id, char type) { @@ -86,9 +85,8 @@ if (pp[DB_srptype][0] != 'I') { print_entry(db, userindex, verbose, "User entry"); print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose, - "g N entry"); + "g N entry"); } - } } @@ -120,8 +118,8 @@ } static char *srp_verify_user(const char *user, const char *srp_verifier, - char *srp_usersalt, const char *g, const char *N, - const char *passin, int verbose) + char *srp_usersalt, const char *g, const char *N, + const char *passin, int verbose) { char password[1025]; PW_CB_DATA cb_tmp; @@ -132,19 +130,20 @@ cb_tmp.prompt_info = user; cb_tmp.password = passin; - len = password_callback(password, sizeof(password)-1, 0, &cb_tmp); + len = password_callback(password, sizeof(password) - 1, 0, &cb_tmp); if (len > 0) { password[len] = 0; if (verbose) BIO_printf(bio_err, - "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", - user, srp_verifier, srp_usersalt, g, N); + "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", + user, srp_verifier, srp_usersalt, g, N); if (verbose > 1) BIO_printf(bio_err, "Pass %s\n", password); OPENSSL_assert(srp_usersalt != NULL); if ((gNid = SRP_create_verifier(user, password, &srp_usersalt, - &verifier, N, g)) == NULL) { + &verifier, N, g)) + == NULL) { BIO_printf(bio_err, "Internal error validating SRP verifier\n"); } else { if (strcmp(verifier, srp_verifier)) @@ -157,8 +156,8 @@ } static char *srp_create_user(char *user, char **srp_verifier, - char **srp_usersalt, char *g, char *N, - char *passout, int verbose) + char **srp_usersalt, char *g, char *N, + char *passout, int verbose) { char password[1025]; PW_CB_DATA cb_tmp; @@ -168,14 +167,15 @@ cb_tmp.prompt_info = user; cb_tmp.password = passout; - len = password_callback(password, sizeof(password)-1, 1, &cb_tmp); + len = password_callback(password, sizeof(password) - 1, 1, &cb_tmp); if (len > 0) { password[len] = 0; if (verbose) BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", - user, g, N); + user, g, N); if ((gNid = SRP_create_verifier(user, password, &salt, - srp_verifier, N, g)) == NULL) { + srp_verifier, N, g)) + == NULL) { BIO_printf(bio_err, "Internal error creating SRP verifier\n"); } else { *srp_usersalt = salt; @@ -183,50 +183,61 @@ OPENSSL_cleanse(password, len); if (verbose > 1) BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", - gNid, salt, *srp_verifier); - + gNid, salt, *srp_verifier); } return gNid; } typedef enum OPTION_choice { OPT_COMMON, - OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD, - OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO, - OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM, OPT_PROV_ENUM + OPT_VERBOSE, + OPT_CONFIG, + OPT_NAME, + OPT_SRPVFILE, + OPT_ADD, + OPT_DELETE, + OPT_MODIFY, + OPT_LIST, + OPT_GN, + OPT_USERINFO, + OPT_PASSIN, + OPT_PASSOUT, + OPT_ENGINE, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS srp_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [user...]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [user...]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"}, - {"config", OPT_CONFIG, '<', "A config file"}, - {"name", OPT_NAME, 's', "The particular srp definition to use"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "verbose", OPT_VERBOSE, '-', "Talk a lot while doing things" }, + { "config", OPT_CONFIG, '<', "A config file" }, + { "name", OPT_NAME, 's', "The particular srp definition to use" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Action"), - {"add", OPT_ADD, '-', "Add a user and SRP verifier"}, - {"modify", OPT_MODIFY, '-', "Modify the SRP verifier of an existing user"}, - {"delete", OPT_DELETE, '-', "Delete user from verifier file"}, - {"list", OPT_LIST, '-', "List users"}, + { "add", OPT_ADD, '-', "Add a user and SRP verifier" }, + { "modify", OPT_MODIFY, '-', "Modify the SRP verifier of an existing user" }, + { "delete", OPT_DELETE, '-', "Delete user from verifier file" }, + { "list", OPT_LIST, '-', "List users" }, OPT_SECTION("Configuration"), - {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"}, - {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"}, - {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, + { "srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name" }, + { "gn", OPT_GN, 's', "Set g and N values to be used for new verifier" }, + { "userinfo", OPT_USERINFO, 's', "Additional info to be set for user" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"user", 0, 0, "Username(s) to process (optional)"}, - {NULL} + { "user", 0, 0, "Username(s) to process (optional)" }, + { NULL } }; int srp_main(int argc, char **argv) @@ -248,7 +259,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -273,8 +284,8 @@ case OPT_LIST: if (mode != OPT_ERR) { BIO_printf(bio_err, - "%s: Only one of -add/-delete/-modify/-list\n", - prog); + "%s: Only one of -add/-delete/-modify/-list\n", + prog); goto opthelp; } mode = o; @@ -314,12 +325,12 @@ if (srpvfile != NULL && configfile != NULL) { BIO_printf(bio_err, - "-srpvfile and -configfile cannot be specified together.\n"); + "-srpvfile and -configfile cannot be specified together.\n"); goto end; } if (mode == OPT_ERR) { BIO_printf(bio_err, - "Exactly one of the options -add, -delete, -modify -list must be specified.\n"); + "Exactly one of the options -add, -delete, -modify -list must be specified.\n"); goto opthelp; } if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) { @@ -331,7 +342,7 @@ } if ((passinarg != NULL || passoutarg != NULL) && argc != 1) { BIO_printf(bio_err, - "-passin, -passout arguments only valid with one user.\n"); + "-passin, -passout arguments only valid with one user.\n"); goto opthelp; } @@ -354,8 +365,8 @@ if (section == NULL) { if (verbose) BIO_printf(bio_err, - "trying to read " ENV_DEFAULT_SRP - " in " BASE_SECTION "\n"); + "trying to read " ENV_DEFAULT_SRP + " in " BASE_SECTION "\n"); section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP); if (section == NULL) @@ -366,8 +377,8 @@ if (verbose) BIO_printf(bio_err, - "trying to read " ENV_DATABASE " in section \"%s\"\n", - section); + "trying to read " ENV_DATABASE " in section \"%s\"\n", + section); srpvfile = lookup_conf(conf, section, ENV_DATABASE); if (srpvfile == NULL) @@ -376,7 +387,7 @@ if (verbose) BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", - srpvfile); + srpvfile); db = load_index(srpvfile, NULL); if (db == NULL) { @@ -431,14 +442,13 @@ print_user(db, i, 1); } else if (userindex < 0) { BIO_printf(bio_err, - "user \"%s\" does not exist, ignored. t\n", user); + "user \"%s\" does not exist, ignored. t\n", user); errors++; } } else if (mode == OPT_ADD) { if (userindex >= 0) { /* reactivation of a new user */ - char **row = - sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); row[DB_srptype][0] = 'V'; @@ -449,16 +459,14 @@ row[DB_srpverifier] = NULL; row[DB_srpsalt] = NULL; row[DB_srpinfo] = NULL; - if (! - (gNid = - srp_create_user(user, &(row[DB_srpverifier]), - &(row[DB_srpsalt]), - gNrow ? gNrow[DB_srpsalt] : gN, - gNrow ? gNrow[DB_srpverifier] : NULL, - passout, verbose))) { + if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), + &(row[DB_srpsalt]), + gNrow ? gNrow[DB_srpsalt] : gN, + gNrow ? gNrow[DB_srpverifier] : NULL, + passout, verbose))) { BIO_printf(bio_err, - "Cannot create srp verifier for user \"%s\", operation abandoned .\n", - user); + "Cannot create srp verifier for user \"%s\", operation abandoned .\n", + user); errors++; goto end; } @@ -487,18 +495,17 @@ } else if (mode == OPT_MODIFY) { if (userindex < 0) { BIO_printf(bio_err, - "user \"%s\" does not exist, operation ignored.\n", - user); + "user \"%s\" does not exist, operation ignored.\n", + user); errors++; } else { - char **row = - sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); char type = row[DB_srptype][0]; if (type == 'v') { BIO_printf(bio_err, - "user \"%s\" already updated, operation ignored.\n", - user); + "user \"%s\" already updated, operation ignored.\n", + user); errors++; } else { char *gNid; @@ -508,40 +515,35 @@ char **irow = NULL; if (verbose) BIO_printf(bio_err, - "Verifying password for user \"%s\"\n", - user); - if ((user_gN = - get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) - irow = - sk_OPENSSL_PSTRING_value(db->db->data, - userindex); - - if (!srp_verify_user - (user, row[DB_srpverifier], row[DB_srpsalt], - irow ? irow[DB_srpsalt] : row[DB_srpgN], - irow ? irow[DB_srpverifier] : NULL, passin, - verbose)) { + "Verifying password for user \"%s\"\n", + user); + if ((user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) + irow = sk_OPENSSL_PSTRING_value(db->db->data, + userindex); + + if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], + irow ? irow[DB_srpsalt] : row[DB_srpgN], + irow ? irow[DB_srpverifier] : NULL, passin, + verbose)) { BIO_printf(bio_err, - "Invalid password for user \"%s\", operation abandoned.\n", - user); + "Invalid password for user \"%s\", operation abandoned.\n", + user); errors++; goto end; } } if (verbose) BIO_printf(bio_err, "Password for user \"%s\" ok.\n", - user); - - if (! - (gNid = - srp_create_user(user, &(row[DB_srpverifier]), - &(row[DB_srpsalt]), - gNrow ? gNrow[DB_srpsalt] : NULL, - gNrow ? gNrow[DB_srpverifier] : NULL, - passout, verbose))) { + user); + + if (!(gNid = srp_create_user(user, &(row[DB_srpverifier]), + &(row[DB_srpsalt]), + gNrow ? gNrow[DB_srpsalt] : NULL, + gNrow ? gNrow[DB_srpverifier] : NULL, + passout, verbose))) { BIO_printf(bio_err, - "Cannot create srp verifier for user \"%s\", operation abandoned.\n", - user); + "Cannot create srp verifier for user \"%s\", operation abandoned.\n", + user); errors++; goto end; } @@ -565,8 +567,8 @@ } else if (mode == OPT_DELETE) { if (userindex < 0) { BIO_printf(bio_err, - "user \"%s\" does not exist, operation ignored. t\n", - user); + "user \"%s\" does not exist, operation ignored. t\n", + user); errors++; } else { char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); @@ -612,7 +614,7 @@ } ret = (errors != 0); - end: +end: if (errors != 0) if (verbose) BIO_printf(bio_err, "User errors %d.\n", errors); --- crypto/openssl/apps/storeutl.c.orig +++ crypto/openssl/apps/storeutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,57 +14,67 @@ #include #include #include -#include /* s2i_ASN1_INTEGER */ +#include /* s2i_ASN1_INTEGER */ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, - int expected, int criterion, OSSL_STORE_SEARCH *search, - int text, int noout, int recursive, int indent, BIO *out, - const char *prog, OSSL_LIB_CTX *libctx); + int expected, int criterion, OSSL_STORE_SEARCH *search, + int text, int noout, int recursive, int indent, BIO *out, + const char *prog, OSSL_LIB_CTX *libctx); typedef enum OPTION_choice { OPT_COMMON, - OPT_ENGINE, OPT_OUT, OPT_PASSIN, - OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE, - OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS, - OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL, - OPT_CRITERION_FINGERPRINT, OPT_CRITERION_ALIAS, - OPT_MD, OPT_PROV_ENUM + OPT_ENGINE, + OPT_OUT, + OPT_PASSIN, + OPT_NOOUT, + OPT_TEXT, + OPT_RECURSIVE, + OPT_SEARCHFOR_CERTS, + OPT_SEARCHFOR_KEYS, + OPT_SEARCHFOR_CRLS, + OPT_CRITERION_SUBJECT, + OPT_CRITERION_ISSUER, + OPT_CRITERION_SERIAL, + OPT_CRITERION_FINGERPRINT, + OPT_CRITERION_ALIAS, + OPT_MD, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS storeutl_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"", OPT_MD, '-', "Any supported digest"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "", OPT_MD, '-', "Any supported digest" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_SECTION("Search"), - {"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"}, - {"keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only"}, - {"crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only"}, - {"subject", OPT_CRITERION_SUBJECT, 's', "Search by subject"}, - {"issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name"}, - {"serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number"}, - {"fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex"}, - {"alias", OPT_CRITERION_ALIAS, 's', "Search by alias"}, - {"r", OPT_RECURSIVE, '-', "Recurse through names"}, + { "certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only" }, + { "keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only" }, + { "crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only" }, + { "subject", OPT_CRITERION_SUBJECT, 's', "Search by subject" }, + { "issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name" }, + { "serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number" }, + { "fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex" }, + { "alias", OPT_CRITERION_ALIAS, 's', "Search by alias" }, + { "r", OPT_RECURSIVE, '-', "Recurse through names" }, OPT_SECTION("Input"), - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"text", OPT_TEXT, '-', "Print a text form of the objects"}, - {"noout", OPT_NOOUT, '-', "No PEM output, just status"}, + { "out", OPT_OUT, '>', "Output file - default stdout" }, + { "text", OPT_TEXT, '-', "Print a text form of the objects" }, + { "noout", OPT_NOOUT, '-', "No PEM output, just status" }, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"uri", 0, 0, "URI of the store object"}, - {NULL} + { "uri", 0, 0, "URI of the store object" }, + { NULL } }; int storeutl_main(int argc, char *argv[]) @@ -91,7 +101,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -118,7 +128,7 @@ case OPT_SEARCHFOR_CRLS: if (expected != 0) { BIO_printf(bio_err, "%s: only one search type can be given.\n", - prog); + prog); goto end; } { @@ -126,9 +136,9 @@ enum OPTION_choice choice; int type; } map[] = { - {OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT}, - {OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY}, - {OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL}, + { OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT }, + { OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY }, + { OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL }, }; size_t i; @@ -148,13 +158,13 @@ case OPT_CRITERION_SUBJECT: if (criterion != 0) { BIO_printf(bio_err, "%s: criterion already given.\n", - prog); + prog); goto end; } criterion = OSSL_STORE_SEARCH_BY_NAME; if (subject != NULL) { BIO_printf(bio_err, "%s: subject already given.\n", - prog); + prog); goto end; } subject = parse_name(opt_arg(), MBSTRING_UTF8, 1, "subject"); @@ -165,13 +175,13 @@ if (criterion != 0 && criterion != OSSL_STORE_SEARCH_BY_ISSUER_SERIAL) { BIO_printf(bio_err, "%s: criterion already given.\n", - prog); + prog); goto end; } criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; if (issuer != NULL) { BIO_printf(bio_err, "%s: issuer already given.\n", - prog); + prog); goto end; } issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1, "issuer"); @@ -182,33 +192,31 @@ if (criterion != 0 && criterion != OSSL_STORE_SEARCH_BY_ISSUER_SERIAL) { BIO_printf(bio_err, "%s: criterion already given.\n", - prog); + prog); goto end; } criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; if (serial != NULL) { BIO_printf(bio_err, "%s: serial number already given.\n", - prog); + prog); goto end; } if ((serial = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) { BIO_printf(bio_err, "%s: can't parse serial number argument.\n", - prog); + prog); goto end; } break; case OPT_CRITERION_FINGERPRINT: - if (criterion != 0 - || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT - && fingerprint != NULL)) { + if (criterion != 0) { BIO_printf(bio_err, "%s: criterion already given.\n", - prog); + prog); goto end; } criterion = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT; if (fingerprint != NULL) { BIO_printf(bio_err, "%s: fingerprint already given.\n", - prog); + prog); goto end; } { @@ -217,8 +225,8 @@ if ((fingerprint = OPENSSL_hexstr2buf(opt_arg(), &tmplen)) == NULL) { BIO_printf(bio_err, - "%s: can't parse fingerprint argument.\n", - prog); + "%s: can't parse fingerprint argument.\n", + prog); goto end; } fingerprintlen = (size_t)tmplen; @@ -227,18 +235,18 @@ case OPT_CRITERION_ALIAS: if (criterion != 0) { BIO_printf(bio_err, "%s: criterion already given.\n", - prog); + prog); goto end; } criterion = OSSL_STORE_SEARCH_BY_ALIAS; if (alias != NULL) { BIO_printf(bio_err, "%s: alias already given.\n", - prog); + prog); goto end; } if ((alias = OPENSSL_strdup(opt_arg())) == NULL) { BIO_printf(bio_err, "%s: can't parse alias argument.\n", - prog); + prog); goto end; } break; @@ -277,8 +285,8 @@ case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL: if (issuer == NULL || serial == NULL) { BIO_printf(bio_err, - "%s: both -issuer and -serial must be given.\n", - prog); + "%s: both -issuer and -serial must be given.\n", + prog); goto end; } if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial)) @@ -289,8 +297,8 @@ break; case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT: if ((search = OSSL_STORE_SEARCH_by_key_fingerprint(digest, - fingerprint, - fingerprintlen)) + fingerprint, + fingerprintlen)) == NULL) { ERR_print_errors(bio_err); goto end; @@ -317,10 +325,10 @@ goto end; ret = process(argv[0], get_ui_method(), &pw_cb_data, - expected, criterion, search, - text, noout, recursive, 0, out, prog, libctx); + expected, criterion, search, + text, noout, recursive, 0, out, prog, libctx); - end: +end: EVP_MD_free(digest); OPENSSL_free(fingerprint); OPENSSL_free(alias); @@ -337,26 +345,34 @@ static int indent_printf(int indent, BIO *bio, const char *format, ...) { va_list args; - int ret; + int ret, vret; + + ret = BIO_printf(bio, "%*s", indent, ""); + if (ret < 0) + return ret; va_start(args, format); + vret = BIO_vprintf(bio, format, args); + va_end(args); - ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args); + if (vret < 0) + return vret; + if (vret > INT_MAX - ret) + return INT_MAX; - va_end(args); - return ret; + return ret + vret; } static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, - int expected, int criterion, OSSL_STORE_SEARCH *search, - int text, int noout, int recursive, int indent, BIO *out, - const char *prog, OSSL_LIB_CTX *libctx) + int expected, int criterion, OSSL_STORE_SEARCH *search, + int text, int noout, int recursive, int indent, BIO *out, + const char *prog, OSSL_LIB_CTX *libctx) { OSSL_STORE_CTX *store_ctx = NULL; int ret = 1, items = 0; if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata, - NULL, NULL, NULL)) + NULL, NULL, NULL)) == NULL) { BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri); ERR_print_errors(bio_err); @@ -373,8 +389,8 @@ if (criterion != 0) { if (!OSSL_STORE_supports_search(store_ctx, criterion)) { BIO_printf(bio_err, - "%s: the store scheme doesn't support the given search criteria.\n", - prog); + "%s: the store scheme doesn't support the given search criteria.\n", + prog); goto end2; } @@ -390,8 +406,7 @@ for (;;) { OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx); int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); - const char *infostr = - info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); + const char *infostr = info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); if (info == NULL) { if (OSSL_STORE_error(store_ctx)) { @@ -409,8 +424,8 @@ break; BIO_printf(bio_err, - "ERROR: OSSL_STORE_load() returned NULL without " - "eof or error indications\n"); + "ERROR: OSSL_STORE_load() returned NULL without " + "eof or error indications\n"); BIO_printf(bio_err, " This is an error in the loader\n"); ERR_print_errors(bio_err); ret++; @@ -421,7 +436,7 @@ const char *name = OSSL_STORE_INFO_get0_NAME(info); const char *desc = OSSL_STORE_INFO_get0_NAME_description(info); indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr, - name); + name); if (desc != NULL) indent_printf(indent, bio_out, "%s\n", desc); } else { @@ -438,33 +453,33 @@ if (recursive) { const char *suburi = OSSL_STORE_INFO_get0_NAME(info); ret += process(suburi, uimeth, uidata, - expected, criterion, search, - text, noout, recursive, indent + 2, out, prog, - libctx); + expected, criterion, search, + text, noout, recursive, indent + 2, out, prog, + libctx); } break; case OSSL_STORE_INFO_PARAMS: if (text) EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info), - 0, NULL); + 0, NULL); if (!noout) PEM_write_bio_Parameters(out, - OSSL_STORE_INFO_get0_PARAMS(info)); + OSSL_STORE_INFO_get0_PARAMS(info)); break; case OSSL_STORE_INFO_PUBKEY: if (text) EVP_PKEY_print_public(out, OSSL_STORE_INFO_get0_PUBKEY(info), - 0, NULL); + 0, NULL); if (!noout) PEM_write_bio_PUBKEY(out, OSSL_STORE_INFO_get0_PUBKEY(info)); break; case OSSL_STORE_INFO_PKEY: if (text) EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info), - 0, NULL); + 0, NULL); if (!noout) PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info), - NULL, NULL, 0, NULL, NULL); + NULL, NULL, 0, NULL, NULL); break; case OSSL_STORE_INFO_CERT: if (text) @@ -488,7 +503,7 @@ } indent_printf(indent, out, "Total found: %d\n", items); - end2: +end2: if (!OSSL_STORE_close(store_ctx)) { ERR_print_errors(bio_err); ret++; --- crypto/openssl/apps/testdsa.h.orig +++ crypto/openssl/apps/testdsa.h @@ -13,45 +13,274 @@ EVP_PKEY *get_dsa(int); static unsigned char dsa512_priv[] = { - 0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c, - 0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2, + 0x65, + 0xe5, + 0xc7, + 0x38, + 0x60, + 0x24, + 0xb5, + 0x89, + 0xd4, + 0x9c, + 0xeb, + 0x4c, + 0x9c, + 0x1d, + 0x7a, + 0x22, + 0xbd, + 0xd1, + 0xc2, + 0xd2, }; static unsigned char dsa512_pub[] = { - 0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07, - 0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a, - 0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e, - 0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12, - 0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84, - 0xbe, 0xba, 0x0a, 0x6b, 0xc8, + 0x00, + 0x95, + 0xa7, + 0x0d, + 0xec, + 0x93, + 0x68, + 0xba, + 0x5f, + 0xf7, + 0x5f, + 0x07, + 0xf2, + 0x3b, + 0xad, + 0x6b, + 0x01, + 0xdc, + 0xbe, + 0xec, + 0xde, + 0x04, + 0x7a, + 0x3a, + 0x27, + 0xb3, + 0xec, + 0x49, + 0xfd, + 0x08, + 0x43, + 0x3d, + 0x7e, + 0xa8, + 0x2c, + 0x5e, + 0x7b, + 0xbb, + 0xfc, + 0xf4, + 0x6e, + 0xeb, + 0x6c, + 0xb0, + 0x6e, + 0xf8, + 0x02, + 0x12, + 0x8c, + 0x38, + 0x5d, + 0x83, + 0x56, + 0x7d, + 0xee, + 0x53, + 0x05, + 0x3e, + 0x24, + 0x84, + 0xbe, + 0xba, + 0x0a, + 0x6b, + 0xc8, }; static unsigned char dsa512_p[] = { - 0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86, - 0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0, - 0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9, - 0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD, - 0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66, - 0xA2, 0x76, 0x7D, 0x31, + 0x9D, + 0x1B, + 0x69, + 0x8E, + 0x26, + 0xDB, + 0xF2, + 0x2B, + 0x11, + 0x70, + 0x19, + 0x86, + 0xF6, + 0x19, + 0xC8, + 0xF8, + 0x19, + 0xF2, + 0x18, + 0x53, + 0x94, + 0x46, + 0x06, + 0xD0, + 0x62, + 0x50, + 0x33, + 0x4B, + 0x02, + 0x3C, + 0x52, + 0x30, + 0x03, + 0x8B, + 0x3B, + 0xF9, + 0x5F, + 0xD1, + 0x24, + 0x06, + 0x4F, + 0x7B, + 0x4C, + 0xBA, + 0xAA, + 0x40, + 0x9B, + 0xFD, + 0x96, + 0xE4, + 0x37, + 0x33, + 0xBB, + 0x2D, + 0x5A, + 0xD7, + 0x5A, + 0x11, + 0x40, + 0x66, + 0xA2, + 0x76, + 0x7D, + 0x31, }; static unsigned char dsa512_q[] = { - 0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A, - 0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F, + 0xFB, + 0x53, + 0xEF, + 0x50, + 0xB4, + 0x40, + 0x92, + 0x31, + 0x56, + 0x86, + 0x53, + 0x7A, + 0xE8, + 0x8B, + 0x22, + 0x9A, + 0x49, + 0xFB, + 0x71, + 0x8F, }; static unsigned char dsa512_g[] = { - 0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49, - 0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9, - 0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF, - 0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE, - 0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12, - 0xA2, 0x03, 0x9D, 0x20, + 0x83, + 0x3E, + 0x88, + 0xE5, + 0xC5, + 0x89, + 0x73, + 0xCE, + 0x3B, + 0x6C, + 0x01, + 0x49, + 0xBF, + 0xB3, + 0xC7, + 0x9F, + 0x0A, + 0xEA, + 0x44, + 0x91, + 0xE5, + 0x30, + 0xAA, + 0xD9, + 0xBE, + 0x5B, + 0x5F, + 0xB7, + 0x10, + 0xD7, + 0x89, + 0xB7, + 0x8E, + 0x74, + 0xFB, + 0xCF, + 0x29, + 0x1E, + 0xEB, + 0xA8, + 0x2C, + 0x54, + 0x51, + 0xB8, + 0x10, + 0xDE, + 0xA0, + 0xCE, + 0x2F, + 0xCC, + 0x24, + 0x6B, + 0x90, + 0x77, + 0xDE, + 0xA2, + 0x68, + 0xA6, + 0x52, + 0x12, + 0xA2, + 0x03, + 0x9D, + 0x20, }; static unsigned char dsa1024_priv[] = { - 0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8, - 0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18, + 0x7d, + 0x21, + 0xda, + 0xbb, + 0x62, + 0x15, + 0x47, + 0x36, + 0x07, + 0x67, + 0x12, + 0xe8, + 0x8c, + 0xaa, + 0x1c, + 0xcd, + 0x38, + 0x12, + 0x61, + 0x18, }; static unsigned char dsa1024_pub[] = { @@ -69,121 +298,1111 @@ }; static unsigned char dsa1024_p[] = { - 0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47, - 0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D, - 0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73, - 0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9, - 0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5, - 0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E, - 0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7, - 0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95, - 0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE, - 0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80, - 0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49, + 0xA7, + 0x3F, + 0x6E, + 0x85, + 0xBF, + 0x41, + 0x6A, + 0x29, + 0x7D, + 0xF0, + 0x9F, + 0x47, + 0x19, + 0x30, + 0x90, + 0x9A, + 0x09, + 0x1D, + 0xDA, + 0x6A, + 0x33, + 0x1E, + 0xC5, + 0x3D, + 0x86, + 0x96, + 0xB3, + 0x15, + 0xE0, + 0x53, + 0x2E, + 0x8F, + 0xE0, + 0x59, + 0x82, + 0x73, + 0x90, + 0x3E, + 0x75, + 0x31, + 0x99, + 0x47, + 0x7A, + 0x52, + 0xFB, + 0x85, + 0xE4, + 0xD9, + 0xA6, + 0x7B, + 0x38, + 0x9B, + 0x68, + 0x8A, + 0x84, + 0x9B, + 0x87, + 0xC6, + 0x1E, + 0xB5, + 0x7E, + 0x86, + 0x4B, + 0x53, + 0x5B, + 0x59, + 0xCF, + 0x71, + 0x65, + 0x19, + 0x88, + 0x6E, + 0xCE, + 0x66, + 0xAE, + 0x6B, + 0x88, + 0x36, + 0xFB, + 0xEC, + 0x28, + 0xDC, + 0xC2, + 0xD7, + 0xA5, + 0xBB, + 0xE5, + 0x2C, + 0x39, + 0x26, + 0x4B, + 0xDA, + 0x9A, + 0x70, + 0x18, + 0x95, + 0x37, + 0x95, + 0x10, + 0x56, + 0x23, + 0xF6, + 0x15, + 0xED, + 0xBA, + 0x04, + 0x5E, + 0xDE, + 0x39, + 0x4F, + 0xFD, + 0xB7, + 0x43, + 0x1F, + 0xB5, + 0xA4, + 0x65, + 0x6F, + 0xCD, + 0x80, + 0x11, + 0xE4, + 0x70, + 0x95, + 0x5B, + 0x50, + 0xCD, + 0x49, }; static unsigned char dsa1024_q[] = { - 0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C, - 0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F, + 0xF7, + 0x07, + 0x31, + 0xED, + 0xFA, + 0x6C, + 0x06, + 0x03, + 0xD5, + 0x85, + 0x8A, + 0x1C, + 0xAC, + 0x9C, + 0x65, + 0xE7, + 0x50, + 0x66, + 0x65, + 0x6F, }; static unsigned char dsa1024_g[] = { - 0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46, - 0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D, - 0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88, - 0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18, - 0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61, - 0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F, - 0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16, - 0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6, - 0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5, - 0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5, - 0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8, + 0x4D, + 0xDF, + 0x4C, + 0x03, + 0xA6, + 0x91, + 0x8A, + 0xF5, + 0x19, + 0x6F, + 0x50, + 0x46, + 0x25, + 0x99, + 0xE5, + 0x68, + 0x6F, + 0x30, + 0xE3, + 0x69, + 0xE1, + 0xE5, + 0xB3, + 0x5D, + 0x98, + 0xBB, + 0x28, + 0x86, + 0x48, + 0xFC, + 0xDE, + 0x99, + 0x04, + 0x3F, + 0x5F, + 0x88, + 0x0C, + 0x9C, + 0x73, + 0x24, + 0x0D, + 0x20, + 0x5D, + 0xB9, + 0x2A, + 0x9A, + 0x3F, + 0x18, + 0x96, + 0x27, + 0xE4, + 0x62, + 0x87, + 0xC1, + 0x7B, + 0x74, + 0x62, + 0x53, + 0xFC, + 0x61, + 0x27, + 0xA8, + 0x7A, + 0x91, + 0x09, + 0x9D, + 0xB6, + 0xF1, + 0x4D, + 0x9C, + 0x54, + 0x0F, + 0x58, + 0x06, + 0xEE, + 0x49, + 0x74, + 0x07, + 0xCE, + 0x55, + 0x7E, + 0x23, + 0xCE, + 0x16, + 0xF6, + 0xCA, + 0xDC, + 0x5A, + 0x61, + 0x01, + 0x7E, + 0xC9, + 0x71, + 0xB5, + 0x4D, + 0xF6, + 0xDC, + 0x34, + 0x29, + 0x87, + 0x68, + 0xF6, + 0x5E, + 0x20, + 0x93, + 0xB3, + 0xDB, + 0xF5, + 0xE4, + 0x09, + 0x6C, + 0x41, + 0x17, + 0x95, + 0x92, + 0xEB, + 0x01, + 0xB5, + 0x73, + 0xA5, + 0x6A, + 0x7E, + 0xD8, + 0x32, + 0xED, + 0x0E, + 0x02, + 0xB8, }; static unsigned char dsa2048_priv[] = { - 0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45, - 0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7, + 0x32, + 0x67, + 0x92, + 0xf6, + 0xc4, + 0xe2, + 0xe2, + 0xe8, + 0xa0, + 0x8b, + 0x6b, + 0x45, + 0x0c, + 0x8a, + 0x76, + 0xb0, + 0xee, + 0xcf, + 0x91, + 0xa7, }; static unsigned char dsa2048_pub[] = { - 0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0, - 0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd, - 0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47, - 0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53, - 0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f, - 0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50, - 0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9, - 0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a, - 0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d, - 0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24, - 0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03, - 0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36, - 0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34, - 0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14, - 0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04, - 0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8, - 0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9, - 0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51, - 0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d, - 0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18, - 0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33, - 0x8b, 0x33, 0xb7, 0xce, + 0x17, + 0x8f, + 0xa8, + 0x11, + 0x84, + 0x92, + 0xec, + 0x83, + 0x47, + 0xc7, + 0x6a, + 0xb0, + 0x92, + 0xaf, + 0x5a, + 0x20, + 0x37, + 0xa3, + 0x64, + 0x79, + 0xd2, + 0xd0, + 0x3d, + 0xcd, + 0xe0, + 0x61, + 0x88, + 0x88, + 0x21, + 0xcc, + 0x74, + 0x5d, + 0xce, + 0x4c, + 0x51, + 0x47, + 0xf0, + 0xc5, + 0x5c, + 0x4c, + 0x82, + 0x7a, + 0xaf, + 0x72, + 0xad, + 0xb9, + 0xe0, + 0x53, + 0xf2, + 0x78, + 0xb7, + 0xf0, + 0xb5, + 0x48, + 0x7f, + 0x8a, + 0x3a, + 0x18, + 0xd1, + 0x9f, + 0x8b, + 0x7d, + 0xa5, + 0x47, + 0xb7, + 0x95, + 0xab, + 0x98, + 0xf8, + 0x7b, + 0x74, + 0x50, + 0x56, + 0x8e, + 0x57, + 0xf0, + 0xee, + 0xf5, + 0xb7, + 0xba, + 0xab, + 0x85, + 0x86, + 0xf9, + 0x2b, + 0xef, + 0x41, + 0x56, + 0xa0, + 0xa4, + 0x9f, + 0xb7, + 0x38, + 0x00, + 0x46, + 0x0a, + 0xa6, + 0xf1, + 0xfc, + 0x1f, + 0xd8, + 0x4e, + 0x85, + 0x44, + 0x92, + 0x43, + 0x21, + 0x5d, + 0x6e, + 0xcc, + 0xc2, + 0xcb, + 0x26, + 0x31, + 0x0d, + 0x21, + 0xc4, + 0xbd, + 0x8d, + 0x24, + 0xbc, + 0xd9, + 0x18, + 0x19, + 0xd7, + 0xdc, + 0xf1, + 0xe7, + 0x93, + 0x50, + 0x48, + 0x03, + 0x2c, + 0xae, + 0x2e, + 0xe7, + 0x49, + 0x88, + 0x5f, + 0x93, + 0x57, + 0x27, + 0x99, + 0x36, + 0xb4, + 0x20, + 0xab, + 0xfc, + 0xa7, + 0x2b, + 0xf2, + 0xd9, + 0x98, + 0xd7, + 0xd4, + 0x34, + 0x9d, + 0x96, + 0x50, + 0x58, + 0x9a, + 0xea, + 0x54, + 0xf3, + 0xee, + 0xf5, + 0x63, + 0x14, + 0xee, + 0x85, + 0x83, + 0x74, + 0x76, + 0xe1, + 0x52, + 0x95, + 0xc3, + 0xf7, + 0xeb, + 0x04, + 0x04, + 0x7b, + 0xa7, + 0x28, + 0x1b, + 0xcc, + 0xea, + 0x4a, + 0x4e, + 0x84, + 0xda, + 0xd8, + 0x9c, + 0x79, + 0xd8, + 0x9b, + 0x66, + 0x89, + 0x2f, + 0xcf, + 0xac, + 0xd7, + 0x79, + 0xf9, + 0xa9, + 0xd8, + 0x45, + 0x13, + 0x78, + 0xb9, + 0x00, + 0x14, + 0xc9, + 0x7e, + 0x22, + 0x51, + 0x86, + 0x67, + 0xb0, + 0x9f, + 0x26, + 0x11, + 0x23, + 0xc8, + 0x38, + 0xd7, + 0x70, + 0x1d, + 0x15, + 0x8e, + 0x4d, + 0x4f, + 0x95, + 0x97, + 0x40, + 0xa1, + 0xc2, + 0x7e, + 0x01, + 0x18, + 0x72, + 0xf4, + 0x10, + 0xe6, + 0x8d, + 0x52, + 0x16, + 0x7f, + 0xf2, + 0xc9, + 0xf8, + 0x33, + 0x8b, + 0x33, + 0xb7, + 0xce, }; static unsigned char dsa2048_p[] = { - 0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F, - 0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81, - 0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2, - 0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E, - 0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19, - 0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58, - 0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B, - 0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C, - 0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF, - 0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56, - 0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51, - 0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62, - 0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18, - 0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72, - 0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C, - 0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5, - 0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4, - 0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8, - 0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F, - 0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A, - 0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE, - 0xF8, 0x68, 0xCF, 0x9B, + 0xA0, + 0x25, + 0xFA, + 0xAD, + 0xF4, + 0x8E, + 0xB9, + 0xE5, + 0x99, + 0xF3, + 0x5D, + 0x6F, + 0x4F, + 0x83, + 0x34, + 0xE2, + 0x7E, + 0xCF, + 0x6F, + 0xBF, + 0x30, + 0xAF, + 0x6F, + 0x81, + 0xEB, + 0xF8, + 0xC4, + 0x13, + 0xD9, + 0xA0, + 0x5D, + 0x8B, + 0x5C, + 0x8E, + 0xDC, + 0xC2, + 0x1D, + 0x0B, + 0x41, + 0x32, + 0xB0, + 0x1F, + 0xFE, + 0xEF, + 0x0C, + 0xC2, + 0xA2, + 0x7E, + 0x68, + 0x5C, + 0x28, + 0x21, + 0xE9, + 0xF5, + 0xB1, + 0x58, + 0x12, + 0x63, + 0x4C, + 0x19, + 0x4E, + 0xFF, + 0x02, + 0x4B, + 0x92, + 0xED, + 0xD2, + 0x07, + 0x11, + 0x4D, + 0x8C, + 0x58, + 0x16, + 0x5C, + 0x55, + 0x8E, + 0xAD, + 0xA3, + 0x67, + 0x7D, + 0xB9, + 0x86, + 0x6E, + 0x0B, + 0xE6, + 0x54, + 0x6F, + 0x40, + 0xAE, + 0x0E, + 0x67, + 0x4C, + 0xF9, + 0x12, + 0x5B, + 0x3C, + 0x08, + 0x7A, + 0xF7, + 0xFC, + 0x67, + 0x86, + 0x69, + 0xE7, + 0x0A, + 0x94, + 0x40, + 0xBF, + 0x8B, + 0x76, + 0xFE, + 0x26, + 0xD1, + 0xF2, + 0xA1, + 0x1A, + 0x84, + 0xA1, + 0x43, + 0x56, + 0x28, + 0xBC, + 0x9A, + 0x5F, + 0xD7, + 0x3B, + 0x69, + 0x89, + 0x8A, + 0x36, + 0x2C, + 0x51, + 0xDF, + 0x12, + 0x77, + 0x2F, + 0x57, + 0x7B, + 0xA0, + 0xAA, + 0xDD, + 0x7F, + 0xA1, + 0x62, + 0x3B, + 0x40, + 0x7B, + 0x68, + 0x1A, + 0x8F, + 0x0D, + 0x38, + 0xBB, + 0x21, + 0x5D, + 0x18, + 0xFC, + 0x0F, + 0x46, + 0xF7, + 0xA3, + 0xB0, + 0x1D, + 0x23, + 0xC3, + 0xD2, + 0xC7, + 0x72, + 0x51, + 0x18, + 0xDF, + 0x46, + 0x95, + 0x79, + 0xD9, + 0xBD, + 0xB5, + 0x19, + 0x02, + 0x2C, + 0x87, + 0xDC, + 0xE7, + 0x57, + 0x82, + 0x7E, + 0xF1, + 0x8B, + 0x06, + 0x3D, + 0x00, + 0xA5, + 0x7B, + 0x6B, + 0x26, + 0x27, + 0x91, + 0x0F, + 0x6A, + 0x77, + 0xE4, + 0xD5, + 0x04, + 0xE4, + 0x12, + 0x2C, + 0x42, + 0xFF, + 0xD2, + 0x88, + 0xBB, + 0xD3, + 0x92, + 0xA0, + 0xF9, + 0xC8, + 0x51, + 0x64, + 0x14, + 0x5C, + 0xD8, + 0xF9, + 0x6C, + 0x47, + 0x82, + 0xB4, + 0x1C, + 0x7F, + 0x09, + 0xB8, + 0xF0, + 0x25, + 0x83, + 0x1D, + 0x3F, + 0x3F, + 0x05, + 0xB3, + 0x21, + 0x0A, + 0x5D, + 0xA7, + 0xD8, + 0x54, + 0xC3, + 0x65, + 0x7D, + 0xC3, + 0xB0, + 0x1D, + 0xBF, + 0xAE, + 0xF8, + 0x68, + 0xCF, + 0x9B, }; static unsigned char dsa2048_q[] = { - 0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6, - 0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B, + 0x97, + 0xE7, + 0x33, + 0x4D, + 0xD3, + 0x94, + 0x3E, + 0x0B, + 0xDB, + 0x62, + 0x74, + 0xC6, + 0xA1, + 0x08, + 0xDD, + 0x19, + 0xA3, + 0x75, + 0x17, + 0x1B, }; static unsigned char dsa2048_g[] = { - 0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5, - 0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E, - 0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C, - 0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E, - 0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29, - 0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8, - 0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D, - 0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A, - 0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F, - 0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B, - 0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E, - 0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7, - 0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40, - 0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6, - 0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5, - 0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5, - 0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72, - 0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64, - 0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01, - 0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99, - 0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E, - 0xF8, 0xB2, 0xE5, 0x38, + 0x2C, + 0x78, + 0x16, + 0x59, + 0x34, + 0x63, + 0xF4, + 0xF3, + 0x92, + 0xFC, + 0xB5, + 0xA5, + 0x4F, + 0x13, + 0xDE, + 0x2F, + 0x1C, + 0xA4, + 0x3C, + 0xAE, + 0xAD, + 0x38, + 0x3F, + 0x7E, + 0x90, + 0xBF, + 0x96, + 0xA6, + 0xAE, + 0x25, + 0x90, + 0x72, + 0xF5, + 0x8E, + 0x80, + 0x0C, + 0x39, + 0x1C, + 0xD9, + 0xEC, + 0xBA, + 0x90, + 0x5B, + 0x3A, + 0xE8, + 0x58, + 0x6C, + 0x9E, + 0x30, + 0x42, + 0x37, + 0x02, + 0x31, + 0x82, + 0xBC, + 0x6A, + 0xDF, + 0x6A, + 0x09, + 0x29, + 0xE3, + 0xC0, + 0x46, + 0xD1, + 0xCB, + 0x85, + 0xEC, + 0x0C, + 0x30, + 0x5E, + 0xEA, + 0xC8, + 0x39, + 0x8E, + 0x22, + 0x9F, + 0x22, + 0x10, + 0xD2, + 0x34, + 0x61, + 0x68, + 0x37, + 0x3D, + 0x2E, + 0x4A, + 0x5B, + 0x9A, + 0xF5, + 0xC1, + 0x48, + 0xC6, + 0xF6, + 0xDC, + 0x63, + 0x1A, + 0xD3, + 0x96, + 0x64, + 0xBA, + 0x34, + 0xC9, + 0xD1, + 0xA0, + 0xD1, + 0xAE, + 0x6C, + 0x2F, + 0x48, + 0x17, + 0x93, + 0x14, + 0x43, + 0xED, + 0xF0, + 0x21, + 0x30, + 0x19, + 0xC3, + 0x1B, + 0x5F, + 0xDE, + 0xA3, + 0xF0, + 0x70, + 0x78, + 0x18, + 0xE1, + 0xA8, + 0xE4, + 0xEE, + 0x2E, + 0x00, + 0xA5, + 0xE4, + 0xB3, + 0x17, + 0xC8, + 0x0C, + 0x7D, + 0x6E, + 0x42, + 0xDC, + 0xB7, + 0x46, + 0x00, + 0x36, + 0x4D, + 0xD4, + 0x46, + 0xAA, + 0x3D, + 0x3C, + 0x46, + 0x89, + 0x40, + 0xBF, + 0x1D, + 0x84, + 0x77, + 0x0A, + 0x75, + 0xF3, + 0x87, + 0x1D, + 0x08, + 0x4C, + 0xA6, + 0xD1, + 0xA9, + 0x1C, + 0x1E, + 0x12, + 0x1E, + 0xE1, + 0xC7, + 0x30, + 0x28, + 0x76, + 0xA5, + 0x7F, + 0x6C, + 0x85, + 0x96, + 0x2B, + 0x6F, + 0xDB, + 0x80, + 0x66, + 0x26, + 0xAE, + 0xF5, + 0x93, + 0xC7, + 0x8E, + 0xAE, + 0x9A, + 0xED, + 0xE4, + 0xCA, + 0x04, + 0xEA, + 0x3B, + 0x72, + 0xEF, + 0xDC, + 0x87, + 0xED, + 0x0D, + 0xA5, + 0x4C, + 0x4A, + 0xDD, + 0x71, + 0x22, + 0x64, + 0x59, + 0x69, + 0x4E, + 0x8E, + 0xBF, + 0x43, + 0xDC, + 0xAB, + 0x8E, + 0x66, + 0xBB, + 0x01, + 0xB6, + 0xF4, + 0xE7, + 0xFD, + 0xD2, + 0xAD, + 0x9F, + 0x36, + 0xC1, + 0xA0, + 0x29, + 0x99, + 0xD1, + 0x96, + 0x70, + 0x59, + 0x06, + 0x78, + 0x35, + 0xBD, + 0x65, + 0x55, + 0x52, + 0x9E, + 0xF8, + 0xB2, + 0xE5, + 0x38, }; typedef struct testdsa_st { @@ -199,18 +1418,18 @@ int q_l; } testdsa; -#define set_dsa_ptr(st, bits) \ - do { \ - st.priv = dsa##bits##_priv; \ - st.pub = dsa##bits##_pub; \ - st.p = dsa##bits##_p; \ - st.g = dsa##bits##_g; \ - st.q = dsa##bits##_q; \ +#define set_dsa_ptr(st, bits) \ + do { \ + st.priv = dsa##bits##_priv; \ + st.pub = dsa##bits##_pub; \ + st.p = dsa##bits##_p; \ + st.g = dsa##bits##_g; \ + st.q = dsa##bits##_q; \ st.priv_l = sizeof(dsa##bits##_priv); \ - st.pub_l = sizeof(dsa##bits##_pub); \ - st.p_l = sizeof(dsa##bits##_p); \ - st.g_l = sizeof(dsa##bits##_g); \ - st.q_l = sizeof(dsa##bits##_q); \ + st.pub_l = sizeof(dsa##bits##_pub); \ + st.p_l = sizeof(dsa##bits##_p); \ + st.g_l = sizeof(dsa##bits##_g); \ + st.q_l = sizeof(dsa##bits##_q); \ } while (0) EVP_PKEY *get_dsa(int dsa_bits) @@ -250,21 +1469,22 @@ } if ((tmpl = OSSL_PARAM_BLD_new()) == NULL || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, - p) + p) || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, - q) + q) || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, - g) + g) || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, - priv_key) + priv_key) || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - pub_key) + pub_key) || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) goto err; if (EVP_PKEY_fromdata_init(pctx) <= 0 || EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, - params) <= 0) + params) + <= 0) pkey = NULL; err: OSSL_PARAM_free(params); --- crypto/openssl/apps/testrsa.h.orig +++ crypto/openssl/apps/testrsa.h @@ -8,224 +8,2128 @@ */ static unsigned char test512[] = { - 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, - 0xd6, 0x33, 0xb9, 0xc8, 0xfb, 0x4f, 0x3c, 0x7d, 0xc0, 0x01, - 0x86, 0xd0, 0xe7, 0xa0, 0x55, 0xf2, 0x95, 0x93, 0xcc, 0x4f, - 0xb7, 0x5b, 0x67, 0x5b, 0x94, 0x68, 0xc9, 0x34, 0x15, 0xde, - 0xa5, 0x2e, 0x1c, 0x33, 0xc2, 0x6e, 0xfc, 0x34, 0x5e, 0x71, - 0x13, 0xb7, 0xd6, 0xee, 0xd8, 0xa5, 0x65, 0x05, 0x72, 0x87, - 0xa8, 0xb0, 0x77, 0xfe, 0x57, 0xf5, 0xfc, 0x5f, 0x55, 0x83, - 0x87, 0xdd, 0x57, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, - 0x41, 0x00, 0xa7, 0xf7, 0x91, 0xc5, 0x0f, 0x84, 0x57, 0xdc, - 0x07, 0xf7, 0x6a, 0x7f, 0x60, 0x52, 0xb3, 0x72, 0xf1, 0x66, - 0x1f, 0x7d, 0x97, 0x3b, 0x9e, 0xb6, 0x0a, 0x8f, 0x8c, 0xcf, - 0x42, 0x23, 0x00, 0x04, 0xd4, 0x28, 0x0e, 0x1c, 0x90, 0xc4, - 0x11, 0x25, 0x25, 0xa5, 0x93, 0xa5, 0x2f, 0x70, 0x02, 0xdf, - 0x81, 0x9c, 0x49, 0x03, 0xa0, 0xf8, 0x6d, 0x54, 0x2e, 0x26, - 0xde, 0xaa, 0x85, 0x59, 0xa8, 0x31, 0x02, 0x21, 0x00, 0xeb, - 0x47, 0xd7, 0x3b, 0xf6, 0xc3, 0xdd, 0x5a, 0x46, 0xc5, 0xb9, - 0x2b, 0x9a, 0xa0, 0x09, 0x8f, 0xa6, 0xfb, 0xf3, 0x78, 0x7a, - 0x33, 0x70, 0x9d, 0x0f, 0x42, 0x6b, 0x13, 0x68, 0x24, 0xd3, - 0x15, 0x02, 0x21, 0x00, 0xe9, 0x10, 0xb0, 0xb3, 0x0d, 0xe2, - 0x82, 0x68, 0x77, 0x8a, 0x6e, 0x7c, 0xda, 0xbc, 0x3e, 0x53, - 0x83, 0xfb, 0xd6, 0x22, 0xe7, 0xb5, 0xae, 0x6e, 0x80, 0xda, - 0x00, 0x55, 0x97, 0xc1, 0xd0, 0x65, 0x02, 0x20, 0x4c, 0xf8, - 0x73, 0xb1, 0x6a, 0x49, 0x29, 0x61, 0x1f, 0x46, 0x10, 0x0d, - 0xf3, 0xc7, 0xe7, 0x58, 0xd7, 0x88, 0x15, 0x5e, 0x94, 0x9b, - 0xbf, 0x7b, 0xa2, 0x42, 0x58, 0x45, 0x41, 0x0c, 0xcb, 0x01, - 0x02, 0x20, 0x12, 0x11, 0xba, 0x31, 0x57, 0x9d, 0x3d, 0x11, - 0x0e, 0x5b, 0x8c, 0x2f, 0x5f, 0xe2, 0x02, 0x4f, 0x05, 0x47, - 0x8c, 0x15, 0x8e, 0xb3, 0x56, 0x3f, 0xb8, 0xfb, 0xad, 0xd4, - 0xf4, 0xfc, 0x10, 0xc5, 0x02, 0x20, 0x18, 0xa1, 0x29, 0x99, - 0x5b, 0xd9, 0xc8, 0xd4, 0xfc, 0x49, 0x7a, 0x2a, 0x21, 0x2c, - 0x49, 0xe4, 0x4f, 0xeb, 0xef, 0x51, 0xf1, 0xab, 0x6d, 0xfb, - 0x4b, 0x14, 0xe9, 0x4b, 0x52, 0xb5, 0x82, 0x2c, + 0x30, + 0x82, + 0x01, + 0x3a, + 0x02, + 0x01, + 0x00, + 0x02, + 0x41, + 0x00, + 0xd6, + 0x33, + 0xb9, + 0xc8, + 0xfb, + 0x4f, + 0x3c, + 0x7d, + 0xc0, + 0x01, + 0x86, + 0xd0, + 0xe7, + 0xa0, + 0x55, + 0xf2, + 0x95, + 0x93, + 0xcc, + 0x4f, + 0xb7, + 0x5b, + 0x67, + 0x5b, + 0x94, + 0x68, + 0xc9, + 0x34, + 0x15, + 0xde, + 0xa5, + 0x2e, + 0x1c, + 0x33, + 0xc2, + 0x6e, + 0xfc, + 0x34, + 0x5e, + 0x71, + 0x13, + 0xb7, + 0xd6, + 0xee, + 0xd8, + 0xa5, + 0x65, + 0x05, + 0x72, + 0x87, + 0xa8, + 0xb0, + 0x77, + 0xfe, + 0x57, + 0xf5, + 0xfc, + 0x5f, + 0x55, + 0x83, + 0x87, + 0xdd, + 0x57, + 0x49, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x41, + 0x00, + 0xa7, + 0xf7, + 0x91, + 0xc5, + 0x0f, + 0x84, + 0x57, + 0xdc, + 0x07, + 0xf7, + 0x6a, + 0x7f, + 0x60, + 0x52, + 0xb3, + 0x72, + 0xf1, + 0x66, + 0x1f, + 0x7d, + 0x97, + 0x3b, + 0x9e, + 0xb6, + 0x0a, + 0x8f, + 0x8c, + 0xcf, + 0x42, + 0x23, + 0x00, + 0x04, + 0xd4, + 0x28, + 0x0e, + 0x1c, + 0x90, + 0xc4, + 0x11, + 0x25, + 0x25, + 0xa5, + 0x93, + 0xa5, + 0x2f, + 0x70, + 0x02, + 0xdf, + 0x81, + 0x9c, + 0x49, + 0x03, + 0xa0, + 0xf8, + 0x6d, + 0x54, + 0x2e, + 0x26, + 0xde, + 0xaa, + 0x85, + 0x59, + 0xa8, + 0x31, + 0x02, + 0x21, + 0x00, + 0xeb, + 0x47, + 0xd7, + 0x3b, + 0xf6, + 0xc3, + 0xdd, + 0x5a, + 0x46, + 0xc5, + 0xb9, + 0x2b, + 0x9a, + 0xa0, + 0x09, + 0x8f, + 0xa6, + 0xfb, + 0xf3, + 0x78, + 0x7a, + 0x33, + 0x70, + 0x9d, + 0x0f, + 0x42, + 0x6b, + 0x13, + 0x68, + 0x24, + 0xd3, + 0x15, + 0x02, + 0x21, + 0x00, + 0xe9, + 0x10, + 0xb0, + 0xb3, + 0x0d, + 0xe2, + 0x82, + 0x68, + 0x77, + 0x8a, + 0x6e, + 0x7c, + 0xda, + 0xbc, + 0x3e, + 0x53, + 0x83, + 0xfb, + 0xd6, + 0x22, + 0xe7, + 0xb5, + 0xae, + 0x6e, + 0x80, + 0xda, + 0x00, + 0x55, + 0x97, + 0xc1, + 0xd0, + 0x65, + 0x02, + 0x20, + 0x4c, + 0xf8, + 0x73, + 0xb1, + 0x6a, + 0x49, + 0x29, + 0x61, + 0x1f, + 0x46, + 0x10, + 0x0d, + 0xf3, + 0xc7, + 0xe7, + 0x58, + 0xd7, + 0x88, + 0x15, + 0x5e, + 0x94, + 0x9b, + 0xbf, + 0x7b, + 0xa2, + 0x42, + 0x58, + 0x45, + 0x41, + 0x0c, + 0xcb, + 0x01, + 0x02, + 0x20, + 0x12, + 0x11, + 0xba, + 0x31, + 0x57, + 0x9d, + 0x3d, + 0x11, + 0x0e, + 0x5b, + 0x8c, + 0x2f, + 0x5f, + 0xe2, + 0x02, + 0x4f, + 0x05, + 0x47, + 0x8c, + 0x15, + 0x8e, + 0xb3, + 0x56, + 0x3f, + 0xb8, + 0xfb, + 0xad, + 0xd4, + 0xf4, + 0xfc, + 0x10, + 0xc5, + 0x02, + 0x20, + 0x18, + 0xa1, + 0x29, + 0x99, + 0x5b, + 0xd9, + 0xc8, + 0xd4, + 0xfc, + 0x49, + 0x7a, + 0x2a, + 0x21, + 0x2c, + 0x49, + 0xe4, + 0x4f, + 0xeb, + 0xef, + 0x51, + 0xf1, + 0xab, + 0x6d, + 0xfb, + 0x4b, + 0x14, + 0xe9, + 0x4b, + 0x52, + 0xb5, + 0x82, + 0x2c, }; static unsigned char test1024[] = { - 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, - 0x00, 0xdc, 0x98, 0x43, 0xe8, 0x3d, 0x43, 0x5b, 0xe4, 0x05, - 0xcd, 0xd0, 0xa9, 0x3e, 0xcb, 0x83, 0x75, 0xf6, 0xb5, 0xa5, - 0x9f, 0x6b, 0xe9, 0x34, 0x41, 0x29, 0x18, 0xfa, 0x6a, 0x55, - 0x4d, 0x70, 0xfc, 0xec, 0xae, 0x87, 0x38, 0x0a, 0x20, 0xa9, - 0xc0, 0x45, 0x77, 0x6e, 0x57, 0x60, 0x57, 0xf4, 0xed, 0x96, - 0x22, 0xcb, 0x8f, 0xe1, 0x33, 0x3a, 0x17, 0x1f, 0xed, 0x37, - 0xa5, 0x6f, 0xeb, 0xa6, 0xbc, 0x12, 0x80, 0x1d, 0x53, 0xbd, - 0x70, 0xeb, 0x21, 0x76, 0x3e, 0xc9, 0x2f, 0x1a, 0x45, 0x24, - 0x82, 0xff, 0xcd, 0x59, 0x32, 0x06, 0x2e, 0x12, 0x3b, 0x23, - 0x78, 0xed, 0x12, 0x3d, 0xe0, 0x8d, 0xf9, 0x67, 0x4f, 0x37, - 0x4e, 0x47, 0x02, 0x4c, 0x2d, 0xc0, 0x4f, 0x1f, 0xb3, 0x94, - 0xe1, 0x41, 0x2e, 0x2d, 0x90, 0x10, 0xfc, 0x82, 0x91, 0x8b, - 0x0f, 0x22, 0xd4, 0xf2, 0xfc, 0x2c, 0xab, 0x53, 0x55, 0x02, - 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x2b, 0xcc, 0x3f, - 0x8f, 0x58, 0xba, 0x8b, 0x00, 0x16, 0xf6, 0xea, 0x3a, 0xf0, - 0x30, 0xd0, 0x05, 0x17, 0xda, 0xb0, 0xeb, 0x9a, 0x2d, 0x4f, - 0x26, 0xb0, 0xd6, 0x38, 0xc1, 0xeb, 0xf5, 0xd8, 0x3d, 0x1f, - 0x70, 0xf7, 0x7f, 0xf4, 0xe2, 0xcf, 0x51, 0x51, 0x79, 0x88, - 0xfa, 0xe8, 0x32, 0x0e, 0x7b, 0x2d, 0x97, 0xf2, 0xfa, 0xba, - 0x27, 0xc5, 0x9c, 0xd9, 0xc5, 0xeb, 0x8a, 0x79, 0x52, 0x3c, - 0x64, 0x34, 0x7d, 0xc2, 0xcf, 0x28, 0xc7, 0x4e, 0xd5, 0x43, - 0x0b, 0xd1, 0xa6, 0xca, 0x6d, 0x03, 0x2d, 0x72, 0x23, 0xbc, - 0x6d, 0x05, 0xfa, 0x16, 0x09, 0x2f, 0x2e, 0x5c, 0xb6, 0xee, - 0x74, 0xdd, 0xd2, 0x48, 0x8e, 0x36, 0x0c, 0x06, 0x3d, 0x4d, - 0xe5, 0x10, 0x82, 0xeb, 0x6a, 0xf3, 0x4b, 0x9f, 0xd6, 0xed, - 0x11, 0xb1, 0x6e, 0xec, 0xf4, 0xfe, 0x8e, 0x75, 0x94, 0x20, - 0x2f, 0xcb, 0xac, 0x46, 0xf1, 0x02, 0x41, 0x00, 0xf9, 0x8c, - 0xa3, 0x85, 0xb1, 0xdd, 0x29, 0xaf, 0x65, 0xc1, 0x33, 0xf3, - 0x95, 0xc5, 0x52, 0x68, 0x0b, 0xd4, 0xf1, 0xe5, 0x0e, 0x02, - 0x9f, 0x4f, 0xfa, 0x77, 0xdc, 0x46, 0x9e, 0xc7, 0xa6, 0xe4, - 0x16, 0x29, 0xda, 0xb0, 0x07, 0xcf, 0x5b, 0xa9, 0x12, 0x8a, - 0xdd, 0x63, 0x0a, 0xde, 0x2e, 0x8c, 0x66, 0x8b, 0x8c, 0xdc, - 0x19, 0xa3, 0x7e, 0xf4, 0x3b, 0xd0, 0x1a, 0x8c, 0xa4, 0xc2, - 0xe1, 0xd3, 0x02, 0x41, 0x00, 0xe2, 0x4c, 0x05, 0xf2, 0x04, - 0x86, 0x4e, 0x61, 0x43, 0xdb, 0xb0, 0xb9, 0x96, 0x86, 0x52, - 0x2c, 0xca, 0x8d, 0x7b, 0xab, 0x0b, 0x13, 0x0d, 0x7e, 0x38, - 0x5b, 0xe2, 0x2e, 0x7b, 0x0e, 0xe7, 0x19, 0x99, 0x38, 0xe7, - 0xf2, 0x21, 0xbd, 0x85, 0x85, 0xe3, 0xfd, 0x28, 0x77, 0x20, - 0x31, 0x71, 0x2c, 0xd0, 0xff, 0xfb, 0x2e, 0xaf, 0x85, 0xb4, - 0x86, 0xca, 0xf3, 0xbb, 0xca, 0xaa, 0x0f, 0x95, 0x37, 0x02, - 0x40, 0x0e, 0x41, 0x9a, 0x95, 0xe8, 0xb3, 0x59, 0xce, 0x4b, - 0x61, 0xde, 0x35, 0xec, 0x38, 0x79, 0x9c, 0xb8, 0x10, 0x52, - 0x41, 0x63, 0xab, 0x82, 0xae, 0x6f, 0x00, 0xa9, 0xf4, 0xde, - 0xdd, 0x49, 0x0b, 0x7e, 0xb8, 0xa5, 0x65, 0xa9, 0x0c, 0x8f, - 0x8f, 0xf9, 0x1f, 0x35, 0xc6, 0x92, 0xb8, 0x5e, 0xb0, 0x66, - 0xab, 0x52, 0x40, 0xc0, 0xb6, 0x36, 0x6a, 0x7d, 0x80, 0x46, - 0x04, 0x02, 0xe5, 0x9f, 0x41, 0x02, 0x41, 0x00, 0xc0, 0xad, - 0xcc, 0x4e, 0x21, 0xee, 0x1d, 0x24, 0x91, 0xfb, 0xa7, 0x80, - 0x8d, 0x9a, 0xb6, 0xb3, 0x2e, 0x8f, 0xc2, 0xe1, 0x82, 0xdf, - 0x69, 0x18, 0xb4, 0x71, 0xff, 0xa6, 0x65, 0xde, 0xed, 0x84, - 0x8d, 0x42, 0xb7, 0xb3, 0x21, 0x69, 0x56, 0x1c, 0x07, 0x60, - 0x51, 0x29, 0x04, 0xff, 0x34, 0x06, 0xdd, 0xb9, 0x67, 0x2c, - 0x7c, 0x04, 0x93, 0x0e, 0x46, 0x15, 0xbb, 0x2a, 0xb7, 0x1b, - 0xe7, 0x87, 0x02, 0x40, 0x78, 0xda, 0x5d, 0x07, 0x51, 0x0c, - 0x16, 0x7a, 0x9f, 0x29, 0x20, 0x84, 0x0d, 0x42, 0xfa, 0xd7, - 0x00, 0xd8, 0x77, 0x7e, 0xb0, 0xb0, 0x6b, 0xd6, 0x5b, 0x53, - 0xb8, 0x9b, 0x7a, 0xcd, 0xc7, 0x2b, 0xb8, 0x6a, 0x63, 0xa9, - 0xfb, 0x6f, 0xa4, 0x72, 0xbf, 0x4c, 0x5d, 0x00, 0x14, 0xba, - 0xfa, 0x59, 0x88, 0xed, 0xe4, 0xe0, 0x8c, 0xa2, 0xec, 0x14, - 0x7e, 0x2d, 0xe2, 0xf0, 0x46, 0x49, 0x95, 0x45, + 0x30, + 0x82, + 0x02, + 0x5c, + 0x02, + 0x01, + 0x00, + 0x02, + 0x81, + 0x81, + 0x00, + 0xdc, + 0x98, + 0x43, + 0xe8, + 0x3d, + 0x43, + 0x5b, + 0xe4, + 0x05, + 0xcd, + 0xd0, + 0xa9, + 0x3e, + 0xcb, + 0x83, + 0x75, + 0xf6, + 0xb5, + 0xa5, + 0x9f, + 0x6b, + 0xe9, + 0x34, + 0x41, + 0x29, + 0x18, + 0xfa, + 0x6a, + 0x55, + 0x4d, + 0x70, + 0xfc, + 0xec, + 0xae, + 0x87, + 0x38, + 0x0a, + 0x20, + 0xa9, + 0xc0, + 0x45, + 0x77, + 0x6e, + 0x57, + 0x60, + 0x57, + 0xf4, + 0xed, + 0x96, + 0x22, + 0xcb, + 0x8f, + 0xe1, + 0x33, + 0x3a, + 0x17, + 0x1f, + 0xed, + 0x37, + 0xa5, + 0x6f, + 0xeb, + 0xa6, + 0xbc, + 0x12, + 0x80, + 0x1d, + 0x53, + 0xbd, + 0x70, + 0xeb, + 0x21, + 0x76, + 0x3e, + 0xc9, + 0x2f, + 0x1a, + 0x45, + 0x24, + 0x82, + 0xff, + 0xcd, + 0x59, + 0x32, + 0x06, + 0x2e, + 0x12, + 0x3b, + 0x23, + 0x78, + 0xed, + 0x12, + 0x3d, + 0xe0, + 0x8d, + 0xf9, + 0x67, + 0x4f, + 0x37, + 0x4e, + 0x47, + 0x02, + 0x4c, + 0x2d, + 0xc0, + 0x4f, + 0x1f, + 0xb3, + 0x94, + 0xe1, + 0x41, + 0x2e, + 0x2d, + 0x90, + 0x10, + 0xfc, + 0x82, + 0x91, + 0x8b, + 0x0f, + 0x22, + 0xd4, + 0xf2, + 0xfc, + 0x2c, + 0xab, + 0x53, + 0x55, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x81, + 0x80, + 0x2b, + 0xcc, + 0x3f, + 0x8f, + 0x58, + 0xba, + 0x8b, + 0x00, + 0x16, + 0xf6, + 0xea, + 0x3a, + 0xf0, + 0x30, + 0xd0, + 0x05, + 0x17, + 0xda, + 0xb0, + 0xeb, + 0x9a, + 0x2d, + 0x4f, + 0x26, + 0xb0, + 0xd6, + 0x38, + 0xc1, + 0xeb, + 0xf5, + 0xd8, + 0x3d, + 0x1f, + 0x70, + 0xf7, + 0x7f, + 0xf4, + 0xe2, + 0xcf, + 0x51, + 0x51, + 0x79, + 0x88, + 0xfa, + 0xe8, + 0x32, + 0x0e, + 0x7b, + 0x2d, + 0x97, + 0xf2, + 0xfa, + 0xba, + 0x27, + 0xc5, + 0x9c, + 0xd9, + 0xc5, + 0xeb, + 0x8a, + 0x79, + 0x52, + 0x3c, + 0x64, + 0x34, + 0x7d, + 0xc2, + 0xcf, + 0x28, + 0xc7, + 0x4e, + 0xd5, + 0x43, + 0x0b, + 0xd1, + 0xa6, + 0xca, + 0x6d, + 0x03, + 0x2d, + 0x72, + 0x23, + 0xbc, + 0x6d, + 0x05, + 0xfa, + 0x16, + 0x09, + 0x2f, + 0x2e, + 0x5c, + 0xb6, + 0xee, + 0x74, + 0xdd, + 0xd2, + 0x48, + 0x8e, + 0x36, + 0x0c, + 0x06, + 0x3d, + 0x4d, + 0xe5, + 0x10, + 0x82, + 0xeb, + 0x6a, + 0xf3, + 0x4b, + 0x9f, + 0xd6, + 0xed, + 0x11, + 0xb1, + 0x6e, + 0xec, + 0xf4, + 0xfe, + 0x8e, + 0x75, + 0x94, + 0x20, + 0x2f, + 0xcb, + 0xac, + 0x46, + 0xf1, + 0x02, + 0x41, + 0x00, + 0xf9, + 0x8c, + 0xa3, + 0x85, + 0xb1, + 0xdd, + 0x29, + 0xaf, + 0x65, + 0xc1, + 0x33, + 0xf3, + 0x95, + 0xc5, + 0x52, + 0x68, + 0x0b, + 0xd4, + 0xf1, + 0xe5, + 0x0e, + 0x02, + 0x9f, + 0x4f, + 0xfa, + 0x77, + 0xdc, + 0x46, + 0x9e, + 0xc7, + 0xa6, + 0xe4, + 0x16, + 0x29, + 0xda, + 0xb0, + 0x07, + 0xcf, + 0x5b, + 0xa9, + 0x12, + 0x8a, + 0xdd, + 0x63, + 0x0a, + 0xde, + 0x2e, + 0x8c, + 0x66, + 0x8b, + 0x8c, + 0xdc, + 0x19, + 0xa3, + 0x7e, + 0xf4, + 0x3b, + 0xd0, + 0x1a, + 0x8c, + 0xa4, + 0xc2, + 0xe1, + 0xd3, + 0x02, + 0x41, + 0x00, + 0xe2, + 0x4c, + 0x05, + 0xf2, + 0x04, + 0x86, + 0x4e, + 0x61, + 0x43, + 0xdb, + 0xb0, + 0xb9, + 0x96, + 0x86, + 0x52, + 0x2c, + 0xca, + 0x8d, + 0x7b, + 0xab, + 0x0b, + 0x13, + 0x0d, + 0x7e, + 0x38, + 0x5b, + 0xe2, + 0x2e, + 0x7b, + 0x0e, + 0xe7, + 0x19, + 0x99, + 0x38, + 0xe7, + 0xf2, + 0x21, + 0xbd, + 0x85, + 0x85, + 0xe3, + 0xfd, + 0x28, + 0x77, + 0x20, + 0x31, + 0x71, + 0x2c, + 0xd0, + 0xff, + 0xfb, + 0x2e, + 0xaf, + 0x85, + 0xb4, + 0x86, + 0xca, + 0xf3, + 0xbb, + 0xca, + 0xaa, + 0x0f, + 0x95, + 0x37, + 0x02, + 0x40, + 0x0e, + 0x41, + 0x9a, + 0x95, + 0xe8, + 0xb3, + 0x59, + 0xce, + 0x4b, + 0x61, + 0xde, + 0x35, + 0xec, + 0x38, + 0x79, + 0x9c, + 0xb8, + 0x10, + 0x52, + 0x41, + 0x63, + 0xab, + 0x82, + 0xae, + 0x6f, + 0x00, + 0xa9, + 0xf4, + 0xde, + 0xdd, + 0x49, + 0x0b, + 0x7e, + 0xb8, + 0xa5, + 0x65, + 0xa9, + 0x0c, + 0x8f, + 0x8f, + 0xf9, + 0x1f, + 0x35, + 0xc6, + 0x92, + 0xb8, + 0x5e, + 0xb0, + 0x66, + 0xab, + 0x52, + 0x40, + 0xc0, + 0xb6, + 0x36, + 0x6a, + 0x7d, + 0x80, + 0x46, + 0x04, + 0x02, + 0xe5, + 0x9f, + 0x41, + 0x02, + 0x41, + 0x00, + 0xc0, + 0xad, + 0xcc, + 0x4e, + 0x21, + 0xee, + 0x1d, + 0x24, + 0x91, + 0xfb, + 0xa7, + 0x80, + 0x8d, + 0x9a, + 0xb6, + 0xb3, + 0x2e, + 0x8f, + 0xc2, + 0xe1, + 0x82, + 0xdf, + 0x69, + 0x18, + 0xb4, + 0x71, + 0xff, + 0xa6, + 0x65, + 0xde, + 0xed, + 0x84, + 0x8d, + 0x42, + 0xb7, + 0xb3, + 0x21, + 0x69, + 0x56, + 0x1c, + 0x07, + 0x60, + 0x51, + 0x29, + 0x04, + 0xff, + 0x34, + 0x06, + 0xdd, + 0xb9, + 0x67, + 0x2c, + 0x7c, + 0x04, + 0x93, + 0x0e, + 0x46, + 0x15, + 0xbb, + 0x2a, + 0xb7, + 0x1b, + 0xe7, + 0x87, + 0x02, + 0x40, + 0x78, + 0xda, + 0x5d, + 0x07, + 0x51, + 0x0c, + 0x16, + 0x7a, + 0x9f, + 0x29, + 0x20, + 0x84, + 0x0d, + 0x42, + 0xfa, + 0xd7, + 0x00, + 0xd8, + 0x77, + 0x7e, + 0xb0, + 0xb0, + 0x6b, + 0xd6, + 0x5b, + 0x53, + 0xb8, + 0x9b, + 0x7a, + 0xcd, + 0xc7, + 0x2b, + 0xb8, + 0x6a, + 0x63, + 0xa9, + 0xfb, + 0x6f, + 0xa4, + 0x72, + 0xbf, + 0x4c, + 0x5d, + 0x00, + 0x14, + 0xba, + 0xfa, + 0x59, + 0x88, + 0xed, + 0xe4, + 0xe0, + 0x8c, + 0xa2, + 0xec, + 0x14, + 0x7e, + 0x2d, + 0xe2, + 0xf0, + 0x46, + 0x49, + 0x95, + 0x45, }; static unsigned char test2048[] = { - 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xc0, 0xc0, 0xce, 0x3e, 0x3c, 0x53, 0x67, 0x3f, - 0x4f, 0xc5, 0x2f, 0xa4, 0xc2, 0x5a, 0x2f, 0x58, 0xfd, 0x27, - 0x52, 0x6a, 0xe8, 0xcf, 0x4a, 0x73, 0x47, 0x8d, 0x25, 0x0f, - 0x5f, 0x03, 0x26, 0x78, 0xef, 0xf0, 0x22, 0x12, 0xd3, 0xde, - 0x47, 0xb2, 0x1c, 0x0b, 0x38, 0x63, 0x1a, 0x6c, 0x85, 0x7a, - 0x80, 0xc6, 0x8f, 0xa0, 0x41, 0xaf, 0x62, 0xc4, 0x67, 0x32, - 0x88, 0xf8, 0xa6, 0x9c, 0xf5, 0x23, 0x1d, 0xe4, 0xac, 0x3f, - 0x29, 0xf9, 0xec, 0xe1, 0x8b, 0x26, 0x03, 0x2c, 0xb2, 0xab, - 0xf3, 0x7d, 0xb5, 0xca, 0x49, 0xc0, 0x8f, 0x1c, 0xdf, 0x33, - 0x3a, 0x60, 0xda, 0x3c, 0xb0, 0x16, 0xf8, 0xa9, 0x12, 0x8f, - 0x64, 0xac, 0x23, 0x0c, 0x69, 0x64, 0x97, 0x5d, 0x99, 0xd4, - 0x09, 0x83, 0x9b, 0x61, 0xd3, 0xac, 0xf0, 0xde, 0xdd, 0x5e, - 0x9f, 0x44, 0x94, 0xdb, 0x3a, 0x4d, 0x97, 0xe8, 0x52, 0x29, - 0xf7, 0xdb, 0x94, 0x07, 0x45, 0x90, 0x78, 0x1e, 0x31, 0x0b, - 0x80, 0xf7, 0x57, 0xad, 0x1c, 0x79, 0xc5, 0xcb, 0x32, 0xb0, - 0xce, 0xcd, 0x74, 0xb3, 0xe2, 0x94, 0xc5, 0x78, 0x2f, 0x34, - 0x1a, 0x45, 0xf7, 0x8c, 0x52, 0xa5, 0xbc, 0x8d, 0xec, 0xd1, - 0x2f, 0x31, 0x3b, 0xf0, 0x49, 0x59, 0x5e, 0x88, 0x9d, 0x15, - 0x92, 0x35, 0x32, 0xc1, 0xe7, 0x61, 0xec, 0x50, 0x48, 0x7c, - 0xba, 0x05, 0xf9, 0xf8, 0xf8, 0xa7, 0x8c, 0x83, 0xe8, 0x66, - 0x5b, 0xeb, 0xfe, 0xd8, 0x4f, 0xdd, 0x6d, 0x36, 0xc0, 0xb2, - 0x90, 0x0f, 0xb8, 0x52, 0xf9, 0x04, 0x9b, 0x40, 0x2c, 0x27, - 0xd6, 0x36, 0x8e, 0xc2, 0x1b, 0x44, 0xf3, 0x92, 0xd5, 0x15, - 0x9e, 0x9a, 0xbc, 0xf3, 0x7d, 0x03, 0xd7, 0x02, 0x14, 0x20, - 0xe9, 0x10, 0x92, 0xfd, 0xf9, 0xfc, 0x8f, 0xe5, 0x18, 0xe1, - 0x95, 0xcc, 0x9e, 0x60, 0xa6, 0xfa, 0x38, 0x4d, 0x02, 0x03, - 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xc3, 0xc3, - 0x0d, 0xb4, 0x27, 0x90, 0x8d, 0x4b, 0xbf, 0xb8, 0x84, 0xaa, - 0xd0, 0xb8, 0xc7, 0x5d, 0x99, 0xbe, 0x55, 0xf6, 0x3e, 0x7c, - 0x49, 0x20, 0xcb, 0x8a, 0x8e, 0x19, 0x0e, 0x66, 0x24, 0xac, - 0xaf, 0x03, 0x33, 0x97, 0xeb, 0x95, 0xd5, 0x3b, 0x0f, 0x40, - 0x56, 0x04, 0x50, 0xd1, 0xe6, 0xbe, 0x84, 0x0b, 0x25, 0xd3, - 0x9c, 0xe2, 0x83, 0x6c, 0xf5, 0x62, 0x5d, 0xba, 0x2b, 0x7d, - 0x3d, 0x7a, 0x6c, 0xe1, 0xd2, 0x0e, 0x54, 0x93, 0x80, 0x01, - 0x91, 0x51, 0x09, 0xe8, 0x5b, 0x8e, 0x47, 0xbd, 0x64, 0xe4, - 0x0e, 0x03, 0x83, 0x55, 0xcf, 0x5a, 0x37, 0xf0, 0x25, 0xb5, - 0x7d, 0x21, 0xd7, 0x69, 0xdf, 0x6f, 0xc2, 0xcf, 0x10, 0xc9, - 0x8a, 0x40, 0x9f, 0x7a, 0x70, 0xc0, 0xe8, 0xe8, 0xc0, 0xe6, - 0x9a, 0x15, 0x0a, 0x8d, 0x4e, 0x46, 0xcb, 0x7a, 0xdb, 0xb3, - 0xcb, 0x83, 0x02, 0xc4, 0xf0, 0xab, 0xeb, 0x02, 0x01, 0x0e, - 0x23, 0xfc, 0x1d, 0xc4, 0xbd, 0xd4, 0xaa, 0x5d, 0x31, 0x46, - 0x99, 0xce, 0x9e, 0xf8, 0x04, 0x75, 0x10, 0x67, 0xc4, 0x53, - 0x47, 0x44, 0xfa, 0xc2, 0x25, 0x73, 0x7e, 0xd0, 0x8e, 0x59, - 0xd1, 0xb2, 0x5a, 0xf4, 0xc7, 0x18, 0x92, 0x2f, 0x39, 0xab, - 0xcd, 0xa3, 0xb5, 0xc2, 0xb9, 0xc7, 0xb9, 0x1b, 0x9f, 0x48, - 0xfa, 0x13, 0xc6, 0x98, 0x4d, 0xca, 0x84, 0x9c, 0x06, 0xca, - 0xe7, 0x89, 0x01, 0x04, 0xc4, 0x6c, 0xfd, 0x29, 0x59, 0x35, - 0xe7, 0xf3, 0xdd, 0xce, 0x64, 0x59, 0xbf, 0x21, 0x13, 0xa9, - 0x9f, 0x0e, 0xc5, 0xff, 0xbd, 0x33, 0x00, 0xec, 0xac, 0x6b, - 0x11, 0xef, 0x51, 0x5e, 0xad, 0x07, 0x15, 0xde, 0xb8, 0x5f, - 0xc6, 0xb9, 0xa3, 0x22, 0x65, 0x46, 0x83, 0x14, 0xdf, 0xd0, - 0xf1, 0x44, 0x8a, 0xe1, 0x9c, 0x23, 0x33, 0xb4, 0x97, 0x33, - 0xe6, 0x6b, 0x81, 0x02, 0x81, 0x81, 0x00, 0xec, 0x12, 0xa7, - 0x59, 0x74, 0x6a, 0xde, 0x3e, 0xad, 0xd8, 0x36, 0x80, 0x50, - 0xa2, 0xd5, 0x21, 0x81, 0x07, 0xf1, 0xd0, 0x91, 0xf2, 0x6c, - 0x12, 0x2f, 0x9d, 0x1a, 0x26, 0xf8, 0x30, 0x65, 0xdf, 0xe8, - 0xc0, 0x9b, 0x6a, 0x30, 0x98, 0x82, 0x87, 0xec, 0xa2, 0x56, - 0x87, 0x62, 0x6f, 0xe7, 0x9f, 0xf6, 0x56, 0xe6, 0x71, 0x8f, - 0x49, 0x86, 0x93, 0x5a, 0x4d, 0x34, 0x58, 0xfe, 0xd9, 0x04, - 0x13, 0xaf, 0x79, 0xb7, 0xad, 0x11, 0xd1, 0x30, 0x9a, 0x14, - 0x06, 0xa0, 0xfa, 0xb7, 0x55, 0xdc, 0x6c, 0x5a, 0x4c, 0x2c, - 0x59, 0x56, 0xf6, 0xe8, 0x9d, 0xaf, 0x0a, 0x78, 0x99, 0x06, - 0x06, 0x9e, 0xe7, 0x9c, 0x51, 0x55, 0x43, 0xfc, 0x3b, 0x6c, - 0x0b, 0xbf, 0x2d, 0x41, 0xa7, 0xaf, 0xb7, 0xe0, 0xe8, 0x28, - 0x18, 0xb4, 0x13, 0xd1, 0xe6, 0x97, 0xd0, 0x9f, 0x6a, 0x80, - 0xca, 0xdd, 0x1a, 0x7e, 0x15, 0x02, 0x81, 0x81, 0x00, 0xd1, - 0x06, 0x0c, 0x1f, 0xe3, 0xd0, 0xab, 0xd6, 0xca, 0x7c, 0xbc, - 0x7d, 0x13, 0x35, 0xce, 0x27, 0xcd, 0xd8, 0x49, 0x51, 0x63, - 0x64, 0x0f, 0xca, 0x06, 0x12, 0xfc, 0x07, 0x3e, 0xaf, 0x61, - 0x6d, 0xe2, 0x53, 0x39, 0x27, 0xae, 0xc3, 0x11, 0x9e, 0x94, - 0x01, 0x4f, 0xe3, 0xf3, 0x67, 0xf9, 0x77, 0xf9, 0xe7, 0x95, - 0x3a, 0x6f, 0xe2, 0x20, 0x73, 0x3e, 0xa4, 0x7a, 0x28, 0xd4, - 0x61, 0x97, 0xf6, 0x17, 0xa0, 0x23, 0x10, 0x2b, 0xce, 0x84, - 0x57, 0x7e, 0x25, 0x1f, 0xf4, 0xa8, 0x54, 0xd2, 0x65, 0x94, - 0xcc, 0x95, 0x0a, 0xab, 0x30, 0xc1, 0x59, 0x1f, 0x61, 0x8e, - 0xb9, 0x6b, 0xd7, 0x4e, 0xb9, 0x83, 0x43, 0x79, 0x85, 0x11, - 0xbc, 0x0f, 0xae, 0x25, 0x20, 0x05, 0xbc, 0xd2, 0x48, 0xa1, - 0x68, 0x09, 0x84, 0xf6, 0x12, 0x9a, 0x66, 0xb9, 0x2b, 0xbb, - 0x76, 0x03, 0x17, 0x46, 0x4e, 0x97, 0x59, 0x02, 0x81, 0x80, - 0x09, 0x4c, 0xfa, 0xd6, 0xe5, 0x65, 0x48, 0x78, 0x43, 0xb5, - 0x1f, 0x00, 0x93, 0x2c, 0xb7, 0x24, 0xe8, 0xc6, 0x7d, 0x5a, - 0x70, 0x45, 0x92, 0xc8, 0x6c, 0xa3, 0xcd, 0xe1, 0xf7, 0x29, - 0x40, 0xfa, 0x3f, 0x5b, 0x47, 0x44, 0x39, 0xc1, 0xe8, 0x72, - 0x9e, 0x7a, 0x0e, 0xda, 0xaa, 0xa0, 0x2a, 0x09, 0xfd, 0x54, - 0x93, 0x23, 0xaa, 0x37, 0x85, 0x5b, 0xcc, 0xd4, 0xf9, 0xd8, - 0xff, 0xc1, 0x61, 0x0d, 0xbd, 0x7e, 0x18, 0x24, 0x73, 0x6d, - 0x40, 0x72, 0xf1, 0x93, 0x09, 0x48, 0x97, 0x6c, 0x84, 0x90, - 0xa8, 0x46, 0x14, 0x01, 0x39, 0x11, 0xe5, 0x3c, 0x41, 0x27, - 0x32, 0x75, 0x24, 0xed, 0xa1, 0xd9, 0x12, 0x29, 0x8a, 0x28, - 0x71, 0x89, 0x8d, 0xca, 0x30, 0xb0, 0x01, 0xc4, 0x2f, 0x82, - 0x19, 0x14, 0x4c, 0x70, 0x1c, 0xb8, 0x23, 0x2e, 0xe8, 0x90, - 0x49, 0x97, 0x92, 0x97, 0x6b, 0x7a, 0x9d, 0xb9, 0x02, 0x81, - 0x80, 0x0f, 0x0e, 0xa1, 0x76, 0xf6, 0xa1, 0x44, 0x8f, 0xaf, - 0x7c, 0x76, 0xd3, 0x87, 0xbb, 0xbb, 0x83, 0x10, 0x88, 0x01, - 0x18, 0x14, 0xd1, 0xd3, 0x75, 0x59, 0x24, 0xaa, 0xf5, 0x16, - 0xa5, 0xe9, 0x9d, 0xd1, 0xcc, 0xee, 0xf4, 0x15, 0xd9, 0xc5, - 0x7e, 0x27, 0xe9, 0x44, 0x49, 0x06, 0x72, 0xb9, 0xfc, 0xd3, - 0x8a, 0xc4, 0x2c, 0x36, 0x7d, 0x12, 0x9b, 0x5a, 0xaa, 0xdc, - 0x85, 0xee, 0x6e, 0xad, 0x54, 0xb3, 0xf4, 0xfc, 0x31, 0xa1, - 0x06, 0x3a, 0x70, 0x57, 0x0c, 0xf3, 0x95, 0x5b, 0x3e, 0xe8, - 0xfd, 0x1a, 0x4f, 0xf6, 0x78, 0x93, 0x46, 0x6a, 0xd7, 0x31, - 0xb4, 0x84, 0x64, 0x85, 0x09, 0x38, 0x89, 0x92, 0x94, 0x1c, - 0xbf, 0xe2, 0x3c, 0x2a, 0xe0, 0xff, 0x99, 0xa3, 0xf0, 0x2b, - 0x31, 0xc2, 0x36, 0xcd, 0x60, 0xbf, 0x9d, 0x2d, 0x74, 0x32, - 0xe8, 0x9c, 0x93, 0x6e, 0xbb, 0x91, 0x7b, 0xfd, 0xd9, 0x02, - 0x81, 0x81, 0x00, 0xa2, 0x71, 0x25, 0x38, 0xeb, 0x2a, 0xe9, - 0x37, 0xcd, 0xfe, 0x44, 0xce, 0x90, 0x3f, 0x52, 0x87, 0x84, - 0x52, 0x1b, 0xae, 0x8d, 0x22, 0x94, 0xce, 0x38, 0xe6, 0x04, - 0x88, 0x76, 0x85, 0x9a, 0xd3, 0x14, 0x09, 0xe5, 0x69, 0x9a, - 0xff, 0x58, 0x92, 0x02, 0x6a, 0x7d, 0x7c, 0x1e, 0x2c, 0xfd, - 0xa8, 0xca, 0x32, 0x14, 0x4f, 0x0d, 0x84, 0x0d, 0x37, 0x43, - 0xbf, 0xe4, 0x5d, 0x12, 0xc8, 0x24, 0x91, 0x27, 0x8d, 0x46, - 0xd9, 0x54, 0x53, 0xe7, 0x62, 0x71, 0xa8, 0x2b, 0x71, 0x41, - 0x8d, 0x75, 0xf8, 0x3a, 0xa0, 0x61, 0x29, 0x46, 0xa6, 0xe5, - 0x82, 0xfa, 0x3a, 0xd9, 0x08, 0xfa, 0xfc, 0x63, 0xfd, 0x6b, - 0x30, 0xbc, 0xf4, 0x4e, 0x9e, 0x8c, 0x25, 0x0c, 0xb6, 0x55, - 0xe7, 0x3c, 0xd4, 0x4e, 0x0b, 0xfd, 0x8b, 0xc3, 0x0e, 0x1d, - 0x9c, 0x44, 0x57, 0x8f, 0x1f, 0x86, 0xf7, 0xd5, 0x1b, 0xe4, + 0x30, + 0x82, + 0x04, + 0xa3, + 0x02, + 0x01, + 0x00, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0xc0, + 0xc0, + 0xce, + 0x3e, + 0x3c, + 0x53, + 0x67, + 0x3f, + 0x4f, + 0xc5, + 0x2f, + 0xa4, + 0xc2, + 0x5a, + 0x2f, + 0x58, + 0xfd, + 0x27, + 0x52, + 0x6a, + 0xe8, + 0xcf, + 0x4a, + 0x73, + 0x47, + 0x8d, + 0x25, + 0x0f, + 0x5f, + 0x03, + 0x26, + 0x78, + 0xef, + 0xf0, + 0x22, + 0x12, + 0xd3, + 0xde, + 0x47, + 0xb2, + 0x1c, + 0x0b, + 0x38, + 0x63, + 0x1a, + 0x6c, + 0x85, + 0x7a, + 0x80, + 0xc6, + 0x8f, + 0xa0, + 0x41, + 0xaf, + 0x62, + 0xc4, + 0x67, + 0x32, + 0x88, + 0xf8, + 0xa6, + 0x9c, + 0xf5, + 0x23, + 0x1d, + 0xe4, + 0xac, + 0x3f, + 0x29, + 0xf9, + 0xec, + 0xe1, + 0x8b, + 0x26, + 0x03, + 0x2c, + 0xb2, + 0xab, + 0xf3, + 0x7d, + 0xb5, + 0xca, + 0x49, + 0xc0, + 0x8f, + 0x1c, + 0xdf, + 0x33, + 0x3a, + 0x60, + 0xda, + 0x3c, + 0xb0, + 0x16, + 0xf8, + 0xa9, + 0x12, + 0x8f, + 0x64, + 0xac, + 0x23, + 0x0c, + 0x69, + 0x64, + 0x97, + 0x5d, + 0x99, + 0xd4, + 0x09, + 0x83, + 0x9b, + 0x61, + 0xd3, + 0xac, + 0xf0, + 0xde, + 0xdd, + 0x5e, + 0x9f, + 0x44, + 0x94, + 0xdb, + 0x3a, + 0x4d, + 0x97, + 0xe8, + 0x52, + 0x29, + 0xf7, + 0xdb, + 0x94, + 0x07, + 0x45, + 0x90, + 0x78, + 0x1e, + 0x31, + 0x0b, + 0x80, + 0xf7, + 0x57, + 0xad, + 0x1c, + 0x79, + 0xc5, + 0xcb, + 0x32, + 0xb0, + 0xce, + 0xcd, + 0x74, + 0xb3, + 0xe2, + 0x94, + 0xc5, + 0x78, + 0x2f, + 0x34, + 0x1a, + 0x45, + 0xf7, + 0x8c, + 0x52, + 0xa5, + 0xbc, + 0x8d, + 0xec, + 0xd1, + 0x2f, + 0x31, + 0x3b, + 0xf0, + 0x49, + 0x59, + 0x5e, + 0x88, + 0x9d, + 0x15, + 0x92, + 0x35, + 0x32, + 0xc1, + 0xe7, + 0x61, + 0xec, + 0x50, + 0x48, + 0x7c, + 0xba, + 0x05, + 0xf9, + 0xf8, + 0xf8, + 0xa7, + 0x8c, + 0x83, + 0xe8, + 0x66, + 0x5b, + 0xeb, + 0xfe, + 0xd8, + 0x4f, + 0xdd, + 0x6d, + 0x36, + 0xc0, + 0xb2, + 0x90, + 0x0f, + 0xb8, + 0x52, + 0xf9, + 0x04, + 0x9b, + 0x40, + 0x2c, + 0x27, + 0xd6, + 0x36, + 0x8e, + 0xc2, + 0x1b, + 0x44, + 0xf3, + 0x92, + 0xd5, + 0x15, + 0x9e, + 0x9a, + 0xbc, + 0xf3, + 0x7d, + 0x03, + 0xd7, + 0x02, + 0x14, + 0x20, + 0xe9, + 0x10, + 0x92, + 0xfd, + 0xf9, + 0xfc, + 0x8f, + 0xe5, + 0x18, + 0xe1, + 0x95, + 0xcc, + 0x9e, + 0x60, + 0xa6, + 0xfa, + 0x38, + 0x4d, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x82, + 0x01, + 0x00, + 0x00, + 0xc3, + 0xc3, + 0x0d, + 0xb4, + 0x27, + 0x90, + 0x8d, + 0x4b, + 0xbf, + 0xb8, + 0x84, + 0xaa, + 0xd0, + 0xb8, + 0xc7, + 0x5d, + 0x99, + 0xbe, + 0x55, + 0xf6, + 0x3e, + 0x7c, + 0x49, + 0x20, + 0xcb, + 0x8a, + 0x8e, + 0x19, + 0x0e, + 0x66, + 0x24, + 0xac, + 0xaf, + 0x03, + 0x33, + 0x97, + 0xeb, + 0x95, + 0xd5, + 0x3b, + 0x0f, + 0x40, + 0x56, + 0x04, + 0x50, + 0xd1, + 0xe6, + 0xbe, + 0x84, + 0x0b, + 0x25, + 0xd3, + 0x9c, + 0xe2, + 0x83, + 0x6c, + 0xf5, + 0x62, + 0x5d, + 0xba, + 0x2b, + 0x7d, + 0x3d, + 0x7a, + 0x6c, + 0xe1, + 0xd2, + 0x0e, + 0x54, + 0x93, + 0x80, + 0x01, + 0x91, + 0x51, + 0x09, + 0xe8, + 0x5b, + 0x8e, + 0x47, + 0xbd, + 0x64, + 0xe4, + 0x0e, + 0x03, + 0x83, + 0x55, + 0xcf, + 0x5a, + 0x37, + 0xf0, + 0x25, + 0xb5, + 0x7d, + 0x21, + 0xd7, + 0x69, + 0xdf, + 0x6f, + 0xc2, + 0xcf, + 0x10, + 0xc9, + 0x8a, + 0x40, + 0x9f, + 0x7a, + 0x70, + 0xc0, + 0xe8, + 0xe8, + 0xc0, + 0xe6, + 0x9a, + 0x15, + 0x0a, + 0x8d, + 0x4e, + 0x46, + 0xcb, + 0x7a, + 0xdb, + 0xb3, + 0xcb, + 0x83, + 0x02, + 0xc4, + 0xf0, + 0xab, + 0xeb, + 0x02, + 0x01, + 0x0e, + 0x23, + 0xfc, + 0x1d, + 0xc4, + 0xbd, + 0xd4, + 0xaa, + 0x5d, + 0x31, + 0x46, + 0x99, + 0xce, + 0x9e, + 0xf8, + 0x04, + 0x75, + 0x10, + 0x67, + 0xc4, + 0x53, + 0x47, + 0x44, + 0xfa, + 0xc2, + 0x25, + 0x73, + 0x7e, + 0xd0, + 0x8e, + 0x59, + 0xd1, + 0xb2, + 0x5a, + 0xf4, + 0xc7, + 0x18, + 0x92, + 0x2f, + 0x39, + 0xab, + 0xcd, + 0xa3, + 0xb5, + 0xc2, + 0xb9, + 0xc7, + 0xb9, + 0x1b, + 0x9f, + 0x48, + 0xfa, + 0x13, + 0xc6, + 0x98, + 0x4d, + 0xca, + 0x84, + 0x9c, + 0x06, + 0xca, + 0xe7, + 0x89, + 0x01, + 0x04, + 0xc4, + 0x6c, + 0xfd, + 0x29, + 0x59, + 0x35, + 0xe7, + 0xf3, + 0xdd, + 0xce, + 0x64, + 0x59, + 0xbf, + 0x21, + 0x13, + 0xa9, + 0x9f, + 0x0e, + 0xc5, + 0xff, + 0xbd, + 0x33, + 0x00, + 0xec, + 0xac, + 0x6b, + 0x11, + 0xef, + 0x51, + 0x5e, + 0xad, + 0x07, + 0x15, + 0xde, + 0xb8, + 0x5f, + 0xc6, + 0xb9, + 0xa3, + 0x22, + 0x65, + 0x46, + 0x83, + 0x14, + 0xdf, + 0xd0, + 0xf1, + 0x44, + 0x8a, + 0xe1, + 0x9c, + 0x23, + 0x33, + 0xb4, + 0x97, + 0x33, + 0xe6, + 0x6b, + 0x81, + 0x02, + 0x81, + 0x81, + 0x00, + 0xec, + 0x12, + 0xa7, + 0x59, + 0x74, + 0x6a, + 0xde, + 0x3e, + 0xad, + 0xd8, + 0x36, + 0x80, + 0x50, + 0xa2, + 0xd5, + 0x21, + 0x81, + 0x07, + 0xf1, + 0xd0, + 0x91, + 0xf2, + 0x6c, + 0x12, + 0x2f, + 0x9d, + 0x1a, + 0x26, + 0xf8, + 0x30, + 0x65, + 0xdf, + 0xe8, + 0xc0, + 0x9b, + 0x6a, + 0x30, + 0x98, + 0x82, + 0x87, + 0xec, + 0xa2, + 0x56, + 0x87, + 0x62, + 0x6f, + 0xe7, + 0x9f, + 0xf6, + 0x56, + 0xe6, + 0x71, + 0x8f, + 0x49, + 0x86, + 0x93, + 0x5a, + 0x4d, + 0x34, + 0x58, + 0xfe, + 0xd9, + 0x04, + 0x13, + 0xaf, + 0x79, + 0xb7, + 0xad, + 0x11, + 0xd1, + 0x30, + 0x9a, + 0x14, + 0x06, + 0xa0, + 0xfa, + 0xb7, + 0x55, + 0xdc, + 0x6c, + 0x5a, + 0x4c, + 0x2c, + 0x59, + 0x56, + 0xf6, + 0xe8, + 0x9d, + 0xaf, + 0x0a, + 0x78, + 0x99, + 0x06, + 0x06, + 0x9e, + 0xe7, + 0x9c, + 0x51, + 0x55, + 0x43, + 0xfc, + 0x3b, + 0x6c, + 0x0b, + 0xbf, + 0x2d, + 0x41, + 0xa7, + 0xaf, + 0xb7, + 0xe0, + 0xe8, + 0x28, + 0x18, + 0xb4, + 0x13, + 0xd1, + 0xe6, + 0x97, + 0xd0, + 0x9f, + 0x6a, + 0x80, + 0xca, + 0xdd, + 0x1a, + 0x7e, + 0x15, + 0x02, + 0x81, + 0x81, + 0x00, + 0xd1, + 0x06, + 0x0c, + 0x1f, + 0xe3, + 0xd0, + 0xab, + 0xd6, + 0xca, + 0x7c, + 0xbc, + 0x7d, + 0x13, + 0x35, + 0xce, + 0x27, + 0xcd, + 0xd8, + 0x49, + 0x51, + 0x63, + 0x64, + 0x0f, + 0xca, + 0x06, + 0x12, + 0xfc, + 0x07, + 0x3e, + 0xaf, + 0x61, + 0x6d, + 0xe2, + 0x53, + 0x39, + 0x27, + 0xae, + 0xc3, + 0x11, + 0x9e, + 0x94, + 0x01, + 0x4f, + 0xe3, + 0xf3, + 0x67, + 0xf9, + 0x77, + 0xf9, + 0xe7, + 0x95, + 0x3a, + 0x6f, + 0xe2, + 0x20, + 0x73, + 0x3e, + 0xa4, + 0x7a, + 0x28, + 0xd4, + 0x61, + 0x97, + 0xf6, + 0x17, + 0xa0, + 0x23, + 0x10, + 0x2b, + 0xce, + 0x84, + 0x57, + 0x7e, + 0x25, + 0x1f, + 0xf4, + 0xa8, + 0x54, + 0xd2, + 0x65, + 0x94, + 0xcc, + 0x95, + 0x0a, + 0xab, + 0x30, + 0xc1, + 0x59, + 0x1f, + 0x61, + 0x8e, + 0xb9, + 0x6b, + 0xd7, + 0x4e, + 0xb9, + 0x83, + 0x43, + 0x79, + 0x85, + 0x11, + 0xbc, + 0x0f, + 0xae, + 0x25, + 0x20, + 0x05, + 0xbc, + 0xd2, + 0x48, + 0xa1, + 0x68, + 0x09, + 0x84, + 0xf6, + 0x12, + 0x9a, + 0x66, + 0xb9, + 0x2b, + 0xbb, + 0x76, + 0x03, + 0x17, + 0x46, + 0x4e, + 0x97, + 0x59, + 0x02, + 0x81, + 0x80, + 0x09, + 0x4c, + 0xfa, + 0xd6, + 0xe5, + 0x65, + 0x48, + 0x78, + 0x43, + 0xb5, + 0x1f, + 0x00, + 0x93, + 0x2c, + 0xb7, + 0x24, + 0xe8, + 0xc6, + 0x7d, + 0x5a, + 0x70, + 0x45, + 0x92, + 0xc8, + 0x6c, + 0xa3, + 0xcd, + 0xe1, + 0xf7, + 0x29, + 0x40, + 0xfa, + 0x3f, + 0x5b, + 0x47, + 0x44, + 0x39, + 0xc1, + 0xe8, + 0x72, + 0x9e, + 0x7a, + 0x0e, + 0xda, + 0xaa, + 0xa0, + 0x2a, + 0x09, + 0xfd, + 0x54, + 0x93, + 0x23, + 0xaa, + 0x37, + 0x85, + 0x5b, + 0xcc, + 0xd4, + 0xf9, + 0xd8, + 0xff, + 0xc1, + 0x61, + 0x0d, + 0xbd, + 0x7e, + 0x18, + 0x24, + 0x73, + 0x6d, + 0x40, + 0x72, + 0xf1, + 0x93, + 0x09, + 0x48, + 0x97, + 0x6c, + 0x84, + 0x90, + 0xa8, + 0x46, + 0x14, + 0x01, + 0x39, + 0x11, + 0xe5, + 0x3c, + 0x41, + 0x27, + 0x32, + 0x75, + 0x24, + 0xed, + 0xa1, + 0xd9, + 0x12, + 0x29, + 0x8a, + 0x28, + 0x71, + 0x89, + 0x8d, + 0xca, + 0x30, + 0xb0, + 0x01, + 0xc4, + 0x2f, + 0x82, + 0x19, + 0x14, + 0x4c, + 0x70, + 0x1c, + 0xb8, + 0x23, + 0x2e, + 0xe8, + 0x90, + 0x49, + 0x97, + 0x92, + 0x97, + 0x6b, + 0x7a, + 0x9d, + 0xb9, + 0x02, + 0x81, + 0x80, + 0x0f, + 0x0e, + 0xa1, + 0x76, + 0xf6, + 0xa1, + 0x44, + 0x8f, + 0xaf, + 0x7c, + 0x76, + 0xd3, + 0x87, + 0xbb, + 0xbb, + 0x83, + 0x10, + 0x88, + 0x01, + 0x18, + 0x14, + 0xd1, + 0xd3, + 0x75, + 0x59, + 0x24, + 0xaa, + 0xf5, + 0x16, + 0xa5, + 0xe9, + 0x9d, + 0xd1, + 0xcc, + 0xee, + 0xf4, + 0x15, + 0xd9, + 0xc5, + 0x7e, + 0x27, + 0xe9, + 0x44, + 0x49, + 0x06, + 0x72, + 0xb9, + 0xfc, + 0xd3, + 0x8a, + 0xc4, + 0x2c, + 0x36, + 0x7d, + 0x12, + 0x9b, + 0x5a, + 0xaa, + 0xdc, + 0x85, + 0xee, + 0x6e, + 0xad, + 0x54, + 0xb3, + 0xf4, + 0xfc, + 0x31, + 0xa1, + 0x06, + 0x3a, + 0x70, + 0x57, + 0x0c, + 0xf3, + 0x95, + 0x5b, + 0x3e, + 0xe8, + 0xfd, + 0x1a, + 0x4f, + 0xf6, + 0x78, + 0x93, + 0x46, + 0x6a, + 0xd7, + 0x31, + 0xb4, + 0x84, + 0x64, + 0x85, + 0x09, + 0x38, + 0x89, + 0x92, + 0x94, + 0x1c, + 0xbf, + 0xe2, + 0x3c, + 0x2a, + 0xe0, + 0xff, + 0x99, + 0xa3, + 0xf0, + 0x2b, + 0x31, + 0xc2, + 0x36, + 0xcd, + 0x60, + 0xbf, + 0x9d, + 0x2d, + 0x74, + 0x32, + 0xe8, + 0x9c, + 0x93, + 0x6e, + 0xbb, + 0x91, + 0x7b, + 0xfd, + 0xd9, + 0x02, + 0x81, + 0x81, + 0x00, + 0xa2, + 0x71, + 0x25, + 0x38, + 0xeb, + 0x2a, + 0xe9, + 0x37, + 0xcd, + 0xfe, + 0x44, + 0xce, + 0x90, + 0x3f, + 0x52, + 0x87, + 0x84, + 0x52, + 0x1b, + 0xae, + 0x8d, + 0x22, + 0x94, + 0xce, + 0x38, + 0xe6, + 0x04, + 0x88, + 0x76, + 0x85, + 0x9a, + 0xd3, + 0x14, + 0x09, + 0xe5, + 0x69, + 0x9a, + 0xff, + 0x58, + 0x92, + 0x02, + 0x6a, + 0x7d, + 0x7c, + 0x1e, + 0x2c, + 0xfd, + 0xa8, + 0xca, + 0x32, + 0x14, + 0x4f, + 0x0d, + 0x84, + 0x0d, + 0x37, + 0x43, + 0xbf, + 0xe4, + 0x5d, + 0x12, + 0xc8, + 0x24, + 0x91, + 0x27, + 0x8d, + 0x46, + 0xd9, + 0x54, + 0x53, + 0xe7, + 0x62, + 0x71, + 0xa8, + 0x2b, + 0x71, + 0x41, + 0x8d, + 0x75, + 0xf8, + 0x3a, + 0xa0, + 0x61, + 0x29, + 0x46, + 0xa6, + 0xe5, + 0x82, + 0xfa, + 0x3a, + 0xd9, + 0x08, + 0xfa, + 0xfc, + 0x63, + 0xfd, + 0x6b, + 0x30, + 0xbc, + 0xf4, + 0x4e, + 0x9e, + 0x8c, + 0x25, + 0x0c, + 0xb6, + 0x55, + 0xe7, + 0x3c, + 0xd4, + 0x4e, + 0x0b, + 0xfd, + 0x8b, + 0xc3, + 0x0e, + 0x1d, + 0x9c, + 0x44, + 0x57, + 0x8f, + 0x1f, + 0x86, + 0xf7, + 0xd5, + 0x1b, + 0xe4, 0x95, }; @@ -410,241 +2314,2355 @@ }; static unsigned char test4096[] = { - 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, - 0x01, 0x00, 0xc0, 0x71, 0xac, 0x1a, 0x13, 0x88, 0x82, 0x43, - 0x3b, 0x51, 0x57, 0x71, 0x8d, 0xb6, 0x2b, 0x82, 0x65, 0x21, - 0x53, 0x5f, 0x28, 0x29, 0x4f, 0x8d, 0x7c, 0x8a, 0xb9, 0x44, - 0xb3, 0x28, 0x41, 0x4f, 0xd3, 0xfa, 0x6a, 0xf8, 0xb9, 0x28, - 0x50, 0x39, 0x67, 0x53, 0x2c, 0x3c, 0xd7, 0xcb, 0x96, 0x41, - 0x40, 0x32, 0xbb, 0xeb, 0x70, 0xae, 0x1f, 0xb0, 0x65, 0xf7, - 0x3a, 0xd9, 0x22, 0xfd, 0x10, 0xae, 0xbd, 0x02, 0xe2, 0xdd, - 0xf3, 0xc2, 0x79, 0x3c, 0xc6, 0xfc, 0x75, 0xbb, 0xaf, 0x4e, - 0x3a, 0x36, 0xc2, 0x4f, 0xea, 0x25, 0xdf, 0x13, 0x16, 0x4b, - 0x20, 0xfe, 0x4b, 0x69, 0x16, 0xc4, 0x7f, 0x1a, 0x43, 0xa6, - 0x17, 0x1b, 0xb9, 0x0a, 0xf3, 0x09, 0x86, 0x28, 0x89, 0xcf, - 0x2c, 0xd0, 0xd4, 0x81, 0xaf, 0xc6, 0x6d, 0xe6, 0x21, 0x8d, - 0xee, 0xef, 0xea, 0xdc, 0xb7, 0xc6, 0x3b, 0x63, 0x9f, 0x0e, - 0xad, 0x89, 0x78, 0x23, 0x18, 0xbf, 0x70, 0x7e, 0x84, 0xe0, - 0x37, 0xec, 0xdb, 0x8e, 0x9c, 0x3e, 0x6a, 0x19, 0xcc, 0x99, - 0x72, 0xe6, 0xb5, 0x7d, 0x6d, 0xfa, 0xe5, 0xd3, 0xe4, 0x90, - 0xb5, 0xb2, 0xb2, 0x12, 0x70, 0x4e, 0xca, 0xf8, 0x10, 0xf8, - 0xa3, 0x14, 0xc2, 0x48, 0x19, 0xeb, 0x60, 0x99, 0xbb, 0x2a, - 0x1f, 0xb1, 0x7a, 0xb1, 0x3d, 0x24, 0xfb, 0xa0, 0x29, 0xda, - 0xbd, 0x1b, 0xd7, 0xa4, 0xbf, 0xef, 0x60, 0x2d, 0x22, 0xca, - 0x65, 0x98, 0xf1, 0xc4, 0xe1, 0xc9, 0x02, 0x6b, 0x16, 0x28, - 0x2f, 0xa1, 0xaa, 0x79, 0x00, 0xda, 0xdc, 0x7c, 0x43, 0xf7, - 0x42, 0x3c, 0xa0, 0xef, 0x68, 0xf7, 0xdf, 0xb9, 0x69, 0xfb, - 0x8e, 0x01, 0xed, 0x01, 0x42, 0xb5, 0x4e, 0x57, 0xa6, 0x26, - 0xb8, 0xd0, 0x7b, 0x56, 0x6d, 0x03, 0xc6, 0x40, 0x8c, 0x8c, - 0x2a, 0x55, 0xd7, 0x9c, 0x35, 0x00, 0x94, 0x93, 0xec, 0x03, - 0xeb, 0x22, 0xef, 0x77, 0xbb, 0x79, 0x13, 0x3f, 0x15, 0xa1, - 0x8f, 0xca, 0xdf, 0xfd, 0xd3, 0xb8, 0xe1, 0xd4, 0xcc, 0x09, - 0x3f, 0x3c, 0x2c, 0xdb, 0xd1, 0x49, 0x7f, 0x38, 0x07, 0x83, - 0x6d, 0xeb, 0x08, 0x66, 0xe9, 0x06, 0x44, 0x12, 0xac, 0x95, - 0x22, 0x90, 0x23, 0x67, 0xd4, 0x08, 0xcc, 0xf4, 0xb7, 0xdc, - 0xcc, 0x87, 0xd4, 0xac, 0x69, 0x35, 0x4c, 0xb5, 0x39, 0x36, - 0xcd, 0xa4, 0xd2, 0x95, 0xca, 0x0d, 0xc5, 0xda, 0xc2, 0xc5, - 0x22, 0x32, 0x28, 0x08, 0xe3, 0xd2, 0x8b, 0x38, 0x30, 0xdc, - 0x8c, 0x75, 0x4f, 0x6a, 0xec, 0x7a, 0xac, 0x16, 0x3e, 0xa8, - 0xd4, 0x6a, 0x45, 0xe1, 0xa8, 0x4f, 0x2e, 0x80, 0x34, 0xaa, - 0x54, 0x1b, 0x02, 0x95, 0x7d, 0x8a, 0x6d, 0xcc, 0x79, 0xca, - 0xf2, 0xa4, 0x2e, 0x8d, 0xfb, 0xfe, 0x15, 0x51, 0x10, 0x0e, - 0x4d, 0x88, 0xb1, 0xc7, 0xf4, 0x79, 0xdb, 0xf0, 0xb4, 0x56, - 0x44, 0x37, 0xca, 0x5a, 0xc1, 0x8c, 0x48, 0xac, 0xae, 0x48, - 0x80, 0x83, 0x01, 0x3f, 0xde, 0xd9, 0xd3, 0x2c, 0x51, 0x46, - 0xb1, 0x41, 0xb6, 0xc6, 0x91, 0x72, 0xf9, 0x83, 0x55, 0x1b, - 0x8c, 0xba, 0xf3, 0x73, 0xe5, 0x2c, 0x74, 0x50, 0x3a, 0xbe, - 0xc5, 0x2f, 0xa7, 0xb2, 0x6d, 0x8c, 0x9e, 0x13, 0x77, 0xa3, - 0x13, 0xcd, 0x6d, 0x8c, 0x45, 0xe1, 0xfc, 0x0b, 0xb7, 0x69, - 0xe9, 0x27, 0xbc, 0x65, 0xc3, 0xfa, 0x9b, 0xd0, 0xef, 0xfe, - 0xe8, 0x1f, 0xb3, 0x5e, 0x34, 0xf4, 0x8c, 0xea, 0xfc, 0xd3, - 0x81, 0xbf, 0x3d, 0x30, 0xb2, 0xb4, 0x01, 0xe8, 0x43, 0x0f, - 0xba, 0x02, 0x23, 0x42, 0x76, 0x82, 0x31, 0x73, 0x91, 0xed, - 0x07, 0x46, 0x61, 0x0d, 0x39, 0x83, 0x40, 0xce, 0x7a, 0xd4, - 0xdb, 0x80, 0x2c, 0x1f, 0x0d, 0xd1, 0x34, 0xd4, 0x92, 0xe3, - 0xd4, 0xf1, 0xc2, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, - 0x82, 0x02, 0x01, 0x00, 0x97, 0x6c, 0xda, 0x6e, 0xea, 0x4f, - 0xcf, 0xaf, 0xf7, 0x4c, 0xd9, 0xf1, 0x90, 0x00, 0x77, 0xdb, - 0xf2, 0x97, 0x76, 0x72, 0xb9, 0xb7, 0x47, 0xd1, 0x9c, 0xdd, - 0xcb, 0x4a, 0x33, 0x6e, 0xc9, 0x75, 0x76, 0xe6, 0xe4, 0xa5, - 0x31, 0x8c, 0x77, 0x13, 0xb4, 0x29, 0xcd, 0xf5, 0x52, 0x17, - 0xef, 0xf3, 0x08, 0x00, 0xe3, 0xbd, 0x2e, 0xbc, 0xd4, 0x52, - 0x88, 0xe9, 0x30, 0x75, 0x0b, 0x02, 0xf5, 0xcd, 0x89, 0x0c, - 0x6c, 0x57, 0x19, 0x27, 0x3d, 0x1e, 0x85, 0xb4, 0xc1, 0x2f, - 0x1d, 0x92, 0x00, 0x5c, 0x76, 0x29, 0x4b, 0xa4, 0xe1, 0x12, - 0xb3, 0xc8, 0x09, 0xfe, 0x0e, 0x78, 0x72, 0x61, 0xcb, 0x61, - 0x6f, 0x39, 0x91, 0x95, 0x4e, 0xd5, 0x3e, 0xc7, 0x8f, 0xb8, - 0xf6, 0x36, 0xfe, 0x9c, 0x93, 0x9a, 0x38, 0x25, 0x7a, 0xf4, - 0x4a, 0x12, 0xd4, 0xa0, 0x13, 0xbd, 0xf9, 0x1d, 0x12, 0x3e, - 0x21, 0x39, 0xfb, 0x72, 0xe0, 0x05, 0x3d, 0xc3, 0xe5, 0x50, - 0xa8, 0x5d, 0x85, 0xa3, 0xea, 0x5f, 0x1c, 0xb2, 0x3f, 0xea, - 0x6d, 0x03, 0x91, 0x55, 0xd8, 0x19, 0x0a, 0x21, 0x12, 0x16, - 0xd9, 0x12, 0xc4, 0xe6, 0x07, 0x18, 0x5b, 0x26, 0xa4, 0xae, - 0xed, 0x2b, 0xb7, 0xa6, 0xed, 0xf8, 0xad, 0xec, 0x77, 0xe6, - 0x7f, 0x4f, 0x76, 0x00, 0xc0, 0xfa, 0x15, 0x92, 0xb4, 0x2c, - 0x22, 0xc2, 0xeb, 0x6a, 0xad, 0x14, 0x05, 0xb2, 0xe5, 0x8a, - 0x9e, 0x85, 0x83, 0xcc, 0x04, 0xf1, 0x56, 0x78, 0x44, 0x5e, - 0xde, 0xe0, 0x60, 0x1a, 0x65, 0x79, 0x31, 0x23, 0x05, 0xbb, - 0x01, 0xff, 0xdd, 0x2e, 0xb7, 0xb3, 0xaa, 0x74, 0xe0, 0xa5, - 0x94, 0xaf, 0x4b, 0xde, 0x58, 0x0f, 0x55, 0xde, 0x33, 0xf6, - 0xe3, 0xd6, 0x34, 0x36, 0x57, 0xd6, 0x79, 0x91, 0x2e, 0xbe, - 0x3b, 0xd9, 0x4e, 0xb6, 0x9d, 0x21, 0x5c, 0xd3, 0x48, 0x14, - 0x7f, 0x4a, 0xc4, 0x60, 0xa9, 0x29, 0xf8, 0x53, 0x7f, 0x88, - 0x11, 0x2d, 0xb5, 0xc5, 0x2d, 0x6f, 0xee, 0x85, 0x0b, 0xf7, - 0x8d, 0x9a, 0xbe, 0xb0, 0x42, 0xf2, 0x2e, 0x71, 0xaf, 0x19, - 0x31, 0x6d, 0xec, 0xcd, 0x6f, 0x2b, 0x23, 0xdf, 0xb4, 0x40, - 0xaf, 0x2c, 0x0a, 0xc3, 0x1b, 0x7d, 0x7d, 0x03, 0x1d, 0x4b, - 0xf3, 0xb5, 0xe0, 0x85, 0xd8, 0xdf, 0x91, 0x6b, 0x0a, 0x69, - 0xf7, 0xf2, 0x69, 0x66, 0x5b, 0xf1, 0xcf, 0x46, 0x7d, 0xe9, - 0x70, 0xfa, 0x6d, 0x7e, 0x75, 0x4e, 0xa9, 0x77, 0xe6, 0x8c, - 0x02, 0xf7, 0x14, 0x4d, 0xa5, 0x41, 0x8f, 0x3f, 0xc1, 0x62, - 0x1e, 0x71, 0x5e, 0x38, 0xb4, 0xd6, 0xe6, 0xe1, 0x4b, 0xc2, - 0x2c, 0x30, 0x83, 0x81, 0x6f, 0x49, 0x2e, 0x96, 0xe6, 0xc9, - 0x9a, 0xf7, 0x5d, 0x09, 0xa0, 0x55, 0x02, 0xa5, 0x3a, 0x25, - 0x23, 0xd0, 0x92, 0xc3, 0xa3, 0xe3, 0x0e, 0x12, 0x2f, 0x4d, - 0xef, 0xf3, 0x55, 0x5a, 0xbe, 0xe6, 0x19, 0x86, 0x31, 0xab, - 0x75, 0x9a, 0xd3, 0xf0, 0x2c, 0xc5, 0x41, 0x92, 0xd9, 0x1f, - 0x5f, 0x11, 0x8c, 0x75, 0x1c, 0x63, 0xd0, 0x02, 0x80, 0x2c, - 0x68, 0xcb, 0x93, 0xfb, 0x51, 0x73, 0x49, 0xb4, 0x60, 0xda, - 0xe2, 0x26, 0xaf, 0xa9, 0x46, 0x12, 0xb8, 0xec, 0x50, 0xdd, - 0x12, 0x06, 0x5f, 0xce, 0x59, 0xe6, 0xf6, 0x1c, 0xe0, 0x54, - 0x10, 0xad, 0xf6, 0xcd, 0x98, 0xcc, 0x0f, 0xfb, 0xcb, 0x41, - 0x14, 0x9d, 0xed, 0xe4, 0xb4, 0x74, 0x5f, 0x09, 0x60, 0xc7, - 0x12, 0xf6, 0x7b, 0x3c, 0x8f, 0xa7, 0x20, 0xbc, 0xe4, 0xb1, - 0xef, 0xeb, 0xa4, 0x93, 0xc5, 0x06, 0xca, 0x9a, 0x27, 0x9d, - 0x87, 0xf3, 0xde, 0xca, 0xe5, 0xe7, 0xf6, 0x1c, 0x01, 0x65, - 0x5b, 0xfb, 0x19, 0x79, 0x6e, 0x08, 0x26, 0xc5, 0xc8, 0x28, - 0x0e, 0xb6, 0x3b, 0x07, 0x08, 0xc1, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xe8, 0x1c, 0x73, 0xa6, 0xb8, 0xe0, 0x0e, 0x6d, 0x8d, - 0x1b, 0xb9, 0x53, 0xed, 0x58, 0x94, 0xe6, 0x1d, 0x60, 0x14, - 0x5c, 0x76, 0x43, 0xc4, 0x58, 0x19, 0xc4, 0x24, 0xe8, 0xbc, - 0x1b, 0x3b, 0x0b, 0x13, 0x24, 0x45, 0x54, 0x0e, 0xcc, 0x37, - 0xf0, 0xe0, 0x63, 0x7d, 0xc3, 0xf7, 0xfb, 0x81, 0x74, 0x81, - 0xc4, 0x0f, 0x1a, 0x21, 0x48, 0xaf, 0xce, 0xc1, 0xc4, 0x94, - 0x18, 0x06, 0x44, 0x8d, 0xd3, 0xd2, 0x22, 0x2d, 0x2d, 0x3e, - 0x5a, 0x31, 0xdc, 0x95, 0x8e, 0xf4, 0x41, 0xfc, 0x58, 0xc9, - 0x40, 0x92, 0x17, 0x5f, 0xe3, 0xda, 0xac, 0x9e, 0x3f, 0x1c, - 0x2a, 0x6b, 0x58, 0x5f, 0x48, 0x78, 0x20, 0xb1, 0xaf, 0x24, - 0x9b, 0x3c, 0x20, 0x8b, 0x93, 0x25, 0x9e, 0xe6, 0x6b, 0xbc, - 0x13, 0x42, 0x14, 0x6c, 0x36, 0x31, 0xff, 0x7a, 0xd1, 0xc1, - 0x1a, 0x26, 0x14, 0x7f, 0xa9, 0x76, 0xa7, 0x0c, 0xf8, 0xcc, - 0xed, 0x07, 0x6a, 0xd2, 0xdf, 0x62, 0xee, 0x0a, 0x7c, 0x84, - 0xcb, 0x49, 0x90, 0xb2, 0x03, 0x0d, 0xa2, 0x82, 0x06, 0x77, - 0xf1, 0xcd, 0x67, 0xf2, 0x47, 0x21, 0x02, 0x3f, 0x43, 0x21, - 0xf0, 0x46, 0x30, 0x62, 0x51, 0x72, 0xb1, 0xe7, 0x48, 0xc6, - 0x67, 0x12, 0xcd, 0x9e, 0xd6, 0x15, 0xe5, 0x21, 0xed, 0xfa, - 0x8f, 0x30, 0xa6, 0x41, 0xfe, 0xb6, 0xfa, 0x8f, 0x34, 0x14, - 0x19, 0xe8, 0x11, 0xf7, 0xa5, 0x77, 0x3e, 0xb7, 0xf9, 0x39, - 0x07, 0x8c, 0x67, 0x2a, 0xab, 0x7b, 0x08, 0xf8, 0xb0, 0x06, - 0xa8, 0xea, 0x2f, 0x8f, 0xfa, 0xcc, 0xcc, 0x40, 0xce, 0xf3, - 0x70, 0x4f, 0x3f, 0x7f, 0xe2, 0x0c, 0xea, 0x76, 0x4a, 0x35, - 0x4e, 0x47, 0xad, 0x2b, 0xa7, 0x97, 0x5d, 0x74, 0x43, 0x97, - 0x90, 0xd2, 0xfb, 0xd9, 0xf9, 0x96, 0x01, 0x33, 0x05, 0xed, - 0x7b, 0x03, 0x05, 0xad, 0xf8, 0x49, 0x03, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xd4, 0x40, 0x17, 0x66, 0x10, 0x92, 0x95, 0xc8, - 0xec, 0x62, 0xa9, 0x7a, 0xcb, 0x93, 0x8e, 0xe6, 0x53, 0xd4, - 0x80, 0x48, 0x27, 0x4b, 0x41, 0xce, 0x61, 0xdf, 0xbf, 0x94, - 0xa4, 0x3d, 0x71, 0x03, 0x0b, 0xed, 0x25, 0x71, 0x98, 0xa4, - 0xd6, 0xd5, 0x4a, 0x57, 0xf5, 0x6c, 0x1b, 0xda, 0x21, 0x7d, - 0x35, 0x45, 0xb3, 0xf3, 0x6a, 0xd9, 0xd3, 0x43, 0xe8, 0x5c, - 0x54, 0x1c, 0x83, 0x1b, 0xb4, 0x5f, 0xf2, 0x97, 0x24, 0x2e, - 0xdc, 0x40, 0xde, 0x92, 0x23, 0x59, 0x8e, 0xbc, 0xd2, 0xa1, - 0xf2, 0xe0, 0x4c, 0xdd, 0x0b, 0xd1, 0xe7, 0xae, 0x65, 0xbc, - 0xb5, 0xf5, 0x5b, 0x98, 0xe9, 0xd7, 0xc2, 0xb7, 0x0e, 0x55, - 0x71, 0x0e, 0x3c, 0x0a, 0x24, 0x6b, 0xa6, 0xe6, 0x14, 0x61, - 0x11, 0xfd, 0x33, 0x42, 0x99, 0x2b, 0x84, 0x77, 0x74, 0x92, - 0x91, 0xf5, 0x79, 0x79, 0xcf, 0xad, 0x8e, 0x04, 0xef, 0x80, - 0x1e, 0x57, 0xf4, 0x14, 0xf5, 0x35, 0x09, 0x74, 0xb2, 0x13, - 0x71, 0x58, 0x6b, 0xea, 0x32, 0x5d, 0xf3, 0xd3, 0x76, 0x48, - 0x39, 0x10, 0x23, 0x84, 0x9d, 0xbe, 0x92, 0x77, 0x4a, 0xed, - 0x70, 0x3e, 0x1a, 0xa2, 0x6c, 0xb3, 0x81, 0x00, 0xc3, 0xc9, - 0xe4, 0x52, 0xc8, 0x24, 0x88, 0x0c, 0x41, 0xad, 0x87, 0x5a, - 0xea, 0xa3, 0x7a, 0x85, 0x1c, 0x5e, 0x31, 0x7f, 0xc3, 0x35, - 0xc6, 0xfa, 0x10, 0xc8, 0x75, 0x10, 0xc4, 0x96, 0x99, 0xe7, - 0xfe, 0x01, 0xb4, 0x74, 0xdb, 0xb4, 0x11, 0xc3, 0xc8, 0x8c, - 0xf6, 0xf7, 0x3b, 0x66, 0x50, 0xfc, 0xdb, 0xeb, 0xca, 0x47, - 0x85, 0x89, 0xe1, 0x65, 0xd9, 0x62, 0x34, 0x3c, 0x70, 0xd8, - 0x2e, 0xb4, 0x2f, 0x65, 0x3c, 0x4a, 0xa6, 0x2a, 0xe7, 0xc7, - 0xd8, 0x41, 0x8f, 0x8a, 0x43, 0xbf, 0x42, 0xf2, 0x4d, 0xbc, - 0xfc, 0x9e, 0x27, 0x95, 0xfb, 0x75, 0xff, 0xab, 0x02, 0x82, - 0x01, 0x00, 0x41, 0x2f, 0x44, 0x57, 0x6d, 0x12, 0x17, 0x5b, - 0x32, 0xc6, 0xb7, 0x6c, 0x57, 0x7a, 0x8a, 0x0e, 0x79, 0xef, - 0x72, 0xa8, 0x68, 0xda, 0x2d, 0x38, 0xe4, 0xbb, 0x8d, 0xf6, - 0x02, 0x65, 0xcf, 0x56, 0x13, 0xe1, 0x1a, 0xcb, 0x39, 0x80, - 0xa6, 0xb1, 0x32, 0x03, 0x1e, 0xdd, 0xbb, 0x35, 0xd9, 0xac, - 0x43, 0x89, 0x31, 0x08, 0x90, 0x92, 0x5e, 0x35, 0x3d, 0x7b, - 0x9c, 0x6f, 0x86, 0xcb, 0x17, 0xdd, 0x85, 0xe4, 0xed, 0x35, - 0x08, 0x8e, 0xc1, 0xf4, 0x05, 0xd8, 0x68, 0xc6, 0x63, 0x3c, - 0xf7, 0xff, 0xf7, 0x47, 0x33, 0x39, 0xc5, 0x3e, 0xb7, 0x0e, - 0x58, 0x35, 0x9d, 0x81, 0xea, 0xf8, 0x6a, 0x2c, 0x1c, 0x5a, - 0x68, 0x78, 0x64, 0x11, 0x6b, 0xc1, 0x3e, 0x4e, 0x7a, 0xbd, - 0x84, 0xcb, 0x0f, 0xc2, 0xb6, 0x85, 0x1d, 0xd3, 0x76, 0xc5, - 0x93, 0x6a, 0x69, 0x89, 0x56, 0x34, 0xdc, 0x4a, 0x9b, 0xbc, - 0xff, 0xa8, 0x0d, 0x6e, 0x35, 0x9c, 0x60, 0xa7, 0x23, 0x30, - 0xc7, 0x06, 0x64, 0x39, 0x8b, 0x94, 0x89, 0xee, 0xba, 0x7f, - 0x60, 0x8d, 0xfa, 0xb6, 0x97, 0x76, 0xdc, 0x51, 0x4a, 0x3c, - 0xeb, 0x3a, 0x14, 0x2c, 0x20, 0x60, 0x69, 0x4a, 0x86, 0xfe, - 0x8c, 0x21, 0x84, 0x49, 0x54, 0xb3, 0x20, 0xe1, 0x01, 0x7f, - 0x58, 0xdf, 0x7f, 0xb5, 0x21, 0x51, 0x8c, 0x47, 0x9f, 0x91, - 0xeb, 0x97, 0x3e, 0xf2, 0x54, 0xcf, 0x16, 0x46, 0xf9, 0xd9, - 0xb6, 0xe7, 0x64, 0xc9, 0xd0, 0x54, 0xea, 0x2f, 0xa1, 0xcf, - 0xa5, 0x7f, 0x28, 0x8d, 0x84, 0xec, 0xd5, 0x39, 0x03, 0x76, - 0x5b, 0x2d, 0x8e, 0x43, 0xf2, 0x01, 0x24, 0xc9, 0x6f, 0xc0, - 0xf5, 0x69, 0x6f, 0x7d, 0xb5, 0x85, 0xd2, 0x5f, 0x7f, 0x78, - 0x40, 0x07, 0x7f, 0x09, 0x15, 0xb5, 0x1f, 0x28, 0x65, 0x10, - 0xe4, 0x19, 0xa8, 0xc6, 0x9e, 0x8d, 0xdc, 0xcb, 0x02, 0x82, - 0x01, 0x00, 0x13, 0x01, 0xee, 0x56, 0x80, 0x93, 0x70, 0x00, - 0x7f, 0x52, 0xd2, 0x94, 0xa1, 0x98, 0x84, 0x4a, 0x92, 0x25, - 0x4c, 0x9b, 0xa9, 0x91, 0x2e, 0xc2, 0x79, 0xb7, 0x5c, 0xe3, - 0xc5, 0xd5, 0x8e, 0xc2, 0x54, 0x16, 0x17, 0xad, 0x55, 0x9b, - 0x25, 0x76, 0x12, 0x63, 0x50, 0x22, 0x2f, 0x58, 0x58, 0x79, - 0x6b, 0x04, 0xe3, 0xf9, 0x9f, 0x8f, 0x04, 0x41, 0x67, 0x94, - 0xa5, 0x1f, 0xac, 0x8a, 0x15, 0x9c, 0x26, 0x10, 0x6c, 0xf8, - 0x19, 0x57, 0x61, 0xd7, 0x3a, 0x7d, 0x31, 0xb0, 0x2d, 0x38, - 0xbd, 0x94, 0x62, 0xad, 0xc4, 0xfa, 0x36, 0x42, 0x42, 0xf0, - 0x24, 0x67, 0x65, 0x9d, 0x8b, 0x0b, 0x7c, 0x6f, 0x82, 0x44, - 0x1a, 0x8c, 0xc8, 0xc9, 0xab, 0xbb, 0x4c, 0x45, 0xfc, 0x7b, - 0x38, 0xee, 0x30, 0xe1, 0xfc, 0xef, 0x8d, 0xbc, 0x58, 0xdf, - 0x2b, 0x5d, 0x0d, 0x54, 0xe0, 0x49, 0x4d, 0x97, 0x99, 0x8f, - 0x22, 0xa8, 0x83, 0xbe, 0x40, 0xbb, 0x50, 0x2e, 0x78, 0x28, - 0x0f, 0x95, 0x78, 0x8c, 0x8f, 0x98, 0x24, 0x56, 0xc2, 0x97, - 0xf3, 0x2c, 0x43, 0xd2, 0x03, 0x82, 0x66, 0x81, 0x72, 0x5f, - 0x53, 0x16, 0xec, 0xb1, 0xb1, 0x04, 0x5e, 0x40, 0x20, 0x48, - 0x7b, 0x3f, 0x02, 0x97, 0x6a, 0xeb, 0x96, 0x12, 0x21, 0x35, - 0xfe, 0x1f, 0x47, 0xc0, 0x95, 0xea, 0xc5, 0x8a, 0x08, 0x84, - 0x4f, 0x5e, 0x63, 0x94, 0x60, 0x0f, 0x71, 0x5b, 0x7f, 0x4a, - 0xec, 0x4f, 0x60, 0xc6, 0xba, 0x4a, 0x24, 0xf1, 0x20, 0x8b, - 0xa7, 0x2e, 0x3a, 0xce, 0x8d, 0xe0, 0x27, 0x1d, 0xb5, 0x8e, - 0xb4, 0x21, 0xc5, 0xe2, 0xa6, 0x16, 0x0a, 0x51, 0x83, 0x55, - 0x88, 0xd1, 0x30, 0x11, 0x63, 0xd5, 0xd7, 0x8d, 0xae, 0x16, - 0x12, 0x82, 0xc4, 0x85, 0x00, 0x4e, 0x27, 0x83, 0xa5, 0x7c, - 0x90, 0x2e, 0xe5, 0xa2, 0xa3, 0xd3, 0x4c, 0x63, 0x02, 0x82, - 0x01, 0x01, 0x00, 0x86, 0x08, 0x98, 0x98, 0xa5, 0x00, 0x05, - 0x39, 0x77, 0xd9, 0x66, 0xb3, 0xcf, 0xca, 0xa0, 0x71, 0xb3, - 0x50, 0xce, 0x3d, 0xb1, 0x93, 0x95, 0x35, 0xc4, 0xd4, 0x2e, - 0x90, 0xdf, 0x0f, 0xfc, 0x60, 0xc1, 0x94, 0x68, 0x61, 0x43, - 0xca, 0x9a, 0x23, 0x4a, 0x1e, 0x45, 0x72, 0x99, 0xb5, 0x1e, - 0x61, 0x8d, 0x77, 0x0f, 0xa0, 0xbb, 0xd7, 0x77, 0xb4, 0x2a, - 0x15, 0x11, 0x88, 0x2d, 0xb3, 0x56, 0x61, 0x5e, 0x6a, 0xed, - 0xa4, 0x46, 0x4a, 0x3f, 0x50, 0x11, 0xd6, 0xba, 0xb6, 0xd7, - 0x95, 0x65, 0x53, 0xc3, 0xa1, 0x8f, 0xe0, 0xa3, 0xf5, 0x1c, - 0xfd, 0xaf, 0x6e, 0x43, 0xd7, 0x17, 0xa7, 0xd3, 0x81, 0x1b, - 0xa4, 0xdf, 0xe0, 0x97, 0x8a, 0x46, 0x03, 0xd3, 0x46, 0x0e, - 0x83, 0x48, 0x4e, 0xd2, 0x02, 0xcb, 0xc0, 0xad, 0x79, 0x95, - 0x8c, 0x96, 0xba, 0x40, 0x34, 0x11, 0x71, 0x5e, 0xe9, 0x11, - 0xf9, 0xc5, 0x4a, 0x5e, 0x91, 0x9d, 0xf5, 0x92, 0x4f, 0xeb, - 0xc6, 0x70, 0x02, 0x2d, 0x3d, 0x04, 0xaa, 0xe9, 0x3a, 0x8e, - 0xd5, 0xa8, 0xad, 0xf7, 0xce, 0x0d, 0x16, 0xb2, 0xec, 0x0a, - 0x9c, 0xf5, 0x94, 0x39, 0xb9, 0x8a, 0xfc, 0x1e, 0xf9, 0xcc, - 0xf2, 0x5f, 0x21, 0x31, 0x74, 0x72, 0x6b, 0x64, 0xae, 0x35, - 0x61, 0x8d, 0x0d, 0xcb, 0xe7, 0xda, 0x39, 0xca, 0xf3, 0x21, - 0x66, 0x0b, 0x95, 0xd7, 0x0a, 0x7c, 0xca, 0xa1, 0xa9, 0x5a, - 0xe8, 0xac, 0xe0, 0x71, 0x54, 0xaf, 0x28, 0xcf, 0xd5, 0x70, - 0x89, 0xe0, 0xf3, 0x9e, 0x43, 0x6c, 0x8d, 0x7b, 0x99, 0x01, - 0x68, 0x4d, 0xa1, 0x45, 0x46, 0x0c, 0x43, 0xbc, 0xcc, 0x2c, - 0xdd, 0xc5, 0x46, 0xc8, 0x4e, 0x0e, 0xbe, 0xed, 0xb9, 0x26, - 0xab, 0x2e, 0xdb, 0xeb, 0x8f, 0xff, 0xdb, 0xb0, 0xc6, 0x55, - 0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17, + 0x30, + 0x82, + 0x09, + 0x29, + 0x02, + 0x01, + 0x00, + 0x02, + 0x82, + 0x02, + 0x01, + 0x00, + 0xc0, + 0x71, + 0xac, + 0x1a, + 0x13, + 0x88, + 0x82, + 0x43, + 0x3b, + 0x51, + 0x57, + 0x71, + 0x8d, + 0xb6, + 0x2b, + 0x82, + 0x65, + 0x21, + 0x53, + 0x5f, + 0x28, + 0x29, + 0x4f, + 0x8d, + 0x7c, + 0x8a, + 0xb9, + 0x44, + 0xb3, + 0x28, + 0x41, + 0x4f, + 0xd3, + 0xfa, + 0x6a, + 0xf8, + 0xb9, + 0x28, + 0x50, + 0x39, + 0x67, + 0x53, + 0x2c, + 0x3c, + 0xd7, + 0xcb, + 0x96, + 0x41, + 0x40, + 0x32, + 0xbb, + 0xeb, + 0x70, + 0xae, + 0x1f, + 0xb0, + 0x65, + 0xf7, + 0x3a, + 0xd9, + 0x22, + 0xfd, + 0x10, + 0xae, + 0xbd, + 0x02, + 0xe2, + 0xdd, + 0xf3, + 0xc2, + 0x79, + 0x3c, + 0xc6, + 0xfc, + 0x75, + 0xbb, + 0xaf, + 0x4e, + 0x3a, + 0x36, + 0xc2, + 0x4f, + 0xea, + 0x25, + 0xdf, + 0x13, + 0x16, + 0x4b, + 0x20, + 0xfe, + 0x4b, + 0x69, + 0x16, + 0xc4, + 0x7f, + 0x1a, + 0x43, + 0xa6, + 0x17, + 0x1b, + 0xb9, + 0x0a, + 0xf3, + 0x09, + 0x86, + 0x28, + 0x89, + 0xcf, + 0x2c, + 0xd0, + 0xd4, + 0x81, + 0xaf, + 0xc6, + 0x6d, + 0xe6, + 0x21, + 0x8d, + 0xee, + 0xef, + 0xea, + 0xdc, + 0xb7, + 0xc6, + 0x3b, + 0x63, + 0x9f, + 0x0e, + 0xad, + 0x89, + 0x78, + 0x23, + 0x18, + 0xbf, + 0x70, + 0x7e, + 0x84, + 0xe0, + 0x37, + 0xec, + 0xdb, + 0x8e, + 0x9c, + 0x3e, + 0x6a, + 0x19, + 0xcc, + 0x99, + 0x72, + 0xe6, + 0xb5, + 0x7d, + 0x6d, + 0xfa, + 0xe5, + 0xd3, + 0xe4, + 0x90, + 0xb5, + 0xb2, + 0xb2, + 0x12, + 0x70, + 0x4e, + 0xca, + 0xf8, + 0x10, + 0xf8, + 0xa3, + 0x14, + 0xc2, + 0x48, + 0x19, + 0xeb, + 0x60, + 0x99, + 0xbb, + 0x2a, + 0x1f, + 0xb1, + 0x7a, + 0xb1, + 0x3d, + 0x24, + 0xfb, + 0xa0, + 0x29, + 0xda, + 0xbd, + 0x1b, + 0xd7, + 0xa4, + 0xbf, + 0xef, + 0x60, + 0x2d, + 0x22, + 0xca, + 0x65, + 0x98, + 0xf1, + 0xc4, + 0xe1, + 0xc9, + 0x02, + 0x6b, + 0x16, + 0x28, + 0x2f, + 0xa1, + 0xaa, + 0x79, + 0x00, + 0xda, + 0xdc, + 0x7c, + 0x43, + 0xf7, + 0x42, + 0x3c, + 0xa0, + 0xef, + 0x68, + 0xf7, + 0xdf, + 0xb9, + 0x69, + 0xfb, + 0x8e, + 0x01, + 0xed, + 0x01, + 0x42, + 0xb5, + 0x4e, + 0x57, + 0xa6, + 0x26, + 0xb8, + 0xd0, + 0x7b, + 0x56, + 0x6d, + 0x03, + 0xc6, + 0x40, + 0x8c, + 0x8c, + 0x2a, + 0x55, + 0xd7, + 0x9c, + 0x35, + 0x00, + 0x94, + 0x93, + 0xec, + 0x03, + 0xeb, + 0x22, + 0xef, + 0x77, + 0xbb, + 0x79, + 0x13, + 0x3f, + 0x15, + 0xa1, + 0x8f, + 0xca, + 0xdf, + 0xfd, + 0xd3, + 0xb8, + 0xe1, + 0xd4, + 0xcc, + 0x09, + 0x3f, + 0x3c, + 0x2c, + 0xdb, + 0xd1, + 0x49, + 0x7f, + 0x38, + 0x07, + 0x83, + 0x6d, + 0xeb, + 0x08, + 0x66, + 0xe9, + 0x06, + 0x44, + 0x12, + 0xac, + 0x95, + 0x22, + 0x90, + 0x23, + 0x67, + 0xd4, + 0x08, + 0xcc, + 0xf4, + 0xb7, + 0xdc, + 0xcc, + 0x87, + 0xd4, + 0xac, + 0x69, + 0x35, + 0x4c, + 0xb5, + 0x39, + 0x36, + 0xcd, + 0xa4, + 0xd2, + 0x95, + 0xca, + 0x0d, + 0xc5, + 0xda, + 0xc2, + 0xc5, + 0x22, + 0x32, + 0x28, + 0x08, + 0xe3, + 0xd2, + 0x8b, + 0x38, + 0x30, + 0xdc, + 0x8c, + 0x75, + 0x4f, + 0x6a, + 0xec, + 0x7a, + 0xac, + 0x16, + 0x3e, + 0xa8, + 0xd4, + 0x6a, + 0x45, + 0xe1, + 0xa8, + 0x4f, + 0x2e, + 0x80, + 0x34, + 0xaa, + 0x54, + 0x1b, + 0x02, + 0x95, + 0x7d, + 0x8a, + 0x6d, + 0xcc, + 0x79, + 0xca, + 0xf2, + 0xa4, + 0x2e, + 0x8d, + 0xfb, + 0xfe, + 0x15, + 0x51, + 0x10, + 0x0e, + 0x4d, + 0x88, + 0xb1, + 0xc7, + 0xf4, + 0x79, + 0xdb, + 0xf0, + 0xb4, + 0x56, + 0x44, + 0x37, + 0xca, + 0x5a, + 0xc1, + 0x8c, + 0x48, + 0xac, + 0xae, + 0x48, + 0x80, + 0x83, + 0x01, + 0x3f, + 0xde, + 0xd9, + 0xd3, + 0x2c, + 0x51, + 0x46, + 0xb1, + 0x41, + 0xb6, + 0xc6, + 0x91, + 0x72, + 0xf9, + 0x83, + 0x55, + 0x1b, + 0x8c, + 0xba, + 0xf3, + 0x73, + 0xe5, + 0x2c, + 0x74, + 0x50, + 0x3a, + 0xbe, + 0xc5, + 0x2f, + 0xa7, + 0xb2, + 0x6d, + 0x8c, + 0x9e, + 0x13, + 0x77, + 0xa3, + 0x13, + 0xcd, + 0x6d, + 0x8c, + 0x45, + 0xe1, + 0xfc, + 0x0b, + 0xb7, + 0x69, + 0xe9, + 0x27, + 0xbc, + 0x65, + 0xc3, + 0xfa, + 0x9b, + 0xd0, + 0xef, + 0xfe, + 0xe8, + 0x1f, + 0xb3, + 0x5e, + 0x34, + 0xf4, + 0x8c, + 0xea, + 0xfc, + 0xd3, + 0x81, + 0xbf, + 0x3d, + 0x30, + 0xb2, + 0xb4, + 0x01, + 0xe8, + 0x43, + 0x0f, + 0xba, + 0x02, + 0x23, + 0x42, + 0x76, + 0x82, + 0x31, + 0x73, + 0x91, + 0xed, + 0x07, + 0x46, + 0x61, + 0x0d, + 0x39, + 0x83, + 0x40, + 0xce, + 0x7a, + 0xd4, + 0xdb, + 0x80, + 0x2c, + 0x1f, + 0x0d, + 0xd1, + 0x34, + 0xd4, + 0x92, + 0xe3, + 0xd4, + 0xf1, + 0xc2, + 0x01, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x82, + 0x02, + 0x01, + 0x00, + 0x97, + 0x6c, + 0xda, + 0x6e, + 0xea, + 0x4f, + 0xcf, + 0xaf, + 0xf7, + 0x4c, + 0xd9, + 0xf1, + 0x90, + 0x00, + 0x77, + 0xdb, + 0xf2, + 0x97, + 0x76, + 0x72, + 0xb9, + 0xb7, + 0x47, + 0xd1, + 0x9c, + 0xdd, + 0xcb, + 0x4a, + 0x33, + 0x6e, + 0xc9, + 0x75, + 0x76, + 0xe6, + 0xe4, + 0xa5, + 0x31, + 0x8c, + 0x77, + 0x13, + 0xb4, + 0x29, + 0xcd, + 0xf5, + 0x52, + 0x17, + 0xef, + 0xf3, + 0x08, + 0x00, + 0xe3, + 0xbd, + 0x2e, + 0xbc, + 0xd4, + 0x52, + 0x88, + 0xe9, + 0x30, + 0x75, + 0x0b, + 0x02, + 0xf5, + 0xcd, + 0x89, + 0x0c, + 0x6c, + 0x57, + 0x19, + 0x27, + 0x3d, + 0x1e, + 0x85, + 0xb4, + 0xc1, + 0x2f, + 0x1d, + 0x92, + 0x00, + 0x5c, + 0x76, + 0x29, + 0x4b, + 0xa4, + 0xe1, + 0x12, + 0xb3, + 0xc8, + 0x09, + 0xfe, + 0x0e, + 0x78, + 0x72, + 0x61, + 0xcb, + 0x61, + 0x6f, + 0x39, + 0x91, + 0x95, + 0x4e, + 0xd5, + 0x3e, + 0xc7, + 0x8f, + 0xb8, + 0xf6, + 0x36, + 0xfe, + 0x9c, + 0x93, + 0x9a, + 0x38, + 0x25, + 0x7a, + 0xf4, + 0x4a, + 0x12, + 0xd4, + 0xa0, + 0x13, + 0xbd, + 0xf9, + 0x1d, + 0x12, + 0x3e, + 0x21, + 0x39, + 0xfb, + 0x72, + 0xe0, + 0x05, + 0x3d, + 0xc3, + 0xe5, + 0x50, + 0xa8, + 0x5d, + 0x85, + 0xa3, + 0xea, + 0x5f, + 0x1c, + 0xb2, + 0x3f, + 0xea, + 0x6d, + 0x03, + 0x91, + 0x55, + 0xd8, + 0x19, + 0x0a, + 0x21, + 0x12, + 0x16, + 0xd9, + 0x12, + 0xc4, + 0xe6, + 0x07, + 0x18, + 0x5b, + 0x26, + 0xa4, + 0xae, + 0xed, + 0x2b, + 0xb7, + 0xa6, + 0xed, + 0xf8, + 0xad, + 0xec, + 0x77, + 0xe6, + 0x7f, + 0x4f, + 0x76, + 0x00, + 0xc0, + 0xfa, + 0x15, + 0x92, + 0xb4, + 0x2c, + 0x22, + 0xc2, + 0xeb, + 0x6a, + 0xad, + 0x14, + 0x05, + 0xb2, + 0xe5, + 0x8a, + 0x9e, + 0x85, + 0x83, + 0xcc, + 0x04, + 0xf1, + 0x56, + 0x78, + 0x44, + 0x5e, + 0xde, + 0xe0, + 0x60, + 0x1a, + 0x65, + 0x79, + 0x31, + 0x23, + 0x05, + 0xbb, + 0x01, + 0xff, + 0xdd, + 0x2e, + 0xb7, + 0xb3, + 0xaa, + 0x74, + 0xe0, + 0xa5, + 0x94, + 0xaf, + 0x4b, + 0xde, + 0x58, + 0x0f, + 0x55, + 0xde, + 0x33, + 0xf6, + 0xe3, + 0xd6, + 0x34, + 0x36, + 0x57, + 0xd6, + 0x79, + 0x91, + 0x2e, + 0xbe, + 0x3b, + 0xd9, + 0x4e, + 0xb6, + 0x9d, + 0x21, + 0x5c, + 0xd3, + 0x48, + 0x14, + 0x7f, + 0x4a, + 0xc4, + 0x60, + 0xa9, + 0x29, + 0xf8, + 0x53, + 0x7f, + 0x88, + 0x11, + 0x2d, + 0xb5, + 0xc5, + 0x2d, + 0x6f, + 0xee, + 0x85, + 0x0b, + 0xf7, + 0x8d, + 0x9a, + 0xbe, + 0xb0, + 0x42, + 0xf2, + 0x2e, + 0x71, + 0xaf, + 0x19, + 0x31, + 0x6d, + 0xec, + 0xcd, + 0x6f, + 0x2b, + 0x23, + 0xdf, + 0xb4, + 0x40, + 0xaf, + 0x2c, + 0x0a, + 0xc3, + 0x1b, + 0x7d, + 0x7d, + 0x03, + 0x1d, + 0x4b, + 0xf3, + 0xb5, + 0xe0, + 0x85, + 0xd8, + 0xdf, + 0x91, + 0x6b, + 0x0a, + 0x69, + 0xf7, + 0xf2, + 0x69, + 0x66, + 0x5b, + 0xf1, + 0xcf, + 0x46, + 0x7d, + 0xe9, + 0x70, + 0xfa, + 0x6d, + 0x7e, + 0x75, + 0x4e, + 0xa9, + 0x77, + 0xe6, + 0x8c, + 0x02, + 0xf7, + 0x14, + 0x4d, + 0xa5, + 0x41, + 0x8f, + 0x3f, + 0xc1, + 0x62, + 0x1e, + 0x71, + 0x5e, + 0x38, + 0xb4, + 0xd6, + 0xe6, + 0xe1, + 0x4b, + 0xc2, + 0x2c, + 0x30, + 0x83, + 0x81, + 0x6f, + 0x49, + 0x2e, + 0x96, + 0xe6, + 0xc9, + 0x9a, + 0xf7, + 0x5d, + 0x09, + 0xa0, + 0x55, + 0x02, + 0xa5, + 0x3a, + 0x25, + 0x23, + 0xd0, + 0x92, + 0xc3, + 0xa3, + 0xe3, + 0x0e, + 0x12, + 0x2f, + 0x4d, + 0xef, + 0xf3, + 0x55, + 0x5a, + 0xbe, + 0xe6, + 0x19, + 0x86, + 0x31, + 0xab, + 0x75, + 0x9a, + 0xd3, + 0xf0, + 0x2c, + 0xc5, + 0x41, + 0x92, + 0xd9, + 0x1f, + 0x5f, + 0x11, + 0x8c, + 0x75, + 0x1c, + 0x63, + 0xd0, + 0x02, + 0x80, + 0x2c, + 0x68, + 0xcb, + 0x93, + 0xfb, + 0x51, + 0x73, + 0x49, + 0xb4, + 0x60, + 0xda, + 0xe2, + 0x26, + 0xaf, + 0xa9, + 0x46, + 0x12, + 0xb8, + 0xec, + 0x50, + 0xdd, + 0x12, + 0x06, + 0x5f, + 0xce, + 0x59, + 0xe6, + 0xf6, + 0x1c, + 0xe0, + 0x54, + 0x10, + 0xad, + 0xf6, + 0xcd, + 0x98, + 0xcc, + 0x0f, + 0xfb, + 0xcb, + 0x41, + 0x14, + 0x9d, + 0xed, + 0xe4, + 0xb4, + 0x74, + 0x5f, + 0x09, + 0x60, + 0xc7, + 0x12, + 0xf6, + 0x7b, + 0x3c, + 0x8f, + 0xa7, + 0x20, + 0xbc, + 0xe4, + 0xb1, + 0xef, + 0xeb, + 0xa4, + 0x93, + 0xc5, + 0x06, + 0xca, + 0x9a, + 0x27, + 0x9d, + 0x87, + 0xf3, + 0xde, + 0xca, + 0xe5, + 0xe7, + 0xf6, + 0x1c, + 0x01, + 0x65, + 0x5b, + 0xfb, + 0x19, + 0x79, + 0x6e, + 0x08, + 0x26, + 0xc5, + 0xc8, + 0x28, + 0x0e, + 0xb6, + 0x3b, + 0x07, + 0x08, + 0xc1, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0xe8, + 0x1c, + 0x73, + 0xa6, + 0xb8, + 0xe0, + 0x0e, + 0x6d, + 0x8d, + 0x1b, + 0xb9, + 0x53, + 0xed, + 0x58, + 0x94, + 0xe6, + 0x1d, + 0x60, + 0x14, + 0x5c, + 0x76, + 0x43, + 0xc4, + 0x58, + 0x19, + 0xc4, + 0x24, + 0xe8, + 0xbc, + 0x1b, + 0x3b, + 0x0b, + 0x13, + 0x24, + 0x45, + 0x54, + 0x0e, + 0xcc, + 0x37, + 0xf0, + 0xe0, + 0x63, + 0x7d, + 0xc3, + 0xf7, + 0xfb, + 0x81, + 0x74, + 0x81, + 0xc4, + 0x0f, + 0x1a, + 0x21, + 0x48, + 0xaf, + 0xce, + 0xc1, + 0xc4, + 0x94, + 0x18, + 0x06, + 0x44, + 0x8d, + 0xd3, + 0xd2, + 0x22, + 0x2d, + 0x2d, + 0x3e, + 0x5a, + 0x31, + 0xdc, + 0x95, + 0x8e, + 0xf4, + 0x41, + 0xfc, + 0x58, + 0xc9, + 0x40, + 0x92, + 0x17, + 0x5f, + 0xe3, + 0xda, + 0xac, + 0x9e, + 0x3f, + 0x1c, + 0x2a, + 0x6b, + 0x58, + 0x5f, + 0x48, + 0x78, + 0x20, + 0xb1, + 0xaf, + 0x24, + 0x9b, + 0x3c, + 0x20, + 0x8b, + 0x93, + 0x25, + 0x9e, + 0xe6, + 0x6b, + 0xbc, + 0x13, + 0x42, + 0x14, + 0x6c, + 0x36, + 0x31, + 0xff, + 0x7a, + 0xd1, + 0xc1, + 0x1a, + 0x26, + 0x14, + 0x7f, + 0xa9, + 0x76, + 0xa7, + 0x0c, + 0xf8, + 0xcc, + 0xed, + 0x07, + 0x6a, + 0xd2, + 0xdf, + 0x62, + 0xee, + 0x0a, + 0x7c, + 0x84, + 0xcb, + 0x49, + 0x90, + 0xb2, + 0x03, + 0x0d, + 0xa2, + 0x82, + 0x06, + 0x77, + 0xf1, + 0xcd, + 0x67, + 0xf2, + 0x47, + 0x21, + 0x02, + 0x3f, + 0x43, + 0x21, + 0xf0, + 0x46, + 0x30, + 0x62, + 0x51, + 0x72, + 0xb1, + 0xe7, + 0x48, + 0xc6, + 0x67, + 0x12, + 0xcd, + 0x9e, + 0xd6, + 0x15, + 0xe5, + 0x21, + 0xed, + 0xfa, + 0x8f, + 0x30, + 0xa6, + 0x41, + 0xfe, + 0xb6, + 0xfa, + 0x8f, + 0x34, + 0x14, + 0x19, + 0xe8, + 0x11, + 0xf7, + 0xa5, + 0x77, + 0x3e, + 0xb7, + 0xf9, + 0x39, + 0x07, + 0x8c, + 0x67, + 0x2a, + 0xab, + 0x7b, + 0x08, + 0xf8, + 0xb0, + 0x06, + 0xa8, + 0xea, + 0x2f, + 0x8f, + 0xfa, + 0xcc, + 0xcc, + 0x40, + 0xce, + 0xf3, + 0x70, + 0x4f, + 0x3f, + 0x7f, + 0xe2, + 0x0c, + 0xea, + 0x76, + 0x4a, + 0x35, + 0x4e, + 0x47, + 0xad, + 0x2b, + 0xa7, + 0x97, + 0x5d, + 0x74, + 0x43, + 0x97, + 0x90, + 0xd2, + 0xfb, + 0xd9, + 0xf9, + 0x96, + 0x01, + 0x33, + 0x05, + 0xed, + 0x7b, + 0x03, + 0x05, + 0xad, + 0xf8, + 0x49, + 0x03, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0xd4, + 0x40, + 0x17, + 0x66, + 0x10, + 0x92, + 0x95, + 0xc8, + 0xec, + 0x62, + 0xa9, + 0x7a, + 0xcb, + 0x93, + 0x8e, + 0xe6, + 0x53, + 0xd4, + 0x80, + 0x48, + 0x27, + 0x4b, + 0x41, + 0xce, + 0x61, + 0xdf, + 0xbf, + 0x94, + 0xa4, + 0x3d, + 0x71, + 0x03, + 0x0b, + 0xed, + 0x25, + 0x71, + 0x98, + 0xa4, + 0xd6, + 0xd5, + 0x4a, + 0x57, + 0xf5, + 0x6c, + 0x1b, + 0xda, + 0x21, + 0x7d, + 0x35, + 0x45, + 0xb3, + 0xf3, + 0x6a, + 0xd9, + 0xd3, + 0x43, + 0xe8, + 0x5c, + 0x54, + 0x1c, + 0x83, + 0x1b, + 0xb4, + 0x5f, + 0xf2, + 0x97, + 0x24, + 0x2e, + 0xdc, + 0x40, + 0xde, + 0x92, + 0x23, + 0x59, + 0x8e, + 0xbc, + 0xd2, + 0xa1, + 0xf2, + 0xe0, + 0x4c, + 0xdd, + 0x0b, + 0xd1, + 0xe7, + 0xae, + 0x65, + 0xbc, + 0xb5, + 0xf5, + 0x5b, + 0x98, + 0xe9, + 0xd7, + 0xc2, + 0xb7, + 0x0e, + 0x55, + 0x71, + 0x0e, + 0x3c, + 0x0a, + 0x24, + 0x6b, + 0xa6, + 0xe6, + 0x14, + 0x61, + 0x11, + 0xfd, + 0x33, + 0x42, + 0x99, + 0x2b, + 0x84, + 0x77, + 0x74, + 0x92, + 0x91, + 0xf5, + 0x79, + 0x79, + 0xcf, + 0xad, + 0x8e, + 0x04, + 0xef, + 0x80, + 0x1e, + 0x57, + 0xf4, + 0x14, + 0xf5, + 0x35, + 0x09, + 0x74, + 0xb2, + 0x13, + 0x71, + 0x58, + 0x6b, + 0xea, + 0x32, + 0x5d, + 0xf3, + 0xd3, + 0x76, + 0x48, + 0x39, + 0x10, + 0x23, + 0x84, + 0x9d, + 0xbe, + 0x92, + 0x77, + 0x4a, + 0xed, + 0x70, + 0x3e, + 0x1a, + 0xa2, + 0x6c, + 0xb3, + 0x81, + 0x00, + 0xc3, + 0xc9, + 0xe4, + 0x52, + 0xc8, + 0x24, + 0x88, + 0x0c, + 0x41, + 0xad, + 0x87, + 0x5a, + 0xea, + 0xa3, + 0x7a, + 0x85, + 0x1c, + 0x5e, + 0x31, + 0x7f, + 0xc3, + 0x35, + 0xc6, + 0xfa, + 0x10, + 0xc8, + 0x75, + 0x10, + 0xc4, + 0x96, + 0x99, + 0xe7, + 0xfe, + 0x01, + 0xb4, + 0x74, + 0xdb, + 0xb4, + 0x11, + 0xc3, + 0xc8, + 0x8c, + 0xf6, + 0xf7, + 0x3b, + 0x66, + 0x50, + 0xfc, + 0xdb, + 0xeb, + 0xca, + 0x47, + 0x85, + 0x89, + 0xe1, + 0x65, + 0xd9, + 0x62, + 0x34, + 0x3c, + 0x70, + 0xd8, + 0x2e, + 0xb4, + 0x2f, + 0x65, + 0x3c, + 0x4a, + 0xa6, + 0x2a, + 0xe7, + 0xc7, + 0xd8, + 0x41, + 0x8f, + 0x8a, + 0x43, + 0xbf, + 0x42, + 0xf2, + 0x4d, + 0xbc, + 0xfc, + 0x9e, + 0x27, + 0x95, + 0xfb, + 0x75, + 0xff, + 0xab, + 0x02, + 0x82, + 0x01, + 0x00, + 0x41, + 0x2f, + 0x44, + 0x57, + 0x6d, + 0x12, + 0x17, + 0x5b, + 0x32, + 0xc6, + 0xb7, + 0x6c, + 0x57, + 0x7a, + 0x8a, + 0x0e, + 0x79, + 0xef, + 0x72, + 0xa8, + 0x68, + 0xda, + 0x2d, + 0x38, + 0xe4, + 0xbb, + 0x8d, + 0xf6, + 0x02, + 0x65, + 0xcf, + 0x56, + 0x13, + 0xe1, + 0x1a, + 0xcb, + 0x39, + 0x80, + 0xa6, + 0xb1, + 0x32, + 0x03, + 0x1e, + 0xdd, + 0xbb, + 0x35, + 0xd9, + 0xac, + 0x43, + 0x89, + 0x31, + 0x08, + 0x90, + 0x92, + 0x5e, + 0x35, + 0x3d, + 0x7b, + 0x9c, + 0x6f, + 0x86, + 0xcb, + 0x17, + 0xdd, + 0x85, + 0xe4, + 0xed, + 0x35, + 0x08, + 0x8e, + 0xc1, + 0xf4, + 0x05, + 0xd8, + 0x68, + 0xc6, + 0x63, + 0x3c, + 0xf7, + 0xff, + 0xf7, + 0x47, + 0x33, + 0x39, + 0xc5, + 0x3e, + 0xb7, + 0x0e, + 0x58, + 0x35, + 0x9d, + 0x81, + 0xea, + 0xf8, + 0x6a, + 0x2c, + 0x1c, + 0x5a, + 0x68, + 0x78, + 0x64, + 0x11, + 0x6b, + 0xc1, + 0x3e, + 0x4e, + 0x7a, + 0xbd, + 0x84, + 0xcb, + 0x0f, + 0xc2, + 0xb6, + 0x85, + 0x1d, + 0xd3, + 0x76, + 0xc5, + 0x93, + 0x6a, + 0x69, + 0x89, + 0x56, + 0x34, + 0xdc, + 0x4a, + 0x9b, + 0xbc, + 0xff, + 0xa8, + 0x0d, + 0x6e, + 0x35, + 0x9c, + 0x60, + 0xa7, + 0x23, + 0x30, + 0xc7, + 0x06, + 0x64, + 0x39, + 0x8b, + 0x94, + 0x89, + 0xee, + 0xba, + 0x7f, + 0x60, + 0x8d, + 0xfa, + 0xb6, + 0x97, + 0x76, + 0xdc, + 0x51, + 0x4a, + 0x3c, + 0xeb, + 0x3a, + 0x14, + 0x2c, + 0x20, + 0x60, + 0x69, + 0x4a, + 0x86, + 0xfe, + 0x8c, + 0x21, + 0x84, + 0x49, + 0x54, + 0xb3, + 0x20, + 0xe1, + 0x01, + 0x7f, + 0x58, + 0xdf, + 0x7f, + 0xb5, + 0x21, + 0x51, + 0x8c, + 0x47, + 0x9f, + 0x91, + 0xeb, + 0x97, + 0x3e, + 0xf2, + 0x54, + 0xcf, + 0x16, + 0x46, + 0xf9, + 0xd9, + 0xb6, + 0xe7, + 0x64, + 0xc9, + 0xd0, + 0x54, + 0xea, + 0x2f, + 0xa1, + 0xcf, + 0xa5, + 0x7f, + 0x28, + 0x8d, + 0x84, + 0xec, + 0xd5, + 0x39, + 0x03, + 0x76, + 0x5b, + 0x2d, + 0x8e, + 0x43, + 0xf2, + 0x01, + 0x24, + 0xc9, + 0x6f, + 0xc0, + 0xf5, + 0x69, + 0x6f, + 0x7d, + 0xb5, + 0x85, + 0xd2, + 0x5f, + 0x7f, + 0x78, + 0x40, + 0x07, + 0x7f, + 0x09, + 0x15, + 0xb5, + 0x1f, + 0x28, + 0x65, + 0x10, + 0xe4, + 0x19, + 0xa8, + 0xc6, + 0x9e, + 0x8d, + 0xdc, + 0xcb, + 0x02, + 0x82, + 0x01, + 0x00, + 0x13, + 0x01, + 0xee, + 0x56, + 0x80, + 0x93, + 0x70, + 0x00, + 0x7f, + 0x52, + 0xd2, + 0x94, + 0xa1, + 0x98, + 0x84, + 0x4a, + 0x92, + 0x25, + 0x4c, + 0x9b, + 0xa9, + 0x91, + 0x2e, + 0xc2, + 0x79, + 0xb7, + 0x5c, + 0xe3, + 0xc5, + 0xd5, + 0x8e, + 0xc2, + 0x54, + 0x16, + 0x17, + 0xad, + 0x55, + 0x9b, + 0x25, + 0x76, + 0x12, + 0x63, + 0x50, + 0x22, + 0x2f, + 0x58, + 0x58, + 0x79, + 0x6b, + 0x04, + 0xe3, + 0xf9, + 0x9f, + 0x8f, + 0x04, + 0x41, + 0x67, + 0x94, + 0xa5, + 0x1f, + 0xac, + 0x8a, + 0x15, + 0x9c, + 0x26, + 0x10, + 0x6c, + 0xf8, + 0x19, + 0x57, + 0x61, + 0xd7, + 0x3a, + 0x7d, + 0x31, + 0xb0, + 0x2d, + 0x38, + 0xbd, + 0x94, + 0x62, + 0xad, + 0xc4, + 0xfa, + 0x36, + 0x42, + 0x42, + 0xf0, + 0x24, + 0x67, + 0x65, + 0x9d, + 0x8b, + 0x0b, + 0x7c, + 0x6f, + 0x82, + 0x44, + 0x1a, + 0x8c, + 0xc8, + 0xc9, + 0xab, + 0xbb, + 0x4c, + 0x45, + 0xfc, + 0x7b, + 0x38, + 0xee, + 0x30, + 0xe1, + 0xfc, + 0xef, + 0x8d, + 0xbc, + 0x58, + 0xdf, + 0x2b, + 0x5d, + 0x0d, + 0x54, + 0xe0, + 0x49, + 0x4d, + 0x97, + 0x99, + 0x8f, + 0x22, + 0xa8, + 0x83, + 0xbe, + 0x40, + 0xbb, + 0x50, + 0x2e, + 0x78, + 0x28, + 0x0f, + 0x95, + 0x78, + 0x8c, + 0x8f, + 0x98, + 0x24, + 0x56, + 0xc2, + 0x97, + 0xf3, + 0x2c, + 0x43, + 0xd2, + 0x03, + 0x82, + 0x66, + 0x81, + 0x72, + 0x5f, + 0x53, + 0x16, + 0xec, + 0xb1, + 0xb1, + 0x04, + 0x5e, + 0x40, + 0x20, + 0x48, + 0x7b, + 0x3f, + 0x02, + 0x97, + 0x6a, + 0xeb, + 0x96, + 0x12, + 0x21, + 0x35, + 0xfe, + 0x1f, + 0x47, + 0xc0, + 0x95, + 0xea, + 0xc5, + 0x8a, + 0x08, + 0x84, + 0x4f, + 0x5e, + 0x63, + 0x94, + 0x60, + 0x0f, + 0x71, + 0x5b, + 0x7f, + 0x4a, + 0xec, + 0x4f, + 0x60, + 0xc6, + 0xba, + 0x4a, + 0x24, + 0xf1, + 0x20, + 0x8b, + 0xa7, + 0x2e, + 0x3a, + 0xce, + 0x8d, + 0xe0, + 0x27, + 0x1d, + 0xb5, + 0x8e, + 0xb4, + 0x21, + 0xc5, + 0xe2, + 0xa6, + 0x16, + 0x0a, + 0x51, + 0x83, + 0x55, + 0x88, + 0xd1, + 0x30, + 0x11, + 0x63, + 0xd5, + 0xd7, + 0x8d, + 0xae, + 0x16, + 0x12, + 0x82, + 0xc4, + 0x85, + 0x00, + 0x4e, + 0x27, + 0x83, + 0xa5, + 0x7c, + 0x90, + 0x2e, + 0xe5, + 0xa2, + 0xa3, + 0xd3, + 0x4c, + 0x63, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0x86, + 0x08, + 0x98, + 0x98, + 0xa5, + 0x00, + 0x05, + 0x39, + 0x77, + 0xd9, + 0x66, + 0xb3, + 0xcf, + 0xca, + 0xa0, + 0x71, + 0xb3, + 0x50, + 0xce, + 0x3d, + 0xb1, + 0x93, + 0x95, + 0x35, + 0xc4, + 0xd4, + 0x2e, + 0x90, + 0xdf, + 0x0f, + 0xfc, + 0x60, + 0xc1, + 0x94, + 0x68, + 0x61, + 0x43, + 0xca, + 0x9a, + 0x23, + 0x4a, + 0x1e, + 0x45, + 0x72, + 0x99, + 0xb5, + 0x1e, + 0x61, + 0x8d, + 0x77, + 0x0f, + 0xa0, + 0xbb, + 0xd7, + 0x77, + 0xb4, + 0x2a, + 0x15, + 0x11, + 0x88, + 0x2d, + 0xb3, + 0x56, + 0x61, + 0x5e, + 0x6a, + 0xed, + 0xa4, + 0x46, + 0x4a, + 0x3f, + 0x50, + 0x11, + 0xd6, + 0xba, + 0xb6, + 0xd7, + 0x95, + 0x65, + 0x53, + 0xc3, + 0xa1, + 0x8f, + 0xe0, + 0xa3, + 0xf5, + 0x1c, + 0xfd, + 0xaf, + 0x6e, + 0x43, + 0xd7, + 0x17, + 0xa7, + 0xd3, + 0x81, + 0x1b, + 0xa4, + 0xdf, + 0xe0, + 0x97, + 0x8a, + 0x46, + 0x03, + 0xd3, + 0x46, + 0x0e, + 0x83, + 0x48, + 0x4e, + 0xd2, + 0x02, + 0xcb, + 0xc0, + 0xad, + 0x79, + 0x95, + 0x8c, + 0x96, + 0xba, + 0x40, + 0x34, + 0x11, + 0x71, + 0x5e, + 0xe9, + 0x11, + 0xf9, + 0xc5, + 0x4a, + 0x5e, + 0x91, + 0x9d, + 0xf5, + 0x92, + 0x4f, + 0xeb, + 0xc6, + 0x70, + 0x02, + 0x2d, + 0x3d, + 0x04, + 0xaa, + 0xe9, + 0x3a, + 0x8e, + 0xd5, + 0xa8, + 0xad, + 0xf7, + 0xce, + 0x0d, + 0x16, + 0xb2, + 0xec, + 0x0a, + 0x9c, + 0xf5, + 0x94, + 0x39, + 0xb9, + 0x8a, + 0xfc, + 0x1e, + 0xf9, + 0xcc, + 0xf2, + 0x5f, + 0x21, + 0x31, + 0x74, + 0x72, + 0x6b, + 0x64, + 0xae, + 0x35, + 0x61, + 0x8d, + 0x0d, + 0xcb, + 0xe7, + 0xda, + 0x39, + 0xca, + 0xf3, + 0x21, + 0x66, + 0x0b, + 0x95, + 0xd7, + 0x0a, + 0x7c, + 0xca, + 0xa1, + 0xa9, + 0x5a, + 0xe8, + 0xac, + 0xe0, + 0x71, + 0x54, + 0xaf, + 0x28, + 0xcf, + 0xd5, + 0x70, + 0x89, + 0xe0, + 0xf3, + 0x9e, + 0x43, + 0x6c, + 0x8d, + 0x7b, + 0x99, + 0x01, + 0x68, + 0x4d, + 0xa1, + 0x45, + 0x46, + 0x0c, + 0x43, + 0xbc, + 0xcc, + 0x2c, + 0xdd, + 0xc5, + 0x46, + 0xc8, + 0x4e, + 0x0e, + 0xbe, + 0xed, + 0xb9, + 0x26, + 0xab, + 0x2e, + 0xdb, + 0xeb, + 0x8f, + 0xff, + 0xdb, + 0xb0, + 0xc6, + 0x55, + 0xaf, + 0xf8, + 0x2a, + 0x91, + 0x9d, + 0x50, + 0x44, + 0x21, + 0x17, }; static unsigned char test7680[] = { --- crypto/openssl/apps/timeouts.h.orig +++ crypto/openssl/apps/timeouts.h @@ -8,10 +8,10 @@ */ #ifndef OSSL_APPS_TIMEOUTS_H -# define OSSL_APPS_TIMEOUTS_H +#define OSSL_APPS_TIMEOUTS_H /* numbers in us */ -# define DGRAM_RCV_TIMEOUT 250000 -# define DGRAM_SND_TIMEOUT 250000 +#define DGRAM_RCV_TIMEOUT 250000 +#define DGRAM_SND_TIMEOUT 250000 -#endif /* ! OSSL_APPS_TIMEOUTS_H */ +#endif /* ! OSSL_APPS_TIMEOUTS_H */ --- crypto/openssl/apps/ts.c.orig +++ crypto/openssl/apps/ts.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,117 +21,138 @@ #include /* Request nonce length, in bits (must be a multiple of 8). */ -#define NONCE_LENGTH 64 +#define NONCE_LENGTH 64 /* Name of config entry that defines the OID file. */ -#define ENV_OID_FILE "oid_file" +#define ENV_OID_FILE "oid_file" /* Is |EXACTLY_ONE| of three pointers set? */ #define EXACTLY_ONE(a, b, c) \ - (( a && !b && !c) || \ - ( b && !a && !c) || \ - ( c && !a && !b)) + ((a && !b && !c) || (b && !a && !c) || (c && !a && !b)) static ASN1_OBJECT *txt2obj(const char *oid); static CONF *load_config_file(const char *configfile); /* Query related functions. */ static int query_command(const char *data, const char *digest, - const EVP_MD *md, const char *policy, int no_nonce, - int cert, const char *in, const char *out, int text); + const EVP_MD *md, const char *policy, int no_nonce, + int cert, const char *in, const char *out, int text); static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md, - const char *policy, int no_nonce, int cert); + const char *policy, int no_nonce, int cert); static int create_digest(BIO *input, const char *digest, - const EVP_MD *md, unsigned char **md_value); + const EVP_MD *md, unsigned char **md_value); static ASN1_INTEGER *create_nonce(int bits); /* Reply related functions. */ static int reply_command(CONF *conf, const char *section, const char *engine, - const char *queryfile, const char *passin, const char *inkey, - const EVP_MD *md, const char *signer, const char *chain, - const char *policy, const char *in, int token_in, - const char *out, int token_out, int text); + const char *queryfile, const char *passin, const char *inkey, + const EVP_MD *md, const char *signer, const char *chain, + const char *policy, const char *in, int token_in, + const char *out, int token_out, int text); static TS_RESP *read_PKCS7(BIO *in_bio); static TS_RESP *create_response(CONF *conf, const char *section, const char *engine, - const char *queryfile, const char *passin, - const char *inkey, const EVP_MD *md, const char *signer, - const char *chain, const char *policy); + const char *queryfile, const char *passin, + const char *inkey, const EVP_MD *md, const char *signer, + const char *chain, const char *policy); static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *next_serial(const char *serialfile); static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); /* Verify related functions. */ static int verify_command(const char *data, const char *digest, const char *queryfile, - const char *in, int token_in, - const char *CApath, const char *CAfile, - const char *CAstore, - char *untrusted, X509_VERIFY_PARAM *vpm); + const char *in, int token_in, + const char *CApath, const char *CAfile, + const char *CAstore, + char *untrusted, X509_VERIFY_PARAM *vpm); static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, - const char *queryfile, - const char *CApath, const char *CAfile, - const char *CAstore, - char *untrusted, - X509_VERIFY_PARAM *vpm); + const char *queryfile, + const char *CApath, const char *CAfile, + const char *CAstore, + char *untrusted, + X509_VERIFY_PARAM *vpm); static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, - const char *CAstore, X509_VERIFY_PARAM *vpm); + const char *CAstore, X509_VERIFY_PARAM *vpm); static int verify_cb(int ok, X509_STORE_CTX *ctx); typedef enum OPTION_choice { OPT_COMMON, - OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA, - OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT, - OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT, - OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER, - OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, OPT_UNTRUSTED, - OPT_MD, OPT_V_ENUM, OPT_R_ENUM, OPT_PROV_ENUM + OPT_ENGINE, + OPT_CONFIG, + OPT_SECTION, + OPT_QUERY, + OPT_DATA, + OPT_DIGEST, + OPT_TSPOLICY, + OPT_NO_NONCE, + OPT_CERT, + OPT_IN, + OPT_TOKEN_IN, + OPT_OUT, + OPT_TOKEN_OUT, + OPT_TEXT, + OPT_REPLY, + OPT_QUERYFILE, + OPT_PASSIN, + OPT_INKEY, + OPT_SIGNER, + OPT_CHAIN, + OPT_VERIFY, + OPT_CAPATH, + OPT_CAFILE, + OPT_CASTORE, + OPT_UNTRUSTED, + OPT_MD, + OPT_V_ENUM, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS ts_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"config", OPT_CONFIG, '<', "Configuration file"}, - {"section", OPT_SECTION, 's', "Section to use within config file"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "config", OPT_CONFIG, '<', "Configuration file" }, + { "section", OPT_SECTION, 's', "Section to use within config file" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - {"inkey", OPT_INKEY, 's', "File with private key for reply"}, - {"signer", OPT_SIGNER, 's', "Signer certificate file"}, - {"chain", OPT_CHAIN, '<', "File with signer CA chain"}, - {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"}, - {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"}, - {"CAstore", OPT_CASTORE, ':', "URI to trusted CA store"}, - {"untrusted", OPT_UNTRUSTED, '<', "Extra untrusted certs"}, - {"token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file"}, - {"token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"", OPT_MD, '-', "Any supported digest"}, + { "inkey", OPT_INKEY, 's', "File with private key for reply" }, + { "signer", OPT_SIGNER, 's', "Signer certificate file" }, + { "chain", OPT_CHAIN, '<', "File with signer CA chain" }, + { "CAfile", OPT_CAFILE, '<', "File with trusted CA certs" }, + { "CApath", OPT_CAPATH, '/', "Path to trusted CA files" }, + { "CAstore", OPT_CASTORE, ':', "URI to trusted CA store" }, + { "untrusted", OPT_UNTRUSTED, '<', "Extra untrusted certs" }, + { "token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file" }, + { "token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "", OPT_MD, '-', "Any supported digest" }, OPT_SECTION("Query"), - {"query", OPT_QUERY, '-', "Generate a TS query"}, - {"data", OPT_DATA, '<', "File to hash"}, - {"digest", OPT_DIGEST, 's', "Digest (as a hex string)"}, - {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"}, - {"cert", OPT_CERT, '-', "Put cert request into query"}, - {"in", OPT_IN, '<', "Input file"}, + { "query", OPT_QUERY, '-', "Generate a TS query" }, + { "data", OPT_DATA, '<', "File to hash" }, + { "digest", OPT_DIGEST, 's', "Digest (as a hex string)" }, + { "queryfile", OPT_QUERYFILE, '<', "File containing a TS query" }, + { "cert", OPT_CERT, '-', "Put cert request into query" }, + { "in", OPT_IN, '<', "Input file" }, OPT_SECTION("Verify"), - {"verify", OPT_VERIFY, '-', "Verify a TS response"}, - {"reply", OPT_REPLY, '-', "Generate a TS reply"}, - {"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"}, - {"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"}, - {"out", OPT_OUT, '>', "Output file"}, - {"text", OPT_TEXT, '-', "Output text (not DER)"}, + { "verify", OPT_VERIFY, '-', "Verify a TS response" }, + { "reply", OPT_REPLY, '-', "Generate a TS reply" }, + { "tspolicy", OPT_TSPOLICY, 's', "Policy OID to use" }, + { "no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce" }, + { "out", OPT_OUT, '>', "Output file" }, + { "text", OPT_TEXT, '-', "Output text (not DER)" }, OPT_R_OPTIONS, OPT_V_OPTIONS, OPT_PROV_OPTIONS, - {NULL} + { NULL } }; /* * This command is so complex, special help is needed. */ -static char* opt_helplist[] = { +static char *opt_helplist[] = { "", "Typical uses:", " openssl ts -query [-rand file...] [-config file] [-data file]", @@ -186,7 +207,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -299,8 +320,7 @@ if (!opt_md(digestname, &md)) goto opthelp; } - if (mode == OPT_REPLY && passin && - !app_passwd(passin, NULL, &password, NULL)) { + if (mode == OPT_REPLY && passin && !app_passwd(passin, NULL, &password, NULL)) { BIO_printf(bio_err, "Error getting password.\n"); goto end; } @@ -317,31 +337,31 @@ if ((data != NULL) && (digest != NULL)) goto opthelp; ret = !query_command(data, digest, md, policy, no_nonce, cert, - in, out, text); + in, out, text); } else if (mode == OPT_REPLY) { if (vpmtouched) goto opthelp; if ((in != NULL) && (queryfile != NULL)) goto opthelp; if (in == NULL) { - if ((conf == NULL) || (token_in != 0)) + if (conf == NULL || token_in != 0 || queryfile == NULL) goto opthelp; } ret = !reply_command(conf, section, engine, queryfile, - password, inkey, md, signer, chain, policy, - in, token_in, out, token_out, text); + password, inkey, md, signer, chain, policy, + in, token_in, out, token_out, text); } else if (mode == OPT_VERIFY) { if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest)) goto opthelp; ret = !verify_command(data, digest, queryfile, in, token_in, - CApath, CAfile, CAstore, untrusted, - vpmtouched ? vpm : NULL); + CApath, CAfile, CAstore, untrusted, + vpmtouched ? vpm : NULL); } else { goto opthelp; } - end: +end: X509_VERIFY_PARAM_free(vpm); EVP_MD_free(md); NCONF_free(conf); @@ -392,8 +412,8 @@ * Query-related method definitions. */ static int query_command(const char *data, const char *digest, const EVP_MD *md, - const char *policy, int no_nonce, - int cert, const char *in, const char *out, int text) + const char *policy, int no_nonce, + int cert, const char *in, const char *out, int text) { int ret = 0; TS_REQ *query = NULL; @@ -429,7 +449,7 @@ ret = 1; - end: +end: ERR_print_errors(bio_err); BIO_free_all(in_bio); BIO_free_all(data_bio); @@ -439,7 +459,7 @@ } static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md, - const char *policy, int no_nonce, int cert) + const char *policy, int no_nonce, int cert) { int ret = 0; TS_REQ *ts_req = NULL; @@ -487,7 +507,7 @@ goto err; ret = 1; - err: +err: if (!ret) { TS_REQ_free(ts_req); ts_req = NULL; @@ -503,7 +523,7 @@ } static int create_digest(BIO *input, const char *digest, const EVP_MD *md, - unsigned char **md_value) + unsigned char **md_value) { int md_value_len; int rv = 0; @@ -536,12 +556,13 @@ *md_value = OPENSSL_hexstr2buf(digest, &digest_len); if (*md_value == NULL || md_value_len != digest_len) { BIO_printf(bio_err, "bad digest, %d bytes " - "must be specified\n", md_value_len); + "must be specified\n", + md_value_len); goto err; } } rv = md_value_len; - err: +err: if (rv <= 0) { OPENSSL_free(*md_value); *md_value = NULL; @@ -574,7 +595,7 @@ memcpy(nonce->data, buf + i, nonce->length); return nonce; - err: +err: BIO_printf(bio_err, "could not create nonce\n"); ASN1_INTEGER_free(nonce); return NULL; @@ -585,10 +606,10 @@ */ static int reply_command(CONF *conf, const char *section, const char *engine, - const char *queryfile, const char *passin, const char *inkey, - const EVP_MD *md, const char *signer, const char *chain, - const char *policy, const char *in, int token_in, - const char *out, int token_out, int text) + const char *queryfile, const char *passin, const char *inkey, + const EVP_MD *md, const char *signer, const char *chain, + const char *policy, const char *in, int token_in, + const char *out, int token_out, int text) { int ret = 0; TS_RESP *response = NULL; @@ -608,7 +629,7 @@ } } else { response = create_response(conf, section, engine, queryfile, - passin, inkey, md, signer, chain, policy); + passin, inkey, md, signer, chain, policy); if (response != NULL) BIO_printf(bio_err, "Response has been generated.\n"); else @@ -620,7 +641,7 @@ /* Write response. */ if (text) { if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL) - goto end; + goto end; if (token_out) { TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); if (!TS_TST_INFO_print_bio(out_bio, tst_info)) @@ -644,7 +665,7 @@ ret = 1; - end: +end: ERR_print_errors(bio_err); BIO_free_all(in_bio); BIO_free_all(query_bio); @@ -677,11 +698,11 @@ if (!TS_RESP_set_status_info(resp, si)) goto end; TS_RESP_set_tst_info(resp, token, tst_info); - token = NULL; /* Ownership is lost. */ - tst_info = NULL; /* Ownership is lost. */ + token = NULL; /* Ownership is lost. */ + tst_info = NULL; /* Ownership is lost. */ ret = 1; - end: +end: PKCS7_free(token); TS_TST_INFO_free(tst_info); if (!ret) { @@ -693,9 +714,9 @@ } static TS_RESP *create_response(CONF *conf, const char *section, const char *engine, - const char *queryfile, const char *passin, - const char *inkey, const EVP_MD *md, const char *signer, - const char *chain, const char *policy) + const char *queryfile, const char *passin, + const char *inkey, const EVP_MD *md, const char *signer, + const char *chain, const char *policy) { int ret = 0; TS_RESP *response = NULL; @@ -725,7 +746,7 @@ if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md)) goto end; } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) { - goto end; + goto end; } if (!TS_CONF_set_ess_cert_id_digest(conf, section, resp_ctx)) @@ -750,7 +771,7 @@ goto end; ret = 1; - end: +end: if (!ret) { TS_RESP_free(response); response = NULL; @@ -767,8 +788,8 @@ if (serial == NULL) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Error during serial number " - "generation."); + "Error during serial number " + "generation."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE); } else { save_ts_serial(serial_file, serial); @@ -790,14 +811,15 @@ if ((in = BIO_new_file(serialfile, "r")) == NULL) { ERR_clear_error(); BIO_printf(bio_err, "Warning: could not open file %s for " - "reading, using serial number: 1\n", serialfile); + "reading, using serial number: 1\n", + serialfile); if (!ASN1_INTEGER_set(serial, 1)) goto err; } else { char buf[1024]; if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) { BIO_printf(bio_err, "unable to load number from %s\n", - serialfile); + serialfile); goto err; } if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL) @@ -811,7 +833,7 @@ } ret = 1; - err: +err: if (!ret) { ASN1_INTEGER_free(serial); serial = NULL; @@ -833,24 +855,23 @@ if (BIO_puts(out, "\n") <= 0) goto err; ret = 1; - err: +err: if (!ret) BIO_printf(bio_err, "could not save serial number to %s\n", - serialfile); + serialfile); BIO_free_all(out); return ret; } - /* * Verify-related method definitions. */ static int verify_command(const char *data, const char *digest, const char *queryfile, - const char *in, int token_in, - const char *CApath, const char *CAfile, - const char *CAstore, char *untrusted, - X509_VERIFY_PARAM *vpm) + const char *in, int token_in, + const char *CApath, const char *CAfile, + const char *CAstore, char *untrusted, + X509_VERIFY_PARAM *vpm) { BIO *in_bio = NULL; PKCS7 *token = NULL; @@ -869,15 +890,16 @@ } if ((verify_ctx = create_verify_ctx(data, digest, queryfile, - CApath, CAfile, CAstore, untrusted, - vpm)) == NULL) + CApath, CAfile, CAstore, untrusted, + vpm)) + == NULL) goto end; ret = token_in ? TS_RESP_verify_token(verify_ctx, token) : TS_RESP_verify_response(verify_ctx, response); - end: +end: printf("Verification: "); if (ret) printf("OK\n"); @@ -894,11 +916,11 @@ } static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, - const char *queryfile, - const char *CApath, const char *CAfile, - const char *CAstore, - char *untrusted, - X509_VERIFY_PARAM *vpm) + const char *queryfile, + const char *CApath, const char *CAfile, + const char *CAstore, + char *untrusted, + X509_VERIFY_PARAM *vpm) { TS_VERIFY_CTX *ctx = NULL; STACK_OF(X509) *certs; @@ -947,20 +969,20 @@ /* Initialising the X509_STORE object. */ if (TS_VERIFY_CTX_set_store(ctx, - create_cert_store(CApath, CAfile, CAstore, vpm)) - == NULL) + create_cert_store(CApath, CAfile, CAstore, vpm)) + == NULL) goto err; /* Loading any extra untrusted certificates. */ if (untrusted != NULL) { certs = load_certs_multifile(untrusted, NULL, "extra untrusted certs", - vpm); + vpm); if (certs == NULL || TS_VERIFY_CTX_set_certs(ctx, certs) == NULL) goto err; } ret = 1; - err: +err: if (!ret) { TS_VERIFY_CTX_free(ctx); ctx = NULL; @@ -971,7 +993,7 @@ } static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, - const char *CAstore, X509_VERIFY_PARAM *vpm) + const char *CAstore, X509_VERIFY_PARAM *vpm) { X509_STORE *cert_ctx = NULL; X509_LOOKUP *lookup = NULL; @@ -1003,7 +1025,8 @@ goto err; } if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, libctx, - propq) <= 0) { + propq) + <= 0) { BIO_printf(bio_err, "Error loading file %s\n", CAfile); goto err; } @@ -1026,7 +1049,7 @@ return cert_ctx; - err: +err: X509_STORE_free(cert_ctx); return NULL; } --- crypto/openssl/apps/verify.c.orig +++ crypto/openssl/apps/verify.c @@ -20,60 +20,71 @@ static int cb(int ok, X509_STORE_CTX *ctx); static int check(X509_STORE *ctx, const char *file, - STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, int show_chain, - STACK_OF(OPENSSL_STRING) *opts); + STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, + STACK_OF(X509_CRL) *crls, int show_chain, + STACK_OF(OPENSSL_STRING) *opts); static int v_verbose = 0, vflags = 0; typedef enum OPTION_choice { OPT_COMMON, - OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, - OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN, - OPT_V_ENUM, OPT_NAMEOPT, OPT_VFYOPT, + OPT_ENGINE, + OPT_CAPATH, + OPT_CAFILE, + OPT_CASTORE, + OPT_NOCAPATH, + OPT_NOCAFILE, + OPT_NOCASTORE, + OPT_UNTRUSTED, + OPT_TRUSTED, + OPT_CRLFILE, + OPT_CRL_DOWNLOAD, + OPT_SHOW_CHAIN, + OPT_V_ENUM, + OPT_NAMEOPT, + OPT_VFYOPT, OPT_VERBOSE, OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS verify_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - {"verbose", OPT_VERBOSE, '-', - "Print extra information about the operations being performed."}, - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, + { "verbose", OPT_VERBOSE, '-', + "Print extra information about the operations being performed." }, + { "nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options" }, OPT_SECTION("Certificate chain"), - {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"}, - {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"}, - {"CApath", OPT_CAPATH, '/', "A directory of files with trusted certificates"}, - {"CAstore", OPT_CASTORE, ':', "URI to a store of trusted certificates"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default trusted certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load trusted certificates from the default directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load trusted certificates from the default certificates store"}, - {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"}, - {"CRLfile", OPT_CRLFILE, '<', - "File containing one or more CRL's (in PEM format) to load"}, - {"crl_download", OPT_CRL_DOWNLOAD, '-', - "Try downloading CRL information for certificates via their CDP entries"}, - {"show_chain", OPT_SHOW_CHAIN, '-', - "Display information about the certificate chain"}, + { "trusted", OPT_TRUSTED, '<', "A file of trusted certificates" }, + { "CAfile", OPT_CAFILE, '<', "A file of trusted certificates" }, + { "CApath", OPT_CAPATH, '/', "A directory of files with trusted certificates" }, + { "CAstore", OPT_CASTORE, ':', "URI to a store of trusted certificates" }, + { "no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default trusted certificates file" }, + { "no-CApath", OPT_NOCAPATH, '-', + "Do not load trusted certificates from the default directory" }, + { "no-CAstore", OPT_NOCASTORE, '-', + "Do not load trusted certificates from the default certificates store" }, + { "untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates" }, + { "CRLfile", OPT_CRLFILE, '<', + "File containing one or more CRL's (in PEM format) to load" }, + { "crl_download", OPT_CRL_DOWNLOAD, '-', + "Try downloading CRL information for certificates via their CDP entries" }, + { "show_chain", OPT_SHOW_CHAIN, '-', + "Display information about the certificate chain" }, OPT_V_OPTIONS, - {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"}, + { "vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form" }, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"cert", 0, 0, "Certificate(s) to verify (optional; stdin used otherwise)"}, - {NULL} + { "cert", 0, 0, "Certificate(s) to verify (optional; stdin used otherwise)" }, + { NULL } }; int verify_main(int argc, char **argv) @@ -97,7 +108,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -107,8 +118,8 @@ X509_PURPOSE *ptmp = X509_PURPOSE_get0(i); BIO_printf(bio_err, " %-15s %s\n", - X509_PURPOSE_get0_sname(ptmp), - X509_PURPOSE_get0_name(ptmp)); + X509_PURPOSE_get0_sname(ptmp), + X509_PURPOSE_get0_name(ptmp)); } BIO_printf(bio_err, "Recognized certificate policy names:\n"); @@ -116,7 +127,7 @@ const X509_VERIFY_PARAM *vptmp = X509_VERIFY_PARAM_get0(i); BIO_printf(bio_err, " %s\n", - X509_VERIFY_PARAM_get0_name(vptmp)); + X509_VERIFY_PARAM_get0_name(vptmp)); } ret = 0; goto end; @@ -146,7 +157,7 @@ case OPT_UNTRUSTED: /* Zero or more times */ if (!load_certs(opt_arg(), 0, &untrusted, NULL, - "untrusted certificates")) + "untrusted certificates")) goto end; break; case OPT_TRUSTED: @@ -201,13 +212,14 @@ if (trusted != NULL && (CAfile != NULL || CApath != NULL || CAstore != NULL)) { BIO_printf(bio_err, - "%s: Cannot use -trusted with -CAfile, -CApath or -CAstore\n", - prog); + "%s: Cannot use -trusted with -CAfile, -CApath or -CAstore\n", + prog); goto end; } if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) == NULL) + CAstore, noCAstore)) + == NULL) goto end; X509_STORE_set_verify_cb(store, cb); @@ -222,16 +234,18 @@ ret = 0; if (argc < 1) { if (check(store, NULL, untrusted, trusted, crls, show_chain, - vfyopts) != 1) + vfyopts) + != 1) ret = -1; } else { for (i = 0; i < argc; i++) if (check(store, argv[i], untrusted, trusted, crls, show_chain, - vfyopts) != 1) + vfyopts) + != 1) ret = -1; } - end: +end: X509_VERIFY_PARAM_free(vpm); X509_STORE_free(store); sk_X509_pop_free(untrusted, X509_free); @@ -243,9 +257,9 @@ } static int check(X509_STORE *ctx, const char *file, - STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, int show_chain, - STACK_OF(OPENSSL_STRING) *opts) + STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, + STACK_OF(X509_CRL) *crls, int show_chain, + STACK_OF(OPENSSL_STRING) *opts) { X509 *x = NULL; int i = 0, ret = 0; @@ -272,7 +286,7 @@ csc = X509_STORE_CTX_new(); if (csc == NULL) { BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n", - (file == NULL) ? "stdin" : file); + (file == NULL) ? "stdin" : file); goto end; } @@ -280,8 +294,8 @@ if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { X509_STORE_CTX_free(csc); BIO_printf(bio_err, - "error %s: X.509 store context initialization failed\n", - (file == NULL) ? "stdin" : file); + "error %s: X.509 store context initialization failed\n", + (file == NULL) ? "stdin" : file); goto end; } if (tchain != NULL) @@ -302,8 +316,8 @@ X509 *cert = sk_X509_value(chain, j); BIO_printf(bio_out, "depth=%d: ", j); X509_NAME_print_ex_fp(stdout, - X509_get_subject_name(cert), - 0, get_nameopt()); + X509_get_subject_name(cert), + 0, get_nameopt()); if (j < num_untrusted) BIO_printf(bio_out, " (untrusted)"); BIO_printf(bio_out, "\n"); @@ -312,12 +326,12 @@ } } else { BIO_printf(bio_err, - "error %s: verification failed\n", - (file == NULL) ? "stdin" : file); + "error %s: verification failed\n", + (file == NULL) ? "stdin" : file); } X509_STORE_CTX_free(csc); - end: +end: if (i <= 0) ERR_print_errors(bio_err); X509_free(x); @@ -333,15 +347,15 @@ if (!ok) { if (current_cert != NULL) { X509_NAME_print_ex(bio_err, - X509_get_subject_name(current_cert), - 0, get_nameopt()); + X509_get_subject_name(current_cert), + 0, get_nameopt()); BIO_printf(bio_err, "\n"); } BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n", - X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "", - cert_error, - X509_STORE_CTX_get_error_depth(ctx), - X509_verify_cert_error_string(cert_error)); + X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "", + cert_error, + X509_STORE_CTX_get_error_depth(ctx), + X509_verify_cert_error_string(cert_error)); /* * Pretend that some errors are ok, so they don't stop further @@ -383,7 +397,6 @@ ok = 1; } return ok; - } if (cert_error == X509_V_OK && ok == 2) policies_print(ctx); --- crypto/openssl/apps/version.c.orig +++ crypto/openssl/apps/version.c @@ -18,26 +18,36 @@ typedef enum OPTION_choice { OPT_COMMON, - OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C + OPT_B, + OPT_D, + OPT_E, + OPT_M, + OPT_F, + OPT_O, + OPT_P, + OPT_V, + OPT_A, + OPT_R, + OPT_C } OPTION_CHOICE; const OPTIONS version_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, + { "help", OPT_HELP, '-', "Display this summary" }, OPT_SECTION("Output"), - {"a", OPT_A, '-', "Show all data"}, - {"b", OPT_B, '-', "Show build date"}, - {"d", OPT_D, '-', "Show configuration directory"}, - {"e", OPT_E, '-', "Show engines directory"}, - {"m", OPT_M, '-', "Show modules directory"}, - {"f", OPT_F, '-', "Show compiler flags used"}, - {"o", OPT_O, '-', "Show some internal datatype options"}, - {"p", OPT_P, '-', "Show target build platform"}, - {"r", OPT_R, '-', "Show random seeding options"}, - {"v", OPT_V, '-', "Show library version"}, - {"c", OPT_C, '-', "Show CPU settings info"}, - {NULL} + { "a", OPT_A, '-', "Show all data" }, + { "b", OPT_B, '-', "Show build date" }, + { "d", OPT_D, '-', "Show configuration directory" }, + { "e", OPT_E, '-', "Show engines directory" }, + { "m", OPT_M, '-', "Show modules directory" }, + { "f", OPT_F, '-', "Show compiler flags used" }, + { "o", OPT_O, '-', "Show some internal datatype options" }, + { "p", OPT_P, '-', "Show target build platform" }, + { "r", OPT_R, '-', "Show random seeding options" }, + { "v", OPT_V, '-', "Show library version" }, + { "c", OPT_C, '-', "Show CPU settings info" }, + { NULL } }; int version_main(int argc, char **argv) @@ -53,7 +63,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: -opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -108,7 +118,7 @@ if (version) printf("%s (Library: %s)\n", - OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION)); + OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION)); if (date) printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON)); if (platform) @@ -133,19 +143,18 @@ if (cpuinfo) printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO)); ret = 0; - end: +end: return ret; } - #if defined(__TANDEM) && defined(OPENSSL_VPROC) /* * Define a VPROC function for the openssl program. * This is used by platform version identification tools. * Do not inline this procedure or make it static. */ -# define OPENSSL_VPROC_STRING_(x) x##_OPENSSL -# define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) -# define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) -void OPENSSL_VPROC_FUNC(void) {} +#define OPENSSL_VPROC_STRING_(x) x##_OPENSSL +#define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) +#define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) +void OPENSSL_VPROC_FUNC(void) { } #endif --- crypto/openssl/apps/vms_decc_init.c.orig +++ crypto/openssl/apps/vms_decc_init.c @@ -7,9 +7,8 @@ * https://www.openssl.org/source/license.html */ -#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \ - defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000) -# define USE_DECC_INIT 1 +#if defined(__VMS) && !defined(OPENSSL_NO_DECC_INIT) && defined(__DECC) && !defined(__VAX) && (__CRTL_VER >= 70301000) +#define USE_DECC_INIT 1 #endif #ifdef USE_DECC_INIT @@ -21,9 +20,9 @@ * ---------------------------------------------------------------------- */ -# include -# include -# include +#include +#include +#include /* Global storage. */ @@ -45,22 +44,21 @@ decc_feat_t decc_feat_array[] = { /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */ - {"DECC$ARGV_PARSE_STYLE", 1}, + { "DECC$ARGV_PARSE_STYLE", 1 }, /* Preserve case for file names on ODS5 disks. */ - {"DECC$EFS_CASE_PRESERVE", 1}, + { "DECC$EFS_CASE_PRESERVE", 1 }, /* * Enable multiple dots (and most characters) in ODS5 file names, while * preserving VMS-ness of ";version". */ - {"DECC$EFS_CHARSET", 1}, + { "DECC$EFS_CHARSET", 1 }, /* List terminator. */ - {(char *)NULL, 0} + { (char *)NULL, 0 } }; - /* LIB$INITIALIZE initialization function. */ static void decc_init(void) @@ -98,31 +96,30 @@ feat_value_max = decc$feature_get_value(feat_index, 3); /* Check the validity of our desired value. */ - if ((decc_feat_array[i].value >= feat_value_min) && - (decc_feat_array[i].value <= feat_value_max)) { + if ((decc_feat_array[i].value >= feat_value_min) && (decc_feat_array[i].value <= feat_value_max)) { /* Valid value. Set it if necessary. */ if (feat_value != decc_feat_array[i].value) { sts = decc$feature_set_value(feat_index, - 1, decc_feat_array[i].value); + 1, decc_feat_array[i].value); if (verbose > 1) { fprintf(stderr, " %s = %d, sts = %d.\n", - decc_feat_array[i].name, - decc_feat_array[i].value, sts); + decc_feat_array[i].name, + decc_feat_array[i].value, sts); } } } else { /* Invalid DECC feature value. */ fprintf(stderr, - " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n", - feat_value, - feat_value_min, decc_feat_array[i].name, - feat_value_max); + " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n", + feat_value, + feat_value_min, decc_feat_array[i].name, + feat_value_max); } } else { /* Invalid DECC feature name. */ fprintf(stderr, - " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name); + " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name); } } @@ -133,44 +130,44 @@ /* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */ -# pragma nostandard +#pragma nostandard /* * Establish the LIB$INITIALIZE PSECTs, with proper alignment and other * attributes. Note that "nopic" is significant only on VAX. */ -# pragma extern_model save +#pragma extern_model save -# if __INITIAL_POINTER_SIZE == 64 -# define PSECT_ALIGN 3 -# else -# define PSECT_ALIGN 2 -# endif +#if __INITIAL_POINTER_SIZE == 64 +#define PSECT_ALIGN 3 +#else +#define PSECT_ALIGN 2 +#endif -# pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt +#pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt const int spare[8] = { 0 }; -# pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt -void (*const x_decc_init) () = decc_init; +#pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt +void (*const x_decc_init)() = decc_init; -# pragma extern_model restore +#pragma extern_model restore /* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */ -# pragma extern_model save +#pragma extern_model save int LIB$INITIALIZE(void); -# pragma extern_model strict_refdef +#pragma extern_model strict_refdef int dmy_lib$initialize = (int)LIB$INITIALIZE; -# pragma extern_model restore +#pragma extern_model restore -# pragma standard +#pragma standard -#else /* def USE_DECC_INIT */ +#else /* def USE_DECC_INIT */ /* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */ int decc_init_dummy(void); -#endif /* def USE_DECC_INIT */ +#endif /* def USE_DECC_INIT */ --- crypto/openssl/apps/x509.c.orig +++ crypto/openssl/apps/x509.c @@ -23,161 +23,216 @@ #include #include #ifndef OPENSSL_NO_DSA -# include +#include #endif #undef POSTFIX #define POSTFIX ".srl" -#define DEFAULT_DAYS 30 /* default cert validity period in days */ -#define UNSET_DAYS -2 /* -1 is used for testing expiration checks */ -#define EXT_COPY_UNSET -1 +#define DEFAULT_DAYS 30 /* default cert validity period in days */ +#define UNSET_DAYS -2 /* -1 is used for testing expiration checks */ +#define EXT_COPY_UNSET -1 static int callb(int ok, X509_STORE_CTX *ctx); static ASN1_INTEGER *x509_load_serial(const char *CAfile, - const char *serialfile, int create); + const char *serialfile, int create); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names); typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM, - OPT_CAKEYFORM, OPT_VFYOPT, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE, - OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_KEY, OPT_SIGNKEY, OPT_CA, OPT_CAKEY, - OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ, - OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_DATEOPT, OPT_NAMEOPT, - OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL, - OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH, - OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES, - OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST, - OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST, - OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID, - OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, OPT_COPY_EXTENSIONS, - OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES, - OPT_R_ENUM, OPT_PROV_ENUM, OPT_EXT + OPT_INFORM, + OPT_OUTFORM, + OPT_KEYFORM, + OPT_REQ, + OPT_CAFORM, + OPT_CAKEYFORM, + OPT_VFYOPT, + OPT_SIGOPT, + OPT_DAYS, + OPT_PASSIN, + OPT_EXTFILE, + OPT_EXTENSIONS, + OPT_IN, + OPT_OUT, + OPT_KEY, + OPT_SIGNKEY, + OPT_CA, + OPT_CAKEY, + OPT_CASERIAL, + OPT_SET_SERIAL, + OPT_NEW, + OPT_FORCE_PUBKEY, + OPT_SUBJ, + OPT_ADDTRUST, + OPT_ADDREJECT, + OPT_SETALIAS, + OPT_CERTOPT, + OPT_DATEOPT, + OPT_NAMEOPT, + OPT_EMAIL, + OPT_OCSP_URI, + OPT_SERIAL, + OPT_NEXT_SERIAL, + OPT_MODULUS, + OPT_PUBKEY, + OPT_X509TOREQ, + OPT_TEXT, + OPT_HASH, + OPT_ISSUER_HASH, + OPT_SUBJECT, + OPT_ISSUER, + OPT_FINGERPRINT, + OPT_DATES, + OPT_PURPOSE, + OPT_STARTDATE, + OPT_ENDDATE, + OPT_CHECKEND, + OPT_CHECKHOST, + OPT_CHECKEMAIL, + OPT_CHECKIP, + OPT_NOOUT, + OPT_TRUSTOUT, + OPT_CLRTRUST, + OPT_CLRREJECT, + OPT_ALIAS, + OPT_CACREATESERIAL, + OPT_CLREXT, + OPT_OCSPID, + OPT_SUBJECT_HASH_OLD, + OPT_ISSUER_HASH_OLD, + OPT_COPY_EXTENSIONS, + OPT_BADSIG, + OPT_MD, + OPT_ENGINE, + OPT_NOCERT, + OPT_PRESERVE_DATES, + OPT_R_ENUM, + OPT_PROV_ENUM, + OPT_EXT } OPTION_CHOICE; const OPTIONS x509_options[] = { OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - {"in", OPT_IN, '<', - "Certificate input, or CSR input file with -req (default stdin)"}, - {"passin", OPT_PASSIN, 's', "Private key and cert file pass-phrase source"}, - {"new", OPT_NEW, '-', "Generate a certificate from scratch"}, - {"x509toreq", OPT_X509TOREQ, '-', - "Output a certification request (rather than a certificate)"}, - {"req", OPT_REQ, '-', "Input is a CSR file (rather than a certificate)"}, - {"copy_extensions", OPT_COPY_EXTENSIONS, 's', - "copy extensions when converting from CSR to x509 or vice versa"}, - {"inform", OPT_INFORM, 'f', - "CSR input file format (DER or PEM) - default PEM"}, - {"vfyopt", OPT_VFYOPT, 's', "CSR verification parameter in n:v form"}, - {"key", OPT_KEY, 's', - "Key for signing, and to include unless using -force_pubkey"}, - {"signkey", OPT_SIGNKEY, 's', - "Same as -key"}, - {"keyform", OPT_KEYFORM, 'E', - "Key input format (ENGINE, other values ignored)"}, - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"outform", OPT_OUTFORM, 'f', - "Output format (DER or PEM) - default PEM"}, - {"nocert", OPT_NOCERT, '-', - "No cert output (except for requested printing)"}, - {"noout", OPT_NOOUT, '-', "No output (except for requested printing)"}, + { "help", OPT_HELP, '-', "Display this summary" }, + + { "in", OPT_IN, '<', + "Certificate input, or CSR input file with -req (default stdin)" }, + { "passin", OPT_PASSIN, 's', "Private key and cert file pass-phrase source" }, + { "new", OPT_NEW, '-', "Generate a certificate from scratch" }, + { "x509toreq", OPT_X509TOREQ, '-', + "Output a certification request (rather than a certificate)" }, + { "req", OPT_REQ, '-', "Input is a CSR file (rather than a certificate)" }, + { "copy_extensions", OPT_COPY_EXTENSIONS, 's', + "copy extensions when converting from CSR to x509 or vice versa" }, + { "inform", OPT_INFORM, 'f', + "CSR input file format (DER or PEM) - default PEM" }, + { "vfyopt", OPT_VFYOPT, 's', "CSR verification parameter in n:v form" }, + { "key", OPT_KEY, 's', + "Key for signing, and to include unless using -force_pubkey" }, + { "signkey", OPT_SIGNKEY, 's', + "Same as -key" }, + { "keyform", OPT_KEYFORM, 'E', + "Key input format (ENGINE, other values ignored)" }, + { "out", OPT_OUT, '>', "Output file - default stdout" }, + { "outform", OPT_OUTFORM, 'f', + "Output format (DER or PEM) - default PEM" }, + { "nocert", OPT_NOCERT, '-', + "No cert output (except for requested printing)" }, + { "noout", OPT_NOOUT, '-', "No output (except for requested printing)" }, OPT_SECTION("Certificate printing"), - {"text", OPT_TEXT, '-', "Print the certificate in text form"}, - {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, - {"certopt", OPT_CERTOPT, 's', "Various certificate text printing options"}, - {"fingerprint", OPT_FINGERPRINT, '-', "Print the certificate fingerprint"}, - {"alias", OPT_ALIAS, '-', "Print certificate alias"}, - {"serial", OPT_SERIAL, '-', "Print serial number value"}, - {"startdate", OPT_STARTDATE, '-', "Print the notBefore field"}, - {"enddate", OPT_ENDDATE, '-', "Print the notAfter field"}, - {"dates", OPT_DATES, '-', "Print both notBefore and notAfter fields"}, - {"subject", OPT_SUBJECT, '-', "Print subject DN"}, - {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, - {"nameopt", OPT_NAMEOPT, 's', - "Certificate subject/issuer name printing options"}, - {"email", OPT_EMAIL, '-', "Print email address(es)"}, - {"hash", OPT_HASH, '-', "Synonym for -subject_hash (for backward compat)"}, - {"subject_hash", OPT_HASH, '-', "Print subject hash value"}, + { "text", OPT_TEXT, '-', "Print the certificate in text form" }, + { "dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822." }, + { "certopt", OPT_CERTOPT, 's', "Various certificate text printing options" }, + { "fingerprint", OPT_FINGERPRINT, '-', "Print the certificate fingerprint" }, + { "alias", OPT_ALIAS, '-', "Print certificate alias" }, + { "serial", OPT_SERIAL, '-', "Print serial number value" }, + { "startdate", OPT_STARTDATE, '-', "Print the notBefore field" }, + { "enddate", OPT_ENDDATE, '-', "Print the notAfter field" }, + { "dates", OPT_DATES, '-', "Print both notBefore and notAfter fields" }, + { "subject", OPT_SUBJECT, '-', "Print subject DN" }, + { "issuer", OPT_ISSUER, '-', "Print issuer DN" }, + { "nameopt", OPT_NAMEOPT, 's', + "Certificate subject/issuer name printing options" }, + { "email", OPT_EMAIL, '-', "Print email address(es)" }, + { "hash", OPT_HASH, '-', "Synonym for -subject_hash (for backward compat)" }, + { "subject_hash", OPT_HASH, '-', "Print subject hash value" }, #ifndef OPENSSL_NO_MD5 - {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) subject hash value"}, + { "subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', + "Print old-style (MD5) subject hash value" }, #endif - {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"}, + { "issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value" }, #ifndef OPENSSL_NO_MD5 - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, + { "issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value" }, #endif - {"ext", OPT_EXT, 's', - "Restrict which X.509 extensions to print and/or copy"}, - {"ocspid", OPT_OCSPID, '-', - "Print OCSP hash values for the subject name and public key"}, - {"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"}, - {"purpose", OPT_PURPOSE, '-', "Print out certificate purposes"}, - {"pubkey", OPT_PUBKEY, '-', "Print the public key in PEM format"}, - {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, + { "ext", OPT_EXT, 's', + "Restrict which X.509 extensions to print and/or copy" }, + { "ocspid", OPT_OCSPID, '-', + "Print OCSP hash values for the subject name and public key" }, + { "ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)" }, + { "purpose", OPT_PURPOSE, '-', "Print out certificate purposes" }, + { "pubkey", OPT_PUBKEY, '-', "Print the public key in PEM format" }, + { "modulus", OPT_MODULUS, '-', "Print the RSA key modulus" }, OPT_SECTION("Certificate checking"), - {"checkend", OPT_CHECKEND, 'M', - "Check whether cert expires in the next arg seconds"}, - {OPT_MORE_STR, 1, 1, "Exit 1 (failure) if so, 0 if not"}, - {"checkhost", OPT_CHECKHOST, 's', "Check certificate matches host"}, - {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"}, - {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, + { "checkend", OPT_CHECKEND, 'M', + "Check whether cert expires in the next arg seconds" }, + { OPT_MORE_STR, 1, 1, "Exit 1 (failure) if so, 0 if not" }, + { "checkhost", OPT_CHECKHOST, 's', "Check certificate matches host" }, + { "checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email" }, + { "checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr" }, OPT_SECTION("Certificate output"), - {"set_serial", OPT_SET_SERIAL, 's', - "Serial number to use, overrides -CAserial"}, - {"next_serial", OPT_NEXT_SERIAL, '-', - "Increment current certificate serial number"}, - {"days", OPT_DAYS, 'n', - "Number of days until newly generated certificate expires - default 30"}, - {"preserve_dates", OPT_PRESERVE_DATES, '-', - "Preserve existing validity dates"}, - {"subj", OPT_SUBJ, 's', "Set or override certificate subject (and issuer)"}, - {"force_pubkey", OPT_FORCE_PUBKEY, '<', - "Place the given key in new certificate"}, - {"clrext", OPT_CLREXT, '-', - "Do not take over any extensions from the source certificate or request"}, - {"extfile", OPT_EXTFILE, '<', "Config file with X509V3 extensions to add"}, - {"extensions", OPT_EXTENSIONS, 's', - "Section of extfile to use - default: unnamed section"}, - {"sigopt", OPT_SIGOPT, 's', "Signature parameter, in n:v form"}, - {"badsig", OPT_BADSIG, '-', - "Corrupt last byte of certificate signature (for test)"}, - {"", OPT_MD, '-', "Any supported digest, used for signing and printing"}, + { "set_serial", OPT_SET_SERIAL, 's', + "Serial number to use, overrides -CAserial" }, + { "next_serial", OPT_NEXT_SERIAL, '-', + "Increment current certificate serial number" }, + { "days", OPT_DAYS, 'n', + "Number of days until newly generated certificate expires - default 30" }, + { "preserve_dates", OPT_PRESERVE_DATES, '-', + "Preserve existing validity dates" }, + { "subj", OPT_SUBJ, 's', "Set or override certificate subject (and issuer)" }, + { "force_pubkey", OPT_FORCE_PUBKEY, '<', + "Place the given key in new certificate" }, + { "clrext", OPT_CLREXT, '-', + "Do not take over any extensions from the source certificate or request" }, + { "extfile", OPT_EXTFILE, '<', "Config file with X509V3 extensions to add" }, + { "extensions", OPT_EXTENSIONS, 's', + "Section of extfile to use - default: unnamed section" }, + { "sigopt", OPT_SIGOPT, 's', "Signature parameter, in n:v form" }, + { "badsig", OPT_BADSIG, '-', + "Corrupt last byte of certificate signature (for test)" }, + { "", OPT_MD, '-', "Any supported digest, used for signing and printing" }, OPT_SECTION("Micro-CA"), - {"CA", OPT_CA, '<', - "Use the given CA certificate, conflicts with -key"}, - {"CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect"}, - {"CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg"}, - {"CAkeyform", OPT_CAKEYFORM, 'E', - "CA key format (ENGINE, other values ignored)"}, - {"CAserial", OPT_CASERIAL, 's', - "File that keeps track of CA-generated serial number"}, - {"CAcreateserial", OPT_CACREATESERIAL, '-', - "Create CA serial number file if it does not exist"}, + { "CA", OPT_CA, '<', + "Use the given CA certificate, conflicts with -key" }, + { "CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect" }, + { "CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg" }, + { "CAkeyform", OPT_CAKEYFORM, 'E', + "CA key format (ENGINE, other values ignored)" }, + { "CAserial", OPT_CASERIAL, 's', + "File that keeps track of CA-generated serial number" }, + { "CAcreateserial", OPT_CACREATESERIAL, '-', + "Create CA serial number file if it does not exist" }, OPT_SECTION("Certificate trust output"), - {"trustout", OPT_TRUSTOUT, '-', "Mark certificate PEM output as trusted"}, - {"setalias", OPT_SETALIAS, 's', "Set certificate alias (nickname)"}, - {"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"}, - {"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"}, - {"clrreject", OPT_CLRREJECT, '-', - "Clears all the prohibited or rejected uses of the certificate"}, - {"addreject", OPT_ADDREJECT, 's', - "Reject certificate for a given purpose"}, + { "trustout", OPT_TRUSTOUT, '-', "Mark certificate PEM output as trusted" }, + { "setalias", OPT_SETALIAS, 's', "Set certificate alias (nickname)" }, + { "clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes" }, + { "addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose" }, + { "clrreject", OPT_CLRREJECT, '-', + "Clears all the prohibited or rejected uses of the certificate" }, + { "addreject", OPT_ADDREJECT, 's', + "Reject certificate for a given purpose" }, OPT_R_OPTIONS, #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif OPT_PROV_OPTIONS, - {NULL} + { NULL } }; static void warn_copying(ASN1_OBJECT *excluded, const char *names) @@ -186,8 +241,8 @@ if (names != NULL && strstr(names, sn) != NULL) BIO_printf(bio_err, - "Warning: -ext should not specify copying %s extension to CSR; ignoring this\n", - sn); + "Warning: -ext should not specify copying %s extension to CSR; ignoring this\n", + sn); } static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names) @@ -215,13 +270,13 @@ ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex); if (OBJ_cmp(obj, skid) != 0 && OBJ_cmp(obj, akid) != 0 - && !sk_X509_EXTENSION_push(exts, ex)) + && !sk_X509_EXTENSION_push(exts, ex)) goto err; } if (sk_X509_EXTENSION_num(exts) > 0) { if (ext_copy != EXT_COPY_UNSET && ext_copy != EXT_COPY_NONE - && !X509_REQ_add_extensions(req, exts)) { + && !X509_REQ_add_extensions(req, exts)) { BIO_printf(bio_err, "Error copying extensions from certificate\n"); goto err; } @@ -229,7 +284,7 @@ sk_X509_EXTENSION_free(exts); return req; - err: +err: sk_X509_EXTENSION_free(exts); X509_REQ_free(req); return NULL; @@ -307,7 +362,7 @@ switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -347,14 +402,14 @@ case OPT_DATEOPT: if (!set_dateopt(&dateopt, opt_arg())) { BIO_printf(bio_err, - "Invalid date format: %s\n", opt_arg()); + "Invalid date format: %s\n", opt_arg()); goto end; } break; case OPT_COPY_EXTENSIONS: if (!set_ext_copy(&ext_copy, opt_arg())) { BIO_printf(bio_err, - "Invalid extension copy option: %s\n", opt_arg()); + "Invalid extension copy option: %s\n", opt_arg()); goto end; } break; @@ -375,7 +430,7 @@ days = atoi(opt_arg()); if (days < -1) { BIO_printf(bio_err, "%s: -days parameter arg must be >= -1\n", - prog); + prog); goto end; } break; @@ -431,7 +486,7 @@ goto end; if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) { BIO_printf(bio_err, "%s: Invalid trust object value %s\n", - prog, opt_arg()); + prog, opt_arg()); goto opthelp; } sk_ASN1_OBJECT_push(trust, objtmp); @@ -442,7 +497,7 @@ goto end; if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) { BIO_printf(bio_err, "%s: Invalid reject object value %s\n", - prog, opt_arg()); + prog, opt_arg()); goto opthelp; } sk_ASN1_OBJECT_push(reject, objtmp); @@ -570,7 +625,7 @@ checkoffset = (time_t)temp; if ((ossl_intmax_t)checkoffset != temp) { BIO_printf(bio_err, "%s: Checkend time out of range %s\n", - prog, opt_arg()); + prog, opt_arg()); goto opthelp; } } @@ -614,7 +669,7 @@ } if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(), - app_get0_propq())) + app_get0_propq())) goto end; if (newcert && infile != NULL) { @@ -623,7 +678,7 @@ } if (newcert && reqfile) { BIO_printf(bio_err, - "The -req option cannot be used with -new\n"); + "The -req option cannot be used with -new\n"); goto end; } if (privkeyfile != NULL) { @@ -633,24 +688,25 @@ } if (pubkeyfile != NULL) { if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e, - "explicitly set public key")) == NULL) + "explicitly set public key")) + == NULL) goto end; } if (newcert) { if (subj == NULL) { BIO_printf(bio_err, - "The -new option requires a subject to be set using -subj\n"); + "The -new option requires a subject to be set using -subj\n"); goto end; } if (privkeyfile == NULL && pubkeyfile == NULL) { BIO_printf(bio_err, - "The -new option requires using the -key or -force_pubkey option\n"); + "The -new option requires using the -key or -force_pubkey option\n"); goto end; } } if (subj != NULL - && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL) + && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL) goto end; if (CAkeyfile == NULL) @@ -662,7 +718,7 @@ } } else { #define WARN_NO_CA(opt) BIO_printf(bio_err, \ - "Warning: ignoring " opt " option since -CA option is not given\n"); + "Warning: ignoring " opt " option since -CA option is not given\n"); if (CAkeyfile != NULL) WARN_NO_CA("-CAkey"); if (CAkeyformat != FORMAT_UNDEF) @@ -678,7 +734,7 @@ if (extfile == NULL) { if (extsect != NULL) BIO_printf(bio_err, - "Warning: ignoring -extensions option without -extfile\n"); + "Warning: ignoring -extensions option without -extfile\n"); } else { X509V3_CTX ctx2; @@ -695,7 +751,7 @@ X509V3_set_nconf(&ctx2, extconf); if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { BIO_printf(bio_err, - "Error checking extension section %s\n", extsect); + "Error checking extension section %s\n", extsect); goto end; } } @@ -711,9 +767,7 @@ } i = do_X509_REQ_verify(req, pkey, vfyopts); if (i <= 0) { - BIO_printf(bio_err, i < 0 - ? "Error while verifying certificate request self-signature\n" - : "Certificate request self-signature did not match the contents\n"); + BIO_printf(bio_err, i < 0 ? "Error while verifying certificate request self-signature\n" : "Certificate request self-signature did not match the contents\n"); goto end; } BIO_printf(bio_err, "Certificate request self-signature ok\n"); @@ -726,11 +780,11 @@ if (reqfile || newcert) { if (preserve_dates) BIO_printf(bio_err, - "Warning: ignoring -preserve_dates option with -req or -new\n"); + "Warning: ignoring -preserve_dates option with -req or -new\n"); preserve_dates = 0; if (privkeyfile == NULL && CAkeyfile == NULL) { BIO_printf(bio_err, - "We need a private key to sign with, use -key or -CAkey or -CA with private key\n"); + "We need a private key to sign with, use -key or -CAkey or -CA with private key\n"); goto end; } if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) @@ -755,13 +809,11 @@ goto end; } if ((fsubj != NULL || req != NULL) - && !X509_set_subject_name(x, fsubj != NULL ? fsubj : - X509_REQ_get_subject_name(req))) + && !X509_set_subject_name(x, fsubj != NULL ? fsubj : X509_REQ_get_subject_name(req))) goto end; if ((pubkey != NULL || privkey != NULL || req != NULL) - && !X509_set_pubkey(x, pubkey != NULL ? pubkey : - privkey != NULL ? privkey : - X509_REQ_get0_pubkey(req))) + && !X509_set_pubkey(x, pubkey != NULL ? pubkey : privkey != NULL ? privkey + : X509_REQ_get0_pubkey(req))) goto end; if (CAfile != NULL) { @@ -836,7 +888,7 @@ X509V3_set_nconf(&ext_ctx, extconf); if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) { BIO_printf(bio_err, - "Error adding extensions from section %s\n", extsect); + "Error adding extensions from section %s\n", extsect); goto end; } } @@ -864,7 +916,7 @@ X509V3_set_nconf(&ext_ctx, extconf); if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) { BIO_printf(bio_err, - "Error adding request extensions from section %s\n", extsect); + "Error adding request extensions from section %s\n", extsect); goto end; } } @@ -879,7 +931,7 @@ } if (!i) { BIO_printf(bio_err, - "Unable to write certificate request\n"); + "Unable to write certificate request\n"); goto end; } } @@ -889,11 +941,12 @@ goto end; } else if (CAfile != NULL) { if ((CAkey = load_key(CAkeyfile, CAkeyformat, - 0, passin, e, "CA private key")) == NULL) + 0, passin, e, "CA private key")) + == NULL) goto end; if (!X509_check_private_key(xca, CAkey)) { BIO_printf(bio_err, - "CA certificate and CA private key do not match\n"); + "CA certificate and CA private key do not match\n"); goto end; } @@ -924,7 +977,7 @@ if (bnser == NULL) goto end; if (!BN_add_word(bnser, 1) - || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) { + || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) { BN_free(bnser); goto end; } @@ -933,8 +986,7 @@ ASN1_INTEGER_free(ser); BIO_puts(out, "\n"); } else if (i == email || i == ocsp_uri) { - STACK_OF(OPENSSL_STRING) *emlst = - i == email ? X509_get1_email(x) : X509_get1_ocsp(x); + STACK_OF(OPENSSL_STRING) *emlst = i == email ? X509_get1_email(x) : X509_get1_ocsp(x); for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) BIO_printf(out, "%s\n", sk_OPENSSL_STRING_value(emlst, j)); @@ -1005,7 +1057,8 @@ fdigname = "SHA1"; if ((fdig = EVP_MD_fetch(app_get0_libctx(), fdigname, - app_get0_propq())) == NULL) { + app_get0_propq())) + == NULL) { BIO_printf(bio_err, "Unknown digest\n"); goto end; } @@ -1061,7 +1114,7 @@ } ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); NCONF_free(extconf); @@ -1086,7 +1139,7 @@ } static ASN1_INTEGER *x509_load_serial(const char *CAfile, - const char *serialfile, int create) + const char *serialfile, int create) { char *buf = NULL; ASN1_INTEGER *bs = NULL; @@ -1118,7 +1171,7 @@ else bs = BN_to_ASN1_INTEGER(serial, NULL); - end: +end: OPENSSL_free(buf); BN_free(serial); return bs; @@ -1144,15 +1197,15 @@ */ if (ok) { BIO_printf(bio_err, - "Error with certificate to be certified - should be self-signed\n"); + "Error with certificate to be certified - should be self-signed\n"); return 0; } else { err_cert = X509_STORE_CTX_get_current_cert(ctx); print_name(bio_err, "subject=", X509_get_subject_name(err_cert)); BIO_printf(bio_err, - "Error with certificate - error %d at depth %d\n%s\n", err, - X509_STORE_CTX_get_error_depth(ctx), - X509_verify_cert_error_string(err)); + "Error with certificate - error %d at depth %d\n%s\n", err, + X509_STORE_CTX_get_error_depth(ctx), + X509_verify_cert_error_string(err)); return 1; } } @@ -1259,7 +1312,7 @@ } ret = X509V3_extensions_print(bio, NULL, exts2, 0, 0); - end: +end: sk_X509_EXTENSION_free(exts2); OPENSSL_free(names); OPENSSL_free(tmp_ext_names); --- crypto/openssl/configdata.pm.in.orig +++ crypto/openssl/configdata.pm.in @@ -20,7 +20,7 @@ # Unix form /VOLUME/DIR1/DIR2/FILE, which is what VMS perl supports # for 'use lib'. - # Start with spliting the native path + # Start with splitting the native path (my $vol, my $dirs, my $file) = File::Spec->splitpath($path); my @dirs = File::Spec->splitdir($dirs); @@ -89,7 +89,7 @@ if (scalar @ARGV == 0) { # With no arguments, re-create the build file # We do that in two steps, where the first step emits perl - # snipets. + # snippets. my $buildfile = $config{build_file}; my $buildfile_template = "$buildfile.in"; --- crypto/openssl/crypto/LPdir_nyi.c.orig +++ crypto/openssl/crypto/LPdir_nyi.c @@ -37,7 +37,7 @@ */ #ifndef LPDIR_H -# include "LPdir.h" +#include "LPdir.h" #endif struct LP_dir_context_st { --- crypto/openssl/crypto/LPdir_unix.c.orig +++ crypto/openssl/crypto/LPdir_unix.c @@ -44,10 +44,10 @@ #include #include #ifndef LPDIR_H -# include "LPdir.h" +#include "LPdir.h" #endif #ifdef __VMS -# include +#include #endif /* @@ -57,9 +57,9 @@ * if it doesn't exist, use NAME_MAX. */ #if defined(PATH_MAX) -# define LP_ENTRY_SIZE PATH_MAX +#define LP_ENTRY_SIZE PATH_MAX #elif defined(NAME_MAX) -# define LP_ENTRY_SIZE NAME_MAX +#define LP_ENTRY_SIZE NAME_MAX #endif /* @@ -68,9 +68,9 @@ * small value (HP-UX offers 14), so we need to check if we got a result, and * if it meets a minimum standard, and create or change it if not. */ -#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255 -# undef LP_ENTRY_SIZE -# define LP_ENTRY_SIZE 255 +#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE < 255 +#undef LP_ENTRY_SIZE +#define LP_ENTRY_SIZE 255 #endif struct LP_dir_context_st { @@ -121,9 +121,9 @@ #ifdef __VMS strncpy((*ctx)->previous_entry_name, (*ctx)->entry_name, - sizeof((*ctx)->previous_entry_name)); + sizeof((*ctx)->previous_entry_name)); - again: +again: #endif direntry = readdir((*ctx)->dir); @@ -132,7 +132,7 @@ } OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name, - sizeof((*ctx)->entry_name)); + sizeof((*ctx)->entry_name)); #ifdef __VMS if ((*ctx)->expect_file_generations) { char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); @@ -142,7 +142,8 @@ if (p > (*ctx)->entry_name && p[-1] == ';') p[-1] = '\0'; if (OPENSSL_strcasecmp((*ctx)->entry_name, - (*ctx)->previous_entry_name) == 0) + (*ctx)->previous_entry_name) + == 0) goto again; } #endif --- crypto/openssl/crypto/LPdir_vms.c.orig +++ crypto/openssl/crypto/LPdir_vms.c @@ -49,13 +49,13 @@ #include #include #ifndef LPDIR_H -# include "LPdir.h" +#include "LPdir.h" #endif #include "vms_rms.h" /* Some compiler options hide EVMSERR. */ #ifndef EVMSERR -# define EVMSERR 65535 /* error for non-translatable VMS errors */ +#define EVMSERR 65535 /* error for non-translatable VMS errors */ #endif struct LP_dir_context_st { @@ -75,12 +75,12 @@ /* Arrange 32-bit pointer to (copied) string storage, if needed. */ #if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 +#pragma pointer_size save +#pragma pointer_size 32 char *ctx_filespec_32p; -# pragma pointer_size restore +#pragma pointer_size restore char ctx_filespec_32[NAMX_MAXRSS + 1]; -#endif /* __INITIAL_POINTER_SIZE == 64 */ +#endif /* __INITIAL_POINTER_SIZE == 64 */ #ifdef NAML$C_MAXRSS flags |= LIB$M_FIL_LONG_NAMES; @@ -109,7 +109,7 @@ return 0; } - filespeclen += 4; /* "*.*;" */ + filespeclen += 4; /* "*.*;" */ if (filespeclen > NAMX_MAXRSS) { errno = ENAMETOOLONG; @@ -128,13 +128,13 @@ /* Arrange 32-bit pointer to (copied) string storage, if needed. */ #if __INITIAL_POINTER_SIZE == 64 -# define CTX_FILESPEC ctx_filespec_32p +#define CTX_FILESPEC ctx_filespec_32p /* Copy the file name to storage with a 32-bit pointer. */ ctx_filespec_32p = ctx_filespec_32; strcpy(ctx_filespec_32p, (*ctx)->filespec); -#else /* __INITIAL_POINTER_SIZE == 64 */ -# define CTX_FILESPEC (*ctx)->filespec -#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#else /* __INITIAL_POINTER_SIZE == 64 */ +#define CTX_FILESPEC (*ctx)->filespec +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ (*ctx)->filespec_dsc.dsc$w_length = filespeclen; (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T; @@ -148,7 +148,7 @@ (*ctx)->result_dsc.dsc$a_pointer = 0; status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc, - &(*ctx)->VMS_context, 0, 0, 0, &flags); + &(*ctx)->VMS_context, 0, 0, 0, &flags); if (status == RMS$_NMF) { errno = 0; --- crypto/openssl/crypto/LPdir_win.c.orig +++ crypto/openssl/crypto/LPdir_win.c @@ -40,7 +40,7 @@ #include #include "internal/numbers.h" #ifndef LPDIR_H -# include "LPdir.h" +#include "LPdir.h" #endif /* @@ -49,20 +49,20 @@ * builds are compiled with -DUNICODE [as well as -D_UNICODE]. */ #if defined(LP_SYS_WINCE) && !defined(FindFirstFile) -# define FindFirstFile FindFirstFileW +#define FindFirstFile FindFirstFileW #endif #if defined(LP_SYS_WINCE) && !defined(FindNextFile) -# define FindNextFile FindNextFileW +#define FindNextFile FindNextFileW #endif #ifndef NAME_MAX -# define NAME_MAX 255 +#define NAME_MAX 255 #endif #ifdef CP_UTF8 -# define CP_DEFAULT CP_UTF8 +#define CP_DEFAULT CP_UTF8 #else -# define CP_DEFAULT CP_ACP +#define CP_DEFAULT CP_ACP #endif struct LP_dir_context_st { @@ -103,16 +103,17 @@ UINT cp; do { -# ifdef CP_UTF8 +#ifdef CP_UTF8 if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0, - directory, len_0, - NULL, 0)) > 0 || - GetLastError() != ERROR_NO_UNICODE_TRANSLATION) + directory, len_0, + NULL, 0)) + > 0 + || GetLastError() != ERROR_NO_UNICODE_TRANSLATION) break; -# endif +#endif sz = MultiByteToWideChar((cp = CP_ACP), 0, - directory, len_0, - NULL, 0); + directory, len_0, + NULL, 0); } while (0); if (sz > 0) { @@ -122,7 +123,7 @@ */ wdir = _alloca((sz + 2) * sizeof(TCHAR)); if (!MultiByteToWideChar(cp, 0, directory, len_0, - (WCHAR *)wdir, sz)) { + (WCHAR *)wdir, sz)) { free(*ctx); *ctx = NULL; errno = EINVAL; @@ -187,14 +188,14 @@ #ifdef LP_MULTIBYTE_AVAILABLE if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0, - (*ctx)->entry_name, - sizeof((*ctx)->entry_name), NULL, 0)) + (*ctx)->entry_name, + sizeof((*ctx)->entry_name), NULL, 0)) #endif for (index = 0; index < len_0; index++) (*ctx)->entry_name[index] = (char)wdir[index]; } else strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName, - sizeof((*ctx)->entry_name) - 1); + sizeof((*ctx)->entry_name) - 1); (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; --- crypto/openssl/crypto/LPdir_win32.c.orig +++ crypto/openssl/crypto/LPdir_win32.c @@ -38,4 +38,6 @@ #define LP_SYS_WIN32 #define LP_MULTIBYTE_AVAILABLE +/* clang-format off */ #include "LPdir_win.c" +/* clang-format on */ --- crypto/openssl/crypto/LPdir_wince.c.orig +++ crypto/openssl/crypto/LPdir_wince.c @@ -41,4 +41,6 @@ * We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently under * investigation what the exact conditions would be */ +/* clang-format off */ #include "LPdir_win.c" +/* clang-format on */ --- crypto/openssl/crypto/aes/aes_cbc.c.orig +++ crypto/openssl/crypto/aes/aes_cbc.c @@ -18,14 +18,14 @@ #include void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int enc) + size_t len, const AES_KEY *key, + unsigned char *ivec, const int enc) { if (enc) CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f) AES_encrypt); + (block128_f)AES_encrypt); else CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f) AES_decrypt); + (block128_f)AES_decrypt); } --- crypto/openssl/crypto/aes/aes_cfb.c.orig +++ crypto/openssl/crypto/aes/aes_cfb.c @@ -23,27 +23,27 @@ */ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) AES_encrypt); + (block128_f)AES_encrypt); } /* N.B. This expects the input to be packed, MS bit first */ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) AES_encrypt); + (block128_f)AES_encrypt); } void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) AES_encrypt); + (block128_f)AES_encrypt); } --- crypto/openssl/crypto/aes/aes_core.c.orig +++ crypto/openssl/crypto/aes/aes_core.c @@ -52,13 +52,13 @@ #if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define U64(C) C##UI64 -# elif defined(__arch64__) -# define U64(C) C##UL -# else -# define U64(C) C##ULL -# endif +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +#define U64(C) C##UI64 +#elif defined(__arch64__) +#define U64(C) C##UL +#else +#define U64(C) C##ULL +#endif typedef union { unsigned char b[8]; @@ -430,14 +430,14 @@ s0 = (unsigned char *)state; for (r = 0; r < 4; r++) { - s[0] = s0[0*4 + r]; - s[1] = s0[1*4 + r]; - s[2] = s0[2*4 + r]; - s[3] = s0[3*4 + r]; - s0[0*4 + r] = s[(r+0) % 4]; - s0[1*4 + r] = s[(r+1) % 4]; - s0[2*4 + r] = s[(r+2) % 4]; - s0[3*4 + r] = s[(r+3) % 4]; + s[0] = s0[0 * 4 + r]; + s[1] = s0[1 * 4 + r]; + s[2] = s0[2 * 4 + r]; + s[3] = s0[3 * 4 + r]; + s0[0 * 4 + r] = s[(r + 0) % 4]; + s0[1 * 4 + r] = s[(r + 1) % 4]; + s0[2 * 4 + r] = s[(r + 2) % 4]; + s0[3 * 4 + r] = s[(r + 3) % 4]; } } @@ -449,14 +449,14 @@ s0 = (unsigned char *)state; for (r = 0; r < 4; r++) { - s[0] = s0[0*4 + r]; - s[1] = s0[1*4 + r]; - s[2] = s0[2*4 + r]; - s[3] = s0[3*4 + r]; - s0[0*4 + r] = s[(4-r) % 4]; - s0[1*4 + r] = s[(5-r) % 4]; - s0[2*4 + r] = s[(6-r) % 4]; - s0[3*4 + r] = s[(7-r) % 4]; + s[0] = s0[0 * 4 + r]; + s[1] = s0[1 * 4 + r]; + s[2] = s0[2 * 4 + r]; + s[3] = s0[3 * 4 + r]; + s0[0 * 4 + r] = s[(4 - r) % 4]; + s0[1 * 4 + r] = s[(5 - r) % 4]; + s0[2 * 4 + r] = s[(6 - r) % 4]; + s0[3 * 4 + r] = s[(7 - r) % 4]; } } @@ -470,9 +470,9 @@ s1.d = state[c]; s.d = s1.d; s.d ^= ((s.d & U64(0xFFFF0000FFFF0000)) >> 16) - | ((s.d & U64(0x0000FFFF0000FFFF)) << 16); + | ((s.d & U64(0x0000FFFF0000FFFF)) << 16); s.d ^= ((s.d & U64(0xFF00FF00FF00FF00)) >> 8) - | ((s.d & U64(0x00FF00FF00FF00FF)) << 8); + | ((s.d & U64(0x00FF00FF00FF00FF)) << 8); s.d ^= s1.d; XtimeLong(&s1.d); s.d ^= s1.d; @@ -498,9 +498,9 @@ s1.d = state[c]; s.d = s1.d; s.d ^= ((s.d & U64(0xFFFF0000FFFF0000)) >> 16) - | ((s.d & U64(0x0000FFFF0000FFFF)) << 16); + | ((s.d & U64(0x0000FFFF0000FFFF)) << 16); s.d ^= ((s.d & U64(0xFF00FF00FF00FF00)) >> 8) - | ((s.d & U64(0x00FF00FF00FF00FF)) << 8); + | ((s.d & U64(0x00FF00FF00FF00FF)) << 8); s.d ^= s1.d; XtimeLong(&s1.d); s.d ^= s1.d; @@ -514,11 +514,11 @@ s.b[7] ^= s1.b[4]; XtimeLong(&s1.d); s1.d ^= ((s1.d & U64(0xFFFF0000FFFF0000)) >> 16) - | ((s1.d & U64(0x0000FFFF0000FFFF)) << 16); + | ((s1.d & U64(0x0000FFFF0000FFFF)) << 16); s.d ^= s1.d; XtimeLong(&s1.d); s1.d ^= ((s1.d & U64(0xFF00FF00FF00FF00)) >> 8) - | ((s1.d & U64(0x00FF00FF00FF00FF)) << 8); + | ((s1.d & U64(0x00FF00FF00FF00FF)) << 8); s.d ^= s1.d; state[c] = s.d; } @@ -531,7 +531,7 @@ } static void Cipher(const unsigned char *in, unsigned char *out, - const u64 *w, int nr) + const u64 *w, int nr) { u64 state[2]; int i; @@ -545,19 +545,19 @@ SubLong(&state[1]); ShiftRows(state); MixColumns(state); - AddRoundKey(state, w + i*2); + AddRoundKey(state, w + i * 2); } SubLong(&state[0]); SubLong(&state[1]); ShiftRows(state); - AddRoundKey(state, w + nr*2); + AddRoundKey(state, w + nr * 2); memcpy(out, state, 16); } static void InvCipher(const unsigned char *in, unsigned char *out, - const u64 *w, int nr) + const u64 *w, int nr) { u64 state[2]; @@ -565,13 +565,13 @@ memcpy(state, in, 16); - AddRoundKey(state, w + nr*2); + AddRoundKey(state, w + nr * 2); for (i = nr - 1; i > 0; i--) { InvShiftRows(state); InvSubLong(&state[0]); InvSubLong(&state[1]); - AddRoundKey(state, w + i*2); + AddRoundKey(state, w + i * 2); InvMixColumns(state); } @@ -597,18 +597,18 @@ } static void KeyExpansion(const unsigned char *key, u64 *w, - int nr, int nk) + int nr, int nk) { u32 rcon; uni prev; u32 temp; int i, n; - memcpy(w, key, nk*4); + memcpy(w, key, nk * 4); memcpy(&rcon, "\1\0\0\0", 4); - n = nk/2; - prev.d = w[n-1]; - for (i = n; i < (nr+1)*2; i++) { + n = nk / 2; + prev.d = w[n - 1]; + for (i = n; i < (nr + 1) * 2; i++) { temp = prev.w[1]; if (i % n == 0) { RotWord(&temp); @@ -618,7 +618,7 @@ } else if (nk > 6 && i % n == 2) { SubWord(&temp); } - prev.d = w[i-n]; + prev.d = w[i - n]; prev.w[0] ^= temp; prev.w[1] ^= prev.w[0]; w[i] = prev.d; @@ -629,7 +629,7 @@ * Expand the cipher key into the encryption key schedule. */ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) + AES_KEY *key) { u64 *rk; @@ -638,7 +638,7 @@ if (bits != 128 && bits != 192 && bits != 256) return -2; - rk = (u64*)key->rd_key; + rk = (u64 *)key->rd_key; if (bits == 128) key->rounds = 10; @@ -647,7 +647,7 @@ else key->rounds = 14; - KeyExpansion(userKey, rk, key->rounds, bits/32); + KeyExpansion(userKey, rk, key->rounds, bits / 32); return 0; } @@ -655,7 +655,7 @@ * Expand the cipher key into the decryption key schedule. */ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) + AES_KEY *key) { return AES_set_encrypt_key(userKey, bits, key); } @@ -665,12 +665,12 @@ * in and out can overlap */ void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) + const AES_KEY *key) { const u64 *rk; assert(in && out && key); - rk = (u64*)key->rd_key; + rk = (u64 *)key->rd_key; Cipher(in, out, rk, key->rounds); } @@ -680,12 +680,12 @@ * in and out can overlap */ void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) + const AES_KEY *key) { const u64 *rk; assert(in && out && key); - rk = (u64*)key->rd_key; + rk = (u64 *)key->rd_key; InvCipher(in, out, rk, key->rounds); } @@ -704,579 +704,2346 @@ */ static const u32 Te0[256] = { - 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, - 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, - 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, - 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, - 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, - 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, - 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, - 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, - 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, - 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, - 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, - 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, - 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, - 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, - 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, - 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, - 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, - 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, - 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, - 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, - 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, - 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, - 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, - 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, - 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, - 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, - 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, - 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, - 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, - 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, - 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, - 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, - 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, - 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, - 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, - 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, - 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, - 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, - 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, - 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, - 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, - 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, - 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, - 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, - 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, - 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, - 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, - 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, - 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, - 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, - 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, - 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, - 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, - 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, - 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, - 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, - 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, - 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, - 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, - 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, - 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, - 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, - 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, - 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, + 0xc66363a5U, + 0xf87c7c84U, + 0xee777799U, + 0xf67b7b8dU, + 0xfff2f20dU, + 0xd66b6bbdU, + 0xde6f6fb1U, + 0x91c5c554U, + 0x60303050U, + 0x02010103U, + 0xce6767a9U, + 0x562b2b7dU, + 0xe7fefe19U, + 0xb5d7d762U, + 0x4dababe6U, + 0xec76769aU, + 0x8fcaca45U, + 0x1f82829dU, + 0x89c9c940U, + 0xfa7d7d87U, + 0xeffafa15U, + 0xb25959ebU, + 0x8e4747c9U, + 0xfbf0f00bU, + 0x41adadecU, + 0xb3d4d467U, + 0x5fa2a2fdU, + 0x45afafeaU, + 0x239c9cbfU, + 0x53a4a4f7U, + 0xe4727296U, + 0x9bc0c05bU, + 0x75b7b7c2U, + 0xe1fdfd1cU, + 0x3d9393aeU, + 0x4c26266aU, + 0x6c36365aU, + 0x7e3f3f41U, + 0xf5f7f702U, + 0x83cccc4fU, + 0x6834345cU, + 0x51a5a5f4U, + 0xd1e5e534U, + 0xf9f1f108U, + 0xe2717193U, + 0xabd8d873U, + 0x62313153U, + 0x2a15153fU, + 0x0804040cU, + 0x95c7c752U, + 0x46232365U, + 0x9dc3c35eU, + 0x30181828U, + 0x379696a1U, + 0x0a05050fU, + 0x2f9a9ab5U, + 0x0e070709U, + 0x24121236U, + 0x1b80809bU, + 0xdfe2e23dU, + 0xcdebeb26U, + 0x4e272769U, + 0x7fb2b2cdU, + 0xea75759fU, + 0x1209091bU, + 0x1d83839eU, + 0x582c2c74U, + 0x341a1a2eU, + 0x361b1b2dU, + 0xdc6e6eb2U, + 0xb45a5aeeU, + 0x5ba0a0fbU, + 0xa45252f6U, + 0x763b3b4dU, + 0xb7d6d661U, + 0x7db3b3ceU, + 0x5229297bU, + 0xdde3e33eU, + 0x5e2f2f71U, + 0x13848497U, + 0xa65353f5U, + 0xb9d1d168U, + 0x00000000U, + 0xc1eded2cU, + 0x40202060U, + 0xe3fcfc1fU, + 0x79b1b1c8U, + 0xb65b5bedU, + 0xd46a6abeU, + 0x8dcbcb46U, + 0x67bebed9U, + 0x7239394bU, + 0x944a4adeU, + 0x984c4cd4U, + 0xb05858e8U, + 0x85cfcf4aU, + 0xbbd0d06bU, + 0xc5efef2aU, + 0x4faaaae5U, + 0xedfbfb16U, + 0x864343c5U, + 0x9a4d4dd7U, + 0x66333355U, + 0x11858594U, + 0x8a4545cfU, + 0xe9f9f910U, + 0x04020206U, + 0xfe7f7f81U, + 0xa05050f0U, + 0x783c3c44U, + 0x259f9fbaU, + 0x4ba8a8e3U, + 0xa25151f3U, + 0x5da3a3feU, + 0x804040c0U, + 0x058f8f8aU, + 0x3f9292adU, + 0x219d9dbcU, + 0x70383848U, + 0xf1f5f504U, + 0x63bcbcdfU, + 0x77b6b6c1U, + 0xafdada75U, + 0x42212163U, + 0x20101030U, + 0xe5ffff1aU, + 0xfdf3f30eU, + 0xbfd2d26dU, + 0x81cdcd4cU, + 0x180c0c14U, + 0x26131335U, + 0xc3ecec2fU, + 0xbe5f5fe1U, + 0x359797a2U, + 0x884444ccU, + 0x2e171739U, + 0x93c4c457U, + 0x55a7a7f2U, + 0xfc7e7e82U, + 0x7a3d3d47U, + 0xc86464acU, + 0xba5d5de7U, + 0x3219192bU, + 0xe6737395U, + 0xc06060a0U, + 0x19818198U, + 0x9e4f4fd1U, + 0xa3dcdc7fU, + 0x44222266U, + 0x542a2a7eU, + 0x3b9090abU, + 0x0b888883U, + 0x8c4646caU, + 0xc7eeee29U, + 0x6bb8b8d3U, + 0x2814143cU, + 0xa7dede79U, + 0xbc5e5ee2U, + 0x160b0b1dU, + 0xaddbdb76U, + 0xdbe0e03bU, + 0x64323256U, + 0x743a3a4eU, + 0x140a0a1eU, + 0x924949dbU, + 0x0c06060aU, + 0x4824246cU, + 0xb85c5ce4U, + 0x9fc2c25dU, + 0xbdd3d36eU, + 0x43acacefU, + 0xc46262a6U, + 0x399191a8U, + 0x319595a4U, + 0xd3e4e437U, + 0xf279798bU, + 0xd5e7e732U, + 0x8bc8c843U, + 0x6e373759U, + 0xda6d6db7U, + 0x018d8d8cU, + 0xb1d5d564U, + 0x9c4e4ed2U, + 0x49a9a9e0U, + 0xd86c6cb4U, + 0xac5656faU, + 0xf3f4f407U, + 0xcfeaea25U, + 0xca6565afU, + 0xf47a7a8eU, + 0x47aeaee9U, + 0x10080818U, + 0x6fbabad5U, + 0xf0787888U, + 0x4a25256fU, + 0x5c2e2e72U, + 0x381c1c24U, + 0x57a6a6f1U, + 0x73b4b4c7U, + 0x97c6c651U, + 0xcbe8e823U, + 0xa1dddd7cU, + 0xe874749cU, + 0x3e1f1f21U, + 0x964b4bddU, + 0x61bdbddcU, + 0x0d8b8b86U, + 0x0f8a8a85U, + 0xe0707090U, + 0x7c3e3e42U, + 0x71b5b5c4U, + 0xcc6666aaU, + 0x904848d8U, + 0x06030305U, + 0xf7f6f601U, + 0x1c0e0e12U, + 0xc26161a3U, + 0x6a35355fU, + 0xae5757f9U, + 0x69b9b9d0U, + 0x17868691U, + 0x99c1c158U, + 0x3a1d1d27U, + 0x279e9eb9U, + 0xd9e1e138U, + 0xebf8f813U, + 0x2b9898b3U, + 0x22111133U, + 0xd26969bbU, + 0xa9d9d970U, + 0x078e8e89U, + 0x339494a7U, + 0x2d9b9bb6U, + 0x3c1e1e22U, + 0x15878792U, + 0xc9e9e920U, + 0x87cece49U, + 0xaa5555ffU, + 0x50282878U, + 0xa5dfdf7aU, + 0x038c8c8fU, + 0x59a1a1f8U, + 0x09898980U, + 0x1a0d0d17U, + 0x65bfbfdaU, + 0xd7e6e631U, + 0x844242c6U, + 0xd06868b8U, + 0x824141c3U, + 0x299999b0U, + 0x5a2d2d77U, + 0x1e0f0f11U, + 0x7bb0b0cbU, + 0xa85454fcU, + 0x6dbbbbd6U, + 0x2c16163aU, }; static const u32 Te1[256] = { - 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, - 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, - 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, - 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, - 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, - 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, - 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, - 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, - 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, - 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, - 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, - 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, - 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, - 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, - 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, - 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, - 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, - 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, - 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, - 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, - 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, - 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, - 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, - 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, - 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, - 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, - 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, - 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, - 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, - 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, - 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, - 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, - 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, - 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, - 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, - 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, - 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, - 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, - 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, - 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, - 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, - 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, - 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, - 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, - 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, - 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, - 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, - 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, - 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, - 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, - 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, - 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, - 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, - 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, - 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, - 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, - 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, - 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, - 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, - 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, - 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, - 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, - 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, - 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, + 0xa5c66363U, + 0x84f87c7cU, + 0x99ee7777U, + 0x8df67b7bU, + 0x0dfff2f2U, + 0xbdd66b6bU, + 0xb1de6f6fU, + 0x5491c5c5U, + 0x50603030U, + 0x03020101U, + 0xa9ce6767U, + 0x7d562b2bU, + 0x19e7fefeU, + 0x62b5d7d7U, + 0xe64dababU, + 0x9aec7676U, + 0x458fcacaU, + 0x9d1f8282U, + 0x4089c9c9U, + 0x87fa7d7dU, + 0x15effafaU, + 0xebb25959U, + 0xc98e4747U, + 0x0bfbf0f0U, + 0xec41adadU, + 0x67b3d4d4U, + 0xfd5fa2a2U, + 0xea45afafU, + 0xbf239c9cU, + 0xf753a4a4U, + 0x96e47272U, + 0x5b9bc0c0U, + 0xc275b7b7U, + 0x1ce1fdfdU, + 0xae3d9393U, + 0x6a4c2626U, + 0x5a6c3636U, + 0x417e3f3fU, + 0x02f5f7f7U, + 0x4f83ccccU, + 0x5c683434U, + 0xf451a5a5U, + 0x34d1e5e5U, + 0x08f9f1f1U, + 0x93e27171U, + 0x73abd8d8U, + 0x53623131U, + 0x3f2a1515U, + 0x0c080404U, + 0x5295c7c7U, + 0x65462323U, + 0x5e9dc3c3U, + 0x28301818U, + 0xa1379696U, + 0x0f0a0505U, + 0xb52f9a9aU, + 0x090e0707U, + 0x36241212U, + 0x9b1b8080U, + 0x3ddfe2e2U, + 0x26cdebebU, + 0x694e2727U, + 0xcd7fb2b2U, + 0x9fea7575U, + 0x1b120909U, + 0x9e1d8383U, + 0x74582c2cU, + 0x2e341a1aU, + 0x2d361b1bU, + 0xb2dc6e6eU, + 0xeeb45a5aU, + 0xfb5ba0a0U, + 0xf6a45252U, + 0x4d763b3bU, + 0x61b7d6d6U, + 0xce7db3b3U, + 0x7b522929U, + 0x3edde3e3U, + 0x715e2f2fU, + 0x97138484U, + 0xf5a65353U, + 0x68b9d1d1U, + 0x00000000U, + 0x2cc1ededU, + 0x60402020U, + 0x1fe3fcfcU, + 0xc879b1b1U, + 0xedb65b5bU, + 0xbed46a6aU, + 0x468dcbcbU, + 0xd967bebeU, + 0x4b723939U, + 0xde944a4aU, + 0xd4984c4cU, + 0xe8b05858U, + 0x4a85cfcfU, + 0x6bbbd0d0U, + 0x2ac5efefU, + 0xe54faaaaU, + 0x16edfbfbU, + 0xc5864343U, + 0xd79a4d4dU, + 0x55663333U, + 0x94118585U, + 0xcf8a4545U, + 0x10e9f9f9U, + 0x06040202U, + 0x81fe7f7fU, + 0xf0a05050U, + 0x44783c3cU, + 0xba259f9fU, + 0xe34ba8a8U, + 0xf3a25151U, + 0xfe5da3a3U, + 0xc0804040U, + 0x8a058f8fU, + 0xad3f9292U, + 0xbc219d9dU, + 0x48703838U, + 0x04f1f5f5U, + 0xdf63bcbcU, + 0xc177b6b6U, + 0x75afdadaU, + 0x63422121U, + 0x30201010U, + 0x1ae5ffffU, + 0x0efdf3f3U, + 0x6dbfd2d2U, + 0x4c81cdcdU, + 0x14180c0cU, + 0x35261313U, + 0x2fc3ececU, + 0xe1be5f5fU, + 0xa2359797U, + 0xcc884444U, + 0x392e1717U, + 0x5793c4c4U, + 0xf255a7a7U, + 0x82fc7e7eU, + 0x477a3d3dU, + 0xacc86464U, + 0xe7ba5d5dU, + 0x2b321919U, + 0x95e67373U, + 0xa0c06060U, + 0x98198181U, + 0xd19e4f4fU, + 0x7fa3dcdcU, + 0x66442222U, + 0x7e542a2aU, + 0xab3b9090U, + 0x830b8888U, + 0xca8c4646U, + 0x29c7eeeeU, + 0xd36bb8b8U, + 0x3c281414U, + 0x79a7dedeU, + 0xe2bc5e5eU, + 0x1d160b0bU, + 0x76addbdbU, + 0x3bdbe0e0U, + 0x56643232U, + 0x4e743a3aU, + 0x1e140a0aU, + 0xdb924949U, + 0x0a0c0606U, + 0x6c482424U, + 0xe4b85c5cU, + 0x5d9fc2c2U, + 0x6ebdd3d3U, + 0xef43acacU, + 0xa6c46262U, + 0xa8399191U, + 0xa4319595U, + 0x37d3e4e4U, + 0x8bf27979U, + 0x32d5e7e7U, + 0x438bc8c8U, + 0x596e3737U, + 0xb7da6d6dU, + 0x8c018d8dU, + 0x64b1d5d5U, + 0xd29c4e4eU, + 0xe049a9a9U, + 0xb4d86c6cU, + 0xfaac5656U, + 0x07f3f4f4U, + 0x25cfeaeaU, + 0xafca6565U, + 0x8ef47a7aU, + 0xe947aeaeU, + 0x18100808U, + 0xd56fbabaU, + 0x88f07878U, + 0x6f4a2525U, + 0x725c2e2eU, + 0x24381c1cU, + 0xf157a6a6U, + 0xc773b4b4U, + 0x5197c6c6U, + 0x23cbe8e8U, + 0x7ca1ddddU, + 0x9ce87474U, + 0x213e1f1fU, + 0xdd964b4bU, + 0xdc61bdbdU, + 0x860d8b8bU, + 0x850f8a8aU, + 0x90e07070U, + 0x427c3e3eU, + 0xc471b5b5U, + 0xaacc6666U, + 0xd8904848U, + 0x05060303U, + 0x01f7f6f6U, + 0x121c0e0eU, + 0xa3c26161U, + 0x5f6a3535U, + 0xf9ae5757U, + 0xd069b9b9U, + 0x91178686U, + 0x5899c1c1U, + 0x273a1d1dU, + 0xb9279e9eU, + 0x38d9e1e1U, + 0x13ebf8f8U, + 0xb32b9898U, + 0x33221111U, + 0xbbd26969U, + 0x70a9d9d9U, + 0x89078e8eU, + 0xa7339494U, + 0xb62d9b9bU, + 0x223c1e1eU, + 0x92158787U, + 0x20c9e9e9U, + 0x4987ceceU, + 0xffaa5555U, + 0x78502828U, + 0x7aa5dfdfU, + 0x8f038c8cU, + 0xf859a1a1U, + 0x80098989U, + 0x171a0d0dU, + 0xda65bfbfU, + 0x31d7e6e6U, + 0xc6844242U, + 0xb8d06868U, + 0xc3824141U, + 0xb0299999U, + 0x775a2d2dU, + 0x111e0f0fU, + 0xcb7bb0b0U, + 0xfca85454U, + 0xd66dbbbbU, + 0x3a2c1616U, }; static const u32 Te2[256] = { - 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, - 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, - 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, - 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, - 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, - 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, - 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, - 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, - 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, - 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, - 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, - 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, - 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, - 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, - 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, - 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, - 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, - 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, - 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, - 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, - 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, - 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, - 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, - 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, - 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, - 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, - 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, - 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, - 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, - 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, - 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, - 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, - 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, - 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, - 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, - 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, - 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, - 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, - 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, - 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, - 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, - 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, - 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, - 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, - 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, - 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, - 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, - 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, - 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, - 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, - 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, - 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, - 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, - 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, - 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, - 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, - 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, - 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, - 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, - 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, - 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, - 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, - 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, - 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, + 0x63a5c663U, + 0x7c84f87cU, + 0x7799ee77U, + 0x7b8df67bU, + 0xf20dfff2U, + 0x6bbdd66bU, + 0x6fb1de6fU, + 0xc55491c5U, + 0x30506030U, + 0x01030201U, + 0x67a9ce67U, + 0x2b7d562bU, + 0xfe19e7feU, + 0xd762b5d7U, + 0xabe64dabU, + 0x769aec76U, + 0xca458fcaU, + 0x829d1f82U, + 0xc94089c9U, + 0x7d87fa7dU, + 0xfa15effaU, + 0x59ebb259U, + 0x47c98e47U, + 0xf00bfbf0U, + 0xadec41adU, + 0xd467b3d4U, + 0xa2fd5fa2U, + 0xafea45afU, + 0x9cbf239cU, + 0xa4f753a4U, + 0x7296e472U, + 0xc05b9bc0U, + 0xb7c275b7U, + 0xfd1ce1fdU, + 0x93ae3d93U, + 0x266a4c26U, + 0x365a6c36U, + 0x3f417e3fU, + 0xf702f5f7U, + 0xcc4f83ccU, + 0x345c6834U, + 0xa5f451a5U, + 0xe534d1e5U, + 0xf108f9f1U, + 0x7193e271U, + 0xd873abd8U, + 0x31536231U, + 0x153f2a15U, + 0x040c0804U, + 0xc75295c7U, + 0x23654623U, + 0xc35e9dc3U, + 0x18283018U, + 0x96a13796U, + 0x050f0a05U, + 0x9ab52f9aU, + 0x07090e07U, + 0x12362412U, + 0x809b1b80U, + 0xe23ddfe2U, + 0xeb26cdebU, + 0x27694e27U, + 0xb2cd7fb2U, + 0x759fea75U, + 0x091b1209U, + 0x839e1d83U, + 0x2c74582cU, + 0x1a2e341aU, + 0x1b2d361bU, + 0x6eb2dc6eU, + 0x5aeeb45aU, + 0xa0fb5ba0U, + 0x52f6a452U, + 0x3b4d763bU, + 0xd661b7d6U, + 0xb3ce7db3U, + 0x297b5229U, + 0xe33edde3U, + 0x2f715e2fU, + 0x84971384U, + 0x53f5a653U, + 0xd168b9d1U, + 0x00000000U, + 0xed2cc1edU, + 0x20604020U, + 0xfc1fe3fcU, + 0xb1c879b1U, + 0x5bedb65bU, + 0x6abed46aU, + 0xcb468dcbU, + 0xbed967beU, + 0x394b7239U, + 0x4ade944aU, + 0x4cd4984cU, + 0x58e8b058U, + 0xcf4a85cfU, + 0xd06bbbd0U, + 0xef2ac5efU, + 0xaae54faaU, + 0xfb16edfbU, + 0x43c58643U, + 0x4dd79a4dU, + 0x33556633U, + 0x85941185U, + 0x45cf8a45U, + 0xf910e9f9U, + 0x02060402U, + 0x7f81fe7fU, + 0x50f0a050U, + 0x3c44783cU, + 0x9fba259fU, + 0xa8e34ba8U, + 0x51f3a251U, + 0xa3fe5da3U, + 0x40c08040U, + 0x8f8a058fU, + 0x92ad3f92U, + 0x9dbc219dU, + 0x38487038U, + 0xf504f1f5U, + 0xbcdf63bcU, + 0xb6c177b6U, + 0xda75afdaU, + 0x21634221U, + 0x10302010U, + 0xff1ae5ffU, + 0xf30efdf3U, + 0xd26dbfd2U, + 0xcd4c81cdU, + 0x0c14180cU, + 0x13352613U, + 0xec2fc3ecU, + 0x5fe1be5fU, + 0x97a23597U, + 0x44cc8844U, + 0x17392e17U, + 0xc45793c4U, + 0xa7f255a7U, + 0x7e82fc7eU, + 0x3d477a3dU, + 0x64acc864U, + 0x5de7ba5dU, + 0x192b3219U, + 0x7395e673U, + 0x60a0c060U, + 0x81981981U, + 0x4fd19e4fU, + 0xdc7fa3dcU, + 0x22664422U, + 0x2a7e542aU, + 0x90ab3b90U, + 0x88830b88U, + 0x46ca8c46U, + 0xee29c7eeU, + 0xb8d36bb8U, + 0x143c2814U, + 0xde79a7deU, + 0x5ee2bc5eU, + 0x0b1d160bU, + 0xdb76addbU, + 0xe03bdbe0U, + 0x32566432U, + 0x3a4e743aU, + 0x0a1e140aU, + 0x49db9249U, + 0x060a0c06U, + 0x246c4824U, + 0x5ce4b85cU, + 0xc25d9fc2U, + 0xd36ebdd3U, + 0xacef43acU, + 0x62a6c462U, + 0x91a83991U, + 0x95a43195U, + 0xe437d3e4U, + 0x798bf279U, + 0xe732d5e7U, + 0xc8438bc8U, + 0x37596e37U, + 0x6db7da6dU, + 0x8d8c018dU, + 0xd564b1d5U, + 0x4ed29c4eU, + 0xa9e049a9U, + 0x6cb4d86cU, + 0x56faac56U, + 0xf407f3f4U, + 0xea25cfeaU, + 0x65afca65U, + 0x7a8ef47aU, + 0xaee947aeU, + 0x08181008U, + 0xbad56fbaU, + 0x7888f078U, + 0x256f4a25U, + 0x2e725c2eU, + 0x1c24381cU, + 0xa6f157a6U, + 0xb4c773b4U, + 0xc65197c6U, + 0xe823cbe8U, + 0xdd7ca1ddU, + 0x749ce874U, + 0x1f213e1fU, + 0x4bdd964bU, + 0xbddc61bdU, + 0x8b860d8bU, + 0x8a850f8aU, + 0x7090e070U, + 0x3e427c3eU, + 0xb5c471b5U, + 0x66aacc66U, + 0x48d89048U, + 0x03050603U, + 0xf601f7f6U, + 0x0e121c0eU, + 0x61a3c261U, + 0x355f6a35U, + 0x57f9ae57U, + 0xb9d069b9U, + 0x86911786U, + 0xc15899c1U, + 0x1d273a1dU, + 0x9eb9279eU, + 0xe138d9e1U, + 0xf813ebf8U, + 0x98b32b98U, + 0x11332211U, + 0x69bbd269U, + 0xd970a9d9U, + 0x8e89078eU, + 0x94a73394U, + 0x9bb62d9bU, + 0x1e223c1eU, + 0x87921587U, + 0xe920c9e9U, + 0xce4987ceU, + 0x55ffaa55U, + 0x28785028U, + 0xdf7aa5dfU, + 0x8c8f038cU, + 0xa1f859a1U, + 0x89800989U, + 0x0d171a0dU, + 0xbfda65bfU, + 0xe631d7e6U, + 0x42c68442U, + 0x68b8d068U, + 0x41c38241U, + 0x99b02999U, + 0x2d775a2dU, + 0x0f111e0fU, + 0xb0cb7bb0U, + 0x54fca854U, + 0xbbd66dbbU, + 0x163a2c16U, }; static const u32 Te3[256] = { - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, - 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, - 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, - 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, - 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, - 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, - 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, - 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, - 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, - 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, - 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, - 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, - 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, - 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, - 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, - 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, - 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, - 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, - 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, - 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, - 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, - 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, - 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, - 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, - 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, - 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, - 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, - 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, - 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, - 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, - 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, - 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, - 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, - 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, - 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, - 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, - 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, - 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, - 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, - 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, - 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, - 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, - 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, - 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, - 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, - 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, - 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, - 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, - 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, - 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, - 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, - 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, - 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, - 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, - 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, - 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, - 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, - 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, - 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, - 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, - 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, - 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, - 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, - 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, + 0x6363a5c6U, + 0x7c7c84f8U, + 0x777799eeU, + 0x7b7b8df6U, + 0xf2f20dffU, + 0x6b6bbdd6U, + 0x6f6fb1deU, + 0xc5c55491U, + 0x30305060U, + 0x01010302U, + 0x6767a9ceU, + 0x2b2b7d56U, + 0xfefe19e7U, + 0xd7d762b5U, + 0xababe64dU, + 0x76769aecU, + 0xcaca458fU, + 0x82829d1fU, + 0xc9c94089U, + 0x7d7d87faU, + 0xfafa15efU, + 0x5959ebb2U, + 0x4747c98eU, + 0xf0f00bfbU, + 0xadadec41U, + 0xd4d467b3U, + 0xa2a2fd5fU, + 0xafafea45U, + 0x9c9cbf23U, + 0xa4a4f753U, + 0x727296e4U, + 0xc0c05b9bU, + 0xb7b7c275U, + 0xfdfd1ce1U, + 0x9393ae3dU, + 0x26266a4cU, + 0x36365a6cU, + 0x3f3f417eU, + 0xf7f702f5U, + 0xcccc4f83U, + 0x34345c68U, + 0xa5a5f451U, + 0xe5e534d1U, + 0xf1f108f9U, + 0x717193e2U, + 0xd8d873abU, + 0x31315362U, + 0x15153f2aU, + 0x04040c08U, + 0xc7c75295U, + 0x23236546U, + 0xc3c35e9dU, + 0x18182830U, + 0x9696a137U, + 0x05050f0aU, + 0x9a9ab52fU, + 0x0707090eU, + 0x12123624U, + 0x80809b1bU, + 0xe2e23ddfU, + 0xebeb26cdU, + 0x2727694eU, + 0xb2b2cd7fU, + 0x75759feaU, + 0x09091b12U, + 0x83839e1dU, + 0x2c2c7458U, + 0x1a1a2e34U, + 0x1b1b2d36U, + 0x6e6eb2dcU, + 0x5a5aeeb4U, + 0xa0a0fb5bU, + 0x5252f6a4U, + 0x3b3b4d76U, + 0xd6d661b7U, + 0xb3b3ce7dU, + 0x29297b52U, + 0xe3e33eddU, + 0x2f2f715eU, + 0x84849713U, + 0x5353f5a6U, + 0xd1d168b9U, + 0x00000000U, + 0xeded2cc1U, + 0x20206040U, + 0xfcfc1fe3U, + 0xb1b1c879U, + 0x5b5bedb6U, + 0x6a6abed4U, + 0xcbcb468dU, + 0xbebed967U, + 0x39394b72U, + 0x4a4ade94U, + 0x4c4cd498U, + 0x5858e8b0U, + 0xcfcf4a85U, + 0xd0d06bbbU, + 0xefef2ac5U, + 0xaaaae54fU, + 0xfbfb16edU, + 0x4343c586U, + 0x4d4dd79aU, + 0x33335566U, + 0x85859411U, + 0x4545cf8aU, + 0xf9f910e9U, + 0x02020604U, + 0x7f7f81feU, + 0x5050f0a0U, + 0x3c3c4478U, + 0x9f9fba25U, + 0xa8a8e34bU, + 0x5151f3a2U, + 0xa3a3fe5dU, + 0x4040c080U, + 0x8f8f8a05U, + 0x9292ad3fU, + 0x9d9dbc21U, + 0x38384870U, + 0xf5f504f1U, + 0xbcbcdf63U, + 0xb6b6c177U, + 0xdada75afU, + 0x21216342U, + 0x10103020U, + 0xffff1ae5U, + 0xf3f30efdU, + 0xd2d26dbfU, + 0xcdcd4c81U, + 0x0c0c1418U, + 0x13133526U, + 0xecec2fc3U, + 0x5f5fe1beU, + 0x9797a235U, + 0x4444cc88U, + 0x1717392eU, + 0xc4c45793U, + 0xa7a7f255U, + 0x7e7e82fcU, + 0x3d3d477aU, + 0x6464acc8U, + 0x5d5de7baU, + 0x19192b32U, + 0x737395e6U, + 0x6060a0c0U, + 0x81819819U, + 0x4f4fd19eU, + 0xdcdc7fa3U, + 0x22226644U, + 0x2a2a7e54U, + 0x9090ab3bU, + 0x8888830bU, + 0x4646ca8cU, + 0xeeee29c7U, + 0xb8b8d36bU, + 0x14143c28U, + 0xdede79a7U, + 0x5e5ee2bcU, + 0x0b0b1d16U, + 0xdbdb76adU, + 0xe0e03bdbU, + 0x32325664U, + 0x3a3a4e74U, + 0x0a0a1e14U, + 0x4949db92U, + 0x06060a0cU, + 0x24246c48U, + 0x5c5ce4b8U, + 0xc2c25d9fU, + 0xd3d36ebdU, + 0xacacef43U, + 0x6262a6c4U, + 0x9191a839U, + 0x9595a431U, + 0xe4e437d3U, + 0x79798bf2U, + 0xe7e732d5U, + 0xc8c8438bU, + 0x3737596eU, + 0x6d6db7daU, + 0x8d8d8c01U, + 0xd5d564b1U, + 0x4e4ed29cU, + 0xa9a9e049U, + 0x6c6cb4d8U, + 0x5656faacU, + 0xf4f407f3U, + 0xeaea25cfU, + 0x6565afcaU, + 0x7a7a8ef4U, + 0xaeaee947U, + 0x08081810U, + 0xbabad56fU, + 0x787888f0U, + 0x25256f4aU, + 0x2e2e725cU, + 0x1c1c2438U, + 0xa6a6f157U, + 0xb4b4c773U, + 0xc6c65197U, + 0xe8e823cbU, + 0xdddd7ca1U, + 0x74749ce8U, + 0x1f1f213eU, + 0x4b4bdd96U, + 0xbdbddc61U, + 0x8b8b860dU, + 0x8a8a850fU, + 0x707090e0U, + 0x3e3e427cU, + 0xb5b5c471U, + 0x6666aaccU, + 0x4848d890U, + 0x03030506U, + 0xf6f601f7U, + 0x0e0e121cU, + 0x6161a3c2U, + 0x35355f6aU, + 0x5757f9aeU, + 0xb9b9d069U, + 0x86869117U, + 0xc1c15899U, + 0x1d1d273aU, + 0x9e9eb927U, + 0xe1e138d9U, + 0xf8f813ebU, + 0x9898b32bU, + 0x11113322U, + 0x6969bbd2U, + 0xd9d970a9U, + 0x8e8e8907U, + 0x9494a733U, + 0x9b9bb62dU, + 0x1e1e223cU, + 0x87879215U, + 0xe9e920c9U, + 0xcece4987U, + 0x5555ffaaU, + 0x28287850U, + 0xdfdf7aa5U, + 0x8c8c8f03U, + 0xa1a1f859U, + 0x89898009U, + 0x0d0d171aU, + 0xbfbfda65U, + 0xe6e631d7U, + 0x4242c684U, + 0x6868b8d0U, + 0x4141c382U, + 0x9999b029U, + 0x2d2d775aU, + 0x0f0f111eU, + 0xb0b0cb7bU, + 0x5454fca8U, + 0xbbbbd66dU, + 0x16163a2cU, }; static const u32 Td0[256] = { - 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, - 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, - 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, - 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, - 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, - 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, - 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, - 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, - 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, - 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, - 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, - 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, - 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, - 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, - 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, - 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, - 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, - 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, - 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, - 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, - 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, - 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, - 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, - 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, - 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, - 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, - 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, - 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, - 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, - 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, - 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, - 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, - 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, - 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, - 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, - 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, - 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, - 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, - 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, - 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, - 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, - 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, - 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, - 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, - 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, - 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, - 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, - 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, - 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, - 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, - 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, - 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, - 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, - 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, - 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, - 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, - 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, - 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, - 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, - 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, - 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, - 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, - 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, - 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, + 0x51f4a750U, + 0x7e416553U, + 0x1a17a4c3U, + 0x3a275e96U, + 0x3bab6bcbU, + 0x1f9d45f1U, + 0xacfa58abU, + 0x4be30393U, + 0x2030fa55U, + 0xad766df6U, + 0x88cc7691U, + 0xf5024c25U, + 0x4fe5d7fcU, + 0xc52acbd7U, + 0x26354480U, + 0xb562a38fU, + 0xdeb15a49U, + 0x25ba1b67U, + 0x45ea0e98U, + 0x5dfec0e1U, + 0xc32f7502U, + 0x814cf012U, + 0x8d4697a3U, + 0x6bd3f9c6U, + 0x038f5fe7U, + 0x15929c95U, + 0xbf6d7aebU, + 0x955259daU, + 0xd4be832dU, + 0x587421d3U, + 0x49e06929U, + 0x8ec9c844U, + 0x75c2896aU, + 0xf48e7978U, + 0x99583e6bU, + 0x27b971ddU, + 0xbee14fb6U, + 0xf088ad17U, + 0xc920ac66U, + 0x7dce3ab4U, + 0x63df4a18U, + 0xe51a3182U, + 0x97513360U, + 0x62537f45U, + 0xb16477e0U, + 0xbb6bae84U, + 0xfe81a01cU, + 0xf9082b94U, + 0x70486858U, + 0x8f45fd19U, + 0x94de6c87U, + 0x527bf8b7U, + 0xab73d323U, + 0x724b02e2U, + 0xe31f8f57U, + 0x6655ab2aU, + 0xb2eb2807U, + 0x2fb5c203U, + 0x86c57b9aU, + 0xd33708a5U, + 0x302887f2U, + 0x23bfa5b2U, + 0x02036abaU, + 0xed16825cU, + 0x8acf1c2bU, + 0xa779b492U, + 0xf307f2f0U, + 0x4e69e2a1U, + 0x65daf4cdU, + 0x0605bed5U, + 0xd134621fU, + 0xc4a6fe8aU, + 0x342e539dU, + 0xa2f355a0U, + 0x058ae132U, + 0xa4f6eb75U, + 0x0b83ec39U, + 0x4060efaaU, + 0x5e719f06U, + 0xbd6e1051U, + 0x3e218af9U, + 0x96dd063dU, + 0xdd3e05aeU, + 0x4de6bd46U, + 0x91548db5U, + 0x71c45d05U, + 0x0406d46fU, + 0x605015ffU, + 0x1998fb24U, + 0xd6bde997U, + 0x894043ccU, + 0x67d99e77U, + 0xb0e842bdU, + 0x07898b88U, + 0xe7195b38U, + 0x79c8eedbU, + 0xa17c0a47U, + 0x7c420fe9U, + 0xf8841ec9U, + 0x00000000U, + 0x09808683U, + 0x322bed48U, + 0x1e1170acU, + 0x6c5a724eU, + 0xfd0efffbU, + 0x0f853856U, + 0x3daed51eU, + 0x362d3927U, + 0x0a0fd964U, + 0x685ca621U, + 0x9b5b54d1U, + 0x24362e3aU, + 0x0c0a67b1U, + 0x9357e70fU, + 0xb4ee96d2U, + 0x1b9b919eU, + 0x80c0c54fU, + 0x61dc20a2U, + 0x5a774b69U, + 0x1c121a16U, + 0xe293ba0aU, + 0xc0a02ae5U, + 0x3c22e043U, + 0x121b171dU, + 0x0e090d0bU, + 0xf28bc7adU, + 0x2db6a8b9U, + 0x141ea9c8U, + 0x57f11985U, + 0xaf75074cU, + 0xee99ddbbU, + 0xa37f60fdU, + 0xf701269fU, + 0x5c72f5bcU, + 0x44663bc5U, + 0x5bfb7e34U, + 0x8b432976U, + 0xcb23c6dcU, + 0xb6edfc68U, + 0xb8e4f163U, + 0xd731dccaU, + 0x42638510U, + 0x13972240U, + 0x84c61120U, + 0x854a247dU, + 0xd2bb3df8U, + 0xaef93211U, + 0xc729a16dU, + 0x1d9e2f4bU, + 0xdcb230f3U, + 0x0d8652ecU, + 0x77c1e3d0U, + 0x2bb3166cU, + 0xa970b999U, + 0x119448faU, + 0x47e96422U, + 0xa8fc8cc4U, + 0xa0f03f1aU, + 0x567d2cd8U, + 0x223390efU, + 0x87494ec7U, + 0xd938d1c1U, + 0x8ccaa2feU, + 0x98d40b36U, + 0xa6f581cfU, + 0xa57ade28U, + 0xdab78e26U, + 0x3fadbfa4U, + 0x2c3a9de4U, + 0x5078920dU, + 0x6a5fcc9bU, + 0x547e4662U, + 0xf68d13c2U, + 0x90d8b8e8U, + 0x2e39f75eU, + 0x82c3aff5U, + 0x9f5d80beU, + 0x69d0937cU, + 0x6fd52da9U, + 0xcf2512b3U, + 0xc8ac993bU, + 0x10187da7U, + 0xe89c636eU, + 0xdb3bbb7bU, + 0xcd267809U, + 0x6e5918f4U, + 0xec9ab701U, + 0x834f9aa8U, + 0xe6956e65U, + 0xaaffe67eU, + 0x21bccf08U, + 0xef15e8e6U, + 0xbae79bd9U, + 0x4a6f36ceU, + 0xea9f09d4U, + 0x29b07cd6U, + 0x31a4b2afU, + 0x2a3f2331U, + 0xc6a59430U, + 0x35a266c0U, + 0x744ebc37U, + 0xfc82caa6U, + 0xe090d0b0U, + 0x33a7d815U, + 0xf104984aU, + 0x41ecdaf7U, + 0x7fcd500eU, + 0x1791f62fU, + 0x764dd68dU, + 0x43efb04dU, + 0xccaa4d54U, + 0xe49604dfU, + 0x9ed1b5e3U, + 0x4c6a881bU, + 0xc12c1fb8U, + 0x4665517fU, + 0x9d5eea04U, + 0x018c355dU, + 0xfa877473U, + 0xfb0b412eU, + 0xb3671d5aU, + 0x92dbd252U, + 0xe9105633U, + 0x6dd64713U, + 0x9ad7618cU, + 0x37a10c7aU, + 0x59f8148eU, + 0xeb133c89U, + 0xcea927eeU, + 0xb761c935U, + 0xe11ce5edU, + 0x7a47b13cU, + 0x9cd2df59U, + 0x55f2733fU, + 0x1814ce79U, + 0x73c737bfU, + 0x53f7cdeaU, + 0x5ffdaa5bU, + 0xdf3d6f14U, + 0x7844db86U, + 0xcaaff381U, + 0xb968c43eU, + 0x3824342cU, + 0xc2a3405fU, + 0x161dc372U, + 0xbce2250cU, + 0x283c498bU, + 0xff0d9541U, + 0x39a80171U, + 0x080cb3deU, + 0xd8b4e49cU, + 0x6456c190U, + 0x7bcb8461U, + 0xd532b670U, + 0x486c5c74U, + 0xd0b85742U, }; static const u32 Td1[256] = { - 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, - 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, - 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, - 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, - 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, - 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, - 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, - 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, - 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, - 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, - 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, - 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, - 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, - 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, - 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, - 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, - 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, - 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, - 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, - 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, - 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, - 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, - 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, - 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, - 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, - 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, - 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, - 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, - 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, - 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, - 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, - 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, - 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, - 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, - 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, - 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, - 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, - 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, - 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, - 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, - 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, - 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, - 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, - 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, - 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, - 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, - 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, - 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, - 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, - 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, - 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, - 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, - 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, - 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, - 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, - 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, - 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, - 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, - 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, - 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, - 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, - 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, - 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, - 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, + 0x5051f4a7U, + 0x537e4165U, + 0xc31a17a4U, + 0x963a275eU, + 0xcb3bab6bU, + 0xf11f9d45U, + 0xabacfa58U, + 0x934be303U, + 0x552030faU, + 0xf6ad766dU, + 0x9188cc76U, + 0x25f5024cU, + 0xfc4fe5d7U, + 0xd7c52acbU, + 0x80263544U, + 0x8fb562a3U, + 0x49deb15aU, + 0x6725ba1bU, + 0x9845ea0eU, + 0xe15dfec0U, + 0x02c32f75U, + 0x12814cf0U, + 0xa38d4697U, + 0xc66bd3f9U, + 0xe7038f5fU, + 0x9515929cU, + 0xebbf6d7aU, + 0xda955259U, + 0x2dd4be83U, + 0xd3587421U, + 0x2949e069U, + 0x448ec9c8U, + 0x6a75c289U, + 0x78f48e79U, + 0x6b99583eU, + 0xdd27b971U, + 0xb6bee14fU, + 0x17f088adU, + 0x66c920acU, + 0xb47dce3aU, + 0x1863df4aU, + 0x82e51a31U, + 0x60975133U, + 0x4562537fU, + 0xe0b16477U, + 0x84bb6baeU, + 0x1cfe81a0U, + 0x94f9082bU, + 0x58704868U, + 0x198f45fdU, + 0x8794de6cU, + 0xb7527bf8U, + 0x23ab73d3U, + 0xe2724b02U, + 0x57e31f8fU, + 0x2a6655abU, + 0x07b2eb28U, + 0x032fb5c2U, + 0x9a86c57bU, + 0xa5d33708U, + 0xf2302887U, + 0xb223bfa5U, + 0xba02036aU, + 0x5ced1682U, + 0x2b8acf1cU, + 0x92a779b4U, + 0xf0f307f2U, + 0xa14e69e2U, + 0xcd65daf4U, + 0xd50605beU, + 0x1fd13462U, + 0x8ac4a6feU, + 0x9d342e53U, + 0xa0a2f355U, + 0x32058ae1U, + 0x75a4f6ebU, + 0x390b83ecU, + 0xaa4060efU, + 0x065e719fU, + 0x51bd6e10U, + 0xf93e218aU, + 0x3d96dd06U, + 0xaedd3e05U, + 0x464de6bdU, + 0xb591548dU, + 0x0571c45dU, + 0x6f0406d4U, + 0xff605015U, + 0x241998fbU, + 0x97d6bde9U, + 0xcc894043U, + 0x7767d99eU, + 0xbdb0e842U, + 0x8807898bU, + 0x38e7195bU, + 0xdb79c8eeU, + 0x47a17c0aU, + 0xe97c420fU, + 0xc9f8841eU, + 0x00000000U, + 0x83098086U, + 0x48322bedU, + 0xac1e1170U, + 0x4e6c5a72U, + 0xfbfd0effU, + 0x560f8538U, + 0x1e3daed5U, + 0x27362d39U, + 0x640a0fd9U, + 0x21685ca6U, + 0xd19b5b54U, + 0x3a24362eU, + 0xb10c0a67U, + 0x0f9357e7U, + 0xd2b4ee96U, + 0x9e1b9b91U, + 0x4f80c0c5U, + 0xa261dc20U, + 0x695a774bU, + 0x161c121aU, + 0x0ae293baU, + 0xe5c0a02aU, + 0x433c22e0U, + 0x1d121b17U, + 0x0b0e090dU, + 0xadf28bc7U, + 0xb92db6a8U, + 0xc8141ea9U, + 0x8557f119U, + 0x4caf7507U, + 0xbbee99ddU, + 0xfda37f60U, + 0x9ff70126U, + 0xbc5c72f5U, + 0xc544663bU, + 0x345bfb7eU, + 0x768b4329U, + 0xdccb23c6U, + 0x68b6edfcU, + 0x63b8e4f1U, + 0xcad731dcU, + 0x10426385U, + 0x40139722U, + 0x2084c611U, + 0x7d854a24U, + 0xf8d2bb3dU, + 0x11aef932U, + 0x6dc729a1U, + 0x4b1d9e2fU, + 0xf3dcb230U, + 0xec0d8652U, + 0xd077c1e3U, + 0x6c2bb316U, + 0x99a970b9U, + 0xfa119448U, + 0x2247e964U, + 0xc4a8fc8cU, + 0x1aa0f03fU, + 0xd8567d2cU, + 0xef223390U, + 0xc787494eU, + 0xc1d938d1U, + 0xfe8ccaa2U, + 0x3698d40bU, + 0xcfa6f581U, + 0x28a57adeU, + 0x26dab78eU, + 0xa43fadbfU, + 0xe42c3a9dU, + 0x0d507892U, + 0x9b6a5fccU, + 0x62547e46U, + 0xc2f68d13U, + 0xe890d8b8U, + 0x5e2e39f7U, + 0xf582c3afU, + 0xbe9f5d80U, + 0x7c69d093U, + 0xa96fd52dU, + 0xb3cf2512U, + 0x3bc8ac99U, + 0xa710187dU, + 0x6ee89c63U, + 0x7bdb3bbbU, + 0x09cd2678U, + 0xf46e5918U, + 0x01ec9ab7U, + 0xa8834f9aU, + 0x65e6956eU, + 0x7eaaffe6U, + 0x0821bccfU, + 0xe6ef15e8U, + 0xd9bae79bU, + 0xce4a6f36U, + 0xd4ea9f09U, + 0xd629b07cU, + 0xaf31a4b2U, + 0x312a3f23U, + 0x30c6a594U, + 0xc035a266U, + 0x37744ebcU, + 0xa6fc82caU, + 0xb0e090d0U, + 0x1533a7d8U, + 0x4af10498U, + 0xf741ecdaU, + 0x0e7fcd50U, + 0x2f1791f6U, + 0x8d764dd6U, + 0x4d43efb0U, + 0x54ccaa4dU, + 0xdfe49604U, + 0xe39ed1b5U, + 0x1b4c6a88U, + 0xb8c12c1fU, + 0x7f466551U, + 0x049d5eeaU, + 0x5d018c35U, + 0x73fa8774U, + 0x2efb0b41U, + 0x5ab3671dU, + 0x5292dbd2U, + 0x33e91056U, + 0x136dd647U, + 0x8c9ad761U, + 0x7a37a10cU, + 0x8e59f814U, + 0x89eb133cU, + 0xeecea927U, + 0x35b761c9U, + 0xede11ce5U, + 0x3c7a47b1U, + 0x599cd2dfU, + 0x3f55f273U, + 0x791814ceU, + 0xbf73c737U, + 0xea53f7cdU, + 0x5b5ffdaaU, + 0x14df3d6fU, + 0x867844dbU, + 0x81caaff3U, + 0x3eb968c4U, + 0x2c382434U, + 0x5fc2a340U, + 0x72161dc3U, + 0x0cbce225U, + 0x8b283c49U, + 0x41ff0d95U, + 0x7139a801U, + 0xde080cb3U, + 0x9cd8b4e4U, + 0x906456c1U, + 0x617bcb84U, + 0x70d532b6U, + 0x74486c5cU, + 0x42d0b857U, }; static const u32 Td2[256] = { - 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, - 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, - 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, - 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, - 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, - 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, - 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, - 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, - 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, - 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, - 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, - 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, - 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, - 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, - 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, - 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, - 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, - 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, - 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, - 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, - 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, - 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, - 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, - 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, - 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, - 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, - 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, - 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, - 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, - 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, - 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, - 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, - 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, - 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, - 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, - 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, - 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, - 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, - 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, - 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, - 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, - 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, - 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, - 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, - 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, - 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, - 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, - 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, - 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, - 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, - 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, - 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, - 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, - 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, - 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, - 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, - 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, - 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, - 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, - 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, - 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, - 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, - 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, + 0xa75051f4U, + 0x65537e41U, + 0xa4c31a17U, + 0x5e963a27U, + 0x6bcb3babU, + 0x45f11f9dU, + 0x58abacfaU, + 0x03934be3U, + 0xfa552030U, + 0x6df6ad76U, + 0x769188ccU, + 0x4c25f502U, + 0xd7fc4fe5U, + 0xcbd7c52aU, + 0x44802635U, + 0xa38fb562U, + 0x5a49deb1U, + 0x1b6725baU, + 0x0e9845eaU, + 0xc0e15dfeU, + 0x7502c32fU, + 0xf012814cU, + 0x97a38d46U, + 0xf9c66bd3U, + 0x5fe7038fU, + 0x9c951592U, + 0x7aebbf6dU, + 0x59da9552U, + 0x832dd4beU, + 0x21d35874U, + 0x692949e0U, + 0xc8448ec9U, + 0x896a75c2U, + 0x7978f48eU, + 0x3e6b9958U, + 0x71dd27b9U, + 0x4fb6bee1U, + 0xad17f088U, + 0xac66c920U, + 0x3ab47dceU, + 0x4a1863dfU, + 0x3182e51aU, + 0x33609751U, + 0x7f456253U, + 0x77e0b164U, + 0xae84bb6bU, + 0xa01cfe81U, + 0x2b94f908U, + 0x68587048U, + 0xfd198f45U, + 0x6c8794deU, + 0xf8b7527bU, + 0xd323ab73U, + 0x02e2724bU, + 0x8f57e31fU, + 0xab2a6655U, + 0x2807b2ebU, + 0xc2032fb5U, + 0x7b9a86c5U, + 0x08a5d337U, + 0x87f23028U, + 0xa5b223bfU, + 0x6aba0203U, + 0x825ced16U, + 0x1c2b8acfU, + 0xb492a779U, + 0xf2f0f307U, + 0xe2a14e69U, + 0xf4cd65daU, + 0xbed50605U, + 0x621fd134U, + 0xfe8ac4a6U, + 0x539d342eU, + 0x55a0a2f3U, + 0xe132058aU, + 0xeb75a4f6U, + 0xec390b83U, + 0xefaa4060U, + 0x9f065e71U, + 0x1051bd6eU, + 0x8af93e21U, + 0x063d96ddU, + 0x05aedd3eU, + 0xbd464de6U, + 0x8db59154U, + 0x5d0571c4U, + 0xd46f0406U, + 0x15ff6050U, + 0xfb241998U, + 0xe997d6bdU, + 0x43cc8940U, + 0x9e7767d9U, + 0x42bdb0e8U, + 0x8b880789U, + 0x5b38e719U, + 0xeedb79c8U, + 0x0a47a17cU, + 0x0fe97c42U, + 0x1ec9f884U, + 0x00000000U, + 0x86830980U, + 0xed48322bU, + 0x70ac1e11U, + 0x724e6c5aU, + 0xfffbfd0eU, + 0x38560f85U, + 0xd51e3daeU, + 0x3927362dU, + 0xd9640a0fU, + 0xa621685cU, + 0x54d19b5bU, + 0x2e3a2436U, + 0x67b10c0aU, + 0xe70f9357U, + 0x96d2b4eeU, + 0x919e1b9bU, + 0xc54f80c0U, + 0x20a261dcU, + 0x4b695a77U, + 0x1a161c12U, + 0xba0ae293U, + 0x2ae5c0a0U, + 0xe0433c22U, + 0x171d121bU, + 0x0d0b0e09U, + 0xc7adf28bU, + 0xa8b92db6U, + 0xa9c8141eU, + 0x198557f1U, + 0x074caf75U, + 0xddbbee99U, + 0x60fda37fU, + 0x269ff701U, + 0xf5bc5c72U, + 0x3bc54466U, + 0x7e345bfbU, + 0x29768b43U, + 0xc6dccb23U, + 0xfc68b6edU, + 0xf163b8e4U, + 0xdccad731U, + 0x85104263U, + 0x22401397U, + 0x112084c6U, + 0x247d854aU, + 0x3df8d2bbU, + 0x3211aef9U, + 0xa16dc729U, + 0x2f4b1d9eU, + 0x30f3dcb2U, + 0x52ec0d86U, + 0xe3d077c1U, + 0x166c2bb3U, + 0xb999a970U, + 0x48fa1194U, + 0x642247e9U, + 0x8cc4a8fcU, + 0x3f1aa0f0U, + 0x2cd8567dU, + 0x90ef2233U, + 0x4ec78749U, + 0xd1c1d938U, + 0xa2fe8ccaU, + 0x0b3698d4U, + 0x81cfa6f5U, + 0xde28a57aU, + 0x8e26dab7U, + 0xbfa43fadU, + 0x9de42c3aU, + 0x920d5078U, + 0xcc9b6a5fU, + 0x4662547eU, + 0x13c2f68dU, + 0xb8e890d8U, + 0xf75e2e39U, + 0xaff582c3U, + 0x80be9f5dU, + 0x937c69d0U, + 0x2da96fd5U, + 0x12b3cf25U, + 0x993bc8acU, + 0x7da71018U, + 0x636ee89cU, + 0xbb7bdb3bU, + 0x7809cd26U, + 0x18f46e59U, + 0xb701ec9aU, + 0x9aa8834fU, + 0x6e65e695U, + 0xe67eaaffU, + 0xcf0821bcU, + 0xe8e6ef15U, + 0x9bd9bae7U, + 0x36ce4a6fU, + 0x09d4ea9fU, + 0x7cd629b0U, + 0xb2af31a4U, + 0x23312a3fU, + 0x9430c6a5U, + 0x66c035a2U, + 0xbc37744eU, + 0xcaa6fc82U, + 0xd0b0e090U, + 0xd81533a7U, + 0x984af104U, + 0xdaf741ecU, + 0x500e7fcdU, + 0xf62f1791U, + 0xd68d764dU, + 0xb04d43efU, + 0x4d54ccaaU, + 0x04dfe496U, + 0xb5e39ed1U, + 0x881b4c6aU, + 0x1fb8c12cU, + 0x517f4665U, + 0xea049d5eU, + 0x355d018cU, + 0x7473fa87U, + 0x412efb0bU, + 0x1d5ab367U, + 0xd25292dbU, + 0x5633e910U, + 0x47136dd6U, + 0x618c9ad7U, + 0x0c7a37a1U, + 0x148e59f8U, + 0x3c89eb13U, + 0x27eecea9U, + 0xc935b761U, + 0xe5ede11cU, + 0xb13c7a47U, + 0xdf599cd2U, + 0x733f55f2U, + 0xce791814U, + 0x37bf73c7U, + 0xcdea53f7U, + 0xaa5b5ffdU, + 0x6f14df3dU, + 0xdb867844U, + 0xf381caafU, + 0xc43eb968U, + 0x342c3824U, + 0x405fc2a3U, + 0xc372161dU, + 0x250cbce2U, + 0x498b283cU, + 0x9541ff0dU, + 0x017139a8U, + 0xb3de080cU, + 0xe49cd8b4U, + 0xc1906456U, + 0x84617bcbU, + 0xb670d532U, + 0x5c74486cU, + 0x5742d0b8U, }; static const u32 Td3[256] = { - 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, - 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, - 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, - 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, - 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, - 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, - 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, - 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, - 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, - 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, - 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, - 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, - 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, - 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, - 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, - 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, - 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, - 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, - 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, - 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, - 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, - 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, - 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, - 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, - 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, - 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, - 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, - 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, - 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, - 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, - 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, - 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, - 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, - 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, - 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, - 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, - 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, - 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, - 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, - 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, - 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, - 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, - 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, - 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, - 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, - 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, - 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, - 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, - 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, - 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, - 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, - 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, - 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, - 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, - 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, - 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, - 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, - 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, - 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, - 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, - 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, - 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, - 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, - 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, + 0xf4a75051U, + 0x4165537eU, + 0x17a4c31aU, + 0x275e963aU, + 0xab6bcb3bU, + 0x9d45f11fU, + 0xfa58abacU, + 0xe303934bU, + 0x30fa5520U, + 0x766df6adU, + 0xcc769188U, + 0x024c25f5U, + 0xe5d7fc4fU, + 0x2acbd7c5U, + 0x35448026U, + 0x62a38fb5U, + 0xb15a49deU, + 0xba1b6725U, + 0xea0e9845U, + 0xfec0e15dU, + 0x2f7502c3U, + 0x4cf01281U, + 0x4697a38dU, + 0xd3f9c66bU, + 0x8f5fe703U, + 0x929c9515U, + 0x6d7aebbfU, + 0x5259da95U, + 0xbe832dd4U, + 0x7421d358U, + 0xe0692949U, + 0xc9c8448eU, + 0xc2896a75U, + 0x8e7978f4U, + 0x583e6b99U, + 0xb971dd27U, + 0xe14fb6beU, + 0x88ad17f0U, + 0x20ac66c9U, + 0xce3ab47dU, + 0xdf4a1863U, + 0x1a3182e5U, + 0x51336097U, + 0x537f4562U, + 0x6477e0b1U, + 0x6bae84bbU, + 0x81a01cfeU, + 0x082b94f9U, + 0x48685870U, + 0x45fd198fU, + 0xde6c8794U, + 0x7bf8b752U, + 0x73d323abU, + 0x4b02e272U, + 0x1f8f57e3U, + 0x55ab2a66U, + 0xeb2807b2U, + 0xb5c2032fU, + 0xc57b9a86U, + 0x3708a5d3U, + 0x2887f230U, + 0xbfa5b223U, + 0x036aba02U, + 0x16825cedU, + 0xcf1c2b8aU, + 0x79b492a7U, + 0x07f2f0f3U, + 0x69e2a14eU, + 0xdaf4cd65U, + 0x05bed506U, + 0x34621fd1U, + 0xa6fe8ac4U, + 0x2e539d34U, + 0xf355a0a2U, + 0x8ae13205U, + 0xf6eb75a4U, + 0x83ec390bU, + 0x60efaa40U, + 0x719f065eU, + 0x6e1051bdU, + 0x218af93eU, + 0xdd063d96U, + 0x3e05aeddU, + 0xe6bd464dU, + 0x548db591U, + 0xc45d0571U, + 0x06d46f04U, + 0x5015ff60U, + 0x98fb2419U, + 0xbde997d6U, + 0x4043cc89U, + 0xd99e7767U, + 0xe842bdb0U, + 0x898b8807U, + 0x195b38e7U, + 0xc8eedb79U, + 0x7c0a47a1U, + 0x420fe97cU, + 0x841ec9f8U, + 0x00000000U, + 0x80868309U, + 0x2bed4832U, + 0x1170ac1eU, + 0x5a724e6cU, + 0x0efffbfdU, + 0x8538560fU, + 0xaed51e3dU, + 0x2d392736U, + 0x0fd9640aU, + 0x5ca62168U, + 0x5b54d19bU, + 0x362e3a24U, + 0x0a67b10cU, + 0x57e70f93U, + 0xee96d2b4U, + 0x9b919e1bU, + 0xc0c54f80U, + 0xdc20a261U, + 0x774b695aU, + 0x121a161cU, + 0x93ba0ae2U, + 0xa02ae5c0U, + 0x22e0433cU, + 0x1b171d12U, + 0x090d0b0eU, + 0x8bc7adf2U, + 0xb6a8b92dU, + 0x1ea9c814U, + 0xf1198557U, + 0x75074cafU, + 0x99ddbbeeU, + 0x7f60fda3U, + 0x01269ff7U, + 0x72f5bc5cU, + 0x663bc544U, + 0xfb7e345bU, + 0x4329768bU, + 0x23c6dccbU, + 0xedfc68b6U, + 0xe4f163b8U, + 0x31dccad7U, + 0x63851042U, + 0x97224013U, + 0xc6112084U, + 0x4a247d85U, + 0xbb3df8d2U, + 0xf93211aeU, + 0x29a16dc7U, + 0x9e2f4b1dU, + 0xb230f3dcU, + 0x8652ec0dU, + 0xc1e3d077U, + 0xb3166c2bU, + 0x70b999a9U, + 0x9448fa11U, + 0xe9642247U, + 0xfc8cc4a8U, + 0xf03f1aa0U, + 0x7d2cd856U, + 0x3390ef22U, + 0x494ec787U, + 0x38d1c1d9U, + 0xcaa2fe8cU, + 0xd40b3698U, + 0xf581cfa6U, + 0x7ade28a5U, + 0xb78e26daU, + 0xadbfa43fU, + 0x3a9de42cU, + 0x78920d50U, + 0x5fcc9b6aU, + 0x7e466254U, + 0x8d13c2f6U, + 0xd8b8e890U, + 0x39f75e2eU, + 0xc3aff582U, + 0x5d80be9fU, + 0xd0937c69U, + 0xd52da96fU, + 0x2512b3cfU, + 0xac993bc8U, + 0x187da710U, + 0x9c636ee8U, + 0x3bbb7bdbU, + 0x267809cdU, + 0x5918f46eU, + 0x9ab701ecU, + 0x4f9aa883U, + 0x956e65e6U, + 0xffe67eaaU, + 0xbccf0821U, + 0x15e8e6efU, + 0xe79bd9baU, + 0x6f36ce4aU, + 0x9f09d4eaU, + 0xb07cd629U, + 0xa4b2af31U, + 0x3f23312aU, + 0xa59430c6U, + 0xa266c035U, + 0x4ebc3774U, + 0x82caa6fcU, + 0x90d0b0e0U, + 0xa7d81533U, + 0x04984af1U, + 0xecdaf741U, + 0xcd500e7fU, + 0x91f62f17U, + 0x4dd68d76U, + 0xefb04d43U, + 0xaa4d54ccU, + 0x9604dfe4U, + 0xd1b5e39eU, + 0x6a881b4cU, + 0x2c1fb8c1U, + 0x65517f46U, + 0x5eea049dU, + 0x8c355d01U, + 0x877473faU, + 0x0b412efbU, + 0x671d5ab3U, + 0xdbd25292U, + 0x105633e9U, + 0xd647136dU, + 0xd7618c9aU, + 0xa10c7a37U, + 0xf8148e59U, + 0x133c89ebU, + 0xa927eeceU, + 0x61c935b7U, + 0x1ce5ede1U, + 0x47b13c7aU, + 0xd2df599cU, + 0xf2733f55U, + 0x14ce7918U, + 0xc737bf73U, + 0xf7cdea53U, + 0xfdaa5b5fU, + 0x3d6f14dfU, + 0x44db8678U, + 0xaff381caU, + 0x68c43eb9U, + 0x24342c38U, + 0xa3405fc2U, + 0x1dc37216U, + 0xe2250cbcU, + 0x3c498b28U, + 0x0d9541ffU, + 0xa8017139U, + 0x0cb3de08U, + 0xb4e49cd8U, + 0x56c19064U, + 0xcb84617bU, + 0x32b670d5U, + 0x6c5c7448U, + 0xb85742d0U, }; static const u8 Td4[256] = { - 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, - 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, - 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, - 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, - 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, - 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, - 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, - 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, - 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, - 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, - 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, - 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, - 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, - 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, - 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, - 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, - 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, - 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, - 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, - 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, - 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, - 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, - 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, - 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, - 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, - 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, - 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, - 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, - 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, - 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, - 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, - 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, + 0x52U, + 0x09U, + 0x6aU, + 0xd5U, + 0x30U, + 0x36U, + 0xa5U, + 0x38U, + 0xbfU, + 0x40U, + 0xa3U, + 0x9eU, + 0x81U, + 0xf3U, + 0xd7U, + 0xfbU, + 0x7cU, + 0xe3U, + 0x39U, + 0x82U, + 0x9bU, + 0x2fU, + 0xffU, + 0x87U, + 0x34U, + 0x8eU, + 0x43U, + 0x44U, + 0xc4U, + 0xdeU, + 0xe9U, + 0xcbU, + 0x54U, + 0x7bU, + 0x94U, + 0x32U, + 0xa6U, + 0xc2U, + 0x23U, + 0x3dU, + 0xeeU, + 0x4cU, + 0x95U, + 0x0bU, + 0x42U, + 0xfaU, + 0xc3U, + 0x4eU, + 0x08U, + 0x2eU, + 0xa1U, + 0x66U, + 0x28U, + 0xd9U, + 0x24U, + 0xb2U, + 0x76U, + 0x5bU, + 0xa2U, + 0x49U, + 0x6dU, + 0x8bU, + 0xd1U, + 0x25U, + 0x72U, + 0xf8U, + 0xf6U, + 0x64U, + 0x86U, + 0x68U, + 0x98U, + 0x16U, + 0xd4U, + 0xa4U, + 0x5cU, + 0xccU, + 0x5dU, + 0x65U, + 0xb6U, + 0x92U, + 0x6cU, + 0x70U, + 0x48U, + 0x50U, + 0xfdU, + 0xedU, + 0xb9U, + 0xdaU, + 0x5eU, + 0x15U, + 0x46U, + 0x57U, + 0xa7U, + 0x8dU, + 0x9dU, + 0x84U, + 0x90U, + 0xd8U, + 0xabU, + 0x00U, + 0x8cU, + 0xbcU, + 0xd3U, + 0x0aU, + 0xf7U, + 0xe4U, + 0x58U, + 0x05U, + 0xb8U, + 0xb3U, + 0x45U, + 0x06U, + 0xd0U, + 0x2cU, + 0x1eU, + 0x8fU, + 0xcaU, + 0x3fU, + 0x0fU, + 0x02U, + 0xc1U, + 0xafU, + 0xbdU, + 0x03U, + 0x01U, + 0x13U, + 0x8aU, + 0x6bU, + 0x3aU, + 0x91U, + 0x11U, + 0x41U, + 0x4fU, + 0x67U, + 0xdcU, + 0xeaU, + 0x97U, + 0xf2U, + 0xcfU, + 0xceU, + 0xf0U, + 0xb4U, + 0xe6U, + 0x73U, + 0x96U, + 0xacU, + 0x74U, + 0x22U, + 0xe7U, + 0xadU, + 0x35U, + 0x85U, + 0xe2U, + 0xf9U, + 0x37U, + 0xe8U, + 0x1cU, + 0x75U, + 0xdfU, + 0x6eU, + 0x47U, + 0xf1U, + 0x1aU, + 0x71U, + 0x1dU, + 0x29U, + 0xc5U, + 0x89U, + 0x6fU, + 0xb7U, + 0x62U, + 0x0eU, + 0xaaU, + 0x18U, + 0xbeU, + 0x1bU, + 0xfcU, + 0x56U, + 0x3eU, + 0x4bU, + 0xc6U, + 0xd2U, + 0x79U, + 0x20U, + 0x9aU, + 0xdbU, + 0xc0U, + 0xfeU, + 0x78U, + 0xcdU, + 0x5aU, + 0xf4U, + 0x1fU, + 0xddU, + 0xa8U, + 0x33U, + 0x88U, + 0x07U, + 0xc7U, + 0x31U, + 0xb1U, + 0x12U, + 0x10U, + 0x59U, + 0x27U, + 0x80U, + 0xecU, + 0x5fU, + 0x60U, + 0x51U, + 0x7fU, + 0xa9U, + 0x19U, + 0xb5U, + 0x4aU, + 0x0dU, + 0x2dU, + 0xe5U, + 0x7aU, + 0x9fU, + 0x93U, + 0xc9U, + 0x9cU, + 0xefU, + 0xa0U, + 0xe0U, + 0x3bU, + 0x4dU, + 0xaeU, + 0x2aU, + 0xf5U, + 0xb0U, + 0xc8U, + 0xebU, + 0xbbU, + 0x3cU, + 0x83U, + 0x53U, + 0x99U, + 0x61U, + 0x17U, + 0x2bU, + 0x04U, + 0x7eU, + 0xbaU, + 0x77U, + 0xd6U, + 0x26U, + 0xe1U, + 0x69U, + 0x14U, + 0x63U, + 0x55U, + 0x21U, + 0x0cU, + 0x7dU, }; static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ + 0x01000000, + 0x02000000, + 0x04000000, + 0x08000000, + 0x10000000, + 0x20000000, + 0x40000000, + 0x80000000, + 0x1B000000, + 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; /** * Expand the cipher key into the encryption key schedule. */ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) + AES_KEY *key) { u32 *rk; @@ -1297,19 +3064,14 @@ else key->rounds = 14; - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); + rk[0] = GETU32(userKey); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); rk[3] = GETU32(userKey + 12); if (bits == 128) { while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; + temp = rk[3]; + rk[4] = rk[0] ^ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ (Te0[(temp) & 0xff] & 0x0000ff00) ^ (Te1[(temp >> 24)] & 0x000000ff) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; rk[7] = rk[3] ^ rk[6]; @@ -1323,21 +3085,16 @@ rk[5] = GETU32(userKey + 20); if (bits == 192) { while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; + temp = rk[5]; + rk[6] = rk[0] ^ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ (Te0[(temp) & 0xff] & 0x0000ff00) ^ (Te1[(temp >> 24)] & 0x000000ff) ^ rcon[i]; + rk[7] = rk[1] ^ rk[6]; + rk[8] = rk[2] ^ rk[7]; + rk[9] = rk[3] ^ rk[8]; if (++i == 8) { return 0; } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; + rk[10] = rk[4] ^ rk[9]; + rk[11] = rk[5] ^ rk[10]; rk += 6; } } @@ -1345,31 +3102,22 @@ rk[7] = GETU32(userKey + 28); if (bits == 256) { while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; + temp = rk[7]; + rk[8] = rk[0] ^ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ (Te0[(temp) & 0xff] & 0x0000ff00) ^ (Te1[(temp >> 24)] & 0x000000ff) ^ rcon[i]; + rk[9] = rk[1] ^ rk[8]; + rk[10] = rk[2] ^ rk[9]; + rk[11] = rk[3] ^ rk[10]; if (++i == 7) { return 0; } temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te2[(temp >> 24) ] & 0xff000000) ^ - (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[12] = rk[4] ^ (Te2[(temp >> 24)] & 0xff000000) ^ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(temp) & 0xff] & 0x000000ff); + rk[13] = rk[5] ^ rk[12]; + rk[14] = rk[6] ^ rk[13]; + rk[15] = rk[7] ^ rk[14]; rk += 8; - } + } } return 0; } @@ -1378,7 +3126,7 @@ * Expand the cipher key into the decryption key schedule. */ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) + AES_KEY *key) { u32 *rk; @@ -1393,35 +3141,27 @@ rk = key->rd_key; /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + for (i = 0, j = 4 * (key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i]; + rk[i] = rk[j]; + rk[j] = temp; + temp = rk[i + 1]; + rk[i + 1] = rk[j + 1]; + rk[j + 1] = temp; + temp = rk[i + 2]; + rk[i + 2] = rk[j + 2]; + rk[j + 2] = temp; + temp = rk[i + 3]; + rk[i + 3] = rk[j + 3]; + rk[j + 3] = temp; } /* apply the inverse MixColumn transform to all round keys but the first and the last: */ for (i = 1; i < (key->rounds); i++) { rk += 4; - rk[0] = - Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[0] ) & 0xff] & 0xff]; - rk[1] = - Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[1] ) & 0xff] & 0xff]; - rk[2] = - Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[2] ) & 0xff] & 0xff]; - rk[3] = - Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[3] ) & 0xff] & 0xff]; + rk[0] = Td0[Te1[(rk[0] >> 24)] & 0xff] ^ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ Td3[Te1[(rk[0]) & 0xff] & 0xff]; + rk[1] = Td0[Te1[(rk[1] >> 24)] & 0xff] ^ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ Td3[Te1[(rk[1]) & 0xff] & 0xff]; + rk[2] = Td0[Te1[(rk[2] >> 24)] & 0xff] ^ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ Td3[Te1[(rk[2]) & 0xff] & 0xff]; + rk[3] = Td0[Te1[(rk[3] >> 24)] & 0xff] ^ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ Td3[Te1[(rk[3]) & 0xff] & 0xff]; } return 0; } @@ -1431,7 +3171,8 @@ * in and out can overlap */ void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) { + const AES_KEY *key) +{ const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; @@ -1446,174 +3187,114 @@ * map byte array block to cipher state * and add initial round key: */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; + s0 = GETU32(in) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; s3 = GETU32(in + 12) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[7]; /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; if (key->rounds > 10) { /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; /* round 11: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; if (key->rounds > 12) { /* round 12: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; /* round 13: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; } } rk += key->rounds << 2; -#else /* !FULL_UNROLL */ +#else /* !FULL_UNROLL */ /* * Nr - 1 full rounds: */ r = key->rounds >> 1; for (;;) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[4]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[5]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[6]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[7]; + t0 = Te0[(s0 >> 24)] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[(s3) & 0xff] ^ rk[4]; + t1 = Te0[(s1 >> 24)] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[(s0) & 0xff] ^ rk[5]; + t2 = Te0[(s2 >> 24)] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[(s1) & 0xff] ^ rk[6]; + t3 = Te0[(s3 >> 24)] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[(s2) & 0xff] ^ rk[7]; rk += 8; if (--r == 0) { break; } - s0 = - Te0[(t0 >> 24) ] ^ - Te1[(t1 >> 16) & 0xff] ^ - Te2[(t2 >> 8) & 0xff] ^ - Te3[(t3 ) & 0xff] ^ - rk[0]; - s1 = - Te0[(t1 >> 24) ] ^ - Te1[(t2 >> 16) & 0xff] ^ - Te2[(t3 >> 8) & 0xff] ^ - Te3[(t0 ) & 0xff] ^ - rk[1]; - s2 = - Te0[(t2 >> 24) ] ^ - Te1[(t3 >> 16) & 0xff] ^ - Te2[(t0 >> 8) & 0xff] ^ - Te3[(t1 ) & 0xff] ^ - rk[2]; - s3 = - Te0[(t3 >> 24) ] ^ - Te1[(t0 >> 16) & 0xff] ^ - Te2[(t1 >> 8) & 0xff] ^ - Te3[(t2 ) & 0xff] ^ - rk[3]; + s0 = Te0[(t0 >> 24)] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[(t3) & 0xff] ^ rk[0]; + s1 = Te0[(t1 >> 24)] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[(t0) & 0xff] ^ rk[1]; + s2 = Te0[(t2 >> 24)] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[(t1) & 0xff] ^ rk[2]; + s3 = Te0[(t3 >> 24)] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[(t2) & 0xff] ^ rk[3]; } #endif /* ?FULL_UNROLL */ /* * apply last round and * map cipher state to byte array block: */ - s0 = - (Te2[(t0 >> 24) ] & 0xff000000) ^ - (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(out , s0); - s1 = - (Te2[(t1 >> 24) ] & 0xff000000) ^ - (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = - (Te2[(t2 >> 24) ] & 0xff000000) ^ - (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = - (Te2[(t3 >> 24) ] & 0xff000000) ^ - (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; + s0 = (Te2[(t0 >> 24)] & 0xff000000) ^ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(t3) & 0xff] & 0x000000ff) ^ rk[0]; + PUTU32(out, s0); + s1 = (Te2[(t1 >> 24)] & 0xff000000) ^ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(t0) & 0xff] & 0x000000ff) ^ rk[1]; + PUTU32(out + 4, s1); + s2 = (Te2[(t2 >> 24)] & 0xff000000) ^ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(t1) & 0xff] & 0x000000ff) ^ rk[2]; + PUTU32(out + 8, s2); + s3 = (Te2[(t3 >> 24)] & 0xff000000) ^ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ (Te1[(t2) & 0xff] & 0x000000ff) ^ rk[3]; PUTU32(out + 12, s3); } @@ -1622,7 +3303,7 @@ * in and out can overlap */ void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) + const AES_KEY *key) { const u32 *rk; @@ -1638,174 +3319,114 @@ * map byte array block to cipher state * and add initial round key: */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; + s0 = GETU32(in) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; s3 = GETU32(in + 12) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[4]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[5]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[6]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[7]; /* round 2: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[8]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[9]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; /* round 3: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; /* round 4: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; /* round 5: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; /* round 6: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; /* round 7: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; /* round 8: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; /* round 9: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; if (key->rounds > 10) { /* round 10: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; /* round 11: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; if (key->rounds > 12) { /* round 12: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; /* round 13: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; } } rk += key->rounds << 2; -#else /* !FULL_UNROLL */ +#else /* !FULL_UNROLL */ /* * Nr - 1 full rounds: */ r = key->rounds >> 1; for (;;) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[4]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[5]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[6]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[7]; + t0 = Td0[(s0 >> 24)] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[(s1) & 0xff] ^ rk[4]; + t1 = Td0[(s1 >> 24)] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[(s2) & 0xff] ^ rk[5]; + t2 = Td0[(s2 >> 24)] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[(s3) & 0xff] ^ rk[6]; + t3 = Td0[(s3 >> 24)] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[(s0) & 0xff] ^ rk[7]; rk += 8; if (--r == 0) { break; } - s0 = - Td0[(t0 >> 24) ] ^ - Td1[(t3 >> 16) & 0xff] ^ - Td2[(t2 >> 8) & 0xff] ^ - Td3[(t1 ) & 0xff] ^ - rk[0]; - s1 = - Td0[(t1 >> 24) ] ^ - Td1[(t0 >> 16) & 0xff] ^ - Td2[(t3 >> 8) & 0xff] ^ - Td3[(t2 ) & 0xff] ^ - rk[1]; - s2 = - Td0[(t2 >> 24) ] ^ - Td1[(t1 >> 16) & 0xff] ^ - Td2[(t0 >> 8) & 0xff] ^ - Td3[(t3 ) & 0xff] ^ - rk[2]; - s3 = - Td0[(t3 >> 24) ] ^ - Td1[(t2 >> 16) & 0xff] ^ - Td2[(t1 >> 8) & 0xff] ^ - Td3[(t0 ) & 0xff] ^ - rk[3]; + s0 = Td0[(t0 >> 24)] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[(t1) & 0xff] ^ rk[0]; + s1 = Td0[(t1 >> 24)] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[(t2) & 0xff] ^ rk[1]; + s2 = Td0[(t2 >> 24)] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[(t3) & 0xff] ^ rk[2]; + s3 = Td0[(t3 >> 24)] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[(t0) & 0xff] ^ rk[3]; } #endif /* ?FULL_UNROLL */ /* * apply last round and * map cipher state to byte array block: */ - s0 = - ((u32)Td4[(t0 >> 24) ] << 24) ^ - ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(t2 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(t1 ) & 0xff]) ^ - rk[0]; - PUTU32(out , s0); - s1 = - ((u32)Td4[(t1 >> 24) ] << 24) ^ - ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(t3 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(t2 ) & 0xff]) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = - ((u32)Td4[(t2 >> 24) ] << 24) ^ - ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(t0 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(t3 ) & 0xff]) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = - ((u32)Td4[(t3 >> 24) ] << 24) ^ - ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(t1 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(t0 ) & 0xff]) ^ - rk[3]; + s0 = ((u32)Td4[(t0 >> 24)] << 24) ^ ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^ ((u32)Td4[(t2 >> 8) & 0xff] << 8) ^ ((u32)Td4[(t1) & 0xff]) ^ rk[0]; + PUTU32(out, s0); + s1 = ((u32)Td4[(t1 >> 24)] << 24) ^ ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^ ((u32)Td4[(t3 >> 8) & 0xff] << 8) ^ ((u32)Td4[(t2) & 0xff]) ^ rk[1]; + PUTU32(out + 4, s1); + s2 = ((u32)Td4[(t2 >> 24)] << 24) ^ ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^ ((u32)Td4[(t0 >> 8) & 0xff] << 8) ^ ((u32)Td4[(t3) & 0xff]) ^ rk[2]; + PUTU32(out + 8, s2); + s3 = ((u32)Td4[(t3 >> 24)] << 24) ^ ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^ ((u32)Td4[(t1 >> 8) & 0xff] << 8) ^ ((u32)Td4[(t0) & 0xff]) ^ rk[3]; PUTU32(out + 12, s3); } @@ -1846,16 +3467,23 @@ 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U }; static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ + 0x01000000, + 0x02000000, + 0x04000000, + 0x08000000, + 0x10000000, + 0x20000000, + 0x40000000, + 0x80000000, + 0x1B000000, + 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; /** * Expand the cipher key into the encryption key schedule. */ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) + AES_KEY *key) { u32 *rk; int i = 0; @@ -1875,19 +3503,14 @@ else key->rounds = 14; - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); + rk[0] = GETU32(userKey); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); rk[3] = GETU32(userKey + 12); if (bits == 128) { while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ]) ^ - rcon[i]; + temp = rk[3]; + rk[4] = rk[0] ^ ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ ((u32)Te4[(temp) & 0xff] << 8) ^ ((u32)Te4[(temp >> 24)]) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; rk[7] = rk[3] ^ rk[6]; @@ -1901,21 +3524,16 @@ rk[5] = GETU32(userKey + 20); if (bits == 192) { while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ]) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; + temp = rk[5]; + rk[6] = rk[0] ^ ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ ((u32)Te4[(temp) & 0xff] << 8) ^ ((u32)Te4[(temp >> 24)]) ^ rcon[i]; + rk[7] = rk[1] ^ rk[6]; + rk[8] = rk[2] ^ rk[7]; + rk[9] = rk[3] ^ rk[8]; if (++i == 8) { return 0; } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; + rk[10] = rk[4] ^ rk[9]; + rk[11] = rk[5] ^ rk[10]; rk += 6; } } @@ -1923,28 +3541,19 @@ rk[7] = GETU32(userKey + 28); if (bits == 256) { while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ]) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; + temp = rk[7]; + rk[8] = rk[0] ^ ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ ((u32)Te4[(temp) & 0xff] << 8) ^ ((u32)Te4[(temp >> 24)]) ^ rcon[i]; + rk[9] = rk[1] ^ rk[8]; + rk[10] = rk[2] ^ rk[9]; + rk[11] = rk[3] ^ rk[10]; if (++i == 7) { return 0; } temp = rk[11]; - rk[12] = rk[ 4] ^ - ((u32)Te4[(temp >> 24) ] << 24) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ - ((u32)Te4[(temp ) & 0xff]); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[12] = rk[4] ^ ((u32)Te4[(temp >> 24)] << 24) ^ ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ ((u32)Te4[(temp) & 0xff]); + rk[13] = rk[5] ^ rk[12]; + rk[14] = rk[6] ^ rk[13]; + rk[15] = rk[7] ^ rk[14]; rk += 8; } @@ -1956,7 +3565,7 @@ * Expand the cipher key into the decryption key schedule. */ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) + AES_KEY *key) { u32 *rk; @@ -1971,11 +3580,19 @@ rk = key->rd_key; /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + for (i = 0, j = 4 * (key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i]; + rk[i] = rk[j]; + rk[j] = temp; + temp = rk[i + 1]; + rk[i + 1] = rk[j + 1]; + rk[j + 1] = temp; + temp = rk[i + 2]; + rk[i + 2] = rk[j + 2]; + rk[j + 2] = temp; + temp = rk[i + 3]; + rk[i + 3] = rk[j + 3]; + rk[j + 3] = temp; } /* apply the inverse MixColumn transform to all round keys but the first and the last: */ for (i = 1; i < (key->rounds); i++) { @@ -1985,25 +3602,19 @@ tp1 = rk[j]; m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); tp9 = tp8 ^ tp1; tpb = tp9 ^ tp2; tpd = tp9 ^ tp4; tpe = tp8 ^ tp4 ^ tp2; #if defined(ROTATE) - rk[j] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,24) ^ ROTATE(tpb,8); + rk[j] = tpe ^ ROTATE(tpd, 16) ^ ROTATE(tp9, 24) ^ ROTATE(tpb, 8); #else - rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 8) ^ (tp9 << 24) ^ - (tpb >> 24) ^ (tpb << 8); + rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ (tp9 >> 8) ^ (tp9 << 24) ^ (tpb >> 24) ^ (tpb << 8); #endif } } --- crypto/openssl/crypto/aes/aes_ecb.c.orig +++ crypto/openssl/crypto/aes/aes_ecb.c @@ -19,7 +19,7 @@ #include "aes_local.h" void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc) + const AES_KEY *key, const int enc) { assert(in && out && key); --- crypto/openssl/crypto/aes/aes_ige.c.orig +++ crypto/openssl/crypto/aes/aes_ige.c @@ -20,9 +20,9 @@ /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) -# define UNALIGNED_MEMOPS_ARE_FAST 1 +#define UNALIGNED_MEMOPS_ARE_FAST 1 #else -# define UNALIGNED_MEMOPS_ARE_FAST 0 +#define UNALIGNED_MEMOPS_ARE_FAST 0 #endif #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) @@ -35,19 +35,19 @@ #endif #if UNALIGNED_MEMOPS_ARE_FAST -# define load_block(d, s) (d) = *(const aes_block_t *)(s) -# define store_block(d, s) *(aes_block_t *)(d) = (s) +#define load_block(d, s) (d) = *(const aes_block_t *)(s) +#define store_block(d, s) *(aes_block_t *)(d) = (s) #else -# define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) -# define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) +#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) +#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) #endif /* N.B. The IV for this mode is _twice_ the block size */ /* Use of this function is deprecated. */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc) + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc) { size_t n; size_t len = length / AES_BLOCK_SIZE; @@ -60,21 +60,18 @@ OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); if (AES_ENCRYPT == enc) { - if (in != out && - (UNALIGNED_MEMOPS_ARE_FAST - || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == - 0)) { - aes_block_t *ivp = (aes_block_t *) ivec; - aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); + if (in != out && (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == 0)) { + aes_block_t *ivp = (aes_block_t *)ivec; + aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); while (len) { - aes_block_t *inp = (aes_block_t *) in; - aes_block_t *outp = (aes_block_t *) out; + aes_block_t *inp = (aes_block_t *)in; + aes_block_t *outp = (aes_block_t *)out; for (n = 0; n < N_WORDS; ++n) outp->data[n] = inp->data[n] ^ ivp->data[n]; AES_encrypt((unsigned char *)outp->data, - (unsigned char *)outp->data, key); + (unsigned char *)outp->data, key); for (n = 0; n < N_WORDS; ++n) outp->data[n] ^= iv2p->data[n]; ivp = outp; @@ -98,7 +95,7 @@ for (n = 0; n < N_WORDS; ++n) tmp2.data[n] = tmp.data[n] ^ iv.data[n]; AES_encrypt((unsigned char *)tmp2.data, - (unsigned char *)tmp2.data, key); + (unsigned char *)tmp2.data, key); for (n = 0; n < N_WORDS; ++n) tmp2.data[n] ^= iv2.data[n]; store_block(out, tmp2); @@ -112,22 +109,19 @@ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); } } else { - if (in != out && - (UNALIGNED_MEMOPS_ARE_FAST - || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == - 0)) { - aes_block_t *ivp = (aes_block_t *) ivec; - aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); + if (in != out && (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == 0)) { + aes_block_t *ivp = (aes_block_t *)ivec; + aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); while (len) { aes_block_t tmp; - aes_block_t *inp = (aes_block_t *) in; - aes_block_t *outp = (aes_block_t *) out; + aes_block_t *inp = (aes_block_t *)in; + aes_block_t *outp = (aes_block_t *)out; for (n = 0; n < N_WORDS; ++n) tmp.data[n] = inp->data[n] ^ iv2p->data[n]; AES_decrypt((unsigned char *)tmp.data, - (unsigned char *)outp->data, key); + (unsigned char *)outp->data, key); for (n = 0; n < N_WORDS; ++n) outp->data[n] ^= ivp->data[n]; ivp = inp; @@ -152,7 +146,7 @@ for (n = 0; n < N_WORDS; ++n) tmp.data[n] ^= iv2.data[n]; AES_decrypt((unsigned char *)tmp.data, - (unsigned char *)tmp.data, key); + (unsigned char *)tmp.data, key); for (n = 0; n < N_WORDS; ++n) tmp.data[n] ^= iv.data[n]; store_block(out, tmp); @@ -184,9 +178,9 @@ /* N.B. The IV for this mode is _four times_ the block size */ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - const AES_KEY *key2, const unsigned char *ivec, - const int enc) + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc) { size_t n; size_t len = length; --- crypto/openssl/crypto/aes/aes_local.h.orig +++ crypto/openssl/crypto/aes/aes_local.h @@ -8,36 +8,45 @@ */ #ifndef OSSL_CRYPTO_AES_LOCAL_H -# define OSSL_CRYPTO_AES_LOCAL_H +#define OSSL_CRYPTO_AES_LOCAL_H -# include -# include -# include -# include +#include +#include +#include +#include -# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -# else -# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -# endif +#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +#define GETU32(p) SWAP(*((u32 *)(p))) +#define PUTU32(ct, st) \ + { \ + *((u32 *)(ct)) = SWAP((st)); \ + } +#else +#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +#define PUTU32(ct, st) \ + { \ + (ct)[0] = (u8)((st) >> 24); \ + (ct)[1] = (u8)((st) >> 16); \ + (ct)[2] = (u8)((st) >> 8); \ + (ct)[3] = (u8)(st); \ + } +#endif typedef uint64_t u64; -# ifdef AES_LONG +#ifdef AES_LONG typedef unsigned long u32; -# else +#else typedef unsigned int u32; -# endif +#endif typedef unsigned short u16; typedef unsigned char u8; -# define MAXKC (256/32) -# define MAXKB (256/8) -# define MAXNR 14 +#define MAXKC (256 / 32) +#define MAXKB (256 / 8) +#define MAXNR 14 /* This controls loop-unrolling in aes_core.c */ -# undef FULL_UNROLL +#undef FULL_UNROLL -#endif /* !OSSL_CRYPTO_AES_LOCAL_H */ +#endif /* !OSSL_CRYPTO_AES_LOCAL_H */ --- crypto/openssl/crypto/aes/aes_misc.c.orig +++ crypto/openssl/crypto/aes/aes_misc.c @@ -14,10 +14,10 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 const char *AES_options(void) { -# ifdef FULL_UNROLL +#ifdef FULL_UNROLL return "aes(full)"; -# else +#else return "aes(partial)"; -# endif +#endif } #endif --- crypto/openssl/crypto/aes/aes_ofb.c.orig +++ crypto/openssl/crypto/aes/aes_ofb.c @@ -17,9 +17,9 @@ #include void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num) + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num) { CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f) AES_encrypt); + (block128_f)AES_encrypt); } --- crypto/openssl/crypto/aes/aes_wrap.c.orig +++ crypto/openssl/crypto/aes/aes_wrap.c @@ -18,16 +18,16 @@ #include int AES_wrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen) + unsigned char *out, + const unsigned char *in, unsigned int inlen) { - return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt); + return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f)AES_encrypt); } int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen) + unsigned char *out, + const unsigned char *in, unsigned int inlen) { return CRYPTO_128_unwrap(key, iv, out, in, inlen, - (block128_f) AES_decrypt); + (block128_f)AES_decrypt); } --- crypto/openssl/crypto/aes/aes_x86core.c.orig +++ crypto/openssl/crypto/aes/aes_x86core.c @@ -41,7 +41,6 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - #include #include @@ -53,59 +52,61 @@ * referenced in outer and respectively inner rounds. */ #define AES_COMPACT_IN_OUTER_ROUNDS -#ifdef AES_COMPACT_IN_OUTER_ROUNDS +#ifdef AES_COMPACT_IN_OUTER_ROUNDS /* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further* * by factor of ~2. */ -# undef AES_COMPACT_IN_INNER_ROUNDS +#undef AES_COMPACT_IN_INNER_ROUNDS #endif #if 1 static void prefetch256(const void *table) { - volatile unsigned long *t=(void *)table,ret; + volatile unsigned long *t = (void *)table, ret; unsigned long sum; int i; /* 32 is common least cache-line size */ - for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0])) sum ^= t[i]; + for (sum = 0, i = 0; i < 256 / sizeof(t[0]); i += 32 / sizeof(t[0])) + sum ^= t[i]; ret = sum; } #else -# define prefetch256(t) +#define prefetch256(t) #endif #undef GETU32 -#define GETU32(p) (*((u32*)(p))) +#define GETU32(p) (*((u32 *)(p))) #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) typedef unsigned __int64 u64; -#define U64(C) C##UI64 +#define U64(C) C##UI64 #elif defined(__arch64__) typedef unsigned long u64; -#define U64(C) C##UL +#define U64(C) C##UL #else typedef unsigned long long u64; -#define U64(C) C##ULL +#define U64(C) C##ULL #endif #undef ROTATE #if defined(_MSC_VER) -# define ROTATE(a,n) _lrotl(a,n) +#define ROTATE(a, n) _lrotl(a, n) #elif defined(__ICC) -# define ROTATE(a,n) _rotl(a,n) -#elif defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "roll %1,%0" \ - : "=r"(ret) \ - : "I"(n), "0"(a) \ - : "cc"); \ - ret; \ - }) -# endif +#define ROTATE(a, n) _rotl(a, n) +#elif defined(__GNUC__) && __GNUC__ >= 2 +#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +#define ROTATE(a, n) ({ \ + register unsigned int ret; \ + asm( \ + "roll %1,%0" \ + : "=r"(ret) \ + : "I"(n), "0"(a) \ + : "cc"); \ + ret; \ +}) +#endif #endif /*- Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03]; @@ -114,10 +115,10 @@ Te2[x] = S [x].[01, 03, 02, 01]; Te3[x] = S [x].[01, 01, 03, 02]; */ -#define Te0 (u32)((u64*)((u8*)Te+0)) -#define Te1 (u32)((u64*)((u8*)Te+3)) -#define Te2 (u32)((u64*)((u8*)Te+2)) -#define Te3 (u32)((u64*)((u8*)Te+1)) +#define Te0 (u32)((u64 *)((u8 *)Te + 0)) +#define Te1 (u32)((u64 *)((u8 *)Te + 3)) +#define Te2 (u32)((u64 *)((u8 *)Te + 2)) +#define Te3 (u32)((u64 *)((u8 *)Te + 1)) /*- Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b]; Td0[x] = Si[x].[0e, 09, 0d, 0b]; @@ -126,10 +127,10 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e]; Td4[x] = Si[x].[01]; */ -#define Td0 (u32)((u64*)((u8*)Td+0)) -#define Td1 (u32)((u64*)((u8*)Td+3)) -#define Td2 (u32)((u64*)((u8*)Td+2)) -#define Td3 (u32)((u64*)((u8*)Td+1)) +#define Td0 (u32)((u64 *)((u8 *)Td + 0)) +#define Td1 (u32)((u64 *)((u8 *)Td + 3)) +#define Td2 (u32)((u64 *)((u8 *)Td + 2)) +#define Td3 (u32)((u64 *)((u8 *)Td + 1)) static const u64 Te[256] = { U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8), @@ -463,16 +464,23 @@ }; static const u32 rcon[] = { - 0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U, - 0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U, - 0x0000001bU, 0x00000036U, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ + 0x00000001U, + 0x00000002U, + 0x00000004U, + 0x00000008U, + 0x00000010U, + 0x00000020U, + 0x00000040U, + 0x00000080U, + 0x0000001bU, + 0x00000036U, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; /** * Expand the cipher key into the encryption key schedule. */ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) + AES_KEY *key) { u32 *rk; @@ -486,26 +494,21 @@ rk = key->rd_key; - if (bits==128) + if (bits == 128) key->rounds = 10; - else if (bits==192) + else if (bits == 192) key->rounds = 12; else key->rounds = 14; - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); + rk[0] = GETU32(userKey); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); rk[3] = GETU32(userKey + 12); if (bits == 128) { while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - ((u32)Te4[(temp >> 8) & 0xff] ) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; + temp = rk[3]; + rk[4] = rk[0] ^ ((u32)Te4[(temp >> 8) & 0xff]) ^ ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ ((u32)Te4[(temp >> 24)] << 16) ^ ((u32)Te4[(temp) & 0xff] << 24) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; rk[7] = rk[3] ^ rk[6]; @@ -519,21 +522,16 @@ rk[5] = GETU32(userKey + 20); if (bits == 192) { while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - ((u32)Te4[(temp >> 8) & 0xff] ) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; + temp = rk[5]; + rk[6] = rk[0] ^ ((u32)Te4[(temp >> 8) & 0xff]) ^ ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ ((u32)Te4[(temp >> 24)] << 16) ^ ((u32)Te4[(temp) & 0xff] << 24) ^ rcon[i]; + rk[7] = rk[1] ^ rk[6]; + rk[8] = rk[2] ^ rk[7]; + rk[9] = rk[3] ^ rk[8]; if (++i == 8) { return 0; } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; + rk[10] = rk[4] ^ rk[9]; + rk[11] = rk[5] ^ rk[10]; rk += 6; } } @@ -541,31 +539,22 @@ rk[7] = GETU32(userKey + 28); if (bits == 256) { while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - ((u32)Te4[(temp >> 8) & 0xff] ) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; + temp = rk[7]; + rk[8] = rk[0] ^ ((u32)Te4[(temp >> 8) & 0xff]) ^ ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ ((u32)Te4[(temp >> 24)] << 16) ^ ((u32)Te4[(temp) & 0xff] << 24) ^ rcon[i]; + rk[9] = rk[1] ^ rk[8]; + rk[10] = rk[2] ^ rk[9]; + rk[11] = rk[3] ^ rk[10]; if (++i == 7) { return 0; } temp = rk[11]; - rk[12] = rk[ 4] ^ - ((u32)Te4[(temp ) & 0xff] ) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ - ((u32)Te4[(temp >> 24) ] << 24); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[12] = rk[4] ^ ((u32)Te4[(temp) & 0xff]) ^ ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ ((u32)Te4[(temp >> 24)] << 24); + rk[13] = rk[5] ^ rk[12]; + rk[14] = rk[6] ^ rk[13]; + rk[15] = rk[7] ^ rk[14]; rk += 8; - } + } } return 0; } @@ -574,7 +563,7 @@ * Expand the cipher key into the decryption key schedule. */ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) + AES_KEY *key) { u32 *rk; @@ -589,11 +578,19 @@ rk = key->rd_key; /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + for (i = 0, j = 4 * (key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i]; + rk[i] = rk[j]; + rk[j] = temp; + temp = rk[i + 1]; + rk[i + 1] = rk[j + 1]; + rk[j + 1] = temp; + temp = rk[i + 2]; + rk[i + 2] = rk[j + 2]; + rk[j + 2] = temp; + temp = rk[i + 3]; + rk[i + 3] = rk[j + 3]; + rk[j + 3] = temp; } /* apply the inverse MixColumn transform to all round keys but the first and the last: */ for (i = 1; i < (key->rounds); i++) { @@ -604,48 +601,26 @@ tp1 = rk[j]; m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); tp9 = tp8 ^ tp1; tpb = tp9 ^ tp2; tpd = tp9 ^ tp4; tpe = tp8 ^ tp4 ^ tp2; #if defined(ROTATE) - rk[j] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); + rk[j] = tpe ^ ROTATE(tpd, 16) ^ ROTATE(tp9, 8) ^ ROTATE(tpb, 24); #else - rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); + rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ (tp9 >> 24) ^ (tp9 << 8) ^ (tpb >> 8) ^ (tpb << 24); #endif } #else - rk[0] = - Td0[Te2[(rk[0] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[0] >> 24) ] & 0xff]; - rk[1] = - Td0[Te2[(rk[1] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[1] >> 24) ] & 0xff]; - rk[2] = - Td0[Te2[(rk[2] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[2] >> 24) ] & 0xff]; - rk[3] = - Td0[Te2[(rk[3] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[3] >> 24) ] & 0xff]; + rk[0] = Td0[Te2[(rk[0]) & 0xff] & 0xff] ^ Td1[Te2[(rk[0] >> 8) & 0xff] & 0xff] ^ Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^ Td3[Te2[(rk[0] >> 24)] & 0xff]; + rk[1] = Td0[Te2[(rk[1]) & 0xff] & 0xff] ^ Td1[Te2[(rk[1] >> 8) & 0xff] & 0xff] ^ Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^ Td3[Te2[(rk[1] >> 24)] & 0xff]; + rk[2] = Td0[Te2[(rk[2]) & 0xff] & 0xff] ^ Td1[Te2[(rk[2] >> 8) & 0xff] & 0xff] ^ Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^ Td3[Te2[(rk[2] >> 24)] & 0xff]; + rk[3] = Td0[Te2[(rk[3]) & 0xff] & 0xff] ^ Td1[Te2[(rk[3] >> 8) & 0xff] & 0xff] ^ Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^ Td3[Te2[(rk[3] >> 24)] & 0xff]; #endif } return 0; @@ -656,7 +631,7 @@ * in and out can overlap */ void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) + const AES_KEY *key) { const u32 *rk; @@ -670,96 +645,56 @@ * map byte array block to cipher state * and add initial round key: */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; + s0 = GETU32(in) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; s3 = GETU32(in + 12) ^ rk[3]; #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Te4); - t[0] = (u32)Te4[(s0 ) & 0xff] ^ - (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s3 >> 24) ] << 24; - t[1] = (u32)Te4[(s1 ) & 0xff] ^ - (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s0 >> 24) ] << 24; - t[2] = (u32)Te4[(s2 ) & 0xff] ^ - (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s1 >> 24) ] << 24; - t[3] = (u32)Te4[(s3 ) & 0xff] ^ - (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0) & 0xff] ^ (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ (u32)Te4[(s3 >> 24)] << 24; + t[1] = (u32)Te4[(s1) & 0xff] ^ (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ (u32)Te4[(s0 >> 24)] << 24; + t[2] = (u32)Te4[(s2) & 0xff] ^ (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ (u32)Te4[(s1 >> 24)] << 24; + t[3] = (u32)Te4[(s3) & 0xff] ^ (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ (u32)Te4[(s2 >> 24)] << 24; /* now do the linear transform using words */ - { int i; + { + int i; u32 r0, r1, r2; for (i = 0; i < 4; i++) { r0 = t[i]; r1 = r0 & 0x80808080; - r2 = ((r0 & 0x7f7f7f7f) << 1) ^ - ((r1 - (r1 >> 7)) & 0x1b1b1b1b); + r2 = ((r0 & 0x7f7f7f7f) << 1) ^ ((r1 - (r1 >> 7)) & 0x1b1b1b1b); #if defined(ROTATE) - t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^ - ROTATE(r0,16) ^ ROTATE(r0,8); + t[i] = r2 ^ ROTATE(r2, 24) ^ ROTATE(r0, 24) ^ ROTATE(r0, 16) ^ ROTATE(r0, 8); #else - t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ - (r0 << 16) ^ (r0 >> 16) ^ - (r0 << 8) ^ (r0 >> 24); + t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ (r0 << 16) ^ (r0 >> 16) ^ (r0 << 8) ^ (r0 >> 24); #endif - t[i] ^= rk[4+i]; + t[i] ^= rk[4 + i]; } } #else - t[0] = Te0[(s0 ) & 0xff] ^ - Te1[(s1 >> 8) & 0xff] ^ - Te2[(s2 >> 16) & 0xff] ^ - Te3[(s3 >> 24) ] ^ - rk[4]; - t[1] = Te0[(s1 ) & 0xff] ^ - Te1[(s2 >> 8) & 0xff] ^ - Te2[(s3 >> 16) & 0xff] ^ - Te3[(s0 >> 24) ] ^ - rk[5]; - t[2] = Te0[(s2 ) & 0xff] ^ - Te1[(s3 >> 8) & 0xff] ^ - Te2[(s0 >> 16) & 0xff] ^ - Te3[(s1 >> 24) ] ^ - rk[6]; - t[3] = Te0[(s3 ) & 0xff] ^ - Te1[(s0 >> 8) & 0xff] ^ - Te2[(s1 >> 16) & 0xff] ^ - Te3[(s2 >> 24) ] ^ - rk[7]; + t[0] = Te0[(s0) & 0xff] ^ Te1[(s1 >> 8) & 0xff] ^ Te2[(s2 >> 16) & 0xff] ^ Te3[(s3 >> 24)] ^ rk[4]; + t[1] = Te0[(s1) & 0xff] ^ Te1[(s2 >> 8) & 0xff] ^ Te2[(s3 >> 16) & 0xff] ^ Te3[(s0 >> 24)] ^ rk[5]; + t[2] = Te0[(s2) & 0xff] ^ Te1[(s3 >> 8) & 0xff] ^ Te2[(s0 >> 16) & 0xff] ^ Te3[(s1 >> 24)] ^ rk[6]; + t[3] = Te0[(s3) & 0xff] ^ Te1[(s0 >> 8) & 0xff] ^ Te2[(s1 >> 16) & 0xff] ^ Te3[(s2 >> 24)] ^ rk[7]; #endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; + s0 = t[0]; + s1 = t[1]; + s2 = t[2]; + s3 = t[3]; /* * Nr - 2 full rounds: */ - for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { + for (rk += 8, r = key->rounds - 2; r > 0; rk += 4, r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = (u32)Te4[(s0 ) & 0xff] ^ - (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s3 >> 24) ] << 24; - t[1] = (u32)Te4[(s1 ) & 0xff] ^ - (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s0 >> 24) ] << 24; - t[2] = (u32)Te4[(s2 ) & 0xff] ^ - (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s1 >> 24) ] << 24; - t[3] = (u32)Te4[(s3 ) & 0xff] ^ - (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0) & 0xff] ^ (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ (u32)Te4[(s3 >> 24)] << 24; + t[1] = (u32)Te4[(s1) & 0xff] ^ (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ (u32)Te4[(s0 >> 24)] << 24; + t[2] = (u32)Te4[(s2) & 0xff] ^ (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ (u32)Te4[(s1 >> 24)] << 24; + t[3] = (u32)Te4[(s3) & 0xff] ^ (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ (u32)Te4[(s2 >> 24)] << 24; /* now do the linear transform using words */ { @@ -769,42 +704,25 @@ for (i = 0; i < 4; i++) { r0 = t[i]; r1 = r0 & 0x80808080; - r2 = ((r0 & 0x7f7f7f7f) << 1) ^ - ((r1 - (r1 >> 7)) & 0x1b1b1b1b); + r2 = ((r0 & 0x7f7f7f7f) << 1) ^ ((r1 - (r1 >> 7)) & 0x1b1b1b1b); #if defined(ROTATE) - t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^ - ROTATE(r0,16) ^ ROTATE(r0,8); + t[i] = r2 ^ ROTATE(r2, 24) ^ ROTATE(r0, 24) ^ ROTATE(r0, 16) ^ ROTATE(r0, 8); #else - t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ - (r0 << 16) ^ (r0 >> 16) ^ - (r0 << 8) ^ (r0 >> 24); + t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ (r0 << 16) ^ (r0 >> 16) ^ (r0 << 8) ^ (r0 >> 24); #endif t[i] ^= rk[i]; } } #else - t[0] = Te0[(s0 ) & 0xff] ^ - Te1[(s1 >> 8) & 0xff] ^ - Te2[(s2 >> 16) & 0xff] ^ - Te3[(s3 >> 24) ] ^ - rk[0]; - t[1] = Te0[(s1 ) & 0xff] ^ - Te1[(s2 >> 8) & 0xff] ^ - Te2[(s3 >> 16) & 0xff] ^ - Te3[(s0 >> 24) ] ^ - rk[1]; - t[2] = Te0[(s2 ) & 0xff] ^ - Te1[(s3 >> 8) & 0xff] ^ - Te2[(s0 >> 16) & 0xff] ^ - Te3[(s1 >> 24) ] ^ - rk[2]; - t[3] = Te0[(s3 ) & 0xff] ^ - Te1[(s0 >> 8) & 0xff] ^ - Te2[(s1 >> 16) & 0xff] ^ - Te3[(s2 >> 24) ] ^ - rk[3]; + t[0] = Te0[(s0) & 0xff] ^ Te1[(s1 >> 8) & 0xff] ^ Te2[(s2 >> 16) & 0xff] ^ Te3[(s3 >> 24)] ^ rk[0]; + t[1] = Te0[(s1) & 0xff] ^ Te1[(s2 >> 8) & 0xff] ^ Te2[(s3 >> 16) & 0xff] ^ Te3[(s0 >> 24)] ^ rk[1]; + t[2] = Te0[(s2) & 0xff] ^ Te1[(s3 >> 8) & 0xff] ^ Te2[(s0 >> 16) & 0xff] ^ Te3[(s1 >> 24)] ^ rk[2]; + t[3] = Te0[(s3) & 0xff] ^ Te1[(s0 >> 8) & 0xff] ^ Te2[(s1 >> 16) & 0xff] ^ Te3[(s2 >> 24)] ^ rk[3]; #endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; + s0 = t[0]; + s1 = t[1]; + s2 = t[2]; + s3 = t[3]; } /* * apply last round and @@ -813,55 +731,15 @@ #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Te4); - *(u32*)(out+0) = - (u32)Te4[(s0 ) & 0xff] ^ - (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s3 >> 24) ] << 24 ^ - rk[0]; - *(u32*)(out+4) = - (u32)Te4[(s1 ) & 0xff] ^ - (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s0 >> 24) ] << 24 ^ - rk[1]; - *(u32*)(out+8) = - (u32)Te4[(s2 ) & 0xff] ^ - (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s1 >> 24) ] << 24 ^ - rk[2]; - *(u32*)(out+12) = - (u32)Te4[(s3 ) & 0xff] ^ - (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s2 >> 24) ] << 24 ^ - rk[3]; + *(u32 *)(out + 0) = (u32)Te4[(s0) & 0xff] ^ (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ (u32)Te4[(s3 >> 24)] << 24 ^ rk[0]; + *(u32 *)(out + 4) = (u32)Te4[(s1) & 0xff] ^ (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ (u32)Te4[(s0 >> 24)] << 24 ^ rk[1]; + *(u32 *)(out + 8) = (u32)Te4[(s2) & 0xff] ^ (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ (u32)Te4[(s1 >> 24)] << 24 ^ rk[2]; + *(u32 *)(out + 12) = (u32)Te4[(s3) & 0xff] ^ (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ (u32)Te4[(s2 >> 24)] << 24 ^ rk[3]; #else - *(u32*)(out+0) = - (Te2[(s0 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s1 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s3 >> 24) ] & 0xff000000U) ^ - rk[0]; - *(u32*)(out+4) = - (Te2[(s1 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s2 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s0 >> 24) ] & 0xff000000U) ^ - rk[1]; - *(u32*)(out+8) = - (Te2[(s2 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s3 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s1 >> 24) ] & 0xff000000U) ^ - rk[2]; - *(u32*)(out+12) = - (Te2[(s3 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s0 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s2 >> 24) ] & 0xff000000U) ^ - rk[3]; + *(u32 *)(out + 0) = (Te2[(s0) & 0xff] & 0x000000ffU) ^ (Te3[(s1 >> 8) & 0xff] & 0x0000ff00U) ^ (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^ (Te1[(s3 >> 24)] & 0xff000000U) ^ rk[0]; + *(u32 *)(out + 4) = (Te2[(s1) & 0xff] & 0x000000ffU) ^ (Te3[(s2 >> 8) & 0xff] & 0x0000ff00U) ^ (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^ (Te1[(s0 >> 24)] & 0xff000000U) ^ rk[1]; + *(u32 *)(out + 8) = (Te2[(s2) & 0xff] & 0x000000ffU) ^ (Te3[(s3 >> 8) & 0xff] & 0x0000ff00U) ^ (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^ (Te1[(s1 >> 24)] & 0xff000000U) ^ rk[2]; + *(u32 *)(out + 12) = (Te2[(s3) & 0xff] & 0x000000ffU) ^ (Te3[(s0 >> 8) & 0xff] & 0x0000ff00U) ^ (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^ (Te1[(s2 >> 24)] & 0xff000000U) ^ rk[3]; #endif } @@ -870,7 +748,7 @@ * in and out can overlap */ void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) + const AES_KEY *key) { const u32 *rk; @@ -884,30 +762,18 @@ * map byte array block to cipher state * and add initial round key: */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; + s0 = GETU32(in) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; s3 = GETU32(in + 12) ^ rk[3]; #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Td4); - t[0] = (u32)Td4[(s0 ) & 0xff] ^ - (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s1 >> 24) ] << 24; - t[1] = (u32)Td4[(s1 ) & 0xff] ^ - (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s2 >> 24) ] << 24; - t[2] = (u32)Td4[(s2 ) & 0xff] ^ - (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s3 >> 24) ] << 24; - t[3] = (u32)Td4[(s3 ) & 0xff] ^ - (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0) & 0xff] ^ (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ (u32)Td4[(s1 >> 24)] << 24; + t[1] = (u32)Td4[(s1) & 0xff] ^ (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ (u32)Td4[(s2 >> 24)] << 24; + t[2] = (u32)Td4[(s2) & 0xff] ^ (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ (u32)Td4[(s3 >> 24)] << 24; + t[3] = (u32)Td4[(s3) & 0xff] ^ (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ (u32)Td4[(s0 >> 24)] << 24; /* now do the linear transform using words */ { @@ -917,129 +783,79 @@ for (i = 0; i < 4; i++) { tp1 = t[i]; m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); tp9 = tp8 ^ tp1; tpb = tp9 ^ tp2; tpd = tp9 ^ tp4; tpe = tp8 ^ tp4 ^ tp2; #if defined(ROTATE) - t[i] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); + t[i] = tpe ^ ROTATE(tpd, 16) ^ ROTATE(tp9, 8) ^ ROTATE(tpb, 24); #else - t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); + t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ (tp9 >> 24) ^ (tp9 << 8) ^ (tpb >> 8) ^ (tpb << 24); #endif - t[i] ^= rk[4+i]; + t[i] ^= rk[4 + i]; } } #else - t[0] = Td0[(s0 ) & 0xff] ^ - Td1[(s3 >> 8) & 0xff] ^ - Td2[(s2 >> 16) & 0xff] ^ - Td3[(s1 >> 24) ] ^ - rk[4]; - t[1] = Td0[(s1 ) & 0xff] ^ - Td1[(s0 >> 8) & 0xff] ^ - Td2[(s3 >> 16) & 0xff] ^ - Td3[(s2 >> 24) ] ^ - rk[5]; - t[2] = Td0[(s2 ) & 0xff] ^ - Td1[(s1 >> 8) & 0xff] ^ - Td2[(s0 >> 16) & 0xff] ^ - Td3[(s3 >> 24) ] ^ - rk[6]; - t[3] = Td0[(s3 ) & 0xff] ^ - Td1[(s2 >> 8) & 0xff] ^ - Td2[(s1 >> 16) & 0xff] ^ - Td3[(s0 >> 24) ] ^ - rk[7]; + t[0] = Td0[(s0) & 0xff] ^ Td1[(s3 >> 8) & 0xff] ^ Td2[(s2 >> 16) & 0xff] ^ Td3[(s1 >> 24)] ^ rk[4]; + t[1] = Td0[(s1) & 0xff] ^ Td1[(s0 >> 8) & 0xff] ^ Td2[(s3 >> 16) & 0xff] ^ Td3[(s2 >> 24)] ^ rk[5]; + t[2] = Td0[(s2) & 0xff] ^ Td1[(s1 >> 8) & 0xff] ^ Td2[(s0 >> 16) & 0xff] ^ Td3[(s3 >> 24)] ^ rk[6]; + t[3] = Td0[(s3) & 0xff] ^ Td1[(s2 >> 8) & 0xff] ^ Td2[(s1 >> 16) & 0xff] ^ Td3[(s0 >> 24)] ^ rk[7]; #endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; + s0 = t[0]; + s1 = t[1]; + s2 = t[2]; + s3 = t[3]; /* * Nr - 2 full rounds: */ - for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { + for (rk += 8, r = key->rounds - 2; r > 0; rk += 4, r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = (u32)Td4[(s0 ) & 0xff] ^ - (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s1 >> 24) ] << 24; - t[1] = (u32)Td4[(s1 ) & 0xff] ^ - (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s2 >> 24) ] << 24; - t[2] = (u32)Td4[(s2 ) & 0xff] ^ - (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s3 >> 24) ] << 24; - t[3] = (u32)Td4[(s3 ) & 0xff] ^ - (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0) & 0xff] ^ (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ (u32)Td4[(s1 >> 24)] << 24; + t[1] = (u32)Td4[(s1) & 0xff] ^ (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ (u32)Td4[(s2 >> 24)] << 24; + t[2] = (u32)Td4[(s2) & 0xff] ^ (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ (u32)Td4[(s3 >> 24)] << 24; + t[3] = (u32)Td4[(s3) & 0xff] ^ (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ (u32)Td4[(s0 >> 24)] << 24; - /* now do the linear transform using words */ - { - int i; - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + /* now do the linear transform using words */ + { + int i; + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - for (i = 0; i < 4; i++) { - tp1 = t[i]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; + for (i = 0; i < 4; i++) { + tp1 = t[i]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; #if defined(ROTATE) - t[i] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); + t[i] = tpe ^ ROTATE(tpd, 16) ^ ROTATE(tp9, 8) ^ ROTATE(tpb, 24); #else - t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); + t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ (tp9 >> 24) ^ (tp9 << 8) ^ (tpb >> 8) ^ (tpb << 24); #endif - t[i] ^= rk[i]; + t[i] ^= rk[i]; + } } - } #else - t[0] = Td0[(s0 ) & 0xff] ^ - Td1[(s3 >> 8) & 0xff] ^ - Td2[(s2 >> 16) & 0xff] ^ - Td3[(s1 >> 24) ] ^ - rk[0]; - t[1] = Td0[(s1 ) & 0xff] ^ - Td1[(s0 >> 8) & 0xff] ^ - Td2[(s3 >> 16) & 0xff] ^ - Td3[(s2 >> 24) ] ^ - rk[1]; - t[2] = Td0[(s2 ) & 0xff] ^ - Td1[(s1 >> 8) & 0xff] ^ - Td2[(s0 >> 16) & 0xff] ^ - Td3[(s3 >> 24) ] ^ - rk[2]; - t[3] = Td0[(s3 ) & 0xff] ^ - Td1[(s2 >> 8) & 0xff] ^ - Td2[(s1 >> 16) & 0xff] ^ - Td3[(s0 >> 24) ] ^ - rk[3]; + t[0] = Td0[(s0) & 0xff] ^ Td1[(s3 >> 8) & 0xff] ^ Td2[(s2 >> 16) & 0xff] ^ Td3[(s1 >> 24)] ^ rk[0]; + t[1] = Td0[(s1) & 0xff] ^ Td1[(s0 >> 8) & 0xff] ^ Td2[(s3 >> 16) & 0xff] ^ Td3[(s2 >> 24)] ^ rk[1]; + t[2] = Td0[(s2) & 0xff] ^ Td1[(s1 >> 8) & 0xff] ^ Td2[(s0 >> 16) & 0xff] ^ Td3[(s3 >> 24)] ^ rk[2]; + t[3] = Td0[(s3) & 0xff] ^ Td1[(s2 >> 8) & 0xff] ^ Td2[(s1 >> 16) & 0xff] ^ Td3[(s0 >> 24)] ^ rk[3]; #endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; + s0 = t[0]; + s1 = t[1]; + s2 = t[2]; + s3 = t[3]; } /* * apply last round and @@ -1047,28 +863,8 @@ */ prefetch256(Td4); - *(u32*)(out+0) = - ((u32)Td4[(s0 ) & 0xff]) ^ - ((u32)Td4[(s3 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(s1 >> 24) ] << 24) ^ - rk[0]; - *(u32*)(out+4) = - ((u32)Td4[(s1 ) & 0xff]) ^ - ((u32)Td4[(s0 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(s2 >> 24) ] << 24) ^ - rk[1]; - *(u32*)(out+8) = - ((u32)Td4[(s2 ) & 0xff]) ^ - ((u32)Td4[(s1 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(s3 >> 24) ] << 24) ^ - rk[2]; - *(u32*)(out+12) = - ((u32)Td4[(s3 ) & 0xff]) ^ - ((u32)Td4[(s2 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(s0 >> 24) ] << 24) ^ - rk[3]; + *(u32 *)(out + 0) = ((u32)Td4[(s0) & 0xff]) ^ ((u32)Td4[(s3 >> 8) & 0xff] << 8) ^ ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^ ((u32)Td4[(s1 >> 24)] << 24) ^ rk[0]; + *(u32 *)(out + 4) = ((u32)Td4[(s1) & 0xff]) ^ ((u32)Td4[(s0 >> 8) & 0xff] << 8) ^ ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^ ((u32)Td4[(s2 >> 24)] << 24) ^ rk[1]; + *(u32 *)(out + 8) = ((u32)Td4[(s2) & 0xff]) ^ ((u32)Td4[(s1 >> 8) & 0xff] << 8) ^ ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^ ((u32)Td4[(s3 >> 24)] << 24) ^ rk[2]; + *(u32 *)(out + 12) = ((u32)Td4[(s3) & 0xff]) ^ ((u32)Td4[(s2 >> 8) & 0xff] << 8) ^ ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^ ((u32)Td4[(s0 >> 24)] << 24) ^ rk[3]; } --- crypto/openssl/crypto/aes/asm/aes-s390x.pl.orig +++ crypto/openssl/crypto/aes/asm/aes-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1431,6 +1431,9 @@ st${g} $s3,0($sp) # backchain la %r1,$stdframe($sp) + xc $stdframe+0(64,$sp),$stdframe+0($sp) # clear reserved/unused + # in parameter block + lmg $s2,$s3,0($key) # copy key stg $s2,$stdframe+80($sp) stg $s3,$stdframe+88($sp) --- crypto/openssl/crypto/aes/asm/aesv8-armx.pl.orig +++ crypto/openssl/crypto/aes/asm/aesv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -417,7 +417,7 @@ # If lsize < 3*16 bytes, treat them as the tail, interleave the # two blocks AES instructions. # There is one special case, if the original input data size dsize -# = 16 bytes, we will treat it seperately to improve the +# = 16 bytes, we will treat it separately to improve the # performance: one independent code block without LR, FP load and # store, just looks like what the original ECB implementation does. @@ -2222,7 +2222,7 @@ # will be processed specially, which be integrated into the 5*16 bytes # loop to improve the efficiency. # There is one special case, if the original input data size dsize -# = 16 bytes, we will treat it seperately to improve the +# = 16 bytes, we will treat it separately to improve the # performance: one independent code block without LR, FP load and # store. # Encryption will process the (length -tailcnt) bytes as mentioned @@ -3557,7 +3557,7 @@ cbnz x2,.Lxts_dec_1st_done vld1.8 {$dat0},[$inp],#16 - // Decrypt the last secod block to get the last plain text block + // Decrypt the last second block to get the last plain text block .Lxts_dec_1st_done: eor $tmpin,$dat0,$iv1 ldr $rounds,[$key1,#240] --- crypto/openssl/crypto/aria/aria.c.orig +++ crypto/openssl/crypto/aria/aria.c @@ -32,30 +32,23 @@ #define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r))) #define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r))) -#define bswap32(v) \ - (((v) << 24) ^ ((v) >> 24) ^ \ - (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8)) +#define bswap32(v) \ + (((v) << 24) ^ ((v) >> 24) ^ (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8)) #define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8))) -#define GET_U32_BE(X, Y) ( \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 ] << 24) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] << 8) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3] ) ) - -#define PUT_U32_BE(DEST, IDX, VAL) \ - do { \ - ((uint8_t *)(DEST))[IDX * 4 ] = GET_U8_BE(VAL, 0); \ - ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1); \ - ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2); \ - ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3); \ - } while(0) - -#define MAKE_U32(V0, V1, V2, V3) ( \ - ((uint32_t)((uint8_t)(V0)) << 24) | \ - ((uint32_t)((uint8_t)(V1)) << 16) | \ - ((uint32_t)((uint8_t)(V2)) << 8) | \ - ((uint32_t)((uint8_t)(V3)) ) ) +#define GET_U32_BE(X, Y) ( \ + ((uint32_t)((const uint8_t *)(X))[Y * 4] << 24) ^ ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^ ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] << 8) ^ ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3])) + +#define PUT_U32_BE(DEST, IDX, VAL) \ + do { \ + ((uint8_t *)(DEST))[IDX * 4] = GET_U8_BE(VAL, 0); \ + ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1); \ + ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2); \ + ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3); \ + } while (0) + +#define MAKE_U32(V0, V1, V2, V3) ( \ + ((uint32_t)((uint8_t)(V0)) << 24) | ((uint32_t)((uint8_t)(V1)) << 16) | ((uint32_t)((uint8_t)(V2)) << 8) | ((uint32_t)((uint8_t)(V3)))) /* End Macro*/ @@ -342,75 +335,43 @@ }; /* Key XOR Layer */ -#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3) \ - do { \ - (T0) ^= (RK)->u[0]; \ - (T1) ^= (RK)->u[1]; \ - (T2) ^= (RK)->u[2]; \ - (T3) ^= (RK)->u[3]; \ - } while(0) +#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3) \ + do { \ + (T0) ^= (RK)->u[0]; \ + (T1) ^= (RK)->u[1]; \ + (T2) ^= (RK)->u[2]; \ + (T3) ^= (RK)->u[3]; \ + } while (0) /* S-Box Layer 1 + M */ -#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3) \ - do { \ - (T0) = \ - S1[GET_U8_BE(T0, 0)] ^ \ - S2[GET_U8_BE(T0, 1)] ^ \ - X1[GET_U8_BE(T0, 2)] ^ \ - X2[GET_U8_BE(T0, 3)]; \ - (T1) = \ - S1[GET_U8_BE(T1, 0)] ^ \ - S2[GET_U8_BE(T1, 1)] ^ \ - X1[GET_U8_BE(T1, 2)] ^ \ - X2[GET_U8_BE(T1, 3)]; \ - (T2) = \ - S1[GET_U8_BE(T2, 0)] ^ \ - S2[GET_U8_BE(T2, 1)] ^ \ - X1[GET_U8_BE(T2, 2)] ^ \ - X2[GET_U8_BE(T2, 3)]; \ - (T3) = \ - S1[GET_U8_BE(T3, 0)] ^ \ - S2[GET_U8_BE(T3, 1)] ^ \ - X1[GET_U8_BE(T3, 2)] ^ \ - X2[GET_U8_BE(T3, 3)]; \ - } while(0) +#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3) \ + do { \ + (T0) = S1[GET_U8_BE(T0, 0)] ^ S2[GET_U8_BE(T0, 1)] ^ X1[GET_U8_BE(T0, 2)] ^ X2[GET_U8_BE(T0, 3)]; \ + (T1) = S1[GET_U8_BE(T1, 0)] ^ S2[GET_U8_BE(T1, 1)] ^ X1[GET_U8_BE(T1, 2)] ^ X2[GET_U8_BE(T1, 3)]; \ + (T2) = S1[GET_U8_BE(T2, 0)] ^ S2[GET_U8_BE(T2, 1)] ^ X1[GET_U8_BE(T2, 2)] ^ X2[GET_U8_BE(T2, 3)]; \ + (T3) = S1[GET_U8_BE(T3, 0)] ^ S2[GET_U8_BE(T3, 1)] ^ X1[GET_U8_BE(T3, 2)] ^ X2[GET_U8_BE(T3, 3)]; \ + } while (0) /* S-Box Layer 2 + M */ -#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3) \ - do { \ - (T0) = \ - X1[GET_U8_BE(T0, 0)] ^ \ - X2[GET_U8_BE(T0, 1)] ^ \ - S1[GET_U8_BE(T0, 2)] ^ \ - S2[GET_U8_BE(T0, 3)]; \ - (T1) = \ - X1[GET_U8_BE(T1, 0)] ^ \ - X2[GET_U8_BE(T1, 1)] ^ \ - S1[GET_U8_BE(T1, 2)] ^ \ - S2[GET_U8_BE(T1, 3)]; \ - (T2) = \ - X1[GET_U8_BE(T2, 0)] ^ \ - X2[GET_U8_BE(T2, 1)] ^ \ - S1[GET_U8_BE(T2, 2)] ^ \ - S2[GET_U8_BE(T2, 3)]; \ - (T3) = \ - X1[GET_U8_BE(T3, 0)] ^ \ - X2[GET_U8_BE(T3, 1)] ^ \ - S1[GET_U8_BE(T3, 2)] ^ \ - S2[GET_U8_BE(T3, 3)]; \ - } while(0) +#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3) \ + do { \ + (T0) = X1[GET_U8_BE(T0, 0)] ^ X2[GET_U8_BE(T0, 1)] ^ S1[GET_U8_BE(T0, 2)] ^ S2[GET_U8_BE(T0, 3)]; \ + (T1) = X1[GET_U8_BE(T1, 0)] ^ X2[GET_U8_BE(T1, 1)] ^ S1[GET_U8_BE(T1, 2)] ^ S2[GET_U8_BE(T1, 3)]; \ + (T2) = X1[GET_U8_BE(T2, 0)] ^ X2[GET_U8_BE(T2, 1)] ^ S1[GET_U8_BE(T2, 2)] ^ S2[GET_U8_BE(T2, 3)]; \ + (T3) = X1[GET_U8_BE(T3, 0)] ^ X2[GET_U8_BE(T3, 1)] ^ S1[GET_U8_BE(T3, 2)] ^ S2[GET_U8_BE(T3, 3)]; \ + } while (0) /* Word-level diffusion */ -#define ARIA_DIFF_WORD(T0,T1,T2,T3) \ - do { \ - (T1) ^= (T2); \ - (T2) ^= (T3); \ - (T0) ^= (T1); \ - \ - (T3) ^= (T1); \ - (T2) ^= (T0); \ - (T1) ^= (T2); \ - } while(0) +#define ARIA_DIFF_WORD(T0, T1, T2, T3) \ + do { \ + (T1) ^= (T2); \ + (T2) ^= (T3); \ + (T0) ^= (T1); \ + \ + (T3) ^= (T1); \ + (T2) ^= (T0); \ + (T1) ^= (T2); \ + } while (0) /* Byte-level diffusion */ #define ARIA_DIFF_BYTE(T0, T1, T2, T3) \ @@ -418,7 +379,7 @@ (T1) = (((T1) << 8) & 0xff00ff00) ^ (((T1) >> 8) & 0x00ff00ff); \ (T2) = rotr32(T2, 16); \ (T3) = bswap32(T3); \ - } while(0) + } while (0) /* Odd round Substitution & Diffusion */ #define ARIA_SUBST_DIFF_ODD(T0, T1, T2, T3) \ @@ -427,7 +388,7 @@ ARIA_DIFF_WORD(T0, T1, T2, T3); \ ARIA_DIFF_BYTE(T0, T1, T2, T3); \ ARIA_DIFF_WORD(T0, T1, T2, T3); \ - } while(0) + } while (0) /* Even round Substitution & Diffusion */ #define ARIA_SUBST_DIFF_EVEN(T0, T1, T2, T3) \ @@ -436,40 +397,28 @@ ARIA_DIFF_WORD(T0, T1, T2, T3); \ ARIA_DIFF_BYTE(T2, T3, T0, T1); \ ARIA_DIFF_WORD(T0, T1, T2, T3); \ - } while(0) + } while (0) /* Q, R Macro expanded ARIA GSRK */ -#define _ARIA_GSRK(RK, X, Y, Q, R) \ - do { \ - (RK)->u[0] = \ - ((X)[0]) ^ \ - (((Y)[((Q) ) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 3) % 4]) << (32 - (R))); \ - (RK)->u[1] = \ - ((X)[1]) ^ \ - (((Y)[((Q) + 1) % 4]) >> (R)) ^ \ - (((Y)[((Q) ) % 4]) << (32 - (R))); \ - (RK)->u[2] = \ - ((X)[2]) ^ \ - (((Y)[((Q) + 2) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 1) % 4]) << (32 - (R))); \ - (RK)->u[3] = \ - ((X)[3]) ^ \ - (((Y)[((Q) + 3) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 2) % 4]) << (32 - (R))); \ - } while(0) +#define _ARIA_GSRK(RK, X, Y, Q, R) \ + do { \ + (RK)->u[0] = ((X)[0]) ^ (((Y)[((Q)) % 4]) >> (R)) ^ (((Y)[((Q) + 3) % 4]) << (32 - (R))); \ + (RK)->u[1] = ((X)[1]) ^ (((Y)[((Q) + 1) % 4]) >> (R)) ^ (((Y)[((Q)) % 4]) << (32 - (R))); \ + (RK)->u[2] = ((X)[2]) ^ (((Y)[((Q) + 2) % 4]) >> (R)) ^ (((Y)[((Q) + 1) % 4]) << (32 - (R))); \ + (RK)->u[3] = ((X)[3]) ^ (((Y)[((Q) + 3) % 4]) >> (R)) ^ (((Y)[((Q) + 2) % 4]) << (32 - (R))); \ + } while (0) #define ARIA_GSRK(RK, X, Y, N) _ARIA_GSRK(RK, X, Y, 4 - ((N) / 32), (N) % 32) -#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2) \ - do { \ - (TMP) = (X); \ - (TMP2) = rotr32((TMP), 8); \ - (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16); \ - } while(0) +#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2) \ + do { \ + (TMP) = (X); \ + (TMP2) = rotr32((TMP), 8); \ + (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16); \ + } while (0) void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key) + const ARIA_KEY *key) { register uint32_t reg0, reg1, reg2, reg3; int Nr; @@ -498,7 +447,7 @@ ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); rk++; - while(Nr -= 2){ + while (Nr -= 2) { ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3); ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); rk++; @@ -508,26 +457,10 @@ rk++; } - reg0 = rk->u[0] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg0, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg0, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg0, 3)] )); - reg1 = rk->u[1] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg1, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg1, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg1, 3)] )); - reg2 = rk->u[2] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg2, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg2, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg2, 3)] )); - reg3 = rk->u[3] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg3, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg3, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg3, 3)] )); + reg0 = rk->u[0] ^ MAKE_U32((uint8_t)(X1[GET_U8_BE(reg0, 0)]), (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8), (uint8_t)(S1[GET_U8_BE(reg0, 2)]), (uint8_t)(S2[GET_U8_BE(reg0, 3)])); + reg1 = rk->u[1] ^ MAKE_U32((uint8_t)(X1[GET_U8_BE(reg1, 0)]), (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8), (uint8_t)(S1[GET_U8_BE(reg1, 2)]), (uint8_t)(S2[GET_U8_BE(reg1, 3)])); + reg2 = rk->u[2] ^ MAKE_U32((uint8_t)(X1[GET_U8_BE(reg2, 0)]), (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8), (uint8_t)(S1[GET_U8_BE(reg2, 2)]), (uint8_t)(S2[GET_U8_BE(reg2, 3)])); + reg3 = rk->u[3] ^ MAKE_U32((uint8_t)(X1[GET_U8_BE(reg3, 0)]), (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8), (uint8_t)(S1[GET_U8_BE(reg3, 2)]), (uint8_t)(S2[GET_U8_BE(reg3, 3)])); PUT_U32_BE(out, 0, reg0); PUT_U32_BE(out, 1, reg1); @@ -536,7 +469,7 @@ } int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) + ARIA_KEY *key) { register uint32_t reg0, reg1, reg2, reg3; uint32_t w0[4], w1[4], w2[4], w3[4]; @@ -574,12 +507,10 @@ if (bits > 192) { w1[2] = GET_U32_BE(userKey, 6); w1[3] = GET_U32_BE(userKey, 7); - } - else { + } else { w1[2] = w1[3] = 0; } - } - else { + } else { w1[0] = w1[1] = w1[2] = w1[3] = 0; } @@ -668,7 +599,7 @@ } int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) + ARIA_KEY *key) { ARIA_u128 *rk_head; ARIA_u128 *rk_tail; @@ -893,20 +824,14 @@ 0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60 }; -static const ARIA_u128 c1 = {{ - 0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94, - 0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0 -}}; +static const ARIA_u128 c1 = { { 0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94, + 0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0 } }; -static const ARIA_u128 c2 = {{ - 0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20, - 0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0 -}}; +static const ARIA_u128 c2 = { { 0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20, + 0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0 } }; -static const ARIA_u128 c3 = {{ - 0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70, - 0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e -}}; +static const ARIA_u128 c3 = { { 0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70, + 0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e } }; /* * Exclusive or two 128 bit values into the result. @@ -925,7 +850,7 @@ * It is safe for the output to overlap either input. */ static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o, - const ARIA_u128 *xor, const ARIA_u128 *z) + const ARIA_u128 *xor, const ARIA_u128 *z) { const unsigned int bytes = n / 8, bits = n % 8; unsigned int i; @@ -934,9 +859,7 @@ for (i = 0; i < ARIA_BLOCK_SIZE; i++) t.c[(i + bytes) % ARIA_BLOCK_SIZE] = z->c[i]; for (i = 0; i < ARIA_BLOCK_SIZE; i++) - o->c[i] = ((t.c[i] >> bits) | - (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^ - xor->c[i]; + o->c[i] = ((t.c[i] >> bits) | (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^ xor->c[i]; } /* @@ -992,7 +915,7 @@ { unsigned int i; for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { - o->c[i ] = sb1[x->c[i ] ^ y->c[i ]]; + o->c[i] = sb1[x->c[i] ^ y->c[i]]; o->c[i + 1] = sb2[x->c[i + 1] ^ y->c[i + 1]]; o->c[i + 2] = sb3[x->c[i + 2] ^ y->c[i + 2]]; o->c[i + 3] = sb4[x->c[i + 3] ^ y->c[i + 3]]; @@ -1007,7 +930,7 @@ { unsigned int i; for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { - o[i ] = sb3[x->c[i ] ^ y->c[i ]]; + o[i] = sb3[x->c[i] ^ y->c[i]]; o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]]; o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]]; o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]]; @@ -1020,38 +943,22 @@ */ static void a(ARIA_u128 *y, const ARIA_u128 *x) { - y->c[ 0] = x->c[ 3] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[ 8] ^ - x->c[ 9] ^ x->c[13] ^ x->c[14]; - y->c[ 1] = x->c[ 2] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[ 8] ^ - x->c[ 9] ^ x->c[12] ^ x->c[15]; - y->c[ 2] = x->c[ 1] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[10] ^ - x->c[11] ^ x->c[12] ^ x->c[15]; - y->c[ 3] = x->c[ 0] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[10] ^ - x->c[11] ^ x->c[13] ^ x->c[14]; - y->c[ 4] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 5] ^ x->c[ 8] ^ - x->c[11] ^ x->c[14] ^ x->c[15]; - y->c[ 5] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 9] ^ - x->c[10] ^ x->c[14] ^ x->c[15]; - y->c[ 6] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 7] ^ x->c[ 9] ^ - x->c[10] ^ x->c[12] ^ x->c[13]; - y->c[ 7] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 8] ^ - x->c[11] ^ x->c[12] ^ x->c[13]; - y->c[ 8] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 4] ^ x->c[ 7] ^ - x->c[10] ^ x->c[13] ^ x->c[15]; - y->c[ 9] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 5] ^ x->c[ 6] ^ - x->c[11] ^ x->c[12] ^ x->c[14]; - y->c[10] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 5] ^ x->c[ 6] ^ - x->c[ 8] ^ x->c[13] ^ x->c[15]; - y->c[11] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 7] ^ - x->c[ 9] ^ x->c[12] ^ x->c[14]; - y->c[12] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 6] ^ x->c[ 7] ^ - x->c[ 9] ^ x->c[11] ^ x->c[12]; - y->c[13] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 7] ^ - x->c[ 8] ^ x->c[10] ^ x->c[13]; - y->c[14] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 5] ^ - x->c[ 9] ^ x->c[11] ^ x->c[14]; - y->c[15] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 4] ^ x->c[ 5] ^ - x->c[ 8] ^ x->c[10] ^ x->c[15]; + y->c[0] = x->c[3] ^ x->c[4] ^ x->c[6] ^ x->c[8] ^ x->c[9] ^ x->c[13] ^ x->c[14]; + y->c[1] = x->c[2] ^ x->c[5] ^ x->c[7] ^ x->c[8] ^ x->c[9] ^ x->c[12] ^ x->c[15]; + y->c[2] = x->c[1] ^ x->c[4] ^ x->c[6] ^ x->c[10] ^ x->c[11] ^ x->c[12] ^ x->c[15]; + y->c[3] = x->c[0] ^ x->c[5] ^ x->c[7] ^ x->c[10] ^ x->c[11] ^ x->c[13] ^ x->c[14]; + y->c[4] = x->c[0] ^ x->c[2] ^ x->c[5] ^ x->c[8] ^ x->c[11] ^ x->c[14] ^ x->c[15]; + y->c[5] = x->c[1] ^ x->c[3] ^ x->c[4] ^ x->c[9] ^ x->c[10] ^ x->c[14] ^ x->c[15]; + y->c[6] = x->c[0] ^ x->c[2] ^ x->c[7] ^ x->c[9] ^ x->c[10] ^ x->c[12] ^ x->c[13]; + y->c[7] = x->c[1] ^ x->c[3] ^ x->c[6] ^ x->c[8] ^ x->c[11] ^ x->c[12] ^ x->c[13]; + y->c[8] = x->c[0] ^ x->c[1] ^ x->c[4] ^ x->c[7] ^ x->c[10] ^ x->c[13] ^ x->c[15]; + y->c[9] = x->c[0] ^ x->c[1] ^ x->c[5] ^ x->c[6] ^ x->c[11] ^ x->c[12] ^ x->c[14]; + y->c[10] = x->c[2] ^ x->c[3] ^ x->c[5] ^ x->c[6] ^ x->c[8] ^ x->c[13] ^ x->c[15]; + y->c[11] = x->c[2] ^ x->c[3] ^ x->c[4] ^ x->c[7] ^ x->c[9] ^ x->c[12] ^ x->c[14]; + y->c[12] = x->c[1] ^ x->c[2] ^ x->c[6] ^ x->c[7] ^ x->c[9] ^ x->c[11] ^ x->c[12]; + y->c[13] = x->c[0] ^ x->c[3] ^ x->c[6] ^ x->c[7] ^ x->c[8] ^ x->c[10] ^ x->c[13]; + y->c[14] = x->c[0] ^ x->c[3] ^ x->c[4] ^ x->c[5] ^ x->c[9] ^ x->c[11] ^ x->c[14]; + y->c[15] = x->c[1] ^ x->c[2] ^ x->c[4] ^ x->c[5] ^ x->c[8] ^ x->c[10] ^ x->c[15]; } /* @@ -1060,7 +967,7 @@ * It is safe for the input and output to overlap. */ static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d, - const ARIA_u128 *rk) + const ARIA_u128 *rk) { ARIA_u128 y; @@ -1074,7 +981,7 @@ * It is safe for the input and output to overlap. */ static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d, - const ARIA_u128 *rk) + const ARIA_u128 *rk) { ARIA_u128 y; @@ -1087,7 +994,7 @@ * in and out can overlap */ static void do_encrypt(unsigned char *o, const unsigned char *pin, - unsigned int rounds, const ARIA_u128 *keys) + unsigned int rounds, const ARIA_u128 *keys) { ARIA_u128 p; unsigned int i; @@ -1107,20 +1014,19 @@ * in and out can overlap */ void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key) + const ARIA_KEY *key) { assert(in != NULL && out != NULL && key != NULL); do_encrypt(out, in, key->rounds, key->rd_key); } - /* * Expand the cipher key into the encryption key schedule. * We short circuit execution of the last two * or four rotations based on the key size. */ int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) + ARIA_KEY *key) { const ARIA_u128 *ck1, *ck2, *ck3; ARIA_u128 kr, w0, w1, w2, w3; @@ -1157,22 +1063,25 @@ break; } - FO(&w3, &w0, ck1); xor128(w1.c, w3.c, &kr); - FE(&w3, &w1, ck2); xor128(w2.c, w3.c, &w0); - FO(&kr, &w2, ck3); xor128(w3.c, kr.c, &w1); - - rot19r(&key->rd_key[ 0], &w0, &w1); - rot19r(&key->rd_key[ 1], &w1, &w2); - rot19r(&key->rd_key[ 2], &w2, &w3); - rot19r(&key->rd_key[ 3], &w3, &w0); - - rot31r(&key->rd_key[ 4], &w0, &w1); - rot31r(&key->rd_key[ 5], &w1, &w2); - rot31r(&key->rd_key[ 6], &w2, &w3); - rot31r(&key->rd_key[ 7], &w3, &w0); - - rot61l(&key->rd_key[ 8], &w0, &w1); - rot61l(&key->rd_key[ 9], &w1, &w2); + FO(&w3, &w0, ck1); + xor128(w1.c, w3.c, &kr); + FE(&w3, &w1, ck2); + xor128(w2.c, w3.c, &w0); + FO(&kr, &w2, ck3); + xor128(w3.c, kr.c, &w1); + + rot19r(&key->rd_key[0], &w0, &w1); + rot19r(&key->rd_key[1], &w1, &w2); + rot19r(&key->rd_key[2], &w2, &w3); + rot19r(&key->rd_key[3], &w3, &w0); + + rot31r(&key->rd_key[4], &w0, &w1); + rot31r(&key->rd_key[5], &w1, &w2); + rot31r(&key->rd_key[6], &w2, &w3); + rot31r(&key->rd_key[7], &w3, &w0); + + rot61l(&key->rd_key[8], &w0, &w1); + rot61l(&key->rd_key[9], &w1, &w2); rot61l(&key->rd_key[10], &w2, &w3); rot61l(&key->rd_key[11], &w3, &w0); @@ -1193,7 +1102,7 @@ * Expand the cipher key into the decryption key schedule. */ int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) + ARIA_KEY *key) { ARIA_KEY ek; const int r = ossl_aria_set_encrypt_key(userKey, bits, &ek); --- crypto/openssl/crypto/arm_arch.h.orig +++ crypto/openssl/crypto/arm_arch.h @@ -8,76 +8,69 @@ */ #ifndef OSSL_CRYPTO_ARM_ARCH_H -# define OSSL_CRYPTO_ARM_ARCH_H - -# if !defined(__ARM_ARCH__) -# if defined(__CC_ARM) -# define __ARM_ARCH__ __TARGET_ARCH_ARM -# if defined(__BIG_ENDIAN) -# define __ARMEB__ -# else -# define __ARMEL__ -# endif -# elif defined(__GNUC__) -# if defined(__aarch64__) -# define __ARM_ARCH__ 8 - /* - * Why doesn't gcc define __ARM_ARCH__? Instead it defines - * bunch of below macros. See all_architectures[] table in - * gcc/config/arm/arm.c. On a side note it defines - * __ARMEL__/__ARMEB__ for little-/big-endian. - */ -# elif defined(__ARM_ARCH) -# define __ARM_ARCH__ __ARM_ARCH -# elif defined(__ARM_ARCH_8A__) -# define __ARM_ARCH__ 8 -# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ - defined(__ARM_ARCH_7EM__) -# define __ARM_ARCH__ 7 -# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ - defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ - defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ - defined(__ARM_ARCH_6T2__) -# define __ARM_ARCH__ 6 -# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ - defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ - defined(__ARM_ARCH_5TEJ__) -# define __ARM_ARCH__ 5 -# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) -# define __ARM_ARCH__ 4 -# else -# error "unsupported ARM architecture" -# endif -# endif -# endif +#define OSSL_CRYPTO_ARM_ARCH_H + +#if !defined(__ARM_ARCH__) +#if defined(__CC_ARM) +#define __ARM_ARCH__ __TARGET_ARCH_ARM +#if defined(__BIG_ENDIAN) +#define __ARMEB__ +#else +#define __ARMEL__ +#endif +#elif defined(__GNUC__) +#if defined(__aarch64__) +#define __ARM_ARCH__ 8 +/* + * Why doesn't gcc define __ARM_ARCH__? Instead it defines + * bunch of below macros. See all_architectures[] table in + * gcc/config/arm/arm.c. On a side note it defines + * __ARMEL__/__ARMEB__ for little-/big-endian. + */ +#elif defined(__ARM_ARCH) +#define __ARM_ARCH__ __ARM_ARCH +#elif defined(__ARM_ARCH_8A__) +#define __ARM_ARCH__ 8 +#elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7EM__) +#define __ARM_ARCH__ 7 +#elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6M__) || defined(__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__) +#define __ARM_ARCH__ 6 +#elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || defined(__ARM_ARCH_5E__) || defined(__ARM_ARCH_5TE__) || defined(__ARM_ARCH_5TEJ__) +#define __ARM_ARCH__ 5 +#elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) +#define __ARM_ARCH__ 4 +#else +#error "unsupported ARM architecture" +#endif +#endif +#endif -# if !defined(__ARM_MAX_ARCH__) -# define __ARM_MAX_ARCH__ __ARM_ARCH__ -# endif +#if !defined(__ARM_MAX_ARCH__) +#define __ARM_MAX_ARCH__ __ARM_ARCH__ +#endif -# if __ARM_MAX_ARCH__<__ARM_ARCH__ -# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" -# elif __ARM_MAX_ARCH__!=__ARM_ARCH__ -# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__) -# error "can't build universal big-endian binary" -# endif -# endif +#if __ARM_MAX_ARCH__ < __ARM_ARCH__ +#error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" +#elif __ARM_MAX_ARCH__ != __ARM_ARCH__ +#if __ARM_ARCH__ < 7 && __ARM_MAX_ARCH__ >= 7 && defined(__ARMEB__) +#error "can't build universal big-endian binary" +#endif +#endif -# ifndef __ASSEMBLER__ +#ifndef __ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; extern unsigned int OPENSSL_arm_midr; extern unsigned int OPENSSL_armv8_rsa_neonized; -# endif +#endif -# define ARMV7_NEON (1<<0) -# define ARMV7_TICK (1<<1) -# define ARMV8_AES (1<<2) -# define ARMV8_SHA1 (1<<3) -# define ARMV8_SHA256 (1<<4) -# define ARMV8_PMULL (1<<5) -# define ARMV8_SHA512 (1<<6) -# define ARMV8_CPUID (1<<7) +#define ARMV7_NEON (1 << 0) +#define ARMV7_TICK (1 << 1) +#define ARMV8_AES (1 << 2) +#define ARMV8_SHA1 (1 << 3) +#define ARMV8_SHA256 (1 << 4) +#define ARMV8_PMULL (1 << 5) +#define ARMV8_SHA512 (1 << 6) +#define ARMV8_CPUID (1 << 7) /* * MIDR_EL1 system register @@ -89,38 +82,34 @@ * */ -# define ARM_CPU_IMP_ARM 0x41 +#define ARM_CPU_IMP_ARM 0x41 -# define ARM_CPU_PART_CORTEX_A72 0xD08 -# define ARM_CPU_PART_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A72 0xD08 +#define ARM_CPU_PART_N1 0xD0C -# define MIDR_PARTNUM_SHIFT 4 -# define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) -# define MIDR_PARTNUM(midr) \ - (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) +#define MIDR_PARTNUM_SHIFT 4 +#define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) +#define MIDR_PARTNUM(midr) \ + (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) -# define MIDR_IMPLEMENTER_SHIFT 24 -# define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) -# define MIDR_IMPLEMENTER(midr) \ - (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) +#define MIDR_IMPLEMENTER_SHIFT 24 +#define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) +#define MIDR_IMPLEMENTER(midr) \ + (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) -# define MIDR_ARCHITECTURE_SHIFT 16 -# define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) -# define MIDR_ARCHITECTURE(midr) \ - (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) +#define MIDR_ARCHITECTURE_SHIFT 16 +#define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) +#define MIDR_ARCHITECTURE(midr) \ + (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) -# define MIDR_CPU_MODEL_MASK \ - (MIDR_IMPLEMENTER_MASK | \ - MIDR_PARTNUM_MASK | \ - MIDR_ARCHITECTURE_MASK) +#define MIDR_CPU_MODEL_MASK \ + (MIDR_IMPLEMENTER_MASK | MIDR_PARTNUM_MASK | MIDR_ARCHITECTURE_MASK) -# define MIDR_CPU_MODEL(imp, partnum) \ - (((imp) << MIDR_IMPLEMENTER_SHIFT) | \ - (0xfU << MIDR_ARCHITECTURE_SHIFT) | \ - ((partnum) << MIDR_PARTNUM_SHIFT)) +#define MIDR_CPU_MODEL(imp, partnum) \ + (((imp) << MIDR_IMPLEMENTER_SHIFT) | (0xfU << MIDR_ARCHITECTURE_SHIFT) | ((partnum) << MIDR_PARTNUM_SHIFT)) -# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ - (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum)) +#define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ + (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum)) #if defined(__ASSEMBLER__) --- crypto/openssl/crypto/armcap.c.orig +++ crypto/openssl/crypto/armcap.c @@ -24,7 +24,7 @@ unsigned int OPENSSL_arm_midr = 0; unsigned int OPENSSL_armv8_rsa_neonized = 0; -#if __ARM_MAX_ARCH__<7 +#if __ARM_MAX_ARCH__ < 7 void OPENSSL_cpuid_setup(void) { } @@ -51,10 +51,10 @@ void _armv8_sha1_probe(void); void _armv8_sha256_probe(void); void _armv8_pmull_probe(void); -# ifdef __aarch64__ +#ifdef __aarch64__ void _armv8_sha512_probe(void); unsigned int _armv8_cpuid_probe(void); -# endif +#endif uint32_t _armv7_tick(void); uint32_t OPENSSL_rdtsc(void) @@ -65,80 +65,80 @@ return 0; } -# if defined(__GNUC__) && __GNUC__>=2 -void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); -# endif +#if defined(__GNUC__) && __GNUC__ >= 2 +void OPENSSL_cpuid_setup(void) __attribute__((constructor)); +#endif -# if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 16) -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# elif defined(__ANDROID_API__) +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +#if __GLIBC_PREREQ(2, 16) +#include +#define OSSL_IMPLEMENT_GETAUXVAL +#endif +#elif defined(__ANDROID_API__) /* see https://developer.android.google.cn/ndk/guides/cpu-features */ -# if __ANDROID_API__ >= 18 -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# endif -# if defined(__FreeBSD__) -# include -# if __FreeBSD_version >= 1200000 -# include -# define OSSL_IMPLEMENT_GETAUXVAL +#if __ANDROID_API__ >= 18 +#include +#define OSSL_IMPLEMENT_GETAUXVAL +#endif +#endif +#if defined(__FreeBSD__) +#include +#if __FreeBSD_version >= 1200000 +#include +#define OSSL_IMPLEMENT_GETAUXVAL static unsigned long getauxval(unsigned long key) { - unsigned long val = 0ul; + unsigned long val = 0ul; - if (elf_aux_info((int)key, &val, sizeof(val)) != 0) - return 0ul; + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; - return val; + return val; } -# endif -# endif +#endif +#endif /* * Android: according to https://developer.android.com/ndk/guides/cpu-features, * getauxval is supported starting with API level 18 */ -# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18 -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif +#if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18 +#include +#define OSSL_IMPLEMENT_GETAUXVAL +#endif /* * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas * AArch64 used AT_HWCAP. */ -# ifndef AT_HWCAP -# define AT_HWCAP 16 -# endif -# ifndef AT_HWCAP2 -# define AT_HWCAP2 26 -# endif -# if defined(__arm__) || defined (__arm) -# define HWCAP AT_HWCAP -# define HWCAP_NEON (1 << 12) - -# define HWCAP_CE AT_HWCAP2 -# define HWCAP_CE_AES (1 << 0) -# define HWCAP_CE_PMULL (1 << 1) -# define HWCAP_CE_SHA1 (1 << 2) -# define HWCAP_CE_SHA256 (1 << 3) -# elif defined(__aarch64__) -# define HWCAP AT_HWCAP -# define HWCAP_NEON (1 << 1) - -# define HWCAP_CE HWCAP -# define HWCAP_CE_AES (1 << 3) -# define HWCAP_CE_PMULL (1 << 4) -# define HWCAP_CE_SHA1 (1 << 5) -# define HWCAP_CE_SHA256 (1 << 6) -# define HWCAP_CPUID (1 << 11) -# define HWCAP_CE_SHA512 (1 << 21) -# endif +#ifndef AT_HWCAP +#define AT_HWCAP 16 +#endif +#ifndef AT_HWCAP2 +#define AT_HWCAP2 26 +#endif +#if defined(__arm__) || defined(__arm) +#define HWCAP AT_HWCAP +#define HWCAP_NEON (1 << 12) + +#define HWCAP_CE AT_HWCAP2 +#define HWCAP_CE_AES (1 << 0) +#define HWCAP_CE_PMULL (1 << 1) +#define HWCAP_CE_SHA1 (1 << 2) +#define HWCAP_CE_SHA256 (1 << 3) +#elif defined(__aarch64__) +#define HWCAP AT_HWCAP +#define HWCAP_NEON (1 << 1) + +#define HWCAP_CE HWCAP +#define HWCAP_CE_AES (1 << 3) +#define HWCAP_CE_PMULL (1 << 4) +#define HWCAP_CE_SHA1 (1 << 5) +#define HWCAP_CE_SHA256 (1 << 6) +#define HWCAP_CPUID (1 << 11) +#define HWCAP_CE_SHA512 (1 << 21) +#endif void OPENSSL_cpuid_setup(void) { @@ -158,8 +158,8 @@ return; } -# if defined(__APPLE__) -# if !defined(__aarch64__) +#if defined(__APPLE__) +#if !defined(__aarch64__) /* * Capability probing by catching SIGILL appears to be problematic * on iOS. But since Apple universe is "monocultural", it's actually @@ -175,7 +175,7 @@ * Unified code works because it never triggers SIGILL on Apple * devices... */ -# else +#else { unsigned int sha512; size_t len = sizeof(sha512); @@ -183,10 +183,10 @@ if (sysctlbyname("hw.optional.armv8_2_sha512", &sha512, &len, NULL, 0) == 0 && sha512 == 1) OPENSSL_armcap_P |= ARMV8_SHA512; } -# endif -# endif +#endif +#endif -# ifdef OSSL_IMPLEMENT_GETAUXVAL +#ifdef OSSL_IMPLEMENT_GETAUXVAL if (getauxval(HWCAP) & HWCAP_NEON) { unsigned long hwcap = getauxval(HWCAP_CE); @@ -204,15 +204,15 @@ if (hwcap & HWCAP_CE_SHA256) OPENSSL_armcap_P |= ARMV8_SHA256; -# ifdef __aarch64__ +#ifdef __aarch64__ if (hwcap & HWCAP_CE_SHA512) OPENSSL_armcap_P |= ARMV8_SHA512; if (hwcap & HWCAP_CPUID) OPENSSL_armcap_P |= ARMV8_CPUID; -# endif +#endif } -# endif +#endif sigfillset(&all_masked); sigdelset(&all_masked, SIGILL); @@ -229,7 +229,7 @@ sigaction(SIGILL, &ill_act, &ill_oact); /* If we used getauxval, we already have all the values */ -# ifndef OSSL_IMPLEMENT_GETAUXVAL +#ifndef OSSL_IMPLEMENT_GETAUXVAL if (sigsetjmp(ill_jmp, 1) == 0) { _armv7_neon_probe(); OPENSSL_armcap_P |= ARMV7_NEON; @@ -248,14 +248,14 @@ _armv8_sha256_probe(); OPENSSL_armcap_P |= ARMV8_SHA256; } -# if defined(__aarch64__) && !defined(__APPLE__) +#if defined(__aarch64__) && !defined(__APPLE__) if (sigsetjmp(ill_jmp, 1) == 0) { _armv8_sha512_probe(); OPENSSL_armcap_P |= ARMV8_SHA512; } -# endif +#endif } -# endif +#endif /* * Probing for ARMV7_TICK is known to produce unreliable results, @@ -266,15 +266,13 @@ sigaction(SIGILL, &ill_oact, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); -# ifdef __aarch64__ +#ifdef __aarch64__ if (OPENSSL_armcap_P & ARMV8_CPUID) OPENSSL_arm_midr = _armv8_cpuid_probe(); - if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) || - MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)) && - (OPENSSL_armcap_P & ARMV7_NEON)) { - OPENSSL_armv8_rsa_neonized = 1; + if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) || MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)) && (OPENSSL_armcap_P & ARMV7_NEON)) { + OPENSSL_armv8_rsa_neonized = 1; } -# endif +#endif } #endif --- crypto/openssl/crypto/asn1/a_bitstr.c.orig +++ crypto/openssl/crypto/asn1/a_bitstr.c @@ -58,7 +58,7 @@ else if (j & 0x80) bits = 7; else - bits = 0; /* should not happen */ + bits = 0; /* should not happen */ } } } else @@ -82,7 +82,7 @@ } ASN1_BIT_STRING *ossl_c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long len) + const unsigned char **pp, long len) { ASN1_BIT_STRING *ret = NULL; const unsigned char *p; @@ -118,7 +118,7 @@ ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */ ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ - if (len-- > 1) { /* using one because of the bits left byte */ + if (len-- > 1) { /* using one because of the bits left byte */ s = OPENSSL_malloc((int)len); if (s == NULL) { i = ERR_R_MALLOC_FAILURE; @@ -138,7 +138,7 @@ (*a) = ret; *pp = p; return ret; - err: +err: ERR_raise(ERR_LIB_ASN1, i); if ((a == NULL) || (*a != ret)) ASN1_BIT_STRING_free(ret); @@ -169,7 +169,7 @@ if ((a->length < (w + 1)) || (a->data == NULL)) { if (!value) - return 1; /* Don't need to set */ + return 1; /* Don't need to set */ c = OPENSSL_clear_realloc(a->data, a->length, w + 1); if (c == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); @@ -207,7 +207,7 @@ * 'len' is the length of 'flags'. */ int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, - const unsigned char *flags, int flags_len) + const unsigned char *flags, int flags_len) { int i, ok; /* Check if there is one bit set at all. */ --- crypto/openssl/crypto/asn1/a_d2i_fp.c.orig +++ crypto/openssl/crypto/asn1/a_d2i_fp.c @@ -17,9 +17,9 @@ #include "crypto/asn1.h" #ifndef NO_OLD_ASN1 -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO -void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) +void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) { BIO *b; void *ret; @@ -33,9 +33,9 @@ BIO_free(b); return ret; } -# endif +#endif -void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) +void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) { BUF_MEM *b = NULL; const unsigned char *p; @@ -48,7 +48,7 @@ p = (unsigned char *)b->data; ret = d2i(x, &p, len); - err: +err: BUF_MEM_free(b); return ret; } @@ -56,7 +56,7 @@ #endif void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *x, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { BUF_MEM *b = NULL; const unsigned char *p; @@ -71,7 +71,7 @@ p = (const unsigned char *)b->data; ret = ASN1_item_d2i_ex(x, &p, len, it, libctx, propq); - err: +err: BUF_MEM_free(b); return ret; } @@ -83,7 +83,7 @@ #ifndef OPENSSL_NO_STDIO void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { BIO *b; char *ret; @@ -104,7 +104,7 @@ } #endif -#define HEADER_SIZE 8 +#define HEADER_SIZE 8 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { @@ -150,7 +150,6 @@ len += i; if ((size_t)i < want) continue; - } } /* else data already loaded */ @@ -168,9 +167,10 @@ if (e != ASN1_R_TOO_LONG) goto err; ERR_pop_to_mark(); + ERR_set_mark(); } - i = q - p; /* header length */ - off += i; /* end of data */ + i = q - p; /* header length */ + off += i; /* end of data */ if (inf & 1) { /* no data body so go round again */ @@ -194,8 +194,7 @@ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; want -= (len - off); - if (want > INT_MAX /* BIO_read takes an int length */ || - len + want < len) { + if (want > INT_MAX /* BIO_read takes an int length */ || len + want < len) { ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); goto err; } @@ -219,14 +218,14 @@ ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA); goto err; } - /* - * This can't overflow because |len+want| didn't - * overflow. - */ + /* + * This can't overflow because |len+want| didn't + * overflow. + */ len += i; chunk -= i; } - if (chunk_max < INT_MAX/2) + if (chunk_max < INT_MAX / 2) chunk_max *= 2; } } @@ -248,8 +247,9 @@ } *pb = b; + ERR_clear_last_mark(); return off; - err: +err: ERR_clear_last_mark(); BUF_MEM_free(b); return -1; --- crypto/openssl/crypto/asn1/a_digest.c.orig +++ crypto/openssl/crypto/asn1/a_digest.c @@ -26,7 +26,7 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, - unsigned char *md, unsigned int *len) + unsigned char *md, unsigned int *len) { int inl; unsigned char *str, *p; @@ -54,8 +54,8 @@ #endif int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *md, void *asn, - unsigned char *data, unsigned int *len, - OSSL_LIB_CTX *libctx, const char *propq) + unsigned char *data, unsigned int *len, + OSSL_LIB_CTX *libctx, const char *propq) { int i, ret = 0; unsigned char *str = NULL; @@ -87,8 +87,7 @@ } int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *md, void *asn, - unsigned char *data, unsigned int *len) + unsigned char *data, unsigned int *len) { return ossl_asn1_item_digest_ex(it, md, asn, data, len, NULL, NULL); } - --- crypto/openssl/crypto/asn1/a_dup.c.orig +++ crypto/openssl/crypto/asn1/a_dup.c @@ -71,8 +71,8 @@ if (asn1_cb != NULL) { if (!asn1_cb(ASN1_OP_DUP_PRE, (ASN1_VALUE **)&x, it, NULL) - || !asn1_cb(ASN1_OP_GET0_LIBCTX, (ASN1_VALUE **)&x, it, &libctx) - || !asn1_cb(ASN1_OP_GET0_PROPQ, (ASN1_VALUE **)&x, it, &propq)) + || !asn1_cb(ASN1_OP_GET0_LIBCTX, (ASN1_VALUE **)&x, it, &libctx) + || !asn1_cb(ASN1_OP_GET0_PROPQ, (ASN1_VALUE **)&x, it, &propq)) goto auxerr; } @@ -91,7 +91,7 @@ return ret; - auxerr: +auxerr: ERR_raise_data(ERR_LIB_ASN1, ASN1_R_AUX_ERROR, "Type=%s", it->sname); return NULL; } --- crypto/openssl/crypto/asn1/a_gentm.c.orig +++ crypto/openssl/crypto/asn1/a_gentm.c @@ -22,7 +22,7 @@ /* This is the primary function used to parse ASN1_GENERALIZEDTIME */ static int asn1_generalizedtime_to_tm(struct tm *tm, - const ASN1_GENERALIZEDTIME *d) + const ASN1_GENERALIZEDTIME *d) { /* wrapper around ossl_asn1_time_to_tm */ if (d->type != V_ASN1_GENERALIZEDTIME) @@ -54,14 +54,14 @@ } ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, - time_t t) + time_t t) { return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); } ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, - time_t t, int offset_day, - long offset_sec) + time_t t, int offset_day, + long offset_sec) { struct tm *ts; struct tm data; --- crypto/openssl/crypto/asn1/a_i2d_fp.c.orig +++ crypto/openssl/crypto/asn1/a_i2d_fp.c @@ -14,7 +14,7 @@ #ifndef NO_OLD_ASN1 -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x) { BIO *b; @@ -29,7 +29,7 @@ BIO_free(b); return ret; } -# endif +#endif int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x) { --- crypto/openssl/crypto/asn1/a_int.c.orig +++ crypto/openssl/crypto/asn1/a_int.c @@ -74,7 +74,7 @@ * used elsewhere below... */ static void twos_complement(unsigned char *dst, const unsigned char *src, - size_t len, unsigned char pad) + size_t len, unsigned char pad) { unsigned int carry = pad & 1; @@ -95,7 +95,7 @@ } static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, - unsigned char **pp) + unsigned char **pp) { unsigned int pad = 0; size_t ret, i; @@ -125,7 +125,7 @@ ret += pad; } else { ret = 1; - blen = 0; /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */ + blen = 0; /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */ } if (pp == NULL || (p = *pp) == NULL) @@ -137,8 +137,8 @@ * by any number of zeros... */ *p = pb; - p += pad; /* yes, p[0] can be written twice, but it's little - * price to pay for eliminated branches */ + p += pad; /* yes, p[0] can be written twice, but it's little + * price to pay for eliminated branches */ twos_complement(p, b, blen, pb); *pp += ret; @@ -152,7 +152,7 @@ */ static size_t c2i_ibuf(unsigned char *b, int *pneg, - const unsigned char *p, size_t plen) + const unsigned char *p, size_t plen) { int neg, pad; /* Zero content length is illegal */ @@ -253,7 +253,7 @@ /* signed version of asn1_get_uint64 */ static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen, - int neg) + int neg) { uint64_t r; if (asn1_get_uint64(&r, b, blen) == 0) @@ -284,7 +284,7 @@ /* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */ ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long len) + long len) { ASN1_INTEGER *ret = NULL; size_t r; @@ -317,7 +317,7 @@ if (a != NULL) (*a) = ret; return ret; - err: +err: ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); if (a == NULL || *a != ret) ASN1_INTEGER_free(ret); @@ -359,7 +359,7 @@ } static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a, - int itype) + int itype) { if (a == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); @@ -393,7 +393,7 @@ */ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length) + long length) { ASN1_INTEGER *ret = NULL; const unsigned char *p; @@ -451,7 +451,7 @@ (*a) = ret; *pp = p; return ret; - err: +err: ERR_raise(ERR_LIB_ASN1, i); if ((a == NULL) || (*a != ret)) ASN1_INTEGER_free(ret); @@ -459,7 +459,7 @@ } static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, - int atype) + int atype) { ASN1_INTEGER *ret; int len; @@ -496,14 +496,14 @@ len = BN_bn2bin(bn, ret->data); ret->length = len; return ret; - err: +err: if (ret != ai) ASN1_INTEGER_free(ret); return NULL; } static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn, - int itype) + int itype) { BIGNUM *ret; @@ -616,7 +616,7 @@ /* Internal functions used by x_int64.c */ int ossl_c2i_uint64_int(uint64_t *ret, int *neg, - const unsigned char **pp, long len) + const unsigned char **pp, long len) { unsigned char buf[sizeof(uint64_t)]; size_t buflen; @@ -640,4 +640,3 @@ off = asn1_put_uint64(buf, r); return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p); } - --- crypto/openssl/crypto/asn1/a_mbstr.c.orig +++ crypto/openssl/crypto/asn1/a_mbstr.c @@ -14,8 +14,8 @@ #include static int traverse_string(const unsigned char *p, int len, int inform, - int (*rfunc) (unsigned long value, void *in), - void *arg); + int (*rfunc)(unsigned long value, void *in), + void *arg); static int in_utf8(unsigned long value, void *arg); static int out_utf8(unsigned long value, void *arg); static int type_str(unsigned long value, void *arg); @@ -34,14 +34,14 @@ */ int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask) + int inform, unsigned long mask) { return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); } int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask, - long minsize, long maxsize) + int inform, unsigned long mask, + long minsize, long maxsize) { int str_type; int ret; @@ -50,7 +50,7 @@ ASN1_STRING *dest; unsigned char *p; int nchar; - int (*cpyfunc) (unsigned long, void *) = NULL; + int (*cpyfunc)(unsigned long, void *) = NULL; if (len == -1) len = strlen((const char *)in); if (!mask) @@ -98,13 +98,13 @@ if ((minsize > 0) && (nchar < minsize)) { ERR_raise_data(ERR_LIB_ASN1, ASN1_R_STRING_TOO_SHORT, - "minsize=%ld", minsize); + "minsize=%ld", minsize); return -1; } if ((maxsize > 0) && (nchar > maxsize)) { ERR_raise_data(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG, - "maxsize=%ld", maxsize); + "maxsize=%ld", maxsize); return -1; } @@ -114,7 +114,10 @@ return -1; } - /* Now work out output format and string type */ + /* + * Now work out output format and string type. + * These checks should be in sync with the checks in type_str. + */ outform = MBSTRING_ASC; if (mask & B_ASN1_NUMERICSTRING) str_type = V_ASN1_NUMERICSTRING; @@ -182,7 +185,11 @@ case MBSTRING_UTF8: outlen = 0; - traverse_string(in, len, inform, out_utf8, &outlen); + ret = traverse_string(in, len, inform, out_utf8, &outlen); + if (ret < 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING); + return -1; + } cpyfunc = cpy_utf8; break; } @@ -207,8 +214,8 @@ */ static int traverse_string(const unsigned char *p, int len, int inform, - int (*rfunc) (unsigned long value, void *in), - void *arg) + int (*rfunc)(unsigned long value, void *in), + void *arg) { unsigned long value; int ret; @@ -278,11 +285,30 @@ static int type_str(unsigned long value, void *arg) { - unsigned long types = *((unsigned long *)arg); + unsigned long usable_types = *((unsigned long *)arg); + unsigned long types = usable_types; const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value); - if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native) - || native == ' ')) + /* + * Clear out all the types which are not checked later. If any of those + * is present in the mask, then the UTF8 type will be added and checked + * below. + */ + types &= B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING + | B_ASN1_IA5STRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING + | B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING; + + /* + * If any other types were in the input mask, they're effectively treated + * as UTF8 + */ + if (types != usable_types) + types |= B_ASN1_UTF8STRING; + + /* + * These checks should be in sync with ASN1_mbstring_ncopy. + */ + if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native) || native == ' ')) types &= ~B_ASN1_NUMERICSTRING; if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native)) types &= ~B_ASN1_PRINTABLESTRING; @@ -349,6 +375,8 @@ p = arg; /* We already know there is enough room so pass 0xff as the length */ ret = UTF8_putc(*p, 0xff, value); + if (ret < 0) + return ret; *p += ret; return 1; } --- crypto/openssl/crypto/asn1/a_object.c.orig +++ crypto/openssl/crypto/asn1/a_object.c @@ -123,7 +123,7 @@ if (!BN_add_word(bl, first * 40)) goto err; } else - l += (long)first *40; + l += (long)first * 40; } i = 0; if (use_bn) { @@ -154,7 +154,6 @@ if (l == 0L) break; } - } if (out != NULL) { if (len + i > olen) { @@ -171,7 +170,7 @@ OPENSSL_free(tmp); BN_free(bl); return len; - err: +err: if (tmp != ftmp) OPENSSL_free(tmp); BN_free(bl); @@ -192,7 +191,7 @@ return BIO_write(bp, "NULL", 4); i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (i > (int)(sizeof(buf) - 1)) { - if (i > INT_MAX - 1) { /* catch an integer overflow */ + if (i > INT_MAX - 1) { /* catch an integer overflow */ ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG); return -1; } @@ -214,7 +213,7 @@ } ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length) + long length) { const unsigned char *p; long len; @@ -236,13 +235,13 @@ if (ret) *pp = p; return ret; - err: +err: ERR_raise(ERR_LIB_ASN1, i); return NULL; } ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long len) + long len) { ASN1_OBJECT *ret = NULL, tobj; const unsigned char *p; @@ -254,8 +253,7 @@ * be clear in the last octet. can't have leading 0x80 in subidentifiers, * see: X.690 8.19.2 */ - if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || - p[len - 1] & 0x80) { + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || p[len - 1] & 0x80) { ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING); return NULL; } @@ -291,8 +289,7 @@ } } - if ((a == NULL) || ((*a) == NULL) || - !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { + if ((a == NULL) || ((*a) == NULL) || !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { if ((ret = ASN1_OBJECT_new()) == NULL) return NULL; } else { @@ -333,7 +330,7 @@ (*a) = ret; *pp = p; return ret; - err: +err: ERR_raise(ERR_LIB_ASN1, i); if ((a == NULL) || (*a != ret)) ASN1_OBJECT_free(ret); @@ -363,13 +360,13 @@ * Disable purely for compile-time strict const checking. Doing this * on a "real" compile will cause memory leaks */ - OPENSSL_free((void*)a->sn); - OPENSSL_free((void*)a->ln); + OPENSSL_free((void *)a->sn); + OPENSSL_free((void *)a->ln); #endif a->sn = a->ln = NULL; } if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { - OPENSSL_free((void*)a->data); + OPENSSL_free((void *)a->data); a->data = NULL; a->length = 0; } @@ -378,7 +375,7 @@ } ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, - const char *sn, const char *ln) + const char *sn, const char *ln) { ASN1_OBJECT o; @@ -387,7 +384,6 @@ o.data = data; o.nid = nid; o.length = len; - o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | - ASN1_OBJECT_FLAG_DYNAMIC_DATA; + o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA; return OBJ_dup(&o); } --- crypto/openssl/crypto/asn1/a_octet.c.orig +++ crypto/openssl/crypto/asn1/a_octet.c @@ -17,13 +17,13 @@ } int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, - const ASN1_OCTET_STRING *b) + const ASN1_OCTET_STRING *b) { return ASN1_STRING_cmp(a, b); } int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, - int len) + int len) { return ASN1_STRING_set(x, d, len); } --- crypto/openssl/crypto/asn1/a_print.c.orig +++ crypto/openssl/crypto/asn1/a_print.c @@ -77,8 +77,7 @@ n = 0; p = (const char *)v->data; for (i = 0; i < v->length; i++) { - if ((p[i] > '~') || ((p[i] < ' ') && - (p[i] != '\n') && (p[i] != '\r'))) + if ((p[i] > '~') || ((p[i] < ' ') && (p[i] != '\n') && (p[i] != '\r'))) buf[n] = '.'; else buf[n] = p[i]; --- crypto/openssl/crypto/asn1/a_sign.c.orig +++ crypto/openssl/crypto/asn1/a_sign.c @@ -25,8 +25,8 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, - const EVP_MD *type) + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, + const EVP_MD *type) { EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; @@ -52,8 +52,7 @@ */ ASN1_TYPE_free(a->parameter); a->parameter = NULL; - } else if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) { + } else if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) { ASN1_TYPE_free(a->parameter); if ((a->parameter = ASN1_TYPE_new()) == NULL) goto err; @@ -67,7 +66,7 @@ } if (a->algorithm->length == 0) { ERR_raise(ERR_LIB_ASN1, - ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); goto err; } } @@ -91,7 +90,7 @@ if (!EVP_SignInit_ex(ctx, type, NULL) || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) || !EVP_SignFinal(ctx, (unsigned char *)buf_out, - (unsigned int *)&outl, pkey)) { + (unsigned int *)&outl, pkey)) { outl = 0; ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; @@ -106,7 +105,7 @@ */ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; - err: +err: EVP_MD_CTX_free(ctx); OPENSSL_clear_free((char *)buf_in, inll); OPENSSL_clear_free((char *)buf_out, outll); @@ -116,18 +115,18 @@ #endif int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, const void *data, - EVP_PKEY *pkey, const EVP_MD *md) + ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey, const EVP_MD *md) { return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey, - md, NULL, NULL); + md, NULL, NULL); } int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - const void *data, const ASN1_OCTET_STRING *id, - EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, - const char *propq) + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, const ASN1_OCTET_STRING *id, + EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, + const char *propq) { int rv = 0; EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq); @@ -142,15 +141,15 @@ rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx); - err: +err: EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); EVP_MD_CTX_free(ctx); return rv; } int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - const void *data, EVP_MD_CTX *ctx) + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, EVP_MD_CTX *ctx) { const EVP_MD *md; EVP_PKEY *pkey; @@ -179,9 +178,8 @@ goto err; } - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, - aid, sizeof(aid)); + params[0] = OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, + aid, sizeof(aid)); params[1] = OSSL_PARAM_construct_end(); if (EVP_PKEY_CTX_get_params(pctx, params) <= 0) @@ -240,7 +238,7 @@ #ifndef OPENSSL_NO_SM2 EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 : #endif - pkey->ameth->pkey_id; + pkey->ameth->pkey_id; if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) { ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); @@ -256,7 +254,6 @@ X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); if (algor2) X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); - } buf_len = ASN1_item_i2d(data, &buf_in, it); @@ -294,7 +291,7 @@ */ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; - err: +err: OPENSSL_clear_free((char *)buf_in, inl); OPENSSL_clear_free((char *)buf_out, outll); return outl; --- crypto/openssl/crypto/asn1/a_strex.c.orig +++ crypto/openssl/crypto/asn1/a_strex.c @@ -24,13 +24,9 @@ * other options. */ -#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) +#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_2254 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) +#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_2254 | ASN1_STRFLGS_ESC_QUOTE | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB) /* * Three IO functions for sending data to memory, a BIO and a FILE @@ -56,7 +52,7 @@ } #endif -typedef int char_io (void *arg, const void *buf, int len); +typedef int char_io(void *arg, const void *buf, int len); /* * This function handles display of strings, one character at a time. It is @@ -65,7 +61,7 @@ */ static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes, - char_io *io_ch, void *arg) + char_io *io_ch, void *arg) { unsigned short chflgs; unsigned char chtmp; @@ -105,9 +101,7 @@ return -1; return 2; } - if (chflgs & (ASN1_STRFLGS_ESC_CTRL - | ASN1_STRFLGS_ESC_MSB - | ASN1_STRFLGS_ESC_2254)) { + if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_ESC_2254)) { BIO_snprintf(tmphex, 11, "\\%02X", chtmp); if (!io_ch(arg, tmphex, 3)) return -1; @@ -127,8 +121,8 @@ return 1; } -#define BUF_TYPE_WIDTH_MASK 0x7 -#define BUF_TYPE_CONVUTF8 0x8 +#define BUF_TYPE_WIDTH_MASK 0x7 +#define BUF_TYPE_CONVUTF8 0x8 /* * This function sends each character in a buffer to do_esc_char(). It @@ -137,8 +131,8 @@ */ static int do_buf(unsigned char *buf, int buflen, - int type, unsigned short flags, char *quotes, char_io *io_ch, - void *arg) + int type, unsigned short flags, char *quotes, char_io *io_ch, + void *arg) { int i, outlen, len, charwidth; unsigned short orflags; @@ -193,12 +187,12 @@ case 0: i = UTF8_getc(p, buflen, &c); if (i < 0) - return -1; /* Invalid UTF8String */ + return -1; /* Invalid UTF8String */ buflen -= i; p += i; break; default: - return -1; /* invalid width */ + return -1; /* invalid width */ } if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; @@ -216,14 +210,14 @@ * character will never be escaped on first and last. */ len = do_esc_char(utfbuf[i], flags | orflags, quotes, - io_ch, arg); + io_ch, arg); if (len < 0) return -1; outlen += len; } } else { len = do_esc_char(c, flags | orflags, quotes, - io_ch, arg); + io_ch, arg); if (len < 0) return -1; outlen += len; @@ -235,7 +229,7 @@ /* This function hex dumps a buffer of characters */ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, - int buflen) + int buflen) { static const char hexdig[] = "0123456789ABCDEF"; unsigned char *p, *q; @@ -261,7 +255,7 @@ */ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, - const ASN1_STRING *str) + const ASN1_STRING *str) { /* * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to @@ -305,24 +299,24 @@ */ static const signed char tag2nbyte[] = { - -1, -1, -1, -1, -1, /* 0-4 */ - -1, -1, -1, -1, -1, /* 5-9 */ - -1, -1, /* 10-11 */ - 0, /* 12 V_ASN1_UTF8STRING */ - -1, -1, -1, -1, -1, /* 13-17 */ - 1, /* 18 V_ASN1_NUMERICSTRING */ - 1, /* 19 V_ASN1_PRINTABLESTRING */ - 1, /* 20 V_ASN1_T61STRING */ - -1, /* 21 */ - 1, /* 22 V_ASN1_IA5STRING */ - 1, /* 23 V_ASN1_UTCTIME */ - 1, /* 24 V_ASN1_GENERALIZEDTIME */ - -1, /* 25 */ - 1, /* 26 V_ASN1_ISO64STRING */ - -1, /* 27 */ - 4, /* 28 V_ASN1_UNIVERSALSTRING */ - -1, /* 29 */ - 2 /* 30 V_ASN1_BMPSTRING */ + -1, -1, -1, -1, -1, /* 0-4 */ + -1, -1, -1, -1, -1, /* 5-9 */ + -1, -1, /* 10-11 */ + 0, /* 12 V_ASN1_UTF8STRING */ + -1, -1, -1, -1, -1, /* 13-17 */ + 1, /* 18 V_ASN1_NUMERICSTRING */ + 1, /* 19 V_ASN1_PRINTABLESTRING */ + 1, /* 20 V_ASN1_T61STRING */ + -1, /* 21 */ + 1, /* 22 V_ASN1_IA5STRING */ + 1, /* 23 V_ASN1_UTCTIME */ + 1, /* 24 V_ASN1_GENERALIZEDTIME */ + -1, /* 25 */ + 1, /* 26 V_ASN1_ISO64STRING */ + -1, /* 27 */ + 4, /* 28 V_ASN1_UNIVERSALSTRING */ + -1, /* 29 */ + 2 /* 30 V_ASN1_BMPSTRING */ }; /* @@ -332,7 +326,7 @@ */ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, - const ASN1_STRING *str) + const ASN1_STRING *str) { int outlen, len; int type; @@ -423,11 +417,11 @@ return 1; } -#define FN_WIDTH_LN 25 -#define FN_WIDTH_SN 10 +#define FN_WIDTH_LN 25 +#define FN_WIDTH_SN 10 static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, - int indent, unsigned long flags) + int indent, unsigned long flags) { int i, prev = -1, orflags, cnt; int fn_opt, fn_nid; @@ -518,7 +512,7 @@ int objlen, fld_len; if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1); - fld_len = 0; /* XXX: what should this be? */ + fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { if (fn_opt == XN_FLAG_FN_SN) { @@ -565,7 +559,7 @@ /* Wrappers round the main functions */ int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, - unsigned long flags) + unsigned long flags) { if (flags == XN_FLAG_COMPAT) return X509_NAME_print(out, nm, indent); @@ -574,7 +568,7 @@ #ifndef OPENSSL_NO_STDIO int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, - unsigned long flags) + unsigned long flags) { if (flags == XN_FLAG_COMPAT) { BIO *btmp; @@ -623,9 +617,8 @@ stmp.data = NULL; stmp.length = 0; stmp.flags = 0; - ret = - ASN1_mbstring_copy(&str, in->data, in->length, mbflag, - B_ASN1_UTF8STRING); + ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, + B_ASN1_UTF8STRING); if (ret < 0) return ret; *out = stmp.data; --- crypto/openssl/crypto/asn1/a_strnid.c.orig +++ crypto/openssl/crypto/asn1/a_strnid.c @@ -15,7 +15,7 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, - const ASN1_STRING_TABLE *const *b); + const ASN1_STRING_TABLE *const *b); /* * This is the global mask for the mbstring functions: this is use to mask @@ -77,8 +77,8 @@ */ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, - const unsigned char *in, int inlen, - int inform, int nid) + const unsigned char *in, int inlen, + int inform, int nid) { ASN1_STRING_TABLE *tbl; ASN1_STRING *str = NULL; @@ -93,10 +93,10 @@ if (!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, - tbl->minsize, tbl->maxsize); + tbl->minsize, tbl->maxsize); } else { ret = ASN1_mbstring_copy(out, in, inlen, inform, - DIRSTRING_TYPE & global_mask); + DIRSTRING_TYPE & global_mask); } if (ret <= 0) return NULL; @@ -110,7 +110,7 @@ #include "tbl_standard.h" static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, - const ASN1_STRING_TABLE *const *b) + const ASN1_STRING_TABLE *const *b) { return (*a)->nid - (*b)->nid; } @@ -185,8 +185,8 @@ } int ASN1_STRING_TABLE_add(int nid, - long minsize, long maxsize, unsigned long mask, - unsigned long flags) + long minsize, long maxsize, unsigned long mask, + unsigned long flags) { ASN1_STRING_TABLE *tmp; --- crypto/openssl/crypto/asn1/a_time.c.orig +++ crypto/openssl/crypto/asn1/a_time.c @@ -260,13 +260,13 @@ *tm = tmp; return 1; } - err: +err: return 0; } ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) { - char* p; + char *p; ASN1_TIME *tmps = NULL; const size_t len = 20; @@ -293,24 +293,24 @@ goto err; tmps->type = type; - p = (char*)tmps->data; + p = (char *)tmps->data; if (type == V_ASN1_GENERALIZEDTIME) tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", - ts->tm_year + 1900, ts->tm_mon + 1, - ts->tm_mday, ts->tm_hour, ts->tm_min, - ts->tm_sec); + ts->tm_year + 1900, ts->tm_mon + 1, + ts->tm_mday, ts->tm_hour, ts->tm_min, + ts->tm_sec); else tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", - ts->tm_year % 100, ts->tm_mon + 1, - ts->tm_mday, ts->tm_hour, ts->tm_min, - ts->tm_sec); + ts->tm_year % 100, ts->tm_mon + 1, + ts->tm_mday, ts->tm_hour, ts->tm_min, + ts->tm_sec); #ifdef CHARSET_EBCDIC ebcdic2ascii(tmps->data, tmps->data, tmps->length); #endif return tmps; - err: +err: if (tmps != s) ASN1_STRING_free(tmps); return NULL; @@ -322,7 +322,7 @@ } ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - int offset_day, long offset_sec) + int offset_day, long offset_sec) { struct tm *ts; struct tm data; @@ -350,7 +350,7 @@ /* Convert an ASN1_TIME structure to GeneralizedTime */ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, - ASN1_GENERALIZEDTIME **out) + ASN1_GENERALIZEDTIME **out) { ASN1_GENERALIZEDTIME *ret = NULL; struct tm tm; @@ -454,7 +454,7 @@ } int ASN1_TIME_diff(int *pday, int *psec, - const ASN1_TIME *from, const ASN1_TIME *to) + const ASN1_TIME *from, const ASN1_TIME *to) { struct tm tm_from, tm_to; @@ -482,7 +482,6 @@ return ossl_asn1_time_print_ex(bp, tm, flags) > 0; } - /* prints the time with the date format of ISO 8601 */ /* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) @@ -518,26 +517,30 @@ if (f_len > 0) { if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d.%.*sZ", - stm.tm_year + 1900, stm.tm_mon + 1, - stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, f_len, f) > 0; + stm.tm_year + 1900, stm.tm_mon + 1, + stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f) + > 0; } else { return BIO_printf(bp, "%s %2d %02d:%02d:%02d.%.*s %d GMT", - _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, f_len, f, - stm.tm_year + 1900) > 0; + _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f, + stm.tm_year + 1900) + > 0; } } } if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02dZ", - stm.tm_year + 1900, stm.tm_mon + 1, - stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec) > 0; + stm.tm_year + 1900, stm.tm_mon + 1, + stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec) + > 0; } else { return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d GMT", - _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, stm.tm_year + 1900) > 0; + _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, stm.tm_year + 1900) + > 0; } } --- crypto/openssl/crypto/asn1/a_type.c.orig +++ crypto/openssl/crypto/asn1/a_type.c @@ -16,8 +16,8 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) { if (a->type == V_ASN1_BOOLEAN - || a->type == V_ASN1_NULL - || a->value.ptr != NULL) + || a->type == V_ASN1_NULL + || a->value.ptr != NULL) return a->type; else return 0; @@ -26,8 +26,8 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) { if (a->type != V_ASN1_BOOLEAN - && a->type != V_ASN1_NULL - && a->value.ptr != NULL) { + && a->type != V_ASN1_NULL + && a->value.ptr != NULL) { ASN1_TYPE **tmp_a = &a; ossl_asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); } @@ -75,7 +75,7 @@ result = a->value.boolean - b->value.boolean; break; case V_ASN1_NULL: - result = 0; /* They do not have content. */ + result = 0; /* They do not have content. */ break; case V_ASN1_INTEGER: case V_ASN1_ENUMERATED: @@ -99,7 +99,7 @@ case V_ASN1_OTHER: default: result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr, - (ASN1_STRING *)b->value.ptr); + (ASN1_STRING *)b->value.ptr); break; } --- crypto/openssl/crypto/asn1/a_utctm.c.orig +++ crypto/openssl/crypto/asn1/a_utctm.c @@ -55,7 +55,7 @@ } ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, - int offset_day, long offset_sec) + int offset_day, long offset_sec) { struct tm *ts; struct tm data; --- crypto/openssl/crypto/asn1/a_utf8.c.orig +++ crypto/openssl/crypto/asn1/a_utf8.c @@ -73,7 +73,7 @@ value |= (*p++ & 0x3f) << 12; value |= (*p++ & 0x3f) << 6; value |= *p++ & 0x3f; - if (value < 0x10000) + if (value < 0x10000 || value >= UNICODE_LIMIT) return -4; ret = 4; } else @@ -93,7 +93,7 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value) { if (!str) - len = 4; /* Maximum we will need */ + len = 4; /* Maximum we will need */ else if (len <= 0) return -1; if (value < 0x80) { --- crypto/openssl/crypto/asn1/a_verify.c.orig +++ crypto/openssl/crypto/asn1/a_verify.c @@ -25,7 +25,7 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, - char *data, EVP_PKEY *pkey) + char *data, EVP_PKEY *pkey) { EVP_MD_CTX *ctx = EVP_MD_CTX_new(); const EVP_MD *type; @@ -73,13 +73,14 @@ ret = -1; if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, - (unsigned int)signature->length, pkey) <= 0) { + (unsigned int)signature->length, pkey) + <= 0) { ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); ret = 0; goto err; } ret = 1; - err: +err: EVP_MD_CTX_free(ctx); return ret; } @@ -87,16 +88,16 @@ #endif int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - EVP_PKEY *pkey) + const ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey) { return ASN1_item_verify_ex(it, alg, signature, data, NULL, pkey, NULL, NULL); } int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, - OSSL_LIB_CTX *libctx, const char *propq) + const ASN1_BIT_STRING *signature, const void *data, + const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_MD_CTX *ctx; int rv = -1; @@ -110,8 +111,8 @@ } int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - EVP_MD_CTX *ctx) + const ASN1_BIT_STRING *signature, const void *data, + EVP_MD_CTX *ctx) { EVP_PKEY *pkey; unsigned char *buf_in = NULL; @@ -183,7 +184,7 @@ type = EVP_get_digestbynid(mdnid); if (type == NULL) { ERR_raise(ERR_LIB_ASN1, - ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } } @@ -214,13 +215,13 @@ inll = inl; ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, - buf_in, inl); + buf_in, inl); if (ret <= 0) { ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; } ret = 1; - err: +err: OPENSSL_clear_free(buf_in, inll); return ret; } --- crypto/openssl/crypto/asn1/ameth_lib.c.orig +++ crypto/openssl/crypto/asn1/ameth_lib.c @@ -24,16 +24,16 @@ static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, - const EVP_PKEY_ASN1_METHOD *, ameth); + const EVP_PKEY_ASN1_METHOD *, ameth); static int ameth_cmp(const EVP_PKEY_ASN1_METHOD *const *a, - const EVP_PKEY_ASN1_METHOD *const *b) + const EVP_PKEY_ASN1_METHOD *const *b) { return ((*a)->pkey_id - (*b)->pkey_id); } IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, - const EVP_PKEY_ASN1_METHOD *, ameth); + const EVP_PKEY_ASN1_METHOD *, ameth); int EVP_PKEY_asn1_get_count(void) { @@ -104,7 +104,7 @@ } const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - const char *str, int len) + const char *str, int len) { int i; const EVP_PKEY_ASN1_METHOD *ameth = NULL; @@ -128,7 +128,7 @@ #endif *pe = NULL; } - for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) { + for (i = EVP_PKEY_asn1_get_count(); i-- > 0;) { ameth = EVP_PKEY_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; @@ -141,7 +141,9 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) { - EVP_PKEY_ASN1_METHOD tmp = { 0, }; + EVP_PKEY_ASN1_METHOD tmp = { + 0, + }; /* * One of the following must be true: @@ -152,9 +154,9 @@ * Anything else is an error and may lead to a corrupt ASN1 method table */ if (!((ameth->pem_str == NULL - && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0) - || (ameth->pem_str != NULL - && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) { + && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0) + || (ameth->pem_str != NULL + && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) { ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -168,7 +170,7 @@ tmp.pkey_id = ameth->pkey_id; if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) { ERR_raise(ERR_LIB_EVP, - EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED); + EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED); return 0; } @@ -193,9 +195,9 @@ } int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, - int *ppkey_flags, const char **pinfo, - const char **ppem_str, - const EVP_PKEY_ASN1_METHOD *ameth) + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth) { if (!ameth) return 0; @@ -218,7 +220,7 @@ } EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, - const char *pem_str, const char *info) + const char *pem_str, const char *info) { EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth)); @@ -245,14 +247,14 @@ return ameth; - err: +err: EVP_PKEY_asn1_free(ameth); ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, - const EVP_PKEY_ASN1_METHOD *src) + const EVP_PKEY_ASN1_METHOD *src) { int pkey_id = dst->pkey_id; int pkey_base_id = dst->pkey_base_id; @@ -280,17 +282,17 @@ } void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - int (*pub_decode) (EVP_PKEY *pk, - const X509_PUBKEY *pub), - int (*pub_encode) (X509_PUBKEY *pub, - const EVP_PKEY *pk), - int (*pub_cmp) (const EVP_PKEY *a, - const EVP_PKEY *b), - int (*pub_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx), - int (*pkey_size) (const EVP_PKEY *pk), - int (*pkey_bits) (const EVP_PKEY *pk)) + int (*pub_decode)(EVP_PKEY *pk, + const X509_PUBKEY *pub), + int (*pub_encode)(X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp)(const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print)(BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size)(const EVP_PKEY *pk), + int (*pkey_bits)(const EVP_PKEY *pk)) { ameth->pub_decode = pub_decode; ameth->pub_encode = pub_encode; @@ -301,15 +303,15 @@ } void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode) (EVP_PKEY *pk, - const PKCS8_PRIV_KEY_INFO - *p8inf), - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, - const EVP_PKEY *pk), - int (*priv_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, - ASN1_PCTX *pctx)) + int (*priv_decode)(EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print)(BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)) { ameth->priv_decode = priv_decode; ameth->priv_encode = priv_encode; @@ -317,19 +319,19 @@ } void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, - int (*param_decode) (EVP_PKEY *pkey, - const unsigned char **pder, - int derlen), - int (*param_encode) (const EVP_PKEY *pkey, - unsigned char **pder), - int (*param_missing) (const EVP_PKEY *pk), - int (*param_copy) (EVP_PKEY *to, - const EVP_PKEY *from), - int (*param_cmp) (const EVP_PKEY *a, - const EVP_PKEY *b), - int (*param_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx)) + int (*param_decode)(EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode)(const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing)(const EVP_PKEY *pk), + int (*param_copy)(EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp)(const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print)(BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx)) { ameth->param_decode = param_decode; ameth->param_encode = param_encode; @@ -340,98 +342,98 @@ } void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, - void (*pkey_free) (EVP_PKEY *pkey)) + void (*pkey_free)(EVP_PKEY *pkey)) { ameth->pkey_free = pkey_free; } void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_ctrl) (EVP_PKEY *pkey, int op, - long arg1, void *arg2)) + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, + long arg1, void *arg2)) { ameth->pkey_ctrl = pkey_ctrl; } void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_security_bits) (const EVP_PKEY - *pk)) + int (*pkey_security_bits)(const EVP_PKEY + *pk)) { ameth->pkey_security_bits = pkey_security_bits; } void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, - int (*item_verify) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - const void *data, - const X509_ALGOR *a, - const ASN1_BIT_STRING *sig, - EVP_PKEY *pkey), - int (*item_sign) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - const void *data, - X509_ALGOR *alg1, - X509_ALGOR *alg2, - ASN1_BIT_STRING *sig)) + int (*item_verify)(EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + const void *data, + const X509_ALGOR *a, + const ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign)(EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + const void *data, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)) { ameth->item_sign = item_sign; ameth->item_verify = item_verify; } void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, - int (*siginf_set) (X509_SIG_INFO *siginf, - const X509_ALGOR *alg, - const ASN1_STRING *sig)) + int (*siginf_set)(X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)) { ameth->siginf_set = siginf_set; } void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_check) (const EVP_PKEY *pk)) + int (*pkey_check)(const EVP_PKEY *pk)) { ameth->pkey_check = pkey_check; } void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_pub_check) (const EVP_PKEY *pk)) + int (*pkey_pub_check)(const EVP_PKEY *pk)) { ameth->pkey_public_check = pkey_pub_check; } void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_param_check) (const EVP_PKEY *pk)) + int (*pkey_param_check)(const EVP_PKEY *pk)) { ameth->pkey_param_check = pkey_param_check; } void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*set_priv_key) (EVP_PKEY *pk, - const unsigned char - *priv, - size_t len)) + int (*set_priv_key)(EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)) { ameth->set_priv_key = set_priv_key; } void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*set_pub_key) (EVP_PKEY *pk, - const unsigned char *pub, - size_t len)) + int (*set_pub_key)(EVP_PKEY *pk, + const unsigned char *pub, + size_t len)) { ameth->set_pub_key = set_pub_key; } void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*get_priv_key) (const EVP_PKEY *pk, - unsigned char *priv, - size_t *len)) + int (*get_priv_key)(const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)) { ameth->get_priv_key = get_priv_key; } void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*get_pub_key) (const EVP_PKEY *pk, - unsigned char *pub, - size_t *len)) + int (*get_pub_key)(const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)) { ameth->get_pub_key = get_pub_key; } --- crypto/openssl/crypto/asn1/asn1_err.c.orig +++ crypto/openssl/crypto/asn1/asn1_err.c @@ -15,189 +15,189 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR), - "asn1 sig parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH), - "bmpstring is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH), - "boolean is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), - "cipher has no object identifier"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED), - "context not initialised"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "data is wrong"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), - "digest and key type not supported"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "encode error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME), - "error getting time"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION), - "error loading section"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS), - "error setting cipher params"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER), - "expecting an integer"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT), - "expecting an object"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH), - "explicit length mismatch"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), - "explicit tag not constructed"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "field missing"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE), - "first num too large"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "header too long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT), - "illegal bitstring format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS), - "illegal characters"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "illegal format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "illegal hex"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG), - "illegal implicit tag"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NEGATIVE_VALUE), - "illegal negative value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING), - "illegal nested tagging"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "illegal null"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE), - "illegal null value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "illegal object"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY), - "illegal optional any"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), - "illegal options on item template"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_PADDING), "illegal padding"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY), - "illegal tagged any"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE), - "illegal time value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_ZERO_CONTENT), - "illegal zero content"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT), - "integer not ascii format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), - "integer too large for long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT), - "invalid bit string bits left"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH), - "invalid bmpstring length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "invalid digit"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "invalid mime type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "invalid modifier"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "invalid number"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING), - "invalid object encoding"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SCRYPT_PARAMETERS), - "invalid scrypt parameters"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "invalid separator"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_STRING_TABLE_VALUE), - "invalid string table value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), - "invalid universalstring length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING), - "invalid utf8string"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LENGTH_TOO_LONG), "length too long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE), - "mime no content type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "mime parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR), - "mime sig parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "missing eoc"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER), - "missing second number"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "missing value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL), - "mstring not universal"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING), - "nested asn1 string"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS), - "non hex characters"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "no content type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE), - "no matching choice type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE), - "no multipart body failure"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY), - "no multipart boundary"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE), - "no sig content type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH), - "null is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT), - "object not ascii format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS), - "odd number of chars"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE), - "second number too large"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH), - "sequence length mismatch"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED), - "sequence not constructed"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), - "sequence or set needs config"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "short line"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE), - "sig invalid mime type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED), - "streaming not supported"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "string too long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "string too short"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), - "the asn1 object identifier is not known for this md"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT), - "time not ascii format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LARGE), "too large"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "too long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_SMALL), "too small"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED), - "type not constructed"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE), - "type not primitive"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), - "universalstring is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), - "unknown message digest algorithm"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE), - "unknown object type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), - "unknown public key type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), - "unknown signature algorithm"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), - "unsupported any defined by type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER), - "unsupported cipher"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), - "unsupported public key type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_INTEGER_TYPE), - "wrong integer type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE), - "wrong public key type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "wrong tag"}, - {0, NULL} + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR), + "asn1 sig parse error" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH), + "bmpstring is wrong length" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH), + "boolean is wrong length" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "buffer too small" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), + "cipher has no object identifier" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED), + "context not initialised" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "data is wrong" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "decode error" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "depth exceeded" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), + "digest and key type not supported" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "encode error" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME), + "error getting time" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION), + "error loading section" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS), + "error setting cipher params" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER), + "expecting an integer" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT), + "expecting an object" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH), + "explicit length mismatch" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), + "explicit tag not constructed" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "field missing" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE), + "first num too large" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "header too long" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT), + "illegal bitstring format" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS), + "illegal characters" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "illegal format" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "illegal hex" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG), + "illegal implicit tag" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "illegal integer" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NEGATIVE_VALUE), + "illegal negative value" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING), + "illegal nested tagging" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "illegal null" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE), + "illegal null value" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "illegal object" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY), + "illegal optional any" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), + "illegal options on item template" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_PADDING), "illegal padding" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY), + "illegal tagged any" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE), + "illegal time value" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_ZERO_CONTENT), + "illegal zero content" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT), + "integer not ascii format" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), + "integer too large for long" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT), + "invalid bit string bits left" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH), + "invalid bmpstring length" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "invalid digit" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "invalid mime type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "invalid modifier" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "invalid number" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING), + "invalid object encoding" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SCRYPT_PARAMETERS), + "invalid scrypt parameters" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "invalid separator" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_STRING_TABLE_VALUE), + "invalid string table value" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), + "invalid universalstring length" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING), + "invalid utf8string" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LENGTH_TOO_LONG), "length too long" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE), + "mime no content type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "mime parse error" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR), + "mime sig parse error" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "missing eoc" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER), + "missing second number" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "missing value" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL), + "mstring not universal" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING), + "nested asn1 string" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_TOO_DEEP), "nested too deep" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS), + "non hex characters" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "not ascii format" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "not enough data" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "no content type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE), + "no matching choice type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE), + "no multipart body failure" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY), + "no multipart boundary" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE), + "no sig content type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH), + "null is wrong length" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT), + "object not ascii format" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS), + "odd number of chars" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE), + "second number too large" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH), + "sequence length mismatch" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED), + "sequence not constructed" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), + "sequence or set needs config" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "short line" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE), + "sig invalid mime type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED), + "streaming not supported" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "string too long" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "string too short" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), + "the asn1 object identifier is not known for this md" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT), + "time not ascii format" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LARGE), "too large" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "too long" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_SMALL), "too small" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED), + "type not constructed" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE), + "type not primitive" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), + "universalstring is wrong length" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_DIGEST), "unknown digest" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), + "unknown message digest algorithm" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE), + "unknown object type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), + "unknown public key type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), + "unknown signature algorithm" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), + "unsupported any defined by type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER), + "unsupported cipher" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_INTEGER_TYPE), + "wrong integer type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE), + "wrong public key type" }, + { ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "wrong tag" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/asn1/asn1_gen.c.orig +++ crypto/openssl/crypto/asn1/asn1_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,30 +11,30 @@ #include #include -#define ASN1_GEN_FLAG 0x10000 -#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) -#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) -#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) -#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) -#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) -#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) -#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) -#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) +#define ASN1_GEN_FLAG 0x10000 +#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG | 1) +#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG | 2) +#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG | 3) +#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG | 4) +#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG | 5) +#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG | 6) +#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG | 7) +#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG | 8) -#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} +#define ASN1_GEN_STR(str, val) { str, sizeof(str) - 1, val } -#define ASN1_FLAG_EXP_MAX 20 +#define ASN1_FLAG_EXP_MAX 20 /* Maximum number of nested sequences */ -#define ASN1_GEN_SEQ_MAX_DEPTH 50 +#define ASN1_GEN_SEQ_MAX_DEPTH 50 /* Input formats */ /* ASCII: default */ -#define ASN1_GEN_FORMAT_ASCII 1 +#define ASN1_GEN_FORMAT_ASCII 1 /* UTF8 */ -#define ASN1_GEN_FORMAT_UTF8 2 +#define ASN1_GEN_FORMAT_UTF8 2 /* Hex */ -#define ASN1_GEN_FORMAT_HEX 3 +#define ASN1_GEN_FORMAT_HEX 3 /* List of bits */ #define ASN1_GEN_FORMAT_BITLIST 4 @@ -63,15 +63,15 @@ } tag_exp_arg; static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, - int *perr); + int *perr); static int bitstr_cb(const char *elem, int len, void *bitstr); static int asn1_cb(const char *elem, int len, void *bitstr); static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, - int exp_constructed, int exp_pad, int imp_ok); + int exp_constructed, int exp_pad, int imp_ok); static int parse_tagging(const char *vstart, int vlen, int *ptag, - int *pclass); + int *pclass); static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, - int depth, int *perr); + int depth, int *perr); static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); static int asn1_str2tag(const char *tagstr, int len); @@ -96,7 +96,7 @@ } static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, - int *perr) + int *perr) { ASN1_TYPE *ret; tag_exp_arg asn1_tags; @@ -133,8 +133,9 @@ return NULL; } ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); - } else + } else { ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); + } if (!ret) return NULL; @@ -147,6 +148,8 @@ cpy_len = i2d_ASN1_TYPE(ret, &orig_der); ASN1_TYPE_free(ret); ret = NULL; + if (orig_der == NULL) + return NULL; /* Set point to start copying for modified encoding */ cpy_start = orig_der; @@ -155,7 +158,7 @@ /* If IMPLICIT we will replace the underlying tag */ /* Skip existing tag+len */ r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, - cpy_len); + cpy_len); if (r & 0x80) goto err; /* Update copy length */ @@ -168,26 +171,32 @@ /* Indefinite length constructed */ hdr_constructed = 2; hdr_len = 0; - } else + } else { /* Just retain constructed flag */ hdr_constructed = r & V_ASN1_CONSTRUCTED; + } /* * Work out new length with IMPLICIT tag: ignore constructed because * it will mess up if indefinite length */ len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); - } else + if (len == -1) + goto err; + } else { len = cpy_len; + } /* Work out length in any EXPLICIT, starting from end */ for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; - i < asn1_tags.exp_count; i++, etmp--) { + i < asn1_tags.exp_count; i++, etmp--) { /* Content length: number of content octets + any padding */ len += etmp->exp_pad; etmp->exp_len = len; /* Total object length: length including new header */ len = ASN1_object_size(0, len, etmp->exp_tag); + if (len == -1) + goto err; } /* Allocate buffer for new encoding */ @@ -203,9 +212,9 @@ /* Output explicit tags first */ for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; - i++, etmp++) { + i++, etmp++) { ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, - etmp->exp_tag, etmp->exp_class); + etmp->exp_tag, etmp->exp_class); if (etmp->exp_pad) *p++ = 0; } @@ -218,7 +227,7 @@ || asn1_tags.imp_tag == V_ASN1_SET)) hdr_constructed = V_ASN1_CONSTRUCTED; ASN1_put_object(&p, hdr_constructed, hdr_len, - asn1_tags.imp_tag, asn1_tags.imp_class); + asn1_tags.imp_tag, asn1_tags.imp_class); } /* Copy across original encoding */ @@ -229,12 +238,11 @@ /* Obtain new ASN1_TYPE structure */ ret = d2i_ASN1_TYPE(NULL, &cp, len); - err: +err: OPENSSL_free(orig_der); OPENSSL_free(new_der); return ret; - } static int asn1_cb(const char *elem, int len, void *bitstr) @@ -337,11 +345,9 @@ return -1; } break; - } return 1; - } static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) @@ -385,21 +391,19 @@ default: ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MODIFIER, - "Char=%c", *eptr); + "Char=%c", *eptr); return 0; - } } else *pclass = V_ASN1_CONTEXT_SPECIFIC; return 1; - } /* Handle multiple types: SET and SEQUENCE */ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, - int depth, int *perr) + int depth, int *perr) { ASN1_TYPE *ret = NULL; STACK_OF(ASN1_TYPE) *sk = NULL; @@ -417,9 +421,8 @@ if (!sect) goto bad; for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { - ASN1_TYPE *typ = - generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, - depth + 1, perr); + ASN1_TYPE *typ = generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, + depth + 1, perr); if (!typ) goto bad; if (!sk_ASN1_TYPE_push(sk, typ)) @@ -449,7 +452,7 @@ der = NULL; - bad: +bad: OPENSSL_free(der); @@ -460,7 +463,7 @@ } static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, - int exp_constructed, int exp_pad, int imp_ok) + int exp_constructed, int exp_pad, int imp_ok) { tag_exp_type *exp_tmp; /* Can only have IMPLICIT if permitted */ @@ -619,7 +622,8 @@ goto bad_form; } if ((atmp->value.integer - = s2i_ASN1_INTEGER(NULL, str)) == NULL) { + = s2i_ASN1_INTEGER(NULL, str)) + == NULL) { ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_INTEGER); goto bad_str; } @@ -677,7 +681,8 @@ } if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, - -1, format, ASN1_tag2bit(utype)) <= 0) { + -1, format, ASN1_tag2bit(utype)) + <= 0) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } @@ -705,9 +710,8 @@ goto bad_str; } } else if ((format == ASN1_GEN_FORMAT_BITLIST) - && (utype == V_ASN1_BIT_STRING)) { - if (!CONF_parse_list - (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { + && (utype == V_ASN1_BIT_STRING)) { + if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) { ERR_raise(ERR_LIB_ASN1, ASN1_R_LIST_ERROR); goto bad_str; } @@ -734,13 +738,12 @@ atmp->type = utype; return atmp; - bad_str: +bad_str: ERR_add_error_data(2, "string=", str); - bad_form: +bad_form: ASN1_TYPE_free(atmp); return NULL; - } static int bitstr_cb(const char *elem, int len, void *bitstr) --- crypto/openssl/crypto/asn1/asn1_item_list.h.orig +++ crypto/openssl/crypto/asn1/asn1_item_list.h @@ -63,10 +63,10 @@ ASN1_ITEM_ref(DIST_POINT_NAME), ASN1_ITEM_ref(DIST_POINT), #ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 ASN1_ITEM_ref(ECPARAMETERS), ASN1_ITEM_ref(ECPKPARAMETERS), -# endif +#endif #endif ASN1_ITEM_ref(EDIPARTYNAME), ASN1_ITEM_ref(EXTENDED_KEY_USAGE), --- crypto/openssl/crypto/asn1/asn1_lib.c.orig +++ crypto/openssl/crypto/asn1/asn1_lib.c @@ -14,7 +14,7 @@ #include "asn1_local.h" static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - long max); + long max); static void asn1_put_length(unsigned char **pp, int length); static int _asn1_check_infinite_end(const unsigned char **p, long len) @@ -44,7 +44,7 @@ } int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, - int *pclass, long omax) + int *pclass, long omax) { int i, ret; long len; @@ -101,7 +101,7 @@ } *pp = p; return ret | inf; - err: +err: ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG); return 0x80; } @@ -114,7 +114,7 @@ * are stored most significant digit first. */ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - long max) + long max) { const unsigned char *p = *pp; unsigned long ret = 0; @@ -158,7 +158,7 @@ * constructed == 2 for indefinite length constructed */ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, - int xclass) + int xclass) { unsigned char *p = *pp; int i, ttag; @@ -430,7 +430,7 @@ /* |max_len| excludes NUL terminator and may be 0 to indicate no restriction */ char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, - const char *sep, size_t max_len) + const char *sep, size_t max_len) { int i; ASN1_UTF8STRING *current; --- crypto/openssl/crypto/asn1/asn1_local.h.orig +++ crypto/openssl/crypto/asn1/asn1_local.h @@ -35,10 +35,10 @@ /* The field value itself */ ASN1_VALUE **field; /* Callback to pass information to */ - int (*scan_cb) (ASN1_SCTX *ctx); + int (*scan_cb)(ASN1_SCTX *ctx); /* Context specific application data */ void *app_data; -} /* ASN1_SCTX */ ; +} /* ASN1_SCTX */; typedef struct mime_param_st MIME_PARAM; DEFINE_STACK_OF(MIME_PARAM) @@ -49,46 +49,46 @@ int ossl_asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); int ossl_asn1_get_choice_selector_const(const ASN1_VALUE **pval, - const ASN1_ITEM *it); + const ASN1_ITEM *it); int ossl_asn1_set_choice_selector(ASN1_VALUE **pval, int value, - const ASN1_ITEM *it); + const ASN1_ITEM *it); ASN1_VALUE **ossl_asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); const ASN1_VALUE **ossl_asn1_get_const_field_ptr(const ASN1_VALUE **pval, - const ASN1_TEMPLATE *tt); + const ASN1_TEMPLATE *tt); const ASN1_TEMPLATE *ossl_asn1_do_adb(const ASN1_VALUE *val, - const ASN1_TEMPLATE *tt, - int nullerr); + const ASN1_TEMPLATE *tt, + int nullerr); int ossl_asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval, - const ASN1_ITEM *it); + const ASN1_ITEM *it); int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it); + const ASN1_ITEM *it); void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); void ossl_asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); void ossl_asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length); + long length); int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); ASN1_BIT_STRING *ossl_c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long length); + const unsigned char **pp, long length); int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); + long length); /* Internal functions used by x_int64.c */ int ossl_c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, - long len); + long len); int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg); ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); int ossl_asn1_item_ex_new_intern(ASN1_VALUE **pval, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); --- crypto/openssl/crypto/asn1/asn1_parse.c.orig +++ crypto/openssl/crypto/asn1/asn1_parse.c @@ -18,9 +18,9 @@ #endif static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - int offset, int depth, int indent, int dump); + int offset, int depth, int indent, int dump); static int asn1_print_info(BIO *bp, long offset, int depth, int hl, long len, - int tag, int xclass, int constructed, int indent) + int tag, int xclass, int constructed, int indent) { char str[128]; const char *p; @@ -35,17 +35,19 @@ p = "prim: "; if (constructed != (V_ASN1_CONSTRUCTED | 1)) { if (BIO_snprintf(str, sizeof(str), "%5ld:d=%-2d hl=%ld l=%4ld %s", - offset, depth, (long)hl, len, p) <= 0) + offset, depth, (long)hl, len, p) + <= 0) goto err; } else { if (BIO_snprintf(str, sizeof(str), "%5ld:d=%-2d hl=%ld l=inf %s", - offset, depth, (long)hl, p) <= 0) + offset, depth, (long)hl, p) + <= 0) goto err; } if (bp != NULL) { if (BIO_set_prefix(bp, str) <= 0) { if ((bio = BIO_new(BIO_f_prefix())) == NULL - || (bp = BIO_push(bio, bp)) == NULL) + || (bp = BIO_push(bio, bp)) == NULL) goto err; pop_f_prefix = 1; } @@ -71,7 +73,7 @@ p = ASN1_tag2str(tag); i = (BIO_printf(bp, "%-18s", p) > 0); - err: +err: if (saved_indent >= 0) BIO_set_indent(bp, saved_indent); if (pop_f_prefix) @@ -86,13 +88,13 @@ } int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, - int dump) + int dump) { return asn1_parse2(bp, &pp, len, 0, 0, indent, dump); } static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - int offset, int depth, int indent, int dump) + int offset, int depth, int indent, int dump) { const unsigned char *p, *ep, *tot, *op, *opp; long len; @@ -110,7 +112,7 @@ return 0; } - dump_indent = 6; /* Because we know BIO_dump_indent() */ + dump_indent = 6; /* Because we know BIO_dump_indent() */ p = *pp; tot = p + length; while (length > 0) { @@ -126,7 +128,7 @@ * if j == 0x21 it is a constructed indefinite length object */ if (!asn1_print_info(bp, (long)offset + (long)(op - *pp), depth, - hl, len, tag, xclass, j, (indent) ? depth : 0)) + hl, len, tag, xclass, j, (indent) ? depth : 0)) goto end; if (j & V_ASN1_CONSTRUCTED) { const unsigned char *sp = p; @@ -141,8 +143,8 @@ if ((j == 0x21) && (len == 0)) { for (;;) { r = asn1_parse2(bp, &p, (long)(tot - p), - offset + (p - *pp), depth + 1, - indent, dump); + offset + (p - *pp), depth + 1, + indent, dump); if (r == 0) goto end; if ((r == 2) || (p >= tot)) { @@ -156,8 +158,8 @@ while (p < ep) { sp = p; r = asn1_parse2(bp, &p, tmp, - offset + (p - *pp), depth + 1, - indent, dump); + offset + (p - *pp), depth + 1, + indent, dump); if (r == 0) goto end; tmp -= p - sp; @@ -169,17 +171,10 @@ goto end; } else { nl = 0; - if ((tag == V_ASN1_PRINTABLESTRING) || - (tag == V_ASN1_T61STRING) || - (tag == V_ASN1_IA5STRING) || - (tag == V_ASN1_VISIBLESTRING) || - (tag == V_ASN1_NUMERICSTRING) || - (tag == V_ASN1_UTF8STRING) || - (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { + if ((tag == V_ASN1_PRINTABLESTRING) || (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || (tag == V_ASN1_NUMERICSTRING) || (tag == V_ASN1_UTF8STRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { if (BIO_write(bp, ":", 1) <= 0) goto end; - if ((len > 0) && BIO_write(bp, (const char *)p, (int)len) - != (int)len) + if ((len > 0) && BIO_write(bp, (const char *)p, (int)len) != (int)len) goto end; } else if (tag == V_ASN1_OBJECT) { opp = op; @@ -213,25 +208,22 @@ * testing whether the octet string is printable */ for (i = 0; i < os->length; i++) { - if (((opp[i] < ' ') && - (opp[i] != '\n') && - (opp[i] != '\r') && - (opp[i] != '\t')) || (opp[i] > '~')) { + if (((opp[i] < ' ') && (opp[i] != '\n') && (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) { printable = 0; break; } } if (printable) - /* printable string */ + /* printable string */ { if (BIO_write(bp, ":", 1) <= 0) goto end; if (BIO_write(bp, (const char *)opp, os->length) <= 0) goto end; } else if (!dump) - /* - * not printable => print octet string as hex dump - */ + /* + * not printable => print octet string as hex dump + */ { if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0) goto end; @@ -240,18 +232,17 @@ goto end; } } else - /* print the normal dump */ + /* print the normal dump */ { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } if (BIO_dump_indent(bp, - (const char *)opp, - ((dump == -1 || dump > - os-> - length) ? os->length : dump), - dump_indent) <= 0) + (const char *)opp, + ((dump == -1 || dump > os->length) ? os->length : dump), + dump_indent) + <= 0) goto end; nl = 1; } @@ -316,8 +307,9 @@ goto end; } if (BIO_dump_indent(bp, (const char *)p, - ((dump == -1 || dump > len) ? len : dump), - dump_indent) <= 0) + ((dump == -1 || dump > len) ? len : dump), + dump_indent) + <= 0) goto end; nl = 1; } @@ -341,14 +333,14 @@ } p += len; if ((tag == V_ASN1_EOC) && (xclass == 0)) { - ret = 2; /* End of sequence */ + ret = 2; /* End of sequence */ goto end; } } length -= len; } ret = 1; - end: +end: ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); ASN1_INTEGER_free(ai); --- crypto/openssl/crypto/asn1/asn_mime.c.orig +++ crypto/openssl/crypto/asn1/asn_mime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,18 +30,18 @@ */ struct mime_param_st { - char *param_name; /* Param name e.g. "micalg" */ - char *param_value; /* Param value e.g. "sha1" */ + char *param_name; /* Param name e.g. "micalg" */ + char *param_value; /* Param value e.g. "sha1" */ }; struct mime_header_st { - char *name; /* Name of line e.g. "content-type" */ - char *value; /* Value of line e.g. "text/plain" */ + char *name; /* Name of line e.g. "content-type" */ + char *value; /* Value of line e.g. "text/plain" */ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ }; static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it); + const ASN1_ITEM *it); static char *strip_ends(char *name); static char *strip_start(char *name); static char *strip_end(char *name); @@ -49,9 +49,9 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value); static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); static int mime_hdr_cmp(const MIME_HEADER *const *a, - const MIME_HEADER *const *b); + const MIME_HEADER *const *b); static int mime_param_cmp(const MIME_PARAM *const *a, - const MIME_PARAM *const *b); + const MIME_PARAM *const *b); static void mime_param_free(MIME_PARAM *param); static int mime_bound_check(char *line, int linelen, const char *bound, int blen); static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **ret); @@ -61,13 +61,13 @@ static void mime_hdr_free(MIME_HEADER *hdr); #define MAX_SMLEN 1024 -#define mime_debug(x) /* x */ +#define mime_debug(x) /* x */ /* Output an ASN1 structure in BER format streaming if necessary */ /* unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() */ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { int rv = 1; @@ -96,14 +96,14 @@ * internally */ else - ASN1_item_i2d_bio(it, out, val); + rv = ASN1_item_i2d_bio(it, out, val); return rv; } /* Base 64 read and write of ASN1 structure */ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { BIO *b64; int r; @@ -126,7 +126,7 @@ /* Streaming ASN1 PEM write */ int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const char *hdr, const ASN1_ITEM *it) + const char *hdr, const ASN1_ITEM *it) { int r; BIO_printf(out, "-----BEGIN %s-----\n", hdr); @@ -136,7 +136,7 @@ } static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it, ASN1_VALUE **x, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { BIO *b64; ASN1_VALUE *val; @@ -168,6 +168,19 @@ BIO_write(out, ",", 1); write_comma = 1; md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); + + /* RFC 8702 does not define a micalg for SHAKE, assuming "shake-" */ + if (md_nid == NID_shake128) { + if (BIO_puts(out, "shake-128") < 0) + goto err; + continue; + } + if (md_nid == NID_shake256) { + if (BIO_puts(out, "shake-256") < 0) + goto err; + continue; + } + md = EVP_get_digestbynid(md_nid); if (md && md->md_ctrl) { int rv; @@ -204,15 +217,15 @@ case NID_id_GostR3411_94: BIO_puts(out, "gostr3411-94"); - goto err; + break; case NID_id_GostR3411_2012_256: BIO_puts(out, "gostr3411-2012-256"); - goto err; + break; case NID_id_GostR3411_2012_512: BIO_puts(out, "gostr3411-2012-512"); - goto err; + break; default: if (have_unknown) { @@ -222,23 +235,21 @@ have_unknown = 1; } break; - } } ret = 1; - err: +err: return ret; - } /* SMIME sender */ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq) + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq) { char bound[33], c; int i; @@ -272,11 +283,12 @@ BIO_printf(bio, "Content-Type: multipart/signed;"); BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); BIO_puts(bio, " micalg=\""); - asn1_write_micalg(bio, mdalgs); + if (!asn1_write_micalg(bio, mdalgs)) + return 0; BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", - bound, mime_eol, mime_eol); + bound, mime_eol, mime_eol); BIO_printf(bio, "This is an S/MIME signed message%s%s", - mime_eol, mime_eol); + mime_eol, mime_eol); /* Now write out the first part */ BIO_printf(bio, "------%s%s", bound, mime_eol); if (!asn1_output_data(bio, data, val, flags, it)) @@ -292,7 +304,7 @@ BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol); B64_write_ASN1(bio, val, NULL, 0, it); BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound, - mime_eol, mime_eol); + mime_eol, mime_eol); return 1; } @@ -322,7 +334,7 @@ BIO_printf(bio, " smime-type=%s;", msg_type); BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", - mime_eol, mime_eol); + mime_eol, mime_eol); if (!B64_write_ASN1(bio, val, data, flags, it)) return 0; BIO_printf(bio, "%s", mime_eol); @@ -330,18 +342,18 @@ } int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it) + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it) { return SMIME_write_ASN1_ex(bio, val, data, flags, ctype_nid, econt_nid, - mdalgs, it, NULL, NULL); + mdalgs, it, NULL, NULL); } /* Handle output of ASN1 data */ /* cannot constify val because of CMS_dataFinal() */ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { BIO *tmpbio; const ASN1_AUX *aux = it->funcs; @@ -387,7 +399,6 @@ } return rv; - } /* @@ -397,8 +408,8 @@ */ ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, - const ASN1_ITEM *it, ASN1_VALUE **x, - OSSL_LIB_CTX *libctx, const char *propq) + const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq) { BIO *asnin; STACK_OF(MIME_HEADER) *headers = NULL; @@ -460,10 +471,9 @@ return NULL; } - if (strcmp(hdr->value, "application/x-pkcs7-signature") && - strcmp(hdr->value, "application/pkcs7-signature")) { + if (strcmp(hdr->value, "application/x-pkcs7-signature") && strcmp(hdr->value, "application/pkcs7-signature")) { ERR_raise_data(ERR_LIB_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE, - "type: %s", hdr->value); + "type: %s", hdr->value); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); sk_BIO_pop_free(parts, BIO_vfree); return NULL; @@ -488,10 +498,9 @@ /* OK, if not multipart/signed try opaque signature */ - if (strcmp(hdr->value, "application/x-pkcs7-mime") && - strcmp(hdr->value, "application/pkcs7-mime")) { + if (strcmp(hdr->value, "application/x-pkcs7-mime") && strcmp(hdr->value, "application/pkcs7-mime")) { ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MIME_TYPE, - "type: %s", hdr->value); + "type: %s", hdr->value); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return NULL; } @@ -590,7 +599,7 @@ } if (strcmp(hdr->value, "text/plain")) { ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MIME_TYPE, - "type: %s", hdr->value); + "type: %s", hdr->value); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return 0; } @@ -656,7 +665,7 @@ #else 1 #endif - || (flags & SMIME_CRLFEOL) != 0) + || (flags & SMIME_CRLFEOL) != 0) BIO_write(bpart, "\r\n", 2); else BIO_write(bpart, "\n", 1); @@ -672,13 +681,13 @@ /* This is the big one: parse MIME header lines up to message body */ -#define MIME_INVALID 0 -#define MIME_START 1 -#define MIME_TYPE 2 -#define MIME_NAME 3 -#define MIME_VALUE 4 -#define MIME_QUOTE 5 -#define MIME_COMMENT 6 +#define MIME_INVALID 0 +#define MIME_START 1 +#define MIME_TYPE 2 +#define MIME_NAME 3 +#define MIME_VALUE 4 +#define MIME_QUOTE 5 +#define MIME_COMMENT 6 static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) { @@ -701,7 +710,7 @@ ntmp = NULL; /* Go through all characters */ for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n'); - p++) { + p++) { /* * State machine to handle MIME headers if this looks horrible @@ -790,12 +799,12 @@ mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); } if (p == linebuf) - break; /* Blank line means end of headers */ + break; /* Blank line means end of headers */ } return headers; - err: +err: mime_hdr_free(new_hdr); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return NULL; @@ -874,7 +883,7 @@ goto err; return mhdr; - err: +err: OPENSSL_free(tmpname); OPENSSL_free(tmpval); OPENSSL_free(mhdr); @@ -907,7 +916,7 @@ if (!sk_MIME_PARAM_push(mhdr->params, mparam)) goto err; return 1; - err: +err: OPENSSL_free(tmpname); OPENSSL_free(tmpval); OPENSSL_free(mparam); @@ -915,7 +924,7 @@ } static int mime_hdr_cmp(const MIME_HEADER *const *a, - const MIME_HEADER *const *b) + const MIME_HEADER *const *b) { if ((*a)->name == NULL || (*b)->name == NULL) return ((*a)->name != NULL) - ((*b)->name != NULL); @@ -924,7 +933,7 @@ } static int mime_param_cmp(const MIME_PARAM *const *a, - const MIME_PARAM *const *b) + const MIME_PARAM *const *b) { if ((*a)->param_name == NULL || (*b)->param_name == NULL) return ((*a)->param_name != NULL) - ((*b)->param_name != NULL); --- crypto/openssl/crypto/asn1/asn_mstbl.c.orig +++ crypto/openssl/crypto/asn1/asn_mstbl.c @@ -96,19 +96,19 @@ goto err; } rv = 1; - err: +err: if (rv == 0) { if (cnf) ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, - "field=%s, value=%s", cnf->name, - cnf->value != NULL ? cnf->value - : value); + "field=%s, value=%s", cnf->name, + cnf->value != NULL ? cnf->value + : value); else ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, - "name=%s, value=%s", name, value); + "name=%s, value=%s", name, value); } else { rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max, - tbl_mask, tbl_flags); + tbl_mask, tbl_flags); if (!rv) ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); } --- crypto/openssl/crypto/asn1/asn_pack.c.orig +++ crypto/openssl/crypto/asn1/asn_pack.c @@ -17,7 +17,7 @@ { ASN1_STRING *octmp; - if (oct == NULL || *oct == NULL) { + if (oct == NULL || *oct == NULL) { if ((octmp = ASN1_STRING_new()) == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; @@ -42,7 +42,7 @@ *oct = octmp; return octmp; - err: +err: if (oct == NULL || *oct == NULL) ASN1_STRING_free(octmp); return NULL; --- crypto/openssl/crypto/asn1/bio_asn1.c.orig +++ crypto/openssl/crypto/asn1/bio_asn1.c @@ -70,11 +70,11 @@ static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size); static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *cleanup, asn1_bio_state_t next); + asn1_ps_func *cleanup, asn1_bio_state_t next); static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *setup, - asn1_bio_state_t ex_state, - asn1_bio_state_t other_state); + asn1_ps_func *setup, + asn1_bio_state_t ex_state, + asn1_bio_state_t other_state); static const BIO_METHOD methods_asn1 = { BIO_TYPE_ASN1, @@ -171,7 +171,7 @@ /* Setup prefix data, call it */ case ASN1_STATE_START: if (!asn1_bio_setup_ex(b, ctx, ctx->prefix, - ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER)) + ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER)) return -1; break; @@ -179,7 +179,7 @@ case ASN1_STATE_PRE_COPY: ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free, - ASN1_STATE_HEADER); + ASN1_STATE_HEADER); if (ret <= 0) goto done; @@ -238,21 +238,18 @@ case ASN1_STATE_DONE: BIO_clear_retry_flags(b); return 0; - } - } - done: +done: BIO_clear_retry_flags(b); BIO_copy_next_retry(b); return (wrlen > 0) ? wrlen : ret; - } static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *cleanup, asn1_bio_state_t next) + asn1_ps_func *cleanup, asn1_bio_state_t next) { int ret; @@ -277,9 +274,9 @@ } static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *setup, - asn1_bio_state_t ex_state, - asn1_bio_state_t other_state) + asn1_ps_func *setup, + asn1_bio_state_t ex_state, + asn1_bio_state_t other_state) { if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg)) { BIO_clear_retry_flags(b); @@ -373,13 +370,13 @@ /* Call post function if possible */ if (ctx->state == ASN1_STATE_HEADER) { if (!asn1_bio_setup_ex(b, ctx, ctx->suffix, - ASN1_STATE_POST_COPY, ASN1_STATE_DONE)) + ASN1_STATE_POST_COPY, ASN1_STATE_DONE)) return 0; } if (ctx->state == ASN1_STATE_POST_COPY) { ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free, - ASN1_STATE_DONE); + ASN1_STATE_DONE); if (ret <= 0) return ret; } @@ -395,14 +392,13 @@ if (next == NULL) return 0; return BIO_ctrl(next, cmd, arg1, arg2); - } return ret; } static int asn1_bio_set_ex(BIO *b, int cmd, - asn1_ps_func *ex_func, asn1_ps_func *ex_free_func) + asn1_ps_func *ex_func, asn1_ps_func *ex_free_func) { BIO_ASN1_EX_FUNCS extmp; extmp.ex_func = ex_func; @@ -411,8 +407,8 @@ } static int asn1_bio_get_ex(BIO *b, int cmd, - asn1_ps_func **ex_func, - asn1_ps_func **ex_free_func) + asn1_ps_func **ex_func, + asn1_ps_func **ex_free_func) { BIO_ASN1_EX_FUNCS extmp; int ret; @@ -425,25 +421,25 @@ } int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, - asn1_ps_func *prefix_free) + asn1_ps_func *prefix_free) { return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free); } int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, - asn1_ps_func **pprefix_free) + asn1_ps_func **pprefix_free) { return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free); } int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, - asn1_ps_func *suffix_free) + asn1_ps_func *suffix_free) { return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free); } int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, - asn1_ps_func **psuffix_free) + asn1_ps_func **psuffix_free) { return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free); } --- crypto/openssl/crypto/asn1/bio_ndef.c.orig +++ crypto/openssl/crypto/asn1/bio_ndef.c @@ -44,10 +44,10 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg); static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, - void *parg); + void *parg); static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg); static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, - void *parg); + void *parg); /* * On success, the returned BIO owns the input BIO as part of its BIO chain. @@ -79,8 +79,8 @@ pop_bio = asn_bio; if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0 - || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0 - || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0) + || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0 + || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0) goto err; /* @@ -118,7 +118,7 @@ return sarg.ndef_bio; - err: +err: /* BIO_pop() is NULL safe */ (void)BIO_pop(pop_bio); BIO_free(asn_bio); @@ -158,7 +158,7 @@ } static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, - void *parg) + void *parg) { NDEF_SUPPORT *ndef_aux; @@ -179,7 +179,7 @@ } static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, - void *parg) + void *parg) { NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg; if (!ndef_prefix_free(b, pbuf, plen, parg)) @@ -209,7 +209,8 @@ sarg.out = ndef_aux->out; sarg.boundary = ndef_aux->boundary; if (aux->asn1_cb(ASN1_OP_STREAM_POST, - &ndef_aux->val, ndef_aux->it, &sarg) <= 0) + &ndef_aux->val, ndef_aux->it, &sarg) + <= 0) return 0; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); --- crypto/openssl/crypto/asn1/d2i_param.c.orig +++ crypto/openssl/crypto/asn1/d2i_param.c @@ -16,7 +16,7 @@ #include "crypto/evp.h" EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, - long length) + long length) { EVP_PKEY *ret = NULL; --- crypto/openssl/crypto/asn1/d2i_pr.c.orig +++ crypto/openssl/crypto/asn1/d2i_pr.c @@ -25,7 +25,7 @@ static EVP_PKEY * d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, const char *propq) + long length, OSSL_LIB_CTX *libctx, const char *propq) { OSSL_DECODER_CTX *dctx = NULL; size_t len = length; @@ -41,14 +41,14 @@ return NULL; } - for (i = 0; i < (int)OSSL_NELEM(input_structures); ++i) { + for (i = 0; i < (int)OSSL_NELEM(input_structures); ++i) { const unsigned char *p = *pp; if (a != NULL && (bak_a = *a) != NULL) ppkey = a; dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", - input_structures[i], key_name, - EVP_PKEY_KEYPAIR, libctx, propq); + input_structures[i], key_name, + EVP_PKEY_KEYPAIR, libctx, propq); if (a != NULL) *a = bak_a; if (dctx == NULL) @@ -76,7 +76,7 @@ EVP_PKEY * ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, const char *propq) + long length, OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *ret; const unsigned char *p = *pp; @@ -100,10 +100,9 @@ } ERR_set_mark(); - if (!ret->ameth->old_priv_decode || - !ret->ameth->old_priv_decode(ret, &p, length)) { + if (!ret->ameth->old_priv_decode || !ret->ameth->old_priv_decode(ret, &p, length)) { if (ret->ameth->priv_decode != NULL - || ret->ameth->priv_decode_ex != NULL) { + || ret->ameth->priv_decode_ex != NULL) { EVP_PKEY *tmp; PKCS8_PRIV_KEY_INFO *p8 = NULL; p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); @@ -128,21 +127,21 @@ goto err; } } else { - ERR_clear_last_mark(); + ERR_clear_last_mark(); } *pp = p; if (a != NULL) *a = ret; return ret; - err: +err: if (a == NULL || *a != ret) EVP_PKEY_free(ret); return NULL; } EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, - const char *propq) + long length, OSSL_LIB_CTX *libctx, + const char *propq) { EVP_PKEY *ret; @@ -154,16 +153,16 @@ } EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length) + long length) { return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL); } static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a, - const unsigned char **pp, - long length, - OSSL_LIB_CTX *libctx, - const char *propq) + const unsigned char **pp, + long length, + OSSL_LIB_CTX *libctx, + const char *propq) { STACK_OF(ASN1_TYPE) *inkey; const unsigned char *p; @@ -186,7 +185,7 @@ } else if (sk_ASN1_TYPE_num(inkey) == 4) { keytype = EVP_PKEY_EC; } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not - * traditional format */ + * traditional format */ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); EVP_PKEY *ret; @@ -216,8 +215,8 @@ * EVP_PKEY_NONE, which then figures out the type during decoding. */ EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, - const char *propq) + long length, OSSL_LIB_CTX *libctx, + const char *propq) { EVP_PKEY *ret; @@ -229,7 +228,7 @@ } EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, - long length) + long length) { return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL); } --- crypto/openssl/crypto/asn1/d2i_pu.c.orig +++ crypto/openssl/crypto/asn1/d2i_pu.c @@ -26,7 +26,7 @@ #include "crypto/evp.h" EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length) + long length) { EVP_PKEY *ret; EVP_PKEY *copy = NULL; @@ -90,7 +90,7 @@ (*a) = ret; EVP_PKEY_free(copy); return ret; - err: +err: if (a == NULL || *a != ret) EVP_PKEY_free(ret); EVP_PKEY_free(copy); --- crypto/openssl/crypto/asn1/evp_asn1.c.orig +++ crypto/openssl/crypto/asn1/evp_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -52,7 +52,7 @@ } static ossl_inline void asn1_type_init_oct(ASN1_OCTET_STRING *oct, - unsigned char *data, int len) + unsigned char *data, int len) { oct->data = data; oct->type = V_ASN1_OCTET_STRING; @@ -67,7 +67,7 @@ * whether all the data was copied. */ static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum, - long *num, unsigned char *data, int max_len) + long *num, unsigned char *data, int max_len) { int ret = ASN1_STRING_length(oct), n; @@ -91,14 +91,14 @@ } asn1_int_oct; ASN1_SEQUENCE(asn1_int_oct) = { - ASN1_EMBED(asn1_int_oct, num, INT32), - ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING) + ASN1_EMBED(asn1_int_oct, num, INT32), + ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(asn1_int_oct) DECLARE_ASN1_ITEM(asn1_int_oct) int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, - int len) + int len) { asn1_int_oct atmp; ASN1_OCTET_STRING oct; @@ -120,7 +120,7 @@ * whether all the data was copied. */ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len) + unsigned char *data, int max_len) { asn1_int_oct *atmp = NULL; int ret = -1; @@ -137,7 +137,7 @@ ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len); if (ret == -1) { - err: + err: ERR_raise(ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG); } M_ASN1_free_of(atmp, asn1_int_oct); @@ -154,14 +154,14 @@ * Section 2. "Content-Authenticated Encryption Algorithms" */ ASN1_SEQUENCE(asn1_oct_int) = { - ASN1_SIMPLE(asn1_oct_int, oct, ASN1_OCTET_STRING), - ASN1_EMBED(asn1_oct_int, num, INT32) + ASN1_SIMPLE(asn1_oct_int, oct, ASN1_OCTET_STRING), + ASN1_EMBED(asn1_oct_int, num, INT32) } static_ASN1_SEQUENCE_END(asn1_oct_int) DECLARE_ASN1_ITEM(asn1_oct_int) int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, - unsigned char *data, int len) + unsigned char *data, int len) { asn1_oct_int atmp; ASN1_OCTET_STRING oct; @@ -183,7 +183,7 @@ * whether all the data was copied. */ int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len) + unsigned char *data, int max_len) { asn1_oct_int *atmp = NULL; int ret = -1; @@ -199,7 +199,7 @@ ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len); if (ret == -1) { - err: + err: ERR_raise(ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG); } M_ASN1_free_of(atmp, asn1_oct_int); --- crypto/openssl/crypto/asn1/f_int.c.orig +++ crypto/openssl/crypto/asn1/f_int.c @@ -47,7 +47,7 @@ } } return n; - err: +err: return -1; } @@ -76,8 +76,7 @@ again = (buf[i - 1] == '\\'); for (j = 0; j < i; j++) { - if (!ossl_isxdigit(buf[j])) - { + if (!ossl_isxdigit(buf[j])) { i = j; break; } @@ -135,7 +134,7 @@ bs->length = num; bs->data = s; return 1; - err: +err: ERR_raise(ERR_LIB_ASN1, ASN1_R_SHORT_LINE); OPENSSL_free(s); return 0; --- crypto/openssl/crypto/asn1/f_string.c.orig +++ crypto/openssl/crypto/asn1/f_string.c @@ -41,7 +41,7 @@ } } return n; - err: +err: return -1; } @@ -128,7 +128,7 @@ bs->data = s; return 1; - err: +err: ERR_raise(ERR_LIB_ASN1, ASN1_R_SHORT_LINE); OPENSSL_free(s); return 0; --- crypto/openssl/crypto/asn1/i2d_evp.c.orig +++ crypto/openssl/crypto/asn1/i2d_evp.c @@ -19,9 +19,9 @@ #include #include #include -#include /* For i2d_RSAPublicKey */ -#include /* For i2d_DSAPublicKey */ -#include /* For i2o_ECPublicKey */ +#include /* For i2d_RSAPublicKey */ +#include /* For i2d_DSAPublicKey */ +#include /* For i2o_ECPublicKey */ #include "crypto/asn1.h" #include "crypto/evp.h" @@ -31,15 +31,15 @@ }; static int i2d_provided(const EVP_PKEY *a, int selection, - const struct type_and_structure_st *output_info, - unsigned char **pp) + const struct type_and_structure_st *output_info, + unsigned char **pp) { OSSL_ENCODER_CTX *ctx = NULL; int ret; for (ret = -1; - ret == -1 && output_info->output_type != NULL; - output_info++) { + ret == -1 && output_info->output_type != NULL; + output_info++) { /* * The i2d_ calls don't take a boundary length for *pp. However, * OSSL_ENCODER_to_data() needs one, so we make one up. Because @@ -51,9 +51,9 @@ int pp_was_NULL = (pp == NULL || *pp == NULL); ctx = OSSL_ENCODER_CTX_new_for_pkey(a, selection, - output_info->output_type, - output_info->output_structure, - NULL); + output_info->output_type, + output_info->output_structure, + NULL); if (ctx == NULL) return -1; if (OSSL_ENCODER_to_data(ctx, pp, &len)) { @@ -76,7 +76,9 @@ if (evp_pkey_is_provided(a)) { static const struct type_and_structure_st output_info[] = { { "DER", "type-specific" }, - { NULL, } + { + NULL, + } }; return i2d_provided(a, EVP_PKEY_KEY_PARAMETERS, output_info, pp); @@ -98,7 +100,9 @@ static const struct type_and_structure_st output_info[] = { { "DER", "type-specific" }, { "DER", "PrivateKeyInfo" }, - { NULL, } + { + NULL, + } }; return i2d_provided(a, EVP_PKEY_KEYPAIR, output_info, pp); @@ -125,8 +129,10 @@ if (evp_pkey_is_provided(a)) { static const struct type_and_structure_st output_info[] = { { "DER", "type-specific" }, - { "blob", NULL }, /* for EC */ - { NULL, } + { "blob", NULL }, /* for EC */ + { + NULL, + } }; return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp); --- crypto/openssl/crypto/asn1/n_pkey.c.orig +++ crypto/openssl/crypto/asn1/n_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,11 +16,11 @@ #include #include -#define ASN1_BROKEN_SEQUENCE(tname) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ - ASN1_SEQUENCE(tname) +#define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0 }; \ + ASN1_SEQUENCE(tname) #define static_ASN1_BROKEN_SEQUENCE_END(stname) \ - static_ASN1_SEQUENCE_END_ref(stname, stname) + static_ASN1_SEQUENCE_END_ref(stname, stname) typedef struct netscape_pkey_st { int32_t version; @@ -37,20 +37,19 @@ X509_SIG *enckey; } NETSCAPE_ENCRYPTED_PKEY; - ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) + ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), + ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) } static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) -DECLARE_ASN1_FUNCTIONS(NETSCAPE_ENCRYPTED_PKEY) + DECLARE_ASN1_FUNCTIONS(NETSCAPE_ENCRYPTED_PKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY) IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_ENCRYPTED_PKEY) ASN1_SEQUENCE(NETSCAPE_PKEY) = { - ASN1_EMBED(NETSCAPE_PKEY, version, INT32), - ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) + ASN1_EMBED(NETSCAPE_PKEY, version, INT32), + ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), + ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY) --- crypto/openssl/crypto/asn1/nsseq.c.orig +++ crypto/openssl/crypto/asn1/nsseq.c @@ -14,7 +14,7 @@ #include static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { if (operation == ASN1_OP_NEW_POST) { NETSCAPE_CERT_SEQUENCE *nsseq; @@ -27,8 +27,8 @@ /* Netscape certificate sequence structure */ ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = { - ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), - ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) + ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), + ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) } ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) --- crypto/openssl/crypto/asn1/p5_pbe.c.orig +++ crypto/openssl/crypto/asn1/p5_pbe.c @@ -16,8 +16,8 @@ /* PKCS#5 password based encryption structure */ ASN1_SEQUENCE(PBEPARAM) = { - ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), - ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) + ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), + ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) } ASN1_SEQUENCE_END(PBEPARAM) IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) @@ -25,8 +25,8 @@ /* Set an algorithm identifier for a PKCS#5 PBE algorithm */ int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen, - OSSL_LIB_CTX *ctx) + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *ctx) { PBEPARAM *pbe = NULL; ASN1_STRING *pbe_str = NULL; @@ -72,7 +72,7 @@ if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) return 1; - err: +err: OPENSSL_free(sstr); PBEPARAM_free(pbe); ASN1_STRING_free(pbe_str); @@ -80,7 +80,7 @@ } int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen) + const unsigned char *salt, int saltlen) { return PKCS5_pbe_set0_algor_ex(algor, alg, iter, salt, saltlen, NULL); } @@ -88,8 +88,8 @@ /* Return an algorithm identifier for a PKCS#5 PBE algorithm */ X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, - const unsigned char *salt, int saltlen, - OSSL_LIB_CTX *ctx) + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *ctx) { X509_ALGOR *ret; ret = X509_ALGOR_new(); @@ -106,8 +106,7 @@ } X509_ALGOR *PKCS5_pbe_set(int alg, int iter, - const unsigned char *salt, int saltlen) + const unsigned char *salt, int saltlen) { return PKCS5_pbe_set_ex(alg, iter, salt, saltlen, NULL); } - --- crypto/openssl/crypto/asn1/p5_pbev2.c.orig +++ crypto/openssl/crypto/asn1/p5_pbev2.c @@ -18,17 +18,17 @@ /* PKCS#5 v2.0 password based encryption structures */ ASN1_SEQUENCE(PBE2PARAM) = { - ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), - ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) + ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), + ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) } ASN1_SEQUENCE_END(PBE2PARAM) IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) ASN1_SEQUENCE(PBKDF2PARAM) = { - ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), - ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), - ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), - ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) + ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), + ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), + ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), + ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) } ASN1_SEQUENCE_END(PBKDF2PARAM) IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) @@ -40,9 +40,9 @@ */ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid, - OSSL_LIB_CTX *libctx) + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid, + OSSL_LIB_CTX *libctx) { X509_ALGOR *scheme = NULL, *ret = NULL; int alg_nid, keylen, ivlen; @@ -90,8 +90,7 @@ * here: just means use default PRF. */ ERR_set_mark(); - if ((prf_nid == -1) && - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { + if ((prf_nid == -1) && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { prf_nid = NID_hmacWithSHA256; } ERR_pop_to_mark(); @@ -110,7 +109,7 @@ X509_ALGOR_free(pbe2->keyfunc); pbe2->keyfunc = PKCS5_pbkdf2_set_ex(iter, salt, saltlen, prf_nid, keylen, - libctx); + libctx); if (pbe2->keyfunc == NULL) goto merr; @@ -125,18 +124,18 @@ /* Encode PBE2PARAM into parameter */ if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, - &ret->parameter)) - goto merr; + &ret->parameter)) + goto merr; PBE2PARAM_free(pbe2); pbe2 = NULL; return ret; - merr: +merr: ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - err: +err: EVP_CIPHER_CTX_free(ctx); PBE2PARAM_free(pbe2); /* Note 'scheme' is freed as part of pbe2 */ @@ -146,24 +145,23 @@ } X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid) + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid) { return PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, aiv, prf_nid, - NULL); + NULL); } X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen) + unsigned char *salt, int saltlen) { return PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1, - NULL); + NULL); } - X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen, - OSSL_LIB_CTX *libctx) + int prf_nid, int keylen, + OSSL_LIB_CTX *libctx) { X509_ALGOR *keyfunc = NULL; PBKDF2PARAM *kdf = NULL; @@ -225,13 +223,13 @@ /* Encode PBKDF2PARAM into parameter of pbe2 */ if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf, - &keyfunc->parameter)) - goto merr; + &keyfunc->parameter)) + goto merr; PBKDF2PARAM_free(kdf); return keyfunc; - merr: +merr: ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); PBKDF2PARAM_free(kdf); X509_ALGOR_free(keyfunc); @@ -239,8 +237,7 @@ } X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen) + int prf_nid, int keylen) { return PKCS5_pbkdf2_set_ex(iter, salt, saltlen, prf_nid, keylen, NULL); } - --- crypto/openssl/crypto/asn1/p5_scrypt.c.orig +++ crypto/openssl/crypto/asn1/p5_scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,30 +21,30 @@ /* PKCS#5 scrypt password based encryption structures */ ASN1_SEQUENCE(SCRYPT_PARAMS) = { - ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING), - ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER), - ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER), - ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER), - ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER), + ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING), + ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER), + ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER), + ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER), + ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER), } ASN1_SEQUENCE_END(SCRYPT_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS) static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, - size_t keylen, uint64_t N, uint64_t r, - uint64_t p); + size_t keylen, uint64_t N, uint64_t r, + uint64_t p); /* * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt */ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, - const unsigned char *salt, int saltlen, - unsigned char *aiv, uint64_t N, uint64_t r, - uint64_t p) + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p) { X509_ALGOR *scheme = NULL, *ret = NULL; - int alg_nid; + int alg_nid, ivlen; size_t keylen = 0; EVP_CIPHER_CTX *ctx = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; @@ -79,10 +79,11 @@ goto merr; /* Create random IV */ - if (EVP_CIPHER_get_iv_length(cipher)) { + ivlen = EVP_CIPHER_get_iv_length(cipher); + if (ivlen > 0) { if (aiv) - memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher)); - else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0) + memcpy(iv, aiv, ivlen); + else if (RAND_bytes(iv, ivlen) <= 0) goto err; } @@ -125,7 +126,8 @@ /* Encode PBE2PARAM into parameter */ if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, - &ret->parameter) == NULL) + &ret->parameter) + == NULL) goto merr; PBE2PARAM_free(pbe2); @@ -133,10 +135,10 @@ return ret; - merr: +merr: ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - err: +err: PBE2PARAM_free(pbe2); X509_ALGOR_free(ret); EVP_CIPHER_CTX_free(ctx); @@ -145,8 +147,8 @@ } static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, - size_t keylen, uint64_t N, uint64_t r, - uint64_t p) + size_t keylen, uint64_t N, uint64_t r, + uint64_t p) { X509_ALGOR *keyfunc = NULL; SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new(); @@ -194,24 +196,25 @@ /* Encode SCRYPT_PARAMS into parameter of pbe2 */ if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam, - &keyfunc->parameter) == NULL) + &keyfunc->parameter) + == NULL) goto merr; SCRYPT_PARAMS_free(sparam); return keyfunc; - merr: +merr: ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - err: +err: SCRYPT_PARAMS_free(sparam); X509_ALGOR_free(keyfunc); return NULL; } int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; uint64_t p, r, N; @@ -256,7 +259,8 @@ || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0 || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0 || EVP_PBE_scrypt_ex(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0, - libctx, propq) == 0) { + libctx, propq) + == 0) { ERR_raise(ERR_LIB_EVP, EVP_R_ILLEGAL_SCRYPT_PARAMETERS); goto err; } @@ -266,10 +270,11 @@ salt = sparam->salt->data; saltlen = sparam->salt->length; if (EVP_PBE_scrypt_ex(pass, passlen, salt, saltlen, N, r, p, 0, key, - keylen, libctx, propq) == 0) + keylen, libctx, propq) + == 0) goto err; rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - err: +err: if (keylen) OPENSSL_cleanse(key, keylen); SCRYPT_PARAMS_free(sparam); @@ -277,8 +282,8 @@ } int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de) + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de) { return PKCS5_v2_scrypt_keyivgen_ex(ctx, pass, passlen, param, c, md, en_de, NULL, NULL); } --- crypto/openssl/crypto/asn1/p8_pkey.c.orig +++ crypto/openssl/crypto/asn1/p8_pkey.c @@ -15,7 +15,7 @@ /* Minor tweak to operation: zero private key data */ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if (operation == ASN1_OP_FREE_PRE) { @@ -27,17 +27,17 @@ } ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) + ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), + ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, - int version, - int ptype, void *pval, unsigned char *penc, int penclen) + int version, + int ptype, void *pval, unsigned char *penc, int penclen) { if (version >= 0) { if (!ASN1_INTEGER_set(priv->version, version)) @@ -51,8 +51,8 @@ } int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8) + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8) { if (ppkalg) *ppkalg = p8->pkeyalg->algorithm; @@ -72,7 +72,7 @@ } int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, - const unsigned char *bytes, int len) + const unsigned char *bytes, int len) { if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, len) != NULL) return 1; @@ -80,7 +80,7 @@ } int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) + const unsigned char *bytes, int len) { return (X509at_add1_attr_by_OBJ(&p8->attributes, obj, type, bytes, len) != NULL); } --- crypto/openssl/crypto/asn1/standard_methods.h.orig +++ crypto/openssl/crypto/asn1/standard_methods.h @@ -44,4 +44,3 @@ &ossl_sm2_asn1_meth, #endif }; - --- crypto/openssl/crypto/asn1/t_bitst.c.orig +++ crypto/openssl/crypto/asn1/t_bitst.c @@ -13,7 +13,7 @@ #include int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent) + BIT_STRING_BITNAME *tbl, int indent) { BIT_STRING_BITNAME *bnam; char first = 1; @@ -31,7 +31,7 @@ } int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, - BIT_STRING_BITNAME *tbl) + BIT_STRING_BITNAME *tbl) { int bitnum; bitnum = ASN1_BIT_STRING_num_asc(name, tbl); --- crypto/openssl/crypto/asn1/t_pkey.c.orig +++ crypto/openssl/crypto/asn1/t_pkey.c @@ -14,7 +14,7 @@ #include "crypto/bn.h" /* Number of octets per line */ -#define ASN1_BUF_PRINT_WIDTH 15 +#define ASN1_BUF_PRINT_WIDTH 15 /* Maximum indent */ #define ASN1_PRINT_MAX_INDENT 128 @@ -34,8 +34,9 @@ * this function is used to print out key components. */ if (BIO_printf(bp, "%02x%s", buf[i], - (i == buflen - 1) ? "" : ":") <= 0) - return 0; + (i == buflen - 1) ? "" : ":") + <= 0) + return 0; } if (BIO_write(bp, "\n", 1) <= 0) return 0; @@ -43,7 +44,7 @@ } int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, - unsigned char *ign, int indent) + unsigned char *ign, int indent) { int n, rv = 0; const char *neg; @@ -63,8 +64,9 @@ if (BN_num_bytes(num) <= BN_BYTES) { if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg, - (unsigned long)bn_get_words(num)[0], neg, - (unsigned long)bn_get_words(num)[0]) <= 0) + (unsigned long)bn_get_words(num)[0], neg, + (unsigned long)bn_get_words(num)[0]) + <= 0) return 0; return 1; } @@ -75,7 +77,8 @@ goto err; buf[0] = 0; if (BIO_printf(bp, "%s%s\n", number, - (neg[0] == '-') ? " (Negative)" : "") <= 0) + (neg[0] == '-') ? " (Negative)" : "") + <= 0) goto err; n = BN_bn2bin(num, buf + 1); @@ -87,7 +90,7 @@ if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0) goto err; rv = 1; - err: +err: OPENSSL_clear_free(buf, buflen); return rv; } --- crypto/openssl/crypto/asn1/t_spki.c.orig +++ crypto/openssl/crypto/asn1/t_spki.c @@ -28,7 +28,7 @@ X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey); i = OBJ_obj2nid(spkioid); BIO_printf(out, " Public Key Algorithm: %s\n", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); pkey = X509_PUBKEY_get(spki->spkac->pubkey); if (pkey == NULL) BIO_printf(out, " Unable to load public key\n"); @@ -41,7 +41,7 @@ BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); i = OBJ_obj2nid(spki->sig_algor.algorithm); BIO_printf(out, " Signature Algorithm: %s", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); n = spki->signature->length; s = (char *)spki->signature->data; @@ -49,7 +49,7 @@ if ((i % 18) == 0) BIO_write(out, "\n ", 7); BIO_printf(out, "%02x%s", (unsigned char)s[i], - ((i + 1) == n) ? "" : ":"); + ((i + 1) == n) ? "" : ":"); } BIO_write(out, "\n", 1); return 1; --- crypto/openssl/crypto/asn1/tasn_dec.c.orig +++ crypto/openssl/crypto/asn1/tasn_dec.c @@ -14,6 +14,7 @@ #include #include #include +#include "crypto/asn1.h" #include "internal/numbers.h" #include "asn1_local.h" @@ -25,63 +26,80 @@ */ #define ASN1_MAX_CONSTRUCTED_NEST 30 -static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth, OSSL_LIB_CTX *libctx, - const char *propq); - static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, - char inf, int tag, int aclass, int depth); + char inf, int tag, int aclass, int depth); static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, - char *inf, char *cst, - const unsigned char **in, long len, - int exptag, int expclass, char opt, ASN1_TLC *ctx); + char *inf, char *cst, + const unsigned char **in, long len, + int exptag, int expclass, char opt, ASN1_TLC *ctx); static int asn1_template_ex_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth, OSSL_LIB_CTX *libctx, - const char *propq); + const unsigned char **in, long len, + const ASN1_TEMPLATE *tt, char opt, + ASN1_TLC *ctx, int depth, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_template_noexp_d2i(ASN1_VALUE **val, - const unsigned char **in, long len, - const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth, - OSSL_LIB_CTX *libctx, const char *propq); + const unsigned char **in, long len, + const ASN1_TEMPLATE *tt, char opt, + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, - ASN1_TLC *ctx); + const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, + ASN1_TLC *ctx); static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); + int utype, char *free_cont, const ASN1_ITEM *it); /* Table to convert tags to bit values, used for MSTRING type */ static const unsigned long tag2bit[32] = { /* tags 0 - 3 */ - 0, 0, 0, B_ASN1_BIT_STRING, + 0, + 0, + 0, + B_ASN1_BIT_STRING, /* tags 4- 7 */ - B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN, + B_ASN1_OCTET_STRING, + 0, + 0, + B_ASN1_UNKNOWN, /* tags 8-11 */ - B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, 0, B_ASN1_UNKNOWN, + B_ASN1_UNKNOWN, + B_ASN1_UNKNOWN, + 0, + B_ASN1_UNKNOWN, /* tags 12-15 */ - B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, + B_ASN1_UTF8STRING, + B_ASN1_UNKNOWN, + B_ASN1_UNKNOWN, + B_ASN1_UNKNOWN, /* tags 16-19 */ - B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING, + B_ASN1_SEQUENCE, + 0, + B_ASN1_NUMERICSTRING, + B_ASN1_PRINTABLESTRING, /* tags 20-22 */ - B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING, + B_ASN1_T61STRING, + B_ASN1_VIDEOTEXSTRING, + B_ASN1_IA5STRING, /* tags 23-24 */ - B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, + B_ASN1_UTCTIME, + B_ASN1_GENERALIZEDTIME, /* tags 25-27 */ - B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING, + B_ASN1_GRAPHICSTRING, + B_ASN1_ISO64STRING, + B_ASN1_GENERALSTRING, /* tags 28-31 */ - B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN, + B_ASN1_UNIVERSALSTRING, + B_ASN1_UNKNOWN, + B_ASN1_BMPSTRING, + B_ASN1_UNKNOWN, }; unsigned long ASN1_tag2bit(int tag) @@ -93,9 +111,16 @@ /* Macro to initialize and invalidate the cache */ -#define asn1_tlc_clear(c) do { if ((c) != NULL) (c)->valid = 0; } while (0) +#define asn1_tlc_clear(c) \ + do { \ + if ((c) != NULL) \ + (c)->valid = 0; \ + } while (0) /* Version to avoid compiler warning about 'c' always non-NULL */ -#define asn1_tlc_clear_nc(c) do {(c)->valid = 0; } while (0) +#define asn1_tlc_clear_nc(c) \ + do { \ + (c)->valid = 0; \ + } while (0) /* * Decode an ASN1 item, this currently behaves just like a standard 'd2i' @@ -105,9 +130,9 @@ */ static int asn1_item_ex_d2i_intern(ASN1_VALUE **pval, const unsigned char **in, - long len, const ASN1_ITEM *it, int tag, - int aclass, char opt, ASN1_TLC *ctx, - OSSL_LIB_CTX *libctx, const char *propq) + long len, const ASN1_ITEM *it, int tag, + int aclass, char opt, ASN1_TLC *ctx, + OSSL_LIB_CTX *libctx, const char *propq) { int rv; @@ -116,24 +141,24 @@ return 0; } rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0, - libctx, propq); + libctx, propq); if (rv <= 0) ASN1_item_ex_free(pval, it); return rv; } int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) { return asn1_item_ex_d2i_intern(pval, in, len, it, tag, aclass, opt, ctx, - NULL, NULL); + NULL, NULL); } ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, - const char *propq) + const unsigned char **in, long len, + const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq) { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; @@ -142,14 +167,15 @@ pval = &ptmpval; asn1_tlc_clear_nc(&c); if (asn1_item_ex_d2i_intern(pval, in, len, it, -1, 0, 0, &c, libctx, - propq) > 0) + propq) + > 0) return *pval; return NULL; } ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it) + const unsigned char **in, long len, + const ASN1_ITEM *it) { return ASN1_item_d2i_ex(pval, in, len, it, NULL, NULL); } @@ -159,11 +185,11 @@ * tag mismatch return -1 to handle OPTIONAL */ -static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth, OSSL_LIB_CTX *libctx, - const char *propq) +int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx, + int depth, OSSL_LIB_CTX *libctx, + const char *propq) { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_EXTERN_FUNCS *ef; @@ -208,14 +234,14 @@ */ if ((tag != -1) || opt) { ERR_raise(ERR_LIB_ASN1, - ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); + ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); goto err; } return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx, - depth, libctx, propq); + depth, libctx, propq); } return asn1_d2i_ex_primitive(pval, in, len, it, - tag, aclass, opt, ctx); + tag, aclass, opt, ctx); case ASN1_ITYPE_MSTRING: /* @@ -230,7 +256,7 @@ p = *in; /* Just read in tag and class */ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, - &p, len, -1, 0, 1, ctx); + &p, len, -1, 0, 1, ctx); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -260,7 +286,7 @@ ef = it->funcs; if (ef->asn1_ex_d2i_ex != NULL) return ef->asn1_ex_d2i_ex(pval, in, len, it, tag, aclass, opt, ctx, - libctx, propq); + libctx, propq); return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); case ASN1_ITYPE_CHOICE: @@ -296,7 +322,7 @@ * We mark field as OPTIONAL so its absence can be recognised. */ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth, - libctx, propq); + libctx, propq); /* If field not present, try the next one */ if (ret == -1) continue; @@ -344,7 +370,7 @@ } /* Get SEQUENCE length and update len, p */ ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, - &p, len, tag, aclass, opt, ctx); + &p, len, tag, aclass, opt, ctx); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -363,7 +389,7 @@ } if (*pval == NULL - && !ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) { + && !ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -420,7 +446,7 @@ */ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx, - depth, libctx, propq); + depth, libctx, propq); if (!ret) { errtt = seqtt; goto err; @@ -477,12 +503,12 @@ default: return 0; } - auxerr: +auxerr: ERR_raise(ERR_LIB_ASN1, ASN1_R_AUX_ERROR); - err: +err: if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, - ", Type=", it->sname); + ", Type=", it->sname); else ERR_add_error_data(2, "Type=", it->sname); return 0; @@ -494,10 +520,10 @@ */ static int asn1_template_ex_d2i(ASN1_VALUE **val, - const unsigned char **in, long inlen, - const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth, - OSSL_LIB_CTX *libctx, const char *propq) + const unsigned char **in, long inlen, + const ASN1_TEMPLATE *tt, char opt, + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq) { int flags, aclass; int ret; @@ -519,7 +545,7 @@ * where it starts: so read in EXPLICIT header to get the info. */ ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, - &p, inlen, tt->tag, aclass, opt, ctx); + &p, inlen, tt->tag, aclass, opt, ctx); q = p; if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); @@ -532,7 +558,7 @@ } /* We've found the field so it can't be OPTIONAL now */ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth, libctx, - propq); + propq); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -556,20 +582,20 @@ } } else return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth, - libctx, propq); + libctx, propq); *in = p; return 1; - err: +err: return 0; } static int asn1_template_noexp_d2i(ASN1_VALUE **val, - const unsigned char **in, long len, - const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth, - OSSL_LIB_CTX *libctx, const char *propq) + const unsigned char **in, long len, + const ASN1_TEMPLATE *tt, char opt, + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq) { int flags, aclass; int ret; @@ -608,7 +634,7 @@ } /* Get the tag */ ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, - &p, len, sktag, skaclass, opt, ctx); + &p, len, sktag, skaclass, opt, ctx); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -649,8 +675,9 @@ } skfield = NULL; if (asn1_item_embed_d2i(&skfield, &p, len, - ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx, - depth, libctx, propq) <= 0) { + ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx, + depth, libctx, propq) + <= 0) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); /* |skfield| may be partially allocated despite failure. */ ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); @@ -670,8 +697,8 @@ } else if (flags & ASN1_TFLG_IMPTAG) { /* IMPLICIT tagging */ ret = asn1_item_embed_d2i(val, &p, len, - ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, - ctx, depth, libctx, propq); + ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, + ctx, depth, libctx, propq); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -680,7 +707,7 @@ } else { /* Nothing special */ ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx, depth, libctx, propq); + -1, 0, opt, ctx, depth, libctx, propq); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -691,14 +718,14 @@ *in = p; return 1; - err: +err: return 0; } static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, - const unsigned char **in, long inlen, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) + const unsigned char **in, long inlen, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) { int ret = 0, utype; long plen; @@ -710,7 +737,7 @@ if (pval == NULL) { ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL); - return 0; /* Should never happen */ + return 0; /* Should never happen */ } if (it->itype == ASN1_ITYPE_MSTRING) { @@ -732,7 +759,7 @@ } p = *in; ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, - &p, inlen, -1, 0, 0, ctx); + &p, inlen, -1, 0, 0, ctx); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -747,7 +774,7 @@ p = *in; /* Check header */ ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, - &p, inlen, tag, aclass, opt, ctx); + &p, inlen, tag, aclass, opt, ctx); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -820,7 +847,7 @@ *in = p; ret = 1; - err: +err: if (free_cont) OPENSSL_free(buf.data); return ret; @@ -829,7 +856,7 @@ /* Translate ASN1 content octets into a structure */ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) + int utype, char *free_cont, const ASN1_ITEM *it) { ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; @@ -954,7 +981,7 @@ typ->value.ptr = NULL; ret = 1; - err: +err: if (!ret) { ASN1_TYPE_free(typ); if (opval) @@ -998,7 +1025,7 @@ q = p; /* Just read in a header: only care about the length */ if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, - -1, 0, 0, NULL)) { + -1, 0, 0, NULL)) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -1034,11 +1061,11 @@ * recursion is allowed at all. Although zero should be adequate examples * exist that require a value of 1. So 5 should be more than enough. */ -# define ASN1_MAX_STRING_NEST 5 +#define ASN1_MAX_STRING_NEST 5 #endif static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, - char inf, int tag, int aclass, int depth) + char inf, int tag, int aclass, int depth) { const unsigned char *p, *q; long plen; @@ -1069,7 +1096,7 @@ } if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, - len, tag, aclass, 0, NULL)) { + len, tag, aclass, 0, NULL)) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -1133,9 +1160,9 @@ */ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, - char *inf, char *cst, - const unsigned char **in, long len, - int exptag, int expclass, char opt, ASN1_TLC *ctx) + char *inf, char *cst, + const unsigned char **in, long len, + int exptag, int expclass, char opt, ASN1_TLC *ctx) { int i; int ptag, pclass; @@ -1216,7 +1243,7 @@ *in = p; return 1; - err: +err: asn1_tlc_clear(ctx); return 0; } --- crypto/openssl/crypto/asn1/tasn_enc.c.orig +++ crypto/openssl/crypto/asn1/tasn_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,17 +17,17 @@ #include "asn1_local.h" static int asn1_i2d_ex_primitive(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); + const ASN1_ITEM *it, int tag, int aclass); static int asn1_set_seq_out(STACK_OF(const_ASN1_VALUE) *sk, - unsigned char **out, - int skcontlen, const ASN1_ITEM *item, - int do_sort, int iclass); + unsigned char **out, + int skcontlen, const ASN1_ITEM *item, + int do_sort, int iclass); static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_TEMPLATE *tt, int tag, int aclass); + const ASN1_TEMPLATE *tt, int tag, int aclass); static int asn1_item_flags_i2d(const ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it, int flags); + const ASN1_ITEM *it, int flags); static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype, - const ASN1_ITEM *it); + const ASN1_ITEM *it); /* * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use @@ -35,7 +35,7 @@ */ int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); } @@ -53,7 +53,7 @@ */ static int asn1_item_flags_i2d(const ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it, int flags) + const ASN1_ITEM *it, int flags) { if (out != NULL && *out == NULL) { unsigned char *p, *buf; @@ -81,7 +81,7 @@ */ int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) + const ASN1_ITEM *it, int tag, int aclass) { const ASN1_TEMPLATE *tt = NULL; int i, seqcontlen, seqlen, ndef = 1; @@ -94,7 +94,7 @@ if (aux != NULL) { asn1_cb = ((aux->flags & ASN1_AFLG_CONST_CB) != 0) ? aux->asn1_const_cb - : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */ + : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */ } switch (it->itype) { @@ -102,7 +102,7 @@ case ASN1_ITYPE_PRIMITIVE: if (it->templates) return asn1_template_ex_i2d(pval, out, it->templates, - tag, aclass); + tag, aclass); return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); case ASN1_ITYPE_MSTRING: @@ -208,13 +208,12 @@ default: return 0; - } return 0; } static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_TEMPLATE *tt, int tag, int iclass) + const ASN1_TEMPLATE *tt, int tag, int iclass) { const int flags = tt->flags; int i, ret, ttag, tclass, ndef, len; @@ -305,7 +304,7 @@ for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) { skitem = sk_const_ASN1_VALUE_value(sk, i); len = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), - -1, iclass); + -1, iclass); if (len == -1 || (skcontlen > INT_MAX - len)) return -1; if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { @@ -334,7 +333,7 @@ ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); /* And the stuff itself */ asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), - isset, iclass); + isset, iclass); if (ndef == 2) { ASN1_put_eoc(out); if (flags & ASN1_TFLG_EXPTAG) @@ -369,7 +368,7 @@ /* Either normal or IMPLICIT tagging: combine class and flags */ len = ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), - ttag, tclass | iclass); + ttag, tclass | iclass); if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); return -1; @@ -399,9 +398,9 @@ /* Output the content octets of SET OF or SEQUENCE OF */ static int asn1_set_seq_out(STACK_OF(const_ASN1_VALUE) *sk, - unsigned char **out, - int skcontlen, const ASN1_ITEM *item, - int do_sort, int iclass) + unsigned char **out, + int skcontlen, const ASN1_ITEM *item, + int do_sort, int iclass) { int i, ret = 0; const ASN1_VALUE *skitem; @@ -414,7 +413,7 @@ do_sort = 0; else { derlst = OPENSSL_malloc(sk_const_ASN1_VALUE_num(sk) - * sizeof(*derlst)); + * sizeof(*derlst)); if (derlst == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; @@ -466,7 +465,7 @@ } static int asn1_i2d_ex_primitive(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) + const ASN1_ITEM *it, int tag, int aclass) { int len; int utype; @@ -486,8 +485,7 @@ * octets so don't include tag+length. We need to check here because the * call to asn1_ex_i2c() could change utype. */ - if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || - (utype == V_ASN1_OTHER)) + if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) usetag = 0; else usetag = 1; @@ -526,7 +524,7 @@ /* Produce content octets from a structure */ static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { ASN1_BOOLEAN *tbool = NULL; ASN1_STRING *strtmp; @@ -571,6 +569,9 @@ return -1; break; + case V_ASN1_UNDEF: + return -2; + case V_ASN1_NULL: cont = NULL; len = 0; @@ -596,7 +597,7 @@ case V_ASN1_BIT_STRING: return ossl_i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, - cout ? &cout : NULL); + cout ? &cout : NULL); case V_ASN1_INTEGER: case V_ASN1_ENUMERATED: @@ -638,7 +639,6 @@ len = strtmp->length; break; - } if (cout && len) memcpy(cout, cont, len); --- crypto/openssl/crypto/asn1/tasn_new.c.orig +++ crypto/openssl/crypto/asn1/tasn_new.c @@ -16,13 +16,13 @@ #include "asn1_local.h" static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed, OSSL_LIB_CTX *libctx, - const char *propq); + int embed, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed); + int embed); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); @@ -35,7 +35,7 @@ } ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { ASN1_VALUE *ret = NULL; if (asn1_item_embed_new(&ret, it, 0, libctx, propq) > 0) @@ -45,9 +45,8 @@ /* Allocate an ASN1 structure */ - int ossl_asn1_item_ex_new_intern(ASN1_VALUE **pval, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { return asn1_item_embed_new(pval, it, 0, libctx, propq); } @@ -58,7 +57,7 @@ } int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { const ASN1_TEMPLATE *tt = NULL; const ASN1_EXTERN_FUNCS *ef; @@ -157,18 +156,17 @@ } return 1; - memerr2: +memerr2: ossl_asn1_item_embed_free(pval, it, embed); - memerr: +memerr: ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; - auxerr2: +auxerr2: ossl_asn1_item_embed_free(pval, it, embed); - auxerr: +auxerr: ERR_raise(ERR_LIB_ASN1, ASN1_R_AUX_ERROR); return 0; - } static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) @@ -205,7 +203,7 @@ } static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); int embed = tt->flags & ASN1_TFLG_EMBED; @@ -240,7 +238,7 @@ } /* Otherwise pass it back to the item routine */ ret = asn1_item_embed_new(pval, it, embed, libctx, propq); - done: +done: return ret; } @@ -259,7 +257,7 @@ */ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed) + int embed) { ASN1_TYPE *typ; ASN1_STRING *str; --- crypto/openssl/crypto/asn1/tasn_prn.c.orig +++ crypto/openssl/crypto/asn1/tasn_prn.c @@ -26,10 +26,10 @@ static ASN1_PCTX default_pctx = { ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ - 0, /* nm_flags */ - 0, /* cert_flags */ - 0, /* oid_flags */ - 0 /* str_flags */ + 0, /* nm_flags */ + 0, /* cert_flags */ + 0, /* oid_flags */ + 0 /* str_flags */ }; ASN1_PCTX *ASN1_PCTX_new(void) @@ -102,24 +102,24 @@ /* Main print routines */ static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, - const ASN1_ITEM *it, - const char *fname, const char *sname, - int nohdr, const ASN1_PCTX *pctx); + const ASN1_ITEM *it, + const char *fname, const char *sname, + int nohdr, const ASN1_PCTX *pctx); static int asn1_template_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, - const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); + const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); static int asn1_primitive_print(BIO *out, const ASN1_VALUE **fld, - const ASN1_ITEM *it, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx); + const ASN1_ITEM *it, int indent, + const char *fname, const char *sname, + const ASN1_PCTX *pctx); static int asn1_print_fsname(BIO *out, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx); + const char *fname, const char *sname, + const ASN1_PCTX *pctx); int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent, - const ASN1_ITEM *it, const ASN1_PCTX *pctx) + const ASN1_ITEM *it, const ASN1_PCTX *pctx) { const char *sname; if (pctx == NULL) @@ -132,9 +132,9 @@ } static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, - const ASN1_ITEM *it, - const char *fname, const char *sname, - int nohdr, const ASN1_PCTX *pctx) + const ASN1_ITEM *it, + const char *fname, const char *sname, + int nohdr, const ASN1_PCTX *pctx) { const ASN1_TEMPLATE *tt; const ASN1_EXTERN_FUNCS *ef; @@ -148,11 +148,12 @@ parg.indent = indent; parg.pctx = pctx; asn1_cb = ((aux->flags & ASN1_AFLG_CONST_CB) != 0) ? aux->asn1_const_cb - : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */ + : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */ } - if (((it->itype != ASN1_ITYPE_PRIMITIVE) - || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) { + if (((it->itype != ASN1_ITYPE_PRIMITIVE) + || (it->utype != V_ASN1_BOOLEAN)) + && *fld == NULL) { if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) { if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) return 0; @@ -166,7 +167,7 @@ case ASN1_ITYPE_PRIMITIVE: if (it->templates) { if (!asn1_template_print_ctx(out, fld, indent, - it->templates, pctx)) + it->templates, pctx)) return 0; break; } @@ -188,8 +189,7 @@ if ((i == 2) && (BIO_puts(out, "\n") <= 0)) return 0; return 1; - } else if (sname && - BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0) + } else if (sname && BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0) return 0; break; @@ -238,7 +238,7 @@ return 0; tmpfld = ossl_asn1_get_const_field_ptr(fld, seqtt); if (!asn1_template_print_ctx(out, tmpfld, - indent + 2, seqtt, pctx)) + indent + 2, seqtt, pctx)) return 0; } if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { @@ -262,7 +262,7 @@ } static int asn1_template_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, - const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) + const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) { int i, flags; const char *sname, *fname; @@ -299,7 +299,8 @@ else tname = "SEQUENCE"; if (BIO_printf(out, "%*s%s OF %s {\n", - indent, "", tname, tt->field_name) <= 0) + indent, "", tname, tt->field_name) + <= 0) return 0; } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0) return 0; @@ -311,12 +312,11 @@ skitem = sk_const_ASN1_VALUE_value(stack, i); if (!asn1_item_print_ctx(out, &skitem, indent + 2, - ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, - pctx)) + ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, + pctx)) return 0; } - if (i == 0 && BIO_printf(out, "%*s<%s>\n", indent + 2, "", - stack == NULL ? "ABSENT" : "EMPTY") <= 0) + if (i == 0 && BIO_printf(out, "%*s<%s>\n", indent + 2, "", stack == NULL ? "ABSENT" : "EMPTY") <= 0) return 0; if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { if (BIO_printf(out, "%*s}\n", indent, "") <= 0) @@ -325,12 +325,12 @@ return 1; } return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item), - fname, sname, 0, pctx); + fname, sname, 0, pctx); } static int asn1_print_fsname(BIO *out, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx) + const char *fname, const char *sname, + const ASN1_PCTX *pctx) { static const char spaces[] = " "; static const int nspaces = sizeof(spaces) - 1; @@ -381,13 +381,11 @@ default: str = "TRUE"; break; - } if (BIO_puts(out, str) <= 0) return 0; return 1; - } static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str) @@ -425,15 +423,16 @@ return 0; if ((str->length > 0) && BIO_dump_indent(out, (const char *)str->data, str->length, - indent + 2) <= 0) + indent + 2) + <= 0) return 0; return 1; } static int asn1_primitive_print(BIO *out, const ASN1_VALUE **fld, - const ASN1_ITEM *it, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx) + const ASN1_ITEM *it, int indent, + const char *fname, const char *sname, + const ASN1_PCTX *pctx) { long utype; ASN1_STRING *str; @@ -485,14 +484,12 @@ } switch (utype) { - case V_ASN1_BOOLEAN: - { - int boolval = *(int *)fld; - if (boolval == -1) - boolval = it->size; - ret = asn1_print_boolean(out, boolval); - } - break; + case V_ASN1_BOOLEAN: { + int boolval = *(int *)fld; + if (boolval == -1) + boolval = it->size; + ret = asn1_print_boolean(out, boolval); + } break; case V_ASN1_INTEGER: case V_ASN1_ENUMERATED: @@ -529,7 +526,6 @@ default: ret = ASN1_STRING_print_ex(out, str, pctx->str_flags); - } if (!ret) return 0; --- crypto/openssl/crypto/asn1/tasn_scn.c.orig +++ crypto/openssl/crypto/asn1/tasn_scn.c @@ -22,7 +22,7 @@ * passing details to a callback. */ -ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)) +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb)(ASN1_SCTX *ctx)) { ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret)); --- crypto/openssl/crypto/asn1/tasn_typ.c.orig +++ crypto/openssl/crypto/asn1/tasn_typ.c @@ -13,17 +13,17 @@ /* Declarations for string types */ -#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \ - IMPLEMENT_ASN1_TYPE(sname) \ +#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \ + IMPLEMENT_ASN1_TYPE(sname) \ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \ -sname *sname##_new(void) \ -{ \ - return ASN1_STRING_type_new(V_##sname); \ -} \ -void sname##_free(sname *x) \ -{ \ - ASN1_STRING_free(x); \ -} + sname *sname##_new(void) \ + { \ + return ASN1_STRING_type_new(V_##sname); \ + } \ + void sname##_free(sname *x) \ + { \ + ASN1_STRING_free(x); \ + } IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING) IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER) @@ -72,12 +72,10 @@ IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF) -ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY) +ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY) ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY) -ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY) +ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY) ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) --- crypto/openssl/crypto/asn1/tasn_utl.c.orig +++ crypto/openssl/crypto/asn1/tasn_utl.c @@ -20,7 +20,7 @@ /* Utility functions for manipulating fields and offsets */ /* Add 'offset' to 'addr' */ -#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset) +#define offset2ptr(addr, offset) (void *)(((char *)addr) + offset) /* * Given an ASN1_ITEM CHOICE type return the selector value @@ -34,7 +34,7 @@ } int ossl_asn1_get_choice_selector_const(const ASN1_VALUE **pval, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { int *sel = offset2ptr(*pval, it->utype); @@ -46,7 +46,7 @@ */ int ossl_asn1_set_choice_selector(ASN1_VALUE **pval, int value, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { int *sel, ret; @@ -96,7 +96,7 @@ break; case -1: if (!CRYPTO_DOWN_REF(lck, &ret, *lock)) - return -1; /* failed */ + return -1; /* failed */ REF_PRINT_EX(it->sname, ret, (void *)it); REF_ASSERT_ISNT(ret < 0); if (ret == 0) { @@ -122,7 +122,7 @@ } static const ASN1_ENCODING *asn1_get_const_enc_ptr(const ASN1_VALUE **pval, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { const ASN1_AUX *aux; @@ -158,7 +158,7 @@ } int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it); @@ -180,7 +180,7 @@ } int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { const ASN1_ENCODING *enc = asn1_get_const_enc_ptr(pval, it); @@ -209,7 +209,7 @@ /* Given an ASN1_TEMPLATE get a const pointer to a field */ const ASN1_VALUE **ossl_asn1_get_const_field_ptr(const ASN1_VALUE **pval, - const ASN1_TEMPLATE *tt) + const ASN1_TEMPLATE *tt) { return offset2ptr(*pval, tt->offset); } @@ -220,8 +220,8 @@ */ const ASN1_TEMPLATE *ossl_asn1_do_adb(const ASN1_VALUE *val, - const ASN1_TEMPLATE *tt, - int nullerr) + const ASN1_TEMPLATE *tt, + int nullerr) { const ASN1_ADB *adb; const ASN1_ADB_TABLE *atbl; @@ -278,7 +278,7 @@ goto err; return adb->default_tt; - err: +err: /* FIXME: should log the value or OID of unsupported type */ if (nullerr) ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); --- crypto/openssl/crypto/asn1/tbl_standard.h.orig +++ crypto/openssl/crypto/asn1/tbl_standard.h @@ -9,54 +9,53 @@ /* size limits: this stuff is taken straight from RFC3280 */ -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 -#define ub_serial_number 64 +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 +#define ub_serial_number 64 /* From RFC4524 */ -#define ub_rfc822_mailbox 256 +#define ub_rfc822_mailbox 256 /* This table must be kept in NID order */ static const ASN1_STRING_TABLE tbl_standard[] = { - {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, - {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, - {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, - {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, - {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, - 0}, - {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, - STABLE_NO_MASK}, - {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, - {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, - {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, - {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, - STABLE_NO_MASK}, - {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, - {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, - {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, - STABLE_NO_MASK}, - {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK}, - {NID_id_on_SmtpUTF8Mailbox, 1, ub_email_address, B_ASN1_UTF8STRING, STABLE_NO_MASK} + { NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0 }, + { NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK }, + { NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0 }, + { NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0 }, + { NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0 }, + { NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, + 0 }, + { NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, + STABLE_NO_MASK }, + { NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0 }, + { NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0 }, + { NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0 }, + { NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0 }, + { NID_surname, 1, ub_name, DIRSTRING_TYPE, 0 }, + { NID_initials, 1, ub_name, DIRSTRING_TYPE, 0 }, + { NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, + STABLE_NO_MASK }, + { NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK }, + { NID_name, 1, ub_name, DIRSTRING_TYPE, 0 }, + { NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK }, + { NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK }, + { NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK }, + { NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, + STABLE_NO_MASK }, + { NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK }, + { NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK }, + { NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK }, + { NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK }, + { NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK }, + { NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK }, + { NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK }, + { NID_id_on_SmtpUTF8Mailbox, 1, ub_email_address, B_ASN1_UTF8STRING, STABLE_NO_MASK } }; - --- crypto/openssl/crypto/asn1/x_algor.c.orig +++ crypto/openssl/crypto/asn1/x_algor.c @@ -16,12 +16,11 @@ #include "crypto/evp.h" ASN1_SEQUENCE(X509_ALGOR) = { - ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), - ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) + ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), + ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) } ASN1_SEQUENCE_END(X509_ALGOR) -ASN1_ITEM_TEMPLATE(X509_ALGORS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) +ASN1_ITEM_TEMPLATE(X509_ALGORS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) ASN1_ITEM_TEMPLATE_END(X509_ALGORS) IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) @@ -54,7 +53,7 @@ } void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, - const void **ppval, const X509_ALGOR *algor) + const void **ppval, const X509_ALGOR *algor) { if (paobj) *paobj = algor->algorithm; @@ -81,7 +80,6 @@ param_type = V_ASN1_NULL; X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), param_type, NULL); - } int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) @@ -101,7 +99,7 @@ return 0; if (dest->algorithm) - ASN1_OBJECT_free(dest->algorithm); + ASN1_OBJECT_free(dest->algorithm); dest->algorithm = NULL; if (dest->parameter) @@ -121,7 +119,8 @@ * set does copy as a side effect. */ if (ASN1_TYPE_set1(dest->parameter, src->parameter->type, - src->parameter->value.ptr) == 0) + src->parameter->value.ptr) + == 0) return 0; } @@ -159,7 +158,7 @@ if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) return NULL; return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), - alg->parameter); + alg->parameter); } /* Allocate and set MGF1 algorithm ID from EVP_MD */ @@ -175,7 +174,7 @@ if (!ossl_x509_algor_new_from_md(&algtmp, mgf1md)) goto err; if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL) - goto err; + goto err; *palg = X509_ALGOR_new(); if (*palg == NULL) goto err; @@ -185,7 +184,7 @@ goto err; } stmp = NULL; - err: +err: ASN1_STRING_free(stmp); X509_ALGOR_free(algtmp); if (*palg != NULL) --- crypto/openssl/crypto/asn1/x_bignum.c.orig +++ crypto/openssl/crypto/asn1/x_bignum.c @@ -19,20 +19,20 @@ * is normally due to an encoding error. */ -#define BN_SENSITIVE 1 +#define BN_SENSITIVE 1 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); static int bn_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it); + const ASN1_ITEM *it); static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); + int utype, char *free_cont, const ASN1_ITEM *it); static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); + int utype, char *free_cont, const ASN1_ITEM *it); static int bn_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx); + int indent, const ASN1_PCTX *pctx); static ASN1_PRIMITIVE_FUNCS bignum_pf = { NULL, 0, @@ -55,14 +55,13 @@ }; ASN1_ITEM_start(BIGNUM) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" -ASN1_ITEM_end(BIGNUM) + ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" ASN1_ITEM_end(BIGNUM) -ASN1_ITEM_start(CBIGNUM) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM" -ASN1_ITEM_end(CBIGNUM) + ASN1_ITEM_start(CBIGNUM) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM" ASN1_ITEM_end(CBIGNUM) -static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { *pval = (ASN1_VALUE *)BN_new(); if (*pval != NULL) @@ -92,7 +91,7 @@ } static int bn_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { BIGNUM *bn; int pad; @@ -113,7 +112,7 @@ } static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) + int utype, char *free_cont, const ASN1_ITEM *it) { BIGNUM *bn; @@ -128,7 +127,7 @@ } static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) + int utype, char *free_cont, const ASN1_ITEM *it) { int ret; BIGNUM *bn; @@ -147,7 +146,7 @@ } static int bn_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) + int indent, const ASN1_PCTX *pctx) { if (!BN_print(out, *(BIGNUM **)pval)) return 0; --- crypto/openssl/crypto/asn1/x_int64.c.orig +++ crypto/openssl/crypto/asn1/x_int64.c @@ -23,8 +23,8 @@ /* * We abuse the ASN1_ITEM fields |size| as a flags field */ -#define INTxx_FLAG_ZERO_DEFAULT (1<<0) -#define INTxx_FLAG_SIGNED (1<<1) +#define INTxx_FLAG_ZERO_DEFAULT (1 << 0) +#define INTxx_FLAG_SIGNED (1 << 1) static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { @@ -47,7 +47,7 @@ } static int uint64_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { uint64_t utmp; int neg = 0; @@ -71,7 +71,7 @@ } static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) + int utype, char *free_cont, const ASN1_ITEM *it) { uint64_t utmp = 0; char *cp; @@ -98,7 +98,7 @@ return 0; } if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED - && !neg && utmp > INT64_MAX) { + && !neg && utmp > INT64_MAX) { ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); return 0; } @@ -106,13 +106,13 @@ /* ossl_c2i_uint64_int() returns positive values */ utmp = 0 - utmp; - long_compat: +long_compat: memcpy(cp, &utmp, sizeof(utmp)); return 1; } static int uint64_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) + int indent, const ASN1_PCTX *pctx) { if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) return BIO_printf(out, "%jd\n", **(int64_t **)pval); @@ -142,7 +142,7 @@ } static int uint32_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { uint32_t utmp; int neg = 0; @@ -173,7 +173,7 @@ #define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1) static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) + int utype, char *free_cont, const ASN1_ITEM *it) { uint64_t utmp = 0; uint32_t utmp2 = 0; @@ -214,21 +214,20 @@ } } - long_compat: +long_compat: utmp2 = (uint32_t)utmp; memcpy(cp, &utmp2, sizeof(utmp2)); return 1; } static int uint32_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) + int indent, const ASN1_PCTX *pctx) { if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) return BIO_printf(out, "%d\n", **(int32_t **)pval); return BIO_printf(out, "%u\n", **(uint32_t **)pval); } - /* Define the primitives themselves */ static ASN1_PRIMITIVE_FUNCS uint32_pf = { @@ -252,40 +251,32 @@ }; ASN1_ITEM_start(INT32) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, - INTxx_FLAG_SIGNED, "INT32" -ASN1_ITEM_end(INT32) - -ASN1_ITEM_start(UINT32) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32" -ASN1_ITEM_end(UINT32) - -ASN1_ITEM_start(INT64) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, - INTxx_FLAG_SIGNED, "INT64" -ASN1_ITEM_end(INT64) - -ASN1_ITEM_start(UINT64) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64" -ASN1_ITEM_end(UINT64) - -ASN1_ITEM_start(ZINT32) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, - INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32" -ASN1_ITEM_end(ZINT32) - -ASN1_ITEM_start(ZUINT32) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, - INTxx_FLAG_ZERO_DEFAULT, "ZUINT32" -ASN1_ITEM_end(ZUINT32) - -ASN1_ITEM_start(ZINT64) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, - INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64" -ASN1_ITEM_end(ZINT64) - -ASN1_ITEM_start(ZUINT64) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, - INTxx_FLAG_ZERO_DEFAULT, "ZUINT64" -ASN1_ITEM_end(ZUINT64) + ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &uint32_pf, + INTxx_FLAG_SIGNED, "INT32" ASN1_ITEM_end(INT32) + + ASN1_ITEM_start(UINT32) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32" ASN1_ITEM_end(UINT32) + + ASN1_ITEM_start(INT64) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &uint64_pf, + INTxx_FLAG_SIGNED, "INT64" ASN1_ITEM_end(INT64) + + ASN1_ITEM_start(UINT64) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64" ASN1_ITEM_end(UINT64) + + ASN1_ITEM_start(ZINT32) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &uint32_pf, + INTxx_FLAG_ZERO_DEFAULT | INTxx_FLAG_SIGNED, "ZINT32" ASN1_ITEM_end(ZINT32) + + ASN1_ITEM_start(ZUINT32) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &uint32_pf, + INTxx_FLAG_ZERO_DEFAULT, "ZUINT32" ASN1_ITEM_end(ZUINT32) + + ASN1_ITEM_start(ZINT64) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &uint64_pf, + INTxx_FLAG_ZERO_DEFAULT | INTxx_FLAG_SIGNED, "ZINT64" ASN1_ITEM_end(ZINT64) + ASN1_ITEM_start(ZUINT64) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &uint64_pf, + INTxx_FLAG_ZERO_DEFAULT, "ZUINT64" ASN1_ITEM_end(ZUINT64) --- crypto/openssl/crypto/asn1/x_long.c.orig +++ crypto/openssl/crypto/asn1/x_long.c @@ -22,31 +22,30 @@ static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); static int long_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it); + const ASN1_ITEM *it); static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); + int utype, char *free_cont, const ASN1_ITEM *it); static int long_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx); + int indent, const ASN1_PCTX *pctx); static ASN1_PRIMITIVE_FUNCS long_pf = { NULL, 0, long_new, long_free, - long_free, /* Clear should set to initial value */ + long_free, /* Clear should set to initial value */ long_c2i, long_i2c, long_print }; ASN1_ITEM_start(LONG) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG" -ASN1_ITEM_end(LONG) + ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG" ASN1_ITEM_end(LONG) -ASN1_ITEM_start(ZLONG) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG" -ASN1_ITEM_end(ZLONG) + ASN1_ITEM_start(ZLONG) ASN1_ITYPE_PRIMITIVE, + V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG" ASN1_ITEM_end(ZLONG) -static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { memcpy(pval, &it->size, COPY_SIZE(*pval, it->size)); return 1; @@ -83,7 +82,7 @@ } static int long_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) + const ASN1_ITEM *it) { long ltmp; unsigned long utmp, sign; @@ -126,7 +125,7 @@ } static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) + int utype, char *free_cont, const ASN1_ITEM *it) { int i; long ltmp; @@ -187,7 +186,7 @@ } static int long_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) + int indent, const ASN1_PCTX *pctx) { long l; --- crypto/openssl/crypto/asn1/x_sig.c.orig +++ crypto/openssl/crypto/asn1/x_sig.c @@ -14,14 +14,14 @@ #include "crypto/x509.h" ASN1_SEQUENCE(X509_SIG) = { - ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), - ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) + ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), + ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(X509_SIG) IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, - const ASN1_OCTET_STRING **pdigest) + const ASN1_OCTET_STRING **pdigest) { if (palg) *palg = sig->algor; @@ -30,7 +30,7 @@ } void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, - ASN1_OCTET_STRING **pdigest) + ASN1_OCTET_STRING **pdigest) { if (palg) *palg = sig->algor; --- crypto/openssl/crypto/asn1/x_spki.c.orig +++ crypto/openssl/crypto/asn1/x_spki.c @@ -13,16 +13,16 @@ #include ASN1_SEQUENCE(NETSCAPE_SPKAC) = { - ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), - ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) + ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), + ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) } ASN1_SEQUENCE_END(NETSCAPE_SPKAC) IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) ASN1_SEQUENCE(NETSCAPE_SPKI) = { - ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), - ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) + ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), + ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR), + ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(NETSCAPE_SPKI) IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI) --- crypto/openssl/crypto/asn1/x_val.c.orig +++ crypto/openssl/crypto/asn1/x_val.c @@ -13,8 +13,8 @@ #include ASN1_SEQUENCE(X509_VAL) = { - ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), - ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) + ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), + ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) } ASN1_SEQUENCE_END(X509_VAL) IMPLEMENT_ASN1_FUNCTIONS(X509_VAL) --- crypto/openssl/crypto/asn1_dsa.c.orig +++ crypto/openssl/crypto/asn1_dsa.c @@ -43,11 +43,11 @@ if (cont_len > 0xff) { if (!WPACKET_put_bytes_u8(pkt, 0x82) - || !WPACKET_put_bytes_u16(pkt, cont_len)) + || !WPACKET_put_bytes_u16(pkt, cont_len)) return 0; } else { if (cont_len > 0x7f - && !WPACKET_put_bytes_u8(pkt, 0x81)) + && !WPACKET_put_bytes_u8(pkt, 0x81)) return 0; if (!WPACKET_put_bytes_u8(pkt, cont_len)) return 0; @@ -83,14 +83,14 @@ cont_len = BN_num_bits(n) / 8 + 1; if (!WPACKET_start_sub_packet(pkt) - || !WPACKET_put_bytes_u8(pkt, ID_INTEGER) - || !ossl_encode_der_length(pkt, cont_len) - || !WPACKET_allocate_bytes(pkt, cont_len, &bnbytes) - || !WPACKET_close(pkt)) + || !WPACKET_put_bytes_u8(pkt, ID_INTEGER) + || !ossl_encode_der_length(pkt, cont_len) + || !WPACKET_allocate_bytes(pkt, cont_len, &bnbytes) + || !WPACKET_close(pkt)) return 0; if (bnbytes != NULL - && BN_bn2binpad(n, bnbytes, (int)cont_len) != (int)cont_len) + && BN_bn2binpad(n, bnbytes, (int)cont_len) != (int)cont_len) return 0; return 1; @@ -123,9 +123,9 @@ /* Calculate the content length */ if (!ossl_encode_der_integer(dummypkt, r) - || !ossl_encode_der_integer(dummypkt, s) - || !WPACKET_get_length(dummypkt, &cont_len) - || (!isnull && !WPACKET_finish(dummypkt))) { + || !ossl_encode_der_integer(dummypkt, s) + || !WPACKET_get_length(dummypkt, &cont_len) + || (!isnull && !WPACKET_finish(dummypkt))) { if (!isnull) WPACKET_cleanup(dummypkt); return 0; @@ -133,14 +133,14 @@ /* Add the tag and length bytes */ if (!WPACKET_put_bytes_u8(pkt, ID_SEQUENCE) - || !ossl_encode_der_length(pkt, cont_len) - /* - * Really encode the integers. We already wrote to the main pkt - * if it had a NULL buffer, so don't do it again - */ - || (!isnull && !ossl_encode_der_integer(pkt, r)) - || (!isnull && !ossl_encode_der_integer(pkt, s)) - || !WPACKET_close(pkt)) + || !ossl_encode_der_length(pkt, cont_len) + /* + * Really encode the integers. We already wrote to the main pkt + * if it had a NULL buffer, so don't do it again + */ + || (!isnull && !ossl_encode_der_integer(pkt, r)) + || (!isnull && !ossl_encode_der_integer(pkt, s)) + || !WPACKET_close(pkt)) return 0; return 1; @@ -191,25 +191,26 @@ /* Check we have an integer and get the content bytes */ if (!PACKET_get_1(pkt, &tag) - || tag != ID_INTEGER - || !ossl_decode_der_length(pkt, &contpkt)) + || tag != ID_INTEGER + || !ossl_decode_der_length(pkt, &contpkt)) return 0; /* Peek ahead at the first bytes to check for proper encoding */ tmppkt = contpkt; /* The INTEGER must be positive */ if (!PACKET_get_1(&tmppkt, &tmp) - || (tmp & 0x80) != 0) + || (tmp & 0x80) != 0) return 0; /* If there a zero padding byte the next byte must have the msb set */ if (PACKET_remaining(&tmppkt) > 0 && tmp == 0) { if (!PACKET_get_1(&tmppkt, &tmp) - || (tmp & 0x80) == 0) + || (tmp & 0x80) == 0) return 0; } if (BN_bin2bn(PACKET_data(&contpkt), - (int)PACKET_remaining(&contpkt), n) == NULL) + (int)PACKET_remaining(&contpkt), n) + == NULL) return 0; return 1; @@ -231,19 +232,19 @@ * were consumed. */ size_t ossl_decode_der_dsa_sig(BIGNUM *r, BIGNUM *s, - const unsigned char **ppin, size_t len) + const unsigned char **ppin, size_t len) { size_t consumed; PACKET pkt, contpkt; unsigned int tag; if (!PACKET_buf_init(&pkt, *ppin, len) - || !PACKET_get_1(&pkt, &tag) - || tag != ID_SEQUENCE - || !ossl_decode_der_length(&pkt, &contpkt) - || !ossl_decode_der_integer(&contpkt, r) - || !ossl_decode_der_integer(&contpkt, s) - || PACKET_remaining(&contpkt) != 0) + || !PACKET_get_1(&pkt, &tag) + || tag != ID_SEQUENCE + || !ossl_decode_der_length(&pkt, &contpkt) + || !ossl_decode_der_integer(&contpkt, r) + || !ossl_decode_der_integer(&contpkt, s) + || PACKET_remaining(&contpkt) != 0) return 0; consumed = PACKET_data(&pkt) - *ppin; --- crypto/openssl/crypto/async/arch/async_null.c.orig +++ crypto/openssl/crypto/async/arch/async_null.c @@ -20,4 +20,3 @@ { } #endif - --- crypto/openssl/crypto/async/arch/async_null.h.orig +++ crypto/openssl/crypto/async/arch/async_null.h @@ -14,17 +14,16 @@ * to NULL. */ #ifndef ASYNC_ARCH -# define ASYNC_NULL -# define ASYNC_ARCH +#define ASYNC_NULL +#define ASYNC_ARCH typedef struct async_fibre_st { int dummy; } async_fibre; - -# define async_fibre_swapcontext(o,n,r) 0 -# define async_fibre_makecontext(c) 0 -# define async_fibre_free(f) -# define async_fibre_init_dispatcher(f) +#define async_fibre_swapcontext(o, n, r) 0 +#define async_fibre_makecontext(c) 0 +#define async_fibre_free(f) +#define async_fibre_init_dispatcher(f) #endif --- crypto/openssl/crypto/async/arch/async_posix.c.orig +++ crypto/openssl/crypto/async/arch/async_posix.c @@ -12,10 +12,10 @@ #ifdef ASYNC_POSIX -# include -# include +#include +#include -#define STACKSIZE 32768 +#define STACKSIZE 32768 int ASYNC_is_capable(void) { --- crypto/openssl/crypto/async/arch/async_posix.h.orig +++ crypto/openssl/crypto/async/arch/async_posix.h @@ -11,21 +11,22 @@ #define OSSL_CRYPTO_ASYNC_POSIX_H #include -#if defined(OPENSSL_SYS_UNIX) \ +#if defined(OPENSSL_SYS_UNIX) \ && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \ - && !defined(__ANDROID__) && !defined(__OpenBSD__) + && !defined(__ANDROID__) && !defined(__OpenBSD__) \ + && !defined(OPENSSL_SYS_TANDEM) -# include +#include -# if _POSIX_VERSION >= 200112L \ - && (_POSIX_VERSION < 200809L || defined(__GLIBC__)) +#if _POSIX_VERSION >= 200112L \ + && (_POSIX_VERSION < 200809L || defined(__GLIBC__)) -# include +#include -# define ASYNC_POSIX -# define ASYNC_ARCH +#define ASYNC_POSIX +#define ASYNC_ARCH -# if defined(__CET__) || defined(__ia64__) +#if defined(__CET__) || defined(__ia64__) /* * When Intel CET is enabled, makecontext will create a different * shadow stack for each context. async_fibre_swapcontext cannot @@ -34,9 +35,9 @@ * On IA64 the register stack engine is not saved across setjmp/longjmp. Here * swapcontext() performs correctly. */ -# define USE_SWAPCONTEXT -# endif -# if defined(__aarch64__) && defined(__clang__) \ +#define USE_SWAPCONTEXT +#endif +#if defined(__aarch64__) && defined(__clang__) \ && defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1 /* * setjmp/longjmp don't currently work with BTI on all libc implementations @@ -46,26 +47,26 @@ * So use the swapcontext implementation, which does work. * See https://github.com/llvm/llvm-project/issues/48888. */ -# define USE_SWAPCONTEXT -# endif -# include -# ifndef USE_SWAPCONTEXT -# include -# endif +#define USE_SWAPCONTEXT +#endif +#include +#ifndef USE_SWAPCONTEXT +#include +#endif typedef struct async_fibre_st { ucontext_t fibre; -# ifndef USE_SWAPCONTEXT +#ifndef USE_SWAPCONTEXT jmp_buf env; int env_init; -# endif +#endif } async_fibre; static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r) { -# ifdef USE_SWAPCONTEXT +#ifdef USE_SWAPCONTEXT swapcontext(&o->fibre, &n->fibre); -# else +#else o->env_init = 1; if (!r || !_setjmp(o->env)) { @@ -74,16 +75,16 @@ else setcontext(&n->fibre); } -# endif +#endif return 1; } -# define async_fibre_init_dispatcher(d) +#define async_fibre_init_dispatcher(d) int async_fibre_makecontext(async_fibre *fibre); void async_fibre_free(async_fibre *fibre); -# endif +#endif #endif #endif /* OSSL_CRYPTO_ASYNC_POSIX_H */ --- crypto/openssl/crypto/async/arch/async_win.c.orig +++ crypto/openssl/crypto/async/arch/async_win.c @@ -12,8 +12,8 @@ #ifdef ASYNC_WIN -# include -# include "internal/cryptlib.h" +#include +#include "internal/cryptlib.h" int ASYNC_is_capable(void) { @@ -34,11 +34,11 @@ int async_fibre_init_dispatcher(async_fibre *fibre) { -# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 fibre->fibre = ConvertThreadToFiberEx(NULL, FIBER_FLAG_FLOAT_SWITCH); -# else +#else fibre->fibre = ConvertThreadToFiber(NULL); -# endif +#endif if (fibre->fibre == NULL) { fibre->converted = 0; fibre->fibre = GetCurrentFiber(); --- crypto/openssl/crypto/async/arch/async_win.h.orig +++ crypto/openssl/crypto/async/arch/async_win.h @@ -13,30 +13,30 @@ */ #if defined(_WIN32) && !defined(OPENSSL_NO_ASYNC) #include -# define ASYNC_WIN -# define ASYNC_ARCH +#define ASYNC_WIN +#define ASYNC_ARCH -# include -# include "internal/cryptlib.h" +#include +#include "internal/cryptlib.h" typedef struct async_fibre_st { LPVOID fibre; int converted; } async_fibre; -# define async_fibre_swapcontext(o,n,r) \ - (SwitchToFiber((n)->fibre), 1) +#define async_fibre_swapcontext(o, n, r) \ + (SwitchToFiber((n)->fibre), 1) -# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 -# define async_fibre_makecontext(c) \ - ((c)->fibre = CreateFiberEx(0, 0, FIBER_FLAG_FLOAT_SWITCH, \ - async_start_func_win, 0)) -# else -# define async_fibre_makecontext(c) \ - ((c)->fibre = CreateFiber(0, async_start_func_win, 0)) -# endif +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 +#define async_fibre_makecontext(c) \ + ((c)->fibre = CreateFiberEx(0, 0, FIBER_FLAG_FLOAT_SWITCH, \ + async_start_func_win, 0)) +#else +#define async_fibre_makecontext(c) \ + ((c)->fibre = CreateFiber(0, async_start_func_win, 0)) +#endif -# define async_fibre_free(f) (DeleteFiber((f)->fibre)) +#define async_fibre_free(f) (DeleteFiber((f)->fibre)) int async_fibre_init_dispatcher(async_fibre *fibre); VOID CALLBACK async_start_func_win(PVOID unused); --- crypto/openssl/crypto/async/async.c.orig +++ crypto/openssl/crypto/async/async.c @@ -22,10 +22,10 @@ #include "crypto/cryptlib.h" #include -#define ASYNC_JOB_RUNNING 0 -#define ASYNC_JOB_PAUSING 1 -#define ASYNC_JOB_PAUSED 2 -#define ASYNC_JOB_STOPPING 3 +#define ASYNC_JOB_RUNNING 0 +#define ASYNC_JOB_PAUSING 1 +#define ASYNC_JOB_PAUSED 2 +#define ASYNC_JOB_STOPPING 3 static CRYPTO_THREAD_LOCAL ctxkey; static CRYPTO_THREAD_LOCAL poolkey; @@ -101,7 +101,8 @@ } } -static ASYNC_JOB *async_get_pool_job(void) { +static ASYNC_JOB *async_get_pool_job(void) +{ ASYNC_JOB *job; async_pool *pool; @@ -124,7 +125,7 @@ job = async_job_new(); if (job != NULL) { - if (! async_fibre_makecontext(&job->fibrectx)) { + if (!async_fibre_makecontext(&job->fibrectx)) { async_job_free(job); return NULL; } @@ -134,7 +135,8 @@ return job; } -static void async_release_job(ASYNC_JOB *job) { +static void async_release_job(ASYNC_JOB *job) +{ async_pool *pool; pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); @@ -164,7 +166,7 @@ /* Stop the job */ job->status = ASYNC_JOB_STOPPING; if (!async_fibre_swapcontext(&job->fibrectx, - &ctx->dispatcher, 1)) { + &ctx->dispatcher, 1)) { /* * Should not happen. Getting here will close the thread...can't do * much about it @@ -175,7 +177,7 @@ } int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, - int (*func)(void *), void *args, size_t size) + int (*func)(void *), void *args, size_t size) { async_ctx *ctx; OSSL_LIB_CTX *libctx; @@ -253,7 +255,8 @@ if ((ctx->currjob = async_get_pool_job()) == NULL) return ASYNC_NO_JOBS; - if (args != NULL) { + /* Check for size > 0 to avoid malloc(0) */ + if (args != NULL && size > 0) { ctx->currjob->funcargs = OPENSSL_malloc(size); if (ctx->currjob->funcargs == NULL) { ERR_raise(ERR_LIB_ASYNC, ERR_R_MALLOC_FAILURE); @@ -294,8 +297,8 @@ async_ctx *ctx = async_get_ctx(); if (ctx == NULL - || ctx->currjob == NULL - || ctx->blocked) { + || ctx->currjob == NULL + || ctx->blocked) { /* * Could be we've deliberately not been started within a job so this is * counted as success. @@ -307,7 +310,7 @@ job->status = ASYNC_JOB_PAUSING; if (!async_fibre_swapcontext(&job->fibrectx, - &ctx->dispatcher, 1)) { + &ctx->dispatcher, 1)) { ERR_raise(ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT); return 0; } --- crypto/openssl/crypto/async/async_err.c.orig +++ crypto/openssl/crypto/async/async_err.c @@ -15,14 +15,14 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA ASYNC_str_reasons[] = { - {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL), - "failed to set pool"}, - {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SWAP_CONTEXT), - "failed to swap context"}, - {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INIT_FAILED), "init failed"}, - {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INVALID_POOL_SIZE), - "invalid pool size"}, - {0, NULL} + { ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL), + "failed to set pool" }, + { ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SWAP_CONTEXT), + "failed to swap context" }, + { ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INIT_FAILED), "init failed" }, + { ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INVALID_POOL_SIZE), + "invalid pool size" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/async/async_local.h.orig +++ crypto/openssl/crypto/async/async_local.h @@ -12,12 +12,12 @@ * includes which includes */ #if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE) -# define _XOPEN_SOURCE /* Otherwise incomplete ucontext_t structure */ -# pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#define _XOPEN_SOURCE /* Otherwise incomplete ucontext_t structure */ +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" #endif #if defined(_WIN32) -# include +#include #endif #include "crypto/async.h" @@ -38,7 +38,7 @@ struct async_job_st { async_fibre fibrectx; - int (*func) (void *); + int (*func)(void *); void *funcargs; int ret; int status; @@ -78,4 +78,3 @@ async_ctx *async_get_ctx(void); void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx); - --- crypto/openssl/crypto/async/async_wait.c.orig +++ crypto/openssl/crypto/async/async_wait.c @@ -41,9 +41,9 @@ OPENSSL_free(ctx); } int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD fd, void *custom_data, - void (*cleanup)(ASYNC_WAIT_CTX *, const void *, - OSSL_ASYNC_FD, void *)) + OSSL_ASYNC_FD fd, void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)) { struct fd_lookup_st *fdlookup; @@ -64,7 +64,7 @@ } int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD *fd, void **custom_data) + OSSL_ASYNC_FD *fd, void **custom_data) { struct fd_lookup_st *curr; @@ -86,7 +86,7 @@ } int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, - size_t *numfds) + size_t *numfds) { struct fd_lookup_st *curr; @@ -109,8 +109,8 @@ } int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, - size_t *numaddfds, OSSL_ASYNC_FD *delfd, - size_t *numdelfds) + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds) { struct fd_lookup_st *curr; @@ -183,38 +183,38 @@ } int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, - ASYNC_callback_fn callback, - void *callback_arg) + ASYNC_callback_fn callback, + void *callback_arg) { - if (ctx == NULL) - return 0; + if (ctx == NULL) + return 0; - ctx->callback = callback; - ctx->callback_arg = callback_arg; - return 1; + ctx->callback = callback; + ctx->callback_arg = callback_arg; + return 1; } int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, - ASYNC_callback_fn *callback, - void **callback_arg) + ASYNC_callback_fn *callback, + void **callback_arg) { - if (ctx->callback == NULL) - return 0; + if (ctx->callback == NULL) + return 0; - *callback = ctx->callback; - *callback_arg = ctx->callback_arg; - return 1; + *callback = ctx->callback; + *callback_arg = ctx->callback_arg; + return 1; } int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status) { - ctx->status = status; - return 1; + ctx->status = status; + return 1; } int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx) { - return ctx->status; + return ctx->status; } void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx) --- crypto/openssl/crypto/bf/bf_cfb64.c.orig +++ crypto/openssl/crypto/bf/bf_cfb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,11 +23,11 @@ */ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const BF_KEY *schedule, - unsigned char *ivec, int *num, int encrypt) + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int encrypt) { register BF_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; BF_LONG ti[2]; unsigned char *iv, c, cc; --- crypto/openssl/crypto/bf/bf_ecb.c.orig +++ crypto/openssl/crypto/bf/bf_ecb.c @@ -29,7 +29,7 @@ } void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, - const BF_KEY *key, int encrypt) + const BF_KEY *key, int encrypt) { BF_LONG l, d[2]; --- crypto/openssl/crypto/bf/bf_enc.c.orig +++ crypto/openssl/crypto/bf/bf_enc.c @@ -23,7 +23,7 @@ */ #if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) -# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ +#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ to modify the code. #endif @@ -54,12 +54,12 @@ BF_ENC(l, r, s, p[14]); BF_ENC(r, l, s, p[15]); BF_ENC(l, r, s, p[16]); -# if BF_ROUNDS == 20 +#if BF_ROUNDS == 20 BF_ENC(r, l, s, p[17]); BF_ENC(l, r, s, p[18]); BF_ENC(r, l, s, p[19]); BF_ENC(l, r, s, p[20]); -# endif +#endif r ^= p[BF_ROUNDS + 1]; data[1] = l & 0xffffffffU; @@ -77,12 +77,12 @@ r = data[1]; l ^= p[BF_ROUNDS + 1]; -# if BF_ROUNDS == 20 +#if BF_ROUNDS == 20 BF_ENC(r, l, s, p[20]); BF_ENC(l, r, s, p[19]); BF_ENC(r, l, s, p[18]); BF_ENC(l, r, s, p[17]); -# endif +#endif BF_ENC(r, l, s, p[16]); BF_ENC(l, r, s, p[15]); BF_ENC(r, l, s, p[14]); @@ -106,7 +106,7 @@ } void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int encrypt) + const BF_KEY *schedule, unsigned char *ivec, int encrypt) { register BF_LONG tin0, tin1; register BF_LONG tout0, tout1, xor0, xor1; --- crypto/openssl/crypto/bf/bf_local.h.orig +++ crypto/openssl/crypto/bf/bf_local.h @@ -8,77 +8,91 @@ */ #ifndef OSSL_CRYPTO_BF_LOCAL_H -# define OSSL_CRYPTO_BF_LOCAL_H -# include +#define OSSL_CRYPTO_BF_LOCAL_H +#include /* NOTE - c is not incremented as per n2l */ -# define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } +#define n2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))) << 24; \ + /* fall thru */ \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))) << 24; \ + } \ + } /* NOTE - c is not incremented as per l2n */ -# define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } +#define l2nn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + /* fall thru */ \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 8) & 0xff); \ + /* fall thru */ \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 16) & 0xff); \ + /* fall thru */ \ + case 5: \ + *(--(c)) = (unsigned char)(((l2) >> 24) & 0xff); \ + /* fall thru */ \ + case 4: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + /* fall thru */ \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 8) & 0xff); \ + /* fall thru */ \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 16) & 0xff); \ + /* fall thru */ \ + case 1: \ + *(--(c)) = (unsigned char)(((l1) >> 24) & 0xff); \ + } \ + } -# undef n2l -# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) +#undef n2l +#define n2l(c, l) (l = ((unsigned long)(*((c)++))) << 24L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++)))) -# undef l2n -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#undef l2n +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) /* * This is actually a big endian algorithm, the most significant byte is used * to lookup array 0 */ -# define BF_ENC(LL,R,S,P) ( \ - LL^=P, \ - LL^=((( S[ ((R>>24)&0xff)] + \ - S[0x0100+((R>>16)&0xff)])^ \ - S[0x0200+((R>> 8)&0xff)])+ \ - S[0x0300+((R )&0xff)])&0xffffffffU \ - ) +#define BF_ENC(LL, R, S, P) ( \ + LL ^= P, \ + LL ^= (((S[((R >> 24) & 0xff)] + S[0x0100 + ((R >> 16) & 0xff)]) ^ S[0x0200 + ((R >> 8) & 0xff)]) + S[0x0300 + ((R) & 0xff)]) & 0xffffffffU) #endif --- crypto/openssl/crypto/bf/bf_ofb64.c.orig +++ crypto/openssl/crypto/bf/bf_ofb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,11 +22,11 @@ * used is contained in *num; */ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const BF_KEY *schedule, - unsigned char *ivec, int *num) + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num) { register BF_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned char d[8]; register char *dp; --- crypto/openssl/crypto/bf/bf_pi.h.orig +++ crypto/openssl/crypto/bf/bf_pi.h @@ -8,523 +8,1035 @@ */ static const BF_KEY bf_init = { + { 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, + 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, + 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL, + 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, + 0x9216d5d9L, 0x8979fb1b }, { - 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, - 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, - 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL, - 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, - 0x9216d5d9L, 0x8979fb1b}, { - 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, - 0xd01adfb7L, - 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, - 0xf12c7f99L, - 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, - 0x858efc16L, - 0x636920d8L, 0x71574e69L, 0xa458fea3L, - 0xf4933d7eL, - 0x0d95748fL, 0x728eb658L, 0x718bcd58L, - 0x82154aeeL, - 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, - 0x2af26013L, - 0xc5d1b023L, 0x286085f0L, 0xca417918L, - 0xb8db38efL, - 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, - 0xb01e8a3eL, - 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, - 0x55605c60L, - 0xe65525f3L, 0xaa55ab94L, 0x57489862L, - 0x63e81440L, - 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, - 0x1141e8ceL, - 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, - 0x636fbc2aL, - 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, - 0x9b87931eL, - 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, - 0x28958677L, - 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, - 0x66282193L, - 0x61d809ccL, 0xfb21a991L, 0x487cac60L, - 0x5dec8032L, - 0xef845d5dL, 0xe98575b1L, 0xdc262302L, - 0xeb651b88L, - 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, - 0x83f44239L, - 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, - 0x9e1f9b5eL, - 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, - 0xabd388f0L, - 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, - 0xab5133a3L, - 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, - 0x7efb2a98L, - 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, - 0x82430e88L, - 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, - 0x3b8b5ebeL, - 0xe06f75d8L, 0x85c12073L, 0x401a449fL, - 0x56c16aa6L, - 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, - 0x429b023dL, - 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, - 0x49f1c09bL, - 0x075372c9L, 0x80991b7bL, 0x25d479d8L, - 0xf6e8def7L, - 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, - 0x04c006baL, - 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, - 0x196a2463L, - 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, - 0x3b52ec6fL, - 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, - 0xaf5ebd09L, - 0xbee3d004L, 0xde334afdL, 0x660f2807L, - 0x192e4bb3L, - 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, - 0xb9d3fbdbL, - 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, - 0x402c7279L, - 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, - 0xdb3222f8L, - 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, - 0xad0552abL, - 0x323db5faL, 0xfd238760L, 0x53317b48L, - 0x3e00df82L, - 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, - 0xdf1769dbL, - 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, - 0x8c4f5573L, - 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, - 0xb8f011a0L, - 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, - 0x2dd1d35bL, - 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, - 0x4bfb9790L, - 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, - 0xcee4c6e8L, - 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, - 0x2bf11fb4L, - 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, - 0x6b93d5a0L, - 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, - 0x8e7594b7L, - 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, - 0x900df01cL, - 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, - 0xb3a8c1adL, - 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, - 0x8b021fa1L, - 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, - 0xce89e299L, - 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, - 0xd2ada8d9L, - 0x165fa266L, 0x80957705L, 0x93cc7314L, - 0x211a1477L, - 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, - 0xfb9d35cfL, - 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, - 0xae1e7e49L, - 0x00250e2dL, 0x2071b35eL, 0x226800bbL, - 0x57b8e0afL, - 0x2464369bL, 0xf009b91eL, 0x5563911dL, - 0x59dfa6aaL, - 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, - 0x02e5b9c5L, - 0x83260376L, 0x6295cfa9L, 0x11c81968L, - 0x4e734a41L, - 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, - 0x9a532915L, - 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, - 0x81e67400L, - 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, - 0x2a0dd915L, - 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, - 0xc5855664L, - 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, - 0x6e85076aL, - 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, - 0xc4192623L, - 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, - 0x8fedb266L, - 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, - 0xc2b19ee1L, - 0x193602a5L, 0x75094c29L, 0xa0591340L, - 0xe4183a3eL, - 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, - 0x99f73fd6L, - 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, - 0xf0255dc1L, - 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, - 0x021ecc5eL, - 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, - 0x6b6a70a1L, - 0x687f3584L, 0x52a0e286L, 0xb79c5305L, - 0xaa500737L, - 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, - 0x5716f2b8L, - 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, - 0x0200b3ffL, - 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, - 0xdc0921bdL, - 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, - 0x22f54701L, - 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, - 0x9af3dda7L, - 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, - 0xa4751e41L, - 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, - 0x183eb331L, - 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, - 0xf60a04bfL, - 0x2cb81290L, 0x24977c79L, 0x5679b072L, - 0xbcaf89afL, - 0xde9a771fL, 0xd9930810L, 0xb38bae12L, - 0xdccf3f2eL, - 0x5512721fL, 0x2e6b7124L, 0x501adde6L, - 0x9f84cd87L, - 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, - 0xe94b7d8cL, - 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, - 0xc464c3d2L, - 0xef1c1847L, 0x3215d908L, 0xdd433b37L, - 0x24c2ba16L, - 0x12a14d43L, 0x2a65c451L, 0x50940002L, - 0x133ae4ddL, - 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, - 0x5f11199bL, - 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, - 0x5924a509L, - 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, - 0x1e153c6eL, - 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, - 0x5a3e2ab3L, - 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, - 0x99e71d0fL, - 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, - 0x9c10b36aL, - 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, - 0x1e0a2df4L, - 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, - 0x19c27960L, - 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, - 0xeac31f66L, - 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, - 0x018cff28L, - 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, - 0x68ab9802L, - 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, - 0x5b6e2f84L, - 0x1521b628L, 0x29076170L, 0xecdd4775L, - 0x619f1510L, - 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, - 0xaa0363cfL, - 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, - 0xcbaade14L, - 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, - 0xb2f3846eL, - 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, - 0x655abb50L, - 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, - 0xc021b8f7L, - 0x9b540b19L, 0x875fa099L, 0x95f7997eL, - 0x623d7da8L, - 0xf837889aL, 0x97e32d77L, 0x11ed935fL, - 0x16681281L, - 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, - 0x7858ba99L, - 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, - 0x1ac24696L, - 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, - 0x6dbc3128L, - 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, - 0xee7c3c73L, - 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, - 0x203e13e0L, - 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, - 0xfacb4fd0L, - 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, - 0x41cd2105L, - 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, - 0x3d816250L, - 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, - 0xc1c7b6a3L, - 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, - 0x5692b285L, - 0x095bbf00L, 0xad19489dL, 0x1462b174L, - 0x23820e00L, - 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, - 0x233f7061L, - 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, - 0x6c223bdbL, - 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, - 0xce77326eL, - 0xa6078084L, 0x19f8509eL, 0xe8efd855L, - 0x61d99735L, - 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, - 0x800bcadcL, - 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, - 0x0e1e9ec9L, - 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, - 0xe3674340L, - 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, - 0xf16dff20L, - 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, - 0xdb83adf7L, - 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, - 0x94692934L, - 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, - 0xd4a20068L, - 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, - 0x500061afL, - 0x1e39f62eL, 0x97244546L, 0x14214f74L, - 0xbf8b8840L, - 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, - 0x66a02f45L, - 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, - 0x31cb8504L, - 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, - 0xabca0a9aL, - 0x28507825L, 0x530429f4L, 0x0a2c86daL, - 0xe9b66dfbL, - 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, - 0x27a18deeL, - 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, - 0x7af4d6b6L, - 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, - 0x406b2a42L, - 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, - 0x3b124e8bL, - 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, - 0xeae397b2L, - 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, - 0xca7820fbL, - 0xfb0af54eL, 0xd8feb397L, 0x454056acL, - 0xba489527L, - 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, - 0xd096954bL, - 0x55a867bcL, 0xa1159a58L, 0xcca92963L, - 0x99e1db33L, - 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, - 0x9029317cL, - 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, - 0x05282ce3L, - 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, - 0xc70f86dcL, - 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, - 0x5d886e17L, - 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, - 0x41113564L, - 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, - 0x1f636c1bL, - 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, - 0xcad18115L, - 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, - 0xeebeb922L, - 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, - 0x2da2f728L, - 0xd0127845L, 0x95b794fdL, 0x647d0862L, - 0xe7ccf5f0L, - 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, - 0xf33e8d1eL, - 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, - 0xf4f8fd37L, - 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, - 0xdb6e6b0dL, - 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, - 0xdcd0e804L, - 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, - 0x690fed0bL, - 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, - 0xd9155ea3L, - 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, - 0x763bd6ebL, - 0x37392eb3L, 0xcc115979L, 0x8026e297L, - 0xf42e312dL, - 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, - 0x782ef11cL, - 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, - 0x4bfb6350L, - 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, - 0xe2e1c3c9L, - 0x44421659L, 0x0a121386L, 0xd90cec6eL, - 0xd5abea2aL, - 0x64af674eL, 0xda86a85fL, 0xbebfe988L, - 0x64e4c3feL, - 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, - 0x6003604dL, - 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, - 0xd736fcccL, - 0x83426b33L, 0xf01eab71L, 0xb0804187L, - 0x3c005e5fL, - 0x77a057beL, 0xbde8ae24L, 0x55464299L, - 0xbf582e61L, - 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, - 0x8789bdc2L, - 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, - 0x46fcd9b9L, - 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, - 0x915f95e2L, - 0x466e598eL, 0x20b45770L, 0x8cd55591L, - 0xc902de4cL, - 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, - 0x7574a99eL, - 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, - 0xc4324633L, - 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, - 0x1d6efe10L, - 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, - 0x2868f169L, - 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, - 0x4fcd7f52L, - 0x50115e01L, 0xa70683faL, 0xa002b5c4L, - 0x0de6d027L, - 0x9af88c27L, 0x773f8641L, 0xc3604c06L, - 0x61a806b5L, - 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, - 0x30dc7d62L, - 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, - 0xc2c21634L, - 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, - 0xce591d76L, - 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, - 0x7c927c24L, - 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, - 0xd39eb8fcL, - 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, - 0x4dad0fc4L, - 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, - 0x6c51133cL, - 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, - 0xddc6c837L, - 0xd79a3234L, 0x92638212L, 0x670efa8eL, - 0x406000e0L, - 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, - 0x5ac52d1bL, - 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, - 0x99bc9bbeL, - 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, - 0xc700c47bL, - 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, - 0x6a366eb4L, - 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, - 0x6549c2c8L, - 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, - 0x4cd04dc6L, - 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, - 0xbe5ee304L, - 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, - 0x9a86ee22L, - 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, - 0x9cf2d0a4L, - 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, - 0xba645bd6L, - 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, - 0xef5562e9L, - 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, - 0x77fa0a59L, - 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, - 0x3b3ee593L, - 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, - 0x022b8b51L, - 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, - 0x7c7d2d28L, - 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, - 0x5a88f54cL, - 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, - 0xed93fa9bL, - 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, - 0x79132e28L, - 0x785f0191L, 0xed756055L, 0xf7960e44L, - 0xe3d35e8cL, - 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, - 0x0564f0bdL, - 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, - 0xa93a072aL, - 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, - 0x26dcf319L, - 0x7533d928L, 0xb155fdf5L, 0x03563482L, - 0x8aba3cbbL, - 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, - 0xccad925fL, - 0x4de81751L, 0x3830dc8eL, 0x379d5862L, - 0x9320f991L, - 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, - 0x774fbe32L, - 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, - 0x6413e680L, - 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, - 0x09072166L, - 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, - 0x1c20c8aeL, - 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, - 0x6bb4e3bbL, - 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, - 0xbcb4cdd5L, - 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, - 0xbf3c6f47L, - 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, - 0xf64e6370L, - 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, - 0xaf537d5dL, - 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, - 0x0115af84L, - 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, - 0xce6ea048L, - 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, - 0x277227f8L, - 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, - 0x344525bdL, - 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, - 0xa01fbac9L, - 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, - 0xa1e8aac7L, - 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, - 0xd50ada38L, - 0x0339c32aL, 0xc6913667L, 0x8df9317cL, - 0xe0b12b4fL, - 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, - 0x27d9459cL, - 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, - 0x9b941525L, - 0xfae59361L, 0xceb69cebL, 0xc2a86459L, - 0x12baa8d1L, - 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, - 0xcb03a442L, - 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, - 0x3278e964L, - 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, - 0x8971f21eL, - 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, - 0xc37632d8L, - 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, - 0x0fe3f11dL, - 0xe54cda54L, 0x1edad891L, 0xce6279cfL, - 0xcd3e7e6fL, - 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, - 0xf6fb2299L, - 0xf523f357L, 0xa6327623L, 0x93a83531L, - 0x56cccd02L, - 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, - 0x88d273ccL, - 0xde966292L, 0x81b949d0L, 0x4c50901bL, - 0x71c65614L, - 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, - 0xc3f27b9aL, - 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, - 0x35bdd2f6L, - 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, - 0xcd769c2bL, - 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, - 0x2547adf0L, - 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, - 0x20756060L, - 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, - 0x4cf9aa7eL, - 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, - 0xd6ebe1f9L, - 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, - 0xc208e69fL, - 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, - 0x3ac372e6L, - } + 0xd1310ba6L, + 0x98dfb5acL, + 0x2ffd72dbL, + 0xd01adfb7L, + 0xb8e1afedL, + 0x6a267e96L, + 0xba7c9045L, + 0xf12c7f99L, + 0x24a19947L, + 0xb3916cf7L, + 0x0801f2e2L, + 0x858efc16L, + 0x636920d8L, + 0x71574e69L, + 0xa458fea3L, + 0xf4933d7eL, + 0x0d95748fL, + 0x728eb658L, + 0x718bcd58L, + 0x82154aeeL, + 0x7b54a41dL, + 0xc25a59b5L, + 0x9c30d539L, + 0x2af26013L, + 0xc5d1b023L, + 0x286085f0L, + 0xca417918L, + 0xb8db38efL, + 0x8e79dcb0L, + 0x603a180eL, + 0x6c9e0e8bL, + 0xb01e8a3eL, + 0xd71577c1L, + 0xbd314b27L, + 0x78af2fdaL, + 0x55605c60L, + 0xe65525f3L, + 0xaa55ab94L, + 0x57489862L, + 0x63e81440L, + 0x55ca396aL, + 0x2aab10b6L, + 0xb4cc5c34L, + 0x1141e8ceL, + 0xa15486afL, + 0x7c72e993L, + 0xb3ee1411L, + 0x636fbc2aL, + 0x2ba9c55dL, + 0x741831f6L, + 0xce5c3e16L, + 0x9b87931eL, + 0xafd6ba33L, + 0x6c24cf5cL, + 0x7a325381L, + 0x28958677L, + 0x3b8f4898L, + 0x6b4bb9afL, + 0xc4bfe81bL, + 0x66282193L, + 0x61d809ccL, + 0xfb21a991L, + 0x487cac60L, + 0x5dec8032L, + 0xef845d5dL, + 0xe98575b1L, + 0xdc262302L, + 0xeb651b88L, + 0x23893e81L, + 0xd396acc5L, + 0x0f6d6ff3L, + 0x83f44239L, + 0x2e0b4482L, + 0xa4842004L, + 0x69c8f04aL, + 0x9e1f9b5eL, + 0x21c66842L, + 0xf6e96c9aL, + 0x670c9c61L, + 0xabd388f0L, + 0x6a51a0d2L, + 0xd8542f68L, + 0x960fa728L, + 0xab5133a3L, + 0x6eef0b6cL, + 0x137a3be4L, + 0xba3bf050L, + 0x7efb2a98L, + 0xa1f1651dL, + 0x39af0176L, + 0x66ca593eL, + 0x82430e88L, + 0x8cee8619L, + 0x456f9fb4L, + 0x7d84a5c3L, + 0x3b8b5ebeL, + 0xe06f75d8L, + 0x85c12073L, + 0x401a449fL, + 0x56c16aa6L, + 0x4ed3aa62L, + 0x363f7706L, + 0x1bfedf72L, + 0x429b023dL, + 0x37d0d724L, + 0xd00a1248L, + 0xdb0fead3L, + 0x49f1c09bL, + 0x075372c9L, + 0x80991b7bL, + 0x25d479d8L, + 0xf6e8def7L, + 0xe3fe501aL, + 0xb6794c3bL, + 0x976ce0bdL, + 0x04c006baL, + 0xc1a94fb6L, + 0x409f60c4L, + 0x5e5c9ec2L, + 0x196a2463L, + 0x68fb6fafL, + 0x3e6c53b5L, + 0x1339b2ebL, + 0x3b52ec6fL, + 0x6dfc511fL, + 0x9b30952cL, + 0xcc814544L, + 0xaf5ebd09L, + 0xbee3d004L, + 0xde334afdL, + 0x660f2807L, + 0x192e4bb3L, + 0xc0cba857L, + 0x45c8740fL, + 0xd20b5f39L, + 0xb9d3fbdbL, + 0x5579c0bdL, + 0x1a60320aL, + 0xd6a100c6L, + 0x402c7279L, + 0x679f25feL, + 0xfb1fa3ccL, + 0x8ea5e9f8L, + 0xdb3222f8L, + 0x3c7516dfL, + 0xfd616b15L, + 0x2f501ec8L, + 0xad0552abL, + 0x323db5faL, + 0xfd238760L, + 0x53317b48L, + 0x3e00df82L, + 0x9e5c57bbL, + 0xca6f8ca0L, + 0x1a87562eL, + 0xdf1769dbL, + 0xd542a8f6L, + 0x287effc3L, + 0xac6732c6L, + 0x8c4f5573L, + 0x695b27b0L, + 0xbbca58c8L, + 0xe1ffa35dL, + 0xb8f011a0L, + 0x10fa3d98L, + 0xfd2183b8L, + 0x4afcb56cL, + 0x2dd1d35bL, + 0x9a53e479L, + 0xb6f84565L, + 0xd28e49bcL, + 0x4bfb9790L, + 0xe1ddf2daL, + 0xa4cb7e33L, + 0x62fb1341L, + 0xcee4c6e8L, + 0xef20cadaL, + 0x36774c01L, + 0xd07e9efeL, + 0x2bf11fb4L, + 0x95dbda4dL, + 0xae909198L, + 0xeaad8e71L, + 0x6b93d5a0L, + 0xd08ed1d0L, + 0xafc725e0L, + 0x8e3c5b2fL, + 0x8e7594b7L, + 0x8ff6e2fbL, + 0xf2122b64L, + 0x8888b812L, + 0x900df01cL, + 0x4fad5ea0L, + 0x688fc31cL, + 0xd1cff191L, + 0xb3a8c1adL, + 0x2f2f2218L, + 0xbe0e1777L, + 0xea752dfeL, + 0x8b021fa1L, + 0xe5a0cc0fL, + 0xb56f74e8L, + 0x18acf3d6L, + 0xce89e299L, + 0xb4a84fe0L, + 0xfd13e0b7L, + 0x7cc43b81L, + 0xd2ada8d9L, + 0x165fa266L, + 0x80957705L, + 0x93cc7314L, + 0x211a1477L, + 0xe6ad2065L, + 0x77b5fa86L, + 0xc75442f5L, + 0xfb9d35cfL, + 0xebcdaf0cL, + 0x7b3e89a0L, + 0xd6411bd3L, + 0xae1e7e49L, + 0x00250e2dL, + 0x2071b35eL, + 0x226800bbL, + 0x57b8e0afL, + 0x2464369bL, + 0xf009b91eL, + 0x5563911dL, + 0x59dfa6aaL, + 0x78c14389L, + 0xd95a537fL, + 0x207d5ba2L, + 0x02e5b9c5L, + 0x83260376L, + 0x6295cfa9L, + 0x11c81968L, + 0x4e734a41L, + 0xb3472dcaL, + 0x7b14a94aL, + 0x1b510052L, + 0x9a532915L, + 0xd60f573fL, + 0xbc9bc6e4L, + 0x2b60a476L, + 0x81e67400L, + 0x08ba6fb5L, + 0x571be91fL, + 0xf296ec6bL, + 0x2a0dd915L, + 0xb6636521L, + 0xe7b9f9b6L, + 0xff34052eL, + 0xc5855664L, + 0x53b02d5dL, + 0xa99f8fa1L, + 0x08ba4799L, + 0x6e85076aL, + 0x4b7a70e9L, + 0xb5b32944L, + 0xdb75092eL, + 0xc4192623L, + 0xad6ea6b0L, + 0x49a7df7dL, + 0x9cee60b8L, + 0x8fedb266L, + 0xecaa8c71L, + 0x699a17ffL, + 0x5664526cL, + 0xc2b19ee1L, + 0x193602a5L, + 0x75094c29L, + 0xa0591340L, + 0xe4183a3eL, + 0x3f54989aL, + 0x5b429d65L, + 0x6b8fe4d6L, + 0x99f73fd6L, + 0xa1d29c07L, + 0xefe830f5L, + 0x4d2d38e6L, + 0xf0255dc1L, + 0x4cdd2086L, + 0x8470eb26L, + 0x6382e9c6L, + 0x021ecc5eL, + 0x09686b3fL, + 0x3ebaefc9L, + 0x3c971814L, + 0x6b6a70a1L, + 0x687f3584L, + 0x52a0e286L, + 0xb79c5305L, + 0xaa500737L, + 0x3e07841cL, + 0x7fdeae5cL, + 0x8e7d44ecL, + 0x5716f2b8L, + 0xb03ada37L, + 0xf0500c0dL, + 0xf01c1f04L, + 0x0200b3ffL, + 0xae0cf51aL, + 0x3cb574b2L, + 0x25837a58L, + 0xdc0921bdL, + 0xd19113f9L, + 0x7ca92ff6L, + 0x94324773L, + 0x22f54701L, + 0x3ae5e581L, + 0x37c2dadcL, + 0xc8b57634L, + 0x9af3dda7L, + 0xa9446146L, + 0x0fd0030eL, + 0xecc8c73eL, + 0xa4751e41L, + 0xe238cd99L, + 0x3bea0e2fL, + 0x3280bba1L, + 0x183eb331L, + 0x4e548b38L, + 0x4f6db908L, + 0x6f420d03L, + 0xf60a04bfL, + 0x2cb81290L, + 0x24977c79L, + 0x5679b072L, + 0xbcaf89afL, + 0xde9a771fL, + 0xd9930810L, + 0xb38bae12L, + 0xdccf3f2eL, + 0x5512721fL, + 0x2e6b7124L, + 0x501adde6L, + 0x9f84cd87L, + 0x7a584718L, + 0x7408da17L, + 0xbc9f9abcL, + 0xe94b7d8cL, + 0xec7aec3aL, + 0xdb851dfaL, + 0x63094366L, + 0xc464c3d2L, + 0xef1c1847L, + 0x3215d908L, + 0xdd433b37L, + 0x24c2ba16L, + 0x12a14d43L, + 0x2a65c451L, + 0x50940002L, + 0x133ae4ddL, + 0x71dff89eL, + 0x10314e55L, + 0x81ac77d6L, + 0x5f11199bL, + 0x043556f1L, + 0xd7a3c76bL, + 0x3c11183bL, + 0x5924a509L, + 0xf28fe6edL, + 0x97f1fbfaL, + 0x9ebabf2cL, + 0x1e153c6eL, + 0x86e34570L, + 0xeae96fb1L, + 0x860e5e0aL, + 0x5a3e2ab3L, + 0x771fe71cL, + 0x4e3d06faL, + 0x2965dcb9L, + 0x99e71d0fL, + 0x803e89d6L, + 0x5266c825L, + 0x2e4cc978L, + 0x9c10b36aL, + 0xc6150ebaL, + 0x94e2ea78L, + 0xa5fc3c53L, + 0x1e0a2df4L, + 0xf2f74ea7L, + 0x361d2b3dL, + 0x1939260fL, + 0x19c27960L, + 0x5223a708L, + 0xf71312b6L, + 0xebadfe6eL, + 0xeac31f66L, + 0xe3bc4595L, + 0xa67bc883L, + 0xb17f37d1L, + 0x018cff28L, + 0xc332ddefL, + 0xbe6c5aa5L, + 0x65582185L, + 0x68ab9802L, + 0xeecea50fL, + 0xdb2f953bL, + 0x2aef7dadL, + 0x5b6e2f84L, + 0x1521b628L, + 0x29076170L, + 0xecdd4775L, + 0x619f1510L, + 0x13cca830L, + 0xeb61bd96L, + 0x0334fe1eL, + 0xaa0363cfL, + 0xb5735c90L, + 0x4c70a239L, + 0xd59e9e0bL, + 0xcbaade14L, + 0xeecc86bcL, + 0x60622ca7L, + 0x9cab5cabL, + 0xb2f3846eL, + 0x648b1eafL, + 0x19bdf0caL, + 0xa02369b9L, + 0x655abb50L, + 0x40685a32L, + 0x3c2ab4b3L, + 0x319ee9d5L, + 0xc021b8f7L, + 0x9b540b19L, + 0x875fa099L, + 0x95f7997eL, + 0x623d7da8L, + 0xf837889aL, + 0x97e32d77L, + 0x11ed935fL, + 0x16681281L, + 0x0e358829L, + 0xc7e61fd6L, + 0x96dedfa1L, + 0x7858ba99L, + 0x57f584a5L, + 0x1b227263L, + 0x9b83c3ffL, + 0x1ac24696L, + 0xcdb30aebL, + 0x532e3054L, + 0x8fd948e4L, + 0x6dbc3128L, + 0x58ebf2efL, + 0x34c6ffeaL, + 0xfe28ed61L, + 0xee7c3c73L, + 0x5d4a14d9L, + 0xe864b7e3L, + 0x42105d14L, + 0x203e13e0L, + 0x45eee2b6L, + 0xa3aaabeaL, + 0xdb6c4f15L, + 0xfacb4fd0L, + 0xc742f442L, + 0xef6abbb5L, + 0x654f3b1dL, + 0x41cd2105L, + 0xd81e799eL, + 0x86854dc7L, + 0xe44b476aL, + 0x3d816250L, + 0xcf62a1f2L, + 0x5b8d2646L, + 0xfc8883a0L, + 0xc1c7b6a3L, + 0x7f1524c3L, + 0x69cb7492L, + 0x47848a0bL, + 0x5692b285L, + 0x095bbf00L, + 0xad19489dL, + 0x1462b174L, + 0x23820e00L, + 0x58428d2aL, + 0x0c55f5eaL, + 0x1dadf43eL, + 0x233f7061L, + 0x3372f092L, + 0x8d937e41L, + 0xd65fecf1L, + 0x6c223bdbL, + 0x7cde3759L, + 0xcbee7460L, + 0x4085f2a7L, + 0xce77326eL, + 0xa6078084L, + 0x19f8509eL, + 0xe8efd855L, + 0x61d99735L, + 0xa969a7aaL, + 0xc50c06c2L, + 0x5a04abfcL, + 0x800bcadcL, + 0x9e447a2eL, + 0xc3453484L, + 0xfdd56705L, + 0x0e1e9ec9L, + 0xdb73dbd3L, + 0x105588cdL, + 0x675fda79L, + 0xe3674340L, + 0xc5c43465L, + 0x713e38d8L, + 0x3d28f89eL, + 0xf16dff20L, + 0x153e21e7L, + 0x8fb03d4aL, + 0xe6e39f2bL, + 0xdb83adf7L, + 0xe93d5a68L, + 0x948140f7L, + 0xf64c261cL, + 0x94692934L, + 0x411520f7L, + 0x7602d4f7L, + 0xbcf46b2eL, + 0xd4a20068L, + 0xd4082471L, + 0x3320f46aL, + 0x43b7d4b7L, + 0x500061afL, + 0x1e39f62eL, + 0x97244546L, + 0x14214f74L, + 0xbf8b8840L, + 0x4d95fc1dL, + 0x96b591afL, + 0x70f4ddd3L, + 0x66a02f45L, + 0xbfbc09ecL, + 0x03bd9785L, + 0x7fac6dd0L, + 0x31cb8504L, + 0x96eb27b3L, + 0x55fd3941L, + 0xda2547e6L, + 0xabca0a9aL, + 0x28507825L, + 0x530429f4L, + 0x0a2c86daL, + 0xe9b66dfbL, + 0x68dc1462L, + 0xd7486900L, + 0x680ec0a4L, + 0x27a18deeL, + 0x4f3ffea2L, + 0xe887ad8cL, + 0xb58ce006L, + 0x7af4d6b6L, + 0xaace1e7cL, + 0xd3375fecL, + 0xce78a399L, + 0x406b2a42L, + 0x20fe9e35L, + 0xd9f385b9L, + 0xee39d7abL, + 0x3b124e8bL, + 0x1dc9faf7L, + 0x4b6d1856L, + 0x26a36631L, + 0xeae397b2L, + 0x3a6efa74L, + 0xdd5b4332L, + 0x6841e7f7L, + 0xca7820fbL, + 0xfb0af54eL, + 0xd8feb397L, + 0x454056acL, + 0xba489527L, + 0x55533a3aL, + 0x20838d87L, + 0xfe6ba9b7L, + 0xd096954bL, + 0x55a867bcL, + 0xa1159a58L, + 0xcca92963L, + 0x99e1db33L, + 0xa62a4a56L, + 0x3f3125f9L, + 0x5ef47e1cL, + 0x9029317cL, + 0xfdf8e802L, + 0x04272f70L, + 0x80bb155cL, + 0x05282ce3L, + 0x95c11548L, + 0xe4c66d22L, + 0x48c1133fL, + 0xc70f86dcL, + 0x07f9c9eeL, + 0x41041f0fL, + 0x404779a4L, + 0x5d886e17L, + 0x325f51ebL, + 0xd59bc0d1L, + 0xf2bcc18fL, + 0x41113564L, + 0x257b7834L, + 0x602a9c60L, + 0xdff8e8a3L, + 0x1f636c1bL, + 0x0e12b4c2L, + 0x02e1329eL, + 0xaf664fd1L, + 0xcad18115L, + 0x6b2395e0L, + 0x333e92e1L, + 0x3b240b62L, + 0xeebeb922L, + 0x85b2a20eL, + 0xe6ba0d99L, + 0xde720c8cL, + 0x2da2f728L, + 0xd0127845L, + 0x95b794fdL, + 0x647d0862L, + 0xe7ccf5f0L, + 0x5449a36fL, + 0x877d48faL, + 0xc39dfd27L, + 0xf33e8d1eL, + 0x0a476341L, + 0x992eff74L, + 0x3a6f6eabL, + 0xf4f8fd37L, + 0xa812dc60L, + 0xa1ebddf8L, + 0x991be14cL, + 0xdb6e6b0dL, + 0xc67b5510L, + 0x6d672c37L, + 0x2765d43bL, + 0xdcd0e804L, + 0xf1290dc7L, + 0xcc00ffa3L, + 0xb5390f92L, + 0x690fed0bL, + 0x667b9ffbL, + 0xcedb7d9cL, + 0xa091cf0bL, + 0xd9155ea3L, + 0xbb132f88L, + 0x515bad24L, + 0x7b9479bfL, + 0x763bd6ebL, + 0x37392eb3L, + 0xcc115979L, + 0x8026e297L, + 0xf42e312dL, + 0x6842ada7L, + 0xc66a2b3bL, + 0x12754cccL, + 0x782ef11cL, + 0x6a124237L, + 0xb79251e7L, + 0x06a1bbe6L, + 0x4bfb6350L, + 0x1a6b1018L, + 0x11caedfaL, + 0x3d25bdd8L, + 0xe2e1c3c9L, + 0x44421659L, + 0x0a121386L, + 0xd90cec6eL, + 0xd5abea2aL, + 0x64af674eL, + 0xda86a85fL, + 0xbebfe988L, + 0x64e4c3feL, + 0x9dbc8057L, + 0xf0f7c086L, + 0x60787bf8L, + 0x6003604dL, + 0xd1fd8346L, + 0xf6381fb0L, + 0x7745ae04L, + 0xd736fcccL, + 0x83426b33L, + 0xf01eab71L, + 0xb0804187L, + 0x3c005e5fL, + 0x77a057beL, + 0xbde8ae24L, + 0x55464299L, + 0xbf582e61L, + 0x4e58f48fL, + 0xf2ddfda2L, + 0xf474ef38L, + 0x8789bdc2L, + 0x5366f9c3L, + 0xc8b38e74L, + 0xb475f255L, + 0x46fcd9b9L, + 0x7aeb2661L, + 0x8b1ddf84L, + 0x846a0e79L, + 0x915f95e2L, + 0x466e598eL, + 0x20b45770L, + 0x8cd55591L, + 0xc902de4cL, + 0xb90bace1L, + 0xbb8205d0L, + 0x11a86248L, + 0x7574a99eL, + 0xb77f19b6L, + 0xe0a9dc09L, + 0x662d09a1L, + 0xc4324633L, + 0xe85a1f02L, + 0x09f0be8cL, + 0x4a99a025L, + 0x1d6efe10L, + 0x1ab93d1dL, + 0x0ba5a4dfL, + 0xa186f20fL, + 0x2868f169L, + 0xdcb7da83L, + 0x573906feL, + 0xa1e2ce9bL, + 0x4fcd7f52L, + 0x50115e01L, + 0xa70683faL, + 0xa002b5c4L, + 0x0de6d027L, + 0x9af88c27L, + 0x773f8641L, + 0xc3604c06L, + 0x61a806b5L, + 0xf0177a28L, + 0xc0f586e0L, + 0x006058aaL, + 0x30dc7d62L, + 0x11e69ed7L, + 0x2338ea63L, + 0x53c2dd94L, + 0xc2c21634L, + 0xbbcbee56L, + 0x90bcb6deL, + 0xebfc7da1L, + 0xce591d76L, + 0x6f05e409L, + 0x4b7c0188L, + 0x39720a3dL, + 0x7c927c24L, + 0x86e3725fL, + 0x724d9db9L, + 0x1ac15bb4L, + 0xd39eb8fcL, + 0xed545578L, + 0x08fca5b5L, + 0xd83d7cd3L, + 0x4dad0fc4L, + 0x1e50ef5eL, + 0xb161e6f8L, + 0xa28514d9L, + 0x6c51133cL, + 0x6fd5c7e7L, + 0x56e14ec4L, + 0x362abfceL, + 0xddc6c837L, + 0xd79a3234L, + 0x92638212L, + 0x670efa8eL, + 0x406000e0L, + 0x3a39ce37L, + 0xd3faf5cfL, + 0xabc27737L, + 0x5ac52d1bL, + 0x5cb0679eL, + 0x4fa33742L, + 0xd3822740L, + 0x99bc9bbeL, + 0xd5118e9dL, + 0xbf0f7315L, + 0xd62d1c7eL, + 0xc700c47bL, + 0xb78c1b6bL, + 0x21a19045L, + 0xb26eb1beL, + 0x6a366eb4L, + 0x5748ab2fL, + 0xbc946e79L, + 0xc6a376d2L, + 0x6549c2c8L, + 0x530ff8eeL, + 0x468dde7dL, + 0xd5730a1dL, + 0x4cd04dc6L, + 0x2939bbdbL, + 0xa9ba4650L, + 0xac9526e8L, + 0xbe5ee304L, + 0xa1fad5f0L, + 0x6a2d519aL, + 0x63ef8ce2L, + 0x9a86ee22L, + 0xc089c2b8L, + 0x43242ef6L, + 0xa51e03aaL, + 0x9cf2d0a4L, + 0x83c061baL, + 0x9be96a4dL, + 0x8fe51550L, + 0xba645bd6L, + 0x2826a2f9L, + 0xa73a3ae1L, + 0x4ba99586L, + 0xef5562e9L, + 0xc72fefd3L, + 0xf752f7daL, + 0x3f046f69L, + 0x77fa0a59L, + 0x80e4a915L, + 0x87b08601L, + 0x9b09e6adL, + 0x3b3ee593L, + 0xe990fd5aL, + 0x9e34d797L, + 0x2cf0b7d9L, + 0x022b8b51L, + 0x96d5ac3aL, + 0x017da67dL, + 0xd1cf3ed6L, + 0x7c7d2d28L, + 0x1f9f25cfL, + 0xadf2b89bL, + 0x5ad6b472L, + 0x5a88f54cL, + 0xe029ac71L, + 0xe019a5e6L, + 0x47b0acfdL, + 0xed93fa9bL, + 0xe8d3c48dL, + 0x283b57ccL, + 0xf8d56629L, + 0x79132e28L, + 0x785f0191L, + 0xed756055L, + 0xf7960e44L, + 0xe3d35e8cL, + 0x15056dd4L, + 0x88f46dbaL, + 0x03a16125L, + 0x0564f0bdL, + 0xc3eb9e15L, + 0x3c9057a2L, + 0x97271aecL, + 0xa93a072aL, + 0x1b3f6d9bL, + 0x1e6321f5L, + 0xf59c66fbL, + 0x26dcf319L, + 0x7533d928L, + 0xb155fdf5L, + 0x03563482L, + 0x8aba3cbbL, + 0x28517711L, + 0xc20ad9f8L, + 0xabcc5167L, + 0xccad925fL, + 0x4de81751L, + 0x3830dc8eL, + 0x379d5862L, + 0x9320f991L, + 0xea7a90c2L, + 0xfb3e7bceL, + 0x5121ce64L, + 0x774fbe32L, + 0xa8b6e37eL, + 0xc3293d46L, + 0x48de5369L, + 0x6413e680L, + 0xa2ae0810L, + 0xdd6db224L, + 0x69852dfdL, + 0x09072166L, + 0xb39a460aL, + 0x6445c0ddL, + 0x586cdecfL, + 0x1c20c8aeL, + 0x5bbef7ddL, + 0x1b588d40L, + 0xccd2017fL, + 0x6bb4e3bbL, + 0xdda26a7eL, + 0x3a59ff45L, + 0x3e350a44L, + 0xbcb4cdd5L, + 0x72eacea8L, + 0xfa6484bbL, + 0x8d6612aeL, + 0xbf3c6f47L, + 0xd29be463L, + 0x542f5d9eL, + 0xaec2771bL, + 0xf64e6370L, + 0x740e0d8dL, + 0xe75b1357L, + 0xf8721671L, + 0xaf537d5dL, + 0x4040cb08L, + 0x4eb4e2ccL, + 0x34d2466aL, + 0x0115af84L, + 0xe1b00428L, + 0x95983a1dL, + 0x06b89fb4L, + 0xce6ea048L, + 0x6f3f3b82L, + 0x3520ab82L, + 0x011a1d4bL, + 0x277227f8L, + 0x611560b1L, + 0xe7933fdcL, + 0xbb3a792bL, + 0x344525bdL, + 0xa08839e1L, + 0x51ce794bL, + 0x2f32c9b7L, + 0xa01fbac9L, + 0xe01cc87eL, + 0xbcc7d1f6L, + 0xcf0111c3L, + 0xa1e8aac7L, + 0x1a908749L, + 0xd44fbd9aL, + 0xd0dadecbL, + 0xd50ada38L, + 0x0339c32aL, + 0xc6913667L, + 0x8df9317cL, + 0xe0b12b4fL, + 0xf79e59b7L, + 0x43f5bb3aL, + 0xf2d519ffL, + 0x27d9459cL, + 0xbf97222cL, + 0x15e6fc2aL, + 0x0f91fc71L, + 0x9b941525L, + 0xfae59361L, + 0xceb69cebL, + 0xc2a86459L, + 0x12baa8d1L, + 0xb6c1075eL, + 0xe3056a0cL, + 0x10d25065L, + 0xcb03a442L, + 0xe0ec6e0eL, + 0x1698db3bL, + 0x4c98a0beL, + 0x3278e964L, + 0x9f1f9532L, + 0xe0d392dfL, + 0xd3a0342bL, + 0x8971f21eL, + 0x1b0a7441L, + 0x4ba3348cL, + 0xc5be7120L, + 0xc37632d8L, + 0xdf359f8dL, + 0x9b992f2eL, + 0xe60b6f47L, + 0x0fe3f11dL, + 0xe54cda54L, + 0x1edad891L, + 0xce6279cfL, + 0xcd3e7e6fL, + 0x1618b166L, + 0xfd2c1d05L, + 0x848fd2c5L, + 0xf6fb2299L, + 0xf523f357L, + 0xa6327623L, + 0x93a83531L, + 0x56cccd02L, + 0xacf08162L, + 0x5a75ebb5L, + 0x6e163697L, + 0x88d273ccL, + 0xde966292L, + 0x81b949d0L, + 0x4c50901bL, + 0x71c65614L, + 0xe6c6c7bdL, + 0x327a140aL, + 0x45e1d006L, + 0xc3f27b9aL, + 0xc9aa53fdL, + 0x62a80f00L, + 0xbb25bfe2L, + 0x35bdd2f6L, + 0x71126905L, + 0xb2040222L, + 0xb6cbcf7cL, + 0xcd769c2bL, + 0x53113ec0L, + 0x1640e3d3L, + 0x38abbd60L, + 0x2547adf0L, + 0xba38209cL, + 0xf746ce76L, + 0x77afa1c5L, + 0x20756060L, + 0x85cbfe4eL, + 0x8ae88dd8L, + 0x7aaaf9b0L, + 0x4cf9aa7eL, + 0x1948c25cL, + 0x02fb8a8cL, + 0x01c36ae4L, + 0xd6ebe1f9L, + 0x90d4f869L, + 0xa65cdea0L, + 0x3f09252dL, + 0xc208e69fL, + 0xb74e6132L, + 0xce77e25bL, + 0x578fdfe3L, + 0x3ac372e6L, + } }; --- crypto/openssl/crypto/bio/bf_buff.c.orig +++ crypto/openssl/crypto/bio/bf_buff.c @@ -20,7 +20,7 @@ static int buffer_new(BIO *h); static int buffer_free(BIO *data); static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -#define DEFAULT_BUFFER_SIZE 4096 +#define DEFAULT_BUFFER_SIZE 4096 static const BIO_METHOD methods_buffer = { BIO_TYPE_BUFFER, @@ -98,7 +98,7 @@ num = 0; BIO_clear_retry_flags(b); - start: +start: i = ctx->ibuf_len; /* If there is stuff left over, grab it */ if (i != 0) { @@ -167,7 +167,7 @@ return 0; BIO_clear_retry_flags(b); - start: +start: i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off); /* add to buffer and return */ if (i >= inl) { @@ -178,7 +178,7 @@ /* else */ /* stuff already in buffer, so add to it first, then flush */ if (ctx->obuf_len != 0) { - if (i > 0) { /* lets fill it up if we can */ + if (i > 0) { /* lets fill it up if we can */ memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i); in += i; inl -= i; @@ -188,7 +188,7 @@ /* we now have a full buffer needing flushing */ for (;;) { i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]), - ctx->obuf_len); + ctx->obuf_len); if (i <= 0) { BIO_copy_next_retry(b); @@ -306,7 +306,7 @@ if (*ip == 0) { ibs = (int)num; obs = ctx->obuf_size; - } else { /* if (*ip == 1) */ + } else { /* if (*ip == 1) */ ibs = ctx->ibuf_size; obs = (int)num; @@ -367,7 +367,7 @@ BIO_clear_retry_flags(b); if (ctx->obuf_len > 0) { r = BIO_write(b->next_bio, - &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); + &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); BIO_copy_next_retry(b); if (r <= 0) return (long)r; @@ -383,8 +383,7 @@ break; case BIO_CTRL_DUP: dbio = (BIO *)ptr; - if (BIO_set_read_buffer_size(dbio, ctx->ibuf_size) <= 0 || - BIO_set_write_buffer_size(dbio, ctx->obuf_size) <= 0) + if (BIO_set_read_buffer_size(dbio, ctx->ibuf_size) <= 0 || BIO_set_write_buffer_size(dbio, ctx->obuf_size) <= 0) ret = 0; break; case BIO_CTRL_PEEK: @@ -405,7 +404,7 @@ break; } return ret; - malloc_error: +malloc_error: ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); return 0; } @@ -424,7 +423,7 @@ char *p; ctx = (BIO_F_BUFFER_CTX *)b->ptr; - size--; /* reserve space for a '\0' */ + size--; /* reserve space for a '\0' */ BIO_clear_retry_flags(b); for (;;) { @@ -447,7 +446,7 @@ *buf = '\0'; return num; } - } else { /* read another chunk */ + } else { /* read another chunk */ i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); if (i <= 0) { --- crypto/openssl/crypto/bio/bf_lbuf.c.orig +++ crypto/openssl/crypto/bio/bf_lbuf.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); /* A 10k maximum should be enough for most purposes */ -#define DEFAULT_LINEBUFFER_SIZE 1024*10 +#define DEFAULT_LINEBUFFER_SIZE 1024 * 10 /* #define DEBUG */ @@ -48,9 +48,9 @@ } typedef struct bio_linebuffer_ctx_struct { - char *obuf; /* the output char array */ - int obuf_size; /* how big is the output buffer */ - int obuf_len; /* how many bytes are in it */ + char *obuf; /* the output char array */ + int obuf_size; /* how big is the output buffer */ + int obuf_len; /* how many bytes are in it */ } BIO_LINEBUFFER_CTX; static int linebuffer_new(BIO *bi) @@ -122,7 +122,8 @@ const char *p; char c; - for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) ; + for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) + ; if (c == '\n') { p++; foundnl = 1; @@ -134,7 +135,7 @@ * concatenate them and write */ while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len) - && ctx->obuf_len > 0) { + && ctx->obuf_len > 0) { int orig_olen = ctx->obuf_len; i = ctx->obuf_size - ctx->obuf_len; @@ -185,8 +186,7 @@ in += i; inl -= i; } - } - while (foundnl && inl > 0); + } while (foundnl && inl > 0); /* * We've written as much as we can. The rest of the input buffer, if * any, is text that doesn't end with a NL and therefore we need to try @@ -314,7 +314,7 @@ break; } return ret; - malloc_error: +malloc_error: ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); return 0; } --- crypto/openssl/crypto/bio/bf_prefix.c.orig +++ crypto/openssl/crypto/bio/bf_prefix.c @@ -13,7 +13,7 @@ #include "bio_local.h" static int prefix_write(BIO *b, const char *out, size_t outl, - size_t *numwritten); + size_t *numwritten); static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread); static int prefix_puts(BIO *b, const char *str); static int prefix_gets(BIO *b, char *str, int size); @@ -43,10 +43,10 @@ } typedef struct prefix_ctx_st { - char *prefix; /* Text prefix, given by user */ - unsigned int indent; /* Indentation amount, given by user */ + char *prefix; /* Text prefix, given by user */ + unsigned int indent; /* Indentation amount, given by user */ - int linestart; /* flag to indicate we're at the line start */ + int linestart; /* flag to indicate we're at the line start */ } PREFIX_CTX; static int prefix_create(BIO *b) @@ -79,7 +79,7 @@ } static int prefix_write(BIO *b, const char *out, size_t outl, - size_t *numwritten) + size_t *numwritten) { PREFIX_CTX *ctx = BIO_get_data(b); @@ -97,7 +97,7 @@ * prepared to handle prefix and indentation the next time around. */ if (outl > 0) - ctx->linestart = (out[outl-1] == '\n'); + ctx->linestart = (out[outl - 1] == '\n'); return BIO_write_ex(BIO_next(b), out, outl, numwritten); } @@ -116,7 +116,7 @@ if (ctx->prefix != NULL && !BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix), - &dontcare)) + &dontcare)) return 0; BIO_printf(BIO_next(b), "%*s", ctx->indent, ""); ctx->linestart = 0; --- crypto/openssl/crypto/bio/bf_readbuff.c.orig +++ crypto/openssl/crypto/bio/bf_readbuff.c @@ -19,7 +19,7 @@ #include "bio_local.h" #include "internal/cryptlib.h" -#define DEFAULT_BUFFER_SIZE 4096 +#define DEFAULT_BUFFER_SIZE 4096 static int readbuffer_write(BIO *h, const char *buf, int num); static int readbuffer_read(BIO *h, char *buf, int size); @@ -236,8 +236,8 @@ p = ctx->ibuf + ctx->ibuf_off; found_newline = 0; for (num_chars = 0; - (num_chars < ctx->ibuf_len) && (num_chars < size); - num_chars++) { + (num_chars < ctx->ibuf_len) && (num_chars < size); + num_chars++) { *buf++ = p[num_chars]; if (p[num_chars] == '\n') { found_newline = 1; @@ -259,33 +259,33 @@ * next bio. */ - /* Resize if we have to */ - if (!readbuffer_resize(ctx, 1 + size)) - return 0; - /* - * Read more data from the next bio using BIO_read_ex: - * Note we cannot use BIO_gets() here as it does not work on a - * binary stream that contains 0x00. (Since strlen() will stop at - * any 0x00 not at the last read '\n' in a FILE bio). - * Also note that some applications open and close the file bio - * multiple times and need to read the next available block when using - * stdin - so we need to READ one byte at a time! - */ - p = ctx->ibuf + ctx->ibuf_off; - for (i = 0; i < size; ++i) { - j = BIO_read(b->next_bio, p, 1); - if (j <= 0) { - BIO_copy_next_retry(b); - *buf = '\0'; - return num > 0 ? num : j; - } - *buf++ = *p; - num++; - ctx->ibuf_off++; - if (*p == '\n') - break; - ++p; - } - *buf = '\0'; - return num; + /* Resize if we have to */ + if (!readbuffer_resize(ctx, 1 + size)) + return 0; + /* + * Read more data from the next bio using BIO_read_ex: + * Note we cannot use BIO_gets() here as it does not work on a + * binary stream that contains 0x00. (Since strlen() will stop at + * any 0x00 not at the last read '\n' in a FILE bio). + * Also note that some applications open and close the file bio + * multiple times and need to read the next available block when using + * stdin - so we need to READ one byte at a time! + */ + p = ctx->ibuf + ctx->ibuf_off; + for (i = 0; i < size; ++i) { + j = BIO_read(b->next_bio, p, 1); + if (j <= 0) { + BIO_copy_next_retry(b); + *buf = '\0'; + return num > 0 ? num : j; + } + *buf++ = *p; + num++; + ctx->ibuf_off++; + if (*p == '\n') + break; + ++p; + } + *buf = '\0'; + return num; } --- crypto/openssl/crypto/bio/bio_addr.c.orig +++ crypto/openssl/crypto/bio/bio_addr.c @@ -8,7 +8,7 @@ */ #ifndef _GNU_SOURCE -# define _GNU_SOURCE +#define _GNU_SOURCE #endif /* @@ -100,8 +100,8 @@ } int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, - const void *where, size_t wherelen, - unsigned short port) + const void *where, size_t wherelen, + unsigned short port) { #ifdef AF_UNIX if (family == AF_UNIX) { @@ -201,7 +201,7 @@ * stack, and 1 on success. */ static int addr_strings(const BIO_ADDR *ap, int numeric, - char **hostname, char **service) + char **hostname, char **service) { if (BIO_sock_init() != 1) return 0; @@ -216,15 +216,16 @@ flags |= NI_NUMERICHOST | NI_NUMERICSERV; if ((ret = getnameinfo(BIO_ADDR_sockaddr(ap), - BIO_ADDR_sockaddr_size(ap), - host, sizeof(host), serv, sizeof(serv), - flags)) != 0) { -# ifdef EAI_SYSTEM + BIO_ADDR_sockaddr_size(ap), + host, sizeof(host), serv, sizeof(serv), + flags)) + != 0) { +#ifdef EAI_SYSTEM if (ret == EAI_SYSTEM) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getnameinfo()"); + "calling getnameinfo()"); } else -# endif +#endif { ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, gai_strerror(ret)); } @@ -239,7 +240,7 @@ */ if (serv[0] == '\0') { BIO_snprintf(serv, sizeof(serv), "%d", - ntohs(BIO_ADDR_rawport(ap))); + ntohs(BIO_ADDR_rawport(ap))); } if (hostname != NULL) @@ -251,14 +252,14 @@ if (hostname != NULL) *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr)); if (service != NULL) { - char serv[6]; /* port is 16 bits => max 5 decimal digits */ + char serv[6]; /* port is 16 bits => max 5 decimal digits */ BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port)); *service = OPENSSL_strdup(serv); } } if ((hostname != NULL && *hostname == NULL) - || (service != NULL && *service == NULL)) { + || (service != NULL && *service == NULL)) { if (hostname != NULL) { OPENSSL_free(*hostname); *hostname = NULL; @@ -430,11 +431,11 @@ return; #ifdef AI_PASSIVE -# ifdef AF_UNIX -# define _cond bai->bai_family != AF_UNIX -# else -# define _cond 1 -# endif +#ifdef AF_UNIX +#define _cond bai->bai_family != AF_UNIX +#else +#define _cond 1 +#endif if (_cond) { freeaddrinfo(bai); return; @@ -478,10 +479,12 @@ * */ int BIO_parse_hostserv(const char *hostserv, char **host, char **service, - enum BIO_hostserv_priorities hostserv_prio) + enum BIO_hostserv_priorities hostserv_prio) { - const char *h = NULL; size_t hl = 0; - const char *p = NULL; size_t pl = 0; + const char *h = NULL; + size_t hl = 0; + const char *p = NULL; + size_t pl = 0; if (*hostserv == '[') { if ((p = strchr(hostserv, ']')) == NULL) @@ -558,13 +561,13 @@ } return 1; - amb_err: +amb_err: ERR_raise(ERR_LIB_BIO, BIO_R_AMBIGUOUS_HOST_OR_SERVICE); return 0; - spec_err: +spec_err: ERR_raise(ERR_LIB_BIO, BIO_R_MALFORMED_HOST_OR_SERVICE); return 0; - memerr: +memerr: ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); return 0; } @@ -579,9 +582,9 @@ * only happens if a memory allocation error occurred. */ static int addrinfo_wrap(int family, int socktype, - const void *where, size_t wherelen, - unsigned short port, - BIO_ADDRINFO **bai) + const void *where, size_t wherelen, + unsigned short port, + BIO_ADDRINFO **bai) { if ((*bai = OPENSSL_zalloc(sizeof(**bai))) == NULL) { ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); @@ -626,8 +629,8 @@ } int BIO_lookup(const char *host, const char *service, - enum BIO_lookup_type lookup_type, - int family, int socktype, BIO_ADDRINFO **res) + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res) { return BIO_lookup_ex(host, service, lookup_type, family, socktype, 0, res); } @@ -655,11 +658,11 @@ * The return value is 1 on success or 0 in case of error. */ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, - int family, int socktype, int protocol, BIO_ADDRINFO **res) + int family, int socktype, int protocol, BIO_ADDRINFO **res) { - int ret = 0; /* Assume failure */ + int ret = 0; /* Assume failure */ - switch(family) { + switch (family) { case AF_INET: #ifdef AF_INET6 case AF_INET6: @@ -699,12 +702,12 @@ hints.ai_family = family; hints.ai_socktype = socktype; hints.ai_protocol = protocol; -# ifdef AI_ADDRCONFIG -# ifdef AF_UNSPEC +#ifdef AI_ADDRCONFIG +#ifdef AF_UNSPEC if (host != NULL && family == AF_UNSPEC) -# endif +#endif hints.ai_flags |= AI_ADDRCONFIG; -# endif +#endif if (lookup_type == BIO_LOOKUP_SERVER) hints.ai_flags |= AI_PASSIVE; @@ -712,36 +715,36 @@ /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to * macro magic in bio_local.h */ -# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) - retry: -# endif +#if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) + retry: +#endif switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { -# ifdef EAI_SYSTEM +#ifdef EAI_SYSTEM case EAI_SYSTEM: ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getaddrinfo()"); + "calling getaddrinfo()"); ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); break; -# endif -# ifdef EAI_MEMORY +#endif +#ifdef EAI_MEMORY case EAI_MEMORY: ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); break; -# endif +#endif case 0: - ret = 1; /* Success */ + ret = 1; /* Success */ break; default: -# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) +#if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) if (hints.ai_flags & AI_ADDRCONFIG) { hints.ai_flags &= ~AI_ADDRCONFIG; hints.ai_flags |= AI_NUMERICHOST; old_ret = gai_ret; goto retry; } -# endif +#endif ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, - gai_strerror(old_ret ? old_ret : gai_ret)); + gai_strerror(old_ret ? old_ret : gai_ret)); break; } } else { @@ -753,24 +756,21 @@ * '&he_fallback_addresses' are 32-bit pointers */ #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size save -# pragma pointer_size 32 +#pragma pointer_size save +#pragma pointer_size 32 #endif /* Windows doesn't seem to have in_addr_t */ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) static uint32_t he_fallback_address; - static const char *he_fallback_addresses[] = - { (char *)&he_fallback_address, NULL }; + static const char *he_fallback_addresses[] = { (char *)&he_fallback_address, NULL }; #else static in_addr_t he_fallback_address; - static const char *he_fallback_addresses[] = - { (char *)&he_fallback_address, NULL }; + static const char *he_fallback_addresses[] = { (char *)&he_fallback_address, NULL }; #endif - static const struct hostent he_fallback = - { NULL, NULL, AF_INET, sizeof(he_fallback_address), - (char **)&he_fallback_addresses }; + static const struct hostent he_fallback = { NULL, NULL, AF_INET, sizeof(he_fallback_address), + (char **)&he_fallback_addresses }; #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size restore +#pragma pointer_size restore #endif struct servent *se; @@ -788,11 +788,11 @@ if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) return 0; - + he_fallback_address = INADDR_ANY; if (host == NULL) { he = &he_fallback; - switch(lookup_type) { + switch (lookup_type) { case BIO_LOOKUP_CLIENT: he_fallback_address = INADDR_LOOPBACK; break; @@ -822,17 +822,17 @@ * anyway [above getaddrinfo/gai_strerror is]. We just let * system administrator figure this out... */ -# if defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) /* h_errno doesn't exist on VxWorks */ ERR_raise_data(ERR_LIB_SYS, 1000, - "calling gethostbyname()"); -# else + "calling gethostbyname()"); +#else ERR_raise_data(ERR_LIB_SYS, 1000 + h_errno, - "calling gethostbyname()"); -# endif + "calling gethostbyname()"); +#endif #else ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling gethostbyname()"); + "calling gethostbyname()"); #endif ret = 0; goto err; @@ -852,12 +852,12 @@ * VMS C, we need to make sure that 'proto' is a 32-bit pointer. */ #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size save -# pragma pointer_size 32 +#pragma pointer_size save +#pragma pointer_size 32 #endif char *proto = NULL; #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size restore +#pragma pointer_size restore #endif switch (socktype) { @@ -870,7 +870,7 @@ } if (endp != service && *endp == '\0' - && portnum > 0 && portnum < 65536) { + && portnum > 0 && portnum < 65536) { se_fallback.s_port = htons((unsigned short)portnum); se_fallback.s_proto = proto; se = &se_fallback; @@ -879,7 +879,7 @@ if (se == NULL) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getservbyname()"); + "calling getservbyname()"); goto err; } } else { @@ -897,32 +897,32 @@ * the pointer size dance. */ #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size save -# pragma pointer_size 32 +#pragma pointer_size save +#pragma pointer_size 32 #endif char **addrlistp; #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size restore +#pragma pointer_size restore #endif size_t addresses; BIO_ADDRINFO *tmp_bai = NULL; /* The easiest way to create a linked list from an array is to start from the back */ - for(addrlistp = he->h_addr_list; *addrlistp != NULL; + for (addrlistp = he->h_addr_list; *addrlistp != NULL; addrlistp++) ; - for(addresses = addrlistp - he->h_addr_list; - addrlistp--, addresses-- > 0; ) { + for (addresses = addrlistp - he->h_addr_list; + addrlistp--, addresses-- > 0;) { if (!addrinfo_wrap(he->h_addrtype, socktype, - *addrlistp, he->h_length, - se->s_port, &tmp_bai)) + *addrlistp, he->h_length, + se->s_port, &tmp_bai)) goto addrinfo_malloc_err; tmp_bai->bai_next = *res; *res = tmp_bai; continue; - addrinfo_malloc_err: + addrinfo_malloc_err: BIO_ADDRINFO_free(*res); *res = NULL; ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); @@ -932,7 +932,7 @@ ret = 1; } - err: + err: CRYPTO_THREAD_unlock(bio_lookup_lock); } --- crypto/openssl/crypto/bio/bio_cb.c.orig +++ crypto/openssl/crypto/bio/bio_cb.c @@ -17,7 +17,7 @@ #include long BIO_debug_callback_ex(BIO *bio, int cmd, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed) + int argi, long argl, int ret, size_t *processed) { BIO *b; char buf[256]; @@ -43,31 +43,31 @@ case BIO_CB_READ: if (bio->method->type & BIO_TYPE_DESCRIPTOR) BIO_snprintf(p, left, "read(%d,%zu) - %s fd=%d\n", - bio->num, len, - bio->method->name, bio->num); + bio->num, len, + bio->method->name, bio->num); else BIO_snprintf(p, left, "read(%d,%zu) - %s\n", - bio->num, len, bio->method->name); + bio->num, len, bio->method->name); break; case BIO_CB_WRITE: if (bio->method->type & BIO_TYPE_DESCRIPTOR) BIO_snprintf(p, left, "write(%d,%zu) - %s fd=%d\n", - bio->num, len, - bio->method->name, bio->num); + bio->num, len, + bio->method->name, bio->num); else BIO_snprintf(p, left, "write(%d,%zu) - %s\n", - bio->num, len, bio->method->name); + bio->num, len, bio->method->name); break; case BIO_CB_PUTS: BIO_snprintf(p, left, "puts() - %s\n", bio->method->name); break; case BIO_CB_GETS: BIO_snprintf(p, left, "gets(%zu) - %s\n", len, - bio->method->name); + bio->method->name); break; case BIO_CB_CTRL: BIO_snprintf(p, left, "ctrl(%d) - %s\n", argi, - bio->method->name); + bio->method->name); break; case BIO_CB_RETURN | BIO_CB_READ: BIO_snprintf(p, left, "read return %d processed: %zu\n", ret, l); @@ -101,14 +101,14 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 long BIO_debug_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret) + int argi, long argl, long ret) { size_t processed = 0; if (ret > 0) processed = (size_t)ret; BIO_debug_callback_ex(bio, cmd, argp, (size_t)argi, - argi, argl, ret > 0 ? 1 : (int)ret, &processed); + argi, argl, ret > 0 ? 1 : (int)ret, &processed); return ret; } #endif --- crypto/openssl/crypto/bio/bio_dump.c.orig +++ crypto/openssl/crypto/bio/bio_dump.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,19 +14,19 @@ #include #include "bio_local.h" -#define DUMP_WIDTH 16 +#define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4)) -#define SPACE(buf, pos, n) (sizeof(buf) - (pos) > (n)) +#define SPACE(buf, pos, n) (sizeof(buf) - (pos) > (n)) -int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const void *s, int len) +int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const void *s, int len) { return BIO_dump_indent_cb(cb, u, s, len, 0); } -int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const void *v, int len, int indent) +int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const void *v, int len, int indent) { const unsigned char *s = v; int res, ret = 0; @@ -46,7 +46,9 @@ rows++; for (i = 0; i < rows; i++) { n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "", - i * dump_width); + i * dump_width); + if (n < 0) + return -1; for (j = 0; j < dump_width; j++) { if (SPACE(buf, n, 3)) { if (((i * dump_width) + j) >= len) { @@ -54,7 +56,7 @@ } else { ch = *(s + i * dump_width + j) & 0xff; BIO_snprintf(buf + n, 4, "%02x%c", ch, - j == 7 ? '-' : ' '); + j == 7 ? '-' : ' '); } n += 3; } @@ -72,8 +74,8 @@ buf[n++] = ((ch >= ' ') && (ch <= '~')) ? ch : '.'; #else buf[n++] = ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) - ? os_toebcdic[ch] - : '.'; + ? os_toebcdic[ch] + : '.'; #endif buf[n] = '\0'; } @@ -127,7 +129,7 @@ } int BIO_hex_string(BIO *out, int indent, int width, const void *data, - int datalen) + int datalen) { const unsigned char *d = data; int i, j = 0; --- crypto/openssl/crypto/bio/bio_err.c.orig +++ crypto/openssl/crypto/bio/bio_err.c @@ -15,63 +15,63 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA BIO_str_reasons[] = { - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET), - "addrinfo addr is not af inet"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_AMBIGUOUS_HOST_OR_SERVICE), - "ambiguous host or service"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "bad fopen mode"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "broken pipe"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "connect error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_TIMEOUT), "connect timeout"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), - "gethostbyname addr is not af inet"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_ERROR), "getsockname error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS), - "getsockname truncated address"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETTING_SOCKTYPE), "getting socktype"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "invalid argument"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_SOCKET), "invalid socket"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "in use"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LENGTH_TOO_LONG), "length too long"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LISTEN_V6_ONLY), "listen v6 only"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LOOKUP_RETURNED_NOTHING), - "lookup returned nothing"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_MALFORMED_HOST_OR_SERVICE), - "malformed host or service"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED), - "no accept addr or service specified"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED), - "no hostname or service specified"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TRANSFER_ERROR), "transfer error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TRANSFER_TIMEOUT), "transfer timeout"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_BIND_SOCKET), - "unable to bind socket"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET), - "unable to create socket"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_KEEPALIVE), - "unable to keepalive"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_LISTEN_SOCKET), - "unable to listen socket"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_REUSEADDR), - "unable to reuseaddr"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNAVAILABLE_IP_FAMILY), - "unavailable ip family"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "uninitialized"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_IP_FAMILY), - "unsupported ip family"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "unsupported method"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY), - "unsupported protocol family"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO), - "write to read only BIO"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WSASTARTUP), "WSAStartup"}, - {0, NULL} + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET), + "addrinfo addr is not af inet" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_AMBIGUOUS_HOST_OR_SERVICE), + "ambiguous host or service" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "bad fopen mode" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "broken pipe" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "connect error" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_TIMEOUT), "connect timeout" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), + "gethostbyname addr is not af inet" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_ERROR), "getsockname error" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS), + "getsockname truncated address" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETTING_SOCKTYPE), "getting socktype" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "invalid argument" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_SOCKET), "invalid socket" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "in use" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LENGTH_TOO_LONG), "length too long" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LISTEN_V6_ONLY), "listen v6 only" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LOOKUP_RETURNED_NOTHING), + "lookup returned nothing" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_MALFORMED_HOST_OR_SERVICE), + "malformed host or service" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "nbio connect error" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED), + "no accept addr or service specified" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED), + "no hostname or service specified" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TRANSFER_ERROR), "transfer error" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TRANSFER_TIMEOUT), "transfer timeout" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_BIND_SOCKET), + "unable to bind socket" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET), + "unable to create socket" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_KEEPALIVE), + "unable to keepalive" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_LISTEN_SOCKET), + "unable to listen socket" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_NODELAY), "unable to nodelay" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_REUSEADDR), + "unable to reuseaddr" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNAVAILABLE_IP_FAMILY), + "unavailable ip family" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "uninitialized" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNKNOWN_INFO_TYPE), "unknown info type" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_IP_FAMILY), + "unsupported ip family" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "unsupported method" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY), + "unsupported protocol family" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO), + "write to read only BIO" }, + { ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WSASTARTUP), "WSAStartup" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/bio/bio_lib.c.orig +++ crypto/openssl/crypto/bio/bio_lib.c @@ -20,12 +20,12 @@ * len parameter or not */ #define HAS_LEN_OPER(o) ((o) == BIO_CB_READ || (o) == BIO_CB_WRITE \ - || (o) == BIO_CB_GETS) + || (o) == BIO_CB_GETS) #ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HAS_CALLBACK(b) ((b)->callback != NULL || (b)->callback_ex != NULL) +#define HAS_CALLBACK(b) ((b)->callback != NULL || (b)->callback_ex != NULL) #else -# define HAS_CALLBACK(b) ((b)->callback_ex != NULL) +#define HAS_CALLBACK(b) ((b)->callback_ex != NULL) #endif /* * Helper function to work out whether to call the new style callback or the old @@ -35,8 +35,8 @@ * for the "long" used for "inret" */ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len, - int argi, long argl, long inret, - size_t *processed) + int argi, long argl, long inret, + size_t *processed) { long ret = inret; #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -279,9 +279,7 @@ return -2; } - if (HAS_CALLBACK(b) && - ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, - NULL)) <= 0)) + if (HAS_CALLBACK(b) && ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL)) <= 0)) return ret; if (!b->init) { @@ -296,7 +294,7 @@ if (HAS_CALLBACK(b)) ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data, - dlen, 0, 0L, ret, readbytes); + dlen, 0, 0L, ret, readbytes); /* Shouldn't happen */ if (ret > 0 && *readbytes > dlen) { @@ -331,7 +329,7 @@ } static int bio_write_intern(BIO *b, const void *data, size_t dlen, - size_t *written) + size_t *written) { size_t local_written; int ret; @@ -350,9 +348,7 @@ return -2; } - if (HAS_CALLBACK(b) && - ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, - NULL)) <= 0)) + if (HAS_CALLBACK(b) && ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL)) <= 0)) return ret; if (!b->init) { @@ -367,7 +363,7 @@ if (HAS_CALLBACK(b)) ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data, - dlen, 0, 0L, ret, &local_written); + dlen, 0, 0L, ret, &local_written); if (written != NULL) *written = local_written; @@ -433,7 +429,7 @@ if (HAS_CALLBACK(b)) ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, - 0L, ret, &written); + 0L, ret, &written); if (ret > 0) { if (written > INT_MAX) { @@ -486,7 +482,7 @@ if (HAS_CALLBACK(b)) ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, - 0, 0L, ret, &readbytes); + 0, 0L, ret, &readbytes); if (ret > 0) { /* Shouldn't happen */ @@ -581,7 +577,7 @@ if (HAS_CALLBACK(b)) ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, - larg, ret, NULL); + larg, ret, NULL); return ret; } @@ -593,14 +589,14 @@ if (b == NULL) return -2; if (b->method == NULL || b->method->callback_ctrl == NULL - || cmd != BIO_CTRL_SET_CALLBACK) { + || cmd != BIO_CTRL_SET_CALLBACK) { ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); return -2; } if (HAS_CALLBACK(b)) { ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, cmd, 0, 1L, - NULL); + NULL); if (ret <= 0) return ret; } @@ -609,7 +605,7 @@ if (HAS_CALLBACK(b)) ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, 0, - cmd, 0, ret, NULL); + cmd, 0, ret, NULL); return ret; } @@ -791,7 +787,7 @@ /* copy app data */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, - &bio->ex_data)) { + &bio->ex_data)) { BIO_free(new_bio); goto err; } @@ -805,7 +801,7 @@ } } return ret; - err: +err: BIO_free_all(ret); return NULL; @@ -908,7 +904,7 @@ if (rv <= 0) ERR_raise(ERR_LIB_BIO, - rv == 0 ? BIO_R_TRANSFER_TIMEOUT : BIO_R_TRANSFER_ERROR); + rv == 0 ? BIO_R_TRANSFER_TIMEOUT : BIO_R_TRANSFER_ERROR); return rv; } @@ -935,7 +931,7 @@ nap_milliseconds = 100; BIO_set_nbio(bio, !blocking); - retry: +retry: ERR_set_mark(); rv = BIO_do_connect(bio); @@ -970,7 +966,7 @@ if (rv > 0) goto retry; ERR_raise(ERR_LIB_BIO, - rv == 0 ? BIO_R_CONNECT_TIMEOUT : BIO_R_CONNECT_ERROR); + rv == 0 ? BIO_R_CONNECT_TIMEOUT : BIO_R_CONNECT_ERROR); } else { ERR_clear_last_mark(); rv = -1; --- crypto/openssl/crypto/bio/bio_local.h.orig +++ crypto/openssl/crypto/bio/bio_local.h @@ -26,21 +26,21 @@ * For clarity, we check for internal/cryptlib.h since it's a common header * that also includes bio.h. */ -# ifdef OSSL_INTERNAL_CRYPTLIB_H -# error internal/cryptlib.h included before bio_local.h -# endif -# ifdef OPENSSL_BIO_H -# error openssl/bio.h included before bio_local.h -# endif +#ifdef OSSL_INTERNAL_CRYPTLIB_H +#error internal/cryptlib.h included before bio_local.h +#endif +#ifdef OPENSSL_BIO_H +#error openssl/bio.h included before bio_local.h +#endif /* * Undefine AF_UNIX on systems that define it but don't support it. */ -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) -# undef AF_UNIX -# endif +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) +#undef AF_UNIX +#endif -# ifdef AI_PASSIVE +#ifdef AI_PASSIVE /* * There's a bug in VMS C header file netdb.h, where struct addrinfo @@ -49,18 +49,18 @@ * size. The easiest workaround is to force struct addrinfo to be the * 64-bit variant when compiling in P64 mode. */ -# if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64 -# define addrinfo __addrinfo64 -# endif - -# define bio_addrinfo_st addrinfo -# define bai_family ai_family -# define bai_socktype ai_socktype -# define bai_protocol ai_protocol -# define bai_addrlen ai_addrlen -# define bai_addr ai_addr -# define bai_next ai_next -# else +#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64 +#define addrinfo __addrinfo64 +#endif + +#define bio_addrinfo_st addrinfo +#define bai_family ai_family +#define bai_socktype ai_socktype +#define bai_protocol ai_protocol +#define bai_addrlen ai_addrlen +#define bai_addr ai_addr +#define bai_next ai_next +#else struct bio_addrinfo_st { int bai_family; int bai_socktype; @@ -69,17 +69,17 @@ struct sockaddr *bai_addr; struct bio_addrinfo_st *bai_next; }; -# endif +#endif union bio_addr_st { struct sockaddr sa; -# ifdef AF_INET6 +#ifdef AF_INET6 struct sockaddr_in6 s_in6; -# endif +#endif struct sockaddr_in s_in; -# ifdef AF_UNIX +#ifdef AF_UNIX struct sockaddr_un s_un; -# endif +#endif }; #endif @@ -99,17 +99,17 @@ * +---------------------------------------------------+ * <-- off --><------- len -------> */ - /*- BIO *bio; *//* - * this is now in the BIO struct - */ - int ibuf_size; /* how big is the input buffer */ - int obuf_size; /* how big is the output buffer */ - char *ibuf; /* the char array */ - int ibuf_len; /* how many bytes are in it */ - int ibuf_off; /* write/read offset */ - char *obuf; /* the char array */ - int obuf_len; /* how many bytes are in it */ - int obuf_off; /* write/read offset */ + /*- BIO *bio; */ /* + * this is now in the BIO struct + */ + int ibuf_size; /* how big is the input buffer */ + int obuf_size; /* how big is the output buffer */ + char *ibuf; /* the char array */ + int ibuf_len; /* how many bytes are in it */ + int ibuf_off; /* write/read offset */ + char *obuf; /* the char array */ + int obuf_len; /* how many bytes are in it */ + int obuf_off; /* write/read offset */ } BIO_F_BUFFER_CTX; struct bio_st { @@ -120,15 +120,15 @@ BIO_callback_fn callback; #endif BIO_callback_fn_ex callback_ex; - char *cb_arg; /* first argument for the callback */ + char *cb_arg; /* first argument for the callback */ int init; int shutdown; - int flags; /* extra storage */ + int flags; /* extra storage */ int retry_reason; int num; void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ + struct bio_st *next_bio; /* used by filter BIOs */ + struct bio_st *prev_bio; /* used by filter BIOs */ CRYPTO_REF_COUNT references; uint64_t num_read; uint64_t num_write; @@ -137,9 +137,9 @@ }; #ifndef OPENSSL_NO_SOCK -# ifdef OPENSSL_SYS_VMS +#ifdef OPENSSL_SYS_VMS typedef unsigned int socklen_t; -# endif +#endif extern CRYPTO_RWLOCK *bio_lookup_lock; @@ -155,39 +155,38 @@ void bio_sock_cleanup_int(void); -#if BIO_FLAGS_UPLINK_INTERNAL==0 +#if BIO_FLAGS_UPLINK_INTERNAL == 0 /* Shortcut UPLINK calls on most platforms... */ -# define UP_stdin stdin -# define UP_stdout stdout -# define UP_stderr stderr -# define UP_fprintf fprintf -# define UP_fgets fgets -# define UP_fread fread -# define UP_fwrite fwrite -# undef UP_fsetmod -# define UP_feof feof -# define UP_fclose fclose - -# define UP_fopen fopen -# define UP_fseek fseek -# define UP_ftell ftell -# define UP_fflush fflush -# define UP_ferror ferror -# ifdef _WIN32 -# define UP_fileno _fileno -# define UP_open _open -# define UP_read _read -# define UP_write _write -# define UP_lseek _lseek -# define UP_close _close -# else -# define UP_fileno fileno -# define UP_open open -# define UP_read read -# define UP_write write -# define UP_lseek lseek -# define UP_close close -# endif - +#define UP_stdin stdin +#define UP_stdout stdout +#define UP_stderr stderr +#define UP_fprintf fprintf +#define UP_fgets fgets +#define UP_fread fread +#define UP_fwrite fwrite +#undef UP_fsetmod +#define UP_feof feof +#define UP_fclose fclose + +#define UP_fopen fopen +#define UP_fseek fseek +#define UP_ftell ftell +#define UP_fflush fflush +#define UP_ferror ferror +#ifdef _WIN32 +#define UP_fileno _fileno +#define UP_open _open +#define UP_read _read +#define UP_write _write +#define UP_lseek _lseek +#define UP_close _close +#else +#define UP_fileno fileno +#define UP_open open +#define UP_read read +#define UP_write write +#define UP_lseek lseek +#define UP_close close #endif +#endif --- crypto/openssl/crypto/bio/bio_meth.c.orig +++ crypto/openssl/crypto/bio/bio_meth.c @@ -38,7 +38,7 @@ BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD)); if (biom == NULL - || (biom->name = OPENSSL_strdup(name)) == NULL) { + || (biom->name = OPENSSL_strdup(name)) == NULL) { OPENSSL_free(biom); ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); return NULL; @@ -55,13 +55,13 @@ } } -int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int) +int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int) { return biom->bwrite_old; } -int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, - size_t *) +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, + size_t *) { return biom->bwrite; } @@ -87,7 +87,7 @@ } int BIO_meth_set_write(BIO_METHOD *biom, - int (*bwrite) (BIO *, const char *, int)) + int (*bwrite)(BIO *, const char *, int)) { biom->bwrite_old = bwrite; biom->bwrite = bwrite_conv; @@ -95,19 +95,19 @@ } int BIO_meth_set_write_ex(BIO_METHOD *biom, - int (*bwrite) (BIO *, const char *, size_t, size_t *)) + int (*bwrite)(BIO *, const char *, size_t, size_t *)) { biom->bwrite_old = NULL; biom->bwrite = bwrite; return 1; } -int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int) +int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int) { return biom->bread_old; } -int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *) +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *) { return biom->bread; } @@ -133,7 +133,7 @@ } int BIO_meth_set_read(BIO_METHOD *biom, - int (*bread) (BIO *, char *, int)) + int (*bread)(BIO *, char *, int)) { biom->bread_old = bread; biom->bread = bread_conv; @@ -141,79 +141,79 @@ } int BIO_meth_set_read_ex(BIO_METHOD *biom, - int (*bread) (BIO *, char *, size_t, size_t *)) + int (*bread)(BIO *, char *, size_t, size_t *)) { biom->bread_old = NULL; biom->bread = bread; return 1; } -int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *) +int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *) { return biom->bputs; } int BIO_meth_set_puts(BIO_METHOD *biom, - int (*bputs) (BIO *, const char *)) + int (*bputs)(BIO *, const char *)) { biom->bputs = bputs; return 1; } -int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int) +int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int) { return biom->bgets; } int BIO_meth_set_gets(BIO_METHOD *biom, - int (*bgets) (BIO *, char *, int)) + int (*bgets)(BIO *, char *, int)) { biom->bgets = bgets; return 1; } -long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *) +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *) { return biom->ctrl; } int BIO_meth_set_ctrl(BIO_METHOD *biom, - long (*ctrl) (BIO *, int, long, void *)) + long (*ctrl)(BIO *, int, long, void *)) { biom->ctrl = ctrl; return 1; } -int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *) +int (*BIO_meth_get_create(const BIO_METHOD *biom))(BIO *) { return biom->create; } -int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) +int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)) { biom->create = create; return 1; } -int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *) +int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *) { return biom->destroy; } -int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)) { biom->destroy = destroy; return 1; } -long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *) +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *) { return biom->callback_ctrl; } int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, - long (*callback_ctrl) (BIO *, int, - BIO_info_cb *)) + long (*callback_ctrl)(BIO *, int, + BIO_info_cb *)) { biom->callback_ctrl = callback_ctrl; return 1; --- crypto/openssl/crypto/bio/bio_print.c.orig +++ crypto/openssl/crypto/bio/bio_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,71 +23,71 @@ */ #ifdef HAVE_LONG_DOUBLE -# define LDOUBLE long double +#define LDOUBLE long double #else -# define LDOUBLE double +#define LDOUBLE double #endif static int fmtstr(char **, char **, size_t *, size_t *, - const char *, int, int, int); + const char *, int, int, int); static int fmtint(char **, char **, size_t *, size_t *, - int64_t, int, int, int, int); + int64_t, int, int, int, int); #ifndef OPENSSL_SYS_UEFI static int fmtfp(char **, char **, size_t *, size_t *, - LDOUBLE, int, int, int, int); + LDOUBLE, int, int, int, int); #endif static int doapr_outch(char **, char **, size_t *, size_t *, int); static int _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); + size_t *maxlen, size_t *retlen, int *truncated, + const char *format, va_list args); /* format read states */ -#define DP_S_DEFAULT 0 -#define DP_S_FLAGS 1 -#define DP_S_MIN 2 -#define DP_S_DOT 3 -#define DP_S_MAX 4 -#define DP_S_MOD 5 -#define DP_S_CONV 6 -#define DP_S_DONE 7 +#define DP_S_DEFAULT 0 +#define DP_S_FLAGS 1 +#define DP_S_MIN 2 +#define DP_S_DOT 3 +#define DP_S_MAX 4 +#define DP_S_MOD 5 +#define DP_S_CONV 6 +#define DP_S_DONE 7 /* format flags - Bits */ /* left-aligned padding */ -#define DP_F_MINUS (1 << 0) +#define DP_F_MINUS (1 << 0) /* print an explicit '+' for a value with positive sign */ -#define DP_F_PLUS (1 << 1) +#define DP_F_PLUS (1 << 1) /* print an explicit ' ' for a value with positive sign */ -#define DP_F_SPACE (1 << 2) +#define DP_F_SPACE (1 << 2) /* print 0/0x prefix for octal/hex and decimal point for floating point */ -#define DP_F_NUM (1 << 3) +#define DP_F_NUM (1 << 3) /* print leading zeroes */ -#define DP_F_ZERO (1 << 4) -/* print HEX in UPPPERcase */ -#define DP_F_UP (1 << 5) +#define DP_F_ZERO (1 << 4) +/* print HEX in UPPERcase */ +#define DP_F_UP (1 << 5) /* treat value as unsigned */ -#define DP_F_UNSIGNED (1 << 6) +#define DP_F_UNSIGNED (1 << 6) /* conversion flags */ -#define DP_C_SHORT 1 -#define DP_C_LONG 2 -#define DP_C_LDOUBLE 3 -#define DP_C_LLONG 4 -#define DP_C_SIZE 5 +#define DP_C_SHORT 1 +#define DP_C_LONG 2 +#define DP_C_LDOUBLE 3 +#define DP_C_LLONG 4 +#define DP_C_SIZE 5 /* Floating point formats */ -#define F_FORMAT 0 -#define E_FORMAT 1 -#define G_FORMAT 2 +#define F_FORMAT 0 +#define E_FORMAT 1 +#define G_FORMAT 2 /* some handy macros */ #define char_to_int(p) (p - '0') -#define OSSL_MAX(p,q) ((p >= q) ? p : q) +#define OSSL_MAX(p, q) ((p >= q) ? p : q) static int _dopr(char **sbuffer, - char **buffer, - size_t *maxlen, - size_t *retlen, int *truncated, const char *format, va_list args) + char **buffer, + size_t *maxlen, + size_t *retlen, int *truncated, const char *format, va_list args) { char ch; int64_t value; @@ -115,9 +115,8 @@ case DP_S_DEFAULT: if (ch == '%') state = DP_S_FLAGS; - else - if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) - return 0; + else if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; ch = *format++; break; case DP_S_FLAGS: @@ -232,7 +231,7 @@ break; } if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, - max, flags)) + max, flags)) return 0; break; case 'X': @@ -260,8 +259,8 @@ break; } if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, - ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), - min, max, flags)) + ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), + min, max, flags)) return 0; break; #ifndef OPENSSL_SYS_UEFI @@ -271,7 +270,7 @@ else fvalue = va_arg(args, double); if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, - flags, F_FORMAT)) + flags, F_FORMAT)) return 0; break; case 'E': @@ -283,7 +282,7 @@ else fvalue = va_arg(args, double); if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, - flags, E_FORMAT)) + flags, E_FORMAT)) return 0; break; case 'G': @@ -295,7 +294,7 @@ else fvalue = va_arg(args, double); if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, - flags, G_FORMAT)) + flags, G_FORMAT)) return 0; break; #else @@ -310,7 +309,7 @@ #endif case 'c': if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int))) + va_arg(args, int))) return 0; break; case 's': @@ -322,22 +321,20 @@ max = *maxlen; } if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, - flags, min, max)) + flags, min, max)) return 0; break; case 'p': value = (size_t)va_arg(args, void *); if (!fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags | DP_F_NUM)) + value, 16, min, max, flags | DP_F_NUM)) return 0; break; - case 'n': - { - int *num; - num = va_arg(args, int *); - *num = currlen; - } - break; + case 'n': { + int *num; + num = va_arg(args, int *); + *num = currlen; + } break; case '%': if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) return 0; @@ -378,9 +375,9 @@ static int fmtstr(char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, const char *value, int flags, int min, int max) + char **buffer, + size_t *currlen, + size_t *maxlen, const char *value, int flags, int min, int max) { int padlen; size_t strln; @@ -430,9 +427,9 @@ static int fmtint(char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, int64_t value, int base, int min, int max, int flags) + char **buffer, + size_t *currlen, + size_t *maxlen, int64_t value, int base, int min, int max, int flags) { int signvalue = 0; const char *prefix = ""; @@ -473,8 +470,7 @@ convert[place] = 0; zpadlen = max - place; - spadlen = - min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); + spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) @@ -535,6 +531,10 @@ LDOUBLE result = value; if (value < 0) result = -value; + if (result > 0 && result / 2 == result) /* INF */ + result = 0; + else if (result != result) /* NAN */ + result = 0; return result; } @@ -560,9 +560,9 @@ static int fmtfp(char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style) + char **buffer, + size_t *currlen, + size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style) { int signvalue = 0; LDOUBLE ufvalue; @@ -590,6 +590,9 @@ signvalue = '+'; else if (flags & DP_F_SPACE) signvalue = ' '; + ufvalue = abs_val(fvalue); + if (ufvalue == 0 && fvalue != 0) /* INF or NAN? */ + signvalue = '?'; /* * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT @@ -597,12 +600,12 @@ * that from here on. */ if (style == G_FORMAT) { - if (fvalue == 0.0) { + if (ufvalue == 0.0) { realstyle = F_FORMAT; - } else if (fvalue < 0.0001) { + } else if (ufvalue < 0.0001) { realstyle = E_FORMAT; - } else if ((max == 0 && fvalue >= 10) - || (max > 0 && fvalue >= pow_10(max))) { + } else if ((max == 0 && ufvalue >= 10) + || (max > 0 && ufvalue >= pow_10(max))) { realstyle = E_FORMAT; } else { realstyle = F_FORMAT; @@ -612,9 +615,9 @@ } if (style != F_FORMAT) { - tmpvalue = fvalue; + tmpvalue = ufvalue; /* Calculate the exponent */ - if (fvalue != 0.0) { + if (ufvalue != 0.0) { while (tmpvalue < 1) { tmpvalue *= 10; exp--; @@ -651,9 +654,9 @@ } } if (realstyle == E_FORMAT) - fvalue = tmpvalue; + ufvalue = tmpvalue; } - ufvalue = abs_val(fvalue); + /* * By subtracting 65535 (2^16-1) we cancel the low order 15 bits * of ULONG_MAX to avoid using imprecise floating point values. @@ -785,7 +788,7 @@ while (fplace > 0) { if (!doapr_outch(sbuffer, buffer, currlen, maxlen, - fconvert[--fplace])) + fconvert[--fplace])) return 0; } } @@ -802,17 +805,17 @@ else ech = 'E'; if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech)) - return 0; + return 0; if (exp < 0) { if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-')) - return 0; + return 0; } else { if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+')) - return 0; + return 0; } while (eplace > 0) { if (!doapr_outch(sbuffer, buffer, currlen, maxlen, - econvert[--eplace])) + econvert[--eplace])) return 0; } } @@ -827,11 +830,11 @@ #endif /* OPENSSL_SYS_UEFI */ -#define BUFFER_INC 1024 +#define BUFFER_INC 1024 static int doapr_outch(char **sbuffer, - char **buffer, size_t *currlen, size_t *maxlen, int c) + char **buffer, size_t *currlen, size_t *maxlen, int c) { /* If we haven't at least one buffer, someone has done a big booboo */ if (!ossl_assert(*sbuffer != NULL || buffer != NULL)) @@ -898,9 +901,9 @@ { int ret; size_t retlen; - char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable - * in small-stack environments, like threads - * or DOS programs. */ + char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable + * in small-stack environments, like threads + * or DOS programs. */ char *hugebufp = hugebuf; size_t hugebufsize = sizeof(hugebuf); char *dynbuf = NULL; @@ -908,7 +911,7 @@ dynbuf = NULL; if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, - args)) { + args)) { OPENSSL_free(dynbuf); return -1; } --- crypto/openssl/crypto/bio/bio_sock.c.orig +++ crypto/openssl/crypto/bio/bio_sock.c @@ -11,45 +11,45 @@ #include #include "bio_local.h" #ifndef OPENSSL_NO_SOCK -# define SOCKET_PROTOCOL IPPROTO_TCP -# ifdef SO_MAXCONN -# define MAX_LISTEN SO_MAXCONN -# elif defined(SOMAXCONN) -# define MAX_LISTEN SOMAXCONN -# else -# define MAX_LISTEN 32 -# endif -# if defined(OPENSSL_SYS_WINDOWS) +#define SOCKET_PROTOCOL IPPROTO_TCP +#ifdef SO_MAXCONN +#define MAX_LISTEN SO_MAXCONN +#elif defined(SOMAXCONN) +#define MAX_LISTEN SOMAXCONN +#else +#define MAX_LISTEN 32 +#endif +#if defined(OPENSSL_SYS_WINDOWS) static int wsa_init_done = 0; -# endif - -# if defined __TANDEM -# include -# include /* select */ -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# elif defined _WIN32 -# include /* for type fd_set */ -# else -# include -# if defined __VMS -# include -# elif defined _HPUX_SOURCE -# include -# else -# include -# endif -# endif - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#endif + +#if defined __TANDEM +#include +#include /* select */ +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif +#elif defined _WIN32 +#include /* for type fd_set */ +#else +#include +#if defined __VMS +#include +#elif defined _HPUX_SOURCE +#include +#else +#include +#endif +#endif + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip) { BIO_ADDRINFO *res = NULL; int ret = 0; if (BIO_sock_init() != 1) - return 0; /* don't generate another error code here */ + return 0; /* don't generate another error code here */ if (BIO_lookup(str, NULL, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) { size_t l; @@ -83,7 +83,7 @@ } if (BIO_sock_init() != 1) - return 0; /* don't generate another error code here */ + return 0; /* don't generate another error code here */ if (BIO_lookup(NULL, str, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) { if (BIO_ADDRINFO_family(res) != AF_INET) { @@ -99,7 +99,7 @@ return ret; } -# endif +#endif int BIO_sock_error(int sock) { @@ -119,7 +119,7 @@ return j; } -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 struct hostent *BIO_gethostbyname(const char *name) { /* @@ -128,11 +128,11 @@ */ return gethostbyname(name); } -# endif +#endif int BIO_sock_init(void) { -# ifdef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_WINDOWS static struct WSAData wsa_state; if (!wsa_init_done) { @@ -146,40 +146,40 @@ */ if (WSAStartup(0x0202, &wsa_state) != 0) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling wsastartup()"); + "calling wsastartup()"); ERR_raise(ERR_LIB_BIO, BIO_R_WSASTARTUP); return -1; } } -# endif /* OPENSSL_SYS_WINDOWS */ -# ifdef WATT32 +#endif /* OPENSSL_SYS_WINDOWS */ +#ifdef WATT32 extern int _watt_do_exit; - _watt_do_exit = 0; /* don't make sock_init() call exit() */ + _watt_do_exit = 0; /* don't make sock_init() call exit() */ if (sock_init()) return -1; -# endif +#endif return 1; } void bio_sock_cleanup_int(void) { -# ifdef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_WINDOWS if (wsa_init_done) { wsa_init_done = 0; WSACleanup(); } -# endif +#endif } int BIO_socket_ioctl(int fd, long type, void *arg) { int i; -# ifdef __DJGPP__ +#ifdef __DJGPP__ i = ioctlsocket(fd, type, (char *)arg); -# else -# if defined(OPENSSL_SYS_VMS) +#else +#if defined(OPENSSL_SYS_VMS) /*- * 2011-02-18 SMS. * VMS ioctl() can't tolerate a 64-bit "void *arg", but we @@ -187,31 +187,31 @@ * so we arrange a local copy with a short pointer, and use * that, instead. */ -# if __INITIAL_POINTER_SIZE == 64 -# define ARG arg_32p -# pragma pointer_size save -# pragma pointer_size 32 +#if __INITIAL_POINTER_SIZE == 64 +#define ARG arg_32p +#pragma pointer_size save +#pragma pointer_size 32 unsigned long arg_32; unsigned long *arg_32p; -# pragma pointer_size restore +#pragma pointer_size restore arg_32p = &arg_32; arg_32 = *((unsigned long *)arg); -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define ARG arg -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ -# else /* defined(OPENSSL_SYS_VMS) */ -# define ARG arg -# endif /* defined(OPENSSL_SYS_VMS) [else] */ +#else /* __INITIAL_POINTER_SIZE == 64 */ +#define ARG arg +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#else /* defined(OPENSSL_SYS_VMS) */ +#define ARG arg +#endif /* defined(OPENSSL_SYS_VMS) [else] */ i = ioctlsocket(fd, type, ARG); -# endif /* __DJGPP__ */ +#endif /* __DJGPP__ */ if (i < 0) ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling ioctlsocket()"); + "calling ioctlsocket()"); return i; } -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 int BIO_get_accept_socket(char *host, int bind_mode) { int s = INVALID_SOCKET; @@ -224,22 +224,23 @@ if (BIO_sock_init() != 1) goto err; - if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0) + if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) == 0) goto err; if ((s = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res), - BIO_ADDRINFO_protocol(res), 0)) == INVALID_SOCKET) { + BIO_ADDRINFO_protocol(res), 0)) + == INVALID_SOCKET) { s = INVALID_SOCKET; goto err; } if (!BIO_listen(s, BIO_ADDRINFO_address(res), - bind_mode ? BIO_SOCK_REUSEADDR : 0)) { + bind_mode ? BIO_SOCK_REUSEADDR : 0)) { BIO_closesocket(s); s = INVALID_SOCKET; } - err: +err: BIO_ADDRINFO_free(res); OPENSSL_free(h); OPENSSL_free(p); @@ -259,7 +260,7 @@ goto end; } ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling accept()"); + "calling accept()"); ERR_raise(ERR_LIB_BIO, BIO_R_ACCEPT_ERROR); goto end; } @@ -285,27 +286,27 @@ OPENSSL_free(port); } - end: +end: return ret; } -# endif +#endif int BIO_set_tcp_ndelay(int s, int on) { int ret = 0; -# if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP)) +#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP)) int opt; -# ifdef SOL_TCP +#ifdef SOL_TCP opt = SOL_TCP; -# else -# ifdef IPPROTO_TCP +#else +#ifdef IPPROTO_TCP opt = IPPROTO_TCP; -# endif -# endif +#endif +#endif ret = setsockopt(s, opt, TCP_NODELAY, (char *)&on, sizeof(on)); -# endif +#endif return (ret == 0); } @@ -315,69 +316,67 @@ int l; l = mode; -# ifdef FIONBIO +#ifdef FIONBIO l = mode; ret = BIO_socket_ioctl(s, FIONBIO, &l); -# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY)) +#elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY)) /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ l = fcntl(s, F_GETFL, 0); if (l == -1) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fcntl()"); + "calling fcntl()"); ret = -1; } else { -# if defined(O_NONBLOCK) +#if defined(O_NONBLOCK) l &= ~O_NONBLOCK; -# else +#else l &= ~FNDELAY; /* BSD4.x */ -# endif +#endif if (mode) { -# if defined(O_NONBLOCK) +#if defined(O_NONBLOCK) l |= O_NONBLOCK; -# else +#else l |= FNDELAY; /* BSD4.x */ -# endif +#endif } ret = fcntl(s, F_SETFL, l); if (ret < 0) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fcntl()"); + "calling fcntl()"); } } -# else +#else /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_INVALID_ARGUMENT); -# endif +#endif return (ret == 0); } int BIO_sock_info(int sock, - enum BIO_sock_info_type type, union BIO_sock_info_u *info) + enum BIO_sock_info_type type, union BIO_sock_info_u *info) { switch (type) { - case BIO_SOCK_INFO_ADDRESS: - { - socklen_t addr_len; - int ret = 0; - addr_len = sizeof(*info->addr); - ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr), - &addr_len); - if (ret == -1) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getsockname()"); - ERR_raise(ERR_LIB_BIO, BIO_R_GETSOCKNAME_ERROR); - return 0; - } - if ((size_t)addr_len > sizeof(*info->addr)) { - ERR_raise(ERR_LIB_BIO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS); - return 0; - } + case BIO_SOCK_INFO_ADDRESS: { + socklen_t addr_len; + int ret = 0; + addr_len = sizeof(*info->addr); + ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr), + &addr_len); + if (ret == -1) { + ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), + "calling getsockname()"); + ERR_raise(ERR_LIB_BIO, BIO_R_GETSOCKNAME_ERROR); + return 0; + } + if ((size_t)addr_len > sizeof(*info->addr)) { + ERR_raise(ERR_LIB_BIO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS); + return 0; } - break; + } break; default: ERR_raise(ERR_LIB_BIO, BIO_R_UNKNOWN_INFO_TYPE); return 0; @@ -414,6 +413,6 @@ tv.tv_usec = 0; tv.tv_sec = (long)(max_time - now); /* might overflow */ return select(fd + 1, for_read ? &confds : NULL, - for_read ? NULL : &confds, NULL, &tv); + for_read ? NULL : &confds, NULL, &tv); } #endif /* !defined(OPENSSL_NO_SOCK) */ --- crypto/openssl/crypto/bio/bio_sock2.c.orig +++ crypto/openssl/crypto/bio/bio_sock2.c @@ -17,13 +17,13 @@ #include #ifndef OPENSSL_NO_SOCK -# ifdef SO_MAXCONN -# define MAX_LISTEN SO_MAXCONN -# elif defined(SOMAXCONN) -# define MAX_LISTEN SOMAXCONN -# else -# define MAX_LISTEN 32 -# endif +#ifdef SO_MAXCONN +#define MAX_LISTEN SO_MAXCONN +#elif defined(SOMAXCONN) +#define MAX_LISTEN SOMAXCONN +#else +#define MAX_LISTEN 32 +#endif /*- * BIO_socket - create a socket @@ -48,7 +48,7 @@ sock = socket(domain, socktype, protocol); if (sock == -1) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling socket()"); + "calling socket()"); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET); return INVALID_SOCKET; } @@ -101,9 +101,10 @@ if (options & BIO_SOCK_KEEPALIVE) { if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, - (const void *)&on, sizeof(on)) != 0) { + (const void *)&on, sizeof(on)) + != 0) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); + "calling setsockopt()"); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_KEEPALIVE); return 0; } @@ -111,32 +112,25 @@ if (options & BIO_SOCK_NODELAY) { if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, - (const void *)&on, sizeof(on)) != 0) { + (const void *)&on, sizeof(on)) + != 0) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); + "calling setsockopt()"); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_NODELAY); return 0; } } if (connect(sock, BIO_ADDR_sockaddr(addr), - BIO_ADDR_sockaddr_size(addr)) == -1) { + BIO_ADDR_sockaddr_size(addr)) + == -1) { if (!BIO_sock_should_retry(-1)) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling connect()"); + "calling connect()"); ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR); } return 0; } -# ifndef OPENSSL_NO_KTLS - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(sock); -# endif return 1; } @@ -158,34 +152,35 @@ */ int BIO_bind(int sock, const BIO_ADDR *addr, int options) { -# ifndef OPENSSL_SYS_WINDOWS +#ifndef OPENSSL_SYS_WINDOWS int on = 1; -# endif +#endif if (sock == -1) { ERR_raise(ERR_LIB_BIO, BIO_R_INVALID_SOCKET); return 0; } -# ifndef OPENSSL_SYS_WINDOWS +#ifndef OPENSSL_SYS_WINDOWS /* * SO_REUSEADDR has different behavior on Windows than on * other operating systems, don't set it there. */ if (options & BIO_SOCK_REUSEADDR) { if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, - (const void *)&on, sizeof(on)) != 0) { + (const void *)&on, sizeof(on)) + != 0) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); + "calling setsockopt()"); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_REUSEADDR); return 0; } } -# endif +#endif if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error() /* may be 0 */, - "calling bind()"); + "calling bind()"); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_BIND_SOCKET); return 0; } @@ -242,10 +237,11 @@ } if (getsockopt(sock, SOL_SOCKET, SO_TYPE, - (void *)&socktype, &socktype_len) != 0 + (void *)&socktype, &socktype_len) + != 0 || socktype_len != sizeof(socktype)) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getsockopt()"); + "calling getsockopt()"); ERR_raise(ERR_LIB_BIO, BIO_R_GETTING_SOCKTYPE); return 0; } @@ -255,9 +251,10 @@ if (options & BIO_SOCK_KEEPALIVE) { if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, - (const void *)&on, sizeof(on)) != 0) { + (const void *)&on, sizeof(on)) + != 0) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); + "calling setsockopt()"); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_KEEPALIVE); return 0; } @@ -265,16 +262,17 @@ if (options & BIO_SOCK_NODELAY) { if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, - (const void *)&on, sizeof(on)) != 0) { + (const void *)&on, sizeof(on)) + != 0) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); + "calling setsockopt()"); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_NODELAY); return 0; } } - /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */ -# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) + /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */ +#if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) if (BIO_ADDR_family(addr) == AF_INET6) { /* * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF. @@ -282,21 +280,22 @@ */ on = options & BIO_SOCK_V6_ONLY ? 1 : 0; if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, - (const void *)&on, sizeof(on)) != 0) { + (const void *)&on, sizeof(on)) + != 0) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); + "calling setsockopt()"); ERR_raise(ERR_LIB_BIO, BIO_R_LISTEN_V6_ONLY); return 0; } } -# endif +#endif if (!BIO_bind(sock, addr, options)) return 0; if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling listen()"); + "calling listen()"); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_LISTEN_SOCKET); return 0; } @@ -320,11 +319,11 @@ len = sizeof(*addr); accepted_sock = accept(accept_sock, - BIO_ADDR_sockaddr_noconst(addr), &len); + BIO_ADDR_sockaddr_noconst(addr), &len); if (accepted_sock == -1) { if (!BIO_sock_should_retry(accepted_sock)) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling accept()"); + "calling accept()"); ERR_raise(ERR_LIB_BIO, BIO_R_ACCEPT_ERROR); } return INVALID_SOCKET; --- crypto/openssl/crypto/bio/bss_acpt.c.orig +++ crypto/openssl/crypto/bio/bss_acpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ typedef struct bio_accept_st { int state; int accept_family; - int bind_mode; /* Socket mode for BIO_listen */ + int bind_mode; /* Socket mode for BIO_listen */ int accepted_mode; /* Socket mode for BIO_accept (set on accepted sock) */ char *param_addr; char *param_serv; @@ -27,7 +27,7 @@ BIO_ADDRINFO *addr_first; const BIO_ADDRINFO *addr_iter; - BIO_ADDR cache_accepting_addr; /* Useful if we asked for port 0 */ + BIO_ADDR cache_accepting_addr; /* Useful if we asked for port 0 */ char *cache_accepting_name, *cache_accepting_serv; BIO_ADDR cache_peer_addr; char *cache_peer_name, *cache_peer_serv; @@ -46,12 +46,12 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void); static void BIO_ACCEPT_free(BIO_ACCEPT *a); -# define ACPT_S_BEFORE 1 -# define ACPT_S_GET_ADDR 2 -# define ACPT_S_CREATE_SOCKET 3 -# define ACPT_S_LISTEN 4 -# define ACPT_S_ACCEPT 5 -# define ACPT_S_OK 6 +#define ACPT_S_BEFORE 1 +#define ACPT_S_GET_ADDR 2 +#define ACPT_S_CREATE_SOCKET 3 +#define ACPT_S_LISTEN 4 +#define ACPT_S_ACCEPT 5 +#define ACPT_S_OK 6 static const BIO_METHOD methods_acceptp = { BIO_TYPE_ACCEPT, @@ -61,11 +61,11 @@ bread_conv, acpt_read, acpt_puts, - NULL, /* connect_gets, */ + NULL, /* connect_gets, */ acpt_ctrl, acpt_new, acpt_free, - NULL, /* connect_callback_ctrl */ + NULL, /* connect_callback_ctrl */ }; const BIO_METHOD *BIO_s_accept(void) @@ -157,9 +157,9 @@ case ACPT_S_BEFORE: if (c->param_addr == NULL && c->param_serv == NULL) { ERR_raise_data(ERR_LIB_BIO, - BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED, - "hostname=%s, service=%s", - c->param_addr, c->param_serv); + BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED, + "hostname=%s, service=%s", + c->param_addr, c->param_serv); goto exit_loop; } @@ -179,37 +179,37 @@ c->state = ACPT_S_GET_ADDR; break; - case ACPT_S_GET_ADDR: - { - int family = AF_UNSPEC; - switch (c->accept_family) { - case BIO_FAMILY_IPV6: - if (1) { /* This is a trick we use to avoid bit rot. - * at least the "else" part will always be - * compiled. - */ + case ACPT_S_GET_ADDR: { + int family = AF_UNSPEC; + switch (c->accept_family) { + case BIO_FAMILY_IPV6: + if (1) { /* This is a trick we use to avoid bit rot. + * at least the "else" part will always be + * compiled. + */ #ifdef AF_INET6 - family = AF_INET6; - } else { + family = AF_INET6; + } else { #endif - ERR_raise(ERR_LIB_BIO, BIO_R_UNAVAILABLE_IP_FAMILY); - goto exit_loop; - } - break; - case BIO_FAMILY_IPV4: - family = AF_INET; - break; - case BIO_FAMILY_IPANY: - family = AF_UNSPEC; - break; - default: - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_IP_FAMILY); + ERR_raise(ERR_LIB_BIO, BIO_R_UNAVAILABLE_IP_FAMILY); goto exit_loop; } - if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER, - family, SOCK_STREAM, &c->addr_first) == 0) - goto exit_loop; + break; + case BIO_FAMILY_IPV4: + family = AF_INET; + break; + case BIO_FAMILY_IPANY: + family = AF_UNSPEC; + break; + default: + ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_IP_FAMILY); + goto exit_loop; } + if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER, + family, SOCK_STREAM, &c->addr_first) + == 0) + goto exit_loop; + } if (c->addr_first == NULL) { ERR_raise(ERR_LIB_BIO, BIO_R_LOOKUP_RETURNED_NOTHING); goto exit_loop; @@ -221,8 +221,8 @@ case ACPT_S_CREATE_SOCKET: ERR_set_mark(); s = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), - BIO_ADDRINFO_socktype(c->addr_iter), - BIO_ADDRINFO_protocol(c->addr_iter), 0); + BIO_ADDRINFO_socktype(c->addr_iter), + BIO_ADDRINFO_protocol(c->addr_iter), 0); if (s == (int)INVALID_SOCKET) { if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { /* @@ -233,8 +233,8 @@ } ERR_clear_last_mark(); ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling socket(%s, %s)", - c->param_addr, c->param_serv); + "calling socket(%s, %s)", + c->param_addr, c->param_serv); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET); goto exit_loop; } @@ -244,31 +244,35 @@ s = -1; break; - case ACPT_S_LISTEN: - { - if (!BIO_listen(c->accept_sock, - BIO_ADDRINFO_address(c->addr_iter), - c->bind_mode)) { - BIO_closesocket(c->accept_sock); - goto exit_loop; - } + case ACPT_S_LISTEN: { + if (!BIO_listen(c->accept_sock, + BIO_ADDRINFO_address(c->addr_iter), + c->bind_mode)) { + BIO_closesocket(c->accept_sock); + c->accept_sock = (int)INVALID_SOCKET; + b->num = (int)INVALID_SOCKET; + goto exit_loop; } + } { union BIO_sock_info_u info; info.addr = &c->cache_accepting_addr; if (!BIO_sock_info(c->accept_sock, BIO_SOCK_INFO_ADDRESS, - &info)) { + &info)) { BIO_closesocket(c->accept_sock); + c->accept_sock = (int)INVALID_SOCKET; + b->num = (int)INVALID_SOCKET; goto exit_loop; } } - c->cache_accepting_name = - BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1); - c->cache_accepting_serv = - BIO_ADDR_service_string(&c->cache_accepting_addr, 1); + /* Free old values before assigning new ones to prevent memory leak */ + OPENSSL_free(c->cache_accepting_name); + OPENSSL_free(c->cache_accepting_serv); + c->cache_accepting_name = BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1); + c->cache_accepting_serv = BIO_ADDR_service_string(&c->cache_accepting_addr, 1); c->state = ACPT_S_ACCEPT; s = -1; ret = 1; @@ -288,7 +292,7 @@ c->cache_peer_serv = NULL; s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr, - c->accepted_mode); + c->accepted_mode); /* If the returned socket is invalid, this might still be * retryable @@ -330,10 +334,8 @@ if (BIO_push(b, bio) == NULL) goto exit_loop; - c->cache_peer_name = - BIO_ADDR_hostname_string(&c->cache_peer_addr, 1); - c->cache_peer_serv = - BIO_ADDR_service_string(&c->cache_peer_addr, 1); + c->cache_peer_name = BIO_ADDR_hostname_string(&c->cache_peer_addr, 1); + c->cache_peer_serv = BIO_ADDR_service_string(&c->cache_peer_addr, 1); c->state = ACPT_S_OK; bio = NULL; ret = 1; @@ -353,12 +355,12 @@ } } - exit_loop: +exit_loop: if (bio != NULL) BIO_free(bio); else if (s >= 0) BIO_closesocket(s); - end: +end: return ret; } @@ -416,6 +418,7 @@ acpt_close_socket(b); BIO_ADDRINFO_free(data->addr_first); data->addr_first = NULL; + data->addr_iter = NULL; b->flags = 0; break; case BIO_C_DO_STATE_MACHINE: @@ -433,12 +436,13 @@ OPENSSL_free(data->param_addr); data->param_addr = NULL; ret = BIO_parse_hostserv(ptr, - &data->param_addr, - &data->param_serv, - BIO_PARSE_PRIO_SERV); + &data->param_addr, + &data->param_serv, + BIO_PARSE_PRIO_SERV); if (hold_serv != data->param_serv) OPENSSL_free(hold_serv); - b->init = 1; + if (ret > 0) + b->init = 1; } else if (num == 1) { OPENSSL_free(data->param_serv); if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL) --- crypto/openssl/crypto/bio/bss_bio.c.orig +++ crypto/openssl/crypto/bio/bss_bio.c @@ -43,11 +43,11 @@ bread_conv, bio_read, bio_puts, - NULL /* no bio_gets */ , + NULL /* no bio_gets */, bio_ctrl, bio_new, bio_free, - NULL /* no bio_callback_ctrl */ + NULL /* no bio_callback_ctrl */ }; const BIO_METHOD *BIO_s_bio(void) @@ -56,21 +56,21 @@ } struct bio_bio_st { - BIO *peer; /* NULL if buf == NULL. If peer != NULL, then - * peer->ptr is also a bio_bio_st, and its - * "peer" member points back to us. peer != - * NULL iff init != 0 in the BIO. */ + BIO *peer; /* NULL if buf == NULL. If peer != NULL, then + * peer->ptr is also a bio_bio_st, and its + * "peer" member points back to us. peer != + * NULL iff init != 0 in the BIO. */ /* This is for what we write (i.e. reading uses peer's struct): */ - int closed; /* valid iff peer != NULL */ - size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ - size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ + int closed; /* valid iff peer != NULL */ + size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ + size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ size_t size; - char *buf; /* "size" elements (if != NULL) */ - size_t request; /* valid iff peer != NULL; 0 if len != 0, - * otherwise set by peer to number of bytes - * it (unsuccessfully) tried to read, never - * more than buffer space (size-len) - * warrants. */ + char *buf; /* "size" elements (if != NULL) */ + size_t request; /* valid iff peer != NULL; 0 if len != 0, + * otherwise set by peer to number of bytes + * it (unsuccessfully) tried to read, never + * more than buffer space (size-len) + * warrants. */ }; static int bio_new(BIO *bio) @@ -124,14 +124,14 @@ assert(peer_b != NULL); assert(peer_b->buf != NULL); - peer_b->request = 0; /* will be set in "retry_read" situation */ + peer_b->request = 0; /* will be set in "retry_read" situation */ if (buf == NULL || size == 0) return 0; if (peer_b->len == 0) { if (peer_b->closed) - return 0; /* writer has closed, and no data is left */ + return 0; /* writer has closed, and no data is left */ else { BIO_set_retry_read(bio); /* buffer is empty */ if (size <= peer_b->size) @@ -154,7 +154,7 @@ rest = size; assert(rest > 0); - do { /* one or two iterations */ + do { /* one or two iterations */ size_t chunk; assert(rest <= peer_b->len); @@ -180,8 +180,7 @@ peer_b->offset = 0; } rest -= chunk; - } - while (rest); + } while (rest); return size; } @@ -242,7 +241,7 @@ if (num_ > OSSL_SSIZE_MAX) num = OSSL_SSIZE_MAX; else - num = (ossl_ssize_t) num_; + num = (ossl_ssize_t)num_; available = bio_nread0(bio, buf); if (num > available) @@ -304,7 +303,7 @@ rest = num; assert(rest > 0); - do { /* one or two iterations */ + do { /* one or two iterations */ size_t write_offset; size_t chunk; @@ -329,8 +328,7 @@ rest -= chunk; buf += chunk; - } - while (rest); + } while (rest); return num; } @@ -398,7 +396,7 @@ if (num_ > OSSL_SSIZE_MAX) num = OSSL_SSIZE_MAX; else - num = (ossl_ssize_t) num_; + num = (ossl_ssize_t)num_; space = bio_nwrite0(bio, buf); if (num > space) @@ -446,16 +444,14 @@ ret = (long)b->size; break; - case BIO_C_MAKE_BIO_PAIR: - { - BIO *other_bio = ptr; + case BIO_C_MAKE_BIO_PAIR: { + BIO *other_bio = ptr; - if (bio_make_pair(bio, other_bio)) - ret = 1; - else - ret = 0; - } - break; + if (bio_make_pair(bio, other_bio)) + ret = 1; + else + ret = 0; + } break; case BIO_C_DESTROY_BIO_PAIR: /* @@ -681,7 +677,7 @@ /* Exported convenience functions */ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, - BIO **bio2_p, size_t writebuf2) + BIO **bio2_p, size_t writebuf2) { BIO *bio1 = NULL, *bio2 = NULL; long r; @@ -710,7 +706,7 @@ goto err; ret = 1; - err: +err: if (ret == 0) { BIO_free(bio1); bio1 = NULL; --- crypto/openssl/crypto/bio/bss_conn.c.orig +++ crypto/openssl/crypto/bio/bss_conn.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,9 +21,9 @@ char *param_hostname; char *param_service; int connect_mode; -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS unsigned char record_type; -# endif +#endif BIO_ADDRINFO *addr_first; const BIO_ADDRINFO *addr_iter; @@ -52,13 +52,13 @@ BIO_CONNECT *BIO_CONNECT_new(void); void BIO_CONNECT_free(BIO_CONNECT *a); -#define BIO_CONN_S_BEFORE 1 -#define BIO_CONN_S_GET_ADDR 2 -#define BIO_CONN_S_CREATE_SOCKET 3 -#define BIO_CONN_S_CONNECT 4 -#define BIO_CONN_S_OK 5 -#define BIO_CONN_S_BLOCKED_CONNECT 6 -#define BIO_CONN_S_CONNECT_ERROR 7 +#define BIO_CONN_S_BEFORE 1 +#define BIO_CONN_S_GET_ADDR 2 +#define BIO_CONN_S_CREATE_SOCKET 3 +#define BIO_CONN_S_CONNECT 4 +#define BIO_CONN_S_OK 5 +#define BIO_CONN_S_BLOCKED_CONNECT 6 +#define BIO_CONN_S_CONNECT_ERROR 7 static const BIO_METHOD methods_connectp = { BIO_TYPE_CONNECT, @@ -68,7 +68,7 @@ bread_conv, conn_read, conn_puts, - NULL, /* conn_gets, */ + NULL, /* conn_gets, */ conn_ctrl, conn_new, conn_free, @@ -88,46 +88,46 @@ case BIO_CONN_S_BEFORE: if (c->param_hostname == NULL && c->param_service == NULL) { ERR_raise_data(ERR_LIB_BIO, - BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED, - "hostname=%s service=%s", - c->param_hostname, c->param_service); + BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED, + "hostname=%s service=%s", + c->param_hostname, c->param_service); goto exit_loop; } c->state = BIO_CONN_S_GET_ADDR; break; - case BIO_CONN_S_GET_ADDR: - { - int family = AF_UNSPEC; - switch (c->connect_family) { - case BIO_FAMILY_IPV6: - if (1) { /* This is a trick we use to avoid bit rot. - * at least the "else" part will always be - * compiled. - */ + case BIO_CONN_S_GET_ADDR: { + int family = AF_UNSPEC; + switch (c->connect_family) { + case BIO_FAMILY_IPV6: + if (1) { /* This is a trick we use to avoid bit rot. + * at least the "else" part will always be + * compiled. + */ #ifdef AF_INET6 - family = AF_INET6; - } else { + family = AF_INET6; + } else { #endif - ERR_raise(ERR_LIB_BIO, BIO_R_UNAVAILABLE_IP_FAMILY); - goto exit_loop; - } - break; - case BIO_FAMILY_IPV4: - family = AF_INET; - break; - case BIO_FAMILY_IPANY: - family = AF_UNSPEC; - break; - default: - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_IP_FAMILY); + ERR_raise(ERR_LIB_BIO, BIO_R_UNAVAILABLE_IP_FAMILY); goto exit_loop; } - if (BIO_lookup(c->param_hostname, c->param_service, - BIO_LOOKUP_CLIENT, - family, SOCK_STREAM, &c->addr_first) == 0) - goto exit_loop; + break; + case BIO_FAMILY_IPV4: + family = AF_INET; + break; + case BIO_FAMILY_IPANY: + family = AF_UNSPEC; + break; + default: + ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_IP_FAMILY); + goto exit_loop; } + if (BIO_lookup(c->param_hostname, c->param_service, + BIO_LOOKUP_CLIENT, + family, SOCK_STREAM, &c->addr_first) + == 0) + goto exit_loop; + } if (c->addr_first == NULL) { ERR_raise(ERR_LIB_BIO, BIO_R_LOOKUP_RETURNED_NOTHING); goto exit_loop; @@ -138,12 +138,12 @@ case BIO_CONN_S_CREATE_SOCKET: ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), - BIO_ADDRINFO_socktype(c->addr_iter), - BIO_ADDRINFO_protocol(c->addr_iter), 0); + BIO_ADDRINFO_socktype(c->addr_iter), + BIO_ADDRINFO_protocol(c->addr_iter), 0); if (ret == (int)INVALID_SOCKET) { ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling socket(%s, %s)", - c->param_hostname, c->param_service); + "calling socket(%s, %s)", + c->param_hostname, c->param_service); ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET); goto exit_loop; } @@ -155,7 +155,7 @@ BIO_clear_retry_flags(b); ERR_set_mark(); ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), - BIO_SOCK_KEEPALIVE | c->connect_mode); + BIO_SOCK_KEEPALIVE | c->connect_mode); b->retry_reason = 0; if (ret == 0) { if (BIO_sock_should_retry(ret)) { @@ -164,7 +164,7 @@ b->retry_reason = BIO_RR_CONNECT; ERR_pop_to_mark(); } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) - != NULL) { + != NULL) { /* * if there are more addresses to try, do that first */ @@ -175,8 +175,8 @@ } else { ERR_clear_last_mark(); ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling connect(%s, %s)", - c->param_hostname, c->param_service); + "calling connect(%s, %s)", + c->param_hostname, c->param_service); c->state = BIO_CONN_S_CONNECT_ERROR; break; } @@ -203,22 +203,13 @@ break; } ERR_raise_data(ERR_LIB_SYS, i, - "calling connect(%s, %s)", - c->param_hostname, c->param_service); + "calling connect(%s, %s)", + c->param_hostname, c->param_service); ERR_raise(ERR_LIB_BIO, BIO_R_NBIO_CONNECT_ERROR); ret = 0; goto exit_loop; } else { c->state = BIO_CONN_S_OK; -# ifndef OPENSSL_NO_KTLS - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(b->num); -# endif } break; @@ -242,10 +233,10 @@ } /* Loop does not exit */ - exit_loop: +exit_loop: if (cb != NULL) ret = cb((BIO *)b, c->state, ret); - end: +end: return ret; } @@ -334,11 +325,11 @@ if (out != NULL) { clear_socket_error(); -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS if (BIO_get_ktls_recv(b)) ret = ktls_read_record(b->num, out, outl); else -# endif +#endif ret = readsocket(b->num, out, outl); BIO_clear_retry_flags(b); if (ret <= 0) { @@ -364,7 +355,7 @@ } clear_socket_error(); -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS if (BIO_should_ktls_ctrl_msg_flag(b)) { ret = ktls_send_ctrl_message(b->num, data->record_type, in, inl); if (ret >= 0) { @@ -372,7 +363,7 @@ BIO_clear_ktls_ctrl_msg_flag(b); } } else -# endif +#endif ret = writesocket(b->num, in, inl); BIO_clear_retry_flags(b); if (ret <= 0) { @@ -389,9 +380,9 @@ const char **pptr = NULL; long ret = 1; BIO_CONNECT *data; -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS ktls_crypto_info_t *crypto_info; -# endif +#endif data = (BIO_CONNECT *)b->ptr; @@ -402,6 +393,7 @@ conn_close_socket(b); BIO_ADDRINFO_free(data->addr_first); data->addr_first = NULL; + data->addr_iter = NULL; b->flags = 0; break; case BIO_C_DO_STATE_MACHINE: @@ -422,11 +414,11 @@ *pptr = (const char *)BIO_ADDRINFO_address(data->addr_iter); } else if (num == 3) { switch (BIO_ADDRINFO_family(data->addr_iter)) { -# ifdef AF_INET6 +#ifdef AF_INET6 case AF_INET6: ret = BIO_FAMILY_IPV6; break; -# endif +#endif case AF_INET: ret = BIO_FAMILY_IPV4; break; @@ -457,9 +449,9 @@ OPENSSL_free(data->param_hostname); data->param_hostname = NULL; ret = BIO_parse_hostserv(ptr, - &data->param_hostname, - &data->param_service, - BIO_PARSE_PRIO_HOST); + &data->param_hostname, + &data->param_service, + BIO_PARSE_PRIO_HOST); if (hold_service != data->param_service) OPENSSL_free(hold_service); } else if (num == 1) { /* BIO_set_conn_port */ @@ -521,37 +513,33 @@ break; case BIO_CTRL_FLUSH: break; - case BIO_CTRL_DUP: - { - dbio = (BIO *)ptr; - if (data->param_hostname) - BIO_set_conn_hostname(dbio, data->param_hostname); - if (data->param_service) - BIO_set_conn_port(dbio, data->param_service); - BIO_set_conn_ip_family(dbio, data->connect_family); - BIO_set_conn_mode(dbio, data->connect_mode); - /* - * FIXME: the cast of the function seems unlikely to be a good - * idea - */ - (void)BIO_set_info_callback(dbio, data->info_callback); - } - break; + case BIO_CTRL_DUP: { + dbio = (BIO *)ptr; + if (data->param_hostname) + BIO_set_conn_hostname(dbio, data->param_hostname); + if (data->param_service) + BIO_set_conn_port(dbio, data->param_service); + BIO_set_conn_ip_family(dbio, data->connect_family); + BIO_set_conn_mode(dbio, data->connect_mode); + /* + * FIXME: the cast of the function seems unlikely to be a good + * idea + */ + (void)BIO_set_info_callback(dbio, data->info_callback); + } break; case BIO_CTRL_SET_CALLBACK: ret = 0; /* use callback ctrl */ break; - case BIO_CTRL_GET_CALLBACK: - { - BIO_info_cb **fptr; + case BIO_CTRL_GET_CALLBACK: { + BIO_info_cb **fptr; - fptr = (BIO_info_cb **)ptr; - *fptr = data->info_callback; - } - break; + fptr = (BIO_info_cb **)ptr; + *fptr = data->info_callback; + } break; case BIO_CTRL_EOF: ret = (b->flags & BIO_FLAGS_IN_EOF) != 0; break; -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS case BIO_CTRL_SET_KTLS: crypto_info = (ktls_crypto_info_t *)ptr; ret = ktls_start(b->num, crypto_info, num); @@ -571,7 +559,7 @@ BIO_clear_ktls_ctrl_msg_flag(b); ret = 0; break; -# endif +#endif default: ret = 0; break; @@ -587,11 +575,9 @@ data = (BIO_CONNECT *)b->ptr; switch (cmd) { - case BIO_CTRL_SET_CALLBACK: - { - data->info_callback = fp; - } - break; + case BIO_CTRL_SET_CALLBACK: { + data->info_callback = fp; + } break; default: ret = 0; break; --- crypto/openssl/crypto/bio/bss_core.c.orig +++ crypto/openssl/crypto/bio/bss_core.c @@ -40,11 +40,11 @@ static ossl_inline BIO_CORE_GLOBALS *get_globals(OSSL_LIB_CTX *libctx) { return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_BIO_CORE_INDEX, - &bio_core_globals_method); + &bio_core_globals_method); } static int bio_core_read_ex(BIO *bio, char *data, size_t data_len, - size_t *bytes_read) + size_t *bytes_read) { BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); @@ -54,7 +54,7 @@ } static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len, - size_t *written) + size_t *written) { BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); @@ -155,7 +155,7 @@ BIO_CORE_GLOBALS *bcgbl = get_globals(libctx); if (bcgbl == NULL) - return 0; + return 0; for (; fns->function_id != 0; fns++) { switch (fns->function_id) { --- crypto/openssl/crypto/bio/bss_dgram.c.orig +++ crypto/openssl/crypto/bio/bss_dgram.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #ifndef _GNU_SOURCE -# define _GNU_SOURCE +#define _GNU_SOURCE #endif #include @@ -17,30 +17,28 @@ #include "bio_local.h" #ifndef OPENSSL_NO_DGRAM -# ifndef OPENSSL_NO_SCTP -# include -# include -# define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00 -# define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 -# endif +#ifndef OPENSSL_NO_SCTP +#include +#include +#define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00 +#define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 +#endif -# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) -# define IP_MTU 14 /* linux is lame */ -# endif +#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) +#define IP_MTU 14 /* linux is lame */ +#endif -# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6) -# define IPPROTO_IPV6 41 /* windows is lame */ -# endif +#if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6) +#define IPPROTO_IPV6 41 /* windows is lame */ +#endif -# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) +#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) /* Standard definition causes type-punning problems. */ -# undef IN6_IS_ADDR_V4MAPPED -# define s6_addr32 __u6_addr.__u6_addr32 -# define IN6_IS_ADDR_V4MAPPED(a) \ - (((a)->s6_addr32[0] == 0) && \ - ((a)->s6_addr32[1] == 0) && \ - ((a)->s6_addr32[2] == htonl(0x0000ffff))) -# endif +#undef IN6_IS_ADDR_V4MAPPED +#define s6_addr32 __u6_addr.__u6_addr32 +#define IN6_IS_ADDR_V4MAPPED(a) \ + (((a)->s6_addr32[0] == 0) && ((a)->s6_addr32[1] == 0) && ((a)->s6_addr32[2] == htonl(0x0000ffff))) +#endif static int dgram_write(BIO *h, const char *buf, int num); static int dgram_read(BIO *h, char *buf, int size); @@ -50,7 +48,7 @@ static int dgram_free(BIO *data); static int dgram_clear(BIO *bio); -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP static int dgram_sctp_write(BIO *h, const char *buf, int num); static int dgram_sctp_read(BIO *h, char *buf, int size); static int dgram_sctp_puts(BIO *h, const char *str); @@ -59,11 +57,10 @@ static int dgram_sctp_free(BIO *data); static int dgram_sctp_wait_for_dry(BIO *b); static int dgram_sctp_msg_waiting(BIO *b); -# ifdef SCTP_AUTHENTICATION_EVENT -static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification - *snp); -# endif -# endif +#ifdef SCTP_AUTHENTICATION_EVENT +static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp); +#endif +#endif static int BIO_dgram_should_retry(int s); @@ -77,14 +74,14 @@ bread_conv, dgram_read, dgram_puts, - NULL, /* dgram_gets, */ + NULL, /* dgram_gets, */ dgram_ctrl, dgram_new, dgram_free, - NULL, /* dgram_callback_ctrl */ + NULL, /* dgram_callback_ctrl */ }; -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP static const BIO_METHOD methods_dgramp_sctp = { BIO_TYPE_DGRAM_SCTP, "datagram sctp socket", @@ -93,13 +90,13 @@ bread_conv, dgram_sctp_read, dgram_sctp_puts, - NULL, /* dgram_gets, */ + NULL, /* dgram_gets, */ dgram_sctp_ctrl, dgram_sctp_new, dgram_sctp_free, - NULL, /* dgram_callback_ctrl */ + NULL, /* dgram_callback_ctrl */ }; -# endif +#endif typedef struct bio_dgram_data_st { BIO_ADDR peer; @@ -111,7 +108,7 @@ unsigned int peekmode; } bio_dgram_data; -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP typedef struct bio_dgram_sctp_save_message_st { BIO *bio; char *data; @@ -134,7 +131,7 @@ int save_shutdown; int peer_auth_tested; } bio_dgram_sctp_data; -# endif +#endif const BIO_METHOD *BIO_s_datagram(void) { @@ -193,7 +190,7 @@ static void dgram_adjust_rcv_timeout(BIO *b) { -# if defined(SO_RCVTIMEO) +#if defined(SO_RCVTIMEO) bio_dgram_data *data = (bio_dgram_data *)b->ptr; /* Is a timer active? */ @@ -201,25 +198,27 @@ struct timeval timenow, timeleft; /* Read current socket timeout */ -# ifdef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_WINDOWS int timeout; int sz = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, &sz) < 0) { + (void *)&timeout, &sz) + < 0) { perror("getsockopt"); } else { data->socket_timeout.tv_sec = timeout / 1000; data->socket_timeout.tv_usec = (timeout % 1000) * 1000; } -# else +#else socklen_t sz = sizeof(data->socket_timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - &(data->socket_timeout), &sz) < 0) { + &(data->socket_timeout), &sz) + < 0) { perror("getsockopt"); } else OPENSSL_assert(sz <= sizeof(data->socket_timeout)); -# endif +#endif /* Get current time */ get_current_time(&timenow); @@ -244,50 +243,52 @@ * earlier. */ if ((data->socket_timeout.tv_sec == 0 - && data->socket_timeout.tv_usec == 0) + && data->socket_timeout.tv_usec == 0) || (data->socket_timeout.tv_sec > timeleft.tv_sec) || (data->socket_timeout.tv_sec == timeleft.tv_sec && data->socket_timeout.tv_usec >= timeleft.tv_usec)) { -# ifdef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_WINDOWS timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000; if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, sizeof(timeout)) < 0) { + (void *)&timeout, sizeof(timeout)) + < 0) { perror("setsockopt"); } -# else +#else if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft, - sizeof(struct timeval)) < 0) { + sizeof(struct timeval)) + < 0) { perror("setsockopt"); } -# endif +#endif } } -# endif +#endif } static void dgram_reset_rcv_timeout(BIO *b) { -# if defined(SO_RCVTIMEO) +#if defined(SO_RCVTIMEO) bio_dgram_data *data = (bio_dgram_data *)b->ptr; /* Is a timer active? */ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { -# ifdef OPENSSL_SYS_WINDOWS - int timeout = data->socket_timeout.tv_sec * 1000 + - data->socket_timeout.tv_usec / 1000; +#ifdef OPENSSL_SYS_WINDOWS + int timeout = data->socket_timeout.tv_sec * 1000 + data->socket_timeout.tv_usec / 1000; if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, sizeof(timeout)) < 0) { + (void *)&timeout, sizeof(timeout)) + < 0) { perror("setsockopt"); } -# else - if (setsockopt - (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), - sizeof(struct timeval)) < 0) { +#else + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), + sizeof(struct timeval)) + < 0) { perror("setsockopt"); } -# endif +#endif } -# endif +#endif } static int dgram_read(BIO *b, char *out, int outl) @@ -306,7 +307,7 @@ if (data->peekmode) flags = MSG_PEEK; ret = recvfrom(b->num, out, outl, flags, - BIO_ADDR_sockaddr_noconst(&peer), &len); + BIO_ADDR_sockaddr_noconst(&peer), &len); if (!data->connected && ret >= 0) BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); @@ -336,7 +337,7 @@ int peerlen = BIO_ADDR_sockaddr_size(&data->peer); ret = sendto(b->num, in, inl, 0, - BIO_ADDR_sockaddr(&data->peer), peerlen); + BIO_ADDR_sockaddr(&data->peer), peerlen); } BIO_clear_retry_flags(b); @@ -349,37 +350,36 @@ return ret; } -static long dgram_get_mtu_overhead(bio_dgram_data *data) +static long dgram_get_mtu_overhead(BIO_ADDR *addr) { long ret; - switch (BIO_ADDR_family(&data->peer)) { + switch (BIO_ADDR_family(addr)) { case AF_INET: /* * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */ ret = 28; break; -# if OPENSSL_USE_IPV6 - case AF_INET6: - { -# ifdef IN6_IS_ADDR_V4MAPPED - struct in6_addr tmp_addr; - if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) - && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) - /* - * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP - */ - ret = 28; - else -# endif +#if OPENSSL_USE_IPV6 + case AF_INET6: { +#ifdef IN6_IS_ADDR_V4MAPPED + struct in6_addr tmp_addr; + + if (BIO_ADDR_rawaddress(addr, &tmp_addr, NULL) + && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) + /* + * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP + */ + ret = 28; + else +#endif /* * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP */ ret = 48; - } - break; -# endif + } break; +#endif default: /* We don't know. Go with the historical default */ ret = 28; @@ -395,12 +395,12 @@ bio_dgram_data *data = NULL; int sockopt_val = 0; int d_errno; -# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) - socklen_t sockopt_len; /* assume that system supporting IP_MTU is - * modern enough to define socklen_t */ +#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) + socklen_t sockopt_len; /* assume that system supporting IP_MTU is + * modern enough to define socklen_t */ socklen_t addr_len; BIO_ADDR addr; -# endif +#endif data = (bio_dgram_data *)b->ptr; @@ -446,8 +446,8 @@ break; /* (Linux)kernel sets DF bit on outgoing IP packets */ case BIO_CTRL_DGRAM_MTU_DISCOVER: -# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) - addr_len = (socklen_t) sizeof(addr); +#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) + addr_len = (socklen_t)sizeof(addr); memset(&addr, 0, sizeof(addr)); if (getsockname(b->num, &addr.sa, &addr_len) < 0) { ret = 0; @@ -457,28 +457,30 @@ case AF_INET: sockopt_val = IP_PMTUDISC_DO; if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) + &sockopt_val, sizeof(sockopt_val))) + < 0) perror("setsockopt"); break; -# if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) +#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) case AF_INET6: sockopt_val = IPV6_PMTUDISC_DO; if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) + &sockopt_val, sizeof(sockopt_val))) + < 0) perror("setsockopt"); break; -# endif +#endif default: ret = -1; break; } -# else +#else ret = -1; -# endif +#endif break; case BIO_CTRL_DGRAM_QUERY_MTU: -# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) - addr_len = (socklen_t) sizeof(addr); +#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) + addr_len = (socklen_t)sizeof(addr); memset(&addr, 0, sizeof(addr)); if (getsockname(b->num, &addr.sa, &addr_len) < 0) { ret = 0; @@ -487,64 +489,55 @@ sockopt_len = sizeof(sockopt_val); switch (addr.sa.sa_family) { case AF_INET: - if ((ret = - getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, - &sockopt_len)) < 0 || sockopt_val < 0) { + if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, + &sockopt_len)) + < 0 + || sockopt_val < 0) { ret = 0; } else { - /* - * we assume that the transport protocol is UDP and no IP - * options are used. - */ - data->mtu = sockopt_val - 8 - 20; + data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); ret = data->mtu; } break; -# if OPENSSL_USE_IPV6 && defined(IPV6_MTU) +#if OPENSSL_USE_IPV6 && defined(IPV6_MTU) case AF_INET6: - if ((ret = - getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, - (void *)&sockopt_val, &sockopt_len)) < 0 + if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, + (void *)&sockopt_val, &sockopt_len)) + < 0 || sockopt_val < 0) { ret = 0; } else { - /* - * we assume that the transport protocol is UDP and no IPV6 - * options are used. - */ - data->mtu = sockopt_val - 8 - 40; + data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); ret = data->mtu; } break; -# endif +#endif default: ret = 0; break; } -# else +#else ret = 0; -# endif +#endif break; case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: - ret = -dgram_get_mtu_overhead(data); + ret = -dgram_get_mtu_overhead(&data->peer); switch (BIO_ADDR_family(&data->peer)) { case AF_INET: ret += 576; break; -# if OPENSSL_USE_IPV6 - case AF_INET6: - { -# ifdef IN6_IS_ADDR_V4MAPPED - struct in6_addr tmp_addr; - if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) - && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) - ret += 576; - else -# endif - ret += 1280; - } - break; -# endif +#if OPENSSL_USE_IPV6 + case AF_INET6: { +#ifdef IN6_IS_ADDR_V4MAPPED + struct in6_addr tmp_addr; + if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) + && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) + ret += 576; + else +#endif + ret += 1280; + } break; +#endif default: ret += 576; break; @@ -579,123 +572,127 @@ case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); break; -# if defined(SO_RCVTIMEO) +#if defined(SO_RCVTIMEO) case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: -# ifdef OPENSSL_SYS_WINDOWS - { - struct timeval *tv = (struct timeval *)ptr; - int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; - if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, sizeof(timeout)) < 0) { - perror("setsockopt"); - ret = -1; - } +#ifdef OPENSSL_SYS_WINDOWS + { + struct timeval *tv = (struct timeval *)ptr; + int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void *)&timeout, sizeof(timeout)) + < 0) { + perror("setsockopt"); + ret = -1; } -# else + } +#else if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, - sizeof(struct timeval)) < 0) { + sizeof(struct timeval)) + < 0) { perror("setsockopt"); ret = -1; } -# endif - break; - case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: - { -# ifdef OPENSSL_SYS_WINDOWS - int sz = 0; - int timeout; - struct timeval *tv = (struct timeval *)ptr; - - sz = sizeof(timeout); - if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, &sz) < 0) { - perror("getsockopt"); - ret = -1; - } else { - tv->tv_sec = timeout / 1000; - tv->tv_usec = (timeout % 1000) * 1000; - ret = sizeof(*tv); - } -# else - socklen_t sz = sizeof(struct timeval); - if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - ptr, &sz) < 0) { - perror("getsockopt"); - ret = -1; - } else { - OPENSSL_assert(sz <= sizeof(struct timeval)); - ret = (int)sz; - } -# endif +#endif + break; + case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: { +#ifdef OPENSSL_SYS_WINDOWS + int sz = 0; + int timeout; + struct timeval *tv = (struct timeval *)ptr; + + sz = sizeof(timeout); + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void *)&timeout, &sz) + < 0) { + perror("getsockopt"); + ret = -1; + } else { + tv->tv_sec = timeout / 1000; + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); } - break; -# endif -# if defined(SO_SNDTIMEO) +#else + socklen_t sz = sizeof(struct timeval); + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + ptr, &sz) + < 0) { + perror("getsockopt"); + ret = -1; + } else { + OPENSSL_assert(sz <= sizeof(struct timeval)); + ret = (int)sz; + } +#endif + } break; +#endif +#if defined(SO_SNDTIMEO) case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: -# ifdef OPENSSL_SYS_WINDOWS - { - struct timeval *tv = (struct timeval *)ptr; - int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; - if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - (void *)&timeout, sizeof(timeout)) < 0) { - perror("setsockopt"); - ret = -1; - } +#ifdef OPENSSL_SYS_WINDOWS + { + struct timeval *tv = (struct timeval *)ptr; + int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; + if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + (void *)&timeout, sizeof(timeout)) + < 0) { + perror("setsockopt"); + ret = -1; } -# else + } +#else if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, - sizeof(struct timeval)) < 0) { + sizeof(struct timeval)) + < 0) { perror("setsockopt"); ret = -1; } -# endif - break; - case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: - { -# ifdef OPENSSL_SYS_WINDOWS - int sz = 0; - int timeout; - struct timeval *tv = (struct timeval *)ptr; - - sz = sizeof(timeout); - if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - (void *)&timeout, &sz) < 0) { - perror("getsockopt"); - ret = -1; - } else { - tv->tv_sec = timeout / 1000; - tv->tv_usec = (timeout % 1000) * 1000; - ret = sizeof(*tv); - } -# else - socklen_t sz = sizeof(struct timeval); - if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - ptr, &sz) < 0) { - perror("getsockopt"); - ret = -1; - } else { - OPENSSL_assert(sz <= sizeof(struct timeval)); - ret = (int)sz; - } -# endif +#endif + break; + case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: { +#ifdef OPENSSL_SYS_WINDOWS + int sz = 0; + int timeout; + struct timeval *tv = (struct timeval *)ptr; + + sz = sizeof(timeout); + if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + (void *)&timeout, &sz) + < 0) { + perror("getsockopt"); + ret = -1; + } else { + tv->tv_sec = timeout / 1000; + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); } - break; -# endif +#else + socklen_t sz = sizeof(struct timeval); + if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + ptr, &sz) + < 0) { + perror("getsockopt"); + ret = -1; + } else { + OPENSSL_assert(sz <= sizeof(struct timeval)); + ret = (int)sz; + } +#endif + } break; +#endif case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: /* fall-through */ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: -# ifdef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_WINDOWS d_errno = (data->_errno == WSAETIMEDOUT); -# else +#else d_errno = (data->_errno == EAGAIN); -# endif +#endif if (d_errno) { ret = 1; data->_errno = 0; } else ret = 0; break; -# ifdef EMSGSIZE +#ifdef EMSGSIZE case BIO_CTRL_DGRAM_MTU_EXCEEDED: if (data->_errno == EMSGSIZE) { ret = 1; @@ -703,64 +700,69 @@ } else ret = 0; break; -# endif +#endif case BIO_CTRL_DGRAM_SET_DONT_FRAG: sockopt_val = num ? 1 : 0; switch (data->peer.sa.sa_family) { case AF_INET: -# if defined(IP_DONTFRAG) +#if defined(IP_DONTFRAG) if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG, - &sockopt_val, sizeof(sockopt_val))) < 0) { + &sockopt_val, sizeof(sockopt_val))) + < 0) { perror("setsockopt"); ret = -1; } -# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE) +#elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_PROBE) if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) { + &sockopt_val, sizeof(sockopt_val))) + < 0) { perror("setsockopt"); ret = -1; } -# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT) +#elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT) if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT, - (const char *)&sockopt_val, - sizeof(sockopt_val))) < 0) { + (const char *)&sockopt_val, + sizeof(sockopt_val))) + < 0) { perror("setsockopt"); ret = -1; } -# else +#else ret = -1; -# endif +#endif break; -# if OPENSSL_USE_IPV6 +#if OPENSSL_USE_IPV6 case AF_INET6: -# if defined(IPV6_DONTFRAG) +#if defined(IPV6_DONTFRAG) if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG, - (const void *)&sockopt_val, - sizeof(sockopt_val))) < 0) { + (const void *)&sockopt_val, + sizeof(sockopt_val))) + < 0) { perror("setsockopt"); ret = -1; } -# elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER) +#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER) if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) { + &sockopt_val, sizeof(sockopt_val))) + < 0) { perror("setsockopt"); ret = -1; } -# else +#else ret = -1; -# endif +#endif break; -# endif +#endif default: ret = -1; break; } break; case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: - ret = dgram_get_mtu_overhead(data); + ret = dgram_get_mtu_overhead(&data->peer); break; /* @@ -790,7 +792,7 @@ return ret; } -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP const BIO_METHOD *BIO_s_datagram_sctp(void) { return &methods_dgramp_sctp; @@ -805,13 +807,13 @@ struct sctp_authchunk auth; struct sctp_authchunks *authchunks; socklen_t sockopt_len; -# ifdef SCTP_AUTHENTICATION_EVENT -# ifdef SCTP_EVENT +#ifdef SCTP_AUTHENTICATION_EVENT +#ifdef SCTP_EVENT struct sctp_event event; -# else +#else struct sctp_event_subscribe event; -# endif -# endif +#endif +#endif bio = BIO_new(BIO_s_datagram_sctp()); if (bio == NULL) @@ -820,23 +822,21 @@ /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, - sizeof(struct sctp_authchunk)); + ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, + sizeof(struct sctp_authchunk)); if (ret < 0) { BIO_vfree(bio); ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, - "Ensure SCTP AUTH chunks are enabled in kernel"); + "Ensure SCTP AUTH chunks are enabled in kernel"); return NULL; } auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, - sizeof(struct sctp_authchunk)); + ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, + sizeof(struct sctp_authchunk)); if (ret < 0) { BIO_vfree(bio); ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, - "Ensure SCTP AUTH chunks are enabled in kernel"); + "Ensure SCTP AUTH chunks are enabled in kernel"); return NULL; } @@ -846,14 +846,14 @@ * connected socket won't use it. Similarly with connect(): the socket * prior to connection must be activated for SCTP-AUTH */ - sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); + sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_zalloc(sockopt_len); if (authchunks == NULL) { BIO_vfree(bio); return NULL; } ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, - &sockopt_len); + &sockopt_len); if (ret < 0) { OPENSSL_free(authchunks); BIO_vfree(bio); @@ -861,8 +861,8 @@ } for (p = (unsigned char *)authchunks->gauth_chunks; - p < (unsigned char *)authchunks + sockopt_len; - p += sizeof(uint8_t)) { + p < (unsigned char *)authchunks + sockopt_len; + p += sizeof(uint8_t)) { if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1; if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) @@ -874,26 +874,25 @@ if (!auth_data || !auth_forward) { BIO_vfree(bio); ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, - "Ensure SCTP AUTH chunks are enabled on the " - "underlying socket"); + "Ensure SCTP AUTH chunks are enabled on the " + "underlying socket"); return NULL; } -# ifdef SCTP_AUTHENTICATION_EVENT -# ifdef SCTP_EVENT +#ifdef SCTP_AUTHENTICATION_EVENT +#ifdef SCTP_EVENT memset(&event, 0, sizeof(event)); event.se_assoc_id = 0; event.se_type = SCTP_AUTHENTICATION_EVENT; event.se_on = 1; - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, - sizeof(struct sctp_event)); + ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, + sizeof(struct sctp_event)); if (ret < 0) { BIO_vfree(bio); return NULL; } -# else - sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); +#else + sockopt_len = (socklen_t)sizeof(struct sctp_event_subscribe); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); if (ret < 0) { BIO_vfree(bio); @@ -902,23 +901,21 @@ event.sctp_authentication_event = 1; - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, - sizeof(struct sctp_event_subscribe)); + ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, + sizeof(struct sctp_event_subscribe)); if (ret < 0) { BIO_vfree(bio); return NULL; } -# endif -# endif +#endif +#endif /* * Disable partial delivery by setting the min size larger than the max * record size of 2^14 + 2048 + 13 */ - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, - sizeof(optval)); + ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, + sizeof(optval)); if (ret < 0) { BIO_vfree(bio); return NULL; @@ -942,9 +939,9 @@ ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); return 0; } -# ifdef SCTP_PR_SCTP_NONE +#ifdef SCTP_PR_SCTP_NONE data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; -# endif +#endif bi->ptr = data; bi->flags = 0; @@ -960,16 +957,16 @@ if (!dgram_clear(a)) return 0; - data = (bio_dgram_sctp_data *) a->ptr; + data = (bio_dgram_sctp_data *)a->ptr; if (data != NULL) OPENSSL_free(data); return 1; } -# ifdef SCTP_AUTHENTICATION_EVENT +#ifdef SCTP_AUTHENTICATION_EVENT void dgram_sctp_handle_auth_free_key_event(BIO *b, - union sctp_notification *snp) + union sctp_notification *snp) { int ret; struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event; @@ -980,16 +977,16 @@ /* delete key */ authkeyid.scact_keynumber = authkeyevent->auth_keynumber; ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); + &authkeyid, sizeof(struct sctp_authkeyid)); } } -# endif +#endif static int dgram_sctp_read(BIO *b, char *out, int outl) { int ret = 0, n = 0, i, optval; socklen_t optlen; - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; struct msghdr msg; struct iovec iov; struct cmsghdr *cmsg; @@ -1019,10 +1016,10 @@ if (msg.msg_controllen > 0) { for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; - cmsg = CMSG_NXTHDR(&msg, cmsg)) { + cmsg = CMSG_NXTHDR(&msg, cmsg)) { if (cmsg->cmsg_level != IPPROTO_SCTP) continue; -# ifdef SCTP_RCVINFO +#ifdef SCTP_RCVINFO if (cmsg->cmsg_type == SCTP_RCVINFO) { struct sctp_rcvinfo *rcvinfo; @@ -1035,13 +1032,12 @@ data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn; data->rcvinfo.rcv_context = rcvinfo->rcv_context; } -# endif -# ifdef SCTP_SNDRCV +#endif +#ifdef SCTP_SNDRCV if (cmsg->cmsg_type == SCTP_SNDRCV) { struct sctp_sndrcvinfo *sndrcvinfo; - sndrcvinfo = - (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); + sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream; data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn; data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags; @@ -1050,7 +1046,7 @@ data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn; data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context; } -# endif +#endif } } @@ -1059,29 +1055,29 @@ memcpy(&snp, out, sizeof(snp)); if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { -# ifdef SCTP_EVENT +#ifdef SCTP_EVENT struct sctp_event event; -# else +#else struct sctp_event_subscribe event; socklen_t eventsize; -# endif +#endif /* disable sender dry event */ -# ifdef SCTP_EVENT +#ifdef SCTP_EVENT memset(&event, 0, sizeof(event)); event.se_assoc_id = 0; event.se_type = SCTP_SENDER_DRY_EVENT; event.se_on = 0; i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, - sizeof(struct sctp_event)); + sizeof(struct sctp_event)); if (i < 0) { ret = i; break; } -# else +#else eventsize = sizeof(struct sctp_event_subscribe); i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - &eventsize); + &eventsize); if (i < 0) { ret = i; break; @@ -1090,30 +1086,29 @@ event.sctp_sender_dry_event = 0; i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - sizeof(struct sctp_event_subscribe)); + sizeof(struct sctp_event_subscribe)); if (i < 0) { ret = i; break; } -# endif +#endif } -# ifdef SCTP_AUTHENTICATION_EVENT +#ifdef SCTP_AUTHENTICATION_EVENT if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) dgram_sctp_handle_auth_free_key_event(b, &snp); -# endif +#endif if (data->handle_notifications != NULL) data->handle_notifications(b, data->notification_context, - (void *)out); + (void *)out); memset(&snp, 0, sizeof(snp)); memset(out, 0, outl); } else { ret += n; } - } - while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) - && (ret < outl)); + } while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) + && (ret < outl)); if (ret > 0 && !(msg.msg_flags & MSG_EOR)) { /* Partial message read, this should never happen! */ @@ -1129,7 +1124,7 @@ * Test if socket buffer can handle max record size (2^14 + 2048 * + 13) */ - optlen = (socklen_t) sizeof(int); + optlen = (socklen_t)sizeof(int); ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); if (ret >= 0) OPENSSL_assert(optval >= 18445); @@ -1138,10 +1133,9 @@ * Test if SCTP doesn't partially deliver below max record size * (2^14 + 2048 + 13) */ - optlen = (socklen_t) sizeof(int); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, - &optval, &optlen); + optlen = (socklen_t)sizeof(int); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, + &optval, &optlen); if (ret >= 0) OPENSSL_assert(optval >= 18445); @@ -1173,8 +1167,7 @@ unsigned char *p; struct sctp_authchunks *authchunks; - optlen = - (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); + optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(optlen); if (authchunks == NULL) { ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); @@ -1182,12 +1175,12 @@ } memset(authchunks, 0, optlen); ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, - authchunks, &optlen); + authchunks, &optlen); if (ii >= 0) for (p = (unsigned char *)authchunks->gauth_chunks; - p < (unsigned char *)authchunks + optlen; - p += sizeof(uint8_t)) { + p < (unsigned char *)authchunks + optlen; + p += sizeof(uint8_t)) { if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1; if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) @@ -1218,22 +1211,21 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) { int ret; - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo); struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo); struct bio_dgram_sctp_sndinfo handshake_sinfo; struct iovec iov[1]; struct msghdr msg; struct cmsghdr *cmsg; -# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) - char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + - CMSG_SPACE(sizeof(struct sctp_prinfo))]; +#if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) + char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + CMSG_SPACE(sizeof(struct sctp_prinfo))]; struct sctp_sndinfo *sndinfo; struct sctp_prinfo *prinfo; -# else +#else char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; struct sctp_sndrcvinfo *sndrcvinfo; -# endif +#endif clear_socket_error(); @@ -1243,9 +1235,9 @@ */ if (in[0] != 23) { memset(&handshake_sinfo, 0, sizeof(handshake_sinfo)); -# ifdef SCTP_SACK_IMMEDIATELY +#ifdef SCTP_SACK_IMMEDIATELY handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; -# endif +#endif sinfo = &handshake_sinfo; } @@ -1267,10 +1259,10 @@ msg.msg_namelen = 0; msg.msg_iov = iov; msg.msg_iovlen = 1; - msg.msg_control = (caddr_t) cmsgbuf; + msg.msg_control = (caddr_t)cmsgbuf; msg.msg_controllen = 0; msg.msg_flags = 0; -# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) +#if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) cmsg = (struct cmsghdr *)cmsgbuf; cmsg->cmsg_level = IPPROTO_SCTP; cmsg->cmsg_type = SCTP_SNDINFO; @@ -1283,8 +1275,7 @@ sndinfo->snd_context = sinfo->snd_context; msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo)); - cmsg = - (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))]; + cmsg = (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))]; cmsg->cmsg_level = IPPROTO_SCTP; cmsg->cmsg_type = SCTP_PRINFO; cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); @@ -1293,7 +1284,7 @@ prinfo->pr_policy = pinfo->pr_policy; prinfo->pr_value = pinfo->pr_value; msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); -# else +#else cmsg = (struct cmsghdr *)cmsgbuf; cmsg->cmsg_level = IPPROTO_SCTP; cmsg->cmsg_type = SCTP_SNDRCV; @@ -1302,14 +1293,14 @@ memset(sndrcvinfo, 0, sizeof(*sndrcvinfo)); sndrcvinfo->sinfo_stream = sinfo->snd_sid; sndrcvinfo->sinfo_flags = sinfo->snd_flags; -# ifdef __FreeBSD__ +#ifdef __FreeBSD__ sndrcvinfo->sinfo_flags |= pinfo->pr_policy; -# endif +#endif sndrcvinfo->sinfo_ppid = sinfo->snd_ppid; sndrcvinfo->sinfo_context = sinfo->snd_context; sndrcvinfo->sinfo_timetolive = pinfo->pr_value; msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo)); -# endif +#endif ret = sendmsg(b->num, &msg, 0); @@ -1331,7 +1322,7 @@ struct sctp_authkeyid authkeyid; struct sctp_authkey *authkey = NULL; - data = (bio_dgram_sctp_data *) b->ptr; + data = (bio_dgram_sctp_data *)b->ptr; switch (cmd) { case BIO_CTRL_DGRAM_QUERY_MTU: @@ -1372,9 +1363,8 @@ else data->in_handshake = 0; - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, - &data->in_handshake, sizeof(int)); + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, + &data->in_handshake, sizeof(int)); break; case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: /* @@ -1383,9 +1373,8 @@ /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, - &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, + &sockopt_len); if (ret < 0) break; @@ -1398,18 +1387,17 @@ } memset(authkey, 0, sockopt_len); authkey->sca_keynumber = authkeyid.scact_keynumber + 1; -# ifndef __FreeBSD__ +#ifndef __FreeBSD__ /* * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3 * and higher work without it. */ authkey->sca_keylength = 64; -# endif +#endif memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, - sockopt_len); + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, + sockopt_len); OPENSSL_free(authkey); authkey = NULL; if (ret < 0) @@ -1417,7 +1405,7 @@ /* Reset active key */ ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); + &authkeyid, sizeof(struct sctp_authkeyid)); if (ret < 0) break; @@ -1427,16 +1415,15 @@ /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, - &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, + &sockopt_len); if (ret < 0) break; /* Set active key */ authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); + &authkeyid, sizeof(struct sctp_authkeyid)); if (ret < 0) break; @@ -1463,9 +1450,8 @@ if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, + &authkeyid, &sockopt_len); if (ret < 0) break; @@ -1474,22 +1460,22 @@ * SCTP_AUTHENTICATION_EVENT is not available. */ authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; -# ifdef SCTP_AUTH_DEACTIVATE_KEY +#ifdef SCTP_AUTH_DEACTIVATE_KEY sockopt_len = sizeof(struct sctp_authkeyid); ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, - &authkeyid, sockopt_len); + &authkeyid, sockopt_len); if (ret < 0) break; -# endif -# ifndef SCTP_AUTHENTICATION_EVENT +#endif +#ifndef SCTP_AUTHENTICATION_EVENT if (authkeyid.scact_keynumber > 0) { authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); + &authkeyid, sizeof(struct sctp_authkeyid)); if (ret < 0) break; } -# endif +#endif data->ccs_rcvd = 0; data->ccs_sent = 0; @@ -1564,10 +1550,10 @@ } int BIO_dgram_sctp_notification_cb(BIO *b, - BIO_dgram_sctp_notification_handler_fn handle_notifications, - void *context) + BIO_dgram_sctp_notification_handler_fn handle_notifications, + void *context) { - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; if (handle_notifications != NULL) { data->handle_notifications = handle_notifications; @@ -1604,24 +1590,23 @@ union sctp_notification snp; struct msghdr msg; struct iovec iov; -# ifdef SCTP_EVENT +#ifdef SCTP_EVENT struct sctp_event event; -# else +#else struct sctp_event_subscribe event; socklen_t eventsize; -# endif - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; +#endif + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; /* set sender dry event */ -# ifdef SCTP_EVENT +#ifdef SCTP_EVENT memset(&event, 0, sizeof(event)); event.se_assoc_id = 0; event.se_type = SCTP_SENDER_DRY_EVENT; event.se_on = 1; - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, - sizeof(struct sctp_event)); -# else + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, + sizeof(struct sctp_event)); +#else eventsize = sizeof(struct sctp_event_subscribe); ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); if (ret < 0) @@ -1629,10 +1614,9 @@ event.sctp_sender_dry_event = 1; - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - sizeof(struct sctp_event_subscribe)); -# endif + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, + sizeof(struct sctp_event_subscribe)); +#endif if (ret < 0) return -1; @@ -1683,39 +1667,36 @@ is_dry = 1; /* disable sender dry event */ -# ifdef SCTP_EVENT +#ifdef SCTP_EVENT memset(&event, 0, sizeof(event)); event.se_assoc_id = 0; event.se_type = SCTP_SENDER_DRY_EVENT; event.se_on = 0; - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, - sizeof(struct sctp_event)); -# else - eventsize = (socklen_t) sizeof(struct sctp_event_subscribe); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - &eventsize); + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, + sizeof(struct sctp_event)); +#else + eventsize = (socklen_t)sizeof(struct sctp_event_subscribe); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, + &eventsize); if (ret < 0) return -1; event.sctp_sender_dry_event = 0; - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - sizeof(struct sctp_event_subscribe)); -# endif + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, + sizeof(struct sctp_event_subscribe)); +#endif if (ret < 0) return -1; } -# ifdef SCTP_AUTHENTICATION_EVENT +#ifdef SCTP_AUTHENTICATION_EVENT if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) dgram_sctp_handle_auth_free_key_event(b, &snp); -# endif +#endif if (data->handle_notifications != NULL) data->handle_notifications(b, data->notification_context, - (void *)&snp); + (void *)&snp); /* found notification, peek again */ memset(&snp, 0, sizeof(snp)); @@ -1765,7 +1746,7 @@ union sctp_notification snp; struct msghdr msg; struct iovec iov; - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr; /* Check if there are any messages waiting to be read */ do { @@ -1787,10 +1768,10 @@ /* if notification, process and try again */ if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) { -# ifdef SCTP_AUTHENTICATION_EVENT +#ifdef SCTP_AUTHENTICATION_EVENT if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) dgram_sctp_handle_auth_free_key_event(b, &snp); -# endif +#endif memset(&snp, 0, sizeof(snp)); iov.iov_base = (char *)&snp; @@ -1806,7 +1787,7 @@ if (data->handle_notifications != NULL) data->handle_notifications(b, data->notification_context, - (void *)&snp); + (void *)&snp); } } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)); @@ -1826,7 +1807,7 @@ ret = dgram_sctp_write(bp, str, n); return ret; } -# endif +#endif static int BIO_dgram_should_retry(int i) { @@ -1835,13 +1816,13 @@ if ((i == 0) || (i == -1)) { err = get_last_socket_error(); -# if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) /* * If the socket return value (i) is -1 and err is unexpectedly 0 at * this point, the error code was overwritten by another system call * before this error handling is called. */ -# endif +#endif return BIO_dgram_non_fatal_error(err); } @@ -1851,43 +1832,43 @@ int BIO_dgram_non_fatal_error(int err) { switch (err) { -# if defined(OPENSSL_SYS_WINDOWS) -# if defined(WSAEWOULDBLOCK) +#if defined(OPENSSL_SYS_WINDOWS) +#if defined(WSAEWOULDBLOCK) case WSAEWOULDBLOCK: -# endif -# endif +#endif +#endif -# ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK +#ifdef EWOULDBLOCK +#ifdef WSAEWOULDBLOCK +#if WSAEWOULDBLOCK != EWOULDBLOCK case EWOULDBLOCK: -# endif -# else +#endif +#else case EWOULDBLOCK: -# endif -# endif +#endif +#endif -# ifdef EINTR +#ifdef EINTR case EINTR: -# endif +#endif -# ifdef EAGAIN -# if EWOULDBLOCK != EAGAIN +#ifdef EAGAIN +#if EWOULDBLOCK != EAGAIN case EAGAIN: -# endif -# endif +#endif +#endif -# ifdef EPROTO +#ifdef EPROTO case EPROTO: -# endif +#endif -# ifdef EINPROGRESS +#ifdef EINPROGRESS case EINPROGRESS: -# endif +#endif -# ifdef EALREADY +#ifdef EALREADY case EALREADY: -# endif +#endif return 1; default: @@ -1898,7 +1879,7 @@ static void get_current_time(struct timeval *t) { -# if defined(_WIN32) +#if defined(_WIN32) SYSTEMTIME st; unsigned __int64 now_ul; FILETIME now_ft; @@ -1906,17 +1887,17 @@ GetSystemTime(&st); SystemTimeToFileTime(&st, &now_ft); now_ul = ((unsigned __int64)now_ft.dwHighDateTime << 32) | now_ft.dwLowDateTime; -# ifdef __MINGW32__ +#ifdef __MINGW32__ now_ul -= 116444736000000000ULL; -# else +#else now_ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ -# endif +#endif t->tv_sec = (long)(now_ul / 10000000); t->tv_usec = ((int)(now_ul % 10000000)) / 10; -# else +#else if (gettimeofday(t, NULL) < 0) perror("gettimeofday"); -# endif +#endif } #endif --- crypto/openssl/crypto/bio/bss_fd.c.orig +++ crypto/openssl/crypto/bio/bss_fd.c @@ -69,7 +69,7 @@ fd_ctrl, fd_new, fd_free, - NULL, /* fd_callback_ctrl */ + NULL, /* fd_callback_ctrl */ }; const BIO_METHOD *BIO_s_fd(void) @@ -213,7 +213,7 @@ while (ptr < end && fd_read(bp, ptr, 1) > 0) { if (*ptr++ == '\n') - break; + break; } ptr[0] = '\0'; @@ -239,41 +239,41 @@ { switch (err) { -# ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK +#ifdef EWOULDBLOCK +#ifdef WSAEWOULDBLOCK +#if WSAEWOULDBLOCK != EWOULDBLOCK case EWOULDBLOCK: -# endif -# else +#endif +#else case EWOULDBLOCK: -# endif -# endif +#endif +#endif -# if defined(ENOTCONN) +#if defined(ENOTCONN) case ENOTCONN: -# endif +#endif -# ifdef EINTR +#ifdef EINTR case EINTR: -# endif +#endif -# ifdef EAGAIN -# if EWOULDBLOCK != EAGAIN +#ifdef EAGAIN +#if EWOULDBLOCK != EAGAIN case EAGAIN: -# endif -# endif +#endif +#endif -# ifdef EPROTO +#ifdef EPROTO case EPROTO: -# endif +#endif -# ifdef EINPROGRESS +#ifdef EINPROGRESS case EINPROGRESS: -# endif +#endif -# ifdef EALREADY +#ifdef EALREADY case EALREADY: -# endif +#endif return 1; default: break; --- crypto/openssl/crypto/bio/bss_file.c.orig +++ crypto/openssl/crypto/bio/bss_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,9 +20,9 @@ * of 32-bit platforms which allow for sequential access of large files * without extra "magic" comprise *BSD, Darwin, IRIX... */ -# ifndef _FILE_OFFSET_BITS -# define _FILE_OFFSET_BITS 64 -# endif +#ifndef _FILE_OFFSET_BITS +#define _FILE_OFFSET_BITS 64 +#endif #endif #include @@ -51,12 +51,12 @@ file_ctrl, file_new, file_free, - NULL, /* file_callback_ctrl */ + NULL, /* file_callback_ctrl */ }; BIO *BIO_new_file(const char *filename, const char *mode) { - BIO *ret; + BIO *ret; FILE *file = openssl_fopen(filename, mode); int fp_flags = BIO_CLOSE; @@ -65,13 +65,13 @@ if (file == NULL) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fopen(%s, %s)", - filename, mode); + "calling fopen(%s, %s)", + filename, mode); if (errno == ENOENT #ifdef ENXIO || errno == ENXIO #endif - ) + ) ERR_raise(ERR_LIB_BIO, BIO_R_NO_SUCH_FILE); else ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); @@ -144,9 +144,10 @@ ret = fread(out, 1, (int)outl, (FILE *)b->ptr); if (ret == 0 && (b->flags & BIO_FLAGS_UPLINK_INTERNAL - ? UP_ferror((FILE *)b->ptr) : ferror((FILE *)b->ptr))) { + ? UP_ferror((FILE *)b->ptr) + : ferror((FILE *)b->ptr))) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fread()"); + "calling fread()"); ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); ret = -1; } @@ -201,35 +202,45 @@ case BIO_CTRL_INFO: if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) ret = UP_ftell(b->ptr); - else + else { +#if defined(OPENSSL_SYS_WINDOWS) + /* + * On Windows, for non-seekable files (stdin), ftell() is undefined. + */ + if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK) + ret = -1; + else + ret = ftell(fp); +#else ret = ftell(fp); +#endif + } break; case BIO_C_SET_FILE_PTR: file_free(b); b->shutdown = (int)num & BIO_CLOSE; b->ptr = ptr; b->init = 1; -# if BIO_FLAGS_UPLINK_INTERNAL!=0 -# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) -# define _IOB_ENTRIES 20 -# endif +#if BIO_FLAGS_UPLINK_INTERNAL != 0 +#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) +#define _IOB_ENTRIES 20 +#endif /* Safety net to catch purely internal BIO_set_fp calls */ -# if (defined(_MSC_VER) && _MSC_VER>=1900) || defined(__BORLANDC__) +#if (defined(_MSC_VER) && _MSC_VER >= 1900) || defined(__BORLANDC__) if (ptr == stdin || ptr == stdout || ptr == stderr) BIO_clear_flags(b, BIO_FLAGS_UPLINK_INTERNAL); -# elif defined(_IOB_ENTRIES) - if ((size_t)ptr >= (size_t)stdin && - (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) +#elif defined(_IOB_ENTRIES) + if ((size_t)ptr >= (size_t)stdin && (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) BIO_clear_flags(b, BIO_FLAGS_UPLINK_INTERNAL); -# endif -# endif -# ifdef UP_fsetmod +#endif +#endif +#ifdef UP_fsetmod if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b')); else -# endif +#endif { -# if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) int fd = _fileno((FILE *)ptr); if (num & BIO_FP_TEXT) _setmode(fd, _O_TEXT); @@ -244,7 +255,7 @@ */ if ((num & BIO_FP_TEXT) != 0) setvbuf((FILE *)ptr, NULL, _IONBF, 0); -# elif defined(OPENSSL_SYS_MSDOS) +#elif defined(OPENSSL_SYS_MSDOS) int fd = fileno((FILE *)ptr); /* Set correct text/binary mode */ if (num & BIO_FP_TEXT) @@ -257,11 +268,11 @@ } else _setmode(fd, _O_BINARY); } -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) +#elif defined(OPENSSL_SYS_WIN32_CYGWIN) int fd = fileno((FILE *)ptr); if (!(num & BIO_FP_TEXT)) setmode(fd, O_BINARY); -# endif +#endif } break; case BIO_C_SET_FILENAME: @@ -283,20 +294,20 @@ ret = 0; break; } -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); else OPENSSL_strlcat(p, "t", sizeof(p)); -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) +#elif defined(OPENSSL_SYS_WIN32_CYGWIN) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); -# endif +#endif fp = openssl_fopen(ptr, p); if (fp == NULL) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fopen(%s, %s)", - ptr, p); + "calling fopen(%s, %s)", + (const char *)ptr, p); ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); ret = 0; break; @@ -321,10 +332,11 @@ break; case BIO_CTRL_FLUSH: st = b->flags & BIO_FLAGS_UPLINK_INTERNAL - ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr); + ? UP_fflush(b->ptr) + : fflush((FILE *)b->ptr); if (st == EOF) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fflush()"); + "calling fflush()"); ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); ret = 0; } @@ -358,7 +370,7 @@ } if (buf[0] != '\0') ret = strlen(buf); - err: +err: return ret; } @@ -414,7 +426,7 @@ file_ctrl, file_new, file_free, - NULL, /* file_callback_ctrl */ + NULL, /* file_callback_ctrl */ }; const BIO_METHOD *BIO_s_file(void) @@ -427,4 +439,4 @@ return NULL; } -#endif /* OPENSSL_NO_STDIO */ +#endif /* OPENSSL_NO_STDIO */ --- crypto/openssl/crypto/bio/bss_log.c.orig +++ crypto/openssl/crypto/bio/bss_log.c @@ -25,24 +25,24 @@ #if defined(OPENSSL_SYS_WINCE) #elif defined(OPENSSL_SYS_WIN32) #elif defined(OPENSSL_SYS_VMS) -# include -# include -# include -# include +#include +#include +#include +#include /* Some compiler options may mask the declaration of "_malloc32". */ -# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 +#if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +#if __INITIAL_POINTER_SIZE == 64 +#pragma pointer_size save +#pragma pointer_size 32 void *_malloc32(__size_t); -# pragma pointer_size restore -# endif /* __INITIAL_POINTER_SIZE == 64 */ -# endif /* __INITIAL_POINTER_SIZE && defined - * _ANSI_C_SOURCE */ +#pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ +#endif /* __INITIAL_POINTER_SIZE && defined \ + * _ANSI_C_SOURCE */ #elif defined(__DJGPP__) && defined(OPENSSL_NO_SOCK) -# define NO_SYSLOG +#define NO_SYSLOG #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) -# include +#include #endif #include @@ -50,30 +50,30 @@ #ifndef NO_SYSLOG -# if defined(OPENSSL_SYS_WIN32) -# define LOG_EMERG 0 -# define LOG_ALERT 1 -# define LOG_CRIT 2 -# define LOG_ERR 3 -# define LOG_WARNING 4 -# define LOG_NOTICE 5 -# define LOG_INFO 6 -# define LOG_DEBUG 7 - -# define LOG_DAEMON (3<<3) -# elif defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) +#define LOG_EMERG 0 +#define LOG_ALERT 1 +#define LOG_CRIT 2 +#define LOG_ERR 3 +#define LOG_WARNING 4 +#define LOG_NOTICE 5 +#define LOG_INFO 6 +#define LOG_DEBUG 7 + +#define LOG_DAEMON (3 << 3) +#elif defined(OPENSSL_SYS_VMS) /* On VMS, we don't really care about these, but we need them to compile */ -# define LOG_EMERG 0 -# define LOG_ALERT 1 -# define LOG_CRIT 2 -# define LOG_ERR 3 -# define LOG_WARNING 4 -# define LOG_NOTICE 5 -# define LOG_INFO 6 -# define LOG_DEBUG 7 - -# define LOG_DAEMON OPC$M_NM_NTWORK -# endif +#define LOG_EMERG 0 +#define LOG_ALERT 1 +#define LOG_CRIT 2 +#define LOG_ERR 3 +#define LOG_WARNING 4 +#define LOG_NOTICE 5 +#define LOG_INFO 6 +#define LOG_DEBUG 7 + +#define LOG_DAEMON OPC$M_NM_NTWORK +#endif static int slg_write(BIO *h, const char *buf, int num); static int slg_puts(BIO *h, const char *str); @@ -89,14 +89,14 @@ "syslog", bwrite_conv, slg_write, - NULL, /* slg_write_old, */ - NULL, /* slg_read, */ + NULL, /* slg_write_old, */ + NULL, /* slg_read, */ slg_puts, NULL, slg_ctrl, slg_new, slg_free, - NULL, /* slg_callback_ctrl */ + NULL, /* slg_callback_ctrl */ }; const BIO_METHOD *BIO_s_log(void) @@ -132,66 +132,26 @@ char str[10]; int log_level; } mapping[] = { - { - 6, "PANIC ", LOG_EMERG - }, - { - 6, "EMERG ", LOG_EMERG - }, - { - 4, "EMR ", LOG_EMERG - }, - { - 6, "ALERT ", LOG_ALERT - }, - { - 4, "ALR ", LOG_ALERT - }, - { - 5, "CRIT ", LOG_CRIT - }, - { - 4, "CRI ", LOG_CRIT - }, - { - 6, "ERROR ", LOG_ERR - }, - { - 4, "ERR ", LOG_ERR - }, - { - 8, "WARNING ", LOG_WARNING - }, - { - 5, "WARN ", LOG_WARNING - }, - { - 4, "WAR ", LOG_WARNING - }, - { - 7, "NOTICE ", LOG_NOTICE - }, - { - 5, "NOTE ", LOG_NOTICE - }, - { - 4, "NOT ", LOG_NOTICE - }, - { - 5, "INFO ", LOG_INFO - }, - { - 4, "INF ", LOG_INFO - }, - { - 6, "DEBUG ", LOG_DEBUG - }, - { - 4, "DBG ", LOG_DEBUG - }, - { - 0, "", LOG_ERR - } + { 6, "PANIC ", LOG_EMERG }, + { 6, "EMERG ", LOG_EMERG }, + { 4, "EMR ", LOG_EMERG }, + { 6, "ALERT ", LOG_ALERT }, + { 4, "ALR ", LOG_ALERT }, + { 5, "CRIT ", LOG_CRIT }, + { 4, "CRI ", LOG_CRIT }, + { 6, "ERROR ", LOG_ERR }, + { 4, "ERR ", LOG_ERR }, + { 8, "WARNING ", LOG_WARNING }, + { 5, "WARN ", LOG_WARNING }, + { 4, "WAR ", LOG_WARNING }, + { 7, "NOTICE ", LOG_NOTICE }, + { 5, "NOTE ", LOG_NOTICE }, + { 4, "NOT ", LOG_NOTICE }, + { 5, "INFO ", LOG_INFO }, + { 4, "INF ", LOG_INFO }, + { 6, "DEBUG ", LOG_DEBUG }, + { 4, "DBG ", LOG_DEBUG }, + { 0, "", LOG_ERR } /* The default */ }; @@ -238,7 +198,7 @@ return ret; } -# if defined(OPENSSL_SYS_WIN32) +#if defined(OPENSSL_SYS_WIN32) static void xopenlog(BIO *bp, char *name, int level) { @@ -291,11 +251,11 @@ static void xcloselog(BIO *bp) { if (bp->ptr) - DeregisterEventSource((HANDLE) (bp->ptr)); + DeregisterEventSource((HANDLE)(bp->ptr)); bp->ptr = NULL; } -# elif defined(OPENSSL_SYS_VMS) +#elif defined(OPENSSL_SYS_VMS) static int VMS_OPC_target = LOG_DAEMON; @@ -309,21 +269,21 @@ struct dsc$descriptor_s opc_dsc; /* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */ -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 -# define OPCDEF_TYPE __char_ptr32 -# define OPCDEF_MALLOC _malloc32 -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define OPCDEF_TYPE char * -# define OPCDEF_MALLOC OPENSSL_malloc -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#if __INITIAL_POINTER_SIZE == 64 +#pragma pointer_size save +#pragma pointer_size 32 +#define OPCDEF_TYPE __char_ptr32 +#define OPCDEF_MALLOC _malloc32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +#define OPCDEF_TYPE char * +#define OPCDEF_MALLOC OPENSSL_malloc +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ struct opcdef *opcdef_p; -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size restore -# endif /* __INITIAL_POINTER_SIZE == 64 */ +#if __INITIAL_POINTER_SIZE == 64 +#pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ char buf[10240]; unsigned int len; @@ -374,7 +334,7 @@ opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; opc_dsc.dsc$b_class = DSC$K_CLASS_S; - opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p; + opc_dsc.dsc$a_pointer = (OPCDEF_TYPE)opcdef_p; opc_dsc.dsc$w_length = len + 8; sys$sndopr(opc_dsc, 0); @@ -386,15 +346,15 @@ { } -# else /* Unix/Watt32 */ +#else /* Unix/Watt32 */ static void xopenlog(BIO *bp, char *name, int level) { -# ifdef WATT32 /* djgpp/DOS */ +#ifdef WATT32 /* djgpp/DOS */ openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level); -# else +#else openlog(name, LOG_PID | LOG_CONS, level); -# endif +#endif } static void xsyslog(BIO *bp, int priority, const char *string) @@ -407,11 +367,11 @@ closelog(); } -# endif /* Unix */ +#endif /* Unix */ -#else /* NO_SYSLOG */ +#else /* NO_SYSLOG */ const BIO_METHOD *BIO_s_log(void) { return NULL; } -#endif /* NO_SYSLOG */ +#endif /* NO_SYSLOG */ --- crypto/openssl/crypto/bio/bss_mem.c.orig +++ crypto/openssl/crypto/bio/bss_mem.c @@ -35,7 +35,7 @@ mem_ctrl, mem_new, mem_free, - NULL, /* mem_callback_ctrl */ + NULL, /* mem_callback_ctrl */ }; static const BIO_METHOD secmem_method = { @@ -50,7 +50,7 @@ mem_ctrl, secmem_new, mem_free, - NULL, /* mem_callback_ctrl */ + NULL, /* mem_callback_ctrl */ }; /* @@ -60,7 +60,7 @@ * to be used for reset. */ typedef struct bio_buf_mem_st { - struct buf_mem_st *buf; /* allocated buffer */ + struct buf_mem_st *buf; /* allocated buffer */ struct buf_mem_st *readp; /* read pointer */ } BIO_BUF_MEM; @@ -76,7 +76,7 @@ const BIO_METHOD *BIO_s_secmem(void) { - return(&secmem_method); + return (&secmem_method); } BIO *BIO_new_mem_buf(const void *buf, int len) @@ -235,7 +235,7 @@ memcpy(bbm->buf->data + blen, in, inl); *bbm->readp = *bbm->buf; ret = inl; - end: +end: return ret; } @@ -244,7 +244,7 @@ long ret = 1; char **pptr; BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; - BUF_MEM *bm, *bo; /* bio_mem, bio_other */ + BUF_MEM *bm, *bo; /* bio_mem, bio_other */ long off, remain; if (b->flags & BIO_FLAGS_MEM_RDONLY) { @@ -275,7 +275,7 @@ break; case BIO_C_FILE_SEEK: if (num < 0 || num > off + remain) - return -1; /* Can't see outside of the current buffer */ + return -1; /* Can't see outside of the current buffer */ bm->data = (num != 0) ? bo->data + num : bo->data; bm->length = bo->length - num; --- crypto/openssl/crypto/bio/bss_null.c.orig +++ crypto/openssl/crypto/bio/bss_null.c @@ -29,7 +29,7 @@ null_ctrl, NULL, NULL, - NULL, /* null_callback_ctrl */ + NULL, /* null_callback_ctrl */ }; const BIO_METHOD *BIO_s_null(void) --- crypto/openssl/crypto/bio/bss_sock.c.orig +++ crypto/openssl/crypto/bio/bss_sock.c @@ -15,17 +15,17 @@ #ifndef OPENSSL_NO_SOCK -# include +#include -# ifdef WATT32 +#ifdef WATT32 /* Watt-32 uses same names */ -# undef sock_write -# undef sock_read -# undef sock_puts -# define sock_write SockWrite -# define sock_read SockRead -# define sock_puts SockPuts -# endif +#undef sock_write +#undef sock_read +#undef sock_puts +#define sock_write SockWrite +#define sock_read SockRead +#define sock_puts SockPuts +#endif static int sock_write(BIO *h, const char *buf, int num); static int sock_read(BIO *h, char *buf, int size); @@ -43,11 +43,11 @@ bread_conv, sock_read, sock_puts, - NULL, /* sock_gets, */ + NULL, /* sock_gets, */ sock_ctrl, sock_new, sock_free, - NULL, /* sock_callback_ctrl */ + NULL, /* sock_callback_ctrl */ }; const BIO_METHOD *BIO_s_socket(void) @@ -63,17 +63,6 @@ if (ret == NULL) return NULL; BIO_set_fd(ret, fd, close_flag); -# ifndef OPENSSL_NO_KTLS - { - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(fd); - } -# endif return ret; } @@ -106,11 +95,11 @@ if (out != NULL) { clear_socket_error(); -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS if (BIO_get_ktls_recv(b)) ret = ktls_read_record(b->num, out, outl); else -# endif +#endif ret = readsocket(b->num, out, outl); BIO_clear_retry_flags(b); if (ret <= 0) { @@ -128,7 +117,7 @@ int ret = 0; clear_socket_error(); -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS if (BIO_should_ktls_ctrl_msg_flag(b)) { unsigned char record_type = (intptr_t)b->ptr; ret = ktls_send_ctrl_message(b->num, record_type, in, inl); @@ -137,7 +126,7 @@ BIO_clear_ktls_ctrl_msg_flag(b); } } else -# endif +#endif ret = writesocket(b->num, in, inl); BIO_clear_retry_flags(b); if (ret <= 0) { @@ -151,9 +140,9 @@ { long ret = 1; int *ip; -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS ktls_crypto_info_t *crypto_info; -# endif +#endif switch (cmd) { case BIO_C_SET_FD: @@ -181,7 +170,7 @@ case BIO_CTRL_FLUSH: ret = 1; break; -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS case BIO_CTRL_SET_KTLS: crypto_info = (ktls_crypto_info_t *)ptr; ret = ktls_start(b->num, crypto_info, num); @@ -201,7 +190,7 @@ BIO_clear_ktls_ctrl_msg_flag(b); ret = 0; break; -# endif +#endif case BIO_CTRL_EOF: ret = (b->flags & BIO_FLAGS_IN_EOF) != 0; break; @@ -236,47 +225,47 @@ int BIO_sock_non_fatal_error(int err) { switch (err) { -# if defined(OPENSSL_SYS_WINDOWS) -# if defined(WSAEWOULDBLOCK) +#if defined(OPENSSL_SYS_WINDOWS) +#if defined(WSAEWOULDBLOCK) case WSAEWOULDBLOCK: -# endif -# endif +#endif +#endif -# ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK +#ifdef EWOULDBLOCK +#ifdef WSAEWOULDBLOCK +#if WSAEWOULDBLOCK != EWOULDBLOCK case EWOULDBLOCK: -# endif -# else +#endif +#else case EWOULDBLOCK: -# endif -# endif +#endif +#endif -# if defined(ENOTCONN) +#if defined(ENOTCONN) case ENOTCONN: -# endif +#endif -# ifdef EINTR +#ifdef EINTR case EINTR: -# endif +#endif -# ifdef EAGAIN -# if EWOULDBLOCK != EAGAIN +#ifdef EAGAIN +#if EWOULDBLOCK != EAGAIN case EAGAIN: -# endif -# endif +#endif +#endif -# ifdef EPROTO +#ifdef EPROTO case EPROTO: -# endif +#endif -# ifdef EINPROGRESS +#ifdef EINPROGRESS case EINPROGRESS: -# endif +#endif -# ifdef EALREADY +#ifdef EALREADY case EALREADY: -# endif +#endif return 1; default: break; @@ -284,4 +273,4 @@ return 0; } -#endif /* #ifndef OPENSSL_NO_SOCK */ +#endif /* #ifndef OPENSSL_NO_SOCK */ --- crypto/openssl/crypto/bio/ossl_core_bio.c.orig +++ crypto/openssl/crypto/bio/ossl_core_bio.c @@ -92,13 +92,13 @@ } int ossl_core_bio_read_ex(OSSL_CORE_BIO *cb, void *data, size_t dlen, - size_t *readbytes) + size_t *readbytes) { return BIO_read_ex(cb->bio, data, dlen, readbytes); } int ossl_core_bio_write_ex(OSSL_CORE_BIO *cb, const void *data, size_t dlen, - size_t *written) + size_t *written) { return BIO_write_ex(cb->bio, data, dlen, written); } --- crypto/openssl/crypto/bn/asm/armv4-gf2m.pl.orig +++ crypto/openssl/crypto/bn/asm/armv4-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -37,7 +37,7 @@ # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # -# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf +# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf # $output is the last argument if it looks like a file (it has an extension) # $flavour is the first argument if it doesn't look like a file --- crypto/openssl/crypto/bn/asm/rsaz-avx512.pl.orig +++ crypto/openssl/crypto/bn/asm/rsaz-avx512.pl @@ -1,4 +1,4 @@ -# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2020, Intel Corporation. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use @@ -98,7 +98,7 @@ # specified in the original algorithm as according to the paper "Enhanced Montgomery # Multiplication" by Shay Gueron (see Lemma 1), the result will be always < 2*2^1024 # and can be used as a direct input to the next AMM iteration. -# This post-condition is true, provided the correct parameter |s| is choosen, i.e. +# This post-condition is true, provided the correct parameter |s| is chosen, i.e. # s >= n + 2 * k, which matches our case: 1040 > 1024 + 2 * 1. # # void ossl_rsaz_amm52x20_x1_256(BN_ULONG *res, --- crypto/openssl/crypto/bn/asm/sparcv9-mont.pl.orig +++ crypto/openssl/crypto/bn/asm/sparcv9-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -394,11 +394,11 @@ mulx $car1,$mul1,$car1 mulx $npj,$mul1,$acc1 + add $tmp1,$car0,$car0 add $tmp0,$car1,$car1 and $car0,$mask,$acc0 ld [$np+8],$npj ! np[2] srlx $car1,32,$car1 - add $tmp1,$car1,$car1 srlx $car0,32,$car0 add $acc0,$car1,$car1 and $car0,1,$sbit --- crypto/openssl/crypto/bn/asm/x86_64-gcc.c.orig +++ crypto/openssl/crypto/bn/asm/x86_64-gcc.c @@ -8,8 +8,10 @@ */ #include "../bn_local.h" -#if !(defined(__GNUC__) && __GNUC__>=2) +#if !(defined(__GNUC__) && __GNUC__ >= 2) +/* clang-format off */ # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ +/* clang-format on */ #else /*- * x86_64 BIGNUM accelerator version 0.1, December 2002. @@ -63,52 +65,54 @@ * machine. */ -# undef mul -# undef mul_add +#undef mul +#undef mul_add /*- * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; * "g"(0) let the compiler to decide where does it * want to keep the value of zero; */ -# define mul_add(r,a,word,carry) do { \ - register BN_ULONG high,low; \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(word),"m"(a) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(carry),"+d"(high)\ - : "a"(low),"g"(0) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+m"(r),"+d"(high) \ - : "r"(carry),"g"(0) \ - : "cc"); \ - carry=high; \ - } while (0) - -# define mul(r,a,word,carry) do { \ - register BN_ULONG high,low; \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(word),"g"(a) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(carry),"+d"(high)\ - : "a"(low),"g"(0) \ - : "cc"); \ - (r)=carry, carry=high; \ - } while (0) -# undef sqr -# define sqr(r0,r1,a) \ - asm ("mulq %2" \ - : "=a"(r0),"=d"(r1) \ - : "a"(a) \ - : "cc"); +#define mul_add(r, a, word, carry) \ + do { \ + register BN_ULONG high, low; \ + asm("mulq %3" \ + : "=a"(low), "=d"(high) \ + : "a"(word), "m"(a) \ + : "cc"); \ + asm("addq %2,%0; adcq %3,%1" \ + : "+r"(carry), "+d"(high) \ + : "a"(low), "g"(0) \ + : "cc"); \ + asm("addq %2,%0; adcq %3,%1" \ + : "+m"(r), "+d"(high) \ + : "r"(carry), "g"(0) \ + : "cc"); \ + carry = high; \ + } while (0) + +#define mul(r, a, word, carry) \ + do { \ + register BN_ULONG high, low; \ + asm("mulq %3" \ + : "=a"(low), "=d"(high) \ + : "a"(word), "g"(a) \ + : "cc"); \ + asm("addq %2,%0; adcq %3,%1" \ + : "+r"(carry), "+d"(high) \ + : "a"(low), "g"(0) \ + : "cc"); \ + (r) = carry, carry = high; \ + } while (0) +#undef sqr +#define sqr(r0, r1, a) \ + asm("mulq %2" \ + : "=a"(r0), "=d"(r1) \ + : "a"(a) \ + : "cc"); BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) + BN_ULONG w) { BN_ULONG c1 = 0; @@ -195,15 +199,15 @@ { BN_ULONG ret, waste; - asm("divq %4":"=a"(ret), "=d"(waste) - : "a"(l), "d"(h), "r"(d) - : "cc"); + asm("divq %4" : "=a"(ret), "=d"(waste) + : "a"(l), "d"(h), "r"(d) + : "cc"); return ret; } BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int n) + int n) { BN_ULONG ret; size_t i = 0; @@ -211,26 +215,26 @@ if (n <= 0) return 0; - asm volatile (" subq %0,%0 \n" /* clear carry */ - " jmp 1f \n" - ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " adcq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" - " lea 1(%2),%2 \n" - " dec %1 \n" - " jnz 1b \n" - " sbbq %0,%0 \n" - :"=&r" (ret), "+c"(n), "+r"(i) - :"r"(rp), "r"(ap), "r"(bp) - :"cc", "memory"); + asm volatile(" subq %0,%0 \n" /* clear carry */ + " jmp 1f \n" + ".p2align 4 \n" + "1: movq (%4,%2,8),%0 \n" + " adcq (%5,%2,8),%0 \n" + " movq %0,(%3,%2,8) \n" + " lea 1(%2),%2 \n" + " dec %1 \n" + " jnz 1b \n" + " sbbq %0,%0 \n" + : "=&r"(ret), "+c"(n), "+r"(i) + : "r"(rp), "r"(ap), "r"(bp) + : "cc", "memory"); return ret & 1; } -# ifndef SIMICS +#ifndef SIMICS BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int n) + int n) { BN_ULONG ret; size_t i = 0; @@ -238,25 +242,25 @@ if (n <= 0) return 0; - asm volatile (" subq %0,%0 \n" /* clear borrow */ - " jmp 1f \n" - ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " sbbq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" - " lea 1(%2),%2 \n" - " dec %1 \n" - " jnz 1b \n" - " sbbq %0,%0 \n" - :"=&r" (ret), "+c"(n), "+r"(i) - :"r"(rp), "r"(ap), "r"(bp) - :"cc", "memory"); + asm volatile(" subq %0,%0 \n" /* clear borrow */ + " jmp 1f \n" + ".p2align 4 \n" + "1: movq (%4,%2,8),%0 \n" + " sbbq (%5,%2,8),%0 \n" + " movq %0,(%3,%2,8) \n" + " lea 1(%2),%2 \n" + " dec %1 \n" + " jnz 1b \n" + " sbbq %0,%0 \n" + : "=&r"(ret), "+c"(n), "+r"(i) + : "r"(rp), "r"(ap), "r"(bp) + : "cc", "memory"); return ret & 1; } -# else +#else /* Simics 1.4<7 has buggy sbbq:-( */ -# define BN_MASK2 0xffffffffffffffffL +#define BN_MASK2 0xffffffffffffffffL BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) { BN_ULONG t1, t2; @@ -304,7 +308,7 @@ } return c; } -# endif +#endif /* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ @@ -318,77 +322,91 @@ * Keep in mind that carrying into high part of multiplication result * can not overflow, because it cannot be all-ones. */ -# if 0 +#if 0 /* original macros are kept for reference purposes */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG ta = (a), tb = (b); \ - BN_ULONG lo, hi; \ - BN_UMULT_LOHI(lo,hi,ta,tb); \ - c0 += lo; hi += (c0top; dif = max - min; - if (dif < 0) { /* hmm... should not be happening */ + if (dif < 0) { /* hmm... should not be happening */ ERR_raise(ERR_LIB_BN, BN_R_ARG2_LT_ARG3); return 0; } @@ -168,4 +168,3 @@ return 1; } - --- crypto/openssl/crypto/bn/bn_asm.c.orig +++ crypto/openssl/crypto/bn/bn_asm.c @@ -15,7 +15,7 @@ #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) + BN_ULONG w) { BN_ULONG c1 = 0; @@ -23,7 +23,7 @@ if (num <= 0) return c1; -# ifndef OPENSSL_SMALL_FOOTPRINT +#ifndef OPENSSL_SMALL_FOOTPRINT while (num & ~3) { mul_add(rp[0], ap[0], w, c1); mul_add(rp[1], ap[1], w, c1); @@ -33,7 +33,7 @@ rp += 4; num -= 4; } -# endif +#endif while (num) { mul_add(rp[0], ap[0], w, c1); ap++; @@ -52,7 +52,7 @@ if (num <= 0) return c1; -# ifndef OPENSSL_SMALL_FOOTPRINT +#ifndef OPENSSL_SMALL_FOOTPRINT while (num & ~3) { mul(rp[0], ap[0], w, c1); mul(rp[1], ap[1], w, c1); @@ -62,7 +62,7 @@ rp += 4; num -= 4; } -# endif +#endif while (num) { mul(rp[0], ap[0], w, c1); ap++; @@ -78,7 +78,7 @@ if (n <= 0) return; -# ifndef OPENSSL_SMALL_FOOTPRINT +#ifndef OPENSSL_SMALL_FOOTPRINT while (n & ~3) { sqr(r[0], r[1], a[0]); sqr(r[2], r[3], a[1]); @@ -88,7 +88,7 @@ r += 8; n -= 4; } -# endif +#endif while (n) { sqr(r[0], r[1], a[0]); a++; @@ -97,11 +97,11 @@ } } -#else /* !(defined(BN_LLONG) || - * defined(BN_UMULT_HIGH)) */ +#else /* !(defined(BN_LLONG) || \ + * defined(BN_UMULT_HIGH)) */ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) + BN_ULONG w) { BN_ULONG c = 0; BN_ULONG bl, bh; @@ -113,7 +113,7 @@ bl = LBITS(w); bh = HBITS(w); -# ifndef OPENSSL_SMALL_FOOTPRINT +#ifndef OPENSSL_SMALL_FOOTPRINT while (num & ~3) { mul_add(rp[0], ap[0], bl, bh, c); mul_add(rp[1], ap[1], bl, bh, c); @@ -123,7 +123,7 @@ rp += 4; num -= 4; } -# endif +#endif while (num) { mul_add(rp[0], ap[0], bl, bh, c); ap++; @@ -145,7 +145,7 @@ bl = LBITS(w); bh = HBITS(w); -# ifndef OPENSSL_SMALL_FOOTPRINT +#ifndef OPENSSL_SMALL_FOOTPRINT while (num & ~3) { mul(rp[0], ap[0], bl, bh, carry); mul(rp[1], ap[1], bl, bh, carry); @@ -155,7 +155,7 @@ rp += 4; num -= 4; } -# endif +#endif while (num) { mul(rp[0], ap[0], bl, bh, carry); ap++; @@ -171,7 +171,7 @@ if (n <= 0) return; -# ifndef OPENSSL_SMALL_FOOTPRINT +#ifndef OPENSSL_SMALL_FOOTPRINT while (n & ~3) { sqr64(r[0], r[1], a[0]); sqr64(r[2], r[3], a[1]); @@ -181,7 +181,7 @@ r += 8; n -= 4; } -# endif +#endif while (n) { sqr64(r[0], r[1], a[0]); a++; @@ -190,14 +190,14 @@ } } -#endif /* !(defined(BN_LLONG) || - * defined(BN_UMULT_HIGH)) */ +#endif /* !(defined(BN_LLONG) || \ + * defined(BN_UMULT_HIGH)) */ #if defined(BN_LLONG) && defined(BN_DIV2W) BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) { - return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d)); + return ((BN_ULONG)(((((BN_ULLONG)h) << BN_BITS2) | l) / (BN_ULLONG)d)); } #else @@ -236,8 +236,7 @@ tl = dl * q; for (;;) { t = h - th; - if ((t & BN_MASK2h) || - ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4)))) + if ((t & BN_MASK2h) || ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4)))) break; q--; th -= dh; @@ -266,11 +265,11 @@ ret |= q; return ret; } -#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ +#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ #ifdef BN_LLONG BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) + int n) { BN_ULLONG ll = 0; @@ -278,18 +277,18 @@ if (n <= 0) return (BN_ULONG)0; -# ifndef OPENSSL_SMALL_FOOTPRINT +#ifndef OPENSSL_SMALL_FOOTPRINT while (n & ~3) { - ll += (BN_ULLONG) a[0] + b[0]; + ll += (BN_ULLONG)a[0] + b[0]; r[0] = (BN_ULONG)ll & BN_MASK2; ll >>= BN_BITS2; - ll += (BN_ULLONG) a[1] + b[1]; + ll += (BN_ULLONG)a[1] + b[1]; r[1] = (BN_ULONG)ll & BN_MASK2; ll >>= BN_BITS2; - ll += (BN_ULLONG) a[2] + b[2]; + ll += (BN_ULLONG)a[2] + b[2]; r[2] = (BN_ULONG)ll & BN_MASK2; ll >>= BN_BITS2; - ll += (BN_ULLONG) a[3] + b[3]; + ll += (BN_ULLONG)a[3] + b[3]; r[3] = (BN_ULONG)ll & BN_MASK2; ll >>= BN_BITS2; a += 4; @@ -297,9 +296,9 @@ r += 4; n -= 4; } -# endif +#endif while (n) { - ll += (BN_ULLONG) a[0] + b[0]; + ll += (BN_ULLONG)a[0] + b[0]; r[0] = (BN_ULONG)ll & BN_MASK2; ll >>= BN_BITS2; a++; @@ -309,9 +308,9 @@ } return (BN_ULONG)ll; } -#else /* !BN_LLONG */ +#else /* !BN_LLONG */ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) + int n) { BN_ULONG c, l, t; @@ -320,7 +319,7 @@ return (BN_ULONG)0; c = 0; -# ifndef OPENSSL_SMALL_FOOTPRINT +#ifndef OPENSSL_SMALL_FOOTPRINT while (n & ~3) { t = a[0]; t = (t + c) & BN_MASK2; @@ -351,7 +350,7 @@ r += 4; n -= 4; } -# endif +#endif while (n) { t = a[0]; t = (t + c) & BN_MASK2; @@ -366,10 +365,10 @@ } return (BN_ULONG)c; } -#endif /* !BN_LLONG */ +#endif /* !BN_LLONG */ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) + int n) { BN_ULONG t1, t2; int c = 0; @@ -382,28 +381,28 @@ while (n & ~3) { t1 = a[0]; t2 = (t1 - c) & BN_MASK2; - c = (t2 > t1); + c = (t2 > t1); t1 = b[0]; t1 = (t2 - t1) & BN_MASK2; r[0] = t1; c += (t1 > t2); t1 = a[1]; t2 = (t1 - c) & BN_MASK2; - c = (t2 > t1); + c = (t2 > t1); t1 = b[1]; t1 = (t2 - t1) & BN_MASK2; r[1] = t1; c += (t1 > t2); t1 = a[2]; t2 = (t1 - c) & BN_MASK2; - c = (t2 > t1); + c = (t2 > t1); t1 = b[2]; t1 = (t2 - t1) & BN_MASK2; r[2] = t1; c += (t1 > t2); t1 = a[3]; t2 = (t1 - c) & BN_MASK2; - c = (t2 > t1); + c = (t2 > t1); t1 = b[3]; t1 = (t2 - t1) & BN_MASK2; r[3] = t1; @@ -417,7 +416,7 @@ while (n) { t1 = a[0]; t2 = (t1 - c) & BN_MASK2; - c = (t2 > t1); + c = (t2 > t1); t1 = b[0]; t1 = (t2 - t1) & BN_MASK2; r[0] = t1; @@ -432,10 +431,10 @@ #if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) -# undef bn_mul_comba8 -# undef bn_mul_comba4 -# undef bn_sqr_comba8 -# undef bn_sqr_comba4 +#undef bn_mul_comba8 +#undef bn_mul_comba4 +#undef bn_sqr_comba8 +#undef bn_sqr_comba4 /* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ @@ -445,148 +444,188 @@ * c=(c2,c1,c0) */ -# ifdef BN_LLONG +#ifdef BN_LLONG /* * Keep in mind that additions to multiplication result can not * overflow, because its high half cannot be all-ones. */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG hi; \ - BN_ULLONG t = (BN_ULLONG)(a)*(b); \ - t += c0; /* no carry */ \ - c0 = (BN_ULONG)Lw(t); \ - hi = (BN_ULONG)Hw(t); \ - c1 = (c1+hi)&BN_MASK2; c2 += (c1 +#ifdef OPENSSL_NO_ASM +#ifdef OPENSSL_BN_ASM_MONT +#include /* * This is essentially reference implementation, which may or may not * result in performance improvement. E.g. on IA-32 this routine was @@ -855,35 +894,35 @@ * [and are known to] differ and are to be documented elsewhere. */ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0p, int num) + const BN_ULONG *np, const BN_ULONG *n0p, int num) { BN_ULONG c0, c1, ml, *tp, n0; -# ifdef mul64 +#ifdef mul64 BN_ULONG mh; -# endif +#endif volatile BN_ULONG *vp; int i = 0, j; -# if 0 /* template for platform-specific - * implementation */ +#if 0 /* template for platform-specific \ + * implementation */ if (ap == bp) return bn_sqr_mont(rp, ap, np, n0p, num); -# endif +#endif vp = tp = alloca((num + 2) * sizeof(BN_ULONG)); n0 = *n0p; c0 = 0; ml = bp[0]; -# ifdef mul64 +#ifdef mul64 mh = HBITS(ml); ml = LBITS(ml); for (j = 0; j < num; ++j) mul(tp[j], ap[j], ml, mh, c0); -# else +#else for (j = 0; j < num; ++j) mul(tp[j], ap[j], ml, c0); -# endif +#endif tp[num] = c0; tp[num + 1] = 0; @@ -892,36 +931,36 @@ for (i = 0; i < num; i++) { c0 = 0; ml = bp[i]; -# ifdef mul64 +#ifdef mul64 mh = HBITS(ml); ml = LBITS(ml); for (j = 0; j < num; ++j) mul_add(tp[j], ap[j], ml, mh, c0); -# else +#else for (j = 0; j < num; ++j) mul_add(tp[j], ap[j], ml, c0); -# endif +#endif c1 = (tp[num] + c0) & BN_MASK2; tp[num] = c1; tp[num + 1] = (c1 < c0 ? 1 : 0); - enter: + enter: c1 = tp[0]; ml = (c1 * n0) & BN_MASK2; c0 = 0; -# ifdef mul64 +#ifdef mul64 mh = HBITS(ml); ml = LBITS(ml); mul_add(c1, np[0], ml, mh, c0); -# else +#else mul_add(c1, ml, np[0], c0); -# endif +#endif for (j = 1; j < num; j++) { c1 = tp[j]; -# ifdef mul64 +#ifdef mul64 mul_add(c1, np[j], ml, mh, c0); -# else +#else mul_add(c1, ml, np[j], c0); -# endif +#endif tp[j - 1] = c1 & BN_MASK2; } c1 = (tp[num] + c0) & BN_MASK2; @@ -943,25 +982,25 @@ vp[num + 1] = 0; return 1; } -# else +#else /* * Return value of 0 indicates that multiplication/convolution was not * performed to signal the caller to fall down to alternative/original * code-path. */ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) + const BN_ULONG *np, const BN_ULONG *n0, int num) { return 0; } -# endif /* OPENSSL_BN_ASM_MONT */ -# endif +#endif /* OPENSSL_BN_ASM_MONT */ +#endif -#else /* !BN_MUL_COMBA */ +#else /* !BN_MUL_COMBA */ /* hmm... is it faster just to do a multiply? */ -# undef bn_sqr_comba4 -# undef bn_sqr_comba8 +#undef bn_sqr_comba4 +#undef bn_sqr_comba8 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t[8]; @@ -994,11 +1033,11 @@ r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]); } -# ifdef OPENSSL_NO_ASM -# ifdef OPENSSL_BN_ASM_MONT -# include +#ifdef OPENSSL_NO_ASM +#ifdef OPENSSL_BN_ASM_MONT +#include int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0p, int num) + const BN_ULONG *np, const BN_ULONG *n0p, int num) { BN_ULONG c0, c1, *tp, n0 = *n0p; volatile BN_ULONG *vp; @@ -1037,13 +1076,13 @@ vp[num + 1] = 0; return 1; } -# else +#else int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) + const BN_ULONG *np, const BN_ULONG *n0, int num) { return 0; } -# endif /* OPENSSL_BN_ASM_MONT */ -# endif +#endif /* OPENSSL_BN_ASM_MONT */ +#endif -#endif /* !BN_MUL_COMBA */ +#endif /* !BN_MUL_COMBA */ --- crypto/openssl/crypto/bn/bn_blind.c.orig +++ crypto/openssl/crypto/bn/bn_blind.c @@ -11,19 +11,19 @@ #include "internal/cryptlib.h" #include "bn_local.h" -#define BN_BLINDING_COUNTER 32 +#define BN_BLINDING_COUNTER 32 struct bn_blinding_st { BIGNUM *A; BIGNUM *Ai; BIGNUM *e; - BIGNUM *mod; /* just a reference */ + BIGNUM *mod; /* just a reference */ CRYPTO_THREAD_ID tid; int counter; unsigned long flags; BN_MONT_CTX *m_ctx; - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); CRYPTO_RWLOCK *lock; }; @@ -73,7 +73,7 @@ return ret; - err: +err: BN_BLINDING_free(ret); return NULL; } @@ -102,8 +102,7 @@ if (b->counter == -1) b->counter = 0; - if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && - !(b->flags & BN_BLINDING_NO_RECREATE)) { + if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && !(b->flags & BN_BLINDING_NO_RECREATE)) { /* re-create blinding parameters */ if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) goto err; @@ -120,7 +119,7 @@ } ret = 1; - err: +err: if (b->counter == BN_BLINDING_COUNTER) b->counter = 0; return ret; @@ -165,7 +164,7 @@ } int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, - BN_CTX *ctx) + BN_CTX *ctx) { int ret; @@ -232,14 +231,14 @@ } BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, - int (*bn_mod_exp) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx) + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp)(BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx) { int retry_counter = 32; BN_BLINDING *ret = NULL; @@ -303,7 +302,7 @@ } return ret; - err: +err: if (b == NULL) { BN_BLINDING_free(ret); ret = NULL; --- crypto/openssl/crypto/bn/bn_const.c.orig +++ crypto/openssl/crypto/bn/bn_const.c @@ -12,7 +12,6 @@ #define COPY_BN(dst, src) (dst != NULL) ? BN_copy(dst, &src) : BN_dup(&src) - /*- * "First Oakley Default Group" from RFC2409, section 6.1. * @@ -25,18 +24,102 @@ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) { static const unsigned char RFC2409_PRIME_768[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xC9, + 0x0F, + 0xDA, + 0xA2, + 0x21, + 0x68, + 0xC2, + 0x34, + 0xC4, + 0xC6, + 0x62, + 0x8B, + 0x80, + 0xDC, + 0x1C, + 0xD1, + 0x29, + 0x02, + 0x4E, + 0x08, + 0x8A, + 0x67, + 0xCC, + 0x74, + 0x02, + 0x0B, + 0xBE, + 0xA6, + 0x3B, + 0x13, + 0x9B, + 0x22, + 0x51, + 0x4A, + 0x08, + 0x79, + 0x8E, + 0x34, + 0x04, + 0xDD, + 0xEF, + 0x95, + 0x19, + 0xB3, + 0xCD, + 0x3A, + 0x43, + 0x1B, + 0x30, + 0x2B, + 0x0A, + 0x6D, + 0xF2, + 0x5F, + 0x14, + 0x37, + 0x4F, + 0xE1, + 0x35, + 0x6D, + 0x6D, + 0x51, + 0xC2, + 0x45, + 0xE4, + 0x85, + 0xB5, + 0x76, + 0x62, + 0x5E, + 0x7E, + 0xC6, + 0xF4, + 0x4C, + 0x42, + 0xE9, + 0xA6, + 0x3A, + 0x36, + 0x20, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, }; return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn); } @@ -53,22 +136,134 @@ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) { static const unsigned char RFC2409_PRIME_1024[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xC9, + 0x0F, + 0xDA, + 0xA2, + 0x21, + 0x68, + 0xC2, + 0x34, + 0xC4, + 0xC6, + 0x62, + 0x8B, + 0x80, + 0xDC, + 0x1C, + 0xD1, + 0x29, + 0x02, + 0x4E, + 0x08, + 0x8A, + 0x67, + 0xCC, + 0x74, + 0x02, + 0x0B, + 0xBE, + 0xA6, + 0x3B, + 0x13, + 0x9B, + 0x22, + 0x51, + 0x4A, + 0x08, + 0x79, + 0x8E, + 0x34, + 0x04, + 0xDD, + 0xEF, + 0x95, + 0x19, + 0xB3, + 0xCD, + 0x3A, + 0x43, + 0x1B, + 0x30, + 0x2B, + 0x0A, + 0x6D, + 0xF2, + 0x5F, + 0x14, + 0x37, + 0x4F, + 0xE1, + 0x35, + 0x6D, + 0x6D, + 0x51, + 0xC2, + 0x45, + 0xE4, + 0x85, + 0xB5, + 0x76, + 0x62, + 0x5E, + 0x7E, + 0xC6, + 0xF4, + 0x4C, + 0x42, + 0xE9, + 0xA6, + 0x37, + 0xED, + 0x6B, + 0x0B, + 0xFF, + 0x5C, + 0xB6, + 0xF4, + 0x06, + 0xB7, + 0xED, + 0xEE, + 0x38, + 0x6B, + 0xFB, + 0x5A, + 0x89, + 0x9F, + 0xA5, + 0xAE, + 0x9F, + 0x24, + 0x11, + 0x7C, + 0x4B, + 0x1F, + 0xE6, + 0x49, + 0x28, + 0x66, + 0x51, + 0xEC, + 0xE6, + 0x53, + 0x81, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, }; return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn); } --- crypto/openssl/crypto/bn/bn_conv.c.orig +++ crypto/openssl/crypto/bn/bn_conv.c @@ -42,7 +42,7 @@ } } *p = '\0'; - err: +err: return buf; } @@ -66,7 +66,7 @@ */ i = BN_num_bits(a) * 3; num = (i / 10 + i / 1000 + 1) + 1; - tbytes = num + 3; /* negative and terminator and one spare? */ + tbytes = num + 3; /* negative and terminator and one spare? */ bn_data_num = num / BN_DEC_NUM + 1; bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG)); buf = OPENSSL_malloc(tbytes); @@ -113,7 +113,7 @@ } } ok = 1; - err: +err: OPENSSL_free(bn_data); BN_free(t); if (ok) @@ -165,7 +165,7 @@ if (bn_expand(ret, i * 4) == NULL) goto err; - j = i; /* least significant 'hex' */ + j = i; /* least significant 'hex' */ m = 0; h = 0; while (j > 0) { @@ -175,7 +175,7 @@ c = a[j - m]; k = OPENSSL_hexchar2int(c); if (k < 0) - k = 0; /* paranoia */ + k = 0; /* paranoia */ l = (l << 4) | k; if (--m <= 0) { @@ -194,7 +194,7 @@ if (ret->top != 0) ret->neg = neg; return num; - err: +err: if (*bn == NULL) BN_free(ret); return 0; @@ -264,7 +264,7 @@ if (ret->top != 0) ret->neg = neg; return num; - err: +err: if (*bn == NULL) BN_free(ret); return 0; --- crypto/openssl/crypto/bn/bn_ctx.c.orig +++ crypto/openssl/crypto/bn/bn_ctx.c @@ -12,9 +12,9 @@ #include "bn_local.h" /* How many bignums are in each "pool item"; */ -#define BN_CTX_POOL_SIZE 16 +#define BN_CTX_POOL_SIZE 16 /* The stack frame info is resizing, set a first-time expansion size; */ -#define BN_CTX_START_FRAMES 32 +#define BN_CTX_START_FRAMES 32 /***********/ /* BN_POOL */ @@ -86,10 +86,10 @@ BN_STACK *stack = &ctx->stack; BIO_printf(channel, "%s\n", text); - BIO_printf(channel, " (%16p): ", (void*)ctx); + BIO_printf(channel, " (%16p): ", (void *)ctx); while (bnidx < ctx->used) { BIO_printf(channel, "%03x ", - item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); + item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); if (!(bnidx % BN_CTX_POOL_SIZE)) item = item->next; } @@ -106,13 +106,17 @@ BIO_printf(channel, "\n"); } -# define CTXDBG(str, ctx) \ - OSSL_TRACE_BEGIN(BN_CTX) { \ - ctxdbg(trc_out, str, ctx); \ - } OSSL_TRACE_END(BN_CTX) +#define CTXDBG(str, ctx) \ + OSSL_TRACE_BEGIN(BN_CTX) \ + { \ + ctxdbg(trc_out, str, ctx); \ + } \ + OSSL_TRACE_END(BN_CTX) #else /* We do not want tracing in FIPS module */ -# define CTXDBG(str, ctx) do {} while(0) +#define CTXDBG(str, ctx) \ + do { \ + } while (0) #endif /* FIPS_MODULE */ BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx) @@ -158,11 +162,12 @@ if (ctx == NULL) return; #ifndef FIPS_MODULE - OSSL_TRACE_BEGIN(BN_CTX) { + OSSL_TRACE_BEGIN(BN_CTX) + { BN_POOL_ITEM *pool = ctx->pool.head; BIO_printf(trc_out, - "BN_CTX_free(): stack-size=%d, pool-bignums=%d\n", - ctx->stack.size, ctx->pool.size); + "BN_CTX_free(): stack-size=%d, pool-bignums=%d\n", + ctx->stack.size, ctx->pool.size); BIO_printf(trc_out, " dmaxs: "); while (pool) { unsigned loop = 0; @@ -171,7 +176,8 @@ pool = pool->next; } BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(BN_CTX); + } + OSSL_TRACE_END(BN_CTX); #endif BN_STACK_finish(&ctx->stack); BN_POOL_finish(&ctx->pool); @@ -259,13 +265,11 @@ st->indexes = NULL; } - static int BN_STACK_push(BN_STACK *st, unsigned int idx) { if (st->depth == st->size) { /* Need to expand */ - unsigned int newsize = - st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; + unsigned int newsize = st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; unsigned int *newitems; if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) { @@ -312,7 +316,6 @@ } } - static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) { BIGNUM *bn; --- crypto/openssl/crypto/bn/bn_depr.c.orig +++ crypto/openssl/crypto/bn/bn_depr.c @@ -20,8 +20,8 @@ #include "bn_local.h" BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback) (int, int, void *), void *cb_arg) + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int, int, void *), void *cb_arg) { BN_GENCB cb; BIGNUM *rnd = NULL; @@ -38,14 +38,14 @@ /* we have a prime :-) */ return rnd; - err: +err: BN_free(rnd); return NULL; } int BN_is_prime(const BIGNUM *a, int checks, - void (*callback) (int, int, void *), BN_CTX *ctx_passed, - void *cb_arg) + void (*callback)(int, int, void *), BN_CTX *ctx_passed, + void *cb_arg) { BN_GENCB cb; BN_GENCB_set_old(&cb, callback, cb_arg); @@ -53,9 +53,9 @@ } int BN_is_prime_fasttest(const BIGNUM *a, int checks, - void (*callback) (int, int, void *), - BN_CTX *ctx_passed, void *cb_arg, - int do_trial_division) + void (*callback)(int, int, void *), + BN_CTX *ctx_passed, void *cb_arg, + int do_trial_division) { BN_GENCB cb; BN_GENCB_set_old(&cb, callback, cb_arg); --- crypto/openssl/crypto/bn/bn_dh.c.orig +++ crypto/openssl/crypto/bn/bn_dh.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,18 +10,18 @@ #include "bn_local.h" #include "internal/nelem.h" -# include -# include "crypto/bn_dh.h" +#include +#include "crypto/bn_dh.h" -# if BN_BITS2 == 64 -# define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo -# else -# define BN_DEF(lo, hi) lo, hi -# endif +#if BN_BITS2 == 64 +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo +#else +#define BN_DEF(lo, hi) lo, hi +#endif /* DH parameters from RFC3526 */ -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE /* * "1536-bit MODP Group" from RFC3526, Section 2. * @@ -59,7 +59,7 @@ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF) }; -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ /*- * "2048-bit MODP Group" from RFC3526, Section 3. @@ -88,22 +88,38 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG modp_2048_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x45565534, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0x45565534, 0x0AB9472D), + BN_DEF(0x4C7D0288, 0x8AE9130C), + BN_DEF(0x754AB572, 0x1CCAA4BE), + BN_DEF(0x4AAC0B8C, 0xEF15E5FB), + BN_DEF(0x37A62964, 0xDAE2AEF8), + BN_DEF(0x7603D147, 0xCD93C1D1), + BN_DEF(0x0C074301, 0xF1CF3B96), + BN_DEF(0x171B671D, 0x19482F23), + BN_DEF(0x650C10BE, 0x78BA3604), + BN_DEF(0x255E4C02, 0xB3861AA7), + BN_DEF(0xB84B4B36, 0xCF6A9483), + BN_DEF(0x1042A95D, 0x0E3179AB), + BN_DEF(0xEE51D6CB, 0xC1B2AE91), + BN_DEF(0x7E9267AF, 0x348B1FD4), + BN_DEF(0x0E2AE9CD, 0xCC6D241B), + BN_DEF(0x50B1DF82, 0xE1003E5C), + BN_DEF(0xF6722D9E, 0x24943328), + BN_DEF(0xBE258FF3, 0xD74F9208), + BN_DEF(0xAD44CFD2, 0xF71C35FD), + BN_DEF(0x7A035BF6, 0x85FFAE5B), + BN_DEF(0xD31BF6B5, 0x7A262174), + BN_DEF(0x312F3F63, 0xF242DABB), + BN_DEF(0xB6A8E122, 0xA7F09AB6), + BN_DEF(0xF92F8A1B, 0x98158536), + BN_DEF(0xE69D218D, 0xF7CA8CD9), + BN_DEF(0xC71A026E, 0x28A5043C), + BN_DEF(0x1D89CD91, 0x0105DF53), + BN_DEF(0x4533E63A, 0x94812704), + BN_DEF(0xC06E0E68, 0x62633145), + BN_DEF(0x10B4611A, 0xE487ED51), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; /*- @@ -141,30 +157,54 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG modp_3072_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x549D6965, 0x25C16890), - BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), - BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), - BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), - BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), - BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), - BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), - BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), - BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0x549D6965, 0x25C16890), + BN_DEF(0x707E8847, 0xA1EDADFE), + BN_DEF(0x3A72D598, 0x047127D0), + BN_DEF(0x5D6CA371, 0x3B84C460), + BN_DEF(0xBD30AEB6, 0x5DF08BAB), + BN_DEF(0x0BBD9006, 0x290F958C), + BN_DEF(0x9F643532, 0x6C3B0139), + BN_DEF(0x6CC50432, 0xF897FD03), + BN_DEF(0x0D697735, 0xE771E913), + BN_DEF(0x2512B0CE, 0x8F464A70), + BN_DEF(0x6D8499EB, 0xD5FAD746), + BN_DEF(0xD370F263, 0xD9CB87C2), + BN_DEF(0xAE83063E, 0x457538AB), + BN_DEF(0x2C6DF785, 0x767DC282), + BN_DEF(0xEF8E5D32, 0xD42A90D5), + BN_DEF(0x82283D19, 0xD6998B86), + BN_DEF(0x45556216, 0x0AB9472D), + BN_DEF(0x4C7D0288, 0x8AE9130C), + BN_DEF(0x754AB572, 0x1CCAA4BE), + BN_DEF(0x4AAC0B8C, 0xEF15E5FB), + BN_DEF(0x37A62964, 0xDAE2AEF8), + BN_DEF(0x7603D147, 0xCD93C1D1), + BN_DEF(0x0C074301, 0xF1CF3B96), + BN_DEF(0x171B671D, 0x19482F23), + BN_DEF(0x650C10BE, 0x78BA3604), + BN_DEF(0x255E4C02, 0xB3861AA7), + BN_DEF(0xB84B4B36, 0xCF6A9483), + BN_DEF(0x1042A95D, 0x0E3179AB), + BN_DEF(0xEE51D6CB, 0xC1B2AE91), + BN_DEF(0x7E9267AF, 0x348B1FD4), + BN_DEF(0x0E2AE9CD, 0xCC6D241B), + BN_DEF(0x50B1DF82, 0xE1003E5C), + BN_DEF(0xF6722D9E, 0x24943328), + BN_DEF(0xBE258FF3, 0xD74F9208), + BN_DEF(0xAD44CFD2, 0xF71C35FD), + BN_DEF(0x7A035BF6, 0x85FFAE5B), + BN_DEF(0xD31BF6B5, 0x7A262174), + BN_DEF(0x312F3F63, 0xF242DABB), + BN_DEF(0xB6A8E122, 0xA7F09AB6), + BN_DEF(0xF92F8A1B, 0x98158536), + BN_DEF(0xE69D218D, 0xF7CA8CD9), + BN_DEF(0xC71A026E, 0x28A5043C), + BN_DEF(0x1D89CD91, 0x0105DF53), + BN_DEF(0x4533E63A, 0x94812704), + BN_DEF(0xC06E0E68, 0x62633145), + BN_DEF(0x10B4611A, 0xE487ED51), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; /*- @@ -210,38 +250,70 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG modp_4096_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x9A0318CC, 0xA6FA1AE4), - BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), - BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), - BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), - BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), - BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), - BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), - BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), - BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), - BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), - BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), - BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), - BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), - BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), - BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), - BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), - BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), + BN_DEF(0x9A0318CC, 0xA6FA1AE4), + BN_DEF(0x48536047, 0xC37FDBEE), + BN_DEF(0x46C7EEE0, 0xC9DA754C), + BN_DEF(0xEAD82D54, 0x68034893), + BN_DEF(0x10B8240E, 0xDC0DEEBB), + BN_DEF(0x67716BD7, 0x8FB094B8), + BN_DEF(0x28ADF3F6, 0x119DD0C3), + BN_DEF(0xD04861D1, 0xCCD94B27), + BN_DEF(0xA735E02E, 0x143E2CA3), + BN_DEF(0x0FDF6553, 0x97477E0A), + BN_DEF(0x826F477C, 0x6DDDE16D), + BN_DEF(0x156A2674, 0x12C1F4E5), + BN_DEF(0x5B0A85ED, 0x0D4A341A), + BN_DEF(0x357A711E, 0x4CE1938C), + BN_DEF(0x5EDD2D93, 0xC438CD08), + BN_DEF(0x53C3F36B, 0x8D391E09), + BN_DEF(0x54908400, 0x25C16890), + BN_DEF(0x707E8847, 0xA1EDADFE), + BN_DEF(0x3A72D598, 0x047127D0), + BN_DEF(0x5D6CA371, 0x3B84C460), + BN_DEF(0xBD30AEB6, 0x5DF08BAB), + BN_DEF(0x0BBD9006, 0x290F958C), + BN_DEF(0x9F643532, 0x6C3B0139), + BN_DEF(0x6CC50432, 0xF897FD03), + BN_DEF(0x0D697735, 0xE771E913), + BN_DEF(0x2512B0CE, 0x8F464A70), + BN_DEF(0x6D8499EB, 0xD5FAD746), + BN_DEF(0xD370F263, 0xD9CB87C2), + BN_DEF(0xAE83063E, 0x457538AB), + BN_DEF(0x2C6DF785, 0x767DC282), + BN_DEF(0xEF8E5D32, 0xD42A90D5), + BN_DEF(0x82283D19, 0xD6998B86), + BN_DEF(0x45556216, 0x0AB9472D), + BN_DEF(0x4C7D0288, 0x8AE9130C), + BN_DEF(0x754AB572, 0x1CCAA4BE), + BN_DEF(0x4AAC0B8C, 0xEF15E5FB), + BN_DEF(0x37A62964, 0xDAE2AEF8), + BN_DEF(0x7603D147, 0xCD93C1D1), + BN_DEF(0x0C074301, 0xF1CF3B96), + BN_DEF(0x171B671D, 0x19482F23), + BN_DEF(0x650C10BE, 0x78BA3604), + BN_DEF(0x255E4C02, 0xB3861AA7), + BN_DEF(0xB84B4B36, 0xCF6A9483), + BN_DEF(0x1042A95D, 0x0E3179AB), + BN_DEF(0xEE51D6CB, 0xC1B2AE91), + BN_DEF(0x7E9267AF, 0x348B1FD4), + BN_DEF(0x0E2AE9CD, 0xCC6D241B), + BN_DEF(0x50B1DF82, 0xE1003E5C), + BN_DEF(0xF6722D9E, 0x24943328), + BN_DEF(0xBE258FF3, 0xD74F9208), + BN_DEF(0xAD44CFD2, 0xF71C35FD), + BN_DEF(0x7A035BF6, 0x85FFAE5B), + BN_DEF(0xD31BF6B5, 0x7A262174), + BN_DEF(0x312F3F63, 0xF242DABB), + BN_DEF(0xB6A8E122, 0xA7F09AB6), + BN_DEF(0xF92F8A1B, 0x98158536), + BN_DEF(0xE69D218D, 0xF7CA8CD9), + BN_DEF(0xC71A026E, 0x28A5043C), + BN_DEF(0x1D89CD91, 0x0105DF53), + BN_DEF(0x4533E63A, 0x94812704), + BN_DEF(0xC06E0E68, 0x62633145), + BN_DEF(0x10B4611A, 0xE487ED51), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; /*- @@ -303,54 +375,102 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG modp_6144_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x36E62012, 0x734A7C8F), - BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3), - BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6), - BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E), - BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7), - BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF), - BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB), - BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF), - BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817), - BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A), - BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00), - BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23), - BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5), - BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6), - BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03), - BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59), - BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4), - BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), - BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), - BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), - BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), - BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), - BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), - BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), - BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), - BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), - BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), - BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), - BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), - BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), - BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), - BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), - BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0x36E62012, 0x734A7C8F), + BN_DEF(0x85BA3A6B, 0x095F96AD), + BN_DEF(0x1FA43077, 0x021F47B3), + BN_DEF(0xB71E0234, 0x1C3FF46B), + BN_DEF(0x17794B19, 0x6D2B64F6), + BN_DEF(0xD189EAAE, 0x758CE658), + BN_DEF(0xC50FDFF8, 0x7AA8551E), + BN_DEF(0xDBE2ED3B, 0x0350EAC5), + BN_DEF(0x794DF194, 0x53CB8AF7), + BN_DEF(0x07C01BF0, 0x0A662F69), + BN_DEF(0x5FA470EC, 0x6647B6BF), + BN_DEF(0x15A0AA55, 0xA5EA03D9), + BN_DEF(0xFFAC2D62, 0x078EA2DB), + BN_DEF(0x1B66445F, 0x91D4BD3F), + BN_DEF(0xDF63F479, 0x2CF3E4BF), + BN_DEF(0xC8058E4F, 0x5AD42018), + BN_DEF(0xA34C0641, 0x6AAF3817), + BN_DEF(0x373A7F7B, 0xFA416BE7), + BN_DEF(0xE8B90E81, 0x7819750A), + BN_DEF(0xE325C976, 0xACC1E500), + BN_DEF(0x9BC6695F, 0x37DC7A00), + BN_DEF(0x95EBD7A1, 0x999028A8), + BN_DEF(0xF36612A5, 0xEDBF8A23), + BN_DEF(0x676A5D8D, 0xA267365D), + BN_DEF(0xE7CD8A76, 0x6D1F6DF5), + BN_DEF(0x432D448C, 0x8BCB93D8), + BN_DEF(0xC813EC18, 0x583529F6), + BN_DEF(0xA09800D7, 0x72ED9C17), + BN_DEF(0x56CF2987, 0xFC7FCA03), + BN_DEF(0x1EDD1BDE, 0x64BA8F3B), + BN_DEF(0x3013236F, 0x60EA6E59), + BN_DEF(0x693E3813, 0x1B61FD5A), + BN_DEF(0x9A014249, 0xA6FA1AE4), + BN_DEF(0x48536047, 0xC37FDBEE), + BN_DEF(0x46C7EEE0, 0xC9DA754C), + BN_DEF(0xEAD82D54, 0x68034893), + BN_DEF(0x10B8240E, 0xDC0DEEBB), + BN_DEF(0x67716BD7, 0x8FB094B8), + BN_DEF(0x28ADF3F6, 0x119DD0C3), + BN_DEF(0xD04861D1, 0xCCD94B27), + BN_DEF(0xA735E02E, 0x143E2CA3), + BN_DEF(0x0FDF6553, 0x97477E0A), + BN_DEF(0x826F477C, 0x6DDDE16D), + BN_DEF(0x156A2674, 0x12C1F4E5), + BN_DEF(0x5B0A85ED, 0x0D4A341A), + BN_DEF(0x357A711E, 0x4CE1938C), + BN_DEF(0x5EDD2D93, 0xC438CD08), + BN_DEF(0x53C3F36B, 0x8D391E09), + BN_DEF(0x54908400, 0x25C16890), + BN_DEF(0x707E8847, 0xA1EDADFE), + BN_DEF(0x3A72D598, 0x047127D0), + BN_DEF(0x5D6CA371, 0x3B84C460), + BN_DEF(0xBD30AEB6, 0x5DF08BAB), + BN_DEF(0x0BBD9006, 0x290F958C), + BN_DEF(0x9F643532, 0x6C3B0139), + BN_DEF(0x6CC50432, 0xF897FD03), + BN_DEF(0x0D697735, 0xE771E913), + BN_DEF(0x2512B0CE, 0x8F464A70), + BN_DEF(0x6D8499EB, 0xD5FAD746), + BN_DEF(0xD370F263, 0xD9CB87C2), + BN_DEF(0xAE83063E, 0x457538AB), + BN_DEF(0x2C6DF785, 0x767DC282), + BN_DEF(0xEF8E5D32, 0xD42A90D5), + BN_DEF(0x82283D19, 0xD6998B86), + BN_DEF(0x45556216, 0x0AB9472D), + BN_DEF(0x4C7D0288, 0x8AE9130C), + BN_DEF(0x754AB572, 0x1CCAA4BE), + BN_DEF(0x4AAC0B8C, 0xEF15E5FB), + BN_DEF(0x37A62964, 0xDAE2AEF8), + BN_DEF(0x7603D147, 0xCD93C1D1), + BN_DEF(0x0C074301, 0xF1CF3B96), + BN_DEF(0x171B671D, 0x19482F23), + BN_DEF(0x650C10BE, 0x78BA3604), + BN_DEF(0x255E4C02, 0xB3861AA7), + BN_DEF(0xB84B4B36, 0xCF6A9483), + BN_DEF(0x1042A95D, 0x0E3179AB), + BN_DEF(0xEE51D6CB, 0xC1B2AE91), + BN_DEF(0x7E9267AF, 0x348B1FD4), + BN_DEF(0x0E2AE9CD, 0xCC6D241B), + BN_DEF(0x50B1DF82, 0xE1003E5C), + BN_DEF(0xF6722D9E, 0x24943328), + BN_DEF(0xBE258FF3, 0xD74F9208), + BN_DEF(0xAD44CFD2, 0xF71C35FD), + BN_DEF(0x7A035BF6, 0x85FFAE5B), + BN_DEF(0xD31BF6B5, 0x7A262174), + BN_DEF(0x312F3F63, 0xF242DABB), + BN_DEF(0xB6A8E122, 0xA7F09AB6), + BN_DEF(0xF92F8A1B, 0x98158536), + BN_DEF(0xE69D218D, 0xF7CA8CD9), + BN_DEF(0xC71A026E, 0x28A5043C), + BN_DEF(0x1D89CD91, 0x0105DF53), + BN_DEF(0x4533E63A, 0x94812704), + BN_DEF(0xC06E0E68, 0x62633145), + BN_DEF(0x10B4611A, 0xE487ED51), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; /* @@ -428,70 +548,134 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG modp_8192_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCC76E9EF, 0xB064C06E), - BN_DEF(0x405CB738, 0xE40FAB74), BN_DEF(0x3B2B4A6F, 0x4F182871), - BN_DEF(0xAB3BF4D5, 0xCAAC7223), BN_DEF(0x7E013723, 0xE48C86D3), - BN_DEF(0x6AF71C15, 0xC44D0017), BN_DEF(0xA40E366B, 0x2004A1C5), - BN_DEF(0x75C3CFC9, 0x1AC8237A), BN_DEF(0x8F67D134, 0xFD79B5E1), - BN_DEF(0xBF73A6B9, 0xD8EA885E), BN_DEF(0xAEF6BF50, 0xFCD5A40C), - BN_DEF(0x8423428E, 0xB2798E62), BN_DEF(0xD012AEE0, 0x22CBF44C), - BN_DEF(0x3A55B51B, 0xEF988770), BN_DEF(0x1FA27C16, 0x369509FC), - BN_DEF(0xD9D13C53, 0x03159E7A), BN_DEF(0xF6ADEE9D, 0x3CB41981), - BN_DEF(0xD16043F4, 0xFD4EA5BF), BN_DEF(0x17C1C2EE, 0xA5E5E443), - BN_DEF(0x36751835, 0x9A39FE32), BN_DEF(0x0D11F863, 0x89F5ABD4), - BN_DEF(0x5201BE03, 0x91111702), BN_DEF(0x7E42456C, 0xF1FEDC5F), - BN_DEF(0xF1CEB296, 0x11C78B65), BN_DEF(0x15F8E4BC, 0x1A11DA3A), - BN_DEF(0x2D727AB4, 0x1D55B1CE), BN_DEF(0xB5D21233, 0x92BB7B49), - BN_DEF(0xC57E23F6, 0x3A0FD3DF), BN_DEF(0x46CEE980, 0x1DE4195B), - BN_DEF(0x39DC98DD, 0x6C5F6268), BN_DEF(0x54996FC6, 0x1C3BBE5B), - BN_DEF(0x897F72F2, 0xBA51C937), BN_DEF(0x36DF08AC, 0x734A7C8F), - BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3), - BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6), - BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E), - BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7), - BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF), - BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB), - BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF), - BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817), - BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A), - BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00), - BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23), - BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5), - BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6), - BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03), - BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59), - BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4), - BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), - BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), - BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), - BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), - BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), - BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), - BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), - BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), - BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), - BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), - BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), - BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), - BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), - BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), - BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), - BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), + BN_DEF(0xCC76E9EF, 0xB064C06E), + BN_DEF(0x405CB738, 0xE40FAB74), + BN_DEF(0x3B2B4A6F, 0x4F182871), + BN_DEF(0xAB3BF4D5, 0xCAAC7223), + BN_DEF(0x7E013723, 0xE48C86D3), + BN_DEF(0x6AF71C15, 0xC44D0017), + BN_DEF(0xA40E366B, 0x2004A1C5), + BN_DEF(0x75C3CFC9, 0x1AC8237A), + BN_DEF(0x8F67D134, 0xFD79B5E1), + BN_DEF(0xBF73A6B9, 0xD8EA885E), + BN_DEF(0xAEF6BF50, 0xFCD5A40C), + BN_DEF(0x8423428E, 0xB2798E62), + BN_DEF(0xD012AEE0, 0x22CBF44C), + BN_DEF(0x3A55B51B, 0xEF988770), + BN_DEF(0x1FA27C16, 0x369509FC), + BN_DEF(0xD9D13C53, 0x03159E7A), + BN_DEF(0xF6ADEE9D, 0x3CB41981), + BN_DEF(0xD16043F4, 0xFD4EA5BF), + BN_DEF(0x17C1C2EE, 0xA5E5E443), + BN_DEF(0x36751835, 0x9A39FE32), + BN_DEF(0x0D11F863, 0x89F5ABD4), + BN_DEF(0x5201BE03, 0x91111702), + BN_DEF(0x7E42456C, 0xF1FEDC5F), + BN_DEF(0xF1CEB296, 0x11C78B65), + BN_DEF(0x15F8E4BC, 0x1A11DA3A), + BN_DEF(0x2D727AB4, 0x1D55B1CE), + BN_DEF(0xB5D21233, 0x92BB7B49), + BN_DEF(0xC57E23F6, 0x3A0FD3DF), + BN_DEF(0x46CEE980, 0x1DE4195B), + BN_DEF(0x39DC98DD, 0x6C5F6268), + BN_DEF(0x54996FC6, 0x1C3BBE5B), + BN_DEF(0x897F72F2, 0xBA51C937), + BN_DEF(0x36DF08AC, 0x734A7C8F), + BN_DEF(0x85BA3A6B, 0x095F96AD), + BN_DEF(0x1FA43077, 0x021F47B3), + BN_DEF(0xB71E0234, 0x1C3FF46B), + BN_DEF(0x17794B19, 0x6D2B64F6), + BN_DEF(0xD189EAAE, 0x758CE658), + BN_DEF(0xC50FDFF8, 0x7AA8551E), + BN_DEF(0xDBE2ED3B, 0x0350EAC5), + BN_DEF(0x794DF194, 0x53CB8AF7), + BN_DEF(0x07C01BF0, 0x0A662F69), + BN_DEF(0x5FA470EC, 0x6647B6BF), + BN_DEF(0x15A0AA55, 0xA5EA03D9), + BN_DEF(0xFFAC2D62, 0x078EA2DB), + BN_DEF(0x1B66445F, 0x91D4BD3F), + BN_DEF(0xDF63F479, 0x2CF3E4BF), + BN_DEF(0xC8058E4F, 0x5AD42018), + BN_DEF(0xA34C0641, 0x6AAF3817), + BN_DEF(0x373A7F7B, 0xFA416BE7), + BN_DEF(0xE8B90E81, 0x7819750A), + BN_DEF(0xE325C976, 0xACC1E500), + BN_DEF(0x9BC6695F, 0x37DC7A00), + BN_DEF(0x95EBD7A1, 0x999028A8), + BN_DEF(0xF36612A5, 0xEDBF8A23), + BN_DEF(0x676A5D8D, 0xA267365D), + BN_DEF(0xE7CD8A76, 0x6D1F6DF5), + BN_DEF(0x432D448C, 0x8BCB93D8), + BN_DEF(0xC813EC18, 0x583529F6), + BN_DEF(0xA09800D7, 0x72ED9C17), + BN_DEF(0x56CF2987, 0xFC7FCA03), + BN_DEF(0x1EDD1BDE, 0x64BA8F3B), + BN_DEF(0x3013236F, 0x60EA6E59), + BN_DEF(0x693E3813, 0x1B61FD5A), + BN_DEF(0x9A014249, 0xA6FA1AE4), + BN_DEF(0x48536047, 0xC37FDBEE), + BN_DEF(0x46C7EEE0, 0xC9DA754C), + BN_DEF(0xEAD82D54, 0x68034893), + BN_DEF(0x10B8240E, 0xDC0DEEBB), + BN_DEF(0x67716BD7, 0x8FB094B8), + BN_DEF(0x28ADF3F6, 0x119DD0C3), + BN_DEF(0xD04861D1, 0xCCD94B27), + BN_DEF(0xA735E02E, 0x143E2CA3), + BN_DEF(0x0FDF6553, 0x97477E0A), + BN_DEF(0x826F477C, 0x6DDDE16D), + BN_DEF(0x156A2674, 0x12C1F4E5), + BN_DEF(0x5B0A85ED, 0x0D4A341A), + BN_DEF(0x357A711E, 0x4CE1938C), + BN_DEF(0x5EDD2D93, 0xC438CD08), + BN_DEF(0x53C3F36B, 0x8D391E09), + BN_DEF(0x54908400, 0x25C16890), + BN_DEF(0x707E8847, 0xA1EDADFE), + BN_DEF(0x3A72D598, 0x047127D0), + BN_DEF(0x5D6CA371, 0x3B84C460), + BN_DEF(0xBD30AEB6, 0x5DF08BAB), + BN_DEF(0x0BBD9006, 0x290F958C), + BN_DEF(0x9F643532, 0x6C3B0139), + BN_DEF(0x6CC50432, 0xF897FD03), + BN_DEF(0x0D697735, 0xE771E913), + BN_DEF(0x2512B0CE, 0x8F464A70), + BN_DEF(0x6D8499EB, 0xD5FAD746), + BN_DEF(0xD370F263, 0xD9CB87C2), + BN_DEF(0xAE83063E, 0x457538AB), + BN_DEF(0x2C6DF785, 0x767DC282), + BN_DEF(0xEF8E5D32, 0xD42A90D5), + BN_DEF(0x82283D19, 0xD6998B86), + BN_DEF(0x45556216, 0x0AB9472D), + BN_DEF(0x4C7D0288, 0x8AE9130C), + BN_DEF(0x754AB572, 0x1CCAA4BE), + BN_DEF(0x4AAC0B8C, 0xEF15E5FB), + BN_DEF(0x37A62964, 0xDAE2AEF8), + BN_DEF(0x7603D147, 0xCD93C1D1), + BN_DEF(0x0C074301, 0xF1CF3B96), + BN_DEF(0x171B671D, 0x19482F23), + BN_DEF(0x650C10BE, 0x78BA3604), + BN_DEF(0x255E4C02, 0xB3861AA7), + BN_DEF(0xB84B4B36, 0xCF6A9483), + BN_DEF(0x1042A95D, 0x0E3179AB), + BN_DEF(0xEE51D6CB, 0xC1B2AE91), + BN_DEF(0x7E9267AF, 0x348B1FD4), + BN_DEF(0x0E2AE9CD, 0xCC6D241B), + BN_DEF(0x50B1DF82, 0xE1003E5C), + BN_DEF(0xF6722D9E, 0x24943328), + BN_DEF(0xBE258FF3, 0xD74F9208), + BN_DEF(0xAD44CFD2, 0xF71C35FD), + BN_DEF(0x7A035BF6, 0x85FFAE5B), + BN_DEF(0xD31BF6B5, 0x7A262174), + BN_DEF(0x312F3F63, 0xF242DABB), + BN_DEF(0xB6A8E122, 0xA7F09AB6), + BN_DEF(0xF92F8A1B, 0x98158536), + BN_DEF(0xE69D218D, 0xF7CA8CD9), + BN_DEF(0xC71A026E, 0x28A5043C), + BN_DEF(0x1D89CD91, 0x0105DF53), + BN_DEF(0x4533E63A, 0x94812704), + BN_DEF(0xC06E0E68, 0x62633145), + BN_DEF(0x10B4611A, 0xE487ED51), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; /* DH parameters from RFC5114 */ @@ -623,22 +807,38 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG ffdhe2048_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x30942E4B, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), + BN_DEF(0x30942E4B, 0x4435A11C), + BN_DEF(0x60D977FD, 0x6379A513), + BN_DEF(0xBE8B41D9, 0xE2C778C1), + BN_DEF(0x17611002, 0x9DDAFE5E), + BN_DEF(0xA637D6B9, 0xE1FF1D8D), + BN_DEF(0x777940C1, 0xC7278919), + BN_DEF(0x74C2C1FF, 0xC8B97F4E), + BN_DEF(0x941A17B0, 0x601A0266), + BN_DEF(0xE6FBF176, 0x4F017E70), + BN_DEF(0x770536B8, 0x8583D3E4), + BN_DEF(0xB1B95D8C, 0x572B76F3), + BN_DEF(0xEF1CA6FA, 0x0EA7A151), + BN_DEF(0xB06BFA34, 0xDCB56D5B), + BN_DEF(0xD96471FD, 0xE88454A5), + BN_DEF(0x59927DB0, 0x5E0558C1), + BN_DEF(0xA41D3CBD, 0x98566527), + BN_DEF(0x9B56F39A, 0x0EF8AC50), + BN_DEF(0x79F7F439, 0xF15344ED), + BN_DEF(0x707345BB, 0xCC278638), + BN_DEF(0x3FABE49A, 0xDAAB89AF), + BN_DEF(0x9EF68D79, 0x42B1B2AA), + BN_DEF(0xAF833768, 0x9219FA8F), + BN_DEF(0xEAFEB2B0, 0x69EF8F6A), + BN_DEF(0x576230BD, 0x7B40D901), + BN_DEF(0xB1863AEC, 0xBE97F1B1), + BN_DEF(0x124D9F7C, 0xE649CEE7), + BN_DEF(0x8A3219FD, 0xD4F09B20), + BN_DEF(0xE7169B4A, 0xEC5CE2C1), + BN_DEF(0x139E9E78, 0x57EE2B10), + BN_DEF(0x515DA54D, 0xD6FC2A2C), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; static const BN_ULONG ffdhe3072_p[] = { @@ -669,30 +869,54 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG ffdhe3072_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xB363171B, 0x12F20E95), - BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), - BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), - BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), - BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), - BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), - BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), - BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), - BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), + BN_DEF(0xB363171B, 0x12F20E95), + BN_DEF(0x1FEACEBE, 0x9E0D9077), + BN_DEF(0xFD29EEF7, 0x055E6835), + BN_DEF(0x6AE22427, 0x0EDFCD21), + BN_DEF(0xCD86F56D, 0xD5E290CB), + BN_DEF(0x911B1D06, 0x743695E2), + BN_DEF(0xCE4EFB4F, 0xAE574155), + BN_DEF(0x38FAA5FF, 0xB279710F), + BN_DEF(0x716BA6E9, 0x7A7EA229), + BN_DEF(0xDE21BCA2, 0x5A098649), + BN_DEF(0xC289C938, 0x577F0984), + BN_DEF(0x60C36C8E, 0x2CC6587D), + BN_DEF(0x48FBFBF7, 0xBD6C8E93), + BN_DEF(0xEB736483, 0x30DA37E4), + BN_DEF(0x7CCE011C, 0xDE1A7A6F), + BN_DEF(0xB28C81AD, 0x6F1AAD9D), + BN_DEF(0x308FE7EE, 0x4435A11C), + BN_DEF(0x60D977FD, 0x6379A513), + BN_DEF(0xBE8B41D9, 0xE2C778C1), + BN_DEF(0x17611002, 0x9DDAFE5E), + BN_DEF(0xA637D6B9, 0xE1FF1D8D), + BN_DEF(0x777940C1, 0xC7278919), + BN_DEF(0x74C2C1FF, 0xC8B97F4E), + BN_DEF(0x941A17B0, 0x601A0266), + BN_DEF(0xE6FBF176, 0x4F017E70), + BN_DEF(0x770536B8, 0x8583D3E4), + BN_DEF(0xB1B95D8C, 0x572B76F3), + BN_DEF(0xEF1CA6FA, 0x0EA7A151), + BN_DEF(0xB06BFA34, 0xDCB56D5B), + BN_DEF(0xD96471FD, 0xE88454A5), + BN_DEF(0x59927DB0, 0x5E0558C1), + BN_DEF(0xA41D3CBD, 0x98566527), + BN_DEF(0x9B56F39A, 0x0EF8AC50), + BN_DEF(0x79F7F439, 0xF15344ED), + BN_DEF(0x707345BB, 0xCC278638), + BN_DEF(0x3FABE49A, 0xDAAB89AF), + BN_DEF(0x9EF68D79, 0x42B1B2AA), + BN_DEF(0xAF833768, 0x9219FA8F), + BN_DEF(0xEAFEB2B0, 0x69EF8F6A), + BN_DEF(0x576230BD, 0x7B40D901), + BN_DEF(0xB1863AEC, 0xBE97F1B1), + BN_DEF(0x124D9F7C, 0xE649CEE7), + BN_DEF(0x8A3219FD, 0xD4F09B20), + BN_DEF(0xE7169B4A, 0xEC5CE2C1), + BN_DEF(0x139E9E78, 0x57EE2B10), + BN_DEF(0x515DA54D, 0xD6FC2A2C), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; static const BN_ULONG ffdhe4096_p[] = { @@ -731,38 +955,70 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG ffdhe4096_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x2F32AFB5, 0xE345003F), - BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), - BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), - BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), - BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), - BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), - BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), - BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), - BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), - BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), - BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), - BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), - BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), - BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), - BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), - BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), - BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0x2F32AFB5, 0xE345003F), + BN_DEF(0xFA20C170, 0xA6DAD428), + BN_DEF(0x3FC45235, 0xC764DAAD), + BN_DEF(0xE764BEE7, 0x054148E6), + BN_DEF(0xFCC68566, 0x15276754), + BN_DEF(0xB8A0001E, 0x0D0EDC9E), + BN_DEF(0x99E5C5BD, 0x0494CCD1), + BN_DEF(0xB8D6801C, 0x36E3BC7C), + BN_DEF(0x48C09862, 0x5483B005), + BN_DEF(0x96CF3419, 0x76B50F00), + BN_DEF(0x77DA18C5, 0x389AE443), + BN_DEF(0xBF18E63D, 0x43FAADD2), + BN_DEF(0xAA81A002, 0x3BB1E78E), + BN_DEF(0x6B4FB68C, 0x563EAFA1), + BN_DEF(0x72C42BDB, 0xBC9874F2), + BN_DEF(0x8B26FA7D, 0xB737A961), + BN_DEF(0xB34F0F78, 0x12F20E95), + BN_DEF(0x1FEACEBE, 0x9E0D9077), + BN_DEF(0xFD29EEF7, 0x055E6835), + BN_DEF(0x6AE22427, 0x0EDFCD21), + BN_DEF(0xCD86F56D, 0xD5E290CB), + BN_DEF(0x911B1D06, 0x743695E2), + BN_DEF(0xCE4EFB4F, 0xAE574155), + BN_DEF(0x38FAA5FF, 0xB279710F), + BN_DEF(0x716BA6E9, 0x7A7EA229), + BN_DEF(0xDE21BCA2, 0x5A098649), + BN_DEF(0xC289C938, 0x577F0984), + BN_DEF(0x60C36C8E, 0x2CC6587D), + BN_DEF(0x48FBFBF7, 0xBD6C8E93), + BN_DEF(0xEB736483, 0x30DA37E4), + BN_DEF(0x7CCE011C, 0xDE1A7A6F), + BN_DEF(0xB28C81AD, 0x6F1AAD9D), + BN_DEF(0x308FE7EE, 0x4435A11C), + BN_DEF(0x60D977FD, 0x6379A513), + BN_DEF(0xBE8B41D9, 0xE2C778C1), + BN_DEF(0x17611002, 0x9DDAFE5E), + BN_DEF(0xA637D6B9, 0xE1FF1D8D), + BN_DEF(0x777940C1, 0xC7278919), + BN_DEF(0x74C2C1FF, 0xC8B97F4E), + BN_DEF(0x941A17B0, 0x601A0266), + BN_DEF(0xE6FBF176, 0x4F017E70), + BN_DEF(0x770536B8, 0x8583D3E4), + BN_DEF(0xB1B95D8C, 0x572B76F3), + BN_DEF(0xEF1CA6FA, 0x0EA7A151), + BN_DEF(0xB06BFA34, 0xDCB56D5B), + BN_DEF(0xD96471FD, 0xE88454A5), + BN_DEF(0x59927DB0, 0x5E0558C1), + BN_DEF(0xA41D3CBD, 0x98566527), + BN_DEF(0x9B56F39A, 0x0EF8AC50), + BN_DEF(0x79F7F439, 0xF15344ED), + BN_DEF(0x707345BB, 0xCC278638), + BN_DEF(0x3FABE49A, 0xDAAB89AF), + BN_DEF(0x9EF68D79, 0x42B1B2AA), + BN_DEF(0xAF833768, 0x9219FA8F), + BN_DEF(0xEAFEB2B0, 0x69EF8F6A), + BN_DEF(0x576230BD, 0x7B40D901), + BN_DEF(0xB1863AEC, 0xBE97F1B1), + BN_DEF(0x124D9F7C, 0xE649CEE7), + BN_DEF(0x8A3219FD, 0xD4F09B20), + BN_DEF(0xE7169B4A, 0xEC5CE2C1), + BN_DEF(0x139E9E78, 0x57EE2B10), + BN_DEF(0x515DA54D, 0xD6FC2A2C), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; static const BN_ULONG ffdhe6144_p[] = { @@ -817,54 +1073,102 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG ffdhe6144_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x68720732, 0x5207194E), - BN_DEF(0xBC9C6D6A, 0xD20EAB86), BN_DEF(0x6A18B0E0, 0xB1534A93), - BN_DEF(0x4D6D8F34, 0x1FEEA547), BN_DEF(0xEE35C06B, 0x2D9DB8FC), - BN_DEF(0x63139582, 0xF64E8C08), BN_DEF(0xE5677A01, 0xC66796EA), - BN_DEF(0xE4ADC88B, 0x724FA91A), BN_DEF(0xDC2A19C5, 0x282EE416), - BN_DEF(0x8AB15423, 0x31149618), BN_DEF(0x3573BFAF, 0x6B9581BA), - BN_DEF(0xA316A9C6, 0x7CE4848D), BN_DEF(0x23D33E5F, 0x05746DAC), - BN_DEF(0x91308B41, 0x59D39CE0), BN_DEF(0x95140DFB, 0x77556011), - BN_DEF(0x3BE57CC9, 0xCA63328F), BN_DEF(0xCA595DE0, 0x3B1F2725), - BN_DEF(0x003BECDA, 0xAC3F1C6D), BN_DEF(0x0C1811E1, 0x3FD94FC6), - BN_DEF(0xFCF1D137, 0x855F60FF), BN_DEF(0x1A8288F1, 0x50077849), - BN_DEF(0x6DB1A06C, 0x5C2A9917), BN_DEF(0xD4D4B488, 0xD29238FB), - BN_DEF(0xA67EDA3B, 0x9C40A3FD), BN_DEF(0x2723020F, 0xCD8FAE1F), - BN_DEF(0xFE67F638, 0x66D6832B), BN_DEF(0xA6380E1D, 0x59C74619), - BN_DEF(0x58E07EA6, 0x48BDEEB2), BN_DEF(0x4DBB1264, 0x1DDA2A19), - BN_DEF(0x657A9F53, 0x11DD2221), BN_DEF(0x1C29951D, 0x2733BE96), - BN_DEF(0x2281B63D, 0x05FEB25B), BN_DEF(0x2F06EC81, 0xE345003F), - BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), - BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), - BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), - BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), - BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), - BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), - BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), - BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), - BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), - BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), - BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), - BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), - BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), - BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), - BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), - BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), + BN_DEF(0x68720732, 0x5207194E), + BN_DEF(0xBC9C6D6A, 0xD20EAB86), + BN_DEF(0x6A18B0E0, 0xB1534A93), + BN_DEF(0x4D6D8F34, 0x1FEEA547), + BN_DEF(0xEE35C06B, 0x2D9DB8FC), + BN_DEF(0x63139582, 0xF64E8C08), + BN_DEF(0xE5677A01, 0xC66796EA), + BN_DEF(0xE4ADC88B, 0x724FA91A), + BN_DEF(0xDC2A19C5, 0x282EE416), + BN_DEF(0x8AB15423, 0x31149618), + BN_DEF(0x3573BFAF, 0x6B9581BA), + BN_DEF(0xA316A9C6, 0x7CE4848D), + BN_DEF(0x23D33E5F, 0x05746DAC), + BN_DEF(0x91308B41, 0x59D39CE0), + BN_DEF(0x95140DFB, 0x77556011), + BN_DEF(0x3BE57CC9, 0xCA63328F), + BN_DEF(0xCA595DE0, 0x3B1F2725), + BN_DEF(0x003BECDA, 0xAC3F1C6D), + BN_DEF(0x0C1811E1, 0x3FD94FC6), + BN_DEF(0xFCF1D137, 0x855F60FF), + BN_DEF(0x1A8288F1, 0x50077849), + BN_DEF(0x6DB1A06C, 0x5C2A9917), + BN_DEF(0xD4D4B488, 0xD29238FB), + BN_DEF(0xA67EDA3B, 0x9C40A3FD), + BN_DEF(0x2723020F, 0xCD8FAE1F), + BN_DEF(0xFE67F638, 0x66D6832B), + BN_DEF(0xA6380E1D, 0x59C74619), + BN_DEF(0x58E07EA6, 0x48BDEEB2), + BN_DEF(0x4DBB1264, 0x1DDA2A19), + BN_DEF(0x657A9F53, 0x11DD2221), + BN_DEF(0x1C29951D, 0x2733BE96), + BN_DEF(0x2281B63D, 0x05FEB25B), + BN_DEF(0x2F06EC81, 0xE345003F), + BN_DEF(0xFA20C170, 0xA6DAD428), + BN_DEF(0x3FC45235, 0xC764DAAD), + BN_DEF(0xE764BEE7, 0x054148E6), + BN_DEF(0xFCC68566, 0x15276754), + BN_DEF(0xB8A0001E, 0x0D0EDC9E), + BN_DEF(0x99E5C5BD, 0x0494CCD1), + BN_DEF(0xB8D6801C, 0x36E3BC7C), + BN_DEF(0x48C09862, 0x5483B005), + BN_DEF(0x96CF3419, 0x76B50F00), + BN_DEF(0x77DA18C5, 0x389AE443), + BN_DEF(0xBF18E63D, 0x43FAADD2), + BN_DEF(0xAA81A002, 0x3BB1E78E), + BN_DEF(0x6B4FB68C, 0x563EAFA1), + BN_DEF(0x72C42BDB, 0xBC9874F2), + BN_DEF(0x8B26FA7D, 0xB737A961), + BN_DEF(0xB34F0F78, 0x12F20E95), + BN_DEF(0x1FEACEBE, 0x9E0D9077), + BN_DEF(0xFD29EEF7, 0x055E6835), + BN_DEF(0x6AE22427, 0x0EDFCD21), + BN_DEF(0xCD86F56D, 0xD5E290CB), + BN_DEF(0x911B1D06, 0x743695E2), + BN_DEF(0xCE4EFB4F, 0xAE574155), + BN_DEF(0x38FAA5FF, 0xB279710F), + BN_DEF(0x716BA6E9, 0x7A7EA229), + BN_DEF(0xDE21BCA2, 0x5A098649), + BN_DEF(0xC289C938, 0x577F0984), + BN_DEF(0x60C36C8E, 0x2CC6587D), + BN_DEF(0x48FBFBF7, 0xBD6C8E93), + BN_DEF(0xEB736483, 0x30DA37E4), + BN_DEF(0x7CCE011C, 0xDE1A7A6F), + BN_DEF(0xB28C81AD, 0x6F1AAD9D), + BN_DEF(0x308FE7EE, 0x4435A11C), + BN_DEF(0x60D977FD, 0x6379A513), + BN_DEF(0xBE8B41D9, 0xE2C778C1), + BN_DEF(0x17611002, 0x9DDAFE5E), + BN_DEF(0xA637D6B9, 0xE1FF1D8D), + BN_DEF(0x777940C1, 0xC7278919), + BN_DEF(0x74C2C1FF, 0xC8B97F4E), + BN_DEF(0x941A17B0, 0x601A0266), + BN_DEF(0xE6FBF176, 0x4F017E70), + BN_DEF(0x770536B8, 0x8583D3E4), + BN_DEF(0xB1B95D8C, 0x572B76F3), + BN_DEF(0xEF1CA6FA, 0x0EA7A151), + BN_DEF(0xB06BFA34, 0xDCB56D5B), + BN_DEF(0xD96471FD, 0xE88454A5), + BN_DEF(0x59927DB0, 0x5E0558C1), + BN_DEF(0xA41D3CBD, 0x98566527), + BN_DEF(0x9B56F39A, 0x0EF8AC50), + BN_DEF(0x79F7F439, 0xF15344ED), + BN_DEF(0x707345BB, 0xCC278638), + BN_DEF(0x3FABE49A, 0xDAAB89AF), + BN_DEF(0x9EF68D79, 0x42B1B2AA), + BN_DEF(0xAF833768, 0x9219FA8F), + BN_DEF(0xEAFEB2B0, 0x69EF8F6A), + BN_DEF(0x576230BD, 0x7B40D901), + BN_DEF(0xB1863AEC, 0xBE97F1B1), + BN_DEF(0x124D9F7C, 0xE649CEE7), + BN_DEF(0x8A3219FD, 0xD4F09B20), + BN_DEF(0xE7169B4A, 0xEC5CE2C1), + BN_DEF(0x139E9E78, 0x57EE2B10), + BN_DEF(0x515DA54D, 0xD6FC2A2C), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; static const BN_ULONG ffdhe8192_p[] = { @@ -935,81 +1239,146 @@ }; /* q = (p - 1) / 2 */ static const BN_ULONG ffdhe8192_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0xE2E32126, 0x6B4645DB), - BN_DEF(0x41C7FC46, 0x008F154A), BN_DEF(0x54FA30A7, 0x84117283), - BN_DEF(0xFBD4221E, 0xCBE88EA4), BN_DEF(0x9833BF86, 0x535DFEF2), - BN_DEF(0x60FF437F, 0x17BA0F7C), BN_DEF(0x2EB8D43F, 0x7D7D5F0E), - BN_DEF(0xFDF2C518, 0x6F697DD5), BN_DEF(0x39585337, 0x5B42AEFF), - BN_DEF(0x5D4527F4, 0x8F7E4670), BN_DEF(0x1F97D22B, 0xC1FC0EA5), - BN_DEF(0xD2BBF118, 0x50FF183A), BN_DEF(0x446CE050, 0xEADC00CA), - BN_DEF(0xD6CD4AFC, 0xB1240B66), BN_DEF(0x286090BD, 0x4CF4F18B), - BN_DEF(0x07211E7E, 0x28D5348F), BN_DEF(0x1C137296, 0x0E10BF36), - BN_DEF(0x84B81FF7, 0x28D45498), BN_DEF(0xB523073A, 0x5DB84CC3), - BN_DEF(0x4E435811, 0xAA0FE346), BN_DEF(0x237EC128, 0x2C8B0660), - BN_DEF(0x1AE1AFAE, 0x1423605D), BN_DEF(0xC5BAC141, 0x2A282563), - BN_DEF(0xE95782F2, 0x149C441C), BN_DEF(0x600DEB81, 0xE596078E), - BN_DEF(0x3E499332, 0xAAAD97BA), BN_DEF(0x51D5C414, 0xC35B18A1), - BN_DEF(0xFB258877, 0x05C661DE), BN_DEF(0xF6E8E62F, 0xB43FF5B4), - BN_DEF(0x64A84EA1, 0x7ED91FE7), BN_DEF(0xECA8D732, 0x0F212D18), - BN_DEF(0x7B00641C, 0x1B568026), BN_DEF(0x67FA3555, 0x5207194E), - BN_DEF(0xBC9C6D6A, 0xD20EAB86), BN_DEF(0x6A18B0E0, 0xB1534A93), - BN_DEF(0x4D6D8F34, 0x1FEEA547), BN_DEF(0xEE35C06B, 0x2D9DB8FC), - BN_DEF(0x63139582, 0xF64E8C08), BN_DEF(0xE5677A01, 0xC66796EA), - BN_DEF(0xE4ADC88B, 0x724FA91A), BN_DEF(0xDC2A19C5, 0x282EE416), - BN_DEF(0x8AB15423, 0x31149618), BN_DEF(0x3573BFAF, 0x6B9581BA), - BN_DEF(0xA316A9C6, 0x7CE4848D), BN_DEF(0x23D33E5F, 0x05746DAC), - BN_DEF(0x91308B41, 0x59D39CE0), BN_DEF(0x95140DFB, 0x77556011), - BN_DEF(0x3BE57CC9, 0xCA63328F), BN_DEF(0xCA595DE0, 0x3B1F2725), - BN_DEF(0x003BECDA, 0xAC3F1C6D), BN_DEF(0x0C1811E1, 0x3FD94FC6), - BN_DEF(0xFCF1D137, 0x855F60FF), BN_DEF(0x1A8288F1, 0x50077849), - BN_DEF(0x6DB1A06C, 0x5C2A9917), BN_DEF(0xD4D4B488, 0xD29238FB), - BN_DEF(0xA67EDA3B, 0x9C40A3FD), BN_DEF(0x2723020F, 0xCD8FAE1F), - BN_DEF(0xFE67F638, 0x66D6832B), BN_DEF(0xA6380E1D, 0x59C74619), - BN_DEF(0x58E07EA6, 0x48BDEEB2), BN_DEF(0x4DBB1264, 0x1DDA2A19), - BN_DEF(0x657A9F53, 0x11DD2221), BN_DEF(0x1C29951D, 0x2733BE96), - BN_DEF(0x2281B63D, 0x05FEB25B), BN_DEF(0x2F06EC81, 0xE345003F), - BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), - BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), - BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), - BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), - BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), - BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), - BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), - BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), - BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), - BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), - BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), - BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), - BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), - BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), - BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), - BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), + BN_DEF(0xE2E32126, 0x6B4645DB), + BN_DEF(0x41C7FC46, 0x008F154A), + BN_DEF(0x54FA30A7, 0x84117283), + BN_DEF(0xFBD4221E, 0xCBE88EA4), + BN_DEF(0x9833BF86, 0x535DFEF2), + BN_DEF(0x60FF437F, 0x17BA0F7C), + BN_DEF(0x2EB8D43F, 0x7D7D5F0E), + BN_DEF(0xFDF2C518, 0x6F697DD5), + BN_DEF(0x39585337, 0x5B42AEFF), + BN_DEF(0x5D4527F4, 0x8F7E4670), + BN_DEF(0x1F97D22B, 0xC1FC0EA5), + BN_DEF(0xD2BBF118, 0x50FF183A), + BN_DEF(0x446CE050, 0xEADC00CA), + BN_DEF(0xD6CD4AFC, 0xB1240B66), + BN_DEF(0x286090BD, 0x4CF4F18B), + BN_DEF(0x07211E7E, 0x28D5348F), + BN_DEF(0x1C137296, 0x0E10BF36), + BN_DEF(0x84B81FF7, 0x28D45498), + BN_DEF(0xB523073A, 0x5DB84CC3), + BN_DEF(0x4E435811, 0xAA0FE346), + BN_DEF(0x237EC128, 0x2C8B0660), + BN_DEF(0x1AE1AFAE, 0x1423605D), + BN_DEF(0xC5BAC141, 0x2A282563), + BN_DEF(0xE95782F2, 0x149C441C), + BN_DEF(0x600DEB81, 0xE596078E), + BN_DEF(0x3E499332, 0xAAAD97BA), + BN_DEF(0x51D5C414, 0xC35B18A1), + BN_DEF(0xFB258877, 0x05C661DE), + BN_DEF(0xF6E8E62F, 0xB43FF5B4), + BN_DEF(0x64A84EA1, 0x7ED91FE7), + BN_DEF(0xECA8D732, 0x0F212D18), + BN_DEF(0x7B00641C, 0x1B568026), + BN_DEF(0x67FA3555, 0x5207194E), + BN_DEF(0xBC9C6D6A, 0xD20EAB86), + BN_DEF(0x6A18B0E0, 0xB1534A93), + BN_DEF(0x4D6D8F34, 0x1FEEA547), + BN_DEF(0xEE35C06B, 0x2D9DB8FC), + BN_DEF(0x63139582, 0xF64E8C08), + BN_DEF(0xE5677A01, 0xC66796EA), + BN_DEF(0xE4ADC88B, 0x724FA91A), + BN_DEF(0xDC2A19C5, 0x282EE416), + BN_DEF(0x8AB15423, 0x31149618), + BN_DEF(0x3573BFAF, 0x6B9581BA), + BN_DEF(0xA316A9C6, 0x7CE4848D), + BN_DEF(0x23D33E5F, 0x05746DAC), + BN_DEF(0x91308B41, 0x59D39CE0), + BN_DEF(0x95140DFB, 0x77556011), + BN_DEF(0x3BE57CC9, 0xCA63328F), + BN_DEF(0xCA595DE0, 0x3B1F2725), + BN_DEF(0x003BECDA, 0xAC3F1C6D), + BN_DEF(0x0C1811E1, 0x3FD94FC6), + BN_DEF(0xFCF1D137, 0x855F60FF), + BN_DEF(0x1A8288F1, 0x50077849), + BN_DEF(0x6DB1A06C, 0x5C2A9917), + BN_DEF(0xD4D4B488, 0xD29238FB), + BN_DEF(0xA67EDA3B, 0x9C40A3FD), + BN_DEF(0x2723020F, 0xCD8FAE1F), + BN_DEF(0xFE67F638, 0x66D6832B), + BN_DEF(0xA6380E1D, 0x59C74619), + BN_DEF(0x58E07EA6, 0x48BDEEB2), + BN_DEF(0x4DBB1264, 0x1DDA2A19), + BN_DEF(0x657A9F53, 0x11DD2221), + BN_DEF(0x1C29951D, 0x2733BE96), + BN_DEF(0x2281B63D, 0x05FEB25B), + BN_DEF(0x2F06EC81, 0xE345003F), + BN_DEF(0xFA20C170, 0xA6DAD428), + BN_DEF(0x3FC45235, 0xC764DAAD), + BN_DEF(0xE764BEE7, 0x054148E6), + BN_DEF(0xFCC68566, 0x15276754), + BN_DEF(0xB8A0001E, 0x0D0EDC9E), + BN_DEF(0x99E5C5BD, 0x0494CCD1), + BN_DEF(0xB8D6801C, 0x36E3BC7C), + BN_DEF(0x48C09862, 0x5483B005), + BN_DEF(0x96CF3419, 0x76B50F00), + BN_DEF(0x77DA18C5, 0x389AE443), + BN_DEF(0xBF18E63D, 0x43FAADD2), + BN_DEF(0xAA81A002, 0x3BB1E78E), + BN_DEF(0x6B4FB68C, 0x563EAFA1), + BN_DEF(0x72C42BDB, 0xBC9874F2), + BN_DEF(0x8B26FA7D, 0xB737A961), + BN_DEF(0xB34F0F78, 0x12F20E95), + BN_DEF(0x1FEACEBE, 0x9E0D9077), + BN_DEF(0xFD29EEF7, 0x055E6835), + BN_DEF(0x6AE22427, 0x0EDFCD21), + BN_DEF(0xCD86F56D, 0xD5E290CB), + BN_DEF(0x911B1D06, 0x743695E2), + BN_DEF(0xCE4EFB4F, 0xAE574155), + BN_DEF(0x38FAA5FF, 0xB279710F), + BN_DEF(0x716BA6E9, 0x7A7EA229), + BN_DEF(0xDE21BCA2, 0x5A098649), + BN_DEF(0xC289C938, 0x577F0984), + BN_DEF(0x60C36C8E, 0x2CC6587D), + BN_DEF(0x48FBFBF7, 0xBD6C8E93), + BN_DEF(0xEB736483, 0x30DA37E4), + BN_DEF(0x7CCE011C, 0xDE1A7A6F), + BN_DEF(0xB28C81AD, 0x6F1AAD9D), + BN_DEF(0x308FE7EE, 0x4435A11C), + BN_DEF(0x60D977FD, 0x6379A513), + BN_DEF(0xBE8B41D9, 0xE2C778C1), + BN_DEF(0x17611002, 0x9DDAFE5E), + BN_DEF(0xA637D6B9, 0xE1FF1D8D), + BN_DEF(0x777940C1, 0xC7278919), + BN_DEF(0x74C2C1FF, 0xC8B97F4E), + BN_DEF(0x941A17B0, 0x601A0266), + BN_DEF(0xE6FBF176, 0x4F017E70), + BN_DEF(0x770536B8, 0x8583D3E4), + BN_DEF(0xB1B95D8C, 0x572B76F3), + BN_DEF(0xEF1CA6FA, 0x0EA7A151), + BN_DEF(0xB06BFA34, 0xDCB56D5B), + BN_DEF(0xD96471FD, 0xE88454A5), + BN_DEF(0x59927DB0, 0x5E0558C1), + BN_DEF(0xA41D3CBD, 0x98566527), + BN_DEF(0x9B56F39A, 0x0EF8AC50), + BN_DEF(0x79F7F439, 0xF15344ED), + BN_DEF(0x707345BB, 0xCC278638), + BN_DEF(0x3FABE49A, 0xDAAB89AF), + BN_DEF(0x9EF68D79, 0x42B1B2AA), + BN_DEF(0xAF833768, 0x9219FA8F), + BN_DEF(0xEAFEB2B0, 0x69EF8F6A), + BN_DEF(0x576230BD, 0x7B40D901), + BN_DEF(0xB1863AEC, 0xBE97F1B1), + BN_DEF(0x124D9F7C, 0xE649CEE7), + BN_DEF(0x8A3219FD, 0xD4F09B20), + BN_DEF(0xE7169B4A, 0xEC5CE2C1), + BN_DEF(0x139E9E78, 0x57EE2B10), + BN_DEF(0x515DA54D, 0xD6FC2A2C), + BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), }; /* Macro to make a BIGNUM from static data */ -# define make_dh_bn(x) \ +#define make_dh_bn(x) \ extern const BIGNUM ossl_bignum_##x; \ const BIGNUM ossl_bignum_##x = { \ - (BN_ULONG *) x, \ + (BN_ULONG *)x, \ OSSL_NELEM(x), \ OSSL_NELEM(x), \ - 0, BN_FLG_STATIC_DATA }; + 0, BN_FLG_STATIC_DATA \ + }; static const BN_ULONG value_2 = 2; @@ -1038,10 +1407,10 @@ make_dh_bn(ffdhe8192_p) make_dh_bn(ffdhe8192_q) -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE make_dh_bn(modp_1536_p) make_dh_bn(modp_1536_q) -# endif +#endif make_dh_bn(modp_2048_p) make_dh_bn(modp_2048_q) make_dh_bn(modp_3072_p) --- crypto/openssl/crypto/bn/bn_div.c.orig +++ crypto/openssl/crypto/bn/bn_div.c @@ -87,22 +87,22 @@ #else -# if defined(BN_DIV3W) +#if defined(BN_DIV3W) BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0); -# elif 0 +#elif 0 /* * This is #if-ed away, because it's a reference for assembly implementations, * where it can and should be made constant-time. But if you want to test it, * just replace 0 with 1. */ -# if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 -# undef BN_ULLONG -# define BN_ULLONG uint128_t -# define BN_LLONG -# endif - -# ifdef BN_LLONG -# define BN_DIV3W +#if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 +#undef BN_ULLONG +#define BN_ULLONG uint128_t +#define BN_LLONG +#endif + +#ifdef BN_LLONG +#define BN_DIV3W /* * Interface is somewhat quirky, |m| is pointer to most significant limb, * and less significant limb is referred at |m[-1]|. This means that caller @@ -128,15 +128,15 @@ D >>= 1; } - mask = 0 - (Q >> (BN_BITS2 - 1)); /* does it overflow? */ + mask = 0 - (Q >> (BN_BITS2 - 1)); /* does it overflow? */ Q <<= 1; Q |= (R >= D); return (Q | mask) & BN_MASK2; } -# endif -# endif +#endif +#endif static int bn_left_align(BIGNUM *num) { @@ -145,8 +145,8 @@ int rshift = BN_num_bits_word(d[top - 1]), lshift, i; lshift = BN_BITS2 - rshift; - rshift %= BN_BITS2; /* say no to undefined behaviour */ - rmask = (BN_ULONG)0 - rshift; /* rmask = 0 - (rshift != 0) */ + rshift %= BN_BITS2; /* say no to undefined behaviour */ + rmask = (BN_ULONG)0 - rshift; /* rmask = 0 - (rshift != 0) */ rmask |= rmask >> 8; for (i = 0, m = 0; i < top; i++) { @@ -158,45 +158,47 @@ return lshift; } -# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ && !defined(PEDANTIC) && !defined(BN_DIV3W) -# if defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) || defined (__i386__) - /*- - * There were two reasons for implementing this template: - * - GNU C generates a call to a function (__udivdi3 to be exact) - * in reply to ((((BN_ULLONG)n0)< */ -# endif /* __GNUC__ */ -# endif /* OPENSSL_NO_ASM */ +#if defined(__GNUC__) && __GNUC__ >= 2 +#if defined(__i386) || defined(__i386__) +/*- + * There were two reasons for implementing this template: + * - GNU C generates a call to a function (__udivdi3 to be exact) + * in reply to ((((BN_ULLONG)n0)< */ +#endif /* __GNUC__ */ +#endif /* OPENSSL_NO_ASM */ /*- * BN_div computes dv := num / divisor, rounding towards @@ -207,7 +209,7 @@ * If 'dv' or 'rm' is NULL, the respective value is not returned. */ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - BN_CTX *ctx) + BN_CTX *ctx) { int ret; @@ -262,7 +264,7 @@ * divisor's length is considered public; */ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, - const BIGNUM *divisor, BN_CTX *ctx) + const BIGNUM *divisor, BN_CTX *ctx) { int norm_shift, i, j, loop; BIGNUM *tmp, *snum, *sdiv, *res; @@ -342,58 +344,58 @@ * the first part of the loop uses the top two words of snum and sdiv * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv */ -# if defined(BN_DIV3W) +#if defined(BN_DIV3W) q = bn_div_3_words(wnumtop, d1, d0); -# else +#else BN_ULONG n0, n1, rem = 0; n0 = wnumtop[0]; n1 = wnumtop[-1]; if (n0 == d0) q = BN_MASK2; - else { /* n0 < d0 */ + else { /* n0 < d0 */ BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2]; -# ifdef BN_LLONG +#ifdef BN_LLONG BN_ULLONG t2; -# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) - q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); -# else +#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) + q = (BN_ULONG)(((((BN_ULLONG)n0) << BN_BITS2) | n1) / d0); +#else q = bn_div_words(n0, n1, d0); -# endif +#endif -# ifndef REMAINDER_IS_ALREADY_CALCULATED +#ifndef REMAINDER_IS_ALREADY_CALCULATED /* * rem doesn't have to be BN_ULLONG. The least we * know it's less that d0, isn't it? */ rem = (n1 - q * d0) & BN_MASK2; -# endif - t2 = (BN_ULLONG) d1 *q; +#endif + t2 = (BN_ULLONG)d1 * q; for (;;) { - if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2)) + if (t2 <= ((((BN_ULLONG)rem) << BN_BITS2) | n2)) break; q--; rem += d0; if (rem < d0) - break; /* don't let rem overflow */ + break; /* don't let rem overflow */ t2 -= d1; } -# else /* !BN_LLONG */ +#else /* !BN_LLONG */ BN_ULONG t2l, t2h; q = bn_div_words(n0, n1, d0); -# ifndef REMAINDER_IS_ALREADY_CALCULATED +#ifndef REMAINDER_IS_ALREADY_CALCULATED rem = (n1 - q * d0) & BN_MASK2; -# endif +#endif -# if defined(BN_UMULT_LOHI) +#if defined(BN_UMULT_LOHI) BN_UMULT_LOHI(t2l, t2h, d1, q); -# elif defined(BN_UMULT_HIGH) +#elif defined(BN_UMULT_HIGH) t2l = d1 * q; t2h = BN_UMULT_HIGH(d1, q); -# else +#else { BN_ULONG ql, qh; t2l = LBITS(d1); @@ -402,7 +404,7 @@ qh = HBITS(q); mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ } -# endif +#endif for (;;) { if ((t2h < rem) || ((t2h == rem) && (t2l <= n2))) @@ -410,14 +412,14 @@ q--; rem += d0; if (rem < d0) - break; /* don't let rem overflow */ + break; /* don't let rem overflow */ if (t2l < d1) t2h--; t2l -= d1; } -# endif /* !BN_LLONG */ +#endif /* !BN_LLONG */ } -# endif /* !BN_DIV3W */ +#endif /* !BN_DIV3W */ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); tmp->d[div_n] = l0; @@ -452,7 +454,7 @@ BN_CTX_end(ctx); return 1; - err: +err: bn_check_top(rm); BN_CTX_end(ctx); return 0; --- crypto/openssl/crypto/bn/bn_err.c.orig +++ crypto/openssl/crypto/bn/bn_err.c @@ -15,33 +15,33 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA BN_str_reasons[] = { - {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "bignum too long"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "bits too small"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS), - "called with even modulus"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "div by zero"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_ENCODING_ERROR), "encoding error"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), - "expand on static bignum data"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "input not reduced"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_LENGTH), "invalid length"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "invalid range"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_SHIFT), "invalid shift"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_PRIME_CANDIDATE), "no prime candidate"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SUITABLE_DIGEST), "no suitable digest"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE), - "private key too large"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES), - "too many temporary variables"}, - {0, NULL} + { ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "bignum too long" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "bits too small" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS), + "called with even modulus" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "div by zero" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_ENCODING_ERROR), "encoding error" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), + "expand on static bignum data" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "input not reduced" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_LENGTH), "invalid length" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "invalid range" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_SHIFT), "invalid shift" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_PRIME_CANDIDATE), "no prime candidate" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SUITABLE_DIGEST), "no suitable digest" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE), + "private key too large" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "too many iterations" }, + { ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES), + "too many temporary variables" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/bn/bn_exp.c.orig +++ crypto/openssl/crypto/bn/bn_exp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,28 +13,28 @@ #include #ifdef _WIN32 -# include -# ifndef alloca -# define alloca _alloca -# endif +#include +#ifndef alloca +#define alloca _alloca +#endif #elif defined(__GNUC__) -# ifndef alloca -# define alloca(s) __builtin_alloca((s)) -# endif +#ifndef alloca +#define alloca(s) __builtin_alloca((s)) +#endif #elif defined(__sun) -# include +#include #endif #include "rsaz_exp.h" #undef SPARC_T4_MONT #if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc)) -# include "crypto/sparc_arch.h" -# define SPARC_T4_MONT +#include "crypto/sparc_arch.h" +#define SPARC_T4_MONT #endif /* maximum precomputation table size for *variable* sliding windows */ -#define TABLE_SIZE 32 +#define TABLE_SIZE 32 /* * Beyond this limit the constant time code is disabled due to @@ -52,7 +52,7 @@ BIGNUM *v, *rr; if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) { + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ ERR_raise(ERR_LIB_BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -88,14 +88,14 @@ goto err; ret = 1; - err: +err: BN_CTX_end(ctx); bn_check_top(r); return ret; } int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx) + BN_CTX *ctx) { int ret; @@ -140,7 +140,7 @@ #ifdef MONT_MUL_MOD if (BN_is_odd(m)) { -# ifdef MONT_EXP_WORD +#ifdef MONT_EXP_WORD if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0) && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0) @@ -148,7 +148,7 @@ BN_ULONG A = a->d[0]; ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); } else -# endif +#endif ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL); } else #endif @@ -167,7 +167,7 @@ } int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) + const BIGNUM *m, BN_CTX *ctx) { int i, j, bits, ret = 0, wstart, wend, window, wvalue; int start = 1; @@ -177,8 +177,8 @@ BN_RECP_CTX recp; if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ ERR_raise(ERR_LIB_BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -217,7 +217,7 @@ } if (!BN_nnmod(val[0], a, m, ctx)) - goto err; /* 1 */ + goto err; /* 1 */ if (BN_is_zero(val[0])) { BN_zero(r); ret = 1; @@ -227,21 +227,20 @@ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx)) - goto err; /* 2 */ + goto err; /* 2 */ j = 1 << (window - 1); for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx)) + if (((val[i] = BN_CTX_get(ctx)) == NULL) || !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx)) goto err; } } - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ + start = 1; /* This is used to avoid multiplication etc + * when there is only the value '1' in the + * buffer. */ + wvalue = 0; /* The 'value' of the window */ + wstart = bits - 1; /* The top bit of the window */ + wend = 0; /* The bottom bit of the window */ if (r == p) { BIGNUM *p_dup = BN_CTX_get(ctx); @@ -302,7 +301,7 @@ break; } ret = 1; - err: +err: BN_CTX_end(ctx); BN_RECP_CTX_free(&recp); bn_check_top(r); @@ -310,7 +309,7 @@ } int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { int i, j, bits, ret = 0, wstart, wend, window, wvalue; int start = 1; @@ -375,29 +374,28 @@ } else aa = a; if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) - goto err; /* 1 */ + goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx)) - goto err; /* 2 */ + goto err; /* 2 */ j = 1 << (window - 1); for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx)) + if (((val[i] = BN_CTX_get(ctx)) == NULL) || !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx)) goto err; } } - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ + start = 1; /* This is used to avoid multiplication etc + * when there is only the value '1' in the + * buffer. */ + wvalue = 0; /* The 'value' of the window */ + wstart = bits - 1; /* The top bit of the window */ + wend = 0; /* The bottom bit of the window */ -#if 1 /* by Shay Gueron's suggestion */ - j = m->top; /* borrow j */ +#if 1 /* by Shay Gueron's suggestion */ + j = m->top; /* borrow j */ if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { if (bn_wexpand(r, j) == NULL) goto err; @@ -409,7 +407,7 @@ r->flags |= BN_FLG_FIXED_TOP; } else #endif - if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx)) goto err; for (;;) { if (BN_is_bit_set(p, wstart) == 0) { @@ -466,8 +464,8 @@ */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { - j = mont->N.top; /* borrow j */ - val[0]->d[0] = 1; /* borrow val[0] */ + j = mont->N.top; /* borrow j */ + val[0]->d[0] = 1; /* borrow val[0] */ for (i = 1; i < j; i++) val[0]->d[i] = 0; val[0]->top = j; @@ -475,10 +473,10 @@ goto err; } else #endif - if (!BN_from_montgomery(rr, r, mont, ctx)) + if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; ret = 1; - err: +err: if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); @@ -513,16 +511,16 @@ */ static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, - unsigned char *buf, int idx, - int window) + unsigned char *buf, int idx, + int window) { int i, j; int width = 1 << window; BN_ULONG *table = (BN_ULONG *)buf; if (top > b->top) - top = b->top; /* this works because 'buf' is explicitly - * zeroed */ + top = b->top; /* this works because 'buf' is explicitly + * zeroed */ for (i = 0, j = idx; i < top; i++, j += width) { table[j] = b->d[i]; } @@ -531,8 +529,8 @@ } static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, - unsigned char *buf, int idx, - int window) + unsigned char *buf, int idx, + int window) { int i, j; int width = 1 << window; @@ -554,8 +552,7 @@ BN_ULONG acc = 0; for (j = 0; j < width; j++) { - acc |= table[j] & - ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); + acc |= table[j] & ((BN_ULONG)0 - (constant_time_eq_int(j, idx) & 1)); } b->d[i] = acc; @@ -564,23 +561,20 @@ int xstride = 1 << (window - 2); BN_ULONG y0, y1, y2, y3; - i = idx >> (window - 2); /* equivalent of idx / xstride */ - idx &= xstride - 1; /* equivalent of idx % xstride */ + i = idx >> (window - 2); /* equivalent of idx / xstride */ + idx &= xstride - 1; /* equivalent of idx % xstride */ - y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1); - y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1); - y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1); - y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1); + y0 = (BN_ULONG)0 - (constant_time_eq_int(i, 0) & 1); + y1 = (BN_ULONG)0 - (constant_time_eq_int(i, 1) & 1); + y2 = (BN_ULONG)0 - (constant_time_eq_int(i, 2) & 1); + y3 = (BN_ULONG)0 - (constant_time_eq_int(i, 3) & 1); for (i = 0; i < top; i++, table += width) { BN_ULONG acc = 0; for (j = 0; j < xstride; j++) { - acc |= ( (table[j + 0 * xstride] & y0) | - (table[j + 1 * xstride] & y1) | - (table[j + 2 * xstride] & y2) | - (table[j + 3 * xstride] & y3) ) - & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); + acc |= ((table[j + 0 * xstride] & y0) | (table[j + 1 * xstride] & y1) | (table[j + 2 * xstride] & y2) | (table[j + 3 * xstride] & y3)) + & ((BN_ULONG)0 - (constant_time_eq_int(j, idx) & 1)); } b->d[i] = acc; @@ -597,7 +591,7 @@ * multiple. */ #define MOD_EXP_CTIME_ALIGN(x_) \ - ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + ((unsigned char *)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) /* * This variant of BN_mod_exp_mont() uses fixed windows and the special @@ -607,8 +601,8 @@ * http://www.daemonology.net/hyperthreading-considered-harmful/) */ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) { int i, bits, ret = 0, window, wvalue, wmask, window0; int top; @@ -686,7 +680,7 @@ if (NULL == bn_wexpand(rr, 16)) goto err; RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, - mont->n0[0]); + mont->n0[0]); rr->top = 16; rr->neg = 0; bn_correct_top(rr); @@ -707,16 +701,14 @@ /* Get the window size to use with size of p. */ window = BN_window_bits_for_ctime_exponent_size(bits); #if defined(SPARC_T4_MONT) - if (window >= 5 && (top & 15) == 0 && top <= 64 && - (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) == - (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0])) + if (window >= 5 && (top & 15) == 0 && top <= 64 && (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) == (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0])) window = 5; else #endif #if defined(OPENSSL_BN_ASM_MONT5) - if (window >= 5 && top <= BN_SOFT_LIMIT) { - window = 5; /* ~5% improvement for RSA2048 sign, and even - * for RSA4096 */ + if (window >= 5 && top <= BN_SOFT_LIMIT) { + window = 5; /* ~5% improvement for RSA2048 sign, and even + * for RSA4096 */ /* reserve space for mont->N.d[] copy */ powerbufLen += top * sizeof(mont->N.d[0]); } @@ -728,17 +720,13 @@ * of am, am itself and tmp. */ numPowers = 1 << window; - powerbufLen += sizeof(m->d[0]) * (top * numPowers + - ((2 * top) > - numPowers ? (2 * top) : numPowers)); + powerbufLen += sizeof(m->d[0]) * (top * numPowers + ((2 * top) > numPowers ? (2 * top) : numPowers)); #ifdef alloca if (powerbufLen < 3072) - powerbufFree = - alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); + powerbufFree = alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); else #endif - if ((powerbufFree = - OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) + if ((powerbufFree = OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) goto err; @@ -759,7 +747,7 @@ tmp.flags = am.flags = BN_FLG_STATIC_DATA; /* prepare a^0 in Montgomery domain */ -#if 1 /* by Shay Gueron's suggestion */ +#if 1 /* by Shay Gueron's suggestion */ if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { /* 2^(top*BN_BITS2) - m */ tmp.d[0] = (0 - m->d[0]) & BN_MASK2; @@ -768,7 +756,7 @@ tmp.top = top; } else #endif - if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx)) goto err; /* prepare a^1 in Montgomery domain */ @@ -780,41 +768,41 @@ #if defined(SPARC_T4_MONT) if (t4) { - typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); + typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp, const BN_ULONG *np, + const BN_ULONG *n0, const void *table, + int power, int bits); int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); + const BN_ULONG *n0, const void *table, + int power, int bits); int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); + const BN_ULONG *n0, const void *table, + int power, int bits); int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); + const BN_ULONG *n0, const void *table, + int power, int bits); int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); + const BN_ULONG *n0, const void *table, + int power, int bits); static const bn_pwr5_mont_f pwr5_funcs[4] = { bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16, bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32 }; bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1]; - typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); + typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, + const void *bp, const BN_ULONG *np, + const BN_ULONG *n0); int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, - const BN_ULONG *np, const BN_ULONG *n0); + const BN_ULONG *np, const BN_ULONG *n0); int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); + const void *bp, const BN_ULONG *np, + const BN_ULONG *n0); int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); + const void *bp, const BN_ULONG *np, + const BN_ULONG *n0); int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); + const void *bp, const BN_ULONG *np, + const BN_ULONG *n0); static const bn_mul_mont_f mul_funcs[4] = { bn_mul_mont_t4_8, bn_mul_mont_t4_16, bn_mul_mont_t4_24, bn_mul_mont_t4_32 @@ -822,18 +810,18 @@ bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1]; void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0, int num); + const void *bp, const BN_ULONG *np, + const BN_ULONG *n0, int num); void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0, int num); + const void *bp, const BN_ULONG *np, + const BN_ULONG *n0, int num); void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); + const void *table, const BN_ULONG *np, + const BN_ULONG *n0, int num, int power); void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num, - void *table, size_t power); + void *table, size_t power); void bn_gather5_t4(BN_ULONG *out, size_t num, - void *table, size_t power); + void *table, size_t power); void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num); BN_ULONG *np = mont->N.d, *n0 = mont->n0; @@ -851,15 +839,13 @@ bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0); bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1); - if (!(*mul_worker) (tmp.d, am.d, am.d, np, n0) && - !(*mul_worker) (tmp.d, am.d, am.d, np, n0)) + if (!(*mul_worker)(tmp.d, am.d, am.d, np, n0) && !(*mul_worker)(tmp.d, am.d, am.d, np, n0)) bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top); bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2); for (i = 3; i < 32; i++) { /* Calculate a^i = a^(i-1) * a */ - if (!(*mul_worker) (tmp.d, tmp.d, am.d, np, n0) && - !(*mul_worker) (tmp.d, tmp.d, am.d, np, n0)) + if (!(*mul_worker)(tmp.d, tmp.d, am.d, np, n0) && !(*mul_worker)(tmp.d, tmp.d, am.d, np, n0)) bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top); bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i); } @@ -891,10 +877,10 @@ bits -= stride; wvalue = bn_get_bits(p, bits); - if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) + if ((*pwr5_worker)(tmp.d, np, n0, powerbuf, wvalue, stride)) continue; /* retry once and fall back */ - if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) + if ((*pwr5_worker)(tmp.d, np, n0, powerbuf, wvalue, stride)) continue; bits += stride - 5; @@ -906,7 +892,7 @@ bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top, - wvalue); + wvalue); } bn_flip_t4(tmp.d, tmp.d, top); @@ -918,7 +904,7 @@ } else #endif #if defined(OPENSSL_BN_ASM_MONT5) - if (window == 5 && top > 1) { + if (window == 5 && top > 1) { /* * This optimization uses ideas from https://eprint.iacr.org/2011/239, * specifically optimization of cache-timing attack countermeasures, @@ -937,14 +923,14 @@ * output, but it will still produce "almost" reduced output. */ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); + const void *table, const BN_ULONG *np, + const BN_ULONG *n0, int num, int power); void bn_scatter5(const BN_ULONG *inp, size_t num, - void *table, size_t power); + void *table, size_t power); void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power); void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); + const void *table, const BN_ULONG *np, + const BN_ULONG *n0, int num, int power); int bn_get_bits5(const BN_ULONG *ap, int off); BN_ULONG *n0 = mont->n0, *np; @@ -969,13 +955,13 @@ bn_mul_mont(tmp.d, am.d, am.d, np, n0, top); bn_scatter5(tmp.d, top, powerbuf, 2); -# if 0 +#if 0 for (i = 3; i < 32; i++) { /* Calculate a^i = a^(i-1) * a */ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); bn_scatter5(tmp.d, top, powerbuf, i); } -# else +#else /* same as above, but uses squaring for 1/2 of operations */ for (i = 4; i < 32; i *= 2) { bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); @@ -1000,7 +986,7 @@ bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); bn_scatter5(tmp.d, top, powerbuf, i); } -# endif +#endif /* * The exponent may not have a whole number of fixed-size windows. * To simplify the main loop, the initial window has between 1 and @@ -1025,12 +1011,12 @@ bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, - bn_get_bits5(p->d, bits -= 5)); + bn_get_bits5(p->d, bits -= 5)); } } else { while (bits > 0) { bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, - bn_get_bits5(p->d, bits -= 5)); + bn_get_bits5(p->d, bits -= 5)); } } @@ -1049,7 +1035,7 @@ } else #endif { - fallback: + fallback: if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window)) @@ -1065,14 +1051,14 @@ if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, - window)) + window)) goto err; for (i = 3; i < numPowers; i++) { /* Calculate a^i = a^(i-1) * a */ if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, - window)) + window)) goto err; } } @@ -1088,7 +1074,7 @@ bits -= window0; wvalue = bn_get_bits(p, bits) & wmask; if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue, - window)) + window)) goto err; wmask = (1 << window) - 1; @@ -1119,7 +1105,7 @@ * Fetch the appropriate pre-computed value from the pre-buf */ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, - window)) + window)) goto err; /* Multiply the result into the intermediate result */ @@ -1135,17 +1121,17 @@ */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { - am.d[0] = 1; /* borrow am */ + am.d[0] = 1; /* borrow am */ for (i = 1; i < top; i++) am.d[i] = 0; if (!BN_mod_mul_montgomery(rr, &tmp, &am, mont, ctx)) goto err; } else #endif - if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx)) + if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx)) goto err; ret = 1; - err: +err: if (in_mont == NULL) BN_MONT_CTX_free(mont); if (powerbuf != NULL) { @@ -1157,8 +1143,8 @@ } int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) { bn_check_top(a); bn_check_top(p); @@ -1170,7 +1156,7 @@ } int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { BN_MONT_CTX *mont = NULL; int b, bits, ret = 0; @@ -1178,10 +1164,9 @@ BN_ULONG w, next_w; BIGNUM *r, *t; BIGNUM *swap_tmp; -#define BN_MOD_MUL_WORD(r, w, m) \ - (BN_mul_word(r, (w)) && \ - (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ - (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) +#define BN_MOD_MUL_WORD(r, w, m) \ + (BN_mul_word(r, (w)) && (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ + (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) /* * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is * probably more overhead than always using BN_mod (which uses BN_copy if @@ -1193,10 +1178,10 @@ * the modulus). */ #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ - (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) + (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ ERR_raise(ERR_LIB_BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -1210,7 +1195,7 @@ return 0; } if (m->top == 1) - a %= m->d[0]; /* make sure that 'a' is reduced */ + a %= m->d[0]; /* make sure that 'a' is reduced */ bits = BN_num_bits(p); if (bits == 0) { @@ -1244,12 +1229,12 @@ goto err; } - r_is_one = 1; /* except for Montgomery factor */ + r_is_one = 1; /* except for Montgomery factor */ /* bits-1 >= 0 */ /* The result is accumulated in the product r*w. */ - w = a; /* bit 'bits-1' of 'p' is always set */ + w = a; /* bit 'bits-1' of 'p' is always set */ for (b = bits - 2; b >= 0; b--) { /* First, square r*w. */ next_w = w * w; @@ -1300,7 +1285,7 @@ } } - if (r_is_one) { /* can happen only if a == 1 */ + if (r_is_one) { /* can happen only if a == 1 */ if (!BN_one(rr)) goto err; } else { @@ -1308,7 +1293,7 @@ goto err; } ret = 1; - err: +err: if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); @@ -1318,7 +1303,7 @@ /* The old fallback, simple version :-) */ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) + const BIGNUM *m, BN_CTX *ctx) { int i, j, bits, ret = 0, wstart, wend, window, wvalue; int start = 1; @@ -1327,8 +1312,8 @@ BIGNUM *val[TABLE_SIZE]; if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ ERR_raise(ERR_LIB_BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -1358,7 +1343,7 @@ goto err; if (!BN_nnmod(val[0], a, m, ctx)) - goto err; /* 1 */ + goto err; /* 1 */ if (BN_is_zero(val[0])) { BN_zero(r); ret = 1; @@ -1368,21 +1353,20 @@ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { if (!BN_mod_mul(d, val[0], val[0], m, ctx)) - goto err; /* 2 */ + goto err; /* 2 */ j = 1 << (window - 1); for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul(val[i], val[i - 1], d, m, ctx)) + if (((val[i] = BN_CTX_get(ctx)) == NULL) || !BN_mod_mul(val[i], val[i - 1], d, m, ctx)) goto err; } } - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ + start = 1; /* This is used to avoid multiplication etc + * when there is only the value '1' in the + * buffer. */ + wvalue = 0; /* The 'value' of the window */ + wstart = bits - 1; /* The top bit of the window */ + wend = 0; /* The bottom bit of the window */ if (r == p) { BIGNUM *p_dup = BN_CTX_get(ctx); @@ -1443,7 +1427,7 @@ break; } ret = 1; - err: +err: BN_CTX_end(ctx); bn_check_top(r); return ret; @@ -1457,10 +1441,10 @@ * it falls back to two BN_mod_exp_mont_consttime() calls. */ int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *m1, BN_MONT_CTX *in_mont1, - BIGNUM *rr2, const BIGNUM *a2, const BIGNUM *p2, - const BIGNUM *m2, BN_MONT_CTX *in_mont2, - BN_CTX *ctx) + const BIGNUM *m1, BN_MONT_CTX *in_mont1, + BIGNUM *rr2, const BIGNUM *a2, const BIGNUM *p2, + const BIGNUM *m2, BN_MONT_CTX *in_mont2, + BN_CTX *ctx) { int ret = 0; @@ -1468,9 +1452,7 @@ BN_MONT_CTX *mont1 = NULL; BN_MONT_CTX *mont2 = NULL; - if (ossl_rsaz_avx512ifma_eligible() && - ((a1->top == 16) && (p1->top == 16) && (BN_num_bits(m1) == 1024) && - (a2->top == 16) && (p2->top == 16) && (BN_num_bits(m2) == 1024))) { + if (ossl_rsaz_avx512ifma_eligible() && ((a1->top == 16) && (p1->top == 16) && (BN_num_bits(m1) == 1024) && (a2->top == 16) && (p2->top == 16) && (BN_num_bits(m2) == 1024))) { if (bn_wexpand(rr1, 16) == NULL) goto err; @@ -1496,10 +1478,10 @@ } ret = ossl_rsaz_mod_exp_avx512_x2(rr1->d, a1->d, p1->d, m1->d, - mont1->RR.d, mont1->n0[0], - rr2->d, a2->d, p2->d, m2->d, - mont2->RR.d, mont2->n0[0], - 1024 /* factor bit size */); + mont1->RR.d, mont1->n0[0], + rr2->d, a2->d, p2->d, m2->d, + mont2->RR.d, mont2->n0[0], + 1024 /* factor bit size */); rr1->top = 16; rr1->neg = 0; --- crypto/openssl/crypto/bn/bn_exp2.c.orig +++ crypto/openssl/crypto/bn/bn_exp2.c @@ -11,14 +11,13 @@ #include "internal/cryptlib.h" #include "bn_local.h" -#define TABLE_SIZE 32 +#define TABLE_SIZE 32 int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *in_mont) { - int i, j, bits, b, bits1, bits2, ret = - 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; + int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; int r_is_one = 1; BIGNUM *d, *r; const BIGNUM *a_mod_m; @@ -88,8 +87,7 @@ j = 1 << (window1 - 1); for (i = 1; i < j; i++) { - if (((val1[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx)) + if (((val1[i] = BN_CTX_get(ctx)) == NULL) || !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx)) goto err; } } @@ -116,20 +114,19 @@ j = 1 << (window2 - 1); for (i = 1; i < j; i++) { - if (((val2[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx)) + if (((val2[i] = BN_CTX_get(ctx)) == NULL) || !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx)) goto err; } } /* Now compute the power product, using independent windows. */ r_is_one = 1; - wvalue1 = 0; /* The 'value' of the first window */ - wvalue2 = 0; /* The 'value' of the second window */ - wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the - * first window */ - wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the - * second window */ + wvalue1 = 0; /* The 'value' of the first window */ + wvalue2 = 0; /* The 'value' of the second window */ + wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the + * first window */ + wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the + * second window */ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) goto err; @@ -192,7 +189,7 @@ if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; ret = 1; - err: +err: if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); --- crypto/openssl/crypto/bn/bn_gcd.c.orig +++ crypto/openssl/crypto/bn/bn_gcd.c @@ -17,10 +17,9 @@ * This is a static function, we ensure all callers in this file pass valid * arguments: all passed pointers here are non-NULL. */ -static ossl_inline -BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx, int *pnoinv) +static ossl_inline BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx, int *pnoinv) { BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; BIGNUM *ret = NULL; @@ -61,7 +60,7 @@ * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, * BN_div_no_branch will be called eventually. */ - { + { BIGNUM local_B; bn_init(&local_B); BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); @@ -110,8 +109,8 @@ * (**) sign*Y*a == D*B + M (mod |n|). */ - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ + tmp = A; /* keep the BIGNUM object, the value does not + * matter */ /* (A, B) := (B, A mod B) ... */ A = B; @@ -143,8 +142,8 @@ if (!BN_add(tmp, tmp, Y)) goto err; - M = Y; /* keep the BIGNUM object, the value does not - * matter */ + M = Y; /* keep the BIGNUM object, the value does not + * matter */ Y = X; X = tmp; sign = -sign; @@ -182,7 +181,7 @@ ret = R; *pnoinv = 0; - err: +err: if ((ret == NULL) && (in == NULL)) BN_free(R); BN_CTX_end(ctx); @@ -195,8 +194,8 @@ * all pointers passed here are assumed non-NULL. */ BIGNUM *int_bn_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, - int *pnoinv) + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, + int *pnoinv) { BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; BIGNUM *ret = NULL; @@ -415,7 +414,7 @@ * (**) sign*Y*a == D*B + M (mod |n|). */ - tmp = A; /* keep the BIGNUM object, the value does not matter */ + tmp = A; /* keep the BIGNUM object, the value does not matter */ /* (A, B) := (B, A mod B) ... */ A = B; @@ -468,7 +467,7 @@ goto err; } - M = Y; /* keep the BIGNUM object, the value does not matter */ + M = Y; /* keep the BIGNUM object, the value does not matter */ Y = X; X = tmp; sign = -sign; @@ -503,7 +502,7 @@ goto err; } ret = R; - err: +err: if ((ret == NULL) && (in == NULL)) BN_free(R); BN_CTX_end(ctx); @@ -513,7 +512,7 @@ /* solves ax == 1 (mod n) */ BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { BN_CTX *new_ctx = NULL; BIGNUM *rv; @@ -626,7 +625,7 @@ BN_consttime_swap(g->d[0] & 1 /* g is odd */ /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))), - g, temp, top); + g, temp, top); if (!BN_rshift1(g, g)) goto err; } @@ -640,7 +639,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); bn_check_top(r); return ret; --- crypto/openssl/crypto/bn/bn_gf2m.c.orig +++ crypto/openssl/crypto/bn/bn_gf2m.c @@ -15,51 +15,42 @@ #include "bn_local.h" #ifndef OPENSSL_NO_EC2M -# include +#include /* * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should * fail. */ -# define MAX_ITERATIONS 50 - -# define SQR_nibble(w) ((((w) & 8) << 3) \ - | (((w) & 4) << 2) \ - | (((w) & 2) << 1) \ - | ((w) & 1)) +#define MAX_ITERATIONS 50 +#define SQR_nibble(w) ((((w) & 8) << 3) \ + | (((w) & 4) << 2) \ + | (((w) & 2) << 1) \ + | ((w) & 1)) /* Platform-specific macros to accelerate squaring. */ -# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) -# define SQR1(w) \ - SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \ - SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \ - SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \ - SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) -# define SQR0(w) \ - SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \ - SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \ - SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ - SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) -# endif -# ifdef THIRTY_TWO_BIT -# define SQR1(w) \ - SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \ - SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) -# define SQR0(w) \ - SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ - SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) -# endif - -# if !defined(OPENSSL_BN_ASM_GF2m) +#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +#define SQR1(w) \ + SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) +#define SQR0(w) \ + SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | SQR_nibble((w) >> 4) << 8 | SQR_nibble((w)) +#endif +#ifdef THIRTY_TWO_BIT +#define SQR1(w) \ + SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) +#define SQR0(w) \ + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | SQR_nibble((w) >> 4) << 8 | SQR_nibble((w)) +#endif + +#if !defined(OPENSSL_BN_ASM_GF2m) /* * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that * the variables have the right amount of space allocated. */ -# ifdef THIRTY_TWO_BIT +#ifdef THIRTY_TWO_BIT static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, - const BN_ULONG b) + const BN_ULONG b) { register BN_ULONG h, l, s; BN_ULONG tab[8], top2b = a >> 30; @@ -125,10 +116,10 @@ *r1 = h; *r0 = l; } -# endif -# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +#endif +#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, - const BN_ULONG b) + const BN_ULONG b) { register BN_ULONG h, l, s; BN_ULONG tab[16], top3b = a >> 61; @@ -222,7 +213,7 @@ *r1 = h; *r0 = l; } -# endif +#endif /* * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, @@ -230,7 +221,7 @@ * ensure that the variables have the right amount of space allocated. */ static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, - const BN_ULONG b1, const BN_ULONG b0) + const BN_ULONG b1, const BN_ULONG b0) { BN_ULONG m1, m0; /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ @@ -238,13 +229,13 @@ bn_GF2m_mul_1x1(r + 1, r, a0, b0); bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ - r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ + r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ } -# else +#else void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, - BN_ULONG b0); -# endif + BN_ULONG b0); +#endif /* * Add polynomials a and b and store result in r; r could be a or b, a and b @@ -362,7 +353,7 @@ z[dN] = (z[dN] << d1) >> d1; else z[dN] = 0; - z[0] ^= zz; /* reduction t^0 component */ + z[0] ^= zz; /* reduction t^0 component */ for (k = 1; p[k] != 0; k++) { BN_ULONG tmp_ulong; @@ -375,7 +366,6 @@ if (d0 && (tmp_ulong = zz >> d1)) z[n + 1] ^= tmp_ulong; } - } bn_correct_top(r); @@ -409,7 +399,7 @@ * the result in r. r could be a or b; a could be b. */ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx) + const int p[], BN_CTX *ctx) { int zlen, i, j, k, ret = 0; BIGNUM *s; @@ -451,7 +441,7 @@ ret = 1; bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -464,7 +454,7 @@ * BN_GF2m_mod_mul_arr function. */ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx) + const BIGNUM *p, BN_CTX *ctx) { int ret = 0; const int max = BN_num_bits(p) + 1; @@ -486,14 +476,14 @@ } ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); bn_check_top(r); - err: +err: OPENSSL_free(arr); return ret; } /* Square a, reduce the result mod p, and store it in a. r could be a. */ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], - BN_CTX *ctx) + BN_CTX *ctx) { int i, ret = 0; BIGNUM *s; @@ -516,7 +506,7 @@ goto err; bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -548,7 +538,7 @@ } ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); bn_check_top(r); - err: +err: OPENSSL_free(arr); return ret; } @@ -560,7 +550,7 @@ * Curve Cryptography Over Binary Fields". */ static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, BN_CTX *ctx) + const BIGNUM *p, BN_CTX *ctx) { BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; int ret = 0; @@ -584,7 +574,7 @@ if (!BN_copy(v, p)) goto err; -# if 0 +#if 0 if (!BN_one(b)) goto err; @@ -619,7 +609,7 @@ if (!BN_GF2m_add(b, b, c)) goto err; } -# else +#else { int i; int ubits = BN_num_bits(u); @@ -634,22 +624,22 @@ udp[i] = 0; u->top = top; if (!bn_wexpand(b, top)) - goto err; + goto err; bdp = b->d; bdp[0] = 1; for (i = 1; i < top; i++) bdp[i] = 0; b->top = top; if (!bn_wexpand(c, top)) - goto err; + goto err; cdp = c->d; for (i = 0; i < top; i++) cdp[i] = 0; c->top = top; - vdp = v->d; /* It pays off to "cache" *->d pointers, - * because it allows optimizer to be more - * aggressive. But we don't have to "cache" - * p->d, because *p is declared 'const'... */ + vdp = v->d; /* It pays off to "cache" *->d pointers, + * because it allows optimizer to be more + * aggressive. But we don't have to "cache" + * p->d, because *p is declared 'const'... */ while (1) { while (ubits && !(udp[0] & 1)) { BN_ULONG u0, u1, b0, b1, mask; @@ -708,20 +698,20 @@ } bn_correct_top(b); } -# endif +#endif if (!BN_copy(r, b)) goto err; bn_check_top(r); ret = 1; - err: -# ifdef BN_DEBUG +err: +#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */ bn_correct_top(c); bn_correct_top(u); bn_correct_top(v); -# endif +#endif BN_CTX_end(ctx); return ret; } @@ -749,7 +739,7 @@ /* generate blinding value */ do { if (!BN_priv_rand_ex(b, numbits - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; } while (BN_is_zero(b)); @@ -767,7 +757,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -779,7 +769,7 @@ * use the BN_GF2m_mod_inv function. */ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], - BN_CTX *ctx) + BN_CTX *ctx) { BIGNUM *field; int ret = 0; @@ -794,7 +784,7 @@ ret = BN_GF2m_mod_inv(r, xx, field, ctx); bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -804,7 +794,7 @@ * or y, x could equal y. */ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, - const BIGNUM *p, BN_CTX *ctx) + const BIGNUM *p, BN_CTX *ctx) { BIGNUM *xinv = NULL; int ret = 0; @@ -825,7 +815,7 @@ bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -837,7 +827,7 @@ * convenience; for best performance, use the BN_GF2m_mod_div function. */ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, - const int p[], BN_CTX *ctx) + const int p[], BN_CTX *ctx) { BIGNUM *field; int ret = 0; @@ -854,7 +844,7 @@ ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -865,7 +855,7 @@ * P1363. */ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx) + const int p[], BN_CTX *ctx) { int ret = 0, i, n; BIGNUM *u; @@ -899,7 +889,7 @@ goto err; bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -911,7 +901,7 @@ * for best performance, use the BN_GF2m_mod_exp_arr function. */ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx) + const BIGNUM *p, BN_CTX *ctx) { int ret = 0; const int max = BN_num_bits(p) + 1; @@ -933,7 +923,7 @@ } ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); bn_check_top(r); - err: +err: OPENSSL_free(arr); return ret; } @@ -943,7 +933,7 @@ * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363. */ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], - BN_CTX *ctx) + BN_CTX *ctx) { int ret = 0; BIGNUM *u; @@ -965,7 +955,7 @@ ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -997,7 +987,7 @@ } ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); bn_check_top(r); - err: +err: OPENSSL_free(arr); return ret; } @@ -1007,7 +997,7 @@ * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363. */ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], - BN_CTX *ctx) + BN_CTX *ctx) { int ret = 0, count = 0, j; BIGNUM *a, *z, *rho, *w, *w2, *tmp; @@ -1036,7 +1026,7 @@ goto err; } - if (p[0] & 0x1) { /* m is odd */ + if (p[0] & 0x1) { /* m is odd */ /* compute half-trace of a */ if (!BN_copy(z, a)) goto err; @@ -1049,7 +1039,7 @@ goto err; } - } else { /* m is even */ + } else { /* m is even */ rho = BN_CTX_get(ctx); w2 = BN_CTX_get(ctx); @@ -1058,7 +1048,7 @@ goto err; do { if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, - 0, ctx)) + 0, ctx)) goto err; if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; @@ -1100,7 +1090,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -1112,7 +1102,7 @@ * for best performance, use the BN_GF2m_mod_solve_quad_arr function. */ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - BN_CTX *ctx) + BN_CTX *ctx) { int ret = 0; const int max = BN_num_bits(p) + 1; @@ -1133,7 +1123,7 @@ } ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); bn_check_top(r); - err: +err: OPENSSL_free(arr); return ret; } --- crypto/openssl/crypto/bn/bn_intern.c.orig +++ crypto/openssl/crypto/bn/bn_intern.c @@ -38,14 +38,14 @@ return r; } - if (w <= 0 || w > 7) { /* 'signed char' can represent integers with - * absolute values less than 2^7 */ + if (w <= 0 || w > 7) { /* 'signed char' can represent integers with + * absolute values less than 2^7 */ ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); goto err; } - bit = 1 << w; /* at most 128 */ - next_bit = bit << 1; /* at most 256 */ - mask = next_bit - 1; /* at most 255 */ + bit = 1 << w; /* at most 128 */ + next_bit = bit << 1; /* at most 256 */ + mask = next_bit - 1; /* at most 255 */ if (BN_is_negative(scalar)) { sign = -1; @@ -81,7 +81,7 @@ if (window_val & bit) { digit = window_val - next_bit; /* -2^w < digit < 0 */ -#if 1 /* modified wNAF */ +#if 1 /* modified wNAF */ if (j + w + 1 >= len) { /* * Special case for generating modified wNAFs: @@ -133,7 +133,7 @@ *ret_len = j; return r; - err: +err: OPENSSL_free(r); return NULL; } --- crypto/openssl/crypto/bn/bn_kron.c.orig +++ crypto/openssl/crypto/bn/bn_kron.c @@ -11,13 +11,13 @@ #include "bn_local.h" /* least significant word */ -#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) +#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG)0 : (n)->d[0]) /* Returns -2 for errors because both -1 and 0 are valid results. */ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { int i; - int ret = -2; /* avoid 'uninitialized' warning */ + int ret = -2; /* avoid 'uninitialized' warning */ int err = 0; BIGNUM *A, *B, *tmp; /*- @@ -131,7 +131,7 @@ B = tmp; tmp->neg = 0; } - end: +end: BN_CTX_end(ctx); if (err) return -2; --- crypto/openssl/crypto/bn/bn_lib.c.orig +++ crypto/openssl/crypto/bn/bn_lib.c @@ -28,7 +28,7 @@ * 8 - 256 == 8192 */ static int bn_limit_bits = 0; -static int bn_limit_num = 8; /* (1<=1400 && _MSC_VER<1501 -# define MS_BROKEN_BN_num_bits_word -# pragma optimize("", off) + && _MSC_VER >= 1400 && _MSC_VER < 1501 +#define MS_BROKEN_BN_num_bits_word +#pragma optimize("", off) #endif int BN_num_bits_word(BN_ULONG l) { @@ -142,15 +141,14 @@ return bits; } #ifdef MS_BROKEN_BN_num_bits_word -# pragma optimize("", on) +#pragma optimize("", on) #endif /* * This function still leaks `a->dmax`: it's caller's responsibility to * expand the input `a` in advance to a public length. */ -static ossl_inline -int bn_num_bits_consttime(const BIGNUM *a) +static ossl_inline int bn_num_bits_consttime(const BIGNUM *a) { int j, ret; unsigned int mask, past_i; @@ -209,7 +207,6 @@ OPENSSL_free(a->d); } - void BN_clear_free(BIGNUM *a) { if (a == NULL) @@ -253,13 +250,13 @@ return ret; } - BIGNUM *BN_secure_new(void) - { - BIGNUM *ret = BN_new(); - if (ret != NULL) - ret->flags |= BN_FLG_SECURE; - return ret; - } +BIGNUM *BN_secure_new(void) +{ + BIGNUM *ret = BN_new(); + if (ret != NULL) + ret->flags |= BN_FLG_SECURE; + return ret; +} /* This is used by bn_expand2() */ /* The caller MUST check that words > b->dmax before calling this */ @@ -356,10 +353,7 @@ return a; } -#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ - | BN_FLG_CONSTTIME \ - | BN_FLG_SECURE \ - | BN_FLG_FIXED_TOP)) +#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA | BN_FLG_CONSTTIME | BN_FLG_SECURE | BN_FLG_FIXED_TOP)) #define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED)) void BN_swap(BIGNUM *a, BIGNUM *b) @@ -443,7 +437,7 @@ return NULL; bn_check_top(ret); /* Skip leading zero's. */ - for ( ; len > 0 && *s == 0; s++, len--) + for (; len > 0 && *s == 0; s++, len--) continue; n = len; if (n == 0) { @@ -475,11 +469,11 @@ return ret; } -typedef enum {big, little} endianess_t; +typedef enum { big, + little } endianess_t; /* ignore negative */ -static -int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess) +static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess) { int n; size_t i, lasti, j, atop, mask; @@ -493,7 +487,7 @@ n = BN_num_bytes(a); if (tolen == -1) { tolen = n; - } else if (tolen < n) { /* uncommon/unlike case */ + } else if (tolen < n) { /* uncommon/unlike case */ BIGNUM temp = *a; bn_correct_top(&temp); @@ -555,7 +549,7 @@ bn_check_top(ret); s += len; /* Skip trailing zeroes. */ - for ( ; len > 0 && s[-1] == 0; s--, len--) + for (; len > 0 && s[-1] == 0; s--, len--) continue; n = len; if (n == 0) { @@ -622,14 +616,14 @@ bp = b->d; if (BN_get_flags(a, BN_FLG_CONSTTIME) - && a->top == b->top) { + && a->top == b->top) { int res = 0; for (i = 0; i < b->top; i++) { res = constant_time_select_int(constant_time_lt_bn(ap[i], bp[i]), - -1, res); + -1, res); res = constant_time_select_int(constant_time_lt_bn(bp[i], ap[i]), - 1, res); + 1, res); } return res; } @@ -830,13 +824,13 @@ if (dl < 0) { for (i = dl; i < 0; i++) { if (b[n - i] != 0) - return -1; /* a < b */ + return -1; /* a < b */ } } if (dl > 0) { for (i = dl; i > 0; i--) { if (a[n + i] != 0) - return 1; /* a > b */ + return 1; /* a > b */ } } return bn_cmp_words(a, b, cl); @@ -972,7 +966,7 @@ for (i = 1; i < a->top; i++) res = constant_time_select_int(constant_time_is_zero_bn(ap[i]), - res, 0); + res, 0); return res; } @@ -987,7 +981,7 @@ } int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) + BN_CTX *ctx) { return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx); } @@ -999,8 +993,8 @@ dest->dmax = b->dmax; dest->neg = b->neg; dest->flags = ((dest->flags & BN_FLG_MALLOCED) - | (b->flags & ~BN_FLG_MALLOCED) - | BN_FLG_STATIC_DATA | flags); + | (b->flags & ~BN_FLG_MALLOCED) + | BN_FLG_STATIC_DATA | flags); } BN_GENCB *BN_GENCB_new(void) @@ -1033,8 +1027,8 @@ } /* Populate a BN_GENCB structure with an "old"-style callback */ -void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), - void *cb_arg) +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), + void *cb_arg) { BN_GENCB *tmp_gencb = gencb; tmp_gencb->ver = 1; @@ -1043,8 +1037,8 @@ } /* Populate a BN_GENCB structure with a "new"-style callback */ -void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), - void *cb_arg) +void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), + void *cb_arg) { BN_GENCB *tmp_gencb = gencb; tmp_gencb->ver = 2; --- crypto/openssl/crypto/bn/bn_local.h.orig +++ crypto/openssl/crypto/bn/bn_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,22 +8,22 @@ */ #ifndef OSSL_CRYPTO_BN_LOCAL_H -# define OSSL_CRYPTO_BN_LOCAL_H +#define OSSL_CRYPTO_BN_LOCAL_H /* * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our * Configure script and needs to support both 32-bit and 64-bit. */ -# include +#include -# if !defined(OPENSSL_SYS_UEFI) -# include "crypto/bn_conf.h" -# endif +#if !defined(OPENSSL_SYS_UEFI) +#include "crypto/bn_conf.h" +#endif -# include "crypto/bn.h" -# include "internal/cryptlib.h" -# include "internal/numbers.h" +#include "crypto/bn.h" +#include "internal/cryptlib.h" +#include "internal/numbers.h" /* * These preprocessor symbols control various aspects of the bignum headers @@ -35,12 +35,12 @@ * mismanagement of bignum internals. Enable BN_RAND_DEBUG is known to * break some of the OpenSSL tests. */ -# if defined(BN_RAND_DEBUG) && !defined(BN_DEBUG) -# define BN_DEBUG -# endif -# if defined(BN_RAND_DEBUG) -# include -# endif +#if defined(BN_RAND_DEBUG) && !defined(BN_DEBUG) +#define BN_DEBUG +#endif +#if defined(BN_RAND_DEBUG) +#include +#endif /* * This should limit the stack usage due to alloca to about 4K. @@ -58,15 +58,15 @@ * "./config -DBN_SOFT_LIMIT=" if necessary, and the O/S specific * stack limit is known and taken into consideration. */ -# ifndef BN_SOFT_LIMIT -# define BN_SOFT_LIMIT (4096 / BN_BYTES) -# endif +#ifndef BN_SOFT_LIMIT +#define BN_SOFT_LIMIT (4096 / BN_BYTES) +#endif -# ifndef OPENSSL_SMALL_FOOTPRINT -# define BN_MUL_COMBA -# define BN_SQR_COMBA -# define BN_RECURSION -# endif +#ifndef OPENSSL_SMALL_FOOTPRINT +#define BN_MUL_COMBA +#define BN_SQR_COMBA +#define BN_RECURSION +#endif /* * This next option uses the C libraries (2 word)/(1 word) function. If it is @@ -80,63 +80,61 @@ * this should be on. Again this in only really a problem on machines using * "long long's", are 32bit, and are not using my assembler code. */ -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) -# define BN_DIV2W -# endif +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(linux) +#define BN_DIV2W +#endif /* * 64-bit processor with LP64 ABI */ -# ifdef SIXTY_FOUR_BIT_LONG -# define BN_ULLONG unsigned long long -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000L) -# define BN_MASK2h1 (0xffffffff80000000L) -# define BN_DEC_CONV (10000000000000000000UL) -# define BN_DEC_NUM 19 -# define BN_DEC_FMT1 "%lu" -# define BN_DEC_FMT2 "%019lu" -# endif +#ifdef SIXTY_FOUR_BIT_LONG +#define BN_ULLONG unsigned long long +#define BN_BITS4 32 +#define BN_MASK2 (0xffffffffffffffffL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000L) +#define BN_MASK2h1 (0xffffffff80000000L) +#define BN_DEC_CONV (10000000000000000000UL) +#define BN_DEC_NUM 19 +#define BN_DEC_FMT1 "%lu" +#define BN_DEC_FMT2 "%019lu" +#endif /* * 64-bit processor other than LP64 ABI */ -# ifdef SIXTY_FOUR_BIT -# undef BN_LLONG -# undef BN_ULLONG -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffLL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000LL) -# define BN_MASK2h1 (0xffffffff80000000LL) -# define BN_DEC_CONV (10000000000000000000ULL) -# define BN_DEC_NUM 19 -# define BN_DEC_FMT1 "%llu" -# define BN_DEC_FMT2 "%019llu" -# endif - -# ifdef THIRTY_TWO_BIT -# ifdef BN_LLONG -# if defined(_WIN32) && !defined(__GNUC__) -# define BN_ULLONG unsigned __int64 -# else -# define BN_ULLONG unsigned long long -# endif -# endif -# define BN_BITS4 16 -# define BN_MASK2 (0xffffffffL) -# define BN_MASK2l (0xffff) -# define BN_MASK2h1 (0xffff8000L) -# define BN_MASK2h (0xffff0000L) -# define BN_DEC_CONV (1000000000L) -# define BN_DEC_NUM 9 -# define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%09u" -# endif +#ifdef SIXTY_FOUR_BIT +#undef BN_LLONG +#undef BN_ULLONG +#define BN_BITS4 32 +#define BN_MASK2 (0xffffffffffffffffLL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000LL) +#define BN_MASK2h1 (0xffffffff80000000LL) +#define BN_DEC_CONV (10000000000000000000ULL) +#define BN_DEC_NUM 19 +#define BN_DEC_FMT1 "%llu" +#define BN_DEC_FMT2 "%019llu" +#endif +#ifdef THIRTY_TWO_BIT +#ifdef BN_LLONG +#if defined(_WIN32) && !defined(__GNUC__) +#define BN_ULLONG unsigned __int64 +#else +#define BN_ULLONG unsigned long long +#endif +#endif +#define BN_BITS4 16 +#define BN_MASK2 (0xffffffffL) +#define BN_MASK2l (0xffff) +#define BN_MASK2h1 (0xffff8000L) +#define BN_MASK2h (0xffff0000L) +#define BN_DEC_CONV (1000000000L) +#define BN_DEC_NUM 9 +#define BN_DEC_FMT1 "%u" +#define BN_DEC_FMT2 "%09u" +#endif /*- * Bignum consistency macros @@ -167,7 +165,7 @@ * coverage for openssl's own code. */ -# ifdef BN_DEBUG +#ifdef BN_DEBUG /* * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with * bn_correct_top, in other words such vectors are permitted to have zeros @@ -177,92 +175,89 @@ * observe it anyway. Moreover, optimizing compiler would actually remove * all operations manipulating the bit in question in non-BN_DEBUG build. */ -# define BN_FLG_FIXED_TOP 0x10000 -# ifdef BN_RAND_DEBUG -# define bn_pollute(a) \ - do { \ - const BIGNUM *_bnum1 = (a); \ - if (_bnum1->top < _bnum1->dmax) { \ - unsigned char _tmp_char; \ - /* We cast away const without the compiler knowing, any \ - * *genuinely* constant variables that aren't mutable \ - * wouldn't be constructed with top!=dmax. */ \ - BN_ULONG *_not_const; \ - memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ - (void)RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ - memset(_not_const + _bnum1->top, _tmp_char, \ - sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ - } \ - } while(0) -# else -# define bn_pollute(a) -# endif -# define bn_check_top(a) \ - do { \ - const BIGNUM *_bnum2 = (a); \ - if (_bnum2 != NULL) { \ - int _top = _bnum2->top; \ - (void)ossl_assert((_top == 0 && !_bnum2->neg) || \ - (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ - || _bnum2->d[_top - 1] != 0))); \ - bn_pollute(_bnum2); \ - } \ - } while(0) - -# define bn_fix_top(a) bn_check_top(a) - -# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -# define bn_wcheck_size(bn, words) \ - do { \ - const BIGNUM *_bnum2 = (bn); \ - assert((words) <= (_bnum2)->dmax && \ - (words) >= (_bnum2)->top); \ - /* avoid unused variable warning with NDEBUG */ \ - (void)(_bnum2); \ - } while(0) - -# else /* !BN_DEBUG */ - -# define BN_FLG_FIXED_TOP 0 -# define bn_pollute(a) -# define bn_check_top(a) -# define bn_fix_top(a) bn_correct_top(a) -# define bn_check_size(bn, bits) -# define bn_wcheck_size(bn, words) - -# endif +#define BN_FLG_FIXED_TOP 0x10000 +#ifdef BN_RAND_DEBUG +#define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if (_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ + (void)RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */ \ + memset(_not_const + _bnum1->top, _tmp_char, \ + sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ + } \ + } while (0) +#else +#define bn_pollute(a) +#endif +#define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + int _top = _bnum2->top; \ + (void)ossl_assert((_top == 0 && !_bnum2->neg) || (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) || _bnum2->d[_top - 1] != 0))); \ + bn_pollute(_bnum2); \ + } \ + } while (0) + +#define bn_fix_top(a) bn_check_top(a) + +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits + BN_BITS2 - 1)) / BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ + /* avoid unused variable warning with NDEBUG */ \ + (void)(_bnum2); \ + } while (0) + +#else /* !BN_DEBUG */ + +#define BN_FLG_FIXED_TOP 0 +#define bn_pollute(a) +#define bn_check_top(a) +#define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) + +#endif BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w); + BN_ULONG w); BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); + int num); BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); + int num); struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ - int top; /* Index of last used d +1. */ + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit + * chunks. */ + int top; /* Index of last used d +1. */ /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ int flags; }; /* Used for montgomery multiplication */ struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form, - possibly zero-padded */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only - * stored for bignum algorithm) */ - BN_ULONG n0[2]; /* least significant word(s) of Ni; (type - * changed with 0.9.9, was "BN_ULONG n0;" - * before) */ + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form, + possibly zero-padded */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only + * stored for bignum algorithm) */ + BN_ULONG n0[2]; /* least significant word(s) of Ni; (type + * changed with 0.9.9, was "BN_ULONG n0;" + * before) */ int flags; }; @@ -271,8 +266,8 @@ * threads */ struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ int num_bits; int shift; int flags; @@ -280,13 +275,13 @@ /* Used for slow "generation" functions. */ struct bn_gencb_st { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ union { /* if (ver==1) - handles old style callbacks */ - void (*cb_1) (int, int, void *); + void (*cb_1)(int, int, void *); /* if (ver==2) - new callback style */ - int (*cb_2) (int, int, BN_GENCB *); + int (*cb_2)(int, int, BN_GENCB *); } cb; }; @@ -315,18 +310,18 @@ * (with draws in between). Very small exponents are often selected * with low Hamming weight, so we use w = 1 for b <= 23. */ -# define BN_window_bits_for_exponent_size(b) \ - ((b) > 671 ? 6 : \ - (b) > 239 ? 5 : \ - (b) > 79 ? 4 : \ - (b) > 23 ? 3 : 1) +#define BN_window_bits_for_exponent_size(b) \ + ((b) > 671 ? 6 : (b) > 239 ? 5 \ + : (b) > 79 ? 4 \ + : (b) > 23 ? 3 \ + : 1) /* * BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache * line width of the target processor is at least the following value. */ -# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) -# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) +#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH (64) +#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) /* * Window sizes optimized for fixed window size modular exponentiation @@ -337,34 +332,34 @@ * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be * used on processors that have a 128 byte or greater cache line size. */ -# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 +#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 -# define BN_window_bits_for_ctime_exponent_size(b) \ - ((b) > 937 ? 6 : \ - (b) > 306 ? 5 : \ - (b) > 89 ? 4 : \ - (b) > 22 ? 3 : 1) -# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) +#define BN_window_bits_for_ctime_exponent_size(b) \ + ((b) > 937 ? 6 : (b) > 306 ? 5 \ + : (b) > 89 ? 4 \ + : (b) > 22 ? 3 \ + : 1) +#define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) -# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 +#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 -# define BN_window_bits_for_ctime_exponent_size(b) \ - ((b) > 306 ? 5 : \ - (b) > 89 ? 4 : \ - (b) > 22 ? 3 : 1) -# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) +#define BN_window_bits_for_ctime_exponent_size(b) \ + ((b) > 306 ? 5 : (b) > 89 ? 4 \ + : (b) > 22 ? 3 \ + : 1) +#define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) -# endif +#endif /* Pentium pro 16,16,16,32,64 */ /* Alpha 16,16,16,16.64 */ -# define BN_MULL_SIZE_NORMAL (16)/* 32 */ -# define BN_MUL_RECURSIVE_SIZE_NORMAL (16)/* 32 less than */ -# define BN_SQR_RECURSIVE_SIZE_NORMAL (16)/* 32 */ -# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */ -# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */ +#define BN_MULL_SIZE_NORMAL (16) /* 32 */ +#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */ +#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */ +#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */ +#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */ -# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) /* * BN_UMULT_HIGH section. * If the compiler doesn't support 2*N integer type, then you have to @@ -381,258 +376,273 @@ * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do * support 2*64 integer type, which is also used here. */ -# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \ - (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) -# define BN_UMULT_HIGH(a,b) (((uint128_t)(a)*(b))>>64) -# define BN_UMULT_LOHI(low,high,a,b) ({ \ +#if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) +#define BN_UMULT_HIGH(a, b) (((uint128_t)(a) * (b)) >> 64) +#define BN_UMULT_LOHI(low, high, a, b) ({ \ uint128_t ret=(uint128_t)(a)*(b); \ - (high)=ret>>64; (low)=ret; }) -# elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__DECC) -# include -# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) -# elif defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ + (high)=ret>>64; (low)=ret; }) +#elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) +#if defined(__DECC) +#include +#define BN_UMULT_HIGH(a, b) (BN_ULONG)asm("umulh %a0,%a1,%v0", (a), (b)) +#elif defined(__GNUC__) && __GNUC__ >= 2 +#define BN_UMULT_HIGH(a, b) ({ \ register BN_ULONG ret; \ asm ("umulh %1,%2,%0" \ : "=r"(ret) \ : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ + ret; }) +#endif /* compiler */ +#elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG) +#if defined(__GNUC__) && __GNUC__ >= 2 +#define BN_UMULT_HIGH(a, b) ({ \ register BN_ULONG ret; \ asm ("mulhdu %0,%1,%2" \ : "=r"(ret) \ : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif (defined(__x86_64) || defined(__x86_64__)) && \ - (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ + ret; }) +#endif /* compiler */ +#elif (defined(__x86_64) || defined(__x86_64__)) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) +#if defined(__GNUC__) && __GNUC__ >= 2 +#define BN_UMULT_HIGH(a, b) ({ \ register BN_ULONG ret,discard; \ asm ("mulq %3" \ : "=a"(discard),"=d"(ret) \ : "a"(a), "g"(b) \ : "cc"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(a),"g"(b) \ - : "cc"); -# endif -# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) -# if defined(_MSC_VER) && _MSC_VER>=1400 + ret; }) +#define BN_UMULT_LOHI(low, high, a, b) \ + asm("mulq %3" \ + : "=a"(low), "=d"(high) \ + : "a"(a), "g"(b) \ + : "cc"); +#endif +#elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) +#if defined(_MSC_VER) && _MSC_VER >= 1400 unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b); unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, - unsigned __int64 *h); -# pragma intrinsic(__umulh,_umul128) -# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) -# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) -# endif -# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ + unsigned __int64 *h); +#pragma intrinsic(__umulh, _umul128) +#define BN_UMULT_HIGH(a, b) __umulh((a), (b)) +#define BN_UMULT_LOHI(low, high, a, b) ((low) = _umul128((a), (b), &(high))) +#endif +#elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) +#if defined(__GNUC__) && __GNUC__ >= 2 +#define BN_UMULT_HIGH(a, b) ({ \ register BN_ULONG ret; \ asm ("dmultu %1,%2" \ : "=h"(ret) \ : "r"(a), "r"(b) : "l"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ - asm ("dmultu %2,%3" \ - : "=l"(low),"=h"(high) \ - : "r"(a), "r"(b)); -# endif -# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ + ret; }) +#define BN_UMULT_LOHI(low, high, a, b) \ + asm("dmultu %2,%3" \ + : "=l"(low), "=h"(high) \ + : "r"(a), "r"(b)); +#endif +#elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) +#if defined(__GNUC__) && __GNUC__ >= 2 +#define BN_UMULT_HIGH(a, b) ({ \ register BN_ULONG ret; \ asm ("umulh %0,%1,%2" \ : "=r"(ret) \ : "r"(a), "r"(b)); \ - ret; }) -# endif -# endif /* cpu */ -# endif /* OPENSSL_NO_ASM */ - -# ifdef BN_RAND_DEBUG -# define bn_clear_top2max(a) \ - { \ - int ind = (a)->dmax - (a)->top; \ - BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ - for (; ind != 0; ind--) \ - *(++ftl) = 0x0; \ - } -# else -# define bn_clear_top2max(a) -# endif - -# ifdef BN_LLONG + ret; }) +#endif +#endif /* cpu */ +#endif /* OPENSSL_NO_ASM */ + +#ifdef BN_RAND_DEBUG +#define bn_clear_top2max(a) \ + { \ + int ind = (a)->dmax - (a)->top; \ + BN_ULONG *ftl = &(a)->d[(a)->top - 1]; \ + for (; ind != 0; ind--) \ + *(++ftl) = 0x0; \ + } +#else +#define bn_clear_top2max(a) +#endif + +#ifdef BN_LLONG /******************************************************************* * Using the long long type, has to be twice as wide as BN_ULONG... */ -# define Lw(t) (((BN_ULONG)(t))&BN_MASK2) -# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) - -# define mul_add(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (r) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -# define mul(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -# define sqr(r0,r1,a) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)(a)*(a); \ - (r0)=Lw(t); \ - (r1)=Hw(t); \ - } - -# elif defined(BN_UMULT_LOHI) -# define mul_add(r,a,w,c) { \ - BN_ULONG high,low,ret,tmp=(a); \ - ret = (r); \ - BN_UMULT_LOHI(low,high,w,tmp); \ - ret += (c); \ - (c) = (ret<(c)); \ - (c) += high; \ - ret += low; \ - (c) += (ret> BN_BITS2)) & BN_MASK2) + +#define mul_add(r, a, w, c) \ + { \ + BN_ULLONG t; \ + t = (BN_ULLONG)w * (a) + (r) + (c); \ + (r) = Lw(t); \ + (c) = Hw(t); \ + } + +#define mul(r, a, w, c) \ + { \ + BN_ULLONG t; \ + t = (BN_ULLONG)w * (a) + (c); \ + (r) = Lw(t); \ + (c) = Hw(t); \ + } + +#define sqr(r0, r1, a) \ + { \ + BN_ULLONG t; \ + t = (BN_ULLONG)(a) * (a); \ + (r0) = Lw(t); \ + (r1) = Hw(t); \ + } + +#elif defined(BN_UMULT_LOHI) +#define mul_add(r, a, w, c) \ + { \ + BN_ULONG high, low, ret, tmp = (a); \ + ret = (r); \ + BN_UMULT_LOHI(low, high, w, tmp); \ + ret += (c); \ + (c) = (ret < (c)); \ + (c) += high; \ + ret += low; \ + (c) += (ret < low); \ + (r) = ret; \ + } + +#define mul(r, a, w, c) \ + { \ + BN_ULONG high, low, ret, ta = (a); \ + BN_UMULT_LOHI(low, high, w, ta); \ + ret = low + (c); \ + (c) = high; \ + (c) += (ret < low); \ + (r) = ret; \ + } + +#define sqr(r0, r1, a) \ + { \ + BN_ULONG tmp = (a); \ + BN_UMULT_LOHI(r0, r1, tmp, tmp); \ + } + +#elif defined(BN_UMULT_HIGH) +#define mul_add(r, a, w, c) \ + { \ + BN_ULONG high, low, ret, tmp = (a); \ + ret = (r); \ + high = BN_UMULT_HIGH(w, tmp); \ + ret += (c); \ + low = (w) * tmp; \ + (c) = (ret < (c)); \ + (c) += high; \ + ret += low; \ + (c) += (ret < low); \ + (r) = ret; \ + } + +#define mul(r, a, w, c) \ + { \ + BN_ULONG high, low, ret, ta = (a); \ + low = (w) * ta; \ + high = BN_UMULT_HIGH(w, ta); \ + ret = low + (c); \ + (c) = high; \ + (c) += (ret < low); \ + (r) = ret; \ + } + +#define sqr(r0, r1, a) \ + { \ + BN_ULONG tmp = (a); \ (r0) = tmp * tmp; \ - (r1) = BN_UMULT_HIGH(tmp,tmp); \ - } + (r1) = BN_UMULT_HIGH(tmp, tmp); \ + } -# else +#else /************************************************************* * No long long type */ -# define LBITS(a) ((a)&BN_MASK2l) -# define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l) -# define L2HBITS(a) (((a)<>BN_BITS2)&BN_MASKl) -# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<>(BN_BITS4-1); \ - m =(m&BN_MASK2l)<<(BN_BITS4+1); \ - l=(l+m)&BN_MASK2; h += (l < m); \ - (lo)=l; \ - (ho)=h; \ - } - -# define mul_add(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l=(l+(c))&BN_MASK2; h += (l < (c)); \ - (c)=(r); \ - l=(l+(c))&BN_MASK2; h += (l < (c)); \ - (c)=h&BN_MASK2; \ - (r)=l; \ - } - -# define mul(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l+=(c); h += ((l&BN_MASK2) < (c)); \ - (c)=h&BN_MASK2; \ - (r)=l&BN_MASK2; \ - } -# endif /* !BN_LLONG */ +#define LBITS(a) ((a) & BN_MASK2l) +#define HBITS(a) (((a) >> BN_BITS4) & BN_MASK2l) +#define L2HBITS(a) (((a) << BN_BITS4) & BN_MASK2) + +#define LLBITS(a) ((a) & BN_MASKl) +#define LHBITS(a) (((a) >> BN_BITS2) & BN_MASKl) +#define LL2HBITS(a) ((BN_ULLONG)((a) & BN_MASKl) << BN_BITS2) + +#define mul64(l, h, bl, bh) \ + { \ + BN_ULONG m, m1, lt, ht; \ + \ + lt = l; \ + ht = h; \ + m = (bh) * (lt); \ + lt = (bl) * (lt); \ + m1 = (bl) * (ht); \ + ht = (bh) * (ht); \ + m = (m + m1) & BN_MASK2; \ + ht += L2HBITS((BN_ULONG)(m < m1)); \ + ht += HBITS(m); \ + m1 = L2HBITS(m); \ + lt = (lt + m1) & BN_MASK2; \ + ht += (lt < m1); \ + (l) = lt; \ + (h) = ht; \ + } + +#define sqr64(lo, ho, in) \ + { \ + BN_ULONG l, h, m; \ + \ + h = (in); \ + l = LBITS(h); \ + h = HBITS(h); \ + m = (l) * (h); \ + l *= l; \ + h *= h; \ + h += (m & BN_MASK2h1) >> (BN_BITS4 - 1); \ + m = (m & BN_MASK2l) << (BN_BITS4 + 1); \ + l = (l + m) & BN_MASK2; \ + h += (l < m); \ + (lo) = l; \ + (ho) = h; \ + } + +#define mul_add(r, a, bl, bh, c) \ + { \ + BN_ULONG l, h; \ + \ + h = (a); \ + l = LBITS(h); \ + h = HBITS(h); \ + mul64(l, h, (bl), (bh)); \ + \ + /* non-multiply part */ \ + l = (l + (c)) & BN_MASK2; \ + h += (l < (c)); \ + (c) = (r); \ + l = (l + (c)) & BN_MASK2; \ + h += (l < (c)); \ + (c) = h & BN_MASK2; \ + (r) = l; \ + } + +#define mul(r, a, bl, bh, c) \ + { \ + BN_ULONG l, h; \ + \ + h = (a); \ + l = LBITS(h); \ + h = HBITS(h); \ + mul64(l, h, (bl), (bh)); \ + \ + /* non-multiply part */ \ + l += (c); \ + h += ((l & BN_MASK2) < (c)); \ + (c) = h & BN_MASK2; \ + (r) = l & BN_MASK2; \ + } +#endif /* !BN_LLONG */ void BN_RECP_CTX_init(BN_RECP_CTX *recp); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); @@ -647,34 +657,34 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n); int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t); + int dna, int dnb, BN_ULONG *t); void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, - int n, int tna, int tnb, BN_ULONG *t); + int n, int tna, int tnb, BN_ULONG *t); void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t); void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t); + BN_ULONG *t); BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); + int cl, int dl); int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); + const BN_ULONG *np, const BN_ULONG *n0, int num); void bn_correct_top_consttime(BIGNUM *a); BIGNUM *int_bn_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, - int *noinv); + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, + int *noinv); static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) { if (bits > (INT_MAX - BN_BITS2 + 1)) return NULL; - if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) + if (((bits + BN_BITS2 - 1) / BN_BITS2) <= (a)->dmax) return a; - return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); + return bn_expand2((a), (bits + BN_BITS2 - 1) / BN_BITS2); } int ossl_bn_check_prime(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb); + int do_trial_division, BN_GENCB *cb); #endif --- crypto/openssl/crypto/bn/bn_mod.c.orig +++ crypto/openssl/crypto/bn/bn_mod.c @@ -27,11 +27,11 @@ if (!r->neg) return 1; /* now -|d| < r < 0, so we have to set r := r + |d| */ - return (d->neg ? BN_sub : BN_add) (r, r, d); + return (d->neg ? BN_sub : BN_add)(r, r, d); } int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) + BN_CTX *ctx) { if (!BN_add(r, a, b)) return 0; @@ -51,7 +51,7 @@ * move depending on whether or not subtraction borrowed. */ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) + const BIGNUM *m) { size_t i, ai, bi, mtop = m->top; BN_ULONG storage[1024 / BN_BITS2]; @@ -102,7 +102,7 @@ } int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) + const BIGNUM *m) { int ret = bn_mod_add_fixed_top(r, a, b, m); @@ -113,7 +113,7 @@ } int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) + BN_CTX *ctx) { if (!BN_sub(r, a, b)) return 0; @@ -135,7 +135,7 @@ * Thus it takes up to two conditional additions to make |r| positive. */ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) + const BIGNUM *m) { size_t i, ai, bi, mtop = m->top; BN_ULONG borrow, carry, ta, tb, mask, *rp; @@ -189,7 +189,7 @@ * less than m */ int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) + const BIGNUM *m) { if (r == m) { ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); @@ -205,7 +205,7 @@ /* slow but works */ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) + BN_CTX *ctx) { BIGNUM *t; int ret = 0; @@ -228,7 +228,7 @@ goto err; bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -264,7 +264,7 @@ } int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, - BN_CTX *ctx) + BN_CTX *ctx) { BIGNUM *abs_m = NULL; int ret; --- crypto/openssl/crypto/bn/bn_mont.c.orig +++ crypto/openssl/crypto/bn/bn_mont.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,22 @@ */ /* - * Details about Montgomery multiplication algorithms can be found at - * http://security.ece.orst.edu/publications.html, e.g. - * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and - * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf + * Details about Montgomery multiplication algorithms can be found in + * https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf + * and https://cetinkayakoc.net/docs/r01.pdf */ #include "internal/cryptlib.h" #include "bn_local.h" -#define MONT_WORD /* use the faster word-based algorithm */ +#define MONT_WORD /* use the faster word-based algorithm */ #ifdef MONT_WORD static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); #endif int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx) + BN_MONT_CTX *mont, BN_CTX *ctx) { int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx); @@ -35,7 +34,7 @@ } int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx) + BN_MONT_CTX *mont, BN_CTX *ctx) { BIGNUM *tmp; int ret = 0; @@ -79,7 +78,7 @@ goto err; #endif ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -99,7 +98,7 @@ return 1; } - max = (2 * nl); /* carry is stored separately */ + max = (2 * nl); /* carry is stored separately */ if (bn_wexpand(r, max) == NULL) return 0; @@ -157,10 +156,10 @@ return 1; } -#endif /* MONT_WORD */ +#endif /* MONT_WORD */ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) + BN_CTX *ctx) { int retn; @@ -172,7 +171,7 @@ } int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) + BN_CTX *ctx) { int retn = 0; #ifdef MONT_WORD @@ -183,7 +182,7 @@ retn = bn_from_montgomery_word(ret, t, mont); } BN_CTX_end(ctx); -#else /* !MONT_WORD */ +#else /* !MONT_WORD */ BIGNUM *t1, *t2; BN_CTX_start(ctx); @@ -213,14 +212,14 @@ } retn = 1; bn_check_top(ret); - err: +err: BN_CTX_end(ctx); -#endif /* MONT_WORD */ +#endif /* MONT_WORD */ return retn; } int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) + BN_CTX *ctx) { return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx); } @@ -271,9 +270,9 @@ BN_CTX_start(ctx); if ((Ri = BN_CTX_get(ctx)) == NULL) goto err; - R = &(mont->RR); /* grab RR as a temp */ + R = &(mont->RR); /* grab RR as a temp */ if (!BN_copy(&(mont->N), mod)) - goto err; /* Set N */ + goto err; /* Set N */ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(&(mont->N), BN_FLG_CONSTTIME); mont->N.neg = 0; @@ -293,7 +292,7 @@ mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; -# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) +#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2 <= 32) /* * Only certain BN_BITS2<=32 platforms actually make use of n0[1], * and we could use the #else case (with a shorter R value) for the @@ -316,11 +315,11 @@ else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) - goto err; /* R*Ri */ + goto err; /* R*Ri */ if (!BN_is_zero(Ri)) { if (!BN_sub_word(Ri, 1)) goto err; - } else { /* if N mod word size == 1 */ + } else { /* if N mod word size == 1 */ if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL) goto err; @@ -337,12 +336,12 @@ */ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; -# else +#else BN_zero(R); if (!(BN_set_bit(R, BN_BITS2))) - goto err; /* R */ + goto err; /* R */ - buf[0] = mod->d[0]; /* tmod = N mod word size */ + buf[0] = mod->d[0]; /* tmod = N mod word size */ buf[1] = 0; tmod.top = buf[0] != 0 ? 1 : 0; /* Ri = R^-1 mod N */ @@ -351,14 +350,14 @@ else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, BN_BITS2)) - goto err; /* R*Ri */ + goto err; /* R*Ri */ if (!BN_is_zero(Ri)) { if (!BN_sub_word(Ri, 1)) goto err; - } else { /* if N mod word size == 1 */ + } else { /* if N mod word size == 1 */ if (!BN_set_word(Ri, BN_MASK2)) - goto err; /* Ri-- (mod word size) */ + goto err; /* Ri-- (mod word size) */ } if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) goto err; @@ -367,19 +366,19 @@ */ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; mont->n0[1] = 0; -# endif +#endif } -#else /* !MONT_WORD */ - { /* bignum version */ +#else /* !MONT_WORD */ + { /* bignum version */ mont->ri = BN_num_bits(&mont->N); BN_zero(R); if (!BN_set_bit(R, mont->ri)) - goto err; /* R = 2^ri */ + goto err; /* R = 2^ri */ /* Ri = R^-1 mod N */ if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, mont->ri)) - goto err; /* R*Ri */ + goto err; /* R*Ri */ if (!BN_sub_word(Ri, 1)) goto err; /* @@ -403,7 +402,7 @@ mont->RR.flags |= BN_FLG_FIXED_TOP; ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -426,7 +425,7 @@ } BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, - const BIGNUM *mod, BN_CTX *ctx) + const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *ret; --- crypto/openssl/crypto/bn/bn_mpi.c.orig +++ crypto/openssl/crypto/bn/bn_mpi.c @@ -49,8 +49,7 @@ ERR_raise(ERR_LIB_BN, BN_R_INVALID_LENGTH); return NULL; } - len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) - d[3]; + len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)d[3]; if ((len + 4) != n) { ERR_raise(ERR_LIB_BN, BN_R_ENCODING_ERROR); return NULL; --- crypto/openssl/crypto/bn/bn_mul.c.orig +++ crypto/openssl/crypto/bn/bn_mul.c @@ -25,8 +25,8 @@ */ BN_ULONG bn_sub_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) + const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl) { BN_ULONG c, t; @@ -173,20 +173,20 @@ */ /* dnX may not be positive, but n2/2+dnX has to be */ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t) + int dna, int dnb, BN_ULONG *t) { int n = n2 / 2, c1, c2; int tna = n + dna, tnb = n + dnb; unsigned int neg, zero; BN_ULONG ln, lo, *p; -# ifdef BN_MUL_COMBA -# if 0 +#ifdef BN_MUL_COMBA +#if 0 if (n2 == 4) { bn_mul_comba4(r, a, b); return; } -# endif +#endif /* * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete * [steve] @@ -195,13 +195,13 @@ bn_mul_comba8(r, a, b); return; } -# endif /* BN_MUL_COMBA */ +#endif /* BN_MUL_COMBA */ /* Else do normal multiply */ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); if ((dna + dnb) < 0) memset(&r[2 * n2 + dna + dnb], 0, - sizeof(BN_ULONG) * -(dna + dnb)); + sizeof(BN_ULONG) * -(dna + dnb)); return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ @@ -240,7 +240,7 @@ break; } -# ifdef BN_MUL_COMBA +#ifdef BN_MUL_COMBA if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take * extra args to do this well */ if (!zero) @@ -261,7 +261,7 @@ bn_mul_comba8(r, a, b); bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); } else -# endif /* BN_MUL_COMBA */ +#endif /* BN_MUL_COMBA */ { p = &(t[n2 * 2]); if (!zero) @@ -280,7 +280,7 @@ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - if (neg) { /* if t[32] is negative */ + if (neg) { /* if t[32] is negative */ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); } else { /* Might have a carry */ @@ -320,7 +320,7 @@ */ /* tnX may not be negative but less than n */ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - int tna, int tnb, BN_ULONG *t) + int tna, int tnb, BN_ULONG *t) { int i, j, n2 = n * 2; int c1, c2, neg; @@ -364,14 +364,14 @@ * The zero case isn't yet implemented here. The speedup would probably * be negligible. */ -# if 0 +#if 0 if (n == 4) { bn_mul_comba4(&(t[n2]), t, &(t[n])); bn_mul_comba4(r, a, b); bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2)); } else -# endif +#endif if (n == 8) { bn_mul_comba8(&(t[n2]), t, &(t[n])); bn_mul_comba8(r, a, b); @@ -391,14 +391,14 @@ j = tnb - i; if (j == 0) { bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); + i, tna - i, tnb - i, p); memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2)); - } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ + } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); + i, tna - i, tnb - i, p); memset(&(r[n2 + tna + tnb]), 0, - sizeof(BN_ULONG) * (n2 - tna - tnb)); - } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ + sizeof(BN_ULONG) * (n2 - tna - tnb)); + } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ memset(&r[n2], 0, sizeof(*r) * n2); if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL @@ -413,13 +413,13 @@ */ if (i < tna || i < tnb) { bn_mul_part_recursive(&(r[n2]), - &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); + &(a[n]), &(b[n]), + i, tna - i, tnb - i, p); break; } else if (i == tna || i == tnb) { bn_mul_recursive(&(r[n2]), - &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); + &(a[n]), &(b[n]), + i, tna - i, tnb - i, p); break; } } @@ -435,7 +435,7 @@ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - if (neg) { /* if t[32] is negative */ + if (neg) { /* if t[32] is negative */ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); } else { /* Might have a carry */ @@ -475,7 +475,7 @@ * r needs to be n2 words and t needs to be n2*2 */ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t) + BN_ULONG *t) { int n = n2 / 2; @@ -492,7 +492,7 @@ bn_add_words(&(r[n]), &(r[n]), &(t[n]), n); } } -#endif /* BN_RECURSION */ +#endif /* BN_RECURSION */ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -542,7 +542,7 @@ #endif #ifdef BN_MUL_COMBA if (i == 0) { -# if 0 +#if 0 if (al == 4) { if (bn_wexpand(rr, 8) == NULL) goto err; @@ -550,7 +550,7 @@ bn_mul_comba4(rr->d, a->d, b->d); goto end; } -# endif +#endif if (al == 8) { if (bn_wexpand(rr, 16) == NULL) goto err; @@ -559,7 +559,7 @@ goto end; } } -#endif /* BN_MUL_COMBA */ +#endif /* BN_MUL_COMBA */ #ifdef BN_RECURSION if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { if (i >= -1 && i <= 1) { @@ -585,8 +585,8 @@ if (bn_wexpand(rr, k * 4) == NULL) goto err; bn_mul_part_recursive(rr->d, a->d, b->d, - j, al - j, bl - j, t->d); - } else { /* al <= j || bl <= j */ + j, al - j, bl - j, t->d); + } else { /* al <= j || bl <= j */ if (bn_wexpand(t, k * 2) == NULL) goto err; @@ -598,14 +598,14 @@ goto end; } } -#endif /* BN_RECURSION */ +#endif /* BN_RECURSION */ if (bn_wexpand(rr, top) == NULL) goto err; rr->top = top; bn_mul_normal(rr->d, a->d, al, b->d, bl); #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - end: +end: #endif rr->neg = a->neg ^ b->neg; rr->flags |= BN_FLG_FIXED_TOP; @@ -613,7 +613,7 @@ goto err; ret = 1; - err: +err: bn_check_top(r); BN_CTX_end(ctx); return ret; @@ -633,7 +633,6 @@ ltmp = a; a = b; b = ltmp; - } rr = &(r[na]); if (nb <= 0) { --- crypto/openssl/crypto/bn/bn_nist.c.orig +++ crypto/openssl/crypto/bn/bn_nist.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,18 +10,18 @@ #include "bn_local.h" #include "internal/cryptlib.h" -#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_192_TOP (192 + BN_BITS2 - 1) / BN_BITS2 +#define BN_NIST_224_TOP (224 + BN_BITS2 - 1) / BN_BITS2 +#define BN_NIST_256_TOP (256 + BN_BITS2 - 1) / BN_BITS2 +#define BN_NIST_384_TOP (384 + BN_BITS2 - 1) / BN_BITS2 +#define BN_NIST_521_TOP (521 + BN_BITS2 - 1) / BN_BITS2 /* pre-computed tables are "carry-less" values of modulus*(i+1) */ #if BN_BITS2 == 64 static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { - {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL}, - {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL}, - {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL} + { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL }, + { 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL }, + { 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL } }; static const BN_ULONG _nist_p_192_sqr[] = { @@ -30,11 +30,11 @@ }; static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { - {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL}, - {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is - * "carry-full" */ + { 0x0000000000000001ULL, 0xFFFFFFFF00000000ULL, + 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL }, + { 0x0000000000000002ULL, 0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL } /* this one is + * "carry-full" */ }; static const BN_ULONG _nist_p_224_sqr[] = { @@ -45,16 +45,16 @@ }; static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { - {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL}, - {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL}, - {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL}, - {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL}, - {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL}, + { 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL }, + { 0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL }, + { 0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL }, + { 0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL }, + { 0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL }, }; static const BN_ULONG _nist_p_256_sqr[] = { @@ -65,16 +65,16 @@ }; static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { - {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, + { 0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL }, + { 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL }, + { 0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL }, + { 0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL }, + { 0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL }, }; static const BN_ULONG _nist_p_384_sqr[] = { @@ -84,13 +84,11 @@ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL }; -static const BN_ULONG _nist_p_521[] = - { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, +static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0x00000000000001FFULL -}; + 0x00000000000001FFULL }; static const BN_ULONG _nist_p_521_sqr[] = { 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, @@ -102,9 +100,9 @@ }; #elif BN_BITS2 == 32 static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} + { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }, + { 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }, + { 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF } }; static const BN_ULONG _nist_p_192_sqr[] = { @@ -113,10 +111,10 @@ }; static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { - {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} + { 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }, + { 0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF } }; static const BN_ULONG _nist_p_224_sqr[] = { @@ -127,16 +125,16 @@ }; static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, - 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF}, - {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, - 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE}, - {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, - 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD}, - {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, - 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC}, - {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, - 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB}, + { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, + 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF }, + { 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, + 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE }, + { 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, + 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD }, + { 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, + 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC }, + { 0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, + 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB }, }; static const BN_ULONG _nist_p_256_sqr[] = { @@ -147,16 +145,16 @@ }; static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { - {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, + { 0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }, + { 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }, + { 0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }, + { 0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }, + { 0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }, }; static const BN_ULONG _nist_p_384_sqr[] = { @@ -169,8 +167,7 @@ static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0x000001FF -}; + 0xFFFFFFFF, 0x000001FF }; static const BN_ULONG _nist_p_521_sqr[] = { 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, @@ -181,7 +178,7 @@ 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF }; #else -# error "unsupported BN_BITS2" +#error "unsupported BN_BITS2" #endif static const BIGNUM ossl_bignum_nist_p_192 = { @@ -251,7 +248,7 @@ /* * To avoid more recent compilers (specifically clang-14) from treating this - * code as a violation of the strict aliasing conditions and omiting it, this + * code as a violation of the strict aliasing conditions and omitting it, this * cannot be declared as a function. Moreover, the dst parameter cannot be * cached in a local since this no longer references the union and again falls * foul of the strict aliasing criteria. Refer to #18225 for the initial @@ -263,15 +260,15 @@ * paid for making it a macro. */ #define nist_cp_bn_0(dst, src_in, top, max) \ -{ \ - int ii; \ - const BN_ULONG *src = src_in; \ + { \ + int ii; \ + const BN_ULONG *src = src_in; \ \ - for (ii = 0; ii < top; ii++) \ - (dst)[ii] = src[ii]; \ - for (; ii < max; ii++) \ - (dst)[ii] = 0; \ -} + for (ii = 0; ii < top; ii++) \ + (dst)[ii] = src[ii]; \ + for (; ii < max; ii++) \ + (dst)[ii] = 0; \ + } static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) { @@ -282,42 +279,42 @@ } #if BN_BITS2 == 64 -# define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -# define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; +#define bn_cp_64(to, n, from, m) (to)[n] = (m >= 0) ? ((from)[m]) : 0; +#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; /* * two following macros are implemented under assumption that they * are called in a sequence with *ascending* n, i.e. as they are... */ -# define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ - :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) -# define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); -# define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) -# if defined(L_ENDIAN) -# if defined(__arch64__) -# define NIST_INT64 long -# else -# define NIST_INT64 long long -# endif -# endif +#define bn_cp_32_naked(to, n, from, m) (((n) & 1) ? (to[(n) / 2] |= ((m) & 1) ? (from[(m) / 2] & BN_MASK2h) : (from[(m) / 2] << 32)) \ + : (to[(n) / 2] = ((m) & 1) ? (from[(m) / 2] >> 32) : (from[(m) / 2] & BN_MASK2l))) +#define bn_32_set_0(to, n) (((n) & 1) ? (to[(n) / 2] &= BN_MASK2l) : (to[(n) / 2] = 0)); +#define bn_cp_32(to, n, from, m) ((m) >= 0) ? bn_cp_32_naked(to, n, from, m) : bn_32_set_0(to, n) +#if defined(L_ENDIAN) +#if defined(__arch64__) +#define NIST_INT64 long #else -# define bn_cp_64(to, n, from, m) \ - { \ - bn_cp_32(to, (n)*2, from, (m)*2); \ - bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ - } -# define bn_64_set_0(to, n) \ - { \ - bn_32_set_0(to, (n)*2); \ - bn_32_set_0(to, (n)*2+1); \ - } -# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; -# if defined(_WIN32) && !defined(__GNUC__) -# define NIST_INT64 __int64 -# elif defined(BN_LLONG) -# define NIST_INT64 long long -# endif -#endif /* BN_BITS2 != 64 */ +#define NIST_INT64 long long +#endif +#endif +#else +#define bn_cp_64(to, n, from, m) \ + { \ + bn_cp_32(to, (n) * 2, from, (m) * 2); \ + bn_cp_32(to, (n) * 2 + 1, from, (m) * 2 + 1); \ + } +#define bn_64_set_0(to, n) \ + { \ + bn_32_set_0(to, (n) * 2); \ + bn_32_set_0(to, (n) * 2 + 1); \ + } +#define bn_cp_32(to, n, from, m) (to)[n] = (m >= 0) ? ((from)[m]) : 0; +#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; +#if defined(_WIN32) && !defined(__GNUC__) +#define NIST_INT64 __int64 +#elif defined(BN_LLONG) +#define NIST_INT64 long long +#endif +#endif /* BN_BITS2 != 64 */ #ifdef NIST_INT64 /* Helpers to load/store a 32-bit word (uint32_t) from/into a memory @@ -341,23 +338,22 @@ } #endif /* NIST_INT64 */ -#define nist_set_192(to, from, a1, a2, a3) \ - { \ - bn_cp_64(to, 0, from, (a3) - 3) \ - bn_cp_64(to, 1, from, (a2) - 3) \ - bn_cp_64(to, 2, from, (a1) - 3) \ - } +#define nist_set_192(to, from, a1, a2, a3) \ + { \ + bn_cp_64(to, 0, from, (a3) - 3) \ + bn_cp_64(to, 1, from, (a2) - 3) \ + bn_cp_64(to, 2, from, (a1) - 3) \ + } int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) + BN_CTX *ctx) { int top = a->top, i; int carry; register BN_ULONG *r_d, *a_d = a->d; union { BN_ULONG bn[BN_NIST_192_TOP]; - unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; + unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) / sizeof(unsigned int)]; } buf; BN_ULONG c_d[BN_NIST_192_TOP], *res; static const BIGNUM ossl_bignum_nist_p_192_sqr = { @@ -388,11 +384,11 @@ r_d = a_d; nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, - BN_NIST_192_TOP); + BN_NIST_192_TOP); #if defined(NIST_INT64) { - NIST_INT64 acc; /* accumulator */ + NIST_INT64 acc; /* accumulator */ unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; @@ -444,13 +440,13 @@ nist_set_192(t_d, buf.bn, 4, 4, 0); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); nist_set_192(t_d, buf.bn, 5, 5, 5) - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + carry + += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); } #endif if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], - BN_NIST_192_TOP); + carry = (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], + BN_NIST_192_TOP); else carry = 1; @@ -470,30 +466,29 @@ return 1; } -typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *, - const BN_ULONG *, int); - -#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ - { \ - bn_cp_32(to, 0, from, (a7) - 7) \ - bn_cp_32(to, 1, from, (a6) - 7) \ - bn_cp_32(to, 2, from, (a5) - 7) \ - bn_cp_32(to, 3, from, (a4) - 7) \ - bn_cp_32(to, 4, from, (a3) - 7) \ - bn_cp_32(to, 5, from, (a2) - 7) \ - bn_cp_32(to, 6, from, (a1) - 7) \ - } +typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *, const BN_ULONG *, + const BN_ULONG *, int); + +#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ + { \ + bn_cp_32(to, 0, from, (a7) - 7) \ + bn_cp_32(to, 1, from, (a6) - 7) \ + bn_cp_32(to, 2, from, (a5) - 7) \ + bn_cp_32(to, 3, from, (a4) - 7) \ + bn_cp_32(to, 4, from, (a3) - 7) \ + bn_cp_32(to, 5, from, (a2) - 7) \ + bn_cp_32(to, 6, from, (a1) - 7) \ + } int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) + BN_CTX *ctx) { int top = a->top, i; int carry; BN_ULONG *r_d, *a_d = a->d; union { BN_ULONG bn[BN_NIST_224_TOP]; - unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; + unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) / sizeof(unsigned int)]; } buf; BN_ULONG c_d[BN_NIST_224_TOP], *res; bn_addsub_f adjust; @@ -524,22 +519,22 @@ } else r_d = a_d; -#if BN_BITS2==64 +#if BN_BITS2 == 64 /* copy upper 256 bits of 448 bit number ... */ nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1), - top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); + top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); /* ... and right shift by 32 to obtain upper 224 bits */ nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8); /* truncate lower part to 224 bits too */ r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l; #else nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, - BN_NIST_224_TOP); + BN_NIST_224_TOP); #endif -#if defined(NIST_INT64) && BN_BITS2!=64 +#if defined(NIST_INT64) && BN_BITS2 != 64 { - NIST_INT64 acc; /* accumulator */ + NIST_INT64 acc; /* accumulator */ unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; @@ -588,9 +583,9 @@ rp[6] = (unsigned int)acc; carry = (int)(acc >> 32); -# if BN_BITS2==64 +#if BN_BITS2 == 64 rp[7] = carry; -# endif +#endif } #else { @@ -605,17 +600,16 @@ nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); -# if BN_BITS2==64 +#if BN_BITS2 == 64 carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32); -# endif +#endif } #endif adjust = bn_sub_words; if (carry > 0) { - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], - BN_NIST_224_TOP); -#if BN_BITS2==64 + carry = (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], + BN_NIST_224_TOP); +#if BN_BITS2 == 64 carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1; #endif } else if (carry < 0) { @@ -626,15 +620,14 @@ * compared to the modulus and conditionally adjusted by * *subtracting* the latter. */ - carry = - (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], - BN_NIST_224_TOP); + carry = (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], + BN_NIST_224_TOP); adjust = carry ? bn_sub_words : bn_add_words; } else carry = 1; /* otherwise it's effectively same as in BN_nist_mod_192... */ - res = ((*adjust) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP) && carry) + res = ((*adjust)(c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP) && carry) ? r_d : c_d; nist_cp_bn(r_d, res, BN_NIST_224_TOP); @@ -644,28 +637,27 @@ return 1; } -#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ - { \ - bn_cp_32(to, 0, from, (a8) - 8) \ - bn_cp_32(to, 1, from, (a7) - 8) \ - bn_cp_32(to, 2, from, (a6) - 8) \ - bn_cp_32(to, 3, from, (a5) - 8) \ - bn_cp_32(to, 4, from, (a4) - 8) \ - bn_cp_32(to, 5, from, (a3) - 8) \ - bn_cp_32(to, 6, from, (a2) - 8) \ - bn_cp_32(to, 7, from, (a1) - 8) \ - } +#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ + { \ + bn_cp_32(to, 0, from, (a8) - 8) \ + bn_cp_32(to, 1, from, (a7) - 8) \ + bn_cp_32(to, 2, from, (a6) - 8) \ + bn_cp_32(to, 3, from, (a5) - 8) \ + bn_cp_32(to, 4, from, (a4) - 8) \ + bn_cp_32(to, 5, from, (a3) - 8) \ + bn_cp_32(to, 6, from, (a2) - 8) \ + bn_cp_32(to, 7, from, (a1) - 8) \ + } int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) + BN_CTX *ctx) { int i, top = a->top; int carry = 0; register BN_ULONG *a_d = a->d, *r_d; union { BN_ULONG bn[BN_NIST_256_TOP]; - unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; + unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) / sizeof(unsigned int)]; } buf; BN_ULONG c_d[BN_NIST_256_TOP], *res; bn_addsub_f adjust; @@ -697,11 +689,11 @@ r_d = a_d; nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, - BN_NIST_256_TOP); + BN_NIST_256_TOP); #if defined(NIST_INT64) { - NIST_INT64 acc; /* accumulator */ + NIST_INT64 acc; /* accumulator */ unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; @@ -850,24 +842,21 @@ */ nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - } #endif /* see BN_nist_mod_224 for explanation */ adjust = bn_sub_words; if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], - BN_NIST_256_TOP); + carry = (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], + BN_NIST_256_TOP); else if (carry < 0) { - carry = - (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], - BN_NIST_256_TOP); + carry = (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], + BN_NIST_256_TOP); adjust = carry ? bn_sub_words : bn_add_words; } else carry = 1; - res = ((*adjust) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP) && carry) + res = ((*adjust)(c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP) && carry) ? r_d : c_d; nist_cp_bn(r_d, res, BN_NIST_256_TOP); @@ -877,32 +866,31 @@ return 1; } -#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ - { \ - bn_cp_32(to, 0, from, (a12) - 12) \ - bn_cp_32(to, 1, from, (a11) - 12) \ - bn_cp_32(to, 2, from, (a10) - 12) \ - bn_cp_32(to, 3, from, (a9) - 12) \ - bn_cp_32(to, 4, from, (a8) - 12) \ - bn_cp_32(to, 5, from, (a7) - 12) \ - bn_cp_32(to, 6, from, (a6) - 12) \ - bn_cp_32(to, 7, from, (a5) - 12) \ - bn_cp_32(to, 8, from, (a4) - 12) \ - bn_cp_32(to, 9, from, (a3) - 12) \ - bn_cp_32(to, 10, from, (a2) - 12) \ - bn_cp_32(to, 11, from, (a1) - 12) \ - } +#define nist_set_384(to, from, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12) \ + { \ + bn_cp_32(to, 0, from, (a12) - 12) \ + bn_cp_32(to, 1, from, (a11) - 12) \ + bn_cp_32(to, 2, from, (a10) - 12) \ + bn_cp_32(to, 3, from, (a9) - 12) \ + bn_cp_32(to, 4, from, (a8) - 12) \ + bn_cp_32(to, 5, from, (a7) - 12) \ + bn_cp_32(to, 6, from, (a6) - 12) \ + bn_cp_32(to, 7, from, (a5) - 12) \ + bn_cp_32(to, 8, from, (a4) - 12) \ + bn_cp_32(to, 9, from, (a3) - 12) \ + bn_cp_32(to, 10, from, (a2) - 12) \ + bn_cp_32(to, 11, from, (a1) - 12) \ + } int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) + BN_CTX *ctx) { int i, top = a->top; int carry = 0; register BN_ULONG *r_d, *a_d = a->d; union { BN_ULONG bn[BN_NIST_384_TOP]; - unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; + unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) / sizeof(unsigned int)]; } buf; BN_ULONG c_d[BN_NIST_384_TOP], *res; bn_addsub_f adjust; @@ -934,11 +922,11 @@ r_d = a_d; nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, - BN_NIST_384_TOP); + BN_NIST_384_TOP); #if defined(NIST_INT64) { - NIST_INT64 acc; /* accumulator */ + NIST_INT64 acc; /* accumulator */ unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; @@ -1077,9 +1065,8 @@ } *ap = c; } - carry = - (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), - t_d, BN_NIST_256_TOP); + carry = (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), + t_d, BN_NIST_256_TOP); /* * S2 */ @@ -1088,13 +1075,13 @@ * S3 */ nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, - 21); + 21); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /* * S4 */ nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, - 0); + 0); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /* * S5 @@ -1110,7 +1097,7 @@ * D1 */ nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, - 23); + 23); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /* * D2 @@ -1122,24 +1109,21 @@ */ nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); - } #endif /* see BN_nist_mod_224 for explanation */ adjust = bn_sub_words; if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], - BN_NIST_384_TOP); + carry = (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], + BN_NIST_384_TOP); else if (carry < 0) { - carry = - (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], - BN_NIST_384_TOP); + carry = (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], + BN_NIST_384_TOP); adjust = carry ? bn_sub_words : bn_add_words; } else carry = 1; - res = ((*adjust) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP) && carry) + res = ((*adjust)(c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP) && carry) ? r_d : c_d; nist_cp_bn(r_d, res, BN_NIST_384_TOP); @@ -1149,12 +1133,12 @@ return 1; } -#define BN_NIST_521_RSHIFT (521%BN_BITS2) -#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) -#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) +#define BN_NIST_521_RSHIFT (521 % BN_BITS2) +#define BN_NIST_521_LSHIFT (BN_BITS2 - BN_NIST_521_RSHIFT) +#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2 >> BN_NIST_521_LSHIFT) int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) + BN_CTX *ctx) { int top = a->top, i; BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; @@ -1187,7 +1171,7 @@ /* upper 521 bits, copy ... */ nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1), - top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); + top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); /* ... and right shift */ for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { #if 0 @@ -1200,8 +1184,7 @@ val = t_d[i + 1]; t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; #else - t_d[i] = (val >> BN_NIST_521_RSHIFT | - (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; + t_d[i] = (val >> BN_NIST_521_RSHIFT | (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; val = tmp; #endif } @@ -1211,7 +1194,7 @@ bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); res = bn_sub_words(t_d, r_d, _nist_p_521, - BN_NIST_521_TOP) + BN_NIST_521_TOP) ? r_d : t_d; nist_cp_bn(r_d, res, BN_NIST_521_TOP); @@ -1221,8 +1204,9 @@ return 1; } -int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, - const BIGNUM *field, BN_CTX *ctx) { +int (*BN_nist_mod_func(const BIGNUM *p))(BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx) +{ if (BN_ucmp(&ossl_bignum_nist_p_192, p) == 0) return BN_nist_mod_192; if (BN_ucmp(&ossl_bignum_nist_p_224, p) == 0) --- crypto/openssl/crypto/bn/bn_ppc.c.orig +++ crypto/openssl/crypto/bn/bn_ppc.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,12 +13,12 @@ #include "bn_local.h" int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) + const BN_ULONG *np, const BN_ULONG *n0, int num) { int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); + const BN_ULONG *np, const BN_ULONG *n0, int num); int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); + const BN_ULONG *np, const BN_ULONG *n0, int num); if (num < 4) return 0; --- crypto/openssl/crypto/bn/bn_prime.c.orig +++ crypto/openssl/crypto/bn/bn_prime.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,19 +20,19 @@ #include "bn_prime.h" static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods, - BN_CTX *ctx); + BN_CTX *ctx); static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx); + const BIGNUM *add, const BIGNUM *rem, + BN_CTX *ctx); static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb); + int do_trial_division, BN_GENCB *cb); #define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x)) #if BN_BITS2 == 64 -# define BN_DEF(lo, hi) (BN_ULONG)hi<<32|lo +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo #else -# define BN_DEF(lo, hi) lo, hi +#define BN_DEF(lo, hi) lo, hi #endif /* @@ -121,8 +121,8 @@ } int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, - BN_CTX *ctx) + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx) { BIGNUM *t; int found = 0; @@ -154,7 +154,7 @@ t = BN_CTX_get(ctx); if (t == NULL) goto err; - loop: +loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { if (!probable_prime(ret, bits, safe, mods, ctx)) @@ -202,7 +202,7 @@ } /* we have a prime :-) */ found = 1; - err: +err: OPENSSL_free(mods); BN_CTX_end(ctx); bn_check_top(ret); @@ -211,7 +211,7 @@ #ifndef FIPS_MODULE int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) { BN_CTX *ctx = BN_CTX_new(); int retval; @@ -228,13 +228,13 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, - BN_GENCB *cb) + BN_GENCB *cb) { return ossl_bn_check_prime(a, checks, ctx_passed, 0, cb); } int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb) + int do_trial_division, BN_GENCB *cb) { return ossl_bn_check_prime(w, checks, ctx, do_trial_division, cb); } @@ -242,7 +242,7 @@ /* Wrapper around bn_is_prime_int that sets the minimum number of checks */ int ossl_bn_check_prime(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb) + int do_trial_division, BN_GENCB *cb) { int min_checks = bn_mr_min_checks(BN_num_bits(w)); @@ -264,7 +264,7 @@ * Returns 0 when composite, 1 when probable prime, -1 on error. */ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb) + int do_trial_division, BN_GENCB *cb) { int i, status, ret = -1; #ifndef FIPS_MODULE @@ -336,7 +336,7 @@ * returns 0 if there was an error, otherwise it returns 1. */ int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, - BN_GENCB *cb, int enhanced, int *status) + BN_GENCB *cb, int enhanced, int *status) { int i, j, a, ret = 0; BIGNUM *g, *w1, *w3, *x, *m, *z, *b; @@ -388,7 +388,7 @@ for (i = 0; i < iterations; ++i) { /* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */ if (!BN_priv_rand_range_ex(b, w3, 0, ctx) - || !BN_add_word(b, 2)) /* 1 < b < w-1 */ + || !BN_add_word(b, 2)) /* 1 < b < w-1 */ goto err; if (enhanced) { @@ -409,7 +409,7 @@ if (BN_is_one(z) || BN_cmp(z, w1) == 0) goto outer_loop; /* (Step 4.7) for j = 1 to a-1 */ - for (j = 1; j < a ; ++j) { + for (j = 1; j < a; ++j) { /* (Step 4.7.1 - 4.7.2) x = z. z = x^2 mod w */ if (!BN_copy(x, z) || !BN_mod_mul(z, x, x, w, ctx)) goto err; @@ -430,7 +430,7 @@ /* (Step 4.11) x = b^(w-1) mod w */ if (!BN_copy(x, z)) goto err; -composite: + composite: if (enhanced) { /* (Step 4.1.2) g = GCD(x-1, w) */ if (!BN_sub_word(x, 1) || !BN_gcd(g, x, w, ctx)) @@ -445,7 +445,7 @@ } ret = 1; goto err; -outer_loop: ; + outer_loop:; /* (Step 4.1.5) */ if (!BN_GENCB_call(cb, 1, i)) goto err; @@ -476,16 +476,16 @@ * Returns 1 on success and 0 on error. */ static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods, - BN_CTX *ctx) + BN_CTX *ctx) { int i; BN_ULONG delta; int trial_divisions = calc_trial_divisions(bits); BN_ULONG maxdelta = BN_MASK2 - primes[trial_divisions - 1]; - again: +again: if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, 0, - ctx)) + ctx)) return 0; if (safe && !BN_set_bit(rnd, 1)) return 0; @@ -494,10 +494,10 @@ BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); if (mod == (BN_ULONG)-1) return 0; - mods[i] = (prime_t) mod; + mods[i] = (prime_t)mod; } delta = 0; - loop: +loop: for (i = 1; i < trial_divisions; i++) { /* * check that rnd is a prime and also that @@ -507,7 +507,7 @@ * we check only the primes up to sqrt(rnd) */ if (bits <= 31 && delta <= 0x7fffffff - && square(primes[i]) > BN_get_word(rnd) + delta) + && square(primes[i]) > BN_get_word(rnd) + delta) break; if (safe ? (mods[i] + delta) % primes[i] <= 1 : (mods[i] + delta) % primes[i] == 0) { @@ -534,8 +534,8 @@ * Returns 1 on success and 0 on error. */ static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx) + const BIGNUM *add, const BIGNUM *rem, + BN_CTX *ctx) { int i, ret = 0; BIGNUM *t1; @@ -550,7 +550,7 @@ if (maxdelta > BN_MASK2 - BN_get_word(add)) maxdelta = BN_MASK2 - BN_get_word(add); - again: +again: if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, 0, ctx)) goto err; @@ -569,7 +569,7 @@ } if (BN_num_bits(rnd) < bits - || BN_get_word(rnd) < (safe ? 5u : 3u)) { + || BN_get_word(rnd) < (safe ? 5u : 3u)) { if (!BN_add(rnd, rnd, add)) goto err; } @@ -579,14 +579,14 @@ BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); if (mod == (BN_ULONG)-1) goto err; - mods[i] = (prime_t) mod; + mods[i] = (prime_t)mod; } delta = 0; - loop: +loop: for (i = 1; i < trial_divisions; i++) { /* check that rnd is a prime */ if (bits <= 31 && delta <= 0x7fffffff - && square(primes[i]) > BN_get_word(rnd) + delta) + && square(primes[i]) > BN_get_word(rnd) + delta) break; /* rnd mod p == 1 implies q = (rnd-1)/2 is divisible by p */ if (safe ? (mods[i] + delta) % primes[i] <= 1 @@ -601,7 +601,7 @@ goto err; ret = 1; - err: +err: BN_CTX_end(ctx); bn_check_top(rnd); return ret; --- crypto/openssl/crypto/bn/bn_print.c.orig +++ crypto/openssl/crypto/bn/bn_print.c @@ -49,7 +49,7 @@ } } ret = 1; - end: +end: return ret; } @@ -62,10 +62,10 @@ init++; #ifdef BN_LLONG BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)", - sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8); + sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8); #else BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)", - sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8); + sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8); #endif } return data; --- crypto/openssl/crypto/bn/bn_rand.c.orig +++ crypto/openssl/crypto/bn/bn_rand.c @@ -17,11 +17,13 @@ #include typedef enum bnrand_flag_e { - NORMAL, TESTING, PRIVATE + NORMAL, + TESTING, + PRIVATE } BNRAND_FLAG; static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom, - unsigned int strength, BN_CTX *ctx) + unsigned int strength, BN_CTX *ctx) { unsigned char *buf = NULL; int b, ret = 0, bit, bytes, mask; @@ -84,12 +86,12 @@ } } buf[0] &= ~mask; - if (bottom) /* set bottom bit if requested */ + if (bottom) /* set bottom bit if requested */ buf[bytes - 1] |= 1; if (!BN_bin2bn(buf, bytes, rnd)) goto err; ret = 1; - err: +err: OPENSSL_clear_free(buf, bytes); bn_check_top(rnd); return ret; @@ -100,7 +102,7 @@ } int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, - unsigned int strength, BN_CTX *ctx) + unsigned int strength, BN_CTX *ctx) { return bnrand(NORMAL, rnd, bits, top, bottom, strength, ctx); } @@ -117,7 +119,7 @@ #endif int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, - unsigned int strength, BN_CTX *ctx) + unsigned int strength, BN_CTX *ctx) { return bnrand(PRIVATE, rnd, bits, top, bottom, strength, ctx); } @@ -131,7 +133,7 @@ /* random number r: 0 <= r < range */ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range, - unsigned int strength, BN_CTX *ctx) + unsigned int strength, BN_CTX *ctx) { int n; int count = 100; @@ -146,7 +148,7 @@ return 0; } - n = BN_num_bits(range); /* n > 0 */ + n = BN_num_bits(range); /* n > 0 */ /* BN_is_bit_set(range, n - 1) always holds */ @@ -159,7 +161,7 @@ */ do { if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, - strength, ctx)) + strength, ctx)) return 0; /* @@ -181,21 +183,19 @@ return 0; } - } - while (BN_cmp(r, range) >= 0); + } while (BN_cmp(r, range) >= 0); } else { do { /* range = 11..._2 or range = 101..._2 */ if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, - strength, ctx)) + strength, ctx)) return 0; if (!--count) { ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS); return 0; } - } - while (BN_cmp(r, range) >= 0); + } while (BN_cmp(r, range) >= 0); } bn_check_top(r); @@ -203,7 +203,7 @@ } int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength, - BN_CTX *ctx) + BN_CTX *ctx) { return bnrand_range(NORMAL, r, range, strength, ctx); } @@ -216,7 +216,7 @@ #endif int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength, - BN_CTX *ctx) + BN_CTX *ctx) { return bnrand_range(PRIVATE, r, range, strength, ctx); } @@ -227,7 +227,7 @@ return bnrand_range(PRIVATE, r, range, 0, NULL); } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) { return BN_rand(rnd, bits, top, bottom); @@ -237,11 +237,11 @@ { return BN_rand_range(r, range); } -# endif +#endif #endif int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range, - unsigned int strength, BN_CTX *ctx) + unsigned int strength, BN_CTX *ctx) { int n; int count = 100; @@ -256,7 +256,7 @@ return 0; } - n = BN_num_bits(range); /* n > 0 */ + n = BN_num_bits(range); /* n > 0 */ /* BN_is_bit_set(range, n - 1) always holds */ @@ -266,7 +266,7 @@ BN_set_flags(r, BN_FLG_CONSTTIME); do { if (!bnrand(PRIVATE, r, n + 1, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, - strength, ctx)) + strength, ctx)) return 0; if (!--count) { @@ -274,8 +274,7 @@ return 0; } ossl_bn_mask_bits_fixed_top(r, n); - } - while (BN_ucmp(r, range) >= 0); + } while (BN_ucmp(r, range) >= 0); #ifdef BN_DEBUG /* With BN_DEBUG on a fixed top number cannot be returned */ bn_correct_top(r); @@ -294,9 +293,9 @@ * used. */ int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range, - const BIGNUM *priv, - const unsigned char *message, - size_t message_len, BN_CTX *ctx) + const BIGNUM *priv, + const unsigned char *message, + size_t message_len, BN_CTX *ctx) { EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); /* @@ -310,7 +309,7 @@ const unsigned num_k_bytes = BN_num_bytes(range) + 1; unsigned char private_bytes[96]; unsigned char *k_bytes = NULL; - const int max_n = 64; /* Pr(failure to generate) < 2^max_n */ + const int max_n = 64; /* Pr(failure to generate) < 2^max_n */ int n; int ret = 0; EVP_MD *md = NULL; @@ -346,17 +345,18 @@ for (done = 1; done < num_k_bytes;) { if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), - 0) <= 0) + 0) + <= 0) goto end; if (!EVP_DigestInit_ex(mdctx, md, NULL) - || !EVP_DigestUpdate(mdctx, &i, sizeof(i)) - || !EVP_DigestUpdate(mdctx, private_bytes, - sizeof(private_bytes)) - || !EVP_DigestUpdate(mdctx, message, message_len) - || !EVP_DigestUpdate(mdctx, random_bytes, - sizeof(random_bytes)) - || !EVP_DigestFinal_ex(mdctx, digest, NULL)) + || !EVP_DigestUpdate(mdctx, &i, sizeof(i)) + || !EVP_DigestUpdate(mdctx, private_bytes, + sizeof(private_bytes)) + || !EVP_DigestUpdate(mdctx, message, message_len) + || !EVP_DigestUpdate(mdctx, random_bytes, + sizeof(random_bytes)) + || !EVP_DigestFinal_ex(mdctx, digest, NULL)) goto end; todo = num_k_bytes - done; @@ -386,7 +386,7 @@ /* Failed to generate anything */ ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); - end: +end: EVP_MD_CTX_free(mdctx); EVP_MD_free(md); OPENSSL_clear_free(k_bytes, num_k_bytes); @@ -397,13 +397,13 @@ } int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, - const BIGNUM *priv, const unsigned char *message, - size_t message_len, BN_CTX *ctx) + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx) { int ret; ret = ossl_bn_gen_dsa_nonce_fixed_top(out, range, priv, message, - message_len, ctx); + message_len, ctx); /* * This call makes the BN_generate_dsa_nonce non-const-time, thus we * do not use it internally. But fixed_top BNs currently cannot be returned --- crypto/openssl/crypto/bn/bn_recp.c.orig +++ crypto/openssl/crypto/bn/bn_recp.c @@ -53,7 +53,7 @@ } int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, - BN_RECP_CTX *recp, BN_CTX *ctx) + BN_RECP_CTX *recp, BN_CTX *ctx) { int ret = 0; BIGNUM *a; @@ -72,17 +72,17 @@ } ca = a; } else - ca = x; /* Just do the mod */ + ca = x; /* Just do the mod */ ret = BN_div_recp(NULL, r, ca, recp, ctx); - err: +err: BN_CTX_end(ctx); bn_check_top(r); return ret; } int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx) + BN_RECP_CTX *recp, BN_CTX *ctx) { int i, j, ret = 0; BIGNUM *a, *b, *d, *r; @@ -158,7 +158,7 @@ r->neg = BN_is_zero(r) ? 0 : m->neg; d->neg = m->neg ^ recp->N.neg; ret = 1; - err: +err: BN_CTX_end(ctx); bn_check_top(dv); bn_check_top(rem); @@ -187,7 +187,7 @@ goto err; ret = len; - err: +err: bn_check_top(r); BN_CTX_end(ctx); return ret; --- crypto/openssl/crypto/bn/bn_rsa_fips186_4.c.orig +++ crypto/openssl/crypto/bn/bn_rsa_fips186_4.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -29,9 +29,9 @@ #include "internal/nelem.h" #if BN_BITS2 == 64 -# define BN_DEF(lo, hi) (BN_ULONG)hi<<32|lo +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo #else -# define BN_DEF(lo, hi) lo, hi +#define BN_DEF(lo, hi) lo, hi #endif /* 1 / sqrt(2) * 2^256, rounded up */ @@ -101,8 +101,8 @@ * Returns: 1 on success otherwise it returns 0. */ static int bn_rsa_fips186_4_find_aux_prob_prime(const BIGNUM *Xp1, - BIGNUM *p1, BN_CTX *ctx, - BN_GENCB *cb) + BIGNUM *p1, BN_CTX *ctx, + BN_GENCB *cb) { int ret = 0; int i = 0; @@ -113,7 +113,7 @@ BN_set_flags(p1, BN_FLG_CONSTTIME); /* Find the first odd number >= Xp1 that is probably prime */ - for(;;) { + for (;;) { i++; BN_GENCB_call(cb, 0, i); /* MR test with trial division */ @@ -152,11 +152,11 @@ * Returns: 1 on success otherwise it returns 0. */ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout, - BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, - const BIGNUM *Xp2, int nlen, - const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) + BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, int nlen, + const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb) { int ret = 0; BIGNUM *p1i = NULL, *p2i = NULL, *Xp1i = NULL, *Xp2i = NULL; @@ -182,28 +182,27 @@ if (Xp1 == NULL) { /* Set the top and bottom bits to make it odd and the correct size */ if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, - 0, ctx)) + 0, ctx)) goto err; } /* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */ if (Xp2 == NULL) { /* Set the top and bottom bits to make it odd and the correct size */ if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, - 0, ctx)) + 0, ctx)) goto err; } /* (Steps 4.2/5.2) - find first auxiliary probable primes */ if (!bn_rsa_fips186_4_find_aux_prob_prime(Xp1i, p1i, ctx, cb) - || !bn_rsa_fips186_4_find_aux_prob_prime(Xp2i, p2i, ctx, cb)) + || !bn_rsa_fips186_4_find_aux_prob_prime(Xp2i, p2i, ctx, cb)) goto err; /* (Table B.1) auxiliary prime Max length check */ - if ((BN_num_bits(p1i) + BN_num_bits(p2i)) >= - bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(nlen)) + if ((BN_num_bits(p1i) + BN_num_bits(p2i)) >= bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(nlen)) goto err; /* (Steps 4.3/5.3) - generate prime */ if (!ossl_bn_rsa_fips186_4_derive_prime(p, Xpout, Xp, p1i, p2i, nlen, e, - ctx, cb)) + ctx, cb)) goto err; ret = 1; err: @@ -242,9 +241,9 @@ * Y, X, r1, r2, e are not NULL. */ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin, - const BIGNUM *r1, const BIGNUM *r2, - int nlen, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) + const BIGNUM *r1, const BIGNUM *r2, + int nlen, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb) { int ret = 0; int i, imax; @@ -280,7 +279,7 @@ if (bits < BN_num_bits(&ossl_bn_inv_sqrt_2)) goto err; if (!BN_lshift(base, &ossl_bn_inv_sqrt_2, - bits - BN_num_bits(&ossl_bn_inv_sqrt_2)) + bits - BN_num_bits(&ossl_bn_inv_sqrt_2)) || !BN_lshift(range, BN_value_one(), bits) || !BN_sub(range, range, base)) goto err; @@ -337,8 +336,8 @@ /* (Step 7) If GCD(Y-1) == 1 & Y is probably prime then return Y */ if (BN_copy(y1, Y) == NULL - || !BN_sub_word(y1, 1) - || !BN_gcd(tmp, y1, e, ctx)) + || !BN_sub_word(y1, 1) + || !BN_gcd(tmp, y1, e, ctx)) goto err; if (BN_is_one(tmp)) { int rv = BN_check_prime(Y, ctx, cb); --- crypto/openssl/crypto/bn/bn_shift.c.orig +++ crypto/openssl/crypto/bn/bn_shift.c @@ -120,8 +120,8 @@ if (a->top != 0) { lb = (unsigned int)n % BN_BITS2; rb = BN_BITS2 - lb; - rb %= BN_BITS2; /* say no to undefined behaviour */ - rmask = (BN_ULONG)0 - rb; /* rmask = 0 - (rb != 0) */ + rb %= BN_BITS2; /* say no to undefined behaviour */ + rmask = (BN_ULONG)0 - rb; /* rmask = 0 - (rb != 0) */ rmask |= rmask >> 8; f = &(a->d[0]); t = &(r->d[nw]); @@ -191,8 +191,8 @@ rb = (unsigned int)n % BN_BITS2; lb = BN_BITS2 - rb; - lb %= BN_BITS2; /* say no to undefined behaviour */ - mask = (BN_ULONG)0 - lb; /* mask = 0 - (lb != 0) */ + lb %= BN_BITS2; /* say no to undefined behaviour */ + mask = (BN_ULONG)0 - lb; /* mask = 0 - (lb != 0) */ mask |= mask >> 8; top = a->top - nw; if (r != a && bn_wexpand(r, top) == NULL) --- crypto/openssl/crypto/bn/bn_sparc.c.orig +++ crypto/openssl/crypto/bn/bn_sparc.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,66 +11,61 @@ #include #include "internal/cryptlib.h" #include "crypto/sparc_arch.h" -#include "bn_local.h" /* for definition of bn_mul_mont */ +#include "bn_local.h" /* for definition of bn_mul_mont */ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) + const BN_ULONG *np, const BN_ULONG *n0, int num) { int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); + const BN_ULONG *np, const BN_ULONG *n0, int num); int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); + const BN_ULONG *np, const BN_ULONG *n0, int num); int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); + const BN_ULONG *np, const BN_ULONG *n0, int num); if (!(num & 1) && num >= 6) { - if ((num & 15) == 0 && num <= 64 && - (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) == - (CFR_MONTMUL | CFR_MONTSQR)) { - typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, - const BN_ULONG *np, - const BN_ULONG *n0); + if ((num & 15) == 0 && num <= 64 && (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) == (CFR_MONTMUL | CFR_MONTSQR)) { + typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, + const BN_ULONG *bp, + const BN_ULONG *np, + const BN_ULONG *n0); int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0); + const BN_ULONG *bp, const BN_ULONG *np, + const BN_ULONG *n0); int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0); + const BN_ULONG *bp, const BN_ULONG *np, + const BN_ULONG *n0); int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0); + const BN_ULONG *bp, const BN_ULONG *np, + const BN_ULONG *n0); int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0); + const BN_ULONG *bp, const BN_ULONG *np, + const BN_ULONG *n0); static const bn_mul_mont_f funcs[4] = { bn_mul_mont_t4_8, bn_mul_mont_t4_16, bn_mul_mont_t4_24, bn_mul_mont_t4_32 }; bn_mul_mont_f worker = funcs[num / 16 - 1]; - if ((*worker) (rp, ap, bp, np, n0)) + if ((*worker)(rp, ap, bp, np, n0)) return 1; /* retry once and fall back */ - if ((*worker) (rp, ap, bp, np, n0)) + if ((*worker)(rp, ap, bp, np, n0)) return 1; return bn_mul_mont_vis3(rp, ap, bp, np, n0, num); } if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3)) return bn_mul_mont_vis3(rp, ap, bp, np, n0, num); else if (num >= 8 && - /* - * bn_mul_mont_fpu doesn't use FMADD, we just use the - * flag to detect when FPU path is preferable in cases - * when current heuristics is unreliable. [it works - * out because FMADD-capable processors where FPU - * code path is undesirable are also VIS3-capable and - * VIS3 code path takes precedence.] - */ - ( (OPENSSL_sparcv9cap_P[0] & SPARCV9_FMADD) || - (OPENSSL_sparcv9cap_P[0] & - (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) == - (SPARCV9_PREFER_FPU | SPARCV9_VIS1) )) + /* + * bn_mul_mont_fpu doesn't use FMADD, we just use the + * flag to detect when FPU path is preferable in cases + * when current heuristics is unreliable. [it works + * out because FMADD-capable processors where FPU + * code path is undesirable are also VIS3-capable and + * VIS3 code path takes precedence.] + */ + ((OPENSSL_sparcv9cap_P[0] & SPARCV9_FMADD) || (OPENSSL_sparcv9cap_P[0] & (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) == (SPARCV9_PREFER_FPU | SPARCV9_VIS1))) return bn_mul_mont_fpu(rp, ap, bp, np, n0, num); } return bn_mul_mont_int(rp, ap, bp, np, n0, num); --- crypto/openssl/crypto/bn/bn_sqr.c.orig +++ crypto/openssl/crypto/bn/bn_sqr.c @@ -45,7 +45,7 @@ if (rr == NULL || tmp == NULL) goto err; - max = 2 * al; /* Non-zero (from above) */ + max = 2 * al; /* Non-zero (from above) */ if (bn_wexpand(rr, max) == NULL) goto err; @@ -98,7 +98,7 @@ goto err; ret = 1; - err: +err: bn_check_top(rr); bn_check_top(tmp); BN_CTX_end(ctx); @@ -160,18 +160,18 @@ BN_ULONG ln, lo, *p; if (n2 == 4) { -# ifndef BN_SQR_COMBA +#ifndef BN_SQR_COMBA bn_sqr_normal(r, a, 4, t); -# else +#else bn_sqr_comba4(r, a); -# endif +#endif return; } else if (n2 == 8) { -# ifndef BN_SQR_COMBA +#ifndef BN_SQR_COMBA bn_sqr_normal(r, a, 8, t); -# else +#else bn_sqr_comba8(r, a); -# endif +#endif return; } if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) { --- crypto/openssl/crypto/bn/bn_sqrt.c.orig +++ crypto/openssl/crypto/bn/bn_sqrt.c @@ -171,7 +171,7 @@ * find some y that is not a square. */ if (!BN_copy(q, p)) - goto end; /* use 'q' as temp */ + goto end; /* use 'q' as temp */ q->neg = 0; i = 2; do { @@ -186,7 +186,7 @@ if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, 0, ctx)) goto end; if (BN_ucmp(y, p) >= 0) { - if (!(p->neg ? BN_add : BN_sub) (y, y, p)) + if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end; } /* now 0 <= y < |p| */ @@ -203,8 +203,7 @@ ERR_raise(ERR_LIB_BN, BN_R_P_IS_NOT_PRIME); goto end; } - } - while (r == 1 && ++i < 82); + } while (r == 1 && ++i < 82); if (r != -1) { /* @@ -255,7 +254,7 @@ goto end; /* x := a^((q-1)/2) */ - if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */ + if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */ if (!BN_nnmod(t, A, p, ctx)) goto end; if (BN_is_zero(t)) { @@ -339,7 +338,7 @@ e = i; } - vrfy: +vrfy: if (!err) { /* * verify the result -- the input might have been not a square (test @@ -355,7 +354,7 @@ } } - end: +end: if (err) { if (ret != in) BN_clear_free(ret); --- crypto/openssl/crypto/bn/bn_srp.c.orig +++ crypto/openssl/crypto/bn/bn_srp.c @@ -15,19 +15,19 @@ #include #include "crypto/bn_srp.h" -# if (BN_BYTES == 8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) -# elif defined(__arch64__) -# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) -# else -# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) -# endif -# elif (BN_BYTES == 4) -# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) -# else -# error "unsupported BN_BYTES" -# endif +#if (BN_BYTES == 8) +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +#define bn_pack4(a1, a2, a3, a4) ((a1##UI64 << 48) | (a2##UI64 << 32) | (a3##UI64 << 16) | a4##UI64) +#elif defined(__arch64__) +#define bn_pack4(a1, a2, a3, a4) ((a1##UL << 48) | (a2##UL << 32) | (a3##UL << 16) | a4##UL) +#else +#define bn_pack4(a1, a2, a3, a4) ((a1##ULL << 48) | (a2##ULL << 32) | (a3##ULL << 16) | a4##ULL) +#endif +#elif (BN_BYTES == 4) +#define bn_pack4(a1, a2, a3, a4) ((a3##UL << 16) | a4##UL), ((a1##UL << 16) | a2##UL) +#else +#error "unsupported BN_BYTES" +#endif static const BN_ULONG bn_group_1024_value[] = { bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3), --- crypto/openssl/crypto/bn/bn_word.c.orig +++ crypto/openssl/crypto/bn/bn_word.c @@ -51,8 +51,7 @@ ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w; ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w; #else - ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) % - (BN_ULLONG) w); + ret = (BN_ULLONG)(((ret << (BN_ULLONG)BN_BITS2) | a->d[i]) % (BN_ULLONG)w); #endif } return (BN_ULONG)ret; --- crypto/openssl/crypto/bn/bn_x931p.c.orig +++ crypto/openssl/crypto/bn/bn_x931p.c @@ -21,7 +21,7 @@ */ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, - BN_GENCB *cb) + BN_GENCB *cb) { int i = 0, is_prime; if (!BN_copy(pi, Xpi)) @@ -51,9 +51,9 @@ */ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, - const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb) { int ret = 0; @@ -147,7 +147,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); @@ -176,7 +176,7 @@ * exceeded. */ if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0, - ctx)) + ctx)) return 0; BN_CTX_start(ctx); @@ -186,7 +186,7 @@ for (i = 0; i < 1000; i++) { if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0, - ctx)) + ctx)) goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ @@ -203,7 +203,7 @@ return 0; - err: +err: BN_CTX_end(ctx); return 0; } @@ -217,9 +217,9 @@ */ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - BIGNUM *Xp1, BIGNUM *Xp2, - const BIGNUM *Xp, - const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) + BIGNUM *Xp1, BIGNUM *Xp2, + const BIGNUM *Xp, + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) { int ret = 0; @@ -240,9 +240,8 @@ ret = 1; - error: +error: BN_CTX_end(ctx); return ret; - } --- crypto/openssl/crypto/bn/rsaz_exp.c.orig +++ crypto/openssl/crypto/bn/rsaz_exp.c @@ -24,23 +24,23 @@ */ void rsaz_1024_norm2red_avx2(void *red, const void *norm); void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b, - const void *n, BN_ULONG k); + const void *n, BN_ULONG k); void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); + int cnt); void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i); void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i); void rsaz_1024_red2norm_avx2(void *norm, const void *red); #if defined(__GNUC__) -# define ALIGN64 __attribute__((aligned(64))) +#define ALIGN64 __attribute__((aligned(64))) #elif defined(_MSC_VER) -# define ALIGN64 __declspec(align(64)) +#define ALIGN64 __declspec(align(64)) #elif defined(__SUNPRO_C) -# define ALIGN64 -# pragma align 64(one,two80) +#define ALIGN64 +#pragma align 64(one, two80) #else /* not fatal, might hurt performance a little */ -# define ALIGN64 +#define ALIGN64 #endif ALIGN64 static const BN_ULONG one[40] = { @@ -54,10 +54,10 @@ }; void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], - const BN_ULONG base_norm[16], - const BN_ULONG exponent[16], - const BN_ULONG m_norm[16], const BN_ULONG RR[16], - BN_ULONG k0) + const BN_ULONG base_norm[16], + const BN_ULONG exponent[16], + const BN_ULONG m_norm[16], const BN_ULONG RR[16], + BN_ULONG k0) { unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */ unsigned char *p_str = storage + (64 - ((size_t)storage % 64)); @@ -71,9 +71,9 @@ if ((((size_t)p_str & 4095) + 320) >> 12) { result = p_str; a_inv = p_str + 320; - m = p_str + 320 * 2; /* should not cross page */ + m = p_str + 320 * 2; /* should not cross page */ } else { - m = p_str; /* should not cross page */ + m = p_str; /* should not cross page */ result = p_str + 320; a_inv = p_str + 320 * 2; } @@ -213,7 +213,7 @@ index = 1014; - while (index > -1) { /* loop for the remaining 127 windows */ + while (index > -1) { /* loop for the remaining 127 windows */ rsaz_1024_sqr_avx2(result, result, m, k0, 5); @@ -248,20 +248,20 @@ * See crypto/bn/rsaz-x86_64.pl for further details. */ void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n, - BN_ULONG k); + BN_ULONG k); void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n, - BN_ULONG k, const void *tbl, unsigned int power); + BN_ULONG k, const void *tbl, unsigned int power); void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl, - const void *n, BN_ULONG k, unsigned int power); + const void *n, BN_ULONG k, unsigned int power); void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k); void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); + int cnt); void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power); void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power); void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base[8], const BN_ULONG exponent[8], - const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8]) + const BN_ULONG base[8], const BN_ULONG exponent[8], + const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8]) { unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */ unsigned char *table = storage + (64 - ((size_t)storage % 64)); --- crypto/openssl/crypto/bn/rsaz_exp.h.orig +++ crypto/openssl/crypto/bn/rsaz_exp.h @@ -13,50 +13,47 @@ */ #ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H -# define OSSL_CRYPTO_BN_RSAZ_EXP_H +#define OSSL_CRYPTO_BN_RSAZ_EXP_H -# undef RSAZ_ENABLED -# if defined(OPENSSL_BN_ASM_MONT) && \ - (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) -# define RSAZ_ENABLED +#undef RSAZ_ENABLED +#if defined(OPENSSL_BN_ASM_MONT) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) +#define RSAZ_ENABLED -# include -# include "internal/constant_time.h" -# include "bn_local.h" +#include +#include "internal/constant_time.h" +#include "bn_local.h" void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], - const BN_ULONG base_norm[16], - const BN_ULONG exponent[16], - const BN_ULONG m_norm[16], const BN_ULONG RR[16], - BN_ULONG k0); + const BN_ULONG base_norm[16], + const BN_ULONG exponent[16], + const BN_ULONG m_norm[16], const BN_ULONG RR[16], + BN_ULONG k0); int rsaz_avx2_eligible(void); void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base_norm[8], const BN_ULONG exponent[8], - const BN_ULONG m_norm[8], BN_ULONG k0, - const BN_ULONG RR[8]); - + const BN_ULONG base_norm[8], const BN_ULONG exponent[8], + const BN_ULONG m_norm[8], BN_ULONG k0, + const BN_ULONG RR[8]); int ossl_rsaz_avx512ifma_eligible(void); int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1, - const BN_ULONG *base1, - const BN_ULONG *exponent1, - const BN_ULONG *m1, - const BN_ULONG *RR1, - BN_ULONG k0_1, - BN_ULONG *res2, - const BN_ULONG *base2, - const BN_ULONG *exponent2, - const BN_ULONG *m2, - const BN_ULONG *RR2, - BN_ULONG k0_2, - int factor_size); + const BN_ULONG *base1, + const BN_ULONG *exponent1, + const BN_ULONG *m1, + const BN_ULONG *RR1, + BN_ULONG k0_1, + BN_ULONG *res2, + const BN_ULONG *base2, + const BN_ULONG *exponent2, + const BN_ULONG *m2, + const BN_ULONG *RR2, + BN_ULONG k0_2, + int factor_size); static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask, - const BN_ULONG *a, - const BN_ULONG *b, size_t num) + const BN_ULONG *a, + const BN_ULONG *b, size_t num) { size_t i; @@ -66,15 +63,15 @@ } static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r, - BN_ULONG carry, - const BN_ULONG *m, - BN_ULONG *tmp, size_t num) + BN_ULONG carry, + const BN_ULONG *m, + BN_ULONG *tmp, size_t num) { carry -= bn_sub_words(tmp, r, m, num); bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num); return carry; } -# endif +#endif #endif --- crypto/openssl/crypto/bn/rsaz_exp_x2.c.orig +++ crypto/openssl/crypto/bn/rsaz_exp_x2.c @@ -20,32 +20,32 @@ #ifndef RSAZ_ENABLED NON_EMPTY_TRANSLATION_UNIT #else -# include -# include - -# if defined(__GNUC__) -# define ALIGN64 __attribute__((aligned(64))) -# elif defined(_MSC_VER) -# define ALIGN64 __declspec(align(64)) -# else -# define ALIGN64 -# endif - -# define ALIGN_OF(ptr, boundary) \ +#include +#include + +#if defined(__GNUC__) +#define ALIGN64 __attribute__((aligned(64))) +#elif defined(_MSC_VER) +#define ALIGN64 __declspec(align(64)) +#else +#define ALIGN64 +#endif + +#define ALIGN_OF(ptr, boundary) \ ((unsigned char *)(ptr) + (boundary - (((size_t)(ptr)) & (boundary - 1)))) /* Internal radix */ -# define DIGIT_SIZE (52) +#define DIGIT_SIZE (52) /* 52-bit mask */ -# define DIGIT_MASK ((uint64_t)0xFFFFFFFFFFFFF) +#define DIGIT_MASK ((uint64_t)0xFFFFFFFFFFFFF) -# define BITS2WORD8_SIZE(x) (((x) + 7) >> 3) -# define BITS2WORD64_SIZE(x) (((x) + 63) >> 6) +#define BITS2WORD8_SIZE(x) (((x) + 7) >> 3) +#define BITS2WORD64_SIZE(x) (((x) + 63) >> 6) static ossl_inline uint64_t get_digit52(const uint8_t *in, int in_len); static ossl_inline void put_digit52(uint8_t *out, int out_len, uint64_t digit); static void to_words52(BN_ULONG *out, int out_len, const BN_ULONG *in, - int in_bitsize); + int in_bitsize); static void from_words52(BN_ULONG *bn_out, int out_bitsize, const BN_ULONG *in); static ossl_inline void set_bit(BN_ULONG *a, int idx); @@ -56,10 +56,10 @@ } typedef void (*AMM52)(BN_ULONG *res, const BN_ULONG *base, - const BN_ULONG *exp, const BN_ULONG *m, BN_ULONG k0); + const BN_ULONG *exp, const BN_ULONG *m, BN_ULONG k0); typedef void (*EXP52_x2)(BN_ULONG *res, const BN_ULONG *base, - const BN_ULONG *exp[2], const BN_ULONG *m, - const BN_ULONG *rr, const BN_ULONG k0[2]); + const BN_ULONG *exp[2], const BN_ULONG *m, + const BN_ULONG *rr, const BN_ULONG k0[2]); /* * For details of the methods declared below please refer to @@ -75,17 +75,17 @@ /*AMM = Almost Montgomery Multiplication. */ void ossl_rsaz_amm52x20_x1_256(BN_ULONG *res, const BN_ULONG *base, - const BN_ULONG *exp, const BN_ULONG *m, - BN_ULONG k0); + const BN_ULONG *exp, const BN_ULONG *m, + BN_ULONG k0); static void RSAZ_exp52x20_x2_256(BN_ULONG *res, const BN_ULONG *base, - const BN_ULONG *exp[2], const BN_ULONG *m, - const BN_ULONG *rr, const BN_ULONG k0[2]); + const BN_ULONG *exp[2], const BN_ULONG *m, + const BN_ULONG *rr, const BN_ULONG k0[2]); void ossl_rsaz_amm52x20_x2_256(BN_ULONG *out, const BN_ULONG *a, - const BN_ULONG *b, const BN_ULONG *m, - const BN_ULONG k0[2]); + const BN_ULONG *b, const BN_ULONG *m, + const BN_ULONG k0[2]); void ossl_extract_multiplier_2x20_win5(BN_ULONG *red_Y, - const BN_ULONG *red_table, - int red_table_idx, int tbl_idx); + const BN_ULONG *red_table, + int red_table_idx, int tbl_idx); /* * Dual Montgomery modular exponentiation using prime moduli of the @@ -114,18 +114,18 @@ * 1 in case of success. */ int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1, - const BN_ULONG *base1, - const BN_ULONG *exp1, - const BN_ULONG *m1, - const BN_ULONG *rr1, - BN_ULONG k0_1, - BN_ULONG *res2, - const BN_ULONG *base2, - const BN_ULONG *exp2, - const BN_ULONG *m2, - const BN_ULONG *rr2, - BN_ULONG k0_2, - int factor_size) + const BN_ULONG *base1, + const BN_ULONG *exp1, + const BN_ULONG *m1, + const BN_ULONG *rr1, + BN_ULONG k0_1, + BN_ULONG *res2, + const BN_ULONG *base2, + const BN_ULONG *exp2, + const BN_ULONG *m2, + const BN_ULONG *rr2, + BN_ULONG k0_2, + int factor_size) { int ret = 0; @@ -147,8 +147,8 @@ /* Dual (2-exps in parallel) exponentiation */ EXP52_x2 exp_x2 = NULL; - const BN_ULONG *exp[2] = {0}; - BN_ULONG k0[2] = {0}; + const BN_ULONG *exp[2] = { 0 }; + BN_ULONG k0[2] = { 0 }; /* Only 1024-bit factor size is supported now */ switch (factor_size) { @@ -168,10 +168,10 @@ /* Memory layout for red(undant) representations */ base1_red = storage_aligned; base2_red = storage_aligned + 1 * exp_digits; - m1_red = storage_aligned + 2 * exp_digits; - m2_red = storage_aligned + 3 * exp_digits; - rr1_red = storage_aligned + 4 * exp_digits; - rr2_red = storage_aligned + 5 * exp_digits; + m1_red = storage_aligned + 2 * exp_digits; + m2_red = storage_aligned + 3 * exp_digits; + rr1_red = storage_aligned + 4 * exp_digits; + rr2_red = storage_aligned + 5 * exp_digits; coeff_red = storage_aligned + 6 * exp_digits; /* Convert base_i, m_i, rr_i, from regular to 52-bit radix */ @@ -202,11 +202,11 @@ /* (1) in reduced domain representation */ set_bit(coeff_red, 64 * (int)(coeff_pow / 52) + coeff_pow % 52); - amm(rr1_red, rr1_red, rr1_red, m1_red, k0_1); /* (2) for m1 */ - amm(rr1_red, rr1_red, coeff_red, m1_red, k0_1); /* (3) for m1 */ + amm(rr1_red, rr1_red, rr1_red, m1_red, k0_1); /* (2) for m1 */ + amm(rr1_red, rr1_red, coeff_red, m1_red, k0_1); /* (3) for m1 */ - amm(rr2_red, rr2_red, rr2_red, m2_red, k0_2); /* (2) for m2 */ - amm(rr2_red, rr2_red, coeff_red, m2_red, k0_2); /* (3) for m2 */ + amm(rr2_red, rr2_red, rr2_red, m2_red, k0_2); /* (2) for m2 */ + amm(rr2_red, rr2_red, coeff_red, m2_red, k0_2); /* (3) for m2 */ exp[0] = exp1; exp[1] = exp2; @@ -254,29 +254,29 @@ * * \return (void). */ -static void RSAZ_exp52x20_x2_256(BN_ULONG *out, /* [2][20] */ - const BN_ULONG *base, /* [2][20] */ - const BN_ULONG *exp[2], /* 2x16 */ - const BN_ULONG *m, /* [2][20] */ - const BN_ULONG *rr, /* [2][20] */ - const BN_ULONG k0[2]) +static void RSAZ_exp52x20_x2_256(BN_ULONG *out, /* [2][20] */ + const BN_ULONG *base, /* [2][20] */ + const BN_ULONG *exp[2], /* 2x16 */ + const BN_ULONG *m, /* [2][20] */ + const BN_ULONG *rr, /* [2][20] */ + const BN_ULONG k0[2]) { -# define BITSIZE_MODULUS (1024) -# define EXP_WIN_SIZE (5) -# define EXP_WIN_MASK ((1U << EXP_WIN_SIZE) - 1) +#define BITSIZE_MODULUS (1024) +#define EXP_WIN_SIZE (5) +#define EXP_WIN_MASK ((1U << EXP_WIN_SIZE) - 1) /* * Number of digits (64-bit words) in redundant representation to handle * modulus bits */ -# define RED_DIGITS (20) -# define EXP_DIGITS (16) -# define DAMM ossl_rsaz_amm52x20_x2_256 +#define RED_DIGITS (20) +#define EXP_DIGITS (16) +#define DAMM ossl_rsaz_amm52x20_x2_256 /* * Squaring is done using multiplication now. That can be a subject of * optimization in future. */ -# define DAMS(r,a,m,k0) \ - ossl_rsaz_amm52x20_x2_256((r),(a),(a),(m),(k0)) +#define DAMS(r, a, m, k0) \ + ossl_rsaz_amm52x20_x2_256((r), (a), (a), (m), (k0)) /* Allocate stack for red(undant) result Y and multiplier X */ ALIGN64 BN_ULONG red_Y[2][RED_DIGITS]; @@ -301,8 +301,8 @@ */ red_X[0][0] = 1; red_X[1][0] = 1; - DAMM(red_table[0][0], (const BN_ULONG*)red_X, rr, m, k0); - DAMM(red_table[1][0], base, rr, m, k0); + DAMM(red_table[0][0], (const BN_ULONG *)red_X, rr, m, k0); + DAMM(red_table[1][0], base, rr, m, k0); for (idx = 1; idx < (int)((1U << EXP_WIN_SIZE) / 2); idx++) { DAMS(red_table[2 * idx + 0][0], red_table[1 * idx][0], m, k0); @@ -346,10 +346,10 @@ red_table_idx_0 >>= exp_chunk_shift; red_table_idx_1 >>= exp_chunk_shift; - ossl_extract_multiplier_2x20_win5(red_Y[0], (const BN_ULONG*)red_table, - (int)red_table_idx_0, 0); - ossl_extract_multiplier_2x20_win5(red_Y[1], (const BN_ULONG*)red_table, - (int)red_table_idx_1, 1); + ossl_extract_multiplier_2x20_win5(red_Y[0], (const BN_ULONG *)red_table, + (int)red_table_idx_0, 0); + ossl_extract_multiplier_2x20_win5(red_Y[1], (const BN_ULONG *)red_table, + (int)red_table_idx_1, 1); /* Process other exp windows */ for (exp_bit_no -= EXP_WIN_SIZE; exp_bit_no >= 0; exp_bit_no -= EXP_WIN_SIZE) { @@ -375,8 +375,8 @@ red_table_idx_0 &= table_idx_mask; ossl_extract_multiplier_2x20_win5(red_X[0], - (const BN_ULONG*)red_table, - (int)red_table_idx_0, 0); + (const BN_ULONG *)red_table, + (int)red_table_idx_0, 0); } { red_table_idx_1 = expz[1][exp_chunk_no]; @@ -394,19 +394,19 @@ red_table_idx_1 &= table_idx_mask; ossl_extract_multiplier_2x20_win5(red_X[1], - (const BN_ULONG*)red_table, - (int)red_table_idx_1, 1); + (const BN_ULONG *)red_table, + (int)red_table_idx_1, 1); } } /* Series of squaring */ - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); + DAMS((BN_ULONG *)red_Y, (const BN_ULONG *)red_Y, m, k0); + DAMS((BN_ULONG *)red_Y, (const BN_ULONG *)red_Y, m, k0); + DAMS((BN_ULONG *)red_Y, (const BN_ULONG *)red_Y, m, k0); + DAMS((BN_ULONG *)red_Y, (const BN_ULONG *)red_Y, m, k0); + DAMS((BN_ULONG *)red_Y, (const BN_ULONG *)red_Y, m, k0); - DAMM((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, (const BN_ULONG*)red_X, m, k0); + DAMM((BN_ULONG *)red_Y, (const BN_ULONG *)red_Y, (const BN_ULONG *)red_X, m, k0); } } @@ -423,19 +423,19 @@ memset(red_X, 0, sizeof(red_X)); red_X[0][0] = 1; red_X[1][0] = 1; - DAMM(out, (const BN_ULONG*)red_Y, (const BN_ULONG*)red_X, m, k0); + DAMM(out, (const BN_ULONG *)red_Y, (const BN_ULONG *)red_X, m, k0); /* Clear exponents */ OPENSSL_cleanse(expz, sizeof(expz)); OPENSSL_cleanse(red_Y, sizeof(red_Y)); -# undef DAMS -# undef DAMM -# undef EXP_DIGITS -# undef RED_DIGITS -# undef EXP_WIN_MASK -# undef EXP_WIN_SIZE -# undef BITSIZE_MODULUS +#undef DAMS +#undef DAMM +#undef EXP_DIGITS +#undef RED_DIGITS +#undef EXP_WIN_MASK +#undef EXP_WIN_SIZE +#undef BITSIZE_MODULUS } static ossl_inline uint64_t get_digit52(const uint8_t *in, int in_len) @@ -456,7 +456,7 @@ * words in redundant (base=2^52) one. */ static void to_words52(BN_ULONG *out, int out_len, - const BN_ULONG *in, int in_bitsize) + const BN_ULONG *in, int in_bitsize) { uint8_t *in_str = NULL; @@ -527,7 +527,7 @@ uint8_t *out_str = (uint8_t *)out; for (; out_bitsize >= (2 * DIGIT_SIZE); - out_bitsize -= (2 * DIGIT_SIZE), in += 2) { + out_bitsize -= (2 * DIGIT_SIZE), in += 2) { uint64_t digit; digit = in[0]; @@ -543,7 +543,7 @@ out_str += 6; out_bitsize -= DIGIT_SIZE; put_digit52(out_str, BITS2WORD8_SIZE(out_bitsize), - (in[1] << 4 | in[0] >> 48)); + (in[1] << 4 | in[0] >> 48)); } else if (out_bitsize) { put_digit52(out_str, BITS2WORD8_SIZE(out_bitsize), in[0]); } --- crypto/openssl/crypto/bsearch.c.orig +++ crypto/openssl/crypto/bsearch.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" const void *ossl_bsearch(const void *key, const void *base, int num, - int size, int (*cmp) (const void *, const void *), - int flags) + int size, int (*cmp)(const void *, const void *), + int flags) { const char *base_ = base; int l, h, i = 0, c = 0; @@ -23,9 +23,9 @@ l = 0; h = num; while (l < h) { - i = (l + h) / 2; + i = l + (h - l) / 2; p = &(base_[i * size]); - c = (*cmp) (key, p); + c = (*cmp)(key, p); if (c < 0) h = i; else if (c > 0) @@ -36,7 +36,7 @@ if (c != 0 && !(flags & OSSL_BSEARCH_VALUE_ON_NOMATCH)) p = NULL; else if (c == 0 && (flags & OSSL_BSEARCH_FIRST_VALUE_ON_MATCH)) { - while (i > 0 && (*cmp) (key, &(base_[(i - 1) * size])) == 0) + while (i > 0 && (*cmp)(key, &(base_[(i - 1) * size])) == 0) i--; p = &(base_[i * size]); } --- crypto/openssl/crypto/buffer/buf_err.c.orig +++ crypto/openssl/crypto/buffer/buf_err.c @@ -15,7 +15,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA BUF_str_reasons[] = { - {0, NULL} + { 0, NULL } }; #endif --- crypto/openssl/crypto/camellia/camellia.c.orig +++ crypto/openssl/crypto/camellia/camellia.c @@ -50,11 +50,11 @@ #include #include -#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) -#define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) +#define RightRotate(x, s) (((x) >> (s)) + ((x) << (32 - s))) +#define LeftRotate(x, s) (((x) << (s)) + ((x) >> (32 - s))) -#define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) -#define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) +#define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) +#define PUTU32(p, v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) /* S-box data */ #define SBOX1_1110 Camellia_SBOX[0] @@ -62,178 +62,178 @@ #define SBOX2_0222 Camellia_SBOX[2] #define SBOX3_3033 Camellia_SBOX[3] static const u32 Camellia_SBOX[][256] = { - {0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, - 0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, - 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00, - 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, - 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, - 0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, - 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000, - 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, - 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, - 0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, - 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00, - 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, - 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, - 0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, - 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700, - 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, - 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, - 0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, - 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400, - 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, - 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, - 0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, - 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00, - 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, - 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, - 0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, - 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00, - 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, - 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, - 0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, - 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600, - 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, - 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, - 0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, - 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800, - 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, - 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, - 0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, - 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900, - 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, - 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, - 0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, - 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00}, - {0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, - 0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, - 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af, - 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, - 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, - 0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, - 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb, - 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, - 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, - 0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, - 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0, - 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, - 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, - 0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, - 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8, - 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, - 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, - 0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, - 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9, - 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, - 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, - 0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, - 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093, - 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, - 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, - 0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, - 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066, - 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, - 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, - 0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, - 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2, - 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, - 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, - 0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, - 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002, - 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, - 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, - 0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, - 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a, - 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, - 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, - 0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, - 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e}, - {0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, - 0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, - 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf, - 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, - 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, - 0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, - 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060, - 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, - 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, - 0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, - 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a, - 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, - 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, - 0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, - 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f, - 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, - 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, - 0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, - 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888, - 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, - 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, - 0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, - 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6, - 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, - 0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, - 0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, - 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8, - 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, - 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, - 0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, - 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d, - 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, - 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, - 0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, - 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131, - 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, - 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, - 0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, - 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292, - 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, - 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, - 0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, - 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d}, - {0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, - 0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, - 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7, - 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, - 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, - 0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, - 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818, - 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, - 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, - 0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, - 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686, - 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, - 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, - 0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, - 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb, - 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, - 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, - 0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, - 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222, - 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, - 0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, - 0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, - 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad, - 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, - 0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, - 0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, - 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e, - 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, - 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, - 0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, - 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b, - 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, - 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, - 0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, - 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c, - 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, - 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, - 0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, - 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4, - 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, - 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, - 0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, - 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f} + { 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, + 0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, + 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00, + 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, + 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, + 0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, + 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000, + 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, + 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, + 0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, + 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00, + 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, + 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, + 0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, + 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700, + 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, + 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, + 0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, + 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400, + 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, + 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, + 0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, + 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00, + 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, + 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, + 0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, + 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00, + 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, + 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, + 0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, + 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600, + 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, + 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, + 0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, + 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800, + 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, + 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, + 0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, + 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900, + 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, + 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, + 0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, + 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 }, + { 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, + 0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, + 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af, + 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, + 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, + 0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, + 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb, + 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, + 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, + 0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, + 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0, + 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, + 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, + 0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, + 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8, + 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, + 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, + 0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, + 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9, + 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, + 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, + 0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, + 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093, + 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, + 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, + 0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, + 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066, + 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, + 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, + 0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, + 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2, + 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, + 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, + 0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, + 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002, + 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, + 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, + 0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, + 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a, + 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, + 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, + 0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, + 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e }, + { 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, + 0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, + 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf, + 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, + 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, + 0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, + 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060, + 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, + 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, + 0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, + 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a, + 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, + 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, + 0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, + 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f, + 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, + 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, + 0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, + 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888, + 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, + 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, + 0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, + 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6, + 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, + 0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, + 0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, + 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8, + 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, + 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, + 0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, + 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d, + 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, + 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, + 0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, + 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131, + 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, + 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, + 0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, + 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292, + 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, + 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, + 0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, + 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d }, + { 0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, + 0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, + 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7, + 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, + 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, + 0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, + 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818, + 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, + 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, + 0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, + 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686, + 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, + 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, + 0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, + 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb, + 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, + 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, + 0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, + 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222, + 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, + 0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, + 0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, + 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad, + 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, + 0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, + 0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, + 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e, + 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, + 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, + 0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, + 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b, + 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, + 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, + 0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, + 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c, + 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, + 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, + 0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, + 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4, + 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, + 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, + 0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, + 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f } }; /* Key generation constants */ @@ -250,38 +250,40 @@ * ~16 registers. For platforms with less registers [well, x86 to be * specific] assembler version should be/is provided anyway... */ -#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\ - register u32 _t0,_t1,_t2,_t3;\ -\ - _t0 = _s0 ^ (_key)[0];\ - _t3 = SBOX4_4404[_t0&0xff];\ - _t1 = _s1 ^ (_key)[1];\ - _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\ - _t2 = SBOX1_1110[_t1&0xff];\ - _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\ - _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\ - _t3 ^= SBOX1_1110[(_t0 >> 24)];\ - _t2 ^= _t3;\ - _t3 = RightRotate(_t3,8);\ - _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\ - _s3 ^= _t3;\ - _t2 ^= SBOX2_0222[(_t1 >> 24)];\ - _s2 ^= _t2; \ - _s3 ^= _t2;\ -} while(0) +#define Camellia_Feistel(_s0, _s1, _s2, _s3, _key) \ + do { \ + register u32 _t0, _t1, _t2, _t3; \ + \ + _t0 = _s0 ^ (_key)[0]; \ + _t3 = SBOX4_4404[_t0 & 0xff]; \ + _t1 = _s1 ^ (_key)[1]; \ + _t3 ^= SBOX3_3033[(_t0 >> 8) & 0xff]; \ + _t2 = SBOX1_1110[_t1 & 0xff]; \ + _t3 ^= SBOX2_0222[(_t0 >> 16) & 0xff]; \ + _t2 ^= SBOX4_4404[(_t1 >> 8) & 0xff]; \ + _t3 ^= SBOX1_1110[(_t0 >> 24)]; \ + _t2 ^= _t3; \ + _t3 = RightRotate(_t3, 8); \ + _t2 ^= SBOX3_3033[(_t1 >> 16) & 0xff]; \ + _s3 ^= _t3; \ + _t2 ^= SBOX2_0222[(_t1 >> 24)]; \ + _s2 ^= _t2; \ + _s3 ^= _t2; \ + } while (0) /* * Note that n has to be less than 32. Rotations for larger amount * of bits are achieved by "rotating" order of s-elements and * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32). */ -#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\ - u32 _t0=_s0>>(32-_n);\ - _s0 = (_s0<<_n) | (_s1>>(32-_n));\ - _s1 = (_s1<<_n) | (_s2>>(32-_n));\ - _s2 = (_s2<<_n) | (_s3>>(32-_n));\ - _s3 = (_s3<<_n) | _t0;\ -} while (0) +#define RotLeft128(_s0, _s1, _s2, _s3, _n) \ + do { \ + u32 _t0 = _s0 >> (32 - _n); \ + _s0 = (_s0 << _n) | (_s1 >> (32 - _n)); \ + _s1 = (_s1 << _n) | (_s2 >> (32 - _n)); \ + _s2 = (_s2 << _n) | (_s3 >> (32 - _n)); \ + _s3 = (_s3 << _n) | _t0; \ + } while (0) int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k) { @@ -343,7 +345,7 @@ RotLeft128(s0, s1, s2, s3, 17); /* KL <<<111 */ k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3; - return 3; /* grand rounds */ + return 3; /* grand rounds */ } else { k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; s0 ^= k[8], s1 ^= k[9], s2 ^= k[10], s3 ^= k[11]; @@ -388,7 +390,7 @@ RotLeft128(s2, s3, s0, s1, 2); /* KL <<<111 */ k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1; - return 4; /* grand rounds */ + return 4; /* grand rounds */ } /* * It is possible to perform certain precalculations, which @@ -401,8 +403,8 @@ } void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, - u8 ciphertext[]) + const KEY_TABLE_TYPE keyTable, + u8 ciphertext[]) { register u32 s0, s1, s2, s3; const u32 *k = keyTable, *kend = keyTable + grandRounds * 16; @@ -447,15 +449,15 @@ } void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) { Camellia_EncryptBlock_Rounds(keyBitLength == 128 ? 3 : 4, - plaintext, keyTable, ciphertext); + plaintext, keyTable, ciphertext); } void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, - u8 plaintext[]) + const KEY_TABLE_TYPE keyTable, + u8 plaintext[]) { u32 s0, s1, s2, s3; const u32 *k = keyTable + grandRounds * 16, *kend = keyTable + 4; @@ -500,8 +502,8 @@ } void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, u8 plaintext[]) + const KEY_TABLE_TYPE keyTable, u8 plaintext[]) { Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4, - ciphertext, keyTable, plaintext); + ciphertext, keyTable, plaintext); } --- crypto/openssl/crypto/camellia/cmll_cbc.c.orig +++ crypto/openssl/crypto/camellia/cmll_cbc.c @@ -17,14 +17,14 @@ #include void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec, const int enc) + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc) { if (enc) CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f) Camellia_encrypt); + (block128_f)Camellia_encrypt); else CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f) Camellia_decrypt); + (block128_f)Camellia_decrypt); } --- crypto/openssl/crypto/camellia/cmll_cfb.c.orig +++ crypto/openssl/crypto/camellia/cmll_cfb.c @@ -23,27 +23,27 @@ */ void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) Camellia_encrypt); + (block128_f)Camellia_encrypt); } /* N.B. This expects the input to be packed, MS bit first */ void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) Camellia_encrypt); + (block128_f)Camellia_encrypt); } void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) Camellia_encrypt); + (block128_f)Camellia_encrypt); } --- crypto/openssl/crypto/camellia/cmll_ctr.c.orig +++ crypto/openssl/crypto/camellia/cmll_ctr.c @@ -17,12 +17,12 @@ #include void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char ivec[CAMELLIA_BLOCK_SIZE], - unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], - unsigned int *num) + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num) { CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, - (block128_f) Camellia_encrypt); + (block128_f)Camellia_encrypt); } --- crypto/openssl/crypto/camellia/cmll_ecb.c.orig +++ crypto/openssl/crypto/camellia/cmll_ecb.c @@ -17,7 +17,7 @@ #include "cmll_local.h" void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key, const int enc) + const CAMELLIA_KEY *key, const int enc) { if (CAMELLIA_ENCRYPT == enc) Camellia_encrypt(in, out, key); --- crypto/openssl/crypto/camellia/cmll_local.h.orig +++ crypto/openssl/crypto/camellia/cmll_local.h @@ -23,21 +23,21 @@ */ #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H -# define OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H +#define OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H typedef unsigned int u32; typedef unsigned char u8; int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, - KEY_TABLE_TYPE keyTable); + KEY_TABLE_TYPE keyTable); void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, - u8 ciphertext[]); + const KEY_TABLE_TYPE keyTable, + u8 ciphertext[]); void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, - u8 plaintext[]); + const KEY_TABLE_TYPE keyTable, + u8 plaintext[]); void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, u8 plaintext[]); -#endif /* #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H */ + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); +#endif /* #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H */ --- crypto/openssl/crypto/camellia/cmll_misc.c.orig +++ crypto/openssl/crypto/camellia/cmll_misc.c @@ -18,7 +18,7 @@ #include "cmll_local.h" int Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key) + CAMELLIA_KEY *key) { if (!userKey || !key) return -1; @@ -29,13 +29,13 @@ } void Camellia_encrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key) + const CAMELLIA_KEY *key) { Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); } void Camellia_decrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key) + const CAMELLIA_KEY *key) { Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); } --- crypto/openssl/crypto/camellia/cmll_ofb.c.orig +++ crypto/openssl/crypto/camellia/cmll_ofb.c @@ -22,9 +22,9 @@ * used is contained in *num; */ void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char *ivec, int *num) + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num) { CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f) Camellia_encrypt); + (block128_f)Camellia_encrypt); } --- crypto/openssl/crypto/cast/c_cfb64.c.orig +++ crypto/openssl/crypto/cast/c_cfb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,11 +23,11 @@ */ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, - unsigned char *ivec, int *num, int enc) + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc) { register CAST_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; CAST_LONG ti[2]; unsigned char *iv, c, cc; --- crypto/openssl/crypto/cast/c_ecb.c.orig +++ crypto/openssl/crypto/cast/c_ecb.c @@ -18,7 +18,7 @@ #include void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - const CAST_KEY *ks, int enc) + const CAST_KEY *ks, int enc) { CAST_LONG l, d[2]; --- crypto/openssl/crypto/cast/c_enc.c.orig +++ crypto/openssl/crypto/cast/c_enc.c @@ -81,8 +81,8 @@ } void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *ks, unsigned char *iv, - int enc) + long length, const CAST_KEY *ks, unsigned char *iv, + int enc) { register CAST_LONG tin0, tin1; register CAST_LONG tout0, tout1, xor0, xor1; --- crypto/openssl/crypto/cast/c_ofb64.c.orig +++ crypto/openssl/crypto/cast/c_ofb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,11 +22,11 @@ * used is contained in *num; */ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, - unsigned char *ivec, int *num) + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num) { register CAST_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned char d[8]; register char *dp; --- crypto/openssl/crypto/cast/c_skey.c.orig +++ crypto/openssl/crypto/cast/c_skey.c @@ -17,12 +17,12 @@ #include "cast_local.h" #include "cast_s.h" -#define CAST_exp(l,A,a,n) \ - A[n/4]=l; \ - a[n+3]=(l )&0xff; \ - a[n+2]=(l>> 8)&0xff; \ - a[n+1]=(l>>16)&0xff; \ - a[n+0]=(l>>24)&0xff; +#define CAST_exp(l, A, a, n) \ + A[n / 4] = l; \ + a[n + 3] = (l) & 0xff; \ + a[n + 2] = (l >> 8) & 0xff; \ + a[n + 1] = (l >> 16) & 0xff; \ + a[n + 0] = (l >> 24) & 0xff; #define S4 CAST_S_table4 #define S5 CAST_S_table5 @@ -53,8 +53,7 @@ X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL; X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL; X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL; - X[3] = - ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL; + X[3] = ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL; for (;;) { l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; --- crypto/openssl/crypto/cast/cast_local.h.orig +++ crypto/openssl/crypto/cast/cast_local.h @@ -8,174 +8,217 @@ */ #ifdef OPENSSL_SYS_WIN32 -# include +#include #endif #undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) +#define c2l(c, l) (l = ((unsigned long)(*((c)++))), \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 24L) /* NOTE - c is not incremented as per c2l */ #undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } +#define c2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))) << 24L; \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 16L; \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 8L; \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))); \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))) << 24L; \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 16L; \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 8L; \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))); \ + } \ + } #undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +#define l2c(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24L) & 0xff)) /* NOTE - c is not incremented as per l2c */ #undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } +#define l2cn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2) >> 24L) & 0xff); \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 16L) & 0xff); \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 8L) & 0xff); \ + case 5: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + case 4: \ + *(--(c)) = (unsigned char)(((l1) >> 24L) & 0xff); \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 16L) & 0xff); \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 8L) & 0xff); \ + case 1: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + } \ + } /* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } +#define n2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))) << 24; \ + /* fall thru */ \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))) << 24; \ + } \ + } /* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } +#define l2nn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + /* fall thru */ \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 8) & 0xff); \ + /* fall thru */ \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 16) & 0xff); \ + /* fall thru */ \ + case 5: \ + *(--(c)) = (unsigned char)(((l2) >> 24) & 0xff); \ + /* fall thru */ \ + case 4: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + /* fall thru */ \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 8) & 0xff); \ + /* fall thru */ \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 16) & 0xff); \ + /* fall thru */ \ + case 1: \ + *(--(c)) = (unsigned char)(((l1) >> 24) & 0xff); \ + } \ + } #undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) +#define n2l(c, l) (l = ((unsigned long)(*((c)++))) << 24L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++)))) #undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) -# define ROTL(a,n) (_lrotl(a,n)) +#define ROTL(a, n) (_lrotl(a, n)) #else -# define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31))) +#define ROTL(a, n) ((((a) << (n)) & 0xffffffffL) | ((a) >> ((32 - (n)) & 31))) #endif -#define C_M 0x3fc -#define C_0 22L -#define C_1 14L -#define C_2 6L -#define C_3 2L /* left shift */ +#define C_M 0x3fc +#define C_0 22L +#define C_1 14L +#define C_2 6L +#define C_3 2L /* left shift */ /* The rotate has an extra 16 added to it to help the x86 asm */ #if defined(CAST_PTR) -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - int i; \ - t=(key[n*2] OP1 R)&0xffffffffL; \ - i=key[n*2+1]; \ - t=ROTL(t,i); \ - L^= (((((*(CAST_LONG *)((unsigned char *) \ - CAST_S_table0+((t>>C_2)&C_M)) OP2 \ - *(CAST_LONG *)((unsigned char *) \ - CAST_S_table1+((t<>C_0)&C_M)))&0xffffffffL) OP1 \ - *(CAST_LONG *)((unsigned char *) \ - CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \ - } +#define E_CAST(n, key, L, R, OP1, OP2, OP3) \ + { \ + int i; \ + t = (key[n * 2] OP1 R) & 0xffffffffL; \ + i = key[n * 2 + 1]; \ + t = ROTL(t, i); \ + L ^= (((((*(CAST_LONG *)((unsigned char *) \ + CAST_S_table0 \ + + ((t >> C_2) & C_M)) OP2 \ + * (CAST_LONG *)((unsigned char *) \ + CAST_S_table1 \ + + ((t << C_3) & C_M))) \ + & 0xffffffffL) OP3 \ + * (CAST_LONG *)((unsigned char *) \ + CAST_S_table2 \ + + ((t >> C_0) & C_M))) \ + & 0xffffffffL) OP1 \ + * (CAST_LONG *)((unsigned char *) \ + CAST_S_table3 \ + + ((t >> C_1) & C_M))) \ + & 0xffffffffL; \ + } #elif defined(CAST_PTR2) -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - int i; \ - CAST_LONG u,v,w; \ - w=(key[n*2] OP1 R)&0xffffffffL; \ - i=key[n*2+1]; \ - w=ROTL(w,i); \ - u=w>>C_2; \ - v=w<>C_0; \ - t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\ - v=w>>C_1; \ - u&=C_M; \ - v&=C_M; \ - t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\ - t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\ - L^=(t&0xffffffff); \ - } +#define E_CAST(n, key, L, R, OP1, OP2, OP3) \ + { \ + int i; \ + CAST_LONG u, v, w; \ + w = (key[n * 2] OP1 R) & 0xffffffffL; \ + i = key[n * 2 + 1]; \ + w = ROTL(w, i); \ + u = w >> C_2; \ + v = w << C_3; \ + u &= C_M; \ + v &= C_M; \ + t = *(CAST_LONG *)((unsigned char *)CAST_S_table0 + u); \ + u = w >> C_0; \ + t = (t OP2 * (CAST_LONG *)((unsigned char *)CAST_S_table1 + v)) & 0xffffffffL; \ + v = w >> C_1; \ + u &= C_M; \ + v &= C_M; \ + t = (t OP3 * (CAST_LONG *)((unsigned char *)CAST_S_table2 + u) & 0xffffffffL); \ + t = (t OP1 * (CAST_LONG *)((unsigned char *)CAST_S_table3 + v) & 0xffffffffL); \ + L ^= (t & 0xffffffff); \ + } #else -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - CAST_LONG a,b,c,d; \ - t=(key[n*2] OP1 R)&0xffffffff; \ - t=ROTL(t,(key[n*2+1])); \ - a=CAST_S_table0[(t>> 8)&0xff]; \ - b=CAST_S_table1[(t )&0xff]; \ - c=CAST_S_table2[(t>>24)&0xff]; \ - d=CAST_S_table3[(t>>16)&0xff]; \ - L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \ - } +#define E_CAST(n, key, L, R, OP1, OP2, OP3) \ + { \ + CAST_LONG a, b, c, d; \ + t = (key[n * 2] OP1 R) & 0xffffffff; \ + t = ROTL(t, (key[n * 2 + 1])); \ + a = CAST_S_table0[(t >> 8) & 0xff]; \ + b = CAST_S_table1[(t) & 0xff]; \ + c = CAST_S_table2[(t >> 24) & 0xff]; \ + d = CAST_S_table3[(t >> 16) & 0xff]; \ + L ^= (((((a OP2 b) & 0xffffffffL) OP3 c) & 0xffffffffL) OP1 d) & 0xffffffffL; \ + } #endif extern const CAST_LONG CAST_S_table0[256]; --- crypto/openssl/crypto/cast/cast_s.h.orig +++ crypto/openssl/crypto/cast/cast_s.h @@ -8,537 +8,2073 @@ */ const CAST_LONG CAST_S_table0[256] = { - 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, - 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, - 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, - 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, - 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, - 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, - 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, - 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, - 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, - 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, - 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, - 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, - 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, - 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, - 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, - 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, - 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, - 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, - 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, - 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, - 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, - 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, - 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, - 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, - 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, - 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, - 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, - 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, - 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, - 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, - 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, - 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, - 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, - 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, - 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, - 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, - 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, - 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, - 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, - 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, - 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, - 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, - 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, - 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, - 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, - 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, - 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, - 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, - 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, - 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, - 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, - 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, - 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, - 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, - 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, - 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, - 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, - 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, - 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, - 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, - 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, - 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, - 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, - 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf, + 0x30fb40d4, + 0x9fa0ff0b, + 0x6beccd2f, + 0x3f258c7a, + 0x1e213f2f, + 0x9c004dd3, + 0x6003e540, + 0xcf9fc949, + 0xbfd4af27, + 0x88bbbdb5, + 0xe2034090, + 0x98d09675, + 0x6e63a0e0, + 0x15c361d2, + 0xc2e7661d, + 0x22d4ff8e, + 0x28683b6f, + 0xc07fd059, + 0xff2379c8, + 0x775f50e2, + 0x43c340d3, + 0xdf2f8656, + 0x887ca41a, + 0xa2d2bd2d, + 0xa1c9e0d6, + 0x346c4819, + 0x61b76d87, + 0x22540f2f, + 0x2abe32e1, + 0xaa54166b, + 0x22568e3a, + 0xa2d341d0, + 0x66db40c8, + 0xa784392f, + 0x004dff2f, + 0x2db9d2de, + 0x97943fac, + 0x4a97c1d8, + 0x527644b7, + 0xb5f437a7, + 0xb82cbaef, + 0xd751d159, + 0x6ff7f0ed, + 0x5a097a1f, + 0x827b68d0, + 0x90ecf52e, + 0x22b0c054, + 0xbc8e5935, + 0x4b6d2f7f, + 0x50bb64a2, + 0xd2664910, + 0xbee5812d, + 0xb7332290, + 0xe93b159f, + 0xb48ee411, + 0x4bff345d, + 0xfd45c240, + 0xad31973f, + 0xc4f6d02e, + 0x55fc8165, + 0xd5b1caad, + 0xa1ac2dae, + 0xa2d4b76d, + 0xc19b0c50, + 0x882240f2, + 0x0c6e4f38, + 0xa4e4bfd7, + 0x4f5ba272, + 0x564c1d2f, + 0xc59c5319, + 0xb949e354, + 0xb04669fe, + 0xb1b6ab8a, + 0xc71358dd, + 0x6385c545, + 0x110f935d, + 0x57538ad5, + 0x6a390493, + 0xe63d37e0, + 0x2a54f6b3, + 0x3a787d5f, + 0x6276a0b5, + 0x19a6fcdf, + 0x7a42206a, + 0x29f9d4d5, + 0xf61b1891, + 0xbb72275e, + 0xaa508167, + 0x38901091, + 0xc6b505eb, + 0x84c7cb8c, + 0x2ad75a0f, + 0x874a1427, + 0xa2d1936b, + 0x2ad286af, + 0xaa56d291, + 0xd7894360, + 0x425c750d, + 0x93b39e26, + 0x187184c9, + 0x6c00b32d, + 0x73e2bb14, + 0xa0bebc3c, + 0x54623779, + 0x64459eab, + 0x3f328b82, + 0x7718cf82, + 0x59a2cea6, + 0x04ee002e, + 0x89fe78e6, + 0x3fab0950, + 0x325ff6c2, + 0x81383f05, + 0x6963c5c8, + 0x76cb5ad6, + 0xd49974c9, + 0xca180dcf, + 0x380782d5, + 0xc7fa5cf6, + 0x8ac31511, + 0x35e79e13, + 0x47da91d0, + 0xf40f9086, + 0xa7e2419e, + 0x31366241, + 0x051ef495, + 0xaa573b04, + 0x4a805d8d, + 0x548300d0, + 0x00322a3c, + 0xbf64cddf, + 0xba57a68e, + 0x75c6372b, + 0x50afd341, + 0xa7c13275, + 0x915a0bf5, + 0x6b54bfab, + 0x2b0b1426, + 0xab4cc9d7, + 0x449ccd82, + 0xf7fbf265, + 0xab85c5f3, + 0x1b55db94, + 0xaad4e324, + 0xcfa4bd3f, + 0x2deaa3e2, + 0x9e204d02, + 0xc8bd25ac, + 0xeadf55b3, + 0xd5bd9e98, + 0xe31231b2, + 0x2ad5ad6c, + 0x954329de, + 0xadbe4528, + 0xd8710f69, + 0xaa51c90f, + 0xaa786bf6, + 0x22513f1e, + 0xaa51a79b, + 0x2ad344cc, + 0x7b5a41f0, + 0xd37cfbad, + 0x1b069505, + 0x41ece491, + 0xb4c332e6, + 0x032268d4, + 0xc9600acc, + 0xce387e6d, + 0xbf6bb16c, + 0x6a70fb78, + 0x0d03d9c9, + 0xd4df39de, + 0xe01063da, + 0x4736f464, + 0x5ad328d8, + 0xb347cc96, + 0x75bb0fc3, + 0x98511bfb, + 0x4ffbcc35, + 0xb58bcf6a, + 0xe11f0abc, + 0xbfc5fe4a, + 0xa70aec10, + 0xac39570a, + 0x3f04442f, + 0x6188b153, + 0xe0397a2e, + 0x5727cb79, + 0x9ceb418f, + 0x1cacd68d, + 0x2ad37c96, + 0x0175cb9d, + 0xc69dff09, + 0xc75b65f0, + 0xd9db40d8, + 0xec0e7779, + 0x4744ead4, + 0xb11c3274, + 0xdd24cb9e, + 0x7e1c54bd, + 0xf01144f9, + 0xd2240eb1, + 0x9675b3fd, + 0xa3ac3755, + 0xd47c27af, + 0x51c85f4d, + 0x56907596, + 0xa5bb15e6, + 0x580304f0, + 0xca042cf1, + 0x011a37ea, + 0x8dbfaadb, + 0x35ba3e4a, + 0x3526ffa0, + 0xc37b4d09, + 0xbc306ed9, + 0x98a52666, + 0x5648f725, + 0xff5e569d, + 0x0ced63d0, + 0x7c63b2cf, + 0x700b45e1, + 0xd5ea50f1, + 0x85a92872, + 0xaf1fbda7, + 0xd4234870, + 0xa7870bf3, + 0x2d3b4d79, + 0x42e04198, + 0x0cd0ede7, + 0x26470db8, + 0xf881814c, + 0x474d6ad7, + 0x7c0c5e5c, + 0xd1231959, + 0x381b7298, + 0xf5d2f4db, + 0xab838653, + 0x6e2f1e23, + 0x83719c9e, + 0xbd91e046, + 0x9a56456e, + 0xdc39200c, + 0x20c8c571, + 0x962bda1c, + 0xe1e696ff, + 0xb141ab08, + 0x7cca89b9, + 0x1a69e783, + 0x02cc4843, + 0xa2f7c579, + 0x429ef47d, + 0x427b169c, + 0x5ac9f049, + 0xdd8f0f00, + 0x5c8165bf, }; const CAST_LONG CAST_S_table1[256] = { - 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, - 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, - 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, - 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, - 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, - 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, - 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, - 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, - 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, - 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, - 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, - 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, - 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, - 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, - 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, - 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, - 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, - 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, - 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, - 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, - 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, - 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, - 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, - 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, - 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, - 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, - 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, - 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, - 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, - 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, - 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, - 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, - 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, - 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, - 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, - 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, - 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, - 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, - 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, - 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, - 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, - 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, - 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, - 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, - 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, - 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, - 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, - 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, - 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, - 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, - 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, - 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, - 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, - 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, - 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, - 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, - 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, - 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, - 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, - 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, - 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, - 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, - 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, - 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1, + 0x1f201094, + 0xef0ba75b, + 0x69e3cf7e, + 0x393f4380, + 0xfe61cf7a, + 0xeec5207a, + 0x55889c94, + 0x72fc0651, + 0xada7ef79, + 0x4e1d7235, + 0xd55a63ce, + 0xde0436ba, + 0x99c430ef, + 0x5f0c0794, + 0x18dcdb7d, + 0xa1d6eff3, + 0xa0b52f7b, + 0x59e83605, + 0xee15b094, + 0xe9ffd909, + 0xdc440086, + 0xef944459, + 0xba83ccb3, + 0xe0c3cdfb, + 0xd1da4181, + 0x3b092ab1, + 0xf997f1c1, + 0xa5e6cf7b, + 0x01420ddb, + 0xe4e7ef5b, + 0x25a1ff41, + 0xe180f806, + 0x1fc41080, + 0x179bee7a, + 0xd37ac6a9, + 0xfe5830a4, + 0x98de8b7f, + 0x77e83f4e, + 0x79929269, + 0x24fa9f7b, + 0xe113c85b, + 0xacc40083, + 0xd7503525, + 0xf7ea615f, + 0x62143154, + 0x0d554b63, + 0x5d681121, + 0xc866c359, + 0x3d63cf73, + 0xcee234c0, + 0xd4d87e87, + 0x5c672b21, + 0x071f6181, + 0x39f7627f, + 0x361e3084, + 0xe4eb573b, + 0x602f64a4, + 0xd63acd9c, + 0x1bbc4635, + 0x9e81032d, + 0x2701f50c, + 0x99847ab4, + 0xa0e3df79, + 0xba6cf38c, + 0x10843094, + 0x2537a95e, + 0xf46f6ffe, + 0xa1ff3b1f, + 0x208cfb6a, + 0x8f458c74, + 0xd9e0a227, + 0x4ec73a34, + 0xfc884f69, + 0x3e4de8df, + 0xef0e0088, + 0x3559648d, + 0x8a45388c, + 0x1d804366, + 0x721d9bfd, + 0xa58684bb, + 0xe8256333, + 0x844e8212, + 0x128d8098, + 0xfed33fb4, + 0xce280ae1, + 0x27e19ba5, + 0xd5a6c252, + 0xe49754bd, + 0xc5d655dd, + 0xeb667064, + 0x77840b4d, + 0xa1b6a801, + 0x84db26a9, + 0xe0b56714, + 0x21f043b7, + 0xe5d05860, + 0x54f03084, + 0x066ff472, + 0xa31aa153, + 0xdadc4755, + 0xb5625dbf, + 0x68561be6, + 0x83ca6b94, + 0x2d6ed23b, + 0xeccf01db, + 0xa6d3d0ba, + 0xb6803d5c, + 0xaf77a709, + 0x33b4a34c, + 0x397bc8d6, + 0x5ee22b95, + 0x5f0e5304, + 0x81ed6f61, + 0x20e74364, + 0xb45e1378, + 0xde18639b, + 0x881ca122, + 0xb96726d1, + 0x8049a7e8, + 0x22b7da7b, + 0x5e552d25, + 0x5272d237, + 0x79d2951c, + 0xc60d894c, + 0x488cb402, + 0x1ba4fe5b, + 0xa4b09f6b, + 0x1ca815cf, + 0xa20c3005, + 0x8871df63, + 0xb9de2fcb, + 0x0cc6c9e9, + 0x0beeff53, + 0xe3214517, + 0xb4542835, + 0x9f63293c, + 0xee41e729, + 0x6e1d2d7c, + 0x50045286, + 0x1e6685f3, + 0xf33401c6, + 0x30a22c95, + 0x31a70850, + 0x60930f13, + 0x73f98417, + 0xa1269859, + 0xec645c44, + 0x52c877a9, + 0xcdff33a6, + 0xa02b1741, + 0x7cbad9a2, + 0x2180036f, + 0x50d99c08, + 0xcb3f4861, + 0xc26bd765, + 0x64a3f6ab, + 0x80342676, + 0x25a75e7b, + 0xe4e6d1fc, + 0x20c710e6, + 0xcdf0b680, + 0x17844d3b, + 0x31eef84d, + 0x7e0824e4, + 0x2ccb49eb, + 0x846a3bae, + 0x8ff77888, + 0xee5d60f6, + 0x7af75673, + 0x2fdd5cdb, + 0xa11631c1, + 0x30f66f43, + 0xb3faec54, + 0x157fd7fa, + 0xef8579cc, + 0xd152de58, + 0xdb2ffd5e, + 0x8f32ce19, + 0x306af97a, + 0x02f03ef8, + 0x99319ad5, + 0xc242fa0f, + 0xa7e3ebb0, + 0xc68e4906, + 0xb8da230c, + 0x80823028, + 0xdcdef3c8, + 0xd35fb171, + 0x088a1bc8, + 0xbec0c560, + 0x61a3c9e8, + 0xbca8f54d, + 0xc72feffa, + 0x22822e99, + 0x82c570b4, + 0xd8d94e89, + 0x8b1c34bc, + 0x301e16e6, + 0x273be979, + 0xb0ffeaa6, + 0x61d9b8c6, + 0x00b24869, + 0xb7ffce3f, + 0x08dc283b, + 0x43daf65a, + 0xf7e19798, + 0x7619b72f, + 0x8f1c9ba4, + 0xdc8637a0, + 0x16a7d3b1, + 0x9fc393b7, + 0xa7136eeb, + 0xc6bcc63e, + 0x1a513742, + 0xef6828bc, + 0x520365d6, + 0x2d6a77ab, + 0x3527ed4b, + 0x821fd216, + 0x095c6e2e, + 0xdb92f2fb, + 0x5eea29cb, + 0x145892f5, + 0x91584f7f, + 0x5483697b, + 0x2667a8cc, + 0x85196048, + 0x8c4bacea, + 0x833860d4, + 0x0d23e0f9, + 0x6c387e8a, + 0x0ae6d249, + 0xb284600c, + 0xd835731d, + 0xdcb1c647, + 0xac4c56ea, + 0x3ebd81b3, + 0x230eabb0, + 0x6438bc87, + 0xf0b5b1fa, + 0x8f5ea2b3, + 0xfc184642, + 0x0a036b7a, + 0x4fb089bd, + 0x649da589, + 0xa345415e, + 0x5c038323, + 0x3e5d3bb9, + 0x43d79572, + 0x7e6dd07c, + 0x06dfdf1e, + 0x6c6cc4ef, + 0x7160a539, + 0x73bfbe70, + 0x83877605, + 0x4523ecf1, }; const CAST_LONG CAST_S_table2[256] = { - 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, - 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, - 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, - 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, - 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, - 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, - 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, - 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, - 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, - 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, - 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, - 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, - 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, - 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, - 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, - 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, - 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, - 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, - 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, - 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, - 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, - 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, - 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, - 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, - 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, - 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, - 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, - 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, - 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, - 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, - 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, - 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, - 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, - 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, - 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, - 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, - 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, - 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, - 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, - 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, - 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, - 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, - 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, - 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, - 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, - 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, - 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, - 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, - 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, - 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, - 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, - 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, - 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, - 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, - 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, - 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, - 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, - 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, - 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, - 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, - 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, - 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, - 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, - 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783, + 0x8defc240, + 0x25fa5d9f, + 0xeb903dbf, + 0xe810c907, + 0x47607fff, + 0x369fe44b, + 0x8c1fc644, + 0xaececa90, + 0xbeb1f9bf, + 0xeefbcaea, + 0xe8cf1950, + 0x51df07ae, + 0x920e8806, + 0xf0ad0548, + 0xe13c8d83, + 0x927010d5, + 0x11107d9f, + 0x07647db9, + 0xb2e3e4d4, + 0x3d4f285e, + 0xb9afa820, + 0xfade82e0, + 0xa067268b, + 0x8272792e, + 0x553fb2c0, + 0x489ae22b, + 0xd4ef9794, + 0x125e3fbc, + 0x21fffcee, + 0x825b1bfd, + 0x9255c5ed, + 0x1257a240, + 0x4e1a8302, + 0xbae07fff, + 0x528246e7, + 0x8e57140e, + 0x3373f7bf, + 0x8c9f8188, + 0xa6fc4ee8, + 0xc982b5a5, + 0xa8c01db7, + 0x579fc264, + 0x67094f31, + 0xf2bd3f5f, + 0x40fff7c1, + 0x1fb78dfc, + 0x8e6bd2c1, + 0x437be59b, + 0x99b03dbf, + 0xb5dbc64b, + 0x638dc0e6, + 0x55819d99, + 0xa197c81c, + 0x4a012d6e, + 0xc5884a28, + 0xccc36f71, + 0xb843c213, + 0x6c0743f1, + 0x8309893c, + 0x0feddd5f, + 0x2f7fe850, + 0xd7c07f7e, + 0x02507fbf, + 0x5afb9a04, + 0xa747d2d0, + 0x1651192e, + 0xaf70bf3e, + 0x58c31380, + 0x5f98302e, + 0x727cc3c4, + 0x0a0fb402, + 0x0f7fef82, + 0x8c96fdad, + 0x5d2c2aae, + 0x8ee99a49, + 0x50da88b8, + 0x8427f4a0, + 0x1eac5790, + 0x796fb449, + 0x8252dc15, + 0xefbd7d9b, + 0xa672597d, + 0xada840d8, + 0x45f54504, + 0xfa5d7403, + 0xe83ec305, + 0x4f91751a, + 0x925669c2, + 0x23efe941, + 0xa903f12e, + 0x60270df2, + 0x0276e4b6, + 0x94fd6574, + 0x927985b2, + 0x8276dbcb, + 0x02778176, + 0xf8af918d, + 0x4e48f79e, + 0x8f616ddf, + 0xe29d840e, + 0x842f7d83, + 0x340ce5c8, + 0x96bbb682, + 0x93b4b148, + 0xef303cab, + 0x984faf28, + 0x779faf9b, + 0x92dc560d, + 0x224d1e20, + 0x8437aa88, + 0x7d29dc96, + 0x2756d3dc, + 0x8b907cee, + 0xb51fd240, + 0xe7c07ce3, + 0xe566b4a1, + 0xc3e9615e, + 0x3cf8209d, + 0x6094d1e3, + 0xcd9ca341, + 0x5c76460e, + 0x00ea983b, + 0xd4d67881, + 0xfd47572c, + 0xf76cedd9, + 0xbda8229c, + 0x127dadaa, + 0x438a074e, + 0x1f97c090, + 0x081bdb8a, + 0x93a07ebe, + 0xb938ca15, + 0x97b03cff, + 0x3dc2c0f8, + 0x8d1ab2ec, + 0x64380e51, + 0x68cc7bfb, + 0xd90f2788, + 0x12490181, + 0x5de5ffd4, + 0xdd7ef86a, + 0x76a2e214, + 0xb9a40368, + 0x925d958f, + 0x4b39fffa, + 0xba39aee9, + 0xa4ffd30b, + 0xfaf7933b, + 0x6d498623, + 0x193cbcfa, + 0x27627545, + 0x825cf47a, + 0x61bd8ba0, + 0xd11e42d1, + 0xcead04f4, + 0x127ea392, + 0x10428db7, + 0x8272a972, + 0x9270c4a8, + 0x127de50b, + 0x285ba1c8, + 0x3c62f44f, + 0x35c0eaa5, + 0xe805d231, + 0x428929fb, + 0xb4fcdf82, + 0x4fb66a53, + 0x0e7dc15b, + 0x1f081fab, + 0x108618ae, + 0xfcfd086d, + 0xf9ff2889, + 0x694bcc11, + 0x236a5cae, + 0x12deca4d, + 0x2c3f8cc5, + 0xd2d02dfe, + 0xf8ef5896, + 0xe4cf52da, + 0x95155b67, + 0x494a488c, + 0xb9b6a80c, + 0x5c8f82bc, + 0x89d36b45, + 0x3a609437, + 0xec00c9a9, + 0x44715253, + 0x0a874b49, + 0xd773bc40, + 0x7c34671c, + 0x02717ef6, + 0x4feb5536, + 0xa2d02fff, + 0xd2bf60c4, + 0xd43f03c0, + 0x50b4ef6d, + 0x07478cd1, + 0x006e1888, + 0xa2e53f55, + 0xb9e6d4bc, + 0xa2048016, + 0x97573833, + 0xd7207d67, + 0xde0f8f3d, + 0x72f87b33, + 0xabcc4f33, + 0x7688c55d, + 0x7b00a6b0, + 0x947b0001, + 0x570075d2, + 0xf9bb88f8, + 0x8942019e, + 0x4264a5ff, + 0x856302e0, + 0x72dbd92b, + 0xee971b69, + 0x6ea22fde, + 0x5f08ae2b, + 0xaf7a616d, + 0xe5c98767, + 0xcf1febd2, + 0x61efc8c2, + 0xf1ac2571, + 0xcc8239c2, + 0x67214cb8, + 0xb1e583d1, + 0xb7dc3e62, + 0x7f10bdce, + 0xf90a5c38, + 0x0ff0443d, + 0x606e6dc6, + 0x60543a49, + 0x5727c148, + 0x2be98a1d, + 0x8ab41738, + 0x20e1be24, + 0xaf96da0f, + 0x68458425, + 0x99833be5, + 0x600d457d, + 0x282f9350, + 0x8334b362, + 0xd91d1120, + 0x2b6d8da0, + 0x642b1e31, + 0x9c305a00, + 0x52bce688, + 0x1b03588a, + 0xf7baefd5, + 0x4142ed9c, + 0xa4315c11, + 0x83323ec5, + 0xdfef4636, + 0xa133c501, + 0xe9d3531c, + 0xee353783, }; const CAST_LONG CAST_S_table3[256] = { - 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, - 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, - 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, - 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, - 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, - 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, - 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, - 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, - 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, - 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, - 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, - 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, - 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, - 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, - 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, - 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, - 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, - 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, - 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, - 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, - 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, - 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, - 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, - 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, - 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, - 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, - 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, - 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, - 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, - 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, - 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, - 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, - 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, - 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, - 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, - 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, - 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, - 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, - 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, - 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, - 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, - 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, - 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, - 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, - 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, - 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, - 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, - 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, - 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, - 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, - 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, - 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, - 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, - 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, - 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, - 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, - 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, - 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, - 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, - 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, - 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, - 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, - 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, - 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2, + 0x9db30420, + 0x1fb6e9de, + 0xa7be7bef, + 0xd273a298, + 0x4a4f7bdb, + 0x64ad8c57, + 0x85510443, + 0xfa020ed1, + 0x7e287aff, + 0xe60fb663, + 0x095f35a1, + 0x79ebf120, + 0xfd059d43, + 0x6497b7b1, + 0xf3641f63, + 0x241e4adf, + 0x28147f5f, + 0x4fa2b8cd, + 0xc9430040, + 0x0cc32220, + 0xfdd30b30, + 0xc0a5374f, + 0x1d2d00d9, + 0x24147b15, + 0xee4d111a, + 0x0fca5167, + 0x71ff904c, + 0x2d195ffe, + 0x1a05645f, + 0x0c13fefe, + 0x081b08ca, + 0x05170121, + 0x80530100, + 0xe83e5efe, + 0xac9af4f8, + 0x7fe72701, + 0xd2b8ee5f, + 0x06df4261, + 0xbb9e9b8a, + 0x7293ea25, + 0xce84ffdf, + 0xf5718801, + 0x3dd64b04, + 0xa26f263b, + 0x7ed48400, + 0x547eebe6, + 0x446d4ca0, + 0x6cf3d6f5, + 0x2649abdf, + 0xaea0c7f5, + 0x36338cc1, + 0x503f7e93, + 0xd3772061, + 0x11b638e1, + 0x72500e03, + 0xf80eb2bb, + 0xabe0502e, + 0xec8d77de, + 0x57971e81, + 0xe14f6746, + 0xc9335400, + 0x6920318f, + 0x081dbb99, + 0xffc304a5, + 0x4d351805, + 0x7f3d5ce3, + 0xa6c866c6, + 0x5d5bcca9, + 0xdaec6fea, + 0x9f926f91, + 0x9f46222f, + 0x3991467d, + 0xa5bf6d8e, + 0x1143c44f, + 0x43958302, + 0xd0214eeb, + 0x022083b8, + 0x3fb6180c, + 0x18f8931e, + 0x281658e6, + 0x26486e3e, + 0x8bd78a70, + 0x7477e4c1, + 0xb506e07c, + 0xf32d0a25, + 0x79098b02, + 0xe4eabb81, + 0x28123b23, + 0x69dead38, + 0x1574ca16, + 0xdf871b62, + 0x211c40b7, + 0xa51a9ef9, + 0x0014377b, + 0x041e8ac8, + 0x09114003, + 0xbd59e4d2, + 0xe3d156d5, + 0x4fe876d5, + 0x2f91a340, + 0x557be8de, + 0x00eae4a7, + 0x0ce5c2ec, + 0x4db4bba6, + 0xe756bdff, + 0xdd3369ac, + 0xec17b035, + 0x06572327, + 0x99afc8b0, + 0x56c8c391, + 0x6b65811c, + 0x5e146119, + 0x6e85cb75, + 0xbe07c002, + 0xc2325577, + 0x893ff4ec, + 0x5bbfc92d, + 0xd0ec3b25, + 0xb7801ab7, + 0x8d6d3b24, + 0x20c763ef, + 0xc366a5fc, + 0x9c382880, + 0x0ace3205, + 0xaac9548a, + 0xeca1d7c7, + 0x041afa32, + 0x1d16625a, + 0x6701902c, + 0x9b757a54, + 0x31d477f7, + 0x9126b031, + 0x36cc6fdb, + 0xc70b8b46, + 0xd9e66a48, + 0x56e55a79, + 0x026a4ceb, + 0x52437eff, + 0x2f8f76b4, + 0x0df980a5, + 0x8674cde3, + 0xedda04eb, + 0x17a9be04, + 0x2c18f4df, + 0xb7747f9d, + 0xab2af7b4, + 0xefc34d20, + 0x2e096b7c, + 0x1741a254, + 0xe5b6a035, + 0x213d42f6, + 0x2c1c7c26, + 0x61c2f50f, + 0x6552daf9, + 0xd2c231f8, + 0x25130f69, + 0xd8167fa2, + 0x0418f2c8, + 0x001a96a6, + 0x0d1526ab, + 0x63315c21, + 0x5e0a72ec, + 0x49bafefd, + 0x187908d9, + 0x8d0dbd86, + 0x311170a7, + 0x3e9b640c, + 0xcc3e10d7, + 0xd5cad3b6, + 0x0caec388, + 0xf73001e1, + 0x6c728aff, + 0x71eae2a1, + 0x1f9af36e, + 0xcfcbd12f, + 0xc1de8417, + 0xac07be6b, + 0xcb44a1d8, + 0x8b9b0f56, + 0x013988c3, + 0xb1c52fca, + 0xb4be31cd, + 0xd8782806, + 0x12a3a4e2, + 0x6f7de532, + 0x58fd7eb6, + 0xd01ee900, + 0x24adffc2, + 0xf4990fc5, + 0x9711aac5, + 0x001d7b95, + 0x82e5e7d2, + 0x109873f6, + 0x00613096, + 0xc32d9521, + 0xada121ff, + 0x29908415, + 0x7fbb977f, + 0xaf9eb3db, + 0x29c9ed2a, + 0x5ce2a465, + 0xa730f32c, + 0xd0aa3fe8, + 0x8a5cc091, + 0xd49e2ce7, + 0x0ce454a9, + 0xd60acd86, + 0x015f1919, + 0x77079103, + 0xdea03af6, + 0x78a8565e, + 0xdee356df, + 0x21f05cbe, + 0x8b75e387, + 0xb3c50651, + 0xb8a5c3ef, + 0xd8eeb6d2, + 0xe523be77, + 0xc2154529, + 0x2f69efdf, + 0xafe67afb, + 0xf470c4b2, + 0xf3e0eb5b, + 0xd6cc9876, + 0x39e4460c, + 0x1fda8538, + 0x1987832f, + 0xca007367, + 0xa99144f8, + 0x296b299e, + 0x492fc295, + 0x9266beab, + 0xb5676e69, + 0x9bd3ddda, + 0xdf7e052f, + 0xdb25701c, + 0x1b5e51ee, + 0xf65324e6, + 0x6afce36c, + 0x0316cc04, + 0x8644213e, + 0xb7dc59d0, + 0x7965291f, + 0xccd6fd43, + 0x41823979, + 0x932bcdf6, + 0xb657c34d, + 0x4edfd282, + 0x7ae5290c, + 0x3cb9536b, + 0x851e20fe, + 0x9833557e, + 0x13ecf0b0, + 0xd3ffb372, + 0x3f85c5c1, + 0x0aef7ed2, }; const CAST_LONG CAST_S_table4[256] = { - 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, - 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, - 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, - 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, - 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, - 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, - 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, - 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, - 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, - 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, - 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, - 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, - 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, - 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, - 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, - 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, - 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, - 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, - 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, - 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, - 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, - 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, - 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, - 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, - 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, - 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, - 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, - 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, - 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, - 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, - 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, - 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, - 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, - 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, - 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, - 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, - 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, - 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, - 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, - 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, - 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, - 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, - 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, - 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, - 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, - 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, - 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, - 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, - 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, - 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, - 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, - 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, - 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, - 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, - 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, - 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, - 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, - 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, - 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, - 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, - 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, - 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, - 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, - 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4, + 0x7ec90c04, + 0x2c6e74b9, + 0x9b0e66df, + 0xa6337911, + 0xb86a7fff, + 0x1dd358f5, + 0x44dd9d44, + 0x1731167f, + 0x08fbf1fa, + 0xe7f511cc, + 0xd2051b00, + 0x735aba00, + 0x2ab722d8, + 0x386381cb, + 0xacf6243a, + 0x69befd7a, + 0xe6a2e77f, + 0xf0c720cd, + 0xc4494816, + 0xccf5c180, + 0x38851640, + 0x15b0a848, + 0xe68b18cb, + 0x4caadeff, + 0x5f480a01, + 0x0412b2aa, + 0x259814fc, + 0x41d0efe2, + 0x4e40b48d, + 0x248eb6fb, + 0x8dba1cfe, + 0x41a99b02, + 0x1a550a04, + 0xba8f65cb, + 0x7251f4e7, + 0x95a51725, + 0xc106ecd7, + 0x97a5980a, + 0xc539b9aa, + 0x4d79fe6a, + 0xf2f3f763, + 0x68af8040, + 0xed0c9e56, + 0x11b4958b, + 0xe1eb5a88, + 0x8709e6b0, + 0xd7e07156, + 0x4e29fea7, + 0x6366e52d, + 0x02d1c000, + 0xc4ac8e05, + 0x9377f571, + 0x0c05372a, + 0x578535f2, + 0x2261be02, + 0xd642a0c9, + 0xdf13a280, + 0x74b55bd2, + 0x682199c0, + 0xd421e5ec, + 0x53fb3ce8, + 0xc8adedb3, + 0x28a87fc9, + 0x3d959981, + 0x5c1ff900, + 0xfe38d399, + 0x0c4eff0b, + 0x062407ea, + 0xaa2f4fb1, + 0x4fb96976, + 0x90c79505, + 0xb0a8a774, + 0xef55a1ff, + 0xe59ca2c2, + 0xa6b62d27, + 0xe66a4263, + 0xdf65001f, + 0x0ec50966, + 0xdfdd55bc, + 0x29de0655, + 0x911e739a, + 0x17af8975, + 0x32c7911c, + 0x89f89468, + 0x0d01e980, + 0x524755f4, + 0x03b63cc9, + 0x0cc844b2, + 0xbcf3f0aa, + 0x87ac36e9, + 0xe53a7426, + 0x01b3d82b, + 0x1a9e7449, + 0x64ee2d7e, + 0xcddbb1da, + 0x01c94910, + 0xb868bf80, + 0x0d26f3fd, + 0x9342ede7, + 0x04a5c284, + 0x636737b6, + 0x50f5b616, + 0xf24766e3, + 0x8eca36c1, + 0x136e05db, + 0xfef18391, + 0xfb887a37, + 0xd6e7f7d4, + 0xc7fb7dc9, + 0x3063fcdf, + 0xb6f589de, + 0xec2941da, + 0x26e46695, + 0xb7566419, + 0xf654efc5, + 0xd08d58b7, + 0x48925401, + 0xc1bacb7f, + 0xe5ff550f, + 0xb6083049, + 0x5bb5d0e8, + 0x87d72e5a, + 0xab6a6ee1, + 0x223a66ce, + 0xc62bf3cd, + 0x9e0885f9, + 0x68cb3e47, + 0x086c010f, + 0xa21de820, + 0xd18b69de, + 0xf3f65777, + 0xfa02c3f6, + 0x407edac3, + 0xcbb3d550, + 0x1793084d, + 0xb0d70eba, + 0x0ab378d5, + 0xd951fb0c, + 0xded7da56, + 0x4124bbe4, + 0x94ca0b56, + 0x0f5755d1, + 0xe0e1e56e, + 0x6184b5be, + 0x580a249f, + 0x94f74bc0, + 0xe327888e, + 0x9f7b5561, + 0xc3dc0280, + 0x05687715, + 0x646c6bd7, + 0x44904db3, + 0x66b4f0a3, + 0xc0f1648a, + 0x697ed5af, + 0x49e92ff6, + 0x309e374f, + 0x2cb6356a, + 0x85808573, + 0x4991f840, + 0x76f0ae02, + 0x083be84d, + 0x28421c9a, + 0x44489406, + 0x736e4cb8, + 0xc1092910, + 0x8bc95fc6, + 0x7d869cf4, + 0x134f616f, + 0x2e77118d, + 0xb31b2be1, + 0xaa90b472, + 0x3ca5d717, + 0x7d161bba, + 0x9cad9010, + 0xaf462ba2, + 0x9fe459d2, + 0x45d34559, + 0xd9f2da13, + 0xdbc65487, + 0xf3e4f94e, + 0x176d486f, + 0x097c13ea, + 0x631da5c7, + 0x445f7382, + 0x175683f4, + 0xcdc66a97, + 0x70be0288, + 0xb3cdcf72, + 0x6e5dd2f3, + 0x20936079, + 0x459b80a5, + 0xbe60e2db, + 0xa9c23101, + 0xeba5315c, + 0x224e42f2, + 0x1c5c1572, + 0xf6721b2c, + 0x1ad2fff3, + 0x8c25404e, + 0x324ed72f, + 0x4067b7fd, + 0x0523138e, + 0x5ca3bc78, + 0xdc0fd66e, + 0x75922283, + 0x784d6b17, + 0x58ebb16e, + 0x44094f85, + 0x3f481d87, + 0xfcfeae7b, + 0x77b5ff76, + 0x8c2302bf, + 0xaaf47556, + 0x5f46b02a, + 0x2b092801, + 0x3d38f5f7, + 0x0ca81f36, + 0x52af4a8a, + 0x66d5e7c0, + 0xdf3b0874, + 0x95055110, + 0x1b5ad7a8, + 0xf61ed5ad, + 0x6cf6e479, + 0x20758184, + 0xd0cefa65, + 0x88f7be58, + 0x4a046826, + 0x0ff6f8f3, + 0xa09c7f70, + 0x5346aba0, + 0x5ce96c28, + 0xe176eda3, + 0x6bac307f, + 0x376829d2, + 0x85360fa9, + 0x17e3fe2a, + 0x24b79767, + 0xf5a96b20, + 0xd6cd2595, + 0x68ff1ebf, + 0x7555442c, + 0xf19f06be, + 0xf9e0659a, + 0xeeb9491d, + 0x34010718, + 0xbb30cab8, + 0xe822fe15, + 0x88570983, + 0x750e6249, + 0xda627e55, + 0x5e76ffa8, + 0xb1534546, + 0x6d47de08, + 0xefe9e7d4, }; const CAST_LONG CAST_S_table5[256] = { - 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, - 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, - 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, - 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, - 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, - 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, - 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, - 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, - 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, - 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, - 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, - 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, - 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, - 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, - 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, - 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, - 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, - 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, - 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, - 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, - 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, - 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, - 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, - 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, - 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, - 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, - 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, - 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, - 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, - 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, - 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, - 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, - 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, - 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, - 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, - 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, - 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, - 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, - 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, - 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, - 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, - 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, - 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, - 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, - 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, - 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, - 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, - 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, - 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, - 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, - 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, - 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, - 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, - 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, - 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, - 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, - 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, - 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, - 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, - 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, - 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, - 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, - 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, - 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f, + 0xf6fa8f9d, + 0x2cac6ce1, + 0x4ca34867, + 0xe2337f7c, + 0x95db08e7, + 0x016843b4, + 0xeced5cbc, + 0x325553ac, + 0xbf9f0960, + 0xdfa1e2ed, + 0x83f0579d, + 0x63ed86b9, + 0x1ab6a6b8, + 0xde5ebe39, + 0xf38ff732, + 0x8989b138, + 0x33f14961, + 0xc01937bd, + 0xf506c6da, + 0xe4625e7e, + 0xa308ea99, + 0x4e23e33c, + 0x79cbd7cc, + 0x48a14367, + 0xa3149619, + 0xfec94bd5, + 0xa114174a, + 0xeaa01866, + 0xa084db2d, + 0x09a8486f, + 0xa888614a, + 0x2900af98, + 0x01665991, + 0xe1992863, + 0xc8f30c60, + 0x2e78ef3c, + 0xd0d51932, + 0xcf0fec14, + 0xf7ca07d2, + 0xd0a82072, + 0xfd41197e, + 0x9305a6b0, + 0xe86be3da, + 0x74bed3cd, + 0x372da53c, + 0x4c7f4448, + 0xdab5d440, + 0x6dba0ec3, + 0x083919a7, + 0x9fbaeed9, + 0x49dbcfb0, + 0x4e670c53, + 0x5c3d9c01, + 0x64bdb941, + 0x2c0e636a, + 0xba7dd9cd, + 0xea6f7388, + 0xe70bc762, + 0x35f29adb, + 0x5c4cdd8d, + 0xf0d48d8c, + 0xb88153e2, + 0x08a19866, + 0x1ae2eac8, + 0x284caf89, + 0xaa928223, + 0x9334be53, + 0x3b3a21bf, + 0x16434be3, + 0x9aea3906, + 0xefe8c36e, + 0xf890cdd9, + 0x80226dae, + 0xc340a4a3, + 0xdf7e9c09, + 0xa694a807, + 0x5b7c5ecc, + 0x221db3a6, + 0x9a69a02f, + 0x68818a54, + 0xceb2296f, + 0x53c0843a, + 0xfe893655, + 0x25bfe68a, + 0xb4628abc, + 0xcf222ebf, + 0x25ac6f48, + 0xa9a99387, + 0x53bddb65, + 0xe76ffbe7, + 0xe967fd78, + 0x0ba93563, + 0x8e342bc1, + 0xe8a11be9, + 0x4980740d, + 0xc8087dfc, + 0x8de4bf99, + 0xa11101a0, + 0x7fd37975, + 0xda5a26c0, + 0xe81f994f, + 0x9528cd89, + 0xfd339fed, + 0xb87834bf, + 0x5f04456d, + 0x22258698, + 0xc9c4c83b, + 0x2dc156be, + 0x4f628daa, + 0x57f55ec5, + 0xe2220abe, + 0xd2916ebf, + 0x4ec75b95, + 0x24f2c3c0, + 0x42d15d99, + 0xcd0d7fa0, + 0x7b6e27ff, + 0xa8dc8af0, + 0x7345c106, + 0xf41e232f, + 0x35162386, + 0xe6ea8926, + 0x3333b094, + 0x157ec6f2, + 0x372b74af, + 0x692573e4, + 0xe9a9d848, + 0xf3160289, + 0x3a62ef1d, + 0xa787e238, + 0xf3a5f676, + 0x74364853, + 0x20951063, + 0x4576698d, + 0xb6fad407, + 0x592af950, + 0x36f73523, + 0x4cfb6e87, + 0x7da4cec0, + 0x6c152daa, + 0xcb0396a8, + 0xc50dfe5d, + 0xfcd707ab, + 0x0921c42f, + 0x89dff0bb, + 0x5fe2be78, + 0x448f4f33, + 0x754613c9, + 0x2b05d08d, + 0x48b9d585, + 0xdc049441, + 0xc8098f9b, + 0x7dede786, + 0xc39a3373, + 0x42410005, + 0x6a091751, + 0x0ef3c8a6, + 0x890072d6, + 0x28207682, + 0xa9a9f7be, + 0xbf32679d, + 0xd45b5b75, + 0xb353fd00, + 0xcbb0e358, + 0x830f220a, + 0x1f8fb214, + 0xd372cf08, + 0xcc3c4a13, + 0x8cf63166, + 0x061c87be, + 0x88c98f88, + 0x6062e397, + 0x47cf8e7a, + 0xb6c85283, + 0x3cc2acfb, + 0x3fc06976, + 0x4e8f0252, + 0x64d8314d, + 0xda3870e3, + 0x1e665459, + 0xc10908f0, + 0x513021a5, + 0x6c5b68b7, + 0x822f8aa0, + 0x3007cd3e, + 0x74719eef, + 0xdc872681, + 0x073340d4, + 0x7e432fd9, + 0x0c5ec241, + 0x8809286c, + 0xf592d891, + 0x08a930f6, + 0x957ef305, + 0xb7fbffbd, + 0xc266e96f, + 0x6fe4ac98, + 0xb173ecc0, + 0xbc60b42a, + 0x953498da, + 0xfba1ae12, + 0x2d4bd736, + 0x0f25faab, + 0xa4f3fceb, + 0xe2969123, + 0x257f0c3d, + 0x9348af49, + 0x361400bc, + 0xe8816f4a, + 0x3814f200, + 0xa3f94043, + 0x9c7a54c2, + 0xbc704f57, + 0xda41e7f9, + 0xc25ad33a, + 0x54f4a084, + 0xb17f5505, + 0x59357cbe, + 0xedbd15c8, + 0x7f97c5ab, + 0xba5ac7b5, + 0xb6f6deaf, + 0x3a479c3a, + 0x5302da25, + 0x653d7e6a, + 0x54268d49, + 0x51a477ea, + 0x5017d55b, + 0xd7d25d88, + 0x44136c76, + 0x0404a8c8, + 0xb8e5a121, + 0xb81a928a, + 0x60ed5869, + 0x97c55b96, + 0xeaec991b, + 0x29935913, + 0x01fdb7f1, + 0x088e8dfa, + 0x9ab6f6f5, + 0x3b4cbf9f, + 0x4a5de3ab, + 0xe6051d35, + 0xa0e1d855, + 0xd36b4cf1, + 0xf544edeb, + 0xb0e93524, + 0xbebb8fbd, + 0xa2d762cf, + 0x49c92f54, + 0x38b5f331, + 0x7128a454, + 0x48392905, + 0xa65b1db8, + 0x851c97bd, + 0xd675cf2f, }; const CAST_LONG CAST_S_table6[256] = { - 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, - 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, - 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, - 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, - 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, - 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, - 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, - 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, - 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, - 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, - 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, - 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, - 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, - 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, - 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, - 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, - 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, - 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, - 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, - 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, - 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, - 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, - 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, - 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, - 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, - 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, - 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, - 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, - 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, - 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, - 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, - 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, - 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, - 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, - 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, - 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, - 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, - 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, - 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, - 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, - 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, - 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, - 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, - 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, - 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, - 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, - 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, - 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, - 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, - 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, - 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, - 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, - 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, - 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, - 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, - 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, - 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, - 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, - 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, - 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, - 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, - 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, - 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, - 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3, + 0x85e04019, + 0x332bf567, + 0x662dbfff, + 0xcfc65693, + 0x2a8d7f6f, + 0xab9bc912, + 0xde6008a1, + 0x2028da1f, + 0x0227bce7, + 0x4d642916, + 0x18fac300, + 0x50f18b82, + 0x2cb2cb11, + 0xb232e75c, + 0x4b3695f2, + 0xb28707de, + 0xa05fbcf6, + 0xcd4181e9, + 0xe150210c, + 0xe24ef1bd, + 0xb168c381, + 0xfde4e789, + 0x5c79b0d8, + 0x1e8bfd43, + 0x4d495001, + 0x38be4341, + 0x913cee1d, + 0x92a79c3f, + 0x089766be, + 0xbaeeadf4, + 0x1286becf, + 0xb6eacb19, + 0x2660c200, + 0x7565bde4, + 0x64241f7a, + 0x8248dca9, + 0xc3b3ad66, + 0x28136086, + 0x0bd8dfa8, + 0x356d1cf2, + 0x107789be, + 0xb3b2e9ce, + 0x0502aa8f, + 0x0bc0351e, + 0x166bf52a, + 0xeb12ff82, + 0xe3486911, + 0xd34d7516, + 0x4e7b3aff, + 0x5f43671b, + 0x9cf6e037, + 0x4981ac83, + 0x334266ce, + 0x8c9341b7, + 0xd0d854c0, + 0xcb3a6c88, + 0x47bc2829, + 0x4725ba37, + 0xa66ad22b, + 0x7ad61f1e, + 0x0c5cbafa, + 0x4437f107, + 0xb6e79962, + 0x42d2d816, + 0x0a961288, + 0xe1a5c06e, + 0x13749e67, + 0x72fc081a, + 0xb1d139f7, + 0xf9583745, + 0xcf19df58, + 0xbec3f756, + 0xc06eba30, + 0x07211b24, + 0x45c28829, + 0xc95e317f, + 0xbc8ec511, + 0x38bc46e9, + 0xc6e6fa14, + 0xbae8584a, + 0xad4ebc46, + 0x468f508b, + 0x7829435f, + 0xf124183b, + 0x821dba9f, + 0xaff60ff4, + 0xea2c4e6d, + 0x16e39264, + 0x92544a8b, + 0x009b4fc3, + 0xaba68ced, + 0x9ac96f78, + 0x06a5b79a, + 0xb2856e6e, + 0x1aec3ca9, + 0xbe838688, + 0x0e0804e9, + 0x55f1be56, + 0xe7e5363b, + 0xb3a1f25d, + 0xf7debb85, + 0x61fe033c, + 0x16746233, + 0x3c034c28, + 0xda6d0c74, + 0x79aac56c, + 0x3ce4e1ad, + 0x51f0c802, + 0x98f8f35a, + 0x1626a49f, + 0xeed82b29, + 0x1d382fe3, + 0x0c4fb99a, + 0xbb325778, + 0x3ec6d97b, + 0x6e77a6a9, + 0xcb658b5c, + 0xd45230c7, + 0x2bd1408b, + 0x60c03eb7, + 0xb9068d78, + 0xa33754f4, + 0xf430c87d, + 0xc8a71302, + 0xb96d8c32, + 0xebd4e7be, + 0xbe8b9d2d, + 0x7979fb06, + 0xe7225308, + 0x8b75cf77, + 0x11ef8da4, + 0xe083c858, + 0x8d6b786f, + 0x5a6317a6, + 0xfa5cf7a0, + 0x5dda0033, + 0xf28ebfb0, + 0xf5b9c310, + 0xa0eac280, + 0x08b9767a, + 0xa3d9d2b0, + 0x79d34217, + 0x021a718d, + 0x9ac6336a, + 0x2711fd60, + 0x438050e3, + 0x069908a8, + 0x3d7fedc4, + 0x826d2bef, + 0x4eeb8476, + 0x488dcf25, + 0x36c9d566, + 0x28e74e41, + 0xc2610aca, + 0x3d49a9cf, + 0xbae3b9df, + 0xb65f8de6, + 0x92aeaf64, + 0x3ac7d5e6, + 0x9ea80509, + 0xf22b017d, + 0xa4173f70, + 0xdd1e16c3, + 0x15e0d7f9, + 0x50b1b887, + 0x2b9f4fd5, + 0x625aba82, + 0x6a017962, + 0x2ec01b9c, + 0x15488aa9, + 0xd716e740, + 0x40055a2c, + 0x93d29a22, + 0xe32dbf9a, + 0x058745b9, + 0x3453dc1e, + 0xd699296e, + 0x496cff6f, + 0x1c9f4986, + 0xdfe2ed07, + 0xb87242d1, + 0x19de7eae, + 0x053e561a, + 0x15ad6f8c, + 0x66626c1c, + 0x7154c24c, + 0xea082b2a, + 0x93eb2939, + 0x17dcb0f0, + 0x58d4f2ae, + 0x9ea294fb, + 0x52cf564c, + 0x9883fe66, + 0x2ec40581, + 0x763953c3, + 0x01d6692e, + 0xd3a0c108, + 0xa1e7160e, + 0xe4f2dfa6, + 0x693ed285, + 0x74904698, + 0x4c2b0edd, + 0x4f757656, + 0x5d393378, + 0xa132234f, + 0x3d321c5d, + 0xc3f5e194, + 0x4b269301, + 0xc79f022f, + 0x3c997e7e, + 0x5e4f9504, + 0x3ffafbbd, + 0x76f7ad0e, + 0x296693f4, + 0x3d1fce6f, + 0xc61e45be, + 0xd3b5ab34, + 0xf72bf9b7, + 0x1b0434c0, + 0x4e72b567, + 0x5592a33d, + 0xb5229301, + 0xcfd2a87f, + 0x60aeb767, + 0x1814386b, + 0x30bcc33d, + 0x38a0c07d, + 0xfd1606f2, + 0xc363519b, + 0x589dd390, + 0x5479f8e6, + 0x1cb8d647, + 0x97fd61a9, + 0xea7759f4, + 0x2d57539d, + 0x569a58cf, + 0xe84e63ad, + 0x462e1b78, + 0x6580f87e, + 0xf3817914, + 0x91da55f4, + 0x40a230f3, + 0xd1988f35, + 0xb6e318d2, + 0x3ffa50bc, + 0x3d40f021, + 0xc3c0bdae, + 0x4958c24c, + 0x518f36b2, + 0x84b1d370, + 0x0fedce83, + 0x878ddada, + 0xf2a279c7, + 0x94e01be8, + 0x90716f4b, + 0x954b8aa3, }; const CAST_LONG CAST_S_table7[256] = { - 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, - 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, - 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, - 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, - 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, - 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, - 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, - 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, - 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, - 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, - 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, - 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, - 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, - 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, - 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, - 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, - 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, - 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, - 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, - 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, - 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, - 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, - 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, - 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, - 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, - 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, - 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, - 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, - 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, - 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, - 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, - 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, - 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, - 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, - 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, - 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, - 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, - 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, - 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, - 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, - 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, - 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, - 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, - 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, - 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, - 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, - 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, - 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, - 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, - 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, - 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, - 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, - 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, - 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, - 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, - 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, - 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, - 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, - 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, - 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, - 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, - 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, - 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, - 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e, + 0xe216300d, + 0xbbddfffc, + 0xa7ebdabd, + 0x35648095, + 0x7789f8b7, + 0xe6c1121b, + 0x0e241600, + 0x052ce8b5, + 0x11a9cfb0, + 0xe5952f11, + 0xece7990a, + 0x9386d174, + 0x2a42931c, + 0x76e38111, + 0xb12def3a, + 0x37ddddfc, + 0xde9adeb1, + 0x0a0cc32c, + 0xbe197029, + 0x84a00940, + 0xbb243a0f, + 0xb4d137cf, + 0xb44e79f0, + 0x049eedfd, + 0x0b15a15d, + 0x480d3168, + 0x8bbbde5a, + 0x669ded42, + 0xc7ece831, + 0x3f8f95e7, + 0x72df191b, + 0x7580330d, + 0x94074251, + 0x5c7dcdfa, + 0xabbe6d63, + 0xaa402164, + 0xb301d40a, + 0x02e7d1ca, + 0x53571dae, + 0x7a3182a2, + 0x12a8ddec, + 0xfdaa335d, + 0x176f43e8, + 0x71fb46d4, + 0x38129022, + 0xce949ad4, + 0xb84769ad, + 0x965bd862, + 0x82f3d055, + 0x66fb9767, + 0x15b80b4e, + 0x1d5b47a0, + 0x4cfde06f, + 0xc28ec4b8, + 0x57e8726e, + 0x647a78fc, + 0x99865d44, + 0x608bd593, + 0x6c200e03, + 0x39dc5ff6, + 0x5d0b00a3, + 0xae63aff2, + 0x7e8bd632, + 0x70108c0c, + 0xbbd35049, + 0x2998df04, + 0x980cf42a, + 0x9b6df491, + 0x9e7edd53, + 0x06918548, + 0x58cb7e07, + 0x3b74ef2e, + 0x522fffb1, + 0xd24708cc, + 0x1c7e27cd, + 0xa4eb215b, + 0x3cf1d2e2, + 0x19b47a38, + 0x424f7618, + 0x35856039, + 0x9d17dee7, + 0x27eb35e6, + 0xc9aff67b, + 0x36baf5b8, + 0x09c467cd, + 0xc18910b1, + 0xe11dbf7b, + 0x06cd1af8, + 0x7170c608, + 0x2d5e3354, + 0xd4de495a, + 0x64c6d006, + 0xbcc0c62c, + 0x3dd00db3, + 0x708f8f34, + 0x77d51b42, + 0x264f620f, + 0x24b8d2bf, + 0x15c1b79e, + 0x46a52564, + 0xf8d7e54e, + 0x3e378160, + 0x7895cda5, + 0x859c15a5, + 0xe6459788, + 0xc37bc75f, + 0xdb07ba0c, + 0x0676a3ab, + 0x7f229b1e, + 0x31842e7b, + 0x24259fd7, + 0xf8bef472, + 0x835ffcb8, + 0x6df4c1f2, + 0x96f5b195, + 0xfd0af0fc, + 0xb0fe134c, + 0xe2506d3d, + 0x4f9b12ea, + 0xf215f225, + 0xa223736f, + 0x9fb4c428, + 0x25d04979, + 0x34c713f8, + 0xc4618187, + 0xea7a6e98, + 0x7cd16efc, + 0x1436876c, + 0xf1544107, + 0xbedeee14, + 0x56e9af27, + 0xa04aa441, + 0x3cf7c899, + 0x92ecbae6, + 0xdd67016d, + 0x151682eb, + 0xa842eedf, + 0xfdba60b4, + 0xf1907b75, + 0x20e3030f, + 0x24d8c29e, + 0xe139673b, + 0xefa63fb8, + 0x71873054, + 0xb6f2cf3b, + 0x9f326442, + 0xcb15a4cc, + 0xb01a4504, + 0xf1e47d8d, + 0x844a1be5, + 0xbae7dfdc, + 0x42cbda70, + 0xcd7dae0a, + 0x57e85b7a, + 0xd53f5af6, + 0x20cf4d8c, + 0xcea4d428, + 0x79d130a4, + 0x3486ebfb, + 0x33d3cddc, + 0x77853b53, + 0x37effcb5, + 0xc5068778, + 0xe580b3e6, + 0x4e68b8f4, + 0xc5c8b37e, + 0x0d809ea2, + 0x398feb7c, + 0x132a4f94, + 0x43b7950e, + 0x2fee7d1c, + 0x223613bd, + 0xdd06caa2, + 0x37df932b, + 0xc4248289, + 0xacf3ebc3, + 0x5715f6b7, + 0xef3478dd, + 0xf267616f, + 0xc148cbe4, + 0x9052815e, + 0x5e410fab, + 0xb48a2465, + 0x2eda7fa4, + 0xe87b40e4, + 0xe98ea084, + 0x5889e9e1, + 0xefd390fc, + 0xdd07d35b, + 0xdb485694, + 0x38d7e5b2, + 0x57720101, + 0x730edebc, + 0x5b643113, + 0x94917e4f, + 0x503c2fba, + 0x646f1282, + 0x7523d24a, + 0xe0779695, + 0xf9c17a8f, + 0x7a5b2121, + 0xd187b896, + 0x29263a4d, + 0xba510cdf, + 0x81f47c9f, + 0xad1163ed, + 0xea7b5965, + 0x1a00726e, + 0x11403092, + 0x00da6d77, + 0x4a0cdd61, + 0xad1f4603, + 0x605bdfb0, + 0x9eedc364, + 0x22ebe6a8, + 0xcee7d28a, + 0xa0e736a0, + 0x5564a6b9, + 0x10853209, + 0xc7eb8f37, + 0x2de705ca, + 0x8951570f, + 0xdf09822b, + 0xbd691a6c, + 0xaa12e4f2, + 0x87451c0f, + 0xe0f6a27a, + 0x3ada4819, + 0x4cf1764f, + 0x0d771c2b, + 0x67cdb156, + 0x350d8384, + 0x5938fa0f, + 0x42399ef3, + 0x36997b07, + 0x0e84093d, + 0x4aa93e61, + 0x8360d87b, + 0x1fa98b0c, + 0x1149382c, + 0xe97625a5, + 0x0614d1b7, + 0x0e25244b, + 0x0c768347, + 0x589e8d82, + 0x0d2059d1, + 0xa466bb1e, + 0xf8da0a82, + 0x04f19130, + 0xba6e4ec0, + 0x99265164, + 0x1ee7230d, + 0x50b2ad80, + 0xeaee6801, + 0x8db2a283, + 0xea8bf59e, }; --- crypto/openssl/crypto/chacha/chacha_enc.c.orig +++ crypto/openssl/crypto/chacha/chacha_enc.c @@ -22,21 +22,22 @@ u8 c[64]; } chacha_buf; -# define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n)))) +#define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n)))) -# define U32TO8_LITTLE(p, v) do { \ - (p)[0] = (u8)(v >> 0); \ - (p)[1] = (u8)(v >> 8); \ - (p)[2] = (u8)(v >> 16); \ - (p)[3] = (u8)(v >> 24); \ - } while(0) +#define U32TO8_LITTLE(p, v) \ + do { \ + (p)[0] = (u8)(v >> 0); \ + (p)[1] = (u8)(v >> 8); \ + (p)[2] = (u8)(v >> 16); \ + (p)[3] = (u8)(v >> 24); \ + } while (0) /* QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round. */ -# define QUARTERROUND(a,b,c,d) ( \ - x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]),16), \ - x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]),12), \ - x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]), 8), \ - x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]), 7) ) +#define QUARTERROUND(a, b, c, d) ( \ + x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]), 16), \ + x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]), 12), \ + x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]), 8), \ + x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]), 7)) /* chacha_core performs 20 rounds of ChaCha on the input words in * |input| and writes the 64 output bytes to |output|. */ @@ -69,8 +70,8 @@ } void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]) + size_t len, const unsigned int key[8], + const unsigned int counter[4]) { u32 input[16]; chacha_buf buf; @@ -78,17 +79,17 @@ /* sigma constant "expand 32-byte k" in little-endian encoding */ input[0] = ((u32)ossl_toascii('e')) | ((u32)ossl_toascii('x') << 8) - | ((u32)ossl_toascii('p') << 16) - | ((u32)ossl_toascii('a') << 24); + | ((u32)ossl_toascii('p') << 16) + | ((u32)ossl_toascii('a') << 24); input[1] = ((u32)ossl_toascii('n')) | ((u32)ossl_toascii('d') << 8) - | ((u32)ossl_toascii(' ') << 16) - | ((u32)ossl_toascii('3') << 24); + | ((u32)ossl_toascii(' ') << 16) + | ((u32)ossl_toascii('3') << 24); input[2] = ((u32)ossl_toascii('2')) | ((u32)ossl_toascii('-') << 8) - | ((u32)ossl_toascii('b') << 16) - | ((u32)ossl_toascii('y') << 24); + | ((u32)ossl_toascii('b') << 16) + | ((u32)ossl_toascii('y') << 24); input[3] = ((u32)ossl_toascii('t')) | ((u32)ossl_toascii('e') << 8) - | ((u32)ossl_toascii(' ') << 16) - | ((u32)ossl_toascii('k') << 24); + | ((u32)ossl_toascii(' ') << 16) + | ((u32)ossl_toascii('k') << 24); input[4] = key[0]; input[5] = key[1]; --- crypto/openssl/crypto/chacha/chacha_ppc.c.orig +++ crypto/openssl/crypto/chacha/chacha_ppc.c @@ -15,21 +15,21 @@ #include "crypto/ppc_arch.h" void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); + size_t len, const unsigned int key[8], + const unsigned int counter[4]); void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); + size_t len, const unsigned int key[8], + const unsigned int counter[4]); void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); + size_t len, const unsigned int key[8], + const unsigned int counter[4]); void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]) + size_t len, const unsigned int key[8], + const unsigned int counter[4]) { - OPENSSL_ppccap_P & PPC_CRYPTO207 + OPENSSL_ppccap_P &PPC_CRYPTO207 ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) - : OPENSSL_ppccap_P & PPC_ALTIVEC - ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) - : ChaCha20_ctr32_int(out, inp, len, key, counter); + : OPENSSL_ppccap_P &PPC_ALTIVEC + ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) + : ChaCha20_ctr32_int(out, inp, len, key, counter); } --- crypto/openssl/crypto/cmac/cmac.c.orig +++ crypto/openssl/crypto/cmac/cmac.c @@ -109,7 +109,7 @@ } int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, - const EVP_CIPHER *cipher, ENGINE *impl) + const EVP_CIPHER *cipher, ENGINE *impl) { static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 }; @@ -200,7 +200,6 @@ memcpy(ctx->last_block, data, dlen); ctx->nlast_block = dlen; return 1; - } int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) --- crypto/openssl/crypto/cmp/cmp_asn.c.orig +++ crypto/openssl/crypto/cmp/cmp_asn.c @@ -28,7 +28,6 @@ } ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) - ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = { ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR), ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING), @@ -36,19 +35,14 @@ } ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE) +ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) +ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT) - ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = { /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509), @@ -59,7 +53,6 @@ } ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) - ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI), ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER), @@ -69,59 +62,56 @@ * */ ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, - ASN1_UTF8STRING) + ASN1_UTF8STRING) } ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV, - infoValue.other, - ASN1_ANY); + infoValue.other, + ASN1_ANY); /* ITAV means InfoTypeAndValue */ ASN1_ADB(OSSL_CMP_ITAV) = { /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, - infoValue.caProtEncCert, X509)), + ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, infoValue.caProtEncCert, X509)), ADB_ENTRY(NID_id_it_signKeyPairTypes, - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, - infoValue.signKeyPairTypes, X509_ALGOR)), + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, + infoValue.signKeyPairTypes, X509_ALGOR)), ADB_ENTRY(NID_id_it_encKeyPairTypes, - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, - infoValue.encKeyPairTypes, X509_ALGOR)), + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, + infoValue.encKeyPairTypes, X509_ALGOR)), ADB_ENTRY(NID_id_it_preferredSymmAlg, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg, - X509_ALGOR)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg, + X509_ALGOR)), ADB_ENTRY(NID_id_it_caKeyUpdateInfo, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo, - OSSL_CMP_CAKEYUPDANNCONTENT)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo, + OSSL_CMP_CAKEYUPDANNCONTENT)), ADB_ENTRY(NID_id_it_currentCRL, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)), ADB_ENTRY(NID_id_it_unsupportedOIDs, - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, - infoValue.unsupportedOIDs, ASN1_OBJECT)), + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, + infoValue.unsupportedOIDs, ASN1_OBJECT)), ADB_ENTRY(NID_id_it_keyPairParamReq, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq, - ASN1_OBJECT)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq, + ASN1_OBJECT)), ADB_ENTRY(NID_id_it_keyPairParamRep, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep, - X509_ALGOR)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep, + X509_ALGOR)), ADB_ENTRY(NID_id_it_revPassphrase, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase, - OSSL_CRMF_ENCRYPTEDVALUE)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase, + OSSL_CRMF_ENCRYPTEDVALUE)), ADB_ENTRY(NID_id_it_implicitConfirm, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm, - ASN1_NULL)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm, + ASN1_NULL)), ADB_ENTRY(NID_id_it_confirmWaitTime, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime, - ASN1_GENERALIZEDTIME)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime, + ASN1_GENERALIZEDTIME)), ADB_ENTRY(NID_id_it_origPKIMessage, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage, - OSSL_CMP_MSGS)), + ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage, + OSSL_CMP_MSGS)), ADB_ENTRY(NID_id_it_suppLangTags, - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue, - ASN1_UTF8STRING)), -} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, - &infotypeandvalue_default_tt, NULL); - + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue, + ASN1_UTF8STRING)), +} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, &infotypeandvalue_default_tt, NULL); ASN1_SEQUENCE(OSSL_CMP_ITAV) = { ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT), @@ -141,7 +131,7 @@ } void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, - ASN1_TYPE *value) + ASN1_TYPE *value) { itav->infoType = type; itav->infoValue.other = value; @@ -162,7 +152,7 @@ } int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, - OSSL_CMP_ITAV *itav) + OSSL_CMP_ITAV *itav) { int created = 0; @@ -180,7 +170,7 @@ goto err; return 1; - err: +err: if (created != 0) { sk_OSSL_CMP_ITAV_free(*itav_sk_p); *itav_sk_p = NULL; @@ -209,7 +199,7 @@ } static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval, - const ASN1_ITEM *it, void *exarg) + const ASN1_ITEM *it, void *exarg) { OSSL_CMP_MSG *msg = (OSSL_CMP_MSG *)*pval; @@ -218,28 +208,22 @@ OPENSSL_free(msg->propq); break; - case ASN1_OP_DUP_POST: - { - OSSL_CMP_MSG *old = exarg; + case ASN1_OP_DUP_POST: { + OSSL_CMP_MSG *old = exarg; - if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq)) - return 0; - } - break; - case ASN1_OP_GET0_LIBCTX: - { - OSSL_LIB_CTX **libctx = exarg; + if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq)) + return 0; + } break; + case ASN1_OP_GET0_LIBCTX: { + OSSL_LIB_CTX **libctx = exarg; - *libctx = msg->libctx; - } - break; - case ASN1_OP_GET0_PROPQ: - { - const char **propq = exarg; + *libctx = msg->libctx; + } break; + case ASN1_OP_GET0_PROPQ: { + const char **propq = exarg; - *propq = msg->propq; - } - break; + *propq = msg->propq; + } break; default: break; } @@ -251,56 +235,48 @@ /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert, - OSSL_CRMF_ENCRYPTEDVALUE, 1), + OSSL_CRMF_ENCRYPTEDVALUE, 1), } ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) - ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = { ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert, - OSSL_CMP_CERTORENCCERT), + OSSL_CMP_CERTORENCCERT), ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey, - OSSL_CRMF_ENCRYPTEDVALUE, 0), + OSSL_CRMF_ENCRYPTEDVALUE, 0), ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo, - OSSL_CRMF_PKIPUBLICATIONINFO, 1) + OSSL_CRMF_PKIPUBLICATIONINFO, 1) } ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) - ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = { ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE), ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS) } ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT, - OSSL_CMP_REVDETAILS) +ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT, + OSSL_CMP_REVDETAILS) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT) - ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = { ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI), ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID, - 0), + 0), ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1) } ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) - ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = { ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI), ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0), ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1), ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist, - OSSL_CMP_CERTIFIEDKEYPAIR, 2) + OSSL_CMP_CERTIFIEDKEYPAIR, 2) } ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) +ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS) ASN1_SEQUENCE(OSSL_CMP_PKISI) = { @@ -325,16 +301,15 @@ } ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) -ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT, - OSSL_CMP_CERTSTATUS) +ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT, + OSSL_CMP_CERTSTATUS) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT) ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = { ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER), ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI), ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair, - OSSL_CMP_CERTIFIEDKEYPAIR), + OSSL_CMP_CERTIFIEDKEYPAIR), ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) @@ -344,9 +319,8 @@ } ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) -ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT, - OSSL_CMP_POLLREQ) +ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT, + OSSL_CMP_POLLREQ) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT) ASN1_SEQUENCE(OSSL_CMP_POLLREP) = { @@ -356,10 +330,9 @@ } ASN1_SEQUENCE_END(OSSL_CMP_POLLREP) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) -ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CMP_POLLREPCONTENT, - OSSL_CMP_POLLREP) +ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CMP_POLLREPCONTENT, + OSSL_CMP_POLLREP) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT) ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = { @@ -369,19 +342,16 @@ } ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) -ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT, - OSSL_CMP_ITAV) +ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT, + OSSL_CMP_ITAV) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT) -ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT, - OSSL_CMP_ITAV) +ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT, + OSSL_CMP_ITAV) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT) -ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CMP_CRLANNCONTENT, X509_CRL) +ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CMP_CRLANNCONTENT, X509_CRL) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT) ASN1_CHOICE(OSSL_CMP_PKIBODY) = { @@ -391,9 +361,9 @@ ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3), ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4), ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, - OSSL_CMP_POPODECKEYCHALLCONTENT, 5), + OSSL_CMP_POPODECKEYCHALLCONTENT, 5), ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, - OSSL_CMP_POPODECKEYRESPCONTENT, 6), + OSSL_CMP_POPODECKEYRESPCONTENT, 6), ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7), ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8), ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9), @@ -434,7 +404,7 @@ */ ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7), ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo, - OSSL_CMP_ITAV, 8) + OSSL_CMP_ITAV, 8) } ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) @@ -453,7 +423,6 @@ } ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) -ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS, - OSSL_CMP_MSG) +ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS, + OSSL_CMP_MSG) ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS) --- crypto/openssl/crypto/cmp/cmp_client.c.orig +++ crypto/openssl/crypto/cmp/cmp_client.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -22,7 +22,7 @@ #include #define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \ - || (t) == OSSL_CMP_PKIBODY_KUP) + || (t) == OSSL_CMP_PKIBODY_KUP) /*- * Evaluate whether there's an exception (violating the standard) configured for @@ -30,9 +30,9 @@ * Returns 1 on acceptance, 0 on rejection, or -1 on (internal) error. */ static int unprotected_exception(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *rep, - int invalid_protection, - int expected_type /* ignored here */) + const OSSL_CMP_MSG *rep, + int invalid_protection, + int expected_type /* ignored here */) { int rcvd_type = OSSL_CMP_MSG_get_bodytype(rep /* may be NULL */); const char *msg_type = NULL; @@ -47,18 +47,16 @@ case OSSL_CMP_PKIBODY_ERROR: msg_type = "error response"; break; - case OSSL_CMP_PKIBODY_RP: - { - OSSL_CMP_PKISI *si = - ossl_cmp_revrepcontent_get_pkisi(rep->body->value.rp, - OSSL_CMP_REVREQSID); - - if (si == NULL) - return -1; - if (ossl_cmp_pkisi_get_status(si) == OSSL_CMP_PKISTATUS_rejection) - msg_type = "revocation response message with rejection status"; - break; - } + case OSSL_CMP_PKIBODY_RP: { + OSSL_CMP_PKISI *si = ossl_cmp_revrepcontent_get_pkisi(rep->body->value.rp, + OSSL_CMP_REVREQSID); + + if (si == NULL) + return -1; + if (ossl_cmp_pkisi_get_status(si) == OSSL_CMP_PKISTATUS_rejection) + msg_type = "revocation response message with rejection status"; + break; + } case OSSL_CMP_PKIBODY_PKICONF: msg_type = "PKI Confirmation message"; break; @@ -66,8 +64,7 @@ if (IS_CREP(rcvd_type)) { int any_rid = OSSL_CMP_CERTREQID_NONE; OSSL_CMP_CERTREPMESSAGE *crepmsg = rep->body->value.ip; - OSSL_CMP_CERTRESPONSE *crep = - ossl_cmp_certrepmessage_get0_certresponse(crepmsg, any_rid); + OSSL_CMP_CERTRESPONSE *crep = ossl_cmp_certrepmessage_get0_certresponse(crepmsg, any_rid); if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1) return -1; @@ -81,7 +78,7 @@ if (msg_type == NULL) return 0; ossl_cmp_log2(WARN, ctx, "ignoring %s protection of %s", - invalid_protection ? "invalid" : "missing", msg_type); + invalid_protection ? "invalid" : "missing", msg_type); return 1; } @@ -101,7 +98,7 @@ ctx->failInfoCode = ossl_cmp_pkisi_get_pkifailureinfo(si); if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null()) - || (ctx->statusString == NULL)) + || (ctx->statusString == NULL)) return 0; ss = si->statusString; /* may be NULL */ @@ -124,13 +121,11 @@ * Regardless of success, caller is responsible for freeing *rep (unless NULL). */ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, - OSSL_CMP_MSG **rep, int expected_type) + OSSL_CMP_MSG **rep, int expected_type) { - int begin_transaction = - expected_type != OSSL_CMP_PKIBODY_POLLREP + int begin_transaction = expected_type != OSSL_CMP_PKIBODY_POLLREP && expected_type != OSSL_CMP_PKIBODY_PKICONF; - const char *req_type_str = - ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req)); + const char *req_type_str = ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req)); const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type); int bak_msg_timeout = ctx->msg_timeout; int bt; @@ -169,10 +164,9 @@ if (*rep == NULL) { ERR_raise_data(ERR_LIB_CMP, - ctx->total_timeout != 0 && time(NULL) >= ctx->end_time ? - CMP_R_TOTAL_TIMEOUT : CMP_R_TRANSFER_ERROR, - "request sent: %s, expected response: %s", - req_type_str, expected_type_str); + ctx->total_timeout != 0 && time(NULL) >= ctx->end_time ? CMP_R_TOTAL_TIMEOUT : CMP_R_TRANSFER_ERROR, + "request sent: %s, expected response: %s", + req_type_str, expected_type_str); return 0; } @@ -186,41 +180,42 @@ /* copy received extraCerts to ctx->extraCertsIn so they can be retrieved */ if (bt != OSSL_CMP_PKIBODY_POLLREP && bt != OSSL_CMP_PKIBODY_PKICONF - && !ossl_cmp_ctx_set1_extraCertsIn(ctx, (*rep)->extraCerts)) + && !ossl_cmp_ctx_set1_extraCertsIn(ctx, (*rep)->extraCerts)) return 0; if (!ossl_cmp_msg_check_update(ctx, *rep, unprotected_exception, - expected_type)) + expected_type)) return 0; if (bt == expected_type /* as an answer to polling, there could be IP/CP/KUP: */ - || (IS_CREP(bt) && expected_type == OSSL_CMP_PKIBODY_POLLREP)) + || (IS_CREP(bt) && expected_type == OSSL_CMP_PKIBODY_POLLREP)) return 1; /* received message type is not one of the expected ones (e.g., error) */ - ERR_raise(ERR_LIB_CMP, bt == OSSL_CMP_PKIBODY_ERROR ? CMP_R_RECEIVED_ERROR : - CMP_R_UNEXPECTED_PKIBODY); /* in next line for mkerr.pl */ + ERR_raise(ERR_LIB_CMP, bt == OSSL_CMP_PKIBODY_ERROR ? CMP_R_RECEIVED_ERROR : CMP_R_UNEXPECTED_PKIBODY); /* in next line for mkerr.pl */ if (bt != OSSL_CMP_PKIBODY_ERROR) { ERR_add_error_data(3, "message type is '", - ossl_cmp_bodytype_to_string(bt), "'"); + ossl_cmp_bodytype_to_string(bt), "'"); } else { OSSL_CMP_ERRORMSGCONTENT *emc = (*rep)->body->value.error; OSSL_CMP_PKISI *si = emc->pKIStatusInfo; char buf[OSSL_CMP_PKISI_BUFLEN]; if (save_statusInfo(ctx, si) - && OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, - sizeof(buf)) != NULL) + && OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, + sizeof(buf)) + != NULL) ERR_add_error_data(1, buf); if (emc->errorCode != NULL - && BIO_snprintf(buf, sizeof(buf), "; errorCode: %08lX", - ASN1_INTEGER_get(emc->errorCode)) > 0) + && BIO_snprintf(buf, sizeof(buf), "; errorCode: %08lX", + ASN1_INTEGER_get(emc->errorCode)) + > 0) ERR_add_error_data(1, buf); if (emc->errorDetails != NULL) { char *text = ossl_sk_ASN1_UTF8STRING2text(emc->errorDetails, ", ", - OSSL_CMP_PKISI_BUFLEN - 1); + OSSL_CMP_PKISI_BUFLEN - 1); if (text != NULL && *text != '\0') ERR_add_error_data(2, "; errorDetails: ", text); @@ -251,13 +246,13 @@ * Returns 0 on error (which includes the case that timeout has been reached). */ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid, - OSSL_CMP_MSG **rep, int *checkAfter) + OSSL_CMP_MSG **rep, int *checkAfter) { OSSL_CMP_MSG *preq = NULL; OSSL_CMP_MSG *prep = NULL; ossl_cmp_info(ctx, - "received 'waiting' PKIStatus, starting to poll for response"); + "received 'waiting' PKIStatus, starting to poll for response"); *rep = NULL; for (;;) { if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL) @@ -286,32 +281,34 @@ ERR_raise(ERR_LIB_CMP, CMP_R_BAD_CHECKAFTER_IN_POLLREP); goto err; } - if (check_after < 0 || (uint64_t)check_after - > (sleep ? ULONG_MAX / 1000 : INT_MAX)) { + if (check_after < 0 || (uint64_t)check_after > (sleep ? ULONG_MAX / 1000 : INT_MAX)) { ERR_raise(ERR_LIB_CMP, CMP_R_CHECKAFTER_OUT_OF_RANGE); if (BIO_snprintf(str, OSSL_CMP_PKISI_BUFLEN, "value = %jd", - check_after) >= 0) + check_after) + >= 0) ERR_add_error_data(1, str); goto err; } if (pollRep->reason == NULL - || (len = BIO_snprintf(str, OSSL_CMP_PKISI_BUFLEN, - " with reason = '")) < 0) { + || (len = BIO_snprintf(str, OSSL_CMP_PKISI_BUFLEN, + " with reason = '")) + < 0) { *str = '\0'; } else { char *text = ossl_sk_ASN1_UTF8STRING2text(pollRep->reason, ", ", - sizeof(str) - len - 2); + sizeof(str) - len - 2); if (text == NULL - || BIO_snprintf(str + len, sizeof(str) - len, - "%s'", text) < 0) + || BIO_snprintf(str + len, sizeof(str) - len, + "%s'", text) + < 0) *str = '\0'; OPENSSL_free(text); } ossl_cmp_log2(INFO, ctx, - "received polling response%s; checkAfter = %ld seconds", - str, check_after); + "received polling response%s; checkAfter = %ld seconds", + str, check_after); if (ctx->total_timeout != 0) { /* timeout is not infinite */ const int exp = 5; /* expected max time per msg round trip */ @@ -350,7 +347,7 @@ *rep = prep; return 1; - err: +err: OSSL_CMP_MSG_free(preq); OSSL_CMP_MSG_free(prep); return 0; @@ -361,7 +358,7 @@ * not modifying ctx->status during the certConf exchange */ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId, - int fail_info, const char *txt) + int fail_info, const char *txt) { OSSL_CMP_MSG *certConf; OSSL_CMP_MSG *PKIconf = NULL; @@ -374,7 +371,7 @@ res = send_receive_check(ctx, certConf, &PKIconf, OSSL_CMP_PKIBODY_PKICONF); - err: +err: OSSL_CMP_MSG_free(certConf); OSSL_CMP_MSG_free(PKIconf); return res; @@ -382,7 +379,7 @@ /* Send given error and check response */ int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info, - const char *txt, int errorCode, const char *details) + const char *txt, int errorCode, const char *details) { OSSL_CMP_MSG *error = NULL; OSSL_CMP_PKISI *si = NULL; @@ -398,7 +395,7 @@ res = send_receive_check(ctx, error, &PKIconf, OSSL_CMP_PKIBODY_PKICONF); - err: +err: OSSL_CMP_MSG_free(error); OSSL_CMP_PKISI_free(si); OSSL_CMP_MSG_free(PKIconf); @@ -411,7 +408,7 @@ * Returns NULL if not found or on error. */ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype, - OSSL_CMP_CERTRESPONSE *crep) + OSSL_CMP_CERTRESPONSE *crep) { char buf[OSSL_CMP_PKISI_BUFLEN]; X509 *crt = NULL; @@ -422,7 +419,7 @@ switch (ossl_cmp_pkisi_get_status(crep->status)) { case OSSL_CMP_PKISTATUS_waiting: ossl_cmp_err(ctx, - "received \"waiting\" status for cert when actually aiming to extract cert"); + "received \"waiting\" status for cert when actually aiming to extract cert"); ERR_raise(ERR_LIB_CMP, CMP_R_ENCOUNTERED_WAITING); goto err; case OSSL_CMP_PKISTATUS_grantedWithMods: @@ -437,11 +434,11 @@ goto err; case OSSL_CMP_PKISTATUS_revocationWarning: ossl_cmp_warn(ctx, - "received \"revocationWarning\" - a revocation of the cert is imminent"); + "received \"revocationWarning\" - a revocation of the cert is imminent"); break; case OSSL_CMP_PKISTATUS_revocationNotification: ossl_cmp_warn(ctx, - "received \"revocationNotification\" - a revocation of the cert has occurred"); + "received \"revocationNotification\" - a revocation of the cert has occurred"); break; case OSSL_CMP_PKISTATUS_keyUpdateWarning: if (bodytype != OSSL_CMP_PKIBODY_KUR) { @@ -451,8 +448,8 @@ break; default: ossl_cmp_log1(ERROR, ctx, - "received unsupported PKIStatus %d for certificate", - ctx->status); + "received unsupported PKIStatus %d for certificate", + ctx->status); ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_PKISTATUS); goto err; } @@ -462,7 +459,7 @@ return crt; - err: +err: if (OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, sizeof(buf)) != NULL) ERR_add_error_data(1, buf); return NULL; @@ -486,7 +483,7 @@ * an EE must be able to validate the certificates it gets enrolled. */ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, - const char **text) + const char **text) { X509_STORE *out_trusted = OSSL_CMP_CTX_get_certConf_cb_arg(ctx); STACK_OF(X509) *chain = NULL; @@ -498,7 +495,7 @@ if (out_trusted == NULL) { ossl_cmp_debug(ctx, "trying to build chain for newly enrolled cert"); chain = X509_build_chain(cert, ctx->untrusted, out_trusted, - 0, ctx->libctx, ctx->propq); + 0, ctx->libctx, ctx->propq); } else { X509_STORE_CTX *csc = X509_STORE_CTX_new_ex(ctx->libctx, ctx->propq); @@ -509,16 +506,16 @@ goto err; /* disable any cert status/revocation checking etc. */ X509_VERIFY_PARAM_clear_flags(X509_STORE_CTX_get0_param(csc), - ~(X509_V_FLAG_USE_CHECK_TIME - | X509_V_FLAG_NO_CHECK_TIME - | X509_V_FLAG_PARTIAL_CHAIN - | X509_V_FLAG_POLICY_CHECK)); + ~(X509_V_FLAG_USE_CHECK_TIME + | X509_V_FLAG_NO_CHECK_TIME + | X509_V_FLAG_PARTIAL_CHAIN + | X509_V_FLAG_POLICY_CHECK)); if (X509_verify_cert(csc) <= 0) goto err; - if (!ossl_x509_add_certs_new(&chain, X509_STORE_CTX_get0_chain(csc), - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_NO_SS)) { + if (!ossl_x509_add_certs_new(&chain, X509_STORE_CTX_get0_chain(csc), + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP + | X509_ADD_FLAG_NO_SS)) { sk_X509_free(chain); chain = NULL; } @@ -534,14 +531,14 @@ fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData; } else { ossl_cmp_debug(ctx, - "success validating newly enrolled cert"); + "success validating newly enrolled cert"); } } else if (chain == NULL) { ossl_cmp_warn(ctx, "could not build approximate chain for newly enrolled cert, resorting to received extraCerts"); chain = OSSL_CMP_CTX_get1_extraCertsIn(ctx); } else { ossl_cmp_debug(ctx, - "success building approximate chain for newly enrolled cert"); + "success building approximate chain for newly enrolled cert"); } (void)ossl_cmp_ctx_set1_newChain(ctx, chain); sk_X509_pop_free(chain, X509_free); @@ -558,8 +555,8 @@ * Regardless of success, caller is responsible for freeing *resp (unless NULL). */ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, - OSSL_CMP_MSG **resp, int *checkAfter, - int req_type, int expected_type) + OSSL_CMP_MSG **resp, int *checkAfter, + int req_type, int expected_type) { EVP_PKEY *rkey = ossl_cmp_ctx_get0_newPubkey(ctx); int fail_info = 0; /* no failure */ @@ -574,7 +571,7 @@ if (!ossl_assert(ctx != NULL)) return 0; - retry: +retry: crepmsg = (*resp)->body->value.ip; /* same for cp and kup */ if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1) { ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED); @@ -611,21 +608,23 @@ ERR_add_error_data(1, "; cannot extract certificate from response"); return 0; } - if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) + if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) { + X509_free(cert); return 0; + } /* * if the CMP server returned certificates in the caPubs field, copy them * to the context so that they can be retrieved if necessary */ if (crepmsg->caPubs != NULL - && !ossl_cmp_ctx_set1_caPubs(ctx, crepmsg->caPubs)) + && !ossl_cmp_ctx_set1_caPubs(ctx, crepmsg->caPubs)) return 0; subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); if (rkey != NULL /* X509_check_private_key() also works if rkey is just public key */ - && !(X509_check_private_key(ctx->newCert, rkey))) { + && !(X509_check_private_key(ctx->newCert, rkey))) { fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData; txt = "public key in new certificate does not match our enrollment key"; /*- @@ -644,13 +643,13 @@ */ cb = ctx->certConf_cb != NULL ? ctx->certConf_cb : OSSL_CMP_certConf_cb; if ((fail_info = cb(ctx, ctx->newCert, fail_info, &txt)) != 0 - && txt == NULL) + && txt == NULL) txt = "CMP client did not accept it"; if (fail_info != 0) /* immediately log error before any certConf exchange */ ossl_cmp_log1(ERROR, ctx, - "rejecting newly enrolled cert with subject: %s", subj); + "rejecting newly enrolled cert with subject: %s", subj); if (!ctx->disableConfirm - && !ossl_cmp_hdr_has_implicitConfirm((*resp)->header)) { + && !ossl_cmp_hdr_has_implicitConfirm((*resp)->header)) { if (!ossl_cmp_exchange_certConf(ctx, rid, fail_info, txt)) ret = 0; } @@ -658,8 +657,8 @@ /* not throwing failure earlier as transfer_cb may call ERR_clear_error() */ if (fail_info != 0) { ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED, - "rejecting newly enrolled cert with subject: %s; %s", - subj, txt); + "rejecting newly enrolled cert with subject: %s; %s", + subj, txt); ctx->status = OSSL_CMP_PKISTATUS_rejection; ret = 0; } @@ -668,8 +667,8 @@ } static int initial_certreq(OSSL_CMP_CTX *ctx, - int req_type, const OSSL_CRMF_MSG *crm, - OSSL_CMP_MSG **p_rep, int rep_type) + int req_type, const OSSL_CRMF_MSG *crm, + OSSL_CMP_MSG **p_rep, int rep_type) { OSSL_CMP_MSG *req; int res; @@ -689,7 +688,7 @@ } int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, - const OSSL_CRMF_MSG *crm, int *checkAfter) + const OSSL_CRMF_MSG *crm, int *checkAfter) { OSSL_CMP_MSG *rep = NULL; int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR; @@ -708,16 +707,16 @@ } else { if (req_type < 0) return ossl_cmp_exchange_error(ctx, OSSL_CMP_PKISTATUS_rejection, - 0, "polling aborted", - 0 /* errorCode */, "by application"); + 0, "polling aborted", + 0 /* errorCode */, "by application"); res = poll_for_response(ctx, 0 /* no sleep */, rid, &rep, checkAfter); if (res <= 0) /* waiting or error */ return res; } res = cert_response(ctx, 0 /* no sleep */, rid, &rep, checkAfter, - req_type, rep_type); + req_type, rep_type); - err: +err: OSSL_CMP_MSG_free(rep); return res; } @@ -730,7 +729,7 @@ * Returns pointer to received certificate, or NULL if none was received. */ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, - const OSSL_CRMF_MSG *crm) + const OSSL_CRMF_MSG *crm) { OSSL_CMP_MSG *rep = NULL; @@ -752,7 +751,7 @@ goto err; result = ctx->newCert; - err: +err: OSSL_CMP_MSG_free(rep); return result; } @@ -822,7 +821,7 @@ case OSSL_CMP_PKISTATUS_revocationNotification: /* interpretation as warning or error depends on CA */ ossl_cmp_warn(ctx, - "revocation accepted (PKIStatus=revocationNotification)"); + "revocation accepted (PKIStatus=revocationNotification)"); ret = 1; break; case OSSL_CMP_PKISTATUS_waiting: @@ -837,8 +836,7 @@ /* check any present CertId in optional revCerts field */ if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) >= 1) { OSSL_CRMF_CERTID *cid; - OSSL_CRMF_CERTTEMPLATE *tmpl = - sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails; + OSSL_CRMF_CERTTEMPLATE *tmpl = sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails; const X509_NAME *issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl); const ASN1_INTEGER *serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl); @@ -860,7 +858,8 @@ #endif } if (ASN1_INTEGER_cmp(serial, - OSSL_CRMF_CERTID_get0_serialNumber(cid)) != 0) { + OSSL_CRMF_CERTID_get0_serialNumber(cid)) + != 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_SERIAL_IN_RP); ret = 0; @@ -876,12 +875,12 @@ goto err; } - err: +err: if (ret == 0 - && OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, sizeof(buf)) != NULL) + && OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, sizeof(buf)) != NULL) ERR_add_error_data(1, buf); - end: +end: OSSL_CMP_MSG_free(rr); OSSL_CMP_MSG_free(rp); return ret; @@ -913,7 +912,7 @@ /* received stack of itavs not to be freed with the genp */ genp->body->value.genp = NULL; - err: +err: OSSL_CMP_MSG_free(genm); OSSL_CMP_MSG_free(genp); --- crypto/openssl/crypto/cmp/cmp_ctx.c.orig +++ crypto/openssl/crypto/cmp/cmp_ctx.c @@ -71,12 +71,12 @@ return 0; } if (!ossl_x509_add_certs_new(&untrusted, certs, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) goto err; sk_X509_pop_free(ctx->untrusted, X509_free); ctx->untrusted = untrusted; return 1; - err: +err: sk_X509_pop_free(untrusted, X509_free); return 0; } @@ -135,9 +135,9 @@ /* all other elements are initialized to 0 or NULL, respectively */ return ctx; - oom: +oom: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - err: +err: OSSL_CMP_CTX_free(ctx); return NULL; } @@ -273,7 +273,7 @@ } int ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx, - OSSL_CMP_PKIFREETEXT *text) + OSSL_CMP_PKIFREETEXT *text) { if (!ossl_assert(ctx != NULL)) return 0; @@ -332,7 +332,7 @@ #ifndef OPENSSL_NO_TRACE static size_t ossl_cmp_log_trace_cb(const char *buf, size_t cnt, - int category, int cmd, void *vdata) + int category, int cmd, void *vdata) { OSSL_CMP_CTX *ctx = vdata; const char *msg; @@ -352,11 +352,11 @@ goto end; /* suppress output since severity is not sufficient */ if (!ctx->log_cb(func != NULL ? func : "(no func)", - file != NULL ? file : "(no file)", - line, level, msg)) + file != NULL ? file : "(no file)", + line, level, msg)) cnt = 0; - end: +end: OPENSSL_free(func); OPENSSL_free(file); return cnt; @@ -365,8 +365,8 @@ /* Print CMP log messages (i.e., diagnostic info) via the log cb of the ctx */ int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx, - const char *func, const char *file, int line, - const char *level_str, const char *format, ...) + const char *func, const char *file, int line, + const char *level_str, const char *format, ...) { va_list args; char hugebuf[1024 * 2]; @@ -392,17 +392,19 @@ #ifndef OPENSSL_NO_TRACE if (OSSL_TRACE_ENABLED(CMP)) { - OSSL_TRACE_BEGIN(CMP) { - int printed = - BIO_snprintf(hugebuf, sizeof(hugebuf), - "%s:%s:%d:" OSSL_CMP_LOG_PREFIX "%s: ", - func, file, line, level_str); + OSSL_TRACE_BEGIN(CMP) + { + int printed = BIO_snprintf(hugebuf, sizeof(hugebuf), + "%s:%s:%d:" OSSL_CMP_LOG_PREFIX "%s: ", + func, file, line, level_str); if (printed > 0 && (size_t)printed < sizeof(hugebuf)) { if (BIO_vsnprintf(hugebuf + printed, - sizeof(hugebuf) - printed, format, args) > 0) + sizeof(hugebuf) - printed, format, args) + > 0) res = BIO_puts(trc_out, hugebuf) > 0; } - } OSSL_TRACE_END(CMP); + } + OSSL_TRACE_END(CMP); } #else /* compensate for disabled trace API */ { @@ -426,7 +428,7 @@ #ifndef OPENSSL_NO_TRACE /* do also in case cb == NULL, to switch off logging output: */ if (!OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_CMP, - ossl_cmp_log_trace_cb, ctx)) + ossl_cmp_log_trace_cb, ctx)) return 0; #endif @@ -446,19 +448,19 @@ * (i.e., the user name) when using PBMAC. */ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, - const unsigned char *ref, int len) + const unsigned char *ref, int len) { if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return 0; } return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->referenceValue, ref, - len); + len); } /* Set or clear the password to be used for protecting messages with PBMAC */ int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, - const unsigned char *sec, int len) + const unsigned char *sec, int len) { ASN1_OCTET_STRING *secretValue = NULL; if (ctx == NULL) { @@ -496,8 +498,7 @@ sk_X509_pop_free(ctx->newChain, X509_free); ctx->newChain = NULL; - return newChain == NULL || - (ctx->newChain = X509_chain_up_ref(newChain)) != NULL; + return newChain == NULL || (ctx->newChain = X509_chain_up_ref(newChain)) != NULL; } /* Returns the stack of extraCerts received in CertRepMessage, NULL on error */ @@ -515,7 +516,7 @@ * of the OSSL_CMP_CTX structure so that they may be retrieved later. */ int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsIn) + STACK_OF(X509) *extraCertsIn) { if (!ossl_assert(ctx != NULL)) return 0; @@ -531,7 +532,7 @@ * certificates to send out in the extraCerts field. */ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsOut) + STACK_OF(X509) *extraCertsOut) { if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -556,7 +557,7 @@ } if (ctx->policies == NULL - && (ctx->policies = CERTIFICATEPOLICIES_new()) == NULL) + && (ctx->policies = CERTIFICATEPOLICIES_new()) == NULL) return 0; return sk_POLICYINFO_push(ctx->policies, pinfo); @@ -623,44 +624,44 @@ #define char_dup OPENSSL_strdup #define char_free OPENSSL_free -#define DEFINE_OSSL_CMP_CTX_set1(FIELD, TYPE) /* this uses _dup */ \ -int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \ -{ \ - TYPE *val_dup = NULL; \ - \ - if (ctx == NULL) { \ - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ - return 0; \ - } \ - \ - if (val != NULL && (val_dup = TYPE##_dup(val)) == NULL) \ - return 0; \ - TYPE##_free(ctx->FIELD); \ - ctx->FIELD = val_dup; \ - return 1; \ -} +#define DEFINE_OSSL_CMP_CTX_set1(FIELD, TYPE) /* this uses _dup */ \ + int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \ + { \ + TYPE *val_dup = NULL; \ + \ + if (ctx == NULL) { \ + ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ + return 0; \ + } \ + \ + if (val != NULL && (val_dup = TYPE##_dup(val)) == NULL) \ + return 0; \ + TYPE##_free(ctx->FIELD); \ + ctx->FIELD = val_dup; \ + return 1; \ + } #define X509_invalid(cert) (!ossl_x509v3_cache_extensions(cert)) #define EVP_PKEY_invalid(key) 0 -#define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \ -int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \ -{ \ - if (ctx == NULL) { \ - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ - return 0; \ - } \ - \ - /* prevent misleading error later on malformed cert or provider issue */ \ - if (val != NULL && TYPE##_invalid(val)) { \ - ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); \ - return 0; \ - } \ - if (val != NULL && !TYPE##_up_ref(val)) \ - return 0; \ - TYPE##_free(ctx->FIELD); \ - ctx->FIELD = val; \ - return 1; \ -} +#define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \ + int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \ + { \ + if (ctx == NULL) { \ + ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ + return 0; \ + } \ + \ + /* prevent misleading error later on malformed cert or provider issue */ \ + if (val != NULL && TYPE##_invalid(val)) { \ + ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); \ + return 0; \ + } \ + if (val != NULL && !TYPE##_up_ref(val)) \ + return 0; \ + TYPE##_free(ctx->FIELD); \ + ctx->FIELD = val; \ + return 1; \ + } /* * Pins the server certificate to be directly trusted (even if it is expired) @@ -669,23 +670,23 @@ */ DEFINE_OSSL_CMP_CTX_set1_up_ref(srvCert, X509) -/* Set the X509 name of the recipient to be placed in the PKIHeader */ -DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME) + /* Set the X509 name of the recipient to be placed in the PKIHeader */ + DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME) -/* Store the X509 name of the expected sender in the PKIHeader of responses */ -DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME) + /* Store the X509 name of the expected sender in the PKIHeader of responses */ + DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME) -/* Set the X509 name of the issuer to be placed in the certTemplate */ -DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME) + /* Set the X509 name of the issuer to be placed in the certTemplate */ + DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME) -/* - * Set the subject name that will be placed in the certificate - * request. This will be the subject name on the received certificate. - */ -DEFINE_OSSL_CMP_CTX_set1(subjectName, X509_NAME) + /* + * Set the subject name that will be placed in the certificate + * request. This will be the subject name on the received certificate. + */ + DEFINE_OSSL_CMP_CTX_set1(subjectName, X509_NAME) -/* Set the X.509v3 certificate request extensions to be used in IR/CR/KUR */ -int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts) + /* Set the X.509v3 certificate request extensions to be used in IR/CR/KUR */ + int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts) { if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -693,7 +694,7 @@ } if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 && exts != NULL - && X509v3_get_ext_by_NID(exts, NID_subject_alt_name, -1) >= 0) { + && X509v3_get_ext_by_NID(exts, NID_subject_alt_name, -1) >= 0) { ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES); return 0; } @@ -712,7 +713,8 @@ /* if one of the following conditions 'fail' this is not an error */ return ctx->reqExtensions != NULL && X509v3_get_ext_by_NID(ctx->reqExtensions, - NID_subject_alt_name, -1) >= 0; + NID_subject_alt_name, -1) + >= 0; } /* @@ -720,7 +722,7 @@ * request's extensions field to request subject alternative names. */ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, - const GENERAL_NAME *name) + const GENERAL_NAME *name) { GENERAL_NAME *name_dup; @@ -735,7 +737,7 @@ } if (ctx->subjectAltNames == NULL - && (ctx->subjectAltNames = sk_GENERAL_NAME_new_null()) == NULL) + && (ctx->subjectAltNames = sk_GENERAL_NAME_new_null()) == NULL) return 0; if ((name_dup = GENERAL_NAME_dup(name)) == NULL) return 0; @@ -752,8 +754,8 @@ */ DEFINE_OSSL_CMP_CTX_set1_up_ref(cert, X509) -int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, - STACK_OF(X509) *candidates) + int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, + STACK_OF(X509) *candidates) { STACK_OF(X509) *chain; @@ -763,12 +765,12 @@ } if (!ossl_x509_add_certs_new(&ctx->untrusted, candidates, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) return 0; ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert"); chain = X509_build_chain(ctx->cert, ctx->untrusted, own_trusted, 0, - ctx->libctx, ctx->propq); + ctx->libctx, ctx->propq); if (chain == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_FAILED_BUILDING_OWN_CHAIN); return 0; @@ -786,14 +788,14 @@ */ DEFINE_OSSL_CMP_CTX_set1_up_ref(oldCert, X509) -/* Set the PKCS#10 CSR to be sent in P10CR */ -DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ) + /* Set the PKCS#10 CSR to be sent in P10CR */ + DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ) -/* - * Set the (newly received in IP/KUP/CP) certificate in the context. - * This only permits for one cert to be enrolled at a time. - */ -int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert) + /* + * Set the (newly received in IP/KUP/CP) certificate in the context. + * This only permits for one cert to be enrolled at a time. + */ + int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert) { if (!ossl_assert(ctx != NULL)) return 0; @@ -819,8 +821,8 @@ /* Set the client's current private key */ DEFINE_OSSL_CMP_CTX_set1_up_ref(pkey, EVP_PKEY) -/* Set new key pair. Used e.g. when doing Key Update */ -int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey) + /* Set new key pair. Used e.g. when doing Key Update */ + int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey) { if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -866,7 +868,7 @@ /* Set the given transactionID to the context */ int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *id) + const ASN1_OCTET_STRING *id) { if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -877,7 +879,7 @@ /* Set the nonce to be used for the recipNonce in the message created next */ int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce) + const ASN1_OCTET_STRING *nonce) { if (!ossl_assert(ctx != NULL)) return 0; @@ -886,7 +888,7 @@ /* Stores the given nonce as the last senderNonce sent out */ int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce) + const ASN1_OCTET_STRING *nonce) { if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -898,14 +900,14 @@ /* Set the proxy server to use for HTTP(S) connections */ DEFINE_OSSL_CMP_CTX_set1(proxy, char) -/* Set the (HTTP) host name of the CMP server */ -DEFINE_OSSL_CMP_CTX_set1(server, char) + /* Set the (HTTP) host name of the CMP server */ + DEFINE_OSSL_CMP_CTX_set1(server, char) -/* Set the server exclusion list of the HTTP proxy server */ -DEFINE_OSSL_CMP_CTX_set1(no_proxy, char) + /* Set the server exclusion list of the HTTP proxy server */ + DEFINE_OSSL_CMP_CTX_set1(no_proxy, char) -/* Set the http connect/disconnect callback function to be used for HTTP(S) */ -int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb) + /* Set the http connect/disconnect callback function to be used for HTTP(S) */ + int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb) { if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -988,8 +990,8 @@ /* Set the HTTP path to be used on the server (e.g "pkix/") */ DEFINE_OSSL_CMP_CTX_set1(serverPath, char) -/* Set the failInfo error code as bit encoding in OSSL_CMP_CTX */ -int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info) + /* Set the failInfo error code as bit encoding in OSSL_CMP_CTX */ + int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info) { if (!ossl_assert(ctx != NULL)) return 0; --- crypto/openssl/crypto/cmp/cmp_err.c.orig +++ crypto/openssl/crypto/cmp/cmp_err.c @@ -14,166 +14,166 @@ #ifndef OPENSSL_NO_CMP -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA CMP_str_reasons[] = { - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ALGORITHM_NOT_SUPPORTED), - "algorithm not supported"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_BAD_CHECKAFTER_IN_POLLREP), - "bad checkafter in pollrep"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_BAD_REQUEST_ID), "bad request id"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTHASH_UNMATCHED), "certhash unmatched"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTID_NOT_FOUND), "certid not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTIFICATE_NOT_ACCEPTED), - "certificate not accepted"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTIFICATE_NOT_FOUND), - "certificate not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTREQMSG_NOT_FOUND), - "certreqmsg not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTRESPONSE_NOT_FOUND), - "certresponse not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERT_AND_KEY_DO_NOT_MATCH), - "cert and key do not match"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CHECKAFTER_OUT_OF_RANGE), - "checkafter out of range"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ENCOUNTERED_KEYUPDATEWARNING), - "encountered keyupdatewarning"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ENCOUNTERED_WAITING), - "encountered waiting"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CALCULATING_PROTECTION), - "error calculating protection"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTCONF), - "error creating certconf"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREP), - "error creating certrep"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREQ), - "error creating certreq"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_ERROR), - "error creating error"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENM), - "error creating genm"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENP), - "error creating genp"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_PKICONF), - "error creating pkiconf"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_POLLREP), - "error creating pollrep"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_POLLREQ), - "error creating pollreq"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_RP), "error creating rp"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_RR), "error creating rr"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PARSING_PKISTATUS), - "error parsing pkistatus"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PROCESSING_MESSAGE), - "error processing message"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PROTECTING_MESSAGE), - "error protecting message"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_SETTING_CERTHASH), - "error setting certhash"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_UNEXPECTED_CERTCONF), - "error unexpected certconf"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_PROTECTION), - "error validating protection"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_SIGNATURE), - "error validating signature"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_BUILDING_OWN_CHAIN), - "failed building own chain"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_EXTRACTING_PUBKEY), - "failed extracting pubkey"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILURE_OBTAINING_RANDOM), - "failure obtaining random"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAIL_INFO_OUT_OF_RANGE), - "fail info out of range"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_ARGS), "invalid args"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_OPTION), "invalid option"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_CERTID), "missing certid"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION), - "missing key input for creating protection"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE), - "missing key usage digitalsignature"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_P10CSR), "missing p10csr"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PBM_SECRET), "missing pbm secret"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY_FOR_POPO), - "missing private key for popo"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PUBLIC_KEY), "missing public key"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT), - "missing reference cert"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SECRET), "missing secret"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SENDER_IDENTIFICATION), - "missing sender identification"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_ANCHOR), - "missing trust anchor"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_STORE), - "missing trust store"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED), - "multiple requests not supported"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED), - "multiple responses not supported"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_SAN_SOURCES), - "multiple san sources"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NO_STDIO), "no stdio"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NO_SUITABLE_SENDER_CERT), - "no suitable sender cert"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NULL_ARGUMENT), "null argument"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_PKIBODY_ERROR), "pkibody error"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_PKISTATUSINFO_NOT_FOUND), - "pkistatusinfo not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_POLLING_FAILED), "polling failed"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_POTENTIALLY_INVALID_CERTIFICATE), - "potentially invalid certificate"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_RECEIVED_ERROR), "received error"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_RECIPNONCE_UNMATCHED), - "recipnonce unmatched"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_REQUEST_NOT_ACCEPTED), - "request not accepted"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_REQUEST_REJECTED_BY_SERVER), - "request rejected by server"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED), - "sender generalname type not supported"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG), - "srvcert does not validate msg"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TOTAL_TIMEOUT), "total timeout"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TRANSACTIONID_UNMATCHED), - "transactionid unmatched"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TRANSFER_ERROR), "transfer error"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PKIBODY), "unexpected pkibody"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PKISTATUS), - "unexpected pkistatus"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PVNO), "unexpected pvno"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_ALGORITHM_ID), - "unknown algorithm id"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_CERT_TYPE), "unknown cert type"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_PKISTATUS), "unknown pkistatus"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_ALGORITHM), - "unsupported algorithm"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_KEY_TYPE), - "unsupported key type"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC), - "unsupported protection alg dhbasedmac"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_LARGE), "value too large"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_SMALL), "value too small"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_ALGORITHM_OID), - "wrong algorithm oid"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID), "wrong certid"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID_IN_RP), "wrong certid in rp"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_PBM_VALUE), "wrong pbm value"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_RP_COMPONENT_COUNT), - "wrong rp component count"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_SERIAL_IN_RP), "wrong serial in rp"}, - {0, NULL} + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ALGORITHM_NOT_SUPPORTED), + "algorithm not supported" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_BAD_CHECKAFTER_IN_POLLREP), + "bad checkafter in pollrep" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_BAD_REQUEST_ID), "bad request id" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTHASH_UNMATCHED), "certhash unmatched" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTID_NOT_FOUND), "certid not found" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTIFICATE_NOT_ACCEPTED), + "certificate not accepted" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTIFICATE_NOT_FOUND), + "certificate not found" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTREQMSG_NOT_FOUND), + "certreqmsg not found" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTRESPONSE_NOT_FOUND), + "certresponse not found" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERT_AND_KEY_DO_NOT_MATCH), + "cert and key do not match" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CHECKAFTER_OUT_OF_RANGE), + "checkafter out of range" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ENCOUNTERED_KEYUPDATEWARNING), + "encountered keyupdatewarning" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ENCOUNTERED_WAITING), + "encountered waiting" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CALCULATING_PROTECTION), + "error calculating protection" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTCONF), + "error creating certconf" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREP), + "error creating certrep" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREQ), + "error creating certreq" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_ERROR), + "error creating error" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENM), + "error creating genm" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENP), + "error creating genp" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_PKICONF), + "error creating pkiconf" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_POLLREP), + "error creating pollrep" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_POLLREQ), + "error creating pollreq" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_RP), "error creating rp" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_RR), "error creating rr" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PARSING_PKISTATUS), + "error parsing pkistatus" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PROCESSING_MESSAGE), + "error processing message" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PROTECTING_MESSAGE), + "error protecting message" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_SETTING_CERTHASH), + "error setting certhash" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_UNEXPECTED_CERTCONF), + "error unexpected certconf" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_PROTECTION), + "error validating protection" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_SIGNATURE), + "error validating signature" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_BUILDING_OWN_CHAIN), + "failed building own chain" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_EXTRACTING_PUBKEY), + "failed extracting pubkey" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILURE_OBTAINING_RANDOM), + "failure obtaining random" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAIL_INFO_OUT_OF_RANGE), + "fail info out of range" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_ARGS), "invalid args" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_OPTION), "invalid option" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_CERTID), "missing certid" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION), + "missing key input for creating protection" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE), + "missing key usage digitalsignature" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_P10CSR), "missing p10csr" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PBM_SECRET), "missing pbm secret" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY), + "missing private key" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY_FOR_POPO), + "missing private key for popo" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PUBLIC_KEY), "missing public key" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT), + "missing reference cert" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SECRET), "missing secret" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SENDER_IDENTIFICATION), + "missing sender identification" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_ANCHOR), + "missing trust anchor" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_STORE), + "missing trust store" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED), + "multiple requests not supported" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED), + "multiple responses not supported" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_SAN_SOURCES), + "multiple san sources" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NO_STDIO), "no stdio" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NO_SUITABLE_SENDER_CERT), + "no suitable sender cert" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NULL_ARGUMENT), "null argument" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_PKIBODY_ERROR), "pkibody error" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_PKISTATUSINFO_NOT_FOUND), + "pkistatusinfo not found" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_POLLING_FAILED), "polling failed" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_POTENTIALLY_INVALID_CERTIFICATE), + "potentially invalid certificate" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_RECEIVED_ERROR), "received error" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_RECIPNONCE_UNMATCHED), + "recipnonce unmatched" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_REQUEST_NOT_ACCEPTED), + "request not accepted" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_REQUEST_REJECTED_BY_SERVER), + "request rejected by server" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED), + "sender generalname type not supported" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG), + "srvcert does not validate msg" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TOTAL_TIMEOUT), "total timeout" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TRANSACTIONID_UNMATCHED), + "transactionid unmatched" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TRANSFER_ERROR), "transfer error" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PKIBODY), "unexpected pkibody" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PKISTATUS), + "unexpected pkistatus" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PVNO), "unexpected pvno" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_ALGORITHM_ID), + "unknown algorithm id" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_CERT_TYPE), "unknown cert type" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_PKISTATUS), "unknown pkistatus" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_ALGORITHM), + "unsupported algorithm" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_KEY_TYPE), + "unsupported key type" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC), + "unsupported protection alg dhbasedmac" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_LARGE), "value too large" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_SMALL), "value too small" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_ALGORITHM_OID), + "wrong algorithm oid" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID), "wrong certid" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID_IN_RP), "wrong certid in rp" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_PBM_VALUE), "wrong pbm value" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_RP_COMPONENT_COUNT), + "wrong rp component count" }, + { ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_SERIAL_IN_RP), "wrong serial in rp" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_CMP_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(CMP_str_reasons[0].error) == NULL) ERR_load_strings_const(CMP_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/cmp/cmp_hdr.c.orig +++ crypto/openssl/crypto/cmp/cmp_hdr.c @@ -41,13 +41,12 @@ int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr) { if (!ossl_assert(hdr != NULL) - || hdr->protectionAlg == NULL) + || hdr->protectionAlg == NULL) return NID_undef; return OBJ_obj2nid(hdr->protectionAlg->algorithm); } -ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const - OSSL_CMP_PKIHEADER *hdr) +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr) { if (hdr == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -102,7 +101,7 @@ return 1; - err: +err: GENERAL_NAME_free(name); return 0; } @@ -131,7 +130,7 @@ if (!ossl_assert(hdr != NULL)) return 0; if (hdr->messageTime == NULL - && (hdr->messageTime = ASN1_GENERALIZEDTIME_new()) == NULL) + && (hdr->messageTime = ASN1_GENERALIZEDTIME_new()) == NULL) return 0; return ASN1_GENERALIZEDTIME_set(hdr->messageTime, time(NULL)) != NULL; } @@ -151,7 +150,7 @@ } int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr, - const ASN1_OCTET_STRING *senderKID) + const ASN1_OCTET_STRING *senderKID) { if (!ossl_assert(hdr != NULL)) return 0; @@ -165,7 +164,7 @@ return 0; if (hdr->freeText == NULL - && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL) + && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL) return 0; return sk_ASN1_UTF8STRING_push(hdr->freeText, text); @@ -177,16 +176,15 @@ return 0; if (hdr->freeText == NULL - && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL) + && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL) return 0; - return - ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data, - text->length); + return ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data, + text->length); } int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr, - OSSL_CMP_ITAV *itav) + OSSL_CMP_ITAV *itav) { if (!ossl_assert(hdr != NULL && itav != NULL)) return 0; @@ -194,7 +192,7 @@ } int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr, - const STACK_OF(OSSL_CMP_ITAV) *itavs) + const STACK_OF(OSSL_CMP_ITAV) *itavs) { int i; OSSL_CMP_ITAV *itav; @@ -226,13 +224,14 @@ if (asn1null == NULL) return 0; if ((itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm), - asn1null)) == NULL) + asn1null)) + == NULL) goto err; if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) goto err; return 1; - err: +err: ASN1_TYPE_free(asn1null); OSSL_CMP_ITAV_free(itav); return 0; @@ -252,7 +251,7 @@ for (i = 0; i < itavCount; i++) { itav = sk_OSSL_CMP_ITAV_value(hdr->generalInfo, i); if (itav != NULL - && OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm) + && OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm) return 1; } @@ -274,18 +273,18 @@ char *tid; if (!set_random(&ctx->transactionID, ctx, - OSSL_CMP_TRANSACTIONID_LENGTH)) + OSSL_CMP_TRANSACTIONID_LENGTH)) return 0; tid = OPENSSL_buf2hexstr(ctx->transactionID->data, - ctx->transactionID->length); + ctx->transactionID->length); if (tid != NULL) ossl_cmp_log1(DEBUG, ctx, - "Starting new transaction with ID=%s", tid); + "Starting new transaction with ID=%s", tid); OPENSSL_free(tid); } return ossl_cmp_asn1_octet_string_set1(&hdr->transactionID, - ctx->transactionID); + ctx->transactionID); } /* fill in all fields of the hdr according to the info given in ctx */ @@ -305,9 +304,8 @@ * If neither protection cert nor oldCert nor subject are given, * sender name is not known to the client and thus set to NULL-DN */ - sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) : - ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) : - ctx->subjectName; + sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) : ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) + : ctx->subjectName; if (!ossl_cmp_hdr_set1_sender(hdr, sender)) return 0; @@ -330,8 +328,8 @@ return 0; if (ctx->recipNonce != NULL - && !ossl_cmp_asn1_octet_string_set1(&hdr->recipNonce, - ctx->recipNonce)) + && !ossl_cmp_asn1_octet_string_set1(&hdr->recipNonce, + ctx->recipNonce)) return 0; if (!ossl_cmp_hdr_set_transactionID(ctx, hdr)) @@ -362,7 +360,7 @@ * -- (this field is intended for human consumption) */ if (ctx->freeText != NULL - && !ossl_cmp_hdr_push1_freeText(hdr, ctx->freeText)) + && !ossl_cmp_hdr_push1_freeText(hdr, ctx->freeText)) return 0; return 1; --- crypto/openssl/crypto/cmp/cmp_http.c.orig +++ crypto/openssl/crypto/cmp/cmp_http.c @@ -35,11 +35,11 @@ * Ask for persistent connection only if may need more round trips. * Do so even with disableConfirm because polling might be needed. */ - && body_type != OSSL_CMP_PKIBODY_IR - && body_type != OSSL_CMP_PKIBODY_CR - && body_type != OSSL_CMP_PKIBODY_P10CR - && body_type != OSSL_CMP_PKIBODY_KUR - && body_type != OSSL_CMP_PKIBODY_POLLREQ) + && body_type != OSSL_CMP_PKIBODY_IR + && body_type != OSSL_CMP_PKIBODY_CR + && body_type != OSSL_CMP_PKIBODY_P10CR + && body_type != OSSL_CMP_PKIBODY_KUR + && body_type != OSSL_CMP_PKIBODY_POLLREQ) keep_alive = 0; return keep_alive; } @@ -49,7 +49,7 @@ * Any previous error queue entries will likely be removed by ERR_clear_error(). */ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { char server_port[32] = { '\0' }; STACK_OF(CONF_VALUE) *headers = NULL; @@ -74,19 +74,19 @@ tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL; if (ctx->http_ctx == NULL) ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s", - ctx->server, server_port, tls_used ? " using TLS" : ""); + ctx->server, server_port, tls_used ? " using TLS" : ""); rsp = OSSL_HTTP_transfer(&ctx->http_ctx, ctx->server, server_port, - ctx->serverPath, tls_used, - ctx->proxy, ctx->no_proxy, - NULL /* bio */, NULL /* rbio */, - ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), - 0 /* buf_size */, headers, - content_type_pkix, req_mem, - content_type_pkix, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, - ctx->msg_timeout, - keep_alive(ctx->keep_alive, req->body->type)); + ctx->serverPath, tls_used, + ctx->proxy, ctx->no_proxy, + NULL /* bio */, NULL /* rbio */, + ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), + 0 /* buf_size */, headers, + content_type_pkix, req_mem, + content_type_pkix, 1 /* expect_asn1 */, + OSSL_HTTP_DEFAULT_MAX_RESP_LEN, + ctx->msg_timeout, + keep_alive(ctx->keep_alive, req->body->type)); BIO_free(req_mem); res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL); BIO_free(rsp); @@ -100,7 +100,7 @@ */ if (res != NULL) ossl_cmp_debug(ctx, "finished reading response from CMP server"); - err: +err: sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); return res; } --- crypto/openssl/crypto/cmp/cmp_local.h.orig +++ crypto/openssl/crypto/cmp/cmp_local.h @@ -10,20 +10,20 @@ */ #ifndef OSSL_CRYPTO_CMP_LOCAL_H -# define OSSL_CRYPTO_CMP_LOCAL_H +#define OSSL_CRYPTO_CMP_LOCAL_H -# include "internal/cryptlib.h" +#include "internal/cryptlib.h" -# include -# include +#include +#include /* explicit #includes not strictly needed since implied by the above: */ -# include -# include -# include -# include -# include -# include "crypto/x509.h" +#include +#include +#include +#include +#include +#include "crypto/x509.h" #define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL) @@ -735,60 +735,60 @@ /* from cmp_util.c */ const char *ossl_cmp_log_parse_metadata(const char *buf, - OSSL_CMP_severity *level, char **func, - char **file, int *line); -# define ossl_cmp_add_error_data(txt) ERR_add_error_txt(" : ", txt) -# define ossl_cmp_add_error_line(txt) ERR_add_error_txt("\n", txt) + OSSL_CMP_severity *level, char **func, + char **file, int *line); +#define ossl_cmp_add_error_data(txt) ERR_add_error_txt(" : ", txt) +#define ossl_cmp_add_error_line(txt) ERR_add_error_txt("\n", txt) /* The two functions manipulating X509_STORE could be generally useful */ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_issued); + int only_self_issued); STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, - const char *text, int len); + const char *text, int len); int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, - const ASN1_OCTET_STRING *src); + const ASN1_OCTET_STRING *src); int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); /* from cmp_ctx.c */ int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx, - const char *func, const char *file, int line, - const char *level_str, const char *format, ...); -# define ossl_cmp_log(level, ctx, msg) \ + const char *func, const char *file, int line, + const char *level_str, const char *format, ...); +#define ossl_cmp_log(level, ctx, msg) \ ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, "%s", msg) -# define ossl_cmp_log1(level, ctx, fmt, arg1) \ + OPENSSL_LINE, #level, "%s", msg) +#define ossl_cmp_log1(level, ctx, fmt, arg1) \ ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, fmt, arg1) -# define ossl_cmp_log2(level, ctx, fmt, arg1, arg2) \ + OPENSSL_LINE, #level, fmt, arg1) +#define ossl_cmp_log2(level, ctx, fmt, arg1, arg2) \ ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, fmt, arg1, arg2) -# define ossl_cmp_log3(level, ctx, fmt, arg1, arg2, arg3) \ + OPENSSL_LINE, #level, fmt, arg1, arg2) +#define ossl_cmp_log3(level, ctx, fmt, arg1, arg2, arg3) \ ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, fmt, arg1, arg2, arg3) -# define ossl_cmp_log4(level, ctx, fmt, arg1, arg2, arg3, arg4) \ + OPENSSL_LINE, #level, fmt, arg1, arg2, arg3) +#define ossl_cmp_log4(level, ctx, fmt, arg1, arg2, arg3, arg4) \ ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, fmt, arg1, arg2, arg3, arg4) -# define OSSL_CMP_LOG_ERROR OSSL_CMP_LOG_ERR -# define OSSL_CMP_LOG_WARN OSSL_CMP_LOG_WARNING -# define ossl_cmp_alert(ctx, msg) ossl_cmp_log(ALERT, ctx, msg) -# define ossl_cmp_err(ctx, msg) ossl_cmp_log(ERROR, ctx, msg) -# define ossl_cmp_warn(ctx, msg) ossl_cmp_log(WARN, ctx, msg) -# define ossl_cmp_info(ctx, msg) ossl_cmp_log(INFO, ctx, msg) -# define ossl_cmp_debug(ctx, msg) ossl_cmp_log(DEBUG, ctx, msg) -# define ossl_cmp_trace(ctx, msg) ossl_cmp_log(TRACE, ctx, msg) + OPENSSL_LINE, #level, fmt, arg1, arg2, arg3, arg4) +#define OSSL_CMP_LOG_ERROR OSSL_CMP_LOG_ERR +#define OSSL_CMP_LOG_WARN OSSL_CMP_LOG_WARNING +#define ossl_cmp_alert(ctx, msg) ossl_cmp_log(ALERT, ctx, msg) +#define ossl_cmp_err(ctx, msg) ossl_cmp_log(ERROR, ctx, msg) +#define ossl_cmp_warn(ctx, msg) ossl_cmp_log(WARN, ctx, msg) +#define ossl_cmp_info(ctx, msg) ossl_cmp_log(INFO, ctx, msg) +#define ossl_cmp_debug(ctx, msg) ossl_cmp_log(DEBUG, ctx, msg) +#define ossl_cmp_trace(ctx, msg) ossl_cmp_log(TRACE, ctx, msg) int ossl_cmp_ctx_set0_validatedSrvCert(OSSL_CMP_CTX *ctx, X509 *cert); int ossl_cmp_ctx_set_status(OSSL_CMP_CTX *ctx, int status); int ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx, - OSSL_CMP_PKIFREETEXT *text); + OSSL_CMP_PKIFREETEXT *text); int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info); int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert); int ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain); int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs); int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsIn); + STACK_OF(X509) *extraCertsIn); int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce); + const ASN1_OCTET_STRING *nonce); EVP_PKEY *ossl_cmp_ctx_get0_newPubkey(const OSSL_CMP_CTX *ctx); /* from cmp_status.c */ @@ -808,126 +808,126 @@ int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr); int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr, - const ASN1_OCTET_STRING *senderKID); + const ASN1_OCTET_STRING *senderKID); int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr, - OSSL_CMP_ITAV *itav); + OSSL_CMP_ITAV *itav); int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr, - const STACK_OF(OSSL_CMP_ITAV) *itavs); + const STACK_OF(OSSL_CMP_ITAV) *itavs); int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr); -# define OSSL_CMP_TRANSACTIONID_LENGTH 16 -# define OSSL_CMP_SENDERNONCE_LENGTH 16 +#define OSSL_CMP_TRANSACTIONID_LENGTH 16 +#define OSSL_CMP_SENDERNONCE_LENGTH 16 int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ /* OSSL_CMP_MSG bodytype ASN.1 choice IDs */ -# define OSSL_CMP_PKIBODY_IR 0 -# define OSSL_CMP_PKIBODY_IP 1 -# define OSSL_CMP_PKIBODY_CR 2 -# define OSSL_CMP_PKIBODY_CP 3 -# define OSSL_CMP_PKIBODY_P10CR 4 -# define OSSL_CMP_PKIBODY_POPDECC 5 -# define OSSL_CMP_PKIBODY_POPDECR 6 -# define OSSL_CMP_PKIBODY_KUR 7 -# define OSSL_CMP_PKIBODY_KUP 8 -# define OSSL_CMP_PKIBODY_KRR 9 -# define OSSL_CMP_PKIBODY_KRP 10 -# define OSSL_CMP_PKIBODY_RR 11 -# define OSSL_CMP_PKIBODY_RP 12 -# define OSSL_CMP_PKIBODY_CCR 13 -# define OSSL_CMP_PKIBODY_CCP 14 -# define OSSL_CMP_PKIBODY_CKUANN 15 -# define OSSL_CMP_PKIBODY_CANN 16 -# define OSSL_CMP_PKIBODY_RANN 17 -# define OSSL_CMP_PKIBODY_CRLANN 18 -# define OSSL_CMP_PKIBODY_PKICONF 19 -# define OSSL_CMP_PKIBODY_NESTED 20 -# define OSSL_CMP_PKIBODY_GENM 21 -# define OSSL_CMP_PKIBODY_GENP 22 -# define OSSL_CMP_PKIBODY_ERROR 23 -# define OSSL_CMP_PKIBODY_CERTCONF 24 -# define OSSL_CMP_PKIBODY_POLLREQ 25 -# define OSSL_CMP_PKIBODY_POLLREP 26 -# define OSSL_CMP_PKIBODY_TYPE_MAX OSSL_CMP_PKIBODY_POLLREP +#define OSSL_CMP_PKIBODY_IR 0 +#define OSSL_CMP_PKIBODY_IP 1 +#define OSSL_CMP_PKIBODY_CR 2 +#define OSSL_CMP_PKIBODY_CP 3 +#define OSSL_CMP_PKIBODY_P10CR 4 +#define OSSL_CMP_PKIBODY_POPDECC 5 +#define OSSL_CMP_PKIBODY_POPDECR 6 +#define OSSL_CMP_PKIBODY_KUR 7 +#define OSSL_CMP_PKIBODY_KUP 8 +#define OSSL_CMP_PKIBODY_KRR 9 +#define OSSL_CMP_PKIBODY_KRP 10 +#define OSSL_CMP_PKIBODY_RR 11 +#define OSSL_CMP_PKIBODY_RP 12 +#define OSSL_CMP_PKIBODY_CCR 13 +#define OSSL_CMP_PKIBODY_CCP 14 +#define OSSL_CMP_PKIBODY_CKUANN 15 +#define OSSL_CMP_PKIBODY_CANN 16 +#define OSSL_CMP_PKIBODY_RANN 17 +#define OSSL_CMP_PKIBODY_CRLANN 18 +#define OSSL_CMP_PKIBODY_PKICONF 19 +#define OSSL_CMP_PKIBODY_NESTED 20 +#define OSSL_CMP_PKIBODY_GENM 21 +#define OSSL_CMP_PKIBODY_GENP 22 +#define OSSL_CMP_PKIBODY_ERROR 23 +#define OSSL_CMP_PKIBODY_CERTCONF 24 +#define OSSL_CMP_PKIBODY_POLLREQ 25 +#define OSSL_CMP_PKIBODY_POLLREP 26 +#define OSSL_CMP_PKIBODY_TYPE_MAX OSSL_CMP_PKIBODY_POLLREP /* certReqId for the first - and so far only - certificate request */ -# define OSSL_CMP_CERTREQID 0 -# define OSSL_CMP_CERTREQID_NONE -1 -# define OSSL_CMP_CERTREQID_INVALID -2 +#define OSSL_CMP_CERTREQID 0 +#define OSSL_CMP_CERTREQID_NONE -1 +#define OSSL_CMP_CERTREQID_INVALID -2 /* sequence id for the first - and so far only - revocation request */ -# define OSSL_CMP_REVREQSID 0 +#define OSSL_CMP_REVREQSID 0 int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); const char *ossl_cmp_bodytype_to_string(int type); int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, - const OSSL_CRMF_MSG *crm); + const OSSL_CRMF_MSG *crm); OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, - int certReqId, const OSSL_CMP_PKISI *si, - X509 *cert, const X509 *encryption_recip, - STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, - int unprotectedErrors); + int certReqId, const OSSL_CMP_PKISI *si, + X509 *cert, const X509 *encryption_recip, + STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, + int unprotectedErrors); OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx); OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - const OSSL_CRMF_CERTID *cid, - int unprotectedErrors); + const OSSL_CRMF_CERTID *cid, + int unprotectedErrors); OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx); OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, - int64_t poll_after); + int64_t poll_after); int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav); int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, - const STACK_OF(OSSL_CMP_ITAV) *itavs); + const STACK_OF(OSSL_CMP_ITAV) *itavs); OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx); OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx, - const STACK_OF(OSSL_CMP_ITAV) *itavs); + const STACK_OF(OSSL_CMP_ITAV) *itavs); OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - int64_t errorCode, const char *details, - int unprotected); + int64_t errorCode, const char *details, + int unprotected); int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus, - ASN1_OCTET_STRING *hash); + ASN1_OCTET_STRING *hash); OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId, - int fail_info, const char *text); + int fail_info, const char *text); OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid); OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, - int64_t poll_after); + int64_t poll_after); OSSL_CMP_PKISI * ossl_cmp_revrepcontent_get_pkisi(OSSL_CMP_REVREPCONTENT *rrep, int rsid); OSSL_CRMF_CERTID *ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rc, - int rsid); + int rsid); OSSL_CMP_POLLREP * ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, - int rid); + int rid); OSSL_CMP_CERTRESPONSE * ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, - int rid); + int rid); X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_CERTRESPONSE *crep); + const OSSL_CMP_CERTRESPONSE *crep); OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file); /* from cmp_protect.c */ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg); + const OSSL_CMP_MSG *msg); int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); /* from cmp_vfy.c */ typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, - int invalid_protection, int arg); + const OSSL_CMP_MSG *msg, + int invalid_protection, int arg); int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, int accept_RAVerified); + const OSSL_CMP_MSG *msg, int accept_RAVerified); /* from cmp_client.c */ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId, - int fail_info, const char *txt); + int fail_info, const char *txt); int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info, - const char *txt, int errorCode, const char *detail); + const char *txt, int errorCode, const char *detail); #endif /* !defined(OSSL_CRYPTO_CMP_LOCAL_H) */ --- crypto/openssl/crypto/cmp/cmp_msg.c.orig +++ crypto/openssl/crypto/cmp/cmp_msg.c @@ -25,7 +25,7 @@ OSSL_CMP_MSG *msg = NULL; msg = (OSSL_CMP_MSG *)ASN1_item_new_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), - libctx, propq); + libctx, propq); if (!ossl_cmp_msg_set0_libctx(msg, libctx, propq)) { OSSL_CMP_MSG_free(msg); msg = NULL; @@ -44,7 +44,7 @@ * Use OSSL_CMP_MSG_new() instead if possible. */ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { if (msg != NULL) { msg->libctx = libctx; @@ -59,7 +59,6 @@ return 1; } - OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg) { if (msg == NULL) { @@ -72,11 +71,33 @@ const char *ossl_cmp_bodytype_to_string(int type) { static const char *type_names[] = { - "IR", "IP", "CR", "CP", "P10CR", - "POPDECC", "POPDECR", "KUR", "KUP", - "KRR", "KRP", "RR", "RP", "CCR", "CCP", - "CKUANN", "CANN", "RANN", "CRLANN", "PKICONF", "NESTED", - "GENM", "GENP", "ERROR", "CERTCONF", "POLLREQ", "POLLREP", + "IR", + "IP", + "CR", + "CP", + "P10CR", + "POPDECC", + "POPDECR", + "KUR", + "KUP", + "KRR", + "KRP", + "RR", + "RP", + "CCR", + "CCP", + "CKUANN", + "CANN", + "RANN", + "CRLANN", + "PKICONF", + "NESTED", + "GENM", + "GENP", + "ERROR", + "CERTCONF", + "POLLREQ", + "POLLREP", }; if (type < 0 || type > OSSL_CMP_PKIBODY_TYPE_MAX) @@ -120,7 +141,7 @@ /* Add extension list to the referenced extension stack, which may be NULL */ static int add_extensions(STACK_OF(X509_EXTENSION) **target, - const STACK_OF(X509_EXTENSION) *exts) + const STACK_OF(X509_EXTENSION) *exts) { int i; @@ -168,11 +189,11 @@ if ((msg = OSSL_CMP_MSG_new(ctx->libctx, ctx->propq)) == NULL) return NULL; if (!ossl_cmp_hdr_init(ctx, msg->header) - || !ossl_cmp_msg_set_bodytype(msg, bodytype)) + || !ossl_cmp_msg_set_bodytype(msg, bodytype)) goto err; if (ctx->geninfo_ITAVs != NULL - && !ossl_cmp_hdr_generalInfo_push1_items(msg->header, - ctx->geninfo_ITAVs)) + && !ossl_cmp_hdr_generalInfo_push1_items(msg->header, + ctx->geninfo_ITAVs)) goto err; switch (bodytype) { @@ -209,8 +230,7 @@ return msg; case OSSL_CMP_PKIBODY_CERTCONF: - if ((msg->body->value.certConf = - sk_OSSL_CMP_CERTSTATUS_new_null()) == NULL) + if ((msg->body->value.certConf = sk_OSSL_CMP_CERTSTATUS_new_null()) == NULL) goto err; return msg; case OSSL_CMP_PKIBODY_PKICONF: @@ -244,17 +264,17 @@ goto err; } - err: +err: OSSL_CMP_MSG_free(msg); return NULL; } -#define HAS_SAN(ctx) \ +#define HAS_SAN(ctx) \ (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ - || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) + || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, int for_KUR, - const X509_NAME *ref_subj) + const X509_NAME *ref_subj) { if (ctx->subjectName != NULL) return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName; @@ -276,8 +296,7 @@ /* refcert defaults to current client cert */ EVP_PKEY *rkey = ossl_cmp_ctx_get0_newPubkey(ctx); STACK_OF(GENERAL_NAME) *default_sans = NULL; - const X509_NAME *ref_subj = - refcert != NULL ? X509_get_subject_name(refcert) : NULL; + const X509_NAME *ref_subj = refcert != NULL ? X509_get_subject_name(refcert) : NULL; const X509_NAME *subject = determine_subj(ctx, for_KUR, ref_subj); const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL ? (IS_NULL_DN(ctx->issuer) ? NULL : ctx->issuer) @@ -299,13 +318,13 @@ if ((crm = OSSL_CRMF_MSG_new()) == NULL) return NULL; if (!OSSL_CRMF_MSG_set_certReqId(crm, rid) - /* - * fill certTemplate, corresponding to CertificationRequestInfo - * of PKCS#10. The rkey param cannot be NULL so far - - * it could be NULL if centralized key creation was supported - */ - || !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey, - subject, issuer, NULL /* serial */)) + /* + * fill certTemplate, corresponding to CertificationRequestInfo + * of PKCS#10. The rkey param cannot be NULL so far - + * it could be NULL if centralized key creation was supported + */ + || !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey, + subject, issuer, NULL /* serial */)) goto err; if (ctx->days != 0) { time_t now = time(NULL); @@ -313,8 +332,8 @@ ASN1_TIME *notAfter = ASN1_TIME_adj(NULL, now, ctx->days, 0); if (notBefore == NULL - || notAfter == NULL - || !OSSL_CRMF_MSG_set0_validity(crm, notBefore, notAfter)) { + || notAfter == NULL + || !OSSL_CRMF_MSG_set0_validity(crm, notBefore, notAfter)) { ASN1_TIME_free(notBefore); ASN1_TIME_free(notAfter); goto err; @@ -323,24 +342,24 @@ /* extensions */ if (ctx->p10CSR != NULL - && (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL) + && (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL) goto err; if (!ctx->SubjectAltName_nodefault && !HAS_SAN(ctx) && refcert != NULL - && (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), - NID_subject_alt_name, NULL, NULL)) + && (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), + NID_subject_alt_name, NULL, NULL)) != NULL - && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) + && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) goto err; if (ctx->reqExtensions != NULL /* augment/override existing ones */ - && !add_extensions(&exts, ctx->reqExtensions)) + && !add_extensions(&exts, ctx->reqExtensions)) goto err; if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 - && !add1_extension(&exts, NID_subject_alt_name, - crit, ctx->subjectAltNames)) + && !add1_extension(&exts, NID_subject_alt_name, + crit, ctx->subjectAltNames)) goto err; if (ctx->policies != NULL - && !add1_extension(&exts, NID_certificate_policies, - ctx->setPoliciesCritical, ctx->policies)) + && !add1_extension(&exts, NID_certificate_policies, + ctx->setPoliciesCritical, ctx->policies)) goto err; if (!OSSL_CRMF_MSG_set0_extensions(crm, exts)) goto err; @@ -349,9 +368,8 @@ /* for KUR, set OldCertId according to D.6 */ if (for_KUR && refcert != NULL) { - OSSL_CRMF_CERTID *cid = - OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert), - X509_get0_serialNumber(refcert)); + OSSL_CRMF_CERTID *cid = OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert), + X509_get0_serialNumber(refcert)); int ret; if (cid == NULL) @@ -364,18 +382,18 @@ goto end; - err: +err: OSSL_CRMF_MSG_free(crm); crm = NULL; - end: +end: sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); sk_GENERAL_NAME_pop_free(default_sans, GENERAL_NAME_free); return crm; } OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type, - const OSSL_CRMF_MSG *crm) + const OSSL_CRMF_MSG *crm) { OSSL_CMP_MSG *msg; OSSL_CRMF_MSG *local_crm = NULL; @@ -384,7 +402,7 @@ return NULL; if (type != OSSL_CMP_PKIBODY_IR && type != OSSL_CMP_PKIBODY_CR - && type != OSSL_CMP_PKIBODY_KUR && type != OSSL_CMP_PKIBODY_P10CR) { + && type != OSSL_CMP_PKIBODY_KUR && type != OSSL_CMP_PKIBODY_P10CR) { ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); return NULL; } @@ -412,12 +430,12 @@ } if (crm == NULL) { local_crm = OSSL_CMP_CTX_setup_CRM(ctx, - type == OSSL_CMP_PKIBODY_KUR, - OSSL_CMP_CERTREQID); + type == OSSL_CMP_PKIBODY_KUR, + OSSL_CMP_CERTREQID); if (local_crm == NULL || !OSSL_CRMF_MSG_create_popo(ctx->popoMethod, local_crm, - privkey, ctx->digest, - ctx->libctx, ctx->propq)) + privkey, ctx->digest, + ctx->libctx, ctx->propq)) goto err; } else { if ((local_crm = OSSL_CRMF_MSG_dup(crm)) == NULL) @@ -435,7 +453,7 @@ return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREQ); OSSL_CRMF_MSG_free(local_crm); OSSL_CMP_MSG_free(msg); @@ -443,10 +461,10 @@ } OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, - int certReqId, const OSSL_CMP_PKISI *si, - X509 *cert, const X509 *encryption_recip, - STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, - int unprotectedErrors) + int certReqId, const OSSL_CMP_PKISI *si, + X509 *cert, const X509 *encryption_recip, + STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, + int unprotectedErrors) { OSSL_CMP_MSG *msg = NULL; OSSL_CMP_CERTREPMESSAGE *repMsg = NULL; @@ -469,12 +487,12 @@ goto err; OSSL_CMP_PKISI_free(resp->status); if ((resp->status = OSSL_CMP_PKISI_dup(si)) == NULL - || !ASN1_INTEGER_set(resp->certReqId, certReqId)) + || !ASN1_INTEGER_set(resp->certReqId, certReqId)) goto err; status = ossl_cmp_pkisi_get_status(resp->status); if (status != OSSL_CMP_PKISTATUS_rejection - && status != OSSL_CMP_PKISTATUS_waiting && cert != NULL) { + && status != OSSL_CMP_PKISTATUS_waiting && cert != NULL) { if (encryption_recip != NULL) { ERR_raise(ERR_LIB_CMP, ERR_R_UNSUPPORTED); goto err; @@ -483,8 +501,7 @@ if ((resp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) == NULL) goto err; - resp->certifiedKeyPair->certOrEncCert->type = - OSSL_CMP_CERTORENCCERT_CERTIFICATE; + resp->certifiedKeyPair->certOrEncCert->type = OSSL_CMP_CERTORENCCERT_CERTIFICATE; if (!X509_up_ref(cert)) goto err; resp->certifiedKeyPair->certOrEncCert->value.certificate = cert; @@ -495,21 +512,21 @@ resp = NULL; if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL - && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL) + && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL) goto err; if (sk_X509_num(chain) > 0 && !ossl_x509_add_certs_new(&msg->extraCerts, chain, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) goto err; if (!unprotectedErrors - || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) + || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) if (!ossl_cmp_msg_protect(ctx, msg)) goto err; return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP); OSSL_CMP_CERTRESPONSE_free(resp); OSSL_CMP_MSG_free(msg); @@ -522,8 +539,7 @@ OSSL_CMP_REVDETAILS *rd; int ret; - if (!ossl_assert(ctx != NULL && (ctx->oldCert != NULL - || ctx->p10CSR != NULL))) + if (!ossl_assert(ctx != NULL && (ctx->oldCert != NULL || ctx->p10CSR != NULL))) return NULL; if ((rd = OSSL_CMP_REVDETAILS_new()) == NULL) @@ -531,22 +547,22 @@ /* Fill the template from the contents of the certificate to be revoked */ ret = ctx->oldCert != NULL - ? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, - NULL /* pubkey would be redundant */, - NULL /* subject would be redundant */, - X509_get_issuer_name(ctx->oldCert), - X509_get0_serialNumber(ctx->oldCert)) - : OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, - X509_REQ_get0_pubkey(ctx->p10CSR), - X509_REQ_get_subject_name(ctx->p10CSR), - NULL, NULL); + ? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, + NULL /* pubkey would be redundant */, + NULL /* subject would be redundant */, + X509_get_issuer_name(ctx->oldCert), + X509_get0_serialNumber(ctx->oldCert)) + : OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, + X509_REQ_get0_pubkey(ctx->p10CSR), + X509_REQ_get_subject_name(ctx->p10CSR), + NULL, NULL); if (!ret) goto err; /* revocation reason code is optional */ if (ctx->revocationReason != CRL_REASON_NONE - && !add_crl_reason_extension(&rd->crlEntryDetails, - ctx->revocationReason)) + && !add_crl_reason_extension(&rd->crlEntryDetails, + ctx->revocationReason)) goto err; if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_RR)) == NULL) @@ -562,7 +578,7 @@ return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_RR); OSSL_CMP_MSG_free(msg); OSSL_CMP_REVDETAILS_free(rd); @@ -570,7 +586,7 @@ } OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - const OSSL_CRMF_CERTID *cid, int unprotectedErrors) + const OSSL_CRMF_CERTID *cid, int unprotectedErrors) { OSSL_CMP_REVREPCONTENT *rep = NULL; OSSL_CMP_PKISI *si1 = NULL; @@ -604,13 +620,13 @@ } if (!unprotectedErrors - || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) + || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) if (!ossl_cmp_msg_protect(ctx, msg)) goto err; return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_RP); OSSL_CMP_MSG_free(msg); return NULL; @@ -628,7 +644,7 @@ if (ossl_cmp_msg_protect(ctx, msg)) return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_PKICONF); OSSL_CMP_MSG_free(msg); return NULL; @@ -643,7 +659,7 @@ bodytype = OSSL_CMP_MSG_get_bodytype(msg); if (bodytype != OSSL_CMP_PKIBODY_GENM - && bodytype != OSSL_CMP_PKIBODY_GENP) { + && bodytype != OSSL_CMP_PKIBODY_GENP) { ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); return 0; } @@ -653,7 +669,7 @@ } int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, - const STACK_OF(OSSL_CMP_ITAV) *itavs) + const STACK_OF(OSSL_CMP_ITAV) *itavs) { int i; OSSL_CMP_ITAV *itav = NULL; @@ -664,7 +680,7 @@ for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) { itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i)); if (itav == NULL - || !ossl_cmp_msg_gen_push0_ITAV(msg, itav)) { + || !ossl_cmp_msg_gen_push0_ITAV(msg, itav)) { OSSL_CMP_ITAV_free(itav); return 0; } @@ -677,8 +693,8 @@ * returns a pointer to the PKIMessage on success, NULL on error */ static OSSL_CMP_MSG *gen_new(OSSL_CMP_CTX *ctx, - const STACK_OF(OSSL_CMP_ITAV) *itavs, - int body_type, int err_code) + const STACK_OF(OSSL_CMP_ITAV) *itavs, + int body_type, int err_code) { OSSL_CMP_MSG *msg = NULL; @@ -696,7 +712,7 @@ return msg; - err: +err: ERR_raise(ERR_LIB_CMP, err_code); OSSL_CMP_MSG_free(msg); return NULL; @@ -705,19 +721,19 @@ OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx) { return gen_new(ctx, ctx->genm_ITAVs, - OSSL_CMP_PKIBODY_GENM, CMP_R_ERROR_CREATING_GENM); + OSSL_CMP_PKIBODY_GENM, CMP_R_ERROR_CREATING_GENM); } OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx, - const STACK_OF(OSSL_CMP_ITAV) *itavs) + const STACK_OF(OSSL_CMP_ITAV) *itavs) { return gen_new(ctx, itavs, - OSSL_CMP_PKIBODY_GENP, CMP_R_ERROR_CREATING_GENP); + OSSL_CMP_PKIBODY_GENP, CMP_R_ERROR_CREATING_GENP); } OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - int64_t errorCode, const char *details, - int unprotected) + int64_t errorCode, const char *details, + int unprotected) { OSSL_CMP_MSG *msg = NULL; const char *lib = NULL, *reason = NULL; @@ -738,7 +754,7 @@ if (!ASN1_INTEGER_set_int64(msg->body->value.error->errorCode, errorCode)) goto err; if (errorCode > 0 - && (uint64_t)errorCode < ((uint64_t)ERR_SYSTEM_FLAG << 1)) { + && (uint64_t)errorCode < ((uint64_t)ERR_SYSTEM_FLAG << 1)) { lib = ERR_lib_error_string((unsigned long)errorCode); reason = ERR_reason_error_string((unsigned long)errorCode); } @@ -747,13 +763,13 @@ goto err; msg->body->value.error->errorDetails = ft; if (lib != NULL && *lib != '\0' - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib, -1)) + && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib, -1)) goto err; if (reason != NULL && *reason != '\0' - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason, -1)) + && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason, -1)) goto err; if (details != NULL - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details, -1)) + && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details, -1)) goto err; } @@ -761,7 +777,7 @@ goto err; return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_ERROR); OSSL_CMP_MSG_free(msg); return NULL; @@ -773,7 +789,7 @@ * to confirm that the certificate was received successfully. */ int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus, - ASN1_OCTET_STRING *hash) + ASN1_OCTET_STRING *hash) { if (!ossl_assert(certStatus != NULL)) return 0; @@ -783,7 +799,7 @@ } OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId, - int fail_info, const char *text) + int fail_info, const char *text) { OSSL_CMP_MSG *msg = NULL; OSSL_CMP_CERTSTATUS *certStatus = NULL; @@ -791,8 +807,8 @@ OSSL_CMP_PKISI *sinfo; if (!ossl_assert(ctx != NULL && ctx->newCert != NULL - && (certReqId == OSSL_CMP_CERTREQID - || certReqId == OSSL_CMP_CERTREQID_NONE))) + && (certReqId == OSSL_CMP_CERTREQID + || certReqId == OSSL_CMP_CERTREQID_NONE))) return NULL; if ((unsigned)fail_info > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) { @@ -832,9 +848,7 @@ * be provided in the statusInfo field, perhaps for auditing purposes at * the CA/RA. */ - sinfo = fail_info != 0 ? - OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, fail_info, text) : - OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_accepted, 0, text); + sinfo = fail_info != 0 ? OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, fail_info, text) : OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_accepted, 0, text); if (sinfo == NULL) goto err; certStatus->statusInfo = sinfo; @@ -844,7 +858,7 @@ return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTCONF); OSSL_CMP_MSG_free(msg); ASN1_OCTET_STRING_free(certHash); @@ -863,8 +877,8 @@ goto err; if ((preq = OSSL_CMP_POLLREQ_new()) == NULL - || !ASN1_INTEGER_set(preq->certReqId, crid) - || !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq)) + || !ASN1_INTEGER_set(preq->certReqId, crid) + || !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq)) goto err; preq = NULL; @@ -873,7 +887,7 @@ return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_POLLREQ); OSSL_CMP_POLLREQ_free(preq); OSSL_CMP_MSG_free(msg); @@ -881,7 +895,7 @@ } OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, - int64_t poll_after) + int64_t poll_after) { OSSL_CMP_MSG *msg; OSSL_CMP_POLLREP *prep; @@ -904,7 +918,7 @@ goto err; return msg; - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_POLLREP); OSSL_CMP_MSG_free(msg); return NULL; @@ -977,7 +991,7 @@ */ OSSL_CMP_POLLREP * ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, - int rid) + int rid) { OSSL_CMP_POLLREP *pollRep = NULL; int i; @@ -992,7 +1006,7 @@ } ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTRESPONSE_NOT_FOUND, - "expected certReqId = %d", rid); + "expected certReqId = %d", rid); return NULL; } @@ -1003,7 +1017,7 @@ */ OSSL_CMP_CERTRESPONSE * ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, - int rid) + int rid) { OSSL_CMP_CERTRESPONSE *crep = NULL; int i; @@ -1018,7 +1032,7 @@ } ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTRESPONSE_NOT_FOUND, - "expected certReqId = %d", rid); + "expected certReqId = %d", rid); return NULL; } @@ -1028,7 +1042,7 @@ * Returns a pointer to a copy of the found certificate, or NULL if not found. */ X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_CERTRESPONSE *crep) + const OSSL_CMP_CERTRESPONSE *crep) { OSSL_CMP_CERTORENCCERT *coec; X509 *crt = NULL; @@ -1038,7 +1052,7 @@ return NULL; if (crep->certifiedKeyPair - && (coec = crep->certifiedKeyPair->certOrEncCert) != NULL) { + && (coec = crep->certifiedKeyPair->certOrEncCert) != NULL) { switch (coec->type) { case OSSL_CMP_CERTORENCCERT_CERTIFICATE: crt = X509_dup(coec->value.certificate); @@ -1051,10 +1065,9 @@ ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY); return NULL; } - crt = - OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(coec->value.encryptedCert, - ctx->libctx, ctx->propq, - pkey); + crt = OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(coec->value.encryptedCert, + ctx->libctx, ctx->propq, + pkey); break; default: ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_CERT_TYPE); @@ -1077,7 +1090,7 @@ if (!ossl_cmp_hdr_set_transactionID(ctx, msg->header)) return 0; return msg->header->protectionAlg == NULL - || ossl_cmp_msg_protect(ctx, msg); + || ossl_cmp_msg_protect(ctx, msg); } int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) @@ -1089,13 +1102,13 @@ if (ctx->recipNonce == NULL) /* nothing to do for 1st msg in transaction */ return 1; if (!ossl_cmp_asn1_octet_string_set1(&msg->header->recipNonce, - ctx->recipNonce)) + ctx->recipNonce)) return 0; return msg->header->protectionAlg == NULL || ossl_cmp_msg_protect(ctx, msg); } OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { OSSL_CMP_MSG *msg; BIO *bio = NULL; @@ -1106,13 +1119,13 @@ } msg = OSSL_CMP_MSG_new(libctx, propq); - if (msg == NULL){ + if (msg == NULL) { ERR_raise(ERR_LIB_CMP, ERR_R_MALLOC_FAILURE); return NULL; } if ((bio = BIO_new_file(file, "rb")) == NULL - || d2i_OSSL_CMP_MSG_bio(bio, &msg) == NULL) { + || d2i_OSSL_CMP_MSG_bio(bio, &msg) == NULL) { OSSL_CMP_MSG_free(msg); msg = NULL; } @@ -1139,25 +1152,25 @@ } OSSL_CMP_MSG *d2i_OSSL_CMP_MSG(OSSL_CMP_MSG **msg, const unsigned char **in, - long len) + long len) { OSSL_LIB_CTX *libctx = NULL; const char *propq = NULL; if (msg != NULL && *msg != NULL) { - libctx = (*msg)->libctx; + libctx = (*msg)->libctx; propq = (*msg)->propq; } return (OSSL_CMP_MSG *)ASN1_item_d2i_ex((ASN1_VALUE **)msg, in, len, - ASN1_ITEM_rptr(OSSL_CMP_MSG), - libctx, propq); + ASN1_ITEM_rptr(OSSL_CMP_MSG), + libctx, propq); } int i2d_OSSL_CMP_MSG(const OSSL_CMP_MSG *msg, unsigned char **out) { return ASN1_item_i2d((const ASN1_VALUE *)msg, out, - ASN1_ITEM_rptr(OSSL_CMP_MSG)); + ASN1_ITEM_rptr(OSSL_CMP_MSG)); } OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg) @@ -1166,12 +1179,12 @@ const char *propq = NULL; if (msg != NULL && *msg != NULL) { - libctx = (*msg)->libctx; + libctx = (*msg)->libctx; propq = (*msg)->propq; } return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), bio, msg, libctx, - propq); + propq); } int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg) --- crypto/openssl/crypto/cmp/cmp_protect.c.orig +++ crypto/openssl/crypto/cmp/cmp_protect.c @@ -28,7 +28,7 @@ * returns ASN1_BIT_STRING representing the protection on success, else NULL */ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg) + const OSSL_CMP_MSG *msg) { ASN1_BIT_STRING *prot = NULL; OSSL_CMP_PROTECTEDPART prot_part; @@ -84,9 +84,9 @@ } if (!OSSL_CRMF_pbm_new(ctx->libctx, ctx->propq, - pbm, prot_part_der, prot_part_der_len, - ctx->secretValue->data, ctx->secretValue->length, - &protection, &sig_len)) + pbm, prot_part_der, prot_part_der_len, + ctx->secretValue->data, ctx->secretValue->length, + &protection, &sig_len)) goto end; if ((prot = ASN1_BIT_STRING_new()) == NULL) @@ -109,11 +109,11 @@ if (ctx->pkey == NULL) { ERR_raise(ERR_LIB_CMP, - CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); + CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); return NULL; } if (!OBJ_find_sigid_algs(OBJ_obj2nid(algorOID), &md_nid, NULL) - || (md = EVP_get_digestbynid(md_nid)) == NULL) { + || (md = EVP_get_digestbynid(md_nid)) == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_ALGORITHM_ID); return NULL; } @@ -121,8 +121,8 @@ if ((prot = ASN1_BIT_STRING_new()) == NULL) return NULL; if (ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), NULL, - NULL, prot, &prot_part, NULL, ctx->pkey, md, - ctx->libctx, ctx->propq)) + NULL, prot, &prot_part, NULL, ctx->pkey, md, + ctx->libctx, ctx->propq)) return prot; ASN1_BIT_STRING_free(prot); return NULL; @@ -137,24 +137,24 @@ /* Add first ctx->cert and its chain if using signature-based protection */ if (!ctx->unprotectedSend && ctx->secretValue == NULL - && ctx->cert != NULL && ctx->pkey != NULL) { + && ctx->cert != NULL && ctx->pkey != NULL) { int prepend = X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP | X509_ADD_FLAG_PREPEND | X509_ADD_FLAG_NO_SS; /* if not yet done try to build chain using available untrusted certs */ if (ctx->chain == NULL) { ossl_cmp_debug(ctx, - "trying to build chain for own CMP signer cert"); + "trying to build chain for own CMP signer cert"); ctx->chain = X509_build_chain(ctx->cert, ctx->untrusted, NULL, 0, - ctx->libctx, ctx->propq); + ctx->libctx, ctx->propq); if (ctx->chain != NULL) { ossl_cmp_debug(ctx, - "success building chain for own CMP signer cert"); + "success building chain for own CMP signer cert"); } else { /* dump errors to avoid confusion when printing further ones */ OSSL_CMP_CTX_print_errors(ctx); ossl_cmp_warn(ctx, - "could not build chain for own CMP signer cert"); + "could not build chain for own CMP signer cert"); } } if (ctx->chain != NULL) { @@ -170,7 +170,7 @@ /* add any additional certificates from ctx->extraCertsOut */ if (!ossl_x509_add_certs_new(&msg->extraCerts, ctx->extraCertsOut, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) return 0; /* in case extraCerts are empty list avoid empty ASN.1 sequence */ @@ -196,8 +196,8 @@ return 0; pbm = OSSL_CRMF_pbmp_new(ctx->libctx, ctx->pbm_slen, - EVP_MD_get_type(ctx->pbm_owf), ctx->pbm_itercnt, - ctx->pbm_mac); + EVP_MD_get_type(ctx->pbm_owf), ctx->pbm_itercnt, + ctx->pbm_mac); pbm_str = ASN1_STRING_new(); if (pbm == NULL || pbm_str == NULL) goto err; @@ -212,11 +212,11 @@ OPENSSL_free(pbm_der); X509_ALGOR_set0(*alg, OBJ_nid2obj(NID_id_PasswordBasedMAC), - V_ASN1_SEQUENCE, pbm_str); + V_ASN1_SEQUENCE, pbm_str); OSSL_CRMF_PBMPARAMETER_free(pbm); return 1; - err: +err: ASN1_STRING_free(pbm_str); OPENSSL_free(pbm_der); OSSL_CRMF_PBMPARAMETER_free(pbm); @@ -229,7 +229,7 @@ ASN1_OBJECT *algo = NULL; if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_get_type(ctx->digest), - EVP_PKEY_get_id(ctx->pkey))) { + EVP_PKEY_get_id(ctx->pkey))) { ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_KEY_TYPE); return 0; } @@ -245,7 +245,7 @@ } static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg, - const ASN1_OCTET_STRING *id) + const ASN1_OCTET_STRING *id) { if (id == NULL) id = ctx->referenceValue; /* standard for PBM, fallback for sig-based */ @@ -302,11 +302,11 @@ */ } else { ERR_raise(ERR_LIB_CMP, - CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); + CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); goto err; } if (!ctx->unprotectedSend - && ((msg->protection = ossl_cmp_calc_protection(ctx, msg)) == NULL)) + && ((msg->protection = ossl_cmp_calc_protection(ctx, msg)) == NULL)) goto err; /* @@ -324,11 +324,11 @@ * the senderKID must be set, where we took the referenceValue as fallback. */ if (!(ossl_cmp_general_name_is_NULL_DN(msg->header->sender) - && msg->header->senderKID == NULL)) + && msg->header->senderKID == NULL)) return 1; ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_SENDER_IDENTIFICATION); - err: +err: ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROTECTING_MESSAGE); return 0; } --- crypto/openssl/crypto/cmp/cmp_server.c.orig +++ crypto/openssl/crypto/cmp/cmp_server.c @@ -20,9 +20,8 @@ #include /* the context for the generic CMP server */ -struct ossl_cmp_srv_ctx_st -{ - void *custom_ctx; /* pointer to application-specific server context */ +struct ossl_cmp_srv_ctx_st { + void *custom_ctx; /* pointer to application-specific server context */ OSSL_CMP_CTX *ctx; /* Client CMP context, reusing transactionID etc. */ int certReqId; /* id of last ir/cr/kur, OSSL_CMP_CERTREQID_NONE for p10cr */ @@ -34,9 +33,9 @@ OSSL_CMP_SRV_pollReq_cb_t process_pollReq; int sendUnprotectedErrors; /* Send error and rejection msgs unprotected */ - int acceptUnprotected; /* Accept requests with no/invalid prot. */ - int acceptRAVerified; /* Accept ir/cr/kur with POPO RAVerified */ - int grantImplicitConfirm; /* Grant implicit confirmation if requested */ + int acceptUnprotected; /* Accept requests with no/invalid prot. */ + int acceptRAVerified; /* Accept ir/cr/kur with POPO RAVerified */ + int grantImplicitConfirm; /* Grant implicit confirmation if requested */ }; /* OSSL_CMP_SRV_CTX */ @@ -62,18 +61,18 @@ /* all other elements are initialized to 0 or NULL, respectively */ return ctx; - err: +err: OSSL_CMP_SRV_CTX_free(ctx); return NULL; } int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, - OSSL_CMP_SRV_cert_request_cb_t process_cert_request, - OSSL_CMP_SRV_rr_cb_t process_rr, - OSSL_CMP_SRV_genm_cb_t process_genm, - OSSL_CMP_SRV_error_cb_t process_error, - OSSL_CMP_SRV_certConf_cb_t process_certConf, - OSSL_CMP_SRV_pollReq_cb_t process_pollReq) + OSSL_CMP_SRV_cert_request_cb_t process_cert_request, + OSSL_CMP_SRV_rr_cb_t process_rr, + OSSL_CMP_SRV_genm_cb_t process_genm, + OSSL_CMP_SRV_error_cb_t process_error, + OSSL_CMP_SRV_certConf_cb_t process_certConf, + OSSL_CMP_SRV_pollReq_cb_t process_pollReq) { if (srv_ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -108,7 +107,7 @@ } int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, - int val) + int val) { if (srv_ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -139,7 +138,7 @@ } int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, - int val) + int val) { if (srv_ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -155,7 +154,7 @@ * returns an ip/cp/kup on success and NULL on error */ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_MSG *msg = NULL; OSSL_CMP_PKISI *si = NULL; @@ -211,34 +210,34 @@ if (!ossl_cmp_verify_popo(srv_ctx->ctx, req, srv_ctx->acceptRAVerified)) { /* Proof of possession could not be verified */ si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, - 1 << OSSL_CMP_PKIFAILUREINFO_badPOP, - ERR_reason_error_string(ERR_peek_error())); + 1 << OSSL_CMP_PKIFAILUREINFO_badPOP, + ERR_reason_error_string(ERR_peek_error())); if (si == NULL) return NULL; } else { OSSL_CMP_PKIHEADER *hdr = OSSL_CMP_MSG_get0_header(req); si = srv_ctx->process_cert_request(srv_ctx, req, certReqId, crm, p10cr, - &certOut, &chainOut, &caPubs); + &certOut, &chainOut, &caPubs); if (si == NULL) goto err; /* set OSSL_CMP_OPT_IMPLICIT_CONFIRM if and only if transaction ends */ if (!OSSL_CMP_CTX_set_option(srv_ctx->ctx, - OSSL_CMP_OPT_IMPLICIT_CONFIRM, - ossl_cmp_hdr_has_implicitConfirm(hdr) - && srv_ctx->grantImplicitConfirm - /* do not set if polling starts: */ - && certOut != NULL)) + OSSL_CMP_OPT_IMPLICIT_CONFIRM, + ossl_cmp_hdr_has_implicitConfirm(hdr) + && srv_ctx->grantImplicitConfirm + /* do not set if polling starts: */ + && certOut != NULL)) goto err; } msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si, - certOut, NULL /* enc */, chainOut, caPubs, - srv_ctx->sendUnprotectedErrors); + certOut, NULL /* enc */, chainOut, caPubs, + srv_ctx->sendUnprotectedErrors); if (msg == NULL) ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP); - err: +err: OSSL_CMP_PKISI_free(si); X509_free(certOut); sk_X509_pop_free(chainOut, X509_free); @@ -247,7 +246,7 @@ } static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_MSG *msg = NULL; OSSL_CMP_REVDETAILS *details; @@ -266,7 +265,8 @@ } if ((details = sk_OSSL_CMP_REVDETAILS_value(req->body->value.rr, - OSSL_CMP_REVREQSID)) == NULL) { + OSSL_CMP_REVREQSID)) + == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return NULL; } @@ -275,16 +275,17 @@ issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl); serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl); if (issuer != NULL && serial != NULL - && (certId = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL) + && (certId = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL) return NULL; if ((si = srv_ctx->process_rr(srv_ctx, req, issuer, serial)) == NULL) goto err; if ((msg = ossl_cmp_rp_new(srv_ctx->ctx, si, certId, - srv_ctx->sendUnprotectedErrors)) == NULL) + srv_ctx->sendUnprotectedErrors)) + == NULL) ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_RR); - err: +err: OSSL_CRMF_CERTID_free(certId); OSSL_CMP_PKISI_free(si); return msg; @@ -295,7 +296,7 @@ * incoming message */ static OSSL_CMP_MSG *process_genm(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_GENMSGCONTENT *itavs; OSSL_CMP_MSG *msg; @@ -312,7 +313,7 @@ } static OSSL_CMP_MSG *process_error(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_ERRORMSGCONTENT *errorContent; OSSL_CMP_MSG *msg; @@ -321,7 +322,7 @@ return NULL; errorContent = req->body->value.error; srv_ctx->process_error(srv_ctx, req, errorContent->pKIStatusInfo, - errorContent->errorCode, errorContent->errorDetails); + errorContent->errorCode, errorContent->errorDetails); if ((msg = ossl_cmp_pkiconf_new(srv_ctx->ctx)) == NULL) ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_PKICONF); @@ -329,7 +330,7 @@ } static OSSL_CMP_MSG *process_certConf(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_CTX *ctx; OSSL_CMP_CERTCONFIRMCONTENT *ccc; @@ -345,7 +346,7 @@ num = sk_OSSL_CMP_CERTSTATUS_num(ccc); if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1 - || ctx->status != OSSL_CMP_PKISTATUS_trans) { + || ctx->status != OSSL_CMP_PKISTATUS_trans) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_UNEXPECTED_CERTCONF); return NULL; } @@ -376,8 +377,8 @@ const char *str = ossl_cmp_PKIStatus_to_string(pki_status); ossl_cmp_log2(INFO, ctx, "certificate rejected by client %s %s", - str == NULL ? "without" : "with", - str == NULL ? "PKIStatus" : str); + str == NULL ? "without" : "with", + str == NULL ? "PKIStatus" : str); } } @@ -387,7 +388,7 @@ } static OSSL_CMP_MSG *process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_POLLREQCONTENT *prc; OSSL_CMP_POLLREQ *pr; @@ -412,7 +413,7 @@ return NULL; } if (!srv_ctx->process_pollReq(srv_ctx, req, certReqId, - &certReq, &check_after)) + &certReq, &check_after)) return NULL; if (certReq != NULL) { @@ -420,7 +421,8 @@ OSSL_CMP_MSG_free(certReq); } else { if ((msg = ossl_cmp_pollRep_new(srv_ctx->ctx, certReqId, - check_after)) == NULL) + check_after)) + == NULL) ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_POLLREP); } return msg; @@ -431,16 +433,16 @@ * Return 1 on acceptance, 0 on rejection, or -1 on (internal) error. */ static int unprotected_exception(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req, - int invalid_protection, - int accept_unprotected_requests) + const OSSL_CMP_MSG *req, + int invalid_protection, + int accept_unprotected_requests) { if (!ossl_assert(ctx != NULL && req != NULL)) return -1; if (accept_unprotected_requests) { ossl_cmp_log1(WARN, ctx, "ignoring %s protection of request message", - invalid_protection ? "invalid" : "missing"); + invalid_protection ? "invalid" : "missing"); return 1; } if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR @@ -455,7 +457,7 @@ * returns created message and NULL on internal error */ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_CTX *ctx; ASN1_OCTET_STRING *backup_secret; @@ -465,8 +467,8 @@ OSSL_CMP_MSG *rsp = NULL; if (srv_ctx == NULL || srv_ctx->ctx == NULL - || req == NULL || req->body == NULL - || (hdr = OSSL_CMP_MSG_get0_header(req)) == NULL) { + || req == NULL || req->body == NULL + || (hdr = OSSL_CMP_MSG_get0_header(req)) == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return 0; } @@ -474,7 +476,7 @@ backup_secret = ctx->secretValue; req_type = OSSL_CMP_MSG_get_bodytype(req); ossl_cmp_log1(DEBUG, ctx, - "received %s", ossl_cmp_bodytype_to_string(req_type)); + "received %s", ossl_cmp_bodytype_to_string(req_type)); /* * Some things need to be done already before validating the message in @@ -499,16 +501,16 @@ char *tid; tid = OPENSSL_buf2hexstr(ctx->transactionID->data, - ctx->transactionID->length); + ctx->transactionID->length); if (tid != NULL) ossl_cmp_log1(WARN, ctx, - "Assuming that last transaction with ID=%s got aborted", - tid); + "Assuming that last transaction with ID=%s got aborted", + tid); OPENSSL_free(tid); } /* start of a new transaction, reset transactionID and senderNonce */ if (!OSSL_CMP_CTX_set1_transactionID(ctx, NULL) - || !OSSL_CMP_CTX_set1_senderNonce(ctx, NULL)) + || !OSSL_CMP_CTX_set1_senderNonce(ctx, NULL)) goto err; break; default: @@ -522,9 +524,9 @@ } req_verified = ossl_cmp_msg_check_update(ctx, req, unprotected_exception, - srv_ctx->acceptUnprotected); + srv_ctx->acceptUnprotected); if (ctx->secretValue != NULL && ctx->pkey != NULL - && ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC) + && ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC) ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */ if (!req_verified) goto err; @@ -574,7 +576,7 @@ break; } - err: +err: if (rsp == NULL) { /* on error, try to respond with CMP error message to client */ const char *data = NULL, *reason = NULL; @@ -599,20 +601,20 @@ data = NULL; reason = ERR_reason_error_string(err); if ((si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, - fail_info, reason)) != NULL) { + fail_info, reason)) + != NULL) { rsp = ossl_cmp_error_new(srv_ctx->ctx, si, err, - data, srv_ctx->sendUnprotectedErrors); + data, srv_ctx->sendUnprotectedErrors); OSSL_CMP_PKISI_free(si); } } OSSL_CMP_CTX_print_errors(ctx); ctx->secretValue = backup_secret; - rsp_type = - rsp != NULL ? OSSL_CMP_MSG_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR; + rsp_type = rsp != NULL ? OSSL_CMP_MSG_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR; if (rsp != NULL) ossl_cmp_log1(DEBUG, ctx, - "sending %s", ossl_cmp_bodytype_to_string(rsp_type)); + "sending %s", ossl_cmp_bodytype_to_string(rsp_type)); else ossl_cmp_log(ERR, ctx, "cannot send proper CMP response"); @@ -647,7 +649,7 @@ * error stack. */ OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { OSSL_CMP_SRV_CTX *srv_ctx = NULL; --- crypto/openssl/crypto/cmp/cmp_status.c.orig +++ crypto/openssl/crypto/cmp/cmp_status.c @@ -30,7 +30,7 @@ int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si) { - int res ; + int res; if (!ossl_assert(si != NULL && si->status != NULL)) return -1; @@ -57,7 +57,7 @@ return "PKIStatus: key update warning - update already done for the cert"; default: ERR_raise_data(ERR_LIB_CMP, CMP_R_ERROR_PARSING_PKISTATUS, - "PKIStatus: invalid=%d", status); + "PKIStatus: invalid=%d", status); return NULL; } } @@ -165,10 +165,9 @@ * place human-readable error string created from PKIStatusInfo in given buffer * returns pointer to the same buffer containing the string, or NULL on error */ -static -char *snprint_PKIStatusInfo_parts(int status, int fail_info, - const OSSL_CMP_PKIFREETEXT *status_strings, - char *buf, size_t bufsize) +static char *snprint_PKIStatusInfo_parts(int status, int fail_info, + const OSSL_CMP_PKIFREETEXT *status_strings, + char *buf, size_t bufsize) { int failure; const char *status_string, *failure_string; @@ -180,15 +179,15 @@ char *write_ptr = buf; if (buf == NULL - || status < 0 - || (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL) + || status < 0 + || (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL) return NULL; #define ADVANCE_BUFFER \ - if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \ - return NULL; \ - write_ptr += printed_chars; \ - bufsize -= printed_chars; + if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \ + return NULL; \ + write_ptr += printed_chars; \ + bufsize -= printed_chars; printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string); ADVANCE_BUFFER; @@ -205,8 +204,8 @@ failure_string = CMP_PKIFAILUREINFO_to_string(failure); if (failure_string != NULL) { printed_chars = BIO_snprintf(write_ptr, bufsize, "%s%s", - failinfo_found ? ", " : "", - failure_string); + failinfo_found ? ", " : "", + failure_string); ADVANCE_BUFFER; failinfo_found = 1; } @@ -214,7 +213,7 @@ } } if (!failinfo_found && status != OSSL_CMP_PKISTATUS_accepted - && status != OSSL_CMP_PKISTATUS_grantedWithMods) { + && status != OSSL_CMP_PKISTATUS_grantedWithMods) { printed_chars = BIO_snprintf(write_ptr, bufsize, "; "); ADVANCE_BUFFER; } @@ -223,14 +222,14 @@ n_status_strings = sk_ASN1_UTF8STRING_num(status_strings); if (n_status_strings > 0) { printed_chars = BIO_snprintf(write_ptr, bufsize, "; StatusString%s: ", - n_status_strings > 1 ? "s" : ""); + n_status_strings > 1 ? "s" : ""); ADVANCE_BUFFER; for (i = 0; i < n_status_strings; i++) { text = sk_ASN1_UTF8STRING_value(status_strings, i); printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%.*s\"%s", - ASN1_STRING_length(text), - ASN1_STRING_get0_data(text), - i < n_status_strings - 1 ? ", " : ""); + ASN1_STRING_length(text), + ASN1_STRING_get0_data(text), + i < n_status_strings - 1 ? ", " : ""); ADVANCE_BUFFER; } } @@ -239,7 +238,7 @@ } char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, - char *buf, size_t bufsize) + char *buf, size_t bufsize) { int failure_info; @@ -251,12 +250,12 @@ failure_info = ossl_cmp_pkisi_get_pkifailureinfo(statusInfo); return snprint_PKIStatusInfo_parts(ASN1_INTEGER_get(statusInfo->status), - failure_info, - statusInfo->statusString, buf, bufsize); + failure_info, + statusInfo->statusString, buf, bufsize); } char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, - size_t bufsize) + size_t bufsize) { if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); @@ -264,9 +263,9 @@ } return snprint_PKIStatusInfo_parts(OSSL_CMP_CTX_get_status(ctx), - OSSL_CMP_CTX_get_failInfoCode(ctx), - OSSL_CMP_CTX_get0_statusString(ctx), - buf, bufsize); + OSSL_CMP_CTX_get_failInfoCode(ctx), + OSSL_CMP_CTX_get0_statusString(ctx), + buf, bufsize); } /*- @@ -276,7 +275,7 @@ * and TS_RESP_CTX_add_failure_info() in ../ts/ts_rsp_sign.c */ OSSL_CMP_PKISI *OSSL_CMP_STATUSINFO_new(int status, int fail_info, - const char *text) + const char *text) { OSSL_CMP_PKISI *si = OSSL_CMP_PKISI_new(); ASN1_UTF8STRING *utf8_text = NULL; @@ -289,7 +288,7 @@ if (text != NULL) { if ((utf8_text = ASN1_UTF8STRING_new()) == NULL - || !ASN1_STRING_set(utf8_text, text, -1)) + || !ASN1_STRING_set(utf8_text, text, -1)) goto err; if ((si->statusString = sk_ASN1_UTF8STRING_new_null()) == NULL) goto err; @@ -302,7 +301,7 @@ for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) { if ((fail_info & (1 << failure)) != 0) { if (si->failInfo == NULL - && (si->failInfo = ASN1_BIT_STRING_new()) == NULL) + && (si->failInfo = ASN1_BIT_STRING_new()) == NULL) goto err; if (!ASN1_BIT_STRING_set_bit(si->failInfo, failure, 1)) goto err; @@ -310,7 +309,7 @@ } return si; - err: +err: OSSL_CMP_PKISI_free(si); ASN1_UTF8STRING_free(utf8_text); return NULL; --- crypto/openssl/crypto/cmp/cmp_util.c.orig +++ crypto/openssl/crypto/cmp/cmp_util.c @@ -25,13 +25,13 @@ #ifdef OPENSSL_NO_TRACE return 1; #else -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE); if (bio != NULL && OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_CMP, bio)) return 1; BIO_free(bio); -# endif +#endif ERR_raise(ERR_LIB_CMP, CMP_R_NO_STDIO); return 0; #endif @@ -54,27 +54,26 @@ return -1; if (strncmp(level, OSSL_CMP_LOG_PREFIX, - strlen(OSSL_CMP_LOG_PREFIX)) == 0) + strlen(OSSL_CMP_LOG_PREFIX)) + == 0) level += strlen(OSSL_CMP_LOG_PREFIX); len = end_level - level; if (len > max_level_len) return -1; OPENSSL_strlcpy(level_copy, level, len + 1); - return - strcmp(level_copy, "EMERG") == 0 ? OSSL_CMP_LOG_EMERG : - strcmp(level_copy, "ALERT") == 0 ? OSSL_CMP_LOG_ALERT : - strcmp(level_copy, "CRIT") == 0 ? OSSL_CMP_LOG_CRIT : - strcmp(level_copy, "ERROR") == 0 ? OSSL_CMP_LOG_ERR : - strcmp(level_copy, "WARN") == 0 ? OSSL_CMP_LOG_WARNING : - strcmp(level_copy, "NOTE") == 0 ? OSSL_CMP_LOG_NOTICE : - strcmp(level_copy, "INFO") == 0 ? OSSL_CMP_LOG_INFO : - strcmp(level_copy, "DEBUG") == 0 ? OSSL_CMP_LOG_DEBUG : - -1; + return strcmp(level_copy, "EMERG") == 0 ? OSSL_CMP_LOG_EMERG : strcmp(level_copy, "ALERT") == 0 ? OSSL_CMP_LOG_ALERT + : strcmp(level_copy, "CRIT") == 0 ? OSSL_CMP_LOG_CRIT + : strcmp(level_copy, "ERROR") == 0 ? OSSL_CMP_LOG_ERR + : strcmp(level_copy, "WARN") == 0 ? OSSL_CMP_LOG_WARNING + : strcmp(level_copy, "NOTE") == 0 ? OSSL_CMP_LOG_NOTICE + : strcmp(level_copy, "INFO") == 0 ? OSSL_CMP_LOG_INFO + : strcmp(level_copy, "DEBUG") == 0 ? OSSL_CMP_LOG_DEBUG + : -1; } const char *ossl_cmp_log_parse_metadata(const char *buf, - OSSL_CMP_severity *level, - char **func, char **file, int *line) + OSSL_CMP_severity *level, + char **func, char **file, int *line) { const char *p_func = buf; const char *p_file = buf == NULL ? NULL : strchr(buf, ':'); @@ -122,29 +121,31 @@ return func == NULL ? UNKNOWN_FUNC : func; return func == NULL || *func == '\0' || strcmp(func, UNKNOWN_FUNC) == 0 - ? fallback : func; + ? fallback + : func; } int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, - int line, OSSL_CMP_severity level, const char *msg) + int line, OSSL_CMP_severity level, const char *msg) { - const char *level_string = - level == OSSL_CMP_LOG_EMERG ? "EMERG" : - level == OSSL_CMP_LOG_ALERT ? "ALERT" : - level == OSSL_CMP_LOG_CRIT ? "CRIT" : - level == OSSL_CMP_LOG_ERR ? "error" : - level == OSSL_CMP_LOG_WARNING ? "warning" : - level == OSSL_CMP_LOG_NOTICE ? "NOTE" : - level == OSSL_CMP_LOG_INFO ? "info" : - level == OSSL_CMP_LOG_DEBUG ? "DEBUG" : "(unknown level)"; + const char *level_string = level == OSSL_CMP_LOG_EMERG ? "EMERG" : level == OSSL_CMP_LOG_ALERT ? "ALERT" + : level == OSSL_CMP_LOG_CRIT ? "CRIT" + : level == OSSL_CMP_LOG_ERR ? "error" + : level == OSSL_CMP_LOG_WARNING ? "warning" + : level == OSSL_CMP_LOG_NOTICE ? "NOTE" + : level == OSSL_CMP_LOG_INFO ? "info" + : level == OSSL_CMP_LOG_DEBUG ? "DEBUG" + : "(unknown level)"; #ifndef NDEBUG if (BIO_printf(bio, "%s:%s:%d:", improve_location_name(component, "CMP"), - file, line) < 0) + file, line) + < 0) return 0; #endif - return BIO_printf(bio, OSSL_CMP_LOG_PREFIX"%s: %s\n", - level_string, msg) >= 0; + return BIO_printf(bio, OSSL_CMP_LOG_PREFIX "%s: %s\n", + level_string, msg) + >= 0; } #define ERR_PRINT_BUF_SIZE 4096 @@ -157,8 +158,7 @@ int line, flags; while ((err = ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) { - const char *component = - improve_location_name(func, ERR_lib_error_string(err)); + const char *component = improve_location_name(func, ERR_lib_error_string(err)); unsigned long reason = ERR_GET_REASON(err); const char *rs = NULL; char rsbuf[256]; @@ -186,7 +186,7 @@ if (bio != NULL) { OSSL_CMP_print_to_bio(bio, component, file, line, - OSSL_CMP_LOG_ERR, msg); + OSSL_CMP_LOG_ERR, msg); BIO_free(bio); } #else @@ -200,7 +200,7 @@ } int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_signed) + int only_self_signed) { int i; @@ -221,7 +221,7 @@ } int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, - const char *text, int len) + const char *text, int len) { ASN1_UTF8STRING *utf8string; @@ -235,13 +235,13 @@ goto err; return 1; - err: +err: ASN1_UTF8STRING_free(utf8string); return 0; } int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, - const ASN1_OCTET_STRING *src) + const ASN1_OCTET_STRING *src) { ASN1_OCTET_STRING *new; if (tgt == NULL) { @@ -264,7 +264,7 @@ } int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, - const unsigned char *bytes, int len) + const unsigned char *bytes, int len) { ASN1_OCTET_STRING *new = NULL; @@ -274,7 +274,7 @@ } if (bytes != NULL) { if ((new = ASN1_OCTET_STRING_new()) == NULL - || !(ASN1_OCTET_STRING_set(new, bytes, len))) { + || !(ASN1_OCTET_STRING_set(new, bytes, len))) { ASN1_OCTET_STRING_free(new); return 0; } --- crypto/openssl/crypto/cmp/cmp_vfy.c.orig +++ crypto/openssl/crypto/cmp/cmp_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2020 * Copyright Siemens AG 2015-2020 * @@ -23,7 +23,7 @@ /* Verify a message protected by signature according to RFC section 5.1.3.3 */ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, - const OSSL_CMP_MSG *msg, X509 *cert) + const OSSL_CMP_MSG *msg, X509 *cert) { OSSL_CMP_PROTECTEDPART prot_part; EVP_PKEY *pubkey = NULL; @@ -37,7 +37,7 @@ /* verify that keyUsage, if present, contains digitalSignature */ if (!cmp_ctx->ignore_keyusage - && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) { + && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) { ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE); goto sig_err; } @@ -52,21 +52,22 @@ prot_part.body = msg->body; if (ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), - msg->header->protectionAlg, msg->protection, - &prot_part, NULL, pubkey, cmp_ctx->libctx, - cmp_ctx->propq) > 0) { + msg->header->protectionAlg, msg->protection, + &prot_part, NULL, pubkey, cmp_ctx->libctx, + cmp_ctx->propq) + > 0) { res = 1; goto end; } - sig_err: +sig_err: res = ossl_x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS); ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_SIGNATURE); if (res) ERR_add_error_mem_bio("\n", bio); res = 0; - end: +end: EVP_PKEY_free(pubkey); BIO_free(bio); @@ -84,10 +85,11 @@ return 0; /* failed to generate protection string! */ valid = msg->protection != NULL && msg->protection->length >= 0 - && msg->protection->type == protection->type - && msg->protection->length == protection->length - && CRYPTO_memcmp(msg->protection->data, protection->data, - protection->length) == 0; + && msg->protection->type == protection->type + && msg->protection->length == protection->length + && CRYPTO_memcmp(msg->protection->data, protection->data, + protection->length) + == 0; ASN1_BIT_STRING_free(protection); if (!valid) ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_PBM_VALUE); @@ -103,7 +105,7 @@ * Returns 1 on successful validation and 0 otherwise. */ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, - X509_STORE *trusted_store, X509 *cert) + X509_STORE *trusted_store, X509 *cert) { int valid = 0; X509_STORE_CTX *csc = NULL; @@ -120,8 +122,8 @@ } if ((csc = X509_STORE_CTX_new_ex(ctx->libctx, ctx->propq)) == NULL - || !X509_STORE_CTX_init(csc, trusted_store, - cert, ctx->untrusted)) + || !X509_STORE_CTX_init(csc, trusted_store, + cert, ctx->untrusted)) goto err; valid = X509_verify_cert(csc) > 0; @@ -131,7 +133,7 @@ if (!valid && ERR_GET_REASON(err) != CMP_R_POTENTIALLY_INVALID_CERTIFICATE) ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); - err: +err: /* directly output any fresh errors, needed for check_msg_find_cert() */ OSSL_CMP_CTX_print_errors(ctx); X509_STORE_CTX_free(csc); @@ -140,8 +142,8 @@ /* Return 0 if expect_name != NULL and there is no matching actual_name */ static int check_name(const OSSL_CMP_CTX *ctx, int log_success, - const char *actual_desc, const X509_NAME *actual_name, - const char *expect_desc, const X509_NAME *expect_name) + const char *actual_desc, const X509_NAME *actual_name, + const char *expect_desc, const X509_NAME *expect_name) { char *str; @@ -157,7 +159,7 @@ if (X509_NAME_cmp(actual_name, expect_name) == 0) { if (log_success && str != NULL) ossl_cmp_log2(INFO, ctx, " subject matches %s: %s", expect_desc, - str); + str); OPENSSL_free(str); return 1; } @@ -173,8 +175,8 @@ /* Return 0 if skid != NULL and there is no matching subject key ID in cert */ static int check_kid(const OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *ckid, - const ASN1_OCTET_STRING *skid) + const ASN1_OCTET_STRING *ckid, + const ASN1_OCTET_STRING *skid) { char *str; @@ -204,7 +206,7 @@ } static int already_checked(const X509 *cert, - const STACK_OF(X509) *already_checked) + const STACK_OF(X509) *already_checked) { int i; @@ -223,10 +225,10 @@ * Returns 0 on error or not acceptable, else 1. */ static int cert_acceptable(const OSSL_CMP_CTX *ctx, - const char *desc1, const char *desc2, X509 *cert, - const STACK_OF(X509) *already_checked1, - const STACK_OF(X509) *already_checked2, - const OSSL_CMP_MSG *msg) + const char *desc1, const char *desc2, X509 *cert, + const STACK_OF(X509) *already_checked1, + const STACK_OF(X509) *already_checked2, + const OSSL_CMP_MSG *msg) { X509_STORE *ts = ctx->trusted; int self_issued = X509_check_issued(cert, cert) == X509_V_OK; @@ -235,7 +237,7 @@ int time_cmp; ossl_cmp_log3(INFO, ctx, " considering %s%s %s with..", - self_issued ? "self-issued ": "", desc1, desc2); + self_issued ? "self-issued " : "", desc1, desc2); if ((str = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0)) != NULL) ossl_cmp_log1(INFO, ctx, " subject = %s", str); OPENSSL_free(str); @@ -247,22 +249,21 @@ } if (already_checked(cert, already_checked1) - || already_checked(cert, already_checked2)) { + || already_checked(cert, already_checked2)) { ossl_cmp_info(ctx, " cert has already been checked"); return 0; } time_cmp = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), - X509_get0_notAfter(cert)); + X509_get0_notAfter(cert)); if (time_cmp != 0) { - ossl_cmp_warn(ctx, time_cmp > 0 ? "cert has expired" - : "cert is not yet valid"); + ossl_cmp_warn(ctx, time_cmp > 0 ? "cert has expired" : "cert is not yet valid"); return 0; } if (!check_name(ctx, 1, - "cert subject", X509_get_subject_name(cert), - "sender field", msg->header->sender->d.directoryName)) + "cert subject", X509_get_subject_name(cert), + "sender field", msg->header->sender->d.directoryName)) return 0; if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID)) @@ -282,13 +283,13 @@ } static int check_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *store, - X509 *scrt) + X509 *scrt) { if (OSSL_CMP_validate_cert_path(ctx, store, scrt)) return 1; ossl_cmp_warn(ctx, - "msg signature validates but cert path validation failed"); + "msg signature validates but cert path validation failed"); return 0; } @@ -300,7 +301,7 @@ * provided it also can validate the newly enrolled certificate */ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, X509 *scrt) + const OSSL_CMP_MSG *msg, X509 *scrt) { int valid = 0; X509_STORE *store; @@ -309,23 +310,22 @@ return 0; if ((store = X509_STORE_new()) == NULL - || !ossl_cmp_X509_STORE_add1_certs(store, msg->extraCerts, - 1 /* self-issued only */)) + || !ossl_cmp_X509_STORE_add1_certs(store, msg->extraCerts, + 1 /* self-issued only */)) goto err; /* store does not include CRLs */ valid = OSSL_CMP_validate_cert_path(ctx, store, scrt); if (!valid) { ossl_cmp_warn(ctx, - "also exceptional 3GPP mode cert path validation failed"); + "also exceptional 3GPP mode cert path validation failed"); } else { /* * verify that the newly enrolled certificate (which assumed rid == * OSSL_CMP_CERTREQID) can also be validated with the same trusted store */ - OSSL_CMP_CERTRESPONSE *crep = - ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, - OSSL_CMP_CERTREQID); + OSSL_CMP_CERTRESPONSE *crep = ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, + OSSL_CMP_CERTREQID); X509 *newcrt = ossl_cmp_certresponse_get1_cert(ctx, crep); /* @@ -336,16 +336,16 @@ X509_free(newcrt); } - err: +err: X509_STORE_free(store); return valid; } static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert, - const OSSL_CMP_MSG *msg) + const OSSL_CMP_MSG *msg) { return cert_acceptable(ctx, "previously validated", "sender cert", - cert, NULL, NULL, msg) + cert, NULL, NULL, msg) && (check_cert_path(ctx, ctx->trusted, cert) || check_cert_path_3gpp(ctx, msg, cert)); } @@ -356,10 +356,10 @@ * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). */ static int check_msg_with_certs(OSSL_CMP_CTX *ctx, const STACK_OF(X509) *certs, - const char *desc, - const STACK_OF(X509) *already_checked1, - const STACK_OF(X509) *already_checked2, - const OSSL_CMP_MSG *msg, int mode_3gpp) + const char *desc, + const STACK_OF(X509) *already_checked1, + const STACK_OF(X509) *already_checked2, + const OSSL_CMP_MSG *msg, int mode_3gpp) { int in_extraCerts = already_checked1 == NULL; int n_acceptable_certs = 0; @@ -376,7 +376,7 @@ if (!ossl_assert(cert != NULL)) return 0; if (!cert_acceptable(ctx, "cert from", desc, cert, - already_checked1, already_checked2, msg)) + already_checked1, already_checked2, msg)) continue; n_acceptable_certs++; if (mode_3gpp ? check_cert_path_3gpp(ctx, msg, cert) @@ -402,42 +402,41 @@ * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). */ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - int mode_3gpp) + int mode_3gpp) { int ret = 0; if (mode_3gpp - && ((!ctx->permitTAInExtraCertsForIR - || OSSL_CMP_MSG_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP))) + && ((!ctx->permitTAInExtraCertsForIR + || OSSL_CMP_MSG_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP))) return 0; ossl_cmp_info(ctx, - mode_3gpp ? "normal mode failed; trying now 3GPP mode trusting extraCerts" - : "trying first normal mode using trust store"); + mode_3gpp ? "normal mode failed; trying now 3GPP mode trusting extraCerts" + : "trying first normal mode using trust store"); if (check_msg_with_certs(ctx, msg->extraCerts, "extraCerts", - NULL, NULL, msg, mode_3gpp)) + NULL, NULL, msg, mode_3gpp)) return 1; if (check_msg_with_certs(ctx, ctx->untrusted, "untrusted certs", - msg->extraCerts, NULL, msg, mode_3gpp)) + msg->extraCerts, NULL, msg, mode_3gpp)) return 1; if (ctx->trusted == NULL) { - ossl_cmp_warn(ctx, mode_3gpp ? "no self-issued extraCerts" - : "no trusted store"); + ossl_cmp_warn(ctx, mode_3gpp ? "no self-issued extraCerts" : "no trusted store"); } else { STACK_OF(X509) *trusted = X509_STORE_get1_all_certs(ctx->trusted); ret = check_msg_with_certs(ctx, trusted, - mode_3gpp ? "self-issued extraCerts" - : "certs in trusted store", - msg->extraCerts, ctx->untrusted, - msg, mode_3gpp); + mode_3gpp ? "self-issued extraCerts" + : "certs in trusted store", + msg->extraCerts, ctx->untrusted, + msg, mode_3gpp); sk_X509_pop_free(trusted, X509_free); } return ret; } static int no_log_cb(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) + OSSL_CMP_severity level, const char *msg) { return 1; } @@ -484,12 +483,12 @@ (void)ossl_cmp_ctx_set0_validatedSrvCert(ctx, NULL); /* re-do the above check (just) for adding diagnostic information */ ossl_cmp_info(ctx, - "trying to verify msg signature with previously validated cert"); + "trying to verify msg signature with previously validated cert"); (void)check_msg_given_cert(ctx, scrt, msg); } res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */) - || check_msg_all_certs(ctx, msg, 1 /* 3gpp */); + || check_msg_all_certs(ctx, msg, 1 /* 3gpp */); ctx->log_cb = backup_log_cb; if (res) { /* discard any diagnostic information on trying to use certs */ @@ -525,7 +524,7 @@ ERR_add_error_txt(NULL, skid_str); } - end: +end: OPENSSL_free(sname); OPENSSL_free(skid_str); return res; @@ -553,13 +552,13 @@ ossl_cmp_debug(ctx, "validating CMP message"); if (ctx == NULL || msg == NULL - || msg->header == NULL || msg->body == NULL) { + || msg->header == NULL || msg->body == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return 0; } if (msg->header->protectionAlg == NULL /* unprotected message */ - || msg->protection == NULL || msg->protection->data == NULL) { + || msg->protection == NULL || msg->protection->data == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PROTECTION); return 0; } @@ -599,7 +598,7 @@ break; } ossl_cmp_debug(ctx, - "sucessfully validated PBM-based CMP message protection"); + "successfully validated PBM-based CMP message protection"); return 1; } ossl_cmp_warn(ctx, "verifying PBM-based CMP message protection failed"); @@ -630,7 +629,7 @@ /* use ctx->srvCert for signature check even if not acceptable */ if (verify_signature(ctx, msg, scrt)) { ossl_cmp_debug(ctx, - "sucessfully validated signature-based CMP message protection"); + "successfully validated signature-based CMP message protection"); return 1; } @@ -647,7 +646,7 @@ * Any msg->extraCerts are prepended to ctx->untrusted. * * Ensures that: - * its sender is of appropriate type (curently only X509_NAME) and + * its sender is of appropriate type (currently only X509_NAME) and * matches any expected sender or srvCert subject given in the ctx * it has a valid body type * its protection is valid (or invalid/absent, but only if a callback function @@ -663,7 +662,7 @@ * Returns 1 on success, 0 on error. */ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg) + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg) { OSSL_CMP_PKIHEADER *hdr; const X509_NAME *expected_sender; @@ -686,13 +685,13 @@ if (expected_sender == NULL && ctx->srvCert != NULL) expected_sender = X509_get_subject_name(ctx->srvCert); if (!check_name(ctx, 0, "sender DN field", hdr->sender->d.directoryName, - "expected sender", expected_sender)) + "expected sender", expected_sender)) return 0; /* Note: if recipient was NULL-DN it could be learned here if needed */ if (sk_X509_num(msg->extraCerts) > 10) ossl_cmp_warn(ctx, - "received CMP message contains more than 10 extraCerts"); + "received CMP message contains more than 10 extraCerts"); /* * Store any provided extraCerts in ctx for use in OSSL_CMP_validate_msg() * and for future use, such that they are available to ctx->certConf_cb and @@ -702,16 +701,16 @@ * For efficiency, the extraCerts are prepended so they get used first. */ if (!X509_add_certs(ctx->untrusted, msg->extraCerts, - /* this allows self-signed certs */ - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_PREPEND)) + /* this allows self-signed certs */ + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP + | X509_ADD_FLAG_PREPEND)) return 0; /* validate message protection */ if (hdr->protectionAlg != NULL) { /* detect explicitly permitted exceptions for invalid protection */ if (!OSSL_CMP_validate_msg(ctx, msg) - && (cb == NULL || (*cb)(ctx, msg, 1, cb_arg) <= 0)) { + && (cb == NULL || (*cb)(ctx, msg, 1, cb_arg) <= 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_PROTECTION); return 0; @@ -744,9 +743,10 @@ /* compare received transactionID with the expected one in previous msg */ if (ctx->transactionID != NULL - && (hdr->transactionID == NULL - || ASN1_OCTET_STRING_cmp(ctx->transactionID, - hdr->transactionID) != 0)) { + && (hdr->transactionID == NULL + || ASN1_OCTET_STRING_cmp(ctx->transactionID, + hdr->transactionID) + != 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ERR_raise(ERR_LIB_CMP, CMP_R_TRANSACTIONID_UNMATCHED); return 0; @@ -755,9 +755,10 @@ /* compare received nonce with the one we sent */ if (ctx->senderNonce != NULL - && (msg->header->recipNonce == NULL - || ASN1_OCTET_STRING_cmp(ctx->senderNonce, - hdr->recipNonce) != 0)) { + && (msg->header->recipNonce == NULL + || ASN1_OCTET_STRING_cmp(ctx->senderNonce, + hdr->recipNonce) + != 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ERR_raise(ERR_LIB_CMP, CMP_R_RECIPNONCE_UNMATCHED); return 0; @@ -784,9 +785,9 @@ * For efficiency, the extraCerts are prepended so they get used first. */ if (!X509_add_certs(ctx->untrusted, msg->extraCerts, - /* this allows self-signed certs */ - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_PREPEND)) + /* this allows self-signed certs */ + X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP + | X509_ADD_FLAG_PREPEND)) return 0; if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) { @@ -818,30 +819,29 @@ } int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, int acceptRAVerified) + const OSSL_CMP_MSG *msg, int acceptRAVerified) { if (!ossl_assert(msg != NULL && msg->body != NULL)) return 0; switch (msg->body->type) { - case OSSL_CMP_PKIBODY_P10CR: - { - X509_REQ *req = msg->body->value.p10cr; + case OSSL_CMP_PKIBODY_P10CR: { + X509_REQ *req = msg->body->value.p10cr; - if (X509_REQ_verify_ex(req, X509_REQ_get0_pubkey(req), ctx->libctx, - ctx->propq) <= 0) { + if (X509_REQ_verify_ex(req, X509_REQ_get0_pubkey(req), ctx->libctx, + ctx->propq) + <= 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED); - return 0; + ERR_raise(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED); + return 0; #endif - } } - break; + } break; case OSSL_CMP_PKIBODY_IR: case OSSL_CMP_PKIBODY_CR: case OSSL_CMP_PKIBODY_KUR: if (!OSSL_CRMF_MSGS_verify_popo(msg->body->value.ir, OSSL_CMP_CERTREQID, - acceptRAVerified, - ctx->libctx, ctx->propq)) { + acceptRAVerified, + ctx->libctx, ctx->propq)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION return 0; #endif --- crypto/openssl/crypto/cms/cms_asn1.c.orig +++ crypto/openssl/crypto/cms/cms_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,38 +13,29 @@ #include #include "cms_local.h" - ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { - ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), - ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) + ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), + ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) } ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber) ASN1_SEQUENCE(CMS_OtherCertificateFormat) = { - ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT), - ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) + ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT), + ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) } static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) -ASN1_CHOICE(CMS_CertificateChoices) = { - ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), - ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), - ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), - ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), - ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) -} ASN1_CHOICE_END(CMS_CertificateChoices) +ASN1_CHOICE(CMS_CertificateChoices) + = { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) } ASN1_CHOICE_END(CMS_CertificateChoices) ASN1_CHOICE(CMS_SignerIdentifier) = { - ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), - ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) + ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) } static_ASN1_CHOICE_END(CMS_SignerIdentifier) -ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { - ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), - ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) -} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) +ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) + = { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) /* Minor tweak to operation: free up signer key, cert */ -static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { if (operation == ASN1_OP_FREE_POST) { CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; @@ -57,41 +48,38 @@ } ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { - ASN1_EMBED(CMS_SignerInfo, version, INT32), - ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier), - ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR), - ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0), - ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1) + ASN1_EMBED(CMS_SignerInfo, version, INT32), + ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier), + ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR), + ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0), + ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1) } ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo) ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = { - ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT), - ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY) + ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT), + ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY) } static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat) -ASN1_CHOICE(CMS_RevocationInfoChoice) = { - ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), - ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) -} ASN1_CHOICE_END(CMS_RevocationInfoChoice) +ASN1_CHOICE(CMS_RevocationInfoChoice) + = { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice) ASN1_NDEF_SEQUENCE(CMS_SignedData) = { - ASN1_EMBED(CMS_SignedData, version, INT32), - ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR), - ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1), - ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo) + ASN1_EMBED(CMS_SignedData, version, INT32), + ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR), + ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1), + ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo) } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) -static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval; @@ -101,36 +89,35 @@ } ASN1_NDEF_SEQUENCE_cb(CMS_EncryptedContentInfo, cms_ec_cb) = { - ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), - ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), - ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) + ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), + ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), + ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) } ASN1_NDEF_SEQUENCE_END_cb(CMS_EncryptedContentInfo, CMS_EncryptedContentInfo) ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { - ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), - ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier), - ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING) + ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo) ASN1_SEQUENCE(CMS_OtherKeyAttribute) = { - ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT), - ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY) + ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT), + ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY) } ASN1_SEQUENCE_END(CMS_OtherKeyAttribute) ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = { - ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING), - ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME), - ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute) + ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING), + ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME), + ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute) } ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier) ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { - ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), - ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) + ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) } static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) -static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval; if (operation == ASN1_OP_FREE_POST) { @@ -140,23 +127,22 @@ } ASN1_SEQUENCE_cb(CMS_RecipientEncryptedKey, cms_rek_cb) = { - ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier), - ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING) + ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier), + ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END_cb(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey) ASN1_SEQUENCE(CMS_OriginatorPublicKey) = { - ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) + ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(CMS_OriginatorPublicKey) ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { - ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), - ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), - ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) + ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), + ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) } static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) -static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval; if (operation == ASN1_OP_NEW_POST) { @@ -173,41 +159,36 @@ } ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = { - ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32), - ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0), - ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1), - ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), - ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey) + ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32), + ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0), + ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1), + ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey) } ASN1_SEQUENCE_END_cb(CMS_KeyAgreeRecipientInfo, CMS_KeyAgreeRecipientInfo) ASN1_SEQUENCE(CMS_KEKIdentifier) = { - ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING), - ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME), - ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute) + ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING), + ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME), + ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute) } static_ASN1_SEQUENCE_END(CMS_KEKIdentifier) -ASN1_SEQUENCE(CMS_KEKRecipientInfo) = { - ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), - ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), - ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo) +ASN1_SEQUENCE(CMS_KEKRecipientInfo) + = { ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo) ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { - ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32), - ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0), - ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING) + ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32), + ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0), + ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo) ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { - ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), - ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) + ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), + ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) } static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) /* Free up RecipientInfo additional data */ -static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { if (operation == ASN1_OP_FREE_PRE) { CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; @@ -228,81 +209,82 @@ } ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { - ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), - ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1), - ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2), - ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3), - ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4) + ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), + ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1), + ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2), + ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3), + ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4) } ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type) ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = { - ASN1_EMBED(CMS_EnvelopedData, version, INT32), - ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), - ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo), - ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1) + ASN1_EMBED(CMS_EnvelopedData, version, INT32), + ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), + ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo), + ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1) } ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData) ASN1_NDEF_SEQUENCE(CMS_DigestedData) = { - ASN1_EMBED(CMS_DigestedData, version, INT32), - ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo), - ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING) + ASN1_EMBED(CMS_DigestedData, version, INT32), + ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING) } ASN1_NDEF_SEQUENCE_END(CMS_DigestedData) ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = { - ASN1_EMBED(CMS_EncryptedData, version, INT32), - ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1) + ASN1_EMBED(CMS_EncryptedData, version, INT32), + ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1) } ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData) /* Defined in RFC 5083 - Section 2.1. AuthEnvelopedData Type */ ASN1_NDEF_SEQUENCE(CMS_AuthEnvelopedData) = { - ASN1_EMBED(CMS_AuthEnvelopedData, version, INT32), - ASN1_IMP_OPT(CMS_AuthEnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), - ASN1_SET_OF(CMS_AuthEnvelopedData, recipientInfos, CMS_RecipientInfo), - ASN1_SIMPLE(CMS_AuthEnvelopedData, authEncryptedContentInfo, CMS_EncryptedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_AuthEnvelopedData, authAttrs, X509_ALGOR, 2), - ASN1_SIMPLE(CMS_AuthEnvelopedData, mac, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(CMS_AuthEnvelopedData, unauthAttrs, X509_ALGOR, 3) + ASN1_EMBED(CMS_AuthEnvelopedData, version, INT32), + ASN1_IMP_OPT(CMS_AuthEnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), + ASN1_SET_OF(CMS_AuthEnvelopedData, recipientInfos, CMS_RecipientInfo), + ASN1_SIMPLE(CMS_AuthEnvelopedData, authEncryptedContentInfo, CMS_EncryptedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_AuthEnvelopedData, authAttrs, X509_ALGOR, 2), + ASN1_SIMPLE(CMS_AuthEnvelopedData, mac, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CMS_AuthEnvelopedData, unauthAttrs, X509_ALGOR, 3) } ASN1_NDEF_SEQUENCE_END(CMS_AuthEnvelopedData) ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { - ASN1_EMBED(CMS_AuthenticatedData, version, INT32), - ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0), - ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo), - ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR), - ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1), - ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2), - ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3) + ASN1_EMBED(CMS_AuthenticatedData, version, INT32), + ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0), + ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo), + ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR), + ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1), + ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo), + ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2), + ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3) } static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) -ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { - ASN1_EMBED(CMS_CompressedData, version, INT32), - ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), -} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) +ASN1_NDEF_SEQUENCE(CMS_CompressedData) + = { + ASN1_EMBED(CMS_CompressedData, version, INT32), + ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), + } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) /* This is the ANY DEFINED BY table for the top level ContentInfo structure */ ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0); ASN1_ADB(CMS_ContentInfo) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)), - ADB_ENTRY(NID_id_smime_ct_authEnvelopedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authEnvelopedData, CMS_AuthEnvelopedData, 0)), - ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)), - ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), + ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)), + ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)), + ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)), + ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)), + ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)), + ADB_ENTRY(NID_id_smime_ct_authEnvelopedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authEnvelopedData, CMS_AuthEnvelopedData, 0)), + ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)), + ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); /* CMS streaming support */ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { ASN1_STREAM_ARG *sarg = exarg; CMS_ContentInfo *cms = NULL; @@ -331,14 +313,13 @@ case ASN1_OP_FREE_POST: OPENSSL_free(cms->ctx.propq); break; - } return 1; } ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { - ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), - ASN1_ADB_OBJECT(CMS_ContentInfo) + ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), + ASN1_ADB_OBJECT(CMS_ContentInfo) } ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo) /* Specials for signed attributes */ @@ -348,8 +329,7 @@ * encoding. */ -ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign) /* @@ -357,29 +337,23 @@ * SEQUENCE OF and tag it to SET OF */ -ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, - V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, + V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) - - ASN1_CHOICE(CMS_ReceiptsFrom) = { - ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0), - ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) + ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0), + ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) } static_ASN1_CHOICE_END(CMS_ReceiptsFrom) -ASN1_SEQUENCE(CMS_ReceiptRequest) = { - ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), - ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), - ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) -} ASN1_SEQUENCE_END(CMS_ReceiptRequest) +ASN1_SEQUENCE(CMS_ReceiptRequest) + = { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest) ASN1_SEQUENCE(CMS_Receipt) = { - ASN1_EMBED(CMS_Receipt, version, INT32), - ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), - ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), - ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) + ASN1_EMBED(CMS_Receipt, version, INT32), + ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), + ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_Receipt) /* @@ -394,13 +368,12 @@ } CMS_SharedInfo; ASN1_SEQUENCE(CMS_SharedInfo) = { - ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR), - ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0), - ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2), + ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR), + ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0), + ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2), } static_ASN1_SEQUENCE_END(CMS_SharedInfo) -int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, - ASN1_OCTET_STRING *ukm, int keylen) +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen) { union { CMS_SharedInfo *pecsi; --- crypto/openssl/crypto/cms/cms_att.c.orig +++ crypto/openssl/crypto/cms/cms_att.c @@ -25,44 +25,30 @@ * - RFC 5035 Section 5.4 */ /* This is a signed attribute */ -#define CMS_ATTR_F_SIGNED 0x01 +#define CMS_ATTR_F_SIGNED 0x01 /* This is an unsigned attribute */ -#define CMS_ATTR_F_UNSIGNED 0x02 +#define CMS_ATTR_F_UNSIGNED 0x02 /* Must be present if there are any other attributes of the same type */ -#define CMS_ATTR_F_REQUIRED_COND 0x10 +#define CMS_ATTR_F_REQUIRED_COND 0x10 /* There can only be one instance of this attribute */ -#define CMS_ATTR_F_ONLY_ONE 0x20 +#define CMS_ATTR_F_ONLY_ONE 0x20 /* The Attribute's value must have exactly one entry */ #define CMS_ATTR_F_ONE_ATTR_VALUE 0x40 /* Attributes rules for different attributes */ static const struct { - int nid; /* The attribute id */ + int nid; /* The attribute id */ int flags; } cms_attribute_properties[] = { /* See RFC Section 11 */ - { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE - | CMS_ATTR_F_REQUIRED_COND }, - { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE - | CMS_ATTR_F_REQUIRED_COND }, - { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE }, + { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE | CMS_ATTR_F_REQUIRED_COND }, + { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE | CMS_ATTR_F_REQUIRED_COND }, + { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE }, { NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED }, /* ESS */ - { NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE }, - { NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE }, - { NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE } + { NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE }, + { NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE }, + { NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED | CMS_ATTR_F_ONLY_ONE | CMS_ATTR_F_ONE_ATTR_VALUE } }; /* CMS SignedData Attribute utilities */ @@ -78,7 +64,7 @@ } int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); } @@ -101,8 +87,8 @@ } int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len) + const ASN1_OBJECT *obj, int type, + const void *bytes, int len) { if (ossl_x509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) return 1; @@ -110,7 +96,7 @@ } int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, const void *bytes, int len) + int nid, int type, const void *bytes, int len) { if (ossl_x509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) return 1; @@ -118,18 +104,18 @@ } int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len) + const char *attrname, int type, + const void *bytes, int len) { if (ossl_x509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, - len)) + len)) return 1; return 0; } void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, - const ASN1_OBJECT *oid, - int lastpos, int type) + const ASN1_OBJECT *oid, + int lastpos, int type) { return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); } @@ -140,13 +126,13 @@ } int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos) + int lastpos) { return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); } int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int lastpos) + const ASN1_OBJECT *obj, int lastpos) { return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); } @@ -169,8 +155,8 @@ } int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len) + const ASN1_OBJECT *obj, int type, + const void *bytes, int len) { if (ossl_x509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) return 1; @@ -178,8 +164,8 @@ } int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len) + int nid, int type, + const void *bytes, int len) { if (ossl_x509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) return 1; @@ -187,17 +173,17 @@ } int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len) + const char *attrname, int type, + const void *bytes, int len) { if (ossl_x509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, - type, bytes, len)) + type, bytes, len)) return 1; return 0; } void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type) + int lastpos, int type) { return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); } @@ -209,8 +195,8 @@ * If an attribute was found *lastpos returns the index of the found attribute. */ static X509_ATTRIBUTE *cms_attrib_get(int nid, - const STACK_OF(X509_ATTRIBUTE) *attrs, - int *lastpos) + const STACK_OF(X509_ATTRIBUTE) *attrs, + int *lastpos) { X509_ATTRIBUTE *at; int loc; @@ -225,8 +211,8 @@ } static int cms_check_attribute(int nid, int flags, int type, - const STACK_OF(X509_ATTRIBUTE) *attrs, - int have_attrs) + const STACK_OF(X509_ATTRIBUTE) *attrs, + int have_attrs) { int lastpos = -1; X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos); @@ -244,7 +230,7 @@ && count != 1) /* There should be at least one value */ || count == 0) - return 0; + return 0; } else { /* fail if a required attribute is missing */ if (have_attrs @@ -276,9 +262,9 @@ int flags = cms_attribute_properties[i].flags; if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED, - si->signedAttrs, have_signed_attrs) + si->signedAttrs, have_signed_attrs) || !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED, - si->unsignedAttrs, have_unsigned_attrs)) { + si->unsignedAttrs, have_unsigned_attrs)) { ERR_raise(ERR_LIB_CMS, CMS_R_ATTRIBUTE_ERROR); return 0; } --- crypto/openssl/crypto/cms/cms_cd.c.orig +++ crypto/openssl/crypto/cms/cms_cd.c @@ -22,8 +22,8 @@ /* CMS CompressedData Utilities */ CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid, - OSSL_LIB_CTX *libctx, - const char *propq) + OSSL_LIB_CTX *libctx, + const char *propq) { CMS_ContentInfo *cms; CMS_CompressedData *cd; @@ -51,13 +51,13 @@ cd->version = 0; X509_ALGOR_set0(cd->compressionAlgorithm, - OBJ_nid2obj(NID_zlib_compression), V_ASN1_UNDEF, NULL); + OBJ_nid2obj(NID_zlib_compression), V_ASN1_UNDEF, NULL); cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); return cms; - err: +err: CMS_ContentInfo_free(cms); return NULL; } --- crypto/openssl/crypto/cms/cms_dd.c.orig +++ crypto/openssl/crypto/cms/cms_dd.c @@ -18,8 +18,8 @@ /* CMS DigestedData Utilities */ CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md, - OSSL_LIB_CTX *libctx, - const char *propq) + OSSL_LIB_CTX *libctx, + const char *propq) { CMS_ContentInfo *cms; CMS_DigestedData *dd; @@ -43,7 +43,7 @@ return cms; - err: +err: CMS_ContentInfo_free(cms); return NULL; } @@ -53,11 +53,11 @@ CMS_DigestedData *dd = cms->d.digestedData; return ossl_cms_DigestAlgorithm_init_bio(dd->digestAlgorithm, - ossl_cms_get0_cmsctx(cms)); + ossl_cms_get0_cmsctx(cms)); } int ossl_cms_DigestedData_do_final(const CMS_ContentInfo *cms, BIO *chain, - int verify) + int verify) { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); unsigned char md[EVP_MAX_MD_SIZE]; @@ -94,9 +94,8 @@ r = 1; } - err: +err: EVP_MD_CTX_free(mctx); return r; - } --- crypto/openssl/crypto/cms/cms_dh.c.orig +++ crypto/openssl/crypto/cms/cms_dh.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ #include "cms_local.h" static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, - X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) + X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) { const ASN1_OBJECT *aoid; int atype; @@ -63,13 +63,13 @@ pkpeer = EVP_PKEY_new(); if (pkpeer == NULL - || !EVP_PKEY_copy_parameters(pkpeer, pk) - || !EVP_PKEY_set1_encoded_public_key(pkpeer, buf, plen)) + || !EVP_PKEY_copy_parameters(pkpeer, pk) + || !EVP_PKEY_set1_encoded_public_key(pkpeer, buf, plen)) goto err; if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) rv = 1; - err: +err: ASN1_INTEGER_free(public_key); BN_free(bnpub); OPENSSL_free(buf); @@ -88,29 +88,34 @@ int keylen, plen; EVP_CIPHER *kekcipher = NULL; EVP_CIPHER_CTX *kekctx; + const ASN1_OBJECT *aoid; + const void *parameter = NULL; + int ptype = 0; char name[OSSL_MAX_NAME_SIZE]; if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) goto err; + X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg); + /* * For DH we only have one OID permissible. If ever any more get defined * we will need something cleverer. */ - if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) { + if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) { ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR); goto err; } if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0 - || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0) + || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0) goto err; - if (alg->parameter->type != V_ASN1_SEQUENCE) + if (ptype != V_ASN1_SEQUENCE) goto err; - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; + p = ASN1_STRING_get0_data(parameter); + plen = ASN1_STRING_length(parameter); kekalg = d2i_X509_ALGOR(NULL, &p, plen); if (kekalg == NULL) goto err; @@ -122,7 +127,7 @@ goto err; kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery); - if (kekcipher == NULL + if (kekcipher == NULL || EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) goto err; if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) @@ -135,7 +140,7 @@ goto err; /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */ if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, - OBJ_nid2obj(EVP_CIPHER_get_type(kekcipher))) + OBJ_nid2obj(EVP_CIPHER_get_type(kekcipher))) <= 0) goto err; @@ -151,7 +156,7 @@ dukm = NULL; rv = 1; - err: +err: X509_ALGOR_free(kekalg); EVP_CIPHER_free(kekcipher); OPENSSL_free(dukm); @@ -170,9 +175,9 @@ ASN1_BIT_STRING *pubkey; if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, - NULL, NULL, NULL)) + NULL, NULL, NULL)) return 0; - if (alg == NULL || pubkey == NULL) + if (alg == NULL || pubkey == NULL) return 0; if (!dh_cms_set_peerkey(pctx, alg, pubkey)) { ERR_raise(ERR_LIB_CMS, CMS_R_PEER_KEY_ERROR); @@ -211,7 +216,7 @@ /* Get ephemeral key */ pkey = EVP_PKEY_CTX_get0_pkey(pctx); if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, - NULL, NULL, NULL)) + NULL, NULL, NULL)) goto err; /* Is everything uninitialised? */ @@ -239,7 +244,7 @@ penc = NULL; X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber), - V_ASN1_UNDEF, NULL); + V_ASN1_UNDEF, NULL); } /* See if custom parameters set */ @@ -317,11 +322,11 @@ ASN1_STRING_set0(wrap_str, penc, penclen); penc = NULL; rv = X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), - V_ASN1_SEQUENCE, wrap_str); + V_ASN1_SEQUENCE, wrap_str); if (!rv) ASN1_STRING_free(wrap_str); - err: +err: OPENSSL_free(penc); X509_ALGOR_free(wrap_alg); OPENSSL_free(dukm); --- crypto/openssl/crypto/cms/cms_ec.c.orig +++ crypto/openssl/crypto/cms/cms_ec.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ #include "cms_local.h" static EVP_PKEY *pkey_type2param(int ptype, const void *pval, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pctx = NULL; @@ -30,7 +30,7 @@ int selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; ctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC", - selection, libctx, propq); + selection, libctx, propq); if (ctx == NULL) goto err; @@ -49,7 +49,7 @@ if (pctx == NULL || EVP_PKEY_paramgen_init(pctx) <= 0) goto err; if (OBJ_obj2txt(groupname, sizeof(groupname), poid, 0) <= 0 - || EVP_PKEY_CTX_set_group_name(pctx, groupname) <= 0) { + || EVP_PKEY_CTX_set_group_name(pctx, groupname) <= 0) { ERR_raise(ERR_LIB_CMS, CMS_R_DECODE_ERROR); goto err; } @@ -62,7 +62,7 @@ ERR_raise(ERR_LIB_CMS, CMS_R_DECODE_ERROR); return NULL; - err: +err: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); OSSL_DECODER_CTX_free(ctx); @@ -70,7 +70,7 @@ } static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, - X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) + X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) { const ASN1_OBJECT *aoid; int atype; @@ -99,8 +99,8 @@ goto err; } else { pkpeer = pkey_type2param(atype, aval, - EVP_PKEY_CTX_get0_libctx(pctx), - EVP_PKEY_CTX_get0_propq(pctx)); + EVP_PKEY_CTX_get0_libctx(pctx), + EVP_PKEY_CTX_get0_propq(pctx)); if (pkpeer == NULL) goto err; } @@ -115,7 +115,7 @@ if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) rv = 1; - err: +err: EVP_PKEY_free(pkpeer); return rv; } @@ -165,21 +165,27 @@ int plen, keylen; EVP_CIPHER *kekcipher = NULL; EVP_CIPHER_CTX *kekctx; + const ASN1_OBJECT *aoid = NULL; + int ptype = 0; + const void *parameter = NULL; + char name[OSSL_MAX_NAME_SIZE]; if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) return 0; - if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) { + X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg); + + if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) { ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR); return 0; } - if (alg->parameter->type != V_ASN1_SEQUENCE) + if (ptype != V_ASN1_SEQUENCE) return 0; - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; + p = ASN1_STRING_get0_data(parameter); + plen = ASN1_STRING_length(parameter); kekalg = d2i_X509_ALGOR(NULL, &p, plen); if (kekalg == NULL) goto err; @@ -209,7 +215,7 @@ der = NULL; rv = 1; - err: +err: EVP_CIPHER_free(kekcipher); X509_ALGOR_free(kekalg); OPENSSL_free(der); @@ -229,7 +235,7 @@ ASN1_BIT_STRING *pubkey; if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, - NULL, NULL, NULL)) + NULL, NULL, NULL)) return 0; if (alg == NULL || pubkey == NULL) return 0; @@ -269,7 +275,7 @@ /* Get ephemeral key */ pkey = EVP_PKEY_CTX_get0_pkey(pctx); if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, - NULL, NULL, NULL)) + NULL, NULL, NULL)) goto err; X509_ALGOR_get0(&aoid, NULL, NULL, talg); /* Is everything uninitialised? */ @@ -286,7 +292,7 @@ penc = NULL; (void)X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), - V_ASN1_UNDEF, NULL); /* cannot fail */ + V_ASN1_UNDEF, NULL); /* cannot fail */ } /* See if custom parameters set */ @@ -373,7 +379,7 @@ rv = 1; - err: +err: OPENSSL_free(penc); X509_ALGOR_free(wrap_alg); return rv; --- crypto/openssl/crypto/cms/cms_enc.c.orig +++ crypto/openssl/crypto/cms/cms_enc.c @@ -23,7 +23,7 @@ /* Return BIO based on EncryptedContentInfo and key */ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, - const CMS_CTX *cms_ctx) + const CMS_CTX *cms_ctx) { BIO *b; EVP_CIPHER_CTX *ctx; @@ -64,7 +64,7 @@ } if (cipher != NULL) { fetched_ciph = EVP_CIPHER_fetch(libctx, EVP_CIPHER_get0_name(cipher), - propq); + propq); if (fetched_ciph != NULL) cipher = fetched_ciph; } @@ -106,8 +106,9 @@ if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { piv = aparams.iv; if (ec->taglen > 0 - && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - ec->taglen, ec->tag) <= 0) { + && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + ec->taglen, ec->tag) + <= 0) { ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_AEAD_SET_TAG_ERROR); goto err; } @@ -137,7 +138,6 @@ keep_key = 1; else ERR_clear_error(); - } if (ec->keylen != tkeylen) { @@ -191,7 +191,7 @@ } ok = 1; - err: +err: EVP_CIPHER_free(fetched_ciph); if (!keep_key || !ok) { OPENSSL_clear_free(ec->key, ec->keylen); @@ -205,9 +205,9 @@ } int ossl_cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen, - const CMS_CTX *cms_ctx) + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + const CMS_CTX *cms_ctx) { ec->cipher = cipher; if (key) { @@ -224,7 +224,7 @@ } int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { CMS_EncryptedContentInfo *ec; @@ -233,6 +233,14 @@ return 0; } if (ciph) { + if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { + ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); + return 0; + } + if (cms->d.encryptedData != NULL) { + M_ASN1_free_of(cms->d.encryptedData, CMS_EncryptedData); + cms->d.encryptedData = NULL; + } cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData); if (!cms->d.encryptedData) { ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); @@ -246,7 +254,7 @@ } ec = cms->d.encryptedData->encryptedContentInfo; return ossl_cms_EncryptedContent_init(ec, ciph, key, keylen, - ossl_cms_get0_cmsctx(cms)); + ossl_cms_get0_cmsctx(cms)); } BIO *ossl_cms_EncryptedData_init_bio(const CMS_ContentInfo *cms) @@ -255,5 +263,5 @@ if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) enc->version = 2; return ossl_cms_EncryptedContent_init_bio(enc->encryptedContentInfo, - ossl_cms_get0_cmsctx(cms)); + ossl_cms_get0_cmsctx(cms)); } --- crypto/openssl/crypto/cms/cms_env.c.orig +++ crypto/openssl/crypto/cms/cms_env.c @@ -24,7 +24,7 @@ static void cms_env_set_version(CMS_EnvelopedData *env); #define CMS_ENVELOPED_STANDARD 1 -#define CMS_ENVELOPED_AUTH 2 +#define CMS_ENVELOPED_AUTH 2 static int cms_get_enveloped_type_simple(const CMS_ContentInfo *cms) { @@ -78,8 +78,7 @@ return NULL; } cms->d.envelopedData->version = 0; - cms->d.envelopedData->encryptedContentInfo->contentType = - OBJ_nid2obj(NID_pkcs7_data); + cms->d.envelopedData->encryptedContentInfo->contentType = OBJ_nid2obj(NID_pkcs7_data); ASN1_OBJECT_free(cms->contentType); cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); return cms->d.envelopedData; @@ -98,8 +97,7 @@ } /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */ cms->d.authEnvelopedData->version = 0; - cms->d.authEnvelopedData->authEncryptedContentInfo->contentType = - OBJ_nid2obj(NID_pkcs7_data); + cms->d.authEnvelopedData->authEncryptedContentInfo->contentType = OBJ_nid2obj(NID_pkcs7_data); ASN1_OBJECT_free(cms->contentType); cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData); return cms->d.authEnvelopedData; @@ -151,11 +149,11 @@ switch (cms_get_enveloped_type(cms)) { case CMS_ENVELOPED_STANDARD: return cms->d.envelopedData == NULL ? NULL - : cms->d.envelopedData->encryptedContentInfo; + : cms->d.envelopedData->encryptedContentInfo; case CMS_ENVELOPED_AUTH: return cms->d.authEnvelopedData == NULL ? NULL - : cms->d.authEnvelopedData->authEncryptedContentInfo; + : cms->d.authEnvelopedData->authEncryptedContentInfo; default: return NULL; @@ -193,8 +191,8 @@ case CMS_RECIPINFO_TRANS: ri->d.ktri->cms_ctx = ctx; ossl_x509_set0_libctx(ri->d.ktri->recip, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); break; case CMS_RECIPINFO_KEK: ri->d.kekri->cms_ctx = ctx; @@ -224,8 +222,8 @@ } CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, - OSSL_LIB_CTX *libctx, - const char *propq) + OSSL_LIB_CTX *libctx, + const char *propq) { CMS_ContentInfo *cms; CMS_EnvelopedData *env; @@ -238,10 +236,10 @@ goto merr; if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL, - 0, ossl_cms_get0_cmsctx(cms))) + 0, ossl_cms_get0_cmsctx(cms))) goto merr; return cms; - merr: +merr: CMS_ContentInfo_free(cms); ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); return NULL; @@ -254,7 +252,7 @@ CMS_ContentInfo * CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { CMS_ContentInfo *cms; CMS_AuthEnvelopedData *aenv; @@ -266,17 +264,16 @@ if (aenv == NULL) goto merr; if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo, - cipher, NULL, 0, - ossl_cms_get0_cmsctx(cms))) + cipher, NULL, 0, + ossl_cms_get0_cmsctx(cms))) goto merr; return cms; - merr: +merr: CMS_ContentInfo_free(cms); ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); return NULL; } - CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher) { return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL); @@ -287,8 +284,8 @@ /* Initialise a ktri based on passed certificate and key */ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *pk, unsigned int flags, - const CMS_CTX *ctx) + EVP_PKEY *pk, unsigned int flags, + const CMS_CTX *ctx) { CMS_KeyTransRecipientInfo *ktri; int idtype; @@ -325,8 +322,8 @@ if (flags & CMS_KEY_PARAM) { ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - ktri->pkey, - ossl_cms_ctx_get0_propq(ctx)); + ktri->pkey, + ossl_cms_ctx_get0_propq(ctx)); if (ktri->pctx == NULL) return 0; if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) @@ -341,8 +338,8 @@ */ CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, - EVP_PKEY *originatorPrivKey, - X509 *originator, unsigned int flags) + EVP_PKEY *originatorPrivKey, + X509 *originator, unsigned int flags) { CMS_RecipientInfo *ri = NULL; STACK_OF(CMS_RecipientInfo) *ris; @@ -373,14 +370,13 @@ case CMS_RECIPINFO_AGREE: if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator, - originatorPrivKey, flags, ctx)) + originatorPrivKey, flags, ctx)) goto err; break; default: ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; - } if (!sk_CMS_RecipientInfo_push(ris, ri)) @@ -388,23 +384,22 @@ return ri; - merr: +merr: ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: +err: M_ASN1_free_of(ri, CMS_RecipientInfo); return NULL; - } CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, - unsigned int flags) + unsigned int flags) { - return CMS_add1_recipient(cms, recip, NULL, NULL, flags); + return CMS_add1_recipient(cms, recip, NULL, NULL, flags); } int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, - EVP_PKEY **pk, X509 **recip, - X509_ALGOR **palg) + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg) { CMS_KeyTransRecipientInfo *ktri; if (ri->type != CMS_RECIPINFO_TRANS) { @@ -424,9 +419,9 @@ } int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno) + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno) { CMS_KeyTransRecipientInfo *ktri; if (ri->type != CMS_RECIPINFO_TRANS) { @@ -436,7 +431,7 @@ ktri = ri->d.ktri; return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, - sno); + sno); } int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) @@ -462,7 +457,7 @@ /* Encrypt content key in key transport recipient info */ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) + CMS_RecipientInfo *ri) { CMS_KeyTransRecipientInfo *ktri; CMS_EncryptedContentInfo *ec; @@ -487,8 +482,8 @@ goto err; } else { pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - ktri->pkey, - ossl_cms_ctx_get0_propq(ctx)); + ktri->pkey, + ossl_cms_ctx_get0_propq(ctx)); if (pctx == NULL) return 0; @@ -514,7 +509,7 @@ ret = 1; - err: +err: EVP_PKEY_CTX_free(pctx); ktri->pctx = NULL; OPENSSL_free(ek); @@ -524,7 +519,7 @@ /* Decrypt content key from KTRI */ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) + CMS_RecipientInfo *ri) { CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; EVP_PKEY *pkey = ktri->pkey; @@ -547,7 +542,7 @@ } if (cms->d.envelopedData->encryptedContentInfo->havenocert - && !cms->d.envelopedData->encryptedContentInfo->debug) { + && !cms->d.envelopedData->encryptedContentInfo->debug) { X509_ALGOR *calg = ec->contentEncryptionAlgorithm; char name[OSSL_MAX_NAME_SIZE]; @@ -582,8 +577,9 @@ goto err; if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, - ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) + ktri->encryptedKey->data, + ktri->encryptedKey->length) + <= 0) goto err; ek = OPENSSL_malloc(eklen); @@ -593,10 +589,11 @@ } if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, - ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0 - || eklen == 0 - || (fixlen != 0 && eklen != fixlen)) { + ktri->encryptedKey->data, + ktri->encryptedKey->length) + <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB); goto err; } @@ -607,7 +604,7 @@ ec->key = ek; ec->keylen = eklen; - err: +err: EVP_PKEY_CTX_free(ktri->pctx); ktri->pctx = NULL; if (!ret) @@ -619,7 +616,7 @@ /* Key Encrypted Key (KEK) RecipientInfo routines */ int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, - const unsigned char *id, size_t idlen) + const unsigned char *id, size_t idlen) { ASN1_OCTET_STRING tmp_os; CMS_KEKRecipientInfo *kekri; @@ -655,11 +652,11 @@ } CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen, - ASN1_GENERALIZEDTIME *date, - ASN1_OBJECT *otherTypeId, - ASN1_TYPE *otherType) + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType) { CMS_RecipientInfo *ri = NULL; CMS_KEKRecipientInfo *kekri; @@ -700,7 +697,6 @@ ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); goto err; } - } /* Initialize recipient info */ @@ -741,23 +737,23 @@ } X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, - OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); + OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); return ri; - merr: +merr: ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: +err: M_ASN1_free_of(ri, CMS_RecipientInfo); return NULL; } int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pid, - ASN1_GENERALIZEDTIME **pdate, - ASN1_OBJECT **potherid, - ASN1_TYPE **pothertype) + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype) { CMS_KEKIdentifier *rkid; if (ri->type != CMS_RECIPINFO_KEK) { @@ -787,7 +783,7 @@ } int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, - unsigned char *key, size_t keylen) + unsigned char *key, size_t keylen) { CMS_KEKRecipientInfo *kekri; if (ri->type != CMS_RECIPINFO_KEK) { @@ -805,7 +801,7 @@ { const char *alg = NULL; - switch(keylen) { + switch (keylen) { case 16: alg = "AES-128-WRAP"; break; @@ -819,14 +815,13 @@ return NULL; } return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg, - ossl_cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_propq(ctx)); } - /* Encrypt content key in KEK recipient info */ static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) + CMS_RecipientInfo *ri) { CMS_EncryptedContentInfo *ec; CMS_KEKRecipientInfo *kekri; @@ -870,8 +865,8 @@ EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) - || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen) - || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) { + || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen) + || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) { ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR); goto err; } @@ -885,7 +880,7 @@ r = 1; - err: +err: EVP_CIPHER_free(cipher); if (!r) OPENSSL_free(wkey); @@ -897,7 +892,7 @@ /* Decrypt content key in KEK recipient info */ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) + CMS_RecipientInfo *ri) { CMS_EncryptedContentInfo *ec; CMS_KEKRecipientInfo *kekri; @@ -952,10 +947,10 @@ } if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) - || !EVP_DecryptUpdate(ctx, ukey, &ukeylen, - kekri->encryptedKey->data, - kekri->encryptedKey->length) - || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) { + || !EVP_DecryptUpdate(ctx, ukey, &ukeylen, + kekri->encryptedKey->data, + kekri->encryptedKey->length) + || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) { ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR); goto err; } @@ -967,7 +962,7 @@ r = 1; - err: +err: EVP_CIPHER_free(cipher); if (!r) OPENSSL_free(ukey); @@ -1067,7 +1062,7 @@ env->version = 3; return; } else if (ri->type != CMS_RECIPINFO_TRANS - || ri->d.ktri->version != 0) { + || ri->d.ktri->version != 0) { env->version = 2; } } @@ -1079,7 +1074,7 @@ } static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms, - STACK_OF(CMS_RecipientInfo) *ris) + STACK_OF(CMS_RecipientInfo) *ris) { int i; CMS_RecipientInfo *ri; @@ -1104,7 +1099,7 @@ { CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo; BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec, - ossl_cms_get0_cmsctx(cms)); + ossl_cms_get0_cmsctx(cms)); EVP_CIPHER_CTX *ctx = NULL; if (contentBio == NULL) @@ -1120,9 +1115,11 @@ * deal with it using special ctrl function */ if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0 - && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0, - cms->d.envelopedData->unprotectedAttrs) <= 0) { + & EVP_CIPH_FLAG_CIPHER_WITH_MAC) + != 0 + && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0, + cms->d.envelopedData->unprotectedAttrs) + <= 0) { BIO_free(contentBio); return NULL; } @@ -1158,7 +1155,7 @@ ok = 1; - err: +err: cms_env_clear_ec(ec); if (ok) return ret; @@ -1169,8 +1166,8 @@ BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) { if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) { - /* If cipher is set it's encryption */ - return cms_EnvelopedData_Encryption_init_bio(cms); + /* If cipher is set it's encryption */ + return cms_EnvelopedData_Encryption_init_bio(cms); } /* If cipher is not set it's decryption */ @@ -1210,7 +1207,7 @@ ok = 1; - err: +err: cms_env_clear_ec(ec); if (ok) return ret; @@ -1240,7 +1237,8 @@ * deal with it using special ctrl function */ if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { + & EVP_CIPH_FLAG_CIPHER_WITH_MAC) + != 0) { if (env->unprotectedAttrs == NULL) env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null(); @@ -1250,7 +1248,8 @@ } if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, - 1, env->unprotectedAttrs) <= 0) { + 1, env->unprotectedAttrs) + <= 0) { ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE); return 0; } @@ -1268,7 +1267,7 @@ BIO_get_cipher_ctx(cmsbio, &ctx); - /* + /* * The tag is set only for encryption. There is nothing to do for * decryption. */ @@ -1277,9 +1276,10 @@ taglen = EVP_CIPHER_CTX_get_tag_length(ctx); if (taglen <= 0 - || (tag = OPENSSL_malloc(taglen)) == NULL - || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, - tag) <= 0) { + || (tag = OPENSSL_malloc(taglen)) == NULL + || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, + tag) + <= 0) { ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG); goto err; } @@ -1333,7 +1333,7 @@ int i, r; i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED, - ri_type, &r); + ri_type, &r); if (i > 0) return r; } --- crypto/openssl/crypto/cms/cms_err.c.orig +++ crypto/openssl/crypto/cms/cms_err.c @@ -14,167 +14,167 @@ #ifndef OPENSSL_NO_CMS -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA CMS_str_reasons[] = { - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT), - "certificate already present"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID), - "certificate has no keyid"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_AEAD_SET_TAG_ERROR), - "cipher aead set tag error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_GET_TAG), "cipher get tag"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR), - "cipher initialisation error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), - "cipher parameter initialisation error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR), - "cms datafinal error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH), - "contentidentifier mismatch"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH), - "content type mismatch"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), - "content type not compressed data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), - "content type not enveloped data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), - "content type not signed data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR), - "content verify error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY), - "error getting public key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), - "error reading messagedigest attribute"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), - "error setting recipientinfo"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT), - "error unsupported static key agreement"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR), - "ess signing certid mismatch error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), - "invalid encrypted key length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), - "invalid key encryption parameter"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_LABEL), "invalid label"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_OAEP_PARAMETERS), - "invalid oaep parameters"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_KDF_PARAMETER_ERROR), - "kdf parameter error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), - "messagedigest attribute wrong length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH), - "messagedigest wrong length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), - "msgsigdigest verification failure"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH), - "msgsigdigest wrong length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT), - "not a signed receipt"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "not supported for this key type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT), - "no matching recipient"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE), - "no matching signature"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR), - "receipt decode error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA), - "type not compressed data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA), - "type not digested data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA), - "type not encrypted data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA), - "type not enveloped data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT), - "unable to finalize context"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM), - "unknown digest algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), - "unsupported compression algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM), - "unsupported content encryption algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE), - "unsupported encryption type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM), - "unsupported kek algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), - "unsupported key encryption algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_LABEL_SOURCE), - "unsupported label source"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE), - "unsupported recipientinfo type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), - "unsupported recipient type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM), - "unsupported signature algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE), - "verification failure"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"}, - {0, NULL} + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT), + "certificate already present" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID), + "certificate has no keyid" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_AEAD_SET_TAG_ERROR), + "cipher aead set tag error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_GET_TAG), "cipher get tag" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR), + "cipher initialisation error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), + "cipher parameter initialisation error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR), + "cms datafinal error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH), + "contentidentifier mismatch" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH), + "content type mismatch" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), + "content type not compressed data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), + "content type not enveloped data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), + "content type not signed data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR), + "content verify error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECODE_ERROR), "decode error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY), + "error getting public key" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), + "error reading messagedigest attribute" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), + "error setting recipientinfo" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT), + "error unsupported static key agreement" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR), + "ess signing certid mismatch error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), + "invalid encrypted key length" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), + "invalid key encryption parameter" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_LABEL), "invalid label" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_OAEP_PARAMETERS), + "invalid oaep parameters" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_KDF_PARAMETER_ERROR), + "kdf parameter error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), + "messagedigest attribute wrong length" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH), + "messagedigest wrong length" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), + "msgsigdigest verification failure" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH), + "msgsigdigest wrong length" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT), + "not a signed receipt" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "not supported for this key type" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT), + "no matching recipient" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE), + "no matching signature" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PEER_KEY_ERROR), "peer key error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR), + "receipt decode error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SHARED_INFO_ERROR), "shared info error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA), + "type not compressed data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA), + "type not digested data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA), + "type not encrypted data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA), + "type not enveloped data" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT), + "unable to finalize context" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM), + "unknown digest algorithm" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), + "unsupported compression algorithm" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM), + "unsupported content encryption algorithm" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE), + "unsupported encryption type" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM), + "unsupported kek algorithm" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), + "unsupported key encryption algorithm" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_LABEL_SOURCE), + "unsupported label source" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE), + "unsupported recipientinfo type" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), + "unsupported recipient type" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM), + "unsupported signature algorithm" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE), + "verification failure" }, + { ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_CMS_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(CMS_str_reasons[0].error) == NULL) ERR_load_strings_const(CMS_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/cms/cms_ess.c.orig +++ crypto/openssl/crypto/cms/cms_ess.c @@ -50,7 +50,7 @@ * or -1 on attribute parsing failure. */ static int ossl_cms_signerinfo_get_signing_cert(const CMS_SignerInfo *si, - ESS_SIGNING_CERT **psc) + ESS_SIGNING_CERT **psc) { ASN1_STRING *str; ESS_SIGNING_CERT *sc; @@ -77,7 +77,7 @@ * or -1 on attribute parsing failure. */ static int ossl_cms_signerinfo_get_signing_cert_v2(const CMS_SignerInfo *si, - ESS_SIGNING_CERT_V2 **psc) + ESS_SIGNING_CERT_V2 **psc) { ASN1_STRING *str; ESS_SIGNING_CERT_V2 *sc; @@ -100,7 +100,7 @@ } int ossl_cms_check_signing_certs(const CMS_SignerInfo *si, - const STACK_OF(X509) *chain) + const STACK_OF(X509) *chain) { ESS_SIGNING_CERT *ss = NULL; ESS_SIGNING_CERT_V2 *ssv2 = NULL; @@ -129,7 +129,8 @@ if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) goto merr; if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32, - 0) <= 0) + 0) + <= 0) goto err; } @@ -146,13 +147,12 @@ return rr; - merr: +merr: ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: +err: CMS_ReceiptRequest_free(rr); return NULL; - } CMS_ReceiptRequest *CMS_ReceiptRequest_create0( @@ -160,7 +160,7 @@ STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo) { return CMS_ReceiptRequest_create0_ex(id, idlen, allorfirst, receiptList, - receiptsTo, NULL); + receiptsTo, NULL); } int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) @@ -173,26 +173,25 @@ goto merr; if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest, - V_ASN1_SEQUENCE, rrder, rrderlen)) + V_ASN1_SEQUENCE, rrder, rrderlen)) goto merr; r = 1; - merr: +merr: if (!r) ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); OPENSSL_free(rrder); return r; - } void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, - ASN1_STRING **pcid, - int *pallorfirst, - STACK_OF(GENERAL_NAMES) **plist, - STACK_OF(GENERAL_NAMES) **prto) + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto) { if (pcid != NULL) *pcid = rr->signedContentIdentifier; @@ -214,16 +213,16 @@ /* Digest a SignerInfo structure for msgSigDigest attribute processing */ static int cms_msgSigDigest(CMS_SignerInfo *si, - unsigned char *dig, unsigned int *diglen) + unsigned char *dig, unsigned int *diglen) { const EVP_MD *md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return 0; if (!ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, - si->signedAttrs, dig, diglen, - ossl_cms_ctx_get0_libctx(si->cms_ctx), - ossl_cms_ctx_get0_propq(si->cms_ctx))) + si->signedAttrs, dig, diglen, + ossl_cms_ctx_get0_libctx(si->cms_ctx), + ossl_cms_ctx_get0_propq(si->cms_ctx))) return 0; return 1; } @@ -240,7 +239,7 @@ return 0; } if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest, - V_ASN1_OCTET_STRING, dig, diglen)) { + V_ASN1_OCTET_STRING, dig, diglen)) { ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); return 0; } @@ -310,9 +309,8 @@ /* Get msgSigDigest value and compare */ msig = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj - (NID_id_smime_aa_msgSigDigest), -3, - V_ASN1_OCTET_STRING); + OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), -3, + V_ASN1_OCTET_STRING); if (!msig) { ERR_raise(ERR_LIB_CMS, CMS_R_NO_MSGSIGDIGEST); @@ -337,8 +335,8 @@ /* Compare content types */ octype = CMS_signed_get0_data_by_OBJ(osi, - OBJ_nid2obj(NID_pkcs9_contentType), - -3, V_ASN1_OBJECT); + OBJ_nid2obj(NID_pkcs9_contentType), + -3, V_ASN1_OBJECT); if (!octype) { ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT_TYPE); goto err; @@ -359,18 +357,17 @@ } if (ASN1_STRING_cmp(rr->signedContentIdentifier, - rct->signedContentIdentifier)) { + rct->signedContentIdentifier)) { ERR_raise(ERR_LIB_CMS, CMS_R_CONTENTIDENTIFIER_MISMATCH); goto err; } r = 1; - err: +err: CMS_ReceiptRequest_free(rr); M_ASN1_free_of(rct, CMS_Receipt); return r; - } /* @@ -397,8 +394,8 @@ /* Get original content type */ ctype = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_pkcs9_contentType), - -3, V_ASN1_OBJECT); + OBJ_nid2obj(NID_pkcs9_contentType), + -3, V_ASN1_OBJECT); if (!ctype) { ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT_TYPE); goto err; @@ -411,7 +408,7 @@ os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); - err: +err: CMS_ReceiptRequest_free(rr); return os; } --- crypto/openssl/crypto/cms/cms_io.c.orig +++ crypto/openssl/crypto/cms/cms_io.c @@ -39,8 +39,8 @@ const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms == NULL ? NULL : *cms); ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); if (ci != NULL) { ERR_set_mark(); ossl_cms_resolve_libctx(ci); @@ -59,7 +59,7 @@ BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) { return BIO_new_NDEF(out, (ASN1_VALUE *)cms, - ASN1_ITEM_rptr(CMS_ContentInfo)); + ASN1_ITEM_rptr(CMS_ContentInfo)); } /* CMS wrappers round generalised stream and MIME routines */ @@ -67,14 +67,14 @@ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) { return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags, - ASN1_ITEM_rptr(CMS_ContentInfo)); + ASN1_ITEM_rptr(CMS_ContentInfo)); } int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, - int flags) + int flags) { return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags, - "CMS", ASN1_ITEM_rptr(CMS_ContentInfo)); + "CMS", ASN1_ITEM_rptr(CMS_ContentInfo)); } int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) @@ -90,23 +90,23 @@ mdalgs = NULL; return SMIME_write_ASN1_ex(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid, - econt_nid, mdalgs, - ASN1_ITEM_rptr(CMS_ContentInfo), - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); + econt_nid, mdalgs, + ASN1_ITEM_rptr(CMS_ContentInfo), + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); } CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, - CMS_ContentInfo **cms) + CMS_ContentInfo **cms) { CMS_ContentInfo *ci; const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms == NULL ? NULL : *cms); ci = (CMS_ContentInfo *)SMIME_read_ASN1_ex(bio, flags, bcont, - ASN1_ITEM_rptr(CMS_ContentInfo), - (ASN1_VALUE **)cms, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); + ASN1_ITEM_rptr(CMS_ContentInfo), + (ASN1_VALUE **)cms, + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); if (ci != NULL) { ERR_set_mark(); ossl_cms_resolve_libctx(ci); --- crypto/openssl/crypto/cms/cms_kari.c.orig +++ crypto/openssl/crypto/cms/cms_kari.c @@ -26,8 +26,8 @@ /* Key Agreement Recipient Info (KARI) routines */ int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pukm) + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm) { if (ri->type != CMS_RECIPINFO_AGREE) { ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT); @@ -53,11 +53,11 @@ } int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, - X509_ALGOR **pubalg, - ASN1_BIT_STRING **pubkey, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno) + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno) { CMS_OriginatorIdentifierOrKey *oik; @@ -111,10 +111,10 @@ } int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, - ASN1_OCTET_STRING **keyid, - ASN1_GENERALIZEDTIME **tm, - CMS_OtherKeyAttribute **other, - X509_NAME **issuer, ASN1_INTEGER **sno) + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno) { CMS_KeyAgreeRecipientIdentifier *rid = rek->rid; @@ -146,7 +146,7 @@ } int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, - X509 *cert) + X509 *cert) { CMS_KeyAgreeRecipientIdentifier *rid = rek->rid; @@ -154,13 +154,13 @@ return ossl_cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert); else if (rid->type == CMS_REK_KEYIDENTIFIER) return ossl_cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, - cert); + cert); else return -1; } int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, - EVP_PKEY *pk, X509 *peer) + EVP_PKEY *pk, X509 *peer) { EVP_PKEY_CTX *pctx; CMS_KeyAgreeRecipientInfo *kari = ri->d.kari; @@ -171,8 +171,8 @@ return 1; pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(kari->cms_ctx), - pk, - ossl_cms_ctx_get0_propq(kari->cms_ctx)); + pk, + ossl_cms_ctx_get0_propq(kari->cms_ctx)); if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0) goto err; @@ -185,7 +185,7 @@ kari->pctx = pctx; return 1; - err: +err: EVP_PKEY_CTX_free(pctx); return 0; } @@ -208,8 +208,8 @@ */ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, - const unsigned char *in, size_t inlen, - CMS_KeyAgreeRecipientInfo *kari, int enc) + const unsigned char *in, size_t inlen, + CMS_KeyAgreeRecipientInfo *kari, int enc) { /* Key encryption key */ unsigned char kek[EVP_MAX_KEY_LENGTH]; @@ -239,7 +239,7 @@ *poutlen = (size_t)outlen; rv = 1; - err: +err: OPENSSL_cleanse(kek, keklen); if (!rv) OPENSSL_free(out); @@ -251,8 +251,8 @@ } int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, - CMS_RecipientEncryptedKey *rek) + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek) { int rv = 0; unsigned char *enckey = NULL, *cek = NULL; @@ -274,14 +274,14 @@ ec->keylen = ceklen; cek = NULL; rv = 1; - err: +err: OPENSSL_free(cek); return rv; } /* Create ephemeral key and initialise context based on it */ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, - EVP_PKEY *pk) + EVP_PKEY *pk) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *ekey = NULL; @@ -305,7 +305,7 @@ goto err; kari->pctx = pctx; rv = 1; - err: +err: if (!rv) EVP_PKEY_CTX_free(pctx); EVP_PKEY_free(ekey); @@ -314,23 +314,23 @@ /* Set originator private key and initialise context based on it */ static int cms_kari_set_originator_private_key(CMS_KeyAgreeRecipientInfo *kari, - EVP_PKEY *originatorPrivKey ) + EVP_PKEY *originatorPrivKey) { EVP_PKEY_CTX *pctx = NULL; int rv = 0; const CMS_CTX *ctx = kari->cms_ctx; pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - originatorPrivKey, - ossl_cms_ctx_get0_propq(ctx)); + originatorPrivKey, + ossl_cms_ctx_get0_propq(ctx)); if (pctx == NULL) goto err; if (EVP_PKEY_derive_init(pctx) <= 0) - goto err; + goto err; kari->pctx = pctx; rv = 1; - err: +err: if (rv == 0) EVP_PKEY_CTX_free(pctx); return rv; @@ -338,10 +338,10 @@ /* Initialise a kari based on passed certificate and key */ -int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *recipPubKey, X509 *originator, - EVP_PKEY *originatorPrivKey, - unsigned int flags, const CMS_CTX *ctx) +int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, + EVP_PKEY *recipPubKey, X509 *originator, + EVP_PKEY *originatorPrivKey, + unsigned int flags, const CMS_CTX *ctx) { CMS_KeyAgreeRecipientInfo *kari; CMS_RecipientEncryptedKey *rek = NULL; @@ -389,16 +389,16 @@ return 0; if (flags & CMS_USE_ORIGINATOR_KEYID) { - oik->type = CMS_OIK_KEYIDENTIFIER; - oik->d.subjectKeyIdentifier = ASN1_OCTET_STRING_new(); - if (oik->d.subjectKeyIdentifier == NULL) - return 0; - if (!ossl_cms_set1_keyid(&oik->d.subjectKeyIdentifier, originator)) - return 0; + oik->type = CMS_OIK_KEYIDENTIFIER; + oik->d.subjectKeyIdentifier = ASN1_OCTET_STRING_new(); + if (oik->d.subjectKeyIdentifier == NULL) + return 0; + if (!ossl_cms_set1_keyid(&oik->d.subjectKeyIdentifier, originator)) + return 0; } else { - oik->type = CMS_REK_ISSUER_SERIAL; - if (!ossl_cms_set1_ias(&oik->d.issuerAndSerialNumber, originator)) - return 0; + oik->type = CMS_REK_ISSUER_SERIAL; + if (!ossl_cms_set1_ias(&oik->d.issuerAndSerialNumber, originator)) + return 0; } if (!cms_kari_set_originator_private_key(kari, originatorPrivKey)) @@ -411,7 +411,7 @@ } static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, - const EVP_CIPHER *cipher) + const EVP_CIPHER *cipher) { const CMS_CTX *cms_ctx = kari->cms_ctx; EVP_CIPHER_CTX *ctx = kari->ctx; @@ -433,15 +433,15 @@ keylen = EVP_CIPHER_get_key_length(cipher); if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) { ret = EVP_CIPHER_meth_get_ctrl(cipher)(NULL, EVP_CTRL_GET_WRAP_CIPHER, - 0, &kekcipher); + 0, &kekcipher); if (ret <= 0) - return 0; + return 0; if (kekcipher != NULL) { - if (EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) - return 0; - kekcipher_name = EVP_CIPHER_get0_name(kekcipher); - goto enc; + if (EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) + return 0; + kekcipher_name = EVP_CIPHER_get0_name(kekcipher); + goto enc; } } @@ -454,7 +454,7 @@ kekcipher_name = SN_id_smime_alg_CMS3DESwrap; else #endif - if (keylen <= 16) + if (keylen <= 16) kekcipher_name = SN_id_aes128_wrap; else if (keylen <= 24) kekcipher_name = SN_id_aes192_wrap; @@ -462,8 +462,8 @@ kekcipher_name = SN_id_aes256_wrap; enc: fetched_kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), - kekcipher_name, - ossl_cms_ctx_get0_propq(cms_ctx)); + kekcipher_name, + ossl_cms_ctx_get0_propq(cms_ctx)); if (fetched_kekcipher == NULL) return 0; ret = EVP_EncryptInit_ex(ctx, fetched_kekcipher, NULL, NULL, NULL); @@ -474,7 +474,7 @@ /* Encrypt content key in key agreement recipient info */ int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) + CMS_RecipientInfo *ri) { CMS_KeyAgreeRecipientInfo *kari; CMS_EncryptedContentInfo *ec; @@ -521,7 +521,7 @@ if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0) return 0; if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen, - kari, 1)) + kari, 1)) return 0; ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen); } --- crypto/openssl/crypto/cms/cms_lib.c.orig +++ crypto/openssl/crypto/cms/cms_lib.c @@ -20,21 +20,22 @@ #include "cms_local.h" static STACK_OF(CMS_CertificateChoices) -**cms_get0_certificate_choices(CMS_ContentInfo *cms); + ** + cms_get0_certificate_choices(CMS_ContentInfo *cms); IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_ContentInfo) IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, - const unsigned char **in, long len) + const unsigned char **in, long len) { CMS_ContentInfo *ci; const CMS_CTX *ctx = ossl_cms_get0_cmsctx(a == NULL ? NULL : *a); ci = (CMS_ContentInfo *)ASN1_item_d2i_ex((ASN1_VALUE **)a, in, len, - (CMS_ContentInfo_it()), - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); + (CMS_ContentInfo_it()), + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); if (ci != NULL) { ERR_set_mark(); ossl_cms_resolve_libctx(ci); @@ -53,7 +54,7 @@ CMS_ContentInfo *ci; ci = (CMS_ContentInfo *)ASN1_item_new_ex(ASN1_ITEM_rptr(CMS_ContentInfo), - libctx, propq); + libctx, propq); if (ci != NULL) { ci->ctx.libctx = libctx; ci->ctx.propq = NULL; @@ -193,7 +194,6 @@ if (!icont) BIO_free(cont); return NULL; - } /* unfortunately cannot constify SMIME_write_ASN1() due to this function */ @@ -273,7 +273,7 @@ case NID_id_smime_ct_authEnvelopedData: return &cms->d.authEnvelopedData->authEncryptedContentInfo - ->encryptedContent; + ->encryptedContent; case NID_id_smime_ct_authData: return &cms->d.authenticatedData->encapContentInfo->eContent; @@ -286,7 +286,6 @@ return &cms->d.other->value.octet_string; ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE); return NULL; - } } @@ -313,7 +312,7 @@ case NID_id_smime_ct_authEnvelopedData: return &cms->d.authEnvelopedData->authEncryptedContentInfo - ->contentType; + ->contentType; case NID_id_smime_ct_authData: return &cms->d.authenticatedData->encapContentInfo->eContentType; @@ -323,7 +322,6 @@ default: ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE); return NULL; - } } @@ -393,7 +391,7 @@ /* Create a digest BIO from an X509_ALGOR structure */ BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, - const CMS_CTX *ctx) + const CMS_CTX *ctx) { BIO *mdbio = NULL; const ASN1_OBJECT *digestoid; @@ -406,7 +404,7 @@ (void)ERR_set_mark(); fetched_digest = EVP_MD_fetch(ossl_cms_ctx_get0_libctx(ctx), alg, - ossl_cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_propq(ctx)); if (fetched_digest != NULL) digest = fetched_digest; @@ -426,7 +424,7 @@ } EVP_MD_free(fetched_digest); return mdbio; - err: +err: EVP_MD_free(fetched_digest); BIO_free(mdbio); return NULL; @@ -435,7 +433,7 @@ /* Locate a message digest content from a BIO chain based on SignerInfo */ int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg) + X509_ALGOR *mdalg) { int nid; const ASN1_OBJECT *mdoid; @@ -462,7 +460,8 @@ } static STACK_OF(CMS_CertificateChoices) -**cms_get0_certificate_choices(CMS_ContentInfo *cms) + ** + cms_get0_certificate_choices(CMS_ContentInfo *cms) { switch (OBJ_obj2nid(cms->contentType)) { @@ -482,7 +481,6 @@ default: ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE); return NULL; - } } @@ -544,7 +542,8 @@ } static STACK_OF(CMS_RevocationInfoChoice) -**cms_get0_revocation_choices(CMS_ContentInfo *cms) + ** + cms_get0_revocation_choices(CMS_ContentInfo *cms) { switch (OBJ_obj2nid(cms->contentType)) { @@ -564,7 +563,6 @@ default: ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE); return NULL; - } } @@ -625,14 +623,13 @@ cch = sk_CMS_CertificateChoices_value(*pcerts, i); if (cch->type == 0) { if (!ossl_x509_add_cert_new(&certs, cch->d.certificate, - X509_ADD_FLAG_UP_REF)) { + X509_ADD_FLAG_UP_REF)) { sk_X509_pop_free(certs, X509_free); return NULL; } } } return certs; - } STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) @@ -694,7 +691,7 @@ M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); *pias = ias; return 1; - err: +err: M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); return 0; --- crypto/openssl/crypto/cms/cms_local.h.orig +++ crypto/openssl/crypto/cms/cms_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,9 @@ */ #ifndef OSSL_CRYPTO_CMS_LOCAL_H -# define OSSL_CRYPTO_CMS_LOCAL_H +#define OSSL_CRYPTO_CMS_LOCAL_H -# include +#include /* * Cryptographic message syntax (CMS) structures: taken from RFC3852 @@ -37,8 +37,7 @@ typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - CMS_KeyAgreeRecipientIdentifier; +typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier; typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; @@ -298,8 +297,8 @@ } d; }; -# define CMS_REVCHOICE_CRL 0 -# define CMS_REVCHOICE_OTHER 1 +#define CMS_REVCHOICE_CRL 0 +#define CMS_REVCHOICE_OTHER 1 struct CMS_OtherRevocationInfoFormat_st { ASN1_OBJECT *otherRevInfoFormat; @@ -317,11 +316,11 @@ } d; }; -# define CMS_CERTCHOICE_CERT 0 -# define CMS_CERTCHOICE_EXCERT 1 -# define CMS_CERTCHOICE_V1ACERT 2 -# define CMS_CERTCHOICE_V2ACERT 3 -# define CMS_CERTCHOICE_OTHER 4 +#define CMS_CERTCHOICE_CERT 0 +#define CMS_CERTCHOICE_EXCERT 1 +#define CMS_CERTCHOICE_V1ACERT 2 +#define CMS_CERTCHOICE_V2ACERT 3 +#define CMS_CERTCHOICE_OTHER 4 struct CMS_OtherCertificateFormat_st { ASN1_OBJECT *otherCertFormat; @@ -376,18 +375,18 @@ DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 -# define CMS_RECIPINFO_ISSUER_SERIAL 0 -# define CMS_RECIPINFO_KEYIDENTIFIER 1 +#define CMS_RECIPINFO_ISSUER_SERIAL 0 +#define CMS_RECIPINFO_KEYIDENTIFIER 1 -# define CMS_REK_ISSUER_SERIAL 0 -# define CMS_REK_KEYIDENTIFIER 1 +#define CMS_REK_ISSUER_SERIAL 0 +#define CMS_REK_KEYIDENTIFIER 1 -# define CMS_OIK_ISSUER_SERIAL 0 -# define CMS_OIK_KEYIDENTIFIER 1 -# define CMS_OIK_PUBKEY 2 +#define CMS_OIK_ISSUER_SERIAL 0 +#define CMS_OIK_KEYIDENTIFIER 1 +#define CMS_OIK_PUBKEY 2 BIO *ossl_cms_content_bio(CMS_ContentInfo *cms); const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms); @@ -398,31 +397,31 @@ CMS_ContentInfo *ossl_cms_Data_create(OSSL_LIB_CTX *ctx, const char *propq); CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md, - OSSL_LIB_CTX *libctx, - const char *propq); + OSSL_LIB_CTX *libctx, + const char *propq); BIO *ossl_cms_DigestedData_init_bio(const CMS_ContentInfo *cms); int ossl_cms_DigestedData_do_final(const CMS_ContentInfo *cms, - BIO *chain, int verify); + BIO *chain, int verify); BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms); int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type, const CMS_CTX *ctx); + int type, const CMS_CTX *ctx); int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid, - OSSL_LIB_CTX *libctx, - const char *propq); + OSSL_LIB_CTX *libctx, + const char *propq); BIO *ossl_cms_CompressedData_init_bio(const CMS_ContentInfo *cms); BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, - const CMS_CTX *ctx); + const CMS_CTX *ctx); int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg); + X509_ALGOR *mdalg); int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); int ossl_cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); @@ -430,12 +429,12 @@ int ossl_cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, - const CMS_CTX *ctx); + const CMS_CTX *ctx); BIO *ossl_cms_EncryptedData_init_bio(const CMS_ContentInfo *cms); int ossl_cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen, - const CMS_CTX *ctx); + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + const CMS_CTX *ctx); int ossl_cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); int ossl_cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); @@ -458,24 +457,23 @@ /* KARI routines */ int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *recipPubKey, X509 *originator, - EVP_PKEY *originatorPrivKey, - unsigned int flags, - const CMS_CTX *ctx); + EVP_PKEY *recipPubKey, X509 *originator, + EVP_PKEY *originatorPrivKey, + unsigned int flags, + const CMS_CTX *ctx); int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri); + CMS_RecipientInfo *ri); /* PWRI routines */ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, int en_de); + CMS_RecipientInfo *ri, int en_de); /* SignerInfo routines */ int ossl_cms_si_check_attributes(const CMS_SignerInfo *si); void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms); - /* ESS routines */ int ossl_cms_check_signing_certs(const CMS_SignerInfo *si, - const STACK_OF(X509) *chain); + const STACK_OF(X509) *chain); int ossl_cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt); int ossl_cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt); --- crypto/openssl/crypto/cms/cms_pwri.c.orig +++ crypto/openssl/crypto/cms/cms_pwri.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,7 +20,7 @@ #include "cms_local.h" int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, - unsigned char *pass, ossl_ssize_t passlen) + unsigned char *pass, ossl_ssize_t passlen) { CMS_PasswordRecipientInfo *pwri; if (ri->type != CMS_RECIPINFO_PASS) { @@ -37,11 +37,11 @@ } CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, - int iter, int wrap_nid, - int pbe_nid, - unsigned char *pass, - ossl_ssize_t passlen, - const EVP_CIPHER *kekciph) + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph) { STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri = NULL; @@ -147,9 +147,8 @@ goto merr; if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), - &pwri->keyEncryptionAlgorithm->parameter-> - value.sequence)) - goto merr; + &pwri->keyEncryptionAlgorithm->parameter->value.sequence)) + goto merr; pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE; X509_ALGOR_free(encalg); @@ -157,7 +156,8 @@ /* Setup PBE algorithm */ - pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1); + pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set_ex(iter, NULL, 0, -1, -1, + cms_ctx->libctx); if (pwri->keyDerivationAlgorithm == NULL) goto err; @@ -170,15 +170,14 @@ return ri; - merr: +merr: ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: +err: EVP_CIPHER_CTX_free(ctx); if (ri) M_ASN1_free_of(ri, CMS_RecipientInfo); X509_ALGOR_free(encalg); return NULL; - } /* @@ -187,8 +186,8 @@ */ static int kek_unwrap_key(unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen, - EVP_CIPHER_CTX *ctx) + const unsigned char *in, size_t inlen, + EVP_CIPHER_CTX *ctx) { size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); unsigned char *tmp; @@ -207,14 +206,14 @@ } /* setup IV by decrypting last two blocks */ if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, - in + inlen - 2 * blocklen, blocklen * 2) + in + inlen - 2 * blocklen, blocklen * 2) /* * Do a decrypt of last decrypted block to set IV to correct value * output it to start of buffer so we don't corrupt decrypted block * this works because buffer is at least two block lengths long. */ || !EVP_DecryptUpdate(ctx, tmp, &outl, - tmp + inlen - blocklen, blocklen) + tmp + inlen - blocklen, blocklen) /* Can now decrypt first n - 1 blocks */ || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen) @@ -235,15 +234,14 @@ *outlen = (size_t)tmp[0]; memcpy(out, tmp + 4, *outlen); rv = 1; - err: +err: OPENSSL_clear_free(tmp, inlen); return rv; - } static int kek_wrap_key(unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen, - EVP_CIPHER_CTX *ctx, const CMS_CTX *cms_ctx) + const unsigned char *in, size_t inlen, + EVP_CIPHER_CTX *ctx, const CMS_CTX *cms_ctx) { size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); size_t olen; @@ -272,7 +270,8 @@ /* Add random padding to end */ if (olen > inlen + 4 && RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen, - olen - 4 - inlen, 0) <= 0) + olen - 4 - inlen, 0) + <= 0) return 0; /* Encrypt twice */ if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) @@ -288,7 +287,7 @@ /* Encrypt/Decrypt content key in PWRI recipient info */ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, int en_de) + CMS_RecipientInfo *ri, int en_de) { CMS_EncryptedContentInfo *ec; CMS_PasswordRecipientInfo *pwri; @@ -317,7 +316,7 @@ } kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), - algtmp->parameter); + algtmp->parameter); if (kekalg == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); @@ -326,7 +325,7 @@ OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0); kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), name, - ossl_cms_ctx_get0_propq(cms_ctx)); + ossl_cms_ctx_get0_propq(cms_ctx)); if (kekcipher == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER); @@ -351,9 +350,10 @@ /* Finish password based key derivation to setup key in "ctx" */ - if (EVP_PBE_CipherInit(algtmp->algorithm, - (char *)pwri->pass, pwri->passlen, - algtmp->parameter, kekctx, en_de) < 0) { + if (!EVP_PBE_CipherInit_ex(algtmp->algorithm, + (char *)pwri->pass, (int)pwri->passlen, + algtmp->parameter, kekctx, en_de, + cms_ctx->libctx, cms_ctx->propq)) { ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); goto err; } @@ -382,8 +382,8 @@ goto err; } if (!kek_unwrap_key(key, &keylen, - pwri->encryptedKey->data, - pwri->encryptedKey->length, kekctx)) { + pwri->encryptedKey->data, + pwri->encryptedKey->length, kekctx)) { ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_FAILURE); goto err; } @@ -391,12 +391,11 @@ OPENSSL_clear_free(ec->key, ec->keylen); ec->key = key; ec->keylen = keylen; - } r = 1; - err: +err: EVP_CIPHER_free(kekcipher); EVP_CIPHER_CTX_free(kekctx); @@ -405,5 +404,4 @@ X509_ALGOR_free(kekalg); return r; - } --- crypto/openssl/crypto/cms/cms_rsa.c.orig +++ crypto/openssl/crypto/cms/cms_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,7 +21,7 @@ RSA_OAEP_PARAMS *oaep; oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), - alg->parameter); + alg->parameter); if (oaep == NULL) return NULL; @@ -42,10 +42,13 @@ X509_ALGOR *cmsalg; int nid; int rv = -1; - unsigned char *label = NULL; + const unsigned char *label = NULL; int labellen = 0; const EVP_MD *mgf1md = NULL, *md = NULL; RSA_OAEP_PARAMS *oaep; + const ASN1_OBJECT *aoid; + const void *parameter = NULL; + int ptype = 0; pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); if (pkctx == NULL) @@ -75,21 +78,19 @@ goto err; if (oaep->pSourceFunc != NULL) { - X509_ALGOR *plab = oaep->pSourceFunc; + X509_ALGOR_get0(&aoid, &ptype, ¶meter, oaep->pSourceFunc); - if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { + if (OBJ_obj2nid(aoid) != NID_pSpecified) { ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE); goto err; } - if (plab->parameter->type != V_ASN1_OCTET_STRING) { + if (ptype != V_ASN1_OCTET_STRING) { ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL); goto err; } - label = plab->parameter->value.octet_string->data; - /* Stop label being freed when OAEP parameters are freed */ - plab->parameter->value.octet_string->data = NULL; - labellen = plab->parameter->value.octet_string->length; + label = ASN1_STRING_get0_data(parameter); + labellen = ASN1_STRING_length(parameter); } if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) @@ -98,15 +99,21 @@ goto err; if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) goto err; - if (label != NULL - && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) { - OPENSSL_free(label); - goto err; + if (label != NULL) { + unsigned char *dup_label = OPENSSL_memdup(label, labellen); + + if (dup_label == NULL) + goto err; + + if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) { + OPENSSL_free(dup_label); + goto err; + } } /* Carry on */ rv = 1; - err: +err: RSA_OAEP_PARAMS_free(oaep); return rv; } @@ -130,7 +137,7 @@ } if (pad_mode == RSA_PKCS1_PADDING) return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), - V_ASN1_NULL, NULL); + V_ASN1_NULL, NULL); /* Not supported */ if (pad_mode != RSA_PKCS1_OAEP_PADDING) @@ -160,7 +167,7 @@ goto err; if (!X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), - V_ASN1_OCTET_STRING, los)) + V_ASN1_OCTET_STRING, los)) goto err; los = NULL; @@ -172,7 +179,7 @@ goto err; os = NULL; rv = 1; - err: +err: RSA_OAEP_PARAMS_free(oaep); ASN1_STRING_free(os); ASN1_OCTET_STRING_free(los); --- crypto/openssl/crypto/cms/cms_sd.c.orig +++ crypto/openssl/crypto/cms/cms_sd.c @@ -42,8 +42,7 @@ return NULL; } cms->d.signedData->version = 1; - cms->d.signedData->encapContentInfo->eContentType = - OBJ_nid2obj(NID_pkcs7_data); + cms->d.signedData->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); cms->d.signedData->encapContentInfo->partial = 1; ASN1_OBJECT_free(cms->contentType); cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); @@ -62,7 +61,6 @@ return 0; } - /* Check structures and fixup version numbers (if necessary) */ static void cms_sd_set_version(CMS_SignedData *sd) @@ -111,7 +109,6 @@ if (sd->version < 1) sd->version = 1; - } /* @@ -132,7 +129,8 @@ /* Add the contentType attribute */ return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, ctype, -1) > 0; + V_ASN1_OBJECT, ctype, -1) + > 0; } /* Copy an existing messageDigest value */ @@ -153,20 +151,19 @@ if (CMS_signed_get_attr_count(sitmp) < 0) continue; if (OBJ_cmp(si->digestAlgorithm->algorithm, - sitmp->digestAlgorithm->algorithm)) + sitmp->digestAlgorithm->algorithm)) continue; messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, - OBJ_nid2obj - (NID_pkcs9_messageDigest), - -3, V_ASN1_OCTET_STRING); + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); if (!messageDigest) { ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); return 0; } if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, - messageDigest, -1)) + V_ASN1_OCTET_STRING, + messageDigest, -1)) return 1; else return 0; @@ -176,7 +173,7 @@ } int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type, const CMS_CTX *ctx) + int type, const CMS_CTX *ctx) { switch (type) { case CMS_SIGNERINFO_ISSUER_SERIAL: @@ -200,9 +197,9 @@ } int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno) + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno) { if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { if (issuer) @@ -254,7 +251,7 @@ /* Add SigningCertificate signed attribute to the signer info. */ static int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, - const ESS_SIGNING_CERT *sc) + const ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; @@ -272,14 +269,14 @@ } OPENSSL_free(pp); ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificate, - V_ASN1_SEQUENCE, seq, -1); + V_ASN1_SEQUENCE, seq, -1); ASN1_STRING_free(seq); return ret; } /* Add SigningCertificateV2 signed attribute to the signer info. */ static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, - const ESS_SIGNING_CERT_V2 *sc) + const ESS_SIGNING_CERT_V2 *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; @@ -297,14 +294,14 @@ } OPENSSL_free(pp); ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2, - V_ASN1_SEQUENCE, seq, -1); + V_ASN1_SEQUENCE, seq, -1); ASN1_STRING_free(seq); return ret; } CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, - X509 *signer, EVP_PKEY *pk, const EVP_MD *md, - unsigned int flags) + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags) { CMS_SignedData *sd; CMS_SignerInfo *si = NULL; @@ -357,13 +354,13 @@ if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) { ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, - "pkey nid=%d", EVP_PKEY_get_id(pk)); + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; } md = EVP_get_digestbynid(def_nid); if (md == NULL) { ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, - "default md nid=%d", def_nid); + "default md nid=%d", def_nid); goto err; } } @@ -405,7 +402,7 @@ if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) { ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM, - "pkey nid=%d", EVP_PKEY_get_id(pk)); + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; } if (!(flags & CMS_NOATTR)) { @@ -435,13 +432,15 @@ if (md == NULL || EVP_MD_is_a(md, SN_sha1)) { if ((sc = OSSL_ESS_signing_cert_new_init(signer, - NULL, 1)) == NULL) + NULL, 1)) + == NULL) goto err; add_sc = ossl_cms_add1_signing_cert(si, sc); ESS_SIGNING_CERT_free(sc); } else { if ((sc2 = OSSL_ESS_signing_cert_v2_new_init(md, signer, - NULL, 1)) == NULL) + NULL, 1)) + == NULL) goto err; add_sc = ossl_cms_add1_signing_cert_v2(si, sc2); ESS_SIGNING_CERT_V2_free(sc2); @@ -454,8 +453,7 @@ goto err; if (!cms_set_si_contentType_attr(cms, si)) goto err; - if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && - !CMS_SignerInfo_sign(si)) + if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && !CMS_SignerInfo_sign(si)) goto err; } } @@ -469,8 +467,8 @@ if (flags & CMS_KEY_PARAM) { if (flags & CMS_NOATTR) { si->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - si->pkey, - ossl_cms_ctx_get0_propq(ctx)); + si->pkey, + ossl_cms_ctx_get0_propq(ctx)); if (si->pctx == NULL) goto err; if (EVP_PKEY_sign_init(si->pctx) <= 0) @@ -478,14 +476,14 @@ if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, - EVP_MD_get0_name(md), - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx), - pk, NULL) <= 0) { + EVP_MD_get0_name(md), + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx), + pk, NULL) + <= 0) { si->pctx = NULL; goto err; - } - else { + } else { EVP_MD_CTX_set_flags(si->mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); } } @@ -497,12 +495,11 @@ return si; - merr: +merr: ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: +err: M_ASN1_free_of(si, CMS_SignerInfo); return NULL; - } void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms) @@ -537,11 +534,12 @@ goto merr; if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, - tt->type, tt, -1) <= 0) + tt->type, tt, -1) + <= 0) goto merr; r = 1; - merr: +merr: if (t == NULL) ASN1_TIME_free(tt); @@ -549,7 +547,6 @@ ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); return r; - } EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) @@ -581,7 +578,7 @@ si = sk_CMS_SignerInfo_value(sinfos, i); if (si->signer != NULL) { if (!ossl_x509_add_cert_new(&signers, si->signer, - X509_ADD_FLAG_DEFAULT)) { + X509_ADD_FLAG_DEFAULT)) { sk_X509_free(signers); return NULL; } @@ -602,8 +599,8 @@ } int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno) + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) { return ossl_cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); } @@ -614,7 +611,7 @@ } int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, - unsigned int flags) + unsigned int flags) { CMS_SignedData *sd; CMS_SignerInfo *si; @@ -661,8 +658,8 @@ } void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, - X509 **signer, X509_ALGOR **pdig, - X509_ALGOR **psig) + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig) { if (pk != NULL) *pk = si->pkey; @@ -680,7 +677,7 @@ } static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, - CMS_SignerInfo *si, BIO *chain) + CMS_SignerInfo *si, BIO *chain) { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); int r = 0; @@ -714,7 +711,7 @@ if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, md, mdlen)) + V_ASN1_OCTET_STRING, md, mdlen)) goto err; /* Copy content type across */ if (!cms_set_si_contentType_attr(cms, si)) @@ -753,8 +750,8 @@ goto err; } if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx))) { + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx))) { ERR_raise(ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR); OPENSSL_free(sig); goto err; @@ -764,11 +761,10 @@ r = 1; - err: +err: EVP_MD_CTX_free(mctx); EVP_PKEY_CTX_free(pctx); return r; - } int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) @@ -798,7 +794,8 @@ char md_name[OSSL_MAX_NAME_SIZE]; if (OBJ_obj2txt(md_name, sizeof(md_name), - si->digestAlgorithm->algorithm, 0) <= 0) + si->digestAlgorithm->algorithm, 0) + <= 0) return 0; if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { @@ -814,16 +811,17 @@ else { EVP_MD_CTX_reset(mctx); if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx), si->pkey, - NULL) <= 0) + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx), si->pkey, + NULL) + <= 0) goto err; EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); si->pctx = pctx; } alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, - ASN1_ITEM_rptr(CMS_Attributes_Sign)); + ASN1_ITEM_rptr(CMS_Attributes_Sign)); if (!abuf) goto err; if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) @@ -843,7 +841,7 @@ return 1; - err: +err: OPENSSL_free(abuf); EVP_MD_CTX_reset(mctx); return 0; @@ -895,7 +893,8 @@ si->pctx = NULL; } if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx, - propq, si->pkey, NULL) <= 0) { + propq, si->pkey, NULL) + <= 0) { si->pctx = NULL; goto err; } @@ -905,7 +904,7 @@ goto err; alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, - ASN1_ITEM_rptr(CMS_Attributes_Verify)); + ASN1_ITEM_rptr(CMS_Attributes_Verify)); if (abuf == NULL || alen < 0) goto err; r = EVP_DigestVerifyUpdate(mctx, abuf, alen); @@ -915,10 +914,10 @@ goto err; } r = EVP_DigestVerifyFinal(mctx, - si->signature->data, si->signature->length); + si->signature->data, si->signature->length); if (r <= 0) ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); - err: +err: EVP_MD_free(fetched_md); EVP_MD_CTX_reset(mctx); return r; @@ -943,7 +942,7 @@ digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); mdbio = ossl_cms_DigestAlgorithm_init_bio(digestAlgorithm, - ossl_cms_get0_cmsctx(cms)); + ossl_cms_get0_cmsctx(cms)); if (mdbio == NULL) goto err; if (chain != NULL) @@ -952,7 +951,7 @@ chain = mdbio; } return chain; - err: +err: BIO_free_all(chain); return NULL; } @@ -973,8 +972,8 @@ /* If we have any signed attributes look for messageDigest value */ if (CMS_signed_get_attr_count(si) >= 0) { os = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_pkcs9_messageDigest), - -3, V_ASN1_OCTET_STRING); + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); if (os == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); goto err; @@ -1007,8 +1006,8 @@ const CMS_CTX *ctx = si->cms_ctx; pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - si->pkey, - ossl_cms_ctx_get0_propq(ctx)); + si->pkey, + ossl_cms_ctx_get0_propq(ctx)); if (pkctx == NULL) goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) @@ -1022,18 +1021,17 @@ } si->pctx = NULL; r = EVP_PKEY_verify(pkctx, si->signature->data, - si->signature->length, mval, mlen); + si->signature->length, mval, mlen); if (r <= 0) { ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); r = 0; } } - err: +err: EVP_PKEY_CTX_free(pkctx); EVP_MD_CTX_free(mctx); return r; - } int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) @@ -1045,13 +1043,13 @@ if (smderlen <= 0) return 0; r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, smder, smderlen); + V_ASN1_SEQUENCE, smder, smderlen); OPENSSL_free(smder); return r; } int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, - int algnid, int keysize) + int algnid, int keysize) { X509_ALGOR *alg = NULL; ASN1_INTEGER *key = NULL; @@ -1066,7 +1064,7 @@ goto err; if (!X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), - key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key)) + key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key)) goto err; key = NULL; if (*algs == NULL) @@ -1075,7 +1073,7 @@ goto err; return 1; - err: +err: ASN1_INTEGER_free(key); X509_ALGOR_free(alg); return 0; --- crypto/openssl/crypto/cms/cms_smime.c.orig +++ crypto/openssl/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -68,11 +68,10 @@ } r = 1; - err: +err: if (tmpout != out) BIO_free(tmpout); return r; - } static int check_content(CMS_ContentInfo *cms) @@ -119,7 +118,7 @@ } CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { CMS_ContentInfo *cms = ossl_cms_Data_create(libctx, propq); @@ -139,7 +138,7 @@ } int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) + unsigned int flags) { BIO *cont; int r; @@ -164,8 +163,8 @@ } CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, - unsigned int flags, OSSL_LIB_CTX *ctx, - const char *propq) + unsigned int flags, OSSL_LIB_CTX *ctx, + const char *propq) { CMS_ContentInfo *cms; @@ -190,14 +189,14 @@ } CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, - unsigned int flags) + unsigned int flags) { return CMS_digest_create_ex(in, md, flags, NULL, NULL); } int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, - const unsigned char *key, size_t keylen, - BIO *dcont, BIO *out, unsigned int flags) + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags) { BIO *cont; int r; @@ -221,10 +220,10 @@ } CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags, - OSSL_LIB_CTX *libctx, - const char *propq) + const unsigned char *key, + size_t keylen, unsigned int flags, + OSSL_LIB_CTX *libctx, + const char *propq) { CMS_ContentInfo *cms; @@ -245,32 +244,32 @@ || CMS_final(cms, in, NULL, flags)) return cms; - err: +err: CMS_ContentInfo_free(cms); return NULL; } CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags) + const unsigned char *key, + size_t keylen, unsigned int flags) { return CMS_EncryptedData_encrypt_ex(in, cipher, key, keylen, flags, NULL, - NULL); + NULL); } static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, - X509_STORE *store, - STACK_OF(X509) *certs, - STACK_OF(X509_CRL) *crls, - STACK_OF(X509) **chain, - const CMS_CTX *cms_ctx) + X509_STORE *store, + STACK_OF(X509) *certs, + STACK_OF(X509_CRL) *crls, + STACK_OF(X509) **chain, + const CMS_CTX *cms_ctx) { X509_STORE_CTX *ctx; X509 *signer; int i, j, r = 0; ctx = X509_STORE_CTX_new_ex(ossl_cms_ctx_get0_libctx(cms_ctx), - ossl_cms_ctx_get0_propq(cms_ctx)); + ossl_cms_ctx_get0_propq(cms_ctx)); if (ctx == NULL) { ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); goto err; @@ -288,7 +287,7 @@ if (i <= 0) { j = X509_STORE_CTX_get_error(ctx); ERR_raise_data(ERR_LIB_CMS, CMS_R_CERTIFICATE_VERIFY_ERROR, - "Verify error: %s", X509_verify_cert_error_string(j)); + "Verify error: %s", X509_verify_cert_error_string(j)); goto err; } r = 1; @@ -296,14 +295,13 @@ /* also send back the trust chain when required */ if (chain != NULL) *chain = X509_STORE_CTX_get1_chain(ctx); - err: +err: X509_STORE_CTX_free(ctx); return r; - } int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) { CMS_SignerInfo *si; STACK_OF(CMS_SignerInfo) *sinfos; @@ -368,8 +366,8 @@ si = sk_CMS_SignerInfo_value(sinfos, i); if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls, - si_chains ? &si_chains[i] : NULL, - ctx)) + si_chains ? &si_chains[i] : NULL, + ctx)) goto err; } } @@ -449,7 +447,6 @@ if (!cms_copy_content(out, cmsbio, flags)) goto err; - } if (!(flags & CMS_NO_CONTENT_VERIFY)) { for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { @@ -462,7 +459,7 @@ } ret = 1; - err: +err: if (!(flags & SMIME_BINARY) && dcont) { do_free_upto(cmsbio, tmpout); if (tmpin != dcont) @@ -470,14 +467,16 @@ } else { if (dcont && (tmpin == dcont)) do_free_upto(cmsbio, dcont); - else + else if (cmsbio != NULL) BIO_free_all(cmsbio); + else + BIO_free(tmpin); } if (out != tmpout) BIO_free_all(tmpout); - err2: +err2: if (si_chains != NULL) { for (i = 0; i < scount; ++i) sk_X509_pop_free(si_chains[i], X509_free); @@ -490,8 +489,8 @@ } int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, - STACK_OF(X509) *certs, - X509_STORE *store, unsigned int flags) + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags) { int r; @@ -503,9 +502,9 @@ } CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, BIO *data, - unsigned int flags, OSSL_LIB_CTX *libctx, - const char *propq) + STACK_OF(X509) *certs, BIO *data, + unsigned int flags, OSSL_LIB_CTX *libctx, + const char *propq) { CMS_ContentInfo *cms; int i; @@ -515,7 +514,7 @@ goto merr; if (flags & CMS_ASCIICRLF && !CMS_set1_eContentType(cms, - OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF))) + OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF))) goto err; if (pkey != NULL && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) { @@ -539,23 +538,23 @@ else goto err; - merr: +merr: ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: +err: CMS_ContentInfo_free(cms); return NULL; } CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, unsigned int flags) + BIO *data, unsigned int flags) { return CMS_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL); } CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, - X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, unsigned int flags) + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags) { CMS_SignerInfo *rct_si; CMS_ContentInfo *cms = NULL; @@ -575,8 +574,8 @@ /* Initialize signed data */ cms = CMS_sign_ex(NULL, NULL, certs, NULL, flags, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); if (cms == NULL) goto err; @@ -616,28 +615,26 @@ r = 1; - err: +err: BIO_free(rct_cont); if (r) return cms; CMS_ContentInfo_free(cms); ASN1_OCTET_STRING_free(os); return NULL; - } CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *data, - const EVP_CIPHER *cipher, unsigned int flags, - OSSL_LIB_CTX *libctx, const char *propq) + const EVP_CIPHER *cipher, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq) { CMS_ContentInfo *cms; int i; X509 *recip; - cms = (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) - ? CMS_AuthEnvelopedData_create_ex(cipher, libctx, propq) - : CMS_EnvelopedData_create_ex(cipher, libctx, propq); + ? CMS_AuthEnvelopedData_create_ex(cipher, libctx, propq) + : CMS_EnvelopedData_create_ex(cipher, libctx, propq); if (cms == NULL) goto merr; for (i = 0; i < sk_X509_num(certs); i++) { @@ -657,22 +654,22 @@ else goto err; - merr: +merr: ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: +err: CMS_ContentInfo_free(cms); return NULL; } CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, - const EVP_CIPHER *cipher, unsigned int flags) + const EVP_CIPHER *cipher, unsigned int flags) { return CMS_encrypt_ex(certs, data, cipher, flags, NULL, NULL); } static int cms_kari_set1_pkey_and_peer(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, - EVP_PKEY *pk, X509 *cert, X509 *peer) + CMS_RecipientInfo *ri, + EVP_PKEY *pk, X509 *cert, X509 *peer) { int i; STACK_OF(CMS_RecipientEncryptedKey) *reks; @@ -697,11 +694,11 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) { - return CMS_decrypt_set1_pkey_and_peer(cms, pk, cert, NULL); + return CMS_decrypt_set1_pkey_and_peer(cms, pk, cert, NULL); } int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, - X509 *cert, X509 *peer) + X509 *cert, X509 *peer) { STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); CMS_RecipientInfo *ri; @@ -721,8 +718,8 @@ cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk); if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - return 0; + ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + return 0; } for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { @@ -781,12 +778,11 @@ if (!match_ri) ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); return 0; - } int CMS_decrypt_set1_key(CMS_ContentInfo *cms, - unsigned char *key, size_t keylen, - const unsigned char *id, size_t idlen) + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen) { STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri; @@ -800,7 +796,7 @@ /* If we have an id, try matching RecipientInfo, else try them all */ if (id == NULL - || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) { + || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) { match_ri = 1; CMS_RecipientInfo_set0_key(ri, key, keylen); r = CMS_RecipientInfo_decrypt(cms, ri); @@ -818,11 +814,10 @@ if (!match_ri) ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); return 0; - } int CMS_decrypt_set1_password(CMS_ContentInfo *cms, - unsigned char *pass, ossl_ssize_t passlen) + unsigned char *pass, ossl_ssize_t passlen) { STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); CMS_RecipientInfo *ri; @@ -853,11 +848,10 @@ if (!match_ri) ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); return 0; - } int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, - BIO *dcont, BIO *out, unsigned int flags) + BIO *dcont, BIO *out, unsigned int flags) { int r; BIO *cont; @@ -865,7 +859,7 @@ int nid = OBJ_obj2nid(CMS_get0_type(cms)); if (nid != NID_pkcs7_enveloped - && nid != NID_id_smime_ct_authEnvelopedData) { + && nid != NID_id_smime_ct_authEnvelopedData) { ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_ENVELOPED_DATA); return 0; } @@ -913,13 +907,12 @@ do_free_upto(cmsbio, dcont); return ret; - } #ifdef ZLIB int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) + unsigned int flags) { BIO *cont; int r; @@ -963,7 +956,7 @@ #else int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) + unsigned int flags) { ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); return 0; --- crypto/openssl/crypto/comp/c_zlib.c.orig +++ crypto/openssl/crypto/comp/c_zlib.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,19 +30,19 @@ }; #ifndef ZLIB -# undef ZLIB_SHARED +#undef ZLIB_SHARED #else -# include +#include static int zlib_stateful_init(COMP_CTX *ctx); static void zlib_stateful_finish(COMP_CTX *ctx); static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); + unsigned int olen, unsigned char *in, + unsigned int ilen); static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); + unsigned int olen, unsigned char *in, + unsigned int ilen); /* memory allocations functions for zlib initialisation */ static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size) @@ -58,7 +58,6 @@ OPENSSL_free(address); } - static COMP_METHOD zlib_stateful_method = { NID_zlib_compression, LN_zlib_compression, @@ -74,26 +73,26 @@ * work. Therefore, all ZLIB routines are loaded at run time * and we do not link to a .LIB file when ZLIB_SHARED is set. */ -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -# include -# endif /* !(OPENSSL_SYS_WINDOWS || - * OPENSSL_SYS_WIN32) */ +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +#include +#endif /* !(OPENSSL_SYS_WINDOWS || \ + * OPENSSL_SYS_WIN32) */ -# ifdef ZLIB_SHARED -# include "internal/dso.h" +#ifdef ZLIB_SHARED +#include "internal/dso.h" /* Function pointers */ -typedef int (*compress_ft) (Bytef *dest, uLongf * destLen, - const Bytef *source, uLong sourceLen); -typedef int (*inflateEnd_ft) (z_streamp strm); -typedef int (*inflate_ft) (z_streamp strm, int flush); -typedef int (*inflateInit__ft) (z_streamp strm, - const char *version, int stream_size); -typedef int (*deflateEnd_ft) (z_streamp strm); -typedef int (*deflate_ft) (z_streamp strm, int flush); -typedef int (*deflateInit__ft) (z_streamp strm, int level, - const char *version, int stream_size); -typedef const char *(*zError__ft) (int err); +typedef int (*compress_ft)(Bytef *dest, uLongf *destLen, + const Bytef *source, uLong sourceLen); +typedef int (*inflateEnd_ft)(z_streamp strm); +typedef int (*inflate_ft)(z_streamp strm, int flush); +typedef int (*inflateInit__ft)(z_streamp strm, + const char *version, int stream_size); +typedef int (*deflateEnd_ft)(z_streamp strm); +typedef int (*deflate_ft)(z_streamp strm, int flush); +typedef int (*deflateInit__ft)(z_streamp strm, int level, + const char *version, int stream_size); +typedef const char *(*zError__ft)(int err); static compress_ft p_compress = NULL; static inflateEnd_ft p_inflateEnd = NULL; static inflate_ft p_inflate = NULL; @@ -105,15 +104,15 @@ static DSO *zlib_dso = NULL; -# define compress p_compress -# define inflateEnd p_inflateEnd -# define inflate p_inflate -# define inflateInit_ p_inflateInit_ -# define deflateEnd p_deflateEnd -# define deflate p_deflate -# define deflateInit_ p_deflateInit_ -# define zError p_zError -# endif /* ZLIB_SHARED */ +#define compress p_compress +#define inflateEnd p_inflateEnd +#define inflate p_inflate +#define inflateInit_ p_inflateInit_ +#define deflateEnd p_deflateEnd +#define deflate p_deflate +#define deflateInit_ p_deflateInit_ +#define zError p_zError +#endif /* ZLIB_SHARED */ struct zlib_state { z_stream istream; @@ -143,13 +142,13 @@ state->ostream.next_in = Z_NULL; state->ostream.next_out = Z_NULL; err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION, - ZLIB_VERSION, sizeof(z_stream)); + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) goto err; ctx->data = state; return 1; - err: +err: OPENSSL_free(state); return 0; } @@ -163,8 +162,8 @@ } static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen) + unsigned int olen, unsigned char *in, + unsigned int ilen) { int err = Z_OK; struct zlib_state *state = ctx->data; @@ -184,8 +183,8 @@ } static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen) + unsigned int olen, unsigned char *in, + unsigned int ilen) { int err = Z_OK; struct zlib_state *state = ctx->data; @@ -207,38 +206,38 @@ static CRYPTO_ONCE zlib_once = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_comp_zlib_init) { -# ifdef ZLIB_SHARED +#ifdef ZLIB_SHARED /* LIBZ may be externally defined, and we should respect that value */ -# ifndef LIBZ -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -# define LIBZ "ZLIB1" -# elif defined(OPENSSL_SYS_VMS) -# define LIBZ "LIBZ" -# else -# define LIBZ "z" -# endif -# endif +#ifndef LIBZ +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +#define LIBZ "ZLIB1" +#elif defined(OPENSSL_SYS_VMS) +#define LIBZ "LIBZ" +#else +#define LIBZ "z" +#endif +#endif zlib_dso = DSO_load(NULL, LIBZ, NULL, 0); if (zlib_dso != NULL) { - p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress"); - p_inflateEnd = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd"); - p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate"); - p_inflateInit_ = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_"); - p_deflateEnd = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd"); - p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate"); - p_deflateInit_ = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_"); - p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError"); - - if (p_compress == NULL || p_inflateEnd == NULL - || p_inflate == NULL || p_inflateInit_ == NULL - || p_deflateEnd == NULL || p_deflate == NULL - || p_deflateInit_ == NULL || p_zError == NULL) { - ossl_comp_zlib_cleanup(); - return 0; - } + p_compress = (compress_ft)DSO_bind_func(zlib_dso, "compress"); + p_inflateEnd = (inflateEnd_ft)DSO_bind_func(zlib_dso, "inflateEnd"); + p_inflate = (inflate_ft)DSO_bind_func(zlib_dso, "inflate"); + p_inflateInit_ = (inflateInit__ft)DSO_bind_func(zlib_dso, "inflateInit_"); + p_deflateEnd = (deflateEnd_ft)DSO_bind_func(zlib_dso, "deflateEnd"); + p_deflate = (deflate_ft)DSO_bind_func(zlib_dso, "deflate"); + p_deflateInit_ = (deflateInit__ft)DSO_bind_func(zlib_dso, "deflateInit_"); + p_zError = (zError__ft)DSO_bind_func(zlib_dso, "zError"); } -# endif + + if (p_compress == NULL || p_inflateEnd == NULL + || p_inflate == NULL || p_inflateInit_ == NULL + || p_deflateEnd == NULL || p_deflate == NULL + || p_deflateInit_ == NULL || p_zError == NULL) { + ossl_comp_zlib_cleanup(); + return 0; + } +#endif return 1; } #endif @@ -269,19 +268,19 @@ /* Zlib based compression/decompression filter BIO */ typedef struct { - unsigned char *ibuf; /* Input buffer */ - int ibufsize; /* Buffer size */ - z_stream zin; /* Input decompress context */ - unsigned char *obuf; /* Output buffer */ - int obufsize; /* Output buffer size */ - unsigned char *optr; /* Position in output buffer */ - int ocount; /* Amount of data in output buffer */ - int odone; /* deflate EOF */ - int comp_level; /* Compression level to use */ - z_stream zout; /* Output compression context */ + unsigned char *ibuf; /* Input buffer */ + int ibufsize; /* Buffer size */ + z_stream zin; /* Input decompress context */ + unsigned char *obuf; /* Output buffer */ + int obufsize; /* Output buffer size */ + unsigned char *optr; /* Position in output buffer */ + int ocount; /* Amount of data in output buffer */ + int odone; /* deflate EOF */ + int comp_level; /* Compression level to use */ + z_stream zout; /* Output compression context */ } BIO_ZLIB_CTX; -# define ZLIB_DEFAULT_BUFSIZE 1024 +#define ZLIB_DEFAULT_BUFSIZE 1024 static int bio_zlib_new(BIO *bi); static int bio_zlib_free(BIO *bi); @@ -297,8 +296,8 @@ bio_zlib_write, bread_conv, bio_zlib_read, - NULL, /* bio_zlib_puts, */ - NULL, /* bio_zlib_gets, */ + NULL, /* bio_zlib_puts, */ + NULL, /* bio_zlib_gets, */ bio_zlib_ctrl, bio_zlib_new, bio_zlib_free, @@ -314,12 +313,12 @@ { BIO_ZLIB_CTX *ctx; -# ifdef ZLIB_SHARED +#ifdef ZLIB_SHARED if (!RUN_ONCE(&zlib_once, ossl_comp_zlib_init)) { ERR_raise(ERR_LIB_COMP, COMP_R_ZLIB_NOT_SUPPORTED); return 0; } -# endif +#endif ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); @@ -382,7 +381,7 @@ } if ((ret = inflateInit(zin)) != Z_OK) { ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR, - "zlib error: %s", zError(ret)); + "zlib error: %s", zError(ret)); return 0; } zin->next_in = ctx->ibuf; @@ -398,7 +397,7 @@ ret = inflate(zin, 0); if ((ret != Z_OK) && (ret != Z_STREAM_END)) { ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR, - "zlib error: %s", zError(ret)); + "zlib error: %s", zError(ret)); return 0; } /* If EOF or we've read everything then return */ @@ -449,7 +448,7 @@ ctx->ocount = 0; if ((ret = deflateInit(zout, ctx->comp_level)) != Z_OK) { ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR, - "zlib error: %s", zError(ret)); + "zlib error: %s", zError(ret)); return 0; } zout->next_out = ctx->obuf; @@ -488,7 +487,7 @@ ret = deflate(zout, 0); if (ret != Z_OK) { ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR, - "zlib error: %s", zError(ret)); + "zlib error: %s", zError(ret)); return 0; } ctx->ocount = ctx->obufsize - zout->avail_out; @@ -537,7 +536,7 @@ ctx->odone = 1; else if (ret != Z_OK) { ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR, - "zlib error: %s", zError(ret)); + "zlib error: %s", zError(ret)); return 0; } ctx->ocount = ctx->obufsize - zout->avail_out; @@ -627,7 +626,6 @@ default: ret = BIO_ctrl(next, cmd, num, ptr); break; - } return ret; --- crypto/openssl/crypto/comp/comp_err.c.orig +++ crypto/openssl/crypto/comp/comp_err.c @@ -14,26 +14,26 @@ #ifndef OPENSSL_NO_COMP -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA COMP_str_reasons[] = { - {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR), - "zlib deflate error"}, - {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_INFLATE_ERROR), - "zlib inflate error"}, - {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED), - "zlib not supported"}, - {0, NULL} + { ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR), + "zlib deflate error" }, + { ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_INFLATE_ERROR), + "zlib inflate error" }, + { ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED), + "zlib not supported" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_COMP_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(COMP_str_reasons[0].error) == NULL) ERR_load_strings_const(COMP_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/comp/comp_lib.c.orig +++ crypto/openssl/crypto/comp/comp_lib.c @@ -57,7 +57,7 @@ } int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen) + unsigned char *in, int ilen) { int ret; if (ctx->meth->compress == NULL) { @@ -72,7 +72,7 @@ } int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen) + unsigned char *in, int ilen) { int ret; @@ -87,7 +87,7 @@ return ret; } -int COMP_CTX_get_type(const COMP_CTX* comp) +int COMP_CTX_get_type(const COMP_CTX *comp) { return comp->meth ? comp->meth->type : NID_undef; } --- crypto/openssl/crypto/comp/comp_local.h.orig +++ crypto/openssl/crypto/comp/comp_local.h @@ -8,16 +8,16 @@ */ struct comp_method_st { - int type; /* NID for compression library */ - const char *name; /* A text string to identify the library */ - int (*init) (COMP_CTX *ctx); - void (*finish) (COMP_CTX *ctx); - int (*compress) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - int (*expand) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); + int type; /* NID for compression library */ + const char *name; /* A text string to identify the library */ + int (*init)(COMP_CTX *ctx); + void (*finish)(COMP_CTX *ctx); + int (*compress)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); }; struct comp_ctx_st { @@ -26,5 +26,5 @@ unsigned long compress_out; unsigned long expand_in; unsigned long expand_out; - void* data; + void *data; }; --- crypto/openssl/crypto/conf/conf_api.c.orig +++ crypto/openssl/crypto/conf/conf_api.c @@ -32,7 +32,7 @@ } STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, - const char *section) + const char *section) { CONF_VALUE *v; @@ -64,7 +64,7 @@ } char *_CONF_get_string(const CONF *conf, const char *section, - const char *name) + const char *name) { CONF_VALUE *v, vv; char *p; @@ -205,7 +205,7 @@ goto err; return v; - err: +err: sk_CONF_VALUE_free(sk); if (v != NULL) OPENSSL_free(v->section); --- crypto/openssl/crypto/conf/conf_def.c.orig +++ crypto/openssl/crypto/conf/conf_def.c @@ -13,8 +13,8 @@ #include #include "e_os.h" /* struct stat */ #ifdef __TANDEM -# include /* needed for stat.h */ -# include /* struct stat */ +#include /* needed for stat.h */ +#include /* struct stat */ #endif #include "internal/cryptlib.h" #include "internal/o_dir.h" @@ -26,21 +26,21 @@ #include #include #ifndef OPENSSL_NO_POSIX_IO -# include -# ifdef _WIN32 -# define stat _stat -# endif +#include +#ifdef _WIN32 +#define stat _stat +#endif #endif #ifndef S_ISDIR -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) #endif /* * The maximum length we can grow a value to after variable expansion. 64k * should be more than enough for all reasonable uses. */ -#define MAX_CONF_VALUE_LENGTH 65536 +#define MAX_CONF_VALUE_LENGTH 65536 static int is_keytype(const CONF *conf, char c, unsigned short type); static char *eat_ws(CONF *conf, char *p); @@ -50,10 +50,10 @@ static int str_copy(CONF *conf, char *section, char **to, char *from); static char *scan_quote(CONF *conf, char *p); static char *scan_dquote(CONF *conf, char *p); -#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) +#define scan_esc(conf, p) (((IS_EOF((conf), (p)[1])) ? ((p) + 1) : ((p) + 2))) #ifndef OPENSSL_NO_POSIX_IO static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, - char **dirpath); + char **dirpath); static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx); #endif @@ -188,15 +188,14 @@ return ret; } - /* Parse a boolean value and fill in *flag. Return 0 on error. */ static int parsebool(const char *pval, int *flag) { if (OPENSSL_strcasecmp(pval, "on") == 0 - || OPENSSL_strcasecmp(pval, "true") == 0) { + || OPENSSL_strcasecmp(pval, "true") == 0) { *flag = 1; } else if (OPENSSL_strcasecmp(pval, "off") == 0 - || OPENSSL_strcasecmp(pval, "false") == 0) { + || OPENSSL_strcasecmp(pval, "false") == 0) { *flag = 0; } else { ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); @@ -208,7 +207,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) { /* The macro BUFSIZE conflicts with a system macro in VxWorks */ -#define CONFBUFSIZE 512 +#define CONFBUFSIZE 512 int bufnum = 0, i, ii; BUF_MEM *buff = NULL; char *s, *p, *end; @@ -261,7 +260,7 @@ } p = &(buff->data[bufnum]); *p = '\0'; - read_retry: + read_retry: if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0) goto err; p[CONFBUFSIZE - 1] = '\0'; @@ -269,7 +268,7 @@ if (first_call) { /* Other BOMs imply unsupported multibyte encoding, * so don't strip them and let the error raise */ - const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + const unsigned char utf8_bom[3] = { 0xEF, 0xBB, 0xBF }; if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) { memmove(p, p + 3, i - 3); @@ -319,10 +318,10 @@ * we removed some trailing stuff so there is a new line on the end. */ if (ii && i == ii) - again = 1; /* long line */ + again = 1; /* long line */ else { p[i] = '\0'; - eline++; /* another input line */ + eline++; /* another input line */ } /* we now have a line with trailing \r\n removed */ @@ -351,14 +350,14 @@ clear_comments(conf, buf); s = eat_ws(conf, buf); if (IS_EOF(conf, *s)) - continue; /* blank line */ + continue; /* blank line */ if (*s == '[') { char *ss; s++; start = eat_ws(conf, s); ss = start; - again: + again: end = eat_alpha_numeric(conf, ss); p = eat_ws(conf, end); if (*p != ']') { @@ -490,7 +489,7 @@ } if (conf->flag_abspath - && !ossl_is_absolute_path(include_path)) { + && !ossl_is_absolute_path(include_path)) { ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH); OPENSSL_free(include_path); goto err; @@ -528,7 +527,7 @@ continue; } else if (*p != '=') { ERR_raise_data(ERR_LIB_CONF, CONF_R_MISSING_EQUAL_SIGN, - "HERE-->%s", p); + "HERE-->%s", p); goto err; } *end = '\0'; @@ -555,7 +554,7 @@ tv = _CONF_new_section(conf, psection); if (tv == NULL) { ERR_raise(ERR_LIB_CONF, - CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } } else @@ -576,7 +575,7 @@ sk_BIO_free(biosk); return 1; - err: +err: BUF_MEM_free(buff); OPENSSL_free(section); /* @@ -707,9 +706,9 @@ } else if (IS_EOF(conf, *from)) break; else if (*from == '$' - && (!conf->flag_dollarid - || from[1] == '{' - || from[1] == '(')) { + && (!conf->flag_dollarid + || from[1] == '{' + || from[1] == '(')) { size_t newsize; /* try to expand it */ @@ -727,7 +726,7 @@ cp = section; e = np = s; while (IS_ALNUM(conf, *e) - || (conf->flag_dollarid && IS_DOLLAR(conf, *e))) + || (conf->flag_dollarid && IS_DOLLAR(conf, *e))) e++; if ((e[0] == ':') && (e[1] == ':')) { cp = np; @@ -737,7 +736,7 @@ e += 2; np = e; while (IS_ALNUM(conf, *e) - || (conf->flag_dollarid && IS_DOLLAR(conf, *e))) + || (conf->flag_dollarid && IS_DOLLAR(conf, *e))) e++; } r = *e; @@ -801,7 +800,7 @@ *pto = buf->data; OPENSSL_free(buf); return 1; - err: +err: BUF_MEM_free(buf); return 0; } @@ -813,7 +812,7 @@ * also an opened directory context and the include path. */ static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, - char **dirpath) + char **dirpath) { struct stat st; BIO *next; @@ -827,7 +826,7 @@ if (S_ISDIR(st.st_mode)) { if (*dirctx != NULL) { ERR_raise_data(ERR_LIB_CONF, CONF_R_RECURSIVE_DIRECTORY_INCLUDE, - "%s", include); + "%s", include); return NULL; } /* a directory, load its contents */ @@ -855,11 +854,10 @@ namelen = strlen(filename); - if ((namelen > 5 - && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0) - || (namelen > 4 - && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) { + && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0) + || (namelen > 4 + && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) { size_t newlen; char *newpath; BIO *bio; @@ -903,16 +901,16 @@ static int is_keytype(const CONF *conf, char c, unsigned short type) { - const unsigned short * keytypes = (const unsigned short *) conf->meth_data; + const unsigned short *keytypes = (const unsigned short *)conf->meth_data; unsigned char key = (unsigned char)c; #ifdef CHARSET_EBCDIC -# if CHAR_BIT > 8 +#if CHAR_BIT > 8 if (key > 255) { /* key is out of range for os_toascii table */ return 0; } -# endif +#endif /* convert key from ebcdic to ascii */ key = os_toascii[key]; #endif @@ -953,7 +951,7 @@ continue; } if (!(IS_ALNUM_PUNCT(conf, *p) - || (conf->flag_dollarid && IS_DOLLAR(conf, *p)))) + || (conf->flag_dollarid && IS_DOLLAR(conf, *p)))) return p; p++; } --- crypto/openssl/crypto/conf/conf_err.c.orig +++ crypto/openssl/crypto/conf/conf_err.c @@ -15,51 +15,51 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA CONF_str_reasons[] = { - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_INVALID_PRAGMA), "invalid pragma"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL), - "list cannot be null"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION), - "mandatory braces in variable expansion"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET), - "missing close square bracket"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN), - "missing equal sign"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_INIT_FUNCTION), - "missing init function"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MODULE_INITIALIZATION_ERROR), - "module initialization error"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "no close brace"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF), "no conf"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), - "no conf or environment variable"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION), - "openssl conf references missing section"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE), - "recursive directory include"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_SECTION_REFERENCE), - "recursive section reference"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY), - "ssl command section empty"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND), - "ssl command section not found"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND), - "ssl section not found"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION), - "unable to create new section"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME), - "unknown module name"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_EXPANSION_TOO_LONG), - "variable expansion too long"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE), - "variable has no value"}, - {0, NULL} + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_INVALID_PRAGMA), "invalid pragma" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL), + "list cannot be null" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION), + "mandatory braces in variable expansion" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET), + "missing close square bracket" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN), + "missing equal sign" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_INIT_FUNCTION), + "missing init function" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MODULE_INITIALIZATION_ERROR), + "module initialization error" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "no close brace" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF), "no conf" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), + "no conf or environment variable" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION), + "openssl conf references missing section" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE), + "recursive directory include" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_SECTION_REFERENCE), + "recursive section reference" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY), + "ssl command section empty" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND), + "ssl command section not found" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND), + "ssl section not found" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION), + "unable to create new section" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME), + "unknown module name" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_EXPANSION_TOO_LONG), + "variable expansion too long" }, + { ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE), + "variable has no value" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/conf/conf_lib.c.orig +++ crypto/openssl/crypto/conf/conf_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,7 @@ } LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - long *eline) + long *eline) { LHASH_OF(CONF_VALUE) *ltmp; BIO *in = NULL; @@ -67,7 +67,7 @@ #ifndef OPENSSL_NO_STDIO LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, - long *eline) + long *eline) { BIO *btmp; LHASH_OF(CONF_VALUE) *ltmp; @@ -82,7 +82,7 @@ #endif LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, - long *eline) + long *eline) { CONF ctmp; int ret; @@ -96,7 +96,7 @@ } STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, - const char *section) + const char *section) { if (conf == NULL) { return NULL; @@ -109,7 +109,7 @@ } char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name) + const char *name) { if (conf == NULL) { return NCONF_get_string(NULL, group, name); @@ -122,7 +122,7 @@ } long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name) + const char *name) { int status; long result = 0; @@ -313,7 +313,7 @@ return NULL; } ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE, - "group=%s name=%s", group, name); + "group=%s name=%s", group != NULL ? group : "", name); return NULL; } @@ -328,7 +328,7 @@ } int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, - long *result) + long *result) { char *str; long res; @@ -366,7 +366,7 @@ } long _CONF_get_number(const CONF *conf, const char *section, - const char *name) + const char *name) { int status; long result = 0; @@ -419,10 +419,9 @@ return ret; } - #ifndef OPENSSL_NO_STDIO int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, - const char *filename) + const char *filename) { char *newfilename = NULL; @@ -439,13 +438,13 @@ } void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, - unsigned long flags) + unsigned long flags) { settings->flags = flags; } int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, - const char *appname) + const char *appname) { char *newappname = NULL; --- crypto/openssl/crypto/conf/conf_mod.c.orig +++ crypto/openssl/crypto/conf/conf_mod.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,15 +72,15 @@ static void module_free(CONF_MODULE *md); static void module_finish(CONF_IMODULE *imod); static int module_run(const CONF *cnf, const char *name, const char *value, - unsigned long flags); + unsigned long flags); static CONF_MODULE *module_add(DSO *dso, const char *name, - conf_init_func *ifunc, - conf_finish_func *ffunc); + conf_init_func *ifunc, + conf_finish_func *ffunc); static CONF_MODULE *module_find(const char *name); static int module_init(CONF_MODULE *pmod, const char *name, const char *value, - const CONF *cnf); + const CONF *cnf); static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name, - const char *value); + const char *value); static int conf_modules_finish_int(void); @@ -115,7 +115,7 @@ /* Main function: load modules from a CONF structure */ int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags) + unsigned long flags) { STACK_OF(CONF_VALUE) *values; CONF_VALUE *vl; @@ -127,9 +127,9 @@ if (conf_diagnostics(cnf)) flags &= ~(CONF_MFLAGS_IGNORE_ERRORS - | CONF_MFLAGS_IGNORE_RETURN_CODES - | CONF_MFLAGS_SILENT - | CONF_MFLAGS_IGNORE_MISSING_FILE); + | CONF_MFLAGS_IGNORE_RETURN_CODES + | CONF_MFLAGS_SILENT + | CONF_MFLAGS_IGNORE_MISSING_FILE); ERR_set_mark(); if (appname) @@ -150,8 +150,8 @@ if (!(flags & CONF_MFLAGS_SILENT)) { ERR_clear_last_mark(); ERR_raise_data(ERR_LIB_CONF, - CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION, - "openssl_conf=%s", vsection); + CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION, + "openssl_conf=%s", vsection); } else { ERR_pop_to_mark(); } @@ -164,7 +164,7 @@ ERR_set_mark(); ret = module_run(cnf, vl->name, vl->value, flags); OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n", - vl->name, vl->value, ret); + vl->name, vl->value, ret); if (ret <= 0) if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) { ERR_clear_last_mark(); @@ -174,11 +174,10 @@ } return 1; - } int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, - const char *appname, unsigned long flags) + const char *appname, unsigned long flags) { char *file = NULL; CONF *conf = NULL; @@ -204,8 +203,7 @@ goto err; if (NCONF_load(conf, file, NULL) <= 0) { - if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && - (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { + if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { ret = 1; } goto err; @@ -214,7 +212,7 @@ ret = CONF_modules_load(conf, appname, flags); diagnostics = conf_diagnostics(conf); - err: +err: if (filename == NULL) OPENSSL_free(file); NCONF_free(conf); @@ -231,7 +229,7 @@ } int CONF_modules_load_file(const char *filename, - const char *appname, unsigned long flags) + const char *appname, unsigned long flags) { return CONF_modules_load_file_ex(NULL, filename, appname, flags); } @@ -247,7 +245,7 @@ } static int module_run(const CONF *cnf, const char *name, const char *value, - unsigned long flags) + unsigned long flags) { CONF_MODULE *md; int ret; @@ -264,7 +262,7 @@ if (!md) { if (!(flags & CONF_MFLAGS_SILENT)) { ERR_raise_data(ERR_LIB_CONF, CONF_R_UNKNOWN_MODULE_NAME, - "module=%s", name); + "module=%s", name); } return -1; } @@ -274,8 +272,8 @@ if (ret <= 0) { if (!(flags & CONF_MFLAGS_SILENT)) ERR_raise_data(ERR_LIB_CONF, CONF_R_MODULE_INITIALIZATION_ERROR, - "module=%s, value=%s retcode=%-8d", - name, value, ret); + "module=%s, value=%s retcode=%-8d", + name, value, ret); } return ret; @@ -283,7 +281,7 @@ /* Load a module from a DSO */ static CONF_MODULE *module_load_dso(const CONF *cnf, - const char *name, const char *value) + const char *name, const char *value) { DSO *dso = NULL; conf_init_func *ifunc; @@ -316,7 +314,7 @@ return md; - err: +err: DSO_free(dso); ERR_raise_data(ERR_LIB_CONF, errcode, "module=%s, path=%s", name, path); return NULL; @@ -324,7 +322,7 @@ /* add module to list */ static CONF_MODULE *module_add(DSO *dso, const char *name, - conf_init_func *ifunc, conf_finish_func *ffunc) + conf_init_func *ifunc, conf_finish_func *ffunc) { CONF_MODULE *tmod = NULL; @@ -356,7 +354,7 @@ CRYPTO_THREAD_unlock(module_list_lock); return tmod; - err: +err: CRYPTO_THREAD_unlock(module_list_lock); if (tmod != NULL) { OPENSSL_free(tmod->name); @@ -375,7 +373,7 @@ { CONF_MODULE *tmod; int i, nchar; - char *p; + const char *p; p = strrchr(name, '.'); if (p) @@ -403,7 +401,7 @@ /* initialize a module */ static int module_init(CONF_MODULE *pmod, const char *name, const char *value, - const CONF *cnf) + const CONF *cnf) { int ret = 1; int init_called = 0; @@ -457,13 +455,13 @@ CRYPTO_THREAD_unlock(module_list_lock); return ret; - err: +err: /* We've started the module so we'd better finish it */ if (pmod->finish && init_called) pmod->finish(imod); - memerr: +memerr: if (imod) { OPENSSL_free(imod->name); OPENSSL_free(imod->value); @@ -471,7 +469,6 @@ } return -1; - } /* @@ -566,7 +563,7 @@ /* Add a static module to OpenSSL */ int CONF_module_add(const char *name, conf_init_func *ifunc, - conf_finish_func *ffunc) + conf_finish_func *ffunc) { if (module_add(NULL, name, ifunc, ffunc)) return 1; @@ -659,8 +656,8 @@ */ int CONF_parse_list(const char *list_, int sep, int nospc, - int (*list_cb) (const char *elem, int len, void *usr), - void *arg) + int (*list_cb)(const char *elem, int len, void *usr), + void *arg) { int ret; const char *lstart, *tmpend, *p; --- crypto/openssl/crypto/conf/conf_sap.c.orig +++ crypto/openssl/crypto/conf/conf_sap.c @@ -17,7 +17,7 @@ #include #if defined(_WIN32) && !defined(__BORLANDC__) -# define strdup _strdup +#define strdup _strdup #endif /* @@ -63,12 +63,12 @@ #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_config_int(%s, %s, %lu)\n", - filename, appname, flags); + filename, appname, flags); #endif #ifndef OPENSSL_SYS_UEFI ret = CONF_modules_load_file_ex(OSSL_LIB_CTX_get0_global_default(), - filename, appname, flags); + filename, appname, flags); #else ret = 1; #endif --- crypto/openssl/crypto/conf/conf_ssl.c.orig +++ crypto/openssl/crypto/conf/conf_ssl.c @@ -68,8 +68,7 @@ ssl_conf_section = CONF_imodule_get_value(md); cmd_lists = NCONF_get_section(cnf, ssl_conf_section); if (sk_CONF_VALUE_num(cmd_lists) <= 0) { - int rcode = - cmd_lists == NULL + int rcode = cmd_lists == NULL ? CONF_R_SSL_SECTION_NOT_FOUND : CONF_R_SSL_SECTION_EMPTY; @@ -88,13 +87,12 @@ STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); if (sk_CONF_VALUE_num(cmds) <= 0) { - int rcode = - cmds == NULL + int rcode = cmds == NULL ? CONF_R_SSL_COMMAND_SECTION_NOT_FOUND : CONF_R_SSL_COMMAND_SECTION_EMPTY; ERR_raise_data(ERR_LIB_CONF, rcode, - "name=%s, value=%s", sect->name, sect->value); + "name=%s, value=%s", sect->name, sect->value); goto err; } ssl_name->name = OPENSSL_strdup(sect->name); @@ -121,10 +119,9 @@ if (cmd->cmd == NULL || cmd->arg == NULL) goto err; } - } rv = 1; - err: +err: if (rv == 0) ssl_module_free(md); return rv; @@ -170,7 +167,7 @@ * argument is returned in |*arg|. */ void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, - char **arg) + char **arg) { *cmdstr = cmd[idx].cmd; *arg = cmd[idx].arg; --- crypto/openssl/crypto/context.c.orig +++ crypto/openssl/crypto/context.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,7 +42,7 @@ int run_once_done[OSSL_LIB_CTX_MAX_RUN_ONCE]; int run_once_ret[OSSL_LIB_CTX_MAX_RUN_ONCE]; struct ossl_lib_ctx_onfree_list_st *onfreelist; - unsigned int ischild:1; + unsigned int ischild : 1; }; int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx) @@ -95,7 +95,7 @@ exdata_done = 1; if (!ossl_crypto_new_ex_data_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL, - &ctx->data)) + &ctx->data)) goto err; /* Everything depends on properties, so we also pre-initialise that */ @@ -103,7 +103,7 @@ goto err; return 1; - err: +err: if (exdata_done) ossl_crypto_cleanup_all_ex_data_int(ctx); for (i = 0; i < OSSL_LIB_CTX_MAX_INDEXES; i++) @@ -200,7 +200,7 @@ #ifndef FIPS_MODULE OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in) + const OSSL_DISPATCH *in) { OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); @@ -216,7 +216,7 @@ } OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in) + const OSSL_DISPATCH *in) { OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new_from_dispatch(handle, in); @@ -316,8 +316,8 @@ } static void ossl_lib_ctx_generic_new(void *parent_ign, void *ptr_ign, - CRYPTO_EX_DATA *ad, int index, - long argl_ign, void *argp) + CRYPTO_EX_DATA *ad, int index, + long argl_ign, void *argp) { const OSSL_LIB_CTX_METHOD *meth = argp; OSSL_LIB_CTX *ctx = ossl_crypto_ex_data_get_ossl_lib_ctx(ad); @@ -335,8 +335,8 @@ } } static void ossl_lib_ctx_generic_free(void *parent_ign, void *ptr, - CRYPTO_EX_DATA *ad, int index, - long argl_ign, void *argp) + CRYPTO_EX_DATA *ad, int index, + long argl_ign, void *argp) { const OSSL_LIB_CTX_METHOD *meth = argp; @@ -344,7 +344,7 @@ } static int ossl_lib_ctx_init_index(OSSL_LIB_CTX *ctx, int static_index, - const OSSL_LIB_CTX_METHOD *meth) + const OSSL_LIB_CTX_METHOD *meth) { int idx; @@ -353,10 +353,10 @@ return 0; idx = ossl_crypto_get_ex_new_index_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, 0, - (void *)meth, - ossl_lib_ctx_generic_new, - NULL, ossl_lib_ctx_generic_free, - meth->priority); + (void *)meth, + ossl_lib_ctx_generic_new, + NULL, ossl_lib_ctx_generic_free, + meth->priority); if (idx < 0) return 0; @@ -365,7 +365,7 @@ } void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index, - const OSSL_LIB_CTX_METHOD *meth) + const OSSL_LIB_CTX_METHOD *meth) { void *data = NULL; int dynidx; @@ -419,14 +419,14 @@ * The alloc call ensures there's a value there. We release the ctx->lock * for this, because the allocation itself may recursively call * ossl_lib_ctx_get_data for other indexes (never this one). The allocation - * will itself aquire the ctx->lock when it actually comes to store the + * will itself acquire the ctx->lock when it actually comes to store the * allocated data (see ossl_lib_ctx_generic_new() above). We call * ossl_crypto_alloc_ex_data_intern() here instead of CRYPTO_alloc_ex_data(). * They do the same thing except that the latter calls CRYPTO_get_ex_data() * as well - which we must not do without holding the ctx->lock. */ if (ossl_crypto_alloc_ex_data_intern(CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL, - &ctx->data, ctx->dyn_indexes[index])) { + &ctx->data, ctx->dyn_indexes[index])) { if (!CRYPTO_THREAD_read_lock(ctx->lock)) goto end; data = CRYPTO_get_ex_data(&ctx->data, ctx->dyn_indexes[index]); @@ -447,7 +447,7 @@ } int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx, - ossl_lib_ctx_run_once_fn run_once_fn) + ossl_lib_ctx_run_once_fn run_once_fn) { int done = 0, ret = 0; --- crypto/openssl/crypto/core_algorithm.c.orig +++ crypto/openssl/crypto/core_algorithm.c @@ -15,15 +15,15 @@ struct algorithm_data_st { OSSL_LIB_CTX *libctx; - int operation_id; /* May be zero for finding them all */ + int operation_id; /* May be zero for finding them all */ int (*pre)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, - int *result); + int *result); int (*reserve_store)(int no_store, void *data); void (*fn)(OSSL_PROVIDER *, const OSSL_ALGORITHM *, int no_store, - void *data); + void *data); int (*unreserve_store)(void *data); int (*post)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, - int *result); + int *result); void *data; }; @@ -40,7 +40,7 @@ * 1 if successful so far, and adding should continue */ static int algorithm_do_map(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *map, - int cur_operation, int no_store, void *cbdata) + int cur_operation, int no_store, void *cbdata) { struct algorithm_data_st *data = cbdata; int ret = 0; @@ -54,7 +54,7 @@ /* If there is no pre-condition function, assume "yes" */ ret = 1; } else if (!data->pre(provider, cur_operation, no_store, data->data, - &ret)) { + &ret)) { /* Error, bail out! */ ret = -1; goto end; @@ -82,12 +82,12 @@ /* If there is no post-condition function, assume "yes" */ ret = 1; } else if (!data->post(provider, cur_operation, no_store, data->data, - &ret)) { + &ret)) { /* Error, bail out! */ ret = -1; } - end: +end: data->unreserve_store(data->data); return ret; @@ -111,14 +111,14 @@ first_operation = last_operation = data->operation_id; for (cur_operation = first_operation; - cur_operation <= last_operation; - cur_operation++) { - int no_store = 0; /* Assume caching is ok */ + cur_operation <= last_operation; + cur_operation++) { + int no_store = 0; /* Assume caching is ok */ const OSSL_ALGORITHM *map = NULL; int ret = 0; map = ossl_provider_query_operation(provider, cur_operation, - &no_store); + &no_store); ret = algorithm_do_map(provider, map, cur_operation, no_store, data); ossl_provider_unquery_operation(provider, cur_operation, map); @@ -135,19 +135,21 @@ } void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, - OSSL_PROVIDER *provider, - int (*pre)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), - int (*reserve_store)(int no_store, void *data), - void (*fn)(OSSL_PROVIDER *provider, - const OSSL_ALGORITHM *algo, - int no_store, void *data), - int (*unreserve_store)(void *data), - int (*post)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), - void *data) + OSSL_PROVIDER *provider, + int (*pre)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), + int (*reserve_store)(int no_store, void *data), + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + int (*unreserve_store)(void *data), + int (*post)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), + void *data) { - struct algorithm_data_st cbdata = { 0, }; + struct algorithm_data_st cbdata = { + 0, + }; cbdata.libctx = libctx; cbdata.operation_id = operation_id; @@ -169,7 +171,7 @@ * a programming error in the functions up the call stack. */ if (!ossl_assert(ossl_lib_ctx_get_concrete(libctx) - == ossl_lib_ctx_get_concrete(libctx2))) + == ossl_lib_ctx_get_concrete(libctx2))) return; cbdata.libctx = libctx2; --- crypto/openssl/crypto/core_fetch.c.orig +++ crypto/openssl/crypto/core_fetch.c @@ -57,8 +57,8 @@ } static int ossl_method_construct_precondition(OSSL_PROVIDER *provider, - int operation_id, int no_store, - void *cbdata, int *result) + int operation_id, int no_store, + void *cbdata, int *result) { if (!ossl_assert(result != NULL)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); @@ -84,8 +84,8 @@ } static int ossl_method_construct_postcondition(OSSL_PROVIDER *provider, - int operation_id, int no_store, - void *cbdata, int *result) + int operation_id, int no_store, + void *cbdata, int *result) { if (!ossl_assert(result != NULL)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); @@ -100,8 +100,8 @@ } static void ossl_method_construct_this(OSSL_PROVIDER *provider, - const OSSL_ALGORITHM *algo, - int no_store, void *cbdata) + const OSSL_ALGORITHM *algo, + int no_store, void *cbdata) { struct construct_data_st *data = cbdata; void *method = NULL; @@ -121,16 +121,16 @@ * of the passed method. */ data->mcm->put(no_store ? data->store : NULL, - method, provider, algo->algorithm_names, - algo->property_definition, data->mcm_data); + method, provider, algo->algorithm_names, + algo->property_definition, data->mcm_data); /* refcnt-- because we're dropping the reference */ data->mcm->destruct(method, data->mcm_data); } void *ossl_method_construct(OSSL_LIB_CTX *libctx, int operation_id, - OSSL_PROVIDER **provider_rw, int force_store, - OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data) + OSSL_PROVIDER **provider_rw, int force_store, + OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data) { void *method = NULL; OSSL_PROVIDER *provider = provider_rw != NULL ? *provider_rw : NULL; @@ -152,17 +152,17 @@ cbdata.mcm = mcm; cbdata.mcm_data = mcm_data; ossl_algorithm_do_all(libctx, operation_id, provider, - ossl_method_construct_precondition, - ossl_method_construct_reserve_store, - ossl_method_construct_this, - ossl_method_construct_unreserve_store, - ossl_method_construct_postcondition, - &cbdata); + ossl_method_construct_precondition, + ossl_method_construct_reserve_store, + ossl_method_construct_this, + ossl_method_construct_unreserve_store, + ossl_method_construct_postcondition, + &cbdata); /* If there is a temporary store, try there first */ if (cbdata.store != NULL) method = mcm->get(cbdata.store, (const OSSL_PROVIDER **)provider_rw, - mcm_data); + mcm_data); /* If no method was found yet, try the global store */ if (method == NULL) --- crypto/openssl/crypto/core_namemap.c.orig +++ crypto/openssl/crypto/core_namemap.c @@ -9,7 +9,7 @@ #include "internal/namemap.h" #include -#include "crypto/lhash.h" /* ossl_lh_strcasehash */ +#include "crypto/lhash.h" /* ossl_lh_strcasehash */ #include "internal/tsan_assist.h" #include "internal/sizes.h" @@ -31,12 +31,12 @@ struct ossl_namemap_st { /* Flags */ - unsigned int stored:1; /* If 1, it's stored in a library context */ + unsigned int stored : 1; /* If 1, it's stored in a library context */ CRYPTO_RWLOCK *lock; - LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ + LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ - TSAN_QUALIFIER int max_number; /* Current max number */ + TSAN_QUALIFIER int max_number; /* Current max number */ }; /* LHASH callbacks */ @@ -132,8 +132,8 @@ * return value of 0 means that the callback was not called for any names. */ int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { DOALL_NAMES_DATA cbdata; size_t num_names; @@ -164,7 +164,7 @@ return 0; } lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name, - &cbdata); + &cbdata); CRYPTO_THREAD_unlock(namemap->lock); for (i = 0; i < cbdata.found; i++) @@ -175,21 +175,20 @@ } static int namemap_name2num_n(const OSSL_NAMEMAP *namemap, - const char *name, size_t name_len) + const char *name, size_t name_len) { NAMENUM_ENTRY *namenum_entry, namenum_tmpl; if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL) return 0; namenum_tmpl.number = 0; - namenum_entry = - lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl); + namenum_entry = lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl); OPENSSL_free(namenum_tmpl.name); return namenum_entry != NULL ? namenum_entry->number : 0; } int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, - const char *name, size_t name_len) + const char *name, size_t name_len) { int number; @@ -218,8 +217,8 @@ } struct num2name_data_st { - size_t idx; /* Countdown */ - const char *name; /* Result */ + size_t idx; /* Countdown */ + const char *name; /* Result */ }; static void do_num2name(const char *name, void *vdata) @@ -233,7 +232,7 @@ } const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, - size_t idx) + size_t idx) { struct num2name_data_st data; @@ -245,7 +244,7 @@ } static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, - const char *name, size_t name_len) + const char *name, size_t name_len) { NAMENUM_ENTRY *namenum = NULL; int tmp_number; @@ -259,21 +258,20 @@ goto err; /* The tsan_counter use here is safe since we're under lock */ - namenum->number = - number != 0 ? number : 1 + tsan_counter(&namemap->max_number); + namenum->number = number != 0 ? number : 1 + tsan_counter(&namemap->max_number); (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); if (lh_NAMENUM_ENTRY_error(namemap->namenum)) goto err; return namenum->number; - err: +err: namenum_free(namenum); return 0; } int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, - const char *name, size_t name_len) + const char *name, size_t name_len) { int tmp_number; @@ -301,7 +299,7 @@ } int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, - const char *names, const char separator) + const char *names, const char separator) { const char *p, *q; size_t l; @@ -322,9 +320,9 @@ int this_number; if ((q = strchr(p, separator)) == NULL) - l = strlen(p); /* offset to \0 */ + l = strlen(p); /* offset to \0 */ else - l = q - p; /* offset to the next separator */ + l = q - p; /* offset to the next separator */ this_number = namemap_name2num_n(namemap, p, l); @@ -336,8 +334,8 @@ number = this_number; } else if (this_number != 0 && this_number != number) { ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES, - "\"%.*s\" has an existing different identity %d (from \"%s\")", - l, p, this_number, names); + "\"%.*s\" has an existing different identity %d (from \"%s\")", + l, p, this_number, names); goto err; } } @@ -347,17 +345,17 @@ int this_number; if ((q = strchr(p, separator)) == NULL) - l = strlen(p); /* offset to \0 */ + l = strlen(p); /* offset to \0 */ else - l = q - p; /* offset to the next separator */ + l = q - p; /* offset to the next separator */ this_number = namemap_add_name_n(namemap, number, p, l); if (number == 0) { number = this_number; } else if (this_number != number) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR, - "Got number %d when expecting %d", - this_number, number); + "Got number %d when expecting %d", + this_number, number); goto err; } } @@ -365,7 +363,7 @@ CRYPTO_THREAD_unlock(namemap->lock); return number; - err: +err: CRYPTO_THREAD_unlock(namemap->lock); return 0; } @@ -380,7 +378,7 @@ /* Creates an initial namemap with names found in the legacy method db */ static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name, - void *arg) + void *arg) { int num = 0; ASN1_OBJECT *obj; @@ -421,7 +419,7 @@ } static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, - void *arg) + void *arg) { int nid = 0, base_nid = 0, flags = 0; const char *pem_name = NULL; @@ -470,9 +468,8 @@ #ifndef FIPS_MODULE int nms; #endif - OSSL_NAMEMAP *namemap = - ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX, - &stored_namemap_method); + OSSL_NAMEMAP *namemap = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX, + &stored_namemap_method); if (namemap == NULL) return NULL; @@ -491,12 +488,13 @@ /* Before pilfering, we make sure the legacy database is populated */ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + | OPENSSL_INIT_ADD_ALL_DIGESTS, + NULL); OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, - get_legacy_cipher_names, namemap); + get_legacy_cipher_names, namemap); OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, - get_legacy_md_names, namemap); + get_legacy_md_names, namemap); /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */ for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++) @@ -513,8 +511,7 @@ if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL && (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL - && (namemap->namenum = - lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL) + && (namemap->namenum = lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL) return namemap; ossl_namemap_free(namemap); --- crypto/openssl/crypto/cpt_err.c.orig +++ crypto/openssl/crypto/cpt_err.c @@ -15,47 +15,47 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA CRYPTO_str_reasons[] = { - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_BAD_ALGORITHM_NAME), - "bad algorithm name"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_CONFLICTING_NAMES), - "conflicting names"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_HEX_STRING_TOO_SHORT), - "hex string too short"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT), - "illegal hex digit"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_DATA_SPACE), - "insufficient data space"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_PARAM_SIZE), - "insufficient param size"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE), - "insufficient secure data space"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NEGATIVE_VALUE), - "invalid negative value"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NULL_ARGUMENT), - "invalid null argument"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_OSSL_PARAM_TYPE), - "invalid ossl param type"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS), - "odd number of digits"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_ALREADY_EXISTS), - "provider already exists"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_SECTION_ERROR), - "provider section error"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_RANDOM_SECTION_ERROR), - "random section error"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_SECURE_MALLOC_FAILURE), - "secure malloc failure"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_STRING_TOO_LONG), "string too long"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_MANY_BYTES), "too many bytes"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_MANY_RECORDS), - "too many records"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_SMALL_BUFFER), - "too small buffer"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION), - "unknown name in random section"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ZERO_LENGTH_NUMBER), - "zero length number"}, - {0, NULL} + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_BAD_ALGORITHM_NAME), + "bad algorithm name" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_CONFLICTING_NAMES), + "conflicting names" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_HEX_STRING_TOO_SHORT), + "hex string too short" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT), + "illegal hex digit" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_DATA_SPACE), + "insufficient data space" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_PARAM_SIZE), + "insufficient param size" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE), + "insufficient secure data space" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NEGATIVE_VALUE), + "invalid negative value" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NULL_ARGUMENT), + "invalid null argument" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_OSSL_PARAM_TYPE), + "invalid ossl param type" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS), + "odd number of digits" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_ALREADY_EXISTS), + "provider already exists" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_SECTION_ERROR), + "provider section error" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_RANDOM_SECTION_ERROR), + "random section error" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_SECURE_MALLOC_FAILURE), + "secure malloc failure" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_STRING_TOO_LONG), "string too long" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_MANY_BYTES), "too many bytes" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_MANY_RECORDS), + "too many records" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_SMALL_BUFFER), + "too small buffer" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION), + "unknown name in random section" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ZERO_LENGTH_NUMBER), + "zero length number" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/cpuid.c.orig +++ crypto/openssl/crypto/cpuid.c @@ -10,13 +10,11 @@ #include "e_os.h" #include "crypto/cryptlib.h" -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) extern unsigned int OPENSSL_ia32cap_P[4]; -# if defined(OPENSSL_CPUID_OBJ) +#if defined(OPENSSL_CPUID_OBJ) /* * Purpose of these minimalistic and character-type-agnostic subroutines @@ -27,7 +25,7 @@ * between the sets, while the rest would be simply rejected by ossl_is* * subroutines. */ -# ifdef _WIN32 +#ifdef _WIN32 typedef WCHAR variant_char; static variant_char *ossl_getenv(const char *name) @@ -42,12 +40,12 @@ return (len > 0 && len < 48) ? value : NULL; } -# else +#else typedef char variant_char; -# define ossl_getenv getenv -# endif +#define ossl_getenv getenv +#endif -# include "crypto/ctype.h" +#include "crypto/ctype.h" static int todigit(variant_char c) { @@ -71,16 +69,17 @@ base = 16, str++; } - while((digit = todigit(*str++)) < base) + while ((digit = todigit(*str++)) < base) ret = ret * base + digit; return ret; } static variant_char *ossl_strchr(const variant_char *str, char srch) -{ variant_char c; +{ + variant_char c; - while((c = *str)) { + while ((c = *str)) { if (c == srch) return (variant_char *)str; str++; @@ -89,7 +88,7 @@ return NULL; } -# define OPENSSL_CPUID_SETUP +#define OPENSSL_CPUID_SETUP typedef uint64_t IA32CAP; void OPENSSL_cpuid_setup(void) @@ -111,7 +110,7 @@ if (off) { IA32CAP mask = vec; vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask; - if (mask & (1<<24)) { + if (mask & (1 << 24)) { /* * User disables FXSR bit, mask even other capabilities * that operate exclusively on XMM, so we don't have to @@ -120,7 +119,7 @@ * do it in x86_64 case, but we can safely assume that * x86_64 users won't actually flip this flag. */ - vec &= ~((IA32CAP)(1<<1|1<<11|1<<25|1<<28) << 32); + vec &= ~((IA32CAP)(1 << 1 | 1 << 11 | 1 << 25 | 1 << 28) << 32); } } else if (env[0] == ':') { vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); @@ -155,17 +154,17 @@ OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10); OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32); } -# else +#else unsigned int OPENSSL_ia32cap_P[4]; -# endif +#endif #endif #ifndef OPENSSL_CPUID_OBJ -# ifndef OPENSSL_CPUID_SETUP +#ifndef OPENSSL_CPUID_SETUP void OPENSSL_cpuid_setup(void) { } -# endif +#endif /* * The rest are functions that are defined in the same assembler files as @@ -180,8 +179,8 @@ * * There are also assembler versions of this function. */ -# undef CRYPTO_memcmp -int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len) +#undef CRYPTO_memcmp +int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) { size_t i; const volatile unsigned char *a = in_a; --- crypto/openssl/crypto/crmf/crmf_asn.c.orig +++ crypto/openssl/crypto/crmf/crmf_asn.c @@ -26,22 +26,19 @@ } ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO) - ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) = { ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.string, ASN1_UTF8STRING), ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.generalName, GENERAL_NAME) } ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) - ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = { ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID, privateKey, OSSL_CRMF_PRIVATEKEYINFO), ASN1_OPT(OSSL_CRMF_ENCKEYWITHID, identifier, - OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) + OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) } ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID) - ASN1_SEQUENCE(OSSL_CRMF_CERTID) = { ASN1_SIMPLE(OSSL_CRMF_CERTID, issuer, GENERAL_NAME), ASN1_SIMPLE(OSSL_CRMF_CERTID, serialNumber, ASN1_INTEGER) @@ -49,7 +46,6 @@ IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) - ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = { ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR, 0), ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR, 1), @@ -66,23 +62,20 @@ } ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) - ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = { ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER), ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO, pubInfos, - OSSL_CRMF_SINGLEPUBINFO) + OSSL_CRMF_SINGLEPUBINFO) } ASN1_SEQUENCE_END(OSSL_CRMF_PKIPUBLICATIONINFO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO) - ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE) = { ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, algId, X509_ALGOR), ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, value, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE) - ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = { ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0), ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1), @@ -92,7 +85,6 @@ } ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY) - ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = { ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING), ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, owf, X509_ALGOR), @@ -101,33 +93,29 @@ } ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) - ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = { ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender, - GENERAL_NAME, 0), + GENERAL_NAME, 0), ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.publicKeyMAC, - OSSL_CRMF_PKMACVALUE) + OSSL_CRMF_PKMACVALUE) } ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) - ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = { ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, authInfo, - OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO), + OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO), ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, publicKey, X509_PUBKEY) } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT) - ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = { ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY, poposkInput, - OSSL_CRMF_POPOSIGNINGKEYINPUT, 0), + OSSL_CRMF_POPOSIGNINGKEYINPUT, 0), ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY, algorithmIdentifier, X509_ALGOR), ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY) - ASN1_CHOICE(OSSL_CRMF_POPO) = { ASN1_IMP(OSSL_CRMF_POPO, value.raVerified, ASN1_NULL, 0), ASN1_IMP(OSSL_CRMF_POPO, value.signature, OSSL_CRMF_POPOSIGNINGKEY, 1), @@ -136,35 +124,31 @@ } ASN1_CHOICE_END(OSSL_CRMF_POPO) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO) - -ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = - ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY); +ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY); ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { ADB_ENTRY(NID_id_regCtrl_regToken, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.regToken, ASN1_UTF8STRING)), + ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, + value.regToken, ASN1_UTF8STRING)), ADB_ENTRY(NID_id_regCtrl_authenticator, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.authenticator, ASN1_UTF8STRING)), + ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, + value.authenticator, ASN1_UTF8STRING)), ADB_ENTRY(NID_id_regCtrl_pkiPublicationInfo, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.pkiPublicationInfo, - OSSL_CRMF_PKIPUBLICATIONINFO)), + ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, + value.pkiPublicationInfo, + OSSL_CRMF_PKIPUBLICATIONINFO)), ADB_ENTRY(NID_id_regCtrl_oldCertID, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.oldCertID, OSSL_CRMF_CERTID)), + ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, + value.oldCertID, OSSL_CRMF_CERTID)), ADB_ENTRY(NID_id_regCtrl_protocolEncrKey, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.protocolEncrKey, X509_PUBKEY)), + ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, + value.protocolEncrKey, X509_PUBKEY)), ADB_ENTRY(NID_id_regInfo_utf8Pairs, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.utf8Pairs, ASN1_UTF8STRING)), + ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, + value.utf8Pairs, ASN1_UTF8STRING)), ADB_ENTRY(NID_id_regInfo_certReq, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.certReq, OSSL_CRMF_CERTREQUEST)), -} ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0, - &attributetypeandvalue_default_tt, NULL); - + ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, + value.certReq, OSSL_CRMF_CERTREQUEST)), +} ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0, &attributetypeandvalue_default_tt, NULL); ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT), @@ -174,14 +158,12 @@ IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) - ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY) = { ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0), - ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1) + ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1) } ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY) - ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = { ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0), /* @@ -196,7 +178,7 @@ ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2), ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3), ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, validity, - OSSL_CRMF_OPTIONALVALIDITY, 4), + OSSL_CRMF_OPTIONALVALIDITY, 4), ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5), ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6), /* issuerUID is deprecated in version 2 */ @@ -204,32 +186,29 @@ /* subjectUID is deprecated in version 2 */ ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8), ASN1_IMP_SEQUENCE_OF_OPT(OSSL_CRMF_CERTTEMPLATE, extensions, - X509_EXTENSION, 9), + X509_EXTENSION, 9), } ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) - ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = { ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certReqId, ASN1_INTEGER), ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certTemplate, OSSL_CRMF_CERTTEMPLATE), ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_CERTREQUEST, controls, - OSSL_CRMF_ATTRIBUTETYPEANDVALUE) + OSSL_CRMF_ATTRIBUTETYPEANDVALUE) } ASN1_SEQUENCE_END(OSSL_CRMF_CERTREQUEST) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST) - ASN1_SEQUENCE(OSSL_CRMF_MSG) = { ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST), ASN1_OPT(OSSL_CRMF_MSG, popo, OSSL_CRMF_POPO), ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_MSG, regInfo, - OSSL_CRMF_ATTRIBUTETYPEANDVALUE) + OSSL_CRMF_ATTRIBUTETYPEANDVALUE) } ASN1_SEQUENCE_END(OSSL_CRMF_MSG) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSG) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) -ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CRMF_MSGS, OSSL_CRMF_MSG) +ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CRMF_MSGS, OSSL_CRMF_MSG) ASN1_ITEM_TEMPLATE_END(OSSL_CRMF_MSGS) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSGS) --- crypto/openssl/crypto/crmf/crmf_err.c.orig +++ crypto/openssl/crypto/crmf/crmf_err.c @@ -14,59 +14,59 @@ #ifndef OPENSSL_NO_CRMF -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA CRMF_str_reasons[] = { - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_BAD_PBM_ITERATIONCOUNT), - "bad pbm iterationcount"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_CRMFERROR), "crmferror"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR), "error"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECODING_CERTIFICATE), - "error decoding certificate"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECRYPTING_CERTIFICATE), - "error decrypting certificate"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY), - "error decrypting symmetric key"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_FAILURE_OBTAINING_RANDOM), - "failure obtaining random"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ITERATIONCOUNT_BELOW_100), - "iterationcount below 100"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_MALFORMED_IV), "malformed iv"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_NULL_ARGUMENT), "null argument"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPOSKINPUT_NOT_SUPPORTED), - "poposkinput not supported"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY), - "popo inconsistent public key"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING), "popo missing"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_PUBLIC_KEY), - "popo missing public key"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_SUBJECT), - "popo missing subject"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED), - "popo raverified not accepted"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_SETTING_MAC_ALGOR_FAILURE), - "setting mac algor failure"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_SETTING_OWF_ALGOR_FAILURE), - "setting owf algor failure"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_ALGORITHM), - "unsupported algorithm"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_CIPHER), - "unsupported cipher"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO), - "unsupported method for creating popo"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_POPO_METHOD), - "unsupported popo method"}, - {0, NULL} + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_BAD_PBM_ITERATIONCOUNT), + "bad pbm iterationcount" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_CRMFERROR), "crmferror" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR), "error" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECODING_CERTIFICATE), + "error decoding certificate" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECRYPTING_CERTIFICATE), + "error decrypting certificate" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY), + "error decrypting symmetric key" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_FAILURE_OBTAINING_RANDOM), + "failure obtaining random" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ITERATIONCOUNT_BELOW_100), + "iterationcount below 100" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_MALFORMED_IV), "malformed iv" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_NULL_ARGUMENT), "null argument" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPOSKINPUT_NOT_SUPPORTED), + "poposkinput not supported" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY), + "popo inconsistent public key" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING), "popo missing" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_PUBLIC_KEY), + "popo missing public key" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_SUBJECT), + "popo missing subject" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED), + "popo raverified not accepted" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_SETTING_MAC_ALGOR_FAILURE), + "setting mac algor failure" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_SETTING_OWF_ALGOR_FAILURE), + "setting owf algor failure" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_ALGORITHM), + "unsupported algorithm" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_CIPHER), + "unsupported cipher" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO), + "unsupported method for creating popo" }, + { ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_POPO_METHOD), + "unsupported popo method" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_CRMF_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(CRMF_str_reasons[0].error) == NULL) ERR_load_strings_const(CRMF_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/crmf/crmf_lib.c.orig +++ crypto/openssl/crypto/crmf/crmf_lib.c @@ -42,44 +42,43 @@ * valt = Value Type * ctrlinf = "regCtrl" or "regInfo" */ -#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \ -valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg) \ -{ \ - int i; \ - STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; \ - OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ - \ - if (msg == NULL || msg->certReq == NULL) \ - return NULL; \ - controls = msg->certReq->controls; \ - for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \ - atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i); \ - if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp) \ - return atav->value.atyp; \ - } \ - return NULL; \ -} \ - \ -int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \ -{ \ - OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ - \ - if (msg == NULL || in == NULL) \ - goto err; \ - if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \ - goto err; \ - if ((atav->type = OBJ_nid2obj(NID_id_##ctrlinf##_##atyp)) == NULL) \ - goto err; \ - if ((atav->value.atyp = valt##_dup(in)) == NULL) \ - goto err; \ - if (!OSSL_CRMF_MSG_push0_##ctrlinf(msg, atav)) \ - goto err; \ - return 1; \ - err: \ - OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(atav); \ - return 0; \ -} - +#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \ + valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg) \ + { \ + int i; \ + STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; \ + OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ + \ + if (msg == NULL || msg->certReq == NULL) \ + return NULL; \ + controls = msg->certReq->controls; \ + for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \ + atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i); \ + if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp) \ + return atav->value.atyp; \ + } \ + return NULL; \ + } \ + \ + int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \ + { \ + OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ + \ + if (msg == NULL || in == NULL) \ + goto err; \ + if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \ + goto err; \ + if ((atav->type = OBJ_nid2obj(NID_id_##ctrlinf##_##atyp)) == NULL) \ + goto err; \ + if ((atav->value.atyp = valt##_dup(in)) == NULL) \ + goto err; \ + if (!OSSL_CRMF_MSG_push0_##ctrlinf(msg, atav)) \ + goto err; \ + return 1; \ + err: \ + OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(atav); \ + return 0; \ + } /*- * Pushes the given control attribute into the controls stack of a CertRequest @@ -87,7 +86,7 @@ * returns 1 on success, 0 on error */ static int OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG *crm, - OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ctrl) + OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ctrl) { int new = 0; @@ -106,7 +105,7 @@ goto err; return 1; - err: +err: if (new != 0) { sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(crm->certReq->controls); crm->certReq->controls = NULL; @@ -122,11 +121,11 @@ IMPLEMENT_CRMF_CTRL_FUNC(authenticator, ASN1_UTF8STRING, regCtrl) int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, - int method, GENERAL_NAME *nm) + int method, GENERAL_NAME *nm) { if (spi == NULL - || method < OSSL_CRMF_PUB_METHOD_DONTCARE - || method > OSSL_CRMF_PUB_METHOD_LDAP) { + || method < OSSL_CRMF_PUB_METHOD_DONTCARE + || method > OSSL_CRMF_PUB_METHOD_LDAP) { ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -138,9 +137,8 @@ return 1; } -int -OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, - OSSL_CRMF_SINGLEPUBINFO *spi) +int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + OSSL_CRMF_SINGLEPUBINFO *spi) { if (pi == NULL || spi == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); @@ -155,11 +153,11 @@ } int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, - int action) + int action) { if (pi == NULL - || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH - || action > OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH) { + || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH + || action > OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH) { ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -169,13 +167,13 @@ /* id-regCtrl-pkiPublicationInfo Control (section 6.3) */ IMPLEMENT_CRMF_CTRL_FUNC(pkiPublicationInfo, OSSL_CRMF_PKIPUBLICATIONINFO, - regCtrl) + regCtrl) /* id-regCtrl-oldCertID Control (section 6.5) from the given */ IMPLEMENT_CRMF_CTRL_FUNC(oldCertID, OSSL_CRMF_CERTID, regCtrl) OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, - const ASN1_INTEGER *serial) + const ASN1_INTEGER *serial) { OSSL_CRMF_CERTID *cid = NULL; @@ -197,7 +195,7 @@ return cid; - err: +err: OSSL_CRMF_CERTID_free(cid); return NULL; } @@ -213,7 +211,7 @@ * returns 1 on success, 0 on error */ static int OSSL_CRMF_MSG_push0_regInfo(OSSL_CRMF_MSG *crm, - OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ri) + OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ri) { STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *info = NULL; @@ -230,7 +228,7 @@ goto err; return 1; - err: +err: if (info != NULL) crm->regInfo = NULL; sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(info); @@ -243,7 +241,6 @@ /* id-regInfo-certReq to regInfo (section 7.2) */ IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo) - /* retrieves the certificate template of crm */ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm) { @@ -254,9 +251,8 @@ return crm->certReq->certTemplate; } - int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, - ASN1_TIME *notBefore, ASN1_TIME *notAfter) + ASN1_TIME *notBefore, ASN1_TIME *notAfter) { OSSL_CRMF_OPTIONALVALIDITY *vld; OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); @@ -274,7 +270,6 @@ return 1; } - int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid) { if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) { @@ -314,9 +309,8 @@ return crmf_asn1_get_int(crm->certReq->certReqId); } - int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, - X509_EXTENSIONS *exts) + X509_EXTENSIONS *exts) { OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); @@ -335,9 +329,8 @@ return 1; } - int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, - X509_EXTENSION *ext) + X509_EXTENSION *ext) { int new = 0; OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); @@ -356,7 +349,7 @@ if (!sk_X509_EXTENSION_push(tmpl->extensions, ext)) goto err; return 1; - err: +err: if (new != 0) { sk_X509_EXTENSION_free(tmpl->extensions); tmpl->extensions = NULL; @@ -365,9 +358,9 @@ } static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, - const OSSL_CRMF_CERTREQUEST *cr, - EVP_PKEY *pkey, const EVP_MD *digest, - OSSL_LIB_CTX *libctx, const char *propq) + const OSSL_CRMF_CERTREQUEST *cr, + EVP_PKEY *pkey, const EVP_MD *digest, + OSSL_LIB_CTX *libctx, const char *propq) { char name[80] = ""; @@ -382,18 +375,17 @@ } if (EVP_PKEY_get_default_digest_name(pkey, name, sizeof(name)) > 0 - && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ + && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ digest = NULL; return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST), - ps->algorithmIdentifier, NULL, ps->signature, cr, - NULL, pkey, digest, libctx, propq); + ps->algorithmIdentifier, NULL, ps->signature, cr, + NULL, pkey, digest, libctx, propq); } - int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, - EVP_PKEY *pkey, const EVP_MD *digest, - OSSL_LIB_CTX *libctx, const char *propq) + EVP_PKEY *pkey, const EVP_MD *digest, + OSSL_LIB_CTX *libctx, const char *propq) { OSSL_CRMF_POPO *pp = NULL; ASN1_INTEGER *tag = NULL; @@ -415,30 +407,27 @@ goto err; break; - case OSSL_CRMF_POPO_SIGNATURE: - { - OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new(); - - if (ps == NULL) - goto err; - if (!create_popo_signature(ps, crm->certReq, pkey, digest, - libctx, propq)) { - OSSL_CRMF_POPOSIGNINGKEY_free(ps); - goto err; - } - pp->value.signature = ps; + case OSSL_CRMF_POPO_SIGNATURE: { + OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new(); + + if (ps == NULL) + goto err; + if (!create_popo_signature(ps, crm->certReq, pkey, digest, + libctx, propq)) { + OSSL_CRMF_POPOSIGNINGKEY_free(ps); + goto err; } - break; + pp->value.signature = ps; + } break; case OSSL_CRMF_POPO_KEYENC: if ((pp->value.keyEncipherment = OSSL_CRMF_POPOPRIVKEY_new()) == NULL) goto err; tag = ASN1_INTEGER_new(); - pp->value.keyEncipherment->type = - OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE; + pp->value.keyEncipherment->type = OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE; pp->value.keyEncipherment->value.subsequentMessage = tag; if (tag == NULL - || !ASN1_INTEGER_set(tag, OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT)) + || !ASN1_INTEGER_set(tag, OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT)) goto err; break; @@ -447,20 +436,20 @@ goto err; } - end: +end: OSSL_CRMF_POPO_free(crm->popo); crm->popo = pp; return 1; - err: +err: OSSL_CRMF_POPO_free(pp); return 0; } /* verifies the Proof-of-Possession of the request with the given rid in reqs */ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, - int rid, int acceptRAVerified, - OSSL_LIB_CTX *libctx, const char *propq) + int rid, int acceptRAVerified, + OSSL_LIB_CTX *libctx, const char *propq) { OSSL_CRMF_MSG *req = NULL; X509_PUBKEY *pubkey = NULL; @@ -517,8 +506,9 @@ asn = req->certReq; } if (ASN1_item_verify_ex(it, sig->algorithmIdentifier, sig->signature, - asn, NULL, X509_PUBKEY_get0(pubkey), libctx, - propq) < 1) + asn, NULL, X509_PUBKEY_get0(pubkey), libctx, + propq) + < 1) return 0; break; case OSSL_CRMF_POPO_KEYENC: @@ -531,27 +521,24 @@ } /* retrieves the serialNumber of the given cert template or NULL on error */ -const ASN1_INTEGER -*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl) +const ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->serialNumber : NULL; } -const X509_NAME - *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl) +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->subject : NULL; } /* retrieves the issuer name of the given cert template or NULL on error */ -const X509_NAME - *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->issuer : NULL; } X509_EXTENSIONS - *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl) +*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl) { return tmpl != NULL ? tmpl->extensions : NULL; } @@ -559,8 +546,7 @@ /* retrieves the issuer name of the given CertId or NULL on error */ const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) { - return cid != NULL && cid->issuer->type == GEN_DIRNAME ? - cid->issuer->d.directoryName : NULL; + return cid != NULL && cid->issuer->type == GEN_DIRNAME ? cid->issuer->d.directoryName : NULL; } /* retrieves the serialNumber of the given CertId or NULL on error */ @@ -574,10 +560,10 @@ * Any value argument that is NULL will leave the respective field unchanged. */ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, - EVP_PKEY *pubkey, - const X509_NAME *subject, - const X509_NAME *issuer, - const ASN1_INTEGER *serial) + EVP_PKEY *pubkey, + const X509_NAME *subject, + const X509_NAME *issuer, + const ASN1_INTEGER *serial) { if (tmpl == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); @@ -597,7 +583,6 @@ return 1; } - /*- * Decrypts the certificate in the given encryptedValue using private key pkey. * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2. @@ -605,10 +590,9 @@ * returns a pointer to the decrypted certificate * returns NULL on error or if no certificate available */ -X509 -*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, - OSSL_LIB_CTX *libctx, const char *propq, - EVP_PKEY *pkey) +X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, + OSSL_LIB_CTX *libctx, const char *propq, + EVP_PKEY *pkey) { X509 *cert = NULL; /* decrypted certificate */ EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */ @@ -624,7 +608,7 @@ char name[OSSL_MAX_NAME_SIZE]; if (ecert == NULL || ecert->symmAlg == NULL || ecert->encSymmKey == NULL - || ecert->encValue == NULL || pkey == NULL) { + || ecert->encValue == NULL || pkey == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return NULL; } @@ -654,14 +638,15 @@ int retval; if (EVP_PKEY_decrypt(pkctx, NULL, &eksize, - encKey->data, encKey->length) <= 0 - || (ek = OPENSSL_malloc(eksize)) == NULL) + encKey->data, encKey->length) + <= 0 + || (ek = OPENSSL_malloc(eksize)) == NULL) goto end; retval = EVP_PKEY_decrypt(pkctx, ek, &eksize, - encKey->data, encKey->length); + encKey->data, encKey->length); ERR_clear_error(); /* error state may have sensitive information */ failure = ~constant_time_is_zero_s(constant_time_msb(retval) - | constant_time_is_zero(retval)); + | constant_time_is_zero(retval)); failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize); if (failure) { ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY); @@ -673,7 +658,7 @@ if ((iv = OPENSSL_malloc(EVP_CIPHER_get_iv_length(cipher))) == NULL) goto end; if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv, - EVP_CIPHER_get_iv_length(cipher)) + EVP_CIPHER_get_iv_length(cipher)) != EVP_CIPHER_get_iv_length(cipher)) { ERR_raise(ERR_LIB_CRMF, CRMF_R_MALFORMED_IV); goto end; @@ -683,17 +668,16 @@ * d2i_X509 changes the given pointer, so use p for decoding the message and * keep the original pointer in outbuf so the memory can be freed later */ - if ((p = outbuf = OPENSSL_malloc(ecert->encValue->length + - EVP_CIPHER_get_block_size(cipher))) == NULL - || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL) + if ((p = outbuf = OPENSSL_malloc(ecert->encValue->length + EVP_CIPHER_get_block_size(cipher))) == NULL + || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL) goto end; EVP_CIPHER_CTX_set_padding(evp_ctx, 0); if (!EVP_DecryptInit(evp_ctx, cipher, ek, iv) - || !EVP_DecryptUpdate(evp_ctx, outbuf, &outlen, - ecert->encValue->data, - ecert->encValue->length) - || !EVP_DecryptFinal(evp_ctx, outbuf + outlen, &n)) { + || !EVP_DecryptUpdate(evp_ctx, outbuf, &outlen, + ecert->encValue->data, + ecert->encValue->length) + || !EVP_DecryptFinal(evp_ctx, outbuf + outlen, &n)) { ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_CERTIFICATE); goto end; } @@ -704,7 +688,7 @@ goto end; if (d2i_X509(&cert, &p, outlen) == NULL) ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECODING_CERTIFICATE); - end: +end: EVP_PKEY_CTX_free(pkctx); OPENSSL_free(outbuf); EVP_CIPHER_CTX_free(evp_ctx); --- crypto/openssl/crypto/crmf/crmf_local.h.orig +++ crypto/openssl/crypto/crmf/crmf_local.h @@ -12,16 +12,16 @@ */ #ifndef OSSL_CRYPTO_CRMF_LOCAL_H -# define OSSL_CRYPTO_CRMF_LOCAL_H +#define OSSL_CRYPTO_CRMF_LOCAL_H -# include -# include +#include +#include /* explicit #includes not strictly needed since implied by the above: */ -# include -# include -# include -# include +#include +#include +#include +#include /*- * EncryptedValue ::= SEQUENCE { @@ -43,10 +43,10 @@ * } */ struct ossl_crmf_encryptedvalue_st { - X509_ALGOR *intendedAlg; /* 0 */ - X509_ALGOR *symmAlg; /* 1 */ - ASN1_BIT_STRING *encSymmKey; /* 2 */ - X509_ALGOR *keyAlg; /* 3 */ + X509_ALGOR *intendedAlg; /* 0 */ + X509_ALGOR *symmAlg; /* 1 */ + ASN1_BIT_STRING *encSymmKey; /* 2 */ + X509_ALGOR *keyAlg; /* 3 */ ASN1_OCTET_STRING *valueHint; /* 4 */ ASN1_BIT_STRING *encValue; } /* OSSL_CRMF_ENCRYPTEDVALUE */; @@ -126,7 +126,6 @@ DEFINE_STACK_OF(OSSL_CRMF_SINGLEPUBINFO) typedef STACK_OF(OSSL_CRMF_SINGLEPUBINFO) OSSL_CRMF_PUBINFOS; - /*- * PKIPublicationInfo ::= SEQUENCE { * action INTEGER { @@ -211,7 +210,7 @@ ASN1_INTEGER *iterationCount; X509_ALGOR *mac; } /* OSSL_CRMF_PBMPARAMETER */; -# define OSSL_CRMF_PBM_MAX_ITERATION_COUNT 100000 /* if too large allows DoS */ +#define OSSL_CRMF_PBM_MAX_ITERATION_COUNT 100000 /* if too large allows DoS */ /*- * POPOSigningKeyInput ::= SEQUENCE { --- crypto/openssl/crypto/crmf/crmf_pbm.c.orig +++ crypto/openssl/crypto/crmf/crmf_pbm.c @@ -11,7 +11,6 @@ * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. */ - #include #include @@ -39,8 +38,8 @@ * returns pointer to OSSL_CRMF_PBMPARAMETER on success, NULL on error */ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, - int owfnid, size_t itercnt, - int macnid) + int owfnid, size_t itercnt, + int macnid) { OSSL_CRMF_PBMPARAMETER *pbm = NULL; unsigned char *salt = NULL; @@ -108,7 +107,7 @@ OPENSSL_free(salt); return pbm; - err: +err: OPENSSL_free(salt); OSSL_CRMF_PBMPARAMETER_free(pbm); return NULL; @@ -126,10 +125,10 @@ * returns 1 on success, 0 on error */ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, - const OSSL_CRMF_PBMPARAMETER *pbmp, - const unsigned char *msg, size_t msglen, - const unsigned char *sec, size_t seclen, - unsigned char **out, size_t *outlen) + const OSSL_CRMF_PBMPARAMETER *pbmp, + const unsigned char *msg, size_t msglen, + const unsigned char *sec, size_t seclen, + unsigned char **out, size_t *outlen) { int mac_nid, hmac_md_nid = NID_undef; char mdname[OSSL_MAX_NAME_SIZE]; @@ -143,7 +142,7 @@ int ok = 0; if (out == NULL || pbmp == NULL || pbmp->mac == NULL - || pbmp->mac->algorithm == NULL || msg == NULL || sec == NULL) { + || pbmp->mac->algorithm == NULL || msg == NULL || sec == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); goto err; } @@ -176,8 +175,8 @@ if (!EVP_DigestFinal_ex(ctx, basekey, &bklen)) goto err; if (!ASN1_INTEGER_get_int64(&iterations, pbmp->iterationCount) - || iterations < 100 /* min from RFC */ - || iterations > OSSL_CRMF_PBM_MAX_ITERATION_COUNT) { + || iterations < 100 /* min from RFC */ + || iterations > OSSL_CRMF_PBM_MAX_ITERATION_COUNT) { ERR_raise(ERR_LIB_CRMF, CRMF_R_BAD_PBM_ITERATIONCOUNT); goto err; } @@ -201,17 +200,19 @@ if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL) || OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname), - OBJ_nid2obj(hmac_md_nid), 0) <= 0) { + OBJ_nid2obj(hmac_md_nid), 0) + <= 0) { ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; } if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen, - msg, msglen, mac_res, EVP_MAX_MD_SIZE, outlen) == NULL) + msg, msglen, mac_res, EVP_MAX_MD_SIZE, outlen) + == NULL) goto err; ok = 1; - err: +err: OPENSSL_cleanse(basekey, bklen); EVP_MD_free(owf); EVP_MD_CTX_free(ctx); --- crypto/openssl/crypto/cryptlib.c.orig +++ crypto/openssl/crypto/cryptlib.c @@ -13,28 +13,28 @@ #include #if defined(_WIN32) -# include -# include -# ifdef __WATCOMC__ -# if defined(_UNICODE) || defined(__UNICODE__) -# define _vsntprintf _vsnwprintf -# else -# define _vsntprintf _vsnprintf -# endif -# endif -# ifdef _MSC_VER -# define alloca _alloca -# endif +#include +#include +#ifdef __WATCOMC__ +#if defined(_UNICODE) || defined(__UNICODE__) +#define _vsntprintf _vsnwprintf +#else +#define _vsntprintf _vsnprintf +#endif +#endif +#ifdef _MSC_VER +#define alloca _alloca +#endif -# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 -# ifdef OPENSSL_SYS_WIN_CORE +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0333 +#ifdef OPENSSL_SYS_WIN_CORE int OPENSSL_isservice(void) { /* OneCore API cannot interact with GUI */ return 1; } -# else +#else int OPENSSL_isservice(void) { HWINSTA h; @@ -60,26 +60,25 @@ } if (_OPENSSL_isservice.p != (void *)-1) - return (*_OPENSSL_isservice.f) (); + return (*_OPENSSL_isservice.f)(); h = GetProcessWindowStation(); if (h == NULL) return -1; - if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) || - GetLastError() != ERROR_INSUFFICIENT_BUFFER) + if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) || GetLastError() != ERROR_INSUFFICIENT_BUFFER) return -1; if (len > 512) - return -1; /* paranoia */ - len++, len &= ~1; /* paranoia */ + return -1; /* paranoia */ + len++, len &= ~1; /* paranoia */ name = (WCHAR *)alloca(len + sizeof(WCHAR)); if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len)) return -1; - len++, len &= ~1; /* paranoia */ + len++, len &= ~1; /* paranoia */ name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */ -# if 1 +#if 1 /* * This doesn't cover "interactive" services [working with real * WinSta0's] nor programs started non-interactively by Task Scheduler @@ -87,21 +86,21 @@ */ if (wcsstr(name, L"Service-0x")) return 1; -# else +#else /* This covers all non-interactive programs such as services. */ if (!wcsstr(name, L"WinSta0")) return 1; -# endif +#endif else return 0; } -# endif -# else +#endif +#else int OPENSSL_isservice(void) { return 0; } -# endif +#endif void OPENSSL_showfatal(const char *fmta, ...) { @@ -114,22 +113,21 @@ * Windows CE does not have a concept of a console application, * so we need to guard the check. */ -# ifdef STD_ERROR_HANDLE +#ifdef STD_ERROR_HANDLE HANDLE h; - if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL && - GetFileType(h) != FILE_TYPE_UNKNOWN) { + if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL && GetFileType(h) != FILE_TYPE_UNKNOWN) { /* must be console application */ int len; DWORD out; va_start(ap, fmta); len = _vsnprintf((char *)buf, sizeof(buf), fmta, ap); - WriteFile(h, buf, len < 0 ? sizeof(buf) : (DWORD) len, &out, NULL); + WriteFile(h, buf, len < 0 ? sizeof(buf) : (DWORD)len, &out, NULL); va_end(ap); return; } -# endif +#endif if (sizeof(TCHAR) == sizeof(char)) fmt = (const TCHAR *)fmta; @@ -191,19 +189,19 @@ buf[OSSL_NELEM(buf) - 1] = _T('\0'); va_end(ap); -# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 -# ifdef OPENSSL_SYS_WIN_CORE +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0333 +#ifdef OPENSSL_SYS_WIN_CORE /* ONECORE is always NONGUI and NT >= 0x0601 */ -# if !defined(NDEBUG) - /* - * We are in a situation where we tried to report a critical - * error and this failed for some reason. As a last resort, - * in debug builds, send output to the debugger or any other - * tool like DebugView which can monitor the output. - */ - OutputDebugString(buf); -# endif -# else +#if !defined(NDEBUG) + /* + * We are in a situation where we tried to report a critical + * error and this failed for some reason. As a last resort, + * in debug builds, send output to the debugger or any other + * tool like DebugView which can monitor the output. + */ + OutputDebugString(buf); +#endif +#else /* this -------------v--- guards NT-specific calls */ if (check_winnt() && OPENSSL_isservice() > 0) { HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL")); @@ -212,8 +210,8 @@ const TCHAR *pmsg = buf; if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL, - 1, 0, &pmsg, NULL)) { -# if !defined(NDEBUG) + 1, 0, &pmsg, NULL)) { +#if !defined(NDEBUG) /* * We are in a situation where we tried to report a critical * error and this failed for some reason. As a last resort, @@ -221,7 +219,7 @@ * tool like DebugView which can monitor the output. */ OutputDebugString(pmsg); -# endif +#endif } (void)DeregisterEventSource(hEventLog); @@ -229,10 +227,10 @@ } else { MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); } -# endif -# else +#endif +#else MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); -# endif +#endif } #else void OPENSSL_showfatal(const char *fmta, ...) @@ -255,16 +253,16 @@ void OPENSSL_die(const char *message, const char *file, int line) { OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n", - file, line, message); + file, line, message); #if !defined(_WIN32) abort(); #else /* * Win32 abort() customarily shows a dialog, but we just did that... */ -# if !defined(_WIN32_WCE) +#if !defined(_WIN32_WCE) raise(SIGABRT); -# endif +#endif _exit(3); #endif } @@ -275,8 +273,8 @@ * This is used by platform version identification tools. * Do not inline this procedure or make it static. */ -# define OPENSSL_VPROC_STRING_(x) x##_CRYPTO -# define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) -# define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) -void OPENSSL_VPROC_FUNC(void) {} +#define OPENSSL_VPROC_STRING_(x) x##_CRYPTO +#define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) +#define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) +void OPENSSL_VPROC_FUNC(void) { } #endif /* __TANDEM */ --- crypto/openssl/crypto/ct/ct_b64.c.orig +++ crypto/openssl/crypto/ct/ct_b64.c @@ -61,13 +61,13 @@ } SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, - ct_log_entry_type_t entry_type, uint64_t timestamp, - const char *extensions_base64, - const char *signature_base64) + ct_log_entry_type_t entry_type, uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64) { SCT *sct = SCT_new(); unsigned char *dec = NULL; - const unsigned char* p = NULL; + const unsigned char *p = NULL; int declen; if (sct == NULL) { @@ -120,7 +120,7 @@ return sct; - err: +err: OPENSSL_free(dec); SCT_free(sct); return NULL; @@ -133,8 +133,8 @@ * -1 on internal (malloc) failure */ int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64, - const char *name, OSSL_LIB_CTX *libctx, - const char *propq) + const char *name, OSSL_LIB_CTX *libctx, + const char *propq) { unsigned char *pkey_der = NULL; int pkey_der_len; @@ -170,7 +170,7 @@ } int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, - const char *name) + const char *name) { return CTLOG_new_from_base64_ex(ct_log, pkey_base64, name, NULL, NULL); } --- crypto/openssl/crypto/ct/ct_err.c.orig +++ crypto/openssl/crypto/ct/ct_err.c @@ -14,46 +14,46 @@ #ifndef OPENSSL_NO_CT -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA CT_str_reasons[] = { - {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), - "invalid log id length"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY), - "log conf invalid key"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION), - "log conf missing description"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY), - "log conf missing key"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP), - "sct future timestamp"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE), - "sct invalid signature"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION), - "sct unsupported version"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID), - "unrecognized signature nid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE), - "unsupported entry type"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"}, - {0, NULL} + { ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), + "invalid log id length" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY), + "log conf invalid key" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION), + "log conf missing description" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY), + "log conf missing key" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP), + "sct future timestamp" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE), + "sct invalid signature" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION), + "sct unsupported version" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID), + "unrecognized signature nid" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE), + "unsupported entry type" }, + { ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_CT_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(CT_str_reasons[0].error) == NULL) ERR_load_strings_const(CT_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/ct/ct_local.h.orig +++ crypto/openssl/crypto/ct/ct_local.h @@ -18,40 +18,41 @@ * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT * sct_list <1..2^16-1>; } SignedCertificateTimestampList; */ -# define MAX_SCT_SIZE 65535 -# define MAX_SCT_LIST_SIZE MAX_SCT_SIZE +#define MAX_SCT_SIZE 65535 +#define MAX_SCT_LIST_SIZE MAX_SCT_SIZE /* * Macros to read and write integers in network-byte order. */ -#define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ - (((unsigned int)((c)[1])) )),c+=2) - -#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ - c[1]=(unsigned char)(((s) )&0xff)),c+=2) - -#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ - c[1]=(unsigned char)(((l)>> 8)&0xff), \ - c[2]=(unsigned char)(((l) )&0xff)),c+=3) - -#define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ - l|=((uint64_t)(*((c)++)))<<48, \ - l|=((uint64_t)(*((c)++)))<<40, \ - l|=((uint64_t)(*((c)++)))<<32, \ - l|=((uint64_t)(*((c)++)))<<24, \ - l|=((uint64_t)(*((c)++)))<<16, \ - l|=((uint64_t)(*((c)++)))<< 8, \ - l|=((uint64_t)(*((c)++)))) - -#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define n2s(c, s) ((s = (((unsigned int)((c)[0])) << 8) | (((unsigned int)((c)[1])))), c += 2) + +#define s2n(s, c) ((c[0] = (unsigned char)(((s) >> 8) & 0xff), \ + c[1] = (unsigned char)(((s)) & 0xff)), \ + c += 2) + +#define l2n3(l, c) ((c[0] = (unsigned char)(((l) >> 16) & 0xff), \ + c[1] = (unsigned char)(((l) >> 8) & 0xff), \ + c[2] = (unsigned char)(((l)) & 0xff)), \ + c += 3) + +#define n2l8(c, l) (l = ((uint64_t)(*((c)++))) << 56, \ + l |= ((uint64_t)(*((c)++))) << 48, \ + l |= ((uint64_t)(*((c)++))) << 40, \ + l |= ((uint64_t)(*((c)++))) << 32, \ + l |= ((uint64_t)(*((c)++))) << 24, \ + l |= ((uint64_t)(*((c)++))) << 16, \ + l |= ((uint64_t)(*((c)++))) << 8, \ + l |= ((uint64_t)(*((c)++)))) + +#define l2n8(l, c) (*((c)++) = (unsigned char)(((l) >> 56) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 48) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) /* Signed Certificate Timestamp */ struct sct_st { @@ -63,10 +64,10 @@ unsigned char *log_id; size_t log_id_len; /* - * Note, we cannot distinguish between an unset timestamp, and one - * that is set to 0. However since CT didn't exist in 1970, no real - * SCT should ever be set as such. - */ + * Note, we cannot distinguish between an unset timestamp, and one + * that is set to 0. However since CT didn't exist in 1970, no real + * SCT should ever be set as such. + */ uint64_t timestamp; unsigned char *ext; size_t ext_len; @@ -191,24 +192,24 @@ __owur int SCT_signature_is_complete(const SCT *sct); /* -* Serialize (to TLS format) an |sct| signature and write it to |out|. -* If |out| is null, no signature will be output but the length will be returned. -* If |out| points to a null pointer, a string will be allocated to hold the -* TLS-format signature. It is the responsibility of the caller to free it. -* If |out| points to an allocated string, the signature will be written to it. -* The length of the signature in TLS format will be returned. -*/ + * Serialize (to TLS format) an |sct| signature and write it to |out|. + * If |out| is null, no signature will be output but the length will be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format signature. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the signature will be written to it. + * The length of the signature in TLS format will be returned. + */ __owur int i2o_SCT_signature(const SCT *sct, unsigned char **out); /* -* Parses an SCT signature in TLS format and populates the |sct| with it. -* |in| should be a pointer to a string containing the TLS-format signature. -* |in| will be advanced to the end of the signature if parsing succeeds. -* |len| should be the length of the signature in |in|. -* Returns the number of bytes parsed, or a negative integer if an error occurs. -* If an error occurs, the SCT's signature NID may be updated whilst the -* signature field itself remains unset. -*/ + * Parses an SCT signature in TLS format and populates the |sct| with it. + * |in| should be a pointer to a string containing the TLS-format signature. + * |in| will be advanced to the end of the signature if parsing succeeds. + * |len| should be the length of the signature in |in|. + * Returns the number of bytes parsed, or a negative integer if an error occurs. + * If an error occurs, the SCT's signature NID may be updated whilst the + * signature field itself remains unset. + */ __owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len); /* --- crypto/openssl/crypto/ct/ct_log.c.orig +++ crypto/openssl/crypto/ct/ct_log.c @@ -56,7 +56,7 @@ * Deletes a CT log store load context. * Does not delete any of the fields. */ -static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx); +static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx); static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void) { @@ -68,7 +68,7 @@ return ctx; } -static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx) +static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx) { OPENSSL_free(ctx); } @@ -93,7 +93,7 @@ } ret = EVP_Digest(pkey_der, pkey_der_len, log->log_id, &len, sha256, - NULL); + NULL); err: EVP_MD_free(sha256); OPENSSL_free(pkey_der); @@ -145,7 +145,7 @@ } static int ctlog_new_from_conf(CTLOG_STORE *store, CTLOG **ct_log, - const CONF *conf, const char *section) + const CONF *conf, const char *section) { const char *description = NCONF_get_string(conf, section, "description"); char *pkey_base64; @@ -162,7 +162,7 @@ } return CTLOG_new_from_base64_ex(ct_log, pkey_base64, description, - store->libctx, store->propq); + store->libctx, store->propq); } int CTLOG_STORE_load_default_file(CTLOG_STORE *store) @@ -170,7 +170,7 @@ const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP); if (fpath == NULL) - fpath = CTLOG_FILE; + fpath = CTLOG_FILE; return CTLOG_STORE_load_file(store, fpath); } @@ -182,7 +182,7 @@ * It may stop parsing and returns -1 on any internal (malloc) error. */ static int ctlog_store_load_log(const char *log_name, int log_name_len, - void *arg) + void *arg) { CTLOG_STORE_LOAD_CTX *load_ctx = arg; CTLOG *ct_log = NULL; @@ -226,7 +226,7 @@ { int ret = 0; char *enabled_logs; - CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new(); + CTLOG_STORE_LOAD_CTX *load_ctx = ctlog_store_load_ctx_new(); if (load_ctx == NULL) return 0; @@ -246,8 +246,7 @@ goto end; } - if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) || - load_ctx->invalid_log_entries > 0) { + if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) || load_ctx->invalid_log_entries > 0) { ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID); goto end; } @@ -265,7 +264,7 @@ * Copies the name. */ CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { CTLOG *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -321,7 +320,7 @@ } void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, - size_t *log_id_len) + size_t *log_id_len) { *log_id = log->log_id; *log_id_len = CT_V1_HASHLEN; @@ -337,8 +336,8 @@ * Returns NULL if no match found. */ const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, - const uint8_t *log_id, - size_t log_id_len) + const uint8_t *log_id, + size_t log_id_len) { int i; --- crypto/openssl/crypto/ct/ct_oct.c.orig +++ crypto/openssl/crypto/ct/ct_oct.c @@ -8,7 +8,7 @@ */ #ifdef OPENSSL_NO_CT -# error "CT is disabled" +#error "CT is disabled" #endif #include @@ -166,10 +166,10 @@ } /* - * (1 byte) Hash algorithm - * (1 byte) Signature algorithm - * (2 bytes + ?) Signature - */ + * (1 byte) Hash algorithm + * (1 byte) Signature algorithm + * (2 bytes + ?) Signature + */ len = 4 + sct->sig_len; if (out != NULL) { @@ -255,7 +255,7 @@ } STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - size_t len) + size_t len) { STACK_OF(SCT) *sk = NULL; size_t list_len, sct_len; @@ -312,7 +312,7 @@ *a = sk; return sk; - err: +err: if (a == NULL || *a == NULL) SCT_LIST_free(sk); return NULL; @@ -348,8 +348,8 @@ goto err; s2n(sct_len, p2); } else { - if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) - goto err; + if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) + goto err; } len2 += 2 + sct_len; } @@ -365,7 +365,7 @@ } return len2; - err: +err: if (is_pp_new) { OPENSSL_free(*pp); *pp = NULL; @@ -374,7 +374,7 @@ } STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - long len) + long len) { ASN1_OCTET_STRING *oct = NULL; STACK_OF(SCT) *sk = NULL; --- crypto/openssl/crypto/ct/ct_policy.c.orig +++ crypto/openssl/crypto/ct/ct_policy.c @@ -8,7 +8,7 @@ */ #ifdef OPENSSL_NO_CT -# error "CT is disabled" +#error "CT is disabled" #endif #include @@ -26,7 +26,7 @@ static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX)); @@ -46,8 +46,7 @@ } /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ - ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * - 1000; + ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * 1000; return ctx; } @@ -84,7 +83,7 @@ } void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, - CTLOG_STORE *log_store) + CTLOG_STORE *log_store) { ctx->log_store = log_store; } @@ -94,12 +93,12 @@ ctx->epoch_time_in_ms = time_in_ms; } -X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) +X509 *CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) { return ctx->cert; } -X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) +X509 *CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) { return ctx->issuer; } --- crypto/openssl/crypto/ct/ct_prn.c.orig +++ crypto/openssl/crypto/ct/ct_prn.c @@ -8,7 +8,7 @@ */ #ifdef OPENSSL_NO_CT -# error "CT is disabled" +#error "CT is disabled" #endif #include @@ -34,14 +34,14 @@ if (gen == NULL) return; ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, - (int)(timestamp / 86400000), - (timestamp % 86400000) / 1000); + (int)(timestamp / 86400000), + (timestamp % 86400000) / 1000); /* * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 * characters long with a final Z. Update it with fractional seconds. */ BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ", - ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000)); + ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000)); if (ASN1_GENERALIZEDTIME_set_string(gen, genstr)) ASN1_GENERALIZEDTIME_print(out, gen); ASN1_GENERALIZEDTIME_free(gen); @@ -68,13 +68,13 @@ } void SCT_print(const SCT *sct, BIO *out, int indent, - const CTLOG_STORE *log_store) + const CTLOG_STORE *log_store) { const CTLOG *log = NULL; if (log_store != NULL) { log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id, - sct->log_id_len); + sct->log_id_len); } BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, ""); @@ -90,7 +90,7 @@ if (log != NULL) { BIO_printf(out, "\n%*sLog : %s", indent + 4, "", - CTLOG_get0_name(log)); + CTLOG_get0_name(log)); } BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); @@ -112,7 +112,7 @@ } void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, - const char *separator, const CTLOG_STORE *log_store) + const char *separator, const CTLOG_STORE *log_store) { int sct_count = sk_SCT_num(sct_list); int i; --- crypto/openssl/crypto/ct/ct_sct.c.orig +++ crypto/openssl/crypto/ct/ct_sct.c @@ -8,7 +8,7 @@ */ #ifdef OPENSSL_NO_CT -# error "CT disabled" +#error "CT disabled" #endif #include @@ -114,7 +114,6 @@ return 1; } - void SCT_set_timestamp(SCT *sct, uint64_t timestamp) { sct->timestamp = timestamp; @@ -256,8 +255,7 @@ int SCT_signature_is_complete(const SCT *sct) { - return SCT_get_signature_nid(sct) != NID_undef && - sct->sig != NULL && sct->sig_len > 0; + return SCT_get_signature_nid(sct) != NID_undef && sct->sig != NULL && sct->sig_len > 0; } sct_source_t SCT_get_source(const SCT *sct) @@ -304,7 +302,7 @@ } log = CTLOG_STORE_get0_log_by_id(ctx->log_store, - sct->log_id, sct->log_id_len); + sct->log_id, sct->log_id_len); /* Similarly, an SCT from an unknown log also cannot be validated. */ if (log == NULL) { @@ -360,8 +358,7 @@ if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1) sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; else - sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? - SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID; + sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID; end: is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID; --- crypto/openssl/crypto/ct/ct_sct_ctx.c.orig +++ crypto/openssl/crypto/ct/ct_sct_ctx.c @@ -8,7 +8,7 @@ */ #ifdef OPENSSL_NO_CT -# error "CT is disabled" +#error "CT is disabled" #endif #include @@ -84,9 +84,9 @@ return 1; preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, - &pre_akid_ext_is_dup); + &pre_akid_ext_is_dup); certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, - &cert_akid_ext_is_dup); + &cert_akid_ext_is_dup); /* An error occurred whilst searching for the extension */ if (preidx < -1 || certidx < -1) @@ -112,8 +112,7 @@ if (preext == NULL || certext == NULL) return 0; preextdata = X509_EXTENSION_get_data(preext); - if (preextdata == NULL || - !X509_EXTENSION_set_data(certext, preextdata)) + if (preextdata == NULL || !X509_EXTENSION_set_data(certext, preextdata)) return 0; } return 1; @@ -202,7 +201,7 @@ } __owur static int ct_public_key_hash(SCT_CTX *sctx, X509_PUBKEY *pkey, - unsigned char **hash, size_t *hash_len) + unsigned char **hash, size_t *hash_len) { int ret = 0; unsigned char *md = NULL, *der = NULL; @@ -238,7 +237,7 @@ md = NULL; ret = 1; - err: +err: EVP_MD_free(sha256); OPENSSL_free(md); OPENSSL_free(der); --- crypto/openssl/crypto/ct/ct_vfy.c.orig +++ crypto/openssl/crypto/ct/ct_vfy.c @@ -98,9 +98,7 @@ EVP_MD_CTX *ctx = NULL; int ret = 0; - if (!SCT_is_complete(sct) || sctx->pkey == NULL || - sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || - (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) { + if (!SCT_is_complete(sct) || sctx->pkey == NULL || sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) { ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET); return 0; } @@ -108,8 +106,7 @@ ERR_raise(ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION); return 0; } - if (sct->log_id_len != sctx->pkeyhashlen || - memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { + if (sct->log_id_len != sctx->pkeyhashlen || memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { ERR_raise(ERR_LIB_CT, CT_R_SCT_LOG_ID_MISMATCH); return 0; } @@ -123,7 +120,7 @@ goto end; if (!EVP_DigestVerifyInit_ex(ctx, NULL, "SHA2-256", sctx->libctx, - sctx->propq, sctx->pkey, NULL)) + sctx->propq, sctx->pkey, NULL)) goto end; if (!sct_ctx_update(ctx, sctx, sct)) --- crypto/openssl/crypto/ct/ct_x509v3.c.orig +++ crypto/openssl/crypto/ct/ct_x509v3.c @@ -8,7 +8,7 @@ */ #ifdef OPENSSL_NO_CT -# error "CT is disabled" +#error "CT is disabled" #endif #include "ct_local.h" @@ -20,11 +20,11 @@ static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) { - return ASN1_NULL_new(); + return ASN1_NULL_new(); } static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, - BIO *out, int indent) + BIO *out, int indent) { SCT_LIST_print(sct_list, out, indent, "\n", NULL); return 1; @@ -47,22 +47,22 @@ } static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, - const unsigned char **pp, - long len) + const unsigned char **pp, + long len) { - STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); + STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); - if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) { - SCT_LIST_free(s); - *a = NULL; - return NULL; - } - return s; + if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) { + SCT_LIST_free(s); + *a = NULL; + return NULL; + } + return s; } static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, - const unsigned char **pp, - long len) + const unsigned char **pp, + long len) { STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); @@ -78,27 +78,27 @@ const X509V3_EXT_METHOD ossl_v3_ct_scts[3] = { /* X509v3 extension in certificates that contains SCTs */ { NID_ct_precert_scts, 0, NULL, - NULL, (X509V3_EXT_FREE)SCT_LIST_free, - (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, - NULL, NULL, - NULL, NULL, - (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, - NULL }, + NULL, (X509V3_EXT_FREE)SCT_LIST_free, + (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, + NULL, NULL, + NULL, NULL, + (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, + NULL }, /* X509v3 extension to mark a certificate as a pre-certificate */ { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL), - NULL, NULL, NULL, NULL, - i2s_poison, s2i_poison, - NULL, NULL, - NULL, NULL, - NULL }, + NULL, NULL, NULL, NULL, + i2s_poison, s2i_poison, + NULL, NULL, + NULL, NULL, + NULL }, /* OCSP extension that contains SCTs */ { NID_ct_cert_scts, 0, NULL, - 0, (X509V3_EXT_FREE)SCT_LIST_free, - (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, - NULL, NULL, - NULL, NULL, - (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, - NULL }, + 0, (X509V3_EXT_FREE)SCT_LIST_free, + (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, + NULL, NULL, + NULL, NULL, + (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, + NULL }, }; --- crypto/openssl/crypto/ctype.c.orig +++ crypto/openssl/crypto/ctype.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,208 +19,208 @@ * Characters outside of the seven bit ASCII range are detected before indexing. */ static const unsigned short ctype_char_map[128] = { - /* 00 nul */ CTYPE_MASK_cntrl, - /* 01 soh */ CTYPE_MASK_cntrl, - /* 02 stx */ CTYPE_MASK_cntrl, - /* 03 etx */ CTYPE_MASK_cntrl, - /* 04 eot */ CTYPE_MASK_cntrl, - /* 05 enq */ CTYPE_MASK_cntrl, - /* 06 ack */ CTYPE_MASK_cntrl, - /* 07 \a */ CTYPE_MASK_cntrl, - /* 08 \b */ CTYPE_MASK_cntrl, - /* 09 \t */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0A \n */ CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0B \v */ CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0C \f */ CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0D \r */ CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0E so */ CTYPE_MASK_cntrl, - /* 0F si */ CTYPE_MASK_cntrl, - /* 10 dle */ CTYPE_MASK_cntrl, - /* 11 dc1 */ CTYPE_MASK_cntrl, - /* 12 dc2 */ CTYPE_MASK_cntrl, - /* 13 dc3 */ CTYPE_MASK_cntrl, - /* 14 dc4 */ CTYPE_MASK_cntrl, - /* 15 nak */ CTYPE_MASK_cntrl, - /* 16 syn */ CTYPE_MASK_cntrl, - /* 17 etb */ CTYPE_MASK_cntrl, - /* 18 can */ CTYPE_MASK_cntrl, - /* 19 em */ CTYPE_MASK_cntrl, - /* 1A sub */ CTYPE_MASK_cntrl, - /* 1B esc */ CTYPE_MASK_cntrl, - /* 1C fs */ CTYPE_MASK_cntrl, - /* 1D gs */ CTYPE_MASK_cntrl, - /* 1E rs */ CTYPE_MASK_cntrl, - /* 1F us */ CTYPE_MASK_cntrl, - /* 20 */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space - | CTYPE_MASK_asn1print, - /* 21 ! */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 22 " */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 23 # */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 24 $ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 25 % */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 26 & */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 27 ' */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 28 ( */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 29 ) */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 2A * */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 2B + */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 2C , */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 2D - */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 2E . */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 2F / */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 30 0 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 31 1 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 32 2 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 33 3 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 34 4 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 35 5 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 36 6 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 37 7 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 38 8 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 39 9 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 3A : */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 3B ; */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 3C < */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 3D = */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 3E > */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 3F ? */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 40 @ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 41 A */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 42 B */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 43 C */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 44 D */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 45 E */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 46 F */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 47 G */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 48 H */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 49 I */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4A J */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4B K */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4C L */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4D M */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4E N */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4F O */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 50 P */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 51 Q */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 52 R */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 53 S */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 54 T */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 55 U */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 56 V */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 57 W */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 58 X */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 59 Y */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 5A Z */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 5B [ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 5C \ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 5D ] */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 5E ^ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 5F _ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 60 ` */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 61 a */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 62 b */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 63 c */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 64 d */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 65 e */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 66 f */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 67 g */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 68 h */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 69 i */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6A j */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6B k */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6C l */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6D m */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6E n */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6F o */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 70 p */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 71 q */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 72 r */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 73 s */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 74 t */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 75 u */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 76 v */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 77 w */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 78 x */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 79 y */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 7A z */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 7B { */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 7C | */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 7D } */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 7E ~ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 7F del */ CTYPE_MASK_cntrl + /* 00 nul */ CTYPE_MASK_cntrl, + /* 01 soh */ CTYPE_MASK_cntrl, + /* 02 stx */ CTYPE_MASK_cntrl, + /* 03 etx */ CTYPE_MASK_cntrl, + /* 04 eot */ CTYPE_MASK_cntrl, + /* 05 enq */ CTYPE_MASK_cntrl, + /* 06 ack */ CTYPE_MASK_cntrl, + /* 07 \a */ CTYPE_MASK_cntrl, + /* 08 \b */ CTYPE_MASK_cntrl, + /* 09 \t */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0A \n */ CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0B \v */ CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0C \f */ CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0D \r */ CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0E so */ CTYPE_MASK_cntrl, + /* 0F si */ CTYPE_MASK_cntrl, + /* 10 dle */ CTYPE_MASK_cntrl, + /* 11 dc1 */ CTYPE_MASK_cntrl, + /* 12 dc2 */ CTYPE_MASK_cntrl, + /* 13 dc3 */ CTYPE_MASK_cntrl, + /* 14 dc4 */ CTYPE_MASK_cntrl, + /* 15 nak */ CTYPE_MASK_cntrl, + /* 16 syn */ CTYPE_MASK_cntrl, + /* 17 etb */ CTYPE_MASK_cntrl, + /* 18 can */ CTYPE_MASK_cntrl, + /* 19 em */ CTYPE_MASK_cntrl, + /* 1A sub */ CTYPE_MASK_cntrl, + /* 1B esc */ CTYPE_MASK_cntrl, + /* 1C fs */ CTYPE_MASK_cntrl, + /* 1D gs */ CTYPE_MASK_cntrl, + /* 1E rs */ CTYPE_MASK_cntrl, + /* 1F us */ CTYPE_MASK_cntrl, + /* 20 */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space + | CTYPE_MASK_asn1print, + /* 21 ! */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 22 " */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 23 # */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 24 $ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 25 % */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 26 & */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 27 ' */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 28 ( */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 29 ) */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 2A * */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 2B + */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 2C , */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 2D - */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 2E . */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 2F / */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 30 0 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 31 1 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 32 2 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 33 3 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 34 4 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 35 5 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 36 6 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 37 7 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 38 8 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 39 9 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 3A : */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 3B ; */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 3C < */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 3D = */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 3E > */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 3F ? */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 40 @ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 41 A */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 42 B */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 43 C */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 44 D */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 45 E */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 46 F */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 47 G */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 48 H */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 49 I */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4A J */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4B K */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4C L */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4D M */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4E N */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4F O */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 50 P */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 51 Q */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 52 R */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 53 S */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 54 T */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 55 U */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 56 V */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 57 W */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 58 X */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 59 Y */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 5A Z */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 5B [ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 5C \ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 5D ] */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 5E ^ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 5F _ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 60 ` */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 61 a */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 62 b */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 63 c */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 64 d */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 65 e */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 66 f */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 67 g */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 68 h */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 69 i */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6A j */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6B k */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6C l */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6D m */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6E n */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6F o */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 70 p */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 71 q */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 72 r */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 73 s */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 74 t */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 75 u */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 76 v */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 77 w */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 78 x */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 79 y */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 7A z */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 7B { */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 7C | */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 7D } */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 7E ~ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 7F del */ CTYPE_MASK_cntrl }; #ifdef CHARSET_EBCDIC @@ -258,13 +258,13 @@ } /* - * Implement some of the simplier functions directly to avoid the overhead of + * Implement some of the simpler functions directly to avoid the overhead of * accessing memory via ctype_char_map[]. */ -#define ASCII_IS_DIGIT(c) (c >= 0x30 && c <= 0x39) -#define ASCII_IS_UPPER(c) (c >= 0x41 && c <= 0x5A) -#define ASCII_IS_LOWER(c) (c >= 0x61 && c <= 0x7A) +#define ASCII_IS_DIGIT(c) (c >= 0x30 && c <= 0x39) +#define ASCII_IS_UPPER(c) (c >= 0x41 && c <= 0x5A) +#define ASCII_IS_LOWER(c) (c >= 0x61 && c <= 0x7A) int ossl_isdigit(int c) { --- crypto/openssl/crypto/der_writer.c.orig +++ crypto/openssl/crypto/der_writer.c @@ -49,8 +49,8 @@ } int ossl_DER_w_precompiled(WPACKET *pkt, int tag, - const unsigned char *precompiled, - size_t precompiled_n) + const unsigned char *precompiled, + size_t precompiled_n) { return int_start_context(pkt, tag) && WPACKET_memcpy(pkt, precompiled, precompiled_n) @@ -68,7 +68,7 @@ } int ossl_DER_w_octet_string(WPACKET *pkt, int tag, - const unsigned char *data, size_t data_n) + const unsigned char *data, size_t data_n) { return int_start_context(pkt, tag) && WPACKET_start_sub_packet(pkt) @@ -91,9 +91,9 @@ } static int int_der_w_integer(WPACKET *pkt, int tag, - int (*put_bytes)(WPACKET *pkt, const void *v, - unsigned int *top_byte), - const void *v) + int (*put_bytes)(WPACKET *pkt, const void *v, + unsigned int *top_byte), + const void *v) { unsigned int top_byte = 0; @@ -107,7 +107,7 @@ } static int int_put_bytes_uint32(WPACKET *pkt, const void *v, - unsigned int *top_byte) + unsigned int *top_byte) { const uint32_t *value = v; uint32_t tmp = *value; @@ -131,14 +131,13 @@ } static int int_put_bytes_bn(WPACKET *pkt, const void *v, - unsigned int *top_byte) + unsigned int *top_byte) { unsigned char *p = NULL; size_t n = BN_num_bytes(v); /* The BIGNUM limbs are in LE order */ - *top_byte = - ((bn_get_words(v) [(n - 1) / BN_BYTES]) >> (8 * ((n - 1) % BN_BYTES))) + *top_byte = ((bn_get_words(v)[(n - 1) / BN_BYTES]) >> (8 * ((n - 1) % BN_BYTES))) & 0xFF; if (!WPACKET_allocate_bytes(pkt, n, &p)) @@ -193,7 +192,7 @@ && WPACKET_close(pkt) && WPACKET_get_total_written(pkt, &size2) && (size1 == size2 - ? WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) - : WPACKET_put_bytes_u8(pkt, DER_F_CONSTRUCTED | DER_P_SEQUENCE)) + ? WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) + : WPACKET_put_bytes_u8(pkt, DER_F_CONSTRUCTED | DER_P_SEQUENCE)) && int_end_context(pkt, tag); } --- crypto/openssl/crypto/des/cbc_cksm.c.orig +++ crypto/openssl/crypto/des/cbc_cksm.c @@ -16,8 +16,8 @@ #include "des_local.h" DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, - long length, DES_key_schedule *schedule, - const_DES_cblock *ivec) + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec) { register DES_LONG tout0, tout1, tin0, tin1; register long l = length; --- crypto/openssl/crypto/des/cbc_enc.c.orig +++ crypto/openssl/crypto/des/cbc_enc.c @@ -15,4 +15,6 @@ #define CBC_ENC_C__DONT_UPDATE_IV +/* clang-format off */ #include "ncbc_enc.c" /* des_cbc_encrypt */ +/* clang-format on */ --- crypto/openssl/crypto/des/cfb64ede.c.orig +++ crypto/openssl/crypto/des/cfb64ede.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,13 +22,13 @@ */ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int *num, int enc) + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc) { register DES_LONG v0, v1; register long l = length; - register int n = *num; + register int n = *num & 0x07; DES_LONG ti[2]; unsigned char *iv, c, cc; @@ -89,9 +89,9 @@ */ void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, - int numbits, long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int enc) + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc) { register DES_LONG d0, d1, v0, v1; register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8; --- crypto/openssl/crypto/des/cfb64enc.c.orig +++ crypto/openssl/crypto/des/cfb64enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,12 +22,12 @@ */ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int *num, int enc) + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc) { register DES_LONG v0, v1; register long l = length; - register int n = *num; + register int n = *num & 0x07; DES_LONG ti[2]; unsigned char *iv, c, cc; --- crypto/openssl/crypto/des/cfb_enc.c.orig +++ crypto/openssl/crypto/des/cfb_enc.c @@ -28,13 +28,12 @@ * will not be compatible with any encryption prior to that date. Ben. */ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int enc) + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc) { register DES_LONG d0, d1, v0, v1; register unsigned long l = length; - register int num = numbits / 8, n = (numbits + 7) / 8, i, rem = - numbits % 8; + register int num = numbits / 8, n = (numbits + 7) / 8, i, rem = numbits % 8; DES_LONG ti[2]; unsigned char *iv; #ifndef L_ENDIAN @@ -90,8 +89,7 @@ memmove(ovec, ovec + num, 8); else for (i = 0; i < 8; ++i) - ovec[i] = ovec[i + num] << rem | - ovec[i + num + 1] >> (8 - rem); + ovec[i] = ovec[i + num] << rem | ovec[i + num + 1] >> (8 - rem); #ifdef L_ENDIAN v0 = sh[0], v1 = sh[1]; #else @@ -133,8 +131,7 @@ memmove(ovec, ovec + num, 8); else for (i = 0; i < 8; ++i) - ovec[i] = ovec[i + num] << rem | - ovec[i + num + 1] >> (8 - rem); + ovec[i] = ovec[i + num] << rem | ovec[i + num + 1] >> (8 - rem); #ifdef L_ENDIAN v0 = sh[0], v1 = sh[1]; #else --- crypto/openssl/crypto/des/des_enc.c.orig +++ crypto/openssl/crypto/des/des_enc.c @@ -43,39 +43,39 @@ * loop */ if (enc) { - D_ENCRYPT(l, r, 0); /* 1 */ - D_ENCRYPT(r, l, 2); /* 2 */ - D_ENCRYPT(l, r, 4); /* 3 */ - D_ENCRYPT(r, l, 6); /* 4 */ - D_ENCRYPT(l, r, 8); /* 5 */ - D_ENCRYPT(r, l, 10); /* 6 */ - D_ENCRYPT(l, r, 12); /* 7 */ - D_ENCRYPT(r, l, 14); /* 8 */ - D_ENCRYPT(l, r, 16); /* 9 */ - D_ENCRYPT(r, l, 18); /* 10 */ - D_ENCRYPT(l, r, 20); /* 11 */ - D_ENCRYPT(r, l, 22); /* 12 */ - D_ENCRYPT(l, r, 24); /* 13 */ - D_ENCRYPT(r, l, 26); /* 14 */ - D_ENCRYPT(l, r, 28); /* 15 */ - D_ENCRYPT(r, l, 30); /* 16 */ + D_ENCRYPT(l, r, 0); /* 1 */ + D_ENCRYPT(r, l, 2); /* 2 */ + D_ENCRYPT(l, r, 4); /* 3 */ + D_ENCRYPT(r, l, 6); /* 4 */ + D_ENCRYPT(l, r, 8); /* 5 */ + D_ENCRYPT(r, l, 10); /* 6 */ + D_ENCRYPT(l, r, 12); /* 7 */ + D_ENCRYPT(r, l, 14); /* 8 */ + D_ENCRYPT(l, r, 16); /* 9 */ + D_ENCRYPT(r, l, 18); /* 10 */ + D_ENCRYPT(l, r, 20); /* 11 */ + D_ENCRYPT(r, l, 22); /* 12 */ + D_ENCRYPT(l, r, 24); /* 13 */ + D_ENCRYPT(r, l, 26); /* 14 */ + D_ENCRYPT(l, r, 28); /* 15 */ + D_ENCRYPT(r, l, 30); /* 16 */ } else { - D_ENCRYPT(l, r, 30); /* 16 */ - D_ENCRYPT(r, l, 28); /* 15 */ - D_ENCRYPT(l, r, 26); /* 14 */ - D_ENCRYPT(r, l, 24); /* 13 */ - D_ENCRYPT(l, r, 22); /* 12 */ - D_ENCRYPT(r, l, 20); /* 11 */ - D_ENCRYPT(l, r, 18); /* 10 */ - D_ENCRYPT(r, l, 16); /* 9 */ - D_ENCRYPT(l, r, 14); /* 8 */ - D_ENCRYPT(r, l, 12); /* 7 */ - D_ENCRYPT(l, r, 10); /* 6 */ - D_ENCRYPT(r, l, 8); /* 5 */ - D_ENCRYPT(l, r, 6); /* 4 */ - D_ENCRYPT(r, l, 4); /* 3 */ - D_ENCRYPT(l, r, 2); /* 2 */ - D_ENCRYPT(r, l, 0); /* 1 */ + D_ENCRYPT(l, r, 30); /* 16 */ + D_ENCRYPT(r, l, 28); /* 15 */ + D_ENCRYPT(l, r, 26); /* 14 */ + D_ENCRYPT(r, l, 24); /* 13 */ + D_ENCRYPT(l, r, 22); /* 12 */ + D_ENCRYPT(r, l, 20); /* 11 */ + D_ENCRYPT(l, r, 18); /* 10 */ + D_ENCRYPT(r, l, 16); /* 9 */ + D_ENCRYPT(l, r, 14); /* 8 */ + D_ENCRYPT(r, l, 12); /* 7 */ + D_ENCRYPT(l, r, 10); /* 6 */ + D_ENCRYPT(r, l, 8); /* 5 */ + D_ENCRYPT(l, r, 6); /* 4 */ + D_ENCRYPT(r, l, 4); /* 3 */ + D_ENCRYPT(l, r, 2); /* 2 */ + D_ENCRYPT(r, l, 0); /* 1 */ } /* rotate and clear the top bits on machines with 8byte longs */ @@ -112,39 +112,39 @@ * loop */ if (enc) { - D_ENCRYPT(l, r, 0); /* 1 */ - D_ENCRYPT(r, l, 2); /* 2 */ - D_ENCRYPT(l, r, 4); /* 3 */ - D_ENCRYPT(r, l, 6); /* 4 */ - D_ENCRYPT(l, r, 8); /* 5 */ - D_ENCRYPT(r, l, 10); /* 6 */ - D_ENCRYPT(l, r, 12); /* 7 */ - D_ENCRYPT(r, l, 14); /* 8 */ - D_ENCRYPT(l, r, 16); /* 9 */ - D_ENCRYPT(r, l, 18); /* 10 */ - D_ENCRYPT(l, r, 20); /* 11 */ - D_ENCRYPT(r, l, 22); /* 12 */ - D_ENCRYPT(l, r, 24); /* 13 */ - D_ENCRYPT(r, l, 26); /* 14 */ - D_ENCRYPT(l, r, 28); /* 15 */ - D_ENCRYPT(r, l, 30); /* 16 */ + D_ENCRYPT(l, r, 0); /* 1 */ + D_ENCRYPT(r, l, 2); /* 2 */ + D_ENCRYPT(l, r, 4); /* 3 */ + D_ENCRYPT(r, l, 6); /* 4 */ + D_ENCRYPT(l, r, 8); /* 5 */ + D_ENCRYPT(r, l, 10); /* 6 */ + D_ENCRYPT(l, r, 12); /* 7 */ + D_ENCRYPT(r, l, 14); /* 8 */ + D_ENCRYPT(l, r, 16); /* 9 */ + D_ENCRYPT(r, l, 18); /* 10 */ + D_ENCRYPT(l, r, 20); /* 11 */ + D_ENCRYPT(r, l, 22); /* 12 */ + D_ENCRYPT(l, r, 24); /* 13 */ + D_ENCRYPT(r, l, 26); /* 14 */ + D_ENCRYPT(l, r, 28); /* 15 */ + D_ENCRYPT(r, l, 30); /* 16 */ } else { - D_ENCRYPT(l, r, 30); /* 16 */ - D_ENCRYPT(r, l, 28); /* 15 */ - D_ENCRYPT(l, r, 26); /* 14 */ - D_ENCRYPT(r, l, 24); /* 13 */ - D_ENCRYPT(l, r, 22); /* 12 */ - D_ENCRYPT(r, l, 20); /* 11 */ - D_ENCRYPT(l, r, 18); /* 10 */ - D_ENCRYPT(r, l, 16); /* 9 */ - D_ENCRYPT(l, r, 14); /* 8 */ - D_ENCRYPT(r, l, 12); /* 7 */ - D_ENCRYPT(l, r, 10); /* 6 */ - D_ENCRYPT(r, l, 8); /* 5 */ - D_ENCRYPT(l, r, 6); /* 4 */ - D_ENCRYPT(r, l, 4); /* 3 */ - D_ENCRYPT(l, r, 2); /* 2 */ - D_ENCRYPT(r, l, 0); /* 1 */ + D_ENCRYPT(l, r, 30); /* 16 */ + D_ENCRYPT(r, l, 28); /* 15 */ + D_ENCRYPT(l, r, 26); /* 14 */ + D_ENCRYPT(r, l, 24); /* 13 */ + D_ENCRYPT(l, r, 22); /* 12 */ + D_ENCRYPT(r, l, 20); /* 11 */ + D_ENCRYPT(l, r, 18); /* 10 */ + D_ENCRYPT(r, l, 16); /* 9 */ + D_ENCRYPT(l, r, 14); /* 8 */ + D_ENCRYPT(r, l, 12); /* 7 */ + D_ENCRYPT(l, r, 10); /* 6 */ + D_ENCRYPT(r, l, 8); /* 5 */ + D_ENCRYPT(l, r, 6); /* 4 */ + D_ENCRYPT(r, l, 4); /* 3 */ + D_ENCRYPT(l, r, 2); /* 2 */ + D_ENCRYPT(r, l, 0); /* 1 */ } /* rotate and clear the top bits on machines with 8byte longs */ data[0] = ROTATE(l, 3) & 0xffffffffL; @@ -153,7 +153,7 @@ } void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3) + DES_key_schedule *ks2, DES_key_schedule *ks3) { register DES_LONG l, r; @@ -173,7 +173,7 @@ } void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3) + DES_key_schedule *ks2, DES_key_schedule *ks3) { register DES_LONG l, r; @@ -194,13 +194,15 @@ #ifndef DES_DEFAULT_OPTIONS -# undef CBC_ENC_C__DONT_UPDATE_IV +#undef CBC_ENC_C__DONT_UPDATE_IV +/* clang-format off */ # include "ncbc_enc.c" /* DES_ncbc_encrypt */ +/* clang-format on */ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int enc) + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc) { register DES_LONG tin0, tin1; register DES_LONG tout0, tout1, xor0, xor1; @@ -302,4 +304,4 @@ tin[0] = tin[1] = 0; } -#endif /* DES_DEFAULT_OPTIONS */ +#endif /* DES_DEFAULT_OPTIONS */ --- crypto/openssl/crypto/des/des_local.h.orig +++ crypto/openssl/crypto/des/des_local.h @@ -8,134 +8,161 @@ */ #ifndef OSSL_CRYPTO_DES_LOCAL_H -# define OSSL_CRYPTO_DES_LOCAL_H +#define OSSL_CRYPTO_DES_LOCAL_H -# include +#include -# include -# include -# include +#include +#include +#include -# include +#include -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +#undef OPENSSL_EXTERN +#define OPENSSL_EXTERN OPENSSL_EXPORT +#endif -# define ITERATIONS 16 -# define HALF_ITERATIONS 8 +#define ITERATIONS 16 +#define HALF_ITERATIONS 8 -# define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<<24L) +#define c2l(c, l) (l = ((DES_LONG)(*((c)++))), \ + l |= ((DES_LONG)(*((c)++))) << 8L, \ + l |= ((DES_LONG)(*((c)++))) << 16L, \ + l |= ((DES_LONG)(*((c)++))) << 24L) /* NOTE - c is not incremented as per c2l */ -# define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((DES_LONG)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((DES_LONG)(*(--(c)))); \ - } \ - } - -# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +#define c2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((DES_LONG)(*(--(c)))) << 24L; \ + /* fall thru */ \ + case 7: \ + l2 |= ((DES_LONG)(*(--(c)))) << 16L; \ + /* fall thru */ \ + case 6: \ + l2 |= ((DES_LONG)(*(--(c)))) << 8L; \ + /* fall thru */ \ + case 5: \ + l2 |= ((DES_LONG)(*(--(c)))); \ + /* fall thru */ \ + case 4: \ + l1 = ((DES_LONG)(*(--(c)))) << 24L; \ + /* fall thru */ \ + case 3: \ + l1 |= ((DES_LONG)(*(--(c)))) << 16L; \ + /* fall thru */ \ + case 2: \ + l1 |= ((DES_LONG)(*(--(c)))) << 8L; \ + /* fall thru */ \ + case 1: \ + l1 |= ((DES_LONG)(*(--(c)))); \ + } \ + } + +#define l2c(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24L) & 0xff)) /* * replacements for htonl and ntohl since I have no idea what to do when * faced with machines with 8 byte longs. */ -# define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))) +#define n2l(c, l) (l = ((DES_LONG)(*((c)++))) << 24L, \ + l |= ((DES_LONG)(*((c)++))) << 16L, \ + l |= ((DES_LONG)(*((c)++))) << 8L, \ + l |= ((DES_LONG)(*((c)++)))) -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) /* NOTE - c is not incremented as per l2c */ -# define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -# if defined(_MSC_VER) -# define ROTATE(a,n) (_lrotr(a,n)) -# elif defined(__ICC) -# define ROTATE(a,n) (_rotr(a,n)) -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ("rorl %1,%0" \ - : "=r"(ret) \ - : "I"(n),"0"(a) \ - : "cc"); \ - ret; \ - }) -# endif -# endif -# ifndef ROTATE -# define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) -# endif +#define l2cn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2) >> 24L) & 0xff); \ + /* fall thru */ \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 16L) & 0xff); \ + /* fall thru */ \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 8L) & 0xff); \ + /* fall thru */ \ + case 5: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + /* fall thru */ \ + case 4: \ + *(--(c)) = (unsigned char)(((l1) >> 24L) & 0xff); \ + /* fall thru */ \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 16L) & 0xff); \ + /* fall thru */ \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 8L) & 0xff); \ + /* fall thru */ \ + case 1: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + } \ + } + +#if defined(_MSC_VER) +#define ROTATE(a, n) (_lrotr(a, n)) +#elif defined(__ICC) +#define ROTATE(a, n) (_rotr(a, n)) +#elif defined(__GNUC__) && __GNUC__ >= 2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +#define ROTATE(a, n) ({ \ + register unsigned int ret; \ + asm("rorl %1,%0" \ + : "=r"(ret) \ + : "I"(n), "0"(a) \ + : "cc"); \ + ret; \ +}) +#endif +#endif +#ifndef ROTATE +#define ROTATE(a, n) (((a) >> (n)) + ((a) << (32 - (n)))) +#endif /* * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add * it's little bit to the front */ -# ifdef DES_FCRYPT - -# define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ - { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } - -# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ - t=R^(R>>16L); \ - u=t&E0; t&=E1; \ - tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ - tmp=(t<<16); t^=R^s[S+1]; t^=tmp -# else -# define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) -# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ - u=R^s[S ]; \ - t=R^s[S+1] -# endif +#ifdef DES_FCRYPT + +#define LOAD_DATA_tmp(R, S, u, t, E0, E1) \ + { \ + DES_LONG tmp; \ + LOAD_DATA(R, S, u, t, E0, E1, tmp); \ + } + +#define LOAD_DATA(R, S, u, t, E0, E1, tmp) \ + t = R ^ (R >> 16L); \ + u = t & E0; \ + t &= E1; \ + tmp = (u << 16); \ + u ^= R ^ s[S]; \ + u ^= tmp; \ + tmp = (t << 16); \ + t ^= R ^ s[S + 1]; \ + t ^= tmp +#else +#define LOAD_DATA_tmp(a, b, c, d, e, f) LOAD_DATA(a, b, c, d, e, f, g) +#define LOAD_DATA(R, S, u, t, E0, E1, tmp) \ + u = R ^ s[S]; \ + t = R ^ s[S + 1] +#endif /* * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason @@ -143,84 +170,78 @@ * since things can be xored directly into L */ -# define D_ENCRYPT(LL,R,S) { \ - LOAD_DATA_tmp(R,S,u,t,E0,E1); \ - t=ROTATE(t,4); \ - LL^= \ - DES_SPtrans[0][(u>> 2L)&0x3f]^ \ - DES_SPtrans[2][(u>>10L)&0x3f]^ \ - DES_SPtrans[4][(u>>18L)&0x3f]^ \ - DES_SPtrans[6][(u>>26L)&0x3f]^ \ - DES_SPtrans[1][(t>> 2L)&0x3f]^ \ - DES_SPtrans[3][(t>>10L)&0x3f]^ \ - DES_SPtrans[5][(t>>18L)&0x3f]^ \ - DES_SPtrans[7][(t>>26L)&0x3f]; } - - /*- - * IP and FP - * The problem is more of a geometric problem that random bit fiddling. - 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 - 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 - 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 - 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 - - 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 - 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 - 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 - 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 - - The output has been subject to swaps of the form - 0 1 -> 3 1 but the odd and even bits have been put into - 2 3 2 0 - different words. The main trick is to remember that - t=((l>>size)^r)&(mask); - r^=t; - l^=(t<>(n))^(b))&(m)),\ - (b)^=(t),\ - (a)^=((t)<<(n))) - -# define IP(l,r) \ - { \ - register DES_LONG tt; \ - PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ - PERM_OP(l,r,tt,16,0x0000ffffL); \ - PERM_OP(r,l,tt, 2,0x33333333L); \ - PERM_OP(l,r,tt, 8,0x00ff00ffL); \ - PERM_OP(r,l,tt, 1,0x55555555L); \ - } - -# define FP(l,r) \ - { \ - register DES_LONG tt; \ - PERM_OP(l,r,tt, 1,0x55555555L); \ - PERM_OP(r,l,tt, 8,0x00ff00ffL); \ - PERM_OP(l,r,tt, 2,0x33333333L); \ - PERM_OP(r,l,tt,16,0x0000ffffL); \ - PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ - } +#define D_ENCRYPT(LL, R, S) \ + { \ + LOAD_DATA_tmp(R, S, u, t, E0, E1); \ + t = ROTATE(t, 4); \ + LL ^= DES_SPtrans[0][(u >> 2L) & 0x3f] ^ DES_SPtrans[2][(u >> 10L) & 0x3f] ^ DES_SPtrans[4][(u >> 18L) & 0x3f] ^ DES_SPtrans[6][(u >> 26L) & 0x3f] ^ DES_SPtrans[1][(t >> 2L) & 0x3f] ^ DES_SPtrans[3][(t >> 10L) & 0x3f] ^ DES_SPtrans[5][(t >> 18L) & 0x3f] ^ DES_SPtrans[7][(t >> 26L) & 0x3f]; \ + } + +/*- + * IP and FP + * The problem is more of a geometric problem that random bit fiddling. + 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 + 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 +16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 +24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 + +32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 +40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 +48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 +56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 + +The output has been subject to swaps of the form +0 1 -> 3 1 but the odd and even bits have been put into +2 3 2 0 +different words. The main trick is to remember that +t=((l>>size)^r)&(mask); +r^=t; +l^=(t<> (n)) ^ (b)) & (m)), \ + (b) ^= (t), \ + (a) ^= ((t) << (n))) + +#define IP(l, r) \ + { \ + register DES_LONG tt; \ + PERM_OP(r, l, tt, 4, 0x0f0f0f0fL); \ + PERM_OP(l, r, tt, 16, 0x0000ffffL); \ + PERM_OP(r, l, tt, 2, 0x33333333L); \ + PERM_OP(l, r, tt, 8, 0x00ff00ffL); \ + PERM_OP(r, l, tt, 1, 0x55555555L); \ + } + +#define FP(l, r) \ + { \ + register DES_LONG tt; \ + PERM_OP(l, r, tt, 1, 0x55555555L); \ + PERM_OP(r, l, tt, 8, 0x00ff00ffL); \ + PERM_OP(l, r, tt, 2, 0x33333333L); \ + PERM_OP(r, l, tt, 16, 0x0000ffffL); \ + PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \ + } extern const DES_LONG DES_SPtrans[8][64]; void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); + DES_LONG Eswap0, DES_LONG Eswap1); #endif --- crypto/openssl/crypto/des/ecb3_enc.c.orig +++ crypto/openssl/crypto/des/ecb3_enc.c @@ -16,8 +16,8 @@ #include "des_local.h" void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, int enc) + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc) { register DES_LONG l0, l1; DES_LONG ll[2]; --- crypto/openssl/crypto/des/ecb_enc.c.orig +++ crypto/openssl/crypto/des/ecb_enc.c @@ -17,7 +17,6 @@ #include #include - const char *DES_options(void) { static int init = 1; @@ -34,7 +33,7 @@ } void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks, int enc) + DES_key_schedule *ks, int enc) { register DES_LONG l; DES_LONG ll[2]; --- crypto/openssl/crypto/des/fcrypt.c.orig +++ crypto/openssl/crypto/des/fcrypt.c @@ -16,12 +16,12 @@ /* NOCW */ #include #ifdef _OSD_POSIX -# ifndef CHARSET_EBCDIC -# define CHARSET_EBCDIC 1 -# endif +#ifndef CHARSET_EBCDIC +#define CHARSET_EBCDIC 1 +#endif #endif #ifdef CHARSET_EBCDIC -# include +#include #endif #include @@ -32,22 +32,134 @@ * implementations do. */ static const unsigned char con_salt[128] = { - 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, - 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, - 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, - 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, - 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, - 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, - 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, - 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, - 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, - 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, - 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, - 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0xD2, + 0xD3, + 0xD4, + 0xD5, + 0xD6, + 0xD7, + 0xD8, + 0xD9, + 0xDA, + 0xDB, + 0xDC, + 0xDD, + 0xDE, + 0xDF, + 0xE0, + 0xE1, + 0xE2, + 0xE3, + 0xE4, + 0xE5, + 0xE6, + 0xE7, + 0xE8, + 0xE9, + 0xEA, + 0xEB, + 0xEC, + 0xED, + 0xEE, + 0xEF, + 0xF0, + 0xF1, + 0xF2, + 0xF3, + 0xF4, + 0xF5, + 0xF6, + 0xF7, + 0xF8, + 0xF9, + 0xFA, + 0xFB, + 0xFC, + 0xFD, + 0xFE, + 0xFF, + 0x00, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0A, + 0x0B, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0A, + 0x0B, + 0x0C, + 0x0D, + 0x0E, + 0x0F, + 0x10, + 0x11, + 0x12, + 0x13, + 0x14, + 0x15, + 0x16, + 0x17, + 0x18, + 0x19, + 0x1A, + 0x1B, + 0x1C, + 0x1D, + 0x1E, + 0x1F, + 0x20, + 0x21, + 0x22, + 0x23, + 0x24, + 0x25, + 0x20, + 0x21, + 0x22, + 0x23, + 0x24, + 0x25, + 0x26, + 0x27, + 0x28, + 0x29, + 0x2A, + 0x2B, + 0x2C, + 0x2D, + 0x2E, + 0x2F, + 0x30, + 0x31, + 0x32, + 0x33, + 0x34, + 0x35, + 0x36, + 0x37, + 0x38, + 0x39, + 0x3A, + 0x3B, + 0x3C, + 0x3D, + 0x3E, + 0x3F, + 0x40, + 0x41, + 0x42, + 0x43, + 0x44, }; static const unsigned char cov_2char[64] = { @@ -69,7 +181,7 @@ return DES_fcrypt(buf, salt, buff); #else char e_salt[2 + 1]; - char e_buf[32 + 1]; /* replace 32 by 8 ? */ + char e_buf[32 + 1]; /* replace 32 by 8 ? */ char *ret; if (salt[0] == '\0' || salt[1] == '\0') --- crypto/openssl/crypto/des/fcrypt_b.c.orig +++ crypto/openssl/crypto/des/fcrypt_b.c @@ -20,16 +20,16 @@ #undef DES_FCRYPT #undef PERM_OP -#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ - (b)^=(t),\ - (a)^=((t)<<(n))) +#define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n)) ^ (b)) & (m)), \ + (b) ^= (t), \ + (a) ^= ((t) << (n))) #undef HPERM_OP -#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ - (a)=(a)^(t)^(t>>(16-(n))))\ +#define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \ + (a) = (a) ^ (t) ^ (t >> (16 - (n)))) void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, - DES_LONG Eswap1) + DES_LONG Eswap1) { register DES_LONG l, r, t, u; register DES_LONG *s; @@ -44,22 +44,22 @@ E1 = Eswap1; for (j = 0; j < 25; j++) { - D_ENCRYPT(l, r, 0); /* 1 */ - D_ENCRYPT(r, l, 2); /* 2 */ - D_ENCRYPT(l, r, 4); /* 3 */ - D_ENCRYPT(r, l, 6); /* 4 */ - D_ENCRYPT(l, r, 8); /* 5 */ - D_ENCRYPT(r, l, 10); /* 6 */ - D_ENCRYPT(l, r, 12); /* 7 */ - D_ENCRYPT(r, l, 14); /* 8 */ - D_ENCRYPT(l, r, 16); /* 9 */ - D_ENCRYPT(r, l, 18); /* 10 */ - D_ENCRYPT(l, r, 20); /* 11 */ - D_ENCRYPT(r, l, 22); /* 12 */ - D_ENCRYPT(l, r, 24); /* 13 */ - D_ENCRYPT(r, l, 26); /* 14 */ - D_ENCRYPT(l, r, 28); /* 15 */ - D_ENCRYPT(r, l, 30); /* 16 */ + D_ENCRYPT(l, r, 0); /* 1 */ + D_ENCRYPT(r, l, 2); /* 2 */ + D_ENCRYPT(l, r, 4); /* 3 */ + D_ENCRYPT(r, l, 6); /* 4 */ + D_ENCRYPT(l, r, 8); /* 5 */ + D_ENCRYPT(r, l, 10); /* 6 */ + D_ENCRYPT(l, r, 12); /* 7 */ + D_ENCRYPT(r, l, 14); /* 8 */ + D_ENCRYPT(l, r, 16); /* 9 */ + D_ENCRYPT(r, l, 18); /* 10 */ + D_ENCRYPT(l, r, 20); /* 11 */ + D_ENCRYPT(r, l, 22); /* 12 */ + D_ENCRYPT(l, r, 24); /* 13 */ + D_ENCRYPT(r, l, 26); /* 14 */ + D_ENCRYPT(l, r, 28); /* 15 */ + D_ENCRYPT(r, l, 30); /* 16 */ t = l; l = r; r = t; @@ -67,11 +67,11 @@ l = ROTATE(l, 3) & 0xffffffffL; r = ROTATE(r, 3) & 0xffffffffL; - PERM_OP(l, r, t, 1, 0x55555555L); - PERM_OP(r, l, t, 8, 0x00ff00ffL); - PERM_OP(l, r, t, 2, 0x33333333L); + PERM_OP(l, r, t, 1, 0x55555555L); + PERM_OP(r, l, t, 8, 0x00ff00ffL); + PERM_OP(l, r, t, 2, 0x33333333L); PERM_OP(r, l, t, 16, 0x0000ffffL); - PERM_OP(l, r, t, 4, 0x0f0f0f0fL); + PERM_OP(l, r, t, 4, 0x0f0f0f0fL); out[0] = r; out[1] = l; --- crypto/openssl/crypto/des/ncbc_enc.c.orig +++ crypto/openssl/crypto/des/ncbc_enc.c @@ -17,11 +17,11 @@ #ifdef CBC_ENC_C__DONT_UPDATE_IV void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - DES_key_schedule *_schedule, DES_cblock *ivec, int enc) + DES_key_schedule *_schedule, DES_cblock *ivec, int enc) #else void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *_schedule, - DES_cblock *ivec, int enc) + long length, DES_key_schedule *_schedule, + DES_cblock *ivec, int enc) #endif { register DES_LONG tin0, tin1; --- crypto/openssl/crypto/des/ofb64ede.c.orig +++ crypto/openssl/crypto/des/ofb64ede.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,12 +21,12 @@ * used is contained in *num; */ void DES_ede3_ofb64_encrypt(register const unsigned char *in, - register unsigned char *out, long length, - DES_key_schedule *k1, DES_key_schedule *k2, - DES_key_schedule *k3, DES_cblock *ivec, int *num) + register unsigned char *out, long length, + DES_key_schedule *k1, DES_key_schedule *k2, + DES_key_schedule *k3, DES_cblock *ivec, int *num) { register DES_LONG v0, v1; - register int n = *num; + register int n = *num & 0x07; register long l = length; DES_cblock d; register char *dp; --- crypto/openssl/crypto/des/ofb64enc.c.orig +++ crypto/openssl/crypto/des/ofb64enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,11 +21,11 @@ * used is contained in *num; */ void DES_ofb64_encrypt(register const unsigned char *in, - register unsigned char *out, long length, - DES_key_schedule *schedule, DES_cblock *ivec, int *num) + register unsigned char *out, long length, + DES_key_schedule *schedule, DES_cblock *ivec, int *num) { register DES_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; DES_cblock d; register unsigned char *dp; --- crypto/openssl/crypto/des/ofb_enc.c.orig +++ crypto/openssl/crypto/des/ofb_enc.c @@ -22,8 +22,8 @@ * will come from the 3rd and half the 4th byte. */ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, - DES_cblock *ivec) + long length, DES_key_schedule *schedule, + DES_cblock *ivec) { register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8; register DES_LONG mask0, mask1; @@ -72,10 +72,10 @@ } else if (num == 64) { v0 = vv0; v1 = vv1; - } else if (num > 32) { /* && num != 64 */ + } else if (num > 32) { /* && num != 64 */ v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL; v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL; - } else { /* num < 32 */ + } else { /* num < 32 */ v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL; v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL; --- crypto/openssl/crypto/des/pcbc_enc.c.orig +++ crypto/openssl/crypto/des/pcbc_enc.c @@ -16,8 +16,8 @@ #include "des_local.h" void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int enc) + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc) { register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1; DES_LONG tin[2]; --- crypto/openssl/crypto/des/qud_cksm.c.orig +++ crypto/openssl/crypto/des/qud_cksm.c @@ -23,16 +23,16 @@ #include "des_local.h" #define Q_B0(a) (((DES_LONG)(a))) -#define Q_B1(a) (((DES_LONG)(a))<<8) -#define Q_B2(a) (((DES_LONG)(a))<<16) -#define Q_B3(a) (((DES_LONG)(a))<<24) +#define Q_B1(a) (((DES_LONG)(a)) << 8) +#define Q_B2(a) (((DES_LONG)(a)) << 16) +#define Q_B3(a) (((DES_LONG)(a)) << 24) /* used to scramble things a bit */ /* Got the value MIT uses via brute force :-) 2/10/90 eay */ -#define NOISE ((DES_LONG)83653421L) +#define NOISE ((DES_LONG)83653421L) DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], - long length, int out_count, DES_cblock *seed) + long length, int out_count, DES_cblock *seed) { DES_LONG z0, z1, t0, t1; int i; @@ -44,10 +44,8 @@ out_count = 1; lp = (DES_LONG *)&(output[0])[0]; - z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) | - Q_B3((*seed)[3]); - z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) | - Q_B3((*seed)[7]); + z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) | Q_B3((*seed)[3]); + z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) | Q_B3((*seed)[7]); for (i = 0; ((i < 4) && (i < out_count)); i++) { cp = input; @@ -66,9 +64,9 @@ t1 = z1; /* square, well sort of square */ z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL)) - & 0xffffffffL) % 0x7fffffffL; - z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) % - 0x7fffffffL; + & 0xffffffffL) + % 0x7fffffffL; + z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) % 0x7fffffffL; } if (lp != NULL) { /* --- crypto/openssl/crypto/des/set_key.c.orig +++ crypto/openssl/crypto/des/set_key.c @@ -93,23 +93,23 @@ */ static const DES_cblock weak_keys[] = { /* weak keys */ - {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, - {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, - {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, - {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, + { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, + { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, + { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, + { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, /* semi-weak keys */ - {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, - {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, - {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, - {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, - {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, - {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, - {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, - {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, - {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, - {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, - {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, - {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1} + { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, + { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, + { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, + { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, + { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, + { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, + { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, + { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, + { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, + { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, + { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, + { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } }; /* @@ -136,162 +136,546 @@ * (a)=((a)^((t)<<(n)))) */ -#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ - (a)=(a)^(t)^(t>>(16-(n)))) +#define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \ + (a) = (a) ^ (t) ^ (t >> (16 - (n)))) static const DES_LONG des_skb[8][64] = { { - /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ - 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, - 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L, - 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L, - 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L, - 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, - 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, - 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L, - 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L, - 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L, - 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, - 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, - 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L, - 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L, - 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L, - 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, - 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, - }, + /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ + 0x00000000L, + 0x00000010L, + 0x20000000L, + 0x20000010L, + 0x00010000L, + 0x00010010L, + 0x20010000L, + 0x20010010L, + 0x00000800L, + 0x00000810L, + 0x20000800L, + 0x20000810L, + 0x00010800L, + 0x00010810L, + 0x20010800L, + 0x20010810L, + 0x00000020L, + 0x00000030L, + 0x20000020L, + 0x20000030L, + 0x00010020L, + 0x00010030L, + 0x20010020L, + 0x20010030L, + 0x00000820L, + 0x00000830L, + 0x20000820L, + 0x20000830L, + 0x00010820L, + 0x00010830L, + 0x20010820L, + 0x20010830L, + 0x00080000L, + 0x00080010L, + 0x20080000L, + 0x20080010L, + 0x00090000L, + 0x00090010L, + 0x20090000L, + 0x20090010L, + 0x00080800L, + 0x00080810L, + 0x20080800L, + 0x20080810L, + 0x00090800L, + 0x00090810L, + 0x20090800L, + 0x20090810L, + 0x00080020L, + 0x00080030L, + 0x20080020L, + 0x20080030L, + 0x00090020L, + 0x00090030L, + 0x20090020L, + 0x20090030L, + 0x00080820L, + 0x00080830L, + 0x20080820L, + 0x20080830L, + 0x00090820L, + 0x00090830L, + 0x20090820L, + 0x20090830L, + }, { - /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ - 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, - 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L, - 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L, - 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L, - 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, - 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, - 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L, - 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L, - 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L, - 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, - 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, - 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L, - 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L, - 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L, - 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, - 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, - }, + /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ + 0x00000000L, + 0x02000000L, + 0x00002000L, + 0x02002000L, + 0x00200000L, + 0x02200000L, + 0x00202000L, + 0x02202000L, + 0x00000004L, + 0x02000004L, + 0x00002004L, + 0x02002004L, + 0x00200004L, + 0x02200004L, + 0x00202004L, + 0x02202004L, + 0x00000400L, + 0x02000400L, + 0x00002400L, + 0x02002400L, + 0x00200400L, + 0x02200400L, + 0x00202400L, + 0x02202400L, + 0x00000404L, + 0x02000404L, + 0x00002404L, + 0x02002404L, + 0x00200404L, + 0x02200404L, + 0x00202404L, + 0x02202404L, + 0x10000000L, + 0x12000000L, + 0x10002000L, + 0x12002000L, + 0x10200000L, + 0x12200000L, + 0x10202000L, + 0x12202000L, + 0x10000004L, + 0x12000004L, + 0x10002004L, + 0x12002004L, + 0x10200004L, + 0x12200004L, + 0x10202004L, + 0x12202004L, + 0x10000400L, + 0x12000400L, + 0x10002400L, + 0x12002400L, + 0x10200400L, + 0x12200400L, + 0x10202400L, + 0x12202400L, + 0x10000404L, + 0x12000404L, + 0x10002404L, + 0x12002404L, + 0x10200404L, + 0x12200404L, + 0x10202404L, + 0x12202404L, + }, { - /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ - 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, - 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L, - 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L, - 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L, - 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, - 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, - 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L, - 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L, - 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L, - 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, - 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, - 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L, - 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L, - 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L, - 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, - 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, - }, + /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ + 0x00000000L, + 0x00000001L, + 0x00040000L, + 0x00040001L, + 0x01000000L, + 0x01000001L, + 0x01040000L, + 0x01040001L, + 0x00000002L, + 0x00000003L, + 0x00040002L, + 0x00040003L, + 0x01000002L, + 0x01000003L, + 0x01040002L, + 0x01040003L, + 0x00000200L, + 0x00000201L, + 0x00040200L, + 0x00040201L, + 0x01000200L, + 0x01000201L, + 0x01040200L, + 0x01040201L, + 0x00000202L, + 0x00000203L, + 0x00040202L, + 0x00040203L, + 0x01000202L, + 0x01000203L, + 0x01040202L, + 0x01040203L, + 0x08000000L, + 0x08000001L, + 0x08040000L, + 0x08040001L, + 0x09000000L, + 0x09000001L, + 0x09040000L, + 0x09040001L, + 0x08000002L, + 0x08000003L, + 0x08040002L, + 0x08040003L, + 0x09000002L, + 0x09000003L, + 0x09040002L, + 0x09040003L, + 0x08000200L, + 0x08000201L, + 0x08040200L, + 0x08040201L, + 0x09000200L, + 0x09000201L, + 0x09040200L, + 0x09040201L, + 0x08000202L, + 0x08000203L, + 0x08040202L, + 0x08040203L, + 0x09000202L, + 0x09000203L, + 0x09040202L, + 0x09040203L, + }, { - /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ - 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, - 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L, - 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L, - 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L, - 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, - 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, - 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L, - 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L, - 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L, - 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, - 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, - 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L, - 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L, - 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L, - 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, - 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, - }, + /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ + 0x00000000L, + 0x00100000L, + 0x00000100L, + 0x00100100L, + 0x00000008L, + 0x00100008L, + 0x00000108L, + 0x00100108L, + 0x00001000L, + 0x00101000L, + 0x00001100L, + 0x00101100L, + 0x00001008L, + 0x00101008L, + 0x00001108L, + 0x00101108L, + 0x04000000L, + 0x04100000L, + 0x04000100L, + 0x04100100L, + 0x04000008L, + 0x04100008L, + 0x04000108L, + 0x04100108L, + 0x04001000L, + 0x04101000L, + 0x04001100L, + 0x04101100L, + 0x04001008L, + 0x04101008L, + 0x04001108L, + 0x04101108L, + 0x00020000L, + 0x00120000L, + 0x00020100L, + 0x00120100L, + 0x00020008L, + 0x00120008L, + 0x00020108L, + 0x00120108L, + 0x00021000L, + 0x00121000L, + 0x00021100L, + 0x00121100L, + 0x00021008L, + 0x00121008L, + 0x00021108L, + 0x00121108L, + 0x04020000L, + 0x04120000L, + 0x04020100L, + 0x04120100L, + 0x04020008L, + 0x04120008L, + 0x04020108L, + 0x04120108L, + 0x04021000L, + 0x04121000L, + 0x04021100L, + 0x04121100L, + 0x04021008L, + 0x04121008L, + 0x04021108L, + 0x04121108L, + }, { - /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ - 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, - 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L, - 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L, - 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L, - 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, - 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, - 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L, - 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L, - 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L, - 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, - 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, - 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L, - 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L, - 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L, - 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, - 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, - }, + /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ + 0x00000000L, + 0x10000000L, + 0x00010000L, + 0x10010000L, + 0x00000004L, + 0x10000004L, + 0x00010004L, + 0x10010004L, + 0x20000000L, + 0x30000000L, + 0x20010000L, + 0x30010000L, + 0x20000004L, + 0x30000004L, + 0x20010004L, + 0x30010004L, + 0x00100000L, + 0x10100000L, + 0x00110000L, + 0x10110000L, + 0x00100004L, + 0x10100004L, + 0x00110004L, + 0x10110004L, + 0x20100000L, + 0x30100000L, + 0x20110000L, + 0x30110000L, + 0x20100004L, + 0x30100004L, + 0x20110004L, + 0x30110004L, + 0x00001000L, + 0x10001000L, + 0x00011000L, + 0x10011000L, + 0x00001004L, + 0x10001004L, + 0x00011004L, + 0x10011004L, + 0x20001000L, + 0x30001000L, + 0x20011000L, + 0x30011000L, + 0x20001004L, + 0x30001004L, + 0x20011004L, + 0x30011004L, + 0x00101000L, + 0x10101000L, + 0x00111000L, + 0x10111000L, + 0x00101004L, + 0x10101004L, + 0x00111004L, + 0x10111004L, + 0x20101000L, + 0x30101000L, + 0x20111000L, + 0x30111000L, + 0x20101004L, + 0x30101004L, + 0x20111004L, + 0x30111004L, + }, { - /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ - 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, - 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L, - 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L, - 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L, - 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, - 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, - 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L, - 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L, - 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L, - 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, - 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, - 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L, - 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L, - 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L, - 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, - 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, - }, + /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ + 0x00000000L, + 0x08000000L, + 0x00000008L, + 0x08000008L, + 0x00000400L, + 0x08000400L, + 0x00000408L, + 0x08000408L, + 0x00020000L, + 0x08020000L, + 0x00020008L, + 0x08020008L, + 0x00020400L, + 0x08020400L, + 0x00020408L, + 0x08020408L, + 0x00000001L, + 0x08000001L, + 0x00000009L, + 0x08000009L, + 0x00000401L, + 0x08000401L, + 0x00000409L, + 0x08000409L, + 0x00020001L, + 0x08020001L, + 0x00020009L, + 0x08020009L, + 0x00020401L, + 0x08020401L, + 0x00020409L, + 0x08020409L, + 0x02000000L, + 0x0A000000L, + 0x02000008L, + 0x0A000008L, + 0x02000400L, + 0x0A000400L, + 0x02000408L, + 0x0A000408L, + 0x02020000L, + 0x0A020000L, + 0x02020008L, + 0x0A020008L, + 0x02020400L, + 0x0A020400L, + 0x02020408L, + 0x0A020408L, + 0x02000001L, + 0x0A000001L, + 0x02000009L, + 0x0A000009L, + 0x02000401L, + 0x0A000401L, + 0x02000409L, + 0x0A000409L, + 0x02020001L, + 0x0A020001L, + 0x02020009L, + 0x0A020009L, + 0x02020401L, + 0x0A020401L, + 0x02020409L, + 0x0A020409L, + }, { - /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ - 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, - 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L, - 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L, - 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L, - 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, - 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, - 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L, - 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L, - 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L, - 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, - 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, - 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L, - 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L, - 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L, - 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, - 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, - }, + /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ + 0x00000000L, + 0x00000100L, + 0x00080000L, + 0x00080100L, + 0x01000000L, + 0x01000100L, + 0x01080000L, + 0x01080100L, + 0x00000010L, + 0x00000110L, + 0x00080010L, + 0x00080110L, + 0x01000010L, + 0x01000110L, + 0x01080010L, + 0x01080110L, + 0x00200000L, + 0x00200100L, + 0x00280000L, + 0x00280100L, + 0x01200000L, + 0x01200100L, + 0x01280000L, + 0x01280100L, + 0x00200010L, + 0x00200110L, + 0x00280010L, + 0x00280110L, + 0x01200010L, + 0x01200110L, + 0x01280010L, + 0x01280110L, + 0x00000200L, + 0x00000300L, + 0x00080200L, + 0x00080300L, + 0x01000200L, + 0x01000300L, + 0x01080200L, + 0x01080300L, + 0x00000210L, + 0x00000310L, + 0x00080210L, + 0x00080310L, + 0x01000210L, + 0x01000310L, + 0x01080210L, + 0x01080310L, + 0x00200200L, + 0x00200300L, + 0x00280200L, + 0x00280300L, + 0x01200200L, + 0x01200300L, + 0x01280200L, + 0x01280300L, + 0x00200210L, + 0x00200310L, + 0x00280210L, + 0x00280310L, + 0x01200210L, + 0x01200310L, + 0x01280210L, + 0x01280310L, + }, { - /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ - 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, - 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L, - 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L, - 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L, - 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, - 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, - 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L, - 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L, - 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L, - 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, - 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, - 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L, - 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L, - 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L, - 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, - 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, - } + /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ + 0x00000000L, + 0x04000000L, + 0x00040000L, + 0x04040000L, + 0x00000002L, + 0x04000002L, + 0x00040002L, + 0x04040002L, + 0x00002000L, + 0x04002000L, + 0x00042000L, + 0x04042000L, + 0x00002002L, + 0x04002002L, + 0x00042002L, + 0x04042002L, + 0x00000020L, + 0x04000020L, + 0x00040020L, + 0x04040020L, + 0x00000022L, + 0x04000022L, + 0x00040022L, + 0x04040022L, + 0x00002020L, + 0x04002020L, + 0x00042020L, + 0x04042020L, + 0x00002022L, + 0x04002022L, + 0x00042022L, + 0x04042022L, + 0x00000800L, + 0x04000800L, + 0x00040800L, + 0x04040800L, + 0x00000802L, + 0x04000802L, + 0x00040802L, + 0x04040802L, + 0x00002800L, + 0x04002800L, + 0x00042800L, + 0x04042800L, + 0x00002802L, + 0x04002802L, + 0x00042802L, + 0x04042802L, + 0x00000820L, + 0x04000820L, + 0x00040820L, + 0x04040820L, + 0x00000822L, + 0x04000822L, + 0x00040822L, + 0x04040822L, + 0x00002820L, + 0x04002820L, + 0x00042820L, + 0x04042820L, + 0x00002822L, + 0x04002822L, + 0x00042822L, + 0x04042822L, + } }; /* Return values as DES_set_key_checked() but always set the key */ @@ -324,8 +708,7 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) { - static const int shifts2[16] = - { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; + static const int shifts2[16] = { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; register DES_LONG c, d, t, s, t2; register const unsigned char *in; register DES_LONG *k; @@ -351,8 +734,7 @@ PERM_OP(d, c, t, 1, 0x55555555L); PERM_OP(c, d, t, 8, 0x00ff00ffL); PERM_OP(d, c, t, 1, 0x55555555L); - d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | - ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); + d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); c &= 0x0fffffffL; for (i = 0; i < ITERATIONS; i++) { @@ -369,15 +751,8 @@ * could be a few less shifts but I am to lazy at this point in time * to investigate */ - s = des_skb[0][(c) & 0x3f] | - des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | - des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | - des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | - ((c >> 22L) & 0x38)]; - t = des_skb[4][(d) & 0x3f] | - des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | - des_skb[6][(d >> 15L) & 0x3f] | - des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; + s = des_skb[0][(c) & 0x3f] | des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | ((c >> 22L) & 0x38)]; + t = des_skb[4][(d) & 0x3f] | des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | des_skb[6][(d >> 15L) & 0x3f] | des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; /* table contained 0213 4657 */ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; --- crypto/openssl/crypto/des/spr.h.orig +++ crypto/openssl/crypto/des/spr.h @@ -10,154 +10,538 @@ const DES_LONG DES_SPtrans[8][64] = { { /* nibble 0 */ - 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, - 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, - 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, - 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, - 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, - 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, - 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, - 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, - 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, - 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, - 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, - 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, - 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, - 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, - 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, - 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, + 0x02080800L, + 0x00080000L, + 0x02000002L, + 0x02080802L, + 0x02000000L, + 0x00080802L, + 0x00080002L, + 0x02000002L, + 0x00080802L, + 0x02080800L, + 0x02080000L, + 0x00000802L, + 0x02000802L, + 0x02000000L, + 0x00000000L, + 0x00080002L, + 0x00080000L, + 0x00000002L, + 0x02000800L, + 0x00080800L, + 0x02080802L, + 0x02080000L, + 0x00000802L, + 0x02000800L, + 0x00000002L, + 0x00000800L, + 0x00080800L, + 0x02080002L, + 0x00000800L, + 0x02000802L, + 0x02080002L, + 0x00000000L, + 0x00000000L, + 0x02080802L, + 0x02000800L, + 0x00080002L, + 0x02080800L, + 0x00080000L, + 0x00000802L, + 0x02000800L, + 0x02080002L, + 0x00000800L, + 0x00080800L, + 0x02000002L, + 0x00080802L, + 0x00000002L, + 0x02000002L, + 0x02080000L, + 0x02080802L, + 0x00080800L, + 0x02080000L, + 0x02000802L, + 0x02000000L, + 0x00000802L, + 0x00080002L, + 0x00000000L, + 0x00080000L, + 0x02000000L, + 0x02000802L, + 0x02080800L, + 0x00000002L, + 0x02080002L, + 0x00000800L, + 0x00080802L, }, { /* nibble 1 */ - 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, - 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, - 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, - 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, - 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, - 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, - 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, - 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, - 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, - 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, - 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, - 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, - 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, - 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, - 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, - 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, + 0x40108010L, + 0x00000000L, + 0x00108000L, + 0x40100000L, + 0x40000010L, + 0x00008010L, + 0x40008000L, + 0x00108000L, + 0x00008000L, + 0x40100010L, + 0x00000010L, + 0x40008000L, + 0x00100010L, + 0x40108000L, + 0x40100000L, + 0x00000010L, + 0x00100000L, + 0x40008010L, + 0x40100010L, + 0x00008000L, + 0x00108010L, + 0x40000000L, + 0x00000000L, + 0x00100010L, + 0x40008010L, + 0x00108010L, + 0x40108000L, + 0x40000010L, + 0x40000000L, + 0x00100000L, + 0x00008010L, + 0x40108010L, + 0x00100010L, + 0x40108000L, + 0x40008000L, + 0x00108010L, + 0x40108010L, + 0x00100010L, + 0x40000010L, + 0x00000000L, + 0x40000000L, + 0x00008010L, + 0x00100000L, + 0x40100010L, + 0x00008000L, + 0x40000000L, + 0x00108010L, + 0x40008010L, + 0x40108000L, + 0x00008000L, + 0x00000000L, + 0x40000010L, + 0x00000010L, + 0x40108010L, + 0x00108000L, + 0x40100000L, + 0x40100010L, + 0x00100000L, + 0x00008010L, + 0x40008000L, + 0x40008010L, + 0x00000010L, + 0x40100000L, + 0x00108000L, }, { /* nibble 2 */ - 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, - 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, - 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, - 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, - 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, - 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, - 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, - 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, - 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, - 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, - 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, - 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, - 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, - 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, + 0x04000001L, + 0x04040100L, + 0x00000100L, + 0x04000101L, + 0x00040001L, + 0x04000000L, + 0x04000101L, + 0x00040100L, + 0x04000100L, + 0x00040000L, + 0x04040000L, + 0x00000001L, + 0x04040101L, + 0x00000101L, + 0x00000001L, + 0x04040001L, + 0x00000000L, + 0x00040001L, + 0x04040100L, + 0x00000100L, + 0x00000101L, + 0x04040101L, + 0x00040000L, + 0x04000001L, + 0x04040001L, + 0x04000100L, + 0x00040101L, + 0x04040000L, + 0x00040100L, + 0x00000000L, + 0x04000000L, + 0x00040101L, + 0x04040100L, + 0x00000100L, + 0x00000001L, + 0x00040000L, + 0x00000101L, + 0x00040001L, + 0x04040000L, + 0x04000101L, + 0x00000000L, + 0x04040100L, + 0x00040100L, + 0x04040001L, + 0x00040001L, + 0x04000000L, + 0x04040101L, + 0x00000001L, + 0x00040101L, + 0x04000001L, + 0x04000000L, + 0x04040101L, + 0x00040000L, + 0x04000100L, + 0x04000101L, + 0x00040100L, + 0x04000100L, + 0x00000000L, + 0x04040001L, + 0x00000101L, + 0x04000001L, + 0x00040101L, + 0x00000100L, + 0x04040000L, }, { /* nibble 3 */ - 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, - 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, - 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, - 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, - 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, - 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, - 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, - 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, - 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, - 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, - 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, - 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, - 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, - 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, - 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, - 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, + 0x00401008L, + 0x10001000L, + 0x00000008L, + 0x10401008L, + 0x00000000L, + 0x10400000L, + 0x10001008L, + 0x00400008L, + 0x10401000L, + 0x10000008L, + 0x10000000L, + 0x00001008L, + 0x10000008L, + 0x00401008L, + 0x00400000L, + 0x10000000L, + 0x10400008L, + 0x00401000L, + 0x00001000L, + 0x00000008L, + 0x00401000L, + 0x10001008L, + 0x10400000L, + 0x00001000L, + 0x00001008L, + 0x00000000L, + 0x00400008L, + 0x10401000L, + 0x10001000L, + 0x10400008L, + 0x10401008L, + 0x00400000L, + 0x10400008L, + 0x00001008L, + 0x00400000L, + 0x10000008L, + 0x00401000L, + 0x10001000L, + 0x00000008L, + 0x10400000L, + 0x10001008L, + 0x00000000L, + 0x00001000L, + 0x00400008L, + 0x00000000L, + 0x10400008L, + 0x10401000L, + 0x00001000L, + 0x10000000L, + 0x10401008L, + 0x00401008L, + 0x00400000L, + 0x10401008L, + 0x00000008L, + 0x10001000L, + 0x00401008L, + 0x00400008L, + 0x00401000L, + 0x10400000L, + 0x10001008L, + 0x00001008L, + 0x10000000L, + 0x10000008L, + 0x10401000L, }, { /* nibble 4 */ - 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, - 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, - 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, - 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, - 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, - 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, - 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, - 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, - 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, - 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, - 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, - 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, - 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, - 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, + 0x08000000L, + 0x00010000L, + 0x00000400L, + 0x08010420L, + 0x08010020L, + 0x08000400L, + 0x00010420L, + 0x08010000L, + 0x00010000L, + 0x00000020L, + 0x08000020L, + 0x00010400L, + 0x08000420L, + 0x08010020L, + 0x08010400L, + 0x00000000L, + 0x00010400L, + 0x08000000L, + 0x00010020L, + 0x00000420L, + 0x08000400L, + 0x00010420L, + 0x00000000L, + 0x08000020L, + 0x00000020L, + 0x08000420L, + 0x08010420L, + 0x00010020L, + 0x08010000L, + 0x00000400L, + 0x00000420L, + 0x08010400L, + 0x08010400L, + 0x08000420L, + 0x00010020L, + 0x08010000L, + 0x00010000L, + 0x00000020L, + 0x08000020L, + 0x08000400L, + 0x08000000L, + 0x00010400L, + 0x08010420L, + 0x00000000L, + 0x00010420L, + 0x08000000L, + 0x00000400L, + 0x00010020L, + 0x08000420L, + 0x00000400L, + 0x00000000L, + 0x08010420L, + 0x08010020L, + 0x08010400L, + 0x00000420L, + 0x00010000L, + 0x00010400L, + 0x08010020L, + 0x08000400L, + 0x00000420L, + 0x00000020L, + 0x00010420L, + 0x08010000L, + 0x08000020L, }, { /* nibble 5 */ - 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, - 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, - 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, - 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, - 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, - 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, - 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, - 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, - 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, - 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, - 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, - 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, - 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, - 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, - 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, - 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, + 0x80000040L, + 0x00200040L, + 0x00000000L, + 0x80202000L, + 0x00200040L, + 0x00002000L, + 0x80002040L, + 0x00200000L, + 0x00002040L, + 0x80202040L, + 0x00202000L, + 0x80000000L, + 0x80002000L, + 0x80000040L, + 0x80200000L, + 0x00202040L, + 0x00200000L, + 0x80002040L, + 0x80200040L, + 0x00000000L, + 0x00002000L, + 0x00000040L, + 0x80202000L, + 0x80200040L, + 0x80202040L, + 0x80200000L, + 0x80000000L, + 0x00002040L, + 0x00000040L, + 0x00202000L, + 0x00202040L, + 0x80002000L, + 0x00002040L, + 0x80000000L, + 0x80002000L, + 0x00202040L, + 0x80202000L, + 0x00200040L, + 0x00000000L, + 0x80002000L, + 0x80000000L, + 0x00002000L, + 0x80200040L, + 0x00200000L, + 0x00200040L, + 0x80202040L, + 0x00202000L, + 0x00000040L, + 0x80202040L, + 0x00202000L, + 0x00200000L, + 0x80002040L, + 0x80000040L, + 0x80200000L, + 0x00202040L, + 0x00000000L, + 0x00002000L, + 0x80000040L, + 0x80002040L, + 0x80202000L, + 0x80200000L, + 0x00002040L, + 0x00000040L, + 0x80200040L, }, { /* nibble 6 */ - 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, - 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, - 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, - 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, - 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, - 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, - 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, - 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, - 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, - 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, - 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, - 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, - 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, - 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, - 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, - 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, + 0x00004000L, + 0x00000200L, + 0x01000200L, + 0x01000004L, + 0x01004204L, + 0x00004004L, + 0x00004200L, + 0x00000000L, + 0x01000000L, + 0x01000204L, + 0x00000204L, + 0x01004000L, + 0x00000004L, + 0x01004200L, + 0x01004000L, + 0x00000204L, + 0x01000204L, + 0x00004000L, + 0x00004004L, + 0x01004204L, + 0x00000000L, + 0x01000200L, + 0x01000004L, + 0x00004200L, + 0x01004004L, + 0x00004204L, + 0x01004200L, + 0x00000004L, + 0x00004204L, + 0x01004004L, + 0x00000200L, + 0x01000000L, + 0x00004204L, + 0x01004000L, + 0x01004004L, + 0x00000204L, + 0x00004000L, + 0x00000200L, + 0x01000000L, + 0x01004004L, + 0x01000204L, + 0x00004204L, + 0x00004200L, + 0x00000000L, + 0x00000200L, + 0x01000004L, + 0x00000004L, + 0x01000200L, + 0x00000000L, + 0x01000204L, + 0x01000200L, + 0x00004200L, + 0x00000204L, + 0x00004000L, + 0x01004204L, + 0x01000000L, + 0x01004200L, + 0x00000004L, + 0x00004004L, + 0x01004204L, + 0x01000004L, + 0x01004200L, + 0x01004000L, + 0x00004004L, }, { /* nibble 7 */ - 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, - 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, - 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, - 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, - 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, - 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, - 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, - 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, - 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, - 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, - 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, - 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, - 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, - 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, - 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, - 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, + 0x20800080L, + 0x20820000L, + 0x00020080L, + 0x00000000L, + 0x20020000L, + 0x00800080L, + 0x20800000L, + 0x20820080L, + 0x00000080L, + 0x20000000L, + 0x00820000L, + 0x00020080L, + 0x00820080L, + 0x20020080L, + 0x20000080L, + 0x20800000L, + 0x00020000L, + 0x00820080L, + 0x00800080L, + 0x20020000L, + 0x20820080L, + 0x20000080L, + 0x00000000L, + 0x00820000L, + 0x20000000L, + 0x00800000L, + 0x20020080L, + 0x20800080L, + 0x00800000L, + 0x00020000L, + 0x20820000L, + 0x00000080L, + 0x00800000L, + 0x00020000L, + 0x20000080L, + 0x20820080L, + 0x00020080L, + 0x20000000L, + 0x00000000L, + 0x00820000L, + 0x20800080L, + 0x20020080L, + 0x20020000L, + 0x00800080L, + 0x20820000L, + 0x00000080L, + 0x00800080L, + 0x20020000L, + 0x20820080L, + 0x00800000L, + 0x20800000L, + 0x20000080L, + 0x00820000L, + 0x00020080L, + 0x20020080L, + 0x20800000L, + 0x00000080L, + 0x20820000L, + 0x00820080L, + 0x00000000L, + 0x20000000L, + 0x20800080L, + 0x00020000L, + 0x00820080L, } }; --- crypto/openssl/crypto/des/xcbc_enc.c.orig +++ crypto/openssl/crypto/des/xcbc_enc.c @@ -18,9 +18,9 @@ /* RSA's DESX */ void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, const_DES_cblock *inw, - const_DES_cblock *outw, int enc) + long length, DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc) { register DES_LONG tin0, tin1; register DES_LONG tout0, tout1, xor0, xor1; --- crypto/openssl/crypto/dh/dh_ameth.c.orig +++ crypto/openssl/crypto/dh/dh_ameth.c @@ -32,7 +32,7 @@ */ static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, - long length) + long length) { DH *dh = NULL; int is_dhx = (pkey->ameth == &ossl_dhx_asn1_meth); @@ -102,7 +102,7 @@ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); return 1; - err: +err: ASN1_INTEGER_free(public_key); DH_free(dh); return 0; @@ -145,10 +145,10 @@ } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - ptype, str, penc, penclen)) + ptype, str, penc, penclen)) return 1; - err: +err: OPENSSL_free(penc); ASN1_STRING_free(str); @@ -213,19 +213,19 @@ } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) { + V_ASN1_SEQUENCE, params, dp, dplen)) { OPENSSL_clear_free(dp, dplen); goto err; } return 1; - err: +err: ASN1_STRING_free(params); return 0; } static int dh_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) + const unsigned char **pder, int derlen) { DH *dh; @@ -258,7 +258,7 @@ pub_key = NULL; if (x->params.p == NULL || (ptype == 2 && priv_key == NULL) - || (ptype > 0 && pub_key == NULL)) { + || (ptype > 0 && pub_key == NULL)) { reason = ERR_R_PASSED_NULL_PARAMETER; goto err; } @@ -271,7 +271,7 @@ ktype = "DH Parameters"; if (!BIO_indent(bp, indent, 128) - || BIO_printf(bp, "%s: (%d bit)\n", ktype, DH_bits(x)) <= 0) + || BIO_printf(bp, "%s: (%d bit)\n", ktype, DH_bits(x)) <= 0) goto err; indent += 4; @@ -285,14 +285,15 @@ if (x->length != 0) { if (!BIO_indent(bp, indent, 128) - || BIO_printf(bp, "recommended-private-length: %d bits\n", - (int)x->length) <= 0) + || BIO_printf(bp, "recommended-private-length: %d bits\n", + (int)x->length) + <= 0) goto err; } return 1; - err: +err: ERR_raise(ERR_LIB_DH, reason); return 0; } @@ -315,7 +316,7 @@ static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { return ossl_ffc_params_cmp(&a->pkey.dh->params, &b->pkey.dh->params, - a->ameth != &ossl_dhx_asn1_meth); + a->ameth != &ossl_dhx_asn1_meth); } static int int_dh_param_copy(DH *to, const DH *from, int is_x942) @@ -351,7 +352,7 @@ return 0; } return int_dh_param_copy(to->pkey.dh, from->pkey.dh, - from->ameth == &ossl_dhx_asn1_meth); + from->ameth == &ossl_dhx_asn1_meth); } static int dh_missing_parameters(const EVP_PKEY *a) @@ -372,19 +373,19 @@ } static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_dh_print(bp, pkey->pkey.dh, indent, 0); } static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_dh_print(bp, pkey->pkey.dh, indent, 1); } static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_dh_print(bp, pkey->pkey.dh, indent, 2); } @@ -402,12 +403,12 @@ /* We should only be here if we have a legacy key */ if (!ossl_assert(evp_pkey_is_legacy(pkey))) return 0; - dh = (DH *) evp_pkey_get0_DH_int(pkey); + dh = (DH *)evp_pkey_get0_DH_int(pkey); if (dh == NULL) return 0; return ossl_dh_buf2key(dh, arg2, arg1); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - dh = (DH *) EVP_PKEY_get0_DH(pkey); + dh = (DH *)EVP_PKEY_get0_DH(pkey); if (dh == NULL) return 0; return ossl_dh_key2buf(dh, arg2, 0, 1); @@ -422,7 +423,6 @@ default: return -2; } - } static int dh_pkey_public_check(const EVP_PKEY *pkey) @@ -450,8 +450,8 @@ } static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq) { DH *dh = from->pkey.dh; OSSL_PARAM_BLD *tmpl; @@ -489,7 +489,7 @@ } if (priv_key != NULL) { if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, - priv_key)) + priv_key)) goto err; selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; } @@ -507,7 +507,7 @@ } static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx, - int type) + int type) { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); --- crypto/openssl/crypto/dh/dh_asn1.c.orig +++ crypto/openssl/crypto/dh/dh_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ /* Override the default free and new methods */ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DH_new(); @@ -46,9 +46,9 @@ } ASN1_SEQUENCE_cb(DHparams, dh_cb) = { - ASN1_SIMPLE(DH, params.p, BIGNUM), - ASN1_SIMPLE(DH, params.g, BIGNUM), - ASN1_OPT_EMBED(DH, length, ZINT32), + ASN1_SIMPLE(DH, params.p, BIGNUM), + ASN1_SIMPLE(DH, params.g, BIGNUM), + ASN1_OPT_EMBED(DH, length, ZINT32), } ASN1_SEQUENCE_END_cb(DH, DHparams) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DH, DHparams, DHparams) @@ -72,20 +72,20 @@ } int_dhx942_dh; ASN1_SEQUENCE(DHvparams) = { - ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), - ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) + ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), + ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) } static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) -ASN1_SEQUENCE(DHxparams) = { - ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), - ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM), - ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), - ASN1_OPT(int_dhx942_dh, j, BIGNUM), - ASN1_OPT(int_dhx942_dh, vparams, DHvparams), -} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) +ASN1_SEQUENCE(DHxparams) + = { + ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), + ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM), + ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), + ASN1_OPT(int_dhx942_dh, j, BIGNUM), + ASN1_OPT(int_dhx942_dh, vparams, DHvparams), + } static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) -int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, - const unsigned char **pp, long length); +int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, const unsigned char **pp, long length); int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp); IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx) @@ -118,8 +118,8 @@ /* The counter has a maximum value of 4 * numbits(p) - 1 */ size_t counter = (size_t)BN_get_word(dhx->vparams->counter); ossl_ffc_params_set_validate_params(params, dhx->vparams->seed->data, - dhx->vparams->seed->length, - counter); + dhx->vparams->seed->length, + counter); ASN1_BIT_STRING_free(dhx->vparams->seed); BN_free(dhx->vparams->counter); OPENSSL_free(dhx->vparams); @@ -143,7 +143,7 @@ int counter; ossl_ffc_params_get0_pqg(params, (const BIGNUM **)&dhx.p, - (const BIGNUM **)&dhx.q, (const BIGNUM **)&dhx.g); + (const BIGNUM **)&dhx.q, (const BIGNUM **)&dhx.g); dhx.j = params->j; ossl_ffc_params_get_validate_params(params, &seed.data, &seedlen, &counter); seed.length = (int)seedlen; --- crypto/openssl/crypto/dh/dh_backend.c.orig +++ crypto/openssl/crypto/dh/dh_backend.c @@ -16,7 +16,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include "internal/param_build_set.h" #include "crypto/dh.h" @@ -53,8 +53,7 @@ if (!dh_ffc_params_fromdata(dh, params)) return 0; - param_priv_len = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); + param_priv_len = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); if (param_priv_len != NULL && (!OSSL_PARAM_get_long(param_priv_len, &priv_len) || !DH_set_length(dh, priv_len))) @@ -88,7 +87,7 @@ return 1; - err: +err: BN_clear_free(priv_key); BN_free(pub_key); return 0; @@ -107,7 +106,7 @@ } int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], - int include_private) + int include_private) { const BIGNUM *priv = NULL, *pub = NULL; @@ -172,20 +171,20 @@ #ifndef FIPS_MODULE if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_DH, - &dupkey->ex_data, &dh->ex_data)) + &dupkey->ex_data, &dh->ex_data)) goto err; #endif return dupkey; - err: +err: DH_free(dupkey); return NULL; } #ifndef FIPS_MODULE DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { const unsigned char *p, *pm; int pklen, pmlen; @@ -238,12 +237,12 @@ goto done; - decerr: +decerr: ERR_raise(ERR_LIB_DH, EVP_R_DECODE_ERROR); - dherr: +dherr: DH_free(dh); dh = NULL; - done: +done: ASN1_STRING_clear_free(privkey); return dh; } --- crypto/openssl/crypto/dh/dh_check.c.orig +++ crypto/openssl/crypto/dh/dh_check.c @@ -63,7 +63,7 @@ * validity tests. */ return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, ret, NULL); + FFC_PARAM_TYPE_DH, ret, NULL); } #else int DH_check_params(const DH *dh, int *ret) @@ -97,7 +97,7 @@ *ret |= DH_MODULUS_TOO_LARGE; ok = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); return ok; @@ -220,7 +220,7 @@ *ret |= DH_CHECK_P_NOT_SAFE_PRIME; } ok = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); return ok; @@ -272,7 +272,7 @@ int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) { return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret) - && *ret == 0; + && *ret == 0; } int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) --- crypto/openssl/crypto/dh/dh_depr.c.orig +++ crypto/openssl/crypto/dh/dh_depr.c @@ -23,7 +23,7 @@ #include DH *DH_generate_parameters(int prime_len, int generator, - void (*callback) (int, int, void *), void *cb_arg) + void (*callback)(int, int, void *), void *cb_arg) { BN_GENCB *cb; DH *ret = NULL; --- crypto/openssl/crypto/dh/dh_err.c.orig +++ crypto/openssl/crypto/dh/dh_err.c @@ -14,61 +14,61 @@ #ifndef OPENSSL_NO_DH -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DH_str_reasons[] = { - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE), - "check invalid j value"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE), - "check invalid q value"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID), - "check pubkey invalid"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE), - "check pubkey too large"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL), - "check pubkey too small"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME), - "check p not safe prime"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME), - "invalid parameter name"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID), - "invalid parameter nid"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_SECRET), "invalid secret"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL), "modulus too small"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), - "not suitable generator"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), - "unable to check generator"}, - {0, NULL} + { ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE), + "check invalid j value" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE), + "check invalid q value" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID), + "check pubkey invalid" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE), + "check pubkey too large" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL), + "check pubkey too small" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME), + "check p not safe prime" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME), + "invalid parameter name" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID), + "invalid parameter nid" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_SECRET), "invalid secret" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL), "modulus too small" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), + "not suitable generator" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error" }, + { ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), + "unable to check generator" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_DH_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(DH_str_reasons[0].error) == NULL) ERR_load_strings_const(DH_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/dh/dh_gen.c.orig +++ crypto/openssl/crypto/dh/dh_gen.c @@ -32,24 +32,24 @@ #ifndef FIPS_MODULE static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - BN_GENCB *cb); + BN_GENCB *cb); #endif /* FIPS_MODULE */ int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, - BN_GENCB *cb) + BN_GENCB *cb) { int ret, res; #ifndef FIPS_MODULE if (type == DH_PARAMGEN_TYPE_FIPS_186_2) ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, - pbits, qbits, &res, cb); + FFC_PARAM_TYPE_DH, + pbits, qbits, &res, cb); else #endif ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, - pbits, qbits, &res, cb); + FFC_PARAM_TYPE_DH, + pbits, qbits, &res, cb); if (ret > 0) dh->dirty_cnt++; return ret; @@ -112,7 +112,7 @@ #endif /* FIPS_MODULE */ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, - BN_GENCB *cb) + BN_GENCB *cb) { #ifdef FIPS_MODULE if (generator != 2) @@ -153,7 +153,7 @@ * for 5, p mod 60 == 59 */ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - BN_GENCB *cb) + BN_GENCB *cb) { BIGNUM *t1, *t2; int g, ok = -1; @@ -221,7 +221,7 @@ goto err; ret->dirty_cnt++; ok = 1; - err: +err: if (ok == -1) { ERR_raise(ERR_LIB_DH, ERR_R_BN_LIB); ok = 0; --- crypto/openssl/crypto/dh/dh_group_params.c.orig +++ crypto/openssl/crypto/dh/dh_group_params.c @@ -68,8 +68,9 @@ return; if ((group = ossl_ffc_numbers_to_dh_named_group(dh->params.p, - dh->params.q, - dh->params.g)) != NULL) { + dh->params.q, + dh->params.g)) + != NULL) { if (dh->params.q == NULL) dh->params.q = (BIGNUM *)ossl_ffc_named_group_get_q(group); /* cache the nid and default key length */ --- crypto/openssl/crypto/dh/dh_kdf.c.orig +++ crypto/openssl/crypto/dh/dh_kdf.c @@ -26,11 +26,11 @@ /* Key derivation function from X9.63/SECG */ int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const char *cek_alg, - const unsigned char *ukm, size_t ukmlen, - const EVP_MD *md, - OSSL_LIB_CTX *libctx, const char *propq) + const unsigned char *Z, size_t Zlen, + const char *cek_alg, + const unsigned char *ukm, size_t ukmlen, + const EVP_MD *md, + OSSL_LIB_CTX *libctx, const char *propq) { int ret = 0; EVP_KDF_CTX *kctx = NULL; @@ -46,14 +46,14 @@ goto err; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)Z, Zlen); + (unsigned char *)Z, Zlen); if (ukm != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, - (unsigned char *)ukm, ukmlen); + (unsigned char *)ukm, ukmlen); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, - (char *)cek_alg, 0); + (char *)cek_alg, 0); *p = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, out, outlen, params) > 0; err: @@ -64,9 +64,9 @@ #if !defined(FIPS_MODULE) int DH_KDF_X9_42(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - ASN1_OBJECT *key_oid, - const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { char key_alg[OSSL_MAX_NAME_SIZE]; const OSSL_PROVIDER *prov = EVP_MD_get0_provider(md); @@ -76,6 +76,6 @@ return 0; return ossl_dh_kdf_X9_42_asn1(out, outlen, Z, Zlen, key_alg, - ukm, ukmlen, md, libctx, NULL); + ukm, ukmlen, md, libctx, NULL); } #endif /* !defined(FIPS_MODULE) */ --- crypto/openssl/crypto/dh/dh_key.c.orig +++ crypto/openssl/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,15 +21,15 @@ #include "crypto/security_bits.h" #ifdef FIPS_MODULE -# define MIN_STRENGTH 112 +#define MIN_STRENGTH 112 #else -# define MIN_STRENGTH 80 +#define MIN_STRENGTH 80 #endif static int generate_key(DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int dh_init(DH *dh); static int dh_finish(DH *dh); @@ -76,7 +76,7 @@ if (dh->flags & DH_FLAG_CACHE_MONT_P) { mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - dh->lock, dh->params.p, ctx); + dh->lock, dh->params.p, ctx); BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); if (!mont) goto err; @@ -84,7 +84,7 @@ /* (Step 1) Z = pub_key^priv_key mod p */ if (!dh->meth->bn_mod_exp(dh, z, pub_key, dh->priv_key, dh->params.p, ctx, - mont)) { + mont)) { ERR_raise(ERR_LIB_DH, ERR_R_BN_LIB); goto err; } @@ -100,7 +100,7 @@ /* return the padded key, i.e. same number of bytes as the modulus */ ret = BN_bn2binpad(z, key, BN_num_bytes(dh->params.p)); - err: +err: BN_clear(z); /* (Step 2) destroy intermediate values */ BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -187,8 +187,8 @@ } static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); } @@ -223,7 +223,7 @@ } int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh, - const BIGNUM *priv_key, BIGNUM *pub_key) + const BIGNUM *priv_key, BIGNUM *pub_key) { int ret = 0; BIGNUM *prk = BN_new(); @@ -250,7 +250,7 @@ /* pub_key = g^priv_key mod p */ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->params.g, prk, dh->params.p, - ctx, mont)) + ctx, mont)) goto err; ret = 1; err: @@ -263,7 +263,7 @@ int ok = 0; int generate_new_key = 0; #ifndef FIPS_MODULE - unsigned l; + int l; #endif BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -307,15 +307,14 @@ if (generate_new_key) { /* Is it an approved safe prime ?*/ if (DH_get_nid(dh) != NID_undef) { - int max_strength = - ossl_ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p)); + int max_strength = ossl_ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p)); if (dh->params.q == NULL || dh->length > BN_num_bits(dh->params.q)) goto err; /* dh->length = maximum bit length of generated private key */ if (!ossl_ffc_generate_private_key(ctx, &dh->params, dh->length, - max_strength, priv_key)) + max_strength, priv_key)) goto err; } else { #ifdef FIPS_MODULE @@ -323,13 +322,15 @@ goto err; #else if (dh->params.q == NULL) { - /* secret exponent length, must satisfy 2^(l-1) <= p */ - if (dh->length != 0 - && dh->length >= BN_num_bits(dh->params.p)) + /* secret exponent length, must satisfy 2^l < (p-1)/2 */ + l = BN_num_bits(dh->params.p); + if (dh->length >= l) goto err; - l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1; + l -= 2; + if (dh->length != 0 && dh->length < l) + l = dh->length; if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE, - BN_RAND_BOTTOM_ANY, 0, ctx)) + BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; /* * We handle just one known case where g is a quadratic non-residue: @@ -346,7 +347,7 @@ { /* Do a partial check for invalid p, q, g */ if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, NULL)) + FFC_PARAM_TYPE_DH, NULL)) goto err; /* * For FFC FIPS 186-4 keygen @@ -354,9 +355,9 @@ * Max Private key size N = len(q) */ if (!ossl_ffc_generate_private_key(ctx, &dh->params, - BN_num_bits(dh->params.q), - MIN_STRENGTH, - priv_key)) + BN_num_bits(dh->params.q), + MIN_STRENGTH, + priv_key)) goto err; } } @@ -369,7 +370,7 @@ dh->priv_key = priv_key; dh->dirty_cnt++; ok = 1; - err: +err: if (ok != 1) ERR_raise(ERR_LIB_DH, ERR_R_BN_LIB); @@ -410,7 +411,7 @@ } size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, - int alloc) + int alloc) { const BIGNUM *pubkey; unsigned char *pbuf = NULL; @@ -420,8 +421,8 @@ DH_get0_pqg(dh, &p, NULL, NULL); DH_get0_key(dh, &pubkey, NULL); if (p == NULL || pubkey == NULL - || (p_size = BN_num_bytes(p)) == 0 - || BN_num_bytes(pubkey) == 0) { + || (p_size = BN_num_bytes(p)) == 0 + || BN_num_bytes(pubkey) == 0) { ERR_raise(ERR_LIB_DH, DH_R_INVALID_PUBKEY); return 0; } --- crypto/openssl/crypto/dh/dh_lib.c.orig +++ crypto/openssl/crypto/dh/dh_lib.c @@ -16,7 +16,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include #include @@ -53,12 +53,12 @@ { return dh->meth; } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 DH *DH_new(void) { return dh_new_intern(NULL, NULL); } -# endif +#endif DH *DH_new_method(ENGINE *engine) { @@ -91,7 +91,7 @@ ret->libctx = libctx; ret->meth = DH_get_default_method(); #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ret->flags = ret->meth->flags; /* early default init */ + ret->flags = ret->meth->flags; /* early default init */ if (engine) { if (!ENGINE_init(engine)) { ERR_raise(ERR_LIB_DH, ERR_R_ENGINE_LIB); @@ -125,7 +125,7 @@ return ret; - err: +err: DH_free(ret); return NULL; } @@ -146,9 +146,9 @@ if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #if !defined(FIPS_MODULE) -# if !defined(OPENSSL_NO_ENGINE) +#if !defined(OPENSSL_NO_ENGINE) ENGINE_finish(r->engine); -# endif +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); #endif @@ -219,7 +219,7 @@ } void DH_get0_pqg(const DH *dh, - const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { ossl_ffc_params_get0_pqg(&dh->params, p, q, g); } --- crypto/openssl/crypto/dh/dh_local.h.orig +++ crypto/openssl/crypto/dh/dh_local.h @@ -11,7 +11,7 @@ #include "internal/refcount.h" #include "internal/ffc.h" -#define DH_MIN_MODULUS_BITS 512 +#define DH_MIN_MODULUS_BITS 512 struct dh_st { /* @@ -23,8 +23,8 @@ FFC_PARAMS params; /* max generated private key length (can be less than len(q)) */ int32_t length; - BIGNUM *pub_key; /* g^x % p */ - BIGNUM *priv_key; /* x */ + BIGNUM *pub_key; /* g^x % p */ + BIGNUM *priv_key; /* x */ int flags; BN_MONT_CTX *method_mont_p; CRYPTO_REF_COUNT references; @@ -43,18 +43,18 @@ struct dh_method { char *name; /* Methods here */ - int (*generate_key) (DH *dh); - int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); + int (*generate_key)(DH *dh); + int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh); /* Can be null */ - int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); - int (*init) (DH *dh); - int (*finish) (DH *dh); + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + int (*init)(DH *dh); + int (*finish)(DH *dh); int flags; char *app_data; /* If this is non-NULL, it will be used to generate parameters */ - int (*generate_params) (DH *dh, int prime_len, int generator, - BN_GENCB *cb); + int (*generate_params)(DH *dh, int prime_len, int generator, + BN_GENCB *cb); }; --- crypto/openssl/crypto/dh/dh_meth.c.orig +++ crypto/openssl/crypto/dh/dh_meth.c @@ -103,41 +103,38 @@ return 1; } -int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *) +int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *) { return dhm->generate_key; } -int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)) +int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)) { dhm->generate_key = generate_key; return 1; } -int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) - (unsigned char *key, const BIGNUM *pub_key, DH *dh) +int (*DH_meth_get_compute_key(const DH_METHOD *dhm))(unsigned char *key, const BIGNUM *pub_key, DH *dh) { return dhm->compute_key; } int DH_meth_set_compute_key(DH_METHOD *dhm, - int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)) + int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)) { dhm->compute_key = compute_key; return 1; } - -int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) - (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *, BN_MONT_CTX *) +int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))(const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *) { return dhm->bn_mod_exp; } int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, - int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) + int (*bn_mod_exp)(const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) { dhm->bn_mod_exp = bn_mod_exp; return 1; @@ -154,25 +151,24 @@ return 1; } -int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *) +int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *) { return dhm->finish; } -int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)) +int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)) { dhm->finish = finish; return 1; } -int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) - (DH *, int, int, BN_GENCB *) +int (*DH_meth_get_generate_params(const DH_METHOD *dhm))(DH *, int, int, BN_GENCB *) { return dhm->generate_params; } int DH_meth_set_generate_params(DH_METHOD *dhm, - int (*generate_params) (DH *, int, int, BN_GENCB *)) + int (*generate_params)(DH *, int, int, BN_GENCB *)) { dhm->generate_params = generate_params; return 1; --- crypto/openssl/crypto/dh/dh_pmeth.c.orig +++ crypto/openssl/crypto/dh/dh_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -82,7 +82,6 @@ } } - static int pkey_dh_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) { DH_PKEY_CTX *dctx, *sctx; @@ -107,7 +106,7 @@ if (sctx->kdf_ukm != NULL) { dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); if (dctx->kdf_ukm == NULL) - return 0; + return 0; dctx->kdf_ukmlen = sctx->kdf_ukmlen; } dctx->kdf_outlen = sctx->kdf_outlen; @@ -217,12 +216,11 @@ default: return -2; - } } static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) + const char *type, const char *value) { if (strcmp(type, "dh_paramgen_prime_len") == 0) { int len; @@ -274,7 +272,7 @@ } static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx, - BN_GENCB *pcb) + BN_GENCB *pcb) { DH *ret; int rv = 0; @@ -298,20 +296,20 @@ if (dctx->md != NULL) ossl_ffc_set_digest(&ret->params, EVP_MD_get0_name(dctx->md), NULL); -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2) rv = ossl_ffc_params_FIPS186_2_generate(libctx, &ret->params, - FFC_PARAM_TYPE_DH, - prime_len, subprime_len, &res, - pcb); + FFC_PARAM_TYPE_DH, + prime_len, subprime_len, &res, + pcb); else -# endif - /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */ - if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) - rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params, - FFC_PARAM_TYPE_DH, - prime_len, subprime_len, &res, - pcb); +#endif + /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */ + if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) + rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params, + FFC_PARAM_TYPE_DH, + prime_len, subprime_len, &res, + pcb); if (rv <= 0) { DH_free(ret); return NULL; @@ -320,7 +318,7 @@ } static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey) + EVP_PKEY *pkey) { DH *dh = NULL; DH_PKEY_CTX *dctx = ctx->data; @@ -347,9 +345,9 @@ return 0; evp_pkey_set_cb_translate(pcb, ctx); } -# ifdef FIPS_MODULE +#ifdef FIPS_MODULE dctx->paramgen_type = DH_PARAMGEN_TYPE_FIPS_186_4; -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) { dh = ffc_params_generate(NULL, dctx, pcb); BN_GENCB_free(pcb); @@ -364,7 +362,7 @@ return 0; } ret = DH_generate_parameters_ex(dh, - dctx->prime_len, dctx->generator, pcb); + dctx->prime_len, dctx->generator, pcb); BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DH(pkey, dh); @@ -396,7 +394,7 @@ } static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) + size_t *keylen) { int ret; DH *dh; @@ -410,7 +408,7 @@ } dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey); dhpub = EVP_PKEY_get0_DH(ctx->peerkey); - if (dhpub == NULL) { + if (dhpub == NULL || dh == NULL) { ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET); return 0; } @@ -424,12 +422,11 @@ ret = DH_compute_key_padded(key, dhpubbn, dh); else ret = DH_compute_key(key, dhpubbn, dh); - if (ret < 0) + if (ret <= 0) return ret; *keylen = ret; return 1; - } - else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { unsigned char *Z = NULL; int Zlen = 0; @@ -452,11 +449,11 @@ if (DH_compute_key_padded(Z, dhpubbn, dh) <= 0) goto err; if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid, - dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) + dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) goto err; *keylen = dctx->kdf_outlen; ret = 1; - err: + err: OPENSSL_clear_free(Z, Zlen); return ret; } --- crypto/openssl/crypto/dh/dh_rfc5114.c.orig +++ crypto/openssl/crypto/dh/dh_rfc5114.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,22 +25,22 @@ * because they get wiped using BN_clear_free() when DH_free() is called. */ -#define make_dh(x) \ -DH *DH_get_##x(void) \ -{ \ - DH *dh = DH_new(); \ -\ - if (dh == NULL) \ - return NULL; \ - dh->params.p = BN_dup(&ossl_bignum_dh##x##_p); \ - dh->params.g = BN_dup(&ossl_bignum_dh##x##_g); \ - dh->params.q = BN_dup(&ossl_bignum_dh##x##_q); \ - if (dh->params.p == NULL || dh->params.q == NULL || dh->params.g == NULL) {\ - DH_free(dh); \ - return NULL; \ - } \ - return dh; \ -} +#define make_dh(x) \ + DH *DH_get_##x(void) \ + { \ + DH *dh = DH_new(); \ + \ + if (dh == NULL) \ + return NULL; \ + dh->params.p = BN_dup(&ossl_bignum_dh##x##_p); \ + dh->params.g = BN_dup(&ossl_bignum_dh##x##_g); \ + dh->params.q = BN_dup(&ossl_bignum_dh##x##_q); \ + if (dh->params.p == NULL || dh->params.q == NULL || dh->params.g == NULL) { \ + DH_free(dh); \ + return NULL; \ + } \ + return dh; \ + } make_dh(1024_160) make_dh(2048_224) --- crypto/openssl/crypto/dllmain.c.orig +++ crypto/openssl/crypto/dllmain.c @@ -11,14 +11,14 @@ #include "crypto/cryptlib.h" #if defined(_WIN32) || defined(__CYGWIN__) -# ifdef __CYGWIN__ +#ifdef __CYGWIN__ /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ -# include +#include /* * this has side-effect of _WIN32 getting defined, which otherwise is * mutually exclusive with __CYGWIN__... */ -# endif +#endif /* * All we really need to do is remove the 'error' state when a thread @@ -43,4 +43,3 @@ return TRUE; } #endif - --- crypto/openssl/crypto/dsa/dsa_ameth.c.orig +++ crypto/openssl/crypto/dsa/dsa_ameth.c @@ -77,11 +77,10 @@ EVP_PKEY_assign_DSA(pkey, dsa); return 1; - err: +err: ASN1_INTEGER_free(public_key); DSA_free(dsa); return 0; - } static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) @@ -135,7 +134,7 @@ if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen)) return 1; - err: +err: OPENSSL_free(penc); ASN1_STRING_free(str); @@ -167,7 +166,7 @@ unsigned char *dp = NULL; int dplen; - if (pkey->pkey.dsa == NULL|| pkey->pkey.dsa->priv_key == NULL) { + if (pkey->pkey.dsa == NULL || pkey->pkey.dsa->priv_key == NULL) { ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PARAMETERS); goto err; } @@ -204,13 +203,13 @@ } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) { + V_ASN1_SEQUENCE, params, dp, dplen)) { OPENSSL_clear_free(dp, dplen); goto err; } return 1; - err: +err: ASN1_STRING_free(params); return 0; } @@ -313,12 +312,12 @@ if (!ossl_ffc_params_print(bp, &x->params, off)) goto err; ret = 1; - err: +err: return ret; } static int dsa_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) + const unsigned char **pder, int derlen) { DSA *dsa; @@ -336,25 +335,25 @@ } static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); } static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); } static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); } static int old_dsa_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) + const unsigned char **pder, int derlen) { DSA *dsa; @@ -373,7 +372,7 @@ } static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) + const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) { DSA_SIG *dsa_sig; const unsigned char *p; @@ -400,7 +399,7 @@ if (!ASN1_bn_print(bp, "s: ", s, NULL, indent)) goto err; rv = 1; - err: + err: DSA_SIG_free(dsa_sig); return rv; } @@ -427,8 +426,8 @@ } static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq) { DSA *dsa = from->pkey.dsa; OSSL_PARAM_BLD *tmpl; @@ -453,13 +452,13 @@ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; if (pub_key != NULL) { if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - pub_key)) + pub_key)) goto err; selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; } if (priv_key != NULL) { if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, - priv_key)) + priv_key)) goto err; selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; } @@ -471,7 +470,7 @@ rv = importer(to_keydata, selection, params); OSSL_PARAM_free(params); - err: +err: OSSL_PARAM_BLD_free(tmpl); return rv; } @@ -518,67 +517,61 @@ const EVP_PKEY_ASN1_METHOD ossl_dsa_asn1_meths[5] = { - { - EVP_PKEY_DSA2, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA1, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA4, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA3, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA, - EVP_PKEY_DSA, - 0, - - "DSA", - "OpenSSL DSA method", - - dsa_pub_decode, - dsa_pub_encode, - dsa_pub_cmp, - dsa_pub_print, - - dsa_priv_decode, - dsa_priv_encode, - dsa_priv_print, - - int_dsa_size, - dsa_bits, - dsa_security_bits, - - dsa_param_decode, - dsa_param_encode, - dsa_missing_parameters, - dsa_copy_parameters, - dsa_cmp_parameters, - dsa_param_print, - dsa_sig_print, - - int_dsa_free, - dsa_pkey_ctrl, - old_dsa_priv_decode, - old_dsa_priv_encode, - - NULL, NULL, NULL, - NULL, NULL, NULL, - NULL, NULL, NULL, NULL, - - dsa_pkey_dirty_cnt, - dsa_pkey_export_to, - dsa_pkey_import_from, - dsa_pkey_copy - } + { EVP_PKEY_DSA2, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS }, + + { EVP_PKEY_DSA1, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS }, + + { EVP_PKEY_DSA4, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS }, + + { EVP_PKEY_DSA3, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS }, + + { EVP_PKEY_DSA, + EVP_PKEY_DSA, + 0, + + "DSA", + "OpenSSL DSA method", + + dsa_pub_decode, + dsa_pub_encode, + dsa_pub_cmp, + dsa_pub_print, + + dsa_priv_decode, + dsa_priv_encode, + dsa_priv_print, + + int_dsa_size, + dsa_bits, + dsa_security_bits, + + dsa_param_decode, + dsa_param_encode, + dsa_missing_parameters, + dsa_copy_parameters, + dsa_cmp_parameters, + dsa_param_print, + dsa_sig_print, + + int_dsa_free, + dsa_pkey_ctrl, + old_dsa_priv_decode, + old_dsa_priv_encode, + + NULL, NULL, NULL, + NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + + dsa_pkey_dirty_cnt, + dsa_pkey_export_to, + dsa_pkey_import_from, + dsa_pkey_copy } }; --- crypto/openssl/crypto/dsa/dsa_asn1.c.orig +++ crypto/openssl/crypto/dsa/dsa_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ /* Override the default free and new methods */ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DSA_new(); @@ -39,29 +39,29 @@ } ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { - ASN1_EMBED(DSA, version, INT32), - ASN1_SIMPLE(DSA, params.p, BIGNUM), - ASN1_SIMPLE(DSA, params.q, BIGNUM), - ASN1_SIMPLE(DSA, params.g, BIGNUM), - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_SIMPLE(DSA, priv_key, CBIGNUM) + ASN1_EMBED(DSA, version, INT32), + ASN1_SIMPLE(DSA, params.p, BIGNUM), + ASN1_SIMPLE(DSA, params.q, BIGNUM), + ASN1_SIMPLE(DSA, params.g, BIGNUM), + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_SIMPLE(DSA, priv_key, CBIGNUM) } static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey) ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { - ASN1_SIMPLE(DSA, params.p, BIGNUM), - ASN1_SIMPLE(DSA, params.q, BIGNUM), - ASN1_SIMPLE(DSA, params.g, BIGNUM), + ASN1_SIMPLE(DSA, params.p, BIGNUM), + ASN1_SIMPLE(DSA, params.q, BIGNUM), + ASN1_SIMPLE(DSA, params.g, BIGNUM), } static_ASN1_SEQUENCE_END_cb(DSA, DSAparams) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams) ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = { - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_SIMPLE(DSA, params.p, BIGNUM), - ASN1_SIMPLE(DSA, params.q, BIGNUM), - ASN1_SIMPLE(DSA, params.g, BIGNUM) + ASN1_SIMPLE(DSA, pub_key, BIGNUM), + ASN1_SIMPLE(DSA, params.p, BIGNUM), + ASN1_SIMPLE(DSA, params.q, BIGNUM), + ASN1_SIMPLE(DSA, params.g, BIGNUM) } static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey) --- crypto/openssl/crypto/dsa/dsa_backend.c.orig +++ crypto/openssl/crypto/dsa/dsa_backend.c @@ -16,7 +16,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include "crypto/dsa.h" #include "dsa_local.h" @@ -28,7 +28,7 @@ */ int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[], - int include_private) + int include_private) { const OSSL_PARAM *param_priv_key = NULL, *param_pub_key; BIGNUM *priv_key = NULL, *pub_key = NULL; @@ -37,11 +37,9 @@ return 0; if (include_private) { - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); } - param_pub_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); /* It's ok if neither half is present */ if (param_priv_key == NULL && param_pub_key == NULL) @@ -57,7 +55,7 @@ return 1; - err: +err: BN_clear_free(priv_key); BN_free(pub_key); return 0; @@ -108,20 +106,20 @@ #ifndef FIPS_MODULE if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_DSA, - &dupkey->ex_data, &dsa->ex_data)) + &dupkey->ex_data, &dsa->ex_data)) goto err; #endif return dupkey; - err: +err: DSA_free(dupkey); return NULL; } #ifndef FIPS_MODULE DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { const unsigned char *p, *pm; int pklen, pmlen; @@ -180,14 +178,14 @@ goto done; - decerr: +decerr: ERR_raise(ERR_LIB_DSA, DSA_R_DECODE_ERROR); - dsaerr: +dsaerr: BN_free(dsa_privkey); BN_free(dsa_pubkey); DSA_free(dsa); dsa = NULL; - done: +done: BN_CTX_free(ctx); ASN1_STRING_clear_free(privkey); return dsa; --- crypto/openssl/crypto/dsa/dsa_check.c.orig +++ crypto/openssl/crypto/dsa/dsa_check.c @@ -49,7 +49,7 @@ if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK) return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, ret); + FFC_PARAM_TYPE_DSA, ret); else /* * Do full FFC domain params validation according to FIPS-186-4 @@ -57,7 +57,7 @@ * - only if possible (i.e., seed is set) in default provider */ return ossl_ffc_params_full_validate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, ret); + FFC_PARAM_TYPE_DSA, ret); } /* @@ -69,7 +69,7 @@ return 0; return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) - && *ret == 0; + && *ret == 0; } /* @@ -83,7 +83,7 @@ return 0; return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) - && *ret == 0; + && *ret == 0; } int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) --- crypto/openssl/crypto/dsa/dsa_depr.c.orig +++ crypto/openssl/crypto/dsa/dsa_depr.c @@ -29,10 +29,10 @@ #include DSA *DSA_generate_parameters(int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback) (int, int, void *), - void *cb_arg) + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), + void *cb_arg) { BN_GENCB *cb; DSA *ret; @@ -46,7 +46,7 @@ BN_GENCB_set_old(cb, callback, cb_arg); if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb)) { + counter_ret, h_ret, cb)) { BN_GENCB_free(cb); return ret; } --- crypto/openssl/crypto/dsa/dsa_err.c.orig +++ crypto/openssl/crypto/dsa/dsa_err.c @@ -14,40 +14,40 @@ #ifndef OPENSSL_NO_DSA -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DSA_str_reasons[] = { - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), - "invalid digest type"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_P_NOT_PRIME), "p not prime"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL), - "seed_len is less than the length of q"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_TOO_MANY_RETRIES), "too many retries"}, - {0, NULL} + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), + "invalid digest type" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), + "missing private key" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_P_NOT_PRIME), "p not prime" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL), + "seed_len is less than the length of q" }, + { ERR_PACK(ERR_LIB_DSA, 0, DSA_R_TOO_MANY_RETRIES), "too many retries" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_DSA_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(DSA_str_reasons[0].error) == NULL) ERR_load_strings_const(DSA_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/dsa/dsa_gen.c.orig +++ crypto/openssl/crypto/dsa/dsa_gen.c @@ -24,20 +24,20 @@ #include "dsa_local.h" int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, - BN_GENCB *cb) + BN_GENCB *cb) { int ret = 0, res; #ifndef FIPS_MODULE if (type == DSA_PARAMGEN_TYPE_FIPS_186_2) ret = ossl_ffc_params_FIPS186_2_generate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, - pbits, qbits, &res, cb); + FFC_PARAM_TYPE_DSA, + pbits, qbits, &res, cb); else #endif ret = ossl_ffc_params_FIPS186_4_generate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, - pbits, qbits, &res, cb); + FFC_PARAM_TYPE_DSA, + pbits, qbits, &res, cb); if (ret > 0) dsa->dirty_cnt++; return ret; @@ -45,26 +45,26 @@ #ifndef FIPS_MODULE int DSA_generate_parameters_ex(DSA *dsa, int bits, - const unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb) + const unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb) { if (dsa->meth->dsa_paramgen) return dsa->meth->dsa_paramgen(dsa, bits, seed_in, seed_len, - counter_ret, h_ret, cb); + counter_ret, h_ret, cb); if (seed_in != NULL && !ossl_ffc_params_set_validate_params(&dsa->params, seed_in, seed_len, - -1)) + -1)) return 0; /* The old code used FIPS 186-2 DSA Parameter generation */ if (bits < 2048 && seed_len <= 20) { if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2, - bits, 160, cb)) + bits, 160, cb)) return 0; } else { if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_4, - bits, 0, cb)) + bits, 0, cb)) return 0; } --- crypto/openssl/crypto/dsa/dsa_key.c.orig +++ crypto/openssl/crypto/dsa/dsa_key.c @@ -23,9 +23,9 @@ #include "dsa_local.h" #ifdef FIPS_MODULE -# define MIN_STRENGTH 112 +#define MIN_STRENGTH 112 #else -# define MIN_STRENGTH 80 +#define MIN_STRENGTH 80 #endif static int dsa_keygen(DSA *dsa, int pairwise_test); @@ -41,7 +41,7 @@ } int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, - const BIGNUM *priv_key, BIGNUM *pub_key) + const BIGNUM *priv_key, BIGNUM *pub_key) { int ret = 0; BIGNUM *prk = BN_new(); @@ -77,7 +77,7 @@ /* Do a partial check for invalid p, q, g */ if (!ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, NULL)) + FFC_PARAM_TYPE_DSA, NULL)) goto err; /* @@ -86,8 +86,8 @@ * Max Private key size N = len(q) */ if (!ossl_ffc_generate_private_key(ctx, &dsa->params, - BN_num_bits(dsa->params.q), - MIN_STRENGTH, priv_key)) + BN_num_bits(dsa->params.q), + MIN_STRENGTH, priv_key)) goto err; if (dsa->pub_key == NULL) { @@ -126,7 +126,7 @@ } dsa->dirty_cnt++; - err: +err: if (pub_key != dsa->pub_key) BN_free(pub_key); if (priv_key != dsa->priv_key) @@ -143,7 +143,7 @@ static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg) { int ret = 0; - unsigned char dgst[16] = {0}; + unsigned char dgst[16] = { 0 }; unsigned int dgst_len = (unsigned int)sizeof(dgst); DSA_SIG *sig = NULL; OSSL_SELF_TEST *st = NULL; @@ -153,7 +153,7 @@ goto err; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, - OSSL_SELF_TEST_DESC_PCT_DSA); + OSSL_SELF_TEST_DESC_PCT_DSA); sig = DSA_do_sign(dgst, (int)dgst_len, dsa); if (sig == NULL) --- crypto/openssl/crypto/dsa/dsa_lib.c.orig +++ crypto/openssl/crypto/dsa/dsa_lib.c @@ -15,7 +15,7 @@ #include #ifndef FIPS_MODULE -# include +#include #endif #include "internal/cryptlib.h" #include "internal/refcount.h" @@ -37,7 +37,7 @@ return CRYPTO_get_ex_data(&d->ex_data, idx); } -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH DH *DSA_dup_DH(const DSA *r) { /* @@ -75,13 +75,13 @@ return ret; - err: +err: BN_free(pub_key); BN_free(priv_key); DH_free(ret); return NULL; } -# endif /* OPENSSL_NO_DH */ +#endif /* OPENSSL_NO_DH */ void DSA_clear_flags(DSA *d, int flags) { @@ -124,7 +124,6 @@ } #endif /* FIPS_MODULE */ - const DSA_METHOD *DSA_get_method(DSA *d) { return d->meth; @@ -172,7 +171,7 @@ #ifndef FIPS_MODULE if (!ossl_crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, - &ret->ex_data)) + &ret->ex_data)) goto err; #endif @@ -185,7 +184,7 @@ return ret; - err: +err: DSA_free(ret); return NULL; } @@ -256,7 +255,7 @@ } void DSA_get0_pqg(const DSA *d, - const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { ossl_ffc_params_get0_pqg(&d->params, p, q, g); } @@ -303,7 +302,7 @@ } void DSA_get0_key(const DSA *d, - const BIGNUM **pub_key, const BIGNUM **priv_key) + const BIGNUM **pub_key, const BIGNUM **priv_key) { if (pub_key != NULL) *pub_key = d->pub_key; @@ -330,7 +329,7 @@ { if (d->params.p != NULL && d->params.q != NULL) return BN_security_bits(BN_num_bits(d->params.p), - BN_num_bits(d->params.q)); + BN_num_bits(d->params.q)); return -1; } --- crypto/openssl/crypto/dsa/dsa_local.h.orig +++ crypto/openssl/crypto/dsa/dsa_local.h @@ -19,8 +19,8 @@ int pad; int32_t version; FFC_PARAMS params; - BIGNUM *pub_key; /* y public key */ - BIGNUM *priv_key; /* x private key */ + BIGNUM *pub_key; /* y public key */ + BIGNUM *priv_key; /* x private key */ int flags; /* Normally used to cache montgomery values */ BN_MONT_CTX *method_mont_p; @@ -45,28 +45,28 @@ struct dsa_method { char *name; - DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); - int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1, - const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); + DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); + int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, const BIGNUM *a1, + const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); /* Can be null */ - int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - int (*init) (DSA *dsa); - int (*finish) (DSA *dsa); + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*init)(DSA *dsa); + int (*finish)(DSA *dsa); int flags; void *app_data; /* If this is non-NULL, it is used to generate DSA parameters */ - int (*dsa_paramgen) (DSA *dsa, int bits, - const unsigned char *seed, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb); + int (*dsa_paramgen)(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); /* If this is non-NULL, it is used to generate DSA keys */ - int (*dsa_keygen) (DSA *dsa); + int (*dsa_keygen)(DSA *dsa); }; DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa); --- crypto/openssl/crypto/dsa/dsa_meth.c.orig +++ crypto/openssl/crypto/dsa/dsa_meth.c @@ -104,71 +104,66 @@ return 1; } -DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA *) +DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, int, DSA *) { return dsam->dsa_do_sign; } int DSA_meth_set_sign(DSA_METHOD *dsam, - DSA_SIG *(*sign) (const unsigned char *, int, DSA *)) + DSA_SIG *(*sign)(const unsigned char *, int, DSA *)) { dsam->dsa_do_sign = sign; return 1; } -int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) - (DSA *, BN_CTX *, BIGNUM **, BIGNUM **) +int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *, BIGNUM **, BIGNUM **) { return dsam->dsa_sign_setup; } int DSA_meth_set_sign_setup(DSA_METHOD *dsam, - int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)) + int (*sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **)) { dsam->dsa_sign_setup = sign_setup; return 1; } -int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA_SIG *, DSA *) +int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, int, DSA_SIG *, DSA *) { return dsam->dsa_do_verify; } int DSA_meth_set_verify(DSA_METHOD *dsam, - int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)) + int (*verify)(const unsigned char *, int, DSA_SIG *, DSA *)) { dsam->dsa_do_verify = verify; return 1; } -int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *) +int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *) { return dsam->dsa_mod_exp; } int DSA_meth_set_mod_exp(DSA_METHOD *dsam, - int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *)) + int (*mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)) { dsam->dsa_mod_exp = mod_exp; return 1; } -int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *) +int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *) { return dsam->bn_mod_exp; } int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, - int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) + int (*bn_mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) { dsam->bn_mod_exp = bn_mod_exp; return 1; @@ -185,38 +180,37 @@ return 1; } -int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *) +int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *) { return dsam->finish; } -int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)) +int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)) { dsam->finish = finish; return 1; } -int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) - (DSA *, int, const unsigned char *, int, int *, unsigned long *, - BN_GENCB *) +int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *) { return dsam->dsa_paramgen; } int DSA_meth_set_paramgen(DSA_METHOD *dsam, - int (*paramgen) (DSA *, int, const unsigned char *, int, int *, - unsigned long *, BN_GENCB *)) + int (*paramgen)(DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)) { dsam->dsa_paramgen = paramgen; return 1; } -int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *) +int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *) { return dsam->dsa_keygen; } -int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)) +int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)) { dsam->dsa_keygen = keygen; return 1; --- crypto/openssl/crypto/dsa/dsa_ossl.c.orig +++ crypto/openssl/crypto/dsa/dsa_ossl.c @@ -21,28 +21,28 @@ #include "dsa_local.h" #include -#define MIN_DSA_SIGN_QBITS 128 +#define MIN_DSA_SIGN_QBITS 128 #define MAX_DSA_SIGN_RETRIES 8 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); + BIGNUM **rp); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp, const unsigned char *dgst, int dlen); + BIGNUM **rp, const unsigned char *dgst, int dlen); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); + DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, - BN_CTX *ctx); + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", dsa_do_sign, dsa_sign_setup_no_digest, dsa_do_verify, - NULL, /* dsa_mod_exp, */ - NULL, /* dsa_bn_mod_exp, */ + NULL, /* dsa_mod_exp, */ + NULL, /* dsa_bn_mod_exp, */ dsa_init, dsa_finish, DSA_FLAG_FIPS_METHOD, @@ -109,7 +109,7 @@ if (tmp == NULL) goto err; - redo: +redo: if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen)) goto err; @@ -139,7 +139,7 @@ */ do { if (!BN_priv_rand_ex(blind, BN_num_bits(dsa->params.q) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; } while (BN_is_zero(blind)); BN_set_flags(blind, BN_FLG_CONSTTIME); @@ -184,7 +184,7 @@ goto redo; } rv = 1; - err: +err: if (rv == 0) { ERR_raise(ERR_LIB_DSA, reason); DSA_SIG_free(ret); @@ -201,14 +201,14 @@ } static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp) + BIGNUM **kinvp, BIGNUM **rp) { return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0); } static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp, - const unsigned char *dgst, int dlen) + BIGNUM **kinvp, BIGNUM **rp, + const unsigned char *dgst, int dlen) { BN_CTX *ctx = NULL; BIGNUM *k, *kinv = NULL, *r = *rp; @@ -263,8 +263,8 @@ * This protects the private key from a weak PRNG. */ if (!ossl_bn_gen_dsa_nonce_fixed_top(k, dsa->params.q, - dsa->priv_key, dgst, - dlen, ctx)) + dsa->priv_key, dgst, + dlen, ctx)) goto err; } else if (!ossl_bn_priv_rand_range_fixed_top(k, dsa->params.q, 0, ctx)) goto err; @@ -275,7 +275,7 @@ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, - dsa->lock, dsa->params.p, ctx)) + dsa->lock, dsa->params.p, ctx)) goto err; } @@ -301,13 +301,13 @@ BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); if ((dsa)->meth->bn_mod_exp != NULL) { - if (!dsa->meth->bn_mod_exp(dsa, r, dsa->params.g, k, dsa->params.p, - ctx, dsa->method_mont_p)) - goto err; + if (!dsa->meth->bn_mod_exp(dsa, r, dsa->params.g, k, dsa->params.p, + ctx, dsa->method_mont_p)) + goto err; } else { - if (!BN_mod_exp_mont(r, dsa->params.g, k, dsa->params.p, ctx, - dsa->method_mont_p)) - goto err; + if (!BN_mod_exp_mont(r, dsa->params.g, k, dsa->params.p, ctx, + dsa->method_mont_p)) + goto err; } if (!BN_mod(r, r, dsa->params.q, ctx)) @@ -321,7 +321,7 @@ *kinvp = kinv; kinv = NULL; ret = 1; - err: +err: if (!ret) ERR_raise(ERR_LIB_DSA, ERR_R_BN_LIB); if (ctx != ctx_in) @@ -332,7 +332,7 @@ } static int dsa_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa) + DSA_SIG *sig, DSA *dsa) { BN_CTX *ctx; BIGNUM *u1, *u2, *t1; @@ -367,13 +367,11 @@ DSA_SIG_get0(sig, &r, &s); - if (BN_is_zero(r) || BN_is_negative(r) || - BN_ucmp(r, dsa->params.q) >= 0) { + if (BN_is_zero(r) || BN_is_negative(r) || BN_ucmp(r, dsa->params.q) >= 0) { ret = 0; goto err; } - if (BN_is_zero(s) || BN_is_negative(s) || - BN_ucmp(s, dsa->params.q) >= 0) { + if (BN_is_zero(s) || BN_is_negative(s) || BN_ucmp(s, dsa->params.q) >= 0) { ret = 0; goto err; } @@ -405,18 +403,18 @@ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, - dsa->lock, dsa->params.p, ctx); + dsa->lock, dsa->params.p, ctx); if (!mont) goto err; } if (dsa->meth->dsa_mod_exp != NULL) { if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->params.g, u1, dsa->pub_key, u2, - dsa->params.p, ctx, mont)) + dsa->params.p, ctx, mont)) goto err; } else { if (!BN_mod_exp2_mont(t1, dsa->params.g, u1, dsa->pub_key, u2, - dsa->params.p, ctx, mont)) + dsa->params.p, ctx, mont)) goto err; } @@ -429,7 +427,7 @@ */ ret = (BN_ucmp(u1, r) == 0); - err: +err: if (ret < 0) ERR_raise(ERR_LIB_DSA, ERR_R_BN_LIB); BN_CTX_free(ctx); @@ -460,7 +458,7 @@ * BIGNUM is returned which the caller must free. */ static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, - BN_CTX *ctx) + BN_CTX *ctx) { BIGNUM *res = NULL; BIGNUM *r, *e; @@ -470,9 +468,9 @@ BN_CTX_start(ctx); if ((e = BN_CTX_get(ctx)) != NULL - && BN_set_word(r, 2) - && BN_sub(e, q, r) - && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) + && BN_set_word(r, 2) + && BN_sub(e, q, r) + && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) res = r; else BN_free(r); --- crypto/openssl/crypto/dsa/dsa_pmeth.c.orig +++ crypto/openssl/crypto/dsa/dsa_pmeth.c @@ -26,13 +26,13 @@ typedef struct { /* Parameter gen parameters */ - int nbits; /* size of p in bits (default: 2048) */ - int qbits; /* size of q in bits (default: 224) */ - const EVP_MD *pmd; /* MD for parameter generation */ + int nbits; /* size of p in bits (default: 2048) */ + int qbits; /* size of q in bits (default: 224) */ + const EVP_MD *pmd; /* MD for parameter generation */ /* Keygen callback info */ int gentmp[2]; /* message digest */ - const EVP_MD *md; /* MD for the signature */ + const EVP_MD *md; /* MD for the signature */ } DSA_PKEY_CTX; static int pkey_dsa_init(EVP_PKEY_CTX *ctx) @@ -75,8 +75,8 @@ } static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) + size_t *siglen, const unsigned char *tbs, + size_t tbslen) { int ret; unsigned int sltmp; @@ -100,8 +100,8 @@ } static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) { int ret; DSA_PKEY_CTX *dctx = ctx->data; @@ -138,9 +138,7 @@ return 1; case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: - if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256) { + if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256) { ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE); return 0; } @@ -148,17 +146,7 @@ return 1; case EVP_PKEY_CTRL_MD: - if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_dsa && - EVP_MD_get_type((const EVP_MD *)p2) != NID_dsaWithSHA && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512) { + if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && EVP_MD_get_type((const EVP_MD *)p2) != NID_dsa && EVP_MD_get_type((const EVP_MD *)p2) != NID_dsaWithSHA && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512) { ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE); return 0; } @@ -179,12 +167,11 @@ return -2; default: return -2; - } } static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) + const char *type, const char *value) { if (strcmp(type, "dsa_paramgen_bits") == 0) { int nbits; @@ -230,8 +217,8 @@ ossl_ffc_set_digest(&dsa->params, EVP_MD_get0_name(dctx->md), NULL); ret = ossl_ffc_params_FIPS186_4_generate(NULL, &dsa->params, - FFC_PARAM_TYPE_DSA, dctx->nbits, - dctx->qbits, &res, pcb); + FFC_PARAM_TYPE_DSA, dctx->nbits, + dctx->qbits, &res, pcb); BN_GENCB_free(pcb); if (ret > 0) EVP_PKEY_assign_DSA(pkey, dsa); --- crypto/openssl/crypto/dsa/dsa_sign.c.orig +++ crypto/openssl/crypto/dsa/dsa_sign.c @@ -87,7 +87,7 @@ return -1; } else if (*ppout == NULL) { if ((buf = BUF_MEM_new()) == NULL - || !WPACKET_init_len(&pkt, buf, 0)) { + || !WPACKET_init_len(&pkt, buf, 0)) { BUF_MEM_free(buf); return -1; } @@ -97,8 +97,8 @@ } if (!ossl_encode_der_dsa_sig(&pkt, sig->r, sig->s) - || !WPACKET_get_total_written(&pkt, &encoded_len) - || !WPACKET_finish(&pkt)) { + || !WPACKET_get_total_written(&pkt, &encoded_len) + || !WPACKET_finish(&pkt)) { BUF_MEM_free(buf); WPACKET_cleanup(&pkt); return -1; @@ -152,7 +152,7 @@ } int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa) + unsigned char *sig, unsigned int *siglen, DSA *dsa) { DSA_SIG *s; @@ -176,7 +176,7 @@ } int DSA_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa) + unsigned char *sig, unsigned int *siglen, DSA *dsa) { return ossl_dsa_sign_int(type, dgst, dlen, sig, siglen, dsa); } @@ -189,7 +189,7 @@ * -1: error */ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) + const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; const unsigned char *p = sigbuf; @@ -207,7 +207,7 @@ if (derlen != siglen || memcmp(sigbuf, der, derlen)) goto err; ret = DSA_do_verify(dgst, dgst_len, s, dsa); - err: +err: OPENSSL_clear_free(der, derlen); DSA_SIG_free(s); return ret; --- crypto/openssl/crypto/dsa/dsa_vrf.c.orig +++ crypto/openssl/crypto/dsa/dsa_vrf.c @@ -17,7 +17,7 @@ #include "dsa_local.h" int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) + DSA *dsa) { return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } --- crypto/openssl/crypto/dso/dso_dl.c.orig +++ crypto/openssl/crypto/dso/dso_dl.c @@ -11,17 +11,17 @@ #ifdef DSO_DL -# include +#include /* Part of the hack in "dl_load" ... */ -# define DSO_MAX_TRANSLATED_SIZE 256 +#define DSO_MAX_TRANSLATED_SIZE 256 static int dl_load(DSO *dso); static int dl_unload(DSO *dso); static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); static char *dl_name_converter(DSO *dso, const char *filename); static char *dl_merger(DSO *dso, const char *filespec1, - const char *filespec2); + const char *filespec2); static int dl_pathbyaddr(void *addr, char *path, int sz); static void *dl_globallookup(const char *name); @@ -30,11 +30,11 @@ dl_load, dl_unload, dl_bind_func, - NULL, /* ctrl */ + NULL, /* ctrl */ dl_name_converter, dl_merger, - NULL, /* init */ - NULL, /* finish */ + NULL, /* init */ + NULL, /* finish */ dl_pathbyaddr, dl_globallookup }; @@ -64,18 +64,16 @@ ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); goto err; } - ptr = shl_load(filename, BIND_IMMEDIATE | - (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 : - DYNAMIC_PATH), 0L); + ptr = shl_load(filename, BIND_IMMEDIATE | (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 : DYNAMIC_PATH), 0L); if (ptr == NULL) { char errbuf[160]; if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED, - "filename(%s): %s", filename, errbuf); + "filename(%s): %s", filename, errbuf); else ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED, - "filename(%s): errno %d", filename, errno); + "filename(%s): errno %d", filename, errno); goto err; } if (!sk_push(dso->meth_data, (char *)ptr)) { @@ -88,7 +86,7 @@ */ dso->loaded_filename = filename; return 1; - err: +err: /* Cleanup! */ OPENSSL_free(filename); if (ptr != NULL) @@ -106,7 +104,7 @@ if (sk_num(dso->meth_data) < 1) return 1; /* Is this statement legal? */ - ptr = (shl_t) sk_pop(dso->meth_data); + ptr = (shl_t)sk_pop(dso->meth_data); if (ptr == NULL) { ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); /* @@ -132,7 +130,7 @@ ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); return NULL; } - ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); if (ptr == NULL) { ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); return NULL; @@ -142,10 +140,10 @@ if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "symname(%s): %s", symname, errbuf); + "symname(%s): %s", symname, errbuf); else ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "symname(%s): errno %d", symname, errno); + "symname(%s): errno %d", symname, errno); return NULL; } return (DSO_FUNC_TYPE)sym; @@ -180,13 +178,13 @@ return NULL; } } else - /* - * This part isn't as trivial as it looks. It assumes that the - * second file specification really is a directory, and makes no - * checks whatsoever. Therefore, the result becomes the - * concatenation of filespec2 followed by a slash followed by - * filespec1. - */ + /* + * This part isn't as trivial as it looks. It assumes that the + * second file specification really is a directory, and makes no + * checks whatsoever. Therefore, the result becomes the + * concatenation of filespec2 followed by a slash followed by + * filespec1. + */ { int spec2len, len; @@ -228,7 +226,7 @@ /* We will convert this to "%s.s?" or "lib%s.s?" */ rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - rsize += 3; /* The length of "lib" */ + rsize += 3; /* The length of "lib" */ } translated = OPENSSL_malloc(rsize); if (translated == NULL) { @@ -237,8 +235,10 @@ } if (transform) BIO_snprintf(translated, rsize, - (DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0 - ? "lib%s%s" : "%s%s", filename, DSO_EXTENSION); + (DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0 + ? "lib%s%s" + : "%s%s", + filename, DSO_EXTENSION); else BIO_snprintf(translated, rsize, "%s", filename); return translated; @@ -251,7 +251,7 @@ if (addr == NULL) { union { - int (*f) (void *, char *, int); + int (*f)(void *, char *, int); void *p; } t = { dl_pathbyaddr @@ -260,8 +260,7 @@ } for (i = -1; shl_get_r(i, &inf) == 0; i++) { - if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || - ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) { + if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) { len = (int)strlen(inf.filename); if (sz <= 0) return len + 1; @@ -283,4 +282,4 @@ return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret; } -#endif /* DSO_DL */ +#endif /* DSO_DL */ --- crypto/openssl/crypto/dso/dso_dlfcn.c.orig +++ crypto/openssl/crypto/dso/dso_dlfcn.c @@ -13,7 +13,7 @@ * too late, because those headers are protected from re- inclusion. */ #ifndef _GNU_SOURCE -# define _GNU_SOURCE /* make sure dladdr is declared */ +#define _GNU_SOURCE /* make sure dladdr is declared */ #endif #include "dso_local.h" @@ -21,29 +21,26 @@ #ifdef DSO_DLFCN -# ifdef HAVE_DLFCN_H -# ifdef __osf__ -# define __EXTENSIONS__ -# endif -# include -# define HAVE_DLINFO 1 -# if defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ - (defined(__osf__) && !defined(RTLD_NEXT)) || \ - (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ - defined(__ANDROID__) || defined(__TANDEM) -# undef HAVE_DLINFO -# endif -# endif +#ifdef HAVE_DLFCN_H +#ifdef __osf__ +#define __EXTENSIONS__ +#endif +#include +#define HAVE_DLINFO 1 +#if defined(__SCO_VERSION__) || defined(_SCO_ELF) || (defined(__osf__) && !defined(RTLD_NEXT)) || (defined(__OpenBSD__) && !defined(RTLD_SELF)) || defined(__ANDROID__) || defined(__TANDEM) +#undef HAVE_DLINFO +#endif +#endif /* Part of the hack in "dlfcn_load" ... */ -# define DSO_MAX_TRANSLATED_SIZE 256 +#define DSO_MAX_TRANSLATED_SIZE 256 static int dlfcn_load(DSO *dso); static int dlfcn_unload(DSO *dso); static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); static char *dlfcn_name_converter(DSO *dso, const char *filename); static char *dlfcn_merger(DSO *dso, const char *filespec1, - const char *filespec2); + const char *filespec2); static int dlfcn_pathbyaddr(void *addr, char *path, int sz); static void *dlfcn_globallookup(const char *name); @@ -52,11 +49,11 @@ dlfcn_load, dlfcn_unload, dlfcn_bind_func, - NULL, /* ctrl */ + NULL, /* ctrl */ dlfcn_name_converter, dlfcn_merger, - NULL, /* init */ - NULL, /* finish */ + NULL, /* init */ + NULL, /* finish */ dlfcn_pathbyaddr, dlfcn_globallookup }; @@ -74,19 +71,19 @@ * relatively easily to deal with cases as we find them. Initially this is to * cope with OpenBSD. */ -# if defined(__OpenBSD__) || defined(__NetBSD__) -# ifdef DL_LAZY -# define DLOPEN_FLAG DL_LAZY -# else -# ifdef RTLD_NOW -# define DLOPEN_FLAG RTLD_NOW -# else -# define DLOPEN_FLAG 0 -# endif -# endif -# else -# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ -# endif +#if defined(__OpenBSD__) || defined(__NetBSD__) +#ifdef DL_LAZY +#define DLOPEN_FLAG DL_LAZY +#else +#ifdef RTLD_NOW +#define DLOPEN_FLAG RTLD_NOW +#else +#define DLOPEN_FLAG 0 +#endif +#endif +#else +#define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +#endif /* * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle @@ -105,18 +102,18 @@ ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); goto err; } -# ifdef RTLD_GLOBAL +#ifdef RTLD_GLOBAL if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) flags |= RTLD_GLOBAL; -# endif -# ifdef _AIX +#endif +#ifdef _AIX if (filename[strlen(filename) - 1] == ')') flags |= RTLD_MEMBER; -# endif +#endif ptr = dlopen(filename, flags); if (ptr == NULL) { ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED, - "filename(%s): %s", filename, dlerror()); + "filename(%s): %s", filename, dlerror()); goto err; } /* @@ -131,7 +128,7 @@ /* Success */ dso->loaded_filename = filename; return 1; - err: +err: /* Cleanup! */ OPENSSL_free(filename); if (ptr != NULL) @@ -186,14 +183,14 @@ u.dlret = dlsym(ptr, symname); if (u.dlret == NULL) { ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "symname(%s): %s", symname, dlerror()); + "symname(%s): %s", symname, dlerror()); return NULL; } return u.sym; } static char *dlfcn_merger(DSO *dso, const char *filespec1, - const char *filespec2) + const char *filespec2) { char *merged; @@ -260,9 +257,9 @@ transform = (strstr(filename, "/") == NULL); if (transform) { /* We will convert this to "%s.so" or "lib%s.so" etc */ - rsize += strlen(DSO_EXTENSION); /* The length of ".so" */ + rsize += strlen(DSO_EXTENSION); /* The length of ".so" */ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - rsize += 3; /* The length of "lib" */ + rsize += 3; /* The length of "lib" */ } translated = OPENSSL_malloc(rsize); if (translated == NULL) { @@ -280,7 +277,7 @@ return translated; } -# ifdef __sgi +#ifdef __sgi /*- This is a quote from IRIX manual for dladdr(3c): @@ -294,9 +291,9 @@ intention to change this interface, so on a practical level, the code below is safe to use on IRIX. */ -# include -# ifndef _RLD_INTERFACE_DLFCN_H_DLADDR -# define _RLD_INTERFACE_DLFCN_H_DLADDR +#include +#ifndef _RLD_INTERFACE_DLFCN_H_DLADDR +#define _RLD_INTERFACE_DLFCN_H_DLADDR typedef struct Dl_info { const char *dli_fname; void *dli_fbase; @@ -306,10 +303,10 @@ int dli_reserved1; long dli_reserved[4]; } Dl_info; -# else +#else typedef struct Dl_info Dl_info; -# endif -# define _RLD_DLADDR 14 +#endif +#define _RLD_DLADDR 14 static int dladdr(void *address, Dl_info *dl) { @@ -317,18 +314,18 @@ v = _rld_new_interface(_RLD_DLADDR, address, dl); return (int)v; } -# endif /* __sgi */ +#endif /* __sgi */ -# ifdef _AIX +#ifdef _AIX /*- * See IBM's AIX Version 7.2, Technical Reference: * Base Operating System and Extensions, Volume 1 and 2 * https://www.ibm.com/support/knowledgecenter/ssw_aix_72/com.ibm.aix.base/technicalreferences.htm */ -# include -# include +#include +#include /* ~ 64 * (sizeof(struct ld_info) + _XOPEN_PATH_MAX + _XOPEN_NAME_MAX) */ -# define DLFCN_LDINFO_SIZE 86976 +#define DLFCN_LDINFO_SIZE 86976 typedef struct Dl_info { const char *dli_fname; } Dl_info; @@ -365,11 +362,9 @@ do { this_ldi = next_ldi; if (((addr >= (uintptr_t)this_ldi->ldinfo_textorg) - && (addr < ((uintptr_t)this_ldi->ldinfo_textorg + - this_ldi->ldinfo_textsize))) + && (addr < ((uintptr_t)this_ldi->ldinfo_textorg + this_ldi->ldinfo_textsize))) || ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg) - && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg + - this_ldi->ldinfo_datasize)))) { + && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg + this_ldi->ldinfo_datasize)))) { char *buffer, *member; size_t buffer_sz, member_len; @@ -395,24 +390,23 @@ errno = ENOMEM; } } else { - next_ldi = (struct ld_info *)((uintptr_t)this_ldi + - this_ldi->ldinfo_next); + next_ldi = (struct ld_info *)((uintptr_t)this_ldi + this_ldi->ldinfo_next); } } while (this_ldi->ldinfo_next && !found); OPENSSL_free((void *)ldinfos); return (found && dl->dli_fname != NULL); } -# endif /* _AIX */ +#endif /* _AIX */ static int dlfcn_pathbyaddr(void *addr, char *path, int sz) { -# ifdef HAVE_DLINFO +#ifdef HAVE_DLINFO Dl_info dli; int len; if (addr == NULL) { union { - int (*f) (void *, char *, int); + int (*f)(void *, char *, int); void *p; } t = { dlfcn_pathbyaddr @@ -423,23 +417,23 @@ if (dladdr(addr, &dli)) { len = (int)strlen(dli.dli_fname); if (sz <= 0) { -# ifdef _AIX +#ifdef _AIX OPENSSL_free((void *)dli.dli_fname); -# endif +#endif return len + 1; } if (len >= sz) len = sz - 1; memcpy(path, dli.dli_fname, len); path[len++] = 0; -# ifdef _AIX +#ifdef _AIX OPENSSL_free((void *)dli.dli_fname); -# endif +#endif return len; } ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror()); -# endif +#endif return -1; } @@ -454,4 +448,4 @@ return ret; } -#endif /* DSO_DLFCN */ +#endif /* DSO_DLFCN */ --- crypto/openssl/crypto/dso/dso_err.c.orig +++ crypto/openssl/crypto/dso/dso_err.c @@ -14,34 +14,34 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DSO_str_reasons[] = { - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_CTRL_FAILED), "control command failed"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_DSO_ALREADY_LOADED), "dso already loaded"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_EMPTY_FILE_STRUCTURE), - "empty file structure"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FAILURE), "failure"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FILENAME_TOO_BIG), "filename too big"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FINISH_FAILED), - "cleanup method function failed"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_INCORRECT_FILE_SYNTAX), - "incorrect file syntax"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_LOAD_FAILED), - "could not load the shared library"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NAME_TRANSLATION_FAILED), - "name translation failed"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NO_FILENAME), "no filename"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NULL_HANDLE), - "a null shared library handle was used"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SET_FILENAME_FAILED), - "set filename failed"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_STACK_ERROR), - "the meth_data stack is corrupt"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SYM_FAILURE), - "could not bind to the requested symbol name"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNLOAD_FAILED), - "could not unload the shared library"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNSUPPORTED), - "functionality not supported"}, - {0, NULL} + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_CTRL_FAILED), "control command failed" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_DSO_ALREADY_LOADED), "dso already loaded" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_EMPTY_FILE_STRUCTURE), + "empty file structure" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FAILURE), "failure" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FILENAME_TOO_BIG), "filename too big" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FINISH_FAILED), + "cleanup method function failed" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_INCORRECT_FILE_SYNTAX), + "incorrect file syntax" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_LOAD_FAILED), + "could not load the shared library" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NAME_TRANSLATION_FAILED), + "name translation failed" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NO_FILENAME), "no filename" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NULL_HANDLE), + "a null shared library handle was used" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SET_FILENAME_FAILED), + "set filename failed" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_STACK_ERROR), + "the meth_data stack is corrupt" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SYM_FAILURE), + "could not bind to the requested symbol name" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNLOAD_FAILED), + "could not unload the shared library" }, + { ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNSUPPORTED), + "functionality not supported" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/dso/dso_lib.c.orig +++ crypto/openssl/crypto/dso/dso_lib.c @@ -154,7 +154,7 @@ } /* Load succeeded */ return ret; - err: +err: if (allocated) DSO_free(ret); return NULL; @@ -305,7 +305,7 @@ ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); return -1; } - return (*meth->pathbyaddr) (addr, path, sz); + return (*meth->pathbyaddr)(addr, path, sz); } DSO *DSO_dsobyaddr(void *addr, int flags) @@ -319,7 +319,7 @@ filename = OPENSSL_malloc(len); if (filename != NULL - && DSO_pathbyaddr(addr, filename, len) == len) + && DSO_pathbyaddr(addr, filename, len) == len) ret = DSO_load(NULL, filename, NULL, flags); OPENSSL_free(filename); @@ -334,5 +334,5 @@ ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); return NULL; } - return (*meth->globallookup) (name); + return (*meth->globallookup)(name); } --- crypto/openssl/crypto/dso/dso_local.h.orig +++ crypto/openssl/crypto/dso/dso_local.h @@ -71,9 +71,9 @@ * successful load populates the loaded_filename field, and likewise a * successful unload OPENSSL_frees and NULLs it out. */ - int (*dso_load) (DSO *dso); + int (*dso_load)(DSO *dso); /* Unloads a shared library */ - int (*dso_unload) (DSO *dso); + int (*dso_unload)(DSO *dso); /* * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should * be cast to the real function prototype by the caller. Platforms that @@ -81,12 +81,12 @@ * is possible within ANSI C) are highly unlikely to have shared * libraries at all, let alone a DSO_METHOD implemented for them. */ - DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); + DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname); /* * The generic (yuck) "ctrl()" function. NB: Negative return values * (rather than zero) indicate errors. */ - long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); + long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg); /* * The default DSO_METHOD-specific function for converting filenames to a * canonical native form. @@ -98,10 +98,10 @@ */ DSO_MERGER_FUNC dso_merger; /* [De]Initialisation handlers. */ - int (*init) (DSO *dso); - int (*finish) (DSO *dso); + int (*init)(DSO *dso); + int (*finish)(DSO *dso); /* Return pathname of the module containing location */ - int (*pathbyaddr) (void *addr, char *path, int sz); + int (*pathbyaddr)(void *addr, char *path, int sz); /* Perform global symbol lookup, i.e. among *all* modules */ - void *(*globallookup) (const char *symname); + void *(*globallookup)(const char *symname); }; --- crypto/openssl/crypto/dso/dso_vms.c.orig +++ crypto/openssl/crypto/dso/dso_vms.c @@ -11,48 +11,48 @@ #ifdef OPENSSL_SYS_VMS -# pragma message disable DOLLARID -# include -# include -# include -# include -# include -# include -# include -# include "../vms_rms.h" +#pragma message disable DOLLARID +#include +#include +#include +#include +#include +#include +#include +#include "../vms_rms.h" /* Some compiler options may mask the declaration of "_malloc32". */ -# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 +#if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +#if __INITIAL_POINTER_SIZE == 64 +#pragma pointer_size save +#pragma pointer_size 32 void *_malloc32(__size_t); -# pragma pointer_size restore -# endif /* __INITIAL_POINTER_SIZE == 64 */ -# endif /* __INITIAL_POINTER_SIZE && defined - * _ANSI_C_SOURCE */ +#pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ +#endif /* __INITIAL_POINTER_SIZE && defined \ + * _ANSI_C_SOURCE */ -# pragma message disable DOLLARID +#pragma message disable DOLLARID static int vms_load(DSO *dso); static int vms_unload(DSO *dso); static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); static char *vms_name_converter(DSO *dso, const char *filename); static char *vms_merger(DSO *dso, const char *filespec1, - const char *filespec2); + const char *filespec2); static DSO_METHOD dso_meth_vms = { "OpenSSL 'VMS' shared library method", vms_load, - NULL, /* unload */ + NULL, /* unload */ vms_bind_func, - NULL, /* ctrl */ + NULL, /* ctrl */ vms_name_converter, vms_merger, - NULL, /* init */ - NULL, /* finish */ - NULL, /* pathbyaddr */ - NULL /* globallookup */ + NULL, /* init */ + NULL, /* finish */ + NULL, /* pathbyaddr */ + NULL /* globallookup */ }; /* @@ -88,22 +88,22 @@ char *filename = DSO_convert_filename(dso, NULL); /* Ensure 32-bit pointer for "p", and appropriate malloc() function. */ -# if __INITIAL_POINTER_SIZE == 64 -# define DSO_MALLOC _malloc32 -# pragma pointer_size save -# pragma pointer_size 32 -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define DSO_MALLOC OPENSSL_malloc -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#if __INITIAL_POINTER_SIZE == 64 +#define DSO_MALLOC _malloc32 +#pragma pointer_size save +#pragma pointer_size 32 +#else /* __INITIAL_POINTER_SIZE == 64 */ +#define DSO_MALLOC OPENSSL_malloc +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ DSO_VMS_INTERNAL *p = NULL; -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size restore -# endif /* __INITIAL_POINTER_SIZE == 64 */ +#if __INITIAL_POINTER_SIZE == 64 +#pragma pointer_size restore +#endif /* __INITIAL_POINTER_SIZE == 64 */ - const char *sp1, *sp2; /* Search result */ - const char *ext = NULL; /* possible extension to add */ + const char *sp1, *sp2; /* Search result */ + const char *ext = NULL; /* possible extension to add */ if (filename == NULL) { ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); @@ -142,7 +142,7 @@ if (sp1 == NULL) sp1 = filename; else - sp1++; /* The byte after the found character */ + sp1++; /* The byte after the found character */ /* Now, let's see if there's a type, and save the position in sp2 */ sp2 = strchr(sp1, '.'); /* @@ -208,7 +208,7 @@ /* Success (for now, we lie. We actually do not know...) */ dso->loaded_filename = filename; return 1; - err: +err: /* Cleanup! */ OPENSSL_free(p); OPENSSL_free(filename); @@ -244,8 +244,8 @@ * handler works (it makes this function return */ static int do_find_symbol(DSO_VMS_INTERNAL *ptr, - struct dsc$descriptor_s *symname_dsc, void **sym, - unsigned long flags) + struct dsc$descriptor_s *symname_dsc, void **sym, + unsigned long flags) { /* * Make sure that signals are caught and returned instead of aborting the @@ -256,16 +256,16 @@ if (ptr->imagename_dsc.dsc$w_length) return lib$find_image_symbol(&ptr->filename_dsc, - symname_dsc, sym, - &ptr->imagename_dsc, flags); + symname_dsc, sym, + &ptr->imagename_dsc, flags); else return lib$find_image_symbol(&ptr->filename_dsc, - symname_dsc, sym, 0, flags); + symname_dsc, sym, 0, flags); } -# ifndef LIB$M_FIS_MIXEDCASE -# define LIB$M_FIS_MIXEDCASE (1 << 4); -# endif +#ifndef LIB$M_FIS_MIXEDCASE +#define LIB$M_FIS_MIXEDCASE (1 << 4); +#endif void vms_bind_sym(DSO *dso, const char *symname, void **sym) { DSO_VMS_INTERNAL *ptr; @@ -273,16 +273,16 @@ struct dsc$descriptor_s symname_dsc; /* Arrange 32-bit pointer to (copied) string storage, if needed. */ -# if __INITIAL_POINTER_SIZE == 64 -# define SYMNAME symname_32p -# pragma pointer_size save -# pragma pointer_size 32 +#if __INITIAL_POINTER_SIZE == 64 +#define SYMNAME symname_32p +#pragma pointer_size save +#pragma pointer_size 32 char *symname_32p; -# pragma pointer_size restore +#pragma pointer_size restore char symname_32[NAMX_MAXRSS + 1]; -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define SYMNAME ((char *) symname) -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#else /* __INITIAL_POINTER_SIZE == 64 */ +#define SYMNAME ((char *)symname) +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ *sym = NULL; @@ -290,11 +290,11 @@ ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); return; } -# if __INITIAL_POINTER_SIZE == 64 +#if __INITIAL_POINTER_SIZE == 64 /* Copy the symbol name to storage with a 32-bit pointer. */ symname_32p = symname_32; strcpy(symname_32p, symname); -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ symname_dsc.dsc$w_length = strlen(SYMNAME); symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; @@ -306,7 +306,7 @@ return; } ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data, - sk_void_num(dso->meth_data) - 1); + sk_void_num(dso->meth_data) - 1); if (ptr == NULL) { ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); return; @@ -338,13 +338,13 @@ if (ptr->imagename_dsc.dsc$w_length) ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "Symbol %s in %s (%s): %s", - symname, ptr->filename, ptr->imagename, - errstring); + "Symbol %s in %s (%s): %s", + symname, ptr->filename, ptr->imagename, + errstring); else ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "Symbol %s in %s: %s", - symname, ptr->filename, errstring); + "Symbol %s in %s: %s", + symname, ptr->filename, errstring); } return; } @@ -359,7 +359,7 @@ } static char *vms_merger(DSO *dso, const char *filespec1, - const char *filespec2) + const char *filespec2) { int status; int filespec1len, filespec2len; @@ -369,20 +369,20 @@ char *merged; /* Arrange 32-bit pointer to (copied) string storage, if needed. */ -# if __INITIAL_POINTER_SIZE == 64 -# define FILESPEC1 filespec1_32p; -# define FILESPEC2 filespec2_32p; -# pragma pointer_size save -# pragma pointer_size 32 +#if __INITIAL_POINTER_SIZE == 64 +#define FILESPEC1 filespec1_32p; +#define FILESPEC2 filespec2_32p; +#pragma pointer_size save +#pragma pointer_size 32 char *filespec1_32p; char *filespec2_32p; -# pragma pointer_size restore +#pragma pointer_size restore char filespec1_32[NAMX_MAXRSS + 1]; char filespec2_32[NAMX_MAXRSS + 1]; -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define FILESPEC1 ((char *) filespec1) -# define FILESPEC2 ((char *) filespec2) -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#else /* __INITIAL_POINTER_SIZE == 64 */ +#define FILESPEC1 ((char *)filespec1) +#define FILESPEC2 ((char *)filespec2) +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ if (!filespec1) filespec1 = ""; @@ -391,13 +391,13 @@ filespec1len = strlen(filespec1); filespec2len = strlen(filespec2); -# if __INITIAL_POINTER_SIZE == 64 +#if __INITIAL_POINTER_SIZE == 64 /* Copy the file names to storage with a 32-bit pointer. */ filespec1_32p = filespec1_32; filespec2_32p = filespec2_32; strcpy(filespec1_32p, filespec1); strcpy(filespec2_32p, filespec2); -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ fab = cc$rms_fab; nam = CC_RMS_NAMX; @@ -408,7 +408,7 @@ FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len; NAMX_DNA_FNA_SET(fab) - nam.NAMX_ESA = esa; + nam.NAMX_ESA = esa; nam.NAMX_ESS = NAMX_MAXRSS; nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD; SET_NAMX_NO_SHORT_UPCASE(nam); @@ -435,8 +435,8 @@ errstring[length] = '\0'; ERR_raise_data(ERR_LIB_DSO, DSO_R_FAILURE, - "filespec \"%s\", default \"%s\": %s", - filespec1, filespec2, errstring); + "filespec \"%s\", default \"%s\": %s", + filespec1, filespec2, errstring); } return NULL; } @@ -447,7 +447,7 @@ strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL); merged[nam.NAMX_ESL] = '\0'; return merged; - malloc_err: +malloc_err: ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); } @@ -486,4 +486,4 @@ return translated; } -#endif /* OPENSSL_SYS_VMS */ +#endif /* OPENSSL_SYS_VMS */ --- crypto/openssl/crypto/dso/dso_win32.c.orig +++ crypto/openssl/crypto/dso/dso_win32.c @@ -12,8 +12,8 @@ #if defined(DSO_WIN32) -# ifdef _WIN32_WCE -# if _WIN32_WCE < 300 +#ifdef _WIN32_WCE +#if _WIN32_WCE < 300 static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName) { WCHAR lpProcNameW[64]; @@ -27,43 +27,43 @@ return GetProcAddressW(hModule, lpProcNameW); } -# endif -# undef GetProcAddress -# define GetProcAddress GetProcAddressA +#endif +#undef GetProcAddress +#define GetProcAddress GetProcAddressA static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) { WCHAR *fnamw; size_t len_0 = strlen(lpLibFileName) + 1, i; -# ifdef _MSC_VER +#ifdef _MSC_VER fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR)); -# else +#else fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR)); -# endif +#endif if (fnamw == NULL) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); return NULL; } -# if defined(_WIN32_WCE) && _WIN32_WCE>=101 +#if defined(_WIN32_WCE) && _WIN32_WCE >= 101 if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0)) -# endif +#endif for (i = 0; i < len_0; i++) fnamw[i] = (WCHAR)lpLibFileName[i]; return LoadLibraryW(fnamw); } -# endif +#endif /* Part of the hack in "win32_load" ... */ -# define DSO_MAX_TRANSLATED_SIZE 256 +#define DSO_MAX_TRANSLATED_SIZE 256 static int win32_load(DSO *dso); static int win32_unload(DSO *dso); static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); static char *win32_name_converter(DSO *dso, const char *filename); static char *win32_merger(DSO *dso, const char *filespec1, - const char *filespec2); + const char *filespec2); static int win32_pathbyaddr(void *addr, char *path, int sz); static void *win32_globallookup(const char *name); @@ -74,12 +74,12 @@ win32_load, win32_unload, win32_bind_func, - NULL, /* ctrl */ + NULL, /* ctrl */ win32_name_converter, win32_merger, - NULL, /* init */ - NULL, /* finish */ - win32_pathbyaddr, /* pathbyaddr */ + NULL, /* init */ + NULL, /* finish */ + win32_pathbyaddr, /* pathbyaddr */ win32_globallookup }; @@ -106,7 +106,7 @@ h = LoadLibraryA(filename); if (h == NULL) { ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED, - "filename(%s)", filename); + "filename(%s)", filename); goto err; } p = OPENSSL_malloc(sizeof(*p)); @@ -122,7 +122,7 @@ /* Success */ dso->loaded_filename = filename; return 1; - err: +err: /* Cleanup ! */ OPENSSL_free(filename); OPENSSL_free(p); @@ -201,10 +201,12 @@ }; static struct file_st *win32_splitter(DSO *dso, const char *filename, - int assume_last_is_dir) + int assume_last_is_dir) { struct file_st *result = NULL; - enum { IN_NODE, IN_DEVICE, IN_FILE } position; + enum { IN_NODE, + IN_DEVICE, + IN_FILE } position; const char *start = filename; char last; @@ -285,8 +287,7 @@ filename++; break; } - } - while (last); + } while (last); if (!result->nodelen) result->node = NULL; @@ -313,17 +314,17 @@ if (file_split->node) { len += 2 + file_split->nodelen; /* 2 for starting \\ */ if (file_split->predir || file_split->dir || file_split->file) - len++; /* 1 for ending \ */ + len++; /* 1 for ending \ */ } else if (file_split->device) { len += file_split->devicelen + 1; /* 1 for ending : */ } len += file_split->predirlen; if (file_split->predir && (file_split->dir || file_split->file)) { - len++; /* 1 for ending \ */ + len++; /* 1 for ending \ */ } len += file_split->dirlen; if (file_split->dir && file_split->file) { - len++; /* 1 for ending \ */ + len++; /* 1 for ending \ */ } len += file_split->filelen; @@ -356,8 +357,7 @@ start = file_split->predir; while (file_split->predirlen > (start - file_split->predir)) { const char *end = openssl_strnchr(start, '/', - file_split->predirlen - (start - - file_split->predir)); + file_split->predirlen - (start - file_split->predir)); if (!end) end = start + file_split->predirlen - (start - file_split->predir); @@ -370,8 +370,7 @@ start = file_split->dir; while (file_split->dirlen > (start - file_split->dir)) { const char *end = openssl_strnchr(start, '/', - file_split->dirlen - (start - - file_split->dir)); + file_split->dirlen - (start - file_split->dir)); if (!end) end = start + file_split->dirlen - (start - file_split->dir); strncpy(&result[offset], start, end - start); @@ -387,7 +386,7 @@ } static char *win32_merger(DSO *dso, const char *filespec1, - const char *filespec2) + const char *filespec2) { char *merged = NULL; struct file_st *filespec1_split = NULL; @@ -433,7 +432,7 @@ filespec1_split->dir = filespec2_split->dir; filespec1_split->dirlen = filespec2_split->dirlen; } else if (filespec1_split->dir[0] != '\\' - && filespec1_split->dir[0] != '/') { + && filespec1_split->dir[0] != '/') { filespec1_split->predir = filespec2_split->dir; filespec1_split->predirlen = filespec2_split->dirlen; } @@ -454,9 +453,7 @@ char *translated; int len, transform; - transform = ((strstr(filename, "/") == NULL) && - (strstr(filename, "\\") == NULL) && - (strstr(filename, ":") == NULL)); + transform = ((strstr(filename, "/") == NULL) && (strstr(filename, "\\") == NULL) && (strstr(filename, ":") == NULL)); /* If transform != 0, then we convert to %s.dll, else just dupe filename */ len = strlen(filename) + 1; @@ -482,19 +479,19 @@ return NULL; } -# include -# ifdef _WIN32_WCE -# define DLLNAME "TOOLHELP.DLL" -# else -# ifdef MODULEENTRY32 -# undef MODULEENTRY32 /* unmask the ASCII version! */ -# endif -# define DLLNAME "KERNEL32.DLL" -# endif +#include +#ifdef _WIN32_WCE +#define DLLNAME "TOOLHELP.DLL" +#else +#ifdef MODULEENTRY32 +#undef MODULEENTRY32 /* unmask the ASCII version! */ +#endif +#define DLLNAME "KERNEL32.DLL" +#endif -typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); -typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); -typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *); +typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); +typedef BOOL(WINAPI *MODULE32)(HANDLE, MODULEENTRY32 *); static int win32_pathbyaddr(void *addr, char *path, int sz) { @@ -507,7 +504,7 @@ if (addr == NULL) { union { - int (*f) (void *, char *, int); + int (*f)(void *, char *, int); void *p; } t = { win32_pathbyaddr @@ -529,20 +526,20 @@ return -1; } /* We take the rest for granted... */ -# ifdef _WIN32_WCE +#ifdef _WIN32_WCE close_snap = (CLOSETOOLHELP32SNAPSHOT) GetProcAddress(dll, "CloseToolhelp32Snapshot"); -# else - close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; -# endif - module_first = (MODULE32) GetProcAddress(dll, "Module32First"); - module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); +#else + close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle; +#endif + module_first = (MODULE32)GetProcAddress(dll, "Module32First"); + module_next = (MODULE32)GetProcAddress(dll, "Module32Next"); /* * Take a snapshot of current process which includes * list of all involved modules. */ - hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); + hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE, 0); if (hModuleSnap == INVALID_HANDLE_VALUE) { FreeLibrary(dll); ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); @@ -551,8 +548,8 @@ me32.dwSize = sizeof(me32); - if (!(*module_first) (hModuleSnap, &me32)) { - (*close_snap) (hModuleSnap); + if (!(*module_first)(hModuleSnap, &me32)) { + (*close_snap)(hModuleSnap); FreeLibrary(dll); ERR_raise(ERR_LIB_DSO, DSO_R_FAILURE); return -1; @@ -560,15 +557,14 @@ /* Enumerate the modules to find one which includes me. */ do { - if ((size_t) addr >= (size_t) me32.modBaseAddr && - (size_t) addr < (size_t) (me32.modBaseAddr + me32.modBaseSize)) { - (*close_snap) (hModuleSnap); + if ((size_t)addr >= (size_t)me32.modBaseAddr && (size_t)addr < (size_t)(me32.modBaseAddr + me32.modBaseSize)) { + (*close_snap)(hModuleSnap); FreeLibrary(dll); -# ifdef _WIN32_WCE -# if _WIN32_WCE >= 101 +#ifdef _WIN32_WCE +#if _WIN32_WCE >= 101 return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1, - path, sz, NULL, NULL); -# else + path, sz, NULL, NULL); +#else { int i, len = (int)wcslen(me32.szExePath); if (sz <= 0) @@ -580,8 +576,8 @@ path[len++] = '\0'; return len; } -# endif -# else +#endif +#else { int len = (int)strlen(me32.szExePath); if (sz <= 0) @@ -592,11 +588,11 @@ path[len++] = '\0'; return len; } -# endif +#endif } - } while ((*module_next) (hModuleSnap, &me32)); + } while ((*module_next)(hModuleSnap, &me32)); - (*close_snap) (hModuleSnap); + (*close_snap)(hModuleSnap); FreeLibrary(dll); return 0; } @@ -628,16 +624,16 @@ return NULL; } /* We take the rest for granted... */ -# ifdef _WIN32_WCE +#ifdef _WIN32_WCE close_snap = (CLOSETOOLHELP32SNAPSHOT) GetProcAddress(dll, "CloseToolhelp32Snapshot"); -# else - close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; -# endif - module_first = (MODULE32) GetProcAddress(dll, "Module32First"); - module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); +#else + close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle; +#endif + module_first = (MODULE32)GetProcAddress(dll, "Module32First"); + module_next = (MODULE32)GetProcAddress(dll, "Module32Next"); - hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); + hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE, 0); if (hModuleSnap == INVALID_HANDLE_VALUE) { FreeLibrary(dll); ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); @@ -646,22 +642,22 @@ me32.dwSize = sizeof(me32); - if (!(*module_first) (hModuleSnap, &me32)) { - (*close_snap) (hModuleSnap); + if (!(*module_first)(hModuleSnap, &me32)) { + (*close_snap)(hModuleSnap); FreeLibrary(dll); return NULL; } do { if ((ret.f = GetProcAddress(me32.hModule, name))) { - (*close_snap) (hModuleSnap); + (*close_snap)(hModuleSnap); FreeLibrary(dll); return ret.p; } - } while ((*module_next) (hModuleSnap, &me32)); + } while ((*module_next)(hModuleSnap, &me32)); - (*close_snap) (hModuleSnap); + (*close_snap)(hModuleSnap); FreeLibrary(dll); return NULL; } -#endif /* DSO_WIN32 */ +#endif /* DSO_WIN32 */ --- crypto/openssl/crypto/ebcdic.c.orig +++ crypto/openssl/crypto/ebcdic.c @@ -7,14 +7,14 @@ * https://www.openssl.org/source/license.html */ -# include +#include #ifndef CHARSET_EBCDIC NON_EMPTY_TRANSLATION_UNIT #else -# include +#include -# ifdef CHARSET_EBCDIC_TEST +#ifdef CHARSET_EBCDIC_TEST /* * Here we're looking to test the EBCDIC code on an ASCII system so we don't do * any translation in these tables at all. @@ -92,7 +92,7 @@ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }; -# elif defined(_OSD_POSIX) +#elif defined(_OSD_POSIX) /* * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens * AG, Germany, for their BS2000 mainframe machines. Within the POSIX @@ -111,67 +111,83 @@ const unsigned char os_toascii[256] = { /* * 00 - */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, + */ + 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ /* * 10 - */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, + */ + 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ /* * 20 - */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, + */ + 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ /* * 30 - */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, + */ + 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ /* * 40 - */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, + */ + 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */ /* * 50 - */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, + */ + 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */ /* * 60 - */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, - 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ + */ + 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, + 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ /* * 70 - */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, + */ + 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */ /* * 80 - */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, + */ + 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ /* * 90 - */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, + */ + 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ /* * a0 - */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, + */ + 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */ /* * b0 - */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, + */ + 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */ /* * c0 - */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + */ + 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */ /* * d0 - */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, + */ + 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */ /* * e0 - */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, + */ + 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */ /* * f0 - */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + */ + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */ }; @@ -179,71 +195,87 @@ const unsigned char os_toebcdic[256] = { /* * 00 - */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, + */ + 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ /* * 10 - */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, + */ + 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ /* * 20 - */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, + */ + 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ /* * 30 - */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + */ + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ /* * 40 - */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + */ + 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ /* * 50 - */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, + */ + 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */ /* * 60 - */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + */ + 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ /* * 70 - */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, + */ + 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */ /* * 80 - */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, + */ + 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ /* * 90 - */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, + */ + 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */ /* * a0 - */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, + */ + 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */ /* * b0 - */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, + */ + 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ /* * c0 - */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, + */ + 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ /* * d0 - */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, + */ + 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */ /* * e0 - */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, + */ + 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ /* * f0 - */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, + */ + 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ }; -# else /*_OSD_POSIX*/ +#else /*_OSD_POSIX*/ /* * This code does basic character mapping for IBM's TPF and OS/390 operating @@ -325,7 +357,7 @@ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */ 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ }; -# endif/*_OSD_POSIX*/ +#endif /*_OSD_POSIX*/ /* * Translate a memory block from EBCDIC (host charset) to ASCII (net charset) --- crypto/openssl/crypto/ec/curve25519.c.orig +++ crypto/openssl/crypto/ec/curve25519.c @@ -21,10 +21,9 @@ #include "internal/numbers.h" -#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) +#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) -# define BASE_2_64_IMPLEMENTED +#define BASE_2_64_IMPLEMENTED typedef uint64_t fe64[4]; @@ -45,12 +44,12 @@ void x25519_fe64_add(fe64 h, const fe64 f, const fe64 g); void x25519_fe64_sub(fe64 h, const fe64 f, const fe64 g); void x25519_fe64_tobytes(uint8_t *s, const fe64 f); -# define fe64_mul x25519_fe64_mul -# define fe64_sqr x25519_fe64_sqr -# define fe64_mul121666 x25519_fe64_mul121666 -# define fe64_add x25519_fe64_add -# define fe64_sub x25519_fe64_sub -# define fe64_tobytes x25519_fe64_tobytes +#define fe64_mul x25519_fe64_mul +#define fe64_sqr x25519_fe64_sqr +#define fe64_mul121666 x25519_fe64_mul121666 +#define fe64_add x25519_fe64_add +#define fe64_sub x25519_fe64_sub +#define fe64_tobytes x25519_fe64_tobytes static uint64_t load_8(const uint8_t *in) { @@ -209,7 +208,7 @@ * fe64_* subroutines. */ static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32], - const uint8_t point[32]) + const uint8_t point[32]) { fe64 x1, x2, z2, x3, z3, tmp0, tmp1; uint8_t e[32]; @@ -217,7 +216,7 @@ int pos; memcpy(e, scalar, 32); - e[0] &= 0xf8; + e[0] &= 0xf8; e[31] &= 0x7f; e[31] |= 0x40; fe64_frombytes(x1, point); @@ -261,18 +260,18 @@ } #endif -#if defined(X25519_ASM) \ - || ( defined(INT128_MAX) \ - && !defined(__sparc__) \ - && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \ - && !(defined(__ANDROID__) && !defined(__clang__)) ) +#if defined(X25519_ASM) \ + || (defined(INT128_MAX) \ + && !defined(__sparc__) \ + && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \ + && !(defined(__ANDROID__) && !defined(__clang__))) /* * Base 2^51 implementation. It's virtually no different from reference * base 2^25.5 implementation in respect to lax boundary conditions for * intermediate values and even individual limbs. So that whatever you * know about the reference, applies even here... */ -# define BASE_2_51_IMPLEMENTED +#define BASE_2_51_IMPLEMENTED typedef uint64_t fe51[5]; @@ -309,16 +308,20 @@ static void fe51_frombytes(fe51 h, const uint8_t *s) { - uint64_t h0 = load_7(s); /* 56 bits */ - uint64_t h1 = load_6(s + 7) << 5; /* 53 bits */ - uint64_t h2 = load_7(s + 13) << 2; /* 58 bits */ - uint64_t h3 = load_6(s + 20) << 7; /* 55 bits */ - uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4; /* 51 bits */ - - h1 |= h0 >> 51; h0 &= MASK51; - h2 |= h1 >> 51; h1 &= MASK51; - h3 |= h2 >> 51; h2 &= MASK51; - h4 |= h3 >> 51; h3 &= MASK51; + uint64_t h0 = load_7(s); /* 56 bits */ + uint64_t h1 = load_6(s + 7) << 5; /* 53 bits */ + uint64_t h2 = load_7(s + 13) << 2; /* 58 bits */ + uint64_t h3 = load_6(s + 20) << 7; /* 55 bits */ + uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4; /* 51 bits */ + + h1 |= h0 >> 51; + h0 &= MASK51; + h2 |= h1 >> 51; + h1 &= MASK51; + h3 |= h2 >> 51; + h2 &= MASK51; + h4 |= h3 >> 51; + h3 &= MASK51; h[0] = h0; h[1] = h1; @@ -345,11 +348,15 @@ /* full reduce */ h0 += 19 * q; - h1 += h0 >> 51; h0 &= MASK51; - h2 += h1 >> 51; h1 &= MASK51; - h3 += h2 >> 51; h2 &= MASK51; - h4 += h3 >> 51; h3 &= MASK51; - h4 &= MASK51; + h1 += h0 >> 51; + h0 &= MASK51; + h2 += h1 >> 51; + h1 &= MASK51; + h3 += h2 >> 51; + h2 &= MASK51; + h4 += h3 >> 51; + h3 &= MASK51; + h4 &= MASK51; /* smash */ s[0] = (uint8_t)(h0 >> 0); @@ -386,14 +393,14 @@ s[31] = (uint8_t)(h4 >> 44); } -# if defined(X25519_ASM) +#if defined(X25519_ASM) void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g); void x25519_fe51_sqr(fe51 h, const fe51 f); void x25519_fe51_mul121666(fe51 h, fe51 f); -# define fe51_mul x25519_fe51_mul -# define fe51_sq x25519_fe51_sqr -# define fe51_mul121666 x25519_fe51_mul121666 -# else +#define fe51_mul x25519_fe51_mul +#define fe51_sq x25519_fe51_sqr +#define fe51_mul121666 x25519_fe51_mul121666 +#else typedef uint128_t u128; @@ -438,15 +445,22 @@ h4 += (u128)f_i * g0; /* partial [lazy] reduction */ - h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; - h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; - - h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; - g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; - - g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; - g3 += g2 >> 51; g2 &= MASK51; - g1 += g0 >> 51; g0 &= MASK51; + h3 += (uint64_t)(h2 >> 51); + g2 = (uint64_t)h2 & MASK51; + h1 += (uint64_t)(h0 >> 51); + g0 = (uint64_t)h0 & MASK51; + + h4 += (uint64_t)(h3 >> 51); + g3 = (uint64_t)h3 & MASK51; + g2 += (uint64_t)(h1 >> 51); + g1 = (uint64_t)h1 & MASK51; + + g0 += (uint64_t)(h4 >> 51) * 19; + g4 = (uint64_t)h4 & MASK51; + g3 += g2 >> 51; + g2 &= MASK51; + g1 += g0 >> 51; + g0 &= MASK51; h[0] = g0; h[1] = g1; @@ -457,9 +471,9 @@ static void fe51_sq(fe51 h, const fe51 f) { -# if defined(OPENSSL_SMALL_FOOTPRINT) +#if defined(OPENSSL_SMALL_FOOTPRINT) fe51_mul(h, f, f); -# else +#else /* dedicated squaring gives 16-25% overall improvement */ uint64_t g0 = f[0]; uint64_t g1 = f[1]; @@ -468,45 +482,55 @@ uint64_t g4 = f[4]; u128 h0, h1, h2, h3, h4; - h0 = (u128)g0 * g0; g0 *= 2; + h0 = (u128)g0 * g0; + g0 *= 2; h1 = (u128)g0 * g1; h2 = (u128)g0 * g2; h3 = (u128)g0 * g3; h4 = (u128)g0 * g4; - g0 = g4; /* borrow g0 */ + g0 = g4; /* borrow g0 */ h3 += (u128)g0 * (g4 *= 19); - h2 += (u128)g1 * g1; g1 *= 2; + h2 += (u128)g1 * g1; + g1 *= 2; h3 += (u128)g1 * g2; h4 += (u128)g1 * g3; h0 += (u128)g1 * g4; - g0 = g3; /* borrow g0 */ + g0 = g3; /* borrow g0 */ h1 += (u128)g0 * (g3 *= 19); h2 += (u128)(g0 * 2) * g4; - h4 += (u128)g2 * g2; g2 *= 2; + h4 += (u128)g2 * g2; + g2 *= 2; h0 += (u128)g2 * g3; h1 += (u128)g2 * g4; /* partial [lazy] reduction */ - h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; - h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; - - h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; - g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; - - g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; - g3 += g2 >> 51; g2 &= MASK51; - g1 += g0 >> 51; g0 &= MASK51; + h3 += (uint64_t)(h2 >> 51); + g2 = (uint64_t)h2 & MASK51; + h1 += (uint64_t)(h0 >> 51); + g0 = (uint64_t)h0 & MASK51; + + h4 += (uint64_t)(h3 >> 51); + g3 = (uint64_t)h3 & MASK51; + g2 += (uint64_t)(h1 >> 51); + g1 = (uint64_t)h1 & MASK51; + + g0 += (uint64_t)(h4 >> 51) * 19; + g4 = (uint64_t)h4 & MASK51; + g3 += g2 >> 51; + g2 &= MASK51; + g1 += g0 >> 51; + g0 &= MASK51; h[0] = g0; h[1] = g1; h[2] = g2; h[3] = g3; h[4] = g4; -# endif +#endif } static void fe51_mul121666(fe51 h, fe51 f) @@ -518,15 +542,22 @@ u128 h4 = f[4] * (u128)121666; uint64_t g0, g1, g2, g3, g4; - h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; - h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; + h3 += (uint64_t)(h2 >> 51); + g2 = (uint64_t)h2 & MASK51; + h1 += (uint64_t)(h0 >> 51); + g0 = (uint64_t)h0 & MASK51; - h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; - g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; + h4 += (uint64_t)(h3 >> 51); + g3 = (uint64_t)h3 & MASK51; + g2 += (uint64_t)(h1 >> 51); + g1 = (uint64_t)h1 & MASK51; - g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; - g3 += g2 >> 51; g2 &= MASK51; - g1 += g0 >> 51; g0 &= MASK51; + g0 += (uint64_t)(h4 >> 51) * 19; + g4 = (uint64_t)h4 & MASK51; + g3 += g2 >> 51; + g2 &= MASK51; + g1 += g0 >> 51; + g0 &= MASK51; h[0] = g0; h[1] = g1; @@ -534,7 +565,7 @@ h[3] = g3; h[4] = g4; } -# endif +#endif static void fe51_add(fe51 h, const fe51 f, const fe51 g) { @@ -694,22 +725,22 @@ * fe51_* subroutines. */ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], - const uint8_t point[32]) + const uint8_t point[32]) { fe51 x1, x2, z2, x3, z3, tmp0, tmp1; uint8_t e[32]; unsigned swap = 0; int pos; -# ifdef BASE_2_64_IMPLEMENTED +#ifdef BASE_2_64_IMPLEMENTED if (x25519_fe64_eligible()) { x25519_scalar_mulx(out, scalar, point); return; } -# endif +#endif memcpy(e, scalar, 32); - e[0] &= 0xf8; + e[0] &= 0xf8; e[31] &= 0x7f; e[31] |= 0x40; fe51_frombytes(x1, point); @@ -770,7 +801,7 @@ */ typedef int32_t fe[10]; -static const int64_t kBottom21Bits = 0x1fffffLL; +static const int64_t kBottom21Bits = 0x1fffffLL; static const int64_t kBottom25Bits = 0x1ffffffLL; static const int64_t kBottom26Bits = 0x3ffffffLL; static const int64_t kTop39Bits = 0xfffffffffe000000LL; @@ -780,7 +811,7 @@ { uint64_t result; - result = ((uint64_t)in[0]); + result = ((uint64_t)in[0]); result |= ((uint64_t)in[1]) << 8; result |= ((uint64_t)in[2]) << 16; return result; @@ -790,7 +821,7 @@ { uint64_t result; - result = ((uint64_t)in[0]); + result = ((uint64_t)in[0]); result |= ((uint64_t)in[1]) << 8; result |= ((uint64_t)in[2]) << 16; result |= ((uint64_t)in[3]) << 24; @@ -800,15 +831,15 @@ static void fe_frombytes(fe h, const uint8_t *s) { /* Ignores top bit of h. */ - int64_t h0 = load_4(s); - int64_t h1 = load_3(s + 4) << 6; - int64_t h2 = load_3(s + 7) << 5; - int64_t h3 = load_3(s + 10) << 3; - int64_t h4 = load_3(s + 13) << 2; - int64_t h5 = load_4(s + 16); - int64_t h6 = load_3(s + 20) << 7; - int64_t h7 = load_3(s + 23) << 5; - int64_t h8 = load_3(s + 26) << 4; + int64_t h0 = load_4(s); + int64_t h1 = load_3(s + 4) << 6; + int64_t h2 = load_3(s + 7) << 5; + int64_t h3 = load_3(s + 10) << 3; + int64_t h4 = load_3(s + 13) << 2; + int64_t h5 = load_4(s + 16); + int64_t h6 = load_3(s + 20) << 7; + int64_t h7 = load_3(s + 23) << 5; + int64_t h8 = load_3(s + 26) << 4; int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2; int64_t carry0; int64_t carry1; @@ -821,17 +852,37 @@ int64_t carry8; int64_t carry9; - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + carry9 = h9 + (1 << 24); + h0 += (carry9 >> 25) * 19; + h9 -= carry9 & kTop39Bits; + carry1 = h1 + (1 << 24); + h2 += carry1 >> 25; + h1 -= carry1 & kTop39Bits; + carry3 = h3 + (1 << 24); + h4 += carry3 >> 25; + h3 -= carry3 & kTop39Bits; + carry5 = h5 + (1 << 24); + h6 += carry5 >> 25; + h5 -= carry5 & kTop39Bits; + carry7 = h7 + (1 << 24); + h8 += carry7 >> 25; + h7 -= carry7 & kTop39Bits; + + carry0 = h0 + (1 << 25); + h1 += carry0 >> 26; + h0 -= carry0 & kTop38Bits; + carry2 = h2 + (1 << 25); + h3 += carry2 >> 26; + h2 -= carry2 & kTop38Bits; + carry4 = h4 + (1 << 25); + h5 += carry4 >> 26; + h4 -= carry4 & kTop38Bits; + carry6 = h6 + (1 << 25); + h7 += carry6 >> 26; + h6 -= carry6 & kTop38Bits; + carry8 = h8 + (1 << 25); + h9 += carry8 >> 26; + h8 -= carry8 & kTop38Bits; h[0] = (int32_t)h0; h[1] = (int32_t)h1; @@ -883,7 +934,7 @@ int32_t h9 = h[9]; int32_t q; - q = (19 * h9 + (((int32_t) 1) << 24)) >> 25; + q = (19 * h9 + (((int32_t)1) << 24)) >> 25; q = (h0 + q) >> 26; q = (h1 + q) >> 25; q = (h2 + q) >> 26; @@ -899,16 +950,25 @@ h0 += 19 * q; /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ - h1 += h0 >> 26; h0 &= kBottom26Bits; - h2 += h1 >> 25; h1 &= kBottom25Bits; - h3 += h2 >> 26; h2 &= kBottom26Bits; - h4 += h3 >> 25; h3 &= kBottom25Bits; - h5 += h4 >> 26; h4 &= kBottom26Bits; - h6 += h5 >> 25; h5 &= kBottom25Bits; - h7 += h6 >> 26; h6 &= kBottom26Bits; - h8 += h7 >> 25; h7 &= kBottom25Bits; - h9 += h8 >> 26; h8 &= kBottom26Bits; - h9 &= kBottom25Bits; + h1 += h0 >> 26; + h0 &= kBottom26Bits; + h2 += h1 >> 25; + h1 &= kBottom25Bits; + h3 += h2 >> 26; + h2 &= kBottom26Bits; + h4 += h3 >> 25; + h3 &= kBottom25Bits; + h5 += h4 >> 26; + h4 &= kBottom26Bits; + h6 += h5 >> 25; + h5 &= kBottom25Bits; + h7 += h6 >> 26; + h6 &= kBottom26Bits; + h8 += h7 >> 25; + h7 &= kBottom25Bits; + h9 += h8 >> 26; + h8 &= kBottom26Bits; + h9 &= kBottom25Bits; /* h10 = carry9 */ /* @@ -917,38 +977,38 @@ * evidently 2^255 h10-2^255 q = 0. * Goal: Output h0+...+2^230 h9. */ - s[ 0] = (uint8_t) (h0 >> 0); - s[ 1] = (uint8_t) (h0 >> 8); - s[ 2] = (uint8_t) (h0 >> 16); - s[ 3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2)); - s[ 4] = (uint8_t) (h1 >> 6); - s[ 5] = (uint8_t) (h1 >> 14); - s[ 6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3)); - s[ 7] = (uint8_t) (h2 >> 5); - s[ 8] = (uint8_t) (h2 >> 13); - s[ 9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5)); - s[10] = (uint8_t) (h3 >> 3); - s[11] = (uint8_t) (h3 >> 11); + s[0] = (uint8_t)(h0 >> 0); + s[1] = (uint8_t)(h0 >> 8); + s[2] = (uint8_t)(h0 >> 16); + s[3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2)); + s[4] = (uint8_t)(h1 >> 6); + s[5] = (uint8_t)(h1 >> 14); + s[6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3)); + s[7] = (uint8_t)(h2 >> 5); + s[8] = (uint8_t)(h2 >> 13); + s[9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5)); + s[10] = (uint8_t)(h3 >> 3); + s[11] = (uint8_t)(h3 >> 11); s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6)); - s[13] = (uint8_t) (h4 >> 2); - s[14] = (uint8_t) (h4 >> 10); - s[15] = (uint8_t) (h4 >> 18); - s[16] = (uint8_t) (h5 >> 0); - s[17] = (uint8_t) (h5 >> 8); - s[18] = (uint8_t) (h5 >> 16); + s[13] = (uint8_t)(h4 >> 2); + s[14] = (uint8_t)(h4 >> 10); + s[15] = (uint8_t)(h4 >> 18); + s[16] = (uint8_t)(h5 >> 0); + s[17] = (uint8_t)(h5 >> 8); + s[18] = (uint8_t)(h5 >> 16); s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1)); - s[20] = (uint8_t) (h6 >> 7); - s[21] = (uint8_t) (h6 >> 15); + s[20] = (uint8_t)(h6 >> 7); + s[21] = (uint8_t)(h6 >> 15); s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3)); - s[23] = (uint8_t) (h7 >> 5); - s[24] = (uint8_t) (h7 >> 13); + s[23] = (uint8_t)(h7 >> 5); + s[24] = (uint8_t)(h7 >> 13); s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4)); - s[26] = (uint8_t) (h8 >> 4); - s[27] = (uint8_t) (h8 >> 12); + s[26] = (uint8_t)(h8 >> 4); + s[27] = (uint8_t)(h8 >> 12); s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6)); - s[29] = (uint8_t) (h9 >> 2); - s[30] = (uint8_t) (h9 >> 10); - s[31] = (uint8_t) (h9 >> 18); + s[29] = (uint8_t)(h9 >> 2); + s[30] = (uint8_t)(h9 >> 10); + s[31] = (uint8_t)(h9 >> 18); } /* h = f */ @@ -1078,116 +1138,116 @@ int32_t f5_2 = 2 * f5; int32_t f7_2 = 2 * f7; int32_t f9_2 = 2 * f9; - int64_t f0g0 = f0 * (int64_t) g0; - int64_t f0g1 = f0 * (int64_t) g1; - int64_t f0g2 = f0 * (int64_t) g2; - int64_t f0g3 = f0 * (int64_t) g3; - int64_t f0g4 = f0 * (int64_t) g4; - int64_t f0g5 = f0 * (int64_t) g5; - int64_t f0g6 = f0 * (int64_t) g6; - int64_t f0g7 = f0 * (int64_t) g7; - int64_t f0g8 = f0 * (int64_t) g8; - int64_t f0g9 = f0 * (int64_t) g9; - int64_t f1g0 = f1 * (int64_t) g0; - int64_t f1g1_2 = f1_2 * (int64_t) g1; - int64_t f1g2 = f1 * (int64_t) g2; - int64_t f1g3_2 = f1_2 * (int64_t) g3; - int64_t f1g4 = f1 * (int64_t) g4; - int64_t f1g5_2 = f1_2 * (int64_t) g5; - int64_t f1g6 = f1 * (int64_t) g6; - int64_t f1g7_2 = f1_2 * (int64_t) g7; - int64_t f1g8 = f1 * (int64_t) g8; - int64_t f1g9_38 = f1_2 * (int64_t) g9_19; - int64_t f2g0 = f2 * (int64_t) g0; - int64_t f2g1 = f2 * (int64_t) g1; - int64_t f2g2 = f2 * (int64_t) g2; - int64_t f2g3 = f2 * (int64_t) g3; - int64_t f2g4 = f2 * (int64_t) g4; - int64_t f2g5 = f2 * (int64_t) g5; - int64_t f2g6 = f2 * (int64_t) g6; - int64_t f2g7 = f2 * (int64_t) g7; - int64_t f2g8_19 = f2 * (int64_t) g8_19; - int64_t f2g9_19 = f2 * (int64_t) g9_19; - int64_t f3g0 = f3 * (int64_t) g0; - int64_t f3g1_2 = f3_2 * (int64_t) g1; - int64_t f3g2 = f3 * (int64_t) g2; - int64_t f3g3_2 = f3_2 * (int64_t) g3; - int64_t f3g4 = f3 * (int64_t) g4; - int64_t f3g5_2 = f3_2 * (int64_t) g5; - int64_t f3g6 = f3 * (int64_t) g6; - int64_t f3g7_38 = f3_2 * (int64_t) g7_19; - int64_t f3g8_19 = f3 * (int64_t) g8_19; - int64_t f3g9_38 = f3_2 * (int64_t) g9_19; - int64_t f4g0 = f4 * (int64_t) g0; - int64_t f4g1 = f4 * (int64_t) g1; - int64_t f4g2 = f4 * (int64_t) g2; - int64_t f4g3 = f4 * (int64_t) g3; - int64_t f4g4 = f4 * (int64_t) g4; - int64_t f4g5 = f4 * (int64_t) g5; - int64_t f4g6_19 = f4 * (int64_t) g6_19; - int64_t f4g7_19 = f4 * (int64_t) g7_19; - int64_t f4g8_19 = f4 * (int64_t) g8_19; - int64_t f4g9_19 = f4 * (int64_t) g9_19; - int64_t f5g0 = f5 * (int64_t) g0; - int64_t f5g1_2 = f5_2 * (int64_t) g1; - int64_t f5g2 = f5 * (int64_t) g2; - int64_t f5g3_2 = f5_2 * (int64_t) g3; - int64_t f5g4 = f5 * (int64_t) g4; - int64_t f5g5_38 = f5_2 * (int64_t) g5_19; - int64_t f5g6_19 = f5 * (int64_t) g6_19; - int64_t f5g7_38 = f5_2 * (int64_t) g7_19; - int64_t f5g8_19 = f5 * (int64_t) g8_19; - int64_t f5g9_38 = f5_2 * (int64_t) g9_19; - int64_t f6g0 = f6 * (int64_t) g0; - int64_t f6g1 = f6 * (int64_t) g1; - int64_t f6g2 = f6 * (int64_t) g2; - int64_t f6g3 = f6 * (int64_t) g3; - int64_t f6g4_19 = f6 * (int64_t) g4_19; - int64_t f6g5_19 = f6 * (int64_t) g5_19; - int64_t f6g6_19 = f6 * (int64_t) g6_19; - int64_t f6g7_19 = f6 * (int64_t) g7_19; - int64_t f6g8_19 = f6 * (int64_t) g8_19; - int64_t f6g9_19 = f6 * (int64_t) g9_19; - int64_t f7g0 = f7 * (int64_t) g0; - int64_t f7g1_2 = f7_2 * (int64_t) g1; - int64_t f7g2 = f7 * (int64_t) g2; - int64_t f7g3_38 = f7_2 * (int64_t) g3_19; - int64_t f7g4_19 = f7 * (int64_t) g4_19; - int64_t f7g5_38 = f7_2 * (int64_t) g5_19; - int64_t f7g6_19 = f7 * (int64_t) g6_19; - int64_t f7g7_38 = f7_2 * (int64_t) g7_19; - int64_t f7g8_19 = f7 * (int64_t) g8_19; - int64_t f7g9_38 = f7_2 * (int64_t) g9_19; - int64_t f8g0 = f8 * (int64_t) g0; - int64_t f8g1 = f8 * (int64_t) g1; - int64_t f8g2_19 = f8 * (int64_t) g2_19; - int64_t f8g3_19 = f8 * (int64_t) g3_19; - int64_t f8g4_19 = f8 * (int64_t) g4_19; - int64_t f8g5_19 = f8 * (int64_t) g5_19; - int64_t f8g6_19 = f8 * (int64_t) g6_19; - int64_t f8g7_19 = f8 * (int64_t) g7_19; - int64_t f8g8_19 = f8 * (int64_t) g8_19; - int64_t f8g9_19 = f8 * (int64_t) g9_19; - int64_t f9g0 = f9 * (int64_t) g0; - int64_t f9g1_38 = f9_2 * (int64_t) g1_19; - int64_t f9g2_19 = f9 * (int64_t) g2_19; - int64_t f9g3_38 = f9_2 * (int64_t) g3_19; - int64_t f9g4_19 = f9 * (int64_t) g4_19; - int64_t f9g5_38 = f9_2 * (int64_t) g5_19; - int64_t f9g6_19 = f9 * (int64_t) g6_19; - int64_t f9g7_38 = f9_2 * (int64_t) g7_19; - int64_t f9g8_19 = f9 * (int64_t) g8_19; - int64_t f9g9_38 = f9_2 * (int64_t) g9_19; + int64_t f0g0 = f0 * (int64_t)g0; + int64_t f0g1 = f0 * (int64_t)g1; + int64_t f0g2 = f0 * (int64_t)g2; + int64_t f0g3 = f0 * (int64_t)g3; + int64_t f0g4 = f0 * (int64_t)g4; + int64_t f0g5 = f0 * (int64_t)g5; + int64_t f0g6 = f0 * (int64_t)g6; + int64_t f0g7 = f0 * (int64_t)g7; + int64_t f0g8 = f0 * (int64_t)g8; + int64_t f0g9 = f0 * (int64_t)g9; + int64_t f1g0 = f1 * (int64_t)g0; + int64_t f1g1_2 = f1_2 * (int64_t)g1; + int64_t f1g2 = f1 * (int64_t)g2; + int64_t f1g3_2 = f1_2 * (int64_t)g3; + int64_t f1g4 = f1 * (int64_t)g4; + int64_t f1g5_2 = f1_2 * (int64_t)g5; + int64_t f1g6 = f1 * (int64_t)g6; + int64_t f1g7_2 = f1_2 * (int64_t)g7; + int64_t f1g8 = f1 * (int64_t)g8; + int64_t f1g9_38 = f1_2 * (int64_t)g9_19; + int64_t f2g0 = f2 * (int64_t)g0; + int64_t f2g1 = f2 * (int64_t)g1; + int64_t f2g2 = f2 * (int64_t)g2; + int64_t f2g3 = f2 * (int64_t)g3; + int64_t f2g4 = f2 * (int64_t)g4; + int64_t f2g5 = f2 * (int64_t)g5; + int64_t f2g6 = f2 * (int64_t)g6; + int64_t f2g7 = f2 * (int64_t)g7; + int64_t f2g8_19 = f2 * (int64_t)g8_19; + int64_t f2g9_19 = f2 * (int64_t)g9_19; + int64_t f3g0 = f3 * (int64_t)g0; + int64_t f3g1_2 = f3_2 * (int64_t)g1; + int64_t f3g2 = f3 * (int64_t)g2; + int64_t f3g3_2 = f3_2 * (int64_t)g3; + int64_t f3g4 = f3 * (int64_t)g4; + int64_t f3g5_2 = f3_2 * (int64_t)g5; + int64_t f3g6 = f3 * (int64_t)g6; + int64_t f3g7_38 = f3_2 * (int64_t)g7_19; + int64_t f3g8_19 = f3 * (int64_t)g8_19; + int64_t f3g9_38 = f3_2 * (int64_t)g9_19; + int64_t f4g0 = f4 * (int64_t)g0; + int64_t f4g1 = f4 * (int64_t)g1; + int64_t f4g2 = f4 * (int64_t)g2; + int64_t f4g3 = f4 * (int64_t)g3; + int64_t f4g4 = f4 * (int64_t)g4; + int64_t f4g5 = f4 * (int64_t)g5; + int64_t f4g6_19 = f4 * (int64_t)g6_19; + int64_t f4g7_19 = f4 * (int64_t)g7_19; + int64_t f4g8_19 = f4 * (int64_t)g8_19; + int64_t f4g9_19 = f4 * (int64_t)g9_19; + int64_t f5g0 = f5 * (int64_t)g0; + int64_t f5g1_2 = f5_2 * (int64_t)g1; + int64_t f5g2 = f5 * (int64_t)g2; + int64_t f5g3_2 = f5_2 * (int64_t)g3; + int64_t f5g4 = f5 * (int64_t)g4; + int64_t f5g5_38 = f5_2 * (int64_t)g5_19; + int64_t f5g6_19 = f5 * (int64_t)g6_19; + int64_t f5g7_38 = f5_2 * (int64_t)g7_19; + int64_t f5g8_19 = f5 * (int64_t)g8_19; + int64_t f5g9_38 = f5_2 * (int64_t)g9_19; + int64_t f6g0 = f6 * (int64_t)g0; + int64_t f6g1 = f6 * (int64_t)g1; + int64_t f6g2 = f6 * (int64_t)g2; + int64_t f6g3 = f6 * (int64_t)g3; + int64_t f6g4_19 = f6 * (int64_t)g4_19; + int64_t f6g5_19 = f6 * (int64_t)g5_19; + int64_t f6g6_19 = f6 * (int64_t)g6_19; + int64_t f6g7_19 = f6 * (int64_t)g7_19; + int64_t f6g8_19 = f6 * (int64_t)g8_19; + int64_t f6g9_19 = f6 * (int64_t)g9_19; + int64_t f7g0 = f7 * (int64_t)g0; + int64_t f7g1_2 = f7_2 * (int64_t)g1; + int64_t f7g2 = f7 * (int64_t)g2; + int64_t f7g3_38 = f7_2 * (int64_t)g3_19; + int64_t f7g4_19 = f7 * (int64_t)g4_19; + int64_t f7g5_38 = f7_2 * (int64_t)g5_19; + int64_t f7g6_19 = f7 * (int64_t)g6_19; + int64_t f7g7_38 = f7_2 * (int64_t)g7_19; + int64_t f7g8_19 = f7 * (int64_t)g8_19; + int64_t f7g9_38 = f7_2 * (int64_t)g9_19; + int64_t f8g0 = f8 * (int64_t)g0; + int64_t f8g1 = f8 * (int64_t)g1; + int64_t f8g2_19 = f8 * (int64_t)g2_19; + int64_t f8g3_19 = f8 * (int64_t)g3_19; + int64_t f8g4_19 = f8 * (int64_t)g4_19; + int64_t f8g5_19 = f8 * (int64_t)g5_19; + int64_t f8g6_19 = f8 * (int64_t)g6_19; + int64_t f8g7_19 = f8 * (int64_t)g7_19; + int64_t f8g8_19 = f8 * (int64_t)g8_19; + int64_t f8g9_19 = f8 * (int64_t)g9_19; + int64_t f9g0 = f9 * (int64_t)g0; + int64_t f9g1_38 = f9_2 * (int64_t)g1_19; + int64_t f9g2_19 = f9 * (int64_t)g2_19; + int64_t f9g3_38 = f9_2 * (int64_t)g3_19; + int64_t f9g4_19 = f9 * (int64_t)g4_19; + int64_t f9g5_38 = f9_2 * (int64_t)g5_19; + int64_t f9g6_19 = f9 * (int64_t)g6_19; + int64_t f9g7_38 = f9_2 * (int64_t)g7_19; + int64_t f9g8_19 = f9 * (int64_t)g8_19; + int64_t f9g9_38 = f9_2 * (int64_t)g9_19; int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38; - int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19; - int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38; - int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19; - int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38; - int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19; - int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38; - int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19; - int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38; - int64_t h9 = f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0 ; + int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19; + int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38; + int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19; + int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38; + int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19; + int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38; + int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19; + int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38; + int64_t h9 = f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0; int64_t carry0; int64_t carry1; int64_t carry2; @@ -1204,46 +1264,70 @@ * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) * i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry0 = h0 + (1 << 25); + h1 += carry0 >> 26; + h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); + h5 += carry4 >> 26; + h4 -= carry4 & kTop38Bits; /* |h0| <= 2^25 */ /* |h4| <= 2^25 */ /* |h1| <= 1.71*2^59 */ /* |h5| <= 1.71*2^59 */ - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + carry1 = h1 + (1 << 24); + h2 += carry1 >> 25; + h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); + h6 += carry5 >> 25; + h5 -= carry5 & kTop39Bits; /* |h1| <= 2^24; from now on fits into int32 */ /* |h5| <= 2^24; from now on fits into int32 */ /* |h2| <= 1.41*2^60 */ /* |h6| <= 1.41*2^60 */ - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + carry2 = h2 + (1 << 25); + h3 += carry2 >> 26; + h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); + h7 += carry6 >> 26; + h6 -= carry6 & kTop38Bits; /* |h2| <= 2^25; from now on fits into int32 unchanged */ /* |h6| <= 2^25; from now on fits into int32 unchanged */ /* |h3| <= 1.71*2^59 */ /* |h7| <= 1.71*2^59 */ - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + carry3 = h3 + (1 << 24); + h4 += carry3 >> 25; + h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); + h8 += carry7 >> 25; + h7 -= carry7 & kTop39Bits; /* |h3| <= 2^24; from now on fits into int32 unchanged */ /* |h7| <= 2^24; from now on fits into int32 unchanged */ /* |h4| <= 1.72*2^34 */ /* |h8| <= 1.41*2^60 */ - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + carry4 = h4 + (1 << 25); + h5 += carry4 >> 26; + h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); + h9 += carry8 >> 26; + h8 -= carry8 & kTop38Bits; /* |h4| <= 2^25; from now on fits into int32 unchanged */ /* |h8| <= 2^25; from now on fits into int32 unchanged */ /* |h5| <= 1.01*2^24 */ /* |h9| <= 1.71*2^59 */ - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + carry9 = h9 + (1 << 24); + h0 += (carry9 >> 25) * 19; + h9 -= carry9 & kTop39Bits; /* |h9| <= 2^24; from now on fits into int32 unchanged */ /* |h0| <= 1.1*2^39 */ - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry0 = h0 + (1 << 25); + h1 += carry0 >> 26; + h0 -= carry0 & kTop38Bits; /* |h0| <= 2^25; from now on fits into int32 unchanged */ /* |h1| <= 1.01*2^24 */ @@ -1297,71 +1381,71 @@ int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; - int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + int64_t f0f0 = f0 * (int64_t)f0; + int64_t f0f1_2 = f0_2 * (int64_t)f1; + int64_t f0f2_2 = f0_2 * (int64_t)f2; + int64_t f0f3_2 = f0_2 * (int64_t)f3; + int64_t f0f4_2 = f0_2 * (int64_t)f4; + int64_t f0f5_2 = f0_2 * (int64_t)f5; + int64_t f0f6_2 = f0_2 * (int64_t)f6; + int64_t f0f7_2 = f0_2 * (int64_t)f7; + int64_t f0f8_2 = f0_2 * (int64_t)f8; + int64_t f0f9_2 = f0_2 * (int64_t)f9; + int64_t f1f1_2 = f1_2 * (int64_t)f1; + int64_t f1f2_2 = f1_2 * (int64_t)f2; + int64_t f1f3_4 = f1_2 * (int64_t)f3_2; + int64_t f1f4_2 = f1_2 * (int64_t)f4; + int64_t f1f5_4 = f1_2 * (int64_t)f5_2; + int64_t f1f6_2 = f1_2 * (int64_t)f6; + int64_t f1f7_4 = f1_2 * (int64_t)f7_2; + int64_t f1f8_2 = f1_2 * (int64_t)f8; + int64_t f1f9_76 = f1_2 * (int64_t)f9_38; + int64_t f2f2 = f2 * (int64_t)f2; + int64_t f2f3_2 = f2_2 * (int64_t)f3; + int64_t f2f4_2 = f2_2 * (int64_t)f4; + int64_t f2f5_2 = f2_2 * (int64_t)f5; + int64_t f2f6_2 = f2_2 * (int64_t)f6; + int64_t f2f7_2 = f2_2 * (int64_t)f7; + int64_t f2f8_38 = f2_2 * (int64_t)f8_19; + int64_t f2f9_38 = f2 * (int64_t)f9_38; + int64_t f3f3_2 = f3_2 * (int64_t)f3; + int64_t f3f4_2 = f3_2 * (int64_t)f4; + int64_t f3f5_4 = f3_2 * (int64_t)f5_2; + int64_t f3f6_2 = f3_2 * (int64_t)f6; + int64_t f3f7_76 = f3_2 * (int64_t)f7_38; + int64_t f3f8_38 = f3_2 * (int64_t)f8_19; + int64_t f3f9_76 = f3_2 * (int64_t)f9_38; + int64_t f4f4 = f4 * (int64_t)f4; + int64_t f4f5_2 = f4_2 * (int64_t)f5; + int64_t f4f6_38 = f4_2 * (int64_t)f6_19; + int64_t f4f7_38 = f4 * (int64_t)f7_38; + int64_t f4f8_38 = f4_2 * (int64_t)f8_19; + int64_t f4f9_38 = f4 * (int64_t)f9_38; + int64_t f5f5_38 = f5 * (int64_t)f5_38; + int64_t f5f6_38 = f5_2 * (int64_t)f6_19; + int64_t f5f7_76 = f5_2 * (int64_t)f7_38; + int64_t f5f8_38 = f5_2 * (int64_t)f8_19; + int64_t f5f9_76 = f5_2 * (int64_t)f9_38; + int64_t f6f6_19 = f6 * (int64_t)f6_19; + int64_t f6f7_38 = f6 * (int64_t)f7_38; + int64_t f6f8_38 = f6_2 * (int64_t)f8_19; + int64_t f6f9_38 = f6 * (int64_t)f9_38; + int64_t f7f7_38 = f7 * (int64_t)f7_38; + int64_t f7f8_38 = f7_2 * (int64_t)f8_19; + int64_t f7f9_76 = f7_2 * (int64_t)f9_38; + int64_t f8f8_19 = f8 * (int64_t)f8_19; + int64_t f8f9_38 = f8 * (int64_t)f9_38; + int64_t f9f9_38 = f9 * (int64_t)f9_38; + int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; - int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; - int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; - int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; - int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; - int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; - int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; - int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; - int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; int64_t carry0; int64_t carry1; int64_t carry2; @@ -1373,24 +1457,48 @@ int64_t carry8; int64_t carry9; - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry0 = h0 + (1 << 25); + h1 += carry0 >> 26; + h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); + h5 += carry4 >> 26; + h4 -= carry4 & kTop38Bits; + + carry1 = h1 + (1 << 24); + h2 += carry1 >> 25; + h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); + h6 += carry5 >> 25; + h5 -= carry5 & kTop39Bits; + + carry2 = h2 + (1 << 25); + h3 += carry2 >> 26; + h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); + h7 += carry6 >> 26; + h6 -= carry6 & kTop38Bits; + + carry3 = h3 + (1 << 24); + h4 += carry3 >> 25; + h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); + h8 += carry7 >> 25; + h7 -= carry7 & kTop39Bits; + + carry4 = h4 + (1 << 25); + h5 += carry4 >> 26; + h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); + h9 += carry8 >> 26; + h8 -= carry8 & kTop38Bits; + + carry9 = h9 + (1 << 24); + h0 += (carry9 >> 25) * 19; + h9 -= carry9 & kTop39Bits; + + carry0 = h0 + (1 << 25); + h1 += carry0 >> 26; + h0 -= carry0 & kTop38Bits; h[0] = (int32_t)h0; h[1] = (int32_t)h1; @@ -1528,7 +1636,7 @@ { size_t i; - b = 0-b; + b = 0 - b; for (i = 0; i < 10; i++) { int32_t x = f[i] ^ g[i]; x &= b; @@ -1546,7 +1654,7 @@ static int fe_isnonzero(const fe f) { uint8_t s[32]; - static const uint8_t zero[32] = {0}; + static const uint8_t zero[32] = { 0 }; fe_tobytes(s, f); @@ -1606,71 +1714,71 @@ int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; - int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + int64_t f0f0 = f0 * (int64_t)f0; + int64_t f0f1_2 = f0_2 * (int64_t)f1; + int64_t f0f2_2 = f0_2 * (int64_t)f2; + int64_t f0f3_2 = f0_2 * (int64_t)f3; + int64_t f0f4_2 = f0_2 * (int64_t)f4; + int64_t f0f5_2 = f0_2 * (int64_t)f5; + int64_t f0f6_2 = f0_2 * (int64_t)f6; + int64_t f0f7_2 = f0_2 * (int64_t)f7; + int64_t f0f8_2 = f0_2 * (int64_t)f8; + int64_t f0f9_2 = f0_2 * (int64_t)f9; + int64_t f1f1_2 = f1_2 * (int64_t)f1; + int64_t f1f2_2 = f1_2 * (int64_t)f2; + int64_t f1f3_4 = f1_2 * (int64_t)f3_2; + int64_t f1f4_2 = f1_2 * (int64_t)f4; + int64_t f1f5_4 = f1_2 * (int64_t)f5_2; + int64_t f1f6_2 = f1_2 * (int64_t)f6; + int64_t f1f7_4 = f1_2 * (int64_t)f7_2; + int64_t f1f8_2 = f1_2 * (int64_t)f8; + int64_t f1f9_76 = f1_2 * (int64_t)f9_38; + int64_t f2f2 = f2 * (int64_t)f2; + int64_t f2f3_2 = f2_2 * (int64_t)f3; + int64_t f2f4_2 = f2_2 * (int64_t)f4; + int64_t f2f5_2 = f2_2 * (int64_t)f5; + int64_t f2f6_2 = f2_2 * (int64_t)f6; + int64_t f2f7_2 = f2_2 * (int64_t)f7; + int64_t f2f8_38 = f2_2 * (int64_t)f8_19; + int64_t f2f9_38 = f2 * (int64_t)f9_38; + int64_t f3f3_2 = f3_2 * (int64_t)f3; + int64_t f3f4_2 = f3_2 * (int64_t)f4; + int64_t f3f5_4 = f3_2 * (int64_t)f5_2; + int64_t f3f6_2 = f3_2 * (int64_t)f6; + int64_t f3f7_76 = f3_2 * (int64_t)f7_38; + int64_t f3f8_38 = f3_2 * (int64_t)f8_19; + int64_t f3f9_76 = f3_2 * (int64_t)f9_38; + int64_t f4f4 = f4 * (int64_t)f4; + int64_t f4f5_2 = f4_2 * (int64_t)f5; + int64_t f4f6_38 = f4_2 * (int64_t)f6_19; + int64_t f4f7_38 = f4 * (int64_t)f7_38; + int64_t f4f8_38 = f4_2 * (int64_t)f8_19; + int64_t f4f9_38 = f4 * (int64_t)f9_38; + int64_t f5f5_38 = f5 * (int64_t)f5_38; + int64_t f5f6_38 = f5_2 * (int64_t)f6_19; + int64_t f5f7_76 = f5_2 * (int64_t)f7_38; + int64_t f5f8_38 = f5_2 * (int64_t)f8_19; + int64_t f5f9_76 = f5_2 * (int64_t)f9_38; + int64_t f6f6_19 = f6 * (int64_t)f6_19; + int64_t f6f7_38 = f6 * (int64_t)f7_38; + int64_t f6f8_38 = f6_2 * (int64_t)f8_19; + int64_t f6f9_38 = f6 * (int64_t)f9_38; + int64_t f7f7_38 = f7 * (int64_t)f7_38; + int64_t f7f8_38 = f7_2 * (int64_t)f8_19; + int64_t f7f9_76 = f7_2 * (int64_t)f9_38; + int64_t f8f8_19 = f8 * (int64_t)f8_19; + int64_t f8f9_38 = f8 * (int64_t)f9_38; + int64_t f9f9_38 = f9 * (int64_t)f9_38; + int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; - int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; - int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; - int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; - int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; - int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; - int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; - int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; - int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; int64_t carry0; int64_t carry1; int64_t carry2; @@ -1693,24 +1801,48 @@ h8 += h8; h9 += h9; - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry0 = h0 + (1 << 25); + h1 += carry0 >> 26; + h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); + h5 += carry4 >> 26; + h4 -= carry4 & kTop38Bits; + + carry1 = h1 + (1 << 24); + h2 += carry1 >> 25; + h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); + h6 += carry5 >> 25; + h5 -= carry5 & kTop39Bits; + + carry2 = h2 + (1 << 25); + h3 += carry2 >> 26; + h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); + h7 += carry6 >> 26; + h6 -= carry6 & kTop38Bits; + + carry3 = h3 + (1 << 24); + h4 += carry3 >> 25; + h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); + h8 += carry7 >> 25; + h7 -= carry7 & kTop39Bits; + + carry4 = h4 + (1 << 25); + h5 += carry4 >> 26; + h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); + h9 += carry8 >> 26; + h8 -= carry8 & kTop38Bits; + + carry9 = h9 + (1 << 24); + h0 += (carry9 >> 25) * 19; + h9 -= carry9 & kTop39Bits; + + carry0 = h0 + (1 << 25); + h1 += carry0 >> 26; + h0 -= carry0 & kTop38Bits; h[0] = (int32_t)h0; h[1] = (int32_t)h1; @@ -1855,13 +1987,13 @@ } static const fe d = { - -10913610, 13857413, -15372611, 6949391, 114729, - -8787816, -6275908, -3247719, -18696448, -12055116 + -10913610, 13857413, -15372611, 6949391, 114729, + -8787816, -6275908, -3247719, -18696448, -12055116 }; static const fe sqrtm1 = { - -32595792, -7943725, 9377950, 3500415, 12389472, - -272473, -25146209, -2005654, 326686, 11406482 + -32595792, -7943725, 9377950, 3500415, 12389472, + -272473, -25146209, -2005654, 326686, 11406482 }; static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) @@ -1939,8 +2071,8 @@ } static const fe d2 = { - -21827239, -5839606, -30745221, 13898782, 229458, - 15978800, -12551817, -6495438, 29715968, 9444199 + -21827239, -5839606, -30745221, 13898782, 229458, + 15978800, -12551817, -6495438, 29715968, 9444199 }; /* r = p */ @@ -2068,9 +2200,9 @@ uint8_t ub = b; uint8_t uc = c; uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */ - uint32_t y = x; /* 0: yes; 1..255: no */ - y -= 1; /* 4294967295: yes; 0..254: no */ - y >>= 31; /* 1: yes; 0: no */ + uint32_t y = x; /* 0: yes; 1..255: no */ + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ return y; } @@ -2085,2114 +2217,2114 @@ static const ge_precomp k25519Precomp[32][8] = { { { - {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, - 27544626, -11754271, -6079156, 2047605}, - {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, - 5043384, 19500929, -15469378}, - {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, - 29287919, 11864899, -24514362, -4438546}, + { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, + 27544626, -11754271, -6079156, 2047605 }, + { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, + 5043384, 19500929, -15469378 }, + { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, + 29287919, 11864899, -24514362, -4438546 }, }, { - {-12815894, -12976347, -21581243, 11784320, -25355658, -2750717, - -11717903, -3814571, -358445, -10211303}, - {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005, - -15616551, 11189268, -26829678, -5319081}, - {26966642, 11152617, 32442495, 15396054, 14353839, -12752335, - -3128826, -9541118, -15472047, -4166697}, + { -12815894, -12976347, -21581243, 11784320, -25355658, -2750717, + -11717903, -3814571, -358445, -10211303 }, + { -21703237, 6903825, 27185491, 6451973, -29577724, -9554005, + -15616551, 11189268, -26829678, -5319081 }, + { 26966642, 11152617, 32442495, 15396054, 14353839, -12752335, + -3128826, -9541118, -15472047, -4166697 }, }, { - {15636291, -9688557, 24204773, -7912398, 616977, -16685262, - 27787600, -14772189, 28944400, -1550024}, - {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, - 16354577, -11775962, 7689662, 11199574}, - {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, - 7512774, 10017326, -17749093, -9920357}, + { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, + 27787600, -14772189, 28944400, -1550024 }, + { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, + 16354577, -11775962, 7689662, 11199574 }, + { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, + 7512774, 10017326, -17749093, -9920357 }, }, { - {-17036878, 13921892, 10945806, -6033431, 27105052, -16084379, - -28926210, 15006023, 3284568, -6276540}, - {23599295, -8306047, -11193664, -7687416, 13236774, 10506355, - 7464579, 9656445, 13059162, 10374397}, - {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, - -3839045, -641708, -101325}, + { -17036878, 13921892, 10945806, -6033431, 27105052, -16084379, + -28926210, 15006023, 3284568, -6276540 }, + { 23599295, -8306047, -11193664, -7687416, 13236774, 10506355, + 7464579, 9656445, 13059162, 10374397 }, + { 7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, + -3839045, -641708, -101325 }, }, { - {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, - 32867885, 14515107, -15438304, 10819380}, - {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, - 12483688, -12668491, 5581306}, - {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, - 28542350, 13850243, -23678021, -15815942}, + { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, + 32867885, 14515107, -15438304, 10819380 }, + { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, + 12483688, -12668491, 5581306 }, + { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, + 28542350, 13850243, -23678021, -15815942 }, }, { - {-15371964, -12862754, 32573250, 4720197, -26436522, 5875511, - -19188627, -15224819, -9818940, -12085777}, - {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240, - -15689887, 1762328, 14866737}, - {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101, - -28236412, 3959421, 27914454, 4383652}, + { -15371964, -12862754, 32573250, 4720197, -26436522, 5875511, + -19188627, -15224819, -9818940, -12085777 }, + { -8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240, + -15689887, 1762328, 14866737 }, + { -18199695, -15951423, -10473290, 1707278, -17185920, 3916101, + -28236412, 3959421, 27914454, 4383652 }, }, { - {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, - 5230134, -23952439, -15175766}, - {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, - 20654025, 16520125, 30598449, 7715701}, - {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, - -31400660, 1370708, 29794553, -1409300}, + { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, + 5230134, -23952439, -15175766 }, + { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, + 20654025, 16520125, 30598449, 7715701 }, + { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, + -31400660, 1370708, 29794553, -1409300 }, }, { - {14499471, -2729599, -33191113, -4254652, 28494862, 14271267, - 30290735, 10876454, -33154098, 2381726}, - {-7195431, -2655363, -14730155, 462251, -27724326, 3941372, - -6236617, 3696005, -32300832, 15351955}, - {27431194, 8222322, 16448760, -3907995, -18707002, 11938355, - -32961401, -2970515, 29551813, 10109425}, + { 14499471, -2729599, -33191113, -4254652, 28494862, 14271267, + 30290735, 10876454, -33154098, 2381726 }, + { -7195431, -2655363, -14730155, 462251, -27724326, 3941372, + -6236617, 3696005, -32300832, 15351955 }, + { 27431194, 8222322, 16448760, -3907995, -18707002, 11938355, + -32961401, -2970515, 29551813, 10109425 }, }, }, { { - {-13657040, -13155431, -31283750, 11777098, 21447386, 6519384, - -2378284, -1627556, 10092783, -4764171}, - {27939166, 14210322, 4677035, 16277044, -22964462, -12398139, - -32508754, 12005538, -17810127, 12803510}, - {17228999, -15661624, -1233527, 300140, -1224870, -11714777, - 30364213, -9038194, 18016357, 4397660}, + { -13657040, -13155431, -31283750, 11777098, 21447386, 6519384, + -2378284, -1627556, 10092783, -4764171 }, + { 27939166, 14210322, 4677035, 16277044, -22964462, -12398139, + -32508754, 12005538, -17810127, 12803510 }, + { 17228999, -15661624, -1233527, 300140, -1224870, -11714777, + 30364213, -9038194, 18016357, 4397660 }, }, { - {-10958843, -7690207, 4776341, -14954238, 27850028, -15602212, - -26619106, 14544525, -17477504, 982639}, - {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899, - -4120128, -21047696, 9934963}, - {5793303, 16271923, -24131614, -10116404, 29188560, 1206517, - -14747930, 4559895, -30123922, -10897950}, + { -10958843, -7690207, 4776341, -14954238, 27850028, -15602212, + -26619106, 14544525, -17477504, 982639 }, + { 29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899, + -4120128, -21047696, 9934963 }, + { 5793303, 16271923, -24131614, -10116404, 29188560, 1206517, + -14747930, 4559895, -30123922, -10897950 }, }, { - {-27643952, -11493006, 16282657, -11036493, 28414021, -15012264, - 24191034, 4541697, -13338309, 5500568}, - {12650548, -1497113, 9052871, 11355358, -17680037, -8400164, - -17430592, 12264343, 10874051, 13524335}, - {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038, - 5080568, -22528059, 5376628}, + { -27643952, -11493006, 16282657, -11036493, 28414021, -15012264, + 24191034, 4541697, -13338309, 5500568 }, + { 12650548, -1497113, 9052871, 11355358, -17680037, -8400164, + -17430592, 12264343, 10874051, 13524335 }, + { 25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038, + 5080568, -22528059, 5376628 }, }, { - {-26088264, -4011052, -17013699, -3537628, -6726793, 1920897, - -22321305, -9447443, 4535768, 1569007}, - {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819, - -30494562, 3044290, 31848280, 12543772}, - {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203, - -27377195, -2062731, 7718482, 14474653}, + { -26088264, -4011052, -17013699, -3537628, -6726793, 1920897, + -22321305, -9447443, 4535768, 1569007 }, + { -2255422, 14606630, -21692440, -8039818, 28430649, 8775819, + -30494562, 3044290, 31848280, 12543772 }, + { -22028579, 2943893, -31857513, 6777306, 13784462, -4292203, + -27377195, -2062731, 7718482, 14474653 }, }, { - {2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965, - -7236665, 24316168, -5253567}, - {13741529, 10911568, -33233417, -8603737, -20177830, -1033297, - 33040651, -13424532, -20729456, 8321686}, - {21060490, -2212744, 15712757, -4336099, 1639040, 10656336, - 23845965, -11874838, -9984458, 608372}, + { 2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965, + -7236665, 24316168, -5253567 }, + { 13741529, 10911568, -33233417, -8603737, -20177830, -1033297, + 33040651, -13424532, -20729456, 8321686 }, + { 21060490, -2212744, 15712757, -4336099, 1639040, 10656336, + 23845965, -11874838, -9984458, 608372 }, }, { - {-13672732, -15087586, -10889693, -7557059, -6036909, 11305547, - 1123968, -6780577, 27229399, 23887}, - {-23244140, -294205, -11744728, 14712571, -29465699, -2029617, - 12797024, -6440308, -1633405, 16678954}, - {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805, - -1508144, -4795045, -17169265, 4904953}, + { -13672732, -15087586, -10889693, -7557059, -6036909, 11305547, + 1123968, -6780577, 27229399, 23887 }, + { -23244140, -294205, -11744728, 14712571, -29465699, -2029617, + 12797024, -6440308, -1633405, 16678954 }, + { -29500620, 4770662, -16054387, 14001338, 7830047, 9564805, + -1508144, -4795045, -17169265, 4904953 }, }, { - {24059557, 14617003, 19037157, -15039908, 19766093, -14906429, - 5169211, 16191880, 2128236, -4326833}, - {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247, - -29806336, 916033, -6882542, -2986532}, - {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175, - 285431, 2763829, 15736322, 4143876}, + { 24059557, 14617003, 19037157, -15039908, 19766093, -14906429, + 5169211, 16191880, 2128236, -4326833 }, + { -16981152, 4124966, -8540610, -10653797, 30336522, -14105247, + -29806336, 916033, -6882542, -2986532 }, + { -22630907, 12419372, -7134229, -7473371, -16478904, 16739175, + 285431, 2763829, 15736322, 4143876 }, }, { - {2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801, - -14594663, 23527084, -16458268}, - {33431127, -11130478, -17838966, -15626900, 8909499, 8376530, - -32625340, 4087881, -15188911, -14416214}, - {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055, - 4357868, -4774191, -16323038}, + { 2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801, + -14594663, 23527084, -16458268 }, + { 33431127, -11130478, -17838966, -15626900, 8909499, 8376530, + -32625340, 4087881, -15188911, -14416214 }, + { 1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055, + 4357868, -4774191, -16323038 }, }, }, { { - {6721966, 13833823, -23523388, -1551314, 26354293, -11863321, - 23365147, -3949732, 7390890, 2759800}, - {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353, - -4264057, 1244380, -12919645}, - {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413, - 9208236, 15886429, 16489664}, + { 6721966, 13833823, -23523388, -1551314, 26354293, -11863321, + 23365147, -3949732, 7390890, 2759800 }, + { 4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353, + -4264057, 1244380, -12919645 }, + { -4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413, + 9208236, 15886429, 16489664 }, }, { - {1996075, 10375649, 14346367, 13311202, -6874135, -16438411, - -13693198, 398369, -30606455, -712933}, - {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363, - 13348553, 12076947, -30836462, 5113182}, - {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344, - -30341101, -7336386, 13847711, 5387222}, + { 1996075, 10375649, 14346367, 13311202, -6874135, -16438411, + -13693198, 398369, -30606455, -712933 }, + { -25307465, 9795880, -2777414, 14878809, -33531835, 14780363, + 13348553, 12076947, -30836462, 5113182 }, + { -17770784, 11797796, 31950843, 13929123, -25888302, 12288344, + -30341101, -7336386, 13847711, 5387222 }, }, { - {-18582163, -3416217, 17824843, -2340966, 22744343, -10442611, - 8763061, 3617786, -19600662, 10370991}, - {20246567, -14369378, 22358229, -543712, 18507283, -10413996, - 14554437, -8746092, 32232924, 16763880}, - {9648505, 10094563, 26416693, 14745928, -30374318, -6472621, - 11094161, 15689506, 3140038, -16510092}, + { -18582163, -3416217, 17824843, -2340966, 22744343, -10442611, + 8763061, 3617786, -19600662, 10370991 }, + { 20246567, -14369378, 22358229, -543712, 18507283, -10413996, + 14554437, -8746092, 32232924, 16763880 }, + { 9648505, 10094563, 26416693, 14745928, -30374318, -6472621, + 11094161, 15689506, 3140038, -16510092 }, }, { - {-16160072, 5472695, 31895588, 4744994, 8823515, 10365685, - -27224800, 9448613, -28774454, 366295}, - {19153450, 11523972, -11096490, -6503142, -24647631, 5420647, - 28344573, 8041113, 719605, 11671788}, - {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916, - -15266516, 27000813, -10195553}, + { -16160072, 5472695, 31895588, 4744994, 8823515, 10365685, + -27224800, 9448613, -28774454, 366295 }, + { 19153450, 11523972, -11096490, -6503142, -24647631, 5420647, + 28344573, 8041113, 719605, 11671788 }, + { 8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916, + -15266516, 27000813, -10195553 }, }, { - {-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065, - 5336097, 6750977, -14521026}, - {11836410, -3979488, 26297894, 16080799, 23455045, 15735944, - 1695823, -8819122, 8169720, 16220347}, - {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763, - -11144307, -2627664, -5990708, -14166033}, + { -15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065, + 5336097, 6750977, -14521026 }, + { 11836410, -3979488, 26297894, 16080799, 23455045, 15735944, + 1695823, -8819122, 8169720, 16220347 }, + { -18115838, 8653647, 17578566, -6092619, -8025777, -16012763, + -11144307, -2627664, -5990708, -14166033 }, }, { - {-23308498, -10968312, 15213228, -10081214, -30853605, -11050004, - 27884329, 2847284, 2655861, 1738395}, - {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821, - 21651608, -3239336, -19087449, -11005278}, - {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, - 5821408, 10478196, 8544890}, + { -23308498, -10968312, 15213228, -10081214, -30853605, -11050004, + 27884329, 2847284, 2655861, 1738395 }, + { -27537433, -14253021, -25336301, -8002780, -9370762, 8129821, + 21651608, -3239336, -19087449, -11005278 }, + { 1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, + 5821408, 10478196, 8544890 }, }, { - {32173121, -16129311, 24896207, 3921497, 22579056, -3410854, - 19270449, 12217473, 17789017, -3395995}, - {-30552961, -2228401, -15578829, -10147201, 13243889, 517024, - 15479401, -3853233, 30460520, 1052596}, - {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687, - 27491595, -4612359, 3179268, -9478891}, + { 32173121, -16129311, 24896207, 3921497, 22579056, -3410854, + 19270449, 12217473, 17789017, -3395995 }, + { -30552961, -2228401, -15578829, -10147201, 13243889, 517024, + 15479401, -3853233, 30460520, 1052596 }, + { -11614875, 13323618, 32618793, 8175907, -15230173, 12596687, + 27491595, -4612359, 3179268, -9478891 }, }, { - {31947069, -14366651, -4640583, -15339921, -15125977, -6039709, - -14756777, -16411740, 19072640, -9511060}, - {11685058, 11822410, 3158003, -13952594, 33402194, -4165066, - 5977896, -5215017, 473099, 5040608}, - {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760, - 28326862, 1721092, -19558642, -3131606}, + { 31947069, -14366651, -4640583, -15339921, -15125977, -6039709, + -14756777, -16411740, 19072640, -9511060 }, + { 11685058, 11822410, 3158003, -13952594, 33402194, -4165066, + 5977896, -5215017, 473099, 5040608 }, + { -20290863, 8198642, -27410132, 11602123, 1290375, -2799760, + 28326862, 1721092, -19558642, -3131606 }, }, }, { { - {7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786, - 8076149, -27868496, 11538389}, - {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211, - 8754525, 7446702, -5676054, 5797016}, - {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199, - 2014099, -9050574, -2369172, -5877341}, + { 7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786, + 8076149, -27868496, 11538389 }, + { -19935666, 3899861, 18283497, -6801568, -15728660, -11249211, + 8754525, 7446702, -5676054, 5797016 }, + { -11295600, -3793569, -15782110, -7964573, 12708869, -8456199, + 2014099, -9050574, -2369172, -5877341 }, }, { - {-22472376, -11568741, -27682020, 1146375, 18956691, 16640559, - 1192730, -3714199, 15123619, 10811505}, - {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363, - 15776356, -28886779, -11974553}, - {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569, - -20654173, -16484855, 4714547, -9600655}, + { -22472376, -11568741, -27682020, 1146375, 18956691, 16640559, + 1192730, -3714199, 15123619, 10811505 }, + { 14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363, + 15776356, -28886779, -11974553 }, + { -28241164, -8072475, -4978962, -5315317, 29416931, 1847569, + -20654173, -16484855, 4714547, -9600655 }, }, { - {15200332, 8368572, 19679101, 15970074, -31872674, 1959451, - 24611599, -4543832, -11745876, 12340220}, - {12876937, -10480056, 33134381, 6590940, -6307776, 14872440, - 9613953, 8241152, 15370987, 9608631}, - {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868, - 15866074, -28210621, -8814099}, + { 15200332, 8368572, 19679101, 15970074, -31872674, 1959451, + 24611599, -4543832, -11745876, 12340220 }, + { 12876937, -10480056, 33134381, 6590940, -6307776, 14872440, + 9613953, 8241152, 15370987, 9608631 }, + { -4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868, + 15866074, -28210621, -8814099 }, }, { - {26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233, - 858697, 20571223, 8420556}, - {14620715, 13067227, -15447274, 8264467, 14106269, 15080814, - 33531827, 12516406, -21574435, -12476749}, - {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519, - 7256740, 8791136, 15069930}, + { 26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233, + 858697, 20571223, 8420556 }, + { 14620715, 13067227, -15447274, 8264467, 14106269, 15080814, + 33531827, 12516406, -21574435, -12476749 }, + { 236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519, + 7256740, 8791136, 15069930 }, }, { - {1276410, -9371918, 22949635, -16322807, -23493039, -5702186, - 14711875, 4874229, -30663140, -2331391}, - {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175, - -7912378, -33069337, 9234253}, - {20590503, -9018988, 31529744, -7352666, -2706834, 10650548, - 31559055, -11609587, 18979186, 13396066}, + { 1276410, -9371918, 22949635, -16322807, -23493039, -5702186, + 14711875, 4874229, -30663140, -2331391 }, + { 5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175, + -7912378, -33069337, 9234253 }, + { 20590503, -9018988, 31529744, -7352666, -2706834, 10650548, + 31559055, -11609587, 18979186, 13396066 }, }, { - {24474287, 4968103, 22267082, 4407354, 24063882, -8325180, - -18816887, 13594782, 33514650, 7021958}, - {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421, - -25948728, -3916677, -21480480, 12868082}, - {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208, - -21446107, 2244500, -12455797, -8089383}, + { 24474287, 4968103, 22267082, 4407354, 24063882, -8325180, + -18816887, 13594782, 33514650, 7021958 }, + { -11566906, -6565505, -21365085, 15928892, -26158305, 4315421, + -25948728, -3916677, -21480480, 12868082 }, + { -28635013, 13504661, 19988037, -2132761, 21078225, 6443208, + -21446107, 2244500, -12455797, -8089383 }, }, { - {-30595528, 13793479, -5852820, 319136, -25723172, -6263899, - 33086546, 8957937, -15233648, 5540521}, - {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908, - -23710744, -1568984, -16128528, -14962807}, - {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819, - 892185, -11513277, -15205948}, + { -30595528, 13793479, -5852820, 319136, -25723172, -6263899, + 33086546, 8957937, -15233648, 5540521 }, + { -11630176, -11503902, -8119500, -7643073, 2620056, 1022908, + -23710744, -1568984, -16128528, -14962807 }, + { 23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819, + 892185, -11513277, -15205948 }, }, { - {9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819, - 4763127, -19179614, 5867134}, - {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500, - 27846559, 5931263, -29749703, -16108455}, - {27461885, -2977536, 22380810, 1815854, -23033753, -3031938, - 7283490, -15148073, -19526700, 7734629}, + { 9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819, + 4763127, -19179614, 5867134 }, + { -32765025, 1927590, 31726409, -4753295, 23962434, -16019500, + 27846559, 5931263, -29749703, -16108455 }, + { 27461885, -2977536, 22380810, 1815854, -23033753, -3031938, + 7283490, -15148073, -19526700, 7734629 }, }, }, { { - {-8010264, -9590817, -11120403, 6196038, 29344158, -13430885, - 7585295, -3176626, 18549497, 15302069}, - {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381, - 10458790, -6418461, -8872242, 8424746}, - {24687205, 8613276, -30667046, -3233545, 1863892, -1830544, - 19206234, 7134917, -11284482, -828919}, + { -8010264, -9590817, -11120403, 6196038, 29344158, -13430885, + 7585295, -3176626, 18549497, 15302069 }, + { -32658337, -6171222, -7672793, -11051681, 6258878, 13504381, + 10458790, -6418461, -8872242, 8424746 }, + { 24687205, 8613276, -30667046, -3233545, 1863892, -1830544, + 19206234, 7134917, -11284482, -828919 }, }, { - {11334899, -9218022, 8025293, 12707519, 17523892, -10476071, - 10243738, -14685461, -5066034, 16498837}, - {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925, - -14124238, 6536641, 10543906}, - {-28946384, 15479763, -17466835, 568876, -1497683, 11223454, - -2669190, -16625574, -27235709, 8876771}, + { 11334899, -9218022, 8025293, 12707519, 17523892, -10476071, + 10243738, -14685461, -5066034, 16498837 }, + { 8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925, + -14124238, 6536641, 10543906 }, + { -28946384, 15479763, -17466835, 568876, -1497683, 11223454, + -2669190, -16625574, -27235709, 8876771 }, }, { - {-25742899, -12566864, -15649966, -846607, -33026686, -796288, - -33481822, 15824474, -604426, -9039817}, - {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697, - -4890037, 1657394, 3084098}, - {10477963, -7470260, 12119566, -13250805, 29016247, -5365589, - 31280319, 14396151, -30233575, 15272409}, + { -25742899, -12566864, -15649966, -846607, -33026686, -796288, + -33481822, 15824474, -604426, -9039817 }, + { 10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697, + -4890037, 1657394, 3084098 }, + { 10477963, -7470260, 12119566, -13250805, 29016247, -5365589, + 31280319, 14396151, -30233575, 15272409 }, }, { - {-12288309, 3169463, 28813183, 16658753, 25116432, -5630466, - -25173957, -12636138, -25014757, 1950504}, - {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630, - -8384306, -8767532, 15341279, 8373727}, - {28685821, 7759505, -14378516, -12002860, -31971820, 4079242, - 298136, -10232602, -2878207, 15190420}, + { -12288309, 3169463, 28813183, 16658753, 25116432, -5630466, + -25173957, -12636138, -25014757, 1950504 }, + { -26180358, 9489187, 11053416, -14746161, -31053720, 5825630, + -8384306, -8767532, 15341279, 8373727 }, + { 28685821, 7759505, -14378516, -12002860, -31971820, 4079242, + 298136, -10232602, -2878207, 15190420 }, }, { - {-32932876, 13806336, -14337485, -15794431, -24004620, 10940928, - 8669718, 2742393, -26033313, -6875003}, - {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854, - 9291594, -16247779, -12154742, 6048605}, - {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163, - 13934231, 5128323, 11213262, 9168384}, + { -32932876, 13806336, -14337485, -15794431, -24004620, 10940928, + 8669718, 2742393, -26033313, -6875003 }, + { -1580388, -11729417, -25979658, -11445023, -17411874, -10912854, + 9291594, -16247779, -12154742, 6048605 }, + { -30305315, 14843444, 1539301, 11864366, 20201677, 1900163, + 13934231, 5128323, 11213262, 9168384 }, }, { - {-26280513, 11007847, 19408960, -940758, -18592965, -4328580, - -5088060, -11105150, 20470157, -16398701}, - {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560, - -22783952, 14461608, 14042978, 5230683}, - {29969567, -2741594, -16711867, -8552442, 9175486, -2468974, - 21556951, 3506042, -5933891, -12449708}, + { -26280513, 11007847, 19408960, -940758, -18592965, -4328580, + -5088060, -11105150, 20470157, -16398701 }, + { -23136053, 9282192, 14855179, -15390078, -7362815, -14408560, + -22783952, 14461608, 14042978, 5230683 }, + { 29969567, -2741594, -16711867, -8552442, 9175486, -2468974, + 21556951, 3506042, -5933891, -12449708 }, }, { - {-3144746, 8744661, 19704003, 4581278, -20430686, 6830683, - -21284170, 8971513, -28539189, 15326563}, - {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669, - -15523050, 15300988, -20514118, 9168260}, - {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939, - -28948358, 9601605, 33087103, -9011387}, + { -3144746, 8744661, 19704003, 4581278, -20430686, 6830683, + -21284170, 8971513, -28539189, 15326563 }, + { -19464629, 10110288, -17262528, -3503892, -23500387, 1355669, + -15523050, 15300988, -20514118, 9168260 }, + { -5353335, 4488613, -23803248, 16314347, 7780487, -15638939, + -28948358, 9601605, 33087103, -9011387 }, }, { - {-19443170, -15512900, -20797467, -12445323, -29824447, 10229461, - -27444329, -15000531, -5996870, 15664672}, - {23294591, -16632613, -22650781, -8470978, 27844204, 11461195, - 13099750, -2460356, 18151676, 13417686}, - {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065, - 1661597, -12551441, 15271676, -15452665}, + { -19443170, -15512900, -20797467, -12445323, -29824447, 10229461, + -27444329, -15000531, -5996870, 15664672 }, + { 23294591, -16632613, -22650781, -8470978, 27844204, 11461195, + 13099750, -2460356, 18151676, 13417686 }, + { -24722913, -4176517, -31150679, 5988919, -26858785, 6685065, + 1661597, -12551441, 15271676, -15452665 }, }, }, { { - {11433042, -13228665, 8239631, -5279517, -1985436, -725718, - -18698764, 2167544, -6921301, -13440182}, - {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379, - -9917708, -8638997, 12215110, 12028277}, - {14098400, 6555944, 23007258, 5757252, -15427832, -12950502, - 30123440, 4617780, -16900089, -655628}, + { 11433042, -13228665, 8239631, -5279517, -1985436, -725718, + -18698764, 2167544, -6921301, -13440182 }, + { -31436171, 15575146, 30436815, 12192228, -22463353, 9395379, + -9917708, -8638997, 12215110, 12028277 }, + { 14098400, 6555944, 23007258, 5757252, -15427832, -12950502, + 30123440, 4617780, -16900089, -655628 }, }, { - {-4026201, -15240835, 11893168, 13718664, -14809462, 1847385, - -15819999, 10154009, 23973261, -12684474}, - {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355, - 18341390, -11419951, 32013174, -10103539}, - {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104, - 21911214, 6354752, 4425632, -837822}, + { -4026201, -15240835, 11893168, 13718664, -14809462, 1847385, + -15819999, 10154009, 23973261, -12684474 }, + { -26531820, -3695990, -1908898, 2534301, -31870557, -16550355, + 18341390, -11419951, 32013174, -10103539 }, + { -25479301, 10876443, -11771086, -14625140, -12369567, 1838104, + 21911214, 6354752, 4425632, -837822 }, }, { - {-10433389, -14612966, 22229858, -3091047, -13191166, 776729, - -17415375, -12020462, 4725005, 14044970}, - {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390, - -1411784, -19522291, -16109756}, - {-24864089, 12986008, -10898878, -5558584, -11312371, -148526, - 19541418, 8180106, 9282262, 10282508}, + { -10433389, -14612966, 22229858, -3091047, -13191166, 776729, + -17415375, -12020462, 4725005, 14044970 }, + { 19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390, + -1411784, -19522291, -16109756 }, + { -24864089, 12986008, -10898878, -5558584, -11312371, -148526, + 19541418, 8180106, 9282262, 10282508 }, }, { - {-26205082, 4428547, -8661196, -13194263, 4098402, -14165257, - 15522535, 8372215, 5542595, -10702683}, - {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360, - -2781891, 6993761, -18093885, 10114655}, - {-20107055, -929418, 31422704, 10427861, -7110749, 6150669, - -29091755, -11529146, 25953725, -106158}, + { -26205082, 4428547, -8661196, -13194263, 4098402, -14165257, + 15522535, 8372215, 5542595, -10702683 }, + { -10562541, 14895633, 26814552, -16673850, -17480754, -2489360, + -2781891, 6993761, -18093885, 10114655 }, + { -20107055, -929418, 31422704, 10427861, -7110749, 6150669, + -29091755, -11529146, 25953725, -106158 }, }, { - {-4234397, -8039292, -9119125, 3046000, 2101609, -12607294, - 19390020, 6094296, -3315279, 12831125}, - {-15998678, 7578152, 5310217, 14408357, -33548620, -224739, - 31575954, 6326196, 7381791, -2421839}, - {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640, - 6295303, 8082724, -15362489, 12339664}, + { -4234397, -8039292, -9119125, 3046000, 2101609, -12607294, + 19390020, 6094296, -3315279, 12831125 }, + { -15998678, 7578152, 5310217, 14408357, -33548620, -224739, + 31575954, 6326196, 7381791, -2421839 }, + { -20902779, 3296811, 24736065, -16328389, 18374254, 7318640, + 6295303, 8082724, -15362489, 12339664 }, }, { - {27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414, - 15768922, 25091167, 14856294}, - {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300, - -12695493, -22182473, -9012899}, - {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039, - -27260765, 13866390, 30146206, 9142070}, + { 27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414, + 15768922, 25091167, 14856294 }, + { -18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300, + -12695493, -22182473, -9012899 }, + { -11423429, -5421590, 11632845, 3405020, 30536730, -11674039, + -27260765, 13866390, 30146206, 9142070 }, }, { - {3924129, -15307516, -13817122, -10054960, 12291820, -668366, - -27702774, 9326384, -8237858, 4171294}, - {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944, - 26396185, 3731949, 345228, -5462949}, - {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387, - 2031539, -12391231, -16253183, -13582083}, + { 3924129, -15307516, -13817122, -10054960, 12291820, -668366, + -27702774, 9326384, -8237858, 4171294 }, + { -15921940, 16037937, 6713787, 16606682, -21612135, 2790944, + 26396185, 3731949, 345228, -5462949 }, + { -21327538, 13448259, 25284571, 1143661, 20614966, -8849387, + 2031539, -12391231, -16253183, -13582083 }, }, { - {31016211, -16722429, 26371392, -14451233, -5027349, 14854137, - 17477601, 3842657, 28012650, -16405420}, - {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560, - -9189873, 16292057, -8867157, 3507940}, - {29439664, 3537914, 23333589, 6997794, -17555561, -11018068, - -15209202, -15051267, -9164929, 6580396}, + { 31016211, -16722429, 26371392, -14451233, -5027349, 14854137, + 17477601, 3842657, 28012650, -16405420 }, + { -5075835, 9368966, -8562079, -4600902, -15249953, 6970560, + -9189873, 16292057, -8867157, 3507940 }, + { 29439664, 3537914, 23333589, 6997794, -17555561, -11018068, + -15209202, -15051267, -9164929, 6580396 }, }, }, { { - {-12185861, -7679788, 16438269, 10826160, -8696817, -6235611, - 17860444, -9273846, -2095802, 9304567}, - {20714564, -4336911, 29088195, 7406487, 11426967, -5095705, - 14792667, -14608617, 5289421, -477127}, - {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462, - 17271490, 12349094, 26939669, -3752294}, + { -12185861, -7679788, 16438269, 10826160, -8696817, -6235611, + 17860444, -9273846, -2095802, 9304567 }, + { 20714564, -4336911, 29088195, 7406487, 11426967, -5095705, + 14792667, -14608617, 5289421, -477127 }, + { -16665533, -10650790, -6160345, -13305760, 9192020, -1802462, + 17271490, 12349094, 26939669, -3752294 }, }, { - {-12889898, 9373458, 31595848, 16374215, 21471720, 13221525, - -27283495, -12348559, -3698806, 117887}, - {22263325, -6560050, 3984570, -11174646, -15114008, -566785, - 28311253, 5358056, -23319780, 541964}, - {16259219, 3261970, 2309254, -15534474, -16885711, -4581916, - 24134070, -16705829, -13337066, -13552195}, + { -12889898, 9373458, 31595848, 16374215, 21471720, 13221525, + -27283495, -12348559, -3698806, 117887 }, + { 22263325, -6560050, 3984570, -11174646, -15114008, -566785, + 28311253, 5358056, -23319780, 541964 }, + { 16259219, 3261970, 2309254, -15534474, -16885711, -4581916, + 24134070, -16705829, -13337066, -13552195 }, }, { - {9378160, -13140186, -22845982, -12745264, 28198281, -7244098, - -2399684, -717351, 690426, 14876244}, - {24977353, -314384, -8223969, -13465086, 28432343, -1176353, - -13068804, -12297348, -22380984, 6618999}, - {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193, - 8044829, -13817328, 32239829, -5652762}, + { 9378160, -13140186, -22845982, -12745264, 28198281, -7244098, + -2399684, -717351, 690426, 14876244 }, + { 24977353, -314384, -8223969, -13465086, 28432343, -1176353, + -13068804, -12297348, -22380984, 6618999 }, + { -1538174, 11685646, 12944378, 13682314, -24389511, -14413193, + 8044829, -13817328, 32239829, -5652762 }, }, { - {-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647, - -10350059, 32779359, 5095274}, - {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423, - -24601656, 14506724, 21639561, -2630236}, - {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318, - -1289502, -6863535, 17874574, 558605}, + { -18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647, + -10350059, 32779359, 5095274 }, + { -33008130, -5214506, -32264887, -3685216, 9460461, -9327423, + -24601656, 14506724, 21639561, -2630236 }, + { -16400943, -13112215, 25239338, 15531969, 3987758, -4499318, + -1289502, -6863535, 17874574, 558605 }, }, { - {-13600129, 10240081, 9171883, 16131053, -20869254, 9599700, - 33499487, 5080151, 2085892, 5119761}, - {-22205145, -2519528, -16381601, 414691, -25019550, 2170430, - 30634760, -8363614, -31999993, -5759884}, - {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256, - 27534430, -7192145, -22351378, 12961482}, + { -13600129, 10240081, 9171883, 16131053, -20869254, 9599700, + 33499487, 5080151, 2085892, 5119761 }, + { -22205145, -2519528, -16381601, 414691, -25019550, 2170430, + 30634760, -8363614, -31999993, -5759884 }, + { -6845704, 15791202, 8550074, -1312654, 29928809, -12092256, + 27534430, -7192145, -22351378, 12961482 }, }, { - {-24492060, -9570771, 10368194, 11582341, -23397293, -2245287, - 16533930, 8206996, -30194652, -5159638}, - {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630, - 7031275, 7589640, 8945490}, - {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393, - 7251489, -11182180, 24099109, -14456170}, + { -24492060, -9570771, 10368194, 11582341, -23397293, -2245287, + 16533930, 8206996, -30194652, -5159638 }, + { -11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630, + 7031275, 7589640, 8945490 }, + { -32152748, 8917967, 6661220, -11677616, -1192060, -15793393, + 7251489, -11182180, 24099109, -14456170 }, }, { - {5019558, -7907470, 4244127, -14714356, -26933272, 6453165, - -19118182, -13289025, -6231896, -10280736}, - {10853594, 10721687, 26480089, 5861829, -22995819, 1972175, - -1866647, -10557898, -3363451, -6441124}, - {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661, - -2008168, -13866408, 7421392}, + { 5019558, -7907470, 4244127, -14714356, -26933272, 6453165, + -19118182, -13289025, -6231896, -10280736 }, + { 10853594, 10721687, 26480089, 5861829, -22995819, 1972175, + -1866647, -10557898, -3363451, -6441124 }, + { -17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661, + -2008168, -13866408, 7421392 }, }, { - {8139927, -6546497, 32257646, -5890546, 30375719, 1886181, - -21175108, 15441252, 28826358, -4123029}, - {6267086, 9695052, 7709135, -16603597, -32869068, -1886135, - 14795160, -7840124, 13746021, -1742048}, - {28584902, 7787108, -6732942, -15050729, 22846041, -7571236, - -3181936, -363524, 4771362, -8419958}, + { 8139927, -6546497, 32257646, -5890546, 30375719, 1886181, + -21175108, 15441252, 28826358, -4123029 }, + { 6267086, 9695052, 7709135, -16603597, -32869068, -1886135, + 14795160, -7840124, 13746021, -1742048 }, + { 28584902, 7787108, -6732942, -15050729, 22846041, -7571236, + -3181936, -363524, 4771362, -8419958 }, }, }, { { - {24949256, 6376279, -27466481, -8174608, -18646154, -9930606, - 33543569, -12141695, 3569627, 11342593}, - {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886, - 4608608, 7325975, -14801071}, - {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312, - -27400540, 10258390, -17646694, -8186692}, + { 24949256, 6376279, -27466481, -8174608, -18646154, -9930606, + 33543569, -12141695, 3569627, 11342593 }, + { 26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886, + 4608608, 7325975, -14801071 }, + { -11618399, -14554430, -24321212, 7655128, -1369274, 5214312, + -27400540, 10258390, -17646694, -8186692 }, }, { - {11431204, 15823007, 26570245, 14329124, 18029990, 4796082, - -31446179, 15580664, 9280358, -3973687}, - {-160783, -10326257, -22855316, -4304997, -20861367, -13621002, - -32810901, -11181622, -15545091, 4387441}, - {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370, - -24513992, 8548137, 20617071, -7482001}, + { 11431204, 15823007, 26570245, 14329124, 18029990, 4796082, + -31446179, 15580664, 9280358, -3973687 }, + { -160783, -10326257, -22855316, -4304997, -20861367, -13621002, + -32810901, -11181622, -15545091, 4387441 }, + { -20799378, 12194512, 3937617, -5805892, -27154820, 9340370, + -24513992, 8548137, 20617071, -7482001 }, }, { - {-938825, -3930586, -8714311, 16124718, 24603125, -6225393, - -13775352, -11875822, 24345683, 10325460}, - {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528, - 16318175, -1010689, 4766743, 3552007}, - {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514, - 14481909, 10988822, -3994762}, + { -938825, -3930586, -8714311, 16124718, 24603125, -6225393, + -13775352, -11875822, 24345683, 10325460 }, + { -19855277, -1568885, -22202708, 8714034, 14007766, 6928528, + 16318175, -1010689, 4766743, 3552007 }, + { -21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514, + 14481909, 10988822, -3994762 }, }, { - {15564307, -14311570, 3101243, 5684148, 30446780, -8051356, - 12677127, -6505343, -8295852, 13296005}, - {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379, - 31521204, 9614054, -30000824, 12074674}, - {4771191, -135239, 14290749, -13089852, 27992298, 14998318, - -1413936, -1556716, 29832613, -16391035}, + { 15564307, -14311570, 3101243, 5684148, 30446780, -8051356, + 12677127, -6505343, -8295852, 13296005 }, + { -9442290, 6624296, -30298964, -11913677, -4670981, -2057379, + 31521204, 9614054, -30000824, 12074674 }, + { 4771191, -135239, 14290749, -13089852, 27992298, 14998318, + -1413936, -1556716, 29832613, -16391035 }, }, { - {7064884, -7541174, -19161962, -5067537, -18891269, -2912736, - 25825242, 5293297, -27122660, 13101590}, - {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445, - 32512469, -5317593, -30356070, -4190957}, - {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044, - 14413974, 9515896, 19568978, 9628812}, + { 7064884, -7541174, -19161962, -5067537, -18891269, -2912736, + 25825242, 5293297, -27122660, 13101590 }, + { -2298563, 2439670, -7466610, 1719965, -27267541, -16328445, + 32512469, -5317593, -30356070, -4190957 }, + { -30006540, 10162316, -33180176, 3981723, -16482138, -13070044, + 14413974, 9515896, 19568978, 9628812 }, }, { - {33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894, - -6106839, -6291786, 3437740}, - {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290, - -22961733, 70104, 7463304, 4176122}, - {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117, - -32719404, -5322751, 24216882, 5944158}, + { 33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894, + -6106839, -6291786, 3437740 }, + { -18978877, 3884493, 19469877, 12726490, 15913552, 13614290, + -22961733, 70104, 7463304, 4176122 }, + { -27124001, 10659917, 11482427, -16070381, 12771467, -6635117, + -32719404, -5322751, 24216882, 5944158 }, }, { - {8894125, 7450974, -2664149, -9765752, -28080517, -12389115, - 19345746, 14680796, 11632993, 5847885}, - {26942781, -2315317, 9129564, -4906607, 26024105, 11769399, - -11518837, 6367194, -9727230, 4782140}, - {19916461, -4828410, -22910704, -11414391, 25606324, -5972441, - 33253853, 8220911, 6358847, -1873857}, + { 8894125, 7450974, -2664149, -9765752, -28080517, -12389115, + 19345746, 14680796, 11632993, 5847885 }, + { 26942781, -2315317, 9129564, -4906607, 26024105, 11769399, + -11518837, 6367194, -9727230, 4782140 }, + { 19916461, -4828410, -22910704, -11414391, 25606324, -5972441, + 33253853, 8220911, 6358847, -1873857 }, }, { - {801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388, - -4480480, -13538503, 1387155}, - {19646058, 5720633, -11416706, 12814209, 11607948, 12749789, - 14147075, 15156355, -21866831, 11835260}, - {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, - 15467869, -26560550, 5052483}, + { 801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388, + -4480480, -13538503, 1387155 }, + { 19646058, 5720633, -11416706, 12814209, 11607948, 12749789, + 14147075, 15156355, -21866831, 11835260 }, + { 19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, + 15467869, -26560550, 5052483 }, }, }, { { - {-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123, - -12618185, 12228557, -7003677}, - {32944382, 14922211, -22844894, 5188528, 21913450, -8719943, - 4001465, 13238564, -6114803, 8653815}, - {22865569, -4652735, 27603668, -12545395, 14348958, 8234005, - 24808405, 5719875, 28483275, 2841751}, + { -3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123, + -12618185, 12228557, -7003677 }, + { 32944382, 14922211, -22844894, 5188528, 21913450, -8719943, + 4001465, 13238564, -6114803, 8653815 }, + { 22865569, -4652735, 27603668, -12545395, 14348958, 8234005, + 24808405, 5719875, 28483275, 2841751 }, }, { - {-16420968, -1113305, -327719, -12107856, 21886282, -15552774, - -1887966, -315658, 19932058, -12739203}, - {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912, - 3999228, 13239134, -4777469, -13910208}, - {1382174, -11694719, 17266790, 9194690, -13324356, 9720081, - 20403944, 11284705, -14013818, 3093230}, + { -16420968, -1113305, -327719, -12107856, 21886282, -15552774, + -1887966, -315658, 19932058, -12739203 }, + { -11656086, 10087521, -8864888, -5536143, -19278573, -3055912, + 3999228, 13239134, -4777469, -13910208 }, + { 1382174, -11694719, 17266790, 9194690, -13324356, 9720081, + 20403944, 11284705, -14013818, 3093230 }, }, { - {16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424, - 16271225, -24049421, -6691850}, - {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293, - 24123614, 15193618, -21652117, -16739389}, - {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484, - 31870908, 14690798, 17361620, 11864968}, + { 16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424, + 16271225, -24049421, -6691850 }, + { -21911077, -5927941, -4611316, -5560156, -31744103, -10785293, + 24123614, 15193618, -21652117, -16739389 }, + { -9935934, -4289447, -25279823, 4372842, 2087473, 10399484, + 31870908, 14690798, 17361620, 11864968 }, }, { - {-11307610, 6210372, 13206574, 5806320, -29017692, -13967200, - -12331205, -7486601, -25578460, -16240689}, - {14668462, -12270235, 26039039, 15305210, 25515617, 4542480, - 10453892, 6577524, 9145645, -6443880}, - {5974874, 3053895, -9433049, -10385191, -31865124, 3225009, - -7972642, 3936128, -5652273, -3050304}, + { -11307610, 6210372, 13206574, 5806320, -29017692, -13967200, + -12331205, -7486601, -25578460, -16240689 }, + { 14668462, -12270235, 26039039, 15305210, 25515617, 4542480, + 10453892, 6577524, 9145645, -6443880 }, + { 5974874, 3053895, -9433049, -10385191, -31865124, 3225009, + -7972642, 3936128, -5652273, -3050304 }, }, { - {30625386, -4729400, -25555961, -12792866, -20484575, 7695099, - 17097188, -16303496, -27999779, 1803632}, - {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700, - 14911344, 12196514, -21405489, 7047412}, - {20093277, 9920966, -11138194, -5343857, 13161587, 12044805, - -32856851, 4124601, -32343828, -10257566}, + { 30625386, -4729400, -25555961, -12792866, -20484575, 7695099, + 17097188, -16303496, -27999779, 1803632 }, + { -3553091, 9865099, -5228566, 4272701, -5673832, -16689700, + 14911344, 12196514, -21405489, 7047412 }, + { 20093277, 9920966, -11138194, -5343857, 13161587, 12044805, + -32856851, 4124601, -32343828, -10257566 }, }, { - {-20788824, 14084654, -13531713, 7842147, 19119038, -13822605, - 4752377, -8714640, -21679658, 2288038}, - {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457, - 29457502, 14625692, -24819617, 12570232}, - {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109, - -21159943, -3498680, -11974704, 4724943}, + { -20788824, 14084654, -13531713, 7842147, 19119038, -13822605, + 4752377, -8714640, -21679658, 2288038 }, + { -26819236, -3283715, 29965059, 3039786, -14473765, 2540457, + 29457502, 14625692, -24819617, 12570232 }, + { -1063558, -11551823, 16920318, 12494842, 1278292, -5869109, + -21159943, -3498680, -11974704, 4724943 }, }, { - {17960970, -11775534, -4140968, -9702530, -8876562, -1410617, - -12907383, -8659932, -29576300, 1903856}, - {23134274, -14279132, -10681997, -1611936, 20684485, 15770816, - -12989750, 3190296, 26955097, 14109738}, - {15308788, 5320727, -30113809, -14318877, 22902008, 7767164, - 29425325, -11277562, 31960942, 11934971}, + { 17960970, -11775534, -4140968, -9702530, -8876562, -1410617, + -12907383, -8659932, -29576300, 1903856 }, + { 23134274, -14279132, -10681997, -1611936, 20684485, 15770816, + -12989750, 3190296, 26955097, 14109738 }, + { 15308788, 5320727, -30113809, -14318877, 22902008, 7767164, + 29425325, -11277562, 31960942, 11934971 }, }, { - {-27395711, 8435796, 4109644, 12222639, -24627868, 14818669, - 20638173, 4875028, 10491392, 1379718}, - {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801, - 33518459, 16176658, 21432314, 12180697}, - {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205, - 1465425, 12689540, -10301319, -13872883}, + { -27395711, 8435796, 4109644, 12222639, -24627868, 14818669, + 20638173, 4875028, 10491392, 1379718 }, + { -13159415, 9197841, 3875503, -8936108, -1383712, -5879801, + 33518459, 16176658, 21432314, 12180697 }, + { -11787308, 11500838, 13787581, -13832590, -22430679, 10140205, + 1465425, 12689540, -10301319, -13872883 }, }, }, { { - {5414091, -15386041, -21007664, 9643570, 12834970, 1186149, - -2622916, -1342231, 26128231, 6032912}, - {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156, - 3604025, 8316894, -25875034, -10437358}, - {3296484, 6223048, 24680646, -12246460, -23052020, 5903205, - -8862297, -4639164, 12376617, 3188849}, + { 5414091, -15386041, -21007664, 9643570, 12834970, 1186149, + -2622916, -1342231, 26128231, 6032912 }, + { -26337395, -13766162, 32496025, -13653919, 17847801, -12669156, + 3604025, 8316894, -25875034, -10437358 }, + { 3296484, 6223048, 24680646, -12246460, -23052020, 5903205, + -8862297, -4639164, 12376617, 3188849 }, }, { - {29190488, -14659046, 27549113, -1183516, 3520066, -10697301, - 32049515, -7309113, -16109234, -9852307}, - {-14744486, -9309156, 735818, -598978, -20407687, -5057904, - 25246078, -15795669, 18640741, -960977}, - {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252, - -31638386, -494430, 10530747, 1053335}, + { 29190488, -14659046, 27549113, -1183516, 3520066, -10697301, + 32049515, -7309113, -16109234, -9852307 }, + { -14744486, -9309156, 735818, -598978, -20407687, -5057904, + 25246078, -15795669, 18640741, -960977 }, + { -6928835, -16430795, 10361374, 5642961, 4910474, 12345252, + -31638386, -494430, 10530747, 1053335 }, }, { - {-29265967, -14186805, -13538216, -12117373, -19457059, -10655384, - -31462369, -2948985, 24018831, 15026644}, - {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631, - 25310643, 13003497, -2314791, -15145616}, - {-27419985, -603321, -8043984, -1669117, -26092265, 13987819, - -27297622, 187899, -23166419, -2531735}, + { -29265967, -14186805, -13538216, -12117373, -19457059, -10655384, + -31462369, -2948985, 24018831, 15026644 }, + { -22592535, -3145277, -2289276, 5953843, -13440189, 9425631, + 25310643, 13003497, -2314791, -15145616 }, + { -27419985, -603321, -8043984, -1669117, -26092265, 13987819, + -27297622, 187899, -23166419, -2531735 }, }, { - {-21744398, -13810475, 1844840, 5021428, -10434399, -15911473, - 9716667, 16266922, -5070217, 726099}, - {29370922, -6053998, 7334071, -15342259, 9385287, 2247707, - -13661962, -4839461, 30007388, -15823341}, - {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109, - 730663, 9835848, 4555336}, + { -21744398, -13810475, 1844840, 5021428, -10434399, -15911473, + 9716667, 16266922, -5070217, 726099 }, + { 29370922, -6053998, 7334071, -15342259, 9385287, 2247707, + -13661962, -4839461, 30007388, -15823341 }, + { -936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109, + 730663, 9835848, 4555336 }, }, { - {-23376435, 1410446, -22253753, -12899614, 30867635, 15826977, - 17693930, 544696, -11985298, 12422646}, - {31117226, -12215734, -13502838, 6561947, -9876867, -12757670, - -5118685, -4096706, 29120153, 13924425}, - {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820, - -9383939, -11317700, 7240931, -237388}, + { -23376435, 1410446, -22253753, -12899614, 30867635, 15826977, + 17693930, 544696, -11985298, 12422646 }, + { 31117226, -12215734, -13502838, 6561947, -9876867, -12757670, + -5118685, -4096706, 29120153, 13924425 }, + { -17400879, -14233209, 19675799, -2734756, -11006962, -5858820, + -9383939, -11317700, 7240931, -237388 }, }, { - {-31361739, -11346780, -15007447, -5856218, -22453340, -12152771, - 1222336, 4389483, 3293637, -15551743}, - {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533, - -24319580, 7733547, 12796905, -6335822}, - {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811, - -28253339, 3647836, 3222231, -11160462}, + { -31361739, -11346780, -15007447, -5856218, -22453340, -12152771, + 1222336, 4389483, 3293637, -15551743 }, + { -16684801, -14444245, 11038544, 11054958, -13801175, -3338533, + -24319580, 7733547, 12796905, -6335822 }, + { -8759414, -10817836, -25418864, 10783769, -30615557, -9746811, + -28253339, 3647836, 3222231, -11160462 }, }, { - {18606113, 1693100, -25448386, -15170272, 4112353, 10045021, - 23603893, -2048234, -7550776, 2484985}, - {9255317, -3131197, -12156162, -1004256, 13098013, -9214866, - 16377220, -2102812, -19802075, -3034702}, - {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502, - -31718148, 9936966, -30097688, -10618797}, + { 18606113, 1693100, -25448386, -15170272, 4112353, 10045021, + 23603893, -2048234, -7550776, 2484985 }, + { 9255317, -3131197, -12156162, -1004256, 13098013, -9214866, + 16377220, -2102812, -19802075, -3034702 }, + { -22729289, 7496160, -5742199, 11329249, 19991973, -3347502, + -31718148, 9936966, -30097688, -10618797 }, }, { - {21878590, -5001297, 4338336, 13643897, -3036865, 13160960, - 19708896, 5415497, -7360503, -4109293}, - {27736861, 10103576, 12500508, 8502413, -3413016, -9633558, - 10436918, -1550276, -23659143, -8132100}, - {19492550, -12104365, -29681976, -852630, -3208171, 12403437, - 30066266, 8367329, 13243957, 8709688}, + { 21878590, -5001297, 4338336, 13643897, -3036865, 13160960, + 19708896, 5415497, -7360503, -4109293 }, + { 27736861, 10103576, 12500508, 8502413, -3413016, -9633558, + 10436918, -1550276, -23659143, -8132100 }, + { 19492550, -12104365, -29681976, -852630, -3208171, 12403437, + 30066266, 8367329, 13243957, 8709688 }, }, }, { { - {12015105, 2801261, 28198131, 10151021, 24818120, -4743133, - -11194191, -5645734, 5150968, 7274186}, - {2831366, -12492146, 1478975, 6122054, 23825128, -12733586, - 31097299, 6083058, 31021603, -9793610}, - {-2529932, -2229646, 445613, 10720828, -13849527, -11505937, - -23507731, 16354465, 15067285, -14147707}, + { 12015105, 2801261, 28198131, 10151021, 24818120, -4743133, + -11194191, -5645734, 5150968, 7274186 }, + { 2831366, -12492146, 1478975, 6122054, 23825128, -12733586, + 31097299, 6083058, 31021603, -9793610 }, + { -2529932, -2229646, 445613, 10720828, -13849527, -11505937, + -23507731, 16354465, 15067285, -14147707 }, }, { - {7840942, 14037873, -33364863, 15934016, -728213, -3642706, - 21403988, 1057586, -19379462, -12403220}, - {915865, -16469274, 15608285, -8789130, -24357026, 6060030, - -17371319, 8410997, -7220461, 16527025}, - {32922597, -556987, 20336074, -16184568, 10903705, -5384487, - 16957574, 52992, 23834301, 6588044}, + { 7840942, 14037873, -33364863, 15934016, -728213, -3642706, + 21403988, 1057586, -19379462, -12403220 }, + { 915865, -16469274, 15608285, -8789130, -24357026, 6060030, + -17371319, 8410997, -7220461, 16527025 }, + { 32922597, -556987, 20336074, -16184568, 10903705, -5384487, + 16957574, 52992, 23834301, 6588044 }, }, { - {32752030, 11232950, 3381995, -8714866, 22652988, -10744103, - 17159699, 16689107, -20314580, -1305992}, - {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943, - 7924251, -2752281, 1976123, -7249027}, - {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041, - -3371252, 12331345, -8237197}, + { 32752030, 11232950, 3381995, -8714866, 22652988, -10744103, + 17159699, 16689107, -20314580, -1305992 }, + { -4689649, 9166776, -25710296, -10847306, 11576752, 12733943, + 7924251, -2752281, 1976123, -7249027 }, + { 21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041, + -3371252, 12331345, -8237197 }, }, { - {8651614, -4477032, -16085636, -4996994, 13002507, 2950805, - 29054427, -5106970, 10008136, -4667901}, - {31486080, 15114593, -14261250, 12951354, 14369431, -7387845, - 16347321, -13662089, 8684155, -10532952}, - {19443825, 11385320, 24468943, -9659068, -23919258, 2187569, - -26263207, -6086921, 31316348, 14219878}, + { 8651614, -4477032, -16085636, -4996994, 13002507, 2950805, + 29054427, -5106970, 10008136, -4667901 }, + { 31486080, 15114593, -14261250, 12951354, 14369431, -7387845, + 16347321, -13662089, 8684155, -10532952 }, + { 19443825, 11385320, 24468943, -9659068, -23919258, 2187569, + -26263207, -6086921, 31316348, 14219878 }, }, { - {-28594490, 1193785, 32245219, 11392485, 31092169, 15722801, - 27146014, 6992409, 29126555, 9207390}, - {32382935, 1110093, 18477781, 11028262, -27411763, -7548111, - -4980517, 10843782, -7957600, -14435730}, - {2814918, 7836403, 27519878, -7868156, -20894015, -11553689, - -21494559, 8550130, 28346258, 1994730}, + { -28594490, 1193785, 32245219, 11392485, 31092169, 15722801, + 27146014, 6992409, 29126555, 9207390 }, + { 32382935, 1110093, 18477781, 11028262, -27411763, -7548111, + -4980517, 10843782, -7957600, -14435730 }, + { 2814918, 7836403, 27519878, -7868156, -20894015, -11553689, + -21494559, 8550130, 28346258, 1994730 }, }, { - {-19578299, 8085545, -14000519, -3948622, 2785838, -16231307, - -19516951, 7174894, 22628102, 8115180}, - {-30405132, 955511, -11133838, -15078069, -32447087, -13278079, - -25651578, 3317160, -9943017, 930272}, - {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177, - 24091212, -1388970, -22765376, -10650715}, + { -19578299, 8085545, -14000519, -3948622, 2785838, -16231307, + -19516951, 7174894, 22628102, 8115180 }, + { -30405132, 955511, -11133838, -15078069, -32447087, -13278079, + -25651578, 3317160, -9943017, 930272 }, + { -15303681, -6833769, 28856490, 1357446, 23421993, 1057177, + 24091212, -1388970, -22765376, -10650715 }, }, { - {-22751231, -5303997, -12907607, -12768866, -15811511, -7797053, - -14839018, -16554220, -1867018, 8398970}, - {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670, - 22981545, -6291273, 18009408, -15772772}, - {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469, - 29551787, -3727419, 19288549, 1325865}, + { -22751231, -5303997, -12907607, -12768866, -15811511, -7797053, + -14839018, -16554220, -1867018, 8398970 }, + { -31969310, 2106403, -4736360, 1362501, 12813763, 16200670, + 22981545, -6291273, 18009408, -15772772 }, + { -17220923, -9545221, -27784654, 14166835, 29815394, 7444469, + 29551787, -3727419, 19288549, 1325865 }, }, { - {15100157, -15835752, -23923978, -1005098, -26450192, 15509408, - 12376730, -3479146, 33166107, -8042750}, - {20909231, 13023121, -9209752, 16251778, -5778415, -8094914, - 12412151, 10018715, 2213263, -13878373}, - {32529814, -11074689, 30361439, -16689753, -9135940, 1513226, - 22922121, 6382134, -5766928, 8371348}, + { 15100157, -15835752, -23923978, -1005098, -26450192, 15509408, + 12376730, -3479146, 33166107, -8042750 }, + { 20909231, 13023121, -9209752, 16251778, -5778415, -8094914, + 12412151, 10018715, 2213263, -13878373 }, + { 32529814, -11074689, 30361439, -16689753, -9135940, 1513226, + 22922121, 6382134, -5766928, 8371348 }, }, }, { { - {9923462, 11271500, 12616794, 3544722, -29998368, -1721626, - 12891687, -8193132, -26442943, 10486144}, - {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726, - 2610596, -23921530, -11455195}, - {5408411, -1136691, -4969122, 10561668, 24145918, 14240566, - 31319731, -4235541, 19985175, -3436086}, + { 9923462, 11271500, 12616794, 3544722, -29998368, -1721626, + 12891687, -8193132, -26442943, 10486144 }, + { -22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726, + 2610596, -23921530, -11455195 }, + { 5408411, -1136691, -4969122, 10561668, 24145918, 14240566, + 31319731, -4235541, 19985175, -3436086 }, }, { - {-13994457, 16616821, 14549246, 3341099, 32155958, 13648976, - -17577068, 8849297, 65030, 8370684}, - {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277, - -19442942, 6922164, 12743482, -9800518}, - {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717, - 23783145, 11038569, 18800704, 255233}, + { -13994457, 16616821, 14549246, 3341099, 32155958, 13648976, + -17577068, 8849297, 65030, 8370684 }, + { -8320926, -12049626, 31204563, 5839400, -20627288, -1057277, + -19442942, 6922164, 12743482, -9800518 }, + { -2361371, 12678785, 28815050, 4759974, -23893047, 4884717, + 23783145, 11038569, 18800704, 255233 }, }, { - {-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847, - 9066957, 19258688, -14753793}, - {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541, - -31934921, 2209390, -1524053, 2055794}, - {580882, 16705327, 5468415, -2683018, -30926419, -14696000, - -7203346, -8994389, -30021019, 7394435}, + { -5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847, + 9066957, 19258688, -14753793 }, + { -2936654, -10827535, -10432089, 14516793, -3640786, 4372541, + -31934921, 2209390, -1524053, 2055794 }, + { 580882, 16705327, 5468415, -2683018, -30926419, -14696000, + -7203346, -8994389, -30021019, 7394435 }, }, { - {23838809, 1822728, -15738443, 15242727, 8318092, -3733104, - -21672180, -3492205, -4821741, 14799921}, - {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804, - 13496856, -9056018, 7402518}, - {2286874, -4435931, -20042458, -2008336, -13696227, 5038122, - 11006906, -15760352, 8205061, 1607563}, + { 23838809, 1822728, -15738443, 15242727, 8318092, -3733104, + -21672180, -3492205, -4821741, 14799921 }, + { 13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804, + 13496856, -9056018, 7402518 }, + { 2286874, -4435931, -20042458, -2008336, -13696227, 5038122, + 11006906, -15760352, 8205061, 1607563 }, }, { - {14414086, -8002132, 3331830, -3208217, 22249151, -5594188, - 18364661, -2906958, 30019587, -9029278}, - {-27688051, 1585953, -10775053, 931069, -29120221, -11002319, - -14410829, 12029093, 9944378, 8024}, - {4368715, -3709630, 29874200, -15022983, -20230386, -11410704, - -16114594, -999085, -8142388, 5640030}, + { 14414086, -8002132, 3331830, -3208217, 22249151, -5594188, + 18364661, -2906958, 30019587, -9029278 }, + { -27688051, 1585953, -10775053, 931069, -29120221, -11002319, + -14410829, 12029093, 9944378, 8024 }, + { 4368715, -3709630, 29874200, -15022983, -20230386, -11410704, + -16114594, -999085, -8142388, 5640030 }, }, { - {10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, - -16694564, 15219798, -14327783}, - {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605, - -1173195, -18342183, 9742717}, - {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614, - 7406442, 12420155, 1994844}, + { 10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, + -16694564, 15219798, -14327783 }, + { 27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605, + -1173195, -18342183, 9742717 }, + { 6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614, + 7406442, 12420155, 1994844 }, }, { - {14012521, -5024720, -18384453, -9578469, -26485342, -3936439, - -13033478, -10909803, 24319929, -6446333}, - {16412690, -4507367, 10772641, 15929391, -17068788, -4658621, - 10555945, -10484049, -30102368, -4739048}, - {22397382, -7767684, -9293161, -12792868, 17166287, -9755136, - -27333065, 6199366, 21880021, -12250760}, + { 14012521, -5024720, -18384453, -9578469, -26485342, -3936439, + -13033478, -10909803, 24319929, -6446333 }, + { 16412690, -4507367, 10772641, 15929391, -17068788, -4658621, + 10555945, -10484049, -30102368, -4739048 }, + { 22397382, -7767684, -9293161, -12792868, 17166287, -9755136, + -27333065, 6199366, 21880021, -12250760 }, }, { - {-4283307, 5368523, -31117018, 8163389, -30323063, 3209128, - 16557151, 8890729, 8840445, 4957760}, - {-15447727, 709327, -6919446, -10870178, -29777922, 6522332, - -21720181, 12130072, -14796503, 5005757}, - {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752, - 10183197, -13239326, -16395286, -2176112}, + { -4283307, 5368523, -31117018, 8163389, -30323063, 3209128, + 16557151, 8890729, 8840445, 4957760 }, + { -15447727, 709327, -6919446, -10870178, -29777922, 6522332, + -21720181, 12130072, -14796503, 5005757 }, + { -2114751, -14308128, 23019042, 15765735, -25269683, 6002752, + 10183197, -13239326, -16395286, -2176112 }, }, }, { { - {-19025756, 1632005, 13466291, -7995100, -23640451, 16573537, - -32013908, -3057104, 22208662, 2000468}, - {3065073, -1412761, -25598674, -361432, -17683065, -5703415, - -8164212, 11248527, -3691214, -7414184}, - {10379208, -6045554, 8877319, 1473647, -29291284, -12507580, - 16690915, 2553332, -3132688, 16400289}, + { -19025756, 1632005, 13466291, -7995100, -23640451, 16573537, + -32013908, -3057104, 22208662, 2000468 }, + { 3065073, -1412761, -25598674, -361432, -17683065, -5703415, + -8164212, 11248527, -3691214, -7414184 }, + { 10379208, -6045554, 8877319, 1473647, -29291284, -12507580, + 16690915, 2553332, -3132688, 16400289 }, }, { - {15716668, 1254266, -18472690, 7446274, -8448918, 6344164, - -22097271, -7285580, 26894937, 9132066}, - {24158887, 12938817, 11085297, -8177598, -28063478, -4457083, - -30576463, 64452, -6817084, -2692882}, - {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710, - -3418511, -4688006, 2364226}, + { 15716668, 1254266, -18472690, 7446274, -8448918, 6344164, + -22097271, -7285580, 26894937, 9132066 }, + { 24158887, 12938817, 11085297, -8177598, -28063478, -4457083, + -30576463, 64452, -6817084, -2692882 }, + { 13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710, + -3418511, -4688006, 2364226 }, }, { - {16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024, - -11697457, 15445875, -7798101}, - {29004207, -7867081, 28661402, -640412, -12794003, -7943086, - 31863255, -4135540, -278050, -15759279}, - {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829, - 10343412, -6976290, -29828287, -10815811}, + { 16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024, + -11697457, 15445875, -7798101 }, + { 29004207, -7867081, 28661402, -640412, -12794003, -7943086, + 31863255, -4135540, -278050, -15759279 }, + { -6122061, -14866665, -28614905, 14569919, -10857999, -3591829, + 10343412, -6976290, -29828287, -10815811 }, }, { - {27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636, - 15372179, 17293797, 960709}, - {20263915, 11434237, -5765435, 11236810, 13505955, -10857102, - -16111345, 6493122, -19384511, 7639714}, - {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699, - 18006287, -16043750, 29994677, -15808121}, + { 27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636, + 15372179, 17293797, 960709 }, + { 20263915, 11434237, -5765435, 11236810, 13505955, -10857102, + -16111345, 6493122, -19384511, 7639714 }, + { -2830798, -14839232, 25403038, -8215196, -8317012, -16173699, + 18006287, -16043750, 29994677, -15808121 }, }, { - {9769828, 5202651, -24157398, -13631392, -28051003, -11561624, - -24613141, -13860782, -31184575, 709464}, - {12286395, 13076066, -21775189, -1176622, -25003198, 4057652, - -32018128, -8890874, 16102007, 13205847}, - {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170, - 8525972, 10151379, 10394400}, + { 9769828, 5202651, -24157398, -13631392, -28051003, -11561624, + -24613141, -13860782, -31184575, 709464 }, + { 12286395, 13076066, -21775189, -1176622, -25003198, 4057652, + -32018128, -8890874, 16102007, 13205847 }, + { 13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170, + 8525972, 10151379, 10394400 }, }, { - {4024660, -16137551, 22436262, 12276534, -9099015, -2686099, - 19698229, 11743039, -33302334, 8934414}, - {-15879800, -4525240, -8580747, -2934061, 14634845, -698278, - -9449077, 3137094, -11536886, 11721158}, - {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229, - 8835153, -9205489, -1280045}, + { 4024660, -16137551, 22436262, 12276534, -9099015, -2686099, + 19698229, 11743039, -33302334, 8934414 }, + { -15879800, -4525240, -8580747, -2934061, 14634845, -698278, + -9449077, 3137094, -11536886, 11721158 }, + { 17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229, + 8835153, -9205489, -1280045 }, }, { - {-461409, -7830014, 20614118, 16688288, -7514766, -4807119, - 22300304, 505429, 6108462, -6183415}, - {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642, - 29880583, -13483331, -26898490, -7867459}, - {-31975283, 5726539, 26934134, 10237677, -3173717, -605053, - 24199304, 3795095, 7592688, -14992079}, + { -461409, -7830014, 20614118, 16688288, -7514766, -4807119, + 22300304, 505429, 6108462, -6183415 }, + { -5070281, 12367917, -30663534, 3234473, 32617080, -8422642, + 29880583, -13483331, -26898490, -7867459 }, + { -31975283, 5726539, 26934134, 10237677, -3173717, -605053, + 24199304, 3795095, 7592688, -14992079 }, }, { - {21594432, -14964228, 17466408, -4077222, 32537084, 2739898, - 6407723, 12018833, -28256052, 4298412}, - {-20650503, -11961496, -27236275, 570498, 3767144, -1717540, - 13891942, -1569194, 13717174, 10805743}, - {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568, - -796431, 14860609, -26938930, -5863836}, + { 21594432, -14964228, 17466408, -4077222, 32537084, 2739898, + 6407723, 12018833, -28256052, 4298412 }, + { -20650503, -11961496, -27236275, 570498, 3767144, -1717540, + 13891942, -1569194, 13717174, 10805743 }, + { -14676630, -15644296, 15287174, 11927123, 24177847, -8175568, + -796431, 14860609, -26938930, -5863836 }, }, }, { { - {12962541, 5311799, -10060768, 11658280, 18855286, -7954201, - 13286263, -12808704, -4381056, 9882022}, - {18512079, 11319350, -20123124, 15090309, 18818594, 5271736, - -22727904, 3666879, -23967430, -3299429}, - {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114, - -10084880, -6661110, -2403099, 5276065}, + { 12962541, 5311799, -10060768, 11658280, 18855286, -7954201, + 13286263, -12808704, -4381056, 9882022 }, + { 18512079, 11319350, -20123124, 15090309, 18818594, 5271736, + -22727904, 3666879, -23967430, -3299429 }, + { -6789020, -3146043, 16192429, 13241070, 15898607, -14206114, + -10084880, -6661110, -2403099, 5276065 }, }, { - {30169808, -5317648, 26306206, -11750859, 27814964, 7069267, - 7152851, 3684982, 1449224, 13082861}, - {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, - 15056736, -21016438, -8202000}, - {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665, - -26171976, 6482814, -10300080, -11060101}, + { 30169808, -5317648, 26306206, -11750859, 27814964, 7069267, + 7152851, 3684982, 1449224, 13082861 }, + { 10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, + 15056736, -21016438, -8202000 }, + { -33150110, 3261608, 22745853, 7948688, 19370557, -15177665, + -26171976, 6482814, -10300080, -11060101 }, }, { - {32869458, -5408545, 25609743, 15678670, -10687769, -15471071, - 26112421, 2521008, -22664288, 6904815}, - {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737, - 3841096, -29003639, -6657642}, - {10340844, -6630377, -18656632, -2278430, 12621151, -13339055, - 30878497, -11824370, -25584551, 5181966}, + { 32869458, -5408545, 25609743, 15678670, -10687769, -15471071, + 26112421, 2521008, -22664288, 6904815 }, + { 29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737, + 3841096, -29003639, -6657642 }, + { 10340844, -6630377, -18656632, -2278430, 12621151, -13339055, + 30878497, -11824370, -25584551, 5181966 }, }, { - {25940115, -12658025, 17324188, -10307374, -8671468, 15029094, - 24396252, -16450922, -2322852, -12388574}, - {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390, - 12641087, 20603771, -6561742}, - {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874, - 1925523, 11914390, 4662781, 7820689}, + { 25940115, -12658025, 17324188, -10307374, -8671468, 15029094, + 24396252, -16450922, -2322852, -12388574 }, + { -21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390, + 12641087, 20603771, -6561742 }, + { -18882287, -11673380, 24849422, 11501709, 13161720, -4768874, + 1925523, 11914390, 4662781, 7820689 }, }, { - {12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456, - 12172924, 16136752, 15264020}, - {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780, - 10658213, 6671822, 19012087, 3772772}, - {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732, - -15762884, 20527771, 12988982}, + { 12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456, + 12172924, 16136752, 15264020 }, + { -10349955, -14680563, -8211979, 2330220, -17662549, -14545780, + 10658213, 6671822, 19012087, 3772772 }, + { 3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732, + -15762884, 20527771, 12988982 }, }, { - {-14822485, -5797269, -3707987, 12689773, -898983, -10914866, - -24183046, -10564943, 3299665, -12424953}, - {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197, - 6461331, -25583147, 8991218}, - {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991, - -32948145, 7417950, -30242287, 1507265}, + { -14822485, -5797269, -3707987, 12689773, -898983, -10914866, + -24183046, -10564943, 3299665, -12424953 }, + { -16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197, + 6461331, -25583147, 8991218 }, + { -17226263, 1816362, -1673288, -6086439, 31783888, -8175991, + -32948145, 7417950, -30242287, 1507265 }, }, { - {29692663, 6829891, -10498800, 4334896, 20945975, -11906496, - -28887608, 8209391, 14606362, -10647073}, - {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695, - 9761487, 4170404, -2085325}, - {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046, - 22186522, 16002000, -14276837, -8400798}, + { 29692663, 6829891, -10498800, 4334896, 20945975, -11906496, + -28887608, 8209391, 14606362, -10647073 }, + { -3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695, + 9761487, 4170404, -2085325 }, + { -11587470, 14855945, -4127778, -1531857, -26649089, 15084046, + 22186522, 16002000, -14276837, -8400798 }, }, { - {-4811456, 13761029, -31703877, -2483919, -3312471, 7869047, - -7113572, -9620092, 13240845, 10965870}, - {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166, - 4498947, 14147411, 29514390, 4302863}, - {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368, - -5061276, -2144373, 17846988, -13971927}, + { -4811456, 13761029, -31703877, -2483919, -3312471, 7869047, + -7113572, -9620092, 13240845, 10965870 }, + { -7742563, -8256762, -14768334, -13656260, -23232383, 12387166, + 4498947, 14147411, 29514390, 4302863 }, + { -13413405, -12407859, 20757302, -13801832, 14785143, 8976368, + -5061276, -2144373, 17846988, -13971927 }, }, }, { { - {-2244452, -754728, -4597030, -1066309, -6247172, 1455299, - -21647728, -9214789, -5222701, 12650267}, - {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813, - 13770293, -19134326, 10958663}, - {22470984, 12369526, 23446014, -5441109, -21520802, -9698723, - -11772496, -11574455, -25083830, 4271862}, + { -2244452, -754728, -4597030, -1066309, -6247172, 1455299, + -21647728, -9214789, -5222701, 12650267 }, + { -9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813, + 13770293, -19134326, 10958663 }, + { 22470984, 12369526, 23446014, -5441109, -21520802, -9698723, + -11772496, -11574455, -25083830, 4271862 }, }, { - {-25169565, -10053642, -19909332, 15361595, -5984358, 2159192, - 75375, -4278529, -32526221, 8469673}, - {15854970, 4148314, -8893890, 7259002, 11666551, 13824734, - -30531198, 2697372, 24154791, -9460943}, - {15446137, -15806644, 29759747, 14019369, 30811221, -9610191, - -31582008, 12840104, 24913809, 9815020}, + { -25169565, -10053642, -19909332, 15361595, -5984358, 2159192, + 75375, -4278529, -32526221, 8469673 }, + { 15854970, 4148314, -8893890, 7259002, 11666551, 13824734, + -30531198, 2697372, 24154791, -9460943 }, + { 15446137, -15806644, 29759747, 14019369, 30811221, -9610191, + -31582008, 12840104, 24913809, 9815020 }, }, { - {-4709286, -5614269, -31841498, -12288893, -14443537, 10799414, - -9103676, 13438769, 18735128, 9466238}, - {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821, - -10896103, -22728655, 16199064}, - {14576810, 379472, -26786533, -8317236, -29426508, -10812974, - -102766, 1876699, 30801119, 2164795}, + { -4709286, -5614269, -31841498, -12288893, -14443537, 10799414, + -9103676, 13438769, 18735128, 9466238 }, + { 11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821, + -10896103, -22728655, 16199064 }, + { 14576810, 379472, -26786533, -8317236, -29426508, -10812974, + -102766, 1876699, 30801119, 2164795 }, }, { - {15995086, 3199873, 13672555, 13712240, -19378835, -4647646, - -13081610, -15496269, -13492807, 1268052}, - {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475, - -3470338, -12600221, -17055369, 3565904}, - {29210088, -9419337, -5919792, -4952785, 10834811, -13327726, - -16512102, -10820713, -27162222, -14030531}, + { 15995086, 3199873, 13672555, 13712240, -19378835, -4647646, + -13081610, -15496269, -13492807, 1268052 }, + { -10290614, -3659039, -3286592, 10948818, 23037027, 3794475, + -3470338, -12600221, -17055369, 3565904 }, + { 29210088, -9419337, -5919792, -4952785, 10834811, -13327726, + -16512102, -10820713, -27162222, -14030531 }, }, { - {-13161890, 15508588, 16663704, -8156150, -28349942, 9019123, - -29183421, -3769423, 2244111, -14001979}, - {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434, - -25673088, -16180800, 13491506, 4641841}, - {10813417, 643330, -19188515, -728916, 30292062, -16600078, - 27548447, -7721242, 14476989, -12767431}, + { -13161890, 15508588, 16663704, -8156150, -28349942, 9019123, + -29183421, -3769423, 2244111, -14001979 }, + { -5152875, -3800936, -9306475, -6071583, 16243069, 14684434, + -25673088, -16180800, 13491506, 4641841 }, + { 10813417, 643330, -19188515, -728916, 30292062, -16600078, + 27548447, -7721242, 14476989, -12767431 }, }, { - {10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937, - -1644259, -27912810, 12651324}, - {-31185513, -813383, 22271204, 11835308, 10201545, 15351028, - 17099662, 3988035, 21721536, -3148940}, - {10202177, -6545839, -31373232, -9574638, -32150642, -8119683, - -12906320, 3852694, 13216206, 14842320}, + { 10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937, + -1644259, -27912810, 12651324 }, + { -31185513, -813383, 22271204, 11835308, 10201545, 15351028, + 17099662, 3988035, 21721536, -3148940 }, + { 10202177, -6545839, -31373232, -9574638, -32150642, -8119683, + -12906320, 3852694, 13216206, 14842320 }, }, { - {-15815640, -10601066, -6538952, -7258995, -6984659, -6581778, - -31500847, 13765824, -27434397, 9900184}, - {14465505, -13833331, -32133984, -14738873, -27443187, 12990492, - 33046193, 15796406, -7051866, -8040114}, - {30924417, -8279620, 6359016, -12816335, 16508377, 9071735, - -25488601, 15413635, 9524356, -7018878}, + { -15815640, -10601066, -6538952, -7258995, -6984659, -6581778, + -31500847, 13765824, -27434397, 9900184 }, + { 14465505, -13833331, -32133984, -14738873, -27443187, 12990492, + 33046193, 15796406, -7051866, -8040114 }, + { 30924417, -8279620, 6359016, -12816335, 16508377, 9071735, + -25488601, 15413635, 9524356, -7018878 }, }, { - {12274201, -13175547, 32627641, -1785326, 6736625, 13267305, - 5237659, -5109483, 15663516, 4035784}, - {-2951309, 8903985, 17349946, 601635, -16432815, -4612556, - -13732739, -15889334, -22258478, 4659091}, - {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498, - 5736189, 15026997, -2178256, -13455585}, + { 12274201, -13175547, 32627641, -1785326, 6736625, 13267305, + 5237659, -5109483, 15663516, 4035784 }, + { -2951309, 8903985, 17349946, 601635, -16432815, -4612556, + -13732739, -15889334, -22258478, 4659091 }, + { -16916263, -4952973, -30393711, -15158821, 20774812, 15897498, + 5736189, 15026997, -2178256, -13455585 }, }, }, { { - {-8858980, -2219056, 28571666, -10155518, -474467, -10105698, - -3801496, 278095, 23440562, -290208}, - {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275, - 11551483, -16571960, -7442864}, - {17932739, -12437276, -24039557, 10749060, 11316803, 7535897, - 22503767, 5561594, -3646624, 3898661}, + { -8858980, -2219056, 28571666, -10155518, -474467, -10105698, + -3801496, 278095, 23440562, -290208 }, + { 10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275, + 11551483, -16571960, -7442864 }, + { 17932739, -12437276, -24039557, 10749060, 11316803, 7535897, + 22503767, 5561594, -3646624, 3898661 }, }, { - {7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531, - 7152530, 21831162, 1245233}, - {26958459, -14658026, 4314586, 8346991, -5677764, 11960072, - -32589295, -620035, -30402091, -16716212}, - {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535, - 6280834, 14587357, -22338025, 13987525}, + { 7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531, + 7152530, 21831162, 1245233 }, + { 26958459, -14658026, 4314586, 8346991, -5677764, 11960072, + -32589295, -620035, -30402091, -16716212 }, + { -12165896, 9166947, 33491384, 13673479, 29787085, 13096535, + 6280834, 14587357, -22338025, 13987525 }, }, { - {-24349909, 7778775, 21116000, 15572597, -4833266, -5357778, - -4300898, -5124639, -7469781, -2858068}, - {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781, - 6439245, -14581012, 4091397}, - {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623, - -19622683, 12092163, 29077877, -14741988}, + { -24349909, 7778775, 21116000, 15572597, -4833266, -5357778, + -4300898, -5124639, -7469781, -2858068 }, + { 9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781, + 6439245, -14581012, 4091397 }, + { -8426427, 1470727, -28109679, -1596990, 3978627, -5123623, + -19622683, 12092163, 29077877, -14741988 }, }, { - {5269168, -6859726, -13230211, -8020715, 25932563, 1763552, - -5606110, -5505881, -20017847, 2357889}, - {32264008, -15407652, -5387735, -1160093, -2091322, -3946900, - 23104804, -12869908, 5727338, 189038}, - {14609123, -8954470, -6000566, -16622781, -14577387, -7743898, - -26745169, 10942115, -25888931, -14884697}, + { 5269168, -6859726, -13230211, -8020715, 25932563, 1763552, + -5606110, -5505881, -20017847, 2357889 }, + { 32264008, -15407652, -5387735, -1160093, -2091322, -3946900, + 23104804, -12869908, 5727338, 189038 }, + { 14609123, -8954470, -6000566, -16622781, -14577387, -7743898, + -26745169, 10942115, -25888931, -14884697 }, }, { - {20513500, 5557931, -15604613, 7829531, 26413943, -2019404, - -21378968, 7471781, 13913677, -5137875}, - {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227, - -8940970, 14059180, 12878652, 8511905}, - {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908, - -30223418, 6812974, 5568676, -3127656}, + { 20513500, 5557931, -15604613, 7829531, 26413943, -2019404, + -21378968, 7471781, 13913677, -5137875 }, + { -25574376, 11967826, 29233242, 12948236, -6754465, 4713227, + -8940970, 14059180, 12878652, 8511905 }, + { -25656801, 3393631, -2955415, -7075526, -2250709, 9366908, + -30223418, 6812974, 5568676, -3127656 }, }, { - {11630004, 12144454, 2116339, 13606037, 27378885, 15676917, - -17408753, -13504373, -14395196, 8070818}, - {27117696, -10007378, -31282771, -5570088, 1127282, 12772488, - -29845906, 10483306, -11552749, -1028714}, - {10637467, -5688064, 5674781, 1072708, -26343588, -6982302, - -1683975, 9177853, -27493162, 15431203}, + { 11630004, 12144454, 2116339, 13606037, 27378885, 15676917, + -17408753, -13504373, -14395196, 8070818 }, + { 27117696, -10007378, -31282771, -5570088, 1127282, 12772488, + -29845906, 10483306, -11552749, -1028714 }, + { 10637467, -5688064, 5674781, 1072708, -26343588, -6982302, + -1683975, 9177853, -27493162, 15431203 }, }, { - {20525145, 10892566, -12742472, 12779443, -29493034, 16150075, - -28240519, 14943142, -15056790, -7935931}, - {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767, - -3239766, -3356550, 9594024}, - {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683, - -6492290, 13352335, -10977084}, + { 20525145, 10892566, -12742472, 12779443, -29493034, 16150075, + -28240519, 14943142, -15056790, -7935931 }, + { -30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767, + -3239766, -3356550, 9594024 }, + { -23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683, + -6492290, 13352335, -10977084 }, }, { - {-1931799, -5407458, 3304649, -12884869, 17015806, -4877091, - -29783850, -7752482, -13215537, -319204}, - {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742, - 15077870, -22750759, 14523817}, - {27406042, -6041657, 27423596, -4497394, 4996214, 10002360, - -28842031, -4545494, -30172742, -4805667}, + { -1931799, -5407458, 3304649, -12884869, 17015806, -4877091, + -29783850, -7752482, -13215537, -319204 }, + { 20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742, + 15077870, -22750759, 14523817 }, + { 27406042, -6041657, 27423596, -4497394, 4996214, 10002360, + -28842031, -4545494, -30172742, -4805667 }, }, }, { { - {11374242, 12660715, 17861383, -12540833, 10935568, 1099227, - -13886076, -9091740, -27727044, 11358504}, - {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702, - 32676003, 11149336, -26123651, 4985768}, - {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043, - 13794114, -19414307, -15621255}, + { 11374242, 12660715, 17861383, -12540833, 10935568, 1099227, + -13886076, -9091740, -27727044, 11358504 }, + { -12730809, 10311867, 1510375, 10778093, -2119455, -9145702, + 32676003, 11149336, -26123651, 4985768 }, + { -19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043, + 13794114, -19414307, -15621255 }, }, { - {6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603, - 6970005, -1691065, -9004790}, - {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622, - -5475723, -16796596, -5031438}, - {-22273315, -13524424, -64685, -4334223, -18605636, -10921968, - -20571065, -7007978, -99853, -10237333}, + { 6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603, + 6970005, -1691065, -9004790 }, + { 1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622, + -5475723, -16796596, -5031438 }, + { -22273315, -13524424, -64685, -4334223, -18605636, -10921968, + -20571065, -7007978, -99853, -10237333 }, }, { - {17747465, 10039260, 19368299, -4050591, -20630635, -16041286, - 31992683, -15857976, -29260363, -5511971}, - {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999, - -3744247, 4882242, -10626905}, - {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198, - 3272828, -5190932, -4162409}, + { 17747465, 10039260, 19368299, -4050591, -20630635, -16041286, + 31992683, -15857976, -29260363, -5511971 }, + { 31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999, + -3744247, 4882242, -10626905 }, + { 29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198, + 3272828, -5190932, -4162409 }, }, { - {12501286, 4044383, -8612957, -13392385, -32430052, 5136599, - -19230378, -3529697, 330070, -3659409}, - {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522, - -8573892, -271295, 12071499}, - {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927, - -32769618, 1936675, -5159697, 3829363}, + { 12501286, 4044383, -8612957, -13392385, -32430052, 5136599, + -19230378, -3529697, 330070, -3659409 }, + { 6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522, + -8573892, -271295, 12071499 }, + { -8365515, -4042521, 25133448, -4517355, -6211027, 2265927, + -32769618, 1936675, -5159697, 3829363 }, }, { - {28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550, - -6567787, 26333140, 14267664}, - {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312, - 10004786, -8709488, -21761224, 8930324}, - {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919, - 1541940, 4757911, -26491501, -16408940}, + { 28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550, + -6567787, 26333140, 14267664 }, + { -11067219, 11871231, 27385719, -10559544, -4585914, -11189312, + 10004786, -8709488, -21761224, 8930324 }, + { -21197785, -16396035, 25654216, -1725397, 12282012, 11008919, + 1541940, 4757911, -26491501, -16408940 }, }, { - {13537262, -7759490, -20604840, 10961927, -5922820, -13218065, - -13156584, 6217254, -15943699, 13814990}, - {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681, - 9257833, -1956526, -1776914}, - {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556, - -29171540, 12361135, -18685978, 4578290}, + { 13537262, -7759490, -20604840, 10961927, -5922820, -13218065, + -13156584, 6217254, -15943699, 13814990 }, + { -17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681, + 9257833, -1956526, -1776914 }, + { -25045300, -10191966, 15366585, 15166509, -13105086, 8423556, + -29171540, 12361135, -18685978, 4578290 }, }, { - {24579768, 3711570, 1342322, -11180126, -27005135, 14124956, - -22544529, 14074919, 21964432, 8235257}, - {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420, - -2981514, -1669206, 13006806, 2355433}, - {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083, - 27202044, 1719366, 1141648, -12796236}, + { 24579768, 3711570, 1342322, -11180126, -27005135, 14124956, + -22544529, 14074919, 21964432, 8235257 }, + { -6528613, -2411497, 9442966, -5925588, 12025640, -1487420, + -2981514, -1669206, 13006806, 2355433 }, + { -16304899, -13605259, -6632427, -5142349, 16974359, -10911083, + 27202044, 1719366, 1141648, -12796236 }, }, { - {-12863944, -13219986, -8318266, -11018091, -6810145, -4843894, - 13475066, -3133972, 32674895, 13715045}, - {11423335, -5468059, 32344216, 8962751, 24989809, 9241752, - -13265253, 16086212, -28740881, -15642093}, - {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160, - -11709148, 7791794, -27245943, 4383347}, + { -12863944, -13219986, -8318266, -11018091, -6810145, -4843894, + 13475066, -3133972, 32674895, 13715045 }, + { 11423335, -5468059, 32344216, 8962751, 24989809, 9241752, + -13265253, 16086212, -28740881, -15642093 }, + { -1409668, 12530728, -6368726, 10847387, 19531186, -14132160, + -11709148, 7791794, -27245943, 4383347 }, }, }, { { - {-28970898, 5271447, -1266009, -9736989, -12455236, 16732599, - -4862407, -4906449, 27193557, 6245191}, - {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898, - 3260492, 22510453, 8577507}, - {-12632451, 11257346, -32692994, 13548177, -721004, 10879011, - 31168030, 13952092, -29571492, -3635906}, + { -28970898, 5271447, -1266009, -9736989, -12455236, 16732599, + -4862407, -4906449, 27193557, 6245191 }, + { -15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898, + 3260492, 22510453, 8577507 }, + { -12632451, 11257346, -32692994, 13548177, -721004, 10879011, + 31168030, 13952092, -29571492, -3635906 }, }, { - {3877321, -9572739, 32416692, 5405324, -11004407, -13656635, - 3759769, 11935320, 5611860, 8164018}, - {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718, - 32003002, -8832289, 5773085, -8422109}, - {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725, - 12376320, 31632953, 190926}, + { 3877321, -9572739, 32416692, 5405324, -11004407, -13656635, + 3759769, 11935320, 5611860, 8164018 }, + { -16275802, 14667797, 15906460, 12155291, -22111149, -9039718, + 32003002, -8832289, 5773085, -8422109 }, + { -23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725, + 12376320, 31632953, 190926 }, }, { - {-24593607, -16138885, -8423991, 13378746, 14162407, 6901328, - -8288749, 4508564, -25341555, -3627528}, - {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941, - -14786005, -1672488, 827625}, - {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080, - -1800575, -14108036, -24878478, 1541286}, + { -24593607, -16138885, -8423991, 13378746, 14162407, 6901328, + -8288749, 4508564, -25341555, -3627528 }, + { 8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941, + -14786005, -1672488, 827625 }, + { -32720583, -16289296, -32503547, 7101210, 13354605, 2659080, + -1800575, -14108036, -24878478, 1541286 }, }, { - {2901347, -1117687, 3880376, -10059388, -17620940, -3612781, - -21802117, -3567481, 20456845, -1885033}, - {27019610, 12299467, -13658288, -1603234, -12861660, -4861471, - -19540150, -5016058, 29439641, 15138866}, - {21536104, -6626420, -32447818, -10690208, -22408077, 5175814, - -5420040, -16361163, 7779328, 109896}, + { 2901347, -1117687, 3880376, -10059388, -17620940, -3612781, + -21802117, -3567481, 20456845, -1885033 }, + { 27019610, 12299467, -13658288, -1603234, -12861660, -4861471, + -19540150, -5016058, 29439641, 15138866 }, + { 21536104, -6626420, -32447818, -10690208, -22408077, 5175814, + -5420040, -16361163, 7779328, 109896 }, }, { - {30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390, - 12180118, 23177719, -554075}, - {26572847, 3405927, -31701700, 12890905, -19265668, 5335866, - -6493768, 2378492, 4439158, -13279347}, - {-22716706, 3489070, -9225266, -332753, 18875722, -1140095, - 14819434, -12731527, -17717757, -5461437}, + { 30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390, + 12180118, 23177719, -554075 }, + { 26572847, 3405927, -31701700, 12890905, -19265668, 5335866, + -6493768, 2378492, 4439158, -13279347 }, + { -22716706, 3489070, -9225266, -332753, 18875722, -1140095, + 14819434, -12731527, -17717757, -5461437 }, }, { - {-5056483, 16566551, 15953661, 3767752, -10436499, 15627060, - -820954, 2177225, 8550082, -15114165}, - {-18473302, 16596775, -381660, 15663611, 22860960, 15585581, - -27844109, -3582739, -23260460, -8428588}, - {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815, - -22725137, 15860482, -21902570, 1494193}, + { -5056483, 16566551, 15953661, 3767752, -10436499, 15627060, + -820954, 2177225, 8550082, -15114165 }, + { -18473302, 16596775, -381660, 15663611, 22860960, 15585581, + -27844109, -3582739, -23260460, -8428588 }, + { -32480551, 15707275, -8205912, -5652081, 29464558, 2713815, + -22725137, 15860482, -21902570, 1494193 }, }, { - {-19562091, -14087393, -25583872, -9299552, 13127842, 759709, - 21923482, 16529112, 8742704, 12967017}, - {-28464899, 1553205, 32536856, -10473729, -24691605, -406174, - -8914625, -2933896, -29903758, 15553883}, - {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572, - 14513274, 19375923, -12647961}, + { -19562091, -14087393, -25583872, -9299552, 13127842, 759709, + 21923482, 16529112, 8742704, 12967017 }, + { -28464899, 1553205, 32536856, -10473729, -24691605, -406174, + -8914625, -2933896, -29903758, 15553883 }, + { 21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572, + 14513274, 19375923, -12647961 }, }, { - {8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818, - -6222716, 2862653, 9455043}, - {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124, - -2990080, 15511449, 4789663}, - {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736, - -5754762, 108893, 23513200, 16652362}, + { 8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818, + -6222716, 2862653, 9455043 }, + { 29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124, + -2990080, 15511449, 4789663 }, + { -20679756, 7004547, 8824831, -9434977, -4045704, -3750736, + -5754762, 108893, 23513200, 16652362 }, }, }, { { - {-33256173, 4144782, -4476029, -6579123, 10770039, -7155542, - -6650416, -12936300, -18319198, 10212860}, - {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801, - 2600940, -9988298, -12506466}, - {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657, - 11344424, 864440, -2499677, -16710063}, + { -33256173, 4144782, -4476029, -6579123, 10770039, -7155542, + -6650416, -12936300, -18319198, 10212860 }, + { 2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801, + 2600940, -9988298, -12506466 }, + { -24645692, 13317462, -30449259, -15653928, 21365574, -10869657, + 11344424, 864440, -2499677, -16710063 }, }, { - {-26432803, 6148329, -17184412, -14474154, 18782929, -275997, - -22561534, 211300, 2719757, 4940997}, - {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207, - 21690126, 8518463, 26699843, 5276295}, - {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586, - 149635, -15452774, 7159369}, + { -26432803, 6148329, -17184412, -14474154, 18782929, -275997, + -22561534, 211300, 2719757, 4940997 }, + { -1323882, 3911313, -6948744, 14759765, -30027150, 7851207, + 21690126, 8518463, 26699843, 5276295 }, + { -13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586, + 149635, -15452774, 7159369 }, }, { - {9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009, - 8312176, 22477218, -8403385}, - {18155857, -16504990, 19744716, 9006923, 15154154, -10538976, - 24256460, -4864995, -22548173, 9334109}, - {2986088, -4911893, 10776628, -3473844, 10620590, -7083203, - -21413845, 14253545, -22587149, 536906}, + { 9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009, + 8312176, 22477218, -8403385 }, + { 18155857, -16504990, 19744716, 9006923, 15154154, -10538976, + 24256460, -4864995, -22548173, 9334109 }, + { 2986088, -4911893, 10776628, -3473844, 10620590, -7083203, + -21413845, 14253545, -22587149, 536906 }, }, { - {4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, - 10589625, 10838060, -15420424}, - {-19342404, 867880, 9277171, -3218459, -14431572, -1986443, - 19295826, -15796950, 6378260, 699185}, - {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039, - 15693155, -5045064, -13373962}, + { 4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, + 10589625, 10838060, -15420424 }, + { -19342404, 867880, 9277171, -3218459, -14431572, -1986443, + 19295826, -15796950, 6378260, 699185 }, + { 7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039, + 15693155, -5045064, -13373962 }, }, { - {-7737563, -5869402, -14566319, -7406919, 11385654, 13201616, - 31730678, -10962840, -3918636, -9669325}, - {10188286, -15770834, -7336361, 13427543, 22223443, 14896287, - 30743455, 7116568, -21786507, 5427593}, - {696102, 13206899, 27047647, -10632082, 15285305, -9853179, - 10798490, -4578720, 19236243, 12477404}, + { -7737563, -5869402, -14566319, -7406919, 11385654, 13201616, + 31730678, -10962840, -3918636, -9669325 }, + { 10188286, -15770834, -7336361, 13427543, 22223443, 14896287, + 30743455, 7116568, -21786507, 5427593 }, + { 696102, 13206899, 27047647, -10632082, 15285305, -9853179, + 10798490, -4578720, 19236243, 12477404 }, }, { - {-11229439, 11243796, -17054270, -8040865, -788228, -8167967, - -3897669, 11180504, -23169516, 7733644}, - {17800790, -14036179, -27000429, -11766671, 23887827, 3149671, - 23466177, -10538171, 10322027, 15313801}, - {26246234, 11968874, 32263343, -5468728, 6830755, -13323031, - -15794704, -101982, -24449242, 10890804}, + { -11229439, 11243796, -17054270, -8040865, -788228, -8167967, + -3897669, 11180504, -23169516, 7733644 }, + { 17800790, -14036179, -27000429, -11766671, 23887827, 3149671, + 23466177, -10538171, 10322027, 15313801 }, + { 26246234, 11968874, 32263343, -5468728, 6830755, -13323031, + -15794704, -101982, -24449242, 10890804 }, }, { - {-31365647, 10271363, -12660625, -6267268, 16690207, -13062544, - -14982212, 16484931, 25180797, -5334884}, - {-586574, 10376444, -32586414, -11286356, 19801893, 10997610, - 2276632, 9482883, 316878, 13820577}, - {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996, - 30756178, -7515054, 30696930, -3712849}, + { -31365647, 10271363, -12660625, -6267268, 16690207, -13062544, + -14982212, 16484931, 25180797, -5334884 }, + { -586574, 10376444, -32586414, -11286356, 19801893, 10997610, + 2276632, 9482883, 316878, 13820577 }, + { -9882808, -4510367, -2115506, 16457136, -11100081, 11674996, + 30756178, -7515054, 30696930, -3712849 }, }, { - {32988917, -9603412, 12499366, 7910787, -10617257, -11931514, - -7342816, -9985397, -32349517, 7392473}, - {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781, - -30409476, -9134995, 25112947, -2926644}, - {-2504044, -436966, 25621774, -5678772, 15085042, -5479877, - -24884878, -13526194, 5537438, -13914319}, + { 32988917, -9603412, 12499366, 7910787, -10617257, -11931514, + -7342816, -9985397, -32349517, 7392473 }, + { -8855661, 15927861, 9866406, -3649411, -2396914, -16655781, + -30409476, -9134995, 25112947, -2926644 }, + { -2504044, -436966, 25621774, -5678772, 15085042, -5479877, + -24884878, -13526194, 5537438, -13914319 }, }, }, { { - {-11225584, 2320285, -9584280, 10149187, -33444663, 5808648, - -14876251, -1729667, 31234590, 6090599}, - {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721, - 15878753, -6970405, -9034768}, - {-27757857, 247744, -15194774, -9002551, 23288161, -10011936, - -23869595, 6503646, 20650474, 1804084}, + { -11225584, 2320285, -9584280, 10149187, -33444663, 5808648, + -14876251, -1729667, 31234590, 6090599 }, + { -9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721, + 15878753, -6970405, -9034768 }, + { -27757857, 247744, -15194774, -9002551, 23288161, -10011936, + -23869595, 6503646, 20650474, 1804084 }, }, { - {-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995, - -10329713, 27842616, -202328}, - {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656, - 5031932, -11375082, 12714369}, - {20807691, -7270825, 29286141, 11421711, -27876523, -13868230, - -21227475, 1035546, -19733229, 12796920}, + { -27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995, + -10329713, 27842616, -202328 }, + { -15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656, + 5031932, -11375082, 12714369 }, + { 20807691, -7270825, 29286141, 11421711, -27876523, -13868230, + -21227475, 1035546, -19733229, 12796920 }, }, { - {12076899, -14301286, -8785001, -11848922, -25012791, 16400684, - -17591495, -12899438, 3480665, -15182815}, - {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545, - -24363064, -15921875, -33374054, 2771025}, - {-21389266, 421932, 26597266, 6860826, 22486084, -6737172, - -17137485, -4210226, -24552282, 15673397}, + { 12076899, -14301286, -8785001, -11848922, -25012791, 16400684, + -17591495, -12899438, 3480665, -15182815 }, + { -32361549, 5457597, 28548107, 7833186, 7303070, -11953545, + -24363064, -15921875, -33374054, 2771025 }, + { -21389266, 421932, 26597266, 6860826, 22486084, -6737172, + -17137485, -4210226, -24552282, 15673397 }, }, { - {-20184622, 2338216, 19788685, -9620956, -4001265, -8740893, - -20271184, 4733254, 3727144, -12934448}, - {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594, - 7975683, 31123697, -10958981}, - {30069250, -11435332, 30434654, 2958439, 18399564, -976289, - 12296869, 9204260, -16432438, 9648165}, + { -20184622, 2338216, 19788685, -9620956, -4001265, -8740893, + -20271184, 4733254, 3727144, -12934448 }, + { 6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594, + 7975683, 31123697, -10958981 }, + { 30069250, -11435332, 30434654, 2958439, 18399564, -976289, + 12296869, 9204260, -16432438, 9648165 }, }, { - {32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266, - 5248604, -26008332, -11377501}, - {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711, - 15298639, 2662509, -16297073}, - {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326, - 32087529, -1222777, 32247248, -14389861}, + { 32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266, + 5248604, -26008332, -11377501 }, + { 17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711, + 15298639, 2662509, -16297073 }, + { -1172927, -7558695, -4366770, -4287744, -21346413, -8434326, + 32087529, -1222777, 32247248, -14389861 }, }, { - {14312628, 1221556, 17395390, -8700143, -4945741, -8684635, - -28197744, -9637817, -16027623, -13378845}, - {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502, - 9803137, 17597934, 2346211}, - {18510800, 15337574, 26171504, 981392, -22241552, 7827556, - -23491134, -11323352, 3059833, -11782870}, + { 14312628, 1221556, 17395390, -8700143, -4945741, -8684635, + -28197744, -9637817, -16027623, -13378845 }, + { -1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502, + 9803137, 17597934, 2346211 }, + { 18510800, 15337574, 26171504, 981392, -22241552, 7827556, + -23491134, -11323352, 3059833, -11782870 }, }, { - {10141598, 6082907, 17829293, -1947643, 9830092, 13613136, - -25556636, -5544586, -33502212, 3592096}, - {33114168, -15889352, -26525686, -13343397, 33076705, 8716171, - 1151462, 1521897, -982665, -6837803}, - {-32939165, -4255815, 23947181, -324178, -33072974, -12305637, - -16637686, 3891704, 26353178, 693168}, + { 10141598, 6082907, 17829293, -1947643, 9830092, 13613136, + -25556636, -5544586, -33502212, 3592096 }, + { 33114168, -15889352, -26525686, -13343397, 33076705, 8716171, + 1151462, 1521897, -982665, -6837803 }, + { -32939165, -4255815, 23947181, -324178, -33072974, -12305637, + -16637686, 3891704, 26353178, 693168 }, }, { - {30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294, - -400668, 31375464, 14369965}, - {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728, - 32732230, -13108839, 17901441, 16011505}, - {18171223, -11934626, -12500402, 15197122, -11038147, -15230035, - -19172240, -16046376, 8764035, 12309598}, + { 30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294, + -400668, 31375464, 14369965 }, + { -14370654, -7772529, 1510301, 6434173, -18784789, -6262728, + 32732230, -13108839, 17901441, 16011505 }, + { 18171223, -11934626, -12500402, 15197122, -11038147, -15230035, + -19172240, -16046376, 8764035, 12309598 }, }, }, { { - {5975908, -5243188, -19459362, -9681747, -11541277, 14015782, - -23665757, 1228319, 17544096, -10593782}, - {5811932, -1715293, 3442887, -2269310, -18367348, -8359541, - -18044043, -15410127, -5565381, 12348900}, - {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274, - -24849353, 8141295, -10632534, -585479}, + { 5975908, -5243188, -19459362, -9681747, -11541277, 14015782, + -23665757, 1228319, 17544096, -10593782 }, + { 5811932, -1715293, 3442887, -2269310, -18367348, -8359541, + -18044043, -15410127, -5565381, 12348900 }, + { -31399660, 11407555, 25755363, 6891399, -3256938, 14872274, + -24849353, 8141295, -10632534, -585479 }, }, { - {-12675304, 694026, -5076145, 13300344, 14015258, -14451394, - -9698672, -11329050, 30944593, 1130208}, - {8247766, -6710942, -26562381, -7709309, -14401939, -14648910, - 4652152, 2488540, 23550156, -271232}, - {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737, - -5908146, -408818, -137719}, + { -12675304, 694026, -5076145, 13300344, 14015258, -14451394, + -9698672, -11329050, 30944593, 1130208 }, + { 8247766, -6710942, -26562381, -7709309, -14401939, -14648910, + 4652152, 2488540, 23550156, -271232 }, + { 17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737, + -5908146, -408818, -137719 }, }, { - {16091085, -16253926, 18599252, 7340678, 2137637, -1221657, - -3364161, 14550936, 3260525, -7166271}, - {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596, - -23028869, -13204905, -12748722, 2701326}, - {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432, - -10018363, 9276971, 11329923, 1862132}, + { 16091085, -16253926, 18599252, 7340678, 2137637, -1221657, + -3364161, 14550936, 3260525, -7166271 }, + { -4910104, -13332887, 18550887, 10864893, -16459325, -7291596, + -23028869, -13204905, -12748722, 2701326 }, + { -8574695, 16099415, 4629974, -16340524, -20786213, -6005432, + -10018363, 9276971, 11329923, 1862132 }, }, { - {14763076, -15903608, -30918270, 3689867, 3511892, 10313526, - -21951088, 12219231, -9037963, -940300}, - {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216, - -2909717, -15438168, 11595570}, - {15214962, 3537601, -26238722, -14058872, 4418657, -15230761, - 13947276, 10730794, -13489462, -4363670}, + { 14763076, -15903608, -30918270, 3689867, 3511892, 10313526, + -21951088, 12219231, -9037963, -940300 }, + { 8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216, + -2909717, -15438168, 11595570 }, + { 15214962, 3537601, -26238722, -14058872, 4418657, -15230761, + 13947276, 10730794, -13489462, -4363670 }, }, { - {-2538306, 7682793, 32759013, 263109, -29984731, -7955452, - -22332124, -10188635, 977108, 699994}, - {-12466472, 4195084, -9211532, 550904, -15565337, 12917920, - 19118110, -439841, -30534533, -14337913}, - {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237, - -10051775, 12493932, -5409317}, + { -2538306, 7682793, 32759013, 263109, -29984731, -7955452, + -22332124, -10188635, 977108, 699994 }, + { -12466472, 4195084, -9211532, 550904, -15565337, 12917920, + 19118110, -439841, -30534533, -14337913 }, + { 31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237, + -10051775, 12493932, -5409317 }, }, { - {-25680606, 5260744, -19235809, -6284470, -3695942, 16566087, - 27218280, 2607121, 29375955, 6024730}, - {842132, -2794693, -4763381, -8722815, 26332018, -12405641, - 11831880, 6985184, -9940361, 2854096}, - {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645, - 960770, 12121869, 16648078}, + { -25680606, 5260744, -19235809, -6284470, -3695942, 16566087, + 27218280, 2607121, 29375955, 6024730 }, + { 842132, -2794693, -4763381, -8722815, 26332018, -12405641, + 11831880, 6985184, -9940361, 2854096 }, + { -4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645, + 960770, 12121869, 16648078 }, }, { - {-15218652, 14667096, -13336229, 2013717, 30598287, -464137, - -31504922, -7882064, 20237806, 2838411}, - {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604, - 12544294, -13470457, 1068881, -12499905}, - {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596, - -8486907, -2630053, 12521378, 4845654}, + { -15218652, 14667096, -13336229, 2013717, 30598287, -464137, + -31504922, -7882064, 20237806, 2838411 }, + { -19288047, 4453152, 15298546, -16178388, 22115043, -15972604, + 12544294, -13470457, 1068881, -12499905 }, + { -9558883, -16518835, 33238498, 13506958, 30505848, -1114596, + -8486907, -2630053, 12521378, 4845654 }, }, { - {-28198521, 10744108, -2958380, 10199664, 7759311, -13088600, - 3409348, -873400, -6482306, -12885870}, - {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172, - 10477734, -1240216, -3113227, 13974498}, - {12966261, 15550616, -32038948, -1615346, 21025980, -629444, - 5642325, 7188737, 18895762, 12629579}, + { -28198521, 10744108, -2958380, 10199664, 7759311, -13088600, + 3409348, -873400, -6482306, -12885870 }, + { -23561822, 6230156, -20382013, 10655314, -24040585, -11621172, + 10477734, -1240216, -3113227, 13974498 }, + { 12966261, 15550616, -32038948, -1615346, 21025980, -629444, + 5642325, 7188737, 18895762, 12629579 }, }, }, { { - {14741879, -14946887, 22177208, -11721237, 1279741, 8058600, - 11758140, 789443, 32195181, 3895677}, - {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575, - -3566119, -8982069, 4429647}, - {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220, - -7135870, -11642895, 18047436, -15281743}, + { 14741879, -14946887, 22177208, -11721237, 1279741, 8058600, + 11758140, 789443, 32195181, 3895677 }, + { 10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575, + -3566119, -8982069, 4429647 }, + { -2453894, 15725973, -20436342, -10410672, -5803908, -11040220, + -7135870, -11642895, 18047436, -15281743 }, }, { - {-25173001, -11307165, 29759956, 11776784, -22262383, -15820455, - 10993114, -12850837, -17620701, -9408468}, - {21987233, 700364, -24505048, 14972008, -7774265, -5718395, - 32155026, 2581431, -29958985, 8773375}, - {-25568350, 454463, -13211935, 16126715, 25240068, 8594567, - 20656846, 12017935, -7874389, -13920155}, + { -25173001, -11307165, 29759956, 11776784, -22262383, -15820455, + 10993114, -12850837, -17620701, -9408468 }, + { 21987233, 700364, -24505048, 14972008, -7774265, -5718395, + 32155026, 2581431, -29958985, 8773375 }, + { -25568350, 454463, -13211935, 16126715, 25240068, 8594567, + 20656846, 12017935, -7874389, -13920155 }, }, { - {6028182, 6263078, -31011806, -11301710, -818919, 2461772, - -31841174, -5468042, -1721788, -2776725}, - {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845, - -4166698, 28408820, 6816612}, - {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817, - 20613181, 13982702, -10339570, 5067943}, + { 6028182, 6263078, -31011806, -11301710, -818919, 2461772, + -31841174, -5468042, -1721788, -2776725 }, + { -12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845, + -4166698, 28408820, 6816612 }, + { -10358094, -8237829, 19549651, -12169222, 22082623, 16147817, + 20613181, 13982702, -10339570, 5067943 }, }, { - {-30505967, -3821767, 12074681, 13582412, -19877972, 2443951, - -19719286, 12746132, 5331210, -10105944}, - {30528811, 3601899, -1957090, 4619785, -27361822, -15436388, - 24180793, -12570394, 27679908, -1648928}, - {9402404, -13957065, 32834043, 10838634, -26580150, -13237195, - 26653274, -8685565, 22611444, -12715406}, + { -30505967, -3821767, 12074681, 13582412, -19877972, 2443951, + -19719286, 12746132, 5331210, -10105944 }, + { 30528811, 3601899, -1957090, 4619785, -27361822, -15436388, + 24180793, -12570394, 27679908, -1648928 }, + { 9402404, -13957065, 32834043, 10838634, -26580150, -13237195, + 26653274, -8685565, 22611444, -12715406 }, }, { - {22190590, 1118029, 22736441, 15130463, -30460692, -5991321, - 19189625, -4648942, 4854859, 6622139}, - {-8310738, -2953450, -8262579, -3388049, -10401731, -271929, - 13424426, -3567227, 26404409, 13001963}, - {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670, - -26064365, -11621720, -15405155, 11020693}, + { 22190590, 1118029, 22736441, 15130463, -30460692, -5991321, + 19189625, -4648942, 4854859, 6622139 }, + { -8310738, -2953450, -8262579, -3388049, -10401731, -271929, + 13424426, -3567227, 26404409, 13001963 }, + { -31241838, -15415700, -2994250, 8939346, 11562230, -12840670, + -26064365, -11621720, -15405155, 11020693 }, }, { - {1866042, -7949489, -7898649, -10301010, 12483315, 13477547, - 3175636, -12424163, 28761762, 1406734}, - {-448555, -1777666, 13018551, 3194501, -9580420, -11161737, - 24760585, -4347088, 25577411, -13378680}, - {-24290378, 4759345, -690653, -1852816, 2066747, 10693769, - -29595790, 9884936, -9368926, 4745410}, + { 1866042, -7949489, -7898649, -10301010, 12483315, 13477547, + 3175636, -12424163, 28761762, 1406734 }, + { -448555, -1777666, 13018551, 3194501, -9580420, -11161737, + 24760585, -4347088, 25577411, -13378680 }, + { -24290378, 4759345, -690653, -1852816, 2066747, 10693769, + -29595790, 9884936, -9368926, 4745410 }, }, { - {-9141284, 6049714, -19531061, -4341411, -31260798, 9944276, - -15462008, -11311852, 10931924, -11931931}, - {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606, - -22853429, 10856641, -20470770, 13434654}, - {22759489, -10073434, -16766264, -1871422, 13637442, -10168091, - 1765144, -12654326, 28445307, -5364710}, + { -9141284, 6049714, -19531061, -4341411, -31260798, 9944276, + -15462008, -11311852, 10931924, -11931931 }, + { -16561513, 14112680, -8012645, 4817318, -8040464, -11414606, + -22853429, 10856641, -20470770, 13434654 }, + { 22759489, -10073434, -16766264, -1871422, 13637442, -10168091, + 1765144, -12654326, 28445307, -5364710 }, }, { - {29875063, 12493613, 2795536, -3786330, 1710620, 15181182, - -10195717, -8788675, 9074234, 1167180}, - {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294, - -18716888, -9535498, 3843903, 9367684}, - {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123, - 8601684, -139197, 4242895}, + { 29875063, 12493613, 2795536, -3786330, 1710620, 15181182, + -10195717, -8788675, 9074234, 1167180 }, + { -26205683, 11014233, -9842651, -2635485, -26908120, 7532294, + -18716888, -9535498, 3843903, 9367684 }, + { -10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123, + 8601684, -139197, 4242895 }, }, }, { { - {22092954, -13191123, -2042793, -11968512, 32186753, -11517388, - -6574341, 2470660, -27417366, 16625501}, - {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857, - 2602725, -27351616, 14247413}, - {6314175, -10264892, -32772502, 15957557, -10157730, 168750, - -8618807, 14290061, 27108877, -1180880}, + { 22092954, -13191123, -2042793, -11968512, 32186753, -11517388, + -6574341, 2470660, -27417366, 16625501 }, + { -11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857, + 2602725, -27351616, 14247413 }, + { 6314175, -10264892, -32772502, 15957557, -10157730, 168750, + -8618807, 14290061, 27108877, -1180880 }, }, { - {-8586597, -7170966, 13241782, 10960156, -32991015, -13794596, - 33547976, -11058889, -27148451, 981874}, - {22833440, 9293594, -32649448, -13618667, -9136966, 14756819, - -22928859, -13970780, -10479804, -16197962}, - {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060, - 22680049, 13906969, -15933690, 3797899}, + { -8586597, -7170966, 13241782, 10960156, -32991015, -13794596, + 33547976, -11058889, -27148451, 981874 }, + { 22833440, 9293594, -32649448, -13618667, -9136966, 14756819, + -22928859, -13970780, -10479804, -16197962 }, + { -7768587, 3326786, -28111797, 10783824, 19178761, 14905060, + 22680049, 13906969, -15933690, 3797899 }, }, { - {21721356, -4212746, -12206123, 9310182, -3882239, -13653110, - 23740224, -2709232, 20491983, -8042152}, - {9209270, -15135055, -13256557, -6167798, -731016, 15289673, - 25947805, 15286587, 30997318, -6703063}, - {7392032, 16618386, 23946583, -8039892, -13265164, -1533858, - -14197445, -2321576, 17649998, -250080}, + { 21721356, -4212746, -12206123, 9310182, -3882239, -13653110, + 23740224, -2709232, 20491983, -8042152 }, + { 9209270, -15135055, -13256557, -6167798, -731016, 15289673, + 25947805, 15286587, 30997318, -6703063 }, + { 7392032, 16618386, 23946583, -8039892, -13265164, -1533858, + -14197445, -2321576, 17649998, -250080 }, }, { - {-9301088, -14193827, 30609526, -3049543, -25175069, -1283752, - -15241566, -9525724, -2233253, 7662146}, - {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295, - 7335080, -8472199, -3174674, 3440183}, - {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957, - 40450, -4431835, 4862400, 1133}, + { -9301088, -14193827, 30609526, -3049543, -25175069, -1283752, + -15241566, -9525724, -2233253, 7662146 }, + { -17558673, 1763594, -33114336, 15908610, -30040870, -12174295, + 7335080, -8472199, -3174674, 3440183 }, + { -19889700, -5977008, -24111293, -9688870, 10799743, -16571957, + 40450, -4431835, 4862400, 1133 }, }, { - {-32856209, -7873957, -5422389, 14860950, -16319031, 7956142, - 7258061, 311861, -30594991, -7379421}, - {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763, - 16527196, 18278453, 15405622}, - {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970, - -13313598, 843523, -21875062, 13626197}, + { -32856209, -7873957, -5422389, 14860950, -16319031, 7956142, + 7258061, 311861, -30594991, -7379421 }, + { -3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763, + 16527196, 18278453, 15405622 }, + { -4381906, 8508652, -19898366, -3674424, -5984453, 15149970, + -13313598, 843523, -21875062, 13626197 }, }, { - {2281448, -13487055, -10915418, -2609910, 1879358, 16164207, - -10783882, 3953792, 13340839, 15928663}, - {31727126, -7179855, -18437503, -8283652, 2875793, -16390330, - -25269894, -7014826, -23452306, 5964753}, - {4100420, -5959452, -17179337, 6017714, -18705837, 12227141, - -26684835, 11344144, 2538215, -7570755}, + { 2281448, -13487055, -10915418, -2609910, 1879358, 16164207, + -10783882, 3953792, 13340839, 15928663 }, + { 31727126, -7179855, -18437503, -8283652, 2875793, -16390330, + -25269894, -7014826, -23452306, 5964753 }, + { 4100420, -5959452, -17179337, 6017714, -18705837, 12227141, + -26684835, 11344144, 2538215, -7570755 }, }, { - {-9433605, 6123113, 11159803, -2156608, 30016280, 14966241, - -20474983, 1485421, -629256, -15958862}, - {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492, - -20205425, -13191288, 11659922, -11115118}, - {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568, - -10170080, 33100372, -1306171}, + { -9433605, 6123113, 11159803, -2156608, 30016280, 14966241, + -20474983, 1485421, -629256, -15958862 }, + { -26804558, 4260919, 11851389, 9658551, -32017107, 16367492, + -20205425, -13191288, 11659922, -11115118 }, + { 26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568, + -10170080, 33100372, -1306171 }, }, { - {15121113, -5201871, -10389905, 15427821, -27509937, -15992507, - 21670947, 4486675, -5931810, -14466380}, - {16166486, -9483733, -11104130, 6023908, -31926798, -1364923, - 2340060, -16254968, -10735770, -10039824}, - {28042865, -3557089, -12126526, 12259706, -3717498, -6945899, - 6766453, -8689599, 18036436, 5803270}, + { 15121113, -5201871, -10389905, 15427821, -27509937, -15992507, + 21670947, 4486675, -5931810, -14466380 }, + { 16166486, -9483733, -11104130, 6023908, -31926798, -1364923, + 2340060, -16254968, -10735770, -10039824 }, + { 28042865, -3557089, -12126526, 12259706, -3717498, -6945899, + 6766453, -8689599, 18036436, 5803270 }, }, }, { { - {-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391, - 4598332, -6159431, -14117438}, - {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183, - 696309, 50292, -20095739, 11763584}, - {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117, - -12613632, -19773211, -10713562}, + { -817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391, + 4598332, -6159431, -14117438 }, + { -31031306, -14256194, 17332029, -2383520, 31312682, -5967183, + 696309, 50292, -20095739, 11763584 }, + { -594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117, + -12613632, -19773211, -10713562 }, }, { - {30464590, -11262872, -4127476, -12734478, 19835327, -7105613, - -24396175, 2075773, -17020157, 992471}, - {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841, - 8080033, -11574335, -10601610}, - {19598397, 10334610, 12555054, 2555664, 18821899, -10339780, - 21873263, 16014234, 26224780, 16452269}, + { 30464590, -11262872, -4127476, -12734478, 19835327, -7105613, + -24396175, 2075773, -17020157, 992471 }, + { 18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841, + 8080033, -11574335, -10601610 }, + { 19598397, 10334610, 12555054, 2555664, 18821899, -10339780, + 21873263, 16014234, 26224780, 16452269 }, }, { - {-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804, - -7618186, -20533829, 3698650}, - {14187449, 3448569, -10636236, -10810935, -22663880, -3433596, - 7268410, -10890444, 27394301, 12015369}, - {19695761, 16087646, 28032085, 12999827, 6817792, 11427614, - 20244189, -1312777, -13259127, -3402461}, + { -30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804, + -7618186, -20533829, 3698650 }, + { 14187449, 3448569, -10636236, -10810935, -22663880, -3433596, + 7268410, -10890444, 27394301, 12015369 }, + { 19695761, 16087646, 28032085, 12999827, 6817792, 11427614, + 20244189, -1312777, -13259127, -3402461 }, }, { - {30860103, 12735208, -1888245, -4699734, -16974906, 2256940, - -8166013, 12298312, -8550524, -10393462}, - {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760, - -5789354, -15118654, -4976164, 12651793}, - {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089, - -13118820, -16517902, 9768698, -2533218}, + { 30860103, 12735208, -1888245, -4699734, -16974906, 2256940, + -8166013, 12298312, -8550524, -10393462 }, + { -5719826, -11245325, -1910649, 15569035, 26642876, -7587760, + -5789354, -15118654, -4976164, 12651793 }, + { -2848395, 9953421, 11531313, -5282879, 26895123, -12697089, + -13118820, -16517902, 9768698, -2533218 }, }, { - {-24719459, 1894651, -287698, -4704085, 15348719, -8156530, - 32767513, 12765450, 4940095, 10678226}, - {18860224, 15980149, -18987240, -1562570, -26233012, -11071856, - -7843882, 13944024, -24372348, 16582019}, - {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756, - -11704054, 15444560, -11003761, 7989037}, + { -24719459, 1894651, -287698, -4704085, 15348719, -8156530, + 32767513, 12765450, 4940095, 10678226 }, + { 18860224, 15980149, -18987240, -1562570, -26233012, -11071856, + -7843882, 13944024, -24372348, 16582019 }, + { -15504260, 4970268, -29893044, 4175593, -20993212, -2199756, + -11704054, 15444560, -11003761, 7989037 }, }, { - {31490452, 5568061, -2412803, 2182383, -32336847, 4531686, - -32078269, 6200206, -19686113, -14800171}, - {-17308668, -15879940, -31522777, -2831, -32887382, 16375549, - 8680158, -16371713, 28550068, -6857132}, - {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016, - -30039981, 4364038, 1155602, 5988841}, + { 31490452, 5568061, -2412803, 2182383, -32336847, 4531686, + -32078269, 6200206, -19686113, -14800171 }, + { -17308668, -15879940, -31522777, -2831, -32887382, 16375549, + 8680158, -16371713, 28550068, -6857132 }, + { -28126887, -5688091, 16837845, -1820458, -6850681, 12700016, + -30039981, 4364038, 1155602, 5988841 }, }, { - {21890435, -13272907, -12624011, 12154349, -7831873, 15300496, - 23148983, -4470481, 24618407, 8283181}, - {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536, - 3070187, -7025928, 1466169, 10740210}, - {-1509399, -15488185, -13503385, -10655916, 32799044, 909394, - -13938903, -5779719, -32164649, -15327040}, + { 21890435, -13272907, -12624011, 12154349, -7831873, 15300496, + 23148983, -4470481, 24618407, 8283181 }, + { -33136107, -10512751, 9975416, 6841041, -31559793, 16356536, + 3070187, -7025928, 1466169, 10740210 }, + { -1509399, -15488185, -13503385, -10655916, 32799044, 909394, + -13938903, -5779719, -32164649, -15327040 }, }, { - {3960823, -14267803, -28026090, -15918051, -19404858, 13146868, - 15567327, 951507, -3260321, -573935}, - {24740841, 5052253, -30094131, 8961361, 25877428, 6165135, - -24368180, 14397372, -7380369, -6144105}, - {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454, - -15441463, -14453128, -1625486, -6494814}, + { 3960823, -14267803, -28026090, -15918051, -19404858, 13146868, + 15567327, 951507, -3260321, -573935 }, + { 24740841, 5052253, -30094131, 8961361, 25877428, 6165135, + -24368180, 14397372, -7380369, -6144105 }, + { -28888365, 3510803, -28103278, -1158478, -11238128, -10631454, + -15441463, -14453128, -1625486, -6494814 }, }, }, { { - {793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843, - -4885251, -9906200, -621852}, - {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374, - 1468826, -6171428, -15186581}, - {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288, - -30404353, -9871238, -1558923, -9863646}, + { 793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843, + -4885251, -9906200, -621852 }, + { 5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374, + 1468826, -6171428, -15186581 }, + { -4859255, -3779343, -2917758, -6748019, 7778750, 11688288, + -30404353, -9871238, -1558923, -9863646 }, }, { - {10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958, - 14783338, -30581476, -15757844}, - {10566929, 12612572, -31944212, 11118703, -12633376, 12362879, - 21752402, 8822496, 24003793, 14264025}, - {27713862, -7355973, -11008240, 9227530, 27050101, 2504721, - 23886875, -13117525, 13958495, -5732453}, + { 10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958, + 14783338, -30581476, -15757844 }, + { 10566929, 12612572, -31944212, 11118703, -12633376, 12362879, + 21752402, 8822496, 24003793, 14264025 }, + { 27713862, -7355973, -11008240, 9227530, 27050101, 2504721, + 23886875, -13117525, 13958495, -5732453 }, }, { - {-23481610, 4867226, -27247128, 3900521, 29838369, -8212291, - -31889399, -10041781, 7340521, -15410068}, - {4646514, -8011124, -22766023, -11532654, 23184553, 8566613, - 31366726, -1381061, -15066784, -10375192}, - {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576, - 27584817, 3093888, -8843694, 3849921}, + { -23481610, 4867226, -27247128, 3900521, 29838369, -8212291, + -31889399, -10041781, 7340521, -15410068 }, + { 4646514, -8011124, -22766023, -11532654, 23184553, 8566613, + 31366726, -1381061, -15066784, -10375192 }, + { -17270517, 12723032, -16993061, 14878794, 21619651, -6197576, + 27584817, 3093888, -8843694, 3849921 }, }, { - {-9064912, 2103172, 25561640, -15125738, -5239824, 9582958, - 32477045, -9017955, 5002294, -15550259}, - {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708, - 16489530, 13378448, -25845716, 12741426}, - {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677, - 24306472, 15852464, 28834118, -7646072}, + { -9064912, 2103172, 25561640, -15125738, -5239824, 9582958, + 32477045, -9017955, 5002294, -15550259 }, + { -12057553, -11177906, 21115585, -13365155, 8808712, -12030708, + 16489530, 13378448, -25845716, 12741426 }, + { -5946367, 10645103, -30911586, 15390284, -3286982, -7118677, + 24306472, 15852464, 28834118, -7646072 }, }, { - {-17335748, -9107057, -24531279, 9434953, -8472084, -583362, - -13090771, 455841, 20461858, 5491305}, - {13669248, -16095482, -12481974, -10203039, -14569770, -11893198, - -24995986, 11293807, -28588204, -9421832}, - {28497928, 6272777, -33022994, 14470570, 8906179, -1225630, - 18504674, -14165166, 29867745, -8795943}, + { -17335748, -9107057, -24531279, 9434953, -8472084, -583362, + -13090771, 455841, 20461858, 5491305 }, + { 13669248, -16095482, -12481974, -10203039, -14569770, -11893198, + -24995986, 11293807, -28588204, -9421832 }, + { 28497928, 6272777, -33022994, 14470570, 8906179, -1225630, + 18504674, -14165166, 29867745, -8795943 }, }, { - {-16207023, 13517196, -27799630, -13697798, 24009064, -6373891, - -6367600, -13175392, 22853429, -4012011}, - {24191378, 16712145, -13931797, 15217831, 14542237, 1646131, - 18603514, -11037887, 12876623, -2112447}, - {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753, - 608397, 16031844, 3723494}, + { -16207023, 13517196, -27799630, -13697798, 24009064, -6373891, + -6367600, -13175392, 22853429, -4012011 }, + { 24191378, 16712145, -13931797, 15217831, 14542237, 1646131, + 18603514, -11037887, 12876623, -2112447 }, + { 17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753, + 608397, 16031844, 3723494 }, }, { - {-28632773, 12763728, -20446446, 7577504, 33001348, -13017745, - 17558842, -7872890, 23896954, -4314245}, - {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064, - 7229064, -9919646, -8826859}, - {28816045, 298879, -28165016, -15920938, 19000928, -1665890, - -12680833, -2949325, -18051778, -2082915}, + { -28632773, 12763728, -20446446, 7577504, 33001348, -13017745, + 17558842, -7872890, 23896954, -4314245 }, + { -20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064, + 7229064, -9919646, -8826859 }, + { 28816045, 298879, -28165016, -15920938, 19000928, -1665890, + -12680833, -2949325, -18051778, -2082915 }, }, { - {16000882, -344896, 3493092, -11447198, -29504595, -13159789, - 12577740, 16041268, -19715240, 7847707}, - {10151868, 10572098, 27312476, 7922682, 14825339, 4723128, - -32855931, -6519018, -10020567, 3852848}, - {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598, - 16514493, -15932110, 29330899, -15076224}, + { 16000882, -344896, 3493092, -11447198, -29504595, -13159789, + 12577740, 16041268, -19715240, 7847707 }, + { 10151868, 10572098, 27312476, 7922682, 14825339, 4723128, + -32855931, -6519018, -10020567, 3852848 }, + { -11430470, 15697596, -21121557, -4420647, 5386314, 15063598, + 16514493, -15932110, 29330899, -15076224 }, }, }, { { - {-25499735, -4378794, -15222908, -6901211, 16615731, 2051784, - 3303702, 15490, -27548796, 12314391}, - {15683520, -6003043, 18109120, -9980648, 15337968, -5997823, - -16717435, 15921866, 16103996, -3731215}, - {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929, - -19273607, 5402699, -29815713, -9841101}, + { -25499735, -4378794, -15222908, -6901211, 16615731, 2051784, + 3303702, 15490, -27548796, 12314391 }, + { 15683520, -6003043, 18109120, -9980648, 15337968, -5997823, + -16717435, 15921866, 16103996, -3731215 }, + { -23169824, -10781249, 13588192, -1628807, -3798557, -1074929, + -19273607, 5402699, -29815713, -9841101 }, }, { - {23190676, 2384583, -32714340, 3462154, -29903655, -1529132, - -11266856, 8911517, -25205859, 2739713}, - {21374101, -3554250, -33524649, 9874411, 15377179, 11831242, - -33529904, 6134907, 4931255, 11987849}, - {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539, - 13861388, -30076310, 10117930}, + { 23190676, 2384583, -32714340, 3462154, -29903655, -1529132, + -11266856, 8911517, -25205859, 2739713 }, + { 21374101, -3554250, -33524649, 9874411, 15377179, 11831242, + -33529904, 6134907, 4931255, 11987849 }, + { -7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539, + 13861388, -30076310, 10117930 }, }, { - {-29501170, -10744872, -26163768, 13051539, -25625564, 5089643, - -6325503, 6704079, 12890019, 15728940}, - {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376, - -10428139, 12885167, 8311031}, - {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191, - 26423267, 4384730, 1888765, -5435404}, + { -29501170, -10744872, -26163768, 13051539, -25625564, 5089643, + -6325503, 6704079, 12890019, 15728940 }, + { -21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376, + -10428139, 12885167, 8311031 }, + { -17516482, 5352194, 10384213, -13811658, 7506451, 13453191, + 26423267, 4384730, 1888765, -5435404 }, }, { - {-25817338, -3107312, -13494599, -3182506, 30896459, -13921729, - -32251644, -12707869, -19464434, -3340243}, - {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245, - 14845197, 17151279, -9854116}, - {-24830458, -12733720, -15165978, 10367250, -29530908, -265356, - 22825805, -7087279, -16866484, 16176525}, + { -25817338, -3107312, -13494599, -3182506, 30896459, -13921729, + -32251644, -12707869, -19464434, -3340243 }, + { -23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245, + 14845197, 17151279, -9854116 }, + { -24830458, -12733720, -15165978, 10367250, -29530908, -265356, + 22825805, -7087279, -16866484, 16176525 }, }, { - {-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182, - -10363426, -28746253, -10197509}, - {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229, - 23632037, -1940610, 32808310, 1099883}, - {15030977, 5768825, -27451236, -2887299, -6427378, -15361371, - -15277896, -6809350, 2051441, -15225865}, + { -23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182, + -10363426, -28746253, -10197509 }, + { -10626600, -4486402, -13320562, -5125317, 3432136, -6393229, + 23632037, -1940610, 32808310, 1099883 }, + { 15030977, 5768825, -27451236, -2887299, -6427378, -15361371, + -15277896, -6809350, 2051441, -15225865 }, }, { - {-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398, - -14154188, -22686354, 16633660}, - {4577086, -16752288, 13249841, -15304328, 19958763, -14537274, - 18559670, -10759549, 8402478, -9864273}, - {-28406330, -1051581, -26790155, -907698, -17212414, -11030789, - 9453451, -14980072, 17983010, 9967138}, + { -3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398, + -14154188, -22686354, 16633660 }, + { 4577086, -16752288, 13249841, -15304328, 19958763, -14537274, + 18559670, -10759549, 8402478, -9864273 }, + { -28406330, -1051581, -26790155, -907698, -17212414, -11030789, + 9453451, -14980072, 17983010, 9967138 }, }, { - {-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990, - 7806337, 17507396, 3651560}, - {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010, - 26556809, -5574557, -18553322, -11357135}, - {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121, - 8459447, -5605463, -7621941}, + { -25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990, + 7806337, 17507396, 3651560 }, + { -10420457, -4118111, 14584639, 15971087, -15768321, 8861010, + 26556809, -5574557, -18553322, -11357135 }, + { 2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121, + 8459447, -5605463, -7621941 }, }, { - {-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813, - -849066, 17258084, -7977739}, - {18164541, -10595176, -17154882, -1542417, 19237078, -9745295, - 23357533, -15217008, 26908270, 12150756}, - {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168, - -5537701, -32302074, 16215819}, + { -4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813, + -849066, 17258084, -7977739 }, + { 18164541, -10595176, -17154882, -1542417, 19237078, -9745295, + 23357533, -15217008, 26908270, 12150756 }, + { -30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168, + -5537701, -32302074, 16215819 }, }, }, { { - {-6898905, 9824394, -12304779, -4401089, -31397141, -6276835, - 32574489, 12532905, -7503072, -8675347}, - {-27343522, -16515468, -27151524, -10722951, 946346, 16291093, - 254968, 7168080, 21676107, -1943028}, - {21260961, -8424752, -16831886, -11920822, -23677961, 3968121, - -3651949, -6215466, -3556191, -7913075}, + { -6898905, 9824394, -12304779, -4401089, -31397141, -6276835, + 32574489, 12532905, -7503072, -8675347 }, + { -27343522, -16515468, -27151524, -10722951, 946346, 16291093, + 254968, 7168080, 21676107, -1943028 }, + { 21260961, -8424752, -16831886, -11920822, -23677961, 3968121, + -3651949, -6215466, -3556191, -7913075 }, }, { - {16544754, 13250366, -16804428, 15546242, -4583003, 12757258, - -2462308, -8680336, -18907032, -9662799}, - {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564, - 26820651, 16690659, 25459437, -4564609}, - {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224, - 9142795, -2391602, -6432418, -1644817}, + { 16544754, 13250366, -16804428, 15546242, -4583003, 12757258, + -2462308, -8680336, -18907032, -9662799 }, + { -2415239, -15577728, 18312303, 4964443, -15272530, -12653564, + 26820651, 16690659, 25459437, -4564609 }, + { -25144690, 11425020, 28423002, -11020557, -6144921, -15826224, + 9142795, -2391602, -6432418, -1644817 }, }, { - {-23104652, 6253476, 16964147, -3768872, -25113972, -12296437, - -27457225, -16344658, 6335692, 7249989}, - {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693, - -30272269, 2682242, 25993170, -12478523}, - {4364628, 5930691, 32304656, -10044554, -8054781, 15091131, - 22857016, -10598955, 31820368, 15075278}, + { -23104652, 6253476, 16964147, -3768872, -25113972, -12296437, + -27457225, -16344658, 6335692, 7249989 }, + { -30333227, 13979675, 7503222, -12368314, -11956721, -4621693, + -30272269, 2682242, 25993170, -12478523 }, + { 4364628, 5930691, 32304656, -10044554, -8054781, 15091131, + 22857016, -10598955, 31820368, 15075278 }, }, { - {31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788, - -9650886, -17970238, 12833045}, - {19073683, 14851414, -24403169, -11860168, 7625278, 11091125, - -19619190, 2074449, -9413939, 14905377}, - {24483667, -11935567, -2518866, -11547418, -1553130, 15355506, - -25282080, 9253129, 27628530, -7555480}, + { 31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788, + -9650886, -17970238, 12833045 }, + { 19073683, 14851414, -24403169, -11860168, 7625278, 11091125, + -19619190, 2074449, -9413939, 14905377 }, + { 24483667, -11935567, -2518866, -11547418, -1553130, 15355506, + -25282080, 9253129, 27628530, -7555480 }, }, { - {17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324, - -9157582, -14110875, 15297016}, - {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417, - -11864220, 8683221, 2921426}, - {18606791, 11874196, 27155355, -5281482, -24031742, 6265446, - -25178240, -1278924, 4674690, 13890525}, + { 17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324, + -9157582, -14110875, 15297016 }, + { 510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417, + -11864220, 8683221, 2921426 }, + { 18606791, 11874196, 27155355, -5281482, -24031742, 6265446, + -25178240, -1278924, 4674690, 13890525 }, }, { - {13609624, 13069022, -27372361, -13055908, 24360586, 9592974, - 14977157, 9835105, 4389687, 288396}, - {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062, - 8317628, 23388070, 16052080}, - {12720016, 11937594, -31970060, -5028689, 26900120, 8561328, - -20155687, -11632979, -14754271, -10812892}, + { 13609624, 13069022, -27372361, -13055908, 24360586, 9592974, + 14977157, 9835105, 4389687, 288396 }, + { 9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062, + 8317628, 23388070, 16052080 }, + { 12720016, 11937594, -31970060, -5028689, 26900120, 8561328, + -20155687, -11632979, -14754271, -10812892 }, }, { - {15961858, 14150409, 26716931, -665832, -22794328, 13603569, - 11829573, 7467844, -28822128, 929275}, - {11038231, -11582396, -27310482, -7316562, -10498527, -16307831, - -23479533, -9371869, -21393143, 2465074}, - {20017163, -4323226, 27915242, 1529148, 12396362, 15675764, - 13817261, -9658066, 2463391, -4622140}, + { 15961858, 14150409, 26716931, -665832, -22794328, 13603569, + 11829573, 7467844, -28822128, 929275 }, + { 11038231, -11582396, -27310482, -7316562, -10498527, -16307831, + -23479533, -9371869, -21393143, 2465074 }, + { 20017163, -4323226, 27915242, 1529148, 12396362, 15675764, + 13817261, -9658066, 2463391, -4622140 }, }, { - {-16358878, -12663911, -12065183, 4996454, -1256422, 1073572, - 9583558, 12851107, 4003896, 12673717}, - {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325, - 14741514, -9103726, 7903886, 2348101}, - {24536016, -16515207, 12715592, -3862155, 1511293, 10047386, - -3842346, -7129159, -28377538, 10048127}, + { -16358878, -12663911, -12065183, 4996454, -1256422, 1073572, + 9583558, 12851107, 4003896, 12673717 }, + { -1731589, -15155870, -3262930, 16143082, 19294135, 13385325, + 14741514, -9103726, 7903886, 2348101 }, + { 24536016, -16515207, 12715592, -3862155, 1511293, 10047386, + -3842346, -7129159, -28377538, 10048127 }, }, }, { { - {-12622226, -6204820, 30718825, 2591312, -10617028, 12192840, - 18873298, -7297090, -32297756, 15221632}, - {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409, - -21343950, 2095755, 29769758, 6593415}, - {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345, - -6118678, 30958054, 8292160}, + { -12622226, -6204820, 30718825, 2591312, -10617028, 12192840, + 18873298, -7297090, -32297756, 15221632 }, + { -26478122, -11103864, 11546244, -1852483, 9180880, 7656409, + -21343950, 2095755, 29769758, 6593415 }, + { -31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345, + -6118678, 30958054, 8292160 }, }, { - {31429822, -13959116, 29173532, 15632448, 12174511, -2760094, - 32808831, 3977186, 26143136, -3148876}, - {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633, - -1674433, -3758243, -2304625}, - {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029, - -1612713, -1535569, -16664475, 8194478}, + { 31429822, -13959116, 29173532, 15632448, 12174511, -2760094, + 32808831, 3977186, 26143136, -3148876 }, + { 22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633, + -1674433, -3758243, -2304625 }, + { -15491917, 8012313, -2514730, -12702462, -23965846, -10254029, + -1612713, -1535569, -16664475, 8194478 }, }, { - {27338066, -7507420, -7414224, 10140405, -19026427, -6589889, - 27277191, 8855376, 28572286, 3005164}, - {26287124, 4821776, 25476601, -4145903, -3764513, -15788984, - -18008582, 1182479, -26094821, -13079595}, - {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192, - -21876275, -13982627, 32208683, -1198248}, + { 27338066, -7507420, -7414224, 10140405, -19026427, -6589889, + 27277191, 8855376, 28572286, 3005164 }, + { 26287124, 4821776, 25476601, -4145903, -3764513, -15788984, + -18008582, 1182479, -26094821, -13079595 }, + { -7171154, 3178080, 23970071, 6201893, -17195577, -4489192, + -21876275, -13982627, 32208683, -1198248 }, }, { - {-16657702, 2817643, -10286362, 14811298, 6024667, 13349505, - -27315504, -10497842, -27672585, -11539858}, - {15941029, -9405932, -21367050, 8062055, 31876073, -238629, - -15278393, -1444429, 15397331, -4130193}, - {8934485, -13485467, -23286397, -13423241, -32446090, 14047986, - 31170398, -1441021, -27505566, 15087184}, + { -16657702, 2817643, -10286362, 14811298, 6024667, 13349505, + -27315504, -10497842, -27672585, -11539858 }, + { 15941029, -9405932, -21367050, 8062055, 31876073, -238629, + -15278393, -1444429, 15397331, -4130193 }, + { 8934485, -13485467, -23286397, -13423241, -32446090, 14047986, + 31170398, -1441021, -27505566, 15087184 }, }, { - {-18357243, -2156491, 24524913, -16677868, 15520427, -6360776, - -15502406, 11461896, 16788528, -5868942}, - {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433, - -3770287, -10323320, 31322514, -11615635}, - {21426655, -5650218, -13648287, -5347537, -28812189, -4920970, - -18275391, -14621414, 13040862, -12112948}, + { -18357243, -2156491, 24524913, -16677868, 15520427, -6360776, + -15502406, 11461896, 16788528, -5868942 }, + { -1947386, 16013773, 21750665, 3714552, -17401782, -16055433, + -3770287, -10323320, 31322514, -11615635 }, + { 21426655, -5650218, -13648287, -5347537, -28812189, -4920970, + -18275391, -14621414, 13040862, -12112948 }, }, { - {11293895, 12478086, -27136401, 15083750, -29307421, 14748872, - 14555558, -13417103, 1613711, 4896935}, - {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460, - 2825960, -4897045, -23971776, -11267415}, - {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618, - 20615400, 12405433, -23753030, -8436416}, + { 11293895, 12478086, -27136401, 15083750, -29307421, 14748872, + 14555558, -13417103, 1613711, 4896935 }, + { -25894883, 15323294, -8489791, -8057900, 25967126, -13425460, + 2825960, -4897045, -23971776, -11267415 }, + { -15924766, -5229880, -17443532, 6410664, 3622847, 10243618, + 20615400, 12405433, -23753030, -8436416 }, }, { - {-7091295, 12556208, -20191352, 9025187, -17072479, 4333801, - 4378436, 2432030, 23097949, -566018}, - {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264, - 10103221, -18512313, 2424778}, - {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678, - 1344109, -3642553, 12412659}, + { -7091295, 12556208, -20191352, 9025187, -17072479, 4333801, + 4378436, 2432030, 23097949, -566018 }, + { 4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264, + 10103221, -18512313, 2424778 }, + { 366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678, + 1344109, -3642553, 12412659 }, }, { - {-24001791, 7690286, 14929416, -168257, -32210835, -13412986, - 24162697, -15326504, -3141501, 11179385}, - {18289522, -14724954, 8056945, 16430056, -21729724, 7842514, - -6001441, -1486897, -18684645, -11443503}, - {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959, - 13403813, 11052904, 5219329}, + { -24001791, 7690286, 14929416, -168257, -32210835, -13412986, + 24162697, -15326504, -3141501, 11179385 }, + { 18289522, -14724954, 8056945, 16430056, -21729724, 7842514, + -6001441, -1486897, -18684645, -11443503 }, + { 476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959, + 13403813, 11052904, 5219329 }, }, }, { { - {20678546, -8375738, -32671898, 8849123, -5009758, 14574752, - 31186971, -3973730, 9014762, -8579056}, - {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600, - -33102500, 9160280, 8473550, -3256838}, - {24900749, 14435722, 17209120, -15292541, -22592275, 9878983, - -7689309, -16335821, -24568481, 11788948}, + { 20678546, -8375738, -32671898, 8849123, -5009758, 14574752, + 31186971, -3973730, 9014762, -8579056 }, + { -13644050, -10350239, -15962508, 5075808, -1514661, -11534600, + -33102500, 9160280, 8473550, -3256838 }, + { 24900749, 14435722, 17209120, -15292541, -22592275, 9878983, + -7689309, -16335821, -24568481, 11788948 }, }, { - {-3118155, -11395194, -13802089, 14797441, 9652448, -6845904, - -20037437, 10410733, -24568470, -1458691}, - {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911, - 11871841, -12505194, -18513325, 8464118}, - {-23400612, 8348507, -14585951, -861714, -3950205, -6373419, - 14325289, 8628612, 33313881, -8370517}, + { -3118155, -11395194, -13802089, 14797441, 9652448, -6845904, + -20037437, 10410733, -24568470, -1458691 }, + { -15659161, 16736706, -22467150, 10215878, -9097177, 7563911, + 11871841, -12505194, -18513325, 8464118 }, + { -23400612, 8348507, -14585951, -861714, -3950205, -6373419, + 14325289, 8628612, 33313881, -8370517 }, }, { - {-20186973, -4967935, 22367356, 5271547, -1097117, -4788838, - -24805667, -10236854, -8940735, -5818269}, - {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245, - 15989197, -12838188, 28358192, -4253904}, - {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267, - -16637684, 4072016, -5351664, 5596589}, + { -20186973, -4967935, 22367356, 5271547, -1097117, -4788838, + -24805667, -10236854, -8940735, -5818269 }, + { -6948785, -1795212, -32625683, -16021179, 32635414, -7374245, + 15989197, -12838188, 28358192, -4253904 }, + { -23561781, -2799059, -32351682, -1661963, -9147719, 10429267, + -16637684, 4072016, -5351664, 5596589 }, }, { - {-28236598, -3390048, 12312896, 6213178, 3117142, 16078565, - 29266239, 2557221, 1768301, 15373193}, - {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902, - -4504991, -24660491, 3442910}, - {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093, - 22597931, 7176455, -18585478, 13365930}, + { -28236598, -3390048, 12312896, 6213178, 3117142, 16078565, + 29266239, 2557221, 1768301, 15373193 }, + { -7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902, + -4504991, -24660491, 3442910 }, + { -30210571, 5124043, 14181784, 8197961, 18964734, -11939093, + 22597931, 7176455, -18585478, 13365930 }, }, { - {-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107, - -8570186, -9689599, -3031667}, - {25008904, -10771599, -4305031, -9638010, 16265036, 15721635, - 683793, -11823784, 15723479, -15163481}, - {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514, - 11879682, 5400171, 519526, -1235876}, + { -7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107, + -8570186, -9689599, -3031667 }, + { 25008904, -10771599, -4305031, -9638010, 16265036, 15721635, + 683793, -11823784, 15723479, -15163481 }, + { -9660625, 12374379, -27006999, -7026148, -7724114, -12314514, + 11879682, 5400171, 519526, -1235876 }, }, { - {22258397, -16332233, -7869817, 14613016, -22520255, -2950923, - -20353881, 7315967, 16648397, 7605640}, - {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212, - 23994942, -5281555, -9468848, 4763278}, - {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390, - 31088447, -7764523, -11356529, 728112}, + { 22258397, -16332233, -7869817, 14613016, -22520255, -2950923, + -20353881, 7315967, 16648397, 7605640 }, + { -8081308, -8464597, -8223311, 9719710, 19259459, -15348212, + 23994942, -5281555, -9468848, 4763278 }, + { -21699244, 9220969, -15730624, 1084137, -25476107, -2852390, + 31088447, -7764523, -11356529, 728112 }, }, { - {26047220, -11751471, -6900323, -16521798, 24092068, 9158119, - -4273545, -12555558, -29365436, -5498272}, - {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007, - 12327945, 10750447, 10014012}, - {-10312768, 3936952, 9156313, -8897683, 16498692, -994647, - -27481051, -666732, 3424691, 7540221}, + { 26047220, -11751471, -6900323, -16521798, 24092068, 9158119, + -4273545, -12555558, -29365436, -5498272 }, + { 17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007, + 12327945, 10750447, 10014012 }, + { -10312768, 3936952, 9156313, -8897683, 16498692, -994647, + -27481051, -666732, 3424691, 7540221 }, }, { - {30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422, - -16317219, -9244265, 15258046}, - {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406, - 2711395, 1062915, -5136345}, - {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411, - -6066489, 12194497, 32960380, 1459310}, + { 30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422, + -16317219, -9244265, 15258046 }, + { 13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406, + 2711395, 1062915, -5136345 }, + { -19240248, -11254599, -29509029, -7499965, -5835763, 13005411, + -6066489, 12194497, 32960380, 1459310 }, }, }, { { - {19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197, - -6101885, 18638003, -11174937}, - {31395534, 15098109, 26581030, 8030562, -16527914, -5007134, - 9012486, -7584354, -6643087, -5442636}, - {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222, - 9677543, -32294889, -6456008}, + { 19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197, + -6101885, 18638003, -11174937 }, + { 31395534, 15098109, 26581030, 8030562, -16527914, -5007134, + 9012486, -7584354, -6643087, -5442636 }, + { -9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222, + 9677543, -32294889, -6456008 }, }, { - {-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579, - -7839692, -7852844, -8138429}, - {-15236356, -15433509, 7766470, 746860, 26346930, -10221762, - -27333451, 10754588, -9431476, 5203576}, - {31834314, 14135496, -770007, 5159118, 20917671, -16768096, - -7467973, -7337524, 31809243, 7347066}, + { -2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579, + -7839692, -7852844, -8138429 }, + { -15236356, -15433509, 7766470, 746860, 26346930, -10221762, + -27333451, 10754588, -9431476, 5203576 }, + { 31834314, 14135496, -770007, 5159118, 20917671, -16768096, + -7467973, -7337524, 31809243, 7347066 }, }, { - {-9606723, -11874240, 20414459, 13033986, 13716524, -11691881, - 19797970, -12211255, 15192876, -2087490}, - {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091, - 10609330, 12694420, 33473243, -13382104}, - {33184999, 11180355, 15832085, -11385430, -1633671, 225884, - 15089336, -11023903, -6135662, 14480053}, + { -9606723, -11874240, 20414459, 13033986, 13716524, -11691881, + 19797970, -12211255, 15192876, -2087490 }, + { -12663563, -2181719, 1168162, -3804809, 26747877, -14138091, + 10609330, 12694420, 33473243, -13382104 }, + { 33184999, 11180355, 15832085, -11385430, -1633671, 225884, + 15089336, -11023903, -6135662, 14480053 }, }, { - {31308717, -5619998, 31030840, -1897099, 15674547, -6582883, - 5496208, 13685227, 27595050, 8737275}, - {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022, - -31008351, -12610604, 26498114, 66511}, - {22644454, -8761729, -16671776, 4884562, -3105614, -13559366, - 30540766, -4286747, -13327787, -7515095}, + { 31308717, -5619998, 31030840, -1897099, 15674547, -6582883, + 5496208, 13685227, 27595050, 8737275 }, + { -20318852, -15150239, 10933843, -16178022, 8335352, -7546022, + -31008351, -12610604, 26498114, 66511 }, + { 22644454, -8761729, -16671776, 4884562, -3105614, -13559366, + 30540766, -4286747, -13327787, -7515095 }, }, { - {-28017847, 9834845, 18617207, -2681312, -3401956, -13307506, - 8205540, 13585437, -17127465, 15115439}, - {23711543, -672915, 31206561, -8362711, 6164647, -9709987, - -33535882, -1426096, 8236921, 16492939}, - {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270, - 19574902, 10071562, 6708380, -6222424}, + { -28017847, 9834845, 18617207, -2681312, -3401956, -13307506, + 8205540, 13585437, -17127465, 15115439 }, + { 23711543, -672915, 31206561, -8362711, 6164647, -9709987, + -33535882, -1426096, 8236921, 16492939 }, + { -23910559, -13515526, -26299483, -4503841, 25005590, -7687270, + 19574902, 10071562, 6708380, -6222424 }, }, { - {2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017, - 9328700, 29955601, -11678310}, - {3096359, 9271816, -21620864, -15521844, -14847996, -7592937, - -25892142, -12635595, -9917575, 6216608}, - {-32615849, 338663, -25195611, 2510422, -29213566, -13820213, - 24822830, -6146567, -26767480, 7525079}, + { 2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017, + 9328700, 29955601, -11678310 }, + { 3096359, 9271816, -21620864, -15521844, -14847996, -7592937, + -25892142, -12635595, -9917575, 6216608 }, + { -32615849, 338663, -25195611, 2510422, -29213566, -13820213, + 24822830, -6146567, -26767480, 7525079 }, }, { - {-23066649, -13985623, 16133487, -7896178, -3389565, 778788, - -910336, -2782495, -19386633, 11994101}, - {21691500, -13624626, -641331, -14367021, 3285881, -3483596, - -25064666, 9718258, -7477437, 13381418}, - {18445390, -4202236, 14979846, 11622458, -1727110, -3582980, - 23111648, -6375247, 28535282, 15779576}, + { -23066649, -13985623, 16133487, -7896178, -3389565, 778788, + -910336, -2782495, -19386633, 11994101 }, + { 21691500, -13624626, -641331, -14367021, 3285881, -3483596, + -25064666, 9718258, -7477437, 13381418 }, + { 18445390, -4202236, 14979846, 11622458, -1727110, -3582980, + 23111648, -6375247, 28535282, 15779576 }, }, { - {30098053, 3089662, -9234387, 16662135, -21306940, 11308411, - -14068454, 12021730, 9955285, -16303356}, - {9734894, -14576830, -7473633, -9138735, 2060392, 11313496, - -18426029, 9924399, 20194861, 13380996}, - {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792, - -1984914, 15707771, 26342023, 10146099}, + { 30098053, 3089662, -9234387, 16662135, -21306940, 11308411, + -14068454, 12021730, 9955285, -16303356 }, + { 9734894, -14576830, -7473633, -9138735, 2060392, 11313496, + -18426029, 9924399, 20194861, 13380996 }, + { -26378102, -7965207, -22167821, 15789297, -18055342, -6168792, + -1984914, 15707771, 26342023, 10146099 }, }, }, { { - {-26016874, -219943, 21339191, -41388, 19745256, -2878700, - -29637280, 2227040, 21612326, -545728}, - {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714, - 25764461, 12243797, -20856566, 11649658}, - {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944, - 6114064, 33514190, 2333242}, + { -26016874, -219943, 21339191, -41388, 19745256, -2878700, + -29637280, 2227040, 21612326, -545728 }, + { -13077387, 1184228, 23562814, -5970442, -20351244, -6348714, + 25764461, 12243797, -20856566, 11649658 }, + { -10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944, + 6114064, 33514190, 2333242 }, }, { - {-21433588, -12421821, 8119782, 7219913, -21830522, -9016134, - -6679750, -12670638, 24350578, -13450001}, - {-4116307, -11271533, -23886186, 4843615, -30088339, 690623, - -31536088, -10406836, 8317860, 12352766}, - {18200138, -14475911, -33087759, -2696619, -23702521, -9102511, - -23552096, -2287550, 20712163, 6719373}, + { -21433588, -12421821, 8119782, 7219913, -21830522, -9016134, + -6679750, -12670638, 24350578, -13450001 }, + { -4116307, -11271533, -23886186, 4843615, -30088339, 690623, + -31536088, -10406836, 8317860, 12352766 }, + { 18200138, -14475911, -33087759, -2696619, -23702521, -9102511, + -23552096, -2287550, 20712163, 6719373 }, }, { - {26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530, - -3763210, 26224235, -3297458}, - {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420, - 21728352, 9493610, 18620611, -16428628}, - {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965, - -5269471, -9725556, -30701573, -16479657}, + { 26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530, + -3763210, 26224235, -3297458 }, + { -17168938, -14854097, -3395676, -16369877, -19954045, 14050420, + 21728352, 9493610, 18620611, -16428628 }, + { -13323321, 13325349, 11432106, 5964811, 18609221, 6062965, + -5269471, -9725556, -30701573, -16479657 }, }, { - {-23860538, -11233159, 26961357, 1640861, -32413112, -16737940, - 12248509, -5240639, 13735342, 1934062}, - {25089769, 6742589, 17081145, -13406266, 21909293, -16067981, - -15136294, -3765346, -21277997, 5473616}, - {31883677, -7961101, 1083432, -11572403, 22828471, 13290673, - -7125085, 12469656, 29111212, -5451014}, + { -23860538, -11233159, 26961357, 1640861, -32413112, -16737940, + 12248509, -5240639, 13735342, 1934062 }, + { 25089769, 6742589, 17081145, -13406266, 21909293, -16067981, + -15136294, -3765346, -21277997, 5473616 }, + { 31883677, -7961101, 1083432, -11572403, 22828471, 13290673, + -7125085, 12469656, 29111212, -5451014 }, }, { - {24244947, -15050407, -26262976, 2791540, -14997599, 16666678, - 24367466, 6388839, -10295587, 452383}, - {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269, - -24236251, -5915248, 15766062, 8407814}, - {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495, - -8917023, -4388953, -8067909, 2276718}, + { 24244947, -15050407, -26262976, 2791540, -14997599, 16666678, + 24367466, 6388839, -10295587, 452383 }, + { -25640782, -3417841, 5217916, 16224624, 19987036, -4082269, + -24236251, -5915248, 15766062, 8407814 }, + { -20406999, 13990231, 15495425, 16395525, 5377168, 15166495, + -8917023, -4388953, -8067909, 2276718 }, }, { - {30157918, 12924066, -17712050, 9245753, 19895028, 3368142, - -23827587, 5096219, 22740376, -7303417}, - {2041139, -14256350, 7783687, 13876377, -25946985, -13352459, - 24051124, 13742383, -15637599, 13295222}, - {33338237, -8505733, 12532113, 7977527, 9106186, -1715251, - -17720195, -4612972, -4451357, -14669444}, + { 30157918, 12924066, -17712050, 9245753, 19895028, 3368142, + -23827587, 5096219, 22740376, -7303417 }, + { 2041139, -14256350, 7783687, 13876377, -25946985, -13352459, + 24051124, 13742383, -15637599, 13295222 }, + { 33338237, -8505733, 12532113, 7977527, 9106186, -1715251, + -17720195, -4612972, -4451357, -14669444 }, }, { - {-20045281, 5454097, -14346548, 6447146, 28862071, 1883651, - -2469266, -4141880, 7770569, 9620597}, - {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528, - -1694323, -33502340, -14767970}, - {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801, - 1220118, 30494170, -11440799}, + { -20045281, 5454097, -14346548, 6447146, 28862071, 1883651, + -2469266, -4141880, 7770569, 9620597 }, + { 23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528, + -1694323, -33502340, -14767970 }, + { 1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801, + 1220118, 30494170, -11440799 }, }, { - {-5037580, -13028295, -2970559, -3061767, 15640974, -6701666, - -26739026, 926050, -1684339, -13333647}, - {13908495, -3549272, 30919928, -6273825, -21521863, 7989039, - 9021034, 9078865, 3353509, 4033511}, - {-29663431, -15113610, 32259991, -344482, 24295849, -12912123, - 23161163, 8839127, 27485041, 7356032}, + { -5037580, -13028295, -2970559, -3061767, 15640974, -6701666, + -26739026, 926050, -1684339, -13333647 }, + { 13908495, -3549272, 30919928, -6273825, -21521863, 7989039, + 9021034, 9078865, 3353509, 4033511 }, + { -29663431, -15113610, 32259991, -344482, 24295849, -12912123, + 23161163, 8839127, 27485041, 7356032 }, }, }, { { - {9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142, - 2625015, 28431036, -16771834}, - {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183, - -22545972, 14150565, 15970762, 4099461}, - {29262576, 16756590, 26350592, -8793563, 8529671, -11208050, - 13617293, -9937143, 11465739, 8317062}, + { 9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142, + 2625015, 28431036, -16771834 }, + { -23839233, -8311415, -25945511, 7480958, -17681669, -8354183, + -22545972, 14150565, 15970762, 4099461 }, + { 29262576, 16756590, 26350592, -8793563, 8529671, -11208050, + 13617293, -9937143, 11465739, 8317062 }, }, { - {-25493081, -6962928, 32500200, -9419051, -23038724, -2302222, - 14898637, 3848455, 20969334, -5157516}, - {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114, - -21610826, -3649888, 11177095, 14989547}, - {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771, - 13515641, 2581286, -28487508, 9930240}, + { -25493081, -6962928, 32500200, -9419051, -23038724, -2302222, + 14898637, 3848455, 20969334, -5157516 }, + { -20384450, -14347713, -18336405, 13884722, -33039454, 2842114, + -21610826, -3649888, 11177095, 14989547 }, + { -24496721, -11716016, 16959896, 2278463, 12066309, 10137771, + 13515641, 2581286, -28487508, 9930240 }, }, { - {-17751622, -2097826, 16544300, -13009300, -15914807, -14949081, - 18345767, -13403753, 16291481, -5314038}, - {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774, - 6957617, 4368891, 9788741}, - {16660756, 7281060, -10830758, 12911820, 20108584, -8101676, - -21722536, -8613148, 16250552, -11111103}, + { -17751622, -2097826, 16544300, -13009300, -15914807, -14949081, + 18345767, -13403753, 16291481, -5314038 }, + { -33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774, + 6957617, 4368891, 9788741 }, + { 16660756, 7281060, -10830758, 12911820, 20108584, -8101676, + -21722536, -8613148, 16250552, -11111103 }, }, { - {-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584, - 10604807, -30190403, 4782747}, - {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590, - -9981571, 4383045, 22546403, 437323}, - {31665577, -12180464, -16186830, 1491339, -18368625, 3294682, - 27343084, 2786261, -30633590, -14097016}, + { -19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584, + 10604807, -30190403, 4782747 }, + { -1354539, 14736941, -7367442, -13292886, 7710542, -14155590, + -9981571, 4383045, 22546403, 437323 }, + { 31665577, -12180464, -16186830, 1491339, -18368625, 3294682, + 27343084, 2786261, -30633590, -14097016 }, }, { - {-14467279, -683715, -33374107, 7448552, 19294360, 14334329, - -19690631, 2355319, -19284671, -6114373}, - {15121312, -15796162, 6377020, -6031361, -10798111, -12957845, - 18952177, 15496498, -29380133, 11754228}, - {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493, - 7141596, 11724556, 22761615, -10134141}, + { -14467279, -683715, -33374107, 7448552, 19294360, 14334329, + -19690631, 2355319, -19284671, -6114373 }, + { 15121312, -15796162, 6377020, -6031361, -10798111, -12957845, + 18952177, 15496498, -29380133, 11754228 }, + { -2637277, -13483075, 8488727, -14303896, 12728761, -1622493, + 7141596, 11724556, 22761615, -10134141 }, }, { - {16918416, 11729663, -18083579, 3022987, -31015732, -13339659, - -28741185, -12227393, 32851222, 11717399}, - {11166634, 7338049, -6722523, 4531520, -29468672, -7302055, - 31474879, 3483633, -1193175, -4030831}, - {-185635, 9921305, 31456609, -13536438, -12013818, 13348923, - 33142652, 6546660, -19985279, -3948376}, + { 16918416, 11729663, -18083579, 3022987, -31015732, -13339659, + -28741185, -12227393, 32851222, 11717399 }, + { 11166634, 7338049, -6722523, 4531520, -29468672, -7302055, + 31474879, 3483633, -1193175, -4030831 }, + { -185635, 9921305, 31456609, -13536438, -12013818, 13348923, + 33142652, 6546660, -19985279, -3948376 }, }, { - {-32460596, 11266712, -11197107, -7899103, 31703694, 3855903, - -8537131, -12833048, -30772034, -15486313}, - {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425, - -31135347, -16049879, 10928917, 3011958}, - {-6957757, -15594337, 31696059, 334240, 29576716, 14796075, - -30831056, -12805180, 18008031, 10258577}, + { -32460596, 11266712, -11197107, -7899103, 31703694, 3855903, + -8537131, -12833048, -30772034, -15486313 }, + { -18006477, 12709068, 3991746, -6479188, -21491523, -10550425, + -31135347, -16049879, 10928917, 3011958 }, + { -6957757, -15594337, 31696059, 334240, 29576716, 14796075, + -30831056, -12805180, 18008031, 10258577 }, }, { - {-22448644, 15655569, 7018479, -4410003, -30314266, -1201591, - -1853465, 1367120, 25127874, 6671743}, - {29701166, -14373934, -10878120, 9279288, -17568, 13127210, - 21382910, 11042292, 25838796, 4642684}, - {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470, - 30468147, -13900640, 18423289, 4177476}, + { -22448644, 15655569, 7018479, -4410003, -30314266, -1201591, + -1853465, 1367120, 25127874, 6671743 }, + { 29701166, -14373934, -10878120, 9279288, -17568, 13127210, + 21382910, 11042292, 25838796, 4642684 }, + { -20430234, 14955537, -24126347, 8124619, -5369288, -5990470, + 30468147, -13900640, 18423289, 4177476 }, }, }, }; @@ -4297,7 +4429,7 @@ { size_t i; - b = 0-b; + b = 0 - b; for (i = 0; i < 10; i++) { int32_t x = f[i] ^ g[i]; x &= b; @@ -4329,16 +4461,16 @@ int32_t f7 = f[7]; int32_t f8 = f[8]; int32_t f9 = f[9]; - int64_t h0 = f0 * (int64_t) 121666; - int64_t h1 = f1 * (int64_t) 121666; - int64_t h2 = f2 * (int64_t) 121666; - int64_t h3 = f3 * (int64_t) 121666; - int64_t h4 = f4 * (int64_t) 121666; - int64_t h5 = f5 * (int64_t) 121666; - int64_t h6 = f6 * (int64_t) 121666; - int64_t h7 = f7 * (int64_t) 121666; - int64_t h8 = f8 * (int64_t) 121666; - int64_t h9 = f9 * (int64_t) 121666; + int64_t h0 = f0 * (int64_t)121666; + int64_t h1 = f1 * (int64_t)121666; + int64_t h2 = f2 * (int64_t)121666; + int64_t h3 = f3 * (int64_t)121666; + int64_t h4 = f4 * (int64_t)121666; + int64_t h5 = f5 * (int64_t)121666; + int64_t h6 = f6 * (int64_t)121666; + int64_t h7 = f7 * (int64_t)121666; + int64_t h8 = f8 * (int64_t)121666; + int64_t h9 = f9 * (int64_t)121666; int64_t carry0; int64_t carry1; int64_t carry2; @@ -4350,17 +4482,37 @@ int64_t carry8; int64_t carry9; - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + carry9 = h9 + (1 << 24); + h0 += (carry9 >> 25) * 19; + h9 -= carry9 & kTop39Bits; + carry1 = h1 + (1 << 24); + h2 += carry1 >> 25; + h1 -= carry1 & kTop39Bits; + carry3 = h3 + (1 << 24); + h4 += carry3 >> 25; + h3 -= carry3 & kTop39Bits; + carry5 = h5 + (1 << 24); + h6 += carry5 >> 25; + h5 -= carry5 & kTop39Bits; + carry7 = h7 + (1 << 24); + h8 += carry7 >> 25; + h7 -= carry7 & kTop39Bits; + + carry0 = h0 + (1 << 25); + h1 += carry0 >> 26; + h0 -= carry0 & kTop38Bits; + carry2 = h2 + (1 << 25); + h3 += carry2 >> 26; + h2 -= carry2 & kTop38Bits; + carry4 = h4 + (1 << 25); + h5 += carry4 >> 26; + h4 -= carry4 & kTop38Bits; + carry6 = h6 + (1 << 25); + h7 += carry6 >> 26; + h6 -= carry6 & kTop38Bits; + carry8 = h8 + (1 << 25); + h9 += carry8 >> 26; + h8 -= carry8 & kTop38Bits; h[0] = (int32_t)h0; h[1] = (int32_t)h1; @@ -4375,8 +4527,9 @@ } static void x25519_scalar_mult_generic(uint8_t out[32], - const uint8_t scalar[32], - const uint8_t point[32]) { + const uint8_t scalar[32], + const uint8_t point[32]) +{ fe x1, x2, z2, x3, z3, tmp0, tmp1; uint8_t e[32]; unsigned swap = 0; @@ -4426,7 +4579,8 @@ } static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], - const uint8_t point[32]) { + const uint8_t point[32]) +{ x25519_scalar_mult_generic(out, scalar, point); } #endif @@ -4468,68 +4622,68 @@ static const ge_precomp Bi[8] = { { - {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, - -11754271, -6079156, 2047605}, - {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, - 5043384, 19500929, -15469378}, - {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, - 11864899, -24514362, -4438546}, + { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, + -11754271, -6079156, 2047605 }, + { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, + 5043384, 19500929, -15469378 }, + { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, + 11864899, -24514362, -4438546 }, }, { - {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, - -14772189, 28944400, -1550024}, - {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, - -11775962, 7689662, 11199574}, - {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, - 10017326, -17749093, -9920357}, + { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, + -14772189, 28944400, -1550024 }, + { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, + -11775962, 7689662, 11199574 }, + { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, + 10017326, -17749093, -9920357 }, }, { - {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, - 14515107, -15438304, 10819380}, - {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, - 12483688, -12668491, 5581306}, - {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, - 13850243, -23678021, -15815942}, + { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, + 14515107, -15438304, 10819380 }, + { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, + 12483688, -12668491, 5581306 }, + { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, + 13850243, -23678021, -15815942 }, }, { - {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, - 5230134, -23952439, -15175766}, - {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, - 16520125, 30598449, 7715701}, - {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, - 1370708, 29794553, -1409300}, + { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, + 5230134, -23952439, -15175766 }, + { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, + 16520125, 30598449, 7715701 }, + { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, + 1370708, 29794553, -1409300 }, }, { - {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, - -1361450, -13062696, 13821877}, - {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, - -7212327, 18853322, -14220951}, - {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, - -10431137, 2207753, -3209784}, + { -22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, + -1361450, -13062696, 13821877 }, + { -6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, + -7212327, 18853322, -14220951 }, + { 4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, + -10431137, 2207753, -3209784 }, }, { - {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, - -663000, -31111463, -16132436}, - {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, - 15725684, 171356, 6466918}, - {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, - -14088058, -30714912, 16193877}, + { -25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, + -663000, -31111463, -16132436 }, + { 25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, + 15725684, 171356, 6466918 }, + { 23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, + -14088058, -30714912, 16193877 }, }, { - {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, - 4729455, -18074513, 9256800}, - {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, - 9761698, -19827198, 630305}, - {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, - -15960994, -2449256, -14291300}, + { -33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, + 4729455, -18074513, 9256800 }, + { -25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, + 9761698, -19827198, 630305 }, + { -13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, + -15960994, -2449256, -14291300 }, }, { - {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, - 15033784, 25105118, -7894876}, - {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925, - 1573892, -2625887, 2198790, -15804619}, - {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, - -16236442, -32461234, -12290683}, + { -3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, + 15033784, 25105118, -7894876 }, + { -24326370, 15950226, -31801215, -14592823, -11662737, -5090925, + 1573892, -2625887, 2198790, -15804619 }, + { -3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, + -16236442, -32461234, -12290683 }, }, }; @@ -4541,7 +4695,7 @@ * B is the Ed25519 base point (x,4/5) with x positive. */ static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, - const ge_p3 *A, const uint8_t *b) + const ge_p3 *A, const uint8_t *b) { signed char aslide[256]; signed char bslide[256]; @@ -4621,33 +4775,33 @@ * s[0]+256*s[1]+...+256^31*s[31] = s mod l * where l = 2^252 + 27742317777372353535851937790883648493. * Overwrites s in place. -*/ + */ static void x25519_sc_reduce(uint8_t *s) { - int64_t s0 = kBottom21Bits & load_3(s); - int64_t s1 = kBottom21Bits & (load_4(s + 2) >> 5); - int64_t s2 = kBottom21Bits & (load_3(s + 5) >> 2); - int64_t s3 = kBottom21Bits & (load_4(s + 7) >> 7); - int64_t s4 = kBottom21Bits & (load_4(s + 10) >> 4); - int64_t s5 = kBottom21Bits & (load_3(s + 13) >> 1); - int64_t s6 = kBottom21Bits & (load_4(s + 15) >> 6); - int64_t s7 = kBottom21Bits & (load_3(s + 18) >> 3); - int64_t s8 = kBottom21Bits & load_3(s + 21); - int64_t s9 = kBottom21Bits & (load_4(s + 23) >> 5); + int64_t s0 = kBottom21Bits & load_3(s); + int64_t s1 = kBottom21Bits & (load_4(s + 2) >> 5); + int64_t s2 = kBottom21Bits & (load_3(s + 5) >> 2); + int64_t s3 = kBottom21Bits & (load_4(s + 7) >> 7); + int64_t s4 = kBottom21Bits & (load_4(s + 10) >> 4); + int64_t s5 = kBottom21Bits & (load_3(s + 13) >> 1); + int64_t s6 = kBottom21Bits & (load_4(s + 15) >> 6); + int64_t s7 = kBottom21Bits & (load_3(s + 18) >> 3); + int64_t s8 = kBottom21Bits & load_3(s + 21); + int64_t s9 = kBottom21Bits & (load_4(s + 23) >> 5); int64_t s10 = kBottom21Bits & (load_3(s + 26) >> 2); int64_t s11 = kBottom21Bits & (load_4(s + 28) >> 7); int64_t s12 = kBottom21Bits & (load_4(s + 31) >> 4); int64_t s13 = kBottom21Bits & (load_3(s + 34) >> 1); int64_t s14 = kBottom21Bits & (load_4(s + 36) >> 6); int64_t s15 = kBottom21Bits & (load_3(s + 39) >> 3); - int64_t s16 = kBottom21Bits & load_3(s + 42); + int64_t s16 = kBottom21Bits & load_3(s + 42); int64_t s17 = kBottom21Bits & (load_4(s + 44) >> 5); int64_t s18 = kBottom21Bits & (load_3(s + 47) >> 2); int64_t s19 = kBottom21Bits & (load_4(s + 49) >> 7); int64_t s20 = kBottom21Bits & (load_4(s + 52) >> 4); int64_t s21 = kBottom21Bits & (load_3(s + 55) >> 1); int64_t s22 = kBottom21Bits & (load_4(s + 57) >> 6); - int64_t s23 = (load_4(s + 60) >> 3); + int64_t s23 = (load_4(s + 60) >> 3); int64_t carry0; int64_t carry1; int64_t carry2; @@ -4672,7 +4826,7 @@ s14 -= s23 * 997805; s15 += s23 * 136657; s16 -= s23 * 683901; - s23 = 0; + s23 = 0; s10 += s22 * 666643; s11 += s22 * 470296; @@ -4680,46 +4834,46 @@ s13 -= s22 * 997805; s14 += s22 * 136657; s15 -= s22 * 683901; - s22 = 0; + s22 = 0; - s9 += s21 * 666643; + s9 += s21 * 666643; s10 += s21 * 470296; s11 += s21 * 654183; s12 -= s21 * 997805; s13 += s21 * 136657; s14 -= s21 * 683901; - s21 = 0; + s21 = 0; - s8 += s20 * 666643; - s9 += s20 * 470296; + s8 += s20 * 666643; + s9 += s20 * 470296; s10 += s20 * 654183; s11 -= s20 * 997805; s12 += s20 * 136657; s13 -= s20 * 683901; - s20 = 0; + s20 = 0; - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; s10 -= s19 * 997805; s11 += s19 * 136657; s12 -= s19 * 683901; - s19 = 0; + s19 = 0; - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; s10 += s18 * 136657; s11 -= s18 * 683901; - s18 = 0; + s18 = 0; carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); + s7 += carry6; + s6 -= carry6 * (1 << 21); carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); @@ -4734,11 +4888,11 @@ s16 -= carry16 * (1 << 21); carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 * (1 << 21); @@ -4749,130 +4903,130 @@ s16 += carry15; s15 -= carry15 * (1 << 21); - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; s10 -= s17 * 683901; - s17 = 0; - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - s16 = 0; - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - s15 = 0; - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - s14 = 0; - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - s13 = 0; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); + s1 += carry0; + s0 -= carry0 * (1 << 21); carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); + s3 += carry2; + s2 -= carry2 * (1 << 21); carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); + s5 += carry4; + s4 -= carry4 * (1 << 21); carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; s6 -= carry6 * (1 << 21); carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); + s2 += carry1; + s1 -= carry1 * (1 << 21); carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); + s4 += carry3; + s3 -= carry3 * (1 << 21); carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); + s6 += carry5; + s5 -= carry5 * (1 << 21); carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 * (1 << 21); - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); + s1 += carry0; + s0 -= carry0 * (1 << 21); carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); + s2 += carry1; + s1 -= carry1 * (1 << 21); carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); + s3 += carry2; + s2 -= carry2 * (1 << 21); carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); + s4 += carry3; + s3 -= carry3 * (1 << 21); carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); + s5 += carry4; + s4 -= carry4 * (1 << 21); carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); + s6 += carry5; + s5 -= carry5 * (1 << 21); carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); + s7 += carry6; + s6 -= carry6 * (1 << 21); carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); @@ -4880,80 +5034,80 @@ s12 += carry11; s11 -= carry11 * (1 << 21); - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); + s1 += carry0; + s0 -= carry0 * (1 << 21); carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); + s2 += carry1; + s1 -= carry1 * (1 << 21); carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); + s3 += carry2; + s2 -= carry2 * (1 << 21); carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); + s4 += carry3; + s3 -= carry3 * (1 << 21); carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); + s5 += carry4; + s4 -= carry4 * (1 << 21); carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); + s6 += carry5; + s5 -= carry5 * (1 << 21); carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); + s7 += carry6; + s6 -= carry6 * (1 << 21); carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); - s[ 0] = (uint8_t) (s0 >> 0); - s[ 1] = (uint8_t) (s0 >> 8); - s[ 2] = (uint8_t)((s0 >> 16) | (s1 << 5)); - s[ 3] = (uint8_t) (s1 >> 3); - s[ 4] = (uint8_t) (s1 >> 11); - s[ 5] = (uint8_t)((s1 >> 19) | (s2 << 2)); - s[ 6] = (uint8_t) (s2 >> 6); - s[ 7] = (uint8_t)((s2 >> 14) | (s3 << 7)); - s[ 8] = (uint8_t) (s3 >> 1); - s[ 9] = (uint8_t) (s3 >> 9); - s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); - s[11] = (uint8_t) (s4 >> 4); - s[12] = (uint8_t) (s4 >> 12); - s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); - s[14] = (uint8_t) (s5 >> 7); - s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); - s[16] = (uint8_t) (s6 >> 2); - s[17] = (uint8_t) (s6 >> 10); - s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); - s[19] = (uint8_t) (s7 >> 5); - s[20] = (uint8_t) (s7 >> 13); - s[21] = (uint8_t) (s8 >> 0); - s[22] = (uint8_t) (s8 >> 8); - s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); - s[24] = (uint8_t) (s9 >> 3); - s[25] = (uint8_t) (s9 >> 11); - s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); - s[27] = (uint8_t) (s10 >> 6); - s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); - s[29] = (uint8_t) (s11 >> 1); - s[30] = (uint8_t) (s11 >> 9); - s[31] = (uint8_t) (s11 >> 17); + s[0] = (uint8_t)(s0 >> 0); + s[1] = (uint8_t)(s0 >> 8); + s[2] = (uint8_t)((s0 >> 16) | (s1 << 5)); + s[3] = (uint8_t)(s1 >> 3); + s[4] = (uint8_t)(s1 >> 11); + s[5] = (uint8_t)((s1 >> 19) | (s2 << 2)); + s[6] = (uint8_t)(s2 >> 6); + s[7] = (uint8_t)((s2 >> 14) | (s3 << 7)); + s[8] = (uint8_t)(s3 >> 1); + s[9] = (uint8_t)(s3 >> 9); + s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); + s[11] = (uint8_t)(s4 >> 4); + s[12] = (uint8_t)(s4 >> 12); + s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); + s[14] = (uint8_t)(s5 >> 7); + s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); + s[16] = (uint8_t)(s6 >> 2); + s[17] = (uint8_t)(s6 >> 10); + s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); + s[19] = (uint8_t)(s7 >> 5); + s[20] = (uint8_t)(s7 >> 13); + s[21] = (uint8_t)(s8 >> 0); + s[22] = (uint8_t)(s8 >> 8); + s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); + s[24] = (uint8_t)(s9 >> 3); + s[25] = (uint8_t)(s9 >> 11); + s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); + s[27] = (uint8_t)(s10 >> 6); + s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); + s[29] = (uint8_t)(s11 >> 1); + s[30] = (uint8_t)(s11 >> 9); + s[31] = (uint8_t)(s11 >> 17); } /* @@ -4967,44 +5121,44 @@ * where l = 2^252 + 27742317777372353535851937790883648493. */ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, - const uint8_t *c) + const uint8_t *c) { - int64_t a0 = kBottom21Bits & load_3(a); - int64_t a1 = kBottom21Bits & (load_4(a + 2) >> 5); - int64_t a2 = kBottom21Bits & (load_3(a + 5) >> 2); - int64_t a3 = kBottom21Bits & (load_4(a + 7) >> 7); - int64_t a4 = kBottom21Bits & (load_4(a + 10) >> 4); - int64_t a5 = kBottom21Bits & (load_3(a + 13) >> 1); - int64_t a6 = kBottom21Bits & (load_4(a + 15) >> 6); - int64_t a7 = kBottom21Bits & (load_3(a + 18) >> 3); - int64_t a8 = kBottom21Bits & load_3(a + 21); - int64_t a9 = kBottom21Bits & (load_4(a + 23) >> 5); + int64_t a0 = kBottom21Bits & load_3(a); + int64_t a1 = kBottom21Bits & (load_4(a + 2) >> 5); + int64_t a2 = kBottom21Bits & (load_3(a + 5) >> 2); + int64_t a3 = kBottom21Bits & (load_4(a + 7) >> 7); + int64_t a4 = kBottom21Bits & (load_4(a + 10) >> 4); + int64_t a5 = kBottom21Bits & (load_3(a + 13) >> 1); + int64_t a6 = kBottom21Bits & (load_4(a + 15) >> 6); + int64_t a7 = kBottom21Bits & (load_3(a + 18) >> 3); + int64_t a8 = kBottom21Bits & load_3(a + 21); + int64_t a9 = kBottom21Bits & (load_4(a + 23) >> 5); int64_t a10 = kBottom21Bits & (load_3(a + 26) >> 2); - int64_t a11 = (load_4(a + 28) >> 7); - int64_t b0 = kBottom21Bits & load_3(b); - int64_t b1 = kBottom21Bits & (load_4(b + 2) >> 5); - int64_t b2 = kBottom21Bits & (load_3(b + 5) >> 2); - int64_t b3 = kBottom21Bits & (load_4(b + 7) >> 7); - int64_t b4 = kBottom21Bits & (load_4(b + 10) >> 4); - int64_t b5 = kBottom21Bits & (load_3(b + 13) >> 1); - int64_t b6 = kBottom21Bits & (load_4(b + 15) >> 6); - int64_t b7 = kBottom21Bits & (load_3(b + 18) >> 3); - int64_t b8 = kBottom21Bits & load_3(b + 21); - int64_t b9 = kBottom21Bits & (load_4(b + 23) >> 5); + int64_t a11 = (load_4(a + 28) >> 7); + int64_t b0 = kBottom21Bits & load_3(b); + int64_t b1 = kBottom21Bits & (load_4(b + 2) >> 5); + int64_t b2 = kBottom21Bits & (load_3(b + 5) >> 2); + int64_t b3 = kBottom21Bits & (load_4(b + 7) >> 7); + int64_t b4 = kBottom21Bits & (load_4(b + 10) >> 4); + int64_t b5 = kBottom21Bits & (load_3(b + 13) >> 1); + int64_t b6 = kBottom21Bits & (load_4(b + 15) >> 6); + int64_t b7 = kBottom21Bits & (load_3(b + 18) >> 3); + int64_t b8 = kBottom21Bits & load_3(b + 21); + int64_t b9 = kBottom21Bits & (load_4(b + 23) >> 5); int64_t b10 = kBottom21Bits & (load_3(b + 26) >> 2); - int64_t b11 = (load_4(b + 28) >> 7); - int64_t c0 = kBottom21Bits & load_3(c); - int64_t c1 = kBottom21Bits & (load_4(c + 2) >> 5); - int64_t c2 = kBottom21Bits & (load_3(c + 5) >> 2); - int64_t c3 = kBottom21Bits & (load_4(c + 7) >> 7); - int64_t c4 = kBottom21Bits & (load_4(c + 10) >> 4); - int64_t c5 = kBottom21Bits & (load_3(c + 13) >> 1); - int64_t c6 = kBottom21Bits & (load_4(c + 15) >> 6); - int64_t c7 = kBottom21Bits & (load_3(c + 18) >> 3); - int64_t c8 = kBottom21Bits & load_3(c + 21); - int64_t c9 = kBottom21Bits & (load_4(c + 23) >> 5); + int64_t b11 = (load_4(b + 28) >> 7); + int64_t c0 = kBottom21Bits & load_3(c); + int64_t c1 = kBottom21Bits & (load_4(c + 2) >> 5); + int64_t c2 = kBottom21Bits & (load_3(c + 5) >> 2); + int64_t c3 = kBottom21Bits & (load_4(c + 7) >> 7); + int64_t c4 = kBottom21Bits & (load_4(c + 10) >> 4); + int64_t c5 = kBottom21Bits & (load_3(c + 13) >> 1); + int64_t c6 = kBottom21Bits & (load_4(c + 15) >> 6); + int64_t c7 = kBottom21Bits & (load_3(c + 18) >> 3); + int64_t c8 = kBottom21Bits & load_3(c + 21); + int64_t c9 = kBottom21Bits & (load_4(c + 23) >> 5); int64_t c10 = kBottom21Bits & (load_3(c + 26) >> 2); - int64_t c11 = (load_4(c + 28) >> 7); + int64_t c11 = (load_4(c + 28) >> 7); int64_t s0; int64_t s1; int64_t s2; @@ -5053,46 +5207,46 @@ int64_t carry21; int64_t carry22; - s0 = c0 + a0 * b0; - s1 = c1 + a0 * b1 + a1 * b0; - s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; - s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; - s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; - s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; - s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; - s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0; - s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0; - s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; - s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; - s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; - s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; - s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; - s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3; - s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4; - s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; - s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; - s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; - s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; - s20 = a9 * b11 + a10 * b10 + a11 * b9; - s21 = a10 * b11 + a11 * b10; - s22 = a11 * b11; - s23 = 0; + s0 = c0 + a0 * b0; + s1 = c1 + a0 * b1 + a1 * b0; + s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; + s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; + s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0; + s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0; + s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4; + s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + s23 = 0; carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); + s1 += carry0; + s0 -= carry0 * (1 << 21); carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); + s3 += carry2; + s2 -= carry2 * (1 << 21); carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); + s5 += carry4; + s4 -= carry4 * (1 << 21); carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); + s7 += carry6; + s6 -= carry6 * (1 << 21); carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); @@ -5116,20 +5270,20 @@ s22 -= carry22 * (1 << 21); carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); + s2 += carry1; + s1 -= carry1 * (1 << 21); carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); + s4 += carry3; + s3 -= carry3 * (1 << 21); carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); + s6 += carry5; + s5 -= carry5 * (1 << 21); carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 * (1 << 21); @@ -5155,7 +5309,7 @@ s14 -= s23 * 997805; s15 += s23 * 136657; s16 -= s23 * 683901; - s23 = 0; + s23 = 0; s10 += s22 * 666643; s11 += s22 * 470296; @@ -5163,46 +5317,46 @@ s13 -= s22 * 997805; s14 += s22 * 136657; s15 -= s22 * 683901; - s22 = 0; + s22 = 0; - s9 += s21 * 666643; + s9 += s21 * 666643; s10 += s21 * 470296; s11 += s21 * 654183; s12 -= s21 * 997805; s13 += s21 * 136657; s14 -= s21 * 683901; - s21 = 0; + s21 = 0; - s8 += s20 * 666643; - s9 += s20 * 470296; + s8 += s20 * 666643; + s9 += s20 * 470296; s10 += s20 * 654183; s11 -= s20 * 997805; s12 += s20 * 136657; s13 -= s20 * 683901; - s20 = 0; + s20 = 0; - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; s10 -= s19 * 997805; s11 += s19 * 136657; s12 -= s19 * 683901; - s19 = 0; + s19 = 0; - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; s10 += s18 * 136657; s11 -= s18 * 683901; - s18 = 0; + s18 = 0; carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); + s7 += carry6; + s6 -= carry6 * (1 << 21); carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); @@ -5217,11 +5371,11 @@ s16 -= carry16 * (1 << 21); carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 * (1 << 21); @@ -5232,130 +5386,130 @@ s16 += carry15; s15 -= carry15 * (1 << 21); - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; s10 -= s17 * 683901; - s17 = 0; - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - s16 = 0; - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - s15 = 0; - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - s14 = 0; - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - s13 = 0; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; + s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; s12 = 0; carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); + s1 += carry0; + s0 -= carry0 * (1 << 21); carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); + s3 += carry2; + s2 -= carry2 * (1 << 21); carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); + s5 += carry4; + s4 -= carry4 * (1 << 21); carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); + s7 += carry6; + s6 -= carry6 * (1 << 21); carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); + s2 += carry1; + s1 -= carry1 * (1 << 21); carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); + s4 += carry3; + s3 -= carry3 * (1 << 21); carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); + s6 += carry5; + s5 -= carry5 * (1 << 21); carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; s11 -= carry11 * (1 << 21); - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); + s1 += carry0; + s0 -= carry0 * (1 << 21); carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); + s2 += carry1; + s1 -= carry1 * (1 << 21); carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); + s3 += carry2; + s2 -= carry2 * (1 << 21); carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); + s4 += carry3; + s3 -= carry3 * (1 << 21); carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); + s5 += carry4; + s4 -= carry4 * (1 << 21); carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); + s6 += carry5; + s5 -= carry5 * (1 << 21); carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); + s7 += carry6; + s6 -= carry6 * (1 << 21); carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); @@ -5363,86 +5517,85 @@ s12 += carry11; s11 -= carry11 * (1 << 21); - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); + s1 += carry0; + s0 -= carry0 * (1 << 21); carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); + s2 += carry1; + s1 -= carry1 * (1 << 21); carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); + s3 += carry2; + s2 -= carry2 * (1 << 21); carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); + s4 += carry3; + s3 -= carry3 * (1 << 21); carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); + s5 += carry4; + s4 -= carry4 * (1 << 21); carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); + s6 += carry5; + s5 -= carry5 * (1 << 21); carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); + s7 += carry6; + s6 -= carry6 * (1 << 21); carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); + s8 += carry7; + s7 -= carry7 * (1 << 21); carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); + s9 += carry8; + s8 -= carry8 * (1 << 21); carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 * (1 << 21); + s9 -= carry9 * (1 << 21); carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 * (1 << 21); - s[ 0] = (uint8_t) (s0 >> 0); - s[ 1] = (uint8_t) (s0 >> 8); - s[ 2] = (uint8_t)((s0 >> 16) | (s1 << 5)); - s[ 3] = (uint8_t) (s1 >> 3); - s[ 4] = (uint8_t) (s1 >> 11); - s[ 5] = (uint8_t)((s1 >> 19) | (s2 << 2)); - s[ 6] = (uint8_t) (s2 >> 6); - s[ 7] = (uint8_t)((s2 >> 14) | (s3 << 7)); - s[ 8] = (uint8_t) (s3 >> 1); - s[ 9] = (uint8_t) (s3 >> 9); - s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); - s[11] = (uint8_t) (s4 >> 4); - s[12] = (uint8_t) (s4 >> 12); - s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); - s[14] = (uint8_t) (s5 >> 7); - s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); - s[16] = (uint8_t) (s6 >> 2); - s[17] = (uint8_t) (s6 >> 10); - s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); - s[19] = (uint8_t) (s7 >> 5); - s[20] = (uint8_t) (s7 >> 13); - s[21] = (uint8_t) (s8 >> 0); - s[22] = (uint8_t) (s8 >> 8); - s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); - s[24] = (uint8_t) (s9 >> 3); - s[25] = (uint8_t) (s9 >> 11); - s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); - s[27] = (uint8_t) (s10 >> 6); + s[0] = (uint8_t)(s0 >> 0); + s[1] = (uint8_t)(s0 >> 8); + s[2] = (uint8_t)((s0 >> 16) | (s1 << 5)); + s[3] = (uint8_t)(s1 >> 3); + s[4] = (uint8_t)(s1 >> 11); + s[5] = (uint8_t)((s1 >> 19) | (s2 << 2)); + s[6] = (uint8_t)(s2 >> 6); + s[7] = (uint8_t)((s2 >> 14) | (s3 << 7)); + s[8] = (uint8_t)(s3 >> 1); + s[9] = (uint8_t)(s3 >> 9); + s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); + s[11] = (uint8_t)(s4 >> 4); + s[12] = (uint8_t)(s4 >> 12); + s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); + s[14] = (uint8_t)(s5 >> 7); + s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); + s[16] = (uint8_t)(s6 >> 2); + s[17] = (uint8_t)(s6 >> 10); + s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); + s[19] = (uint8_t)(s7 >> 5); + s[20] = (uint8_t)(s7 >> 13); + s[21] = (uint8_t)(s8 >> 0); + s[22] = (uint8_t)(s8 >> 8); + s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); + s[24] = (uint8_t)(s9 >> 3); + s[25] = (uint8_t)(s9 >> 11); + s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); + s[27] = (uint8_t)(s10 >> 6); s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); - s[29] = (uint8_t) (s11 >> 1); - s[30] = (uint8_t) (s11 >> 9); - s[31] = (uint8_t) (s11 >> 17); + s[29] = (uint8_t)(s11 >> 1); + s[30] = (uint8_t)(s11 >> 9); + s[31] = (uint8_t)(s11 >> 17); } -int -ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[32], const uint8_t private_key[32], - OSSL_LIB_CTX *libctx, const char *propq) +int ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[32], const uint8_t private_key[32], + OSSL_LIB_CTX *libctx, const char *propq) { uint8_t az[SHA512_DIGEST_LENGTH]; uint8_t nonce[SHA512_DIGEST_LENGTH]; @@ -5496,10 +5649,9 @@ static const char allzeroes[15]; -int -ossl_ed25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[64], const uint8_t public_key[32], - OSSL_LIB_CTX *libctx, const char *propq) +int ossl_ed25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[64], const uint8_t public_key[32], + OSSL_LIB_CTX *libctx, const char *propq) { int i; ge_p3 A; @@ -5581,10 +5733,9 @@ return res; } -int -ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], - const uint8_t private_key[32], - const char *propq) +int ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], + const uint8_t private_key[32], + const char *propq) { uint8_t az[SHA512_DIGEST_LENGTH]; ge_p3 A; @@ -5612,19 +5763,17 @@ return 1; } -int -ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], - const uint8_t peer_public_value[32]) +int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], + const uint8_t peer_public_value[32]) { - static const uint8_t kZeros[32] = {0}; + static const uint8_t kZeros[32] = { 0 }; x25519_scalar_mult(out_shared_key, private_key, peer_public_value); /* The all-zero output results when the input is a point of small order. */ return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0; } -void -ossl_x25519_public_from_private(uint8_t out_public_value[32], - const uint8_t private_key[32]) +void ossl_x25519_public_from_private(uint8_t out_public_value[32], + const uint8_t private_key[32]) { uint8_t e[32]; ge_p3 A; --- crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h.orig +++ crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h @@ -11,17 +11,17 @@ */ #ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H -# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H +#define OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H #include "internal/constant_time.h" -# define ARCH_WORD_BITS 32 +#define ARCH_WORD_BITS 32 -#define word_is_zero(a) constant_time_is_zero_32(a) +#define word_is_zero(a) constant_time_is_zero_32(a) static ossl_inline uint64_t widemul(uint32_t a, uint32_t b) { return ((uint64_t)a) * b; } -#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H */ --- crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h.orig +++ crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h @@ -11,14 +11,18 @@ */ #ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H -# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H +#define OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H -# define GF_HEADROOM 2 -# define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28) -# define FIELD_LITERAL(a, b, c, d, e, f, g, h) \ - {{LIMB(a), LIMB(b), LIMB(c), LIMB(d), LIMB(e), LIMB(f), LIMB(g), LIMB(h)}} +#define GF_HEADROOM 2 +#define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28) +#define FIELD_LITERAL(a, b, c, d, e, f, g, h) \ + { \ + { \ + LIMB(a), LIMB(b), LIMB(c), LIMB(d), LIMB(e), LIMB(f), LIMB(g), LIMB(h) \ + } \ + } -# define LIMB_PLACE_VALUE(i) 28 +#define LIMB_PLACE_VALUE(i) 28 void gf_add_RAW(gf out, const gf a, const gf b) { @@ -57,4 +61,4 @@ a->limb[0] = (a->limb[0] & mask) + tmp; } -#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H */ --- crypto/openssl/crypto/ec/curve448/arch_32/f_impl32.c.orig +++ crypto/openssl/crypto/ec/curve448/arch_32/f_impl32.c @@ -19,9 +19,9 @@ NON_EMPTY_TRANSLATION_UNIT #else -# include "../field.h" +#include "../field.h" -void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) +void gf_mul(gf_s *RESTRICT cs, const gf as, const gf bs) { const uint32_t *a = as->limb, *b = bs->limb; uint32_t *c = cs->limb; @@ -70,7 +70,7 @@ c[1] += ((uint32_t)(accum1)); } -void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b) +void gf_mulw_unsigned(gf_s *RESTRICT cs, const gf as, uint32_t b) { const uint32_t *a = as->limb; uint32_t *c = cs->limb; @@ -98,8 +98,8 @@ c[1] += (uint32_t)(accum8 >> 28); } -void gf_sqr(gf_s * RESTRICT cs, const gf as) +void gf_sqr(gf_s *RESTRICT cs, const gf as) { - gf_mul(cs, as, as); /* Performs better with a dedicated square */ + gf_mul(cs, as, as); /* Performs better with a dedicated square */ } #endif --- crypto/openssl/crypto/ec/curve448/arch_64/arch_intrinsics.h.orig +++ crypto/openssl/crypto/ec/curve448/arch_64/arch_intrinsics.h @@ -11,17 +11,17 @@ */ #ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H -# define OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H +#define OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H -# include "internal/constant_time.h" +#include "internal/constant_time.h" -# define ARCH_WORD_BITS 64 +#define ARCH_WORD_BITS 64 -# define word_is_zero(a) constant_time_is_zero_64(a) +#define word_is_zero(a) constant_time_is_zero_64(a) static ossl_inline uint128_t widemul(uint64_t a, uint64_t b) { - return ((uint128_t) a) * b; + return ((uint128_t)a) * b; } -#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H */ --- crypto/openssl/crypto/ec/curve448/arch_64/f_impl.h.orig +++ crypto/openssl/crypto/ec/curve448/arch_64/f_impl.h @@ -11,12 +11,17 @@ */ #ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H -# define OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H +#define OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H -# define GF_HEADROOM 9999 /* Everything is reduced anyway */ -# define FIELD_LITERAL(a,b,c,d,e,f,g,h) {{a,b,c,d,e,f,g,h}} +#define GF_HEADROOM 9999 /* Everything is reduced anyway */ +#define FIELD_LITERAL(a, b, c, d, e, f, g, h) \ + { \ + { \ + a, b, c, d, e, f, g, h \ + } \ + } -# define LIMB_PLACE_VALUE(i) 56 +#define LIMB_PLACE_VALUE(i) 56 void gf_add_RAW(gf out, const gf a, const gf b) { @@ -55,4 +60,4 @@ a->limb[0] = (a->limb[0] & mask) + tmp; } -#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H */ --- crypto/openssl/crypto/ec/curve448/arch_64/f_impl64.c.orig +++ crypto/openssl/crypto/ec/curve448/arch_64/f_impl64.c @@ -19,9 +19,9 @@ NON_EMPTY_TRANSLATION_UNIT #else -# include "../field.h" +#include "../field.h" -void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) +void gf_mul(gf_s *RESTRICT cs, const gf as, const gf bs) { const uint64_t *a = as->limb, *b = bs->limb; uint64_t *c = cs->limb; @@ -73,7 +73,7 @@ c[1] += ((uint64_t)(accum1)); } -void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b) +void gf_mulw_unsigned(gf_s *RESTRICT cs, const gf as, uint32_t b) { const uint64_t *a = as->limb; uint64_t *c = cs->limb; @@ -99,7 +99,7 @@ c[1] += accum4 >> 56; } -void gf_sqr(gf_s * RESTRICT cs, const gf as) +void gf_sqr(gf_s *RESTRICT cs, const gf as) { const uint64_t *a = as->limb; uint64_t *c = cs->limb; --- crypto/openssl/crypto/ec/curve448/curve448.c.orig +++ crypto/openssl/crypto/ec/curve448/curve448.c @@ -23,20 +23,16 @@ #define C448_WNAF_FIXED_TABLE_BITS 5 #define C448_WNAF_VAR_TABLE_BITS 3 -#define EDWARDS_D (-39081) +#define EDWARDS_D (-39081) static const curve448_scalar_t precomputed_scalarmul_adjustment = { - { - { - SC_LIMB(0xc873d6d54a7bb0cfULL), SC_LIMB(0xe933d8d723a70aadULL), - SC_LIMB(0xbb124b65129c96fdULL), SC_LIMB(0x00000008335dc163ULL) - } - } + { { SC_LIMB(0xc873d6d54a7bb0cfULL), SC_LIMB(0xe933d8d723a70aadULL), + SC_LIMB(0xbb124b65129c96fdULL), SC_LIMB(0x00000008335dc163ULL) } } }; #define TWISTED_D (EDWARDS_D - 1) -#define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ +#define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ /* Inverse. */ static void gf_invert(gf y, const gf x, int assert_nonzero) @@ -44,37 +40,36 @@ mask_t ret; gf t1, t2; - gf_sqr(t1, x); /* o^2 */ - ret = gf_isr(t2, t1); /* +-1/sqrt(o^2) = +-1/o */ + gf_sqr(t1, x); /* o^2 */ + ret = gf_isr(t2, t1); /* +-1/sqrt(o^2) = +-1/o */ (void)ret; if (assert_nonzero) assert(ret); gf_sqr(t1, t2); - gf_mul(t2, t1, x); /* not direct to y in case of alias. */ + gf_mul(t2, t1, x); /* not direct to y in case of alias. */ gf_copy(y, t2); } /** identity = (0,1) */ -const curve448_point_t ossl_curve448_point_identity = - { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} }; +const curve448_point_t ossl_curve448_point_identity = { { { { { 0 } } }, { { { 1 } } }, { { { 1 } } }, { { { 0 } } } } }; static void point_double_internal(curve448_point_t p, const curve448_point_t q, - int before_double) + int before_double) { gf a, b, c, d; gf_sqr(c, q->x); gf_sqr(a, q->y); - gf_add_nr(d, c, a); /* 2+e */ + gf_add_nr(d, c, a); /* 2+e */ gf_add_nr(p->t, q->y, q->x); /* 2+e */ gf_sqr(b, p->t); - gf_subx_nr(b, b, d, 3); /* 4+e */ - gf_sub_nr(p->t, a, c); /* 3+e */ + gf_subx_nr(b, b, d, 3); /* 4+e */ + gf_sub_nr(p->t, a, c); /* 3+e */ gf_sqr(p->x, q->z); gf_add_nr(p->z, p->x, p->x); /* 2+e */ gf_subx_nr(a, p->z, p->t, 4); /* 6+e */ if (GF_HEADROOM == 5) - gf_weak_reduce(a); /* or 1+e */ + gf_weak_reduce(a); /* or 1+e */ gf_mul(p->x, a, b); gf_mul(p->z, p->t, a); gf_mul(p->y, p->t, d); @@ -123,19 +118,19 @@ } static void add_niels_to_pt(curve448_point_t d, const niels_t e, - int before_double) + int before_double) { gf a, b, c; - gf_sub_nr(b, d->y, d->x); /* 3+e */ + gf_sub_nr(b, d->y, d->x); /* 3+e */ gf_mul(a, e->a, b); - gf_add_nr(b, d->x, d->y); /* 2+e */ + gf_add_nr(b, d->x, d->y); /* 2+e */ gf_mul(d->y, e->b, b); gf_mul(d->x, e->c, d->t); - gf_add_nr(c, a, d->y); /* 2+e */ - gf_sub_nr(b, d->y, a); /* 3+e */ + gf_add_nr(c, a, d->y); /* 2+e */ + gf_sub_nr(b, d->y, a); /* 3+e */ gf_sub_nr(d->y, d->z, d->x); /* 3+e */ - gf_add_nr(a, d->x, d->z); /* 2+e */ + gf_add_nr(a, d->x, d->z); /* 2+e */ gf_mul(d->z, a, d->y); gf_mul(d->x, d->y, b); gf_mul(d->y, a, c); @@ -144,19 +139,19 @@ } static void sub_niels_from_pt(curve448_point_t d, const niels_t e, - int before_double) + int before_double) { gf a, b, c; - gf_sub_nr(b, d->y, d->x); /* 3+e */ + gf_sub_nr(b, d->y, d->x); /* 3+e */ gf_mul(a, e->b, b); - gf_add_nr(b, d->x, d->y); /* 2+e */ + gf_add_nr(b, d->x, d->y); /* 2+e */ gf_mul(d->y, e->a, b); gf_mul(d->x, e->c, d->t); - gf_add_nr(c, a, d->y); /* 2+e */ - gf_sub_nr(b, d->y, a); /* 3+e */ + gf_add_nr(c, a, d->y); /* 2+e */ + gf_sub_nr(b, d->y, a); /* 3+e */ gf_add_nr(d->y, d->z, d->x); /* 2+e */ - gf_sub_nr(a, d->z, d->x); /* 3+e */ + gf_sub_nr(a, d->z, d->x); /* 3+e */ gf_mul(d->z, a, d->y); gf_mul(d->x, d->y, b); gf_mul(d->y, a, c); @@ -165,7 +160,7 @@ } static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn, - int before_double) + int before_double) { gf L0; @@ -175,7 +170,7 @@ } static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn, - int before_double) + int before_double) { gf L0; @@ -186,7 +181,7 @@ c448_bool_t ossl_curve448_point_eq(const curve448_point_t p, - const curve448_point_t q) + const curve448_point_t q) { mask_t succ; gf a, b; @@ -220,17 +215,16 @@ return mask_to_bool(out); } -static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni, - const niels_t * table, - int nelts, int idx) +static ossl_inline void constant_time_lookup_niels(niels_s *RESTRICT ni, + const niels_t *table, + int nelts, int idx) { constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx); } -void -ossl_curve448_precomputed_scalarmul(curve448_point_t out, - const curve448_precomputed_s * table, - const curve448_scalar_t scalar) +void ossl_curve448_precomputed_scalarmul(curve448_point_t out, + const curve448_precomputed_s *table, + const curve448_scalar_t scalar) { unsigned int i, j, k; const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S; @@ -252,8 +246,7 @@ unsigned int bit = (i - 1) + s * (k + j * t); if (bit < C448_SCALAR_BITS) - tab |= - (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k; + tab |= (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k; } invert = (tab >> (t - 1)) - 1; @@ -261,7 +254,7 @@ tab &= (1 << (t - 1)) - 1; constant_time_lookup_niels(ni, &table->table[j << (t - 1)], - 1 << (t - 1), tab); + 1 << (t - 1), tab); cond_neg_niels(ni, invert); if ((i != s) || j != 0) @@ -275,10 +268,9 @@ OPENSSL_cleanse(scalar1x, sizeof(scalar1x)); } -void -ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( - uint8_t enc[EDDSA_448_PUBLIC_BYTES], - const curve448_point_t p) +void ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( + uint8_t enc[EDDSA_448_PUBLIC_BYTES], + const curve448_point_t p) { gf x, y, z, t; curve448_point_t q; @@ -325,8 +317,8 @@ c448_error_t ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( - curve448_point_t p, - const uint8_t enc[EDDSA_448_PUBLIC_BYTES]) + curve448_point_t p, + const uint8_t enc[EDDSA_448_PUBLIC_BYTES]) { uint8_t enc2[EDDSA_448_PUBLIC_BYTES]; mask_t low; @@ -341,14 +333,14 @@ succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]); gf_sqr(p->x, p->y); - gf_sub(p->z, ONE, p->x); /* num = 1-y^2 */ + gf_sub(p->z, ONE, p->x); /* num = 1-y^2 */ gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */ - gf_sub(p->t, ONE, p->t); /* denom = 1-dy^2 or 1-d + dy^2 */ + gf_sub(p->t, ONE, p->t); /* denom = 1-dy^2 or 1-d + dy^2 */ gf_mul(p->x, p->z, p->t); succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */ - gf_mul(p->x, p->t, p->z); /* sqrt(num / denom) */ + gf_mul(p->x, p->t, p->z); /* sqrt(num / denom) */ gf_cond_neg(p->x, gf_lobit(p->x) ^ low); gf_copy(p->z, ONE); @@ -384,8 +376,8 @@ c448_error_t ossl_x448_int(uint8_t out[X_PUBLIC_BYTES], - const uint8_t base[X_PUBLIC_BYTES], - const uint8_t scalar[X_PRIVATE_BYTES]) + const uint8_t base[X_PUBLIC_BYTES], + const uint8_t scalar[X_PRIVATE_BYTES]) { gf x1, x2, z2, x3, z3, t1, t2; int t; @@ -409,7 +401,7 @@ sb = -1; k_t = (sb >> (t % 8)) & 1; - k_t = 0 - k_t; /* set to all 0s or all 1s */ + k_t = 0 - k_t; /* set to all 0s or all 1s */ swap ^= k_t; gf_cond_swap(x2, x3, swap); @@ -421,26 +413,26 @@ * comments, "2+e" is saying that the coefficients are at most 2+epsilon * times the reduction limit. */ - gf_add_nr(t1, x2, z2); /* A = x2 + z2 */ /* 2+e */ - gf_sub_nr(t2, x2, z2); /* B = x2 - z2 */ /* 3+e */ - gf_sub_nr(z2, x3, z3); /* D = x3 - z3 */ /* 3+e */ - gf_mul(x2, t1, z2); /* DA */ - gf_add_nr(z2, z3, x3); /* C = x3 + z3 */ /* 2+e */ - gf_mul(x3, t2, z2); /* CB */ - gf_sub_nr(z3, x2, x3); /* DA-CB */ /* 3+e */ - gf_sqr(z2, z3); /* (DA-CB)^2 */ - gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */ - gf_add_nr(z2, x2, x3); /* (DA+CB) */ /* 2+e */ - gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */ - - gf_sqr(z2, t1); /* AA = A^2 */ - gf_sqr(t1, t2); /* BB = B^2 */ - gf_mul(x2, z2, t1); /* x2 = AA*BB */ - gf_sub_nr(t2, z2, t1); /* E = AA-BB */ /* 3+e */ + gf_add_nr(t1, x2, z2); /* A = x2 + z2 */ /* 2+e */ + gf_sub_nr(t2, x2, z2); /* B = x2 - z2 */ /* 3+e */ + gf_sub_nr(z2, x3, z3); /* D = x3 - z3 */ /* 3+e */ + gf_mul(x2, t1, z2); /* DA */ + gf_add_nr(z2, z3, x3); /* C = x3 + z3 */ /* 2+e */ + gf_mul(x3, t2, z2); /* CB */ + gf_sub_nr(z3, x2, x3); /* DA-CB */ /* 3+e */ + gf_sqr(z2, z3); /* (DA-CB)^2 */ + gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */ + gf_add_nr(z2, x2, x3); /* (DA+CB) */ /* 2+e */ + gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */ + + gf_sqr(z2, t1); /* AA = A^2 */ + gf_sqr(t1, t2); /* BB = B^2 */ + gf_mul(x2, z2, t1); /* x2 = AA*BB */ + gf_sub_nr(t2, z2, t1); /* E = AA-BB */ /* 3+e */ gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */ - gf_add_nr(t1, t1, z2); /* AA + a24*E */ /* 2+e */ - gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */ + gf_add_nr(t1, t1, z2); /* AA + a24*E */ /* 2+e */ + gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */ } /* Finish */ @@ -462,23 +454,22 @@ return c448_succeed_if(mask_to_bool(nz)); } -void -ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t - out[X_PUBLIC_BYTES], - const curve448_point_t p) +void ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t + out[X_PUBLIC_BYTES], + const curve448_point_t p) { curve448_point_t q; curve448_point_copy(q, p); - gf_invert(q->t, q->x, 0); /* 1/x */ - gf_mul(q->z, q->t, q->y); /* y/x */ - gf_sqr(q->y, q->z); /* (y/x)^2 */ + gf_invert(q->t, q->x, 0); /* 1/x */ + gf_mul(q->z, q->t, q->y); /* y/x */ + gf_sqr(q->y, q->z); /* (y/x)^2 */ gf_serialize(out, q->y, 1); ossl_curve448_point_destroy(q); } void ossl_x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES], - const uint8_t scalar[X_PRIVATE_BYTES]) + const uint8_t scalar[X_PRIVATE_BYTES]) { /* Scalar conditioning */ uint8_t scalar2[X_PRIVATE_BYTES]; @@ -499,7 +490,7 @@ ossl_curve448_scalar_halve(the_scalar, the_scalar); ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, - the_scalar); + the_scalar); ossl_curve448_point_mul_by_ratio_and_encode_like_x448(out, p); ossl_curve448_point_destroy(p); } @@ -510,9 +501,9 @@ }; #if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3)) -# define NUMTRAILINGZEROS __builtin_ctz +#define NUMTRAILINGZEROS __builtin_ctz #else -# define NUMTRAILINGZEROS numtrailingzeros +#define NUMTRAILINGZEROS numtrailingzeros static uint32_t numtrailingzeros(uint32_t i) { uint32_t tmp; @@ -550,9 +541,9 @@ #endif static int recode_wnaf(struct smvt_control *control, - /* [nbits/(table_bits + 1) + 3] */ - const curve448_scalar_t scalar, - unsigned int table_bits) + /* [nbits/(table_bits + 1) + 3] */ + const curve448_scalar_t scalar, + unsigned int table_bits) { unsigned int table_size = C448_SCALAR_BITS / (table_bits + 1) + 3; int position = table_size - 1; /* at the end */ @@ -577,7 +568,8 @@ if (w < (C448_SCALAR_BITS - 1) / 16 + 1) { /* Refill the 16 high bits of current */ current += (uint32_t)((scalar->limb[w / B_OVER_16] - >> (16 * (w % B_OVER_16))) << 16); + >> (16 * (w % B_OVER_16))) + << 16); } while (current & 0xFFFF) { @@ -586,7 +578,7 @@ int32_t delta = odd & mask; assert(position >= 0); - assert(pos < 32); /* can't fail since current & 0xFFFF != 0 */ + assert(pos < 32); /* can't fail since current & 0xFFFF != 0 */ if (odd & (1 << (table_bits + 1))) delta -= (1 << (table_bits + 1)); current -= delta * (1 << pos); @@ -606,9 +598,9 @@ return n - 1; } -static void prepare_wnaf_table(pniels_t * output, - const curve448_point_t working, - unsigned int tbits) +static void prepare_wnaf_table(pniels_t *output, + const curve448_point_t working, + unsigned int tbits) { curve448_point_t tmp; int i; @@ -634,18 +626,15 @@ OPENSSL_cleanse(twop, sizeof(twop)); } -void -ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo, - const curve448_scalar_t scalar1, - const curve448_point_t base2, - const curve448_scalar_t scalar2) +void ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo, + const curve448_scalar_t scalar1, + const curve448_point_t base2, + const curve448_scalar_t scalar2) { const int table_bits_var = C448_WNAF_VAR_TABLE_BITS; const int table_bits_pre = C448_WNAF_FIXED_TABLE_BITS; - struct smvt_control control_var[C448_SCALAR_BITS / - (C448_WNAF_VAR_TABLE_BITS + 1) + 3]; - struct smvt_control control_pre[C448_SCALAR_BITS / - (C448_WNAF_FIXED_TABLE_BITS + 1) + 3]; + struct smvt_control control_var[C448_SCALAR_BITS / (C448_WNAF_VAR_TABLE_BITS + 1) + 3]; + struct smvt_control control_pre[C448_SCALAR_BITS / (C448_WNAF_FIXED_TABLE_BITS + 1) + 3]; int ncb_pre = recode_wnaf(control_pre, scalar1, table_bits_pre); int ncb_var = recode_wnaf(control_var, scalar2, table_bits_var); pniels_t precmp_var[1 << C448_WNAF_VAR_TABLE_BITS]; @@ -664,8 +653,8 @@ } else if (i == control_pre[0].power && i >= 0) { pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]); add_niels_to_pt(combo, - ossl_curve448_wnaf_base[control_pre[0].addend >> 1], - i); + ossl_curve448_wnaf_base[control_pre[0].addend >> 1], + i); contv++; contp++; } else { @@ -685,12 +674,13 @@ if (control_var[contv].addend > 0) add_pniels_to_pt(combo, - precmp_var[control_var[contv].addend >> 1], - i && !cp); + precmp_var[control_var[contv].addend >> 1], + i && !cp); else sub_pniels_from_pt(combo, - precmp_var[(-control_var[contv].addend) - >> 1], i && !cp); + precmp_var[(-control_var[contv].addend) + >> 1], + i && !cp); contv++; } @@ -699,12 +689,16 @@ if (control_pre[contp].addend > 0) add_niels_to_pt(combo, - ossl_curve448_wnaf_base[control_pre[contp].addend - >> 1], i); + ossl_curve448_wnaf_base[control_pre[contp].addend + >> 1], + i); else sub_niels_from_pt(combo, - ossl_curve448_wnaf_base[(-control_pre - [contp].addend) >> 1], i); + ossl_curve448_wnaf_base[(-control_pre + [contp] + .addend) + >> 1], + i); contp++; } } @@ -726,14 +720,14 @@ } int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], - const uint8_t peer_public_value[56]) + const uint8_t peer_public_value[56]) { return ossl_x448_int(out_shared_key, peer_public_value, private_key) - == C448_SUCCESS; + == C448_SUCCESS; } void ossl_x448_public_from_private(uint8_t out_public_value[56], - const uint8_t private_key[56]) + const uint8_t private_key[56]) { ossl_x448_derive_public_key(out_public_value, private_key); } --- crypto/openssl/crypto/ec/curve448/curve448_local.h.orig +++ crypto/openssl/crypto/ec/curve448/curve448_local.h @@ -7,18 +7,16 @@ * https://www.openssl.org/source/license.html */ #ifndef OSSL_CRYPTO_EC_CURVE448_LOCAL_H -# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H -# include "curve448utils.h" +#define OSSL_CRYPTO_EC_CURVE448_LOCAL_H +#include "curve448utils.h" -int -ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len, const char *propq); +int ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len, const char *propq); -int -ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, - const char *propq); +int ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, + const char *propq); -#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */ --- crypto/openssl/crypto/ec/curve448/curve448_tables.c.orig +++ crypto/openssl/crypto/ec/curve448/curve448_tables.c @@ -14,1470 +14,1578 @@ #include "point_448.h" static const curve448_precomputed_s curve448_precomputed_base_table = { - { - {{ - {FIELD_LITERAL(0x00cc3b062366f4ccULL, 0x003d6e34e314aa3cULL, - 0x00d51c0a7521774dULL, 0x0094e060eec6ab8bULL, - 0x00d21291b4d80082ULL, 0x00befed12b55ef1eULL, - 0x00c3dd2df5c94518ULL, 0x00e0a7b112b8d4e6ULL)}, - {FIELD_LITERAL(0x0019eb5608d8723aULL, 0x00d1bab52fb3aedbULL, - 0x00270a7311ebc90cULL, 0x0037c12b91be7f13ULL, - 0x005be16cd8b5c704ULL, 0x003e181acda888e1ULL, - 0x00bc1f00fc3fc6d0ULL, 0x00d3839bfa319e20ULL)}, - {FIELD_LITERAL(0x003caeb88611909fULL, 0x00ea8b378c4df3d4ULL, - 0x00b3295b95a5a19aULL, 0x00a65f97514bdfb5ULL, - 0x00b39efba743cab1ULL, 0x0016ba98b862fd2dULL, - 0x0001508812ee71d7ULL, 0x000a75740eea114aULL)}, - }}, {{ - {FIELD_LITERAL(0x00ebcf0eb649f823ULL, 0x00166d332e98ea03ULL, - 0x0059ddf64f5cd5f6ULL, 0x0047763123d9471bULL, - 0x00a64065c53ef62fULL, 0x00978e44c480153dULL, - 0x000b5b2a0265f194ULL, 0x0046a24b9f32965aULL)}, - {FIELD_LITERAL(0x00b9eef787034df0ULL, 0x0020bc24de3390cdULL, - 0x000022160bae99bbULL, 0x00ae66e886e97946ULL, - 0x0048d4bbe02cbb8bULL, 0x0072ba97b34e38d4ULL, - 0x00eae7ec8f03e85aULL, 0x005ba92ecf808b2cULL)}, - {FIELD_LITERAL(0x00c9cfbbe74258fdULL, 0x00843a979ea9eaa7ULL, - 0x000cbb4371cfbe90ULL, 0x0059bac8f7f0a628ULL, - 0x004b3dff882ff530ULL, 0x0011869df4d90733ULL, - 0x00595aa71f4abfc2ULL, 0x0070e2d38990c2e6ULL)}, - }}, {{ - {FIELD_LITERAL(0x00de2010c0a01733ULL, 0x00c739a612e24297ULL, - 0x00a7212643141d7cULL, 0x00f88444f6b67c11ULL, - 0x00484b7b16ec28f2ULL, 0x009c1b8856af9c68ULL, - 0x00ff4669591fe9d6ULL, 0x0054974be08a32c8ULL)}, - {FIELD_LITERAL(0x0010de3fd682ceedULL, 0x008c07642d83ca4eULL, - 0x0013bb064e00a1ccULL, 0x009411ae27870e11ULL, - 0x00ea8e5b4d531223ULL, 0x0032fe7d2aaece2eULL, - 0x00d989e243e7bb41ULL, 0x000fe79a508e9b8bULL)}, - {FIELD_LITERAL(0x005e0426b9bfc5b1ULL, 0x0041a5b1d29ee4faULL, - 0x0015b0def7774391ULL, 0x00bc164f1f51af01ULL, - 0x00d543b0942797b9ULL, 0x003c129b6398099cULL, - 0x002b114c6e5adf18ULL, 0x00b4e630e4018a7bULL)}, - }}, {{ - {FIELD_LITERAL(0x00d490afc95f8420ULL, 0x00b096bf50c1d9b9ULL, - 0x00799fd707679866ULL, 0x007c74d9334afbeaULL, - 0x00efaa8be80ff4edULL, 0x0075c4943bb81694ULL, - 0x00c21c2fca161f36ULL, 0x00e77035d492bfeeULL)}, - {FIELD_LITERAL(0x006658a190dd6661ULL, 0x00e0e9bab38609a6ULL, - 0x0028895c802237edULL, 0x006a0229c494f587ULL, - 0x002dcde96c9916b7ULL, 0x00d158822de16218ULL, - 0x00173b917a06856fULL, 0x00ca78a79ae07326ULL)}, - {FIELD_LITERAL(0x00e35bfc79caced4ULL, 0x0087238a3e1fe3bbULL, - 0x00bcbf0ff4ceff5bULL, 0x00a19c1c94099b91ULL, - 0x0071e102b49db976ULL, 0x0059e3d004eada1eULL, - 0x008da78afa58a47eULL, 0x00579c8ebf269187ULL)}, - }}, {{ - {FIELD_LITERAL(0x00a16c2905eee75fULL, 0x009d4bcaea2c7e1dULL, - 0x00d3bd79bfad19dfULL, 0x0050da745193342cULL, - 0x006abdb8f6b29ab1ULL, 0x00a24fe0a4fef7efULL, - 0x0063730da1057dfbULL, 0x00a08c312c8eb108ULL)}, - {FIELD_LITERAL(0x00b583be005375beULL, 0x00a40c8f8a4e3df4ULL, - 0x003fac4a8f5bdbf7ULL, 0x00d4481d872cd718ULL, - 0x004dc8749cdbaefeULL, 0x00cce740d5e5c975ULL, - 0x000b1c1f4241fd21ULL, 0x00a76de1b4e1cd07ULL)}, - {FIELD_LITERAL(0x007a076500d30b62ULL, 0x000a6e117b7f090fULL, - 0x00c8712ae7eebd9aULL, 0x000fbd6c1d5f6ff7ULL, - 0x003a7977246ebf11ULL, 0x00166ed969c6600eULL, - 0x00aa42e469c98becULL, 0x00dc58f307cf0666ULL)}, - }}, {{ - {FIELD_LITERAL(0x004b491f65a9a28bULL, 0x006a10309e8a55b7ULL, - 0x00b67210185187efULL, 0x00cf6497b12d9b8fULL, - 0x0085778c56e2b1baULL, 0x0015b4c07a814d85ULL, - 0x00686479e62da561ULL, 0x008de5d88f114916ULL)}, - {FIELD_LITERAL(0x00e37c88d6bba7b1ULL, 0x003e4577e1b8d433ULL, - 0x0050d8ea5f510ec0ULL, 0x0042fc9f2da9ef59ULL, - 0x003bd074c1141420ULL, 0x00561b8b7b68774eULL, - 0x00232e5e5d1013a3ULL, 0x006b7f2cb3d7e73fULL)}, - {FIELD_LITERAL(0x004bdd0f0b41e6a0ULL, 0x001773057c405d24ULL, - 0x006029f99915bd97ULL, 0x006a5ba70a17fe2fULL, - 0x0046111977df7e08ULL, 0x004d8124c89fb6b7ULL, - 0x00580983b2bb2724ULL, 0x00207bf330d6f3feULL)}, - }}, {{ - {FIELD_LITERAL(0x007efdc93972a48bULL, 0x002f5e50e78d5feeULL, - 0x0080dc11d61c7fe5ULL, 0x0065aa598707245bULL, - 0x009abba2300641beULL, 0x000c68787656543aULL, - 0x00ffe0fef2dc0a17ULL, 0x00007ffbd6cb4f3aULL)}, - {FIELD_LITERAL(0x0036012f2b836efcULL, 0x00458c126d6b5fbcULL, - 0x00a34436d719ad1eULL, 0x0097be6167117deaULL, - 0x0009c219c879cff3ULL, 0x0065564493e60755ULL, - 0x00993ac94a8cdec0ULL, 0x002d4885a4d0dbafULL)}, - {FIELD_LITERAL(0x00598b60b4c068baULL, 0x00c547a0be7f1afdULL, - 0x009582164acf12afULL, 0x00af4acac4fbbe40ULL, - 0x005f6ca7c539121aULL, 0x003b6e752ebf9d66ULL, - 0x00f08a30d5cac5d4ULL, 0x00e399bb5f97c5a9ULL)}, - }}, {{ - {FIELD_LITERAL(0x007445a0409c0a66ULL, 0x00a65c369f3829c0ULL, - 0x0031d248a4f74826ULL, 0x006817f34defbe8eULL, - 0x00649741d95ebf2eULL, 0x00d46466ab16b397ULL, - 0x00fdc35703bee414ULL, 0x00343b43334525f8ULL)}, - {FIELD_LITERAL(0x001796bea93f6401ULL, 0x00090c5a42e85269ULL, - 0x00672412ba1252edULL, 0x001201d47b6de7deULL, - 0x006877bccfe66497ULL, 0x00b554fd97a4c161ULL, - 0x009753f42dbac3cfULL, 0x00e983e3e378270aULL)}, - {FIELD_LITERAL(0x00ac3eff18849872ULL, 0x00f0eea3bff05690ULL, - 0x00a6d72c21dd505dULL, 0x001b832642424169ULL, - 0x00a6813017b540e5ULL, 0x00a744bd71b385cdULL, - 0x0022a7d089130a7bULL, 0x004edeec9a133486ULL)}, - }}, {{ - {FIELD_LITERAL(0x00b2d6729196e8a9ULL, 0x0088a9bb2031cef4ULL, - 0x00579e7787dc1567ULL, 0x0030f49feb059190ULL, - 0x00a0b1d69c7f7d8fULL, 0x0040bdcc6d9d806fULL, - 0x00d76c4037edd095ULL, 0x00bbf24376415dd7ULL)}, - {FIELD_LITERAL(0x00240465ff5a7197ULL, 0x00bb97e76caf27d0ULL, - 0x004b4edbf8116d39ULL, 0x001d8586f708cbaaULL, - 0x000f8ee8ff8e4a50ULL, 0x00dde5a1945dd622ULL, - 0x00e6fc1c0957e07cULL, 0x0041c9cdabfd88a0ULL)}, - {FIELD_LITERAL(0x005344b0bf5b548cULL, 0x002957d0b705cc99ULL, - 0x00f586a70390553dULL, 0x0075b3229f583cc3ULL, - 0x00a1aa78227490e4ULL, 0x001bf09cf7957717ULL, - 0x00cf6bf344325f52ULL, 0x0065bd1c23ca3ecfULL)}, - }}, {{ - {FIELD_LITERAL(0x009bff3b3239363cULL, 0x00e17368796ef7c0ULL, - 0x00528b0fe0971f3aULL, 0x0008014fc8d4a095ULL, - 0x00d09f2e8a521ec4ULL, 0x006713ab5dde5987ULL, - 0x0003015758e0dbb1ULL, 0x00215999f1ba212dULL)}, - {FIELD_LITERAL(0x002c88e93527da0eULL, 0x0077c78f3456aad5ULL, - 0x0071087a0a389d1cULL, 0x00934dac1fb96dbdULL, - 0x008470e801162697ULL, 0x005bc2196cd4ad49ULL, - 0x00e535601d5087c3ULL, 0x00769888700f497fULL)}, - {FIELD_LITERAL(0x00da7a4b557298adULL, 0x0019d2589ea5df76ULL, - 0x00ef3e38be0c6497ULL, 0x00a9644e1312609aULL, - 0x004592f61b2558daULL, 0x0082c1df510d7e46ULL, - 0x0042809a535c0023ULL, 0x00215bcb5afd7757ULL)}, - }}, {{ - {FIELD_LITERAL(0x002b9df55a1a4213ULL, 0x00dcfc3b464a26beULL, - 0x00c4f9e07a8144d5ULL, 0x00c8e0617a92b602ULL, - 0x008e3c93accafae0ULL, 0x00bf1bcb95b2ca60ULL, - 0x004ce2426a613bf3ULL, 0x00266cac58e40921ULL)}, - {FIELD_LITERAL(0x008456d5db76e8f0ULL, 0x0032ca9cab2ce163ULL, - 0x0059f2b8bf91abcfULL, 0x0063c2a021712788ULL, - 0x00f86155af22f72dULL, 0x00db98b2a6c005a0ULL, - 0x00ac6e416a693ac4ULL, 0x007a93572af53226ULL)}, - {FIELD_LITERAL(0x0087767520f0de22ULL, 0x0091f64012279fb5ULL, - 0x001050f1f0644999ULL, 0x004f097a2477ad3cULL, - 0x006b37913a9947bdULL, 0x001a3d78645af241ULL, - 0x0057832bbb3008a7ULL, 0x002c1d902b80dc20ULL)}, - }}, {{ - {FIELD_LITERAL(0x001a6002bf178877ULL, 0x009bce168aa5af50ULL, - 0x005fc318ff04a7f5ULL, 0x0052818f55c36461ULL, - 0x008768f5d4b24afbULL, 0x0037ffbae7b69c85ULL, - 0x0018195a4b61edc0ULL, 0x001e12ea088434b2ULL)}, - {FIELD_LITERAL(0x0047d3f804e7ab07ULL, 0x00a809ab5f905260ULL, - 0x00b3ffc7cdaf306dULL, 0x00746e8ec2d6e509ULL, - 0x00d0dade8887a645ULL, 0x00acceeebde0dd37ULL, - 0x009bc2579054686bULL, 0x0023804f97f1c2bfULL)}, - {FIELD_LITERAL(0x0043e2e2e50b80d7ULL, 0x00143aafe4427e0fULL, - 0x005594aaecab855bULL, 0x008b12ccaaecbc01ULL, - 0x002deeb091082bc3ULL, 0x009cca4be2ae7514ULL, - 0x00142b96e696d047ULL, 0x00ad2a2b1c05256aULL)}, - }}, {{ - {FIELD_LITERAL(0x003914f2f144b78bULL, 0x007a95dd8bee6f68ULL, - 0x00c7f4384d61c8e6ULL, 0x004e51eb60f1bdb2ULL, - 0x00f64be7aa4621d8ULL, 0x006797bfec2f0ac0ULL, - 0x007d17aab3c75900ULL, 0x001893e73cac8bc5ULL)}, - {FIELD_LITERAL(0x00140360b768665bULL, 0x00b68aca4967f977ULL, - 0x0001089b66195ae4ULL, 0x00fe71122185e725ULL, - 0x000bca2618d49637ULL, 0x00a54f0557d7e98aULL, - 0x00cdcd2f91d6f417ULL, 0x00ab8c13741fd793ULL)}, - {FIELD_LITERAL(0x00725ee6b1e549e0ULL, 0x007124a0769777faULL, - 0x000b68fdad07ae42ULL, 0x0085b909cd4952dfULL, - 0x0092d2e3c81606f4ULL, 0x009f22f6cac099a0ULL, - 0x00f59da57f2799a8ULL, 0x00f06c090122f777ULL)}, - }}, {{ - {FIELD_LITERAL(0x00ce0bed0a3532bcULL, 0x001a5048a22df16bULL, - 0x00e31db4cbad8bf1ULL, 0x00e89292120cf00eULL, - 0x007d1dd1a9b00034ULL, 0x00e2a9041ff8f680ULL, - 0x006a4c837ae596e7ULL, 0x00713af1068070b3ULL)}, - {FIELD_LITERAL(0x00c4fe64ce66d04bULL, 0x00b095d52e09b3d7ULL, - 0x00758bbecb1a3a8eULL, 0x00f35cce8d0650c0ULL, - 0x002b878aa5984473ULL, 0x0062e0a3b7544ddcULL, - 0x00b25b290ed116feULL, 0x007b0f6abe0bebf2ULL)}, - {FIELD_LITERAL(0x0081d4e3addae0a8ULL, 0x003410c836c7ffccULL, - 0x00c8129ad89e4314ULL, 0x000e3d5a23922dcdULL, - 0x00d91e46f29c31f3ULL, 0x006c728cde8c5947ULL, - 0x002bc655ba2566c0ULL, 0x002ca94721533108ULL)}, - }}, {{ - {FIELD_LITERAL(0x0051e4b3f764d8a9ULL, 0x0019792d46e904a0ULL, - 0x00853bc13dbc8227ULL, 0x000840208179f12dULL, - 0x0068243474879235ULL, 0x0013856fbfe374d0ULL, - 0x00bda12fe8676424ULL, 0x00bbb43635926eb2ULL)}, - {FIELD_LITERAL(0x0012cdc880a93982ULL, 0x003c495b21cd1b58ULL, - 0x00b7e5c93f22a26eULL, 0x0044aa82dfb99458ULL, - 0x009ba092cdffe9c0ULL, 0x00a14b3ab2083b73ULL, - 0x000271c2f70e1c4bULL, 0x00eea9cac0f66eb8ULL)}, - {FIELD_LITERAL(0x001a1847c4ac5480ULL, 0x00b1b412935bb03aULL, - 0x00f74285983bf2b2ULL, 0x00624138b5b5d0f1ULL, - 0x008820c0b03d38bfULL, 0x00b94e50a18c1572ULL, - 0x0060f6934841798fULL, 0x00c52f5d66d6ebe2ULL)}, - }}, {{ - {FIELD_LITERAL(0x00da23d59f9bcea6ULL, 0x00e0f27007a06a4bULL, - 0x00128b5b43a6758cULL, 0x000cf50190fa8b56ULL, - 0x00fc877aba2b2d72ULL, 0x00623bef52edf53fULL, - 0x00e6af6b819669e2ULL, 0x00e314dc34fcaa4fULL)}, - {FIELD_LITERAL(0x0066e5eddd164d1eULL, 0x00418a7c6fe28238ULL, - 0x0002e2f37e962c25ULL, 0x00f01f56b5975306ULL, - 0x0048842fa503875cULL, 0x0057b0e968078143ULL, - 0x00ff683024f3d134ULL, 0x0082ae28fcad12e4ULL)}, - {FIELD_LITERAL(0x0011ddfd21260e42ULL, 0x00d05b0319a76892ULL, - 0x00183ea4368e9b8fULL, 0x00b0815662affc96ULL, - 0x00b466a5e7ce7c88ULL, 0x00db93b07506e6eeULL, - 0x0033885f82f62401ULL, 0x0086f9090ec9b419ULL)}, - }}, {{ - {FIELD_LITERAL(0x00d95d1c5fcb435aULL, 0x0016d1ed6b5086f9ULL, - 0x00792aa0b7e54d71ULL, 0x0067b65715f1925dULL, - 0x00a219755ec6176bULL, 0x00bc3f026b12c28fULL, - 0x00700c897ffeb93eULL, 0x0089b83f6ec50b46ULL)}, - {FIELD_LITERAL(0x003c97e6384da36eULL, 0x00423d53eac81a09ULL, - 0x00b70d68f3cdce35ULL, 0x00ee7959b354b92cULL, - 0x00f4e9718819c8caULL, 0x009349f12acbffe9ULL, - 0x005aee7b62cb7da6ULL, 0x00d97764154ffc86ULL)}, - {FIELD_LITERAL(0x00526324babb46dcULL, 0x002ee99b38d7bf9eULL, - 0x007ea51794706ef4ULL, 0x00abeb04da6e3c39ULL, - 0x006b457c1d281060ULL, 0x00fe243e9a66c793ULL, - 0x00378de0fb6c6ee4ULL, 0x003e4194b9c3cb93ULL)}, - }}, {{ - {FIELD_LITERAL(0x00fed3cd80ca2292ULL, 0x0015b043a73ca613ULL, - 0x000a9fd7bf9be227ULL, 0x003b5e03de2db983ULL, - 0x005af72d46904ef7ULL, 0x00c0f1b5c49faa99ULL, - 0x00dc86fc3bd305e1ULL, 0x00c92f08c1cb1797ULL)}, - {FIELD_LITERAL(0x0079680ce111ed3bULL, 0x001a1ed82806122cULL, - 0x000c2e7466d15df3ULL, 0x002c407f6f7150fdULL, - 0x00c5e7c96b1b0ce3ULL, 0x009aa44626863ff9ULL, - 0x00887b8b5b80be42ULL, 0x00b6023cec964825ULL)}, - {FIELD_LITERAL(0x00e4a8e1048970c8ULL, 0x0062887b7830a302ULL, - 0x00bcf1c8cd81402bULL, 0x0056dbb81a68f5beULL, - 0x0014eced83f12452ULL, 0x00139e1a510150dfULL, - 0x00bb81140a82d1a3ULL, 0x000febcc1aaf1aa7ULL)}, - }}, {{ - {FIELD_LITERAL(0x00a7527958238159ULL, 0x0013ec9537a84cd6ULL, - 0x001d7fee7d562525ULL, 0x00b9eefa6191d5e5ULL, - 0x00dbc97db70bcb8aULL, 0x00481affc7a4d395ULL, - 0x006f73d3e70c31bbULL, 0x00183f324ed96a61ULL)}, - {FIELD_LITERAL(0x0039dd7ce7fc6860ULL, 0x00d64f6425653da1ULL, - 0x003e037c7f57d0afULL, 0x0063477a06e2bcf2ULL, - 0x001727dbb7ac67e6ULL, 0x0049589f5efafe2eULL, - 0x00fc0fef2e813d54ULL, 0x008baa5d087fb50dULL)}, - {FIELD_LITERAL(0x0024fb59d9b457c7ULL, 0x00a7d4e060223e4cULL, - 0x00c118d1b555fd80ULL, 0x0082e216c732f22aULL, - 0x00cd2a2993089504ULL, 0x003638e836a3e13dULL, - 0x000d855ee89b4729ULL, 0x008ec5b7d4810c91ULL)}, - }}, {{ - {FIELD_LITERAL(0x001bf51f7d65cdfdULL, 0x00d14cdafa16a97dULL, - 0x002c38e60fcd10e7ULL, 0x00a27446e393efbdULL, - 0x000b5d8946a71fddULL, 0x0063df2cde128f2fULL, - 0x006c8679569b1888ULL, 0x0059ffc4925d732dULL)}, - {FIELD_LITERAL(0x00ece96f95f2b66fULL, 0x00ece7952813a27bULL, - 0x0026fc36592e489eULL, 0x007157d1a2de0f66ULL, - 0x00759dc111d86ddfULL, 0x0012881e5780bb0fULL, - 0x00c8ccc83ad29496ULL, 0x0012b9bd1929eb71ULL)}, - {FIELD_LITERAL(0x000fa15a20da5df0ULL, 0x00349ddb1a46cd31ULL, - 0x002c512ad1d8e726ULL, 0x00047611f669318dULL, - 0x009e68fba591e17eULL, 0x004320dffa803906ULL, - 0x00a640874951a3d3ULL, 0x00b6353478baa24fULL)}, - }}, {{ - {FIELD_LITERAL(0x009696510000d333ULL, 0x00ec2f788bc04826ULL, - 0x000e4d02b1f67ba5ULL, 0x00659aa8dace08b6ULL, - 0x00d7a38a3a3ae533ULL, 0x008856defa8c746bULL, - 0x004d7a4402d3da1aULL, 0x00ea82e06229260fULL)}, - {FIELD_LITERAL(0x006a15bb20f75c0cULL, 0x0079a144027a5d0cULL, - 0x00d19116ce0b4d70ULL, 0x0059b83bcb0b268eULL, - 0x005f58f63f16c127ULL, 0x0079958318ee2c37ULL, - 0x00defbb063d07f82ULL, 0x00f1f0b931d2d446ULL)}, - {FIELD_LITERAL(0x00cb5e4c3c35d422ULL, 0x008df885ca43577fULL, - 0x00fa50b16ca3e471ULL, 0x005a0e58e17488c8ULL, - 0x00b2ceccd6d34d19ULL, 0x00f01d5d235e36e9ULL, - 0x00db2e7e4be6ca44ULL, 0x00260ab77f35fccdULL)}, - }}, {{ - {FIELD_LITERAL(0x006f6fd9baac61d5ULL, 0x002a7710a020a895ULL, - 0x009de0db7fc03d4dULL, 0x00cdedcb1875f40bULL, - 0x00050caf9b6b1e22ULL, 0x005e3a6654456ab0ULL, - 0x00775fdf8c4423d4ULL, 0x0028701ea5738b5dULL)}, - {FIELD_LITERAL(0x009ffd90abfeae96ULL, 0x00cba3c2b624a516ULL, - 0x005ef08bcee46c91ULL, 0x00e6fde30afb6185ULL, - 0x00f0b4db4f818ce4ULL, 0x006c54f45d2127f5ULL, - 0x00040125035854c7ULL, 0x00372658a3287e13ULL)}, - {FIELD_LITERAL(0x00d7070fb1beb2abULL, 0x0078fc845a93896bULL, - 0x006894a4b2f224a6ULL, 0x005bdd8192b9dbdeULL, - 0x00b38839874b3a9eULL, 0x00f93618b04b7a57ULL, - 0x003e3ec75fd2c67eULL, 0x00bf5e6bfc29494aULL)}, - }}, {{ - {FIELD_LITERAL(0x00f19224ebba2aa5ULL, 0x0074f89d358e694dULL, - 0x00eea486597135adULL, 0x0081579a4555c7e1ULL, - 0x0010b9b872930a9dULL, 0x00f002e87a30ecc0ULL, - 0x009b9d66b6de56e2ULL, 0x00a3c4f45e8004ebULL)}, - {FIELD_LITERAL(0x0045e8dda9400888ULL, 0x002ff12e5fc05db7ULL, - 0x00a7098d54afe69cULL, 0x00cdbe846a500585ULL, - 0x00879c1593ca1882ULL, 0x003f7a7fea76c8b0ULL, - 0x002cd73dd0c8e0a1ULL, 0x00645d6ce96f51feULL)}, - {FIELD_LITERAL(0x002b7e83e123d6d6ULL, 0x00398346f7419c80ULL, - 0x0042922e55940163ULL, 0x005e7fc5601886a3ULL, - 0x00e88f2cee1d3103ULL, 0x00e7fab135f2e377ULL, - 0x00b059984dbf0dedULL, 0x0009ce080faa5bb8ULL)}, - }}, {{ - {FIELD_LITERAL(0x0085e78af7758979ULL, 0x00275a4ee1631a3aULL, - 0x00d26bc0ed78b683ULL, 0x004f8355ea21064fULL, - 0x00d618e1a32696e5ULL, 0x008d8d7b150e5680ULL, - 0x00a74cd854b278d2ULL, 0x001dd62702203ea0ULL)}, - {FIELD_LITERAL(0x00f89335c2a59286ULL, 0x00a0f5c905d55141ULL, - 0x00b41fb836ee9382ULL, 0x00e235d51730ca43ULL, - 0x00a5cb37b5c0a69aULL, 0x009b966ffe136c45ULL, - 0x00cb2ea10bf80ed1ULL, 0x00fb2b370b40dc35ULL)}, - {FIELD_LITERAL(0x00d687d16d4ee8baULL, 0x0071520bdd069dffULL, - 0x00de85c60d32355dULL, 0x0087d2e3565102f4ULL, - 0x00cde391b8dfc9aaULL, 0x00e18d69efdfefe5ULL, - 0x004a9d0591954e91ULL, 0x00fa36dd8b50eee5ULL)}, - }}, {{ - {FIELD_LITERAL(0x002e788749a865f7ULL, 0x006e4dc3116861eaULL, - 0x009f1428c37276e6ULL, 0x00e7d2e0fc1e1226ULL, - 0x003aeebc6b6c45f6ULL, 0x0071a8073bf500c9ULL, - 0x004b22ad986b530cULL, 0x00f439e63c0d79d4ULL)}, - {FIELD_LITERAL(0x006bc3d53011f470ULL, 0x00032d6e692b83e8ULL, - 0x00059722f497cd0bULL, 0x0009b4e6f0c497ccULL, - 0x0058a804b7cce6c0ULL, 0x002b71d3302bbd5dULL, - 0x00e2f82a36765fceULL, 0x008dded99524c703ULL)}, - {FIELD_LITERAL(0x004d058953747d64ULL, 0x00701940fe79aa6fULL, - 0x00a620ac71c760bfULL, 0x009532b611158b75ULL, - 0x00547ed7f466f300ULL, 0x003cb5ab53a8401aULL, - 0x00c7763168ce3120ULL, 0x007e48e33e4b9ab2ULL)}, - }}, {{ - {FIELD_LITERAL(0x001b2fc57bf3c738ULL, 0x006a3f918993fb80ULL, - 0x0026f7a14fdec288ULL, 0x0075a2cdccef08dbULL, - 0x00d3ecbc9eecdbf1ULL, 0x0048c40f06e5bf7fULL, - 0x00d63e423009896bULL, 0x000598bc99c056a8ULL)}, - {FIELD_LITERAL(0x002f194eaafa46dcULL, 0x008e38f57fe87613ULL, - 0x00dc8e5ae25f4ab2ULL, 0x000a17809575e6bdULL, - 0x00d3ec7923ba366aULL, 0x003a7e72e0ad75e3ULL, - 0x0010024b88436e0aULL, 0x00ed3c5444b64051ULL)}, - {FIELD_LITERAL(0x00831fc1340af342ULL, 0x00c9645669466d35ULL, - 0x007692b4cc5a080fULL, 0x009fd4a47ac9259fULL, - 0x001eeddf7d45928bULL, 0x003c0446fc45f28bULL, - 0x002c0713aa3e2507ULL, 0x0095706935f0f41eULL)}, - }}, {{ - {FIELD_LITERAL(0x00766ae4190ec6d8ULL, 0x0065768cabc71380ULL, - 0x00b902598416cdc2ULL, 0x00380021ad38df52ULL, - 0x008f0b89d6551134ULL, 0x004254d4cc62c5a5ULL, - 0x000d79f4484b9b94ULL, 0x00b516732ae3c50eULL)}, - {FIELD_LITERAL(0x001fb73475c45509ULL, 0x00d2b2e5ea43345aULL, - 0x00cb3c3842077bd1ULL, 0x0029f90ad820946eULL, - 0x007c11b2380778aaULL, 0x009e54ece62c1704ULL, - 0x004bc60c41ca01c3ULL, 0x004525679a5a0b03ULL)}, - {FIELD_LITERAL(0x00c64fbddbed87b3ULL, 0x0040601d11731faaULL, - 0x009c22475b6f9d67ULL, 0x0024b79dae875f15ULL, - 0x00616fed3f02c3b0ULL, 0x0000cf39f6af2d3bULL, - 0x00c46bac0aa9a688ULL, 0x00ab23e2800da204ULL)}, - }}, {{ - {FIELD_LITERAL(0x000b3a37617632b0ULL, 0x00597199fe1cfb6cULL, - 0x0042a7ccdfeafdd6ULL, 0x004cc9f15ebcea17ULL, - 0x00f436e596a6b4a4ULL, 0x00168861142df0d8ULL, - 0x000753edfec26af5ULL, 0x000c495d7e388116ULL)}, - {FIELD_LITERAL(0x0017085f4a346148ULL, 0x00c7cf7a37f62272ULL, - 0x001776e129bc5c30ULL, 0x009955134c9eef2aULL, - 0x001ba5bdf1df07beULL, 0x00ec39497103a55cULL, - 0x006578354fda6cfbULL, 0x005f02719d4f15eeULL)}, - {FIELD_LITERAL(0x0052b9d9b5d9655dULL, 0x00d4ec7ba1b461c3ULL, - 0x00f95df4974f280bULL, 0x003d8e5ca11aeb51ULL, - 0x00d4981eb5a70b26ULL, 0x000af9a4f6659f29ULL, - 0x004598c846faeb43ULL, 0x0049d9a183a47670ULL)}, - }}, {{ - {FIELD_LITERAL(0x000a72d23dcb3f1fULL, 0x00a3737f84011727ULL, - 0x00f870c0fbbf4a47ULL, 0x00a7aadd04b5c9caULL, - 0x000c7715c67bd072ULL, 0x00015a136afcd74eULL, - 0x0080d5caea499634ULL, 0x0026b448ec7514b7ULL)}, - {FIELD_LITERAL(0x00b60167d9e7d065ULL, 0x00e60ba0d07381e8ULL, - 0x003a4f17b725c2d4ULL, 0x006c19fe176b64faULL, - 0x003b57b31af86ccbULL, 0x0021047c286180fdULL, - 0x00bdc8fb00c6dbb6ULL, 0x00fe4a9f4bab4f3fULL)}, - {FIELD_LITERAL(0x0088ffc3a16111f7ULL, 0x009155e4245d0bc8ULL, - 0x00851d68220572d5ULL, 0x00557ace1e514d29ULL, - 0x0031d7c339d91022ULL, 0x00101d0ae2eaceeaULL, - 0x00246ab3f837b66aULL, 0x00d5216d381ff530ULL)}, - }}, {{ - {FIELD_LITERAL(0x0057e7ea35f36daeULL, 0x00f47d7ad15de22eULL, - 0x00d757ea4b105115ULL, 0x008311457d579d7eULL, - 0x00b49b75b1edd4ebULL, 0x0081c7ff742fd63aULL, - 0x00ddda3187433df6ULL, 0x00475727d55f9c66ULL)}, - {FIELD_LITERAL(0x00a6295218dc136aULL, 0x00563b3af0e9c012ULL, - 0x00d3753b0145db1bULL, 0x004550389c043dc1ULL, - 0x00ea94ae27401bdfULL, 0x002b0b949f2b7956ULL, - 0x00c63f780ad8e23cULL, 0x00e591c47d6bab15ULL)}, - {FIELD_LITERAL(0x00416c582b058eb6ULL, 0x004107da5b2cc695ULL, - 0x00b3cd2556aeec64ULL, 0x00c0b418267e57a1ULL, - 0x001799293579bd2eULL, 0x0046ed44590e4d07ULL, - 0x001d7459b3630a1eULL, 0x00c6afba8b6696aaULL)}, - }}, {{ - {FIELD_LITERAL(0x008d6009b26da3f8ULL, 0x00898e88ca06b1caULL, - 0x00edb22b2ed7fe62ULL, 0x00fbc93516aabe80ULL, - 0x008b4b470c42ce0dULL, 0x00e0032ba7d0dcbbULL, - 0x00d76da3a956ecc8ULL, 0x007f20fe74e3852aULL)}, - {FIELD_LITERAL(0x002419222c607674ULL, 0x00a7f23af89188b3ULL, - 0x00ad127284e73d1cULL, 0x008bba582fae1c51ULL, - 0x00fc6aa7ca9ecab1ULL, 0x003df5319eb6c2baULL, - 0x002a05af8a8b199aULL, 0x004bf8354558407cULL)}, - {FIELD_LITERAL(0x00ce7d4a30f0fcbfULL, 0x00d02c272629f03dULL, - 0x0048c001f7400bc2ULL, 0x002c21368011958dULL, - 0x0098a550391e96b5ULL, 0x002d80b66390f379ULL, - 0x001fa878760cc785ULL, 0x001adfce54b613d5ULL)}, - }}, {{ - {FIELD_LITERAL(0x001ed4dc71fa2523ULL, 0x005d0bff19bf9b5cULL, - 0x00c3801cee065a64ULL, 0x001ed0b504323fbfULL, - 0x0003ab9fdcbbc593ULL, 0x00df82070178b8d2ULL, - 0x00a2bcaa9c251f85ULL, 0x00c628a3674bd02eULL)}, - {FIELD_LITERAL(0x006b7a0674f9f8deULL, 0x00a742414e5c7cffULL, - 0x0041cbf3c6e13221ULL, 0x00e3a64fd207af24ULL, - 0x0087c05f15fbe8d1ULL, 0x004c50936d9e8a33ULL, - 0x001306ec21042b6dULL, 0x00a4f4137d1141c2ULL)}, - {FIELD_LITERAL(0x0009e6fb921568b0ULL, 0x00b3c60120219118ULL, - 0x002a6c3460dd503aULL, 0x009db1ef11654b54ULL, - 0x0063e4bf0be79601ULL, 0x00670d34bb2592b9ULL, - 0x00dcee2f6c4130ceULL, 0x00b2682e88e77f54ULL)}, - }}, {{ - {FIELD_LITERAL(0x000d5b4b3da135abULL, 0x00838f3e5064d81dULL, - 0x00d44eb50f6d94edULL, 0x0008931ab502ac6dULL, - 0x00debe01ca3d3586ULL, 0x0025c206775f0641ULL, - 0x005ad4b6ae912763ULL, 0x007e2c318ad8f247ULL)}, - {FIELD_LITERAL(0x00ddbe0750dd1addULL, 0x004b3c7b885844b8ULL, - 0x00363e7ecf12f1aeULL, 0x0062e953e6438f9dULL, - 0x0023cc73b076afe9ULL, 0x00b09fa083b4da32ULL, - 0x00c7c3d2456c541dULL, 0x005b591ec6b694d4ULL)}, - {FIELD_LITERAL(0x0028656e19d62fcfULL, 0x0052a4af03df148dULL, - 0x00122765ddd14e42ULL, 0x00f2252904f67157ULL, - 0x004741965b636f3aULL, 0x006441d296132cb9ULL, - 0x005e2106f956a5b7ULL, 0x00247029592d335cULL)}, - }}, {{ - {FIELD_LITERAL(0x003fe038eb92f894ULL, 0x000e6da1b72e8e32ULL, - 0x003a1411bfcbe0faULL, 0x00b55d473164a9e4ULL, - 0x00b9a775ac2df48dULL, 0x0002ddf350659e21ULL, - 0x00a279a69eb19cb3ULL, 0x00f844eab25cba44ULL)}, - {FIELD_LITERAL(0x00c41d1f9c1f1ac1ULL, 0x007b2df4e9f19146ULL, - 0x00b469355fd5ba7aULL, 0x00b5e1965afc852aULL, - 0x00388d5f1e2d8217ULL, 0x0022079e4c09ae93ULL, - 0x0014268acd4ef518ULL, 0x00c1dd8d9640464cULL)}, - {FIELD_LITERAL(0x0038526adeed0c55ULL, 0x00dd68c607e3fe85ULL, - 0x00f746ddd48a5d57ULL, 0x0042f2952b963b7cULL, - 0x001cbbd6876d5ec2ULL, 0x005e341470bca5c2ULL, - 0x00871d41e085f413ULL, 0x00e53ab098f45732ULL)}, - }}, {{ - {FIELD_LITERAL(0x004d51124797c831ULL, 0x008f5ae3750347adULL, - 0x0070ced94c1a0c8eULL, 0x00f6db2043898e64ULL, - 0x000d00c9a5750cd0ULL, 0x000741ec59bad712ULL, - 0x003c9d11aab37b7fULL, 0x00a67ba169807714ULL)}, - {FIELD_LITERAL(0x00adb2c1566e8b8fULL, 0x0096c68a35771a9aULL, - 0x00869933356f334aULL, 0x00ba9c93459f5962ULL, - 0x009ec73fb6e8ca4bULL, 0x003c3802c27202e1ULL, - 0x0031f5b733e0c008ULL, 0x00f9058c19611fa9ULL)}, - {FIELD_LITERAL(0x00238f01814a3421ULL, 0x00c325a44b6cce28ULL, - 0x002136f97aeb0e73ULL, 0x000cac8268a4afe2ULL, - 0x0022fd218da471b3ULL, 0x009dcd8dfff8def9ULL, - 0x00cb9f8181d999bbULL, 0x00143ae56edea349ULL)}, - }}, {{ - {FIELD_LITERAL(0x0000623bf87622c5ULL, 0x00a1966fdd069496ULL, - 0x00c315b7b812f9fcULL, 0x00bdf5efcd128b97ULL, - 0x001d464f532e3e16ULL, 0x003cd94f081bfd7eULL, - 0x00ed9dae12ce4009ULL, 0x002756f5736eee70ULL)}, - {FIELD_LITERAL(0x00a5187e6ee7341bULL, 0x00e6d52e82d83b6eULL, - 0x00df3c41323094a7ULL, 0x00b3324f444e9de9ULL, - 0x00689eb21a35bfe5ULL, 0x00f16363becd548dULL, - 0x00e187cc98e7f60fULL, 0x00127d9062f0ccabULL)}, - {FIELD_LITERAL(0x004ad71b31c29e40ULL, 0x00a5fcace12fae29ULL, - 0x004425b5597280edULL, 0x00e7ef5d716c3346ULL, - 0x0010b53ada410ac8ULL, 0x0092310226060c9bULL, - 0x0091c26128729c7eULL, 0x0088b42900f8ec3bULL)}, - }}, {{ - {FIELD_LITERAL(0x00f1e26e9762d4a8ULL, 0x00d9d74082183414ULL, - 0x00ffec9bd57a0282ULL, 0x000919e128fd497aULL, - 0x00ab7ae7d00fe5f8ULL, 0x0054dc442851ff68ULL, - 0x00c9ebeb3b861687ULL, 0x00507f7cab8b698fULL)}, - {FIELD_LITERAL(0x00c13c5aae3ae341ULL, 0x009c6c9ed98373e7ULL, - 0x00098f26864577a8ULL, 0x0015b886e9488b45ULL, - 0x0037692c42aadba5ULL, 0x00b83170b8e7791cULL, - 0x001670952ece1b44ULL, 0x00fd932a39276da2ULL)}, - {FIELD_LITERAL(0x0081a3259bef3398ULL, 0x005480fff416107bULL, - 0x00ce4f607d21be98ULL, 0x003ffc084b41df9bULL, - 0x0043d0bb100502d1ULL, 0x00ec35f575ba3261ULL, - 0x00ca18f677300ef3ULL, 0x00e8bb0a827d8548ULL)}, - }}, {{ - {FIELD_LITERAL(0x00df76b3328ada72ULL, 0x002e20621604a7c2ULL, - 0x00f910638a105b09ULL, 0x00ef4724d96ef2cdULL, - 0x00377d83d6b8a2f7ULL, 0x00b4f48805ade324ULL, - 0x001cd5da8b152018ULL, 0x0045af671a20ca7fULL)}, - {FIELD_LITERAL(0x009ae3b93a56c404ULL, 0x004a410b7a456699ULL, - 0x00023a619355e6b2ULL, 0x009cdc7297387257ULL, - 0x0055b94d4ae70d04ULL, 0x002cbd607f65b005ULL, - 0x003208b489697166ULL, 0x00ea2aa058867370ULL)}, - {FIELD_LITERAL(0x00f29d2598ee3f32ULL, 0x00b4ac5385d82adcULL, - 0x007633eaf04df19bULL, 0x00aa2d3d77ceab01ULL, - 0x004a2302fcbb778aULL, 0x00927f225d5afa34ULL, - 0x004a8e9d5047f237ULL, 0x008224ae9dbce530ULL)}, - }}, {{ - {FIELD_LITERAL(0x001cf640859b02f8ULL, 0x00758d1d5d5ce427ULL, - 0x00763c784ef4604cULL, 0x005fa81aee205270ULL, - 0x00ac537bfdfc44cbULL, 0x004b919bd342d670ULL, - 0x00238508d9bf4b7aULL, 0x00154888795644f3ULL)}, - {FIELD_LITERAL(0x00c845923c084294ULL, 0x00072419a201bc25ULL, - 0x0045f408b5f8e669ULL, 0x00e9d6a186b74dfeULL, - 0x00e19108c68fa075ULL, 0x0017b91d874177b7ULL, - 0x002f0ca2c7912c5aULL, 0x009400aa385a90a2ULL)}, - {FIELD_LITERAL(0x0071110b01482184ULL, 0x00cfed0044f2bef8ULL, - 0x0034f2901cf4662eULL, 0x003b4ae2a67f9834ULL, - 0x00cca9b96fe94810ULL, 0x00522507ae77abd0ULL, - 0x00bac7422721e73eULL, 0x0066622b0f3a62b0ULL)}, - }}, {{ - {FIELD_LITERAL(0x00f8ac5cf4705b6aULL, 0x00867d82dcb457e3ULL, - 0x007e13ab2ccc2ce9ULL, 0x009ee9a018d3930eULL, - 0x008370f8ecb42df8ULL, 0x002d9f019add263eULL, - 0x003302385b92d196ULL, 0x00a15654536e2c0cULL)}, - {FIELD_LITERAL(0x0026ef1614e160afULL, 0x00c023f9edfc9c76ULL, - 0x00cff090da5f57baULL, 0x0076db7a66643ae9ULL, - 0x0019462f8c646999ULL, 0x008fec00b3854b22ULL, - 0x00d55041692a0a1cULL, 0x0065db894215ca00ULL)}, - {FIELD_LITERAL(0x00a925036e0a451cULL, 0x002a0390c36b6cc1ULL, - 0x00f27020d90894f4ULL, 0x008d90d52cbd3d7fULL, - 0x00e1d0137392f3b8ULL, 0x00f017c158b51a8fULL, - 0x00cac313d3ed7dbcULL, 0x00b99a81e3eb42d3ULL)}, - }}, {{ - {FIELD_LITERAL(0x00b54850275fe626ULL, 0x0053a3fd1ec71140ULL, - 0x00e3d2d7dbe096faULL, 0x00e4ac7b595cce4cULL, - 0x0077bad449c0a494ULL, 0x00b7c98814afd5b3ULL, - 0x0057226f58486cf9ULL, 0x00b1557154f0cc57ULL)}, - {FIELD_LITERAL(0x008cc9cd236315c0ULL, 0x0031d9c5b39fda54ULL, - 0x00a5713ef37e1171ULL, 0x00293d5ae2886325ULL, - 0x00c4aba3e05015e1ULL, 0x0003f35ef78e4fc6ULL, - 0x0039d6bd3ac1527bULL, 0x0019d7c3afb77106ULL)}, - {FIELD_LITERAL(0x007b162931a985afULL, 0x00ad40a2e0daa713ULL, - 0x006df27c4009f118ULL, 0x00503e9f4e2e8becULL, - 0x00751a77c82c182dULL, 0x000298937769245bULL, - 0x00ffb1e8fabf9ee5ULL, 0x0008334706e09abeULL)}, - }}, {{ - {FIELD_LITERAL(0x00dbca4e98a7dcd9ULL, 0x00ee29cfc78bde99ULL, - 0x00e4a3b6995f52e9ULL, 0x0045d70189ae8096ULL, - 0x00fd2a8a3b9b0d1bULL, 0x00af1793b107d8e1ULL, - 0x00dbf92cbe4afa20ULL, 0x00da60f798e3681dULL)}, - {FIELD_LITERAL(0x004246bfcecc627aULL, 0x004ba431246c03a4ULL, - 0x00bd1d101872d497ULL, 0x003b73d3f185ee16ULL, - 0x001feb2e2678c0e3ULL, 0x00ff13c5a89dec76ULL, - 0x00ed06042e771d8fULL, 0x00a4fd2a897a83ddULL)}, - {FIELD_LITERAL(0x009a4a3be50d6597ULL, 0x00de3165fc5a1096ULL, - 0x004f3f56e345b0c7ULL, 0x00f7bf721d5ab8bcULL, - 0x004313e47b098c50ULL, 0x00e4c7d5c0e1adbbULL, - 0x002e3e3db365051eULL, 0x00a480c2cd6a96fbULL)}, - }}, {{ - {FIELD_LITERAL(0x00417fa30a7119edULL, 0x00af257758419751ULL, - 0x00d358a487b463d4ULL, 0x0089703cc720b00dULL, - 0x00ce56314ff7f271ULL, 0x0064db171ade62c1ULL, - 0x00640b36d4a22fedULL, 0x00424eb88696d23fULL)}, - {FIELD_LITERAL(0x004ede34af2813f3ULL, 0x00d4a8e11c9e8216ULL, - 0x004796d5041de8a5ULL, 0x00c4c6b4d21cc987ULL, - 0x00e8a433ee07fa1eULL, 0x0055720b5abcc5a1ULL, - 0x008873ea9c74b080ULL, 0x005b3fec1ab65d48ULL)}, - {FIELD_LITERAL(0x0047e5277db70ec5ULL, 0x000a096c66db7d6bULL, - 0x00b4164cc1730159ULL, 0x004a9f783fe720feULL, - 0x00a8177b94449dbcULL, 0x0095a24ff49a599fULL, - 0x0069c1c578250cbcULL, 0x00452019213debf4ULL)}, - }}, {{ - {FIELD_LITERAL(0x0021ce99e09ebda3ULL, 0x00fcbd9f91875ad0ULL, - 0x009bbf6b7b7a0b5fULL, 0x00388886a69b1940ULL, - 0x00926a56d0f81f12ULL, 0x00e12903c3358d46ULL, - 0x005dfce4e8e1ce9dULL, 0x0044cfa94e2f7e23ULL)}, - {FIELD_LITERAL(0x001bd59c09e982eaULL, 0x00f72daeb937b289ULL, - 0x0018b76dca908e0eULL, 0x00edb498512384adULL, - 0x00ce0243b6cc9538ULL, 0x00f96ff690cb4e70ULL, - 0x007c77bf9f673c8dULL, 0x005bf704c088a528ULL)}, - {FIELD_LITERAL(0x0093d4628dcb33beULL, 0x0095263d51d42582ULL, - 0x0049b3222458fe06ULL, 0x00e7fce73b653a7fULL, - 0x003ca2ebce60b369ULL, 0x00c5de239a32bea4ULL, - 0x0063b8b3d71fb6bfULL, 0x0039aeeb78a1a839ULL)}, - }}, {{ - {FIELD_LITERAL(0x007dc52da400336cULL, 0x001fded1e15b9457ULL, - 0x00902e00f5568e3aULL, 0x00219bef40456d2dULL, - 0x005684161fb3dbc9ULL, 0x004a4e9be49a76eaULL, - 0x006e685ae88b78ffULL, 0x0021c42f13042d3cULL)}, - {FIELD_LITERAL(0x00fb22bb5fd3ce50ULL, 0x0017b48aada7ae54ULL, - 0x00fd5c44ad19a536ULL, 0x000ccc4e4e55e45cULL, - 0x00fd637d45b4c3f5ULL, 0x0038914e023c37cfULL, - 0x00ac1881d6a8d898ULL, 0x00611ed8d3d943a8ULL)}, - {FIELD_LITERAL(0x0056e2259d113d2bULL, 0x00594819b284ec16ULL, - 0x00c7bf794bb36696ULL, 0x00721ee75097cdc6ULL, - 0x00f71be9047a2892ULL, 0x00df6ba142564edfULL, - 0x0069580b7a184e8dULL, 0x00f056e38fca0feeULL)}, - }}, {{ - {FIELD_LITERAL(0x009df98566a18c6dULL, 0x00cf3a200968f219ULL, - 0x0044ba60da6d9086ULL, 0x00dbc9c0e344da03ULL, - 0x000f9401c4466855ULL, 0x00d46a57c5b0a8d1ULL, - 0x00875a635d7ac7c6ULL, 0x00ef4a933b7e0ae6ULL)}, - {FIELD_LITERAL(0x005e8694077a1535ULL, 0x008bef75f71c8f1dULL, - 0x000a7c1316423511ULL, 0x00906e1d70604320ULL, - 0x003fc46c1a2ffbd6ULL, 0x00d1d5022e68f360ULL, - 0x002515fba37bbf46ULL, 0x00ca16234e023b44ULL)}, - {FIELD_LITERAL(0x00787c99561f4690ULL, 0x00a857a8c1561f27ULL, - 0x00a10df9223c09feULL, 0x00b98a9562e3b154ULL, - 0x004330b8744c3ed2ULL, 0x00e06812807ec5c4ULL, - 0x00e4cf6a7db9f1e3ULL, 0x00d95b089f132a34ULL)}, - }}, {{ - {FIELD_LITERAL(0x002922b39ca33eecULL, 0x0090d12a5f3ab194ULL, - 0x00ab60c02fb5f8edULL, 0x00188d292abba1cfULL, - 0x00e10edec9698f6eULL, 0x0069a4d9934133c8ULL, - 0x0024aac40e6d3d06ULL, 0x001702c2177661b0ULL)}, - {FIELD_LITERAL(0x00139078397030bdULL, 0x000e3c447e859a00ULL, - 0x0064a5b334c82393ULL, 0x00b8aabeb7358093ULL, - 0x00020778bb9ae73bULL, 0x0032ee94c7892a18ULL, - 0x008215253cb41bdaULL, 0x005e2797593517aeULL)}, - {FIELD_LITERAL(0x0083765a5f855d4aULL, 0x0051b6d1351b8ee2ULL, - 0x00116de548b0f7bbULL, 0x0087bd88703affa0ULL, - 0x0095b2cc34d7fdd2ULL, 0x0084cd81b53f0bc8ULL, - 0x008562fc995350edULL, 0x00a39abb193651e3ULL)}, - }}, {{ - {FIELD_LITERAL(0x0019e23f0474b114ULL, 0x00eb94c2ad3b437eULL, - 0x006ddb34683b75acULL, 0x00391f9209b564c6ULL, - 0x00083b3bb3bff7aaULL, 0x00eedcd0f6dceefcULL, - 0x00b50817f794fe01ULL, 0x0036474deaaa75c9ULL)}, - {FIELD_LITERAL(0x0091868594265aa2ULL, 0x00797accae98ca6dULL, - 0x0008d8c5f0f8a184ULL, 0x00d1f4f1c2b2fe6eULL, - 0x0036783dfb48a006ULL, 0x008c165120503527ULL, - 0x0025fd780058ce9bULL, 0x0068beb007be7d27ULL)}, - {FIELD_LITERAL(0x00d0ff88aa7c90c2ULL, 0x00b2c60dacf53394ULL, - 0x0094a7284d9666d6ULL, 0x00bed9022ce7a19dULL, - 0x00c51553f0cd7682ULL, 0x00c3fb870b124992ULL, - 0x008d0bc539956c9bULL, 0x00fc8cf258bb8885ULL)}, - }}, {{ - {FIELD_LITERAL(0x003667bf998406f8ULL, 0x0000115c43a12975ULL, - 0x001e662f3b20e8fdULL, 0x0019ffa534cb24ebULL, - 0x00016be0dc8efb45ULL, 0x00ff76a8b26243f5ULL, - 0x00ae20d241a541e3ULL, 0x0069bd6af13cd430ULL)}, - {FIELD_LITERAL(0x0045fdc16487cda3ULL, 0x00b2d8e844cf2ed7ULL, - 0x00612c50e88c1607ULL, 0x00a08aabc66c1672ULL, - 0x006031fdcbb24d97ULL, 0x001b639525744b93ULL, - 0x004409d62639ab17ULL, 0x00a1853d0347ab1dULL)}, - {FIELD_LITERAL(0x0075a1a56ebf5c21ULL, 0x00a3e72be9ac53edULL, - 0x00efcde1629170c2ULL, 0x0004225fe91ef535ULL, - 0x0088049fc73dfda7ULL, 0x004abc74857e1288ULL, - 0x0024e2434657317cULL, 0x00d98cb3d3e5543cULL)}, - }}, {{ - {FIELD_LITERAL(0x00b4b53eab6bdb19ULL, 0x009b22d8b43711d0ULL, - 0x00d948b9d961785dULL, 0x00cb167b6f279eadULL, - 0x00191de3a678e1c9ULL, 0x00d9dd9511095c2eULL, - 0x00f284324cd43067ULL, 0x00ed74fa535151ddULL)}, - {FIELD_LITERAL(0x007e32c049b5c477ULL, 0x009d2bfdbd9bcfd8ULL, - 0x00636e93045938c6ULL, 0x007fde4af7687298ULL, - 0x0046a5184fafa5d3ULL, 0x0079b1e7f13a359bULL, - 0x00875adf1fb927d6ULL, 0x00333e21c61bcad2ULL)}, - {FIELD_LITERAL(0x00048014f73d8b8dULL, 0x0075684aa0966388ULL, - 0x0092be7df06dc47cULL, 0x0097cebcd0f5568aULL, - 0x005a7004d9c4c6a9ULL, 0x00b0ecbb659924c7ULL, - 0x00d90332dd492a7cULL, 0x0057fc14df11493dULL)}, - }}, {{ - {FIELD_LITERAL(0x0008ed8ea0ad95beULL, 0x0041d324b9709645ULL, - 0x00e25412257a19b4ULL, 0x0058df9f3423d8d2ULL, - 0x00a9ab20def71304ULL, 0x009ae0dbf8ac4a81ULL, - 0x00c9565977e4392aULL, 0x003c9269444baf55ULL)}, - {FIELD_LITERAL(0x007df6cbb926830bULL, 0x00d336058ae37865ULL, - 0x007af47dac696423ULL, 0x0048d3011ec64ac8ULL, - 0x006b87666e40049fULL, 0x0036a2e0e51303d7ULL, - 0x00ba319bd79dbc55ULL, 0x003e2737ecc94f53ULL)}, - {FIELD_LITERAL(0x00d296ff726272d9ULL, 0x00f6d097928fcf57ULL, - 0x00e0e616a55d7013ULL, 0x00deaf454ed9eac7ULL, - 0x0073a56bedef4d92ULL, 0x006ccfdf6fc92e19ULL, - 0x009d1ee1371a7218ULL, 0x00ee3c2ee4462d80ULL)}, - }}, {{ - {FIELD_LITERAL(0x00437bce9bccdf9dULL, 0x00e0c8e2f85dc0a3ULL, - 0x00c91a7073995a19ULL, 0x00856ec9fe294559ULL, - 0x009e4b33394b156eULL, 0x00e245b0dc497e5cULL, - 0x006a54e687eeaeffULL, 0x00f1cd1cd00fdb7cULL)}, - {FIELD_LITERAL(0x008132ae5c5d8cd1ULL, 0x00121d68324a1d9fULL, - 0x00d6be9dafcb8c76ULL, 0x00684d9070edf745ULL, - 0x00519fbc96d7448eULL, 0x00388182fdc1f27eULL, - 0x000235baed41f158ULL, 0x00bf6cf6f1a1796aULL)}, - {FIELD_LITERAL(0x002adc4b4d148219ULL, 0x003084ada0d3a90aULL, - 0x0046de8aab0f2e4eULL, 0x00452d342a67b5fdULL, - 0x00d4b50f01d4de21ULL, 0x00db6d9fc0cefb79ULL, - 0x008c184c86a462cdULL, 0x00e17c83764d42daULL)}, - }}, {{ - {FIELD_LITERAL(0x007b2743b9a1e01aULL, 0x007847ffd42688c4ULL, - 0x006c7844d610a316ULL, 0x00f0cb8b250aa4b0ULL, - 0x00a19060143b3ae6ULL, 0x0014eb10b77cfd80ULL, - 0x000170905729dd06ULL, 0x00063b5b9cd72477ULL)}, - {FIELD_LITERAL(0x00ce382dc7993d92ULL, 0x00021153e938b4c8ULL, - 0x00096f7567f48f51ULL, 0x0058f81ddfe4b0d5ULL, - 0x00cc379a56b355c7ULL, 0x002c760770d3e819ULL, - 0x00ee22d1d26e5a40ULL, 0x00de6d93d5b082d7ULL)}, - {FIELD_LITERAL(0x000a91a42c52e056ULL, 0x00185f6b77fce7eaULL, - 0x000803c51962f6b5ULL, 0x0022528582ba563dULL, - 0x0043f8040e9856d6ULL, 0x0085a29ec81fb860ULL, - 0x005f9a611549f5ffULL, 0x00c1f974ecbd4b06ULL)}, - }}, {{ - {FIELD_LITERAL(0x005b64c6fd65ec97ULL, 0x00c1fdd7f877bc7fULL, - 0x000d9cc6c89f841cULL, 0x005c97b7f1aff9adULL, - 0x0075e3c61475d47eULL, 0x001ecb1ba8153011ULL, - 0x00fe7f1c8d71d40dULL, 0x003fa9757a229832ULL)}, - {FIELD_LITERAL(0x00ffc5c89d2b0cbaULL, 0x00d363d42e3e6fc3ULL, - 0x0019a1a0118e2e8aULL, 0x00f7baeff48882e1ULL, - 0x001bd5af28c6b514ULL, 0x0055476ca2253cb2ULL, - 0x00d8eb1977e2ddf3ULL, 0x00b173b1adb228a1ULL)}, - {FIELD_LITERAL(0x00f2cb99dd0ad707ULL, 0x00e1e08b6859ddd8ULL, - 0x000008f2d0650bccULL, 0x00d7ed392f8615c3ULL, - 0x00976750a94da27fULL, 0x003e83bb0ecb69baULL, - 0x00df8e8d15c14ac6ULL, 0x00f9f7174295d9c2ULL)}, - }}, {{ - {FIELD_LITERAL(0x00f11cc8e0e70bcbULL, 0x00e5dc689974e7ddULL, - 0x0014e409f9ee5870ULL, 0x00826e6689acbd63ULL, - 0x008a6f4e3d895d88ULL, 0x00b26a8da41fd4adULL, - 0x000fb7723f83efd7ULL, 0x009c749db0a5f6c3ULL)}, - {FIELD_LITERAL(0x002389319450f9baULL, 0x003677f31aa1250aULL, - 0x0092c3db642f38cbULL, 0x00f8b64c0dfc9773ULL, - 0x00cd49fe3505b795ULL, 0x0068105a4090a510ULL, - 0x00df0ba2072a8bb6ULL, 0x00eb396143afd8beULL)}, - {FIELD_LITERAL(0x00a0d4ecfb24cdffULL, 0x00ddaf8008ba6479ULL, - 0x00f0b3e36d4b0f44ULL, 0x003734bd3af1f146ULL, - 0x00b87e2efc75527eULL, 0x00d230df55ddab50ULL, - 0x002613257ae56c1dULL, 0x00bc0946d135934dULL)}, - }}, {{ - {FIELD_LITERAL(0x00468711bd994651ULL, 0x0033108fa67561bfULL, - 0x0089d760192a54b4ULL, 0x00adc433de9f1871ULL, - 0x000467d05f36e050ULL, 0x007847e0f0579f7fULL, - 0x00a2314ad320052dULL, 0x00b3a93649f0b243ULL)}, - {FIELD_LITERAL(0x0067f8f0c4fe26c9ULL, 0x0079c4a3cc8f67b9ULL, - 0x0082b1e62f23550dULL, 0x00f2d409caefd7f5ULL, - 0x0080e67dcdb26e81ULL, 0x0087ae993ea1f98aULL, - 0x00aa108becf61d03ULL, 0x001acf11efb608a3ULL)}, - {FIELD_LITERAL(0x008225febbab50d9ULL, 0x00f3b605e4dd2083ULL, - 0x00a32b28189e23d2ULL, 0x00d507e5e5eb4c97ULL, - 0x005a1a84e302821fULL, 0x0006f54c1c5f08c7ULL, - 0x00a347c8cb2843f0ULL, 0x0009f73e9544bfa5ULL)}, - }}, {{ - {FIELD_LITERAL(0x006c59c9ae744185ULL, 0x009fc32f1b4282cdULL, - 0x004d6348ca59b1acULL, 0x00105376881be067ULL, - 0x00af4096013147dcULL, 0x004abfb5a5cb3124ULL, - 0x000d2a7f8626c354ULL, 0x009c6ed568e07431ULL)}, - {FIELD_LITERAL(0x00e828333c297f8bULL, 0x009ef3cf8c3f7e1fULL, - 0x00ab45f8fff31cb9ULL, 0x00c8b4178cb0b013ULL, - 0x00d0c50dd3260a3fULL, 0x0097126ac257f5bcULL, - 0x0042376cc90c705aULL, 0x001d96fdb4a1071eULL)}, - {FIELD_LITERAL(0x00542d44d89ee1a8ULL, 0x00306642e0442d98ULL, - 0x0090853872b87338ULL, 0x002362cbf22dc044ULL, - 0x002c222adff663b8ULL, 0x0067c924495fcb79ULL, - 0x000e621d983c977cULL, 0x00df77a9eccb66fbULL)}, - }}, {{ - {FIELD_LITERAL(0x002809e4bbf1814aULL, 0x00b9e854f9fafb32ULL, - 0x00d35e67c10f7a67ULL, 0x008f1bcb76e748cfULL, - 0x004224d9515687d2ULL, 0x005ba0b774e620c4ULL, - 0x00b5e57db5d54119ULL, 0x00e15babe5683282ULL)}, - {FIELD_LITERAL(0x00832d02369b482cULL, 0x00cba52ff0d93450ULL, - 0x003fa9c908d554dbULL, 0x008d1e357b54122fULL, - 0x00abd91c2dc950c6ULL, 0x007eff1df4c0ec69ULL, - 0x003f6aeb13fb2d31ULL, 0x00002d6179fc5b2cULL)}, - {FIELD_LITERAL(0x0046c9eda81c9c89ULL, 0x00b60cb71c8f62fcULL, - 0x0022f5a683baa558ULL, 0x00f87319fccdf997ULL, - 0x009ca09b51ce6a22ULL, 0x005b12baf4af7d77ULL, - 0x008a46524a1e33e2ULL, 0x00035a77e988be0dULL)}, - }}, {{ - {FIELD_LITERAL(0x00a7efe46a7dbe2fULL, 0x002f66fd55014fe7ULL, - 0x006a428afa1ff026ULL, 0x0056caaa9604ab72ULL, - 0x0033f3bcd7fac8aeULL, 0x00ccb1aa01c86764ULL, - 0x00158d1edf13bf40ULL, 0x009848ee76fcf3b4ULL)}, - {FIELD_LITERAL(0x00a9e7730a819691ULL, 0x00d9cc73c4992b70ULL, - 0x00e299bde067de5aULL, 0x008c314eb705192aULL, - 0x00e7226f17e8a3ccULL, 0x0029dfd956e65a47ULL, - 0x0053a8e839073b12ULL, 0x006f942b2ab1597eULL)}, - {FIELD_LITERAL(0x001c3d780ecd5e39ULL, 0x0094f247fbdcc5feULL, - 0x00d5c786fd527764ULL, 0x00b6f4da74f0db2aULL, - 0x0080f1f8badcd5fcULL, 0x00f36a373ad2e23bULL, - 0x00f804f9f4343bf2ULL, 0x00d1af40ec623982ULL)}, - }}, {{ - {FIELD_LITERAL(0x0082aeace5f1b144ULL, 0x00f68b3108cf4dd3ULL, - 0x00634af01dde3020ULL, 0x000beab5df5c2355ULL, - 0x00e8b790d1b49b0bULL, 0x00e48d15854e36f4ULL, - 0x0040ab2d95f3db9fULL, 0x002711c4ed9e899aULL)}, - {FIELD_LITERAL(0x0039343746531ebeULL, 0x00c8509d835d429dULL, - 0x00e79eceff6b0018ULL, 0x004abfd31e8efce5ULL, - 0x007bbfaaa1e20210ULL, 0x00e3be89c193e179ULL, - 0x001c420f4c31d585ULL, 0x00f414a315bef5aeULL)}, - {FIELD_LITERAL(0x007c296a24990df8ULL, 0x00d5d07525a75588ULL, - 0x00dd8e113e94b7e7ULL, 0x007bbc58febe0cc8ULL, - 0x0029f51af9bfcad3ULL, 0x007e9311ec7ab6f3ULL, - 0x009a884de1676343ULL, 0x0050d5f2dce84be9ULL)}, - }}, {{ - {FIELD_LITERAL(0x005fa020cca2450aULL, 0x00491c29db6416d8ULL, - 0x0037cefe3f9f9a85ULL, 0x003d405230647066ULL, - 0x0049e835f0fdbe89ULL, 0x00feb78ac1a0815cULL, - 0x00828e4b32dc9724ULL, 0x00db84f2dc8d6fd4ULL)}, - {FIELD_LITERAL(0x0098cddc8b39549aULL, 0x006da37e3b05d22cULL, - 0x00ce633cfd4eb3cbULL, 0x00fda288ef526acdULL, - 0x0025338878c5d30aULL, 0x00f34438c4e5a1b4ULL, - 0x00584efea7c310f1ULL, 0x0041a551f1b660adULL)}, - {FIELD_LITERAL(0x00d7f7a8fbd6437aULL, 0x0062872413bf3753ULL, - 0x00ad4bbcb43c584bULL, 0x007fe49be601d7e3ULL, - 0x0077c659789babf4ULL, 0x00eb45fcb06a741bULL, - 0x005ce244913f9708ULL, 0x0088426401736326ULL)}, - }}, {{ - {FIELD_LITERAL(0x007bf562ca768d7cULL, 0x006c1f3a174e387cULL, - 0x00f024b447fee939ULL, 0x007e7af75f01143fULL, - 0x003adb70b4eed89dULL, 0x00e43544021ad79aULL, - 0x0091f7f7042011f6ULL, 0x0093c1a1ee3a0ddcULL)}, - {FIELD_LITERAL(0x00a0b68ec1eb72d2ULL, 0x002c03235c0d45a0ULL, - 0x00553627323fe8c5ULL, 0x006186e94b17af94ULL, - 0x00a9906196e29f14ULL, 0x0025b3aee6567733ULL, - 0x007e0dd840080517ULL, 0x0018eb5801a4ba93ULL)}, - {FIELD_LITERAL(0x00d7fe7017bf6a40ULL, 0x006e3f0624be0c42ULL, - 0x00ffbba205358245ULL, 0x00f9fc2cf8194239ULL, - 0x008d93b37bf15b4eULL, 0x006ddf2e38be8e95ULL, - 0x002b6e79bf5fcff9ULL, 0x00ab355da425e2deULL)}, - }}, {{ - {FIELD_LITERAL(0x00938f97e20be973ULL, 0x0099141a36aaf306ULL, - 0x0057b0ca29e545a1ULL, 0x0085db571f9fbc13ULL, - 0x008b333c554b4693ULL, 0x0043ab6ef3e241cbULL, - 0x0054fb20aa1e5c70ULL, 0x00be0ff852760adfULL)}, - {FIELD_LITERAL(0x003973d8938971d6ULL, 0x002aca26fa80c1f5ULL, - 0x00108af1faa6b513ULL, 0x00daae275d7924e6ULL, - 0x0053634ced721308ULL, 0x00d2355fe0bbd443ULL, - 0x00357612b2d22095ULL, 0x00f9bb9dd4136cf3ULL)}, - {FIELD_LITERAL(0x002bff12cf5e03a5ULL, 0x001bdb1fa8a19cf8ULL, - 0x00c91c6793f84d39ULL, 0x00f869f1b2eba9afULL, - 0x0059bc547dc3236bULL, 0x00d91611d6d38689ULL, - 0x00e062daaa2c0214ULL, 0x00ed3c047cc2bc82ULL)}, - }}, {{ - {FIELD_LITERAL(0x000050d70c32b31aULL, 0x001939d576d437b3ULL, - 0x00d709e598bf9fe6ULL, 0x00a885b34bd2ee9eULL, - 0x00dd4b5c08ab1a50ULL, 0x0091bebd50b55639ULL, - 0x00cf79ff64acdbc6ULL, 0x006067a39d826336ULL)}, - {FIELD_LITERAL(0x0062dd0fb31be374ULL, 0x00fcc96b84c8e727ULL, - 0x003f64f1375e6ae3ULL, 0x0057d9b6dd1af004ULL, - 0x00d6a167b1103c7bULL, 0x00dd28f3180fb537ULL, - 0x004ff27ad7167128ULL, 0x008934c33461f2acULL)}, - {FIELD_LITERAL(0x0065b472b7900043ULL, 0x00ba7efd2ff1064bULL, - 0x000b67d6c4c3020fULL, 0x0012d28469f4e46dULL, - 0x0031c32939703ec7ULL, 0x00b49f0bce133066ULL, - 0x00f7e10416181d47ULL, 0x005c90f51867eeccULL)}, - }}, {{ - {FIELD_LITERAL(0x0051207abd179101ULL, 0x00fc2a5c20d9c5daULL, - 0x00fb9d5f2701b6dfULL, 0x002dd040fdea82b8ULL, - 0x00f163b0738442ffULL, 0x00d9736bd68855b8ULL, - 0x00e0d8e93005e61cULL, 0x00df5a40b3988570ULL)}, - {FIELD_LITERAL(0x0006918f5dfce6dcULL, 0x00d4bf1c793c57fbULL, - 0x0069a3f649435364ULL, 0x00e89a50e5b0cd6eULL, - 0x00b9f6a237e973afULL, 0x006d4ed8b104e41dULL, - 0x00498946a3924cd2ULL, 0x00c136ec5ac9d4f7ULL)}, - {FIELD_LITERAL(0x0011a9c290ac5336ULL, 0x002b9a2d4a6a6533ULL, - 0x009a8a68c445d937ULL, 0x00361b27b07e5e5cULL, - 0x003c043b1755b974ULL, 0x00b7eb66cf1155eeULL, - 0x0077af5909eefff2ULL, 0x0098f609877cc806ULL)}, - }}, {{ - {FIELD_LITERAL(0x00ab13af436bf8f4ULL, 0x000bcf0a0dac8574ULL, - 0x00d50c864f705045ULL, 0x00c40e611debc842ULL, - 0x0085010489bd5caaULL, 0x007c5050acec026fULL, - 0x00f67d943c8da6d1ULL, 0x00de1da0278074c6ULL)}, - {FIELD_LITERAL(0x00b373076597455fULL, 0x00e83f1af53ac0f5ULL, - 0x0041f63c01dc6840ULL, 0x0097dea19b0c6f4bULL, - 0x007f9d63b4c1572cULL, 0x00e692d492d0f5f0ULL, - 0x00cbcb392e83b4adULL, 0x0069c0f39ed9b1a8ULL)}, - {FIELD_LITERAL(0x00861030012707c9ULL, 0x009fbbdc7fd4aafbULL, - 0x008f591d6b554822ULL, 0x00df08a41ea18adeULL, - 0x009d7d83e642abeaULL, 0x0098c71bda3b78ffULL, - 0x0022c89e7021f005ULL, 0x0044d29a3fe1e3c4ULL)}, - }}, {{ - {FIELD_LITERAL(0x00e748cd7b5c52f2ULL, 0x00ea9df883f89cc3ULL, - 0x0018970df156b6c7ULL, 0x00c5a46c2a33a847ULL, - 0x00cbde395e32aa09ULL, 0x0072474ebb423140ULL, - 0x00fb00053086a23dULL, 0x001dafcfe22d4e1fULL)}, - {FIELD_LITERAL(0x00c903ee6d825540ULL, 0x00add6c4cf98473eULL, - 0x007636efed4227f1ULL, 0x00905124ae55e772ULL, - 0x00e6b38fab12ed53ULL, 0x0045e132b863fe55ULL, - 0x003974662edb366aULL, 0x00b1787052be8208ULL)}, - {FIELD_LITERAL(0x00a614b00d775c7cULL, 0x00d7c78941cc7754ULL, - 0x00422dd68b5dabc4ULL, 0x00a6110f0167d28bULL, - 0x00685a309c252886ULL, 0x00b439ffd5143660ULL, - 0x003656e29ee7396fULL, 0x00c7c9b9ed5ad854ULL)}, - }}, {{ - {FIELD_LITERAL(0x0040f7e7c5b37bf2ULL, 0x0064e4dc81181bbaULL, - 0x00a8767ae2a366b6ULL, 0x001496b4f90546f2ULL, - 0x002a28493f860441ULL, 0x0021f59513049a3aULL, - 0x00852d369a8b7ee3ULL, 0x00dd2e7d8b7d30a9ULL)}, - {FIELD_LITERAL(0x00006e34a35d9fbcULL, 0x00eee4e48b2f019aULL, - 0x006b344743003a5fULL, 0x00541d514f04a7e3ULL, - 0x00e81f9ee7647455ULL, 0x005e2b916c438f81ULL, - 0x00116f8137b7eff0ULL, 0x009bd3decc7039d1ULL)}, - {FIELD_LITERAL(0x0005d226f434110dULL, 0x00af8288b8ef21d5ULL, - 0x004a7a52ef181c8cULL, 0x00be0b781b4b06deULL, - 0x00e6e3627ded07e1ULL, 0x00e43aa342272b8bULL, - 0x00e86ab424577d84ULL, 0x00fb292c566e35bbULL)}, - }}, {{ - {FIELD_LITERAL(0x00334f5303ea1222ULL, 0x00dfb3dbeb0a5d3eULL, - 0x002940d9592335c1ULL, 0x00706a7a63e8938aULL, - 0x005a533558bc4cafULL, 0x00558e33192022a9ULL, - 0x00970d9faf74c133ULL, 0x002979fcb63493caULL)}, - {FIELD_LITERAL(0x00e38abece3c82abULL, 0x005a51f18a2c7a86ULL, - 0x009dafa2e86d592eULL, 0x00495a62eb688678ULL, - 0x00b79df74c0eb212ULL, 0x0023e8cc78b75982ULL, - 0x005998cb91075e13ULL, 0x00735aa9ba61bc76ULL)}, - {FIELD_LITERAL(0x00d9f7a82ddbe628ULL, 0x00a1fc782889ae0fULL, - 0x0071ffda12d14b66ULL, 0x0037cf4eca7fb3d5ULL, - 0x00c80bc242c58808ULL, 0x0075bf8c2d08c863ULL, - 0x008d41f31afc52a7ULL, 0x00197962ecf38741ULL)}, - }}, {{ - {FIELD_LITERAL(0x006e9f475cccf2eeULL, 0x00454b9cd506430cULL, - 0x00224a4fb79ee479ULL, 0x0062e3347ef0b5e2ULL, - 0x0034fd2a3512232aULL, 0x00b8b3cb0f457046ULL, - 0x00eb20165daa38ecULL, 0x00128eebc2d9c0f7ULL)}, - {FIELD_LITERAL(0x00bfc5fa1e4ea21fULL, 0x00c21d7b6bb892e6ULL, - 0x00cf043f3acf0291ULL, 0x00c13f2f849b3c90ULL, - 0x00d1a97ebef10891ULL, 0x0061e130a445e7feULL, - 0x0019513fdedbf22bULL, 0x001d60c813bff841ULL)}, - {FIELD_LITERAL(0x0019561c7fcf0213ULL, 0x00e3dca6843ebd77ULL, - 0x0068ea95b9ca920eULL, 0x009bdfb70f253595ULL, - 0x00c68f59186aa02aULL, 0x005aee1cca1c3039ULL, - 0x00ab79a8a937a1ceULL, 0x00b9a0e549959e6fULL)}, - }}, {{ - {FIELD_LITERAL(0x00c79e0b6d97dfbdULL, 0x00917c71fd2bc6e8ULL, - 0x00db7529ccfb63d8ULL, 0x00be5be957f17866ULL, - 0x00a9e11fdc2cdac1ULL, 0x007b91a8e1f44443ULL, - 0x00a3065e4057d80fULL, 0x004825f5b8d5f6d4ULL)}, - {FIELD_LITERAL(0x003e4964fa8a8fc8ULL, 0x00f6a1cdbcf41689ULL, - 0x00943cb18fe7fda7ULL, 0x00606dafbf34440aULL, - 0x005d37a86399c789ULL, 0x00e79a2a69417403ULL, - 0x00fe34f7e68b8866ULL, 0x0011f448ed2df10eULL)}, - {FIELD_LITERAL(0x00f1f57efcc1fcc4ULL, 0x00513679117de154ULL, - 0x002e5b5b7c86d8c3ULL, 0x009f6486561f9cfbULL, - 0x00169e74b0170cf7ULL, 0x00900205af4af696ULL, - 0x006acfddb77853f3ULL, 0x00df184c90f31068ULL)}, - }}, {{ - {FIELD_LITERAL(0x00b37396c3320791ULL, 0x00fc7b67175c5783ULL, - 0x00c36d2cd73ecc38ULL, 0x0080ebcc0b328fc5ULL, - 0x0043a5b22b35d35dULL, 0x00466c9f1713c9daULL, - 0x0026ad346dcaa8daULL, 0x007c684e701183a6ULL)}, - {FIELD_LITERAL(0x00fd579ffb691713ULL, 0x00b76af4f81c412dULL, - 0x00f239de96110f82ULL, 0x00e965fb437f0306ULL, - 0x00ca7e9436900921ULL, 0x00e487f1325fa24aULL, - 0x00633907de476380ULL, 0x00721c62ac5b8ea0ULL)}, - {FIELD_LITERAL(0x00c0d54e542eb4f9ULL, 0x004ed657171c8dcfULL, - 0x00b743a4f7c2a39bULL, 0x00fd9f93ed6cc567ULL, - 0x00307fae3113e58bULL, 0x0058aa577c93c319ULL, - 0x00d254556f35b346ULL, 0x00491aada2203f0dULL)}, - }}, {{ - {FIELD_LITERAL(0x00dff3103786ff34ULL, 0x000144553b1f20c3ULL, - 0x0095613baeb930e4ULL, 0x00098058275ea5d4ULL, - 0x007cd1402b046756ULL, 0x0074d74e4d58aee3ULL, - 0x005f93fc343ff69bULL, 0x00873df17296b3b0ULL)}, - {FIELD_LITERAL(0x00c4a1fb48635413ULL, 0x00b5dd54423ad59fULL, - 0x009ff5d53fd24a88ULL, 0x003c98d267fc06a7ULL, - 0x002db7cb20013641ULL, 0x00bd1d6716e191f2ULL, - 0x006dbc8b29094241ULL, 0x0044bbf233dafa2cULL)}, - {FIELD_LITERAL(0x0055838d41f531e6ULL, 0x00bf6a2dd03c81b2ULL, - 0x005827a061c4839eULL, 0x0000de2cbb36aac3ULL, - 0x002efa29d9717478ULL, 0x00f9e928cc8a77baULL, - 0x00c134b458def9efULL, 0x00958a182223fc48ULL)}, - }}, {{ - {FIELD_LITERAL(0x000a9ee23c06881fULL, 0x002c727d3d871945ULL, - 0x00f47d971512d24aULL, 0x00671e816f9ef31aULL, - 0x00883af2cfaad673ULL, 0x00601f98583d6c9aULL, - 0x00b435f5adc79655ULL, 0x00ad87b71c04bff2ULL)}, - {FIELD_LITERAL(0x007860d99db787cfULL, 0x00fda8983018f4a8ULL, - 0x008c8866bac4743cULL, 0x00ef471f84c82a3fULL, - 0x00abea5976d3b8e7ULL, 0x00714882896cd015ULL, - 0x00b49fae584ddac5ULL, 0x008e33a1a0b69c81ULL)}, - {FIELD_LITERAL(0x007b6ee2c9e8a9ecULL, 0x002455dbbd89d622ULL, - 0x006490cf4eaab038ULL, 0x00d925f6c3081561ULL, - 0x00153b3047de7382ULL, 0x003b421f8bdceb6fULL, - 0x00761a4a5049da78ULL, 0x00980348c5202433ULL)}, - }}, {{ - {FIELD_LITERAL(0x007f8a43da97dd5cULL, 0x00058539c800fc7bULL, - 0x0040f3cf5a28414aULL, 0x00d68dd0d95283d6ULL, - 0x004adce9da90146eULL, 0x00befa41c7d4f908ULL, - 0x007603bc2e3c3060ULL, 0x00bdf360ab3545dbULL)}, - {FIELD_LITERAL(0x00eebfd4e2312cc3ULL, 0x00474b2564e4fc8cULL, - 0x003303ef14b1da9bULL, 0x003c93e0e66beb1dULL, - 0x0013619b0566925aULL, 0x008817c24d901bf3ULL, - 0x00b62bd8898d218bULL, 0x0075a7716f1e88a2ULL)}, - {FIELD_LITERAL(0x0009218da1e6890fULL, 0x0026907f5fd02575ULL, - 0x004dabed5f19d605ULL, 0x003abf181870249dULL, - 0x00b52fd048cc92c4ULL, 0x00b6dd51e415a5c5ULL, - 0x00d9eb82bd2b4014ULL, 0x002c865a43b46b43ULL)}, - }}, {{ - {FIELD_LITERAL(0x0070047189452f4cULL, 0x00f7ad12e1ce78d5ULL, - 0x00af1ba51ec44a8bULL, 0x005f39f63e667cd6ULL, - 0x00058eac4648425eULL, 0x00d7fdab42bea03bULL, - 0x0028576a5688de15ULL, 0x00af973209e77c10ULL)}, - {FIELD_LITERAL(0x00c338b915d8fef0ULL, 0x00a893292045c39aULL, - 0x0028ab4f2eba6887ULL, 0x0060743cb519fd61ULL, - 0x0006213964093ac0ULL, 0x007c0b7a43f6266dULL, - 0x008e3557c4fa5bdaULL, 0x002da976de7b8d9dULL)}, - {FIELD_LITERAL(0x0048729f8a8b6dcdULL, 0x00fe23b85cc4d323ULL, - 0x00e7384d16e4db0eULL, 0x004a423970678942ULL, - 0x00ec0b763345d4baULL, 0x00c477b9f99ed721ULL, - 0x00c29dad3777b230ULL, 0x001c517b466f7df6ULL)}, - }}, {{ - {FIELD_LITERAL(0x006366c380f7b574ULL, 0x001c7d1f09ff0438ULL, - 0x003e20a7301f5b22ULL, 0x00d3efb1916d28f6ULL, - 0x0049f4f81060ce83ULL, 0x00c69d91ea43ced1ULL, - 0x002b6f3e5cd269edULL, 0x005b0fb22ce9ec65ULL)}, - {FIELD_LITERAL(0x00aa2261022d883fULL, 0x00ebcca4548010acULL, - 0x002528512e28a437ULL, 0x0070ca7676b66082ULL, - 0x0084bda170f7c6d3ULL, 0x00581b4747c9b8bbULL, - 0x005c96a01061c7e2ULL, 0x00fb7c4a362b5273ULL)}, - {FIELD_LITERAL(0x00c30020eb512d02ULL, 0x0060f288283a4d26ULL, - 0x00b7ed13becde260ULL, 0x0075ebb74220f6e9ULL, - 0x00701079fcfe8a1fULL, 0x001c28fcdff58938ULL, - 0x002e4544b8f4df6bULL, 0x0060c5bc4f1a7d73ULL)}, - }}, {{ - {FIELD_LITERAL(0x00ae307cf069f701ULL, 0x005859f222dd618bULL, - 0x00212d6c46ec0b0dULL, 0x00a0fe4642afb62dULL, - 0x00420d8e4a0a8903ULL, 0x00a80ff639bdf7b0ULL, - 0x0019bee1490b5d8eULL, 0x007439e4b9c27a86ULL)}, - {FIELD_LITERAL(0x00a94700032a093fULL, 0x0076e96c225216e7ULL, - 0x00a63a4316e45f91ULL, 0x007d8bbb4645d3b2ULL, - 0x00340a6ff22793ebULL, 0x006f935d4572aeb7ULL, - 0x00b1fb69f00afa28ULL, 0x009e8f3423161ed3ULL)}, - {FIELD_LITERAL(0x009ef49c6b5ced17ULL, 0x00a555e6269e9f0aULL, - 0x007e6f1d79ec73b5ULL, 0x009ac78695a32ac4ULL, - 0x0001d77fbbcd5682ULL, 0x008cea1fee0aaeedULL, - 0x00f42bea82a53462ULL, 0x002e46ab96cafcc9ULL)}, - }}, {{ - {FIELD_LITERAL(0x0051cfcc5885377aULL, 0x00dce566cb1803caULL, - 0x00430c7643f2c7d4ULL, 0x00dce1a1337bdcc0ULL, - 0x0010d5bd7283c128ULL, 0x003b1b547f9b46feULL, - 0x000f245e37e770abULL, 0x007b72511f022b37ULL)}, - {FIELD_LITERAL(0x0060db815bc4786cULL, 0x006fab25beedc434ULL, - 0x00c610d06084797cULL, 0x000c48f08537bec0ULL, - 0x0031aba51c5b93daULL, 0x007968fa6e01f347ULL, - 0x0030070da52840c6ULL, 0x00c043c225a4837fULL)}, - {FIELD_LITERAL(0x001bcfd00649ee93ULL, 0x006dceb47e2a0fd5ULL, - 0x00f2cebda0cf8fd0ULL, 0x00b6b9d9d1fbdec3ULL, - 0x00815262e6490611ULL, 0x00ef7f5ce3176760ULL, - 0x00e49cd0c998d58bULL, 0x005fc6cc269ba57cULL)}, - }}, {{ - {FIELD_LITERAL(0x008940211aa0d633ULL, 0x00addae28136571dULL, - 0x00d68fdbba20d673ULL, 0x003bc6129bc9e21aULL, - 0x000346cf184ebe9aULL, 0x0068774d741ebc7fULL, - 0x0019d5e9e6966557ULL, 0x0003cbd7f981b651ULL)}, - {FIELD_LITERAL(0x004a2902926f8d3fULL, 0x00ad79b42637ab75ULL, - 0x0088f60b90f2d4e8ULL, 0x0030f54ef0e398c4ULL, - 0x00021dc9bf99681eULL, 0x007ebf66fde74ee3ULL, - 0x004ade654386e9a4ULL, 0x00e7485066be4c27ULL)}, - {FIELD_LITERAL(0x00445f1263983be0ULL, 0x004cf371dda45e6aULL, - 0x00744a89d5a310e7ULL, 0x001f20ce4f904833ULL, - 0x00e746edebe66e29ULL, 0x000912ab1f6c153dULL, - 0x00f61d77d9b2444cULL, 0x0001499cd6647610ULL)}, - }} - } + { { { + { FIELD_LITERAL(0x00cc3b062366f4ccULL, 0x003d6e34e314aa3cULL, + 0x00d51c0a7521774dULL, 0x0094e060eec6ab8bULL, + 0x00d21291b4d80082ULL, 0x00befed12b55ef1eULL, + 0x00c3dd2df5c94518ULL, 0x00e0a7b112b8d4e6ULL) }, + { FIELD_LITERAL(0x0019eb5608d8723aULL, 0x00d1bab52fb3aedbULL, + 0x00270a7311ebc90cULL, 0x0037c12b91be7f13ULL, + 0x005be16cd8b5c704ULL, 0x003e181acda888e1ULL, + 0x00bc1f00fc3fc6d0ULL, 0x00d3839bfa319e20ULL) }, + { FIELD_LITERAL(0x003caeb88611909fULL, 0x00ea8b378c4df3d4ULL, + 0x00b3295b95a5a19aULL, 0x00a65f97514bdfb5ULL, + 0x00b39efba743cab1ULL, 0x0016ba98b862fd2dULL, + 0x0001508812ee71d7ULL, 0x000a75740eea114aULL) }, + } }, + { { + { FIELD_LITERAL(0x00ebcf0eb649f823ULL, 0x00166d332e98ea03ULL, + 0x0059ddf64f5cd5f6ULL, 0x0047763123d9471bULL, + 0x00a64065c53ef62fULL, 0x00978e44c480153dULL, + 0x000b5b2a0265f194ULL, 0x0046a24b9f32965aULL) }, + { FIELD_LITERAL(0x00b9eef787034df0ULL, 0x0020bc24de3390cdULL, + 0x000022160bae99bbULL, 0x00ae66e886e97946ULL, + 0x0048d4bbe02cbb8bULL, 0x0072ba97b34e38d4ULL, + 0x00eae7ec8f03e85aULL, 0x005ba92ecf808b2cULL) }, + { FIELD_LITERAL(0x00c9cfbbe74258fdULL, 0x00843a979ea9eaa7ULL, + 0x000cbb4371cfbe90ULL, 0x0059bac8f7f0a628ULL, + 0x004b3dff882ff530ULL, 0x0011869df4d90733ULL, + 0x00595aa71f4abfc2ULL, 0x0070e2d38990c2e6ULL) }, + } }, + { { + { FIELD_LITERAL(0x00de2010c0a01733ULL, 0x00c739a612e24297ULL, + 0x00a7212643141d7cULL, 0x00f88444f6b67c11ULL, + 0x00484b7b16ec28f2ULL, 0x009c1b8856af9c68ULL, + 0x00ff4669591fe9d6ULL, 0x0054974be08a32c8ULL) }, + { FIELD_LITERAL(0x0010de3fd682ceedULL, 0x008c07642d83ca4eULL, + 0x0013bb064e00a1ccULL, 0x009411ae27870e11ULL, + 0x00ea8e5b4d531223ULL, 0x0032fe7d2aaece2eULL, + 0x00d989e243e7bb41ULL, 0x000fe79a508e9b8bULL) }, + { FIELD_LITERAL(0x005e0426b9bfc5b1ULL, 0x0041a5b1d29ee4faULL, + 0x0015b0def7774391ULL, 0x00bc164f1f51af01ULL, + 0x00d543b0942797b9ULL, 0x003c129b6398099cULL, + 0x002b114c6e5adf18ULL, 0x00b4e630e4018a7bULL) }, + } }, + { { + { FIELD_LITERAL(0x00d490afc95f8420ULL, 0x00b096bf50c1d9b9ULL, + 0x00799fd707679866ULL, 0x007c74d9334afbeaULL, + 0x00efaa8be80ff4edULL, 0x0075c4943bb81694ULL, + 0x00c21c2fca161f36ULL, 0x00e77035d492bfeeULL) }, + { FIELD_LITERAL(0x006658a190dd6661ULL, 0x00e0e9bab38609a6ULL, + 0x0028895c802237edULL, 0x006a0229c494f587ULL, + 0x002dcde96c9916b7ULL, 0x00d158822de16218ULL, + 0x00173b917a06856fULL, 0x00ca78a79ae07326ULL) }, + { FIELD_LITERAL(0x00e35bfc79caced4ULL, 0x0087238a3e1fe3bbULL, + 0x00bcbf0ff4ceff5bULL, 0x00a19c1c94099b91ULL, + 0x0071e102b49db976ULL, 0x0059e3d004eada1eULL, + 0x008da78afa58a47eULL, 0x00579c8ebf269187ULL) }, + } }, + { { + { FIELD_LITERAL(0x00a16c2905eee75fULL, 0x009d4bcaea2c7e1dULL, + 0x00d3bd79bfad19dfULL, 0x0050da745193342cULL, + 0x006abdb8f6b29ab1ULL, 0x00a24fe0a4fef7efULL, + 0x0063730da1057dfbULL, 0x00a08c312c8eb108ULL) }, + { FIELD_LITERAL(0x00b583be005375beULL, 0x00a40c8f8a4e3df4ULL, + 0x003fac4a8f5bdbf7ULL, 0x00d4481d872cd718ULL, + 0x004dc8749cdbaefeULL, 0x00cce740d5e5c975ULL, + 0x000b1c1f4241fd21ULL, 0x00a76de1b4e1cd07ULL) }, + { FIELD_LITERAL(0x007a076500d30b62ULL, 0x000a6e117b7f090fULL, + 0x00c8712ae7eebd9aULL, 0x000fbd6c1d5f6ff7ULL, + 0x003a7977246ebf11ULL, 0x00166ed969c6600eULL, + 0x00aa42e469c98becULL, 0x00dc58f307cf0666ULL) }, + } }, + { { + { FIELD_LITERAL(0x004b491f65a9a28bULL, 0x006a10309e8a55b7ULL, + 0x00b67210185187efULL, 0x00cf6497b12d9b8fULL, + 0x0085778c56e2b1baULL, 0x0015b4c07a814d85ULL, + 0x00686479e62da561ULL, 0x008de5d88f114916ULL) }, + { FIELD_LITERAL(0x00e37c88d6bba7b1ULL, 0x003e4577e1b8d433ULL, + 0x0050d8ea5f510ec0ULL, 0x0042fc9f2da9ef59ULL, + 0x003bd074c1141420ULL, 0x00561b8b7b68774eULL, + 0x00232e5e5d1013a3ULL, 0x006b7f2cb3d7e73fULL) }, + { FIELD_LITERAL(0x004bdd0f0b41e6a0ULL, 0x001773057c405d24ULL, + 0x006029f99915bd97ULL, 0x006a5ba70a17fe2fULL, + 0x0046111977df7e08ULL, 0x004d8124c89fb6b7ULL, + 0x00580983b2bb2724ULL, 0x00207bf330d6f3feULL) }, + } }, + { { + { FIELD_LITERAL(0x007efdc93972a48bULL, 0x002f5e50e78d5feeULL, + 0x0080dc11d61c7fe5ULL, 0x0065aa598707245bULL, + 0x009abba2300641beULL, 0x000c68787656543aULL, + 0x00ffe0fef2dc0a17ULL, 0x00007ffbd6cb4f3aULL) }, + { FIELD_LITERAL(0x0036012f2b836efcULL, 0x00458c126d6b5fbcULL, + 0x00a34436d719ad1eULL, 0x0097be6167117deaULL, + 0x0009c219c879cff3ULL, 0x0065564493e60755ULL, + 0x00993ac94a8cdec0ULL, 0x002d4885a4d0dbafULL) }, + { FIELD_LITERAL(0x00598b60b4c068baULL, 0x00c547a0be7f1afdULL, + 0x009582164acf12afULL, 0x00af4acac4fbbe40ULL, + 0x005f6ca7c539121aULL, 0x003b6e752ebf9d66ULL, + 0x00f08a30d5cac5d4ULL, 0x00e399bb5f97c5a9ULL) }, + } }, + { { + { FIELD_LITERAL(0x007445a0409c0a66ULL, 0x00a65c369f3829c0ULL, + 0x0031d248a4f74826ULL, 0x006817f34defbe8eULL, + 0x00649741d95ebf2eULL, 0x00d46466ab16b397ULL, + 0x00fdc35703bee414ULL, 0x00343b43334525f8ULL) }, + { FIELD_LITERAL(0x001796bea93f6401ULL, 0x00090c5a42e85269ULL, + 0x00672412ba1252edULL, 0x001201d47b6de7deULL, + 0x006877bccfe66497ULL, 0x00b554fd97a4c161ULL, + 0x009753f42dbac3cfULL, 0x00e983e3e378270aULL) }, + { FIELD_LITERAL(0x00ac3eff18849872ULL, 0x00f0eea3bff05690ULL, + 0x00a6d72c21dd505dULL, 0x001b832642424169ULL, + 0x00a6813017b540e5ULL, 0x00a744bd71b385cdULL, + 0x0022a7d089130a7bULL, 0x004edeec9a133486ULL) }, + } }, + { { + { FIELD_LITERAL(0x00b2d6729196e8a9ULL, 0x0088a9bb2031cef4ULL, + 0x00579e7787dc1567ULL, 0x0030f49feb059190ULL, + 0x00a0b1d69c7f7d8fULL, 0x0040bdcc6d9d806fULL, + 0x00d76c4037edd095ULL, 0x00bbf24376415dd7ULL) }, + { FIELD_LITERAL(0x00240465ff5a7197ULL, 0x00bb97e76caf27d0ULL, + 0x004b4edbf8116d39ULL, 0x001d8586f708cbaaULL, + 0x000f8ee8ff8e4a50ULL, 0x00dde5a1945dd622ULL, + 0x00e6fc1c0957e07cULL, 0x0041c9cdabfd88a0ULL) }, + { FIELD_LITERAL(0x005344b0bf5b548cULL, 0x002957d0b705cc99ULL, + 0x00f586a70390553dULL, 0x0075b3229f583cc3ULL, + 0x00a1aa78227490e4ULL, 0x001bf09cf7957717ULL, + 0x00cf6bf344325f52ULL, 0x0065bd1c23ca3ecfULL) }, + } }, + { { + { FIELD_LITERAL(0x009bff3b3239363cULL, 0x00e17368796ef7c0ULL, + 0x00528b0fe0971f3aULL, 0x0008014fc8d4a095ULL, + 0x00d09f2e8a521ec4ULL, 0x006713ab5dde5987ULL, + 0x0003015758e0dbb1ULL, 0x00215999f1ba212dULL) }, + { FIELD_LITERAL(0x002c88e93527da0eULL, 0x0077c78f3456aad5ULL, + 0x0071087a0a389d1cULL, 0x00934dac1fb96dbdULL, + 0x008470e801162697ULL, 0x005bc2196cd4ad49ULL, + 0x00e535601d5087c3ULL, 0x00769888700f497fULL) }, + { FIELD_LITERAL(0x00da7a4b557298adULL, 0x0019d2589ea5df76ULL, + 0x00ef3e38be0c6497ULL, 0x00a9644e1312609aULL, + 0x004592f61b2558daULL, 0x0082c1df510d7e46ULL, + 0x0042809a535c0023ULL, 0x00215bcb5afd7757ULL) }, + } }, + { { + { FIELD_LITERAL(0x002b9df55a1a4213ULL, 0x00dcfc3b464a26beULL, + 0x00c4f9e07a8144d5ULL, 0x00c8e0617a92b602ULL, + 0x008e3c93accafae0ULL, 0x00bf1bcb95b2ca60ULL, + 0x004ce2426a613bf3ULL, 0x00266cac58e40921ULL) }, + { FIELD_LITERAL(0x008456d5db76e8f0ULL, 0x0032ca9cab2ce163ULL, + 0x0059f2b8bf91abcfULL, 0x0063c2a021712788ULL, + 0x00f86155af22f72dULL, 0x00db98b2a6c005a0ULL, + 0x00ac6e416a693ac4ULL, 0x007a93572af53226ULL) }, + { FIELD_LITERAL(0x0087767520f0de22ULL, 0x0091f64012279fb5ULL, + 0x001050f1f0644999ULL, 0x004f097a2477ad3cULL, + 0x006b37913a9947bdULL, 0x001a3d78645af241ULL, + 0x0057832bbb3008a7ULL, 0x002c1d902b80dc20ULL) }, + } }, + { { + { FIELD_LITERAL(0x001a6002bf178877ULL, 0x009bce168aa5af50ULL, + 0x005fc318ff04a7f5ULL, 0x0052818f55c36461ULL, + 0x008768f5d4b24afbULL, 0x0037ffbae7b69c85ULL, + 0x0018195a4b61edc0ULL, 0x001e12ea088434b2ULL) }, + { FIELD_LITERAL(0x0047d3f804e7ab07ULL, 0x00a809ab5f905260ULL, + 0x00b3ffc7cdaf306dULL, 0x00746e8ec2d6e509ULL, + 0x00d0dade8887a645ULL, 0x00acceeebde0dd37ULL, + 0x009bc2579054686bULL, 0x0023804f97f1c2bfULL) }, + { FIELD_LITERAL(0x0043e2e2e50b80d7ULL, 0x00143aafe4427e0fULL, + 0x005594aaecab855bULL, 0x008b12ccaaecbc01ULL, + 0x002deeb091082bc3ULL, 0x009cca4be2ae7514ULL, + 0x00142b96e696d047ULL, 0x00ad2a2b1c05256aULL) }, + } }, + { { + { FIELD_LITERAL(0x003914f2f144b78bULL, 0x007a95dd8bee6f68ULL, + 0x00c7f4384d61c8e6ULL, 0x004e51eb60f1bdb2ULL, + 0x00f64be7aa4621d8ULL, 0x006797bfec2f0ac0ULL, + 0x007d17aab3c75900ULL, 0x001893e73cac8bc5ULL) }, + { FIELD_LITERAL(0x00140360b768665bULL, 0x00b68aca4967f977ULL, + 0x0001089b66195ae4ULL, 0x00fe71122185e725ULL, + 0x000bca2618d49637ULL, 0x00a54f0557d7e98aULL, + 0x00cdcd2f91d6f417ULL, 0x00ab8c13741fd793ULL) }, + { FIELD_LITERAL(0x00725ee6b1e549e0ULL, 0x007124a0769777faULL, + 0x000b68fdad07ae42ULL, 0x0085b909cd4952dfULL, + 0x0092d2e3c81606f4ULL, 0x009f22f6cac099a0ULL, + 0x00f59da57f2799a8ULL, 0x00f06c090122f777ULL) }, + } }, + { { + { FIELD_LITERAL(0x00ce0bed0a3532bcULL, 0x001a5048a22df16bULL, + 0x00e31db4cbad8bf1ULL, 0x00e89292120cf00eULL, + 0x007d1dd1a9b00034ULL, 0x00e2a9041ff8f680ULL, + 0x006a4c837ae596e7ULL, 0x00713af1068070b3ULL) }, + { FIELD_LITERAL(0x00c4fe64ce66d04bULL, 0x00b095d52e09b3d7ULL, + 0x00758bbecb1a3a8eULL, 0x00f35cce8d0650c0ULL, + 0x002b878aa5984473ULL, 0x0062e0a3b7544ddcULL, + 0x00b25b290ed116feULL, 0x007b0f6abe0bebf2ULL) }, + { FIELD_LITERAL(0x0081d4e3addae0a8ULL, 0x003410c836c7ffccULL, + 0x00c8129ad89e4314ULL, 0x000e3d5a23922dcdULL, + 0x00d91e46f29c31f3ULL, 0x006c728cde8c5947ULL, + 0x002bc655ba2566c0ULL, 0x002ca94721533108ULL) }, + } }, + { { + { FIELD_LITERAL(0x0051e4b3f764d8a9ULL, 0x0019792d46e904a0ULL, + 0x00853bc13dbc8227ULL, 0x000840208179f12dULL, + 0x0068243474879235ULL, 0x0013856fbfe374d0ULL, + 0x00bda12fe8676424ULL, 0x00bbb43635926eb2ULL) }, + { FIELD_LITERAL(0x0012cdc880a93982ULL, 0x003c495b21cd1b58ULL, + 0x00b7e5c93f22a26eULL, 0x0044aa82dfb99458ULL, + 0x009ba092cdffe9c0ULL, 0x00a14b3ab2083b73ULL, + 0x000271c2f70e1c4bULL, 0x00eea9cac0f66eb8ULL) }, + { FIELD_LITERAL(0x001a1847c4ac5480ULL, 0x00b1b412935bb03aULL, + 0x00f74285983bf2b2ULL, 0x00624138b5b5d0f1ULL, + 0x008820c0b03d38bfULL, 0x00b94e50a18c1572ULL, + 0x0060f6934841798fULL, 0x00c52f5d66d6ebe2ULL) }, + } }, + { { + { FIELD_LITERAL(0x00da23d59f9bcea6ULL, 0x00e0f27007a06a4bULL, + 0x00128b5b43a6758cULL, 0x000cf50190fa8b56ULL, + 0x00fc877aba2b2d72ULL, 0x00623bef52edf53fULL, + 0x00e6af6b819669e2ULL, 0x00e314dc34fcaa4fULL) }, + { FIELD_LITERAL(0x0066e5eddd164d1eULL, 0x00418a7c6fe28238ULL, + 0x0002e2f37e962c25ULL, 0x00f01f56b5975306ULL, + 0x0048842fa503875cULL, 0x0057b0e968078143ULL, + 0x00ff683024f3d134ULL, 0x0082ae28fcad12e4ULL) }, + { FIELD_LITERAL(0x0011ddfd21260e42ULL, 0x00d05b0319a76892ULL, + 0x00183ea4368e9b8fULL, 0x00b0815662affc96ULL, + 0x00b466a5e7ce7c88ULL, 0x00db93b07506e6eeULL, + 0x0033885f82f62401ULL, 0x0086f9090ec9b419ULL) }, + } }, + { { + { FIELD_LITERAL(0x00d95d1c5fcb435aULL, 0x0016d1ed6b5086f9ULL, + 0x00792aa0b7e54d71ULL, 0x0067b65715f1925dULL, + 0x00a219755ec6176bULL, 0x00bc3f026b12c28fULL, + 0x00700c897ffeb93eULL, 0x0089b83f6ec50b46ULL) }, + { FIELD_LITERAL(0x003c97e6384da36eULL, 0x00423d53eac81a09ULL, + 0x00b70d68f3cdce35ULL, 0x00ee7959b354b92cULL, + 0x00f4e9718819c8caULL, 0x009349f12acbffe9ULL, + 0x005aee7b62cb7da6ULL, 0x00d97764154ffc86ULL) }, + { FIELD_LITERAL(0x00526324babb46dcULL, 0x002ee99b38d7bf9eULL, + 0x007ea51794706ef4ULL, 0x00abeb04da6e3c39ULL, + 0x006b457c1d281060ULL, 0x00fe243e9a66c793ULL, + 0x00378de0fb6c6ee4ULL, 0x003e4194b9c3cb93ULL) }, + } }, + { { + { FIELD_LITERAL(0x00fed3cd80ca2292ULL, 0x0015b043a73ca613ULL, + 0x000a9fd7bf9be227ULL, 0x003b5e03de2db983ULL, + 0x005af72d46904ef7ULL, 0x00c0f1b5c49faa99ULL, + 0x00dc86fc3bd305e1ULL, 0x00c92f08c1cb1797ULL) }, + { FIELD_LITERAL(0x0079680ce111ed3bULL, 0x001a1ed82806122cULL, + 0x000c2e7466d15df3ULL, 0x002c407f6f7150fdULL, + 0x00c5e7c96b1b0ce3ULL, 0x009aa44626863ff9ULL, + 0x00887b8b5b80be42ULL, 0x00b6023cec964825ULL) }, + { FIELD_LITERAL(0x00e4a8e1048970c8ULL, 0x0062887b7830a302ULL, + 0x00bcf1c8cd81402bULL, 0x0056dbb81a68f5beULL, + 0x0014eced83f12452ULL, 0x00139e1a510150dfULL, + 0x00bb81140a82d1a3ULL, 0x000febcc1aaf1aa7ULL) }, + } }, + { { + { FIELD_LITERAL(0x00a7527958238159ULL, 0x0013ec9537a84cd6ULL, + 0x001d7fee7d562525ULL, 0x00b9eefa6191d5e5ULL, + 0x00dbc97db70bcb8aULL, 0x00481affc7a4d395ULL, + 0x006f73d3e70c31bbULL, 0x00183f324ed96a61ULL) }, + { FIELD_LITERAL(0x0039dd7ce7fc6860ULL, 0x00d64f6425653da1ULL, + 0x003e037c7f57d0afULL, 0x0063477a06e2bcf2ULL, + 0x001727dbb7ac67e6ULL, 0x0049589f5efafe2eULL, + 0x00fc0fef2e813d54ULL, 0x008baa5d087fb50dULL) }, + { FIELD_LITERAL(0x0024fb59d9b457c7ULL, 0x00a7d4e060223e4cULL, + 0x00c118d1b555fd80ULL, 0x0082e216c732f22aULL, + 0x00cd2a2993089504ULL, 0x003638e836a3e13dULL, + 0x000d855ee89b4729ULL, 0x008ec5b7d4810c91ULL) }, + } }, + { { + { FIELD_LITERAL(0x001bf51f7d65cdfdULL, 0x00d14cdafa16a97dULL, + 0x002c38e60fcd10e7ULL, 0x00a27446e393efbdULL, + 0x000b5d8946a71fddULL, 0x0063df2cde128f2fULL, + 0x006c8679569b1888ULL, 0x0059ffc4925d732dULL) }, + { FIELD_LITERAL(0x00ece96f95f2b66fULL, 0x00ece7952813a27bULL, + 0x0026fc36592e489eULL, 0x007157d1a2de0f66ULL, + 0x00759dc111d86ddfULL, 0x0012881e5780bb0fULL, + 0x00c8ccc83ad29496ULL, 0x0012b9bd1929eb71ULL) }, + { FIELD_LITERAL(0x000fa15a20da5df0ULL, 0x00349ddb1a46cd31ULL, + 0x002c512ad1d8e726ULL, 0x00047611f669318dULL, + 0x009e68fba591e17eULL, 0x004320dffa803906ULL, + 0x00a640874951a3d3ULL, 0x00b6353478baa24fULL) }, + } }, + { { + { FIELD_LITERAL(0x009696510000d333ULL, 0x00ec2f788bc04826ULL, + 0x000e4d02b1f67ba5ULL, 0x00659aa8dace08b6ULL, + 0x00d7a38a3a3ae533ULL, 0x008856defa8c746bULL, + 0x004d7a4402d3da1aULL, 0x00ea82e06229260fULL) }, + { FIELD_LITERAL(0x006a15bb20f75c0cULL, 0x0079a144027a5d0cULL, + 0x00d19116ce0b4d70ULL, 0x0059b83bcb0b268eULL, + 0x005f58f63f16c127ULL, 0x0079958318ee2c37ULL, + 0x00defbb063d07f82ULL, 0x00f1f0b931d2d446ULL) }, + { FIELD_LITERAL(0x00cb5e4c3c35d422ULL, 0x008df885ca43577fULL, + 0x00fa50b16ca3e471ULL, 0x005a0e58e17488c8ULL, + 0x00b2ceccd6d34d19ULL, 0x00f01d5d235e36e9ULL, + 0x00db2e7e4be6ca44ULL, 0x00260ab77f35fccdULL) }, + } }, + { { + { FIELD_LITERAL(0x006f6fd9baac61d5ULL, 0x002a7710a020a895ULL, + 0x009de0db7fc03d4dULL, 0x00cdedcb1875f40bULL, + 0x00050caf9b6b1e22ULL, 0x005e3a6654456ab0ULL, + 0x00775fdf8c4423d4ULL, 0x0028701ea5738b5dULL) }, + { FIELD_LITERAL(0x009ffd90abfeae96ULL, 0x00cba3c2b624a516ULL, + 0x005ef08bcee46c91ULL, 0x00e6fde30afb6185ULL, + 0x00f0b4db4f818ce4ULL, 0x006c54f45d2127f5ULL, + 0x00040125035854c7ULL, 0x00372658a3287e13ULL) }, + { FIELD_LITERAL(0x00d7070fb1beb2abULL, 0x0078fc845a93896bULL, + 0x006894a4b2f224a6ULL, 0x005bdd8192b9dbdeULL, + 0x00b38839874b3a9eULL, 0x00f93618b04b7a57ULL, + 0x003e3ec75fd2c67eULL, 0x00bf5e6bfc29494aULL) }, + } }, + { { + { FIELD_LITERAL(0x00f19224ebba2aa5ULL, 0x0074f89d358e694dULL, + 0x00eea486597135adULL, 0x0081579a4555c7e1ULL, + 0x0010b9b872930a9dULL, 0x00f002e87a30ecc0ULL, + 0x009b9d66b6de56e2ULL, 0x00a3c4f45e8004ebULL) }, + { FIELD_LITERAL(0x0045e8dda9400888ULL, 0x002ff12e5fc05db7ULL, + 0x00a7098d54afe69cULL, 0x00cdbe846a500585ULL, + 0x00879c1593ca1882ULL, 0x003f7a7fea76c8b0ULL, + 0x002cd73dd0c8e0a1ULL, 0x00645d6ce96f51feULL) }, + { FIELD_LITERAL(0x002b7e83e123d6d6ULL, 0x00398346f7419c80ULL, + 0x0042922e55940163ULL, 0x005e7fc5601886a3ULL, + 0x00e88f2cee1d3103ULL, 0x00e7fab135f2e377ULL, + 0x00b059984dbf0dedULL, 0x0009ce080faa5bb8ULL) }, + } }, + { { + { FIELD_LITERAL(0x0085e78af7758979ULL, 0x00275a4ee1631a3aULL, + 0x00d26bc0ed78b683ULL, 0x004f8355ea21064fULL, + 0x00d618e1a32696e5ULL, 0x008d8d7b150e5680ULL, + 0x00a74cd854b278d2ULL, 0x001dd62702203ea0ULL) }, + { FIELD_LITERAL(0x00f89335c2a59286ULL, 0x00a0f5c905d55141ULL, + 0x00b41fb836ee9382ULL, 0x00e235d51730ca43ULL, + 0x00a5cb37b5c0a69aULL, 0x009b966ffe136c45ULL, + 0x00cb2ea10bf80ed1ULL, 0x00fb2b370b40dc35ULL) }, + { FIELD_LITERAL(0x00d687d16d4ee8baULL, 0x0071520bdd069dffULL, + 0x00de85c60d32355dULL, 0x0087d2e3565102f4ULL, + 0x00cde391b8dfc9aaULL, 0x00e18d69efdfefe5ULL, + 0x004a9d0591954e91ULL, 0x00fa36dd8b50eee5ULL) }, + } }, + { { + { FIELD_LITERAL(0x002e788749a865f7ULL, 0x006e4dc3116861eaULL, + 0x009f1428c37276e6ULL, 0x00e7d2e0fc1e1226ULL, + 0x003aeebc6b6c45f6ULL, 0x0071a8073bf500c9ULL, + 0x004b22ad986b530cULL, 0x00f439e63c0d79d4ULL) }, + { FIELD_LITERAL(0x006bc3d53011f470ULL, 0x00032d6e692b83e8ULL, + 0x00059722f497cd0bULL, 0x0009b4e6f0c497ccULL, + 0x0058a804b7cce6c0ULL, 0x002b71d3302bbd5dULL, + 0x00e2f82a36765fceULL, 0x008dded99524c703ULL) }, + { FIELD_LITERAL(0x004d058953747d64ULL, 0x00701940fe79aa6fULL, + 0x00a620ac71c760bfULL, 0x009532b611158b75ULL, + 0x00547ed7f466f300ULL, 0x003cb5ab53a8401aULL, + 0x00c7763168ce3120ULL, 0x007e48e33e4b9ab2ULL) }, + } }, + { { + { FIELD_LITERAL(0x001b2fc57bf3c738ULL, 0x006a3f918993fb80ULL, + 0x0026f7a14fdec288ULL, 0x0075a2cdccef08dbULL, + 0x00d3ecbc9eecdbf1ULL, 0x0048c40f06e5bf7fULL, + 0x00d63e423009896bULL, 0x000598bc99c056a8ULL) }, + { FIELD_LITERAL(0x002f194eaafa46dcULL, 0x008e38f57fe87613ULL, + 0x00dc8e5ae25f4ab2ULL, 0x000a17809575e6bdULL, + 0x00d3ec7923ba366aULL, 0x003a7e72e0ad75e3ULL, + 0x0010024b88436e0aULL, 0x00ed3c5444b64051ULL) }, + { FIELD_LITERAL(0x00831fc1340af342ULL, 0x00c9645669466d35ULL, + 0x007692b4cc5a080fULL, 0x009fd4a47ac9259fULL, + 0x001eeddf7d45928bULL, 0x003c0446fc45f28bULL, + 0x002c0713aa3e2507ULL, 0x0095706935f0f41eULL) }, + } }, + { { + { FIELD_LITERAL(0x00766ae4190ec6d8ULL, 0x0065768cabc71380ULL, + 0x00b902598416cdc2ULL, 0x00380021ad38df52ULL, + 0x008f0b89d6551134ULL, 0x004254d4cc62c5a5ULL, + 0x000d79f4484b9b94ULL, 0x00b516732ae3c50eULL) }, + { FIELD_LITERAL(0x001fb73475c45509ULL, 0x00d2b2e5ea43345aULL, + 0x00cb3c3842077bd1ULL, 0x0029f90ad820946eULL, + 0x007c11b2380778aaULL, 0x009e54ece62c1704ULL, + 0x004bc60c41ca01c3ULL, 0x004525679a5a0b03ULL) }, + { FIELD_LITERAL(0x00c64fbddbed87b3ULL, 0x0040601d11731faaULL, + 0x009c22475b6f9d67ULL, 0x0024b79dae875f15ULL, + 0x00616fed3f02c3b0ULL, 0x0000cf39f6af2d3bULL, + 0x00c46bac0aa9a688ULL, 0x00ab23e2800da204ULL) }, + } }, + { { + { FIELD_LITERAL(0x000b3a37617632b0ULL, 0x00597199fe1cfb6cULL, + 0x0042a7ccdfeafdd6ULL, 0x004cc9f15ebcea17ULL, + 0x00f436e596a6b4a4ULL, 0x00168861142df0d8ULL, + 0x000753edfec26af5ULL, 0x000c495d7e388116ULL) }, + { FIELD_LITERAL(0x0017085f4a346148ULL, 0x00c7cf7a37f62272ULL, + 0x001776e129bc5c30ULL, 0x009955134c9eef2aULL, + 0x001ba5bdf1df07beULL, 0x00ec39497103a55cULL, + 0x006578354fda6cfbULL, 0x005f02719d4f15eeULL) }, + { FIELD_LITERAL(0x0052b9d9b5d9655dULL, 0x00d4ec7ba1b461c3ULL, + 0x00f95df4974f280bULL, 0x003d8e5ca11aeb51ULL, + 0x00d4981eb5a70b26ULL, 0x000af9a4f6659f29ULL, + 0x004598c846faeb43ULL, 0x0049d9a183a47670ULL) }, + } }, + { { + { FIELD_LITERAL(0x000a72d23dcb3f1fULL, 0x00a3737f84011727ULL, + 0x00f870c0fbbf4a47ULL, 0x00a7aadd04b5c9caULL, + 0x000c7715c67bd072ULL, 0x00015a136afcd74eULL, + 0x0080d5caea499634ULL, 0x0026b448ec7514b7ULL) }, + { FIELD_LITERAL(0x00b60167d9e7d065ULL, 0x00e60ba0d07381e8ULL, + 0x003a4f17b725c2d4ULL, 0x006c19fe176b64faULL, + 0x003b57b31af86ccbULL, 0x0021047c286180fdULL, + 0x00bdc8fb00c6dbb6ULL, 0x00fe4a9f4bab4f3fULL) }, + { FIELD_LITERAL(0x0088ffc3a16111f7ULL, 0x009155e4245d0bc8ULL, + 0x00851d68220572d5ULL, 0x00557ace1e514d29ULL, + 0x0031d7c339d91022ULL, 0x00101d0ae2eaceeaULL, + 0x00246ab3f837b66aULL, 0x00d5216d381ff530ULL) }, + } }, + { { + { FIELD_LITERAL(0x0057e7ea35f36daeULL, 0x00f47d7ad15de22eULL, + 0x00d757ea4b105115ULL, 0x008311457d579d7eULL, + 0x00b49b75b1edd4ebULL, 0x0081c7ff742fd63aULL, + 0x00ddda3187433df6ULL, 0x00475727d55f9c66ULL) }, + { FIELD_LITERAL(0x00a6295218dc136aULL, 0x00563b3af0e9c012ULL, + 0x00d3753b0145db1bULL, 0x004550389c043dc1ULL, + 0x00ea94ae27401bdfULL, 0x002b0b949f2b7956ULL, + 0x00c63f780ad8e23cULL, 0x00e591c47d6bab15ULL) }, + { FIELD_LITERAL(0x00416c582b058eb6ULL, 0x004107da5b2cc695ULL, + 0x00b3cd2556aeec64ULL, 0x00c0b418267e57a1ULL, + 0x001799293579bd2eULL, 0x0046ed44590e4d07ULL, + 0x001d7459b3630a1eULL, 0x00c6afba8b6696aaULL) }, + } }, + { { + { FIELD_LITERAL(0x008d6009b26da3f8ULL, 0x00898e88ca06b1caULL, + 0x00edb22b2ed7fe62ULL, 0x00fbc93516aabe80ULL, + 0x008b4b470c42ce0dULL, 0x00e0032ba7d0dcbbULL, + 0x00d76da3a956ecc8ULL, 0x007f20fe74e3852aULL) }, + { FIELD_LITERAL(0x002419222c607674ULL, 0x00a7f23af89188b3ULL, + 0x00ad127284e73d1cULL, 0x008bba582fae1c51ULL, + 0x00fc6aa7ca9ecab1ULL, 0x003df5319eb6c2baULL, + 0x002a05af8a8b199aULL, 0x004bf8354558407cULL) }, + { FIELD_LITERAL(0x00ce7d4a30f0fcbfULL, 0x00d02c272629f03dULL, + 0x0048c001f7400bc2ULL, 0x002c21368011958dULL, + 0x0098a550391e96b5ULL, 0x002d80b66390f379ULL, + 0x001fa878760cc785ULL, 0x001adfce54b613d5ULL) }, + } }, + { { + { FIELD_LITERAL(0x001ed4dc71fa2523ULL, 0x005d0bff19bf9b5cULL, + 0x00c3801cee065a64ULL, 0x001ed0b504323fbfULL, + 0x0003ab9fdcbbc593ULL, 0x00df82070178b8d2ULL, + 0x00a2bcaa9c251f85ULL, 0x00c628a3674bd02eULL) }, + { FIELD_LITERAL(0x006b7a0674f9f8deULL, 0x00a742414e5c7cffULL, + 0x0041cbf3c6e13221ULL, 0x00e3a64fd207af24ULL, + 0x0087c05f15fbe8d1ULL, 0x004c50936d9e8a33ULL, + 0x001306ec21042b6dULL, 0x00a4f4137d1141c2ULL) }, + { FIELD_LITERAL(0x0009e6fb921568b0ULL, 0x00b3c60120219118ULL, + 0x002a6c3460dd503aULL, 0x009db1ef11654b54ULL, + 0x0063e4bf0be79601ULL, 0x00670d34bb2592b9ULL, + 0x00dcee2f6c4130ceULL, 0x00b2682e88e77f54ULL) }, + } }, + { { + { FIELD_LITERAL(0x000d5b4b3da135abULL, 0x00838f3e5064d81dULL, + 0x00d44eb50f6d94edULL, 0x0008931ab502ac6dULL, + 0x00debe01ca3d3586ULL, 0x0025c206775f0641ULL, + 0x005ad4b6ae912763ULL, 0x007e2c318ad8f247ULL) }, + { FIELD_LITERAL(0x00ddbe0750dd1addULL, 0x004b3c7b885844b8ULL, + 0x00363e7ecf12f1aeULL, 0x0062e953e6438f9dULL, + 0x0023cc73b076afe9ULL, 0x00b09fa083b4da32ULL, + 0x00c7c3d2456c541dULL, 0x005b591ec6b694d4ULL) }, + { FIELD_LITERAL(0x0028656e19d62fcfULL, 0x0052a4af03df148dULL, + 0x00122765ddd14e42ULL, 0x00f2252904f67157ULL, + 0x004741965b636f3aULL, 0x006441d296132cb9ULL, + 0x005e2106f956a5b7ULL, 0x00247029592d335cULL) }, + } }, + { { + { FIELD_LITERAL(0x003fe038eb92f894ULL, 0x000e6da1b72e8e32ULL, + 0x003a1411bfcbe0faULL, 0x00b55d473164a9e4ULL, + 0x00b9a775ac2df48dULL, 0x0002ddf350659e21ULL, + 0x00a279a69eb19cb3ULL, 0x00f844eab25cba44ULL) }, + { FIELD_LITERAL(0x00c41d1f9c1f1ac1ULL, 0x007b2df4e9f19146ULL, + 0x00b469355fd5ba7aULL, 0x00b5e1965afc852aULL, + 0x00388d5f1e2d8217ULL, 0x0022079e4c09ae93ULL, + 0x0014268acd4ef518ULL, 0x00c1dd8d9640464cULL) }, + { FIELD_LITERAL(0x0038526adeed0c55ULL, 0x00dd68c607e3fe85ULL, + 0x00f746ddd48a5d57ULL, 0x0042f2952b963b7cULL, + 0x001cbbd6876d5ec2ULL, 0x005e341470bca5c2ULL, + 0x00871d41e085f413ULL, 0x00e53ab098f45732ULL) }, + } }, + { { + { FIELD_LITERAL(0x004d51124797c831ULL, 0x008f5ae3750347adULL, + 0x0070ced94c1a0c8eULL, 0x00f6db2043898e64ULL, + 0x000d00c9a5750cd0ULL, 0x000741ec59bad712ULL, + 0x003c9d11aab37b7fULL, 0x00a67ba169807714ULL) }, + { FIELD_LITERAL(0x00adb2c1566e8b8fULL, 0x0096c68a35771a9aULL, + 0x00869933356f334aULL, 0x00ba9c93459f5962ULL, + 0x009ec73fb6e8ca4bULL, 0x003c3802c27202e1ULL, + 0x0031f5b733e0c008ULL, 0x00f9058c19611fa9ULL) }, + { FIELD_LITERAL(0x00238f01814a3421ULL, 0x00c325a44b6cce28ULL, + 0x002136f97aeb0e73ULL, 0x000cac8268a4afe2ULL, + 0x0022fd218da471b3ULL, 0x009dcd8dfff8def9ULL, + 0x00cb9f8181d999bbULL, 0x00143ae56edea349ULL) }, + } }, + { { + { FIELD_LITERAL(0x0000623bf87622c5ULL, 0x00a1966fdd069496ULL, + 0x00c315b7b812f9fcULL, 0x00bdf5efcd128b97ULL, + 0x001d464f532e3e16ULL, 0x003cd94f081bfd7eULL, + 0x00ed9dae12ce4009ULL, 0x002756f5736eee70ULL) }, + { FIELD_LITERAL(0x00a5187e6ee7341bULL, 0x00e6d52e82d83b6eULL, + 0x00df3c41323094a7ULL, 0x00b3324f444e9de9ULL, + 0x00689eb21a35bfe5ULL, 0x00f16363becd548dULL, + 0x00e187cc98e7f60fULL, 0x00127d9062f0ccabULL) }, + { FIELD_LITERAL(0x004ad71b31c29e40ULL, 0x00a5fcace12fae29ULL, + 0x004425b5597280edULL, 0x00e7ef5d716c3346ULL, + 0x0010b53ada410ac8ULL, 0x0092310226060c9bULL, + 0x0091c26128729c7eULL, 0x0088b42900f8ec3bULL) }, + } }, + { { + { FIELD_LITERAL(0x00f1e26e9762d4a8ULL, 0x00d9d74082183414ULL, + 0x00ffec9bd57a0282ULL, 0x000919e128fd497aULL, + 0x00ab7ae7d00fe5f8ULL, 0x0054dc442851ff68ULL, + 0x00c9ebeb3b861687ULL, 0x00507f7cab8b698fULL) }, + { FIELD_LITERAL(0x00c13c5aae3ae341ULL, 0x009c6c9ed98373e7ULL, + 0x00098f26864577a8ULL, 0x0015b886e9488b45ULL, + 0x0037692c42aadba5ULL, 0x00b83170b8e7791cULL, + 0x001670952ece1b44ULL, 0x00fd932a39276da2ULL) }, + { FIELD_LITERAL(0x0081a3259bef3398ULL, 0x005480fff416107bULL, + 0x00ce4f607d21be98ULL, 0x003ffc084b41df9bULL, + 0x0043d0bb100502d1ULL, 0x00ec35f575ba3261ULL, + 0x00ca18f677300ef3ULL, 0x00e8bb0a827d8548ULL) }, + } }, + { { + { FIELD_LITERAL(0x00df76b3328ada72ULL, 0x002e20621604a7c2ULL, + 0x00f910638a105b09ULL, 0x00ef4724d96ef2cdULL, + 0x00377d83d6b8a2f7ULL, 0x00b4f48805ade324ULL, + 0x001cd5da8b152018ULL, 0x0045af671a20ca7fULL) }, + { FIELD_LITERAL(0x009ae3b93a56c404ULL, 0x004a410b7a456699ULL, + 0x00023a619355e6b2ULL, 0x009cdc7297387257ULL, + 0x0055b94d4ae70d04ULL, 0x002cbd607f65b005ULL, + 0x003208b489697166ULL, 0x00ea2aa058867370ULL) }, + { FIELD_LITERAL(0x00f29d2598ee3f32ULL, 0x00b4ac5385d82adcULL, + 0x007633eaf04df19bULL, 0x00aa2d3d77ceab01ULL, + 0x004a2302fcbb778aULL, 0x00927f225d5afa34ULL, + 0x004a8e9d5047f237ULL, 0x008224ae9dbce530ULL) }, + } }, + { { + { FIELD_LITERAL(0x001cf640859b02f8ULL, 0x00758d1d5d5ce427ULL, + 0x00763c784ef4604cULL, 0x005fa81aee205270ULL, + 0x00ac537bfdfc44cbULL, 0x004b919bd342d670ULL, + 0x00238508d9bf4b7aULL, 0x00154888795644f3ULL) }, + { FIELD_LITERAL(0x00c845923c084294ULL, 0x00072419a201bc25ULL, + 0x0045f408b5f8e669ULL, 0x00e9d6a186b74dfeULL, + 0x00e19108c68fa075ULL, 0x0017b91d874177b7ULL, + 0x002f0ca2c7912c5aULL, 0x009400aa385a90a2ULL) }, + { FIELD_LITERAL(0x0071110b01482184ULL, 0x00cfed0044f2bef8ULL, + 0x0034f2901cf4662eULL, 0x003b4ae2a67f9834ULL, + 0x00cca9b96fe94810ULL, 0x00522507ae77abd0ULL, + 0x00bac7422721e73eULL, 0x0066622b0f3a62b0ULL) }, + } }, + { { + { FIELD_LITERAL(0x00f8ac5cf4705b6aULL, 0x00867d82dcb457e3ULL, + 0x007e13ab2ccc2ce9ULL, 0x009ee9a018d3930eULL, + 0x008370f8ecb42df8ULL, 0x002d9f019add263eULL, + 0x003302385b92d196ULL, 0x00a15654536e2c0cULL) }, + { FIELD_LITERAL(0x0026ef1614e160afULL, 0x00c023f9edfc9c76ULL, + 0x00cff090da5f57baULL, 0x0076db7a66643ae9ULL, + 0x0019462f8c646999ULL, 0x008fec00b3854b22ULL, + 0x00d55041692a0a1cULL, 0x0065db894215ca00ULL) }, + { FIELD_LITERAL(0x00a925036e0a451cULL, 0x002a0390c36b6cc1ULL, + 0x00f27020d90894f4ULL, 0x008d90d52cbd3d7fULL, + 0x00e1d0137392f3b8ULL, 0x00f017c158b51a8fULL, + 0x00cac313d3ed7dbcULL, 0x00b99a81e3eb42d3ULL) }, + } }, + { { + { FIELD_LITERAL(0x00b54850275fe626ULL, 0x0053a3fd1ec71140ULL, + 0x00e3d2d7dbe096faULL, 0x00e4ac7b595cce4cULL, + 0x0077bad449c0a494ULL, 0x00b7c98814afd5b3ULL, + 0x0057226f58486cf9ULL, 0x00b1557154f0cc57ULL) }, + { FIELD_LITERAL(0x008cc9cd236315c0ULL, 0x0031d9c5b39fda54ULL, + 0x00a5713ef37e1171ULL, 0x00293d5ae2886325ULL, + 0x00c4aba3e05015e1ULL, 0x0003f35ef78e4fc6ULL, + 0x0039d6bd3ac1527bULL, 0x0019d7c3afb77106ULL) }, + { FIELD_LITERAL(0x007b162931a985afULL, 0x00ad40a2e0daa713ULL, + 0x006df27c4009f118ULL, 0x00503e9f4e2e8becULL, + 0x00751a77c82c182dULL, 0x000298937769245bULL, + 0x00ffb1e8fabf9ee5ULL, 0x0008334706e09abeULL) }, + } }, + { { + { FIELD_LITERAL(0x00dbca4e98a7dcd9ULL, 0x00ee29cfc78bde99ULL, + 0x00e4a3b6995f52e9ULL, 0x0045d70189ae8096ULL, + 0x00fd2a8a3b9b0d1bULL, 0x00af1793b107d8e1ULL, + 0x00dbf92cbe4afa20ULL, 0x00da60f798e3681dULL) }, + { FIELD_LITERAL(0x004246bfcecc627aULL, 0x004ba431246c03a4ULL, + 0x00bd1d101872d497ULL, 0x003b73d3f185ee16ULL, + 0x001feb2e2678c0e3ULL, 0x00ff13c5a89dec76ULL, + 0x00ed06042e771d8fULL, 0x00a4fd2a897a83ddULL) }, + { FIELD_LITERAL(0x009a4a3be50d6597ULL, 0x00de3165fc5a1096ULL, + 0x004f3f56e345b0c7ULL, 0x00f7bf721d5ab8bcULL, + 0x004313e47b098c50ULL, 0x00e4c7d5c0e1adbbULL, + 0x002e3e3db365051eULL, 0x00a480c2cd6a96fbULL) }, + } }, + { { + { FIELD_LITERAL(0x00417fa30a7119edULL, 0x00af257758419751ULL, + 0x00d358a487b463d4ULL, 0x0089703cc720b00dULL, + 0x00ce56314ff7f271ULL, 0x0064db171ade62c1ULL, + 0x00640b36d4a22fedULL, 0x00424eb88696d23fULL) }, + { FIELD_LITERAL(0x004ede34af2813f3ULL, 0x00d4a8e11c9e8216ULL, + 0x004796d5041de8a5ULL, 0x00c4c6b4d21cc987ULL, + 0x00e8a433ee07fa1eULL, 0x0055720b5abcc5a1ULL, + 0x008873ea9c74b080ULL, 0x005b3fec1ab65d48ULL) }, + { FIELD_LITERAL(0x0047e5277db70ec5ULL, 0x000a096c66db7d6bULL, + 0x00b4164cc1730159ULL, 0x004a9f783fe720feULL, + 0x00a8177b94449dbcULL, 0x0095a24ff49a599fULL, + 0x0069c1c578250cbcULL, 0x00452019213debf4ULL) }, + } }, + { { + { FIELD_LITERAL(0x0021ce99e09ebda3ULL, 0x00fcbd9f91875ad0ULL, + 0x009bbf6b7b7a0b5fULL, 0x00388886a69b1940ULL, + 0x00926a56d0f81f12ULL, 0x00e12903c3358d46ULL, + 0x005dfce4e8e1ce9dULL, 0x0044cfa94e2f7e23ULL) }, + { FIELD_LITERAL(0x001bd59c09e982eaULL, 0x00f72daeb937b289ULL, + 0x0018b76dca908e0eULL, 0x00edb498512384adULL, + 0x00ce0243b6cc9538ULL, 0x00f96ff690cb4e70ULL, + 0x007c77bf9f673c8dULL, 0x005bf704c088a528ULL) }, + { FIELD_LITERAL(0x0093d4628dcb33beULL, 0x0095263d51d42582ULL, + 0x0049b3222458fe06ULL, 0x00e7fce73b653a7fULL, + 0x003ca2ebce60b369ULL, 0x00c5de239a32bea4ULL, + 0x0063b8b3d71fb6bfULL, 0x0039aeeb78a1a839ULL) }, + } }, + { { + { FIELD_LITERAL(0x007dc52da400336cULL, 0x001fded1e15b9457ULL, + 0x00902e00f5568e3aULL, 0x00219bef40456d2dULL, + 0x005684161fb3dbc9ULL, 0x004a4e9be49a76eaULL, + 0x006e685ae88b78ffULL, 0x0021c42f13042d3cULL) }, + { FIELD_LITERAL(0x00fb22bb5fd3ce50ULL, 0x0017b48aada7ae54ULL, + 0x00fd5c44ad19a536ULL, 0x000ccc4e4e55e45cULL, + 0x00fd637d45b4c3f5ULL, 0x0038914e023c37cfULL, + 0x00ac1881d6a8d898ULL, 0x00611ed8d3d943a8ULL) }, + { FIELD_LITERAL(0x0056e2259d113d2bULL, 0x00594819b284ec16ULL, + 0x00c7bf794bb36696ULL, 0x00721ee75097cdc6ULL, + 0x00f71be9047a2892ULL, 0x00df6ba142564edfULL, + 0x0069580b7a184e8dULL, 0x00f056e38fca0feeULL) }, + } }, + { { + { FIELD_LITERAL(0x009df98566a18c6dULL, 0x00cf3a200968f219ULL, + 0x0044ba60da6d9086ULL, 0x00dbc9c0e344da03ULL, + 0x000f9401c4466855ULL, 0x00d46a57c5b0a8d1ULL, + 0x00875a635d7ac7c6ULL, 0x00ef4a933b7e0ae6ULL) }, + { FIELD_LITERAL(0x005e8694077a1535ULL, 0x008bef75f71c8f1dULL, + 0x000a7c1316423511ULL, 0x00906e1d70604320ULL, + 0x003fc46c1a2ffbd6ULL, 0x00d1d5022e68f360ULL, + 0x002515fba37bbf46ULL, 0x00ca16234e023b44ULL) }, + { FIELD_LITERAL(0x00787c99561f4690ULL, 0x00a857a8c1561f27ULL, + 0x00a10df9223c09feULL, 0x00b98a9562e3b154ULL, + 0x004330b8744c3ed2ULL, 0x00e06812807ec5c4ULL, + 0x00e4cf6a7db9f1e3ULL, 0x00d95b089f132a34ULL) }, + } }, + { { + { FIELD_LITERAL(0x002922b39ca33eecULL, 0x0090d12a5f3ab194ULL, + 0x00ab60c02fb5f8edULL, 0x00188d292abba1cfULL, + 0x00e10edec9698f6eULL, 0x0069a4d9934133c8ULL, + 0x0024aac40e6d3d06ULL, 0x001702c2177661b0ULL) }, + { FIELD_LITERAL(0x00139078397030bdULL, 0x000e3c447e859a00ULL, + 0x0064a5b334c82393ULL, 0x00b8aabeb7358093ULL, + 0x00020778bb9ae73bULL, 0x0032ee94c7892a18ULL, + 0x008215253cb41bdaULL, 0x005e2797593517aeULL) }, + { FIELD_LITERAL(0x0083765a5f855d4aULL, 0x0051b6d1351b8ee2ULL, + 0x00116de548b0f7bbULL, 0x0087bd88703affa0ULL, + 0x0095b2cc34d7fdd2ULL, 0x0084cd81b53f0bc8ULL, + 0x008562fc995350edULL, 0x00a39abb193651e3ULL) }, + } }, + { { + { FIELD_LITERAL(0x0019e23f0474b114ULL, 0x00eb94c2ad3b437eULL, + 0x006ddb34683b75acULL, 0x00391f9209b564c6ULL, + 0x00083b3bb3bff7aaULL, 0x00eedcd0f6dceefcULL, + 0x00b50817f794fe01ULL, 0x0036474deaaa75c9ULL) }, + { FIELD_LITERAL(0x0091868594265aa2ULL, 0x00797accae98ca6dULL, + 0x0008d8c5f0f8a184ULL, 0x00d1f4f1c2b2fe6eULL, + 0x0036783dfb48a006ULL, 0x008c165120503527ULL, + 0x0025fd780058ce9bULL, 0x0068beb007be7d27ULL) }, + { FIELD_LITERAL(0x00d0ff88aa7c90c2ULL, 0x00b2c60dacf53394ULL, + 0x0094a7284d9666d6ULL, 0x00bed9022ce7a19dULL, + 0x00c51553f0cd7682ULL, 0x00c3fb870b124992ULL, + 0x008d0bc539956c9bULL, 0x00fc8cf258bb8885ULL) }, + } }, + { { + { FIELD_LITERAL(0x003667bf998406f8ULL, 0x0000115c43a12975ULL, + 0x001e662f3b20e8fdULL, 0x0019ffa534cb24ebULL, + 0x00016be0dc8efb45ULL, 0x00ff76a8b26243f5ULL, + 0x00ae20d241a541e3ULL, 0x0069bd6af13cd430ULL) }, + { FIELD_LITERAL(0x0045fdc16487cda3ULL, 0x00b2d8e844cf2ed7ULL, + 0x00612c50e88c1607ULL, 0x00a08aabc66c1672ULL, + 0x006031fdcbb24d97ULL, 0x001b639525744b93ULL, + 0x004409d62639ab17ULL, 0x00a1853d0347ab1dULL) }, + { FIELD_LITERAL(0x0075a1a56ebf5c21ULL, 0x00a3e72be9ac53edULL, + 0x00efcde1629170c2ULL, 0x0004225fe91ef535ULL, + 0x0088049fc73dfda7ULL, 0x004abc74857e1288ULL, + 0x0024e2434657317cULL, 0x00d98cb3d3e5543cULL) }, + } }, + { { + { FIELD_LITERAL(0x00b4b53eab6bdb19ULL, 0x009b22d8b43711d0ULL, + 0x00d948b9d961785dULL, 0x00cb167b6f279eadULL, + 0x00191de3a678e1c9ULL, 0x00d9dd9511095c2eULL, + 0x00f284324cd43067ULL, 0x00ed74fa535151ddULL) }, + { FIELD_LITERAL(0x007e32c049b5c477ULL, 0x009d2bfdbd9bcfd8ULL, + 0x00636e93045938c6ULL, 0x007fde4af7687298ULL, + 0x0046a5184fafa5d3ULL, 0x0079b1e7f13a359bULL, + 0x00875adf1fb927d6ULL, 0x00333e21c61bcad2ULL) }, + { FIELD_LITERAL(0x00048014f73d8b8dULL, 0x0075684aa0966388ULL, + 0x0092be7df06dc47cULL, 0x0097cebcd0f5568aULL, + 0x005a7004d9c4c6a9ULL, 0x00b0ecbb659924c7ULL, + 0x00d90332dd492a7cULL, 0x0057fc14df11493dULL) }, + } }, + { { + { FIELD_LITERAL(0x0008ed8ea0ad95beULL, 0x0041d324b9709645ULL, + 0x00e25412257a19b4ULL, 0x0058df9f3423d8d2ULL, + 0x00a9ab20def71304ULL, 0x009ae0dbf8ac4a81ULL, + 0x00c9565977e4392aULL, 0x003c9269444baf55ULL) }, + { FIELD_LITERAL(0x007df6cbb926830bULL, 0x00d336058ae37865ULL, + 0x007af47dac696423ULL, 0x0048d3011ec64ac8ULL, + 0x006b87666e40049fULL, 0x0036a2e0e51303d7ULL, + 0x00ba319bd79dbc55ULL, 0x003e2737ecc94f53ULL) }, + { FIELD_LITERAL(0x00d296ff726272d9ULL, 0x00f6d097928fcf57ULL, + 0x00e0e616a55d7013ULL, 0x00deaf454ed9eac7ULL, + 0x0073a56bedef4d92ULL, 0x006ccfdf6fc92e19ULL, + 0x009d1ee1371a7218ULL, 0x00ee3c2ee4462d80ULL) }, + } }, + { { + { FIELD_LITERAL(0x00437bce9bccdf9dULL, 0x00e0c8e2f85dc0a3ULL, + 0x00c91a7073995a19ULL, 0x00856ec9fe294559ULL, + 0x009e4b33394b156eULL, 0x00e245b0dc497e5cULL, + 0x006a54e687eeaeffULL, 0x00f1cd1cd00fdb7cULL) }, + { FIELD_LITERAL(0x008132ae5c5d8cd1ULL, 0x00121d68324a1d9fULL, + 0x00d6be9dafcb8c76ULL, 0x00684d9070edf745ULL, + 0x00519fbc96d7448eULL, 0x00388182fdc1f27eULL, + 0x000235baed41f158ULL, 0x00bf6cf6f1a1796aULL) }, + { FIELD_LITERAL(0x002adc4b4d148219ULL, 0x003084ada0d3a90aULL, + 0x0046de8aab0f2e4eULL, 0x00452d342a67b5fdULL, + 0x00d4b50f01d4de21ULL, 0x00db6d9fc0cefb79ULL, + 0x008c184c86a462cdULL, 0x00e17c83764d42daULL) }, + } }, + { { + { FIELD_LITERAL(0x007b2743b9a1e01aULL, 0x007847ffd42688c4ULL, + 0x006c7844d610a316ULL, 0x00f0cb8b250aa4b0ULL, + 0x00a19060143b3ae6ULL, 0x0014eb10b77cfd80ULL, + 0x000170905729dd06ULL, 0x00063b5b9cd72477ULL) }, + { FIELD_LITERAL(0x00ce382dc7993d92ULL, 0x00021153e938b4c8ULL, + 0x00096f7567f48f51ULL, 0x0058f81ddfe4b0d5ULL, + 0x00cc379a56b355c7ULL, 0x002c760770d3e819ULL, + 0x00ee22d1d26e5a40ULL, 0x00de6d93d5b082d7ULL) }, + { FIELD_LITERAL(0x000a91a42c52e056ULL, 0x00185f6b77fce7eaULL, + 0x000803c51962f6b5ULL, 0x0022528582ba563dULL, + 0x0043f8040e9856d6ULL, 0x0085a29ec81fb860ULL, + 0x005f9a611549f5ffULL, 0x00c1f974ecbd4b06ULL) }, + } }, + { { + { FIELD_LITERAL(0x005b64c6fd65ec97ULL, 0x00c1fdd7f877bc7fULL, + 0x000d9cc6c89f841cULL, 0x005c97b7f1aff9adULL, + 0x0075e3c61475d47eULL, 0x001ecb1ba8153011ULL, + 0x00fe7f1c8d71d40dULL, 0x003fa9757a229832ULL) }, + { FIELD_LITERAL(0x00ffc5c89d2b0cbaULL, 0x00d363d42e3e6fc3ULL, + 0x0019a1a0118e2e8aULL, 0x00f7baeff48882e1ULL, + 0x001bd5af28c6b514ULL, 0x0055476ca2253cb2ULL, + 0x00d8eb1977e2ddf3ULL, 0x00b173b1adb228a1ULL) }, + { FIELD_LITERAL(0x00f2cb99dd0ad707ULL, 0x00e1e08b6859ddd8ULL, + 0x000008f2d0650bccULL, 0x00d7ed392f8615c3ULL, + 0x00976750a94da27fULL, 0x003e83bb0ecb69baULL, + 0x00df8e8d15c14ac6ULL, 0x00f9f7174295d9c2ULL) }, + } }, + { { + { FIELD_LITERAL(0x00f11cc8e0e70bcbULL, 0x00e5dc689974e7ddULL, + 0x0014e409f9ee5870ULL, 0x00826e6689acbd63ULL, + 0x008a6f4e3d895d88ULL, 0x00b26a8da41fd4adULL, + 0x000fb7723f83efd7ULL, 0x009c749db0a5f6c3ULL) }, + { FIELD_LITERAL(0x002389319450f9baULL, 0x003677f31aa1250aULL, + 0x0092c3db642f38cbULL, 0x00f8b64c0dfc9773ULL, + 0x00cd49fe3505b795ULL, 0x0068105a4090a510ULL, + 0x00df0ba2072a8bb6ULL, 0x00eb396143afd8beULL) }, + { FIELD_LITERAL(0x00a0d4ecfb24cdffULL, 0x00ddaf8008ba6479ULL, + 0x00f0b3e36d4b0f44ULL, 0x003734bd3af1f146ULL, + 0x00b87e2efc75527eULL, 0x00d230df55ddab50ULL, + 0x002613257ae56c1dULL, 0x00bc0946d135934dULL) }, + } }, + { { + { FIELD_LITERAL(0x00468711bd994651ULL, 0x0033108fa67561bfULL, + 0x0089d760192a54b4ULL, 0x00adc433de9f1871ULL, + 0x000467d05f36e050ULL, 0x007847e0f0579f7fULL, + 0x00a2314ad320052dULL, 0x00b3a93649f0b243ULL) }, + { FIELD_LITERAL(0x0067f8f0c4fe26c9ULL, 0x0079c4a3cc8f67b9ULL, + 0x0082b1e62f23550dULL, 0x00f2d409caefd7f5ULL, + 0x0080e67dcdb26e81ULL, 0x0087ae993ea1f98aULL, + 0x00aa108becf61d03ULL, 0x001acf11efb608a3ULL) }, + { FIELD_LITERAL(0x008225febbab50d9ULL, 0x00f3b605e4dd2083ULL, + 0x00a32b28189e23d2ULL, 0x00d507e5e5eb4c97ULL, + 0x005a1a84e302821fULL, 0x0006f54c1c5f08c7ULL, + 0x00a347c8cb2843f0ULL, 0x0009f73e9544bfa5ULL) }, + } }, + { { + { FIELD_LITERAL(0x006c59c9ae744185ULL, 0x009fc32f1b4282cdULL, + 0x004d6348ca59b1acULL, 0x00105376881be067ULL, + 0x00af4096013147dcULL, 0x004abfb5a5cb3124ULL, + 0x000d2a7f8626c354ULL, 0x009c6ed568e07431ULL) }, + { FIELD_LITERAL(0x00e828333c297f8bULL, 0x009ef3cf8c3f7e1fULL, + 0x00ab45f8fff31cb9ULL, 0x00c8b4178cb0b013ULL, + 0x00d0c50dd3260a3fULL, 0x0097126ac257f5bcULL, + 0x0042376cc90c705aULL, 0x001d96fdb4a1071eULL) }, + { FIELD_LITERAL(0x00542d44d89ee1a8ULL, 0x00306642e0442d98ULL, + 0x0090853872b87338ULL, 0x002362cbf22dc044ULL, + 0x002c222adff663b8ULL, 0x0067c924495fcb79ULL, + 0x000e621d983c977cULL, 0x00df77a9eccb66fbULL) }, + } }, + { { + { FIELD_LITERAL(0x002809e4bbf1814aULL, 0x00b9e854f9fafb32ULL, + 0x00d35e67c10f7a67ULL, 0x008f1bcb76e748cfULL, + 0x004224d9515687d2ULL, 0x005ba0b774e620c4ULL, + 0x00b5e57db5d54119ULL, 0x00e15babe5683282ULL) }, + { FIELD_LITERAL(0x00832d02369b482cULL, 0x00cba52ff0d93450ULL, + 0x003fa9c908d554dbULL, 0x008d1e357b54122fULL, + 0x00abd91c2dc950c6ULL, 0x007eff1df4c0ec69ULL, + 0x003f6aeb13fb2d31ULL, 0x00002d6179fc5b2cULL) }, + { FIELD_LITERAL(0x0046c9eda81c9c89ULL, 0x00b60cb71c8f62fcULL, + 0x0022f5a683baa558ULL, 0x00f87319fccdf997ULL, + 0x009ca09b51ce6a22ULL, 0x005b12baf4af7d77ULL, + 0x008a46524a1e33e2ULL, 0x00035a77e988be0dULL) }, + } }, + { { + { FIELD_LITERAL(0x00a7efe46a7dbe2fULL, 0x002f66fd55014fe7ULL, + 0x006a428afa1ff026ULL, 0x0056caaa9604ab72ULL, + 0x0033f3bcd7fac8aeULL, 0x00ccb1aa01c86764ULL, + 0x00158d1edf13bf40ULL, 0x009848ee76fcf3b4ULL) }, + { FIELD_LITERAL(0x00a9e7730a819691ULL, 0x00d9cc73c4992b70ULL, + 0x00e299bde067de5aULL, 0x008c314eb705192aULL, + 0x00e7226f17e8a3ccULL, 0x0029dfd956e65a47ULL, + 0x0053a8e839073b12ULL, 0x006f942b2ab1597eULL) }, + { FIELD_LITERAL(0x001c3d780ecd5e39ULL, 0x0094f247fbdcc5feULL, + 0x00d5c786fd527764ULL, 0x00b6f4da74f0db2aULL, + 0x0080f1f8badcd5fcULL, 0x00f36a373ad2e23bULL, + 0x00f804f9f4343bf2ULL, 0x00d1af40ec623982ULL) }, + } }, + { { + { FIELD_LITERAL(0x0082aeace5f1b144ULL, 0x00f68b3108cf4dd3ULL, + 0x00634af01dde3020ULL, 0x000beab5df5c2355ULL, + 0x00e8b790d1b49b0bULL, 0x00e48d15854e36f4ULL, + 0x0040ab2d95f3db9fULL, 0x002711c4ed9e899aULL) }, + { FIELD_LITERAL(0x0039343746531ebeULL, 0x00c8509d835d429dULL, + 0x00e79eceff6b0018ULL, 0x004abfd31e8efce5ULL, + 0x007bbfaaa1e20210ULL, 0x00e3be89c193e179ULL, + 0x001c420f4c31d585ULL, 0x00f414a315bef5aeULL) }, + { FIELD_LITERAL(0x007c296a24990df8ULL, 0x00d5d07525a75588ULL, + 0x00dd8e113e94b7e7ULL, 0x007bbc58febe0cc8ULL, + 0x0029f51af9bfcad3ULL, 0x007e9311ec7ab6f3ULL, + 0x009a884de1676343ULL, 0x0050d5f2dce84be9ULL) }, + } }, + { { + { FIELD_LITERAL(0x005fa020cca2450aULL, 0x00491c29db6416d8ULL, + 0x0037cefe3f9f9a85ULL, 0x003d405230647066ULL, + 0x0049e835f0fdbe89ULL, 0x00feb78ac1a0815cULL, + 0x00828e4b32dc9724ULL, 0x00db84f2dc8d6fd4ULL) }, + { FIELD_LITERAL(0x0098cddc8b39549aULL, 0x006da37e3b05d22cULL, + 0x00ce633cfd4eb3cbULL, 0x00fda288ef526acdULL, + 0x0025338878c5d30aULL, 0x00f34438c4e5a1b4ULL, + 0x00584efea7c310f1ULL, 0x0041a551f1b660adULL) }, + { FIELD_LITERAL(0x00d7f7a8fbd6437aULL, 0x0062872413bf3753ULL, + 0x00ad4bbcb43c584bULL, 0x007fe49be601d7e3ULL, + 0x0077c659789babf4ULL, 0x00eb45fcb06a741bULL, + 0x005ce244913f9708ULL, 0x0088426401736326ULL) }, + } }, + { { + { FIELD_LITERAL(0x007bf562ca768d7cULL, 0x006c1f3a174e387cULL, + 0x00f024b447fee939ULL, 0x007e7af75f01143fULL, + 0x003adb70b4eed89dULL, 0x00e43544021ad79aULL, + 0x0091f7f7042011f6ULL, 0x0093c1a1ee3a0ddcULL) }, + { FIELD_LITERAL(0x00a0b68ec1eb72d2ULL, 0x002c03235c0d45a0ULL, + 0x00553627323fe8c5ULL, 0x006186e94b17af94ULL, + 0x00a9906196e29f14ULL, 0x0025b3aee6567733ULL, + 0x007e0dd840080517ULL, 0x0018eb5801a4ba93ULL) }, + { FIELD_LITERAL(0x00d7fe7017bf6a40ULL, 0x006e3f0624be0c42ULL, + 0x00ffbba205358245ULL, 0x00f9fc2cf8194239ULL, + 0x008d93b37bf15b4eULL, 0x006ddf2e38be8e95ULL, + 0x002b6e79bf5fcff9ULL, 0x00ab355da425e2deULL) }, + } }, + { { + { FIELD_LITERAL(0x00938f97e20be973ULL, 0x0099141a36aaf306ULL, + 0x0057b0ca29e545a1ULL, 0x0085db571f9fbc13ULL, + 0x008b333c554b4693ULL, 0x0043ab6ef3e241cbULL, + 0x0054fb20aa1e5c70ULL, 0x00be0ff852760adfULL) }, + { FIELD_LITERAL(0x003973d8938971d6ULL, 0x002aca26fa80c1f5ULL, + 0x00108af1faa6b513ULL, 0x00daae275d7924e6ULL, + 0x0053634ced721308ULL, 0x00d2355fe0bbd443ULL, + 0x00357612b2d22095ULL, 0x00f9bb9dd4136cf3ULL) }, + { FIELD_LITERAL(0x002bff12cf5e03a5ULL, 0x001bdb1fa8a19cf8ULL, + 0x00c91c6793f84d39ULL, 0x00f869f1b2eba9afULL, + 0x0059bc547dc3236bULL, 0x00d91611d6d38689ULL, + 0x00e062daaa2c0214ULL, 0x00ed3c047cc2bc82ULL) }, + } }, + { { + { FIELD_LITERAL(0x000050d70c32b31aULL, 0x001939d576d437b3ULL, + 0x00d709e598bf9fe6ULL, 0x00a885b34bd2ee9eULL, + 0x00dd4b5c08ab1a50ULL, 0x0091bebd50b55639ULL, + 0x00cf79ff64acdbc6ULL, 0x006067a39d826336ULL) }, + { FIELD_LITERAL(0x0062dd0fb31be374ULL, 0x00fcc96b84c8e727ULL, + 0x003f64f1375e6ae3ULL, 0x0057d9b6dd1af004ULL, + 0x00d6a167b1103c7bULL, 0x00dd28f3180fb537ULL, + 0x004ff27ad7167128ULL, 0x008934c33461f2acULL) }, + { FIELD_LITERAL(0x0065b472b7900043ULL, 0x00ba7efd2ff1064bULL, + 0x000b67d6c4c3020fULL, 0x0012d28469f4e46dULL, + 0x0031c32939703ec7ULL, 0x00b49f0bce133066ULL, + 0x00f7e10416181d47ULL, 0x005c90f51867eeccULL) }, + } }, + { { + { FIELD_LITERAL(0x0051207abd179101ULL, 0x00fc2a5c20d9c5daULL, + 0x00fb9d5f2701b6dfULL, 0x002dd040fdea82b8ULL, + 0x00f163b0738442ffULL, 0x00d9736bd68855b8ULL, + 0x00e0d8e93005e61cULL, 0x00df5a40b3988570ULL) }, + { FIELD_LITERAL(0x0006918f5dfce6dcULL, 0x00d4bf1c793c57fbULL, + 0x0069a3f649435364ULL, 0x00e89a50e5b0cd6eULL, + 0x00b9f6a237e973afULL, 0x006d4ed8b104e41dULL, + 0x00498946a3924cd2ULL, 0x00c136ec5ac9d4f7ULL) }, + { FIELD_LITERAL(0x0011a9c290ac5336ULL, 0x002b9a2d4a6a6533ULL, + 0x009a8a68c445d937ULL, 0x00361b27b07e5e5cULL, + 0x003c043b1755b974ULL, 0x00b7eb66cf1155eeULL, + 0x0077af5909eefff2ULL, 0x0098f609877cc806ULL) }, + } }, + { { + { FIELD_LITERAL(0x00ab13af436bf8f4ULL, 0x000bcf0a0dac8574ULL, + 0x00d50c864f705045ULL, 0x00c40e611debc842ULL, + 0x0085010489bd5caaULL, 0x007c5050acec026fULL, + 0x00f67d943c8da6d1ULL, 0x00de1da0278074c6ULL) }, + { FIELD_LITERAL(0x00b373076597455fULL, 0x00e83f1af53ac0f5ULL, + 0x0041f63c01dc6840ULL, 0x0097dea19b0c6f4bULL, + 0x007f9d63b4c1572cULL, 0x00e692d492d0f5f0ULL, + 0x00cbcb392e83b4adULL, 0x0069c0f39ed9b1a8ULL) }, + { FIELD_LITERAL(0x00861030012707c9ULL, 0x009fbbdc7fd4aafbULL, + 0x008f591d6b554822ULL, 0x00df08a41ea18adeULL, + 0x009d7d83e642abeaULL, 0x0098c71bda3b78ffULL, + 0x0022c89e7021f005ULL, 0x0044d29a3fe1e3c4ULL) }, + } }, + { { + { FIELD_LITERAL(0x00e748cd7b5c52f2ULL, 0x00ea9df883f89cc3ULL, + 0x0018970df156b6c7ULL, 0x00c5a46c2a33a847ULL, + 0x00cbde395e32aa09ULL, 0x0072474ebb423140ULL, + 0x00fb00053086a23dULL, 0x001dafcfe22d4e1fULL) }, + { FIELD_LITERAL(0x00c903ee6d825540ULL, 0x00add6c4cf98473eULL, + 0x007636efed4227f1ULL, 0x00905124ae55e772ULL, + 0x00e6b38fab12ed53ULL, 0x0045e132b863fe55ULL, + 0x003974662edb366aULL, 0x00b1787052be8208ULL) }, + { FIELD_LITERAL(0x00a614b00d775c7cULL, 0x00d7c78941cc7754ULL, + 0x00422dd68b5dabc4ULL, 0x00a6110f0167d28bULL, + 0x00685a309c252886ULL, 0x00b439ffd5143660ULL, + 0x003656e29ee7396fULL, 0x00c7c9b9ed5ad854ULL) }, + } }, + { { + { FIELD_LITERAL(0x0040f7e7c5b37bf2ULL, 0x0064e4dc81181bbaULL, + 0x00a8767ae2a366b6ULL, 0x001496b4f90546f2ULL, + 0x002a28493f860441ULL, 0x0021f59513049a3aULL, + 0x00852d369a8b7ee3ULL, 0x00dd2e7d8b7d30a9ULL) }, + { FIELD_LITERAL(0x00006e34a35d9fbcULL, 0x00eee4e48b2f019aULL, + 0x006b344743003a5fULL, 0x00541d514f04a7e3ULL, + 0x00e81f9ee7647455ULL, 0x005e2b916c438f81ULL, + 0x00116f8137b7eff0ULL, 0x009bd3decc7039d1ULL) }, + { FIELD_LITERAL(0x0005d226f434110dULL, 0x00af8288b8ef21d5ULL, + 0x004a7a52ef181c8cULL, 0x00be0b781b4b06deULL, + 0x00e6e3627ded07e1ULL, 0x00e43aa342272b8bULL, + 0x00e86ab424577d84ULL, 0x00fb292c566e35bbULL) }, + } }, + { { + { FIELD_LITERAL(0x00334f5303ea1222ULL, 0x00dfb3dbeb0a5d3eULL, + 0x002940d9592335c1ULL, 0x00706a7a63e8938aULL, + 0x005a533558bc4cafULL, 0x00558e33192022a9ULL, + 0x00970d9faf74c133ULL, 0x002979fcb63493caULL) }, + { FIELD_LITERAL(0x00e38abece3c82abULL, 0x005a51f18a2c7a86ULL, + 0x009dafa2e86d592eULL, 0x00495a62eb688678ULL, + 0x00b79df74c0eb212ULL, 0x0023e8cc78b75982ULL, + 0x005998cb91075e13ULL, 0x00735aa9ba61bc76ULL) }, + { FIELD_LITERAL(0x00d9f7a82ddbe628ULL, 0x00a1fc782889ae0fULL, + 0x0071ffda12d14b66ULL, 0x0037cf4eca7fb3d5ULL, + 0x00c80bc242c58808ULL, 0x0075bf8c2d08c863ULL, + 0x008d41f31afc52a7ULL, 0x00197962ecf38741ULL) }, + } }, + { { + { FIELD_LITERAL(0x006e9f475cccf2eeULL, 0x00454b9cd506430cULL, + 0x00224a4fb79ee479ULL, 0x0062e3347ef0b5e2ULL, + 0x0034fd2a3512232aULL, 0x00b8b3cb0f457046ULL, + 0x00eb20165daa38ecULL, 0x00128eebc2d9c0f7ULL) }, + { FIELD_LITERAL(0x00bfc5fa1e4ea21fULL, 0x00c21d7b6bb892e6ULL, + 0x00cf043f3acf0291ULL, 0x00c13f2f849b3c90ULL, + 0x00d1a97ebef10891ULL, 0x0061e130a445e7feULL, + 0x0019513fdedbf22bULL, 0x001d60c813bff841ULL) }, + { FIELD_LITERAL(0x0019561c7fcf0213ULL, 0x00e3dca6843ebd77ULL, + 0x0068ea95b9ca920eULL, 0x009bdfb70f253595ULL, + 0x00c68f59186aa02aULL, 0x005aee1cca1c3039ULL, + 0x00ab79a8a937a1ceULL, 0x00b9a0e549959e6fULL) }, + } }, + { { + { FIELD_LITERAL(0x00c79e0b6d97dfbdULL, 0x00917c71fd2bc6e8ULL, + 0x00db7529ccfb63d8ULL, 0x00be5be957f17866ULL, + 0x00a9e11fdc2cdac1ULL, 0x007b91a8e1f44443ULL, + 0x00a3065e4057d80fULL, 0x004825f5b8d5f6d4ULL) }, + { FIELD_LITERAL(0x003e4964fa8a8fc8ULL, 0x00f6a1cdbcf41689ULL, + 0x00943cb18fe7fda7ULL, 0x00606dafbf34440aULL, + 0x005d37a86399c789ULL, 0x00e79a2a69417403ULL, + 0x00fe34f7e68b8866ULL, 0x0011f448ed2df10eULL) }, + { FIELD_LITERAL(0x00f1f57efcc1fcc4ULL, 0x00513679117de154ULL, + 0x002e5b5b7c86d8c3ULL, 0x009f6486561f9cfbULL, + 0x00169e74b0170cf7ULL, 0x00900205af4af696ULL, + 0x006acfddb77853f3ULL, 0x00df184c90f31068ULL) }, + } }, + { { + { FIELD_LITERAL(0x00b37396c3320791ULL, 0x00fc7b67175c5783ULL, + 0x00c36d2cd73ecc38ULL, 0x0080ebcc0b328fc5ULL, + 0x0043a5b22b35d35dULL, 0x00466c9f1713c9daULL, + 0x0026ad346dcaa8daULL, 0x007c684e701183a6ULL) }, + { FIELD_LITERAL(0x00fd579ffb691713ULL, 0x00b76af4f81c412dULL, + 0x00f239de96110f82ULL, 0x00e965fb437f0306ULL, + 0x00ca7e9436900921ULL, 0x00e487f1325fa24aULL, + 0x00633907de476380ULL, 0x00721c62ac5b8ea0ULL) }, + { FIELD_LITERAL(0x00c0d54e542eb4f9ULL, 0x004ed657171c8dcfULL, + 0x00b743a4f7c2a39bULL, 0x00fd9f93ed6cc567ULL, + 0x00307fae3113e58bULL, 0x0058aa577c93c319ULL, + 0x00d254556f35b346ULL, 0x00491aada2203f0dULL) }, + } }, + { { + { FIELD_LITERAL(0x00dff3103786ff34ULL, 0x000144553b1f20c3ULL, + 0x0095613baeb930e4ULL, 0x00098058275ea5d4ULL, + 0x007cd1402b046756ULL, 0x0074d74e4d58aee3ULL, + 0x005f93fc343ff69bULL, 0x00873df17296b3b0ULL) }, + { FIELD_LITERAL(0x00c4a1fb48635413ULL, 0x00b5dd54423ad59fULL, + 0x009ff5d53fd24a88ULL, 0x003c98d267fc06a7ULL, + 0x002db7cb20013641ULL, 0x00bd1d6716e191f2ULL, + 0x006dbc8b29094241ULL, 0x0044bbf233dafa2cULL) }, + { FIELD_LITERAL(0x0055838d41f531e6ULL, 0x00bf6a2dd03c81b2ULL, + 0x005827a061c4839eULL, 0x0000de2cbb36aac3ULL, + 0x002efa29d9717478ULL, 0x00f9e928cc8a77baULL, + 0x00c134b458def9efULL, 0x00958a182223fc48ULL) }, + } }, + { { + { FIELD_LITERAL(0x000a9ee23c06881fULL, 0x002c727d3d871945ULL, + 0x00f47d971512d24aULL, 0x00671e816f9ef31aULL, + 0x00883af2cfaad673ULL, 0x00601f98583d6c9aULL, + 0x00b435f5adc79655ULL, 0x00ad87b71c04bff2ULL) }, + { FIELD_LITERAL(0x007860d99db787cfULL, 0x00fda8983018f4a8ULL, + 0x008c8866bac4743cULL, 0x00ef471f84c82a3fULL, + 0x00abea5976d3b8e7ULL, 0x00714882896cd015ULL, + 0x00b49fae584ddac5ULL, 0x008e33a1a0b69c81ULL) }, + { FIELD_LITERAL(0x007b6ee2c9e8a9ecULL, 0x002455dbbd89d622ULL, + 0x006490cf4eaab038ULL, 0x00d925f6c3081561ULL, + 0x00153b3047de7382ULL, 0x003b421f8bdceb6fULL, + 0x00761a4a5049da78ULL, 0x00980348c5202433ULL) }, + } }, + { { + { FIELD_LITERAL(0x007f8a43da97dd5cULL, 0x00058539c800fc7bULL, + 0x0040f3cf5a28414aULL, 0x00d68dd0d95283d6ULL, + 0x004adce9da90146eULL, 0x00befa41c7d4f908ULL, + 0x007603bc2e3c3060ULL, 0x00bdf360ab3545dbULL) }, + { FIELD_LITERAL(0x00eebfd4e2312cc3ULL, 0x00474b2564e4fc8cULL, + 0x003303ef14b1da9bULL, 0x003c93e0e66beb1dULL, + 0x0013619b0566925aULL, 0x008817c24d901bf3ULL, + 0x00b62bd8898d218bULL, 0x0075a7716f1e88a2ULL) }, + { FIELD_LITERAL(0x0009218da1e6890fULL, 0x0026907f5fd02575ULL, + 0x004dabed5f19d605ULL, 0x003abf181870249dULL, + 0x00b52fd048cc92c4ULL, 0x00b6dd51e415a5c5ULL, + 0x00d9eb82bd2b4014ULL, 0x002c865a43b46b43ULL) }, + } }, + { { + { FIELD_LITERAL(0x0070047189452f4cULL, 0x00f7ad12e1ce78d5ULL, + 0x00af1ba51ec44a8bULL, 0x005f39f63e667cd6ULL, + 0x00058eac4648425eULL, 0x00d7fdab42bea03bULL, + 0x0028576a5688de15ULL, 0x00af973209e77c10ULL) }, + { FIELD_LITERAL(0x00c338b915d8fef0ULL, 0x00a893292045c39aULL, + 0x0028ab4f2eba6887ULL, 0x0060743cb519fd61ULL, + 0x0006213964093ac0ULL, 0x007c0b7a43f6266dULL, + 0x008e3557c4fa5bdaULL, 0x002da976de7b8d9dULL) }, + { FIELD_LITERAL(0x0048729f8a8b6dcdULL, 0x00fe23b85cc4d323ULL, + 0x00e7384d16e4db0eULL, 0x004a423970678942ULL, + 0x00ec0b763345d4baULL, 0x00c477b9f99ed721ULL, + 0x00c29dad3777b230ULL, 0x001c517b466f7df6ULL) }, + } }, + { { + { FIELD_LITERAL(0x006366c380f7b574ULL, 0x001c7d1f09ff0438ULL, + 0x003e20a7301f5b22ULL, 0x00d3efb1916d28f6ULL, + 0x0049f4f81060ce83ULL, 0x00c69d91ea43ced1ULL, + 0x002b6f3e5cd269edULL, 0x005b0fb22ce9ec65ULL) }, + { FIELD_LITERAL(0x00aa2261022d883fULL, 0x00ebcca4548010acULL, + 0x002528512e28a437ULL, 0x0070ca7676b66082ULL, + 0x0084bda170f7c6d3ULL, 0x00581b4747c9b8bbULL, + 0x005c96a01061c7e2ULL, 0x00fb7c4a362b5273ULL) }, + { FIELD_LITERAL(0x00c30020eb512d02ULL, 0x0060f288283a4d26ULL, + 0x00b7ed13becde260ULL, 0x0075ebb74220f6e9ULL, + 0x00701079fcfe8a1fULL, 0x001c28fcdff58938ULL, + 0x002e4544b8f4df6bULL, 0x0060c5bc4f1a7d73ULL) }, + } }, + { { + { FIELD_LITERAL(0x00ae307cf069f701ULL, 0x005859f222dd618bULL, + 0x00212d6c46ec0b0dULL, 0x00a0fe4642afb62dULL, + 0x00420d8e4a0a8903ULL, 0x00a80ff639bdf7b0ULL, + 0x0019bee1490b5d8eULL, 0x007439e4b9c27a86ULL) }, + { FIELD_LITERAL(0x00a94700032a093fULL, 0x0076e96c225216e7ULL, + 0x00a63a4316e45f91ULL, 0x007d8bbb4645d3b2ULL, + 0x00340a6ff22793ebULL, 0x006f935d4572aeb7ULL, + 0x00b1fb69f00afa28ULL, 0x009e8f3423161ed3ULL) }, + { FIELD_LITERAL(0x009ef49c6b5ced17ULL, 0x00a555e6269e9f0aULL, + 0x007e6f1d79ec73b5ULL, 0x009ac78695a32ac4ULL, + 0x0001d77fbbcd5682ULL, 0x008cea1fee0aaeedULL, + 0x00f42bea82a53462ULL, 0x002e46ab96cafcc9ULL) }, + } }, + { { + { FIELD_LITERAL(0x0051cfcc5885377aULL, 0x00dce566cb1803caULL, + 0x00430c7643f2c7d4ULL, 0x00dce1a1337bdcc0ULL, + 0x0010d5bd7283c128ULL, 0x003b1b547f9b46feULL, + 0x000f245e37e770abULL, 0x007b72511f022b37ULL) }, + { FIELD_LITERAL(0x0060db815bc4786cULL, 0x006fab25beedc434ULL, + 0x00c610d06084797cULL, 0x000c48f08537bec0ULL, + 0x0031aba51c5b93daULL, 0x007968fa6e01f347ULL, + 0x0030070da52840c6ULL, 0x00c043c225a4837fULL) }, + { FIELD_LITERAL(0x001bcfd00649ee93ULL, 0x006dceb47e2a0fd5ULL, + 0x00f2cebda0cf8fd0ULL, 0x00b6b9d9d1fbdec3ULL, + 0x00815262e6490611ULL, 0x00ef7f5ce3176760ULL, + 0x00e49cd0c998d58bULL, 0x005fc6cc269ba57cULL) }, + } }, + { { + { FIELD_LITERAL(0x008940211aa0d633ULL, 0x00addae28136571dULL, + 0x00d68fdbba20d673ULL, 0x003bc6129bc9e21aULL, + 0x000346cf184ebe9aULL, 0x0068774d741ebc7fULL, + 0x0019d5e9e6966557ULL, 0x0003cbd7f981b651ULL) }, + { FIELD_LITERAL(0x004a2902926f8d3fULL, 0x00ad79b42637ab75ULL, + 0x0088f60b90f2d4e8ULL, 0x0030f54ef0e398c4ULL, + 0x00021dc9bf99681eULL, 0x007ebf66fde74ee3ULL, + 0x004ade654386e9a4ULL, 0x00e7485066be4c27ULL) }, + { FIELD_LITERAL(0x00445f1263983be0ULL, 0x004cf371dda45e6aULL, + 0x00744a89d5a310e7ULL, 0x001f20ce4f904833ULL, + 0x00e746edebe66e29ULL, 0x000912ab1f6c153dULL, + 0x00f61d77d9b2444cULL, 0x0001499cd6647610ULL) }, + } } } }; const struct curve448_precomputed_s *ossl_curve448_precomputed_base = &curve448_precomputed_base_table; static const niels_t curve448_wnaf_base_table[32] = { - {{ - {FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL, - 0x00226b9fa4728ccdULL, 0x00e822938a0a0c0cULL, - 0x00263a61c9ea9216ULL, 0x001204029321b828ULL, - 0x006a468360983c65ULL, 0x0002846f0a782143ULL)}, - {FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL, - 0x00226b9fa4728ccdULL, 0x006822938a0a0c0cULL, - 0x00263a61c9ea9215ULL, 0x001204029321b828ULL, - 0x006a468360983c65ULL, 0x0082846f0a782143ULL)}, - {FIELD_LITERAL(0x00ef8e22b275198dULL, 0x00b0eb141a0b0e8bULL, - 0x001f6789da3cb38cULL, 0x006d2ff8ed39073eULL, - 0x00610bdb69a167f3ULL, 0x00571f306c9689b4ULL, - 0x00f557e6f84b2df8ULL, 0x002affd38b2c86dbULL)}, - }}, {{ - {FIELD_LITERAL(0x00cea0fc8d2e88b5ULL, 0x00821612d69f1862ULL, - 0x0074c283b3e67522ULL, 0x005a195ba05a876dULL, - 0x000cddfe557feea4ULL, 0x008046c795bcc5e5ULL, - 0x00540969f4d6e119ULL, 0x00d27f96d6b143d5ULL)}, - {FIELD_LITERAL(0x000c3b1019d474e8ULL, 0x00e19533e4952284ULL, - 0x00cc9810ba7c920aULL, 0x00f103d2785945acULL, - 0x00bfa5696cc69b34ULL, 0x00a8d3d51e9ca839ULL, - 0x005623cb459586b9ULL, 0x00eae7ce1cd52e9eULL)}, - {FIELD_LITERAL(0x0005a178751dd7d8ULL, 0x002cc3844c69c42fULL, - 0x00acbfe5efe10539ULL, 0x009c20f43431a65aULL, - 0x008435d96374a7b3ULL, 0x009ee57566877bd3ULL, - 0x0044691725ed4757ULL, 0x001e87bb2fe2c6b2ULL)}, - }}, {{ - {FIELD_LITERAL(0x000cedc4debf7a04ULL, 0x002ffa45000470acULL, - 0x002e9f9678201915ULL, 0x0017da1208c4fe72ULL, - 0x007d558cc7d656cbULL, 0x0037a827287cf289ULL, - 0x00142472d3441819ULL, 0x009c21f166cf8dd1ULL)}, - {FIELD_LITERAL(0x003ef83af164b2f2ULL, 0x000949a5a0525d0dULL, - 0x00f4498186cac051ULL, 0x00e77ac09ef126d2ULL, - 0x0073ae0b2c9296e9ULL, 0x001c163f6922e3edULL, - 0x0062946159321beaULL, 0x00cfb79b22990b39ULL)}, - {FIELD_LITERAL(0x00b001431ca9e654ULL, 0x002d7e5eabcc9a3aULL, - 0x0052e8114c2f6747ULL, 0x0079ac4f94487f92ULL, - 0x00bffd919b5d749cULL, 0x00261f92ad15e620ULL, - 0x00718397b7a97895ULL, 0x00c1443e6ebbc0c4ULL)}, - }}, {{ - {FIELD_LITERAL(0x00eacd90c1e0a049ULL, 0x008977935b149fbeULL, - 0x0004cb9ba11c93dcULL, 0x009fbd5b3470844dULL, - 0x004bc18c9bfc22cfULL, 0x0057679a991839f3ULL, - 0x00ef15b76fb4092eULL, 0x0074a5173a225041ULL)}, - {FIELD_LITERAL(0x003f5f9d7ec4777bULL, 0x00ab2e733c919c94ULL, - 0x001bb6c035245ae5ULL, 0x00a325a49a883630ULL, - 0x0033e9a9ea3cea2fULL, 0x00e442a1eaa0e844ULL, - 0x00b2116d5b0e71b8ULL, 0x00c16abed6d64047ULL)}, - {FIELD_LITERAL(0x00c560b5ed051165ULL, 0x001945adc5d65094ULL, - 0x00e221865710f910ULL, 0x00cc12bc9e9b8cebULL, - 0x004faa9518914e35ULL, 0x0017476d89d42f6dULL, - 0x00b8f637c8fa1c8bULL, 0x0088c7d2790864b8ULL)}, - }}, {{ - {FIELD_LITERAL(0x00ef7eafc1c69be6ULL, 0x0085d3855778fbeaULL, - 0x002c8d5b450cb6f5ULL, 0x004e77de5e1e7fecULL, - 0x0047c057893abdedULL, 0x001b430b85d51e16ULL, - 0x00965c7b45640c3cULL, 0x00487b2bb1162b97ULL)}, - {FIELD_LITERAL(0x0099c73a311beec2ULL, 0x00a3eff38d8912adULL, - 0x002efa9d1d7e8972ULL, 0x00f717ae1e14d126ULL, - 0x002833f795850c8bULL, 0x0066c12ad71486bdULL, - 0x00ae9889da4820ebULL, 0x00d6044309555c08ULL)}, - {FIELD_LITERAL(0x004b1c5283d15e41ULL, 0x00669d8ea308ff75ULL, - 0x0004390233f762a1ULL, 0x00e1d67b83cb6cecULL, - 0x003eebaa964c78b1ULL, 0x006b0aff965eb664ULL, - 0x00b313d4470bdc37ULL, 0x008814ffcb3cb9d8ULL)}, - }}, {{ - {FIELD_LITERAL(0x009724b8ce68db70ULL, 0x007678b5ed006f3dULL, - 0x00bdf4b89c0abd73ULL, 0x00299748e04c7c6dULL, - 0x00ddd86492c3c977ULL, 0x00c5a7febfa30a99ULL, - 0x00ed84715b4b02bbULL, 0x00319568adf70486ULL)}, - {FIELD_LITERAL(0x0070ff2d864de5bbULL, 0x005a37eeb637ee95ULL, - 0x0033741c258de160ULL, 0x00e6ca5cb1988f46ULL, - 0x001ceabd92a24661ULL, 0x0030957bd500fe40ULL, - 0x001c3362afe912c5ULL, 0x005187889f678bd2ULL)}, - {FIELD_LITERAL(0x0086835fc62bbdc7ULL, 0x009c3516ca4910a1ULL, - 0x00956c71f8d00783ULL, 0x0095c78fcf63235fULL, - 0x00fc7ff6ba05c222ULL, 0x00cdd8b3f8d74a52ULL, - 0x00ac5ae16de8256eULL, 0x00e9d4be8ed48624ULL)}, - }}, {{ - {FIELD_LITERAL(0x00c0ce11405df2d8ULL, 0x004e3f37b293d7b6ULL, - 0x002410172e1ac6dbULL, 0x00b8dbff4bf8143dULL, - 0x003a7b409d56eb66ULL, 0x003e0f6a0dfef9afULL, - 0x0081c4e4d3645be1ULL, 0x00ce76076b127623ULL)}, - {FIELD_LITERAL(0x00f6ee0f98974239ULL, 0x0042d89af07d3a4fULL, - 0x00846b7fe84346b5ULL, 0x006a21fc6a8d39a1ULL, - 0x00ac8bc2541ff2d9ULL, 0x006d4e2a77732732ULL, - 0x009a39b694cc3f2fULL, 0x0085c0aa2a404c8fULL)}, - {FIELD_LITERAL(0x00b261101a218548ULL, 0x00c1cae96424277bULL, - 0x00869da0a77dd268ULL, 0x00bc0b09f8ec83eaULL, - 0x00d61027f8e82ba9ULL, 0x00aa4c85999dce67ULL, - 0x00eac3132b9f3fe1ULL, 0x00fb9b0cf1c695d2ULL)}, - }}, {{ - {FIELD_LITERAL(0x0043079295512f0dULL, 0x0046a009861758e0ULL, - 0x003ee2842a807378ULL, 0x0034cc9d1298e4faULL, - 0x009744eb4d31b3eeULL, 0x00afacec96650cd0ULL, - 0x00ac891b313761aeULL, 0x00e864d6d26e708aULL)}, - {FIELD_LITERAL(0x00a84d7c8a23b491ULL, 0x0088e19aa868b27fULL, - 0x0005986d43e78ce9ULL, 0x00f28012f0606d28ULL, - 0x0017ded7e10249b3ULL, 0x005ed4084b23af9bULL, - 0x00b9b0a940564472ULL, 0x00ad9056cceeb1f4ULL)}, - {FIELD_LITERAL(0x00db91b357fe755eULL, 0x00a1aa544b15359cULL, - 0x00af4931a0195574ULL, 0x007686124fe11aefULL, - 0x00d1ead3c7b9ef7eULL, 0x00aaf5fc580f8c15ULL, - 0x00e727be147ee1ecULL, 0x003c61c1e1577b86ULL)}, - }}, {{ - {FIELD_LITERAL(0x009d3fca983220cfULL, 0x00cd11acbc853dc4ULL, - 0x0017590409d27f1dULL, 0x00d2176698082802ULL, - 0x00fa01251b2838c8ULL, 0x00dd297a0d9b51c6ULL, - 0x00d76c92c045820aULL, 0x00534bc7c46c9033ULL)}, - {FIELD_LITERAL(0x0080ed9bc9b07338ULL, 0x00fceac7745d2652ULL, - 0x008a9d55f5f2cc69ULL, 0x0096ce72df301ac5ULL, - 0x00f53232e7974d87ULL, 0x0071728c7ae73947ULL, - 0x0090507602570778ULL, 0x00cb81cfd883b1b2ULL)}, - {FIELD_LITERAL(0x005011aadea373daULL, 0x003a8578ec896034ULL, - 0x00f20a6535fa6d71ULL, 0x005152d31e5a87cfULL, - 0x002bac1c8e68ca31ULL, 0x00b0e323db4c1381ULL, - 0x00f1d596b7d5ae25ULL, 0x00eae458097cb4e0ULL)}, - }}, {{ - {FIELD_LITERAL(0x00920ac80f9b0d21ULL, 0x00f80f7f73401246ULL, - 0x0086d37849b557d6ULL, 0x0002bd4b317b752eULL, - 0x00b26463993a42bbULL, 0x002070422a73b129ULL, - 0x00341acaa0380cb3ULL, 0x00541914dd66a1b2ULL)}, - {FIELD_LITERAL(0x00c1513cd66abe8cULL, 0x000139e01118944dULL, - 0x0064abbcb8080bbbULL, 0x00b3b08202473142ULL, - 0x00c629ef25da2403ULL, 0x00f0aec3310d9b7fULL, - 0x0050b2227472d8cdULL, 0x00f6c8a922d41fb4ULL)}, - {FIELD_LITERAL(0x001075ccf26b7b1fULL, 0x00bb6bb213170433ULL, - 0x00e9491ad262da79ULL, 0x009ef4f48d2d384cULL, - 0x008992770766f09dULL, 0x001584396b6b1101ULL, - 0x00af3f8676c9feefULL, 0x0024603c40269118ULL)}, - }}, {{ - {FIELD_LITERAL(0x009dd7b31319527cULL, 0x001e7ac948d873a9ULL, - 0x00fa54b46ef9673aULL, 0x0066efb8d5b02fe6ULL, - 0x00754b1d3928aeaeULL, 0x0004262ac72a6f6bULL, - 0x0079b7d49a6eb026ULL, 0x003126a753540102ULL)}, - {FIELD_LITERAL(0x009666e24f693947ULL, 0x00f714311269d45fULL, - 0x0010ffac1d0c851cULL, 0x0066e80c37363497ULL, - 0x00f1f4ad010c60b0ULL, 0x0015c87408470ff7ULL, - 0x00651d5e9c7766a4ULL, 0x008138819d7116deULL)}, - {FIELD_LITERAL(0x003934b11c57253bULL, 0x00ef308edf21f46eULL, - 0x00e54e99c7a16198ULL, 0x0080d57135764e63ULL, - 0x00751c27b946bc24ULL, 0x00dd389ce4e9e129ULL, - 0x00a1a2bfd1cd84dcULL, 0x002fae73e5149b32ULL)}, - }}, {{ - {FIELD_LITERAL(0x00911657dffb4cddULL, 0x00c100b7cc553d06ULL, - 0x00449d075ec467ccULL, 0x007062100bc64e70ULL, - 0x0043cf86f7bd21e7ULL, 0x00f401dc4b797deaULL, - 0x005224afb2f62e65ULL, 0x00d1ede3fb5a42beULL)}, - {FIELD_LITERAL(0x00f2ba36a41aa144ULL, 0x00a0c22d946ee18fULL, - 0x008aae8ef9a14f99ULL, 0x00eef4d79b19bb36ULL, - 0x008e75ce3d27b1fcULL, 0x00a65daa03b29a27ULL, - 0x00d9cc83684eb145ULL, 0x009e1ed80cc2ed74ULL)}, - {FIELD_LITERAL(0x00bed953d1997988ULL, 0x00b93ed175a24128ULL, - 0x00871c5963fb6365ULL, 0x00ca2df20014a787ULL, - 0x00f5d9c1d0b34322ULL, 0x00f6f5942818db0aULL, - 0x004cc091f49c9906ULL, 0x00e8a188a60bff9fULL)}, - }}, {{ - {FIELD_LITERAL(0x0032c7762032fae8ULL, 0x00e4087232e0bc21ULL, - 0x00f767344b6e8d85ULL, 0x00bbf369b76c2aa2ULL, - 0x008a1f46c6e1570cULL, 0x001368cd9780369fULL, - 0x007359a39d079430ULL, 0x0003646512921434ULL)}, - {FIELD_LITERAL(0x007c4b47ca7c73e7ULL, 0x005396221039734bULL, - 0x008b64ddf0e45d7eULL, 0x00bfad5af285e6c2ULL, - 0x008ec711c5b1a1a8ULL, 0x00cf663301237f98ULL, - 0x00917ee3f1655126ULL, 0x004152f337efedd8ULL)}, - {FIELD_LITERAL(0x0007c7edc9305daaULL, 0x000a6664f273701cULL, - 0x00f6e78795e200b1ULL, 0x005d05b9ecd2473eULL, - 0x0014f5f17c865786ULL, 0x00c7fd2d166fa995ULL, - 0x004939a2d8eb80e0ULL, 0x002244ba0942c199ULL)}, - }}, {{ - {FIELD_LITERAL(0x00321e767f0262cfULL, 0x002e57d776caf68eULL, - 0x00bf2c94814f0437ULL, 0x00c339196acd622fULL, - 0x001db4cce71e2770ULL, 0x001ded5ddba6eee2ULL, - 0x0078608ab1554c8dULL, 0x00067fe0ab76365bULL)}, - {FIELD_LITERAL(0x00f09758e11e3985ULL, 0x00169efdbd64fad3ULL, - 0x00e8889b7d6dacd6ULL, 0x0035cdd58ea88209ULL, - 0x00bcda47586d7f49ULL, 0x003cdddcb2879088ULL, - 0x0016da70187e954bULL, 0x009556ea2e92aacdULL)}, - {FIELD_LITERAL(0x008cab16bd1ff897ULL, 0x00b389972cdf753fULL, - 0x00ea8ed1e46dfdc0ULL, 0x004fe7ef94c589f4ULL, - 0x002b8ae9b805ecf3ULL, 0x0025c08d892874a5ULL, - 0x0023938e98d44c4cULL, 0x00f759134cabf69cULL)}, - }}, {{ - {FIELD_LITERAL(0x006c2a84678e4b3bULL, 0x007a194aacd1868fULL, - 0x00ed0225af424761ULL, 0x00da0a6f293c64b8ULL, - 0x001062ac5c6a7a18ULL, 0x0030f5775a8aeef4ULL, - 0x0002acaad76b7af0ULL, 0x00410b8fd63a579fULL)}, - {FIELD_LITERAL(0x001ec59db3d9590eULL, 0x001e9e3f1c3f182dULL, - 0x0045a9c3ec2cab14ULL, 0x0008198572aeb673ULL, - 0x00773b74068bd167ULL, 0x0012535eaa395434ULL, - 0x0044dba9e3bbb74aULL, 0x002fba4d3c74bd0eULL)}, - {FIELD_LITERAL(0x0042bf08fe66922cULL, 0x003318b8fbb49e8cULL, - 0x00d75946004aa14cULL, 0x00f601586b42bf1cULL, - 0x00c74cf1d912fe66ULL, 0x00abcb36974b30adULL, - 0x007eb78720c9d2b8ULL, 0x009f54ab7bd4df85ULL)}, - }}, {{ - {FIELD_LITERAL(0x00db9fc948f73826ULL, 0x00fa8b3746ed8ee9ULL, - 0x00132cb65aafbeb2ULL, 0x00c36ff3fe7925b8ULL, - 0x00837daed353d2feULL, 0x00ec661be0667cf4ULL, - 0x005beb8ed2e90204ULL, 0x00d77dd69e564967ULL)}, - {FIELD_LITERAL(0x0042e6268b861751ULL, 0x0008dd0469500c16ULL, - 0x00b51b57c338a3fdULL, 0x00cc4497d85cff6bULL, - 0x002f13d6b57c34a4ULL, 0x0083652eaf301105ULL, - 0x00cc344294cc93a8ULL, 0x0060f4d02810e270ULL)}, - {FIELD_LITERAL(0x00a8954363cd518bULL, 0x00ad171124bccb7bULL, - 0x0065f46a4adaae00ULL, 0x001b1a5b2a96e500ULL, - 0x0043fe24f8233285ULL, 0x0066996d8ae1f2c3ULL, - 0x00c530f3264169f9ULL, 0x00c0f92d07cf6a57ULL)}, - }}, {{ - {FIELD_LITERAL(0x0036a55c6815d943ULL, 0x008c8d1def993db3ULL, - 0x002e0e1e8ff7318fULL, 0x00d883a4b92db00aULL, - 0x002f5e781ae33906ULL, 0x001a72adb235c06dULL, - 0x00f2e59e736e9caaULL, 0x001a4b58e3031914ULL)}, - {FIELD_LITERAL(0x00d73bfae5e00844ULL, 0x00bf459766fb5f52ULL, - 0x0061b4f5a5313cdeULL, 0x004392d4c3b95514ULL, - 0x000d3551b1077523ULL, 0x0000998840ee5d71ULL, - 0x006de6e340448b7bULL, 0x00251aa504875d6eULL)}, - {FIELD_LITERAL(0x003bf343427ac342ULL, 0x00adc0a78642b8c5ULL, - 0x0003b893175a8314ULL, 0x0061a34ade5703bcULL, - 0x00ea3ea8bb71d632ULL, 0x00be0df9a1f198c2ULL, - 0x0046dd8e7c1635fbULL, 0x00f1523fdd25d5e5ULL)}, - }}, {{ - {FIELD_LITERAL(0x00633f63fc9dd406ULL, 0x00e713ff80e04a43ULL, - 0x0060c6e970f2d621ULL, 0x00a57cd7f0df1891ULL, - 0x00f2406a550650bbULL, 0x00b064290efdc684ULL, - 0x001eab0144d17916ULL, 0x00cd15f863c293abULL)}, - {FIELD_LITERAL(0x0029cec55273f70dULL, 0x007044ee275c6340ULL, - 0x0040f637a93015e2ULL, 0x00338bb78db5aae9ULL, - 0x001491b2a6132147ULL, 0x00a125d6cfe6bde3ULL, - 0x005f7ac561ba8669ULL, 0x001d5eaea3fbaacfULL)}, - {FIELD_LITERAL(0x00054e9635e3be31ULL, 0x000e43f31e2872beULL, - 0x00d05b1c9e339841ULL, 0x006fac50bd81fd98ULL, - 0x00cdc7852eaebb09ULL, 0x004ff519b061991bULL, - 0x009099e8107d4c85ULL, 0x00273e24c36a4a61ULL)}, - }}, {{ - {FIELD_LITERAL(0x00070b4441ef2c46ULL, 0x00efa5b02801a109ULL, - 0x00bf0b8c3ee64adfULL, 0x008a67e0b3452e98ULL, - 0x001916b1f2fa7a74ULL, 0x00d781a78ff6cdc3ULL, - 0x008682ce57e5c919ULL, 0x00cc1109dd210da3ULL)}, - {FIELD_LITERAL(0x00cae8aaff388663ULL, 0x005e983a35dda1c7ULL, - 0x007ab1030d8e37f4ULL, 0x00e48940f5d032feULL, - 0x006a36f9ef30b331ULL, 0x009be6f03958c757ULL, - 0x0086231ceba91400ULL, 0x008bd0f7b823e7aaULL)}, - {FIELD_LITERAL(0x00cf881ebef5a45aULL, 0x004ebea78e7c6f2cULL, - 0x0090da9209cf26a0ULL, 0x00de2b2e4c775b84ULL, - 0x0071d6031c3c15aeULL, 0x00d9e927ef177d70ULL, - 0x00894ee8c23896fdULL, 0x00e3b3b401e41aadULL)}, - }}, {{ - {FIELD_LITERAL(0x00204fef26864170ULL, 0x00819269c5dee0f8ULL, - 0x00bfb4713ec97966ULL, 0x0026339a6f34df78ULL, - 0x001f26e64c761dc2ULL, 0x00effe3af313cb60ULL, - 0x00e17b70138f601bULL, 0x00f16e1ccd9ede5eULL)}, - {FIELD_LITERAL(0x005d9a8353fdb2dbULL, 0x0055cc2048c698f0ULL, - 0x00f6c4ac89657218ULL, 0x00525034d73faeb2ULL, - 0x00435776fbda3c7dULL, 0x0070ea5312323cbcULL, - 0x007a105d44d069fbULL, 0x006dbc8d6dc786aaULL)}, - {FIELD_LITERAL(0x0017cff19cd394ecULL, 0x00fef7b810922587ULL, - 0x00e6483970dff548ULL, 0x00ddf36ad6874264ULL, - 0x00e61778523fcce2ULL, 0x0093a66c0c93b24aULL, - 0x00fd367114db7f86ULL, 0x007652d7ddce26ddULL)}, - }}, {{ - {FIELD_LITERAL(0x00d92ced7ba12843ULL, 0x00aea9c7771e86e7ULL, - 0x0046639693354f7bULL, 0x00a628dbb6a80c47ULL, - 0x003a0b0507372953ULL, 0x00421113ab45c0d9ULL, - 0x00e545f08362ab7aULL, 0x0028ce087b4d6d96ULL)}, - {FIELD_LITERAL(0x00a67ee7cf9f99ebULL, 0x005713b275f2ff68ULL, - 0x00f1d536a841513dULL, 0x00823b59b024712eULL, - 0x009c46b9d0d38cecULL, 0x00cdb1595aa2d7d4ULL, - 0x008375b3423d9af8ULL, 0x000ab0b516d978f7ULL)}, - {FIELD_LITERAL(0x00428dcb3c510b0fULL, 0x00585607ea24bb4eULL, - 0x003736bf1603687aULL, 0x00c47e568c4fe3c7ULL, - 0x003cd00282848605ULL, 0x0043a487c3b91939ULL, - 0x004ffc04e1095a06ULL, 0x00a4c989a3d4b918ULL)}, - }}, {{ - {FIELD_LITERAL(0x00a8778d0e429f7aULL, 0x004c02b059105a68ULL, - 0x0016653b609da3ffULL, 0x00d5107bd1a12d27ULL, - 0x00b4708f9a771cabULL, 0x00bb63b662033f69ULL, - 0x0072f322240e7215ULL, 0x0019445b59c69222ULL)}, - {FIELD_LITERAL(0x00cf4f6069a658e6ULL, 0x0053ca52859436a6ULL, - 0x0064b994d7e3e117ULL, 0x00cb469b9a07f534ULL, - 0x00cfb68f399e9d47ULL, 0x00f0dcb8dac1c6e7ULL, - 0x00f2ab67f538b3a5ULL, 0x0055544f178ab975ULL)}, - {FIELD_LITERAL(0x0099b7a2685d538cULL, 0x00e2f1897b7c0018ULL, - 0x003adac8ce48dae3ULL, 0x00089276d5c50c0cULL, - 0x00172fca07ad6717ULL, 0x00cb1a72f54069e5ULL, - 0x004ee42f133545b3ULL, 0x00785f8651362f16ULL)}, - }}, {{ - {FIELD_LITERAL(0x0049cbac38509e11ULL, 0x0015234505d42cdfULL, - 0x00794fb0b5840f1cULL, 0x00496437344045a5ULL, - 0x0031b6d944e4f9b0ULL, 0x00b207318ac1f5d8ULL, - 0x0000c840da7f5c5dULL, 0x00526f373a5c8814ULL)}, - {FIELD_LITERAL(0x002c7b7742d1dfd9ULL, 0x002cabeb18623c01ULL, - 0x00055f5e3e044446ULL, 0x006c20f3b4ef54baULL, - 0x00c600141ec6b35fULL, 0x00354f437f1a32a3ULL, - 0x00bac4624a3520f9ULL, 0x00c483f734a90691ULL)}, - {FIELD_LITERAL(0x0053a737d422918dULL, 0x00f7fca1d8758625ULL, - 0x00c360336dadb04cULL, 0x00f38e3d9158a1b8ULL, - 0x0069ce3b418e84c6ULL, 0x005d1697eca16eadULL, - 0x00f8bd6a35ece13dULL, 0x007885dfc2b5afeaULL)}, - }}, {{ - {FIELD_LITERAL(0x00c3617ae260776cULL, 0x00b20dc3e96922d7ULL, - 0x00a1a7802246706aULL, 0x00ca6505a5240244ULL, - 0x002246b62d919782ULL, 0x001439102d7aa9b3ULL, - 0x00e8af1139e6422cULL, 0x00c888d1b52f2b05ULL)}, - {FIELD_LITERAL(0x005b67690ffd41d9ULL, 0x005294f28df516f9ULL, - 0x00a879272412fcb9ULL, 0x00098b629a6d1c8dULL, - 0x00fabd3c8050865aULL, 0x00cd7e5b0a3879c5ULL, - 0x00153238210f3423ULL, 0x00357cac101e9f42ULL)}, - {FIELD_LITERAL(0x008917b454444fb7ULL, 0x00f59247c97e441bULL, - 0x00a6200a6815152dULL, 0x0009a4228601d254ULL, - 0x001c0360559bd374ULL, 0x007563362039cb36ULL, - 0x00bd75b48d74e32bULL, 0x0017f515ac3499e8ULL)}, - }}, {{ - {FIELD_LITERAL(0x001532a7ffe41c5aULL, 0x00eb1edce358d6bfULL, - 0x00ddbacc7b678a7bULL, 0x008a7b70f3c841a3ULL, - 0x00f1923bf27d3f4cULL, 0x000b2713ed8f7873ULL, - 0x00aaf67e29047902ULL, 0x0044994a70b3976dULL)}, - {FIELD_LITERAL(0x00d54e802082d42cULL, 0x00a55aa0dce7cc6cULL, - 0x006477b96073f146ULL, 0x0082efe4ceb43594ULL, - 0x00a922bcba026845ULL, 0x0077f19d1ab75182ULL, - 0x00c2bb2737846e59ULL, 0x0004d7eec791dd33ULL)}, - {FIELD_LITERAL(0x0044588d1a81d680ULL, 0x00b0a9097208e4f8ULL, - 0x00212605350dc57eULL, 0x0028717cd2871123ULL, - 0x00fb083c100fd979ULL, 0x0045a056ce063fdfULL, - 0x00a5d604b4dd6a41ULL, 0x001dabc08ba4e236ULL)}, - }}, {{ - {FIELD_LITERAL(0x00c4887198d7a7faULL, 0x00244f98fb45784aULL, - 0x0045911e15a15d01ULL, 0x001d323d374c0966ULL, - 0x00967c3915196562ULL, 0x0039373abd2f3c67ULL, - 0x000d2c5614312423ULL, 0x0041cf2215442ce3ULL)}, - {FIELD_LITERAL(0x008ede889ada7f06ULL, 0x001611e91de2e135ULL, - 0x00fdb9a458a471b9ULL, 0x00563484e03710d1ULL, - 0x0031cc81925e3070ULL, 0x0062c97b3af80005ULL, - 0x00fa733eea28edebULL, 0x00e82457e1ebbc88ULL)}, - {FIELD_LITERAL(0x006a0df5fe9b6f59ULL, 0x00a0d4ff46040d92ULL, - 0x004a7cedb6f93250ULL, 0x00d1df8855b8c357ULL, - 0x00e73a46086fd058ULL, 0x0048fb0add6dfe59ULL, - 0x001e03a28f1b4e3dULL, 0x00a871c993308d76ULL)}, - }}, {{ - {FIELD_LITERAL(0x0030dbb2d1766ec8ULL, 0x00586c0ad138555eULL, - 0x00d1a34f9e91c77cULL, 0x0063408ad0e89014ULL, - 0x00d61231b05f6f5bULL, 0x0009abf569f5fd8aULL, - 0x00aec67a110f1c43ULL, 0x0031d1a790938dd7ULL)}, - {FIELD_LITERAL(0x006cded841e2a862ULL, 0x00198d60af0ab6fbULL, - 0x0018f09db809e750ULL, 0x004e6ac676016263ULL, - 0x00eafcd1620969cbULL, 0x002c9784ca34917dULL, - 0x0054f00079796de7ULL, 0x00d9fab5c5972204ULL)}, - {FIELD_LITERAL(0x004bd0fee2438a83ULL, 0x00b571e62b0f83bdULL, - 0x0059287d7ce74800ULL, 0x00fb3631b645c3f0ULL, - 0x00a018e977f78494ULL, 0x0091e27065c27b12ULL, - 0x007696c1817165e0ULL, 0x008c40be7c45ba3aULL)}, - }}, {{ - {FIELD_LITERAL(0x00a0f326327cb684ULL, 0x001c7d0f672680ffULL, - 0x008c1c81ffb112d1ULL, 0x00f8f801674eddc8ULL, - 0x00e926d5d48c2a9dULL, 0x005bd6d954c6fe9aULL, - 0x004c6b24b4e33703ULL, 0x00d05eb5c09105ccULL)}, - {FIELD_LITERAL(0x00d61731caacf2cfULL, 0x002df0c7609e01c5ULL, - 0x00306172208b1e2bULL, 0x00b413fe4fb2b686ULL, - 0x00826d360902a221ULL, 0x003f8d056e67e7f7ULL, - 0x0065025b0175e989ULL, 0x00369add117865ebULL)}, - {FIELD_LITERAL(0x00aaf895aec2fa11ULL, 0x000f892bc313eb52ULL, - 0x005b1c794dad050bULL, 0x003f8ec4864cec14ULL, - 0x00af81058d0b90e5ULL, 0x00ebe43e183997bbULL, - 0x00a9d610f9f3e615ULL, 0x007acd8eec2e88d3ULL)}, - }}, {{ - {FIELD_LITERAL(0x0049b2fab13812a3ULL, 0x00846db32cd60431ULL, - 0x000177fa578c8d6cULL, 0x00047d0e2ad4bc51ULL, - 0x00b158ba38d1e588ULL, 0x006a45daad79e3f3ULL, - 0x000997b93cab887bULL, 0x00c47ea42fa23dc3ULL)}, - {FIELD_LITERAL(0x0012b6fef7aeb1caULL, 0x009412768194b6a7ULL, - 0x00ff0d351f23ab93ULL, 0x007e8a14c1aff71bULL, - 0x006c1c0170c512bcULL, 0x0016243ea02ab2e5ULL, - 0x007bb6865b303f3eULL, 0x0015ce6b29b159f4ULL)}, - {FIELD_LITERAL(0x009961cd02e68108ULL, 0x00e2035d3a1d0836ULL, - 0x005d51f69b5e1a1dULL, 0x004bccb4ea36edcdULL, - 0x0069be6a7aeef268ULL, 0x0063f4dd9de8d5a7ULL, - 0x006283783092ca35ULL, 0x0075a31af2c35409ULL)}, - }}, {{ - {FIELD_LITERAL(0x00c412365162e8cfULL, 0x00012283fb34388aULL, - 0x003e6543babf39e2ULL, 0x00eead6b3a804978ULL, - 0x0099c0314e8b326fULL, 0x00e98e0a8d477a4fULL, - 0x00d2eb96b127a687ULL, 0x00ed8d7df87571bbULL)}, - {FIELD_LITERAL(0x00777463e308cacfULL, 0x00c8acb93950132dULL, - 0x00ebddbf4ca48b2cULL, 0x0026ad7ca0795a0aULL, - 0x00f99a3d9a715064ULL, 0x000d60bcf9d4dfccULL, - 0x005e65a73a437a06ULL, 0x0019d536a8db56c8ULL)}, - {FIELD_LITERAL(0x00192d7dd558d135ULL, 0x0027cd6a8323ffa7ULL, - 0x00239f1a412dc1e7ULL, 0x0046b4b3be74fc5cULL, - 0x0020c47a2bef5bceULL, 0x00aa17e48f43862bULL, - 0x00f7e26c96342e5fULL, 0x0008011c530f39a9ULL)}, - }}, {{ - {FIELD_LITERAL(0x00aad4ac569bf0f1ULL, 0x00a67adc90b27740ULL, - 0x0048551369a5751aULL, 0x0031252584a3306aULL, - 0x0084e15df770e6fcULL, 0x00d7bba1c74b5805ULL, - 0x00a80ef223af1012ULL, 0x0089c85ceb843a34ULL)}, - {FIELD_LITERAL(0x00c4545be4a54004ULL, 0x0099e11f60357e6cULL, - 0x001f3936d19515a6ULL, 0x007793df84341a6eULL, - 0x0051061886717ffaULL, 0x00e9b0a660b28f85ULL, - 0x0044ea685892de0dULL, 0x000257d2a1fda9d9ULL)}, - {FIELD_LITERAL(0x007e8b01b24ac8a8ULL, 0x006cf3b0b5ca1337ULL, - 0x00f1607d3e36a570ULL, 0x0039b7fab82991a1ULL, - 0x00231777065840c5ULL, 0x00998e5afdd346f9ULL, - 0x00b7dc3e64acc85fULL, 0x00baacc748013ad6ULL)}, - }}, {{ - {FIELD_LITERAL(0x008ea6a4177580bfULL, 0x005fa1953e3f0378ULL, - 0x005fe409ac74d614ULL, 0x00452327f477e047ULL, - 0x00a4018507fb6073ULL, 0x007b6e71951caac8ULL, - 0x0012b42ab8a6ce91ULL, 0x0080eca677294ab7ULL)}, - {FIELD_LITERAL(0x00a53edc023ba69bULL, 0x00c6afa83ddde2e8ULL, - 0x00c3f638b307b14eULL, 0x004a357a64414062ULL, - 0x00e4d94d8b582dc9ULL, 0x001739caf71695b7ULL, - 0x0012431b2ae28de1ULL, 0x003b6bc98682907cULL)}, - {FIELD_LITERAL(0x008a9a93be1f99d6ULL, 0x0079fa627cc699c8ULL, - 0x00b0cfb134ba84c8ULL, 0x001c4b778249419aULL, - 0x00df4ab3d9c44f40ULL, 0x009f596e6c1a9e3cULL, - 0x001979c0df237316ULL, 0x00501e953a919b87ULL)}, - }} + { { + { FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL, + 0x00226b9fa4728ccdULL, 0x00e822938a0a0c0cULL, + 0x00263a61c9ea9216ULL, 0x001204029321b828ULL, + 0x006a468360983c65ULL, 0x0002846f0a782143ULL) }, + { FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL, + 0x00226b9fa4728ccdULL, 0x006822938a0a0c0cULL, + 0x00263a61c9ea9215ULL, 0x001204029321b828ULL, + 0x006a468360983c65ULL, 0x0082846f0a782143ULL) }, + { FIELD_LITERAL(0x00ef8e22b275198dULL, 0x00b0eb141a0b0e8bULL, + 0x001f6789da3cb38cULL, 0x006d2ff8ed39073eULL, + 0x00610bdb69a167f3ULL, 0x00571f306c9689b4ULL, + 0x00f557e6f84b2df8ULL, 0x002affd38b2c86dbULL) }, + } }, + { { + { FIELD_LITERAL(0x00cea0fc8d2e88b5ULL, 0x00821612d69f1862ULL, + 0x0074c283b3e67522ULL, 0x005a195ba05a876dULL, + 0x000cddfe557feea4ULL, 0x008046c795bcc5e5ULL, + 0x00540969f4d6e119ULL, 0x00d27f96d6b143d5ULL) }, + { FIELD_LITERAL(0x000c3b1019d474e8ULL, 0x00e19533e4952284ULL, + 0x00cc9810ba7c920aULL, 0x00f103d2785945acULL, + 0x00bfa5696cc69b34ULL, 0x00a8d3d51e9ca839ULL, + 0x005623cb459586b9ULL, 0x00eae7ce1cd52e9eULL) }, + { FIELD_LITERAL(0x0005a178751dd7d8ULL, 0x002cc3844c69c42fULL, + 0x00acbfe5efe10539ULL, 0x009c20f43431a65aULL, + 0x008435d96374a7b3ULL, 0x009ee57566877bd3ULL, + 0x0044691725ed4757ULL, 0x001e87bb2fe2c6b2ULL) }, + } }, + { { + { FIELD_LITERAL(0x000cedc4debf7a04ULL, 0x002ffa45000470acULL, + 0x002e9f9678201915ULL, 0x0017da1208c4fe72ULL, + 0x007d558cc7d656cbULL, 0x0037a827287cf289ULL, + 0x00142472d3441819ULL, 0x009c21f166cf8dd1ULL) }, + { FIELD_LITERAL(0x003ef83af164b2f2ULL, 0x000949a5a0525d0dULL, + 0x00f4498186cac051ULL, 0x00e77ac09ef126d2ULL, + 0x0073ae0b2c9296e9ULL, 0x001c163f6922e3edULL, + 0x0062946159321beaULL, 0x00cfb79b22990b39ULL) }, + { FIELD_LITERAL(0x00b001431ca9e654ULL, 0x002d7e5eabcc9a3aULL, + 0x0052e8114c2f6747ULL, 0x0079ac4f94487f92ULL, + 0x00bffd919b5d749cULL, 0x00261f92ad15e620ULL, + 0x00718397b7a97895ULL, 0x00c1443e6ebbc0c4ULL) }, + } }, + { { + { FIELD_LITERAL(0x00eacd90c1e0a049ULL, 0x008977935b149fbeULL, + 0x0004cb9ba11c93dcULL, 0x009fbd5b3470844dULL, + 0x004bc18c9bfc22cfULL, 0x0057679a991839f3ULL, + 0x00ef15b76fb4092eULL, 0x0074a5173a225041ULL) }, + { FIELD_LITERAL(0x003f5f9d7ec4777bULL, 0x00ab2e733c919c94ULL, + 0x001bb6c035245ae5ULL, 0x00a325a49a883630ULL, + 0x0033e9a9ea3cea2fULL, 0x00e442a1eaa0e844ULL, + 0x00b2116d5b0e71b8ULL, 0x00c16abed6d64047ULL) }, + { FIELD_LITERAL(0x00c560b5ed051165ULL, 0x001945adc5d65094ULL, + 0x00e221865710f910ULL, 0x00cc12bc9e9b8cebULL, + 0x004faa9518914e35ULL, 0x0017476d89d42f6dULL, + 0x00b8f637c8fa1c8bULL, 0x0088c7d2790864b8ULL) }, + } }, + { { + { FIELD_LITERAL(0x00ef7eafc1c69be6ULL, 0x0085d3855778fbeaULL, + 0x002c8d5b450cb6f5ULL, 0x004e77de5e1e7fecULL, + 0x0047c057893abdedULL, 0x001b430b85d51e16ULL, + 0x00965c7b45640c3cULL, 0x00487b2bb1162b97ULL) }, + { FIELD_LITERAL(0x0099c73a311beec2ULL, 0x00a3eff38d8912adULL, + 0x002efa9d1d7e8972ULL, 0x00f717ae1e14d126ULL, + 0x002833f795850c8bULL, 0x0066c12ad71486bdULL, + 0x00ae9889da4820ebULL, 0x00d6044309555c08ULL) }, + { FIELD_LITERAL(0x004b1c5283d15e41ULL, 0x00669d8ea308ff75ULL, + 0x0004390233f762a1ULL, 0x00e1d67b83cb6cecULL, + 0x003eebaa964c78b1ULL, 0x006b0aff965eb664ULL, + 0x00b313d4470bdc37ULL, 0x008814ffcb3cb9d8ULL) }, + } }, + { { + { FIELD_LITERAL(0x009724b8ce68db70ULL, 0x007678b5ed006f3dULL, + 0x00bdf4b89c0abd73ULL, 0x00299748e04c7c6dULL, + 0x00ddd86492c3c977ULL, 0x00c5a7febfa30a99ULL, + 0x00ed84715b4b02bbULL, 0x00319568adf70486ULL) }, + { FIELD_LITERAL(0x0070ff2d864de5bbULL, 0x005a37eeb637ee95ULL, + 0x0033741c258de160ULL, 0x00e6ca5cb1988f46ULL, + 0x001ceabd92a24661ULL, 0x0030957bd500fe40ULL, + 0x001c3362afe912c5ULL, 0x005187889f678bd2ULL) }, + { FIELD_LITERAL(0x0086835fc62bbdc7ULL, 0x009c3516ca4910a1ULL, + 0x00956c71f8d00783ULL, 0x0095c78fcf63235fULL, + 0x00fc7ff6ba05c222ULL, 0x00cdd8b3f8d74a52ULL, + 0x00ac5ae16de8256eULL, 0x00e9d4be8ed48624ULL) }, + } }, + { { + { FIELD_LITERAL(0x00c0ce11405df2d8ULL, 0x004e3f37b293d7b6ULL, + 0x002410172e1ac6dbULL, 0x00b8dbff4bf8143dULL, + 0x003a7b409d56eb66ULL, 0x003e0f6a0dfef9afULL, + 0x0081c4e4d3645be1ULL, 0x00ce76076b127623ULL) }, + { FIELD_LITERAL(0x00f6ee0f98974239ULL, 0x0042d89af07d3a4fULL, + 0x00846b7fe84346b5ULL, 0x006a21fc6a8d39a1ULL, + 0x00ac8bc2541ff2d9ULL, 0x006d4e2a77732732ULL, + 0x009a39b694cc3f2fULL, 0x0085c0aa2a404c8fULL) }, + { FIELD_LITERAL(0x00b261101a218548ULL, 0x00c1cae96424277bULL, + 0x00869da0a77dd268ULL, 0x00bc0b09f8ec83eaULL, + 0x00d61027f8e82ba9ULL, 0x00aa4c85999dce67ULL, + 0x00eac3132b9f3fe1ULL, 0x00fb9b0cf1c695d2ULL) }, + } }, + { { + { FIELD_LITERAL(0x0043079295512f0dULL, 0x0046a009861758e0ULL, + 0x003ee2842a807378ULL, 0x0034cc9d1298e4faULL, + 0x009744eb4d31b3eeULL, 0x00afacec96650cd0ULL, + 0x00ac891b313761aeULL, 0x00e864d6d26e708aULL) }, + { FIELD_LITERAL(0x00a84d7c8a23b491ULL, 0x0088e19aa868b27fULL, + 0x0005986d43e78ce9ULL, 0x00f28012f0606d28ULL, + 0x0017ded7e10249b3ULL, 0x005ed4084b23af9bULL, + 0x00b9b0a940564472ULL, 0x00ad9056cceeb1f4ULL) }, + { FIELD_LITERAL(0x00db91b357fe755eULL, 0x00a1aa544b15359cULL, + 0x00af4931a0195574ULL, 0x007686124fe11aefULL, + 0x00d1ead3c7b9ef7eULL, 0x00aaf5fc580f8c15ULL, + 0x00e727be147ee1ecULL, 0x003c61c1e1577b86ULL) }, + } }, + { { + { FIELD_LITERAL(0x009d3fca983220cfULL, 0x00cd11acbc853dc4ULL, + 0x0017590409d27f1dULL, 0x00d2176698082802ULL, + 0x00fa01251b2838c8ULL, 0x00dd297a0d9b51c6ULL, + 0x00d76c92c045820aULL, 0x00534bc7c46c9033ULL) }, + { FIELD_LITERAL(0x0080ed9bc9b07338ULL, 0x00fceac7745d2652ULL, + 0x008a9d55f5f2cc69ULL, 0x0096ce72df301ac5ULL, + 0x00f53232e7974d87ULL, 0x0071728c7ae73947ULL, + 0x0090507602570778ULL, 0x00cb81cfd883b1b2ULL) }, + { FIELD_LITERAL(0x005011aadea373daULL, 0x003a8578ec896034ULL, + 0x00f20a6535fa6d71ULL, 0x005152d31e5a87cfULL, + 0x002bac1c8e68ca31ULL, 0x00b0e323db4c1381ULL, + 0x00f1d596b7d5ae25ULL, 0x00eae458097cb4e0ULL) }, + } }, + { { + { FIELD_LITERAL(0x00920ac80f9b0d21ULL, 0x00f80f7f73401246ULL, + 0x0086d37849b557d6ULL, 0x0002bd4b317b752eULL, + 0x00b26463993a42bbULL, 0x002070422a73b129ULL, + 0x00341acaa0380cb3ULL, 0x00541914dd66a1b2ULL) }, + { FIELD_LITERAL(0x00c1513cd66abe8cULL, 0x000139e01118944dULL, + 0x0064abbcb8080bbbULL, 0x00b3b08202473142ULL, + 0x00c629ef25da2403ULL, 0x00f0aec3310d9b7fULL, + 0x0050b2227472d8cdULL, 0x00f6c8a922d41fb4ULL) }, + { FIELD_LITERAL(0x001075ccf26b7b1fULL, 0x00bb6bb213170433ULL, + 0x00e9491ad262da79ULL, 0x009ef4f48d2d384cULL, + 0x008992770766f09dULL, 0x001584396b6b1101ULL, + 0x00af3f8676c9feefULL, 0x0024603c40269118ULL) }, + } }, + { { + { FIELD_LITERAL(0x009dd7b31319527cULL, 0x001e7ac948d873a9ULL, + 0x00fa54b46ef9673aULL, 0x0066efb8d5b02fe6ULL, + 0x00754b1d3928aeaeULL, 0x0004262ac72a6f6bULL, + 0x0079b7d49a6eb026ULL, 0x003126a753540102ULL) }, + { FIELD_LITERAL(0x009666e24f693947ULL, 0x00f714311269d45fULL, + 0x0010ffac1d0c851cULL, 0x0066e80c37363497ULL, + 0x00f1f4ad010c60b0ULL, 0x0015c87408470ff7ULL, + 0x00651d5e9c7766a4ULL, 0x008138819d7116deULL) }, + { FIELD_LITERAL(0x003934b11c57253bULL, 0x00ef308edf21f46eULL, + 0x00e54e99c7a16198ULL, 0x0080d57135764e63ULL, + 0x00751c27b946bc24ULL, 0x00dd389ce4e9e129ULL, + 0x00a1a2bfd1cd84dcULL, 0x002fae73e5149b32ULL) }, + } }, + { { + { FIELD_LITERAL(0x00911657dffb4cddULL, 0x00c100b7cc553d06ULL, + 0x00449d075ec467ccULL, 0x007062100bc64e70ULL, + 0x0043cf86f7bd21e7ULL, 0x00f401dc4b797deaULL, + 0x005224afb2f62e65ULL, 0x00d1ede3fb5a42beULL) }, + { FIELD_LITERAL(0x00f2ba36a41aa144ULL, 0x00a0c22d946ee18fULL, + 0x008aae8ef9a14f99ULL, 0x00eef4d79b19bb36ULL, + 0x008e75ce3d27b1fcULL, 0x00a65daa03b29a27ULL, + 0x00d9cc83684eb145ULL, 0x009e1ed80cc2ed74ULL) }, + { FIELD_LITERAL(0x00bed953d1997988ULL, 0x00b93ed175a24128ULL, + 0x00871c5963fb6365ULL, 0x00ca2df20014a787ULL, + 0x00f5d9c1d0b34322ULL, 0x00f6f5942818db0aULL, + 0x004cc091f49c9906ULL, 0x00e8a188a60bff9fULL) }, + } }, + { { + { FIELD_LITERAL(0x0032c7762032fae8ULL, 0x00e4087232e0bc21ULL, + 0x00f767344b6e8d85ULL, 0x00bbf369b76c2aa2ULL, + 0x008a1f46c6e1570cULL, 0x001368cd9780369fULL, + 0x007359a39d079430ULL, 0x0003646512921434ULL) }, + { FIELD_LITERAL(0x007c4b47ca7c73e7ULL, 0x005396221039734bULL, + 0x008b64ddf0e45d7eULL, 0x00bfad5af285e6c2ULL, + 0x008ec711c5b1a1a8ULL, 0x00cf663301237f98ULL, + 0x00917ee3f1655126ULL, 0x004152f337efedd8ULL) }, + { FIELD_LITERAL(0x0007c7edc9305daaULL, 0x000a6664f273701cULL, + 0x00f6e78795e200b1ULL, 0x005d05b9ecd2473eULL, + 0x0014f5f17c865786ULL, 0x00c7fd2d166fa995ULL, + 0x004939a2d8eb80e0ULL, 0x002244ba0942c199ULL) }, + } }, + { { + { FIELD_LITERAL(0x00321e767f0262cfULL, 0x002e57d776caf68eULL, + 0x00bf2c94814f0437ULL, 0x00c339196acd622fULL, + 0x001db4cce71e2770ULL, 0x001ded5ddba6eee2ULL, + 0x0078608ab1554c8dULL, 0x00067fe0ab76365bULL) }, + { FIELD_LITERAL(0x00f09758e11e3985ULL, 0x00169efdbd64fad3ULL, + 0x00e8889b7d6dacd6ULL, 0x0035cdd58ea88209ULL, + 0x00bcda47586d7f49ULL, 0x003cdddcb2879088ULL, + 0x0016da70187e954bULL, 0x009556ea2e92aacdULL) }, + { FIELD_LITERAL(0x008cab16bd1ff897ULL, 0x00b389972cdf753fULL, + 0x00ea8ed1e46dfdc0ULL, 0x004fe7ef94c589f4ULL, + 0x002b8ae9b805ecf3ULL, 0x0025c08d892874a5ULL, + 0x0023938e98d44c4cULL, 0x00f759134cabf69cULL) }, + } }, + { { + { FIELD_LITERAL(0x006c2a84678e4b3bULL, 0x007a194aacd1868fULL, + 0x00ed0225af424761ULL, 0x00da0a6f293c64b8ULL, + 0x001062ac5c6a7a18ULL, 0x0030f5775a8aeef4ULL, + 0x0002acaad76b7af0ULL, 0x00410b8fd63a579fULL) }, + { FIELD_LITERAL(0x001ec59db3d9590eULL, 0x001e9e3f1c3f182dULL, + 0x0045a9c3ec2cab14ULL, 0x0008198572aeb673ULL, + 0x00773b74068bd167ULL, 0x0012535eaa395434ULL, + 0x0044dba9e3bbb74aULL, 0x002fba4d3c74bd0eULL) }, + { FIELD_LITERAL(0x0042bf08fe66922cULL, 0x003318b8fbb49e8cULL, + 0x00d75946004aa14cULL, 0x00f601586b42bf1cULL, + 0x00c74cf1d912fe66ULL, 0x00abcb36974b30adULL, + 0x007eb78720c9d2b8ULL, 0x009f54ab7bd4df85ULL) }, + } }, + { { + { FIELD_LITERAL(0x00db9fc948f73826ULL, 0x00fa8b3746ed8ee9ULL, + 0x00132cb65aafbeb2ULL, 0x00c36ff3fe7925b8ULL, + 0x00837daed353d2feULL, 0x00ec661be0667cf4ULL, + 0x005beb8ed2e90204ULL, 0x00d77dd69e564967ULL) }, + { FIELD_LITERAL(0x0042e6268b861751ULL, 0x0008dd0469500c16ULL, + 0x00b51b57c338a3fdULL, 0x00cc4497d85cff6bULL, + 0x002f13d6b57c34a4ULL, 0x0083652eaf301105ULL, + 0x00cc344294cc93a8ULL, 0x0060f4d02810e270ULL) }, + { FIELD_LITERAL(0x00a8954363cd518bULL, 0x00ad171124bccb7bULL, + 0x0065f46a4adaae00ULL, 0x001b1a5b2a96e500ULL, + 0x0043fe24f8233285ULL, 0x0066996d8ae1f2c3ULL, + 0x00c530f3264169f9ULL, 0x00c0f92d07cf6a57ULL) }, + } }, + { { + { FIELD_LITERAL(0x0036a55c6815d943ULL, 0x008c8d1def993db3ULL, + 0x002e0e1e8ff7318fULL, 0x00d883a4b92db00aULL, + 0x002f5e781ae33906ULL, 0x001a72adb235c06dULL, + 0x00f2e59e736e9caaULL, 0x001a4b58e3031914ULL) }, + { FIELD_LITERAL(0x00d73bfae5e00844ULL, 0x00bf459766fb5f52ULL, + 0x0061b4f5a5313cdeULL, 0x004392d4c3b95514ULL, + 0x000d3551b1077523ULL, 0x0000998840ee5d71ULL, + 0x006de6e340448b7bULL, 0x00251aa504875d6eULL) }, + { FIELD_LITERAL(0x003bf343427ac342ULL, 0x00adc0a78642b8c5ULL, + 0x0003b893175a8314ULL, 0x0061a34ade5703bcULL, + 0x00ea3ea8bb71d632ULL, 0x00be0df9a1f198c2ULL, + 0x0046dd8e7c1635fbULL, 0x00f1523fdd25d5e5ULL) }, + } }, + { { + { FIELD_LITERAL(0x00633f63fc9dd406ULL, 0x00e713ff80e04a43ULL, + 0x0060c6e970f2d621ULL, 0x00a57cd7f0df1891ULL, + 0x00f2406a550650bbULL, 0x00b064290efdc684ULL, + 0x001eab0144d17916ULL, 0x00cd15f863c293abULL) }, + { FIELD_LITERAL(0x0029cec55273f70dULL, 0x007044ee275c6340ULL, + 0x0040f637a93015e2ULL, 0x00338bb78db5aae9ULL, + 0x001491b2a6132147ULL, 0x00a125d6cfe6bde3ULL, + 0x005f7ac561ba8669ULL, 0x001d5eaea3fbaacfULL) }, + { FIELD_LITERAL(0x00054e9635e3be31ULL, 0x000e43f31e2872beULL, + 0x00d05b1c9e339841ULL, 0x006fac50bd81fd98ULL, + 0x00cdc7852eaebb09ULL, 0x004ff519b061991bULL, + 0x009099e8107d4c85ULL, 0x00273e24c36a4a61ULL) }, + } }, + { { + { FIELD_LITERAL(0x00070b4441ef2c46ULL, 0x00efa5b02801a109ULL, + 0x00bf0b8c3ee64adfULL, 0x008a67e0b3452e98ULL, + 0x001916b1f2fa7a74ULL, 0x00d781a78ff6cdc3ULL, + 0x008682ce57e5c919ULL, 0x00cc1109dd210da3ULL) }, + { FIELD_LITERAL(0x00cae8aaff388663ULL, 0x005e983a35dda1c7ULL, + 0x007ab1030d8e37f4ULL, 0x00e48940f5d032feULL, + 0x006a36f9ef30b331ULL, 0x009be6f03958c757ULL, + 0x0086231ceba91400ULL, 0x008bd0f7b823e7aaULL) }, + { FIELD_LITERAL(0x00cf881ebef5a45aULL, 0x004ebea78e7c6f2cULL, + 0x0090da9209cf26a0ULL, 0x00de2b2e4c775b84ULL, + 0x0071d6031c3c15aeULL, 0x00d9e927ef177d70ULL, + 0x00894ee8c23896fdULL, 0x00e3b3b401e41aadULL) }, + } }, + { { + { FIELD_LITERAL(0x00204fef26864170ULL, 0x00819269c5dee0f8ULL, + 0x00bfb4713ec97966ULL, 0x0026339a6f34df78ULL, + 0x001f26e64c761dc2ULL, 0x00effe3af313cb60ULL, + 0x00e17b70138f601bULL, 0x00f16e1ccd9ede5eULL) }, + { FIELD_LITERAL(0x005d9a8353fdb2dbULL, 0x0055cc2048c698f0ULL, + 0x00f6c4ac89657218ULL, 0x00525034d73faeb2ULL, + 0x00435776fbda3c7dULL, 0x0070ea5312323cbcULL, + 0x007a105d44d069fbULL, 0x006dbc8d6dc786aaULL) }, + { FIELD_LITERAL(0x0017cff19cd394ecULL, 0x00fef7b810922587ULL, + 0x00e6483970dff548ULL, 0x00ddf36ad6874264ULL, + 0x00e61778523fcce2ULL, 0x0093a66c0c93b24aULL, + 0x00fd367114db7f86ULL, 0x007652d7ddce26ddULL) }, + } }, + { { + { FIELD_LITERAL(0x00d92ced7ba12843ULL, 0x00aea9c7771e86e7ULL, + 0x0046639693354f7bULL, 0x00a628dbb6a80c47ULL, + 0x003a0b0507372953ULL, 0x00421113ab45c0d9ULL, + 0x00e545f08362ab7aULL, 0x0028ce087b4d6d96ULL) }, + { FIELD_LITERAL(0x00a67ee7cf9f99ebULL, 0x005713b275f2ff68ULL, + 0x00f1d536a841513dULL, 0x00823b59b024712eULL, + 0x009c46b9d0d38cecULL, 0x00cdb1595aa2d7d4ULL, + 0x008375b3423d9af8ULL, 0x000ab0b516d978f7ULL) }, + { FIELD_LITERAL(0x00428dcb3c510b0fULL, 0x00585607ea24bb4eULL, + 0x003736bf1603687aULL, 0x00c47e568c4fe3c7ULL, + 0x003cd00282848605ULL, 0x0043a487c3b91939ULL, + 0x004ffc04e1095a06ULL, 0x00a4c989a3d4b918ULL) }, + } }, + { { + { FIELD_LITERAL(0x00a8778d0e429f7aULL, 0x004c02b059105a68ULL, + 0x0016653b609da3ffULL, 0x00d5107bd1a12d27ULL, + 0x00b4708f9a771cabULL, 0x00bb63b662033f69ULL, + 0x0072f322240e7215ULL, 0x0019445b59c69222ULL) }, + { FIELD_LITERAL(0x00cf4f6069a658e6ULL, 0x0053ca52859436a6ULL, + 0x0064b994d7e3e117ULL, 0x00cb469b9a07f534ULL, + 0x00cfb68f399e9d47ULL, 0x00f0dcb8dac1c6e7ULL, + 0x00f2ab67f538b3a5ULL, 0x0055544f178ab975ULL) }, + { FIELD_LITERAL(0x0099b7a2685d538cULL, 0x00e2f1897b7c0018ULL, + 0x003adac8ce48dae3ULL, 0x00089276d5c50c0cULL, + 0x00172fca07ad6717ULL, 0x00cb1a72f54069e5ULL, + 0x004ee42f133545b3ULL, 0x00785f8651362f16ULL) }, + } }, + { { + { FIELD_LITERAL(0x0049cbac38509e11ULL, 0x0015234505d42cdfULL, + 0x00794fb0b5840f1cULL, 0x00496437344045a5ULL, + 0x0031b6d944e4f9b0ULL, 0x00b207318ac1f5d8ULL, + 0x0000c840da7f5c5dULL, 0x00526f373a5c8814ULL) }, + { FIELD_LITERAL(0x002c7b7742d1dfd9ULL, 0x002cabeb18623c01ULL, + 0x00055f5e3e044446ULL, 0x006c20f3b4ef54baULL, + 0x00c600141ec6b35fULL, 0x00354f437f1a32a3ULL, + 0x00bac4624a3520f9ULL, 0x00c483f734a90691ULL) }, + { FIELD_LITERAL(0x0053a737d422918dULL, 0x00f7fca1d8758625ULL, + 0x00c360336dadb04cULL, 0x00f38e3d9158a1b8ULL, + 0x0069ce3b418e84c6ULL, 0x005d1697eca16eadULL, + 0x00f8bd6a35ece13dULL, 0x007885dfc2b5afeaULL) }, + } }, + { { + { FIELD_LITERAL(0x00c3617ae260776cULL, 0x00b20dc3e96922d7ULL, + 0x00a1a7802246706aULL, 0x00ca6505a5240244ULL, + 0x002246b62d919782ULL, 0x001439102d7aa9b3ULL, + 0x00e8af1139e6422cULL, 0x00c888d1b52f2b05ULL) }, + { FIELD_LITERAL(0x005b67690ffd41d9ULL, 0x005294f28df516f9ULL, + 0x00a879272412fcb9ULL, 0x00098b629a6d1c8dULL, + 0x00fabd3c8050865aULL, 0x00cd7e5b0a3879c5ULL, + 0x00153238210f3423ULL, 0x00357cac101e9f42ULL) }, + { FIELD_LITERAL(0x008917b454444fb7ULL, 0x00f59247c97e441bULL, + 0x00a6200a6815152dULL, 0x0009a4228601d254ULL, + 0x001c0360559bd374ULL, 0x007563362039cb36ULL, + 0x00bd75b48d74e32bULL, 0x0017f515ac3499e8ULL) }, + } }, + { { + { FIELD_LITERAL(0x001532a7ffe41c5aULL, 0x00eb1edce358d6bfULL, + 0x00ddbacc7b678a7bULL, 0x008a7b70f3c841a3ULL, + 0x00f1923bf27d3f4cULL, 0x000b2713ed8f7873ULL, + 0x00aaf67e29047902ULL, 0x0044994a70b3976dULL) }, + { FIELD_LITERAL(0x00d54e802082d42cULL, 0x00a55aa0dce7cc6cULL, + 0x006477b96073f146ULL, 0x0082efe4ceb43594ULL, + 0x00a922bcba026845ULL, 0x0077f19d1ab75182ULL, + 0x00c2bb2737846e59ULL, 0x0004d7eec791dd33ULL) }, + { FIELD_LITERAL(0x0044588d1a81d680ULL, 0x00b0a9097208e4f8ULL, + 0x00212605350dc57eULL, 0x0028717cd2871123ULL, + 0x00fb083c100fd979ULL, 0x0045a056ce063fdfULL, + 0x00a5d604b4dd6a41ULL, 0x001dabc08ba4e236ULL) }, + } }, + { { + { FIELD_LITERAL(0x00c4887198d7a7faULL, 0x00244f98fb45784aULL, + 0x0045911e15a15d01ULL, 0x001d323d374c0966ULL, + 0x00967c3915196562ULL, 0x0039373abd2f3c67ULL, + 0x000d2c5614312423ULL, 0x0041cf2215442ce3ULL) }, + { FIELD_LITERAL(0x008ede889ada7f06ULL, 0x001611e91de2e135ULL, + 0x00fdb9a458a471b9ULL, 0x00563484e03710d1ULL, + 0x0031cc81925e3070ULL, 0x0062c97b3af80005ULL, + 0x00fa733eea28edebULL, 0x00e82457e1ebbc88ULL) }, + { FIELD_LITERAL(0x006a0df5fe9b6f59ULL, 0x00a0d4ff46040d92ULL, + 0x004a7cedb6f93250ULL, 0x00d1df8855b8c357ULL, + 0x00e73a46086fd058ULL, 0x0048fb0add6dfe59ULL, + 0x001e03a28f1b4e3dULL, 0x00a871c993308d76ULL) }, + } }, + { { + { FIELD_LITERAL(0x0030dbb2d1766ec8ULL, 0x00586c0ad138555eULL, + 0x00d1a34f9e91c77cULL, 0x0063408ad0e89014ULL, + 0x00d61231b05f6f5bULL, 0x0009abf569f5fd8aULL, + 0x00aec67a110f1c43ULL, 0x0031d1a790938dd7ULL) }, + { FIELD_LITERAL(0x006cded841e2a862ULL, 0x00198d60af0ab6fbULL, + 0x0018f09db809e750ULL, 0x004e6ac676016263ULL, + 0x00eafcd1620969cbULL, 0x002c9784ca34917dULL, + 0x0054f00079796de7ULL, 0x00d9fab5c5972204ULL) }, + { FIELD_LITERAL(0x004bd0fee2438a83ULL, 0x00b571e62b0f83bdULL, + 0x0059287d7ce74800ULL, 0x00fb3631b645c3f0ULL, + 0x00a018e977f78494ULL, 0x0091e27065c27b12ULL, + 0x007696c1817165e0ULL, 0x008c40be7c45ba3aULL) }, + } }, + { { + { FIELD_LITERAL(0x00a0f326327cb684ULL, 0x001c7d0f672680ffULL, + 0x008c1c81ffb112d1ULL, 0x00f8f801674eddc8ULL, + 0x00e926d5d48c2a9dULL, 0x005bd6d954c6fe9aULL, + 0x004c6b24b4e33703ULL, 0x00d05eb5c09105ccULL) }, + { FIELD_LITERAL(0x00d61731caacf2cfULL, 0x002df0c7609e01c5ULL, + 0x00306172208b1e2bULL, 0x00b413fe4fb2b686ULL, + 0x00826d360902a221ULL, 0x003f8d056e67e7f7ULL, + 0x0065025b0175e989ULL, 0x00369add117865ebULL) }, + { FIELD_LITERAL(0x00aaf895aec2fa11ULL, 0x000f892bc313eb52ULL, + 0x005b1c794dad050bULL, 0x003f8ec4864cec14ULL, + 0x00af81058d0b90e5ULL, 0x00ebe43e183997bbULL, + 0x00a9d610f9f3e615ULL, 0x007acd8eec2e88d3ULL) }, + } }, + { { + { FIELD_LITERAL(0x0049b2fab13812a3ULL, 0x00846db32cd60431ULL, + 0x000177fa578c8d6cULL, 0x00047d0e2ad4bc51ULL, + 0x00b158ba38d1e588ULL, 0x006a45daad79e3f3ULL, + 0x000997b93cab887bULL, 0x00c47ea42fa23dc3ULL) }, + { FIELD_LITERAL(0x0012b6fef7aeb1caULL, 0x009412768194b6a7ULL, + 0x00ff0d351f23ab93ULL, 0x007e8a14c1aff71bULL, + 0x006c1c0170c512bcULL, 0x0016243ea02ab2e5ULL, + 0x007bb6865b303f3eULL, 0x0015ce6b29b159f4ULL) }, + { FIELD_LITERAL(0x009961cd02e68108ULL, 0x00e2035d3a1d0836ULL, + 0x005d51f69b5e1a1dULL, 0x004bccb4ea36edcdULL, + 0x0069be6a7aeef268ULL, 0x0063f4dd9de8d5a7ULL, + 0x006283783092ca35ULL, 0x0075a31af2c35409ULL) }, + } }, + { { + { FIELD_LITERAL(0x00c412365162e8cfULL, 0x00012283fb34388aULL, + 0x003e6543babf39e2ULL, 0x00eead6b3a804978ULL, + 0x0099c0314e8b326fULL, 0x00e98e0a8d477a4fULL, + 0x00d2eb96b127a687ULL, 0x00ed8d7df87571bbULL) }, + { FIELD_LITERAL(0x00777463e308cacfULL, 0x00c8acb93950132dULL, + 0x00ebddbf4ca48b2cULL, 0x0026ad7ca0795a0aULL, + 0x00f99a3d9a715064ULL, 0x000d60bcf9d4dfccULL, + 0x005e65a73a437a06ULL, 0x0019d536a8db56c8ULL) }, + { FIELD_LITERAL(0x00192d7dd558d135ULL, 0x0027cd6a8323ffa7ULL, + 0x00239f1a412dc1e7ULL, 0x0046b4b3be74fc5cULL, + 0x0020c47a2bef5bceULL, 0x00aa17e48f43862bULL, + 0x00f7e26c96342e5fULL, 0x0008011c530f39a9ULL) }, + } }, + { { + { FIELD_LITERAL(0x00aad4ac569bf0f1ULL, 0x00a67adc90b27740ULL, + 0x0048551369a5751aULL, 0x0031252584a3306aULL, + 0x0084e15df770e6fcULL, 0x00d7bba1c74b5805ULL, + 0x00a80ef223af1012ULL, 0x0089c85ceb843a34ULL) }, + { FIELD_LITERAL(0x00c4545be4a54004ULL, 0x0099e11f60357e6cULL, + 0x001f3936d19515a6ULL, 0x007793df84341a6eULL, + 0x0051061886717ffaULL, 0x00e9b0a660b28f85ULL, + 0x0044ea685892de0dULL, 0x000257d2a1fda9d9ULL) }, + { FIELD_LITERAL(0x007e8b01b24ac8a8ULL, 0x006cf3b0b5ca1337ULL, + 0x00f1607d3e36a570ULL, 0x0039b7fab82991a1ULL, + 0x00231777065840c5ULL, 0x00998e5afdd346f9ULL, + 0x00b7dc3e64acc85fULL, 0x00baacc748013ad6ULL) }, + } }, + { { + { FIELD_LITERAL(0x008ea6a4177580bfULL, 0x005fa1953e3f0378ULL, + 0x005fe409ac74d614ULL, 0x00452327f477e047ULL, + 0x00a4018507fb6073ULL, 0x007b6e71951caac8ULL, + 0x0012b42ab8a6ce91ULL, 0x0080eca677294ab7ULL) }, + { FIELD_LITERAL(0x00a53edc023ba69bULL, 0x00c6afa83ddde2e8ULL, + 0x00c3f638b307b14eULL, 0x004a357a64414062ULL, + 0x00e4d94d8b582dc9ULL, 0x001739caf71695b7ULL, + 0x0012431b2ae28de1ULL, 0x003b6bc98682907cULL) }, + { FIELD_LITERAL(0x008a9a93be1f99d6ULL, 0x0079fa627cc699c8ULL, + 0x00b0cfb134ba84c8ULL, 0x001c4b778249419aULL, + 0x00df4ab3d9c44f40ULL, 0x009f596e6c1a9e3cULL, + 0x001979c0df237316ULL, 0x00501e953a919b87ULL) }, + } } }; const niels_t *ossl_curve448_wnaf_base = curve448_wnaf_base_table; --- crypto/openssl/crypto/ec/curve448/curve448utils.h.orig +++ crypto/openssl/crypto/ec/curve448/curve448utils.h @@ -11,11 +11,11 @@ */ #ifndef OSSL_CRYPTO_EC_CURVE448UTILS_H -# define OSSL_CRYPTO_EC_CURVE448UTILS_H +#define OSSL_CRYPTO_EC_CURVE448UTILS_H -# include +#include -# include "internal/numbers.h" +#include "internal/numbers.h" /* * Internal word types. Somewhat tricky. This could be decided separately per @@ -24,18 +24,18 @@ * header was built with eg arch_neon, you might end up linking a library built * with arch_arm32. */ -# ifndef C448_WORD_BITS -# if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \ - && !defined(__sparc__) \ - && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) +#ifndef C448_WORD_BITS +#if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \ + && !defined(__sparc__) \ + && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) -# define C448_WORD_BITS 64 /* The number of bits in a word */ -# else -# define C448_WORD_BITS 32 /* The number of bits in a word */ -# endif -# endif +#define C448_WORD_BITS 64 /* The number of bits in a word */ +#else +#define C448_WORD_BITS 32 /* The number of bits in a word */ +#endif +#endif -# if C448_WORD_BITS == 64 +#if C448_WORD_BITS == 64 /* Word size for internal computations */ typedef uint64_t c448_word_t; /* Signed word size for internal computations */ @@ -46,7 +46,7 @@ typedef uint128_t c448_dword_t; /* Signed double-word size for internal computations */ typedef int128_t c448_dsword_t; -# elif C448_WORD_BITS == 32 +#elif C448_WORD_BITS == 32 /* Word size for internal computations */ typedef uint32_t c448_word_t; /* Signed word size for internal computations */ @@ -57,26 +57,26 @@ typedef uint64_t c448_dword_t; /* Signed double-word size for internal computations */ typedef int64_t c448_dsword_t; -# else -# error "Only supporting C448_WORD_BITS = 32 or 64 for now" -# endif +#else +#error "Only supporting C448_WORD_BITS = 32 or 64 for now" +#endif /* C448_TRUE = -1 so that C448_TRUE & x = x */ -# define C448_TRUE (0 - (c448_bool_t)1) +#define C448_TRUE (0 - (c448_bool_t)1) /* C448_FALSE = 0 so that C448_FALSE & x = 0 */ -# define C448_FALSE 0 +#define C448_FALSE 0 /* Another boolean type used to indicate success or failure. */ typedef enum { C448_SUCCESS = -1, /**< The operation succeeded. */ - C448_FAILURE = 0 /**< The operation failed. */ + C448_FAILURE = 0 /**< The operation failed. */ } c448_error_t; /* Return success if x is true */ static ossl_inline c448_error_t c448_succeed_if(c448_bool_t x) { - return (c448_error_t) x; + return (c448_error_t)x; } -#endif /* __C448_COMMON_H__ */ +#endif /* __C448_COMMON_H__ */ --- crypto/openssl/crypto/ec/curve448/ed448.h.orig +++ crypto/openssl/crypto/ec/curve448/ed448.h @@ -11,25 +11,24 @@ */ #ifndef OSSL_CRYPTO_EC_CURVE448_ED448_H -# define OSSL_CRYPTO_EC_CURVE448_ED448_H +#define OSSL_CRYPTO_EC_CURVE448_ED448_H -# include "point_448.h" +#include "point_448.h" /* Number of bytes in an EdDSA public key. */ -# define EDDSA_448_PUBLIC_BYTES 57 +#define EDDSA_448_PUBLIC_BYTES 57 /* Number of bytes in an EdDSA private key. */ -# define EDDSA_448_PRIVATE_BYTES EDDSA_448_PUBLIC_BYTES +#define EDDSA_448_PRIVATE_BYTES EDDSA_448_PUBLIC_BYTES /* Number of bytes in an EdDSA private key. */ -# define EDDSA_448_SIGNATURE_BYTES (EDDSA_448_PUBLIC_BYTES + \ - EDDSA_448_PRIVATE_BYTES) +#define EDDSA_448_SIGNATURE_BYTES (EDDSA_448_PUBLIC_BYTES + EDDSA_448_PRIVATE_BYTES) /* EdDSA encoding ratio. */ -# define C448_EDDSA_ENCODE_RATIO 4 +#define C448_EDDSA_ENCODE_RATIO 4 /* EdDSA decoding ratio. */ -# define C448_EDDSA_DECODE_RATIO (4 / 4) +#define C448_EDDSA_DECODE_RATIO (4 / 4) /* * EdDSA key generation. This function uses a different (non-Decaf) encoding. @@ -39,10 +38,10 @@ */ c448_error_t ossl_c448_ed448_derive_public_key( - OSSL_LIB_CTX *ctx, - uint8_t pubkey [EDDSA_448_PUBLIC_BYTES], - const uint8_t privkey [EDDSA_448_PRIVATE_BYTES], - const char *propq); + OSSL_LIB_CTX *ctx, + uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const char *propq); /* * EdDSA signing. @@ -63,13 +62,13 @@ */ c448_error_t ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - size_t context_len, - const char *propq); + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + size_t context_len, + const char *propq); /* * EdDSA signing with prehash. @@ -89,13 +88,13 @@ */ c448_error_t ossl_c448_ed448_sign_prehash(OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], - const uint8_t *context, - size_t context_len, - const char *propq); + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], + const uint8_t *context, + size_t context_len, + const char *propq); /* * EdDSA signature verification. @@ -117,14 +116,14 @@ */ c448_error_t ossl_c448_ed448_verify(OSSL_LIB_CTX *ctx, - const uint8_t - signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t - pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - const char *propq); + const uint8_t + signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t + pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + uint8_t context_len, + const char *propq); /* * EdDSA signature verification. @@ -145,13 +144,13 @@ */ c448_error_t ossl_c448_ed448_verify_prehash( - OSSL_LIB_CTX *ctx, - const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], - const uint8_t *context, - uint8_t context_len, - const char *propq); + OSSL_LIB_CTX *ctx, + const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], + const uint8_t *context, + uint8_t context_len, + const char *propq); /* * EdDSA point encoding. Used internally, exposed externally. @@ -176,10 +175,9 @@ * enc (out): The encoded point. * p (in): The point. */ -void -ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( - uint8_t enc [EDDSA_448_PUBLIC_BYTES], - const curve448_point_t p); +void ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( + uint8_t enc[EDDSA_448_PUBLIC_BYTES], + const curve448_point_t p); /* * EdDSA point decoding. Multiplies by C448_EDDSA_DECODE_RATIO, and @@ -192,8 +190,8 @@ */ c448_error_t ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( - curve448_point_t p, - const uint8_t enc[EDDSA_448_PUBLIC_BYTES]); + curve448_point_t p, + const uint8_t enc[EDDSA_448_PUBLIC_BYTES]); /* * EdDSA to ECDH private key conversion @@ -205,9 +203,9 @@ */ c448_error_t ossl_c448_ed448_convert_private_key_to_x448( - OSSL_LIB_CTX *ctx, - uint8_t x[X448_PRIVATE_BYTES], - const uint8_t ed[EDDSA_448_PRIVATE_BYTES], - const char *propq); + OSSL_LIB_CTX *ctx, + uint8_t x[X448_PRIVATE_BYTES], + const uint8_t ed[EDDSA_448_PRIVATE_BYTES], + const char *propq); -#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */ --- crypto/openssl/crypto/ec/curve448/eddsa.c.orig +++ crypto/openssl/crypto/ec/curve448/eddsa.c @@ -21,8 +21,8 @@ #define COFACTOR 4 static c448_error_t oneshot_hash(OSSL_LIB_CTX *ctx, uint8_t *out, size_t outlen, - const uint8_t *in, size_t inlen, - const char *propq) + const uint8_t *in, size_t inlen, + const char *propq) { EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); EVP_MD *shake256 = NULL; @@ -36,12 +36,12 @@ goto err; if (!EVP_DigestInit_ex(hashctx, shake256, NULL) - || !EVP_DigestUpdate(hashctx, in, inlen) - || !EVP_DigestFinalXOF(hashctx, out, outlen)) + || !EVP_DigestUpdate(hashctx, in, inlen) + || !EVP_DigestFinalXOF(hashctx, out, outlen)) goto err; ret = C448_SUCCESS; - err: +err: EVP_MD_CTX_free(hashctx); EVP_MD_free(shake256); return ret; @@ -55,15 +55,15 @@ } static c448_error_t hash_init_with_dom(OSSL_LIB_CTX *ctx, EVP_MD_CTX *hashctx, - uint8_t prehashed, - uint8_t for_prehash, - const uint8_t *context, - size_t context_len, - const char *propq) + uint8_t prehashed, + uint8_t for_prehash, + const uint8_t *context, + size_t context_len, + const char *propq) { #ifdef CHARSET_EBCDIC - const char dom_s[] = {0x53, 0x69, 0x67, 0x45, - 0x64, 0x34, 0x34, 0x38, 0x00}; + const char dom_s[] = { 0x53, 0x69, 0x67, 0x45, + 0x64, 0x34, 0x34, 0x38, 0x00 }; #else const char dom_s[] = "SigEd448"; #endif @@ -74,7 +74,7 @@ return C448_FAILURE; dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0) - - (for_prehash == 0 ? 1 : 0)); + - (for_prehash == 0 ? 1 : 0)); dom[1] = (uint8_t)context_len; shake256 = EVP_MD_fetch(ctx, "SHAKE256", propq); @@ -82,9 +82,9 @@ return C448_FAILURE; if (!EVP_DigestInit_ex(hashctx, shake256, NULL) - || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) - || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) - || !EVP_DigestUpdate(hashctx, context, context_len)) { + || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) + || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) + || !EVP_DigestUpdate(hashctx, context, context_len)) { EVP_MD_free(shake256); return C448_FAILURE; } @@ -96,23 +96,23 @@ /* In this file because it uses the hash */ c448_error_t ossl_c448_ed448_convert_private_key_to_x448( - OSSL_LIB_CTX *ctx, - uint8_t x[X448_PRIVATE_BYTES], - const uint8_t ed [EDDSA_448_PRIVATE_BYTES], - const char *propq) + OSSL_LIB_CTX *ctx, + uint8_t x[X448_PRIVATE_BYTES], + const uint8_t ed[EDDSA_448_PRIVATE_BYTES], + const char *propq) { /* pass the private key through oneshot_hash function */ /* and keep the first X448_PRIVATE_BYTES bytes */ return oneshot_hash(ctx, x, X448_PRIVATE_BYTES, ed, - EDDSA_448_PRIVATE_BYTES, propq); + EDDSA_448_PRIVATE_BYTES, propq); } c448_error_t ossl_c448_ed448_derive_public_key( - OSSL_LIB_CTX *ctx, - uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const char *propq) + OSSL_LIB_CTX *ctx, + uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const char *propq) { /* only this much used for keygen */ uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES]; @@ -121,15 +121,15 @@ curve448_point_t p; if (!oneshot_hash(ctx, secret_scalar_ser, sizeof(secret_scalar_ser), - privkey, - EDDSA_448_PRIVATE_BYTES, - propq)) + privkey, + EDDSA_448_PRIVATE_BYTES, + propq)) return C448_FAILURE; clamp(secret_scalar_ser); ossl_curve448_scalar_decode_long(secret_scalar, secret_scalar_ser, - sizeof(secret_scalar_ser)); + sizeof(secret_scalar_ser)); /* * Since we are going to mul_by_cofactor during encoding, divide by it @@ -143,7 +143,7 @@ ossl_curve448_scalar_halve(secret_scalar, secret_scalar); ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, - secret_scalar); + secret_scalar); ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p); @@ -157,12 +157,12 @@ c448_error_t ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - size_t context_len, const char *propq) + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + size_t context_len, const char *propq) { curve448_scalar_t secret_scalar; EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); @@ -183,19 +183,19 @@ uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2]; if (!oneshot_hash(ctx, expanded, sizeof(expanded), privkey, - EDDSA_448_PRIVATE_BYTES, propq)) + EDDSA_448_PRIVATE_BYTES, propq)) goto err; clamp(expanded); ossl_curve448_scalar_decode_long(secret_scalar, expanded, - EDDSA_448_PRIVATE_BYTES); + EDDSA_448_PRIVATE_BYTES); /* Hash to create the nonce */ if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, - context_len, propq) - || !EVP_DigestUpdate(hashctx, - expanded + EDDSA_448_PRIVATE_BYTES, - EDDSA_448_PRIVATE_BYTES) - || !EVP_DigestUpdate(hashctx, message, message_len)) { + context_len, propq) + || !EVP_DigestUpdate(hashctx, + expanded + EDDSA_448_PRIVATE_BYTES, + EDDSA_448_PRIVATE_BYTES) + || !EVP_DigestUpdate(hashctx, message, message_len)) { OPENSSL_cleanse(expanded, sizeof(expanded)); goto err; } @@ -222,7 +222,7 @@ ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2); ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, - nonce_scalar_2); + nonce_scalar_2); ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p); ossl_curve448_point_destroy(p); ossl_curve448_scalar_destroy(nonce_scalar_2); @@ -233,15 +233,15 @@ /* Compute the challenge */ if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len, - propq) - || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point)) - || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) - || !EVP_DigestUpdate(hashctx, message, message_len) - || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) + propq) + || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point)) + || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) + || !EVP_DigestUpdate(hashctx, message, message_len) + || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) goto err; ossl_curve448_scalar_decode_long(challenge_scalar, challenge, - sizeof(challenge)); + sizeof(challenge)); OPENSSL_cleanse(challenge, sizeof(challenge)); } @@ -251,39 +251,39 @@ OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES); memcpy(signature, nonce_point, sizeof(nonce_point)); ossl_curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES], - challenge_scalar); + challenge_scalar); ossl_curve448_scalar_destroy(secret_scalar); ossl_curve448_scalar_destroy(nonce_scalar); ossl_curve448_scalar_destroy(challenge_scalar); ret = C448_SUCCESS; - err: +err: EVP_MD_CTX_free(hashctx); return ret; } c448_error_t ossl_c448_ed448_sign_prehash( - OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], const uint8_t *context, - size_t context_len, const char *propq) + OSSL_LIB_CTX *ctx, + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], const uint8_t *context, + size_t context_len, const char *propq) { return ossl_c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1, - context, context_len, propq); + context, context_len, propq); } c448_error_t ossl_c448_ed448_verify( - OSSL_LIB_CTX *ctx, - const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - uint8_t context_len, const char *propq) + OSSL_LIB_CTX *ctx, + const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + uint8_t context_len, const char *propq) { curve448_point_t pk_point, r_point; c448_error_t error; @@ -314,14 +314,12 @@ if (i < 0) return C448_FAILURE; - error = - ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); + error = ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); if (C448_SUCCESS != error) return error; - error = - ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature); + error = ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature); if (C448_SUCCESS != error) return error; @@ -331,93 +329,93 @@ uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES]; if (hashctx == NULL - || !hash_init_with_dom(ctx, hashctx, prehashed, 0, context, - context_len, propq) - || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES) - || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) - || !EVP_DigestUpdate(hashctx, message, message_len) - || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) { + || !hash_init_with_dom(ctx, hashctx, prehashed, 0, context, + context_len, propq) + || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES) + || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) + || !EVP_DigestUpdate(hashctx, message, message_len) + || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) { EVP_MD_CTX_free(hashctx); return C448_FAILURE; } EVP_MD_CTX_free(hashctx); ossl_curve448_scalar_decode_long(challenge_scalar, challenge, - sizeof(challenge)); + sizeof(challenge)); OPENSSL_cleanse(challenge, sizeof(challenge)); } ossl_curve448_scalar_sub(challenge_scalar, ossl_curve448_scalar_zero, - challenge_scalar); + challenge_scalar); ossl_curve448_scalar_decode_long(response_scalar, - &signature[EDDSA_448_PUBLIC_BYTES], - EDDSA_448_PRIVATE_BYTES); + &signature[EDDSA_448_PUBLIC_BYTES], + EDDSA_448_PRIVATE_BYTES); /* pk_point = -c(x(P)) + (cx + k)G = kG */ ossl_curve448_base_double_scalarmul_non_secret(pk_point, - response_scalar, - pk_point, challenge_scalar); + response_scalar, + pk_point, challenge_scalar); return c448_succeed_if(ossl_curve448_point_eq(pk_point, r_point)); } c448_error_t ossl_c448_ed448_verify_prehash( - OSSL_LIB_CTX *ctx, - const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], const uint8_t *context, - uint8_t context_len, const char *propq) + OSSL_LIB_CTX *ctx, + const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], const uint8_t *context, + uint8_t context_len, const char *propq) { return ossl_c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context, - context_len, propq); + context_len, propq); } -int -ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, - size_t message_len, const uint8_t public_key[57], - const uint8_t private_key[57], const uint8_t *context, - size_t context_len, const char *propq) +int ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, + size_t message_len, const uint8_t public_key[57], + const uint8_t private_key[57], const uint8_t *context, + size_t context_len, const char *propq) { return ossl_c448_ed448_sign(ctx, out_sig, private_key, public_key, message, - message_len, 0, context, context_len, - propq) == C448_SUCCESS; + message_len, 0, context, context_len, + propq) + == C448_SUCCESS; } -int -ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq) +int ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, const char *propq) { return ossl_c448_ed448_verify(ctx, signature, public_key, message, - message_len, 0, context, (uint8_t)context_len, - propq) == C448_SUCCESS; + message_len, 0, context, (uint8_t)context_len, + propq) + == C448_SUCCESS; } -int -ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len, const char *propq) +int ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len, const char *propq) { return ossl_c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, - hash, context, context_len, - propq) == C448_SUCCESS; + hash, context, context_len, + propq) + == C448_SUCCESS; } -int -ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, - const char *propq) +int ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, + const char *propq) { return ossl_c448_ed448_verify_prehash(ctx, signature, public_key, hash, - context, (uint8_t)context_len, - propq) == C448_SUCCESS; + context, (uint8_t)context_len, + propq) + == C448_SUCCESS; } -int -ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], - const uint8_t private_key[57], const char *propq) +int ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], + const uint8_t private_key[57], const char *propq) { return ossl_c448_ed448_derive_public_key(ctx, out_public_key, private_key, - propq) == C448_SUCCESS; + propq) + == C448_SUCCESS; } --- crypto/openssl/crypto/ec/curve448/f_generic.c.orig +++ crypto/openssl/crypto/ec/curve448/f_generic.c @@ -13,8 +13,8 @@ static const gf MODULUS = { FIELD_LITERAL(0xffffffffffffffULL, 0xffffffffffffffULL, 0xffffffffffffffULL, - 0xffffffffffffffULL, 0xfffffffffffffeULL, 0xffffffffffffffULL, - 0xffffffffffffffULL, 0xffffffffffffffULL) + 0xffffffffffffffULL, 0xfffffffffffffeULL, 0xffffffffffffffULL, + 0xffffffffffffffULL, 0xffffffffffffffULL) }; /* Serialize to wire format. */ @@ -32,7 +32,7 @@ for (i = 0; i < (with_hibit ? X_SER_BYTES : SER_BYTES); i++) { if (fill < 8 && j < NLIMBS) { - buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill; + buffer |= ((dword_t)red->limb[LIMBPERM(j)]) << fill; fill += LIMB_PLACE_VALUE(LIMBPERM(j)); j++; } @@ -64,7 +64,7 @@ /* Deserialize from wire format; return -1 on success and 0 on failure. */ mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, - uint8_t hi_nmask) + uint8_t hi_nmask) { unsigned int j = 0, fill = 0; dword_t buffer = 0; @@ -80,19 +80,16 @@ sj = serial[j]; if (j == nbytes - 1) sj &= ~hi_nmask; - buffer |= ((dword_t) sj) << fill; + buffer |= ((dword_t)sj) << fill; fill += 8; j++; } - x->limb[LIMBPERM(i)] = (word_t) - ((i < NLIMBS - 1) ? buffer & LIMB_MASK(LIMBPERM(i)) : buffer); + x->limb[LIMBPERM(i)] = (word_t)((i < NLIMBS - 1) ? buffer & LIMB_MASK(LIMBPERM(i)) : buffer); fill -= LIMB_PLACE_VALUE(LIMBPERM(i)); buffer >>= LIMB_PLACE_VALUE(LIMBPERM(i)); - scarry = - (scarry + x->limb[LIMBPERM(i)] - - MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t)); + scarry = (scarry + x->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t)); } - succ = with_hibit ? 0 - (mask_t) 1 : ~gf_hibit(x); + succ = with_hibit ? 0 - (mask_t)1 : ~gf_hibit(x); return succ & word_is_zero((word_t)buffer) & ~word_is_zero((word_t)scarry); } @@ -105,7 +102,7 @@ unsigned int i; /* first, clear high */ - gf_weak_reduce(a); /* Determined to have negligible perf impact. */ + gf_weak_reduce(a); /* Determined to have negligible perf impact. */ /* now the total is less than 2p */ @@ -128,9 +125,7 @@ /* add it back */ for (i = 0; i < NLIMBS; i++) { - carry = - carry + a->limb[LIMBPERM(i)] + - (scarry_0 & MODULUS->limb[LIMBPERM(i)]); + carry = carry + a->limb[LIMBPERM(i)] + (scarry_0 & MODULUS->limb[LIMBPERM(i)]); a->limb[LIMBPERM(i)] = carry & LIMB_MASK(LIMBPERM(i)); carry >>= LIMB_PLACE_VALUE(LIMBPERM(i)); } --- crypto/openssl/crypto/ec/curve448/field.h.orig +++ crypto/openssl/crypto/ec/curve448/field.h @@ -11,35 +11,35 @@ */ #ifndef OSSL_CRYPTO_EC_CURVE448_FIELD_H -# define OSSL_CRYPTO_EC_CURVE448_FIELD_H - -# include "internal/constant_time.h" -# include -# include -# include "word.h" - -# define NLIMBS (64/sizeof(word_t)) -# define X_SER_BYTES 56 -# define SER_BYTES 56 - -# if defined(__GNUC__) || defined(__clang__) -# define INLINE_UNUSED __inline__ __attribute__((__unused__,__always_inline__)) -# define RESTRICT __restrict__ -# define ALIGNED __attribute__((__aligned__(16))) -# else -# define INLINE_UNUSED ossl_inline -# define RESTRICT -# define ALIGNED -# endif +#define OSSL_CRYPTO_EC_CURVE448_FIELD_H + +#include "internal/constant_time.h" +#include +#include +#include "word.h" + +#define NLIMBS (64 / sizeof(word_t)) +#define X_SER_BYTES 56 +#define SER_BYTES 56 + +#if defined(__GNUC__) || defined(__clang__) +#define INLINE_UNUSED __inline__ __attribute__((__unused__, __always_inline__)) +#define RESTRICT __restrict__ +#define ALIGNED __attribute__((__aligned__(16))) +#else +#define INLINE_UNUSED ossl_inline +#define RESTRICT +#define ALIGNED +#endif typedef struct gf_s { word_t limb[NLIMBS]; } ALIGNED gf_s, gf[1]; /* RFC 7748 support */ -# define X_PUBLIC_BYTES X_SER_BYTES -# define X_PRIVATE_BYTES X_PUBLIC_BYTES -# define X_PRIVATE_BITS 448 +#define X_PUBLIC_BYTES X_SER_BYTES +#define X_PRIVATE_BYTES X_PUBLIC_BYTES +#define X_PRIVATE_BITS 448 static INLINE_UNUSED void gf_copy(gf out, const gf a) { @@ -54,9 +54,9 @@ void gf_strong_reduce(gf inout); void gf_add(gf out, const gf a, const gf b); void gf_sub(gf out, const gf a, const gf b); -void gf_mul(gf_s * RESTRICT out, const gf a, const gf b); -void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b); -void gf_sqr(gf_s * RESTRICT out, const gf a); +void gf_mul(gf_s *RESTRICT out, const gf a, const gf b); +void gf_mulw_unsigned(gf_s *RESTRICT out, const gf a, uint32_t b); +void gf_sqr(gf_s *RESTRICT out, const gf a); mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0. Return true if successful */ mask_t gf_eq(const gf x, const gf y); mask_t gf_lobit(const gf x); @@ -64,22 +64,21 @@ void gf_serialize(uint8_t *serial, const gf x, int with_highbit); mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, - uint8_t hi_nmask); - - -# define LIMBPERM(i) (i) -# if (ARCH_WORD_BITS == 32) -# include "arch_32/f_impl.h" /* Bring in the inline implementations */ -# define LIMB_MASK(i) (((1)<limb[i] = (c448_word_t)chain; chain >>= WBITS; } - borrow = (c448_word_t)chain + extra; /* = 0 or -1 */ + borrow = (c448_word_t)chain + extra; /* = 0 or -1 */ chain = 0; for (i = 0; i < C448_SCALAR_LIMBS; i++) { @@ -70,7 +59,7 @@ } static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) + const curve448_scalar_t b) { unsigned int i, j; c448_word_t accum[C448_SCALAR_LIMBS + 1] = { 0 }; @@ -82,7 +71,7 @@ c448_dword_t chain = 0; for (j = 0; j < C448_SCALAR_LIMBS; j++) { - chain += ((c448_dword_t) mand) * mier[j] + accum[j]; + chain += ((c448_dword_t)mand) * mier[j] + accum[j]; accum[j] = (c448_word_t)chain; chain >>= WBITS; } @@ -92,7 +81,7 @@ chain = 0; mier = sc_p->limb; for (j = 0; j < C448_SCALAR_LIMBS; j++) { - chain += (c448_dword_t) mand *mier[j] + accum[j]; + chain += (c448_dword_t)mand * mier[j] + accum[j]; if (j) accum[j - 1] = (c448_word_t)chain; chain >>= WBITS; @@ -107,22 +96,20 @@ } void ossl_curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) + const curve448_scalar_t b) { sc_montmul(out, a, b); sc_montmul(out, out, sc_r2); } -void -ossl_curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) +void ossl_curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, + const curve448_scalar_t b) { sc_subx(out, a->limb, b, sc_p, 0); } -void -ossl_curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) +void ossl_curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, + const curve448_scalar_t b) { c448_dword_t chain = 0; unsigned int i; @@ -136,8 +123,8 @@ } static ossl_inline void scalar_decode_short(curve448_scalar_t s, - const unsigned char *ser, - size_t nbytes) + const unsigned char *ser, + size_t nbytes) { size_t i, j, k = 0; @@ -145,14 +132,14 @@ c448_word_t out = 0; for (j = 0; j < sizeof(c448_word_t) && k < nbytes; j++, k++) - out |= ((c448_word_t) ser[k]) << (8 * j); + out |= ((c448_word_t)ser[k]) << (8 * j); s->limb[i] = out; } } c448_error_t ossl_curve448_scalar_decode(curve448_scalar_t s, - const unsigned char ser[C448_SCALAR_BYTES]) + const unsigned char ser[C448_SCALAR_BYTES]) { unsigned int i; c448_dsword_t accum = 0; @@ -172,9 +159,8 @@ OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t)); } -void -ossl_curve448_scalar_decode_long(curve448_scalar_t s, - const unsigned char *ser, size_t ser_len) +void ossl_curve448_scalar_decode_long(curve448_scalar_t s, + const unsigned char *ser, size_t ser_len) { size_t i; curve448_scalar_t t1, t2; @@ -210,9 +196,8 @@ ossl_curve448_scalar_destroy(t2); } -void -ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], - const curve448_scalar_t s) +void ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], + const curve448_scalar_t s) { unsigned int i, j, k = 0; @@ -222,8 +207,7 @@ } } -void -ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) +void ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) { c448_word_t mask = 0 - (a->limb[0] & 1); c448_dword_t chain = 0; --- crypto/openssl/crypto/ec/curve448/word.h.orig +++ crypto/openssl/crypto/ec/curve448/word.h @@ -11,47 +11,47 @@ */ #ifndef OSSL_CRYPTO_EC_CURVE448_WORD_H -# define OSSL_CRYPTO_EC_CURVE448_WORD_H +#define OSSL_CRYPTO_EC_CURVE448_WORD_H -# include -# include -# include -# include -# include "curve448utils.h" +#include +#include +#include +#include +#include "curve448utils.h" -# ifdef INT128_MAX -# include "arch_64/arch_intrinsics.h" -# else -# include "arch_32/arch_intrinsics.h" -# endif +#ifdef INT128_MAX +#include "arch_64/arch_intrinsics.h" +#else +#include "arch_32/arch_intrinsics.h" +#endif -# if (ARCH_WORD_BITS == 64) +#if (ARCH_WORD_BITS == 64) typedef uint64_t word_t, mask_t; typedef uint128_t dword_t; typedef int32_t hsword_t; typedef int64_t sword_t; typedef int128_t dsword_t; -# elif (ARCH_WORD_BITS == 32) +#elif (ARCH_WORD_BITS == 32) typedef uint32_t word_t, mask_t; typedef uint64_t dword_t; typedef int16_t hsword_t; typedef int32_t sword_t; typedef int64_t dsword_t; -# else -# error "For now, we only support 32- and 64-bit architectures." -# endif +#else +#error "For now, we only support 32- and 64-bit architectures." +#endif /* * Scalar limbs are keyed off of the API word size instead of the arch word * size. */ -# if C448_WORD_BITS == 64 -# define SC_LIMB(x) (x) -# elif C448_WORD_BITS == 32 -# define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32) -# else -# error "For now we only support 32- and 64-bit architectures." -# endif +#if C448_WORD_BITS == 64 +#define SC_LIMB(x) (x) +#elif C448_WORD_BITS == 32 +#define SC_LIMB(x) ((uint32_t)(x)), ((x) >> 32) +#else +#error "For now we only support 32- and 64-bit architectures." +#endif /* * The plan on booleans: The external interface uses c448_bool_t, but this @@ -83,4 +83,4 @@ return ret; } -#endif /* OSSL_CRYPTO_EC_CURVE448_WORD_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_WORD_H */ --- crypto/openssl/crypto/ec/ec2_oct.c.orig +++ crypto/openssl/crypto/ec/ec2_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -37,9 +37,9 @@ * (and additionally fail to cite the EUROCRYPT '92 publication as prior art). */ int ossl_ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x_, int y_bit, - BN_CTX *ctx) + EC_POINT *point, + const BIGNUM *x_, int y_bit, + BN_CTX *ctx) { BIGNUM *tmp, *x, *y, *z; int ret = 0, z0; @@ -109,7 +109,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -123,9 +123,9 @@ * an error will be returned. */ size_t ossl_ec_GF2m_simple_point2oct(const EC_GROUP *group, - const EC_POINT *point, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *ctx) + const EC_POINT *point, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx) { size_t ret; int used_ctx = 0; @@ -156,9 +156,7 @@ /* ret := required output buffer length */ field_len = (EC_GROUP_get_degree(group) + 7) / 8; - ret = - (form == - POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; + ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; /* if 'buf' is NULL, just return required length */ if (buf != NULL) { @@ -240,7 +238,7 @@ #endif return ret; - err: +err: if (used_ctx) BN_CTX_end(ctx); #ifndef FIPS_MODULE @@ -254,8 +252,8 @@ * simple implementation only uses affine coordinates. */ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, - BN_CTX *ctx) + const unsigned char *buf, size_t len, + BN_CTX *ctx) { point_conversion_form_t form; int y_bit, m; @@ -272,7 +270,7 @@ } /* - * The first octet is the point converison octet PC, see X9.62, page 4 + * The first octet is the point conversion octet PC, see X9.62, page 4 * and section 4.4.2. It must be: * 0x00 for the point at infinity * 0x02 or 0x03 for compressed form @@ -308,9 +306,7 @@ m = EC_GROUP_get_degree(group); field_len = (m + 7) / 8; - enc_len = - (form == - POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; + enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; if (len != enc_len) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); @@ -380,7 +376,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); --- crypto/openssl/crypto/ec/ec2_smpl.c.orig +++ crypto/openssl/crypto/ec/ec2_smpl.c @@ -86,11 +86,9 @@ dest->poly[3] = src->poly[3]; dest->poly[4] = src->poly[4]; dest->poly[5] = src->poly[5]; - if (bn_wexpand(dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == - NULL) + if (bn_wexpand(dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0; - if (bn_wexpand(dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == - NULL) + if (bn_wexpand(dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0; bn_set_all_zero(dest->a); bn_set_all_zero(dest->b); @@ -99,8 +97,8 @@ /* Set the curve parameters of an EC_GROUP structure. */ int ossl_ec_GF2m_simple_group_set_curve(EC_GROUP *group, - const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) { int ret = 0, i; @@ -130,7 +128,7 @@ bn_set_all_zero(group->b); ret = 1; - err: +err: return ret; } @@ -139,7 +137,7 @@ * then there values will not be set but the method will return with success. */ int ossl_ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, - BIGNUM *a, BIGNUM *b, BN_CTX *ctx) + BIGNUM *a, BIGNUM *b, BN_CTX *ctx) { int ret = 0; @@ -160,7 +158,7 @@ ret = 1; - err: +err: return ret; } @@ -178,7 +176,7 @@ * elliptic curve <=> b != 0 (mod p) */ int ossl_ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, - BN_CTX *ctx) + BN_CTX *ctx) { int ret = 0; BIGNUM *b; @@ -210,7 +208,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -274,7 +272,7 @@ * represented by having Z=0. */ int ossl_ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, - EC_POINT *point) + EC_POINT *point) { point->Z_is_one = 0; BN_zero(point->Z); @@ -286,10 +284,10 @@ * the simple implementation only uses affine coordinates. */ int ossl_ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x, - const BIGNUM *y, - BN_CTX *ctx) + EC_POINT *point, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx) { int ret = 0; if (x == NULL || y == NULL) { @@ -309,7 +307,7 @@ point->Z_is_one = 1; ret = 1; - err: +err: return ret; } @@ -318,9 +316,9 @@ * implementation only uses affine coordinates. */ int ossl_ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) { int ret = 0; @@ -345,7 +343,7 @@ } ret = 1; - err: +err: return ret; } @@ -354,7 +352,7 @@ * b. Uses algorithm A.10.2 of IEEE P1363. */ int ossl_ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, - const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) + const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; int ret = 0; @@ -462,7 +460,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -475,13 +473,13 @@ * A.10.2 of IEEE P1363. */ int ossl_ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, - const EC_POINT *a, BN_CTX *ctx) + const EC_POINT *a, BN_CTX *ctx) { return ossl_ec_GF2m_simple_add(group, r, a, a, ctx); } int ossl_ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, - BN_CTX *ctx) + BN_CTX *ctx) { if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y)) /* point is its own inverse */ @@ -495,7 +493,7 @@ /* Indicates whether the given point is the point at infinity. */ int ossl_ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, - const EC_POINT *point) + const EC_POINT *point) { return BN_is_zero(point->Z); } @@ -506,13 +504,13 @@ * y^2 + x*y = x^3 + a*x^2 + b. */ int ossl_ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - BN_CTX *ctx) + BN_CTX *ctx) { int ret = -1; BIGNUM *lh, *y2; - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *); + int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); #ifndef FIPS_MODULE BN_CTX *new_ctx = NULL; #endif @@ -563,7 +561,7 @@ goto err; ret = BN_is_zero(lh); - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -579,7 +577,7 @@ * 1 not equal */ int ossl_ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx) + const EC_POINT *b, BN_CTX *ctx) { BIGNUM *aX, *aY, *bX, *bY; int ret = -1; @@ -620,7 +618,7 @@ goto err; ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -630,7 +628,7 @@ /* Forces the given EC_POINT to internally use affine coordinates. */ int ossl_ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, - BN_CTX *ctx) + BN_CTX *ctx) { BIGNUM *x, *y; int ret = 0; @@ -667,7 +665,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -679,7 +677,7 @@ * Forces each of the EC_POINTs in the given array to use affine coordinates. */ int ossl_ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx) + EC_POINT *points[], BN_CTX *ctx) { size_t i; @@ -693,21 +691,21 @@ /* Wrapper to simple binary polynomial field multiplication implementation. */ int ossl_ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); } /* Wrapper to simple binary polynomial field squaring implementation. */ int ossl_ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) + const BIGNUM *a, BN_CTX *ctx) { return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); } /* Wrapper to simple binary polynomial field division implementation. */ int ossl_ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { return BN_GF2m_mod_div(r, a, b, group->field, ctx); } @@ -718,10 +716,9 @@ * Modified to blind s and r independently. * s:= p, r := 2p */ -static -int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) +static int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { /* if p is not affine, something is wrong */ if (p->Z_is_one == 0) @@ -730,7 +727,7 @@ /* s blinding: make sure lambda (s->Z here) is not zero */ do { if (!BN_priv_rand_ex(s->Z, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); return 0; } @@ -738,21 +735,21 @@ /* if field_encode defined convert between representations */ if ((group->meth->field_encode != NULL - && !group->meth->field_encode(group, s->Z, s->Z, ctx)) + && !group->meth->field_encode(group, s->Z, s->Z, ctx)) || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) return 0; /* r blinding: make sure lambda (r->Y here for storage) is not zero */ do { if (!BN_priv_rand_ex(r->Y, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); return 0; } } while (BN_is_zero(r->Y)); if ((group->meth->field_encode != NULL - && !group->meth->field_encode(group, r->Y, r->Y, ctx)) + && !group->meth->field_encode(group, r->Y, r->Y, ctx)) || !group->meth->field_sqr(group, r->Z, p->X, ctx) || !group->meth->field_sqr(group, r->X, r->Z, ctx) || !BN_GF2m_add(r->X, r->X, group->b) @@ -771,10 +768,9 @@ * http://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3 * s := r + s, r := 2r */ -static -int ec_GF2m_simple_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) +static int ec_GF2m_simple_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { if (!group->meth->field_mul(group, r->Y, r->Z, s->X, ctx) || !group->meth->field_mul(group, s->X, r->X, s->Z, ctx) @@ -801,10 +797,9 @@ * without Precomputation" (Lopez and Dahab, CHES 1999), * Appendix Alg Mxy. */ -static -int ec_GF2m_simple_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) +static int ec_GF2m_simple_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { int ret = 0; BIGNUM *t0, *t1, *t2 = NULL; @@ -859,17 +854,16 @@ ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } -static -int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], - BN_CTX *ctx) +static int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], + BN_CTX *ctx) { int ret = 0; EC_POINT *t = NULL; @@ -916,7 +910,7 @@ ret = 1; - err: +err: EC_POINT_free(t); return ret; } @@ -927,7 +921,7 @@ * SCA hardening is with blinding: BN_GF2m_mod_inv does that. */ static int ec_GF2m_simple_field_inv(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) + const BIGNUM *a, BN_CTX *ctx) { int ret; --- crypto/openssl/crypto/ec/ec_ameth.c.orig +++ crypto/openssl/crypto/ec/ec_ameth.c @@ -37,7 +37,7 @@ } if (EC_GROUP_get_asn1_flag(group) && (nid = EC_GROUP_get_curve_name(group))) - /* we have a 'named curve' => just set the OID */ + /* we have a 'named curve' => just set the OID */ { ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); @@ -47,7 +47,7 @@ } *ppval = asn1obj; *pptype = V_ASN1_OBJECT; - } else { /* explicit parameters */ + } else { /* explicit parameters */ ASN1_STRING *pstr = NULL; pstr = ASN1_STRING_new(); @@ -88,9 +88,9 @@ if (penclen <= 0) goto err; if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), - ptype, pval, penc, penclen)) + ptype, pval, penc, penclen)) return 1; - err: +err: if (ptype == V_ASN1_SEQUENCE) ASN1_STRING_free(pval); OPENSSL_free(penc); @@ -123,7 +123,7 @@ EVP_PKEY_assign_EC_KEY(pkey, eckey); return 1; - ecerr: +ecerr: EC_KEY_free(eckey); return 0; } @@ -133,7 +133,7 @@ int r; const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), - *pb = EC_KEY_get0_public_key(b->pkey.ec); + *pb = EC_KEY_get0_public_key(b->pkey.ec); if (group == NULL || pa == NULL || pb == NULL) return -2; @@ -146,7 +146,7 @@ } static int eckey_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { int ret = 0; EC_KEY *eckey = ossl_ec_key_from_pkcs8(p8, libctx, propq); @@ -188,7 +188,7 @@ } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) { + ptype, pval, ep, eplen)) { ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); OPENSSL_clear_free(ep, eplen); goto err; @@ -196,7 +196,7 @@ return 1; - err: +err: if (ptype == V_ASN1_SEQUENCE) ASN1_STRING_free(pval); return 0; @@ -251,7 +251,7 @@ goto err; EC_GROUP_free(group); return 1; - err: +err: EC_GROUP_free(group); return 0; } @@ -259,7 +259,7 @@ static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), - *group_b = EC_KEY_get0_group(b->pkey.ec); + *group_b = EC_KEY_get0_group(b->pkey.ec); if (group_a == NULL || group_b == NULL) return -2; @@ -315,7 +315,8 @@ if (!BIO_indent(bp, off, 128)) goto err; if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, - EC_GROUP_order_bits(group)) <= 0) + EC_GROUP_order_bits(group)) + <= 0) goto err; if (privlen != 0) { @@ -335,7 +336,7 @@ if (!ECPKParameters_print(bp, group, off)) goto err; ret = 1; - err: +err: if (!ret) ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); OPENSSL_clear_free(priv, privlen); @@ -344,7 +345,7 @@ } static int eckey_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) + const unsigned char **pder, int derlen) { EC_KEY *eckey; @@ -360,25 +361,25 @@ } static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PARAM); } static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PUBLIC); } static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PRIVATE); } static int old_ec_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) + const unsigned char **pder, int derlen) { EC_KEY *ec; @@ -400,7 +401,7 @@ if (EVP_PKEY_get_id(pkey) == EVP_PKEY_SM2) { /* For SM2, the only valid digest-alg is SM3 */ *(int *)arg2 = NID_sm3; - return 2; /* Make it mandatory */ + return 2; /* Make it mandatory */ } *(int *)arg2 = NID_sha256; return 1; @@ -413,7 +414,7 @@ case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey), - POINT_CONVERSION_UNCOMPRESSED, arg2, NULL); + POINT_CONVERSION_UNCOMPRESSED, arg2, NULL); default: return -2; @@ -462,16 +463,14 @@ return EC_GROUP_check(eckey->group, NULL); } -static -size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey) +static size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey) { return pkey->pkey.ec->dirty_cnt; } -static -int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) +static int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq) { const EC_KEY *eckey = NULL; const EC_GROUP *ecg = NULL; @@ -486,8 +485,8 @@ BN_CTX *bnctx = NULL; if (from == NULL - || (eckey = from->pkey.ec) == NULL - || (ecg = EC_KEY_get0_group(eckey)) == NULL) + || (eckey = from->pkey.ec) == NULL + || (ecg = EC_KEY_get0_group(eckey)) == NULL) return 0; tmpl = OSSL_PARAM_BLD_new(); @@ -516,12 +515,13 @@ point_conversion_form_t format = EC_KEY_get_conv_form(eckey); if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point, - format, - &pub_key_buf, bnctx)) == 0 + format, + &pub_key_buf, bnctx)) + == 0 || !OSSL_PARAM_BLD_push_octet_string(tmpl, - OSSL_PKEY_PARAM_PUB_KEY, - pub_key_buf, - pub_key_buflen)) + OSSL_PKEY_PARAM_PUB_KEY, + pub_key_buf, + pub_key_buflen)) goto err; selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; } @@ -568,10 +568,10 @@ if (ecbits <= 0) goto err; - sz = (ecbits + 7 ) / 8; + sz = (ecbits + 7) / 8; if (!OSSL_PARAM_BLD_push_BN_pad(tmpl, - OSSL_PKEY_PARAM_PRIV_KEY, - priv_key, sz)) + OSSL_PKEY_PARAM_PRIV_KEY, + priv_key, sz)) goto err; selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; @@ -580,13 +580,12 @@ * contains a private key, so we check for the flag and export it only * in this case. */ - ecdh_cofactor_mode = - (EC_KEY_get_flags(eckey) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; + ecdh_cofactor_mode = (EC_KEY_get_flags(eckey) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; /* Export the ECDH_COFACTOR_MODE parameter */ if (!OSSL_PARAM_BLD_push_int(tmpl, - OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, - ecdh_cofactor_mode)) + OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, + ecdh_cofactor_mode)) goto err; selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS; } @@ -596,7 +595,7 @@ /* We export, the provider imports */ rv = importer(to_keydata, selection, params); - err: +err: OSSL_PARAM_BLD_free(tmpl); OSSL_PARAM_free(params); OPENSSL_free(pub_key_buf); @@ -701,9 +700,9 @@ #if !defined(OPENSSL_NO_SM2) const EVP_PKEY_ASN1_METHOD ossl_sm2_asn1_meth = { - EVP_PKEY_SM2, - EVP_PKEY_EC, - ASN1_PKEY_ALIAS + EVP_PKEY_SM2, + EVP_PKEY_EC, + ASN1_PKEY_ALIAS }; #endif @@ -712,7 +711,7 @@ int private = EC_KEY_get0_private_key(x) != NULL; return do_EC_KEY_print(bp, x, off, - private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC); + private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC); } int ECParameters_print(BIO *bp, const EC_KEY *x) --- crypto/openssl/crypto/ec/ec_asn1.c.orig +++ crypto/openssl/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,7 +72,7 @@ ASN1_OCTET_STRING *base; ASN1_INTEGER *order; ASN1_INTEGER *cofactor; -} /* ECPARAMETERS */ ; +} /* ECPARAMETERS */; typedef enum { ECPKPARAMETERS_TYPE_NAMED = 0, @@ -87,7 +87,7 @@ ECPARAMETERS *parameters; ASN1_NULL *implicitlyCA; } value; -} /* ECPKPARAMETERS */ ; +} /* ECPKPARAMETERS */; /* SEC1 ECPrivateKey */ typedef struct ec_privatekey_st { @@ -99,9 +99,9 @@ /* the OpenSSL ASN.1 definitions */ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { - ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32), - ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32), - ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32) + ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32), + ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32), + ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32) } static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) @@ -110,15 +110,15 @@ ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { - ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), - ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), - ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) + ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), + ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { - ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32), - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) + ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32), + ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) } static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) @@ -127,37 +127,28 @@ ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); ASN1_ADB(X9_62_FIELDID) = { - ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), - ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) + ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); ASN1_SEQUENCE(X9_62_FIELDID) = { - ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), - ASN1_ADB_OBJECT(X9_62_FIELDID) + ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_FIELDID) } static_ASN1_SEQUENCE_END(X9_62_FIELDID) -ASN1_SEQUENCE(X9_62_CURVE) = { - ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), - ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), - ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) -} static_ASN1_SEQUENCE_END(X9_62_CURVE) - -ASN1_SEQUENCE(ECPARAMETERS) = { - ASN1_EMBED(ECPARAMETERS, version, INT32), - ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), - ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), - ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), - ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), - ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) -} ASN1_SEQUENCE_END(ECPARAMETERS) +ASN1_SEQUENCE(X9_62_CURVE) + = { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(X9_62_CURVE) + +ASN1_SEQUENCE(ECPARAMETERS) + = { ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS) DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) ASN1_CHOICE(ECPKPARAMETERS) = { - ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), - ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), - ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) + ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), + ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), + ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) } ASN1_CHOICE_END(ECPKPARAMETERS) DECLARE_ASN1_FUNCTIONS(ECPKPARAMETERS) @@ -165,10 +156,10 @@ IMPLEMENT_ASN1_FUNCTIONS(ECPKPARAMETERS) ASN1_SEQUENCE(EC_PRIVATEKEY) = { - ASN1_EMBED(EC_PRIVATEKEY, version, INT32), - ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), - ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), - ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) + ASN1_EMBED(EC_PRIVATEKEY, version, INT32), + ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), + ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), + ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) } static_ASN1_SEQUENCE_END(EC_PRIVATEKEY) DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY) @@ -283,7 +274,7 @@ char_two->p.ppBasis->k1 = (long)k1; char_two->p.ppBasis->k2 = (long)k2; char_two->p.ppBasis->k3 = (long)k3; - } else { /* field_type == NID_X9_62_onBasis */ + } else { /* field_type == NID_X9_62_onBasis */ /* for ONB the parameters are (asn1) NULL */ char_two->p.onBasis = ASN1_NULL_new(); @@ -301,7 +292,7 @@ ok = 1; - err: +err: BN_free(tmp); return ok; } @@ -361,7 +352,7 @@ curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; if (!ASN1_BIT_STRING_set(curve->seed, group->seed, - (int)group->seed_len)) { + (int)group->seed_len)) { ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); goto err; } @@ -372,7 +363,7 @@ ok = 1; - err: +err: OPENSSL_free(a_buf); OPENSSL_free(b_buf); BN_free(tmp_1); @@ -381,7 +372,7 @@ } ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, - ECPARAMETERS *params) + ECPARAMETERS *params) { size_t len = 0; ECPARAMETERS *ret = NULL; @@ -460,14 +451,14 @@ return ret; - err: +err: if (params == NULL) ECPARAMETERS_free(ret); return NULL; } ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, - ECPKPARAMETERS *params) + ECPKPARAMETERS *params) { int ok = 1, tmp; ECPKPARAMETERS *ret = params; @@ -481,7 +472,7 @@ if (ret->type == ECPKPARAMETERS_TYPE_NAMED) ASN1_OBJECT_free(ret->value.named_curve); else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT - && ret->value.parameters != NULL) + && ret->value.parameters != NULL) ECPARAMETERS_free(ret->value.parameters); } @@ -507,8 +498,7 @@ } else { /* use the ECPARAMETERS structure */ ret->type = ECPKPARAMETERS_TYPE_EXPLICIT; - if ((ret->value.parameters = - EC_GROUP_get_ecparameters(group, NULL)) == NULL) + if ((ret->value.parameters = EC_GROUP_get_ecparameters(group, NULL)) == NULL) ok = 0; } @@ -530,8 +520,8 @@ BN_CTX *ctx = NULL; if (params->fieldID == NULL - || params->fieldID->fieldType == NULL - || params->fieldID->p.ptr == NULL) { + || params->fieldID->fieldType == NULL + || params->fieldID->p.ptr == NULL) { ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); goto err; } @@ -543,8 +533,8 @@ * compatibility. */ if (params->curve == NULL - || params->curve->a == NULL || params->curve->a->data == NULL - || params->curve->b == NULL || params->curve->b->data == NULL) { + || params->curve->a == NULL || params->curve->a->data == NULL + || params->curve->b == NULL || params->curve->b->data == NULL) { ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); goto err; } @@ -618,9 +608,8 @@ goto err; } - if (! - (char_two->m > penta->k3 && penta->k3 > penta->k2 - && penta->k2 > penta->k1 && penta->k1 > 0)) { + if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 + && penta->k2 > penta->k1 && penta->k1 > 0)) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_PENTANOMIAL_BASIS); goto err; } @@ -639,7 +628,7 @@ } else if (tmp == NID_X9_62_onBasis) { ERR_raise(ERR_LIB_EC, EC_R_NOT_IMPLEMENTED); goto err; - } else { /* error */ + } else { /* error */ ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); goto err; @@ -703,14 +692,14 @@ goto err; } memcpy(ret->seed, params->curve->seed->data, - params->curve->seed->length); + params->curve->seed->length); ret->seed_len = params->curve->seed->length; } if (params->order == NULL - || params->base == NULL - || params->base->data == NULL - || params->base->length == 0) { + || params->base == NULL + || params->base->data == NULL + || params->base->length == 0) { ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); goto err; } @@ -719,12 +708,11 @@ goto err; /* set the point conversion form */ - EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) - (params->base->data[0] & ~0x01)); + EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)(params->base->data[0] & ~0x01)); /* extract the ec point */ if (!EC_POINT_oct2point(ret, point, params->base->data, - params->base->length, NULL)) { + params->base->length, NULL)) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } @@ -774,8 +762,8 @@ goto err; } if ((dup = EC_GROUP_dup(ret)) == NULL - || EC_GROUP_set_seed(dup, NULL, 0) != 1 - || !EC_GROUP_set_generator(dup, point, a, NULL)) { + || EC_GROUP_set_seed(dup, NULL, 0) != 1 + || !EC_GROUP_set_generator(dup, point, a, NULL)) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } @@ -830,7 +818,7 @@ ok = 1; - err: +err: if (!ok) { EC_GROUP_free(ret); ret = NULL; @@ -969,7 +957,8 @@ if (priv_key->privateKey) { ASN1_OCTET_STRING *pkey = priv_key->privateKey; if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey), - ASN1_STRING_length(pkey)) == 0) + ASN1_STRING_length(pkey)) + == 0) goto err; } else { ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); @@ -999,7 +988,7 @@ } else { if (ret->group->meth->keygenpub == NULL || ret->group->meth->keygenpub(ret) == 0) - goto err; + goto err; /* Remember the original private-key-only encoding. */ ret->enc_flag |= EC_PKEY_NO_PUBKEY; } @@ -1011,7 +1000,7 @@ ret->dirty_cnt++; return ret; - err: +err: if (a == NULL || *a != ret) EC_KEY_free(ret); EC_PRIVATEKEY_free(priv_key); @@ -1021,13 +1010,12 @@ int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out) { int ret = 0, ok = 0; - unsigned char *priv= NULL, *pub= NULL; + unsigned char *priv = NULL, *pub = NULL; size_t privlen = 0, publen = 0; EC_PRIVATEKEY *priv_key = NULL; - if (a == NULL || a->group == NULL || - (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { + if (a == NULL || a->group == NULL || (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); goto err; } @@ -1050,9 +1038,9 @@ priv = NULL; if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { - if ((priv_key->parameters = - EC_GROUP_get_ecpkparameters(a->group, - priv_key->parameters)) == NULL) { + if ((priv_key->parameters = EC_GROUP_get_ecpkparameters(a->group, + priv_key->parameters)) + == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } @@ -1083,7 +1071,7 @@ goto err; } ok = 1; - err: +err: OPENSSL_clear_free(priv, privlen); OPENSSL_free(pub); EC_PRIVATEKEY_free(priv_key); @@ -1118,7 +1106,7 @@ if (!d2i_ECPKParameters(&ret->group, in, len)) { if (a == NULL || *a != ret) - EC_KEY_free(ret); + EC_KEY_free(ret); else ret->dirty_cnt++; return NULL; @@ -1167,7 +1155,7 @@ } buf_len = EC_POINT_point2oct(a->group, a->pub_key, - a->conv_form, NULL, 0, NULL); + a->conv_form, NULL, 0, NULL); if (out == NULL || buf_len == 0) /* out == NULL => just return the length of the octet string */ @@ -1181,7 +1169,7 @@ new_buffer = 1; } if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, - *out, buf_len, NULL)) { + *out, buf_len, NULL)) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); if (new_buffer) { OPENSSL_free(*out); @@ -1255,7 +1243,7 @@ return -1; } else if (*ppout == NULL) { if ((buf = BUF_MEM_new()) == NULL - || !WPACKET_init_len(&pkt, buf, 0)) { + || !WPACKET_init_len(&pkt, buf, 0)) { BUF_MEM_free(buf); return -1; } @@ -1265,8 +1253,8 @@ } if (!ossl_encode_der_dsa_sig(&pkt, sig->r, sig->s) - || !WPACKET_get_total_written(&pkt, &encoded_len) - || !WPACKET_finish(&pkt)) { + || !WPACKET_get_total_written(&pkt, &encoded_len) + || !WPACKET_finish(&pkt)) { BUF_MEM_free(buf); WPACKET_cleanup(&pkt); return -1; --- crypto/openssl/crypto/ec/ec_backend.c.orig +++ crypto/openssl/crypto/ec/ec_backend.c @@ -18,8 +18,8 @@ #include #include #ifndef FIPS_MODULE -# include -# include +#include +#include #endif #include "crypto/bn.h" #include "crypto/ec.h" @@ -154,8 +154,8 @@ } static int ec_group_explicit_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[], BN_CTX *bnctx, - unsigned char **genbuf) + OSSL_PARAM params[], BN_CTX *bnctx, + unsigned char **genbuf) { int ret = 0, fid; const char *field_type; @@ -183,8 +183,7 @@ param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_P); param_a = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_A); param_b = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_B); - if (tmpl != NULL || param_p != NULL || param_a != NULL || param_b != NULL) - { + if (tmpl != NULL || param_p != NULL || param_a != NULL || param_b != NULL) { BIGNUM *p = BN_CTX_get(bnctx); BIGNUM *a = BN_CTX_get(bnctx); BIGNUM *b = BN_CTX_get(bnctx); @@ -215,7 +214,7 @@ goto err; } if (!ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_ORDER, - order)) { + order)) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -224,8 +223,8 @@ param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE); if (tmpl != NULL || param != NULL) { if (!ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, - field_type)) { + OSSL_PKEY_PARAM_EC_FIELD_TYPE, + field_type)) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -247,8 +246,8 @@ goto err; } if (!ossl_param_build_set_octet_string(tmpl, params, - OSSL_PKEY_PARAM_EC_GENERATOR, - *genbuf, genbuf_len)) { + OSSL_PKEY_PARAM_EC_GENERATOR, + *genbuf, genbuf_len)) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -260,7 +259,7 @@ if (cofactor != NULL && !ossl_param_build_set_bn(tmpl, params, - OSSL_PKEY_PARAM_EC_COFACTOR, cofactor)) { + OSSL_PKEY_PARAM_EC_COFACTOR, cofactor)) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -274,8 +273,8 @@ if (seed != NULL && seed_len > 0 && !ossl_param_build_set_octet_string(tmpl, params, - OSSL_PKEY_PARAM_EC_SEED, - seed, seed_len)) { + OSSL_PKEY_PARAM_EC_SEED, + seed, seed_len)) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -286,16 +285,16 @@ } int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[], OSSL_LIB_CTX *libctx, - const char *propq, - BN_CTX *bnctx, unsigned char **genbuf) + OSSL_PARAM params[], OSSL_LIB_CTX *libctx, + const char *propq, + BN_CTX *bnctx, unsigned char **genbuf) { int ret = 0, curve_nid, encoding_flag; const char *encoding_name, *pt_form_name; point_conversion_form_t genform; if (group == NULL) { - ERR_raise(ERR_LIB_EC,EC_R_PASSED_NULL_PARAMETER); + ERR_raise(ERR_LIB_EC, EC_R_PASSED_NULL_PARAMETER); return 0; } @@ -303,8 +302,8 @@ pt_form_name = ossl_ec_pt_format_id2name(genform); if (pt_form_name == NULL || !ossl_param_build_set_utf8_string( - tmpl, params, - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) { + tmpl, params, + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_FORM); return 0; } @@ -312,15 +311,15 @@ encoding_name = ec_param_encoding_id2name(encoding_flag); if (encoding_name == NULL || !ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_EC_ENCODING, - encoding_name)) { + OSSL_PKEY_PARAM_EC_ENCODING, + encoding_name)) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); return 0; } if (!ossl_param_build_set_int(tmpl, params, - OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, - group->decoded_from_explicit_params)) + OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, + group->decoded_from_explicit_params)) return 0; curve_nid = EC_GROUP_get_curve_name(group); @@ -340,8 +339,8 @@ if (curve_name == NULL || !ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_GROUP_NAME, - curve_name)) { + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name)) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); goto err; } @@ -370,7 +369,7 @@ if (mode < 0 || mode > 1) return 0; - if ((cofactor = EC_GROUP_get0_cofactor(ecg)) == NULL ) + if ((cofactor = EC_GROUP_get0_cofactor(ecg)) == NULL) return 0; /* ECDH cofactor mode has no effect if cofactor is 1 */ @@ -408,11 +407,9 @@ if (ecg == NULL) return 0; - param_pub_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); if (include_private) - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); if (ctx == NULL) @@ -420,10 +417,10 @@ if (param_pub_key != NULL) if (!OSSL_PARAM_get_octet_string(param_pub_key, - (void **)&pub_key, 0, &pub_key_len) + (void **)&pub_key, 0, &pub_key_len) || (pub_point = EC_POINT_new(ecg)) == NULL || !EC_POINT_oct2point(ecg, pub_point, pub_key, pub_key_len, ctx)) - goto err; + goto err; if (param_priv_key != NULL && include_private) { int fixed_words; @@ -488,7 +485,7 @@ ok = 1; - err: +err: BN_CTX_free(ctx); BN_clear_free(priv_key); OPENSSL_free(pub_key); @@ -504,8 +501,8 @@ if (ec == NULL) return 0; - group = EC_GROUP_new_from_params(params, ossl_ec_key_get_libctx(ec), - ossl_ec_key_get0_propq(ec)); + group = EC_GROUP_new_from_params(params, ossl_ec_key_get_libctx(ec), + ossl_ec_key_get0_propq(ec)); if (!EC_KEY_set_group(ec, group)) goto err; @@ -591,7 +588,6 @@ return 1; #endif return 0; - } EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection) @@ -604,14 +600,15 @@ } if ((ret = ossl_ec_key_new_method_int(src->libctx, src->propq, - src->engine)) == NULL) + src->engine)) + == NULL) return NULL; /* copy the parameters */ if (src->group != NULL && (selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { ret->group = ossl_ec_group_new_ex(src->libctx, src->propq, - src->group->meth); + src->group->meth); if (ret->group == NULL || !EC_GROUP_copy(ret->group, src->group)) goto err; @@ -629,7 +626,7 @@ ret->pub_key = EC_POINT_new(ret->group); if (ret->pub_key == NULL || !EC_POINT_copy(ret->pub_key, src->pub_key)) - goto err; + goto err; } /* copy the private key */ @@ -657,20 +654,21 @@ #ifndef FIPS_MODULE if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, - &ret->ex_data, &src->ex_data)) + &ret->ex_data, &src->ex_data)) goto err; #endif if (ret->meth != NULL && ret->meth->copy != NULL) { if ((selection - & OSSL_KEYMGMT_SELECT_KEYPAIR) != OSSL_KEYMGMT_SELECT_KEYPAIR) + & OSSL_KEYMGMT_SELECT_KEYPAIR) + != OSSL_KEYMGMT_SELECT_KEYPAIR) goto err; if (ret->meth->copy(ret, src) == 0) goto err; } return ret; - err: +err: EC_KEY_free(ret); return NULL; } @@ -758,7 +756,7 @@ } EC_KEY *ossl_ec_key_param_from_x509_algor(const X509_ALGOR *palg, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { int ptype = 0; const void *pval = NULL; @@ -776,7 +774,6 @@ const unsigned char *pm = pstr->data; int pmlen = pstr->length; - if (d2i_ECParameters(&eckey, &pm, pmlen) == NULL) { ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR); goto ecerr; @@ -802,14 +799,14 @@ return eckey; - ecerr: +ecerr: EC_KEY_free(eckey); EC_GROUP_free(group); return NULL; } EC_KEY *ossl_ec_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { const unsigned char *p = NULL; int pklen; @@ -829,7 +826,7 @@ } return eckey; - err: +err: EC_KEY_free(eckey); return NULL; } --- crypto/openssl/crypto/ec/ec_check.c.orig +++ crypto/openssl/crypto/ec/ec_check.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ #include int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, - BN_CTX *ctx) + BN_CTX *ctx) { int nid; BN_CTX *new_ctx = NULL; @@ -47,10 +47,10 @@ { #ifdef FIPS_MODULE /* - * ECC domain parameter validation. - * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b. - */ - return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0; + * ECC domain parameter validation. + * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b. + */ + return EC_GROUP_check_named_curve(group, 1, ctx) > 0 ? 1 : 0; #else int ret = 0; const BIGNUM *order; @@ -110,7 +110,7 @@ ret = 1; - err: +err: BN_CTX_free(new_ctx); EC_POINT_free(point); return ret; --- crypto/openssl/crypto/ec/ec_curve.c.orig +++ crypto/openssl/crypto/ec/ec_curve.c @@ -23,10 +23,10 @@ #include "internal/nelem.h" typedef struct { - int field_type, /* either NID_X9_62_prime_field or - * NID_X9_62_characteristic_two_field */ - seed_len, param_len; - unsigned int cofactor; /* promoted to BN_ULONG */ + int field_type, /* either NID_X9_62_prime_field or + * NID_X9_62_characteristic_two_field */ + seed_len, param_len; + unsigned int cofactor; /* promoted to BN_ULONG */ } EC_CURVE_DATA; /* the nist prime curves */ @@ -34,11 +34,8 @@ EC_CURVE_DATA h; unsigned char data[20 + 24 * 6]; } _EC_NIST_PRIME_192 = { - { - NID_X9_62_prime_field, 20, 24, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 24, 1 }, + { /* seed */ 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5, /* p */ @@ -58,19 +55,15 @@ 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11, /* order */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 - } + 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 28 * 6]; } _EC_NIST_PRIME_224 = { - { - NID_X9_62_prime_field, 20, 28, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 28, 1 }, + { /* seed */ 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, /* p */ @@ -96,19 +89,15 @@ /* order */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, - 0x5C, 0x5C, 0x2A, 0x3D - } + 0x5C, 0x5C, 0x2A, 0x3D } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 48 * 6]; } _EC_NIST_PRIME_384 = { - { - NID_X9_62_prime_field, 20, 48, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 48, 1 }, + { /* seed */ 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, /* p */ @@ -140,19 +129,15 @@ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, - 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 - } + 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 66 * 6]; } _EC_NIST_PRIME_521 = { - { - NID_X9_62_prime_field, 20, 66, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 66, 1 }, + { /* seed */ 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, /* p */ @@ -196,21 +181,17 @@ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, - 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 - } + 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 } }; -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE /* the x9.62 prime curves (minus the nist prime curves) */ static const struct { EC_CURVE_DATA h; unsigned char data[20 + 24 * 6]; } _EC_X9_62_PRIME_192V2 = { - { - NID_X9_62_prime_field, 20, 24, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 24, 1 }, + { /* seed */ 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6, /* p */ @@ -230,19 +211,15 @@ 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15, /* order */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, - 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 - } + 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 24 * 6]; } _EC_X9_62_PRIME_192V3 = { - { - NID_X9_62_prime_field, 20, 24, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 24, 1 }, + { /* seed */ 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E, /* p */ @@ -262,19 +239,15 @@ 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0, /* order */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 - } + 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 30 * 6]; } _EC_X9_62_PRIME_239V1 = { - { - NID_X9_62_prime_field, 20, 30, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 30, 1 }, + { /* seed */ 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D, /* p */ @@ -300,19 +273,15 @@ /* order */ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, - 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B - } + 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 30 * 6]; } _EC_X9_62_PRIME_239V2 = { - { - NID_X9_62_prime_field, 20, 30, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 30, 1 }, + { /* seed */ 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16, /* p */ @@ -338,19 +307,15 @@ /* order */ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, - 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 - } + 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 30 * 6]; } _EC_X9_62_PRIME_239V3 = { - { - NID_X9_62_prime_field, 20, 30, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 30, 1 }, + { /* seed */ 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF, /* p */ @@ -376,8 +341,7 @@ /* order */ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, - 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 - } + 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 } }; #endif /* FIPS_MODULE */ @@ -385,11 +349,8 @@ EC_CURVE_DATA h; unsigned char data[20 + 32 * 6]; } _EC_X9_62_PRIME_256V1 = { - { - NID_X9_62_prime_field, 20, 32, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 32, 1 }, + { /* seed */ 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, /* p */ @@ -415,8 +376,7 @@ /* order */ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, - 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 - } + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 } }; #ifndef FIPS_MODULE @@ -425,11 +385,8 @@ EC_CURVE_DATA h; unsigned char data[20 + 14 * 6]; } _EC_SECG_PRIME_112R1 = { - { - NID_X9_62_prime_field, 20, 14, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 14, 1 }, + { /* seed */ 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1, /* p */ @@ -449,19 +406,15 @@ 0x75, 0x00, /* order */ 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65, - 0x61, 0xC5 - } + 0x61, 0xC5 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 14 * 6]; } _EC_SECG_PRIME_112R2 = { - { - NID_X9_62_prime_field, 20, 14, 4 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 14, 4 }, + { /* seed */ 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4, /* p */ @@ -481,19 +434,15 @@ 0x6e, 0x97, /* order */ 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20, - 0xD0, 0x4B - } + 0xD0, 0x4B } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 16 * 6]; } _EC_SECG_PRIME_128R1 = { - { - NID_X9_62_prime_field, 20, 16, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 16, 1 }, + { /* seed */ 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79, /* p */ @@ -513,19 +462,15 @@ 0xdd, 0xed, 0x7a, 0x83, /* order */ 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B, - 0x90, 0x38, 0xA1, 0x15 - } + 0x90, 0x38, 0xA1, 0x15 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 16 * 6]; } _EC_SECG_PRIME_128R2 = { - { - NID_X9_62_prime_field, 20, 16, 4 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 16, 4 }, + { /* seed */ 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4, /* p */ @@ -545,19 +490,15 @@ 0x5f, 0xc3, 0x4b, 0x44, /* order */ 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72, - 0x06, 0x13, 0xB5, 0xA3 - } + 0x06, 0x13, 0xB5, 0xA3 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 21 * 6]; } _EC_SECG_PRIME_160K1 = { - { - NID_X9_62_prime_field, 0, 21, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 21, 1 }, + { /* no seed */ /* p */ 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, @@ -575,19 +516,15 @@ 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee, /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8, - 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 - } + 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 21 * 6]; } _EC_SECG_PRIME_160R1 = { - { - NID_X9_62_prime_field, 20, 21, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 21, 1 }, + { /* seed */ 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45, /* p */ @@ -607,19 +544,15 @@ 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32, /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4, - 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 - } + 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 21 * 6]; } _EC_SECG_PRIME_160R2 = { - { - NID_X9_62_prime_field, 20, 21, 1 - }, - { - /* seed */ + { NID_X9_62_prime_field, 20, 21, 1 }, + { /* seed */ 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, /* p */ @@ -639,19 +572,15 @@ 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e, /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, - 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B - } + 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 24 * 6]; } _EC_SECG_PRIME_192K1 = { - { - NID_X9_62_prime_field, 0, 24, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 24, 1 }, + { /* no seed */ /* p */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37, @@ -669,19 +598,15 @@ 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d, /* order */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, - 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D - } + 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 29 * 6]; } _EC_SECG_PRIME_224K1 = { - { - NID_X9_62_prime_field, 0, 29, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 29, 1 }, + { /* no seed */ /* p */ 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -705,19 +630,15 @@ /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, - 0x71, 0x76, 0x9F, 0xB1, 0xF7 - } + 0x71, 0x76, 0x9F, 0xB1, 0xF7 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; } _EC_SECG_PRIME_256K1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 32, 1 }, + { /* no seed */ /* p */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -741,8 +662,7 @@ /* order */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, - 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 - } + 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 } }; /* some wap/wtls curves */ @@ -750,11 +670,8 @@ EC_CURVE_DATA h; unsigned char data[0 + 15 * 6]; } _EC_WTLS_8 = { - { - NID_X9_62_prime_field, 0, 15, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 15, 1 }, + { /* no seed */ /* p */ 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xE7, @@ -772,19 +689,15 @@ 0x00, 0x00, 0x02, /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A, - 0xD8, 0x37, 0xE9 - } + 0xD8, 0x37, 0xE9 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 21 * 6]; } _EC_WTLS_9 = { - { - NID_X9_62_prime_field, 0, 21, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 21, 1 }, + { /* no seed */ /* p */ 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F, @@ -802,19 +715,15 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD, - 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 - } + 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 28 * 6]; } _EC_WTLS_12 = { - { - NID_X9_62_prime_field, 0, 28, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 28, 1 }, + { /* no seed */ /* p */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -838,8 +747,7 @@ /* order */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, - 0x5C, 0x5C, 0x2A, 0x3D - } + 0x5C, 0x5C, 0x2A, 0x3D } }; #endif /* FIPS_MODULE */ @@ -847,16 +755,13 @@ /* characteristic two curves */ -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE static const struct { EC_CURVE_DATA h; unsigned char data[20 + 15 * 6]; } _EC_SECG_CHAR2_113R1 = { - { - NID_X9_62_characteristic_two_field, 20, 15, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 15, 2 }, + { /* seed */ 0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9, /* p */ @@ -876,19 +781,15 @@ 0xD3, 0x18, 0x86, /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD9, 0xCC, 0xEC, 0x8A, - 0x39, 0xE5, 0x6F - } + 0x39, 0xE5, 0x6F } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 15 * 6]; } _EC_SECG_CHAR2_113R2 = { - { - NID_X9_62_characteristic_two_field, 20, 15, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 15, 2 }, + { /* seed */ 0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D, /* p */ @@ -908,19 +809,15 @@ 0xBA, 0xBA, 0x1D, /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x78, 0x9B, 0x24, - 0x96, 0xAF, 0x93 - } + 0x96, 0xAF, 0x93 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 17 * 6]; } _EC_SECG_CHAR2_131R1 = { - { - NID_X9_62_characteristic_two_field, 20, 17, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 17, 2 }, + { /* seed */ 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2, /* p */ @@ -940,19 +837,15 @@ 0x1B, 0x4E, 0xF9, 0xE1, 0x50, /* order */ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x31, 0x23, 0x95, - 0x3A, 0x94, 0x64, 0xB5, 0x4D - } + 0x3A, 0x94, 0x64, 0xB5, 0x4D } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 17 * 6]; } _EC_SECG_CHAR2_131R2 = { - { - NID_X9_62_characteristic_two_field, 20, 17, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 17, 2 }, + { /* seed */ 0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3, /* p */ @@ -972,20 +865,16 @@ 0x5D, 0xE9, 0xEB, 0x24, 0x0F, /* order */ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x69, 0x54, 0xA2, - 0x33, 0x04, 0x9B, 0xA9, 0x8F - } + 0x33, 0x04, 0x9B, 0xA9, 0x8F } }; -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ static const struct { EC_CURVE_DATA h; unsigned char data[0 + 21 * 6]; } _EC_NIST_CHAR2_163K = { - { - NID_X9_62_characteristic_two_field, 0, 21, 2 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 21, 2 }, + { /* no seed */ /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9, @@ -1003,20 +892,16 @@ 0x80, 0x05, 0x36, 0xD5, 0x38, 0xCC, 0xDA, 0xA3, 0xD9, /* order */ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, - 0x08, 0xA2, 0xE0, 0xCC, 0x0D, 0x99, 0xF8, 0xA5, 0xEF - } + 0x08, 0xA2, 0xE0, 0xCC, 0x0D, 0x99, 0xF8, 0xA5, 0xEF } }; -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE static const struct { EC_CURVE_DATA h; unsigned char data[0 + 21 * 6]; } _EC_SECG_CHAR2_163R1 = { - { - NID_X9_62_characteristic_two_field, 0, 21, 2 - }, - { - /* p */ + { NID_X9_62_characteristic_two_field, 0, 21, 2 }, + { /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9, /* a */ @@ -1033,20 +918,16 @@ 0xFC, 0xE3, 0xC8, 0x09, 0x88, 0xF4, 0x1F, 0xF8, 0x83, /* order */ 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x48, - 0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B - } + 0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B } }; -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ static const struct { EC_CURVE_DATA h; unsigned char data[0 + 21 * 6]; } _EC_NIST_CHAR2_163B = { - { - NID_X9_62_characteristic_two_field, 0, 21, 2 - }, - { - /* p */ + { NID_X9_62_characteristic_two_field, 0, 21, 2 }, + { /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9, /* a */ @@ -1063,20 +944,16 @@ 0x45, 0xB1, 0x1C, 0x5C, 0x0C, 0x79, 0x73, 0x24, 0xF1, /* order */ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x92, - 0xFE, 0x77, 0xE7, 0x0C, 0x12, 0xA4, 0x23, 0x4C, 0x33 - } + 0xFE, 0x77, 0xE7, 0x0C, 0x12, 0xA4, 0x23, 0x4C, 0x33 } }; -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE static const struct { EC_CURVE_DATA h; unsigned char data[20 + 25 * 6]; } _EC_SECG_CHAR2_193R1 = { - { - NID_X9_62_characteristic_two_field, 20, 25, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 25, 2 }, + { /* seed */ 0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30, /* p */ @@ -1102,19 +979,15 @@ /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC7, 0xF3, 0x4A, 0x77, 0x8F, 0x44, 0x3A, 0xCC, 0x92, 0x0E, 0xBA, - 0x49 - } + 0x49 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 25 * 6]; } _EC_SECG_CHAR2_193R2 = { - { - NID_X9_62_characteristic_two_field, 20, 25, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 25, 2 }, + { /* seed */ 0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11, /* p */ @@ -1140,20 +1013,16 @@ /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5A, 0xAB, 0x56, 0x1B, 0x00, 0x54, 0x13, 0xCC, 0xD4, 0xEE, 0x99, - 0xD5 - } + 0xD5 } }; -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ static const struct { EC_CURVE_DATA h; unsigned char data[0 + 30 * 6]; } _EC_NIST_CHAR2_233K = { - { - NID_X9_62_characteristic_two_field, 0, 30, 4 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 30, 4 }, + { /* no seed */ /* p */ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, @@ -1177,19 +1046,15 @@ /* order */ 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, - 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF - } + 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 30 * 6]; } _EC_NIST_CHAR2_233B = { - { - NID_X9_62_characteristic_two_field, 20, 30, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 30, 2 }, + { /* seed */ 0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, 0x4B, 0x34, 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3, /* p */ @@ -1215,8 +1080,7 @@ /* order */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03, - 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 - } + 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 } }; #ifndef FIPS_MODULE @@ -1224,11 +1088,8 @@ EC_CURVE_DATA h; unsigned char data[0 + 30 * 6]; } _EC_SECG_CHAR2_239K1 = { - { - NID_X9_62_characteristic_two_field, 0, 30, 4 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 30, 4 }, + { /* no seed */ /* p */ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1252,20 +1113,16 @@ /* order */ 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5A, 0x79, 0xFE, 0xC6, 0x7C, 0xB6, 0xE9, 0x1F, 0x1C, - 0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5 - } + 0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5 } }; -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ static const struct { EC_CURVE_DATA h; unsigned char data[0 + 36 * 6]; } _EC_NIST_CHAR2_283K = { - { - NID_X9_62_characteristic_two_field, 0, 36, 4 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 36, 4 }, + { /* no seed */ /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1289,19 +1146,15 @@ /* order */ 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77, - 0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61 - } + 0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 36 * 6]; } _EC_NIST_CHAR2_283B = { - { - NID_X9_62_characteristic_two_field, 20, 36, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 36, 2 }, + { /* seed */ 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, 0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE, /* p */ @@ -1327,19 +1180,15 @@ /* order */ 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEF, 0x90, 0x39, 0x96, 0x60, 0xFC, - 0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, 0xEF, 0xAD, 0xB3, 0x07 - } + 0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, 0xEF, 0xAD, 0xB3, 0x07 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 52 * 6]; } _EC_NIST_CHAR2_409K = { - { - NID_X9_62_characteristic_two_field, 0, 52, 4 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 52, 4 }, + { /* no seed */ /* p */ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1375,19 +1224,15 @@ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, 0xD4, 0xEA, 0x20, 0x40, 0x0E, 0xC4, 0x55, 0x7D, 0x5E, 0xD3, 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8, - 0xE0, 0x1E, 0x5F, 0xCF - } + 0xE0, 0x1E, 0x5F, 0xCF } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 52 * 6]; } _EC_NIST_CHAR2_409B = { - { - NID_X9_62_characteristic_two_field, 20, 52, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 52, 2 }, + { /* seed */ 0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, 0x3D, 0x09, 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B, /* p */ @@ -1425,19 +1270,15 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, 0xA6, 0x12, 0xF3, 0x33, 0x07, 0xBE, 0x5F, 0xA4, 0x7C, 0x3C, 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37, - 0xD9, 0xA2, 0x11, 0x73 - } + 0xD9, 0xA2, 0x11, 0x73 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 72 * 6]; } _EC_NIST_CHAR2_571K = { - { - NID_X9_62_characteristic_two_field, 0, 72, 4 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 72, 4 }, + { /* no seed */ /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1479,19 +1320,15 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x18, 0x50, 0xE1, 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB, 0x91, 0x7F, 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, 0xE5, 0xD6, 0x39, 0x38, - 0x1E, 0x91, 0xDE, 0xB4, 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01 - } + 0x1E, 0x91, 0xDE, 0xB4, 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 72 * 6]; } _EC_NIST_CHAR2_571B = { - { - NID_X9_62_characteristic_two_field, 20, 72, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 72, 2 }, + { /* seed */ 0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, 0x0F, 0x61, 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10, /* p */ @@ -1535,20 +1372,16 @@ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE6, 0x61, 0xCE, 0x18, 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18, 0x68, 0x23, 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, 0x16, 0x1D, 0xE9, 0x3D, - 0x51, 0x74, 0xD6, 0x6E, 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47 - } + 0x51, 0x74, 0xD6, 0x6E, 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47 } }; -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE static const struct { EC_CURVE_DATA h; unsigned char data[20 + 21 * 6]; } _EC_X9_62_CHAR2_163V1 = { - { - NID_X9_62_characteristic_two_field, 20, 21, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 21, 2 }, + { /* seed */ 0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54, /* p */ @@ -1568,19 +1401,15 @@ 0xF7, 0xEA, 0x58, 0x48, 0xAE, 0xF0, 0xB7, 0xCA, 0x9F, /* order */ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xE6, - 0x0F, 0xC8, 0x82, 0x1C, 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 - } + 0x0F, 0xC8, 0x82, 0x1C, 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 21 * 6]; } _EC_X9_62_CHAR2_163V2 = { - { - NID_X9_62_characteristic_two_field, 20, 21, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 21, 2 }, + { /* seed */ 0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD, /* p */ @@ -1600,19 +1429,15 @@ 0x90, 0x02, 0x1B, 0x23, 0x86, 0xDF, 0xD1, 0x9F, 0xC5, /* order */ 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xF6, - 0x4D, 0xE1, 0x15, 0x1A, 0xDB, 0xB7, 0x8F, 0x10, 0xA7 - } + 0x4D, 0xE1, 0x15, 0x1A, 0xDB, 0xB7, 0x8F, 0x10, 0xA7 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 21 * 6]; } _EC_X9_62_CHAR2_163V3 = { - { - NID_X9_62_characteristic_two_field, 20, 21, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 21, 2 }, + { /* seed */ 0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8, /* p */ @@ -1632,19 +1457,15 @@ 0xF3, 0x71, 0x8B, 0x89, 0x3D, 0xF5, 0x9A, 0x05, 0xD0, /* order */ 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x1A, - 0xEE, 0x14, 0x0F, 0x11, 0x0A, 0xFF, 0x96, 0x13, 0x09 - } + 0xEE, 0x14, 0x0F, 0x11, 0x0A, 0xFF, 0x96, 0x13, 0x09 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 23 * 6]; } _EC_X9_62_CHAR2_176V1 = { - { - NID_X9_62_characteristic_two_field, 0, 23, 0xFF6E - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 23, 0xFF6E }, + { /* no seed */ /* p */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x07, @@ -1662,19 +1483,15 @@ 0x7D, 0x61, 0xB4, 0x36, 0xE1, 0xD9, 0x2B, 0xB1, 0x6A, 0x56, 0x2C, /* order */ 0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, 0xEC, 0xA4, 0xF6, 0x14, - 0x57, 0x99, 0xD6, 0x2B, 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD - } + 0x57, 0x99, 0xD6, 0x2B, 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 24 * 6]; } _EC_X9_62_CHAR2_191V1 = { - { - NID_X9_62_characteristic_two_field, 20, 24, 2 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 24, 2 }, + { /* seed */ 0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84, /* p */ @@ -1694,19 +1511,15 @@ 0x0E, 0xA2, 0x45, 0xCA, 0x24, 0x18, 0xEA, 0x0E, 0xF9, 0x80, 0x18, 0xFB, /* order */ 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x04, 0xA2, 0x0E, 0x90, 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5 - } + 0x04, 0xA2, 0x0E, 0x90, 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 24 * 6]; } _EC_X9_62_CHAR2_191V2 = { - { - NID_X9_62_characteristic_two_field, 20, 24, 4 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 24, 4 }, + { /* seed */ 0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15, /* p */ @@ -1726,19 +1539,15 @@ 0xD9, 0x21, 0x3A, 0x3E, 0x1C, 0xF3, 0x7A, 0xEC, 0x43, 0x7D, 0x66, 0x8A, /* order */ 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x50, 0x50, 0x8C, 0xB8, 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73 - } + 0x50, 0x50, 0x8C, 0xB8, 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 24 * 6]; } _EC_X9_62_CHAR2_191V3 = { - { - NID_X9_62_characteristic_two_field, 20, 24, 6 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 24, 6 }, + { /* seed */ 0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F, /* p */ @@ -1758,19 +1567,15 @@ 0x6E, 0x6A, 0xD3, 0x4C, 0xE0, 0xA7, 0x7C, 0xD7, 0x12, 0x7B, 0x06, 0xBE, /* order */ 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, - 0x61, 0x0C, 0x0B, 0x19, 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3 - } + 0x61, 0x0C, 0x0B, 0x19, 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 27 * 6]; } _EC_X9_62_CHAR2_208W1 = { - { - NID_X9_62_characteristic_two_field, 0, 27, 0xFE48 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 27, 0xFE48 }, + { /* no seed */ /* p */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1794,19 +1599,15 @@ /* order */ 0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, 0x23, 0xC5, 0x7B, 0x6C, 0x21, 0xDA, 0x2E, 0xFF, 0x2D, 0x5E, 0xD5, 0x88, 0xBD, 0xD5, 0x71, 0x7E, - 0x21, 0x2F, 0x9D - } + 0x21, 0x2F, 0x9D } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 30 * 6]; } _EC_X9_62_CHAR2_239V1 = { - { - NID_X9_62_characteristic_two_field, 20, 30, 4 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 30, 4 }, + { /* seed */ 0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D, /* p */ @@ -1832,19 +1633,15 @@ /* order */ 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x4D, 0x42, 0xFF, 0xE1, 0x49, 0x2A, 0x49, 0x93, - 0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47 - } + 0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47 } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 30 * 6]; } _EC_X9_62_CHAR2_239V2 = { - { - NID_X9_62_characteristic_two_field, 20, 30, 6 - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 30, 6 }, + { /* seed */ 0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D, /* p */ @@ -1870,19 +1667,15 @@ /* order */ 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3C, 0x6F, 0x28, 0x85, 0x25, 0x9C, 0x31, 0xE3, 0xFC, - 0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D - } + 0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 30 * 6]; } _EC_X9_62_CHAR2_239V3 = { - { - NID_X9_62_characteristic_two_field, 20, 30, 0xA - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 30, 0xA }, + { /* seed */ 0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41, /* p */ @@ -1908,19 +1701,15 @@ /* order */ 0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xAC, 0x49, 0x12, 0xD2, 0xD9, 0xDF, 0x90, 0x3E, 0xF9, - 0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF - } + 0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 35 * 6]; } _EC_X9_62_CHAR2_272W1 = { - { - NID_X9_62_characteristic_two_field, 0, 35, 0xFF06 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 35, 0xFF06 }, + { /* no seed */ /* p */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1944,19 +1733,15 @@ /* order */ 0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, 0xE0, 0xE3, 0x9E, 0x48, 0x92, 0xDF, 0x6E, 0x31, 0x9C, 0x72, 0xC8, 0x16, 0x16, 0x03, 0xFA, 0x45, - 0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, 0x62, 0x95, 0x21 - } + 0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, 0x62, 0x95, 0x21 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 39 * 6]; } _EC_X9_62_CHAR2_304W1 = { - { - NID_X9_62_characteristic_two_field, 0, 39, 0xFE2E - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 39, 0xFE2E }, + { /* no seed */ /* p */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1986,19 +1771,15 @@ 0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x02, 0x2D, 0x5C, 0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, 0x61, 0xDA, 0x68, 0x99, 0x16, 0x44, - 0x43, 0x05, 0x1D - } + 0x43, 0x05, 0x1D } }; static const struct { EC_CURVE_DATA h; unsigned char data[20 + 45 * 6]; } _EC_X9_62_CHAR2_359V1 = { - { - NID_X9_62_characteristic_two_field, 20, 45, 0x4C - }, - { - /* seed */ + { NID_X9_62_characteristic_two_field, 20, 45, 0x4C }, + { /* seed */ 0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6, /* p */ @@ -2030,19 +1811,15 @@ 0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xC9, 0xFB, 0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, 0x2C, 0x20, 0xA7, 0xEB, 0x96, 0x4F, - 0xE7, 0x71, 0x9E, 0x74, 0xF4, 0x90, 0x75, 0x8D, 0x3B - } + 0xE7, 0x71, 0x9E, 0x74, 0xF4, 0x90, 0x75, 0x8D, 0x3B } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 47 * 6]; } _EC_X9_62_CHAR2_368W1 = { - { - NID_X9_62_characteristic_two_field, 0, 47, 0xFF70 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 47, 0xFF70 }, + { /* no seed */ /* p */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -2072,19 +1849,15 @@ 0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, 0xAF, 0x72, 0xB0, 0x83, 0x49, 0xD9, 0x8A, 0x5D, 0xD4, 0xC7, 0xB0, 0x53, 0x2E, 0xCA, 0x51, 0xCE, 0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, 0xC5, 0x79, 0xBD, 0x87, 0xE9, 0x09, - 0xAE, 0x40, 0xA6, 0xF1, 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67 - } + 0xAE, 0x40, 0xA6, 0xF1, 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 54 * 6]; } _EC_X9_62_CHAR2_431R1 = { - { - NID_X9_62_characteristic_two_field, 0, 54, 0x2760 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 54, 0x2760 }, + { /* no seed */ /* p */ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -2120,19 +1893,15 @@ 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x23, 0xC3, 0x13, 0xFA, 0xB5, 0x05, 0x89, 0x70, 0x3B, 0x5E, 0xC6, 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C, - 0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91 - } + 0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 15 * 6]; } _EC_WTLS_1 = { - { - NID_X9_62_characteristic_two_field, 0, 15, 2 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 15, 2 }, + { /* no seed */ /* p */ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, @@ -2150,8 +1919,7 @@ 0xEB, 0xCC, 0x15, /* order */ 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xBF, 0x91, 0xAF, - 0x6D, 0xEA, 0x73 - } + 0x6D, 0xEA, 0x73 } }; /* IPSec curves */ @@ -2164,11 +1932,8 @@ EC_CURVE_DATA h; unsigned char data[0 + 20 * 6]; } _EC_IPSEC_155_ID3 = { - { - NID_X9_62_characteristic_two_field, 0, 20, 3 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 20, 3 }, + { /* no seed */ /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, @@ -2186,8 +1951,7 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc8, /* order */ 0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xC7, 0xF3, - 0xC7, 0x88, 0x1B, 0xD0, 0x86, 0x8F, 0xA8, 0x6C - } + 0xC7, 0x88, 0x1B, 0xD0, 0x86, 0x8F, 0xA8, 0x6C } }; /* @@ -2199,11 +1963,8 @@ EC_CURVE_DATA h; unsigned char data[0 + 24 * 6]; } _EC_IPSEC_185_ID4 = { - { - NID_X9_62_characteristic_two_field, 0, 24, 2 - }, - { - /* no seed */ + { NID_X9_62_characteristic_two_field, 0, 24, 2 }, + { /* no seed */ /* p */ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, @@ -2221,10 +1982,9 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, /* order */ 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E - } + 0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E } }; -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ #endif /* OPENSSL_NO_EC2M */ /* @@ -2240,11 +2000,8 @@ EC_CURVE_DATA h; unsigned char data[0 + 20 * 6]; } _EC_brainpoolP160r1 = { - { - NID_X9_62_prime_field, 0, 20, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 20, 1 }, + { /* no seed */ /* p */ 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, @@ -2262,19 +2019,15 @@ 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21, /* order */ 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, - 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 - } + 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 20 * 6]; } _EC_brainpoolP160t1 = { - { - NID_X9_62_prime_field, 0, 20, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 20, 1 }, + { /* no seed */ /* p */ 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, @@ -2292,19 +2045,15 @@ 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD, /* order */ 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, - 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 - } + 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 24 * 6]; } _EC_brainpoolP192r1 = { - { - NID_X9_62_prime_field, 0, 24, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 24, 1 }, + { /* no seed */ /* p */ 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, @@ -2322,19 +2071,15 @@ 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F, /* order */ 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, - 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 - } + 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 24 * 6]; } _EC_brainpoolP192t1 = { - { - NID_X9_62_prime_field, 0, 24, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 24, 1 }, + { /* no seed */ /* p */ 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, @@ -2352,19 +2097,15 @@ 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9, /* order */ 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, - 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 - } + 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 28 * 6]; } _EC_brainpoolP224r1 = { - { - NID_X9_62_prime_field, 0, 28, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 28, 1 }, + { /* no seed */ /* p */ 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, @@ -2388,19 +2129,15 @@ /* order */ 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, - 0xA5, 0xA7, 0x93, 0x9F - } + 0xA5, 0xA7, 0x93, 0x9F } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 28 * 6]; } _EC_brainpoolP224t1 = { - { - NID_X9_62_prime_field, 0, 28, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 28, 1 }, + { /* no seed */ /* p */ 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, @@ -2424,19 +2161,15 @@ /* order */ 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, - 0xA5, 0xA7, 0x93, 0x9F - } + 0xA5, 0xA7, 0x93, 0x9F } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; } _EC_brainpoolP256r1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 32, 1 }, + { /* no seed */ /* p */ 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, @@ -2460,19 +2193,15 @@ /* order */ 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, - 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 - } + 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; } _EC_brainpoolP256t1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 32, 1 }, + { /* no seed */ /* p */ 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, @@ -2496,19 +2225,15 @@ /* order */ 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, - 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 - } + 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 40 * 6]; } _EC_brainpoolP320r1 = { - { - NID_X9_62_prime_field, 0, 40, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 40, 1 }, + { /* no seed */ /* p */ 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, @@ -2538,19 +2263,15 @@ 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, - 0x44, 0xC5, 0x93, 0x11 - } + 0x44, 0xC5, 0x93, 0x11 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 40 * 6]; } _EC_brainpoolP320t1 = { - { - NID_X9_62_prime_field, 0, 40, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 40, 1 }, + { /* no seed */ /* p */ 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, @@ -2580,19 +2301,15 @@ 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, - 0x44, 0xC5, 0x93, 0x11 - } + 0x44, 0xC5, 0x93, 0x11 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 48 * 6]; } _EC_brainpoolP384r1 = { - { - NID_X9_62_prime_field, 0, 48, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 48, 1 }, + { /* no seed */ /* p */ 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, @@ -2622,19 +2339,15 @@ 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, - 0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 - } + 0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 48 * 6]; } _EC_brainpoolP384t1 = { - { - NID_X9_62_prime_field, 0, 48, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 48, 1 }, + { /* no seed */ /* p */ 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, @@ -2664,19 +2377,15 @@ 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, - 0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 - } + 0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 64 * 6]; } _EC_brainpoolP512r1 = { - { - NID_X9_62_prime_field, 0, 64, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 64, 1 }, + { /* no seed */ /* p */ 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, @@ -2718,19 +2427,15 @@ 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, - 0x9C, 0xA9, 0x00, 0x69 - } + 0x9C, 0xA9, 0x00, 0x69 } }; static const struct { EC_CURVE_DATA h; unsigned char data[0 + 64 * 6]; } _EC_brainpoolP512t1 = { - { - NID_X9_62_prime_field, 0, 64, 1 - }, - { - /* no seed */ + { NID_X9_62_prime_field, 0, 64, 1 }, + { /* no seed */ /* p */ 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, @@ -2772,8 +2477,7 @@ 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, - 0x9C, 0xA9, 0x00, 0x69 - } + 0x9C, 0xA9, 0x00, 0x69 } }; #endif /* FIPS_MODULE */ @@ -2782,36 +2486,208 @@ EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; } _EC_sm2p256v1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, + { NID_X9_62_prime_field, 0, 32, 1 }, { /* no seed */ /* p */ - 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - /* a */ - 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, - /* b */ - 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, - 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, - 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93, - /* x */ - 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, - 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, - 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7, - /* y */ - 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, - 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, - 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0, - /* order */ - 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, - 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23, + 0xff, + 0xff, + 0xff, + 0xfe, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x00, + 0x00, + 0x00, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + /* a */ + 0xff, + 0xff, + 0xff, + 0xfe, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x00, + 0x00, + 0x00, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xfc, + /* b */ + 0x28, + 0xe9, + 0xfa, + 0x9e, + 0x9d, + 0x9f, + 0x5e, + 0x34, + 0x4d, + 0x5a, + 0x9e, + 0x4b, + 0xcf, + 0x65, + 0x09, + 0xa7, + 0xf3, + 0x97, + 0x89, + 0xf5, + 0x15, + 0xab, + 0x8f, + 0x92, + 0xdd, + 0xbc, + 0xbd, + 0x41, + 0x4d, + 0x94, + 0x0e, + 0x93, + /* x */ + 0x32, + 0xc4, + 0xae, + 0x2c, + 0x1f, + 0x19, + 0x81, + 0x19, + 0x5f, + 0x99, + 0x04, + 0x46, + 0x6a, + 0x39, + 0xc9, + 0x94, + 0x8f, + 0xe3, + 0x0b, + 0xbf, + 0xf2, + 0x66, + 0x0b, + 0xe1, + 0x71, + 0x5a, + 0x45, + 0x89, + 0x33, + 0x4c, + 0x74, + 0xc7, + /* y */ + 0xbc, + 0x37, + 0x36, + 0xa2, + 0xf4, + 0xf6, + 0x77, + 0x9c, + 0x59, + 0xbd, + 0xce, + 0xe3, + 0x6b, + 0x69, + 0x21, + 0x53, + 0xd0, + 0xa9, + 0x87, + 0x7c, + 0xc6, + 0x2a, + 0x47, + 0x40, + 0x02, + 0xdf, + 0x32, + 0xe5, + 0x21, + 0x39, + 0xf0, + 0xa0, + /* order */ + 0xff, + 0xff, + 0xff, + 0xfe, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x72, + 0x03, + 0xdf, + 0x6b, + 0x21, + 0xc6, + 0x05, + 0x2b, + 0x53, + 0xbb, + 0xf4, + 0x09, + 0x39, + 0xd5, + 0x41, + 0x23, } }; #endif /* OPENSSL_NO_SM2 */ @@ -2819,7 +2695,7 @@ typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; - const EC_METHOD *(*meth) (void); + const EC_METHOD *(*meth)(void); const char *comment; } ec_list_element; @@ -2827,71 +2703,71 @@ static const ec_list_element curve_list[] = { /* prime field curves */ /* secg curves */ - {NID_secp224r1, &_EC_NIST_PRIME_224.h, -# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp224_method, -# else - 0, -# endif - "NIST/SECG curve over a 224 bit prime field"}, + { NID_secp224r1, &_EC_NIST_PRIME_224.h, +#if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp224_method, +#else + 0, +#endif + "NIST/SECG curve over a 224 bit prime field" }, /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - {NID_secp384r1, &_EC_NIST_PRIME_384.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp384_method, -# else - 0, -# endif - "NIST/SECG curve over a 384 bit prime field"}, - - {NID_secp521r1, &_EC_NIST_PRIME_521.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp521_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp521_method, -# else - 0, -# endif - "NIST/SECG curve over a 521 bit prime field"}, + { NID_secp384r1, &_EC_NIST_PRIME_384.h, +#if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, +#else + 0, +#endif + "NIST/SECG curve over a 384 bit prime field" }, + + { NID_secp521r1, &_EC_NIST_PRIME_521.h, +#if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, +#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +#else + 0, +#endif + "NIST/SECG curve over a 521 bit prime field" }, /* X9.62 curves */ - {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, - "NIST/X9.62/SECG curve over a 192 bit prime field"}, - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, -# if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -# elif defined(S390X_EC_ASM) - EC_GFp_s390x_nistp256_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp256_method, -# else - 0, -# endif - "X9.62/SECG curve over a 256 bit prime field"}, - -# ifndef OPENSSL_NO_EC2M + { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, + "NIST/X9.62/SECG curve over a 192 bit prime field" }, + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +#if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +#elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, +#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +#else + 0, +#endif + "X9.62/SECG curve over a 256 bit prime field" }, + +#ifndef OPENSSL_NO_EC2M /* characteristic two field curves */ /* NIST/SECG curves */ - {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, - "NIST/SECG/WTLS curve over a 163 bit binary field"}, - {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, - "NIST/SECG curve over a 163 bit binary field"}, - {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, - "NIST/SECG curve over a 283 bit binary field"}, - {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, - "NIST/SECG curve over a 283 bit binary field"}, - {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, - "NIST/SECG curve over a 409 bit binary field"}, - {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, - "NIST/SECG curve over a 409 bit binary field"}, - {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, - "NIST/SECG curve over a 571 bit binary field"}, - {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, - "NIST/SECG curve over a 571 bit binary field"}, -# endif + { NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, + "NIST/SECG/WTLS curve over a 163 bit binary field" }, + { NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, + "NIST/SECG curve over a 163 bit binary field" }, + { NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, + "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, + "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, + "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, + "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, + "NIST/SECG curve over a 571 bit binary field" }, + { NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, + "NIST/SECG curve over a 571 bit binary field" }, +#endif }; #else @@ -2899,218 +2775,218 @@ static const ec_list_element curve_list[] = { /* prime field curves */ /* secg curves */ - {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, - "SECG/WTLS curve over a 112 bit prime field"}, - {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, - "SECG curve over a 112 bit prime field"}, - {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, - "SECG curve over a 128 bit prime field"}, - {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, - "SECG curve over a 128 bit prime field"}, - {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, - "SECG curve over a 160 bit prime field"}, - {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, - "SECG curve over a 160 bit prime field"}, - {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, - "SECG/WTLS curve over a 160 bit prime field"}, + { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, + "SECG/WTLS curve over a 112 bit prime field" }, + { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, + "SECG curve over a 112 bit prime field" }, + { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, + "SECG curve over a 128 bit prime field" }, + { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, + "SECG curve over a 128 bit prime field" }, + { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, + "SECG curve over a 160 bit prime field" }, + { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, + "SECG curve over a 160 bit prime field" }, + { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, + "SECG/WTLS curve over a 160 bit prime field" }, /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ - {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, - "SECG curve over a 192 bit prime field"}, - {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, - "SECG curve over a 224 bit prime field"}, -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, - "NIST/SECG curve over a 224 bit prime field"}, -# else - {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, - "NIST/SECG curve over a 224 bit prime field"}, -# endif - {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, - "SECG curve over a 256 bit prime field"}, + { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, + "SECG curve over a 192 bit prime field" }, + { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, + "SECG curve over a 224 bit prime field" }, +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + { NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field" }, +#else + { NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, + "NIST/SECG curve over a 224 bit prime field" }, +#endif + { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, + "SECG curve over a 256 bit prime field" }, /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - {NID_secp384r1, &_EC_NIST_PRIME_384.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp384_method, -# else - 0, -# endif - "NIST/SECG curve over a 384 bit prime field"}, - {NID_secp521r1, &_EC_NIST_PRIME_521.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp521_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp521_method, -# else - 0, -# endif - "NIST/SECG curve over a 521 bit prime field"}, + { NID_secp384r1, &_EC_NIST_PRIME_384.h, +#if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, +#else + 0, +#endif + "NIST/SECG curve over a 384 bit prime field" }, + { NID_secp521r1, &_EC_NIST_PRIME_521.h, +#if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, +#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +#else + 0, +#endif + "NIST/SECG curve over a 521 bit prime field" }, /* X9.62 curves */ - {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, - "NIST/X9.62/SECG curve over a 192 bit prime field"}, - {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, - "X9.62 curve over a 192 bit prime field"}, - {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, - "X9.62 curve over a 192 bit prime field"}, - {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, - "X9.62 curve over a 239 bit prime field"}, - {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, - "X9.62 curve over a 239 bit prime field"}, - {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, - "X9.62 curve over a 239 bit prime field"}, - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, -# if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -# elif defined(S390X_EC_ASM) - EC_GFp_s390x_nistp256_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp256_method, -# else - 0, -# endif - "X9.62/SECG curve over a 256 bit prime field"}, -# ifndef OPENSSL_NO_EC2M + { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, + "NIST/X9.62/SECG curve over a 192 bit prime field" }, + { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, + "X9.62 curve over a 192 bit prime field" }, + { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, + "X9.62 curve over a 192 bit prime field" }, + { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, + "X9.62 curve over a 239 bit prime field" }, + { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, + "X9.62 curve over a 239 bit prime field" }, + { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, + "X9.62 curve over a 239 bit prime field" }, + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +#if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +#elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, +#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +#else + 0, +#endif + "X9.62/SECG curve over a 256 bit prime field" }, +#ifndef OPENSSL_NO_EC2M /* characteristic two field curves */ /* NIST/SECG curves */ - {NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, - "SECG curve over a 113 bit binary field"}, - {NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, - "SECG curve over a 113 bit binary field"}, - {NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, - "SECG/WTLS curve over a 131 bit binary field"}, - {NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, - "SECG curve over a 131 bit binary field"}, - {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, - "NIST/SECG/WTLS curve over a 163 bit binary field"}, - {NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0, - "SECG curve over a 163 bit binary field"}, - {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, - "NIST/SECG curve over a 163 bit binary field"}, - {NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0, - "SECG curve over a 193 bit binary field"}, - {NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0, - "SECG curve over a 193 bit binary field"}, - {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0, - "SECG curve over a 239 bit binary field"}, - {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, - "NIST/SECG curve over a 283 bit binary field"}, - {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, - "NIST/SECG curve over a 283 bit binary field"}, - {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, - "NIST/SECG curve over a 409 bit binary field"}, - {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, - "NIST/SECG curve over a 409 bit binary field"}, - {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, - "NIST/SECG curve over a 571 bit binary field"}, - {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, - "NIST/SECG curve over a 571 bit binary field"}, + { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, + "SECG curve over a 113 bit binary field" }, + { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, + "SECG curve over a 113 bit binary field" }, + { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, + "SECG/WTLS curve over a 131 bit binary field" }, + { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, + "SECG curve over a 131 bit binary field" }, + { NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, + "NIST/SECG/WTLS curve over a 163 bit binary field" }, + { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0, + "SECG curve over a 163 bit binary field" }, + { NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, + "NIST/SECG curve over a 163 bit binary field" }, + { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0, + "SECG curve over a 193 bit binary field" }, + { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0, + "SECG curve over a 193 bit binary field" }, + { NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0, + "SECG curve over a 239 bit binary field" }, + { NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, + "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, + "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, + "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, + "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, + "NIST/SECG curve over a 571 bit binary field" }, + { NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, + "NIST/SECG curve over a 571 bit binary field" }, /* X9.62 curves */ - {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0, - "X9.62 curve over a 163 bit binary field"}, - {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0, - "X9.62 curve over a 163 bit binary field"}, - {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0, - "X9.62 curve over a 163 bit binary field"}, - {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0, - "X9.62 curve over a 176 bit binary field"}, - {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0, - "X9.62 curve over a 191 bit binary field"}, - {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0, - "X9.62 curve over a 191 bit binary field"}, - {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0, - "X9.62 curve over a 191 bit binary field"}, - {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0, - "X9.62 curve over a 208 bit binary field"}, - {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0, - "X9.62 curve over a 239 bit binary field"}, - {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0, - "X9.62 curve over a 239 bit binary field"}, - {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0, - "X9.62 curve over a 239 bit binary field"}, - {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0, - "X9.62 curve over a 272 bit binary field"}, - {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0, - "X9.62 curve over a 304 bit binary field"}, - {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0, - "X9.62 curve over a 359 bit binary field"}, - {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0, - "X9.62 curve over a 368 bit binary field"}, - {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, - "X9.62 curve over a 431 bit binary field"}, + { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0, + "X9.62 curve over a 163 bit binary field" }, + { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0, + "X9.62 curve over a 163 bit binary field" }, + { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0, + "X9.62 curve over a 163 bit binary field" }, + { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0, + "X9.62 curve over a 176 bit binary field" }, + { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0, + "X9.62 curve over a 191 bit binary field" }, + { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0, + "X9.62 curve over a 191 bit binary field" }, + { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0, + "X9.62 curve over a 191 bit binary field" }, + { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0, + "X9.62 curve over a 208 bit binary field" }, + { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0, + "X9.62 curve over a 239 bit binary field" }, + { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0, + "X9.62 curve over a 239 bit binary field" }, + { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0, + "X9.62 curve over a 239 bit binary field" }, + { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0, + "X9.62 curve over a 272 bit binary field" }, + { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0, + "X9.62 curve over a 304 bit binary field" }, + { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0, + "X9.62 curve over a 359 bit binary field" }, + { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0, + "X9.62 curve over a 368 bit binary field" }, + { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, + "X9.62 curve over a 431 bit binary field" }, /* * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves * from X9.62] */ - {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, - "WTLS curve over a 113 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, - "NIST/SECG/WTLS curve over a 163 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, - "SECG curve over a 113 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, - "X9.62 curve over a 163 bit binary field"}, -# endif - {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, - "SECG/WTLS curve over a 112 bit prime field"}, - {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, - "SECG/WTLS curve over a 160 bit prime field"}, - {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, - "WTLS curve over a 112 bit prime field"}, - {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, - "WTLS curve over a 160 bit prime field"}, -# ifndef OPENSSL_NO_EC2M - {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, -# endif - {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, - "WTLS curve over a 224 bit prime field"}, -# ifndef OPENSSL_NO_EC2M + { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, + "WTLS curve over a 113 bit binary field" }, + { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, + "NIST/SECG/WTLS curve over a 163 bit binary field" }, + { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, + "SECG curve over a 113 bit binary field" }, + { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, + "X9.62 curve over a 163 bit binary field" }, +#endif + { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, + "SECG/WTLS curve over a 112 bit prime field" }, + { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, + "SECG/WTLS curve over a 160 bit prime field" }, + { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, + "WTLS curve over a 112 bit prime field" }, + { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, + "WTLS curve over a 160 bit prime field" }, +#ifndef OPENSSL_NO_EC2M + { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, + "NIST/SECG/WTLS curve over a 233 bit binary field" }, +#endif + { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, + "WTLS curve over a 224 bit prime field" }, +#ifndef OPENSSL_NO_EC2M /* IPSec curves */ - {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, - "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" - "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, - {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, - "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" - "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, -# endif + { NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, + "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" + "\tNot suitable for ECDSA.\n\tQuestionable extension field!" }, + { NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, + "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" + "\tNot suitable for ECDSA.\n\tQuestionable extension field!" }, +#endif /* brainpool curves */ - {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, - "RFC 5639 curve over a 160 bit prime field"}, - {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, - "RFC 5639 curve over a 160 bit prime field"}, - {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, - "RFC 5639 curve over a 192 bit prime field"}, - {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, - "RFC 5639 curve over a 192 bit prime field"}, - {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, - "RFC 5639 curve over a 224 bit prime field"}, - {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, - "RFC 5639 curve over a 224 bit prime field"}, - {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, - "RFC 5639 curve over a 256 bit prime field"}, - {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, - "RFC 5639 curve over a 256 bit prime field"}, - {NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0, - "RFC 5639 curve over a 320 bit prime field"}, - {NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0, - "RFC 5639 curve over a 320 bit prime field"}, - {NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0, - "RFC 5639 curve over a 384 bit prime field"}, - {NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0, - "RFC 5639 curve over a 384 bit prime field"}, - {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0, - "RFC 5639 curve over a 512 bit prime field"}, - {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, - "RFC 5639 curve over a 512 bit prime field"}, -# ifndef OPENSSL_NO_SM2 - {NID_sm2, &_EC_sm2p256v1.h, 0, - "SM2 curve over a 256 bit prime field"}, -# endif + { NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, + "RFC 5639 curve over a 160 bit prime field" }, + { NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, + "RFC 5639 curve over a 160 bit prime field" }, + { NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, + "RFC 5639 curve over a 192 bit prime field" }, + { NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, + "RFC 5639 curve over a 192 bit prime field" }, + { NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, + "RFC 5639 curve over a 224 bit prime field" }, + { NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, + "RFC 5639 curve over a 224 bit prime field" }, + { NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, + "RFC 5639 curve over a 256 bit prime field" }, + { NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, + "RFC 5639 curve over a 256 bit prime field" }, + { NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0, + "RFC 5639 curve over a 320 bit prime field" }, + { NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0, + "RFC 5639 curve over a 320 bit prime field" }, + { NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0, + "RFC 5639 curve over a 384 bit prime field" }, + { NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0, + "RFC 5639 curve over a 384 bit prime field" }, + { NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0, + "RFC 5639 curve over a 512 bit prime field" }, + { NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, + "RFC 5639 curve over a 512 bit prime field" }, +#ifndef OPENSSL_NO_SM2 + { NID_sm2, &_EC_sm2p256v1.h, 0, + "SM2 curve over a 256 bit prime field" }, +#endif }; #endif /* FIPS_MODULE */ @@ -3131,14 +3007,13 @@ } static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, - const char *propq, - const ec_list_element curve) + const char *propq, + const ec_list_element curve) { EC_GROUP *group = NULL; EC_POINT *P = NULL; BN_CTX *ctx = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = - NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = NULL; int ok = 0; int seed_len, param_len; const EC_METHOD *meth; @@ -3148,7 +3023,7 @@ /* If no curve data curve method must handle everything */ if (curve.data == NULL) return ossl_ec_group_new_ex(libctx, propq, - curve.meth != NULL ? curve.meth() : NULL); + curve.meth != NULL ? curve.meth() : NULL); if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -3159,7 +3034,7 @@ seed_len = data->seed_len; param_len = data->param_len; params = (const unsigned char *)(data + 1); /* skip header */ - params += seed_len; /* skip seed */ + params += seed_len; /* skip seed */ if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL @@ -3170,8 +3045,7 @@ if (curve.meth != 0) { meth = curve.meth(); - if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || - (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { + if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } @@ -3182,8 +3056,8 @@ } } #ifndef OPENSSL_NO_EC2M - else { /* field_type == - * NID_X9_62_characteristic_two_field */ + else { /* field_type == + * NID_X9_62_characteristic_two_field */ if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); @@ -3261,7 +3135,7 @@ #endif ok = 1; - err: +err: if (!ok) { EC_GROUP_free(group); group = NULL; @@ -3278,7 +3152,7 @@ } EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, - int nid) + int nid) { EC_GROUP *ret = NULL; const ec_list_element *curve; @@ -3287,7 +3161,7 @@ || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { #ifndef FIPS_MODULE ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP, - "name=%s", OBJ_nid2sn(nid)); + "name=%s", OBJ_nid2sn(nid)); #else ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); #endif @@ -3350,7 +3224,7 @@ const EC_POINT *generator = NULL; const BIGNUM *cofactor = NULL; /* An array of BIGNUMs for (p, a, b, x, y, order) */ - BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + BIGNUM *bn[NUM_BN_FIELDS] = { NULL, NULL, NULL, NULL, NULL, NULL }; /* Use the optional named curve nid as a search field */ nid = EC_GROUP_get_curve_name(group); @@ -3388,20 +3262,20 @@ */ /* Get p, a & b */ if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) - && ((generator = EC_GROUP_get0_generator(group)) != NULL) - /* Get x & y */ - && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) - /* Get order */ - && EC_GROUP_get_order(group, bn[5], ctx))) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) goto end; - /* + /* * Convert the bignum array to bytes that are joined together to form * a single buffer that contains data for all fields. * (p, a, b, x, y, order) are all zero padded to be the same size. */ for (i = 0; i < NUM_BN_FIELDS; ++i) { - if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + if (BN_bn2binpad(bn[i], ¶m_bytes[i * param_len], param_len) <= 0) goto end; } @@ -3418,15 +3292,15 @@ && param_len == data->param_len && (nid <= 0 || nid == curve.nid) /* check the optional cofactor (ignore if its zero) */ - && (BN_is_zero(cofactor) + && (cofactor == NULL || BN_is_zero(cofactor) || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) /* Check the optional seed (ignore if its not set) */ && (data->seed_len == 0 || seed_len == 0 || ((size_t)data->seed_len == seed_len - && memcmp(params_seed, seed, seed_len) == 0)) + && memcmp(params_seed, seed, seed_len) == 0)) /* Check that the groups params match the built-in curve params */ && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) - == 0) { + == 0) { ret = curve.nid; goto end; } --- crypto/openssl/crypto/ec/ec_cvt.c.orig +++ crypto/openssl/crypto/ec/ec_cvt.c @@ -19,7 +19,7 @@ #include "ec_local.h" EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *b, BN_CTX *ctx) { const EC_METHOD *meth; EC_GROUP *ret; @@ -68,7 +68,7 @@ #ifndef OPENSSL_NO_EC2M EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *b, BN_CTX *ctx) { const EC_METHOD *meth; EC_GROUP *ret; --- crypto/openssl/crypto/ec/ec_deprecated.c.orig +++ crypto/openssl/crypto/ec/ec_deprecated.c @@ -19,9 +19,9 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, - const EC_POINT *point, - point_conversion_form_t form, - BIGNUM *ret, BN_CTX *ctx) + const EC_POINT *point, + point_conversion_form_t form, + BIGNUM *ret, BN_CTX *ctx) { size_t buf_len = 0; unsigned char *buf; @@ -39,7 +39,7 @@ } EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, - const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx) + const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx) { size_t buf_len = 0; unsigned char *buf; --- crypto/openssl/crypto/ec/ec_err.c.orig +++ crypto/openssl/crypto/ec/ec_err.c @@ -14,121 +14,121 @@ #ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA EC_str_reasons[] = { - {ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CANNOT_INVERT), "cannot invert"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE), - "coordinates out of range"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), - "curve does not support ecdh"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA), - "curve does not support ecdsa"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), - "curve does not support signing"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO), - "discriminant is zero"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), - "ec group new by name failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED), - "explicit params not supported"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY), - "failed making public key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE), - "group2pkparameters failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE), - "i2d ecpkparameters failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS), - "incompatible objects"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_A), "invalid a"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_B), "invalid b"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COFACTOR), "invalid cofactor"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT), - "invalid compressed point"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT), - "invalid compression bit"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_CURVE), "invalid curve"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST_TYPE), "invalid digest type"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "invalid encoding"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GENERATOR), "invalid generator"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_LENGTH), "invalid length"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_NAMED_GROUP_CONVERSION), - "invalid named group conversion"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH), - "invalid output length"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_P), "invalid p"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS), - "invalid pentanomial basis"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_SEED), "invalid seed"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS), - "invalid trinomial basis"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), - "need new setup values"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_A_NIST_PRIME), "not a NIST prime"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_IMPLEMENTED), "not implemented"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "not initialized"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_OPERATION_NOT_SUPPORTED), - "operation not supported"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_PASSED_NULL_PARAMETER), - "passed null parameter"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE), - "point arithmetic failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE), - "point coordinates blind failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE), - "point is not on curve"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED), - "random number generation failed"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_TOO_MANY_RETRIES), "too many retries"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_CURVE_PARAMETERS), - "wrong curve parameters"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "wrong order"}, - {0, NULL} + { ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_CANNOT_INVERT), "cannot invert" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE), + "coordinates out of range" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), + "curve does not support ecdh" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA), + "curve does not support ecdsa" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), + "curve does not support signing" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO), + "discriminant is zero" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), + "ec group new by name failure" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED), + "explicit params not supported" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY), + "failed making public key" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE), + "group2pkparameters failure" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE), + "i2d ecpkparameters failure" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS), + "incompatible objects" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_A), "invalid a" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_B), "invalid b" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COFACTOR), "invalid cofactor" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT), + "invalid compressed point" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT), + "invalid compression bit" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_CURVE), "invalid curve" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST), "invalid digest" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST_TYPE), "invalid digest type" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "invalid encoding" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GENERATOR), "invalid generator" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_LENGTH), "invalid length" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_NAMED_GROUP_CONVERSION), + "invalid named group conversion" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH), + "invalid output length" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_P), "invalid p" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS), + "invalid pentanomial basis" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_SEED), "invalid seed" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS), + "invalid trinomial basis" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), + "need new setup values" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_A_NIST_PRIME), "not a NIST prime" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_IMPLEMENTED), "not implemented" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "not initialized" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PARAMETERS_SET), "no parameters set" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PRIVATE_VALUE), "no private value" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_OPERATION_NOT_SUPPORTED), + "operation not supported" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_PASSED_NULL_PARAMETER), + "passed null parameter" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE), + "point arithmetic failure" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE), + "point coordinates blind failure" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE), + "point is not on curve" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED), + "random number generation failed" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_TOO_MANY_RETRIES), "too many retries" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_CURVE_PARAMETERS), + "wrong curve parameters" }, + { ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "wrong order" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_EC_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(EC_str_reasons[0].error) == NULL) ERR_load_strings_const(EC_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/ec/ec_key.c.orig +++ crypto/openssl/crypto/ec/ec_key.c @@ -20,14 +20,14 @@ #include "internal/refcount.h" #include #ifndef FIPS_MODULE -# include +#include #endif #include #include "prov/providercommon.h" #include "crypto/bn.h" static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb, - void *cbarg); + void *cbarg); #ifndef FIPS_MODULE EC_KEY *EC_KEY_new(void) @@ -42,7 +42,7 @@ } EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq, - int nid) + int nid) { EC_KEY *ret = EC_KEY_new_ex(ctx, propq); if (ret == NULL) @@ -125,7 +125,7 @@ /* clear the old group */ EC_GROUP_free(dest->group); dest->group = ossl_ec_group_new_ex(src->libctx, src->propq, - src->group->meth); + src->group->meth); if (dest->group == NULL) return NULL; if (!EC_GROUP_copy(dest->group, src->group)) @@ -155,7 +155,6 @@ } } - /* copy the rest */ dest->enc_flag = src->enc_flag; dest->conv_form = src->conv_form; @@ -163,7 +162,7 @@ dest->flags = src->flags; #ifndef FIPS_MODULE if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, - &dest->ex_data, &src->ex_data)) + &dest->ex_data, &src->ex_data)) return NULL; #endif @@ -302,7 +301,7 @@ do if (!BN_priv_rand_range_ex(priv_key, order, 0, ctx)) goto err; - while (BN_is_zero(priv_key)) ; + while (BN_is_zero(priv_key)); if (eckey->pub_key == NULL) { pub_key = EC_POINT_new(group); @@ -368,7 +367,7 @@ * pub_key = priv_key * G (where G is a point on the curve) */ ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, - NULL, ctx); + NULL, ctx); BN_CTX_free(ctx); if (ret == 1) @@ -532,9 +531,9 @@ EC_POINT *point = NULL; if (eckey == NULL - || eckey->group == NULL - || eckey->pub_key == NULL - || eckey->priv_key == NULL) { + || eckey->group == NULL + || eckey->pub_key == NULL + || eckey->priv_key == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -543,7 +542,6 @@ if (point == NULL) goto err; - if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; @@ -558,7 +556,6 @@ return ret; } - /* * ECC Key validation as specified in SP800-56A R3. * Section 5.6.2.3.3 ECC Full Public-Key Validation @@ -596,7 +593,7 @@ } int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, - BIGNUM *y) + BIGNUM *y) { BN_CTX *ctx = NULL; BIGNUM *tx, *ty; @@ -645,12 +642,11 @@ ok = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); EC_POINT_free(point); return ok; - } OSSL_LIB_CTX *ossl_ec_key_get_libctx(const EC_KEY *key) @@ -865,7 +861,7 @@ } size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, - unsigned char **pbuf, BN_CTX *ctx) + unsigned char **pbuf, BN_CTX *ctx) { if (key == NULL || key->pub_key == NULL || key->group == NULL) return 0; @@ -873,7 +869,7 @@ } int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, - BN_CTX *ctx) + BN_CTX *ctx) { if (key == NULL || key->group == NULL) return 0; @@ -897,7 +893,7 @@ } size_t EC_KEY_priv2oct(const EC_KEY *eckey, - unsigned char *buf, size_t len) + unsigned char *buf, size_t len) { if (eckey->group == NULL || eckey->group->meth == NULL) return 0; @@ -910,7 +906,7 @@ } size_t ossl_ec_key_simple_priv2oct(const EC_KEY *eckey, - unsigned char *buf, size_t len) + unsigned char *buf, size_t len) { size_t buf_len; @@ -949,7 +945,7 @@ } int ossl_ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, - size_t len) + size_t len) { if (eckey->priv_key == NULL) eckey->priv_key = BN_secure_new(); @@ -1004,10 +1000,10 @@ * omitted here. */ static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb, - void *cbarg) + void *cbarg) { int ret = 0; - unsigned char dgst[16] = {0}; + unsigned char dgst[16] = { 0 }; int dgst_len = (int)sizeof(dgst); ECDSA_SIG *sig = NULL; OSSL_SELF_TEST *st = NULL; @@ -1017,7 +1013,7 @@ return 0; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, - OSSL_SELF_TEST_DESC_PCT_ECDSA); + OSSL_SELF_TEST_DESC_PCT_ECDSA); sig = ECDSA_do_sign(dgst, dgst_len, eckey); if (sig == NULL) --- crypto/openssl/crypto/ec/ec_kmeth.c.orig +++ crypto/openssl/crypto/ec/ec_kmeth.c @@ -16,16 +16,15 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include #include "ec_local.h" - static const EC_KEY_METHOD openssl_ec_key_method = { "OpenSSL EC_KEY method", 0, - 0,0,0,0,0,0, + 0, 0, 0, 0, 0, 0, ossl_ec_key_gen, ossl_ecdh_compute_key, ossl_ecdsa_sign, @@ -79,7 +78,7 @@ } EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq, - ENGINE *engine) + ENGINE *engine) { EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -139,7 +138,7 @@ } return ret; - err: +err: EC_KEY_free(ret); return NULL; } @@ -152,9 +151,9 @@ #endif int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - const EC_KEY *eckey, - void *(*KDF) (const void *in, size_t inlen, void *out, - size_t *outlen)) + const EC_KEY *eckey, + void *(*KDF)(const void *in, size_t inlen, void *out, + size_t *outlen)) { unsigned char *sec = NULL; size_t seclen; @@ -198,14 +197,14 @@ } void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, - int (*init)(EC_KEY *key), - void (*finish)(EC_KEY *key), - int (*copy)(EC_KEY *dest, const EC_KEY *src), - int (*set_group)(EC_KEY *key, const EC_GROUP *grp), - int (*set_private)(EC_KEY *key, - const BIGNUM *priv_key), - int (*set_public)(EC_KEY *key, - const EC_POINT *pub_key)) + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key)) { meth->init = init; meth->finish = finish; @@ -216,33 +215,33 @@ } void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, - int (*keygen)(EC_KEY *key)) + int (*keygen)(EC_KEY *key)) { meth->keygen = keygen; } void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, - int (*ckey)(unsigned char **psec, - size_t *pseclen, - const EC_POINT *pub_key, - const EC_KEY *ecdh)) + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)) { meth->compute_key = ckey; } void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, - int (*sign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey), - int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, - int dgst_len, - const BIGNUM *in_kinv, - const BIGNUM *in_r, - EC_KEY *eckey)) + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)) { meth->sign = sign; meth->sign_setup = sign_setup; @@ -250,29 +249,28 @@ } void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, - int (*verify)(int type, const unsigned - char *dgst, int dgst_len, - const unsigned char *sigbuf, - int sig_len, EC_KEY *eckey), - int (*verify_sig)(const unsigned char *dgst, - int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey)) + int (*verify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)) { meth->verify = verify; meth->verify_sig = verify_sig; } void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, - int (**pinit)(EC_KEY *key), - void (**pfinish)(EC_KEY *key), - int (**pcopy)(EC_KEY *dest, const EC_KEY *src), - int (**pset_group)(EC_KEY *key, - const EC_GROUP *grp), - int (**pset_private)(EC_KEY *key, - const BIGNUM *priv_key), - int (**pset_public)(EC_KEY *key, - const EC_POINT *pub_key)) + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key)) { if (pinit != NULL) *pinit = meth->init; @@ -289,35 +287,35 @@ } void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, - int (**pkeygen)(EC_KEY *key)) + int (**pkeygen)(EC_KEY *key)) { if (pkeygen != NULL) *pkeygen = meth->keygen; } void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, - int (**pck)(unsigned char **pout, - size_t *poutlen, - const EC_POINT *pub_key, - const EC_KEY *ecdh)) + int (**pck)(unsigned char **pout, + size_t *poutlen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)) { if (pck != NULL) *pck = meth->compute_key; } void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, - int (**psign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey), - int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, - int dgst_len, - const BIGNUM *in_kinv, - const BIGNUM *in_r, - EC_KEY *eckey)) + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)) { if (psign != NULL) *psign = meth->sign; @@ -328,14 +326,13 @@ } void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, - int (**pverify)(int type, const unsigned - char *dgst, int dgst_len, - const unsigned char *sigbuf, - int sig_len, EC_KEY *eckey), - int (**pverify_sig)(const unsigned char *dgst, - int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey)) + int (**pverify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)) { if (pverify != NULL) *pverify = meth->verify; --- crypto/openssl/crypto/ec/ec_lib.c.orig +++ crypto/openssl/crypto/ec/ec_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -27,7 +27,7 @@ /* functions for EC_GROUP objects */ EC_GROUP *ossl_ec_group_new_ex(OSSL_LIB_CTX *libctx, const char *propq, - const EC_METHOD *meth) + const EC_METHOD *meth) { EC_GROUP *ret; @@ -69,7 +69,7 @@ goto err; return ret; - err: +err: BN_free(ret->order); BN_free(ret->cofactor); OPENSSL_free(ret->propq); @@ -78,12 +78,12 @@ } #ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) { return ossl_ec_group_new_ex(NULL, NULL, meth); } -# endif +#endif #endif void EC_pre_comp_free(EC_GROUP *group) @@ -174,6 +174,8 @@ dest->libctx = src->libctx; dest->curve_name = src->curve_name; + EC_pre_comp_free(dest); + /* Copy precomputed */ dest->pre_comp_type = src->pre_comp_type; switch (src->pre_comp_type) { @@ -278,12 +280,12 @@ ok = 1; - err: +err: if (!ok) { EC_GROUP_free(t); return NULL; } - return t; + return t; } #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -313,7 +315,8 @@ * * Otherwise, zero cofactor and return success. */ -static int ec_guess_cofactor(EC_GROUP *group) { +static int ec_guess_cofactor(EC_GROUP *group) +{ int ret = 0; BN_CTX *ctx = NULL; BIGNUM *q = NULL; @@ -355,14 +358,14 @@ || !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx)) goto err; ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); return ret; } int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor) + const BIGNUM *order, const BIGNUM *cofactor) { if (generator == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); @@ -462,7 +465,7 @@ } int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, - BN_CTX *ctx) + BN_CTX *ctx) { if (group->cofactor == NULL) @@ -481,8 +484,7 @@ void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) { group->curve_name = nid; - group->asn1_flag = - (nid != NID_undef) + group->asn1_flag = (nid != NID_undef) ? OPENSSL_EC_NAMED_CURVE : OPENSSL_EC_EXPLICIT_CURVE; } @@ -513,13 +515,13 @@ } void EC_GROUP_set_point_conversion_form(EC_GROUP *group, - point_conversion_form_t form) + point_conversion_form_t form) { group->asn1_form = form; } point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP - *group) + *group) { return group->asn1_form; } @@ -554,7 +556,7 @@ } int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *b, BN_CTX *ctx) { if (group->meth->group_set_curve == 0) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -564,7 +566,7 @@ } int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, - BN_CTX *ctx) + BN_CTX *ctx) { if (group->meth->group_get_curve == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -575,30 +577,30 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *b, BN_CTX *ctx) { return EC_GROUP_set_curve(group, p, a, b, ctx); } int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx) + BIGNUM *b, BN_CTX *ctx) { return EC_GROUP_get_curve(group, p, a, b, ctx); } -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *b, BN_CTX *ctx) { return EC_GROUP_set_curve(group, p, a, b, ctx); } int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx) + BIGNUM *b, BN_CTX *ctx) { return EC_GROUP_get_curve(group, p, a, b, ctx); } -# endif +#endif #endif int EC_GROUP_get_degree(const EC_GROUP *group) @@ -631,8 +633,7 @@ if (EC_GROUP_get_field_type(a) != EC_GROUP_get_field_type(b)) return 1; /* compare the curve name (if present in both) */ - if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && - EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) + if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) return 1; if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE) return 0; @@ -663,8 +664,7 @@ * XXX This approach assumes that the external representation of curves * over the same field type is the same. */ - if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || - !b->meth->group_get_curve(b, b1, b2, b3, ctx)) + if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || !b->meth->group_get_curve(b, b1, b2, b3, ctx)) r = 1; /* return 1 if the curve parameters are different */ @@ -673,8 +673,7 @@ /* XXX EC_POINT_cmp() assumes that the methods are equal */ /* return 1 if the generators are different */ - if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), - EC_GROUP_get0_generator(b), ctx) != 0) + if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), EC_GROUP_get0_generator(b), ctx) != 0) r = 1; if (!r) { @@ -772,9 +771,9 @@ return 0; } if (dest->meth != src->meth - || (dest->curve_name != src->curve_name - && dest->curve_name != 0 - && src->curve_name != 0)) { + || (dest->curve_name != src->curve_name + && dest->curve_name != 0 + && src->curve_name != 0)) { ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -824,9 +823,9 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - const BIGNUM *y, const BIGNUM *z, - BN_CTX *ctx) + EC_POINT *point, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx) { if (group->meth->field_type != NID_X9_62_prime_field) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -837,13 +836,13 @@ return 0; } return ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, point, - x, y, z, ctx); + x, y, z, ctx); } int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, - BIGNUM *y, BIGNUM *z, - BN_CTX *ctx) + const EC_POINT *point, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx) { if (group->meth->field_type != NID_X9_62_prime_field) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -854,13 +853,13 @@ return 0; } return ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(group, point, - x, y, z, ctx); + x, y, z, ctx); } #endif int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *ctx) + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx) { if (group->meth->point_set_affine_coordinates == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -882,25 +881,25 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - const BIGNUM *y, BN_CTX *ctx) + EC_POINT *point, const BIGNUM *x, + const BIGNUM *y, BN_CTX *ctx) { return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); } -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - const BIGNUM *y, BN_CTX *ctx) + EC_POINT *point, const BIGNUM *x, + const BIGNUM *y, BN_CTX *ctx) { return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); } -# endif +#endif #endif int EC_POINT_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) + const EC_POINT *point, BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) { if (group->meth->point_get_affine_coordinates == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -919,24 +918,24 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx) + const EC_POINT *point, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx) { return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); } -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx) + const EC_POINT *point, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx) { return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); } -# endif +#endif #endif int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx) + const EC_POINT *b, BN_CTX *ctx) { if (group->meth->add == 0) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -951,7 +950,7 @@ } int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - BN_CTX *ctx) + BN_CTX *ctx) { if (group->meth->dbl == 0) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -998,7 +997,7 @@ * -1: An error occurred */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - BN_CTX *ctx) + BN_CTX *ctx) { if (group->meth->is_on_curve == 0) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -1012,7 +1011,7 @@ } int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, - BN_CTX *ctx) + BN_CTX *ctx) { if (group->meth->point_cmp == 0) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -1040,7 +1039,7 @@ } int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx) + EC_POINT *points[], BN_CTX *ctx) { size_t i; @@ -1066,8 +1065,8 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) + size_t num, const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx) { int ret = 0; size_t i = 0; @@ -1113,7 +1112,7 @@ #endif int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, - const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) + const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) { int ret = 0; size_t num; @@ -1162,7 +1161,7 @@ if (group->meth->precompute_mult != 0) return group->meth->precompute_mult(group, ctx); else - return 1; /* nothing to do, so report success */ + return 1; /* nothing to do, so report success */ } int EC_GROUP_have_precompute_mult(const EC_GROUP *group) @@ -1174,8 +1173,8 @@ if (group->meth->have_precompute_mult != 0) return group->meth->have_precompute_mult(group); else - return 0; /* cannot tell whether precomputation has - * been performed */ + return 0; /* cannot tell whether precomputation has + * been performed */ } #endif @@ -1206,7 +1205,7 @@ ret = 1; - err: +err: BN_CTX_free(ctx); return ret; @@ -1232,7 +1231,7 @@ } static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *x, BN_CTX *ctx) + const BIGNUM *x, BN_CTX *ctx) { BIGNUM *e = NULL; int ret = 0; @@ -1271,7 +1270,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -1293,7 +1292,7 @@ * other functionality. */ int ossl_ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, - const BIGNUM *x, BN_CTX *ctx) + const BIGNUM *x, BN_CTX *ctx) { if (group->meth->field_inverse_mod_ord != NULL) return group->meth->field_inverse_mod_ord(group, res, x, ctx); @@ -1312,7 +1311,7 @@ * support coordinate blinding. */ int ossl_ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx) + BN_CTX *ctx) { if (group->meth->blind_coordinates == NULL) return 1; /* ignore if not implemented */ @@ -1330,8 +1329,8 @@ /* Find the last non-zero element of group->poly[] */ for (i = 0; - i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0; - i++) + i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0; + i++) continue; if (i == 4) @@ -1351,7 +1350,7 @@ if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field || !((group->poly[0] != 0) && (group->poly[1] != 0) - && (group->poly[2] == 0))) { + && (group->poly[2] == 0))) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -1363,15 +1362,15 @@ } int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, - unsigned int *k2, unsigned int *k3) + unsigned int *k2, unsigned int *k3) { if (group == NULL) return 0; if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field || !((group->poly[0] != 0) && (group->poly[1] != 0) - && (group->poly[2] != 0) && (group->poly[3] != 0) - && (group->poly[4] == 0))) { + && (group->poly[2] != 0) && (group->poly[3] != 0) + && (group->poly[4] == 0))) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -1400,9 +1399,9 @@ * mathematically wrong anyway and should not be used. */ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, - OSSL_LIB_CTX *libctx, - const char *propq, - BN_CTX *ctx) + OSSL_LIB_CTX *libctx, + const char *propq, + BN_CTX *ctx) { EC_GROUP *ret_group = NULL, *dup = NULL; int curve_name_nid; @@ -1412,8 +1411,8 @@ int no_seed = (EC_GROUP_get0_seed(group) == NULL); if ((dup = EC_GROUP_dup(group)) == NULL - || EC_GROUP_set_seed(dup, NULL, 0) != 1 - || !EC_GROUP_set_generator(dup, point, order, NULL)) + || EC_GROUP_set_seed(dup, NULL, 0) != 1 + || !EC_GROUP_set_generator(dup, point, order, NULL)) goto err; if ((curve_name_nid = ossl_ec_curve_nid_from_params(dup, ctx)) != NID_undef) { /* @@ -1425,7 +1424,7 @@ * parameters with one created from a named group. */ -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for * the same curve, we prefer the SECP nid when matching explicit @@ -1433,7 +1432,7 @@ */ if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12) curve_name_nid = NID_secp224r1; -# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ +#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid); if (ret_group == NULL) @@ -1471,7 +1470,7 @@ #endif /* FIPS_MODULE */ static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { int ok = 0, nid; const char *curve_name = NULL; @@ -1536,7 +1535,7 @@ } EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { const OSSL_PARAM *ptmp; EC_GROUP *group = NULL; @@ -1567,7 +1566,7 @@ } ptmp = OSSL_PARAM_locate_const(params, - OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS); + OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS); if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) { ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); EC_GROUP_free(group); @@ -1605,7 +1604,8 @@ if (OPENSSL_strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { is_prime_field = 1; } else if (OPENSSL_strcasecmp(ptmp->data, - SN_X9_62_characteristic_two_field) == 0) { + SN_X9_62_characteristic_two_field) + == 0) { is_prime_field = 0; } else { /* Invalid field */ @@ -1645,10 +1645,10 @@ /* create the EC_GROUP structure */ group = EC_GROUP_new_curve_GFp(p, a, b, bnctx); } else { -# ifdef OPENSSL_NO_EC2M +#ifdef OPENSSL_NO_EC2M ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); goto err; -# else +#else /* create the EC_GROUP structure */ group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); if (group != NULL) { @@ -1658,7 +1658,7 @@ goto err; } } -# endif /* OPENSSL_NO_EC2M */ +#endif /* OPENSSL_NO_EC2M */ } if (group == NULL) { @@ -1688,7 +1688,7 @@ if ((point = EC_POINT_new(group)) == NULL) goto err; EC_GROUP_set_point_conversion_form(group, - (point_conversion_form_t)buf[0] & ~0x01); + (point_conversion_form_t)buf[0] & ~0x01); if (!EC_POINT_oct2point(group, point, buf, ptmp->data_size, bnctx)) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); goto err; @@ -1747,7 +1747,7 @@ /* We've imported the group from explicit parameters, set it so. */ group->decoded_from_explicit_params = 1; ok = 1; - err: +err: if (!ok) { EC_GROUP_free(group); group = NULL; --- crypto/openssl/crypto/ec/ec_local.h.orig +++ crypto/openssl/crypto/ec/ec_local.h @@ -17,19 +17,19 @@ #include "crypto/ec.h" #if defined(__SUNPRO_C) -# if __SUNPRO_C >= 0x520 -# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -# endif +#if __SUNPRO_C >= 0x520 +#pragma error_messages(off, E_ARRAY_OF_INCOMPLETE_NONAME, E_ARRAY_OF_INCOMPLETE) +#endif #endif /* Use default functions for poin2oct, oct2point and compressed coordinates */ -#define EC_FLAGS_DEFAULT_OCT 0x1 +#define EC_FLAGS_DEFAULT_OCT 0x1 /* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */ -#define EC_FLAGS_CUSTOM_CURVE 0x2 +#define EC_FLAGS_CUSTOM_CURVE 0x2 /* Curve does not support signing operations */ -#define EC_FLAGS_NO_SIGN 0x4 +#define EC_FLAGS_NO_SIGN 0x4 #ifdef OPENSSL_NO_DEPRECATED_3_0 typedef struct ec_method_st EC_METHOD; @@ -44,33 +44,33 @@ /* Various method flags */ int flags; /* used by EC_METHOD_get_field_type: */ - int field_type; /* a NID */ + int field_type; /* a NID */ /* * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, * EC_GROUP_copy: */ - int (*group_init) (EC_GROUP *); - void (*group_finish) (EC_GROUP *); - void (*group_clear_finish) (EC_GROUP *); - int (*group_copy) (EC_GROUP *, const EC_GROUP *); + int (*group_init)(EC_GROUP *); + void (*group_finish)(EC_GROUP *); + void (*group_clear_finish)(EC_GROUP *); + int (*group_copy)(EC_GROUP *, const EC_GROUP *); /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */ - int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, - BN_CTX *); + int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); + int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *); /* used by EC_GROUP_get_degree: */ - int (*group_get_degree) (const EC_GROUP *); - int (*group_order_bits) (const EC_GROUP *); + int (*group_get_degree)(const EC_GROUP *); + int (*group_order_bits)(const EC_GROUP *); /* used by EC_GROUP_check: */ - int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *); + int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *); /* * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, * EC_POINT_copy: */ - int (*point_init) (EC_POINT *); - void (*point_finish) (EC_POINT *); - void (*point_clear_finish) (EC_POINT *); - int (*point_copy) (EC_POINT *, const EC_POINT *); + int (*point_init)(EC_POINT *); + void (*point_finish)(EC_POINT *); + void (*point_clear_finish)(EC_POINT *); + int (*point_copy)(EC_POINT *, const EC_POINT *); /*- * used by EC_POINT_set_to_infinity, * EC_POINT_set_Jprojective_coordinates_GFp, @@ -79,37 +79,37 @@ * EC_POINT_get_affine_coordinates, * EC_POINT_set_compressed_coordinates: */ - int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); - int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *); - int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BN_CTX *); - int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); + int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *); + int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *); + int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *, + BIGNUM *x, BIGNUM *y, BN_CTX *); + int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, + BN_CTX *); /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ - size_t (*point2oct) (const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, unsigned char *buf, - size_t len, BN_CTX *); - int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf, - size_t len, BN_CTX *); + size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, unsigned char *buf, + size_t len, BN_CTX *); + int (*oct2point)(const EC_GROUP *, EC_POINT *, const unsigned char *buf, + size_t len, BN_CTX *); /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */ - int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); - int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); - int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *); + int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *); + int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); + int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *); /* * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */ - int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *); - int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *); - int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, - BN_CTX *); + int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *); + int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *); + int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, + BN_CTX *); /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */ - int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *); - int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[], - BN_CTX *); + int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); + int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], + BN_CTX *); /* * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, * EC_POINT_have_precompute_mult (default implementations are used if the @@ -132,11 +132,11 @@ * may treat it as an unusual input, without any constant-timeness * guarantee. */ - int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); - int (*precompute_mult) (EC_GROUP *group, BN_CTX *); - int (*have_precompute_mult) (const EC_GROUP *group); + int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); + int (*precompute_mult)(EC_GROUP *group, BN_CTX *); + int (*have_precompute_mult)(const EC_GROUP *group); /* internal functions */ /* * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and @@ -144,25 +144,25 @@ * with different optimized implementations of expensive field * operations: */ - int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); - int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); + int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); + int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); + int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); /*- * 'field_inv' computes the multiplicative inverse of a in the field, * storing the result in r. * * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error. */ - int (*field_inv) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); + int (*field_inv)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ - int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); /* e.g. from Montgomery */ - int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); - int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *); + int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); + int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); /* private key operations */ size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len); int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len); @@ -174,28 +174,28 @@ void (*keyfinish)(EC_KEY *eckey); /* custom ECDH operation */ int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); + const EC_POINT *pub_key, const EC_KEY *ecdh); /* custom ECDSA */ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp, - BIGNUM **rp); + BIGNUM **rp); ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey); + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey); int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen, - const ECDSA_SIG *sig, EC_KEY *eckey); + const ECDSA_SIG *sig, EC_KEY *eckey); /* Inverse modulo order */ int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, - const BIGNUM *x, BN_CTX *); + const BIGNUM *x, BN_CTX *); int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); int (*ladder_pre)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); int (*ladder_step)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); int (*ladder_post)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); }; /* @@ -209,15 +209,15 @@ struct ec_group_st { const EC_METHOD *meth; - EC_POINT *generator; /* optional */ + EC_POINT *generator; /* optional */ BIGNUM *order, *cofactor; - int curve_name; /* optional NID for named curve */ - int asn1_flag; /* flag to control the asn1 encoding */ + int curve_name; /* optional NID for named curve */ + int asn1_flag; /* flag to control the asn1 encoding */ int decoded_from_explicit_params; /* set if decoded from explicit * curve parameters encoding */ point_conversion_form_t asn1_form; - unsigned char *seed; /* optional seed for parameters (appears in - * ASN1) */ + unsigned char *seed; /* optional seed for parameters (appears in + * ASN1) */ size_t seed_len; /* * The following members are handled by the method functions, even if @@ -252,8 +252,8 @@ /* method-specific */ void *field_data2; /* method-specific */ - int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *); + int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *); /* data for ECDSA inverse */ BN_MONT_CTX *mont_data; @@ -264,7 +264,10 @@ */ enum { PCT_none, - PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256, + PCT_nistp224, + PCT_nistp256, + PCT_nistp521, + PCT_nistz256, PCT_ec } pre_comp_type; union { @@ -316,19 +319,19 @@ */ BIGNUM *X; BIGNUM *Y; - BIGNUM *Z; /* Jacobian projective coordinates: * (X, Y, - * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */ - int Z_is_one; /* enable optimized point arithmetics for - * special case */ + BIGNUM *Z; /* Jacobian projective coordinates: * (X, Y, + * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */ + int Z_is_one; /* enable optimized point arithmetics for + * special case */ }; static ossl_inline int ec_point_is_compat(const EC_POINT *point, - const EC_GROUP *group) + const EC_GROUP *group) { return group->meth == point->meth - && (group->curve_name == 0 - || point->curve_name == 0 - || group->curve_name == point->curve_name); + && (group->curve_name == 0 + || point->curve_name == 0 + || group->curve_name == point->curve_name); } NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); @@ -350,8 +353,8 @@ * group->method->mul is 0) */ int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *); + size_t num, const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *); int ossl_ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); int ossl_ec_wNAF_have_precompute_mult(const EC_GROUP *group); @@ -361,10 +364,10 @@ void ossl_ec_GFp_simple_group_clear_finish(EC_GROUP *); int ossl_ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); int ossl_ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *); + const BIGNUM *a, const BIGNUM *b, + BN_CTX *); int ossl_ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *); + BIGNUM *b, BN_CTX *); int ossl_ec_GFp_simple_group_get_degree(const EC_GROUP *); int ossl_ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); int ossl_ec_GFp_simple_point_init(EC_POINT *); @@ -373,88 +376,88 @@ int ossl_ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); int ossl_ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); int ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, - EC_POINT *, - const BIGNUM *x, - const BIGNUM *y, - const BIGNUM *z, - BN_CTX *); + EC_POINT *, + const BIGNUM *x, + const BIGNUM *y, + const BIGNUM *z, + BN_CTX *); int ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, - const EC_POINT *, - BIGNUM *x, - BIGNUM *y, BIGNUM *z, - BN_CTX *); + const EC_POINT *, + BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *); int ossl_ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, - const BIGNUM *y, BN_CTX *); + const BIGNUM *x, + const BIGNUM *y, BN_CTX *); int ossl_ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BN_CTX *); + const EC_POINT *, BIGNUM *x, + BIGNUM *y, BN_CTX *); int ossl_ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); + const BIGNUM *x, int y_bit, + BN_CTX *); size_t ossl_ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *); + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *); int ossl_ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *buf, size_t len, BN_CTX *); + const unsigned char *buf, size_t len, BN_CTX *); int ossl_ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); + const EC_POINT *b, BN_CTX *); int ossl_ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); int ossl_ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); int ossl_ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); int ossl_ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); + const EC_POINT *b, BN_CTX *); int ossl_ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); int ossl_ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, - EC_POINT *[], BN_CTX *); + EC_POINT *[], BN_CTX *); int ossl_ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); + const BIGNUM *b, BN_CTX *); int ossl_ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx); + BN_CTX *ctx); int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); int ossl_ec_GFp_simple_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); int ossl_ec_GFp_simple_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); /* method functions in ecp_mont.c */ int ossl_ec_GFp_mont_group_init(EC_GROUP *); int ossl_ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, - const BIGNUM *b, BN_CTX *); + const BIGNUM *a, + const BIGNUM *b, BN_CTX *); void ossl_ec_GFp_mont_group_finish(EC_GROUP *); void ossl_ec_GFp_mont_group_clear_finish(EC_GROUP *); int ossl_ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); int ossl_ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); + const BIGNUM *b, BN_CTX *); int ossl_ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); /* method functions in ecp_nist.c */ int ossl_ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); int ossl_ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, BN_CTX *); + const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ossl_ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); + const BIGNUM *b, BN_CTX *); int ossl_ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + BN_CTX *); /* method functions in ec2_smpl.c */ int ossl_ec_GF2m_simple_group_init(EC_GROUP *); @@ -462,10 +465,10 @@ void ossl_ec_GF2m_simple_group_clear_finish(EC_GROUP *); int ossl_ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); int ossl_ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *); + const BIGNUM *a, const BIGNUM *b, + BN_CTX *); int ossl_ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *); + BIGNUM *b, BN_CTX *); int ossl_ec_GF2m_simple_group_get_degree(const EC_GROUP *); int ossl_ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); int ossl_ec_GF2m_simple_point_init(EC_POINT *); @@ -474,126 +477,120 @@ int ossl_ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); int ossl_ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); int ossl_ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, - EC_POINT *, - const BIGNUM *x, - const BIGNUM *y, BN_CTX *); + EC_POINT *, + const BIGNUM *x, + const BIGNUM *y, BN_CTX *); int ossl_ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BN_CTX *); + const EC_POINT *, BIGNUM *x, + BIGNUM *y, BN_CTX *); int ossl_ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); + const BIGNUM *x, int y_bit, + BN_CTX *); size_t ossl_ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *); + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *); int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *buf, size_t len, BN_CTX *); + const unsigned char *buf, size_t len, BN_CTX *); int ossl_ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); + const EC_POINT *b, BN_CTX *); int ossl_ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); int ossl_ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); int ossl_ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); int ossl_ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); + const EC_POINT *b, BN_CTX *); int ossl_ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); int ossl_ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, - EC_POINT *[], BN_CTX *); + EC_POINT *[], BN_CTX *); int ossl_ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); + const BIGNUM *b, BN_CTX *); int ossl_ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); + BN_CTX *); int ossl_ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); + const BIGNUM *b, BN_CTX *); #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# ifdef B_ENDIAN -# error "Can not enable ec_nistp_64_gcc_128 on big-endian systems" -# endif +#ifdef B_ENDIAN +#error "Can not enable ec_nistp_64_gcc_128 on big-endian systems" +#endif /* method functions in ecp_nistp224.c */ int ossl_ec_GFp_nistp224_group_init(EC_GROUP *group); int ossl_ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); + const BIGNUM *a, const BIGNUM *n, + BN_CTX *); int ossl_ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx); int ossl_ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); int ossl_ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx); int ossl_ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ossl_ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group); /* method functions in ecp_nistp256.c */ int ossl_ec_GFp_nistp256_group_init(EC_GROUP *group); int ossl_ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); + const BIGNUM *a, const BIGNUM *n, + BN_CTX *); int ossl_ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx); int ossl_ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); int ossl_ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx); int ossl_ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ossl_ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group); /* method functions in ecp_nistp521.c */ int ossl_ec_GFp_nistp521_group_init(EC_GROUP *group); int ossl_ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); + const BIGNUM *a, const BIGNUM *n, + BN_CTX *); int ossl_ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx); int ossl_ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); int ossl_ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx); int ossl_ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ossl_ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group); /* utility functions in ecp_nistputil.c */ void ossl_ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, - size_t felem_size, - void *tmp_felems, - void (*felem_one) (void *out), - int (*felem_is_zero) - (const void *in), - void (*felem_assign) - (void *out, const void *in), - void (*felem_square) - (void *out, const void *in), - void (*felem_mul) - (void *out, - const void *in1, - const void *in2), - void (*felem_inv) - (void *out, const void *in), - void (*felem_contract) - (void *out, const void *in)); + size_t felem_size, + void *tmp_felems, + void (*felem_one)(void *out), + int (*felem_is_zero)(const void *in), + void (*felem_assign)(void *out, const void *in), + void (*felem_square)(void *out, const void *in), + void (*felem_mul)(void *out, + const void *in1, + const void *in2), + void (*felem_inv)(void *out, const void *in), + void (*felem_contract)(void *out, const void *in)); void ossl_ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, - unsigned char *digit, - unsigned char in); + unsigned char *digit, + unsigned char in); #endif int ossl_ec_group_simple_order_bits(const EC_GROUP *group); @@ -606,7 +603,7 @@ * \return newly created EC_GROUP object or NULL in case of an error. */ EC_GROUP *ossl_ec_group_new_ex(OSSL_LIB_CTX *libctx, const char *propq, - const EC_METHOD *meth); + const EC_METHOD *meth); #ifdef ECP_NISTZ256_ASM /** Returns GFp methods using montgomery multiplication, with x86-64 optimized @@ -622,9 +619,9 @@ #endif size_t ossl_ec_key_simple_priv2oct(const EC_KEY *eckey, - unsigned char *buf, size_t len); + unsigned char *buf, size_t len); int ossl_ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, - size_t len); + size_t len); int ossl_ec_key_simple_generate_key(EC_KEY *eckey); int ossl_ec_key_simple_generate_public_key(EC_KEY *eckey); int ossl_ec_key_simple_check_key(const EC_KEY *eckey); @@ -644,32 +641,31 @@ int (*set_public)(EC_KEY *key, const EC_POINT *pub_key); int (*keygen)(EC_KEY *key); int (*compute_key)(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); - int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char - *sig, unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *r, EC_KEY *eckey); + const EC_POINT *pub_key, const EC_KEY *ecdh); + int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *r, EC_KEY *eckey); int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); + BIGNUM **rp); ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey); + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey); int (*verify)(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); int (*verify_sig)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); + const ECDSA_SIG *sig, EC_KEY *eckey); }; -#define EC_KEY_METHOD_DYNAMIC 1 +#define EC_KEY_METHOD_DYNAMIC 1 EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq, - ENGINE *engine); + ENGINE *engine); int ossl_ec_key_gen(EC_KEY *eckey); int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); + const EC_POINT *pub_key, const EC_KEY *ecdh); int ossl_ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); + const EC_POINT *pub_key, const EC_KEY *ecdh); struct ECDSA_SIG_st { BIGNUM *r; @@ -677,25 +673,24 @@ }; int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); + BIGNUM **rp); int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey); + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey); int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); + const ECDSA_SIG *sig, EC_KEY *eckey); int ossl_ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); + BIGNUM **rp); ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey); + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey); int ossl_ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); - + const ECDSA_SIG *sig, EC_KEY *eckey); /*- * This functions computes a single point multiplication over the EC group, @@ -727,15 +722,15 @@ * Returns 1 on success, 0 otherwise. */ int ossl_ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, const EC_POINT *point, - BN_CTX *ctx); + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx); int ossl_ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx); + BN_CTX *ctx); static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { if (group->meth->ladder_pre != NULL) return group->meth->ladder_pre(group, r, s, p, ctx); @@ -748,8 +743,8 @@ } static ossl_inline int ec_point_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { if (group->meth->ladder_step != NULL) return group->meth->ladder_step(group, r, s, p, ctx); @@ -759,12 +754,11 @@ return 0; return 1; - } static ossl_inline int ec_point_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { if (group->meth->ladder_post != NULL) return group->meth->ladder_post(group, r, s, p, ctx); --- crypto/openssl/crypto/ec/ec_mult.c.orig +++ crypto/openssl/crypto/ec/ec_mult.c @@ -35,15 +35,15 @@ /* structure for precomputed multiples of the generator */ struct ec_pre_comp_st { - const EC_GROUP *group; /* parent EC_GROUP object */ - size_t blocksize; /* block size for wNAF splitting */ - size_t numblocks; /* max. number of blocks for which we have - * precomputation */ - size_t w; /* window size */ - EC_POINT **points; /* array with pre-calculated multiples of - * generator: 'num' pointers to EC_POINT - * objects followed by a NULL */ - size_t num; /* numblocks * 2^(w-1) */ + const EC_GROUP *group; /* parent EC_GROUP object */ + size_t blocksize; /* block size for wNAF splitting */ + size_t numblocks; /* max. number of blocks for which we have + * precomputation */ + size_t w; /* window size */ + EC_POINT **points; /* array with pre-calculated multiples of + * generator: 'num' pointers to EC_POINT + * objects followed by a NULL */ + size_t num; /* numblocks * 2^(w-1) */ CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; }; @@ -62,8 +62,8 @@ } ret->group = group; - ret->blocksize = 8; /* default */ - ret->w = 4; /* default */ + ret->blocksize = 8; /* default */ + ret->w = 4; /* default */ ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); @@ -107,11 +107,12 @@ OPENSSL_free(pre); } -#define EC_POINT_BN_set_flags(P, flags) do { \ - BN_set_flags((P)->X, (flags)); \ - BN_set_flags((P)->Y, (flags)); \ - BN_set_flags((P)->Z, (flags)); \ -} while(0) +#define EC_POINT_BN_set_flags(P, flags) \ + do { \ + BN_set_flags((P)->X, (flags)); \ + BN_set_flags((P)->Y, (flags)); \ + BN_set_flags((P)->Z, (flags)); \ + } while (0) /*- * This functions computes a single point multiplication over the EC group, @@ -143,8 +144,8 @@ * Returns 1 on success, 0 otherwise. */ int ossl_ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, const EC_POINT *point, - BN_CTX *ctx) + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx) { int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; EC_POINT *p = NULL; @@ -267,10 +268,9 @@ } /* ensure input point is in affine coords for ladder step efficiency */ - if (!p->Z_is_one && (group->meth->make_affine == NULL - || !group->meth->make_affine(group, p, ctx))) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; + if (!p->Z_is_one && (group->meth->make_affine == NULL || !group->meth->make_affine(group, p, ctx))) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; } /* Initialize the Montgomery ladder */ @@ -282,14 +282,15 @@ /* top bit is a 1, in a fixed pos */ pbit = 1; -#define EC_POINT_CSWAP(c, a, b, w, t) do { \ +#define EC_POINT_CSWAP(c, a, b, w, t) \ + do { \ BN_consttime_swap(c, (a)->X, (b)->X, w); \ BN_consttime_swap(c, (a)->Y, (b)->Y, w); \ BN_consttime_swap(c, (a)->Z, (b)->Z, w); \ t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \ (a)->Z_is_one ^= (t); \ (b)->Z_is_one ^= (t); \ -} while(0) + } while (0) /*- * The ladder step, with branches, is @@ -376,7 +377,7 @@ ret = 1; - err: +err: EC_POINT_free(p); EC_POINT_clear_free(s); BN_CTX_end(ctx); @@ -391,14 +392,12 @@ * sometimes smaller windows will give better performance (thus the * boundaries should be increased) */ -#define EC_window_bits_for_scalar_size(b) \ - ((size_t) \ - ((b) >= 2000 ? 6 : \ - (b) >= 800 ? 5 : \ - (b) >= 300 ? 4 : \ - (b) >= 70 ? 3 : \ - (b) >= 20 ? 2 : \ - 1)) +#define EC_window_bits_for_scalar_size(b) \ + ((size_t)((b) >= 2000 ? 6 : (b) >= 800 ? 5 \ + : (b) >= 300 ? 4 \ + : (b) >= 70 ? 3 \ + : (b) >= 20 ? 2 \ + : 1)) /*- * Compute @@ -408,8 +407,8 @@ * in the addition if scalar != NULL */ int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) + size_t num, const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx) { const EC_POINT *generator = NULL; EC_POINT *tmp = NULL; @@ -420,19 +419,19 @@ int k; int r_is_inverted = 0; int r_is_at_infinity = 1; - size_t *wsize = NULL; /* individual window sizes */ - signed char **wNAF = NULL; /* individual wNAFs */ + size_t *wsize = NULL; /* individual window sizes */ + signed char **wNAF = NULL; /* individual wNAFs */ size_t *wNAF_len = NULL; size_t max_len = 0; size_t num_val; - EC_POINT **val = NULL; /* precomputation */ + EC_POINT **val = NULL; /* precomputation */ EC_POINT **v; EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or * 'pre_comp->points' */ const EC_PRE_COMP *pre_comp = NULL; - int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be - * treated like other scalars, i.e. - * precomputation is not available */ + int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be + * treated like other scalars, i.e. + * precomputation is not available */ int ret = 0; if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) { @@ -461,7 +460,7 @@ * actually set and we always call the ladder version. */ return ossl_ec_scalar_mul_ladder(group, r, scalars[0], points[0], - ctx); + ctx); } } @@ -476,8 +475,7 @@ pre_comp = group->pre_comp.ec; if (pre_comp && pre_comp->numblocks - && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == - 0)) { + && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) { blocksize = pre_comp->blocksize; /* @@ -503,8 +501,8 @@ /* can't use precomputation */ pre_comp = NULL; numblocks = 1; - num_scalar = 1; /* treat 'scalar' like 'num'-th element of - * 'scalars' */ + num_scalar = 1; /* treat 'scalar' like 'num'-th element of + * 'scalars' */ } } @@ -518,7 +516,7 @@ /* Ensure wNAF is initialised in case we end up going to err */ if (wNAF != NULL) - wNAF[0] = NULL; /* preliminary pivot */ + wNAF[0] = NULL; /* preliminary pivot */ if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -536,10 +534,9 @@ bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); wsize[i] = EC_window_bits_for_scalar_size(bits); num_val += (size_t)1 << (wsize[i] - 1); - wNAF[i + 1] = NULL; /* make sure we always have a pivot */ - wNAF[i] = - bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], - &wNAF_len[i]); + wNAF[i + 1] = NULL; /* make sure we always have a pivot */ + wNAF[i] = bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], + &wNAF_len[i]); if (wNAF[i] == NULL) goto err; if (wNAF_len[i] > max_len) @@ -665,7 +662,7 @@ ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } - val[num_val] = NULL; /* pivot element */ + val[num_val] = NULL; /* pivot element */ /* allocate points for precomputation */ v = val; @@ -706,8 +703,7 @@ if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) { - if (!EC_POINT_add - (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) + if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; } } @@ -765,8 +761,7 @@ r_is_at_infinity = 0; } else { - if (!EC_POINT_add - (group, r, r, val_sub[i][digit >> 1], ctx)) + if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err; } } @@ -785,7 +780,7 @@ ret = 1; - err: +err: EC_POINT_free(tmp); OPENSSL_free(wsize); OPENSSL_free(wNAF_len); @@ -899,7 +894,7 @@ } var = points; - var[num] = NULL; /* pivot */ + var[num] = NULL; /* pivot */ for (i = 0; i < num; i++) { if ((var[i] = EC_POINT_new(group)) == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -969,7 +964,7 @@ pre_comp = NULL; ret = 1; - err: +err: if (used_ctx) BN_CTX_end(ctx); #ifndef FIPS_MODULE --- crypto/openssl/crypto/ec/ec_oct.c.orig +++ crypto/openssl/crypto/ec/ec_oct.c @@ -22,7 +22,7 @@ #include "ec_local.h" int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, int y_bit, BN_CTX *ctx) + const BIGNUM *x, int y_bit, BN_CTX *ctx) { if (group->meth->point_set_compressed_coordinates == NULL && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { @@ -36,7 +36,7 @@ if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { if (group->meth->field_type == NID_X9_62_prime_field) return ossl_ec_GFp_simple_set_compressed_coordinates(group, point, x, - y_bit, ctx); + y_bit, ctx); else #ifdef OPENSSL_NO_EC2M { @@ -45,34 +45,34 @@ } #else return ossl_ec_GF2m_simple_set_compressed_coordinates(group, point, - x, y_bit, ctx); + x, y_bit, ctx); #endif } return group->meth->point_set_compressed_coordinates(group, point, x, - y_bit, ctx); + y_bit, ctx); } #ifndef OPENSSL_NO_DEPRECATED_3_0 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - int y_bit, BN_CTX *ctx) + EC_POINT *point, const BIGNUM *x, + int y_bit, BN_CTX *ctx) { return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); } -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - int y_bit, BN_CTX *ctx) + EC_POINT *point, const BIGNUM *x, + int y_bit, BN_CTX *ctx) { return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); } -# endif +#endif #endif size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, - point_conversion_form_t form, unsigned char *buf, - size_t len, BN_CTX *ctx) + point_conversion_form_t form, unsigned char *buf, + size_t len, BN_CTX *ctx) { if (point == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); @@ -90,7 +90,7 @@ if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { if (group->meth->field_type == NID_X9_62_prime_field) return ossl_ec_GFp_simple_point2oct(group, point, form, buf, len, - ctx); + ctx); else #ifdef OPENSSL_NO_EC2M { @@ -99,7 +99,7 @@ } #else return ossl_ec_GF2m_simple_point2oct(group, point, - form, buf, len, ctx); + form, buf, len, ctx); #endif } @@ -107,7 +107,7 @@ } int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, BN_CTX *ctx) + const unsigned char *buf, size_t len, BN_CTX *ctx) { if (group->meth->oct2point == 0 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { @@ -135,8 +135,8 @@ } size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, - point_conversion_form_t form, - unsigned char **pbuf, BN_CTX *ctx) + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx) { size_t len; unsigned char *buf; --- crypto/openssl/crypto/ec/ec_pmeth.c.orig +++ crypto/openssl/crypto/ec/ec_pmeth.c @@ -104,7 +104,7 @@ } static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *tbs, size_t tbslen) { int ret, type; unsigned int sltmp; @@ -142,8 +142,8 @@ } static int pkey_ec_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) { int ret, type; EC_PKEY_CTX *dctx = ctx->data; @@ -213,7 +213,7 @@ } static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, - unsigned char *key, size_t *keylen) + unsigned char *key, size_t *keylen) { EC_PKEY_CTX *dctx = ctx->data; unsigned char *ktmp = NULL; @@ -237,12 +237,12 @@ goto err; /* Do KDF stuff */ if (!ossl_ecdh_kdf_X9_63(key, *keylen, ktmp, ktmplen, - dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md, - ctx->libctx, ctx->propquery)) + dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md, + ctx->libctx, ctx->propquery)) goto err; rv = 1; - err: +err: OPENSSL_clear_free(ktmp, ktmplen); return rv; } @@ -355,17 +355,7 @@ return dctx->kdf_ukmlen; case EVP_PKEY_CTRL_MD: - if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sm3) { + if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && EVP_MD_get_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512 && EVP_MD_get_type((const EVP_MD *)p2) != NID_sm3) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE); return 0; } @@ -385,12 +375,11 @@ default: return -2; - } } static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) + const char *type, const char *value) { if (strcmp(type, "ec_paramgen_curve") == 0) { int nid; --- crypto/openssl/crypto/ec/ec_print.c.orig +++ crypto/openssl/crypto/ec/ec_print.c @@ -15,8 +15,8 @@ /* the return value must be freed (using OPENSSL_free()) */ char *EC_POINT_point2hex(const EC_GROUP *group, - const EC_POINT *point, - point_conversion_form_t form, BN_CTX *ctx) + const EC_POINT *point, + point_conversion_form_t form, BN_CTX *ctx) { char *ret, *p; size_t buf_len = 0, i; @@ -47,7 +47,7 @@ } EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, - const char *hex, EC_POINT *point, BN_CTX *ctx) + const char *hex, EC_POINT *point, BN_CTX *ctx) { int ok = 0; unsigned char *oct_buf = NULL; --- crypto/openssl/crypto/ec/ecdh_kdf.c.orig +++ crypto/openssl/crypto/ec/ecdh_kdf.c @@ -22,10 +22,10 @@ /* Key derivation function from X9.63/SECG */ int ossl_ecdh_kdf_X9_63(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md, - OSSL_LIB_CTX *libctx, const char *propq) + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md, + OSSL_LIB_CTX *libctx, const char *propq) { int ret = 0; EVP_KDF_CTX *kctx = NULL; @@ -35,11 +35,11 @@ if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (void *)Z, Zlen); + (void *)Z, Zlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, - (void *)sinfo, sinfolen); + (void *)sinfo, sinfolen); *p = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, out, outlen, params) > 0; @@ -55,11 +55,11 @@ */ #ifndef OPENSSL_NO_DEPRECATED_3_0 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md) + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md) { return ossl_ecdh_kdf_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md, NULL, - NULL); + NULL); } #endif --- crypto/openssl/crypto/ec/ecdh_ossl.c.orig +++ crypto/openssl/crypto/ec/ecdh_ossl.c @@ -26,7 +26,7 @@ #include "ec_local.h" int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, - const EC_POINT *pub_key, const EC_KEY *ecdh) + const EC_POINT *pub_key, const EC_KEY *ecdh) { if (ecdh->group->meth->ecdh_compute_key == NULL) { ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); @@ -47,7 +47,7 @@ * (ECC CDH) Primitive:". The steps listed below refer to SP800-56A. */ int ossl_ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh) + const EC_POINT *pub_key, const EC_KEY *ecdh) { BN_CTX *ctx; EC_POINT *tmp = NULL; @@ -80,8 +80,7 @@ * * peer_public_key. */ if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) { - if (!EC_GROUP_get_cofactor(group, x, NULL) || - !BN_mul(x, x, priv_key, ctx)) { + if (!EC_GROUP_get_cofactor(group, x, NULL) || !BN_mul(x, x, priv_key, ctx)) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -135,7 +134,7 @@ ret = 1; - err: +err: /* Step(4) : Destroy all intermediate calculations */ BN_clear(x); EC_POINT_clear_free(tmp); --- crypto/openssl/crypto/ec/ecdsa_ossl.c.orig +++ crypto/openssl/crypto/ec/ecdsa_ossl.c @@ -30,7 +30,7 @@ #define MAX_ECDSA_SIGN_RETRIES 8 int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) + BIGNUM **rp) { if (eckey->group->meth->ecdsa_sign_setup == NULL) { ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); @@ -41,8 +41,8 @@ } ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey) + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey) { if (eckey->group->meth->ecdsa_sign_sig == NULL) { ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); @@ -50,11 +50,11 @@ } return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len, - in_kinv, in_r, eckey); + in_kinv, in_r, eckey); } int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) + const ECDSA_SIG *sig, EC_KEY *eckey) { if (eckey->group->meth->ecdsa_verify_sig == NULL) { ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); @@ -65,8 +65,8 @@ } int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) { ECDSA_SIG *s; @@ -86,8 +86,8 @@ } static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp, - const unsigned char *dgst, int dlen) + BIGNUM **kinvp, BIGNUM **rp, + const unsigned char *dgst, int dlen) { BN_CTX *ctx = NULL; BIGNUM *k = NULL, *r = NULL, *X = NULL; @@ -119,8 +119,8 @@ } } - k = BN_secure_new(); /* this value is later returned in *kinvp */ - r = BN_new(); /* this value is later returned in *rp */ + k = BN_secure_new(); /* this value is later returned in *kinvp */ + r = BN_new(); /* this value is later returned in *rp */ X = BN_new(); if (k == NULL || r == NULL || X == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -150,7 +150,7 @@ do { if (dgst != NULL) { if (!ossl_bn_gen_dsa_nonce_fixed_top(k, order, priv_key, - dgst, dlen, ctx)) { + dgst, dlen, ctx)) { ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } @@ -192,7 +192,7 @@ *rp = r; *kinvp = k; ret = 1; - err: +err: if (!ret) { BN_clear_free(k); BN_clear_free(r); @@ -205,14 +205,14 @@ } int ossl_ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) + BIGNUM **rp) { return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0); } ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey) + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey) { int ok = 0, i; int retries = 0; @@ -341,7 +341,7 @@ } while (1); ok = 1; - err: +err: if (!ok) { ECDSA_SIG_free(ret); ret = NULL; @@ -359,7 +359,7 @@ * -1: error */ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; const unsigned char *p = sigbuf; @@ -377,14 +377,14 @@ if (derlen != sig_len || memcmp(sigbuf, der, derlen) != 0) goto err; ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); - err: +err: OPENSSL_free(der); ECDSA_SIG_free(s); return ret; } int ossl_ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) + const ECDSA_SIG *sig, EC_KEY *eckey) { int ret = -1, i; BN_CTX *ctx; @@ -395,8 +395,7 @@ const EC_POINT *pub_key; /* check input values */ - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || - (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); return -1; } @@ -427,11 +426,9 @@ goto err; } - if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || - BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || - BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { ERR_raise(ERR_LIB_EC, EC_R_BAD_SIGNATURE); - ret = 0; /* signature is invalid */ + ret = 0; /* signature is invalid */ goto err; } /* calculate tmp1 = inv(S) mod order */ @@ -486,7 +483,7 @@ } /* if the signature is correct u1 is equal to sig->r */ ret = (BN_ucmp(u1, sig->r) == 0); - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); EC_POINT_free(point); --- crypto/openssl/crypto/ec/ecdsa_sign.c.orig +++ crypto/openssl/crypto/ec/ecdsa_sign.c @@ -23,8 +23,8 @@ } ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, - const BIGNUM *kinv, const BIGNUM *rp, - EC_KEY *eckey) + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey) { if (eckey->meth->sign_sig != NULL) return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey); @@ -32,15 +32,14 @@ return NULL; } -int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char - *sig, unsigned int *siglen, EC_KEY *eckey) +int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey) { return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); } int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *r, EC_KEY *eckey) + unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *r, EC_KEY *eckey) { if (eckey->meth->sign != NULL) return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey); @@ -49,7 +48,7 @@ } int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) + BIGNUM **rp) { if (eckey->meth->sign_setup != NULL) return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp); --- crypto/openssl/crypto/ec/ecdsa_vrf.c.orig +++ crypto/openssl/crypto/ec/ecdsa_vrf.c @@ -24,7 +24,7 @@ * -1: error */ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) + const ECDSA_SIG *sig, EC_KEY *eckey) { if (eckey->meth->verify_sig != NULL) return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); @@ -39,11 +39,11 @@ * -1: error */ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { if (eckey->meth->verify != NULL) return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len, - eckey); + eckey); ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); return -1; } --- crypto/openssl/crypto/ec/eck_prn.c.orig +++ crypto/openssl/crypto/ec/eck_prn.c @@ -17,7 +17,7 @@ #include #ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) { BIO *b; @@ -65,7 +65,7 @@ #endif /* OPENSSL_NO_STDIO */ static int print_bin(BIO *fp, const char *str, const unsigned char *num, - size_t len, int off); + size_t len, int off); int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) { @@ -125,8 +125,7 @@ if (tmp_nid == NID_X9_62_characteristic_two_field) is_char_two = 1; - if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || - (b = BN_new()) == NULL) { + if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || (b = BN_new()) == NULL) { reason = ERR_R_MALLOC_FAILURE; goto err; } @@ -176,12 +175,12 @@ goto err; if (BIO_printf(bp, "Basis Type: %s\n", - OBJ_nid2sn(basis_type)) <= 0) + OBJ_nid2sn(basis_type)) + <= 0) goto err; /* print the polynomial */ - if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL, - off)) + if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL, off)) goto err; } else { if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off)) @@ -204,14 +203,13 @@ if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, NULL, off)) goto err; - if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, - NULL, off)) + if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, NULL, off)) goto err; if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) goto err; } ret = 1; - err: +err: if (!ret) ERR_raise(ERR_LIB_EC, reason); BN_free(p); @@ -223,7 +221,7 @@ } static int print_bin(BIO *fp, const char *name, const unsigned char *buf, - size_t len, int off) + size_t len, int off) { size_t i; char str[128 + 1 + 4]; @@ -250,8 +248,7 @@ if (BIO_write(fp, str, off + 1 + 4) <= 0) return 0; } - if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= - 0) + if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= 0) return 0; } if (BIO_write(fp, "\n", 1) <= 0) --- crypto/openssl/crypto/ec/ecp_mont.c.orig +++ crypto/openssl/crypto/ec/ecp_mont.c @@ -48,12 +48,12 @@ ossl_ec_GFp_simple_cmp, ossl_ec_GFp_simple_make_affine, ossl_ec_GFp_simple_points_make_affine, - 0 /* mul */ , - 0 /* precompute_mult */ , - 0 /* have_precompute_mult */ , + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ossl_ec_GFp_mont_field_mul, ossl_ec_GFp_mont_field_sqr, - 0 /* field_div */ , + 0 /* field_div */, ossl_ec_GFp_mont_field_inv, ossl_ec_GFp_mont_field_encode, ossl_ec_GFp_mont_field_decode, @@ -133,15 +133,15 @@ return 1; - err: +err: BN_MONT_CTX_free(dest->field_data1); dest->field_data1 = NULL; return 0; } int ossl_ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) { BN_CTX *new_ctx = NULL; BN_MONT_CTX *mont = NULL; @@ -186,7 +186,7 @@ group->field_data2 = NULL; } - err: +err: BN_free(one); BN_CTX_free(new_ctx); BN_MONT_CTX_free(mont); @@ -194,7 +194,7 @@ } int ossl_ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *b, BN_CTX *ctx) { if (group->field_data1 == NULL) { ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); @@ -205,7 +205,7 @@ } int ossl_ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - BN_CTX *ctx) + BN_CTX *ctx) { if (group->field_data1 == NULL) { ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); @@ -221,7 +221,7 @@ * We have a Mont structure, so SCA hardening is FLT inversion. */ int ossl_ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - BN_CTX *ctx) + BN_CTX *ctx) { BIGNUM *e = NULL; BN_CTX *new_ctx = NULL; @@ -231,7 +231,7 @@ return 0; if (ctx == NULL - && (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL) + && (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL) return 0; BN_CTX_start(ctx); @@ -258,14 +258,14 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) + const BIGNUM *a, BN_CTX *ctx) { if (group->field_data1 == NULL) { ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); @@ -276,7 +276,7 @@ } int ossl_ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) + const BIGNUM *a, BN_CTX *ctx) { if (group->field_data1 == NULL) { ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); @@ -287,7 +287,7 @@ } int ossl_ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, - BN_CTX *ctx) + BN_CTX *ctx) { if (group->field_data2 == NULL) { ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); --- crypto/openssl/crypto/ec/ecp_nist.c.orig +++ crypto/openssl/crypto/ec/ecp_nist.c @@ -50,16 +50,16 @@ ossl_ec_GFp_simple_cmp, ossl_ec_GFp_simple_make_affine, ossl_ec_GFp_simple_points_make_affine, - 0 /* mul */ , - 0 /* precompute_mult */ , - 0 /* have_precompute_mult */ , + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ossl_ec_GFp_nist_field_mul, ossl_ec_GFp_nist_field_sqr, - 0 /* field_div */ , + 0 /* field_div */, ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ + 0 /* field_encode */, + 0 /* field_decode */, + 0, /* field_set_to_one */ ossl_ec_key_simple_priv2oct, ossl_ec_key_simple_oct2priv, 0, /* set private */ @@ -90,8 +90,8 @@ } int ossl_ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) { int ret = 0; BN_CTX *new_ctx = NULL; @@ -119,14 +119,14 @@ ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *b, BN_CTX *ctx) { int ret = 0; BN_CTX *ctx_new = NULL; @@ -145,13 +145,13 @@ goto err; ret = 1; - err: +err: BN_CTX_free(ctx_new); return ret; } int ossl_ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - BN_CTX *ctx) + BN_CTX *ctx) { int ret = 0; BN_CTX *ctx_new = NULL; @@ -170,7 +170,7 @@ goto err; ret = 1; - err: +err: BN_CTX_free(ctx_new); return ret; } --- crypto/openssl/crypto/ec/ecp_nistp224.c.orig +++ crypto/openssl/crypto/ec/ecp_nistp224.c @@ -46,7 +46,7 @@ #include "internal/numbers.h" #ifndef INT128_MAX -# error "Your compiler doesn't appear to support 128-bit integer types" +#error "Your compiler doesn't appear to support 128-bit integer types" #endif typedef uint8_t u8; @@ -87,21 +87,21 @@ typedef u8 felem_bytearray[28]; static const felem_bytearray nistp224_curve_params[5] = { - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE}, - {0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */ - 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, - 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4}, - {0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */ - 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, - 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21}, - {0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */ - 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, - 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34} + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE }, + { 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */ + 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, + 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4 }, + { 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */ + 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, + 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21 }, + { 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */ + 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, + 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34 } }; /*- @@ -136,102 +136,102 @@ * and then another four locations using the second 16 elements. */ static const felem gmul[2][16][3] = { -{{{0, 0, 0, 0}, - {0, 0, 0, 0}, - {0, 0, 0, 0}}, - {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf}, - {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723}, - {1, 0, 0, 0}}, - {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5}, - {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321}, - {1, 0, 0, 0}}, - {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748}, - {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17}, - {1, 0, 0, 0}}, - {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe}, - {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b}, - {1, 0, 0, 0}}, - {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3}, - {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a}, - {1, 0, 0, 0}}, - {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c}, - {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244}, - {1, 0, 0, 0}}, - {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849}, - {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112}, - {1, 0, 0, 0}}, - {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47}, - {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394}, - {1, 0, 0, 0}}, - {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d}, - {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7}, - {1, 0, 0, 0}}, - {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24}, - {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881}, - {1, 0, 0, 0}}, - {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984}, - {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369}, - {1, 0, 0, 0}}, - {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3}, - {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60}, - {1, 0, 0, 0}}, - {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057}, - {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9}, - {1, 0, 0, 0}}, - {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9}, - {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc}, - {1, 0, 0, 0}}, - {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58}, - {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558}, - {1, 0, 0, 0}}}, -{{{0, 0, 0, 0}, - {0, 0, 0, 0}, - {0, 0, 0, 0}}, - {{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31}, - {0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d}, - {1, 0, 0, 0}}, - {{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3}, - {0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a}, - {1, 0, 0, 0}}, - {{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33}, - {0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100}, - {1, 0, 0, 0}}, - {{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5}, - {0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea}, - {1, 0, 0, 0}}, - {{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be}, - {0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51}, - {1, 0, 0, 0}}, - {{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1}, - {0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb}, - {1, 0, 0, 0}}, - {{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233}, - {0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def}, - {1, 0, 0, 0}}, - {{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae}, - {0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45}, - {1, 0, 0, 0}}, - {{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e}, - {0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb}, - {1, 0, 0, 0}}, - {{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de}, - {0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3}, - {1, 0, 0, 0}}, - {{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05}, - {0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58}, - {1, 0, 0, 0}}, - {{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb}, - {0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0}, - {1, 0, 0, 0}}, - {{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9}, - {0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea}, - {1, 0, 0, 0}}, - {{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba}, - {0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405}, - {1, 0, 0, 0}}, - {{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e}, - {0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e}, - {1, 0, 0, 0}}} + { { { 0, 0, 0, 0 }, + { 0, 0, 0, 0 }, + { 0, 0, 0, 0 } }, + { { 0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf }, + { 0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723 }, + { 1, 0, 0, 0 } }, + { { 0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5 }, + { 0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321 }, + { 1, 0, 0, 0 } }, + { { 0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748 }, + { 0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17 }, + { 1, 0, 0, 0 } }, + { { 0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe }, + { 0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b }, + { 1, 0, 0, 0 } }, + { { 0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3 }, + { 0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a }, + { 1, 0, 0, 0 } }, + { { 0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c }, + { 0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244 }, + { 1, 0, 0, 0 } }, + { { 0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849 }, + { 0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112 }, + { 1, 0, 0, 0 } }, + { { 0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47 }, + { 0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394 }, + { 1, 0, 0, 0 } }, + { { 0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d }, + { 0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7 }, + { 1, 0, 0, 0 } }, + { { 0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24 }, + { 0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881 }, + { 1, 0, 0, 0 } }, + { { 0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984 }, + { 0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369 }, + { 1, 0, 0, 0 } }, + { { 0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3 }, + { 0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60 }, + { 1, 0, 0, 0 } }, + { { 0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057 }, + { 0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9 }, + { 1, 0, 0, 0 } }, + { { 0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9 }, + { 0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc }, + { 1, 0, 0, 0 } }, + { { 0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58 }, + { 0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558 }, + { 1, 0, 0, 0 } } }, + { { { 0, 0, 0, 0 }, + { 0, 0, 0, 0 }, + { 0, 0, 0, 0 } }, + { { 0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31 }, + { 0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d }, + { 1, 0, 0, 0 } }, + { { 0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3 }, + { 0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a }, + { 1, 0, 0, 0 } }, + { { 0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33 }, + { 0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100 }, + { 1, 0, 0, 0 } }, + { { 0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5 }, + { 0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea }, + { 1, 0, 0, 0 } }, + { { 0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be }, + { 0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51 }, + { 1, 0, 0, 0 } }, + { { 0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1 }, + { 0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb }, + { 1, 0, 0, 0 } }, + { { 0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233 }, + { 0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def }, + { 1, 0, 0, 0 } }, + { { 0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae }, + { 0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45 }, + { 1, 0, 0, 0 } }, + { { 0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e }, + { 0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb }, + { 1, 0, 0, 0 } }, + { { 0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de }, + { 0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3 }, + { 1, 0, 0, 0 } }, + { { 0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05 }, + { 0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58 }, + { 1, 0, 0, 0 } }, + { { 0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb }, + { 0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0 }, + { 1, 0, 0, 0 } }, + { { 0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9 }, + { 0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea }, + { 1, 0, 0, 0 } }, + { { 0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba }, + { 0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405 }, + { 1, 0, 0, 0 } }, + { { 0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e }, + { 0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e }, + { 1, 0, 0, 0 } } } }; /* Precomputation for the group generator. */ @@ -262,9 +262,9 @@ ossl_ec_GFp_simple_point_set_to_infinity, ossl_ec_GFp_simple_point_set_affine_coordinates, ossl_ec_GFp_nistp224_point_get_affine_coordinates, - 0 /* point_set_compressed_coordinates */ , - 0 /* point2oct */ , - 0 /* oct2point */ , + 0 /* point_set_compressed_coordinates */, + 0 /* point2oct */, + 0 /* oct2point */, ossl_ec_GFp_simple_add, ossl_ec_GFp_simple_dbl, ossl_ec_GFp_simple_invert, @@ -278,11 +278,11 @@ ossl_ec_GFp_nistp224_have_precompute_mult, ossl_ec_GFp_nist_field_mul, ossl_ec_GFp_nist_field_sqr, - 0 /* field_div */ , + 0 /* field_div */, ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ + 0 /* field_encode */, + 0 /* field_decode */, + 0, /* field_set_to_one */ ossl_ec_key_simple_priv2oct, ossl_ec_key_simple_oct2priv, 0, /* set private */ @@ -299,7 +299,7 @@ 0, /* blind_coordinates */ 0, /* ladder_pre */ 0, /* ladder_step */ - 0 /* ladder_post */ + 0 /* ladder_post */ }; return &ret; @@ -394,10 +394,9 @@ /* Assumes in[i] < 2^57 */ static void felem_diff(felem out, const felem in) { - static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2); - static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2); - static const limb two58m42m2 = (((limb) 1) << 58) - - (((limb) 1) << 42) - (((limb) 1) << 2); + static const limb two58p2 = (((limb)1) << 58) + (((limb)1) << 2); + static const limb two58m2 = (((limb)1) << 58) - (((limb)1) << 2); + static const limb two58m42m2 = (((limb)1) << 58) - (((limb)1) << 42) - (((limb)1) << 2); /* Add 0 mod 2^224-2^96+1 to ensure out > in */ out[0] += two58p2; @@ -415,11 +414,9 @@ /* Assumes in[i] < 2^119 */ static void widefelem_diff(widefelem out, const widefelem in) { - static const widelimb two120 = ((widelimb) 1) << 120; - static const widelimb two120m64 = (((widelimb) 1) << 120) - - (((widelimb) 1) << 64); - static const widelimb two120m104m64 = (((widelimb) 1) << 120) - - (((widelimb) 1) << 104) - (((widelimb) 1) << 64); + static const widelimb two120 = ((widelimb)1) << 120; + static const widelimb two120m64 = (((widelimb)1) << 120) - (((widelimb)1) << 64); + static const widelimb two120m104m64 = (((widelimb)1) << 120) - (((widelimb)1) << 104) - (((widelimb)1) << 64); /* Add 0 mod 2^224-2^96+1 to ensure out > in */ out[0] += two120; @@ -443,12 +440,9 @@ /* in[i] < 2^63 */ static void felem_diff_128_64(widefelem out, const felem in) { - static const widelimb two64p8 = (((widelimb) 1) << 64) + - (((widelimb) 1) << 8); - static const widelimb two64m8 = (((widelimb) 1) << 64) - - (((widelimb) 1) << 8); - static const widelimb two64m48m8 = (((widelimb) 1) << 64) - - (((widelimb) 1) << 48) - (((widelimb) 1) << 8); + static const widelimb two64p8 = (((widelimb)1) << 64) + (((widelimb)1) << 8); + static const widelimb two64m8 = (((widelimb)1) << 64) - (((widelimb)1) << 8); + static const widelimb two64m48m8 = (((widelimb)1) << 64) - (((widelimb)1) << 48) - (((widelimb)1) << 8); /* Add 0 mod 2^224-2^96+1 to ensure out > in */ out[0] += two64p8; @@ -496,28 +490,25 @@ tmp0 = 2 * in[0]; tmp1 = 2 * in[1]; tmp2 = 2 * in[2]; - out[0] = ((widelimb) in[0]) * in[0]; - out[1] = ((widelimb) in[0]) * tmp1; - out[2] = ((widelimb) in[0]) * tmp2 + ((widelimb) in[1]) * in[1]; - out[3] = ((widelimb) in[3]) * tmp0 + ((widelimb) in[1]) * tmp2; - out[4] = ((widelimb) in[3]) * tmp1 + ((widelimb) in[2]) * in[2]; - out[5] = ((widelimb) in[3]) * tmp2; - out[6] = ((widelimb) in[3]) * in[3]; + out[0] = ((widelimb)in[0]) * in[0]; + out[1] = ((widelimb)in[0]) * tmp1; + out[2] = ((widelimb)in[0]) * tmp2 + ((widelimb)in[1]) * in[1]; + out[3] = ((widelimb)in[3]) * tmp0 + ((widelimb)in[1]) * tmp2; + out[4] = ((widelimb)in[3]) * tmp1 + ((widelimb)in[2]) * in[2]; + out[5] = ((widelimb)in[3]) * tmp2; + out[6] = ((widelimb)in[3]) * in[3]; } /* Multiply two field elements: out = in1 * in2 */ static void felem_mul(widefelem out, const felem in1, const felem in2) { - out[0] = ((widelimb) in1[0]) * in2[0]; - out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0]; - out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] + - ((widelimb) in1[2]) * in2[0]; - out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] + - ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0]; - out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] + - ((widelimb) in1[3]) * in2[1]; - out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2]; - out[6] = ((widelimb) in1[3]) * in2[3]; + out[0] = ((widelimb)in1[0]) * in2[0]; + out[1] = ((widelimb)in1[0]) * in2[1] + ((widelimb)in1[1]) * in2[0]; + out[2] = ((widelimb)in1[0]) * in2[2] + ((widelimb)in1[1]) * in2[1] + ((widelimb)in1[2]) * in2[0]; + out[3] = ((widelimb)in1[0]) * in2[3] + ((widelimb)in1[1]) * in2[2] + ((widelimb)in1[2]) * in2[1] + ((widelimb)in1[3]) * in2[0]; + out[4] = ((widelimb)in1[1]) * in2[3] + ((widelimb)in1[2]) * in2[2] + ((widelimb)in1[3]) * in2[1]; + out[5] = ((widelimb)in1[2]) * in2[3] + ((widelimb)in1[3]) * in2[2]; + out[6] = ((widelimb)in1[3]) * in2[3]; } /*- @@ -526,12 +517,9 @@ * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */ static void felem_reduce(felem out, const widefelem in) { - static const widelimb two127p15 = (((widelimb) 1) << 127) + - (((widelimb) 1) << 15); - static const widelimb two127m71 = (((widelimb) 1) << 127) - - (((widelimb) 1) << 71); - static const widelimb two127m71m55 = (((widelimb) 1) << 127) - - (((widelimb) 1) << 71) - (((widelimb) 1) << 55); + static const widelimb two127p15 = (((widelimb)1) << 127) + (((widelimb)1) << 15); + static const widelimb two127m71 = (((widelimb)1) << 127) - (((widelimb)1) << 71); + static const widelimb two127m71m55 = (((widelimb)1) << 127) - (((widelimb)1) << 71) - (((widelimb)1) << 55); widelimb output[5]; /* Add 0 mod 2^224-2^96+1 to ensure all differences are positive */ @@ -608,7 +596,7 @@ */ static void felem_contract(felem out, const felem in) { - static const int64_t two56 = ((limb) 1) << 56; + static const int64_t two56 = ((limb)1) << 56; /* 0 <= in < 2*p, p = 2^224 - 2^96 + 1 */ /* if in > p , reduce in = in - 2^224 + 2^96 - 1 */ int64_t tmp[4], a; @@ -625,8 +613,7 @@ * Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1 * and the lower part is non-zero */ - a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) | - (((int64_t) (in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63); + a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) | (((int64_t)(in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63); a &= 0x00ffffffffffffff; /* turn a into an all-one mask (if a = 0) or an all-zero mask */ a = (a - 1) >> 63; @@ -682,19 +669,19 @@ limb zero, two224m96p1, two225m97p2; zero = in[0] | in[1] | in[2] | in[3]; - zero = (((int64_t) (zero) - 1) >> 63) & 1; + zero = (((int64_t)(zero)-1) >> 63) & 1; two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000) | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x00ffffffffffffff); - two224m96p1 = (((int64_t) (two224m96p1) - 1) >> 63) & 1; + two224m96p1 = (((int64_t)(two224m96p1)-1) >> 63) & 1; two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000) | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x01ffffffffffffff); - two225m97p2 = (((int64_t) (two225m97p2) - 1) >> 63) & 1; + two225m97p2 = (((int64_t)(two225m97p2)-1) >> 63) & 1; return (zero | two224m96p1 | two225m97p2); } static int felem_is_zero_int(const void *in) { - return (int)(felem_is_zero(in) & ((limb) 1)); + return (int)(felem_is_zero(in) & ((limb)1)); } /* Invert a field element */ @@ -706,77 +693,77 @@ unsigned i; felem_square(tmp, in); - felem_reduce(ftmp, tmp); /* 2 */ + felem_reduce(ftmp, tmp); /* 2 */ felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^2 - 1 */ + felem_reduce(ftmp, tmp); /* 2^2 - 1 */ felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 2 */ + felem_reduce(ftmp, tmp); /* 2^3 - 2 */ felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 1 */ + felem_reduce(ftmp, tmp); /* 2^3 - 1 */ felem_square(tmp, ftmp); - felem_reduce(ftmp2, tmp); /* 2^4 - 2 */ + felem_reduce(ftmp2, tmp); /* 2^4 - 2 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^5 - 4 */ + felem_reduce(ftmp2, tmp); /* 2^5 - 4 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^6 - 8 */ + felem_reduce(ftmp2, tmp); /* 2^6 - 8 */ felem_mul(tmp, ftmp2, ftmp); - felem_reduce(ftmp, tmp); /* 2^6 - 1 */ + felem_reduce(ftmp, tmp); /* 2^6 - 1 */ felem_square(tmp, ftmp); - felem_reduce(ftmp2, tmp); /* 2^7 - 2 */ - for (i = 0; i < 5; ++i) { /* 2^12 - 2^6 */ + felem_reduce(ftmp2, tmp); /* 2^7 - 2 */ + for (i = 0; i < 5; ++i) { /* 2^12 - 2^6 */ felem_square(tmp, ftmp2); felem_reduce(ftmp2, tmp); } felem_mul(tmp, ftmp2, ftmp); - felem_reduce(ftmp2, tmp); /* 2^12 - 1 */ + felem_reduce(ftmp2, tmp); /* 2^12 - 1 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^13 - 2 */ - for (i = 0; i < 11; ++i) { /* 2^24 - 2^12 */ + felem_reduce(ftmp3, tmp); /* 2^13 - 2 */ + for (i = 0; i < 11; ++i) { /* 2^24 - 2^12 */ felem_square(tmp, ftmp3); felem_reduce(ftmp3, tmp); } felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^24 - 1 */ + felem_reduce(ftmp2, tmp); /* 2^24 - 1 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^25 - 2 */ - for (i = 0; i < 23; ++i) { /* 2^48 - 2^24 */ + felem_reduce(ftmp3, tmp); /* 2^25 - 2 */ + for (i = 0; i < 23; ++i) { /* 2^48 - 2^24 */ felem_square(tmp, ftmp3); felem_reduce(ftmp3, tmp); } felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^48 - 1 */ + felem_reduce(ftmp3, tmp); /* 2^48 - 1 */ felem_square(tmp, ftmp3); - felem_reduce(ftmp4, tmp); /* 2^49 - 2 */ - for (i = 0; i < 47; ++i) { /* 2^96 - 2^48 */ + felem_reduce(ftmp4, tmp); /* 2^49 - 2 */ + for (i = 0; i < 47; ++i) { /* 2^96 - 2^48 */ felem_square(tmp, ftmp4); felem_reduce(ftmp4, tmp); } felem_mul(tmp, ftmp3, ftmp4); - felem_reduce(ftmp3, tmp); /* 2^96 - 1 */ + felem_reduce(ftmp3, tmp); /* 2^96 - 1 */ felem_square(tmp, ftmp3); - felem_reduce(ftmp4, tmp); /* 2^97 - 2 */ - for (i = 0; i < 23; ++i) { /* 2^120 - 2^24 */ + felem_reduce(ftmp4, tmp); /* 2^97 - 2 */ + for (i = 0; i < 23; ++i) { /* 2^120 - 2^24 */ felem_square(tmp, ftmp4); felem_reduce(ftmp4, tmp); } felem_mul(tmp, ftmp2, ftmp4); - felem_reduce(ftmp2, tmp); /* 2^120 - 1 */ - for (i = 0; i < 6; ++i) { /* 2^126 - 2^6 */ + felem_reduce(ftmp2, tmp); /* 2^120 - 1 */ + for (i = 0; i < 6; ++i) { /* 2^126 - 2^6 */ felem_square(tmp, ftmp2); felem_reduce(ftmp2, tmp); } felem_mul(tmp, ftmp2, ftmp); - felem_reduce(ftmp, tmp); /* 2^126 - 1 */ + felem_reduce(ftmp, tmp); /* 2^126 - 1 */ felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^127 - 2 */ + felem_reduce(ftmp, tmp); /* 2^127 - 2 */ felem_mul(tmp, ftmp, in); - felem_reduce(ftmp, tmp); /* 2^127 - 1 */ - for (i = 0; i < 97; ++i) { /* 2^224 - 2^97 */ + felem_reduce(ftmp, tmp); /* 2^127 - 1 */ + for (i = 0; i < 97; ++i) { /* 2^224 - 2^97 */ felem_square(tmp, ftmp); felem_reduce(ftmp, tmp); } felem_mul(tmp, ftmp, ftmp3); - felem_reduce(out, tmp); /* 2^224 - 2^96 - 1 */ + felem_reduce(out, tmp); /* 2^224 - 2^96 - 1 */ } /* @@ -817,7 +804,7 @@ */ static void point_double(felem x_out, felem y_out, felem z_out, - const felem x_in, const felem y_in, const felem z_in) + const felem x_in, const felem y_in, const felem z_in) { widefelem tmp, tmp2; felem delta, gamma, beta, alpha, ftmp, ftmp2; @@ -905,9 +892,9 @@ * multiplication, so there is no timing leak for ECDH or ECDSA signing. */ static void point_add(felem x3, felem y3, felem z3, - const felem x1, const felem y1, const felem z1, - const int mixed, const felem x2, const felem y2, - const felem z2) + const felem x1, const felem y1, const felem z1, + const int mixed, const felem x2, const felem y2, + const felem z2) { felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out; widefelem tmp, tmp2; @@ -1102,7 +1089,7 @@ * The pre_comp array argument should be size of |size| argument */ static void select_point(const u64 idx, unsigned int size, - const felem pre_comp[][3], felem out[3]) + const felem pre_comp[][3], felem out[3]) { unsigned i, j; limb *outlimbs = &out[0][0]; @@ -1137,10 +1124,10 @@ * Output point (X, Y, Z) is stored in x_out, y_out, z_out */ static void batch_mul(felem x_out, felem y_out, felem z_out, - const felem_bytearray scalars[], - const unsigned num_points, const u8 *g_scalar, - const int mixed, const felem pre_comp[][17][3], - const felem g_pre_comp[2][16][3]) + const felem_bytearray scalars[], + const unsigned num_points, const u8 *g_scalar, + const int mixed, const felem pre_comp[][17][3], + const felem g_pre_comp[2][16][3]) { int i, skip; unsigned num; @@ -1157,8 +1144,8 @@ * of the generator (two in each of the last 28 rounds) and additions of * other points multiples (every 5th round). */ - skip = 1; /* save two point operations in the first - * round */ + skip = 1; /* save two point operations in the first + * round */ for (i = (num_points ? 220 : 27); i >= 0; --i) { /* double */ if (!skip) @@ -1177,7 +1164,7 @@ if (!skip) { /* value 1 below is argument for "mixed" */ point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); + nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); } else { memcpy(nq, tmp, 3 * sizeof(felem)); skip = 0; @@ -1191,8 +1178,8 @@ /* select the point to add, in constant time */ select_point(bits, 16, g_pre_comp[0], tmp); point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], - 1 /* mixed */ , tmp[0], tmp[1], tmp[2]); + nq[0], nq[1], nq[2], + 1 /* mixed */, tmp[0], tmp[1], tmp[2]); } /* do other additions every 5 doublings */ @@ -1215,8 +1202,8 @@ if (!skip) { point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], - mixed, tmp[0], tmp[1], tmp[2]); + nq[0], nq[1], nq[2], + mixed, tmp[0], tmp[1], tmp[2]); } else { memcpy(nq, tmp, 3 * sizeof(felem)); skip = 0; @@ -1293,8 +1280,8 @@ } int ossl_ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) { int ret = 0; BIGNUM *curve_p, *curve_a, *curve_b; @@ -1322,7 +1309,7 @@ } group->field_mod_func = BN_nist_mod_224; ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -1335,9 +1322,9 @@ * (X/Z^2, Y/Z^3) */ int ossl_ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) { felem z1, z2, x_in, y_in, x_out, y_out; widefelem tmp; @@ -1346,8 +1333,7 @@ ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); return 0; } - if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || - (!BN_to_felem(z1, point->Z))) + if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); @@ -1375,33 +1361,33 @@ return 1; } -static void make_points_affine(size_t num, felem points[ /* num */ ][3], - felem tmp_felems[ /* num+1 */ ]) +static void make_points_affine(size_t num, felem points[/* num */][3], + felem tmp_felems[/* num+1 */]) { /* * Runs in constant time, unless an input is the point at infinity (which * normally shouldn't happen). */ ossl_ec_GFp_nistp_points_make_affine_internal(num, - points, - sizeof(felem), - tmp_felems, - (void (*)(void *))felem_one, - felem_is_zero_int, - (void (*)(void *, const void *)) - felem_assign, - (void (*)(void *, const void *)) - felem_square_reduce, (void (*) - (void *, - const void - *, - const void - *)) - felem_mul_reduce, - (void (*)(void *, const void *)) - felem_inv, - (void (*)(void *, const void *)) - felem_contract); + points, + sizeof(felem), + tmp_felems, + (void (*)(void *))felem_one, + felem_is_zero_int, + (void (*)(void *, const void *)) + felem_assign, + (void (*)(void *, const void *)) + felem_square_reduce, + (void (*)(void *, + const void + *, + const void + *)) + felem_mul_reduce, + (void (*)(void *, const void *)) + felem_inv, + (void (*)(void *, const void *)) + felem_contract); } /* @@ -1409,9 +1395,9 @@ * values Result is stored in r (r can equal one of the inputs). */ int ossl_ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx) { int ret = 0; int j; @@ -1420,7 +1406,7 @@ BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; - felem (*pre_comp)[17][3] = NULL; + felem(*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; int num_bytes; int have_pre_comp = 0; @@ -1452,15 +1438,13 @@ if (generator == NULL) goto err; /* get the generator from precomputation */ - if (!felem_to_BN(x, g_pre_comp[0][1][0]) || - !felem_to_BN(y, g_pre_comp[0][1][1]) || - !felem_to_BN(z, g_pre_comp[0][1][2])) { + if (!felem_to_BN(x, g_pre_comp[0][1][0]) || !felem_to_BN(y, g_pre_comp[0][1][1]) || !felem_to_BN(z, g_pre_comp[0][1][2])) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, - generator, - x, y, z, ctx)) + generator, + x, y, z, ctx)) goto err; if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) /* precomputation matches generator */ @@ -1484,8 +1468,7 @@ secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points); pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points); if (mixed) - tmp_felems = - OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1)); + tmp_felems = OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -1519,19 +1502,17 @@ goto err; } num_bytes = BN_bn2lebinpad(tmp_scalar, - secrets[i], sizeof(secrets[i])); + secrets[i], sizeof(secrets[i])); } else { num_bytes = BN_bn2lebinpad(p_scalar, - secrets[i], sizeof(secrets[i])); + secrets[i], sizeof(secrets[i])); } if (num_bytes < 0) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } /* precompute multiples */ - if ((!BN_to_felem(x_out, p->X)) || - (!BN_to_felem(y_out, p->Y)) || - (!BN_to_felem(z_out, p->Z))) + if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; felem_assign(pre_comp[i][1][0], x_out); felem_assign(pre_comp[i][1][1], y_out); @@ -1539,16 +1520,16 @@ for (j = 2; j <= 16; ++j) { if (j & 1) { point_add(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][1][0], - pre_comp[i][1][1], pre_comp[i][1][2], 0, - pre_comp[i][j - 1][0], - pre_comp[i][j - 1][1], - pre_comp[i][j - 1][2]); + pre_comp[i][j][2], pre_comp[i][1][0], + pre_comp[i][1][1], pre_comp[i][1][2], 0, + pre_comp[i][j - 1][0], + pre_comp[i][j - 1][1], + pre_comp[i][j - 1][2]); } else { point_double(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][j / 2][0], - pre_comp[i][j / 2][1], - pre_comp[i][j / 2][2]); + pre_comp[i][j][2], pre_comp[i][j / 2][0], + pre_comp[i][j / 2][1], + pre_comp[i][j / 2][2]); } } } @@ -1576,28 +1557,27 @@ } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - g_secret, - mixed, (const felem(*)[17][3])pre_comp, g_pre_comp); + (const felem_bytearray(*))secrets, num_points, + g_secret, + mixed, (const felem(*)[17][3])pre_comp, g_pre_comp); } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + (const felem_bytearray(*))secrets, num_points, + NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); felem_contract(z_in, z_out); - if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || - (!felem_to_BN(z, z_in))) { + if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || (!felem_to_BN(z, z_in))) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, - ctx); + ctx); - err: +err: BN_CTX_end(ctx); EC_POINT_free(generator); OPENSSL_free(secrets); @@ -1652,9 +1632,7 @@ memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); goto done; } - if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) || - (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) || - (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z))) + if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z))) goto err; /* * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G, @@ -1662,26 +1640,26 @@ */ for (i = 1; i <= 8; i <<= 1) { point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0], - pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]); + pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0], + pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]); for (j = 0; j < 27; ++j) { point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2], pre->g_pre_comp[1][i][0], - pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); + pre->g_pre_comp[1][i][2], pre->g_pre_comp[1][i][0], + pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); } if (i == 8) break; point_double(pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2], pre->g_pre_comp[1][i][0], - pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); + pre->g_pre_comp[0][2 * i][1], + pre->g_pre_comp[0][2 * i][2], pre->g_pre_comp[1][i][0], + pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); for (j = 0; j < 27; ++j) { point_double(pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2], - pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2]); + pre->g_pre_comp[0][2 * i][1], + pre->g_pre_comp[0][2 * i][2], + pre->g_pre_comp[0][2 * i][0], + pre->g_pre_comp[0][2 * i][1], + pre->g_pre_comp[0][2 * i][2]); } } for (i = 0; i < 2; i++) { @@ -1690,49 +1668,49 @@ /* the remaining multiples */ /* 2^56*G + 2^112*G resp. 2^84*G + 2^140*G */ point_add(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1], - pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0], - pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2], - 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); + pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0], + pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2], + 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); /* 2^56*G + 2^168*G resp. 2^84*G + 2^196*G */ point_add(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1], - pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0], - pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], - 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); + pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0], + pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], + 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); /* 2^112*G + 2^168*G resp. 2^140*G + 2^196*G */ point_add(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], - pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0], - pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], - 0, pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], - pre->g_pre_comp[i][4][2]); + pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0], + pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], + 0, pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], + pre->g_pre_comp[i][4][2]); /* * 2^56*G + 2^112*G + 2^168*G resp. 2^84*G + 2^140*G + 2^196*G */ point_add(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1], - pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0], - pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], - 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); + pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0], + pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], + 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); for (j = 1; j < 8; ++j) { /* odd multiples: add G resp. 2^28*G */ point_add(pre->g_pre_comp[i][2 * j + 1][0], - pre->g_pre_comp[i][2 * j + 1][1], - pre->g_pre_comp[i][2 * j + 1][2], - pre->g_pre_comp[i][2 * j][0], - pre->g_pre_comp[i][2 * j][1], - pre->g_pre_comp[i][2 * j][2], 0, - pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1], - pre->g_pre_comp[i][1][2]); + pre->g_pre_comp[i][2 * j + 1][1], + pre->g_pre_comp[i][2 * j + 1][2], + pre->g_pre_comp[i][2 * j][0], + pre->g_pre_comp[i][2 * j][1], + pre->g_pre_comp[i][2 * j][2], 0, + pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1], + pre->g_pre_comp[i][1][2]); } } make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems); - done: +done: SETPRECOMP(group, nistp224, pre); pre = NULL; ret = 1; - err: +err: BN_CTX_end(ctx); EC_POINT_free(generator); #ifndef FIPS_MODULE --- crypto/openssl/crypto/ec/ecp_nistp256.c.orig +++ crypto/openssl/crypto/ec/ecp_nistp256.c @@ -47,7 +47,7 @@ #include "internal/numbers.h" #ifndef INT128_MAX -# error "Your compiler doesn't appear to support 128-bit integer types" +#error "Your compiler doesn't appear to support 128-bit integer types" #endif typedef uint8_t u8; @@ -67,26 +67,26 @@ * values are big-endian. */ static const felem_bytearray nistp256_curve_params[5] = { - {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* p */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, - {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, /* b */ - 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, - 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, - 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b}, - {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, /* x */ - 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, - 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, - 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96}, - {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, /* y */ - 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, - 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, - 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5} + { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc }, + { 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, /* b */ + 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, + 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, + 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b }, + { 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, /* x */ + 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, + 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, + 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96 }, + { 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, /* y */ + 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, + 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, + 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 } }; /*- @@ -118,8 +118,7 @@ typedef u64 smallfelem[NLIMBS]; /* This is the value of the prime as four 64-bit words, little-endian. */ -static const u64 kPrime[4] = - { 0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul }; +static const u64 kPrime[4] = { 0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul }; static const u64 bottom63bits = 0x7ffffffffffffffful; /* @@ -247,8 +246,7 @@ #define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9) /* zero105 is 0 mod p */ -static const felem zero105 = - { two105m41m9, two105, two105m41p9, two105m41p9 }; +static const felem zero105 = { two105m41m9, two105, two105m41p9, two105m41p9 }; /*- * smallfelem_neg sets |out| to |-small| @@ -292,8 +290,7 @@ #define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11) /* zero107 is 0 mod p */ -static const felem zero107 = - { two107m43m11, two107, two107m43p11, two107m43p11 }; +static const felem zero107 = { two107m43m11, two107, two107m43p11, two107m43p11 }; /*- * An alternative felem_diff for larger inputs |in| @@ -328,14 +325,11 @@ */ static void longfelem_diff(longfelem out, const longfelem in) { - static const limb two70m8p6 = - (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6); - static const limb two70p40 = (((limb) 1) << 70) + (((limb) 1) << 40); - static const limb two70 = (((limb) 1) << 70); - static const limb two70m40m38p6 = - (((limb) 1) << 70) - (((limb) 1) << 40) - (((limb) 1) << 38) + - (((limb) 1) << 6); - static const limb two70m6 = (((limb) 1) << 70) - (((limb) 1) << 6); + static const limb two70m8p6 = (((limb)1) << 70) - (((limb)1) << 8) + (((limb)1) << 6); + static const limb two70p40 = (((limb)1) << 70) + (((limb)1) << 40); + static const limb two70 = (((limb)1) << 70); + static const limb two70m40m38p6 = (((limb)1) << 70) - (((limb)1) << 40) - (((limb)1) << 38) + (((limb)1) << 6); + static const limb two70m6 = (((limb)1) << 70) - (((limb)1) << 6); /* add 0 mod p to avoid underflow */ out[0] += two70m8p6; @@ -395,18 +389,18 @@ * We perform two partial reductions where we eliminate the high-word of * tmp[3]. We don't update the other words till the end. */ - a = tmp[3] >> 64; /* a < 2^46 */ + a = tmp[3] >> 64; /* a < 2^46 */ tmp[3] = (u64)tmp[3]; tmp[3] -= a; - tmp[3] += ((limb) a) << 32; + tmp[3] += ((limb)a) << 32; /* tmp[3] < 2^79 */ b = a; - a = tmp[3] >> 64; /* a < 2^15 */ - b += a; /* b < 2^46 + 2^15 < 2^47 */ + a = tmp[3] >> 64; /* a < 2^15 */ + b += a; /* b < 2^46 + 2^15 < 2^47 */ tmp[3] = (u64)tmp[3]; tmp[3] -= a; - tmp[3] += ((limb) a) << 32; + tmp[3] += ((limb)a) << 32; /* tmp[3] < 2^64 + 2^47 */ /* @@ -414,7 +408,7 @@ * reductions. */ tmp[0] += b; - tmp[1] -= (((limb) b) << 32); + tmp[1] -= (((limb)b) << 32); /* * In order to make space in tmp[3] for the carry from 2 -> 3, we @@ -487,53 +481,53 @@ limb a; u64 high, low; - a = ((uint128_t) small[0]) * small[0]; + a = ((uint128_t)small[0]) * small[0]; low = a; high = a >> 64; out[0] = low; out[1] = high; - a = ((uint128_t) small[0]) * small[1]; + a = ((uint128_t)small[0]) * small[1]; low = a; high = a >> 64; out[1] += low; out[1] += low; out[2] = high; - a = ((uint128_t) small[0]) * small[2]; + a = ((uint128_t)small[0]) * small[2]; low = a; high = a >> 64; out[2] += low; out[2] *= 2; out[3] = high; - a = ((uint128_t) small[0]) * small[3]; + a = ((uint128_t)small[0]) * small[3]; low = a; high = a >> 64; out[3] += low; out[4] = high; - a = ((uint128_t) small[1]) * small[2]; + a = ((uint128_t)small[1]) * small[2]; low = a; high = a >> 64; out[3] += low; out[3] *= 2; out[4] += high; - a = ((uint128_t) small[1]) * small[1]; + a = ((uint128_t)small[1]) * small[1]; low = a; high = a >> 64; out[2] += low; out[3] += high; - a = ((uint128_t) small[1]) * small[3]; + a = ((uint128_t)small[1]) * small[3]; low = a; high = a >> 64; out[4] += low; out[4] *= 2; out[5] = high; - a = ((uint128_t) small[2]) * small[3]; + a = ((uint128_t)small[2]) * small[3]; low = a; high = a >> 64; out[5] += low; @@ -541,13 +535,13 @@ out[6] = high; out[6] += high; - a = ((uint128_t) small[2]) * small[2]; + a = ((uint128_t)small[2]) * small[2]; low = a; high = a >> 64; out[4] += low; out[5] += high; - a = ((uint128_t) small[3]) * small[3]; + a = ((uint128_t)small[3]) * small[3]; low = a; high = a >> 64; out[6] += low; @@ -577,102 +571,102 @@ * out[i] < 7 * 2^64 < 2^67 */ static void smallfelem_mul(longfelem out, const smallfelem small1, - const smallfelem small2) + const smallfelem small2) { limb a; u64 high, low; - a = ((uint128_t) small1[0]) * small2[0]; + a = ((uint128_t)small1[0]) * small2[0]; low = a; high = a >> 64; out[0] = low; out[1] = high; - a = ((uint128_t) small1[0]) * small2[1]; + a = ((uint128_t)small1[0]) * small2[1]; low = a; high = a >> 64; out[1] += low; out[2] = high; - a = ((uint128_t) small1[1]) * small2[0]; + a = ((uint128_t)small1[1]) * small2[0]; low = a; high = a >> 64; out[1] += low; out[2] += high; - a = ((uint128_t) small1[0]) * small2[2]; + a = ((uint128_t)small1[0]) * small2[2]; low = a; high = a >> 64; out[2] += low; out[3] = high; - a = ((uint128_t) small1[1]) * small2[1]; + a = ((uint128_t)small1[1]) * small2[1]; low = a; high = a >> 64; out[2] += low; out[3] += high; - a = ((uint128_t) small1[2]) * small2[0]; + a = ((uint128_t)small1[2]) * small2[0]; low = a; high = a >> 64; out[2] += low; out[3] += high; - a = ((uint128_t) small1[0]) * small2[3]; + a = ((uint128_t)small1[0]) * small2[3]; low = a; high = a >> 64; out[3] += low; out[4] = high; - a = ((uint128_t) small1[1]) * small2[2]; + a = ((uint128_t)small1[1]) * small2[2]; low = a; high = a >> 64; out[3] += low; out[4] += high; - a = ((uint128_t) small1[2]) * small2[1]; + a = ((uint128_t)small1[2]) * small2[1]; low = a; high = a >> 64; out[3] += low; out[4] += high; - a = ((uint128_t) small1[3]) * small2[0]; + a = ((uint128_t)small1[3]) * small2[0]; low = a; high = a >> 64; out[3] += low; out[4] += high; - a = ((uint128_t) small1[1]) * small2[3]; + a = ((uint128_t)small1[1]) * small2[3]; low = a; high = a >> 64; out[4] += low; out[5] = high; - a = ((uint128_t) small1[2]) * small2[2]; + a = ((uint128_t)small1[2]) * small2[2]; low = a; high = a >> 64; out[4] += low; out[5] += high; - a = ((uint128_t) small1[3]) * small2[1]; + a = ((uint128_t)small1[3]) * small2[1]; low = a; high = a >> 64; out[4] += low; out[5] += high; - a = ((uint128_t) small1[2]) * small2[3]; + a = ((uint128_t)small1[2]) * small2[3]; low = a; high = a >> 64; out[5] += low; out[6] = high; - a = ((uint128_t) small1[3]) * small2[2]; + a = ((uint128_t)small1[3]) * small2[2]; low = a; high = a >> 64; out[5] += low; out[6] += high; - a = ((uint128_t) small1[3]) * small2[3]; + a = ((uint128_t)small1[3]) * small2[3]; low = a; high = a >> 64; out[6] += low; @@ -704,7 +698,7 @@ * out[i] < 7 * 2^64 < 2^67 */ static void felem_small_mul(longfelem out, const smallfelem small1, - const felem in2) + const felem in2) { smallfelem small2; felem_shrink(small2, in2); @@ -715,8 +709,7 @@ #define two100 (((limb)1) << 100) #define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4) /* zero100 is 0 mod p */ -static const felem zero100 = - { two100m36m4, two100, two100m36p4, two100m36p4 }; +static const felem zero100 = { two100m36m4, two100, two100m36p4, two100m36p4 }; /*- * Internal function for the different flavours of felem_reduce. @@ -859,7 +852,7 @@ */ for (i = 3; i < 4; i--) { u64 equal; - uint128_t a = ((uint128_t) kPrime[i]) - out[i]; + uint128_t a = ((uint128_t)kPrime[i]) - out[i]; /* * if out[i] > kPrime[i] then a will underflow and the high 64-bits * will all be set. @@ -916,7 +909,7 @@ } static void smallfelem_mul_contract(smallfelem out, const smallfelem in1, - const smallfelem in2) + const smallfelem in2) { longfelem longtmp; felem tmp; @@ -947,9 +940,7 @@ is_zero &= is_zero << 1; is_zero = 0 - (is_zero >> 63); - is_p = (small[0] ^ kPrime[0]) | - (small[1] ^ kPrime[1]) | - (small[2] ^ kPrime[2]) | (small[3] ^ kPrime[3]); + is_p = (small[0] ^ kPrime[0]) | (small[1] ^ kPrime[1]) | (small[2] ^ kPrime[2]) | (small[3] ^ kPrime[3]); is_p--; is_p &= is_p << 32; is_p &= is_p << 16; @@ -962,13 +953,13 @@ is_zero |= is_p; result = is_zero; - result |= ((limb) is_zero) << 64; + result |= ((limb)is_zero) << 64; return result; } static int smallfelem_is_zero_int(const void *small) { - return (int)(smallfelem_is_zero(small) & ((limb) 1)); + return (int)(smallfelem_is_zero(small) & ((limb)1)); } /*- @@ -988,89 +979,89 @@ unsigned i; felem_square(tmp, in); - felem_reduce(ftmp, tmp); /* 2^1 */ + felem_reduce(ftmp, tmp); /* 2^1 */ felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^2 - 2^0 */ + felem_reduce(ftmp, tmp); /* 2^2 - 2^0 */ felem_assign(e2, ftmp); felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 2^1 */ + felem_reduce(ftmp, tmp); /* 2^3 - 2^1 */ felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^4 - 2^2 */ + felem_reduce(ftmp, tmp); /* 2^4 - 2^2 */ felem_mul(tmp, ftmp, e2); - felem_reduce(ftmp, tmp); /* 2^4 - 2^0 */ + felem_reduce(ftmp, tmp); /* 2^4 - 2^0 */ felem_assign(e4, ftmp); felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^5 - 2^1 */ + felem_reduce(ftmp, tmp); /* 2^5 - 2^1 */ felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^6 - 2^2 */ + felem_reduce(ftmp, tmp); /* 2^6 - 2^2 */ felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^7 - 2^3 */ + felem_reduce(ftmp, tmp); /* 2^7 - 2^3 */ felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^8 - 2^4 */ + felem_reduce(ftmp, tmp); /* 2^8 - 2^4 */ felem_mul(tmp, ftmp, e4); - felem_reduce(ftmp, tmp); /* 2^8 - 2^0 */ + felem_reduce(ftmp, tmp); /* 2^8 - 2^0 */ felem_assign(e8, ftmp); for (i = 0; i < 8; i++) { felem_square(tmp, ftmp); felem_reduce(ftmp, tmp); - } /* 2^16 - 2^8 */ + } /* 2^16 - 2^8 */ felem_mul(tmp, ftmp, e8); - felem_reduce(ftmp, tmp); /* 2^16 - 2^0 */ + felem_reduce(ftmp, tmp); /* 2^16 - 2^0 */ felem_assign(e16, ftmp); for (i = 0; i < 16; i++) { felem_square(tmp, ftmp); felem_reduce(ftmp, tmp); - } /* 2^32 - 2^16 */ + } /* 2^32 - 2^16 */ felem_mul(tmp, ftmp, e16); - felem_reduce(ftmp, tmp); /* 2^32 - 2^0 */ + felem_reduce(ftmp, tmp); /* 2^32 - 2^0 */ felem_assign(e32, ftmp); for (i = 0; i < 32; i++) { felem_square(tmp, ftmp); felem_reduce(ftmp, tmp); - } /* 2^64 - 2^32 */ + } /* 2^64 - 2^32 */ felem_assign(e64, ftmp); felem_mul(tmp, ftmp, in); - felem_reduce(ftmp, tmp); /* 2^64 - 2^32 + 2^0 */ + felem_reduce(ftmp, tmp); /* 2^64 - 2^32 + 2^0 */ for (i = 0; i < 192; i++) { felem_square(tmp, ftmp); felem_reduce(ftmp, tmp); - } /* 2^256 - 2^224 + 2^192 */ + } /* 2^256 - 2^224 + 2^192 */ felem_mul(tmp, e64, e32); - felem_reduce(ftmp2, tmp); /* 2^64 - 2^0 */ + felem_reduce(ftmp2, tmp); /* 2^64 - 2^0 */ for (i = 0; i < 16; i++) { felem_square(tmp, ftmp2); felem_reduce(ftmp2, tmp); - } /* 2^80 - 2^16 */ + } /* 2^80 - 2^16 */ felem_mul(tmp, ftmp2, e16); - felem_reduce(ftmp2, tmp); /* 2^80 - 2^0 */ + felem_reduce(ftmp2, tmp); /* 2^80 - 2^0 */ for (i = 0; i < 8; i++) { felem_square(tmp, ftmp2); felem_reduce(ftmp2, tmp); - } /* 2^88 - 2^8 */ + } /* 2^88 - 2^8 */ felem_mul(tmp, ftmp2, e8); - felem_reduce(ftmp2, tmp); /* 2^88 - 2^0 */ + felem_reduce(ftmp2, tmp); /* 2^88 - 2^0 */ for (i = 0; i < 4; i++) { felem_square(tmp, ftmp2); felem_reduce(ftmp2, tmp); - } /* 2^92 - 2^4 */ + } /* 2^92 - 2^4 */ felem_mul(tmp, ftmp2, e4); - felem_reduce(ftmp2, tmp); /* 2^92 - 2^0 */ + felem_reduce(ftmp2, tmp); /* 2^92 - 2^0 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^93 - 2^1 */ + felem_reduce(ftmp2, tmp); /* 2^93 - 2^1 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^94 - 2^2 */ + felem_reduce(ftmp2, tmp); /* 2^94 - 2^2 */ felem_mul(tmp, ftmp2, e2); - felem_reduce(ftmp2, tmp); /* 2^94 - 2^0 */ + felem_reduce(ftmp2, tmp); /* 2^94 - 2^0 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^95 - 2^1 */ + felem_reduce(ftmp2, tmp); /* 2^95 - 2^1 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^96 - 2^2 */ + felem_reduce(ftmp2, tmp); /* 2^96 - 2^2 */ felem_mul(tmp, ftmp2, in); - felem_reduce(ftmp2, tmp); /* 2^96 - 3 */ + felem_reduce(ftmp2, tmp); /* 2^96 - 3 */ felem_mul(tmp, ftmp2, ftmp); - felem_reduce(out, tmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */ + felem_reduce(out, tmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */ } static void smallfelem_inv_contract(smallfelem out, const smallfelem in) @@ -1102,7 +1093,7 @@ */ static void point_double(felem x_out, felem y_out, felem z_out, - const felem x_in, const felem y_in, const felem z_in) + const felem x_in, const felem y_in, const felem z_in) { longfelem tmp, tmp2; felem delta, gamma, beta, alpha, ftmp, ftmp2; @@ -1184,8 +1175,8 @@ */ static void point_double_small(smallfelem x_out, smallfelem y_out, smallfelem z_out, - const smallfelem x_in, const smallfelem y_in, - const smallfelem z_in) + const smallfelem x_in, const smallfelem y_in, + const smallfelem z_in) { felem felem_x_out, felem_y_out, felem_z_out; felem felem_x_in, felem_y_in, felem_z_in; @@ -1194,7 +1185,7 @@ smallfelem_expand(felem_y_in, y_in); smallfelem_expand(felem_z_in, z_in); point_double(felem_x_out, felem_y_out, felem_z_out, - felem_x_in, felem_y_in, felem_z_in); + felem_x_in, felem_y_in, felem_z_in); felem_shrink(x_out, felem_x_out); felem_shrink(y_out, felem_y_out); felem_shrink(z_out, felem_z_out); @@ -1216,7 +1207,7 @@ unsigned i; const u64 mask64 = mask; for (i = 0; i < NLIMBS; ++i) { - out[i] = ((limb) (in[i] & mask64)) | (out[i] & ~mask); + out[i] = ((limb)(in[i] & mask64)) | (out[i] & ~mask); } } @@ -1233,9 +1224,9 @@ * ECDH or ECDSA signing. */ static void point_add(felem x3, felem y3, felem z3, - const felem x1, const felem y1, const felem z1, - const int mixed, const smallfelem x2, - const smallfelem y2, const smallfelem z2) + const felem x1, const felem y1, const felem z1, + const int mixed, const smallfelem x2, + const smallfelem y2, const smallfelem z2) { felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; longfelem tmp, tmp2; @@ -1418,8 +1409,8 @@ * smallfelems */ static void point_add_small(smallfelem x3, smallfelem y3, smallfelem z3, - smallfelem x1, smallfelem y1, smallfelem z1, - smallfelem x2, smallfelem y2, smallfelem z2) + smallfelem x1, smallfelem y1, smallfelem z1, + smallfelem x2, smallfelem y2, smallfelem z2) { felem felem_x3, felem_y3, felem_z3; felem felem_x1, felem_y1, felem_z1; @@ -1427,7 +1418,7 @@ smallfelem_expand(felem_y1, y1); smallfelem_expand(felem_z1, z1); point_add(felem_x3, felem_y3, felem_z3, felem_x1, felem_y1, felem_z1, 0, - x2, y2, z2); + x2, y2, z2); felem_shrink(x3, felem_x3); felem_shrink(y3, felem_y3); felem_shrink(z3, felem_z3); @@ -1471,162 +1462,162 @@ /* gmul is the table of precomputed base points */ static const smallfelem gmul[2][16][3] = { - {{{0, 0, 0, 0}, - {0, 0, 0, 0}, - {0, 0, 0, 0}}, - {{0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2, - 0x6b17d1f2e12c4247}, - {0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16, - 0x4fe342e2fe1a7f9b}, - {1, 0, 0, 0}}, - {{0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de, - 0x0fa822bc2811aaa5}, - {0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b, - 0xbff44ae8f5dba80d}, - {1, 0, 0, 0}}, - {{0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789, - 0x300a4bbc89d6726f}, - {0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f, - 0x72aac7e0d09b4644}, - {1, 0, 0, 0}}, - {{0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e, - 0x447d739beedb5e67}, - {0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7, - 0x2d4825ab834131ee}, - {1, 0, 0, 0}}, - {{0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60, - 0xef9519328a9c72ff}, - {0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c, - 0x611e9fc37dbb2c9b}, - {1, 0, 0, 0}}, - {{0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf, - 0x550663797b51f5d8}, - {0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5, - 0x157164848aecb851}, - {1, 0, 0, 0}}, - {{0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391, - 0xeb5d7745b21141ea}, - {0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee, - 0xeafd72ebdbecc17b}, - {1, 0, 0, 0}}, - {{0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5, - 0xa6d39677a7849276}, - {0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf, - 0x674f84749b0b8816}, - {1, 0, 0, 0}}, - {{0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb, - 0x4e769e7672c9ddad}, - {0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281, - 0x42b99082de830663}, - {1, 0, 0, 0}}, - {{0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478, - 0x78878ef61c6ce04d}, - {0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def, - 0xb6cb3f5d7b72c321}, - {1, 0, 0, 0}}, - {{0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae, - 0x0c88bc4d716b1287}, - {0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa, - 0xdd5ddea3f3901dc6}, - {1, 0, 0, 0}}, - {{0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3, - 0x68f344af6b317466}, - {0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3, - 0x31b9c405f8540a20}, - {1, 0, 0, 0}}, - {{0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0, - 0x4052bf4b6f461db9}, - {0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8, - 0xfecf4d5190b0fc61}, - {1, 0, 0, 0}}, - {{0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a, - 0x1eddbae2c802e41a}, - {0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0, - 0x43104d86560ebcfc}, - {1, 0, 0, 0}}, - {{0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a, - 0xb48e26b484f7a21c}, - {0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668, - 0xfac015404d4d3dab}, - {1, 0, 0, 0}}}, - {{{0, 0, 0, 0}, - {0, 0, 0, 0}, - {0, 0, 0, 0}}, - {{0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da, - 0x7fe36b40af22af89}, - {0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1, - 0xe697d45825b63624}, - {1, 0, 0, 0}}, - {{0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902, - 0x4a5b506612a677a6}, - {0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40, - 0xeb13461ceac089f1}, - {1, 0, 0, 0}}, - {{0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857, - 0x0781b8291c6a220a}, - {0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434, - 0x690cde8df0151593}, - {1, 0, 0, 0}}, - {{0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326, - 0x8a535f566ec73617}, - {0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf, - 0x0455c08468b08bd7}, - {1, 0, 0, 0}}, - {{0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279, - 0x06bada7ab77f8276}, - {0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70, - 0x5b476dfd0e6cb18a}, - {1, 0, 0, 0}}, - {{0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8, - 0x3e29864e8a2ec908}, - {0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed, - 0x239b90ea3dc31e7e}, - {1, 0, 0, 0}}, - {{0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4, - 0x820f4dd949f72ff7}, - {0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3, - 0x140406ec783a05ec}, - {1, 0, 0, 0}}, - {{0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe, - 0x68f6b8542783dfee}, - {0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028, - 0xcbe1feba92e40ce6}, - {1, 0, 0, 0}}, - {{0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927, - 0xd0b2f94d2f420109}, - {0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a, - 0x971459828b0719e5}, - {1, 0, 0, 0}}, - {{0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687, - 0x961610004a866aba}, - {0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c, - 0x7acb9fadcee75e44}, - {1, 0, 0, 0}}, - {{0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea, - 0x24eb9acca333bf5b}, - {0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d, - 0x69f891c5acd079cc}, - {1, 0, 0, 0}}, - {{0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514, - 0xe51f547c5972a107}, - {0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06, - 0x1c309a2b25bb1387}, - {1, 0, 0, 0}}, - {{0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828, - 0x20b87b8aa2c4e503}, - {0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044, - 0xf5c6fa49919776be}, - {1, 0, 0, 0}}, - {{0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56, - 0x1ed7d1b9332010b9}, - {0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24, - 0x3a2b03f03217257a}, - {1, 0, 0, 0}}, - {{0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b, - 0x15fee545c78dd9f6}, - {0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb, - 0x4ab5b6b2b8753f81}, - {1, 0, 0, 0}}} + { { { 0, 0, 0, 0 }, + { 0, 0, 0, 0 }, + { 0, 0, 0, 0 } }, + { { 0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2, + 0x6b17d1f2e12c4247 }, + { 0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16, + 0x4fe342e2fe1a7f9b }, + { 1, 0, 0, 0 } }, + { { 0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de, + 0x0fa822bc2811aaa5 }, + { 0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b, + 0xbff44ae8f5dba80d }, + { 1, 0, 0, 0 } }, + { { 0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789, + 0x300a4bbc89d6726f }, + { 0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f, + 0x72aac7e0d09b4644 }, + { 1, 0, 0, 0 } }, + { { 0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e, + 0x447d739beedb5e67 }, + { 0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7, + 0x2d4825ab834131ee }, + { 1, 0, 0, 0 } }, + { { 0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60, + 0xef9519328a9c72ff }, + { 0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c, + 0x611e9fc37dbb2c9b }, + { 1, 0, 0, 0 } }, + { { 0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf, + 0x550663797b51f5d8 }, + { 0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5, + 0x157164848aecb851 }, + { 1, 0, 0, 0 } }, + { { 0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391, + 0xeb5d7745b21141ea }, + { 0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee, + 0xeafd72ebdbecc17b }, + { 1, 0, 0, 0 } }, + { { 0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5, + 0xa6d39677a7849276 }, + { 0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf, + 0x674f84749b0b8816 }, + { 1, 0, 0, 0 } }, + { { 0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb, + 0x4e769e7672c9ddad }, + { 0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281, + 0x42b99082de830663 }, + { 1, 0, 0, 0 } }, + { { 0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478, + 0x78878ef61c6ce04d }, + { 0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def, + 0xb6cb3f5d7b72c321 }, + { 1, 0, 0, 0 } }, + { { 0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae, + 0x0c88bc4d716b1287 }, + { 0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa, + 0xdd5ddea3f3901dc6 }, + { 1, 0, 0, 0 } }, + { { 0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3, + 0x68f344af6b317466 }, + { 0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3, + 0x31b9c405f8540a20 }, + { 1, 0, 0, 0 } }, + { { 0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0, + 0x4052bf4b6f461db9 }, + { 0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8, + 0xfecf4d5190b0fc61 }, + { 1, 0, 0, 0 } }, + { { 0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a, + 0x1eddbae2c802e41a }, + { 0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0, + 0x43104d86560ebcfc }, + { 1, 0, 0, 0 } }, + { { 0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a, + 0xb48e26b484f7a21c }, + { 0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668, + 0xfac015404d4d3dab }, + { 1, 0, 0, 0 } } }, + { { { 0, 0, 0, 0 }, + { 0, 0, 0, 0 }, + { 0, 0, 0, 0 } }, + { { 0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da, + 0x7fe36b40af22af89 }, + { 0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1, + 0xe697d45825b63624 }, + { 1, 0, 0, 0 } }, + { { 0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902, + 0x4a5b506612a677a6 }, + { 0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40, + 0xeb13461ceac089f1 }, + { 1, 0, 0, 0 } }, + { { 0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857, + 0x0781b8291c6a220a }, + { 0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434, + 0x690cde8df0151593 }, + { 1, 0, 0, 0 } }, + { { 0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326, + 0x8a535f566ec73617 }, + { 0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf, + 0x0455c08468b08bd7 }, + { 1, 0, 0, 0 } }, + { { 0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279, + 0x06bada7ab77f8276 }, + { 0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70, + 0x5b476dfd0e6cb18a }, + { 1, 0, 0, 0 } }, + { { 0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8, + 0x3e29864e8a2ec908 }, + { 0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed, + 0x239b90ea3dc31e7e }, + { 1, 0, 0, 0 } }, + { { 0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4, + 0x820f4dd949f72ff7 }, + { 0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3, + 0x140406ec783a05ec }, + { 1, 0, 0, 0 } }, + { { 0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe, + 0x68f6b8542783dfee }, + { 0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028, + 0xcbe1feba92e40ce6 }, + { 1, 0, 0, 0 } }, + { { 0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927, + 0xd0b2f94d2f420109 }, + { 0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a, + 0x971459828b0719e5 }, + { 1, 0, 0, 0 } }, + { { 0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687, + 0x961610004a866aba }, + { 0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c, + 0x7acb9fadcee75e44 }, + { 1, 0, 0, 0 } }, + { { 0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea, + 0x24eb9acca333bf5b }, + { 0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d, + 0x69f891c5acd079cc }, + { 1, 0, 0, 0 } }, + { { 0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514, + 0xe51f547c5972a107 }, + { 0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06, + 0x1c309a2b25bb1387 }, + { 1, 0, 0, 0 } }, + { { 0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828, + 0x20b87b8aa2c4e503 }, + { 0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044, + 0xf5c6fa49919776be }, + { 1, 0, 0, 0 } }, + { { 0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56, + 0x1ed7d1b9332010b9 }, + { 0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24, + 0x3a2b03f03217257a }, + { 1, 0, 0, 0 } }, + { { 0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b, + 0x15fee545c78dd9f6 }, + { 0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb, + 0x4ab5b6b2b8753f81 }, + { 1, 0, 0, 0 } } } }; /* @@ -1634,7 +1625,7 @@ * copies it to out. */ static void select_point(const u64 idx, unsigned int size, - const smallfelem pre_comp[16][3], smallfelem out[3]) + const smallfelem pre_comp[16][3], smallfelem out[3]) { unsigned i, j; u64 *outlimbs = &out[0][0]; @@ -1670,10 +1661,10 @@ * Output point (X, Y, Z) is stored in x_out, y_out, z_out */ static void batch_mul(felem x_out, felem y_out, felem z_out, - const felem_bytearray scalars[], - const unsigned num_points, const u8 *g_scalar, - const int mixed, const smallfelem pre_comp[][17][3], - const smallfelem g_pre_comp[2][16][3]) + const felem_bytearray scalars[], + const unsigned num_points, const u8 *g_scalar, + const int mixed, const smallfelem pre_comp[][17][3], + const smallfelem g_pre_comp[2][16][3]) { int i, skip; unsigned num, gen_mul = (g_scalar != NULL); @@ -1690,8 +1681,8 @@ * of the generator (two in each of the last 32 rounds) and additions of * other points multiples (every 5th round). */ - skip = 1; /* save two point operations in the first - * round */ + skip = 1; /* save two point operations in the first + * round */ for (i = (num_points ? 255 : 31); i >= 0; --i) { /* double */ if (!skip) @@ -1710,7 +1701,7 @@ if (!skip) { /* Arg 1 below is for "mixed" */ point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); + nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); } else { smallfelem_expand(nq[0], tmp[0]); smallfelem_expand(nq[1], tmp[1]); @@ -1727,7 +1718,7 @@ select_point(bits, 16, g_pre_comp[0], tmp); /* Arg 1 below is for "mixed" */ point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); + nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); } /* do other additions every 5 doublings */ @@ -1748,13 +1739,13 @@ select_point(digit, 17, pre_comp[num], tmp); smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the negative * point */ - copy_small_conditional(ftmp, tmp[1], (((limb) sign) - 1)); + copy_small_conditional(ftmp, tmp[1], (((limb)sign) - 1)); felem_contract(tmp[1], ftmp); if (!skip) { point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], - mixed, tmp[0], tmp[1], tmp[2]); + nq[0], nq[1], nq[2], + mixed, tmp[0], tmp[1], tmp[2]); } else { smallfelem_expand(nq[0], tmp[0]); smallfelem_expand(nq[1], tmp[1]); @@ -1797,9 +1788,9 @@ ossl_ec_GFp_simple_point_set_to_infinity, ossl_ec_GFp_simple_point_set_affine_coordinates, ossl_ec_GFp_nistp256_point_get_affine_coordinates, - 0 /* point_set_compressed_coordinates */ , - 0 /* point2oct */ , - 0 /* oct2point */ , + 0 /* point_set_compressed_coordinates */, + 0 /* point2oct */, + 0 /* oct2point */, ossl_ec_GFp_simple_add, ossl_ec_GFp_simple_dbl, ossl_ec_GFp_simple_invert, @@ -1813,11 +1804,11 @@ ossl_ec_GFp_nistp256_have_precompute_mult, ossl_ec_GFp_nist_field_mul, ossl_ec_GFp_nist_field_sqr, - 0 /* field_div */ , + 0 /* field_div */, ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ + 0 /* field_encode */, + 0 /* field_decode */, + 0, /* field_set_to_one */ ossl_ec_key_simple_priv2oct, ossl_ec_key_simple_oct2priv, 0, /* set private */ @@ -1834,7 +1825,7 @@ 0, /* blind_coordinates */ 0, /* ladder_pre */ 0, /* ladder_step */ - 0 /* ladder_post */ + 0 /* ladder_post */ }; return &ret; @@ -1904,8 +1895,8 @@ } int ossl_ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) { int ret = 0; BIGNUM *curve_p, *curve_a, *curve_b; @@ -1933,7 +1924,7 @@ } group->field_mod_func = BN_nist_mod_256; ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -1946,9 +1937,9 @@ * (X/Z^2, Y/Z^3) */ int ossl_ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) { felem z1, z2, x_in, y_in; smallfelem x_out, y_out; @@ -1958,8 +1949,7 @@ ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); return 0; } - if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || - (!BN_to_felem(z1, point->Z))) + if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); @@ -1989,31 +1979,30 @@ /* points below is of size |num|, and tmp_smallfelems is of size |num+1| */ static void make_points_affine(size_t num, smallfelem points[][3], - smallfelem tmp_smallfelems[]) + smallfelem tmp_smallfelems[]) { /* * Runs in constant time, unless an input is the point at infinity (which * normally shouldn't happen). */ ossl_ec_GFp_nistp_points_make_affine_internal(num, - points, - sizeof(smallfelem), - tmp_smallfelems, - (void (*)(void *))smallfelem_one, - smallfelem_is_zero_int, - (void (*)(void *, const void *)) - smallfelem_assign, - (void (*)(void *, const void *)) - smallfelem_square_contract, - (void (*) - (void *, const void *, - const void *)) - smallfelem_mul_contract, - (void (*)(void *, const void *)) - smallfelem_inv_contract, - /* nothing to contract */ - (void (*)(void *, const void *)) - smallfelem_assign); + points, + sizeof(smallfelem), + tmp_smallfelems, + (void (*)(void *))smallfelem_one, + smallfelem_is_zero_int, + (void (*)(void *, const void *)) + smallfelem_assign, + (void (*)(void *, const void *)) + smallfelem_square_contract, + (void (*)(void *, const void *, + const void *)) + smallfelem_mul_contract, + (void (*)(void *, const void *)) + smallfelem_inv_contract, + /* nothing to contract */ + (void (*)(void *, const void *)) + smallfelem_assign); } /* @@ -2021,9 +2010,9 @@ * values Result is stored in r (r can equal one of the inputs). */ int ossl_ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx) { int ret = 0; int j; @@ -2031,7 +2020,7 @@ BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; - smallfelem (*pre_comp)[17][3] = NULL; + smallfelem(*pre_comp)[17][3] = NULL; smallfelem *tmp_smallfelems = NULL; unsigned i; int num_bytes; @@ -2065,15 +2054,13 @@ if (generator == NULL) goto err; /* get the generator from precomputation */ - if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || - !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || - !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { + if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, - generator, - x, y, z, ctx)) + generator, + x, y, z, ctx)) goto err; if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) /* precomputation matches generator */ @@ -2096,8 +2083,7 @@ secrets = OPENSSL_malloc(sizeof(*secrets) * num_points); pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points); if (mixed) - tmp_smallfelems = - OPENSSL_malloc(sizeof(*tmp_smallfelems) * (num_points * 17 + 1)); + tmp_smallfelems = OPENSSL_malloc(sizeof(*tmp_smallfelems) * (num_points * 17 + 1)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -2136,19 +2122,17 @@ goto err; } num_bytes = BN_bn2lebinpad(tmp_scalar, - secrets[i], sizeof(secrets[i])); + secrets[i], sizeof(secrets[i])); } else { num_bytes = BN_bn2lebinpad(p_scalar, - secrets[i], sizeof(secrets[i])); + secrets[i], sizeof(secrets[i])); } if (num_bytes < 0) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } /* precompute multiples */ - if ((!BN_to_felem(x_out, p->X)) || - (!BN_to_felem(y_out, p->Y)) || - (!BN_to_felem(z_out, p->Z))) + if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; felem_shrink(pre_comp[i][1][0], x_out); felem_shrink(pre_comp[i][1][1], y_out); @@ -2156,18 +2140,18 @@ for (j = 2; j <= 16; ++j) { if (j & 1) { point_add_small(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][1][0], - pre_comp[i][1][1], pre_comp[i][1][2], - pre_comp[i][j - 1][0], - pre_comp[i][j - 1][1], - pre_comp[i][j - 1][2]); + pre_comp[i][j][2], pre_comp[i][1][0], + pre_comp[i][1][1], pre_comp[i][1][2], + pre_comp[i][j - 1][0], + pre_comp[i][j - 1][1], + pre_comp[i][j - 1][2]); } else { point_double_small(pre_comp[i][j][0], - pre_comp[i][j][1], - pre_comp[i][j][2], - pre_comp[i][j / 2][0], - pre_comp[i][j / 2][1], - pre_comp[i][j / 2][2]); + pre_comp[i][j][1], + pre_comp[i][j][2], + pre_comp[i][j / 2][0], + pre_comp[i][j / 2][1], + pre_comp[i][j / 2][2]); } } } @@ -2195,28 +2179,27 @@ } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - g_secret, - mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp); + (const felem_bytearray(*))secrets, num_points, + g_secret, + mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp); } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL); + (const felem_bytearray(*))secrets, num_points, + NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL); } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); felem_contract(z_in, z_out); - if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) || - (!smallfelem_to_BN(z, z_in))) { + if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) || (!smallfelem_to_BN(z, z_in))) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, - ctx); + ctx); - err: +err: BN_CTX_end(ctx); EC_POINT_free(generator); OPENSSL_free(secrets); @@ -2272,9 +2255,7 @@ memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); goto done; } - if ((!BN_to_felem(x_tmp, group->generator->X)) || - (!BN_to_felem(y_tmp, group->generator->Y)) || - (!BN_to_felem(z_tmp, group->generator->Z))) + if ((!BN_to_felem(x_tmp, group->generator->X)) || (!BN_to_felem(y_tmp, group->generator->Y)) || (!BN_to_felem(z_tmp, group->generator->Z))) goto err; felem_shrink(pre->g_pre_comp[0][1][0], x_tmp); felem_shrink(pre->g_pre_comp[0][1][1], y_tmp); @@ -2285,31 +2266,31 @@ */ for (i = 1; i <= 8; i <<= 1) { point_double_small(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0], - pre->g_pre_comp[0][i][1], - pre->g_pre_comp[0][i][2]); + pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0], + pre->g_pre_comp[0][i][1], + pre->g_pre_comp[0][i][2]); for (j = 0; j < 31; ++j) { point_double_small(pre->g_pre_comp[1][i][0], - pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2], - pre->g_pre_comp[1][i][0], - pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2]); + pre->g_pre_comp[1][i][1], + pre->g_pre_comp[1][i][2], + pre->g_pre_comp[1][i][0], + pre->g_pre_comp[1][i][1], + pre->g_pre_comp[1][i][2]); } if (i == 8) break; point_double_small(pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2], - pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2]); + pre->g_pre_comp[0][2 * i][1], + pre->g_pre_comp[0][2 * i][2], + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], + pre->g_pre_comp[1][i][2]); for (j = 0; j < 31; ++j) { point_double_small(pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2], - pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2]); + pre->g_pre_comp[0][2 * i][1], + pre->g_pre_comp[0][2 * i][2], + pre->g_pre_comp[0][2 * i][0], + pre->g_pre_comp[0][2 * i][1], + pre->g_pre_comp[0][2 * i][2]); } } for (i = 0; i < 2; i++) { @@ -2318,51 +2299,51 @@ /* the remaining multiples */ /* 2^64*G + 2^128*G resp. 2^96*G + 2^160*G */ point_add_small(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1], - pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0], - pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2], - pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); + pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0], + pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2], + pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); /* 2^64*G + 2^192*G resp. 2^96*G + 2^224*G */ point_add_small(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1], - pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0], - pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], - pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); + pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0], + pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], + pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); /* 2^128*G + 2^192*G resp. 2^160*G + 2^224*G */ point_add_small(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], - pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0], - pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], - pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], - pre->g_pre_comp[i][4][2]); + pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0], + pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], + pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], + pre->g_pre_comp[i][4][2]); /* * 2^64*G + 2^128*G + 2^192*G resp. 2^96*G + 2^160*G + 2^224*G */ point_add_small(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1], - pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0], - pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], - pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); + pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0], + pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], + pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); for (j = 1; j < 8; ++j) { /* odd multiples: add G resp. 2^32*G */ point_add_small(pre->g_pre_comp[i][2 * j + 1][0], - pre->g_pre_comp[i][2 * j + 1][1], - pre->g_pre_comp[i][2 * j + 1][2], - pre->g_pre_comp[i][2 * j][0], - pre->g_pre_comp[i][2 * j][1], - pre->g_pre_comp[i][2 * j][2], - pre->g_pre_comp[i][1][0], - pre->g_pre_comp[i][1][1], - pre->g_pre_comp[i][1][2]); + pre->g_pre_comp[i][2 * j + 1][1], + pre->g_pre_comp[i][2 * j + 1][2], + pre->g_pre_comp[i][2 * j][0], + pre->g_pre_comp[i][2 * j][1], + pre->g_pre_comp[i][2 * j][2], + pre->g_pre_comp[i][1][0], + pre->g_pre_comp[i][1][1], + pre->g_pre_comp[i][1][2]); } } make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems); - done: +done: SETPRECOMP(group, nistp256, pre); pre = NULL; ret = 1; - err: +err: BN_CTX_end(ctx); EC_POINT_free(generator); #ifndef FIPS_MODULE --- crypto/openssl/crypto/ec/ecp_nistp521.c.orig +++ crypto/openssl/crypto/ec/ecp_nistp521.c @@ -46,7 +46,7 @@ #include "internal/numbers.h" #ifndef INT128_MAX -# error "Your compiler doesn't appear to support 128-bit integer types" +#error "Your compiler doesn't appear to support 128-bit integer types" #endif typedef uint8_t u8; @@ -65,51 +65,51 @@ * These values are big-endian. */ static const felem_bytearray nistp521_curve_params[5] = { - {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff}, - {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a = -3 */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xfc}, - {0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, /* b */ - 0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, - 0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3, - 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, - 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, - 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1, - 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, - 0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, - 0x3f, 0x00}, - {0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, /* x */ - 0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95, - 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, - 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, - 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7, - 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, - 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, - 0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5, - 0xbd, 0x66}, - {0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, /* y */ - 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, - 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, - 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, - 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, - 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, - 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, - 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, - 0x66, 0x50} + { 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff }, + { 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a = -3 */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xfc }, + { 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, /* b */ + 0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, + 0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3, + 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, + 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, + 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1, + 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, + 0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, + 0x3f, 0x00 }, + { 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, /* x */ + 0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95, + 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, + 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, + 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7, + 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, + 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, + 0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5, + 0xbd, 0x66 }, + { 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, /* y */ + 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, + 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, + 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, + 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, + 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, + 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, + 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, + 0x66, 0x50 } }; /*- @@ -142,15 +142,15 @@ */ static void bin66_to_felem(felem out, const u8 in[66]) { - out[0] = (*((limb *) & in[0])) & bottom58bits; - out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits; - out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits; - out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits; - out[4] = (*((limb_aX *) & in[29])) & bottom58bits; - out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits; - out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits; - out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits; - out[8] = (*((limb_aX *) & in[58])) & bottom57bits; + out[0] = (*((limb *)&in[0])) & bottom58bits; + out[1] = (*((limb_aX *)&in[7]) >> 2) & bottom58bits; + out[2] = (*((limb_aX *)&in[14]) >> 4) & bottom58bits; + out[3] = (*((limb_aX *)&in[21]) >> 6) & bottom58bits; + out[4] = (*((limb_aX *)&in[29])) & bottom58bits; + out[5] = (*((limb_aX *)&in[36]) >> 2) & bottom58bits; + out[6] = (*((limb_aX *)&in[43]) >> 4) & bottom58bits; + out[7] = (*((limb_aX *)&in[50]) >> 6) & bottom58bits; + out[8] = (*((limb_aX *)&in[58])) & bottom57bits; } /* @@ -160,15 +160,15 @@ static void felem_to_bin66(u8 out[66], const felem in) { memset(out, 0, 66); - (*((limb *) & out[0])) = in[0]; - (*((limb_aX *) & out[7])) |= in[1] << 2; - (*((limb_aX *) & out[14])) |= in[2] << 4; - (*((limb_aX *) & out[21])) |= in[3] << 6; - (*((limb_aX *) & out[29])) = in[4]; - (*((limb_aX *) & out[36])) |= in[5] << 2; - (*((limb_aX *) & out[43])) |= in[6] << 4; - (*((limb_aX *) & out[50])) |= in[7] << 6; - (*((limb_aX *) & out[58])) = in[8]; + (*((limb *)&out[0])) = in[0]; + (*((limb_aX *)&out[7])) |= in[1] << 2; + (*((limb_aX *)&out[14])) |= in[2] << 4; + (*((limb_aX *)&out[21])) |= in[3] << 6; + (*((limb_aX *)&out[29])) = in[4]; + (*((limb_aX *)&out[36])) |= in[5] << 2; + (*((limb_aX *)&out[43])) |= in[6] << 4; + (*((limb_aX *)&out[50])) |= in[7] << 6; + (*((limb_aX *)&out[58])) = in[8]; } /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ @@ -295,8 +295,8 @@ static void felem_neg(felem out, const felem in) { /* In order to prevent underflow, we subtract from 0 mod p. */ - static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5); - static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4); + static const limb two62m3 = (((limb)1) << 62) - (((limb)1) << 5); + static const limb two62m2 = (((limb)1) << 62) - (((limb)1) << 4); out[0] = two62m3 - in[0]; out[1] = two62m2 - in[1]; @@ -321,8 +321,8 @@ /* * In order to prevent underflow, we add 0 mod p before subtracting. */ - static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5); - static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4); + static const limb two62m3 = (((limb)1) << 62) - (((limb)1) << 5); + static const limb two62m2 = (((limb)1) << 62) - (((limb)1) << 4); out[0] += two62m3 - in[0]; out[1] += two62m2 - in[1]; @@ -352,8 +352,8 @@ * represent a number. 64p is represented with 8 limbs containing a number * with 58 bits set and one limb with a number with 57 bits set. */ - static const limb two63m6 = (((limb) 1) << 63) - (((limb) 1) << 6); - static const limb two63m5 = (((limb) 1) << 63) - (((limb) 1) << 5); + static const limb two63m6 = (((limb)1) << 63) - (((limb)1) << 6); + static const limb two63m5 = (((limb)1) << 63) - (((limb)1) << 5); out[0] += two63m6 - in[0]; out[1] += two63m5 - in[1]; @@ -378,10 +378,8 @@ /* * In order to prevent underflow, we add 0 mod p before subtracting. */ - static const uint128_t two127m70 = - (((uint128_t) 1) << 127) - (((uint128_t) 1) << 70); - static const uint128_t two127m69 = - (((uint128_t) 1) << 127) - (((uint128_t) 1) << 69); + static const uint128_t two127m70 = (((uint128_t)1) << 127) - (((uint128_t)1) << 70); + static const uint128_t two127m69 = (((uint128_t)1) << 127) - (((uint128_t)1) << 69); out[0] += (two127m70 - in[0]); out[1] += (two127m69 - in[1]); @@ -418,24 +416,15 @@ * |inx2| */ - out[0] = ((uint128_t) in[0]) * in[0]; - out[1] = ((uint128_t) in[0]) * inx2[1]; - out[2] = ((uint128_t) in[0]) * inx2[2] + ((uint128_t) in[1]) * in[1]; - out[3] = ((uint128_t) in[0]) * inx2[3] + ((uint128_t) in[1]) * inx2[2]; - out[4] = ((uint128_t) in[0]) * inx2[4] + - ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2]; - out[5] = ((uint128_t) in[0]) * inx2[5] + - ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3]; - out[6] = ((uint128_t) in[0]) * inx2[6] + - ((uint128_t) in[1]) * inx2[5] + - ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3]; - out[7] = ((uint128_t) in[0]) * inx2[7] + - ((uint128_t) in[1]) * inx2[6] + - ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4]; - out[8] = ((uint128_t) in[0]) * inx2[8] + - ((uint128_t) in[1]) * inx2[7] + - ((uint128_t) in[2]) * inx2[6] + - ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4]; + out[0] = ((uint128_t)in[0]) * in[0]; + out[1] = ((uint128_t)in[0]) * inx2[1]; + out[2] = ((uint128_t)in[0]) * inx2[2] + ((uint128_t)in[1]) * in[1]; + out[3] = ((uint128_t)in[0]) * inx2[3] + ((uint128_t)in[1]) * inx2[2]; + out[4] = ((uint128_t)in[0]) * inx2[4] + ((uint128_t)in[1]) * inx2[3] + ((uint128_t)in[2]) * in[2]; + out[5] = ((uint128_t)in[0]) * inx2[5] + ((uint128_t)in[1]) * inx2[4] + ((uint128_t)in[2]) * inx2[3]; + out[6] = ((uint128_t)in[0]) * inx2[6] + ((uint128_t)in[1]) * inx2[5] + ((uint128_t)in[2]) * inx2[4] + ((uint128_t)in[3]) * in[3]; + out[7] = ((uint128_t)in[0]) * inx2[7] + ((uint128_t)in[1]) * inx2[6] + ((uint128_t)in[2]) * inx2[5] + ((uint128_t)in[3]) * inx2[4]; + out[8] = ((uint128_t)in[0]) * inx2[8] + ((uint128_t)in[1]) * inx2[7] + ((uint128_t)in[2]) * inx2[6] + ((uint128_t)in[3]) * inx2[5] + ((uint128_t)in[4]) * in[4]; /* * The remaining limbs fall above 2^521, with the first falling at 2^522. @@ -447,34 +436,28 @@ */ /* 9 */ - out[0] += ((uint128_t) in[1]) * inx4[8] + - ((uint128_t) in[2]) * inx4[7] + - ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5]; + out[0] += ((uint128_t)in[1]) * inx4[8] + ((uint128_t)in[2]) * inx4[7] + ((uint128_t)in[3]) * inx4[6] + ((uint128_t)in[4]) * inx4[5]; /* 10 */ - out[1] += ((uint128_t) in[2]) * inx4[8] + - ((uint128_t) in[3]) * inx4[7] + - ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5]; + out[1] += ((uint128_t)in[2]) * inx4[8] + ((uint128_t)in[3]) * inx4[7] + ((uint128_t)in[4]) * inx4[6] + ((uint128_t)in[5]) * inx2[5]; /* 11 */ - out[2] += ((uint128_t) in[3]) * inx4[8] + - ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6]; + out[2] += ((uint128_t)in[3]) * inx4[8] + ((uint128_t)in[4]) * inx4[7] + ((uint128_t)in[5]) * inx4[6]; /* 12 */ - out[3] += ((uint128_t) in[4]) * inx4[8] + - ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6]; + out[3] += ((uint128_t)in[4]) * inx4[8] + ((uint128_t)in[5]) * inx4[7] + ((uint128_t)in[6]) * inx2[6]; /* 13 */ - out[4] += ((uint128_t) in[5]) * inx4[8] + ((uint128_t) in[6]) * inx4[7]; + out[4] += ((uint128_t)in[5]) * inx4[8] + ((uint128_t)in[6]) * inx4[7]; /* 14 */ - out[5] += ((uint128_t) in[6]) * inx4[8] + ((uint128_t) in[7]) * inx2[7]; + out[5] += ((uint128_t)in[6]) * inx4[8] + ((uint128_t)in[7]) * inx2[7]; /* 15 */ - out[6] += ((uint128_t) in[7]) * inx4[8]; + out[6] += ((uint128_t)in[7]) * inx4[8]; /* 16 */ - out[7] += ((uint128_t) in[8]) * inx2[8]; + out[7] += ((uint128_t)in[8]) * inx2[8]; } /*- @@ -490,105 +473,41 @@ felem in2x2; felem_scalar(in2x2, in2, 2); - out[0] = ((uint128_t) in1[0]) * in2[0]; - - out[1] = ((uint128_t) in1[0]) * in2[1] + - ((uint128_t) in1[1]) * in2[0]; - - out[2] = ((uint128_t) in1[0]) * in2[2] + - ((uint128_t) in1[1]) * in2[1] + - ((uint128_t) in1[2]) * in2[0]; - - out[3] = ((uint128_t) in1[0]) * in2[3] + - ((uint128_t) in1[1]) * in2[2] + - ((uint128_t) in1[2]) * in2[1] + - ((uint128_t) in1[3]) * in2[0]; - - out[4] = ((uint128_t) in1[0]) * in2[4] + - ((uint128_t) in1[1]) * in2[3] + - ((uint128_t) in1[2]) * in2[2] + - ((uint128_t) in1[3]) * in2[1] + - ((uint128_t) in1[4]) * in2[0]; - - out[5] = ((uint128_t) in1[0]) * in2[5] + - ((uint128_t) in1[1]) * in2[4] + - ((uint128_t) in1[2]) * in2[3] + - ((uint128_t) in1[3]) * in2[2] + - ((uint128_t) in1[4]) * in2[1] + - ((uint128_t) in1[5]) * in2[0]; - - out[6] = ((uint128_t) in1[0]) * in2[6] + - ((uint128_t) in1[1]) * in2[5] + - ((uint128_t) in1[2]) * in2[4] + - ((uint128_t) in1[3]) * in2[3] + - ((uint128_t) in1[4]) * in2[2] + - ((uint128_t) in1[5]) * in2[1] + - ((uint128_t) in1[6]) * in2[0]; - - out[7] = ((uint128_t) in1[0]) * in2[7] + - ((uint128_t) in1[1]) * in2[6] + - ((uint128_t) in1[2]) * in2[5] + - ((uint128_t) in1[3]) * in2[4] + - ((uint128_t) in1[4]) * in2[3] + - ((uint128_t) in1[5]) * in2[2] + - ((uint128_t) in1[6]) * in2[1] + - ((uint128_t) in1[7]) * in2[0]; - - out[8] = ((uint128_t) in1[0]) * in2[8] + - ((uint128_t) in1[1]) * in2[7] + - ((uint128_t) in1[2]) * in2[6] + - ((uint128_t) in1[3]) * in2[5] + - ((uint128_t) in1[4]) * in2[4] + - ((uint128_t) in1[5]) * in2[3] + - ((uint128_t) in1[6]) * in2[2] + - ((uint128_t) in1[7]) * in2[1] + - ((uint128_t) in1[8]) * in2[0]; + out[0] = ((uint128_t)in1[0]) * in2[0]; + + out[1] = ((uint128_t)in1[0]) * in2[1] + ((uint128_t)in1[1]) * in2[0]; + + out[2] = ((uint128_t)in1[0]) * in2[2] + ((uint128_t)in1[1]) * in2[1] + ((uint128_t)in1[2]) * in2[0]; + + out[3] = ((uint128_t)in1[0]) * in2[3] + ((uint128_t)in1[1]) * in2[2] + ((uint128_t)in1[2]) * in2[1] + ((uint128_t)in1[3]) * in2[0]; + + out[4] = ((uint128_t)in1[0]) * in2[4] + ((uint128_t)in1[1]) * in2[3] + ((uint128_t)in1[2]) * in2[2] + ((uint128_t)in1[3]) * in2[1] + ((uint128_t)in1[4]) * in2[0]; + + out[5] = ((uint128_t)in1[0]) * in2[5] + ((uint128_t)in1[1]) * in2[4] + ((uint128_t)in1[2]) * in2[3] + ((uint128_t)in1[3]) * in2[2] + ((uint128_t)in1[4]) * in2[1] + ((uint128_t)in1[5]) * in2[0]; + + out[6] = ((uint128_t)in1[0]) * in2[6] + ((uint128_t)in1[1]) * in2[5] + ((uint128_t)in1[2]) * in2[4] + ((uint128_t)in1[3]) * in2[3] + ((uint128_t)in1[4]) * in2[2] + ((uint128_t)in1[5]) * in2[1] + ((uint128_t)in1[6]) * in2[0]; + + out[7] = ((uint128_t)in1[0]) * in2[7] + ((uint128_t)in1[1]) * in2[6] + ((uint128_t)in1[2]) * in2[5] + ((uint128_t)in1[3]) * in2[4] + ((uint128_t)in1[4]) * in2[3] + ((uint128_t)in1[5]) * in2[2] + ((uint128_t)in1[6]) * in2[1] + ((uint128_t)in1[7]) * in2[0]; + + out[8] = ((uint128_t)in1[0]) * in2[8] + ((uint128_t)in1[1]) * in2[7] + ((uint128_t)in1[2]) * in2[6] + ((uint128_t)in1[3]) * in2[5] + ((uint128_t)in1[4]) * in2[4] + ((uint128_t)in1[5]) * in2[3] + ((uint128_t)in1[6]) * in2[2] + ((uint128_t)in1[7]) * in2[1] + ((uint128_t)in1[8]) * in2[0]; /* See comment in felem_square about the use of in2x2 here */ - out[0] += ((uint128_t) in1[1]) * in2x2[8] + - ((uint128_t) in1[2]) * in2x2[7] + - ((uint128_t) in1[3]) * in2x2[6] + - ((uint128_t) in1[4]) * in2x2[5] + - ((uint128_t) in1[5]) * in2x2[4] + - ((uint128_t) in1[6]) * in2x2[3] + - ((uint128_t) in1[7]) * in2x2[2] + - ((uint128_t) in1[8]) * in2x2[1]; - - out[1] += ((uint128_t) in1[2]) * in2x2[8] + - ((uint128_t) in1[3]) * in2x2[7] + - ((uint128_t) in1[4]) * in2x2[6] + - ((uint128_t) in1[5]) * in2x2[5] + - ((uint128_t) in1[6]) * in2x2[4] + - ((uint128_t) in1[7]) * in2x2[3] + - ((uint128_t) in1[8]) * in2x2[2]; - - out[2] += ((uint128_t) in1[3]) * in2x2[8] + - ((uint128_t) in1[4]) * in2x2[7] + - ((uint128_t) in1[5]) * in2x2[6] + - ((uint128_t) in1[6]) * in2x2[5] + - ((uint128_t) in1[7]) * in2x2[4] + - ((uint128_t) in1[8]) * in2x2[3]; - - out[3] += ((uint128_t) in1[4]) * in2x2[8] + - ((uint128_t) in1[5]) * in2x2[7] + - ((uint128_t) in1[6]) * in2x2[6] + - ((uint128_t) in1[7]) * in2x2[5] + - ((uint128_t) in1[8]) * in2x2[4]; - - out[4] += ((uint128_t) in1[5]) * in2x2[8] + - ((uint128_t) in1[6]) * in2x2[7] + - ((uint128_t) in1[7]) * in2x2[6] + - ((uint128_t) in1[8]) * in2x2[5]; - - out[5] += ((uint128_t) in1[6]) * in2x2[8] + - ((uint128_t) in1[7]) * in2x2[7] + - ((uint128_t) in1[8]) * in2x2[6]; - - out[6] += ((uint128_t) in1[7]) * in2x2[8] + - ((uint128_t) in1[8]) * in2x2[7]; - - out[7] += ((uint128_t) in1[8]) * in2x2[8]; + out[0] += ((uint128_t)in1[1]) * in2x2[8] + ((uint128_t)in1[2]) * in2x2[7] + ((uint128_t)in1[3]) * in2x2[6] + ((uint128_t)in1[4]) * in2x2[5] + ((uint128_t)in1[5]) * in2x2[4] + ((uint128_t)in1[6]) * in2x2[3] + ((uint128_t)in1[7]) * in2x2[2] + ((uint128_t)in1[8]) * in2x2[1]; + + out[1] += ((uint128_t)in1[2]) * in2x2[8] + ((uint128_t)in1[3]) * in2x2[7] + ((uint128_t)in1[4]) * in2x2[6] + ((uint128_t)in1[5]) * in2x2[5] + ((uint128_t)in1[6]) * in2x2[4] + ((uint128_t)in1[7]) * in2x2[3] + ((uint128_t)in1[8]) * in2x2[2]; + + out[2] += ((uint128_t)in1[3]) * in2x2[8] + ((uint128_t)in1[4]) * in2x2[7] + ((uint128_t)in1[5]) * in2x2[6] + ((uint128_t)in1[6]) * in2x2[5] + ((uint128_t)in1[7]) * in2x2[4] + ((uint128_t)in1[8]) * in2x2[3]; + + out[3] += ((uint128_t)in1[4]) * in2x2[8] + ((uint128_t)in1[5]) * in2x2[7] + ((uint128_t)in1[6]) * in2x2[6] + ((uint128_t)in1[7]) * in2x2[5] + ((uint128_t)in1[8]) * in2x2[4]; + + out[4] += ((uint128_t)in1[5]) * in2x2[8] + ((uint128_t)in1[6]) * in2x2[7] + ((uint128_t)in1[7]) * in2x2[6] + ((uint128_t)in1[8]) * in2x2[5]; + + out[5] += ((uint128_t)in1[6]) * in2x2[8] + ((uint128_t)in1[7]) * in2x2[7] + ((uint128_t)in1[8]) * in2x2[6]; + + out[6] += ((uint128_t)in1[7]) * in2x2[8] + ((uint128_t)in1[8]) * in2x2[7]; + + out[7] += ((uint128_t)in1[8]) * in2x2[8]; } static const limb bottom52bits = 0xfffffffffffff; @@ -604,67 +523,67 @@ { u64 overflow1, overflow2; - out[0] = ((limb) in[0]) & bottom58bits; - out[1] = ((limb) in[1]) & bottom58bits; - out[2] = ((limb) in[2]) & bottom58bits; - out[3] = ((limb) in[3]) & bottom58bits; - out[4] = ((limb) in[4]) & bottom58bits; - out[5] = ((limb) in[5]) & bottom58bits; - out[6] = ((limb) in[6]) & bottom58bits; - out[7] = ((limb) in[7]) & bottom58bits; - out[8] = ((limb) in[8]) & bottom58bits; + out[0] = ((limb)in[0]) & bottom58bits; + out[1] = ((limb)in[1]) & bottom58bits; + out[2] = ((limb)in[2]) & bottom58bits; + out[3] = ((limb)in[3]) & bottom58bits; + out[4] = ((limb)in[4]) & bottom58bits; + out[5] = ((limb)in[5]) & bottom58bits; + out[6] = ((limb)in[6]) & bottom58bits; + out[7] = ((limb)in[7]) & bottom58bits; + out[8] = ((limb)in[8]) & bottom58bits; /* out[i] < 2^58 */ - out[1] += ((limb) in[0]) >> 58; - out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; + out[1] += ((limb)in[0]) >> 58; + out[1] += (((limb)(in[0] >> 64)) & bottom52bits) << 6; /*- * out[1] < 2^58 + 2^6 + 2^58 * = 2^59 + 2^6 */ - out[2] += ((limb) (in[0] >> 64)) >> 52; + out[2] += ((limb)(in[0] >> 64)) >> 52; - out[2] += ((limb) in[1]) >> 58; - out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6; - out[3] += ((limb) (in[1] >> 64)) >> 52; + out[2] += ((limb)in[1]) >> 58; + out[2] += (((limb)(in[1] >> 64)) & bottom52bits) << 6; + out[3] += ((limb)(in[1] >> 64)) >> 52; - out[3] += ((limb) in[2]) >> 58; - out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6; - out[4] += ((limb) (in[2] >> 64)) >> 52; + out[3] += ((limb)in[2]) >> 58; + out[3] += (((limb)(in[2] >> 64)) & bottom52bits) << 6; + out[4] += ((limb)(in[2] >> 64)) >> 52; - out[4] += ((limb) in[3]) >> 58; - out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6; - out[5] += ((limb) (in[3] >> 64)) >> 52; + out[4] += ((limb)in[3]) >> 58; + out[4] += (((limb)(in[3] >> 64)) & bottom52bits) << 6; + out[5] += ((limb)(in[3] >> 64)) >> 52; - out[5] += ((limb) in[4]) >> 58; - out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6; - out[6] += ((limb) (in[4] >> 64)) >> 52; + out[5] += ((limb)in[4]) >> 58; + out[5] += (((limb)(in[4] >> 64)) & bottom52bits) << 6; + out[6] += ((limb)(in[4] >> 64)) >> 52; - out[6] += ((limb) in[5]) >> 58; - out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6; - out[7] += ((limb) (in[5] >> 64)) >> 52; + out[6] += ((limb)in[5]) >> 58; + out[6] += (((limb)(in[5] >> 64)) & bottom52bits) << 6; + out[7] += ((limb)(in[5] >> 64)) >> 52; - out[7] += ((limb) in[6]) >> 58; - out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6; - out[8] += ((limb) (in[6] >> 64)) >> 52; + out[7] += ((limb)in[6]) >> 58; + out[7] += (((limb)(in[6] >> 64)) & bottom52bits) << 6; + out[8] += ((limb)(in[6] >> 64)) >> 52; - out[8] += ((limb) in[7]) >> 58; - out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; + out[8] += ((limb)in[7]) >> 58; + out[8] += (((limb)(in[7] >> 64)) & bottom52bits) << 6; /*- * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 * < 2^59 + 2^13 */ - overflow1 = ((limb) (in[7] >> 64)) >> 52; + overflow1 = ((limb)(in[7] >> 64)) >> 52; - overflow1 += ((limb) in[8]) >> 58; - overflow1 += (((limb) (in[8] >> 64)) & bottom52bits) << 6; - overflow2 = ((limb) (in[8] >> 64)) >> 52; + overflow1 += ((limb)in[8]) >> 58; + overflow1 += (((limb)(in[8] >> 64)) & bottom52bits) << 6; + overflow2 = ((limb)(in[8] >> 64)) >> 52; - overflow1 <<= 1; /* overflow1 < 2^13 + 2^7 + 2^59 */ - overflow2 <<= 1; /* overflow2 < 2^13 */ + overflow1 <<= 1; /* overflow1 < 2^13 + 2^7 + 2^59 */ + overflow2 <<= 1; /* overflow2 < 2^13 */ - out[0] += overflow1; /* out[0] < 2^60 */ - out[1] += overflow2; /* out[1] < 2^59 + 2^6 + 2^13 */ + out[0] += overflow1; /* out[0] < 2^60 */ + out[1] += overflow2; /* out[1] < 2^59 + 2^6 + 2^13 */ out[1] += out[0] >> 58; out[0] &= bottom58bits; @@ -679,28 +598,26 @@ void felem_square_wrapper(largefelem out, const felem in); void felem_mul_wrapper(largefelem out, const felem in1, const felem in2); -static void (*felem_square_p)(largefelem out, const felem in) = - felem_square_wrapper; -static void (*felem_mul_p)(largefelem out, const felem in1, const felem in2) = - felem_mul_wrapper; +static void (*felem_square_p)(largefelem out, const felem in) = felem_square_wrapper; +static void (*felem_mul_p)(largefelem out, const felem in1, const felem in2) = felem_mul_wrapper; void p521_felem_square(largefelem out, const felem in); void p521_felem_mul(largefelem out, const felem in1, const felem in2); -# if defined(_ARCH_PPC64) -# include "crypto/ppc_arch.h" -# endif +#if defined(_ARCH_PPC64) +#include "crypto/ppc_arch.h" +#endif void felem_select(void) { -# if defined(_ARCH_PPC64) +#if defined(_ARCH_PPC64) if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) { felem_square_p = p521_felem_square; felem_mul_p = p521_felem_mul; return; } -# endif +#endif /* Default */ felem_square_p = felem_square_ref; @@ -719,11 +636,11 @@ felem_mul_p(out, in1, in2); } -# define felem_square felem_square_p -# define felem_mul felem_mul_p +#define felem_square felem_square_p +#define felem_mul felem_mul_p #else -# define felem_square felem_square_ref -# define felem_mul felem_mul_ref +#define felem_square felem_square_ref +#define felem_mul felem_mul_ref #endif static void felem_square_reduce(felem out, const felem in) @@ -755,40 +672,40 @@ unsigned i; felem_square(tmp, in); - felem_reduce(ftmp, tmp); /* 2^1 */ + felem_reduce(ftmp, tmp); /* 2^1 */ felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^2 - 2^0 */ + felem_reduce(ftmp, tmp); /* 2^2 - 2^0 */ felem_assign(ftmp2, ftmp); felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 2^1 */ + felem_reduce(ftmp, tmp); /* 2^3 - 2^1 */ felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 2^0 */ + felem_reduce(ftmp, tmp); /* 2^3 - 2^0 */ felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^4 - 2^1 */ + felem_reduce(ftmp, tmp); /* 2^4 - 2^1 */ felem_square(tmp, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^3 - 2^1 */ + felem_reduce(ftmp3, tmp); /* 2^3 - 2^1 */ felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^4 - 2^2 */ + felem_reduce(ftmp3, tmp); /* 2^4 - 2^2 */ felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^4 - 2^0 */ + felem_reduce(ftmp3, tmp); /* 2^4 - 2^0 */ felem_assign(ftmp2, ftmp3); felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^5 - 2^1 */ + felem_reduce(ftmp3, tmp); /* 2^5 - 2^1 */ felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^6 - 2^2 */ + felem_reduce(ftmp3, tmp); /* 2^6 - 2^2 */ felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^7 - 2^3 */ + felem_reduce(ftmp3, tmp); /* 2^7 - 2^3 */ felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^8 - 2^4 */ + felem_reduce(ftmp3, tmp); /* 2^8 - 2^4 */ felem_assign(ftmp4, ftmp3); felem_mul(tmp, ftmp3, ftmp); - felem_reduce(ftmp4, tmp); /* 2^8 - 2^1 */ + felem_reduce(ftmp4, tmp); /* 2^8 - 2^1 */ felem_square(tmp, ftmp4); - felem_reduce(ftmp4, tmp); /* 2^9 - 2^2 */ + felem_reduce(ftmp4, tmp); /* 2^9 - 2^2 */ felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^8 - 2^0 */ + felem_reduce(ftmp3, tmp); /* 2^8 - 2^0 */ felem_assign(ftmp2, ftmp3); for (i = 0; i < 8; i++) { @@ -796,7 +713,7 @@ felem_reduce(ftmp3, tmp); /* 2^16 - 2^8 */ } felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^16 - 2^0 */ + felem_reduce(ftmp3, tmp); /* 2^16 - 2^0 */ felem_assign(ftmp2, ftmp3); for (i = 0; i < 16; i++) { @@ -804,7 +721,7 @@ felem_reduce(ftmp3, tmp); /* 2^32 - 2^16 */ } felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^32 - 2^0 */ + felem_reduce(ftmp3, tmp); /* 2^32 - 2^0 */ felem_assign(ftmp2, ftmp3); for (i = 0; i < 32; i++) { @@ -812,7 +729,7 @@ felem_reduce(ftmp3, tmp); /* 2^64 - 2^32 */ } felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^64 - 2^0 */ + felem_reduce(ftmp3, tmp); /* 2^64 - 2^0 */ felem_assign(ftmp2, ftmp3); for (i = 0; i < 64; i++) { @@ -820,7 +737,7 @@ felem_reduce(ftmp3, tmp); /* 2^128 - 2^64 */ } felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^128 - 2^0 */ + felem_reduce(ftmp3, tmp); /* 2^128 - 2^0 */ felem_assign(ftmp2, ftmp3); for (i = 0; i < 128; i++) { @@ -828,7 +745,7 @@ felem_reduce(ftmp3, tmp); /* 2^256 - 2^128 */ } felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^256 - 2^0 */ + felem_reduce(ftmp3, tmp); /* 2^256 - 2^0 */ felem_assign(ftmp2, ftmp3); for (i = 0; i < 256; i++) { @@ -836,16 +753,16 @@ felem_reduce(ftmp3, tmp); /* 2^512 - 2^256 */ } felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^512 - 2^0 */ + felem_reduce(ftmp3, tmp); /* 2^512 - 2^0 */ for (i = 0; i < 9; i++) { felem_square(tmp, ftmp3); felem_reduce(ftmp3, tmp); /* 2^521 - 2^9 */ } felem_mul(tmp, ftmp3, ftmp4); - felem_reduce(ftmp3, tmp); /* 2^512 - 2^2 */ + felem_reduce(ftmp3, tmp); /* 2^512 - 2^2 */ felem_mul(tmp, ftmp3, in); - felem_reduce(out, tmp); /* 2^512 - 3 */ + felem_reduce(out, tmp); /* 2^512 - 3 */ } /* This is 2^521-1, expressed as an felem */ @@ -931,7 +848,7 @@ static int felem_is_zero_int(const void *in) { - return (int)(felem_is_zero(in) & ((limb) 1)); + return (int)(felem_is_zero(in) & ((limb)1)); } /*- @@ -942,7 +859,7 @@ static void felem_contract(felem out, const felem in) { limb is_p, is_greater, sign; - static const limb two58 = ((limb) 1) << 58; + static const limb two58 = ((limb)1) << 58; felem_assign(out, in); @@ -1086,7 +1003,7 @@ * while x_out == y_in is not (maybe this works, but it's not tested). */ static void point_double(felem x_out, felem y_out, felem z_out, - const felem x_in, const felem y_in, const felem z_in) + const felem x_in, const felem y_in, const felem z_in) { largefelem tmp, tmp2; felem delta, gamma, beta, alpha, ftmp, ftmp2; @@ -1096,15 +1013,15 @@ /* delta = z^2 */ felem_square(tmp, z_in); - felem_reduce(delta, tmp); /* delta[i] < 2^59 + 2^14 */ + felem_reduce(delta, tmp); /* delta[i] < 2^59 + 2^14 */ /* gamma = y^2 */ felem_square(tmp, y_in); - felem_reduce(gamma, tmp); /* gamma[i] < 2^59 + 2^14 */ + felem_reduce(gamma, tmp); /* gamma[i] < 2^59 + 2^14 */ /* beta = x*gamma */ felem_mul(tmp, x_in, gamma); - felem_reduce(beta, tmp); /* beta[i] < 2^59 + 2^14 */ + felem_reduce(beta, tmp); /* beta[i] < 2^59 + 2^14 */ /* alpha = 3*(x-delta)*(x+delta) */ felem_diff64(ftmp, delta); @@ -1204,9 +1121,9 @@ * on constant-time. */ static void point_add(felem x3, felem y3, felem z3, - const felem x1, const felem y1, const felem z1, - const int mixed, const felem x2, const felem y2, - const felem z2) + const felem x1, const felem y1, const felem z1, + const int mixed, const felem x2, const felem y2, + const felem z2) { felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; largefelem tmp, tmp2; @@ -1374,11 +1291,11 @@ felem_scalar128(tmp2, 2); /* tmp2[i] < 17*2^121 */ felem_diff128(tmp, tmp2); - /*- - * tmp[i] < 2^127 - 2^69 + 17*2^122 - * = 2^126 - 2^122 - 2^6 - 2^2 - 1 - * < 2^127 - */ + /*- + * tmp[i] < 2^127 - 2^69 + 17*2^122 + * = 2^126 - 2^122 - 2^6 - 2^2 - 1 + * < 2^127 + */ felem_reduce(y_out, tmp); copy_conditional(x_out, x2, z1_is_zero); @@ -1428,123 +1345,123 @@ /* gmul is the table of precomputed base points */ static const felem gmul[16][3] = { -{{0, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334, - 0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8, - 0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404}, - {0x00be94769fd16650, 0x031c21a89cb09022, 0x039013fad0761353, - 0x02657bd099031542, 0x03273e662c97ee72, 0x01e6d11a05ebef45, - 0x03d1bd998f544495, 0x03001172297ed0b1, 0x011839296a789a3b}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x0373faacbc875bae, 0x00f325023721c671, 0x00f666fd3dbde5ad, - 0x01a6932363f88ea7, 0x01fc6d9e13f9c47b, 0x03bcbffc2bbf734e, - 0x013ee3c3647f3a92, 0x029409fefe75d07d, 0x00ef9199963d85e5}, - {0x011173743ad5b178, 0x02499c7c21bf7d46, 0x035beaeabb8b1a58, - 0x00f989c4752ea0a3, 0x0101e1de48a9c1a3, 0x01a20076be28ba6c, - 0x02f8052e5eb2de95, 0x01bfe8f82dea117c, 0x0160074d3c36ddb7}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x012f3fc373393b3b, 0x03d3d6172f1419fa, 0x02adc943c0b86873, - 0x00d475584177952b, 0x012a4d1673750ee2, 0x00512517a0f13b0c, - 0x02b184671a7b1734, 0x0315b84236f1a50a, 0x00a4afc472edbdb9}, - {0x00152a7077f385c4, 0x03044007d8d1c2ee, 0x0065829d61d52b52, - 0x00494ff6b6631d0d, 0x00a11d94d5f06bcf, 0x02d2f89474d9282e, - 0x0241c5727c06eeb9, 0x0386928710fbdb9d, 0x01f883f727b0dfbe}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x019b0c3c9185544d, 0x006243a37c9d97db, 0x02ee3cbe030a2ad2, - 0x00cfdd946bb51e0d, 0x0271c00932606b91, 0x03f817d1ec68c561, - 0x03f37009806a369c, 0x03c1f30baf184fd5, 0x01091022d6d2f065}, - {0x0292c583514c45ed, 0x0316fca51f9a286c, 0x00300af507c1489a, - 0x0295f69008298cf1, 0x02c0ed8274943d7b, 0x016509b9b47a431e, - 0x02bc9de9634868ce, 0x005b34929bffcb09, 0x000c1a0121681524}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x0286abc0292fb9f2, 0x02665eee9805b3f7, 0x01ed7455f17f26d6, - 0x0346355b83175d13, 0x006284944cd0a097, 0x0191895bcdec5e51, - 0x02e288370afda7d9, 0x03b22312bfefa67a, 0x01d104d3fc0613fe}, - {0x0092421a12f7e47f, 0x0077a83fa373c501, 0x03bd25c5f696bd0d, - 0x035c41e4d5459761, 0x01ca0d1742b24f53, 0x00aaab27863a509c, - 0x018b6de47df73917, 0x025c0b771705cd01, 0x01fd51d566d760a7}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x01dd92ff6b0d1dbd, 0x039c5e2e8f8afa69, 0x0261ed13242c3b27, - 0x0382c6e67026e6a0, 0x01d60b10be2089f9, 0x03c15f3dce86723f, - 0x03c764a32d2a062d, 0x017307eac0fad056, 0x018207c0b96c5256}, - {0x0196a16d60e13154, 0x03e6ce74c0267030, 0x00ddbf2b4e52a5aa, - 0x012738241bbf31c8, 0x00ebe8dc04685a28, 0x024c2ad6d380d4a2, - 0x035ee062a6e62d0e, 0x0029ed74af7d3a0f, 0x00eef32aec142ebd}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x00c31ec398993b39, 0x03a9f45bcda68253, 0x00ac733c24c70890, - 0x00872b111401ff01, 0x01d178c23195eafb, 0x03bca2c816b87f74, - 0x0261a9af46fbad7a, 0x0324b2a8dd3d28f9, 0x00918121d8f24e23}, - {0x032bc8c1ca983cd7, 0x00d869dfb08fc8c6, 0x01693cb61fce1516, - 0x012a5ea68f4e88a8, 0x010869cab88d7ae3, 0x009081ad277ceee1, - 0x033a77166d064cdc, 0x03955235a1fb3a95, 0x01251a4a9b25b65e}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x00148a3a1b27f40b, 0x0123186df1b31fdc, 0x00026e7beaad34ce, - 0x01db446ac1d3dbba, 0x0299c1a33437eaec, 0x024540610183cbb7, - 0x0173bb0e9ce92e46, 0x02b937e43921214b, 0x01ab0436a9bf01b5}, - {0x0383381640d46948, 0x008dacbf0e7f330f, 0x03602122bcc3f318, - 0x01ee596b200620d6, 0x03bd0585fda430b3, 0x014aed77fd123a83, - 0x005ace749e52f742, 0x0390fe041da2b842, 0x0189a8ceb3299242}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x012a19d6b3282473, 0x00c0915918b423ce, 0x023a954eb94405ae, - 0x00529f692be26158, 0x0289fa1b6fa4b2aa, 0x0198ae4ceea346ef, - 0x0047d8cdfbdedd49, 0x00cc8c8953f0f6b8, 0x001424abbff49203}, - {0x0256732a1115a03a, 0x0351bc38665c6733, 0x03f7b950fb4a6447, - 0x000afffa94c22155, 0x025763d0a4dab540, 0x000511e92d4fc283, - 0x030a7e9eda0ee96c, 0x004c3cd93a28bf0a, 0x017edb3a8719217f}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x011de5675a88e673, 0x031d7d0f5e567fbe, 0x0016b2062c970ae5, - 0x03f4a2be49d90aa7, 0x03cef0bd13822866, 0x03f0923dcf774a6c, - 0x0284bebc4f322f72, 0x016ab2645302bb2c, 0x01793f95dace0e2a}, - {0x010646e13527a28f, 0x01ca1babd59dc5e7, 0x01afedfd9a5595df, - 0x01f15785212ea6b1, 0x0324e5d64f6ae3f4, 0x02d680f526d00645, - 0x0127920fadf627a7, 0x03b383f75df4f684, 0x0089e0057e783b0a}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x00f334b9eb3c26c6, 0x0298fdaa98568dce, 0x01c2d24843a82292, - 0x020bcb24fa1b0711, 0x02cbdb3d2b1875e6, 0x0014907598f89422, - 0x03abe3aa43b26664, 0x02cbf47f720bc168, 0x0133b5e73014b79b}, - {0x034aab5dab05779d, 0x00cdc5d71fee9abb, 0x0399f16bd4bd9d30, - 0x03582fa592d82647, 0x02be1cdfb775b0e9, 0x0034f7cea32e94cb, - 0x0335a7f08f56f286, 0x03b707e9565d1c8b, 0x0015c946ea5b614f}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x024676f6cff72255, 0x00d14625cac96378, 0x00532b6008bc3767, - 0x01fc16721b985322, 0x023355ea1b091668, 0x029de7afdc0317c3, - 0x02fc8a7ca2da037c, 0x02de1217d74a6f30, 0x013f7173175b73bf}, - {0x0344913f441490b5, 0x0200f9e272b61eca, 0x0258a246b1dd55d2, - 0x03753db9ea496f36, 0x025e02937a09c5ef, 0x030cbd3d14012692, - 0x01793a67e70dc72a, 0x03ec1d37048a662e, 0x006550f700c32a8d}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x00d3f48a347eba27, 0x008e636649b61bd8, 0x00d3b93716778fb3, - 0x004d1915757bd209, 0x019d5311a3da44e0, 0x016d1afcbbe6aade, - 0x0241bf5f73265616, 0x0384672e5d50d39b, 0x005009fee522b684}, - {0x029b4fab064435fe, 0x018868ee095bbb07, 0x01ea3d6936cc92b8, - 0x000608b00f78a2f3, 0x02db911073d1c20f, 0x018205938470100a, - 0x01f1e4964cbe6ff2, 0x021a19a29eed4663, 0x01414485f42afa81}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x01612b3a17f63e34, 0x03813992885428e6, 0x022b3c215b5a9608, - 0x029b4057e19f2fcb, 0x0384059a587af7e6, 0x02d6400ace6fe610, - 0x029354d896e8e331, 0x00c047ee6dfba65e, 0x0037720542e9d49d}, - {0x02ce9eed7c5e9278, 0x0374ed703e79643b, 0x01316c54c4072006, - 0x005aaa09054b2ee8, 0x002824000c840d57, 0x03d4eba24771ed86, - 0x0189c50aabc3bdae, 0x0338c01541e15510, 0x00466d56e38eed42}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x007efd8330ad8bd6, 0x02465ed48047710b, 0x0034c6606b215e0c, - 0x016ae30c53cbf839, 0x01fa17bd37161216, 0x018ead4e61ce8ab9, - 0x005482ed5f5dee46, 0x037543755bba1d7f, 0x005e5ac7e70a9d0f}, - {0x0117e1bb2fdcb2a2, 0x03deea36249f40c4, 0x028d09b4a6246cb7, - 0x03524b8855bcf756, 0x023d7d109d5ceb58, 0x0178e43e3223ef9c, - 0x0154536a0c6e966a, 0x037964d1286ee9fe, 0x0199bcd90e125055}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}} + { { 0, 0, 0, 0, 0, 0, 0, 0, 0 }, + { 0, 0, 0, 0, 0, 0, 0, 0, 0 }, + { 0, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334, + 0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8, + 0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404 }, + { 0x00be94769fd16650, 0x031c21a89cb09022, 0x039013fad0761353, + 0x02657bd099031542, 0x03273e662c97ee72, 0x01e6d11a05ebef45, + 0x03d1bd998f544495, 0x03001172297ed0b1, 0x011839296a789a3b }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x0373faacbc875bae, 0x00f325023721c671, 0x00f666fd3dbde5ad, + 0x01a6932363f88ea7, 0x01fc6d9e13f9c47b, 0x03bcbffc2bbf734e, + 0x013ee3c3647f3a92, 0x029409fefe75d07d, 0x00ef9199963d85e5 }, + { 0x011173743ad5b178, 0x02499c7c21bf7d46, 0x035beaeabb8b1a58, + 0x00f989c4752ea0a3, 0x0101e1de48a9c1a3, 0x01a20076be28ba6c, + 0x02f8052e5eb2de95, 0x01bfe8f82dea117c, 0x0160074d3c36ddb7 }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x012f3fc373393b3b, 0x03d3d6172f1419fa, 0x02adc943c0b86873, + 0x00d475584177952b, 0x012a4d1673750ee2, 0x00512517a0f13b0c, + 0x02b184671a7b1734, 0x0315b84236f1a50a, 0x00a4afc472edbdb9 }, + { 0x00152a7077f385c4, 0x03044007d8d1c2ee, 0x0065829d61d52b52, + 0x00494ff6b6631d0d, 0x00a11d94d5f06bcf, 0x02d2f89474d9282e, + 0x0241c5727c06eeb9, 0x0386928710fbdb9d, 0x01f883f727b0dfbe }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x019b0c3c9185544d, 0x006243a37c9d97db, 0x02ee3cbe030a2ad2, + 0x00cfdd946bb51e0d, 0x0271c00932606b91, 0x03f817d1ec68c561, + 0x03f37009806a369c, 0x03c1f30baf184fd5, 0x01091022d6d2f065 }, + { 0x0292c583514c45ed, 0x0316fca51f9a286c, 0x00300af507c1489a, + 0x0295f69008298cf1, 0x02c0ed8274943d7b, 0x016509b9b47a431e, + 0x02bc9de9634868ce, 0x005b34929bffcb09, 0x000c1a0121681524 }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x0286abc0292fb9f2, 0x02665eee9805b3f7, 0x01ed7455f17f26d6, + 0x0346355b83175d13, 0x006284944cd0a097, 0x0191895bcdec5e51, + 0x02e288370afda7d9, 0x03b22312bfefa67a, 0x01d104d3fc0613fe }, + { 0x0092421a12f7e47f, 0x0077a83fa373c501, 0x03bd25c5f696bd0d, + 0x035c41e4d5459761, 0x01ca0d1742b24f53, 0x00aaab27863a509c, + 0x018b6de47df73917, 0x025c0b771705cd01, 0x01fd51d566d760a7 }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x01dd92ff6b0d1dbd, 0x039c5e2e8f8afa69, 0x0261ed13242c3b27, + 0x0382c6e67026e6a0, 0x01d60b10be2089f9, 0x03c15f3dce86723f, + 0x03c764a32d2a062d, 0x017307eac0fad056, 0x018207c0b96c5256 }, + { 0x0196a16d60e13154, 0x03e6ce74c0267030, 0x00ddbf2b4e52a5aa, + 0x012738241bbf31c8, 0x00ebe8dc04685a28, 0x024c2ad6d380d4a2, + 0x035ee062a6e62d0e, 0x0029ed74af7d3a0f, 0x00eef32aec142ebd }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x00c31ec398993b39, 0x03a9f45bcda68253, 0x00ac733c24c70890, + 0x00872b111401ff01, 0x01d178c23195eafb, 0x03bca2c816b87f74, + 0x0261a9af46fbad7a, 0x0324b2a8dd3d28f9, 0x00918121d8f24e23 }, + { 0x032bc8c1ca983cd7, 0x00d869dfb08fc8c6, 0x01693cb61fce1516, + 0x012a5ea68f4e88a8, 0x010869cab88d7ae3, 0x009081ad277ceee1, + 0x033a77166d064cdc, 0x03955235a1fb3a95, 0x01251a4a9b25b65e }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x00148a3a1b27f40b, 0x0123186df1b31fdc, 0x00026e7beaad34ce, + 0x01db446ac1d3dbba, 0x0299c1a33437eaec, 0x024540610183cbb7, + 0x0173bb0e9ce92e46, 0x02b937e43921214b, 0x01ab0436a9bf01b5 }, + { 0x0383381640d46948, 0x008dacbf0e7f330f, 0x03602122bcc3f318, + 0x01ee596b200620d6, 0x03bd0585fda430b3, 0x014aed77fd123a83, + 0x005ace749e52f742, 0x0390fe041da2b842, 0x0189a8ceb3299242 }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x012a19d6b3282473, 0x00c0915918b423ce, 0x023a954eb94405ae, + 0x00529f692be26158, 0x0289fa1b6fa4b2aa, 0x0198ae4ceea346ef, + 0x0047d8cdfbdedd49, 0x00cc8c8953f0f6b8, 0x001424abbff49203 }, + { 0x0256732a1115a03a, 0x0351bc38665c6733, 0x03f7b950fb4a6447, + 0x000afffa94c22155, 0x025763d0a4dab540, 0x000511e92d4fc283, + 0x030a7e9eda0ee96c, 0x004c3cd93a28bf0a, 0x017edb3a8719217f }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x011de5675a88e673, 0x031d7d0f5e567fbe, 0x0016b2062c970ae5, + 0x03f4a2be49d90aa7, 0x03cef0bd13822866, 0x03f0923dcf774a6c, + 0x0284bebc4f322f72, 0x016ab2645302bb2c, 0x01793f95dace0e2a }, + { 0x010646e13527a28f, 0x01ca1babd59dc5e7, 0x01afedfd9a5595df, + 0x01f15785212ea6b1, 0x0324e5d64f6ae3f4, 0x02d680f526d00645, + 0x0127920fadf627a7, 0x03b383f75df4f684, 0x0089e0057e783b0a }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x00f334b9eb3c26c6, 0x0298fdaa98568dce, 0x01c2d24843a82292, + 0x020bcb24fa1b0711, 0x02cbdb3d2b1875e6, 0x0014907598f89422, + 0x03abe3aa43b26664, 0x02cbf47f720bc168, 0x0133b5e73014b79b }, + { 0x034aab5dab05779d, 0x00cdc5d71fee9abb, 0x0399f16bd4bd9d30, + 0x03582fa592d82647, 0x02be1cdfb775b0e9, 0x0034f7cea32e94cb, + 0x0335a7f08f56f286, 0x03b707e9565d1c8b, 0x0015c946ea5b614f }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x024676f6cff72255, 0x00d14625cac96378, 0x00532b6008bc3767, + 0x01fc16721b985322, 0x023355ea1b091668, 0x029de7afdc0317c3, + 0x02fc8a7ca2da037c, 0x02de1217d74a6f30, 0x013f7173175b73bf }, + { 0x0344913f441490b5, 0x0200f9e272b61eca, 0x0258a246b1dd55d2, + 0x03753db9ea496f36, 0x025e02937a09c5ef, 0x030cbd3d14012692, + 0x01793a67e70dc72a, 0x03ec1d37048a662e, 0x006550f700c32a8d }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x00d3f48a347eba27, 0x008e636649b61bd8, 0x00d3b93716778fb3, + 0x004d1915757bd209, 0x019d5311a3da44e0, 0x016d1afcbbe6aade, + 0x0241bf5f73265616, 0x0384672e5d50d39b, 0x005009fee522b684 }, + { 0x029b4fab064435fe, 0x018868ee095bbb07, 0x01ea3d6936cc92b8, + 0x000608b00f78a2f3, 0x02db911073d1c20f, 0x018205938470100a, + 0x01f1e4964cbe6ff2, 0x021a19a29eed4663, 0x01414485f42afa81 }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x01612b3a17f63e34, 0x03813992885428e6, 0x022b3c215b5a9608, + 0x029b4057e19f2fcb, 0x0384059a587af7e6, 0x02d6400ace6fe610, + 0x029354d896e8e331, 0x00c047ee6dfba65e, 0x0037720542e9d49d }, + { 0x02ce9eed7c5e9278, 0x0374ed703e79643b, 0x01316c54c4072006, + 0x005aaa09054b2ee8, 0x002824000c840d57, 0x03d4eba24771ed86, + 0x0189c50aabc3bdae, 0x0338c01541e15510, 0x00466d56e38eed42 }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } }, + { { 0x007efd8330ad8bd6, 0x02465ed48047710b, 0x0034c6606b215e0c, + 0x016ae30c53cbf839, 0x01fa17bd37161216, 0x018ead4e61ce8ab9, + 0x005482ed5f5dee46, 0x037543755bba1d7f, 0x005e5ac7e70a9d0f }, + { 0x0117e1bb2fdcb2a2, 0x03deea36249f40c4, 0x028d09b4a6246cb7, + 0x03524b8855bcf756, 0x023d7d109d5ceb58, 0x0178e43e3223ef9c, + 0x0154536a0c6e966a, 0x037964d1286ee9fe, 0x0199bcd90e125055 }, + { 1, 0, 0, 0, 0, 0, 0, 0, 0 } } }; /* * select_point selects the |idx|th point from a precomputation table and * copies it to out. */ - /* pre_comp below is of the size provided in |size| */ +/* pre_comp below is of the size provided in |size| */ static void select_point(const limb idx, unsigned int size, - const felem pre_comp[][3], felem out[3]) + const felem pre_comp[][3], felem out[3]) { unsigned i, j; limb *outlimbs = &out[0][0]; @@ -1580,10 +1497,10 @@ * Output point (X, Y, Z) is stored in x_out, y_out, z_out */ static void batch_mul(felem x_out, felem y_out, felem z_out, - const felem_bytearray scalars[], - const unsigned num_points, const u8 *g_scalar, - const int mixed, const felem pre_comp[][17][3], - const felem g_pre_comp[16][3]) + const felem_bytearray scalars[], + const unsigned num_points, const u8 *g_scalar, + const int mixed, const felem pre_comp[][17][3], + const felem g_pre_comp[16][3]) { int i, skip; unsigned num, gen_mul = (g_scalar != NULL); @@ -1599,8 +1516,8 @@ * of the generator (last quarter of rounds) and additions of other * points multiples (every 5th round). */ - skip = 1; /* save two point operations in the first - * round */ + skip = 1; /* save two point operations in the first + * round */ for (i = (num_points ? 520 : 130); i >= 0; --i) { /* double */ if (!skip) @@ -1619,7 +1536,7 @@ if (!skip) { /* The 1 argument below is for "mixed" */ point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); + nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); } else { memcpy(nq, tmp, 3 * sizeof(felem)); skip = 0; @@ -1644,12 +1561,12 @@ select_point(digit, 17, pre_comp[num], tmp); felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative * point */ - copy_conditional(tmp[1], tmp[3], (-(limb) sign)); + copy_conditional(tmp[1], tmp[3], (-(limb)sign)); if (!skip) { point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], - mixed, tmp[0], tmp[1], tmp[2]); + nq[0], nq[1], nq[2], + mixed, tmp[0], tmp[1], tmp[2]); } else { memcpy(nq, tmp, 3 * sizeof(felem)); skip = 0; @@ -1690,9 +1607,9 @@ ossl_ec_GFp_simple_point_set_to_infinity, ossl_ec_GFp_simple_point_set_affine_coordinates, ossl_ec_GFp_nistp521_point_get_affine_coordinates, - 0 /* point_set_compressed_coordinates */ , - 0 /* point2oct */ , - 0 /* oct2point */ , + 0 /* point_set_compressed_coordinates */, + 0 /* point2oct */, + 0 /* oct2point */, ossl_ec_GFp_simple_add, ossl_ec_GFp_simple_dbl, ossl_ec_GFp_simple_invert, @@ -1706,11 +1623,11 @@ ossl_ec_GFp_nistp521_have_precompute_mult, ossl_ec_GFp_nist_field_mul, ossl_ec_GFp_nist_field_sqr, - 0 /* field_div */ , + 0 /* field_div */, ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ + 0 /* field_encode */, + 0 /* field_decode */, + 0, /* field_set_to_one */ ossl_ec_key_simple_priv2oct, ossl_ec_key_simple_oct2priv, 0, /* set private */ @@ -1727,7 +1644,7 @@ 0, /* blind_coordinates */ 0, /* ladder_pre */ 0, /* ladder_step */ - 0 /* ladder_post */ + 0 /* ladder_post */ }; return &ret; @@ -1797,8 +1714,8 @@ } int ossl_ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) { int ret = 0; BIGNUM *curve_p, *curve_a, *curve_b; @@ -1826,7 +1743,7 @@ } group->field_mod_func = BN_nist_mod_521; ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - err: +err: BN_CTX_end(ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); @@ -1839,9 +1756,9 @@ * (X/Z^2, Y/Z^3) */ int ossl_ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) { felem z1, z2, x_in, y_in, x_out, y_out; largefelem tmp; @@ -1850,8 +1767,7 @@ ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); return 0; } - if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || - (!BN_to_felem(z1, point->Z))) + if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || (!BN_to_felem(z1, point->Z))) return 0; felem_inv(z2, z1); felem_square(tmp, z2); @@ -1881,32 +1797,32 @@ /* points below is of size |num|, and tmp_felems is of size |num+1/ */ static void make_points_affine(size_t num, felem points[][3], - felem tmp_felems[]) + felem tmp_felems[]) { /* * Runs in constant time, unless an input is the point at infinity (which * normally shouldn't happen). */ ossl_ec_GFp_nistp_points_make_affine_internal(num, - points, - sizeof(felem), - tmp_felems, - (void (*)(void *))felem_one, - felem_is_zero_int, - (void (*)(void *, const void *)) - felem_assign, - (void (*)(void *, const void *)) - felem_square_reduce, (void (*) - (void *, - const void - *, - const void - *)) - felem_mul_reduce, - (void (*)(void *, const void *)) - felem_inv, - (void (*)(void *, const void *)) - felem_contract); + points, + sizeof(felem), + tmp_felems, + (void (*)(void *))felem_one, + felem_is_zero_int, + (void (*)(void *, const void *)) + felem_assign, + (void (*)(void *, const void *)) + felem_square_reduce, + (void (*)(void *, + const void + *, + const void + *)) + felem_mul_reduce, + (void (*)(void *, const void *)) + felem_inv, + (void (*)(void *, const void *)) + felem_contract); } /* @@ -1914,9 +1830,9 @@ * values Result is stored in r (r can equal one of the inputs). */ int ossl_ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx) { int ret = 0; int j; @@ -1924,7 +1840,7 @@ BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; - felem (*pre_comp)[17][3] = NULL; + felem(*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; unsigned i; int num_bytes; @@ -1952,20 +1868,18 @@ g_pre_comp = &pre->g_pre_comp[0]; else /* try to use the standard precomputation */ - g_pre_comp = (felem(*)[3]) gmul; + g_pre_comp = (felem(*)[3])gmul; generator = EC_POINT_new(group); if (generator == NULL) goto err; /* get the generator from precomputation */ - if (!felem_to_BN(x, g_pre_comp[1][0]) || - !felem_to_BN(y, g_pre_comp[1][1]) || - !felem_to_BN(z, g_pre_comp[1][2])) { + if (!felem_to_BN(x, g_pre_comp[1][0]) || !felem_to_BN(y, g_pre_comp[1][1]) || !felem_to_BN(z, g_pre_comp[1][2])) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, - generator, - x, y, z, ctx)) + generator, + x, y, z, ctx)) goto err; if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) /* precomputation matches generator */ @@ -1989,8 +1903,7 @@ secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points); pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points); if (mixed) - tmp_felems = - OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1)); + tmp_felems = OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -2027,19 +1940,17 @@ goto err; } num_bytes = BN_bn2lebinpad(tmp_scalar, - secrets[i], sizeof(secrets[i])); + secrets[i], sizeof(secrets[i])); } else { num_bytes = BN_bn2lebinpad(p_scalar, - secrets[i], sizeof(secrets[i])); + secrets[i], sizeof(secrets[i])); } if (num_bytes < 0) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } /* precompute multiples */ - if ((!BN_to_felem(x_out, p->X)) || - (!BN_to_felem(y_out, p->Y)) || - (!BN_to_felem(z_out, p->Z))) + if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || (!BN_to_felem(z_out, p->Z))) goto err; memcpy(pre_comp[i][1][0], x_out, sizeof(felem)); memcpy(pre_comp[i][1][1], y_out, sizeof(felem)); @@ -2047,16 +1958,16 @@ for (j = 2; j <= 16; ++j) { if (j & 1) { point_add(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][1][0], - pre_comp[i][1][1], pre_comp[i][1][2], 0, - pre_comp[i][j - 1][0], - pre_comp[i][j - 1][1], - pre_comp[i][j - 1][2]); + pre_comp[i][j][2], pre_comp[i][1][0], + pre_comp[i][1][1], pre_comp[i][1][2], 0, + pre_comp[i][j - 1][0], + pre_comp[i][j - 1][1], + pre_comp[i][j - 1][2]); } else { point_double(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][j / 2][0], - pre_comp[i][j / 2][1], - pre_comp[i][j / 2][2]); + pre_comp[i][j][2], pre_comp[i][j / 2][0], + pre_comp[i][j / 2][1], + pre_comp[i][j / 2][2]); } } } @@ -2084,29 +1995,28 @@ } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - g_secret, - mixed, (const felem(*)[17][3])pre_comp, - (const felem(*)[3])g_pre_comp); + (const felem_bytearray(*))secrets, num_points, + g_secret, + mixed, (const felem(*)[17][3])pre_comp, + (const felem(*)[3])g_pre_comp); } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + (const felem_bytearray(*))secrets, num_points, + NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); felem_contract(z_in, z_out); - if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || - (!felem_to_BN(z, z_in))) { + if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || (!felem_to_BN(z, z_in))) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, - ctx); + ctx); - err: +err: BN_CTX_end(ctx); EC_POINT_free(generator); OPENSSL_free(secrets); @@ -2161,22 +2071,20 @@ memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); goto done; } - if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) || - (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) || - (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z))) + if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) || (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z))) goto err; /* compute 2^130*G, 2^260*G, 2^390*G */ for (i = 1; i <= 4; i <<= 1) { point_double(pre->g_pre_comp[2 * i][0], pre->g_pre_comp[2 * i][1], - pre->g_pre_comp[2 * i][2], pre->g_pre_comp[i][0], - pre->g_pre_comp[i][1], pre->g_pre_comp[i][2]); + pre->g_pre_comp[2 * i][2], pre->g_pre_comp[i][0], + pre->g_pre_comp[i][1], pre->g_pre_comp[i][2]); for (j = 0; j < 129; ++j) { point_double(pre->g_pre_comp[2 * i][0], - pre->g_pre_comp[2 * i][1], - pre->g_pre_comp[2 * i][2], - pre->g_pre_comp[2 * i][0], - pre->g_pre_comp[2 * i][1], - pre->g_pre_comp[2 * i][2]); + pre->g_pre_comp[2 * i][1], + pre->g_pre_comp[2 * i][2], + pre->g_pre_comp[2 * i][0], + pre->g_pre_comp[2 * i][1], + pre->g_pre_comp[2 * i][2]); } } /* g_pre_comp[0] is the point at infinity */ @@ -2184,44 +2092,44 @@ /* the remaining multiples */ /* 2^130*G + 2^260*G */ point_add(pre->g_pre_comp[6][0], pre->g_pre_comp[6][1], - pre->g_pre_comp[6][2], pre->g_pre_comp[4][0], - pre->g_pre_comp[4][1], pre->g_pre_comp[4][2], - 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], - pre->g_pre_comp[2][2]); + pre->g_pre_comp[6][2], pre->g_pre_comp[4][0], + pre->g_pre_comp[4][1], pre->g_pre_comp[4][2], + 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], + pre->g_pre_comp[2][2]); /* 2^130*G + 2^390*G */ point_add(pre->g_pre_comp[10][0], pre->g_pre_comp[10][1], - pre->g_pre_comp[10][2], pre->g_pre_comp[8][0], - pre->g_pre_comp[8][1], pre->g_pre_comp[8][2], - 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], - pre->g_pre_comp[2][2]); + pre->g_pre_comp[10][2], pre->g_pre_comp[8][0], + pre->g_pre_comp[8][1], pre->g_pre_comp[8][2], + 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], + pre->g_pre_comp[2][2]); /* 2^260*G + 2^390*G */ point_add(pre->g_pre_comp[12][0], pre->g_pre_comp[12][1], - pre->g_pre_comp[12][2], pre->g_pre_comp[8][0], - pre->g_pre_comp[8][1], pre->g_pre_comp[8][2], - 0, pre->g_pre_comp[4][0], pre->g_pre_comp[4][1], - pre->g_pre_comp[4][2]); + pre->g_pre_comp[12][2], pre->g_pre_comp[8][0], + pre->g_pre_comp[8][1], pre->g_pre_comp[8][2], + 0, pre->g_pre_comp[4][0], pre->g_pre_comp[4][1], + pre->g_pre_comp[4][2]); /* 2^130*G + 2^260*G + 2^390*G */ point_add(pre->g_pre_comp[14][0], pre->g_pre_comp[14][1], - pre->g_pre_comp[14][2], pre->g_pre_comp[12][0], - pre->g_pre_comp[12][1], pre->g_pre_comp[12][2], - 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], - pre->g_pre_comp[2][2]); + pre->g_pre_comp[14][2], pre->g_pre_comp[12][0], + pre->g_pre_comp[12][1], pre->g_pre_comp[12][2], + 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], + pre->g_pre_comp[2][2]); for (i = 1; i < 8; ++i) { /* odd multiples: add G */ point_add(pre->g_pre_comp[2 * i + 1][0], - pre->g_pre_comp[2 * i + 1][1], - pre->g_pre_comp[2 * i + 1][2], pre->g_pre_comp[2 * i][0], - pre->g_pre_comp[2 * i][1], pre->g_pre_comp[2 * i][2], 0, - pre->g_pre_comp[1][0], pre->g_pre_comp[1][1], - pre->g_pre_comp[1][2]); + pre->g_pre_comp[2 * i + 1][1], + pre->g_pre_comp[2 * i + 1][2], pre->g_pre_comp[2 * i][0], + pre->g_pre_comp[2 * i][1], pre->g_pre_comp[2 * i][2], 0, + pre->g_pre_comp[1][0], pre->g_pre_comp[1][1], + pre->g_pre_comp[1][2]); } make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems); - done: +done: SETPRECOMP(group, nistp521, pre); ret = 1; pre = NULL; - err: +err: BN_CTX_end(ctx); EC_POINT_free(generator); #ifndef FIPS_MODULE --- crypto/openssl/crypto/ec/ecp_nistputil.c.orig +++ crypto/openssl/crypto/ec/ecp_nistputil.c @@ -49,39 +49,37 @@ * of size 'felem_size'. tmp_felems needs to point to a temporary array of * 'num'+1 field elements for storage of intermediate values. */ -void -ossl_ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, - size_t felem_size, - void *tmp_felems, - void (*felem_one) (void *out), - int (*felem_is_zero) (const void - *in), - void (*felem_assign) (void *out, - const void - *in), - void (*felem_square) (void *out, - const void - *in), - void (*felem_mul) (void *out, - const void - *in1, - const void - *in2), - void (*felem_inv) (void *out, - const void - *in), - void (*felem_contract) (void - *out, - const - void - *in)) +void ossl_ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, + size_t felem_size, + void *tmp_felems, + void (*felem_one)(void *out), + int (*felem_is_zero)(const void + *in), + void (*felem_assign)(void *out, + const void + *in), + void (*felem_square)(void *out, + const void + *in), + void (*felem_mul)(void *out, + const void + *in1, + const void + *in2), + void (*felem_inv)(void *out, + const void + *in), + void (*felem_contract)(void + *out, + const void + *in)) { int i = 0; #define tmp_felem(I) (&((char *)tmp_felems)[(I) * felem_size]) -#define X(I) (&((char *)point_array)[3*(I) * felem_size]) -#define Y(I) (&((char *)point_array)[(3*(I) + 1) * felem_size]) -#define Z(I) (&((char *)point_array)[(3*(I) + 2) * felem_size]) +#define X(I) (&((char *)point_array)[3 * (I) * felem_size]) +#define Y(I) (&((char *)point_array)[(3 * (I) + 1) * felem_size]) +#define Z(I) (&((char *)point_array)[(3 * (I) + 2) * felem_size]) if (!felem_is_zero(Z(0))) felem_assign(tmp_felem(0), Z(0)); @@ -211,12 +209,12 @@ * */ void ossl_ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, - unsigned char *digit, unsigned char in) + unsigned char *digit, unsigned char in) { unsigned char s, d; - s = ~((in >> 5) - 1); /* sets all bits to MSB(in), 'in' seen as - * 6-bit value */ + s = ~((in >> 5) - 1); /* sets all bits to MSB(in), 'in' seen as + * 6-bit value */ d = (1 << 6) - in - 1; d = (d & s) | (in & ~s); d = (d >> 1) + (d & 1); --- crypto/openssl/crypto/ec/ecp_nistz256.c.orig +++ crypto/openssl/crypto/ec/ecp_nistz256.c @@ -32,21 +32,21 @@ #include "internal/refcount.h" #if BN_BITS2 != 64 -# define TOBN(hi,lo) lo,hi +#define TOBN(hi, lo) lo, hi #else -# define TOBN(hi,lo) ((BN_ULONG)hi<<32|lo) +#define TOBN(hi, lo) ((BN_ULONG)hi << 32 | lo) #endif #if defined(__GNUC__) -# define ALIGN32 __attribute((aligned(32))) +#define ALIGN32 __attribute((aligned(32))) #elif defined(_MSC_VER) -# define ALIGN32 __declspec(align(32)) +#define ALIGN32 __declspec(align(32)) #else -# define ALIGN32 +#define ALIGN32 #endif -#define ALIGNPTR(p,N) ((unsigned char *)p+N-(size_t)p%N) -#define P256_LIMBS (256/BN_BITS2) +#define ALIGNPTR(p, N) ((unsigned char *)p + N - (size_t)p % N) +#define P256_LIMBS (256 / BN_BITS2) typedef unsigned short u16; @@ -65,8 +65,8 @@ /* structure for precomputed multiples of the generator */ struct nistz256_pre_comp_st { - const EC_GROUP *group; /* Parent EC_GROUP object */ - size_t w; /* Window size */ + const EC_GROUP *group; /* Parent EC_GROUP object */ + size_t w; /* Window size */ /* * Constant time access to the X and Y coordinates of the pre-computed, * generator multiplies, in the Montgomery domain. Pre-calculated @@ -97,46 +97,46 @@ */ /* Modular add: res = a+b mod P */ void ecp_nistz256_add(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]); + const BN_ULONG a[P256_LIMBS], + const BN_ULONG b[P256_LIMBS]); /* Modular mul by 2: res = 2*a mod P */ void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS]); + const BN_ULONG a[P256_LIMBS]); /* Modular mul by 3: res = 3*a mod P */ void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS]); + const BN_ULONG a[P256_LIMBS]); /* Modular div by 2: res = a/2 mod P */ void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS]); + const BN_ULONG a[P256_LIMBS]); /* Modular sub: res = a-b mod P */ void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]); + const BN_ULONG a[P256_LIMBS], + const BN_ULONG b[P256_LIMBS]); /* Modular neg: res = -a mod P */ void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]); /* Montgomery mul: res = a*b*2^-256 mod P */ void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]); + const BN_ULONG a[P256_LIMBS], + const BN_ULONG b[P256_LIMBS]); /* Montgomery sqr: res = a*a*2^-256 mod P */ void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS]); + const BN_ULONG a[P256_LIMBS]); /* Convert a number from Montgomery domain, by multiplying with 1 */ void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG in[P256_LIMBS]); + const BN_ULONG in[P256_LIMBS]); /* Convert a number to Montgomery domain, by multiplying with 2^512 mod P*/ void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG in[P256_LIMBS]); + const BN_ULONG in[P256_LIMBS]); /* Functions that perform constant time access to the precomputed tables */ void ecp_nistz256_scatter_w5(P256_POINT *val, - const P256_POINT *in_t, int idx); + const P256_POINT *in_t, int idx); void ecp_nistz256_gather_w5(P256_POINT *val, - const P256_POINT *in_t, int idx); + const P256_POINT *in_t, int idx); void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val, - const P256_POINT_AFFINE *in_t, int idx); + const P256_POINT_AFFINE *in_t, int idx); void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val, - const P256_POINT_AFFINE *in_t, int idx); + const P256_POINT_AFFINE *in_t, int idx); /* One converted into the Montgomery domain */ static const BN_ULONG ONE[P256_LIMBS] = { @@ -175,9 +175,9 @@ } static void copy_conditional(BN_ULONG dst[P256_LIMBS], - const BN_ULONG src[P256_LIMBS], BN_ULONG move) + const BN_ULONG src[P256_LIMBS], BN_ULONG move) { - BN_ULONG mask1 = 0-move; + BN_ULONG mask1 = 0 - move; BN_ULONG mask2 = ~mask1; dst[0] = (src[0] & mask1) ^ (dst[0] & mask2); @@ -201,7 +201,7 @@ } static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]) + const BN_ULONG b[P256_LIMBS]) { BN_ULONG res; @@ -257,10 +257,10 @@ #ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); void ecp_nistz256_point_add(P256_POINT *r, - const P256_POINT *a, const P256_POINT *b); + const P256_POINT *a, const P256_POINT *b); void ecp_nistz256_point_add_affine(P256_POINT *r, - const P256_POINT *a, - const P256_POINT_AFFINE *b); + const P256_POINT *a, + const P256_POINT_AFFINE *b); #else /* Point double: r = 2*a */ static void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a) @@ -310,7 +310,7 @@ /* Point addition: r = a+b */ static void ecp_nistz256_point_add(P256_POINT *r, - const P256_POINT *a, const P256_POINT *b) + const P256_POINT *a, const P256_POINT *b) { BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS]; BN_ULONG U1[P256_LIMBS], S1[P256_LIMBS]; @@ -349,19 +349,19 @@ in1infty = is_zero(in1infty); in2infty = is_zero(in2infty); - ecp_nistz256_sqr_mont(Z2sqr, in2_z); /* Z2^2 */ - ecp_nistz256_sqr_mont(Z1sqr, in1_z); /* Z1^2 */ + ecp_nistz256_sqr_mont(Z2sqr, in2_z); /* Z2^2 */ + ecp_nistz256_sqr_mont(Z1sqr, in1_z); /* Z1^2 */ - ecp_nistz256_mul_mont(S1, Z2sqr, in2_z); /* S1 = Z2^3 */ - ecp_nistz256_mul_mont(S2, Z1sqr, in1_z); /* S2 = Z1^3 */ + ecp_nistz256_mul_mont(S1, Z2sqr, in2_z); /* S1 = Z2^3 */ + ecp_nistz256_mul_mont(S2, Z1sqr, in1_z); /* S2 = Z1^3 */ - ecp_nistz256_mul_mont(S1, S1, in1_y); /* S1 = Y1*Z2^3 */ - ecp_nistz256_mul_mont(S2, S2, in2_y); /* S2 = Y2*Z1^3 */ - ecp_nistz256_sub(R, S2, S1); /* R = S2 - S1 */ + ecp_nistz256_mul_mont(S1, S1, in1_y); /* S1 = Y1*Z2^3 */ + ecp_nistz256_mul_mont(S2, S2, in2_y); /* S2 = Y2*Z1^3 */ + ecp_nistz256_sub(R, S2, S1); /* R = S2 - S1 */ - ecp_nistz256_mul_mont(U1, in1_x, Z2sqr); /* U1 = X1*Z2^2 */ - ecp_nistz256_mul_mont(U2, in2_x, Z1sqr); /* U2 = X2*Z1^2 */ - ecp_nistz256_sub(H, U2, U1); /* H = U2 - U1 */ + ecp_nistz256_mul_mont(U1, in1_x, Z2sqr); /* U1 = X1*Z2^2 */ + ecp_nistz256_mul_mont(U2, in2_x, Z1sqr); /* U2 = X2*Z1^2 */ + ecp_nistz256_sub(H, U2, U1); /* H = U2 - U1 */ /* * The formulae are incorrect if the points are equal so we check for @@ -407,14 +407,14 @@ return; } - ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ - ecp_nistz256_mul_mont(res_z, H, in1_z); /* Z3 = H*Z1*Z2 */ - ecp_nistz256_sqr_mont(Hsqr, H); /* H^2 */ + ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ + ecp_nistz256_mul_mont(res_z, H, in1_z); /* Z3 = H*Z1*Z2 */ + ecp_nistz256_sqr_mont(Hsqr, H); /* H^2 */ ecp_nistz256_mul_mont(res_z, res_z, in2_z); /* Z3 = H*Z1*Z2 */ - ecp_nistz256_mul_mont(Hcub, Hsqr, H); /* H^3 */ + ecp_nistz256_mul_mont(Hcub, Hsqr, H); /* H^3 */ - ecp_nistz256_mul_mont(U2, U1, Hsqr); /* U1*H^2 */ - ecp_nistz256_mul_by_2(Hsqr, U2); /* 2*U1*H^2 */ + ecp_nistz256_mul_mont(U2, U1, Hsqr); /* U1*H^2 */ + ecp_nistz256_mul_by_2(Hsqr, U2); /* 2*U1*H^2 */ ecp_nistz256_sub(res_x, Rsqr, Hsqr); ecp_nistz256_sub(res_x, res_x, Hcub); @@ -440,8 +440,8 @@ /* Point addition when b is known to be affine: r = a+b */ static void ecp_nistz256_point_add_affine(P256_POINT *r, - const P256_POINT *a, - const P256_POINT_AFFINE *b) + const P256_POINT *a, + const P256_POINT_AFFINE *b) { BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS]; BN_ULONG Z1sqr[P256_LIMBS]; @@ -474,33 +474,31 @@ * In affine representation we encode infinity as (0,0), which is * not on the curve, so it is OK */ - in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | - in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]); + in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]); if (P256_LIMBS == 8) - in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | - in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]); + in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]); in1infty = is_zero(in1infty); in2infty = is_zero(in2infty); - ecp_nistz256_sqr_mont(Z1sqr, in1_z); /* Z1^2 */ + ecp_nistz256_sqr_mont(Z1sqr, in1_z); /* Z1^2 */ - ecp_nistz256_mul_mont(U2, in2_x, Z1sqr); /* U2 = X2*Z1^2 */ - ecp_nistz256_sub(H, U2, in1_x); /* H = U2 - U1 */ + ecp_nistz256_mul_mont(U2, in2_x, Z1sqr); /* U2 = X2*Z1^2 */ + ecp_nistz256_sub(H, U2, in1_x); /* H = U2 - U1 */ - ecp_nistz256_mul_mont(S2, Z1sqr, in1_z); /* S2 = Z1^3 */ + ecp_nistz256_mul_mont(S2, Z1sqr, in1_z); /* S2 = Z1^3 */ - ecp_nistz256_mul_mont(res_z, H, in1_z); /* Z3 = H*Z1*Z2 */ + ecp_nistz256_mul_mont(res_z, H, in1_z); /* Z3 = H*Z1*Z2 */ - ecp_nistz256_mul_mont(S2, S2, in2_y); /* S2 = Y2*Z1^3 */ - ecp_nistz256_sub(R, S2, in1_y); /* R = S2 - S1 */ + ecp_nistz256_mul_mont(S2, S2, in2_y); /* S2 = Y2*Z1^3 */ + ecp_nistz256_sub(R, S2, in1_y); /* R = S2 - S1 */ - ecp_nistz256_sqr_mont(Hsqr, H); /* H^2 */ - ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ - ecp_nistz256_mul_mont(Hcub, Hsqr, H); /* H^3 */ + ecp_nistz256_sqr_mont(Hsqr, H); /* H^2 */ + ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ + ecp_nistz256_mul_mont(Hcub, Hsqr, H); /* H^3 */ - ecp_nistz256_mul_mont(U2, in1_x, Hsqr); /* U1*H^2 */ - ecp_nistz256_mul_by_2(Hsqr, U2); /* 2*U1*H^2 */ + ecp_nistz256_mul_mont(U2, in1_x, Hsqr); /* U1*H^2 */ + ecp_nistz256_mul_by_2(Hsqr, U2); /* 2*U1*H^2 */ ecp_nistz256_sub(res_x, Rsqr, Hsqr); ecp_nistz256_sub(res_x, res_x, Hcub); @@ -527,7 +525,7 @@ /* r = in^-1 mod p */ static void ecp_nistz256_mod_inverse(BN_ULONG r[P256_LIMBS], - const BN_ULONG in[P256_LIMBS]) + const BN_ULONG in[P256_LIMBS]) { /* * The poly is ffffffff 00000001 00000000 00000000 00000000 ffffffff @@ -542,27 +540,27 @@ int i; ecp_nistz256_sqr_mont(res, in); - ecp_nistz256_mul_mont(p2, res, in); /* 3*p */ + ecp_nistz256_mul_mont(p2, res, in); /* 3*p */ ecp_nistz256_sqr_mont(res, p2); ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(p4, res, p2); /* f*p */ + ecp_nistz256_mul_mont(p4, res, p2); /* f*p */ ecp_nistz256_sqr_mont(res, p4); ecp_nistz256_sqr_mont(res, res); ecp_nistz256_sqr_mont(res, res); ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(p8, res, p4); /* ff*p */ + ecp_nistz256_mul_mont(p8, res, p4); /* ff*p */ ecp_nistz256_sqr_mont(res, p8); for (i = 0; i < 7; i++) ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(p16, res, p8); /* ffff*p */ + ecp_nistz256_mul_mont(p16, res, p8); /* ffff*p */ ecp_nistz256_sqr_mont(res, p16); for (i = 0; i < 15; i++) ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(p32, res, p16); /* ffffffff*p */ + ecp_nistz256_mul_mont(p32, res, p16); /* ffffffff*p */ ecp_nistz256_sqr_mont(res, p32); for (i = 0; i < 31; i++) @@ -607,17 +605,17 @@ * returns one if it fits. Otherwise it returns zero. */ __owur static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS], - const BIGNUM *in) + const BIGNUM *in) { return bn_copy_words(out, in, P256_LIMBS); } /* r = sum(scalar[i]*point[i]) */ __owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group, - P256_POINT *r, - const BIGNUM **scalar, - const EC_POINT **point, - size_t num, BN_CTX *ctx) + P256_POINT *r, + const BIGNUM **scalar, + const EC_POINT **point, + size_t num, BN_CTX *ctx) { size_t i; int j, ret = 0; @@ -626,16 +624,15 @@ const unsigned int window_size = 5; const unsigned int mask = (1 << (window_size + 1)) - 1; unsigned int wvalue; - P256_POINT *temp; /* place for 5 temporary points */ + P256_POINT *temp; /* place for 5 temporary points */ const BIGNUM **scalars = NULL; - P256_POINT (*table)[16] = NULL; + P256_POINT(*table) + [16] = NULL; void *table_storage = NULL; if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT) - || (table_storage = - OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL - || (p_str = - OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL + || (table_storage = OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL + || (p_str = OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; @@ -692,37 +689,37 @@ * of -1 in table. */ - ecp_nistz256_scatter_w5 (row, &temp[0], 1); - ecp_nistz256_point_double(&temp[1], &temp[0]); /*1+1=2 */ - ecp_nistz256_scatter_w5 (row, &temp[1], 2); - ecp_nistz256_point_add (&temp[2], &temp[1], &temp[0]); /*2+1=3 */ - ecp_nistz256_scatter_w5 (row, &temp[2], 3); - ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*2=4 */ - ecp_nistz256_scatter_w5 (row, &temp[1], 4); - ecp_nistz256_point_double(&temp[2], &temp[2]); /*2*3=6 */ - ecp_nistz256_scatter_w5 (row, &temp[2], 6); - ecp_nistz256_point_add (&temp[3], &temp[1], &temp[0]); /*4+1=5 */ - ecp_nistz256_scatter_w5 (row, &temp[3], 5); - ecp_nistz256_point_add (&temp[4], &temp[2], &temp[0]); /*6+1=7 */ - ecp_nistz256_scatter_w5 (row, &temp[4], 7); - ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*4=8 */ - ecp_nistz256_scatter_w5 (row, &temp[1], 8); - ecp_nistz256_point_double(&temp[2], &temp[2]); /*2*6=12 */ - ecp_nistz256_scatter_w5 (row, &temp[2], 12); - ecp_nistz256_point_double(&temp[3], &temp[3]); /*2*5=10 */ - ecp_nistz256_scatter_w5 (row, &temp[3], 10); - ecp_nistz256_point_double(&temp[4], &temp[4]); /*2*7=14 */ - ecp_nistz256_scatter_w5 (row, &temp[4], 14); - ecp_nistz256_point_add (&temp[2], &temp[2], &temp[0]); /*12+1=13*/ - ecp_nistz256_scatter_w5 (row, &temp[2], 13); - ecp_nistz256_point_add (&temp[3], &temp[3], &temp[0]); /*10+1=11*/ - ecp_nistz256_scatter_w5 (row, &temp[3], 11); - ecp_nistz256_point_add (&temp[4], &temp[4], &temp[0]); /*14+1=15*/ - ecp_nistz256_scatter_w5 (row, &temp[4], 15); - ecp_nistz256_point_add (&temp[2], &temp[1], &temp[0]); /*8+1=9 */ - ecp_nistz256_scatter_w5 (row, &temp[2], 9); - ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*8=16 */ - ecp_nistz256_scatter_w5 (row, &temp[1], 16); + ecp_nistz256_scatter_w5(row, &temp[0], 1); + ecp_nistz256_point_double(&temp[1], &temp[0]); /*1+1=2 */ + ecp_nistz256_scatter_w5(row, &temp[1], 2); + ecp_nistz256_point_add(&temp[2], &temp[1], &temp[0]); /*2+1=3 */ + ecp_nistz256_scatter_w5(row, &temp[2], 3); + ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*2=4 */ + ecp_nistz256_scatter_w5(row, &temp[1], 4); + ecp_nistz256_point_double(&temp[2], &temp[2]); /*2*3=6 */ + ecp_nistz256_scatter_w5(row, &temp[2], 6); + ecp_nistz256_point_add(&temp[3], &temp[1], &temp[0]); /*4+1=5 */ + ecp_nistz256_scatter_w5(row, &temp[3], 5); + ecp_nistz256_point_add(&temp[4], &temp[2], &temp[0]); /*6+1=7 */ + ecp_nistz256_scatter_w5(row, &temp[4], 7); + ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*4=8 */ + ecp_nistz256_scatter_w5(row, &temp[1], 8); + ecp_nistz256_point_double(&temp[2], &temp[2]); /*2*6=12 */ + ecp_nistz256_scatter_w5(row, &temp[2], 12); + ecp_nistz256_point_double(&temp[3], &temp[3]); /*2*5=10 */ + ecp_nistz256_scatter_w5(row, &temp[3], 10); + ecp_nistz256_point_double(&temp[4], &temp[4]); /*2*7=14 */ + ecp_nistz256_scatter_w5(row, &temp[4], 14); + ecp_nistz256_point_add(&temp[2], &temp[2], &temp[0]); /*12+1=13*/ + ecp_nistz256_scatter_w5(row, &temp[2], 13); + ecp_nistz256_point_add(&temp[3], &temp[3], &temp[0]); /*10+1=11*/ + ecp_nistz256_scatter_w5(row, &temp[3], 11); + ecp_nistz256_point_add(&temp[4], &temp[4], &temp[0]); /*14+1=15*/ + ecp_nistz256_scatter_w5(row, &temp[4], 15); + ecp_nistz256_point_add(&temp[2], &temp[1], &temp[0]); /*8+1=9 */ + ecp_nistz256_scatter_w5(row, &temp[2], 9); + ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*8=16 */ + ecp_nistz256_scatter_w5(row, &temp[1], 16); } idx = 255; @@ -779,7 +776,7 @@ } ret = 1; - err: +err: OPENSSL_free(table_storage); OPENSSL_free(p_str); OPENSSL_free(scalars); @@ -803,11 +800,7 @@ */ static int ecp_nistz256_is_affine_G(const EC_POINT *generator) { - return (bn_get_top(generator->X) == P256_LIMBS) && - (bn_get_top(generator->Y) == P256_LIMBS) && - is_equal(bn_get_words(generator->X), def_xG) && - is_equal(bn_get_words(generator->Y), def_yG) && - is_one(generator->Z); + return (bn_get_top(generator->X) == P256_LIMBS) && (bn_get_top(generator->Y) == P256_LIMBS) && is_equal(bn_get_words(generator->X), def_xG) && is_equal(bn_get_words(generator->Y), def_yG) && is_one(generator->Z); } __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) @@ -867,8 +860,7 @@ w = 7; - if ((precomp_storage = - OPENSSL_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64)) == NULL) { + if ((precomp_storage = OPENSSL_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64)) == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -899,8 +891,7 @@ if (group->meth->make_affine == NULL || !group->meth->make_affine(group, P, ctx)) goto err; - if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) || - !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) { + if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) || !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) { ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); goto err; } @@ -923,7 +914,7 @@ pre_comp = NULL; ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); @@ -935,8 +926,8 @@ } __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, - const P256_POINT_AFFINE *in, - BN_CTX *ctx) + const P256_POINT_AFFINE *in, + BN_CTX *ctx) { int ret = 0; @@ -950,11 +941,11 @@ /* r = scalar*G + sum(scalars[i]*points[i]) */ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, - EC_POINT *r, - const BIGNUM *scalar, - size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) + EC_POINT *r, + const BIGNUM *scalar, + size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx) { int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0; unsigned char p_str[33] = { 0 }; @@ -1002,7 +993,7 @@ ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1); if (!ecp_nistz256_set_from_affine(pre_comp_generator, - group, &p.a, ctx)) { + group, &p.a, ctx)) { EC_POINT_free(pre_comp_generator); goto err; } @@ -1064,7 +1055,7 @@ wvalue = _booth_recode_w7(wvalue); ecp_nistz256_gather_w7(&p.a, preComputedTable[0], - wvalue >> 1); + wvalue >> 1); ecp_nistz256_neg(p.p.Z, p.p.Y); copy_conditional(p.p.Y, p.p.Z, wvalue & 1); @@ -1074,11 +1065,9 @@ * Jacobian is (,,0), we need to harmonize them * by assigning "one" or zero to Z. */ - infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | - p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); + infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); if (P256_LIMBS == 8) - infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | - p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); + infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); infty = 0 - is_zero(infty); infty = ~infty; @@ -1103,7 +1092,7 @@ wvalue = _booth_recode_w7(wvalue); ecp_nistz256_gather_w7(&t.a, - preComputedTable[i], wvalue >> 1); + preComputedTable[i], wvalue >> 1); ecp_nistz256_neg(t.p.Z, t.a.Y); copy_conditional(t.a.Y, t.p.Z, wvalue & 1); @@ -1157,9 +1146,7 @@ } /* Not constant-time, but we're only operating on the public output. */ - if (!bn_set_words(r->X, p.p.X, P256_LIMBS) || - !bn_set_words(r->Y, p.p.Y, P256_LIMBS) || - !bn_set_words(r->Z, p.p.Z, P256_LIMBS)) { + if (!bn_set_words(r->X, p.p.X, P256_LIMBS) || !bn_set_words(r->Y, p.p.Y, P256_LIMBS) || !bn_set_words(r->Z, p.p.Z, P256_LIMBS)) { goto err; } r->Z_is_one = is_one(r->Z) & 1; @@ -1174,8 +1161,8 @@ } __owur static int ecp_nistz256_get_affine(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { BN_ULONG z_inv2[P256_LIMBS]; BN_ULONG z_inv3[P256_LIMBS]; @@ -1189,9 +1176,7 @@ return 0; } - if (!ecp_nistz256_bignum_to_field_elem(point_x, point->X) || - !ecp_nistz256_bignum_to_field_elem(point_y, point->Y) || - !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)) { + if (!ecp_nistz256_bignum_to_field_elem(point_x, point->X) || !ecp_nistz256_bignum_to_field_elem(point_y, point->Y) || !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)) { ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); return 0; } @@ -1232,7 +1217,7 @@ } ret->group = group; - ret->w = 6; /* default */ + ret->w = 6; /* default */ ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); @@ -1270,7 +1255,6 @@ OPENSSL_free(pre); } - static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group) { /* There is a hard-coded table for the default generator. */ @@ -1284,31 +1268,28 @@ return HAVEPRECOMP(group, nistz256); } -#if defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__powerpc64__) || defined(_ARCH_PP64) || \ - defined(__aarch64__) +#if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) || defined(__powerpc64__) || defined(_ARCH_PP64) || defined(__aarch64__) /* * Montgomery mul modulo Order(P): res = a*b*2^-256 mod Order(P) */ void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]); + const BN_ULONG a[P256_LIMBS], + const BN_ULONG b[P256_LIMBS]); void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - BN_ULONG rep); + const BN_ULONG a[P256_LIMBS], + BN_ULONG rep); static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *x, BN_CTX *ctx) + const BIGNUM *x, BN_CTX *ctx) { /* RR = 2^512 mod ord(p256) */ - static const BN_ULONG RR[P256_LIMBS] = { - TOBN(0x83244c95,0xbe79eea2), TOBN(0x4699799c,0x49bd6fa6), - TOBN(0x2845b239,0x2b6bec59), TOBN(0x66e12d94,0xf3d95620) + static const BN_ULONG RR[P256_LIMBS] = { + TOBN(0x83244c95, 0xbe79eea2), TOBN(0x4699799c, 0x49bd6fa6), + TOBN(0x2845b239, 0x2b6bec59), TOBN(0x66e12d94, 0xf3d95620) }; /* The constant 1 (unlike ONE that is one in Montgomery representation) */ static const BN_ULONG one[P256_LIMBS] = { - TOBN(0,1), TOBN(0,0), TOBN(0,0), TOBN(0,0) + TOBN(0, 1), TOBN(0, 0), TOBN(0, 0), TOBN(0, 0) }; /* * We don't use entry 0 in the table, so we omit it and address @@ -1318,8 +1299,20 @@ BN_ULONG out[P256_LIMBS], t[P256_LIMBS]; int i, ret = 0; enum { - i_1 = 0, i_10, i_11, i_101, i_111, i_1010, i_1111, - i_10101, i_101010, i_101111, i_x6, i_x8, i_x16, i_x32 + i_1 = 0, + i_10, + i_11, + i_101, + i_111, + i_1010, + i_1111, + i_10101, + i_101010, + i_101111, + i_x6, + i_x8, + i_x16, + i_x32 }; /* @@ -1435,16 +1428,18 @@ ecp_nistz256_ord_mul_mont(out, out, table[i_x32]); for (i = 0; i < 27; i++) { - static const struct { unsigned char p, i; } chain[27] = { - { 32, i_x32 }, { 6, i_101111 }, { 5, i_111 }, - { 4, i_11 }, { 5, i_1111 }, { 5, i_10101 }, - { 4, i_101 }, { 3, i_101 }, { 3, i_101 }, - { 5, i_111 }, { 9, i_101111 }, { 6, i_1111 }, - { 2, i_1 }, { 5, i_1 }, { 6, i_1111 }, - { 5, i_111 }, { 4, i_111 }, { 5, i_111 }, - { 5, i_101 }, { 3, i_11 }, { 10, i_101111 }, - { 2, i_11 }, { 5, i_11 }, { 5, i_11 }, - { 3, i_1 }, { 7, i_10101 }, { 6, i_1111 } + static const struct { + unsigned char p, i; + } chain[27] = { + { 32, i_x32 }, { 6, i_101111 }, { 5, i_111 }, + { 4, i_11 }, { 5, i_1111 }, { 5, i_10101 }, + { 4, i_101 }, { 3, i_101 }, { 3, i_101 }, + { 5, i_111 }, { 9, i_101111 }, { 6, i_1111 }, + { 2, i_1 }, { 5, i_1 }, { 6, i_1111 }, + { 5, i_111 }, { 4, i_111 }, { 5, i_111 }, + { 5, i_101 }, { 3, i_11 }, { 10, i_101111 }, + { 2, i_11 }, { 5, i_11 }, { 5, i_11 }, + { 3, i_1 }, { 7, i_10101 }, { 6, i_1111 } }; ecp_nistz256_ord_sqr_mont(out, out, chain[i].p); @@ -1464,7 +1459,7 @@ return ret; } #else -# define ecp_nistz256_inv_mod_ord NULL +#define ecp_nistz256_inv_mod_ord NULL #endif const EC_METHOD *EC_GFp_nistz256_method(void) @@ -1497,12 +1492,12 @@ ossl_ec_GFp_simple_cmp, ossl_ec_GFp_simple_make_affine, ossl_ec_GFp_simple_points_make_affine, - ecp_nistz256_points_mul, /* mul */ - ecp_nistz256_mult_precompute, /* precompute_mult */ - ecp_nistz256_window_have_precompute_mult, /* have_precompute_mult */ + ecp_nistz256_points_mul, /* mul */ + ecp_nistz256_mult_precompute, /* precompute_mult */ + ecp_nistz256_window_have_precompute_mult, /* have_precompute_mult */ ossl_ec_GFp_mont_field_mul, ossl_ec_GFp_mont_field_sqr, - 0, /* field_div */ + 0, /* field_div */ ossl_ec_GFp_mont_field_inv, ossl_ec_GFp_mont_field_encode, ossl_ec_GFp_mont_field_decode, @@ -1519,11 +1514,11 @@ ossl_ecdsa_simple_sign_setup, ossl_ecdsa_simple_sign_sig, ossl_ecdsa_simple_verify_sig, - ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ - 0, /* ladder_step */ - 0 /* ladder_post */ + ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; --- crypto/openssl/crypto/ec/ecp_nistz256_table.c.orig +++ crypto/openssl/crypto/ec/ecp_nistz256_table.c @@ -26,9517 +26,14898 @@ #elif defined(_MSC_VER) __declspec(align(4096)) #elif defined(__SUNPRO_C) -# pragma align 4096(ecp_nistz256_precomputed) +#pragma align 4096(ecp_nistz256_precomputed) #endif -static const BN_ULONG ecp_nistz256_precomputed[37][64 * - sizeof(P256_POINT_AFFINE) / - sizeof(BN_ULONG)] = { - {TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), - TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6), - TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), - TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85), - TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d), - TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b), - TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8), - TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b), - TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb), - TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e), - TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a), - TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07), - TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173), - TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b), - TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447), - TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863), - TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d), - TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8), - TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b), - TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916), - TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e), - TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673), - TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5), - TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f), - TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7), - TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03), - TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd), - TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867), - TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455), - TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d), - TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15), - TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76), - TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841), - TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b), - TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3), - TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b), - TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139), - TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f), - TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08), - TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5), - TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0), - TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073), - TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8), - TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e), - TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33), - TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156), - TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637), - TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca), - TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d), - TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759), - TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3), - TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797), - TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3), - TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e), - TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2), - TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb), - TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b), - TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09), - TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25), - TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4), - TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b), - TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723), - TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587), - TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220), - TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b), - TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e), - TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e), - TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0), - TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e), - TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda), - TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c), - TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d), - TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e), - TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc), - TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5), - TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b), - TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc), - TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e), - TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae), - TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0), - TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d), - TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc), - TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61), - TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3), - TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a), - TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4), - TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4), - TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074), - TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e), - TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42), - TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a), - TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f), - TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35), - TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115), - TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356), - TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a), - TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0), - TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e), - TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950), - TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968), - TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538), - TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10), - TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508), - TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7), - TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313), - TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a), - TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58), - TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31), - TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892), - TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97), - TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68), - TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278), - TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880), - TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48), - TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3), - TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b), - TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1), - TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c), - TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a), - TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72), - TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6), - TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4), - TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028), - TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745), - TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf), - TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4), - TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908), - TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4), - TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103), - TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c), - TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef), - TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4), - TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d), - TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64), - TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92), - TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8), - TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7), - TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521), - TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5), - TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8), - TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f), - TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3), - TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13), - TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526), - TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55), - TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb), - TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850), - TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8), - TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce), - TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c), - TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409), - TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d), - TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346), - TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac), - TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876), - TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408), - TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c), - TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227), - TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34), - TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f), - TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822), - TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f), - TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47), - TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b), - TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7), - TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43), - TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae), - TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d), - TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa), - TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994), - TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8), - TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0), - TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb), - TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291), - TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f), - TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a), - TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18), - TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278), - TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5), - TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5), - TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba), - TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc), - TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b), - TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865), - TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906), - TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd), - TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13), - TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27), - TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0), - TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad), - TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7), - TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2), - TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909), - TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b), - TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a), - TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36), - TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278), - TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7), - TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96), - TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13), - TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f), - TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443), - TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65), - TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d), - TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0), - TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542), - TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562), - TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d), - TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679), - TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0), - TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2), - TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283), - TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f), - TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851), - TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa), - TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb), - TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6), - TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd), - TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4), - TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4), - TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a), - TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63), - TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b), - TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08), - TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29), - TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc), - TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a), - TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626), - TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf), - TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd), - TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad), - TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741), - TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1), - TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7), - TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea), - TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b), - TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7), - TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915), - TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c), - TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832), - TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84), - TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa), - TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d), - TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3), - TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7), - TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413), - TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e), - TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009), - TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed), - TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d), - TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197), - TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70), - TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9), - TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7), - TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82), - TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)} - , - {TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54), - TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617), - TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff), - TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188), - TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d), - TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c), - TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5), - TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53), - TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5), - TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6), - TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3), - TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656), - TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5), - TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290), - TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d), - TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108), - TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be), - TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502), - TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220), - TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a), - TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3), - TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4), - TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd), - TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2), - TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95), - TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0), - TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda), - TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232), - TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf), - TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863), - TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd), - TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f), - TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298), - TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c), - TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78), - TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2), - TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8), - TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014), - TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30), - TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb), - TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638), - TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec), - TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314), - TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868), - TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146), - TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e), - TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f), - TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435), - TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2), - TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808), - TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3), - TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd), - TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90), - TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60), - TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347), - TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2), - TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957), - TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec), - TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3), - TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e), - TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509), - TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45), - TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d), - TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f), - TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f), - TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85), - TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54), - TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f), - TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0), - TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6), - TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787), - TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8), - TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d), - TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176), - TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc), - TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1), - TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701), - TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442), - TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30), - TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959), - TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f), - TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f), - TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be), - TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac), - TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295), - TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c), - TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241), - TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97), - TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a), - TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f), - TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0), - TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f), - TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678), - TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48), - TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948), - TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184), - TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6), - TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f), - TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52), - TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369), - TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd), - TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887), - TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682), - TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6), - TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901), - TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef), - TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549), - TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9), - TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f), - TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c), - TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278), - TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f), - TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd), - TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04), - TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad), - TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084), - TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5), - TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723), - TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd), - TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9), - TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2), - TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c), - TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24), - TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2), - TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf), - TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da), - TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad), - TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9), - TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254), - TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39), - TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6), - TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09), - TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3), - TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc), - TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1), - TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6), - TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b), - TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec), - TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14), - TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1), - TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1), - TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09), - TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e), - TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331), - TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830), - TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da), - TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0), - TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7), - TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be), - TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb), - TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1), - TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a), - TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d), - TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b), - TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d), - TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8), - TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a), - TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272), - TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82), - TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525), - TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3), - TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a), - TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159), - TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32), - TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb), - TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4), - TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01), - TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f), - TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a), - TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120), - TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b), - TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1), - TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17), - TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c), - TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3), - TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7), - TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043), - TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2), - TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4), - TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084), - TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546), - TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd), - TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7), - TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715), - TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93), - TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e), - TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26), - TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa), - TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681), - TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663), - TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce), - TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607), - TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c), - TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72), - TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992), - TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8), - TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485), - TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7), - TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50), - TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253), - TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04), - TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1), - TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13), - TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce), - TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13), - TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe), - TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747), - TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a), - TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da), - TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b), - TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0), - TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26), - TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4), - TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621), - TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3), - TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0), - TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de), - TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228), - TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa), - TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d), - TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381), - TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb), - TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9), - TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407), - TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748), - TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb), - TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661), - TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f), - TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c), - TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45), - TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19), - TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45), - TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc), - TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131), - TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980), - TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663), - TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42), - TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589), - TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212), - TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76), - TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e), - TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5), - TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee), - TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd), - TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d), - TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e), - TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773), - TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3), - TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c), - TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0), - TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545), - TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4), - TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182), - TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085), - TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b), - TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)} - , - {TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8), - TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551), - TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164), - TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38), - TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0), - TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825), - TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b), - TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a), - TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35), - TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699), - TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562), - TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6), - TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e), - TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219), - TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf), - TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415), - TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012), - TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d), - TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334), - TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f), - TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18), - TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7), - TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0), - TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151), - TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af), - TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3), - TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5), - TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514), - TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142), - TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922), - TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1), - TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b), - TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d), - TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8), - TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69), - TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1), - TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5), - TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41), - TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9), - TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63), - TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b), - TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f), - TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b), - TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440), - TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72), - TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5), - TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900), - TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a), - TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c), - TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf), - TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981), - TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe), - TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031), - TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d), - TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4), - TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88), - TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8), - TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6), - TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03), - TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51), - TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f), - TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f), - TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e), - TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53), - TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c), - TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e), - TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef), - TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d), - TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de), - TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36), - TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8), - TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82), - TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e), - TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee), - TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26), - TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e), - TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337), - TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590), - TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249), - TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b), - TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6), - TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823), - TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71), - TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91), - TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273), - TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067), - TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e), - TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530), - TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606), - TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303), - TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd), - TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a), - TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7), - TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb), - TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976), - TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609), - TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90), - TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3), - TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2), - TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec), - TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43), - TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af), - TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538), - TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6), - TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79), - TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4), - TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225), - TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153), - TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99), - TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8), - TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f), - TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10), - TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864), - TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822), - TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92), - TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87), - TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1), - TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f), - TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3), - TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba), - TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917), - TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8), - TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf), - TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234), - TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1), - TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e), - TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb), - TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f), - TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43), - TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94), - TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3), - TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a), - TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d), - TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf), - TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129), - TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7), - TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4), - TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13), - TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137), - TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85), - TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390), - TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9), - TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06), - TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331), - TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50), - TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f), - TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5), - TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77), - TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2), - TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17), - TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2), - TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76), - TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc), - TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722), - TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b), - TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba), - TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b), - TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c), - TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8), - TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855), - TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73), - TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793), - TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd), - TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07), - TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749), - TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b), - TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55), - TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b), - TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e), - TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f), - TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2), - TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80), - TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114), - TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760), - TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f), - TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d), - TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c), - TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a), - TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5), - TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14), - TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649), - TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd), - TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5), - TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523), - TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92), - TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa), - TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934), - TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50), - TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05), - TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f), - TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32), - TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef), - TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e), - TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6), - TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1), - TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207), - TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c), - TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043), - TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0), - TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391), - TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da), - TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545), - TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92), - TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5), - TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7), - TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1), - TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b), - TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71), - TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18), - TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a), - TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c), - TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a), - TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0), - TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95), - TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee), - TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55), - TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc), - TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21), - TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f), - TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44), - TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea), - TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06), - TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48), - TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d), - TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4), - TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52), - TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840), - TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf), - TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32), - TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd), - TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b), - TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6), - TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958), - TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658), - TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1), - TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab), - TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7), - TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656), - TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945), - TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de), - TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd), - TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984), - TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09), - TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c), - TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e), - TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156), - TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f), - TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd), - TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca), - TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36), - TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af), - TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0), - TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035), - TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3), - TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc), - TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)} - , - {TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6), - TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829), - TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8), - TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca), - TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e), - TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db), - TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3), - TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c), - TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b), - TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a), - TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042), - TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f), - TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f), - TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e), - TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509), - TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837), - TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758), - TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68), - TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5), - TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453), - TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6), - TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4), - TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881), - TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6), - TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f), - TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89), - TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34), - TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50), - TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea), - TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed), - TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6), - TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082), - TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e), - TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10), - TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9), - TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a), - TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783), - TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8), - TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60), - TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a), - TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e), - TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346), - TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9), - TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b), - TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3), - TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7), - TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef), - TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3), - TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc), - TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9), - TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e), - TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52), - TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544), - TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f), - TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d), - TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e), - TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755), - TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d), - TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5), - TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f), - TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3), - TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142), - TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942), - TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4), - TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7), - TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0), - TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e), - TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864), - TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024), - TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d), - TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279), - TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab), - TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19), - TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc), - TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d), - TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940), - TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea), - TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d), - TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b), - TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821), - TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b), - TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d), - TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2), - TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d), - TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18), - TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8), - TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246), - TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7), - TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1), - TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006), - TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d), - TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20), - TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318), - TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a), - TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb), - TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b), - TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f), - TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9), - TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88), - TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3), - TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221), - TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb), - TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84), - TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f), - TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267), - TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397), - TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f), - TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec), - TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373), - TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7), - TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead), - TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b), - TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032), - TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db), - TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460), - TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3), - TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e), - TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124), - TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069), - TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431), - TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431), - TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b), - TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57), - TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460), - TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869), - TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc), - TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49), - TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251), - TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205), - TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149), - TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33), - TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e), - TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40), - TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292), - TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4), - TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6), - TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79), - TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d), - TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd), - TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968), - TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c), - TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280), - TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe), - TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac), - TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305), - TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8), - TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010), - TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae), - TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13), - TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed), - TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65), - TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee), - TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd), - TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257), - TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65), - TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d), - TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750), - TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7), - TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251), - TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28), - TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea), - TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e), - TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af), - TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b), - TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa), - TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582), - TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468), - TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0), - TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2), - TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed), - TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0), - TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7), - TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426), - TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241), - TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace), - TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885), - TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2), - TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8), - TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd), - TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab), - TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533), - TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd), - TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1), - TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95), - TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff), - TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71), - TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e), - TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba), - TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734), - TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9), - TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703), - TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953), - TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d), - TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5), - TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1), - TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c), - TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da), - TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311), - TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f), - TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0), - TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877), - TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352), - TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba), - TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8), - TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27), - TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd), - TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f), - TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16), - TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0), - TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e), - TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136), - TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f), - TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7), - TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4), - TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca), - TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42), - TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6), - TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1), - TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed), - TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301), - TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b), - TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02), - TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720), - TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef), - TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e), - TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7), - TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795), - TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900), - TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd), - TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54), - TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa), - TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32), - TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db), - TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c), - TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff), - TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544), - TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892), - TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc), - TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c), - TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e), - TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948), - TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37), - TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65), - TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141), - TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a), - TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f), - TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8), - TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9), - TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d), - TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe), - TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1), - TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805), - TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952), - TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37), - TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b), - TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)} - , - {TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206), - TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec), - TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3), - TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c), - TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5), - TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529), - TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80), - TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be), - TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c), - TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436), - TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4), - TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a), - TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc), - TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc), - TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56), - TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba), - TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74), - TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439), - TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a), - TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158), - TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e), - TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4), - TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a), - TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321), - TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493), - TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c), - TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9), - TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b), - TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb), - TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f), - TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca), - TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3), - TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27), - TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6), - TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5), - TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d), - TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7), - TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4), - TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0), - TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080), - TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b), - TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc), - TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186), - TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610), - TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3), - TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297), - TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7), - TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76), - TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef), - TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521), - TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da), - TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370), - TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146), - TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5), - TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980), - TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de), - TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8), - TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519), - TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f), - TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f), - TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0), - TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9), - TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917), - TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3), - TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358), - TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a), - TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61), - TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207), - TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c), - TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60), - TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca), - TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493), - TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0), - TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d), - TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24), - TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01), - TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665), - TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839), - TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b), - TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0), - TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09), - TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c), - TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6), - TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4), - TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484), - TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31), - TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9), - TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9), - TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7), - TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4), - TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324), - TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d), - TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e), - TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43), - TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5), - TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60), - TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba), - TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376), - TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a), - TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d), - TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551), - TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba), - TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628), - TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108), - TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9), - TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510), - TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742), - TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207), - TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4), - TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9), - TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32), - TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4), - TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753), - TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f), - TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f), - TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d), - TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20), - TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975), - TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b), - TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b), - TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7), - TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a), - TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade), - TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b), - TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620), - TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6), - TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44), - TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c), - TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585), - TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d), - TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930), - TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a), - TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493), - TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502), - TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed), - TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58), - TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b), - TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788), - TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669), - TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865), - TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3), - TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d), - TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63), - TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e), - TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42), - TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5), - TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07), - TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129), - TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93), - TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f), - TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f), - TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1), - TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b), - TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91), - TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca), - TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824), - TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522), - TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61), - TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b), - TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2), - TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c), - TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e), - TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02), - TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631), - TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d), - TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432), - TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea), - TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb), - TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522), - TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec), - TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e), - TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7), - TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076), - TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5), - TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef), - TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad), - TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf), - TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3), - TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527), - TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0), - TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde), - TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4), - TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d), - TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650), - TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a), - TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265), - TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176), - TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e), - TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1), - TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7), - TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132), - TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025), - TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76), - TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e), - TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2), - TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b), - TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea), - TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b), - TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81), - TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375), - TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65), - TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a), - TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d), - TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5), - TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20), - TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f), - TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03), - TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82), - TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f), - TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122), - TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a), - TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88), - TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e), - TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431), - TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7), - TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c), - TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb), - TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71), - TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d), - TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68), - TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85), - TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f), - TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928), - TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514), - TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd), - TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1), - TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07), - TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c), - TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573), - TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f), - TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403), - TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728), - TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43), - TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b), - TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c), - TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2), - TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8), - TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904), - TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065), - TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6), - TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0), - TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588), - TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73), - TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493), - TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3), - TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9), - TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58), - TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314), - TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a), - TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288), - TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26), - TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3), - TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5), - TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967), - TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6), - TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)} - , - {TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366), - TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5), - TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576), - TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7), - TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957), - TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4), - TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682), - TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae), - TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf), - TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9), - TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4), - TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402), - TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06), - TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381), - TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b), - TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa), - TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784), - TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228), - TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118), - TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e), - TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550), - TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048), - TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7), - TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d), - TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5), - TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f), - TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68), - TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3), - TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67), - TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0), - TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19), - TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077), - TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494), - TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4), - TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7), - TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67), - TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6), - TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8), - TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27), - TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0), - TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096), - TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d), - TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21), - TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb), - TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2), - TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc), - TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c), - TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84), - TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a), - TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b), - TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0), - TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69), - TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937), - TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3), - TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422), - TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6), - TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06), - TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce), - TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598), - TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05), - TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d), - TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08), - TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158), - TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4), - TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221), - TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85), - TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5), - TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284), - TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2), - TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73), - TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90), - TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3), - TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e), - TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a), - TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80), - TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e), - TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4), - TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064), - TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab), - TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02), - TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7), - TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc), - TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1), - TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c), - TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb), - TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8), - TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe), - TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b), - TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736), - TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0), - TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83), - TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393), - TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b), - TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae), - TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5), - TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30), - TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3), - TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a), - TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066), - TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e), - TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3), - TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf), - TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6), - TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289), - TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684), - TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5), - TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e), - TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c), - TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0), - TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f), - TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2), - TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7), - TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a), - TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45), - TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9), - TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5), - TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531), - TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af), - TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f), - TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e), - TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db), - TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7), - TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073), - TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa), - TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87), - TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f), - TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace), - TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58), - TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9), - TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41), - TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f), - TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59), - TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0), - TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961), - TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c), - TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225), - TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef), - TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734), - TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6), - TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6), - TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06), - TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08), - TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de), - TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff), - TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe), - TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e), - TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee), - TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056), - TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0), - TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709), - TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0), - TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a), - TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a), - TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d), - TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6), - TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a), - TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32), - TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d), - TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a), - TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870), - TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653), - TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea), - TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc), - TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf), - TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4), - TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390), - TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc), - TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88), - TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041), - TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe), - TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0), - TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020), - TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079), - TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662), - TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53), - TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d), - TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b), - TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c), - TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c), - TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251), - TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7), - TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238), - TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce), - TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e), - TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c), - TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592), - TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8), - TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08), - TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7), - TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7), - TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc), - TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13), - TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c), - TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63), - TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea), - TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26), - TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1), - TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa), - TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483), - TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c), - TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea), - TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103), - TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4), - TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d), - TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61), - TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80), - TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e), - TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88), - TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3), - TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10), - TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69), - TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413), - TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475), - TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4), - TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d), - TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e), - TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac), - TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553), - TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290), - TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732), - TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f), - TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46), - TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486), - TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a), - TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392), - TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b), - TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa), - TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6), - TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475), - TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644), - TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3), - TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17), - TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44), - TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688), - TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b), - TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c), - TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958), - TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea), - TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb), - TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb), - TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a), - TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50), - TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588), - TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4), - TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420), - TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6), - TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2), - TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd), - TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4), - TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82), - TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8), - TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a), - TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20), - TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8), - TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27), - TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)} - , - {TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350), - TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e), - TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b), - TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78), - TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c), - TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893), - TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3), - TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07), - TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325), - TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3), - TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64), - TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614), - TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63), - TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b), - TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71), - TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f), - TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2), - TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad), - TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498), - TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3), - TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6), - TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24), - TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb), - TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4), - TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b), - TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17), - TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621), - TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c), - TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef), - TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39), - TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665), - TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69), - TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9), - TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0), - TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0), - TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8), - TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1), - TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe), - TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c), - TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615), - TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef), - TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba), - TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030), - TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725), - TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362), - TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990), - TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd), - TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca), - TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581), - TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5), - TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51), - TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76), - TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97), - TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd), - TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b), - TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715), - TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51), - TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b), - TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3), - TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924), - TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49), - TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4), - TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb), - TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d), - TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369), - TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae), - TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1), - TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed), - TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3), - TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac), - TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933), - TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369), - TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13), - TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6), - TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956), - TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a), - TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c), - TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55), - TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e), - TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5), - TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a), - TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72), - TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0), - TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704), - TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0), - TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e), - TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092), - TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2), - TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164), - TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0), - TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f), - TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b), - TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b), - TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512), - TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b), - TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd), - TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e), - TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32), - TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963), - TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a), - TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48), - TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a), - TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a), - TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2), - TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925), - TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd), - TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c), - TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae), - TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b), - TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a), - TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb), - TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504), - TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34), - TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f), - TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1), - TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51), - TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9), - TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867), - TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac), - TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85), - TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee), - TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6), - TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c), - TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b), - TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241), - TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df), - TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0), - TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b), - TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034), - TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6), - TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e), - TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0), - TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb), - TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111), - TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7), - TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f), - TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e), - TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02), - TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b), - TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d), - TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d), - TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5), - TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2), - TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc), - TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c), - TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384), - TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752), - TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0), - TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc), - TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc), - TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062), - TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7), - TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8), - TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d), - TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8), - TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19), - TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf), - TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536), - TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837), - TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740), - TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7), - TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7), - TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a), - TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab), - TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8), - TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b), - TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef), - TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75), - TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72), - TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0), - TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79), - TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151), - TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21), - TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a), - TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc), - TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b), - TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f), - TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552), - TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb), - TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8), - TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95), - TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be), - TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387), - TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a), - TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de), - TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3), - TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e), - TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7), - TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57), - TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706), - TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d), - TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5), - TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7), - TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6), - TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d), - TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7), - TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f), - TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db), - TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291), - TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8), - TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080), - TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02), - TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12), - TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc), - TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397), - TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4), - TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba), - TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a), - TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd), - TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180), - TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678), - TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf), - TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f), - TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b), - TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a), - TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9), - TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c), - TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd), - TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011), - TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c), - TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde), - TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0), - TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357), - TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6), - TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719), - TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe), - TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996), - TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e), - TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3), - TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec), - TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44), - TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335), - TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba), - TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686), - TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e), - TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51), - TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c), - TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f), - TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b), - TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b), - TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792), - TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89), - TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2), - TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705), - TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3), - TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734), - TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3), - TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41), - TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075), - TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb), - TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d), - TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643), - TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83), - TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588), - TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127), - TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)} - , - {TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c), - TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698), - TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81), - TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d), - TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7), - TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724), - TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac), - TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e), - TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0), - TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd), - TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031), - TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73), - TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e), - TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9), - TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a), - TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695), - TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466), - TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b), - TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15), - TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357), - TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97), - TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d), - TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6), - TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8), - TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da), - TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c), - TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8), - TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07), - TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0), - TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2), - TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5), - TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0), - TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c), - TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e), - TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07), - TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1), - TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8), - TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05), - TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b), - TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b), - TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8), - TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b), - TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821), - TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a), - TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc), - TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd), - TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f), - TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6), - TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461), - TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47), - TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04), - TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc), - TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4), - TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f), - TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040), - TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1), - TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564), - TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619), - TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a), - TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f), - TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b), - TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a), - TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560), - TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd), - TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a), - TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62), - TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880), - TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b), - TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943), - TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894), - TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f), - TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c), - TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290), - TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6), - TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f), - TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d), - TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c), - TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e), - TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342), - TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d), - TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078), - TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645), - TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e), - TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c), - TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9), - TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8), - TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7), - TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c), - TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596), - TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499), - TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b), - TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c), - TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a), - TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43), - TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a), - TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b), - TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0), - TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578), - TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f), - TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442), - TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17), - TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0), - TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271), - TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70), - TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f), - TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1), - TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93), - TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3), - TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232), - TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf), - TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4), - TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a), - TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17), - TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168), - TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d), - TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1), - TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811), - TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a), - TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0), - TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089), - TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682), - TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456), - TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b), - TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12), - TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69), - TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8), - TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e), - TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5), - TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d), - TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb), - TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1), - TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146), - TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c), - TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e), - TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6), - TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004), - TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9), - TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052), - TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219), - TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c), - TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd), - TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e), - TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a), - TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156), - TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b), - TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa), - TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9), - TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125), - TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3), - TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21), - TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643), - TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6), - TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb), - TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec), - TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac), - TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f), - TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d), - TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62), - TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2), - TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49), - TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044), - TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714), - TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1), - TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d), - TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d), - TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5), - TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73), - TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b), - TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb), - TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490), - TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d), - TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1), - TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6), - TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db), - TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44), - TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd), - TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee), - TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c), - TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a), - TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc), - TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726), - TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02), - TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692), - TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8), - TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b), - TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7), - TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22), - TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6), - TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5), - TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff), - TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0), - TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66), - TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c), - TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729), - TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da), - TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1), - TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049), - TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822), - TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40), - TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2), - TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469), - TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8), - TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14), - TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3), - TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18), - TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040), - TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d), - TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7), - TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7), - TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87), - TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988), - TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98), - TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3), - TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558), - TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1), - TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693), - TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363), - TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da), - TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e), - TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e), - TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9), - TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e), - TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10), - TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db), - TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e), - TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd), - TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9), - TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd), - TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083), - TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab), - TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4), - TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face), - TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd), - TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb), - TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d), - TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df), - TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3), - TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2), - TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8), - TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f), - TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d), - TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340), - TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0), - TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68), - TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df), - TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce), - TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d), - TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e), - TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288), - TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc), - TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274), - TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea), - TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410), - TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58), - TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b), - TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)} - , - {TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686), - TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54), - TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964), - TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a), - TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef), - TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0), - TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717), - TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6), - TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729), - TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4), - TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05), - TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a), - TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf), - TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87), - TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264), - TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb), - TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94), - TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00), - TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0), - TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd), - TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84), - TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72), - TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1), - TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d), - TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b), - TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e), - TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca), - TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7), - TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624), - TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346), - TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3), - TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b), - TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620), - TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510), - TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac), - TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4), - TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4), - TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a), - TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627), - TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326), - TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e), - TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727), - TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2), - TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc), - TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223), - TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d), - TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168), - TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299), - TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934), - TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6), - TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028), - TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29), - TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108), - TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5), - TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140), - TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2), - TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63), - TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972), - TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42), - TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474), - TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9), - TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20), - TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2), - TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16), - TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6), - TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b), - TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a), - TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284), - TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80), - TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be), - TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd), - TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9), - TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0), - TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517), - TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7), - TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a), - TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27), - TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01), - TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6), - TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86), - TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27), - TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb), - TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6), - TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0), - TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f), - TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804), - TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592), - TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e), - TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab), - TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11), - TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95), - TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49), - TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0), - TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616), - TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c), - TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96), - TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652), - TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d), - TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10), - TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f), - TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144), - TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf), - TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417), - TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c), - TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66), - TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291), - TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e), - TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a), - TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229), - TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3), - TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef), - TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549), - TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032), - TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b), - TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575), - TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771), - TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e), - TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344), - TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae), - TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188), - TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91), - TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958), - TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598), - TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6), - TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496), - TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813), - TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d), - TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782), - TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02), - TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a), - TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410), - TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2), - TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c), - TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c), - TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8), - TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18), - TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b), - TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da), - TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8), - TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88), - TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4), - TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d), - TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac), - TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1), - TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e), - TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826), - TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215), - TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86), - TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333), - TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546), - TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7), - TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb), - TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749), - TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5), - TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b), - TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26), - TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b), - TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f), - TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981), - TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c), - TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760), - TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551), - TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1), - TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5), - TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f), - TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef), - TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df), - TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150), - TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214), - TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c), - TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e), - TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31), - TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393), - TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6), - TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be), - TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022), - TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65), - TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236), - TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188), - TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a), - TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d), - TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db), - TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349), - TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f), - TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697), - TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7), - TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3), - TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45), - TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401), - TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21), - TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1), - TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b), - TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb), - TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de), - TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388), - TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde), - TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9), - TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db), - TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c), - TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0), - TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342), - TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987), - TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb), - TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86), - TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74), - TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0), - TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce), - TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e), - TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6), - TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8), - TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620), - TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13), - TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821), - TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060), - TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901), - TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286), - TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7), - TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324), - TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012), - TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4), - TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2), - TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286), - TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160), - TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a), - TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d), - TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d), - TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057), - TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b), - TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf), - TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64), - TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b), - TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635), - TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091), - TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985), - TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6), - TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27), - TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b), - TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e), - TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32), - TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393), - TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5), - TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94), - TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357), - TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b), - TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1), - TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9), - TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af), - TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913), - TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e), - TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21), - TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659), - TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8), - TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2), - TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d), - TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef), - TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)} - , - {TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8), - TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8), - TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98), - TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02), - TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499), - TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f), - TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192), - TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b), - TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869), - TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e), - TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411), - TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d), - TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a), - TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7), - TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426), - TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173), - TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74), - TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102), - TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2), - TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d), - TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7), - TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012), - TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21), - TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae), - TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e), - TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9), - TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652), - TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4), - TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770), - TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c), - TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b), - TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68), - TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69), - TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868), - TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54), - TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d), - TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b), - TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc), - TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208), - TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6), - TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc), - TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b), - TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8), - TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf), - TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce), - TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3), - TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0), - TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158), - TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d), - TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1), - TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e), - TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67), - TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61), - TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e), - TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875), - TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0), - TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94), - TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e), - TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822), - TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0), - TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b), - TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd), - TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f), - TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca), - TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247), - TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433), - TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8), - TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11), - TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741), - TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a), - TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6), - TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834), - TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938), - TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd), - TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35), - TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31), - TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f), - TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403), - TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4), - TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e), - TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e), - TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541), - TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02), - TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3), - TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf), - TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9), - TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52), - TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc), - TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b), - TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72), - TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70), - TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12), - TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1), - TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e), - TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2), - TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28), - TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd), - TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163), - TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce), - TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e), - TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3), - TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe), - TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a), - TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e), - TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98), - TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1), - TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700), - TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a), - TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971), - TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939), - TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2), - TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263), - TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7), - TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3), - TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2), - TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5), - TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09), - TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f), - TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392), - TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da), - TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665), - TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0), - TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c), - TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2), - TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe), - TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9), - TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097), - TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636), - TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f), - TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76), - TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7), - TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294), - TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62), - TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f), - TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d), - TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063), - TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b), - TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b), - TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42), - TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c), - TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e), - TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab), - TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52), - TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39), - TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91), - TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae), - TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b), - TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d), - TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588), - TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da), - TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1), - TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9), - TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35), - TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22), - TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081), - TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80), - TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2), - TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec), - TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7), - TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f), - TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66), - TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83), - TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce), - TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf), - TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902), - TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32), - TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660), - TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d), - TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d), - TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0), - TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46), - TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef), - TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9), - TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec), - TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be), - TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f), - TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293), - TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1), - TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0), - TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115), - TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c), - TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd), - TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d), - TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8), - TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419), - TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2), - TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234), - TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb), - TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350), - TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128), - TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf), - TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362), - TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b), - TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e), - TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573), - TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958), - TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595), - TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842), - TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a), - TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d), - TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171), - TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29), - TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6), - TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc), - TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779), - TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31), - TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a), - TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a), - TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd), - TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5), - TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d), - TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f), - TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274), - TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3), - TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9), - TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87), - TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1), - TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033), - TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3), - TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af), - TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da), - TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd), - TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391), - TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d), - TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a), - TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13), - TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05), - TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e), - TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7), - TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d), - TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4), - TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac), - TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38), - TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f), - TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f), - TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092), - TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70), - TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac), - TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31), - TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f), - TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461), - TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073), - TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811), - TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851), - TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418), - TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027), - TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330), - TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df), - TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f), - TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7), - TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0), - TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e), - TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868), - TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea), - TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff), - TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)} - , - {TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb), - TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81), - TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a), - TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522), - TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd), - TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c), - TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea), - TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9), - TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf), - TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e), - TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4), - TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537), - TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f), - TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc), - TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205), - TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de), - TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab), - TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff), - TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8), - TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b), - TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3), - TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f), - TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524), - TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1), - TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8), - TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa), - TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8), - TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474), - TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549), - TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa), - TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd), - TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985), - TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa), - TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8), - TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5), - TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf), - TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c), - TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd), - TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb), - TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5), - TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c), - TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e), - TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca), - TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7), - TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958), - TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d), - TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a), - TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b), - TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e), - TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5), - TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7), - TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a), - TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8), - TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392), - TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4), - TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd), - TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c), - TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744), - TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459), - TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b), - TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379), - TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e), - TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483), - TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa), - TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9), - TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f), - TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a), - TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398), - TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16), - TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1), - TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5), - TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349), - TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d), - TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0), - TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d), - TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9), - TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe), - TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c), - TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4), - TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f), - TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754), - TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3), - TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a), - TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852), - TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac), - TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9), - TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa), - TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323), - TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455), - TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411), - TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435), - TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e), - TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18), - TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495), - TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400), - TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0), - TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210), - TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70), - TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42), - TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a), - TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773), - TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b), - TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832), - TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3), - TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97), - TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01), - TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5), - TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281), - TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc), - TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0), - TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c), - TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6), - TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be), - TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1), - TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e), - TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96), - TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45), - TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e), - TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1), - TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46), - TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863), - TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8), - TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2), - TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024), - TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb), - TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d), - TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4), - TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7), - TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148), - TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40), - TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d), - TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201), - TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41), - TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016), - TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e), - TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1), - TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88), - TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b), - TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443), - TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2), - TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4), - TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e), - TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57), - TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac), - TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b), - TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29), - TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79), - TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031), - TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a), - TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b), - TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752), - TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2), - TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d), - TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13), - TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6), - TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e), - TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165), - TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9), - TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e), - TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561), - TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40), - TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da), - TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02), - TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3), - TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b), - TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639), - TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8), - TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab), - TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10), - TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd), - TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b), - TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8), - TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66), - TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40), - TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd), - TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b), - TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb), - TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442), - TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0), - TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628), - TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be), - TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2), - TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d), - TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca), - TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed), - TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06), - TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57), - TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2), - TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7), - TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435), - TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3), - TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78), - TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c), - TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57), - TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f), - TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c), - TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5), - TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f), - TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7), - TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf), - TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c), - TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8), - TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12), - TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a), - TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919), - TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5), - TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154), - TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1), - TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285), - TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7), - TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c), - TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517), - TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523), - TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00), - TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63), - TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946), - TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1), - TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60), - TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d), - TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d), - TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438), - TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507), - TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2), - TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd), - TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3), - TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126), - TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba), - TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569), - TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b), - TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321), - TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff), - TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731), - TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd), - TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b), - TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1), - TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041), - TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7), - TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6), - TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6), - TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b), - TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5), - TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823), - TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5), - TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1), - TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306), - TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2), - TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df), - TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8), - TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18), - TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a), - TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5), - TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa), - TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640), - TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670), - TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed), - TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)} - , - {TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7), - TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e), - TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d), - TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef), - TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090), - TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124), - TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3), - TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad), - TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46), - TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505), - TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33), - TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1), - TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0), - TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec), - TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00), - TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695), - TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a), - TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1), - TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1), - TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604), - TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094), - TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33), - TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773), - TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20), - TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0), - TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc), - TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5), - TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846), - TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d), - TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9), - TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2), - TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342), - TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e), - TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f), - TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb), - TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8), - TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c), - TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef), - TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485), - TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799), - TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c), - TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a), - TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374), - TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2), - TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1), - TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f), - TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0), - TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98), - TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa), - TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe), - TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568), - TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6), - TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db), - TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39), - TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed), - TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a), - TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97), - TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe), - TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116), - TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192), - TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e), - TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201), - TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66), - TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11), - TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819), - TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709), - TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671), - TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1), - TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2), - TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a), - TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9), - TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84), - TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f), - TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a), - TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e), - TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a), - TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e), - TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0), - TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f), - TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf), - TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05), - TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596), - TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674), - TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25), - TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825), - TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e), - TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6), - TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5), - TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e), - TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de), - TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7), - TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf), - TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd), - TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad), - TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced), - TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178), - TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547), - TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96), - TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0), - TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98), - TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994), - TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa), - TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa), - TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81), - TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a), - TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148), - TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab), - TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80), - TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3), - TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb), - TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41), - TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa), - TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a), - TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a), - TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd), - TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831), - TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe), - TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6), - TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810), - TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a), - TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a), - TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054), - TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9), - TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4), - TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604), - TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb), - TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff), - TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb), - TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa), - TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d), - TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c), - TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef), - TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857), - TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a), - TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6), - TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35), - TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302), - TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe), - TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f), - TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa), - TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9), - TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a), - TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515), - TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4), - TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642), - TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf), - TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3), - TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac), - TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1), - TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196), - TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77), - TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f), - TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374), - TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6), - TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131), - TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001), - TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd), - TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115), - TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617), - TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b), - TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1), - TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a), - TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c), - TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7), - TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178), - TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770), - TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a), - TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e), - TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b), - TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f), - TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef), - TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686), - TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff), - TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee), - TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2), - TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1), - TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1), - TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7), - TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9), - TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046), - TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6), - TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5), - TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644), - TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197), - TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17), - TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253), - TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be), - TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188), - TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e), - TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf), - TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397), - TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2), - TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571), - TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1), - TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9), - TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa), - TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4), - TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb), - TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575), - TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b), - TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c), - TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af), - TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a), - TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f), - TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900), - TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958), - TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7), - TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5), - TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23), - TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051), - TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0), - TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8), - TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656), - TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4), - TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16), - TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9), - TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57), - TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0), - TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817), - TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490), - TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f), - TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6), - TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637), - TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0), - TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047), - TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44), - TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b), - TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445), - TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8), - TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503), - TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71), - TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d), - TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993), - TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47), - TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203), - TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd), - TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480), - TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733), - TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9), - TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3), - TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1), - TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce), - TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa), - TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd), - TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5), - TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358), - TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b), - TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8), - TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b), - TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562), - TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b), - TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef), - TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9), - TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3), - TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952), - TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636),} - , - {TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00), - TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28), - TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949), - TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742), - TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34), - TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5), - TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc), - TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f), - TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7), - TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3), - TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c), - TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f), - TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a), - TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620), - TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa), - TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6), - TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7), - TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999), - TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c), - TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327), - TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f), - TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb), - TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d), - TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390), - TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590), - TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d), - TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8), - TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015), - TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4), - TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6), - TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3), - TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b), - TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319), - TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e), - TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3), - TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414), - TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5), - TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e), - TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a), - TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f), - TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107), - TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159), - TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567), - TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc), - TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1), - TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b), - TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f), - TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b), - TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176), - TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e), - TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547), - TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707), - TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e), - TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d), - TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909), - TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442), - TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65), - TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b), - TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90), - TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24), - TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc), - TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f), - TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35), - TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98), - TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6), - TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1), - TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182), - TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6), - TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351), - TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491), - TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e), - TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4), - TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688), - TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4), - TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc), - TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c), - TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c), - TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4), - TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e), - TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f), - TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381), - TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7), - TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150), - TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422), - TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391), - TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035), - TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe), - TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9), - TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8), - TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7), - TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c), - TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80), - TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d), - TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e), - TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9), - TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199), - TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7), - TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1), - TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829), - TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97), - TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133), - TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba), - TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139), - TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b), - TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53), - TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60), - TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff), - TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d), - TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6), - TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305), - TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249), - TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8), - TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93), - TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4), - TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f), - TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b), - TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142), - TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5), - TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e), - TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31), - TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452), - TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca), - TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289), - TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37), - TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182), - TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f), - TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d), - TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe), - TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa), - TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409), - TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a), - TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1), - TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b), - TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf), - TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215), - TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b), - TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca), - TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79), - TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1), - TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd), - TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0), - TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06), - TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6), - TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf), - TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd), - TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb), - TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683), - TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208), - TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3), - TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7), - TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db), - TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a), - TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109), - TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32), - TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25), - TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856), - TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b), - TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c), - TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac), - TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d), - TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f), - TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4), - TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1), - TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff), - TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09), - TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc), - TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781), - TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5), - TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502), - TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8), - TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123), - TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112), - TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd), - TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3), - TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770), - TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d), - TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729), - TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b), - TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f), - TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4), - TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f), - TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26), - TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9), - TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf), - TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6), - TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59), - TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce), - TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc), - TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249), - TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d), - TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f), - TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475), - TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b), - TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb), - TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103), - TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9), - TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97), - TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674), - TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46), - TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6), - TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8), - TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337), - TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8), - TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f), - TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96), - TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56), - TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639), - TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a), - TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf), - TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051), - TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab), - TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530), - TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f), - TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96), - TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff), - TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034), - TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076), - TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b), - TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071), - TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b), - TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7), - TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44), - TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9), - TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c), - TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2), - TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1), - TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b), - TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d), - TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576), - TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95), - TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c), - TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f), - TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758), - TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016), - TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3), - TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85), - TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da), - TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3), - TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e), - TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0), - TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d), - TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b), - TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f), - TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8), - TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2), - TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b), - TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe), - TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd), - TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb), - TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b), - TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a), - TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd), - TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d), - TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3), - TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a), - TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)} - , - {TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d), - TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04), - TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d), - TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152), - TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7), - TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc), - TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42), - TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036), - TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e), - TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83), - TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d), - TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3), - TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed), - TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32), - TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b), - TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc), - TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747), - TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f), - TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99), - TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a), - TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc), - TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5), - TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed), - TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533), - TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1), - TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493), - TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549), - TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5), - TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04), - TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d), - TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e), - TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44), - TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5), - TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b), - TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92), - TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e), - TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61), - TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a), - TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b), - TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253), - TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f), - TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1), - TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347), - TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b), - TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7), - TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819), - TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e), - TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6), - TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4), - TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070), - TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b), - TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b), - TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016), - TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a), - TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790), - TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0), - TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371), - TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba), - TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256), - TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6), - TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4), - TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc), - TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0), - TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711), - TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8), - TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c), - TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b), - TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4), - TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a), - TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a), - TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b), - TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5), - TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1), - TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3), - TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe), - TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45), - TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc), - TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6), - TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97), - TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e), - TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5), - TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1), - TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe), - TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc), - TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb), - TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd), - TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b), - TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db), - TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb), - TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048), - TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2), - TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46), - TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b), - TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0), - TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550), - TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418), - TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282), - TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c), - TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc), - TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a), - TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f), - TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4), - TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf), - TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90), - TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe), - TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab), - TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea), - TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b), - TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64), - TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b), - TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae), - TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc), - TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2), - TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6), - TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8), - TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe), - TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0), - TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f), - TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0), - TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6), - TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953), - TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1), - TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4), - TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094), - TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab), - TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831), - TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5), - TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f), - TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5), - TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce), - TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381), - TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897), - TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301), - TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699), - TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20), - TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9), - TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2), - TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910), - TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a), - TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242), - TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f), - TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98), - TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0), - TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6), - TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0), - TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc), - TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7), - TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3), - TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d), - TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e), - TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5), - TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f), - TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d), - TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c), - TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123), - TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c), - TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b), - TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa), - TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524), - TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820), - TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654), - TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c), - TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6), - TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1), - TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32), - TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234), - TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f), - TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8), - TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48), - TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2), - TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e), - TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6), - TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca), - TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55), - TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c), - TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385), - TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a), - TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc), - TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc), - TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce), - TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842), - TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0), - TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce), - TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365), - TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159), - TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181), - TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4), - TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb), - TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a), - TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b), - TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495), - TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95), - TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085), - TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e), - TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049), - TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538), - TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268), - TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff), - TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea), - TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711), - TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975), - TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875), - TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766), - TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c), - TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1), - TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e), - TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a), - TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a), - TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b), - TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025), - TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35), - TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d), - TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603), - TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9), - TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31), - TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934), - TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11), - TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c), - TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3), - TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125), - TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe), - TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920), - TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603), - TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2), - TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28), - TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083), - TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3), - TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0), - TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7), - TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6), - TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608), - TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33), - TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5), - TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066), - TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9), - TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb), - TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937), - TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9), - TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f), - TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c), - TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981), - TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163), - TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95), - TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9), - TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a), - TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831), - TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c), - TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d), - TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb), - TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe), - TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc), - TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a), - TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284), - TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7), - TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84), - TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a),} - , - {TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34), - TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda), - TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7), - TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997), - TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e), - TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448), - TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9), - TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368), - TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc), - TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb), - TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302), - TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106), - TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce), - TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f), - TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7), - TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d), - TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff), - TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc), - TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac), - TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e), - TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3), - TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f), - TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323), - TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591), - TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9), - TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186), - TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0), - TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71), - TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac), - TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff), - TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5), - TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444), - TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8), - TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a), - TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a), - TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e), - TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062), - TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027), - TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3), - TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01), - TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b), - TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef), - TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f), - TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51), - TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745), - TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6), - TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2), - TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310), - TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22), - TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7), - TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8), - TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b), - TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934), - TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7), - TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2), - TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74), - TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df), - TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a), - TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62), - TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9), - TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e), - TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047), - TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9), - TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f), - TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b), - TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d), - TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db), - TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7), - TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1), - TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c), - TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449), - TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9), - TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080), - TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a), - TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785), - TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c), - TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728), - TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6), - TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777), - TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98), - TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d), - TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a), - TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92), - TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6), - TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f), - TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32), - TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6), - TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8), - TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5), - TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267), - TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5), - TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98), - TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b), - TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d), - TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724), - TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232), - TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61), - TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f), - TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43), - TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026), - TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e), - TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383), - TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d), - TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b), - TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91), - TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d), - TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d), - TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e), - TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1), - TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46), - TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67), - TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c), - TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1), - TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741), - TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194), - TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988), - TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85), - TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046), - TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301), - TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb), - TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27), - TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c), - TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29), - TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa), - TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78), - TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75), - TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6), - TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670), - TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988), - TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b), - TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e), - TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2), - TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc), - TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29), - TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee), - TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e), - TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4), - TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89), - TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9), - TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2), - TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1), - TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2), - TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e), - TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6), - TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1), - TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965), - TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97), - TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02), - TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be), - TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b), - TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e), - TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92), - TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f), - TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53), - TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320), - TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433), - TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3), - TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d), - TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f), - TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055), - TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd), - TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9), - TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284), - TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492), - TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f), - TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490), - TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119), - TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba), - TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9), - TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783), - TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c), - TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb), - TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630), - TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce), - TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a), - TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e), - TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331), - TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab), - TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f), - TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b), - TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f), - TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607), - TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5), - TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108), - TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1), - TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb), - TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0), - TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf), - TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d), - TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546), - TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b), - TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d), - TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3), - TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061), - TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f), - TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd), - TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6), - TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1), - TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d), - TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47), - TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29), - TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354), - TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996), - TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528), - TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4), - TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd), - TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb), - TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae), - TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660), - TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9), - TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76), - TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732), - TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082), - TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98), - TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61), - TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3), - TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73), - TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7), - TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297), - TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927), - TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93), - TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396), - TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2), - TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d), - TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74), - TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76), - TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65), - TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4), - TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea), - TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003), - TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783), - TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018), - TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297), - TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc), - TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8), - TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143), - TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167), - TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f), - TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda), - TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664), - TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2), - TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b), - TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab), - TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4), - TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3), - TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2), - TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942), - TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f), - TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097), - TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c), - TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa), - TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360), - TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150), - TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007), - TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5), - TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)} - , - {TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b), - TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab), - TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f), - TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55), - TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2), - TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df), - TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c), - TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf), - TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410), - TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7), - TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c), - TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca), - TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b), - TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d), - TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450), - TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515), - TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e), - TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284), - TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6), - TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8), - TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4), - TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd), - TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3), - TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8), - TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08), - TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de), - TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b), - TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2), - TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8), - TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb), - TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e), - TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef), - TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd), - TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2), - TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334), - TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a), - TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea), - TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875), - TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b), - TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216), - TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0), - TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243), - TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26), - TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202), - TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7), - TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8), - TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99), - TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4), - TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16), - TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619), - TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a), - TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0), - TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943), - TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463), - TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa), - TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544), - TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986), - TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97), - TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5), - TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd), - TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6), - TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe), - TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19), - TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4), - TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db), - TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e), - TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53), - TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51), - TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd), - TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191), - TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5), - TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01), - TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475), - TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d), - TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e), - TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f), - TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce), - TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38), - TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd), - TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d), - TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9), - TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50), - TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994), - TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d), - TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd), - TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5), - TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8), - TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209), - TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8), - TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a), - TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633), - TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62), - TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c), - TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6), - TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2), - TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42), - TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151), - TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51), - TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d), - TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9), - TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7), - TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4), - TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c), - TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b), - TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5), - TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc), - TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c), - TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18), - TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29), - TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d), - TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c), - TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4), - TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f), - TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec), - TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14), - TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65), - TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d), - TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5), - TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090), - TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef), - TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee), - TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2), - TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4), - TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b), - TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166), - TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007), - TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2), - TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe), - TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f), - TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce), - TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a), - TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71), - TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6), - TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421), - TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a), - TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f), - TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd), - TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03), - TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca), - TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b), - TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e), - TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702), - TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007), - TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447), - TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f), - TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1), - TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172), - TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48), - TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00), - TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361), - TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446), - TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41), - TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224), - TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d), - TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937), - TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273), - TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221), - TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1), - TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc), - TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c), - TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca), - TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5), - TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02), - TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c), - TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169), - TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f), - TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d), - TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252), - TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879), - TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3), - TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4), - TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d), - TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927), - TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af), - TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97), - TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79), - TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03), - TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f), - TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca), - TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc), - TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062), - TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13), - TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e), - TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693), - TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf), - TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8), - TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6), - TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a), - TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad), - TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281), - TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4), - TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa), - TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9), - TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2), - TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63), - TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781), - TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c), - TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7), - TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da), - TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99), - TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8), - TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9), - TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c), - TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21), - TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608), - TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2), - TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89), - TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5), - TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88), - TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262), - TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3), - TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e), - TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d), - TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649), - TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c), - TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac), - TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c), - TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca), - TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1), - TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd), - TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1), - TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c), - TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a), - TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757), - TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029), - TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015), - TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5), - TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51), - TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9), - TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07), - TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a), - TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650), - TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba), - TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839), - TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc), - TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc), - TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292), - TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6), - TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e), - TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9), - TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5), - TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01), - TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3), - TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96), - TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd), - TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec), - TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd), - TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf), - TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8), - TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c), - TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f), - TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf), - TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a), - TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d), - TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2), - TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)} - , - {TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78), - TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a), - TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051), - TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39), - TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c), - TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452), - TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4), - TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b), - TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c), - TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14), - TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0), - TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270), - TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205), - TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb), - TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e), - TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3), - TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8), - TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb), - TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8), - TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd), - TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb), - TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3), - TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9), - TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b), - TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5), - TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2), - TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61), - TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5), - TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd), - TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9), - TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846), - TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7), - TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c), - TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf), - TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996), - TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47), - TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66), - TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0), - TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4), - TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36), - TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be), - TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad), - TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760), - TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74), - TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154), - TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb), - TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56), - TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a), - TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568), - TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c), - TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d), - TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385), - TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1), - TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081), - TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91), - TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa), - TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316), - TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47), - TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4), - TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345), - TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954), - TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126), - TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24), - TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394), - TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb), - TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9), - TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76), - TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e), - TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5), - TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb), - TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb), - TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be), - TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597), - TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1), - TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09), - TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f), - TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7), - TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e), - TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08), - TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c), - TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03), - TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6), - TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48), - TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745), - TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082), - TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5), - TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f), - TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5), - TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947), - TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539), - TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a), - TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002), - TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb), - TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948), - TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73), - TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e), - TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647), - TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5), - TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490), - TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f), - TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea), - TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3), - TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e), - TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516), - TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e), - TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc), - TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d), - TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604), - TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b), - TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2), - TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2), - TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e), - TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290), - TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4), - TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638), - TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa), - TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307), - TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac), - TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8), - TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8), - TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2), - TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9), - TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095), - TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9), - TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2), - TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849), - TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e), - TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638), - TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506), - TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb), - TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d), - TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4), - TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14), - TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34), - TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10), - TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9), - TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79), - TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b), - TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57), - TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca), - TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb), - TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4), - TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591), - TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f), - TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6), - TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d), - TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d), - TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a), - TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1), - TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706), - TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055), - TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3), - TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810), - TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4), - TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762), - TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96), - TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655), - TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6), - TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f), - TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878), - TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9), - TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b), - TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21), - TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982), - TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13), - TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd), - TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7), - TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0), - TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea), - TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355), - TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901), - TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac), - TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965), - TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436), - TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315), - TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef), - TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a), - TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6), - TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0), - TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4), - TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0), - TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af), - TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271), - TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a), - TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5), - TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364), - TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b), - TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5), - TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66), - TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea), - TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726), - TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4), - TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d), - TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984), - TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc), - TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d), - TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7), - TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2), - TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10), - TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28), - TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b), - TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5), - TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33), - TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c), - TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810), - TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68), - TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e), - TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125), - TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f), - TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3), - TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979), - TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba), - TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c), - TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e), - TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737), - TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e), - TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525), - TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c), - TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64), - TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5), - TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d), - TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77), - TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85), - TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5), - TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e), - TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946), - TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498), - TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1), - TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477), - TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c), - TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642), - TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224), - TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3), - TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017), - TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421), - TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6), - TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319), - TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e), - TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc), - TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205), - TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402), - TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808), - TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff), - TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2), - TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1), - TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199), - TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51), - TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418), - TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145), - TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496), - TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a), - TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d), - TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c), - TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b), - TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2), - TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)} - , - {TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6), - TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1), - TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866), - TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5), - TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760), - TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d), - TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251), - TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8), - TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8), - TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a), - TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a), - TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954), - TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915), - TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911), - TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc), - TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a), - TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49), - TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a), - TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11), - TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3), - TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593), - TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5), - TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83), - TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698), - TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729), - TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0), - TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e), - TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c), - TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982), - TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509), - TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268), - TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b), - TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf), - TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f), - TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295), - TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585), - TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d), - TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d), - TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db), - TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8), - TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823), - TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690), - TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec), - TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3), - TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217), - TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f), - TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074), - TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c), - TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511), - TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649), - TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0), - TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70), - TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea), - TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35), - TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686), - TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840), - TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7), - TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9), - TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a), - TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86), - TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53), - TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd), - TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190), - TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a), - TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683), - TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc), - TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524), - TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66), - TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5), - TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac), - TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766), - TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1), - TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1), - TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea), - TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2), - TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d), - TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e), - TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b), - TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261), - TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83), - TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02), - TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920), - TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540), - TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38), - TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17), - TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad), - TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e), - TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2), - TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08), - TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2), - TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b), - TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424), - TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99), - TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6), - TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453), - TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e), - TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6), - TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6), - TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea), - TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930), - TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272), - TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf), - TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1), - TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0), - TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af), - TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c), - TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e), - TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e), - TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82), - TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e), - TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c), - TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54), - TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f), - TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b), - TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369), - TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c), - TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b), - TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df), - TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af), - TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a), - TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469), - TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f), - TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f), - TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462), - TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca), - TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555), - TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204), - TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a), - TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8), - TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758), - TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5), - TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455), - TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972), - TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e), - TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd), - TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e), - TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9), - TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25), - TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d), - TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11), - TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31), - TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53), - TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44), - TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802), - TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71), - TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362), - TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c), - TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef), - TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320), - TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3), - TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6), - TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830), - TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432), - TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73), - TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49), - TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008), - TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57), - TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8), - TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065), - TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c), - TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89), - TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e), - TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6), - TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3), - TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b), - TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212), - TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78), - TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057), - TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316), - TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391), - TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd), - TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7), - TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392), - TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb), - TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69), - TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe), - TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154), - TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23), - TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149), - TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732), - TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0), - TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2), - TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95), - TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04), - TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599), - TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0), - TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696), - TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab), - TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d), - TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d), - TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1), - TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1), - TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4), - TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974), - TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0), - TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a), - TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf), - TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b), - TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9), - TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851), - TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a), - TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051), - TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78), - TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e), - TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5), - TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc), - TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a), - TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd), - TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453), - TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2), - TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6), - TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f), - TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7), - TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1), - TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f), - TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1), - TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c), - TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a), - TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9), - TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8), - TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169), - TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2), - TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452), - TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0), - TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8), - TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4), - TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93), - TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d), - TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7), - TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b), - TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c), - TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f), - TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7), - TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9), - TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96), - TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b), - TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c), - TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5), - TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c), - TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9), - TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0), - TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183), - TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e), - TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e), - TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76), - TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b), - TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167), - TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12), - TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6), - TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a), - TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963), - TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92), - TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235), - TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a), - TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d), - TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494),} - , - {TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65), - TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860), - TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f), - TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50), - TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d), - TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6), - TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d), - TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee), - TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5), - TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca), - TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2), - TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf), - TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867), - TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6), - TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65), - TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe), - TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976), - TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3), - TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837), - TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1), - TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4), - TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6), - TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae), - TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4), - TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624), - TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c), - TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6), - TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f), - TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f), - TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d), - TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a), - TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011), - TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0), - TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854), - TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459), - TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3), - TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f), - TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c), - TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941), - TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe), - TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6), - TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c), - TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919), - TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce), - TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860), - TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa), - TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073), - TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd), - TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2), - TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a), - TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91), - TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615), - TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270), - TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f), - TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664), - TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d), - TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e), - TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a), - TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77), - TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32), - TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e), - TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c), - TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e), - TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517), - TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be), - TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664), - TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a), - TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700), - TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9), - TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152), - TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a), - TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb), - TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b), - TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db), - TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85), - TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad), - TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab), - TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662), - TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f), - TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02), - TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22), - TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e), - TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5), - TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70), - TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8), - TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993), - TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0), - TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c), - TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c), - TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682), - TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85), - TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb), - TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b), - TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef), - TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1), - TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59), - TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26), - TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e), - TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296), - TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb), - TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5), - TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d), - TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47), - TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87), - TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75), - TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130), - TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769), - TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5), - TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb), - TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5), - TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c), - TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed), - TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496), - TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7), - TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936), - TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e), - TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2), - TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d), - TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670), - TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade), - TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f), - TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252), - TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336), - TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597), - TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf), - TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11), - TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3), - TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7), - TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c), - TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4), - TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e), - TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075), - TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05), - TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493), - TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a), - TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6), - TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a), - TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1), - TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d), - TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc), - TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15), - TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77), - TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11), - TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9), - TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef), - TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f), - TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759), - TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0), - TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf), - TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee), - TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455), - TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408), - TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e), - TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954), - TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec), - TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626), - TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35), - TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c), - TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c), - TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e), - TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d), - TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80), - TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849), - TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11), - TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d), - TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47), - TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1), - TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4), - TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448), - TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9), - TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286), - TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f), - TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4), - TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521), - TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c), - TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4), - TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433), - TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8), - TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d), - TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092), - TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2), - TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7), - TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524), - TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71), - TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8), - TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816), - TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8), - TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c), - TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b), - TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b), - TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a), - TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063), - TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89), - TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb), - TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084), - TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef), - TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4), - TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab), - TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca), - TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0), - TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c), - TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675), - TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c), - TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014), - TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2), - TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52), - TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f), - TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964), - TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a), - TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed), - TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e), - TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1), - TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6), - TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c), - TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681), - TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f), - TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789), - TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885), - TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895), - TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e), - TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52), - TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8), - TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939), - TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6), - TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba), - TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04), - TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741), - TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb), - TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7), - TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4), - TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe), - TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b), - TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a), - TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480), - TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4), - TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c), - TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5), - TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08), - TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74), - TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4), - TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb), - TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a), - TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5), - TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816), - TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5), - TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5), - TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89), - TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b), - TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de), - TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d), - TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e), - TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b), - TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06), - TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d), - TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc), - TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b),} - , - {TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5), - TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d), - TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e), - TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798), - TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1), - TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee), - TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153), - TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8), - TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83), - TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7), - TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae), - TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658), - TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704), - TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8), - TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6), - TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac), - TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84), - TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4), - TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b), - TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a), - TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f), - TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c), - TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59), - TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31), - TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6), - TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69), - TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723), - TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879), - TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0), - TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c), - TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca), - TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6), - TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f), - TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755), - TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9), - TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926), - TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2), - TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2), - TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7), - TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08), - TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c), - TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99), - TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4), - TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f), - TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144), - TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b), - TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5), - TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128), - TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08), - TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4), - TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9), - TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f), - TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de), - TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889), - TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca), - TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131), - TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6), - TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8), - TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120), - TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77), - TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82), - TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee), - TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6), - TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad), - TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5), - TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948), - TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc), - TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff), - TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a), - TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e), - TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62), - TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1), - TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45), - TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916), - TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd), - TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d), - TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015), - TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7), - TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5), - TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8), - TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8), - TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4), - TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666), - TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7), - TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21), - TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78), - TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066), - TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0), - TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7), - TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25), - TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686), - TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776), - TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5), - TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada), - TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99), - TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66), - TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2), - TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3), - TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2), - TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148), - TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd), - TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8), - TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a), - TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00), - TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02), - TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac), - TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb), - TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52), - TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027), - TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689), - TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac), - TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8), - TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18), - TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66), - TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff), - TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a), - TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513), - TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67), - TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822), - TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2), - TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24), - TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d), - TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4), - TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147), - TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18), - TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351), - TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694), - TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e), - TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301), - TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21), - TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c), - TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a), - TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1), - TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e), - TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d), - TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887), - TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a), - TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291), - TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9), - TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286), - TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff), - TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb), - TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce), - TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af), - TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463), - TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5), - TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3), - TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6), - TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2), - TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab), - TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d), - TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d), - TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4), - TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033), - TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226), - TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46), - TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997), - TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb), - TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f), - TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78), - TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8), - TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e), - TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506), - TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466), - TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b), - TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7), - TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40), - TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768), - TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b), - TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f), - TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071), - TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7), - TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae), - TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03), - TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b), - TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168), - TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49), - TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922), - TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e), - TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c), - TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547), - TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451), - TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c), - TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f), - TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754), - TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171), - TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e), - TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c), - TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8), - TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03), - TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6), - TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7), - TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375), - TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0), - TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911), - TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09), - TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7), - TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c), - TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64), - TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0), - TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416), - TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9), - TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791), - TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7), - TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877), - TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035), - TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79), - TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090), - TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622), - TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb), - TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe), - TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98), - TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10), - TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140), - TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166), - TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2), - TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b), - TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7), - TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380), - TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c), - TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c), - TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe), - TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2), - TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707), - TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0), - TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7), - TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6), - TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9), - TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db), - TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3), - TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d), - TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1), - TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149), - TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51), - TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28), - TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558), - TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e), - TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43), - TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b), - TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48), - TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6), - TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8), - TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c), - TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657), - TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55), - TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a), - TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d), - TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f), - TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d), - TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24), - TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c), - TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048), - TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43), - TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7), - TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b), - TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699),} - , - {TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98), - TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021), - TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d), - TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3), - TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34), - TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da), - TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc), - TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4), - TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd), - TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc), - TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1), - TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952), - TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805), - TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19), - TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c), - TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655), - TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c), - TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69), - TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461), - TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4), - TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087), - TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268), - TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9), - TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e), - TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458), - TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb), - TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e), - TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446), - TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d), - TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637), - TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87), - TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5), - TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3), - TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2), - TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432), - TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24), - TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d), - TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c), - TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973), - TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b), - TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679), - TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873), - TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70), - TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a), - TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a), - TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1), - TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0), - TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d), - TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545), - TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13), - TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8), - TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684), - TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff), - TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161), - TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d), - TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1), - TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575), - TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b), - TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5), - TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e), - TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25), - TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca), - TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0), - TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8), - TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98), - TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da), - TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc), - TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a), - TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd), - TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc), - TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4), - TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253), - TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4), - TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7), - TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6), - TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8), - TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d), - TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c), - TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255), - TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce), - TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a), - TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc), - TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f), - TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6), - TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70), - TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1), - TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f), - TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f), - TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79), - TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472), - TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a), - TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2), - TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa), - TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656), - TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec), - TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa), - TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44), - TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8), - TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4), - TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a), - TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a), - TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d), - TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0), - TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f), - TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110), - TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1), - TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547), - TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351), - TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f), - TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef), - TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb), - TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced), - TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb), - TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4), - TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b), - TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c), - TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9), - TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32), - TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768), - TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6), - TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930), - TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38), - TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80), - TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634), - TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681), - TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3), - TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b), - TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a), - TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7), - TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb), - TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79), - TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c), - TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2), - TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b), - TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0), - TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718), - TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381), - TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d), - TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71), - TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b), - TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41), - TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a), - TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99), - TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636), - TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49), - TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce), - TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1), - TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049), - TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541), - TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb), - TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0), - TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40), - TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e), - TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086), - TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed), - TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34), - TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342), - TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51), - TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f), - TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3), - TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f), - TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60), - TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f), - TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4), - TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a), - TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2), - TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c), - TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8), - TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b), - TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247), - TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d), - TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c), - TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10), - TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0), - TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d), - TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a), - TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2), - TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097), - TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae), - TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc), - TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc), - TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58), - TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c), - TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141), - TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9), - TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8), - TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62), - TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9), - TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df), - TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5), - TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b), - TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535), - TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd), - TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112), - TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec), - TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe), - TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361), - TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77), - TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e), - TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e), - TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429), - TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc), - TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f), - TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e), - TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372), - TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332), - TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4), - TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29), - TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5), - TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04), - TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f), - TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc), - TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39), - TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29), - TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb), - TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04), - TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7), - TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61), - TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e), - TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961), - TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6), - TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc), - TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e), - TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af), - TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f), - TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab), - TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9), - TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204), - TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e), - TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2), - TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c), - TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03), - TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98), - TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42), - TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8), - TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43), - TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8), - TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86), - TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d), - TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79), - TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404), - TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9), - TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314), - TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5), - TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae), - TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357), - TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d), - TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477), - TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7), - TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80), - TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d), - TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527), - TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da), - TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad), - TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17), - TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25),} - , - {TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58), - TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85), - TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e), - TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a), - TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc), - TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3), - TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2), - TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8), - TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2), - TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe), - TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d), - TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53), - TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be), - TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336), - TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933), - TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f), - TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe), - TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc), - TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326), - TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272), - TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e), - TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f), - TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c), - TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7), - TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9), - TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918), - TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457), - TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60), - TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44), - TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a), - TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017), - TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7), - TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03), - TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef), - TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1), - TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a), - TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b), - TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947), - TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b), - TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa), - TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599), - TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1), - TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492), - TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df), - TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556), - TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2), - TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f), - TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31), - TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0), - TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e), - TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6), - TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195), - TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f), - TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15), - TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4), - TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff), - TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1), - TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c), - TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9), - TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc), - TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0), - TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1), - TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8), - TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4), - TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5), - TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a), - TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0), - TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca), - TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f), - TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b), - TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37), - TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc), - TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1), - TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613), - TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6), - TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8), - TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc), - TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984), - TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18), - TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a), - TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895), - TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5), - TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d), - TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33), - TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44), - TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b), - TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7), - TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120), - TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b), - TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9), - TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a), - TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504), - TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801), - TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2), - TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e), - TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216), - TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924), - TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169), - TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8), - TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a), - TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0), - TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd), - TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8), - TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7), - TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c), - TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7), - TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556), - TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb), - TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091), - TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749), - TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6), - TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722), - TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1), - TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce), - TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863), - TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1), - TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5), - TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836), - TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf), - TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825), - TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99), - TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e), - TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3), - TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6), - TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7), - TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5), - TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99), - TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03), - TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f), - TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5), - TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516), - TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9), - TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f), - TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235), - TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674), - TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e), - TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf), - TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05), - TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748), - TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e), - TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d), - TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c), - TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601), - TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca), - TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f), - TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f), - TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf), - TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a), - TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564), - TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6), - TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695), - TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46), - TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e), - TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15), - TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955), - TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c), - TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154), - TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29), - TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840), - TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb), - TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451), - TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e), - TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece), - TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a), - TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c), - TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364), - TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8), - TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63), - TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35), - TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6), - TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d), - TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a), - TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f), - TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391), - TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230), - TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0), - TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8), - TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d), - TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801), - TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b), - TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b), - TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5), - TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009), - TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0), - TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427), - TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d), - TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840), - TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134), - TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0), - TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390), - TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9), - TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3), - TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d), - TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7), - TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d), - TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb), - TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1), - TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326), - TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d), - TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89), - TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90), - TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec), - TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df), - TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf), - TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2), - TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75), - TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e), - TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016), - TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd), - TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719), - TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700), - TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638), - TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50), - TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58), - TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0), - TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb), - TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef), - TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257), - TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a), - TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0), - TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609), - TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2), - TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6), - TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce), - TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f), - TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319), - TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb), - TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5), - TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed), - TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b), - TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2), - TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b), - TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25), - TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624), - TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79), - TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd), - TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b), - TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d), - TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442), - TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e), - TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5), - TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19), - TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57), - TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc), - TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f), - TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3), - TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0), - TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce), - TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1), - TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672), - TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d), - TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba), - TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97), - TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69), - TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81), - TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328),} - , - {TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd), - TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5), - TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af), - TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82), - TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a), - TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3), - TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d), - TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755), - TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638), - TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f), - TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1), - TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23), - TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2), - TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4), - TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105), - TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329), - TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a), - TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897), - TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57), - TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2), - TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49), - TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69), - TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2), - TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3), - TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817), - TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164), - TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263), - TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32), - TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a), - TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f), - TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1), - TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94), - TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558), - TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9), - TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22), - TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f), - TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f), - TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b), - TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7), - TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0), - TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752), - TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf), - TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d), - TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6), - TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5), - TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58), - TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177), - TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477), - TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4), - TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6), - TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54), - TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c), - TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b), - TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b), - TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c), - TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4), - TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f), - TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e), - TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487), - TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a), - TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658), - TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6), - TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803), - TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f), - TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8), - TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893), - TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f), - TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7), - TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0), - TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794), - TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e), - TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee), - TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c), - TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989), - TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b), - TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84), - TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946), - TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc), - TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae), - TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb), - TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038), - TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0), - TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6), - TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba), - TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6), - TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25), - TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4), - TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8), - TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4), - TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d), - TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5), - TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b), - TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d), - TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8), - TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6), - TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae), - TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc), - TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40), - TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95), - TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913), - TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88), - TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e), - TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034), - TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334), - TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397), - TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2), - TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0), - TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd), - TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10), - TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8), - TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62), - TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8), - TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b), - TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075), - TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e), - TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312), - TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e), - TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d), - TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb), - TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a), - TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261), - TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d), - TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb), - TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c), - TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5), - TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0), - TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee), - TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28), - TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173), - TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f), - TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01), - TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40), - TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d), - TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5), - TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1), - TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574), - TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979), - TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d), - TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7), - TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d), - TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b), - TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638), - TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36), - TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a), - TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253), - TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467), - TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94), - TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311), - TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1), - TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea), - TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6), - TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a), - TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac), - TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d), - TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354), - TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9), - TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4), - TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b), - TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94), - TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074), - TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f), - TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60), - TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690), - TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431), - TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd), - TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e), - TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e), - TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828), - TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d), - TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe), - TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345), - TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d), - TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6), - TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8), - TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c), - TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d), - TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2), - TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126), - TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395), - TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64), - TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57), - TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9), - TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789), - TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7), - TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5), - TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced), - TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96), - TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554), - TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84), - TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0), - TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88), - TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0), - TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d), - TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9), - TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32), - TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351), - TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260), - TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8), - TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490), - TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d), - TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6), - TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec), - TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627), - TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed), - TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45), - TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1), - TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048), - TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597), - TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556), - TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577), - TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5), - TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094), - TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1), - TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f), - TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96), - TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56), - TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236), - TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2), - TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0), - TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a), - TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228), - TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa), - TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e), - TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48), - TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5), - TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77), - TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f), - TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e), - TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74), - TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a), - TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069), - TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436), - TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6), - TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd), - TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999), - TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9), - TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829), - TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8), - TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df), - TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae), - TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7), - TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70), - TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b), - TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f), - TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9), - TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7), - TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb), - TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6), - TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63), - TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da), - TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b), - TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79), - TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e), - TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860), - TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b), - TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745),} - , - {TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d), - TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea), - TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151), - TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98), - TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e), - TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f), - TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260), - TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b), - TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371), - TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee), - TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3), - TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25), - TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df), - TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5), - TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27), - TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644), - TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d), - TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8), - TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5), - TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248), - TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f), - TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46), - TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6), - TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609), - TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd), - TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848), - TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb), - TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6), - TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863), - TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e), - TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456), - TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276), - TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077), - TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875), - TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481), - TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9), - TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19), - TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60), - TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995), - TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508), - TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e), - TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a), - TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803), - TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1), - TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d), - TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842), - TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e), - TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837), - TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5), - TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442), - TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca), - TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf), - TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5), - TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3), - TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6), - TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186), - TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa), - TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415), - TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115), - TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9), - TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9), - TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907), - TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f), - TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df), - TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826), - TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69), - TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48), - TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8), - TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02), - TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846), - TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4), - TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3), - TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9), - TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c), - TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac), - TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188), - TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262), - TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2), - TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971), - TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f), - TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b), - TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21), - TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41), - TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1), - TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57), - TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931), - TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc), - TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033), - TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180), - TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894), - TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c), - TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15), - TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a), - TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31), - TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186), - TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795), - TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9), - TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024), - TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d), - TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259), - TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc), - TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e), - TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8), - TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7), - TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4), - TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39), - TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190), - TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b), - TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b), - TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab), - TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790), - TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2), - TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7), - TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a), - TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854), - TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848), - TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1), - TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9), - TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd), - TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476), - TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3), - TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2), - TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d), - TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb), - TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77), - TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b), - TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3), - TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0), - TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b), - TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d), - TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8), - TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31), - TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b), - TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b), - TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb), - TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4), - TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641), - TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055), - TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5), - TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727), - TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e), - TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3), - TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55), - TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74), - TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7), - TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36), - TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369), - TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d), - TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8), - TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2), - TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26), - TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e), - TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366), - TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865), - TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf), - TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2), - TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923), - TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2), - TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1), - TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3), - TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863), - TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017), - TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e), - TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529), - TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac), - TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08), - TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475), - TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea), - TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd), - TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de), - TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a), - TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef), - TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58), - TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815), - TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4), - TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff), - TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc), - TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583), - TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe), - TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e), - TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9), - TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507), - TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0), - TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d), - TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997), - TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536), - TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680), - TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda), - TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b), - TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12), - TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d), - TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e), - TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a), - TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154), - TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b), - TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef), - TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e), - TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f), - TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2), - TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094), - TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5), - TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b), - TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a), - TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594), - TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d), - TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223), - TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06), - TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40), - TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd), - TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8), - TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249), - TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd), - TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1), - TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e), - TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e), - TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93), - TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42), - TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5), - TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60), - TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf), - TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f), - TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557), - TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8), - TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8), - TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99), - TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c), - TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd), - TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56), - TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd), - TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e), - TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d), - TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929), - TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660), - TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329), - TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299), - TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8), - TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf), - TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7), - TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27), - TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120), - TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939), - TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4), - TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880), - TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120), - TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546), - TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b), - TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27), - TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3), - TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36), - TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1), - TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142), - TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66), - TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd), - TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6), - TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366), - TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83),} - , - {TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b), - TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325), - TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707), - TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174), - TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4), - TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea), - TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3), - TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad), - TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e), - TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9), - TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98), - TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9), - TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b), - TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394), - TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9), - TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0), - TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173), - TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb), - TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394), - TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7), - TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442), - TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b), - TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127), - TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35), - TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb), - TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b), - TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c), - TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c), - TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f), - TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7), - TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac), - TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818), - TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc), - TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a), - TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc), - TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0), - TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93), - TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de), - TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee), - TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7), - TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea), - TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9), - TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b), - TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5), - TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2), - TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe), - TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635), - TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2), - TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341), - TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b), - TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43), - TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27), - TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356), - TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b), - TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6), - TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714), - TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9), - TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc), - TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b), - TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f), - TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5), - TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f), - TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341), - TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7), - TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd), - TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf), - TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c), - TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa), - TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0), - TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd), - TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586), - TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817), - TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37), - TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51), - TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0), - TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c), - TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a), - TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b), - TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f), - TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f), - TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2), - TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1), - TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3), - TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50), - TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92), - TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca), - TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63), - TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8), - TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f), - TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f), - TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4), - TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0), - TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645), - TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed), - TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba), - TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2), - TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f), - TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933), - TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d), - TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063), - TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8), - TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8), - TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df), - TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff), - TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef), - TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d), - TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a), - TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938), - TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6), - TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92), - TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda), - TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65), - TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f), - TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4), - TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf), - TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87), - TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458), - TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d), - TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5), - TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469), - TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41), - TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee), - TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f), - TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3), - TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f), - TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2), - TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069), - TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5), - TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b), - TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047), - TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f), - TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f), - TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7), - TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0), - TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d), - TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4), - TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f), - TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472), - TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c), - TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2), - TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32), - TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a), - TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080), - TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8), - TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce), - TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796), - TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79), - TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b), - TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106), - TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433), - TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102), - TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b), - TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02), - TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f), - TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34), - TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724), - TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f), - TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd), - TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a), - TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc), - TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2), - TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a), - TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a), - TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f), - TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237), - TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9), - TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd), - TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62), - TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87), - TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd), - TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6), - TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f), - TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7), - TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886), - TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea), - TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a), - TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35), - TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db), - TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b), - TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7), - TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72), - TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25), - TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61), - TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d), - TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068), - TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53), - TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632), - TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f), - TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387), - TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e), - TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067), - TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f), - TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9), - TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c), - TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d), - TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748), - TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135), - TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631), - TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a), - TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d), - TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8), - TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad), - TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b), - TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0), - TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51), - TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05), - TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb), - TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c), - TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce), - TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9), - TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf), - TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1), - TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8), - TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624), - TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6), - TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4), - TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde), - TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13), - TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee), - TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710), - TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3), - TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100), - TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a), - TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d), - TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c), - TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df), - TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093), - TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6), - TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4), - TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2), - TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11), - TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c), - TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab), - TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c), - TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400), - TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79), - TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4), - TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d), - TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8), - TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930), - TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7), - TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303), - TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e), - TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade), - TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b), - TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b), - TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927), - TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20), - TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd), - TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6), - TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288), - TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e), - TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8), - TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d), - TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362), - TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b),} - , - {TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2), - TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400), - TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e), - TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9), - TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7), - TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e), - TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a), - TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab), - TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e), - TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d), - TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1), - TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e), - TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07), - TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325), - TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386), - TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8), - TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90), - TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df), - TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64), - TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286), - TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04), - TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069), - TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf), - TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708), - TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299), - TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6), - TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32), - TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671), - TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370), - TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3), - TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103), - TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d), - TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea), - TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe), - TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b), - TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913), - TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a), - TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb), - TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e), - TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6), - TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a), - TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613), - TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129), - TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3), - TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026), - TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac), - TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7), - TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317), - TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5), - TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3), - TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a), - TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac), - TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed), - TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613), - TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16), - TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61), - TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992), - TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2), - TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e), - TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10), - TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd), - TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064), - TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2), - TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d), - TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57), - TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a), - TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21), - TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a), - TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580), - TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3), - TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f), - TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4), - TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311), - TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47), - TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f), - TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48), - TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06), - TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1), - TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2), - TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1), - TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2), - TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836), - TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686), - TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9), - TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4), - TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555), - TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f), - TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79), - TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905), - TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f), - TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8), - TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a), - TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269), - TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b), - TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22), - TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809), - TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a), - TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87), - TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36), - TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a), - TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf), - TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea), - TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10), - TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365), - TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127), - TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d), - TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299), - TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c), - TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1), - TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c), - TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8), - TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd), - TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd), - TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd), - TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27), - TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97), - TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb), - TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a), - TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43), - TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be), - TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09), - TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468), - TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1), - TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448), - TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5), - TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069), - TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9), - TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6), - TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3), - TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a), - TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4), - TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66), - TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d), - TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00), - TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4), - TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8), - TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586), - TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f), - TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8), - TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce), - TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141), - TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083), - TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1), - TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c), - TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc), - TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be), - TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3), - TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19), - TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d), - TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079), - TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d), - TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5), - TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868), - TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d), - TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80), - TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944), - TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137), - TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801), - TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c), - TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02), - TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e), - TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e), - TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681), - TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa), - TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98), - TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2), - TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92), - TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7), - TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5), - TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2), - TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef), - TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8), - TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a), - TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d), - TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f), - TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f), - TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220), - TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056), - TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28), - TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b), - TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a), - TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0), - TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54), - TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86), - TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f), - TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6), - TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751), - TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec), - TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654), - TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149), - TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3), - TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1), - TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae), - TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5), - TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062), - TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef), - TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f), - TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1), - TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c), - TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d), - TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373), - TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76), - TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a), - TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d), - TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0), - TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057), - TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24), - TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3), - TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922), - TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a), - TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4), - TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382), - TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318), - TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685), - TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a), - TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c), - TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d), - TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac), - TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc), - TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92), - TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b), - TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794), - TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38), - TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48), - TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791), - TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616), - TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f), - TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802), - TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb), - TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3), - TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5), - TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c), - TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb), - TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68), - TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157), - TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856), - TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783), - TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05), - TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd), - TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f), - TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e), - TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614), - TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d), - TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff), - TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004), - TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5), - TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1), - TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7), - TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993), - TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233), - TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552), - TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19), - TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8), - TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054), - TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3), - TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74),} - , - {TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c), - TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f), - TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a), - TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1), - TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa), - TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068), - TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399), - TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2), - TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240), - TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd), - TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242), - TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de), - TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3), - TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6), - TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1), - TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234), - TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a), - TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52), - TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62), - TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9), - TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21), - TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00), - TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab), - TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c), - TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5), - TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863), - TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7), - TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87), - TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6), - TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3), - TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501), - TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b), - TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6), - TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52), - TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d), - TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd), - TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf), - TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e), - TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac), - TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0), - TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c), - TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d), - TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6), - TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6), - TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9), - TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e), - TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc), - TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d), - TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10), - TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9), - TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9), - TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499), - TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947), - TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f), - TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571), - TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369), - TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566), - TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5), - TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324), - TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3), - TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd), - TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969), - TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1), - TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c), - TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332), - TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8), - TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33), - TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7), - TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48), - TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f), - TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2), - TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b), - TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636), - TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5), - TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b), - TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc), - TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f), - TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c), - TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f), - TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116), - TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14), - TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289), - TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09), - TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388), - TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed), - TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e), - TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04), - TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b), - TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909), - TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c), - TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f), - TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480), - TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680), - TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9), - TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d), - TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21), - TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850), - TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc), - TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842), - TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc), - TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427), - TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b), - TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45), - TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130), - TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa), - TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692), - TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf), - TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b), - TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5), - TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a), - TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c), - TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156), - TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f), - TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b), - TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0), - TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5), - TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669), - TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc), - TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee), - TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b), - TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8), - TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8), - TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48), - TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841), - TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4), - TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad), - TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd), - TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443), - TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96), - TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb), - TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b), - TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d), - TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727), - TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff), - TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f), - TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf), - TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556), - TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361), - TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa), - TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140), - TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978), - TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e), - TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50), - TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e), - TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6), - TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0), - TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648), - TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174), - TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5), - TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc), - TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d), - TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914), - TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d), - TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb), - TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e), - TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17), - TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0), - TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f), - TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34), - TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366), - TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f), - TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178), - TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976), - TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932), - TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914), - TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a), - TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09), - TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6), - TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430), - TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450), - TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23), - TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481), - TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517), - TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932), - TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a), - TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853), - TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e), - TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b), - TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40), - TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494), - TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b), - TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c), - TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d), - TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135), - TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69), - TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd), - TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d), - TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0), - TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c), - TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e), - TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1), - TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f), - TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c), - TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab), - TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a), - TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f), - TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c), - TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80), - TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba), - TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599), - TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297), - TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c), - TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f), - TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54), - TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38), - TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d), - TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c), - TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a), - TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165), - TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8), - TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86), - TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038), - TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177), - TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b), - TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb), - TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0), - TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475), - TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3), - TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37), - TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a), - TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649), - TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d), - TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf), - TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9), - TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac), - TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a), - TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224), - TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3), - TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b), - TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe), - TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff), - TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353), - TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906), - TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743), - TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27), - TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd), - TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda), - TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2), - TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288), - TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a), - TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74), - TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710), - TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf), - TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5), - TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611), - TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10), - TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6), - TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29), - TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86), - TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279), - TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4), - TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318), - TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc), - TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc), - TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3), - TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762),} - , - {TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f), - TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61), - TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20), - TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc), - TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235), - TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7), - TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60), - TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152), - TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e), - TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093), - TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8), - TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28), - TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573), - TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e), - TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16), - TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5), - TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3), - TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d), - TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6), - TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0), - TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6), - TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965), - TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123), - TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d), - TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7), - TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3), - TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d), - TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07), - TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a), - TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b), - TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f), - TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1), - TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce), - TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217), - TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d), - TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6), - TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6), - TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884), - TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682), - TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b), - TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2), - TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6), - TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4), - TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc), - TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680), - TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2), - TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142), - TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea), - TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6), - TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529), - TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925), - TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3), - TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10), - TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3), - TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6), - TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a), - TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b), - TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d), - TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05), - TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba), - TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65), - TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3), - TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3), - TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0), - TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118), - TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214), - TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b), - TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5), - TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f), - TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21), - TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb), - TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3), - TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab), - TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f), - TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1), - TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8), - TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3), - TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e), - TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0), - TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225), - TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41), - TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9), - TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad), - TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507), - TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb), - TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628), - TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b), - TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c), - TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039), - TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211), - TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005), - TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c), - TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36), - TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3), - TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371), - TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6), - TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795), - TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2), - TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a), - TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16), - TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584), - TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8), - TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b), - TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5), - TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c), - TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7), - TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee), - TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93), - TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699), - TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60), - TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e), - TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43), - TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a), - TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e), - TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1), - TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52), - TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd), - TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924), - TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4), - TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7), - TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0), - TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab), - TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08), - TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c), - TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3), - TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288), - TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f), - TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b), - TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646), - TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c), - TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda), - TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2), - TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df), - TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c), - TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df), - TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa), - TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348), - TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e), - TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59), - TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e), - TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c), - TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917), - TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357), - TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e), - TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5), - TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4), - TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f), - TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa), - TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357), - TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1), - TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805), - TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804), - TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d), - TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7), - TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a), - TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784), - TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310), - TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74), - TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51), - TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63), - TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559), - TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4), - TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a), - TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80), - TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca), - TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182), - TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860), - TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f), - TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70), - TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5), - TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd), - TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790), - TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4), - TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa), - TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685), - TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810), - TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5), - TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92), - TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21), - TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41), - TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe), - TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08), - TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1), - TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c), - TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47), - TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7), - TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a), - TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6), - TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e), - TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2), - TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b), - TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67), - TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca), - TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04), - TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a), - TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea), - TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b), - TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f), - TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815), - TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39), - TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749), - TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77), - TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61), - TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0), - TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54), - TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614), - TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28), - TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16), - TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb), - TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954), - TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998), - TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc), - TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934), - TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44), - TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a), - TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f), - TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e), - TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d), - TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f), - TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585), - TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239), - TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413), - TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e), - TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28), - TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4), - TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10), - TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33), - TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c), - TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8), - TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2), - TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815), - TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e), - TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c), - TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240), - TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3), - TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb), - TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5), - TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d), - TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f), - TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79), - TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1), - TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0), - TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3), - TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039), - TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab), - TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944), - TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb), - TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf), - TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6), - TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316), - TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789), - TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6), - TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51), - TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017), - TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722), - TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e),} - , - {TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3), - TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb), - TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c), - TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b), - TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0), - TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b), - TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080), - TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600), - TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc), - TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026), - TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89), - TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731), - TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79), - TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0), - TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6), - TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668), - TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383), - TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee), - TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f), - TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a), - TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0), - TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa), - TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf), - TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9), - TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc), - TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745), - TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea), - TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a), - TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650), - TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b), - TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989), - TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5), - TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18), - TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c), - TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638), - TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293), - TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857), - TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5), - TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74), - TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582), - TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1), - TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c), - TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef), - TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8), - TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb), - TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f), - TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583), - TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739), - TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344), - TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c), - TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82), - TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba), - TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325), - TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0), - TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791), - TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655), - TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305), - TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6), - TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7), - TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd), - TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab), - TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350), - TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974), - TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1), - TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27), - TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78), - TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996), - TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da), - TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb), - TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77), - TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230), - TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449), - TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f), - TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e), - TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40), - TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2), - TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683), - TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83), - TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2), - TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c), - TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd), - TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804), - TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118), - TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4), - TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051), - TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec), - TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b), - TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493), - TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0), - TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b), - TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4), - TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00), - TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b), - TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953), - TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6), - TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf), - TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80), - TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328), - TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215), - TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61), - TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a), - TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497), - TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0), - TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4), - TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce), - TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56), - TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e), - TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb), - TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf), - TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961), - TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063), - TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c), - TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9), - TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb), - TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1), - TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264), - TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe), - TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0), - TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182), - TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33), - TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46), - TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78), - TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055), - TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90), - TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2), - TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5), - TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b), - TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14), - TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f), - TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0), - TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565), - TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d), - TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea), - TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2), - TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670), - TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d), - TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c), - TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c), - TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33), - TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad), - TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589), - TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd), - TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414), - TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675), - TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048), - TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f), - TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef), - TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97), - TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8), - TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b), - TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a), - TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9), - TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165), - TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da), - TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c), - TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d), - TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd), - TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11), - TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d), - TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb), - TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a), - TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000), - TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9), - TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27), - TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4), - TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193), - TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17), - TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067), - TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da), - TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449), - TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b), - TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943), - TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54), - TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f), - TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53), - TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104), - TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2), - TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903), - TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e), - TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc), - TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037), - TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22), - TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8), - TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e), - TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e), - TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39), - TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498), - TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf), - TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7), - TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a), - TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b), - TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e), - TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff), - TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8), - TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be), - TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c), - TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680), - TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef), - TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8), - TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e), - TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b), - TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201), - TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900), - TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c), - TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0), - TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191), - TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5), - TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89), - TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3), - TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12), - TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf), - TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe), - TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40), - TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936), - TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379), - TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531), - TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44), - TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15), - TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7), - TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7), - TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40), - TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c), - TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e), - TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b), - TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772), - TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47), - TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2), - TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07), - TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63), - TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5), - TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db), - TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e), - TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423), - TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b), - TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459), - TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699), - TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6), - TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777), - TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d), - TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08), - TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a), - TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e), - TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46), - TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22), - TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148), - TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f), - TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab), - TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef), - TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3), - TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91), - TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243), - TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e), - TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b), - TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b), - TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0), - TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d),} - , - {TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828), - TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa), - TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17), - TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b), - TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2), - TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff), - TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6), - TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733), - TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35), - TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538), - TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b), - TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80), - TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665), - TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6), - TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c), - TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2), - TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3), - TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996), - TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7), - TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4), - TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde), - TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f), - TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f), - TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd), - TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd), - TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c), - TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6), - TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7), - TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71), - TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11), - TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1), - TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7), - TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29), - TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514), - TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5), - TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19), - TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613), - TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16), - TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5), - TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e), - TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1), - TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a), - TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b), - TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba), - TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee), - TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa), - TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1), - TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836), - TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878), - TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a), - TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f), - TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af), - TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22), - TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b), - TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c), - TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0), - TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634), - TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405), - TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65), - TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e), - TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b), - TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831), - TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029), - TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab), - TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77), - TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e), - TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5), - TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b), - TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a), - TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620), - TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4), - TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428), - TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48), - TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf), - TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584), - TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f), - TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298), - TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d), - TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85), - TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b), - TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26), - TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87), - TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811), - TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592), - TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043), - TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa), - TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82), - TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72), - TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2), - TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba), - TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1), - TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642), - TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce), - TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294), - TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c), - TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949), - TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03), - TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd), - TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd), - TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa), - TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8), - TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db), - TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff), - TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b), - TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75), - TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb), - TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999), - TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108), - TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8), - TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec), - TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229), - TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f), - TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a), - TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29), - TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053), - TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e), - TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df), - TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558), - TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b), - TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff), - TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a), - TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e), - TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43), - TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d), - TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0), - TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43), - TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904), - TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf), - TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4), - TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12), - TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460), - TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c), - TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c), - TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8), - TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4), - TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48), - TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11), - TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9), - TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c), - TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316), - TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c), - TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01), - TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101), - TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572), - TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5), - TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250), - TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c), - TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe), - TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95), - TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8), - TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb), - TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28), - TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96), - TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51), - TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233), - TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005), - TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217), - TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a), - TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f), - TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b), - TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb), - TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761), - TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db), - TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a), - TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06), - TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12), - TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4), - TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20), - TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e), - TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9), - TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad), - TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b), - TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f), - TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed), - TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c), - TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038), - TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536), - TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2), - TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea), - TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843), - TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210), - TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6), - TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff), - TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2), - TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5), - TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e), - TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6), - TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035), - TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04), - TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3), - TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd), - TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea), - TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843), - TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed), - TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e), - TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7), - TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b), - TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754), - TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385), - TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e), - TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed), - TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772), - TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e), - TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850), - TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3), - TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7), - TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354), - TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0), - TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad), - TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b), - TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5), - TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843), - TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4), - TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c), - TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18), - TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040), - TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4), - TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c), - TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963), - TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c), - TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0), - TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4), - TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84), - TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf), - TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17), - TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065), - TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178), - TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5), - TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485), - TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea), - TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea), - TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75), - TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed), - TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22), - TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff), - TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113), - TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b), - TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331), - TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08), - TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c), - TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8), - TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22), - TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295), - TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536), - TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae), - TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb), - TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc), - TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161), - TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98), - TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd), - TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a), - TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1), - TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246), - TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53), - TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707), - TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d),} - , - {TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320), - TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae), - TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de), - TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5), - TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e), - TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2), - TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7), - TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f), - TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2), - TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0), - TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e), - TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f), - TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e), - TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef), - TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2), - TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81), - TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75), - TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663), - TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e), - TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e), - TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c), - TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951), - TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d), - TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651), - TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625), - TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a), - TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b), - TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506), - TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a), - TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be), - TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4), - TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13), - TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e), - TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c), - TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931), - TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b), - TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b), - TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d), - TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3), - TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456), - TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e), - TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce), - TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12), - TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16), - TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb), - TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7), - TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f), - TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991), - TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12), - TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2), - TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f), - TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f), - TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523), - TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b), - TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b), - TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5), - TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673), - TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2), - TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c), - TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b), - TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a), - TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540), - TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995), - TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268), - TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e), - TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3), - TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75), - TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6), - TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3), - TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382), - TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d), - TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b), - TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7), - TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061), - TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1), - TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069), - TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247), - TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0), - TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24), - TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da), - TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894), - TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b), - TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9), - TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a), - TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb), - TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05), - TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf), - TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c), - TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc), - TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd), - TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e), - TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1), - TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4), - TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e), - TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64), - TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574), - TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a), - TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae), - TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35), - TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f), - TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c), - TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed), - TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345), - TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c), - TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb), - TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87), - TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a), - TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3), - TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc), - TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c), - TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2), - TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf), - TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946), - TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5), - TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9), - TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52), - TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3), - TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad), - TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96), - TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459), - TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a), - TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7), - TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d), - TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa), - TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142), - TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec), - TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10), - TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1), - TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815), - TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5), - TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464), - TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6), - TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0), - TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963), - TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232), - TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a), - TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af), - TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7), - TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae), - TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981), - TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e), - TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a), - TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9), - TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2), - TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681), - TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9), - TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8), - TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04), - TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472), - TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7), - TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71), - TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954), - TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972), - TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8), - TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4), - TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812), - TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04), - TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e), - TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d), - TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46), - TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52), - TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7), - TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b), - TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2), - TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09), - TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef), - TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6), - TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5), - TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5), - TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac), - TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de), - TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421), - TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b), - TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d), - TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708), - TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df), - TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e), - TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c), - TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e), - TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0), - TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd), - TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27), - TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d), - TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457), - TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d), - TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9), - TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51), - TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f), - TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff), - TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc), - TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1), - TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8), - TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27), - TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566), - TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7), - TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36), - TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8), - TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4), - TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd), - TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256), - TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1), - TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175), - TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c), - TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987), - TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94), - TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240), - TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22), - TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf), - TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5), - TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894), - TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743), - TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb), - TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33), - TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b), - TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59), - TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d), - TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459), - TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278), - TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782), - TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006), - TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2), - TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f), - TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83), - TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c), - TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d), - TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161), - TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513), - TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5), - TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959), - TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f), - TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75), - TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9), - TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c), - TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231), - TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36), - TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e), - TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c), - TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49), - TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef), - TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca), - TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa), - TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c), - TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081), - TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47), - TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9), - TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96), - TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4), - TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847), - TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8), - TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72), - TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf), - TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011), - TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05), - TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58), - TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8), - TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691),} - , - {TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da), - TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c), - TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa), - TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7), - TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e), - TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21), - TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025), - TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8), - TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607), - TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82), - TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0), - TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28), - TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562), - TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d), - TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0), - TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1), - TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c), - TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9), - TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085), - TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f), - TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6), - TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f), - TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9), - TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6), - TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1), - TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef), - TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13), - TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577), - TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae), - TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240), - TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39), - TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9), - TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291), - TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8), - TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d), - TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5), - TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e), - TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8), - TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f), - TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae), - TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05), - TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae), - TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced), - TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433), - TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8), - TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d), - TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1), - TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7), - TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6), - TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e), - TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994), - TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d), - TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5), - TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d), - TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b), - TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16), - TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc), - TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a), - TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5), - TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0), - TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7), - TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda), - TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2), - TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413), - TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12), - TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0), - TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65), - TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8), - TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e), - TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d), - TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da), - TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4), - TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f), - TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277), - TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec), - TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9), - TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385), - TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36), - TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a), - TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e), - TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef), - TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b), - TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f), - TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462), - TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd), - TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed), - TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f), - TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e), - TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b), - TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf), - TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2), - TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2), - TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456), - TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e), - TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a), - TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a), - TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57), - TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a), - TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42), - TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3), - TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32), - TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d), - TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909), - TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83), - TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead), - TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8), - TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd), - TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0), - TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d), - TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436), - TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179), - TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845), - TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97), - TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4), - TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d), - TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43), - TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b), - TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff), - TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb), - TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368), - TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26), - TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937), - TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8), - TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40), - TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf), - TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2), - TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a), - TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a), - TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3), - TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3), - TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002), - TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56), - TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7), - TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411), - TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b), - TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3), - TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848), - TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e), - TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72), - TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31), - TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e), - TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68), - TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf), - TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8), - TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b), - TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758), - TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533), - TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b), - TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515), - TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8), - TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885), - TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46), - TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98), - TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3), - TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72), - TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b), - TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477), - TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819), - TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b), - TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838), - TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4), - TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3), - TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718), - TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f), - TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e), - TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1), - TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c), - TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5), - TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1), - TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133), - TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3), - TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff), - TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e), - TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea), - TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec), - TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6), - TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c), - TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39), - TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39), - TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1), - TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921), - TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149), - TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e), - TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781), - TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0), - TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe), - TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30), - TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0), - TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98), - TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651), - TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521), - TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91), - TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2), - TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87), - TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41), - TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5), - TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469), - TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6), - TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8), - TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a), - TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee), - TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31), - TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e), - TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63), - TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8), - TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a), - TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7), - TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f), - TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29), - TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61), - TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e), - TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247), - TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210), - TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947), - TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c), - TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a), - TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793), - TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7), - TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c), - TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7), - TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5), - TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1), - TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da), - TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026), - TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9), - TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146), - TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22), - TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d), - TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771), - TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de), - TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049), - TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678), - TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f), - TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a), - TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c), - TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d), - TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28), - TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7), - TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7), - TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11), - TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd), - TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93), - TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb), - TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d), - TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3), - TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606), - TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89), - TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8), - TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9), - TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7), - TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276), - TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4), - TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454), - TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372), - TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e), - TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f),} - , - {TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7), - TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943), - TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362), - TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297), - TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7), - TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0), - TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c), - TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc), - TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf), - TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858), - TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304), - TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900), - TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96), - TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304), - TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b), - TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651), - TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267), - TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65), - TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1), - TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6), - TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab), - TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d), - TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece), - TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac), - TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192), - TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046), - TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352), - TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667), - TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e), - TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57), - TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b), - TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3), - TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704), - TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7), - TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be), - TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291), - TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c), - TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d), - TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c), - TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e), - TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682), - TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799), - TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9), - TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756), - TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e), - TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8), - TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86), - TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836), - TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be), - TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1), - TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d), - TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b), - TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052), - TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48), - TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d), - TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43), - TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961), - TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17), - TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1), - TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed), - TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840), - TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644), - TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e), - TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c), - TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf), - TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867), - TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41), - TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67), - TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77), - TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a), - TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276), - TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b), - TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00), - TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d), - TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842), - TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6), - TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5), - TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544), - TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63), - TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854), - TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601), - TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487), - TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7), - TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f), - TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a), - TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f), - TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74), - TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091), - TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9), - TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63), - TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e), - TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44), - TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de), - TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7), - TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c), - TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28), - TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1), - TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92), - TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46), - TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93), - TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2), - TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056), - TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1), - TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660), - TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45), - TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b), - TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a), - TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac), - TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8), - TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab), - TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51), - TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca), - TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed), - TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3), - TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5), - TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9), - TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94), - TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a), - TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec), - TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491), - TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5), - TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd), - TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9), - TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e), - TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0), - TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f), - TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91), - TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb), - TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28), - TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0), - TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56), - TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49), - TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729), - TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3), - TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc), - TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8), - TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef), - TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2), - TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc), - TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc), - TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d), - TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee), - TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032), - TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812), - TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491), - TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1), - TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc), - TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c), - TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007), - TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d), - TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10), - TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940), - TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b), - TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1), - TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5), - TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d), - TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe), - TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318), - TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca), - TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a), - TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569), - TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e), - TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b), - TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d), - TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78), - TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a), - TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b), - TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4), - TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926), - TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5), - TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772), - TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab), - TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7), - TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b), - TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599), - TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6), - TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9), - TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67), - TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907), - TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad), - TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51), - TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0), - TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff), - TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b), - TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1), - TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a), - TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901), - TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e), - TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c), - TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3), - TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511), - TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d), - TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2), - TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511), - TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c), - TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e), - TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb), - TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249), - TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4), - TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53), - TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583), - TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5), - TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760), - TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1), - TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d), - TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b), - TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5), - TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188), - TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79), - TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef), - TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b), - TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7), - TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e), - TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf), - TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4), - TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341), - TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff), - TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00), - TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8), - TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571), - TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697), - TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd), - TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096), - TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7), - TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13), - TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522), - TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021), - TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff), - TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc), - TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f), - TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee), - TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605), - TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28), - TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0), - TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be), - TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246), - TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93), - TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c), - TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214), - TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04), - TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326), - TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499), - TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f), - TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434), - TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c), - TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532), - TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269), - TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f), - TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554), - TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f), - TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799), - TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12), - TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152), - TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458), - TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc), - TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89),} - , - {TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e), - TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de), - TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56), - TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154), - TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078), - TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc), - TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0), - TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9), - TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259), - TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407), - TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f), - TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9), - TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240), - TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca), - TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228), - TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59), - TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88), - TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f), - TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26), - TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf), - TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382), - TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43), - TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4), - TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0), - TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633), - TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea), - TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a), - TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab), - TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27), - TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50), - TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e), - TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf), - TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c), - TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25), - TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5), - TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b), - TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe), - TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee), - TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7), - TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276), - TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a), - TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851), - TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba), - TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66), - TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c), - TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b), - TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61), - TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e), - TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4), - TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb), - TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75), - TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe), - TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80), - TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a), - TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4), - TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a), - TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee), - TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf), - TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1), - TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1), - TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a), - TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331), - TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625), - TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61), - TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4), - TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a), - TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360), - TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b), - TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f), - TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219), - TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5), - TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181), - TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8), - TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c), - TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c), - TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b), - TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7), - TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2), - TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e), - TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8), - TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782), - TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d), - TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4), - TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4), - TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402), - TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372), - TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa), - TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73), - TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167), - TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79), - TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04), - TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a), - TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd), - TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81), - TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1), - TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87), - TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb), - TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6), - TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33), - TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9), - TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55), - TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8), - TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a), - TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39), - TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e), - TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6), - TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d), - TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb), - TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8), - TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1), - TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888), - TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c), - TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41), - TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8), - TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d), - TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab), - TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3), - TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e), - TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4), - TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764), - TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce), - TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f), - TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38), - TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936), - TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93), - TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0), - TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58), - TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a), - TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe), - TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae), - TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28), - TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11), - TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7), - TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73), - TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823), - TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346), - TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256), - TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40), - TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7), - TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec), - TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5), - TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530), - TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac), - TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f), - TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63), - TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15), - TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20), - TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30), - TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba), - TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa), - TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8), - TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6), - TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa), - TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3), - TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa), - TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c), - TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e), - TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872), - TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618), - TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514), - TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79), - TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3), - TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8), - TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0), - TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc), - TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036), - TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7), - TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec), - TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911), - TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1), - TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27), - TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe), - TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d), - TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42), - TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05), - TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33), - TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0), - TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111), - TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007), - TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de), - TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6), - TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5), - TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7), - TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160), - TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32), - TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f), - TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112), - TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6), - TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54), - TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5), - TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe), - TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400), - TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed), - TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69), - TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1), - TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29), - TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771), - TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678), - TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5), - TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c), - TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b), - TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea), - TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99), - TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55), - TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15), - TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95), - TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa), - TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da), - TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce), - TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254), - TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855), - TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc), - TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762), - TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236), - TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979), - TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64), - TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309), - TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8), - TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672), - TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff), - TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4), - TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e), - TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4), - TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa), - TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328), - TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c), - TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014), - TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf), - TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f), - TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad), - TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08), - TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199), - TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b), - TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd), - TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14), - TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158), - TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1), - TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd), - TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a), - TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2), - TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150), - TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719), - TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb), - TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3), - TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b), - TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe), - TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7), - TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec), - TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646), - TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a), - TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66), - TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de), - TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24), - TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04), - TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81), - TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca),} - , - {TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728), - TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d), - TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf), - TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2), - TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413), - TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7), - TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5), - TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089), - TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b), - TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07), - TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682), - TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6), - TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33), - TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd), - TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac), - TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c), - TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0), - TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241), - TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363), - TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3), - TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168), - TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02), - TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac), - TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d), - TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc), - TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649), - TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7), - TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef), - TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae), - TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c), - TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52), - TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558), - TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c), - TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c), - TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec), - TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4), - TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259), - TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1), - TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c), - TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c), - TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4), - TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3), - TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2), - TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a), - TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184), - TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00), - TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4), - TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828), - TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d), - TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478), - TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0), - TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8), - TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541), - TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be), - TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a), - TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216), - TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86), - TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128), - TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf), - TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2), - TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a), - TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84), - TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e), - TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0), - TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6), - TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16), - TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2), - TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849), - TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14), - TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644), - TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2), - TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5), - TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550), - TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1), - TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d), - TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8), - TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13), - TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d), - TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d), - TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af), - TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88), - TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d), - TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2), - TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984), - TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca), - TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40), - TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b), - TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239), - TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8), - TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe), - TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279), - TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae), - TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8), - TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab), - TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f), - TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e), - TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc), - TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e), - TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622), - TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2), - TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161), - TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6), - TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0), - TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34), - TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb), - TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b), - TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d), - TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567), - TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6), - TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff), - TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122), - TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942), - TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69), - TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa), - TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e), - TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326), - TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70), - TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1), - TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed), - TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331), - TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a), - TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7), - TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2), - TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993), - TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5), - TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d), - TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f), - TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887), - TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5), - TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56), - TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73), - TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a), - TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036), - TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162), - TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5), - TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5), - TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b), - TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1), - TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389), - TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde), - TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac), - TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768), - TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc), - TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279), - TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca), - TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba), - TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a), - TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb), - TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500), - TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476), - TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa), - TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c), - TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28), - TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34), - TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a), - TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e), - TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae), - TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f), - TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e), - TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf), - TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0), - TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854), - TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab), - TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f), - TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03), - TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720), - TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495), - TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef), - TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef), - TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349), - TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825), - TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a), - TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3), - TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5), - TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7), - TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c), - TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792), - TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2), - TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d), - TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9), - TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad), - TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854), - TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4), - TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70), - TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997), - TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52), - TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2), - TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2), - TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232), - TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca), - TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8), - TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72), - TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905), - TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42), - TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642), - TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b), - TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c), - TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed), - TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e), - TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd), - TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693), - TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f), - TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3), - TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130), - TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895), - TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b), - TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9), - TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5), - TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45), - TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df), - TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25), - TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1), - TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5), - TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf), - TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54), - TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384), - TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75), - TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb), - TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9), - TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844), - TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66), - TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6), - TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f), - TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a), - TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511), - TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee), - TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9), - TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff), - TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3), - TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12), - TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16), - TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36), - TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f), - TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429), - TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c), - TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2), - TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f), - TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843), - TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622), - TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37), - TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f), - TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f), - TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a), - TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7), - TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335), - TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9), - TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0), - TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49), - TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244), - TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd), - TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6), - TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978), - TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7), - TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4), - TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac), - TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63),} - , - {TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046), - TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d), - TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa), - TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746), - TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e), - TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19), - TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2), - TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d), - TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427), - TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77), - TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9), - TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0), - TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8), - TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0), - TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05), - TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1), - TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62), - TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99), - TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61), - TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1), - TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5), - TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685), - TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771), - TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81), - TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898), - TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11), - TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4), - TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b), - TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e), - TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26), - TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f), - TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab), - TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603), - TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77), - TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2), - TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980), - TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee), - TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326), - TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6), - TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5), - TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e), - TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9), - TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591), - TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d), - TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb), - TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac), - TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e), - TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b), - TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc), - TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3), - TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c), - TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8), - TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174), - TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081), - TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2), - TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53), - TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be), - TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf), - TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6), - TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464), - TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63), - TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d), - TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c), - TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f), - TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a), - TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222), - TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea), - TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac), - TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886), - TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8), - TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e), - TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a), - TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5), - TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800), - TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494), - TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203), - TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375), - TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d), - TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b), - TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3), - TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb), - TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b), - TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac), - TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739), - TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f), - TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee), - TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7), - TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a), - TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814), - TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5), - TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe), - TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885), - TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6), - TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8), - TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70), - TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef), - TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96), - TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d), - TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e), - TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61), - TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976), - TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe), - TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d), - TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5), - TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a), - TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447), - TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2), - TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c), - TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746), - TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4), - TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985), - TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e), - TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9), - TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef), - TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6), - TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4), - TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda), - TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960), - TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7), - TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327), - TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1), - TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc), - TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e), - TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07), - TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e), - TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0), - TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8), - TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b), - TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e), - TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33), - TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa), - TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b), - TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690), - TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7), - TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc), - TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9), - TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059), - TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b), - TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1), - TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b), - TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56), - TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed), - TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af), - TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a), - TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a), - TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd), - TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e), - TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4), - TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248), - TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382), - TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9), - TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f), - TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d), - TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9), - TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506), - TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce), - TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91), - TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8), - TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4), - TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b), - TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be), - TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41), - TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a), - TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35), - TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478), - TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8), - TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0), - TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832), - TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b), - TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047), - TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423), - TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac), - TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb), - TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734), - TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493), - TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf), - TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7), - TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f), - TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc), - TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47), - TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea), - TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62), - TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993), - TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8), - TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab), - TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2), - TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d), - TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f), - TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c), - TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067), - TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097), - TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e), - TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0), - TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162), - TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042), - TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5), - TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c), - TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0), - TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2), - TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711), - TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d), - TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a), - TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d), - TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548), - TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba), - TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827), - TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a), - TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1), - TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4), - TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195), - TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65), - TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07), - TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b), - TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1), - TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4), - TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea), - TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7), - TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22), - TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60), - TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c), - TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21), - TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676), - TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b), - TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee), - TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1), - TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98), - TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb), - TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06), - TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9), - TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f), - TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1), - TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6), - TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3), - TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635), - TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120), - TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3), - TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520), - TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf), - TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a), - TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848), - TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6), - TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc), - TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc), - TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6), - TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae), - TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d), - TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317), - TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a), - TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee), - TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7), - TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b), - TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8), - TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e), - TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792), - TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5), - TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4),} - , - {TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603), - TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129), - TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c), - TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca), - TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e), - TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8), - TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8), - TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038), - TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a), - TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109), - TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43), - TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3), - TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc), - TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4), - TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3), - TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97), - TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9), - TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb), - TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b), - TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e), - TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07), - TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270), - TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b), - TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f), - TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb), - TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997), - TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a), - TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5), - TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb), - TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a), - TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586), - TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018), - TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b), - TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739), - TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962), - TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b), - TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257), - TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8), - TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f), - TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa), - TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467), - TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665), - TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a), - TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f), - TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a), - TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8), - TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3), - TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00), - TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b), - TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52), - TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f), - TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975), - TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc), - TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323), - TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9), - TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35), - TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1), - TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d), - TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb), - TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c), - TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266), - TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf), - TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf), - TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd), - TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1), - TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110), - TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3), - TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28), - TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531), - TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8), - TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a), - TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83), - TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a), - TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d), - TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783), - TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4), - TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203), - TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc), - TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a), - TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7), - TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287), - TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c), - TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70), - TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c), - TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8), - TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4), - TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f), - TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9), - TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366), - TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b), - TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01), - TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd), - TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da), - TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e), - TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465), - TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5), - TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1), - TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c), - TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217), - TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955), - TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124), - TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775), - TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a), - TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29), - TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800), - TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194), - TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6), - TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c), - TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26), - TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724), - TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026), - TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114), - TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0), - TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262), - TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b), - TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd), - TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26), - TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f), - TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909), - TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc), - TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078), - TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b), - TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406), - TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f), - TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8), - TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b), - TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22), - TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af), - TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859), - TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a), - TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819), - TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d), - TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313), - TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408), - TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed), - TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69), - TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f), - TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00), - TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7), - TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f), - TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534), - TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78), - TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125), - TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7), - TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08), - TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd), - TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b), - TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f), - TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235), - TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28), - TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2), - TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed), - TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45), - TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744), - TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a), - TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c), - TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd), - TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312), - TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830), - TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5), - TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345), - TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462), - TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe), - TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79), - TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f), - TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a), - TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c), - TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d), - TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889), - TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f), - TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182), - TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736), - TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65), - TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747), - TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68), - TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb), - TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497), - TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d), - TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416), - TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272), - TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db), - TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57), - TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104), - TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc), - TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6), - TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0), - TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e), - TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2), - TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e), - TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e), - TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04), - TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614), - TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09), - TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b), - TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f), - TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd), - TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e), - TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd), - TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6), - TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0), - TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623), - TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01), - TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92), - TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804), - TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a), - TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d), - TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe), - TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a), - TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4), - TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e), - TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4), - TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489), - TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5), - TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62), - TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643), - TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e), - TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a), - TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3), - TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398), - TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7), - TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74), - TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799), - TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d), - TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280), - TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28), - TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c), - TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b), - TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c), - TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0), - TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae), - TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10), - TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e), - TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae), - TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e), - TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15), - TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8), - TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c), - TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2), - TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b), - TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1), - TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb), - TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670), - TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef), - TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb), - TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49), - TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a), - TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e), - TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa), - TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335), - TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632), - TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660), - TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c), - TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99), - TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4), - TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e), - TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)} -}; +static const BN_ULONG ecp_nistz256_precomputed[37][64 * sizeof(P256_POINT_AFFINE) / sizeof(BN_ULONG)] + = { + { TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), + TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6), + TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), + TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85), + TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d), + TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b), + TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8), + TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b), + TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb), + TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e), + TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a), + TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07), + TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173), + TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b), + TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447), + TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863), + TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d), + TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8), + TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b), + TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916), + TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e), + TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673), + TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5), + TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f), + TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7), + TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03), + TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd), + TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867), + TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455), + TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d), + TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15), + TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76), + TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841), + TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b), + TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3), + TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b), + TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139), + TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f), + TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08), + TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5), + TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0), + TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073), + TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8), + TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e), + TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33), + TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156), + TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637), + TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca), + TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d), + TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759), + TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3), + TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797), + TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3), + TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e), + TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2), + TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb), + TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b), + TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09), + TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25), + TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4), + TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b), + TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723), + TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587), + TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220), + TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b), + TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e), + TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e), + TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0), + TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e), + TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda), + TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c), + TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d), + TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e), + TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc), + TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5), + TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b), + TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc), + TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e), + TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae), + TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0), + TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d), + TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc), + TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61), + TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3), + TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a), + TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4), + TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4), + TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074), + TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e), + TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42), + TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a), + TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f), + TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35), + TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115), + TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356), + TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a), + TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0), + TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e), + TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950), + TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968), + TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538), + TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10), + TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508), + TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7), + TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313), + TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a), + TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58), + TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31), + TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892), + TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97), + TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68), + TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278), + TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880), + TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48), + TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3), + TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b), + TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1), + TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c), + TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a), + TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72), + TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6), + TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4), + TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028), + TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745), + TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf), + TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4), + TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908), + TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4), + TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103), + TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c), + TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef), + TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4), + TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d), + TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64), + TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92), + TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8), + TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7), + TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521), + TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5), + TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8), + TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f), + TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3), + TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13), + TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526), + TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55), + TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb), + TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850), + TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8), + TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce), + TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c), + TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409), + TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d), + TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346), + TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac), + TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876), + TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408), + TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c), + TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227), + TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34), + TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f), + TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822), + TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f), + TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47), + TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b), + TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7), + TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43), + TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae), + TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d), + TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa), + TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994), + TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8), + TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0), + TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb), + TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291), + TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f), + TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a), + TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18), + TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278), + TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5), + TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5), + TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba), + TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc), + TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b), + TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865), + TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906), + TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd), + TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13), + TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27), + TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0), + TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad), + TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7), + TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2), + TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909), + TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b), + TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a), + TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36), + TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278), + TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7), + TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96), + TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13), + TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f), + TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443), + TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65), + TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d), + TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0), + TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542), + TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562), + TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d), + TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679), + TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0), + TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2), + TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283), + TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f), + TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851), + TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa), + TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb), + TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6), + TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd), + TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4), + TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4), + TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a), + TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63), + TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b), + TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08), + TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29), + TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc), + TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a), + TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626), + TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf), + TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd), + TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad), + TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741), + TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1), + TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7), + TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea), + TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b), + TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7), + TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915), + TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c), + TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832), + TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84), + TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa), + TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d), + TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3), + TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7), + TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413), + TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e), + TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009), + TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed), + TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d), + TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197), + TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70), + TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9), + TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7), + TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82), + TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970) }, + { TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54), + TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617), + TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff), + TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188), + TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d), + TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c), + TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5), + TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53), + TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5), + TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6), + TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3), + TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656), + TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5), + TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290), + TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d), + TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108), + TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be), + TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502), + TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220), + TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a), + TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3), + TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4), + TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd), + TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2), + TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95), + TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0), + TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda), + TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232), + TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf), + TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863), + TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd), + TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f), + TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298), + TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c), + TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78), + TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2), + TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8), + TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014), + TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30), + TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb), + TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638), + TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec), + TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314), + TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868), + TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146), + TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e), + TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f), + TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435), + TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2), + TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808), + TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3), + TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd), + TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90), + TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60), + TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347), + TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2), + TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957), + TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec), + TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3), + TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e), + TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509), + TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45), + TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d), + TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f), + TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f), + TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85), + TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54), + TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f), + TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0), + TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6), + TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787), + TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8), + TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d), + TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176), + TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc), + TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1), + TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701), + TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442), + TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30), + TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959), + TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f), + TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f), + TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be), + TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac), + TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295), + TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c), + TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241), + TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97), + TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a), + TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f), + TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0), + TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f), + TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678), + TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48), + TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948), + TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184), + TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6), + TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f), + TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52), + TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369), + TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd), + TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887), + TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682), + TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6), + TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901), + TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef), + TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549), + TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9), + TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f), + TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c), + TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278), + TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f), + TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd), + TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04), + TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad), + TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084), + TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5), + TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723), + TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd), + TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9), + TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2), + TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c), + TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24), + TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2), + TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf), + TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da), + TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad), + TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9), + TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254), + TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39), + TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6), + TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09), + TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3), + TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc), + TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1), + TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6), + TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b), + TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec), + TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14), + TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1), + TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1), + TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09), + TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e), + TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331), + TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830), + TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da), + TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0), + TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7), + TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be), + TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb), + TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1), + TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a), + TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d), + TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b), + TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d), + TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8), + TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a), + TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272), + TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82), + TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525), + TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3), + TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a), + TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159), + TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32), + TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb), + TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4), + TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01), + TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f), + TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a), + TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120), + TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b), + TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1), + TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17), + TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c), + TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3), + TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7), + TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043), + TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2), + TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4), + TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084), + TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546), + TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd), + TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7), + TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715), + TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93), + TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e), + TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26), + TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa), + TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681), + TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663), + TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce), + TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607), + TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c), + TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72), + TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992), + TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8), + TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485), + TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7), + TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50), + TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253), + TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04), + TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1), + TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13), + TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce), + TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13), + TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe), + TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747), + TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a), + TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da), + TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b), + TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0), + TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26), + TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4), + TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621), + TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3), + TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0), + TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de), + TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228), + TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa), + TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d), + TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381), + TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb), + TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9), + TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407), + TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748), + TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb), + TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661), + TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f), + TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c), + TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45), + TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19), + TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45), + TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc), + TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131), + TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980), + TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663), + TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42), + TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589), + TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212), + TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76), + TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e), + TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5), + TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee), + TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd), + TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d), + TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e), + TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773), + TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3), + TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c), + TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0), + TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545), + TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4), + TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182), + TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085), + TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b), + TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e) }, + { TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8), + TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551), + TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164), + TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38), + TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0), + TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825), + TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b), + TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a), + TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35), + TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699), + TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562), + TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6), + TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e), + TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219), + TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf), + TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415), + TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012), + TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d), + TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334), + TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f), + TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18), + TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7), + TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0), + TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151), + TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af), + TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3), + TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5), + TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514), + TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142), + TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922), + TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1), + TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b), + TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d), + TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8), + TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69), + TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1), + TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5), + TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41), + TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9), + TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63), + TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b), + TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f), + TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b), + TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440), + TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72), + TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5), + TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900), + TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a), + TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c), + TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf), + TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981), + TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe), + TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031), + TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d), + TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4), + TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88), + TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8), + TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6), + TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03), + TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51), + TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f), + TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f), + TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e), + TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53), + TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c), + TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e), + TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef), + TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d), + TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de), + TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36), + TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8), + TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82), + TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e), + TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee), + TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26), + TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e), + TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337), + TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590), + TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249), + TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b), + TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6), + TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823), + TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71), + TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91), + TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273), + TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067), + TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e), + TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530), + TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606), + TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303), + TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd), + TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a), + TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7), + TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb), + TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976), + TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609), + TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90), + TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3), + TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2), + TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec), + TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43), + TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af), + TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538), + TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6), + TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79), + TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4), + TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225), + TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153), + TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99), + TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8), + TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f), + TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10), + TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864), + TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822), + TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92), + TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87), + TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1), + TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f), + TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3), + TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba), + TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917), + TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8), + TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf), + TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234), + TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1), + TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e), + TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb), + TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f), + TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43), + TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94), + TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3), + TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a), + TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d), + TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf), + TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129), + TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7), + TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4), + TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13), + TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137), + TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85), + TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390), + TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9), + TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06), + TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331), + TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50), + TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f), + TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5), + TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77), + TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2), + TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17), + TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2), + TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76), + TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc), + TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722), + TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b), + TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba), + TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b), + TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c), + TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8), + TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855), + TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73), + TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793), + TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd), + TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07), + TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749), + TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b), + TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55), + TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b), + TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e), + TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f), + TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2), + TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80), + TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114), + TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760), + TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f), + TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d), + TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c), + TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a), + TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5), + TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14), + TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649), + TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd), + TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5), + TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523), + TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92), + TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa), + TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934), + TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50), + TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05), + TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f), + TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32), + TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef), + TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e), + TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6), + TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1), + TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207), + TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c), + TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043), + TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0), + TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391), + TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da), + TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545), + TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92), + TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5), + TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7), + TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1), + TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b), + TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71), + TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18), + TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a), + TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c), + TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a), + TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0), + TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95), + TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee), + TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55), + TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc), + TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21), + TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f), + TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44), + TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea), + TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06), + TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48), + TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d), + TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4), + TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52), + TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840), + TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf), + TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32), + TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd), + TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b), + TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6), + TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958), + TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658), + TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1), + TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab), + TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7), + TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656), + TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945), + TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de), + TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd), + TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984), + TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09), + TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c), + TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e), + TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156), + TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f), + TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd), + TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca), + TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36), + TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af), + TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0), + TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035), + TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3), + TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc), + TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb) }, + { TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6), + TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829), + TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8), + TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca), + TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e), + TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db), + TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3), + TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c), + TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b), + TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a), + TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042), + TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f), + TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f), + TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e), + TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509), + TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837), + TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758), + TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68), + TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5), + TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453), + TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6), + TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4), + TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881), + TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6), + TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f), + TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89), + TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34), + TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50), + TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea), + TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed), + TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6), + TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082), + TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e), + TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10), + TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9), + TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a), + TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783), + TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8), + TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60), + TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a), + TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e), + TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346), + TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9), + TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b), + TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3), + TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7), + TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef), + TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3), + TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc), + TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9), + TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e), + TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52), + TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544), + TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f), + TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d), + TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e), + TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755), + TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d), + TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5), + TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f), + TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3), + TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142), + TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942), + TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4), + TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7), + TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0), + TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e), + TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864), + TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024), + TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d), + TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279), + TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab), + TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19), + TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc), + TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d), + TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940), + TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea), + TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d), + TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b), + TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821), + TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b), + TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d), + TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2), + TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d), + TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18), + TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8), + TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246), + TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7), + TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1), + TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006), + TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d), + TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20), + TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318), + TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a), + TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb), + TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b), + TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f), + TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9), + TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88), + TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3), + TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221), + TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb), + TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84), + TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f), + TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267), + TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397), + TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f), + TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec), + TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373), + TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7), + TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead), + TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b), + TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032), + TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db), + TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460), + TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3), + TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e), + TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124), + TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069), + TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431), + TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431), + TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b), + TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57), + TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460), + TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869), + TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc), + TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49), + TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251), + TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205), + TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149), + TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33), + TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e), + TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40), + TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292), + TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4), + TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6), + TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79), + TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d), + TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd), + TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968), + TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c), + TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280), + TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe), + TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac), + TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305), + TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8), + TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010), + TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae), + TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13), + TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed), + TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65), + TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee), + TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd), + TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257), + TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65), + TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d), + TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750), + TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7), + TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251), + TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28), + TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea), + TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e), + TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af), + TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b), + TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa), + TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582), + TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468), + TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0), + TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2), + TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed), + TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0), + TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7), + TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426), + TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241), + TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace), + TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885), + TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2), + TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8), + TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd), + TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab), + TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533), + TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd), + TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1), + TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95), + TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff), + TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71), + TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e), + TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba), + TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734), + TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9), + TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703), + TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953), + TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d), + TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5), + TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1), + TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c), + TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da), + TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311), + TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f), + TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0), + TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877), + TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352), + TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba), + TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8), + TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27), + TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd), + TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f), + TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16), + TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0), + TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e), + TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136), + TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f), + TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7), + TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4), + TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca), + TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42), + TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6), + TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1), + TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed), + TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301), + TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b), + TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02), + TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720), + TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef), + TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e), + TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7), + TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795), + TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900), + TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd), + TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54), + TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa), + TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32), + TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db), + TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c), + TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff), + TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544), + TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892), + TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc), + TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c), + TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e), + TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948), + TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37), + TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65), + TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141), + TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a), + TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f), + TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8), + TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9), + TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d), + TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe), + TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1), + TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805), + TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952), + TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37), + TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b), + TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b) }, + { TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206), + TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec), + TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3), + TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c), + TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5), + TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529), + TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80), + TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be), + TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c), + TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436), + TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4), + TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a), + TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc), + TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc), + TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56), + TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba), + TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74), + TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439), + TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a), + TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158), + TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e), + TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4), + TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a), + TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321), + TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493), + TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c), + TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9), + TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b), + TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb), + TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f), + TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca), + TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3), + TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27), + TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6), + TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5), + TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d), + TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7), + TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4), + TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0), + TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080), + TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b), + TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc), + TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186), + TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610), + TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3), + TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297), + TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7), + TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76), + TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef), + TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521), + TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da), + TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370), + TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146), + TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5), + TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980), + TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de), + TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8), + TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519), + TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f), + TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f), + TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0), + TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9), + TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917), + TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3), + TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358), + TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a), + TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61), + TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207), + TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c), + TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60), + TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca), + TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493), + TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0), + TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d), + TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24), + TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01), + TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665), + TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839), + TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b), + TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0), + TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09), + TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c), + TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6), + TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4), + TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484), + TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31), + TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9), + TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9), + TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7), + TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4), + TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324), + TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d), + TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e), + TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43), + TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5), + TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60), + TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba), + TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376), + TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a), + TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d), + TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551), + TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba), + TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628), + TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108), + TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9), + TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510), + TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742), + TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207), + TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4), + TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9), + TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32), + TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4), + TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753), + TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f), + TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f), + TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d), + TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20), + TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975), + TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b), + TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b), + TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7), + TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a), + TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade), + TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b), + TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620), + TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6), + TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44), + TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c), + TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585), + TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d), + TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930), + TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a), + TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493), + TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502), + TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed), + TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58), + TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b), + TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788), + TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669), + TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865), + TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3), + TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d), + TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63), + TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e), + TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42), + TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5), + TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07), + TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129), + TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93), + TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f), + TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f), + TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1), + TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b), + TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91), + TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca), + TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824), + TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522), + TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61), + TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b), + TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2), + TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c), + TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e), + TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02), + TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631), + TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d), + TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432), + TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea), + TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb), + TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522), + TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec), + TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e), + TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7), + TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076), + TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5), + TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef), + TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad), + TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf), + TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3), + TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527), + TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0), + TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde), + TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4), + TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d), + TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650), + TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a), + TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265), + TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176), + TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e), + TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1), + TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7), + TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132), + TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025), + TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76), + TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e), + TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2), + TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b), + TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea), + TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b), + TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81), + TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375), + TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65), + TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a), + TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d), + TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5), + TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20), + TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f), + TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03), + TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82), + TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f), + TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122), + TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a), + TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88), + TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e), + TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431), + TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7), + TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c), + TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb), + TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71), + TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d), + TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68), + TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85), + TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f), + TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928), + TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514), + TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd), + TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1), + TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07), + TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c), + TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573), + TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f), + TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403), + TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728), + TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43), + TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b), + TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c), + TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2), + TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8), + TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904), + TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065), + TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6), + TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0), + TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588), + TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73), + TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493), + TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3), + TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9), + TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58), + TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314), + TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a), + TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288), + TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26), + TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3), + TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5), + TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967), + TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6), + TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428) }, + { TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366), + TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5), + TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576), + TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7), + TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957), + TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4), + TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682), + TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae), + TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf), + TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9), + TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4), + TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402), + TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06), + TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381), + TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b), + TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa), + TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784), + TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228), + TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118), + TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e), + TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550), + TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048), + TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7), + TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d), + TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5), + TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f), + TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68), + TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3), + TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67), + TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0), + TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19), + TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077), + TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494), + TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4), + TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7), + TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67), + TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6), + TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8), + TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27), + TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0), + TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096), + TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d), + TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21), + TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb), + TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2), + TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc), + TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c), + TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84), + TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a), + TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b), + TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0), + TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69), + TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937), + TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3), + TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422), + TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6), + TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06), + TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce), + TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598), + TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05), + TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d), + TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08), + TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158), + TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4), + TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221), + TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85), + TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5), + TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284), + TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2), + TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73), + TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90), + TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3), + TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e), + TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a), + TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80), + TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e), + TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4), + TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064), + TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab), + TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02), + TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7), + TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc), + TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1), + TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c), + TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb), + TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8), + TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe), + TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b), + TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736), + TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0), + TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83), + TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393), + TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b), + TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae), + TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5), + TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30), + TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3), + TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a), + TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066), + TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e), + TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3), + TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf), + TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6), + TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289), + TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684), + TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5), + TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e), + TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c), + TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0), + TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f), + TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2), + TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7), + TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a), + TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45), + TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9), + TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5), + TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531), + TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af), + TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f), + TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e), + TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db), + TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7), + TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073), + TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa), + TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87), + TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f), + TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace), + TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58), + TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9), + TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41), + TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f), + TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59), + TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0), + TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961), + TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c), + TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225), + TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef), + TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734), + TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6), + TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6), + TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06), + TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08), + TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de), + TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff), + TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe), + TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e), + TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee), + TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056), + TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0), + TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709), + TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0), + TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a), + TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a), + TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d), + TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6), + TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a), + TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32), + TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d), + TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a), + TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870), + TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653), + TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea), + TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc), + TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf), + TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4), + TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390), + TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc), + TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88), + TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041), + TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe), + TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0), + TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020), + TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079), + TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662), + TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53), + TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d), + TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b), + TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c), + TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c), + TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251), + TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7), + TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238), + TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce), + TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e), + TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c), + TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592), + TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8), + TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08), + TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7), + TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7), + TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc), + TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13), + TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c), + TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63), + TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea), + TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26), + TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1), + TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa), + TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483), + TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c), + TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea), + TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103), + TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4), + TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d), + TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61), + TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80), + TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e), + TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88), + TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3), + TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10), + TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69), + TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413), + TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475), + TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4), + TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d), + TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e), + TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac), + TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553), + TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290), + TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732), + TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f), + TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46), + TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486), + TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a), + TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392), + TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b), + TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa), + TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6), + TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475), + TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644), + TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3), + TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17), + TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44), + TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688), + TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b), + TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c), + TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958), + TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea), + TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb), + TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb), + TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a), + TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50), + TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588), + TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4), + TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420), + TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6), + TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2), + TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd), + TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4), + TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82), + TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8), + TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a), + TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20), + TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8), + TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27), + TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16) }, + { TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350), + TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e), + TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b), + TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78), + TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c), + TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893), + TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3), + TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07), + TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325), + TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3), + TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64), + TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614), + TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63), + TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b), + TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71), + TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f), + TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2), + TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad), + TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498), + TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3), + TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6), + TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24), + TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb), + TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4), + TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b), + TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17), + TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621), + TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c), + TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef), + TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39), + TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665), + TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69), + TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9), + TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0), + TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0), + TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8), + TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1), + TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe), + TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c), + TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615), + TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef), + TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba), + TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030), + TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725), + TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362), + TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990), + TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd), + TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca), + TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581), + TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5), + TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51), + TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76), + TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97), + TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd), + TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b), + TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715), + TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51), + TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b), + TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3), + TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924), + TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49), + TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4), + TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb), + TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d), + TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369), + TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae), + TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1), + TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed), + TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3), + TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac), + TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933), + TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369), + TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13), + TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6), + TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956), + TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a), + TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c), + TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55), + TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e), + TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5), + TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a), + TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72), + TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0), + TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704), + TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0), + TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e), + TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092), + TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2), + TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164), + TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0), + TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f), + TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b), + TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b), + TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512), + TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b), + TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd), + TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e), + TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32), + TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963), + TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a), + TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48), + TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a), + TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a), + TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2), + TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925), + TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd), + TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c), + TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae), + TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b), + TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a), + TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb), + TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504), + TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34), + TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f), + TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1), + TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51), + TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9), + TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867), + TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac), + TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85), + TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee), + TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6), + TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c), + TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b), + TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241), + TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df), + TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0), + TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b), + TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034), + TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6), + TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e), + TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0), + TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb), + TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111), + TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7), + TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f), + TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e), + TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02), + TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b), + TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d), + TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d), + TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5), + TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2), + TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc), + TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c), + TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384), + TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752), + TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0), + TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc), + TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc), + TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062), + TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7), + TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8), + TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d), + TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8), + TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19), + TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf), + TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536), + TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837), + TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740), + TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7), + TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7), + TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a), + TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab), + TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8), + TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b), + TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef), + TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75), + TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72), + TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0), + TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79), + TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151), + TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21), + TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a), + TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc), + TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b), + TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f), + TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552), + TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb), + TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8), + TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95), + TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be), + TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387), + TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a), + TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de), + TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3), + TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e), + TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7), + TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57), + TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706), + TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d), + TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5), + TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7), + TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6), + TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d), + TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7), + TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f), + TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db), + TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291), + TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8), + TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080), + TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02), + TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12), + TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc), + TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397), + TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4), + TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba), + TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a), + TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd), + TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180), + TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678), + TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf), + TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f), + TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b), + TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a), + TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9), + TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c), + TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd), + TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011), + TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c), + TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde), + TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0), + TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357), + TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6), + TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719), + TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe), + TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996), + TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e), + TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3), + TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec), + TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44), + TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335), + TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba), + TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686), + TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e), + TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51), + TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c), + TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f), + TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b), + TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b), + TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792), + TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89), + TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2), + TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705), + TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3), + TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734), + TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3), + TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41), + TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075), + TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb), + TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d), + TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643), + TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83), + TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588), + TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127), + TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c) }, + { TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c), + TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698), + TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81), + TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d), + TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7), + TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724), + TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac), + TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e), + TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0), + TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd), + TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031), + TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73), + TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e), + TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9), + TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a), + TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695), + TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466), + TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b), + TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15), + TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357), + TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97), + TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d), + TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6), + TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8), + TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da), + TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c), + TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8), + TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07), + TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0), + TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2), + TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5), + TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0), + TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c), + TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e), + TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07), + TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1), + TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8), + TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05), + TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b), + TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b), + TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8), + TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b), + TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821), + TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a), + TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc), + TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd), + TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f), + TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6), + TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461), + TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47), + TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04), + TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc), + TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4), + TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f), + TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040), + TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1), + TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564), + TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619), + TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a), + TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f), + TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b), + TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a), + TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560), + TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd), + TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a), + TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62), + TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880), + TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b), + TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943), + TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894), + TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f), + TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c), + TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290), + TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6), + TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f), + TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d), + TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c), + TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e), + TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342), + TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d), + TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078), + TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645), + TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e), + TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c), + TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9), + TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8), + TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7), + TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c), + TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596), + TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499), + TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b), + TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c), + TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a), + TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43), + TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a), + TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b), + TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0), + TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578), + TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f), + TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442), + TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17), + TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0), + TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271), + TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70), + TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f), + TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1), + TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93), + TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3), + TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232), + TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf), + TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4), + TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a), + TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17), + TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168), + TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d), + TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1), + TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811), + TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a), + TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0), + TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089), + TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682), + TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456), + TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b), + TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12), + TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69), + TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8), + TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e), + TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5), + TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d), + TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb), + TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1), + TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146), + TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c), + TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e), + TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6), + TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004), + TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9), + TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052), + TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219), + TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c), + TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd), + TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e), + TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a), + TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156), + TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b), + TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa), + TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9), + TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125), + TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3), + TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21), + TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643), + TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6), + TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb), + TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec), + TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac), + TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f), + TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d), + TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62), + TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2), + TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49), + TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044), + TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714), + TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1), + TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d), + TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d), + TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5), + TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73), + TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b), + TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb), + TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490), + TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d), + TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1), + TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6), + TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db), + TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44), + TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd), + TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee), + TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c), + TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a), + TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc), + TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726), + TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02), + TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692), + TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8), + TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b), + TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7), + TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22), + TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6), + TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5), + TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff), + TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0), + TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66), + TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c), + TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729), + TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da), + TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1), + TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049), + TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822), + TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40), + TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2), + TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469), + TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8), + TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14), + TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3), + TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18), + TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040), + TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d), + TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7), + TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7), + TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87), + TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988), + TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98), + TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3), + TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558), + TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1), + TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693), + TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363), + TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da), + TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e), + TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e), + TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9), + TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e), + TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10), + TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db), + TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e), + TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd), + TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9), + TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd), + TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083), + TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab), + TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4), + TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face), + TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd), + TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb), + TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d), + TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df), + TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3), + TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2), + TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8), + TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f), + TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d), + TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340), + TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0), + TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68), + TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df), + TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce), + TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d), + TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e), + TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288), + TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc), + TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274), + TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea), + TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410), + TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58), + TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b), + TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2) }, + { TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686), + TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54), + TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964), + TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a), + TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef), + TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0), + TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717), + TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6), + TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729), + TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4), + TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05), + TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a), + TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf), + TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87), + TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264), + TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb), + TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94), + TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00), + TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0), + TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd), + TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84), + TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72), + TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1), + TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d), + TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b), + TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e), + TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca), + TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7), + TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624), + TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346), + TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3), + TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b), + TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620), + TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510), + TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac), + TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4), + TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4), + TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a), + TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627), + TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326), + TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e), + TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727), + TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2), + TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc), + TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223), + TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d), + TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168), + TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299), + TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934), + TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6), + TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028), + TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29), + TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108), + TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5), + TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140), + TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2), + TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63), + TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972), + TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42), + TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474), + TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9), + TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20), + TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2), + TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16), + TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6), + TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b), + TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a), + TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284), + TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80), + TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be), + TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd), + TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9), + TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0), + TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517), + TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7), + TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a), + TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27), + TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01), + TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6), + TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86), + TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27), + TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb), + TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6), + TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0), + TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f), + TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804), + TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592), + TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e), + TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab), + TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11), + TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95), + TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49), + TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0), + TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616), + TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c), + TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96), + TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652), + TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d), + TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10), + TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f), + TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144), + TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf), + TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417), + TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c), + TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66), + TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291), + TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e), + TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a), + TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229), + TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3), + TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef), + TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549), + TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032), + TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b), + TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575), + TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771), + TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e), + TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344), + TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae), + TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188), + TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91), + TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958), + TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598), + TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6), + TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496), + TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813), + TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d), + TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782), + TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02), + TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a), + TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410), + TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2), + TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c), + TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c), + TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8), + TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18), + TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b), + TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da), + TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8), + TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88), + TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4), + TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d), + TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac), + TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1), + TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e), + TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826), + TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215), + TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86), + TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333), + TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546), + TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7), + TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb), + TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749), + TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5), + TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b), + TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26), + TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b), + TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f), + TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981), + TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c), + TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760), + TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551), + TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1), + TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5), + TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f), + TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef), + TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df), + TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150), + TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214), + TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c), + TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e), + TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31), + TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393), + TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6), + TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be), + TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022), + TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65), + TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236), + TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188), + TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a), + TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d), + TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db), + TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349), + TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f), + TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697), + TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7), + TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3), + TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45), + TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401), + TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21), + TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1), + TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b), + TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb), + TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de), + TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388), + TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde), + TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9), + TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db), + TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c), + TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0), + TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342), + TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987), + TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb), + TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86), + TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74), + TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0), + TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce), + TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e), + TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6), + TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8), + TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620), + TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13), + TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821), + TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060), + TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901), + TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286), + TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7), + TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324), + TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012), + TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4), + TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2), + TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286), + TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160), + TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a), + TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d), + TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d), + TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057), + TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b), + TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf), + TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64), + TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b), + TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635), + TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091), + TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985), + TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6), + TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27), + TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b), + TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e), + TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32), + TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393), + TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5), + TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94), + TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357), + TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b), + TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1), + TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9), + TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af), + TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913), + TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e), + TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21), + TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659), + TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8), + TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2), + TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d), + TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef), + TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef) }, + { TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8), + TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8), + TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98), + TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02), + TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499), + TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f), + TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192), + TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b), + TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869), + TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e), + TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411), + TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d), + TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a), + TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7), + TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426), + TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173), + TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74), + TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102), + TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2), + TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d), + TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7), + TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012), + TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21), + TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae), + TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e), + TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9), + TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652), + TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4), + TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770), + TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c), + TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b), + TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68), + TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69), + TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868), + TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54), + TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d), + TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b), + TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc), + TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208), + TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6), + TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc), + TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b), + TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8), + TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf), + TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce), + TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3), + TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0), + TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158), + TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d), + TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1), + TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e), + TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67), + TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61), + TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e), + TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875), + TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0), + TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94), + TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e), + TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822), + TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0), + TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b), + TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd), + TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f), + TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca), + TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247), + TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433), + TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8), + TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11), + TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741), + TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a), + TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6), + TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834), + TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938), + TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd), + TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35), + TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31), + TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f), + TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403), + TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4), + TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e), + TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e), + TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541), + TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02), + TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3), + TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf), + TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9), + TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52), + TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc), + TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b), + TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72), + TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70), + TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12), + TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1), + TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e), + TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2), + TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28), + TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd), + TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163), + TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce), + TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e), + TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3), + TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe), + TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a), + TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e), + TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98), + TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1), + TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700), + TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a), + TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971), + TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939), + TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2), + TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263), + TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7), + TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3), + TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2), + TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5), + TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09), + TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f), + TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392), + TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da), + TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665), + TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0), + TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c), + TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2), + TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe), + TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9), + TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097), + TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636), + TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f), + TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76), + TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7), + TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294), + TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62), + TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f), + TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d), + TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063), + TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b), + TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b), + TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42), + TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c), + TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e), + TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab), + TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52), + TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39), + TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91), + TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae), + TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b), + TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d), + TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588), + TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da), + TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1), + TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9), + TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35), + TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22), + TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081), + TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80), + TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2), + TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec), + TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7), + TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f), + TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66), + TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83), + TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce), + TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf), + TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902), + TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32), + TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660), + TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d), + TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d), + TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0), + TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46), + TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef), + TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9), + TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec), + TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be), + TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f), + TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293), + TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1), + TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0), + TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115), + TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c), + TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd), + TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d), + TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8), + TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419), + TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2), + TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234), + TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb), + TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350), + TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128), + TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf), + TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362), + TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b), + TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e), + TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573), + TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958), + TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595), + TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842), + TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a), + TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d), + TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171), + TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29), + TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6), + TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc), + TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779), + TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31), + TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a), + TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a), + TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd), + TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5), + TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d), + TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f), + TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274), + TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3), + TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9), + TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87), + TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1), + TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033), + TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3), + TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af), + TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da), + TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd), + TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391), + TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d), + TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a), + TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13), + TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05), + TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e), + TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7), + TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d), + TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4), + TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac), + TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38), + TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f), + TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f), + TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092), + TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70), + TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac), + TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31), + TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f), + TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461), + TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073), + TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811), + TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851), + TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418), + TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027), + TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330), + TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df), + TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f), + TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7), + TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0), + TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e), + TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868), + TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea), + TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff), + TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675) }, + { TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb), + TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81), + TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a), + TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522), + TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd), + TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c), + TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea), + TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9), + TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf), + TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e), + TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4), + TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537), + TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f), + TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc), + TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205), + TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de), + TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab), + TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff), + TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8), + TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b), + TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3), + TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f), + TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524), + TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1), + TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8), + TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa), + TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8), + TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474), + TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549), + TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa), + TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd), + TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985), + TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa), + TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8), + TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5), + TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf), + TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c), + TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd), + TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb), + TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5), + TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c), + TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e), + TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca), + TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7), + TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958), + TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d), + TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a), + TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b), + TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e), + TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5), + TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7), + TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a), + TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8), + TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392), + TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4), + TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd), + TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c), + TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744), + TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459), + TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b), + TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379), + TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e), + TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483), + TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa), + TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9), + TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f), + TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a), + TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398), + TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16), + TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1), + TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5), + TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349), + TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d), + TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0), + TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d), + TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9), + TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe), + TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c), + TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4), + TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f), + TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754), + TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3), + TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a), + TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852), + TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac), + TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9), + TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa), + TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323), + TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455), + TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411), + TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435), + TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e), + TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18), + TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495), + TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400), + TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0), + TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210), + TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70), + TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42), + TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a), + TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773), + TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b), + TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832), + TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3), + TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97), + TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01), + TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5), + TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281), + TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc), + TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0), + TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c), + TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6), + TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be), + TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1), + TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e), + TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96), + TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45), + TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e), + TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1), + TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46), + TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863), + TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8), + TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2), + TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024), + TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb), + TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d), + TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4), + TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7), + TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148), + TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40), + TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d), + TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201), + TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41), + TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016), + TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e), + TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1), + TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88), + TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b), + TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443), + TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2), + TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4), + TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e), + TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57), + TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac), + TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b), + TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29), + TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79), + TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031), + TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a), + TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b), + TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752), + TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2), + TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d), + TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13), + TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6), + TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e), + TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165), + TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9), + TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e), + TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561), + TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40), + TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da), + TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02), + TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3), + TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b), + TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639), + TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8), + TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab), + TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10), + TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd), + TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b), + TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8), + TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66), + TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40), + TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd), + TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b), + TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb), + TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442), + TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0), + TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628), + TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be), + TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2), + TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d), + TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca), + TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed), + TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06), + TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57), + TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2), + TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7), + TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435), + TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3), + TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78), + TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c), + TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57), + TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f), + TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c), + TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5), + TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f), + TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7), + TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf), + TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c), + TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8), + TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12), + TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a), + TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919), + TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5), + TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154), + TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1), + TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285), + TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7), + TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c), + TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517), + TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523), + TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00), + TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63), + TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946), + TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1), + TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60), + TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d), + TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d), + TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438), + TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507), + TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2), + TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd), + TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3), + TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126), + TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba), + TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569), + TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b), + TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321), + TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff), + TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731), + TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd), + TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b), + TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1), + TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041), + TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7), + TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6), + TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6), + TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b), + TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5), + TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823), + TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5), + TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1), + TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306), + TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2), + TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df), + TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8), + TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18), + TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a), + TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5), + TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa), + TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640), + TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670), + TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed), + TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368) }, + { + TOBN(0xa9f5d874, 0x5a1251fb), + TOBN(0x967747a8, 0xc72725c7), + TOBN(0x195c33e5, 0x31ffe89e), + TOBN(0x609d210f, 0xe964935e), + TOBN(0xcafd6ca8, 0x2fe12227), + TOBN(0xaf9b5b96, 0x0426469d), + TOBN(0x2e9ee04c, 0x5693183c), + TOBN(0x1084a333, 0xc8146fef), + TOBN(0x96649933, 0xaed1d1f7), + TOBN(0x566eaff3, 0x50563090), + TOBN(0x345057f0, 0xad2e39cf), + TOBN(0x148ff65b, 0x1f832124), + TOBN(0x042e89d4, 0xcf94cf0d), + TOBN(0x319bec84, 0x520c58b3), + TOBN(0x2a267626, 0x5361aa0d), + TOBN(0xc86fa302, 0x8fbc87ad), + TOBN(0xfc83d2ab, 0x5c8b06d5), + TOBN(0xb1a785a2, 0xfe4eac46), + TOBN(0xb99315bc, 0x846f7779), + TOBN(0xcf31d816, 0xef9ea505), + TOBN(0x2391fe6a, 0x15d7dc85), + TOBN(0x2f132b04, 0xb4016b33), + TOBN(0x29547fe3, 0x181cb4c7), + TOBN(0xdb66d8a6, 0x650155a1), + TOBN(0x6b66d7e1, 0xadc1696f), + TOBN(0x98ebe593, 0x0acd72d0), + TOBN(0x65f24550, 0xcc1b7435), + TOBN(0xce231393, 0xb4b9a5ec), + TOBN(0x234a22d4, 0xdb067df9), + TOBN(0x98dda095, 0xcaff9b00), + TOBN(0x1bbc75a0, 0x6100c9c1), + TOBN(0x1560a9c8, 0x939cf695), + TOBN(0xcf006d3e, 0x99e0925f), + TOBN(0x2dd74a96, 0x6322375a), + TOBN(0xc58b446a, 0xb56af5ba), + TOBN(0x50292683, 0xe0b9b4f1), + TOBN(0xe2c34cb4, 0x1aeaffa3), + TOBN(0x8b17203f, 0x9b9587c1), + TOBN(0x6d559207, 0xead1350c), + TOBN(0x2b66a215, 0xfb7f9604), + TOBN(0x0850325e, 0xfe51bf74), + TOBN(0x9c4f579e, 0x5e460094), + TOBN(0x5c87b92a, 0x76da2f25), + TOBN(0x889de4e0, 0x6febef33), + TOBN(0x6900ec06, 0x646083ce), + TOBN(0xbe2a0335, 0xbfe12773), + TOBN(0xadd1da35, 0xc5344110), + TOBN(0x757568b7, 0xb802cd20), + TOBN(0x75559779, 0x00f7e6c8), + TOBN(0x38e8b94f, 0x0facd2f0), + TOBN(0xfea1f3af, 0x03fde375), + TOBN(0x5e11a1d8, 0x75881dfc), + TOBN(0xb3a6b02e, 0xc1e2f2ef), + TOBN(0x193d2bbb, 0xc605a6c5), + TOBN(0x325ffeee, 0x339a0b2d), + TOBN(0x27b6a724, 0x9e0c8846), + TOBN(0xe4050f1c, 0xf1c367ca), + TOBN(0x9bc85a9b, 0xc90fbc7d), + TOBN(0xa373c4a2, 0xe1a11032), + TOBN(0xb64232b7, 0xad0393a9), + TOBN(0xf5577eb0, 0x167dad29), + TOBN(0x1604f301, 0x94b78ab2), + TOBN(0x0baa94af, 0xe829348b), + TOBN(0x77fbd8dd, 0x41654342), + TOBN(0xdab50ea5, 0xb964e39a), + TOBN(0xd4c29e3c, 0xd0d3c76e), + TOBN(0x80dae67c, 0x56d11964), + TOBN(0x7307a8bf, 0xe5ffcc2f), + TOBN(0x65bbc1aa, 0x91708c3b), + TOBN(0xa151e62c, 0x28bf0eeb), + TOBN(0x6cb53381, 0x6fa34db7), + TOBN(0x5139e05c, 0xa29403a8), + TOBN(0x6ff651b4, 0x94a7cd2e), + TOBN(0x5671ffd1, 0x0699336c), + TOBN(0x6f5fd2cc, 0x979a896a), + TOBN(0x11e893a8, 0xd8148cef), + TOBN(0x988906a1, 0x65cf7b10), + TOBN(0x81b67178, 0xc50d8485), + TOBN(0x7c0deb35, 0x8a35b3de), + TOBN(0x423ac855, 0xc1d29799), + TOBN(0xaf580d87, 0xdac50b74), + TOBN(0x28b2b89f, 0x5869734c), + TOBN(0x99a3b936, 0x874e28fb), + TOBN(0xbb2c9190, 0x25f3f73a), + TOBN(0x199f6918, 0x84a9d5b7), + TOBN(0x7ebe2325, 0x7e770374), + TOBN(0xf442e107, 0x0738efe2), + TOBN(0xcf9f3f56, 0xcf9082d2), + TOBN(0x719f69e1, 0x09618708), + TOBN(0xcc9e8364, 0xc183f9b1), + TOBN(0xec203a95, 0x366a21af), + TOBN(0x6aec5d6d, 0x068b141f), + TOBN(0xee2df78a, 0x994f04e9), + TOBN(0xb39ccae8, 0x271245b0), + TOBN(0xb875a4a9, 0x97e43f4f), + TOBN(0x507dfe11, 0xdb2cea98), + TOBN(0x4fbf81cb, 0x489b03e9), + TOBN(0xdb86ec5b, 0x6ec414fa), + TOBN(0xfad444f9, 0xf51b3ae5), + TOBN(0xca7d33d6, 0x1914e3fe), + TOBN(0xa9c32f5c, 0x0ae6c4d0), + TOBN(0xa9ca1d1e, 0x73969568), + TOBN(0x98043c31, 0x1aa7467e), + TOBN(0xe832e75c, 0xe21b5ac6), + TOBN(0x314b7aea, 0x5232123d), + TOBN(0x08307c8c, 0x65ae86db), + TOBN(0x06e7165c, 0xaa4668ed), + TOBN(0xb170458b, 0xb4d3ec39), + TOBN(0x4d2e3ec6, 0xc19bb986), + TOBN(0xc5f34846, 0xae0304ed), + TOBN(0x917695a0, 0x6c9f9722), + TOBN(0x6c7f7317, 0x4cab1c0a), + TOBN(0x6295940e, 0x9d6d2e8b), + TOBN(0xd318b8c1, 0x549f7c97), + TOBN(0x22453204, 0x97713885), + TOBN(0x468d834b, 0xa8a440fe), + TOBN(0xd81fe5b2, 0xbfba796e), + TOBN(0x152364db, 0x6d71f116), + TOBN(0xbb8c7c59, 0xb5b66e53), + TOBN(0x0b12c61b, 0x2641a192), + TOBN(0x31f14802, 0xfcf0a7fd), + TOBN(0x42fd0789, 0x5488b01e), + TOBN(0x71d78d6d, 0x9952b498), + TOBN(0x8eb572d9, 0x07ac5201), + TOBN(0xe0a2a44c, 0x4d194a88), + TOBN(0xd2b63fd9, 0xba017e66), + TOBN(0x78efc6c8, 0xf888aefc), + TOBN(0xb76f6bda, 0x4a881a11), + TOBN(0x187f314b, 0xb46c2397), + TOBN(0x004cf566, 0x5ded2819), + TOBN(0xa9ea5704, 0x38764d34), + TOBN(0xbba45217, 0x78084709), + TOBN(0x06474571, 0x1171121e), + TOBN(0xad7b7eb1, 0xe7c9b671), + TOBN(0xdacfbc40, 0x730f7507), + TOBN(0x178cd8c6, 0xc7ad7bd1), + TOBN(0xbf0be101, 0xb2a67238), + TOBN(0x3556d367, 0xaf9c14f2), + TOBN(0x104b7831, 0xa5662075), + TOBN(0x58ca59bb, 0x79d9e60a), + TOBN(0x4bc45392, 0xa569a73b), + TOBN(0x517a52e8, 0x5698f6c9), + TOBN(0x85643da5, 0xaeadd755), + TOBN(0x1aed0cd5, 0x2a581b84), + TOBN(0xb9b4ff84, 0x80af1372), + TOBN(0x244c3113, 0xf1ba5d1f), + TOBN(0x2a5dacbe, 0xf5f98d31), + TOBN(0x2c3323e8, 0x4375bc2a), + TOBN(0x17a3ab4a, 0x5594b1dd), + TOBN(0xa1928bfb, 0xceb4797e), + TOBN(0xe83af245, 0xe4886a19), + TOBN(0x8979d546, 0x72b5a74a), + TOBN(0xa0f726bc, 0x19f9e967), + TOBN(0xd9d03152, 0xe8fbbf4e), + TOBN(0xcfd6f51d, 0xb7707d40), + TOBN(0x633084d9, 0x63f6e6e0), + TOBN(0xedcd9cdc, 0x55667eaf), + TOBN(0x73b7f92b, 0x2e44d56f), + TOBN(0xfb2e39b6, 0x4e962b14), + TOBN(0x7d408f6e, 0xf671fcbf), + TOBN(0xcc634ddc, 0x164a89bb), + TOBN(0x74a42bb2, 0x3ef3bd05), + TOBN(0x1280dbb2, 0x428decbb), + TOBN(0x6103f6bb, 0x402c8596), + TOBN(0xfa2bf581, 0x355a5752), + TOBN(0x562f96a8, 0x00946674), + TOBN(0x4e4ca16d, 0x6da0223b), + TOBN(0xfe47819f, 0x28d3aa25), + TOBN(0x9eea3075, 0xf8dfcf8a), + TOBN(0xa284f0aa, 0x95669825), + TOBN(0xb3fca250, 0x867d3fd8), + TOBN(0x20757b5f, 0x269d691e), + TOBN(0xf2c24020, 0x93b8a5de), + TOBN(0xd3f93359, 0xebc06da6), + TOBN(0x1178293e, 0xb2739c33), + TOBN(0xd2a3e770, 0xbcd686e5), + TOBN(0xa76f49f4, 0xcd941534), + TOBN(0x0d37406b, 0xe3c71c0e), + TOBN(0x172d9397, 0x3b97f7e3), + TOBN(0xec17e239, 0xbd7fd0de), + TOBN(0xe3290551, 0x6f496ba2), + TOBN(0x6a693172, 0x36ad50e7), + TOBN(0xc4e539a2, 0x83e7eff5), + TOBN(0x752737e7, 0x18e1b4cf), + TOBN(0xa2f7932c, 0x68af43ee), + TOBN(0x5502468e, 0x703d00bd), + TOBN(0xe5dc978f, 0x2fb061f5), + TOBN(0xc9a1904a, 0x28c815ad), + TOBN(0xd3af538d, 0x470c56a4), + TOBN(0x159abc5f, 0x193d8ced), + TOBN(0x2a37245f, 0x20108ef3), + TOBN(0xfa17081e, 0x223f7178), + TOBN(0x27b0fb2b, 0x10c8c0f5), + TOBN(0x2102c3ea, 0x40650547), + TOBN(0x594564df, 0x8ac3bfa7), + TOBN(0x98102033, 0x509dad96), + TOBN(0x6989643f, 0xf1d18a13), + TOBN(0x35eebd91, 0xd7fc5af0), + TOBN(0x078d096a, 0xfaeaafd8), + TOBN(0xb7a89341, 0xdef3de98), + TOBN(0x2a206e8d, 0xecf2a73a), + TOBN(0x066a6397, 0x8e551994), + TOBN(0x3a6a088a, 0xb98d53a2), + TOBN(0x0ce7c67c, 0x2d1124aa), + TOBN(0x48cec671, 0x759a113c), + TOBN(0xe3b373d3, 0x4f6f67fa), + TOBN(0x5455d479, 0xfd36727b), + TOBN(0xe5a428ee, 0xa13c0d81), + TOBN(0xb853dbc8, 0x1c86682b), + TOBN(0xb78d2727, 0xb8d02b2a), + TOBN(0xaaf69bed, 0x8ebc329a), + TOBN(0xdb6b40b3, 0x293b2148), + TOBN(0xe42ea77d, 0xb8c4961f), + TOBN(0xb1a12f7c, 0x20e5e0ab), + TOBN(0xa0ec5274, 0x79e8b05e), + TOBN(0x68027391, 0xfab60a80), + TOBN(0x6bfeea5f, 0x16b1bd5e), + TOBN(0xf957e420, 0x4de30ad3), + TOBN(0xcbaf664e, 0x6a353b9e), + TOBN(0x5c873312, 0x26d14feb), + TOBN(0x4e87f98c, 0xb65f57cb), + TOBN(0xdb60a621, 0x5e0cdd41), + TOBN(0x67c16865, 0xa6881440), + TOBN(0x1093ef1a, 0x46ab52aa), + TOBN(0xc095afb5, 0x3f4ece64), + TOBN(0x6a6bb02e, 0x7604551a), + TOBN(0x55d44b4e, 0x0b26b8cd), + TOBN(0xe5f9a999, 0xf971268a), + TOBN(0xc08ec425, 0x11a7de84), + TOBN(0x83568095, 0xfda469dd), + TOBN(0x737bfba1, 0x6c6c90a2), + TOBN(0x1cb9c4a0, 0xbe229831), + TOBN(0x93bccbba, 0xbb2eec64), + TOBN(0xa0c23b64, 0xda03adbe), + TOBN(0x5f7aa00a, 0xe0e86ac4), + TOBN(0x470b941e, 0xfc1401e6), + TOBN(0x5ad8d679, 0x9df43574), + TOBN(0x4ccfb8a9, 0x0f65d810), + TOBN(0x1bce80e3, 0xaa7fbd81), + TOBN(0x273291ad, 0x9508d20a), + TOBN(0xf5c4b46b, 0x42a92806), + TOBN(0x810684ec, 0xa86ab44a), + TOBN(0x4591640b, 0xca0bc9f8), + TOBN(0xb5efcdfc, 0x5c4b6054), + TOBN(0x16fc8907, 0x6e9edd12), + TOBN(0xe29d0b50, 0xd4d792f9), + TOBN(0xa45fd01c, 0x9b03116d), + TOBN(0x85035235, 0xc81765a4), + TOBN(0x1fe2a9b2, 0xb4b4b67c), + TOBN(0xc1d10df0, 0xe8020604), + TOBN(0x9d64abfc, 0xbc8058d8), + TOBN(0x8943b9b2, 0x712a0fbb), + TOBN(0x90eed914, 0x3b3def04), + TOBN(0x85ab3aa2, 0x4ce775ff), + TOBN(0x605fd4ca, 0x7bbc9040), + TOBN(0x8b34a564, 0xe2c75dfb), + TOBN(0x41ffc94a, 0x10358560), + TOBN(0x2d8a5072, 0x9e5c28aa), + TOBN(0xe915a0fc, 0x4cc7eb15), + TOBN(0xe9efab05, 0x8f6d0f5d), + TOBN(0xdbab47a9, 0xd19e9b91), + TOBN(0x8cfed745, 0x0276154c), + TOBN(0x154357ae, 0x2cfede0d), + TOBN(0x520630df, 0x19f5a4ef), + TOBN(0x25759f7c, 0xe382360f), + TOBN(0xb6db05c9, 0x88bf5857), + TOBN(0x2917d61d, 0x6c58d46c), + TOBN(0x14f8e491, 0xfd20cb7a), + TOBN(0xb68a727a, 0x11c20340), + TOBN(0x0386f86f, 0xaf7ccbb6), + TOBN(0x5c8bc6cc, 0xfee09a20), + TOBN(0x7d76ff4a, 0xbb7eea35), + TOBN(0xa7bdebe7, 0xdb15be7a), + TOBN(0x67a08054, 0xd89f0302), + TOBN(0x56bf0ea9, 0xc1193364), + TOBN(0xc8244467, 0x62837ebe), + TOBN(0x32bd8e8b, 0x20d841b8), + TOBN(0x127a0548, 0xdbb8a54f), + TOBN(0x83dd4ca6, 0x63b20236), + TOBN(0x87714718, 0x203491fa), + TOBN(0x4dabcaaa, 0xaa8a5288), + TOBN(0x91cc0c8a, 0xaf23a1c9), + TOBN(0x34c72c6a, 0x3f220e0c), + TOBN(0xbcc20bdf, 0x1232144a), + TOBN(0x6e2f42da, 0xa20ede1b), + TOBN(0xc441f00c, 0x74a00515), + TOBN(0xbf46a5b6, 0x734b8c4b), + TOBN(0x57409503, 0x7b56c9a4), + TOBN(0x9f735261, 0xe4585d45), + TOBN(0x9231faed, 0x6734e642), + TOBN(0x1158a176, 0xbe70ee6c), + TOBN(0x35f1068d, 0x7c3501bf), + TOBN(0x6beef900, 0xa2d26115), + TOBN(0x649406f2, 0xef0afee3), + TOBN(0x3f43a60a, 0xbc2420a1), + TOBN(0x509002a7, 0xd5aee4ac), + TOBN(0xb46836a5, 0x3ff3571b), + TOBN(0x24f98b78, 0x837927c1), + TOBN(0x6254256a, 0x4533c716), + TOBN(0xf27abb0b, 0xd07ee196), + TOBN(0xd7cf64fc, 0x5c6d5bfd), + TOBN(0x6915c751, 0xf0cd7a77), + TOBN(0xd9f59012, 0x8798f534), + TOBN(0x772b0da8, 0xf81d8b5f), + TOBN(0x1244260c, 0x2e03fa69), + TOBN(0x36cf0e3a, 0x3be1a374), + TOBN(0x6e7c1633, 0xef06b960), + TOBN(0xa71a4c55, 0x671f90f6), + TOBN(0x7a941251, 0x33c673db), + TOBN(0xc0bea510, 0x73e8c131), + TOBN(0x61a8a699, 0xd4f6c734), + TOBN(0x25e78c88, 0x341ed001), + TOBN(0x5c18acf8, 0x8e2f7d90), + TOBN(0xfdbf33d7, 0x77be32cd), + TOBN(0x0a085cd7, 0xd2eb5ee9), + TOBN(0x2d702cfb, 0xb3201115), + TOBN(0xb6e0ebdb, 0x85c88ce8), + TOBN(0x23a3ce3c, 0x1e01d617), + TOBN(0x3041618e, 0x567333ac), + TOBN(0x9dd0fd8f, 0x157edb6b), + TOBN(0x27f74702, 0xb57872b8), + TOBN(0x2ef26b4f, 0x657d5fe1), + TOBN(0x95426f0a, 0x57cf3d40), + TOBN(0x847e2ad1, 0x65a6067a), + TOBN(0xd474d9a0, 0x09996a74), + TOBN(0x16a56acd, 0x2a26115c), + TOBN(0x02a615c3, 0xd16f4d43), + TOBN(0xcc3fc965, 0xaadb85b7), + TOBN(0x386bda73, 0xce07d1b0), + TOBN(0xd82910c2, 0x58ad4178), + TOBN(0x124f82cf, 0xcd2617f4), + TOBN(0xcc2f5e8d, 0xef691770), + TOBN(0x82702550, 0xb8c30ccc), + TOBN(0x7b856aea, 0x1a8e575a), + TOBN(0xbb822fef, 0xb1ab9459), + TOBN(0x085928bc, 0xec24e38e), + TOBN(0x5d0402ec, 0xba8f4b4d), + TOBN(0xc07cd4ba, 0x00b4d58b), + TOBN(0x5d8dffd5, 0x29227e7a), + TOBN(0x61d44d0c, 0x31bf386f), + TOBN(0xe486dc2b, 0x135e6f4d), + TOBN(0x680962eb, 0xe79410ef), + TOBN(0xa61bd343, 0xf10088b5), + TOBN(0x6aa76076, 0xe2e28686), + TOBN(0x80463d11, 0x8fb98871), + TOBN(0xcb26f5c3, 0xbbc76aff), + TOBN(0xd4ab8edd, 0xfbe03614), + TOBN(0xc8eb579b, 0xc0cf2dee), + TOBN(0xcc004c15, 0xc93bae41), + TOBN(0x46fbae5d, 0x3aeca3b2), + TOBN(0x671235cf, 0x0f1e9ab1), + TOBN(0xadfba934, 0x9ec285c1), + TOBN(0x88ded013, 0xf216c980), + TOBN(0xc8ac4fb8, 0xf79e0bc1), + TOBN(0xa29b89c6, 0xfb97a237), + TOBN(0xb697b780, 0x9922d8e7), + TOBN(0x3142c639, 0xddb945b5), + TOBN(0x447b06c7, 0xe094c3a9), + TOBN(0xcdcb3642, 0x72266c90), + TOBN(0x633aad08, 0xa9385046), + TOBN(0xa36c936b, 0xb57c6477), + TOBN(0x871f8b64, 0xe94dbcc6), + TOBN(0x28d0fb62, 0xa591a67b), + TOBN(0x9d40e081, 0xc1d926f5), + TOBN(0x3111eaf6, 0xf2d84b5a), + TOBN(0x228993f9, 0xa565b644), + TOBN(0x0ccbf592, 0x2c83188b), + TOBN(0xf87b30ab, 0x3df3e197), + TOBN(0xb8658b31, 0x7642bca8), + TOBN(0x1a032d7f, 0x52800f17), + TOBN(0x051dcae5, 0x79bf9445), + TOBN(0xeba6b8ee, 0x54a2e253), + TOBN(0x5c8b9cad, 0xd4485692), + TOBN(0x84bda40e, 0x8986e9be), + TOBN(0xd16d16a4, 0x2f0db448), + TOBN(0x8ec80050, 0xa14d4188), + TOBN(0xb2b26107, 0x98fa7aaa), + TOBN(0x41209ee4, 0xf073aa4e), + TOBN(0xf1570359, 0xf2d6b19b), + TOBN(0xcbe6868c, 0xfc577caf), + TOBN(0x186c4bdc, 0x32c04dd3), + TOBN(0xa6c35fae, 0xcfeee397), + TOBN(0xb4a1b312, 0xf086c0cf), + TOBN(0xe0a5ccc6, 0xd9461fe2), + TOBN(0xc32278aa, 0x1536189f), + TOBN(0x1126c55f, 0xba6df571), + TOBN(0x0f71a602, 0xb194560e), + TOBN(0x8b2d7405, 0x324bd6e1), + TOBN(0x8481939e, 0x3738be71), + TOBN(0xb5090b1a, 0x1a4d97a9), + TOBN(0x116c65a3, 0xf05ba915), + TOBN(0x21863ad3, 0xaae448aa), + TOBN(0xd24e2679, 0xa7aae5d3), + TOBN(0x7076013d, 0x0de5c1c4), + TOBN(0x2d50f8ba, 0xbb05b629), + TOBN(0x73c1abe2, 0x6e66efbb), + TOBN(0xefd4b422, 0xf2488af7), + TOBN(0xe4105d02, 0x663ba575), + TOBN(0x7eb60a8b, 0x53a69457), + TOBN(0x62210008, 0xc945973b), + TOBN(0xfb255478, 0x77a50ec6), + TOBN(0xbf0392f7, 0x0a37a72c), + TOBN(0xa0a7a19c, 0x4be18e7a), + TOBN(0x90d8ea16, 0x25b1e0af), + TOBN(0x7582a293, 0xef953f57), + TOBN(0x90a64d05, 0xbdc5465a), + TOBN(0xca79c497, 0xe2510717), + TOBN(0x560dbb7c, 0x18cb641f), + TOBN(0x1d8e3286, 0x4b66abfb), + TOBN(0xd26f52e5, 0x59030900), + TOBN(0x1ee3f643, 0x5584941a), + TOBN(0x6d3b3730, 0x569f5958), + TOBN(0x9ff2a62f, 0x4789dba5), + TOBN(0x91fcb815, 0x72b5c9b7), + TOBN(0xf446cb7d, 0x6c8f9a0e), + TOBN(0x48f625c1, 0x39b7ecb5), + TOBN(0xbabae801, 0x1c6219b8), + TOBN(0xe7a562d9, 0x28ac2f23), + TOBN(0xe1b48732, 0x26e20588), + TOBN(0x06ee1cad, 0x775af051), + TOBN(0xda29ae43, 0xfaff79f7), + TOBN(0xc141a412, 0x652ee9e0), + TOBN(0x1e127f6f, 0x195f4bd0), + TOBN(0x29c6ab4f, 0x072f34f8), + TOBN(0x7b7c1477, 0x30448112), + TOBN(0x82b51af1, 0xe4a38656), + TOBN(0x2bf2028a, 0x2f315010), + TOBN(0xc9a4a01f, 0x6ea88cd4), + TOBN(0xf63e95d8, 0x257e5818), + TOBN(0xdd8efa10, 0xb4519b16), + TOBN(0xed8973e0, 0x0da910bf), + TOBN(0xed49d077, 0x5c0fe4a9), + TOBN(0xac3aac5e, 0xb7caee1e), + TOBN(0x1033898d, 0xa7f4da57), + TOBN(0x42145c0e, 0x5c6669b9), + TOBN(0x42daa688, 0xc1aa2aa0), + TOBN(0x629cc15c, 0x1a1d885a), + TOBN(0x25572ec0, 0xf4b76817), + TOBN(0x8312e435, 0x9c8f8f28), + TOBN(0x8107f8cd, 0x81965490), + TOBN(0x516ff3a3, 0x6fa6110c), + TOBN(0x74fb1eb1, 0xfb93561f), + TOBN(0x6c0c9047, 0x8457522b), + TOBN(0xcfd32104, 0x6bb8bdc6), + TOBN(0x2d6884a2, 0xcc80ad57), + TOBN(0x7c27fc35, 0x86a9b637), + TOBN(0x3461baed, 0xadf4e8cd), + TOBN(0x1d56251a, 0x617242f0), + TOBN(0x0b80d209, 0xc955bef4), + TOBN(0xdf02cad2, 0x06adb047), + TOBN(0xf0d7cb91, 0x5ec74fee), + TOBN(0xd2503375, 0x1111ba44), + TOBN(0x9671755e, 0xdf53cb36), + TOBN(0x54dcb612, 0x3368551b), + TOBN(0x66d69aac, 0xc8a025a4), + TOBN(0x6be946c6, 0xe77ef445), + TOBN(0x719946d1, 0xa995e094), + TOBN(0x65e848f6, 0xe51e04d8), + TOBN(0xe62f3300, 0x6a1e3113), + TOBN(0x1541c7c1, 0x501de503), + TOBN(0x4daac9fa, 0xf4acfade), + TOBN(0x0e585897, 0x44cd0b71), + TOBN(0x544fd869, 0x0a51cd77), + TOBN(0x60fc20ed, 0x0031016d), + TOBN(0x58b404ec, 0xa4276867), + TOBN(0x46f6c3cc, 0x34f34993), + TOBN(0x477ca007, 0xc636e5bd), + TOBN(0x8018f5e5, 0x7c458b47), + TOBN(0xa1202270, 0xe47b668f), + TOBN(0xcef48ccd, 0xee14f203), + TOBN(0x23f98bae, 0x62ff9b4d), + TOBN(0x55acc035, 0xc589eddd), + TOBN(0x3fe712af, 0x64db4444), + TOBN(0x19e9d634, 0xbecdd480), + TOBN(0xe08bc047, 0xa930978a), + TOBN(0x2dbf24ec, 0xa1280733), + TOBN(0x3c0ae38c, 0x2cd706b2), + TOBN(0x5b012a5b, 0x359017b9), + TOBN(0x3943c38c, 0x72e0f5ae), + TOBN(0x786167ea, 0x57176fa3), + TOBN(0xe5f9897d, 0x594881dc), + TOBN(0x6b5efad8, 0xcfb820c1), + TOBN(0xb2179093, 0xd55018de), + TOBN(0x39ad7d32, 0x0bac56ce), + TOBN(0xb55122e0, 0x2cfc0e81), + TOBN(0x117c4661, 0xf6d89daa), + TOBN(0x362d01e1, 0xcb64fa09), + TOBN(0x6a309b4e, 0x3e9c4ddd), + TOBN(0xfa979fb7, 0xabea49b1), + TOBN(0xb4b1d27d, 0x10e2c6c5), + TOBN(0xbd61c2c4, 0x23afde7a), + TOBN(0xeb6614f8, 0x9786d358), + TOBN(0x4a5d816b, 0x7f6f7459), + TOBN(0xe431a44f, 0x09360e7b), + TOBN(0x8c27a032, 0xc309914c), + TOBN(0xcea5d68a, 0xcaede3d8), + TOBN(0x3668f665, 0x3a0a3f95), + TOBN(0x89369416, 0x7ceba27b), + TOBN(0x89981fad, 0xe4728fe9), + TOBN(0x7102c8a0, 0x8a093562), + TOBN(0xbb80310e, 0x235d21c8), + TOBN(0x505e55d1, 0xbefb7f7b), + TOBN(0xa0a90811, 0x12958a67), + TOBN(0xd67e106a, 0x4d851fef), + TOBN(0xb84011a9, 0x431dd80e), + TOBN(0xeb7c7cca, 0x73306cd9), + TOBN(0x20fadd29, 0xd1b3b730), + TOBN(0x83858b5b, 0xfe37b3d3), + TOBN(0xbf4cd193, 0xb6251d5c), + TOBN(0x1cca1fd3, 0x1352d952), + TOBN(0xc66157a4, 0x90fbc051), + TOBN(0x7990a638, 0x89b98636), + }, + { TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00), + TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28), + TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949), + TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742), + TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34), + TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5), + TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc), + TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f), + TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7), + TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3), + TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c), + TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f), + TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a), + TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620), + TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa), + TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6), + TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7), + TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999), + TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c), + TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327), + TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f), + TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb), + TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d), + TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390), + TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590), + TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d), + TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8), + TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015), + TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4), + TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6), + TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3), + TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b), + TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319), + TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e), + TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3), + TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414), + TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5), + TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e), + TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a), + TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f), + TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107), + TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159), + TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567), + TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc), + TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1), + TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b), + TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f), + TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b), + TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176), + TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e), + TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547), + TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707), + TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e), + TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d), + TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909), + TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442), + TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65), + TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b), + TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90), + TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24), + TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc), + TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f), + TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35), + TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98), + TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6), + TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1), + TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182), + TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6), + TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351), + TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491), + TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e), + TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4), + TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688), + TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4), + TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc), + TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c), + TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c), + TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4), + TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e), + TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f), + TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381), + TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7), + TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150), + TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422), + TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391), + TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035), + TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe), + TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9), + TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8), + TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7), + TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c), + TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80), + TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d), + TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e), + TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9), + TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199), + TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7), + TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1), + TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829), + TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97), + TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133), + TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba), + TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139), + TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b), + TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53), + TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60), + TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff), + TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d), + TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6), + TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305), + TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249), + TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8), + TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93), + TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4), + TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f), + TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b), + TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142), + TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5), + TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e), + TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31), + TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452), + TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca), + TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289), + TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37), + TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182), + TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f), + TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d), + TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe), + TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa), + TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409), + TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a), + TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1), + TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b), + TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf), + TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215), + TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b), + TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca), + TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79), + TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1), + TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd), + TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0), + TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06), + TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6), + TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf), + TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd), + TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb), + TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683), + TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208), + TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3), + TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7), + TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db), + TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a), + TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109), + TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32), + TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25), + TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856), + TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b), + TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c), + TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac), + TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d), + TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f), + TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4), + TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1), + TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff), + TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09), + TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc), + TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781), + TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5), + TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502), + TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8), + TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123), + TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112), + TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd), + TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3), + TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770), + TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d), + TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729), + TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b), + TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f), + TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4), + TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f), + TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26), + TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9), + TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf), + TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6), + TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59), + TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce), + TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc), + TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249), + TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d), + TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f), + TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475), + TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b), + TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb), + TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103), + TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9), + TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97), + TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674), + TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46), + TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6), + TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8), + TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337), + TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8), + TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f), + TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96), + TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56), + TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639), + TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a), + TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf), + TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051), + TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab), + TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530), + TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f), + TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96), + TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff), + TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034), + TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076), + TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b), + TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071), + TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b), + TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7), + TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44), + TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9), + TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c), + TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2), + TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1), + TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b), + TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d), + TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576), + TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95), + TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c), + TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f), + TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758), + TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016), + TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3), + TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85), + TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da), + TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3), + TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e), + TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0), + TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d), + TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b), + TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f), + TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8), + TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2), + TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b), + TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe), + TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd), + TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb), + TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b), + TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a), + TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd), + TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d), + TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3), + TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a), + TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2) }, + { + TOBN(0x1cb43668, 0xe039c256), + TOBN(0x5f26fb8b, 0x7c17fd5d), + TOBN(0xeee426af, 0x79aa062b), + TOBN(0x072002d0, 0xd78fbf04), + TOBN(0x4c9ca237, 0xe84fb7e3), + TOBN(0xb401d8a1, 0x0c82133d), + TOBN(0xaaa52592, 0x6d7e4181), + TOBN(0xe9430833, 0x73dbb152), + TOBN(0xf92dda31, 0xbe24319a), + TOBN(0x03f7d28b, 0xe095a8e7), + TOBN(0xa52fe840, 0x98782185), + TOBN(0x276ddafe, 0x29c24dbc), + TOBN(0x80cd5496, 0x1d7a64eb), + TOBN(0xe4360889, 0x7f1dbe42), + TOBN(0x2f81a877, 0x8438d2d5), + TOBN(0x7e4d52a8, 0x85169036), + TOBN(0x19e3d5b1, 0x1d59715d), + TOBN(0xc7eaa762, 0xd788983e), + TOBN(0xe5a730b0, 0xabf1f248), + TOBN(0xfbab8084, 0xfae3fd83), + TOBN(0x65e50d21, 0x53765b2f), + TOBN(0xbdd4e083, 0xfa127f3d), + TOBN(0x9cf3c074, 0x397b1b10), + TOBN(0x59f8090c, 0xb1b59fd3), + TOBN(0x7b15fd9d, 0x615faa8f), + TOBN(0x8fa1eb40, 0x968554ed), + TOBN(0x7bb4447e, 0x7aa44882), + TOBN(0x2bb2d0d1, 0x029fff32), + TOBN(0x075e2a64, 0x6caa6d2f), + TOBN(0x8eb879de, 0x22e7351b), + TOBN(0xbcd5624e, 0x9a506c62), + TOBN(0x218eaef0, 0xa87e24dc), + TOBN(0x37e56847, 0x44ddfa35), + TOBN(0x9ccfc5c5, 0xdab3f747), + TOBN(0x9ac1df3f, 0x1ee96cf4), + TOBN(0x0c0571a1, 0x3b480b8f), + TOBN(0x2fbeb3d5, 0x4b3a7b3c), + TOBN(0x35c03669, 0x5dcdbb99), + TOBN(0x52a0f5dc, 0xb2415b3a), + TOBN(0xd57759b4, 0x4413ed9a), + TOBN(0x1fe647d8, 0x3d30a2c5), + TOBN(0x0857f77e, 0xf78a81dc), + TOBN(0x11d5a334, 0x131a4a9b), + TOBN(0xc0a94af9, 0x29d393f5), + TOBN(0xbc3a5c0b, 0xdaa6ec1a), + TOBN(0xba9fe493, 0x88d2d7ed), + TOBN(0xbb4335b4, 0xbb614797), + TOBN(0x991c4d68, 0x72f83533), + TOBN(0x53258c28, 0xd2f01cb3), + TOBN(0x93d6eaa3, 0xd75db0b1), + TOBN(0x419a2b0d, 0xe87d0db4), + TOBN(0xa1e48f03, 0xd8fe8493), + TOBN(0xf747faf6, 0xc508b23a), + TOBN(0xf137571a, 0x35d53549), + TOBN(0x9f5e58e2, 0xfcf9b838), + TOBN(0xc7186cee, 0xa7fd3cf5), + TOBN(0x77b868ce, 0xe978a1d3), + TOBN(0xe3a68b33, 0x7ab92d04), + TOBN(0x51029794, 0x87a5b862), + TOBN(0x5f0606c3, 0x3a61d41d), + TOBN(0x2814be27, 0x6f9326f1), + TOBN(0x2f521c14, 0xc6fe3c2e), + TOBN(0x17464d7d, 0xacdf7351), + TOBN(0x10f5f9d3, 0x777f7e44), + TOBN(0xce8e616b, 0x269fb37d), + TOBN(0xaaf73804, 0x7de62de5), + TOBN(0xaba11175, 0x4fdd4153), + TOBN(0x515759ba, 0x3770b49b), + TOBN(0x8b09ebf8, 0xaa423a61), + TOBN(0x592245a1, 0xcd41fb92), + TOBN(0x1cba8ec1, 0x9b4c8936), + TOBN(0xa87e91e3, 0xaf36710e), + TOBN(0x1fd84ce4, 0x3d34a2e3), + TOBN(0xee3759ce, 0xb43b5d61), + TOBN(0x895bc78c, 0x619186c7), + TOBN(0xf19c3809, 0xcbb9725a), + TOBN(0xc0be21aa, 0xde744b1f), + TOBN(0xa7d222b0, 0x60f8056b), + TOBN(0x74be6157, 0xb23efe11), + TOBN(0x6fab2b4f, 0x0cd68253), + TOBN(0xad33ea5f, 0x4bf1d725), + TOBN(0x9c1d8ee2, 0x4f6c950f), + TOBN(0x544ee78a, 0xa377af06), + TOBN(0x54f489bb, 0x94a113e1), + TOBN(0x8f11d634, 0x992fb7e8), + TOBN(0x0169a7aa, 0xa2a44347), + TOBN(0x1d49d4af, 0x95020e00), + TOBN(0x95945722, 0xe08e120b), + TOBN(0xb6e33878, 0xa4d32282), + TOBN(0xe36e029d, 0x48020ae7), + TOBN(0xe05847fb, 0x37a9b750), + TOBN(0xf876812c, 0xb29e3819), + TOBN(0x84ad138e, 0xd23a17f0), + TOBN(0x6d7b4480, 0xf0b3950e), + TOBN(0xdfa8aef4, 0x2fd67ae0), + TOBN(0x8d3eea24, 0x52333af6), + TOBN(0x0d052075, 0xb15d5acc), + TOBN(0xc6d9c79f, 0xbd815bc4), + TOBN(0x8dcafd88, 0xdfa36cf2), + TOBN(0x908ccbe2, 0x38aa9070), + TOBN(0x638722c4, 0xba35afce), + TOBN(0x5a3da8b0, 0xfd6abf0b), + TOBN(0x2dce252c, 0xc9c335c1), + TOBN(0x84e7f0de, 0x65aa799b), + TOBN(0x2101a522, 0xb99a72cb), + TOBN(0x06de6e67, 0x87618016), + TOBN(0x5ff8c7cd, 0xe6f3653e), + TOBN(0x0a821ab5, 0xc7a6754a), + TOBN(0x7e3fa52b, 0x7cb0b5a2), + TOBN(0xa7fb121c, 0xc9048790), + TOBN(0x1a725020, 0x06ce053a), + TOBN(0xb490a31f, 0x04e929b0), + TOBN(0xe17be47d, 0x62dd61ad), + TOBN(0x781a961c, 0x6be01371), + TOBN(0x1063bfd3, 0xdae3cbba), + TOBN(0x35647406, 0x7f73c9ba), + TOBN(0xf50e957b, 0x2736a129), + TOBN(0xa6313702, 0xed13f256), + TOBN(0x9436ee65, 0x3a19fcc5), + TOBN(0xcf2bdb29, 0xe7a4c8b6), + TOBN(0xb06b1244, 0xc5f95cd8), + TOBN(0xda8c8af0, 0xf4ab95f4), + TOBN(0x1bae59c2, 0xb9e5836d), + TOBN(0x07d51e7e, 0x3acffffc), + TOBN(0x01e15e6a, 0xc2ccbcda), + TOBN(0x3bc1923f, 0x8528c3e0), + TOBN(0x43324577, 0xa49fead4), + TOBN(0x61a1b884, 0x2aa7a711), + TOBN(0xf9a86e08, 0x700230ef), + TOBN(0x0af585a1, 0xbd19adf8), + TOBN(0x7645f361, 0xf55ad8f2), + TOBN(0x6e676223, 0x46c3614c), + TOBN(0x23cb257c, 0x4e774d3f), + TOBN(0x82a38513, 0xac102d1b), + TOBN(0x9bcddd88, 0x7b126aa5), + TOBN(0xe716998b, 0xeefd3ee4), + TOBN(0x4239d571, 0xfb167583), + TOBN(0xdd011c78, 0xd16c8f8a), + TOBN(0x271c2895, 0x69a27519), + TOBN(0x9ce0a3b7, 0xd2d64b6a), + TOBN(0x8c977289, 0xd5ec6738), + TOBN(0xa3b49f9a, 0x8840ef6b), + TOBN(0x808c14c9, 0x9a453419), + TOBN(0x5c00295b, 0x0cf0a2d5), + TOBN(0x524414fb, 0x1d4bcc76), + TOBN(0xb07691d2, 0x459a88f1), + TOBN(0x77f43263, 0xf70d110f), + TOBN(0x64ada5e0, 0xb7abf9f3), + TOBN(0xafd0f94e, 0x5b544cf5), + TOBN(0xb4a13a15, 0xfd2713fe), + TOBN(0xb99b7d6e, 0x250c74f4), + TOBN(0x097f2f73, 0x20324e45), + TOBN(0x994b37d8, 0xaffa8208), + TOBN(0xc3c31b0b, 0xdc29aafc), + TOBN(0x3da74651, 0x7a3a607f), + TOBN(0xd8e1b8c1, 0xfe6955d6), + TOBN(0x716e1815, 0xc8418682), + TOBN(0x541d487f, 0x7dc91d97), + TOBN(0x48a04669, 0xc6996982), + TOBN(0xf39cab15, 0x83a6502e), + TOBN(0x025801a0, 0xe68db055), + TOBN(0xf3569758, 0xba3338d5), + TOBN(0xb0c8c0aa, 0xee2afa84), + TOBN(0x4f6985d3, 0xfb6562d1), + TOBN(0x351f1f15, 0x132ed17a), + TOBN(0x510ed0b4, 0xc04365fe), + TOBN(0xa3f98138, 0xe5b1f066), + TOBN(0xbc9d95d6, 0x32df03dc), + TOBN(0xa83ccf6e, 0x19abd09e), + TOBN(0x0b4097c1, 0x4ff17edb), + TOBN(0x58a5c478, 0xd64a06ce), + TOBN(0x2ddcc3fd, 0x544a58fd), + TOBN(0xd449503d, 0x9e8153b8), + TOBN(0x3324fd02, 0x7774179b), + TOBN(0xaf5d47c8, 0xdbd9120c), + TOBN(0xeb860162, 0x34fa94db), + TOBN(0x5817bdd1, 0x972f07f4), + TOBN(0xe5579e2e, 0xd27bbceb), + TOBN(0x86847a1f, 0x5f11e5a6), + TOBN(0xb39ed255, 0x7c3cf048), + TOBN(0xe1076417, 0xa2f62e55), + TOBN(0x6b9ab38f, 0x1bcf82a2), + TOBN(0x4bb7c319, 0x7aeb29f9), + TOBN(0xf6d17da3, 0x17227a46), + TOBN(0xab53ddbd, 0x0f968c00), + TOBN(0xa03da7ec, 0x000c880b), + TOBN(0x7b239624, 0x6a9ad24d), + TOBN(0x612c0401, 0x01ec60d0), + TOBN(0x70d10493, 0x109f5df1), + TOBN(0xfbda4030, 0x80af7550), + TOBN(0x30b93f95, 0xc6b9a9b3), + TOBN(0x0c74ec71, 0x007d9418), + TOBN(0x94175564, 0x6edb951f), + TOBN(0x5f4a9d78, 0x7f22c282), + TOBN(0xb7870895, 0xb38d1196), + TOBN(0xbc593df3, 0xa228ce7c), + TOBN(0xc78c5bd4, 0x6af3641a), + TOBN(0x7802200b, 0x3d9b3dcc), + TOBN(0x0dc73f32, 0x8be33304), + TOBN(0x847ed87d, 0x61ffb79a), + TOBN(0xf85c974e, 0x6d671192), + TOBN(0x1e14100a, 0xde16f60f), + TOBN(0x45cb0d5a, 0x95c38797), + TOBN(0x18923bba, 0x9b022da4), + TOBN(0xef2be899, 0xbbe7e86e), + TOBN(0x4a1510ee, 0x216067bf), + TOBN(0xd98c8154, 0x84d5ce3e), + TOBN(0x1af777f0, 0xf92a2b90), + TOBN(0x9fbcb400, 0x4ef65724), + TOBN(0x3e04a4c9, 0x3c0ca6fe), + TOBN(0xfb3e2cb5, 0x55002994), + TOBN(0x1f3a93c5, 0x5363ecab), + TOBN(0x1fe00efe, 0x3923555b), + TOBN(0x744bedd9, 0x1e1751ea), + TOBN(0x3fb2db59, 0x6ab69357), + TOBN(0x8dbd7365, 0xf5e6618b), + TOBN(0x99d53099, 0xdf1ea40e), + TOBN(0xb3f24a0b, 0x57d61e64), + TOBN(0xd088a198, 0x596eb812), + TOBN(0x22c8361b, 0x5762940b), + TOBN(0x66f01f97, 0xf9c0d95c), + TOBN(0x88461172, 0x8e43cdae), + TOBN(0x11599a7f, 0xb72b15c3), + TOBN(0x135a7536, 0x420d95cc), + TOBN(0x2dcdf0f7, 0x5f7ae2f6), + TOBN(0x15fc6e1d, 0xd7fa6da2), + TOBN(0x81ca829a, 0xd1d441b6), + TOBN(0x84c10cf8, 0x04a106b6), + TOBN(0xa9b26c95, 0xa73fbbd0), + TOBN(0x7f24e0cb, 0x4d8f6ee8), + TOBN(0x48b45937, 0x1e25a043), + TOBN(0xf8a74fca, 0x036f3dfe), + TOBN(0x1ed46585, 0xc9f84296), + TOBN(0x7fbaa8fb, 0x3bc278b0), + TOBN(0xa8e96cd4, 0x6c4fcbd0), + TOBN(0x940a1202, 0x73b60a5f), + TOBN(0x34aae120, 0x55a4aec8), + TOBN(0x550e9a74, 0xdbd742f0), + TOBN(0x794456d7, 0x228c68ab), + TOBN(0x492f8868, 0xa4e25ec6), + TOBN(0x682915ad, 0xb2d8f398), + TOBN(0xf13b51cc, 0x5b84c953), + TOBN(0xcda90ab8, 0x5bb917d6), + TOBN(0x4b615560, 0x4ea3dee1), + TOBN(0x578b4e85, 0x0a52c1c8), + TOBN(0xeab1a695, 0x20b75fc4), + TOBN(0x60c14f3c, 0xaa0bb3c6), + TOBN(0x220f448a, 0xb8216094), + TOBN(0x4fe7ee31, 0xb0e63d34), + TOBN(0xf4600572, 0xa9e54fab), + TOBN(0xc0493334, 0xd5e7b5a4), + TOBN(0x8589fb92, 0x06d54831), + TOBN(0xaa70f5cc, 0x6583553a), + TOBN(0x0879094a, 0xe25649e5), + TOBN(0xcc904507, 0x10044652), + TOBN(0xebb0696d, 0x02541c4f), + TOBN(0x5a171fde, 0xb9718710), + TOBN(0x38f1bed8, 0xf374a9f5), + TOBN(0xc8c582e1, 0xba39bdc1), + TOBN(0xfc457b0a, 0x908cc0ce), + TOBN(0x9a187fd4, 0x883841e2), + TOBN(0x8ec25b39, 0x38725381), + TOBN(0x2553ed05, 0x96f84395), + TOBN(0x095c7661, 0x6f6c6897), + TOBN(0x917ac85c, 0x4bdc5610), + TOBN(0xb2885fe4, 0x179eb301), + TOBN(0x5fc65547, 0x8b78bdcc), + TOBN(0x4a9fc893, 0xe59e4699), + TOBN(0xbb7ff0cd, 0x3ce299af), + TOBN(0x195be9b3, 0xadf38b20), + TOBN(0x6a929c87, 0xd38ddb8f), + TOBN(0x55fcc99c, 0xb21a51b9), + TOBN(0x2b695b4c, 0x721a4593), + TOBN(0xed1e9a15, 0x768eaac2), + TOBN(0xfb63d71c, 0x7489f914), + TOBN(0xf98ba31c, 0x78118910), + TOBN(0x80291373, 0x9b128eb4), + TOBN(0x7801214e, 0xd448af4a), + TOBN(0xdbd2e22b, 0x55418dd3), + TOBN(0xeffb3c0d, 0xd3998242), + TOBN(0xdfa6077c, 0xc7bf3827), + TOBN(0xf2165bcb, 0x47f8238f), + TOBN(0xfe37cf68, 0x8564d554), + TOBN(0xe5f825c4, 0x0a81fb98), + TOBN(0x43cc4f67, 0xffed4d6f), + TOBN(0xbc609578, 0xb50a34b0), + TOBN(0x8aa8fcf9, 0x5041faf1), + TOBN(0x5659f053, 0x651773b6), + TOBN(0xe87582c3, 0x6044d63b), + TOBN(0xa6089409, 0x0cdb0ca0), + TOBN(0x8c993e0f, 0xbfb2bcf6), + TOBN(0xfc64a719, 0x45985cfc), + TOBN(0x15c4da80, 0x83dbedba), + TOBN(0x804ae112, 0x2be67df7), + TOBN(0xda4c9658, 0xa23defde), + TOBN(0x12002ddd, 0x5156e0d3), + TOBN(0xe68eae89, 0x5dd21b96), + TOBN(0x8b99f28b, 0xcf44624d), + TOBN(0x0ae00808, 0x1ec8897a), + TOBN(0xdd0a9303, 0x6712f76e), + TOBN(0x96237522, 0x4e233de4), + TOBN(0x192445b1, 0x2b36a8a5), + TOBN(0xabf9ff74, 0x023993d9), + TOBN(0x21f37bf4, 0x2aad4a8f), + TOBN(0x340a4349, 0xf8bd2bbd), + TOBN(0x1d902cd9, 0x4868195d), + TOBN(0x3d27bbf1, 0xe5fdb6f1), + TOBN(0x7a5ab088, 0x124f9f1c), + TOBN(0xc466ab06, 0xf7a09e03), + TOBN(0x2f8a1977, 0x31f2c123), + TOBN(0xda355dc7, 0x041b6657), + TOBN(0xcb840d12, 0x8ece2a7c), + TOBN(0xb600ad9f, 0x7db32675), + TOBN(0x78fea133, 0x07a06f1b), + TOBN(0x5d032269, 0xb31f6094), + TOBN(0x07753ef5, 0x83ec37aa), + TOBN(0x03485aed, 0x9c0bea78), + TOBN(0x41bb3989, 0xbc3f4524), + TOBN(0x09403761, 0x697f726d), + TOBN(0x6109beb3, 0xdf394820), + TOBN(0x804111ea, 0x3b6d1145), + TOBN(0xb6271ea9, 0xa8582654), + TOBN(0x619615e6, 0x24e66562), + TOBN(0xa2554945, 0xd7b6ad9c), + TOBN(0xd9c4985e, 0x99bfe35f), + TOBN(0x9770ccc0, 0x7b51cdf6), + TOBN(0x7c327013, 0x92881832), + TOBN(0x8777d45f, 0x286b26d1), + TOBN(0x9bbeda22, 0xd847999d), + TOBN(0x03aa33b6, 0xc3525d32), + TOBN(0x4b7b96d4, 0x28a959a1), + TOBN(0xbb3786e5, 0x31e5d234), + TOBN(0xaeb5d3ce, 0x6961f247), + TOBN(0x20aa85af, 0x02f93d3f), + TOBN(0x9cd1ad3d, 0xd7a7ae4f), + TOBN(0xbf6688f0, 0x781adaa8), + TOBN(0xb1b40e86, 0x7469cead), + TOBN(0x1904c524, 0x309fca48), + TOBN(0x9b7312af, 0x4b54bbc7), + TOBN(0xbe24bf8f, 0x593affa2), + TOBN(0xbe5e0790, 0xbd98764b), + TOBN(0xa0f45f17, 0xa26e299e), + TOBN(0x4af0d2c2, 0x6b8fe4c7), + TOBN(0xef170db1, 0x8ae8a3e6), + TOBN(0x0e8d61a0, 0x29e0ccc1), + TOBN(0xcd53e87e, 0x60ad36ca), + TOBN(0x328c6623, 0xc8173822), + TOBN(0x7ee1767d, 0xa496be55), + TOBN(0x89f13259, 0x648945af), + TOBN(0x9e45a5fd, 0x25c8009c), + TOBN(0xaf2febd9, 0x1f61ab8c), + TOBN(0x43f6bc86, 0x8a275385), + TOBN(0x87792348, 0xf2142e79), + TOBN(0x17d89259, 0xc6e6238a), + TOBN(0x7536d2f6, 0x4a839d9b), + TOBN(0x1f428fce, 0x76a1fbdc), + TOBN(0x1c109601, 0x0db06dfe), + TOBN(0xbfc16bc1, 0x50a3a3cc), + TOBN(0xf9cbd9ec, 0x9b30f41b), + TOBN(0x5b5da0d6, 0x00138cce), + TOBN(0xec1d0a48, 0x56ef96a7), + TOBN(0xb47eb848, 0x982bf842), + TOBN(0x66deae32, 0xec3f700d), + TOBN(0x4e43c42c, 0xaa1181e0), + TOBN(0xa1d72a31, 0xd1a4aa2a), + TOBN(0x440d4668, 0xc004f3ce), + TOBN(0x0d6a2d3b, 0x45fe8a7a), + TOBN(0x820e52e2, 0xfb128365), + TOBN(0x29ac5fcf, 0x25e51b09), + TOBN(0x180cd2bf, 0x2023d159), + TOBN(0xa9892171, 0xa1ebf90e), + TOBN(0xf97c4c87, 0x7c132181), + TOBN(0x9f1dc724, 0xc03dbb7e), + TOBN(0xae043765, 0x018cbbe4), + TOBN(0xfb0b2a36, 0x0767d153), + TOBN(0xa8e2f4d6, 0x249cbaeb), + TOBN(0x172a5247, 0xd95ea168), + TOBN(0x1758fada, 0x2970764a), + TOBN(0xac803a51, 0x1d978169), + TOBN(0x299cfe2e, 0xde77e01b), + TOBN(0x652a1e17, 0xb0a98927), + TOBN(0x2e26e1d1, 0x20014495), + TOBN(0x7ae0af9f, 0x7175b56a), + TOBN(0xc2e22a80, 0xd64b9f95), + TOBN(0x4d0ff9fb, 0xd90a060a), + TOBN(0x496a27db, 0xbaf38085), + TOBN(0x32305401, 0xda776bcf), + TOBN(0xb8cdcef6, 0x725f209e), + TOBN(0x61ba0f37, 0x436a0bba), + TOBN(0x263fa108, 0x76860049), + TOBN(0x92beb98e, 0xda3542cf), + TOBN(0xa2d4d14a, 0xd5849538), + TOBN(0x989b9d68, 0x12e9a1bc), + TOBN(0x61d9075c, 0x5f6e3268), + TOBN(0x352c6aa9, 0x99ace638), + TOBN(0xde4e4a55, 0x920f43ff), + TOBN(0xe5e4144a, 0xd673c017), + TOBN(0x667417ae, 0x6f6e05ea), + TOBN(0x613416ae, 0xdcd1bd56), + TOBN(0x5eb36201, 0x86693711), + TOBN(0x2d7bc504, 0x3a1aa914), + TOBN(0x175a1299, 0x76dc5975), + TOBN(0xe900e0f2, 0x3fc8125c), + TOBN(0x569ef68c, 0x11198875), + TOBN(0x9012db63, 0x63a113b4), + TOBN(0xe3bd3f56, 0x98835766), + TOBN(0xa5c94a52, 0x76412dea), + TOBN(0xad9e2a09, 0xaa735e5c), + TOBN(0x405a984c, 0x508b65e9), + TOBN(0xbde4a1d1, 0x6df1a0d1), + TOBN(0x1a9433a1, 0xdfba80da), + TOBN(0xe9192ff9, 0x9440ad2e), + TOBN(0x9f649696, 0x5099fe92), + TOBN(0x25ddb65c, 0x0b27a54a), + TOBN(0x178279dd, 0xc590da61), + TOBN(0x5479a999, 0xfbde681a), + TOBN(0xd0e84e05, 0x013fe162), + TOBN(0xbe11dc92, 0x632d471b), + TOBN(0xdf0b0c45, 0xfc0e089f), + TOBN(0x04fb15b0, 0x4c144025), + TOBN(0xa61d5fc2, 0x13c99927), + TOBN(0xa033e9e0, 0x3de2eb35), + TOBN(0xf8185d5c, 0xb8dacbb4), + TOBN(0x9a88e265, 0x8644549d), + TOBN(0xf717af62, 0x54671ff6), + TOBN(0x4bd4241b, 0x5fa58603), + TOBN(0x06fba40b, 0xe67773c0), + TOBN(0xc1d933d2, 0x6a2847e9), + TOBN(0xf4f5acf3, 0x689e2c70), + TOBN(0x92aab0e7, 0x46bafd31), + TOBN(0x798d76aa, 0x3473f6e5), + TOBN(0xcc6641db, 0x93141934), + TOBN(0xcae27757, 0xd31e535e), + TOBN(0x04cc43b6, 0x87c2ee11), + TOBN(0x8d1f9675, 0x2e029ffa), + TOBN(0xc2150672, 0xe4cc7a2c), + TOBN(0x3b03c1e0, 0x8d68b013), + TOBN(0xa9d6816f, 0xedf298f3), + TOBN(0x1bfbb529, 0xa2804464), + TOBN(0x95a52fae, 0x5db22125), + TOBN(0x55b32160, 0x0e1cb64e), + TOBN(0x004828f6, 0x7e7fc9fe), + TOBN(0x13394b82, 0x1bb0fb93), + TOBN(0xb6293a2d, 0x35f1a920), + TOBN(0xde35ef21, 0xd145d2d9), + TOBN(0xbe6225b3, 0xbb8fa603), + TOBN(0x00fc8f6b, 0x32cf252d), + TOBN(0xa28e52e6, 0x117cf8c2), + TOBN(0x9d1dc89b, 0x4c371e6d), + TOBN(0xcebe0675, 0x36ef0f28), + TOBN(0x5de05d09, 0xa4292f81), + TOBN(0xa8303593, 0x353e3083), + TOBN(0xa1715b0a, 0x7e37a9bb), + TOBN(0x8c56f61e, 0x2b8faec3), + TOBN(0x52507431, 0x33c9b102), + TOBN(0x0130cefc, 0xa44431f0), + TOBN(0x56039fa0, 0xbd865cfb), + TOBN(0x4b03e578, 0xbc5f1dd7), + TOBN(0x40edf2e4, 0xbabe7224), + TOBN(0xc752496d, 0x3a1988f6), + TOBN(0xd1572d3b, 0x564beb6b), + TOBN(0x0db1d110, 0x39a1c608), + TOBN(0x568d1934, 0x16f60126), + TOBN(0x05ae9668, 0xf354af33), + TOBN(0x19de6d37, 0xc92544f2), + TOBN(0xcc084353, 0xa35837d5), + TOBN(0xcbb6869c, 0x1a514ece), + TOBN(0xb633e728, 0x2e1d1066), + TOBN(0xf15dd69f, 0x936c581c), + TOBN(0x96e7b8ce, 0x7439c4f9), + TOBN(0x5e676f48, 0x2e448a5b), + TOBN(0xb2ca7d5b, 0xfd916bbb), + TOBN(0xd55a2541, 0xf5024025), + TOBN(0x47bc5769, 0xe4c2d937), + TOBN(0x7d31b92a, 0x0362189f), + TOBN(0x83f3086e, 0xef7816f9), + TOBN(0xf9f46d94, 0xb587579a), + TOBN(0xec2d22d8, 0x30e76c5f), + TOBN(0x27d57461, 0xb000ffcf), + TOBN(0xbb7e65f9, 0x364ffc2c), + TOBN(0x7c7c9477, 0x6652a220), + TOBN(0x61618f89, 0xd696c981), + TOBN(0x5021701d, 0x89effff3), + TOBN(0xf2c8ff8e, 0x7c314163), + TOBN(0x2da413ad, 0x8efb4d3e), + TOBN(0x937b5adf, 0xce176d95), + TOBN(0x22867d34, 0x2a67d51c), + TOBN(0x262b9b10, 0x18eb3ac9), + TOBN(0x4e314fe4, 0xc43ff28b), + TOBN(0x76476627, 0x6a664e7a), + TOBN(0x3e90e40b, 0xb7a565c2), + TOBN(0x8588993a, 0xc1acf831), + TOBN(0xd7b501d6, 0x8f938829), + TOBN(0x996627ee, 0x3edd7d4c), + TOBN(0x37d44a62, 0x90cd34c7), + TOBN(0xa8327499, 0xf3833e8d), + TOBN(0x2e18917d, 0x4bf50353), + TOBN(0x85dd726b, 0x556765fb), + TOBN(0x54fe65d6, 0x93d5ab66), + TOBN(0x3ddbaced, 0x915c25fe), + TOBN(0xa799d9a4, 0x12f22e85), + TOBN(0xe2a24867, 0x6d06f6bc), + TOBN(0xf4f1ee56, 0x43ca1637), + TOBN(0xfda2828b, 0x61ece30a), + TOBN(0x758c1a3e, 0xa2dee7a6), + TOBN(0xdcde2f3c, 0x734b2284), + TOBN(0xaba445d2, 0x4eaba6ad), + TOBN(0x35aaf668, 0x76cee0a7), + TOBN(0x7e0b04a9, 0xe5aa049a), + TOBN(0xe74083ad, 0x91103e84), + TOBN(0xbeb183ce, 0x40afecc3), + TOBN(0x6b89de9f, 0xea043f7a), + }, + { TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34), + TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda), + TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7), + TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997), + TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e), + TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448), + TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9), + TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368), + TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc), + TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb), + TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302), + TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106), + TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce), + TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f), + TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7), + TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d), + TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff), + TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc), + TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac), + TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e), + TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3), + TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f), + TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323), + TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591), + TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9), + TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186), + TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0), + TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71), + TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac), + TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff), + TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5), + TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444), + TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8), + TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a), + TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a), + TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e), + TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062), + TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027), + TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3), + TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01), + TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b), + TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef), + TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f), + TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51), + TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745), + TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6), + TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2), + TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310), + TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22), + TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7), + TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8), + TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b), + TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934), + TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7), + TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2), + TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74), + TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df), + TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a), + TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62), + TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9), + TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e), + TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047), + TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9), + TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f), + TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b), + TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d), + TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db), + TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7), + TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1), + TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c), + TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449), + TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9), + TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080), + TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a), + TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785), + TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c), + TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728), + TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6), + TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777), + TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98), + TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d), + TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a), + TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92), + TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6), + TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f), + TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32), + TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6), + TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8), + TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5), + TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267), + TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5), + TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98), + TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b), + TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d), + TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724), + TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232), + TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61), + TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f), + TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43), + TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026), + TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e), + TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383), + TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d), + TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b), + TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91), + TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d), + TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d), + TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e), + TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1), + TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46), + TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67), + TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c), + TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1), + TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741), + TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194), + TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988), + TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85), + TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046), + TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301), + TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb), + TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27), + TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c), + TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29), + TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa), + TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78), + TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75), + TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6), + TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670), + TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988), + TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b), + TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e), + TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2), + TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc), + TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29), + TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee), + TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e), + TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4), + TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89), + TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9), + TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2), + TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1), + TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2), + TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e), + TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6), + TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1), + TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965), + TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97), + TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02), + TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be), + TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b), + TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e), + TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92), + TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f), + TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53), + TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320), + TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433), + TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3), + TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d), + TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f), + TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055), + TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd), + TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9), + TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284), + TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492), + TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f), + TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490), + TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119), + TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba), + TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9), + TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783), + TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c), + TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb), + TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630), + TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce), + TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a), + TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e), + TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331), + TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab), + TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f), + TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b), + TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f), + TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607), + TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5), + TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108), + TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1), + TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb), + TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0), + TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf), + TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d), + TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546), + TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b), + TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d), + TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3), + TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061), + TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f), + TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd), + TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6), + TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1), + TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d), + TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47), + TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29), + TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354), + TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996), + TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528), + TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4), + TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd), + TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb), + TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae), + TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660), + TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9), + TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76), + TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732), + TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082), + TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98), + TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61), + TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3), + TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73), + TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7), + TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297), + TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927), + TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93), + TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396), + TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2), + TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d), + TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74), + TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76), + TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65), + TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4), + TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea), + TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003), + TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783), + TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018), + TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297), + TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc), + TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8), + TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143), + TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167), + TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f), + TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda), + TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664), + TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2), + TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b), + TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab), + TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4), + TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3), + TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2), + TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942), + TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f), + TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097), + TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c), + TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa), + TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360), + TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150), + TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007), + TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5), + TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862) }, + { TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b), + TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab), + TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f), + TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55), + TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2), + TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df), + TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c), + TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf), + TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410), + TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7), + TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c), + TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca), + TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b), + TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d), + TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450), + TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515), + TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e), + TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284), + TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6), + TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8), + TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4), + TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd), + TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3), + TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8), + TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08), + TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de), + TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b), + TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2), + TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8), + TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb), + TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e), + TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef), + TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd), + TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2), + TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334), + TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a), + TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea), + TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875), + TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b), + TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216), + TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0), + TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243), + TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26), + TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202), + TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7), + TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8), + TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99), + TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4), + TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16), + TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619), + TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a), + TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0), + TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943), + TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463), + TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa), + TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544), + TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986), + TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97), + TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5), + TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd), + TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6), + TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe), + TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19), + TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4), + TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db), + TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e), + TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53), + TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51), + TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd), + TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191), + TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5), + TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01), + TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475), + TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d), + TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e), + TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f), + TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce), + TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38), + TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd), + TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d), + TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9), + TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50), + TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994), + TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d), + TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd), + TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5), + TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8), + TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209), + TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8), + TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a), + TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633), + TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62), + TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c), + TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6), + TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2), + TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42), + TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151), + TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51), + TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d), + TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9), + TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7), + TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4), + TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c), + TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b), + TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5), + TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc), + TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c), + TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18), + TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29), + TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d), + TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c), + TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4), + TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f), + TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec), + TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14), + TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65), + TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d), + TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5), + TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090), + TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef), + TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee), + TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2), + TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4), + TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b), + TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166), + TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007), + TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2), + TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe), + TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f), + TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce), + TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a), + TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71), + TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6), + TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421), + TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a), + TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f), + TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd), + TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03), + TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca), + TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b), + TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e), + TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702), + TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007), + TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447), + TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f), + TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1), + TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172), + TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48), + TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00), + TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361), + TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446), + TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41), + TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224), + TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d), + TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937), + TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273), + TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221), + TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1), + TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc), + TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c), + TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca), + TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5), + TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02), + TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c), + TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169), + TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f), + TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d), + TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252), + TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879), + TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3), + TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4), + TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d), + TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927), + TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af), + TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97), + TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79), + TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03), + TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f), + TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca), + TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc), + TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062), + TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13), + TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e), + TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693), + TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf), + TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8), + TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6), + TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a), + TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad), + TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281), + TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4), + TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa), + TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9), + TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2), + TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63), + TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781), + TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c), + TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7), + TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da), + TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99), + TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8), + TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9), + TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c), + TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21), + TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608), + TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2), + TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89), + TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5), + TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88), + TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262), + TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3), + TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e), + TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d), + TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649), + TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c), + TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac), + TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c), + TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca), + TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1), + TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd), + TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1), + TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c), + TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a), + TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757), + TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029), + TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015), + TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5), + TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51), + TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9), + TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07), + TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a), + TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650), + TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba), + TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839), + TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc), + TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc), + TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292), + TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6), + TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e), + TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9), + TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5), + TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01), + TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3), + TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96), + TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd), + TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec), + TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd), + TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf), + TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8), + TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c), + TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f), + TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf), + TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a), + TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d), + TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2), + TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a) }, + { TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78), + TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a), + TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051), + TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39), + TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c), + TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452), + TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4), + TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b), + TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c), + TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14), + TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0), + TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270), + TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205), + TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb), + TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e), + TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3), + TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8), + TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb), + TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8), + TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd), + TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb), + TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3), + TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9), + TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b), + TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5), + TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2), + TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61), + TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5), + TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd), + TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9), + TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846), + TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7), + TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c), + TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf), + TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996), + TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47), + TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66), + TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0), + TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4), + TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36), + TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be), + TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad), + TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760), + TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74), + TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154), + TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb), + TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56), + TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a), + TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568), + TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c), + TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d), + TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385), + TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1), + TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081), + TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91), + TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa), + TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316), + TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47), + TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4), + TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345), + TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954), + TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126), + TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24), + TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394), + TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb), + TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9), + TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76), + TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e), + TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5), + TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb), + TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb), + TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be), + TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597), + TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1), + TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09), + TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f), + TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7), + TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e), + TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08), + TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c), + TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03), + TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6), + TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48), + TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745), + TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082), + TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5), + TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f), + TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5), + TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947), + TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539), + TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a), + TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002), + TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb), + TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948), + TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73), + TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e), + TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647), + TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5), + TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490), + TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f), + TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea), + TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3), + TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e), + TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516), + TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e), + TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc), + TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d), + TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604), + TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b), + TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2), + TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2), + TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e), + TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290), + TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4), + TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638), + TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa), + TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307), + TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac), + TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8), + TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8), + TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2), + TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9), + TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095), + TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9), + TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2), + TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849), + TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e), + TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638), + TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506), + TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb), + TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d), + TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4), + TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14), + TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34), + TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10), + TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9), + TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79), + TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b), + TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57), + TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca), + TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb), + TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4), + TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591), + TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f), + TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6), + TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d), + TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d), + TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a), + TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1), + TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706), + TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055), + TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3), + TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810), + TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4), + TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762), + TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96), + TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655), + TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6), + TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f), + TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878), + TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9), + TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b), + TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21), + TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982), + TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13), + TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd), + TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7), + TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0), + TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea), + TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355), + TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901), + TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac), + TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965), + TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436), + TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315), + TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef), + TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a), + TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6), + TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0), + TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4), + TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0), + TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af), + TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271), + TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a), + TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5), + TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364), + TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b), + TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5), + TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66), + TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea), + TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726), + TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4), + TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d), + TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984), + TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc), + TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d), + TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7), + TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2), + TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10), + TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28), + TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b), + TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5), + TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33), + TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c), + TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810), + TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68), + TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e), + TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125), + TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f), + TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3), + TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979), + TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba), + TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c), + TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e), + TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737), + TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e), + TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525), + TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c), + TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64), + TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5), + TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d), + TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77), + TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85), + TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5), + TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e), + TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946), + TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498), + TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1), + TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477), + TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c), + TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642), + TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224), + TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3), + TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017), + TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421), + TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6), + TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319), + TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e), + TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc), + TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205), + TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402), + TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808), + TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff), + TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2), + TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1), + TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199), + TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51), + TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418), + TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145), + TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496), + TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a), + TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d), + TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c), + TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b), + TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2), + TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666) }, + { + TOBN(0x80f9bdef, 0x694db7e0), + TOBN(0xedca8787, 0xb9fcddc6), + TOBN(0x51981c34, 0x03b8dce1), + TOBN(0x4274dcf1, 0x70e10ba1), + TOBN(0xf72743b8, 0x6def6d1a), + TOBN(0xd25b1670, 0xebdb1866), + TOBN(0xc4491e8c, 0x050c6f58), + TOBN(0x2be2b2ab, 0x87fbd7f5), + TOBN(0x3e0e5c9d, 0xd111f8ec), + TOBN(0xbcc33f8d, 0xb7c4e760), + TOBN(0x702f9a91, 0xbd392a51), + TOBN(0x7da4a795, 0xc132e92d), + TOBN(0x1a0b0ae3, 0x0bb1151b), + TOBN(0x54febac8, 0x02e32251), + TOBN(0xea3a5082, 0x694e9e78), + TOBN(0xe58ffec1, 0xe4fe40b8), + TOBN(0xf85592fc, 0xd1e0cf9e), + TOBN(0xdea75f0d, 0xc0e7b2e8), + TOBN(0xc04215cf, 0xc135584e), + TOBN(0x174fc727, 0x2f57092a), + TOBN(0xe7277877, 0xeb930bea), + TOBN(0x504caccb, 0x5eb02a5a), + TOBN(0xf9fe08f7, 0xf5241b9b), + TOBN(0xe7fb62f4, 0x8d5ca954), + TOBN(0xfbb8349d, 0x29c4120b), + TOBN(0x9f94391f, 0xc0d0d915), + TOBN(0xc4074fa7, 0x5410ba51), + TOBN(0xa66adbf6, 0x150a5911), + TOBN(0xc164543c, 0x34bfca38), + TOBN(0xe0f27560, 0xb9e1ccfc), + TOBN(0x99da0f53, 0xe820219c), + TOBN(0xe8234498, 0xc6b4997a), + TOBN(0xcfb88b76, 0x9d4c5423), + TOBN(0x9e56eb10, 0xb0521c49), + TOBN(0x418e0b5e, 0xbe8700a1), + TOBN(0x00cbaad6, 0xf93cb58a), + TOBN(0xe923fbde, 0xd92a5e67), + TOBN(0xca4979ac, 0x1f347f11), + TOBN(0x89162d85, 0x6bc0585b), + TOBN(0xdd6254af, 0xac3c70e3), + TOBN(0x7b23c513, 0x516e19e4), + TOBN(0x56e2e847, 0xc5c4d593), + TOBN(0x9f727d73, 0x5ce71ef6), + TOBN(0x5b6304a6, 0xf79a44c5), + TOBN(0x6638a736, 0x3ab7e433), + TOBN(0x1adea470, 0xfe742f83), + TOBN(0xe054b854, 0x5b7fc19f), + TOBN(0xf935381a, 0xba1d0698), + TOBN(0x546eab2d, 0x799e9a74), + TOBN(0x96239e0e, 0xa949f729), + TOBN(0xca274c6b, 0x7090055a), + TOBN(0x835142c3, 0x9020c9b0), + TOBN(0xa405667a, 0xa2e8807f), + TOBN(0x29f2c085, 0x1aa3d39e), + TOBN(0xcc555d64, 0x42fc72f5), + TOBN(0xe856e0e7, 0xfbeacb3c), + TOBN(0xb5504f9d, 0x918e4936), + TOBN(0x65035ef6, 0xb2513982), + TOBN(0x0553a0c2, 0x6f4d9cb9), + TOBN(0x6cb10d56, 0xbea85509), + TOBN(0x48d957b7, 0xa242da11), + TOBN(0x16a4d3dd, 0x672b7268), + TOBN(0x3d7e637c, 0x8502a96b), + TOBN(0x27c7032b, 0x730d463b), + TOBN(0xbdc02b18, 0xe4136a14), + TOBN(0xbacf969d, 0x678e32bf), + TOBN(0xc98d89a3, 0xdd9c3c03), + TOBN(0x7b92420a, 0x23becc4f), + TOBN(0xd4b41f78, 0xc64d565c), + TOBN(0x9f969d00, 0x10f28295), + TOBN(0xec7f7f76, 0xb13d051a), + TOBN(0x08945e1e, 0xa92da585), + TOBN(0x55366b7d, 0x5846426f), + TOBN(0xe7d09e89, 0x247d441d), + TOBN(0x510b404d, 0x736fbf48), + TOBN(0x7fa003d0, 0xe784bd7d), + TOBN(0x25f7614f, 0x17fd9596), + TOBN(0x49e0e0a1, 0x35cb98db), + TOBN(0x2c65957b, 0x2e83a76a), + TOBN(0x5d40da8d, 0xcddbe0f8), + TOBN(0xf2b8c405, 0x050bad24), + TOBN(0x8918426d, 0xc2aa4823), + TOBN(0x2aeab3dd, 0xa38365a7), + TOBN(0x72031717, 0x7c91b690), + TOBN(0x8b00d699, 0x60a94120), + TOBN(0x478a255d, 0xe99eaeec), + TOBN(0xbf656a5f, 0x6f60aafd), + TOBN(0xdfd7cb75, 0x5dee77b3), + TOBN(0x37f68bb4, 0xa595939d), + TOBN(0x03556479, 0x28740217), + TOBN(0x8e740e7c, 0x84ad7612), + TOBN(0xd89bc843, 0x9044695f), + TOBN(0xf7f3da5d, 0x85a9184d), + TOBN(0x562563bb, 0x9fc0b074), + TOBN(0x06d2e6aa, 0xf88a888e), + TOBN(0x612d8643, 0x161fbe7c), + TOBN(0x465edba7, 0xf64085e7), + TOBN(0xb230f304, 0x29aa8511), + TOBN(0x53388426, 0xcda2d188), + TOBN(0x90885735, 0x4b666649), + TOBN(0x6f02ff9a, 0x652f54f6), + TOBN(0x65c82294, 0x5fae2bf0), + TOBN(0x7816ade0, 0x62f5eee3), + TOBN(0xdcdbdf43, 0xfcc56d70), + TOBN(0x9fb3bba3, 0x54530bb2), + TOBN(0xbde3ef77, 0xcb0869ea), + TOBN(0x89bc9046, 0x0b431163), + TOBN(0x4d03d7d2, 0xe4819a35), + TOBN(0x33ae4f9e, 0x43b6a782), + TOBN(0x216db307, 0x9c88a686), + TOBN(0x91dd88e0, 0x00ffedd9), + TOBN(0xb280da9f, 0x12bd4840), + TOBN(0x32a7cb8a, 0x1635e741), + TOBN(0xfe14008a, 0x78be02a7), + TOBN(0x3fafb334, 0x1b7ae030), + TOBN(0x7fd508e7, 0x5add0ce9), + TOBN(0x72c83219, 0xd607ad51), + TOBN(0x0f229c0a, 0x8d40964a), + TOBN(0x1be2c336, 0x1c878da2), + TOBN(0xe0c96742, 0xeab2ab86), + TOBN(0x458f8691, 0x3e538cd7), + TOBN(0xa7001f6c, 0x8e08ad53), + TOBN(0x52b8c6e6, 0xbf5d15ff), + TOBN(0x548234a4, 0x011215dd), + TOBN(0xff5a9d2d, 0x3d5b4045), + TOBN(0xb0ffeeb6, 0x4a904190), + TOBN(0x55a3aca4, 0x48607f8b), + TOBN(0x8cbd665c, 0x30a0672a), + TOBN(0x87f834e0, 0x42583068), + TOBN(0x02da2aeb, 0xf3f6e683), + TOBN(0x6b763e5d, 0x05c12248), + TOBN(0x7230378f, 0x65a8aefc), + TOBN(0x93bd80b5, 0x71e8e5ca), + TOBN(0x53ab041c, 0xb3b62524), + TOBN(0x1b860513, 0x6c9c552e), + TOBN(0xe84d402c, 0xd5524e66), + TOBN(0xa37f3573, 0xf37f5937), + TOBN(0xeb0f6c7d, 0xd1e4fca5), + TOBN(0x2965a554, 0xac8ab0fc), + TOBN(0x17fbf56c, 0x274676ac), + TOBN(0x2e2f6bd9, 0xacf7d720), + TOBN(0x41fc8f88, 0x10224766), + TOBN(0x517a14b3, 0x85d53bef), + TOBN(0xdae327a5, 0x7d76a7d1), + TOBN(0x6ad0a065, 0xc4818267), + TOBN(0x33aa189b, 0x37c1bbc1), + TOBN(0x64970b52, 0x27392a92), + TOBN(0x21699a1c, 0x2d1535ea), + TOBN(0xcd20779c, 0xc2d7a7fd), + TOBN(0xe3186059, 0x99c83cf2), + TOBN(0x9b69440b, 0x72c0b8c7), + TOBN(0xa81497d7, 0x7b9e0e4d), + TOBN(0x515d5c89, 0x1f5f82dc), + TOBN(0x9a7f67d7, 0x6361079e), + TOBN(0xa8da81e3, 0x11a35330), + TOBN(0xe44990c4, 0x4b18be1b), + TOBN(0xc7d5ed95, 0xaf103e59), + TOBN(0xece8aba7, 0x8dac9261), + TOBN(0xbe82b099, 0x9394b8d3), + TOBN(0x6830f09a, 0x16adfe83), + TOBN(0x250a29b4, 0x88172d01), + TOBN(0x8b20bd65, 0xcaff9e02), + TOBN(0xb8a7661e, 0xe8a6329a), + TOBN(0x4520304d, 0xd3fce920), + TOBN(0xae45da1f, 0x2b47f7ef), + TOBN(0xe07f5288, 0x5bffc540), + TOBN(0xf7997009, 0x3464f874), + TOBN(0x2244c2cd, 0xa6fa1f38), + TOBN(0x43c41ac1, 0x94d7d9b1), + TOBN(0x5bafdd82, 0xc82e7f17), + TOBN(0xdf0614c1, 0x5fda0fca), + TOBN(0x74b043a7, 0xa8ae37ad), + TOBN(0x3ba6afa1, 0x9e71734c), + TOBN(0x15d5437e, 0x9c450f2e), + TOBN(0x4a5883fe, 0x67e242b1), + TOBN(0x5143bdc2, 0x2c1953c2), + TOBN(0x542b8b53, 0xfc5e8920), + TOBN(0x363bf9a8, 0x9a9cee08), + TOBN(0x02375f10, 0xc3486e08), + TOBN(0x2037543b, 0x8c5e70d2), + TOBN(0x7109bccc, 0x625640b4), + TOBN(0xcbc1051e, 0x8bc62c3b), + TOBN(0xf8455fed, 0x803f26ea), + TOBN(0x6badceab, 0xeb372424), + TOBN(0xa2a9ce7c, 0x6b53f5f9), + TOBN(0x64246595, 0x1b176d99), + TOBN(0xb1298d36, 0xb95c081b), + TOBN(0x53505bb8, 0x1d9a9ee6), + TOBN(0x3f6f9e61, 0xf2ba70b0), + TOBN(0xd07e16c9, 0x8afad453), + TOBN(0x9f1694bb, 0xe7eb4a6a), + TOBN(0xdfebced9, 0x3cb0bc8e), + TOBN(0x92d3dcdc, 0x53868c8b), + TOBN(0x174311a2, 0x386107a6), + TOBN(0x4109e07c, 0x689b4e64), + TOBN(0x30e4587f, 0x2df3dcb6), + TOBN(0x841aea31, 0x0811b3b2), + TOBN(0x6144d41d, 0x0cce43ea), + TOBN(0x464c4581, 0x2a9a7803), + TOBN(0xd03d371f, 0x3e158930), + TOBN(0xc676d7f2, 0xb1f3390b), + TOBN(0x9f7a1b8c, 0xa5b61272), + TOBN(0x4ebebfc9, 0xc2e127a9), + TOBN(0x4602500c, 0x5dd997bf), + TOBN(0x7f09771c, 0x4711230f), + TOBN(0x058eb37c, 0x020f09c1), + TOBN(0xab693d4b, 0xfee5e38b), + TOBN(0x9289eb1f, 0x4653cbc0), + TOBN(0xbecf46ab, 0xd51b9cf5), + TOBN(0xd2aa9c02, 0x9f0121af), + TOBN(0x36aaf7d2, 0xe90dc274), + TOBN(0x909e4ea0, 0x48b95a3c), + TOBN(0xe6b70496, 0x6f32dbdb), + TOBN(0x672188a0, 0x8b030b3e), + TOBN(0xeeffe5b3, 0xcfb617e2), + TOBN(0x87e947de, 0x7c82709e), + TOBN(0xa44d2b39, 0x1770f5a7), + TOBN(0xe4d4d791, 0x0e44eb82), + TOBN(0x42e69d1e, 0x3f69712a), + TOBN(0xbf11c4d6, 0xac6a820e), + TOBN(0xb5e7f3e5, 0x42c4224c), + TOBN(0xd6b4e81c, 0x449d941c), + TOBN(0x5d72bd16, 0x5450e878), + TOBN(0x6a61e28a, 0xee25ac54), + TOBN(0x33272094, 0xe6f1cd95), + TOBN(0x7512f30d, 0x0d18673f), + TOBN(0x32f7a4ca, 0x5afc1464), + TOBN(0x2f095656, 0x6bbb977b), + TOBN(0x586f47ca, 0xa8226200), + TOBN(0x02c868ad, 0x1ac07369), + TOBN(0x4ef2b845, 0xc613acbe), + TOBN(0x43d7563e, 0x0386054c), + TOBN(0x54da9dc7, 0xab952578), + TOBN(0xb5423df2, 0x26e84d0b), + TOBN(0xa8b64eeb, 0x9b872042), + TOBN(0xac205782, 0x5990f6df), + TOBN(0x4ff696eb, 0x21f4c77a), + TOBN(0x1a79c3e4, 0xaab273af), + TOBN(0x29bc922e, 0x9436b3f1), + TOBN(0xff807ef8, 0xd6d9a27a), + TOBN(0x82acea3d, 0x778f22a0), + TOBN(0xfb10b2e8, 0x5b5e7469), + TOBN(0xc0b16980, 0x2818ee7d), + TOBN(0x011afff4, 0xc91c1a2f), + TOBN(0x95a6d126, 0xad124418), + TOBN(0x31c081a5, 0xe72e295f), + TOBN(0x36bb283a, 0xf2f4db75), + TOBN(0xd115540f, 0x7acef462), + TOBN(0xc7f3a8f8, 0x33f6746c), + TOBN(0x21e46f65, 0xfea990ca), + TOBN(0x915fd5c5, 0xcaddb0a9), + TOBN(0xbd41f016, 0x78614555), + TOBN(0x346f4434, 0x426ffb58), + TOBN(0x80559436, 0x14dbc204), + TOBN(0xf3dd20fe, 0x5a969b7f), + TOBN(0x9d59e956, 0xe899a39a), + TOBN(0xf1b0971c, 0x8ad4cf4b), + TOBN(0x03448860, 0x2ffb8fb8), + TOBN(0xf071ac3c, 0x65340ba4), + TOBN(0x408d0596, 0xb27fd758), + TOBN(0xe7c78ea4, 0x98c364b0), + TOBN(0xa4aac4a5, 0x051e8ab5), + TOBN(0xb9e1d560, 0x485d9002), + TOBN(0x9acd518a, 0x88844455), + TOBN(0xe4ca688f, 0xd06f56c0), + TOBN(0xa48af70d, 0xdf027972), + TOBN(0x691f0f04, 0x5e9a609d), + TOBN(0xa9dd82cd, 0xee61270e), + TOBN(0x8903ca63, 0xa0ef18d3), + TOBN(0x9fb7ee35, 0x3d6ca3bd), + TOBN(0xa7b4a09c, 0xabf47d03), + TOBN(0x4cdada01, 0x1c67de8e), + TOBN(0x52003749, 0x9355a244), + TOBN(0xe77fd2b6, 0x4f2151a9), + TOBN(0x695d6cf6, 0x66b4efcb), + TOBN(0xc5a0cacf, 0xda2cfe25), + TOBN(0x104efe5c, 0xef811865), + TOBN(0xf52813e8, 0x9ea5cc3d), + TOBN(0x855683dc, 0x40b58dbc), + TOBN(0x0338ecde, 0x175fcb11), + TOBN(0xf9a05637, 0x74921592), + TOBN(0xb4f1261d, 0xb9bb9d31), + TOBN(0x551429b7, 0x4e9c5459), + TOBN(0xbe182e6f, 0x6ea71f53), + TOBN(0xd3a3b07c, 0xdfc50573), + TOBN(0x9ba1afda, 0x62be8d44), + TOBN(0x9bcfd2cb, 0x52ab65d3), + TOBN(0xdf11d547, 0xa9571802), + TOBN(0x099403ee, 0x02a2404a), + TOBN(0x497406f4, 0x21088a71), + TOBN(0x99479409, 0x5004ae71), + TOBN(0xbdb42078, 0xa812c362), + TOBN(0x2b72a30f, 0xd8828442), + TOBN(0x283add27, 0xfcb5ed1c), + TOBN(0xf7c0e200, 0x66a40015), + TOBN(0x3e3be641, 0x08b295ef), + TOBN(0xac127dc1, 0xe038a675), + TOBN(0x729deff3, 0x8c5c6320), + TOBN(0xb7df8fd4, 0xa90d2c53), + TOBN(0x9b74b0ec, 0x681e7cd3), + TOBN(0x5cb5a623, 0xdab407e5), + TOBN(0xcdbd3615, 0x76b340c6), + TOBN(0xa184415a, 0x7d28392c), + TOBN(0xc184c1d8, 0xe96f7830), + TOBN(0xc3204f19, 0x81d3a80f), + TOBN(0xfde0c841, 0xc8e02432), + TOBN(0x78203b3e, 0x8149e0c1), + TOBN(0x5904bdbb, 0x08053a73), + TOBN(0x30fc1dd1, 0x101b6805), + TOBN(0x43c223bc, 0x49aa6d49), + TOBN(0x9ed67141, 0x7a174087), + TOBN(0x311469a0, 0xd5997008), + TOBN(0xb189b684, 0x5e43fc61), + TOBN(0xf3282375, 0xe0d3ab57), + TOBN(0x4fa34b67, 0xb1181da8), + TOBN(0x621ed0b2, 0x99ee52b8), + TOBN(0x9b178de1, 0xad990676), + TOBN(0xd51de67b, 0x56d54065), + TOBN(0x2a2c27c4, 0x7538c201), + TOBN(0x33856ec8, 0x38a40f5c), + TOBN(0x2522fc15, 0xbe6cdcde), + TOBN(0x1e603f33, 0x9f0c6f89), + TOBN(0x7994edc3, 0x103e30a6), + TOBN(0x033a00db, 0x220c853e), + TOBN(0xd3cfa409, 0xf7bb7fd7), + TOBN(0x70f8781e, 0x462d18f6), + TOBN(0xbbd82980, 0x687fe295), + TOBN(0x6eef4c32, 0x595669f3), + TOBN(0x86a9303b, 0x2f7e85c3), + TOBN(0x5fce4621, 0x71988f9b), + TOBN(0x5b935bf6, 0xc138acb5), + TOBN(0x30ea7d67, 0x25661212), + TOBN(0xef1eb5f4, 0xe51ab9a2), + TOBN(0x0587c98a, 0xae067c78), + TOBN(0xb3ce1b3c, 0x77ca9ca6), + TOBN(0x2a553d4d, 0x54b5f057), + TOBN(0xc7898236, 0x4da29ec2), + TOBN(0xdbdd5d13, 0xb9c57316), + TOBN(0xc57d6e6b, 0x2cd80d47), + TOBN(0x80b460cf, 0xfe9e7391), + TOBN(0x98648cab, 0xf963c31e), + TOBN(0x67f9f633, 0xcc4d32fd), + TOBN(0x0af42a9d, 0xfdf7c687), + TOBN(0x55f292a3, 0x0b015ea7), + TOBN(0x89e468b2, 0xcd21ab3d), + TOBN(0xe504f022, 0xc393d392), + TOBN(0xab21e1d4, 0xa5013af9), + TOBN(0xe3283f78, 0xc2c28acb), + TOBN(0xf38b35f6, 0x226bf99f), + TOBN(0xe8354274, 0x0e291e69), + TOBN(0x61673a15, 0xb20c162d), + TOBN(0xc101dc75, 0xb04fbdbe), + TOBN(0x8323b4c2, 0x255bd617), + TOBN(0x6c969693, 0x6c2a9154), + TOBN(0xc6e65860, 0x62679387), + TOBN(0x8e01db0c, 0xb8c88e23), + TOBN(0x33c42873, 0x893a5559), + TOBN(0x7630f04b, 0x47a3e149), + TOBN(0xb5d80805, 0xddcf35f8), + TOBN(0x582ca080, 0x77dfe732), + TOBN(0x2c7156e1, 0x0b1894a0), + TOBN(0x92034001, 0xd81c68c0), + TOBN(0xed225d00, 0xc8b115b5), + TOBN(0x237f9c22, 0x83b907f2), + TOBN(0x0ea2f32f, 0x4470e2c0), + TOBN(0xb725f7c1, 0x58be4e95), + TOBN(0x0f1dcafa, 0xb1ae5463), + TOBN(0x59ed5187, 0x1ba2fc04), + TOBN(0xf6e0f316, 0xd0115d4d), + TOBN(0x5180b12f, 0xd3691599), + TOBN(0x157e32c9, 0x527f0a41), + TOBN(0x7b0b081d, 0xa8e0ecc0), + TOBN(0x6dbaaa8a, 0xbf4f0dd0), + TOBN(0x99b289c7, 0x4d252696), + TOBN(0x79b7755e, 0xdbf864fe), + TOBN(0x6974e2b1, 0x76cad3ab), + TOBN(0x35dbbee2, 0x06ddd657), + TOBN(0xe7cbdd11, 0x2ff3a96d), + TOBN(0x88381968, 0x076be758), + TOBN(0x2d737e72, 0x08c91f5d), + TOBN(0x5f83ab62, 0x86ec3776), + TOBN(0x98aa649d, 0x945fa7a1), + TOBN(0xf477ec37, 0x72ef0933), + TOBN(0x66f52b1e, 0x098c17b1), + TOBN(0x9eec58fb, 0xd803738b), + TOBN(0x91aaade7, 0xe4e86aa4), + TOBN(0x6b1ae617, 0xa5b51492), + TOBN(0x63272121, 0xbbc45974), + TOBN(0x7e0e28f0, 0x862c5129), + TOBN(0x0a8f79a9, 0x3321a4a0), + TOBN(0xe26d1664, 0x5041c88f), + TOBN(0x0571b805, 0x53233e3a), + TOBN(0xd1b0ccde, 0xc9520711), + TOBN(0x55a9e4ed, 0x3c8b84bf), + TOBN(0x9426bd39, 0xa1fef314), + TOBN(0x4f5f638e, 0x6eb93f2b), + TOBN(0xba2a1ed3, 0x2bf9341b), + TOBN(0xd63c1321, 0x4d42d5a9), + TOBN(0xd2964a89, 0x316dc7c5), + TOBN(0xd1759606, 0xca511851), + TOBN(0xd8a9201f, 0xf9e6ed35), + TOBN(0xb7b5ee45, 0x6736925a), + TOBN(0x0a83fbbc, 0x99581af7), + TOBN(0x3076bc40, 0x64eeb051), + TOBN(0x5511c98c, 0x02dec312), + TOBN(0x270de898, 0x238dcb78), + TOBN(0x2cf4cf9c, 0x539c08c9), + TOBN(0xa70cb65e, 0x38d3b06e), + TOBN(0xb12ec10e, 0xcfe57bbd), + TOBN(0x82c7b656, 0x35a0c2b5), + TOBN(0xddc7d5cd, 0x161c67bd), + TOBN(0xe32e8985, 0xae3a32cc), + TOBN(0x7aba9444, 0xd11a5529), + TOBN(0xe964ed02, 0x2427fa1a), + TOBN(0x1528392d, 0x24a1770a), + TOBN(0xa152ce2c, 0x12c72fcd), + TOBN(0x714553a4, 0x8ec07649), + TOBN(0x18b4c290, 0x459dd453), + TOBN(0xea32b714, 0x7b64b110), + TOBN(0xb871bfa5, 0x2e6f07a2), + TOBN(0xb67112e5, 0x9e2e3c9b), + TOBN(0xfbf250e5, 0x44aa90f6), + TOBN(0xf77aedb8, 0xbd539006), + TOBN(0x3b0cdf9a, 0xd172a66f), + TOBN(0xedf69fea, 0xf8c51187), + TOBN(0x05bb67ec, 0x741e4da7), + TOBN(0x47df0f32, 0x08114345), + TOBN(0x56facb07, 0xbb9792b1), + TOBN(0xf3e007e9, 0x8f6229e4), + TOBN(0x62d103f4, 0x526fba0f), + TOBN(0x4f33bef7, 0xb0339d79), + TOBN(0x9841357b, 0xb59bfec1), + TOBN(0xfa8dbb59, 0xc34e6705), + TOBN(0xc3c7180b, 0x7fdaa84c), + TOBN(0xf95872fc, 0xa4108537), + TOBN(0x8750cc3b, 0x932a3e5a), + TOBN(0xb61cc69d, 0xb7275d7d), + TOBN(0xffa0168b, 0x2e59b2e9), + TOBN(0xca032abc, 0x6ecbb493), + TOBN(0x1d86dbd3, 0x2c9082d8), + TOBN(0xae1e0b67, 0xe28ef5ba), + TOBN(0x2c9a4699, 0xcb18e169), + TOBN(0x0ecd0e33, 0x1e6bbd20), + TOBN(0x571b360e, 0xaf5e81d2), + TOBN(0xcd9fea58, 0x101c1d45), + TOBN(0x6651788e, 0x18880452), + TOBN(0xa9972635, 0x1f8dd446), + TOBN(0x44bed022, 0xe37281d0), + TOBN(0x094b2b2d, 0x33da525d), + TOBN(0xf193678e, 0x13144fd8), + TOBN(0xb8ab5ba4, 0xf4c1061d), + TOBN(0x4343b5fa, 0xdccbe0f4), + TOBN(0xa8702371, 0x63812713), + TOBN(0x47bf6d2d, 0xf7611d93), + TOBN(0x46729b8c, 0xbd21e1d7), + TOBN(0x7484d4e0, 0xd629e77d), + TOBN(0x830e6eea, 0x60dbac1f), + TOBN(0x23d8c484, 0xda06a2f7), + TOBN(0x896714b0, 0x50ca535b), + TOBN(0xdc8d3644, 0xebd97a9b), + TOBN(0x106ef9fa, 0xb12177b4), + TOBN(0xf79bf464, 0x534d5d9c), + TOBN(0x2537a349, 0xa6ab360b), + TOBN(0xc7c54253, 0xa00c744f), + TOBN(0xb3c7a047, 0xe5911a76), + TOBN(0x61ffa5c8, 0x647f1ee7), + TOBN(0x15aed36f, 0x8f56ab42), + TOBN(0x6a0d41b0, 0xa3ff9ac9), + TOBN(0x68f469f5, 0xcc30d357), + TOBN(0xbe9adf81, 0x6b72be96), + TOBN(0x1cd926fe, 0x903ad461), + TOBN(0x7e89e38f, 0xcaca441b), + TOBN(0xf0f82de5, 0xfacf69d4), + TOBN(0x363b7e76, 0x4775344c), + TOBN(0x6894f312, 0xb2e36d04), + TOBN(0x3c6cb4fe, 0x11d1c9a5), + TOBN(0x85d9c339, 0x4008e1f2), + TOBN(0x5e9a85ea, 0x249f326c), + TOBN(0xdc35c60a, 0x678c5e06), + TOBN(0xc08b944f, 0x9f86fba9), + TOBN(0xde40c02c, 0x89f71f0f), + TOBN(0xad8f3e31, 0xff3da3c0), + TOBN(0x3ea5096b, 0x42125ded), + TOBN(0x13879cbf, 0xa7379183), + TOBN(0x6f4714a5, 0x6b306a0b), + TOBN(0x359c2ea6, 0x67646c5e), + TOBN(0xfacf8943, 0x07726368), + TOBN(0x07a58935, 0x65ff431e), + TOBN(0x24d661d1, 0x68754ab0), + TOBN(0x801fce1d, 0x6f429a76), + TOBN(0xc068a85f, 0xa58ce769), + TOBN(0xedc35c54, 0x5d5eca2b), + TOBN(0xea31276f, 0xa3f660d1), + TOBN(0xa0184ebe, 0xb8fc7167), + TOBN(0x0f20f21a, 0x1d8db0ae), + TOBN(0xd96d095f, 0x56c35e12), + TOBN(0xedf402b5, 0xf8c2a25b), + TOBN(0x1bb772b9, 0x059204b6), + TOBN(0x50cbeae2, 0x19b4e34c), + TOBN(0x93109d80, 0x3fa0845a), + TOBN(0x54f7ccf7, 0x8ef59fb5), + TOBN(0x3b438fe2, 0x88070963), + TOBN(0x9e28c659, 0x31f3ba9b), + TOBN(0x9cc31b46, 0xead9da92), + TOBN(0x3c2f0ba9, 0xb733aa5f), + TOBN(0xdece47cb, 0xf05af235), + TOBN(0xf8e3f715, 0xa2ac82a5), + TOBN(0xc97ba641, 0x2203f18a), + TOBN(0xc3af5504, 0x09c11060), + TOBN(0x56ea2c05, 0x46af512d), + TOBN(0xfac28daf, 0xf3f28146), + TOBN(0x87fab43a, 0x959ef494), + }, + { + TOBN(0x09891641, 0xd4c5105f), + TOBN(0x1ae80f8e, 0x6d7fbd65), + TOBN(0x9d67225f, 0xbee6bdb0), + TOBN(0x3b433b59, 0x7fc4d860), + TOBN(0x44e66db6, 0x93e85638), + TOBN(0xf7b59252, 0xe3e9862f), + TOBN(0xdb785157, 0x665c32ec), + TOBN(0x702fefd7, 0xae362f50), + TOBN(0x3754475d, 0x0fefb0c3), + TOBN(0xd48fb56b, 0x46d7c35d), + TOBN(0xa070b633, 0x363798a4), + TOBN(0xae89f3d2, 0x8fdb98e6), + TOBN(0x970b89c8, 0x6363d14c), + TOBN(0x89817521, 0x67abd27d), + TOBN(0x9bf7d474, 0x44d5a021), + TOBN(0xb3083baf, 0xcac72aee), + TOBN(0x389741de, 0xbe949a44), + TOBN(0x638e9388, 0x546a4fa5), + TOBN(0x3fe6419c, 0xa0047bdc), + TOBN(0x7047f648, 0xaaea57ca), + TOBN(0x54e48a90, 0x41fbab17), + TOBN(0xda8e0b28, 0x576bdba2), + TOBN(0xe807eebc, 0xc72afddc), + TOBN(0x07d3336d, 0xf42577bf), + TOBN(0x62a8c244, 0xbfe20925), + TOBN(0x91c19ac3, 0x8fdce867), + TOBN(0x5a96a5d5, 0xdd387063), + TOBN(0x61d587d4, 0x21d324f6), + TOBN(0xe87673a2, 0xa37173ea), + TOBN(0x23848008, 0x53778b65), + TOBN(0x10f8441e, 0x05bab43e), + TOBN(0xfa11fe12, 0x4621efbe), + TOBN(0x047b772e, 0x81685d7b), + TOBN(0x23f27d81, 0xbf34a976), + TOBN(0xc27608e2, 0x915f48ef), + TOBN(0x3b0b43fa, 0xa521d5c3), + TOBN(0x7613fb26, 0x63ca7284), + TOBN(0x7f5729b4, 0x1d4db837), + TOBN(0x87b14898, 0x583b526b), + TOBN(0x00b732a6, 0xbbadd3d1), + TOBN(0x8e02f426, 0x2048e396), + TOBN(0x436b50b6, 0x383d9de4), + TOBN(0xf78d3481, 0x471e85ad), + TOBN(0x8b01ea6a, 0xd005c8d6), + TOBN(0xd3c7afee, 0x97015c07), + TOBN(0x46cdf1a9, 0x4e3ba2ae), + TOBN(0x7a42e501, 0x83d3a1d2), + TOBN(0xd54b5268, 0xb541dff4), + TOBN(0x3f24cf30, 0x4e23e9bc), + TOBN(0x4387f816, 0x126e3624), + TOBN(0x26a46a03, 0x3b0b6d61), + TOBN(0xaf1bc845, 0x8b2d777c), + TOBN(0x25c401ba, 0x527de79c), + TOBN(0x0e1346d4, 0x4261bbb6), + TOBN(0x4b96c44b, 0x287b4bc7), + TOBN(0x658493c7, 0x5254562f), + TOBN(0x23f949fe, 0xb8a24a20), + TOBN(0x17ebfed1, 0xf52ca53f), + TOBN(0x9b691bbe, 0xbcfb4853), + TOBN(0x5617ff6b, 0x6278a05d), + TOBN(0x241b34c5, 0xe3c99ebd), + TOBN(0xfc64242e, 0x1784156a), + TOBN(0x4206482f, 0x695d67df), + TOBN(0xb967ce0e, 0xee27c011), + TOBN(0x65db3751, 0x21c80b5d), + TOBN(0x2e7a563c, 0xa31ecca0), + TOBN(0xe56ffc4e, 0x5238a07e), + TOBN(0x3d6c2966, 0x32ced854), + TOBN(0xe99d7d1a, 0xaf70b885), + TOBN(0xafc3bad9, 0x2d686459), + TOBN(0x9c78bf46, 0x0cc8ba5b), + TOBN(0x5a439519, 0x18955aa3), + TOBN(0xf8b517a8, 0x5fe4e314), + TOBN(0xe60234d0, 0xfcb8906f), + TOBN(0xffe542ac, 0xf2061b23), + TOBN(0x287e191f, 0x6b4cb59c), + TOBN(0x21857ddc, 0x09d877d8), + TOBN(0x1c23478c, 0x14678941), + TOBN(0xbbf0c056, 0xb6e05ea4), + TOBN(0x82da4b53, 0xb01594fe), + TOBN(0xf7526791, 0xfadb8608), + TOBN(0x049e832d, 0x7b74cdf6), + TOBN(0xa43581cc, 0xc2b90a34), + TOBN(0x73639eb8, 0x9360b10c), + TOBN(0x4fba331f, 0xe1e4a71b), + TOBN(0x6ffd6b93, 0x8072f919), + TOBN(0x6e53271c, 0x65679032), + TOBN(0x67206444, 0xf14272ce), + TOBN(0xc0f734a3, 0xb2335834), + TOBN(0x9526205a, 0x90ef6860), + TOBN(0xcb8be717, 0x04e2bb0d), + TOBN(0x2418871e, 0x02f383fa), + TOBN(0xd7177681, 0x4082c157), + TOBN(0xcc914ad0, 0x29c20073), + TOBN(0xf186c1eb, 0xe587e728), + TOBN(0x6fdb3c22, 0x61bcd5fd), + TOBN(0x30d014a6, 0xf2f9f8e9), + TOBN(0x963ece23, 0x4fec49d2), + TOBN(0x862025c5, 0x9605a8d9), + TOBN(0x39874445, 0x19f8929a), + TOBN(0x01b6ff65, 0x12bf476a), + TOBN(0x598a64d8, 0x09cf7d91), + TOBN(0xd7ec7749, 0x93be56ca), + TOBN(0x10899785, 0xcbb33615), + TOBN(0xb8a092fd, 0x02eee3ad), + TOBN(0xa86b3d35, 0x30145270), + TOBN(0x323d98c6, 0x8512b675), + TOBN(0x4b8bc785, 0x62ebb40f), + TOBN(0x7d301f54, 0x413f9cde), + TOBN(0xa5e4fb4f, 0x2bab5664), + TOBN(0x1d2b252d, 0x1cbfec23), + TOBN(0xfcd576bb, 0xe177120d), + TOBN(0x04427d3e, 0x83731a34), + TOBN(0x2bb9028e, 0xed836e8e), + TOBN(0xb36acff8, 0xb612ca7c), + TOBN(0xb88fe5ef, 0xd3d9c73a), + TOBN(0xbe2a6bc6, 0xedea4eb3), + TOBN(0x43b93133, 0x488eec77), + TOBN(0xf41ff566, 0xb17106e1), + TOBN(0x469e9172, 0x654efa32), + TOBN(0xb4480f04, 0x41c23fa3), + TOBN(0xb4712eb0, 0xc1989a2e), + TOBN(0x3ccbba0f, 0x93a29ca7), + TOBN(0x6e205c14, 0xd619428c), + TOBN(0x90db7957, 0xb3641686), + TOBN(0x0432691d, 0x45ac8b4e), + TOBN(0x07a759ac, 0xf64e0350), + TOBN(0x0514d89c, 0x9c972517), + TOBN(0x1701147f, 0xa8e67fc3), + TOBN(0x9e2e0b8b, 0xab2085be), + TOBN(0xd5651824, 0xac284e57), + TOBN(0x890d4325, 0x74893664), + TOBN(0x8a7c5e6e, 0xc55e68a3), + TOBN(0xbf12e90b, 0x4339c85a), + TOBN(0x31846b85, 0xf922b655), + TOBN(0x9a54ce4d, 0x0bf4d700), + TOBN(0xd7f4e83a, 0xf1a14295), + TOBN(0x916f955c, 0xb285d4f9), + TOBN(0xe57bb0e0, 0x99ffdaba), + TOBN(0x28a43034, 0xeab0d152), + TOBN(0x0a36ffa2, 0xb8a9cef8), + TOBN(0x5517407e, 0xb9ec051a), + TOBN(0x9c796096, 0xea68e672), + TOBN(0x853db5fb, 0xfb3c77fb), + TOBN(0x21474ba9, 0xe864a51a), + TOBN(0x6c267699, 0x6e8a1b8b), + TOBN(0x7c823626, 0x94120a28), + TOBN(0xe61e9a48, 0x8383a5db), + TOBN(0x7dd75003, 0x9f84216d), + TOBN(0xab020d07, 0xad43cd85), + TOBN(0x9437ae48, 0xda12c659), + TOBN(0x6449c2eb, 0xe65452ad), + TOBN(0xcc7c4c1c, 0x2cf9d7c1), + TOBN(0x1320886a, 0xee95e5ab), + TOBN(0xbb7b9056, 0xbeae170c), + TOBN(0xc8a5b250, 0xdbc0d662), + TOBN(0x4ed81432, 0xc11d2303), + TOBN(0x7da66912, 0x1f03769f), + TOBN(0x3ac7a5fd, 0x84539828), + TOBN(0x14dada94, 0x3bccdd02), + TOBN(0x8b84c321, 0x7ef6b0d1), + TOBN(0x52a9477a, 0x7c933f22), + TOBN(0x5ef6728a, 0xfd440b82), + TOBN(0x5c3bd859, 0x6ce4bd5e), + TOBN(0x918b80f5, 0xf22c2d3e), + TOBN(0x368d5040, 0xb7bb6cc5), + TOBN(0xb66142a1, 0x2695a11c), + TOBN(0x60ac583a, 0xeb19ea70), + TOBN(0x317cbb98, 0x0eab2437), + TOBN(0x8cc08c55, 0x5e2654c8), + TOBN(0xfe2d6520, 0xe6d8307f), + TOBN(0xe9f147f3, 0x57428993), + TOBN(0x5f9c7d14, 0xd2fd6cf1), + TOBN(0xa3ecd064, 0x2d4fcbb0), + TOBN(0xad83fef0, 0x8e7341f7), + TOBN(0x643f23a0, 0x3a63115c), + TOBN(0xd38a78ab, 0xe65ab743), + TOBN(0xbf7c75b1, 0x35edc89c), + TOBN(0x3dd8752e, 0x530df568), + TOBN(0xf85c4a76, 0xe308c682), + TOBN(0x4c9955b2, 0xe68acf37), + TOBN(0xa544df3d, 0xab32af85), + TOBN(0x4b8ec3f5, 0xa25cf493), + TOBN(0x4d8f2764, 0x1a622feb), + TOBN(0x7bb4f7aa, 0xf0dcbc49), + TOBN(0x7de551f9, 0x70bbb45b), + TOBN(0xcfd0f3e4, 0x9f2ca2e5), + TOBN(0xece58709, 0x1f5c76ef), + TOBN(0x32920edd, 0x167d79ae), + TOBN(0x039df8a2, 0xfa7d7ec1), + TOBN(0xf46206c0, 0xbb30af91), + TOBN(0x1ff5e2f5, 0x22676b59), + TOBN(0x11f4a039, 0x6ea51d66), + TOBN(0x506c1445, 0x807d7a26), + TOBN(0x60da5705, 0x755a9b24), + TOBN(0x8fc8cc32, 0x1f1a319e), + TOBN(0x83642d4d, 0x9433d67d), + TOBN(0x7fa5cb8f, 0x6a7dd296), + TOBN(0x576591db, 0x9b7bde07), + TOBN(0x13173d25, 0x419716fb), + TOBN(0xea30599d, 0xd5b340ff), + TOBN(0xfc6b5297, 0xb0fe76c5), + TOBN(0x1c6968c8, 0xab8f5adc), + TOBN(0xf723c7f5, 0x901c928d), + TOBN(0x4203c321, 0x9773d402), + TOBN(0xdf7c6aa3, 0x1b51dd47), + TOBN(0x3d49e37a, 0x552be23c), + TOBN(0x57febee8, 0x0b5a6e87), + TOBN(0xc5ecbee4, 0x7bd8e739), + TOBN(0x79d44994, 0xae63bf75), + TOBN(0x168bd00f, 0x38fb8923), + TOBN(0x75d48ee4, 0xd0533130), + TOBN(0x554f77aa, 0xdb5cdf33), + TOBN(0x3396e896, 0x3c696769), + TOBN(0x2fdddbf2, 0xd3fd674e), + TOBN(0xbbb8f6ee, 0x99d0e3e5), + TOBN(0x51b90651, 0xcbae2f70), + TOBN(0xefc4bc05, 0x93aaa8eb), + TOBN(0x8ecd8689, 0xdd1df499), + TOBN(0x1aee99a8, 0x22f367a5), + TOBN(0x95d485b9, 0xae8274c5), + TOBN(0x6c14d445, 0x7d30b39c), + TOBN(0xbafea90b, 0xbcc1ef81), + TOBN(0x7c5f317a, 0xa459a2ed), + TOBN(0x01211075, 0x4ef44227), + TOBN(0xa17bed6e, 0xdc20f496), + TOBN(0x0cdfe424, 0x819853cd), + TOBN(0x13793298, 0xf71e2ce7), + TOBN(0x3c1f3078, 0xdbbe307b), + TOBN(0x6dd1c20e, 0x76ee9936), + TOBN(0x23ee4b57, 0x423caa20), + TOBN(0x4ac3793b, 0x8efb840e), + TOBN(0x934438eb, 0xed1f8ca0), + TOBN(0x3e546658, 0x4ebb25a2), + TOBN(0xc415af0e, 0xc069896f), + TOBN(0xc13eddb0, 0x9a5aa43d), + TOBN(0x7a04204f, 0xd49eb8f6), + TOBN(0xd0d5bdfc, 0xd74f1670), + TOBN(0x3697e286, 0x56fc0558), + TOBN(0x10207371, 0x01cebade), + TOBN(0x5f87e690, 0x0647a82b), + TOBN(0x908e0ed4, 0x8f40054f), + TOBN(0xa9f633d4, 0x79853803), + TOBN(0x8ed13c9a, 0x4a28b252), + TOBN(0x3e2ef676, 0x1f460f64), + TOBN(0x53930b9b, 0x36d06336), + TOBN(0x347073ac, 0x8fc4979b), + TOBN(0x84380e0e, 0x5ecd5597), + TOBN(0xe3b22c6b, 0xc4fe3c39), + TOBN(0xba4a8153, 0x6c7bebdf), + TOBN(0xf23ab6b7, 0x25693459), + TOBN(0x53bc3770, 0x14922b11), + TOBN(0x4645c8ab, 0x5afc60db), + TOBN(0xaa022355, 0x20b9f2a3), + TOBN(0x52a2954c, 0xce0fc507), + TOBN(0x8c2731bb, 0x7ce1c2e7), + TOBN(0xf39608ab, 0x18a0339d), + TOBN(0xac7a658d, 0x3735436c), + TOBN(0xb22c2b07, 0xcd992b4f), + TOBN(0x4e83daec, 0xf40dcfd4), + TOBN(0x8a34c7be, 0x2f39ea3e), + TOBN(0xef0c005f, 0xb0a56d2e), + TOBN(0x62731f6a, 0x6edd8038), + TOBN(0x5721d740, 0x4e3cb075), + TOBN(0x1ea41511, 0xfbeeee1b), + TOBN(0xd1ef5e73, 0xef1d0c05), + TOBN(0x42feefd1, 0x73c07d35), + TOBN(0xe530a00a, 0x8a329493), + TOBN(0x5d55b7fe, 0xf15ebfb0), + TOBN(0x549de03c, 0xd322491a), + TOBN(0xf7b5f602, 0x745b3237), + TOBN(0x3632a3a2, 0x1ab6e2b6), + TOBN(0x0d3bba89, 0x0ef59f78), + TOBN(0x0dfc6443, 0xc9e52b9a), + TOBN(0x1dc79699, 0x72631447), + TOBN(0xef033917, 0xb3be20b1), + TOBN(0x0c92735d, 0xb1383948), + TOBN(0xc1fc29a2, 0xc0dd7d7d), + TOBN(0x6485b697, 0x403ed068), + TOBN(0x13bfaab3, 0xaac93bdc), + TOBN(0x410dc6a9, 0x0deeaf52), + TOBN(0xb003fb02, 0x4c641c15), + TOBN(0x1384978c, 0x5bc504c4), + TOBN(0x37640487, 0x864a6a77), + TOBN(0x05991bc6, 0x222a77da), + TOBN(0x62260a57, 0x5e47eb11), + TOBN(0xc7af6613, 0xf21b432c), + TOBN(0x22f3acc9, 0xab4953e9), + TOBN(0x52934922, 0x8e41d155), + TOBN(0x4d024568, 0x3ac059ef), + TOBN(0xb0201755, 0x4d884411), + TOBN(0xce8055cf, 0xa59a178f), + TOBN(0xcd77d1af, 0xf6204549), + TOBN(0xa0a00a3e, 0xc7066759), + TOBN(0x471071ef, 0x0272c229), + TOBN(0x009bcf6b, 0xd3c4b6b0), + TOBN(0x2a2638a8, 0x22305177), + TOBN(0xd51d59df, 0x41645bbf), + TOBN(0xa81142fd, 0xc0a7a3c0), + TOBN(0xa17eca6d, 0x4c7063ee), + TOBN(0x0bb887ed, 0x60d9dcec), + TOBN(0xd6d28e51, 0x20ad2455), + TOBN(0xebed6308, 0xa67102ba), + TOBN(0x042c3114, 0x8bffa408), + TOBN(0xfd099ac5, 0x8aa68e30), + TOBN(0x7a6a3d7c, 0x1483513e), + TOBN(0xffcc6b75, 0xba2d8f0c), + TOBN(0x54dacf96, 0x1e78b954), + TOBN(0xf645696f, 0xa4a9af89), + TOBN(0x3a411940, 0x06ac98ec), + TOBN(0x41b8b3f6, 0x22a67a20), + TOBN(0x2d0b1e0f, 0x99dec626), + TOBN(0x27c89192, 0x40be34e8), + TOBN(0xc7162b37, 0x91907f35), + TOBN(0x90188ec1, 0xa956702b), + TOBN(0xca132f7d, 0xdf93769c), + TOBN(0x3ece44f9, 0x0e2025b4), + TOBN(0x67aaec69, 0x0c62f14c), + TOBN(0xad741418, 0x22e3cc11), + TOBN(0xcf9b75c3, 0x7ff9a50e), + TOBN(0x02fa2b16, 0x4d348272), + TOBN(0xbd99d61a, 0x9959d56d), + TOBN(0xbc4f19db, 0x18762916), + TOBN(0xcc7cce50, 0x49c1ac80), + TOBN(0x4d59ebaa, 0xd846bd83), + TOBN(0x8775a9dc, 0xa9202849), + TOBN(0x07ec4ae1, 0x6e1f4ca9), + TOBN(0x27eb5875, 0xba893f11), + TOBN(0x00284d51, 0x662cc565), + TOBN(0x82353a6b, 0x0db4138d), + TOBN(0xd9c7aaaa, 0xaa32a594), + TOBN(0xf5528b5e, 0xa5669c47), + TOBN(0xf3220231, 0x2f23c5ff), + TOBN(0xe3e8147a, 0x6affa3a1), + TOBN(0xfb423d5c, 0x202ddda0), + TOBN(0x3d6414ac, 0x6b871bd4), + TOBN(0x586f82e1, 0xa51a168a), + TOBN(0xb712c671, 0x48ae5448), + TOBN(0x9a2e4bd1, 0x76233eb8), + TOBN(0x0188223a, 0x78811ca9), + TOBN(0x553c5e21, 0xf7c18de1), + TOBN(0x7682e451, 0xb27bb286), + TOBN(0x3ed036b3, 0x0e51e929), + TOBN(0xf487211b, 0xec9cb34f), + TOBN(0x0d094277, 0x0c24efc8), + TOBN(0x0349fd04, 0xbef737a4), + TOBN(0x6d1c9dd2, 0x514cdd28), + TOBN(0x29c135ff, 0x30da9521), + TOBN(0xea6e4508, 0xf78b0b6f), + TOBN(0x176f5dd2, 0x678c143c), + TOBN(0x08148418, 0x4be21e65), + TOBN(0x27f7525c, 0xe7df38c4), + TOBN(0x1fb70e09, 0x748ab1a4), + TOBN(0x9cba50a0, 0x5efe4433), + TOBN(0x7846c7a6, 0x15f75af2), + TOBN(0x2a7c2c57, 0x5ee73ea8), + TOBN(0x42e566a4, 0x3f0a449a), + TOBN(0x45474c3b, 0xad90fc3d), + TOBN(0x7447be3d, 0x8b61d057), + TOBN(0x3e9d1cf1, 0x3a4ec092), + TOBN(0x1603e453, 0xf380a6e6), + TOBN(0x0b86e431, 0x9b1437c2), + TOBN(0x7a4173f2, 0xef29610a), + TOBN(0x8fa729a7, 0xf03d57f7), + TOBN(0x3e186f6e, 0x6c9c217e), + TOBN(0xbe1d3079, 0x91919524), + TOBN(0x92a62a70, 0x153d4fb1), + TOBN(0x32ed3e34, 0xd68c2f71), + TOBN(0xd785027f, 0x9eb1a8b7), + TOBN(0xbc37eb77, 0xc5b22fe8), + TOBN(0x466b34f0, 0xb9d6a191), + TOBN(0x008a89af, 0x9a05f816), + TOBN(0x19b028fb, 0x7d42c10a), + TOBN(0x7fe8c92f, 0x49b3f6b8), + TOBN(0x58907cc0, 0xa5a0ade3), + TOBN(0xb3154f51, 0x559d1a7c), + TOBN(0x5066efb6, 0xd9790ed6), + TOBN(0xa77a0cbc, 0xa6aa793b), + TOBN(0x1a915f3c, 0x223e042e), + TOBN(0x1c5def04, 0x69c5874b), + TOBN(0x0e830078, 0x73b6c1da), + TOBN(0x55cf85d2, 0xfcd8557a), + TOBN(0x0f7c7c76, 0x0460f3b1), + TOBN(0x87052acb, 0x46e58063), + TOBN(0x09212b80, 0x907eae66), + TOBN(0x3cb068e0, 0x4d721c89), + TOBN(0xa87941ae, 0xdd45ac1c), + TOBN(0xde8d5c0d, 0x0daa0dbb), + TOBN(0xda421fdc, 0xe3502e6e), + TOBN(0xc8944201, 0x4d89a084), + TOBN(0x7307ba5e, 0xf0c24bfb), + TOBN(0xda212beb, 0x20bde0ef), + TOBN(0xea2da24b, 0xf82ce682), + TOBN(0x058d3816, 0x07f71fe4), + TOBN(0x35a02462, 0x5ffad8de), + TOBN(0xcd7b05dc, 0xaadcefab), + TOBN(0xd442f8ed, 0x1d9f54ec), + TOBN(0x8be3d618, 0xb2d3b5ca), + TOBN(0xe2220ed0, 0xe06b2ce2), + TOBN(0x82699a5f, 0x1b0da4c0), + TOBN(0x3ff106f5, 0x71c0c3a7), + TOBN(0x8f580f5a, 0x0d34180c), + TOBN(0x4ebb120e, 0x22d7d375), + TOBN(0x5e5782cc, 0xe9513675), + TOBN(0x2275580c, 0x99c82a70), + TOBN(0xe8359fbf, 0x15ea8c4c), + TOBN(0x53b48db8, 0x7b415e70), + TOBN(0xaacf2240, 0x100c6014), + TOBN(0x9faaccf5, 0xe4652f1d), + TOBN(0xbd6fdd2a, 0xd56157b2), + TOBN(0xa4f4fb1f, 0x6261ec50), + TOBN(0x244e55ad, 0x476bcd52), + TOBN(0x881c9305, 0x047d320b), + TOBN(0x1ca983d5, 0x6181263f), + TOBN(0x354e9a44, 0x278fb8ee), + TOBN(0xad2dbc0f, 0x396e4964), + TOBN(0x723f3aa2, 0x9268b3de), + TOBN(0x0d1ca29a, 0xe6e0609a), + TOBN(0x794866aa, 0x6cf44252), + TOBN(0x0b59f3e3, 0x01af87ed), + TOBN(0xe234e5ff, 0x7f4a6c51), + TOBN(0xa8768fd2, 0x61dc2f7e), + TOBN(0xdafc7332, 0x0a94d81f), + TOBN(0xd7f84282, 0x06938ce1), + TOBN(0xae0b3c0e, 0x0546063e), + TOBN(0x7fbadcb2, 0x5d61abc6), + TOBN(0xd5d7a2c9, 0x369ac400), + TOBN(0xa5978d09, 0xae67d10c), + TOBN(0x290f211e, 0x4f85eaac), + TOBN(0xe61e2ad1, 0xfacac681), + TOBN(0xae125225, 0x388384cd), + TOBN(0xa7fb68e9, 0xccfde30f), + TOBN(0x7a59b936, 0x3daed4c2), + TOBN(0x80a9aa40, 0x2606f789), + TOBN(0xb40c1ea5, 0xf6a6d90a), + TOBN(0x948364d3, 0x514d5885), + TOBN(0x062ebc60, 0x70985182), + TOBN(0xa6db5b0e, 0x33310895), + TOBN(0x64a12175, 0xe329c2f5), + TOBN(0xc5f25bd2, 0x90ea237e), + TOBN(0x7915c524, 0x2d0a4c23), + TOBN(0xeb5d26e4, 0x6bb3cc52), + TOBN(0x369a9116, 0xc09e2c92), + TOBN(0x0c527f92, 0xcf182cf8), + TOBN(0x9e591938, 0x2aede0ac), + TOBN(0xb2922208, 0x6cc34939), + TOBN(0x3c9d8962, 0x99a34361), + TOBN(0x3c81836d, 0xc1905fe6), + TOBN(0x4bfeb57f, 0xa001ec5a), + TOBN(0xe993f5bb, 0xa0dc5dba), + TOBN(0x47884109, 0x724a1380), + TOBN(0x8a0369ab, 0x32fe9a04), + TOBN(0xea068d60, 0x8c927db8), + TOBN(0xbf5f37cf, 0x94655741), + TOBN(0x47d402a2, 0x04b6c7ea), + TOBN(0x4551c295, 0x6af259cb), + TOBN(0x698b71e7, 0xed77ee8b), + TOBN(0xbddf7bd0, 0xf309d5c7), + TOBN(0x6201c22c, 0x34e780ca), + TOBN(0xab04f7d8, 0x4c295ef4), + TOBN(0x1c947294, 0x4313a8ce), + TOBN(0xe532e4ac, 0x92ca4cfe), + TOBN(0x89738f80, 0xd0a7a97a), + TOBN(0xec088c88, 0xa580fd5b), + TOBN(0x612b1ecc, 0x42ce9e51), + TOBN(0x8f9840fd, 0xb25fdd2a), + TOBN(0x3cda78c0, 0x01e7f839), + TOBN(0x546b3d3a, 0xece05480), + TOBN(0x271719a9, 0x80d30916), + TOBN(0x45497107, 0x584c20c4), + TOBN(0xaf8f9478, 0x5bc78608), + TOBN(0x28c7d484, 0x277e2a4c), + TOBN(0xfce01767, 0x88a2ffe4), + TOBN(0xdc506a35, 0x28e169a5), + TOBN(0x0ea10861, 0x7af9c93a), + TOBN(0x1ed24361, 0x03fa0e08), + TOBN(0x96eaaa92, 0xa3d694e7), + TOBN(0xc0f43b4d, 0xef50bc74), + TOBN(0xce6aa58c, 0x64114db4), + TOBN(0x8218e8ea, 0x7c000fd4), + TOBN(0xac815dfb, 0x185f8844), + TOBN(0xcd7e90cb, 0x1557abfb), + TOBN(0x23d16655, 0xafbfecdf), + TOBN(0x80f3271f, 0x085cac4a), + TOBN(0x7fc39aa7, 0xd0e62f47), + TOBN(0x88d519d1, 0x460a48e5), + TOBN(0x59559ac4, 0xd28f101e), + TOBN(0x7981d9e9, 0xca9ae816), + TOBN(0x5c38652c, 0x9ac38203), + TOBN(0x86eaf87f, 0x57657fe5), + TOBN(0x568fc472, 0xe21f5416), + TOBN(0x2afff39c, 0xe7e597b5), + TOBN(0x3adbbb07, 0x256d4eab), + TOBN(0x22598692, 0x8285ab89), + TOBN(0x35f8112a, 0x041caefe), + TOBN(0x95df02e3, 0xa5064c8b), + TOBN(0x4d63356e, 0xc7004bf3), + TOBN(0x230a08f4, 0xdb83c7de), + TOBN(0xca27b270, 0x8709a7b7), + TOBN(0x0d1c4cc4, 0xcb9abd2d), + TOBN(0x8a0bc66e, 0x7550fee8), + TOBN(0x369cd4c7, 0x9cf7247e), + TOBN(0x75562e84, 0x92b5b7e7), + TOBN(0x8fed0da0, 0x5802af7b), + TOBN(0x6a7091c2, 0xe48fb889), + TOBN(0x26882c13, 0x7b8a9d06), + TOBN(0xa2498663, 0x1b82a0e2), + TOBN(0x844ed736, 0x3518152d), + TOBN(0x282f476f, 0xd86e27c7), + TOBN(0xa04edaca, 0x04afefdc), + TOBN(0x8b256ebc, 0x6119e34d), + TOBN(0x56a413e9, 0x0787d78b), + }, + { + TOBN(0x82ee061d, 0x5a74be50), + TOBN(0xe41781c4, 0xdea16ff5), + TOBN(0xe0b0c81e, 0x99bfc8a2), + TOBN(0x624f4d69, 0x0b547e2d), + TOBN(0x3a83545d, 0xbdcc9ae4), + TOBN(0x2573dbb6, 0x409b1e8e), + TOBN(0x482960c4, 0xa6c93539), + TOBN(0xf01059ad, 0x5ae18798), + TOBN(0x715c9f97, 0x3112795f), + TOBN(0xe8244437, 0x984e6ee1), + TOBN(0x55cb4858, 0xecb66bcd), + TOBN(0x7c136735, 0xabaffbee), + TOBN(0x54661595, 0x5dbec38e), + TOBN(0x51c0782c, 0x388ad153), + TOBN(0x9ba4c53a, 0xc6e0952f), + TOBN(0x27e6782a, 0x1b21dfa8), + TOBN(0x682f903d, 0x4ed2dbc2), + TOBN(0x0eba59c8, 0x7c3b2d83), + TOBN(0x8e9dc84d, 0x9c7e9335), + TOBN(0x5f9b21b0, 0x0eb226d7), + TOBN(0xe33bd394, 0xaf267bae), + TOBN(0xaa86cc25, 0xbe2e15ae), + TOBN(0x4f0bf67d, 0x6a8ec500), + TOBN(0x5846aa44, 0xf9630658), + TOBN(0xfeb09740, 0xe2c2bf15), + TOBN(0x627a2205, 0xa9e99704), + TOBN(0xec8d73d0, 0xc2fbc565), + TOBN(0x223eed8f, 0xc20c8de8), + TOBN(0x1ee32583, 0xa8363b49), + TOBN(0x1a0b6cb9, 0xc9c2b0a6), + TOBN(0x49f7c3d2, 0x90dbc85c), + TOBN(0xa8dfbb97, 0x1ef4c1ac), + TOBN(0xafb34d4c, 0x65c7c2ab), + TOBN(0x1d4610e7, 0xe2c5ea84), + TOBN(0x893f6d1b, 0x973c4ab5), + TOBN(0xa3cdd7e9, 0x945ba5c4), + TOBN(0x60514983, 0x064417ee), + TOBN(0x1459b23c, 0xad6bdf2b), + TOBN(0x23b2c341, 0x5cf726c3), + TOBN(0x3a829635, 0x32d6354a), + TOBN(0x294f901f, 0xab192c18), + TOBN(0xec5fcbfe, 0x7030164f), + TOBN(0xe2e2fcb7, 0xe2246ba6), + TOBN(0x1e7c88b3, 0x221a1a0c), + TOBN(0x72c7dd93, 0xc92d88c5), + TOBN(0x41c2148e, 0x1106fb59), + TOBN(0x547dd4f5, 0xa0f60f14), + TOBN(0xed9b52b2, 0x63960f31), + TOBN(0x6c8349eb, 0xb0a5b358), + TOBN(0xb154c5c2, 0x9e7e2ed6), + TOBN(0xcad5eccf, 0xeda462db), + TOBN(0xf2d6dbe4, 0x2de66b69), + TOBN(0x426aedf3, 0x8665e5b2), + TOBN(0x488a8513, 0x7b7f5723), + TOBN(0x15cc43b3, 0x8bcbb386), + TOBN(0x27ad0af3, 0xd791d879), + TOBN(0xc16c236e, 0x846e364f), + TOBN(0x7f33527c, 0xdea50ca0), + TOBN(0xc4810775, 0x0926b86d), + TOBN(0x6c2a3609, 0x0598e70c), + TOBN(0xa6755e52, 0xf024e924), + TOBN(0xe0fa07a4, 0x9db4afca), + TOBN(0x15c3ce7d, 0x66831790), + TOBN(0x5b4ef350, 0xa6cbb0d6), + TOBN(0x2c4aafc4, 0xb6205969), + TOBN(0x42563f02, 0xf6c7854f), + TOBN(0x016aced5, 0x1d983b48), + TOBN(0xfeb356d8, 0x99949755), + TOBN(0x8c2a2c81, 0xd1a39bd7), + TOBN(0x8f44340f, 0xe6934ae9), + TOBN(0x148cf91c, 0x447904da), + TOBN(0x7340185f, 0x0f51a926), + TOBN(0x2f8f00fb, 0x7409ab46), + TOBN(0x057e78e6, 0x80e289b2), + TOBN(0x03e5022c, 0xa888e5d1), + TOBN(0x3c87111a, 0x9dede4e2), + TOBN(0x5b9b0e1c, 0x7809460b), + TOBN(0xe751c852, 0x71c9abc7), + TOBN(0x8b944e28, 0xc7cc1dc9), + TOBN(0x4f201ffa, 0x1d3cfa08), + TOBN(0x02fc905c, 0x3e6721ce), + TOBN(0xd52d70da, 0xd0b3674c), + TOBN(0x5dc2e5ca, 0x18810da4), + TOBN(0xa984b273, 0x5c69dd99), + TOBN(0x63b92527, 0x84de5ca4), + TOBN(0x2f1c9872, 0xc852dec4), + TOBN(0x18b03593, 0xc2e3de09), + TOBN(0x19d70b01, 0x9813dc2f), + TOBN(0x42806b2d, 0xa6dc1d29), + TOBN(0xd3030009, 0xf871e144), + TOBN(0xa1feb333, 0xaaf49276), + TOBN(0xb5583b9e, 0xc70bc04b), + TOBN(0x1db0be78, 0x95695f20), + TOBN(0xfc841811, 0x89d012b5), + TOBN(0x6409f272, 0x05f61643), + TOBN(0x40d34174, 0xd5883128), + TOBN(0xd79196f5, 0x67419833), + TOBN(0x6059e252, 0x863b7b08), + TOBN(0x84da1817, 0x1c56700c), + TOBN(0x5758ee56, 0xb28d3ec4), + TOBN(0x7da2771d, 0x013b0ea6), + TOBN(0xfddf524b, 0x54c5e9b9), + TOBN(0x7df4faf8, 0x24305d80), + TOBN(0x58f5c1bf, 0x3a97763f), + TOBN(0xa5af37f1, 0x7c696042), + TOBN(0xd4cba22c, 0x4a2538de), + TOBN(0x211cb995, 0x9ea42600), + TOBN(0xcd105f41, 0x7b069889), + TOBN(0xb1e1cf19, 0xddb81e74), + TOBN(0x472f2d89, 0x5157b8ca), + TOBN(0x086fb008, 0xee9db885), + TOBN(0x365cd570, 0x0f26d131), + TOBN(0x284b02bb, 0xa2be7053), + TOBN(0xdcbbf7c6, 0x7ab9a6d6), + TOBN(0x4425559c, 0x20f7a530), + TOBN(0x961f2dfa, 0x188767c8), + TOBN(0xe2fd9435, 0x70dc80c4), + TOBN(0x104d6b63, 0xf0784120), + TOBN(0x7f592bc1, 0x53567122), + TOBN(0xf6bc1246, 0xf688ad77), + TOBN(0x05214c05, 0x0f15dde9), + TOBN(0xa47a76a8, 0x0d5f2b82), + TOBN(0xbb254d30, 0x62e82b62), + TOBN(0x11a05fe0, 0x3ec955ee), + TOBN(0x7eaff46e, 0x9d529b36), + TOBN(0x55ab1301, 0x8f9e3df6), + TOBN(0xc463e371, 0x99317698), + TOBN(0xfd251438, 0xccda47ad), + TOBN(0xca9c3547, 0x23d695ea), + TOBN(0x48ce626e, 0x16e589b5), + TOBN(0x6b5b64c7, 0xb187d086), + TOBN(0xd02e1794, 0xb2207948), + TOBN(0x8b58e98f, 0x7198111d), + TOBN(0x90ca6305, 0xdcf9c3cc), + TOBN(0x5691fe72, 0xf34089b0), + TOBN(0x60941af1, 0xfc7c80ff), + TOBN(0xa09bc0a2, 0x22eb51e5), + TOBN(0xc0bb7244, 0xaa9cf09a), + TOBN(0x36a8077f, 0x80159f06), + TOBN(0x8b5c989e, 0xdddc560e), + TOBN(0x19d2f316, 0x512e1f43), + TOBN(0x02eac554, 0xad08ff62), + TOBN(0x012ab84c, 0x07d20b4e), + TOBN(0x37d1e115, 0xd6d4e4e1), + TOBN(0xb6443e1a, 0xab7b19a8), + TOBN(0xf08d067e, 0xdef8cd45), + TOBN(0x63adf3e9, 0x685e03da), + TOBN(0xcf15a10e, 0x4792b916), + TOBN(0xf44bcce5, 0xb738a425), + TOBN(0xebe131d5, 0x9636b2fd), + TOBN(0x94068841, 0x7850d605), + TOBN(0x09684eaa, 0xb40d749d), + TOBN(0x8c3c669c, 0x72ba075b), + TOBN(0x89f78b55, 0xba469015), + TOBN(0x5706aade, 0x3e9f8ba8), + TOBN(0x6d8bd565, 0xb32d7ed7), + TOBN(0x25f4e63b, 0x805f08d6), + TOBN(0x7f48200d, 0xc3bcc1b5), + TOBN(0x4e801968, 0xb025d847), + TOBN(0x74afac04, 0x87cbe0a8), + TOBN(0x43ed2c2b, 0x7e63d690), + TOBN(0xefb6bbf0, 0x0223cdb8), + TOBN(0x4fec3cae, 0x2884d3fe), + TOBN(0x065ecce6, 0xd75e25a4), + TOBN(0x6c2294ce, 0x69f79071), + TOBN(0x0d9a8e5f, 0x044b8666), + TOBN(0x5009f238, 0x17b69d8f), + TOBN(0x3c29f8fe, 0xc5dfdaf7), + TOBN(0x9067528f, 0xebae68c4), + TOBN(0x5b385632, 0x30c5ba21), + TOBN(0x540df119, 0x1fdd1aec), + TOBN(0xcf37825b, 0xcfba4c78), + TOBN(0x77eff980, 0xbeb11454), + TOBN(0x40a1a991, 0x60c1b066), + TOBN(0xe8018980, 0xf889a1c7), + TOBN(0xb9c52ae9, 0x76c24be0), + TOBN(0x05fbbcce, 0x45650ef4), + TOBN(0xae000f10, 0x8aa29ac7), + TOBN(0x884b7172, 0x4f04c470), + TOBN(0x7cd4fde2, 0x19bb5c25), + TOBN(0x6477b22a, 0xe8840869), + TOBN(0xa8868859, 0x5fbd0686), + TOBN(0xf23cc02e, 0x1116dfba), + TOBN(0x76cd563f, 0xd87d7776), + TOBN(0xe2a37598, 0xa9d82abf), + TOBN(0x5f188ccb, 0xe6c170f5), + TOBN(0x81682200, 0x5066b087), + TOBN(0xda22c212, 0xc7155ada), + TOBN(0x151e5d3a, 0xfbddb479), + TOBN(0x4b606b84, 0x6d715b99), + TOBN(0x4a73b54b, 0xf997cb2e), + TOBN(0x9a1bfe43, 0x3ecd8b66), + TOBN(0x1c312809, 0x2a67d48a), + TOBN(0xcd6a671e, 0x031fa9e2), + TOBN(0xbec3312a, 0x0e43a34a), + TOBN(0x1d935639, 0x55ef47d3), + TOBN(0x5ea02489, 0x8fea73ea), + TOBN(0x8247b364, 0xa035afb2), + TOBN(0xb58300a6, 0x5265b54c), + TOBN(0x3286662f, 0x722c7148), + TOBN(0xb77fd76b, 0xb4ec4c20), + TOBN(0xf0a12fa7, 0x0f3fe3fd), + TOBN(0xf845bbf5, 0x41d8c7e8), + TOBN(0xe4d969ca, 0x5ec10aa8), + TOBN(0x4c0053b7, 0x43e232a3), + TOBN(0xdc7a3fac, 0x37f8a45a), + TOBN(0x3c4261c5, 0x20d81c8f), + TOBN(0xfd4b3453, 0xb00eab00), + TOBN(0x76d48f86, 0xd36e3062), + TOBN(0x626c5277, 0xa143ff02), + TOBN(0x538174de, 0xaf76f42e), + TOBN(0x2267aa86, 0x6407ceac), + TOBN(0xfad76351, 0x72e572d5), + TOBN(0xab861af7, 0xba7330eb), + TOBN(0xa0a1c8c7, 0x418d8657), + TOBN(0x988821cb, 0x20289a52), + TOBN(0x79732522, 0xcccc18ad), + TOBN(0xaadf3f8d, 0xf1a6e027), + TOBN(0xf7382c93, 0x17c2354d), + TOBN(0x5ce1680c, 0xd818b689), + TOBN(0x359ebbfc, 0xd9ecbee9), + TOBN(0x4330689c, 0x1cae62ac), + TOBN(0xb55ce5b4, 0xc51ac38a), + TOBN(0x7921dfea, 0xfe238ee8), + TOBN(0x3972bef8, 0x271d1ca5), + TOBN(0x3e423bc7, 0xe8aabd18), + TOBN(0x57b09f3f, 0x44a3e5e3), + TOBN(0x5da886ae, 0x7b444d66), + TOBN(0x68206634, 0xa9964375), + TOBN(0x356a2fa3, 0x699cd0ff), + TOBN(0xaf0faa24, 0xdba515e9), + TOBN(0x536e1f5c, 0xb321d79a), + TOBN(0xd3b9913a, 0x5c04e4ea), + TOBN(0xd549dcfe, 0xd6f11513), + TOBN(0xee227bf5, 0x79fd1d94), + TOBN(0x9f35afee, 0xb43f2c67), + TOBN(0xd2638d24, 0xf1314f53), + TOBN(0x62baf948, 0xcabcd822), + TOBN(0x5542de29, 0x4ef48db0), + TOBN(0xb3eb6a04, 0xfc5f6bb2), + TOBN(0x23c110ae, 0x1208e16a), + TOBN(0x1a4d15b5, 0xf8363e24), + TOBN(0x30716844, 0x164be00b), + TOBN(0xa8e24824, 0xf6f4690d), + TOBN(0x548773a2, 0x90b170cf), + TOBN(0xa1bef331, 0x42f191f4), + TOBN(0x70f418d0, 0x9247aa97), + TOBN(0xea06028e, 0x48be9147), + TOBN(0xe13122f3, 0xdbfb894e), + TOBN(0xbe9b79f6, 0xce274b18), + TOBN(0x85a49de5, 0xca58aadf), + TOBN(0x24957758, 0x11487351), + TOBN(0x111def61, 0xbb939099), + TOBN(0x1d6a974a, 0x26d13694), + TOBN(0x4474b4ce, 0xd3fc253b), + TOBN(0x3a1485e6, 0x4c5db15e), + TOBN(0xe79667b4, 0x147c15b4), + TOBN(0xe34f553b, 0x7bc61301), + TOBN(0x032b80f8, 0x17094381), + TOBN(0x55d8bafd, 0x723eaa21), + TOBN(0x5a987995, 0xf1c0e74e), + TOBN(0x5a9b292e, 0xebba289c), + TOBN(0x413cd4b2, 0xeb4c8251), + TOBN(0x98b5d243, 0xd162db0a), + TOBN(0xbb47bf66, 0x68342520), + TOBN(0x08d68949, 0xbaa862d1), + TOBN(0x11f349c7, 0xe906abcd), + TOBN(0x454ce985, 0xed7bf00e), + TOBN(0xacab5c9e, 0xb55b803b), + TOBN(0xb03468ea, 0x31e3c16d), + TOBN(0x5c24213d, 0xd273bf12), + TOBN(0x211538eb, 0x71587887), + TOBN(0x198e4a2f, 0x731dea2d), + TOBN(0xd5856cf2, 0x74ed7b2a), + TOBN(0x86a632eb, 0x13a664fe), + TOBN(0x932cd909, 0xbda41291), + TOBN(0x850e95d4, 0xc0c4ddc0), + TOBN(0xc0f422f8, 0x347fc2c9), + TOBN(0xe68cbec4, 0x86076bcb), + TOBN(0xf9e7c0c0, 0xcd6cd286), + TOBN(0x65994ddb, 0x0f5f27ca), + TOBN(0xe85461fb, 0xa80d59ff), + TOBN(0xff05481a, 0x66601023), + TOBN(0xc665427a, 0xfc9ebbfb), + TOBN(0xb0571a69, 0x7587fd52), + TOBN(0x935289f8, 0x8d49efce), + TOBN(0x61becc60, 0xea420688), + TOBN(0xb22639d9, 0x13a786af), + TOBN(0x1a8e6220, 0x361ecf90), + TOBN(0x001f23e0, 0x25506463), + TOBN(0xe4ae9b5d, 0x0a5c2b79), + TOBN(0xebc9cdad, 0xd8149db5), + TOBN(0xb33164a1, 0x934aa728), + TOBN(0x750eb00e, 0xae9b60f3), + TOBN(0x5a91615b, 0x9b9cfbfd), + TOBN(0x97015cbf, 0xef45f7f6), + TOBN(0xb462c4a5, 0xbf5151df), + TOBN(0x21adcc41, 0xb07118f2), + TOBN(0xd60c545b, 0x043fa42c), + TOBN(0xfc21aa54, 0xe96be1ab), + TOBN(0xe84bc32f, 0x4e51ea80), + TOBN(0x3dae45f0, 0x259b5d8d), + TOBN(0xbb73c7eb, 0xc38f1b5e), + TOBN(0xe405a74a, 0xe8ae617d), + TOBN(0xbb1ae9c6, 0x9f1c56bd), + TOBN(0x8c176b98, 0x49f196a4), + TOBN(0xc448f311, 0x6875092b), + TOBN(0xb5afe3de, 0x9f976033), + TOBN(0xa8dafd49, 0x145813e5), + TOBN(0x687fc4d9, 0xe2b34226), + TOBN(0xf2dfc92d, 0x4c7ff57f), + TOBN(0x004e3fc1, 0x401f1b46), + TOBN(0x5afddab6, 0x1430c9ab), + TOBN(0x0bdd41d3, 0x2238e997), + TOBN(0xf0947430, 0x418042ae), + TOBN(0x71f9adda, 0xcdddc4cb), + TOBN(0x7090c016, 0xc52dd907), + TOBN(0xd9bdf44d, 0x29e2047f), + TOBN(0xe6f1fe80, 0x1b1011a6), + TOBN(0xb63accbc, 0xd9acdc78), + TOBN(0xcfc7e235, 0x1272a95b), + TOBN(0x0c667717, 0xa6276ac8), + TOBN(0x3c0d3709, 0xe2d7eef7), + TOBN(0x5add2b06, 0x9a685b3e), + TOBN(0x363ad32d, 0x14ea5d65), + TOBN(0xf8e01f06, 0x8d7dd506), + TOBN(0xc9ea2213, 0x75b4aac6), + TOBN(0xed2a2bf9, 0x0d353466), + TOBN(0x439d79b5, 0xe9d3a7c3), + TOBN(0x8e0ee5a6, 0x81b7f34b), + TOBN(0xcf3dacf5, 0x1dc4ba75), + TOBN(0x1d3d1773, 0xeb3310c7), + TOBN(0xa8e67112, 0x7747ae83), + TOBN(0x31f43160, 0x197d6b40), + TOBN(0x0521ccee, 0xcd961400), + TOBN(0x67246f11, 0xf6535768), + TOBN(0x702fcc5a, 0xef0c3133), + TOBN(0x247cc45d, 0x7e16693b), + TOBN(0xfd484e49, 0xc729b749), + TOBN(0x522cef7d, 0xb218320f), + TOBN(0xe56ef405, 0x59ab93b3), + TOBN(0x225fba11, 0x9f181071), + TOBN(0x33bd6595, 0x15330ed0), + TOBN(0xc4be69d5, 0x1ddb32f7), + TOBN(0x264c7668, 0x0448087c), + TOBN(0xac30903f, 0x71432dae), + TOBN(0x3851b266, 0x00f9bf47), + TOBN(0x400ed311, 0x6cdd6d03), + TOBN(0x045e79fe, 0xf8fd2424), + TOBN(0xfdfd974a, 0xfa6da98b), + TOBN(0x45c9f641, 0x0c1e673a), + TOBN(0x76f2e733, 0x5b2c5168), + TOBN(0x1adaebb5, 0x2a601753), + TOBN(0xb286514c, 0xc57c2d49), + TOBN(0xd8769670, 0x1e0bfd24), + TOBN(0x950c547e, 0x04478922), + TOBN(0xd1d41969, 0xe5d32bfe), + TOBN(0x30bc1472, 0x750d6c3e), + TOBN(0x8f3679fe, 0xe0e27f3a), + TOBN(0x8f64a7dc, 0xa4a6ee0c), + TOBN(0x2fe59937, 0x633dfb1f), + TOBN(0xea82c395, 0x977f2547), + TOBN(0xcbdfdf1a, 0x661ea646), + TOBN(0xc7ccc591, 0xb9085451), + TOBN(0x82177962, 0x81761e13), + TOBN(0xda57596f, 0x9196885c), + TOBN(0xbc17e849, 0x28ffbd70), + TOBN(0x1e6e0a41, 0x2671d36f), + TOBN(0x61ae872c, 0x4152fcf5), + TOBN(0x441c87b0, 0x9e77e754), + TOBN(0xd0799dd5, 0xa34dff09), + TOBN(0x766b4e44, 0x88a6b171), + TOBN(0xdc06a512, 0x11f1c792), + TOBN(0xea02ae93, 0x4be35c3e), + TOBN(0xe5ca4d6d, 0xe90c469e), + TOBN(0x4df4368e, 0x56e4ff5c), + TOBN(0x7817acab, 0x4baef62e), + TOBN(0x9f5a2202, 0xa85b91e8), + TOBN(0x9666ebe6, 0x6ce57610), + TOBN(0x32ad31f3, 0xf73bfe03), + TOBN(0x628330a4, 0x25bcf4d6), + TOBN(0xea950593, 0x515056e6), + TOBN(0x59811c89, 0xe1332156), + TOBN(0xc89cf1fe, 0x8c11b2d7), + TOBN(0x75b63913, 0x04e60cc0), + TOBN(0xce811e8d, 0x4625d375), + TOBN(0x030e43fc, 0x2d26e562), + TOBN(0xfbb30b4b, 0x608d36a0), + TOBN(0x634ff82c, 0x48528118), + TOBN(0x7c6fe085, 0xcd285911), + TOBN(0x7f2830c0, 0x99358f28), + TOBN(0x2e60a95e, 0x665e6c09), + TOBN(0x08407d3d, 0x9b785dbf), + TOBN(0x530889ab, 0xa759bce7), + TOBN(0xf228e0e6, 0x52f61239), + TOBN(0x2b6d1461, 0x6879be3c), + TOBN(0xe6902c04, 0x51a7bbf7), + TOBN(0x30ad99f0, 0x76f24a64), + TOBN(0x66d9317a, 0x98bc6da0), + TOBN(0xf4f877f3, 0xcb596ac0), + TOBN(0xb05ff62d, 0x4c44f119), + TOBN(0x4555f536, 0xe9b77416), + TOBN(0xc7c0d059, 0x8caed63b), + TOBN(0x0cd2b7ce, 0xc358b2a9), + TOBN(0x3f33287b, 0x46945fa3), + TOBN(0xf8785b20, 0xd67c8791), + TOBN(0xc54a7a61, 0x9637bd08), + TOBN(0x54d4598c, 0x18be79d7), + TOBN(0x889e5acb, 0xc46d7ce1), + TOBN(0x9a515bb7, 0x8b085877), + TOBN(0xfac1a03d, 0x0b7a5050), + TOBN(0x7d3e738a, 0xf2926035), + TOBN(0x861cc2ce, 0x2a6cb0eb), + TOBN(0x6f2e2955, 0x8f7adc79), + TOBN(0x61c4d451, 0x33016376), + TOBN(0xd9fd2c80, 0x5ad59090), + TOBN(0xe5a83738, 0xb2b836a1), + TOBN(0x855b41a0, 0x7c0d6622), + TOBN(0x186fe317, 0x7cc19af1), + TOBN(0x6465c1ff, 0xfdd99acb), + TOBN(0x46e5c23f, 0x6974b99e), + TOBN(0x75a7cf8b, 0xa2717cbe), + TOBN(0x4d2ebc3f, 0x062be658), + TOBN(0x094b4447, 0x5f209c98), + TOBN(0x4af285ed, 0xb940cb5a), + TOBN(0x6706d792, 0x7cc82f10), + TOBN(0xc8c8776c, 0x030526fa), + TOBN(0xfa8e6f76, 0xa0da9140), + TOBN(0x77ea9d34, 0x591ee4f0), + TOBN(0x5f46e337, 0x40274166), + TOBN(0x1bdf98bb, 0xea671457), + TOBN(0xd7c08b46, 0x862a1fe2), + TOBN(0x46cc303c, 0x1c08ad63), + TOBN(0x99543440, 0x4c845e7b), + TOBN(0x1b8fbdb5, 0x48f36bf7), + TOBN(0x5b82c392, 0x8c8273a7), + TOBN(0x08f712c4, 0x928435d5), + TOBN(0x071cf0f1, 0x79330380), + TOBN(0xc74c2d24, 0xa8da054a), + TOBN(0xcb0e7201, 0x43c46b5c), + TOBN(0x0ad7337a, 0xc0b7eff3), + TOBN(0x8552225e, 0xc5e48b3c), + TOBN(0xe6f78b0c, 0x73f13a5f), + TOBN(0x5e70062e, 0x82349cbe), + TOBN(0x6b8d5048, 0xe7073969), + TOBN(0x392d2a29, 0xc33cb3d2), + TOBN(0xee4f727c, 0x4ecaa20f), + TOBN(0xa068c99e, 0x2ccde707), + TOBN(0xfcd5651f, 0xb87a2913), + TOBN(0xea3e3c15, 0x3cc252f0), + TOBN(0x777d92df, 0x3b6cd3e4), + TOBN(0x7a414143, 0xc5a732e7), + TOBN(0xa895951a, 0xa71ff493), + TOBN(0xfe980c92, 0xbbd37cf6), + TOBN(0x45bd5e64, 0xdecfeeff), + TOBN(0x910dc2a9, 0xa44c43e9), + TOBN(0xcb403f26, 0xcca9f54d), + TOBN(0x928bbdfb, 0x9303f6db), + TOBN(0x3c37951e, 0xa9eee67c), + TOBN(0x3bd61a52, 0xf79961c3), + TOBN(0x09a238e6, 0x395c9a79), + TOBN(0x6940ca2d, 0x61eb352d), + TOBN(0x7d1e5c5e, 0xc1875631), + TOBN(0x1e19742c, 0x1e1b20d1), + TOBN(0x4633d908, 0x23fc2e6e), + TOBN(0xa76e29a9, 0x08959149), + TOBN(0x61069d9c, 0x84ed7da5), + TOBN(0x0baa11cf, 0x5dbcad51), + TOBN(0xd01eec64, 0x961849da), + TOBN(0x93b75f1f, 0xaf3d8c28), + TOBN(0x57bc4f9f, 0x1ca2ee44), + TOBN(0x5a26322d, 0x00e00558), + TOBN(0x1888d658, 0x61a023ef), + TOBN(0x1d72aab4, 0xb9e5246e), + TOBN(0xa9a26348, 0xe5563ec0), + TOBN(0xa0971963, 0xc3439a43), + TOBN(0x567dd54b, 0xadb9b5b7), + TOBN(0x73fac1a1, 0xc45a524b), + TOBN(0x8fe97ef7, 0xfe38e608), + TOBN(0x608748d2, 0x3f384f48), + TOBN(0xb0571794, 0xc486094f), + TOBN(0x869254a3, 0x8bf3a8d6), + TOBN(0x148a8dd1, 0x310b0e25), + TOBN(0x99ab9f3f, 0x9aa3f7d8), + TOBN(0x0927c68a, 0x6706c02e), + TOBN(0x22b5e76c, 0x69790e6c), + TOBN(0x6c325260, 0x6c71376c), + TOBN(0x53a57690, 0x09ef6657), + TOBN(0x8d63f852, 0xedffcf3a), + TOBN(0xb4d2ed04, 0x3c0a6f55), + TOBN(0xdb3aa8de, 0x12519b9e), + TOBN(0x5d38e9c4, 0x1e0a569a), + TOBN(0x871528bf, 0x303747e2), + TOBN(0xa208e77c, 0xf5b5c18d), + TOBN(0x9d129c88, 0xca6bf923), + TOBN(0xbcbf197f, 0xbf02839f), + TOBN(0x9b9bf030, 0x27323194), + TOBN(0x3b055a8b, 0x339ca59d), + TOBN(0xb46b2312, 0x0f669520), + TOBN(0x19789f1f, 0x497e5f24), + TOBN(0x9c499468, 0xaaf01801), + TOBN(0x72ee1190, 0x8b69d59c), + TOBN(0x8bd39595, 0xacf4c079), + TOBN(0x3ee11ece, 0x8e0cd048), + TOBN(0xebde86ec, 0x1ed66f18), + TOBN(0x225d906b, 0xd61fce43), + TOBN(0x5cab07d6, 0xe8bed74d), + TOBN(0x16e4617f, 0x27855ab7), + TOBN(0x6568aadd, 0xb2fbc3dd), + TOBN(0xedb5484f, 0x8aeddf5b), + TOBN(0x878f20e8, 0x6dcf2fad), + TOBN(0x3516497c, 0x615f5699), + }, + { + TOBN(0xef0a3fec, 0xfa181e69), + TOBN(0x9ea02f81, 0x30d69a98), + TOBN(0xb2e9cf8e, 0x66eab95d), + TOBN(0x520f2beb, 0x24720021), + TOBN(0x621c540a, 0x1df84361), + TOBN(0x12037721, 0x71fa6d5d), + TOBN(0x6e3c7b51, 0x0ff5f6ff), + TOBN(0x817a069b, 0xabb2bef3), + TOBN(0x83572fb6, 0xb294cda6), + TOBN(0x6ce9bf75, 0xb9039f34), + TOBN(0x20e012f0, 0x095cbb21), + TOBN(0xa0aecc1b, 0xd063f0da), + TOBN(0x57c21c3a, 0xf02909e5), + TOBN(0xc7d59ecf, 0x48ce9cdc), + TOBN(0x2732b844, 0x8ae336f8), + TOBN(0x056e3723, 0x3f4f85f4), + TOBN(0x8a10b531, 0x89e800ca), + TOBN(0x50fe0c17, 0x145208fd), + TOBN(0x9e43c0d3, 0xb714ba37), + TOBN(0x427d200e, 0x34189acc), + TOBN(0x05dee24f, 0xe616e2c0), + TOBN(0x9c25f4c8, 0xee1854c1), + TOBN(0x4d3222a5, 0x8f342a73), + TOBN(0x0807804f, 0xa027c952), + TOBN(0xc222653a, 0x4f0d56f3), + TOBN(0x961e4047, 0xca28b805), + TOBN(0x2c03f8b0, 0x4a73434b), + TOBN(0x4c966787, 0xab712a19), + TOBN(0xcc196c42, 0x864fee42), + TOBN(0xc1be93da, 0x5b0ece5c), + TOBN(0xa87d9f22, 0xc131c159), + TOBN(0x2bb6d593, 0xdce45655), + TOBN(0x22c49ec9, 0xb809b7ce), + TOBN(0x8a41486b, 0xe2c72c2c), + TOBN(0x813b9420, 0xfea0bf36), + TOBN(0xb3d36ee9, 0xa66dac69), + TOBN(0x6fddc08a, 0x328cc987), + TOBN(0x0a3bcd2c, 0x3a326461), + TOBN(0x7103c49d, 0xd810dbba), + TOBN(0xf9d81a28, 0x4b78a4c4), + TOBN(0x3de865ad, 0xe4d55941), + TOBN(0xdedafa5e, 0x30384087), + TOBN(0x6f414abb, 0x4ef18b9b), + TOBN(0x9ee9ea42, 0xfaee5268), + TOBN(0x260faa16, 0x37a55a4a), + TOBN(0xeb19a514, 0x015f93b9), + TOBN(0x51d7ebd2, 0x9e9c3598), + TOBN(0x523fc56d, 0x1932178e), + TOBN(0x501d070c, 0xb98fe684), + TOBN(0xd60fbe9a, 0x124a1458), + TOBN(0xa45761c8, 0x92bc6b3f), + TOBN(0xf5384858, 0xfe6f27cb), + TOBN(0x4b0271f7, 0xb59e763b), + TOBN(0x3d4606a9, 0x5b5a8e5e), + TOBN(0x1eda5d9b, 0x05a48292), + TOBN(0xda7731d0, 0xe6fec446), + TOBN(0xa3e33693, 0x90d45871), + TOBN(0xe9764040, 0x06166d8d), + TOBN(0xb5c33682, 0x89a90403), + TOBN(0x4bd17983, 0x72f1d637), + TOBN(0xa616679e, 0xd5d2c53a), + TOBN(0x5ec4bcd8, 0xfdcf3b87), + TOBN(0xae6d7613, 0xb66a694e), + TOBN(0x7460fc76, 0xe3fc27e5), + TOBN(0x70469b82, 0x95caabee), + TOBN(0xde024ca5, 0x889501e3), + TOBN(0x6bdadc06, 0x076ed265), + TOBN(0x0cb1236b, 0x5a0ef8b2), + TOBN(0x4065ddbf, 0x0972ebf9), + TOBN(0xf1dd3875, 0x22aca432), + TOBN(0xa88b97cf, 0x744aff76), + TOBN(0xd1359afd, 0xfe8e3d24), + TOBN(0x52a3ba2b, 0x91502cf3), + TOBN(0x2c3832a8, 0x084db75d), + TOBN(0x04a12ddd, 0xde30b1c9), + TOBN(0x7802eabc, 0xe31fd60c), + TOBN(0x33707327, 0xa37fddab), + TOBN(0x65d6f2ab, 0xfaafa973), + TOBN(0x3525c5b8, 0x11e6f91a), + TOBN(0x76aeb0c9, 0x5f46530b), + TOBN(0xe8815ff6, 0x2f93a675), + TOBN(0xa6ec9684, 0x05f48679), + TOBN(0x6dcbb556, 0x358ae884), + TOBN(0x0af61472, 0xe19e3873), + TOBN(0x72334372, 0xa5f696be), + TOBN(0xc65e57ea, 0x6f22fb70), + TOBN(0x268da30c, 0x946cea90), + TOBN(0x136a8a87, 0x65681b2a), + TOBN(0xad5e81dc, 0x0f9f44d4), + TOBN(0xf09a6960, 0x2c46585a), + TOBN(0xd1649164, 0xc447d1b1), + TOBN(0x3b4b36c8, 0x879dc8b1), + TOBN(0x20d4177b, 0x3b6b234c), + TOBN(0x096a2505, 0x1730d9d0), + TOBN(0x0611b9b8, 0xef80531d), + TOBN(0xba904b3b, 0x64bb495d), + TOBN(0x1192d9d4, 0x93a3147a), + TOBN(0x9f30a5dc, 0x9a565545), + TOBN(0x90b1f9cb, 0x6ef07212), + TOBN(0x29958546, 0x0d87fc13), + TOBN(0xd3323eff, 0xc17db9ba), + TOBN(0xcb18548c, 0xcb1644a8), + TOBN(0x18a306d4, 0x4f49ffbc), + TOBN(0x28d658f1, 0x4c2e8684), + TOBN(0x44ba60cd, 0xa99f8c71), + TOBN(0x67b7abdb, 0x4bf742ff), + TOBN(0x66310f9c, 0x914b3f99), + TOBN(0xae430a32, 0xf412c161), + TOBN(0x1e6776d3, 0x88ace52f), + TOBN(0x4bc0fa24, 0x52d7067d), + TOBN(0x03c286aa, 0x8f07cd1b), + TOBN(0x4cb8f38c, 0xa985b2c1), + TOBN(0x83ccbe80, 0x8c3bff36), + TOBN(0x005a0bd2, 0x5263e575), + TOBN(0x460d7dda, 0x259bdcd1), + TOBN(0x4a1c5642, 0xfa5cab6b), + TOBN(0x2b7bdbb9, 0x9fe4fc88), + TOBN(0x09418e28, 0xcc97bbb5), + TOBN(0xd8274fb4, 0xa12321ae), + TOBN(0xb137007d, 0x5c87b64e), + TOBN(0x80531fe1, 0xc63c4962), + TOBN(0x50541e89, 0x981fdb25), + TOBN(0xdc1291a1, 0xfd4c2b6b), + TOBN(0xc0693a17, 0xa6df4fca), + TOBN(0xb2c4604e, 0x0117f203), + TOBN(0x245f1963, 0x0a99b8d0), + TOBN(0xaedc20aa, 0xc6212c44), + TOBN(0xb1ed4e56, 0x520f52a8), + TOBN(0xfe48f575, 0xf8547be3), + TOBN(0x0a7033cd, 0xa9e45f98), + TOBN(0x4b45d3a9, 0x18c50100), + TOBN(0xb2a6cd6a, 0xa61d41da), + TOBN(0x60bbb4f5, 0x57933c6b), + TOBN(0xa7538ebd, 0x2b0d7ffc), + TOBN(0x9ea3ab8d, 0x8cd626b6), + TOBN(0x8273a484, 0x3601625a), + TOBN(0x88859845, 0x0168e508), + TOBN(0x8cbc9bb2, 0x99a94abd), + TOBN(0x713ac792, 0xfab0a671), + TOBN(0xa3995b19, 0x6c9ebffc), + TOBN(0xe711668e, 0x1239e152), + TOBN(0x56892558, 0xbbb8dff4), + TOBN(0x8bfc7dab, 0xdbf17963), + TOBN(0x5b59fe5a, 0xb3de1253), + TOBN(0x7e3320eb, 0x34a9f7ae), + TOBN(0xe5e8cf72, 0xd751efe4), + TOBN(0x7ea003bc, 0xd9be2f37), + TOBN(0xc0f551a0, 0xb6c08ef7), + TOBN(0x56606268, 0x038f6725), + TOBN(0x1dd38e35, 0x6d92d3b6), + TOBN(0x07dfce7c, 0xc3cbd686), + TOBN(0x4e549e04, 0x651c5da8), + TOBN(0x4058f93b, 0x08b19340), + TOBN(0xc2fae6f4, 0xcac6d89d), + TOBN(0x4bad8a8c, 0x8f159cc7), + TOBN(0x0ddba4b3, 0xcb0b601c), + TOBN(0xda4fc7b5, 0x1dd95f8c), + TOBN(0x1d163cd7, 0xcea5c255), + TOBN(0x30707d06, 0x274a8c4c), + TOBN(0x79d9e008, 0x2802e9ce), + TOBN(0x02a29ebf, 0xe6ddd505), + TOBN(0x37064e74, 0xb50bed1a), + TOBN(0x3f6bae65, 0xa7327d57), + TOBN(0x3846f5f1, 0xf83920bc), + TOBN(0x87c37491, 0x60df1b9b), + TOBN(0x4cfb2895, 0x2d1da29f), + TOBN(0x10a478ca, 0x4ed1743c), + TOBN(0x390c6030, 0x3edd47c6), + TOBN(0x8f3e5312, 0x8c0a78de), + TOBN(0xccd02bda, 0x1e85df70), + TOBN(0xd6c75c03, 0xa61b6582), + TOBN(0x0762921c, 0xfc0eebd1), + TOBN(0xd34d0823, 0xd85010c0), + TOBN(0xd73aaacb, 0x0044cf1f), + TOBN(0xfb4159bb, 0xa3b5e78a), + TOBN(0x2287c7f7, 0xe5826f3f), + TOBN(0x4aeaf742, 0x580b1a01), + TOBN(0xf080415d, 0x60423b79), + TOBN(0xe12622cd, 0xa7dea144), + TOBN(0x49ea4996, 0x59d62472), + TOBN(0xb42991ef, 0x571f3913), + TOBN(0x0610f214, 0xf5b25a8a), + TOBN(0x47adc585, 0x30b79e8f), + TOBN(0xf90e3df6, 0x07a065a2), + TOBN(0x5d0a5deb, 0x43e2e034), + TOBN(0x53fb5a34, 0x444024aa), + TOBN(0xa8628c68, 0x6b0c9f7f), + TOBN(0x9c69c29c, 0xac563656), + TOBN(0x5a231feb, 0xbace47b6), + TOBN(0xbdce0289, 0x9ea5a2ec), + TOBN(0x05da1fac, 0x9463853e), + TOBN(0x96812c52, 0x509e78aa), + TOBN(0xd3fb5771, 0x57151692), + TOBN(0xeb2721f8, 0xd98e1c44), + TOBN(0xc0506087, 0x32399be1), + TOBN(0xda5a5511, 0xd979d8b8), + TOBN(0x737ed55d, 0xc6f56780), + TOBN(0xe20d3004, 0x0dc7a7f4), + TOBN(0x02ce7301, 0xf5941a03), + TOBN(0x91ef5215, 0xed30f83a), + TOBN(0x28727fc1, 0x4092d85f), + TOBN(0x72d223c6, 0x5c49e41a), + TOBN(0xa7cf30a2, 0xba6a4d81), + TOBN(0x7c086209, 0xb030d87d), + TOBN(0x04844c7d, 0xfc588b09), + TOBN(0x728cd499, 0x5874bbb0), + TOBN(0xcc1281ee, 0xe84c0495), + TOBN(0x0769b5ba, 0xec31958f), + TOBN(0x665c228b, 0xf99c2471), + TOBN(0xf2d8a11b, 0x191eb110), + TOBN(0x4594f494, 0xd36d7024), + TOBN(0x482ded8b, 0xcdcb25a1), + TOBN(0xc958a9d8, 0xdadd4885), + TOBN(0x7004477e, 0xf1d2b547), + TOBN(0x0a45f6ef, 0x2a0af550), + TOBN(0x4fc739d6, 0x2f8d6351), + TOBN(0x75cdaf27, 0x786f08a9), + TOBN(0x8700bb26, 0x42c2737f), + TOBN(0x855a7141, 0x1c4e2670), + TOBN(0x810188c1, 0x15076fef), + TOBN(0xc251d0c9, 0xabcd3297), + TOBN(0xae4c8967, 0xf48108eb), + TOBN(0xbd146de7, 0x18ceed30), + TOBN(0xf9d4f07a, 0xc986bced), + TOBN(0x5ad98ed5, 0x83fa1e08), + TOBN(0x7780d33e, 0xbeabd1fb), + TOBN(0xe330513c, 0x903b1196), + TOBN(0xba11de9e, 0xa47bc8c4), + TOBN(0x684334da, 0x02c2d064), + TOBN(0x7ecf360d, 0xa48de23b), + TOBN(0x57a1b474, 0x0a9089d8), + TOBN(0xf28fa439, 0xff36734c), + TOBN(0xf2a482cb, 0xea4570b3), + TOBN(0xee65d68b, 0xa5ebcee9), + TOBN(0x988d0036, 0xb9694cd5), + TOBN(0x53edd0e9, 0x37885d32), + TOBN(0xe37e3307, 0xbeb9bc6d), + TOBN(0xe9abb907, 0x9f5c6768), + TOBN(0x4396ccd5, 0x51f2160f), + TOBN(0x2500888c, 0x47336da6), + TOBN(0x383f9ed9, 0x926fce43), + TOBN(0x809dd1c7, 0x04da2930), + TOBN(0x30f6f596, 0x8a4cb227), + TOBN(0x0d700c7f, 0x73a56b38), + TOBN(0x1825ea33, 0xab64a065), + TOBN(0xaab9b735, 0x1338df80), + TOBN(0x1516100d, 0x9b63f57f), + TOBN(0x2574395a, 0x27a6a634), + TOBN(0xb5560fb6, 0x700a1acd), + TOBN(0xe823fd73, 0xfd999681), + TOBN(0xda915d1f, 0x6cb4e1ba), + TOBN(0x0d030118, 0x6ebe00a3), + TOBN(0x744fb0c9, 0x89fca8cd), + TOBN(0x970d01db, 0xf9da0e0b), + TOBN(0x0ad8c564, 0x7931d76f), + TOBN(0xb15737bf, 0xf659b96a), + TOBN(0xdc9933e8, 0xa8b484e7), + TOBN(0xb2fdbdf9, 0x7a26dec7), + TOBN(0x2349e9a4, 0x9f1f0136), + TOBN(0x7860368e, 0x70fddddb), + TOBN(0xd93d2c1c, 0xf9ad3e18), + TOBN(0x6d6c5f17, 0x689f4e79), + TOBN(0x7a544d91, 0xb24ff1b6), + TOBN(0x3e12a5eb, 0xfe16cd8c), + TOBN(0x543574e9, 0xa56b872f), + TOBN(0xa1ad550c, 0xfcf68ea2), + TOBN(0x689e37d2, 0x3f560ef7), + TOBN(0x8c54b9ca, 0xc9d47a8b), + TOBN(0x46d40a4a, 0x088ac342), + TOBN(0xec450c7c, 0x1576c6d0), + TOBN(0xb589e31c, 0x1f9689e9), + TOBN(0xdacf2602, 0xb8781718), + TOBN(0xa89237c6, 0xc8cb6b42), + TOBN(0x1326fc93, 0xb96ef381), + TOBN(0x55d56c6d, 0xb5f07825), + TOBN(0xacba2eea, 0x7449e22d), + TOBN(0x74e0887a, 0x633c3000), + TOBN(0xcb6cd172, 0xd7cbcf71), + TOBN(0x309e81de, 0xc36cf1be), + TOBN(0x07a18a6d, 0x60ae399b), + TOBN(0xb36c2679, 0x9edce57e), + TOBN(0x52b892f4, 0xdf001d41), + TOBN(0xd884ae5d, 0x16a1f2c6), + TOBN(0x9b329424, 0xefcc370a), + TOBN(0x3120daf2, 0xbd2e21df), + TOBN(0x55298d2d, 0x02470a99), + TOBN(0x0b78af6c, 0xa05db32e), + TOBN(0x5c76a331, 0x601f5636), + TOBN(0xaae861ff, 0xf8a4f29c), + TOBN(0x70dc9240, 0xd68f8d49), + TOBN(0x960e649f, 0x81b1321c), + TOBN(0x3d2c801b, 0x8792e4ce), + TOBN(0xf479f772, 0x42521876), + TOBN(0x0bed93bc, 0x416c79b1), + TOBN(0xa67fbc05, 0x263e5bc9), + TOBN(0x01e8e630, 0x521db049), + TOBN(0x76f26738, 0xc6f3431e), + TOBN(0xe609cb02, 0xe3267541), + TOBN(0xb10cff2d, 0x818c877c), + TOBN(0x1f0e75ce, 0x786a13cb), + TOBN(0xf4fdca64, 0x1158544d), + TOBN(0x5d777e89, 0x6cb71ed0), + TOBN(0x3c233737, 0xa9aa4755), + TOBN(0x7b453192, 0xe527ab40), + TOBN(0xdb59f688, 0x39f05ffe), + TOBN(0x8f4f4be0, 0x6d82574e), + TOBN(0xcce3450c, 0xee292d1b), + TOBN(0xaa448a12, 0x61ccd086), + TOBN(0xabce91b3, 0xf7914967), + TOBN(0x4537f09b, 0x1908a5ed), + TOBN(0xa812421e, 0xf51042e7), + TOBN(0xfaf5cebc, 0xec0b3a34), + TOBN(0x730ffd87, 0x4ca6b39a), + TOBN(0x70fb72ed, 0x02efd342), + TOBN(0xeb4735f9, 0xd75c8edb), + TOBN(0xc11f2157, 0xc278aa51), + TOBN(0xc459f635, 0xbf3bfebf), + TOBN(0x3a1ff0b4, 0x6bd9601f), + TOBN(0xc9d12823, 0xc420cb73), + TOBN(0x3e9af3e2, 0x3c2915a3), + TOBN(0xe0c82c72, 0xb41c3440), + TOBN(0x175239e5, 0xe3039a5f), + TOBN(0xe1084b8a, 0x558795a3), + TOBN(0x328d0a1d, 0xd01e5c60), + TOBN(0x0a495f2e, 0xd3788a04), + TOBN(0x25d8ff16, 0x66c11a9f), + TOBN(0xf5155f05, 0x9ed692d6), + TOBN(0x954fa107, 0x4f425fe4), + TOBN(0xd16aabf2, 0xe98aaa99), + TOBN(0x90cd8ba0, 0x96b0f88a), + TOBN(0x957f4782, 0xc154026a), + TOBN(0x54ee0734, 0x52af56d2), + TOBN(0xbcf89e54, 0x45b4147a), + TOBN(0x3d102f21, 0x9a52816c), + TOBN(0x6808517e, 0x39b62e77), + TOBN(0x92e25421, 0x69169ad8), + TOBN(0xd721d871, 0xbb608558), + TOBN(0x60e4ebae, 0xf6d4ff9b), + TOBN(0x0ba10819, 0x41f2763e), + TOBN(0xca2e45be, 0x51ee3247), + TOBN(0x66d172ec, 0x2bfd7a5f), + TOBN(0x528a8f2f, 0x74d0b12d), + TOBN(0xe17f1e38, 0xdabe70dc), + TOBN(0x1d5d7316, 0x9f93983c), + TOBN(0x51b2184a, 0xdf423e31), + TOBN(0xcb417291, 0xaedb1a10), + TOBN(0x2054ca93, 0x625bcab9), + TOBN(0x54396860, 0xa98998f0), + TOBN(0x4e53f6c4, 0xa54ae57e), + TOBN(0x0ffeb590, 0xee648e9d), + TOBN(0xfbbdaadc, 0x6afaf6bc), + TOBN(0xf88ae796, 0xaa3bfb8a), + TOBN(0x209f1d44, 0xd2359ed9), + TOBN(0xac68dd03, 0xf3544ce2), + TOBN(0xf378da47, 0xfd51e569), + TOBN(0xe1abd860, 0x2cc80097), + TOBN(0x23ca18d9, 0x343b6e3a), + TOBN(0x480797e8, 0xb40a1bae), + TOBN(0xd1f0c717, 0x533f3e67), + TOBN(0x44896970, 0x06e6cdfc), + TOBN(0x8ca21055, 0x52a82e8d), + TOBN(0xb2caf785, 0x78460cdc), + TOBN(0x4c1b7b62, 0xe9037178), + TOBN(0xefc09d2c, 0xdb514b58), + TOBN(0x5f2df9ee, 0x9113be5c), + TOBN(0x2fbda78f, 0xb3f9271c), + TOBN(0xe09a81af, 0x8f83fc54), + TOBN(0x06b13866, 0x8afb5141), + TOBN(0x38f6480f, 0x43e3865d), + TOBN(0x72dd77a8, 0x1ddf47d9), + TOBN(0xf2a8e971, 0x4c205ff7), + TOBN(0x46d449d8, 0x9d088ad8), + TOBN(0x926619ea, 0x185d706f), + TOBN(0xe47e02eb, 0xc7dd7f62), + TOBN(0xe7f120a7, 0x8cbc2031), + TOBN(0xc18bef00, 0x998d4ac9), + TOBN(0x18f37a9c, 0x6bdf22da), + TOBN(0xefbc432f, 0x90dc82df), + TOBN(0xc52cef8e, 0x5d703651), + TOBN(0x82887ba0, 0xd99881a5), + TOBN(0x7cec9dda, 0xb920ec1d), + TOBN(0xd0d7e8c3, 0xec3e8d3b), + TOBN(0x445bc395, 0x4ca88747), + TOBN(0xedeaa2e0, 0x9fd53535), + TOBN(0x461b1d93, 0x6cc87475), + TOBN(0xd92a52e2, 0x6d2383bd), + TOBN(0xfabccb59, 0xd7903546), + TOBN(0x6111a761, 0x3d14b112), + TOBN(0x0ae584fe, 0xb3d5f612), + TOBN(0x5ea69b8d, 0x60e828ec), + TOBN(0x6c078985, 0x54087030), + TOBN(0x649cab04, 0xac4821fe), + TOBN(0x25ecedcf, 0x8bdce214), + TOBN(0xb5622f72, 0x86af7361), + TOBN(0x0e1227aa, 0x7038b9e2), + TOBN(0xd0efb273, 0xac20fa77), + TOBN(0x817ff88b, 0x79df975b), + TOBN(0x856bf286, 0x1999503e), + TOBN(0xb4d5351f, 0x5038ec46), + TOBN(0x740a52c5, 0xfc42af6e), + TOBN(0x2e38bb15, 0x2cbb1a3f), + TOBN(0xc3eb99fe, 0x17a83429), + TOBN(0xca4fcbf1, 0xdd66bb74), + TOBN(0x880784d6, 0xcde5e8fc), + TOBN(0xddc84c1c, 0xb4e7a0be), + TOBN(0x8780510d, 0xbd15a72f), + TOBN(0x44bcf1af, 0x81ec30e1), + TOBN(0x141e50a8, 0x0a61073e), + TOBN(0x0d955718, 0x47be87ae), + TOBN(0x68a61417, 0xf76a4372), + TOBN(0xf57e7e87, 0xc607c3d3), + TOBN(0x043afaf8, 0x5252f332), + TOBN(0xcc14e121, 0x1552a4d2), + TOBN(0xb6dee692, 0xbb4d4ab4), + TOBN(0xb6ab74c8, 0xa03816a4), + TOBN(0x84001ae4, 0x6f394a29), + TOBN(0x5bed8344, 0xd795fb45), + TOBN(0x57326e7d, 0xb79f55a5), + TOBN(0xc9533ce0, 0x4accdffc), + TOBN(0x53473caf, 0x3993fa04), + TOBN(0x7906eb93, 0xa13df4c8), + TOBN(0xa73e51f6, 0x97cbe46f), + TOBN(0xd1ab3ae1, 0x0ae4ccf8), + TOBN(0x25614508, 0x8a5b3dbc), + TOBN(0x61eff962, 0x11a71b27), + TOBN(0xdf71412b, 0x6bb7fa39), + TOBN(0xb31ba6b8, 0x2bd7f3ef), + TOBN(0xb0b9c415, 0x69180d29), + TOBN(0xeec14552, 0x014cdde5), + TOBN(0x702c624b, 0x227b4bbb), + TOBN(0x2b15e8c2, 0xd3e988f3), + TOBN(0xee3bcc6d, 0xa4f7fd04), + TOBN(0x9d00822a, 0x42ac6c85), + TOBN(0x2db0cea6, 0x1df9f2b7), + TOBN(0xd7cad2ab, 0x42de1e58), + TOBN(0x346ed526, 0x2d6fbb61), + TOBN(0xb3962995, 0x1a2faf09), + TOBN(0x2fa8a580, 0x7c25612e), + TOBN(0x30ae04da, 0x7cf56490), + TOBN(0x75662908, 0x0eea3961), + TOBN(0x3609f5c5, 0x3d080847), + TOBN(0xcb081d39, 0x5241d4f6), + TOBN(0xb4fb3810, 0x77961a63), + TOBN(0xc20c5984, 0x2abb66fc), + TOBN(0x3d40aa7c, 0xf902f245), + TOBN(0x9cb12736, 0x4e536b1e), + TOBN(0x5eda24da, 0x99b3134f), + TOBN(0xafbd9c69, 0x5cd011af), + TOBN(0x9a16e30a, 0xc7088c7d), + TOBN(0x5ab65710, 0x3207389f), + TOBN(0x1b09547f, 0xe7407a53), + TOBN(0x2322f9d7, 0x4fdc6eab), + TOBN(0xc0f2f22d, 0x7430de4d), + TOBN(0x19382696, 0xe68ca9a9), + TOBN(0x17f1eff1, 0x918e5868), + TOBN(0xe3b5b635, 0x586f4204), + TOBN(0x146ef980, 0x3fbc4341), + TOBN(0x359f2c80, 0x5b5eed4e), + TOBN(0x9f35744e, 0x7482e41d), + TOBN(0x9a9ac3ec, 0xf3b224c2), + TOBN(0x9161a6fe, 0x91fc50ae), + TOBN(0x89ccc66b, 0xc613fa7c), + TOBN(0x89268b14, 0xc732f15a), + TOBN(0x7cd6f4e2, 0xb467ed03), + TOBN(0xfbf79869, 0xce56b40e), + TOBN(0xf93e094c, 0xc02dde98), + TOBN(0xefe0c3a8, 0xedee2cd7), + TOBN(0x90f3ffc0, 0xb268fd42), + TOBN(0x81a7fd56, 0x08241aed), + TOBN(0x95ab7ad8, 0x00b1afe8), + TOBN(0x40127056, 0x3e310d52), + TOBN(0xd3ffdeb1, 0x09d9fc43), + TOBN(0xc8f85c91, 0xd11a8594), + TOBN(0x2e74d258, 0x31cf6db8), + TOBN(0x829c7ca3, 0x02b5dfd0), + TOBN(0xe389cfbe, 0x69143c86), + TOBN(0xd01b6405, 0x941768d8), + TOBN(0x45103995, 0x03bf825d), + TOBN(0xcc4ee166, 0x56cd17e2), + TOBN(0xbea3c283, 0xba037e79), + TOBN(0x4e1ac06e, 0xd9a47520), + TOBN(0xfbfe18aa, 0xaf852404), + TOBN(0x5615f8e2, 0x8087648a), + TOBN(0x7301e47e, 0xb9d150d9), + TOBN(0x79f9f9dd, 0xb299b977), + TOBN(0x76697a7b, 0xa5b78314), + TOBN(0x10d67468, 0x7d7c90e7), + TOBN(0x7afffe03, 0x937210b5), + TOBN(0x5aef3e4b, 0x28c22cee), + TOBN(0xefb0ecd8, 0x09fd55ae), + TOBN(0x4cea7132, 0x0d2a5d6a), + TOBN(0x9cfb5fa1, 0x01db6357), + TOBN(0x395e0b57, 0xf36e1ac5), + TOBN(0x008fa9ad, 0x36cafb7d), + TOBN(0x8f6cdf70, 0x5308c4db), + TOBN(0x51527a37, 0x95ed2477), + TOBN(0xba0dee30, 0x5bd21311), + TOBN(0x6ed41b22, 0x909c90d7), + TOBN(0xc5f6b758, 0x7c8696d3), + TOBN(0x0db8eaa8, 0x3ce83a80), + TOBN(0xd297fe37, 0xb24b4b6f), + TOBN(0xfe58afe8, 0x522d1f0d), + TOBN(0x97358736, 0x8c98dbd9), + TOBN(0x6bc226ca, 0x9454a527), + TOBN(0xa12b384e, 0xce53c2d0), + TOBN(0x779d897d, 0x5e4606da), + TOBN(0xa53e47b0, 0x73ec12b0), + TOBN(0x462dbbba, 0x5756f1ad), + TOBN(0x69fe09f2, 0xcafe37b6), + TOBN(0x273d1ebf, 0xecce2e17), + TOBN(0x8ac1d538, 0x3cf607fd), + TOBN(0x8035f7ff, 0x12e10c25), + }, + { + TOBN(0x854d34c7, 0x7e6c5520), + TOBN(0xc27df9ef, 0xdcb9ea58), + TOBN(0x405f2369, 0xd686666d), + TOBN(0x29d1febf, 0x0417aa85), + TOBN(0x9846819e, 0x93470afe), + TOBN(0x3e6a9669, 0xe2a27f9e), + TOBN(0x24d008a2, 0xe31e6504), + TOBN(0xdba7cecf, 0x9cb7680a), + TOBN(0xecaff541, 0x338d6e43), + TOBN(0x56f7dd73, 0x4541d5cc), + TOBN(0xb5d426de, 0x96bc88ca), + TOBN(0x48d94f6b, 0x9ed3a2c3), + TOBN(0x6354a3bb, 0x2ef8279c), + TOBN(0xd575465b, 0x0b1867f2), + TOBN(0xef99b0ff, 0x95225151), + TOBN(0xf3e19d88, 0xf94500d8), + TOBN(0x92a83268, 0xe32dd620), + TOBN(0x913ec99f, 0x627849a2), + TOBN(0xedd8fdfa, 0x2c378882), + TOBN(0xaf96f33e, 0xee6f8cfe), + TOBN(0xc06737e5, 0xdc3fa8a5), + TOBN(0x236bb531, 0xb0b03a1d), + TOBN(0x33e59f29, 0x89f037b0), + TOBN(0x13f9b5a7, 0xd9a12a53), + TOBN(0x0d0df6ce, 0x51efb310), + TOBN(0xcb5b2eb4, 0x958df5be), + TOBN(0xd6459e29, 0x36158e59), + TOBN(0x82aae2b9, 0x1466e336), + TOBN(0xfb658a39, 0x411aa636), + TOBN(0x7152ecc5, 0xd4c0a933), + TOBN(0xf10c758a, 0x49f026b7), + TOBN(0xf4837f97, 0xcb09311f), + TOBN(0xddfb02c4, 0xc753c45f), + TOBN(0x18ca81b6, 0xf9c840fe), + TOBN(0x846fd09a, 0xb0f8a3e6), + TOBN(0xb1162add, 0xe7733dbc), + TOBN(0x7070ad20, 0x236e3ab6), + TOBN(0xf88cdaf5, 0xb2a56326), + TOBN(0x05fc8719, 0x997cbc7a), + TOBN(0x442cd452, 0x4b665272), + TOBN(0x7807f364, 0xb71698f5), + TOBN(0x6ba418d2, 0x9f7b605e), + TOBN(0xfd20b00f, 0xa03b2cbb), + TOBN(0x883eca37, 0xda54386f), + TOBN(0xff0be43f, 0xf3437f24), + TOBN(0xe910b432, 0xa48bb33c), + TOBN(0x4963a128, 0x329df765), + TOBN(0xac1dd556, 0xbe2fe6f7), + TOBN(0x557610f9, 0x24a0a3fc), + TOBN(0x38e17bf4, 0xe881c3f9), + TOBN(0x6ba84faf, 0xed0dac99), + TOBN(0xd4a222c3, 0x59eeb918), + TOBN(0xc79c1dbe, 0x13f542b6), + TOBN(0x1fc65e0d, 0xe425d457), + TOBN(0xeffb754f, 0x1debb779), + TOBN(0x638d8fd0, 0x9e08af60), + TOBN(0x994f523a, 0x626332d5), + TOBN(0x7bc38833, 0x5561bb44), + TOBN(0x005ed4b0, 0x3d845ea2), + TOBN(0xd39d3ee1, 0xc2a1f08a), + TOBN(0x6561fdd3, 0xe7676b0d), + TOBN(0x620e35ff, 0xfb706017), + TOBN(0x36ce424f, 0xf264f9a8), + TOBN(0xc4c3419f, 0xda2681f7), + TOBN(0xfb6afd2f, 0x69beb6e8), + TOBN(0x3a50b993, 0x6d700d03), + TOBN(0xc840b2ad, 0x0c83a14f), + TOBN(0x573207be, 0x54085bef), + TOBN(0x5af882e3, 0x09fe7e5b), + TOBN(0x957678a4, 0x3b40a7e1), + TOBN(0x172d4bdd, 0x543056e2), + TOBN(0x9c1b26b4, 0x0df13c0a), + TOBN(0x1c30861c, 0xf405ff06), + TOBN(0xebac86bd, 0x486e828b), + TOBN(0xe791a971, 0x636933fc), + TOBN(0x50e7c2be, 0x7aeee947), + TOBN(0xc3d4a095, 0xfa90d767), + TOBN(0xae60eb7b, 0xe670ab7b), + TOBN(0x17633a64, 0x397b056d), + TOBN(0x93a21f33, 0x105012aa), + TOBN(0x663c370b, 0xabb88643), + TOBN(0x91df36d7, 0x22e21599), + TOBN(0x183ba835, 0x8b761671), + TOBN(0x381eea1d, 0x728f3bf1), + TOBN(0xb9b2f1ba, 0x39966e6c), + TOBN(0x7c464a28, 0xe7295492), + TOBN(0x0fd5f70a, 0x09b26b7f), + TOBN(0xa9aba1f9, 0xfbe009df), + TOBN(0x857c1f22, 0x369b87ad), + TOBN(0x3c00e5d9, 0x32fca556), + TOBN(0x1ad74cab, 0x90b06466), + TOBN(0xa7112386, 0x550faaf2), + TOBN(0x7435e198, 0x6d9bd5f5), + TOBN(0x2dcc7e38, 0x59c3463f), + TOBN(0xdc7df748, 0xca7bd4b2), + TOBN(0x13cd4c08, 0x9dec2f31), + TOBN(0x0d3b5df8, 0xe3237710), + TOBN(0x0dadb26e, 0xcbd2f7b0), + TOBN(0x9f5966ab, 0xe4aa082b), + TOBN(0x666ec8de, 0x350e966e), + TOBN(0x1bfd1ed5, 0xee524216), + TOBN(0xcd93c59b, 0x41dab0b6), + TOBN(0x658a8435, 0xd186d6ba), + TOBN(0x1b7d34d2, 0x159d1195), + TOBN(0x5936e460, 0x22caf46b), + TOBN(0x6a45dd8f, 0x9a96fe4f), + TOBN(0xf7925434, 0xb98f474e), + TOBN(0x41410412, 0x0053ef15), + TOBN(0x71cf8d12, 0x41de97bf), + TOBN(0xb8547b61, 0xbd80bef4), + TOBN(0xb47d3970, 0xc4db0037), + TOBN(0xf1bcd328, 0xfef20dff), + TOBN(0x31a92e09, 0x10caad67), + TOBN(0x1f591960, 0x5531a1e1), + TOBN(0x3bb852e0, 0x5f4fc840), + TOBN(0x63e297ca, 0x93a72c6c), + TOBN(0x3c2b0b2e, 0x49abad67), + TOBN(0x6ec405fc, 0xed3db0d9), + TOBN(0xdc14a530, 0x7fef1d40), + TOBN(0xccd19846, 0x280896fc), + TOBN(0x00f83176, 0x9bb81648), + TOBN(0xd69eb485, 0x653120d0), + TOBN(0xd17d75f4, 0x4ccabc62), + TOBN(0x34a07f82, 0xb749fcb1), + TOBN(0x2c3af787, 0xbbfb5554), + TOBN(0xb06ed4d0, 0x62e283f8), + TOBN(0x5722889f, 0xa19213a0), + TOBN(0x162b085e, 0xdcf3c7b4), + TOBN(0xbcaecb31, 0xe0dd3eca), + TOBN(0xc6237fbc, 0xe52f13a5), + TOBN(0xcc2b6b03, 0x27bac297), + TOBN(0x2ae1cac5, 0xb917f54a), + TOBN(0x474807d4, 0x7845ae4f), + TOBN(0xfec7dd92, 0xce5972e0), + TOBN(0xc3bd2541, 0x1d7915bb), + TOBN(0x66f85dc4, 0xd94907ca), + TOBN(0xd981b888, 0xbdbcf0ca), + TOBN(0xd75f5da6, 0xdf279e9f), + TOBN(0x128bbf24, 0x7054e934), + TOBN(0x3c6ff6e5, 0x81db134b), + TOBN(0x795b7cf4, 0x047d26e4), + TOBN(0xf370f7b8, 0x5049ec37), + TOBN(0xc6712d4d, 0xced945af), + TOBN(0xdf30b5ec, 0x095642bc), + TOBN(0x9b034c62, 0x4896246e), + TOBN(0x5652c016, 0xee90bbd1), + TOBN(0xeb38636f, 0x87fedb73), + TOBN(0x5e32f847, 0x0135a613), + TOBN(0x0703b312, 0xcf933c83), + TOBN(0xd05bb76e, 0x1a7f47e6), + TOBN(0x825e4f0c, 0x949c2415), + TOBN(0x569e5622, 0x7250d6f8), + TOBN(0xbbe9eb3a, 0x6568013e), + TOBN(0x8dbd203f, 0x22f243fc), + TOBN(0x9dbd7694, 0xb342734a), + TOBN(0x8f6d12f8, 0x46afa984), + TOBN(0xb98610a2, 0xc9eade29), + TOBN(0xbab4f323, 0x47dd0f18), + TOBN(0x5779737b, 0x671c0d46), + TOBN(0x10b6a7c6, 0xd3e0a42a), + TOBN(0xfb19ddf3, 0x3035b41c), + TOBN(0xd336343f, 0x99c45895), + TOBN(0x61fe4938, 0x54c857e5), + TOBN(0xc4d506be, 0xae4e57d5), + TOBN(0x3cd8c8cb, 0xbbc33f75), + TOBN(0x7281f08a, 0x9262c77d), + TOBN(0x083f4ea6, 0xf11a2823), + TOBN(0x8895041e, 0x9fba2e33), + TOBN(0xfcdfea49, 0x9c438edf), + TOBN(0x7678dcc3, 0x91edba44), + TOBN(0xf07b3b87, 0xe2ba50f0), + TOBN(0xc13888ef, 0x43948c1b), + TOBN(0xc2135ad4, 0x1140af42), + TOBN(0x8e5104f3, 0x926ed1a7), + TOBN(0xf24430cb, 0x88f6695f), + TOBN(0x0ce0637b, 0x6d73c120), + TOBN(0xb2db01e6, 0xfe631e8f), + TOBN(0x1c5563d7, 0xd7bdd24b), + TOBN(0x8daea3ba, 0x369ad44f), + TOBN(0x000c81b6, 0x8187a9f9), + TOBN(0x5f48a951, 0xaae1fd9a), + TOBN(0xe35626c7, 0x8d5aed8a), + TOBN(0x20952763, 0x0498c622), + TOBN(0x76d17634, 0x773aa504), + TOBN(0x36d90dda, 0xeb300f7a), + TOBN(0x9dcf7dfc, 0xedb5e801), + TOBN(0x645cb268, 0x74d5244c), + TOBN(0xa127ee79, 0x348e3aa2), + TOBN(0x488acc53, 0x575f1dbb), + TOBN(0x95037e85, 0x80e6161e), + TOBN(0x57e59283, 0x292650d0), + TOBN(0xabe67d99, 0x14938216), + TOBN(0x3c7f944b, 0x3f8e1065), + TOBN(0xed908cb6, 0x330e8924), + TOBN(0x08ee8fd5, 0x6f530136), + TOBN(0x2227b7d5, 0xd7ffc169), + TOBN(0x4f55c893, 0xb5cd6dd5), + TOBN(0x82225e11, 0xa62796e8), + TOBN(0x5c6cead1, 0xcb18e12c), + TOBN(0x4381ae0c, 0x84f5a51a), + TOBN(0x345913d3, 0x7fafa4c8), + TOBN(0x3d918082, 0x0491aac0), + TOBN(0x9347871f, 0x3e69264c), + TOBN(0xbea9dd3c, 0xb4f4f0cd), + TOBN(0xbda5d067, 0x3eadd3e7), + TOBN(0x0033c1b8, 0x0573bcd8), + TOBN(0x25589379, 0x5da2486c), + TOBN(0xcb89ee5b, 0x86abbee7), + TOBN(0x8fe0a8f3, 0x22532e5d), + TOBN(0xb6410ff0, 0x727dfc4c), + TOBN(0x619b9d58, 0x226726db), + TOBN(0x5ec25669, 0x7a2b2dc7), + TOBN(0xaf4d2e06, 0x4c3beb01), + TOBN(0x852123d0, 0x7acea556), + TOBN(0x0e9470fa, 0xf783487a), + TOBN(0x75a7ea04, 0x5664b3eb), + TOBN(0x4ad78f35, 0x6798e4ba), + TOBN(0x9214e6e5, 0xc7d0e091), + TOBN(0xc420b488, 0xb1290403), + TOBN(0x64049e0a, 0xfc295749), + TOBN(0x03ef5af1, 0x3ae9841f), + TOBN(0xdbe4ca19, 0xb0b662a6), + TOBN(0x46845c5f, 0xfa453458), + TOBN(0xf8dabf19, 0x10b66722), + TOBN(0xb650f0aa, 0xcce2793b), + TOBN(0x71db851e, 0xc5ec47c1), + TOBN(0x3eb78f3e, 0x3b234fa9), + TOBN(0xb0c60f35, 0xfc0106ce), + TOBN(0x05427121, 0x774eadbd), + TOBN(0x25367faf, 0xce323863), + TOBN(0x7541b5c9, 0xcd086976), + TOBN(0x4ff069e2, 0xdc507ad1), + TOBN(0x74145256, 0x8776e667), + TOBN(0x6e76142c, 0xb23c6bb5), + TOBN(0xdbf30712, 0x1b3a8a87), + TOBN(0x60e7363e, 0x98450836), + TOBN(0x5741450e, 0xb7366d80), + TOBN(0xe4ee14ca, 0x4837dbdf), + TOBN(0xa765eb9b, 0x69d4316f), + TOBN(0x04548dca, 0x8ef43825), + TOBN(0x9c9f4e4c, 0x5ae888eb), + TOBN(0x733abb51, 0x56e9ac99), + TOBN(0xdaad3c20, 0xba6ac029), + TOBN(0x9b8dd3d3, 0x2ba3e38e), + TOBN(0xa9bb4c92, 0x0bc5d11a), + TOBN(0xf20127a7, 0x9c5f88a3), + TOBN(0x4f52b06e, 0x161d3cb8), + TOBN(0x26c1ff09, 0x6afaf0a6), + TOBN(0x32670d2f, 0x7189e71f), + TOBN(0xc6438748, 0x5ecf91e7), + TOBN(0x15758e57, 0xdb757a21), + TOBN(0x427d09f8, 0x290a9ce5), + TOBN(0x846a308f, 0x38384a7a), + TOBN(0xaac3acb4, 0xb0732b99), + TOBN(0x9e941009, 0x17845819), + TOBN(0x95cba111, 0xa7ce5e03), + TOBN(0x6f3d4f7f, 0xb00009c4), + TOBN(0xb8396c27, 0x8ff28b5f), + TOBN(0xb1a9ae43, 0x1c97975d), + TOBN(0x9d7ba8af, 0xe5d9fed5), + TOBN(0x338cf09f, 0x34f485b6), + TOBN(0xbc0ddacc, 0x64122516), + TOBN(0xa450da12, 0x05d471fe), + TOBN(0x4c3a6250, 0x628dd8c9), + TOBN(0x69c7d103, 0xd1295837), + TOBN(0xa2893e50, 0x3807eb2f), + TOBN(0xd6e1e1de, 0xbdb41491), + TOBN(0xc630745b, 0x5e138235), + TOBN(0xc892109e, 0x48661ae1), + TOBN(0x8d17e7eb, 0xea2b2674), + TOBN(0x00ec0f87, 0xc328d6b5), + TOBN(0x6d858645, 0xf079ff9e), + TOBN(0x6cdf243e, 0x19115ead), + TOBN(0x1ce1393e, 0x4bac4fcf), + TOBN(0x2c960ed0, 0x9c29f25b), + TOBN(0x59be4d8e, 0x9d388a05), + TOBN(0x0d46e06c, 0xd0def72b), + TOBN(0xb923db5d, 0xe0342748), + TOBN(0xf7d3aacd, 0x936d4a3d), + TOBN(0x558519cc, 0x0b0b099e), + TOBN(0x3ea8ebf8, 0x827097ef), + TOBN(0x259353db, 0xd054f55d), + TOBN(0x84c89abc, 0x6d2ed089), + TOBN(0x5c548b69, 0x8e096a7c), + TOBN(0xd587f616, 0x994b995d), + TOBN(0x4d1531f6, 0xa5845601), + TOBN(0x792ab31e, 0x451fd9f0), + TOBN(0xc8b57bb2, 0x65adf6ca), + TOBN(0x68440fcb, 0x1cd5ad73), + TOBN(0xb9c860e6, 0x6144da4f), + TOBN(0x2ab286aa, 0x8462beb8), + TOBN(0xcc6b8fff, 0xef46797f), + TOBN(0xac820da4, 0x20c8a471), + TOBN(0x69ae05a1, 0x77ff7faf), + TOBN(0xb9163f39, 0xbfb5da77), + TOBN(0xbd03e590, 0x2c73ab7a), + TOBN(0x7e862b5e, 0xb2940d9e), + TOBN(0x3c663d86, 0x4b9af564), + TOBN(0xd8309031, 0xbde3033d), + TOBN(0x298231b2, 0xd42c5bc6), + TOBN(0x42090d2c, 0x552ad093), + TOBN(0xa4799d1c, 0xff854695), + TOBN(0x0a88b5d6, 0xd31f0d00), + TOBN(0xf8b40825, 0xa2f26b46), + TOBN(0xec29b1ed, 0xf1bd7218), + TOBN(0xd491c53b, 0x4b24c86e), + TOBN(0xd2fe588f, 0x3395ea65), + TOBN(0x6f3764f7, 0x4456ef15), + TOBN(0xdb43116d, 0xcdc34800), + TOBN(0xcdbcd456, 0xc1e33955), + TOBN(0xefdb5540, 0x74ab286b), + TOBN(0x948c7a51, 0xd18c5d7c), + TOBN(0xeb81aa37, 0x7378058e), + TOBN(0x41c746a1, 0x04411154), + TOBN(0xa10c73bc, 0xfb828ac7), + TOBN(0x6439be91, 0x9d972b29), + TOBN(0x4bf3b4b0, 0x43a2fbad), + TOBN(0x39e6dadf, 0x82b5e840), + TOBN(0x4f716408, 0x6397bd4c), + TOBN(0x0f7de568, 0x7f1eeccb), + TOBN(0x5865c5a1, 0xd2ffbfc1), + TOBN(0xf74211fa, 0x4ccb6451), + TOBN(0x66368a88, 0xc0b32558), + TOBN(0x5b539dc2, 0x9ad7812e), + TOBN(0x579483d0, 0x2f3af6f6), + TOBN(0x52132078, 0x99934ece), + TOBN(0x50b9650f, 0xdcc9e983), + TOBN(0xca989ec9, 0xaee42b8a), + TOBN(0x6a44c829, 0xd6f62f99), + TOBN(0x8f06a309, 0x4c2a7c0c), + TOBN(0x4ea2b3a0, 0x98a0cb0a), + TOBN(0x5c547b70, 0xbeee8364), + TOBN(0x461d40e1, 0x682afe11), + TOBN(0x9e0fc77a, 0x7b41c0a8), + TOBN(0x79e4aefd, 0xe20d5d36), + TOBN(0x2916e520, 0x32dd9f63), + TOBN(0xf59e52e8, 0x3f883faf), + TOBN(0x396f9639, 0x2b868d35), + TOBN(0xc902a9df, 0x4ca19881), + TOBN(0x0fc96822, 0xdb2401a6), + TOBN(0x41237587, 0x66f1c68d), + TOBN(0x10fc6de3, 0xfb476c0d), + TOBN(0xf8b6b579, 0x841f5d90), + TOBN(0x2ba8446c, 0xfa24f44a), + TOBN(0xa237b920, 0xef4a9975), + TOBN(0x60bb6004, 0x2330435f), + TOBN(0xd6f4ab5a, 0xcfb7e7b5), + TOBN(0xb2ac5097, 0x83435391), + TOBN(0xf036ee2f, 0xb0d1ea67), + TOBN(0xae779a6a, 0x74c56230), + TOBN(0x59bff8c8, 0xab838ae6), + TOBN(0xcd83ca99, 0x9b38e6f0), + TOBN(0xbb27bef5, 0xe33deed3), + TOBN(0xe6356f6f, 0x001892a8), + TOBN(0xbf3be6cc, 0x7adfbd3e), + TOBN(0xaecbc81c, 0x33d1ac9d), + TOBN(0xe4feb909, 0xe6e861dc), + TOBN(0x90a247a4, 0x53f5f801), + TOBN(0x01c50acb, 0x27346e57), + TOBN(0xce29242e, 0x461acc1b), + TOBN(0x04dd214a, 0x2f998a91), + TOBN(0x271ee9b1, 0xd4baf27b), + TOBN(0x7e3027d1, 0xe8c26722), + TOBN(0x21d1645c, 0x1820dce5), + TOBN(0x086f242c, 0x7501779c), + TOBN(0xf0061407, 0xfa0e8009), + TOBN(0xf23ce477, 0x60187129), + TOBN(0x05bbdedb, 0x0fde9bd0), + TOBN(0x682f4832, 0x25d98473), + TOBN(0xf207fe85, 0x5c658427), + TOBN(0xb6fdd7ba, 0x4166ffa1), + TOBN(0x0c314056, 0x9eed799d), + TOBN(0x0db8048f, 0x4107e28f), + TOBN(0x74ed3871, 0x41216840), + TOBN(0x74489f8f, 0x56a3c06e), + TOBN(0x1e1c005b, 0x12777134), + TOBN(0xdb332a73, 0xf37ec3c3), + TOBN(0xc65259bd, 0xdd59eba0), + TOBN(0x2291709c, 0xdb4d3257), + TOBN(0x9a793b25, 0xbd389390), + TOBN(0xf39fe34b, 0xe43756f0), + TOBN(0x2f76bdce, 0x9afb56c9), + TOBN(0x9f37867a, 0x61208b27), + TOBN(0xea1d4307, 0x089972c3), + TOBN(0x8c595330, 0x8bdf623a), + TOBN(0x5f5accda, 0x8441fb7d), + TOBN(0xfafa9418, 0x32ddfd95), + TOBN(0x6ad40c5a, 0x0fde9be7), + TOBN(0x43faba89, 0xaeca8709), + TOBN(0xc64a7cf1, 0x2c248a9d), + TOBN(0x16620252, 0x72637a76), + TOBN(0xaee1c791, 0x22b8d1bb), + TOBN(0xf0f798fd, 0x21a843b2), + TOBN(0x56e4ed4d, 0x8d005cb1), + TOBN(0x355f7780, 0x1f0d8abe), + TOBN(0x197b04cf, 0x34522326), + TOBN(0x41f9b31f, 0xfd42c13f), + TOBN(0x5ef7feb2, 0xb40f933d), + TOBN(0x27326f42, 0x5d60bad4), + TOBN(0x027ecdb2, 0x8c92cf89), + TOBN(0x04aae4d1, 0x4e3352fe), + TOBN(0x08414d2f, 0x73591b90), + TOBN(0x5ed6124e, 0xb7da7d60), + TOBN(0xb985b931, 0x4d13d4ec), + TOBN(0xa592d3ab, 0x96bf36f9), + TOBN(0x012dbed5, 0xbbdf51df), + TOBN(0xa57963c0, 0xdf6c177d), + TOBN(0x010ec869, 0x87ca29cf), + TOBN(0xba1700f6, 0xbf926dff), + TOBN(0x7c9fdbd1, 0xf4bf6bc2), + TOBN(0xdc18dc8f, 0x64da11f5), + TOBN(0xa6074b7a, 0xd938ae75), + TOBN(0x14270066, 0xe84f44a4), + TOBN(0x99998d38, 0xd27b954e), + TOBN(0xc1be8ab2, 0xb4f38e9a), + TOBN(0x8bb55bbf, 0x15c01016), + TOBN(0xf73472b4, 0x0ea2ab30), + TOBN(0xd365a340, 0xf73d68dd), + TOBN(0xc01a7168, 0x19c2e1eb), + TOBN(0x32f49e37, 0x34061719), + TOBN(0xb73c57f1, 0x01d8b4d6), + TOBN(0x03c8423c, 0x26b47700), + TOBN(0x321d0bc8, 0xa4d8826a), + TOBN(0x6004213c, 0x4bc0e638), + TOBN(0xf78c64a1, 0xc1c06681), + TOBN(0x16e0a16f, 0xef018e50), + TOBN(0x31cbdf91, 0xdb42b2b3), + TOBN(0xf8f4ffce, 0xe0d36f58), + TOBN(0xcdcc71cd, 0x4cc5e3e0), + TOBN(0xd55c7cfa, 0xa129e3e0), + TOBN(0xccdb6ba0, 0x0fb2cbf1), + TOBN(0x6aba0005, 0xc4bce3cb), + TOBN(0x501cdb30, 0xd232cfc4), + TOBN(0x9ddcf12e, 0xd58a3cef), + TOBN(0x02d2cf9c, 0x87e09149), + TOBN(0xdc5d7ec7, 0x2c976257), + TOBN(0x6447986e, 0x0b50d7dd), + TOBN(0x88fdbaf7, 0x807f112a), + TOBN(0x58c9822a, 0xb00ae9f6), + TOBN(0x6abfb950, 0x6d3d27e0), + TOBN(0xd0a74487, 0x8a429f4f), + TOBN(0x0649712b, 0xdb516609), + TOBN(0xb826ba57, 0xe769b5df), + TOBN(0x82335df2, 0x1fc7aaf2), + TOBN(0x2389f067, 0x5c93d995), + TOBN(0x59ac367a, 0x68677be6), + TOBN(0xa77985ff, 0x21d9951b), + TOBN(0x038956fb, 0x85011cce), + TOBN(0x608e48cb, 0xbb734e37), + TOBN(0xc08c0bf2, 0x2be5b26f), + TOBN(0x17bbdd3b, 0xf9b1a0d9), + TOBN(0xeac7d898, 0x10483319), + TOBN(0xc95c4baf, 0xbc1a6dea), + TOBN(0xfdd0e2bf, 0x172aafdb), + TOBN(0x40373cbc, 0x8235c41a), + TOBN(0x14303f21, 0xfb6f41d5), + TOBN(0xba063621, 0x0408f237), + TOBN(0xcad3b09a, 0xecd2d1ed), + TOBN(0x4667855a, 0x52abb6a2), + TOBN(0xba9157dc, 0xaa8b417b), + TOBN(0xfe7f3507, 0x4f013efb), + TOBN(0x1b112c4b, 0xaa38c4a2), + TOBN(0xa1406a60, 0x9ba64345), + TOBN(0xe53cba33, 0x6993c80b), + TOBN(0x45466063, 0xded40d23), + TOBN(0x3d5f1f4d, 0x54908e25), + TOBN(0x9ebefe62, 0x403c3c31), + TOBN(0x274ea0b5, 0x0672a624), + TOBN(0xff818d99, 0x451d1b71), + TOBN(0x80e82643, 0x8f79cf79), + TOBN(0xa165df13, 0x73ce37f5), + TOBN(0xa744ef4f, 0xfe3a21fd), + TOBN(0x73f1e7f5, 0xcf551396), + TOBN(0xc616898e, 0x868c676b), + TOBN(0x671c28c7, 0x8c442c36), + TOBN(0xcfe5e558, 0x5e0a317d), + TOBN(0x1242d818, 0x7051f476), + TOBN(0x56fad2a6, 0x14f03442), + TOBN(0x262068bc, 0x0a44d0f6), + TOBN(0xdfa2cd6e, 0xce6edf4e), + TOBN(0x0f43813a, 0xd15d1517), + TOBN(0x61214cb2, 0x377d44f5), + TOBN(0xd399aa29, 0xc639b35f), + TOBN(0x42136d71, 0x54c51c19), + TOBN(0x9774711b, 0x08417221), + TOBN(0x0a5546b3, 0x52545a57), + TOBN(0x80624c41, 0x1150582d), + TOBN(0x9ec5c418, 0xfbc555bc), + TOBN(0x2c87dcad, 0x771849f1), + TOBN(0xb0c932c5, 0x01d7bf6f), + TOBN(0x6aa5cd3e, 0x89116eb2), + TOBN(0xd378c25a, 0x51ca7bd3), + TOBN(0xc612a0da, 0x9e6e3e31), + TOBN(0x0417a54d, 0xb68ad5d0), + TOBN(0x00451e4a, 0x22c6edb8), + TOBN(0x9fbfe019, 0xb42827ce), + TOBN(0x2fa92505, 0xba9384a2), + TOBN(0x21b8596e, 0x64ad69c1), + TOBN(0x8f4fcc49, 0x983b35a6), + TOBN(0xde093760, 0x72754672), + TOBN(0x2f14ccc8, 0xf7bffe6d), + TOBN(0x27566bff, 0x5d94263d), + TOBN(0xb5b4e9c6, 0x2df3ec30), + TOBN(0x94f1d7d5, 0x3e6ea6ba), + TOBN(0x97b7851a, 0xaaca5e9b), + TOBN(0x518aa521, 0x56713b97), + TOBN(0x3357e8c7, 0x150a61f6), + TOBN(0x7842e7e2, 0xec2c2b69), + TOBN(0x8dffaf65, 0x6868a548), + TOBN(0xd963bd82, 0xe068fc81), + TOBN(0x64da5c8b, 0x65917733), + TOBN(0x927090ff, 0x7b247328), + }, + { + TOBN(0x214bc9a7, 0xd298c241), + TOBN(0xe3b697ba, 0x56807cfd), + TOBN(0xef1c7802, 0x4564eadb), + TOBN(0xdde8cdcf, 0xb48149c5), + TOBN(0x946bf0a7, 0x5a4d2604), + TOBN(0x27154d7f, 0x6c1538af), + TOBN(0x95cc9230, 0xde5b1fcc), + TOBN(0xd88519e9, 0x66864f82), + TOBN(0xb828dd1a, 0x7cb1282c), + TOBN(0xa08d7626, 0xbe46973a), + TOBN(0x6baf8d40, 0xe708d6b2), + TOBN(0x72571fa1, 0x4daeb3f3), + TOBN(0x85b1732f, 0xf22dfd98), + TOBN(0x87ab01a7, 0x0087108d), + TOBN(0xaaaafea8, 0x5988207a), + TOBN(0xccc832f8, 0x69f00755), + TOBN(0x964d950e, 0x36ff3bf0), + TOBN(0x8ad20f6f, 0xf0b34638), + TOBN(0x4d9177b3, 0xb5d7585f), + TOBN(0xcf839760, 0xef3f019f), + TOBN(0x582fc5b3, 0x8288c545), + TOBN(0x2f8e4e9b, 0x13116bd1), + TOBN(0xf91e1b2f, 0x332120ef), + TOBN(0xcf568724, 0x2a17dd23), + TOBN(0x488f1185, 0xca8d9d1a), + TOBN(0xadf2c77d, 0xd987ded2), + TOBN(0x5f3039f0, 0x60c46124), + TOBN(0xe5d70b75, 0x71e095f4), + TOBN(0x82d58650, 0x6260e70f), + TOBN(0x39d75ea7, 0xf750d105), + TOBN(0x8cf3d0b1, 0x75bac364), + TOBN(0xf3a7564d, 0x21d01329), + TOBN(0x182f04cd, 0x2f52d2a7), + TOBN(0x4fde149a, 0xe2df565a), + TOBN(0xb80c5eec, 0xa79fb2f7), + TOBN(0xab491d7b, 0x22ddc897), + TOBN(0x99d76c18, 0xc6312c7f), + TOBN(0xca0d5f3d, 0x6aa41a57), + TOBN(0x71207325, 0xd15363a0), + TOBN(0xe82aa265, 0xbeb252c2), + TOBN(0x94ab4700, 0xec3128c2), + TOBN(0x6c76d862, 0x8e383f49), + TOBN(0xdc36b150, 0xc03024eb), + TOBN(0xfb439477, 0x53daac69), + TOBN(0xfc68764a, 0x8dc79623), + TOBN(0x5b86995d, 0xb440fbb2), + TOBN(0xd66879bf, 0xccc5ee0d), + TOBN(0x05228942, 0x95aa8bd3), + TOBN(0xb51a40a5, 0x1e6a75c1), + TOBN(0x24327c76, 0x0ea7d817), + TOBN(0x06630182, 0x07774597), + TOBN(0xd6fdbec3, 0x97fa7164), + TOBN(0x20c99dfb, 0x13c90f48), + TOBN(0xd6ac5273, 0x686ef263), + TOBN(0xc6a50bdc, 0xfef64eeb), + TOBN(0xcd87b281, 0x86fdfc32), + TOBN(0xb24aa43e, 0x3fcd3efc), + TOBN(0xdd26c034, 0xb8088e9a), + TOBN(0xa5ef4dc9, 0xbd3d46ea), + TOBN(0xa2f99d58, 0x8a4c6a6f), + TOBN(0xddabd355, 0x2f1da46c), + TOBN(0x72c3f8ce, 0x1afacdd1), + TOBN(0xd90c4eee, 0x92d40578), + TOBN(0xd28bb41f, 0xca623b94), + TOBN(0x50fc0711, 0x745edc11), + TOBN(0x9dd9ad7d, 0x3dc87558), + TOBN(0xce6931fb, 0xb49d1e64), + TOBN(0x6c77a0a2, 0xc98bd0f9), + TOBN(0x62b9a629, 0x6baf7cb1), + TOBN(0xcf065f91, 0xccf72d22), + TOBN(0x7203cce9, 0x79639071), + TOBN(0x09ae4885, 0xf9cb732f), + TOBN(0x5e7c3bec, 0xee8314f3), + TOBN(0x1c068aed, 0xdbea298f), + TOBN(0x08d381f1, 0x7c80acec), + TOBN(0x03b56be8, 0xe330495b), + TOBN(0xaeffb8f2, 0x9222882d), + TOBN(0x95ff38f6, 0xc4af8bf7), + TOBN(0x50e32d35, 0x1fc57d8c), + TOBN(0x6635be52, 0x17b444f0), + TOBN(0x04d15276, 0xa5177900), + TOBN(0x4e1dbb47, 0xf6858752), + TOBN(0x5b475622, 0xc615796c), + TOBN(0xa6fa0387, 0x691867bf), + TOBN(0xed7f5d56, 0x2844c6d0), + TOBN(0xc633cf9b, 0x03a2477d), + TOBN(0xf6be5c40, 0x2d3721d6), + TOBN(0xaf312eb7, 0xe9fd68e6), + TOBN(0x242792d2, 0xe7417ce1), + TOBN(0xff42bc71, 0x970ee7f5), + TOBN(0x1ff4dc6d, 0x5c67a41e), + TOBN(0x77709b7b, 0x20882a58), + TOBN(0x3554731d, 0xbe217f2c), + TOBN(0x2af2a8cd, 0x5bb72177), + TOBN(0x58eee769, 0x591dd059), + TOBN(0xbb2930c9, 0x4bba6477), + TOBN(0x863ee047, 0x7d930cfc), + TOBN(0x4c262ad1, 0x396fd1f4), + TOBN(0xf4765bc8, 0x039af7e1), + TOBN(0x2519834b, 0x5ba104f6), + TOBN(0x7cd61b4c, 0xd105f961), + TOBN(0xa5415da5, 0xd63bca54), + TOBN(0x778280a0, 0x88a1f17c), + TOBN(0xc4968949, 0x2329512c), + TOBN(0x174a9126, 0xcecdaa7a), + TOBN(0xfc8c7e0e, 0x0b13247b), + TOBN(0x29c110d2, 0x3484c1c4), + TOBN(0xf8eb8757, 0x831dfc3b), + TOBN(0x022f0212, 0xc0067452), + TOBN(0x3f6f69ee, 0x7b9b926c), + TOBN(0x09032da0, 0xef42daf4), + TOBN(0x79f00ade, 0x83f80de4), + TOBN(0x6210db71, 0x81236c97), + TOBN(0x74f7685b, 0x3ee0781f), + TOBN(0x4df7da7b, 0xa3e41372), + TOBN(0x2aae38b1, 0xb1a1553e), + TOBN(0x1688e222, 0xf6dd9d1b), + TOBN(0x57695448, 0x5b8b6487), + TOBN(0x478d2127, 0x4b2edeaa), + TOBN(0xb2818fa5, 0x1e85956a), + TOBN(0x1e6addda, 0xf176f2c0), + TOBN(0x01ca4604, 0xe2572658), + TOBN(0x0a404ded, 0x85342ffb), + TOBN(0x8cf60f96, 0x441838d6), + TOBN(0x9bbc691c, 0xc9071c4a), + TOBN(0xfd588744, 0x34442803), + TOBN(0x97101c85, 0x809c0d81), + TOBN(0xa7fb754c, 0x8c456f7f), + TOBN(0xc95f3c5c, 0xd51805e1), + TOBN(0xab4ccd39, 0xb299dca8), + TOBN(0x3e03d20b, 0x47eaf500), + TOBN(0xfa3165c1, 0xd7b80893), + TOBN(0x005e8b54, 0xe160e552), + TOBN(0xdc4972ba, 0x9019d11f), + TOBN(0x21a6972e, 0x0c9a4a7a), + TOBN(0xa52c258f, 0x37840fd7), + TOBN(0xf8559ff4, 0xc1e99d81), + TOBN(0x08e1a7d6, 0xa3c617c0), + TOBN(0xb398fd43, 0x248c6ba7), + TOBN(0x6ffedd91, 0xd1283794), + TOBN(0x8a6a59d2, 0xd629d208), + TOBN(0xa9d141d5, 0x3490530e), + TOBN(0x42f6fc18, 0x38505989), + TOBN(0x09bf250d, 0x479d94ee), + TOBN(0x223ad3b1, 0xb3822790), + TOBN(0x6c5926c0, 0x93b8971c), + TOBN(0x609efc7e, 0x75f7fa62), + TOBN(0x45d66a6d, 0x1ec2d989), + TOBN(0x4422d663, 0x987d2792), + TOBN(0x4a73caad, 0x3eb31d2b), + TOBN(0xf06c2ac1, 0xa32cb9e6), + TOBN(0xd9445c5f, 0x91aeba84), + TOBN(0x6af7a1d5, 0xaf71013f), + TOBN(0xe68216e5, 0x0bedc946), + TOBN(0xf4cba30b, 0xd27370a0), + TOBN(0x7981afbf, 0x870421cc), + TOBN(0x02496a67, 0x9449f0e1), + TOBN(0x86cfc4be, 0x0a47edae), + TOBN(0x3073c936, 0xb1feca22), + TOBN(0xf5694612, 0x03f8f8fb), + TOBN(0xd063b723, 0x901515ea), + TOBN(0x4c6c77a5, 0x749cf038), + TOBN(0x6361e360, 0xab9e5059), + TOBN(0x596cf171, 0xa76a37c0), + TOBN(0x800f53fa, 0x6530ae7a), + TOBN(0x0f5e631e, 0x0792a7a6), + TOBN(0x5cc29c24, 0xefdb81c9), + TOBN(0xa269e868, 0x3f9c40ba), + TOBN(0xec14f9e1, 0x2cb7191e), + TOBN(0x78ea1bd8, 0xe5b08ea6), + TOBN(0x3c65aa9b, 0x46332bb9), + TOBN(0x84cc22b3, 0xbf80ce25), + TOBN(0x0098e9e9, 0xd49d5bf1), + TOBN(0xcd4ec1c6, 0x19087da4), + TOBN(0x3c9d07c5, 0xaef6e357), + TOBN(0x839a0268, 0x9f8f64b8), + TOBN(0xc5e9eb62, 0xc6d8607f), + TOBN(0x759689f5, 0x6aa995e4), + TOBN(0x70464669, 0xbbb48317), + TOBN(0x921474bf, 0xe402417d), + TOBN(0xcabe135b, 0x2a354c8c), + TOBN(0xd51e52d2, 0x812fa4b5), + TOBN(0xec741096, 0x53311fe8), + TOBN(0x4f774535, 0xb864514b), + TOBN(0xbcadd671, 0x5bde48f8), + TOBN(0xc9703873, 0x2189bc7d), + TOBN(0x5d45299e, 0xc709ee8a), + TOBN(0xd1287ee2, 0x845aaff8), + TOBN(0x7d1f8874, 0xdb1dbf1f), + TOBN(0xea46588b, 0x990c88d6), + TOBN(0x60ba649a, 0x84368313), + TOBN(0xd5fdcbce, 0x60d543ae), + TOBN(0x90b46d43, 0x810d5ab0), + TOBN(0x6739d8f9, 0x04d7e5cc), + TOBN(0x021c1a58, 0x0d337c33), + TOBN(0x00a61162, 0x68e67c40), + TOBN(0x95ef413b, 0x379f0a1f), + TOBN(0xfe126605, 0xe9e2ab95), + TOBN(0x67578b85, 0x2f5f199c), + TOBN(0xf5c00329, 0x2cb84913), + TOBN(0xf7956430, 0x37577dd8), + TOBN(0x83b82af4, 0x29c5fe88), + TOBN(0x9c1bea26, 0xcdbdc132), + TOBN(0x589fa086, 0x9c04339e), + TOBN(0x033e9538, 0xb13799df), + TOBN(0x85fa8b21, 0xd295d034), + TOBN(0xdf17f73f, 0xbd9ddcca), + TOBN(0xf32bd122, 0xddb66334), + TOBN(0x55ef88a7, 0x858b044c), + TOBN(0x1f0d69c2, 0x5aa9e397), + TOBN(0x55fd9cc3, 0x40d85559), + TOBN(0xc774df72, 0x7785ddb2), + TOBN(0x5dcce9f6, 0xd3bd2e1c), + TOBN(0xeb30da20, 0xa85dfed0), + TOBN(0x5ed7f5bb, 0xd3ed09c4), + TOBN(0x7d42a35c, 0x82a9c1bd), + TOBN(0xcf3de995, 0x9890272d), + TOBN(0x75f3432a, 0x3e713a10), + TOBN(0x5e13479f, 0xe28227b8), + TOBN(0xb8561ea9, 0xfefacdc8), + TOBN(0xa6a297a0, 0x8332aafd), + TOBN(0x9b0d8bb5, 0x73809b62), + TOBN(0xd2fa1cfd, 0x0c63036f), + TOBN(0x7a16eb55, 0xbd64bda8), + TOBN(0x3f5cf5f6, 0x78e62ddc), + TOBN(0x2267c454, 0x07fd752b), + TOBN(0x5e361b6b, 0x5e437bbe), + TOBN(0x95c59501, 0x8354e075), + TOBN(0xec725f85, 0xf2b254d9), + TOBN(0x844b617d, 0x2cb52b4e), + TOBN(0xed8554f5, 0xcf425fb5), + TOBN(0xab67703e, 0x2af9f312), + TOBN(0x4cc34ec1, 0x3cf48283), + TOBN(0xb09daa25, 0x9c8a705e), + TOBN(0xd1e9d0d0, 0x5b7d4f84), + TOBN(0x4df6ef64, 0xdb38929d), + TOBN(0xe16b0763, 0xaa21ba46), + TOBN(0xc6b1d178, 0xa293f8fb), + TOBN(0x0ff5b602, 0xd520aabf), + TOBN(0x94d671bd, 0xc339397a), + TOBN(0x7c7d98cf, 0x4f5792fa), + TOBN(0x7c5e0d67, 0x11215261), + TOBN(0x9b19a631, 0xa7c5a6d4), + TOBN(0xc8511a62, 0x7a45274d), + TOBN(0x0c16621c, 0xa5a60d99), + TOBN(0xf7fbab88, 0xcf5e48cb), + TOBN(0xab1e6ca2, 0xf7ddee08), + TOBN(0x83bd08ce, 0xe7867f3c), + TOBN(0xf7e48e8a, 0x2ac13e27), + TOBN(0x4494f6df, 0x4eb1a9f5), + TOBN(0xedbf84eb, 0x981f0a62), + TOBN(0x49badc32, 0x536438f0), + TOBN(0x50bea541, 0x004f7571), + TOBN(0xbac67d10, 0xdf1c94ee), + TOBN(0x253d73a1, 0xb727bc31), + TOBN(0xb3d01cf2, 0x30686e28), + TOBN(0x51b77b1b, 0x55fd0b8b), + TOBN(0xa099d183, 0xfeec3173), + TOBN(0x202b1fb7, 0x670e72b7), + TOBN(0xadc88b33, 0xa8e1635f), + TOBN(0x34e8216a, 0xf989d905), + TOBN(0xc2e68d20, 0x29b58d01), + TOBN(0x11f81c92, 0x6fe55a93), + TOBN(0x15f1462a, 0x8f296f40), + TOBN(0x1915d375, 0xea3d62f2), + TOBN(0xa17765a3, 0x01c8977d), + TOBN(0x7559710a, 0xe47b26f6), + TOBN(0xe0bd29c8, 0x535077a5), + TOBN(0x615f976d, 0x08d84858), + TOBN(0x370dfe85, 0x69ced5c1), + TOBN(0xbbc7503c, 0xa734fa56), + TOBN(0xfbb9f1ec, 0x91ac4574), + TOBN(0x95d7ec53, 0x060dd7ef), + TOBN(0xeef2dacd, 0x6e657979), + TOBN(0x54511af3, 0xe2a08235), + TOBN(0x1e324aa4, 0x1f4aea3d), + TOBN(0x550e7e71, 0xe6e67671), + TOBN(0xbccd5190, 0xbf52faf7), + TOBN(0xf880d316, 0x223cc62a), + TOBN(0x0d402c7e, 0x2b32eb5d), + TOBN(0xa40bc039, 0x306a5a3b), + TOBN(0x4e0a41fd, 0x96783a1b), + TOBN(0xa1e8d39a, 0x0253cdd4), + TOBN(0x6480be26, 0xc7388638), + TOBN(0xee365e1d, 0x2285f382), + TOBN(0x188d8d8f, 0xec0b5c36), + TOBN(0x34ef1a48, 0x1f0f4d82), + TOBN(0x1a8f43e1, 0xa487d29a), + TOBN(0x8168226d, 0x77aefb3a), + TOBN(0xf69a751e, 0x1e72c253), + TOBN(0x8e04359a, 0xe9594df1), + TOBN(0x475ffd7d, 0xd14c0467), + TOBN(0xb5a2c2b1, 0x3844e95c), + TOBN(0x85caf647, 0xdd12ef94), + TOBN(0x1ecd2a9f, 0xf1063d00), + TOBN(0x1dd2e229, 0x23843311), + TOBN(0x38f0e09d, 0x73d17244), + TOBN(0x3ede7746, 0x8fc653f1), + TOBN(0xae4459f5, 0xdc20e21c), + TOBN(0x00db2ffa, 0x6a8599ea), + TOBN(0x11682c39, 0x30cfd905), + TOBN(0x4934d074, 0xa5c112a6), + TOBN(0xbdf063c5, 0x568bfe95), + TOBN(0x779a440a, 0x016c441a), + TOBN(0x0c23f218, 0x97d6fbdc), + TOBN(0xd3a5cd87, 0xe0776aac), + TOBN(0xcee37f72, 0xd712e8db), + TOBN(0xfb28c70d, 0x26f74e8d), + TOBN(0xffe0c728, 0xb61301a0), + TOBN(0xa6282168, 0xd3724354), + TOBN(0x7ff4cb00, 0x768ffedc), + TOBN(0xc51b3088, 0x03b02de9), + TOBN(0xa5a8147c, 0x3902dda5), + TOBN(0x35d2f706, 0xfe6973b4), + TOBN(0x5ac2efcf, 0xc257457e), + TOBN(0x933f48d4, 0x8700611b), + TOBN(0xc365af88, 0x4912beb2), + TOBN(0x7f5a4de6, 0x162edf94), + TOBN(0xc646ba7c, 0x0c32f34b), + TOBN(0x632c6af3, 0xb2091074), + TOBN(0x58d4f2e3, 0x753e43a9), + TOBN(0x70e1d217, 0x24d4e23f), + TOBN(0xb24bf729, 0xafede6a6), + TOBN(0x7f4a94d8, 0x710c8b60), + TOBN(0xaad90a96, 0x8d4faa6a), + TOBN(0xd9ed0b32, 0xb066b690), + TOBN(0x52fcd37b, 0x78b6dbfd), + TOBN(0x0b64615e, 0x8bd2b431), + TOBN(0x228e2048, 0xcfb9fad5), + TOBN(0xbeaa386d, 0x240b76bd), + TOBN(0x2d6681c8, 0x90dad7bc), + TOBN(0x3e553fc3, 0x06d38f5e), + TOBN(0xf27cdb9b, 0x9d5f9750), + TOBN(0x3e85c52a, 0xd28c5b0e), + TOBN(0x190795af, 0x5247c39b), + TOBN(0x547831eb, 0xbddd6828), + TOBN(0xf327a227, 0x4a82f424), + TOBN(0x36919c78, 0x7e47f89d), + TOBN(0xe4783919, 0x43c7392c), + TOBN(0xf101b9aa, 0x2316fefe), + TOBN(0xbcdc9e9c, 0x1c5009d2), + TOBN(0xfb55ea13, 0x9cd18345), + TOBN(0xf5b5e231, 0xa3ce77c7), + TOBN(0xde6b4527, 0xd2f2cb3d), + TOBN(0x10f6a333, 0x9bb26f5f), + TOBN(0x1e85db8e, 0x044d85b6), + TOBN(0xc3697a08, 0x94197e54), + TOBN(0x65e18cc0, 0xa7cb4ea8), + TOBN(0xa38c4f50, 0xa471fe6e), + TOBN(0xf031747a, 0x2f13439c), + TOBN(0x53c4a6ba, 0xc007318b), + TOBN(0xa8da3ee5, 0x1deccb3d), + TOBN(0x0555b31c, 0x558216b1), + TOBN(0x90c7810c, 0x2f79e6c2), + TOBN(0x9b669f4d, 0xfe8eed3c), + TOBN(0x70398ec8, 0xe0fac126), + TOBN(0xa96a449e, 0xf701b235), + TOBN(0x0ceecdb3, 0xeb94f395), + TOBN(0x285fc368, 0xd0cb7431), + TOBN(0x0d37bb52, 0x16a18c64), + TOBN(0x05110d38, 0xb880d2dd), + TOBN(0xa60f177b, 0x65930d57), + TOBN(0x7da34a67, 0xf36235f5), + TOBN(0x47f5e17c, 0x183816b9), + TOBN(0xc7664b57, 0xdb394af4), + TOBN(0x39ba215d, 0x7036f789), + TOBN(0x46d2ca0e, 0x2f27b472), + TOBN(0xc42647ee, 0xf73a84b7), + TOBN(0x44bc7545, 0x64488f1d), + TOBN(0xaa922708, 0xf4cf85d5), + TOBN(0x721a01d5, 0x53e4df63), + TOBN(0x649c0c51, 0x5db46ced), + TOBN(0x6bf0d64e, 0x3cffcb6c), + TOBN(0xe3bf93fe, 0x50f71d96), + TOBN(0x75044558, 0xbcc194a0), + TOBN(0x16ae3372, 0x6afdc554), + TOBN(0xbfc01adf, 0x5ca48f3f), + TOBN(0x64352f06, 0xe22a9b84), + TOBN(0xcee54da1, 0xc1099e4a), + TOBN(0xbbda54e8, 0xfa1b89c0), + TOBN(0x166a3df5, 0x6f6e55fb), + TOBN(0x1ca44a24, 0x20176f88), + TOBN(0x936afd88, 0xdfb7b5ff), + TOBN(0xe34c2437, 0x8611d4a0), + TOBN(0x7effbb75, 0x86142103), + TOBN(0x6704ba1b, 0x1f34fc4d), + TOBN(0x7c2a468f, 0x10c1b122), + TOBN(0x36b3a610, 0x8c6aace9), + TOBN(0xabfcc0a7, 0x75a0d050), + TOBN(0x066f9197, 0x3ce33e32), + TOBN(0xce905ef4, 0x29fe09be), + TOBN(0x89ee25ba, 0xa8376351), + TOBN(0x2a3ede22, 0xfd29dc76), + TOBN(0x7fd32ed9, 0x36f17260), + TOBN(0x0cadcf68, 0x284b4126), + TOBN(0x63422f08, 0xa7951fc8), + TOBN(0x562b24f4, 0x0807e199), + TOBN(0xfe9ce5d1, 0x22ad4490), + TOBN(0xc2f51b10, 0x0db2b1b4), + TOBN(0xeb3613ff, 0xe4541d0d), + TOBN(0xbd2c4a05, 0x2680813b), + TOBN(0x527aa55d, 0x561b08d6), + TOBN(0xa9f8a40e, 0xa7205558), + TOBN(0xe3eea56f, 0x243d0bec), + TOBN(0x7b853817, 0xa0ff58b3), + TOBN(0xb67d3f65, 0x1a69e627), + TOBN(0x0b76bbb9, 0xa869b5d6), + TOBN(0xa3afeb82, 0x546723ed), + TOBN(0x5f24416d, 0x3e554892), + TOBN(0x8413b53d, 0x430e2a45), + TOBN(0x99c56aee, 0x9032a2a0), + TOBN(0x09432bf6, 0xeec367b1), + TOBN(0x552850c6, 0xdaf0ecc1), + TOBN(0x49ebce55, 0x5bc92048), + TOBN(0xdfb66ba6, 0x54811307), + TOBN(0x1b84f797, 0x6f298597), + TOBN(0x79590481, 0x8d1d7a0d), + TOBN(0xd9fabe03, 0x3a6fa556), + TOBN(0xa40f9c59, 0xba9e5d35), + TOBN(0xcb1771c1, 0xf6247577), + TOBN(0x542a47ca, 0xe9a6312b), + TOBN(0xa34b3560, 0x552dd8c5), + TOBN(0xfdf94de0, 0x0d794716), + TOBN(0xd46124a9, 0x9c623094), + TOBN(0x56b7435d, 0x68afe8b4), + TOBN(0x27f20540, 0x6c0d8ea1), + TOBN(0x12b77e14, 0x73186898), + TOBN(0xdbc3dd46, 0x7479490f), + TOBN(0x951a9842, 0xc03b0c05), + TOBN(0x8b1b3bb3, 0x7921bc96), + TOBN(0xa573b346, 0x2b202e0a), + TOBN(0x77e4665d, 0x47254d56), + TOBN(0x08b70dfc, 0xd23e3984), + TOBN(0xab86e8bc, 0xebd14236), + TOBN(0xaa3e07f8, 0x57114ba7), + TOBN(0x5ac71689, 0xab0ef4f2), + TOBN(0x88fca384, 0x0139d9af), + TOBN(0x72733f88, 0x76644af0), + TOBN(0xf122f72a, 0x65d74f4a), + TOBN(0x13931577, 0xa5626c7a), + TOBN(0xd5b5d9eb, 0x70f8d5a4), + TOBN(0x375adde7, 0xd7bbb228), + TOBN(0x31e88b86, 0x0c1c0b32), + TOBN(0xd1f568c4, 0x173edbaa), + TOBN(0x1592fc83, 0x5459df02), + TOBN(0x2beac0fb, 0x0fcd9a7e), + TOBN(0xb0a6fdb8, 0x1b473b0a), + TOBN(0xe3224c6f, 0x0fe8fc48), + TOBN(0x680bd00e, 0xe87edf5b), + TOBN(0x30385f02, 0x20e77cf5), + TOBN(0xe9ab98c0, 0x4d42d1b2), + TOBN(0x72d191d2, 0xd3816d77), + TOBN(0x1564daca, 0x0917d9e5), + TOBN(0x394eab59, 0x1f8fed7f), + TOBN(0xa209aa8d, 0x7fbb3896), + TOBN(0x5564f3b9, 0xbe6ac98e), + TOBN(0xead21d05, 0xd73654ef), + TOBN(0x68d1a9c4, 0x13d78d74), + TOBN(0x61e01708, 0x6d4973a0), + TOBN(0x83da3500, 0x46e6d32a), + TOBN(0x6a3dfca4, 0x68ae0118), + TOBN(0xa1b9a4c9, 0xd02da069), + TOBN(0x0b2ff9c7, 0xebab8302), + TOBN(0x98af07c3, 0x944ba436), + TOBN(0x85997326, 0x995f0f9f), + TOBN(0x467fade0, 0x71b58bc6), + TOBN(0x47e4495a, 0xbd625a2b), + TOBN(0xfdd2d01d, 0x33c3b8cd), + TOBN(0x2c38ae28, 0xc693f9fa), + TOBN(0x48622329, 0x348f7999), + TOBN(0x97bf738e, 0x2161f583), + TOBN(0x15ee2fa7, 0x565e8cc9), + TOBN(0xa1a5c845, 0x5777e189), + TOBN(0xcc10bee0, 0x456f2829), + TOBN(0x8ad95c56, 0xda762bd5), + TOBN(0x152e2214, 0xe9d91da8), + TOBN(0x975b0e72, 0x7cb23c74), + TOBN(0xfd5d7670, 0xa90c66df), + TOBN(0xb5b5b8ad, 0x225ffc53), + TOBN(0xab6dff73, 0xfaded2ae), + TOBN(0xebd56781, 0x6f4cbe9d), + TOBN(0x0ed8b249, 0x6a574bd7), + TOBN(0x41c246fe, 0x81a881fa), + TOBN(0x91564805, 0xc3db9c70), + TOBN(0xd7c12b08, 0x5b862809), + TOBN(0x1facd1f1, 0x55858d7b), + TOBN(0x7693747c, 0xaf09e92a), + TOBN(0x3b69dcba, 0x189a425f), + TOBN(0x0be28e9f, 0x967365ef), + TOBN(0x57300eb2, 0xe801f5c9), + TOBN(0x93b8ac6a, 0xd583352f), + TOBN(0xa2cf1f89, 0xcd05b2b7), + TOBN(0x7c0c9b74, 0x4dcc40cc), + TOBN(0xfee38c45, 0xada523fb), + TOBN(0xb49a4dec, 0x1099cc4d), + TOBN(0x325c377f, 0x69f069c6), + TOBN(0xe12458ce, 0x476cc9ff), + TOBN(0x580e0b6c, 0xc6d4cb63), + TOBN(0xd561c8b7, 0x9072289b), + TOBN(0x0377f264, 0xa619e6da), + TOBN(0x26685362, 0x88e591a5), + TOBN(0xa453a7bd, 0x7523ca2b), + TOBN(0x8a9536d2, 0xc1df4533), + TOBN(0xc8e50f2f, 0xbe972f79), + TOBN(0xd433e50f, 0x6d3549cf), + TOBN(0x6f33696f, 0xfacd665e), + TOBN(0x695bfdac, 0xce11fcb4), + TOBN(0x810ee252, 0xaf7c9860), + TOBN(0x65450fe1, 0x7159bb2c), + TOBN(0xf7dfbebe, 0x758b357b), + TOBN(0x2b057e74, 0xd69fea72), + TOBN(0xd485717a, 0x92731745), + }, + { + TOBN(0x896c42e8, 0xee36860c), + TOBN(0xdaf04dfd, 0x4113c22d), + TOBN(0x1adbb7b7, 0x44104213), + TOBN(0xe5fd5fa1, 0x1fd394ea), + TOBN(0x68235d94, 0x1a4e0551), + TOBN(0x6772cfbe, 0x18d10151), + TOBN(0x276071e3, 0x09984523), + TOBN(0xe4e879de, 0x5a56ba98), + TOBN(0xaaafafb0, 0x285b9491), + TOBN(0x01a0be88, 0x1e4c705e), + TOBN(0xff1d4f5d, 0x2ad9caab), + TOBN(0x6e349a4a, 0xc37a233f), + TOBN(0xcf1c1246, 0x4a1c6a16), + TOBN(0xd99e6b66, 0x29383260), + TOBN(0xea3d4366, 0x5f6d5471), + TOBN(0x36974d04, 0xff8cc89b), + TOBN(0xc26c49a1, 0xcfe89d80), + TOBN(0xb42c026d, 0xda9c8371), + TOBN(0xca6c013a, 0xdad066d2), + TOBN(0xfb8f7228, 0x56a4f3ee), + TOBN(0x08b579ec, 0xd850935b), + TOBN(0x34c1a74c, 0xd631e1b3), + TOBN(0xcb5fe596, 0xac198534), + TOBN(0x39ff21f6, 0xe1f24f25), + TOBN(0x27f29e14, 0x8f929057), + TOBN(0x7a64ae06, 0xc0c853df), + TOBN(0x256cd183, 0x58e9c5ce), + TOBN(0x9d9cce82, 0xded092a5), + TOBN(0xcc6e5979, 0x6e93b7c7), + TOBN(0xe1e47092, 0x31bb9e27), + TOBN(0xb70b3083, 0xaa9e29a0), + TOBN(0xbf181a75, 0x3785e644), + TOBN(0xf53f2c65, 0x8ead09f7), + TOBN(0x1335e1d5, 0x9780d14d), + TOBN(0x69cc20e0, 0xcd1b66bc), + TOBN(0x9b670a37, 0xbbe0bfc8), + TOBN(0xce53dc81, 0x28efbeed), + TOBN(0x0c74e77c, 0x8326a6e5), + TOBN(0x3604e0d2, 0xb88e9a63), + TOBN(0xbab38fca, 0x13dc2248), + TOBN(0x8ed6e8c8, 0x5c0a3f1e), + TOBN(0xbcad2492, 0x7c87c37f), + TOBN(0xfdfb62bb, 0x9ee3b78d), + TOBN(0xeba8e477, 0xcbceba46), + TOBN(0x37d38cb0, 0xeeaede4b), + TOBN(0x0bc498e8, 0x7976deb6), + TOBN(0xb2944c04, 0x6b6147fb), + TOBN(0x8b123f35, 0xf71f9609), + TOBN(0xa155dcc7, 0xde79dc24), + TOBN(0xf1168a32, 0x558f69cd), + TOBN(0xbac21595, 0x0d1850df), + TOBN(0x15c8295b, 0xb204c848), + TOBN(0xf661aa36, 0x7d8184ff), + TOBN(0xc396228e, 0x30447bdb), + TOBN(0x11cd5143, 0xbde4a59e), + TOBN(0xe3a26e3b, 0x6beab5e6), + TOBN(0xd3b3a13f, 0x1402b9d0), + TOBN(0x573441c3, 0x2c7bc863), + TOBN(0x4b301ec4, 0x578c3e6e), + TOBN(0xc26fc9c4, 0x0adaf57e), + TOBN(0x96e71bfd, 0x7493cea3), + TOBN(0xd05d4b3f, 0x1af81456), + TOBN(0xdaca2a8a, 0x6a8c608f), + TOBN(0x53ef07f6, 0x0725b276), + TOBN(0x07a5fbd2, 0x7824fc56), + TOBN(0x34675218, 0x13289077), + TOBN(0x5bf69fd5, 0xe0c48349), + TOBN(0xa613ddd3, 0xb6aa7875), + TOBN(0x7f78c19c, 0x5450d866), + TOBN(0x46f4409c, 0x8f84a481), + TOBN(0x9f1d1928, 0x90fce239), + TOBN(0x016c4168, 0xb2ce44b9), + TOBN(0xbae023f0, 0xc7435978), + TOBN(0xb152c888, 0x20e30e19), + TOBN(0x9c241645, 0xe3fa6faf), + TOBN(0x735d95c1, 0x84823e60), + TOBN(0x03197573, 0x03955317), + TOBN(0x0b4b02a9, 0xf03b4995), + TOBN(0x076bf559, 0x70274600), + TOBN(0x32c5cc53, 0xaaf57508), + TOBN(0xe8af6d1f, 0x60624129), + TOBN(0xb7bc5d64, 0x9a5e2b5e), + TOBN(0x3814b048, 0x5f082d72), + TOBN(0x76f267f2, 0xce19677a), + TOBN(0x626c630f, 0xb36eed93), + TOBN(0x55230cd7, 0x3bf56803), + TOBN(0x78837949, 0xce2736a0), + TOBN(0x0d792d60, 0xaa6c55f1), + TOBN(0x0318dbfd, 0xd5c7c5d2), + TOBN(0xb38f8da7, 0x072b342d), + TOBN(0x3569bddc, 0x7b8de38a), + TOBN(0xf25b5887, 0xa1c94842), + TOBN(0xb2d5b284, 0x2946ad60), + TOBN(0x854f29ad, 0xe9d1707e), + TOBN(0xaa5159dc, 0x2c6a4509), + TOBN(0x899f94c0, 0x57189837), + TOBN(0xcf6adc51, 0xf4a55b03), + TOBN(0x261762de, 0x35e3b2d5), + TOBN(0x4cc43012, 0x04827b51), + TOBN(0xcd22a113, 0xc6021442), + TOBN(0xce2fd61a, 0x247c9569), + TOBN(0x59a50973, 0xd152beca), + TOBN(0x6c835a11, 0x63a716d4), + TOBN(0xc26455ed, 0x187dedcf), + TOBN(0x27f536e0, 0x49ce89e7), + TOBN(0x18908539, 0xcc890cb5), + TOBN(0x308909ab, 0xd83c2aa1), + TOBN(0xecd3142b, 0x1ab73bd3), + TOBN(0x6a85bf59, 0xb3f5ab84), + TOBN(0x3c320a68, 0xf2bea4c6), + TOBN(0xad8dc538, 0x6da4541f), + TOBN(0xeaf34eb0, 0xb7c41186), + TOBN(0x1c780129, 0x977c97c4), + TOBN(0x5ff9beeb, 0xc57eb9fa), + TOBN(0xa24d0524, 0xc822c478), + TOBN(0xfd8eec2a, 0x461cd415), + TOBN(0xfbde194e, 0xf027458c), + TOBN(0xb4ff5319, 0x1d1be115), + TOBN(0x63f874d9, 0x4866d6f4), + TOBN(0x35c75015, 0xb21ad0c9), + TOBN(0xa6b5c9d6, 0x46ac49d2), + TOBN(0x42c77c0b, 0x83137aa9), + TOBN(0x24d000fc, 0x68225a38), + TOBN(0x0f63cfc8, 0x2fe1e907), + TOBN(0x22d1b01b, 0xc6441f95), + TOBN(0x7d38f719, 0xec8e448f), + TOBN(0x9b33fa5f, 0x787fb1ba), + TOBN(0x94dcfda1, 0x190158df), + TOBN(0xc47cb339, 0x5f6d4a09), + TOBN(0x6b4f355c, 0xee52b826), + TOBN(0x3d100f5d, 0xf51b930a), + TOBN(0xf4512fac, 0x9f668f69), + TOBN(0x546781d5, 0x206c4c74), + TOBN(0xd021d4d4, 0xcb4d2e48), + TOBN(0x494a54c2, 0xca085c2d), + TOBN(0xf1dbaca4, 0x520850a8), + TOBN(0x63c79326, 0x490a1aca), + TOBN(0xcb64dd9c, 0x41526b02), + TOBN(0xbb772591, 0xa2979258), + TOBN(0x3f582970, 0x48d97846), + TOBN(0xd66b70d1, 0x7c213ba7), + TOBN(0xc28febb5, 0xe8a0ced4), + TOBN(0x6b911831, 0xc10338c1), + TOBN(0x0d54e389, 0xbf0126f3), + TOBN(0x7048d460, 0x4af206ee), + TOBN(0x786c88f6, 0x77e97cb9), + TOBN(0xd4375ae1, 0xac64802e), + TOBN(0x469bcfe1, 0xd53ec11c), + TOBN(0xfc9b340d, 0x47062230), + TOBN(0xe743bb57, 0xc5b4a3ac), + TOBN(0xfe00b4aa, 0x59ef45ac), + TOBN(0x29a4ef23, 0x59edf188), + TOBN(0x40242efe, 0xb483689b), + TOBN(0x2575d3f6, 0x513ac262), + TOBN(0xf30037c8, 0x0ca6db72), + TOBN(0xc9fcce82, 0x98864be2), + TOBN(0x84a112ff, 0x0149362d), + TOBN(0x95e57582, 0x1c4ae971), + TOBN(0x1fa4b1a8, 0x945cf86c), + TOBN(0x4525a734, 0x0b024a2f), + TOBN(0xe76c8b62, 0x8f338360), + TOBN(0x483ff593, 0x28edf32b), + TOBN(0x67e8e90a, 0x298b1aec), + TOBN(0x9caab338, 0x736d9a21), + TOBN(0x5c09d2fd, 0x66892709), + TOBN(0x2496b4dc, 0xb55a1d41), + TOBN(0x93f5fb1a, 0xe24a4394), + TOBN(0x08c75049, 0x6fa8f6c1), + TOBN(0xcaead1c2, 0xc905d85f), + TOBN(0xe9d7f790, 0x0733ae57), + TOBN(0x24c9a65c, 0xf07cdd94), + TOBN(0x7389359c, 0xa4b55931), + TOBN(0xf58709b7, 0x367e45f7), + TOBN(0x1f203067, 0xcb7e7adc), + TOBN(0x82444bff, 0xc7b72818), + TOBN(0x07303b35, 0xbaac8033), + TOBN(0x1e1ee4e4, 0xd13b7ea1), + TOBN(0xe6489b24, 0xe0e74180), + TOBN(0xa5f2c610, 0x7e70ef70), + TOBN(0xa1655412, 0xbdd10894), + TOBN(0x555ebefb, 0x7af4194e), + TOBN(0x533c1c3c, 0x8e89bd9c), + TOBN(0x735b9b57, 0x89895856), + TOBN(0x15fb3cd2, 0x567f5c15), + TOBN(0x057fed45, 0x526f09fd), + TOBN(0xe8a4f10c, 0x8128240a), + TOBN(0x9332efc4, 0xff2bfd8d), + TOBN(0x214e77a0, 0xbd35aa31), + TOBN(0x32896d73, 0x14faa40e), + TOBN(0x767867ec, 0x01e5f186), + TOBN(0xc9adf8f1, 0x17a1813e), + TOBN(0xcb6cda78, 0x54741795), + TOBN(0xb7521b6d, 0x349d51aa), + TOBN(0xf56b5a9e, 0xe3c7b8e9), + TOBN(0xc6f1e5c9, 0x32a096df), + TOBN(0x083667c4, 0xa3635024), + TOBN(0x365ea135, 0x18087f2f), + TOBN(0xf1b8eaac, 0xd136e45d), + TOBN(0xc8a0e484, 0x73aec989), + TOBN(0xd75a324b, 0x142c9259), + TOBN(0xb7b4d001, 0x01dae185), + TOBN(0x45434e0b, 0x9b7a94bc), + TOBN(0xf54339af, 0xfbd8cb0b), + TOBN(0xdcc4569e, 0xe98ef49e), + TOBN(0x7789318a, 0x09a51299), + TOBN(0x81b4d206, 0xb2b025d8), + TOBN(0xf64aa418, 0xfae85792), + TOBN(0x3e50258f, 0xacd7baf7), + TOBN(0xdce84cdb, 0x2996864b), + TOBN(0xa2e67089, 0x1f485fa4), + TOBN(0xb28b2bb6, 0x534c6a5a), + TOBN(0x31a7ec6b, 0xc94b9d39), + TOBN(0x1d217766, 0xd6bc20da), + TOBN(0x4acdb5ec, 0x86761190), + TOBN(0x68726328, 0x73701063), + TOBN(0x4d24ee7c, 0x2128c29b), + TOBN(0xc072ebd3, 0xa19fd868), + TOBN(0x612e481c, 0xdb8ddd3b), + TOBN(0xb4e1d754, 0x1a64d852), + TOBN(0x00ef95ac, 0xc4c6c4ab), + TOBN(0x1536d2ed, 0xaa0a6c46), + TOBN(0x61294086, 0x43774790), + TOBN(0x54af25e8, 0x343fda10), + TOBN(0x9ff9d98d, 0xfd25d6f2), + TOBN(0x0746af7c, 0x468b8835), + TOBN(0x977a31cb, 0x730ecea7), + TOBN(0xa5096b80, 0xc2cf4a81), + TOBN(0xaa986833, 0x6458c37a), + TOBN(0x6af29bf3, 0xa6bd9d34), + TOBN(0x6a62fe9b, 0x33c5d854), + TOBN(0x50e6c304, 0xb7133b5e), + TOBN(0x04b60159, 0x7d6e6848), + TOBN(0x4cd296df, 0x5579bea4), + TOBN(0x10e35ac8, 0x5ceedaf1), + TOBN(0x04c4c5fd, 0xe3bcc5b1), + TOBN(0x95f9ee8a, 0x89412cf9), + TOBN(0x2c9459ee, 0x82b6eb0f), + TOBN(0x2e845765, 0x95c2aadd), + TOBN(0x774a84ae, 0xd327fcfe), + TOBN(0xd8c93722, 0x0368d476), + TOBN(0x0dbd5748, 0xf83e8a3b), + TOBN(0xa579aa96, 0x8d2495f3), + TOBN(0x535996a0, 0xae496e9b), + TOBN(0x07afbfe9, 0xb7f9bcc2), + TOBN(0x3ac1dc6d, 0x5b7bd293), + TOBN(0x3b592cff, 0x7022323d), + TOBN(0xba0deb98, 0x9c0a3e76), + TOBN(0x18e78e9f, 0x4b197acb), + TOBN(0x211cde10, 0x296c36ef), + TOBN(0x7ee89672, 0x82c4da77), + TOBN(0xb617d270, 0xa57836da), + TOBN(0xf0cd9c31, 0x9cb7560b), + TOBN(0x01fdcbf7, 0xe455fe90), + TOBN(0x3fb53cbb, 0x7e7334f3), + TOBN(0x781e2ea4, 0x4e7de4ec), + TOBN(0x8adab3ad, 0x0b384fd0), + TOBN(0x129eee2f, 0x53d64829), + TOBN(0x7a471e17, 0xa261492b), + TOBN(0xe4f9adb9, 0xe4cb4a2c), + TOBN(0x3d359f6f, 0x97ba2c2d), + TOBN(0x346c6786, 0x0aacd697), + TOBN(0x92b444c3, 0x75c2f8a8), + TOBN(0xc79fa117, 0xd85df44e), + TOBN(0x56782372, 0x398ddf31), + TOBN(0x60e690f2, 0xbbbab3b8), + TOBN(0x4851f8ae, 0x8b04816b), + TOBN(0xc72046ab, 0x9c92e4d2), + TOBN(0x518c74a1, 0x7cf3136b), + TOBN(0xff4eb50a, 0xf9877d4c), + TOBN(0x14578d90, 0xa919cabb), + TOBN(0x8218f8c4, 0xac5eb2b6), + TOBN(0xa3ccc547, 0x542016e4), + TOBN(0x025bf48e, 0x327f8349), + TOBN(0xf3e97346, 0xf43cb641), + TOBN(0xdc2bafdf, 0x500f1085), + TOBN(0x57167876, 0x2f063055), + TOBN(0x5bd914b9, 0x411925a6), + TOBN(0x7c078d48, 0xa1123de5), + TOBN(0xee6bf835, 0x182b165d), + TOBN(0xb11b5e5b, 0xba519727), + TOBN(0xe33ea76c, 0x1eea7b85), + TOBN(0x2352b461, 0x92d4f85e), + TOBN(0xf101d334, 0xafe115bb), + TOBN(0xfabc1294, 0x889175a3), + TOBN(0x7f6bcdc0, 0x5233f925), + TOBN(0xe0a802db, 0xe77fec55), + TOBN(0xbdb47b75, 0x8069b659), + TOBN(0x1c5e12de, 0xf98fbd74), + TOBN(0x869c58c6, 0x4b8457ee), + TOBN(0xa5360f69, 0x4f7ea9f7), + TOBN(0xe576c09f, 0xf460b38f), + TOBN(0x6b70d548, 0x22b7fb36), + TOBN(0x3fd237f1, 0x3bfae315), + TOBN(0x33797852, 0xcbdff369), + TOBN(0x97df25f5, 0x25b516f9), + TOBN(0x46f388f2, 0xba38ad2d), + TOBN(0x656c4658, 0x89d8ddbb), + TOBN(0x8830b26e, 0x70f38ee8), + TOBN(0x4320fd5c, 0xde1212b0), + TOBN(0xc34f30cf, 0xe4a2edb2), + TOBN(0xabb131a3, 0x56ab64b8), + TOBN(0x7f77f0cc, 0xd99c5d26), + TOBN(0x66856a37, 0xbf981d94), + TOBN(0x19e76d09, 0x738bd76e), + TOBN(0xe76c8ac3, 0x96238f39), + TOBN(0xc0a482be, 0xa830b366), + TOBN(0xb7b8eaff, 0x0b4eb499), + TOBN(0x8ecd83bc, 0x4bfb4865), + TOBN(0x971b2cb7, 0xa2f3776f), + TOBN(0xb42176a4, 0xf4b88adf), + TOBN(0xb9617df5, 0xbe1fa446), + TOBN(0x8b32d508, 0xcd031bd2), + TOBN(0x1c6bd47d, 0x53b618c0), + TOBN(0xc424f46c, 0x6a227923), + TOBN(0x7303ffde, 0xdd92d964), + TOBN(0xe9712878, 0x71b5abf2), + TOBN(0x8f48a632, 0xf815561d), + TOBN(0x85f48ff5, 0xd3c055d1), + TOBN(0x222a1427, 0x7525684f), + TOBN(0xd0d841a0, 0x67360cc3), + TOBN(0x4245a926, 0x0b9267c6), + TOBN(0xc78913f1, 0xcf07f863), + TOBN(0xaa844c8e, 0x4d0d9e24), + TOBN(0xa42ad522, 0x3d5f9017), + TOBN(0xbd371749, 0xa2c989d5), + TOBN(0x928292df, 0xe1f5e78e), + TOBN(0x493b383e, 0x0a1ea6da), + TOBN(0x5136fd8d, 0x13aee529), + TOBN(0x860c44b1, 0xf2c34a99), + TOBN(0x3b00aca4, 0xbf5855ac), + TOBN(0xabf6aaa0, 0xfaaf37be), + TOBN(0x65f43682, 0x2a53ec08), + TOBN(0x1d9a5801, 0xa11b12e1), + TOBN(0x78a7ab2c, 0xe20ed475), + TOBN(0x0de1067e, 0x9a41e0d5), + TOBN(0x30473f5f, 0x305023ea), + TOBN(0xdd3ae09d, 0x169c7d97), + TOBN(0x5cd5baa4, 0xcfaef9cd), + TOBN(0x5cd7440b, 0x65a44803), + TOBN(0xdc13966a, 0x47f364de), + TOBN(0x077b2be8, 0x2b8357c1), + TOBN(0x0cb1b4c5, 0xe9d57c2a), + TOBN(0x7a4ceb32, 0x05ff363e), + TOBN(0xf310fa4d, 0xca35a9ef), + TOBN(0xdbb7b352, 0xf97f68c6), + TOBN(0x0c773b50, 0x0b02cf58), + TOBN(0xea2e4821, 0x3c1f96d9), + TOBN(0xffb357b0, 0xeee01815), + TOBN(0xb9c924cd, 0xe0f28039), + TOBN(0x0b36c95a, 0x46a3fbe4), + TOBN(0x1faaaea4, 0x5e46db6c), + TOBN(0xcae575c3, 0x1928aaff), + TOBN(0x7f671302, 0xa70dab86), + TOBN(0xfcbd12a9, 0x71c58cfc), + TOBN(0xcbef9acf, 0xbee0cb92), + TOBN(0x573da0b9, 0xf8c1b583), + TOBN(0x4752fcfe, 0x0d41d550), + TOBN(0xe7eec0e3, 0x2155cffe), + TOBN(0x0fc39fcb, 0x545ae248), + TOBN(0x522cb8d1, 0x8065f44e), + TOBN(0x263c962a, 0x70cbb96c), + TOBN(0xe034362a, 0xbcd124a9), + TOBN(0xf120db28, 0x3c2ae58d), + TOBN(0xb9a38d49, 0xfef6d507), + TOBN(0xb1fd2a82, 0x1ff140fd), + TOBN(0xbd162f30, 0x20aee7e0), + TOBN(0x4e17a5d4, 0xcb251949), + TOBN(0x2aebcb83, 0x4f7e1c3d), + TOBN(0x608eb25f, 0x937b0527), + TOBN(0xf42e1e47, 0xeb7d9997), + TOBN(0xeba699c4, 0xb8a53a29), + TOBN(0x1f921c71, 0xe091b536), + TOBN(0xcce29e7b, 0x5b26bbd5), + TOBN(0x7a8ef5ed, 0x3b61a680), + TOBN(0xe5ef8043, 0xba1f1c7e), + TOBN(0x16ea8217, 0x18158dda), + TOBN(0x01778a2b, 0x599ff0f9), + TOBN(0x68a923d7, 0x8104fc6b), + TOBN(0x5bfa44df, 0xda694ff3), + TOBN(0x4f7199db, 0xf7667f12), + TOBN(0xc06d8ff6, 0xe46f2a79), + TOBN(0x08b5dead, 0xe9f8131d), + TOBN(0x02519a59, 0xabb4ce7c), + TOBN(0xc4f710bc, 0xb42aec3e), + TOBN(0x3d77b057, 0x78bde41a), + TOBN(0x6474bf80, 0xb4186b5a), + TOBN(0x048b3f67, 0x88c65741), + TOBN(0xc64519de, 0x03c7c154), + TOBN(0xdf073846, 0x0edfcc4f), + TOBN(0x319aa737, 0x48f1aa6b), + TOBN(0x8b9f8a02, 0xca909f77), + TOBN(0x90258139, 0x7580bfef), + TOBN(0xd8bfd3ca, 0xc0c22719), + TOBN(0xc60209e4, 0xc9ca151e), + TOBN(0x7a744ab5, 0xd9a1a69c), + TOBN(0x6de5048b, 0x14937f8f), + TOBN(0x171938d8, 0xe115ac04), + TOBN(0x7df70940, 0x1c6b16d2), + TOBN(0xa6aeb663, 0x7f8e94e7), + TOBN(0xc130388e, 0x2a2cf094), + TOBN(0x1850be84, 0x77f54e6e), + TOBN(0x9f258a72, 0x65d60fe5), + TOBN(0xff7ff0c0, 0x6c9146d6), + TOBN(0x039aaf90, 0xe63a830b), + TOBN(0x38f27a73, 0x9460342f), + TOBN(0x4703148c, 0x3f795f8a), + TOBN(0x1bb5467b, 0x9681a97e), + TOBN(0x00931ba5, 0xecaeb594), + TOBN(0xcdb6719d, 0x786f337c), + TOBN(0xd9c01cd2, 0xe704397d), + TOBN(0x0f4a3f20, 0x555c2fef), + TOBN(0x00452509, 0x7c0af223), + TOBN(0x54a58047, 0x84db8e76), + TOBN(0x3bacf1aa, 0x93c8aa06), + TOBN(0x11ca957c, 0xf7919422), + TOBN(0x50641053, 0x78cdaa40), + TOBN(0x7a303874, 0x9f7144ae), + TOBN(0x170c963f, 0x43d4acfd), + TOBN(0x5e148149, 0x58ddd3ef), + TOBN(0xa7bde582, 0x9e72dba8), + TOBN(0x0769da8b, 0x6fa68750), + TOBN(0xfa64e532, 0x572e0249), + TOBN(0xfcaadf9d, 0x2619ad31), + TOBN(0x87882daa, 0xa7b349cd), + TOBN(0x9f6eb731, 0x6c67a775), + TOBN(0xcb10471a, 0xefc5d0b1), + TOBN(0xb433750c, 0xe1b806b2), + TOBN(0x19c5714d, 0x57b1ae7e), + TOBN(0xc0dc8b7b, 0xed03fd3f), + TOBN(0xdd03344f, 0x31bc194e), + TOBN(0xa66c52a7, 0x8c6320b5), + TOBN(0x8bc82ce3, 0xd0b6fd93), + TOBN(0xf8e13501, 0xb35f1341), + TOBN(0xe53156dd, 0x25a43e42), + TOBN(0xd3adf27e, 0x4daeb85c), + TOBN(0xb81d8379, 0xbbeddeb5), + TOBN(0x1b0b546e, 0x2e435867), + TOBN(0x9020eb94, 0xeba5dd60), + TOBN(0x37d91161, 0x8210cb9d), + TOBN(0x4c596b31, 0x5c91f1cf), + TOBN(0xb228a90f, 0x0e0b040d), + TOBN(0xbaf02d82, 0x45ff897f), + TOBN(0x2aac79e6, 0x00fa6122), + TOBN(0x24828817, 0x8e36f557), + TOBN(0xb9521d31, 0x113ec356), + TOBN(0x9e48861e, 0x15eff1f8), + TOBN(0x2aa1d412, 0xe0d41715), + TOBN(0x71f86203, 0x53f131b8), + TOBN(0xf60da8da, 0x3fd19408), + TOBN(0x4aa716dc, 0x278d9d99), + TOBN(0x394531f7, 0xa8c51c90), + TOBN(0xb560b0e8, 0xf59db51c), + TOBN(0xa28fc992, 0xfa34bdad), + TOBN(0xf024fa14, 0x9cd4f8bd), + TOBN(0x5cf530f7, 0x23a9d0d3), + TOBN(0x615ca193, 0xe28c9b56), + TOBN(0x6d2a483d, 0x6f73c51e), + TOBN(0xa4cb2412, 0xea0dc2dd), + TOBN(0x50663c41, 0x1eb917ff), + TOBN(0x3d3a74cf, 0xeade299e), + TOBN(0x29b3990f, 0x4a7a9202), + TOBN(0xa9bccf59, 0xa7b15c3d), + TOBN(0x66a3ccdc, 0xa5df9208), + TOBN(0x48027c14, 0x43f2f929), + TOBN(0xd385377c, 0x40b557f0), + TOBN(0xe001c366, 0xcd684660), + TOBN(0x1b18ed6b, 0xe2183a27), + TOBN(0x879738d8, 0x63210329), + TOBN(0xa687c74b, 0xbda94882), + TOBN(0xd1bbcc48, 0xa684b299), + TOBN(0xaf6f1112, 0x863b3724), + TOBN(0x6943d1b4, 0x2c8ce9f8), + TOBN(0xe044a3bb, 0x098cafb4), + TOBN(0x27ed2310, 0x60d48caf), + TOBN(0x542b5675, 0x3a31b84d), + TOBN(0xcbf3dd50, 0xfcddbed7), + TOBN(0x25031f16, 0x41b1d830), + TOBN(0xa7ec851d, 0xcb0c1e27), + TOBN(0xac1c8fe0, 0xb5ae75db), + TOBN(0xb24c7557, 0x08c52120), + TOBN(0x57f811dc, 0x1d4636c3), + TOBN(0xf8436526, 0x681a9939), + TOBN(0x1f6bc6d9, 0x9c81adb3), + TOBN(0x840f8ac3, 0x5b7d80d4), + TOBN(0x731a9811, 0xf4387f1a), + TOBN(0x7c501cd3, 0xb5156880), + TOBN(0xa5ca4a07, 0xdfe68867), + TOBN(0xf123d8f0, 0x5fcea120), + TOBN(0x1fbb0e71, 0xd607039e), + TOBN(0x2b70e215, 0xcd3a4546), + TOBN(0x32d2f01d, 0x53324091), + TOBN(0xb796ff08, 0x180ab19b), + TOBN(0x32d87a86, 0x3c57c4aa), + TOBN(0x2aed9caf, 0xb7c49a27), + TOBN(0x9fb35eac, 0x31630d98), + TOBN(0x338e8cdf, 0x5c3e20a3), + TOBN(0x80f16182, 0x66cde8db), + TOBN(0x4e159980, 0x2d72fd36), + TOBN(0xd7b8f13b, 0x9b6e5072), + TOBN(0xf5213907, 0x3b7b5dc1), + TOBN(0x4d431f1d, 0x8ce4396e), + TOBN(0x37a1a680, 0xa7ed2142), + TOBN(0xbf375696, 0xd01aaf6b), + TOBN(0xaa1c0c54, 0xe63aab66), + TOBN(0x3014368b, 0x4ed80940), + TOBN(0x67e6d056, 0x7a6fcedd), + TOBN(0x7c208c49, 0xca97579f), + TOBN(0xfe3d7a81, 0xa23597f6), + TOBN(0x5e203202, 0x7e096ae2), + TOBN(0xb1f3e1e7, 0x24b39366), + TOBN(0x26da26f3, 0x2fdcdffc), + TOBN(0x79422f1d, 0x6097be83), + }, + { + TOBN(0x263a2cfb, 0x9db3b381), + TOBN(0x9c3a2dee, 0xd4df0a4b), + TOBN(0x728d06e9, 0x7d04e61f), + TOBN(0x8b1adfbc, 0x42449325), + TOBN(0x6ec1d939, 0x7e053a1b), + TOBN(0xee2be5c7, 0x66daf707), + TOBN(0x80ba1e14, 0x810ac7ab), + TOBN(0xdd2ae778, 0xf530f174), + TOBN(0x0435d97a, 0x205b9d8b), + TOBN(0x6eb8f064, 0x056756d4), + TOBN(0xd5e88a8b, 0xb6f8210e), + TOBN(0x070ef12d, 0xec9fd9ea), + TOBN(0x4d849505, 0x3bcc876a), + TOBN(0x12a75338, 0xa7404ce3), + TOBN(0xd22b49e1, 0xb8a1db5e), + TOBN(0xec1f2051, 0x14bfa5ad), + TOBN(0xadbaeb79, 0xb6828f36), + TOBN(0x9d7a0258, 0x01bd5b9e), + TOBN(0xeda01e0d, 0x1e844b0c), + TOBN(0x4b625175, 0x887edfc9), + TOBN(0x14109fdd, 0x9669b621), + TOBN(0x88a2ca56, 0xf6f87b98), + TOBN(0xfe2eb788, 0x170df6bc), + TOBN(0x0cea06f4, 0xffa473f9), + TOBN(0x43ed81b5, 0xc4e83d33), + TOBN(0xd9f35879, 0x5efd488b), + TOBN(0x164a620f, 0x9deb4d0f), + TOBN(0xc6927bdb, 0xac6a7394), + TOBN(0x45c28df7, 0x9f9e0f03), + TOBN(0x2868661e, 0xfcd7e1a9), + TOBN(0x7cf4e8d0, 0xffa348f1), + TOBN(0x6bd4c284, 0x398538e0), + TOBN(0x2618a091, 0x289a8619), + TOBN(0xef796e60, 0x6671b173), + TOBN(0x664e46e5, 0x9090c632), + TOBN(0xa38062d4, 0x1e66f8fb), + TOBN(0x6c744a20, 0x0573274e), + TOBN(0xd07b67e4, 0xa9271394), + TOBN(0x391223b2, 0x6bdc0e20), + TOBN(0xbe2d93f1, 0xeb0a05a7), + TOBN(0xf23e2e53, 0x3f36d141), + TOBN(0xe84bb3d4, 0x4dfca442), + TOBN(0xb804a48d, 0x6b7c023a), + TOBN(0x1e16a8fa, 0x76431c3b), + TOBN(0x1b5452ad, 0xddd472e0), + TOBN(0x7d405ee7, 0x0d1ee127), + TOBN(0x50fc6f1d, 0xffa27599), + TOBN(0x351ac53c, 0xbf391b35), + TOBN(0x7efa14b8, 0x4444896b), + TOBN(0x64974d2f, 0xf94027fb), + TOBN(0xefdcd0e8, 0xde84487d), + TOBN(0x8c45b260, 0x2b48989b), + TOBN(0xa8fcbbc2, 0xd8463487), + TOBN(0xd1b2b3f7, 0x3fbc476c), + TOBN(0x21d005b7, 0xc8f443c0), + TOBN(0x518f2e67, 0x40c0139c), + TOBN(0x56036e8c, 0x06d75fc1), + TOBN(0x2dcf7bb7, 0x3249a89f), + TOBN(0x81dd1d3d, 0xe245e7dd), + TOBN(0xf578dc4b, 0xebd6e2a7), + TOBN(0x4c028903, 0xdf2ce7a0), + TOBN(0xaee36288, 0x9c39afac), + TOBN(0xdc847c31, 0x146404ab), + TOBN(0x6304c0d8, 0xa4e97818), + TOBN(0xae51dca2, 0xa91f6791), + TOBN(0x2abe4190, 0x9baa9efc), + TOBN(0xd9d2e2f4, 0x559c7ac1), + TOBN(0xe82f4b51, 0xfc9f773a), + TOBN(0xa7713027, 0x4073e81c), + TOBN(0xc0276fac, 0xfbb596fc), + TOBN(0x1d819fc9, 0xa684f70c), + TOBN(0x29b47fdd, 0xc9f7b1e0), + TOBN(0x358de103, 0x459b1940), + TOBN(0xec881c59, 0x5b013e93), + TOBN(0x51574c93, 0x49532ad3), + TOBN(0x2db1d445, 0xb37b46de), + TOBN(0xc6445b87, 0xdf239fd8), + TOBN(0xc718af75, 0x151d24ee), + TOBN(0xaea1c4a4, 0xf43c6259), + TOBN(0x40c0e5d7, 0x70be02f7), + TOBN(0x6a4590f4, 0x721b33f2), + TOBN(0x2124f1fb, 0xfedf04ea), + TOBN(0xf8e53cde, 0x9745efe7), + TOBN(0xe7e10432, 0x65f046d9), + TOBN(0xc3fca28e, 0xe4d0c7e6), + TOBN(0x847e339a, 0x87253b1b), + TOBN(0x9b595348, 0x3743e643), + TOBN(0xcb6a0a0b, 0x4fd12fc5), + TOBN(0xfb6836c3, 0x27d02dcc), + TOBN(0x5ad00982, 0x7a68bcc2), + TOBN(0x1b24b44c, 0x005e912d), + TOBN(0xcc83d20f, 0x811fdcfe), + TOBN(0x36527ec1, 0x666fba0c), + TOBN(0x69948197, 0x14754635), + TOBN(0xfcdcb1a8, 0x556da9c2), + TOBN(0xa5934267, 0x81a732b2), + TOBN(0xec1214ed, 0xa714181d), + TOBN(0x609ac13b, 0x6067b341), + TOBN(0xff4b4c97, 0xa545df1f), + TOBN(0xa1240501, 0x34d2076b), + TOBN(0x6efa0c23, 0x1409ca97), + TOBN(0x254cc1a8, 0x20638c43), + TOBN(0xd4e363af, 0xdcfb46cd), + TOBN(0x62c2adc3, 0x03942a27), + TOBN(0xc67b9df0, 0x56e46483), + TOBN(0xa55abb20, 0x63736356), + TOBN(0xab93c098, 0xc551bc52), + TOBN(0x382b49f9, 0xb15fe64b), + TOBN(0x9ec221ad, 0x4dff8d47), + TOBN(0x79caf615, 0x437df4d6), + TOBN(0x5f13dc64, 0xbb456509), + TOBN(0xe4c589d9, 0x191f0714), + TOBN(0x27b6a8ab, 0x3fd40e09), + TOBN(0xe455842e, 0x77313ea9), + TOBN(0x8b51d1e2, 0x1f55988b), + TOBN(0x5716dd73, 0x062bbbfc), + TOBN(0x633c11e5, 0x4e8bf3de), + TOBN(0x9a0e77b6, 0x1b85be3b), + TOBN(0x56510729, 0x0911cca6), + TOBN(0x27e76495, 0xefa6590f), + TOBN(0xe4ac8b33, 0x070d3aab), + TOBN(0x2643672b, 0x9a2cd5e5), + TOBN(0x52eff79b, 0x1cfc9173), + TOBN(0x665ca49b, 0x90a7c13f), + TOBN(0x5a8dda59, 0xb3efb998), + TOBN(0x8a5b922d, 0x052f1341), + TOBN(0xae9ebbab, 0x3cf9a530), + TOBN(0x35986e7b, 0xf56da4d7), + TOBN(0x3a636b5c, 0xff3513cc), + TOBN(0xbb0cf8ba, 0x3198f7dd), + TOBN(0xb8d40522, 0x41f16f86), + TOBN(0x760575d8, 0xde13a7bf), + TOBN(0x36f74e16, 0x9f7aa181), + TOBN(0x163a3ecf, 0xf509ed1c), + TOBN(0x6aead61f, 0x3c40a491), + TOBN(0x158c95fc, 0xdfe8fcaa), + TOBN(0xa3991b6e, 0x13cda46f), + TOBN(0x79482415, 0x342faed0), + TOBN(0xf3ba5bde, 0x666b5970), + TOBN(0x1d52e6bc, 0xb26ab6dd), + TOBN(0x768ba1e7, 0x8608dd3d), + TOBN(0x4930db2a, 0xea076586), + TOBN(0xd9575714, 0xe7dc1afa), + TOBN(0x1fc7bf7d, 0xf7c58817), + TOBN(0x6b47accd, 0xd9eee96c), + TOBN(0x0ca277fb, 0xe58cec37), + TOBN(0x113fe413, 0xe702c42a), + TOBN(0xdd1764ee, 0xc47cbe51), + TOBN(0x041e7cde, 0x7b3ed739), + TOBN(0x50cb7459, 0x5ce9e1c0), + TOBN(0x35568513, 0x2925b212), + TOBN(0x7cff95c4, 0x001b081c), + TOBN(0x63ee4cbd, 0x8088b454), + TOBN(0xdb7f32f7, 0x9a9e0c8a), + TOBN(0xb377d418, 0x6b2447cb), + TOBN(0xe3e982aa, 0xd370219b), + TOBN(0x06ccc1e4, 0xc2a2a593), + TOBN(0x72c36865, 0x0773f24f), + TOBN(0xa13b4da7, 0x95859423), + TOBN(0x8bbf1d33, 0x75040c8f), + TOBN(0x726f0973, 0xda50c991), + TOBN(0x48afcd5b, 0x822d6ee2), + TOBN(0xe5fc718b, 0x20fd7771), + TOBN(0xb9e8e77d, 0xfd0807a1), + TOBN(0x7f5e0f44, 0x99a7703d), + TOBN(0x6972930e, 0x618e36f3), + TOBN(0x2b7c77b8, 0x23807bbe), + TOBN(0xe5b82405, 0xcb27ff50), + TOBN(0xba8b8be3, 0xbd379062), + TOBN(0xd64b7a1d, 0x2dce4a92), + TOBN(0x040a73c5, 0xb2952e37), + TOBN(0x0a9e252e, 0xd438aeca), + TOBN(0xdd43956b, 0xc39d3bcb), + TOBN(0x1a31ca00, 0xb32b2d63), + TOBN(0xd67133b8, 0x5c417a18), + TOBN(0xd08e4790, 0x2ef442c8), + TOBN(0x98cb1ae9, 0x255c0980), + TOBN(0x4bd86381, 0x2b4a739f), + TOBN(0x5a5c31e1, 0x1e4a45a1), + TOBN(0x1e5d55fe, 0x9cb0db2f), + TOBN(0x74661b06, 0x8ff5cc29), + TOBN(0x026b389f, 0x0eb8a4f4), + TOBN(0x536b21a4, 0x58848c24), + TOBN(0x2e5bf8ec, 0x81dc72b0), + TOBN(0x03c187d0, 0xad886aac), + TOBN(0x5c16878a, 0xb771b645), + TOBN(0xb07dfc6f, 0xc74045ab), + TOBN(0x2c6360bf, 0x7800caed), + TOBN(0x24295bb5, 0xb9c972a3), + TOBN(0xc9e6f88e, 0x7c9a6dba), + TOBN(0x90ffbf24, 0x92a79aa6), + TOBN(0xde29d50a, 0x41c26ac2), + TOBN(0x9f0af483, 0xd309cbe6), + TOBN(0x5b020d8a, 0xe0bced4f), + TOBN(0x606e986d, 0xb38023e3), + TOBN(0xad8f2c9d, 0x1abc6933), + TOBN(0x19292e1d, 0xe7400e93), + TOBN(0xfe3e18a9, 0x52be5e4d), + TOBN(0xe8e9771d, 0x2e0680bf), + TOBN(0x8c5bec98, 0xc54db063), + TOBN(0x2af9662a, 0x74a55d1f), + TOBN(0xe3fbf28f, 0x046f66d8), + TOBN(0xa3a72ab4, 0xd4dc4794), + TOBN(0x09779f45, 0x5c7c2dd8), + TOBN(0xd893bdaf, 0xc3d19d8d), + TOBN(0xd5a75094, 0x57d6a6df), + TOBN(0x8cf8fef9, 0x952e6255), + TOBN(0x3da67cfb, 0xda9a8aff), + TOBN(0x4c23f62a, 0x2c160dcd), + TOBN(0x34e6c5e3, 0x8f90eaef), + TOBN(0x35865519, 0xa9a65d5a), + TOBN(0x07c48aae, 0x8fd38a3d), + TOBN(0xb7e7aeda, 0x50068527), + TOBN(0x2c09ef23, 0x1c90936a), + TOBN(0x31ecfeb6, 0xe879324c), + TOBN(0xa0871f6b, 0xfb0ec938), + TOBN(0xb1f0fb68, 0xd84d835d), + TOBN(0xc90caf39, 0x861dc1e6), + TOBN(0x12e5b046, 0x7594f8d7), + TOBN(0x26897ae2, 0x65012b92), + TOBN(0xbcf68a08, 0xa4d6755d), + TOBN(0x403ee41c, 0x0991fbda), + TOBN(0x733e343e, 0x3bbf17e8), + TOBN(0xd2c7980d, 0x679b3d65), + TOBN(0x33056232, 0xd2e11305), + TOBN(0x966be492, 0xf3c07a6f), + TOBN(0x6a8878ff, 0xbb15509d), + TOBN(0xff221101, 0x0a9b59a4), + TOBN(0x6c9f564a, 0xabe30129), + TOBN(0xc6f2c940, 0x336e64cf), + TOBN(0x0fe75262, 0x8b0c8022), + TOBN(0xbe0267e9, 0x6ae8db87), + TOBN(0x22e192f1, 0x93bc042b), + TOBN(0xf085b534, 0xb237c458), + TOBN(0xa0d192bd, 0x832c4168), + TOBN(0x7a76e9e3, 0xbdf6271d), + TOBN(0x52a882fa, 0xb88911b5), + TOBN(0xc85345e4, 0xb4db0eb5), + TOBN(0xa3be02a6, 0x81a7c3ff), + TOBN(0x51889c8c, 0xf0ec0469), + TOBN(0x9d031369, 0xa5e829e5), + TOBN(0xcbb4c6fc, 0x1607aa41), + TOBN(0x75ac59a6, 0x241d84c1), + TOBN(0xc043f2bf, 0x8829e0ee), + TOBN(0x82a38f75, 0x8ea5e185), + TOBN(0x8bda40b9, 0xd87cbd9f), + TOBN(0x9e65e75e, 0x2d8fc601), + TOBN(0x3d515f74, 0xa35690b3), + TOBN(0x534acf4f, 0xda79e5ac), + TOBN(0x68b83b3a, 0x8630215f), + TOBN(0x5c748b2e, 0xd085756e), + TOBN(0xb0317258, 0xe5d37cb2), + TOBN(0x6735841a, 0xc5ccc2c4), + TOBN(0x7d7dc96b, 0x3d9d5069), + TOBN(0xa147e410, 0xfd1754bd), + TOBN(0x65296e94, 0xd399ddd5), + TOBN(0xf6b5b2d0, 0xbc8fa5bc), + TOBN(0x8a5ead67, 0x500c277b), + TOBN(0x214625e6, 0xdfa08a5d), + TOBN(0x51fdfedc, 0x959cf047), + TOBN(0x6bc9430b, 0x289fca32), + TOBN(0xe36ff0cf, 0x9d9bdc3f), + TOBN(0x2fe187cb, 0x58ea0ede), + TOBN(0xed66af20, 0x5a900b3f), + TOBN(0x00e0968b, 0x5fa9f4d6), + TOBN(0x2d4066ce, 0x37a362e7), + TOBN(0xa99a9748, 0xbd07e772), + TOBN(0x710989c0, 0x06a4f1d0), + TOBN(0xd5dedf35, 0xce40cbd8), + TOBN(0xab55c5f0, 0x1743293d), + TOBN(0x766f1144, 0x8aa24e2c), + TOBN(0x94d874f8, 0x605fbcb4), + TOBN(0xa365f0e8, 0xa518001b), + TOBN(0xee605eb6, 0x9d04ef0f), + TOBN(0x5a3915cd, 0xba8d4d25), + TOBN(0x44c0e1b8, 0xb5113472), + TOBN(0xcbb024e8, 0x8b6740dc), + TOBN(0x89087a53, 0xee1d4f0c), + TOBN(0xa88fa05c, 0x1fc4e372), + TOBN(0x8bf395cb, 0xaf8b3af2), + TOBN(0x1e71c9a1, 0xdeb8568b), + TOBN(0xa35daea0, 0x80fb3d32), + TOBN(0xe8b6f266, 0x2cf8fb81), + TOBN(0x6d51afe8, 0x9490696a), + TOBN(0x81beac6e, 0x51803a19), + TOBN(0xe3d24b7f, 0x86219080), + TOBN(0x727cfd9d, 0xdf6f463c), + TOBN(0x8c6865ca, 0x72284ee8), + TOBN(0x32c88b7d, 0xb743f4ef), + TOBN(0x3793909b, 0xe7d11dce), + TOBN(0xd398f922, 0x2ff2ebe8), + TOBN(0x2c70ca44, 0xe5e49796), + TOBN(0xdf4d9929, 0xcb1131b1), + TOBN(0x7826f298, 0x25888e79), + TOBN(0x4d3a112c, 0xf1d8740a), + TOBN(0x00384cb6, 0x270afa8b), + TOBN(0xcb64125b, 0x3ab48095), + TOBN(0x3451c256, 0x62d05106), + TOBN(0xd73d577d, 0xa4955845), + TOBN(0x39570c16, 0xbf9f4433), + TOBN(0xd7dfaad3, 0xadecf263), + TOBN(0xf1c3d8d1, 0xdc76e102), + TOBN(0x5e774a58, 0x54c6a836), + TOBN(0xdad4b672, 0x3e92d47b), + TOBN(0xbe7e990f, 0xf0d796a0), + TOBN(0x5fc62478, 0xdf0e8b02), + TOBN(0x8aae8bf4, 0x030c00ad), + TOBN(0x3d2db93b, 0x9004ba0f), + TOBN(0xe48c8a79, 0xd85d5ddc), + TOBN(0xe907caa7, 0x6bb07f34), + TOBN(0x58db343a, 0xa39eaed5), + TOBN(0x0ea6e007, 0xadaf5724), + TOBN(0xe00df169, 0xd23233f3), + TOBN(0x3e322796, 0x77cb637f), + TOBN(0x1f897c0e, 0x1da0cf6c), + TOBN(0xa651f5d8, 0x31d6bbdd), + TOBN(0xdd61af19, 0x1a230c76), + TOBN(0xbd527272, 0xcdaa5e4a), + TOBN(0xca753636, 0xd0abcd7e), + TOBN(0x78bdd37c, 0x370bd8dc), + TOBN(0xc23916c2, 0x17cd93fe), + TOBN(0x65b97a4d, 0xdadce6e2), + TOBN(0xe04ed4eb, 0x174e42f8), + TOBN(0x1491ccaa, 0xbb21480a), + TOBN(0x145a8280, 0x23196332), + TOBN(0x3c3862d7, 0x587b479a), + TOBN(0x9f4a88a3, 0x01dcd0ed), + TOBN(0x4da2b7ef, 0x3ea12f1f), + TOBN(0xf8e7ae33, 0xb126e48e), + TOBN(0x404a0b32, 0xf494e237), + TOBN(0x9beac474, 0xc55acadb), + TOBN(0x4ee5cf3b, 0xcbec9fd9), + TOBN(0x336b33b9, 0x7df3c8c3), + TOBN(0xbd905fe3, 0xb76808fd), + TOBN(0x8f436981, 0xaa45c16a), + TOBN(0x255c5bfa, 0x3dd27b62), + TOBN(0x71965cbf, 0xc3dd9b4d), + TOBN(0xce23edbf, 0xfc068a87), + TOBN(0xb78d4725, 0x745b029b), + TOBN(0x74610713, 0xcefdd9bd), + TOBN(0x7116f75f, 0x1266bf52), + TOBN(0x02046722, 0x18e49bb6), + TOBN(0xdf43df9f, 0x3d6f19e3), + TOBN(0xef1bc7d0, 0xe685cb2f), + TOBN(0xcddb27c1, 0x7078c432), + TOBN(0xe1961b9c, 0xb77fedb7), + TOBN(0x1edc2f5c, 0xc2290570), + TOBN(0x2c3fefca, 0x19cbd886), + TOBN(0xcf880a36, 0xc2af389a), + TOBN(0x96c610fd, 0xbda71cea), + TOBN(0xf03977a9, 0x32aa8463), + TOBN(0x8eb7763f, 0x8586d90a), + TOBN(0x3f342454, 0x2a296e77), + TOBN(0xc8718683, 0x42837a35), + TOBN(0x7dc71090, 0x6a09c731), + TOBN(0x54778ffb, 0x51b816db), + TOBN(0x6b33bfec, 0xaf06defd), + TOBN(0xfe3c105f, 0x8592b70b), + TOBN(0xf937fda4, 0x61da6114), + TOBN(0x3c13e651, 0x4c266ad7), + TOBN(0xe363a829, 0x855938e8), + TOBN(0x2eeb5d9e, 0x9de54b72), + TOBN(0xbeb93b0e, 0x20ccfab9), + TOBN(0x3dffbb5f, 0x25e61a25), + TOBN(0x7f655e43, 0x1acc093d), + TOBN(0x0cb6cc3d, 0x3964ce61), + TOBN(0x6ab283a1, 0xe5e9b460), + TOBN(0x55d787c5, 0xa1c7e72d), + TOBN(0x4d2efd47, 0xdeadbf02), + TOBN(0x11e80219, 0xac459068), + TOBN(0x810c7626, 0x71f311f0), + TOBN(0xfa17ef8d, 0x4ab6ef53), + TOBN(0xaf47fd25, 0x93e43bff), + TOBN(0x5cb5ff3f, 0x0be40632), + TOBN(0x54687106, 0x8ee61da3), + TOBN(0x7764196e, 0xb08afd0f), + TOBN(0x831ab3ed, 0xf0290a8f), + TOBN(0xcae81966, 0xcb47c387), + TOBN(0xaad7dece, 0x184efb4f), + TOBN(0xdcfc53b3, 0x4749110e), + TOBN(0x6698f23c, 0x4cb632f9), + TOBN(0xc42a1ad6, 0xb91f8067), + TOBN(0xb116a81d, 0x6284180a), + TOBN(0xebedf5f8, 0xe901326f), + TOBN(0xf2274c9f, 0x97e3e044), + TOBN(0x42018520, 0x11d09fc9), + TOBN(0x56a65f17, 0xd18e6e23), + TOBN(0x2ea61e2a, 0x352b683c), + TOBN(0x27d291bc, 0x575eaa94), + TOBN(0x9e7bc721, 0xb8ff522d), + TOBN(0x5f7268bf, 0xa7f04d6f), + TOBN(0x5868c73f, 0xaba41748), + TOBN(0x9f85c2db, 0x7be0eead), + TOBN(0x511e7842, 0xff719135), + TOBN(0x5a06b1e9, 0xc5ea90d7), + TOBN(0x0c19e283, 0x26fab631), + TOBN(0x8af8f0cf, 0xe9206c55), + TOBN(0x89389cb4, 0x3553c06a), + TOBN(0x39dbed97, 0xf65f8004), + TOBN(0x0621b037, 0xc508991d), + TOBN(0x1c52e635, 0x96e78cc4), + TOBN(0x5385c8b2, 0x0c06b4a8), + TOBN(0xd84ddfdb, 0xb0e87d03), + TOBN(0xc49dfb66, 0x934bafad), + TOBN(0x7071e170, 0x59f70772), + TOBN(0x3a073a84, 0x3a1db56b), + TOBN(0x03494903, 0x3b8af190), + TOBN(0x7d882de3, 0xd32920f0), + TOBN(0x91633f0a, 0xb2cf8940), + TOBN(0x72b0b178, 0x6f948f51), + TOBN(0x2d28dc30, 0x782653c8), + TOBN(0x88829849, 0xdb903a05), + TOBN(0xb8095d0c, 0x6a19d2bb), + TOBN(0x4b9e7f0c, 0x86f782cb), + TOBN(0x7af73988, 0x2d907064), + TOBN(0xd12be0fe, 0x8b32643c), + TOBN(0x358ed23d, 0x0e165dc3), + TOBN(0x3d47ce62, 0x4e2378ce), + TOBN(0x7e2bb0b9, 0xfeb8a087), + TOBN(0x3246e8ae, 0xe29e10b9), + TOBN(0x459f4ec7, 0x03ce2b4d), + TOBN(0xe9b4ca1b, 0xbbc077cf), + TOBN(0x2613b4f2, 0x0e9940c1), + TOBN(0xfc598bb9, 0x047d1eb1), + TOBN(0x9744c62b, 0x45036099), + TOBN(0xa9dee742, 0x167c65d8), + TOBN(0x0c511525, 0xdabe1943), + TOBN(0xda110554, 0x93c6c624), + TOBN(0xae00a52c, 0x651a3be2), + TOBN(0xcda5111d, 0x884449a6), + TOBN(0x063c06f4, 0xff33bed1), + TOBN(0x73baaf9a, 0x0d3d76b4), + TOBN(0x52fb0c9d, 0x7fc63668), + TOBN(0x6886c9dd, 0x0c039cde), + TOBN(0x602bd599, 0x55b22351), + TOBN(0xb00cab02, 0x360c7c13), + TOBN(0x8cb616bc, 0x81b69442), + TOBN(0x41486700, 0xb55c3cee), + TOBN(0x71093281, 0xf49ba278), + TOBN(0xad956d9c, 0x64a50710), + TOBN(0x9561f28b, 0x638a7e81), + TOBN(0x54155cdf, 0x5980ddc3), + TOBN(0xb2db4a96, 0xd26f247a), + TOBN(0x9d774e4e, 0x4787d100), + TOBN(0x1a9e6e2e, 0x078637d2), + TOBN(0x1c363e2d, 0x5e0ae06a), + TOBN(0x7493483e, 0xe9cfa354), + TOBN(0x76843cb3, 0x7f74b98d), + TOBN(0xbaca6591, 0xd4b66947), + TOBN(0xb452ce98, 0x04460a8c), + TOBN(0x6830d246, 0x43768f55), + TOBN(0xf4197ed8, 0x7dff12df), + TOBN(0x6521b472, 0x400dd0f7), + TOBN(0x59f5ca8f, 0x4b1e7093), + TOBN(0x6feff11b, 0x080338ae), + TOBN(0x0ada31f6, 0xa29ca3c6), + TOBN(0x24794eb6, 0x94a2c215), + TOBN(0xd83a43ab, 0x05a57ab4), + TOBN(0x264a543a, 0x2a6f89fe), + TOBN(0x2c2a3868, 0xdd5ec7c2), + TOBN(0xd3373940, 0x8439d9b2), + TOBN(0x715ea672, 0x0acd1f11), + TOBN(0x42c1d235, 0xe7e6cc19), + TOBN(0x81ce6e96, 0xb990585c), + TOBN(0x04e5dfe0, 0xd809c7bd), + TOBN(0xd7b2580c, 0x8f1050ab), + TOBN(0x6d91ad78, 0xd8a4176f), + TOBN(0x0af556ee, 0x4e2e897c), + TOBN(0x162a8b73, 0x921de0ac), + TOBN(0x52ac9c22, 0x7ea78400), + TOBN(0xee2a4eea, 0xefce2174), + TOBN(0xbe61844e, 0x6d637f79), + TOBN(0x0491f1bc, 0x789a283b), + TOBN(0x72d3ac3d, 0x880836f4), + TOBN(0xaa1c5ea3, 0x88e5402d), + TOBN(0x1b192421, 0xd5cc473d), + TOBN(0x5c0b9998, 0x9dc84cac), + TOBN(0xb0a8482d, 0x9c6e75b8), + TOBN(0x639961d0, 0x3a191ce2), + TOBN(0xda3bc865, 0x6d837930), + TOBN(0xca990653, 0x056e6f8f), + TOBN(0x84861c41, 0x64d133a7), + TOBN(0x8b403276, 0x746abe40), + TOBN(0xb7b4d51a, 0xebf8e303), + TOBN(0x05b43211, 0x220a255d), + TOBN(0xc997152c, 0x02419e6e), + TOBN(0x76ff47b6, 0x630c2fea), + TOBN(0x50518677, 0x281fdade), + TOBN(0x3283b8ba, 0xcf902b0b), + TOBN(0x8d4b4eb5, 0x37db303b), + TOBN(0xcc89f42d, 0x755011bc), + TOBN(0xb43d74bb, 0xdd09d19b), + TOBN(0x65746bc9, 0x8adba350), + TOBN(0x364eaf8c, 0xb51c1927), + TOBN(0x13c76596, 0x10ad72ec), + TOBN(0x30045121, 0xf8d40c20), + TOBN(0x6d2d99b7, 0xea7b979b), + TOBN(0xcd78cd74, 0xe6fb3bcd), + TOBN(0x11e45a9e, 0x86cffbfe), + TOBN(0x78a61cf4, 0x637024f6), + TOBN(0xd06bc872, 0x3d502295), + TOBN(0xf1376854, 0x458cb288), + TOBN(0xb9db26a1, 0x342f8586), + TOBN(0xf33effcf, 0x4beee09e), + TOBN(0xd7e0c4cd, 0xb30cfb3a), + TOBN(0x6d09b8c1, 0x6c9db4c8), + TOBN(0x40ba1a42, 0x07c8d9df), + TOBN(0x6fd495f7, 0x1c52c66d), + TOBN(0xfb0e169f, 0x275264da), + TOBN(0x80c2b746, 0xe57d8362), + TOBN(0xedd987f7, 0x49ad7222), + TOBN(0xfdc229af, 0x4398ec7b), + }, + { + TOBN(0xb0d1ed84, 0x52666a58), + TOBN(0x4bcb6e00, 0xe6a9c3c2), + TOBN(0x3c57411c, 0x26906408), + TOBN(0xcfc20755, 0x13556400), + TOBN(0xa08b1c50, 0x5294dba3), + TOBN(0xa30ba286, 0x8b7dd31e), + TOBN(0xd70ba90e, 0x991eca74), + TOBN(0x094e142c, 0xe762c2b9), + TOBN(0xb81d783e, 0x979f3925), + TOBN(0x1efd130a, 0xaf4c89a7), + TOBN(0x525c2144, 0xfd1bf7fa), + TOBN(0x4b296904, 0x1b265a9e), + TOBN(0xed8e9634, 0xb9db65b6), + TOBN(0x35c82e32, 0x03599d8a), + TOBN(0xdaa7a54f, 0x403563f3), + TOBN(0x9df088ad, 0x022c38ab), + TOBN(0xe5cfb066, 0xbb3fd30a), + TOBN(0x429169da, 0xeff0354e), + TOBN(0x809cf852, 0x3524e36c), + TOBN(0x136f4fb3, 0x0155be1d), + TOBN(0x4826af01, 0x1fbba712), + TOBN(0x6ef0f0b4, 0x506ba1a1), + TOBN(0xd9928b31, 0x77aea73e), + TOBN(0xe2bf6af2, 0x5eaa244e), + TOBN(0x8d084f12, 0x4237b64b), + TOBN(0x688ebe99, 0xe3ecfd07), + TOBN(0x57b8a70c, 0xf6845dd8), + TOBN(0x808fc59c, 0x5da4a325), + TOBN(0xa9032b2b, 0xa3585862), + TOBN(0xb66825d5, 0xedf29386), + TOBN(0xb5a5a8db, 0x431ec29b), + TOBN(0xbb143a98, 0x3a1e8dc8), + TOBN(0x35ee94ce, 0x12ae381b), + TOBN(0x3a7f176c, 0x86ccda90), + TOBN(0xc63a657e, 0x4606eaca), + TOBN(0x9ae5a380, 0x43cd04df), + TOBN(0x9bec8d15, 0xed251b46), + TOBN(0x1f5d6d30, 0xcaca5e64), + TOBN(0x347b3b35, 0x9ff20f07), + TOBN(0x4d65f034, 0xf7e4b286), + TOBN(0x9e93ba24, 0xf111661e), + TOBN(0xedced484, 0xb105eb04), + TOBN(0x96dc9ba1, 0xf424b578), + TOBN(0xbf8f66b7, 0xe83e9069), + TOBN(0x872d4df4, 0xd7ed8216), + TOBN(0xbf07f377, 0x8e2cbecf), + TOBN(0x4281d899, 0x98e73754), + TOBN(0xfec85fbb, 0x8aab8708), + TOBN(0x9a3c0dee, 0xa5ba5b0b), + TOBN(0xe6a116ce, 0x42d05299), + TOBN(0xae9775fe, 0xe9b02d42), + TOBN(0x72b05200, 0xa1545cb6), + TOBN(0xbc506f7d, 0x31a3b4ea), + TOBN(0xe5893078, 0x8bbd9b32), + TOBN(0xc8bc5f37, 0xe4b12a97), + TOBN(0x6b000c06, 0x4a73b671), + TOBN(0x13b5bf22, 0x765fa7d0), + TOBN(0x59805bf0, 0x1d6a5370), + TOBN(0x67a5e29d, 0x4280db98), + TOBN(0x4f53916f, 0x776b1ce3), + TOBN(0x714ff61f, 0x33ddf626), + TOBN(0x4206238e, 0xa085d103), + TOBN(0x1c50d4b7, 0xe5809ee3), + TOBN(0x999f450d, 0x85f8eb1d), + TOBN(0x658a6051, 0xe4c79e9b), + TOBN(0x1394cb73, 0xc66a9fea), + TOBN(0x27f31ed5, 0xc6be7b23), + TOBN(0xf4c88f36, 0x5aa6f8fe), + TOBN(0x0fb0721f, 0x4aaa499e), + TOBN(0x68b3a7d5, 0xe3fb2a6b), + TOBN(0xa788097d, 0x3a92851d), + TOBN(0x060e7f8a, 0xe96f4913), + TOBN(0x82eebe73, 0x1a3a93bc), + TOBN(0x42bbf465, 0xa21adc1a), + TOBN(0xc10b6fa4, 0xef030efd), + TOBN(0x247aa4c7, 0x87b097bb), + TOBN(0x8b8dc632, 0xf60c77da), + TOBN(0x6ffbc26a, 0xc223523e), + TOBN(0xa4f6ff11, 0x344579cf), + TOBN(0x5825653c, 0x980250f6), + TOBN(0xb2dd097e, 0xbc1aa2b9), + TOBN(0x07889393, 0x37a0333a), + TOBN(0x1cf55e71, 0x37a0db38), + TOBN(0x2648487f, 0x792c1613), + TOBN(0xdad01336, 0x3fcef261), + TOBN(0x6239c81d, 0x0eabf129), + TOBN(0x8ee761de, 0x9d276be2), + TOBN(0x406a7a34, 0x1eda6ad3), + TOBN(0x4bf367ba, 0x4a493b31), + TOBN(0x54f20a52, 0x9bf7f026), + TOBN(0xb696e062, 0x9795914b), + TOBN(0xcddab96d, 0x8bf236ac), + TOBN(0x4ff2c70a, 0xed25ea13), + TOBN(0xfa1d09eb, 0x81cbbbe7), + TOBN(0x88fc8c87, 0x468544c5), + TOBN(0x847a670d, 0x696b3317), + TOBN(0xf133421e, 0x64bcb626), + TOBN(0xaea638c8, 0x26dee0b5), + TOBN(0xd6e7680b, 0xb310346c), + TOBN(0xe06f4097, 0xd5d4ced3), + TOBN(0x09961452, 0x7512a30b), + TOBN(0xf3d867fd, 0xe589a59a), + TOBN(0x2e73254f, 0x52d0c180), + TOBN(0x9063d8a3, 0x333c74ac), + TOBN(0xeda6c595, 0xd314e7bc), + TOBN(0x2ee7464b, 0x467899ed), + TOBN(0x1cef423c, 0x0a1ed5d3), + TOBN(0x217e76ea, 0x69cc7613), + TOBN(0x27ccce1f, 0xe7cda917), + TOBN(0x12d8016b, 0x8a893f16), + TOBN(0xbcd6de84, 0x9fc74f6b), + TOBN(0xfa5817e2, 0xf3144e61), + TOBN(0x1f354164, 0x0821ee4c), + TOBN(0x1583eab4, 0x0bc61992), + TOBN(0x7490caf6, 0x1d72879f), + TOBN(0x998ad9f3, 0xf76ae7b2), + TOBN(0x1e181950, 0xa41157f7), + TOBN(0xa9d7e1e6, 0xe8da3a7e), + TOBN(0x963784eb, 0x8426b95f), + TOBN(0x0ee4ed6e, 0x542e2a10), + TOBN(0xb79d4cc5, 0xac751e7b), + TOBN(0x93f96472, 0xfd4211bd), + TOBN(0x8c72d3d2, 0xc8de4fc6), + TOBN(0x7b69cbf5, 0xdf44f064), + TOBN(0x3da90ca2, 0xf4bf94e1), + TOBN(0x1a5325f8, 0xf12894e2), + TOBN(0x0a437f6c, 0x7917d60b), + TOBN(0x9be70486, 0x96c9cb5d), + TOBN(0xb4d880bf, 0xe1dc5c05), + TOBN(0xd738adda, 0xeebeeb57), + TOBN(0x6f0119d3, 0xdf0fe6a3), + TOBN(0x5c686e55, 0x66eaaf5a), + TOBN(0x9cb10b50, 0xdfd0b7ec), + TOBN(0xbdd0264b, 0x6a497c21), + TOBN(0xfc093514, 0x8c546c96), + TOBN(0x58a947fa, 0x79dbf42a), + TOBN(0xc0b48d4e, 0x49ccd6d7), + TOBN(0xff8fb02c, 0x88bd5580), + TOBN(0xc75235e9, 0x07d473b2), + TOBN(0x4fab1ac5, 0xa2188af3), + TOBN(0x030fa3bc, 0x97576ec0), + TOBN(0xe8c946e8, 0x0b7e7d2f), + TOBN(0x40a5c9cc, 0x70305600), + TOBN(0x6d8260a9, 0xc8b013b4), + TOBN(0x0368304f, 0x70bba85c), + TOBN(0xad090da1, 0xa4a0d311), + TOBN(0x7170e870, 0x2415eec1), + TOBN(0xbfba35fe, 0x8461ea47), + TOBN(0x6279019a, 0xc1e91938), + TOBN(0xa47638f3, 0x1afc415f), + TOBN(0x36c65cbb, 0xbcba0e0f), + TOBN(0x02160efb, 0x034e2c48), + TOBN(0xe6c51073, 0x615cd9e4), + TOBN(0x498ec047, 0xf1243c06), + TOBN(0x3e5a8809, 0xb17b3d8c), + TOBN(0x5cd99e61, 0x0cc565f1), + TOBN(0x81e312df, 0x7851dafe), + TOBN(0xf156f5ba, 0xa79061e2), + TOBN(0x80d62b71, 0x880c590e), + TOBN(0xbec9746f, 0x0a39faa1), + TOBN(0x1d98a9c1, 0xc8ed1f7a), + TOBN(0x09e43bb5, 0xa81d5ff2), + TOBN(0xd5f00f68, 0x0da0794a), + TOBN(0x412050d9, 0x661aa836), + TOBN(0xa89f7c4e, 0x90747e40), + TOBN(0x6dc05ebb, 0xb62a3686), + TOBN(0xdf4de847, 0x308e3353), + TOBN(0x53868fbb, 0x9fb53bb9), + TOBN(0x2b09d2c3, 0xcfdcf7dd), + TOBN(0x41a9fce3, 0x723fcab4), + TOBN(0x73d905f7, 0x07f57ca3), + TOBN(0x080f9fb1, 0xac8e1555), + TOBN(0x7c088e84, 0x9ba7a531), + TOBN(0x07d35586, 0xed9a147f), + TOBN(0x602846ab, 0xaf48c336), + TOBN(0x7320fd32, 0x0ccf0e79), + TOBN(0xaa780798, 0xb18bd1ff), + TOBN(0x52c2e300, 0xafdd2905), + TOBN(0xf27ea3d6, 0x434267cd), + TOBN(0x8b96d16d, 0x15605b5f), + TOBN(0x7bb31049, 0x4b45706b), + TOBN(0xe7f58b8e, 0x743d25f8), + TOBN(0xe9b5e45b, 0x87f30076), + TOBN(0xd19448d6, 0x5d053d5a), + TOBN(0x1ecc8cb9, 0xd3210a04), + TOBN(0x6bc7d463, 0xdafb5269), + TOBN(0x3e59b10a, 0x67c3489f), + TOBN(0x1769788c, 0x65641e1b), + TOBN(0x8a53b82d, 0xbd6cb838), + TOBN(0x7066d6e6, 0x236d5f22), + TOBN(0x03aa1c61, 0x6908536e), + TOBN(0xc971da0d, 0x66ae9809), + TOBN(0x01b3a86b, 0xc49a2fac), + TOBN(0x3b8420c0, 0x3092e77a), + TOBN(0x02057300, 0x7d6fb556), + TOBN(0x6941b2a1, 0xbff40a87), + TOBN(0x140b6308, 0x0658ff2a), + TOBN(0x87804363, 0x3424ab36), + TOBN(0x0253bd51, 0x5751e299), + TOBN(0xc75bcd76, 0x449c3e3a), + TOBN(0x92eb4090, 0x7f8f875d), + TOBN(0x9c9d754e, 0x56c26bbf), + TOBN(0x158cea61, 0x8110bbe7), + TOBN(0x62a6b802, 0x745f91ea), + TOBN(0xa79c41aa, 0xc6e7394b), + TOBN(0x445b6a83, 0xad57ef10), + TOBN(0x0c5277eb, 0x6ea6f40c), + TOBN(0x319fe96b, 0x88633365), + TOBN(0x0b0fc61f, 0x385f63cb), + TOBN(0x41250c84, 0x22bdd127), + TOBN(0x67d153f1, 0x09e942c2), + TOBN(0x60920d08, 0xc021ad5d), + TOBN(0x229f5746, 0x724d81a5), + TOBN(0xb7ffb892, 0x5bba3299), + TOBN(0x518c51a1, 0xde413032), + TOBN(0x2a9bfe77, 0x3c2fd94c), + TOBN(0xcbcde239, 0x3191f4fd), + TOBN(0x43093e16, 0xd3d6ada1), + TOBN(0x184579f3, 0x58769606), + TOBN(0x2c94a8b3, 0xd236625c), + TOBN(0x6922b9c0, 0x5c437d8e), + TOBN(0x3d4ae423, 0xd8d9f3c8), + TOBN(0xf72c31c1, 0x2e7090a2), + TOBN(0x4ac3f5f3, 0xd76a55bd), + TOBN(0x342508fc, 0x6b6af991), + TOBN(0x0d527100, 0x1b5cebbd), + TOBN(0xb84740d0, 0xdd440dd7), + TOBN(0x748ef841, 0x780162fd), + TOBN(0xa8dbfe0e, 0xdfc6fafb), + TOBN(0xeadfdf05, 0xf7300f27), + TOBN(0x7d06555f, 0xfeba4ec9), + TOBN(0x12c56f83, 0x9e25fa97), + TOBN(0x77f84203, 0xd39b8c34), + TOBN(0xed8b1be6, 0x3125eddb), + TOBN(0x5bbf2441, 0xf6e39dc5), + TOBN(0xb00f6ee6, 0x6a5d678a), + TOBN(0xba456ecf, 0x57d0ea99), + TOBN(0xdcae0f58, 0x17e06c43), + TOBN(0x01643de4, 0x0f5b4baa), + TOBN(0x2c324341, 0xd161b9be), + TOBN(0x80177f55, 0xe126d468), + TOBN(0xed325f1f, 0x76748e09), + TOBN(0x6116004a, 0xcfa9bdc2), + TOBN(0x2d8607e6, 0x3a9fb468), + TOBN(0x0e573e27, 0x6009d660), + TOBN(0x3a525d2e, 0x8d10c5a1), + TOBN(0xd26cb45c, 0x3b9009a0), + TOBN(0xb6b0cdc0, 0xde9d7448), + TOBN(0x949c9976, 0xe1337c26), + TOBN(0x6faadebd, 0xd73d68e5), + TOBN(0x9e158614, 0xf1b768d9), + TOBN(0x22dfa557, 0x9cc4f069), + TOBN(0xccd6da17, 0xbe93c6d6), + TOBN(0x24866c61, 0xa504f5b9), + TOBN(0x2121353c, 0x8d694da1), + TOBN(0x1c6ca580, 0x0140b8c6), + TOBN(0xc245ad8c, 0xe964021e), + TOBN(0xb83bffba, 0x032b82b3), + TOBN(0xfaa220c6, 0x47ef9898), + TOBN(0x7e8d3ac6, 0x982c948a), + TOBN(0x1faa2091, 0xbc2d124a), + TOBN(0xbd54c3dd, 0x05b15ff4), + TOBN(0x386bf3ab, 0xc87c6fb7), + TOBN(0xfb2b0563, 0xfdeb6f66), + TOBN(0x4e77c557, 0x5b45afb4), + TOBN(0xe9ded649, 0xefb8912d), + TOBN(0x7ec9bbf5, 0x42f6e557), + TOBN(0x2570dfff, 0x62671f00), + TOBN(0x2b3bfb78, 0x88e084bd), + TOBN(0xa024b238, 0xf37fe5b4), + TOBN(0x44e7dc04, 0x95649aee), + TOBN(0x498ca255, 0x5e7ec1d8), + TOBN(0x3bc766ea, 0xaaa07e86), + TOBN(0x0db6facb, 0xf3608586), + TOBN(0xbadd2549, 0xbdc259c8), + TOBN(0x95af3c6e, 0x041c649f), + TOBN(0xb36a928c, 0x02e30afb), + TOBN(0x9b5356ad, 0x008a88b8), + TOBN(0x4b67a5f1, 0xcf1d9e9d), + TOBN(0xc6542e47, 0xa5d8d8ce), + TOBN(0x73061fe8, 0x7adfb6cc), + TOBN(0xcc826fd3, 0x98678141), + TOBN(0x00e758b1, 0x3c80515a), + TOBN(0x6afe3247, 0x41485083), + TOBN(0x0fcb08b9, 0xb6ae8a75), + TOBN(0xb8cf388d, 0x4acf51e1), + TOBN(0x344a5560, 0x6961b9d6), + TOBN(0x1a6778b8, 0x6a97fd0c), + TOBN(0xd840fdc1, 0xecc4c7e3), + TOBN(0xde9fe47d, 0x16db68cc), + TOBN(0xe95f89de, 0xa3e216aa), + TOBN(0x84f1a6a4, 0x9594a8be), + TOBN(0x7ddc7d72, 0x5a7b162b), + TOBN(0xc5cfda19, 0xadc817a3), + TOBN(0x80a5d350, 0x78b58d46), + TOBN(0x93365b13, 0x82978f19), + TOBN(0x2e44d225, 0x26a1fc90), + TOBN(0x0d6d10d2, 0x4d70705d), + TOBN(0xd94b6b10, 0xd70c45f4), + TOBN(0x0f201022, 0xb216c079), + TOBN(0xcec966c5, 0x658fde41), + TOBN(0xa8d2bc7d, 0x7e27601d), + TOBN(0xbfcce3e1, 0xff230be7), + TOBN(0x3394ff6b, 0x0033ffb5), + TOBN(0xd890c509, 0x8132c9af), + TOBN(0xaac4b0eb, 0x361e7868), + TOBN(0x5194ded3, 0xe82d15aa), + TOBN(0x4550bd2e, 0x23ae6b7d), + TOBN(0x3fda318e, 0xea5399d4), + TOBN(0xd989bffa, 0x91638b80), + TOBN(0x5ea124d0, 0xa14aa12d), + TOBN(0x1fb1b899, 0x3667b944), + TOBN(0x95ec7969, 0x44c44d6a), + TOBN(0x91df144a, 0x57e86137), + TOBN(0x915fd620, 0x73adac44), + TOBN(0x8f01732d, 0x59a83801), + TOBN(0xec579d25, 0x3aa0a633), + TOBN(0x06de5e7c, 0xc9d6d59c), + TOBN(0xc132f958, 0xb1ef8010), + TOBN(0x29476f96, 0xe65c1a02), + TOBN(0x336a77c0, 0xd34c3565), + TOBN(0xef1105b2, 0x1b9f1e9e), + TOBN(0x63e6d08b, 0xf9e08002), + TOBN(0x9aff2f21, 0xc613809e), + TOBN(0xb5754f85, 0x3a80e75d), + TOBN(0xde71853e, 0x6bbda681), + TOBN(0x86f041df, 0x8197fd7a), + TOBN(0x8b332e08, 0x127817fa), + TOBN(0x05d99be8, 0xb9c20cda), + TOBN(0x89f7aad5, 0xd5cd0c98), + TOBN(0x7ef936fe, 0x5bb94183), + TOBN(0x92ca0753, 0xb05cd7f2), + TOBN(0x9d65db11, 0x74a1e035), + TOBN(0x02628cc8, 0x13eaea92), + TOBN(0xf2d9e242, 0x49e4fbf2), + TOBN(0x94fdfd9b, 0xe384f8b7), + TOBN(0x65f56054, 0x63428c6b), + TOBN(0x2f7205b2, 0x90b409a5), + TOBN(0xf778bb78, 0xff45ae11), + TOBN(0xa13045be, 0xc5ee53b2), + TOBN(0xe00a14ff, 0x03ef77fe), + TOBN(0x689cd59f, 0xffef8bef), + TOBN(0x3578f0ed, 0x1e9ade22), + TOBN(0xe99f3ec0, 0x6268b6a8), + TOBN(0xa2057d91, 0xea1b3c3e), + TOBN(0x2d1a7053, 0xb8823a4a), + TOBN(0xabbb336a, 0x2cca451e), + TOBN(0xcd2466e3, 0x2218bb5d), + TOBN(0x3ac1f42f, 0xc8cb762d), + TOBN(0x7e312aae, 0x7690211f), + TOBN(0xebb9bd73, 0x45d07450), + TOBN(0x207c4b82, 0x46c2213f), + TOBN(0x99d425c1, 0x375913ec), + TOBN(0x94e45e96, 0x67908220), + TOBN(0xc08f3087, 0xcd67dbf6), + TOBN(0xa5670fbe, 0xc0887056), + TOBN(0x6717b64a, 0x66f5b8fc), + TOBN(0xd5a56aea, 0x786fec28), + TOBN(0xa8c3f55f, 0xc0ff4952), + TOBN(0xa77fefae, 0x457ac49b), + TOBN(0x29882d7c, 0x98379d44), + TOBN(0xd000bdfb, 0x509edc8a), + TOBN(0xc6f95979, 0xe66fe464), + TOBN(0x504a6115, 0xfa61bde0), + TOBN(0x56b3b871, 0xeffea31a), + TOBN(0x2d3de26d, 0xf0c21a54), + TOBN(0x21dbff31, 0x834753bf), + TOBN(0xe67ecf49, 0x69269d86), + TOBN(0x7a176952, 0x151fe690), + TOBN(0x03515804, 0x7f2adb5f), + TOBN(0xee794b15, 0xd1b62a8d), + TOBN(0xf004ceec, 0xaae454e6), + TOBN(0x0897ea7c, 0xf0386fac), + TOBN(0x3b62ff12, 0xd1fca751), + TOBN(0x154181df, 0x1b7a04ec), + TOBN(0x2008e04a, 0xfb5847ec), + TOBN(0xd147148e, 0x41dbd772), + TOBN(0x2b419f73, 0x22942654), + TOBN(0x669f30d3, 0xe9c544f7), + TOBN(0x52a2c223, 0xc8540149), + TOBN(0x5da9ee14, 0x634dfb02), + TOBN(0x5f074ff0, 0xf47869f3), + TOBN(0x74ee878d, 0xa3933acc), + TOBN(0xe6510651, 0x4fe35ed1), + TOBN(0xb3eb9482, 0xf1012e7a), + TOBN(0x51013cc0, 0xa8a566ae), + TOBN(0xdd5e9243, 0x47c00d3b), + TOBN(0x7fde089d, 0x946bb0e5), + TOBN(0x030754fe, 0xc731b4b3), + TOBN(0x12a136a4, 0x99fda062), + TOBN(0x7c1064b8, 0x5a1a35bc), + TOBN(0xbf1f5763, 0x446c84ef), + TOBN(0xed29a56d, 0xa16d4b34), + TOBN(0x7fba9d09, 0xdca21c4f), + TOBN(0x66d7ac00, 0x6d8de486), + TOBN(0x60061987, 0x73a2a5e1), + TOBN(0x8b400f86, 0x9da28ff0), + TOBN(0x3133f708, 0x43c4599c), + TOBN(0x9911c9b8, 0xee28cb0d), + TOBN(0xcd7e2874, 0x8e0af61d), + TOBN(0x5a85f0f2, 0x72ed91fc), + TOBN(0x85214f31, 0x9cd4a373), + TOBN(0x881fe5be, 0x1925253c), + TOBN(0xd8dc98e0, 0x91e8bc76), + TOBN(0x7120affe, 0x585cc3a2), + TOBN(0x724952ed, 0x735bf97a), + TOBN(0x5581e7dc, 0x3eb34581), + TOBN(0x5cbff4f2, 0xe52ee57d), + TOBN(0x8d320a0e, 0x87d8cc7b), + TOBN(0x9beaa7f3, 0xf1d280d0), + TOBN(0x7a0b9571, 0x9beec704), + TOBN(0x9126332e, 0x5b7f0057), + TOBN(0x01fbc1b4, 0x8ed3bd6d), + TOBN(0x35bb2c12, 0xd945eb24), + TOBN(0x6404694e, 0x9a8ae255), + TOBN(0xb6092eec, 0x8d6abfb3), + TOBN(0x4d76143f, 0xcc058865), + TOBN(0x7b0a5af2, 0x6e249922), + TOBN(0x8aef9440, 0x6a50d353), + TOBN(0xe11e4bcc, 0x64f0e07a), + TOBN(0x4472993a, 0xa14a90fa), + TOBN(0x7706e20c, 0xba0c51d4), + TOBN(0xf403292f, 0x1532672d), + TOBN(0x52573bfa, 0x21829382), + TOBN(0x6a7bb6a9, 0x3b5bdb83), + TOBN(0x08da65c0, 0xa4a72318), + TOBN(0xc58d22aa, 0x63eb065f), + TOBN(0x1717596c, 0x1b15d685), + TOBN(0x112df0d0, 0xb266d88b), + TOBN(0xf688ae97, 0x5941945a), + TOBN(0x487386e3, 0x7c292cac), + TOBN(0x42f3b50d, 0x57d6985c), + TOBN(0x6da4f998, 0x6a90fc34), + TOBN(0xc8f257d3, 0x65ca8a8d), + TOBN(0xc2feabca, 0x6951f762), + TOBN(0xe1bc81d0, 0x74c323ac), + TOBN(0x1bc68f67, 0x251a2a12), + TOBN(0x10d86587, 0xbe8a70dc), + TOBN(0xd648af7f, 0xf0f84d2e), + TOBN(0xf0aa9ebc, 0x6a43ac92), + TOBN(0x69e3be04, 0x27596893), + TOBN(0xb6bb02a6, 0x45bf452b), + TOBN(0x0875c11a, 0xf4c698c8), + TOBN(0x6652b5c7, 0xbece3794), + TOBN(0x7b3755fd, 0x4f5c0499), + TOBN(0x6ea16558, 0xb5532b38), + TOBN(0xd1c69889, 0xa2e96ef7), + TOBN(0x9c773c3a, 0x61ed8f48), + TOBN(0x2b653a40, 0x9b323abc), + TOBN(0xe26605e1, 0xf0e1d791), + TOBN(0x45d41064, 0x4a87157a), + TOBN(0x8f9a78b7, 0xcbbce616), + TOBN(0xcf1e44aa, 0xc407eddd), + TOBN(0x81ddd1d8, 0xa35b964f), + TOBN(0x473e339e, 0xfd083999), + TOBN(0x6c94bdde, 0x8e796802), + TOBN(0x5a304ada, 0x8545d185), + TOBN(0x82ae44ea, 0x738bb8cb), + TOBN(0x628a35e3, 0xdf87e10e), + TOBN(0xd3624f3d, 0xa15b9fe3), + TOBN(0xcc44209b, 0x14be4254), + TOBN(0x7d0efcbc, 0xbdbc2ea5), + TOBN(0x1f603362, 0x04c37bbe), + TOBN(0x21f363f5, 0x56a5852c), + TOBN(0xa1503d1c, 0xa8501550), + TOBN(0x2251e0e1, 0xd8ab10bb), + TOBN(0xde129c96, 0x6961c51c), + TOBN(0x1f7246a4, 0x81910f68), + TOBN(0x2eb744ee, 0x5f2591f2), + TOBN(0x3c47d33f, 0x5e627157), + TOBN(0x4d6d62c9, 0x22f3bd68), + TOBN(0x6120a64b, 0xcb8df856), + TOBN(0x3a9ac6c0, 0x7b5d07df), + TOBN(0xa92b9558, 0x7ef39783), + TOBN(0xe128a134, 0xab3a9b4f), + TOBN(0x41c18807, 0xb1252f05), + TOBN(0xfc7ed089, 0x80ba9b1c), + TOBN(0xac8dc6de, 0xc532a9dd), + TOBN(0xbf829cef, 0x55246809), + TOBN(0x101b784f, 0x5b4ee80f), + TOBN(0xc09945bb, 0xb6f11603), + TOBN(0x57b09dbe, 0x41d2801e), + TOBN(0xfba5202f, 0xa97534a8), + TOBN(0x7fd8ae5f, 0xc17b9614), + TOBN(0xa50ba666, 0x78308435), + TOBN(0x9572f77c, 0xd3868c4d), + TOBN(0x0cef7bfd, 0x2dd7aab0), + TOBN(0xe7958e08, 0x2c7c79ff), + TOBN(0x81262e42, 0x25346689), + TOBN(0x716da290, 0xb07c7004), + TOBN(0x35f911ea, 0xb7950ee3), + TOBN(0x6fd72969, 0x261d21b5), + TOBN(0x52389803, 0x08b640d3), + TOBN(0x5b0026ee, 0x887f12a1), + TOBN(0x20e21660, 0x742e9311), + TOBN(0x0ef6d541, 0x5ff77ff7), + TOBN(0x969127f0, 0xf9c41135), + TOBN(0xf21d60c9, 0x68a64993), + TOBN(0x656e5d0c, 0xe541875c), + TOBN(0xf1e0f84e, 0xa1d3c233), + TOBN(0x9bcca359, 0x06002d60), + TOBN(0xbe2da60c, 0x06191552), + TOBN(0x5da8bbae, 0x61181ec3), + TOBN(0x9f04b823, 0x65806f19), + TOBN(0xf1604a7d, 0xd4b79bb8), + TOBN(0xaee806fb, 0x52c878c8), + TOBN(0x34144f11, 0x8d47b8e8), + TOBN(0x72edf52b, 0x949f9054), + TOBN(0xebfca84e, 0x2127015a), + TOBN(0x9051d0c0, 0x9cb7cef3), + TOBN(0x86e8fe58, 0x296deec8), + TOBN(0x33b28188, 0x41010d74), + }, + { + TOBN(0x01079383, 0x171b445f), + TOBN(0x9bcf21e3, 0x8131ad4c), + TOBN(0x8cdfe205, 0xc93987e8), + TOBN(0xe63f4152, 0xc92e8c8f), + TOBN(0x729462a9, 0x30add43d), + TOBN(0x62ebb143, 0xc980f05a), + TOBN(0x4f3954e5, 0x3b06e968), + TOBN(0xfe1d75ad, 0x242cf6b1), + TOBN(0x5f95c6c7, 0xaf8685c8), + TOBN(0xd4c1c8ce, 0x2f8f01aa), + TOBN(0xc44bbe32, 0x2574692a), + TOBN(0xb8003478, 0xd4a4a068), + TOBN(0x7c8fc6e5, 0x2eca3cdb), + TOBN(0xea1db16b, 0xec04d399), + TOBN(0xb05bc82e, 0x8f2bc5cf), + TOBN(0x763d517f, 0xf44793d2), + TOBN(0x4451c1b8, 0x08bd98d0), + TOBN(0x644b1cd4, 0x6575f240), + TOBN(0x6907eb33, 0x7375d270), + TOBN(0x56c8bebd, 0xfa2286bd), + TOBN(0xc713d2ac, 0xc4632b46), + TOBN(0x17da427a, 0xafd60242), + TOBN(0x313065b7, 0xc95c7546), + TOBN(0xf8239898, 0xbf17a3de), + TOBN(0xf3b7963f, 0x4c830320), + TOBN(0x842c7aa0, 0x903203e3), + TOBN(0xaf22ca0a, 0xe7327afb), + TOBN(0x38e13092, 0x967609b6), + TOBN(0x73b8fb62, 0x757558f1), + TOBN(0x3cc3e831, 0xf7eca8c1), + TOBN(0xe4174474, 0xf6331627), + TOBN(0xa77989ca, 0xc3c40234), + TOBN(0xe5fd17a1, 0x44a081e0), + TOBN(0xd797fb7d, 0xb70e296a), + TOBN(0x2b472b30, 0x481f719c), + TOBN(0x0e632a98, 0xfe6f8c52), + TOBN(0x89ccd116, 0xc5f0c284), + TOBN(0xf51088af, 0x2d987c62), + TOBN(0x2a2bccda, 0x4c2de6cf), + TOBN(0x810f9efe, 0xf679f0f9), + TOBN(0xb0f394b9, 0x7ffe4b3e), + TOBN(0x0b691d21, 0xe5fa5d21), + TOBN(0xb0bd7747, 0x9dfbbc75), + TOBN(0xd2830fda, 0xfaf78b00), + TOBN(0xf78c249c, 0x52434f57), + TOBN(0x4b1f7545, 0x98096dab), + TOBN(0x73bf6f94, 0x8ff8c0b3), + TOBN(0x34aef03d, 0x454e134c), + TOBN(0xf8d151f4, 0xb7ac7ec5), + TOBN(0xd6ceb95a, 0xe50da7d5), + TOBN(0xa1b492b0, 0xdc3a0eb8), + TOBN(0x75157b69, 0xb3dd2863), + TOBN(0xe2c4c74e, 0xc5413d62), + TOBN(0xbe329ff7, 0xbc5fc4c7), + TOBN(0x835a2aea, 0x60fa9dda), + TOBN(0xf117f5ad, 0x7445cb87), + TOBN(0xae8317f4, 0xb0166f7a), + TOBN(0xfbd3e3f7, 0xceec74e6), + TOBN(0xfdb516ac, 0xe0874bfd), + TOBN(0x3d846019, 0xc681f3a3), + TOBN(0x0b12ee5c, 0x7c1620b0), + TOBN(0xba68b4dd, 0x2b63c501), + TOBN(0xac03cd32, 0x6668c51e), + TOBN(0x2a6279f7, 0x4e0bcb5b), + TOBN(0x17bd69b0, 0x6ae85c10), + TOBN(0x72946979, 0x1dfdd3a6), + TOBN(0xd9a03268, 0x2c078bec), + TOBN(0x41c6a658, 0xbfd68a52), + TOBN(0xcdea1024, 0x0e023900), + TOBN(0xbaeec121, 0xb10d144d), + TOBN(0x5a600e74, 0x058ab8dc), + TOBN(0x1333af21, 0xbb89ccdd), + TOBN(0xdf25eae0, 0x3aaba1f1), + TOBN(0x2cada16e, 0x3b7144cf), + TOBN(0x657ee27d, 0x71ab98bc), + TOBN(0x99088b4c, 0x7a6fc96e), + TOBN(0x05d5c0a0, 0x3549dbd4), + TOBN(0x42cbdf8f, 0xf158c3ac), + TOBN(0x3fb6b3b0, 0x87edd685), + TOBN(0x22071cf6, 0x86f064d0), + TOBN(0xd2d6721f, 0xff2811e5), + TOBN(0xdb81b703, 0xfe7fae8c), + TOBN(0x3cfb74ef, 0xd3f1f7bb), + TOBN(0x0cdbcd76, 0x16cdeb5d), + TOBN(0x4f39642a, 0x566a808c), + TOBN(0x02b74454, 0x340064d6), + TOBN(0xfabbadca, 0x0528fa6f), + TOBN(0xe4c3074c, 0xd3fc0bb6), + TOBN(0xb32cb8b0, 0xb796d219), + TOBN(0xc3e95f4f, 0x34741dd9), + TOBN(0x87212125, 0x68edf6f5), + TOBN(0x7a03aee4, 0xa2b9cb8e), + TOBN(0x0cd3c376, 0xf53a89aa), + TOBN(0x0d8af9b1, 0x948a28dc), + TOBN(0xcf86a3f4, 0x902ab04f), + TOBN(0x8aacb62a, 0x7f42002d), + TOBN(0x106985eb, 0xf62ffd52), + TOBN(0xe670b54e, 0x5797bf10), + TOBN(0x4b405209, 0xc5e30aef), + TOBN(0x12c97a20, 0x4365b5e9), + TOBN(0x104646ce, 0x1fe32093), + TOBN(0x13cb4ff6, 0x3907a8c9), + TOBN(0x8b9f30d1, 0xd46e726b), + TOBN(0xe1985e21, 0xaba0f499), + TOBN(0xc573dea9, 0x10a230cd), + TOBN(0x24f46a93, 0xcd30f947), + TOBN(0xf2623fcf, 0xabe2010a), + TOBN(0x3f278cb2, 0x73f00e4f), + TOBN(0xed55c67d, 0x50b920eb), + TOBN(0xf1cb9a2d, 0x8e760571), + TOBN(0x7c50d109, 0x0895b709), + TOBN(0x4207cf07, 0x190d4369), + TOBN(0x3b027e81, 0xc4127fe1), + TOBN(0xa9f8b9ad, 0x3ae9c566), + TOBN(0x5ab10851, 0xacbfbba5), + TOBN(0xa747d648, 0x569556f5), + TOBN(0xcc172b5c, 0x2ba97bf7), + TOBN(0x15e0f77d, 0xbcfa3324), + TOBN(0xa345b797, 0x7686279d), + TOBN(0x5a723480, 0xe38003d3), + TOBN(0xfd8e139f, 0x8f5fcda8), + TOBN(0xf3e558c4, 0xbdee5bfd), + TOBN(0xd76cbaf4, 0xe33f9f77), + TOBN(0x3a4c97a4, 0x71771969), + TOBN(0xda27e84b, 0xf6dce6a7), + TOBN(0xff373d96, 0x13e6c2d1), + TOBN(0xf115193c, 0xd759a6e9), + TOBN(0x3f9b7025, 0x63d2262c), + TOBN(0xd9764a31, 0x317cd062), + TOBN(0x30779d8e, 0x199f8332), + TOBN(0xd8074106, 0x16b11b0b), + TOBN(0x7917ab9f, 0x78aeaed8), + TOBN(0xb67a9cbe, 0x28fb1d8e), + TOBN(0x2e313563, 0x136eda33), + TOBN(0x010b7069, 0xa371a86c), + TOBN(0x44d90fa2, 0x6744e6b7), + TOBN(0x68190867, 0xd6b3e243), + TOBN(0x9fe6cd9d, 0x59048c48), + TOBN(0xb900b028, 0x95731538), + TOBN(0xa012062f, 0x32cae04f), + TOBN(0x8107c8bc, 0x9399d082), + TOBN(0x47e8c54a, 0x41df12e2), + TOBN(0x14ba5117, 0xb6ef3f73), + TOBN(0x22260bea, 0x81362f0b), + TOBN(0x90ea261e, 0x1a18cc20), + TOBN(0x2192999f, 0x2321d636), + TOBN(0xef64d314, 0xe311b6a0), + TOBN(0xd7401e4c, 0x3b54a1f5), + TOBN(0x19019983, 0x6fbca2ba), + TOBN(0x46ad3293, 0x8fbffc4b), + TOBN(0xa142d3f6, 0x3786bf40), + TOBN(0xeb5cbc26, 0xb67039fc), + TOBN(0x9cb0ae6c, 0x252bd479), + TOBN(0x05e0f88a, 0x12b5848f), + TOBN(0x78f6d2b2, 0xa5c97663), + TOBN(0x6f6e149b, 0xc162225c), + TOBN(0xe602235c, 0xde601a89), + TOBN(0xd17bbe98, 0xf373be1f), + TOBN(0xcaf49a5b, 0xa8471827), + TOBN(0x7e1a0a85, 0x18aaa116), + TOBN(0x6c833196, 0x270580c3), + TOBN(0x1e233839, 0xf1c98a14), + TOBN(0x67b2f7b4, 0xae34e0a5), + TOBN(0x47ac8745, 0xd8ce7289), + TOBN(0x2b74779a, 0x100dd467), + TOBN(0x274a4337, 0x4ee50d09), + TOBN(0x603dcf13, 0x83608bc9), + TOBN(0xcd9da6c3, 0xc89e8388), + TOBN(0x2660199f, 0x355116ac), + TOBN(0xcc38bb59, 0xb6d18eed), + TOBN(0x3075f31f, 0x2f4bc071), + TOBN(0x9774457f, 0x265dc57e), + TOBN(0x06a6a9c8, 0xc6db88bb), + TOBN(0x6429d07f, 0x4ec98e04), + TOBN(0x8d05e57b, 0x05ecaa8b), + TOBN(0x20f140b1, 0x7872ea7b), + TOBN(0xdf8c0f09, 0xca494693), + TOBN(0x48d3a020, 0xf252e909), + TOBN(0x4c5c29af, 0x57b14b12), + TOBN(0x7e6fa37d, 0xbf47ad1c), + TOBN(0x66e7b506, 0x49a0c938), + TOBN(0xb72c0d48, 0x6be5f41f), + TOBN(0x6a6242b8, 0xb2359412), + TOBN(0xcd35c774, 0x8e859480), + TOBN(0x12536fea, 0x87baa627), + TOBN(0x58c1fec1, 0xf72aa680), + TOBN(0x6c29b637, 0x601e5dc9), + TOBN(0x9e3c3c1c, 0xde9e01b9), + TOBN(0xefc8127b, 0x2bcfe0b0), + TOBN(0x35107102, 0x2a12f50d), + TOBN(0x6ccd6cb1, 0x4879b397), + TOBN(0xf792f804, 0xf8a82f21), + TOBN(0x509d4804, 0xa9b46402), + TOBN(0xedddf85d, 0xc10f0850), + TOBN(0x928410dc, 0x4b6208aa), + TOBN(0xf6229c46, 0x391012dc), + TOBN(0xc5a7c41e, 0x7727b9b6), + TOBN(0x289e4e4b, 0xaa444842), + TOBN(0x049ba1d9, 0xe9a947ea), + TOBN(0x44f9e47f, 0x83c8debc), + TOBN(0xfa77a1fe, 0x611f8b8e), + TOBN(0xfd2e416a, 0xf518f427), + TOBN(0xc5fffa70, 0x114ebac3), + TOBN(0xfe57c4e9, 0x5d89697b), + TOBN(0xfdd053ac, 0xb1aaf613), + TOBN(0x31df210f, 0xea585a45), + TOBN(0x318cc10e, 0x24985034), + TOBN(0x1a38efd1, 0x5f1d6130), + TOBN(0xbf86f237, 0x0b1e9e21), + TOBN(0xb258514d, 0x1dbe88aa), + TOBN(0x1e38a588, 0x90c1baf9), + TOBN(0x2936a01e, 0xbdb9b692), + TOBN(0xd576de98, 0x6dd5b20c), + TOBN(0xb586bf71, 0x70f98ecf), + TOBN(0xcccf0f12, 0xc42d2fd7), + TOBN(0x8717e61c, 0xfb35bd7b), + TOBN(0x8b1e5722, 0x35e6fc06), + TOBN(0x3477728f, 0x0b3e13d5), + TOBN(0x150c294d, 0xaa8a7372), + TOBN(0xc0291d43, 0x3bfa528a), + TOBN(0xc6c8bc67, 0xcec5a196), + TOBN(0xdeeb31e4, 0x5c2e8a7c), + TOBN(0xba93e244, 0xfb6e1c51), + TOBN(0xb9f8b71b, 0x2e28e156), + TOBN(0xce65a287, 0x968a2ab9), + TOBN(0xe3c5ce69, 0x46bbcb1f), + TOBN(0xf8c835b9, 0xe7ae3f30), + TOBN(0x16bbee26, 0xff72b82b), + TOBN(0x665e2017, 0xfd42cd22), + TOBN(0x1e139970, 0xf8b1d2a0), + TOBN(0x125cda29, 0x79204932), + TOBN(0x7aee94a5, 0x49c3bee5), + TOBN(0x68c70160, 0x89821a66), + TOBN(0xf7c37678, 0x8f981669), + TOBN(0xd90829fc, 0x48cc3645), + TOBN(0x346af049, 0xd70addfc), + TOBN(0x2057b232, 0x370bf29c), + TOBN(0xf90c73ce, 0x42e650ee), + TOBN(0xe03386ea, 0xa126ab90), + TOBN(0x0e266e7e, 0x975a087b), + TOBN(0x80578eb9, 0x0fca65d9), + TOBN(0x7e2989ea, 0x16af45b8), + TOBN(0x7438212d, 0xcac75a4e), + TOBN(0x38c7ca39, 0x4fef36b8), + TOBN(0x8650c494, 0xd402676a), + TOBN(0x26ab5a66, 0xf72c7c48), + TOBN(0x4e6cb426, 0xce3a464e), + TOBN(0xf8f99896, 0x2b72f841), + TOBN(0x8c318491, 0x1a335cc8), + TOBN(0x563459ba, 0x6a5913e4), + TOBN(0x1b920d61, 0xc7b32919), + TOBN(0x805ab8b6, 0xa02425ad), + TOBN(0x2ac512da, 0x8d006086), + TOBN(0x6ca4846a, 0xbcf5c0fd), + TOBN(0xafea51d8, 0xac2138d7), + TOBN(0xcb647545, 0x344cd443), + TOBN(0x0429ee8f, 0xbd7d9040), + TOBN(0xee66a2de, 0x819b9c96), + TOBN(0x54f9ec25, 0xdea7d744), + TOBN(0x2ffea642, 0x671721bb), + TOBN(0x4f19dbd1, 0x114344ea), + TOBN(0x04304536, 0xfd0dbc8b), + TOBN(0x014b50aa, 0x29ec7f91), + TOBN(0xb5fc22fe, 0xbb06014d), + TOBN(0x60d963a9, 0x1ee682e0), + TOBN(0xdf48abc0, 0xfe85c727), + TOBN(0x0cadba13, 0x2e707c2d), + TOBN(0xde608d3a, 0xa645aeff), + TOBN(0x05f1c28b, 0xedafd883), + TOBN(0x3c362ede, 0xbd94de1f), + TOBN(0x8dd0629d, 0x13593e41), + TOBN(0x0a5e736f, 0x766d6eaf), + TOBN(0xbfa92311, 0xf68cf9d1), + TOBN(0xa4f9ef87, 0xc1797556), + TOBN(0x10d75a1f, 0x5601c209), + TOBN(0x651c374c, 0x09b07361), + TOBN(0x49950b58, 0x88b5cead), + TOBN(0x0ef00058, 0x6fa9dbaa), + TOBN(0xf51ddc26, 0x4e15f33a), + TOBN(0x1f8b5ca6, 0x2ef46140), + TOBN(0x343ac0a3, 0xee9523f0), + TOBN(0xbb75eab2, 0x975ea978), + TOBN(0x1bccf332, 0x107387f4), + TOBN(0x790f9259, 0x9ab0062e), + TOBN(0xf1a363ad, 0x1e4f6a5f), + TOBN(0x06e08b84, 0x62519a50), + TOBN(0x60915187, 0x7265f1ee), + TOBN(0x6a80ca34, 0x93ae985e), + TOBN(0x81b29768, 0xaaba4864), + TOBN(0xb13cabf2, 0x8d52a7d6), + TOBN(0xb5c36348, 0x8ead03f1), + TOBN(0xc932ad95, 0x81c7c1c0), + TOBN(0x5452708e, 0xcae1e27b), + TOBN(0x9dac4269, 0x1b0df648), + TOBN(0x233e3f0c, 0xdfcdb8bc), + TOBN(0xe6ceccdf, 0xec540174), + TOBN(0xbd0d845e, 0x95081181), + TOBN(0xcc8a7920, 0x699355d5), + TOBN(0x111c0f6d, 0xc3b375a8), + TOBN(0xfd95bc6b, 0xfd51e0dc), + TOBN(0x4a106a26, 0x6888523a), + TOBN(0x4d142bd6, 0xcb01a06d), + TOBN(0x79bfd289, 0xadb9b397), + TOBN(0x0bdbfb94, 0xe9863914), + TOBN(0x29d8a229, 0x1660f6a6), + TOBN(0x7f6abcd6, 0x551c042d), + TOBN(0x13039deb, 0x0ac3ffe8), + TOBN(0xa01be628, 0xec8523fb), + TOBN(0x6ea34103, 0x0ca1c328), + TOBN(0xc74114bd, 0xb903928e), + TOBN(0x8aa4ff4e, 0x9e9144b0), + TOBN(0x7064091f, 0x7f9a4b17), + TOBN(0xa3f4f521, 0xe447f2c4), + TOBN(0x81b8da7a, 0x604291f0), + TOBN(0xd680bc46, 0x7d5926de), + TOBN(0x84f21fd5, 0x34a1202f), + TOBN(0x1d1e3181, 0x4e9df3d8), + TOBN(0x1ca4861a, 0x39ab8d34), + TOBN(0x809ddeec, 0x5b19aa4a), + TOBN(0x59f72f7e, 0x4d329366), + TOBN(0xa2f93f41, 0x386d5087), + TOBN(0x40bf739c, 0xdd67d64f), + TOBN(0xb4494205, 0x66702158), + TOBN(0xc33c65be, 0x73b1e178), + TOBN(0xcdcd657c, 0x38ca6153), + TOBN(0x97f4519a, 0xdc791976), + TOBN(0xcc7c7f29, 0xcd6e1f39), + TOBN(0x38de9cfb, 0x7e3c3932), + TOBN(0xe448eba3, 0x7b793f85), + TOBN(0xe9f8dbf9, 0xf067e914), + TOBN(0xc0390266, 0xf114ae87), + TOBN(0x39ed75a7, 0xcd6a8e2a), + TOBN(0xadb14848, 0x7ffba390), + TOBN(0x67f8cb8b, 0x6af9bc09), + TOBN(0x322c3848, 0x9c7476db), + TOBN(0xa320fecf, 0x52a538d6), + TOBN(0xe0493002, 0xb2aced2b), + TOBN(0xdfba1809, 0x616bd430), + TOBN(0x531c4644, 0xc331be70), + TOBN(0xbc04d32e, 0x90d2e450), + TOBN(0x1805a0d1, 0x0f9f142d), + TOBN(0x2c44a0c5, 0x47ee5a23), + TOBN(0x31875a43, 0x3989b4e3), + TOBN(0x6b1949fd, 0x0c063481), + TOBN(0x2dfb9e08, 0xbe0f4492), + TOBN(0x3ff0da03, 0xe9d5e517), + TOBN(0x03dbe9a1, 0xf79466a8), + TOBN(0x0b87bcd0, 0x15ea9932), + TOBN(0xeb64fc83, 0xab1f58ab), + TOBN(0x6d9598da, 0x817edc8a), + TOBN(0x699cff66, 0x1d3b67e5), + TOBN(0x645c0f29, 0x92635853), + TOBN(0x253cdd82, 0xeabaf21c), + TOBN(0x82b9602a, 0x2241659e), + TOBN(0x2cae07ec, 0x2d9f7091), + TOBN(0xbe4c720c, 0x8b48cd9b), + TOBN(0x6ce5bc03, 0x6f08d6c9), + TOBN(0x36e8a997, 0xaf10bf40), + TOBN(0x83422d21, 0x3e10ff12), + TOBN(0x7b26d3eb, 0xbcc12494), + TOBN(0xb240d2d0, 0xc9469ad6), + TOBN(0xc4a11b4d, 0x30afa05b), + TOBN(0x4b604ace, 0xdd6ba286), + TOBN(0x18486600, 0x3ee2864c), + TOBN(0x5869d6ba, 0x8d9ce5be), + TOBN(0x0d8f68c5, 0xff4bfb0d), + TOBN(0xb69f210b, 0x5700cf73), + TOBN(0x61f6653a, 0x6d37c135), + TOBN(0xff3d432b, 0x5aff5a48), + TOBN(0x0d81c4b9, 0x72ba3a69), + TOBN(0xee879ae9, 0xfa1899ef), + TOBN(0xbac7e2a0, 0x2d6acafd), + TOBN(0xd6d93f6c, 0x1c664399), + TOBN(0x4c288de1, 0x5bcb135d), + TOBN(0x83031dab, 0x9dab7cbf), + TOBN(0xfe23feb0, 0x3abbf5f0), + TOBN(0x9f1b2466, 0xcdedca85), + TOBN(0x140bb710, 0x1a09538c), + TOBN(0xac8ae851, 0x5e11115d), + TOBN(0x0d63ff67, 0x6f03f59e), + TOBN(0x755e5551, 0x7d234afb), + TOBN(0x61c2db4e, 0x7e208fc1), + TOBN(0xaa9859ce, 0xf28a4b5d), + TOBN(0xbdd6d4fc, 0x34af030f), + TOBN(0xd1c4a26d, 0x3be01cb1), + TOBN(0x9ba14ffc, 0x243aa07c), + TOBN(0xf95cd3a9, 0xb2503502), + TOBN(0xe379bc06, 0x7d2a93ab), + TOBN(0x3efc18e9, 0xd4ca8d68), + TOBN(0x083558ec, 0x80bb412a), + TOBN(0xd903b940, 0x9645a968), + TOBN(0xa499f0b6, 0x9ba6054f), + TOBN(0x208b573c, 0xb8349abe), + TOBN(0x3baab3e5, 0x30b4fc1c), + TOBN(0x87e978ba, 0xcb524990), + TOBN(0x3524194e, 0xccdf0e80), + TOBN(0x62711725, 0x7d4bcc42), + TOBN(0xe90a3d9b, 0xb90109ba), + TOBN(0x3b1bdd57, 0x1323e1e0), + TOBN(0xb78e9bd5, 0x5eae1599), + TOBN(0x0794b746, 0x9e03d278), + TOBN(0x80178605, 0xd70e6297), + TOBN(0x171792f8, 0x99c97855), + TOBN(0x11b393ee, 0xf5a86b5c), + TOBN(0x48ef6582, 0xd8884f27), + TOBN(0xbd44737a, 0xbf19ba5f), + TOBN(0x8698de4c, 0xa42062c6), + TOBN(0x8975eb80, 0x61ce9c54), + TOBN(0xd50e57c7, 0xd7fe71f3), + TOBN(0x15342190, 0xbc97ce38), + TOBN(0x51bda2de, 0x4df07b63), + TOBN(0xba12aeae, 0x200eb87d), + TOBN(0xabe135d2, 0xa9b4f8f6), + TOBN(0x04619d65, 0xfad6d99c), + TOBN(0x4a6683a7, 0x7994937c), + TOBN(0x7a778c8b, 0x6f94f09a), + TOBN(0x8c508623, 0x20a71b89), + TOBN(0x241a2aed, 0x1c229165), + TOBN(0x352be595, 0xaaf83a99), + TOBN(0x9fbfee7f, 0x1562bac8), + TOBN(0xeaf658b9, 0x5c4017e3), + TOBN(0x1dc7f9e0, 0x15120b86), + TOBN(0xd84f13dd, 0x4c034d6f), + TOBN(0x283dd737, 0xeaea3038), + TOBN(0x197f2609, 0xcd85d6a2), + TOBN(0x6ebbc345, 0xfae60177), + TOBN(0xb80f031b, 0x4e12fede), + TOBN(0xde55d0c2, 0x07a2186b), + TOBN(0x1fb3e37f, 0x24dcdd5a), + TOBN(0x8d602da5, 0x7ed191fb), + TOBN(0x108fb056, 0x76023e0d), + TOBN(0x70178c71, 0x459c20c0), + TOBN(0xfad5a386, 0x3fe54cf0), + TOBN(0xa4a3ec4f, 0x02bbb475), + TOBN(0x1aa5ec20, 0x919d94d7), + TOBN(0x5d3b63b5, 0xa81e4ab3), + TOBN(0x7fa733d8, 0x5ad3d2af), + TOBN(0xfbc586dd, 0xd1ac7a37), + TOBN(0x282925de, 0x40779614), + TOBN(0xfe0ffffb, 0xe74a242a), + TOBN(0x3f39e67f, 0x906151e5), + TOBN(0xcea27f5f, 0x55e10649), + TOBN(0xdca1d4e1, 0xc17cf7b7), + TOBN(0x0c326d12, 0x2fe2362d), + TOBN(0x05f7ac33, 0x7dd35df3), + TOBN(0x0c3b7639, 0xc396dbdf), + TOBN(0x0912f5ac, 0x03b7db1c), + TOBN(0x9dea4b70, 0x5c9ed4a9), + TOBN(0x475e6e53, 0xaae3f639), + TOBN(0xfaba0e7c, 0xfc278bac), + TOBN(0x16f9e221, 0x9490375f), + TOBN(0xaebf9746, 0xa5a7ed0a), + TOBN(0x45f9af3f, 0xf41ad5d6), + TOBN(0x03c4623c, 0xb2e99224), + TOBN(0x82c5bb5c, 0xb3cf56aa), + TOBN(0x64311819, 0x34567ed3), + TOBN(0xec57f211, 0x8be489ac), + TOBN(0x2821895d, 0xb9a1104b), + TOBN(0x610dc875, 0x6064e007), + TOBN(0x8e526f3f, 0x5b20d0fe), + TOBN(0x6e71ca77, 0x5b645aee), + TOBN(0x3d1dcb9f, 0x800e10ff), + TOBN(0x36b51162, 0x189cf6de), + TOBN(0x2c5a3e30, 0x6bb17353), + TOBN(0xc186cd3e, 0x2a6c6fbf), + TOBN(0xa74516fa, 0x4bf97906), + TOBN(0x5b4b8f4b, 0x279d6901), + TOBN(0x0c4e57b4, 0x2b573743), + TOBN(0x75fdb229, 0xb6e386b6), + TOBN(0xb46793fd, 0x99deac27), + TOBN(0xeeec47ea, 0xcf712629), + TOBN(0xe965f3c4, 0xcbc3b2dd), + TOBN(0x8dd1fb83, 0x425c6559), + TOBN(0x7fc00ee6, 0x0af06fda), + TOBN(0xe98c9225, 0x33d956df), + TOBN(0x0f1ef335, 0x4fbdc8a2), + TOBN(0x2abb5145, 0xb79b8ea2), + TOBN(0x40fd2945, 0xbdbff288), + TOBN(0x6a814ac4, 0xd7185db7), + TOBN(0xc4329d6f, 0xc084609a), + TOBN(0xc9ba7b52, 0xed1be45d), + TOBN(0x891dd20d, 0xe4cd2c74), + TOBN(0x5a4d4a7f, 0x824139b1), + TOBN(0x66c17716, 0xb873c710), + TOBN(0x5e5bc141, 0x2843c4e0), + TOBN(0xd5ac4817, 0xb97eb5bf), + TOBN(0xc0f8af54, 0x450c95c7), + TOBN(0xc91b3fa0, 0x318406c5), + TOBN(0x360c340a, 0xab9d97f8), + TOBN(0xfb57bd07, 0x90a2d611), + TOBN(0x4339ae3c, 0xa6a6f7e5), + TOBN(0x9c1fcd2a, 0x2feb8a10), + TOBN(0x972bcca9, 0xc7ea7432), + TOBN(0x1b0b924c, 0x308076f6), + TOBN(0x80b2814a, 0x2a5b4ca5), + TOBN(0x2f78f55b, 0x61ef3b29), + TOBN(0xf838744a, 0xc18a414f), + TOBN(0xc611eaae, 0x903d0a86), + TOBN(0x94dabc16, 0x2a453f55), + TOBN(0xe6f2e3da, 0x14efb279), + TOBN(0x5b7a6017, 0x9320dc3c), + TOBN(0x692e382f, 0x8df6b5a4), + TOBN(0x3f5e15e0, 0x2d40fa90), + TOBN(0xc87883ae, 0x643dd318), + TOBN(0x511053e4, 0x53544774), + TOBN(0x834d0ecc, 0x3adba2bc), + TOBN(0x4215d7f7, 0xbae371f5), + TOBN(0xfcfd57bf, 0x6c8663bc), + TOBN(0xded2383d, 0xd6901b1d), + TOBN(0x3b49fbb4, 0xb5587dc3), + TOBN(0xfd44a08d, 0x07625f62), + TOBN(0x3ee4d65b, 0x9de9b762), + }, + { + TOBN(0x64e5137d, 0x0d63d1fa), + TOBN(0x658fc052, 0x02a9d89f), + TOBN(0x48894874, 0x50436309), + TOBN(0xe9ae30f8, 0xd598da61), + TOBN(0x2ed710d1, 0x818baf91), + TOBN(0xe27e9e06, 0x8b6a0c20), + TOBN(0x1e28dcfb, 0x1c1a6b44), + TOBN(0x883acb64, 0xd6ac57dc), + TOBN(0x8735728d, 0xc2c6ff70), + TOBN(0x79d6122f, 0xc5dc2235), + TOBN(0x23f5d003, 0x19e277f9), + TOBN(0x7ee84e25, 0xdded8cc7), + TOBN(0x91a8afb0, 0x63cd880a), + TOBN(0x3f3ea7c6, 0x3574af60), + TOBN(0x0cfcdc84, 0x02de7f42), + TOBN(0x62d0792f, 0xb31aa152), + TOBN(0x8e1b4e43, 0x8a5807ce), + TOBN(0xad283893, 0xe4109a7e), + TOBN(0xc30cc9cb, 0xafd59dda), + TOBN(0xf65f36c6, 0x3d8d8093), + TOBN(0xdf31469e, 0xa60d32b2), + TOBN(0xee93df4b, 0x3e8191c8), + TOBN(0x9c1017c5, 0x355bdeb5), + TOBN(0xd2623185, 0x8616aa28), + TOBN(0xb02c83f9, 0xdec31a21), + TOBN(0x988c8b23, 0x6ad9d573), + TOBN(0x53e983ae, 0xa57be365), + TOBN(0xe968734d, 0x646f834e), + TOBN(0x9137ea8f, 0x5da6309b), + TOBN(0x10f3a624, 0xc1f1ce16), + TOBN(0x782a9ea2, 0xca440921), + TOBN(0xdf94739e, 0x5b46f1b5), + TOBN(0x9f9be006, 0xcce85c9b), + TOBN(0x360e70d6, 0xa4c7c2d3), + TOBN(0x2cd5beea, 0xaefa1e60), + TOBN(0x64cf63c0, 0x8c3d2b6d), + TOBN(0xfb107fa3, 0xe1cf6f90), + TOBN(0xb7e937c6, 0xd5e044e6), + TOBN(0x74e8ca78, 0xce34db9f), + TOBN(0x4f8b36c1, 0x3e210bd0), + TOBN(0x1df165a4, 0x34a35ea8), + TOBN(0x3418e0f7, 0x4d4412f6), + TOBN(0x5af1f8af, 0x518836c3), + TOBN(0x42ceef4d, 0x130e1965), + TOBN(0x5560ca0b, 0x543a1957), + TOBN(0xc33761e5, 0x886cb123), + TOBN(0x66624b1f, 0xfe98ed30), + TOBN(0xf772f4bf, 0x1090997d), + TOBN(0xf4e540bb, 0x4885d410), + TOBN(0x7287f810, 0x9ba5f8d7), + TOBN(0x22d0d865, 0xde98dfb1), + TOBN(0x49ff51a1, 0xbcfbb8a3), + TOBN(0xb6b6fa53, 0x6bc3012e), + TOBN(0x3d31fd72, 0x170d541d), + TOBN(0x8018724f, 0x4b0f4966), + TOBN(0x79e7399f, 0x87dbde07), + TOBN(0x56f8410e, 0xf4f8b16a), + TOBN(0x97241afe, 0xc47b266a), + TOBN(0x0a406b8e, 0x6d9c87c1), + TOBN(0x803f3e02, 0xcd42ab1b), + TOBN(0x7f0309a8, 0x04dbec69), + TOBN(0xa83b85f7, 0x3bbad05f), + TOBN(0xc6097273, 0xad8e197f), + TOBN(0xc097440e, 0x5067adc1), + TOBN(0x730eafb6, 0x3524ff16), + TOBN(0xd7f9b51e, 0x823fc6ce), + TOBN(0x27bd0d32, 0x443e4ac0), + TOBN(0x40c59ad9, 0x4d66f217), + TOBN(0x6c33136f, 0x17c387a4), + TOBN(0x5043b8d5, 0xeb86804d), + TOBN(0x74970312, 0x675a73c9), + TOBN(0x838fdb31, 0xf16669b6), + TOBN(0xc507b6dd, 0x418e7ddd), + TOBN(0x39888d93, 0x472f19d6), + TOBN(0x7eae26be, 0x0c27eb4d), + TOBN(0x17b53ed3, 0xfbabb884), + TOBN(0xfc27021b, 0x2b01ae4f), + TOBN(0x88462e87, 0xcf488682), + TOBN(0xbee096ec, 0x215e2d87), + TOBN(0xeb2fea9a, 0xd242e29b), + TOBN(0x5d985b5f, 0xb821fc28), + TOBN(0x89d2e197, 0xdc1e2ad2), + TOBN(0x55b566b8, 0x9030ba62), + TOBN(0xe3fd41b5, 0x4f41b1c6), + TOBN(0xb738ac2e, 0xb9a96d61), + TOBN(0x7f8567ca, 0x369443f4), + TOBN(0x8698622d, 0xf803a440), + TOBN(0x2b586236, 0x8fe2f4dc), + TOBN(0xbbcc00c7, 0x56b95bce), + TOBN(0x5ec03906, 0x616da680), + TOBN(0x79162ee6, 0x72214252), + TOBN(0x43132b63, 0x86a892d2), + TOBN(0x4bdd3ff2, 0x2f3263bf), + TOBN(0xd5b3733c, 0x9cd0a142), + TOBN(0x592eaa82, 0x44415ccb), + TOBN(0x663e8924, 0x8d5474ea), + TOBN(0x8058a25e, 0x5236344e), + TOBN(0x82e8df9d, 0xbda76ee6), + TOBN(0xdcf6efd8, 0x11cc3d22), + TOBN(0x00089cda, 0x3b4ab529), + TOBN(0x91d3a071, 0xbd38a3db), + TOBN(0x4ea97fc0, 0xef72b925), + TOBN(0x0c9fc15b, 0xea3edf75), + TOBN(0x5a6297cd, 0xa4348ed3), + TOBN(0x0d38ab35, 0xce7c42d4), + TOBN(0x9fd493ef, 0x82feab10), + TOBN(0x46056b6d, 0x82111b45), + TOBN(0xda11dae1, 0x73efc5c3), + TOBN(0xdc740278, 0x5545a7fb), + TOBN(0xbdb2601c, 0x40d507e6), + TOBN(0x121dfeeb, 0x7066fa58), + TOBN(0x214369a8, 0x39ae8c2a), + TOBN(0x195709cb, 0x06e0956c), + TOBN(0x4c9d254f, 0x010cd34b), + TOBN(0xf51e13f7, 0x0471a532), + TOBN(0xe19d6791, 0x1e73054d), + TOBN(0xf702a628, 0xdb5c7be3), + TOBN(0xc7141218, 0xb24dde05), + TOBN(0xdc18233c, 0xf29b2e2e), + TOBN(0x3a6bd1e8, 0x85342dba), + TOBN(0x3f747fa0, 0xb311898c), + TOBN(0xe2a272e4, 0xcd0eac65), + TOBN(0x4bba5851, 0xf914d0bc), + TOBN(0x7a1a9660, 0xc4a43ee3), + TOBN(0xe5a367ce, 0xa1c8cde9), + TOBN(0x9d958ba9, 0x7271abe3), + TOBN(0xf3ff7eb6, 0x3d1615cd), + TOBN(0xa2280dce, 0xf5ae20b0), + TOBN(0x56dba5c1, 0xcf640147), + TOBN(0xea5a2e3d, 0x5e83d118), + TOBN(0x04cd6b6d, 0xda24c511), + TOBN(0x1c0f4671, 0xe854d214), + TOBN(0x91a6b7a9, 0x69565381), + TOBN(0xdc966240, 0xdecf1f5b), + TOBN(0x1b22d21c, 0xfcf5d009), + TOBN(0x2a05f641, 0x9021dbd5), + TOBN(0x8c0ed566, 0xd4312483), + TOBN(0x5179a95d, 0x643e216f), + TOBN(0xcc185fec, 0x17044493), + TOBN(0xb3063339, 0x54991a21), + TOBN(0xd801ecdb, 0x0081a726), + TOBN(0x0149b0c6, 0x4fa89bbb), + TOBN(0xafe9065a, 0x4391b6b9), + TOBN(0xedc92786, 0xd633f3a3), + TOBN(0xe408c24a, 0xae6a8e13), + TOBN(0x85833fde, 0x9f3897ab), + TOBN(0x43800e7e, 0xd81a0715), + TOBN(0xde08e346, 0xb44ffc5f), + TOBN(0x7094184c, 0xcdeff2e0), + TOBN(0x49f9387b, 0x165eaed1), + TOBN(0x635d6129, 0x777c468a), + TOBN(0x8c0dcfd1, 0x538c2dd8), + TOBN(0xd6d9d9e3, 0x7a6a308b), + TOBN(0x62375830, 0x4c2767d3), + TOBN(0x874a8bc6, 0xf38cbeb6), + TOBN(0xd94d3f1a, 0xccb6fd9e), + TOBN(0x92a9735b, 0xba21f248), + TOBN(0x272ad0e5, 0x6cd1efb0), + TOBN(0x7437b69c, 0x05b03284), + TOBN(0xe7f04702, 0x6948c225), + TOBN(0x8a56c04a, 0xcba2ecec), + TOBN(0x0c181270, 0xe3a73e41), + TOBN(0x6cb34e9d, 0x03e93725), + TOBN(0xf77c8713, 0x496521a9), + TOBN(0x94569183, 0xfa7f9f90), + TOBN(0xf2e7aa4c, 0x8c9707ad), + TOBN(0xced2c9ba, 0x26c1c9a3), + TOBN(0x9109fe96, 0x40197507), + TOBN(0x9ae868a9, 0xe9adfe1c), + TOBN(0x3984403d, 0x314e39bb), + TOBN(0xb5875720, 0xf2fe378f), + TOBN(0x33f901e0, 0xba44a628), + TOBN(0xea1125fe, 0x3652438c), + TOBN(0xae9ec4e6, 0x9dd1f20b), + TOBN(0x1e740d9e, 0xbebf7fbd), + TOBN(0x6dbd3ddc, 0x42dbe79c), + TOBN(0x62082aec, 0xedd36776), + TOBN(0xf612c478, 0xe9859039), + TOBN(0xa493b201, 0x032f7065), + TOBN(0xebd4d8f2, 0x4ff9b211), + TOBN(0x3f23a0aa, 0xaac4cb32), + TOBN(0xea3aadb7, 0x15ed4005), + TOBN(0xacf17ea4, 0xafa27e63), + TOBN(0x56125c1a, 0xc11fd66c), + TOBN(0x266344a4, 0x3794f8dc), + TOBN(0xdcca923a, 0x483c5c36), + TOBN(0x2d6b6bbf, 0x3f9d10a0), + TOBN(0xb320c5ca, 0x81d9bdf3), + TOBN(0x620e28ff, 0x47b50a95), + TOBN(0x933e3b01, 0xcef03371), + TOBN(0xf081bf85, 0x99100153), + TOBN(0x183be9a0, 0xc3a8c8d6), + TOBN(0x4e3ddc5a, 0xd6bbe24d), + TOBN(0xc6c74630, 0x53843795), + TOBN(0x78193dd7, 0x65ec2d4c), + TOBN(0xb8df26cc, 0xcd3c89b2), + TOBN(0x98dbe399, 0x5a483f8d), + TOBN(0x72d8a957, 0x7dd3313a), + TOBN(0x65087294, 0xab0bd375), + TOBN(0xfcd89248, 0x7c259d16), + TOBN(0x8a9443d7, 0x7613aa81), + TOBN(0x80100800, 0x85fe6584), + TOBN(0x70fc4dbc, 0x7fb10288), + TOBN(0xf58280d3, 0xe86beee8), + TOBN(0x14fdd82f, 0x7c978c38), + TOBN(0xdf1204c1, 0x0de44d7b), + TOBN(0xa08a1c84, 0x4160252f), + TOBN(0x591554ca, 0xc17646a5), + TOBN(0x214a37d6, 0xa05bd525), + TOBN(0x48d5f09b, 0x07957b3c), + TOBN(0x0247cdcb, 0xd7109bc9), + TOBN(0x40f9e4bb, 0x30599ce7), + TOBN(0xc325fa03, 0xf46ad2ec), + TOBN(0x00f766cf, 0xc3e3f9ee), + TOBN(0xab556668, 0xd43a4577), + TOBN(0x68d30a61, 0x3ee03b93), + TOBN(0x7ddc81ea, 0x77b46a08), + TOBN(0xcf5a6477, 0xc7480699), + TOBN(0x43a8cb34, 0x6633f683), + TOBN(0x1b867e6b, 0x92363c60), + TOBN(0x43921114, 0x1f60558e), + TOBN(0xcdbcdd63, 0x2f41450e), + TOBN(0x7fc04601, 0xcc630e8b), + TOBN(0xea7c66d5, 0x97038b43), + TOBN(0x7259b8a5, 0x04e99fd8), + TOBN(0x98a8dd12, 0x4785549a), + TOBN(0x0e459a7c, 0x840552e1), + TOBN(0xcdfcf4d0, 0x4bb0909e), + TOBN(0x34a86db2, 0x53758da7), + TOBN(0xe643bb83, 0xeac997e1), + TOBN(0x96400bd7, 0x530c5b7e), + TOBN(0x9f97af87, 0xb41c8b52), + TOBN(0x34fc8820, 0xfbeee3f9), + TOBN(0x93e53490, 0x49091afd), + TOBN(0x764b9be5, 0x9a31f35c), + TOBN(0x71f37864, 0x57e3d924), + TOBN(0x02fb34e0, 0x943aa75e), + TOBN(0xa18c9c58, 0xab8ff6e4), + TOBN(0x080f31b1, 0x33cf0d19), + TOBN(0x5c9682db, 0x083518a7), + TOBN(0x873d4ca6, 0xb709c3de), + TOBN(0x64a84262, 0x3575b8f0), + TOBN(0x6275da1f, 0x020154bb), + TOBN(0x97678caa, 0xd17cf1ab), + TOBN(0x8779795f, 0x951a95c3), + TOBN(0xdd35b163, 0x50fccc08), + TOBN(0x32709627, 0x33d8f031), + TOBN(0x3c5ab10a, 0x498dd85c), + TOBN(0xb6c185c3, 0x41dca566), + TOBN(0x7de7feda, 0xd8622aa3), + TOBN(0x99e84d92, 0x901b6dfb), + TOBN(0x30a02b0e, 0x7c4ad288), + TOBN(0xc7c81daa, 0x2fd3cf36), + TOBN(0xd1319547, 0xdf89e59f), + TOBN(0xb2be8184, 0xcd496733), + TOBN(0xd5f449eb, 0x93d3412b), + TOBN(0x7ea41b1b, 0x25fe531d), + TOBN(0xf9797432, 0x6a1d5646), + TOBN(0x86067f72, 0x2bde501a), + TOBN(0xf91481c0, 0x0c85e89c), + TOBN(0xca8ee465, 0xf8b05bc6), + TOBN(0x1844e1cf, 0x02e83cda), + TOBN(0xca82114a, 0xb4dbe33b), + TOBN(0x0f9f8769, 0x4eabfde2), + TOBN(0x4936b1c0, 0x38b27fe2), + TOBN(0x63b6359b, 0xaba402df), + TOBN(0x40c0ea2f, 0x656bdbab), + TOBN(0x9c992a89, 0x6580c39c), + TOBN(0x600e8f15, 0x2a60aed1), + TOBN(0xeb089ca4, 0xe0bf49df), + TOBN(0x9c233d7d, 0x2d42d99a), + TOBN(0x648d3f95, 0x4c6bc2fa), + TOBN(0xdcc383a8, 0xe1add3f3), + TOBN(0xf42c0c6a, 0x4f64a348), + TOBN(0x2abd176f, 0x0030dbdb), + TOBN(0x4de501a3, 0x7d6c215e), + TOBN(0x4a107c1f, 0x4b9a64bc), + TOBN(0xa77f0ad3, 0x2496cd59), + TOBN(0xfb78ac62, 0x7688dffb), + TOBN(0x7025a2ca, 0x67937d8e), + TOBN(0xfde8b2d1, 0xd1a8f4e7), + TOBN(0xf5b3da47, 0x7354927c), + TOBN(0xe48606a3, 0xd9205735), + TOBN(0xac477cc6, 0xe177b917), + TOBN(0xfb1f73d2, 0xa883239a), + TOBN(0xe12572f6, 0xcc8b8357), + TOBN(0x9d355e9c, 0xfb1f4f86), + TOBN(0x89b795f8, 0xd9f3ec6e), + TOBN(0x27be56f1, 0xb54398dc), + TOBN(0x1890efd7, 0x3fedeed5), + TOBN(0x62f77f1f, 0x9c6d0140), + TOBN(0x7ef0e314, 0x596f0ee4), + TOBN(0x50ca6631, 0xcc61dab3), + TOBN(0x4a39801d, 0xf4866e4f), + TOBN(0x66c8d032, 0xae363b39), + TOBN(0x22c591e5, 0x2ead66aa), + TOBN(0x954ba308, 0xde02a53e), + TOBN(0x2a6c060f, 0xd389f357), + TOBN(0xe6cfcde8, 0xfbf40b66), + TOBN(0x8e02fc56, 0xc6340ce1), + TOBN(0xe4957795, 0x73adb4ba), + TOBN(0x7b86122c, 0xa7b03805), + TOBN(0x63f83512, 0x0c8e6fa6), + TOBN(0x83660ea0, 0x057d7804), + TOBN(0xbad79105, 0x21ba473c), + TOBN(0xb6c50bee, 0xded5389d), + TOBN(0xee2caf4d, 0xaa7c9bc0), + TOBN(0xd97b8de4, 0x8c4e98a7), + TOBN(0xa9f63e70, 0xab3bbddb), + TOBN(0x3898aabf, 0x2597815a), + TOBN(0x7659af89, 0xac15b3d9), + TOBN(0xedf7725b, 0x703ce784), + TOBN(0x25470fab, 0xe085116b), + TOBN(0x04a43375, 0x87285310), + TOBN(0x4e39187e, 0xe2bfd52f), + TOBN(0x36166b44, 0x7d9ebc74), + TOBN(0x92ad433c, 0xfd4b322c), + TOBN(0x726aa817, 0xba79ab51), + TOBN(0xf96eacd8, 0xc1db15eb), + TOBN(0xfaf71e91, 0x0476be63), + TOBN(0xdd69a640, 0x641fad98), + TOBN(0xb7995918, 0x29622559), + TOBN(0x03c6daa5, 0xde4199dc), + TOBN(0x92cadc97, 0xad545eb4), + TOBN(0x1028238b, 0x256534e4), + TOBN(0x73e80ce6, 0x8595409a), + TOBN(0x690d4c66, 0xd05dc59b), + TOBN(0xc95f7b8f, 0x981dee80), + TOBN(0xf4337014, 0xd856ac25), + TOBN(0x441bd9dd, 0xac524dca), + TOBN(0x640b3d85, 0x5f0499f5), + TOBN(0x39cf84a9, 0xd5fda182), + TOBN(0x04e7b055, 0xb2aa95a0), + TOBN(0x29e33f0a, 0x0ddf1860), + TOBN(0x082e74b5, 0x423f6b43), + TOBN(0x217edeb9, 0x0aaa2b0f), + TOBN(0x58b83f35, 0x83cbea55), + TOBN(0xc485ee4d, 0xbc185d70), + TOBN(0x833ff03b, 0x1e5f6992), + TOBN(0xb5b9b9cc, 0xcf0c0dd5), + TOBN(0x7caaee8e, 0x4e9e8a50), + TOBN(0x462e907b, 0x6269dafd), + TOBN(0x6ed5cee9, 0xfbe791c6), + TOBN(0x68ca3259, 0xed430790), + TOBN(0x2b72bdf2, 0x13b5ba88), + TOBN(0x60294c8a, 0x35ef0ac4), + TOBN(0x9c3230ed, 0x19b99b08), + TOBN(0x560fff17, 0x6c2589aa), + TOBN(0x552b8487, 0xd6770374), + TOBN(0xa373202d, 0x9a56f685), + TOBN(0xd3e7f907, 0x45f175d9), + TOBN(0x3c2f315f, 0xd080d810), + TOBN(0x1130e9dd, 0x7b9520e8), + TOBN(0xc078f9e2, 0x0af037b5), + TOBN(0x38cd2ec7, 0x1e9c104c), + TOBN(0x0f684368, 0xc472fe92), + TOBN(0xd3f1b5ed, 0x6247e7ef), + TOBN(0xb32d33a9, 0x396dfe21), + TOBN(0x46f59cf4, 0x4a9aa2c2), + TOBN(0x69cd5168, 0xff0f7e41), + TOBN(0x3f59da0f, 0x4b3234da), + TOBN(0xcf0b0235, 0xb4579ebe), + TOBN(0x6d1cbb25, 0x6d2476c7), + TOBN(0x4f0837e6, 0x9dc30f08), + TOBN(0x9a4075bb, 0x906f6e98), + TOBN(0x253bb434, 0xc761e7d1), + TOBN(0xde2e645f, 0x6e73af10), + TOBN(0xb89a4060, 0x0c5f131c), + TOBN(0xd12840c5, 0xb8cc037f), + TOBN(0x3d093a5b, 0x7405bb47), + TOBN(0x6202c253, 0x206348b8), + TOBN(0xbf5d57fc, 0xc55a3ca7), + TOBN(0x89f6c90c, 0x8c3bef48), + TOBN(0x23ac7623, 0x5a0a960a), + TOBN(0xdfbd3d6b, 0x552b42ab), + TOBN(0x3ef22458, 0x132061f6), + TOBN(0xd74e9bda, 0xc97e6516), + TOBN(0x88779360, 0xc230f49e), + TOBN(0xa6ec1de3, 0x1e74ea49), + TOBN(0x581dcee5, 0x3fb645a2), + TOBN(0xbaef2391, 0x8f483f14), + TOBN(0x6d2dddfc, 0xd137d13b), + TOBN(0x54cde50e, 0xd2743a42), + TOBN(0x89a34fc5, 0xe4d97e67), + TOBN(0x13f1f5b3, 0x12e08ce5), + TOBN(0xa80540b8, 0xa7f0b2ca), + TOBN(0x854bcf77, 0x01982805), + TOBN(0xb8653ffd, 0x233bea04), + TOBN(0x8e7b8787, 0x02b0b4c9), + TOBN(0x2675261f, 0x9acb170a), + TOBN(0x061a9d90, 0x930c14e5), + TOBN(0xb59b30e0, 0xdef0abea), + TOBN(0x1dc19ea6, 0x0200ec7d), + TOBN(0xb6f4a3f9, 0x0bce132b), + TOBN(0xb8d5de90, 0xf13e27e0), + TOBN(0xbaee5ef0, 0x1fade16f), + TOBN(0x6f406aaa, 0xe4c6cf38), + TOBN(0xab4cfe06, 0xd1369815), + TOBN(0x0dcffe87, 0xefd550c6), + TOBN(0x9d4f59c7, 0x75ff7d39), + TOBN(0xb02553b1, 0x51deb6ad), + TOBN(0x812399a4, 0xb1877749), + TOBN(0xce90f71f, 0xca6006e1), + TOBN(0xc32363a6, 0xb02b6e77), + TOBN(0x02284fbe, 0xdc36c64d), + TOBN(0x86c81e31, 0xa7e1ae61), + TOBN(0x2576c7e5, 0xb909d94a), + TOBN(0x8b6f7d02, 0x818b2bb0), + TOBN(0xeca3ed07, 0x56faa38a), + TOBN(0xa3790e6c, 0x9305bb54), + TOBN(0xd784eeda, 0x7bc73061), + TOBN(0xbd56d369, 0x6dd50614), + TOBN(0xd6575949, 0x229a8aa9), + TOBN(0xdcca8f47, 0x4595ec28), + TOBN(0x814305c1, 0x06ab4fe6), + TOBN(0xc8c39768, 0x24f43f16), + TOBN(0xe2a45f36, 0x523f2b36), + TOBN(0x995c6493, 0x920d93bb), + TOBN(0xf8afdab7, 0x90f1632b), + TOBN(0x79ebbecd, 0x1c295954), + TOBN(0xc7bb3ddb, 0x79592f48), + TOBN(0x67216a7b, 0x5f88e998), + TOBN(0xd91f098b, 0xbc01193e), + TOBN(0xf7d928a5, 0xb1db83fc), + TOBN(0x55e38417, 0xe991f600), + TOBN(0x2a91113e, 0x2981a934), + TOBN(0xcbc9d648, 0x06b13bde), + TOBN(0xb011b6ac, 0x0755ff44), + TOBN(0x6f4cb518, 0x045ec613), + TOBN(0x522d2d31, 0xc2f5930a), + TOBN(0x5acae1af, 0x382e65de), + TOBN(0x57643067, 0x27bc966f), + TOBN(0x5e12705d, 0x1c7193f0), + TOBN(0xf0f32f47, 0x3be8858e), + TOBN(0x785c3d7d, 0x96c6dfc7), + TOBN(0xd75b4a20, 0xbf31795d), + TOBN(0x91acf17b, 0x342659d4), + TOBN(0xe596ea34, 0x44f0378f), + TOBN(0x4515708f, 0xce52129d), + TOBN(0x17387e1e, 0x79f2f585), + TOBN(0x72cfd2e9, 0x49dee168), + TOBN(0x1ae05223, 0x3e2af239), + TOBN(0x009e75be, 0x1d94066a), + TOBN(0x6cca31c7, 0x38abf413), + TOBN(0xb50bd61d, 0x9bc49908), + TOBN(0x4a9b4a8c, 0xf5e2bc1e), + TOBN(0xeb6cc5f7, 0x946f83ac), + TOBN(0x27da93fc, 0xebffab28), + TOBN(0xea314c96, 0x4821c8c5), + TOBN(0x8de49ded, 0xa83c15f4), + TOBN(0x7a64cf20, 0x7af33004), + TOBN(0x45f1bfeb, 0xc9627e10), + TOBN(0x878b0626, 0x54b9df60), + TOBN(0x5e4fdc3c, 0xa95c0b33), + TOBN(0xe54a37ca, 0xc2035d8e), + TOBN(0x9087cda9, 0x80f20b8c), + TOBN(0x36f61c23, 0x8319ade4), + TOBN(0x766f287a, 0xde8cfdf8), + TOBN(0x48821948, 0x346f3705), + TOBN(0x49a7b853, 0x16e4f4a2), + TOBN(0xb9b3f8a7, 0x5cedadfd), + TOBN(0x8f562815, 0x8db2a815), + TOBN(0xc0b7d554, 0x01f68f95), + TOBN(0x12971e27, 0x688a208e), + TOBN(0xc9f8b696, 0xd0ff34fc), + TOBN(0x20824de2, 0x1222718c), + TOBN(0x7213cf9f, 0x0c95284d), + TOBN(0xe2ad741b, 0xdc158240), + TOBN(0x0ee3a6df, 0x54043ccf), + TOBN(0x16ff479b, 0xd84412b3), + TOBN(0xf6c74ee0, 0xdfc98af0), + TOBN(0xa78a169f, 0x52fcd2fb), + TOBN(0xd8ae8746, 0x99c930e9), + TOBN(0x1d33e858, 0x49e117a5), + TOBN(0x7581fcb4, 0x6624759f), + TOBN(0xde50644f, 0x5bedc01d), + TOBN(0xbeec5d00, 0xcaf3155e), + TOBN(0x672d66ac, 0xbc73e75f), + TOBN(0x86b9d8c6, 0x270b01db), + TOBN(0xd249ef83, 0x50f55b79), + TOBN(0x6131d6d4, 0x73978fe3), + TOBN(0xcc4e4542, 0x754b00a1), + TOBN(0x4e05df05, 0x57dfcfe9), + TOBN(0x94b29cdd, 0x51ef6bf0), + TOBN(0xe4530cff, 0x9bc7edf2), + TOBN(0x8ac236fd, 0xd3da65f3), + TOBN(0x0faf7d5f, 0xc8eb0b48), + TOBN(0x4d2de14c, 0x660eb039), + TOBN(0xc006bba7, 0x60430e54), + TOBN(0x10a2d0d6, 0xda3289ab), + TOBN(0x9c037a5d, 0xd7979c59), + TOBN(0x04d1f3d3, 0xa116d944), + TOBN(0x9ff22473, 0x8a0983cd), + TOBN(0x28e25b38, 0xc883cabb), + TOBN(0xe968dba5, 0x47a58995), + TOBN(0x2c80b505, 0x774eebdf), + TOBN(0xee763b71, 0x4a953beb), + TOBN(0x502e223f, 0x1642e7f6), + TOBN(0x6fe4b641, 0x61d5e722), + TOBN(0x9d37c5b0, 0xdbef5316), + TOBN(0x0115ed70, 0xf8330bc7), + TOBN(0x139850e6, 0x75a72789), + TOBN(0x27d7faec, 0xffceccc2), + TOBN(0x3016a860, 0x4fd9f7f6), + TOBN(0xc492ec64, 0x4cd8f64c), + TOBN(0x58a2d790, 0x279d7b51), + TOBN(0x0ced1fc5, 0x1fc75256), + TOBN(0x3e658aed, 0x8f433017), + TOBN(0x0b61942e, 0x05da59eb), + TOBN(0xba3d60a3, 0x0ddc3722), + TOBN(0x7c311cd1, 0x742e7f87), + TOBN(0x6473ffee, 0xf6b01b6e), + }, + { + TOBN(0x8303604f, 0x692ac542), + TOBN(0xf079ffe1, 0x227b91d3), + TOBN(0x19f63e63, 0x15aaf9bd), + TOBN(0xf99ee565, 0xf1f344fb), + TOBN(0x8a1d661f, 0xd6219199), + TOBN(0x8c883bc6, 0xd48ce41c), + TOBN(0x1065118f, 0x3c74d904), + TOBN(0x713889ee, 0x0faf8b1b), + TOBN(0x972b3f8f, 0x81a1b3be), + TOBN(0x4f3ce145, 0xce2764a0), + TOBN(0xe2d0f1cc, 0x28c4f5f7), + TOBN(0xdeee0c0d, 0xc7f3985b), + TOBN(0x7df4adc0, 0xd39e25c3), + TOBN(0x40619820, 0xc467a080), + TOBN(0x440ebc93, 0x61cf5a58), + TOBN(0x527729a6, 0x422ad600), + TOBN(0xca6c0937, 0xb1b76ba6), + TOBN(0x1a2eab85, 0x4d2026dc), + TOBN(0xb1715e15, 0x19d9ae0a), + TOBN(0xf1ad9199, 0xbac4a026), + TOBN(0x35b3dfb8, 0x07ea7b0e), + TOBN(0xedf5496f, 0x3ed9eb89), + TOBN(0x8932e5ff, 0x2d6d08ab), + TOBN(0xf314874e, 0x25bd2731), + TOBN(0xefb26a75, 0x3f73f449), + TOBN(0x1d1c94f8, 0x8d44fc79), + TOBN(0x49f0fbc5, 0x3bc0dc4d), + TOBN(0xb747ea0b, 0x3698a0d0), + TOBN(0x5218c3fe, 0x228d291e), + TOBN(0x35b804b5, 0x43c129d6), + TOBN(0xfac859b8, 0xd1acc516), + TOBN(0x6c10697d, 0x95d6e668), + TOBN(0xc38e438f, 0x0876fd4e), + TOBN(0x45f0c307, 0x83d2f383), + TOBN(0x203cc2ec, 0xb10934cb), + TOBN(0x6a8f2439, 0x2c9d46ee), + TOBN(0xf16b431b, 0x65ccde7b), + TOBN(0x41e2cd18, 0x27e76a6f), + TOBN(0xb9c8cf8f, 0x4e3484d7), + TOBN(0x64426efd, 0x8315244a), + TOBN(0x1c0a8e44, 0xfc94dea3), + TOBN(0x34c8cdbf, 0xdad6a0b0), + TOBN(0x919c3840, 0x04113cef), + TOBN(0xfd32fba4, 0x15490ffa), + TOBN(0x58d190f6, 0x795dcfb7), + TOBN(0xfef01b03, 0x83588baf), + TOBN(0x9e6d1d63, 0xca1fc1c0), + TOBN(0x53173f96, 0xf0a41ac9), + TOBN(0x2b1d402a, 0xba16f73b), + TOBN(0x2fb31014, 0x8cf9b9fc), + TOBN(0x2d51e60e, 0x446ef7bf), + TOBN(0xc731021b, 0xb91e1745), + TOBN(0x9d3b4724, 0x4fee99d4), + TOBN(0x4bca48b6, 0xfac5c1ea), + TOBN(0x70f5f514, 0xbbea9af7), + TOBN(0x751f55a5, 0x974c283a), + TOBN(0x6e30251a, 0xcb452fdb), + TOBN(0x31ee6965, 0x50f30650), + TOBN(0xb0b3e508, 0x933548d9), + TOBN(0xb8949a4f, 0xf4b0ef5b), + TOBN(0x208b8326, 0x3c88f3bd), + TOBN(0xab147c30, 0xdb1d9989), + TOBN(0xed6515fd, 0x44d4df03), + TOBN(0x17a12f75, 0xe72eb0c5), + TOBN(0x3b59796d, 0x36cf69db), + TOBN(0x1219eee9, 0x56670c18), + TOBN(0xfe3341f7, 0x7a070d8e), + TOBN(0x9b70130b, 0xa327f90c), + TOBN(0x36a32462, 0x0ae18e0e), + TOBN(0x2021a623, 0x46c0a638), + TOBN(0x251b5817, 0xc62eb0d4), + TOBN(0x87bfbcdf, 0x4c762293), + TOBN(0xf78ab505, 0xcdd61d64), + TOBN(0x8c7a53fc, 0xc8c18857), + TOBN(0xa653ce6f, 0x16147515), + TOBN(0x9c923aa5, 0xea7d52d5), + TOBN(0xc24709cb, 0x5c18871f), + TOBN(0x7d53bec8, 0x73b3cc74), + TOBN(0x59264aff, 0xfdd1d4c4), + TOBN(0x5555917e, 0x240da582), + TOBN(0xcae8bbda, 0x548f5a0e), + TOBN(0x1910eaba, 0x3bbfbbe1), + TOBN(0xae579685, 0x7677afc3), + TOBN(0x49ea61f1, 0x73ff0b5c), + TOBN(0x78655478, 0x4f7c3922), + TOBN(0x95d337cd, 0x20c68eef), + TOBN(0x68f1e1e5, 0xdf779ab9), + TOBN(0x14b491b0, 0xb5cf69a8), + TOBN(0x7a6cbbe0, 0x28e3fe89), + TOBN(0xe7e1fee4, 0xc5aac0eb), + TOBN(0x7f47eda5, 0x697e5140), + TOBN(0x4f450137, 0xb454921f), + TOBN(0xdb625f84, 0x95cd8185), + TOBN(0x74be0ba1, 0xcdb2e583), + TOBN(0xaee4fd7c, 0xdd5e6de4), + TOBN(0x4251437d, 0xe8101739), + TOBN(0x686d72a0, 0xac620366), + TOBN(0x4be3fb9c, 0xb6d59344), + TOBN(0x6e8b44e7, 0xa1eb75b9), + TOBN(0x84e39da3, 0x91a5c10c), + TOBN(0x37cc1490, 0xb38f0409), + TOBN(0x02951943, 0x2c2ade82), + TOBN(0x9b688783, 0x1190a2d8), + TOBN(0x25627d14, 0x231182ba), + TOBN(0x6eb550aa, 0x658a6d87), + TOBN(0x1405aaa7, 0xcf9c7325), + TOBN(0xd147142e, 0x5c8748c9), + TOBN(0x7f637e4f, 0x53ede0e0), + TOBN(0xf8ca2776, 0x14ffad2c), + TOBN(0xe58fb1bd, 0xbafb6791), + TOBN(0x17158c23, 0xbf8f93fc), + TOBN(0x7f15b373, 0x0a4a4655), + TOBN(0x39d4add2, 0xd842ca72), + TOBN(0xa71e4391, 0x3ed96305), + TOBN(0x5bb09cbe, 0x6700be14), + TOBN(0x68d69d54, 0xd8befcf6), + TOBN(0xa45f5367, 0x37183bcf), + TOBN(0x7152b7bb, 0x3370dff7), + TOBN(0xcf887baa, 0xbf12525b), + TOBN(0xe7ac7bdd, 0xd6d1e3cd), + TOBN(0x25914f78, 0x81fdad90), + TOBN(0xcf638f56, 0x0d2cf6ab), + TOBN(0xb90bc03f, 0xcc054de5), + TOBN(0x932811a7, 0x18b06350), + TOBN(0x2f00b330, 0x9bbd11ff), + TOBN(0x76108a6f, 0xb4044974), + TOBN(0x801bb9e0, 0xa851d266), + TOBN(0x0dd099be, 0xbf8990c1), + TOBN(0x58c5aaaa, 0xabe32986), + TOBN(0x0fe9dd2a, 0x50d59c27), + TOBN(0x84951ff4, 0x8d307305), + TOBN(0x6c23f829, 0x86529b78), + TOBN(0x50bb2218, 0x0b136a79), + TOBN(0x7e2174de, 0x77a20996), + TOBN(0x6f00a4b9, 0xc0bb4da6), + TOBN(0x89a25a17, 0xefdde8da), + TOBN(0xf728a27e, 0xc11ee01d), + TOBN(0xf900553a, 0xe5f10dfb), + TOBN(0x189a83c8, 0x02ec893c), + TOBN(0x3ca5bdc1, 0x23f66d77), + TOBN(0x98781537, 0x97eada9f), + TOBN(0x59c50ab3, 0x10256230), + TOBN(0x346042d9, 0x323c69b3), + TOBN(0x1b715a6d, 0x2c460449), + TOBN(0xa41dd476, 0x6ae06e0b), + TOBN(0xcdd7888e, 0x9d42e25f), + TOBN(0x0f395f74, 0x56b25a20), + TOBN(0xeadfe0ae, 0x8700e27e), + TOBN(0xb09d52a9, 0x69950093), + TOBN(0x3525d9cb, 0x327f8d40), + TOBN(0xb8235a94, 0x67df886a), + TOBN(0x77e4b0dd, 0x035faec2), + TOBN(0x115eb20a, 0x517d7061), + TOBN(0x77fe3433, 0x6c2df683), + TOBN(0x6870ddc7, 0xcdc6fc67), + TOBN(0xb1610588, 0x0b87de83), + TOBN(0x343584ca, 0xd9c4ddbe), + TOBN(0xb3164f1c, 0x3d754be2), + TOBN(0x0731ed3a, 0xc1e6c894), + TOBN(0x26327dec, 0x4f6b904c), + TOBN(0x9d49c6de, 0x97b5cd32), + TOBN(0x40835dae, 0xb5eceecd), + TOBN(0xc66350ed, 0xd9ded7fe), + TOBN(0x8aeebb5c, 0x7a678804), + TOBN(0x51d42fb7, 0x5b8ee9ec), + TOBN(0xd7a17bdd, 0x8e3ca118), + TOBN(0x40d7511a, 0x2ef4400e), + TOBN(0xc48990ac, 0x875a66f4), + TOBN(0x8de07d2a, 0x2199e347), + TOBN(0xbee75556, 0x2a39e051), + TOBN(0x56918786, 0x916e51dc), + TOBN(0xeb191313, 0x4a2d89ec), + TOBN(0x6679610d, 0x37d341ed), + TOBN(0x434fbb41, 0x56d51c2b), + TOBN(0xe54b7ee7, 0xd7492dba), + TOBN(0xaa33a79a, 0x59021493), + TOBN(0x49fc5054, 0xe4bd6d3d), + TOBN(0x09540f04, 0x5ab551d0), + TOBN(0x8acc9085, 0x4942d3a6), + TOBN(0x231af02f, 0x2d28323b), + TOBN(0x93458cac, 0x0992c163), + TOBN(0x1fef8e71, 0x888e3bb4), + TOBN(0x27578da5, 0xbe8c268c), + TOBN(0xcc8be792, 0xe805ec00), + TOBN(0x29267bae, 0xc61c3855), + TOBN(0xebff429d, 0x58c1fd3b), + TOBN(0x22d886c0, 0x8c0b93b8), + TOBN(0xca5e00b2, 0x2ddb8953), + TOBN(0xcf330117, 0xc3fed8b7), + TOBN(0xd49ac6fa, 0x819c01f6), + TOBN(0x6ddaa6bd, 0x3c0fbd54), + TOBN(0x91743068, 0x8049a2cf), + TOBN(0xd67f981e, 0xaff2ef81), + TOBN(0xc3654d35, 0x2818ae80), + TOBN(0x81d05044, 0x1b2aa892), + TOBN(0x2db067bf, 0x3d099328), + TOBN(0xe7c79e86, 0x703dcc97), + TOBN(0xe66f9b37, 0xe133e215), + TOBN(0xcdf119a6, 0xe39a7a5c), + TOBN(0x47c60de3, 0x876f1b61), + TOBN(0x6e405939, 0xd860f1b2), + TOBN(0x3e9a1dbc, 0xf5ed4d4a), + TOBN(0x3f23619e, 0xc9b6bcbd), + TOBN(0x5ee790cf, 0x734e4497), + TOBN(0xf0a834b1, 0x5bdaf9bb), + TOBN(0x02cedda7, 0x4ca295f0), + TOBN(0x4619aa2b, 0xcb8e378c), + TOBN(0xe5613244, 0xcc987ea4), + TOBN(0x0bc022cc, 0x76b23a50), + TOBN(0x4a2793ad, 0x0a6c21ce), + TOBN(0x38328780, 0x89cac3f5), + TOBN(0x29176f1b, 0xcba26d56), + TOBN(0x06296187, 0x4f6f59eb), + TOBN(0x86e9bca9, 0x8bdc658e), + TOBN(0x2ca9c4d3, 0x57e30402), + TOBN(0x5438b216, 0x516a09bb), + TOBN(0x0a6a063c, 0x7672765a), + TOBN(0x37a3ce64, 0x0547b9bf), + TOBN(0x42c099c8, 0x98b1a633), + TOBN(0xb5ab800d, 0x05ee6961), + TOBN(0xf1963f59, 0x11a5acd6), + TOBN(0xbaee6157, 0x46201063), + TOBN(0x36d9a649, 0xa596210a), + TOBN(0xaed04363, 0x1ba7138c), + TOBN(0xcf817d1c, 0xa4a82b76), + TOBN(0x5586960e, 0xf3806be9), + TOBN(0x7ab67c89, 0x09dc6bb5), + TOBN(0x52ace7a0, 0x114fe7eb), + TOBN(0xcd987618, 0xcbbc9b70), + TOBN(0x4f06fd5a, 0x604ca5e1), + TOBN(0x90af14ca, 0x6dbde133), + TOBN(0x1afe4322, 0x948a3264), + TOBN(0xa70d2ca6, 0xc44b2c6c), + TOBN(0xab726799, 0x0ef87dfe), + TOBN(0x310f64dc, 0x2e696377), + TOBN(0x49b42e68, 0x4c8126a0), + TOBN(0x0ea444c3, 0xcea0b176), + TOBN(0x53a8ddf7, 0xcb269182), + TOBN(0xf3e674eb, 0xbbba9dcb), + TOBN(0x0d2878a8, 0xd8669d33), + TOBN(0x04b935d5, 0xd019b6a3), + TOBN(0xbb5cf88e, 0x406f1e46), + TOBN(0xa1912d16, 0x5b57c111), + TOBN(0x9803fc21, 0x19ebfd78), + TOBN(0x4f231c9e, 0xc07764a9), + TOBN(0xd93286ee, 0xb75bd055), + TOBN(0x83a9457d, 0x8ee6c9de), + TOBN(0x04695915, 0x6087ec90), + TOBN(0x14c6dd8a, 0x58d6cd46), + TOBN(0x9cb633b5, 0x8e6634d2), + TOBN(0xc1305047, 0xf81bc328), + TOBN(0x12ede0e2, 0x26a177e5), + TOBN(0x332cca62, 0x065a6f4f), + TOBN(0xc3a47ecd, 0x67be487b), + TOBN(0x741eb187, 0x0f47ed1c), + TOBN(0x99e66e58, 0xe7598b14), + TOBN(0x6f0544ca, 0x63d0ff12), + TOBN(0xe5efc784, 0xb610a05f), + TOBN(0xf72917b1, 0x7cad7b47), + TOBN(0x3ff6ea20, 0xf2cac0c0), + TOBN(0xcc23791b, 0xf21db8b7), + TOBN(0x7dac70b1, 0xd7d93565), + TOBN(0x682cda1d, 0x694bdaad), + TOBN(0xeb88bb8c, 0x1023516d), + TOBN(0xc4c634b4, 0xdfdbeb1b), + TOBN(0x22f5ca72, 0xb4ee4dea), + TOBN(0x1045a368, 0xe6524821), + TOBN(0xed9e8a3f, 0x052b18b2), + TOBN(0x9b7f2cb1, 0xb961f49a), + TOBN(0x7fee2ec1, 0x7b009670), + TOBN(0x350d8754, 0x22507a6d), + TOBN(0x561bd711, 0x4db55f1d), + TOBN(0x4c189ccc, 0x320bbcaf), + TOBN(0x568434cf, 0xdf1de48c), + TOBN(0x6af1b00e, 0x0fa8f128), + TOBN(0xf0ba9d02, 0x8907583c), + TOBN(0x735a4004, 0x32ff9f60), + TOBN(0x3dd8e4b6, 0xc25dcf33), + TOBN(0xf2230f16, 0x42c74cef), + TOBN(0xd8117623, 0x013fa8ad), + TOBN(0x36822876, 0xf51fe76e), + TOBN(0x8a6811cc, 0x11d62589), + TOBN(0xc3fc7e65, 0x46225718), + TOBN(0xb7df2c9f, 0xc82fdbcd), + TOBN(0x3b1d4e52, 0xdd7b205b), + TOBN(0xb6959478, 0x47a2e414), + TOBN(0x05e4d793, 0xefa91148), + TOBN(0xb47ed446, 0xfd2e9675), + TOBN(0x1a7098b9, 0x04c9d9bf), + TOBN(0x661e2881, 0x1b793048), + TOBN(0xb1a16966, 0xb01ee461), + TOBN(0xbc521308, 0x2954746f), + TOBN(0xc909a0fc, 0x2477de50), + TOBN(0xd80bb41c, 0x7dbd51ef), + TOBN(0xa85be7ec, 0x53294905), + TOBN(0x6d465b18, 0x83958f97), + TOBN(0x16f6f330, 0xfb6840fd), + TOBN(0xfaaeb214, 0x3401e6c8), + TOBN(0xaf83d30f, 0xccb5b4f8), + TOBN(0x22885739, 0x266dec4b), + TOBN(0x51b4367c, 0x7bc467df), + TOBN(0x926562e3, 0xd842d27a), + TOBN(0xdfcb6614, 0x0fea14a6), + TOBN(0xeb394dae, 0xf2734cd9), + TOBN(0x3eeae5d2, 0x11c0be98), + TOBN(0xb1e6ed11, 0x814e8165), + TOBN(0x191086bc, 0xe52bce1c), + TOBN(0x14b74cc6, 0xa75a04da), + TOBN(0x63cf1186, 0x8c060985), + TOBN(0x071047de, 0x2dbd7f7c), + TOBN(0x4e433b8b, 0xce0942ca), + TOBN(0xecbac447, 0xd8fec61d), + TOBN(0x8f0ed0e2, 0xebf3232f), + TOBN(0xfff80f9e, 0xc52a2edd), + TOBN(0xad9ab433, 0x75b55fdb), + TOBN(0x73ca7820, 0xe42e0c11), + TOBN(0x6dace0a0, 0xe6251b46), + TOBN(0x89bc6b5c, 0x4c0d932d), + TOBN(0x3438cd77, 0x095da19a), + TOBN(0x2f24a939, 0x8d48bdfb), + TOBN(0x99b47e46, 0x766561b7), + TOBN(0x736600e6, 0x0ed0322a), + TOBN(0x06a47cb1, 0x638e1865), + TOBN(0x927c1c2d, 0xcb136000), + TOBN(0x29542337, 0x0cc5df69), + TOBN(0x99b37c02, 0x09d649a9), + TOBN(0xc5f0043c, 0x6aefdb27), + TOBN(0x6cdd9987, 0x1be95c27), + TOBN(0x69850931, 0x390420d2), + TOBN(0x299c40ac, 0x0983efa4), + TOBN(0x3a05e778, 0xaf39aead), + TOBN(0x84274408, 0x43a45193), + TOBN(0x6bcd0fb9, 0x91a711a0), + TOBN(0x461592c8, 0x9f52ab17), + TOBN(0xb49302b4, 0xda3c6ed6), + TOBN(0xc51fddc7, 0x330d7067), + TOBN(0x94babeb6, 0xda50d531), + TOBN(0x521b840d, 0xa6a7b9da), + TOBN(0x5305151e, 0x404bdc89), + TOBN(0x1bcde201, 0xd0d07449), + TOBN(0xf427a78b, 0x3b76a59a), + TOBN(0xf84841ce, 0x07791a1b), + TOBN(0xebd314be, 0xbf91ed1c), + TOBN(0x8e61d34c, 0xbf172943), + TOBN(0x1d5dc451, 0x5541b892), + TOBN(0xb186ee41, 0xfc9d9e54), + TOBN(0x9d9f345e, 0xd5bf610d), + TOBN(0x3e7ba65d, 0xf6acca9f), + TOBN(0x9dda787a, 0xa8369486), + TOBN(0x09f9dab7, 0x8eb5ba53), + TOBN(0x5afb2033, 0xd6481bc3), + TOBN(0x76f4ce30, 0xafa62104), + TOBN(0xa8fa00cf, 0xf4f066b5), + TOBN(0x89ab5143, 0x461dafc2), + TOBN(0x44339ed7, 0xa3389998), + TOBN(0x2ff862f1, 0xbc214903), + TOBN(0x2c88f985, 0xb05556e3), + TOBN(0xcd96058e, 0x3467081e), + TOBN(0x7d6a4176, 0xedc637ea), + TOBN(0xe1743d09, 0x36a5acdc), + TOBN(0x66fd72e2, 0x7eb37726), + TOBN(0xf7fa264e, 0x1481a037), + TOBN(0x9fbd3bde, 0x45f4aa79), + TOBN(0xed1e0147, 0x767c3e22), + TOBN(0x7621f979, 0x82e7abe2), + TOBN(0x19eedc72, 0x45f633f8), + TOBN(0xe69b155e, 0x6137bf3a), + TOBN(0xa0ad13ce, 0x414ee94e), + TOBN(0x93e3d524, 0x1c0e651a), + TOBN(0xab1a6e2a, 0x02ce227e), + TOBN(0xe7af1797, 0x4ab27eca), + TOBN(0x245446de, 0xbd444f39), + TOBN(0x59e22a21, 0x56c07613), + TOBN(0x43deafce, 0xf4275498), + TOBN(0x10834ccb, 0x67fd0946), + TOBN(0xa75841e5, 0x47406edf), + TOBN(0xebd6a677, 0x7b0ac93d), + TOBN(0xa6e37b0d, 0x78f5e0d7), + TOBN(0x2516c096, 0x76f5492b), + TOBN(0x1e4bf888, 0x9ac05f3a), + TOBN(0xcdb42ce0, 0x4df0ba2b), + TOBN(0x935d5cfd, 0x5062341b), + TOBN(0x8a303333, 0x82acac20), + TOBN(0x429438c4, 0x5198b00e), + TOBN(0x1d083bc9, 0x049d33fa), + TOBN(0x58b82dda, 0x946f67ff), + TOBN(0xac3e2db8, 0x67a1d6a3), + TOBN(0x62e6bead, 0x1798aac8), + TOBN(0xfc85980f, 0xde46c58c), + TOBN(0xa7f69379, 0x69c8d7be), + TOBN(0x23557927, 0x837b35ec), + TOBN(0x06a933d8, 0xe0790c0c), + TOBN(0x827c0e9b, 0x077ff55d), + TOBN(0x53977798, 0xbb26e680), + TOBN(0x59530874, 0x1d9cb54f), + TOBN(0xcca3f449, 0x4aac53ef), + TOBN(0x11dc5c87, 0xa07eda0f), + TOBN(0xc138bccf, 0xfd6400c8), + TOBN(0x549680d3, 0x13e5da72), + TOBN(0xc93eed82, 0x4540617e), + TOBN(0xfd3db157, 0x4d0b75c0), + TOBN(0x9716eb42, 0x6386075b), + TOBN(0x0639605c, 0x817b2c16), + TOBN(0x09915109, 0xf1e4f201), + TOBN(0x35c9a928, 0x5cca6c3b), + TOBN(0xb25f7d1a, 0x3505c900), + TOBN(0xeb9f7d20, 0x630480c4), + TOBN(0xc3c7b8c6, 0x2a1a501c), + TOBN(0x3f99183c, 0x5a1f8e24), + TOBN(0xfdb118fa, 0x9dd255f0), + TOBN(0xb9b18b90, 0xc27f62a6), + TOBN(0xe8f732f7, 0x396ec191), + TOBN(0x524a2d91, 0x0be786ab), + TOBN(0x5d32adef, 0x0ac5a0f5), + TOBN(0x9b53d4d6, 0x9725f694), + TOBN(0x032a76c6, 0x0510ba89), + TOBN(0x840391a3, 0xebeb1544), + TOBN(0x44b7b88c, 0x3ed73ac3), + TOBN(0xd24bae7a, 0x256cb8b3), + TOBN(0x7ceb151a, 0xe394cb12), + TOBN(0xbd6b66d0, 0x5bc1e6a8), + TOBN(0xec70cecb, 0x090f07bf), + TOBN(0x270644ed, 0x7d937589), + TOBN(0xee9e1a3d, 0x5f1dccfe), + TOBN(0xb0d40a84, 0x745b98d2), + TOBN(0xda429a21, 0x2556ed40), + TOBN(0xf676eced, 0x85148cb9), + TOBN(0x5a22d40c, 0xded18936), + TOBN(0x3bc4b9e5, 0x70e8a4ce), + TOBN(0xbfd1445b, 0x9eae0379), + TOBN(0xf23f2c0c, 0x1a0bd47e), + TOBN(0xa9c0bb31, 0xe1845531), + TOBN(0x9ddc4d60, 0x0a4c3f6b), + TOBN(0xbdfaad79, 0x2c15ef44), + TOBN(0xce55a236, 0x7f484acc), + TOBN(0x08653ca7, 0x055b1f15), + TOBN(0x2efa8724, 0x538873a3), + TOBN(0x09299e5d, 0xace1c7e7), + TOBN(0x07afab66, 0xade332ba), + TOBN(0x9be1fdf6, 0x92dd71b7), + TOBN(0xa49b5d59, 0x5758b11c), + TOBN(0x0b852893, 0xc8654f40), + TOBN(0xb63ef6f4, 0x52379447), + TOBN(0xd4957d29, 0x105e690c), + TOBN(0x7d484363, 0x646559b0), + TOBN(0xf4a8273c, 0x49788a8e), + TOBN(0xee406cb8, 0x34ce54a9), + TOBN(0x1e1c260f, 0xf86fda9b), + TOBN(0xe150e228, 0xcf6a4a81), + TOBN(0x1fa3b6a3, 0x1b488772), + TOBN(0x1e6ff110, 0xc5a9c15b), + TOBN(0xc6133b91, 0x8ad6aa47), + TOBN(0x8ac5d55c, 0x9dffa978), + TOBN(0xba1d1c1d, 0x5f3965f2), + TOBN(0xf969f4e0, 0x7732b52f), + TOBN(0xfceecdb5, 0xa5172a07), + TOBN(0xb0120a5f, 0x10f2b8f5), + TOBN(0xc83a6cdf, 0x5c4c2f63), + TOBN(0x4d47a491, 0xf8f9c213), + TOBN(0xd9e1cce5, 0xd3f1bbd5), + TOBN(0x0d91bc7c, 0xaba7e372), + TOBN(0xfcdc74c8, 0xdfd1a2db), + TOBN(0x05efa800, 0x374618e5), + TOBN(0x11216969, 0x15a7925e), + TOBN(0xd4c89823, 0xf6021c5d), + TOBN(0x880d5e84, 0xeff14423), + TOBN(0x6523bc5a, 0x6dcd1396), + TOBN(0xd1acfdfc, 0x113c978b), + TOBN(0xb0c164e8, 0xbbb66840), + TOBN(0xf7f4301e, 0x72b58459), + TOBN(0xc29ad4a6, 0xa638e8ec), + TOBN(0xf5ab8961, 0x46b78699), + TOBN(0x9dbd7974, 0x0e954750), + TOBN(0x0121de88, 0x64f9d2c6), + TOBN(0x2e597b42, 0xd985232e), + TOBN(0x55b6c3c5, 0x53451777), + TOBN(0xbb53e547, 0x519cb9fb), + TOBN(0xf134019f, 0x8428600d), + TOBN(0x5a473176, 0xe081791a), + TOBN(0x2f3e2263, 0x35fb0c08), + TOBN(0xb28c3017, 0x73d273b0), + TOBN(0xccd21076, 0x7721ef9a), + TOBN(0x054cc292, 0xb650dc39), + TOBN(0x662246de, 0x6188045e), + TOBN(0x904b52fa, 0x6b83c0d1), + TOBN(0xa72df267, 0x97e9cd46), + TOBN(0x886b43cd, 0x899725e4), + TOBN(0x2b651688, 0xd849ff22), + TOBN(0x60479b79, 0x02f34533), + TOBN(0x5e354c14, 0x0c77c148), + TOBN(0xb4bb7581, 0xa8537c78), + TOBN(0x188043d7, 0xefe1495f), + TOBN(0x9ba12f42, 0x8c1d5026), + TOBN(0x2e0c8a26, 0x93d4aaab), + TOBN(0xbdba7b8b, 0xaa57c450), + TOBN(0x140c9ad6, 0x9bbdafef), + TOBN(0x2067aa42, 0x25ac0f18), + TOBN(0xf7b1295b, 0x04d1fbf3), + TOBN(0x14829111, 0xa4b04824), + TOBN(0x2ce3f192, 0x33bd5e91), + TOBN(0x9c7a1d55, 0x8f2e1b72), + TOBN(0xfe932286, 0x302aa243), + TOBN(0x497ca7b4, 0xd4be9554), + TOBN(0xb8e821b8, 0xe0547a6e), + TOBN(0xfb2838be, 0x67e573e0), + TOBN(0x05891db9, 0x4084c44b), + TOBN(0x91311373, 0x96c1c2c5), + TOBN(0x6aebfa3f, 0xd958444b), + TOBN(0xac9cdce9, 0xe56e55c1), + TOBN(0x7148ced3, 0x2caa46d0), + TOBN(0x2e10c7ef, 0xb61fe8eb), + TOBN(0x9fd835da, 0xff97cf4d), + }, + { + TOBN(0xa36da109, 0x081e9387), + TOBN(0xfb9780d7, 0x8c935828), + TOBN(0xd5940332, 0xe540b015), + TOBN(0xc9d7b51b, 0xe0f466fa), + TOBN(0xfaadcd41, 0xd6d9f671), + TOBN(0xba6c1e28, 0xb1a2ac17), + TOBN(0x066a7833, 0xed201e5f), + TOBN(0x19d99719, 0xf90f462b), + TOBN(0xf431f462, 0x060b5f61), + TOBN(0xa56f46b4, 0x7bd057c2), + TOBN(0x348dca6c, 0x47e1bf65), + TOBN(0x9a38783e, 0x41bcf1ff), + TOBN(0x7a5d33a9, 0xda710718), + TOBN(0x5a779987, 0x2e0aeaf6), + TOBN(0xca87314d, 0x2d29d187), + TOBN(0xfa0edc3e, 0xc687d733), + TOBN(0x9df33621, 0x6a31e09b), + TOBN(0xde89e44d, 0xc1350e35), + TOBN(0x29214871, 0x4ca0cf52), + TOBN(0xdf379672, 0x0b88a538), + TOBN(0xc92a510a, 0x2591d61b), + TOBN(0x79aa87d7, 0x585b447b), + TOBN(0xf67db604, 0xe5287f77), + TOBN(0x1697c8bf, 0x5efe7a80), + TOBN(0x1c894849, 0xcb198ac7), + TOBN(0xa884a93d, 0x0f264665), + TOBN(0x2da964ef, 0x9b200678), + TOBN(0x3c351b87, 0x009834e6), + TOBN(0xafb2ef9f, 0xe2c4b44b), + TOBN(0x580f6c47, 0x3326790c), + TOBN(0xb8480521, 0x0b02264a), + TOBN(0x8ba6f9e2, 0x42a194e2), + TOBN(0xfc87975f, 0x8fb54738), + TOBN(0x35160788, 0x27c3ead3), + TOBN(0x834116d2, 0xb74a085a), + TOBN(0x53c99a73, 0xa62fe996), + TOBN(0x87585be0, 0x5b81c51b), + TOBN(0x925bafa8, 0xbe0852b7), + TOBN(0x76a4fafd, 0xa84d19a7), + TOBN(0x39a45982, 0x585206d4), + TOBN(0x499b6ab6, 0x5eb03c0e), + TOBN(0xf19b7954, 0x72bc3fde), + TOBN(0xa86b5b9c, 0x6e3a80d2), + TOBN(0xe4377508, 0x6d42819f), + TOBN(0xc1663650, 0xbb3ee8a3), + TOBN(0x75eb14fc, 0xb132075f), + TOBN(0xa8ccc906, 0x7ad834f6), + TOBN(0xea6a2474, 0xe6e92ffd), + TOBN(0x9d72fd95, 0x0f8d6758), + TOBN(0xcb84e101, 0x408c07dd), + TOBN(0xb9114bfd, 0xa5e23221), + TOBN(0x358b5fe2, 0xe94e742c), + TOBN(0x1c0577ec, 0x95f40e75), + TOBN(0xf0155451, 0x3d73f3d6), + TOBN(0x9d55cd67, 0xbd1b9b66), + TOBN(0x63e86e78, 0xaf8d63c7), + TOBN(0x39d934ab, 0xd3c095f1), + TOBN(0x04b261be, 0xe4b76d71), + TOBN(0x1d2e6970, 0xe73e6984), + TOBN(0x879fb23b, 0x5e5fcb11), + TOBN(0x11506c72, 0xdfd75490), + TOBN(0x3a97d085, 0x61bcf1c1), + TOBN(0x43201d82, 0xbf5e7007), + TOBN(0x7f0ac52f, 0x798232a7), + TOBN(0x2715cbc4, 0x6eb564d4), + TOBN(0x8d6c752c, 0x9e570e29), + TOBN(0xf80247c8, 0x9ef5fd5d), + TOBN(0xc3c66b46, 0xd53eb514), + TOBN(0x9666b401, 0x0f87de56), + TOBN(0xce62c06f, 0xc6c603b5), + TOBN(0xae7b4c60, 0x7e4fc942), + TOBN(0x38ac0b77, 0x663a9c19), + TOBN(0xcb4d20ee, 0x4b049136), + TOBN(0x8b63bf12, 0x356a4613), + TOBN(0x1221aef6, 0x70e08128), + TOBN(0xe62d8c51, 0x4acb6b16), + TOBN(0x71f64a67, 0x379e7896), + TOBN(0xb25237a2, 0xcafd7fa5), + TOBN(0xf077bd98, 0x3841ba6a), + TOBN(0xc4ac0244, 0x3cd16e7e), + TOBN(0x548ba869, 0x21fea4ca), + TOBN(0xd36d0817, 0xf3dfdac1), + TOBN(0x09d8d71f, 0xf4685faf), + TOBN(0x8eff66be, 0xc52c459a), + TOBN(0x182faee7, 0x0b57235e), + TOBN(0xee3c39b1, 0x0106712b), + TOBN(0x5107331f, 0xc0fcdcb0), + TOBN(0x669fb9dc, 0xa51054ba), + TOBN(0xb25101fb, 0x319d7682), + TOBN(0xb0293129, 0x0a982fee), + TOBN(0x51c1c9b9, 0x0261b344), + TOBN(0x0e008c5b, 0xbfd371fa), + TOBN(0xd866dd1c, 0x0278ca33), + TOBN(0x666f76a6, 0xe5aa53b1), + TOBN(0xe5cfb779, 0x6013a2cf), + TOBN(0x1d3a1aad, 0xa3521836), + TOBN(0xcedd2531, 0x73faa485), + TOBN(0xc8ee6c4f, 0xc0a76878), + TOBN(0xddbccfc9, 0x2a11667d), + TOBN(0x1a418ea9, 0x1c2f695a), + TOBN(0xdb11bd92, 0x51f73971), + TOBN(0x3e4b3c82, 0xda2ed89f), + TOBN(0x9a44f3f4, 0xe73e0319), + TOBN(0xd1e3de0f, 0x303431af), + TOBN(0x3c5604ff, 0x50f75f9c), + TOBN(0x1d8eddf3, 0x7e752b22), + TOBN(0x0ef074dd, 0x3c9a1118), + TOBN(0xd0ffc172, 0xccb86d7b), + TOBN(0xabd1ece3, 0x037d90f2), + TOBN(0xe3f307d6, 0x6055856c), + TOBN(0x422f9328, 0x7e4c6daf), + TOBN(0x902aac66, 0x334879a0), + TOBN(0xb6a1e7bf, 0x94cdfade), + TOBN(0x6c97e1ed, 0x7fc6d634), + TOBN(0x662ad24d, 0xa2fb63f8), + TOBN(0xf81be1b9, 0xa5928405), + TOBN(0x86d765e4, 0xd14b4206), + TOBN(0xbecc2e0e, 0x8fa0db65), + TOBN(0xa28838e0, 0xb17fc76c), + TOBN(0xe49a602a, 0xe37cf24e), + TOBN(0x76b4131a, 0x567193ec), + TOBN(0xaf3c305a, 0xe5f6e70b), + TOBN(0x9587bd39, 0x031eebdd), + TOBN(0x5709def8, 0x71bbe831), + TOBN(0x57059983, 0x0eb2b669), + TOBN(0x4d80ce1b, 0x875b7029), + TOBN(0x838a7da8, 0x0364ac16), + TOBN(0x2f431d23, 0xbe1c83ab), + TOBN(0xe56812a6, 0xf9294dd3), + TOBN(0xb448d01f, 0x9b4b0d77), + TOBN(0xf3ae6061, 0x04e8305c), + TOBN(0x2bead645, 0x94d8c63e), + TOBN(0x0a85434d, 0x84fd8b07), + TOBN(0x537b983f, 0xf7a9dee5), + TOBN(0xedcc5f18, 0xef55bd85), + TOBN(0x2041af62, 0x21c6cf8b), + TOBN(0x8e52874c, 0xb940c71e), + TOBN(0x211935a9, 0xdb5f4b3a), + TOBN(0x94350492, 0x301b1dc3), + TOBN(0x33d2646d, 0x29958620), + TOBN(0x16b0d64b, 0xef911404), + TOBN(0x9d1f25ea, 0x9a3c5ef4), + TOBN(0x20f200eb, 0x4a352c78), + TOBN(0x43929f2c, 0x4bd0b428), + TOBN(0xa5656667, 0xc7196e29), + TOBN(0x7992c2f0, 0x9391be48), + TOBN(0xaaa97cbd, 0x9ee0cd6e), + TOBN(0x51b0310c, 0x3dc8c9bf), + TOBN(0x237f8acf, 0xdd9f22cb), + TOBN(0xbb1d81a1, 0xb585d584), + TOBN(0x8d5d85f5, 0x8c416388), + TOBN(0x0d6e5a5a, 0x42fe474f), + TOBN(0xe7812766, 0x38235d4e), + TOBN(0x1c62bd67, 0x496e3298), + TOBN(0x8378660c, 0x3f175bc8), + TOBN(0x4d04e189, 0x17afdd4d), + TOBN(0x32a81601, 0x85a8068c), + TOBN(0xdb58e4e1, 0x92b29a85), + TOBN(0xe8a65b86, 0xc70d8a3b), + TOBN(0x5f0e6f4e, 0x98a0403b), + TOBN(0x08129684, 0x69ed2370), + TOBN(0x34dc30bd, 0x0871ee26), + TOBN(0x3a5ce948, 0x7c9c5b05), + TOBN(0x7d487b80, 0x43a90c87), + TOBN(0x4089ba37, 0xdd0e7179), + TOBN(0x45f80191, 0xb4041811), + TOBN(0x1c3e1058, 0x98747ba5), + TOBN(0x98c4e13a, 0x6e1ae592), + TOBN(0xd44636e6, 0xe82c9f9e), + TOBN(0x711db87c, 0xc33a1043), + TOBN(0x6f431263, 0xaa8aec05), + TOBN(0x43ff120d, 0x2744a4aa), + TOBN(0xd3bd892f, 0xae77779b), + TOBN(0xf0fe0cc9, 0x8cdc9f82), + TOBN(0xca5f7fe6, 0xf1c5b1bc), + TOBN(0xcc63a682, 0x44929a72), + TOBN(0xc7eaba0c, 0x09dbe19a), + TOBN(0x2f3585ad, 0x6b5c73c2), + TOBN(0x8ab8924b, 0x0ae50c30), + TOBN(0x17fcd27a, 0x638b30ba), + TOBN(0xaf414d34, 0x10b3d5a5), + TOBN(0x09c107d2, 0x2a9accf1), + TOBN(0x15dac49f, 0x946a6242), + TOBN(0xaec3df2a, 0xd707d642), + TOBN(0x2c2492b7, 0x3f894ae0), + TOBN(0xf59df3e5, 0xb75f18ce), + TOBN(0x7cb740d2, 0x8f53cad0), + TOBN(0x3eb585fb, 0xc4f01294), + TOBN(0x17da0c86, 0x32c7f717), + TOBN(0xeb8c795b, 0xaf943f4c), + TOBN(0x4ee23fb5, 0xf67c51d2), + TOBN(0xef187575, 0x68889949), + TOBN(0xa6b4bdb2, 0x0389168b), + TOBN(0xc4ecd258, 0xea577d03), + TOBN(0x3a63782b, 0x55743082), + TOBN(0x6f678f4c, 0xc72f08cd), + TOBN(0x553511cf, 0x65e58dd8), + TOBN(0xd53b4e3e, 0xd402c0cd), + TOBN(0x37de3e29, 0xa037c14c), + TOBN(0x86b6c516, 0xc05712aa), + TOBN(0x2834da3e, 0xb38dff6f), + TOBN(0xbe012c52, 0xea636be8), + TOBN(0x292d238c, 0x61dd37f8), + TOBN(0x0e54523f, 0x8f8142db), + TOBN(0xe31eb436, 0x036a05d8), + TOBN(0x83e3cdff, 0x1e93c0ff), + TOBN(0x3fd2fe0f, 0x50821ddf), + TOBN(0xc8e19b0d, 0xff9eb33b), + TOBN(0xc8cc943f, 0xb569a5fe), + TOBN(0xad0090d4, 0xd4342d75), + TOBN(0x82090b4b, 0xcaeca000), + TOBN(0xca39687f, 0x1bd410eb), + TOBN(0xe7bb0df7, 0x65959d77), + TOBN(0x39d78218, 0x9c964999), + TOBN(0xd87f62e8, 0xb2415451), + TOBN(0xe5efb774, 0xbed76108), + TOBN(0x3ea011a4, 0xe822f0d0), + TOBN(0xbc647ad1, 0x5a8704f8), + TOBN(0xbb315b35, 0x50c6820f), + TOBN(0x863dec3d, 0xb7e76bec), + TOBN(0x01ff5d3a, 0xf017bfc7), + TOBN(0x20054439, 0x976b8229), + TOBN(0x067fca37, 0x0bbd0d3b), + TOBN(0xf63dde64, 0x7f5e3d0f), + TOBN(0x22dbefb3, 0x2a4c94e9), + TOBN(0xafbff0fe, 0x96f8278a), + TOBN(0x80aea0b1, 0x3503793d), + TOBN(0xb2238029, 0x5f06cd29), + TOBN(0x65703e57, 0x8ec3feca), + TOBN(0x06c38314, 0x393e7053), + TOBN(0xa0b751eb, 0x7c6734c4), + TOBN(0xd2e8a435, 0xc59f0f1e), + TOBN(0x147d9052, 0x5e9ca895), + TOBN(0x2f4dd31e, 0x972072df), + TOBN(0xa16fda8e, 0xe6c6755c), + TOBN(0xc66826ff, 0xcf196558), + TOBN(0x1f1a76a3, 0x0cf43895), + TOBN(0xa9d604e0, 0x83c3097b), + TOBN(0xe1908309, 0x66390e0e), + TOBN(0xa50bf753, 0xb3c85eff), + TOBN(0x0696bdde, 0xf6a70251), + TOBN(0x548b801b, 0x3c6ab16a), + TOBN(0x37fcf704, 0xa4d08762), + TOBN(0x090b3def, 0xdff76c4e), + TOBN(0x87e8cb89, 0x69cb9158), + TOBN(0x44a90744, 0x995ece43), + TOBN(0xf85395f4, 0x0ad9fbf5), + TOBN(0x49b0f6c5, 0x4fb0c82d), + TOBN(0x75d9bc15, 0xadf7cccf), + TOBN(0x81a3e5d6, 0xdfa1e1b0), + TOBN(0x8c39e444, 0x249bc17e), + TOBN(0xf37dccb2, 0x8ea7fd43), + TOBN(0xda654873, 0x907fba12), + TOBN(0x35daa6da, 0x4a372904), + TOBN(0x0564cfc6, 0x6283a6c5), + TOBN(0xd09fa4f6, 0x4a9395bf), + TOBN(0x688e9ec9, 0xaeb19a36), + TOBN(0xd913f1ce, 0xc7bfbfb4), + TOBN(0x797b9a3c, 0x61c2faa6), + TOBN(0x2f979bec, 0x6a0a9c12), + TOBN(0xb5969d0f, 0x359679ec), + TOBN(0xebcf523d, 0x079b0460), + TOBN(0xfd6b0008, 0x10fab870), + TOBN(0x3f2edcda, 0x9373a39c), + TOBN(0x0d64f9a7, 0x6f568431), + TOBN(0xf848c27c, 0x02f8898c), + TOBN(0xf418ade1, 0x260b5bd5), + TOBN(0xc1f3e323, 0x6973dee8), + TOBN(0x46e9319c, 0x26c185dd), + TOBN(0x6d85b7d8, 0x546f0ac4), + TOBN(0x427965f2, 0x247f9d57), + TOBN(0xb519b636, 0xb0035f48), + TOBN(0x6b6163a9, 0xab87d59c), + TOBN(0xff9f58c3, 0x39caaa11), + TOBN(0x4ac39cde, 0x3177387b), + TOBN(0x5f6557c2, 0x873e77f9), + TOBN(0x67504006, 0x36a83041), + TOBN(0x9b1c96ca, 0x75ef196c), + TOBN(0xf34283de, 0xb08c7940), + TOBN(0x7ea09644, 0x1128c316), + TOBN(0xb510b3b5, 0x6aa39dff), + TOBN(0x59b43da2, 0x9f8e4d8c), + TOBN(0xa8ce31fd, 0x9e4c4b9f), + TOBN(0x0e20be26, 0xc1303c01), + TOBN(0x18187182, 0xe8ee47c9), + TOBN(0xd9687cdb, 0x7db98101), + TOBN(0x7a520e4d, 0xa1e14ff6), + TOBN(0x429808ba, 0x8836d572), + TOBN(0xa37ca60d, 0x4944b663), + TOBN(0xf901f7a9, 0xa3f91ae5), + TOBN(0xe4e3e76e, 0x9e36e3b1), + TOBN(0x9aa219cf, 0x29d93250), + TOBN(0x347fe275, 0x056a2512), + TOBN(0xa4d643d9, 0xde65d95c), + TOBN(0x9669d396, 0x699fc3ed), + TOBN(0xb598dee2, 0xcf8c6bbe), + TOBN(0x682ac1e5, 0xdda9e5c6), + TOBN(0x4e0d3c72, 0xcaa9fc95), + TOBN(0x17faaade, 0x772bea44), + TOBN(0x5ef8428c, 0xab0009c8), + TOBN(0xcc4ce47a, 0x460ff016), + TOBN(0xda6d12bf, 0x725281cb), + TOBN(0x44c67848, 0x0223aad2), + TOBN(0x6e342afa, 0x36256e28), + TOBN(0x1400bb0b, 0x93a37c04), + TOBN(0x62b1bc9b, 0xdd10bd96), + TOBN(0x7251adeb, 0x0dac46b7), + TOBN(0x7d33b92e, 0x7be4ef51), + TOBN(0x28b2a94b, 0xe61fa29a), + TOBN(0x4b2be13f, 0x06422233), + TOBN(0x36d6d062, 0x330d8d37), + TOBN(0x5ef80e1e, 0xb28ca005), + TOBN(0x174d4699, 0x6d16768e), + TOBN(0x9fc4ff6a, 0x628bf217), + TOBN(0x77705a94, 0x154e490d), + TOBN(0x9d96dd28, 0x8d2d997a), + TOBN(0x77e2d9d8, 0xce5d72c4), + TOBN(0x9d06c5a4, 0xc11c714f), + TOBN(0x02aa5136, 0x79e4a03e), + TOBN(0x1386b3c2, 0x030ff28b), + TOBN(0xfe82e8a6, 0xfb283f61), + TOBN(0x7df203e5, 0xf3abc3fb), + TOBN(0xeec7c351, 0x3a4d3622), + TOBN(0xf7d17dbf, 0xdf762761), + TOBN(0xc3956e44, 0x522055f0), + TOBN(0xde3012db, 0x8fa748db), + TOBN(0xca9fcb63, 0xbf1dcc14), + TOBN(0xa56d9dcf, 0xbe4e2f3a), + TOBN(0xb86186b6, 0x8bcec9c2), + TOBN(0x7cf24df9, 0x680b9f06), + TOBN(0xc46b45ea, 0xc0d29281), + TOBN(0xfff42bc5, 0x07b10e12), + TOBN(0x12263c40, 0x4d289427), + TOBN(0x3d5f1899, 0xb4848ec4), + TOBN(0x11f97010, 0xd040800c), + TOBN(0xb4c5f529, 0x300feb20), + TOBN(0xcc543f8f, 0xde94fdcb), + TOBN(0xe96af739, 0xc7c2f05e), + TOBN(0xaa5e0036, 0x882692e1), + TOBN(0x09c75b68, 0x950d4ae9), + TOBN(0x62f63df2, 0xb5932a7a), + TOBN(0x2658252e, 0xde0979ad), + TOBN(0x2a19343f, 0xb5e69631), + TOBN(0x718c7501, 0x525b666b), + TOBN(0x26a42d69, 0xea40dc3a), + TOBN(0xdc84ad22, 0xaecc018f), + TOBN(0x25c36c7b, 0x3270f04a), + TOBN(0x46ba6d47, 0x50fa72ed), + TOBN(0x6c37d1c5, 0x93e58a8e), + TOBN(0xa2394731, 0x120c088c), + TOBN(0xc3be4263, 0xcb6e86da), + TOBN(0x2c417d36, 0x7126d038), + TOBN(0x5b70f9c5, 0x8b6f8efa), + TOBN(0x671a2faa, 0x37718536), + TOBN(0xd3ced3c6, 0xb539c92b), + TOBN(0xe56f1bd9, 0xa31203c2), + TOBN(0x8b096ec4, 0x9ff3c8eb), + TOBN(0x2deae432, 0x43491cea), + TOBN(0x2465c6eb, 0x17943794), + TOBN(0x5d267e66, 0x20586843), + TOBN(0x9d3d116d, 0xb07159d0), + TOBN(0xae07a67f, 0xc1896210), + TOBN(0x8fc84d87, 0xbb961579), + TOBN(0x30009e49, 0x1c1f8dd6), + TOBN(0x8a8caf22, 0xe3132819), + TOBN(0xcffa197c, 0xf23ab4ff), + TOBN(0x58103a44, 0x205dd687), + TOBN(0x57b796c3, 0x0ded67a2), + TOBN(0x0b9c3a6c, 0xa1779ad7), + TOBN(0xa33cfe2e, 0x357c09c5), + TOBN(0x2ea29315, 0x3db4a57e), + TOBN(0x91959695, 0x8ebeb52e), + TOBN(0x118db9a6, 0xe546c879), + TOBN(0x8e996df4, 0x6295c8d6), + TOBN(0xdd990484, 0x55ec806b), + TOBN(0x24f291ca, 0x165c1035), + TOBN(0xcca523bb, 0x440e2229), + TOBN(0x324673a2, 0x73ef4d04), + TOBN(0xaf3adf34, 0x3e11ec39), + TOBN(0x6136d7f1, 0xdc5968d3), + TOBN(0x7a7b2899, 0xb053a927), + TOBN(0x3eaa2661, 0xae067ecd), + TOBN(0x8549b9c8, 0x02779cd9), + TOBN(0x061d7940, 0xc53385ea), + TOBN(0x3e0ba883, 0xf06d18bd), + TOBN(0x4ba6de53, 0xb2700843), + TOBN(0xb966b668, 0x591a9e4d), + TOBN(0x93f67567, 0x7f4fa0ed), + TOBN(0x5a02711b, 0x4347237b), + TOBN(0xbc041e2f, 0xe794608e), + TOBN(0x55af10f5, 0x70f73d8c), + TOBN(0xd2d4d4f7, 0xbb7564f7), + TOBN(0xd7d27a89, 0xb3e93ce7), + TOBN(0xf7b5a875, 0x5d3a2c1b), + TOBN(0xb29e68a0, 0x255b218a), + TOBN(0xb533837e, 0x8af76754), + TOBN(0xd1b05a73, 0x579fab2e), + TOBN(0xb41055a1, 0xecd74385), + TOBN(0xb2369274, 0x445e9115), + TOBN(0x2972a7c4, 0xf520274e), + TOBN(0x6c08334e, 0xf678e68a), + TOBN(0x4e4160f0, 0x99b057ed), + TOBN(0x3cfe11b8, 0x52ccb69a), + TOBN(0x2fd1823a, 0x21c8f772), + TOBN(0xdf7f072f, 0x3298f055), + TOBN(0x8c0566f9, 0xfec74a6e), + TOBN(0xe549e019, 0x5bb4d041), + TOBN(0x7c3930ba, 0x9208d850), + TOBN(0xe07141fc, 0xaaa2902b), + TOBN(0x539ad799, 0xe4f69ad3), + TOBN(0xa6453f94, 0x813f9ffd), + TOBN(0xc58d3c48, 0x375bc2f7), + TOBN(0xb3326fad, 0x5dc64e96), + TOBN(0x3aafcaa9, 0xb240e354), + TOBN(0x1d1b0903, 0xaca1e7a9), + TOBN(0x4ceb9767, 0x1211b8a0), + TOBN(0xeca83e49, 0xe32a858e), + TOBN(0x4c32892e, 0xae907bad), + TOBN(0xd5b42ab6, 0x2eb9b494), + TOBN(0x7fde3ee2, 0x1eabae1b), + TOBN(0x13b5ab09, 0xcaf54957), + TOBN(0xbfb028be, 0xe5f5d5d5), + TOBN(0x928a0650, 0x2003e2c0), + TOBN(0x90793aac, 0x67476843), + TOBN(0x5e942e79, 0xc81710a0), + TOBN(0x557e4a36, 0x27ccadd4), + TOBN(0x72a2bc56, 0x4bcf6d0c), + TOBN(0x09ee5f43, 0x26d7b80c), + TOBN(0x6b70dbe9, 0xd4292f19), + TOBN(0x56f74c26, 0x63f16b18), + TOBN(0xc23db0f7, 0x35fbb42a), + TOBN(0xb606bdf6, 0x6ae10040), + TOBN(0x1eb15d4d, 0x044573ac), + TOBN(0x7dc3cf86, 0x556b0ba4), + TOBN(0x97af9a33, 0xc60df6f7), + TOBN(0x0b1ef85c, 0xa716ce8c), + TOBN(0x2922f884, 0xc96958be), + TOBN(0x7c32fa94, 0x35690963), + TOBN(0x2d7f667c, 0xeaa00061), + TOBN(0xeaaf7c17, 0x3547365c), + TOBN(0x1eb4de46, 0x87032d58), + TOBN(0xc54f3d83, 0x5e2c79e0), + TOBN(0x07818df4, 0x5d04ef23), + TOBN(0x55faa9c8, 0x673d41b4), + TOBN(0xced64f6f, 0x89b95355), + TOBN(0x4860d2ea, 0xb7415c84), + TOBN(0x5fdb9bd2, 0x050ebad3), + TOBN(0xdb53e0cc, 0x6685a5bf), + TOBN(0xb830c031, 0x9feb6593), + TOBN(0xdd87f310, 0x6accff17), + TOBN(0x2303ebab, 0x9f555c10), + TOBN(0x94603695, 0x287e7065), + TOBN(0xf88311c3, 0x2e83358c), + TOBN(0x508dd9b4, 0xeefb0178), + TOBN(0x7ca23706, 0x2dba8652), + TOBN(0x62aac5a3, 0x0047abe5), + TOBN(0x9a61d2a0, 0x8b1ea7b3), + TOBN(0xd495ab63, 0xae8b1485), + TOBN(0x38740f84, 0x87052f99), + TOBN(0x178ebe5b, 0xb2974eea), + TOBN(0x030bbcca, 0x5b36d17f), + TOBN(0xb5e4cce3, 0xaaf86eea), + TOBN(0xb51a0220, 0x68f8e9e0), + TOBN(0xa4348796, 0x09eb3e75), + TOBN(0xbe592309, 0xeef1a752), + TOBN(0x5d7162d7, 0x6f2aa1ed), + TOBN(0xaebfb5ed, 0x0f007dd2), + TOBN(0x255e14b2, 0xc89edd22), + TOBN(0xba85e072, 0x0303b697), + TOBN(0xc5d17e25, 0xf05720ff), + TOBN(0x02b58d6e, 0x5128ebb6), + TOBN(0x2c80242d, 0xd754e113), + TOBN(0x919fca5f, 0xabfae1ca), + TOBN(0x937afaac, 0x1a21459b), + TOBN(0x9e0ca91c, 0x1f66a4d2), + TOBN(0x194cc7f3, 0x23ec1331), + TOBN(0xad25143a, 0x8aa11690), + TOBN(0xbe40ad8d, 0x09b59e08), + TOBN(0x37d60d9b, 0xe750860a), + TOBN(0x6c53b008, 0xc6bf434c), + TOBN(0xb572415d, 0x1356eb80), + TOBN(0xb8bf9da3, 0x9578ded8), + TOBN(0x22658e36, 0x5e8fb38b), + TOBN(0x9b70ce22, 0x5af8cb22), + TOBN(0x7c00018a, 0x829a8180), + TOBN(0x84329f93, 0xb81ed295), + TOBN(0x7c343ea2, 0x5f3cea83), + TOBN(0x38f8655f, 0x67586536), + TOBN(0xa661a0d0, 0x1d3ec517), + TOBN(0x98744652, 0x512321ae), + TOBN(0x084ca591, 0xeca92598), + TOBN(0xa9bb9dc9, 0x1dcb3feb), + TOBN(0x14c54355, 0x78b4c240), + TOBN(0x5ed62a3b, 0x610cafdc), + TOBN(0x07512f37, 0x1b38846b), + TOBN(0x571bb70a, 0xb0e38161), + TOBN(0xb556b95b, 0x2da705d2), + TOBN(0x3ef8ada6, 0xb1a08f98), + TOBN(0x85302ca7, 0xddecfbe5), + TOBN(0x0e530573, 0x943105cd), + TOBN(0x60554d55, 0x21a9255d), + TOBN(0x63a32fa1, 0xf2f3802a), + TOBN(0x35c8c5b0, 0xcd477875), + TOBN(0x97f458ea, 0x6ad42da1), + TOBN(0x832d7080, 0xeb6b242d), + TOBN(0xd30bd023, 0x3b71e246), + TOBN(0x7027991b, 0xbe31139d), + TOBN(0x68797e91, 0x462e4e53), + TOBN(0x423fe20a, 0x6b4e185a), + TOBN(0x82f2c67e, 0x42d9b707), + TOBN(0x25c81768, 0x4cf7811b), + TOBN(0xbd53005e, 0x045bb95d), + }, + { + TOBN(0xe5f649be, 0x9d8e68fd), + TOBN(0xdb0f0533, 0x1b044320), + TOBN(0xf6fde9b3, 0xe0c33398), + TOBN(0x92f4209b, 0x66c8cfae), + TOBN(0xe9d1afcc, 0x1a739d4b), + TOBN(0x09aea75f, 0xa28ab8de), + TOBN(0x14375fb5, 0xeac6f1d0), + TOBN(0x6420b560, 0x708f7aa5), + TOBN(0x9eae499c, 0x6254dc41), + TOBN(0x7e293924, 0x7a837e7e), + TOBN(0x74aec08c, 0x090524a7), + TOBN(0xf82b9219, 0x8d6f55f2), + TOBN(0x493c962e, 0x1402cec5), + TOBN(0x9f17ca17, 0xfa2f30e7), + TOBN(0xbcd783e8, 0xe9b879cb), + TOBN(0xea3d8c14, 0x5a6f145f), + TOBN(0xdede15e7, 0x5e0dee6e), + TOBN(0x74f24872, 0xdc628aa2), + TOBN(0xd3e9c4fe, 0x7861bb93), + TOBN(0x56d4822a, 0x6187b2e0), + TOBN(0xb66417cf, 0xc59826f9), + TOBN(0xca260969, 0x2408169e), + TOBN(0xedf69d06, 0xc79ef885), + TOBN(0x00031f8a, 0xdc7d138f), + TOBN(0x103c46e6, 0x0ebcf726), + TOBN(0x4482b831, 0x6231470e), + TOBN(0x6f6dfaca, 0x487c2109), + TOBN(0x2e0ace97, 0x62e666ef), + TOBN(0x3246a9d3, 0x1f8d1f42), + TOBN(0x1b1e83f1, 0x574944d2), + TOBN(0x13dfa63a, 0xa57f334b), + TOBN(0x0cf8daed, 0x9f025d81), + TOBN(0x30d78ea8, 0x00ee11c1), + TOBN(0xeb053cd4, 0xb5e3dd75), + TOBN(0x9b65b13e, 0xd58c43c5), + TOBN(0xc3ad49bd, 0xbd151663), + TOBN(0x99fd8e41, 0xb6427990), + TOBN(0x12cf15bd, 0x707eae1e), + TOBN(0x29ad4f1b, 0x1aabb71e), + TOBN(0x5143e74d, 0x07545d0e), + TOBN(0x30266336, 0xc88bdee1), + TOBN(0x25f29306, 0x5876767c), + TOBN(0x9c078571, 0xc6731996), + TOBN(0xc88690b2, 0xed552951), + TOBN(0x274f2c2d, 0x852705b4), + TOBN(0xb0bf8d44, 0x4e09552d), + TOBN(0x7628beeb, 0x986575d1), + TOBN(0x407be238, 0x7f864651), + TOBN(0x0e5e3049, 0xa639fc6b), + TOBN(0xe75c35d9, 0x86003625), + TOBN(0x0cf35bd8, 0x5dcc1646), + TOBN(0x8bcaced2, 0x6c26273a), + TOBN(0xe22ecf1d, 0xb5536742), + TOBN(0x013dd897, 0x1a9e068b), + TOBN(0x17f411cb, 0x8a7909c5), + TOBN(0x5757ac98, 0x861dd506), + TOBN(0x85de1f0d, 0x1e935abb), + TOBN(0xdefd10b4, 0x154de37a), + TOBN(0xb8d9e392, 0x369cebb5), + TOBN(0x54d5ef9b, 0x761324be), + TOBN(0x4d6341ba, 0x74f17e26), + TOBN(0xc0a0e3c8, 0x78c1dde4), + TOBN(0xa6d77581, 0x87d918fd), + TOBN(0x66876015, 0x02ca3a13), + TOBN(0xc7313e9c, 0xf36658f0), + TOBN(0xc433ef1c, 0x71f8057e), + TOBN(0x85326246, 0x1b6a835a), + TOBN(0xc8f05398, 0x7c86394c), + TOBN(0xff398cdf, 0xe983c4a1), + TOBN(0xbf5e8162, 0x03b7b931), + TOBN(0x93193c46, 0xb7b9045b), + TOBN(0x1e4ebf5d, 0xa4a6e46b), + TOBN(0xf9942a60, 0x43a24fe7), + TOBN(0x29c1191e, 0xffb3492b), + TOBN(0x9f662449, 0x902fde05), + TOBN(0xc792a7ac, 0x6713c32d), + TOBN(0x2fd88ad8, 0xb737982c), + TOBN(0x7e3a0319, 0xa21e60e3), + TOBN(0x09b0de44, 0x7383591a), + TOBN(0x6df141ee, 0x8310a456), + TOBN(0xaec1a039, 0xe6d6f471), + TOBN(0x14b2ba0f, 0x1198d12e), + TOBN(0xebc1a160, 0x3aeee5ac), + TOBN(0x401f4836, 0xe0b964ce), + TOBN(0x2ee43796, 0x4fd03f66), + TOBN(0x3fdb4e49, 0xdd8f3f12), + TOBN(0x6ef267f6, 0x29380f18), + TOBN(0x3e8e9670, 0x8da64d16), + TOBN(0xbc19180c, 0x207674f1), + TOBN(0x112e09a7, 0x33ae8fdb), + TOBN(0x99667554, 0x6aaeb71e), + TOBN(0x79432af1, 0xe101b1c7), + TOBN(0xd5eb558f, 0xde2ddec6), + TOBN(0x81392d1f, 0x5357753f), + TOBN(0xa7a76b97, 0x3ae1158a), + TOBN(0x416fbbff, 0x4a899991), + TOBN(0x9e65fdfd, 0x0d4a9dcf), + TOBN(0x7bc29e48, 0x944ddf12), + TOBN(0xbc1a92d9, 0x3c856866), + TOBN(0x273c6905, 0x6e98dfe2), + TOBN(0x69fce418, 0xcdfaa6b8), + TOBN(0x606bd823, 0x5061c69f), + TOBN(0x42d495a0, 0x6af75e27), + TOBN(0x8ed3d505, 0x6d873a1f), + TOBN(0xaf552841, 0x6ab25b6a), + TOBN(0xc6c0ffc7, 0x2b1a4523), + TOBN(0xab18827b, 0x21c99e03), + TOBN(0x060e8648, 0x9034691b), + TOBN(0x5207f90f, 0x93c7f398), + TOBN(0x9f4a96cb, 0x82f8d10b), + TOBN(0xdd71cd79, 0x3ad0f9e3), + TOBN(0x84f435d2, 0xfc3a54f5), + TOBN(0x4b03c55b, 0x8e33787f), + TOBN(0xef42f975, 0xa6384673), + TOBN(0xff7304f7, 0x5051b9f0), + TOBN(0x18aca1dc, 0x741c87c2), + TOBN(0x56f120a7, 0x2d4bfe80), + TOBN(0xfd823b3d, 0x053e732c), + TOBN(0x11bccfe4, 0x7537ca16), + TOBN(0xdf6c9c74, 0x1b5a996b), + TOBN(0xee7332c7, 0x904fc3fa), + TOBN(0x14a23f45, 0xc7e3636a), + TOBN(0xc38659c3, 0xf091d9aa), + TOBN(0x4a995e5d, 0xb12d8540), + TOBN(0x20a53bec, 0xf3a5598a), + TOBN(0x56534b17, 0xb1eaa995), + TOBN(0x9ed3dca4, 0xbf04e03c), + TOBN(0x716c563a, 0xd8d56268), + TOBN(0x27ba77a4, 0x1d6178e7), + TOBN(0xe4c80c40, 0x68a1ff8e), + TOBN(0x75011099, 0x0a13f63d), + TOBN(0x7bf33521, 0xa61d46f3), + TOBN(0x0aff218e, 0x10b365bb), + TOBN(0x81021804, 0x0fd7ea75), + TOBN(0x05a3fd8a, 0xa4b3a925), + TOBN(0xb829e75f, 0x9b3db4e6), + TOBN(0x6bdc75a5, 0x4d53e5fb), + TOBN(0x04a5dc02, 0xd52717e3), + TOBN(0x86af502f, 0xe9a42ec2), + TOBN(0x8867e8fb, 0x2630e382), + TOBN(0xbf845c6e, 0xbec9889b), + TOBN(0x54f491f2, 0xcb47c98d), + TOBN(0xa3091fba, 0x790c2a12), + TOBN(0xd7f6fd78, 0xc20f708b), + TOBN(0xa569ac30, 0xacde5e17), + TOBN(0xd0f996d0, 0x6852b4d7), + TOBN(0xe51d4bb5, 0x4609ae54), + TOBN(0x3fa37d17, 0x0daed061), + TOBN(0x62a88684, 0x34b8fb41), + TOBN(0x99a2acbd, 0x9efb64f1), + TOBN(0xb75c1a5e, 0x6448e1f2), + TOBN(0xfa99951a, 0x42b5a069), + TOBN(0x6d956e89, 0x2f3b26e7), + TOBN(0xf4709860, 0xda875247), + TOBN(0x3ad15179, 0x2482dda3), + TOBN(0xd64110e3, 0x017d82f0), + TOBN(0x14928d2c, 0xfad414e4), + TOBN(0x2b155f58, 0x2ed02b24), + TOBN(0x481a141b, 0xcb821bf1), + TOBN(0x12e3c770, 0x4f81f5da), + TOBN(0xe49c5de5, 0x9fff8381), + TOBN(0x11053232, 0x5bbec894), + TOBN(0xa0d051cc, 0x454d88c4), + TOBN(0x4f6db89c, 0x1f8e531b), + TOBN(0x34fe3fd6, 0xca563a44), + TOBN(0x7f5c2215, 0x58da8ab9), + TOBN(0x8445016d, 0x9474f0a1), + TOBN(0x17d34d61, 0xcb7d8a0a), + TOBN(0x8e9d3910, 0x1c474019), + TOBN(0xcaff2629, 0xd52ceefb), + TOBN(0xf9cf3e32, 0xc1622c2b), + TOBN(0xd4b95e3c, 0xe9071a05), + TOBN(0xfbbca61f, 0x1594438c), + TOBN(0x1eb6e6a6, 0x04aadedf), + TOBN(0x853027f4, 0x68e14940), + TOBN(0x221d322a, 0xdfabda9c), + TOBN(0xed8ea9f6, 0xb7cb179a), + TOBN(0xdc7b764d, 0xb7934dcc), + TOBN(0xfcb13940, 0x5e09180d), + TOBN(0x6629a6bf, 0xb47dc2dd), + TOBN(0xbfc55e4e, 0x9f5a915e), + TOBN(0xb1db9d37, 0x6204441e), + TOBN(0xf82d68cf, 0x930c5f53), + TOBN(0x17d3a142, 0xcbb605b1), + TOBN(0xdd5944ea, 0x308780f2), + TOBN(0xdc8de761, 0x3845f5e4), + TOBN(0x6beaba7d, 0x7624d7a3), + TOBN(0x1e709afd, 0x304df11e), + TOBN(0x95364376, 0x02170456), + TOBN(0xbf204b3a, 0xc8f94b64), + TOBN(0x4e53af7c, 0x5680ca68), + TOBN(0x0526074a, 0xe0c67574), + TOBN(0x95d8cef8, 0xecd92af6), + TOBN(0xe6b9fa7a, 0x6cd1745a), + TOBN(0x3d546d3d, 0xa325c3e4), + TOBN(0x1f57691d, 0x9ae93aae), + TOBN(0xe891f3fe, 0x9d2e1a33), + TOBN(0xd430093f, 0xac063d35), + TOBN(0xeda59b12, 0x5513a327), + TOBN(0xdc2134f3, 0x5536f18f), + TOBN(0xaa51fe2c, 0x5c210286), + TOBN(0x3f68aaee, 0x1cab658c), + TOBN(0x5a23a00b, 0xf9357292), + TOBN(0x9a626f39, 0x7efdabed), + TOBN(0xfe2b3bf3, 0x199d78e3), + TOBN(0xb7a2af77, 0x71bbc345), + TOBN(0x3d19827a, 0x1e59802c), + TOBN(0x823bbc15, 0xb487a51c), + TOBN(0x856139f2, 0x99d0a422), + TOBN(0x9ac3df65, 0xf456c6fb), + TOBN(0xaddf65c6, 0x701f8bd6), + TOBN(0x149f321e, 0x3758df87), + TOBN(0xb1ecf714, 0x721b7eba), + TOBN(0xe17df098, 0x31a3312a), + TOBN(0xdb2fd6ec, 0xd5c4d581), + TOBN(0xfd02996f, 0x8fcea1b3), + TOBN(0xe29fa63e, 0x7882f14f), + TOBN(0xc9f6dc35, 0x07c6cadc), + TOBN(0x46f22d6f, 0xb882bed0), + TOBN(0x1a45755b, 0xd118e52c), + TOBN(0x9f2c7c27, 0x7c4608cf), + TOBN(0x7ccbdf32, 0x568012c2), + TOBN(0xfcb0aedd, 0x61729b0e), + TOBN(0x7ca2ca9e, 0xf7d75dbf), + TOBN(0xf58fecb1, 0x6f640f62), + TOBN(0xe274b92b, 0x39f51946), + TOBN(0x7f4dfc04, 0x6288af44), + TOBN(0x0a91f32a, 0xeac329e5), + TOBN(0x43ad274b, 0xd6aaba31), + TOBN(0x719a1640, 0x0f6884f9), + TOBN(0x685d29f6, 0xdaf91e20), + TOBN(0x5ec1cc33, 0x27e49d52), + TOBN(0x38f4de96, 0x3b54a059), + TOBN(0x0e0015e5, 0xefbcfdb3), + TOBN(0x177d23d9, 0x4dbb8da6), + TOBN(0x98724aa2, 0x97a617ad), + TOBN(0x30f0885b, 0xfdb6558e), + TOBN(0xf9f7a28a, 0xc7899a96), + TOBN(0xd2ae8ac8, 0x872dc112), + TOBN(0xfa0642ca, 0x73c3c459), + TOBN(0x15296981, 0xe7dfc8d6), + TOBN(0x67cd4450, 0x1fb5b94a), + TOBN(0x0ec71cf1, 0x0eddfd37), + TOBN(0xc7e5eeb3, 0x9a8eddc7), + TOBN(0x02ac8e3d, 0x81d95028), + TOBN(0x0088f172, 0x70b0e35d), + TOBN(0xec041fab, 0xe1881fe3), + TOBN(0x62cf71b8, 0xd99e7faa), + TOBN(0x5043dea7, 0xe0f222c2), + TOBN(0x309d42ac, 0x72e65142), + TOBN(0x94fe9ddd, 0x9216cd30), + TOBN(0xd6539c7d, 0x0f87feec), + TOBN(0x03c5a57c, 0x432ac7d7), + TOBN(0x72692cf0, 0x327fda10), + TOBN(0xec28c85f, 0x280698de), + TOBN(0x2331fb46, 0x7ec283b1), + TOBN(0xd34bfa32, 0x2867e633), + TOBN(0x78709a82, 0x0a9cc815), + TOBN(0xb7fe6964, 0x875e2fa5), + TOBN(0x25cc064f, 0x9e98bfb5), + TOBN(0x9eb0151c, 0x493a65c5), + TOBN(0x5fb5d941, 0x53182464), + TOBN(0x69e6f130, 0xf04618e2), + TOBN(0xa8ecec22, 0xf89c8ab6), + TOBN(0xcd6ac88b, 0xb96209bd), + TOBN(0x65fa8cdb, 0xb3e1c9e0), + TOBN(0xa47d22f5, 0x4a8d8eac), + TOBN(0x83895cdf, 0x8d33f963), + TOBN(0xa8adca59, 0xb56cd3d1), + TOBN(0x10c8350b, 0xdaf38232), + TOBN(0x2b161fb3, 0xa5080a9f), + TOBN(0xbe7f5c64, 0x3af65b3a), + TOBN(0x2c754039, 0x97403a11), + TOBN(0x94626cf7, 0x121b96af), + TOBN(0x431de7c4, 0x6a983ec2), + TOBN(0x3780dd3a, 0x52cc3df7), + TOBN(0xe28a0e46, 0x2baf8e3b), + TOBN(0xabe68aad, 0x51d299ae), + TOBN(0x603eb8f9, 0x647a2408), + TOBN(0x14c61ed6, 0x5c750981), + TOBN(0x88b34414, 0xc53352e7), + TOBN(0x5a34889c, 0x1337d46e), + TOBN(0x612c1560, 0xf95f2bc8), + TOBN(0x8a3f8441, 0xd4807a3a), + TOBN(0x680d9e97, 0x5224da68), + TOBN(0x60cd6e88, 0xc3eb00e9), + TOBN(0x3875a98e, 0x9a6bc375), + TOBN(0xdc80f924, 0x4fd554c2), + TOBN(0x6c4b3415, 0x6ac77407), + TOBN(0xa1e5ea8f, 0x25420681), + TOBN(0x541bfa14, 0x4607a458), + TOBN(0x5dbc7e7a, 0x96d7fbf9), + TOBN(0x646a851b, 0x31590a47), + TOBN(0x039e85ba, 0x15ee6df8), + TOBN(0xd19fa231, 0xd7b43fc0), + TOBN(0x84bc8be8, 0x299a0e04), + TOBN(0x2b9d2936, 0xf20df03a), + TOBN(0x24054382, 0x8608d472), + TOBN(0x76b6ba04, 0x9149202a), + TOBN(0xb21c3831, 0x3670e7b7), + TOBN(0xddd93059, 0xd6fdee10), + TOBN(0x9da47ad3, 0x78488e71), + TOBN(0x99cc1dfd, 0xa0fcfb25), + TOBN(0x42abde10, 0x64696954), + TOBN(0x14cc15fc, 0x17eab9fe), + TOBN(0xd6e863e4, 0xd3e70972), + TOBN(0x29a7765c, 0x6432112c), + TOBN(0x88660001, 0x5b0774d8), + TOBN(0x3729175a, 0x2c088eae), + TOBN(0x13afbcae, 0x8230b8d4), + TOBN(0x44768151, 0x915f4379), + TOBN(0xf086431a, 0xd8d22812), + TOBN(0x37461955, 0xc298b974), + TOBN(0x905fb5f0, 0xf8711e04), + TOBN(0x787abf3a, 0xfe969d18), + TOBN(0x392167c2, 0x6f6a494e), + TOBN(0xfc7a0d2d, 0x28c511da), + TOBN(0xf127c7dc, 0xb66a262d), + TOBN(0xf9c4bb95, 0xfd63fdf0), + TOBN(0x90016589, 0x3913ef46), + TOBN(0x74d2a73c, 0x11aa600d), + TOBN(0x2f5379bd, 0x9fb5ab52), + TOBN(0xe49e53a4, 0x7fb70068), + TOBN(0x68dd39e5, 0x404aa9a7), + TOBN(0xb9b0cf57, 0x2ecaa9c3), + TOBN(0xba0e103b, 0xe824826b), + TOBN(0x60c2198b, 0x4631a3c4), + TOBN(0xc5ff84ab, 0xfa8966a2), + TOBN(0x2d6ebe22, 0xac95aff8), + TOBN(0x1c9bb6db, 0xb5a46d09), + TOBN(0x419062da, 0x53ee4f8d), + TOBN(0x7b9042d0, 0xbb97efef), + TOBN(0x0f87f080, 0x830cf6bd), + TOBN(0x4861d19a, 0x6ec8a6c6), + TOBN(0xd3a0daa1, 0x202f01aa), + TOBN(0xb0111674, 0xf25afbd5), + TOBN(0x6d00d6cf, 0x1afb20d9), + TOBN(0x13695000, 0x40671bc5), + TOBN(0x913ab0dc, 0x2485ea9b), + TOBN(0x1f2bed06, 0x9eef61ac), + TOBN(0x850c8217, 0x6d799e20), + TOBN(0x93415f37, 0x3271c2de), + TOBN(0x5afb06e9, 0x6c4f5910), + TOBN(0x688a52df, 0xc4e9e421), + TOBN(0x30495ba3, 0xe2a9a6db), + TOBN(0x4601303d, 0x58f9268b), + TOBN(0xbe3b0dad, 0x7eb0f04f), + TOBN(0x4ea47250, 0x4456936d), + TOBN(0x8caf8798, 0xd33fd3e7), + TOBN(0x1ccd8a89, 0xeb433708), + TOBN(0x9effe3e8, 0x87fd50ad), + TOBN(0xbe240a56, 0x6b29c4df), + TOBN(0xec4ffd98, 0xca0e7ebd), + TOBN(0xf586783a, 0xe748616e), + TOBN(0xa5b00d8f, 0xc77baa99), + TOBN(0x0acada29, 0xb4f34c9c), + TOBN(0x36dad67d, 0x0fe723ac), + TOBN(0x1d8e53a5, 0x39c36c1e), + TOBN(0xe4dd342d, 0x1f4bea41), + TOBN(0x64fd5e35, 0xebc9e4e0), + TOBN(0x96f01f90, 0x57908805), + TOBN(0xb5b9ea3d, 0x5ed480dd), + TOBN(0x366c5dc2, 0x3efd2dd0), + TOBN(0xed2fe305, 0x6e9dfa27), + TOBN(0x4575e892, 0x6e9197e2), + TOBN(0x11719c09, 0xab502a5d), + TOBN(0x264c7bec, 0xe81f213f), + TOBN(0x741b9241, 0x55f5c457), + TOBN(0x78ac7b68, 0x49a5f4f4), + TOBN(0xf91d70a2, 0x9fc45b7d), + TOBN(0x39b05544, 0xb0f5f355), + TOBN(0x11f06bce, 0xeef930d9), + TOBN(0xdb84d25d, 0x038d05e1), + TOBN(0x04838ee5, 0xbacc1d51), + TOBN(0x9da3ce86, 0x9e8ee00b), + TOBN(0xc3412057, 0xc36eda1f), + TOBN(0xae80b913, 0x64d9c2f4), + TOBN(0x7468bac3, 0xa010a8ff), + TOBN(0xdfd20037, 0x37359d41), + TOBN(0x1a0f5ab8, 0x15efeacc), + TOBN(0x7c25ad2f, 0x659d0ce0), + TOBN(0x4011bcbb, 0x6785cff1), + TOBN(0x128b9912, 0x7e2192c7), + TOBN(0xa549d8e1, 0x13ccb0e8), + TOBN(0x805588d8, 0xc85438b1), + TOBN(0x5680332d, 0xbc25cb27), + TOBN(0xdcd1bc96, 0x1a4bfdf4), + TOBN(0x779ff428, 0x706f6566), + TOBN(0x8bbee998, 0xf059987a), + TOBN(0xf6ce8cf2, 0xcc686de7), + TOBN(0xf8ad3c4a, 0x953cfdb2), + TOBN(0xd1d426d9, 0x2205da36), + TOBN(0xb3c0f13f, 0xc781a241), + TOBN(0x3e89360e, 0xd75362a8), + TOBN(0xccd05863, 0xc8a91184), + TOBN(0x9bd0c9b7, 0xefa8a7f4), + TOBN(0x97ee4d53, 0x8a912a4b), + TOBN(0xde5e15f8, 0xbcf518fd), + TOBN(0x6a055bf8, 0xc467e1e0), + TOBN(0x10be4b4b, 0x1587e256), + TOBN(0xd90c14f2, 0x668621c9), + TOBN(0xd5518f51, 0xab9c92c1), + TOBN(0x8e6a0100, 0xd6d47b3c), + TOBN(0xcbe980dd, 0x66716175), + TOBN(0x500d3f10, 0xddd83683), + TOBN(0x3b6cb35d, 0x99cac73c), + TOBN(0x53730c8b, 0x6083d550), + TOBN(0xcf159767, 0xdf0a1987), + TOBN(0x84bfcf53, 0x43ad73b3), + TOBN(0x1b528c20, 0x4f035a94), + TOBN(0x4294edf7, 0x33eeac69), + TOBN(0xb6283e83, 0x817f3240), + TOBN(0xc3fdc959, 0x0a5f25b1), + TOBN(0xefaf8aa5, 0x5844ee22), + TOBN(0xde269ba5, 0xdbdde4de), + TOBN(0xe3347160, 0xc56133bf), + TOBN(0xc1184219, 0x8d9ea9f8), + TOBN(0x090de5db, 0xf3fc1ab5), + TOBN(0x404c37b1, 0x0bf22cda), + TOBN(0x7de20ec8, 0xf5618894), + TOBN(0x754c588e, 0xecdaecab), + TOBN(0x6ca4b0ed, 0x88342743), + TOBN(0x76f08bdd, 0xf4a938ec), + TOBN(0xd182de89, 0x91493ccb), + TOBN(0xd652c53e, 0xc8a4186a), + TOBN(0xb3e878db, 0x946d8e33), + TOBN(0x088453c0, 0x5f37663c), + TOBN(0x5cd9daaa, 0xb407748b), + TOBN(0xa1f5197f, 0x586d5e72), + TOBN(0x47500be8, 0xc443ca59), + TOBN(0x78ef35b2, 0xe2652424), + TOBN(0x09c5d26f, 0x6dd7767d), + TOBN(0x7175a79a, 0xa74d3f7b), + TOBN(0x0428fd8d, 0xcf5ea459), + TOBN(0x511cb97c, 0xa5d1746d), + TOBN(0x36363939, 0xe71d1278), + TOBN(0xcf2df955, 0x10350bf4), + TOBN(0xb3817439, 0x60aae782), + TOBN(0xa748c0e4, 0x3e688809), + TOBN(0x98021fbf, 0xd7a5a006), + TOBN(0x9076a70c, 0x0e367a98), + TOBN(0xbea1bc15, 0x0f62b7c2), + TOBN(0x2645a68c, 0x30fe0343), + TOBN(0xacaffa78, 0x699dc14f), + TOBN(0xf4469964, 0x457bf9c4), + TOBN(0x0db6407b, 0x0d2ead83), + TOBN(0x68d56cad, 0xb2c6f3eb), + TOBN(0x3b512e73, 0xf376356c), + TOBN(0xe43b0e1f, 0xfce10408), + TOBN(0x89ddc003, 0x5a5e257d), + TOBN(0xb0ae0d12, 0x0362e5b3), + TOBN(0x07f983c7, 0xb0519161), + TOBN(0xc2e94d15, 0x5d5231e7), + TOBN(0xcff22aed, 0x0b4f9513), + TOBN(0xb02588dd, 0x6ad0b0b5), + TOBN(0xb967d1ac, 0x11d0dcd5), + TOBN(0x8dac6bc6, 0xcf777b6c), + TOBN(0x0062bdbd, 0x4c6d1959), + TOBN(0x53da71b5, 0x0ef5cc85), + TOBN(0x07012c7d, 0x4006f14f), + TOBN(0x4617f962, 0xac47800d), + TOBN(0x53365f2b, 0xc102ed75), + TOBN(0xb422efcb, 0x4ab8c9d3), + TOBN(0x195cb26b, 0x34af31c9), + TOBN(0x3a926e29, 0x05f2c4ce), + TOBN(0xbd2bdecb, 0x9856966c), + TOBN(0x5d16ab3a, 0x85527015), + TOBN(0x9f81609e, 0x4486c231), + TOBN(0xd8b96b2c, 0xda350002), + TOBN(0xbd054690, 0xfa1b7d36), + TOBN(0xdc90ebf5, 0xe71d79bc), + TOBN(0xf241b6f9, 0x08964e4e), + TOBN(0x7c838643, 0x2fe3cd4c), + TOBN(0xe0f33acb, 0xb4bc633c), + TOBN(0xb4a9ecec, 0x3d139f1f), + TOBN(0x05ce69cd, 0xdc4a1f49), + TOBN(0xa19d1b16, 0xf5f98aaf), + TOBN(0x45bb71d6, 0x6f23e0ef), + TOBN(0x33789fcd, 0x46cdfdd3), + TOBN(0x9b8e2978, 0xcee040ca), + TOBN(0x9c69b246, 0xae0a6828), + TOBN(0xba533d24, 0x7078d5aa), + TOBN(0x7a2e42c0, 0x7bb4fbdb), + TOBN(0xcfb4879a, 0x7035385c), + TOBN(0x8c3dd30b, 0x3281705b), + TOBN(0x7e361c6c, 0x404fe081), + TOBN(0x7b21649c, 0x3f604edf), + TOBN(0x5dbf6a3f, 0xe52ffe47), + TOBN(0xc41b7c23, 0x4b54d9bf), + TOBN(0x1374e681, 0x3511c3d9), + TOBN(0x1863bf16, 0xc1b2b758), + TOBN(0x90e78507, 0x1e9e6a96), + TOBN(0xab4bf98d, 0x5d86f174), + TOBN(0xd74e0bd3, 0x85e96fe4), + TOBN(0x8afde39f, 0xcac5d344), + TOBN(0x90946dbc, 0xbd91b847), + TOBN(0xf5b42358, 0xfe1a838c), + TOBN(0x05aae6c5, 0x620ac9d8), + TOBN(0x8e193bd8, 0xa1ce5a0b), + TOBN(0x8f710571, 0x4dabfd72), + TOBN(0x8d8fdd48, 0x182caaac), + TOBN(0x8c4aeefa, 0x040745cf), + TOBN(0x73c6c30a, 0xf3b93e6d), + TOBN(0x991241f3, 0x16f42011), + TOBN(0xa0158eea, 0xe457a477), + TOBN(0xd19857db, 0xee6ddc05), + TOBN(0xb3265224, 0x18c41671), + TOBN(0x3ffdfc7e, 0x3c2c0d58), + TOBN(0x3a3a5254, 0x26ee7cda), + TOBN(0x341b0869, 0xdf02c3a8), + TOBN(0xa023bf42, 0x723bbfc8), + TOBN(0x3d15002a, 0x14452691), + }, + { + TOBN(0x5ef7324c, 0x85edfa30), + TOBN(0x25976554, 0x87d4f3da), + TOBN(0x352f5bc0, 0xdcb50c86), + TOBN(0x8f6927b0, 0x4832a96c), + TOBN(0xd08ee1ba, 0x55f2f94c), + TOBN(0x6a996f99, 0x344b45fa), + TOBN(0xe133cb8d, 0xa8aa455d), + TOBN(0x5d0721ec, 0x758dc1f7), + TOBN(0x6ba7a920, 0x79e5fb67), + TOBN(0xe1331feb, 0x70aa725e), + TOBN(0x5080ccf5, 0x7df5d837), + TOBN(0xe4cae01d, 0x7ff72e21), + TOBN(0xd9243ee6, 0x0412a77d), + TOBN(0x06ff7cac, 0xdf449025), + TOBN(0xbe75f7cd, 0x23ef5a31), + TOBN(0xbc957822, 0x0ddef7a8), + TOBN(0x8cf7230c, 0xb0ce1c55), + TOBN(0x5b534d05, 0x0bbfb607), + TOBN(0xee1ef113, 0x0e16363b), + TOBN(0x27e0aa7a, 0xb4999e82), + TOBN(0xce1dac2d, 0x79362c41), + TOBN(0x67920c90, 0x91bb6cb0), + TOBN(0x1e648d63, 0x2223df24), + TOBN(0x0f7d9eef, 0xe32e8f28), + TOBN(0x6943f39a, 0xfa833834), + TOBN(0x22951722, 0xa6328562), + TOBN(0x81d63dd5, 0x4170fc10), + TOBN(0x9f5fa58f, 0xaecc2e6d), + TOBN(0xb66c8725, 0xe77d9a3b), + TOBN(0x11235cea, 0x6384ebe0), + TOBN(0x06a8c118, 0x5845e24a), + TOBN(0x0137b286, 0xebd093b1), + TOBN(0xc589e1ce, 0x44ace150), + TOBN(0xe0f8d3d9, 0x4381e97c), + TOBN(0x59e99b11, 0x62c5a4b8), + TOBN(0x90d262f7, 0xfd0ec9f9), + TOBN(0xfbc854c9, 0x283e13c9), + TOBN(0x2d04fde7, 0xaedc7085), + TOBN(0x057d7765, 0x47dcbecb), + TOBN(0x8dbdf591, 0x9a76fa5f), + TOBN(0xd0150695, 0x0de1e578), + TOBN(0x2e1463e7, 0xe9f72bc6), + TOBN(0xffa68441, 0x1b39eca5), + TOBN(0x673c8530, 0x7c037f2f), + TOBN(0xd0d6a600, 0x747f91da), + TOBN(0xb08d43e1, 0xc9cb78e9), + TOBN(0x0fc0c644, 0x27b5cef5), + TOBN(0x5c1d160a, 0xa60a2fd6), + TOBN(0xf98cae53, 0x28c8e13b), + TOBN(0x375f10c4, 0xb2eddcd1), + TOBN(0xd4eb8b7f, 0x5cce06ad), + TOBN(0xb4669f45, 0x80a2e1ef), + TOBN(0xd593f9d0, 0x5bbd8699), + TOBN(0x5528a4c9, 0xe7976d13), + TOBN(0x3923e095, 0x1c7e28d3), + TOBN(0xb9293790, 0x3f6bb577), + TOBN(0xdb567d6a, 0xc42bd6d2), + TOBN(0x6df86468, 0xbb1f96ae), + TOBN(0x0efe5b1a, 0x4843b28e), + TOBN(0x961bbb05, 0x6379b240), + TOBN(0xb6caf5f0, 0x70a6a26b), + TOBN(0x70686c0d, 0x328e6e39), + TOBN(0x80da06cf, 0x895fc8d3), + TOBN(0x804d8810, 0xb363fdc9), + TOBN(0xbe22877b, 0x207f1670), + TOBN(0x9b0dd188, 0x4e615291), + TOBN(0x625ae8dc, 0x97a3c2bf), + TOBN(0x08584ef7, 0x439b86e8), + TOBN(0xde7190a5, 0xdcd898ff), + TOBN(0x26286c40, 0x2058ee3d), + TOBN(0x3db0b217, 0x5f87b1c1), + TOBN(0xcc334771, 0x102a6db5), + TOBN(0xd99de954, 0x2f770fb1), + TOBN(0x97c1c620, 0x4cd7535e), + TOBN(0xd3b6c448, 0x3f09cefc), + TOBN(0xd725af15, 0x5a63b4f8), + TOBN(0x0c95d24f, 0xc01e20ec), + TOBN(0xdfd37494, 0x9ae7121f), + TOBN(0x7d6ddb72, 0xec77b7ec), + TOBN(0xfe079d3b, 0x0353a4ae), + TOBN(0x3066e70a, 0x2e6ac8d2), + TOBN(0x9c6b5a43, 0x106e5c05), + TOBN(0x52d3c6f5, 0xede59b8c), + TOBN(0x30d6a5c3, 0xfccec9ae), + TOBN(0xedec7c22, 0x4fc0a9ef), + TOBN(0x190ff083, 0x95c16ced), + TOBN(0xbe12ec8f, 0x94de0fde), + TOBN(0x0d131ab8, 0x852d3433), + TOBN(0x42ace07e, 0x85701291), + TOBN(0x94793ed9, 0x194061a8), + TOBN(0x30e83ed6, 0xd7f4a485), + TOBN(0x9eec7269, 0xf9eeff4d), + TOBN(0x90acba59, 0x0c9d8005), + TOBN(0x5feca458, 0x1e79b9d1), + TOBN(0x8fbe5427, 0x1d506a1e), + TOBN(0xa32b2c8e, 0x2439cfa7), + TOBN(0x1671c173, 0x73dd0b4e), + TOBN(0x37a28214, 0x44a054c6), + TOBN(0x81760a1b, 0x4e8b53f1), + TOBN(0xa6c04224, 0xf9f93b9e), + TOBN(0x18784b34, 0xcf671e3c), + TOBN(0x81bbecd2, 0xcda9b994), + TOBN(0x38831979, 0xb2ab3848), + TOBN(0xef54feb7, 0xf2e03c2d), + TOBN(0xcf197ca7, 0xfb8088fa), + TOBN(0x01427247, 0x4ddc96c5), + TOBN(0xa2d2550a, 0x30777176), + TOBN(0x53469898, 0x4d0cf71d), + TOBN(0x6ce937b8, 0x3a2aaac6), + TOBN(0xe9f91dc3, 0x5af38d9b), + TOBN(0x2598ad83, 0xc8bf2899), + TOBN(0x8e706ac9, 0xb5536c16), + TOBN(0x40dc7495, 0xf688dc98), + TOBN(0x26490cd7, 0x124c4afc), + TOBN(0xe651ec84, 0x1f18775c), + TOBN(0x393ea6c3, 0xb4fdaf4a), + TOBN(0x1e1f3343, 0x7f338e0d), + TOBN(0x39fb832b, 0x6053e7b5), + TOBN(0x46e702da, 0x619e14d5), + TOBN(0x859cacd1, 0xcdeef6e0), + TOBN(0x63b99ce7, 0x4462007d), + TOBN(0xb8ab48a5, 0x4cb5f5b7), + TOBN(0x9ec673d2, 0xf55edde7), + TOBN(0xd1567f74, 0x8cfaefda), + TOBN(0x46381b6b, 0x0887bcec), + TOBN(0x694497ce, 0xe178f3c2), + TOBN(0x5e6525e3, 0x1e6266cb), + TOBN(0x5931de26, 0x697d6413), + TOBN(0x87f8df7c, 0x0e58d493), + TOBN(0xb1ae5ed0, 0x58b73f12), + TOBN(0xc368f784, 0xdea0c34d), + TOBN(0x9bd0a120, 0x859a91a0), + TOBN(0xb00d88b7, 0xcc863c68), + TOBN(0x3a1cc11e, 0x3d1f4d65), + TOBN(0xea38e0e7, 0x0aa85593), + TOBN(0x37f13e98, 0x7dc4aee8), + TOBN(0x10d38667, 0xbc947bad), + TOBN(0x738e07ce, 0x2a36ee2e), + TOBN(0xc93470cd, 0xc577fcac), + TOBN(0xdee1b616, 0x2782470d), + TOBN(0x36a25e67, 0x2e793d12), + TOBN(0xd6aa6cae, 0xe0f186da), + TOBN(0x474d0fd9, 0x80e07af7), + TOBN(0xf7cdc47d, 0xba8a5cd4), + TOBN(0x28af6d9d, 0xab15247f), + TOBN(0x7c789c10, 0x493a537f), + TOBN(0x7ac9b110, 0x23a334e7), + TOBN(0x0236ac09, 0x12c9c277), + TOBN(0xa7e5bd25, 0x1d7a5144), + TOBN(0x098b9c2a, 0xf13ec4ec), + TOBN(0x3639daca, 0xd3f0abca), + TOBN(0x642da81a, 0xa23960f9), + TOBN(0x7d2e5c05, 0x4f7269b1), + TOBN(0xfcf30777, 0xe287c385), + TOBN(0x10edc84f, 0xf2a46f21), + TOBN(0x35441757, 0x4f43fa36), + TOBN(0xf1327899, 0xfd703431), + TOBN(0xa438d7a6, 0x16dd587a), + TOBN(0x65c34c57, 0xe9c8352d), + TOBN(0xa728edab, 0x5cc5a24e), + TOBN(0xaed78abc, 0x42531689), + TOBN(0x0a51a0e8, 0x010963ef), + TOBN(0x5776fa0a, 0xd717d9b3), + TOBN(0xf356c239, 0x7dd3428b), + TOBN(0x29903fff, 0x8d3a3dac), + TOBN(0x409597fa, 0x3d94491f), + TOBN(0x4cd7a5ff, 0xbf4a56a4), + TOBN(0xe5096474, 0x8adab462), + TOBN(0xa97b5126, 0x5c3427b0), + TOBN(0x6401405c, 0xd282c9bd), + TOBN(0x3629f8d7, 0x222c5c45), + TOBN(0xb1c02c16, 0xe8d50aed), + TOBN(0xbea2ed75, 0xd9635bc9), + TOBN(0x226790c7, 0x6e24552f), + TOBN(0x3c33f2a3, 0x65f1d066), + TOBN(0x2a43463e, 0x6dfccc2e), + TOBN(0x8cc3453a, 0xdb483761), + TOBN(0xe7cc6085, 0x65d5672b), + TOBN(0x277ed6cb, 0xde3efc87), + TOBN(0x19f2f368, 0x69234eaf), + TOBN(0x9aaf4317, 0x5c0b800b), + TOBN(0x1f1e7c89, 0x8b6da6e2), + TOBN(0x6cfb4715, 0xb94ec75e), + TOBN(0xd590dd5f, 0x453118c2), + TOBN(0x14e49da1, 0x1f17a34c), + TOBN(0x5420ab39, 0x235a1456), + TOBN(0xb7637241, 0x2f50363b), + TOBN(0x7b15d623, 0xc3fabb6e), + TOBN(0xa0ef40b1, 0xe274e49c), + TOBN(0x5cf50744, 0x96b1860a), + TOBN(0xd6583fbf, 0x66afe5a4), + TOBN(0x44240510, 0xf47e3e9a), + TOBN(0x99254343, 0x11b2d595), + TOBN(0xf1367499, 0xeec8df57), + TOBN(0x3cb12c61, 0x3e73dd05), + TOBN(0xd248c033, 0x7dac102a), + TOBN(0xcf154f13, 0xa77739f5), + TOBN(0xbf4288cb, 0x23d2af42), + TOBN(0xaa64c9b6, 0x32e4a1cf), + TOBN(0xee8c07a8, 0xc8a208f3), + TOBN(0xe10d4999, 0x6fe8393f), + TOBN(0x0f809a3f, 0xe91f3a32), + TOBN(0x61096d1c, 0x802f63c8), + TOBN(0x289e1462, 0x57750d3d), + TOBN(0xed06167e, 0x9889feea), + TOBN(0xd5c9c0e2, 0xe0993909), + TOBN(0x46fca0d8, 0x56508ac6), + TOBN(0x91826047, 0x4f1b8e83), + TOBN(0x4f2c877a, 0x9a4a2751), + TOBN(0x71bd0072, 0xcae6fead), + TOBN(0x38df8dcc, 0x06aa1941), + TOBN(0x5a074b4c, 0x63beeaa8), + TOBN(0xd6d65934, 0xc1cec8ed), + TOBN(0xa6ecb49e, 0xaabc03bd), + TOBN(0xaade91c2, 0xde8a8415), + TOBN(0xcfb0efdf, 0x691136e0), + TOBN(0x11af45ee, 0x23ab3495), + TOBN(0xa132df88, 0x0b77463d), + TOBN(0x8923c15c, 0x815d06f4), + TOBN(0xc3ceb3f5, 0x0d61a436), + TOBN(0xaf52291d, 0xe88fb1da), + TOBN(0xea057974, 0x1da12179), + TOBN(0xb0d7218c, 0xd2fef720), + TOBN(0x6c0899c9, 0x8e1d8845), + TOBN(0x98157504, 0x752ddad7), + TOBN(0xd60bd74f, 0xa1a68a97), + TOBN(0x7047a3a9, 0xf658fb99), + TOBN(0x1f5d86d6, 0x5f8511e4), + TOBN(0xb8a4bc42, 0x4b5a6d88), + TOBN(0x69eb2c33, 0x1abefa7d), + TOBN(0x95bf39e8, 0x13c9c510), + TOBN(0xf571960a, 0xd48aab43), + TOBN(0x7e8cfbcf, 0x704e23c6), + TOBN(0xc71b7d22, 0x28aaa65b), + TOBN(0xa041b2bd, 0x245e3c83), + TOBN(0x69b98834, 0xd21854ff), + TOBN(0x89d227a3, 0x963bfeec), + TOBN(0x99947aaa, 0xde7da7cb), + TOBN(0x1d9ee9db, 0xee68a9b1), + TOBN(0x0a08f003, 0x698ec368), + TOBN(0xe9ea4094, 0x78ef2487), + TOBN(0xc8d2d415, 0x02cfec26), + TOBN(0xc52f9a6e, 0xb7dcf328), + TOBN(0x0ed489e3, 0x85b6a937), + TOBN(0x9b94986b, 0xbef3366e), + TOBN(0x0de59c70, 0xedddddb8), + TOBN(0xffdb748c, 0xeadddbe2), + TOBN(0x9b9784bb, 0x8266ea40), + TOBN(0x142b5502, 0x1a93507a), + TOBN(0xb4cd1187, 0x8d3c06cf), + TOBN(0xdf70e76a, 0x91ec3f40), + TOBN(0x484e81ad, 0x4e7553c2), + TOBN(0x830f87b5, 0x272e9d6e), + TOBN(0xea1c93e5, 0xc6ff514a), + TOBN(0x67cc2adc, 0xc4192a8e), + TOBN(0xc77e27e2, 0x42f4535a), + TOBN(0x9cdbab36, 0xd2b713c5), + TOBN(0x86274ea0, 0xcf7b0cd3), + TOBN(0x784680f3, 0x09af826b), + TOBN(0xbfcc837a, 0x0c72dea3), + TOBN(0xa8bdfe9d, 0xd6529b73), + TOBN(0x708aa228, 0x63a88002), + TOBN(0x6c7a9a54, 0xc91d45b9), + TOBN(0xdf1a38bb, 0xfd004f56), + TOBN(0x2e8c9a26, 0xb8bad853), + TOBN(0x2d52cea3, 0x3723eae7), + TOBN(0x054d6d81, 0x56ca2830), + TOBN(0xa3317d14, 0x9a8dc411), + TOBN(0xa08662fe, 0xfd4ddeda), + TOBN(0xed2a153a, 0xb55d792b), + TOBN(0x7035c16a, 0xbfc6e944), + TOBN(0xb6bc5834, 0x00171cf3), + TOBN(0xe27152b3, 0x83d102b6), + TOBN(0xfe695a47, 0x0646b848), + TOBN(0xa5bb09d8, 0x916e6d37), + TOBN(0xb4269d64, 0x0d17015e), + TOBN(0x8d8156a1, 0x0a1d2285), + TOBN(0xfeef6c51, 0x46d26d72), + TOBN(0x9dac57c8, 0x4c5434a7), + TOBN(0x0282e5be, 0x59d39e31), + TOBN(0xedfff181, 0x721c486d), + TOBN(0x301baf10, 0xbc58824e), + TOBN(0x8136a6aa, 0x00570031), + TOBN(0x55aaf78c, 0x1cddde68), + TOBN(0x26829371, 0x59c63952), + TOBN(0x3a3bd274, 0x8bc25baf), + TOBN(0xecdf8657, 0xb7e52dc3), + TOBN(0x2dd8c087, 0xfd78e6c8), + TOBN(0x20553274, 0xf5531461), + TOBN(0x8b4a1281, 0x5d95499b), + TOBN(0xe2c8763a, 0x1a80f9d2), + TOBN(0xd1dbe32b, 0x4ddec758), + TOBN(0xaf12210d, 0x30c34169), + TOBN(0xba74a953, 0x78baa533), + TOBN(0x3d133c6e, 0xa438f254), + TOBN(0xa431531a, 0x201bef5b), + TOBN(0x15295e22, 0xf669d7ec), + TOBN(0xca374f64, 0x357fb515), + TOBN(0x8a8406ff, 0xeaa3fdb3), + TOBN(0x106ae448, 0xdf3f2da8), + TOBN(0x8f9b0a90, 0x33c8e9a1), + TOBN(0x234645e2, 0x71ad5885), + TOBN(0x3d083224, 0x1c0aed14), + TOBN(0xf10a7d3e, 0x7a942d46), + TOBN(0x7c11deee, 0x40d5c9be), + TOBN(0xb2bae7ff, 0xba84ed98), + TOBN(0x93e97139, 0xaad58ddd), + TOBN(0x3d872796, 0x3f6d1fa3), + TOBN(0x483aca81, 0x8569ff13), + TOBN(0x8b89a5fb, 0x9a600f72), + TOBN(0x4cbc27c3, 0xc06f2b86), + TOBN(0x22130713, 0x63ad9c0b), + TOBN(0xb5358b1e, 0x48ac2840), + TOBN(0x18311294, 0xecba9477), + TOBN(0xda58f990, 0xa6946b43), + TOBN(0x3098baf9, 0x9ab41819), + TOBN(0x66c4c158, 0x4198da52), + TOBN(0xab4fc17c, 0x146bfd1b), + TOBN(0x2f0a4c3c, 0xbf36a908), + TOBN(0x2ae9e34b, 0x58cf7838), + TOBN(0xf411529e, 0x3fa11b1f), + TOBN(0x21e43677, 0x974af2b4), + TOBN(0x7c20958e, 0xc230793b), + TOBN(0x710ea885, 0x16e840f3), + TOBN(0xfc0b21fc, 0xc5dc67cf), + TOBN(0x08d51647, 0x88405718), + TOBN(0xd955c21f, 0xcfe49eb7), + TOBN(0x9722a5d5, 0x56dd4a1f), + TOBN(0xc9ef50e2, 0xc861baa5), + TOBN(0xc0c21a5d, 0x9505ac3e), + TOBN(0xaf6b9a33, 0x8b7c063f), + TOBN(0xc6370339, 0x2f4779c1), + TOBN(0x22df99c7, 0x638167c3), + TOBN(0xfe6ffe76, 0x795db30c), + TOBN(0x2b822d33, 0xa4854989), + TOBN(0xfef031dd, 0x30563aa5), + TOBN(0x16b09f82, 0xd57c667f), + TOBN(0xc70312ce, 0xcc0b76f1), + TOBN(0xbf04a9e6, 0xc9118aec), + TOBN(0x82fcb419, 0x3409d133), + TOBN(0x1a8ab385, 0xab45d44d), + TOBN(0xfba07222, 0x617b83a3), + TOBN(0xb05f50dd, 0x58e81b52), + TOBN(0x1d8db553, 0x21ce5aff), + TOBN(0x3097b8d4, 0xe344a873), + TOBN(0x7d8d116d, 0xfe36d53e), + TOBN(0x6db22f58, 0x7875e750), + TOBN(0x2dc5e373, 0x43e144ea), + TOBN(0xc05f32e6, 0xe799eb95), + TOBN(0xe9e5f4df, 0x6899e6ec), + TOBN(0xbdc3bd68, 0x1fab23d5), + TOBN(0xb72b8ab7, 0x73af60e6), + TOBN(0x8db27ae0, 0x2cecc84a), + TOBN(0x600016d8, 0x7bdb871c), + TOBN(0x42a44b13, 0xd7c46f58), + TOBN(0xb8919727, 0xc3a77d39), + TOBN(0xcfc6bbbd, 0xdafd6088), + TOBN(0x1a740146, 0x6bd20d39), + TOBN(0x8c747abd, 0x98c41072), + TOBN(0x4c91e765, 0xbdf68ea1), + TOBN(0x7c95e5ca, 0x08819a78), + TOBN(0xcf48b729, 0xc9587921), + TOBN(0x091c7c5f, 0xdebbcc7d), + TOBN(0x6f287404, 0xf0e05149), + TOBN(0xf83b5ac2, 0x26cd44ec), + TOBN(0x88ae32a6, 0xcfea250e), + TOBN(0x6ac5047a, 0x1d06ebc5), + TOBN(0xc7e550b4, 0xd434f781), + TOBN(0x61ab1cf2, 0x5c727bd2), + TOBN(0x2e4badb1, 0x1cf915b0), + TOBN(0x1b4dadec, 0xf69d3920), + TOBN(0xe61b1ca6, 0xf14c1dfe), + TOBN(0x90b479cc, 0xbd6bd51f), + TOBN(0x8024e401, 0x8045ec30), + TOBN(0xcab29ca3, 0x25ef0e62), + TOBN(0x4f2e9416, 0x49e4ebc0), + TOBN(0x45eb40ec, 0x0ccced58), + TOBN(0x25cd4b9c, 0x0da44f98), + TOBN(0x43e06458, 0x871812c6), + TOBN(0x99f80d55, 0x16cef651), + TOBN(0x571340c9, 0xce6dc153), + TOBN(0x138d5117, 0xd8665521), + TOBN(0xacdb45bc, 0x4e07014d), + TOBN(0x2f34bb38, 0x84b60b91), + TOBN(0xf44a4fd2, 0x2ae8921e), + TOBN(0xb039288e, 0x892ba1e2), + TOBN(0x9da50174, 0xb1c180b2), + TOBN(0x6b70ab66, 0x1693dc87), + TOBN(0x7e9babc9, 0xe7057481), + TOBN(0x4581ddef, 0x9c80dc41), + TOBN(0x0c890da9, 0x51294682), + TOBN(0x0b5629d3, 0x3f4736e5), + TOBN(0x2340c79e, 0xb06f5b41), + TOBN(0xa42e84ce, 0x4e243469), + TOBN(0xf9a20135, 0x045a71a9), + TOBN(0xefbfb415, 0xd27b6fb6), + TOBN(0x25ebea23, 0x9d33cd6f), + TOBN(0x9caedb88, 0xaa6c0af8), + TOBN(0x53dc7e9a, 0xd9ce6f96), + TOBN(0x3897f9fd, 0x51e0b15a), + TOBN(0xf51cb1f8, 0x8e5d788e), + TOBN(0x1aec7ba8, 0xe1d490ee), + TOBN(0x265991e0, 0xcc58cb3c), + TOBN(0x9f306e8c, 0x9fc3ad31), + TOBN(0x5fed006e, 0x5040a0ac), + TOBN(0xca9d5043, 0xfb476f2e), + TOBN(0xa19c06e8, 0xbeea7a23), + TOBN(0xd2865801, 0x0edabb63), + TOBN(0xdb92293f, 0x6967469a), + TOBN(0x2894d839, 0x8d8a8ed8), + TOBN(0x87c9e406, 0xbbc77122), + TOBN(0x8671c6f1, 0x2ea3a26a), + TOBN(0xe42df8d6, 0xd7de9853), + TOBN(0x2e3ce346, 0xb1f2bcc7), + TOBN(0xda601dfc, 0x899d50cf), + TOBN(0xbfc913de, 0xfb1b598f), + TOBN(0x81c4909f, 0xe61f7908), + TOBN(0x192e304f, 0x9bbc7b29), + TOBN(0xc3ed8738, 0xc104b338), + TOBN(0xedbe9e47, 0x783f5d61), + TOBN(0x0c06e9be, 0x2db30660), + TOBN(0xda3e613f, 0xc0eb7d8e), + TOBN(0xd8fa3e97, 0x322e096e), + TOBN(0xfebd91e8, 0xd336e247), + TOBN(0x8f13ccc4, 0xdf655a49), + TOBN(0xa9e00dfc, 0x5eb20210), + TOBN(0x84631d0f, 0xc656b6ea), + TOBN(0x93a058cd, 0xd8c0d947), + TOBN(0x6846904a, 0x67bd3448), + TOBN(0x4a3d4e1a, 0xf394fd5c), + TOBN(0xc102c1a5, 0xdb225f52), + TOBN(0xe3455bba, 0xfc4f5e9a), + TOBN(0x6b36985b, 0x4b9ad1ce), + TOBN(0xa9818536, 0x5bb7f793), + TOBN(0x6c25e1d0, 0x48b1a416), + TOBN(0x1381dd53, 0x3c81bee7), + TOBN(0xd2a30d61, 0x7a4a7620), + TOBN(0xc8412926, 0x39b8944c), + TOBN(0x3c1c6fbe, 0x7a97c33a), + TOBN(0x941e541d, 0x938664e7), + TOBN(0x417499e8, 0x4a34f239), + TOBN(0x15fdb83c, 0xb90402d5), + TOBN(0xb75f46bf, 0x433aa832), + TOBN(0xb61e15af, 0x63215db1), + TOBN(0xaabe59d4, 0xa127f89a), + TOBN(0x5d541e0c, 0x07e816da), + TOBN(0xaaba0659, 0xa618b692), + TOBN(0x55327733, 0x17266026), + TOBN(0xaf53a0fc, 0x95f57552), + TOBN(0x32947650, 0x6cacb0c9), + TOBN(0x253ff58d, 0xc821be01), + TOBN(0xb0309531, 0xa06f1146), + TOBN(0x59bbbdf5, 0x05c2e54d), + TOBN(0x158f27ad, 0x26e8dd22), + TOBN(0xcc5b7ffb, 0x397e1e53), + TOBN(0xae03f65b, 0x7fc1e50d), + TOBN(0xa9784ebd, 0x9c95f0f9), + TOBN(0x5ed9deb2, 0x24640771), + TOBN(0x31244af7, 0x035561c4), + TOBN(0x87332f3a, 0x7ee857de), + TOBN(0x09e16e9e, 0x2b9e0d88), + TOBN(0x52d910f4, 0x56a06049), + TOBN(0x507ed477, 0xa9592f48), + TOBN(0x85cb917b, 0x2365d678), + TOBN(0xf8511c93, 0x4c8998d1), + TOBN(0x2186a3f1, 0x730ea58f), + TOBN(0x50189626, 0xb2029db0), + TOBN(0x9137a6d9, 0x02ceb75a), + TOBN(0x2fe17f37, 0x748bc82c), + TOBN(0x87c2e931, 0x80469f8c), + TOBN(0x850f71cd, 0xbf891aa2), + TOBN(0x0ca1b89b, 0x75ec3d8d), + TOBN(0x516c43aa, 0x5e1cd3cd), + TOBN(0x89397808, 0x9a887c28), + TOBN(0x0059c699, 0xddea1f9f), + TOBN(0x7737d6fa, 0x8e6868f7), + TOBN(0x6d93746a, 0x60f1524b), + TOBN(0x36985e55, 0xba052aa7), + TOBN(0x41b1d322, 0xed923ea5), + TOBN(0x3429759f, 0x25852a11), + TOBN(0xbeca6ec3, 0x092e9f41), + TOBN(0x3a238c66, 0x62256bbd), + TOBN(0xd82958ea, 0x70ad487d), + TOBN(0x4ac8aaf9, 0x65610d93), + TOBN(0x3fa101b1, 0x5e4ccab0), + TOBN(0x9bf430f2, 0x9de14bfb), + TOBN(0xa10f5cc6, 0x6531899d), + TOBN(0x590005fb, 0xea8ce17d), + TOBN(0xc437912f, 0x24544cb6), + TOBN(0x9987b71a, 0xd79ac2e3), + TOBN(0x13e3d9dd, 0xc058a212), + TOBN(0x00075aac, 0xd2de9606), + TOBN(0x80ab508b, 0x6cac8369), + TOBN(0x87842be7, 0xf54f6c89), + TOBN(0xa7ad663d, 0x6bc532a4), + TOBN(0x67813de7, 0x78a91bc8), + TOBN(0x5dcb61ce, 0xc3427239), + TOBN(0x5f3c7cf0, 0xc56934d9), + TOBN(0xc079e0fb, 0xe3191591), + TOBN(0xe40896bd, 0xb01aada7), + TOBN(0x8d466791, 0x0492d25f), + TOBN(0x8aeb30c9, 0xe7408276), + TOBN(0xe9437495, 0x9287aacc), + TOBN(0x23d4708d, 0x79fe03d4), + TOBN(0x8cda9cf2, 0xd0c05199), + TOBN(0x502fbc22, 0xfae78454), + TOBN(0xc0bda9df, 0xf572a182), + TOBN(0x5f9b71b8, 0x6158b372), + TOBN(0xe0f33a59, 0x2b82dd07), + TOBN(0x76302735, 0x9523032e), + TOBN(0x7fe1a721, 0xc4505a32), + TOBN(0x7b6e3e82, 0xf796409f), + }, + { + TOBN(0xe3417bc0, 0x35d0b34a), + TOBN(0x440b386b, 0x8327c0a7), + TOBN(0x8fb7262d, 0xac0362d1), + TOBN(0x2c41114c, 0xe0cdf943), + TOBN(0x2ba5cef1, 0xad95a0b1), + TOBN(0xc09b37a8, 0x67d54362), + TOBN(0x26d6cdd2, 0x01e486c9), + TOBN(0x20477abf, 0x42ff9297), + TOBN(0xa004dcb3, 0x292a9287), + TOBN(0xddc15cf6, 0x77b092c7), + TOBN(0x083a8464, 0x806c0605), + TOBN(0x4a68df70, 0x3db997b0), + TOBN(0x9c134e45, 0x05bf7dd0), + TOBN(0xa4e63d39, 0x8ccf7f8c), + TOBN(0xa6e6517f, 0x41b5f8af), + TOBN(0xaa8b9342, 0xad7bc1cc), + TOBN(0x126f35b5, 0x1e706ad9), + TOBN(0xb99cebb4, 0xc3a9ebdf), + TOBN(0xa75389af, 0xbf608d90), + TOBN(0x76113c4f, 0xc6c89858), + TOBN(0x80de8eb0, 0x97e2b5aa), + TOBN(0x7e1022cc, 0x63b91304), + TOBN(0x3bdab605, 0x6ccc066c), + TOBN(0x33cbb144, 0xb2edf900), + TOBN(0xc4176471, 0x7af715d2), + TOBN(0xe2f7f594, 0xd0134a96), + TOBN(0x2c1873ef, 0xa41ec956), + TOBN(0xe4e7b4f6, 0x77821304), + TOBN(0xe5c8ff97, 0x88d5374a), + TOBN(0x2b915e63, 0x80823d5b), + TOBN(0xea6bc755, 0xb2ee8fe2), + TOBN(0x6657624c, 0xe7112651), + TOBN(0x157af101, 0xdace5aca), + TOBN(0xc4fdbcf2, 0x11a6a267), + TOBN(0xdaddf340, 0xc49c8609), + TOBN(0x97e49f52, 0xe9604a65), + TOBN(0x9be8e790, 0x937e2ad5), + TOBN(0x846e2508, 0x326e17f1), + TOBN(0x3f38007a, 0x0bbbc0dc), + TOBN(0xcf03603f, 0xb11e16d6), + TOBN(0xd6f800e0, 0x7442f1d5), + TOBN(0x475607d1, 0x66e0e3ab), + TOBN(0x82807f16, 0xb7c64047), + TOBN(0x8858e1e3, 0xa749883d), + TOBN(0x5859120b, 0x8231ee10), + TOBN(0x1b80e7eb, 0x638a1ece), + TOBN(0xcb72525a, 0xc6aa73a4), + TOBN(0xa7cdea3d, 0x844423ac), + TOBN(0x5ed0c007, 0xf8ae7c38), + TOBN(0x6db07a5c, 0x3d740192), + TOBN(0xbe5e9c2a, 0x5fe36db3), + TOBN(0xd5b9d57a, 0x76e95046), + TOBN(0x54ac32e7, 0x8eba20f2), + TOBN(0xef11ca8f, 0x71b9a352), + TOBN(0x305e373e, 0xff98a658), + TOBN(0xffe5a100, 0x823eb667), + TOBN(0x57477b11, 0xe51732d2), + TOBN(0xdfd6eb28, 0x2538fc0e), + TOBN(0x5c43b0cc, 0x3b39eec5), + TOBN(0x6af12778, 0xcb36cc57), + TOBN(0x70b0852d, 0x06c425ae), + TOBN(0x6df92f8c, 0x5c221b9b), + TOBN(0x6c8d4f9e, 0xce826d9c), + TOBN(0xf59aba7b, 0xb49359c3), + TOBN(0x5c8ed8d5, 0xda64309d), + TOBN(0x61a6de56, 0x91b30704), + TOBN(0xd6b52f6a, 0x2f9b5808), + TOBN(0x0eee4194, 0x98c958a7), + TOBN(0xcddd9aab, 0x771e4caa), + TOBN(0x83965dfd, 0x78bc21be), + TOBN(0x02affce3, 0xb3b504f5), + TOBN(0x30847a21, 0x561c8291), + TOBN(0xd2eb2cf1, 0x52bfda05), + TOBN(0xe0e4c4e9, 0x6197b98c), + TOBN(0x1d35076c, 0xf8a1726f), + TOBN(0x6c06085b, 0x2db11e3d), + TOBN(0x15c0c4d7, 0x4463ba14), + TOBN(0x9d292f83, 0x0030238c), + TOBN(0x1311ee8b, 0x3727536d), + TOBN(0xfeea86ef, 0xbeaedc1e), + TOBN(0xb9d18cd3, 0x66131e2e), + TOBN(0xf31d974f, 0x80fe2682), + TOBN(0xb6e49e0f, 0xe4160289), + TOBN(0x7c48ec0b, 0x08e92799), + TOBN(0x818111d8, 0xd1989aa7), + TOBN(0xb34fa0aa, 0xebf926f9), + TOBN(0xdb5fe2f5, 0xa245474a), + TOBN(0xf80a6ebb, 0x3c7ca756), + TOBN(0xa7f96054, 0xafa05dd8), + TOBN(0x26dfcf21, 0xfcaf119e), + TOBN(0xe20ef2e3, 0x0564bb59), + TOBN(0xef4dca50, 0x61cb02b8), + TOBN(0xcda7838a, 0x65d30672), + TOBN(0x8b08d534, 0xfd657e86), + TOBN(0x4c5b4395, 0x46d595c8), + TOBN(0x39b58725, 0x425cb836), + TOBN(0x8ea61059, 0x3de9abe3), + TOBN(0x40434881, 0x9cdc03be), + TOBN(0x9b261245, 0xcfedce8c), + TOBN(0x78c318b4, 0xcf5234a1), + TOBN(0x510bcf16, 0xfde24c99), + TOBN(0x2a77cb75, 0xa2c2ff5d), + TOBN(0x9c895c2b, 0x27960fb4), + TOBN(0xd30ce975, 0xb0eda42b), + TOBN(0xfda85393, 0x1a62cc26), + TOBN(0x23c69b96, 0x50c0e052), + TOBN(0xa227df15, 0xbfc633f3), + TOBN(0x2ac78848, 0x1bae7d48), + TOBN(0x487878f9, 0x187d073d), + TOBN(0x6c2be919, 0x967f807d), + TOBN(0x765861d8, 0x336e6d8f), + TOBN(0x88b8974c, 0xce528a43), + TOBN(0x09521177, 0xff57d051), + TOBN(0x2ff38037, 0xfb6a1961), + TOBN(0xfc0aba74, 0xa3d76ad4), + TOBN(0x7c764803, 0x25a7ec17), + TOBN(0x7532d75f, 0x48879bc8), + TOBN(0xea7eacc0, 0x58ce6bc1), + TOBN(0xc82176b4, 0x8e896c16), + TOBN(0x9a30e0b2, 0x2c750fed), + TOBN(0xc37e2c2e, 0x421d3aa4), + TOBN(0xf926407c, 0xe84fa840), + TOBN(0x18abc03d, 0x1454e41c), + TOBN(0x26605ecd, 0x3f7af644), + TOBN(0x242341a6, 0xd6a5eabf), + TOBN(0x1edb84f4, 0x216b668e), + TOBN(0xd836edb8, 0x04010102), + TOBN(0x5b337ce7, 0x945e1d8c), + TOBN(0xd2075c77, 0xc055dc14), + TOBN(0x2a0ffa25, 0x81d89cdf), + TOBN(0x8ce815ea, 0x6ffdcbaf), + TOBN(0xa3428878, 0xfb648867), + TOBN(0x277699cf, 0x884655fb), + TOBN(0xfa5b5bd6, 0x364d3e41), + TOBN(0x01f680c6, 0x441e1cb7), + TOBN(0x3fd61e66, 0xb70a7d67), + TOBN(0x666ba2dc, 0xcc78cf66), + TOBN(0xb3018174, 0x6fdbff77), + TOBN(0x8d4dd0db, 0x168d4668), + TOBN(0x259455d0, 0x1dab3a2a), + TOBN(0xf58564c5, 0xcde3acec), + TOBN(0x77141925, 0x13adb276), + TOBN(0x527d725d, 0x8a303f65), + TOBN(0x55deb6c9, 0xe6f38f7b), + TOBN(0xfd5bb657, 0xb1fa70fb), + TOBN(0xfa07f50f, 0xd8073a00), + TOBN(0xf72e3aa7, 0xbca02500), + TOBN(0xf68f895d, 0x9975740d), + TOBN(0x30112060, 0x5cae2a6a), + TOBN(0x01bd7218, 0x02874842), + TOBN(0x3d423891, 0x7ce47bd3), + TOBN(0xa66663c1, 0x789544f6), + TOBN(0x864d05d7, 0x3272d838), + TOBN(0xe22924f9, 0xfa6295c5), + TOBN(0x8189593f, 0x6c2fda32), + TOBN(0x330d7189, 0xb184b544), + TOBN(0x79efa62c, 0xbde1f714), + TOBN(0x35771c94, 0xe5cb1a63), + TOBN(0x2f4826b8, 0x641c8332), + TOBN(0x00a894fb, 0xc8cee854), + TOBN(0xb4b9a39b, 0x36194d40), + TOBN(0xe857a7c5, 0x77612601), + TOBN(0xf4209dd2, 0x4ecf2f58), + TOBN(0x82b9e66d, 0x5a033487), + TOBN(0xc1e36934, 0xe4e8b9dd), + TOBN(0xd2372c9d, 0xa42377d7), + TOBN(0x51dc94c7, 0x0e3ae43b), + TOBN(0x4c57761e, 0x04474f6f), + TOBN(0xdcdacd0a, 0x1058a318), + TOBN(0x369cf3f5, 0x78053a9a), + TOBN(0xc6c3de50, 0x31c68de2), + TOBN(0x4653a576, 0x3c4b6d9f), + TOBN(0x1688dd5a, 0xaa4e5c97), + TOBN(0x5be80aa1, 0xb7ab3c74), + TOBN(0x70cefe7c, 0xbc65c283), + TOBN(0x57f95f13, 0x06867091), + TOBN(0xa39114e2, 0x4415503b), + TOBN(0xc08ff7c6, 0x4cbb17e9), + TOBN(0x1eff674d, 0xd7dec966), + TOBN(0x6d4690af, 0x53376f63), + TOBN(0xff6fe32e, 0xea74237b), + TOBN(0xc436d17e, 0xcd57508e), + TOBN(0x15aa28e1, 0xedcc40fe), + TOBN(0x0d769c04, 0x581bbb44), + TOBN(0xc240b6de, 0x34eaacda), + TOBN(0xd9e116e8, 0x2ba0f1de), + TOBN(0xcbe45ec7, 0x79438e55), + TOBN(0x91787c9d, 0x96f752d7), + TOBN(0x897f532b, 0xf129ac2f), + TOBN(0xd307b7c8, 0x5a36e22c), + TOBN(0x91940675, 0x749fb8f3), + TOBN(0xd14f95d0, 0x157fdb28), + TOBN(0xfe51d029, 0x6ae55043), + TOBN(0x8931e98f, 0x44a87de1), + TOBN(0xe57f1cc6, 0x09e4fee2), + TOBN(0x0d063b67, 0x4e072d92), + TOBN(0x70a998b9, 0xed0e4316), + TOBN(0xe74a736b, 0x306aca46), + TOBN(0xecf0fbf2, 0x4fda97c7), + TOBN(0xa40f65cb, 0x3e178d93), + TOBN(0x16253604, 0x16df4285), + TOBN(0xb0c9babb, 0xd0c56ae2), + TOBN(0x73032b19, 0xcfc5cfc3), + TOBN(0xe497e5c3, 0x09752056), + TOBN(0x12096bb4, 0x164bda96), + TOBN(0x1ee42419, 0xa0b74da1), + TOBN(0x8fc36243, 0x403826ba), + TOBN(0x0c8f0069, 0xdc09e660), + TOBN(0x8667e981, 0xc27253c9), + TOBN(0x05a6aefb, 0x92b36a45), + TOBN(0xa62c4b36, 0x9cb7bb46), + TOBN(0x8394f375, 0x11f7027b), + TOBN(0x747bc79c, 0x5f109d0f), + TOBN(0xcad88a76, 0x5b8cc60a), + TOBN(0x80c5a66b, 0x58f09e68), + TOBN(0xe753d451, 0xf6127eac), + TOBN(0xc44b74a1, 0x5b0ec6f5), + TOBN(0x47989fe4, 0x5289b2b8), + TOBN(0x745f8484, 0x58d6fc73), + TOBN(0xec362a6f, 0xf61c70ab), + TOBN(0x070c98a7, 0xb3a8ad41), + TOBN(0x73a20fc0, 0x7b63db51), + TOBN(0xed2c2173, 0xf44c35f4), + TOBN(0x8a56149d, 0x9acc9dca), + TOBN(0x98f17881, 0x9ac6e0f4), + TOBN(0x360fdeaf, 0xa413b5ed), + TOBN(0x0625b8f4, 0xa300b0fd), + TOBN(0xf1f4d76a, 0x5b3222d3), + TOBN(0x9d6f5109, 0x587f76b8), + TOBN(0x8b4ee08d, 0x2317fdb5), + TOBN(0x88089bb7, 0x8c68b095), + TOBN(0x95570e9a, 0x5808d9b9), + TOBN(0xa395c36f, 0x35d33ae7), + TOBN(0x200ea123, 0x50bb5a94), + TOBN(0x20c789bd, 0x0bafe84b), + TOBN(0x243ef52d, 0x0919276a), + TOBN(0x3934c577, 0xe23ae233), + TOBN(0xb93807af, 0xa460d1ec), + TOBN(0xb72a53b1, 0xf8fa76a4), + TOBN(0xd8914cb0, 0xc3ca4491), + TOBN(0x2e128494, 0x3fb42622), + TOBN(0x3b2700ac, 0x500907d5), + TOBN(0xf370fb09, 0x1a95ec63), + TOBN(0xf8f30be2, 0x31b6dfbd), + TOBN(0xf2b2f8d2, 0x69e55f15), + TOBN(0x1fead851, 0xcc1323e9), + TOBN(0xfa366010, 0xd9e5eef6), + TOBN(0x64d487b0, 0xe316107e), + TOBN(0x4c076b86, 0xd23ddc82), + TOBN(0x03fd344c, 0x7e0143f0), + TOBN(0xa95362ff, 0x317af2c5), + TOBN(0x0add3db7, 0xe18b7a4f), + TOBN(0x9c673e3f, 0x8260e01b), + TOBN(0xfbeb49e5, 0x54a1cc91), + TOBN(0x91351bf2, 0x92f2e433), + TOBN(0xc755e7ec, 0x851141eb), + TOBN(0xc9a95139, 0x29607745), + TOBN(0x0ca07420, 0xa26f2b28), + TOBN(0xcb2790e7, 0x4bc6f9dd), + TOBN(0x345bbb58, 0xadcaffc0), + TOBN(0xc65ea38c, 0xbe0f27a2), + TOBN(0x67c24d7c, 0x641fcb56), + TOBN(0x2c25f0a7, 0xa9e2c757), + TOBN(0x93f5cdb0, 0x16f16c49), + TOBN(0x2ca5a9d7, 0xc5ee30a1), + TOBN(0xd1593635, 0xb909b729), + TOBN(0x804ce9f3, 0xdadeff48), + TOBN(0xec464751, 0xb07c30c3), + TOBN(0x89d65ff3, 0x9e49af6a), + TOBN(0xf2d6238a, 0x6f3d01bc), + TOBN(0x1095561e, 0x0bced843), + TOBN(0x51789e12, 0xc8a13fd8), + TOBN(0xd633f929, 0x763231df), + TOBN(0x46df9f7d, 0xe7cbddef), + TOBN(0x01c889c0, 0xcb265da8), + TOBN(0xfce1ad10, 0xaf4336d2), + TOBN(0x8d110df6, 0xfc6a0a7e), + TOBN(0xdd431b98, 0x6da425dc), + TOBN(0xcdc4aeab, 0x1834aabe), + TOBN(0x84deb124, 0x8439b7fc), + TOBN(0x8796f169, 0x3c2a5998), + TOBN(0x9b9247b4, 0x7947190d), + TOBN(0x55b9d9a5, 0x11597014), + TOBN(0x7e9dd70d, 0x7b1566ee), + TOBN(0x94ad78f7, 0xcbcd5e64), + TOBN(0x0359ac17, 0x9bd4c032), + TOBN(0x3b11baaf, 0x7cc222ae), + TOBN(0xa6a6e284, 0xba78e812), + TOBN(0x8392053f, 0x24cea1a0), + TOBN(0xc97bce4a, 0x33621491), + TOBN(0x7eb1db34, 0x35399ee9), + TOBN(0x473f78ef, 0xece81ad1), + TOBN(0x41d72fe0, 0xf63d3d0d), + TOBN(0xe620b880, 0xafab62fc), + TOBN(0x92096bc9, 0x93158383), + TOBN(0x41a21357, 0x8f896f6c), + TOBN(0x1b5ee2fa, 0xc7dcfcab), + TOBN(0x650acfde, 0x9546e007), + TOBN(0xc081b749, 0xb1b02e07), + TOBN(0xda9e41a0, 0xf9eca03d), + TOBN(0x013ba727, 0x175a54ab), + TOBN(0xca0cd190, 0xea5d8d10), + TOBN(0x85ea52c0, 0x95fd96a9), + TOBN(0x2c591b9f, 0xbc5c3940), + TOBN(0x6fb4d4e4, 0x2bad4d5f), + TOBN(0xfa4c3590, 0xfef0059b), + TOBN(0x6a10218a, 0xf5122294), + TOBN(0x9a78a81a, 0xa85751d1), + TOBN(0x04f20579, 0xa98e84e7), + TOBN(0xfe1242c0, 0x4997e5b5), + TOBN(0xe77a273b, 0xca21e1e4), + TOBN(0xfcc8b1ef, 0x9411939d), + TOBN(0xe20ea302, 0x92d0487a), + TOBN(0x1442dbec, 0x294b91fe), + TOBN(0x1f7a4afe, 0xbb6b0e8f), + TOBN(0x1700ef74, 0x6889c318), + TOBN(0xf5bbffc3, 0x70f1fc62), + TOBN(0x3b31d4b6, 0x69c79cca), + TOBN(0xe8bc2aab, 0xa7f6340d), + TOBN(0xb0b08ab4, 0xa725e10a), + TOBN(0x44f05701, 0xae340050), + TOBN(0xba4b3016, 0x1cf0c569), + TOBN(0x5aa29f83, 0xfbe19a51), + TOBN(0x1b9ed428, 0xb71d752e), + TOBN(0x1666e54e, 0xeb4819f5), + TOBN(0x616cdfed, 0x9e18b75b), + TOBN(0x112ed5be, 0x3ee27b0b), + TOBN(0xfbf28319, 0x44c7de4d), + TOBN(0xd685ec85, 0xe0e60d84), + TOBN(0x68037e30, 0x1db7ee78), + TOBN(0x5b65bdcd, 0x003c4d6e), + TOBN(0x33e7363a, 0x93e29a6a), + TOBN(0x995b3a61, 0x08d0756c), + TOBN(0xd727f85c, 0x2faf134b), + TOBN(0xfac6edf7, 0x1d337823), + TOBN(0x99b9aa50, 0x0439b8b4), + TOBN(0x722eb104, 0xe2b4e075), + TOBN(0x49987295, 0x437c4926), + TOBN(0xb1e4c0e4, 0x46a9b82d), + TOBN(0xd0cb3197, 0x57a006f5), + TOBN(0xf3de0f7d, 0xd7808c56), + TOBN(0xb5c54d8f, 0x51f89772), + TOBN(0x500a114a, 0xadbd31aa), + TOBN(0x9afaaaa6, 0x295f6cab), + TOBN(0x94705e21, 0x04cf667a), + TOBN(0xfc2a811b, 0x9d3935d7), + TOBN(0x560b0280, 0x6d09267c), + TOBN(0xf19ed119, 0xf780e53b), + TOBN(0xf0227c09, 0x067b6269), + TOBN(0x967b8533, 0x5caef599), + TOBN(0x155b9243, 0x68efeebc), + TOBN(0xcd6d34f5, 0xc497bae6), + TOBN(0x1dd8d5d3, 0x6cceb370), + TOBN(0x2aeac579, 0xa78d7bf9), + TOBN(0x5d65017d, 0x70b67a62), + TOBN(0x70c8e44f, 0x17c53f67), + TOBN(0xd1fc0950, 0x86a34d09), + TOBN(0xe0fca256, 0xe7134907), + TOBN(0xe24fa29c, 0x80fdd315), + TOBN(0x2c4acd03, 0xd87499ad), + TOBN(0xbaaf7517, 0x3b5a9ba6), + TOBN(0xb9cbe1f6, 0x12e51a51), + TOBN(0xd88edae3, 0x5e154897), + TOBN(0xe4309c3c, 0x77b66ca0), + TOBN(0xf5555805, 0xf67f3746), + TOBN(0x85fc37ba, 0xa36401ff), + TOBN(0xdf86e2ca, 0xd9499a53), + TOBN(0x6270b2a3, 0xecbc955b), + TOBN(0xafae64f5, 0x974ad33b), + TOBN(0x04d85977, 0xfe7b2df1), + TOBN(0x2a3db3ff, 0x4ab03f73), + TOBN(0x0b87878a, 0x8702740a), + TOBN(0x6d263f01, 0x5a061732), + TOBN(0xc25430ce, 0xa32a1901), + TOBN(0xf7ebab3d, 0xdb155018), + TOBN(0x3a86f693, 0x63a9b78e), + TOBN(0x349ae368, 0xda9f3804), + TOBN(0x470f07fe, 0xa164349c), + TOBN(0xd52f4cc9, 0x8562baa5), + TOBN(0xc74a9e86, 0x2b290df3), + TOBN(0xd3a1aa35, 0x43471a24), + TOBN(0x239446be, 0xb8194511), + TOBN(0xbec2dd00, 0x81dcd44d), + TOBN(0xca3d7f0f, 0xc42ac82d), + TOBN(0x1f3db085, 0xfdaf4520), + TOBN(0xbb6d3e80, 0x4549daf2), + TOBN(0xf5969d8a, 0x19ad5c42), + TOBN(0x7052b13d, 0xdbfd1511), + TOBN(0x11890d1b, 0x682b9060), + TOBN(0xa71d3883, 0xac34452c), + TOBN(0xa438055b, 0x783805b4), + TOBN(0x43241277, 0x4725b23e), + TOBN(0xf20cf96e, 0x4901bbed), + TOBN(0x6419c710, 0xf432a2bb), + TOBN(0x57a0fbb9, 0xdfa9cd7d), + TOBN(0x589111e4, 0x00daa249), + TOBN(0x19809a33, 0x7b60554e), + TOBN(0xea5f8887, 0xede283a4), + TOBN(0x2d713802, 0x503bfd35), + TOBN(0x151bb0af, 0x585d2a53), + TOBN(0x40b08f74, 0x43b30ca8), + TOBN(0xe10b5bba, 0xd9934583), + TOBN(0xe8a546d6, 0xb51110ad), + TOBN(0x1dd50e66, 0x28e0b6c5), + TOBN(0x292e9d54, 0xcff2b821), + TOBN(0x3882555d, 0x47281760), + TOBN(0x134838f8, 0x3724d6e3), + TOBN(0xf2c679e0, 0x22ddcda1), + TOBN(0x40ee8815, 0x6d2a5768), + TOBN(0x7f227bd2, 0x1c1e7e2d), + TOBN(0x487ba134, 0xd04ff443), + TOBN(0x76e2ff3d, 0xc614e54b), + TOBN(0x36b88d6f, 0xa3177ec7), + TOBN(0xbf731d51, 0x2328fff5), + TOBN(0x758caea2, 0x49ba158e), + TOBN(0x5ab8ff4c, 0x02938188), + TOBN(0x33e16056, 0x35edc56d), + TOBN(0x5a69d349, 0x7e940d79), + TOBN(0x6c4fd001, 0x03866dcb), + TOBN(0x20a38f57, 0x4893cdef), + TOBN(0xfbf3e790, 0xfac3a15b), + TOBN(0x6ed7ea2e, 0x7a4f8e6b), + TOBN(0xa663eb4f, 0xbc3aca86), + TOBN(0x22061ea5, 0x080d53f7), + TOBN(0x2480dfe6, 0xf546783f), + TOBN(0xd38bc6da, 0x5a0a641e), + TOBN(0xfb093cd1, 0x2ede8965), + TOBN(0x89654db4, 0xacb455cf), + TOBN(0x413cbf9a, 0x26e1adee), + TOBN(0x291f3764, 0x373294d4), + TOBN(0x00797257, 0x648083fe), + TOBN(0x25f504d3, 0x208cc341), + TOBN(0x635a8e5e, 0xc3a0ee43), + TOBN(0x70aaebca, 0x679898ff), + TOBN(0x9ee9f547, 0x5dc63d56), + TOBN(0xce987966, 0xffb34d00), + TOBN(0xf9f86b19, 0x5e26310a), + TOBN(0x9e435484, 0x382a8ca8), + TOBN(0x253bcb81, 0xc2352fe4), + TOBN(0xa4eac8b0, 0x4474b571), + TOBN(0xc1b97512, 0xc1ad8cf8), + TOBN(0x193b4e9e, 0x99e0b697), + TOBN(0x939d2716, 0x01e85df0), + TOBN(0x4fb265b3, 0xcd44eafd), + TOBN(0x321e7dcd, 0xe51e1ae2), + TOBN(0x8e3a8ca6, 0xe3d8b096), + TOBN(0x8de46cb0, 0x52604998), + TOBN(0x91099ad8, 0x39072aa7), + TOBN(0x2617f91c, 0x93aa96b8), + TOBN(0x0fc8716b, 0x7fca2e13), + TOBN(0xa7106f5e, 0x95328723), + TOBN(0xd1c9c40b, 0x262e6522), + TOBN(0xb9bafe86, 0x42b7c094), + TOBN(0x1873439d, 0x1543c021), + TOBN(0xe1baa5de, 0x5cbefd5d), + TOBN(0xa363fc5e, 0x521e8aff), + TOBN(0xefe6320d, 0xf862eaac), + TOBN(0x14419c63, 0x22c647dc), + TOBN(0x0e06707c, 0x4e46d428), + TOBN(0xcb6c834f, 0x4a178f8f), + TOBN(0x0f993a45, 0xd30f917c), + TOBN(0xd4c4b049, 0x9879afee), + TOBN(0xb6142a1e, 0x70500063), + TOBN(0x7c9b41c3, 0xa5d9d605), + TOBN(0xbc00fc2f, 0x2f8ba2c7), + TOBN(0x0966eb2f, 0x7c67aa28), + TOBN(0x13f7b516, 0x5a786972), + TOBN(0x3bfb7557, 0x8a2fbba0), + TOBN(0x131c4f23, 0x5a2b9620), + TOBN(0xbff3ed27, 0x6faf46be), + TOBN(0x9b4473d1, 0x7e172323), + TOBN(0x421e8878, 0x339f6246), + TOBN(0x0fa8587a, 0x25a41632), + TOBN(0xc0814124, 0xa35b6c93), + TOBN(0x2b18a9f5, 0x59ebb8db), + TOBN(0x264e3357, 0x76edb29c), + TOBN(0xaf245ccd, 0xc87c51e2), + TOBN(0x16b3015b, 0x501e6214), + TOBN(0xbb31c560, 0x0a3882ce), + TOBN(0x6961bb94, 0xfec11e04), + TOBN(0x3b825b8d, 0xeff7a3a0), + TOBN(0xbec33738, 0xb1df7326), + TOBN(0x68ad747c, 0x99604a1f), + TOBN(0xd154c934, 0x9a3bd499), + TOBN(0xac33506f, 0x1cc7a906), + TOBN(0x73bb5392, 0x6c560e8f), + TOBN(0x6428fcbe, 0x263e3944), + TOBN(0xc11828d5, 0x1c387434), + TOBN(0x3cd04be1, 0x3e4b12ff), + TOBN(0xc3aad9f9, 0x2d88667c), + TOBN(0xc52ddcf8, 0x248120cf), + TOBN(0x985a892e, 0x2a389532), + TOBN(0xfbb4b21b, 0x3bb85fa0), + TOBN(0xf95375e0, 0x8dfc6269), + TOBN(0xfb4fb06c, 0x7ee2acea), + TOBN(0x6785426e, 0x309c4d1f), + TOBN(0x659b17c8, 0xd8ceb147), + TOBN(0x9b649eee, 0xb70a5554), + TOBN(0x6b7fa0b5, 0xac6bc634), + TOBN(0xd99fe2c7, 0x1d6e732f), + TOBN(0x30e6e762, 0x8d3abba2), + TOBN(0x18fee6e7, 0xa797b799), + TOBN(0x5c9d360d, 0xc696464d), + TOBN(0xe3baeb48, 0x27bfde12), + TOBN(0x2bf5db47, 0xf23206d5), + TOBN(0x2f6d3420, 0x1d260152), + TOBN(0x17b87653, 0x3f8ff89a), + TOBN(0x5157c30c, 0x378fa458), + TOBN(0x7517c5c5, 0x2d4fb936), + TOBN(0xef22f7ac, 0xe6518cdc), + TOBN(0xdeb483e6, 0xbf847a64), + TOBN(0xf5084558, 0x92e0fa89), + }, + { + TOBN(0xab9659d8, 0xdf7304d4), + TOBN(0xb71bcf1b, 0xff210e8e), + TOBN(0xa9a2438b, 0xd73fbd60), + TOBN(0x4595cd1f, 0x5d11b4de), + TOBN(0x9c0d329a, 0x4835859d), + TOBN(0x4a0f0d2d, 0x7dbb6e56), + TOBN(0xc6038e5e, 0xdf928a4e), + TOBN(0xc9429621, 0x8f5ad154), + TOBN(0x91213462, 0xf23f2d92), + TOBN(0x6cab71bd, 0x60b94078), + TOBN(0x6bdd0a63, 0x176cde20), + TOBN(0x54c9b20c, 0xee4d54bc), + TOBN(0x3cd2d8aa, 0x9f2ac02f), + TOBN(0x03f8e617, 0x206eedb0), + TOBN(0xc7f68e16, 0x93086434), + TOBN(0x831469c5, 0x92dd3db9), + TOBN(0x8521df24, 0x8f981354), + TOBN(0x587e23ec, 0x3588a259), + TOBN(0xcbedf281, 0xd7a0992c), + TOBN(0x06930a55, 0x38961407), + TOBN(0x09320deb, 0xbe5bbe21), + TOBN(0xa7ffa5b5, 0x2491817f), + TOBN(0xe6c8b4d9, 0x09065160), + TOBN(0xac4f3992, 0xfff6d2a9), + TOBN(0x7aa7a158, 0x3ae9c1bd), + TOBN(0xe0af6d98, 0xe37ce240), + TOBN(0xe54342d9, 0x28ab38b4), + TOBN(0xe8b75007, 0x0a1c98ca), + TOBN(0xefce86af, 0xe02358f2), + TOBN(0x31b8b856, 0xea921228), + TOBN(0x052a1912, 0x0a1c67fc), + TOBN(0xb4069ea4, 0xe3aead59), + TOBN(0x3232d6e2, 0x7fa03cb3), + TOBN(0xdb938e5b, 0x0fdd7d88), + TOBN(0x04c1d2cd, 0x2ccbfc5d), + TOBN(0xd2f45c12, 0xaf3a580f), + TOBN(0x592620b5, 0x7883e614), + TOBN(0x5fd27e68, 0xbe7c5f26), + TOBN(0x139e45a9, 0x1567e1e3), + TOBN(0x2cc71d2d, 0x44d8aaaf), + TOBN(0x4a9090cd, 0xe36d0757), + TOBN(0xf722d7b1, 0xd9a29382), + TOBN(0xfb7fb04c, 0x04b48ddf), + TOBN(0x628ad2a7, 0xebe16f43), + TOBN(0xcd3fbfb5, 0x20226040), + TOBN(0x6c34ecb1, 0x5104b6c4), + TOBN(0x30c0754e, 0xc903c188), + TOBN(0xec336b08, 0x2d23cab0), + TOBN(0x473d62a2, 0x1e206ee5), + TOBN(0xf1e27480, 0x8c49a633), + TOBN(0x87ab956c, 0xe9f6b2c3), + TOBN(0x61830b48, 0x62b606ea), + TOBN(0x67cd6846, 0xe78e815f), + TOBN(0xfe40139f, 0x4c02082a), + TOBN(0x52bbbfcb, 0x952ec365), + TOBN(0x74c11642, 0x6b9836ab), + TOBN(0x9f51439e, 0x558df019), + TOBN(0x230da4ba, 0xac712b27), + TOBN(0x518919e3, 0x55185a24), + TOBN(0x4dcefcdd, 0x84b78f50), + TOBN(0xa7d90fb2, 0xa47d4c5a), + TOBN(0x55ac9abf, 0xb30e009e), + TOBN(0xfd2fc359, 0x74eed273), + TOBN(0xb72d824c, 0xdbea8faf), + TOBN(0xce721a74, 0x4513e2ca), + TOBN(0x0b418612, 0x38240b2c), + TOBN(0x05199968, 0xd5baa450), + TOBN(0xeb1757ed, 0x2b0e8c25), + TOBN(0x6ebc3e28, 0x3dfac6d5), + TOBN(0xb2431e2e, 0x48a237f5), + TOBN(0x2acb5e23, 0x52f61499), + TOBN(0x5558a2a7, 0xe06c936b), + TOBN(0xd213f923, 0xcbb13d1b), + TOBN(0x98799f42, 0x5bfb9bfe), + TOBN(0x1ae8ddc9, 0x701144a9), + TOBN(0x0b8b3bb6, 0x4c5595ee), + TOBN(0x0ea9ef2e, 0x3ecebb21), + TOBN(0x17cb6c4b, 0x3671f9a7), + TOBN(0x47ef464f, 0x726f1d1f), + TOBN(0x171b9484, 0x6943a276), + TOBN(0x51a4ae2d, 0x7ef0329c), + TOBN(0x08509222, 0x91c4402a), + TOBN(0x64a61d35, 0xafd45bbc), + TOBN(0x38f096fe, 0x3035a851), + TOBN(0xc7468b74, 0xa1dec027), + TOBN(0xe8cf10e7, 0x4fc7dcba), + TOBN(0xea35ff40, 0xf4a06353), + TOBN(0x0b4c0dfa, 0x8b77dd66), + TOBN(0x779b8552, 0xde7e5c19), + TOBN(0xfab28609, 0xc1c0256c), + TOBN(0x64f58eee, 0xabd4743d), + TOBN(0x4e8ef838, 0x7b6cc93b), + TOBN(0xee650d26, 0x4cb1bf3d), + TOBN(0x4c1f9d09, 0x73dedf61), + TOBN(0xaef7c9d7, 0xbfb70ced), + TOBN(0x1ec0507e, 0x1641de1e), + TOBN(0xcd7e5cc7, 0xcde45079), + TOBN(0xde173c9a, 0x516ac9e4), + TOBN(0x517a8494, 0xc170315c), + TOBN(0x438fd905, 0x91d8e8fb), + TOBN(0x5145c506, 0xc7d9630b), + TOBN(0x6457a87b, 0xf47d4d75), + TOBN(0xd31646bf, 0x0d9a80e8), + TOBN(0x453add2b, 0xcef3aabe), + TOBN(0xc9941109, 0xa607419d), + TOBN(0xfaa71e62, 0xbb6bca80), + TOBN(0x34158c13, 0x07c431f3), + TOBN(0x594abebc, 0x992bc47a), + TOBN(0x6dfea691, 0xeb78399f), + TOBN(0x48aafb35, 0x3f42cba4), + TOBN(0xedcd65af, 0x077c04f0), + TOBN(0x1a29a366, 0xe884491a), + TOBN(0x023a40e5, 0x1c21f2bf), + TOBN(0xf99a513c, 0xa5057aee), + TOBN(0xa3fe7e25, 0xbcab072e), + TOBN(0x8568d2e1, 0x40e32bcf), + TOBN(0x904594eb, 0xd3f69d9f), + TOBN(0x181a9733, 0x07affab1), + TOBN(0xe4d68d76, 0xb6e330f4), + TOBN(0x87a6dafb, 0xc75a7fc1), + TOBN(0x549db2b5, 0xef7d9289), + TOBN(0x2480d4a8, 0x197f015a), + TOBN(0x61d5590b, 0xc40493b6), + TOBN(0x3a55b52e, 0x6f780331), + TOBN(0x40eb8115, 0x309eadb0), + TOBN(0xdea7de5a, 0x92e5c625), + TOBN(0x64d631f0, 0xcc6a3d5a), + TOBN(0x9d5e9d7c, 0x93e8dd61), + TOBN(0xf297bef5, 0x206d3ffc), + TOBN(0x23d5e033, 0x7d808bd4), + TOBN(0x4a4f6912, 0xd24cf5ba), + TOBN(0xe4d8163b, 0x09cdaa8a), + TOBN(0x0e0de9ef, 0xd3082e8e), + TOBN(0x4fe1246c, 0x0192f360), + TOBN(0x1f900150, 0x4b8eee0a), + TOBN(0x5219da81, 0xf1da391b), + TOBN(0x7bf6a5c1, 0xf7ea25aa), + TOBN(0xd165e6bf, 0xfbb07d5f), + TOBN(0xe3539361, 0x89e78671), + TOBN(0xa3fcac89, 0x2bac4219), + TOBN(0xdfab6fd4, 0xf0baa8ab), + TOBN(0x5a4adac1, 0xe2c1c2e5), + TOBN(0x6cd75e31, 0x40d85849), + TOBN(0xce263fea, 0x19b39181), + TOBN(0xcb6803d3, 0x07032c72), + TOBN(0x7f40d5ce, 0x790968c8), + TOBN(0xa6de86bd, 0xdce978f0), + TOBN(0x25547c4f, 0x368f751c), + TOBN(0xb1e685fd, 0x65fb2a9e), + TOBN(0xce69336f, 0x1eb9179c), + TOBN(0xb15d1c27, 0x12504442), + TOBN(0xb7df465c, 0xb911a06b), + TOBN(0xb8d804a3, 0x315980cd), + TOBN(0x693bc492, 0xfa3bebf7), + TOBN(0x3578aeee, 0x2253c504), + TOBN(0x158de498, 0xcd2474a2), + TOBN(0x1331f5c7, 0xcfda8368), + TOBN(0xd2d7bbb3, 0x78d7177e), + TOBN(0xdf61133a, 0xf3c1e46e), + TOBN(0x5836ce7d, 0xd30e7be8), + TOBN(0x83084f19, 0x94f834cb), + TOBN(0xd35653d4, 0x429ed782), + TOBN(0xa542f16f, 0x59e58243), + TOBN(0xc2b52f65, 0x0470a22d), + TOBN(0xe3b6221b, 0x18f23d96), + TOBN(0xcb05abac, 0x3f5252b4), + TOBN(0xca00938b, 0x87d61402), + TOBN(0x2f186cdd, 0x411933e4), + TOBN(0xe042ece5, 0x9a29a5c5), + TOBN(0xb19b3c07, 0x3b6c8402), + TOBN(0xc97667c7, 0x19d92684), + TOBN(0xb5624622, 0xebc66372), + TOBN(0x0cb96e65, 0x3c04fa02), + TOBN(0x83a7176c, 0x8eaa39aa), + TOBN(0x2033561d, 0xeaa1633f), + TOBN(0x45a9d086, 0x4533df73), + TOBN(0xe0542c1d, 0x3dc090bc), + TOBN(0x82c996ef, 0xaa59c167), + TOBN(0xe3f735e8, 0x0ee7fc4d), + TOBN(0x7b179393, 0x7c35db79), + TOBN(0xb6419e25, 0xf8c5dbfd), + TOBN(0x4d9d7a1e, 0x1f327b04), + TOBN(0x979f6f9b, 0x298dfca8), + TOBN(0xc7c5dff1, 0x8de9366a), + TOBN(0x1b7a588d, 0x04c82bdd), + TOBN(0x68005534, 0xf8319dfd), + TOBN(0xde8a55b5, 0xd8eb9580), + TOBN(0x5ea886da, 0x8d5bca81), + TOBN(0xe8530a01, 0x252a0b4d), + TOBN(0x1bffb4fe, 0x35eaa0a1), + TOBN(0x2ad828b1, 0xd8e99563), + TOBN(0x7de96ef5, 0x95f9cd87), + TOBN(0x4abb2d0c, 0xd77d970c), + TOBN(0x03cfb933, 0xd33ef9cb), + TOBN(0xb0547c01, 0x8b211fe9), + TOBN(0x2fe64809, 0xa56ed1c6), + TOBN(0xcb7d5624, 0xc2ac98cc), + TOBN(0x2a1372c0, 0x1a393e33), + TOBN(0xc8d1ec1c, 0x29660521), + TOBN(0xf3d31b04, 0xb37ac3e9), + TOBN(0xa29ae9df, 0x5ece6e7c), + TOBN(0x0603ac8f, 0x0facfb55), + TOBN(0xcfe85b7a, 0xdda233a5), + TOBN(0xe618919f, 0xbd75f0b8), + TOBN(0xf555a3d2, 0x99bf1603), + TOBN(0x1f43afc9, 0xf184255a), + TOBN(0xdcdaf341, 0x319a3e02), + TOBN(0xd3b117ef, 0x03903a39), + TOBN(0xe095da13, 0x65d1d131), + TOBN(0x86f16367, 0xc37ad03e), + TOBN(0x5f37389e, 0x462cd8dd), + TOBN(0xc103fa04, 0xd67a60e6), + TOBN(0x57c34344, 0xf4b478f0), + TOBN(0xce91edd8, 0xe117c98d), + TOBN(0x001777b0, 0x231fc12e), + TOBN(0x11ae47f2, 0xb207bccb), + TOBN(0xd983cf8d, 0x20f8a242), + TOBN(0x7aff5b1d, 0xf22e1ad8), + TOBN(0x68fd11d0, 0x7fc4feb3), + TOBN(0x5d53ae90, 0xb0f1c3e1), + TOBN(0x50fb7905, 0xec041803), + TOBN(0x85e3c977, 0x14404888), + TOBN(0x0e67faed, 0xac628d8f), + TOBN(0x2e865150, 0x6668532c), + TOBN(0x15acaaa4, 0x6a67a6b0), + TOBN(0xf4cdee25, 0xb25cec41), + TOBN(0x49ee565a, 0xe4c6701e), + TOBN(0x2a04ca66, 0xfc7d63d8), + TOBN(0xeb105018, 0xef0543fb), + TOBN(0xf709a4f5, 0xd1b0d81d), + TOBN(0x5b906ee6, 0x2915d333), + TOBN(0xf4a87412, 0x96f1f0ab), + TOBN(0xb6b82fa7, 0x4d82f4c2), + TOBN(0x90725a60, 0x6804efb3), + TOBN(0xbc82ec46, 0xadc3425e), + TOBN(0xb7b80581, 0x2787843e), + TOBN(0xdf46d91c, 0xdd1fc74c), + TOBN(0xdc1c62cb, 0xe783a6c4), + TOBN(0x59d1b9f3, 0x1a04cbba), + TOBN(0xd87f6f72, 0x95e40764), + TOBN(0x02b4cfc1, 0x317f4a76), + TOBN(0x8d2703eb, 0x91036bce), + TOBN(0x98206cc6, 0xa5e72a56), + TOBN(0x57be9ed1, 0xcf53fb0f), + TOBN(0x09374571, 0xef0b17ac), + TOBN(0x74b2655e, 0xd9181b38), + TOBN(0xc8f80ea8, 0x89935d0e), + TOBN(0xc0d9e942, 0x91529936), + TOBN(0x19686041, 0x1e84e0e5), + TOBN(0xa5db84d3, 0xaea34c93), + TOBN(0xf9d5bb19, 0x7073a732), + TOBN(0xb8d2fe56, 0x6bcfd7c0), + TOBN(0x45775f36, 0xf3eb82fa), + TOBN(0x8cb20ccc, 0xfdff8b58), + TOBN(0x1659b65f, 0x8374c110), + TOBN(0xb8b4a422, 0x330c789a), + TOBN(0x75e3c3ea, 0x6fe8208b), + TOBN(0xbd74b9e4, 0x286e78fe), + TOBN(0x0be2e81b, 0xd7d93a1a), + TOBN(0x7ed06e27, 0xdd0a5aae), + TOBN(0x721f5a58, 0x6be8b800), + TOBN(0x428299d1, 0xd846db28), + TOBN(0x95cb8e6b, 0x5be88ed3), + TOBN(0xc3186b23, 0x1c034e11), + TOBN(0xa6312c9e, 0x8977d99b), + TOBN(0xbe944331, 0x83f531e7), + TOBN(0x8232c0c2, 0x18d3b1d4), + TOBN(0x617aae8b, 0xe1247b73), + TOBN(0x40153fc4, 0x282aec3b), + TOBN(0xc6063d2f, 0xf7b8f823), + TOBN(0x68f10e58, 0x3304f94c), + TOBN(0x31efae74, 0xee676346), + TOBN(0xbadb6c6d, 0x40a9b97c), + TOBN(0x14702c63, 0x4f666256), + TOBN(0xdeb954f1, 0x5184b2e3), + TOBN(0x5184a526, 0x94b6ca40), + TOBN(0xfff05337, 0x003c32ea), + TOBN(0x5aa374dd, 0x205974c7), + TOBN(0x9a763854, 0x4b0dd71a), + TOBN(0x459cd27f, 0xdeb947ec), + TOBN(0xa6e28161, 0x459c2b92), + TOBN(0x2f020fa8, 0x75ee8ef5), + TOBN(0xb132ec2d, 0x30b06310), + TOBN(0xc3e15899, 0xbc6a4530), + TOBN(0xdc5f53fe, 0xaa3f451a), + TOBN(0x3a3c7f23, 0xc2d9acac), + TOBN(0x2ec2f892, 0x6b27e58b), + TOBN(0x68466ee7, 0xd742799f), + TOBN(0x98324dd4, 0x1fa26613), + TOBN(0xa2dc6dab, 0xbdc29d63), + TOBN(0xf9675faa, 0xd712d657), + TOBN(0x813994be, 0x21fd8d15), + TOBN(0x5ccbb722, 0xfd4f7553), + TOBN(0x5135ff8b, 0xf3a36b20), + TOBN(0x44be28af, 0x69559df5), + TOBN(0x40b65bed, 0x9d41bf30), + TOBN(0xd98bf2a4, 0x3734e520), + TOBN(0x5e3abbe3, 0x209bdcba), + TOBN(0x77c76553, 0xbc945b35), + TOBN(0x5331c093, 0xc6ef14aa), + TOBN(0x518ffe29, 0x76b60c80), + TOBN(0x2285593b, 0x7ace16f8), + TOBN(0xab1f64cc, 0xbe2b9784), + TOBN(0xe8f2c0d9, 0xab2421b6), + TOBN(0x617d7174, 0xc1df065c), + TOBN(0xafeeb5ab, 0x5f6578fa), + TOBN(0x16ff1329, 0x263b54a8), + TOBN(0x45c55808, 0xc990dce3), + TOBN(0x42eab6c0, 0xecc8c177), + TOBN(0x799ea9b5, 0x5982ecaa), + TOBN(0xf65da244, 0xb607ef8e), + TOBN(0x8ab226ce, 0x32a3fc2c), + TOBN(0x745741e5, 0x7ea973dc), + TOBN(0x5c00ca70, 0x20888f2e), + TOBN(0x7cdce3cf, 0x45fd9cf1), + TOBN(0x8a741ef1, 0x5507f872), + TOBN(0x47c51c2f, 0x196b4cec), + TOBN(0x70d08e43, 0xc97ea618), + TOBN(0x930da15c, 0x15b18a2b), + TOBN(0x33b6c678, 0x2f610514), + TOBN(0xc662e4f8, 0x07ac9794), + TOBN(0x1eccf050, 0xba06cb79), + TOBN(0x1ff08623, 0xe7d954e5), + TOBN(0x6ef2c5fb, 0x24cf71c3), + TOBN(0xb2c063d2, 0x67978453), + TOBN(0xa0cf3796, 0x1d654af8), + TOBN(0x7cb242ea, 0x7ebdaa37), + TOBN(0x206e0b10, 0xb86747e0), + TOBN(0x481dae5f, 0xd5ecfefc), + TOBN(0x07084fd8, 0xc2bff8fc), + TOBN(0x8040a01a, 0xea324596), + TOBN(0x4c646980, 0xd4de4036), + TOBN(0x9eb8ab4e, 0xd65abfc3), + TOBN(0xe01cb91f, 0x13541ec7), + TOBN(0x8f029adb, 0xfd695012), + TOBN(0x9ae28483, 0x3c7569ec), + TOBN(0xa5614c9e, 0xa66d80a1), + TOBN(0x680a3e44, 0x75f5f911), + TOBN(0x0c07b14d, 0xceba4fc1), + TOBN(0x891c285b, 0xa13071c1), + TOBN(0xcac67ceb, 0x799ece3c), + TOBN(0x29b910a9, 0x41e07e27), + TOBN(0x66bdb409, 0xf2e43123), + TOBN(0x06f8b137, 0x7ac9ecbe), + TOBN(0x5981fafd, 0x38547090), + TOBN(0x19ab8b9f, 0x85e3415d), + TOBN(0xfc28c194, 0xc7e31b27), + TOBN(0x843be0aa, 0x6fbcbb42), + TOBN(0xf3b1ed43, 0xa6db836c), + TOBN(0x2a1330e4, 0x01a45c05), + TOBN(0x4f19f3c5, 0x95c1a377), + TOBN(0xa85f39d0, 0x44b5ee33), + TOBN(0x3da18e6d, 0x4ae52834), + TOBN(0x5a403b39, 0x7423dcb0), + TOBN(0xbb555e0a, 0xf2374aef), + TOBN(0x2ad599c4, 0x1e8ca111), + TOBN(0x1b3a2fb9, 0x014b3bf8), + TOBN(0x73092684, 0xf66d5007), + TOBN(0x079f1426, 0xc4340102), + TOBN(0x1827cf81, 0x8fddf4de), + TOBN(0xc83605f6, 0xf10ff927), + TOBN(0xd3871451, 0x23739fc6), + TOBN(0x6d163450, 0xcac1c2cc), + TOBN(0x6b521296, 0xa2ec1ac5), + TOBN(0x0606c4f9, 0x6e3cb4a5), + TOBN(0xe47d3f41, 0x778abff7), + TOBN(0x425a8d5e, 0xbe8e3a45), + TOBN(0x53ea9e97, 0xa6102160), + TOBN(0x477a106e, 0x39cbb688), + TOBN(0x532401d2, 0xf3386d32), + TOBN(0x8e564f64, 0xb1b9b421), + TOBN(0xca9b8388, 0x81dad33f), + TOBN(0xb1422b4e, 0x2093913e), + TOBN(0x533d2f92, 0x69bc8112), + TOBN(0x3fa017be, 0xebe7b2c7), + TOBN(0xb2767c4a, 0xcaf197c6), + TOBN(0xc925ff87, 0xaedbae9f), + TOBN(0x7daf0eb9, 0x36880a54), + TOBN(0x9284ddf5, 0x9c4d0e71), + TOBN(0x1581cf93, 0x316f8cf5), + TOBN(0x3eeca887, 0x3ac1f452), + TOBN(0xb417fce9, 0xfb6aeffe), + TOBN(0xa5918046, 0xeefb8dc3), + TOBN(0x73d318ac, 0x02209400), + TOBN(0xe800400f, 0x728693e5), + TOBN(0xe87d814b, 0x339927ed), + TOBN(0x93e94d3b, 0x57ea9910), + TOBN(0xff8a35b6, 0x2245fb69), + TOBN(0x043853d7, 0x7f200d34), + TOBN(0x470f1e68, 0x0f653ce1), + TOBN(0x81ac05bd, 0x59a06379), + TOBN(0xa14052c2, 0x03930c29), + TOBN(0x6b72fab5, 0x26bc2797), + TOBN(0x13670d16, 0x99f16771), + TOBN(0x00170052, 0x1e3e48d1), + TOBN(0x978fe401, 0xb7adf678), + TOBN(0x55ecfb92, 0xd41c5dd4), + TOBN(0x5ff8e247, 0xc7b27da5), + TOBN(0xe7518272, 0x013fb606), + TOBN(0x5768d7e5, 0x2f547a3c), + TOBN(0xbb24eaa3, 0x60017a5f), + TOBN(0x6b18e6e4, 0x9c64ce9b), + TOBN(0xc225c655, 0x103dde07), + TOBN(0xfc3672ae, 0x7592f7ea), + TOBN(0x9606ad77, 0xd06283a1), + TOBN(0x542fc650, 0xe4d59d99), + TOBN(0xabb57c49, 0x2a40e7c2), + TOBN(0xac948f13, 0xa8db9f55), + TOBN(0x6d4c9682, 0xb04465c3), + TOBN(0xe3d062fa, 0x6468bd15), + TOBN(0xa51729ac, 0x5f318d7e), + TOBN(0x1fc87df6, 0x9eb6fc95), + TOBN(0x63d146a8, 0x0591f652), + TOBN(0xa861b8f7, 0x589621aa), + TOBN(0x59f5f15a, 0xce31348c), + TOBN(0x8f663391, 0x440da6da), + TOBN(0xcfa778ac, 0xb591ffa3), + TOBN(0x027ca9c5, 0x4cdfebce), + TOBN(0xbe8e05a5, 0x444ea6b3), + TOBN(0x8aab4e69, 0xa78d8254), + TOBN(0x2437f04f, 0xb474d6b8), + TOBN(0x6597ffd4, 0x045b3855), + TOBN(0xbb0aea4e, 0xca47ecaa), + TOBN(0x568aae83, 0x85c7ebfc), + TOBN(0x0e966e64, 0xc73b2383), + TOBN(0x49eb3447, 0xd17d8762), + TOBN(0xde107821, 0x8da05dab), + TOBN(0x443d8baa, 0x016b7236), + TOBN(0x163b63a5, 0xea7610d6), + TOBN(0xe47e4185, 0xce1ca979), + TOBN(0xae648b65, 0x80baa132), + TOBN(0xebf53de2, 0x0e0d5b64), + TOBN(0x8d3bfcb4, 0xd3c8c1ca), + TOBN(0x0d914ef3, 0x5d04b309), + TOBN(0x55ef6415, 0x3de7d395), + TOBN(0xbde1666f, 0x26b850e8), + TOBN(0xdbe1ca6e, 0xd449ab19), + TOBN(0x8902b322, 0xe89a2672), + TOBN(0xb1674b7e, 0xdacb7a53), + TOBN(0x8e9faf6e, 0xf52523ff), + TOBN(0x6ba535da, 0x9a85788b), + TOBN(0xd21f03ae, 0xbd0626d4), + TOBN(0x099f8c47, 0xe873dc64), + TOBN(0xcda8564d, 0x018ec97e), + TOBN(0x3e8d7a5c, 0xde92c68c), + TOBN(0x78e035a1, 0x73323cc4), + TOBN(0x3ef26275, 0xf880ff7c), + TOBN(0xa4ee3dff, 0x273eedaa), + TOBN(0x58823507, 0xaf4e18f8), + TOBN(0x967ec9b5, 0x0672f328), + TOBN(0x9ded19d9, 0x559d3186), + TOBN(0x5e2ab3de, 0x6cdce39c), + TOBN(0xabad6e4d, 0x11c226df), + TOBN(0xf9783f43, 0x87723014), + TOBN(0x9a49a0cf, 0x1a885719), + TOBN(0xfc0c1a5a, 0x90da9dbf), + TOBN(0x8bbaec49, 0x571d92ac), + TOBN(0x569e85fe, 0x4692517f), + TOBN(0x8333b014, 0xa14ea4af), + TOBN(0x32f2a62f, 0x12e5c5ad), + TOBN(0x98c2ce3a, 0x06d89b85), + TOBN(0xb90741aa, 0x2ff77a08), + TOBN(0x2530defc, 0x01f795a2), + TOBN(0xd6e5ba0b, 0x84b3c199), + TOBN(0x7d8e8451, 0x12e4c936), + TOBN(0xae419f7d, 0xbd0be17b), + TOBN(0xa583fc8c, 0x22262bc9), + TOBN(0x6b842ac7, 0x91bfe2bd), + TOBN(0x33cef4e9, 0x440d6827), + TOBN(0x5f69f4de, 0xef81fb14), + TOBN(0xf16cf6f6, 0x234fbb92), + TOBN(0x76ae3fc3, 0xd9e7e158), + TOBN(0x4e89f6c2, 0xe9740b33), + TOBN(0x677bc85d, 0x4962d6a1), + TOBN(0x6c6d8a7f, 0x68d10d15), + TOBN(0x5f9a7224, 0x0257b1cd), + TOBN(0x7096b916, 0x4ad85961), + TOBN(0x5f8c47f7, 0xe657ab4a), + TOBN(0xde57d7d0, 0xf7461d7e), + TOBN(0x7eb6094d, 0x80ce5ee2), + TOBN(0x0b1e1dfd, 0x34190547), + TOBN(0x8a394f43, 0xf05dd150), + TOBN(0x0a9eb24d, 0x97df44e6), + TOBN(0x78ca06bf, 0x87675719), + TOBN(0x6f0b3462, 0x6ffeec22), + TOBN(0x9d91bcea, 0x36cdd8fb), + TOBN(0xac83363c, 0xa105be47), + TOBN(0x81ba76c1, 0x069710e3), + TOBN(0x3d1b24cb, 0x28c682c6), + TOBN(0x27f25228, 0x8612575b), + TOBN(0xb587c779, 0xe8e66e98), + TOBN(0x7b0c03e9, 0x405eb1fe), + TOBN(0xfdf0d030, 0x15b548e7), + TOBN(0xa8be76e0, 0x38b36af7), + TOBN(0x4cdab04a, 0x4f310c40), + TOBN(0x6287223e, 0xf47ecaec), + TOBN(0x678e6055, 0x8b399320), + TOBN(0x61fe3fa6, 0xc01e4646), + TOBN(0xc482866b, 0x03261a5e), + TOBN(0xdfcf45b8, 0x5c2f244a), + TOBN(0x8fab9a51, 0x2f684b43), + TOBN(0xf796c654, 0xc7220a66), + TOBN(0x1d90707e, 0xf5afa58f), + TOBN(0x2c421d97, 0x4fdbe0de), + TOBN(0xc4f4cda3, 0xaf2ebc2f), + TOBN(0xa0af843d, 0xcb4efe24), + TOBN(0x53b857c1, 0x9ccd10b1), + TOBN(0xddc9d1eb, 0x914d3e04), + TOBN(0x7bdec8bb, 0x62771deb), + TOBN(0x829277aa, 0x91c5aa81), + TOBN(0x7af18dd6, 0x832391ae), + TOBN(0x1740f316, 0xc71a84ca), + }, + { + TOBN(0x8928e99a, 0xeeaf8c49), + TOBN(0xee7aa73d, 0x6e24d728), + TOBN(0x4c5007c2, 0xe72b156c), + TOBN(0x5fcf57c5, 0xed408a1d), + TOBN(0x9f719e39, 0xb6057604), + TOBN(0x7d343c01, 0xc2868bbf), + TOBN(0x2cca254b, 0x7e103e2d), + TOBN(0xe6eb38a9, 0xf131bea2), + TOBN(0xb33e624f, 0x8be762b4), + TOBN(0x2a9ee4d1, 0x058e3413), + TOBN(0x968e6369, 0x67d805fa), + TOBN(0x9848949b, 0x7db8bfd7), + TOBN(0x5308d7e5, 0xd23a8417), + TOBN(0x892f3b1d, 0xf3e29da5), + TOBN(0xc95c139e, 0x3dee471f), + TOBN(0x8631594d, 0xd757e089), + TOBN(0xe0c82a3c, 0xde918dcc), + TOBN(0x2e7b5994, 0x26fdcf4b), + TOBN(0x82c50249, 0x32cb1b2d), + TOBN(0xea613a9d, 0x7657ae07), + TOBN(0xc2eb5f6c, 0xf1fdc9f7), + TOBN(0xb6eae8b8, 0x879fe682), + TOBN(0x253dfee0, 0x591cbc7f), + TOBN(0x000da713, 0x3e1290e6), + TOBN(0x1083e2ea, 0x1f095615), + TOBN(0x0a28ad77, 0x14e68c33), + TOBN(0x6bfc0252, 0x3d8818be), + TOBN(0xb585113a, 0xf35850cd), + TOBN(0x7d935f0b, 0x30df8aa1), + TOBN(0xaddda07c, 0x4ab7e3ac), + TOBN(0x92c34299, 0x552f00cb), + TOBN(0xc33ed1de, 0x2909df6c), + TOBN(0x22c2195d, 0x80e87766), + TOBN(0x9e99e6d8, 0x9ddf4ac0), + TOBN(0x09642e4e, 0x65e74934), + TOBN(0x2610ffa2, 0xff1ff241), + TOBN(0x4d1d47d4, 0x751c8159), + TOBN(0x697b4985, 0xaf3a9363), + TOBN(0x0318ca46, 0x87477c33), + TOBN(0xa90cb565, 0x9441eff3), + TOBN(0x58bb3848, 0x36f024cb), + TOBN(0x85be1f77, 0x36016168), + TOBN(0x6c59587c, 0xdc7e07f1), + TOBN(0x191be071, 0xaf1d8f02), + TOBN(0xbf169fa5, 0xcca5e55c), + TOBN(0x3864ba3c, 0xf7d04eac), + TOBN(0x915e367f, 0x8d7d05db), + TOBN(0xb48a876d, 0xa6549e5d), + TOBN(0xef89c656, 0x580e40a2), + TOBN(0xf194ed8c, 0x728068bc), + TOBN(0x74528045, 0xa47990c9), + TOBN(0xf53fc7d7, 0x5e1a4649), + TOBN(0xbec5ae9b, 0x78593e7d), + TOBN(0x2cac4ee3, 0x41db65d7), + TOBN(0xa8c1eb24, 0x04a3d39b), + TOBN(0x53b7d634, 0x03f8f3ef), + TOBN(0x2dc40d48, 0x3e07113c), + TOBN(0x6e4a5d39, 0x7d8b63ae), + TOBN(0x5582a94b, 0x79684c2b), + TOBN(0x932b33d4, 0x622da26c), + TOBN(0xf534f651, 0x0dbbf08d), + TOBN(0x211d07c9, 0x64c23a52), + TOBN(0x0eeece0f, 0xee5bdc9b), + TOBN(0xdf178168, 0xf7015558), + TOBN(0xd4294635, 0x0a712229), + TOBN(0x93cbe448, 0x09273f8c), + TOBN(0x00b095ef, 0x8f13bc83), + TOBN(0xbb741972, 0x8798978c), + TOBN(0x9d7309a2, 0x56dbe6e7), + TOBN(0xe578ec56, 0x5a5d39ec), + TOBN(0x3961151b, 0x851f9a31), + TOBN(0x2da7715d, 0xe5709eb4), + TOBN(0x867f3017, 0x53dfabf0), + TOBN(0x728d2078, 0xb8e39259), + TOBN(0x5c75a0cd, 0x815d9958), + TOBN(0xf84867a6, 0x16603be1), + TOBN(0xc865b13d, 0x70e35b1c), + TOBN(0x02414468, 0x19b03e2c), + TOBN(0xe46041da, 0xac1f3121), + TOBN(0x7c9017ad, 0x6f028a7c), + TOBN(0xabc96de9, 0x0a482873), + TOBN(0x4265d6b1, 0xb77e54d4), + TOBN(0x68c38e79, 0xa57d88e7), + TOBN(0xd461d766, 0x9ce82de3), + TOBN(0x817a9ec5, 0x64a7e489), + TOBN(0xcc5675cd, 0xa0def5f2), + TOBN(0x9a00e785, 0x985d494e), + TOBN(0xc626833f, 0x1b03514a), + TOBN(0xabe7905a, 0x83cdd60e), + TOBN(0x50602fb5, 0xa1170184), + TOBN(0x689886cd, 0xb023642a), + TOBN(0xd568d090, 0xa6e1fb00), + TOBN(0x5b1922c7, 0x0259217f), + TOBN(0x93831cd9, 0xc43141e4), + TOBN(0xdfca3587, 0x0c95f86e), + TOBN(0xdec2057a, 0x568ae828), + TOBN(0xc44ea599, 0xf98a759a), + TOBN(0x55a0a7a2, 0xf7c23c1d), + TOBN(0xd5ffb6e6, 0x94c4f687), + TOBN(0x3563cce2, 0x12848478), + TOBN(0x812b3517, 0xe7b1fbe1), + TOBN(0x8a7dc979, 0x4f7338e0), + TOBN(0x211ecee9, 0x52d048db), + TOBN(0x2eea4056, 0xc86ea3b8), + TOBN(0xd8cb68a7, 0xba772b34), + TOBN(0xe16ed341, 0x5f4e2541), + TOBN(0x9b32f6a6, 0x0fec14db), + TOBN(0xeee376f7, 0x391698be), + TOBN(0xe9a7aa17, 0x83674c02), + TOBN(0x65832f97, 0x5843022a), + TOBN(0x29f3a8da, 0x5ba4990f), + TOBN(0x79a59c3a, 0xfb8e3216), + TOBN(0x9cdc4d2e, 0xbd19bb16), + TOBN(0xc6c7cfd0, 0xb3262d86), + TOBN(0xd4ce14d0, 0x969c0b47), + TOBN(0x1fa352b7, 0x13e56128), + TOBN(0x383d55b8, 0x973db6d3), + TOBN(0x71836850, 0xe8e5b7bf), + TOBN(0xc7714596, 0xe6bb571f), + TOBN(0x259df31f, 0x2d5b2dd2), + TOBN(0x568f8925, 0x913cc16d), + TOBN(0x18bc5b6d, 0xe1a26f5a), + TOBN(0xdfa413be, 0xf5f499ae), + TOBN(0xf8835dec, 0xc3f0ae84), + TOBN(0xb6e60bd8, 0x65a40ab0), + TOBN(0x65596439, 0x194b377e), + TOBN(0xbcd85625, 0x92084a69), + TOBN(0x5ce433b9, 0x4f23ede0), + TOBN(0xe8e8f04f, 0x6ad65143), + TOBN(0x11511827, 0xd6e14af6), + TOBN(0x3d390a10, 0x8295c0c7), + TOBN(0x71e29ee4, 0x621eba16), + TOBN(0xa588fc09, 0x63717b46), + TOBN(0x02be02fe, 0xe06ad4a2), + TOBN(0x931558c6, 0x04c22b22), + TOBN(0xbb4d4bd6, 0x12f3c849), + TOBN(0x54a4f496, 0x20efd662), + TOBN(0x92ba6d20, 0xc5952d14), + TOBN(0x2db8ea1e, 0xcc9784c2), + TOBN(0x81cc10ca, 0x4b353644), + TOBN(0x40b570ad, 0x4b4d7f6c), + TOBN(0x5c9f1d96, 0x84a1dcd2), + TOBN(0x01379f81, 0x3147e797), + TOBN(0xe5c6097b, 0x2bd499f5), + TOBN(0x40dcafa6, 0x328e5e20), + TOBN(0xf7b5244a, 0x54815550), + TOBN(0xb9a4f118, 0x47bfc978), + TOBN(0x0ea0e79f, 0xd25825b1), + TOBN(0xa50f96eb, 0x646c7ecf), + TOBN(0xeb811493, 0x446dea9d), + TOBN(0x2af04677, 0xdfabcf69), + TOBN(0xbe3a068f, 0xc713f6e8), + TOBN(0x860d523d, 0x42e06189), + TOBN(0xbf077941, 0x4e3aff13), + TOBN(0x0b616dca, 0xc1b20650), + TOBN(0xe66dd6d1, 0x2131300d), + TOBN(0xd4a0fd67, 0xff99abde), + TOBN(0xc9903550, 0xc7aac50d), + TOBN(0x022ecf8b, 0x7c46b2d7), + TOBN(0x3333b1e8, 0x3abf92af), + TOBN(0x11cc113c, 0x6c491c14), + TOBN(0x05976688, 0x80dd3f88), + TOBN(0xf5b4d9e7, 0x29d932ed), + TOBN(0xe982aad8, 0xa2c38b6d), + TOBN(0x6f925347, 0x8be0dcf0), + TOBN(0x700080ae, 0x65ca53f2), + TOBN(0xd8131156, 0x443ca77f), + TOBN(0xe92d6942, 0xec51f984), + TOBN(0xd2a08af8, 0x85dfe9ae), + TOBN(0xd825d9a5, 0x4d2a86ca), + TOBN(0x2c53988d, 0x39dff020), + TOBN(0xf38b135a, 0x430cdc40), + TOBN(0x0c918ae0, 0x62a7150b), + TOBN(0xf31fd8de, 0x0c340e9b), + TOBN(0xafa0e7ae, 0x4dbbf02e), + TOBN(0x5847fb2a, 0x5eba6239), + TOBN(0x6b1647dc, 0xdccbac8b), + TOBN(0xb642aa78, 0x06f485c8), + TOBN(0x873f3765, 0x7038ecdf), + TOBN(0x2ce5e865, 0xfa49d3fe), + TOBN(0xea223788, 0xc98c4400), + TOBN(0x8104a8cd, 0xf1fa5279), + TOBN(0xbcf7cc7a, 0x06becfd7), + TOBN(0x49424316, 0xc8f974ae), + TOBN(0xc0da65e7, 0x84d6365d), + TOBN(0xbcb7443f, 0x8f759fb8), + TOBN(0x35c712b1, 0x7ae81930), + TOBN(0x80428dff, 0x4c6e08ab), + TOBN(0xf19dafef, 0xa4faf843), + TOBN(0xced8538d, 0xffa9855f), + TOBN(0x20ac409c, 0xbe3ac7ce), + TOBN(0x358c1fb6, 0x882da71e), + TOBN(0xafa9c0e5, 0xfd349961), + TOBN(0x2b2cfa51, 0x8421c2fc), + TOBN(0x2a80db17, 0xf3a28d38), + TOBN(0xa8aba539, 0x5d138e7e), + TOBN(0x52012d1d, 0x6e96eb8d), + TOBN(0x65d8dea0, 0xcbaf9622), + TOBN(0x57735447, 0xb264f56c), + TOBN(0xbeebef3f, 0x1b6c8da2), + TOBN(0xfc346d98, 0xce785254), + TOBN(0xd50e8d72, 0xbb64a161), + TOBN(0xc03567c7, 0x49794add), + TOBN(0x15a76065, 0x752c7ef6), + TOBN(0x59f3a222, 0x961f23d6), + TOBN(0x378e4438, 0x73ecc0b0), + TOBN(0xc74be434, 0x5a82fde4), + TOBN(0xae509af2, 0xd8b9cf34), + TOBN(0x4a61ee46, 0x577f44a1), + TOBN(0xe09b748c, 0xb611deeb), + TOBN(0xc0481b2c, 0xf5f7b884), + TOBN(0x35626678, 0x61acfa6b), + TOBN(0x37f4c518, 0xbf8d21e6), + TOBN(0x22d96531, 0xb205a76d), + TOBN(0x37fb85e1, 0x954073c0), + TOBN(0xbceafe4f, 0x65b3a567), + TOBN(0xefecdef7, 0xbe42a582), + TOBN(0xd3fc6080, 0x65046be6), + TOBN(0xc9af13c8, 0x09e8dba9), + TOBN(0x1e6c9847, 0x641491ff), + TOBN(0x3b574925, 0xd30c31f7), + TOBN(0xb7eb72ba, 0xac2a2122), + TOBN(0x776a0dac, 0xef0859e7), + TOBN(0x06fec314, 0x21900942), + TOBN(0x2464bc10, 0xf8c22049), + TOBN(0x9bfbcce7, 0x875ebf69), + TOBN(0xd7a88e2a, 0x4336326b), + TOBN(0xda05261c, 0x5bc2acfa), + TOBN(0xc29f5bdc, 0xeba7efc8), + TOBN(0x471237ca, 0x25dbbf2e), + TOBN(0xa72773f2, 0x2975f127), + TOBN(0xdc744e8e, 0x04d0b326), + TOBN(0x38a7ed16, 0xa56edb73), + TOBN(0x64357e37, 0x2c007e70), + TOBN(0xa167d15b, 0x5080b400), + TOBN(0x07b41164, 0x23de4be1), + TOBN(0xb2d91e32, 0x74c89883), + TOBN(0x3c162821, 0x2882e7ed), + TOBN(0xad6b36ba, 0x7503e482), + TOBN(0x48434e8e, 0x0ea34331), + TOBN(0x79f4f24f, 0x2c7ae0b9), + TOBN(0xc46fbf81, 0x1939b44a), + TOBN(0x76fefae8, 0x56595eb1), + TOBN(0x417b66ab, 0xcd5f29c7), + TOBN(0x5f2332b2, 0xc5ceec20), + TOBN(0xd69661ff, 0xe1a1cae2), + TOBN(0x5ede7e52, 0x9b0286e6), + TOBN(0x9d062529, 0xe276b993), + TOBN(0x324794b0, 0x7e50122b), + TOBN(0xdd744f8b, 0x4af07ca5), + TOBN(0x30a12f08, 0xd63fc97b), + TOBN(0x39650f1a, 0x76626d9d), + TOBN(0x101b47f7, 0x1fa38477), + TOBN(0x3d815f19, 0xd4dc124f), + TOBN(0x1569ae95, 0xb26eb58a), + TOBN(0xc3cde188, 0x95fb1887), + TOBN(0x54e9f37b, 0xf9539a48), + TOBN(0xb0100e06, 0x7408c1a5), + TOBN(0x821d9811, 0xea580cbb), + TOBN(0x8af52d35, 0x86e50c56), + TOBN(0xdfbd9d47, 0xdbbf698b), + TOBN(0x2961a1ea, 0x03dc1c73), + TOBN(0x203d38f8, 0xe76a5df8), + TOBN(0x08a53a68, 0x6def707a), + TOBN(0x26eefb48, 0x1bee45d4), + TOBN(0xb3cee346, 0x3c688036), + TOBN(0x463c5315, 0xc42f2469), + TOBN(0x19d84d2e, 0x81378162), + TOBN(0x22d7c3c5, 0x1c4d349f), + TOBN(0x65965844, 0x163d59c5), + TOBN(0xcf198c56, 0xb8abceae), + TOBN(0x6fb1fb1b, 0x628559d5), + TOBN(0x8bbffd06, 0x07bf8fe3), + TOBN(0x46259c58, 0x3467734b), + TOBN(0xd8953cea, 0x35f7f0d3), + TOBN(0x1f0bece2, 0xd65b0ff1), + TOBN(0xf7d5b4b3, 0xf3c72914), + TOBN(0x29e8ea95, 0x3cb53389), + TOBN(0x4a365626, 0x836b6d46), + TOBN(0xe849f910, 0xea174fde), + TOBN(0x7ec62fbb, 0xf4737f21), + TOBN(0xd8dba5ab, 0x6209f5ac), + TOBN(0x24b5d7a9, 0xa5f9adbe), + TOBN(0x707d28f7, 0xa61dc768), + TOBN(0x7711460b, 0xcaa999ea), + TOBN(0xba7b174d, 0x1c92e4cc), + TOBN(0x3c4bab66, 0x18d4bf2d), + TOBN(0xb8f0c980, 0xeb8bd279), + TOBN(0x024bea9a, 0x324b4737), + TOBN(0xfba9e423, 0x32a83bca), + TOBN(0x6e635643, 0xa232dced), + TOBN(0x99619367, 0x2571c8ba), + TOBN(0xe8c9f357, 0x54b7032b), + TOBN(0xf936b3ba, 0x2442d54a), + TOBN(0x2263f0f0, 0x8290c65a), + TOBN(0x48989780, 0xee2c7fdb), + TOBN(0xadc5d55a, 0x13d4f95e), + TOBN(0x737cff85, 0xad9b8500), + TOBN(0x271c557b, 0x8a73f43d), + TOBN(0xbed617a4, 0xe18bc476), + TOBN(0x66245401, 0x7dfd8ab2), + TOBN(0xae7b89ae, 0x3a2870aa), + TOBN(0x1b555f53, 0x23a7e545), + TOBN(0x6791e247, 0xbe057e4c), + TOBN(0x860136ad, 0x324fa34d), + TOBN(0xea111447, 0x4cbeae28), + TOBN(0x023a4270, 0xbedd3299), + TOBN(0x3d5c3a7f, 0xc1c35c34), + TOBN(0xb0f6db67, 0x8d0412d2), + TOBN(0xd92625e2, 0xfcdc6b9a), + TOBN(0x92ae5ccc, 0x4e28a982), + TOBN(0xea251c36, 0x47a3ce7e), + TOBN(0x9d658932, 0x790691bf), + TOBN(0xed610589, 0x06b736ae), + TOBN(0x712c2f04, 0xc0d63b6e), + TOBN(0x5cf06fd5, 0xc63d488f), + TOBN(0x97363fac, 0xd9588e41), + TOBN(0x1f9bf762, 0x2b93257e), + TOBN(0xa9d1ffc4, 0x667acace), + TOBN(0x1cf4a1aa, 0x0a061ecf), + TOBN(0x40e48a49, 0xdc1818d0), + TOBN(0x0643ff39, 0xa3621ab0), + TOBN(0x5768640c, 0xe39ef639), + TOBN(0x1fc099ea, 0x04d86854), + TOBN(0x9130b9c3, 0xeccd28fd), + TOBN(0xd743cbd2, 0x7eec54ab), + TOBN(0x052b146f, 0xe5b475b6), + TOBN(0x058d9a82, 0x900a7d1f), + TOBN(0x65e02292, 0x91262b72), + TOBN(0x96f924f9, 0xbb0edf03), + TOBN(0x5cfa59c8, 0xfe206842), + TOBN(0xf6037004, 0x5eafa720), + TOBN(0x5f30699e, 0x18d7dd96), + TOBN(0x381e8782, 0xcbab2495), + TOBN(0x91669b46, 0xdd8be949), + TOBN(0xb40606f5, 0x26aae8ef), + TOBN(0x2812b839, 0xfc6751a4), + TOBN(0x16196214, 0xfba800ef), + TOBN(0x4398d5ca, 0x4c1a2875), + TOBN(0x720c00ee, 0x653d8349), + TOBN(0xc2699eb0, 0xd820007c), + TOBN(0x880ee660, 0xa39b5825), + TOBN(0x70694694, 0x471f6984), + TOBN(0xf7d16ea8, 0xe3dda99a), + TOBN(0x28d675b2, 0xc0519a23), + TOBN(0x9ebf94fe, 0x4f6952e3), + TOBN(0xf28bb767, 0xa2294a8a), + TOBN(0x85512b4d, 0xfe0af3f5), + TOBN(0x18958ba8, 0x99b16a0d), + TOBN(0x95c2430c, 0xba7548a7), + TOBN(0xb30d1b10, 0xa16be615), + TOBN(0xe3ebbb97, 0x85bfb74c), + TOBN(0xa3273cfe, 0x18549fdb), + TOBN(0xf6e200bf, 0x4fcdb792), + TOBN(0x54a76e18, 0x83aba56c), + TOBN(0x73ec66f6, 0x89ef6aa2), + TOBN(0x8d17add7, 0xd1b9a305), + TOBN(0xa959c5b9, 0xb7ae1b9d), + TOBN(0x88643522, 0x6bcc094a), + TOBN(0xcc5616c4, 0xd7d429b9), + TOBN(0xa6dada01, 0xe6a33f7c), + TOBN(0xc6217a07, 0x9d4e70ad), + TOBN(0xd619a818, 0x09c15b7c), + TOBN(0xea06b329, 0x0e80c854), + TOBN(0x174811ce, 0xa5f5e7b9), + TOBN(0x66dfc310, 0x787c65f4), + TOBN(0x4ea7bd69, 0x3316ab54), + TOBN(0xc12c4acb, 0x1dcc0f70), + TOBN(0xe4308d1a, 0x1e407dd9), + TOBN(0xe8a3587c, 0x91afa997), + TOBN(0xea296c12, 0xab77b7a5), + TOBN(0xb5ad49e4, 0x673c0d52), + TOBN(0x40f9b2b2, 0x7006085a), + TOBN(0xa88ff340, 0x87bf6ec2), + TOBN(0x978603b1, 0x4e3066a6), + TOBN(0xb3f99fc2, 0xb5e486e2), + TOBN(0x07b53f5e, 0xb2e63645), + TOBN(0xbe57e547, 0x84c84232), + TOBN(0xd779c216, 0x7214d5cf), + TOBN(0x617969cd, 0x029a3aca), + TOBN(0xd17668cd, 0x8a7017a0), + TOBN(0x77b4d19a, 0xbe9b7ee8), + TOBN(0x58fd0e93, 0x9c161776), + TOBN(0xa8c4f4ef, 0xd5968a72), + TOBN(0x296071cc, 0x67b3de77), + TOBN(0xae3c0b8e, 0x634f7905), + TOBN(0x67e440c2, 0x8a7100c9), + TOBN(0xbb8c3c1b, 0xeb4b9b42), + TOBN(0x6d71e8ea, 0xc51b3583), + TOBN(0x7591f5af, 0x9525e642), + TOBN(0xf73a2f7b, 0x13f509f3), + TOBN(0x618487aa, 0x5619ac9b), + TOBN(0x3a72e5f7, 0x9d61718a), + TOBN(0x00413bcc, 0x7592d28c), + TOBN(0x7d9b11d3, 0x963c35cf), + TOBN(0x77623bcf, 0xb90a46ed), + TOBN(0xdeef273b, 0xdcdd2a50), + TOBN(0x4a741f9b, 0x0601846e), + TOBN(0x33b89e51, 0x0ec6e929), + TOBN(0xcb02319f, 0x8b7f22cd), + TOBN(0xbbe1500d, 0x084bae24), + TOBN(0x2f0ae8d7, 0x343d2693), + TOBN(0xacffb5f2, 0x7cdef811), + TOBN(0xaa0c030a, 0x263fb94f), + TOBN(0x6eef0d61, 0xa0f442de), + TOBN(0xf92e1817, 0x27b139d3), + TOBN(0x1ae6deb7, 0x0ad8bc28), + TOBN(0xa89e38dc, 0xc0514130), + TOBN(0x81eeb865, 0xd2fdca23), + TOBN(0x5a15ee08, 0xcc8ef895), + TOBN(0x768fa10a, 0x01905614), + TOBN(0xeff5b8ef, 0x880ee19b), + TOBN(0xf0c0cabb, 0xcb1c8a0e), + TOBN(0x2e1ee9cd, 0xb8c838f9), + TOBN(0x0587d8b8, 0x8a4a14c0), + TOBN(0xf6f27896, 0x2ff698e5), + TOBN(0xed38ef1c, 0x89ee6256), + TOBN(0xf44ee1fe, 0x6b353b45), + TOBN(0x9115c0c7, 0x70e903b3), + TOBN(0xc78ec0a1, 0x818f31df), + TOBN(0x6c003324, 0xb7dccbc6), + TOBN(0xd96dd1f3, 0x163bbc25), + TOBN(0x33aa82dd, 0x5cedd805), + TOBN(0x123aae4f, 0x7f7eb2f1), + TOBN(0x1723fcf5, 0xa26262cd), + TOBN(0x1f7f4d5d, 0x0060ebd5), + TOBN(0xf19c5c01, 0xb2eaa3af), + TOBN(0x2ccb9b14, 0x9790accf), + TOBN(0x1f9c1cad, 0x52324aa6), + TOBN(0x63200526, 0x7247df54), + TOBN(0x5732fe42, 0xbac96f82), + TOBN(0x52fe771f, 0x01a1c384), + TOBN(0x546ca13d, 0xb1001684), + TOBN(0xb56b4eee, 0xa1709f75), + TOBN(0x266545a9, 0xd5db8672), + TOBN(0xed971c90, 0x1e8f3cfb), + TOBN(0x4e7d8691, 0xe3a07b29), + TOBN(0x7570d9ec, 0xe4b696b9), + TOBN(0xdc5fa067, 0x7bc7e9ae), + TOBN(0x68b44caf, 0xc82c4844), + TOBN(0x519d34b3, 0xbf44da80), + TOBN(0x283834f9, 0x5ab32e66), + TOBN(0x6e608797, 0x6278a000), + TOBN(0x1e62960e, 0x627312f6), + TOBN(0x9b87b27b, 0xe6901c55), + TOBN(0x80e78538, 0x24fdbc1f), + TOBN(0xbbbc0951, 0x2facc27d), + TOBN(0x06394239, 0xac143b5a), + TOBN(0x35bb4a40, 0x376c1944), + TOBN(0x7cb62694, 0x63da1511), + TOBN(0xafd29161, 0xb7148a3b), + TOBN(0xa6f9d9ed, 0x4e2ea2ee), + TOBN(0x15dc2ca2, 0x880dd212), + TOBN(0x903c3813, 0xa61139a9), + TOBN(0x2aa7b46d, 0x6c0f8785), + TOBN(0x36ce2871, 0x901c60ff), + TOBN(0xc683b028, 0xe10d9c12), + TOBN(0x7573baa2, 0x032f33d3), + TOBN(0x87a9b1f6, 0x67a31b58), + TOBN(0xfd3ed11a, 0xf4ffae12), + TOBN(0x83dcaa9a, 0x0cb2748e), + TOBN(0x8239f018, 0x5d6fdf16), + TOBN(0xba67b49c, 0x72753941), + TOBN(0x2beec455, 0xc321cb36), + TOBN(0x88015606, 0x3f8b84ce), + TOBN(0x76417083, 0x8d38c86f), + TOBN(0x054f1ca7, 0x598953dd), + TOBN(0xc939e110, 0x4e8e7429), + TOBN(0x9b1ac2b3, 0x5a914f2f), + TOBN(0x39e35ed3, 0xe74b8f9c), + TOBN(0xd0debdb2, 0x781b2fb0), + TOBN(0x1585638f, 0x2d997ba2), + TOBN(0x9c4b646e, 0x9e2fce99), + TOBN(0x68a21081, 0x1e80857f), + TOBN(0x06d54e44, 0x3643b52a), + TOBN(0xde8d6d63, 0x0d8eb843), + TOBN(0x70321563, 0x42146a0a), + TOBN(0x8ba826f2, 0x5eaa3622), + TOBN(0x227a58bd, 0x86138787), + TOBN(0x43b6c03c, 0x10281d37), + TOBN(0x6326afbb, 0xb54dde39), + TOBN(0x744e5e8a, 0xdb6f2d5f), + TOBN(0x48b2a99a, 0xcff158e1), + TOBN(0xa93c8fa0, 0xef87918f), + TOBN(0x2182f956, 0xde058c5c), + TOBN(0x216235d2, 0x936f9e7a), + TOBN(0xace0c0db, 0xd2e31e67), + TOBN(0xc96449bf, 0xf23ac3e7), + TOBN(0x7e9a2874, 0x170693bd), + TOBN(0xa28e14fd, 0xa45e6335), + TOBN(0x5757f6b3, 0x56427344), + TOBN(0x822e4556, 0xacf8edf9), + TOBN(0x2b7a6ee2, 0xe6a285cd), + TOBN(0x5866f211, 0xa9df3af0), + TOBN(0x40dde2dd, 0xf845b844), + TOBN(0x986c3726, 0x110e5e49), + TOBN(0x73680c2a, 0xf7172277), + TOBN(0x57b94f0f, 0x0cccb244), + TOBN(0xbdff7267, 0x2d438ca7), + TOBN(0xbad1ce11, 0xcf4663fd), + TOBN(0x9813ed9d, 0xd8f71cae), + TOBN(0xf43272a6, 0x961fdaa6), + TOBN(0xbeff0119, 0xbd6d1637), + TOBN(0xfebc4f91, 0x30361978), + TOBN(0x02b37a95, 0x2f41deff), + TOBN(0x0e44a59a, 0xe63b89b7), + TOBN(0x673257dc, 0x143ff951), + TOBN(0x19c02205, 0xd752baf4), + TOBN(0x46c23069, 0xc4b7d692), + TOBN(0x2e6392c3, 0xfd1502ac), + TOBN(0x6057b1a2, 0x1b220846), + TOBN(0xe51ff946, 0x0c1b5b63), + }, + { + TOBN(0x6e85cb51, 0x566c5c43), + TOBN(0xcff9c919, 0x3597f046), + TOBN(0x9354e90c, 0x4994d94a), + TOBN(0xe0a39332, 0x2147927d), + TOBN(0x8427fac1, 0x0dc1eb2b), + TOBN(0x88cfd8c2, 0x2ff319fa), + TOBN(0xe2d4e684, 0x01965274), + TOBN(0xfa2e067d, 0x67aaa746), + TOBN(0xb6d92a7f, 0x3e5f9f11), + TOBN(0x9afe153a, 0xd6cb3b8e), + TOBN(0x4d1a6dd7, 0xddf800bd), + TOBN(0xf6c13cc0, 0xcaf17e19), + TOBN(0x15f6c58e, 0x325fc3ee), + TOBN(0x71095400, 0xa31dc3b2), + TOBN(0x168e7c07, 0xafa3d3e7), + TOBN(0x3f8417a1, 0x94c7ae2d), + TOBN(0xec234772, 0x813b230d), + TOBN(0x634d0f5f, 0x17344427), + TOBN(0x11548ab1, 0xd77fc56a), + TOBN(0x7fab1750, 0xce06af77), + TOBN(0xb62c10a7, 0x4f7c4f83), + TOBN(0xa7d2edc4, 0x220a67d9), + TOBN(0x1c404170, 0x921209a0), + TOBN(0x0b9815a0, 0xface59f0), + TOBN(0x2842589b, 0x319540c3), + TOBN(0x18490f59, 0xa283d6f8), + TOBN(0xa2731f84, 0xdaae9fcb), + TOBN(0x3db6d960, 0xc3683ba0), + TOBN(0xc85c63bb, 0x14611069), + TOBN(0xb19436af, 0x0788bf05), + TOBN(0x905459df, 0x347460d2), + TOBN(0x73f6e094, 0xe11a7db1), + TOBN(0xdc7f938e, 0xb6357f37), + TOBN(0xc5d00f79, 0x2bd8aa62), + TOBN(0xc878dcb9, 0x2ca979fc), + TOBN(0x37e83ed9, 0xeb023a99), + TOBN(0x6b23e273, 0x1560bf3d), + TOBN(0x1086e459, 0x1d0fae61), + TOBN(0x78248316, 0x9a9414bd), + TOBN(0x1b956bc0, 0xf0ea9ea1), + TOBN(0x7b85bb91, 0xc31b9c38), + TOBN(0x0c5aa90b, 0x48ef57b5), + TOBN(0xdedeb169, 0xaf3bab6f), + TOBN(0xe610ad73, 0x2d373685), + TOBN(0xf13870df, 0x02ba8e15), + TOBN(0x0337edb6, 0x8ca7f771), + TOBN(0xe4acf747, 0xb62c036c), + TOBN(0xd921d576, 0xb6b94e81), + TOBN(0xdbc86439, 0x2c422f7a), + TOBN(0xfb635362, 0xed348898), + TOBN(0x83084668, 0xc45bfcd1), + TOBN(0xc357c9e3, 0x2b315e11), + TOBN(0xb173b540, 0x5b2e5b8c), + TOBN(0x7e946931, 0xe102b9a4), + TOBN(0x17c890eb, 0x7b0fb199), + TOBN(0xec225a83, 0xd61b662b), + TOBN(0xf306a3c8, 0xee3c76cb), + TOBN(0x3cf11623, 0xd32a1f6e), + TOBN(0xe6d5ab64, 0x6863e956), + TOBN(0x3b8a4cbe, 0x5c005c26), + TOBN(0xdcd529a5, 0x9ce6bb27), + TOBN(0xc4afaa52, 0x04d4b16f), + TOBN(0xb0624a26, 0x7923798d), + TOBN(0x85e56df6, 0x6b307fab), + TOBN(0x0281893c, 0x2bf29698), + TOBN(0x91fc19a4, 0xd7ce7603), + TOBN(0x75a5dca3, 0xad9a558f), + TOBN(0x40ceb3fa, 0x4d50bf77), + TOBN(0x1baf6060, 0xbc9ba369), + TOBN(0x927e1037, 0x597888c2), + TOBN(0xd936bf19, 0x86a34c07), + TOBN(0xd4cf10c1, 0xc34ae980), + TOBN(0x3a3e5334, 0x859dd614), + TOBN(0x9c475b5b, 0x18d0c8ee), + TOBN(0x63080d1f, 0x07cd51d5), + TOBN(0xc9c0d0a6, 0xb88b4326), + TOBN(0x1ac98691, 0xc234296f), + TOBN(0x2a0a83a4, 0x94887fb6), + TOBN(0x56511427, 0x0cea9cf2), + TOBN(0x5230a6e8, 0xa24802f5), + TOBN(0xf7a2bf0f, 0x72e3d5c1), + TOBN(0x37717446, 0x4f21439e), + TOBN(0xfedcbf25, 0x9ce30334), + TOBN(0xe0030a78, 0x7ce202f9), + TOBN(0x6f2d9ebf, 0x1202e9ca), + TOBN(0xe79dde6c, 0x75e6e591), + TOBN(0xf52072af, 0xf1dac4f8), + TOBN(0x6c8d087e, 0xbb9b404d), + TOBN(0xad0fc73d, 0xbce913af), + TOBN(0x909e587b, 0x458a07cb), + TOBN(0x1300da84, 0xd4f00c8a), + TOBN(0x425cd048, 0xb54466ac), + TOBN(0xb59cb9be, 0x90e9d8bf), + TOBN(0x991616db, 0x3e431b0e), + TOBN(0xd3aa117a, 0x531aecff), + TOBN(0x91af92d3, 0x59f4dc3b), + TOBN(0x9b1ec292, 0xe93fda29), + TOBN(0x76bb6c17, 0xe97d91bc), + TOBN(0x7509d95f, 0xaface1e6), + TOBN(0x3653fe47, 0xbe855ae3), + TOBN(0x73180b28, 0x0f680e75), + TOBN(0x75eefd1b, 0xeeb6c26c), + TOBN(0xa4cdf29f, 0xb66d4236), + TOBN(0x2d70a997, 0x6b5821d8), + TOBN(0x7a3ee207, 0x20445c36), + TOBN(0x71d1ac82, 0x59877174), + TOBN(0x0fc539f7, 0x949f73e9), + TOBN(0xd05cf3d7, 0x982e3081), + TOBN(0x8758e20b, 0x7b1c7129), + TOBN(0xffadcc20, 0x569e61f2), + TOBN(0xb05d3a2f, 0x59544c2d), + TOBN(0xbe16f5c1, 0x9fff5e53), + TOBN(0x73cf65b8, 0xaad58135), + TOBN(0x622c2119, 0x037aa5be), + TOBN(0x79373b3f, 0x646fd6a0), + TOBN(0x0e029db5, 0x0d3978cf), + TOBN(0x8bdfc437, 0x94fba037), + TOBN(0xaefbd687, 0x620797a6), + TOBN(0x3fa5382b, 0xbd30d38e), + TOBN(0x7627cfbf, 0x585d7464), + TOBN(0xb2330fef, 0x4e4ca463), + TOBN(0xbcef7287, 0x3566cc63), + TOBN(0xd161d2ca, 0xcf780900), + TOBN(0x135dc539, 0x5b54827d), + TOBN(0x638f052e, 0x27bf1bc6), + TOBN(0x10a224f0, 0x07dfa06c), + TOBN(0xe973586d, 0x6d3321da), + TOBN(0x8b0c5738, 0x26152c8f), + TOBN(0x07ef4f2a, 0x34606074), + TOBN(0x80fe7fe8, 0xa0f7047a), + TOBN(0x3d1a8152, 0xe1a0e306), + TOBN(0x32cf43d8, 0x88da5222), + TOBN(0xbf89a95f, 0x5f02ffe6), + TOBN(0x3d9eb9a4, 0x806ad3ea), + TOBN(0x012c17bb, 0x79c8e55e), + TOBN(0xfdcd1a74, 0x99c81dac), + TOBN(0x7043178b, 0xb9556098), + TOBN(0x4090a1df, 0x801c3886), + TOBN(0x759800ff, 0x9b67b912), + TOBN(0x3e5c0304, 0x232620c8), + TOBN(0x4b9d3c4b, 0x70dceeca), + TOBN(0xbb2d3c15, 0x181f648e), + TOBN(0xf981d837, 0x6e33345c), + TOBN(0xb626289b, 0x0cf2297a), + TOBN(0x766ac659, 0x8baebdcf), + TOBN(0x1a28ae09, 0x75df01e5), + TOBN(0xb71283da, 0x375876d8), + TOBN(0x4865a96d, 0x607b9800), + TOBN(0x25dd1bcd, 0x237936b2), + TOBN(0x332f4f4b, 0x60417494), + TOBN(0xd0923d68, 0x370a2147), + TOBN(0x497f5dfb, 0xdc842203), + TOBN(0x9dc74cbd, 0x32be5e0f), + TOBN(0x7475bcb7, 0x17a01375), + TOBN(0x438477c9, 0x50d872b1), + TOBN(0xcec67879, 0xffe1d63d), + TOBN(0x9b006014, 0xd8578c70), + TOBN(0xc9ad99a8, 0x78bb6b8b), + TOBN(0x6799008e, 0x11fb3806), + TOBN(0xcfe81435, 0xcd44cab3), + TOBN(0xa2ee1582, 0x2f4fb344), + TOBN(0xb8823450, 0x483fa6eb), + TOBN(0x622d323d, 0x652c7749), + TOBN(0xd8474a98, 0xbeb0a15b), + TOBN(0xe43c154d, 0x5d1c00d0), + TOBN(0x7fd581d9, 0x0e3e7aac), + TOBN(0x2b44c619, 0x2525ddf8), + TOBN(0x67a033eb, 0xb8ae9739), + TOBN(0x113ffec1, 0x9ef2d2e4), + TOBN(0x1bf6767e, 0xd5a0ea7f), + TOBN(0x57fff75e, 0x03714c0a), + TOBN(0xa23c422e, 0x0a23e9ee), + TOBN(0xdd5f6b2d, 0x540f83af), + TOBN(0xc2c2c27e, 0x55ea46a7), + TOBN(0xeb6b4246, 0x672a1208), + TOBN(0xd13599f7, 0xae634f7a), + TOBN(0xcf914b5c, 0xd7b32c6e), + TOBN(0x61a5a640, 0xeaf61814), + TOBN(0x8dc3df8b, 0x208a1bbb), + TOBN(0xef627fd6, 0xb6d79aa5), + TOBN(0x44232ffc, 0xc4c86bc8), + TOBN(0xe6f9231b, 0x061539fe), + TOBN(0x1d04f25a, 0x958b9533), + TOBN(0x180cf934, 0x49e8c885), + TOBN(0x89689595, 0x9884aaf7), + TOBN(0xb1959be3, 0x07b348a6), + TOBN(0x96250e57, 0x3c147c87), + TOBN(0xae0efb3a, 0xdd0c61f8), + TOBN(0xed00745e, 0xca8c325e), + TOBN(0x3c911696, 0xecff3f70), + TOBN(0x73acbc65, 0x319ad41d), + TOBN(0x7b01a020, 0xf0b1c7ef), + TOBN(0xea32b293, 0x63a1483f), + TOBN(0x89eabe71, 0x7a248f96), + TOBN(0x9c6231d3, 0x343157e5), + TOBN(0x93a375e5, 0xdf3c546d), + TOBN(0xe76e9343, 0x6a2afe69), + TOBN(0xc4f89100, 0xe166c88e), + TOBN(0x248efd0d, 0x4f872093), + TOBN(0xae0eb3ea, 0x8fe0ea61), + TOBN(0xaf89790d, 0x9d79046e), + TOBN(0x4d650f2d, 0x6cee0976), + TOBN(0xa3935d9a, 0x43071eca), + TOBN(0x66fcd2c9, 0x283b0bfe), + TOBN(0x0e665eb5, 0x696605f1), + TOBN(0xe77e5d07, 0xa54cd38d), + TOBN(0x90ee050a, 0x43d950cf), + TOBN(0x86ddebda, 0xd32e69b5), + TOBN(0x6ad94a3d, 0xfddf7415), + TOBN(0xf7fa1309, 0x3f6e8d5a), + TOBN(0xc4831d1d, 0xe9957f75), + TOBN(0x7de28501, 0xd5817447), + TOBN(0x6f1d7078, 0x9e2aeb6b), + TOBN(0xba2b9ff4, 0xf67a53c2), + TOBN(0x36963767, 0xdf9defc3), + TOBN(0x479deed3, 0x0d38022c), + TOBN(0xd2edb89b, 0x3a8631e8), + TOBN(0x8de855de, 0x7a213746), + TOBN(0xb2056cb7, 0xb00c5f11), + TOBN(0xdeaefbd0, 0x2c9b85e4), + TOBN(0x03f39a8d, 0xd150892d), + TOBN(0x37b84686, 0x218b7985), + TOBN(0x36296dd8, 0xb7375f1a), + TOBN(0x472cd4b1, 0xb78e898e), + TOBN(0x15dff651, 0xe9f05de9), + TOBN(0xd4045069, 0x2ce98ba9), + TOBN(0x8466a7ae, 0x9b38024c), + TOBN(0xb910e700, 0xe5a6b5ef), + TOBN(0xae1c56ea, 0xb3aa8f0d), + TOBN(0xbab2a507, 0x7eee74a6), + TOBN(0x0dca11e2, 0x4b4c4620), + TOBN(0xfd896e2e, 0x4c47d1f4), + TOBN(0xeb45ae53, 0x308fbd93), + TOBN(0x46cd5a2e, 0x02c36fda), + TOBN(0x6a3d4e90, 0xbaa48385), + TOBN(0xdd55e62e, 0x9dbe9960), + TOBN(0xa1406aa0, 0x2a81ede7), + TOBN(0x6860dd14, 0xf9274ea7), + TOBN(0xcfdcb0c2, 0x80414f86), + TOBN(0xff410b10, 0x22f94327), + TOBN(0x5a33cc38, 0x49ad467b), + TOBN(0xefb48b6c, 0x0a7335f1), + TOBN(0x14fb54a4, 0xb153a360), + TOBN(0x604aa9d2, 0xb52469cc), + TOBN(0x5e9dc486, 0x754e48e9), + TOBN(0x693cb455, 0x37471e8e), + TOBN(0xfb2fd7cd, 0x8d3b37b6), + TOBN(0x63345e16, 0xcf09ff07), + TOBN(0x9910ba6b, 0x23a5d896), + TOBN(0x1fe19e35, 0x7fe4364e), + TOBN(0x6e1da8c3, 0x9a33c677), + TOBN(0x15b4488b, 0x29fd9fd0), + TOBN(0x1f439254, 0x1a1f22bf), + TOBN(0x920a8a70, 0xab8163e8), + TOBN(0x3fd1b249, 0x07e5658e), + TOBN(0xf2c4f79c, 0xb6ec839b), + TOBN(0x1abbc3d0, 0x4aa38d1b), + TOBN(0x3b0db35c, 0xb5d9510e), + TOBN(0x1754ac78, 0x3e60dec0), + TOBN(0x53272fd7, 0xea099b33), + TOBN(0x5fb0494f, 0x07a8e107), + TOBN(0x4a89e137, 0x6a8191fa), + TOBN(0xa113b7f6, 0x3c4ad544), + TOBN(0x88a2e909, 0x6cb9897b), + TOBN(0x17d55de3, 0xb44a3f84), + TOBN(0xacb2f344, 0x17c6c690), + TOBN(0x32088168, 0x10232390), + TOBN(0xf2e8a61f, 0x6c733bf7), + TOBN(0xa774aab6, 0x9c2d7652), + TOBN(0xfb5307e3, 0xed95c5bc), + TOBN(0xa05c73c2, 0x4981f110), + TOBN(0x1baae31c, 0xa39458c9), + TOBN(0x1def185b, 0xcbea62e7), + TOBN(0xe8ac9eae, 0xeaf63059), + TOBN(0x098a8cfd, 0x9921851c), + TOBN(0xd959c3f1, 0x3abe2f5b), + TOBN(0xa4f19525, 0x20e40ae5), + TOBN(0x320789e3, 0x07a24aa1), + TOBN(0x259e6927, 0x7392b2bc), + TOBN(0x58f6c667, 0x1918668b), + TOBN(0xce1db2bb, 0xc55d2d8b), + TOBN(0x41d58bb7, 0xf4f6ca56), + TOBN(0x7650b680, 0x8f877614), + TOBN(0x905e16ba, 0xf4c349ed), + TOBN(0xed415140, 0xf661acac), + TOBN(0x3b8784f0, 0xcb2270af), + TOBN(0x3bc280ac, 0x8a402cba), + TOBN(0xd53f7146, 0x0937921a), + TOBN(0xc03c8ee5, 0xe5681e83), + TOBN(0x62126105, 0xf6ac9e4a), + TOBN(0x9503a53f, 0x936b1a38), + TOBN(0x3d45e2d4, 0x782fecbd), + TOBN(0x69a5c439, 0x76e8ae98), + TOBN(0xb53b2eeb, 0xbfb4b00e), + TOBN(0xf1674712, 0x72386c89), + TOBN(0x30ca34a2, 0x4268bce4), + TOBN(0x7f1ed86c, 0x78341730), + TOBN(0x8ef5beb8, 0xb525e248), + TOBN(0xbbc489fd, 0xb74fbf38), + TOBN(0x38a92a0e, 0x91a0b382), + TOBN(0x7a77ba3f, 0x22433ccf), + TOBN(0xde8362d6, 0xa29f05a9), + TOBN(0x7f6a30ea, 0x61189afc), + TOBN(0x693b5505, 0x59ef114f), + TOBN(0x50266bc0, 0xcd1797a1), + TOBN(0xea17b47e, 0xf4b7af2d), + TOBN(0xd6c4025c, 0x3df9483e), + TOBN(0x8cbb9d9f, 0xa37b18c9), + TOBN(0x91cbfd9c, 0x4d8424cf), + TOBN(0xdb7048f1, 0xab1c3506), + TOBN(0x9eaf641f, 0x028206a3), + TOBN(0xf986f3f9, 0x25bdf6ce), + TOBN(0x262143b5, 0x224c08dc), + TOBN(0x2bbb09b4, 0x81b50c91), + TOBN(0xc16ed709, 0xaca8c84f), + TOBN(0xa6210d9d, 0xb2850ca8), + TOBN(0x6d8df67a, 0x09cb54d6), + TOBN(0x91eef6e0, 0x500919a4), + TOBN(0x90f61381, 0x0f132857), + TOBN(0x9acede47, 0xf8d5028b), + TOBN(0x844d1b71, 0x90b771c3), + TOBN(0x563b71e4, 0xba6426be), + TOBN(0x2efa2e83, 0xbdb802ff), + TOBN(0x3410cbab, 0xab5b4a41), + TOBN(0x555b2d26, 0x30da84dd), + TOBN(0xd0711ae9, 0xee1cc29a), + TOBN(0xcf3e8c60, 0x2f547792), + TOBN(0x03d7d5de, 0xdc678b35), + TOBN(0x071a2fa8, 0xced806b8), + TOBN(0x222e6134, 0x697f1478), + TOBN(0xdc16fd5d, 0xabfcdbbf), + TOBN(0x44912ebf, 0x121b53b8), + TOBN(0xac943674, 0x2496c27c), + TOBN(0x8ea3176c, 0x1ffc26b0), + TOBN(0xb6e224ac, 0x13debf2c), + TOBN(0x524cc235, 0xf372a832), + TOBN(0xd706e1d8, 0x9f6f1b18), + TOBN(0x2552f005, 0x44cce35b), + TOBN(0x8c8326c2, 0xa88e31fc), + TOBN(0xb5468b2c, 0xf9552047), + TOBN(0xce683e88, 0x3ff90f2b), + TOBN(0x77947bdf, 0x2f0a5423), + TOBN(0xd0a1b28b, 0xed56e328), + TOBN(0xaee35253, 0xc20134ac), + TOBN(0x7e98367d, 0x3567962f), + TOBN(0x379ed61f, 0x8188bffb), + TOBN(0x73bba348, 0xfaf130a1), + TOBN(0x6c1f75e1, 0x904ed734), + TOBN(0x18956642, 0x3b4a79fc), + TOBN(0xf20bc83d, 0x54ef4493), + TOBN(0x836d425d, 0x9111eca1), + TOBN(0xe5b5c318, 0x009a8dcf), + TOBN(0x3360b25d, 0x13221bc5), + TOBN(0x707baad2, 0x6b3eeaf7), + TOBN(0xd7279ed8, 0x743a95a1), + TOBN(0x7450a875, 0x969e809f), + TOBN(0x32b6bd53, 0xe5d0338f), + TOBN(0x1e77f7af, 0x2b883bbc), + TOBN(0x90da12cc, 0x1063ecd0), + TOBN(0xe2697b58, 0xc315be47), + TOBN(0x2771a5bd, 0xda85d534), + TOBN(0x53e78c1f, 0xff980eea), + TOBN(0xadf1cf84, 0x900385e7), + TOBN(0x7d3b14f6, 0xc9387b62), + TOBN(0x170e74b0, 0xcb8f2bd2), + TOBN(0x2d50b486, 0x827fa993), + TOBN(0xcdbe8c9a, 0xf6f32bab), + TOBN(0x55e906b0, 0xc3b93ab8), + TOBN(0x747f22fc, 0x8fe280d1), + TOBN(0xcd8e0de5, 0xb2e114ab), + TOBN(0x5ab7dbeb, 0xe10b68b0), + TOBN(0x9dc63a9c, 0xa480d4b2), + TOBN(0x78d4bc3b, 0x4be1495f), + TOBN(0x25eb3db8, 0x9359122d), + TOBN(0x3f8ac05b, 0x0809cbdc), + TOBN(0xbf4187bb, 0xd37c702f), + TOBN(0x84cea069, 0x1416a6a5), + TOBN(0x8f860c79, 0x43ef881c), + TOBN(0x41311f8a, 0x38038a5d), + TOBN(0xe78c2ec0, 0xfc612067), + TOBN(0x494d2e81, 0x5ad73581), + TOBN(0xb4cc9e00, 0x59604097), + TOBN(0xff558aec, 0xf3612cba), + TOBN(0x35beef7a, 0x9e36c39e), + TOBN(0x1845c7cf, 0xdbcf41b9), + TOBN(0x5703662a, 0xaea997c0), + TOBN(0x8b925afe, 0xe402f6d8), + TOBN(0xd0a1b1ae, 0x4dd72162), + TOBN(0x9f47b375, 0x03c41c4b), + TOBN(0xa023829b, 0x0391d042), + TOBN(0x5f5045c3, 0x503b8b0a), + TOBN(0x123c2688, 0x98c010e5), + TOBN(0x324ec0cc, 0x36ba06ee), + TOBN(0xface3115, 0x3dd2cc0c), + TOBN(0xb364f3be, 0xf333e91f), + TOBN(0xef8aff73, 0x28e832b0), + TOBN(0x1e9bad04, 0x2d05841b), + TOBN(0x42f0e3df, 0x356a21e2), + TOBN(0xa3270bcb, 0x4add627e), + TOBN(0xb09a8158, 0xd322e711), + TOBN(0x86e326a1, 0x0fee104a), + TOBN(0xad7788f8, 0x3703f65d), + TOBN(0x7e765430, 0x47bc4833), + TOBN(0x6cee582b, 0x2b9b893a), + TOBN(0x9cd2a167, 0xe8f55a7b), + TOBN(0xefbee3c6, 0xd9e4190d), + TOBN(0x33ee7185, 0xd40c2e9d), + TOBN(0x844cc9c5, 0xa380b548), + TOBN(0x323f8ecd, 0x66926e04), + TOBN(0x0001e38f, 0x8110c1ba), + TOBN(0x8dbcac12, 0xfc6a7f07), + TOBN(0xd65e1d58, 0x0cec0827), + TOBN(0xd2cd4141, 0xbe76ca2d), + TOBN(0x7895cf5c, 0xe892f33a), + TOBN(0x956d230d, 0x367139d2), + TOBN(0xa91abd3e, 0xd012c4c1), + TOBN(0x34fa4883, 0x87eb36bf), + TOBN(0xc5f07102, 0x914b8fb4), + TOBN(0x90f0e579, 0xadb9c95f), + TOBN(0xfe6ea8cb, 0x28888195), + TOBN(0x7b9b5065, 0xedfa9284), + TOBN(0x6c510bd2, 0x2b8c8d65), + TOBN(0xd7b8ebef, 0xcbe8aafd), + TOBN(0xedb3af98, 0x96b1da07), + TOBN(0x28ff779d, 0x6295d426), + TOBN(0x0c4f6ac7, 0x3fa3ad7b), + TOBN(0xec44d054, 0x8b8e2604), + TOBN(0x9b32a66d, 0x8b0050e1), + TOBN(0x1f943366, 0xf0476ce2), + TOBN(0x7554d953, 0xa602c7b4), + TOBN(0xbe35aca6, 0x524f2809), + TOBN(0xb6881229, 0xfd4edbea), + TOBN(0xe8cd0c8f, 0x508efb63), + TOBN(0x9eb5b5c8, 0x6abcefc7), + TOBN(0xf5621f5f, 0xb441ab4f), + TOBN(0x79e6c046, 0xb76a2b22), + TOBN(0x74a4792c, 0xe37a1f69), + TOBN(0xcbd252cb, 0x03542b60), + TOBN(0x785f65d5, 0xb3c20bd3), + TOBN(0x8dea6143, 0x4fabc60c), + TOBN(0x45e21446, 0xde673629), + TOBN(0x57f7aa1e, 0x703c2d21), + TOBN(0xa0e99b7f, 0x98c868c7), + TOBN(0x4e42f66d, 0x8b641676), + TOBN(0x602884dc, 0x91077896), + TOBN(0xa0d690cf, 0xc2c9885b), + TOBN(0xfeb4da33, 0x3b9a5187), + TOBN(0x5f789598, 0x153c87ee), + TOBN(0x2192dd47, 0x52b16dba), + TOBN(0xdeefc0e6, 0x3524c1b1), + TOBN(0x465ea76e, 0xe4383693), + TOBN(0x79401711, 0x361b8d98), + TOBN(0xa5f9ace9, 0xf21a15cb), + TOBN(0x73d26163, 0xefee9aeb), + TOBN(0xcca844b3, 0xe677016c), + TOBN(0x6c122b07, 0x57eaee06), + TOBN(0xb782dce7, 0x15f09690), + TOBN(0x508b9b12, 0x2dfc0fc9), + TOBN(0x9015ab4b, 0x65d89fc6), + TOBN(0x5e79dab7, 0xd6d5bb0f), + TOBN(0x64f021f0, 0x6c775aa2), + TOBN(0xdf09d8cc, 0x37c7eca1), + TOBN(0x9a761367, 0xef2fa506), + TOBN(0xed4ca476, 0x5b81eec6), + TOBN(0x262ede36, 0x10bbb8b5), + TOBN(0x0737ce83, 0x0641ada3), + TOBN(0x4c94288a, 0xe9831ccc), + TOBN(0x487fc1ce, 0x8065e635), + TOBN(0xb13d7ab3, 0xb8bb3659), + TOBN(0xdea5df3e, 0x855e4120), + TOBN(0xb9a18573, 0x85eb0244), + TOBN(0x1a1b8ea3, 0xa7cfe0a3), + TOBN(0x3b837119, 0x67b0867c), + TOBN(0x8d5e0d08, 0x9d364520), + TOBN(0x52dccc1e, 0xd930f0e3), + TOBN(0xefbbcec7, 0xbf20bbaf), + TOBN(0x99cffcab, 0x0263ad10), + TOBN(0xd8199e6d, 0xfcd18f8a), + TOBN(0x64e2773f, 0xe9f10617), + TOBN(0x0079e8e1, 0x08704848), + TOBN(0x1169989f, 0x8a342283), + TOBN(0x8097799c, 0xa83012e6), + TOBN(0xece966cb, 0x8a6a9001), + TOBN(0x93b3afef, 0x072ac7fc), + TOBN(0xe6893a2a, 0x2db3d5ba), + TOBN(0x263dc462, 0x89bf4fdc), + TOBN(0x8852dfc9, 0xe0396673), + TOBN(0x7ac70895, 0x3af362b6), + TOBN(0xbb9cce4d, 0x5c2f342b), + TOBN(0xbf80907a, 0xb52d7aae), + TOBN(0x97f3d3cd, 0x2161bcd0), + TOBN(0xb25b0834, 0x0962744d), + TOBN(0xc5b18ea5, 0x6c3a1dda), + TOBN(0xfe4ec7eb, 0x06c92317), + TOBN(0xb787b890, 0xad1c4afe), + TOBN(0xdccd9a92, 0x0ede801a), + TOBN(0x9ac6ddda, 0xdb58da1f), + TOBN(0x22bbc12f, 0xb8cae6ee), + TOBN(0xc6f8bced, 0x815c4a43), + TOBN(0x8105a92c, 0xf96480c7), + TOBN(0x0dc3dbf3, 0x7a859d51), + TOBN(0xe3ec7ce6, 0x3041196b), + TOBN(0xd9f64b25, 0x0d1067c9), + TOBN(0xf2321321, 0x3d1f8dd8), + TOBN(0x8b5c619c, 0x76497ee8), + TOBN(0x5d2b0ac6, 0xc717370e), + TOBN(0x98204cb6, 0x4fcf68e1), + TOBN(0x0bdec211, 0x62bc6792), + TOBN(0x6973ccef, 0xa63b1011), + TOBN(0xf9e3fa97, 0xe0de1ac5), + TOBN(0x5efb693e, 0x3d0e0c8b), + TOBN(0x037248e9, 0xd2d4fcb4), + }, + { TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603), + TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129), + TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c), + TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca), + TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e), + TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8), + TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8), + TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038), + TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a), + TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109), + TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43), + TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3), + TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc), + TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4), + TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3), + TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97), + TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9), + TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb), + TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b), + TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e), + TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07), + TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270), + TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b), + TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f), + TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb), + TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997), + TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a), + TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5), + TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb), + TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a), + TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586), + TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018), + TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b), + TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739), + TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962), + TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b), + TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257), + TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8), + TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f), + TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa), + TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467), + TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665), + TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a), + TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f), + TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a), + TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8), + TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3), + TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00), + TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b), + TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52), + TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f), + TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975), + TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc), + TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323), + TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9), + TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35), + TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1), + TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d), + TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb), + TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c), + TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266), + TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf), + TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf), + TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd), + TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1), + TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110), + TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3), + TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28), + TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531), + TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8), + TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a), + TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83), + TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a), + TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d), + TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783), + TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4), + TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203), + TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc), + TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a), + TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7), + TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287), + TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c), + TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70), + TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c), + TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8), + TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4), + TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f), + TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9), + TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366), + TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b), + TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01), + TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd), + TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da), + TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e), + TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465), + TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5), + TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1), + TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c), + TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217), + TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955), + TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124), + TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775), + TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a), + TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29), + TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800), + TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194), + TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6), + TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c), + TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26), + TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724), + TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026), + TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114), + TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0), + TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262), + TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b), + TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd), + TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26), + TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f), + TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909), + TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc), + TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078), + TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b), + TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406), + TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f), + TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8), + TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b), + TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22), + TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af), + TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859), + TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a), + TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819), + TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d), + TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313), + TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408), + TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed), + TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69), + TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f), + TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00), + TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7), + TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f), + TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534), + TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78), + TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125), + TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7), + TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08), + TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd), + TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b), + TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f), + TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235), + TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28), + TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2), + TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed), + TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45), + TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744), + TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a), + TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c), + TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd), + TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312), + TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830), + TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5), + TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345), + TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462), + TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe), + TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79), + TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f), + TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a), + TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c), + TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d), + TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889), + TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f), + TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182), + TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736), + TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65), + TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747), + TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68), + TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb), + TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497), + TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d), + TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416), + TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272), + TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db), + TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57), + TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104), + TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc), + TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6), + TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0), + TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e), + TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2), + TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e), + TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e), + TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04), + TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614), + TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09), + TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b), + TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f), + TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd), + TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e), + TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd), + TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6), + TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0), + TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623), + TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01), + TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92), + TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804), + TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a), + TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d), + TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe), + TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a), + TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4), + TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e), + TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4), + TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489), + TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5), + TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62), + TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643), + TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e), + TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a), + TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3), + TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398), + TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7), + TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74), + TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799), + TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d), + TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280), + TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28), + TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c), + TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b), + TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c), + TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0), + TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae), + TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10), + TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e), + TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae), + TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e), + TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15), + TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8), + TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c), + TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2), + TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b), + TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1), + TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb), + TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670), + TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef), + TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb), + TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49), + TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a), + TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e), + TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa), + TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335), + TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632), + TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660), + TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c), + TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99), + TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4), + TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e), + TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527) } + }; --- crypto/openssl/crypto/ec/ecp_oct.c.orig +++ crypto/openssl/crypto/ec/ecp_oct.c @@ -20,9 +20,9 @@ #include "ec_local.h" int ossl_ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x_, int y_bit, - BN_CTX *ctx) + EC_POINT *point, + const BIGNUM *x_, int y_bit, + BN_CTX *ctx) { BN_CTX *new_ctx = NULL; BIGNUM *tmp1, *tmp2, *x, *y; @@ -150,15 +150,15 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } size_t ossl_ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *ctx) + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx) { size_t ret; BN_CTX *new_ctx = NULL; @@ -187,9 +187,7 @@ /* ret := required output buffer length */ field_len = BN_num_bytes(group->field); - ret = - (form == - POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; + ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; /* if 'buf' is NULL, just return required length */ if (buf != NULL) { @@ -215,7 +213,8 @@ goto err; if ((form == POINT_CONVERSION_COMPRESSED - || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) + || form == POINT_CONVERSION_HYBRID) + && BN_is_odd(y)) buf[0] = form + 1; else buf[0] = form; @@ -264,7 +263,7 @@ BN_CTX_free(new_ctx); return ret; - err: +err: if (used_ctx) BN_CTX_end(ctx); BN_CTX_free(new_ctx); @@ -272,8 +271,8 @@ } int ossl_ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, - BN_CTX *ctx) + const unsigned char *buf, size_t len, + BN_CTX *ctx) { point_conversion_form_t form; int y_bit; @@ -310,9 +309,7 @@ } field_len = BN_num_bytes(group->field); - enc_len = - (form == - POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; + enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; if (len != enc_len) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); @@ -365,7 +362,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; --- crypto/openssl/crypto/ec/ecp_ppc.c.orig +++ crypto/openssl/crypto/ec/ecp_ppc.c @@ -12,15 +12,15 @@ #include "ec_local.h" void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4], - const unsigned long b[4]); + const unsigned long b[4]); void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]); void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]) { static const unsigned long RR[] = { 0x0000000000000003U, - 0xfffffffbffffffffU, - 0xfffffffffffffffeU, - 0x00000004fffffffdU }; + 0xfffffffbffffffffU, + 0xfffffffffffffffeU, + 0x00000004fffffffdU }; ecp_nistz256_mul_mont(res, in, RR); } --- crypto/openssl/crypto/ec/ecp_s390x_nistp.c.orig +++ crypto/openssl/crypto/ec/ecp_s390x_nistp.c @@ -21,34 +21,36 @@ #include "s390x_arch.h" /* Size of parameter blocks */ -#define S390X_SIZE_PARAM 4096 +#define S390X_SIZE_PARAM 4096 /* Size of fields in parameter blocks */ -#define S390X_SIZE_P256 32 -#define S390X_SIZE_P384 48 -#define S390X_SIZE_P521 80 +#define S390X_SIZE_P256 32 +#define S390X_SIZE_P384 48 +#define S390X_SIZE_P521 80 /* Offsets of fields in PCC parameter blocks */ -#define S390X_OFF_RES_X(n) (0 * n) -#define S390X_OFF_RES_Y(n) (1 * n) -#define S390X_OFF_SRC_X(n) (2 * n) -#define S390X_OFF_SRC_Y(n) (3 * n) -#define S390X_OFF_SCALAR(n) (4 * n) +#define S390X_OFF_RES_X(n) (0 * n) +#define S390X_OFF_RES_Y(n) (1 * n) +#define S390X_OFF_SRC_X(n) (2 * n) +#define S390X_OFF_SRC_Y(n) (3 * n) +#define S390X_OFF_SCALAR(n) (4 * n) /* Offsets of fields in KDSA parameter blocks */ -#define S390X_OFF_R(n) (0 * n) -#define S390X_OFF_S(n) (1 * n) -#define S390X_OFF_H(n) (2 * n) -#define S390X_OFF_K(n) (3 * n) -#define S390X_OFF_X(n) (3 * n) -#define S390X_OFF_RN(n) (4 * n) -#define S390X_OFF_Y(n) (4 * n) +#define S390X_OFF_R(n) (0 * n) +#define S390X_OFF_S(n) (1 * n) +#define S390X_OFF_H(n) (2 * n) +#define S390X_OFF_K(n) (3 * n) +#define S390X_OFF_X(n) (3 * n) +#define S390X_OFF_RN(n) (4 * n) +#define S390X_OFF_Y(n) (4 * n) + +#define S390X_PAD(n) (n == 80 ? 14 : 0) static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, - size_t num, const EC_POINT *points[], - const BIGNUM *scalars[], - BN_CTX *ctx, unsigned int fc, int len) + const BIGNUM *scalar, + size_t num, const EC_POINT *points[], + const BIGNUM *scalars[], + BN_CTX *ctx, unsigned int fc, int len) { unsigned char param[S390X_SIZE_PARAM]; BIGNUM *x, *y; @@ -97,16 +99,19 @@ memset(¶m, 0, sizeof(param)); if (group->meth->point_get_affine_coordinates(group, point_ptr, - x, y, ctx) != 1 + x, y, ctx) + != 1 || BN_bn2binpad(x, param + S390X_OFF_SRC_X(len), len) == -1 || BN_bn2binpad(y, param + S390X_OFF_SRC_Y(len), len) == -1 || BN_bn2binpad(scalar_ptr, - param + S390X_OFF_SCALAR(len), len) == -1 + param + S390X_OFF_SCALAR(len), len) + == -1 || s390x_pcc(fc, param) != 0 || BN_bin2bn(param + S390X_OFF_RES_X(len), len, x) == NULL || BN_bin2bn(param + S390X_OFF_RES_Y(len), len, y) == NULL || group->meth->point_set_affine_coordinates(group, r, - x, y, ctx) != 1) + x, y, ctx) + != 1) goto ret; rc = 1; @@ -123,11 +128,11 @@ } static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, - int dgstlen, - const BIGNUM *kinv, - const BIGNUM *r, - EC_KEY *eckey, - unsigned int fc, int len) + int dgstlen, + const BIGNUM *kinv, + const BIGNUM *r, + EC_KEY *eckey, + unsigned int fc, int len) { unsigned char param[S390X_SIZE_PARAM]; int ok = 0; @@ -183,11 +188,12 @@ * because kdsa instruction constructs an in-range, invertible nonce * internally implementing counter-measures for RNG weakness. */ - if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), - (size_t)len, 0) != 1) { - ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); - goto ret; - } + if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), + (size_t)len, 0) + != 1) { + ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); + goto ret; + } } else { /* Reconstruct k = (k^-1)^-1. */ if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 @@ -222,8 +228,8 @@ } static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen, - const ECDSA_SIG *sig, EC_KEY *eckey, - unsigned int fc, int len) + const ECDSA_SIG *sig, EC_KEY *eckey, + unsigned int fc, int len) { unsigned char param[S390X_SIZE_PARAM]; int rc = -1; @@ -264,136 +270,149 @@ off = len - (dgstlen > len ? len : dgstlen); memcpy(param + S390X_OFF_H(len) + off, dgst, len - off); + /* Check for invalid malformed signatures (r/s negative or too large) */ + if (BN_is_negative(sig->r) || BN_is_negative(sig->s) + || BN_bn2binpad(sig->r, param + S390X_OFF_R(len) + S390X_PAD(len), + len - S390X_PAD(len)) + == -1 + || BN_bn2binpad(sig->s, param + S390X_OFF_S(len) + S390X_PAD(len), + len - S390X_PAD(len)) + == -1) { + ERR_raise(ERR_LIB_EC, EC_R_BAD_SIGNATURE); + rc = 0; + goto ret; + } + if (group->meth->point_get_affine_coordinates(group, pubkey, - x, y, ctx) != 1 - || BN_bn2binpad(sig->r, param + S390X_OFF_R(len), len) == -1 - || BN_bn2binpad(sig->s, param + S390X_OFF_S(len), len) == -1 + x, y, ctx) + != 1 || BN_bn2binpad(x, param + S390X_OFF_X(len), len) == -1 || BN_bn2binpad(y, param + S390X_OFF_Y(len), len) == -1) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto ret; } - rc = s390x_kdsa(fc, param, NULL, 0) == 0 ? 1 : 0; + rc = s390x_kdsa(fc, param, NULL, 0); + if (rc == 2) + ERR_raise(ERR_LIB_EC, EC_R_BAD_SIGNATURE); + rc = rc == 0 ? 1 : 0; ret: BN_CTX_end(ctx); BN_CTX_free(ctx); return rc; } -#define EC_GFP_S390X_NISTP_METHOD(bits) \ - \ -static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \ - EC_POINT *r, \ - const BIGNUM *scalar, \ - size_t num, \ - const EC_POINT *points[], \ - const BIGNUM *scalars[], \ - BN_CTX *ctx) \ -{ \ - return ec_GFp_s390x_nistp_mul(group, r, scalar, num, points, \ - scalars, ctx, \ - S390X_SCALAR_MULTIPLY_P##bits, \ - S390X_SIZE_P##bits); \ -} \ - \ -static ECDSA_SIG *ecdsa_s390x_nistp##bits##_sign_sig(const unsigned \ - char *dgst, \ - int dgstlen, \ - const BIGNUM *kinv,\ - const BIGNUM *r, \ - EC_KEY *eckey) \ -{ \ - return ecdsa_s390x_nistp_sign_sig(dgst, dgstlen, kinv, r, eckey, \ - S390X_ECDSA_SIGN_P##bits, \ - S390X_SIZE_P##bits); \ -} \ - \ -static int ecdsa_s390x_nistp##bits##_verify_sig(const \ - unsigned char *dgst, \ - int dgstlen, \ - const ECDSA_SIG *sig, \ - EC_KEY *eckey) \ -{ \ - return ecdsa_s390x_nistp_verify_sig(dgst, dgstlen, sig, eckey, \ - S390X_ECDSA_VERIFY_P##bits, \ - S390X_SIZE_P##bits); \ -} \ - \ -const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ -{ \ - static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \ - EC_FLAGS_DEFAULT_OCT, \ - NID_X9_62_prime_field, \ - ossl_ec_GFp_simple_group_init, \ - ossl_ec_GFp_simple_group_finish, \ - ossl_ec_GFp_simple_group_clear_finish, \ - ossl_ec_GFp_simple_group_copy, \ - ossl_ec_GFp_simple_group_set_curve, \ - ossl_ec_GFp_simple_group_get_curve, \ - ossl_ec_GFp_simple_group_get_degree, \ - ossl_ec_group_simple_order_bits, \ - ossl_ec_GFp_simple_group_check_discriminant, \ - ossl_ec_GFp_simple_point_init, \ - ossl_ec_GFp_simple_point_finish, \ - ossl_ec_GFp_simple_point_clear_finish, \ - ossl_ec_GFp_simple_point_copy, \ - ossl_ec_GFp_simple_point_set_to_infinity, \ - ossl_ec_GFp_simple_point_set_affine_coordinates, \ - ossl_ec_GFp_simple_point_get_affine_coordinates, \ - NULL, /* point_set_compressed_coordinates */ \ - NULL, /* point2oct */ \ - NULL, /* oct2point */ \ - ossl_ec_GFp_simple_add, \ - ossl_ec_GFp_simple_dbl, \ - ossl_ec_GFp_simple_invert, \ - ossl_ec_GFp_simple_is_at_infinity, \ - ossl_ec_GFp_simple_is_on_curve, \ - ossl_ec_GFp_simple_cmp, \ - ossl_ec_GFp_simple_make_affine, \ - ossl_ec_GFp_simple_points_make_affine, \ - ec_GFp_s390x_nistp##bits##_mul, \ - NULL, /* precompute_mult */ \ - NULL, /* have_precompute_mult */ \ - ossl_ec_GFp_simple_field_mul, \ - ossl_ec_GFp_simple_field_sqr, \ - NULL, /* field_div */ \ - ossl_ec_GFp_simple_field_inv, \ - NULL, /* field_encode */ \ - NULL, /* field_decode */ \ - NULL, /* field_set_to_one */ \ - ossl_ec_key_simple_priv2oct, \ - ossl_ec_key_simple_oct2priv, \ - NULL, /* set_private */ \ - ossl_ec_key_simple_generate_key, \ - ossl_ec_key_simple_check_key, \ - ossl_ec_key_simple_generate_public_key, \ - NULL, /* keycopy */ \ - NULL, /* keyfinish */ \ - ossl_ecdh_simple_compute_key, \ - ossl_ecdsa_simple_sign_setup, \ - ecdsa_s390x_nistp##bits##_sign_sig, \ - ecdsa_s390x_nistp##bits##_verify_sig, \ - NULL, /* field_inverse_mod_ord */ \ - ossl_ec_GFp_simple_blind_coordinates, \ - ossl_ec_GFp_simple_ladder_pre, \ - ossl_ec_GFp_simple_ladder_step, \ - ossl_ec_GFp_simple_ladder_post \ - }; \ - static const EC_METHOD *ret; \ - \ - if ((OPENSSL_s390xcap_P.pcc[1] \ - & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \ - && (OPENSSL_s390xcap_P.kdsa[0] \ - & S390X_CAPBIT(S390X_ECDSA_VERIFY_P##bits)) \ - && (OPENSSL_s390xcap_P.kdsa[0] \ - & S390X_CAPBIT(S390X_ECDSA_SIGN_P##bits))) \ - ret = &EC_GFp_s390x_nistp##bits##_meth; \ - else \ - ret = EC_GFp_mont_method(); \ - \ - return ret; \ -} +#define EC_GFP_S390X_NISTP_METHOD(bits) \ + \ + static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \ + EC_POINT *r, \ + const BIGNUM *scalar, \ + size_t num, \ + const EC_POINT *points[], \ + const BIGNUM *scalars[], \ + BN_CTX *ctx) \ + { \ + return ec_GFp_s390x_nistp_mul(group, r, scalar, num, points, \ + scalars, ctx, \ + S390X_SCALAR_MULTIPLY_P##bits, \ + S390X_SIZE_P##bits); \ + } \ + \ + static ECDSA_SIG *ecdsa_s390x_nistp##bits##_sign_sig(const unsigned char *dgst, \ + int dgstlen, \ + const BIGNUM *kinv, \ + const BIGNUM *r, \ + EC_KEY *eckey) \ + { \ + return ecdsa_s390x_nistp_sign_sig(dgst, dgstlen, kinv, r, eckey, \ + S390X_ECDSA_SIGN_P##bits, \ + S390X_SIZE_P##bits); \ + } \ + \ + static int ecdsa_s390x_nistp##bits##_verify_sig(const unsigned char *dgst, \ + int dgstlen, \ + const ECDSA_SIG *sig, \ + EC_KEY *eckey) \ + { \ + return ecdsa_s390x_nistp_verify_sig(dgst, dgstlen, sig, eckey, \ + S390X_ECDSA_VERIFY_P##bits, \ + S390X_SIZE_P##bits); \ + } \ + \ + const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ + { \ + static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \ + EC_FLAGS_DEFAULT_OCT, \ + NID_X9_62_prime_field, \ + ossl_ec_GFp_simple_group_init, \ + ossl_ec_GFp_simple_group_finish, \ + ossl_ec_GFp_simple_group_clear_finish, \ + ossl_ec_GFp_simple_group_copy, \ + ossl_ec_GFp_simple_group_set_curve, \ + ossl_ec_GFp_simple_group_get_curve, \ + ossl_ec_GFp_simple_group_get_degree, \ + ossl_ec_group_simple_order_bits, \ + ossl_ec_GFp_simple_group_check_discriminant, \ + ossl_ec_GFp_simple_point_init, \ + ossl_ec_GFp_simple_point_finish, \ + ossl_ec_GFp_simple_point_clear_finish, \ + ossl_ec_GFp_simple_point_copy, \ + ossl_ec_GFp_simple_point_set_to_infinity, \ + ossl_ec_GFp_simple_point_set_affine_coordinates, \ + ossl_ec_GFp_simple_point_get_affine_coordinates, \ + NULL, /* point_set_compressed_coordinates */ \ + NULL, /* point2oct */ \ + NULL, /* oct2point */ \ + ossl_ec_GFp_simple_add, \ + ossl_ec_GFp_simple_dbl, \ + ossl_ec_GFp_simple_invert, \ + ossl_ec_GFp_simple_is_at_infinity, \ + ossl_ec_GFp_simple_is_on_curve, \ + ossl_ec_GFp_simple_cmp, \ + ossl_ec_GFp_simple_make_affine, \ + ossl_ec_GFp_simple_points_make_affine, \ + ec_GFp_s390x_nistp##bits##_mul, \ + NULL, /* precompute_mult */ \ + NULL, /* have_precompute_mult */ \ + ossl_ec_GFp_simple_field_mul, \ + ossl_ec_GFp_simple_field_sqr, \ + NULL, /* field_div */ \ + ossl_ec_GFp_simple_field_inv, \ + NULL, /* field_encode */ \ + NULL, /* field_decode */ \ + NULL, /* field_set_to_one */ \ + ossl_ec_key_simple_priv2oct, \ + ossl_ec_key_simple_oct2priv, \ + NULL, /* set_private */ \ + ossl_ec_key_simple_generate_key, \ + ossl_ec_key_simple_check_key, \ + ossl_ec_key_simple_generate_public_key, \ + NULL, /* keycopy */ \ + NULL, /* keyfinish */ \ + ossl_ecdh_simple_compute_key, \ + ossl_ecdsa_simple_sign_setup, \ + ecdsa_s390x_nistp##bits##_sign_sig, \ + ecdsa_s390x_nistp##bits##_verify_sig, \ + NULL, /* field_inverse_mod_ord */ \ + ossl_ec_GFp_simple_blind_coordinates, \ + ossl_ec_GFp_simple_ladder_pre, \ + ossl_ec_GFp_simple_ladder_step, \ + ossl_ec_GFp_simple_ladder_post \ + }; \ + static const EC_METHOD *ret; \ + \ + if ((OPENSSL_s390xcap_P.pcc[1] \ + & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \ + && (OPENSSL_s390xcap_P.kdsa[0] \ + & S390X_CAPBIT(S390X_ECDSA_VERIFY_P##bits)) \ + && (OPENSSL_s390xcap_P.kdsa[0] \ + & S390X_CAPBIT(S390X_ECDSA_SIGN_P##bits))) \ + ret = &EC_GFp_s390x_nistp##bits##_meth; \ + else \ + ret = EC_GFp_mont_method(); \ + \ + return ret; \ + } EC_GFP_S390X_NISTP_METHOD(256) EC_GFP_S390X_NISTP_METHOD(384) --- crypto/openssl/crypto/ec/ecp_smpl.c.orig +++ crypto/openssl/crypto/ec/ecp_smpl.c @@ -49,16 +49,16 @@ ossl_ec_GFp_simple_cmp, ossl_ec_GFp_simple_make_affine, ossl_ec_GFp_simple_points_make_affine, - 0 /* mul */ , - 0 /* precompute_mult */ , - 0 /* have_precompute_mult */ , + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ossl_ec_GFp_simple_field_mul, ossl_ec_GFp_simple_field_sqr, - 0 /* field_div */ , + 0 /* field_div */, ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ + 0 /* field_encode */, + 0 /* field_decode */, + 0, /* field_set_to_one */ ossl_ec_key_simple_priv2oct, ossl_ec_key_simple_oct2priv, 0, /* set private */ @@ -139,8 +139,8 @@ } int ossl_ec_GFp_simple_group_set_curve(EC_GROUP *group, - const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) { int ret = 0; BN_CTX *new_ctx = NULL; @@ -191,14 +191,14 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, - BIGNUM *a, BIGNUM *b, BN_CTX *ctx) + BIGNUM *a, BIGNUM *b, BN_CTX *ctx) { int ret = 0; BN_CTX *new_ctx = NULL; @@ -237,7 +237,7 @@ ret = 1; - err: +err: BN_CTX_free(new_ctx); return ret; } @@ -248,7 +248,7 @@ } int ossl_ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, - BN_CTX *ctx) + BN_CTX *ctx) { int ret = 0; BIGNUM *a, *b, *order, *tmp_1, *tmp_2; @@ -313,7 +313,7 @@ } ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; @@ -365,7 +365,7 @@ } int ossl_ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, - EC_POINT *point) + EC_POINT *point) { point->Z_is_one = 0; BN_zero(point->Z); @@ -373,11 +373,11 @@ } int ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x, - const BIGNUM *y, - const BIGNUM *z, - BN_CTX *ctx) + EC_POINT *point, + const BIGNUM *x, + const BIGNUM *y, + const BIGNUM *z, + BN_CTX *ctx) { BN_CTX *new_ctx = NULL; int ret = 0; @@ -417,8 +417,7 @@ if (!group->meth->field_set_to_one(group, point->Z, ctx)) goto err; } else { - if (!group-> - meth->field_encode(group, point->Z, point->Z, ctx)) + if (!group->meth->field_encode(group, point->Z, point->Z, ctx)) goto err; } } @@ -427,15 +426,15 @@ ret = 1; - err: +err: BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BIGNUM *z, BN_CTX *ctx) + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BIGNUM *z, BN_CTX *ctx) { BN_CTX *new_ctx = NULL; int ret = 0; @@ -476,15 +475,15 @@ ret = 1; - err: +err: BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x, - const BIGNUM *y, BN_CTX *ctx) + EC_POINT *point, + const BIGNUM *x, + const BIGNUM *y, BN_CTX *ctx) { if (x == NULL || y == NULL) { /* @@ -495,13 +494,13 @@ } return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, - BN_value_one(), ctx); + BN_value_one(), ctx); } int ossl_ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) { BN_CTX *new_ctx = NULL; BIGNUM *Z, *Z_1, *Z_2, *Z_3; @@ -604,18 +603,18 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx) + const EC_POINT *b, BN_CTX *ctx) { - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *); + int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); const BIGNUM *p; BN_CTX *new_ctx = NULL; BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; @@ -774,7 +773,7 @@ if (!field_mul(group, n0, n0, n6, ctx)) goto end; if (!field_mul(group, n5, n4, n5, ctx)) - goto end; /* now n5 is n5^3 */ + goto end; /* now n5 is n5^3 */ if (!field_mul(group, n1, n2, n5, ctx)) goto end; if (!BN_mod_sub_quick(n0, n0, n1, p)) @@ -789,18 +788,18 @@ ret = 1; - end: +end: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - BN_CTX *ctx) + BN_CTX *ctx) { - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *); + int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); const BIGNUM *p; BN_CTX *new_ctx = NULL; BIGNUM *n0, *n1, *n2, *n3; @@ -931,14 +930,14 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, - BN_CTX *ctx) + BN_CTX *ctx) { if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y)) /* point is its own inverse */ @@ -948,17 +947,17 @@ } int ossl_ec_GFp_simple_is_at_infinity(const EC_GROUP *group, - const EC_POINT *point) + const EC_POINT *point) { return BN_is_zero(point->Z); } int ossl_ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - BN_CTX *ctx) + BN_CTX *ctx) { - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *); + int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); const BIGNUM *p; BN_CTX *new_ctx = NULL; BIGNUM *rh, *tmp, *Z4, *Z6; @@ -1050,14 +1049,14 @@ ret = (0 == BN_ucmp(tmp, rh)); - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx) + const EC_POINT *b, BN_CTX *ctx) { /*- * return values: @@ -1066,9 +1065,9 @@ * 1 not equal */ - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *); + int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); BN_CTX *new_ctx = NULL; BIGNUM *tmp1, *tmp2, *Za23, *Zb23; const BIGNUM *tmp1_, *tmp2_; @@ -1128,7 +1127,7 @@ /* compare X_a*Z_b^2 with X_b*Z_a^2 */ if (BN_cmp(tmp1_, tmp2_) != 0) { - ret = 1; /* points differ */ + ret = 1; /* points differ */ goto end; } @@ -1151,21 +1150,21 @@ /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ if (BN_cmp(tmp1_, tmp2_) != 0) { - ret = 1; /* points differ */ + ret = 1; /* points differ */ goto end; } /* points are equal */ ret = 0; - end: +end: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, - BN_CTX *ctx) + BN_CTX *ctx) { BN_CTX *new_ctx = NULL; BIGNUM *x, *y; @@ -1197,14 +1196,14 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } int ossl_ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx) + EC_POINT *points[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; BIGNUM *tmp, *tmp_Z; @@ -1256,9 +1255,8 @@ for (i = 1; i < num; i++) { if (!BN_is_zero(points[i]->Z)) { - if (!group-> - meth->field_mul(group, prod_Z[i], prod_Z[i - 1], points[i]->Z, - ctx)) + if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], points[i]->Z, + ctx)) goto err; } else { if (!BN_copy(prod_Z[i], prod_Z[i - 1])) @@ -1297,8 +1295,7 @@ * Set tmp_Z to the inverse of points[i]->Z (as product of Z * inverses 0 .. i, Z values 0 .. i - 1). */ - if (!group-> - meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) + if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; /* * Update tmp to satisfy the loop invariant for i - 1. @@ -1348,7 +1345,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); if (prod_Z != NULL) { @@ -1363,13 +1360,13 @@ } int ossl_ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) + const BIGNUM *b, BN_CTX *ctx) { return BN_mod_mul(r, a, b, group->field, ctx); } int ossl_ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - BN_CTX *ctx) + BN_CTX *ctx) { return BN_mod_sqr(r, a, group->field, ctx); } @@ -1381,14 +1378,14 @@ * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.) */ int ossl_ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) + const BIGNUM *a, BN_CTX *ctx) { BIGNUM *e = NULL; BN_CTX *new_ctx = NULL; int ret = 0; if (ctx == NULL - && (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL) + && (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL) return 0; BN_CTX_start(ctx); @@ -1397,7 +1394,7 @@ do { if (!BN_priv_rand_range_ex(e, group->field, 0, ctx)) - goto err; + goto err; } while (BN_is_zero(e)); /* r := a * e */ @@ -1414,7 +1411,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; @@ -1428,7 +1425,7 @@ * */ int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx) + BN_CTX *ctx) { int ret = 0; BIGNUM *lambda = NULL; @@ -1459,7 +1456,7 @@ /* if field_encode defined convert between representations */ if ((group->meth->field_encode != NULL - && !group->meth->field_encode(group, lambda, lambda, ctx)) + && !group->meth->field_encode(group, lambda, lambda, ctx)) || !group->meth->field_mul(group, p->Z, p->Z, lambda, ctx) || !group->meth->field_sqr(group, temp, lambda, ctx) || !group->meth->field_mul(group, p->X, p->X, temp, ctx) @@ -1470,7 +1467,7 @@ p->Z_is_one = 0; ret = 1; - end: +end: BN_CTX_end(ctx); return ret; } @@ -1491,8 +1488,8 @@ * for any non-zero \lambda that holds for projective (homogeneous) coords. */ int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL; @@ -1561,8 +1558,8 @@ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4 */ int ossl_ec_GFp_simple_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { int ret = 0; BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL; @@ -1620,7 +1617,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -1649,8 +1646,8 @@ * one of the BN_is_zero(...) branches. */ int ossl_ec_GFp_simple_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { int ret = 0; BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL; @@ -1717,7 +1714,7 @@ r->Z_is_one = 1; ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } --- crypto/openssl/crypto/ec/ecx_backend.c.orig +++ crypto/openssl/crypto/ec/ecx_backend.c @@ -14,7 +14,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include "crypto/ecx.h" #include "ecx_backend.h" @@ -33,7 +33,7 @@ break; case ECX_KEY_TYPE_ED25519: if (!ossl_ed25519_public_from_private(key->libctx, key->pubkey, - key->privkey, key->propq)) { + key->privkey, key->propq)) { ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); return 0; } @@ -43,7 +43,7 @@ break; case ECX_KEY_TYPE_ED448: if (!ossl_ed448_public_from_private(key->libctx, key->pubkey, - key->privkey, key->propq)) { + key->privkey, key->propq)) { ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); return 0; } @@ -53,7 +53,7 @@ } int ossl_ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], - int include_private) + int include_private) { size_t privkeylen = 0, pubkeylen = 0; const OSSL_PARAM *param_priv_key = NULL, *param_pub_key; @@ -64,16 +64,15 @@ param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); if (include_private) - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); if (param_pub_key == NULL && param_priv_key == NULL) return 0; if (param_priv_key != NULL) { if (!OSSL_PARAM_get_octet_string(param_priv_key, - (void **)&ecx->privkey, ecx->keylen, - &privkeylen)) + (void **)&ecx->privkey, ecx->keylen, + &privkeylen)) return 0; if (privkeylen != ecx->keylen) { /* @@ -87,12 +86,11 @@ } } - pubkey = ecx->pubkey; if (param_pub_key != NULL && !OSSL_PARAM_get_octet_string(param_pub_key, - (void **)&pubkey, - sizeof(ecx->pubkey), &pubkeylen)) + (void **)&pubkey, + sizeof(ecx->pubkey), &pubkeylen)) return 0; if ((param_pub_key != NULL && pubkeylen != ecx->keylen)) @@ -156,9 +154,9 @@ #ifndef FIPS_MODULE ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg, - const unsigned char *p, int plen, - int id, ecx_key_op_t op, - OSSL_LIB_CTX *libctx, const char *propq) + const unsigned char *p, int plen, + int id, ecx_key_op_t op, + OSSL_LIB_CTX *libctx, const char *propq) { ECX_KEY *key = NULL; unsigned char *privkey, *pubkey; @@ -225,13 +223,13 @@ } return key; - err: +err: ossl_ecx_key_free(key); return NULL; } ECX_KEY *ossl_ecx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { ECX_KEY *ecx = NULL; const unsigned char *p; @@ -256,7 +254,7 @@ * on its own. */ ecx = ossl_ecx_key_op(palg, p, plen, EVP_PKEY_NONE, KEY_OP_PRIVATE, - libctx, propq); + libctx, propq); ASN1_OCTET_STRING_free(oct); return ecx; } --- crypto/openssl/crypto/ec/ecx_backend.h.orig +++ crypto/openssl/crypto/ec/ecx_backend.h @@ -7,14 +7,14 @@ * https://www.openssl.org/source/license.html */ -#define ISX448(id) ((id) == EVP_PKEY_X448) -#define IS25519(id) ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519) -#define KEYLENID(id) (IS25519(id) ? X25519_KEYLEN \ - : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ - : ED448_KEYLEN)) -#define KEYNID2TYPE(id) \ - (IS25519(id) ? ((id) == EVP_PKEY_X25519 ? ECX_KEY_TYPE_X25519 \ +#define ISX448(id) ((id) == EVP_PKEY_X448) +#define IS25519(id) ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519) +#define KEYLENID(id) (IS25519(id) ? X25519_KEYLEN \ + : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ + : ED448_KEYLEN)) +#define KEYNID2TYPE(id) \ + (IS25519(id) ? ((id) == EVP_PKEY_X25519 ? ECX_KEY_TYPE_X25519 \ : ECX_KEY_TYPE_ED25519) \ - : ((id) == EVP_PKEY_X448 ? ECX_KEY_TYPE_X448 \ + : ((id) == EVP_PKEY_X448 ? ECX_KEY_TYPE_X448 \ : ECX_KEY_TYPE_ED448)) -#define KEYLEN(p) KEYLENID((p)->ameth->pkey_id) +#define KEYLEN(p) KEYLENID((p)->ameth->pkey_id) --- crypto/openssl/crypto/ec/ecx_key.c.orig +++ crypto/openssl/crypto/ec/ecx_key.c @@ -12,7 +12,7 @@ #include "crypto/ecx.h" ECX_KEY *ossl_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, int haspubkey, - const char *propq) + const char *propq) { ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); --- crypto/openssl/crypto/ec/ecx_meth.c.orig +++ crypto/openssl/crypto/ec/ecx_meth.c @@ -45,7 +45,7 @@ } if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) { + V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) { OPENSSL_free(penc); ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); return 0; @@ -64,7 +64,7 @@ if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) return 0; ecx = ossl_ecx_key_op(palg, p, pklen, pkey->ameth->pkey_id, - KEY_OP_PUBLIC, NULL, NULL); + KEY_OP_PUBLIC, NULL, NULL); if (ecx != NULL) { ret = 1; EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); @@ -84,7 +84,7 @@ } static int ecx_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { int ret = 0; ECX_KEY *ecx = ossl_ecx_key_from_pkcs8(p8, libctx, propq); @@ -120,7 +120,7 @@ } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, - V_ASN1_UNDEF, NULL, penc, penclen)) { + V_ASN1_UNDEF, NULL, penc, penclen)) { OPENSSL_clear_free(penc, penclen); ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); return 0; @@ -138,7 +138,7 @@ { if (IS25519(pkey->ameth->pkey_id)) { return X25519_BITS; - } else if(ISX448(pkey->ameth->pkey_id)) { + } else if (ISX448(pkey->ameth->pkey_id)) { return X448_BITS; } else { return ED448_BITS; @@ -166,7 +166,7 @@ } static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx, ecx_key_op_t op) + ASN1_PCTX *ctx, ecx_key_op_t op) { const ECX_KEY *ecxkey = pkey->pkey.ecx; const char *nm = OBJ_nid2ln(pkey->ameth->pkey_id); @@ -182,7 +182,8 @@ if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0) return 0; if (ASN1_buf_print(bp, ecxkey->privkey, KEYLEN(pkey), - indent + 4) == 0) + indent + 4) + == 0) return 0; } else { if (ecxkey == NULL) { @@ -197,19 +198,20 @@ return 0; if (ASN1_buf_print(bp, ecxkey->pubkey, KEYLEN(pkey), - indent + 4) == 0) + indent + 4) + == 0) return 0; return 1; } static int ecx_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PRIVATE); } static int ecx_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PUBLIC); } @@ -220,7 +222,7 @@ case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: { ECX_KEY *ecx = ossl_ecx_key_op(NULL, arg2, arg1, pkey->ameth->pkey_id, - KEY_OP_PUBLIC, NULL, NULL); + KEY_OP_PUBLIC, NULL, NULL); if (ecx != NULL) { EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); @@ -240,7 +242,6 @@ default: return -2; - } } @@ -254,12 +255,11 @@ default: return -2; - } } static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, - size_t len) + size_t len) { OSSL_LIB_CTX *libctx = NULL; ECX_KEY *ecx = NULL; @@ -268,7 +268,7 @@ libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); ecx = ossl_ecx_key_op(NULL, priv, len, pkey->ameth->pkey_id, - KEY_OP_PRIVATE, libctx, NULL); + KEY_OP_PRIVATE, libctx, NULL); if (ecx != NULL) { EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); @@ -286,7 +286,7 @@ libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); ecx = ossl_ecx_key_op(NULL, pub, len, pkey->ameth->pkey_id, - KEY_OP_PUBLIC, libctx, NULL); + KEY_OP_PUBLIC, libctx, NULL); if (ecx != NULL) { EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); @@ -296,7 +296,7 @@ } static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, - size_t *len) + size_t *len) { const ECX_KEY *key = pkey->pkey.ecx; @@ -306,8 +306,8 @@ } if (key == NULL - || key->privkey == NULL - || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) + || key->privkey == NULL + || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) return 0; *len = KEYLENID(pkey->ameth->pkey_id); @@ -317,7 +317,7 @@ } static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub, - size_t *len) + size_t *len) { const ECX_KEY *key = pkey->pkey.ecx; @@ -327,7 +327,7 @@ } if (key == NULL - || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) + || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) return 0; *len = KEYLENID(pkey->ameth->pkey_id); @@ -346,8 +346,8 @@ } static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq) { const ECX_KEY *key = from->pkey.ecx; OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); @@ -360,14 +360,14 @@ /* A key must at least have a public part */ if (!OSSL_PARAM_BLD_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - key->pubkey, key->keylen)) + key->pubkey, key->keylen)) goto err; selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; if (key->privkey != NULL) { if (!OSSL_PARAM_BLD_push_octet_string(tmpl, - OSSL_PKEY_PARAM_PRIV_KEY, - key->privkey, key->keylen)) + OSSL_PKEY_PARAM_PRIV_KEY, + key->privkey, key->keylen)) goto err; selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; } @@ -377,19 +377,19 @@ /* We export, the provider imports */ rv = importer(to_keydata, selection, params); - err: +err: OSSL_PARAM_BLD_free(tmpl); OSSL_PARAM_free(params); return rv; } static int ecx_generic_import_from(const OSSL_PARAM params[], void *vpctx, - int keytype) + int keytype) { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); ECX_KEY *ecx = ossl_ecx_key_new(pctx->libctx, KEYNID2TYPE(keytype), 0, - pctx->propquery); + pctx->propquery); if (ecx == NULL) { ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); @@ -540,8 +540,8 @@ } static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, - const void *asn, const X509_ALGOR *sigalg, - const ASN1_BIT_STRING *str, EVP_PKEY *pkey) + const void *asn, const X509_ALGOR *sigalg, + const ASN1_BIT_STRING *str, EVP_PKEY *pkey) { const ASN1_OBJECT *obj; int ptype; @@ -562,9 +562,9 @@ } static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, - const void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *str) + const void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *str) { /* Set algorithms identifiers */ X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); @@ -575,17 +575,17 @@ } static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig) + const ASN1_STRING *sig) { X509_SIG_INFO_set(siginf, NID_undef, NID_ED25519, X25519_SECURITY_BITS, - X509_SIG_INFO_TLS); + X509_SIG_INFO_TLS); return 1; } static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, - const void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *str) + const void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *str) { /* Set algorithm identifier */ X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL); @@ -596,10 +596,10 @@ } static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig) + const ASN1_STRING *sig) { X509_SIG_INFO_set(siginf, NID_undef, NID_ED448, X448_SECURITY_BITS, - X509_SIG_INFO_TLS); + X509_SIG_INFO_TLS); return 1; } @@ -712,7 +712,7 @@ static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { ECX_KEY *ecx = ossl_ecx_key_op(NULL, NULL, 0, ctx->pmeth->pkey_id, - KEY_OP_KEYGEN, NULL, NULL); + KEY_OP_KEYGEN, NULL, NULL); if (ecx != NULL) { EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, ecx); @@ -722,9 +722,9 @@ } static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen, - const unsigned char **privkey, - const unsigned char **pubkey) + size_t *keylen, + const unsigned char **privkey, + const unsigned char **pubkey) { const ECX_KEY *ecxkey, *peerkey; @@ -749,26 +749,26 @@ } static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) + size_t *keylen) { const unsigned char *privkey, *pubkey; if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) - || (key != NULL - && ossl_x25519(key, privkey, pubkey) == 0)) + || (key != NULL + && ossl_x25519(key, privkey, pubkey) == 0)) return 0; *keylen = X25519_KEYLEN; return 1; } static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) + size_t *keylen) { const unsigned char *privkey, *pubkey; if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) - || (key != NULL - && ossl_x448(key, privkey, pubkey) == 0)) + || (key != NULL + && ossl_x448(key, privkey, pubkey) == 0)) return 0; *keylen = X448_KEYLEN; return 1; @@ -803,8 +803,8 @@ }; static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) + size_t *siglen, const unsigned char *tbs, + size_t tbslen) { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); @@ -823,15 +823,16 @@ } if (ossl_ed25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, - NULL) == 0) + NULL) + == 0) return 0; *siglen = ED25519_SIGSIZE; return 1; } static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) + size_t *siglen, const unsigned char *tbs, + size_t tbslen) { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); @@ -850,15 +851,16 @@ } if (ossl_ed448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey, - edkey->privkey, NULL, 0, edkey->propq) == 0) + edkey->privkey, NULL, 0, edkey->propq) + == 0) return 0; *siglen = ED448_SIGSIZE; return 1; } static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) + size_t siglen, const unsigned char *tbs, + size_t tbslen) { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); @@ -871,12 +873,12 @@ return 0; return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey, - edkey->libctx, edkey->propq); + edkey->libctx, edkey->propq); } static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) + size_t siglen, const unsigned char *tbs, + size_t tbslen) { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); @@ -889,7 +891,7 @@ return 0; return ossl_ed448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey, - NULL, 0, edkey->propq); + NULL, 0, edkey->propq); } static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) @@ -931,7 +933,7 @@ }; #ifdef S390X_EC_ASM -# include "s390x_arch.h" +#include "s390x_arch.h" static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { @@ -941,7 +943,7 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X25519, 1, - ctx->propquery); + ctx->propquery); unsigned char *privkey = NULL, *pubkey; if (key == NULL) { @@ -969,7 +971,7 @@ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); return 1; - err: +err: ossl_ecx_key_free(key); return 0; } @@ -984,7 +986,7 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X448, 1, - ctx->propquery); + ctx->propquery); unsigned char *privkey = NULL, *pubkey; if (key == NULL) { @@ -1011,7 +1013,7 @@ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); return 1; - err: +err: ossl_ecx_key_free(key); return 0; } @@ -1024,13 +1026,42 @@ 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21 }; static const unsigned char generator_y[] = { - 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x58, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, }; unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED25519, 1, - ctx->propquery); + ctx->propquery); unsigned char *privkey = NULL, *pubkey; unsigned int sz; EVP_MD *md = NULL; @@ -1066,14 +1097,15 @@ buff[31] |= 64; if (s390x_ed25519_mul(x_dst, pubkey, - generator_x, generator_y, buff) != 1) + generator_x, generator_y, buff) + != 1) goto err; pubkey[31] |= ((x_dst[0] & 0x01) << 7); EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); return 1; - err: +err: ossl_ecx_key_free(key); return 0; } @@ -1096,7 +1128,7 @@ }; unsigned char x_dst[57], buff[114]; ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED448, 1, - ctx->propquery); + ctx->propquery); unsigned char *privkey = NULL, *pubkey; EVP_MD_CTX *hashctx = NULL; EVP_MD *md = NULL; @@ -1141,7 +1173,8 @@ buff[56] = 0; if (s390x_ed448_mul(x_dst, pubkey, - generator_x, generator_y, buff) != 1) + generator_x, generator_y, buff) + != 1) goto err; pubkey[56] |= ((x_dst[0] & 0x01) << 7); @@ -1149,14 +1182,14 @@ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); EVP_MD_CTX_free(hashctx); return 1; - err: +err: ossl_ecx_key_free(key); EVP_MD_CTX_free(hashctx); return 0; } static int s390x_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) + size_t *keylen) { const unsigned char *privkey, *pubkey; @@ -1169,7 +1202,7 @@ } static int s390x_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) + size_t *keylen) { const unsigned char *privkey, *pubkey; @@ -1182,9 +1215,9 @@ } static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen) + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen) { union { struct { @@ -1227,9 +1260,9 @@ } static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen) + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen) { union { struct { @@ -1274,10 +1307,10 @@ } static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen) + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen) { union { struct { @@ -1302,14 +1335,17 @@ s390x_flip_endian32(param.ed25519.pub, edkey->pubkey); return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519, - ¶m.ed25519, tbs, tbslen) == 0 ? 1 : 0; + ¶m.ed25519, tbs, tbslen) + == 0 + ? 1 + : 0; } static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen) + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen) { union { struct { @@ -1337,7 +1373,10 @@ s390x_flip_endian64(param.ed448.pub, param.ed448.pub); return s390x_kdsa(S390X_EDDSA_VERIFY_ED448, - ¶m.ed448, tbs, tbslen) == 0 ? 1 : 0; + ¶m.ed448, tbs, tbslen) + == 0 + ? 1 + : 0; } static const EVP_PKEY_METHOD ecx25519_s390x_pkey_meth = { --- crypto/openssl/crypto/ec/ecx_s390x.c.orig +++ crypto/openssl/crypto/ec/ecx_s390x.c @@ -39,7 +39,7 @@ c = (u_red[0] & 0x80) >> 7; u_red[0] &= 0x7f; constant_time_cond_swap_buff(0 - (unsigned char)c, - u, u_red, sizeof(u_red)); + u, u_red, sizeof(u_red)); } static void s390x_x448_mod_p(unsigned char u[56]) @@ -71,12 +71,12 @@ } constant_time_cond_swap_buff(0 - (unsigned char)c, - u, u_red, sizeof(u_red)); + u, u_red, sizeof(u_red)); } int s390x_x25519_mul(unsigned char u_dst[32], - const unsigned char u_src[32], - const unsigned char d_src[32]) + const unsigned char u_src[32], + const unsigned char d_src[32]) { union { struct { @@ -108,8 +108,8 @@ } int s390x_x448_mul(unsigned char u_dst[56], - const unsigned char u_src[56], - const unsigned char d_src[56]) + const unsigned char u_src[56], + const unsigned char d_src[56]) { union { struct { @@ -144,10 +144,10 @@ } int s390x_ed25519_mul(unsigned char x_dst[32], - unsigned char y_dst[32], - const unsigned char x_src[32], - const unsigned char y_src[32], - const unsigned char d_src[32]) + unsigned char y_dst[32], + const unsigned char x_src[32], + const unsigned char y_src[32], + const unsigned char d_src[32]) { union { struct { @@ -178,10 +178,10 @@ } int s390x_ed448_mul(unsigned char x_dst[57], - unsigned char y_dst[57], - const unsigned char x_src[57], - const unsigned char y_src[57], - const unsigned char d_src[57]) + unsigned char y_dst[57], + const unsigned char x_src[57], + const unsigned char y_src[57], + const unsigned char d_src[57]) { union { struct { --- crypto/openssl/crypto/encode_decode/decoder_err.c.orig +++ crypto/openssl/crypto/encode_decode/decoder_err.c @@ -15,13 +15,13 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA OSSL_DECODER_str_reasons[] = { - {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT), - "could not decode object"}, - {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_DECODER_NOT_FOUND), - "decoder not found"}, - {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_MISSING_GET_PARAMS), - "missing get params"}, - {0, NULL} + { ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT), + "could not decode object" }, + { ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_DECODER_NOT_FOUND), + "decoder not found" }, + { ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_MISSING_GET_PARAMS), + "missing get params" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/encode_decode/decoder_lib.c.orig +++ crypto/openssl/crypto/encode_decode/decoder_lib.c @@ -57,9 +57,9 @@ if (OSSL_DECODER_CTX_get_num_decoders(ctx) == 0) { ERR_raise_data(ERR_LIB_OSSL_DECODER, OSSL_DECODER_R_DECODER_NOT_FOUND, - "No decoders were found. For standard decoders you need " - "at least one of the default or base providers " - "available. Did you forget to load them?"); + "No decoders were found. For standard decoders you need " + "at least one of the default or base providers " + "available. Did you forget to load them?"); return 0; } @@ -83,14 +83,16 @@ if (!data.flag_construct_called) { const char *spaces = ctx->start_input_type != NULL && ctx->input_structure != NULL - ? " " : ""; + ? " " + : ""; const char *input_type_label = ctx->start_input_type != NULL ? "Input type: " : ""; const char *input_structure_label = ctx->input_structure != NULL ? "Input structure: " : ""; const char *comma = ctx->start_input_type != NULL && ctx->input_structure != NULL - ? ", " : ""; + ? ", " + : ""; const char *input_type = ctx->start_input_type != NULL ? ctx->start_input_type : ""; const char *input_structure @@ -99,9 +101,9 @@ if (ERR_peek_last_error() == lasterr || ERR_peek_error() == 0) /* Prevent spurious decoding error but add at least something */ ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_UNSUPPORTED, - "No supported data to decode. %s%s%s%s%s%s", - spaces, input_type_label, input_type, comma, - input_structure_label, input_structure); + "No supported data to decode. %s%s%s%s%s%s", + spaces, input_type_label, input_type, comma, + input_structure_label, input_structure); ok = 0; } @@ -142,7 +144,7 @@ #endif int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata, - size_t *pdata_len) + size_t *pdata_len) { BIO *membio; int ret = 0; @@ -178,7 +180,7 @@ } int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx, - const char *input_type) + const char *input_type) { if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -194,7 +196,7 @@ } int OSSL_DECODER_CTX_set_input_structure(OSSL_DECODER_CTX *ctx, - const char *input_structure) + const char *input_structure) { if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -210,7 +212,7 @@ } OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder, - void *decoderctx) + void *decoderctx) { OSSL_DECODER_INSTANCE *decoder_inst = NULL; const OSSL_PROVIDER *prov; @@ -233,8 +235,8 @@ props = ossl_decoder_parsed_properties(decoder); if (props == NULL) { ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, - "there are no property definitions with decoder %s", - OSSL_DECODER_get0_name(decoder)); + "there are no property definitions with decoder %s", + OSSL_DECODER_get0_name(decoder)); goto err; } @@ -243,10 +245,10 @@ decoder_inst->input_type = ossl_property_get_string_value(libctx, prop); if (decoder_inst->input_type == NULL) { ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, - "the mandatory 'input' property is missing " - "for decoder %s (properties: %s)", - OSSL_DECODER_get0_name(decoder), - OSSL_DECODER_get0_properties(decoder)); + "the mandatory 'input' property is missing " + "for decoder %s (properties: %s)", + OSSL_DECODER_get0_name(decoder), + OSSL_DECODER_get0_properties(decoder)); goto err; } @@ -264,7 +266,7 @@ decoder_inst->decoder = decoder; decoder_inst->decoderctx = decoderctx; return decoder_inst; - err: +err: ossl_decoder_instance_free(decoder_inst); return NULL; } @@ -282,27 +284,28 @@ } int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_INSTANCE *di) + OSSL_DECODER_INSTANCE *di) { int ok; if (ctx->decoder_insts == NULL - && (ctx->decoder_insts = - sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) { + && (ctx->decoder_insts = sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); return 0; } ok = (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, di) > 0); if (ok) { - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) Added decoder instance %p for decoder %p\n" - " %s with %s\n", - (void *)ctx, (void *)di, (void *)di->decoder, - OSSL_DECODER_get0_name(di->decoder), - OSSL_DECODER_get0_properties(di->decoder)); - } OSSL_TRACE_END(DECODER); + "(ctx %p) Added decoder instance %p for decoder %p\n" + " %s with %s\n", + (void *)ctx, (void *)di, (void *)di->decoder, + OSSL_DECODER_get0_name(di->decoder), + OSSL_DECODER_get0_properties(di->decoder)); + } + OSSL_TRACE_END(DECODER); } return ok; } @@ -323,8 +326,7 @@ provctx = OSSL_PROVIDER_get0_provider_ctx(prov); if ((decoderctx = decoder->newctx(provctx)) == NULL - || (decoder_inst = - ossl_decoder_instance_new(decoder, decoderctx)) == NULL) + || (decoder_inst = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) goto err; /* Avoid double free of decoderctx on further errors */ decoderctx = NULL; @@ -333,7 +335,7 @@ goto err; return 1; - err: +err: ossl_decoder_instance_free(decoder_inst); if (decoderctx != NULL) decoder->freectx(decoderctx); @@ -347,9 +349,10 @@ * 0 to check that the decoder's input type is the same as the decoder name * 1 to check that the decoder's input type differs from the decoder name */ - enum { IS_SAME = 0, IS_DIFFERENT = 1 } type_check; + enum { IS_SAME = 0, + IS_DIFFERENT = 1 } type_check; size_t w_prev_start, w_prev_end; /* "previous" decoders */ - size_t w_new_start, w_new_end; /* "new" decoders */ + size_t w_new_start, w_new_end; /* "new" decoders */ }; DEFINE_STACK_OF(OSSL_DECODER) @@ -359,7 +362,7 @@ STACK_OF(OSSL_DECODER) *skdecoders = arg; if (OSSL_DECODER_up_ref(decoder) - && !sk_OSSL_DECODER_push(skdecoders, decoder)) + && !sk_OSSL_DECODER_push(skdecoders, decoder)) OSSL_DECODER_free(decoder); } @@ -374,14 +377,16 @@ void *decoderctx = NULL; OSSL_DECODER_INSTANCE *di = NULL; - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) [%d] Checking out decoder %p:\n" - " %s with %s\n", - (void *)data->ctx, data->type_check, (void *)decoder, - OSSL_DECODER_get0_name(decoder), - OSSL_DECODER_get0_properties(decoder)); - } OSSL_TRACE_END(DECODER); + "(ctx %p) [%d] Checking out decoder %p:\n" + " %s with %s\n", + (void *)data->ctx, data->type_check, (void *)decoder, + OSSL_DECODER_get0_name(decoder), + OSSL_DECODER_get0_properties(decoder)); + } + OSSL_TRACE_END(DECODER); /* * Check that we don't already have this decoder in our stack, @@ -389,15 +394,16 @@ * we have added in the current window. */ for (j = data->w_prev_start; j < data->w_new_end; j++) { - OSSL_DECODER_INSTANCE *check_inst = - sk_OSSL_DECODER_INSTANCE_value(data->ctx->decoder_insts, j); + OSSL_DECODER_INSTANCE *check_inst = sk_OSSL_DECODER_INSTANCE_value(data->ctx->decoder_insts, j); if (decoder->base.algodef == check_inst->decoder->base.algodef) { /* We found it, so don't do anything more */ - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - " REJECTED: already exists in the chain\n"); - } OSSL_TRACE_END(DECODER); + " REJECTED: already exists in the chain\n"); + } + OSSL_TRACE_END(DECODER); return; } } @@ -414,24 +420,28 @@ case IS_SAME: /* If it differs, this is not a decoder to add for now. */ if (!OSSL_DECODER_is_a(decoder, - OSSL_DECODER_INSTANCE_get_input_type(di))) { + OSSL_DECODER_INSTANCE_get_input_type(di))) { ossl_decoder_instance_free(di); - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - " REJECTED: input type doesn't match output type\n"); - } OSSL_TRACE_END(DECODER); + " REJECTED: input type doesn't match output type\n"); + } + OSSL_TRACE_END(DECODER); return; } break; case IS_DIFFERENT: /* If it's the same, this is not a decoder to add for now. */ if (OSSL_DECODER_is_a(decoder, - OSSL_DECODER_INSTANCE_get_input_type(di))) { + OSSL_DECODER_INSTANCE_get_input_type(di))) { ossl_decoder_instance_free(di); - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - " REJECTED: input type matches output type\n"); - } OSSL_TRACE_END(DECODER); + " REJECTED: input type matches output type\n"); + } + OSSL_TRACE_END(DECODER); return; } break; @@ -451,7 +461,7 @@ } int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { /* * This function goes through existing decoder methods in @@ -494,11 +504,12 @@ if (ctx->decoder_insts == NULL) return 1; - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, "(ctx %p) Looking for extra decoders\n", - (void *)ctx); - } OSSL_TRACE_END(DECODER); - + (void *)ctx); + } + OSSL_TRACE_END(DECODER); skdecoders = sk_OSSL_DECODER_new_null(); if (skdecoders == NULL) { @@ -525,19 +536,17 @@ * 1. All decoders that a different name than their input type. */ for (data.type_check = IS_SAME; - data.type_check <= IS_DIFFERENT; - data.type_check++) { + data.type_check <= IS_DIFFERENT; + data.type_check++) { for (i = data.w_prev_start; i < data.w_prev_end; i++) { - OSSL_DECODER_INSTANCE *decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); + OSSL_DECODER_INSTANCE *decoder_inst = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); data.output_type = OSSL_DECODER_INSTANCE_get_input_type(decoder_inst); - for (j = 0; j < numdecoders; j++) collect_extra_decoder(sk_OSSL_DECODER_value(skdecoders, j), - &data); + &data); } } /* How many were added in this iteration */ @@ -562,7 +571,7 @@ } int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_CONSTRUCT *construct) + OSSL_DECODER_CONSTRUCT *construct) { if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -573,7 +582,7 @@ } int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx, - void *construct_data) + void *construct_data) { if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -584,7 +593,7 @@ } int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_CLEANUP *cleanup) + OSSL_DECODER_CLEANUP *cleanup) { if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -618,16 +627,16 @@ } int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst, - void *reference, size_t reference_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg) + void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) { OSSL_DECODER *decoder = NULL; void *decoderctx = NULL; if (!(ossl_assert(decoder_inst != NULL) - && ossl_assert(reference != NULL) - && ossl_assert(export_cb != NULL) - && ossl_assert(export_cbarg != NULL))) { + && ossl_assert(reference != NULL) + && ossl_assert(export_cb != NULL) + && ossl_assert(export_cbarg != NULL))) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -635,7 +644,7 @@ decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst); return decoder->export_object(decoderctx, reference, reference_sz, - export_cb, export_cbarg); + export_cb, export_cbarg); } OSSL_DECODER * @@ -664,7 +673,7 @@ const char * OSSL_DECODER_INSTANCE_get_input_structure(OSSL_DECODER_INSTANCE *decoder_inst, - int *was_set) + int *was_set) { if (decoder_inst == NULL) return NULL; @@ -699,49 +708,53 @@ new_data.recursion = data->recursion + 1; #define LEVEL_STR ">>>>>>>>>>>>>>>>" -#define LEVEL (new_data.recursion < sizeof(LEVEL_STR) \ - ? &LEVEL_STR[sizeof(LEVEL_STR) - new_data.recursion - 1] \ - : LEVEL_STR "...") +#define LEVEL (new_data.recursion < sizeof(LEVEL_STR) \ + ? &LEVEL_STR[sizeof(LEVEL_STR) - new_data.recursion - 1] \ + : LEVEL_STR "...") if (params == NULL) { /* First iteration, where we prepare for what is to come */ - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) starting to walk the decoder chain\n", - (void *)new_data.ctx); - } OSSL_TRACE_END(DECODER); + "(ctx %p) starting to walk the decoder chain\n", + (void *)new_data.ctx); + } + OSSL_TRACE_END(DECODER); - data->current_decoder_inst_index = - OSSL_DECODER_CTX_get_num_decoders(ctx); + data->current_decoder_inst_index = OSSL_DECODER_CTX_get_num_decoders(ctx); bio = data->bio; } else { const OSSL_PARAM *p; const char *trace_data_structure; - decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, - data->current_decoder_inst_index); + decoder_inst = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, + data->current_decoder_inst_index); decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); data->flag_construct_called = 0; if (ctx->construct != NULL) { int rv; - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s Running constructor\n", - (void *)new_data.ctx, LEVEL); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s Running constructor\n", + (void *)new_data.ctx, LEVEL); + } + OSSL_TRACE_END(DECODER); rv = ctx->construct(decoder_inst, params, ctx->construct_data); - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s Running constructor => %d\n", - (void *)new_data.ctx, LEVEL, rv); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s Running constructor => %d\n", + (void *)new_data.ctx, LEVEL, rv); + } + OSSL_TRACE_END(DECODER); ok = (rv > 0); if (ok) { @@ -794,15 +807,18 @@ && OPENSSL_strcasecmp(data_structure, "type-specific") == 0) data_structure = NULL; - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s incoming from previous decoder (%p):\n" - " data type: %s, data structure: %s%s\n", - (void *)new_data.ctx, LEVEL, (void *)decoder, - data_type, trace_data_structure, - (trace_data_structure == data_structure - ? "" : " (dropped)")); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s incoming from previous decoder (%p):\n" + " data type: %s, data structure: %s%s\n", + (void *)new_data.ctx, LEVEL, (void *)decoder, + data_type, trace_data_structure, + (trace_data_structure == data_structure + ? "" + : " (dropped)")); + } + OSSL_TRACE_END(DECODER); } /* @@ -823,28 +839,25 @@ } for (i = data->current_decoder_inst_index; i-- > 0;) { - OSSL_DECODER_INSTANCE *new_decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); - OSSL_DECODER *new_decoder = - OSSL_DECODER_INSTANCE_get_decoder(new_decoder_inst); - void *new_decoderctx = - OSSL_DECODER_INSTANCE_get_decoder_ctx(new_decoder_inst); - const char *new_input_type = - OSSL_DECODER_INSTANCE_get_input_type(new_decoder_inst); - int n_i_s_was_set = 0; /* We don't care here */ - const char *new_input_structure = - OSSL_DECODER_INSTANCE_get_input_structure(new_decoder_inst, - &n_i_s_was_set); - - OSSL_TRACE_BEGIN(DECODER) { + OSSL_DECODER_INSTANCE *new_decoder_inst = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); + OSSL_DECODER *new_decoder = OSSL_DECODER_INSTANCE_get_decoder(new_decoder_inst); + void *new_decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(new_decoder_inst); + const char *new_input_type = OSSL_DECODER_INSTANCE_get_input_type(new_decoder_inst); + int n_i_s_was_set = 0; /* We don't care here */ + const char *new_input_structure = OSSL_DECODER_INSTANCE_get_input_structure(new_decoder_inst, + &n_i_s_was_set); + + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s [%u] Considering decoder instance %p (decoder %p):\n" - " %s with %s\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)new_decoder_inst, (void *)new_decoder, - OSSL_DECODER_get0_name(new_decoder), - OSSL_DECODER_get0_properties(new_decoder)); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s [%u] Considering decoder instance %p (decoder %p):\n" + " %s with %s\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i, + (void *)new_decoder_inst, (void *)new_decoder, + OSSL_DECODER_get0_name(new_decoder), + OSSL_DECODER_get0_properties(new_decoder)); + } + OSSL_TRACE_END(DECODER); /* * If |decoder| is NULL, it means we've just started, and the caller @@ -853,12 +866,14 @@ */ if (decoder == NULL && ctx->start_input_type != NULL && OPENSSL_strcasecmp(ctx->start_input_type, new_input_type) != 0) { - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - ctx->start_input_type); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i, + ctx->start_input_type); + } + OSSL_TRACE_END(DECODER); continue; } @@ -869,12 +884,14 @@ * for the decoder we're currently considering. */ if (decoder != NULL && !OSSL_DECODER_is_a(decoder, new_input_type)) { - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s [%u] the input type doesn't match the name of the previous decoder (%p), skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)decoder); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s [%u] the input type doesn't match the name of the previous decoder (%p), skipping...\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i, + (void *)decoder); + } + OSSL_TRACE_END(DECODER); continue; } @@ -883,11 +900,13 @@ * if that matches the decoder we're currently considering. */ if (data_type != NULL && !OSSL_DECODER_is_a(new_decoder, data_type)) { - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data type doesn't match the name of the considered decoder, skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s [%u] the previous decoder's data type doesn't match the name of the considered decoder, skipping...\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i); + } + OSSL_TRACE_END(DECODER); continue; } @@ -899,12 +918,15 @@ if (data_structure != NULL && (new_input_structure == NULL || OPENSSL_strcasecmp(data_structure, - new_input_structure) != 0)) { - OSSL_TRACE_BEGIN(DECODER) { + new_input_structure) + != 0)) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i); + } + OSSL_TRACE_END(DECODER); continue; } @@ -919,12 +941,15 @@ && new_input_structure != NULL) { data->flag_input_structure_checked = 1; if (OPENSSL_strcasecmp(new_input_structure, - ctx->input_structure) != 0) { - OSSL_TRACE_BEGIN(DECODER) { + ctx->input_structure) + != 0) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i); + } + OSSL_TRACE_END(DECODER); continue; } } @@ -944,12 +969,14 @@ goto end; /* Recurse */ - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s [%u] Running decoder instance %p\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)new_decoder_inst); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s [%u] Running decoder instance %p\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i, + (void *)new_decoder_inst); + } + OSSL_TRACE_END(DECODER); /* * We only care about errors reported from decoder implementations @@ -961,20 +988,22 @@ new_data.flag_input_structure_checked = data->flag_input_structure_checked; ok = new_decoder->decode(new_decoderctx, cbio, - new_data.ctx->selection, - decoder_process, &new_data, - ossl_pw_passphrase_callback_dec, - &new_data.ctx->pwdata); + new_data.ctx->selection, + decoder_process, &new_data, + ossl_pw_passphrase_callback_dec, + &new_data.ctx->pwdata); - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) %s [%u] Running decoder instance %p => %d" - " (recursed further: %s, construct called: %s)\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)new_decoder_inst, ok, - new_data.flag_next_level_called ? "yes" : "no", - new_data.flag_construct_called ? "yes" : "no"); - } OSSL_TRACE_END(DECODER); + "(ctx %p) %s [%u] Running decoder instance %p => %d" + " (recursed further: %s, construct called: %s)\n", + (void *)new_data.ctx, LEVEL, (unsigned int)i, + (void *)new_decoder_inst, ok, + new_data.flag_next_level_called ? "yes" : "no", + new_data.flag_construct_called ? "yes" : "no"); + } + OSSL_TRACE_END(DECODER); data->flag_construct_called = new_data.flag_construct_called; @@ -993,7 +1022,7 @@ break; } - end: +end: ossl_core_bio_free(cbio); BIO_free(new_data.bio); return ok; --- crypto/openssl/crypto/encode_decode/decoder_meth.c.orig +++ crypto/openssl/crypto/encode_decode/decoder_meth.c @@ -76,7 +76,6 @@ return ossl_method_store_new(ctx); } - static const OSSL_LIB_CTX_METHOD decoder_store_method = { /* We want decoder_store to be cleaned up before the provider store */ OSSL_LIB_CTX_METHOD_PRIORITY_2, @@ -87,9 +86,9 @@ /* Data to be passed through ossl_method_construct() */ struct decoder_data_st { OSSL_LIB_CTX *libctx; - int id; /* For get_decoder_from_store() */ - const char *names; /* For get_decoder_from_store() */ - const char *propquery; /* For get_decoder_from_store() */ + int id; /* For get_decoder_from_store() */ + const char *names; /* For get_decoder_from_store() */ + const char *propquery; /* For get_decoder_from_store() */ OSSL_METHOD_STORE *tmp_store; /* For get_tmp_decoder_store() */ @@ -121,7 +120,7 @@ static OSSL_METHOD_STORE *get_decoder_store(OSSL_LIB_CTX *libctx) { return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DECODER_STORE_INDEX, - &decoder_store_method); + &decoder_store_method); } static int reserve_decoder_store(void *store, void *data) @@ -148,7 +147,7 @@ /* Get decoder methods from a store, or put one in */ static void *get_decoder_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) + void *data) { struct decoder_data_st *methdata = data; void *method = NULL; @@ -183,9 +182,9 @@ } static int put_decoder_in_store(void *store, void *method, - const OSSL_PROVIDER *prov, - const char *names, const char *propdef, - void *data) + const OSSL_PROVIDER *prov, + const char *names, const char *propdef, + void *data) { struct decoder_data_st *methdata = data; OSSL_NAMEMAP *namemap; @@ -212,13 +211,13 @@ return 0; return ossl_method_store_add(store, prov, id, propdef, method, - (int (*)(void *))OSSL_DECODER_up_ref, - (void (*)(void *))OSSL_DECODER_free); + (int (*)(void *))OSSL_DECODER_up_ref, + (void (*)(void *))OSSL_DECODER_free); } /* Create and populate a decoder method */ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov) { OSSL_DECODER *decoder = NULL; const OSSL_DISPATCH *fns = algodef->implementation; @@ -233,7 +232,8 @@ } decoder->base.algodef = algodef; if ((decoder->base.parsed_propdef - = ossl_parse_property(libctx, algodef->property_definition)) == NULL) { + = ossl_parse_property(libctx, algodef->property_definition)) + == NULL) { OSSL_DECODER_free(decoder); return NULL; } @@ -250,28 +250,23 @@ break; case OSSL_FUNC_DECODER_GET_PARAMS: if (decoder->get_params == NULL) - decoder->get_params = - OSSL_FUNC_decoder_get_params(fns); + decoder->get_params = OSSL_FUNC_decoder_get_params(fns); break; case OSSL_FUNC_DECODER_GETTABLE_PARAMS: if (decoder->gettable_params == NULL) - decoder->gettable_params = - OSSL_FUNC_decoder_gettable_params(fns); + decoder->gettable_params = OSSL_FUNC_decoder_gettable_params(fns); break; case OSSL_FUNC_DECODER_SET_CTX_PARAMS: if (decoder->set_ctx_params == NULL) - decoder->set_ctx_params = - OSSL_FUNC_decoder_set_ctx_params(fns); + decoder->set_ctx_params = OSSL_FUNC_decoder_set_ctx_params(fns); break; case OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS: if (decoder->settable_ctx_params == NULL) - decoder->settable_ctx_params = - OSSL_FUNC_decoder_settable_ctx_params(fns); + decoder->settable_ctx_params = OSSL_FUNC_decoder_settable_ctx_params(fns); break; case OSSL_FUNC_DECODER_DOES_SELECTION: if (decoder->does_selection == NULL) - decoder->does_selection = - OSSL_FUNC_decoder_does_selection(fns); + decoder->does_selection = OSSL_FUNC_decoder_does_selection(fns); break; case OSSL_FUNC_DECODER_DECODE: if (decoder->decode == NULL) @@ -289,7 +284,7 @@ * You must have at least one of the encoding driver functions. */ if (!((decoder->newctx == NULL && decoder->freectx == NULL) - || (decoder->newctx != NULL && decoder->freectx != NULL)) + || (decoder->newctx != NULL && decoder->freectx != NULL)) || decoder->decode == NULL) { OSSL_DECODER_free(decoder); ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROVIDER_FUNCTIONS); @@ -305,14 +300,13 @@ return decoder; } - /* * The core fetching functionality passes the names of the implementation. * This function is responsible to getting an identity number for them, * then call ossl_decoder_from_algorithm() with that identity number. */ static void *construct_decoder(const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov, void *data) + OSSL_PROVIDER *prov, void *data) { /* * This function is only called if get_decoder_from_store() returned @@ -360,7 +354,7 @@ /* Fetching support. Can fetch by numeric identity or by name */ static OSSL_DECODER * inner_ossl_decoder_fetch(struct decoder_data_st *methdata, int id, - const char *name, const char *properties) + const char *name, const char *properties) { OSSL_METHOD_STORE *store = get_decoder_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); @@ -410,8 +404,9 @@ methdata->propquery = propq; methdata->flag_construct_error_occurred = 0; if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_DECODER, - &prov, 0 /* !force_cache */, - &mcm, methdata)) != NULL) { + &prov, 0 /* !force_cache */, + &mcm, methdata)) + != NULL) { /* * If construction did create a method for us, we know that * there is a correct name_id and meth_id, since those have @@ -422,7 +417,7 @@ id = ossl_namemap_name2num(namemap, name); if (id != 0) ossl_method_store_cache_set(store, prov, id, propq, method, - up_ref_decoder, free_decoder); + up_ref_decoder, free_decoder); } /* @@ -438,17 +433,17 @@ if (name == NULL) name = ossl_namemap_num2name(namemap, id, 0); ERR_raise_data(ERR_LIB_OSSL_DECODER, code, - "%s, Name (%s : %d), Properties (%s)", - ossl_lib_ctx_get_descriptor(methdata->libctx), - name == NULL ? "" : name, id, - properties == NULL ? "" : properties); + "%s, Name (%s : %d), Properties (%s)", + ossl_lib_ctx_get_descriptor(methdata->libctx), + name == NULL ? "" : name, id, + properties == NULL ? "" : properties); } return method; } OSSL_DECODER *OSSL_DECODER_fetch(OSSL_LIB_CTX *libctx, const char *name, - const char *properties) + const char *properties) { struct decoder_data_st methdata; void *method; @@ -461,7 +456,7 @@ } OSSL_DECODER *ossl_decoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id, - const char *properties) + const char *properties) { struct decoder_data_st methdata; void *method; @@ -571,9 +566,9 @@ } void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*user_fn)(OSSL_DECODER *decoder, - void *arg), - void *user_arg) + void (*user_fn)(OSSL_DECODER *decoder, + void *arg), + void *user_arg) { struct decoder_data_st methdata; struct do_one_data_st data; @@ -591,8 +586,8 @@ } int OSSL_DECODER_names_do_all(const OSSL_DECODER *decoder, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (decoder == NULL) return 0; @@ -657,7 +652,7 @@ } int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { int ok = 1; size_t i; @@ -673,12 +668,9 @@ l = OSSL_DECODER_CTX_get_num_decoders(ctx); for (i = 0; i < l; i++) { - OSSL_DECODER_INSTANCE *decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); - OSSL_DECODER *decoder = - OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); - OSSL_DECODER *decoderctx = - OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst); + OSSL_DECODER_INSTANCE *decoder_inst = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); + OSSL_DECODER *decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); + OSSL_DECODER *decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst); if (decoderctx == NULL || decoder->set_ctx_params == NULL) continue; @@ -694,7 +686,7 @@ if (ctx->cleanup != NULL) ctx->cleanup(ctx->construct_data); sk_OSSL_DECODER_INSTANCE_pop_free(ctx->decoder_insts, - ossl_decoder_instance_free); + ossl_decoder_instance_free); ossl_pw_clear_passphrase_data(&ctx->pwdata); OPENSSL_free(ctx); } --- crypto/openssl/crypto/encode_decode/decoder_pkey.c.orig +++ crypto/openssl/crypto/encode_decode/decoder_pkey.c @@ -20,28 +20,28 @@ #include "encoder_local.h" int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, - const unsigned char *kstr, - size_t klen) + const unsigned char *kstr, + size_t klen) { return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen); } int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx, - const UI_METHOD *ui_method, - void *ui_data) + const UI_METHOD *ui_method, + void *ui_data) { return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data); } int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx, - pem_password_cb *cb, void *cbarg) + pem_password_cb *cb, void *cbarg) { return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg); } int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, - void *cbarg) + OSSL_PASSPHRASE_CALLBACK *cb, + void *cbarg) { return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg); } @@ -59,13 +59,13 @@ int selection; STACK_OF(EVP_KEYMGMT) *keymgmts; - char *object_type; /* recorded object data type, may be NULL */ - void **object; /* Where the result should end up */ + char *object_type; /* recorded object data type, may be NULL */ + void **object; /* Where the result should end up */ }; static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst, - const OSSL_PARAM *params, - void *construct_data) + const OSSL_PARAM *params, + void *construct_data) { struct decoder_pkey_data_st *data = construct_data; OSSL_DECODER *decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); @@ -126,8 +126,9 @@ if (!EVP_KEYMGMT_up_ref(keymgmt)) return 0; } else if ((keymgmt = EVP_KEYMGMT_fetch(data->libctx, - data->object_type, - data->propq)) != NULL) { + data->object_type, + data->propq)) + != NULL) { keymgmt_prov = EVP_KEYMGMT_get0_provider(keymgmt); } @@ -161,9 +162,9 @@ * |import_data.keydata| is as much an indicator. */ (void)decoder->export_object(decoderctx, - object_ref, object_ref_sz, - &evp_keymgmt_util_try_import, - &import_data); + object_ref, object_ref_sz, + &evp_keymgmt_util_try_import, + &import_data); keydata = import_data.keydata; import_data.keydata = NULL; } @@ -213,7 +214,7 @@ if (!EVP_KEYMGMT_up_ref(keymgmt) /* ref++ */) return; if (sk_EVP_KEYMGMT_push(keymgmts, keymgmt) <= 0) { - EVP_KEYMGMT_free(keymgmt); /* ref-- */ + EVP_KEYMGMT_free(keymgmt); /* ref-- */ return; } } @@ -223,7 +224,7 @@ OSSL_DECODER_CTX *ctx; int total; - unsigned int error_occurred:1; + unsigned int error_occurred : 1; }; static void collect_decoder(OSSL_DECODER *decoder, void *arg) @@ -248,17 +249,19 @@ * it's seen as taking anything. */ if (decoder->does_selection != NULL - && !decoder->does_selection(provctx, data->ctx->selection)) + && !decoder->does_selection(provctx, data->ctx->selection)) return; - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) Checking out decoder %p:\n" - " %s with %s\n", - (void *)data->ctx, (void *)decoder, - OSSL_DECODER_get0_name(decoder), - OSSL_DECODER_get0_properties(decoder)); - } OSSL_TRACE_END(DECODER); + "(ctx %p) Checking out decoder %p:\n" + " %s with %s\n", + (void *)data->ctx, (void *)decoder, + OSSL_DECODER_get0_name(decoder), + OSSL_DECODER_get0_properties(decoder)); + } + OSSL_TRACE_END(DECODER); end_i = sk_OPENSSL_CSTRING_num(data->names); for (i = 0; i < end_i; i++) { @@ -278,14 +281,16 @@ return; } - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) Checking out decoder %p:\n" - " %s with %s\n", - (void *)data->ctx, (void *)decoder, - OSSL_DECODER_get0_name(decoder), - OSSL_DECODER_get0_properties(decoder)); - } OSSL_TRACE_END(DECODER); + "(ctx %p) Checking out decoder %p:\n" + " %s with %s\n", + (void *)data->ctx, (void *)decoder, + OSSL_DECODER_get0_name(decoder), + OSSL_DECODER_get0_properties(decoder)); + } + OSSL_TRACE_END(DECODER); if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) { ossl_decoder_instance_free(di); @@ -304,9 +309,9 @@ } int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, - EVP_PKEY **pkey, const char *keytype, - OSSL_LIB_CTX *libctx, - const char *propquery) + EVP_PKEY **pkey, const char *keytype, + OSSL_LIB_CTX *libctx, + const char *propquery) { struct decoder_pkey_data_st *process_data = NULL; STACK_OF(OPENSSL_CSTRING) *names = NULL; @@ -317,21 +322,23 @@ int i, end; if (keytype != NULL - && (strcmp(keytype, "id-ecPublicKey") == 0 - || strcmp(keytype, "1.2.840.10045.2.1") == 0)) + && (strcmp(keytype, "id-ecPublicKey") == 0 + || strcmp(keytype, "1.2.840.10045.2.1") == 0)) isecoid = 1; - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) Looking for decoders producing %s%s%s%s%s%s\n", - (void *)ctx, - keytype != NULL ? keytype : "", - keytype != NULL ? " keys" : "keys of any type", - input_type != NULL ? " from " : "", - input_type != NULL ? input_type : "", - input_structure != NULL ? " with " : "", - input_structure != NULL ? input_structure : ""); - } OSSL_TRACE_END(DECODER); + "(ctx %p) Looking for decoders producing %s%s%s%s%s%s\n", + (void *)ctx, + keytype != NULL ? keytype : "", + keytype != NULL ? " keys" : "keys of any type", + input_type != NULL ? " from " : "", + input_type != NULL ? input_type : "", + input_structure != NULL ? " with " : "", + input_structure != NULL ? input_structure : ""); + } + OSSL_TRACE_END(DECODER); if ((process_data = OPENSSL_zalloc(sizeof(*process_data))) == NULL || (propquery != NULL @@ -348,7 +355,7 @@ /* First, find all keymgmts to form goals */ EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, - process_data->keymgmts); + process_data->keymgmts); /* Then, we collect all the keymgmt names */ end = sk_EVP_KEYMGMT_num(process_data->keymgmts); @@ -363,8 +370,8 @@ * we have seen that OID we try both key types */ if (keytype == NULL - || EVP_KEYMGMT_is_a(keymgmt, keytype) - || (isecoid && EVP_KEYMGMT_is_a(keymgmt, "SM2"))) { + || EVP_KEYMGMT_is_a(keymgmt, keytype) + || (isecoid && EVP_KEYMGMT_is_a(keymgmt, "SM2"))) { if (!EVP_KEYMGMT_names_do_all(keymgmt, collect_name, names)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR); goto err; @@ -372,54 +379,60 @@ } } - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { end = sk_OPENSSL_CSTRING_num(names); BIO_printf(trc_out, - " Found %d keytypes (possibly with duplicates)", - end); + " Found %d keytypes (possibly with duplicates)", + end); for (i = 0; i < end; i++) BIO_printf(trc_out, "%s%s", - i == 0 ? ": " : ", ", - sk_OPENSSL_CSTRING_value(names, i)); + i == 0 ? ": " : ", ", + sk_OPENSSL_CSTRING_value(names, i)); BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(DECODER); + } + OSSL_TRACE_END(DECODER); /* * Finally, find all decoders that have any keymgmt of the collected * keymgmt names */ { - struct collect_decoder_data_st collect_decoder_data = { NULL, }; + struct collect_decoder_data_st collect_decoder_data = { + NULL, + }; collect_decoder_data.names = names; collect_decoder_data.ctx = ctx; OSSL_DECODER_do_all_provided(libctx, - collect_decoder, &collect_decoder_data); + collect_decoder, &collect_decoder_data); sk_OPENSSL_CSTRING_free(names); names = NULL; if (collect_decoder_data.error_occurred) goto err; - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) Got %d decoders producing keys\n", - (void *)ctx, collect_decoder_data.total); - } OSSL_TRACE_END(DECODER); + "(ctx %p) Got %d decoders producing keys\n", + (void *)ctx, collect_decoder_data.total); + } + OSSL_TRACE_END(DECODER); } if (OSSL_DECODER_CTX_get_num_decoders(ctx) != 0) { if (!OSSL_DECODER_CTX_set_construct(ctx, decoder_construct_pkey) || !OSSL_DECODER_CTX_set_construct_data(ctx, process_data) || !OSSL_DECODER_CTX_set_cleanup(ctx, - decoder_clean_pkey_construct_arg)) + decoder_clean_pkey_construct_arg)) goto err; process_data = NULL; /* Avoid it being freed */ } ok = 1; - err: +err: decoder_clean_pkey_construct_arg(process_data); sk_OPENSSL_CSTRING_free(names); @@ -428,10 +441,10 @@ OSSL_DECODER_CTX * OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey, - const char *input_type, - const char *input_structure, - const char *keytype, int selection, - OSSL_LIB_CTX *libctx, const char *propquery) + const char *input_type, + const char *input_structure, + const char *keytype, int selection, + OSSL_LIB_CTX *libctx, const char *propquery) { OSSL_DECODER_CTX *ctx = NULL; @@ -440,24 +453,28 @@ return NULL; } - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, - "(ctx %p) Looking for %s decoders with selection %d\n", - (void *)ctx, keytype, selection); + "(ctx %p) Looking for %s decoders with selection %d\n", + (void *)ctx, keytype, selection); BIO_printf(trc_out, " input type: %s, input structure: %s\n", - input_type, input_structure); - } OSSL_TRACE_END(DECODER); + input_type, input_structure); + } + OSSL_TRACE_END(DECODER); if (OSSL_DECODER_CTX_set_input_type(ctx, input_type) && OSSL_DECODER_CTX_set_input_structure(ctx, input_structure) && OSSL_DECODER_CTX_set_selection(ctx, selection) && ossl_decoder_ctx_setup_for_pkey(ctx, pkey, keytype, - libctx, propquery) + libctx, propquery) && OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery)) { - OSSL_TRACE_BEGIN(DECODER) { + OSSL_TRACE_BEGIN(DECODER) + { BIO_printf(trc_out, "(ctx %p) Got %d decoders\n", - (void *)ctx, OSSL_DECODER_CTX_get_num_decoders(ctx)); - } OSSL_TRACE_END(DECODER); + (void *)ctx, OSSL_DECODER_CTX_get_num_decoders(ctx)); + } + OSSL_TRACE_END(DECODER); return ctx; } --- crypto/openssl/crypto/encode_decode/encoder_err.c.orig +++ crypto/openssl/crypto/encode_decode/encoder_err.c @@ -15,13 +15,13 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA OSSL_ENCODER_str_reasons[] = { - {ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_ENCODER_NOT_FOUND), - "encoder not found"}, - {ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY), - "incorrect property query"}, - {ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_MISSING_GET_PARAMS), - "missing get params"}, - {0, NULL} + { ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_ENCODER_NOT_FOUND), + "encoder not found" }, + { ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY), + "incorrect property query" }, + { ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_MISSING_GET_PARAMS), + "missing get params" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/encode_decode/encoder_lib.c.orig +++ crypto/openssl/crypto/encode_decode/encoder_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ int current_encoder_inst_index; /* Processing data passed down through recursion */ - int level; /* Recursion level */ + int level; /* Recursion level */ OSSL_ENCODER_INSTANCE *next_encoder_inst; int count_output_structure; @@ -53,9 +53,9 @@ if (data.current_encoder_inst_index == 0) { ERR_raise_data(ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_ENCODER_NOT_FOUND, - "No encoders were found. For standard encoders you need " - "at least one of the default or base providers " - "available. Did you forget to load them?"); + "No encoders were found. For standard encoders you need " + "at least one of the default or base providers " + "available. Did you forget to load them?"); return 0; } @@ -94,7 +94,7 @@ #endif int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata, - size_t *pdata_len) + size_t *pdata_len) { BIO *out; BUF_MEM *buf = NULL; @@ -161,7 +161,7 @@ } int OSSL_ENCODER_CTX_set_output_type(OSSL_ENCODER_CTX *ctx, - const char *output_type) + const char *output_type) { if (!ossl_assert(ctx != NULL) || !ossl_assert(output_type != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); @@ -173,7 +173,7 @@ } int OSSL_ENCODER_CTX_set_output_structure(OSSL_ENCODER_CTX *ctx, - const char *output_structure) + const char *output_structure) { if (!ossl_assert(ctx != NULL) || !ossl_assert(output_structure != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); @@ -185,7 +185,7 @@ } static OSSL_ENCODER_INSTANCE *ossl_encoder_instance_new(OSSL_ENCODER *encoder, - void *encoderctx) + void *encoderctx) { OSSL_ENCODER_INSTANCE *encoder_inst = NULL; const OSSL_PROVIDER *prov; @@ -213,8 +213,8 @@ props = ossl_encoder_parsed_properties(encoder); if (props == NULL) { ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, - "there are no property definitions with encoder %s", - OSSL_ENCODER_get0_name(encoder)); + "there are no property definitions with encoder %s", + OSSL_ENCODER_get0_name(encoder)); goto err; } @@ -223,10 +223,10 @@ encoder_inst->output_type = ossl_property_get_string_value(libctx, prop); if (encoder_inst->output_type == NULL) { ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, - "the mandatory 'output' property is missing " - "for encoder %s (properties: %s)", - OSSL_ENCODER_get0_name(encoder), - OSSL_ENCODER_get0_properties(encoder)); + "the mandatory 'output' property is missing " + "for encoder %s (properties: %s)", + OSSL_ENCODER_get0_name(encoder), + OSSL_ENCODER_get0_properties(encoder)); goto err; } @@ -239,7 +239,7 @@ encoder_inst->encoder = encoder; encoder_inst->encoderctx = encoderctx; return encoder_inst; - err: +err: ossl_encoder_instance_free(encoder_inst); return NULL; } @@ -257,27 +257,28 @@ } static int ossl_encoder_ctx_add_encoder_inst(OSSL_ENCODER_CTX *ctx, - OSSL_ENCODER_INSTANCE *ei) + OSSL_ENCODER_INSTANCE *ei) { int ok; if (ctx->encoder_insts == NULL - && (ctx->encoder_insts = - sk_OSSL_ENCODER_INSTANCE_new_null()) == NULL) { + && (ctx->encoder_insts = sk_OSSL_ENCODER_INSTANCE_new_null()) == NULL) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); return 0; } ok = (sk_OSSL_ENCODER_INSTANCE_push(ctx->encoder_insts, ei) > 0); if (ok) { - OSSL_TRACE_BEGIN(ENCODER) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "(ctx %p) Added encoder instance %p (encoder %p):\n" - " %s with %s\n", - (void *)ctx, (void *)ei, (void *)ei->encoder, - OSSL_ENCODER_get0_name(ei->encoder), - OSSL_ENCODER_get0_properties(ei->encoder)); - } OSSL_TRACE_END(ENCODER); + "(ctx %p) Added encoder instance %p (encoder %p):\n" + " %s with %s\n", + (void *)ctx, (void *)ei, (void *)ei->encoder, + OSSL_ENCODER_get0_name(ei->encoder), + OSSL_ENCODER_get0_properties(ei->encoder)); + } + OSSL_TRACE_END(ENCODER); } return ok; } @@ -298,8 +299,7 @@ provctx = OSSL_PROVIDER_get0_provider_ctx(prov); if ((encoderctx = encoder->newctx(provctx)) == NULL - || (encoder_inst = - ossl_encoder_instance_new(encoder, encoderctx)) == NULL) + || (encoder_inst = ossl_encoder_instance_new(encoder, encoderctx)) == NULL) goto err; /* Avoid double free of encoderctx on further errors */ encoderctx = NULL; @@ -308,7 +308,7 @@ goto err; return 1; - err: +err: ossl_encoder_instance_free(encoder_inst); if (encoderctx != NULL) encoder->freectx(encoderctx); @@ -316,7 +316,7 @@ } int OSSL_ENCODER_CTX_add_extra(OSSL_ENCODER_CTX *ctx, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { return 1; } @@ -329,7 +329,7 @@ } int OSSL_ENCODER_CTX_set_construct(OSSL_ENCODER_CTX *ctx, - OSSL_ENCODER_CONSTRUCT *construct) + OSSL_ENCODER_CONSTRUCT *construct) { if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); @@ -340,7 +340,7 @@ } int OSSL_ENCODER_CTX_set_construct_data(OSSL_ENCODER_CTX *ctx, - void *construct_data) + void *construct_data) { if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); @@ -351,7 +351,7 @@ } int OSSL_ENCODER_CTX_set_cleanup(OSSL_ENCODER_CTX *ctx, - OSSL_ENCODER_CLEANUP *cleanup) + OSSL_ENCODER_CLEANUP *cleanup) { if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); @@ -403,14 +403,13 @@ OSSL_PARAM abstract[10]; const OSSL_PARAM *current_abstract = NULL; int i; - int ok = -1; /* -1 signifies that the lookup loop gave nothing */ + int ok = -1; /* -1 signifies that the lookup loop gave nothing */ int top = 0; if (data->next_encoder_inst == NULL) { /* First iteration, where we prepare for what is to come */ - data->count_output_structure = - data->ctx->output_structure == NULL ? -1 : 0; + data->count_output_structure = data->ctx->output_structure == NULL ? -1 : 0; top = 1; } @@ -421,19 +420,13 @@ struct encoder_process_data_st new_data; if (!top) - next_encoder = - OSSL_ENCODER_INSTANCE_get_encoder(data->next_encoder_inst); - - current_encoder_inst = - sk_OSSL_ENCODER_INSTANCE_value(data->ctx->encoder_insts, i); - current_encoder = - OSSL_ENCODER_INSTANCE_get_encoder(current_encoder_inst); - current_encoder_ctx = - OSSL_ENCODER_INSTANCE_get_encoder_ctx(current_encoder_inst); - current_output_type = - OSSL_ENCODER_INSTANCE_get_output_type(current_encoder_inst); - current_output_structure = - OSSL_ENCODER_INSTANCE_get_output_structure(current_encoder_inst); + next_encoder = OSSL_ENCODER_INSTANCE_get_encoder(data->next_encoder_inst); + + current_encoder_inst = sk_OSSL_ENCODER_INSTANCE_value(data->ctx->encoder_insts, i); + current_encoder = OSSL_ENCODER_INSTANCE_get_encoder(current_encoder_inst); + current_encoder_ctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(current_encoder_inst); + current_output_type = OSSL_ENCODER_INSTANCE_get_output_type(current_encoder_inst); + current_output_structure = OSSL_ENCODER_INSTANCE_get_output_structure(current_encoder_inst); memset(&new_data, 0, sizeof(new_data)); new_data.ctx = data->ctx; new_data.current_encoder_inst_index = i; @@ -441,12 +434,14 @@ new_data.count_output_structure = data->count_output_structure; new_data.level = data->level + 1; - OSSL_TRACE_BEGIN(ENCODER) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "[%d] (ctx %p) Considering encoder instance %p (encoder %p)\n", - data->level, (void *)data->ctx, - (void *)current_encoder_inst, (void *)current_encoder); - } OSSL_TRACE_END(ENCODER); + "[%d] (ctx %p) Considering encoder instance %p (encoder %p)\n", + data->level, (void *)data->ctx, + (void *)current_encoder_inst, (void *)current_encoder); + } + OSSL_TRACE_END(ENCODER); /* * If this is the top call, we check if the output type of the current @@ -458,23 +453,28 @@ if (top) { if (data->ctx->output_type != NULL && OPENSSL_strcasecmp(current_output_type, - data->ctx->output_type) != 0) { - OSSL_TRACE_BEGIN(ENCODER) { + data->ctx->output_type) + != 0) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "[%d] Skipping because current encoder output type (%s) != desired output type (%s)\n", - data->level, - current_output_type, data->ctx->output_type); - } OSSL_TRACE_END(ENCODER); + "[%d] Skipping because current encoder output type (%s) != desired output type (%s)\n", + data->level, + current_output_type, data->ctx->output_type); + } + OSSL_TRACE_END(ENCODER); continue; } } else { if (!OSSL_ENCODER_is_a(next_encoder, current_output_type)) { - OSSL_TRACE_BEGIN(ENCODER) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "[%d] Skipping because current encoder output type (%s) != name of encoder %p\n", - data->level, - current_output_type, (void *)next_encoder); - } OSSL_TRACE_END(ENCODER); + "[%d] Skipping because current encoder output type (%s) != name of encoder %p\n", + data->level, + current_output_type, (void *)next_encoder); + } + OSSL_TRACE_END(ENCODER); continue; } } @@ -487,14 +487,17 @@ if (data->ctx->output_structure != NULL && current_output_structure != NULL) { if (OPENSSL_strcasecmp(data->ctx->output_structure, - current_output_structure) != 0) { - OSSL_TRACE_BEGIN(ENCODER) { + current_output_structure) + != 0) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "[%d] Skipping because current encoder output structure (%s) != ctx output structure (%s)\n", - data->level, - current_output_structure, - data->ctx->output_structure); - } OSSL_TRACE_END(ENCODER); + "[%d] Skipping because current encoder output structure (%s) != ctx output structure (%s)\n", + data->level, + current_output_structure, + data->ctx->output_structure); + } + OSSL_TRACE_END(ENCODER); continue; } @@ -525,11 +528,13 @@ if (ok != 0) break; - OSSL_TRACE_BEGIN(ENCODER) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "[%d] Skipping because recusion level %d failed\n", - data->level, new_data.level); - } OSSL_TRACE_END(ENCODER); + "[%d] Skipping because recursion level %d failed\n", + data->level, new_data.level); + } + OSSL_TRACE_END(ENCODER); } /* @@ -539,11 +544,13 @@ if (i < 0) { ok = -1; - OSSL_TRACE_BEGIN(ENCODER) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "[%d] (ctx %p) No suitable encoder found\n", - data->level, (void *)data->ctx); - } OSSL_TRACE_END(ENCODER); + "[%d] (ctx %p) No suitable encoder found\n", + data->level, (void *)data->ctx); + } + OSSL_TRACE_END(ENCODER); } else { /* Preparations */ @@ -569,9 +576,8 @@ if (data->count_output_structure == 0) return 0; - original_data = - data->ctx->construct(current_encoder_inst, - data->ctx->construct_data); + original_data = data->ctx->construct(current_encoder_inst, + data->ctx->construct_data); /* Also set the data type, using the encoder implementation name */ data->data_type = OSSL_ENCODER_get0_name(current_encoder); @@ -596,21 +602,17 @@ */ OSSL_PARAM *abstract_p = abstract; - const char *prev_output_structure = - OSSL_ENCODER_INSTANCE_get_output_structure(data->prev_encoder_inst); + const char *prev_output_structure = OSSL_ENCODER_INSTANCE_get_output_structure(data->prev_encoder_inst); - *abstract_p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - (char *)data->data_type, 0); + *abstract_p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)data->data_type, 0); if (prev_output_structure != NULL) - *abstract_p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, - (char *)prev_output_structure, - 0); - *abstract_p++ = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, - data->running_output, - data->running_output_length); + *abstract_p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, + (char *)prev_output_structure, + 0); + *abstract_p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, + data->running_output, + data->running_output_length); *abstract_p = OSSL_PARAM_construct_end(); current_abstract = abstract; } @@ -630,23 +632,25 @@ if (top) current_out = data->bio; else if ((current_out = allocated_out = BIO_new(BIO_s_mem())) - == NULL) - ok = 0; /* Assume BIO_new() recorded an error */ + == NULL) + ok = 0; /* Assume BIO_new() recorded an error */ if (ok) ok = (cbio = ossl_core_bio_new_from_bio(current_out)) != NULL; if (ok) { ok = current_encoder->encode(current_encoder_ctx, cbio, - original_data, current_abstract, - data->ctx->selection, - ossl_pw_passphrase_callback_enc, - &data->ctx->pwdata); - OSSL_TRACE_BEGIN(ENCODER) { + original_data, current_abstract, + data->ctx->selection, + ossl_pw_passphrase_callback_enc, + &data->ctx->pwdata); + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "[%d] (ctx %p) Running encoder instance %p => %d\n", - data->level, (void *)data->ctx, - (void *)current_encoder_inst, ok); - } OSSL_TRACE_END(ENCODER); + "[%d] (ctx %p) Running encoder instance %p => %d\n", + data->level, (void *)data->ctx, + (void *)current_encoder_inst, ok); + } + OSSL_TRACE_END(ENCODER); } ossl_core_bio_free(cbio); --- crypto/openssl/crypto/encode_decode/encoder_local.h.orig +++ crypto/openssl/crypto/encode_decode/encoder_local.h @@ -56,9 +56,9 @@ }; struct ossl_encoder_instance_st { - OSSL_ENCODER *encoder; /* Never NULL */ - void *encoderctx; /* Never NULL */ - const char *output_type; /* Never NULL */ + OSSL_ENCODER *encoder; /* Never NULL */ + void *encoderctx; /* Never NULL */ + const char *output_type; /* Never NULL */ const char *output_structure; /* May be NULL */ }; @@ -104,9 +104,9 @@ }; struct ossl_decoder_instance_st { - OSSL_DECODER *decoder; /* Never NULL */ - void *decoderctx; /* Never NULL */ - const char *input_type; /* Never NULL */ + OSSL_DECODER *decoder; /* Never NULL */ + void *decoderctx; /* Never NULL */ + const char *input_type; /* Never NULL */ const char *input_structure; /* May be NULL */ unsigned int flag_input_structure_was_set : 1; --- crypto/openssl/crypto/encode_decode/encoder_meth.c.orig +++ crypto/openssl/crypto/encode_decode/encoder_meth.c @@ -76,7 +76,6 @@ return ossl_method_store_new(ctx); } - static const OSSL_LIB_CTX_METHOD encoder_store_method = { /* We want encoder_store to be cleaned up before the provider store */ OSSL_LIB_CTX_METHOD_PRIORITY_2, @@ -87,9 +86,9 @@ /* Data to be passed through ossl_method_construct() */ struct encoder_data_st { OSSL_LIB_CTX *libctx; - int id; /* For get_encoder_from_store() */ - const char *names; /* For get_encoder_from_store() */ - const char *propquery; /* For get_encoder_from_store() */ + int id; /* For get_encoder_from_store() */ + const char *names; /* For get_encoder_from_store() */ + const char *propquery; /* For get_encoder_from_store() */ OSSL_METHOD_STORE *tmp_store; /* For get_tmp_encoder_store() */ @@ -121,7 +120,7 @@ static OSSL_METHOD_STORE *get_encoder_store(OSSL_LIB_CTX *libctx) { return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_ENCODER_STORE_INDEX, - &encoder_store_method); + &encoder_store_method); } static int reserve_encoder_store(void *store, void *data) @@ -148,7 +147,7 @@ /* Get encoder methods from a store, or put one in */ static void *get_encoder_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) + void *data) { struct encoder_data_st *methdata = data; void *method = NULL; @@ -183,9 +182,9 @@ } static int put_encoder_in_store(void *store, void *method, - const OSSL_PROVIDER *prov, - const char *names, const char *propdef, - void *data) + const OSSL_PROVIDER *prov, + const char *names, const char *propdef, + void *data) { struct encoder_data_st *methdata = data; OSSL_NAMEMAP *namemap; @@ -212,13 +211,13 @@ return 0; return ossl_method_store_add(store, prov, id, propdef, method, - (int (*)(void *))OSSL_ENCODER_up_ref, - (void (*)(void *))OSSL_ENCODER_free); + (int (*)(void *))OSSL_ENCODER_up_ref, + (void (*)(void *))OSSL_ENCODER_free); } /* Create and populate a encoder method */ static void *encoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov) { OSSL_ENCODER *encoder = NULL; const OSSL_DISPATCH *fns = algodef->implementation; @@ -233,7 +232,8 @@ } encoder->base.algodef = algodef; if ((encoder->base.parsed_propdef - = ossl_parse_property(libctx, algodef->property_definition)) == NULL) { + = ossl_parse_property(libctx, algodef->property_definition)) + == NULL) { OSSL_ENCODER_free(encoder); return NULL; } @@ -242,38 +242,31 @@ switch (fns->function_id) { case OSSL_FUNC_ENCODER_NEWCTX: if (encoder->newctx == NULL) - encoder->newctx = - OSSL_FUNC_encoder_newctx(fns); + encoder->newctx = OSSL_FUNC_encoder_newctx(fns); break; case OSSL_FUNC_ENCODER_FREECTX: if (encoder->freectx == NULL) - encoder->freectx = - OSSL_FUNC_encoder_freectx(fns); + encoder->freectx = OSSL_FUNC_encoder_freectx(fns); break; case OSSL_FUNC_ENCODER_GET_PARAMS: if (encoder->get_params == NULL) - encoder->get_params = - OSSL_FUNC_encoder_get_params(fns); + encoder->get_params = OSSL_FUNC_encoder_get_params(fns); break; case OSSL_FUNC_ENCODER_GETTABLE_PARAMS: if (encoder->gettable_params == NULL) - encoder->gettable_params = - OSSL_FUNC_encoder_gettable_params(fns); + encoder->gettable_params = OSSL_FUNC_encoder_gettable_params(fns); break; case OSSL_FUNC_ENCODER_SET_CTX_PARAMS: if (encoder->set_ctx_params == NULL) - encoder->set_ctx_params = - OSSL_FUNC_encoder_set_ctx_params(fns); + encoder->set_ctx_params = OSSL_FUNC_encoder_set_ctx_params(fns); break; case OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS: if (encoder->settable_ctx_params == NULL) - encoder->settable_ctx_params = - OSSL_FUNC_encoder_settable_ctx_params(fns); + encoder->settable_ctx_params = OSSL_FUNC_encoder_settable_ctx_params(fns); break; case OSSL_FUNC_ENCODER_DOES_SELECTION: if (encoder->does_selection == NULL) - encoder->does_selection = - OSSL_FUNC_encoder_does_selection(fns); + encoder->does_selection = OSSL_FUNC_encoder_does_selection(fns); break; case OSSL_FUNC_ENCODER_ENCODE: if (encoder->encode == NULL) @@ -281,13 +274,11 @@ break; case OSSL_FUNC_ENCODER_IMPORT_OBJECT: if (encoder->import_object == NULL) - encoder->import_object = - OSSL_FUNC_encoder_import_object(fns); + encoder->import_object = OSSL_FUNC_encoder_import_object(fns); break; case OSSL_FUNC_ENCODER_FREE_OBJECT: if (encoder->free_object == NULL) - encoder->free_object = - OSSL_FUNC_encoder_free_object(fns); + encoder->free_object = OSSL_FUNC_encoder_free_object(fns); break; } } @@ -297,9 +288,9 @@ * You must have the encoding driver functions. */ if (!((encoder->newctx == NULL && encoder->freectx == NULL) - || (encoder->newctx != NULL && encoder->freectx != NULL) - || (encoder->import_object != NULL && encoder->free_object != NULL) - || (encoder->import_object == NULL && encoder->free_object == NULL)) + || (encoder->newctx != NULL && encoder->freectx != NULL) + || (encoder->import_object != NULL && encoder->free_object != NULL) + || (encoder->import_object == NULL && encoder->free_object == NULL)) || encoder->encode == NULL) { OSSL_ENCODER_free(encoder); ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INVALID_PROVIDER_FUNCTIONS); @@ -315,14 +306,13 @@ return encoder; } - /* * The core fetching functionality passes the names of the implementation. * This function is responsible to getting an identity number for them, * then call encoder_from_algorithm() with that identity number. */ static void *construct_encoder(const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov, void *data) + OSSL_PROVIDER *prov, void *data) { /* * This function is only called if get_encoder_from_store() returned @@ -370,7 +360,7 @@ /* Fetching support. Can fetch by numeric identity or by name */ static OSSL_ENCODER * inner_ossl_encoder_fetch(struct encoder_data_st *methdata, int id, - const char *name, const char *properties) + const char *name, const char *properties) { OSSL_METHOD_STORE *store = get_encoder_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); @@ -420,8 +410,9 @@ methdata->propquery = propq; methdata->flag_construct_error_occurred = 0; if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_ENCODER, - &prov, 0 /* !force_cache */, - &mcm, methdata)) != NULL) { + &prov, 0 /* !force_cache */, + &mcm, methdata)) + != NULL) { /* * If construction did create a method for us, we know that * there is a correct name_id and meth_id, since those have @@ -431,7 +422,7 @@ if (id == 0) id = ossl_namemap_name2num(namemap, name); ossl_method_store_cache_set(store, prov, id, propq, method, - up_ref_encoder, free_encoder); + up_ref_encoder, free_encoder); } /* @@ -447,17 +438,17 @@ if (name == NULL) name = ossl_namemap_num2name(namemap, id, 0); ERR_raise_data(ERR_LIB_OSSL_ENCODER, code, - "%s, Name (%s : %d), Properties (%s)", - ossl_lib_ctx_get_descriptor(methdata->libctx), - name == NULL ? "" : name, id, - properties == NULL ? "" : properties); + "%s, Name (%s : %d), Properties (%s)", + ossl_lib_ctx_get_descriptor(methdata->libctx), + name == NULL ? "" : name, id, + properties == NULL ? "" : properties); } return method; } OSSL_ENCODER *OSSL_ENCODER_fetch(OSSL_LIB_CTX *libctx, const char *name, - const char *properties) + const char *properties) { struct encoder_data_st methdata; void *method; @@ -470,7 +461,7 @@ } OSSL_ENCODER *ossl_encoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id, - const char *properties) + const char *properties) { struct encoder_data_st methdata; void *method; @@ -580,9 +571,9 @@ } void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*user_fn)(OSSL_ENCODER *encoder, - void *arg), - void *user_arg) + void (*user_fn)(OSSL_ENCODER *encoder, + void *arg), + void *user_arg) { struct encoder_data_st methdata; struct do_one_data_st data; @@ -600,8 +591,8 @@ } int OSSL_ENCODER_names_do_all(const OSSL_ENCODER *encoder, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (encoder == NULL) return 0; @@ -659,7 +650,7 @@ } int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { int ok = 1; size_t i; @@ -675,8 +666,7 @@ l = OSSL_ENCODER_CTX_get_num_encoders(ctx); for (i = 0; i < l; i++) { - OSSL_ENCODER_INSTANCE *encoder_inst = - sk_OSSL_ENCODER_INSTANCE_value(ctx->encoder_insts, i); + OSSL_ENCODER_INSTANCE *encoder_inst = sk_OSSL_ENCODER_INSTANCE_value(ctx->encoder_insts, i); OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst); void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst); @@ -692,7 +682,7 @@ { if (ctx != NULL) { sk_OSSL_ENCODER_INSTANCE_pop_free(ctx->encoder_insts, - ossl_encoder_instance_free); + ossl_encoder_instance_free); OPENSSL_free(ctx->construct_data); ossl_pw_clear_passphrase_data(&ctx->pwdata); OPENSSL_free(ctx); --- crypto/openssl/crypto/encode_decode/encoder_pkey.c.orig +++ crypto/openssl/crypto/encode_decode/encoder_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,44 +23,42 @@ DEFINE_STACK_OF(OSSL_ENCODER) int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx, - const char *cipher_name, - const char *propquery) + const char *cipher_name, + const char *propquery) { OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER, - (void *)cipher_name, 0); - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, - (void *)propquery, 0); + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER, + (void *)cipher_name, 0); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, + (void *)propquery, 0); return OSSL_ENCODER_CTX_set_params(ctx, params); } int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx, - const unsigned char *kstr, - size_t klen) + const unsigned char *kstr, + size_t klen) { return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen); } int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx, - const UI_METHOD *ui_method, - void *ui_data) + const UI_METHOD *ui_method, + void *ui_data) { return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data); } int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx, - pem_password_cb *cb, void *cbarg) + pem_password_cb *cb, void *cbarg) { return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg); } int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, - void *cbarg) + OSSL_PASSPHRASE_CALLBACK *cb, + void *cbarg) { return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg); } @@ -77,7 +75,7 @@ const OSSL_PROVIDER *keymgmt_prov; OSSL_ENCODER_CTX *ctx; - unsigned int flag_find_same_provider:1; + unsigned int flag_find_same_provider : 1; int error_occurred; }; @@ -90,7 +88,7 @@ if (data->error_occurred) return; - data->error_occurred = 1; /* Assume the worst */ + data->error_occurred = 1; /* Assume the worst */ if (data->names == NULL) return; @@ -122,12 +120,12 @@ break; } - data->error_occurred = 0; /* All is good now */ + data->error_occurred = 0; /* All is good now */ } struct collected_names_st { STACK_OF(OPENSSL_CSTRING) *names; - unsigned int error_occurred:1; + unsigned int error_occurred : 1; }; static void collect_name(const char *name, void *arg) @@ -137,12 +135,12 @@ if (data->error_occurred) return; - data->error_occurred = 1; /* Assume the worst */ + data->error_occurred = 1; /* Assume the worst */ if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0) return; - data->error_occurred = 0; /* All is good now */ + data->error_occurred = 0; /* All is good now */ } /* @@ -167,8 +165,7 @@ OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst); void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst); - construct_data->constructed_obj = - encoder->import_object(encoderctx, construct_data->selection, params); + construct_data->constructed_obj = encoder->import_object(encoderctx, construct_data->selection, params); return (construct_data->constructed_obj != NULL); } @@ -179,8 +176,7 @@ struct construct_data_st *data = arg; if (data->obj == NULL) { - OSSL_ENCODER *encoder = - OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst); + OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst); const EVP_PKEY *pk = data->pk; const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt); const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder); @@ -193,7 +189,7 @@ data->encoder_inst = encoder_inst; if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, selection, - &encoder_import_cb, data)) + &encoder_import_cb, data)) return NULL; data->obj = data->constructed_obj; } else { @@ -207,14 +203,16 @@ static void encoder_destruct_pkey(void *arg) { struct construct_data_st *data = arg; + int match = (data->obj == data->constructed_obj); if (data->encoder_inst != NULL) { - OSSL_ENCODER *encoder = - OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst); + OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst); encoder->free_object(data->constructed_obj); } data->constructed_obj = NULL; + if (match) + data->obj = NULL; } /* @@ -224,9 +222,9 @@ * and to use fallback methods if the result is NULL. */ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx, - const EVP_PKEY *pkey, - int selection, - const char *propquery) + const EVP_PKEY *pkey, + int selection, + const char *propquery) { struct construct_data_st *data = NULL; const OSSL_PROVIDER *prov = NULL; @@ -306,11 +304,11 @@ data->pk = pkey; data->selection = selection; - data = NULL; /* Avoid it being freed */ + data = NULL; /* Avoid it being freed */ } ok = 1; - err: +err: if (data != NULL) { OSSL_ENCODER_CTX_set_construct_data(ctx, NULL); OPENSSL_free(data); @@ -319,10 +317,10 @@ } OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey, - int selection, - const char *output_type, - const char *output_struct, - const char *propquery) + int selection, + const char *output_type, + const char *output_struct, + const char *propquery) { OSSL_ENCODER_CTX *ctx = NULL; OSSL_LIB_CTX *libctx = NULL; @@ -334,7 +332,7 @@ if (!evp_pkey_is_assigned(pkey)) { ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT, - "The passed EVP_PKEY must be assigned a key"); + "The passed EVP_PKEY must be assigned a key"); return NULL; } @@ -349,13 +347,15 @@ libctx = ossl_provider_libctx(prov); } - OSSL_TRACE_BEGIN(ENCODER) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, - "(ctx %p) Looking for %s encoders with selection %d\n", - (void *)ctx, EVP_PKEY_get0_type_name(pkey), selection); + "(ctx %p) Looking for %s encoders with selection %d\n", + (void *)ctx, EVP_PKEY_get0_type_name(pkey), selection); BIO_printf(trc_out, " output type: %s, output structure: %s\n", - output_type, output_struct); - } OSSL_TRACE_END(ENCODER); + output_type, output_struct); + } + OSSL_TRACE_END(ENCODER); if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type) && (output_struct == NULL @@ -367,14 +367,16 @@ int save_parameters = pkey->save_parameters; params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS, - &save_parameters); + &save_parameters); /* ignoring error as this is only auxiliary parameter */ (void)OSSL_ENCODER_CTX_set_params(ctx, params); - OSSL_TRACE_BEGIN(ENCODER) { + OSSL_TRACE_BEGIN(ENCODER) + { BIO_printf(trc_out, "(ctx %p) Got %d encoders\n", - (void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx)); - } OSSL_TRACE_END(ENCODER); + (void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx)); + } + OSSL_TRACE_END(ENCODER); return ctx; } --- crypto/openssl/crypto/engine/eng_all.c.orig +++ crypto/openssl/crypto/engine/eng_all.c @@ -16,9 +16,9 @@ } #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) void ENGINE_setup_bsd_cryptodev(void) { } -# endif +#endif #endif --- crypto/openssl/crypto/engine/eng_cnf.c.orig +++ crypto/openssl/crypto/engine/eng_cnf.c @@ -66,7 +66,7 @@ ctrlname = skip_dot(ecmd->name); ctrlvalue = ecmd->value; OSSL_TRACE2(CONF, "ENGINE: doing ctrl(%s,%s)\n", - ctrlname, ctrlvalue); + ctrlname, ctrlvalue); /* First handle some special pseudo ctrls */ @@ -124,21 +124,20 @@ } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) goto err; } - } if (e && (do_init == -1) && !int_engine_init(e)) { ecmd = NULL; goto err; } ret = 1; - err: +err: if (ret != 1) { if (ecmd == NULL) ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR); else ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR, - "section=%s, name=%s, value=%s", - ecmd->section, ecmd->name, ecmd->value); + "section=%s, name=%s, value=%s", + ecmd->section, ecmd->name, ecmd->value); } ENGINE_free(e); return ret; @@ -150,7 +149,7 @@ CONF_VALUE *cval; int i; OSSL_TRACE2(CONF, "Called engine module: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + CONF_imodule_get_name(md), CONF_imodule_get_value(md)); /* Value is a section containing ENGINEs to configure */ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); @@ -181,5 +180,5 @@ void ENGINE_add_conf_module(void) { CONF_module_add("engines", - int_engine_module_init, int_engine_module_finish); + int_engine_module_init, int_engine_module_finish); } --- crypto/openssl/crypto/engine/eng_ctrl.c.orig +++ crypto/openssl/crypto/engine/eng_ctrl.c @@ -62,7 +62,7 @@ } static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)) + void (*f)(void)) { int idx; char *s = (char *)p; @@ -75,9 +75,7 @@ return e->cmd_defns->cmd_num; } /* One or two commands require that "p" be a valid string buffer */ - if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || - (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || - (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) { + if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) { if (s == NULL) { ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); return -1; @@ -115,8 +113,7 @@ return strlen(cdp->cmd_desc == NULL ? int_no_description : cdp->cmd_desc); case ENGINE_CTRL_GET_DESC_FROM_CMD: - return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description - : cdp->cmd_desc)); + return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description : cdp->cmd_desc)); case ENGINE_CTRL_GET_CMD_FLAGS: return cdp->cmd_flags; } @@ -125,7 +122,7 @@ return -1; } -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int ctrl_exists, ref_exists; if (e == NULL) { @@ -181,20 +178,17 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd) { int flags; - if ((flags = - ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) { + if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) { ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER); return 0; } - if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) && - !(flags & ENGINE_CMD_FLAG_NUMERIC) && - !(flags & ENGINE_CMD_FLAG_STRING)) + if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) && !(flags & ENGINE_CMD_FLAG_NUMERIC) && !(flags & ENGINE_CMD_FLAG_STRING)) return 0; return 1; } int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f) (void), int cmd_optional) + long i, void *p, void (*f)(void), int cmd_optional) { int num; @@ -204,7 +198,8 @@ } if (e->ctrl == NULL || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0) { + 0, (void *)cmd_name, NULL)) + <= 0) { /* * If the command didn't *have* to be supported, we fake success. * This allows certain settings to be specified for multiple ENGINEs @@ -230,7 +225,7 @@ } int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional) + int cmd_optional) { int num, flags; long l; @@ -242,7 +237,8 @@ } if (e->ctrl == NULL || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0) { + 0, (void *)cmd_name, NULL)) + <= 0) { /* * If the command didn't *have* to be supported, we fake success. * This allows certain settings to be specified for multiple ENGINEs --- crypto/openssl/crypto/engine/eng_dyn.c.orig +++ crypto/openssl/crypto/engine/eng_dyn.c @@ -24,53 +24,53 @@ static int dynamic_init(ENGINE *e); static int dynamic_finish(ENGINE *e); static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); + void (*f)(void)); /* Predeclare our context type */ typedef struct st_dynamic_data_ctx dynamic_data_ctx; /* The implementation for the important control command */ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); -#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE -#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) -#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) -#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) -#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) -#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) -#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) +#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE +#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) +#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) +#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) +#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) +#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) +#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) /* The constants used when creating the ENGINE */ static const char *engine_dynamic_id = "dynamic"; static const char *engine_dynamic_name = "Dynamic engine loading support"; static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { - {DYNAMIC_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the new ENGINE shared library", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_NO_VCHECK, - "NO_VCHECK", - "Specifies to continue even if version checking fails (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_ID, - "ID", - "Specifies an ENGINE id name for loading", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_LIST_ADD, - "LIST_ADD", - "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_DIR_LOAD, - "DIR_LOAD", - "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_DIR_ADD, - "DIR_ADD", - "Adds a directory from which ENGINEs can be loaded", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_LOAD, - "LOAD", - "Load up the ENGINE specified by other settings", - ENGINE_CMD_FLAG_NO_INPUT}, - {0, NULL, NULL, 0} + { DYNAMIC_CMD_SO_PATH, + "SO_PATH", + "Specifies the path to the new ENGINE shared library", + ENGINE_CMD_FLAG_STRING }, + { DYNAMIC_CMD_NO_VCHECK, + "NO_VCHECK", + "Specifies to continue even if version checking fails (boolean)", + ENGINE_CMD_FLAG_NUMERIC }, + { DYNAMIC_CMD_ID, + "ID", + "Specifies an ENGINE id name for loading", + ENGINE_CMD_FLAG_STRING }, + { DYNAMIC_CMD_LIST_ADD, + "LIST_ADD", + "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", + ENGINE_CMD_FLAG_NUMERIC }, + { DYNAMIC_CMD_DIR_LOAD, + "DIR_LOAD", + "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", + ENGINE_CMD_FLAG_NUMERIC }, + { DYNAMIC_CMD_DIR_ADD, + "DIR_ADD", + "Adds a directory from which ENGINEs can be loaded", + ENGINE_CMD_FLAG_STRING }, + { DYNAMIC_CMD_LOAD, + "LOAD", + "Load up the ENGINE specified by other settings", + ENGINE_CMD_FLAG_NO_INPUT }, + { 0, NULL, NULL, 0 } }; /* @@ -135,8 +135,8 @@ * and there was an ex_data element corresponding to our context type. */ static void dynamic_data_ctx_free_func(void *parent, void *ptr, - CRYPTO_EX_DATA *ad, int idx, long argl, - void *argp) + CRYPTO_EX_DATA *ad, int idx, long argl, + void *argp) { if (ptr) { dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; @@ -174,7 +174,7 @@ if (!CRYPTO_THREAD_write_lock(global_engine_lock)) goto end; if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, - dynamic_ex_data_idx)) + dynamic_ex_data_idx)) == NULL) { /* Good, we're the first */ ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); @@ -210,7 +210,7 @@ * an ENGINE goes underground. */ int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, - dynamic_data_ctx_free_func); + dynamic_data_ctx_free_func); if (new_idx == -1) { ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_INDEX); return NULL; @@ -242,13 +242,7 @@ ENGINE *ret = ENGINE_new(); if (ret == NULL) return NULL; - if (!ENGINE_set_id(ret, engine_dynamic_id) || - !ENGINE_set_name(ret, engine_dynamic_name) || - !ENGINE_set_init_function(ret, dynamic_init) || - !ENGINE_set_finish_function(ret, dynamic_finish) || - !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || - !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || - !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) { + if (!ENGINE_set_id(ret, engine_dynamic_id) || !ENGINE_set_name(ret, engine_dynamic_name) || !ENGINE_set_init_function(ret, dynamic_init) || !ENGINE_set_finish_function(ret, dynamic_finish) || !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) { ENGINE_free(ret); return NULL; } @@ -294,7 +288,7 @@ return 0; } -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); int initialised; @@ -379,9 +373,7 @@ { int num, loop; /* Unless told not to, try a direct load */ - if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, - ctx->DYNAMIC_LIBNAME, NULL, - 0)) != NULL) + if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL) return 1; /* If we're not allowed to use 'dirs' or we have none, fail */ if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1) @@ -434,9 +426,8 @@ if (!ctx->engine_id) return 0; DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS, - DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); - ctx->DYNAMIC_LIBNAME = - DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); + DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); + ctx->DYNAMIC_LIBNAME = DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); } if (!int_load(ctx)) { ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_NOT_FOUND); @@ -445,10 +436,8 @@ return 0; } /* We have to find a bind function otherwise it'll always end badly */ - if (! - (ctx->bind_engine = - (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso, - ctx->DYNAMIC_F2))) { + if (!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(ctx->dynamic_dso, + ctx->DYNAMIC_F2))) { ctx->bind_engine = NULL; DSO_free(ctx->dynamic_dso); ctx->dynamic_dso = NULL; @@ -462,9 +451,8 @@ * Now we try to find a version checking function and decide how to * cope with failure if/when it fails. */ - ctx->v_check = - (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso, - ctx->DYNAMIC_F1); + ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(ctx->dynamic_dso, + ctx->DYNAMIC_F1); if (ctx->v_check) vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); /* @@ -496,7 +484,7 @@ */ fns.static_state = ENGINE_get_static_state(); CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn, - &fns.mem_fns.free_fn); + &fns.mem_fns.free_fn); /* * Now that we've loaded the dynamic engine, make sure no "dynamic" * ENGINE elements will show through. @@ -505,7 +493,7 @@ /* Try to bind the ENGINE onto our own ENGINE structure */ if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1) - || !ctx->bind_engine(e, ctx->engine_id, &fns)) { + || !ctx->bind_engine(e, ctx->engine_id, &fns)) { engine_remove_dynamic_id(e, 1); ctx->bind_engine = NULL; ctx->v_check = NULL; --- crypto/openssl/crypto/engine/eng_err.c.orig +++ crypto/openssl/crypto/engine/eng_err.c @@ -14,79 +14,79 @@ #ifndef OPENSSL_NO_ENGINE -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA ENGINE_str_reasons[] = { - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), - "argument is not a number"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE), - "cmd not executable"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT), - "command takes input"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT), - "command takes no input"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID), - "conflicting engine id"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR), - "engines section error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR), - "engine configuration error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST), - "engine is not in the list"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR), - "engine section error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY), - "failed loading private key"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY), - "failed loading public key"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING), - "'id' or 'name' missing"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR), - "internal list error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT), - "invalid argument"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME), - "invalid cmd name"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER), - "invalid cmd number"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE), - "invalid init value"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION), - "no control function"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION), - "no load function"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER), - "unimplemented cipher"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST), - "unimplemented digest"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), - "unimplemented public key method"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY), - "version incompatibility"}, - {0, NULL} + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), + "argument is not a number" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE), + "cmd not executable" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT), + "command takes input" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT), + "command takes no input" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID), + "conflicting engine id" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), + "ctrl command not implemented" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR), + "engines section error" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR), + "engine configuration error" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST), + "engine is not in the list" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR), + "engine section error" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY), + "failed loading private key" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY), + "failed loading public key" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING), + "'id' or 'name' missing" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR), + "internal list error" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT), + "invalid argument" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME), + "invalid cmd name" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER), + "invalid cmd number" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE), + "invalid init value" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION), + "no control function" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION), + "no load function" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER), + "unimplemented cipher" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST), + "unimplemented digest" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), + "unimplemented public key method" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY), + "version incompatibility" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_ENGINE_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(ENGINE_str_reasons[0].error) == NULL) ERR_load_strings_const(ENGINE_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/engine/eng_fat.c.orig +++ crypto/openssl/crypto/engine/eng_fat.c @@ -84,7 +84,7 @@ unsigned int flags = 0; if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_INVALID_STRING, - "str=%s", def_list); + "str=%s", def_list); return 0; } return ENGINE_set_default(e, flags); --- crypto/openssl/crypto/engine/eng_lib.c.orig +++ crypto/openssl/crypto/engine/eng_lib.c @@ -166,7 +166,7 @@ /* The API function that performs all cleanup */ static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item) { - (*(item->cb)) (); + (*(item->cb))(); OPENSSL_free(item); } @@ -174,7 +174,7 @@ { if (int_cleanup_check(0)) { sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, - engine_cleanup_cb_free); + engine_cleanup_cb_free); cleanup_stack = NULL; } CRYPTO_THREAD_lock_free(global_engine_lock); --- crypto/openssl/crypto/engine/eng_list.c.orig +++ crypto/openssl/crypto/engine/eng_list.c @@ -139,7 +139,7 @@ /* Add engine to dynamic engine list. */ int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, - int not_locked) + int not_locked) { int result = 0; ENGINE *iterator = NULL; @@ -184,7 +184,7 @@ e->next_dyn = NULL; result = 1; - err: +err: if (not_locked) CRYPTO_THREAD_unlock(global_engine_lock); return result; @@ -419,16 +419,11 @@ if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL) load_dir = ENGINESDIR; iterator = ENGINE_by_id("dynamic"); - if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || - !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || - !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", - load_dir, 0) || - !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) || - !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) + if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", load_dir, 0) || !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) goto notfound; return iterator; } - notfound: +notfound: ENGINE_free(iterator); ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_NO_SUCH_ENGINE, "id=%s", id); return NULL; --- crypto/openssl/crypto/engine/eng_local.h.orig +++ crypto/openssl/crypto/engine/eng_local.h @@ -9,13 +9,13 @@ */ #ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H -# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H +#define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H -# include -# include "internal/cryptlib.h" -# include "crypto/engine.h" -# include "internal/thread_once.h" -# include "internal/refcount.h" +#include +#include "internal/cryptlib.h" +#include "crypto/engine.h" +#include "internal/thread_once.h" +#include "internal/refcount.h" extern CRYPTO_RWLOCK *global_engine_lock; @@ -25,15 +25,15 @@ * the file:line-number pair. The "ENGINE_REF_PRINT" statements must come * *after* the change. */ -# define ENGINE_REF_PRINT(e, isfunct, diff) \ - OSSL_TRACE6(ENGINE_REF_COUNT, \ - "engine: %p %s from %d to %d (%s:%d)\n", \ - (void *)(e), (isfunct ? "funct" : "struct"), \ - ((isfunct) \ - ? ((e)->funct_ref - (diff)) \ - : ((e)->struct_ref - (diff))), \ - ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ - (OPENSSL_FILE), (OPENSSL_LINE)) +#define ENGINE_REF_PRINT(e, isfunct, diff) \ + OSSL_TRACE6(ENGINE_REF_COUNT, \ + "engine: %p %s from %d to %d (%s:%d)\n", \ + (void *)(e), (isfunct ? "funct" : "struct"), \ + ((isfunct) \ + ? ((e)->funct_ref - (diff)) \ + : ((e)->struct_ref - (diff))), \ + ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ + (OPENSSL_FILE), (OPENSSL_LINE)) /* * Any code that will need cleanup operations should use these functions to @@ -41,7 +41,7 @@ * callbacks in order. NB: both the "add" functions assume the engine lock to * already be held (in "write" mode). */ -typedef void (ENGINE_CLEANUP_CB) (void); +typedef void(ENGINE_CLEANUP_CB)(void); typedef struct st_engine_cleanup_item { ENGINE_CLEANUP_CB *cb; } ENGINE_CLEANUP_ITEM; @@ -58,16 +58,16 @@ */ typedef struct st_engine_table ENGINE_TABLE; int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, - int setdefault); + ENGINE *e, const int *nids, int num_nids, + int setdefault); void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e); void engine_table_cleanup(ENGINE_TABLE **table); ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid, - const char *f, int l); -typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk, - ENGINE *def, void *arg); + const char *f, int l); +typedef void(engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, + ENGINE *def, void *arg); void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, - void *arg); + void *arg); /* * Internal versions of API functions that have control over locking. These @@ -101,7 +101,7 @@ typedef void (*ENGINE_DYNAMIC_ID)(void); int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, - int not_locked); + int not_locked); void engine_remove_dynamic_id(ENGINE *e, int not_locked); /* @@ -158,4 +158,4 @@ DEFINE_LHASH_OF(ENGINE_PILE); -#endif /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */ +#endif /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */ --- crypto/openssl/crypto/engine/eng_openssl.c.orig +++ crypto/openssl/crypto/engine/eng_openssl.c @@ -38,13 +38,13 @@ */ #define TEST_ENG_OPENSSL_RC4 #ifndef OPENSSL_NO_STDIO -# define TEST_ENG_OPENSSL_PKEY +#define TEST_ENG_OPENSSL_PKEY #endif /* #define TEST_ENG_OPENSSL_HMAC */ /* #define TEST_ENG_OPENSSL_HMAC_INIT */ /* #define TEST_ENG_OPENSSL_RC4_OTHERS */ #ifndef OPENSSL_NO_STDIO -# define TEST_ENG_OPENSSL_RC4_P_INIT +#define TEST_ENG_OPENSSL_RC4_P_INIT #endif /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ #define TEST_ENG_OPENSSL_SHA @@ -55,33 +55,33 @@ /* Now check what of those algorithms are actually enabled */ #ifdef OPENSSL_NO_RC4 -# undef TEST_ENG_OPENSSL_RC4 -# undef TEST_ENG_OPENSSL_RC4_OTHERS -# undef TEST_ENG_OPENSSL_RC4_P_INIT -# undef TEST_ENG_OPENSSL_RC4_P_CIPHER +#undef TEST_ENG_OPENSSL_RC4 +#undef TEST_ENG_OPENSSL_RC4_OTHERS +#undef TEST_ENG_OPENSSL_RC4_P_INIT +#undef TEST_ENG_OPENSSL_RC4_P_CIPHER #endif static int openssl_destroy(ENGINE *e); #ifdef TEST_ENG_OPENSSL_RC4 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); + const int **nids, int nid); #endif #ifdef TEST_ENG_OPENSSL_SHA static int openssl_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); + const int **nids, int nid); #endif #ifdef TEST_ENG_OPENSSL_PKEY static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); + UI_METHOD *ui_method, + void *callback_data); #endif #ifdef TEST_ENG_OPENSSL_HMAC static int ossl_register_hmac_meth(void); static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid); + const int **nids, int nid); #endif /* The constants used when creating the ENGINE */ @@ -99,22 +99,22 @@ || !ENGINE_set_destroy_function(e, openssl_destroy) #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS || !ENGINE_set_RSA(e, RSA_get_default_method()) -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC || !ENGINE_set_EC(e, EC_KEY_OpenSSL()) -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, DH_get_default_method()) -# endif +#endif || !ENGINE_set_RAND(e, RAND_OpenSSL()) -# ifdef TEST_ENG_OPENSSL_RC4 +#ifdef TEST_ENG_OPENSSL_RC4 || !ENGINE_set_ciphers(e, openssl_ciphers) -# endif -# ifdef TEST_ENG_OPENSSL_SHA +#endif +#ifdef TEST_ENG_OPENSSL_SHA || !ENGINE_set_digests(e, openssl_digests) -# endif +#endif #endif #ifdef TEST_ENG_OPENSSL_PKEY || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) @@ -123,7 +123,7 @@ || !ossl_register_hmac_meth() || !ENGINE_set_pkey_meths(e, ossl_pkey_meths) #endif - ) + ) return 0; /* * If we add errors to this ENGINE, ensure the error handling is setup @@ -181,8 +181,8 @@ } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* ENGINE_DYNAMIC_SUPPORT */ #ifdef TEST_ENG_OPENSSL_RC4 /*- * This section of code compiles an "alternative implementation" of two modes of @@ -195,21 +195,21 @@ * the "init_key" handler is called. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. */ -# include -# define TEST_RC4_KEY_SIZE 16 +#include +#define TEST_RC4_KEY_SIZE 16 typedef struct { unsigned char key[TEST_RC4_KEY_SIZE]; RC4_KEY ks; } TEST_RC4_KEY; -# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) +#define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { const int n = EVP_CIPHER_CTX_get_key_length(ctx); -# ifdef TEST_ENG_OPENSSL_RC4_P_INIT +#ifdef TEST_ENG_OPENSSL_RC4_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); -# endif +#endif if (n <= 0) return n; memcpy(&test(ctx)->key[0], key, n); @@ -218,11 +218,11 @@ } static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { -# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER +#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); -# endif +#endif RC4(&test(ctx)->ks, inl, in, out); return 1; } @@ -296,7 +296,7 @@ } static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) + const int **nids, int nid) { if (!cipher) { /* We are returning a list of supported nids */ @@ -308,10 +308,11 @@ else if (nid == NID_rc4_40) *cipher = test_r4_40_cipher(); else { -# ifdef TEST_ENG_OPENSSL_RC4_OTHERS +#ifdef TEST_ENG_OPENSSL_RC4_OTHERS fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " - "nid %d\n", nid); -# endif + "nid %d\n", + nid); +#endif *cipher = NULL; return 0; } @@ -321,29 +322,29 @@ #ifdef TEST_ENG_OPENSSL_SHA /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ -# include +#include static int test_sha1_init(EVP_MD_CTX *ctx) { -# ifdef TEST_ENG_OPENSSL_SHA_P_INIT +#ifdef TEST_ENG_OPENSSL_SHA_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); -# endif +#endif return SHA1_Init(EVP_MD_CTX_get0_md_data(ctx)); } static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) { -# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE +#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); -# endif +#endif return SHA1_Update(EVP_MD_CTX_get0_md_data(ctx), data, count); } static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) { -# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL +#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); -# endif +#endif return SHA1_Final(md, EVP_MD_CTX_get0_md_data(ctx)); } @@ -357,7 +358,7 @@ || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) || !EVP_MD_meth_set_app_datasize(md, - sizeof(EVP_MD *) + sizeof(SHA_CTX)) + sizeof(EVP_MD *) + sizeof(SHA_CTX)) || !EVP_MD_meth_set_flags(md, 0) || !EVP_MD_meth_set_init(md, test_sha1_init) || !EVP_MD_meth_set_update(md, test_sha1_update) @@ -392,7 +393,7 @@ } static int openssl_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) + const int **nids, int nid) { if (!digest) { /* We are returning a list of supported nids */ @@ -402,10 +403,11 @@ if (nid == NID_sha1) *digest = test_sha_md(); else { -# ifdef TEST_ENG_OPENSSL_SHA_OTHERS +#ifdef TEST_ENG_OPENSSL_SHA_OTHERS fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " - "nid %d\n", nid); -# endif + "nid %d\n", + nid); +#endif *digest = NULL; return 0; } @@ -415,13 +417,13 @@ #ifdef TEST_ENG_OPENSSL_PKEY static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) + UI_METHOD *ui_method, + void *callback_data) { BIO *in; EVP_PKEY *key; fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", - key_id); + key_id); in = BIO_new_file(key_id, "r"); if (!in) return NULL; @@ -441,8 +443,8 @@ /* HMAC pkey context structure */ typedef struct { - const EVP_MD *md; /* MD for HMAC use */ - ASN1_OCTET_STRING ktmp; /* Temp storage for key */ + const EVP_MD *md; /* MD for HMAC use */ + ASN1_OCTET_STRING ktmp; /* Temp storage for key */ HMAC_CTX *ctx; } OSSL_HMAC_PKEY_CTX; @@ -462,9 +464,9 @@ } EVP_PKEY_CTX_set_data(ctx, hctx); EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); -# ifdef TEST_ENG_OPENSSL_HMAC_INIT +#ifdef TEST_ENG_OPENSSL_HMAC_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n"); -# endif +#endif return 1; } @@ -484,7 +486,7 @@ goto err; if (sctx->ktmp.data) { if (!ASN1_OCTET_STRING_set(&dctx->ktmp, - sctx->ktmp.data, sctx->ktmp.length)) + sctx->ktmp.data, sctx->ktmp.length)) goto err; } return 1; @@ -536,7 +538,7 @@ } static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, EVP_MD_CTX *mctx) + size_t *siglen, EVP_MD_CTX *mctx) { unsigned int hlen; OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); @@ -581,13 +583,12 @@ default: return -2; - } return 1; } static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) + const char *type, const char *value) { if (!value) { return 0; @@ -625,7 +626,7 @@ EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen); EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init, - ossl_hmac_signctx); + ossl_hmac_signctx); EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str); ossl_hmac_meth = meth; @@ -633,7 +634,7 @@ } static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid) + const int **nids, int nid) { static int ossl_pkey_nids[] = { EVP_PKEY_HMAC, @@ -665,4 +666,3 @@ #endif return 1; } - --- crypto/openssl/crypto/engine/eng_pkey.c.orig +++ crypto/openssl/crypto/engine/eng_pkey.c @@ -15,7 +15,7 @@ /* Basic get/set stuff */ int ENGINE_set_load_privkey_function(ENGINE *e, - ENGINE_LOAD_KEY_PTR loadpriv_f) + ENGINE_LOAD_KEY_PTR loadpriv_f) { e->load_privkey = loadpriv_f; return 1; @@ -28,8 +28,8 @@ } int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, - ENGINE_SSL_CLIENT_CERT_PTR - loadssl_f) + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f) { e->load_ssl_client_cert = loadssl_f; return 1; @@ -46,7 +46,7 @@ } ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE - *e) + *e) { return e->load_ssl_client_cert; } @@ -54,7 +54,7 @@ /* API functions to load public/private keys */ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) + UI_METHOD *ui_method, void *callback_data) { EVP_PKEY *pkey; @@ -83,7 +83,7 @@ } EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) + UI_METHOD *ui_method, void *callback_data) { EVP_PKEY *pkey; @@ -112,9 +112,9 @@ } int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, - EVP_PKEY **ppkey, STACK_OF(X509) **pother, - UI_METHOD *ui_method, void *callback_data) + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data) { if (e == NULL) { @@ -134,5 +134,5 @@ return 0; } return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, - ui_method, callback_data); + ui_method, callback_data); } --- crypto/openssl/crypto/engine/eng_rdrand.c.orig +++ crypto/openssl/crypto/engine/eng_rdrand.c @@ -20,9 +20,7 @@ #include #include -#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) +#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) && defined(OPENSSL_CPUID_OBJ) size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); @@ -41,10 +39,10 @@ } static RAND_METHOD rdrand_meth = { - NULL, /* seed */ + NULL, /* seed */ get_random_bytes, - NULL, /* cleanup */ - NULL, /* add */ + NULL, /* cleanup */ + NULL, /* add */ get_random_bytes, random_status, }; @@ -59,11 +57,7 @@ static int bind_helper(ENGINE *e) { - if (!ENGINE_set_id(e, engine_e_rdrand_id) || - !ENGINE_set_name(e, engine_e_rdrand_name) || - !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || - !ENGINE_set_init_function(e, rdrand_init) || - !ENGINE_set_RAND(e, &rdrand_meth)) + if (!ENGINE_set_id(e, engine_e_rdrand_id) || !ENGINE_set_name(e, engine_e_rdrand_name) || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || !ENGINE_set_init_function(e, rdrand_init) || !ENGINE_set_RAND(e, &rdrand_meth)) return 0; return 1; @@ -90,15 +84,15 @@ ERR_set_mark(); ENGINE_add(toadd); /* - * If the "add" worked, it gets a structural reference. So either way, we - * release our just-created reference. - */ + * If the "add" worked, it gets a structural reference. So either way, we + * release our just-created reference. + */ ENGINE_free(toadd); /* - * If the "add" didn't work, it was probably a conflict because it was - * already added (eg. someone calling ENGINE_load_blah then calling - * ENGINE_load_builtin_engines() perhaps). - */ + * If the "add" didn't work, it was probably a conflict because it was + * already added (eg. someone calling ENGINE_load_blah then calling + * ENGINE_load_builtin_engines() perhaps). + */ ERR_pop_to_mark(); } } --- crypto/openssl/crypto/engine/eng_table.c.orig +++ crypto/openssl/crypto/engine/eng_table.c @@ -30,7 +30,7 @@ /* The type exposed in eng_local.h */ struct st_engine_table { LHASH_OF(ENGINE_PILE) piles; -}; /* ENGINE_TABLE */ +}; /* ENGINE_TABLE */ typedef struct st_engine_pile_doall { engine_table_doall_cb *cb; @@ -81,8 +81,8 @@ * ENGINEs from the implementation table */ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, - int setdefault) + ENGINE *e, const int *nids, int num_nids, + int setdefault) { int ret = 0, added = 0; ENGINE_PILE tmplate, *fnd; @@ -143,7 +143,7 @@ nids++; } ret = 1; - end: +end: CRYPTO_THREAD_unlock(global_engine_lock); return ret; } @@ -198,7 +198,7 @@ /* return a functional reference for a given 'nid' */ ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid, - const char *f, int l) + const char *f, int l) { ENGINE *ret = NULL; ENGINE_PILE tmplate, *fnd = NULL; @@ -211,8 +211,8 @@ if (!(*table)) { OSSL_TRACE3(ENGINE_TABLE, - "%s:%d, nid=%d, nothing registered!\n", - f, l, nid); + "%s:%d, nid=%d, nothing registered!\n", + f, l, nid); return NULL; } @@ -232,8 +232,8 @@ goto end; if (fnd->funct && engine_unlocked_init(fnd->funct)) { OSSL_TRACE4(ENGINE_TABLE, - "%s:%d, nid=%d, using ENGINE '%s' cached\n", - f, l, nid, fnd->funct->id); + "%s:%d, nid=%d, using ENGINE '%s' cached\n", + f, l, nid, fnd->funct->id); ret = fnd->funct; goto end; } @@ -241,13 +241,13 @@ ret = fnd->funct; goto end; } - trynext: +trynext: ret = sk_ENGINE_value(fnd->sk, loop++); if (!ret) { OSSL_TRACE3(ENGINE_TABLE, - "%s:%d, nid=%d, " - "no registered implementations would initialise\n", - f, l, nid); + "%s:%d, nid=%d, " + "no registered implementations would initialise\n", + f, l, nid); goto end; } /* Try to initialise the ENGINE? */ @@ -263,16 +263,16 @@ engine_unlocked_finish(fnd->funct, 0); fnd->funct = ret; OSSL_TRACE4(ENGINE_TABLE, - "%s:%d, nid=%d, setting default to '%s'\n", - f, l, nid, ret->id); + "%s:%d, nid=%d, setting default to '%s'\n", + f, l, nid, ret->id); } OSSL_TRACE4(ENGINE_TABLE, - "%s:%d, nid=%d, using newly initialised '%s'\n", - f, l, nid, ret->id); + "%s:%d, nid=%d, using newly initialised '%s'\n", + f, l, nid, ret->id); goto end; } goto trynext; - end: +end: /* * If it failed, it is unlikely to succeed again until some future * registrations have taken place. In all cases, we cache. @@ -281,12 +281,12 @@ fnd->uptodate = 1; if (ret) OSSL_TRACE4(ENGINE_TABLE, - "%s:%d, nid=%d, caching ENGINE '%s'\n", - f, l, nid, ret->id); + "%s:%d, nid=%d, caching ENGINE '%s'\n", + f, l, nid, ret->id); else OSSL_TRACE3(ENGINE_TABLE, - "%s:%d, nid=%d, caching 'no matching ENGINE'\n", - f, l, nid); + "%s:%d, nid=%d, caching 'no matching ENGINE'\n", + f, l, nid); CRYPTO_THREAD_unlock(global_engine_lock); /* * Whatever happened, any failed init()s are not failures in this @@ -306,7 +306,7 @@ IMPLEMENT_LHASH_DOALL_ARG_CONST(ENGINE_PILE, ENGINE_PILE_DOALL); void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, - void *arg) + void *arg) { ENGINE_PILE_DOALL dall; dall.cb = cb; --- crypto/openssl/crypto/engine/tb_asnmth.c.orig +++ crypto/openssl/crypto/engine/tb_asnmth.c @@ -42,8 +42,8 @@ int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); if (num_nids > 0) return engine_table_register(&pkey_asn1_meth_table, - engine_unregister_all_pkey_asn1_meths, - e, nids, num_nids, 0); + engine_unregister_all_pkey_asn1_meths, + e, nids, num_nids, 0); } return 1; } @@ -63,8 +63,8 @@ int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); if (num_nids > 0) return engine_table_register(&pkey_asn1_meth_table, - engine_unregister_all_pkey_asn1_meths, - e, nids, num_nids, 1); + engine_unregister_all_pkey_asn1_meths, + e, nids, num_nids, 1); } return 1; } @@ -77,7 +77,7 @@ ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid) { return ossl_engine_table_select(&pkey_asn1_meth_table, nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* @@ -137,8 +137,8 @@ */ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - const char *str, - int len) + const char *str, + int len) { int i, nidcount; const int *nids; @@ -176,8 +176,8 @@ EVP_PKEY_ASN1_METHOD *ameth; e->pkey_asn1_meths(e, &ameth, NULL, nid); if (ameth != NULL - && ((int)strlen(ameth->pem_str) == lk->len) - && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { + && ((int)strlen(ameth->pem_str) == lk->len) + && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { lk->e = e; lk->ameth = ameth; return; @@ -186,8 +186,8 @@ } const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, - const char *str, - int len) + const char *str, + int len) { ENGINE_FIND_STR fstr; fstr.e = NULL; --- crypto/openssl/crypto/engine/tb_cipher.c.orig +++ crypto/openssl/crypto/engine/tb_cipher.c @@ -31,8 +31,8 @@ int num_nids = e->ciphers(e, NULL, &nids, 0); if (num_nids > 0) return engine_table_register(&cipher_table, - engine_unregister_all_ciphers, e, - nids, num_nids, 0); + engine_unregister_all_ciphers, e, + nids, num_nids, 0); } return 1; } @@ -52,8 +52,8 @@ int num_nids = e->ciphers(e, NULL, &nids, 0); if (num_nids > 0) return engine_table_register(&cipher_table, - engine_unregister_all_ciphers, e, - nids, num_nids, 1); + engine_unregister_all_ciphers, e, + nids, num_nids, 1); } return 1; } @@ -66,7 +66,7 @@ ENGINE *ENGINE_get_cipher_engine(int nid) { return ossl_engine_table_select(&cipher_table, nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* Obtains a cipher implementation from an ENGINE functional reference */ --- crypto/openssl/crypto/engine/tb_dh.c.orig +++ crypto/openssl/crypto/engine/tb_dh.c @@ -29,8 +29,8 @@ { if (e->dh_meth) return engine_table_register(&dh_table, - engine_unregister_all_DH, e, &dummy_nid, - 1, 0); + engine_unregister_all_DH, e, &dummy_nid, + 1, 0); return 1; } @@ -46,8 +46,8 @@ { if (e->dh_meth) return engine_table_register(&dh_table, - engine_unregister_all_DH, e, &dummy_nid, - 1, 1); + engine_unregister_all_DH, e, &dummy_nid, + 1, 1); return 1; } @@ -59,7 +59,7 @@ ENGINE *ENGINE_get_default_DH(void) { return ossl_engine_table_select(&dh_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* Obtains an DH implementation from an ENGINE functional reference */ --- crypto/openssl/crypto/engine/tb_digest.c.orig +++ crypto/openssl/crypto/engine/tb_digest.c @@ -31,8 +31,8 @@ int num_nids = e->digests(e, NULL, &nids, 0); if (num_nids > 0) return engine_table_register(&digest_table, - engine_unregister_all_digests, e, - nids, num_nids, 0); + engine_unregister_all_digests, e, + nids, num_nids, 0); } return 1; } @@ -52,8 +52,8 @@ int num_nids = e->digests(e, NULL, &nids, 0); if (num_nids > 0) return engine_table_register(&digest_table, - engine_unregister_all_digests, e, - nids, num_nids, 1); + engine_unregister_all_digests, e, + nids, num_nids, 1); } return 1; } @@ -66,7 +66,7 @@ ENGINE *ENGINE_get_digest_engine(int nid) { return ossl_engine_table_select(&digest_table, nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* Obtains a digest implementation from an ENGINE functional reference */ --- crypto/openssl/crypto/engine/tb_dsa.c.orig +++ crypto/openssl/crypto/engine/tb_dsa.c @@ -29,8 +29,8 @@ { if (e->dsa_meth) return engine_table_register(&dsa_table, - engine_unregister_all_DSA, e, &dummy_nid, - 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, + 1, 0); return 1; } @@ -46,8 +46,8 @@ { if (e->dsa_meth) return engine_table_register(&dsa_table, - engine_unregister_all_DSA, e, &dummy_nid, - 1, 1); + engine_unregister_all_DSA, e, &dummy_nid, + 1, 1); return 1; } @@ -59,7 +59,7 @@ ENGINE *ENGINE_get_default_DSA(void) { return ossl_engine_table_select(&dsa_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* Obtains an DSA implementation from an ENGINE functional reference */ --- crypto/openssl/crypto/engine/tb_eckey.c.orig +++ crypto/openssl/crypto/engine/tb_eckey.c @@ -29,8 +29,8 @@ { if (e->ec_meth != NULL) return engine_table_register(&dh_table, - engine_unregister_all_EC, e, &dummy_nid, - 1, 0); + engine_unregister_all_EC, e, &dummy_nid, + 1, 0); return 1; } @@ -46,8 +46,8 @@ { if (e->ec_meth != NULL) return engine_table_register(&dh_table, - engine_unregister_all_EC, e, &dummy_nid, - 1, 1); + engine_unregister_all_EC, e, &dummy_nid, + 1, 1); return 1; } @@ -59,7 +59,7 @@ ENGINE *ENGINE_get_default_EC(void) { return ossl_engine_table_select(&dh_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* Obtains an EC_KEY implementation from an ENGINE functional reference */ --- crypto/openssl/crypto/engine/tb_pkmeth.c.orig +++ crypto/openssl/crypto/engine/tb_pkmeth.c @@ -32,8 +32,8 @@ int num_nids = e->pkey_meths(e, NULL, &nids, 0); if (num_nids > 0) return engine_table_register(&pkey_meth_table, - engine_unregister_all_pkey_meths, e, - nids, num_nids, 0); + engine_unregister_all_pkey_meths, e, + nids, num_nids, 0); } return 1; } @@ -53,8 +53,8 @@ int num_nids = e->pkey_meths(e, NULL, &nids, 0); if (num_nids > 0) return engine_table_register(&pkey_meth_table, - engine_unregister_all_pkey_meths, e, - nids, num_nids, 1); + engine_unregister_all_pkey_meths, e, + nids, num_nids, 1); } return 1; } @@ -67,7 +67,7 @@ ENGINE *ENGINE_get_pkey_meth_engine(int nid) { return ossl_engine_table_select(&pkey_meth_table, nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* Obtains a pkey_meth implementation from an ENGINE functional reference */ --- crypto/openssl/crypto/engine/tb_rand.c.orig +++ crypto/openssl/crypto/engine/tb_rand.c @@ -29,8 +29,8 @@ { if (e->rand_meth) return engine_table_register(&rand_table, - engine_unregister_all_RAND, e, - &dummy_nid, 1, 0); + engine_unregister_all_RAND, e, + &dummy_nid, 1, 0); return 1; } @@ -46,8 +46,8 @@ { if (e->rand_meth) return engine_table_register(&rand_table, - engine_unregister_all_RAND, e, - &dummy_nid, 1, 1); + engine_unregister_all_RAND, e, + &dummy_nid, 1, 1); return 1; } @@ -59,7 +59,7 @@ ENGINE *ENGINE_get_default_RAND(void) { return ossl_engine_table_select(&rand_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* Obtains an RAND implementation from an ENGINE functional reference */ --- crypto/openssl/crypto/engine/tb_rsa.c.orig +++ crypto/openssl/crypto/engine/tb_rsa.c @@ -29,8 +29,8 @@ { if (e->rsa_meth) return engine_table_register(&rsa_table, - engine_unregister_all_RSA, e, &dummy_nid, - 1, 0); + engine_unregister_all_RSA, e, &dummy_nid, + 1, 0); return 1; } @@ -46,8 +46,8 @@ { if (e->rsa_meth) return engine_table_register(&rsa_table, - engine_unregister_all_RSA, e, &dummy_nid, - 1, 1); + engine_unregister_all_RSA, e, &dummy_nid, + 1, 1); return 1; } @@ -59,7 +59,7 @@ ENGINE *ENGINE_get_default_RSA(void) { return ossl_engine_table_select(&rsa_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); + OPENSSL_FILE, OPENSSL_LINE); } /* Obtains an RSA implementation from an ENGINE functional reference */ --- crypto/openssl/crypto/err/err.c.orig +++ crypto/openssl/crypto/err/err.c @@ -36,50 +36,50 @@ static void ERR_STATE_free(ERR_STATE *s); #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA ERR_str_libraries[] = { - {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"}, - {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"}, - {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"}, - {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"}, - {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"}, - {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"}, - {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"}, - {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"}, - {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"}, - {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"}, - {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"}, - {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"}, - {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"}, - {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"}, - {ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines"}, - {ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines"}, - {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"}, - {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"}, - {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"}, - {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"}, - {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"}, - {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"}, - {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"}, - {ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines"}, - {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, - {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, - {ERR_PACK(ERR_LIB_CRMF, 0, 0), "CRMF routines"}, - {ERR_PACK(ERR_LIB_CMP, 0, 0), "CMP routines"}, - {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"}, - {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"}, - {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"}, - {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"}, - {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"}, - {ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines"}, - {ERR_PACK(ERR_LIB_PROV, 0, 0), "Provider routines"}, - {ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, 0), "ENCODER routines"}, - {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, 0), "DECODER routines"}, - {ERR_PACK(ERR_LIB_HTTP, 0, 0), "HTTP routines"}, - {0, NULL}, + { ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library" }, + { ERR_PACK(ERR_LIB_SYS, 0, 0), "system library" }, + { ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines" }, + { ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines" }, + { ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines" }, + { ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines" }, + { ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines" }, + { ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines" }, + { ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines" }, + { ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines" }, + { ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines" }, + { ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines" }, + { ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines" }, + { ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines" }, + { ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines" }, + { ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines" }, + { ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines" }, + { ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines" }, + { ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines" }, + { ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines" }, + { ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator" }, + { ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines" }, + { ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines" }, + { ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines" }, + { ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines" }, + { ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines" }, + { ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines" }, + { ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines" }, + { ERR_PACK(ERR_LIB_CRMF, 0, 0), "CRMF routines" }, + { ERR_PACK(ERR_LIB_CMP, 0, 0), "CMP routines" }, + { ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines" }, + { ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines" }, + { ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines" }, + { ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines" }, + { ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines" }, + { ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines" }, + { ERR_PACK(ERR_LIB_PROV, 0, 0), "Provider routines" }, + { ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, 0), "ENCODER routines" }, + { ERR_PACK(ERR_LIB_OSSL_DECODER, 0, 0), "DECODER routines" }, + { ERR_PACK(ERR_LIB_HTTP, 0, 0), "HTTP routines" }, + { 0, NULL }, }; /* @@ -87,55 +87,55 @@ * are listed. For maintainability, please keep all reasons in the same order. */ static ERR_STRING_DATA ERR_str_reasons[] = { - {ERR_R_SYS_LIB, "system lib"}, - {ERR_R_BN_LIB, "BN lib"}, - {ERR_R_RSA_LIB, "RSA lib"}, - {ERR_R_DH_LIB, "DH lib"}, - {ERR_R_EVP_LIB, "EVP lib"}, - {ERR_R_BUF_LIB, "BUF lib"}, - {ERR_R_OBJ_LIB, "OBJ lib"}, - {ERR_R_PEM_LIB, "PEM lib"}, - {ERR_R_DSA_LIB, "DSA lib"}, - {ERR_R_X509_LIB, "X509 lib"}, - {ERR_R_ASN1_LIB, "ASN1 lib"}, - {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, - {ERR_R_EC_LIB, "EC lib"}, - {ERR_R_BIO_LIB, "BIO lib"}, - {ERR_R_PKCS7_LIB, "PKCS7 lib"}, - {ERR_R_X509V3_LIB, "X509V3 lib"}, - {ERR_R_ENGINE_LIB, "ENGINE lib"}, - {ERR_R_UI_LIB, "UI lib"}, - {ERR_R_ECDSA_LIB, "ECDSA lib"}, - {ERR_R_OSSL_STORE_LIB, "OSSL_STORE lib"}, - {ERR_R_OSSL_DECODER_LIB, "OSSL_DECODER lib"}, - - {ERR_R_FATAL, "fatal"}, - {ERR_R_MALLOC_FAILURE, "malloc failure"}, - {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, - "called a function you should not call"}, - {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, - {ERR_R_INTERNAL_ERROR, "internal error"}, - {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, - {ERR_R_INIT_FAIL, "init fail"}, - {ERR_R_PASSED_INVALID_ARGUMENT, "passed invalid argument"}, - {ERR_R_OPERATION_FAIL, "operation fail"}, - {ERR_R_INVALID_PROVIDER_FUNCTIONS, "invalid provider functions"}, - {ERR_R_INTERRUPTED_OR_CANCELLED, "interrupted or cancelled"}, - {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, - {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, + { ERR_R_SYS_LIB, "system lib" }, + { ERR_R_BN_LIB, "BN lib" }, + { ERR_R_RSA_LIB, "RSA lib" }, + { ERR_R_DH_LIB, "DH lib" }, + { ERR_R_EVP_LIB, "EVP lib" }, + { ERR_R_BUF_LIB, "BUF lib" }, + { ERR_R_OBJ_LIB, "OBJ lib" }, + { ERR_R_PEM_LIB, "PEM lib" }, + { ERR_R_DSA_LIB, "DSA lib" }, + { ERR_R_X509_LIB, "X509 lib" }, + { ERR_R_ASN1_LIB, "ASN1 lib" }, + { ERR_R_CRYPTO_LIB, "CRYPTO lib" }, + { ERR_R_EC_LIB, "EC lib" }, + { ERR_R_BIO_LIB, "BIO lib" }, + { ERR_R_PKCS7_LIB, "PKCS7 lib" }, + { ERR_R_X509V3_LIB, "X509V3 lib" }, + { ERR_R_ENGINE_LIB, "ENGINE lib" }, + { ERR_R_UI_LIB, "UI lib" }, + { ERR_R_ECDSA_LIB, "ECDSA lib" }, + { ERR_R_OSSL_STORE_LIB, "OSSL_STORE lib" }, + { ERR_R_OSSL_DECODER_LIB, "OSSL_DECODER lib" }, + + { ERR_R_FATAL, "fatal" }, + { ERR_R_MALLOC_FAILURE, "malloc failure" }, + { ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, + "called a function you should not call" }, + { ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter" }, + { ERR_R_INTERNAL_ERROR, "internal error" }, + { ERR_R_DISABLED, "called a function that was disabled at compile-time" }, + { ERR_R_INIT_FAIL, "init fail" }, + { ERR_R_PASSED_INVALID_ARGUMENT, "passed invalid argument" }, + { ERR_R_OPERATION_FAIL, "operation fail" }, + { ERR_R_INVALID_PROVIDER_FUNCTIONS, "invalid provider functions" }, + { ERR_R_INTERRUPTED_OR_CANCELLED, "interrupted or cancelled" }, + { ERR_R_NESTED_ASN1_ERROR, "nested asn1 error" }, + { ERR_R_MISSING_ASN1_EOS, "missing asn1 eos" }, /* * Something is unsupported, exactly what is expressed with additional data */ - {ERR_R_UNSUPPORTED, "unsupported"}, + { ERR_R_UNSUPPORTED, "unsupported" }, /* * A fetch failed for other reasons than the name to be fetched being * unsupported. */ - {ERR_R_FETCH_FAILED, "fetch failed"}, - {ERR_R_INVALID_PROPERTY_DEFINITION, "invalid property definition"}, - {ERR_R_UNABLE_TO_GET_READ_LOCK, "unable to get read lock"}, - {ERR_R_UNABLE_TO_GET_WRITE_LOCK, "unable to get write lock"}, - {0, NULL}, + { ERR_R_FETCH_FAILED, "fetch failed" }, + { ERR_R_INVALID_PROPERTY_DEFINITION, "invalid property definition" }, + { ERR_R_UNABLE_TO_GET_READ_LOCK, "unable to get read lock" }, + { ERR_R_UNABLE_TO_GET_WRITE_LOCK, "unable to get write lock" }, + { 0, NULL }, }; #endif @@ -160,13 +160,15 @@ static int int_err_library_number = ERR_LIB_USER; typedef enum ERR_GET_ACTION_e { - EV_POP, EV_PEEK, EV_PEEK_LAST + EV_POP, + EV_PEEK, + EV_PEEK_LAST } ERR_GET_ACTION; static unsigned long get_error_values(ERR_GET_ACTION g, - const char **file, int *line, - const char **func, const char **data, - int *flags); + const char **file, int *line, + const char **func, const char **data, + int *flags); #ifndef OPENSSL_NO_ERR static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) @@ -179,7 +181,7 @@ } static int err_string_data_cmp(const ERR_STRING_DATA *a, - const ERR_STRING_DATA *b) + const ERR_STRING_DATA *b) { if (a->error == b->error) return 0; @@ -220,7 +222,7 @@ return 0; #ifndef OPENSSL_NO_ERR int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, - err_string_data_cmp); + err_string_data_cmp); if (int_error_hash == NULL) { CRYPTO_THREAD_lock_free(err_string_lock); err_string_lock = NULL; @@ -263,7 +265,7 @@ return 0; for (; str->error; str++) (void)lh_ERR_STRING_DATA_insert(int_error_hash, - (ERR_STRING_DATA *)str); + (ERR_STRING_DATA *)str); CRYPTO_THREAD_unlock(err_string_lock); return 1; } @@ -353,8 +355,8 @@ } unsigned long ERR_get_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags) + const char **func, + const char **data, int *flags) { return get_error_values(EV_POP, file, line, func, data, flags); } @@ -366,7 +368,7 @@ } unsigned long ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags) + const char **data, int *flags) { return get_error_values(EV_POP, file, line, NULL, data, flags); } @@ -393,15 +395,15 @@ } unsigned long ERR_peek_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags) + const char **func, + const char **data, int *flags) { return get_error_values(EV_PEEK, file, line, func, data, flags); } #ifndef OPENSSL_NO_DEPRECATED_3_0 unsigned long ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags) + const char **data, int *flags) { return get_error_values(EV_PEEK, file, line, NULL, data, flags); } @@ -428,24 +430,24 @@ } unsigned long ERR_peek_last_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags) + const char **func, + const char **data, int *flags) { return get_error_values(EV_PEEK_LAST, file, line, func, data, flags); } #ifndef OPENSSL_NO_DEPRECATED_3_0 unsigned long ERR_peek_last_error_line_data(const char **file, int *line, - const char **data, int *flags) + const char **data, int *flags) { return get_error_values(EV_PEEK_LAST, file, line, NULL, data, flags); } #endif static unsigned long get_error_values(ERR_GET_ACTION g, - const char **file, int *line, - const char **func, - const char **data, int *flags) + const char **file, int *line, + const char **func, + const char **data, int *flags) { int i = 0; ERR_STATE *es; @@ -520,7 +522,7 @@ } void ossl_err_string_int(unsigned long e, const char *func, - char *buf, size_t len) + char *buf, size_t len) { char lsbuf[64], rsbuf[256]; const char *ls, *rs = NULL; @@ -563,7 +565,6 @@ } } - void ERR_error_string_n(unsigned long e, char *buf, size_t len) { ossl_err_string_int(e, "", buf, len); @@ -681,11 +682,11 @@ return NULL; state = CRYPTO_THREAD_get_local(&err_thread_local); - if (state == (ERR_STATE*)-1) + if (state == (ERR_STATE *)-1) return NULL; if (state == NULL) { - if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) + if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE *)-1)) return NULL; if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) { @@ -694,7 +695,7 @@ } if (!ossl_init_thread_start(NULL, NULL, err_delete_thread_state) - || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { + || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { ERR_STATE_free(state); CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; @@ -715,7 +716,6 @@ } #endif - /* * err_shelve_state returns the current thread local error state * and freezes the error module until err_unshelve_state is called. @@ -743,7 +743,7 @@ return 0; *state = CRYPTO_THREAD_get_local(&err_thread_local); - if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) + if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE *)-1)) return 0; set_sys_error(saveerrno); @@ -754,10 +754,10 @@ * err_unshelve_state restores the error state that was returned * by err_shelve_state previously. */ -void err_unshelve_state(void* state) +void err_unshelve_state(void *state) { - if (state != (void*)-1) - CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state); + if (state != (void *)-1) + CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE *)state); } int ERR_get_next_error_library(void) @@ -775,7 +775,7 @@ } static int err_set_error_data_int(char *data, size_t size, int flags, - int deallocate) + int deallocate) { ERR_STATE *es; @@ -898,7 +898,7 @@ return 0; while (es->bottom != es->top - && es->err_marks[es->top] == 0) { + && es->err_marks[es->top] == 0) { err_clear(es, es->top, 0); es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1; } @@ -920,7 +920,7 @@ top = es->top; while (es->bottom != top - && es->err_marks[top] == 0) { + && es->err_marks[top] == 0) { top = top > 0 ? top - 1 : ERR_NUM_ERRORS - 1; } @@ -946,6 +946,6 @@ * accessing the same error stack location, revealing timing information. */ clear = constant_time_select_int(constant_time_eq_int(clear, 0), - 0, ERR_FLAG_CLEAR); + 0, ERR_FLAG_CLEAR); es->err_flags[top] |= clear; } --- crypto/openssl/crypto/err/err_all.c.orig +++ crypto/openssl/crypto/err/err_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,7 @@ #include "crypto/cmperr.h" #include "crypto/cterr.h" #include "crypto/asyncerr.h" +#include "crypto/sm2err.h" #include "crypto/storeerr.h" #include "crypto/esserr.h" #include "internal/propertyerr.h" @@ -52,26 +53,26 @@ || ossl_err_load_ERR_strings() == 0 /* include error strings for SYSerr */ || ossl_err_load_BN_strings() == 0 || ossl_err_load_RSA_strings() == 0 -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH || ossl_err_load_DH_strings() == 0 -# endif +#endif || ossl_err_load_EVP_strings() == 0 || ossl_err_load_BUF_strings() == 0 || ossl_err_load_OBJ_strings() == 0 || ossl_err_load_PEM_strings() == 0 -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA || ossl_err_load_DSA_strings() == 0 -# endif +#endif || ossl_err_load_X509_strings() == 0 || ossl_err_load_ASN1_strings() == 0 || ossl_err_load_CONF_strings() == 0 || ossl_err_load_CRYPTO_strings() == 0 -# ifndef OPENSSL_NO_COMP +#ifndef OPENSSL_NO_COMP || ossl_err_load_COMP_strings() == 0 -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC || ossl_err_load_EC_strings() == 0 -# endif +#endif /* skip ossl_err_load_SSL_strings() because it is not in this library */ || ossl_err_load_BIO_strings() == 0 || ossl_err_load_PKCS7_strings() == 0 @@ -79,34 +80,37 @@ || ossl_err_load_PKCS12_strings() == 0 || ossl_err_load_RAND_strings() == 0 || ossl_err_load_DSO_strings() == 0 -# ifndef OPENSSL_NO_TS +#ifndef OPENSSL_NO_TS || ossl_err_load_TS_strings() == 0 -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE || ossl_err_load_ENGINE_strings() == 0 -# endif +#endif || ossl_err_load_HTTP_strings() == 0 -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP || ossl_err_load_OCSP_strings() == 0 -# endif +#endif || ossl_err_load_UI_strings() == 0 -# ifndef OPENSSL_NO_CMS +#ifndef OPENSSL_NO_CMS || ossl_err_load_CMS_strings() == 0 -# endif -# ifndef OPENSSL_NO_CRMF +#endif +#ifndef OPENSSL_NO_CRMF || ossl_err_load_CRMF_strings() == 0 || ossl_err_load_CMP_strings() == 0 -# endif -# ifndef OPENSSL_NO_CT +#endif +#ifndef OPENSSL_NO_CT || ossl_err_load_CT_strings() == 0 -# endif +#endif || ossl_err_load_ESS_strings() == 0 || ossl_err_load_ASYNC_strings() == 0 +#ifndef OPENSSL_NO_SM2 + || ossl_err_load_SM2_strings() == 0 +#endif || ossl_err_load_OSSL_STORE_strings() == 0 || ossl_err_load_PROP_strings() == 0 || ossl_err_load_PROV_strings() == 0 #endif - ) + ) return 0; return 1; --- crypto/openssl/crypto/err/err_all_legacy.c.orig +++ crypto/openssl/crypto/err/err_all_legacy.c @@ -12,94 +12,94 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 -# include "crypto/err.h" -# include "crypto/asn1err.h" -# include "crypto/asyncerr.h" -# include "crypto/bnerr.h" -# include "crypto/buffererr.h" -# include "crypto/bioerr.h" -# include "crypto/cmserr.h" -# include "crypto/comperr.h" -# include "crypto/conferr.h" -# include "crypto/cryptoerr.h" -# include "crypto/cterr.h" -# include "crypto/dherr.h" -# include "crypto/dsaerr.h" -# include "internal/dsoerr.h" -# include "crypto/ecerr.h" -# include "crypto/engineerr.h" -# include "crypto/evperr.h" -# include "crypto/httperr.h" -# include "crypto/objectserr.h" -# include "crypto/ocsperr.h" -# include "crypto/pemerr.h" -# include "crypto/pkcs12err.h" -# include "crypto/pkcs7err.h" -# include "crypto/randerr.h" -# include "crypto/rsaerr.h" -# include "crypto/storeerr.h" -# include "crypto/tserr.h" -# include "crypto/uierr.h" -# include "crypto/x509err.h" -# include "crypto/x509v3err.h" +#include "crypto/err.h" +#include "crypto/asn1err.h" +#include "crypto/asyncerr.h" +#include "crypto/bnerr.h" +#include "crypto/buffererr.h" +#include "crypto/bioerr.h" +#include "crypto/cmserr.h" +#include "crypto/comperr.h" +#include "crypto/conferr.h" +#include "crypto/cryptoerr.h" +#include "crypto/cterr.h" +#include "crypto/dherr.h" +#include "crypto/dsaerr.h" +#include "internal/dsoerr.h" +#include "crypto/ecerr.h" +#include "crypto/engineerr.h" +#include "crypto/evperr.h" +#include "crypto/httperr.h" +#include "crypto/objectserr.h" +#include "crypto/ocsperr.h" +#include "crypto/pemerr.h" +#include "crypto/pkcs12err.h" +#include "crypto/pkcs7err.h" +#include "crypto/randerr.h" +#include "crypto/rsaerr.h" +#include "crypto/storeerr.h" +#include "crypto/tserr.h" +#include "crypto/uierr.h" +#include "crypto/x509err.h" +#include "crypto/x509v3err.h" -# ifdef OPENSSL_NO_ERR -# define IMPLEMENT_LEGACY_ERR_LOAD(lib) \ - int ERR_load_##lib##_strings(void) \ - { \ - return 1; \ +#ifdef OPENSSL_NO_ERR +#define IMPLEMENT_LEGACY_ERR_LOAD(lib) \ + int ERR_load_##lib##_strings(void) \ + { \ + return 1; \ } -# else -# define IMPLEMENT_LEGACY_ERR_LOAD(lib) \ +#else +#define IMPLEMENT_LEGACY_ERR_LOAD(lib) \ int ERR_load_##lib##_strings(void) \ { \ return ossl_err_load_##lib##_strings(); \ } -# endif +#endif IMPLEMENT_LEGACY_ERR_LOAD(ASN1) IMPLEMENT_LEGACY_ERR_LOAD(ASYNC) IMPLEMENT_LEGACY_ERR_LOAD(BIO) IMPLEMENT_LEGACY_ERR_LOAD(BN) IMPLEMENT_LEGACY_ERR_LOAD(BUF) -# ifndef OPENSSL_NO_CMS +#ifndef OPENSSL_NO_CMS IMPLEMENT_LEGACY_ERR_LOAD(CMS) -# endif -# ifndef OPENSSL_NO_COMP +#endif +#ifndef OPENSSL_NO_COMP IMPLEMENT_LEGACY_ERR_LOAD(COMP) -# endif +#endif IMPLEMENT_LEGACY_ERR_LOAD(CONF) IMPLEMENT_LEGACY_ERR_LOAD(CRYPTO) -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT IMPLEMENT_LEGACY_ERR_LOAD(CT) -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH IMPLEMENT_LEGACY_ERR_LOAD(DH) -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA IMPLEMENT_LEGACY_ERR_LOAD(DSA) -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC IMPLEMENT_LEGACY_ERR_LOAD(EC) -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE IMPLEMENT_LEGACY_ERR_LOAD(ENGINE) -# endif +#endif IMPLEMENT_LEGACY_ERR_LOAD(ERR) IMPLEMENT_LEGACY_ERR_LOAD(EVP) IMPLEMENT_LEGACY_ERR_LOAD(OBJ) -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP IMPLEMENT_LEGACY_ERR_LOAD(OCSP) -# endif +#endif IMPLEMENT_LEGACY_ERR_LOAD(PEM) IMPLEMENT_LEGACY_ERR_LOAD(PKCS12) IMPLEMENT_LEGACY_ERR_LOAD(PKCS7) IMPLEMENT_LEGACY_ERR_LOAD(RAND) IMPLEMENT_LEGACY_ERR_LOAD(RSA) IMPLEMENT_LEGACY_ERR_LOAD(OSSL_STORE) -# ifndef OPENSSL_NO_TS +#ifndef OPENSSL_NO_TS IMPLEMENT_LEGACY_ERR_LOAD(TS) -# endif +#endif IMPLEMENT_LEGACY_ERR_LOAD(UI) IMPLEMENT_LEGACY_ERR_LOAD(X509) IMPLEMENT_LEGACY_ERR_LOAD(X509V3) --- crypto/openssl/crypto/err/err_local.h.orig +++ crypto/openssl/crypto/err/err_local.h @@ -37,17 +37,16 @@ } static ossl_inline void err_set_error(ERR_STATE *es, size_t i, - int lib, int reason) + int lib, int reason) { - es->err_buffer[i] = - lib == ERR_LIB_SYS - ? (unsigned int)(ERR_SYSTEM_FLAG | reason) + es->err_buffer[i] = lib == ERR_LIB_SYS + ? (unsigned int)(ERR_SYSTEM_FLAG | reason) : ERR_PACK(lib, 0, reason); } static ossl_inline void err_set_debug(ERR_STATE *es, size_t i, - const char *file, int line, - const char *fn) + const char *file, int line, + const char *fn) { /* * We dup the file and fn strings because they may be provider owned. If the @@ -67,7 +66,7 @@ } static ossl_inline void err_set_data(ERR_STATE *es, size_t i, - void *data, size_t datasz, int flags) + void *data, size_t datasz, int flags) { if ((es->err_data_flags[i] & ERR_TXT_MALLOCED) != 0) OPENSSL_free(es->err_data[i]); @@ -91,4 +90,4 @@ ERR_STATE *ossl_err_get_state_int(void); void ossl_err_string_int(unsigned long e, const char *func, - char *buf, size_t len); + char *buf, size_t len); --- crypto/openssl/crypto/err/err_prn.c.orig +++ crypto/openssl/crypto/err/err_prn.c @@ -17,8 +17,8 @@ #include "err_local.h" #define ERR_PRINT_BUF_SIZE 4096 -void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), - void *u) +void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), + void *u) { CRYPTO_THREAD_ID tid = CRYPTO_THREAD_get_current_id(); unsigned long l; @@ -39,16 +39,16 @@ ossl_err_string_int(l, func, buf + offset, sizeof(buf) - offset); offset += strlen(buf + offset); BIO_snprintf(buf + offset, sizeof(buf) - offset, ":%s:%d:%s\n", - file, line, data); + file, line, data); OPENSSL_free(hex); if (cb(buf, strlen(buf), u) <= 0) - break; /* abort outputting the error report */ + break; /* abort outputting the error report */ } } /* auxiliary function for incrementally reporting texts via the error queue */ static void put_error(int lib, const char *func, int reason, - const char *file, int line) + const char *file, int line) { ERR_new(); ERR_set_debug(file, line, func); @@ -87,7 +87,7 @@ /* workaround for limit of ERR_print_errors_cb() */ if (data_len >= MAX_DATA_LEN - || strlen(separator) >= (size_t)(MAX_DATA_LEN - data_len)) + || strlen(separator) >= (size_t)(MAX_DATA_LEN - data_len)) available_len = 0; else available_len = MAX_DATA_LEN - data_len - strlen(separator) - 1; --- crypto/openssl/crypto/ess/ess_asn1.c.orig +++ crypto/openssl/crypto/ess/ess_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,41 +17,41 @@ /* ASN1 stuff for ESS Structure */ ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = { - ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME), - ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER) + ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME), + ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER) } static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL) IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) ASN1_SEQUENCE(ESS_CERT_ID) = { - ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING), - ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL) + ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING), + ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID) IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID) ASN1_SEQUENCE(ESS_SIGNING_CERT) = { - ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID), - ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO) + ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID), + ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO) } ASN1_SEQUENCE_END(ESS_SIGNING_CERT) IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) ASN1_SEQUENCE(ESS_CERT_ID_V2) = { - ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), - ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), - ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) + ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), + ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), + ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2) IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { - ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), - ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) + ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), + ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT_V2) --- crypto/openssl/crypto/ess/ess_err.c.orig +++ crypto/openssl/crypto/ess/ess_err.c @@ -15,25 +15,25 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA ESS_str_reasons[] = { - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_EMPTY_ESS_CERT_ID_LIST), - "empty ess cert id list"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_DIGEST_ERROR), - "ess cert digest error"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_ID_NOT_FOUND), - "ess cert id not found"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_ID_WRONG_ORDER), - "ess cert id wrong order"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_DIGEST_ALG_UNKNOWN), - "ess digest alg unknown"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERTIFICATE_ERROR), - "ess signing certificate error"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERT_ADD_ERROR), - "ess signing cert add error"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR), - "ess signing cert v2 add error"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE), - "missing signing certificate attribute"}, - {0, NULL} + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_EMPTY_ESS_CERT_ID_LIST), + "empty ess cert id list" }, + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_DIGEST_ERROR), + "ess cert digest error" }, + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_ID_NOT_FOUND), + "ess cert id not found" }, + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_ID_WRONG_ORDER), + "ess cert id wrong order" }, + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_DIGEST_ALG_UNKNOWN), + "ess digest alg unknown" }, + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERTIFICATE_ERROR), + "ess signing certificate error" }, + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERT_ADD_ERROR), + "ess signing cert add error" }, + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR), + "ess signing cert v2 add error" }, + { ERR_PACK(ERR_LIB_ESS, 0, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE), + "missing signing certificate attribute" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/ess/ess_lib.c.orig +++ crypto/openssl/crypto/ess/ess_lib.c @@ -16,14 +16,14 @@ #include "crypto/x509.h" static ESS_CERT_ID *ESS_CERT_ID_new_init(const X509 *cert, - int set_issuer_serial); + int set_issuer_serial); static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, - const X509 *cert, - int set_issuer_serial); + const X509 *cert, + int set_issuer_serial); ESS_SIGNING_CERT *OSSL_ESS_signing_cert_new_init(const X509 *signcert, - const STACK_OF(X509) *certs, - int set_issuer_serial) + const STACK_OF(X509) *certs, + int set_issuer_serial) { ESS_CERT_ID *cid = NULL; ESS_SIGNING_CERT *sc; @@ -47,7 +47,7 @@ } return sc; - err: +err: ESS_SIGNING_CERT_free(sc); ESS_CERT_ID_free(cid); ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); @@ -55,7 +55,7 @@ } static ESS_CERT_ID *ESS_CERT_ID_new_init(const X509 *cert, - int set_issuer_serial) + int set_issuer_serial) { ESS_CERT_ID *cid = NULL; GENERAL_NAME *name = NULL; @@ -82,14 +82,13 @@ goto err; if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) goto err; - name = NULL; /* Ownership is lost. */ + name = NULL; /* Ownership is lost. */ ASN1_INTEGER_free(cid->issuer_serial->serial); - if ((cid->issuer_serial->serial = - ASN1_INTEGER_dup(X509_get0_serialNumber(cert))) == NULL) + if ((cid->issuer_serial->serial = ASN1_INTEGER_dup(X509_get0_serialNumber(cert))) == NULL) goto err; return cid; - err: +err: GENERAL_NAME_free(name); ESS_CERT_ID_free(cid); ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); @@ -97,10 +96,9 @@ } ESS_SIGNING_CERT_V2 *OSSL_ESS_signing_cert_v2_new_init(const EVP_MD *hash_alg, - const X509 *signcert, - const - STACK_OF(X509) *certs, - int set_issuer_serial) + const X509 *signcert, + const STACK_OF(X509) *certs, + int set_issuer_serial) { ESS_CERT_ID_V2 *cid = NULL; ESS_SIGNING_CERT_V2 *sc; @@ -126,7 +124,7 @@ } return sc; - err: +err: ESS_SIGNING_CERT_V2_free(sc); ESS_CERT_ID_V2_free(cid); ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); @@ -134,8 +132,8 @@ } static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, - const X509 *cert, - int set_issuer_serial) + const X509 *cert, + int set_issuer_serial) { ESS_CERT_ID_V2 *cid; GENERAL_NAME *name = NULL; @@ -179,14 +177,14 @@ goto err; if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) goto err; - name = NULL; /* Ownership is lost. */ + name = NULL; /* Ownership is lost. */ ASN1_INTEGER_free(cid->issuer_serial->serial); cid->issuer_serial->serial = ASN1_INTEGER_dup(X509_get0_serialNumber(cert)); if (cid->issuer_serial->serial == NULL) goto err; return cid; - err: +err: X509_ALGOR_free(alg); GENERAL_NAME_free(name); ESS_CERT_ID_V2_free(cid); @@ -215,7 +213,7 @@ * Return 0 on not found, -1 on error, else 1 + the position in |certs|. */ static int find(const ESS_CERT_ID *cid, const ESS_CERT_ID_V2 *cid_v2, - int index, const STACK_OF(X509) *certs) + int index, const STACK_OF(X509) *certs) { const X509 *cert; EVP_MD *md = NULL; @@ -256,13 +254,14 @@ cid_hash_len = cid != NULL ? cid->hash->length : cid_v2->hash->length; if (!X509_digest(cert, md, cert_digest, &len) - || cid_hash_len != len) { + || cid_hash_len != len) { ERR_raise(ERR_LIB_ESS, ESS_R_ESS_CERT_DIGEST_ERROR); goto end; } if (memcmp(cid != NULL ? cid->hash->data : cid_v2->hash->data, - cert_digest, len) == 0) { + cert_digest, len) + == 0) { is = cid != NULL ? cid->issuer_serial : cid_v2->issuer_serial; /* Well, it's not really required to match the serial numbers. */ if (is == NULL || ess_issuer_serial_cmp(is, cert) == 0) { @@ -284,9 +283,9 @@ } int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss, - const ESS_SIGNING_CERT_V2 *ssv2, - const STACK_OF(X509) *chain, - int require_signing_cert) + const ESS_SIGNING_CERT_V2 *ssv2, + const STACK_OF(X509) *chain, + int require_signing_cert) { int n_v1 = ss == NULL ? -1 : sk_ESS_CERT_ID_num(ss->cert_ids); int n_v2 = ssv2 == NULL ? -1 : sk_ESS_CERT_ID_V2_num(ssv2->cert_ids); --- crypto/openssl/crypto/evp/asymcipher.c.orig +++ crypto/openssl/crypto/evp/asymcipher.c @@ -18,7 +18,7 @@ #include "evp_local.h" static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { int ret = 0; void *provkey = NULL; @@ -51,14 +51,14 @@ * Try to derive the supported asym cipher from |ctx->keymgmt|. */ if (!ossl_assert(ctx->pkey->keymgmt == NULL - || ctx->pkey->keymgmt == ctx->keymgmt)) { + || ctx->pkey->keymgmt == ctx->keymgmt)) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); goto err; } supported_ciph = evp_keymgmt_util_query_operation_name(ctx->keymgmt, - OSSL_OP_ASYM_CIPHER); + OSSL_OP_ASYM_CIPHER); if (supported_ciph == NULL) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -96,15 +96,14 @@ switch (iter) { case 1: cipher = EVP_ASYM_CIPHER_fetch(ctx->libctx, supported_ciph, - ctx->propquery); + ctx->propquery); if (cipher != NULL) tmp_prov = EVP_ASYM_CIPHER_get0_provider(cipher); break; case 2: tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); - cipher = - evp_asym_cipher_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_ciph, ctx->propquery); + cipher = evp_asym_cipher_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + supported_ciph, ctx->propquery); if (cipher == NULL) goto legacy; break; @@ -123,11 +122,11 @@ */ tmp_keymgmt_tofree = tmp_keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); + EVP_KEYMGMT_get0_name(ctx->keymgmt), + ctx->propquery); if (tmp_keymgmt != NULL) provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); + &tmp_keymgmt, ctx->propquery); if (tmp_keymgmt == NULL) EVP_KEYMGMT_free(tmp_keymgmt_tofree); } @@ -176,7 +175,7 @@ EVP_KEYMGMT_free(tmp_keymgmt); return 1; - legacy: +legacy: /* * If we don't have the full support we need with provided methods, * let's go see if legacy does. @@ -189,7 +188,7 @@ ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - switch(ctx->operation) { + switch (ctx->operation) { case EVP_PKEY_OP_ENCRYPT: if (ctx->pmeth->encrypt_init == NULL) return 1; @@ -205,7 +204,7 @@ ret = -1; } - err: +err: if (ret <= 0) { evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; @@ -225,8 +224,8 @@ } int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) { int ret; @@ -244,16 +243,15 @@ goto legacy; ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.algctx, out, outlen, - (out == NULL ? 0 : *outlen), in, inlen); + (out == NULL ? 0 : *outlen), in, inlen); return ret; - legacy: +legacy: if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) - return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); + M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); } int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) @@ -267,8 +265,8 @@ } int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) { int ret; @@ -286,19 +284,17 @@ goto legacy; ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.algctx, out, outlen, - (out == NULL ? 0 : *outlen), in, inlen); + (out == NULL ? 0 : *outlen), in, inlen); return ret; - legacy: +legacy: if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) - return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); + M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); } - static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov) { EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER)); @@ -322,8 +318,8 @@ } static void *evp_asym_cipher_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_ASYM_CIPHER *cipher = NULL; @@ -433,7 +429,7 @@ } return cipher; - err: +err: EVP_ASYM_CIPHER_free(cipher); return NULL; } @@ -467,23 +463,23 @@ } EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties, - evp_asym_cipher_from_algorithm, - (int (*)(void *))EVP_ASYM_CIPHER_up_ref, - (void (*)(void *))EVP_ASYM_CIPHER_free); + evp_asym_cipher_from_algorithm, + (int (*)(void *))EVP_ASYM_CIPHER_up_ref, + (void (*)(void *))EVP_ASYM_CIPHER_free); } EVP_ASYM_CIPHER *evp_asym_cipher_fetch_from_prov(OSSL_PROVIDER *prov, - const char *algorithm, - const char *properties) + const char *algorithm, + const char *properties) { return evp_generic_fetch_from_prov(prov, OSSL_OP_ASYM_CIPHER, - algorithm, properties, - evp_asym_cipher_from_algorithm, - (int (*)(void *))EVP_ASYM_CIPHER_up_ref, - (void (*)(void *))EVP_ASYM_CIPHER_free); + algorithm, properties, + evp_asym_cipher_from_algorithm, + (int (*)(void *))EVP_ASYM_CIPHER_up_ref, + (void (*)(void *))EVP_ASYM_CIPHER_free); } int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name) @@ -507,21 +503,20 @@ } void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_ASYM_CIPHER *cipher, - void *arg), - void *arg) + void (*fn)(EVP_ASYM_CIPHER *cipher, + void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER, - (void (*)(void *, void *))fn, arg, - evp_asym_cipher_from_algorithm, - (int (*)(void *))EVP_ASYM_CIPHER_up_ref, - (void (*)(void *))EVP_ASYM_CIPHER_free); + (void (*)(void *, void *))fn, arg, + evp_asym_cipher_from_algorithm, + (int (*)(void *))EVP_ASYM_CIPHER_up_ref, + (void (*)(void *))EVP_ASYM_CIPHER_free); } - int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (cipher->prov != NULL) return evp_names_do_all(cipher->prov, cipher->name_id, fn, data); --- crypto/openssl/crypto/evp/bio_b64.c.orig +++ crypto/openssl/crypto/evp/bio_b64.c @@ -21,11 +21,11 @@ static int b64_new(BIO *h); static int b64_free(BIO *data); static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -#define B64_BLOCK_SIZE 1024 +#define B64_BLOCK_SIZE 1024 #define B64_BLOCK_SIZE2 768 -#define B64_NONE 0 -#define B64_ENCODE 1 -#define B64_DECODE 2 +#define B64_NONE 0 +#define B64_ENCODE 1 +#define B64_DECODE 2 typedef struct b64_struct { /* @@ -33,11 +33,11 @@ */ int buf_len; int buf_off; - int tmp_len; /* used to find the start when decoding */ - int tmp_nl; /* If true, scan until '\n' */ + int tmp_len; /* used to find the start when decoding */ + int tmp_nl; /* If true, scan until '\n' */ int encode; - int start; /* have we started decoding yet? */ - int cont; /* <= 0 when finished */ + int start; /* have we started decoding yet? */ + int cont; /* <= 0 when finished */ EVP_ENCODE_CTX *base64; char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; char tmp[B64_BLOCK_SIZE]; @@ -51,14 +51,13 @@ bread_conv, b64_read, b64_puts, - NULL, /* b64_gets, */ + NULL, /* b64_gets, */ b64_ctrl, b64_new, b64_free, b64_callback_ctrl, }; - const BIO_METHOD *BIO_f_base64(void) { return &methods_b64; @@ -159,7 +158,7 @@ break; i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]), - B64_BLOCK_SIZE - ctx->tmp_len); + B64_BLOCK_SIZE - ctx->tmp_len); if (i <= 0) { ret_code = i; @@ -207,15 +206,13 @@ } k = EVP_DecodeUpdate(ctx->base64, - (unsigned char *)ctx->buf, - &num, p, q - p); + (unsigned char *)ctx->buf, + &num, p, q - p); if ((k <= 0) && (num == 0) && (ctx->start)) EVP_DecodeInit(ctx->base64); else { - if (p != (unsigned char *) - &(ctx->tmp[0])) { - i -= (p - (unsigned char *) - &(ctx->tmp[0])); + if (p != (unsigned char *)&(ctx->tmp[0])) { + i -= (p - (unsigned char *)&(ctx->tmp[0])); for (x = 0; x < i; x++) ctx->tmp[x] = p[x]; } @@ -260,9 +257,9 @@ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { int z, jj; - jj = i & ~3; /* process per 4 */ + jj = i & ~3; /* process per 4 */ z = EVP_DecodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, jj); + (unsigned char *)ctx->tmp, jj); if (jj > 2) { if (ctx->tmp[jj - 1] == '=') { z--; @@ -284,8 +281,8 @@ i = z; } else { i = EVP_DecodeUpdate(ctx->base64, - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)ctx->tmp, i); + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)ctx->tmp, i); ctx->tmp_len = 0; } /* @@ -386,9 +383,8 @@ ret += n; if (ctx->tmp_len < 3) break; - ctx->buf_len = - EVP_EncodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, ctx->tmp_len); + ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf, + (unsigned char *)ctx->tmp, ctx->tmp_len); OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); OPENSSL_assert(ctx->buf_len >= ctx->buf_off); /* @@ -404,17 +400,16 @@ break; } n -= n % 3; - ctx->buf_len = - EVP_EncodeBlock((unsigned char *)ctx->buf, - (const unsigned char *)in, n); + ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf, + (const unsigned char *)in, n); OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret += n; } } else { if (!EVP_EncodeUpdate(ctx->base64, - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)in, n)) + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)in, n)) return ((ret == 0) ? -1 : ret); OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); OPENSSL_assert(ctx->buf_len >= ctx->buf_off); @@ -462,13 +457,13 @@ ctx->encode = B64_NONE; ret = BIO_ctrl(next, cmd, num, ptr); break; - case BIO_CTRL_EOF: /* More to read */ + case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) ret = 1; else ret = BIO_ctrl(next, cmd, num, ptr); break; - case BIO_CTRL_WPENDING: /* More to write in buffer */ + case BIO_CTRL_WPENDING: /* More to write in buffer */ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret = ctx->buf_len - ctx->buf_off; if ((ret == 0) && (ctx->encode != B64_NONE) @@ -477,7 +472,7 @@ else if (ret <= 0) ret = BIO_ctrl(next, cmd, num, ptr); break; - case BIO_CTRL_PENDING: /* More to read in buffer */ + case BIO_CTRL_PENDING: /* More to read in buffer */ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) @@ -485,7 +480,7 @@ break; case BIO_CTRL_FLUSH: /* do a final write */ - again: + again: while (ctx->buf_len != ctx->buf_off) { i = b64_write(b, NULL, 0); if (i < 0) @@ -494,17 +489,17 @@ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { if (ctx->tmp_len != 0) { ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); + (unsigned char *)ctx->tmp, + ctx->tmp_len); ctx->buf_off = 0; ctx->tmp_len = 0; goto again; } } else if (ctx->encode != B64_NONE - && EVP_ENCODE_CTX_num(ctx->base64) != 0) { + && EVP_ENCODE_CTX_num(ctx->base64) != 0) { ctx->buf_off = 0; EVP_EncodeFinal(ctx->base64, - (unsigned char *)ctx->buf, &(ctx->buf_len)); + (unsigned char *)ctx->buf, &(ctx->buf_len)); /* push out the bytes */ goto again; } --- crypto/openssl/crypto/evp/bio_enc.c.orig +++ crypto/openssl/crypto/evp/bio_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,16 +22,16 @@ static int enc_new(BIO *h); static int enc_free(BIO *data); static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps); -#define ENC_BLOCK_SIZE (1024*4) -#define ENC_MIN_CHUNK (256) -#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) +#define ENC_BLOCK_SIZE (1024 * 4) +#define ENC_MIN_CHUNK (256) +#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) typedef struct enc_struct { int buf_len; int buf_off; - int cont; /* <= 0 when finished */ + int cont; /* <= 0 when finished */ int finished; - int ok; /* bad decrypt */ + int ok; /* bad decrypt */ EVP_CIPHER_CTX *cipher; unsigned char *read_start, *read_end; /* @@ -48,8 +48,8 @@ enc_write, bread_conv, enc_read, - NULL, /* enc_puts, */ - NULL, /* enc_gets, */ + NULL, /* enc_puts, */ + NULL, /* enc_gets, */ enc_ctrl, enc_new, enc_free, @@ -159,8 +159,9 @@ /* Should be continue next time we are called? */ if (!BIO_should_retry(next)) { ctx->cont = i; + ctx->finished = 1; i = EVP_CipherFinal_ex(ctx->cipher, - ctx->buf, &(ctx->buf_len)); + ctx->buf, &(ctx->buf_len)); ctx->ok = i; ctx->buf_off = 0; } else { @@ -177,8 +178,8 @@ int j = outl - blocksize, buf_len; if (!EVP_CipherUpdate(ctx->cipher, - (unsigned char *)out, &buf_len, - ctx->read_start, i > j ? j : i)) { + (unsigned char *)out, &buf_len, + ctx->read_start, i > j ? j : i)) { BIO_clear_retry_flags(b); return 0; } @@ -195,8 +196,8 @@ if (i > ENC_MIN_CHUNK) i = ENC_MIN_CHUNK; if (!EVP_CipherUpdate(ctx->cipher, - ctx->buf, &ctx->buf_len, - ctx->read_start, i)) { + ctx->buf, &ctx->buf_len, + ctx->read_start, i)) { BIO_clear_retry_flags(b); ctx->ok = 0; return 0; @@ -264,8 +265,8 @@ while (inl > 0) { n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; if (!EVP_CipherUpdate(ctx->cipher, - ctx->buf, &ctx->buf_len, - (const unsigned char *)in, n)) { + ctx->buf, &ctx->buf_len, + (const unsigned char *)in, n)) { BIO_clear_retry_flags(b); ctx->ok = 0; return 0; @@ -311,11 +312,11 @@ ctx->ok = 1; ctx->finished = 0; if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, - EVP_CIPHER_CTX_is_encrypting(ctx->cipher))) + EVP_CIPHER_CTX_is_encrypting(ctx->cipher))) return 0; ret = BIO_ctrl(next, cmd, num, ptr); break; - case BIO_CTRL_EOF: /* More to read */ + case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) ret = 1; else @@ -326,14 +327,14 @@ if (ret <= 0) ret = BIO_ctrl(next, cmd, num, ptr); break; - case BIO_CTRL_PENDING: /* More to read in buffer */ + case BIO_CTRL_PENDING: /* More to read in buffer */ ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_FLUSH: /* do a final write */ - again: + again: while (ctx->buf_len != ctx->buf_off) { pend = ctx->buf_len - ctx->buf_off; i = enc_write(b, NULL, 0); @@ -350,8 +351,8 @@ ctx->finished = 1; ctx->buf_off = 0; ret = EVP_CipherFinal_ex(ctx->cipher, - (unsigned char *)ctx->buf, - &(ctx->buf_len)); + (unsigned char *)ctx->buf, + &(ctx->buf_len)); ctx->ok = (int)ret; if (ret <= 0) break; @@ -404,12 +405,12 @@ } int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, - const unsigned char *i, int e) + const unsigned char *i, int e) { BIO_ENC_CTX *ctx; BIO_callback_fn_ex callback_ex; #ifndef OPENSSL_NO_DEPRECATED_3_0 - long (*callback) (struct bio_st *, int, const char *, int, long, long) = NULL; + long (*callback)(struct bio_st *, int, const char *, int, long, long) = NULL; #endif ctx = BIO_get_data(b); @@ -418,16 +419,15 @@ if ((callback_ex = BIO_get_callback_ex(b)) != NULL) { if (callback_ex(b, BIO_CB_CTRL, (const char *)c, 0, BIO_CTRL_SET, - e, 1, NULL) <= 0) + e, 1, NULL) + <= 0) return 0; } #ifndef OPENSSL_NO_DEPRECATED_3_0 else { callback = BIO_get_callback(b); - if ((callback != NULL) && - (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, - 0L) <= 0)) + if ((callback != NULL) && (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= 0)) return 0; } #endif @@ -439,7 +439,7 @@ if (callback_ex != NULL) return callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, (const char *)c, 0, - BIO_CTRL_SET, e, 1, NULL); + BIO_CTRL_SET, e, 1, NULL); #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (callback != NULL) return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); --- crypto/openssl/crypto/evp/bio_md.c.orig +++ crypto/openssl/crypto/evp/bio_md.c @@ -32,7 +32,7 @@ md_write, bread_conv, md_read, - NULL, /* md_puts, */ + NULL, /* md_puts, */ md_gets, md_ctrl, md_new, @@ -89,7 +89,8 @@ if (BIO_get_init(b)) { if (ret > 0) { if (EVP_DigestUpdate(ctx, (unsigned char *)out, - (unsigned int)ret) <= 0) + (unsigned int)ret) + <= 0) return -1; } } @@ -115,7 +116,7 @@ if (BIO_get_init(b)) { if (ret > 0) { if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, - (unsigned int)ret)) { + (unsigned int)ret)) { BIO_clear_retry_flags(b); return 0; } @@ -136,7 +137,6 @@ long ret = 1; BIO *dbio, *next; - ctx = BIO_get_data(b); next = BIO_next(b); --- crypto/openssl/crypto/evp/bio_ok.c.orig +++ crypto/openssl/crypto/evp/bio_ok.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,7 @@ #include #include #include "internal/endian.h" +#include "internal/numbers.h" /* includes SIZE_MAX */ #include "crypto/evp.h" static int ok_write(BIO *h, const char *buf, int num); @@ -90,9 +91,9 @@ static __owur int sig_in(BIO *b); static __owur int block_out(BIO *b); static __owur int block_in(BIO *b); -#define OK_BLOCK_SIZE (1024*4) -#define OK_BLOCK_BLOCK 4 -#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) +#define OK_BLOCK_SIZE (1024 * 4) +#define OK_BLOCK_BLOCK 4 +#define IOBS (OK_BLOCK_SIZE + OK_BLOCK_BLOCK + 3 * EVP_MAX_MD_SIZE) #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." typedef struct ok_struct { @@ -100,11 +101,11 @@ size_t buf_off; size_t buf_len_save; size_t buf_off_save; - int cont; /* <= 0 when finished */ + int cont; /* <= 0 when finished */ int finished; EVP_MD_CTX *md; - int blockout; /* output block is ready */ - int sigio; /* must process signature */ + int blockout; /* output block is ready */ + int sigio; /* must process signature */ unsigned char buf[IOBS]; } BIO_OK_CTX; @@ -115,8 +116,8 @@ ok_write, bread_conv, ok_read, - NULL, /* ok_puts, */ - NULL, /* ok_gets, */ + NULL, /* ok_puts, */ + NULL, /* ok_gets, */ ok_ctrl, ok_new, ok_free, @@ -205,7 +206,7 @@ if (ctx->buf_len_save > ctx->buf_off_save) { ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save; memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), - ctx->buf_len); + ctx->buf_len); } else { ctx->buf_len = 0; } @@ -222,7 +223,7 @@ i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n); if (i <= 0) - break; /* nothing new */ + break; /* nothing new */ ctx->buf_len += i; @@ -245,7 +246,6 @@ /* invalid block -- cancel */ if (ctx->cont <= 0) break; - } BIO_clear_retry_flags(b); @@ -297,8 +297,7 @@ if ((in == NULL) || (inl <= 0)) return 0; - n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? - (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; + n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; memcpy(&ctx->buf[ctx->buf_len], in, n); ctx->buf_len += n; @@ -342,14 +341,14 @@ ctx->sigio = 1; ret = BIO_ctrl(next, cmd, num, ptr); break; - case BIO_CTRL_EOF: /* More to read */ + case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) ret = 1; else ret = BIO_ctrl(next, cmd, num, ptr); break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - case BIO_CTRL_WPENDING: /* More to read in buffer */ + case BIO_CTRL_PENDING: /* More to read in buffer */ + case BIO_CTRL_WPENDING: /* More to read in buffer */ ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0; if (ret <= 0) ret = BIO_ctrl(next, cmd, num, ptr); @@ -467,7 +466,7 @@ ctx->blockout = 1; ctx->sigio = 0; return 1; - berr: +berr: BIO_clear_retry_flags(b); return 0; } @@ -509,7 +508,7 @@ ctx->sigio = 0; if (ctx->buf_len != ctx->buf_off) { memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), - ctx->buf_len - ctx->buf_off); + ctx->buf_len - ctx->buf_off); } ctx->buf_len -= ctx->buf_off; ctx->buf_off = 0; @@ -517,7 +516,7 @@ ctx->cont = 0; } return 1; - berr: +berr: BIO_clear_retry_flags(b); return 0; } @@ -541,14 +540,14 @@ ctx->buf[2] = (unsigned char)(tl >> 8); ctx->buf[3] = (unsigned char)(tl); if (!EVP_DigestUpdate(md, - (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl)) + (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl)) goto berr; if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) goto berr; ctx->buf_len += md_size; ctx->blockout = 1; return 1; - berr: +berr: BIO_clear_retry_flags(b); return 0; } @@ -557,7 +556,7 @@ { BIO_OK_CTX *ctx; EVP_MD_CTX *md; - unsigned long tl = 0; + size_t tl = 0; unsigned char tmp[EVP_MAX_MD_SIZE]; int md_size; @@ -568,23 +567,26 @@ goto berr; assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ - tl = ctx->buf[0]; - tl <<= 8; - tl |= ctx->buf[1]; - tl <<= 8; - tl |= ctx->buf[2]; - tl <<= 8; - tl |= ctx->buf[3]; - - if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) + tl = ((size_t)ctx->buf[0] << 24) + | ((size_t)ctx->buf[1] << 16) + | ((size_t)ctx->buf[2] << 8) + | ((size_t)ctx->buf[3]); + + if (tl > OK_BLOCK_SIZE) + goto berr; + + if (tl > SIZE_MAX - OK_BLOCK_BLOCK - (size_t)md_size) + goto berr; + + if (ctx->buf_len < tl + OK_BLOCK_BLOCK + (size_t)md_size) return 1; if (!EVP_DigestUpdate(md, - (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl)) + (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl)) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { + if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, (size_t)md_size) == 0) { /* there might be parts from next block lurking around ! */ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; ctx->buf_len_save = ctx->buf_len; @@ -595,7 +597,7 @@ ctx->cont = 0; } return 1; - berr: +berr: BIO_clear_retry_flags(b); return 0; } --- crypto/openssl/crypto/evp/c_allc.c.orig +++ crypto/openssl/crypto/evp/c_allc.c @@ -56,9 +56,9 @@ #ifndef OPENSSL_NO_RC4 EVP_add_cipher(EVP_rc4()); EVP_add_cipher(EVP_rc4_40()); -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 EVP_add_cipher(EVP_rc4_hmac_md5()); -# endif +#endif #endif #ifndef OPENSSL_NO_IDEA @@ -258,8 +258,8 @@ #ifndef OPENSSL_NO_CHACHA EVP_add_cipher(EVP_chacha20()); -# ifndef OPENSSL_NO_POLY1305 +#ifndef OPENSSL_NO_POLY1305 EVP_add_cipher(EVP_chacha20_poly1305()); -# endif +#endif #endif } --- crypto/openssl/crypto/evp/cmeth_lib.c.orig +++ crypto/openssl/crypto/evp/cmeth_lib.c @@ -45,7 +45,8 @@ return NULL; if ((to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, - cipher->key_len)) != NULL) { + cipher->key_len)) + != NULL) { CRYPTO_RWLOCK *lock = to->lock; memcpy(to, cipher, sizeof(*to)); @@ -58,7 +59,7 @@ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) { if (cipher == NULL || cipher->origin != EVP_ORIG_METH) - return; + return; evp_cipher_free_int(cipher); } @@ -91,10 +92,10 @@ } int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, - int (*init) (EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc)) + int (*init)(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)) { if (cipher->init != NULL) return 0; @@ -104,10 +105,10 @@ } int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, - int (*do_cipher) (EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)) + int (*do_cipher)(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)) { if (cipher->do_cipher != NULL) return 0; @@ -117,7 +118,7 @@ } int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, - int (*cleanup) (EVP_CIPHER_CTX *)) + int (*cleanup)(EVP_CIPHER_CTX *)) { if (cipher->cleanup != NULL) return 0; @@ -127,8 +128,8 @@ } int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)) + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, + ASN1_TYPE *)) { if (cipher->set_asn1_parameters != NULL) return 0; @@ -138,8 +139,8 @@ } int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)) + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, + ASN1_TYPE *)) { if (cipher->get_asn1_parameters != NULL) return 0; @@ -149,8 +150,8 @@ } int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, - int (*ctrl) (EVP_CIPHER_CTX *, int type, - int arg, void *ptr)) + int (*ctrl)(EVP_CIPHER_CTX *, int type, + int arg, void *ptr)) { if (cipher->ctrl != NULL) return 0; @@ -159,18 +160,17 @@ return 1; } - int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc) + const unsigned char *key, + const unsigned char *iv, + int enc) { return cipher->init; } int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl) + unsigned char *out, + const unsigned char *in, + size_t inl) { return cipher->do_cipher; } @@ -181,21 +181,20 @@ } int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *) + ASN1_TYPE *) { return cipher->set_asn1_parameters; } int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *) + ASN1_TYPE *) { return cipher->get_asn1_parameters; } int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - int type, int arg, - void *ptr) + int type, int arg, + void *ptr) { return cipher->ctrl; } - --- crypto/openssl/crypto/evp/ctrl_params_translate.c.orig +++ crypto/openssl/crypto/evp/ctrl_params_translate.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,8 +37,8 @@ #include "crypto/dh.h" #include "crypto/ec.h" -struct translation_ctx_st; /* Forwarding */ -struct translation_st; /* Forwarding */ +struct translation_ctx_st; /* Forwarding */ +struct translation_st; /* Forwarding */ /* * The fixup_args functions are called with the following parameters: @@ -145,19 +145,27 @@ */ enum state { PKEY, - PRE_CTRL_TO_PARAMS, POST_CTRL_TO_PARAMS, CLEANUP_CTRL_TO_PARAMS, - PRE_CTRL_STR_TO_PARAMS, POST_CTRL_STR_TO_PARAMS, CLEANUP_CTRL_STR_TO_PARAMS, - PRE_PARAMS_TO_CTRL, POST_PARAMS_TO_CTRL, CLEANUP_PARAMS_TO_CTRL + PRE_CTRL_TO_PARAMS, + POST_CTRL_TO_PARAMS, + CLEANUP_CTRL_TO_PARAMS, + PRE_CTRL_STR_TO_PARAMS, + POST_CTRL_STR_TO_PARAMS, + CLEANUP_CTRL_STR_TO_PARAMS, + PRE_PARAMS_TO_CTRL, + POST_PARAMS_TO_CTRL, + CLEANUP_PARAMS_TO_CTRL }; enum action { - NONE = 0, GET = 1, SET = 2 + NONE = 0, + GET = 1, + SET = 2 }; typedef int fixup_args_fn(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx); + const struct translation_st *translation, + struct translation_ctx_st *ctx); typedef int cleanup_args_fn(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx); + const struct translation_st *translation, + struct translation_ctx_st *ctx); struct translation_ctx_st { /* @@ -234,9 +242,9 @@ * will check and return an error if it's not supported). * Any of these may be set to 0 to indicate that they are unset. */ - int keytype1; /* The EVP_PKEY_XXX type, i.e. NIDs. #legacy */ - int keytype2; /* Another EVP_PKEY_XXX type, used for aliases */ - int optype; /* The operation type */ + int keytype1; /* The EVP_PKEY_XXX type, i.e. NIDs. #legacy */ + int keytype2; /* Another EVP_PKEY_XXX type, used for aliases */ + int optype; /* The operation type */ /* * Lookup and translation attributes @@ -256,10 +264,10 @@ * to |ctrl_str|. That will signal to default_fixup_args() that the * value must always be interpreted as hex. */ - int ctrl_num; /* EVP_PKEY_CTRL_xxx */ - const char *ctrl_str; /* The corresponding ctrl string */ + int ctrl_num; /* EVP_PKEY_CTRL_xxx */ + const char *ctrl_str; /* The corresponding ctrl string */ const char *ctrl_hexstr; /* The alternative "hex{str}" ctrl string */ - const char *param_key; /* The corresponding OSSL_PARAM key */ + const char *param_key; /* The corresponding OSSL_PARAM key */ /* * The appropriate OSSL_PARAM data type. This may be 0 to indicate that * this OSSL_PARAM may have more than one data type, depending on input @@ -287,8 +295,8 @@ * perform certain standard checks. */ static int default_check(enum state state, - const struct translation_st *translation, - const struct translation_ctx_st *ctx) + const struct translation_st *translation, + const struct translation_ctx_st *ctx) { switch (state) { default: @@ -382,8 +390,8 @@ * PRE_CTRL_TO_PARAMS, SET. */ static int default_fixup_args(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { int ret; @@ -394,7 +402,7 @@ default: /* For states this function should never have been called with */ ERR_raise_data(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, - "[action:%d, state:%d]", ctx->action_type, state); + "[action:%d, state:%d]", ctx->action_type, state); return 0; /* @@ -411,13 +419,13 @@ * special fixup function. */ ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, - "[action:%d, state:%d]", ctx->action_type, state); + "[action:%d, state:%d]", ctx->action_type, state); return 0; } if (translation->optype != 0) { if ((EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) - && ctx->pctx->op.sig.algctx == NULL) + && ctx->pctx->op.sig.algctx == NULL) || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx->pctx) && ctx->pctx->op.kex.algctx == NULL) || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx->pctx) @@ -444,7 +452,7 @@ switch (translation->param_data_type) { case OSSL_PARAM_INTEGER: *ctx->params = OSSL_PARAM_construct_int(translation->param_key, - &ctx->p1); + &ctx->p1); break; case OSSL_PARAM_UNSIGNED_INTEGER: /* @@ -458,57 +466,51 @@ if (ctx->p2 != NULL) { if (ctx->action_type == SET) { ctx->buflen = BN_num_bytes(ctx->p2); - if ((ctx->allocated_buf = - OPENSSL_malloc(ctx->buflen)) == NULL) { + if ((ctx->allocated_buf = OPENSSL_malloc(ctx->buflen)) == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); return 0; } if (BN_bn2nativepad(ctx->p2, - ctx->allocated_buf, ctx->buflen) < 0) { + ctx->allocated_buf, ctx->buflen) + < 0) { OPENSSL_free(ctx->allocated_buf); ctx->allocated_buf = NULL; return 0; } - *ctx->params = - OSSL_PARAM_construct_BN(translation->param_key, - ctx->allocated_buf, - ctx->buflen); + *ctx->params = OSSL_PARAM_construct_BN(translation->param_key, + ctx->allocated_buf, + ctx->buflen); } else { /* * No support for getting a BIGNUM by ctrl, this needs * fixup_args function support. */ ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, - "[action:%d, state:%d] trying to get a " - "BIGNUM via ctrl call", - ctx->action_type, state); + "[action:%d, state:%d] trying to get a " + "BIGNUM via ctrl call", + ctx->action_type, state); return 0; } } else { - *ctx->params = - OSSL_PARAM_construct_uint(translation->param_key, - (unsigned int *)&ctx->p1); + *ctx->params = OSSL_PARAM_construct_uint(translation->param_key, + (unsigned int *)&ctx->p1); } break; case OSSL_PARAM_UTF8_STRING: - *ctx->params = - OSSL_PARAM_construct_utf8_string(translation->param_key, - ctx->p2, (size_t)ctx->p1); + *ctx->params = OSSL_PARAM_construct_utf8_string(translation->param_key, + ctx->p2, (size_t)ctx->p1); break; case OSSL_PARAM_UTF8_PTR: - *ctx->params = - OSSL_PARAM_construct_utf8_ptr(translation->param_key, - ctx->p2, (size_t)ctx->p1); + *ctx->params = OSSL_PARAM_construct_utf8_ptr(translation->param_key, + ctx->p2, (size_t)ctx->p1); break; case OSSL_PARAM_OCTET_STRING: - *ctx->params = - OSSL_PARAM_construct_octet_string(translation->param_key, - ctx->p2, (size_t)ctx->p1); + *ctx->params = OSSL_PARAM_construct_octet_string(translation->param_key, + ctx->p2, (size_t)ctx->p1); break; case OSSL_PARAM_OCTET_PTR: - *ctx->params = - OSSL_PARAM_construct_octet_ptr(translation->param_key, - ctx->p2, (size_t)ctx->p1); + *ctx->params = OSSL_PARAM_construct_octet_ptr(translation->param_key, + ctx->p2, (size_t)ctx->p1); break; } break; @@ -536,59 +538,58 @@ * |*params|, and POST_CTRL_TO_PARAMS currently has nothing to do, since * there's no support for getting data via ctrl_str calls. */ - case PRE_CTRL_STR_TO_PARAMS: - { - /* This is ctrl_str to params translation */ - const char *tmp_ctrl_str = ctx->ctrl_str; - const char *orig_ctrl_str = ctx->ctrl_str; - const char *orig_value = ctx->p2; - const OSSL_PARAM *settable = NULL; - int exists = 0; - - /* Only setting is supported here */ - if (ctx->action_type != SET) { - ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, - "[action:%d, state:%d] only setting allowed", - ctx->action_type, state); - return 0; - } + case PRE_CTRL_STR_TO_PARAMS: { + /* This is ctrl_str to params translation */ + const char *tmp_ctrl_str = ctx->ctrl_str; + const char *orig_ctrl_str = ctx->ctrl_str; + const char *orig_value = ctx->p2; + const OSSL_PARAM *settable = NULL; + int exists = 0; + + /* Only setting is supported here */ + if (ctx->action_type != SET) { + ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, + "[action:%d, state:%d] only setting allowed", + ctx->action_type, state); + return 0; + } - /* - * If no translation exists, we simply pass the control string - * unmodified. - */ - if (translation != NULL) { - tmp_ctrl_str = ctx->ctrl_str = translation->param_key; - - if (ctx->ishex) { - strcpy(ctx->name_buf, "hex"); - if (OPENSSL_strlcat(ctx->name_buf, tmp_ctrl_str, - sizeof(ctx->name_buf)) <= 3) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return -1; - } - tmp_ctrl_str = ctx->name_buf; + /* + * If no translation exists, we simply pass the control string + * unmodified. + */ + if (translation != NULL) { + tmp_ctrl_str = ctx->ctrl_str = translation->param_key; + + if (ctx->ishex) { + strcpy(ctx->name_buf, "hex"); + if (OPENSSL_strlcat(ctx->name_buf, tmp_ctrl_str, + sizeof(ctx->name_buf)) + <= 3) { + ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); + return -1; } + tmp_ctrl_str = ctx->name_buf; } + } - settable = EVP_PKEY_CTX_settable_params(ctx->pctx); - if (!OSSL_PARAM_allocate_from_text(ctx->params, settable, - tmp_ctrl_str, - ctx->p2, strlen(ctx->p2), - &exists)) { - if (!exists) { - ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, - "[action:%d, state:%d] name=%s, value=%s", - ctx->action_type, state, - orig_ctrl_str, orig_value); - return -2; - } - return 0; + settable = EVP_PKEY_CTX_settable_params(ctx->pctx); + if (!OSSL_PARAM_allocate_from_text(ctx->params, settable, + tmp_ctrl_str, + ctx->p2, strlen(ctx->p2), + &exists)) { + if (!exists) { + ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, + "[action:%d, state:%d] name=%s, value=%s", + ctx->action_type, state, + orig_ctrl_str, orig_value); + return -2; } - ctx->allocated_buf = ctx->params->data; - ctx->buflen = ctx->params->data_size; + return 0; } - break; + ctx->allocated_buf = ctx->params->data; + ctx->buflen = ctx->params->data_size; + } break; case POST_CTRL_STR_TO_PARAMS: /* Nothing to be done */ break; @@ -609,107 +610,106 @@ case POST_PARAMS_TO_CTRL: ret = ctx->p1; /* FALLTHRU */ - case PRE_PARAMS_TO_CTRL: - { - /* This is params to ctrl translation */ - if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) { - /* For the PRE state, only setting needs some work to be done */ - - /* When setting, we populate |p1| and |p2| from |*params| */ - switch (translation->param_data_type) { - case OSSL_PARAM_INTEGER: - return OSSL_PARAM_get_int(ctx->params, &ctx->p1); - case OSSL_PARAM_UNSIGNED_INTEGER: - if (ctx->p2 != NULL) { - /* BIGNUM passed down with p2 */ - if (!OSSL_PARAM_get_BN(ctx->params, ctx->p2)) - return 0; - } else { - /* Normal C unsigned int passed down */ - if (!OSSL_PARAM_get_uint(ctx->params, - (unsigned int *)&ctx->p1)) - return 0; - } - return 1; - case OSSL_PARAM_UTF8_STRING: - return OSSL_PARAM_get_utf8_string(ctx->params, - ctx->p2, ctx->sz); - case OSSL_PARAM_OCTET_STRING: - return OSSL_PARAM_get_octet_string(ctx->params, - &ctx->p2, ctx->sz, - (size_t *)&ctx->p1); - case OSSL_PARAM_OCTET_PTR: - return OSSL_PARAM_get_octet_ptr(ctx->params, - ctx->p2, &ctx->sz); - default: - ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, - "[action:%d, state:%d] " - "unknown OSSL_PARAM data type %d", - ctx->action_type, state, - translation->param_data_type); - return 0; - } - } else if ((state == POST_PARAMS_TO_CTRL || state == PKEY) - && ctx->action_type == GET) { - /* For the POST state, only getting needs some work to be done */ - unsigned int param_data_type = translation->param_data_type; - size_t size = (size_t)ctx->p1; - - if (state == PKEY) - size = ctx->sz; - if (param_data_type == 0) { - /* we must have a fixup_args function to work */ - if (!ossl_assert(translation->fixup_args != NULL)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); + case PRE_PARAMS_TO_CTRL: { + /* This is params to ctrl translation */ + if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) { + /* For the PRE state, only setting needs some work to be done */ + + /* When setting, we populate |p1| and |p2| from |*params| */ + switch (translation->param_data_type) { + case OSSL_PARAM_INTEGER: + return OSSL_PARAM_get_int(ctx->params, &ctx->p1); + case OSSL_PARAM_UNSIGNED_INTEGER: + if (ctx->p2 != NULL) { + /* BIGNUM passed down with p2 */ + if (!OSSL_PARAM_get_BN(ctx->params, ctx->p2)) + return 0; + } else { + /* Normal C unsigned int passed down */ + if (!OSSL_PARAM_get_uint(ctx->params, + (unsigned int *)&ctx->p1)) return 0; - } - param_data_type = ctx->params->data_type; } - /* When getting, we populate |*params| from |p1| and |p2| */ - switch (param_data_type) { - case OSSL_PARAM_INTEGER: - return OSSL_PARAM_set_int(ctx->params, ctx->p1); - case OSSL_PARAM_UNSIGNED_INTEGER: - if (ctx->p2 != NULL) { - /* BIGNUM passed back */ - return OSSL_PARAM_set_BN(ctx->params, ctx->p2); - } else { - /* Normal C unsigned int passed back */ - return OSSL_PARAM_set_uint(ctx->params, - (unsigned int)ctx->p1); - } - return 0; - case OSSL_PARAM_UTF8_STRING: - return OSSL_PARAM_set_utf8_string(ctx->params, ctx->p2); - case OSSL_PARAM_OCTET_STRING: - return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2, - size); - case OSSL_PARAM_OCTET_PTR: - return OSSL_PARAM_set_octet_ptr(ctx->params, *(void **)ctx->p2, - size); - default: - ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, - "[action:%d, state:%d] " - "unsupported OSSL_PARAM data type %d", - ctx->action_type, state, - translation->param_data_type); + return 1; + case OSSL_PARAM_UTF8_STRING: + return OSSL_PARAM_get_utf8_string(ctx->params, + ctx->p2, ctx->sz); + case OSSL_PARAM_OCTET_STRING: + return OSSL_PARAM_get_octet_string(ctx->params, + &ctx->p2, ctx->sz, + (size_t *)&ctx->p1); + case OSSL_PARAM_OCTET_PTR: + return OSSL_PARAM_get_octet_ptr(ctx->params, + ctx->p2, &ctx->sz); + default: + ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, + "[action:%d, state:%d] " + "unknown OSSL_PARAM data type %d", + ctx->action_type, state, + translation->param_data_type); + return 0; + } + } else if ((state == POST_PARAMS_TO_CTRL || state == PKEY) + && ctx->action_type == GET) { + /* For the POST state, only getting needs some work to be done */ + unsigned int param_data_type = translation->param_data_type; + size_t size = (size_t)ctx->p1; + + if (state == PKEY) + size = ctx->sz; + if (param_data_type == 0) { + /* we must have a fixup_args function to work */ + if (!ossl_assert(translation->fixup_args != NULL)) { + ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); return 0; } - } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { - if (translation->param_data_type == OSSL_PARAM_OCTET_PTR) - ctx->p2 = &ctx->bufp; + param_data_type = ctx->params->data_type; } + /* When getting, we populate |*params| from |p1| and |p2| */ + switch (param_data_type) { + case OSSL_PARAM_INTEGER: + return OSSL_PARAM_set_int(ctx->params, ctx->p1); + case OSSL_PARAM_UNSIGNED_INTEGER: + if (ctx->p2 != NULL) { + /* BIGNUM passed back */ + return OSSL_PARAM_set_BN(ctx->params, ctx->p2); + } else { + /* Normal C unsigned int passed back */ + return OSSL_PARAM_set_uint(ctx->params, + (unsigned int)ctx->p1); + } + return 0; + case OSSL_PARAM_UTF8_STRING: + return OSSL_PARAM_set_utf8_string(ctx->params, ctx->p2); + case OSSL_PARAM_OCTET_STRING: + return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2, + size); + case OSSL_PARAM_OCTET_PTR: + return OSSL_PARAM_set_octet_ptr(ctx->params, *(void **)ctx->p2, + size); + default: + ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, + "[action:%d, state:%d] " + "unsupported OSSL_PARAM data type %d", + ctx->action_type, state, + translation->param_data_type); + return 0; + } + } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { + if (translation->param_data_type == OSSL_PARAM_OCTET_PTR) + ctx->p2 = &ctx->bufp; } - /* Any other combination is simply pass-through */ - break; + } + /* Any other combination is simply pass-through */ + break; } return ret; } static int cleanup_translation_ctx(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { if (ctx->allocated_buf != NULL) OPENSSL_free(ctx->allocated_buf); @@ -742,11 +742,11 @@ } static int fix_cipher_md(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - const char *(*get_name)(void *algo), - const void *(*get_algo_by_name)(OSSL_LIB_CTX *libctx, - const char *name)) + const struct translation_st *translation, + struct translation_ctx_st *ctx, + const char *(*get_name)(void *algo), + const void *(*get_algo_by_name)(OSSL_LIB_CTX *libctx, + const char *name)) { int ret = 1; @@ -771,8 +771,8 @@ * EVP_CIPHER pointer as p2... */ ctx->p2 = (char *)(ctx->p2 == NULL - ? OBJ_nid2sn(ctx->p1) - : get_name(ctx->p2)); + ? OBJ_nid2sn(ctx->p1) + : get_name(ctx->p2)); ctx->p1 = strlen(ctx->p2); } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) { ctx->p2 = (ctx->p2 == NULL ? "" : (char *)get_name(ctx->p2)); @@ -787,8 +787,7 @@ * Here's how we re-use |ctx->orig_p2| that was set in the * PRE_CTRL_TO_PARAMS state above. */ - *(void **)ctx->orig_p2 = - (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2); + *(void **)ctx->orig_p2 = (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2); ctx->p1 = 1; } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) { ctx->p2 = (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2); @@ -799,31 +798,32 @@ } static int fix_cipher(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { return fix_cipher_md(state, translation, ctx, - get_cipher_name, get_cipher_by_name); + get_cipher_name, get_cipher_by_name); } static int fix_md(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { return fix_cipher_md(state, translation, ctx, - get_md_name, get_md_by_name); + get_md_name, get_md_by_name); } static int fix_distid_len(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { int ret = default_fixup_args(state, translation, ctx); if (ret > 0) { ret = 0; if ((state == POST_CTRL_TO_PARAMS - || state == POST_CTRL_STR_TO_PARAMS) && ctx->action_type == GET) { + || state == POST_CTRL_STR_TO_PARAMS) + && ctx->action_type == GET) { *(size_t *)ctx->p2 = ctx->sz; ret = 1; } @@ -837,9 +837,9 @@ }; static int fix_kdf_type(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - const struct kdf_type_map_st *kdf_type_map) + const struct translation_st *translation, + struct translation_ctx_st *ctx, + const struct kdf_type_map_st *kdf_type_map) { /* * The EVP_PKEY_CTRL_DH_KDF_TYPE ctrl command is a bit special, in @@ -915,14 +915,14 @@ } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { ctx->p1 = -2; } - end: +end: return ret; } /* EVP_PKEY_CTRL_DH_KDF_TYPE */ static int fix_dh_kdf_type(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { static const struct kdf_type_map_st kdf_type_map[] = { { EVP_PKEY_DH_KDF_NONE, "" }, @@ -935,8 +935,8 @@ /* EVP_PKEY_CTRL_EC_KDF_TYPE */ static int fix_ec_kdf_type(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { static const struct kdf_type_map_st kdf_type_map[] = { { EVP_PKEY_ECDH_KDF_NONE, "" }, @@ -949,8 +949,8 @@ /* EVP_PKEY_CTRL_DH_KDF_OID, EVP_PKEY_CTRL_GET_DH_KDF_OID, ...??? */ static int fix_oid(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { int ret; @@ -992,8 +992,8 @@ /* EVP_PKEY_CTRL_DH_NID */ static int fix_dh_nid(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { int ret; @@ -1005,8 +1005,7 @@ return 0; if (state == PRE_CTRL_TO_PARAMS) { - if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { + if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); return 0; } @@ -1018,8 +1017,8 @@ /* EVP_PKEY_CTRL_DH_RFC5114 */ static int fix_dh_nid5114(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { int ret; @@ -1032,8 +1031,7 @@ switch (state) { case PRE_CTRL_TO_PARAMS: - if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { + if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); return 0; } @@ -1044,8 +1042,7 @@ case PRE_CTRL_STR_TO_PARAMS: if (ctx->p2 == NULL) return 0; - if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)))) == NULL) { + if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)))) == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); return 0; } @@ -1062,8 +1059,8 @@ /* EVP_PKEY_CTRL_DH_PARAMGEN_TYPE */ static int fix_dh_paramgen_type(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { int ret; @@ -1076,7 +1073,7 @@ if (state == PRE_CTRL_STR_TO_PARAMS) { if ((ctx->p2 = (char *)ossl_dh_gen_type_id2name(atoi(ctx->p2))) - == NULL) { + == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); return 0; } @@ -1088,8 +1085,8 @@ /* EVP_PKEY_CTRL_EC_PARAM_ENC */ static int fix_ec_param_enc(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { int ret; @@ -1128,7 +1125,7 @@ ctx->p2 = NULL; } - end: +end: if (ret == -2) ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); return ret; @@ -1136,8 +1133,8 @@ /* EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID */ static int fix_ec_paramgen_curve_nid(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { char *p2 = NULL; int ret; @@ -1179,8 +1176,8 @@ /* EVP_PKEY_CTRL_EC_ECDH_COFACTOR */ static int fix_ecdh_cofactor(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { /* * The EVP_PKEY_CTRL_EC_ECDH_COFACTOR ctrl command is a bit special, in @@ -1246,18 +1243,18 @@ /* EVP_PKEY_CTRL_RSA_PADDING, EVP_PKEY_CTRL_GET_RSA_PADDING */ static int fix_rsa_padding_mode(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { static const OSSL_ITEM str_value_map[] = { - { RSA_PKCS1_PADDING, "pkcs1" }, - { RSA_NO_PADDING, "none" }, - { RSA_PKCS1_OAEP_PADDING, "oaep" }, - { RSA_PKCS1_OAEP_PADDING, "oeap" }, - { RSA_X931_PADDING, "x931" }, - { RSA_PKCS1_PSS_PADDING, "pss" }, + { RSA_PKCS1_PADDING, "pkcs1" }, + { RSA_NO_PADDING, "none" }, + { RSA_PKCS1_OAEP_PADDING, "oaep" }, + { RSA_PKCS1_OAEP_PADDING, "oeap" }, + { RSA_X931_PADDING, "x931" }, + { RSA_PKCS1_PSS_PADDING, "pss" }, /* Special case, will pass directly as an integer */ - { RSA_PKCS1_WITH_TLS_PADDING, NULL } + { RSA_PKCS1_WITH_TLS_PADDING, NULL } }; int ret; @@ -1298,7 +1295,7 @@ * build the OSSL_PARAM item ourselves and return immediately. */ ctx->params[0] = OSSL_PARAM_construct_int(translation->param_key, - &ctx->p1); + &ctx->p1); return 1; } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) { size_t i; @@ -1324,8 +1321,8 @@ } if (i == OSSL_NELEM(str_value_map)) { ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE, - "[action:%d, state:%d] padding number %d", - ctx->action_type, state, ctx->p1); + "[action:%d, state:%d] padding number %d", + ctx->action_type, state, ctx->p1); return -2; } /* @@ -1354,8 +1351,8 @@ if (i == OSSL_NELEM(str_value_map)) { ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE, - "[action:%d, state:%d] padding name %s", - ctx->action_type, state, ctx->p1); + "[action:%d, state:%d] padding name %s", + ctx->action_type, state, (const char *)ctx->p2); ctx->p1 = ret = -2; } else if (state == POST_CTRL_TO_PARAMS) { /* EVP_PKEY_CTRL_GET_RSA_PADDING weirdness explained further up */ @@ -1371,13 +1368,13 @@ /* EVP_PKEY_CTRL_RSA_PSS_SALTLEN, EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN */ static int fix_rsa_pss_saltlen(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { static const OSSL_ITEM str_value_map[] = { { (unsigned int)RSA_PSS_SALTLEN_DIGEST, "digest" }, - { (unsigned int)RSA_PSS_SALTLEN_MAX, "max" }, - { (unsigned int)RSA_PSS_SALTLEN_AUTO, "auto" } + { (unsigned int)RSA_PSS_SALTLEN_MAX, "max" }, + { (unsigned int)RSA_PSS_SALTLEN_AUTO, "auto" } }; int ret; @@ -1451,13 +1448,13 @@ /* EVP_PKEY_CTRL_HKDF_MODE */ static int fix_hkdf_mode(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { static const OSSL_ITEM str_value_map[] = { { EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND, "EXTRACT_AND_EXPAND" }, - { EVP_KDF_HKDF_MODE_EXTRACT_ONLY, "EXTRACT_ONLY" }, - { EVP_KDF_HKDF_MODE_EXPAND_ONLY, "EXPAND_ONLY" } + { EVP_KDF_HKDF_MODE_EXTRACT_ONLY, "EXTRACT_ONLY" }, + { EVP_KDF_HKDF_MODE_EXPAND_ONLY, "EXPAND_ONLY" } }; int ret; @@ -1512,41 +1509,35 @@ /* Pilfering DH, DSA and EC_KEY */ static int get_payload_group_name(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { EVP_PKEY *pkey = ctx->p2; ctx->p2 = NULL; switch (EVP_PKEY_get_base_id(pkey)) { #ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - { - const DH *dh = EVP_PKEY_get0_DH(pkey); - int uid = DH_get_nid(dh); + case EVP_PKEY_DH: { + const DH *dh = EVP_PKEY_get0_DH(pkey); + int uid = DH_get_nid(dh); - if (uid != NID_undef) { - const DH_NAMED_GROUP *dh_group = - ossl_ffc_uid_to_dh_named_group(uid); + if (uid != NID_undef) { + const DH_NAMED_GROUP *dh_group = ossl_ffc_uid_to_dh_named_group(uid); - ctx->p2 = (char *)ossl_ffc_named_group_get_name(dh_group); - } + ctx->p2 = (char *)ossl_ffc_named_group_get_name(dh_group); } - break; + } break; #endif #ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - const EC_GROUP *grp = - EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)); - int nid = NID_undef; - - if (grp != NULL) - nid = EC_GROUP_get_curve_name(grp); - if (nid != NID_undef) - ctx->p2 = (char *)OSSL_EC_curve_nid2name(nid); - } - break; + case EVP_PKEY_EC: { + const EC_GROUP *grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)); + int nid = NID_undef; + + if (grp != NULL) + nid = EC_GROUP_get_curve_name(grp); + if (nid != NID_undef) + ctx->p2 = (char *)OSSL_EC_curve_nid2name(nid); + } break; #endif default: ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); @@ -1565,8 +1556,8 @@ } static int get_payload_private_key(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { EVP_PKEY *pkey = ctx->p2; @@ -1576,22 +1567,18 @@ switch (EVP_PKEY_get_base_id(pkey)) { #ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - { - const DH *dh = EVP_PKEY_get0_DH(pkey); + case EVP_PKEY_DH: { + const DH *dh = EVP_PKEY_get0_DH(pkey); - ctx->p2 = (BIGNUM *)DH_get0_priv_key(dh); - } - break; + ctx->p2 = (BIGNUM *)DH_get0_priv_key(dh); + } break; #endif #ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + case EVP_PKEY_EC: { + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - ctx->p2 = (BIGNUM *)EC_KEY_get0_private_key(ec); - } - break; + ctx->p2 = (BIGNUM *)EC_KEY_get0_private_key(ec); + } break; #endif default: ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); @@ -1602,8 +1589,8 @@ } static int get_payload_public_key(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { EVP_PKEY *pkey = ctx->p2; unsigned char *buf = NULL; @@ -1646,8 +1633,8 @@ if (bnctx == NULL) return 0; ctx->sz = EC_POINT_point2buf(ecg, point, - POINT_CONVERSION_COMPRESSED, - &buf, bnctx); + POINT_CONVERSION_COMPRESSED, + &buf, bnctx); ctx->p2 = buf; BN_CTX_free(bnctx); break; @@ -1665,8 +1652,8 @@ } static int get_payload_bn(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, const BIGNUM *bn) + const struct translation_st *translation, + struct translation_ctx_st *ctx, const BIGNUM *bn) { if (bn == NULL) return 0; @@ -1678,8 +1665,8 @@ } static int get_dh_dsa_payload_p(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { const BIGNUM *bn = NULL; EVP_PKEY *pkey = ctx->p2; @@ -1703,8 +1690,8 @@ } static int get_dh_dsa_payload_q(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { const BIGNUM *bn = NULL; @@ -1725,8 +1712,8 @@ } static int get_dh_dsa_payload_g(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { const BIGNUM *bn = NULL; @@ -1747,9 +1734,9 @@ } static int get_payload_int(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - const int val) + const struct translation_st *translation, + struct translation_ctx_st *ctx, + const int val) { if (ctx->params->data_type != OSSL_PARAM_INTEGER) return 0; @@ -1760,8 +1747,8 @@ } static int get_ec_decoded_from_explicit_params(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { int val = 0; EVP_PKEY *pkey = ctx->p2; @@ -1785,8 +1772,8 @@ } static int get_rsa_payload_n(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { const BIGNUM *bn = NULL; @@ -1799,8 +1786,8 @@ } static int get_rsa_payload_e(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { const BIGNUM *bn = NULL; @@ -1813,8 +1800,8 @@ } static int get_rsa_payload_d(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { const BIGNUM *bn = NULL; @@ -1827,9 +1814,9 @@ } static int get_rsa_payload_factor(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - size_t factornum) + const struct translation_st *translation, + struct translation_ctx_st *ctx, + size_t factornum) { const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); const BIGNUM *bn = NULL; @@ -1841,25 +1828,23 @@ case 1: bn = RSA_get0_q(r); break; - default: - { - size_t pnum = RSA_get_multi_prime_extra_count(r); - const BIGNUM *factors[10]; - - if (factornum - 2 < pnum - && RSA_get0_multi_prime_factors(r, factors)) - bn = factors[factornum - 2]; - } - break; + default: { + size_t pnum = RSA_get_multi_prime_extra_count(r); + const BIGNUM *factors[10]; + + if (factornum - 2 < pnum + && RSA_get0_multi_prime_factors(r, factors)) + bn = factors[factornum - 2]; + } break; } return get_payload_bn(state, translation, ctx, bn); } static int get_rsa_payload_exponent(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - size_t exponentnum) + const struct translation_st *translation, + struct translation_ctx_st *ctx, + size_t exponentnum) { const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); const BIGNUM *bn = NULL; @@ -1871,25 +1856,23 @@ case 1: bn = RSA_get0_dmq1(r); break; - default: - { - size_t pnum = RSA_get_multi_prime_extra_count(r); - const BIGNUM *exps[10], *coeffs[10]; - - if (exponentnum - 2 < pnum - && RSA_get0_multi_prime_crt_params(r, exps, coeffs)) - bn = exps[exponentnum - 2]; - } - break; + default: { + size_t pnum = RSA_get_multi_prime_extra_count(r); + const BIGNUM *exps[10], *coeffs[10]; + + if (exponentnum - 2 < pnum + && RSA_get0_multi_prime_crt_params(r, exps, coeffs)) + bn = exps[exponentnum - 2]; + } break; } return get_payload_bn(state, translation, ctx, bn); } static int get_rsa_payload_coefficient(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - size_t coefficientnum) + const struct translation_st *translation, + struct translation_ctx_st *ctx, + size_t coefficientnum) { const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); const BIGNUM *bn = NULL; @@ -1898,57 +1881,55 @@ case 0: bn = RSA_get0_iqmp(r); break; - default: - { - size_t pnum = RSA_get_multi_prime_extra_count(r); - const BIGNUM *exps[10], *coeffs[10]; - - if (coefficientnum - 1 < pnum - && RSA_get0_multi_prime_crt_params(r, exps, coeffs)) - bn = coeffs[coefficientnum - 1]; - } - break; + default: { + size_t pnum = RSA_get_multi_prime_extra_count(r); + const BIGNUM *exps[10], *coeffs[10]; + + if (coefficientnum - 1 < pnum + && RSA_get0_multi_prime_crt_params(r, exps, coeffs)) + bn = coeffs[coefficientnum - 1]; + } break; } return get_payload_bn(state, translation, ctx, bn); } -#define IMPL_GET_RSA_PAYLOAD_FACTOR(n) \ - static int \ - get_rsa_payload_f##n(enum state state, \ - const struct translation_st *translation, \ - struct translation_ctx_st *ctx) \ - { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ - && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ - return 0; \ - return get_rsa_payload_factor(state, translation, ctx, n - 1); \ +#define IMPL_GET_RSA_PAYLOAD_FACTOR(n) \ + static int \ + get_rsa_payload_f##n(enum state state, \ + const struct translation_st *translation, \ + struct translation_ctx_st *ctx) \ + { \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ + return 0; \ + return get_rsa_payload_factor(state, translation, ctx, n - 1); \ } -#define IMPL_GET_RSA_PAYLOAD_EXPONENT(n) \ - static int \ - get_rsa_payload_e##n(enum state state, \ - const struct translation_st *translation, \ - struct translation_ctx_st *ctx) \ - { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ - && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ - return 0; \ - return get_rsa_payload_exponent(state, translation, ctx, \ - n - 1); \ +#define IMPL_GET_RSA_PAYLOAD_EXPONENT(n) \ + static int \ + get_rsa_payload_e##n(enum state state, \ + const struct translation_st *translation, \ + struct translation_ctx_st *ctx) \ + { \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ + return 0; \ + return get_rsa_payload_exponent(state, translation, ctx, \ + n - 1); \ } -#define IMPL_GET_RSA_PAYLOAD_COEFFICIENT(n) \ - static int \ - get_rsa_payload_c##n(enum state state, \ - const struct translation_st *translation, \ - struct translation_ctx_st *ctx) \ - { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ - && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ - return 0; \ - return get_rsa_payload_coefficient(state, translation, ctx, \ - n - 1); \ +#define IMPL_GET_RSA_PAYLOAD_COEFFICIENT(n) \ + static int \ + get_rsa_payload_c##n(enum state state, \ + const struct translation_st *translation, \ + struct translation_ctx_st *ctx) \ + { \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ + return 0; \ + return get_rsa_payload_coefficient(state, translation, ctx, \ + n - 1); \ } IMPL_GET_RSA_PAYLOAD_FACTOR(1) @@ -1982,8 +1963,8 @@ IMPL_GET_RSA_PAYLOAD_COEFFICIENT(9) static int fix_group_ecx(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) + const struct translation_st *translation, + struct translation_ctx_st *ctx) { const char *value = NULL; @@ -1994,8 +1975,7 @@ ctx->action_type = NONE; return 1; case POST_PARAMS_TO_CTRL: - if (OSSL_PARAM_get_utf8_string_ptr(ctx->params, &value) == 0 || - OPENSSL_strcasecmp(ctx->pctx->keytype, value) != 0) { + if (OSSL_PARAM_get_utf8_string_ptr(ctx->params, &value) == 0 || OPENSSL_strcasecmp(ctx->pctx->keytype, value) != 0) { ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); ctx->p1 = 0; return 0; @@ -2022,14 +2002,14 @@ * the length of the DistID automatically when getting the DistID itself. */ { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_SET1_ID, "distid", "hexdistid", - OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_SET1_ID, "distid", "hexdistid", + OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_STRING, NULL }, { GET, -1, -1, -1, - EVP_PKEY_CTRL_GET1_ID, "distid", "hexdistid", - OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, NULL }, + EVP_PKEY_CTRL_GET1_ID, "distid", "hexdistid", + OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, NULL }, { GET, -1, -1, -1, - EVP_PKEY_CTRL_GET1_ID_LEN, NULL, NULL, - OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, fix_distid_len }, + EVP_PKEY_CTRL_GET1_ID_LEN, NULL, NULL, + OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, fix_distid_len }, /*- * DH & DHX @@ -2041,171 +2021,171 @@ * fixup function has to handle this... */ { NONE, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_TYPE, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, - fix_dh_kdf_type }, + EVP_PKEY_CTRL_DH_KDF_TYPE, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, + fix_dh_kdf_type }, { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_MD, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_DH_KDF_MD, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_MD, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_GET_DH_KDF_MD, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_DH_KDF_OUTLEN, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_DH_KDF_UKM, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, + EVP_PKEY_CTRL_GET_DH_KDF_UKM, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_OID, NULL, NULL, - OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid }, + EVP_PKEY_CTRL_DH_KDF_OID, NULL, NULL, + OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid }, { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_OID, NULL, NULL, - OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid }, + EVP_PKEY_CTRL_GET_DH_KDF_OID, NULL, NULL, + OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid }, /* DHX Keygen Parameters that are shared with DH */ { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL, - OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type }, + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL, + OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type }, { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL, - OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_NID, "dh_param", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, NULL }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 }, + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL, + OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_DH_NID, "dh_param", NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, NULL }, + { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 }, /* DH Keygen Parameters that are shared with DHX */ { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL, - OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type }, + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL, + OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type }, { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL, - OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL, + OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_DH_NID, "dh_param", NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid }, { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_NID, "dh_param", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid }, - { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 }, + EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 }, /* DH specific Keygen Parameters */ { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, "dh_paramgen_generator", NULL, - OSSL_PKEY_PARAM_DH_GENERATOR, OSSL_PARAM_INTEGER, NULL }, + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, "dh_paramgen_generator", NULL, + OSSL_PKEY_PARAM_DH_GENERATOR, OSSL_PARAM_INTEGER, NULL }, /* DHX specific Keygen Parameters */ { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, "dh_paramgen_subprime_len", NULL, - OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, "dh_paramgen_subprime_len", NULL, + OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_PAD, "dh_pad", NULL, - OSSL_EXCHANGE_PARAM_PAD, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_DH_PAD, "dh_pad", NULL, + OSSL_EXCHANGE_PARAM_PAD, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, /*- * DSA * === */ { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, "dsa_paramgen_bits", NULL, - OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, "dsa_paramgen_bits", NULL, + OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, "dsa_paramgen_q_bits", NULL, - OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, "dsa_paramgen_q_bits", NULL, + OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, "dsa_paramgen_md", NULL, - OSSL_PKEY_PARAM_FFC_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, "dsa_paramgen_md", NULL, + OSSL_PKEY_PARAM_FFC_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, /*- * EC * == */ { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL, - OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc }, + EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL, + OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc }, { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, - fix_ec_paramgen_curve_nid }, + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, + fix_ec_paramgen_curve_nid }, /* * EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used * both for setting and getting. The fixup function has to handle this... */ { NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL, - OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER, - fix_ecdh_cofactor }, + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL, + OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER, + fix_ecdh_cofactor }, { NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type }, + EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type }, { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL, + OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, + EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, /*- * SM2 * == */ { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL, - OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc }, + EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL, + OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc }, { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, - fix_ec_paramgen_curve_nid }, + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, + fix_ec_paramgen_curve_nid }, /* * EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used * both for setting and getting. The fixup function has to handle this... */ { NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL, - OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER, - fix_ecdh_cofactor }, + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL, + OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER, + fix_ecdh_cofactor }, { NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type }, + EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type }, { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL, + OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, { GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, + EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL, + OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, /*- * RSA * === @@ -2218,22 +2198,22 @@ * idea. */ { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_RSA_PADDING, "rsa_padding_mode", NULL, - OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode }, + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_RSA_PADDING, "rsa_padding_mode", NULL, + OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode }, { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_RSA_PADDING, NULL, NULL, - OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode }, + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_GET_RSA_PADDING, NULL, NULL, + OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode }, { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_mgf1_md", NULL, - OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_mgf1_md", NULL, + OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_RSA_MGF1_MD, NULL, NULL, - OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, NULL, NULL, + OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, /* * RSA-PSS saltlen is essentially numeric, but certain values can be @@ -2242,143 +2222,143 @@ * fix_rsa_pss_saltlen() takes care of the distinction. */ { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_saltlen", NULL, - OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING, - fix_rsa_pss_saltlen }, + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_saltlen", NULL, + OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING, + fix_rsa_pss_saltlen }, { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, NULL, NULL, - OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING, - fix_rsa_pss_saltlen }, + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, NULL, NULL, + OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING, + fix_rsa_pss_saltlen }, { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_MD, "rsa_oaep_md", NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_RSA_OAEP_MD, "rsa_oaep_md", NULL, + OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_MD, NULL, NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, NULL, NULL, + OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, /* * The "rsa_oaep_label" ctrl_str expects the value to always be hex. - * This is accomodated by default_fixup_args() above, which mimics that + * This is accommodated by default_fixup_args() above, which mimics that * expectation for any translation item where |ctrl_str| is NULL and * |ctrl_hexstr| is non-NULL. */ { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_LABEL, NULL, "rsa_oaep_label", - OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_RSA_OAEP_LABEL, NULL, "rsa_oaep_label", + OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, + OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, - OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, + OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_pss_keygen_mgf1_md", NULL, - OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_pss_keygen_mgf1_md", NULL, + OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_keygen_saltlen", NULL, - OSSL_SIGNATURE_PARAM_PSS_SALTLEN, OSSL_PARAM_INTEGER, NULL }, + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_keygen_saltlen", NULL, + OSSL_SIGNATURE_PARAM_PSS_SALTLEN, OSSL_PARAM_INTEGER, NULL }, { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL, - OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL, + OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL, - OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL, + OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL, - OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL, + OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, /*- * SipHash * ====== */ { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_SET_DIGEST_SIZE, "digestsize", NULL, - OSSL_MAC_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_SET_DIGEST_SIZE, "digestsize", NULL, + OSSL_MAC_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, /*- * TLS1-PRF * ======== */ { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_MD, "md", NULL, - OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_TLS_MD, "md", NULL, + OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_SECRET, "secret", "hexsecret", - OSSL_KDF_PARAM_SECRET, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_TLS_SECRET, "secret", "hexsecret", + OSSL_KDF_PARAM_SECRET, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_SEED, "seed", "hexseed", - OSSL_KDF_PARAM_SEED, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_TLS_SEED, "seed", "hexseed", + OSSL_KDF_PARAM_SEED, OSSL_PARAM_OCTET_STRING, NULL }, /*- * HKDF * ==== */ { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_MD, "md", NULL, - OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_HKDF_MD, "md", NULL, + OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_SALT, "salt", "hexsalt", - OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_HKDF_SALT, "salt", "hexsalt", + OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_KEY, "key", "hexkey", - OSSL_KDF_PARAM_KEY, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_HKDF_KEY, "key", "hexkey", + OSSL_KDF_PARAM_KEY, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_INFO, "info", "hexinfo", - OSSL_KDF_PARAM_INFO, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_HKDF_INFO, "info", "hexinfo", + OSSL_KDF_PARAM_INFO, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_MODE, "mode", NULL, - OSSL_KDF_PARAM_MODE, OSSL_PARAM_INTEGER, fix_hkdf_mode }, + EVP_PKEY_CTRL_HKDF_MODE, "mode", NULL, + OSSL_KDF_PARAM_MODE, OSSL_PARAM_INTEGER, fix_hkdf_mode }, /*- * Scrypt * ====== */ { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_PASS, "pass", "hexpass", - OSSL_KDF_PARAM_PASSWORD, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_PASS, "pass", "hexpass", + OSSL_KDF_PARAM_PASSWORD, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_SALT, "salt", "hexsalt", - OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_SCRYPT_SALT, "salt", "hexsalt", + OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_N, "N", NULL, - OSSL_KDF_PARAM_SCRYPT_N, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_SCRYPT_N, "N", NULL, + OSSL_KDF_PARAM_SCRYPT_N, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_R, "r", NULL, - OSSL_KDF_PARAM_SCRYPT_R, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_SCRYPT_R, "r", NULL, + OSSL_KDF_PARAM_SCRYPT_R, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_P, "p", NULL, - OSSL_KDF_PARAM_SCRYPT_P, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_SCRYPT_P, "p", NULL, + OSSL_KDF_PARAM_SCRYPT_P, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, "maxmem_bytes", NULL, - OSSL_KDF_PARAM_SCRYPT_MAXMEM, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, "maxmem_bytes", NULL, + OSSL_KDF_PARAM_SCRYPT_MAXMEM, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, { SET, -1, -1, EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_CIPHER, NULL, NULL, - OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher }, + EVP_PKEY_CTRL_CIPHER, NULL, NULL, + OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher }, { SET, -1, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey", - OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL }, + EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey", + OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_MD, NULL, NULL, - OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_MD, NULL, NULL, + OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, { GET, -1, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_MD, NULL, NULL, - OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_GET_MD, NULL, NULL, + OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, /*- * ECX * === */ { SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, { SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, }; static const struct translation_st evp_pkey_translations[] = { @@ -2391,135 +2371,135 @@ /* DH, DSA & EC */ { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, - get_payload_group_name }, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, + get_payload_group_name }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_UNSIGNED_INTEGER, - get_payload_private_key }, + OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_UNSIGNED_INTEGER, + get_payload_private_key }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_PUB_KEY, - 0 /* no data type, let get_payload_public_key() handle that */, - get_payload_public_key }, + OSSL_PKEY_PARAM_PUB_KEY, + 0 /* no data type, let get_payload_public_key() handle that */, + get_payload_public_key }, /* DH and DSA */ { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_FFC_P, OSSL_PARAM_UNSIGNED_INTEGER, - get_dh_dsa_payload_p }, + OSSL_PKEY_PARAM_FFC_P, OSSL_PARAM_UNSIGNED_INTEGER, + get_dh_dsa_payload_p }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_FFC_G, OSSL_PARAM_UNSIGNED_INTEGER, - get_dh_dsa_payload_g }, + OSSL_PKEY_PARAM_FFC_G, OSSL_PARAM_UNSIGNED_INTEGER, + get_dh_dsa_payload_g }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_FFC_Q, OSSL_PARAM_UNSIGNED_INTEGER, - get_dh_dsa_payload_q }, + OSSL_PKEY_PARAM_FFC_Q, OSSL_PARAM_UNSIGNED_INTEGER, + get_dh_dsa_payload_q }, /* RSA */ { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_N, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_n }, + OSSL_PKEY_PARAM_RSA_N, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_n }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e }, + OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_D, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_d }, + OSSL_PKEY_PARAM_RSA_D, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_d }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR1, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f1 }, + OSSL_PKEY_PARAM_RSA_FACTOR1, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f1 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR2, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f2 }, + OSSL_PKEY_PARAM_RSA_FACTOR2, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f2 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR3, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f3 }, + OSSL_PKEY_PARAM_RSA_FACTOR3, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f3 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR4, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f4 }, + OSSL_PKEY_PARAM_RSA_FACTOR4, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f4 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR5, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f5 }, + OSSL_PKEY_PARAM_RSA_FACTOR5, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f5 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR6, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f6 }, + OSSL_PKEY_PARAM_RSA_FACTOR6, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f6 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR7, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f7 }, + OSSL_PKEY_PARAM_RSA_FACTOR7, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f7 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR8, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f8 }, + OSSL_PKEY_PARAM_RSA_FACTOR8, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f8 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR9, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f9 }, + OSSL_PKEY_PARAM_RSA_FACTOR9, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f9 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR10, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f10 }, + OSSL_PKEY_PARAM_RSA_FACTOR10, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_f10 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT1, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e1 }, + OSSL_PKEY_PARAM_RSA_EXPONENT1, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e1 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT2, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e2 }, + OSSL_PKEY_PARAM_RSA_EXPONENT2, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e2 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT3, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e3 }, + OSSL_PKEY_PARAM_RSA_EXPONENT3, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e3 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT4, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e4 }, + OSSL_PKEY_PARAM_RSA_EXPONENT4, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e4 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT5, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e5 }, + OSSL_PKEY_PARAM_RSA_EXPONENT5, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e5 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT6, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e6 }, + OSSL_PKEY_PARAM_RSA_EXPONENT6, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e6 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT7, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e7 }, + OSSL_PKEY_PARAM_RSA_EXPONENT7, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e7 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT8, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e8 }, + OSSL_PKEY_PARAM_RSA_EXPONENT8, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e8 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT9, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e9 }, + OSSL_PKEY_PARAM_RSA_EXPONENT9, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e9 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT10, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e10 }, + OSSL_PKEY_PARAM_RSA_EXPONENT10, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_e10 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT1, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c1 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT1, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c1 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT2, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c2 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT2, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c2 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT3, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c3 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT3, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c3 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT4, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c4 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT4, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c4 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT5, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c5 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT5, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c5 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT6, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c6 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT6, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c6 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT7, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c7 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT7, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c7 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT8, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c8 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT8, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c8 }, { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT9, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c9 }, + OSSL_PKEY_PARAM_RSA_COEFFICIENT9, OSSL_PARAM_UNSIGNED_INTEGER, + get_rsa_payload_c9 }, /* EC */ { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, OSSL_PARAM_INTEGER, - get_ec_decoded_from_explicit_params }, + OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, OSSL_PARAM_INTEGER, + get_ec_decoded_from_explicit_params }, }; static const struct translation_st * lookup_translation(struct translation_st *tmpl, - const struct translation_st *translations, - size_t translations_num) + const struct translation_st *translations, + size_t translations_num) { size_t i; @@ -2535,7 +2515,6 @@ if (!ossl_assert((item->keytype1 == -1) == (item->keytype2 == -1))) continue; - /* * Base search criteria: check that the optype and keytypes match, * if relevant. All callers must synthesise these bits somehow. @@ -2579,8 +2558,9 @@ && OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) ctrl_str = tmpl->ctrl_str; else if (item->ctrl_hexstr != NULL - && OPENSSL_strcasecmp(tmpl->ctrl_hexstr, - item->ctrl_hexstr) == 0) + && OPENSSL_strcasecmp(tmpl->ctrl_hexstr, + item->ctrl_hexstr) + == 0) ctrl_hexstr = tmpl->ctrl_hexstr; else continue; @@ -2606,10 +2586,11 @@ * therefore take the action type into account in this case. */ if ((item->action_type != NONE - && tmpl->action_type != item->action_type) + && tmpl->action_type != item->action_type) || (item->param_key != NULL && OPENSSL_strcasecmp(tmpl->param_key, - item->param_key) != 0)) + item->param_key) + != 0)) continue; } else { return NULL; @@ -2625,23 +2606,27 @@ lookup_evp_pkey_ctx_translation(struct translation_st *tmpl) { return lookup_translation(tmpl, evp_pkey_ctx_translations, - OSSL_NELEM(evp_pkey_ctx_translations)); + OSSL_NELEM(evp_pkey_ctx_translations)); } static const struct translation_st * lookup_evp_pkey_translation(struct translation_st *tmpl) { return lookup_translation(tmpl, evp_pkey_translations, - OSSL_NELEM(evp_pkey_translations)); + OSSL_NELEM(evp_pkey_translations)); } /* This must ONLY be called for provider side operations */ int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *pctx, - int keytype, int optype, - int cmd, int p1, void *p2) + int keytype, int optype, + int cmd, int p1, void *p2) { - struct translation_ctx_st ctx = { 0, }; - struct translation_st tmpl = { 0, }; + struct translation_ctx_st ctx = { + 0, + }; + struct translation_st tmpl = { + 0, + }; const struct translation_st *translation = NULL; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; int ret; @@ -2706,10 +2691,14 @@ /* This must ONLY be called for provider side operations */ int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *pctx, - const char *name, const char *value) + const char *name, const char *value) { - struct translation_ctx_st ctx = { 0, }; - struct translation_st tmpl = { 0, }; + struct translation_ctx_st ctx = { + 0, + }; + struct translation_st tmpl = { + 0, + }; const struct translation_st *translation = NULL; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; int keytype = pctx->legacy_keytype; @@ -2768,15 +2757,19 @@ /* This must ONLY be called for legacy operations */ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, - enum action action_type, - OSSL_PARAM *params) + enum action action_type, + OSSL_PARAM *params) { int keytype = pctx->legacy_keytype; int optype = pctx->operation == 0 ? -1 : pctx->operation; for (; params != NULL && params->key != NULL; params++) { - struct translation_ctx_st ctx = { 0, }; - struct translation_st tmpl = { 0, }; + struct translation_ctx_st ctx = { + 0, + }; + struct translation_st tmpl = { + 0, + }; const struct translation_st *translation = NULL; fixup_args_fn *fixup = default_fixup_args; int ret; @@ -2799,14 +2792,14 @@ if (ret > 0 && ctx.action_type != NONE) ret = EVP_PKEY_CTX_ctrl(pctx, keytype, optype, - ctx.ctrl_cmd, ctx.p1, ctx.p2); + ctx.ctrl_cmd, ctx.p1, ctx.p2); /* * In POST, we pass the return value as p1, allowing the fixup_args * function to put it to good use, or maybe affect it. * * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented - * as return positive on Success and 0 or negative on falure. There + * as return positive on Success and 0 or negative on failure. There * maybe parameters (e.g. ecdh_cofactor), which actually return 0 * as success value. That is why we do POST_PARAMS_TO_CTRL for 0 * value as well @@ -2827,24 +2820,32 @@ int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params) { + if (ctx->keymgmt != NULL) + return 0; return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params); } int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) { + if (ctx->keymgmt != NULL) + return 0; return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params); } /* This must ONLY be called for legacy EVP_PKEYs */ static int evp_pkey_setget_params_to_ctrl(const EVP_PKEY *pkey, - enum action action_type, - OSSL_PARAM *params) + enum action action_type, + OSSL_PARAM *params) { int ret = 1; for (; params != NULL && params->key != NULL; params++) { - struct translation_ctx_st ctx = { 0, }; - struct translation_st tmpl = { 0, }; + struct translation_ctx_st ctx = { + 0, + }; + struct translation_st tmpl = { + 0, + }; const struct translation_st *translation = NULL; fixup_args_fn *fixup = default_fixup_args; --- crypto/openssl/crypto/evp/dh_ctrl.c.orig +++ crypto/openssl/crypto/evp/dh_ctrl.c @@ -61,8 +61,8 @@ } int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, - size_t seedlen) + const unsigned char *seed, + size_t seedlen) { int ret; OSSL_PARAM params[2], *p = params; @@ -71,7 +71,7 @@ return ret; *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, - (void *)seed, seedlen); + (void *)seed, seedlen); *p = OSSL_PARAM_construct_end(); return evp_pkey_ctx_set_params_strict(ctx, params); @@ -84,7 +84,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL); + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL); } int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits) @@ -137,7 +137,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_RFC5114, gen, NULL); + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL); } int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen) @@ -152,8 +152,8 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, - EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_NID, nid, NULL); + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_DH_NID, nid, NULL); } int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) @@ -180,7 +180,7 @@ int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL); + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL); } /* @@ -190,7 +190,7 @@ int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL); + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL); } /* @@ -200,7 +200,7 @@ int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)); + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)); } /* @@ -210,7 +210,7 @@ int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(oid)); + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(oid)); } /* @@ -220,7 +220,7 @@ int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)); } /* @@ -229,8 +229,8 @@ */ int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd) { - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)); + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)); } int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int outlen) @@ -253,7 +253,7 @@ } *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &len); + &len); *p = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, params); @@ -273,7 +273,7 @@ return ret; *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &len); + &len); *p = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_get_params_strict(ctx, params); @@ -300,12 +300,12 @@ return ret; *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, - /* - * Cast away the const. This is read - * only so should be safe - */ - (void *)ukm, - (size_t)len); + /* + * Cast away the const. This is read + * only so should be safe + */ + (void *)ukm, + (size_t)len); *p = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, params); @@ -328,7 +328,7 @@ return ret; *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM, - (void **)pukm, 0); + (void **)pukm, 0); *p = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_get_params_strict(ctx, params); --- crypto/openssl/crypto/evp/dh_support.c.orig +++ crypto/openssl/crypto/evp/dh_support.c @@ -12,7 +12,7 @@ #include "internal/nelem.h" #include "crypto/dh.h" -typedef struct dh_name2id_st{ +typedef struct dh_name2id_st { const char *name; int id; int type; @@ -21,15 +21,14 @@ /* Indicates that the paramgen_type can be used for either DH or DHX */ #define TYPE_ANY -1 #ifndef OPENSSL_NO_DH -# define TYPE_DH DH_FLAG_TYPE_DH -# define TYPE_DHX DH_FLAG_TYPE_DHX +#define TYPE_DH DH_FLAG_TYPE_DH +#define TYPE_DHX DH_FLAG_TYPE_DHX #else -# define TYPE_DH 0 -# define TYPE_DHX 0 +#define TYPE_DH 0 +#define TYPE_DHX 0 #endif -static const DH_GENTYPE_NAME2ID dhtype2id[] = -{ +static const DH_GENTYPE_NAME2ID dhtype2id[] = { { "group", DH_PARAMGEN_TYPE_GROUP, TYPE_ANY }, { "generator", DH_PARAMGEN_TYPE_GENERATOR, TYPE_DH }, { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4, TYPE_DHX }, @@ -54,7 +53,7 @@ for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) { if ((dhtype2id[i].type == TYPE_ANY - || type == dhtype2id[i].type) + || type == dhtype2id[i].type) && strcmp(dhtype2id[i].name, name) == 0) return dhtype2id[i].id; } --- crypto/openssl/crypto/evp/digest.c.orig +++ crypto/openssl/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include #include @@ -29,11 +29,11 @@ { if (ctx->digest != NULL) { if (ctx->digest->cleanup != NULL - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) ctx->digest->cleanup(ctx); if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 - && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) - || force)) { + && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) + || force)) { OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); ctx->md_data = NULL; } @@ -103,7 +103,7 @@ #ifndef FIPS_MODULE EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { EVP_MD_CTX *ctx; EVP_PKEY_CTX *pctx = NULL; @@ -120,7 +120,7 @@ EVP_MD_CTX_set_pkey_ctx(ctx, pctx); return ctx; - err: +err: EVP_PKEY_CTX_free(pctx); EVP_MD_CTX_free(ctx); return NULL; @@ -142,7 +142,7 @@ } static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, - const OSSL_PARAM params[], ENGINE *impl) + const OSSL_PARAM params[], ENGINE *impl) { #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; @@ -150,8 +150,8 @@ #if !defined(FIPS_MODULE) if (ctx->pctx != NULL - && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) - && ctx->pctx->op.sig.algctx != NULL) { + && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) + && ctx->pctx->op.sig.algctx != NULL) { /* * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx * previously initialised with EVP_DigestSignInit() would retain @@ -197,8 +197,7 @@ * previous handle, re-querying for an ENGINE, and having a * reinitialisation, when it may all be unnecessary. */ - if (ctx->engine && ctx->digest && - (type == NULL || (type->type == ctx->digest->type))) + if (ctx->engine && ctx->digest && (type == NULL || (type->type == ctx->digest->type))) goto skip_to_init; if (type != NULL) { @@ -220,14 +219,14 @@ * should use legacy handling for now. */ if (ctx->engine != NULL - || impl != NULL + || impl != NULL #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - || tmpimpl != NULL + || tmpimpl != NULL #endif - || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 - || (type != NULL && type->origin == EVP_ORIG_METH) - || (type == NULL && ctx->digest != NULL - && ctx->digest->origin == EVP_ORIG_METH)) { + || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 + || (type != NULL && type->origin == EVP_ORIG_METH) + || (type == NULL && ctx->digest != NULL + && ctx->digest->origin == EVP_ORIG_METH)) { if (ctx->digest == ctx->fetched_digest) ctx->digest = NULL; EVP_MD_free(ctx->fetched_digest); @@ -247,8 +246,9 @@ #else /* The NULL digest is a special case */ EVP_MD *provmd = EVP_MD_fetch(NULL, - type->type != NID_undef ? OBJ_nid2sn(type->type) - : "NULL", ""); + type->type != NID_undef ? OBJ_nid2sn(type->type) + : "NULL", + ""); if (provmd == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -290,7 +290,7 @@ return ctx->digest->dinit(ctx->algctx, params); /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if (type) { @@ -337,15 +337,15 @@ } } #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - skip_to_init: +skip_to_init: #endif #ifndef FIPS_MODULE if (ctx->pctx != NULL - && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) - || ctx->pctx->op.sig.signature == NULL)) { + && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) + || ctx->pctx->op.sig.signature == NULL)) { int r; r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); + EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); if (r <= 0 && (r != -2)) return 0; } @@ -356,7 +356,7 @@ } int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return evp_md_init_internal(ctx, type, params, NULL); } @@ -378,8 +378,8 @@ return 1; if (ctx->pctx != NULL - && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) - && ctx->pctx->op.sig.algctx != NULL) { + && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) + && ctx->pctx->op.sig.algctx != NULL) { /* * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate(). @@ -397,8 +397,8 @@ } if (ctx->digest == NULL - || ctx->digest->prov == NULL - || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) + || ctx->digest->prov == NULL + || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) goto legacy; if (ctx->digest->dupdate == NULL) { @@ -408,7 +408,7 @@ return ctx->digest->dupdate(ctx->algctx, data, count); /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: return ctx->update != NULL ? ctx->update(ctx, data, count) : 0; } @@ -457,7 +457,7 @@ return ret; /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (isize != NULL) @@ -540,7 +540,7 @@ } if (in->digest->prov == NULL - || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) + || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) goto legacy; if (in->digest->dupctx == NULL) { @@ -568,7 +568,7 @@ } } - clone_pkey: +clone_pkey: /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); #ifndef FIPS_MODULE @@ -585,7 +585,7 @@ return 1; /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { @@ -644,8 +644,8 @@ } int EVP_Digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, const EVP_MD *type, - ENGINE *impl) + unsigned char *md, unsigned int *size, const EVP_MD *type, + ENGINE *impl) { EVP_MD_CTX *ctx = EVP_MD_CTX_new(); int ret; @@ -662,8 +662,8 @@ } int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq, - const void *data, size_t datalen, - unsigned char *md, size_t *mdlen) + const void *data, size_t datalen, + unsigned char *md, size_t *mdlen) { EVP_MD *digest = EVP_MD_fetch(libctx, name, propq); unsigned int temp = 0; @@ -689,7 +689,7 @@ { if (digest != NULL && digest->gettable_params != NULL) return digest->gettable_params( - ossl_provider_ctx(EVP_MD_get0_provider(digest))); + ossl_provider_ctx(EVP_MD_get0_provider(digest))); return NULL; } @@ -699,12 +699,12 @@ /* If we have a pctx then we should try that first */ if (pctx != NULL - && (pctx->operation == EVP_PKEY_OP_VERIFYCTX - || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->set_ctx_md_params != NULL) + && (pctx->operation == EVP_PKEY_OP_VERIFYCTX + || pctx->operation == EVP_PKEY_OP_SIGNCTX) + && pctx->op.sig.algctx != NULL + && pctx->op.sig.signature->set_ctx_md_params != NULL) return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.algctx, - params); + params); if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL) return ctx->digest->set_ctx_params(ctx->algctx, params); @@ -734,12 +734,12 @@ /* If we have a pctx then we should try that first */ pctx = ctx->pctx; if (pctx != NULL - && (pctx->operation == EVP_PKEY_OP_VERIFYCTX - || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->settable_ctx_md_params != NULL) + && (pctx->operation == EVP_PKEY_OP_VERIFYCTX + || pctx->operation == EVP_PKEY_OP_SIGNCTX) + && pctx->op.sig.algctx != NULL + && pctx->op.sig.signature->settable_ctx_md_params != NULL) return pctx->op.sig.signature->settable_ctx_md_params( - pctx->op.sig.algctx); + pctx->op.sig.algctx); if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) { alg = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest)); @@ -755,12 +755,12 @@ /* If we have a pctx then we should try that first */ if (pctx != NULL - && (pctx->operation == EVP_PKEY_OP_VERIFYCTX - || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->get_ctx_md_params != NULL) + && (pctx->operation == EVP_PKEY_OP_VERIFYCTX + || pctx->operation == EVP_PKEY_OP_SIGNCTX) + && pctx->op.sig.algctx != NULL + && pctx->op.sig.signature->get_ctx_md_params != NULL) return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx, - params); + params); if (ctx->digest != NULL && ctx->digest->get_ctx_params != NULL) return ctx->digest->get_ctx_params(ctx->algctx, params); @@ -790,12 +790,13 @@ /* If we have a pctx then we should try that first */ pctx = ctx->pctx; if (pctx != NULL - && (pctx->operation == EVP_PKEY_OP_VERIFYCTX - || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->gettable_ctx_md_params != NULL) + && (pctx->operation == EVP_PKEY_OP_VERIFYCTX + || pctx->operation == EVP_PKEY_OP_SIGNCTX) + && pctx->op.sig.signature != NULL + && pctx->op.sig.signature->gettable_ctx_md_params != NULL + && pctx->op.sig.algctx != NULL) return pctx->op.sig.signature->gettable_ctx_md_params( - pctx->op.sig.algctx); + pctx->op.sig.algctx); if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest)); @@ -827,11 +828,11 @@ case EVP_MD_CTRL_MICALG: set_params = 0; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG, - p2, p1 ? p1 : 9999); + p2, p1 ? p1 : 9999); break; case EVP_CTRL_SSL3_MASTER_SECRET: params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, - p2, p1); + p2, p1); break; default: goto conclude; @@ -843,16 +844,15 @@ ret = EVP_MD_CTX_get_params(ctx, params); goto conclude; - /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: if (ctx->digest->md_ctrl == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); return 0; } ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); - conclude: +conclude: if (ret <= 0) return 0; return ret; @@ -890,7 +890,7 @@ */ const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); - if (*legacy_nid == -1) /* We found a clash already */ + if (*legacy_nid == -1) /* We found a clash already */ return; if (legacy_method == NULL) @@ -915,7 +915,7 @@ params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &mdsize); params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof); params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, - &algid_absent); + &algid_absent); params[4] = OSSL_PARAM_construct_end(); ok = evp_do_md_getparams(md, params) > 0; if (mdsize > INT_MAX || blksz > INT_MAX) @@ -932,8 +932,8 @@ } static void *evp_md_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_MD *md = NULL; @@ -948,7 +948,7 @@ #ifndef FIPS_MODULE md->type = NID_undef; if (!evp_names_do_all(prov, name_id, set_legacy_nid, &md->type) - || md->type == -1) { + || md->type == -1) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); EVP_MD_free(md); return NULL; @@ -1021,13 +1021,11 @@ break; case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS: if (md->settable_ctx_params == NULL) - md->settable_ctx_params = - OSSL_FUNC_digest_settable_ctx_params(fns); + md->settable_ctx_params = OSSL_FUNC_digest_settable_ctx_params(fns); break; case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS: if (md->gettable_ctx_params == NULL) - md->gettable_ctx_params = - OSSL_FUNC_digest_gettable_ctx_params(fns); + md->gettable_ctx_params = OSSL_FUNC_digest_gettable_ctx_params(fns); break; } } @@ -1067,11 +1065,10 @@ } EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) + const char *properties) { - EVP_MD *md = - evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties, - evp_md_from_algorithm, evp_md_up_ref, evp_md_free); + EVP_MD *md = evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties, + evp_md_from_algorithm, evp_md_up_ref, evp_md_free); return md; } @@ -1099,10 +1096,10 @@ } void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_MD *mac, void *arg), - void *arg) + void (*fn)(EVP_MD *mac, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_DIGEST, - (void (*)(void *, void *))fn, arg, - evp_md_from_algorithm, evp_md_up_ref, evp_md_free); + (void (*)(void *, void *))fn, arg, + evp_md_from_algorithm, evp_md_up_ref, evp_md_free); } --- crypto/openssl/crypto/evp/dsa_ctrl.c.orig +++ crypto/openssl/crypto/evp/dsa_ctrl.c @@ -36,7 +36,7 @@ return ret; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, - (char *)name, 0); + (char *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -57,8 +57,8 @@ } int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, - size_t seedlen) + const unsigned char *seed, + size_t seedlen) { int ret; OSSL_PARAM params[2], *p = params; @@ -67,7 +67,7 @@ return ret; *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, - (void *)seed, seedlen); + (void *)seed, seedlen); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -104,8 +104,8 @@ } int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx, - const char *md_name, - const char *md_properties) + const char *md_name, + const char *md_properties) { int ret; OSSL_PARAM params[3], *p = params; @@ -114,10 +114,10 @@ return ret; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, - (char *)md_name, 0); + (char *)md_name, 0); if (md_properties != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, - (char *)md_properties, 0); + (char *)md_properties, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -127,6 +127,6 @@ int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)); } #endif --- crypto/openssl/crypto/evp/e_aes.c.orig +++ crypto/openssl/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,17 +45,17 @@ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ks; /* AES key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ + } ks; /* AES key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ GCM128_CONTEXT gcm; - unsigned char *iv; /* Temporary IV store */ - int ivlen; /* IV length */ + unsigned char *iv; /* Temporary IV store */ + int ivlen; /* IV length */ int taglen; - int iv_gen; /* It is OK to generate IVs */ - int iv_gen_rand; /* No IV was specified, so generate a rand IV */ - int tls_aad_len; /* TLS AAD length */ - uint64_t tls_enc_records; /* Number of TLS records encrypted */ + int iv_gen; /* It is OK to generate IVs */ + int iv_gen_rand; /* No IV was specified, so generate a rand IV */ + int tls_aad_len; /* TLS AAD length */ + uint64_t tls_enc_records; /* Number of TLS records encrypted */ ctr128_f ctr; } EVP_AES_GCM_CTX; @@ -63,12 +63,12 @@ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ks1, ks2; /* AES key schedules to use */ + } ks1, ks2; /* AES key schedules to use */ XTS128_CONTEXT xts; - void (*stream) (const unsigned char *in, - unsigned char *out, size_t length, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); + void (*stream)(const unsigned char *in, + unsigned char *out, size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); } EVP_AES_XTS_CTX; #ifdef FIPS_MODULE @@ -81,13 +81,13 @@ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ks; /* AES key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - int tag_set; /* Set if tag is valid */ - int len_set; /* Set if message length set */ - int L, M; /* L and M parameters from RFC3610 */ - int tls_aad_len; /* TLS AAD length */ + } ks; /* AES key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + int tag_set; /* Set if tag is valid */ + int len_set; /* Set if message length set */ + int L, M; /* L and M parameters from RFC3610 */ + int tls_aad_len; /* TLS AAD length */ CCM128_CONTEXT ccm; ccm128_f str; } EVP_AES_CCM_CTX; @@ -97,26 +97,26 @@ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ksenc; /* AES key schedule to use for encryption */ + } ksenc; /* AES key schedule to use for encryption */ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ksdec; /* AES key schedule to use for decryption */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ + } ksdec; /* AES key schedule to use for decryption */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ OCB128_CONTEXT ocb; - unsigned char *iv; /* Temporary IV store */ + unsigned char *iv; /* Temporary IV store */ unsigned char tag[16]; unsigned char data_buf[16]; /* Store partial data blocks */ - unsigned char aad_buf[16]; /* Store partial AAD blocks */ + unsigned char aad_buf[16]; /* Store partial AAD blocks */ int data_buf_len; int aad_buf_len; - int ivlen; /* IV length */ + int ivlen; /* IV length */ int taglen; } EVP_AES_OCB_CTX; #endif -#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) +#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) /* increment counter (64-bit int) by 1 */ static void ctr64_inc(unsigned char *counter) @@ -135,36 +135,34 @@ } #if defined(AESNI_CAPABLE) -# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ - gctx->gcm.ghash==gcm_ghash_avx) -# undef AES_GCM_ASM2 /* minor size optimization */ -# endif +#if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +#define AES_GCM_ASM2(gctx) (gctx->gcm.block == (block128_f)aesni_encrypt && gctx->gcm.ghash == gcm_ghash_avx) +#undef AES_GCM_ASM2 /* minor size optimization */ +#endif static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ret, mode; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); mode = EVP_CIPHER_CTX_get_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { ret = aesni_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) aesni_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aesni_cbc_encrypt : NULL; + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks.ks); + dat->block = (block128_f)aesni_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)aesni_cbc_encrypt : NULL; } else { ret = aesni_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) aesni_encrypt; + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks.ks); + dat->block = (block128_f)aesni_encrypt; if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; + dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt; else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; + dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; else dat->stream.cbc = NULL; } @@ -178,59 +176,59 @@ } static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, - ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx)); + aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY, ctx)->ks.ks, + ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); if (len < bl) return 1; - aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, - EVP_CIPHER_CTX_is_encrypting(ctx)); + aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY, ctx)->ks.ks, + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } -# define aesni_ofb_cipher aes_ofb_cipher +#define aesni_ofb_cipher aes_ofb_cipher static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aesni_cfb_cipher aes_cfb_cipher +#define aesni_cfb_cipher aes_cfb_cipher static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aesni_cfb8_cipher aes_cfb8_cipher +#define aesni_cfb8_cipher aes_cfb8_cipher static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aesni_cfb1_cipher aes_cfb1_cipher +#define aesni_cfb1_cipher aes_cfb1_cipher static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aesni_ctr_cipher aes_ctr_cipher +#define aesni_ctr_cipher aes_ctr_cipher static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, ctx); if (!iv && !key) return 1; if (key) { aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt); - gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; + &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)aesni_encrypt); + gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; /* * If we have an iv can set it directly, otherwise use saved IV. */ @@ -253,14 +251,14 @@ return 1; } -# define aesni_gcm_cipher aes_gcm_cipher +#define aesni_gcm_cipher aes_gcm_cipher static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, ctx); if (!iv && !key) return 1; @@ -277,7 +275,7 @@ * See comment in aes_xts_init_key() below. */ if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ERR_raise(ERR_LIB_EVP, EVP_R_XTS_DUPLICATED_KEYS); return 0; } @@ -285,16 +283,16 @@ /* key_len is two AES keys */ if (enc) { aesni_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_encrypt; + xctx->xts.block1 = (block128_f)aesni_encrypt; xctx->stream = aesni_xts_encrypt; } else { aesni_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_decrypt; + xctx->xts.block1 = (block128_f)aesni_decrypt; xctx->stream = aesni_xts_decrypt; } aesni_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aesni_encrypt; + xctx->xts.block2 = (block128_f)aesni_encrypt; xctx->xts.key1 = &xctx->ks1; } @@ -307,23 +305,22 @@ return 1; } -# define aesni_xts_cipher aes_xts_cipher +#define aesni_xts_cipher aes_xts_cipher static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, ctx); if (!iv && !key) return 1; if (key) { aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) aesni_encrypt); - cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks : - (ccm128_f) aesni_ccm64_decrypt_blocks; + &cctx->ks, (block128_f)aesni_encrypt); + cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks : (ccm128_f)aesni_ccm64_decrypt_blocks; cctx->key_set = 1; } if (iv) { @@ -333,15 +330,15 @@ return 1; } -# define aesni_ccm_cipher aes_ccm_cipher +#define aesni_ccm_cipher aes_ccm_cipher static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# ifndef OPENSSL_NO_OCB +#ifndef OPENSSL_NO_OCB static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX, ctx); if (!iv && !key) return 1; if (key) { @@ -352,18 +349,17 @@ * decrypt for an encryption operation. */ aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); + &octx->ksenc.ks); aesni_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); + &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) aesni_encrypt, - (block128_f) aesni_decrypt, - enc ? aesni_ocb_encrypt - : aesni_ocb_decrypt)) + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f)aesni_encrypt, + (block128_f)aesni_decrypt, + enc ? aesni_ocb_encrypt + : aesni_ocb_decrypt)) return 0; - } - while (0); + } while (0); /* * If we have an iv we can set it directly, otherwise use saved IV. @@ -388,67 +384,75 @@ return 1; } -# define aesni_ocb_cipher aes_ocb_cipher +#define aesni_ocb_cipher aes_ocb_cipher static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# endif /* OPENSSL_NO_OCB */ - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aesni_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aesni_init_key, \ - aesni_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } - -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -static const EVP_CIPHER aesni_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aesni_##mode##_init_key, \ - aesni_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } + const unsigned char *in, size_t len); +#endif /* OPENSSL_NO_OCB */ + +#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \ + static const EVP_CIPHER aesni_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aesni_init_key, \ + aesni_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, \ + keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { \ + return AESNI_CAPABLE ? &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \ + } + +#define BLOCK_CIPHER_custom(nid, keylen, blocksize, ivlen, mode, MODE, flags) \ + static const EVP_CIPHER aesni_##keylen##_##mode = { \ + nid##_##keylen##_##mode, blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE || EVP_CIPH_##MODE##_MODE == EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aesni_##mode##_init_key, \ + aesni_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL, NULL, aes_##mode##_ctrl, NULL \ + }; \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode, blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE || EVP_CIPH_##MODE##_MODE == EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL, NULL, aes_##mode##_ctrl, NULL \ + }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { \ + return AESNI_CAPABLE ? &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \ + } #elif defined(SPARC_AES_CAPABLE) static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ret, mode, bits; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); mode = EVP_CIPHER_CTX_get_mode(ctx); bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; @@ -456,19 +460,16 @@ && !enc) { ret = 0; aes_t4_set_decrypt_key(key, bits, &dat->ks.ks); - dat->block = (block128_f) aes_t4_decrypt; + dat->block = (block128_f)aes_t4_decrypt; switch (bits) { case 128: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes128_t4_cbc_decrypt : NULL; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)aes128_t4_cbc_decrypt : NULL; break; case 192: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes192_t4_cbc_decrypt : NULL; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)aes192_t4_cbc_decrypt : NULL; break; case 256: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes256_t4_cbc_decrypt : NULL; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)aes256_t4_cbc_decrypt : NULL; break; default: ret = -1; @@ -476,29 +477,29 @@ } else { ret = 0; aes_t4_set_encrypt_key(key, bits, &dat->ks.ks); - dat->block = (block128_f) aes_t4_encrypt; + dat->block = (block128_f)aes_t4_encrypt; switch (bits) { case 128: if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aes128_t4_cbc_encrypt; + dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt; else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aes128_t4_ctr32_encrypt; + dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt; else dat->stream.cbc = NULL; break; case 192: if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aes192_t4_cbc_encrypt; + dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt; else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aes192_t4_ctr32_encrypt; + dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt; else dat->stream.cbc = NULL; break; case 256: if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aes256_t4_cbc_encrypt; + dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt; else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aes256_t4_ctr32_encrypt; + dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt; else dat->stream.cbc = NULL; break; @@ -515,54 +516,54 @@ return 1; } -# define aes_t4_cbc_cipher aes_cbc_cipher +#define aes_t4_cbc_cipher aes_cbc_cipher static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aes_t4_ecb_cipher aes_ecb_cipher +#define aes_t4_ecb_cipher aes_ecb_cipher static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aes_t4_ofb_cipher aes_ofb_cipher +#define aes_t4_ofb_cipher aes_ofb_cipher static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aes_t4_cfb_cipher aes_cfb_cipher +#define aes_t4_cfb_cipher aes_cfb_cipher static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aes_t4_cfb8_cipher aes_cfb8_cipher +#define aes_t4_cfb8_cipher aes_cfb8_cipher static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aes_t4_cfb1_cipher aes_cfb1_cipher +#define aes_t4_cfb1_cipher aes_cfb1_cipher static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define aes_t4_ctr_cipher aes_ctr_cipher +#define aes_t4_ctr_cipher aes_ctr_cipher static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, ctx); if (!iv && !key) return 1; if (key) { int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) aes_t4_encrypt); + (block128_f)aes_t4_encrypt); switch (bits) { case 128: - gctx->ctr = (ctr128_f) aes128_t4_ctr32_encrypt; + gctx->ctr = (ctr128_f)aes128_t4_ctr32_encrypt; break; case 192: - gctx->ctr = (ctr128_f) aes192_t4_ctr32_encrypt; + gctx->ctr = (ctr128_f)aes192_t4_ctr32_encrypt; break; case 256: - gctx->ctr = (ctr128_f) aes256_t4_ctr32_encrypt; + gctx->ctr = (ctr128_f)aes256_t4_ctr32_encrypt; break; default: return 0; @@ -589,14 +590,14 @@ return 1; } -# define aes_t4_gcm_cipher aes_gcm_cipher +#define aes_t4_gcm_cipher aes_gcm_cipher static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, ctx); if (!iv && !key) return 1; @@ -613,7 +614,7 @@ * See comment in aes_xts_init_key() below. */ if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ERR_raise(ERR_LIB_EVP, EVP_R_XTS_DUPLICATED_KEYS); return 0; } @@ -622,7 +623,7 @@ /* key_len is two AES keys */ if (enc) { aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aes_t4_encrypt; + xctx->xts.block1 = (block128_f)aes_t4_encrypt; switch (bits) { case 128: xctx->stream = aes128_t4_xts_encrypt; @@ -635,7 +636,7 @@ } } else { aes_t4_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aes_t4_decrypt; + xctx->xts.block1 = (block128_f)aes_t4_decrypt; switch (bits) { case 128: xctx->stream = aes128_t4_xts_decrypt; @@ -649,7 +650,7 @@ } aes_t4_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aes_t4_encrypt; + xctx->xts.block2 = (block128_f)aes_t4_encrypt; xctx->xts.key1 = &xctx->ks1; } @@ -662,21 +663,21 @@ return 1; } -# define aes_t4_xts_cipher aes_xts_cipher +#define aes_t4_xts_cipher aes_xts_cipher static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, ctx); if (!iv && !key) return 1; if (key) { int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) aes_t4_encrypt); + &cctx->ks, (block128_f)aes_t4_encrypt); cctx->str = NULL; cctx->key_set = 1; } @@ -687,15 +688,15 @@ return 1; } -# define aes_t4_ccm_cipher aes_ccm_cipher +#define aes_t4_ccm_cipher aes_ccm_cipher static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# ifndef OPENSSL_NO_OCB +#ifndef OPENSSL_NO_OCB static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX, ctx); if (!iv && !key) return 1; if (key) { @@ -706,17 +707,16 @@ * decrypt for an encryption operation. */ aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); + &octx->ksenc.ks); aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); + &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) aes_t4_encrypt, - (block128_f) aes_t4_decrypt, - NULL)) + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f)aes_t4_encrypt, + (block128_f)aes_t4_decrypt, + NULL)) return 0; - } - while (0); + } while (0); /* * If we have an iv we can set it directly, otherwise use saved IV. @@ -741,64 +741,72 @@ return 1; } -# define aes_t4_ocb_cipher aes_ocb_cipher +#define aes_t4_ocb_cipher aes_ocb_cipher static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# endif /* OPENSSL_NO_OCB */ - -# ifndef OPENSSL_NO_SIV -# define aes_t4_siv_init_key aes_siv_init_key -# define aes_t4_siv_cipher aes_siv_cipher -# endif /* OPENSSL_NO_SIV */ - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_t4_init_key, \ - aes_t4_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } - -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_t4_##mode##_init_key, \ - aes_t4_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } + const unsigned char *in, size_t len); +#endif /* OPENSSL_NO_OCB */ + +#ifndef OPENSSL_NO_SIV +#define aes_t4_siv_init_key aes_siv_init_key +#define aes_t4_siv_cipher aes_siv_cipher +#endif /* OPENSSL_NO_SIV */ + +#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \ + static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_t4_init_key, \ + aes_t4_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, \ + keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { \ + return SPARC_AES_CAPABLE ? &aes_t4_##keylen##_##mode : &aes_##keylen##_##mode; \ + } + +#define BLOCK_CIPHER_custom(nid, keylen, blocksize, ivlen, mode, MODE, flags) \ + static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ + nid##_##keylen##_##mode, blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE || EVP_CIPH_##MODE##_MODE == EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_t4_##mode##_init_key, \ + aes_t4_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL, NULL, aes_##mode##_ctrl, NULL \ + }; \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode, blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE || EVP_CIPH_##MODE##_MODE == EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL, NULL, aes_##mode##_ctrl, NULL \ + }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { \ + return SPARC_AES_CAPABLE ? &aes_t4_##keylen##_##mode : &aes_##keylen##_##mode; \ + } #elif defined(S390X_aes_128_CAPABLE) /* IBM S390X support */ @@ -895,7 +903,7 @@ int kreslen; int tls_aad_len; - uint64_t tls_enc_records; /* Number of TLS records encrypted */ + uint64_t tls_enc_records; /* Number of TLS records encrypted */ } S390X_AES_GCM_CTX; typedef struct { @@ -950,21 +958,21 @@ } aes; } S390X_AES_CCM_CTX; -# define s390x_aes_init_key aes_init_key +#define s390x_aes_init_key aes_init_key static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); -# define S390X_AES_CBC_CTX EVP_AES_KEY +#define S390X_AES_CBC_CTX EVP_AES_KEY -# define s390x_aes_cbc_init_key aes_init_key +#define s390x_aes_cbc_init_key aes_init_key -# define s390x_aes_cbc_cipher aes_cbc_cipher +#define s390x_aes_cbc_cipher aes_cbc_cipher static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *key, + const unsigned char *iv, int enc) { S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); @@ -978,7 +986,7 @@ } static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); @@ -987,8 +995,8 @@ } static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *ivec, int enc) + const unsigned char *key, + const unsigned char *ivec, int enc) { S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); const unsigned char *iv = ctx->oiv; @@ -1002,7 +1010,7 @@ } static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); @@ -1031,7 +1039,7 @@ if (rem) { s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc, - cctx->kmo.param.k); + cctx->kmo.param.k); while (rem--) { out[n] = in[n] ^ cctx->kmo.param.cv[n]; @@ -1045,8 +1053,8 @@ } static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *ivec, int enc) + const unsigned char *key, + const unsigned char *ivec, int enc) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const unsigned char *iv = ctx->oiv; @@ -1054,7 +1062,7 @@ const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); cctx->fc = S390X_AES_FC(keylen); - cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */ + cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */ if (!enc) cctx->fc |= S390X_DECRYPT; @@ -1064,7 +1072,7 @@ } static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); @@ -1098,7 +1106,7 @@ if (rem) { s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv, - S390X_AES_FC(keylen), cctx->kmf.param.k); + S390X_AES_FC(keylen), cctx->kmf.param.k); while (rem--) { tmp = in[n]; @@ -1114,8 +1122,8 @@ } static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *ivec, int enc) + const unsigned char *key, + const unsigned char *ivec, int enc) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const unsigned char *iv = ctx->oiv; @@ -1123,7 +1131,7 @@ const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); cctx->fc = S390X_AES_FC(keylen); - cctx->fc |= 1 << 24; /* 1 byte cipher feedback */ + cctx->fc |= 1 << 24; /* 1 byte cipher feedback */ if (!enc) cctx->fc |= S390X_DECRYPT; @@ -1133,7 +1141,7 @@ } static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); @@ -1145,29 +1153,29 @@ return 1; } -# define s390x_aes_cfb1_init_key aes_init_key +#define s390x_aes_cfb1_init_key aes_init_key -# define s390x_aes_cfb1_cipher aes_cfb1_cipher +#define s390x_aes_cfb1_cipher aes_cfb1_cipher static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define S390X_AES_CTR_CTX EVP_AES_KEY +#define S390X_AES_CTR_CTX EVP_AES_KEY -# define s390x_aes_ctr_init_key aes_init_key +#define s390x_aes_ctr_init_key aes_init_key -# define s390x_aes_ctr_cipher aes_ctr_cipher +#define s390x_aes_ctr_cipher aes_ctr_cipher static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); /* iv + padding length for iv lengths != 12 */ -# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) +#define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) /*- * Process additional authenticated data. Returns 0 on success. Code is * big-endian. */ static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad, - size_t len) + size_t len) { unsigned long long alen; int n, rem; @@ -1221,7 +1229,7 @@ * success. Code is big-endian. */ static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { const unsigned char *inptr; unsigned long long mlen; @@ -1250,7 +1258,7 @@ /* ctx->mres contains a complete block if offset has wrapped around */ if (!n) { s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b, - ctx->fc | S390X_KMA_LAAD, &ctx->kma.param); + ctx->fc | S390X_KMA_LAAD, &ctx->kma.param); ctx->fc |= S390X_KMA_HS; ctx->areslen = 0; @@ -1273,7 +1281,7 @@ len &= ~(size_t)0xf; if (len) { s390x_kma(ctx->ares, ctx->areslen, in, len, out, - ctx->fc | S390X_KMA_LAAD, &ctx->kma.param); + ctx->fc | S390X_KMA_LAAD, &ctx->kma.param); in += len; out += len; ctx->fc |= S390X_KMA_HS; @@ -1309,7 +1317,7 @@ * Initialize context structure. Code is big-endian. */ static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx, - const unsigned char *iv) + const unsigned char *iv) { ctx->kma.param.t.g[0] = 0; ctx->kma.param.t.g[1] = 0; @@ -1327,7 +1335,7 @@ /* ctx->iv has the right size and is already padded. */ memcpy(ctx->iv, iv, ctx->ivlen); s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL, - ctx->fc, &ctx->kma.param); + ctx->fc, &ctx->kma.param); ctx->fc |= S390X_KMA_HS; ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0]; @@ -1516,8 +1524,8 @@ * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned. */ static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *key, + const unsigned char *iv, int enc) { S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); int keylen; @@ -1558,7 +1566,7 @@ * if successful. Otherwise -1 is returned. Code is big-endian. */ static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); @@ -1579,9 +1587,9 @@ goto err; } - if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN - : EVP_CTRL_GCM_SET_IV_INV, - EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) + if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) + <= 0) goto err; in += EVP_GCM_TLS_EXPLICIT_IV_LEN; @@ -1591,14 +1599,14 @@ gctx->kma.param.taadl = gctx->tls_aad_len << 3; gctx->kma.param.tpcl = len << 3; s390x_kma(buf, gctx->tls_aad_len, in, len, out, - gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param); + gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param); if (enc) { memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN); rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; } else { if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len, - EVP_GCM_TLS_TAG_LEN)) { + EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1617,7 +1625,7 @@ * written on success. Otherwise -1 is returned. Code is big-endian. */ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); unsigned char *buf, tmp[16]; @@ -1645,7 +1653,7 @@ gctx->kma.param.taadl <<= 3; gctx->kma.param.tpcl <<= 3; s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp, - gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param); + gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param); /* recall that we already did en-/decrypt gctx->mres * and returned it to caller... */ OPENSSL_cleanse(tmp, gctx->mreslen); @@ -1680,25 +1688,25 @@ return 1; } -# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX +#define S390X_AES_XTS_CTX EVP_AES_XTS_CTX -# define s390x_aes_xts_init_key aes_xts_init_key +#define s390x_aes_xts_init_key aes_xts_init_key static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc); -# define s390x_aes_xts_cipher aes_xts_cipher + const unsigned char *key, + const unsigned char *iv, int enc); +#define s390x_aes_xts_cipher aes_xts_cipher static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# define s390x_aes_xts_ctrl aes_xts_ctrl + const unsigned char *in, size_t len); +#define s390x_aes_xts_ctrl aes_xts_ctrl static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); -# define s390x_aes_xts_cleanup aes_xts_cleanup +#define s390x_aes_xts_cleanup aes_xts_cleanup /*- * Set nonce and length fields. Code is big-endian. */ static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx, - const unsigned char *nonce, - size_t mlen) + const unsigned char *nonce, + size_t mlen) { ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG; ctx->aes.ccm.nonce.g[1] = mlen; @@ -1709,7 +1717,7 @@ * Process additional authenticated data. Code is big-endian. */ static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad, - size_t alen) + size_t alen) { unsigned char *ptr; int i, rem; @@ -1726,7 +1734,7 @@ *(uint16_t *)ptr = alen; i = 2; } else if (sizeof(alen) == 8 - && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) { + && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) { *(uint16_t *)ptr = 0xffff; *(uint64_t *)(ptr + 2) = alen; i = 10; @@ -1750,7 +1758,7 @@ ctx->aes.ccm.kmac_param.icv.g[0] = 0; ctx->aes.ccm.kmac_param.icv.g[1] = 0; s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc, - &ctx->aes.ccm.kmac_param); + &ctx->aes.ccm.kmac_param); ctx->aes.ccm.blocks += 2; rem = alen & 0xf; @@ -1765,8 +1773,8 @@ ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i]; s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, - ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, - ctx->aes.ccm.kmac_param.k); + ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, + ctx->aes.ccm.kmac_param.k); ctx->aes.ccm.blocks++; } } @@ -1776,7 +1784,7 @@ * success. */ static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, int enc) + unsigned char *out, size_t len, int enc) { size_t n, rem; unsigned int i, l, num; @@ -1785,7 +1793,7 @@ flags = ctx->aes.ccm.nonce.b[0]; if (!(flags & S390X_CCM_AAD_FLAG)) { s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b, - ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k); + ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k); ctx->aes.ccm.blocks++; } l = flags & 0x7; @@ -1805,13 +1813,13 @@ ctx->aes.ccm.nonce.b[15] = 1; if (n != len) - return -1; /* length mismatch */ + return -1; /* length mismatch */ if (enc) { /* Two operations per block plus one for tag encryption */ ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1; if (ctx->aes.ccm.blocks > (1ULL << 61)) - return -2; /* too much data */ + return -2; /* too much data */ } num = 0; @@ -1827,18 +1835,18 @@ ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i]; s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, - ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, - ctx->aes.ccm.kmac_param.k); + ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, + ctx->aes.ccm.kmac_param.k); } CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k, - ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, - &num, (ctr128_f)AES_ctr32_encrypt); + ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, + &num, (ctr128_f)AES_ctr32_encrypt); } else { /* decrypt-then-mac */ CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k, - ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, - &num, (ctr128_f)AES_ctr32_encrypt); + ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, + &num, (ctr128_f)AES_ctr32_encrypt); if (len) s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); @@ -1847,8 +1855,8 @@ ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i]; s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, - ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, - ctx->aes.ccm.kmac_param.k); + ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, + ctx->aes.ccm.kmac_param.k); } } /* encrypt tag */ @@ -1856,11 +1864,11 @@ ctx->aes.ccm.nonce.b[i] = 0; s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc, - ctx->aes.ccm.kmac_param.k); + ctx->aes.ccm.kmac_param.k); ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0]; ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1]; - ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */ + ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */ return 0; } @@ -1869,7 +1877,7 @@ * if successful. Otherwise -1 is returned. */ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); unsigned char *ivec = ctx->iv; @@ -1877,7 +1885,7 @@ const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); if (out != in - || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) + || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) return -1; if (enc) { @@ -1908,7 +1916,7 @@ } else { if (!s390x_aes_ccm(cctx, in, out, len, enc)) { if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len, - cctx->aes.ccm.m)) + cctx->aes.ccm.m)) return len; } @@ -1922,8 +1930,8 @@ * returned. */ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *key, + const unsigned char *iv, int enc) { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); int keylen; @@ -1938,9 +1946,9 @@ /* Store encoded m and l. */ cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) - | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; + | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; memset(cctx->aes.ccm.nonce.b + 1, 0, - sizeof(cctx->aes.ccm.nonce.b)); + sizeof(cctx->aes.ccm.nonce.b)); cctx->aes.ccm.blocks = 0; cctx->aes.ccm.key_set = 1; @@ -1962,7 +1970,7 @@ * written on success. Otherwise -1 is returned. */ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); @@ -2031,7 +2039,7 @@ if (!s390x_aes_ccm(cctx, in, out, len, enc)) { buf = EVP_CIPHER_CTX_buf_noconst(ctx); if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf, - cctx->aes.ccm.m)) + cctx->aes.ccm.m)) rv = len; } @@ -2143,7 +2151,7 @@ if (!enc || !cctx->aes.ccm.tag_set) return 0; - if(arg < cctx->aes.ccm.m) + if (arg < cctx->aes.ccm.m) return 0; memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); @@ -2160,155 +2168,159 @@ } } -# define s390x_aes_ccm_cleanup aes_ccm_cleanup +#define s390x_aes_ccm_cleanup aes_ccm_cleanup -# ifndef OPENSSL_NO_OCB -# define S390X_AES_OCB_CTX EVP_AES_OCB_CTX +#ifndef OPENSSL_NO_OCB +#define S390X_AES_OCB_CTX EVP_AES_OCB_CTX -# define s390x_aes_ocb_init_key aes_ocb_init_key +#define s390x_aes_ocb_init_key aes_ocb_init_key static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -# define s390x_aes_ocb_cipher aes_ocb_cipher + const unsigned char *iv, int enc); +#define s390x_aes_ocb_cipher aes_ocb_cipher static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# define s390x_aes_ocb_cleanup aes_ocb_cleanup + const unsigned char *in, size_t len); +#define s390x_aes_ocb_cleanup aes_ocb_cleanup static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *); -# define s390x_aes_ocb_ctrl aes_ocb_ctrl +#define s390x_aes_ocb_ctrl aes_ocb_ctrl static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); -# endif - -# ifndef OPENSSL_NO_SIV -# define S390X_AES_SIV_CTX EVP_AES_SIV_CTX - -# define s390x_aes_siv_init_key aes_siv_init_key -# define s390x_aes_siv_cipher aes_siv_cipher -# define s390x_aes_siv_cleanup aes_siv_cleanup -# define s390x_aes_siv_ctrl aes_siv_ctrl -# endif - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \ - MODE,flags) \ -static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - s390x_aes_##mode##_init_key, \ - s390x_aes_##mode##_cipher, \ - NULL, \ - sizeof(S390X_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - NULL, \ - NULL \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode, \ - blocksize, \ - keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL, \ - NULL, \ - NULL, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ \ - return S390X_aes_##keylen##_##mode##_CAPABLE ? \ - &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ -} - -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\ -static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode, \ - blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - s390x_aes_##mode##_init_key, \ - s390x_aes_##mode##_cipher, \ - s390x_aes_##mode##_cleanup, \ - sizeof(S390X_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - s390x_aes_##mode##_ctrl, \ - NULL \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - aes_##mode##_ctrl, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ \ - return S390X_aes_##keylen##_##mode##_CAPABLE ? \ - &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ -} +#endif + +#ifndef OPENSSL_NO_SIV +#define S390X_AES_SIV_CTX EVP_AES_SIV_CTX + +#define s390x_aes_siv_init_key aes_siv_init_key +#define s390x_aes_siv_cipher aes_siv_cipher +#define s390x_aes_siv_cleanup aes_siv_cleanup +#define s390x_aes_siv_ctrl aes_siv_ctrl +#endif + +#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, \ + MODE, flags) \ + static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, \ + keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher, \ + NULL, \ + sizeof(S390X_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + NULL, \ + NULL \ + }; \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, \ + blocksize, \ + keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL, \ + NULL, \ + NULL, \ + NULL \ + }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { \ + return S390X_aes_##keylen##_##mode##_CAPABLE ? &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ + } + +#define BLOCK_CIPHER_custom(nid, keylen, blocksize, ivlen, mode, MODE, flags) \ + static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode, \ + blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE || EVP_CIPH_##MODE##_MODE == EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher, \ + s390x_aes_##mode##_cleanup, \ + sizeof(S390X_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + s390x_aes_##mode##_ctrl, \ + NULL \ + }; \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode, blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE || EVP_CIPH_##MODE##_MODE == EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + aes_##mode##_ctrl, \ + NULL \ + }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { \ + return S390X_aes_##keylen##_##mode##_CAPABLE ? &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ + } #else -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return &aes_##keylen##_##mode; } - -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return &aes_##keylen##_##mode; } +#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { \ + return &aes_##keylen##_##mode; \ + } + +#define BLOCK_CIPHER_custom(nid, keylen, blocksize, ivlen, mode, MODE, flags) \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode, blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE || EVP_CIPH_##MODE##_MODE == EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL, NULL, aes_##mode##_ctrl, NULL \ + }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { \ + return &aes_##keylen##_##mode; \ + } #endif -#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) +#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ret, mode; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); mode = EVP_CIPHER_CTX_get_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) @@ -2316,91 +2328,87 @@ #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { ret = HWAES_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) HWAES_decrypt; + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks.ks); + dat->block = (block128_f)HWAES_decrypt; dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt +#ifdef HWAES_cbc_encrypt if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; -# endif + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; +#endif } else #endif #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { + if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { ret = AES_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) AES_decrypt; - dat->stream.cbc = (cbc128_f) ossl_bsaes_cbc_encrypt; + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks.ks); + dat->block = (block128_f)AES_decrypt; + dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt; } else #endif #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { ret = vpaes_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) vpaes_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) vpaes_cbc_encrypt : NULL; + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks.ks); + dat->block = (block128_f)vpaes_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)vpaes_cbc_encrypt : NULL; } else #endif { ret = AES_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) AES_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) AES_cbc_encrypt : NULL; + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks.ks); + dat->block = (block128_f)AES_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)AES_cbc_encrypt : NULL; } } else #ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { + if (HWAES_CAPABLE) { ret = HWAES_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) HWAES_encrypt; + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks.ks); + dat->block = (block128_f)HWAES_encrypt; dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt +#ifdef HWAES_cbc_encrypt if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; else -# endif -# ifdef HWAES_ctr32_encrypt_blocks - if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; +#endif +#ifdef HWAES_ctr32_encrypt_blocks + if (mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; else -# endif - (void)0; /* terminate potentially open 'else' */ +#endif + (void)0; /* terminate potentially open 'else' */ } else #endif #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { + if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) AES_encrypt; - dat->stream.ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks; + &dat->ks.ks); + dat->block = (block128_f)AES_encrypt; + dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks; } else #endif #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { ret = vpaes_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) vpaes_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) vpaes_cbc_encrypt : NULL; + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks.ks); + dat->block = (block128_f)vpaes_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)vpaes_cbc_encrypt : NULL; } else #endif { ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) AES_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) AES_cbc_encrypt : NULL; + &dat->ks.ks); + dat->block = (block128_f)AES_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)AES_cbc_encrypt : NULL; #ifdef AES_CTR_ASM if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt; + dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; #endif } @@ -2413,87 +2421,87 @@ } static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); if (dat->stream.cbc) - (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); else if (EVP_CIPHER_CTX_is_encrypting(ctx)) CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, - dat->block); + dat->block); else CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, - ctx->iv, dat->block); + ctx->iv, dat->block); return 1; } static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); size_t i; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); if (len < bl) return 1; for (i = 0, len -= bl; i <= len; i += bl) - (*dat->block) (in + i, out + i, &dat->ks); + (*dat->block)(in + i, out + i, &dat->ks); return 1; } static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, - ctx->iv, &num, dat->block); + ctx->iv, &num, dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } @@ -2501,18 +2509,18 @@ while (len >= MAXBITCHUNK) { int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); len -= MAXBITCHUNK; out += MAXBITCHUNK; - in += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) { int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); } @@ -2520,11 +2528,11 @@ } static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int n = EVP_CIPHER_CTX_get_num(ctx); unsigned int num; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY, ctx); if (n < 0) return 0; @@ -2532,25 +2540,25 @@ if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, - ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), - &num, dat->stream.ctr); + ctx->iv, + EVP_CIPHER_CTX_buf_noconst(ctx), + &num, dat->stream.ctr); else CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, - ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - dat->block); + ctx->iv, + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) - BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) - BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) +BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) +BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c); if (gctx == NULL) return 0; OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); @@ -2561,7 +2569,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c); switch (type) { case EVP_CTRL_INIT: gctx->key_set = 0; @@ -2674,37 +2682,35 @@ /* Extra padding: tag appended to record */ return EVP_GCM_TLS_TAG_LEN; - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out); - if (gctx->gcm.key) { - if (gctx->gcm.key != &gctx->ks) - return 0; - gctx_out->gcm.key = &gctx_out->ks; - } - if (gctx->iv == c->iv) - gctx_out->iv = out->iv; - else { - if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); + case EVP_CTRL_COPY: { + EVP_CIPHER_CTX *out = ptr; + EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX, out); + if (gctx->gcm.key) { + if (gctx->gcm.key != &gctx->ks) + return 0; + gctx_out->gcm.key = &gctx_out->ks; + } + if (gctx->iv == c->iv) + gctx_out->iv = out->iv; + else { + if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + return 0; } - return 1; + memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); } + return 1; + } default: return -1; - } } static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, ctx); if (!iv && !key) return 1; if (key) { @@ -2713,40 +2719,40 @@ if (HWAES_CAPABLE) { HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) HWAES_encrypt); -# ifdef HWAES_ctr32_encrypt_blocks - gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; -# else + (block128_f)HWAES_encrypt); +#ifdef HWAES_ctr32_encrypt_blocks + gctx->ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; +#else gctx->ctr = NULL; -# endif +#endif break; } else #endif #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) { + if (BSAES_CAPABLE) { AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) AES_encrypt); - gctx->ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks; + (block128_f)AES_encrypt); + gctx->ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks; break; } else #endif #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) vpaes_encrypt); + (block128_f)vpaes_encrypt); gctx->ctr = NULL; break; } else #endif - (void)0; /* terminate potentially open 'else' */ + (void)0; /* terminate potentially open 'else' */ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) AES_encrypt); + (block128_f)AES_encrypt); #ifdef AES_CTR_ASM - gctx->ctr = (ctr128_f) AES_ctr32_encrypt; + gctx->ctr = (ctr128_f)AES_ctr32_encrypt; #else gctx->ctr = NULL; #endif @@ -2782,9 +2788,9 @@ */ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, ctx); int rv = -1; /* Encrypt/decrypt must be performed in place */ if (out != in @@ -2806,9 +2812,9 @@ * Set IV from start of buffer or generate IV and write to start of * buffer. */ - if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN - : EVP_CTRL_GCM_SET_IV_INV, - EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) + if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) + <= 0) goto err; /* Use saved AAD */ if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) @@ -2827,15 +2833,15 @@ return -1; bulk = AES_gcm_encrypt(in, out, len, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); + gctx->gcm.key, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; } #endif if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, - len - bulk, gctx->ctr)) + in + bulk, + out + bulk, + len - bulk, gctx->ctr)) goto err; } else { size_t bulk = 0; @@ -2845,13 +2851,13 @@ return -1; bulk = AES_gcm_encrypt(in, out, len, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); + gctx->gcm.key, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; } #endif if (CRYPTO_gcm128_encrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) + in + bulk, out + bulk, len - bulk)) goto err; } out += len; @@ -2868,15 +2874,15 @@ return -1; bulk = AES_gcm_decrypt(in, out, len, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); + gctx->gcm.key, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; } #endif if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, - len - bulk, gctx->ctr)) + in + bulk, + out + bulk, + len - bulk, gctx->ctr)) goto err; } else { size_t bulk = 0; @@ -2886,13 +2892,13 @@ return -1; bulk = AES_gcm_decrypt(in, out, len, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); + gctx->gcm.key, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; } #endif if (CRYPTO_gcm128_decrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) + in + bulk, out + bulk, len - bulk)) goto err; } /* Retrieve tag */ @@ -2905,7 +2911,7 @@ rv = len; } - err: +err: gctx->iv_set = 0; gctx->tls_aad_len = -1; return rv; @@ -2936,9 +2942,9 @@ #endif /* FIPS_MODULE */ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, ctx); /* If not set up, return error */ if (!gctx->key_set) @@ -2981,17 +2987,17 @@ return -1; bulk = AES_gcm_encrypt(in + res, - out + res, len - res, - gctx->gcm.key, gctx->gcm.Yi.c, - gctx->gcm.Xi.u); + out + res, len - res, + gctx->gcm.key, gctx->gcm.Yi.c, + gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; bulk += res; } #endif if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, - len - bulk, gctx->ctr)) + in + bulk, + out + bulk, + len - bulk, gctx->ctr)) return -1; } else { size_t bulk = 0; @@ -3003,15 +3009,15 @@ return -1; bulk = AES_gcm_encrypt(in + res, - out + res, len - res, - gctx->gcm.key, gctx->gcm.Yi.c, - gctx->gcm.Xi.u); + out + res, len - res, + gctx->gcm.key, gctx->gcm.Yi.c, + gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; bulk += res; } #endif if (CRYPTO_gcm128_encrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) + in + bulk, out + bulk, len - bulk)) return -1; } } else { @@ -3025,17 +3031,17 @@ return -1; bulk = AES_gcm_decrypt(in + res, - out + res, len - res, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); + out + res, len - res, + gctx->gcm.key, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; bulk += res; } #endif if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, - len - bulk, gctx->ctr)) + in + bulk, + out + bulk, + len - bulk, gctx->ctr)) return -1; } else { size_t bulk = 0; @@ -3047,15 +3053,15 @@ return -1; bulk = AES_gcm_decrypt(in + res, - out + res, len - res, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); + out + res, len - res, + gctx->gcm.key, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; bulk += res; } #endif if (CRYPTO_gcm128_decrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) + in + bulk, out + bulk, len - bulk)) return -1; } } @@ -3075,20 +3081,19 @@ gctx->iv_set = 0; return 0; } - } -#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH) +#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH) BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { @@ -3096,7 +3101,7 @@ if (type == EVP_CTRL_COPY) { EVP_CIPHER_CTX *out = ptr; - EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out); + EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX, out); if (xctx->xts.key1) { if (xctx->xts.key1 != &xctx->ks1) @@ -3118,9 +3123,9 @@ } static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, ctx); if (!iv && !key) return 1; @@ -3148,7 +3153,7 @@ * data with them." */ if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ERR_raise(ERR_LIB_EVP, EVP_R_XTS_DUPLICATED_KEYS); return 0; } @@ -3163,59 +3168,59 @@ if (HWAES_CAPABLE) { if (enc) { HWAES_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_encrypt; -# ifdef HWAES_xts_encrypt + xctx->xts.block1 = (block128_f)HWAES_encrypt; +#ifdef HWAES_xts_encrypt xctx->stream = HWAES_xts_encrypt; -# endif +#endif } else { HWAES_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_decrypt; -# ifdef HWAES_xts_decrypt + xctx->xts.block1 = (block128_f)HWAES_decrypt; +#ifdef HWAES_xts_decrypt xctx->stream = HWAES_xts_decrypt; #endif } HWAES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) HWAES_encrypt; + xctx->xts.block2 = (block128_f)HWAES_encrypt; xctx->xts.key1 = &xctx->ks1; break; } else #endif #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) + if (BSAES_CAPABLE) xctx->stream = enc ? ossl_bsaes_xts_encrypt : ossl_bsaes_xts_decrypt; else #endif #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { if (enc) { vpaes_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_encrypt; + xctx->xts.block1 = (block128_f)vpaes_encrypt; } else { vpaes_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_decrypt; + xctx->xts.block1 = (block128_f)vpaes_decrypt; } vpaes_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) vpaes_encrypt; + xctx->xts.block2 = (block128_f)vpaes_encrypt; xctx->xts.key1 = &xctx->ks1; break; } else #endif - (void)0; /* terminate potentially open 'else' */ + (void)0; /* terminate potentially open 'else' */ if (enc) { AES_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_encrypt; + xctx->xts.block1 = (block128_f)AES_encrypt; } else { AES_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_decrypt; + xctx->xts.block1 = (block128_f)AES_decrypt; } AES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) AES_encrypt; + xctx->xts.block2 = (block128_f)AES_encrypt; xctx->xts.key1 = &xctx->ks1; } while (0); @@ -3230,15 +3235,15 @@ } static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, ctx); if (xctx->xts.key1 == NULL - || xctx->xts.key2 == NULL - || out == NULL - || in == NULL - || len < AES_BLOCK_SIZE) + || xctx->xts.key2 == NULL + || out == NULL + || in == NULL + || len < AES_BLOCK_SIZE) return 0; /* @@ -3253,27 +3258,27 @@ } if (xctx->stream) - (*xctx->stream) (in, out, len, - xctx->xts.key1, xctx->xts.key2, - ctx->iv); + (*xctx->stream)(in, out, len, + xctx->xts.key1, xctx->xts.key2, + ctx->iv); else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, - EVP_CIPHER_CTX_is_encrypting(ctx))) + EVP_CIPHER_CTX_is_encrypting(ctx))) return 0; return 1; } #define aes_xts_cleanup NULL -#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) +#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY) BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c); + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, c); switch (type) { case EVP_CTRL_INIT: cctx->key_set = 0; @@ -3296,8 +3301,7 @@ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); cctx->tls_aad_len = arg; { - uint16_t len = - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 + uint16_t len = EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; /* Correct length for explicit IV */ if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) @@ -3354,28 +3358,26 @@ cctx->len_set = 0; return 1; - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out); - if (cctx->ccm.key) { - if (cctx->ccm.key != &cctx->ks) - return 0; - cctx_out->ccm.key = &cctx_out->ks; - } - return 1; + case EVP_CTRL_COPY: { + EVP_CIPHER_CTX *out = ptr; + EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX, out); + if (cctx->ccm.key) { + if (cctx->ccm.key != &cctx->ks) + return 0; + cctx_out->ccm.key = &cctx_out->ks; } + return 1; + } default: return -1; - } } static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, ctx); if (!iv && !key) return 1; if (key) @@ -3383,32 +3385,32 @@ #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { HWAES_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) HWAES_encrypt); + &cctx->ks, (block128_f)HWAES_encrypt); cctx->str = NULL; cctx->key_set = 1; break; } else #endif #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { vpaes_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) vpaes_encrypt); + &cctx->ks, (block128_f)vpaes_encrypt); cctx->str = NULL; cctx->key_set = 1; break; } #endif AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) AES_encrypt); + &cctx->ks, (block128_f)AES_encrypt); cctx->str = NULL; cctx->key_set = 1; } while (0); @@ -3420,9 +3422,9 @@ } static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, ctx); CCM128_CONTEXT *ccm = &cctx->ccm; /* Encrypt/decrypt must be performed in place */ if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) @@ -3430,33 +3432,33 @@ /* If encrypting set explicit IV from sequence number (start of AAD) */ if (EVP_CIPHER_CTX_is_encrypting(ctx)) memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), - EVP_CCM_TLS_EXPLICIT_IV_LEN); + EVP_CCM_TLS_EXPLICIT_IV_LEN); /* Get rest of IV from explicit IV */ memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, - EVP_CCM_TLS_EXPLICIT_IV_LEN); + EVP_CCM_TLS_EXPLICIT_IV_LEN); /* Correct length value */ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, - len)) - return -1; + len)) + return -1; /* Use saved AAD */ CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), - cctx->tls_aad_len); + cctx->tls_aad_len); /* Fix buffer to point to payload */ in += EVP_CCM_TLS_EXPLICIT_IV_LEN; out += EVP_CCM_TLS_EXPLICIT_IV_LEN; if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, - cctx->str) : - CRYPTO_ccm128_encrypt(ccm, in, out, len)) + cctx->str) + : CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) return -1; return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; } else { if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, - cctx->str) : - !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { + cctx->str) + : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, in + len, cctx->M)) @@ -3469,9 +3471,9 @@ } static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, ctx); CCM128_CONTEXT *ccm = &cctx->ccm; /* If not set up, return error */ if (!cctx->key_set) @@ -3490,7 +3492,7 @@ if (!out) { if (!in) { if (CRYPTO_ccm128_setiv(ccm, ctx->iv, - 15 - cctx->L, len)) + 15 - cctx->L, len)) return -1; cctx->len_set = 1; return len; @@ -3514,20 +3516,20 @@ } if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, - cctx->str) : - CRYPTO_ccm128_encrypt(ccm, in, out, len)) + cctx->str) + : CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; cctx->tag_set = 1; return len; } else { int rv = -1; if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, - cctx->str) : - !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { + cctx->str) + : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), - cctx->M)) + cctx->M)) rv = len; } } @@ -3543,11 +3545,11 @@ #define aes_ccm_cleanup NULL BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) typedef struct { union { @@ -3559,20 +3561,20 @@ } EVP_AES_WRAP_CTX; static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int len; - EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); + EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX, ctx); if (iv == NULL && key == NULL) return 1; if (key != NULL) { if (EVP_CIPHER_CTX_is_encrypting(ctx)) AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &wctx->ks.ks); + &wctx->ks.ks); else AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &wctx->ks.ks); + &wctx->ks.ks); if (iv == NULL) wctx->iv = NULL; } @@ -3586,9 +3588,9 @@ } static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inlen) + const unsigned char *in, size_t inlen) { - EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); + EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX, ctx); size_t rv; /* AES wrap with padding has IV length of 4, without padding 8 */ int pad = EVP_CIPHER_CTX_get_iv_length(ctx) == 4; @@ -3627,26 +3629,26 @@ if (pad) { if (EVP_CIPHER_CTX_is_encrypting(ctx)) rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, - out, in, inlen, - (block128_f) AES_encrypt); + out, in, inlen, + (block128_f)AES_encrypt); else rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, - out, in, inlen, - (block128_f) AES_decrypt); + out, in, inlen, + (block128_f)AES_decrypt); } else { if (EVP_CIPHER_CTX_is_encrypting(ctx)) rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, - out, in, inlen, (block128_f) AES_encrypt); + out, in, inlen, (block128_f)AES_encrypt); else rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, - out, in, inlen, (block128_f) AES_decrypt); + out, in, inlen, (block128_f)AES_decrypt); } return rv ? (int)rv : -1; } -#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) +#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) static const EVP_CIPHER aes_128_wrap = { NID_id_aes128_wrap, @@ -3735,7 +3737,7 @@ #ifndef OPENSSL_NO_OCB static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX, c); EVP_CIPHER_CTX *newc; EVP_AES_OCB_CTX *new_octx; @@ -3785,21 +3787,20 @@ case EVP_CTRL_COPY: newc = (EVP_CIPHER_CTX *)ptr; - new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc); + new_octx = EVP_C_DATA(EVP_AES_OCB_CTX, newc); return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, - &new_octx->ksenc.ks, - &new_octx->ksdec.ks); + &new_octx->ksenc.ks, + &new_octx->ksdec.ks); default: return -1; - } } static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX, ctx); if (!iv && !key) return 1; if (key) { @@ -3809,51 +3810,50 @@ * needs both. We could possibly optimise to remove setting the * decrypt for an encryption operation. */ -# ifdef HWAES_CAPABLE +#ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); + &octx->ksenc.ks); HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); + &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) HWAES_encrypt, - (block128_f) HWAES_decrypt, - enc ? HWAES_ocb_encrypt - : HWAES_ocb_decrypt)) + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f)HWAES_encrypt, + (block128_f)HWAES_decrypt, + enc ? HWAES_ocb_encrypt + : HWAES_ocb_decrypt)) return 0; break; } -# endif -# ifdef VPAES_CAPABLE +#endif +#ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { vpaes_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &octx->ksenc.ks); vpaes_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) vpaes_encrypt, - (block128_f) vpaes_decrypt, - NULL)) + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f)vpaes_encrypt, + (block128_f)vpaes_decrypt, + NULL)) return 0; break; } -# endif +#endif AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); + &octx->ksenc.ks); AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); + &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) AES_encrypt, - (block128_f) AES_decrypt, - NULL)) + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f)AES_encrypt, + (block128_f)AES_decrypt, + NULL)) return 0; - } - while (0); + } while (0); /* * If we have an iv we can set it directly, otherwise use saved IV. @@ -3879,13 +3879,13 @@ } static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { unsigned char *buf; int *buf_len; int written_len = 0; size_t trailing_len; - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX, ctx); /* If IV or Key not set then return error */ if (!octx->iv_set) @@ -3941,11 +3941,11 @@ return -1; } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out, - AES_BLOCK_SIZE)) + AES_BLOCK_SIZE)) return -1; } else { if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out, - AES_BLOCK_SIZE)) + AES_BLOCK_SIZE)) return -1; } written_len = AES_BLOCK_SIZE; @@ -3965,12 +3965,10 @@ if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len)) return -1; } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (!CRYPTO_ocb128_encrypt - (&octx->ocb, in, out, len - trailing_len)) + if (!CRYPTO_ocb128_encrypt(&octx->ocb, in, out, len - trailing_len)) return -1; } else { - if (!CRYPTO_ocb128_decrypt - (&octx->ocb, in, out, len - trailing_len)) + if (!CRYPTO_ocb128_decrypt(&octx->ocb, in, out, len - trailing_len)) return -1; } written_len += len - trailing_len; @@ -3992,19 +3990,18 @@ if (octx->data_buf_len > 0) { if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out, - octx->data_buf_len)) + octx->data_buf_len)) return -1; } else { if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out, - octx->data_buf_len)) + octx->data_buf_len)) return -1; } written_len = octx->data_buf_len; octx->data_buf_len = 0; } if (octx->aad_buf_len > 0) { - if (!CRYPTO_ocb128_aad - (&octx->ocb, octx->aad_buf, octx->aad_buf_len)) + if (!CRYPTO_ocb128_aad(&octx->ocb, octx->aad_buf, octx->aad_buf_len)) return -1; octx->aad_buf_len = 0; } @@ -4013,7 +4010,8 @@ if (octx->taglen < 0) return -1; if (CRYPTO_ocb128_finish(&octx->ocb, - octx->tag, octx->taglen) != 0) + octx->tag, octx->taglen) + != 0) return -1; octx->iv_set = 0; return written_len; @@ -4029,15 +4027,15 @@ static int aes_ocb_cleanup(EVP_CIPHER_CTX *c) { - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX, c); CRYPTO_ocb128_cleanup(&octx->ocb); return 1; } BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -#endif /* OPENSSL_NO_OCB */ + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +#endif /* OPENSSL_NO_OCB */ --- crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c.orig +++ crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -31,58 +31,56 @@ typedef struct { AES_KEY ks; SHA_CTX head, tail, md; - size_t payload_length; /* AAD length in decrypt case */ + size_t payload_length; /* AAD length in decrypt case */ union { unsigned int tls_ver; unsigned char tls_aad[16]; /* 13 used */ } aux; } EVP_AES_HMAC_SHA1; -#define NO_PAYLOAD_LENGTH ((size_t)-1) +#define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) +#if defined(AES_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) -# define AESNI_CAPABLE (1<<(57-32)) +#define AESNI_CAPABLE (1 << (57 - 32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA_CTX *ctx, const void *in0); + const AES_KEY *key, unsigned char iv[16], + SHA_CTX *ctx, const void *in0); void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA_CTX *ctx, const void *in0); + const AES_KEY *key, unsigned char iv[16], + SHA_CTX *ctx, const void *in0); -# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) +#define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, - const unsigned char *iv, int enc) + const unsigned char *inkey, + const unsigned char *iv, int enc) { EVP_AES_HMAC_SHA1 *key = data(ctx); int ret; if (enc) ret = aesni_set_encrypt_key(inkey, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &key->ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &key->ks); else ret = aesni_set_decrypt_key(inkey, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &key->ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &key->ks); - SHA1_Init(&key->head); /* handy when benchmarking */ + SHA1_Init(&key->head); /* handy when benchmarking */ key->tail = key->head; key->md = key->head; @@ -91,12 +89,12 @@ return ret < 0 ? 0 : 1; } -# define STITCHED_CALL -# undef STITCHED_DECRYPT_CALL +#define STITCHED_CALL +#undef STITCHED_DECRYPT_CALL -# if !defined(STITCHED_CALL) -# define aes_off 0 -# endif +#if !defined(STITCHED_CALL) +#define aes_off 0 +#endif void sha1_block_data_order(void *c, const void *p, size_t len); @@ -131,12 +129,12 @@ SHA1_Update(c, ptr, res); } -# ifdef SHA1_Update -# undef SHA1_Update -# endif -# define SHA1_Update sha1_update +#ifdef SHA1_Update +#undef SHA1_Update +#endif +#define SHA1_Update sha1_update -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) typedef struct { unsigned int A[8], B[8], C[8], D[8], E[8]; @@ -158,10 +156,10 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - unsigned char *out, - const unsigned char *inp, - size_t inp_len, int n4x) -{ /* n4x is 1 or 2 */ + unsigned char *out, + const unsigned char *inp, + size_t inp_len, int n4x) +{ /* n4x is 1 or 2 */ HASH_DESC hash_d[8], edges[8]; CIPH_DESC ciph_d[8]; unsigned char storage[sizeof(SHA1_MB_CTX) + 32]; @@ -171,19 +169,18 @@ u8 c[128]; } blocks[8]; SHA1_MB_CTX *ctx; - unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = - 0; + unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = 0; size_t ret = 0; u8 *IVs; -# if defined(BSWAP8) +#if defined(BSWAP8) u64 seqnum; -# endif +#endif /* ask for IVs in bulk */ if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) return 0; - ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */ + ctx = (SHA1_MB_CTX *)(storage + 32 - ((size_t)storage % 32)); /* align */ frag = (unsigned int)inp_len >> (1 + n4x); last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); @@ -211,15 +208,15 @@ IVs += 16; } -# if defined(BSWAP8) +#if defined(BSWAP8) memcpy(blocks[0].c, key->md.data, 8); seqnum = BSWAP8(blocks[0].q[0]); -# endif +#endif for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag); -# if !defined(BSWAP8) +#if !defined(BSWAP8) unsigned int carry, j; -# endif +#endif ctx->A[i] = key->md.h0; ctx->B[i] = key->md.h1; @@ -228,14 +225,14 @@ ctx->E[i] = key->md.h4; /* fix seqnum */ -# if defined(BSWAP8) +#if defined(BSWAP8) blocks[i].q[0] = BSWAP8(seqnum + i); -# else +#else for (carry = i, j = 8; j--;) { blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); } -# endif +#endif blocks[i].c[8] = ((u8 *)key->md.data)[8]; blocks[i].c[9] = ((u8 *)key->md.data)[9]; blocks[i].c[10] = ((u8 *)key->md.data)[10]; @@ -254,10 +251,10 @@ /* hash 13-byte headers and first 64-13 bytes of inputs */ sha1_multi_block(ctx, edges, n4x); /* hash bulk inputs */ -# define MAXCHUNKSIZE 2048 -# if MAXCHUNKSIZE%64 -# error "MAXCHUNKSIZE is not divisible by 64" -# elif MAXCHUNKSIZE +#define MAXCHUNKSIZE 2048 +#if MAXCHUNKSIZE % 64 +#error "MAXCHUNKSIZE is not divisible by 64" +#elif MAXCHUNKSIZE /* * goal is to minimize pressure on L1 cache by moving in shorter steps, * so that hashed data is still in the cache by the time we encrypt it @@ -286,34 +283,34 @@ minblocks -= MAXCHUNKSIZE / 64; } while (minblocks > MAXCHUNKSIZE / 64); } -# endif -# undef MAXCHUNKSIZE +#endif +#undef MAXCHUNKSIZE sha1_multi_block(ctx, hash_d, n4x); memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag), - off = hash_d[i].blocks * 64; + off = hash_d[i].blocks * 64; const unsigned char *ptr = hash_d[i].ptr + off; off = (len - processed) - (64 - 13) - off; /* remainder actually */ memcpy(blocks[i].c, ptr, off); blocks[i].c[off] = 0x80; - len += 64 + 13; /* 64 is HMAC header */ - len *= 8; /* convert to bits */ + len += 64 + 13; /* 64 is HMAC header */ + len *= 8; /* convert to bits */ if (off < (64 - 8)) { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[15] = BSWAP4(len); -# else +#else PUTU32(blocks[i].c + 60, len); -# endif +#endif edges[i].blocks = 1; } else { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[31] = BSWAP4(len); -# else +#else PUTU32(blocks[i].c + 124, len); -# endif +#endif edges[i].blocks = 2; } edges[i].ptr = blocks[i].c; @@ -324,7 +321,7 @@ memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[0] = BSWAP4(ctx->A[i]); ctx->A[i] = key->tail.h0; blocks[i].d[1] = BSWAP4(ctx->B[i]); @@ -337,7 +334,7 @@ ctx->E[i] = key->tail.h4; blocks[i].c[20] = 0x80; blocks[i].d[15] = BSWAP4((64 + 20) * 8); -# else +#else PUTU32(blocks[i].c + 0, ctx->A[i]); ctx->A[i] = key->tail.h0; PUTU32(blocks[i].c + 4, ctx->B[i]); @@ -350,7 +347,7 @@ ctx->E[i] = key->tail.h4; blocks[i].c[20] = 0x80; PUTU32(blocks[i].c + 60, (64 + 20) * 8); -# endif +#endif edges[i].ptr = blocks[i].c; edges[i].blocks = 1; } @@ -383,7 +380,7 @@ len += pad + 1; ciph_d[i].blocks = (len - processed) / 16; - len += 16; /* account for explicit iv */ + len += 16; /* account for explicit iv */ /* arrange header */ out0[0] = ((u8 *)key->md.data)[8]; @@ -403,21 +400,21 @@ return ret; } -# endif +#endif static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { EVP_AES_HMAC_SHA1 *key = data(ctx); unsigned int l; size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and * later */ sha_off = 0; -# if defined(STITCHED_CALL) +#if defined(STITCHED_CALL) size_t aes_off = 0, blocks; sha_off = SHA_CBLOCK - key->md.num; -# endif +#endif key->payload_length = NO_PAYLOAD_LENGTH; @@ -427,20 +424,18 @@ if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; - else if (len != - ((plen + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) + else if (len != ((plen + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) return 0; else if (key->aux.tls_ver >= TLS1_1_VERSION) iv = AES_BLOCK_SIZE; -# if defined(STITCHED_CALL) +#if defined(STITCHED_CALL) if (plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { SHA1_Update(&key->md, in + iv, sha_off); aesni_cbc_sha1_enc(in, out, blocks, &key->ks, ctx->iv, - &key->md, in + iv + sha_off); + &key->md, in + iv + sha_off); blocks *= SHA_CBLOCK; aes_off += blocks; sha_off += blocks; @@ -451,11 +446,11 @@ } else { sha_off = 0; } -# endif +#endif sha_off += iv; SHA1_Update(&key->md, in + sha_off, plen - sha_off); - if (plen != len) { /* "TLS" mode of operation */ + if (plen != len) { /* "TLS" mode of operation */ if (in != out) memcpy(out + aes_off, in + aes_off, plen - aes_off); @@ -471,10 +466,10 @@ out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, ctx->iv, 1); } else { aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, ctx->iv, 1); } } else { union { @@ -493,10 +488,10 @@ unsigned int u[SHA_LBLOCK]; unsigned char c[SHA_CBLOCK]; } *data = (void *)key->md.data; -# if defined(STITCHED_DECRYPT_CALL) +#if defined(STITCHED_DECRYPT_CALL) unsigned char tail_iv[AES_BLOCK_SIZE]; int stitch = 0; -# endif +#endif if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3]) >= TLS1_1_VERSION) { @@ -512,20 +507,20 @@ } else if (len < (SHA_DIGEST_LENGTH + 1)) return 0; -# if defined(STITCHED_DECRYPT_CALL) +#if defined(STITCHED_DECRYPT_CALL) if (len >= 1024 && ctx->key_len == 32) { /* decrypt last block */ memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE, - AES_BLOCK_SIZE); + AES_BLOCK_SIZE); aesni_cbc_encrypt(in + len - AES_BLOCK_SIZE, - out + len - AES_BLOCK_SIZE, AES_BLOCK_SIZE, - &key->ks, tail_iv, 0); + out + len - AES_BLOCK_SIZE, AES_BLOCK_SIZE, + &key->ks, tail_iv, 0); stitch = 1; } else -# endif +#endif /* decrypt HMAC|padding at once */ aesni_cbc_encrypt(in, out, len, &key->ks, - ctx->iv, 0); + ctx->iv, 0); /* figure out payload length */ pad = out[len - 1]; @@ -552,7 +547,7 @@ key->md = key->head; SHA1_Update(&key->md, key->aux.tls_aad, plen); -# if defined(STITCHED_DECRYPT_CALL) +#if defined(STITCHED_DECRYPT_CALL) if (stitch) { blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK; aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK; @@ -562,8 +557,8 @@ SHA1_Update(&key->md, out, sha_off); aesni256_cbc_sha1_dec(in + aes_off, - out + aes_off, blocks, &key->ks, - ctx->iv, &key->md, out + sha_off); + out + aes_off, blocks, &key->ks, + ctx->iv, &key->md, out + sha_off); sha_off += blocks *= SHA_CBLOCK; out += sha_off; @@ -573,9 +568,9 @@ key->md.Nl += (blocks << 3); /* at most 18 bits */ memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE); } -# endif +#endif -# if 1 /* see original reference version in #else */ +#if 1 /* see original reference version in #else */ len -= SHA_DIGEST_LENGTH; /* amend mac */ if (len >= (256 + SHA_CBLOCK)) { j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK); @@ -588,15 +583,15 @@ /* but pretend as if we hashed padded payload */ bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ -# ifdef BSWAP4 +#ifdef BSWAP4 bitlen = BSWAP4(bitlen); -# else +#else mac.c[0] = 0; mac.c[1] = (unsigned char)(bitlen >> 16); mac.c[2] = (unsigned char)(bitlen >> 8); mac.c[3] = (unsigned char)bitlen; bitlen = mac.u[0]; -# endif +#endif pmac->u[0] = 0; pmac->u[1] = 0; @@ -653,13 +648,13 @@ pmac->u[3] |= key->md.h3 & mask; pmac->u[4] |= key->md.h4 & mask; -# ifdef BSWAP4 +#ifdef BSWAP4 pmac->u[0] = BSWAP4(pmac->u[0]); pmac->u[1] = BSWAP4(pmac->u[1]); pmac->u[2] = BSWAP4(pmac->u[2]); pmac->u[3] = BSWAP4(pmac->u[3]); pmac->u[4] = BSWAP4(pmac->u[4]); -# else +#else for (i = 0; i < 5; i++) { res = pmac->u[i]; pmac->c[4 * i + 0] = (unsigned char)(res >> 24); @@ -667,9 +662,9 @@ pmac->c[4 * i + 2] = (unsigned char)(res >> 8); pmac->c[4 * i + 3] = (unsigned char)res; } -# endif +#endif len += SHA_DIGEST_LENGTH; -# else /* pre-lucky-13 reference version of above */ +#else /* pre-lucky-13 reference version of above */ SHA1_Update(&key->md, out, inp_len); res = key->md.num; SHA1_Final(pmac->c, &key->md); @@ -678,17 +673,15 @@ unsigned int inp_blocks, pad_blocks; /* but pretend as if we hashed padded payload */ - inp_blocks = - 1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); + inp_blocks = 1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); res += (unsigned int)(len - inp_len); pad_blocks = res / SHA_CBLOCK; res %= SHA_CBLOCK; - pad_blocks += - 1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); + pad_blocks += 1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); for (; inp_blocks < pad_blocks; inp_blocks++) sha1_block_data_order(&key->md, data, 1); } -# endif +#endif key->md = key->tail; SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); SHA1_Final(pmac->c, &key->md); @@ -696,7 +689,7 @@ /* verify HMAC */ out += inp_len; len -= inp_len; -# if 1 /* see original reference version in #else */ +#if 1 /* see original reference version in #else */ { unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH; size_t off = out - p; @@ -704,9 +697,7 @@ for (res = 0, i = 0, j = 0; j < maxpad + SHA_DIGEST_LENGTH; j++) { c = p[j]; - cmask = - ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) * - 8 - 1); + cmask = ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) * 8 - 1); res |= (c ^ pad) & ~cmask; /* ... and padding */ cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); res |= (c ^ pmac->c[i]) & cmask; @@ -716,7 +707,7 @@ res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ret &= (int)~res; } -# else /* pre-lucky-13 reference version of above */ +#else /* pre-lucky-13 reference version of above */ for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) res |= out[i] ^ pmac->c[i]; res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); @@ -730,10 +721,10 @@ res = (0 - res) >> (sizeof(res) * 8 - 1); ret &= (int)~res; -# endif +#endif return ret; } else { -# if defined(STITCHED_DECRYPT_CALL) +#if defined(STITCHED_DECRYPT_CALL) if (len >= 1024 && ctx->key_len == 32) { if (sha_off %= SHA_CBLOCK) blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK; @@ -744,8 +735,8 @@ aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0); SHA1_Update(&key->md, out, sha_off); aesni256_cbc_sha1_dec(in + aes_off, - out + aes_off, blocks, &key->ks, - ctx->iv, &key->md, out + sha_off); + out + aes_off, blocks, &key->ks, + ctx->iv, &key->md, out + sha_off); sha_off += blocks *= SHA_CBLOCK; out += sha_off; @@ -756,10 +747,10 @@ if (key->md.Nl < (unsigned int)blocks) key->md.Nh++; } else -# endif +#endif /* decrypt HMAC|padding at once */ aesni_cbc_encrypt(in, out, len, &key->ks, - ctx->iv, 0); + ctx->iv, 0); SHA1_Update(&key->md, out, len); } @@ -769,151 +760,142 @@ } static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) + void *ptr) { EVP_AES_HMAC_SHA1 *key = data(ctx); switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset(hmac_key, 0, sizeof(hmac_key)); - - if (arg > (int)sizeof(hmac_key)) { - SHA1_Init(&key->head); - SHA1_Update(&key->head, ptr, arg); - SHA1_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } + case EVP_CTRL_AEAD_SET_MAC_KEY: { + unsigned int i; + unsigned char hmac_key[64]; - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ + memset(hmac_key, 0, sizeof(hmac_key)); + + if (arg > (int)sizeof(hmac_key)) { SHA1_Init(&key->head); - SHA1_Update(&key->head, hmac_key, sizeof(hmac_key)); + SHA1_Update(&key->head, ptr, arg); + SHA1_Final(hmac_key, &key->head); + } else { + memcpy(hmac_key, ptr, arg); + } - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - SHA1_Init(&key->tail); - SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36; /* ipad */ + SHA1_Init(&key->head); + SHA1_Update(&key->head, hmac_key, sizeof(hmac_key)); - OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ + SHA1_Init(&key->tail); + SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; + OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; + return 1; + } + case EVP_CTRL_AEAD_TLS1_AAD: { + unsigned char *p = ptr; + unsigned int len; - len = p[arg - 2] << 8 | p[arg - 1]; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - key->payload_length = len; - if ((key->aux.tls_ver = - p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { - if (len < AES_BLOCK_SIZE) - return 0; - len -= AES_BLOCK_SIZE; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->md = key->head; - SHA1_Update(&key->md, p, arg); + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; - return (int)(((len + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - - len); - } else { - memcpy(key->aux.tls_aad, ptr, arg); - key->payload_length = arg; + len = p[arg - 2] << 8 | p[arg - 1]; - return SHA_DIGEST_LENGTH; + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { + key->payload_length = len; + if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; + len -= AES_BLOCK_SIZE; + p[arg - 2] = len >> 8; + p[arg - 1] = len; } + key->md = key->head; + SHA1_Update(&key->md, p, arg); + + return (int)(((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) + - len); + } else { + memcpy(key->aux.tls_aad, ptr, arg); + key->payload_length = arg; + + return SHA_DIGEST_LENGTH; } -# if !defined(OPENSSL_NO_MULTIBLOCK) + } +#if !defined(OPENSSL_NO_MULTIBLOCK) case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: return (int)(5 + 16 + ((arg + 20 + 16) & -16)); - case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: - { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; - unsigned int n4x = 1, x4; - unsigned int frag, last, packlen, inp_len; - - if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) - return -1; + case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: { + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; + unsigned int n4x = 1, x4; + unsigned int frag, last, packlen, inp_len; - inp_len = param->inp[11] << 8 | param->inp[12]; + if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) + return -1; - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) - return -1; + inp_len = param->inp[11] << 8 | param->inp[12]; - if (inp_len) { - if (inp_len < 4096) - return 0; /* too short */ + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { + if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) + return -1; - if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) - n4x = 2; /* AVX2 */ - } else if ((n4x = param->interleave / 4) && n4x <= 2) - inp_len = param->len; - else - return -1; + if (inp_len) { + if (inp_len < 4096) + return 0; /* too short */ + + if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) + n4x = 2; /* AVX2 */ + } else if ((n4x = param->interleave / 4) && n4x <= 2) + inp_len = param->len; + else + return -1; - key->md = key->head; - SHA1_Update(&key->md, param->inp, 13); + key->md = key->head; + SHA1_Update(&key->md, param->inp, 13); - x4 = 4 * n4x; - n4x += 1; + x4 = 4 * n4x; + n4x += 1; - frag = inp_len >> n4x; - last = inp_len + frag - (frag << n4x); - if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) { - frag++; - last -= x4 - 1; - } + frag = inp_len >> n4x; + last = inp_len + frag - (frag << n4x); + if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) { + frag++; + last -= x4 - 1; + } - packlen = 5 + 16 + ((frag + 20 + 16) & -16); - packlen = (packlen << n4x) - packlen; - packlen += 5 + 16 + ((last + 20 + 16) & -16); + packlen = 5 + 16 + ((frag + 20 + 16) & -16); + packlen = (packlen << n4x) - packlen; + packlen += 5 + 16 + ((last + 20 + 16) & -16); - param->interleave = x4; + param->interleave = x4; - return (int)packlen; - } else - return -1; /* not yet */ - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: - { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; - - return (int)tls1_1_multi_block_encrypt(key, param->out, - param->inp, param->len, - param->interleave / 4); - } + return (int)packlen; + } else + return -1; /* not yet */ + } + case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: { + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; + + return (int)tls1_1_multi_block_encrypt(key, param->out, + param->inp, param->len, + param->interleave / 4); + } case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: -# endif +#endif default: return -1; } } static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { -# ifdef NID_aes_128_cbc_hmac_sha1 +#ifdef NID_aes_128_cbc_hmac_sha1 NID_aes_128_cbc_hmac_sha1, -# else +#else NID_undef, -# endif +#endif AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, EVP_ORIG_GLOBAL, aesni_cbc_hmac_sha1_init_key, aesni_cbc_hmac_sha1_cipher, @@ -926,14 +908,13 @@ }; static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { -# ifdef NID_aes_256_cbc_hmac_sha1 +#ifdef NID_aes_256_cbc_hmac_sha1 NID_aes_256_cbc_hmac_sha1, -# else +#else NID_undef, -# endif +#endif AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, EVP_ORIG_GLOBAL, aesni_cbc_hmac_sha1_init_key, aesni_cbc_hmac_sha1_cipher, @@ -947,14 +928,12 @@ const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) { - return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? - &aesni_128_cbc_hmac_sha1_cipher : NULL); + return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? &aesni_128_cbc_hmac_sha1_cipher : NULL); } const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) { - return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? - &aesni_256_cbc_hmac_sha1_cipher : NULL); + return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? &aesni_256_cbc_hmac_sha1_cipher : NULL); } #else const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) --- crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c.orig +++ crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -31,54 +31,52 @@ typedef struct { AES_KEY ks; SHA256_CTX head, tail, md; - size_t payload_length; /* AAD length in decrypt case */ + size_t payload_length; /* AAD length in decrypt case */ union { unsigned int tls_ver; unsigned char tls_aad[16]; /* 13 used */ } aux; } EVP_AES_HMAC_SHA256; -# define NO_PAYLOAD_LENGTH ((size_t)-1) +#define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) +#if defined(AES_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) -# define AESNI_CAPABLE (1<<(57-32)) +#define AESNI_CAPABLE (1 << (57 - 32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA256_CTX *ctx, const void *in0); + const AES_KEY *key, unsigned char iv[16], + SHA256_CTX *ctx, const void *in0); -# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) +#define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, - const unsigned char *iv, int enc) + const unsigned char *inkey, + const unsigned char *iv, int enc) { EVP_AES_HMAC_SHA256 *key = data(ctx); int ret; if (enc) ret = aesni_set_encrypt_key(inkey, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &key->ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &key->ks); else ret = aesni_set_decrypt_key(inkey, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &key->ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &key->ks); - SHA256_Init(&key->head); /* handy when benchmarking */ + SHA256_Init(&key->head); /* handy when benchmarking */ key->tail = key->head; key->md = key->head; @@ -87,11 +85,11 @@ return ret < 0 ? 0 : 1; } -# define STITCHED_CALL +#define STITCHED_CALL -# if !defined(STITCHED_CALL) -# define aes_off 0 -# endif +#if !defined(STITCHED_CALL) +#define aes_off 0 +#endif void sha256_block_data_order(void *c, const void *p, size_t len); @@ -126,12 +124,12 @@ SHA256_Update(c, ptr, res); } -# ifdef SHA256_Update -# undef SHA256_Update -# endif -# define SHA256_Update sha256_update +#ifdef SHA256_Update +#undef SHA256_Update +#endif +#define SHA256_Update sha256_update -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) typedef struct { unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8]; @@ -153,10 +151,10 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - unsigned char *out, - const unsigned char *inp, - size_t inp_len, int n4x) -{ /* n4x is 1 or 2 */ + unsigned char *out, + const unsigned char *inp, + size_t inp_len, int n4x) +{ /* n4x is 1 or 2 */ HASH_DESC hash_d[8], edges[8]; CIPH_DESC ciph_d[8]; unsigned char storage[sizeof(SHA256_MB_CTX) + 32]; @@ -166,20 +164,19 @@ u8 c[128]; } blocks[8]; SHA256_MB_CTX *ctx; - unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = - 0; + unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = 0; size_t ret = 0; u8 *IVs; -# if defined(BSWAP8) +#if defined(BSWAP8) u64 seqnum; -# endif +#endif /* ask for IVs in bulk */ if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) return 0; /* align */ - ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); + ctx = (SHA256_MB_CTX *)(storage + 32 - ((size_t)storage % 32)); frag = (unsigned int)inp_len >> (1 + n4x); last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); @@ -207,15 +204,15 @@ IVs += 16; } -# if defined(BSWAP8) +#if defined(BSWAP8) memcpy(blocks[0].c, key->md.data, 8); seqnum = BSWAP8(blocks[0].q[0]); -# endif +#endif for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag); -# if !defined(BSWAP8) +#if !defined(BSWAP8) unsigned int carry, j; -# endif +#endif ctx->A[i] = key->md.h[0]; ctx->B[i] = key->md.h[1]; @@ -227,14 +224,14 @@ ctx->H[i] = key->md.h[7]; /* fix seqnum */ -# if defined(BSWAP8) +#if defined(BSWAP8) blocks[i].q[0] = BSWAP8(seqnum + i); -# else +#else for (carry = i, j = 8; j--;) { blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); } -# endif +#endif blocks[i].c[8] = ((u8 *)key->md.data)[8]; blocks[i].c[9] = ((u8 *)key->md.data)[9]; blocks[i].c[10] = ((u8 *)key->md.data)[10]; @@ -253,10 +250,10 @@ /* hash 13-byte headers and first 64-13 bytes of inputs */ sha256_multi_block(ctx, edges, n4x); /* hash bulk inputs */ -# define MAXCHUNKSIZE 2048 -# if MAXCHUNKSIZE%64 -# error "MAXCHUNKSIZE is not divisible by 64" -# elif MAXCHUNKSIZE +#define MAXCHUNKSIZE 2048 +#if MAXCHUNKSIZE % 64 +#error "MAXCHUNKSIZE is not divisible by 64" +#elif MAXCHUNKSIZE /* * goal is to minimize pressure on L1 cache by moving in shorter steps, * so that hashed data is still in the cache by the time we encrypt it @@ -285,34 +282,34 @@ minblocks -= MAXCHUNKSIZE / 64; } while (minblocks > MAXCHUNKSIZE / 64); } -# endif -# undef MAXCHUNKSIZE +#endif +#undef MAXCHUNKSIZE sha256_multi_block(ctx, hash_d, n4x); memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag), - off = hash_d[i].blocks * 64; + off = hash_d[i].blocks * 64; const unsigned char *ptr = hash_d[i].ptr + off; off = (len - processed) - (64 - 13) - off; /* remainder actually */ memcpy(blocks[i].c, ptr, off); blocks[i].c[off] = 0x80; - len += 64 + 13; /* 64 is HMAC header */ - len *= 8; /* convert to bits */ + len += 64 + 13; /* 64 is HMAC header */ + len *= 8; /* convert to bits */ if (off < (64 - 8)) { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[15] = BSWAP4(len); -# else +#else PUTU32(blocks[i].c + 60, len); -# endif +#endif edges[i].blocks = 1; } else { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[31] = BSWAP4(len); -# else +#else PUTU32(blocks[i].c + 124, len); -# endif +#endif edges[i].blocks = 2; } edges[i].ptr = blocks[i].c; @@ -323,7 +320,7 @@ memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[0] = BSWAP4(ctx->A[i]); ctx->A[i] = key->tail.h[0]; blocks[i].d[1] = BSWAP4(ctx->B[i]); @@ -342,7 +339,7 @@ ctx->H[i] = key->tail.h[7]; blocks[i].c[32] = 0x80; blocks[i].d[15] = BSWAP4((64 + 32) * 8); -# else +#else PUTU32(blocks[i].c + 0, ctx->A[i]); ctx->A[i] = key->tail.h[0]; PUTU32(blocks[i].c + 4, ctx->B[i]); @@ -361,7 +358,7 @@ ctx->H[i] = key->tail.h[7]; blocks[i].c[32] = 0x80; PUTU32(blocks[i].c + 60, (64 + 32) * 8); -# endif +#endif edges[i].ptr = blocks[i].c; edges[i].blocks = 1; } @@ -397,7 +394,7 @@ len += pad + 1; ciph_d[i].blocks = (len - processed) / 16; - len += 16; /* account for explicit iv */ + len += 16; /* account for explicit iv */ /* arrange header */ out0[0] = ((u8 *)key->md.data)[8]; @@ -417,22 +414,22 @@ return ret; } -# endif +#endif static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, size_t len) + unsigned char *out, + const unsigned char *in, size_t len) { EVP_AES_HMAC_SHA256 *key = data(ctx); unsigned int l; size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and * later */ sha_off = 0; -# if defined(STITCHED_CALL) +#if defined(STITCHED_CALL) size_t aes_off = 0, blocks; sha_off = SHA256_CBLOCK - key->md.num; -# endif +#endif key->payload_length = NO_PAYLOAD_LENGTH; @@ -442,14 +439,12 @@ if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; - else if (len != - ((plen + SHA256_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) + else if (len != ((plen + SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) return 0; else if (key->aux.tls_ver >= TLS1_1_VERSION) iv = AES_BLOCK_SIZE; -# if defined(STITCHED_CALL) +#if defined(STITCHED_CALL) /* * Assembly stitch handles AVX-capable processors, but its * performance is not optimal on AMD Jaguar, ~40% worse, for @@ -460,16 +455,16 @@ * either even XOP-capable Bulldozer-based or GenuineIntel one. * But SHAEXT-capable go ahead... */ - if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */ - ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */ - ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ - | (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */ - plen > (sha_off + iv) && - (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { + if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */ + ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */ + ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ + | (OPENSSL_ia32cap_P[0] & (1 << 30))))) + && /* "Intel CPU"? */ + plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { SHA256_Update(&key->md, in + iv, sha_off); (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks, - ctx->iv, &key->md, in + iv + sha_off); + ctx->iv, &key->md, in + iv + sha_off); blocks *= SHA256_CBLOCK; aes_off += blocks; sha_off += blocks; @@ -480,11 +475,11 @@ } else { sha_off = 0; } -# endif +#endif sha_off += iv; SHA256_Update(&key->md, in + sha_off, plen - sha_off); - if (plen != len) { /* "TLS" mode of operation */ + if (plen != len) { /* "TLS" mode of operation */ if (in != out) memcpy(out + aes_off, in + aes_off, plen - aes_off); @@ -500,10 +495,10 @@ out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, ctx->iv, 1); } else { aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); + &key->ks, ctx->iv, 1); } } else { union { @@ -516,7 +511,7 @@ /* decrypt HMAC|padding at once */ aesni_cbc_encrypt(in, out, len, &key->ks, - ctx->iv, 0); + ctx->iv, 0); if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ size_t inp_len, mask, j, i; @@ -563,7 +558,7 @@ key->md = key->head; SHA256_Update(&key->md, key->aux.tls_aad, plen); -# if 1 /* see original reference version in #else */ +#if 1 /* see original reference version in #else */ len -= SHA256_DIGEST_LENGTH; /* amend mac */ if (len >= (256 + SHA256_CBLOCK)) { j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK); @@ -576,15 +571,15 @@ /* but pretend as if we hashed padded payload */ bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ -# ifdef BSWAP4 +#ifdef BSWAP4 bitlen = BSWAP4(bitlen); -# else +#else mac.c[0] = 0; mac.c[1] = (unsigned char)(bitlen >> 16); mac.c[2] = (unsigned char)(bitlen >> 8); mac.c[3] = (unsigned char)bitlen; bitlen = mac.u[0]; -# endif +#endif pmac->u[0] = 0; pmac->u[1] = 0; @@ -653,7 +648,7 @@ pmac->u[6] |= key->md.h[6] & mask; pmac->u[7] |= key->md.h[7] & mask; -# ifdef BSWAP4 +#ifdef BSWAP4 pmac->u[0] = BSWAP4(pmac->u[0]); pmac->u[1] = BSWAP4(pmac->u[1]); pmac->u[2] = BSWAP4(pmac->u[2]); @@ -662,7 +657,7 @@ pmac->u[5] = BSWAP4(pmac->u[5]); pmac->u[6] = BSWAP4(pmac->u[6]); pmac->u[7] = BSWAP4(pmac->u[7]); -# else +#else for (i = 0; i < 8; i++) { res = pmac->u[i]; pmac->c[4 * i + 0] = (unsigned char)(res >> 24); @@ -670,9 +665,9 @@ pmac->c[4 * i + 2] = (unsigned char)(res >> 8); pmac->c[4 * i + 3] = (unsigned char)res; } -# endif +#endif len += SHA256_DIGEST_LENGTH; -# else +#else SHA256_Update(&key->md, out, inp_len); res = key->md.num; SHA256_Final(pmac->c, &key->md); @@ -681,17 +676,15 @@ unsigned int inp_blocks, pad_blocks; /* but pretend as if we hashed padded payload */ - inp_blocks = - 1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); + inp_blocks = 1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); res += (unsigned int)(len - inp_len); pad_blocks = res / SHA256_CBLOCK; res %= SHA256_CBLOCK; - pad_blocks += - 1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); + pad_blocks += 1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); for (; inp_blocks < pad_blocks; inp_blocks++) sha1_block_data_order(&key->md, data, 1); } -# endif /* pre-lucky-13 reference version of above */ +#endif /* pre-lucky-13 reference version of above */ key->md = key->tail; SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH); SHA256_Final(pmac->c, &key->md); @@ -699,19 +692,16 @@ /* verify HMAC */ out += inp_len; len -= inp_len; -# if 1 /* see original reference version in #else */ +#if 1 /* see original reference version in #else */ { - unsigned char *p = - out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; + unsigned char *p = out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; size_t off = out - p; unsigned int c, cmask; for (res = 0, i = 0, j = 0; j < maxpad + SHA256_DIGEST_LENGTH; - j++) { + j++) { c = p[j]; - cmask = - ((int)(j - off - SHA256_DIGEST_LENGTH)) >> - (sizeof(int) * 8 - 1); + cmask = ((int)(j - off - SHA256_DIGEST_LENGTH)) >> (sizeof(int) * 8 - 1); res |= (c ^ pad) & ~cmask; /* ... and padding */ cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); res |= (c ^ pmac->c[i]) & cmask; @@ -721,7 +711,7 @@ res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ret &= (int)~res; } -# else /* pre-lucky-13 reference version of above */ +#else /* pre-lucky-13 reference version of above */ for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++) res |= out[i] ^ pmac->c[i]; res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); @@ -735,7 +725,7 @@ res = (0 - res) >> (sizeof(res) * 8 - 1); ret &= (int)~res; -# endif +#endif return ret; } else { SHA256_Update(&key->md, out, len); @@ -746,158 +736,149 @@ } static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) + void *ptr) { EVP_AES_HMAC_SHA256 *key = data(ctx); unsigned int u_arg = (unsigned int)arg; switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; + case EVP_CTRL_AEAD_SET_MAC_KEY: { + unsigned int i; + unsigned char hmac_key[64]; - memset(hmac_key, 0, sizeof(hmac_key)); + memset(hmac_key, 0, sizeof(hmac_key)); - if (arg < 0) - return -1; + if (arg < 0) + return -1; - if (u_arg > sizeof(hmac_key)) { - SHA256_Init(&key->head); - SHA256_Update(&key->head, ptr, arg); - SHA256_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ + if (u_arg > sizeof(hmac_key)) { SHA256_Init(&key->head); - SHA256_Update(&key->head, hmac_key, sizeof(hmac_key)); - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - SHA256_Init(&key->tail); - SHA256_Update(&key->tail, hmac_key, sizeof(hmac_key)); - - OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); - - return 1; + SHA256_Update(&key->head, ptr, arg); + SHA256_Final(hmac_key, &key->head); + } else { + memcpy(hmac_key, ptr, arg); } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36; /* ipad */ + SHA256_Init(&key->head); + SHA256_Update(&key->head, hmac_key, sizeof(hmac_key)); - len = p[arg - 2] << 8 | p[arg - 1]; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - key->payload_length = len; - if ((key->aux.tls_ver = - p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { - if (len < AES_BLOCK_SIZE) - return 0; - len -= AES_BLOCK_SIZE; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->md = key->head; - SHA256_Update(&key->md, p, arg); + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ + SHA256_Init(&key->tail); + SHA256_Update(&key->tail, hmac_key, sizeof(hmac_key)); - return (int)(((len + SHA256_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - - len); - } else { - memcpy(key->aux.tls_aad, ptr, arg); - key->payload_length = arg; + OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); - return SHA256_DIGEST_LENGTH; + return 1; + } + case EVP_CTRL_AEAD_TLS1_AAD: { + unsigned char *p = ptr; + unsigned int len; + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; + + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { + key->payload_length = len; + if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; + len -= AES_BLOCK_SIZE; + p[arg - 2] = len >> 8; + p[arg - 1] = len; } + key->md = key->head; + SHA256_Update(&key->md, p, arg); + + return (int)(((len + SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) + - len); + } else { + memcpy(key->aux.tls_aad, ptr, arg); + key->payload_length = arg; + + return SHA256_DIGEST_LENGTH; } -# if !defined(OPENSSL_NO_MULTIBLOCK) + } +#if !defined(OPENSSL_NO_MULTIBLOCK) case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: return (int)(5 + 16 + ((arg + 32 + 16) & -16)); - case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: - { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; - unsigned int n4x = 1, x4; - unsigned int frag, last, packlen, inp_len; - - if (arg < 0) - return -1; + case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: { + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; + unsigned int n4x = 1, x4; + unsigned int frag, last, packlen, inp_len; - if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) - return -1; + if (arg < 0) + return -1; + + if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) + return -1; + + inp_len = param->inp[11] << 8 | param->inp[12]; - inp_len = param->inp[11] << 8 | param->inp[12]; + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { + if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) + return -1; - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) - return -1; + if (inp_len) { + if (inp_len < 4096) + return 0; /* too short */ - if (inp_len) { - if (inp_len < 4096) - return 0; /* too short */ + if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) + n4x = 2; /* AVX2 */ + } else if ((n4x = param->interleave / 4) && n4x <= 2) + inp_len = param->len; + else + return -1; - if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) - n4x = 2; /* AVX2 */ - } else if ((n4x = param->interleave / 4) && n4x <= 2) - inp_len = param->len; - else - return -1; + key->md = key->head; + SHA256_Update(&key->md, param->inp, 13); - key->md = key->head; - SHA256_Update(&key->md, param->inp, 13); + x4 = 4 * n4x; + n4x += 1; - x4 = 4 * n4x; - n4x += 1; + frag = inp_len >> n4x; + last = inp_len + frag - (frag << n4x); + if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) { + frag++; + last -= x4 - 1; + } - frag = inp_len >> n4x; - last = inp_len + frag - (frag << n4x); - if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) { - frag++; - last -= x4 - 1; - } + packlen = 5 + 16 + ((frag + 32 + 16) & -16); + packlen = (packlen << n4x) - packlen; + packlen += 5 + 16 + ((last + 32 + 16) & -16); - packlen = 5 + 16 + ((frag + 32 + 16) & -16); - packlen = (packlen << n4x) - packlen; - packlen += 5 + 16 + ((last + 32 + 16) & -16); + param->interleave = x4; - param->interleave = x4; + return (int)packlen; + } else + return -1; /* not yet */ + } + case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: { + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; - return (int)packlen; - } else - return -1; /* not yet */ - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: - { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; - - return (int)tls1_1_multi_block_encrypt(key, param->out, - param->inp, param->len, - param->interleave / 4); - } + return (int)tls1_1_multi_block_encrypt(key, param->out, + param->inp, param->len, + param->interleave / 4); + } case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: -# endif +#endif default: return -1; } } static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { -# ifdef NID_aes_128_cbc_hmac_sha256 +#ifdef NID_aes_128_cbc_hmac_sha256 NID_aes_128_cbc_hmac_sha256, -# else +#else NID_undef, -# endif +#endif AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, EVP_ORIG_GLOBAL, aesni_cbc_hmac_sha256_init_key, aesni_cbc_hmac_sha256_cipher, @@ -910,14 +891,13 @@ }; static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { -# ifdef NID_aes_256_cbc_hmac_sha256 +#ifdef NID_aes_256_cbc_hmac_sha256 NID_aes_256_cbc_hmac_sha256, -# else +#else NID_undef, -# endif +#endif AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, EVP_ORIG_GLOBAL, aesni_cbc_hmac_sha256_init_key, aesni_cbc_hmac_sha256_cipher, @@ -931,16 +911,12 @@ const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) { - return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) && - aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? - &aesni_128_cbc_hmac_sha256_cipher : NULL); + return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) && aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? &aesni_128_cbc_hmac_sha256_cipher : NULL); } const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) { - return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) && - aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? - &aesni_256_cbc_hmac_sha256_cipher : NULL); + return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) && aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? &aesni_256_cbc_hmac_sha256_cipher : NULL); } #else const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) --- crypto/openssl/crypto/evp/e_aria.c.orig +++ crypto/openssl/crypto/evp/e_aria.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -12,13 +12,13 @@ #include "internal/cryptlib.h" #ifndef OPENSSL_NO_ARIA -# include -# include -# include -# include "crypto/aria.h" -# include "crypto/evp.h" -# include "crypto/modes.h" -# include "evp_local.h" +#include +#include +#include +#include "crypto/aria.h" +#include "crypto/evp.h" +#include "crypto/modes.h" +#include "evp_local.h" /* ARIA subkey Structure */ typedef struct { @@ -30,15 +30,15 @@ union { OSSL_UNION_ALIGN; ARIA_KEY ks; - } ks; /* ARIA subkey to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ + } ks; /* ARIA subkey to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ GCM128_CONTEXT gcm; - unsigned char *iv; /* Temporary IV store */ - int ivlen; /* IV length */ + unsigned char *iv; /* Temporary IV store */ + int ivlen; /* IV length */ int taglen; - int iv_gen; /* It is OK to generate IVs */ - int tls_aad_len; /* TLS AAD length */ + int iv_gen; /* It is OK to generate IVs */ + int tls_aad_len; /* TLS AAD length */ } EVP_ARIA_GCM_CTX; /* ARIA CCM context */ @@ -46,134 +46,137 @@ union { OSSL_UNION_ALIGN; ARIA_KEY ks; - } ks; /* ARIA key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - int tag_set; /* Set if tag is valid */ - int len_set; /* Set if message length set */ - int L, M; /* L and M parameters from RFC3610 */ - int tls_aad_len; /* TLS AAD length */ + } ks; /* ARIA key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + int tag_set; /* Set if tag is valid */ + int len_set; /* Set if message length set */ + int L, M; /* L and M parameters from RFC3610 */ + int tls_aad_len; /* TLS AAD length */ CCM128_CONTEXT ccm; ccm128_f str; } EVP_ARIA_CCM_CTX; /* The subkey for ARIA is generated. */ static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ret; int mode = EVP_CIPHER_CTX_get_mode(ctx); if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) ret = ossl_aria_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - EVP_CIPHER_CTX_get_cipher_data(ctx)); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_cipher_data(ctx)); else ret = ossl_aria_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - EVP_CIPHER_CTX_get_cipher_data(ctx)); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_cipher_data(ctx)); if (ret < 0) { - ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED); + ERR_raise(ERR_LIB_EVP, EVP_R_ARIA_KEY_SETUP_FAILED); return 0; } return 1; } static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const ARIA_KEY *key, - unsigned char *ivec, const int enc) + size_t len, const ARIA_KEY *key, + unsigned char *ivec, const int enc) { if (enc) CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f) ossl_aria_encrypt); + (block128_f)ossl_aria_encrypt); else CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f) ossl_aria_encrypt); + (block128_f)ossl_aria_encrypt); } static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const ARIA_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) ossl_aria_encrypt); + (block128_f)ossl_aria_encrypt); } static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const ARIA_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) ossl_aria_encrypt); + (block128_f)ossl_aria_encrypt); } static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const ARIA_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) ossl_aria_encrypt); + (block128_f)ossl_aria_encrypt); } static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key, const int enc) + const ARIA_KEY *key, const int enc) { ossl_aria_encrypt(in, out, key); } static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const ARIA_KEY *key, - unsigned char *ivec, int *num) + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num) { CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f) ossl_aria_encrypt); + (block128_f)ossl_aria_encrypt); } IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY, - NID_aria_128, 16, 16, 16, 128, - 0, aria_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + NID_aria_128, 16, 16, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY, - NID_aria_192, 16, 24, 16, 128, - 0, aria_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + NID_aria_192, 16, 24, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY, - NID_aria_256, 16, 32, 16, 128, - 0, aria_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) - -# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \ - IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0) -IMPLEMENT_ARIA_CFBR(128,1) -IMPLEMENT_ARIA_CFBR(192,1) -IMPLEMENT_ARIA_CFBR(256,1) -IMPLEMENT_ARIA_CFBR(128,8) -IMPLEMENT_ARIA_CFBR(192,8) -IMPLEMENT_ARIA_CFBR(256,8) - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aria_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aria_init_key, \ - aria_##mode##_cipher, \ - NULL, \ - sizeof(EVP_ARIA_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ -{ return &aria_##keylen##_##mode; } + NID_aria_256, 16, 32, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) + +#define IMPLEMENT_ARIA_CFBR(ksize, cbits) \ + IMPLEMENT_CFBR(aria, aria, EVP_ARIA_KEY, ks, ksize, cbits, 16, 0) +IMPLEMENT_ARIA_CFBR(128, 1) +IMPLEMENT_ARIA_CFBR(192, 1) +IMPLEMENT_ARIA_CFBR(256, 1) +IMPLEMENT_ARIA_CFBR(128, 8) +IMPLEMENT_ARIA_CFBR(192, 8) +IMPLEMENT_ARIA_CFBR(256, 8) + +#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \ + static const EVP_CIPHER aria_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aria_init_key, \ + aria_##mode##_cipher, \ + NULL, \ + sizeof(EVP_ARIA_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ + { \ + return &aria_##keylen##_##mode; \ + } static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int n = EVP_CIPHER_CTX_get_num(ctx); unsigned int num; @@ -184,8 +187,8 @@ num = (unsigned int)n; CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - (block128_f) ossl_aria_encrypt); + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + (block128_f)ossl_aria_encrypt); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } @@ -213,21 +216,21 @@ } static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ret; - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx); if (!iv && !key) return 1; if (key) { ret = ossl_aria_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &gctx->ks.ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) ossl_aria_encrypt); + (block128_f)ossl_aria_encrypt); if (ret < 0) { - ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED); + ERR_raise(ERR_LIB_EVP, EVP_R_ARIA_KEY_SETUP_FAILED); return 0; } @@ -255,7 +258,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c); + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, c); switch (type) { case EVP_CTRL_INIT: @@ -353,8 +356,7 @@ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); gctx->tls_aad_len = arg; { - unsigned int len = - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 + unsigned int len = EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; /* Correct length for explicit IV */ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) @@ -372,37 +374,35 @@ /* Extra padding: tag appended to record */ return EVP_GCM_TLS_TAG_LEN; - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out); - if (gctx->gcm.key) { - if (gctx->gcm.key != &gctx->ks) - return 0; - gctx_out->gcm.key = &gctx_out->ks; - } - if (gctx->iv == c->iv) - gctx_out->iv = out->iv; - else { - if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); + case EVP_CTRL_COPY: { + EVP_CIPHER_CTX *out = ptr; + EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX, out); + if (gctx->gcm.key) { + if (gctx->gcm.key != &gctx->ks) + return 0; + gctx_out->gcm.key = &gctx_out->ks; + } + if (gctx->iv == c->iv) + gctx_out->iv = out->iv; + else { + if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + return 0; } - return 1; + memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); } + return 1; + } default: return -1; - } } static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx); int rv = -1; /* Encrypt/decrypt must be performed in place */ @@ -413,13 +413,13 @@ * Set IV from start of buffer or generate IV and write to start of * buffer. */ - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_is_encrypting(ctx) ? - EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, - EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_is_encrypting(ctx) ? EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) + <= 0) goto err; /* Use saved AAD */ if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), - gctx->tls_aad_len)) + gctx->tls_aad_len)) goto err; /* Fix buffer and length to point to payload */ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; @@ -439,26 +439,26 @@ goto err; /* Retrieve tag */ CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), - EVP_GCM_TLS_TAG_LEN); + EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len, - EVP_GCM_TLS_TAG_LEN)) { + EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } rv = len; } - err: +err: gctx->iv_set = 0; gctx->tls_aad_len = -1; return rv; } static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx); /* If not set up, return error */ if (!gctx->key_set) @@ -486,8 +486,9 @@ if (gctx->taglen < 0) return -1; if (CRYPTO_gcm128_finish(&gctx->gcm, - EVP_CIPHER_CTX_buf_noconst(ctx), - gctx->taglen) != 0) + EVP_CIPHER_CTX_buf_noconst(ctx), + gctx->taglen) + != 0) return -1; gctx->iv_set = 0; return 0; @@ -510,22 +511,22 @@ } static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ret; - EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); + EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX, ctx); if (!iv && !key) return 1; if (key) { ret = ossl_aria_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); + EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) ossl_aria_encrypt); + &cctx->ks, (block128_f)ossl_aria_encrypt); if (ret < 0) { - ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED); + ERR_raise(ERR_LIB_EVP, EVP_R_ARIA_KEY_SETUP_FAILED); return 0; } cctx->str = NULL; @@ -540,7 +541,7 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c); + EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX, c); switch (type) { case EVP_CTRL_INIT: @@ -564,8 +565,7 @@ memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); cctx->tls_aad_len = arg; { - uint16_t len = - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 + uint16_t len = EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; /* Correct length for explicit IV */ if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) @@ -621,17 +621,16 @@ cctx->len_set = 0; return 1; - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out); - if (cctx->ccm.key) { - if (cctx->ccm.key != &cctx->ks) - return 0; - cctx_out->ccm.key = &cctx_out->ks; - } - return 1; + case EVP_CTRL_COPY: { + EVP_CIPHER_CTX *out = ptr; + EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX, out); + if (cctx->ccm.key) { + if (cctx->ccm.key != &cctx->ks) + return 0; + cctx_out->ccm.key = &cctx_out->ks; } + return 1; + } default: return -1; @@ -639,9 +638,9 @@ } static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); + EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX, ctx); CCM128_CONTEXT *ccm = &cctx->ccm; /* Encrypt/decrypt must be performed in place */ @@ -650,18 +649,18 @@ /* If encrypting set explicit IV from sequence number (start of AAD) */ if (EVP_CIPHER_CTX_is_encrypting(ctx)) memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), - EVP_CCM_TLS_EXPLICIT_IV_LEN); + EVP_CCM_TLS_EXPLICIT_IV_LEN); /* Get rest of IV from explicit IV */ memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, - EVP_CCM_TLS_EXPLICIT_IV_LEN); + EVP_CCM_TLS_EXPLICIT_IV_LEN); /* Correct length value */ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, - len)) - return -1; + len)) + return -1; /* Use saved AAD */ CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), - cctx->tls_aad_len); + cctx->tls_aad_len); /* Fix buffer to point to payload */ in += EVP_CCM_TLS_EXPLICIT_IV_LEN; out += EVP_CCM_TLS_EXPLICIT_IV_LEN; @@ -687,9 +686,9 @@ } static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); + EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX, ctx); CCM128_CONTEXT *ccm = &cctx->ccm; /* If not set up, return error */ @@ -739,12 +738,12 @@ } else { int rv = -1; if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, - cctx->str) : - !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { + cctx->str) + : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), - cctx->M)) + cctx->M)) rv = len; } } @@ -757,27 +756,30 @@ } } -#define aria_ccm_cleanup NULL - -#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \ - | EVP_CIPH_CUSTOM_IV_LENGTH) - -#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aria_##keylen##_##mode = { \ - nid##_##keylen##_##nmode, \ - blocksize, keylen/8, ivlen, \ - ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aria_##mode##_init_key, \ - aria_##mode##_cipher, \ - aria_##mode##_cleanup, \ - sizeof(EVP_ARIA_##MODE##_CTX), \ - NULL,NULL,aria_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ -{ return (EVP_CIPHER*)&aria_##keylen##_##mode; } +#define aria_ccm_cleanup NULL + +#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \ + | EVP_CIPH_CUSTOM_IV_LENGTH) + +#define BLOCK_CIPHER_aead(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \ + static const EVP_CIPHER aria_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, \ + blocksize, keylen / 8, ivlen, \ + ARIA_AUTH_FLAGS | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + aria_##mode##_init_key, \ + aria_##mode##_cipher, \ + aria_##mode##_cleanup, \ + sizeof(EVP_ARIA_##MODE##_CTX), \ + NULL, NULL, aria_##mode##_ctrl, NULL \ + }; \ + const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ + { \ + return (EVP_CIPHER *)&aria_##keylen##_##mode; \ + } BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0) BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0) --- crypto/openssl/crypto/evp/e_bf.c.orig +++ crypto/openssl/crypto/evp/e_bf.c @@ -16,27 +16,27 @@ #include #include "internal/cryptlib.h" #ifndef OPENSSL_NO_BF -# include -# include "crypto/evp.h" -# include -# include -# include "evp_local.h" +#include +#include "crypto/evp.h" +#include +#include +#include "evp_local.h" static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); typedef struct { BF_KEY ks; } EVP_BF_KEY; -# define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) +#define data(ctx) EVP_C_DATA(EVP_BF_KEY, ctx) IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) + EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int len = EVP_CIPHER_CTX_get_key_length(ctx); --- crypto/openssl/crypto/evp/e_camellia.c.orig +++ crypto/openssl/crypto/evp/e_camellia.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ #include "evp_local.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); /* Camellia subkey Structure */ typedef struct { @@ -38,22 +38,21 @@ } stream; } EVP_CAMELLIA_KEY; -#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) +#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) /* Attribute operation for Camellia */ -#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) +#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY, ctx) #if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) /* ---------^^^ this is not a typo, just a way to detect that * assembler support was in general requested... */ -# include "crypto/sparc_arch.h" +#include "crypto/sparc_arch.h" static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ret, mode, bits; - EVP_CAMELLIA_KEY *dat = - (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); + EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); mode = EVP_CIPHER_CTX_get_mode(ctx); bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; @@ -63,38 +62,36 @@ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { ret = 0; - dat->block = (block128_f) cmll_t4_decrypt; + dat->block = (block128_f)cmll_t4_decrypt; switch (bits) { case 128: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) cmll128_t4_cbc_decrypt : NULL; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)cmll128_t4_cbc_decrypt : NULL; break; case 192: case 256: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) cmll256_t4_cbc_decrypt : NULL; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)cmll256_t4_cbc_decrypt : NULL; break; default: ret = -1; } } else { ret = 0; - dat->block = (block128_f) cmll_t4_encrypt; + dat->block = (block128_f)cmll_t4_encrypt; switch (bits) { case 128: if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt; + dat->stream.cbc = (cbc128_f)cmll128_t4_cbc_encrypt; else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt; + dat->stream.ctr = (ctr128_f)cmll128_t4_ctr32_encrypt; else dat->stream.cbc = NULL; break; case 192: case 256: if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt; + dat->stream.cbc = (cbc128_f)cmll256_t4_cbc_encrypt; else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt; + dat->stream.ctr = (ctr128_f)cmll256_t4_ctr32_encrypt; else dat->stream.cbc = NULL; break; @@ -111,92 +108,99 @@ return 1; } -# define cmll_t4_cbc_cipher camellia_cbc_cipher +#define cmll_t4_cbc_cipher camellia_cbc_cipher static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define cmll_t4_ecb_cipher camellia_ecb_cipher +#define cmll_t4_ecb_cipher camellia_ecb_cipher static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define cmll_t4_ofb_cipher camellia_ofb_cipher +#define cmll_t4_ofb_cipher camellia_ofb_cipher static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define cmll_t4_cfb_cipher camellia_cfb_cipher +#define cmll_t4_cfb_cipher camellia_cfb_cipher static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define cmll_t4_cfb8_cipher camellia_cfb8_cipher +#define cmll_t4_cfb8_cipher camellia_cfb8_cipher static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define cmll_t4_cfb1_cipher camellia_cfb1_cipher +#define cmll_t4_cfb1_cipher camellia_cfb1_cipher static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); -# define cmll_t4_ctr_cipher camellia_ctr_cipher +#define cmll_t4_ctr_cipher camellia_ctr_cipher static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - cmll_t4_init_key, \ - cmll_t4_##mode##_cipher, \ - NULL, \ - sizeof(EVP_CAMELLIA_KEY), \ - NULL,NULL,NULL,NULL }; \ -static const EVP_CIPHER camellia_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - camellia_init_key, \ - camellia_##mode##_cipher, \ - NULL, \ - sizeof(EVP_CAMELLIA_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ -{ return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; } + const unsigned char *in, size_t len); + +#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \ + static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + cmll_t4_init_key, \ + cmll_t4_##mode##_cipher, \ + NULL, \ + sizeof(EVP_CAMELLIA_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + static const EVP_CIPHER camellia_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, \ + keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + camellia_init_key, \ + camellia_##mode##_cipher, \ + NULL, \ + sizeof(EVP_CAMELLIA_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ + { \ + return SPARC_CMLL_CAPABLE ? &cmll_t4_##keylen##_##mode : &camellia_##keylen##_##mode; \ + } #else -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER camellia_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - camellia_init_key, \ - camellia_##mode##_cipher, \ - NULL, \ - sizeof(EVP_CAMELLIA_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ -{ return &camellia_##keylen##_##mode; } +#define BLOCK_CIPHER_generic(nid, keylen, blocksize, ivlen, nmode, mode, MODE, flags) \ + static const EVP_CIPHER camellia_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, blocksize, keylen / 8, ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + camellia_init_key, \ + camellia_##mode##_cipher, \ + NULL, \ + sizeof(EVP_CAMELLIA_KEY), \ + NULL, NULL, NULL, NULL \ + }; \ + const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ + { \ + return &camellia_##keylen##_##mode; \ + } #endif -#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) +#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) /* The subkey for Camellia is generated. */ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ret, mode; - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx); ret = Camellia_set_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks); + &dat->ks); if (ret < 0) { ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED); return 0; @@ -205,26 +209,24 @@ mode = EVP_CIPHER_CTX_get_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { - dat->block = (block128_f) Camellia_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) Camellia_cbc_encrypt : NULL; + dat->block = (block128_f)Camellia_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)Camellia_cbc_encrypt : NULL; } else { - dat->block = (block128_f) Camellia_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) Camellia_cbc_encrypt : NULL; + dat->block = (block128_f)Camellia_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)Camellia_cbc_encrypt : NULL; } return 1; } static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx); if (dat->stream.cbc) - (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); else if (EVP_CIPHER_CTX_is_encrypting(ctx)) CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); else @@ -234,25 +236,25 @@ } static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); size_t i; - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx); if (len < bl) return 1; for (i = 0, len -= bl; i <= len; i += bl) - (*dat->block) (in + i, out + i, &dat->ks); + (*dat->block)(in + i, out + i, &dat->ks); return 1; } static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx); int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block); @@ -261,39 +263,39 @@ } static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx); int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx); int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx); if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), - dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), + dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } @@ -301,20 +303,20 @@ while (len >= MAXBITCHUNK) { int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), - dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), + dat->block); EVP_CIPHER_CTX_set_num(ctx, num); len -= MAXBITCHUNK; out += MAXBITCHUNK; - in += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) { int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), - dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), + dat->block); EVP_CIPHER_CTX_set_num(ctx, num); } @@ -322,28 +324,28 @@ } static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int snum = EVP_CIPHER_CTX_get_num(ctx); unsigned int num; - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); + EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx); if (snum < 0) return 0; num = snum; if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), - &num, - dat->stream.ctr); + EVP_CIPHER_CTX_buf_noconst(ctx), + &num, + dat->stream.ctr); else CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - dat->block); + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) +BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) +BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) --- crypto/openssl/crypto/evp/e_cast.c.orig +++ crypto/openssl/crypto/evp/e_cast.c @@ -17,28 +17,28 @@ #include "internal/cryptlib.h" #ifndef OPENSSL_NO_CAST -# include -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" +#include +#include +#include "crypto/evp.h" +#include +#include "evp_local.h" static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); typedef struct { CAST_KEY ks; } EVP_CAST_KEY; -# define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) +#define data(ctx) EVP_C_DATA(EVP_CAST_KEY, ctx) IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, - NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) + NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, + EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int keylen = EVP_CIPHER_CTX_get_key_length(ctx); --- crypto/openssl/crypto/evp/e_chacha20_poly1305.c.orig +++ crypto/openssl/crypto/evp/e_chacha20_poly1305.c @@ -13,41 +13,41 @@ #ifndef OPENSSL_NO_CHACHA -# include -# include -# include "crypto/evp.h" -# include "evp_local.h" -# include "crypto/chacha.h" +#include +#include +#include "crypto/evp.h" +#include "evp_local.h" +#include "crypto/chacha.h" typedef struct { union { - OSSL_UNION_ALIGN; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ + OSSL_UNION_ALIGN; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ unsigned int d[CHACHA_KEY_SIZE / 4]; } key; - unsigned int counter[CHACHA_CTR_SIZE / 4]; + unsigned int counter[CHACHA_CTR_SIZE / 4]; unsigned char buf[CHACHA_BLK_SIZE]; - unsigned int partial_len; + unsigned int partial_len; } EVP_CHACHA_KEY; -#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) +#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) -#define CHACHA20_POLY1305_MAX_IVLEN 12 +#define CHACHA20_POLY1305_MAX_IVLEN 12 static int chacha_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char user_key[CHACHA_KEY_SIZE], - const unsigned char iv[CHACHA_CTR_SIZE], int enc) + const unsigned char user_key[CHACHA_KEY_SIZE], + const unsigned char iv[CHACHA_CTR_SIZE], int enc) { EVP_CHACHA_KEY *key = data(ctx); unsigned int i; if (user_key) - for (i = 0; i < CHACHA_KEY_SIZE; i+=4) { - key->key.d[i/4] = CHACHA_U8TOU32(user_key+i); + for (i = 0; i < CHACHA_KEY_SIZE; i += 4) { + key->key.d[i / 4] = CHACHA_U8TOU32(user_key + i); } if (iv) - for (i = 0; i < CHACHA_CTR_SIZE; i+=4) { - key->counter[i/4] = CHACHA_U8TOU32(iv+i); + for (i = 0; i < CHACHA_CTR_SIZE; i += 4) { + key->counter[i / 4] = CHACHA_U8TOU32(iv + i); } key->partial_len = 0; @@ -55,8 +55,8 @@ return 1; } -static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - const unsigned char *inp, size_t len) +static int chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *inp, size_t len) { EVP_CHACHA_KEY *key = data(ctx); unsigned int n, rem, ctr32; @@ -89,8 +89,8 @@ * Below condition is practically never met, but it has to * be checked for code correctness. */ - if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28)) - blocks = (1U<<28); + if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28)) + blocks = (1U << 28); /* * As ChaCha20_ctr32 operates on 32-bit counter, caller @@ -110,13 +110,14 @@ out += blocks; key->counter[0] = ctr32; - if (ctr32 == 0) key->counter[1]++; + if (ctr32 == 0) + key->counter[1]++; } if (rem) { memset(key->buf, 0, sizeof(key->buf)); ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE, - key->key.d, key->counter); + key->key.d, key->counter); for (n = 0; n < rem; n++) out[n] = inp[n] ^ key->buf[n]; key->partial_len = rem; @@ -127,9 +128,9 @@ static const EVP_CIPHER chacha20 = { NID_chacha20, - 1, /* block_size */ - CHACHA_KEY_SIZE, /* key_len */ - CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ + 1, /* block_size */ + CHACHA_KEY_SIZE, /* key_len */ + CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT, EVP_ORIG_GLOBAL, chacha_init_key, @@ -147,26 +148,28 @@ return &chacha20; } -# ifndef OPENSSL_NO_POLY1305 -# include "crypto/poly1305.h" +#ifndef OPENSSL_NO_POLY1305 +#include "crypto/poly1305.h" typedef struct { EVP_CHACHA_KEY key; - unsigned int nonce[12/4]; + unsigned int nonce[12 / 4]; unsigned char tag[POLY1305_BLOCK_SIZE]; unsigned char tls_aad[POLY1305_BLOCK_SIZE]; - struct { uint64_t aad, text; } len; + struct { + uint64_t aad, text; + } len; int aad, mac_inited, tag_len, nonce_len; size_t tls_payload_length; } EVP_CHACHA_AEAD_CTX; -# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) -# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data) -# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1)) +#define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) +#define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data) +#define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1)) static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, - const unsigned char *iv, int enc) + const unsigned char *inkey, + const unsigned char *iv, int enc) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); @@ -185,7 +188,7 @@ /* pad on the left */ if (actx->nonce_len <= CHACHA_CTR_SIZE) memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, - actx->nonce_len); + actx->nonce_len); chacha_init_key(ctx, inkey, temp, enc); @@ -199,20 +202,19 @@ return 1; } -# if !defined(OPENSSL_SMALL_FOOTPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT) -# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) -# define XOR128_HELPERS +#if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) +#define XOR128_HELPERS void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len); void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len); static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 }; -# else +#else static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 }; -# endif +#endif static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length; @@ -221,16 +223,16 @@ if (len != plen + POLY1305_BLOCK_SIZE) return -1; - buf = storage + ((0 - (size_t)storage) & 15); /* align */ + buf = storage + ((0 - (size_t)storage) & 15); /* align */ ctr = buf + CHACHA_BLK_SIZE; tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE; -# ifdef XOR128_HELPERS +#ifdef XOR128_HELPERS if (plen <= 3 * CHACHA_BLK_SIZE) { actx->key.counter[0] = 0; buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE); ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d, - actx->key.counter); + actx->key.counter); Poly1305_Init(POLY1305_ctx(actx), buf); actx->key.partial_len = 0; memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); @@ -249,13 +251,13 @@ tohash_len = (size_t)(ctr - tohash); } } -# else +#else if (plen <= CHACHA_BLK_SIZE) { size_t i; actx->key.counter[0] = 0; ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE), - actx->key.key.d, actx->key.counter); + actx->key.key.d, actx->key.counter); Poly1305_Init(POLY1305_ctx(actx), buf); actx->key.partial_len = 0; memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); @@ -283,11 +285,11 @@ ctr += i + tail; tohash_len += i + tail; } -# endif +#endif else { actx->key.counter[0] = 0; ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE), - actx->key.key.d, actx->key.counter); + actx->key.key.d, actx->key.counter); Poly1305_Init(POLY1305_ctx(actx), buf); actx->key.counter[0] = 1; actx->key.partial_len = 0; @@ -317,31 +319,30 @@ if (IS_LITTLE_ENDIAN) { memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); } else { - ctr[0] = (unsigned char)(actx->len.aad); - ctr[1] = (unsigned char)(actx->len.aad>>8); - ctr[2] = (unsigned char)(actx->len.aad>>16); - ctr[3] = (unsigned char)(actx->len.aad>>24); - ctr[4] = (unsigned char)(actx->len.aad>>32); - ctr[5] = (unsigned char)(actx->len.aad>>40); - ctr[6] = (unsigned char)(actx->len.aad>>48); - ctr[7] = (unsigned char)(actx->len.aad>>56); - - ctr[8] = (unsigned char)(actx->len.text); - ctr[9] = (unsigned char)(actx->len.text>>8); - ctr[10] = (unsigned char)(actx->len.text>>16); - ctr[11] = (unsigned char)(actx->len.text>>24); - ctr[12] = (unsigned char)(actx->len.text>>32); - ctr[13] = (unsigned char)(actx->len.text>>40); - ctr[14] = (unsigned char)(actx->len.text>>48); - ctr[15] = (unsigned char)(actx->len.text>>56); + ctr[0] = (unsigned char)(actx->len.aad); + ctr[1] = (unsigned char)(actx->len.aad >> 8); + ctr[2] = (unsigned char)(actx->len.aad >> 16); + ctr[3] = (unsigned char)(actx->len.aad >> 24); + ctr[4] = (unsigned char)(actx->len.aad >> 32); + ctr[5] = (unsigned char)(actx->len.aad >> 40); + ctr[6] = (unsigned char)(actx->len.aad >> 48); + ctr[7] = (unsigned char)(actx->len.aad >> 56); + + ctr[8] = (unsigned char)(actx->len.text); + ctr[9] = (unsigned char)(actx->len.text >> 8); + ctr[10] = (unsigned char)(actx->len.text >> 16); + ctr[11] = (unsigned char)(actx->len.text >> 24); + ctr[12] = (unsigned char)(actx->len.text >> 32); + ctr[13] = (unsigned char)(actx->len.text >> 40); + ctr[14] = (unsigned char)(actx->len.text >> 48); + ctr[15] = (unsigned char)(actx->len.text >> 56); } tohash_len += POLY1305_BLOCK_SIZE; } Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len); OPENSSL_cleanse(buf, buf_len); - Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag - : tohash); + Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag : tohash); actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; @@ -350,31 +351,31 @@ } else { if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) { memset(out - (len - POLY1305_BLOCK_SIZE), 0, - len - POLY1305_BLOCK_SIZE); + len - POLY1305_BLOCK_SIZE); return -1; } } return len; } -# else +#else static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 }; -# endif +#endif static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); size_t rem, plen = actx->tls_payload_length; if (!actx->mac_inited) { -# if !defined(OPENSSL_SMALL_FOOTPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT) if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL) return chacha20_poly1305_tls_cipher(ctx, out, in, len); -# endif +#endif actx->key.counter[0] = 0; ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE, - actx->key.key.d, actx->key.counter); + actx->key.key.d, actx->key.counter); Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); actx->key.counter[0] = 1; actx->key.partial_len = 0; @@ -382,23 +383,23 @@ actx->mac_inited = 1; if (plen != NO_TLS_PAYLOAD_LENGTH) { Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, - EVP_AEAD_TLS1_AAD_LEN); + EVP_AEAD_TLS1_AAD_LEN); actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; actx->aad = 1; } } - if (in) { /* aad or text */ - if (out == NULL) { /* aad */ + if (in) { /* aad or text */ + if (out == NULL) { /* aad */ Poly1305_Update(POLY1305_ctx(actx), in, len); actx->len.aad += len; actx->aad = 1; return len; - } else { /* plain- or ciphertext */ - if (actx->aad) { /* wrap up aad */ + } else { /* plain- or ciphertext */ + if (actx->aad) { /* wrap up aad */ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); + POLY1305_BLOCK_SIZE - rem); actx->aad = 0; } @@ -408,13 +409,13 @@ else if (len != plen + POLY1305_BLOCK_SIZE) return -1; - if (ctx->encrypt) { /* plaintext */ + if (ctx->encrypt) { /* plaintext */ chacha_cipher(ctx, out, in, plen); Poly1305_Update(POLY1305_ctx(actx), out, plen); in += plen; out += plen; actx->len.text += plen; - } else { /* ciphertext */ + } else { /* ciphertext */ Poly1305_Update(POLY1305_ctx(actx), in, plen); chacha_cipher(ctx, out, in, plen); in += plen; @@ -423,51 +424,50 @@ } } } - if (in == NULL /* explicit final */ - || plen != len) { /* or tls mode */ + if (in == NULL /* explicit final */ + || plen != len) { /* or tls mode */ DECLARE_IS_ENDIAN; unsigned char temp[POLY1305_BLOCK_SIZE]; - if (actx->aad) { /* wrap up aad */ + if (actx->aad) { /* wrap up aad */ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); + POLY1305_BLOCK_SIZE - rem); actx->aad = 0; } if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); + POLY1305_BLOCK_SIZE - rem); if (IS_LITTLE_ENDIAN) { Poly1305_Update(POLY1305_ctx(actx), - (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); + (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); } else { - temp[0] = (unsigned char)(actx->len.aad); - temp[1] = (unsigned char)(actx->len.aad>>8); - temp[2] = (unsigned char)(actx->len.aad>>16); - temp[3] = (unsigned char)(actx->len.aad>>24); - temp[4] = (unsigned char)(actx->len.aad>>32); - temp[5] = (unsigned char)(actx->len.aad>>40); - temp[6] = (unsigned char)(actx->len.aad>>48); - temp[7] = (unsigned char)(actx->len.aad>>56); - - temp[8] = (unsigned char)(actx->len.text); - temp[9] = (unsigned char)(actx->len.text>>8); - temp[10] = (unsigned char)(actx->len.text>>16); - temp[11] = (unsigned char)(actx->len.text>>24); - temp[12] = (unsigned char)(actx->len.text>>32); - temp[13] = (unsigned char)(actx->len.text>>40); - temp[14] = (unsigned char)(actx->len.text>>48); - temp[15] = (unsigned char)(actx->len.text>>56); + temp[0] = (unsigned char)(actx->len.aad); + temp[1] = (unsigned char)(actx->len.aad >> 8); + temp[2] = (unsigned char)(actx->len.aad >> 16); + temp[3] = (unsigned char)(actx->len.aad >> 24); + temp[4] = (unsigned char)(actx->len.aad >> 32); + temp[5] = (unsigned char)(actx->len.aad >> 40); + temp[6] = (unsigned char)(actx->len.aad >> 48); + temp[7] = (unsigned char)(actx->len.aad >> 56); + + temp[8] = (unsigned char)(actx->len.text); + temp[9] = (unsigned char)(actx->len.text >> 8); + temp[10] = (unsigned char)(actx->len.text >> 16); + temp[11] = (unsigned char)(actx->len.text >> 24); + temp[12] = (unsigned char)(actx->len.text >> 32); + temp[13] = (unsigned char)(actx->len.text >> 40); + temp[14] = (unsigned char)(actx->len.text >> 48); + temp[15] = (unsigned char)(actx->len.text >> 56); Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); } - Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag - : temp); + Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag : temp); actx->mac_inited = 0; - if (in != NULL && len != plen) { /* tls mode */ + if (in != NULL && len != plen) { /* tls mode */ if (ctx->encrypt) { memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); } else { @@ -476,8 +476,7 @@ return -1; } } - } - else if (!ctx->encrypt) { + } else if (!ctx->encrypt) { if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len)) return -1; } @@ -494,15 +493,15 @@ } static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) + void *ptr) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - switch(type) { + switch (type) { case EVP_CTRL_INIT: if (actx == NULL) actx = ctx->cipher_data - = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size()); + = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size()); if (actx == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -521,8 +520,7 @@ if (actx) { EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr; - dst->cipher_data = - OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size()); + dst->cipher_data = OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size()); if (dst->cipher_data == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_COPY_ERROR); return 0; @@ -544,11 +542,11 @@ if (arg != 12) return 0; actx->nonce[0] = actx->key.counter[1] - = CHACHA_U8TOU32((unsigned char *)ptr); + = CHACHA_U8TOU32((unsigned char *)ptr); actx->nonce[1] = actx->key.counter[2] - = CHACHA_U8TOU32((unsigned char *)ptr+4); + = CHACHA_U8TOU32((unsigned char *)ptr + 4); actx->nonce[2] = actx->key.counter[3] - = CHACHA_U8TOU32((unsigned char *)ptr+8); + = CHACHA_U8TOU32((unsigned char *)ptr + 8); return 1; case EVP_CTRL_AEAD_SET_TAG: @@ -574,13 +572,12 @@ unsigned char *aad = ptr; memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN); - len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | - aad[EVP_AEAD_TLS1_AAD_LEN - 1]; + len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | aad[EVP_AEAD_TLS1_AAD_LEN - 1]; aad = actx->tls_aad; if (!ctx->encrypt) { if (len < POLY1305_BLOCK_SIZE) return 0; - len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ + len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; } @@ -591,10 +588,10 @@ */ actx->key.counter[1] = actx->nonce[0]; actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); - actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); + actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad + 4); actx->mac_inited = 0; - return POLY1305_BLOCK_SIZE; /* tag length */ + return POLY1305_BLOCK_SIZE; /* tag length */ } case EVP_CTRL_AEAD_SET_MAC_KEY: @@ -608,27 +605,24 @@ static EVP_CIPHER chacha20_poly1305 = { NID_chacha20_poly1305, - 1, /* block_size */ - CHACHA_KEY_SIZE, /* key_len */ - 12, /* iv_len, 96-bit nonce in the context */ - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | - EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | - EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | - EVP_CIPH_CUSTOM_IV_LENGTH, + 1, /* block_size */ + CHACHA_KEY_SIZE, /* key_len */ + 12, /* iv_len, 96-bit nonce in the context */ + EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_CUSTOM_IV_LENGTH, EVP_ORIG_GLOBAL, chacha20_poly1305_init_key, chacha20_poly1305_cipher, chacha20_poly1305_cleanup, - 0, /* 0 moves context-specific structure allocation to ctrl */ - NULL, /* set_asn1_parameters */ - NULL, /* get_asn1_parameters */ + 0, /* 0 moves context-specific structure allocation to ctrl */ + NULL, /* set_asn1_parameters */ + NULL, /* get_asn1_parameters */ chacha20_poly1305_ctrl, - NULL /* app_data */ + NULL /* app_data */ }; const EVP_CIPHER *EVP_chacha20_poly1305(void) { - return(&chacha20_poly1305); + return (&chacha20_poly1305); } -# endif +#endif #endif --- crypto/openssl/crypto/evp/e_des.c.orig +++ crypto/openssl/crypto/evp/e_des.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,12 +16,12 @@ #include #include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES -# include -# include -# include "crypto/evp.h" -# include -# include -# include "evp_local.h" +#include +#include +#include "crypto/evp.h" +#include +#include +#include "evp_local.h" typedef struct { union { @@ -29,27 +29,27 @@ DES_key_schedule ks; } ks; union { - void (*cbc) (const void *, void *, size_t, - const DES_key_schedule *, unsigned char *); + void (*cbc)(const void *, void *, size_t, + const DES_key_schedule *, unsigned char *); } stream; } EVP_DES_KEY; -# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) +#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) /* ----------^^^ this is not a typo, just a way to detect that * assembler support was in general requested... */ -# include "crypto/sparc_arch.h" +#include "crypto/sparc_arch.h" -# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) +#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) void des_t4_key_expand(const void *key, DES_key_schedule *ks); void des_t4_cbc_encrypt(const void *inp, void *out, size_t len, - const DES_key_schedule *ks, unsigned char iv[8]); + const DES_key_schedule *ks, unsigned char iv[8]); void des_t4_cbc_decrypt(const void *inp, void *out, size_t len, - const DES_key_schedule *ks, unsigned char iv[8]); -# endif + const DES_key_schedule *ks, unsigned char iv[8]); +#endif static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); /* @@ -58,23 +58,23 @@ */ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), - EVP_CIPHER_CTX_get_cipher_data(ctx), - EVP_CIPHER_CTX_is_encrypting(ctx)); + EVP_CIPHER_CTX_get_cipher_data(ctx), + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { int num = EVP_CIPHER_CTX_get_num(ctx); DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, &num); + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)ctx->iv, &num); EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; @@ -83,48 +83,48 @@ if (inl) { int num = EVP_CIPHER_CTX_get_num(ctx); DES_ofb64_encrypt(in, out, (long)inl, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, &num); + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)ctx->iv, &num); EVP_CIPHER_CTX_set_num(ctx, num); } return 1; } static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { - EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); + EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); if (dat->stream.cbc != NULL) { - (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv); + (*dat->stream.cbc)(in, out, inl, &dat->ks.ks, ctx->iv); return 1; } while (inl >= EVP_MAXCHUNK) { DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) DES_ncbc_encrypt(in, out, (long)inl, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { int num = EVP_CIPHER_CTX_get_num(ctx); DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx)); + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; @@ -133,9 +133,9 @@ if (inl) { int num = EVP_CIPHER_CTX_get_num(ctx); DES_cfb64_encrypt(in, out, (long)inl, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx)); + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); } return 1; @@ -146,7 +146,7 @@ * way, so wrap it here */ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { size_t n, chunk = EVP_MAXCHUNK / 8; unsigned char c[1], d[1]; @@ -158,11 +158,9 @@ for (n = 0; n < chunk * 8; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - out[n / 8] = - (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | - ((d[0] & 0x80) >> (unsigned int)(n % 8)); + (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); + out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); } inl -= chunk; in += chunk; @@ -175,45 +173,45 @@ } static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) DES_cfb_encrypt(in, out, 8, (long)inl, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + EVP_CIPHER_CTX_get_cipher_data(ctx), + (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) +BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) +BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; - EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); + EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); dat->stream.cbc = NULL; -# if defined(SPARC_DES_CAPABLE) +#if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { int mode = EVP_CIPHER_CTX_get_mode(ctx); @@ -223,7 +221,7 @@ return 1; } } -# endif +#endif DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx)); return 1; } --- crypto/openssl/crypto/evp/e_des3.c.orig +++ crypto/openssl/crypto/evp/e_des3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,12 +16,12 @@ #include #include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES -# include -# include "crypto/evp.h" -# include "crypto/sha.h" -# include -# include -# include "evp_local.h" +#include +#include "crypto/evp.h" +#include "crypto/sha.h" +#include +#include +#include "evp_local.h" typedef struct { union { @@ -29,37 +29,37 @@ DES_key_schedule ks[3]; } ks; union { - void (*cbc) (const void *, void *, size_t, - const DES_key_schedule *, unsigned char *); + void (*cbc)(const void *, void *, size_t, + const DES_key_schedule *, unsigned char *); } stream; } DES_EDE_KEY; -# define ks1 ks.ks[0] -# define ks2 ks.ks[1] -# define ks3 ks.ks[2] +#define ks1 ks.ks[0] +#define ks2 ks.ks[1] +#define ks3 ks.ks[2] -# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) +#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) /* ---------^^^ this is not a typo, just a way to detect that * assembler support was in general requested... */ -# include "crypto/sparc_arch.h" +#include "crypto/sparc_arch.h" -# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) +#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) void des_t4_key_expand(const void *key, DES_key_schedule *ks); void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len, - const DES_key_schedule ks[3], unsigned char iv[8]); + const DES_key_schedule ks[3], unsigned char iv[8]); void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len, - const DES_key_schedule ks[3], unsigned char iv[8]); -# endif + const DES_key_schedule ks[3], unsigned char iv[8]); +#endif static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); -# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx) +#define data(ctx) EVP_C_DATA(DES_EDE_KEY, ctx) /* * Because of various casts and different args can't use @@ -67,26 +67,26 @@ */ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() DES_ecb3_encrypt((const_DES_cblock *)(in + i), - (DES_cblock *)(out + i), - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, EVP_CIPHER_CTX_is_encrypting(ctx)); + (DES_cblock *)(out + i), + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { int num = EVP_CIPHER_CTX_get_num(ctx); DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)ctx->iv, - &num); + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, + (DES_cblock *)ctx->iv, + &num); EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; @@ -95,52 +95,52 @@ if (inl) { int num = EVP_CIPHER_CTX_get_num(ctx); DES_ede3_ofb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)ctx->iv, - &num); + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, + (DES_cblock *)ctx->iv, + &num); EVP_CIPHER_CTX_set_num(ctx, num); } return 1; } static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { DES_EDE_KEY *dat = data(ctx); if (dat->stream.cbc != NULL) { - (*dat->stream.cbc) (in, out, inl, dat->ks.ks, - ctx->iv); + (*dat->stream.cbc)(in, out, inl, dat->ks.ks, + ctx->iv); return 1; } while (inl >= EVP_MAXCHUNK) { DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, - &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + &dat->ks1, &dat->ks2, &dat->ks3, + (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) DES_ede3_cbc_encrypt(in, out, (long)inl, - &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + &dat->ks1, &dat->ks2, &dat->ks3, + (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { int num = EVP_CIPHER_CTX_get_num(ctx); DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &num, EVP_CIPHER_CTX_is_encrypting(ctx)); + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, (DES_cblock *)ctx->iv, + &num, EVP_CIPHER_CTX_is_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; @@ -149,9 +149,9 @@ if (inl) { int num = EVP_CIPHER_CTX_get_num(ctx); DES_ede3_cfb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &num, EVP_CIPHER_CTX_is_encrypting(ctx)); + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, (DES_cblock *)ctx->iv, + &num, EVP_CIPHER_CTX_is_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); } return 1; @@ -162,19 +162,19 @@ * right way, so wrap it here */ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { size_t n; unsigned char c[1], d[1]; if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) - inl *= 8; + inl *= 8; for (n = 0; n < inl; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_ede3_cfb_encrypt(c, d, 1, 1, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); } @@ -183,52 +183,52 @@ } static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) DES_ede3_cfb_encrypt(in, out, 8, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); + &data(ctx)->ks1, &data(ctx)->ks2, + &data(ctx)->ks3, (DES_cblock *)ctx->iv, + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede_init_key, NULL, NULL, NULL, des3_ctrl) -# define des_ede3_cfb64_cipher des_ede_cfb64_cipher -# define des_ede3_ofb_cipher des_ede_ofb_cipher -# define des_ede3_cbc_cipher des_ede_cbc_cipher -# define des_ede3_ecb_cipher des_ede_ecb_cipher - BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede_init_key, NULL, NULL, NULL, des3_ctrl) +#define des_ede3_cfb64_cipher des_ede_cfb64_cipher +#define des_ede3_ofb_cipher des_ede_ofb_cipher +#define des_ede3_cbc_cipher des_ede_cbc_cipher +#define des_ede3_ecb_cipher des_ede_ecb_cipher +BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) + +BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) + +BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; DES_EDE_KEY *dat = data(ctx); dat->stream.cbc = NULL; -# if defined(SPARC_DES_CAPABLE) +#if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { int mode = EVP_CIPHER_CTX_get_mode(ctx); @@ -236,12 +236,11 @@ des_t4_key_expand(&deskey[0], &dat->ks1); des_t4_key_expand(&deskey[1], &dat->ks2); memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); - dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : - des_t4_ede3_cbc_decrypt; + dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : des_t4_ede3_cbc_decrypt; return 1; } } -# endif +#endif DES_set_key_unchecked(&deskey[0], &dat->ks1); DES_set_key_unchecked(&deskey[1], &dat->ks2); memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); @@ -249,13 +248,13 @@ } static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; DES_EDE_KEY *dat = data(ctx); dat->stream.cbc = NULL; -# if defined(SPARC_DES_CAPABLE) +#if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { int mode = EVP_CIPHER_CTX_get_mode(ctx); @@ -263,12 +262,11 @@ des_t4_key_expand(&deskey[0], &dat->ks1); des_t4_key_expand(&deskey[1], &dat->ks2); des_t4_key_expand(&deskey[2], &dat->ks3); - dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : - des_t4_ede3_cbc_decrypt; + dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : des_t4_ede3_cbc_decrypt; return 1; } } -# endif +#endif DES_set_key_unchecked(&deskey[0], &dat->ks1); DES_set_key_unchecked(&deskey[1], &dat->ks2); DES_set_key_unchecked(&deskey[2], &dat->ks3); @@ -308,14 +306,12 @@ return &des_ede3_ecb; } +#include -# include - -static const unsigned char wrap_iv[8] = - { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; +static const unsigned char wrap_iv[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH]; int rv = -1; @@ -345,8 +341,8 @@ /* Decrypt again using new IV */ des_ede_cbc_cipher(ctx, out, out, inl - 16); des_ede_cbc_cipher(ctx, icv, icv, 8); - if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ - && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) + if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ + && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) rv = inl - 16; OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); @@ -359,7 +355,7 @@ } static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { unsigned char sha1tmp[SHA_DIGEST_LENGTH]; if (out == NULL) @@ -384,7 +380,7 @@ } static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { /* * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK --- crypto/openssl/crypto/evp/e_idea.c.orig +++ crypto/openssl/crypto/evp/e_idea.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,11 +18,11 @@ #include "internal/cryptlib.h" #ifndef OPENSSL_NO_IDEA -# include -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" +#include +#include +#include "crypto/evp.h" +#include +#include "evp_local.h" /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ @@ -31,7 +31,7 @@ } EVP_IDEA_KEY; static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); /* * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a @@ -39,23 +39,23 @@ */ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() - IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); + IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY, ctx)->ks); return 1; } BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks) + BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks) + BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, - 0, idea_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) + BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, + 0, idea_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { if (!enc) { if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE) @@ -64,12 +64,12 @@ enc = 1; } if (enc) - IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); + IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY, ctx)->ks); else { IDEA_KEY_SCHEDULE tmp; IDEA_set_encrypt_key(key, &tmp); - IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); + IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY, ctx)->ks); OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); } return 1; --- crypto/openssl/crypto/evp/e_null.c.orig +++ crypto/openssl/crypto/evp/e_null.c @@ -14,9 +14,9 @@ #include "crypto/evp.h" static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { NID_undef, 1, 0, 0, 0, @@ -37,13 +37,13 @@ } static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { return 1; } static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { if (in != out) memcpy(out, in, inl); --- crypto/openssl/crypto/evp/e_old.c.orig +++ crypto/openssl/crypto/evp/e_old.c @@ -19,7 +19,7 @@ */ #ifndef OPENSSL_NO_BF -# undef EVP_bf_cfb +#undef EVP_bf_cfb const EVP_CIPHER *EVP_bf_cfb(void); const EVP_CIPHER *EVP_bf_cfb(void) { @@ -28,21 +28,21 @@ #endif #ifndef OPENSSL_NO_DES -# undef EVP_des_cfb +#undef EVP_des_cfb const EVP_CIPHER *EVP_des_cfb(void); const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } -# undef EVP_des_ede3_cfb +#undef EVP_des_ede3_cfb const EVP_CIPHER *EVP_des_ede3_cfb(void); const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } -# undef EVP_des_ede_cfb +#undef EVP_des_ede_cfb const EVP_CIPHER *EVP_des_ede_cfb(void); const EVP_CIPHER *EVP_des_ede_cfb(void) { @@ -51,7 +51,7 @@ #endif #ifndef OPENSSL_NO_IDEA -# undef EVP_idea_cfb +#undef EVP_idea_cfb const EVP_CIPHER *EVP_idea_cfb(void); const EVP_CIPHER *EVP_idea_cfb(void) { @@ -60,7 +60,7 @@ #endif #ifndef OPENSSL_NO_RC2 -# undef EVP_rc2_cfb +#undef EVP_rc2_cfb const EVP_CIPHER *EVP_rc2_cfb(void); const EVP_CIPHER *EVP_rc2_cfb(void) { @@ -69,7 +69,7 @@ #endif #ifndef OPENSSL_NO_CAST -# undef EVP_cast5_cfb +#undef EVP_cast5_cfb const EVP_CIPHER *EVP_cast5_cfb(void); const EVP_CIPHER *EVP_cast5_cfb(void) { @@ -78,7 +78,7 @@ #endif #ifndef OPENSSL_NO_RC5 -# undef EVP_rc5_32_12_16_cfb +#undef EVP_rc5_32_12_16_cfb const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { --- crypto/openssl/crypto/evp/e_rc2.c.orig +++ crypto/openssl/crypto/evp/e_rc2.c @@ -18,14 +18,14 @@ #ifndef OPENSSL_NO_RC2 -# include -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" +#include +#include +#include "crypto/evp.h" +#include +#include "evp_local.h" static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); static int rc2_magic_to_meth(int i); static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); @@ -33,25 +33,25 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); typedef struct { - int key_bits; /* effective key bits */ - RC2_KEY ks; /* key schedule */ + int key_bits; /* effective key bits */ + RC2_KEY ks; /* key schedule */ } EVP_RC2_KEY; -# define data(ctx) EVP_C_DATA(EVP_RC2_KEY,ctx) +#define data(ctx) EVP_C_DATA(EVP_RC2_KEY, ctx) IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, - 8, - RC2_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, NULL, - rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, - rc2_ctrl) -# define RC2_40_MAGIC 0xa0 -# define RC2_64_MAGIC 0x78 -# define RC2_128_MAGIC 0x3a + 8, + RC2_KEY_LENGTH, 8, 64, + EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + rc2_init_key, NULL, + rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, + rc2_ctrl) +#define RC2_40_MAGIC 0xa0 +#define RC2_64_MAGIC 0x78 +#define RC2_128_MAGIC 0x3a static const EVP_CIPHER r2_64_cbc_cipher = { NID_rc2_64_cbc, - 8, 8 /* 64 bit */ , 8, + 8, 8 /* 64 bit */, 8, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, EVP_ORIG_GLOBAL, rc2_init_key, @@ -66,7 +66,7 @@ static const EVP_CIPHER r2_40_cbc_cipher = { NID_rc2_40_cbc, - 8, 5 /* 40 bit */ , 8, + 8, 5 /* 40 bit */, 8, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, EVP_ORIG_GLOBAL, rc2_init_key, @@ -90,10 +90,10 @@ } static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx), - key, data(ctx)->key_bits); + key, data(ctx)->key_bits); return 1; } @@ -147,8 +147,9 @@ if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) return -1; if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, - NULL) <= 0 - || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) + NULL) + <= 0 + || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) return -1; } return i; @@ -184,11 +185,11 @@ return 1; } return 0; -# ifdef PBE_PRF_TEST +#ifdef PBE_PRF_TEST case EVP_CTRL_PBE_PRF_NID: *(int *)ptr = NID_hmacWithMD5; return 1; -# endif +#endif default: return -1; --- crypto/openssl/crypto/evp/e_rc4.c.orig +++ crypto/openssl/crypto/evp/e_rc4.c @@ -18,22 +18,22 @@ #ifndef OPENSSL_NO_RC4 -# include -# include -# include +#include +#include +#include -# include "crypto/evp.h" +#include "crypto/evp.h" typedef struct { - RC4_KEY ks; /* working key */ + RC4_KEY ks; /* working key */ } EVP_RC4_KEY; -# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) +#define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); static const EVP_CIPHER r4_cipher = { NID_rc4, 1, EVP_RC4_KEY_SIZE, 0, @@ -51,7 +51,7 @@ static const EVP_CIPHER r4_40_cipher = { NID_rc4_40, - 1, 5 /* 40 bit */ , 0, + 1, 5 /* 40 bit */, 0, EVP_CIPH_VARIABLE_LENGTH, EVP_ORIG_GLOBAL, rc4_init_key, @@ -75,7 +75,7 @@ } static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int keylen; @@ -86,7 +86,7 @@ } static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { RC4(&data(ctx)->ks, inl, in, out); return 1; --- crypto/openssl/crypto/evp/e_rc4_hmac_md5.c.orig +++ crypto/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -21,12 +21,12 @@ #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) -# include -# include -# include -# include -# include -# include "crypto/evp.h" +#include +#include +#include +#include +#include +#include "crypto/evp.h" typedef struct { RC4_KEY ks; @@ -34,16 +34,16 @@ size_t payload_length; } EVP_RC4_HMAC_MD5; -# define NO_PAYLOAD_LENGTH ((size_t)-1) +#define NO_PAYLOAD_LENGTH ((size_t)-1) void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, - MD5_CTX *ctx, const void *inp, size_t blocks); + MD5_CTX *ctx, const void *inp, size_t blocks); -# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) +#define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, - const unsigned char *iv, int enc) + const unsigned char *inkey, + const unsigned char *iv, int enc) { EVP_RC4_HMAC_MD5 *key = data(ctx); const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); @@ -53,7 +53,7 @@ RC4_set_key(&key->ks, keylen, inkey); - MD5_Init(&key->head); /* handy when benchmarking */ + MD5_Init(&key->head); /* handy when benchmarking */ key->tail = key->head; key->md = key->head; @@ -62,27 +62,25 @@ return 1; } -# if defined(RC4_ASM) && defined(MD5_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) -# define STITCHED_CALL -# endif +#if defined(RC4_ASM) && defined(MD5_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) +#define STITCHED_CALL +#endif -# if !defined(STITCHED_CALL) -# define rc4_off 0 -# define md5_off 0 -# endif +#if !defined(STITCHED_CALL) +#define rc4_off 0 +#define md5_off 0 +#endif static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { EVP_RC4_HMAC_MD5 *key = data(ctx); -# if defined(STITCHED_CALL) +#if defined(STITCHED_CALL) size_t rc4_off = 32 - 1 - (key->ks.x & (32 - 1)), /* 32 is $MOD from * rc4_md5-x86_64.pl */ md5_off = MD5_CBLOCK - key->md.num, blocks; unsigned int l; -# endif +#endif size_t plen = key->payload_length; if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) @@ -91,18 +89,17 @@ if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; -# if defined(STITCHED_CALL) +#if defined(STITCHED_CALL) /* cipher has to "fall behind" */ if (rc4_off > md5_off) md5_off += MD5_CBLOCK; - if (plen > md5_off && (blocks = (plen - md5_off) / MD5_CBLOCK) && - (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { + if (plen > md5_off && (blocks = (plen - md5_off) / MD5_CBLOCK) && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { MD5_Update(&key->md, in, md5_off); RC4(&key->ks, rc4_off, in, out); rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, - &key->md, in + md5_off, blocks); + &key->md, in + md5_off, blocks); blocks *= MD5_CBLOCK; rc4_off += blocks; md5_off += blocks; @@ -114,10 +111,10 @@ rc4_off = 0; md5_off = 0; } -# endif +#endif MD5_Update(&key->md, in + md5_off, plen - md5_off); - if (plen != len) { /* "TLS" mode of operation */ + if (plen != len) { /* "TLS" mode of operation */ if (in != out) memcpy(out + rc4_off, in + rc4_off, plen - rc4_off); @@ -133,20 +130,19 @@ } } else { unsigned char mac[MD5_DIGEST_LENGTH]; -# if defined(STITCHED_CALL) +#if defined(STITCHED_CALL) /* digest has to "fall behind" */ if (md5_off > rc4_off) rc4_off += 2 * MD5_CBLOCK; else rc4_off += MD5_CBLOCK; - if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) && - (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { + if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { RC4(&key->ks, rc4_off, in, out); MD5_Update(&key->md, out, md5_off); rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, - &key->md, out + md5_off, blocks); + &key->md, out + md5_off, blocks); blocks *= MD5_CBLOCK; rc4_off += blocks; md5_off += blocks; @@ -159,7 +155,7 @@ md5_off = 0; rc4_off = 0; } -# endif +#endif /* decrypt HMAC at once */ RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off); if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ @@ -184,77 +180,74 @@ } static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) + void *ptr) { EVP_RC4_HMAC_MD5 *key = data(ctx); switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset(hmac_key, 0, sizeof(hmac_key)); - - if (arg > (int)sizeof(hmac_key)) { - MD5_Init(&key->head); - MD5_Update(&key->head, ptr, arg); - MD5_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ + case EVP_CTRL_AEAD_SET_MAC_KEY: { + unsigned int i; + unsigned char hmac_key[64]; + + memset(hmac_key, 0, sizeof(hmac_key)); + + if (arg > (int)sizeof(hmac_key)) { MD5_Init(&key->head); - MD5_Update(&key->head, hmac_key, sizeof(hmac_key)); + MD5_Update(&key->head, ptr, arg); + MD5_Final(hmac_key, &key->head); + } else { + memcpy(hmac_key, ptr, arg); + } - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - MD5_Init(&key->tail); - MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36; /* ipad */ + MD5_Init(&key->head); + MD5_Update(&key->head, hmac_key, sizeof(hmac_key)); - OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ + MD5_Init(&key->tail); + MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; + OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; + return 1; + } + case EVP_CTRL_AEAD_TLS1_AAD: { + unsigned char *p = ptr; + unsigned int len; - len = p[arg - 2] << 8 | p[arg - 1]; + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; - if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (len < MD5_DIGEST_LENGTH) - return -1; - len -= MD5_DIGEST_LENGTH; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->payload_length = len; - key->md = key->head; - MD5_Update(&key->md, p, arg); + len = p[arg - 2] << 8 | p[arg - 1]; - return MD5_DIGEST_LENGTH; + if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { + if (len < MD5_DIGEST_LENGTH) + return -1; + len -= MD5_DIGEST_LENGTH; + p[arg - 2] = len >> 8; + p[arg - 1] = len; } + key->payload_length = len; + key->md = key->head; + MD5_Update(&key->md, p, arg); + + return MD5_DIGEST_LENGTH; + } default: return -1; } } static EVP_CIPHER r4_hmac_md5_cipher = { -# ifdef NID_rc4_hmac_md5 +#ifdef NID_rc4_hmac_md5 NID_rc4_hmac_md5, -# else +#else NID_undef, -# endif +#endif 1, EVP_RC4_KEY_SIZE, 0, - EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH | - EVP_CIPH_FLAG_AEAD_CIPHER, + EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_FLAG_AEAD_CIPHER, EVP_ORIG_GLOBAL, rc4_hmac_md5_init_key, rc4_hmac_md5_cipher, --- crypto/openssl/crypto/evp/e_rc5.c.orig +++ crypto/openssl/crypto/evp/e_rc5.c @@ -18,27 +18,27 @@ #ifndef OPENSSL_NO_RC5 -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" -# include +#include +#include "crypto/evp.h" +#include +#include "evp_local.h" +#include static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); typedef struct { - int rounds; /* number of rounds */ - RC5_32_KEY ks; /* key schedule */ + int rounds; /* number of rounds */ + RC5_32_KEY ks; /* key schedule */ } EVP_RC5_KEY; -# define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) +#define data(ctx) EVP_C_DATA(EVP_RC5_KEY, ctx) IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, - 8, RC5_32_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl) + 8, RC5_32_KEY_LENGTH, 8, 64, + EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl) static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { @@ -70,7 +70,7 @@ } static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { const int key_len = EVP_CIPHER_CTX_get_key_length(ctx); --- crypto/openssl/crypto/evp/e_seed.c.orig +++ crypto/openssl/crypto/evp/e_seed.c @@ -23,19 +23,19 @@ #include "evp_local.h" static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); typedef struct { SEED_KEY_SCHEDULE ks; } EVP_SEED_KEY; IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, - 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, - seed_init_key, 0, 0, 0, 0) + 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, + seed_init_key, 0, 0, 0, 0) static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks); + SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY, ctx)->ks); return 1; } --- crypto/openssl/crypto/evp/e_sm4.c.orig +++ crypto/openssl/crypto/evp/e_sm4.c @@ -13,45 +13,45 @@ #include "internal/cryptlib.h" #ifndef OPENSSL_NO_SM4 -# include -# include -# include "crypto/sm4.h" -# include "crypto/evp.h" -# include "evp_local.h" +#include +#include +#include "crypto/sm4.h" +#include "crypto/evp.h" +#include "evp_local.h" typedef struct { SM4_KEY ks; } EVP_SM4_KEY; static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { ossl_sm4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx)); return 1; } static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SM4_KEY *key, - unsigned char *ivec, const int enc) + size_t len, const SM4_KEY *key, + unsigned char *ivec, const int enc) { if (enc) CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f)ossl_sm4_encrypt); + (block128_f)ossl_sm4_encrypt); else CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f)ossl_sm4_decrypt); + (block128_f)ossl_sm4_decrypt); } static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const SM4_KEY *key, - unsigned char *ivec, int *num, const int enc) + size_t length, const SM4_KEY *key, + unsigned char *ivec, int *num, const int enc) { CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f)ossl_sm4_encrypt); + (block128_f)ossl_sm4_encrypt); } static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out, - const SM4_KEY *key, const int enc) + const SM4_KEY *key, const int enc) { if (enc) ossl_sm4_encrypt(in, out, key); @@ -60,19 +60,19 @@ } static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const SM4_KEY *key, - unsigned char *ivec, int *num) + size_t length, const SM4_KEY *key, + unsigned char *ivec, int *num) { CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f)ossl_sm4_encrypt); + (block128_f)ossl_sm4_encrypt); } IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, - 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, - sm4_init_key, 0, 0, 0, 0) + 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, + sm4_init_key, 0, 0, 0, 0) static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int n = EVP_CIPHER_CTX_get_num(ctx); unsigned int num; @@ -83,8 +83,8 @@ num = (unsigned int)n; CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - (block128_f)ossl_sm4_encrypt); + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + (block128_f)ossl_sm4_encrypt); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } --- crypto/openssl/crypto/evp/e_xcbc_d.c.orig +++ crypto/openssl/crypto/evp/e_xcbc_d.c @@ -18,24 +18,24 @@ #ifndef OPENSSL_NO_DES -# include -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" +#include +#include +#include "crypto/evp.h" +#include +#include "evp_local.h" static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); typedef struct { - DES_key_schedule ks; /* key schedule */ + DES_key_schedule ks; /* key schedule */ DES_cblock inw; DES_cblock outw; } DESX_CBC_KEY; -# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx) +#define data(ctx) EVP_C_DATA(DESX_CBC_KEY, ctx) static const EVP_CIPHER d_xcbc_cipher = { NID_desx_cbc, @@ -58,7 +58,7 @@ } static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; @@ -70,22 +70,22 @@ } static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, - (DES_cblock *)ctx->iv, - &data(ctx)->inw, &data(ctx)->outw, - EVP_CIPHER_CTX_is_encrypting(ctx)); + (DES_cblock *)ctx->iv, + &data(ctx)->inw, &data(ctx)->outw, + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, - (DES_cblock *)ctx->iv, - &data(ctx)->inw, &data(ctx)->outw, - EVP_CIPHER_CTX_is_encrypting(ctx)); + (DES_cblock *)ctx->iv, + &data(ctx)->inw, &data(ctx)->outw, + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } #endif --- crypto/openssl/crypto/evp/ec_ctrl.c.orig +++ crypto/openssl/crypto/evp/ec_ctrl.c @@ -20,8 +20,7 @@ * keys. */ -static ossl_inline -int evp_pkey_ctx_getset_ecdh_param_checks(const EVP_PKEY_CTX *ctx) +static ossl_inline int evp_pkey_ctx_getset_ecdh_param_checks(const EVP_PKEY_CTX *ctx) { if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); @@ -58,7 +57,7 @@ } *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, - &cofactor_mode); + &cofactor_mode); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, params); @@ -77,7 +76,7 @@ return ret; *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, - &mode); + &mode); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_get_params_strict(ctx, params); @@ -111,7 +110,7 @@ int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL); + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL); } /* @@ -121,7 +120,7 @@ int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL); + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL); } /* @@ -131,7 +130,7 @@ int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)); } /* @@ -141,7 +140,7 @@ int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)); + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)); } int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int outlen) @@ -164,7 +163,7 @@ } *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &len); + &len); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, params); @@ -184,7 +183,7 @@ return ret; *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &len); + &len); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_get_params_strict(ctx, params); @@ -217,12 +216,12 @@ return ret; *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, - /* - * Cast away the const. This is read - * only so should be safe - */ - (void *)ukm, - (size_t)len); + /* + * Cast away the const. This is read + * only so should be safe + */ + (void *)ukm, + (size_t)len); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, params); @@ -251,7 +250,7 @@ return ret; *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM, - (void **)pukm, 0); + (void **)pukm, 0); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_get_params_strict(ctx, params); @@ -286,8 +285,8 @@ int keytype = nid == EVP_PKEY_SM2 ? EVP_PKEY_SM2 : EVP_PKEY_EC; return EVP_PKEY_CTX_ctrl(ctx, keytype, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, - nid, NULL); + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, + nid, NULL); } /* @@ -297,6 +296,6 @@ int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_EC_PARAM_ENC, param_enc, NULL); + EVP_PKEY_CTRL_EC_PARAM_ENC, param_enc, NULL); } #endif --- crypto/openssl/crypto/evp/ec_support.c.orig +++ crypto/openssl/crypto/evp/ec_support.c @@ -20,99 +20,99 @@ static const EC_NAME2NID curve_list[] = { /* prime field curves */ /* secg curves */ - {"secp112r1", NID_secp112r1 }, - {"secp112r2", NID_secp112r2 }, - {"secp128r1", NID_secp128r1 }, - {"secp128r2", NID_secp128r2 }, - {"secp160k1", NID_secp160k1 }, - {"secp160r1", NID_secp160r1 }, - {"secp160r2", NID_secp160r2 }, - {"secp192k1", NID_secp192k1 }, - {"secp224k1", NID_secp224k1 }, - {"secp224r1", NID_secp224r1 }, - {"secp256k1", NID_secp256k1 }, - {"secp384r1", NID_secp384r1 }, - {"secp521r1", NID_secp521r1 }, + { "secp112r1", NID_secp112r1 }, + { "secp112r2", NID_secp112r2 }, + { "secp128r1", NID_secp128r1 }, + { "secp128r2", NID_secp128r2 }, + { "secp160k1", NID_secp160k1 }, + { "secp160r1", NID_secp160r1 }, + { "secp160r2", NID_secp160r2 }, + { "secp192k1", NID_secp192k1 }, + { "secp224k1", NID_secp224k1 }, + { "secp224r1", NID_secp224r1 }, + { "secp256k1", NID_secp256k1 }, + { "secp384r1", NID_secp384r1 }, + { "secp521r1", NID_secp521r1 }, /* X9.62 curves */ - {"prime192v1", NID_X9_62_prime192v1 }, - {"prime192v2", NID_X9_62_prime192v2 }, - {"prime192v3", NID_X9_62_prime192v3 }, - {"prime239v1", NID_X9_62_prime239v1 }, - {"prime239v2", NID_X9_62_prime239v2 }, - {"prime239v3", NID_X9_62_prime239v3 }, - {"prime256v1", NID_X9_62_prime256v1 }, + { "prime192v1", NID_X9_62_prime192v1 }, + { "prime192v2", NID_X9_62_prime192v2 }, + { "prime192v3", NID_X9_62_prime192v3 }, + { "prime239v1", NID_X9_62_prime239v1 }, + { "prime239v2", NID_X9_62_prime239v2 }, + { "prime239v3", NID_X9_62_prime239v3 }, + { "prime256v1", NID_X9_62_prime256v1 }, /* characteristic two field curves */ /* NIST/SECG curves */ - {"sect113r1", NID_sect113r1 }, - {"sect113r2", NID_sect113r2 }, - {"sect131r1", NID_sect131r1 }, - {"sect131r2", NID_sect131r2 }, - {"sect163k1", NID_sect163k1 }, - {"sect163r1", NID_sect163r1 }, - {"sect163r2", NID_sect163r2 }, - {"sect193r1", NID_sect193r1 }, - {"sect193r2", NID_sect193r2 }, - {"sect233k1", NID_sect233k1 }, - {"sect233r1", NID_sect233r1 }, - {"sect239k1", NID_sect239k1 }, - {"sect283k1", NID_sect283k1 }, - {"sect283r1", NID_sect283r1 }, - {"sect409k1", NID_sect409k1 }, - {"sect409r1", NID_sect409r1 }, - {"sect571k1", NID_sect571k1 }, - {"sect571r1", NID_sect571r1 }, + { "sect113r1", NID_sect113r1 }, + { "sect113r2", NID_sect113r2 }, + { "sect131r1", NID_sect131r1 }, + { "sect131r2", NID_sect131r2 }, + { "sect163k1", NID_sect163k1 }, + { "sect163r1", NID_sect163r1 }, + { "sect163r2", NID_sect163r2 }, + { "sect193r1", NID_sect193r1 }, + { "sect193r2", NID_sect193r2 }, + { "sect233k1", NID_sect233k1 }, + { "sect233r1", NID_sect233r1 }, + { "sect239k1", NID_sect239k1 }, + { "sect283k1", NID_sect283k1 }, + { "sect283r1", NID_sect283r1 }, + { "sect409k1", NID_sect409k1 }, + { "sect409r1", NID_sect409r1 }, + { "sect571k1", NID_sect571k1 }, + { "sect571r1", NID_sect571r1 }, /* X9.62 curves */ - {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, - {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, - {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, - {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, - {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, - {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, - {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, - {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, - {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, - {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, - {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, - {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, - {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, - {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, - {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, - {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, + { "c2pnb163v1", NID_X9_62_c2pnb163v1 }, + { "c2pnb163v2", NID_X9_62_c2pnb163v2 }, + { "c2pnb163v3", NID_X9_62_c2pnb163v3 }, + { "c2pnb176v1", NID_X9_62_c2pnb176v1 }, + { "c2tnb191v1", NID_X9_62_c2tnb191v1 }, + { "c2tnb191v2", NID_X9_62_c2tnb191v2 }, + { "c2tnb191v3", NID_X9_62_c2tnb191v3 }, + { "c2pnb208w1", NID_X9_62_c2pnb208w1 }, + { "c2tnb239v1", NID_X9_62_c2tnb239v1 }, + { "c2tnb239v2", NID_X9_62_c2tnb239v2 }, + { "c2tnb239v3", NID_X9_62_c2tnb239v3 }, + { "c2pnb272w1", NID_X9_62_c2pnb272w1 }, + { "c2pnb304w1", NID_X9_62_c2pnb304w1 }, + { "c2tnb359v1", NID_X9_62_c2tnb359v1 }, + { "c2pnb368w1", NID_X9_62_c2pnb368w1 }, + { "c2tnb431r1", NID_X9_62_c2tnb431r1 }, /* * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves * from X9.62] */ - {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, - {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, - {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, - {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, - {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, - {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, - {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, - {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, - {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, - {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, - {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, + { "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, + { "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, + { "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, + { "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, + { "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, + { "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, + { "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, + { "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, + { "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, + { "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, + { "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, /* IPSec curves */ - {"Oakley-EC2N-3", NID_ipsec3 }, - {"Oakley-EC2N-4", NID_ipsec4 }, + { "Oakley-EC2N-3", NID_ipsec3 }, + { "Oakley-EC2N-4", NID_ipsec4 }, /* brainpool curves */ - {"brainpoolP160r1", NID_brainpoolP160r1 }, - {"brainpoolP160t1", NID_brainpoolP160t1 }, - {"brainpoolP192r1", NID_brainpoolP192r1 }, - {"brainpoolP192t1", NID_brainpoolP192t1 }, - {"brainpoolP224r1", NID_brainpoolP224r1 }, - {"brainpoolP224t1", NID_brainpoolP224t1 }, - {"brainpoolP256r1", NID_brainpoolP256r1 }, - {"brainpoolP256t1", NID_brainpoolP256t1 }, - {"brainpoolP320r1", NID_brainpoolP320r1 }, - {"brainpoolP320t1", NID_brainpoolP320t1 }, - {"brainpoolP384r1", NID_brainpoolP384r1 }, - {"brainpoolP384t1", NID_brainpoolP384t1 }, - {"brainpoolP512r1", NID_brainpoolP512r1 }, - {"brainpoolP512t1", NID_brainpoolP512t1 }, + { "brainpoolP160r1", NID_brainpoolP160r1 }, + { "brainpoolP160t1", NID_brainpoolP160t1 }, + { "brainpoolP192r1", NID_brainpoolP192r1 }, + { "brainpoolP192t1", NID_brainpoolP192t1 }, + { "brainpoolP224r1", NID_brainpoolP224r1 }, + { "brainpoolP224t1", NID_brainpoolP224t1 }, + { "brainpoolP256r1", NID_brainpoolP256r1 }, + { "brainpoolP256t1", NID_brainpoolP256t1 }, + { "brainpoolP320r1", NID_brainpoolP320r1 }, + { "brainpoolP320t1", NID_brainpoolP320t1 }, + { "brainpoolP384r1", NID_brainpoolP384r1 }, + { "brainpoolP384t1", NID_brainpoolP384t1 }, + { "brainpoolP512r1", NID_brainpoolP512r1 }, + { "brainpoolP512t1", NID_brainpoolP512t1 }, /* SM2 curve */ - {"SM2", NID_sm2 }, + { "SM2", NID_sm2 }, }; const char *OSSL_EC_curve_nid2name(int nid) @@ -150,21 +150,21 @@ /* Functions to translate between common NIST curve names and NIDs */ static const EC_NAME2NID nist_curves[] = { - {"B-163", NID_sect163r2}, - {"B-233", NID_sect233r1}, - {"B-283", NID_sect283r1}, - {"B-409", NID_sect409r1}, - {"B-571", NID_sect571r1}, - {"K-163", NID_sect163k1}, - {"K-233", NID_sect233k1}, - {"K-283", NID_sect283k1}, - {"K-409", NID_sect409k1}, - {"K-571", NID_sect571k1}, - {"P-192", NID_X9_62_prime192v1}, - {"P-224", NID_secp224r1}, - {"P-256", NID_X9_62_prime256v1}, - {"P-384", NID_secp384r1}, - {"P-521", NID_secp521r1} + { "B-163", NID_sect163r2 }, + { "B-233", NID_sect233r1 }, + { "B-283", NID_sect283r1 }, + { "B-409", NID_sect409r1 }, + { "B-571", NID_sect571r1 }, + { "K-163", NID_sect163k1 }, + { "K-233", NID_sect233k1 }, + { "K-283", NID_sect283k1 }, + { "K-409", NID_sect409k1 }, + { "K-571", NID_sect571k1 }, + { "P-192", NID_X9_62_prime192v1 }, + { "P-224", NID_secp224r1 }, + { "P-256", NID_X9_62_prime256v1 }, + { "P-384", NID_secp384r1 }, + { "P-521", NID_secp521r1 } }; const char *ossl_ec_curve_nid2nist_int(int nid) --- crypto/openssl/crypto/evp/encode.c.orig +++ crypto/openssl/crypto/evp/encode.c @@ -15,14 +15,14 @@ #include "evp_local.h" static unsigned char conv_ascii2bin(unsigned char a, - const unsigned char *table); + const unsigned char *table); static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, - const unsigned char *f, int dlen); + const unsigned char *f, int dlen); static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, - const unsigned char *f, int n); + const unsigned char *f, int n); #ifndef CHARSET_EBCDIC -# define conv_bin2ascii(a, table) ((table)[(a)&0x3f]) +#define conv_bin2ascii(a, table) ((table)[(a) & 0x3f]) #else /* * We assume that PEM encoded files are EBCDIC files (i.e., printable text @@ -30,7 +30,7 @@ * (text) format again. (No need for conversion in the conv_bin2ascii macro, * as the underlying textstring data_bin2ascii[] is already EBCDIC) */ -# define conv_bin2ascii(a, table) ((table)[(a)&0x3f]) +#define conv_bin2ascii(a, table) ((table)[(a) & 0x3f]) #endif /*- @@ -41,17 +41,14 @@ * 2 bytes => xxx= * 3 bytes => xxxx */ -#define BIN_PER_LINE (64/4*3) -#define CHUNKS_PER_LINE (64/4) -#define CHAR_PER_LINE (64+1) +#define BIN_PER_LINE (64 / 4 * 3) +#define CHUNKS_PER_LINE (64 / 4) +#define CHAR_PER_LINE (64 + 1) -static const unsigned char data_bin2ascii[65] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; /* SRP uses a different base64 alphabet */ -static const unsigned char srpdata_bin2ascii[65] = - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; - +static const unsigned char srpdata_bin2ascii[65] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; /*- * 0xF0 is a EOLN @@ -61,50 +58,274 @@ * 0xFF is error */ -#define B64_EOLN 0xF0 -#define B64_CR 0xF1 -#define B64_EOF 0xF2 -#define B64_WS 0xE0 -#define B64_ERROR 0xFF -#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) -#define B64_BASE64(a) (!B64_NOT_BASE64(a)) +#define B64_EOLN 0xF0 +#define B64_CR 0xF1 +#define B64_EOF 0xF2 +#define B64_WS 0xE0 +#define B64_ERROR 0xFF +#define B64_NOT_BASE64(a) (((a) | 0x13) == 0xF3) +#define B64_BASE64(a) (!B64_NOT_BASE64(a)) static const unsigned char data_ascii2bin[128] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, - 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, - 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, - 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, - 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xE0, + 0xF0, + 0xFF, + 0xFF, + 0xF1, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xE0, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0x3E, + 0xFF, + 0xF2, + 0xFF, + 0x3F, + 0x34, + 0x35, + 0x36, + 0x37, + 0x38, + 0x39, + 0x3A, + 0x3B, + 0x3C, + 0x3D, + 0xFF, + 0xFF, + 0xFF, + 0x00, + 0xFF, + 0xFF, + 0xFF, + 0x00, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0A, + 0x0B, + 0x0C, + 0x0D, + 0x0E, + 0x0F, + 0x10, + 0x11, + 0x12, + 0x13, + 0x14, + 0x15, + 0x16, + 0x17, + 0x18, + 0x19, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0x1A, + 0x1B, + 0x1C, + 0x1D, + 0x1E, + 0x1F, + 0x20, + 0x21, + 0x22, + 0x23, + 0x24, + 0x25, + 0x26, + 0x27, + 0x28, + 0x29, + 0x2A, + 0x2B, + 0x2C, + 0x2D, + 0x2E, + 0x2F, + 0x30, + 0x31, + 0x32, + 0x33, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, }; static const unsigned char srpdata_ascii2bin[128] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, - 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, - 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, - 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, - 0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xE0, + 0xF0, + 0xFF, + 0xFF, + 0xF1, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xE0, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xF2, + 0x3E, + 0x3F, + 0x00, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0xFF, + 0xFF, + 0xFF, + 0x00, + 0xFF, + 0xFF, + 0xFF, + 0x0A, + 0x0B, + 0x0C, + 0x0D, + 0x0E, + 0x0F, + 0x10, + 0x11, + 0x12, + 0x13, + 0x14, + 0x15, + 0x16, + 0x17, + 0x18, + 0x19, + 0x1A, + 0x1B, + 0x1C, + 0x1D, + 0x1E, + 0x1F, + 0x20, + 0x21, + 0x22, + 0x23, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0x24, + 0x25, + 0x26, + 0x27, + 0x28, + 0x29, + 0x2A, + 0x2B, + 0x2C, + 0x2D, + 0x2E, + 0x2F, + 0x30, + 0x31, + 0x32, + 0x33, + 0x34, + 0x35, + 0x36, + 0x37, + 0x38, + 0x39, + 0x3A, + 0x3B, + 0x3C, + 0x3D, + 0xFF, + 0xFF, + 0xFF, + 0xFF, + 0xFF, }; #ifndef CHARSET_EBCDIC @@ -160,7 +381,7 @@ } int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) + const unsigned char *in, int inl) { int i, j; size_t total = 0; @@ -229,7 +450,7 @@ } static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, - const unsigned char *f, int dlen) + const unsigned char *f, int dlen) { int i, ret = 0; unsigned long l; @@ -242,8 +463,7 @@ for (i = dlen; i > 0; i -= 3) { if (i >= 3) { - l = (((unsigned long)f[0]) << 16L) | - (((unsigned long)f[1]) << 8L) | f[2]; + l = (((unsigned long)f[0]) << 16L) | (((unsigned long)f[1]) << 8L) | f[2]; *(t++) = conv_bin2ascii(l >> 18L, table); *(t++) = conv_bin2ascii(l >> 12L, table); *(t++) = conv_bin2ascii(l >> 6L, table); @@ -301,7 +521,7 @@ * - B64_EOF is detected after an incomplete base64 block. */ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) + const unsigned char *in, int inl) { int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len; unsigned char *d; @@ -316,7 +536,7 @@ eof++; } - /* Legacy behaviour: an empty input chunk signals end of input. */ + /* Legacy behaviour: an empty input chunk signals end of input. */ if (inl == 0) { rv = 0; goto end; @@ -411,7 +631,7 @@ } static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, - const unsigned char *f, int n) + const unsigned char *f, int n) { int i, ret = 0, a, b, c, d; unsigned long l; @@ -445,9 +665,7 @@ d = conv_ascii2bin(*(f++), table); if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80)) return -1; - l = ((((unsigned long)a) << 18L) | - (((unsigned long)b) << 12L) | - (((unsigned long)c) << 6L) | (((unsigned long)d))); + l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d))); *(t++) = (unsigned char)(l >> 16L) & 0xff; *(t++) = (unsigned char)(l >> 8L) & 0xff; *(t++) = (unsigned char)(l) & 0xff; --- crypto/openssl/crypto/evp/evp_cnf.c.orig +++ crypto/openssl/crypto/evp/evp_cnf.c @@ -26,7 +26,7 @@ CONF_VALUE *oval; OSSL_TRACE2(CONF, "Loading EVP module: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + CONF_imodule_get_name(md), CONF_imodule_get_value(md)); oid_section = CONF_imodule_get_value(md); if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { @@ -53,16 +53,15 @@ } } else if (strcmp(oval->name, "default_properties") == 0) { if (!evp_set_default_properties_int(NCONF_get0_libctx((CONF *)cnf), - oval->value, 0, 0)) { + oval->value, 0, 0)) { ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); return 0; } } else { ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, - "name=%s, value=%s", oval->name, oval->value); + "name=%s, value=%s", oval->name, oval->value); return 0; } - } return 1; } --- crypto/openssl/crypto/evp/evp_enc.c.orig +++ crypto/openssl/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include #include @@ -48,7 +48,7 @@ return 1; /* Remove legacy code below when legacy support is removed. */ - legacy: +legacy: if (ctx->cipher != NULL) { if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx)) @@ -80,10 +80,10 @@ } static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv, int enc, - const OSSL_PARAM params[]) + const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, + const unsigned char *iv, int enc, + const OSSL_PARAM params[]) { int n; #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) @@ -124,7 +124,7 @@ goto skip_to_init; if (cipher != NULL && impl == NULL) { - /* Ask if an ENGINE is reserved for this job */ + /* Ask if an ENGINE is reserved for this job */ tmpimpl = ENGINE_get_cipher_engine(cipher->nid); } #endif @@ -134,12 +134,12 @@ */ if (ctx->engine != NULL #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - || tmpimpl != NULL + || tmpimpl != NULL #endif - || impl != NULL - || (cipher != NULL && cipher->origin == EVP_ORIG_METH) - || (cipher == NULL && ctx->cipher != NULL - && ctx->cipher->origin == EVP_ORIG_METH)) { + || impl != NULL + || (cipher != NULL && cipher->origin == EVP_ORIG_METH) + || (cipher == NULL && ctx->cipher != NULL + && ctx->cipher->origin == EVP_ORIG_METH)) { if (ctx->cipher == ctx->fetched_cipher) ctx->cipher = NULL; EVP_CIPHER_free(ctx->fetched_cipher); @@ -178,11 +178,10 @@ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; #else - EVP_CIPHER *provciph = - EVP_CIPHER_fetch(NULL, - cipher->nid == NID_undef ? "NULL" - : OBJ_nid2sn(cipher->nid), - ""); + EVP_CIPHER *provciph = EVP_CIPHER_fetch(NULL, + cipher->nid == NID_undef ? "NULL" + : OBJ_nid2sn(cipher->nid), + ""); if (provciph == NULL) return 0; @@ -234,16 +233,16 @@ */ if (params != NULL) { OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END, - OSSL_PARAM_END }; + OSSL_PARAM_END }; OSSL_PARAM *q = param_lens; const OSSL_PARAM *p; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL) memcpy(q++, p, sizeof(*q)); /* - * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for + * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synonym for * OSSL_CIPHER_PARAM_IVLEN so both are covered here. */ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN); @@ -266,13 +265,13 @@ } return ctx->cipher->einit(ctx->algctx, - key, - key == NULL ? 0 - : EVP_CIPHER_CTX_get_key_length(ctx), - iv, - iv == NULL ? 0 - : EVP_CIPHER_CTX_get_iv_length(ctx), - params); + key, + key == NULL ? 0 + : EVP_CIPHER_CTX_get_key_length(ctx), + iv, + iv == NULL ? 0 + : EVP_CIPHER_CTX_get_iv_length(ctx), + params); } if (ctx->cipher->dinit == NULL) { @@ -281,16 +280,16 @@ } return ctx->cipher->dinit(ctx->algctx, - key, - key == NULL ? 0 - : EVP_CIPHER_CTX_get_key_length(ctx), - iv, - iv == NULL ? 0 - : EVP_CIPHER_CTX_get_iv_length(ctx), - params); + key, + key == NULL ? 0 + : EVP_CIPHER_CTX_get_key_length(ctx), + iv, + iv == NULL ? 0 + : EVP_CIPHER_CTX_get_iv_length(ctx), + params); /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: if (cipher != NULL) { /* @@ -362,15 +361,15 @@ } } #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - skip_to_init: +skip_to_init: #endif if (ctx->cipher == NULL) return 0; /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) { @@ -379,7 +378,8 @@ } if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_CUSTOM_IV) == 0) { + & EVP_CIPH_CUSTOM_IV) + == 0) { switch (EVP_CIPHER_CTX_get_mode(ctx)) { case EVP_CIPH_STREAM_CIPHER: @@ -432,14 +432,14 @@ } int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - int enc, const OSSL_PARAM params[]) + const unsigned char *key, const unsigned char *iv, + int enc, const OSSL_PARAM params[]) { return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, params); } int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc) + const unsigned char *key, const unsigned char *iv, int enc) { if (cipher != NULL) EVP_CIPHER_CTX_reset(ctx); @@ -447,14 +447,14 @@ } int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv, int enc) + ENGINE *impl, const unsigned char *key, + const unsigned char *iv, int enc) { return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, NULL); } int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) + const unsigned char *in, int inl) { if (ctx->encrypt) return EVP_EncryptUpdate(ctx, out, outl, in, inl); @@ -479,41 +479,41 @@ } int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) + const unsigned char *key, const unsigned char *iv) { return EVP_CipherInit(ctx, cipher, key, iv, 1); } int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv) + ENGINE *impl, const unsigned char *key, + const unsigned char *iv) { return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); } int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - const OSSL_PARAM params[]) + const unsigned char *key, const unsigned char *iv, + const OSSL_PARAM params[]) { return EVP_CipherInit_ex2(ctx, cipher, key, iv, 1, params); } int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) + const unsigned char *key, const unsigned char *iv) { return EVP_CipherInit(ctx, cipher, key, iv, 0); } int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv) + ENGINE *impl, const unsigned char *key, + const unsigned char *iv) { return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); } int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - const OSSL_PARAM params[]) + const unsigned char *key, const unsigned char *iv, + const OSSL_PARAM params[]) { return EVP_CipherInit_ex2(ctx, cipher, key, iv, 0, params); } @@ -525,9 +525,9 @@ * are not partially overlapping with standard pointer arithmetic. */ #ifdef PTRDIFF_T -# undef PTRDIFF_T +#undef PTRDIFF_T #endif -#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64 +#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64 /* * Then we have VMS that distinguishes itself by adhering to * sizeof(size_t)==4 even in 64-bit builds, which means that @@ -536,28 +536,27 @@ * equality is implemented. To be on the safe side we adhere to * PTRDIFF_T even for comparison for equality. */ -# define PTRDIFF_T uint64_t +#define PTRDIFF_T uint64_t #else -# define PTRDIFF_T size_t +#define PTRDIFF_T size_t #endif int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len) { - PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2; + PTRDIFF_T diff = (PTRDIFF_T)ptr1 - (PTRDIFF_T)ptr2; /* * Check for partially overlapping buffers. [Binary logical * operations are used instead of boolean to minimize number * of conditional branches.] */ - int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) | - (diff > (0 - (PTRDIFF_T)len))); + int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) | (diff > (0 - (PTRDIFF_T)len))); return overlapped; } static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl, - const unsigned char *in, int inl) + unsigned char *out, int *outl, + const unsigned char *in, int inl) { int i, j, bl, cmpl = inl; @@ -645,14 +644,18 @@ return 1; } - int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) + const unsigned char *in, int inl) { int ret; size_t soutl, inl_ = (size_t)inl; int blocksize; + if (inl < 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } + if (outl != NULL) { *outl = 0; } else { @@ -676,14 +679,14 @@ blocksize = ctx->cipher->block_size; - if (ctx->cipher->cupdate == NULL || blocksize < 1) { + if (ctx->cipher->cupdate == NULL || blocksize < 1) { ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); return 0; } ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl, - inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), - in, inl_); + inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), + in, inl_); if (ret) { if (soutl > INT_MAX) { @@ -696,7 +699,7 @@ return ret; /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); } @@ -743,7 +746,7 @@ } ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl, - blocksize == 1 ? 0 : blocksize); + blocksize == 1 ? 0 : blocksize); if (ret) { if (soutl > INT_MAX) { @@ -756,7 +759,7 @@ return ret; /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); @@ -795,13 +798,18 @@ } int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) + const unsigned char *in, int inl) { int fix_len, cmpl = inl, ret; unsigned int b; size_t soutl, inl_ = (size_t)inl; int blocksize; + if (inl < 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } + if (outl != NULL) { *outl = 0; } else { @@ -829,8 +837,8 @@ return 0; } ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl, - inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), - in, inl_); + inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), + in, inl_); if (ret) { if (soutl > INT_MAX) { @@ -843,7 +851,7 @@ return ret; /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: b = ctx->cipher->block_size; @@ -965,7 +973,7 @@ } ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl, - blocksize == 1 ? 0 : blocksize); + blocksize == 1 ? 0 : blocksize); if (ret) { if (soutl > INT_MAX) { @@ -978,7 +986,7 @@ return ret; /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: *outl = 0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { @@ -1042,7 +1050,8 @@ /* Check the cipher actually understands this parameter */ if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), - OSSL_CIPHER_PARAM_KEYLEN) == NULL) { + OSSL_CIPHER_PARAM_KEYLEN) + == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); return 0; } @@ -1112,11 +1121,10 @@ case EVP_CTRL_SET_KEY_LENGTH: params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz); break; - case EVP_CTRL_RAND_KEY: /* Used by DES */ + case EVP_CTRL_RAND_KEY: /* Used by DES */ set_params = 0; - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, - ptr, sz); + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, + ptr, sz); break; case EVP_CTRL_INIT: @@ -1146,20 +1154,20 @@ break; case EVP_CTRL_AEAD_SET_IV_FIXED: params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz); + OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz); break; case EVP_CTRL_GCM_IV_GEN: set_params = 0; if (arg < 0) sz = 0; /* special case that uses the iv length */ params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, ptr, sz); + OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, ptr, sz); break; case EVP_CTRL_GCM_SET_IV_INV: if (arg < 0) return 0; params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, ptr, sz); + OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, ptr, sz); break; case EVP_CTRL_GET_RC5_ROUNDS: set_params = 0; /* Fall thru */ @@ -1179,18 +1187,16 @@ set_params = 0; /* Fall thru */ case EVP_CTRL_AEAD_SET_TAG: params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - ptr, sz); + ptr, sz); break; case EVP_CTRL_AEAD_TLS1_AAD: /* This one does a set and a get - since it returns a size */ - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, - ptr, sz); + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, + ptr, sz); ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) goto end; - params[0] = - OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz); ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) goto end; @@ -1205,37 +1211,36 @@ #if !defined(OPENSSL_NO_MULTIBLOCK) case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: params[0] = OSSL_PARAM_construct_size_t( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz); ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) return 0; params[0] = OSSL_PARAM_construct_size_t( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz); params[1] = OSSL_PARAM_construct_end(); ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) return 0; return sz; case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) return 0; params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void*)p->inp, p->len); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void *)p->inp, p->len); params[1] = OSSL_PARAM_construct_uint( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) return ret; /* Retrieve the return values changed by the set */ params[0] = OSSL_PARAM_construct_size_t( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, &sz); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, &sz); params[1] = OSSL_PARAM_construct_uint( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); params[2] = OSSL_PARAM_construct_end(); ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) @@ -1243,22 +1248,21 @@ return sz; } case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, p->out, p->len); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, p->out, p->len); params[1] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, (void*)p->inp, - p->len); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, (void *)p->inp, + p->len); params[2] = OSSL_PARAM_construct_uint( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) return ret; params[0] = OSSL_PARAM_construct_size_t( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz); params[1] = OSSL_PARAM_construct_end(); ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); if (ret <= 0) @@ -1270,7 +1274,7 @@ if (arg < 0) return -1; params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_AEAD_MAC_KEY, ptr, sz); + OSSL_CIPHER_PARAM_AEAD_MAC_KEY, ptr, sz); break; } @@ -1289,7 +1293,7 @@ ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - end: +end: if (ret == EVP_CTRL_RET_UNSUPPORTED) { ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); return 0; @@ -1324,7 +1328,7 @@ { if (cipher != NULL && cipher->gettable_params != NULL) return cipher->gettable_params( - ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher))); + ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher))); return NULL; } @@ -1440,7 +1444,7 @@ return 1; /* Code below to be removed when legacy support is dropped. */ - legacy: +legacy: #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* Make sure it's safe to copy a cipher context using an ENGINE */ @@ -1505,7 +1509,7 @@ */ const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); - if (*legacy_nid == -1) /* We found a clash already */ + if (*legacy_nid == -1) /* We found a clash already */ return; if (legacy_method == NULL) return; @@ -1519,8 +1523,8 @@ #endif static void *evp_cipher_from_algorithm(const int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_CIPHER *cipher = NULL; @@ -1534,7 +1538,7 @@ #ifndef FIPS_MODULE cipher->nid = NID_undef; if (!evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid) - || cipher->nid == -1) { + || cipher->nid == -1) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); EVP_CIPHER_free(cipher); return NULL; @@ -1619,20 +1623,18 @@ case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS: if (cipher->gettable_ctx_params != NULL) break; - cipher->gettable_ctx_params = - OSSL_FUNC_cipher_gettable_ctx_params(fns); + cipher->gettable_ctx_params = OSSL_FUNC_cipher_gettable_ctx_params(fns); break; case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS: if (cipher->settable_ctx_params != NULL) break; - cipher->settable_ctx_params = - OSSL_FUNC_cipher_settable_ctx_params(fns); + cipher->settable_ctx_params = OSSL_FUNC_cipher_settable_ctx_params(fns); break; } } if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4) - || (fnciphcnt == 0 && cipher->ccipher == NULL) - || fnctxcnt != 2) { + || (fnciphcnt == 0 && cipher->ccipher == NULL) + || fnctxcnt != 2) { /* * In order to be a consistent set of functions we must have at least * a complete set of "encrypt" functions, or a complete set of "decrypt" @@ -1667,12 +1669,11 @@ } EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) + const char *properties) { - EVP_CIPHER *cipher = - evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties, - evp_cipher_from_algorithm, evp_cipher_up_ref, - evp_cipher_free); + EVP_CIPHER *cipher = evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties, + evp_cipher_from_algorithm, evp_cipher_up_ref, + evp_cipher_free); return cipher; } @@ -1708,11 +1709,11 @@ } void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_CIPHER *mac, void *arg), - void *arg) + void (*fn)(EVP_CIPHER *mac, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_CIPHER, - (void (*)(void *, void *))fn, arg, - evp_cipher_from_algorithm, evp_cipher_up_ref, - evp_cipher_free); + (void (*)(void *, void *))fn, arg, + evp_cipher_from_algorithm, evp_cipher_up_ref, + evp_cipher_free); } --- crypto/openssl/crypto/evp/evp_err.c.orig +++ crypto/openssl/crypto/evp/evp_err.c @@ -15,185 +15,185 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA EVP_str_reasons[] = { - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED), - "aes key setup failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED), - "aria key setup failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_ALGORITHM_NAME), "bad algorithm name"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CACHE_CONSTANTS_FAILED), - "cache constants failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), - "camellia key setup failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_GET_PARAMETERS), - "cannot get parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_SET_PARAMETERS), - "cannot set parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_NOT_GCM_MODE), - "cipher not gcm mode"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR), - "cipher parameter error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED), - "command not supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CONFLICTING_ALGORITHM_NAME), - "conflicting algorithm name"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED), - "ctrl not implemented"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), - "ctrl operation not implemented"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), - "data not multiple of block length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DEFAULT_QUERY_PARSE_ERROR), - "default query parse error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES), - "different key types"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), - "different parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), - "error loading section"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY), - "expecting an hmac key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY), - "expecting an rsa key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY), - "expecting a dsa key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_ECX_KEY), - "expecting an ecx key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_EC_KEY), "expecting an ec key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_POLY1305_KEY), - "expecting a poly1305 key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY), - "expecting a siphash key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FINAL_ERROR), "final error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GENERATE_ERROR), "generate error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS), - "illegal scrypt parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS), - "inaccessible domain parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INACCESSIBLE_KEY), "inaccessible key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR), - "initialization error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED), - "input not initialized"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_CUSTOM_LENGTH), - "invalid custom length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_LENGTH), "invalid length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_NULL_ALGORITHM), - "invalid null algorithm"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_PROVIDER_FUNCTIONS), - "invalid provider functions"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SALT_LENGTH), - "invalid salt length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SECRET_LENGTH), - "invalid secret length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SEED_LENGTH), - "invalid seed length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_VALUE), "invalid value"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYMGMT_EXPORT_FAILURE), - "keymgmt export failure"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEY_SETUP_FAILED), "key setup failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_LOCKING_NOT_SUPPORTED), - "locking not supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MEMORY_LIMIT_EXCEEDED), - "memory limit exceeded"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MESSAGE_DIGEST_IS_NULL), - "message digest is null"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED), - "method not supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_ABLE_TO_COPY_CTX), - "not able to copy ctx"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH), - "not XOF or invalid length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_IMPORT_FUNCTION), "no import function"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_AVAILABLE), - "no keymgmt available"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_PRESENT), "no keymgmt present"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NULL_MAC_PKEY_CTX), "null mac pkey ctx"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED), - "only oneshot supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_INITIALIZED), - "operation not initialized"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), - "output would overflow"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), - "parameter too large"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), - "partially overlapping buffers"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), - "pkey application asn1 method already registered"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR), - "private key decode error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), - "private key encode error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SETTING_XOF_FAILED), "setting xof failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE), - "set default property failure"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_MANY_RECORDS), "too many records"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_ENABLE_LOCKING), - "unable to enable locking"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE), - "unable to get maximum request size"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH), - "unable to get random strength"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_LOCK_CONTEXT), - "unable to lock context"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_SET_CALLBACKS), - "unable to set callbacks"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_KEY_TYPE), "unknown key type"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM), - "unknown pbe algorithm"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM), - "unsupported algorithm"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEYLENGTH), - "unsupported keylength"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), - "unsupported key derivation function"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_SIZE), - "unsupported key size"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_TYPE), - "unsupported key type"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), - "unsupported number of rounds"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), - "unsupported private key algorithm"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE), - "unsupported salt type"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UPDATE_ERROR), "update error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED), - "wrap mode not allowed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), - "wrong final block length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), - "xts data unit is too large"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), - "xts duplicated keys"}, - {0, NULL} + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED), + "aes key setup failed" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED), + "aria key setup failed" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_ALGORITHM_NAME), "bad algorithm name" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CACHE_CONSTANTS_FAILED), + "cache constants failed" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), + "camellia key setup failed" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_GET_PARAMETERS), + "cannot get parameters" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_SET_PARAMETERS), + "cannot set parameters" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_NOT_GCM_MODE), + "cipher not gcm mode" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR), + "cipher parameter error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED), + "command not supported" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CONFLICTING_ALGORITHM_NAME), + "conflicting algorithm name" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED), + "ctrl not implemented" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), + "ctrl operation not implemented" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), + "data not multiple of block length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DEFAULT_QUERY_PARSE_ERROR), + "default query parse error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES), + "different key types" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), + "different parameters" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), + "error loading section" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY), + "expecting an hmac key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY), + "expecting an rsa key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY), + "expecting a dsa key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_ECX_KEY), + "expecting an ecx key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_EC_KEY), "expecting an ec key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_POLY1305_KEY), + "expecting a poly1305 key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY), + "expecting a siphash key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FINAL_ERROR), "final error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GENERATE_ERROR), "generate error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS), + "illegal scrypt parameters" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS), + "inaccessible domain parameters" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INACCESSIBLE_KEY), "inaccessible key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR), + "initialization error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED), + "input not initialized" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_CUSTOM_LENGTH), + "invalid custom length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_LENGTH), "invalid length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_NULL_ALGORITHM), + "invalid null algorithm" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_PROVIDER_FUNCTIONS), + "invalid provider functions" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SALT_LENGTH), + "invalid salt length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SECRET_LENGTH), + "invalid secret length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SEED_LENGTH), + "invalid seed length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_VALUE), "invalid value" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYMGMT_EXPORT_FAILURE), + "keymgmt export failure" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEY_SETUP_FAILED), "key setup failed" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_LOCKING_NOT_SUPPORTED), + "locking not supported" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MEMORY_LIMIT_EXCEEDED), + "memory limit exceeded" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MESSAGE_DIGEST_IS_NULL), + "message digest is null" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED), + "method not supported" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_ABLE_TO_COPY_CTX), + "not able to copy ctx" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH), + "not XOF or invalid length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_IMPORT_FUNCTION), "no import function" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_AVAILABLE), + "no keymgmt available" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_PRESENT), "no keymgmt present" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NULL_MAC_PKEY_CTX), "null mac pkey ctx" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED), + "only oneshot supported" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_INITIALIZED), + "operation not initialized" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), + "output would overflow" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), + "parameter too large" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), + "partially overlapping buffers" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), + "pkey application asn1 method already registered" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR), + "private key decode error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), + "private key encode error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SETTING_XOF_FAILED), "setting xof failed" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE), + "set default property failure" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_MANY_RECORDS), "too many records" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_ENABLE_LOCKING), + "unable to enable locking" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE), + "unable to get maximum request size" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH), + "unable to get random strength" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_LOCK_CONTEXT), + "unable to lock context" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_SET_CALLBACKS), + "unable to set callbacks" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_KEY_TYPE), "unknown key type" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM), + "unknown pbe algorithm" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM), + "unsupported algorithm" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEYLENGTH), + "unsupported keylength" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), + "unsupported key derivation function" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_SIZE), + "unsupported key size" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_TYPE), + "unsupported key type" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), + "unsupported number of rounds" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRF), "unsupported prf" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), + "unsupported private key algorithm" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE), + "unsupported salt type" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UPDATE_ERROR), "update error" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED), + "wrap mode not allowed" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), + "wrong final block length" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), + "xts data unit is too large" }, + { ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), + "xts duplicated keys" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/evp/evp_fetch.c.orig +++ crypto/openssl/crypto/evp/evp_fetch.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ #include "internal/provider.h" #include "internal/namemap.h" #include "internal/property.h" -#include "crypto/evp.h" /* evp_local.h needs it */ +#include "crypto/evp.h" /* evp_local.h needs it */ #include "evp_local.h" #define NAME_SEPARATOR ':' @@ -33,7 +33,6 @@ return ossl_method_store_new(ctx); } - static const OSSL_LIB_CTX_METHOD evp_method_store_method = { /* We want evp_method_store to be cleaned up before the provider store */ OSSL_LIB_CTX_METHOD_PRIORITY_2, @@ -44,17 +43,17 @@ /* Data to be passed through ossl_method_construct() */ struct evp_method_data_st { OSSL_LIB_CTX *libctx; - int operation_id; /* For get_evp_method_from_store() */ - int name_id; /* For get_evp_method_from_store() */ - const char *names; /* For get_evp_method_from_store() */ - const char *propquery; /* For get_evp_method_from_store() */ + int operation_id; /* For get_evp_method_from_store() */ + int name_id; /* For get_evp_method_from_store() */ + const char *names; /* For get_evp_method_from_store() */ + const char *propquery; /* For get_evp_method_from_store() */ OSSL_METHOD_STORE *tmp_store; /* For get_tmp_evp_method_store() */ unsigned int flag_construct_error_occurred : 1; void *(*method_from_algorithm)(int name_id, const OSSL_ALGORITHM *, - OSSL_PROVIDER *); + OSSL_PROVIDER *); int (*refcnt_up_method)(void *method); void (*destruct_method)(void *method); }; @@ -71,7 +70,7 @@ return methdata->tmp_store; } - static void dealloc_tmp_evp_method_store(void *store) +static void dealloc_tmp_evp_method_store(void *store) { if (store != NULL) ossl_method_store_free(store); @@ -80,7 +79,7 @@ static OSSL_METHOD_STORE *get_evp_method_store(OSSL_LIB_CTX *libctx) { return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX, - &evp_method_store_method); + &evp_method_store_method); } static int reserve_evp_method_store(void *store, void *data) @@ -122,23 +121,23 @@ * passed to ossl_method_store_cache_set(), and it's in that form that it * gets passed along to filter_on_operation_id(), defined further down. */ -#define METHOD_ID_OPERATION_MASK 0x000000FF -#define METHOD_ID_OPERATION_MAX ((1 << 8) - 1) -#define METHOD_ID_NAME_MASK 0x7FFFFF00 -#define METHOD_ID_NAME_OFFSET 8 -#define METHOD_ID_NAME_MAX ((1 << 23) - 1) +#define METHOD_ID_OPERATION_MASK 0x000000FF +#define METHOD_ID_OPERATION_MAX ((1 << 8) - 1) +#define METHOD_ID_NAME_MASK 0x7FFFFF00 +#define METHOD_ID_NAME_OFFSET 8 +#define METHOD_ID_NAME_MAX ((1 << 23) - 1) static uint32_t evp_method_id(int name_id, unsigned int operation_id) { if (!ossl_assert(name_id > 0 && name_id <= METHOD_ID_NAME_MAX) || !ossl_assert(operation_id > 0 - && operation_id <= METHOD_ID_OPERATION_MAX)) + && operation_id <= METHOD_ID_OPERATION_MAX)) return 0; return (((name_id << METHOD_ID_NAME_OFFSET) & METHOD_ID_NAME_MASK) - | (operation_id & METHOD_ID_OPERATION_MASK)); + | (operation_id & METHOD_ID_OPERATION_MASK)); } static void *get_evp_method_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) + void *data) { struct evp_method_data_st *methdata = data; void *method = NULL; @@ -170,15 +169,15 @@ return NULL; if (!ossl_method_store_fetch(store, meth_id, methdata->propquery, prov, - &method)) + &method)) return NULL; return method; } static int put_evp_method_in_store(void *store, void *method, - const OSSL_PROVIDER *prov, - const char *names, const char *propdef, - void *data) + const OSSL_PROVIDER *prov, + const char *names, const char *propdef, + void *data) { struct evp_method_data_st *methdata = data; OSSL_NAMEMAP *namemap; @@ -208,8 +207,8 @@ return 0; return ossl_method_store_add(store, prov, meth_id, propdef, method, - methdata->refcnt_up_method, - methdata->destruct_method); + methdata->refcnt_up_method, + methdata->destruct_method); } /* @@ -217,7 +216,7 @@ * This function is responsible to getting an identity number for it. */ static void *construct_evp_method(const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov, void *data) + OSSL_PROVIDER *prov, void *data) { /* * This function is only called if get_evp_method_from_store() returned @@ -258,14 +257,14 @@ static void * inner_evp_generic_fetch(struct evp_method_data_st *methdata, - OSSL_PROVIDER *prov, int operation_id, - int name_id, const char *name, - const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) + OSSL_PROVIDER *prov, int operation_id, + int name_id, const char *name, + const char *properties, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)) { OSSL_METHOD_STORE *store = get_evp_method_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); @@ -342,8 +341,9 @@ methdata->destruct_method = free_method; methdata->flag_construct_error_occurred = 0; if ((method = ossl_method_construct(methdata->libctx, operation_id, - &prov, 0 /* !force_cache */, - &mcm, methdata)) != NULL) { + &prov, 0 /* !force_cache */, + &mcm, methdata)) + != NULL) { /* * If construction did create a method for us, we know that * there is a correct name_id and meth_id, since those have @@ -354,20 +354,20 @@ * will create a method against all names, but the lookup will fail * as ossl_namemap_name2num treats the name string as a single name * rather than introducing new features where in the EVP__fetch - * parses the string and querys for each, return an error. + * parses the string and queries for each, return an error. */ if (name_id == 0) name_id = ossl_namemap_name2num(namemap, name); if (name_id == 0) { ERR_raise_data(ERR_LIB_EVP, ERR_R_FETCH_FAILED, - "Algorithm %s cannot be found", name); + "Algorithm %s cannot be found", name); free_method(method); method = NULL; } else { meth_id = evp_method_id(name_id, operation_id); if (meth_id != 0) ossl_method_store_cache_set(store, prov, meth_id, propq, - method, up_ref_method, free_method); + method, up_ref_method, free_method); } } @@ -384,22 +384,22 @@ if (name == NULL) name = ossl_namemap_num2name(namemap, name_id, 0); ERR_raise_data(ERR_LIB_EVP, code, - "%s, Algorithm (%s : %d), Properties (%s)", - ossl_lib_ctx_get_descriptor(methdata->libctx), - name == NULL ? "" : name, name_id, - properties == NULL ? "" : properties); + "%s, Algorithm (%s : %d), Properties (%s)", + ossl_lib_ctx_get_descriptor(methdata->libctx), + name == NULL ? "" : name, name_id, + properties == NULL ? "" : properties); } return method; } void *evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) + const char *name, const char *properties, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)) { struct evp_method_data_st methdata; void *method; @@ -407,8 +407,8 @@ methdata.libctx = libctx; methdata.tmp_store = NULL; method = inner_evp_generic_fetch(&methdata, NULL, operation_id, - 0, name, properties, - new_method, up_ref_method, free_method); + 0, name, properties, + new_method, up_ref_method, free_method); dealloc_tmp_evp_method_store(methdata.tmp_store); return method; } @@ -421,12 +421,12 @@ * method. */ void *evp_generic_fetch_by_number(OSSL_LIB_CTX *libctx, int operation_id, - int name_id, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) + int name_id, const char *properties, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)) { struct evp_method_data_st methdata; void *method; @@ -434,8 +434,8 @@ methdata.libctx = libctx; methdata.tmp_store = NULL; method = inner_evp_generic_fetch(&methdata, NULL, operation_id, - name_id, NULL, properties, - new_method, up_ref_method, free_method); + name_id, NULL, properties, + new_method, up_ref_method, free_method); dealloc_tmp_evp_method_store(methdata.tmp_store); return method; } @@ -447,12 +447,12 @@ * method. */ void *evp_generic_fetch_from_prov(OSSL_PROVIDER *prov, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) + const char *name, const char *properties, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)) { struct evp_method_data_st methdata; void *method; @@ -460,8 +460,8 @@ methdata.libctx = ossl_provider_libctx(prov); methdata.tmp_store = NULL; method = inner_evp_generic_fetch(&methdata, prov, operation_id, - 0, name, properties, - new_method, up_ref_method, free_method); + 0, name, properties, + new_method, up_ref_method, free_method); dealloc_tmp_evp_method_store(methdata.tmp_store); return method; } @@ -486,9 +486,9 @@ } static int evp_set_parsed_default_properties(OSSL_LIB_CTX *libctx, - OSSL_PROPERTY_LIST *def_prop, - int loadconfig, - int mirrored) + OSSL_PROPERTY_LIST *def_prop, + int loadconfig, + int mirrored) { OSSL_METHOD_STORE *store = get_evp_method_store(libctx); OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); @@ -517,7 +517,8 @@ return 0; } if (ossl_property_list_to_string(libctx, def_prop, propstr, - strsz) == 0) { + strsz) + == 0) { OPENSSL_free(propstr); ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); return 0; @@ -535,7 +536,7 @@ } int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, - int loadconfig, int mirrored) + int loadconfig, int mirrored) { OSSL_PROPERTY_LIST *pl = NULL; @@ -556,7 +557,7 @@ } static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq, - int loadconfig) + int loadconfig) { OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); OSSL_PROPERTY_LIST *pl1, *pl2; @@ -583,7 +584,7 @@ } static int evp_default_property_is_enabled(OSSL_LIB_CTX *libctx, - const char *prop_name) + const char *prop_name) { OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1); @@ -596,7 +597,7 @@ } int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, - int loadconfig) + int loadconfig) { const char *query = (enable != 0) ? "fips=yes" : "-fips"; @@ -651,13 +652,13 @@ } void evp_generic_do_all(OSSL_LIB_CTX *libctx, int operation_id, - void (*user_fn)(void *method, void *arg), - void *user_arg, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) + void (*user_fn)(void *method, void *arg), + void *user_arg, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)) { struct evp_method_data_st methdata; struct filter_data_st data; @@ -665,21 +666,21 @@ methdata.libctx = libctx; methdata.tmp_store = NULL; (void)inner_evp_generic_fetch(&methdata, NULL, operation_id, 0, NULL, NULL, - new_method, up_ref_method, free_method); + new_method, up_ref_method, free_method); data.operation_id = operation_id; data.user_fn = user_fn; data.user_arg = user_arg; if (methdata.tmp_store != NULL) ossl_method_store_do_all(methdata.tmp_store, &filter_on_operation_id, - &data); + &data); ossl_method_store_do_all(get_evp_method_store(libctx), - &filter_on_operation_id, &data); + &filter_on_operation_id, &data); dealloc_tmp_evp_method_store(methdata.tmp_store); } int evp_is_a(OSSL_PROVIDER *prov, int number, - const char *legacy_name, const char *name) + const char *legacy_name, const char *name) { /* * For a |prov| that is NULL, the library context will be NULL @@ -693,8 +694,8 @@ } int evp_names_do_all(OSSL_PROVIDER *prov, int number, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); --- crypto/openssl/crypto/evp/evp_key.c.orig +++ crypto/openssl/crypto/evp/evp_key.c @@ -15,7 +15,7 @@ #include #ifndef BUFSIZ -# define BUFSIZ 256 +#define BUFSIZ 256 #endif /* should be init to zeros. */ @@ -50,7 +50,7 @@ } int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, - int verify) + int verify) { int ret = -1; char buff[BUFSIZ]; @@ -62,23 +62,25 @@ if (ui == NULL) return ret; if (UI_add_input_string(ui, prompt, 0, buf, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0 + (len >= BUFSIZ) ? BUFSIZ - 1 : len) + < 0 || (verify && UI_add_verify_string(ui, prompt, 0, buff, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len, - buf) < 0)) + (len >= BUFSIZ) ? BUFSIZ - 1 : len, + buf) + < 0)) goto end; ret = UI_process(ui); OPENSSL_cleanse(buff, BUFSIZ); - end: +end: UI_free(ui); return ret; } int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, - int datal, int count, unsigned char *key, - unsigned char *iv) + const unsigned char *salt, const unsigned char *data, + int datal, int count, unsigned char *key, + unsigned char *iv) { EVP_MD_CTX *c; unsigned char md_buf[EVP_MAX_MD_SIZE]; @@ -147,7 +149,7 @@ break; } rv = EVP_CIPHER_get_key_length(type); - err: +err: EVP_MD_CTX_free(c); OPENSSL_cleanse(md_buf, sizeof(md_buf)); return rv; --- crypto/openssl/crypto/evp/evp_lib.c.orig +++ crypto/openssl/crypto/evp/evp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,7 +29,7 @@ #include "evp_local.h" #if !defined(FIPS_MODULE) -# include "crypto/asn1.h" +#include "crypto/asn1.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { @@ -78,9 +78,9 @@ } int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params) + evp_cipher_aead_asn1_params *asn1_params) { - int ret = -1; /* Assume the worst */ + int ret = -1; /* Assume the worst */ const EVP_CIPHER *cipher = c->cipher; /* @@ -131,8 +131,8 @@ * and the second to get the actual value. */ *p++ = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, - NULL, 0); + OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, + NULL, 0); *p = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_get_params(c, params)) @@ -149,7 +149,8 @@ if (EVP_CIPHER_CTX_get_params(c, params) && OSSL_PARAM_modified(params) && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp, - params[0].return_size) != NULL) { + params[0].return_size) + != NULL) { ret = 1; } OPENSSL_free(der); @@ -158,7 +159,7 @@ ret = -2; } - err: +err: if (ret == -2) ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER); else if (ret <= 0) @@ -169,9 +170,9 @@ } int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params) + evp_cipher_aead_asn1_params *asn1_params) { - int ret = -1; /* Assume the worst */ + int ret = -1; /* Assume the worst */ const EVP_CIPHER *cipher = c->cipher; /* @@ -217,10 +218,9 @@ int derl = -1; if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) { - *p++ = - OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, - der, (size_t)derl); + *p++ = OSSL_PARAM_construct_octet_string( + OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, + der, (size_t)derl); *p = OSSL_PARAM_construct_end(); if (EVP_CIPHER_CTX_set_params(c, params)) ret = 1; @@ -240,7 +240,7 @@ } int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params) + evp_cipher_aead_asn1_params *asn1_params) { int i = 0; long tl; @@ -260,14 +260,14 @@ } int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params) + evp_cipher_aead_asn1_params *asn1_params) { if (type == NULL || asn1_params == NULL) return 0; return ossl_asn1_type_set_octetstring_int(type, asn1_params->tag_len, - asn1_params->iv, - asn1_params->iv_len); + asn1_params->iv, + asn1_params->iv_len); } #endif /* !defined(FIPS_MODULE) */ @@ -324,15 +324,15 @@ #ifdef FIPS_MODULE return NID_undef; #else - { - /* Check it has an OID and it is valid */ - ASN1_OBJECT *otmp = OBJ_nid2obj(nid); - - if (OBJ_get0_data(otmp) == NULL) - nid = NID_undef; - ASN1_OBJECT_free(otmp); - return nid; - } + { + /* Check it has an OID and it is valid */ + ASN1_OBJECT *otmp = OBJ_nid2obj(nid); + + if (OBJ_get0_data(otmp) == NULL) + nid = NID_undef; + ASN1_OBJECT_free(otmp); + return nid; + } #endif } } @@ -352,12 +352,12 @@ params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode); params[4] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_AEAD, &aead); params[5] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CUSTOM_IV, - &custom_iv); + &custom_iv); params[6] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CTS, &cts); params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, - &multiblock); + &multiblock); params[8] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, - &randkey); + &randkey); params[9] = OSSL_PARAM_construct_end(); ok = evp_do_ciph_getparams(cipher, params) > 0; if (ok) { @@ -378,7 +378,7 @@ if (randkey) cipher->flags |= EVP_CIPH_RAND_KEY; if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher), - OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS)) + OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS)) cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1; } return ok; @@ -400,7 +400,7 @@ } int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, unsigned int inl) { if (ctx->cipher->prov != NULL) { /* @@ -415,17 +415,18 @@ size_t blocksize = EVP_CIPHER_CTX_get_block_size(ctx); if (ctx->cipher->ccipher != NULL) - ret = ctx->cipher->ccipher(ctx->algctx, out, &outl, - inl + (blocksize == 1 ? 0 : blocksize), - in, (size_t)inl) - ? (int)outl : -1; + ret = ctx->cipher->ccipher(ctx->algctx, out, &outl, + inl + (blocksize == 1 ? 0 : blocksize), + in, (size_t)inl) + ? (int)outl + : -1; else if (in != NULL) ret = ctx->cipher->cupdate(ctx->algctx, out, &outl, - inl + (blocksize == 1 ? 0 : blocksize), - in, (size_t)inl); + inl + (blocksize == 1 ? 0 : blocksize), + in, (size_t)inl); else ret = ctx->cipher->cfinal(ctx->algctx, out, &outl, - blocksize == 1 ? 0 : blocksize); + blocksize == 1 ? 0 : blocksize); return ret; } @@ -510,11 +511,11 @@ if (ctx->cipher->get_ctx_params != NULL) { params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, - &v); + &v); rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); if (rv > 0) { if (OSSL_PARAM_modified(params) - && !OSSL_PARAM_get_int(params, &len)) + && !OSSL_PARAM_get_int(params, &len)) return -1; } else if (rv != EVP_CTRL_RET_UNSUPPORTED) { return -1; @@ -522,9 +523,10 @@ } /* Code below to be removed when legacy support is dropped. */ else if ((EVP_CIPHER_get_flags(ctx->cipher) - & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { + & EVP_CIPH_CUSTOM_IV_LENGTH) + != 0) { rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, - 0, &len); + 0, &len); if (rv <= 0) return -1; } @@ -555,9 +557,8 @@ const unsigned char *v = ctx->oiv; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = - OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, - (void **)&v, sizeof(ctx->oiv)); + params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, + (void **)&v, sizeof(ctx->oiv)); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); return ok != 0 ? v : NULL; @@ -572,9 +573,8 @@ const unsigned char *v = ctx->iv; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = - OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV, - (void **)&v, sizeof(ctx->iv)); + params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV, + (void **)&v, sizeof(ctx->iv)); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); return ok != 0 ? v : NULL; @@ -586,9 +586,8 @@ unsigned char *v = ctx->iv; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = - OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV, - (void **)&v, sizeof(ctx->iv)); + params[0] = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV, + (void **)&v, sizeof(ctx->iv)); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); return ok != 0 ? v : NULL; @@ -599,8 +598,7 @@ { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, buf, len); + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, buf, len); return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params) > 0; } @@ -608,8 +606,7 @@ { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len); + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len); return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params) > 0; } @@ -708,8 +705,8 @@ } int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (cipher->prov != NULL) return evp_names_do_all(cipher->prov, cipher->name_id, fn, data); @@ -766,8 +763,8 @@ } int EVP_MD_names_do_all(const EVP_MD *md, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (md->prov != NULL) return evp_names_do_all(md->prov, md->name_id, fn, data); @@ -857,7 +854,7 @@ void EVP_MD_meth_free(EVP_MD *md) { if (md == NULL || md->origin != EVP_ORIG_METH) - return; + return; evp_md_free_int(md); } @@ -902,9 +899,7 @@ md->init = init; return 1; } -int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, - const void *data, - size_t count)) +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)) { if (md->update != NULL) return 0; @@ -912,8 +907,7 @@ md->update = update; return 1; } -int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, - unsigned char *md)) +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, unsigned char *md)) { if (md->final != NULL) return 0; @@ -921,8 +915,7 @@ md->final = final; return 1; } -int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, - const EVP_MD_CTX *from)) +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)) { if (md->copy != NULL) return 0; @@ -938,8 +931,7 @@ md->cleanup = cleanup; return 1; } -int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, - int p1, void *p2)) +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)) { if (md->md_ctrl != NULL) return 0; @@ -969,18 +961,18 @@ return md->init; } int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, - const void *data, - size_t count) + const void *data, + size_t count) { return md->update; } int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, - unsigned char *md) + unsigned char *md) { return md->final; } int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, - const EVP_MD_CTX *from) + const EVP_MD_CTX *from) { return md->copy; } @@ -989,7 +981,7 @@ return md->cleanup; } int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, - int p1, void *p2) + int p1, void *p2) { return md->md_ctrl; } @@ -1054,14 +1046,14 @@ } int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, - const void *data, size_t count) + const void *data, size_t count) { return ctx->update; } void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, - int (*update) (EVP_MD_CTX *ctx, - const void *data, size_t count)) + int (*update)(EVP_MD_CTX *ctx, + const void *data, size_t count)) { ctx->update = update; } @@ -1082,7 +1074,7 @@ } static int evp_cipher_ctx_enable_use_bits(EVP_CIPHER_CTX *ctx, - unsigned int enable) + unsigned int enable) { OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; @@ -1129,7 +1121,7 @@ return -1; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - (char *)name, 0); + (char *)name, 0); return EVP_PKEY_CTX_set_params(ctx, params); } @@ -1149,7 +1141,7 @@ return -1; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - name, namelen); + name, namelen); if (!EVP_PKEY_CTX_get_params(ctx, params)) return -1; return 1; @@ -1165,14 +1157,14 @@ * such as the RSA modulus size or the name of an EC curve. */ static EVP_PKEY *evp_pkey_keygen(OSSL_LIB_CTX *libctx, const char *name, - const char *propq, const OSSL_PARAM *params) + const char *propq, const OSSL_PARAM *params) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq); if (ctx != NULL - && EVP_PKEY_keygen_init(ctx) > 0 - && EVP_PKEY_CTX_set_params(ctx, params)) + && EVP_PKEY_keygen_init(ctx) > 0 + && EVP_PKEY_CTX_set_params(ctx, params)) (void)EVP_PKEY_generate(ctx, &pkey); EVP_PKEY_CTX_free(ctx); @@ -1180,7 +1172,7 @@ } EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, - const char *type, ...) + const char *type, ...) { va_list args; size_t bits; @@ -1196,18 +1188,18 @@ } else if (OPENSSL_strcasecmp(type, "EC") == 0) { name = va_arg(args, char *); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - name, 0); + name, 0); } else if (OPENSSL_strcasecmp(type, "ED25519") != 0 - && OPENSSL_strcasecmp(type, "X25519") != 0 - && OPENSSL_strcasecmp(type, "ED448") != 0 - && OPENSSL_strcasecmp(type, "X448") != 0 - && OPENSSL_strcasecmp(type, "SM2") != 0) { + && OPENSSL_strcasecmp(type, "X25519") != 0 + && OPENSSL_strcasecmp(type, "ED448") != 0 + && OPENSSL_strcasecmp(type, "X448") != 0 + && OPENSSL_strcasecmp(type, "SM2") != 0) { ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); goto end; } ret = evp_pkey_keygen(libctx, type, propq, params); - end: +end: va_end(args); return ret; } --- crypto/openssl/crypto/evp/evp_local.h.orig +++ crypto/openssl/crypto/evp/evp_local.h @@ -12,18 +12,17 @@ #define EVP_CTRL_RET_UNSUPPORTED -1 - struct evp_md_ctx_st { - const EVP_MD *reqdigest; /* The original requested digest */ + const EVP_MD *reqdigest; /* The original requested digest */ const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is - * ENGINE-provided */ + ENGINE *engine; /* functional reference if 'digest' is + * ENGINE-provided */ unsigned long flags; void *md_data; /* Public key context for sign/verify */ EVP_PKEY_CTX *pctx; /* Update function: usually copied from EVP_MD */ - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); /* * Opaque ctx returned from a providers digest algorithm implementation @@ -31,24 +30,24 @@ */ void *algctx; EVP_MD *fetched_digest; -} /* EVP_MD_CTX */ ; +} /* EVP_MD_CTX */; struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is - * ENGINE-provided */ - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ + ENGINE *engine; /* functional reference if 'cipher' is + * ENGINE-provided */ + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ - int num; /* used by cfb/ofb/ctr mode */ + int num; /* used by cfb/ofb/ctr mode */ /* FIXME: Should this even exist? It appears unused */ - void *app_data; /* application stuff */ - int key_len; /* May change for variable length cipher */ - int iv_len; /* IV length */ - unsigned long flags; /* Various flags */ - void *cipher_data; /* per EVP data */ + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + int iv_len; /* IV length */ + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ int final_used; int block_mask; unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ @@ -59,10 +58,10 @@ */ void *algctx; EVP_CIPHER *fetched_cipher; -} /* EVP_CIPHER_CTX */ ; +} /* EVP_CIPHER_CTX */; struct evp_mac_ctx_st { - EVP_MAC *meth; /* Method structure */ + EVP_MAC *meth; /* Method structure */ /* * Opaque ctx returned from a providers MAC algorithm implementation * OSSL_FUNC_mac_newctx() @@ -71,28 +70,28 @@ } /* EVP_MAC_CTX */; struct evp_kdf_ctx_st { - EVP_KDF *meth; /* Method structure */ + EVP_KDF *meth; /* Method structure */ /* * Opaque ctx returned from a providers KDF algorithm implementation * OSSL_FUNC_kdf_newctx() */ void *algctx; -} /* EVP_KDF_CTX */ ; +} /* EVP_KDF_CTX */; struct evp_rand_ctx_st { - EVP_RAND *meth; /* Method structure */ + EVP_RAND *meth; /* Method structure */ /* * Opaque ctx returned from a providers rand algorithm implementation * OSSL_FUNC_rand_newctx() */ void *algctx; - EVP_RAND_CTX *parent; /* Parent EVP_RAND or NULL if none */ - CRYPTO_REF_COUNT refcnt; /* Context reference count */ + EVP_RAND_CTX *parent; /* Parent EVP_RAND or NULL if none */ + CRYPTO_REF_COUNT refcnt; /* Context reference count */ CRYPTO_RWLOCK *refcnt_lock; -} /* EVP_RAND_CTX */ ; +} /* EVP_RAND_CTX */; struct evp_keymgmt_st { - int id; /* libcrypto internal */ + int id; /* libcrypto internal */ int name_id; char *type_name; @@ -131,7 +130,7 @@ OSSL_FUNC_keymgmt_export_fn *export; OSSL_FUNC_keymgmt_export_types_fn *export_types; OSSL_FUNC_keymgmt_dup_fn *dup; -} /* EVP_KEYMGMT */ ; +} /* EVP_KEYMGMT */; struct evp_keyexch_st { int name_id; @@ -231,13 +230,13 @@ } /* EVP_KEM */; int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, - int en_de); + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, + int en_de); int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, - int en_de, OSSL_LIB_CTX *libctx, const char *propq); + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, + int en_de, OSSL_LIB_CTX *libctx, const char *propq); struct evp_Encode_Ctx_st { /* number saved in a partial encode/decode */ @@ -264,62 +263,62 @@ #include void *evp_generic_fetch(OSSL_LIB_CTX *ctx, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)); + const char *name, const char *properties, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)); void *evp_generic_fetch_by_number(OSSL_LIB_CTX *ctx, int operation_id, - int name_id, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)); + int name_id, const char *properties, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)); void *evp_generic_fetch_from_prov(OSSL_PROVIDER *prov, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)); + const char *name, const char *properties, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)); void evp_generic_do_all_prefetched(OSSL_LIB_CTX *libctx, int operation_id, - void (*user_fn)(void *method, void *arg), - void *user_arg); + void (*user_fn)(void *method, void *arg), + void *user_arg); void evp_generic_do_all(OSSL_LIB_CTX *libctx, int operation_id, - void (*user_fn)(void *method, void *arg), - void *user_arg, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)); + void (*user_fn)(void *method, void *arg), + void *user_arg, + void *(*new_method)(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)); /* Internal fetchers for method types that are to be combined with others */ EVP_KEYMGMT *evp_keymgmt_fetch_by_number(OSSL_LIB_CTX *ctx, int name_id, - const char *properties); + const char *properties); EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); + const char *name, + const char *properties); EVP_ASYM_CIPHER *evp_asym_cipher_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); + const char *name, + const char *properties); EVP_KEYEXCH *evp_keyexch_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); + const char *name, + const char *properties); EVP_KEM *evp_kem_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); + const char *name, + const char *properties); /* Internal structure constructors for fetched methods */ EVP_MD *evp_md_new(void); EVP_CIPHER *evp_cipher_new(void); int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params); + evp_cipher_aead_asn1_params *asn1_params); int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params); + evp_cipher_aead_asn1_params *asn1_params); /* Helper functions to avoid duplicating code */ @@ -336,33 +335,33 @@ */ int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[]); int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx, - OSSL_PARAM params[]); + OSSL_PARAM params[]); int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx, - OSSL_PARAM params[]); + OSSL_PARAM params[]); int evp_do_md_getparams(const EVP_MD *md, OSSL_PARAM params[]); int evp_do_md_ctx_getparams(const EVP_MD *md, void *provctx, - OSSL_PARAM params[]); + OSSL_PARAM params[]); int evp_do_md_ctx_setparams(const EVP_MD *md, void *provctx, - OSSL_PARAM params[]); + OSSL_PARAM params[]); OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz); -#define M_check_autoarg(ctx, arg, arglen, err) \ - if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ - size_t pksize = (size_t)EVP_PKEY_get_size(ctx->pkey); \ - \ - if (pksize == 0) { \ - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \ - return 0; \ - } \ - if (arg == NULL) { \ - *arglen = pksize; \ - return 1; \ - } \ - if (*arglen < pksize) { \ +#define M_check_autoarg(ctx, arg, arglen, err) \ + if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ + size_t pksize = (size_t)EVP_PKEY_get_size(ctx->pkey); \ + \ + if (pksize == 0) { \ + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \ + return 0; \ + } \ + if (arg == NULL) { \ + *arglen = pksize; \ + return 1; \ + } \ + if (*arglen < pksize) { \ ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \ - return 0; \ - } \ + return 0; \ + } \ } void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx); @@ -371,8 +370,8 @@ /* OSSL_PROVIDER * is only used to get the library context */ int evp_is_a(OSSL_PROVIDER *prov, int number, - const char *legacy_name, const char *name); + const char *legacy_name, const char *name); int evp_names_do_all(OSSL_PROVIDER *prov, int number, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); int evp_cipher_cache_constants(EVP_CIPHER *cipher); --- crypto/openssl/crypto/evp/evp_pbe.c.orig +++ crypto/openssl/crypto/evp/evp_pbe.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,62 +33,62 @@ static STACK_OF(EVP_PBE_CTL) *pbe_algs; static const EVP_PBE_CTL builtin_pbe[] = { - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, - NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, - NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, - NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - - {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, - - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, - NID_rc4, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, - NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, - NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, - NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, - NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - - {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen, &PKCS5_v2_PBE_keyivgen_ex}, - - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, - NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, - NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, - NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, - {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0}, - {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, - {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, - {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1, - NID_id_GostR3411_2012_256, 0}, - {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1, - NID_id_GostR3411_2012_512, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0}, - {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen, &PKCS5_v2_PBKDF2_keyivgen_ex}, + { EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, + NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, + NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, + NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex }, + + { EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen, + PKCS5_v2_PBKDF2_keyivgen_ex }, + + { EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, + NID_rc4, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, + NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, + NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, + NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, + NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex }, + + { EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen, &PKCS5_v2_PBE_keyivgen_ex }, + + { EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, + NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, + NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex }, + { EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, + NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex }, + + { EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0 }, + { EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0 }, + { EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1, + NID_id_GostR3411_2012_256, 0 }, + { EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1, + NID_id_GostR3411_2012_512, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0 }, + { EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0 }, + { EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen, &PKCS5_v2_PBKDF2_keyivgen_ex }, #ifndef OPENSSL_NO_SCRYPT - {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen, &PKCS5_v2_scrypt_keyivgen_ex} + { EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen, &PKCS5_v2_scrypt_keyivgen_ex } #endif }; - int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de, + OSSL_LIB_CTX *libctx, const char *propq) { const EVP_CIPHER *cipher = NULL; EVP_CIPHER *cipher_fetch = NULL; @@ -99,7 +99,7 @@ EVP_PBE_KEYGEN *keygen; if (!EVP_PBE_find_ex(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj), - &cipher_nid, &md_nid, &keygen, &keygen_ex)) { + &cipher_nid, &md_nid, &keygen, &keygen_ex)) { char obj_tmp[80]; if (pbe_obj == NULL) @@ -107,7 +107,7 @@ else i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj); ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_PBE_ALGORITHM, - "TYPE=%s", obj_tmp); + "TYPE=%s", obj_tmp); goto err; } @@ -125,7 +125,7 @@ if (cipher == NULL) { (void)ERR_clear_last_mark(); ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER, - OBJ_nid2sn(cipher_nid)); + OBJ_nid2sn(cipher_nid)); goto err; } (void)ERR_pop_to_mark(); @@ -160,7 +160,7 @@ } int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) { return EVP_PBE_CipherInit_ex(pbe_obj, pass, passlen, param, ctx, en_de, NULL, NULL); } @@ -190,7 +190,7 @@ /* Add a PBE algorithm */ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, - int md_nid, EVP_PBE_KEYGEN *keygen) + int md_nid, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; @@ -215,13 +215,13 @@ } return 1; - err: +err: ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); return 0; } int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen) + EVP_PBE_KEYGEN *keygen) { int cipher_nid, md_nid; @@ -235,11 +235,11 @@ md_nid = -1; return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid, - cipher_nid, md_nid, keygen); + cipher_nid, md_nid, keygen); } int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **pkeygen_ex) + EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **pkeygen_ex) { EVP_PBE_CTL *pbetmp = NULL, pbelu; int i; @@ -270,7 +270,7 @@ } int EVP_PBE_find(int type, int pbe_nid, - int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen) + int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen) { return EVP_PBE_find_ex(type, pbe_nid, pcnid, pmnid, pkeygen, NULL); } --- crypto/openssl/crypto/evp/evp_pkey.c.orig +++ crypto/openssl/crypto/evp/evp_pkey.c @@ -22,7 +22,7 @@ /* Extract a private key from a PKCS8 structure */ EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { EVP_PKEY *pkey = NULL; const ASN1_OBJECT *algoid; @@ -39,7 +39,7 @@ if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { i2t_ASN1_OBJECT(obj_tmp, 80, algoid); ERR_raise_data(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM, - "TYPE=%s", obj_tmp); + "TYPE=%s", obj_tmp); goto error; } @@ -58,13 +58,13 @@ return pkey; - error: +error: EVP_PKEY_free(pkey); return NULL; } EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { EVP_PKEY *pkey = NULL; const unsigned char *p8_data = NULL; @@ -75,14 +75,14 @@ OSSL_DECODER_CTX *dctx = NULL; if ((encoded_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &encoded_data)) <= 0 - || encoded_data == NULL) + || encoded_data == NULL) return NULL; p8_data = encoded_data; len = encoded_len; selection = EVP_PKEY_KEYPAIR | EVP_PKEY_KEY_PARAMETERS; dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "PrivateKeyInfo", - NULL, selection, libctx, propq); + NULL, selection, libctx, propq); if (dctx == NULL || !OSSL_DECODER_from_data(dctx, &p8_data, &len)) /* try legacy */ @@ -117,8 +117,9 @@ const unsigned char *pp; if ((ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, - "DER", "PrivateKeyInfo", - NULL)) == NULL + "DER", "PrivateKeyInfo", + NULL)) + == NULL || !OSSL_ENCODER_to_data(ctx, &der, &derlen)) goto error; @@ -129,7 +130,7 @@ goto error; } else { p8 = PKCS8_PRIV_KEY_INFO_new(); - if (p8 == NULL) { + if (p8 == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); return NULL; } @@ -150,13 +151,12 @@ } } goto end; - error: +error: PKCS8_PRIV_KEY_INFO_free(p8); p8 = NULL; - end: +end: OSSL_ENCODER_CTX_free(ctx); return p8; - } /* EVP_PKEY attribute functions */ @@ -172,7 +172,7 @@ } int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); } @@ -195,8 +195,8 @@ } int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) { if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len)) return 1; @@ -204,8 +204,8 @@ } int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, - int nid, int type, - const unsigned char *bytes, int len) + int nid, int type, + const unsigned char *bytes, int len) { if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len)) return 1; @@ -213,8 +213,8 @@ } int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, - const char *attrname, int type, - const unsigned char *bytes, int len) + const char *attrname, int type, + const unsigned char *bytes, int len) { if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len)) return 1; @@ -233,7 +233,7 @@ ameth = EVP_PKEY_get0_asn1(key); if (ameth != NULL) EVP_PKEY_asn1_get0_info(NULL, NULL, - NULL, NULL, &name, ameth); + NULL, NULL, &name, ameth); return name; } --- crypto/openssl/crypto/evp/evp_rand.c.orig +++ crypto/openssl/crypto/evp/evp_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,7 @@ OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params; OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params; OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization; -} /* EVP_RAND */ ; +} /* EVP_RAND */; static int evp_rand_up_ref(void *vrand) { @@ -80,7 +80,7 @@ EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand)); if (rand == NULL - || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { + || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { OPENSSL_free(rand); return NULL; } @@ -113,8 +113,8 @@ } static void *evp_rand_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_RAND *rand = NULL; @@ -155,7 +155,7 @@ fnrandcnt++; break; case OSSL_FUNC_RAND_UNINSTANTIATE: - if (rand->uninstantiate != NULL) + if (rand->uninstantiate != NULL) break; rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns); fnrandcnt++; @@ -197,20 +197,17 @@ case OSSL_FUNC_RAND_GETTABLE_PARAMS: if (rand->gettable_params != NULL) break; - rand->gettable_params = - OSSL_FUNC_rand_gettable_params(fns); + rand->gettable_params = OSSL_FUNC_rand_gettable_params(fns); break; case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS: if (rand->gettable_ctx_params != NULL) break; - rand->gettable_ctx_params = - OSSL_FUNC_rand_gettable_ctx_params(fns); + rand->gettable_ctx_params = OSSL_FUNC_rand_gettable_ctx_params(fns); break; case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS: if (rand->settable_ctx_params != NULL) break; - rand->settable_ctx_params = - OSSL_FUNC_rand_settable_ctx_params(fns); + rand->settable_ctx_params = OSSL_FUNC_rand_settable_ctx_params(fns); break; case OSSL_FUNC_RAND_GET_PARAMS: if (rand->get_params != NULL) @@ -248,13 +245,13 @@ * locking functions. */ if (fnrandcnt != 3 - || fnctxcnt != 3 - || (fnenablelockcnt != 0 && fnenablelockcnt != 1) - || (fnlockcnt != 0 && fnlockcnt != 2) + || fnctxcnt != 3 + || (fnenablelockcnt != 0 && fnenablelockcnt != 1) + || (fnlockcnt != 0 && fnlockcnt != 2) #ifdef FIPS_MODULE - || fnzeroizecnt != 1 + || fnzeroizecnt != 1 #endif - ) { + ) { evp_rand_free(rand); ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); return NULL; @@ -271,11 +268,11 @@ } EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties, - evp_rand_from_algorithm, evp_rand_up_ref, - evp_rand_free); + evp_rand_from_algorithm, evp_rand_up_ref, + evp_rand_free); } int EVP_RAND_up_ref(EVP_RAND *rand) @@ -355,8 +352,9 @@ parent_dispatch = parent->meth->dispatch; } if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx, - parent_dispatch)) == NULL - || !EVP_RAND_up_ref(rand)) { + parent_dispatch)) + == NULL + || !EVP_RAND_up_ref(rand)) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); rand->freectx(ctx->algctx); CRYPTO_THREAD_lock_free(ctx->refcnt_lock); @@ -396,7 +394,7 @@ } static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx, - OSSL_PARAM params[]) + OSSL_PARAM params[]) { return ctx->meth->get_ctx_params(ctx->algctx, params); } @@ -413,7 +411,7 @@ } static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { if (ctx->meth->set_ctx_params != NULL) return ctx->meth->set_ctx_params(ctx->algctx, params); @@ -479,18 +477,18 @@ } void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_RAND *rand, void *arg), - void *arg) + void (*fn)(EVP_RAND *rand, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_RAND, - (void (*)(void *, void *))fn, arg, - evp_rand_from_algorithm, evp_rand_up_ref, - evp_rand_free); + (void (*)(void *, void *))fn, arg, + evp_rand_from_algorithm, evp_rand_up_ref, + evp_rand_free); } int EVP_RAND_names_do_all(const EVP_RAND *rand, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (rand->prov != NULL) return evp_names_do_all(rand->prov, rand->name_id, fn, data); @@ -498,25 +496,24 @@ return 1; } -static int evp_rand_instantiate_locked - (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[]) +static int evp_rand_instantiate_locked(EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[]) { return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance, - pstr, pstr_len, params); + pstr, pstr_len, params); } int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, - const OSSL_PARAM params[]) + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]) { int res; if (!evp_rand_lock(ctx)) return 0; res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance, - pstr, pstr_len, params); + pstr, pstr_len, params); evp_rand_unlock(ctx); return res; } @@ -538,25 +535,25 @@ } static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out, - size_t outlen, unsigned int strength, - int prediction_resistance, - const unsigned char *addin, - size_t addin_len) + size_t outlen, unsigned int strength, + int prediction_resistance, + const unsigned char *addin, + size_t addin_len) { size_t chunk, max_request = 0; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST, - &max_request); + &max_request); if (!evp_rand_get_ctx_params_locked(ctx, params) - || max_request == 0) { + || max_request == 0) { ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); return 0; } for (; outlen > 0; outlen -= chunk, out += chunk) { chunk = outlen > max_request ? max_request : outlen; if (!ctx->meth->generate(ctx->algctx, out, chunk, strength, - prediction_resistance, addin, addin_len)) { + prediction_resistance, addin, addin_len)) { ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR); return 0; } @@ -570,39 +567,39 @@ } int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *addin, size_t addin_len) + unsigned int strength, int prediction_resistance, + const unsigned char *addin, size_t addin_len) { int res; if (!evp_rand_lock(ctx)) return 0; res = evp_rand_generate_locked(ctx, out, outlen, strength, - prediction_resistance, addin, addin_len); + prediction_resistance, addin, addin_len); evp_rand_unlock(ctx); return res; } static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *addin, size_t addin_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *addin, size_t addin_len) { if (ctx->meth->reseed != NULL) return ctx->meth->reseed(ctx->algctx, prediction_resistance, - ent, ent_len, addin, addin_len); + ent, ent_len, addin, addin_len); return 1; } int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *addin, size_t addin_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *addin, size_t addin_len) { int res; if (!evp_rand_lock(ctx)) return 0; res = evp_rand_reseed_locked(ctx, prediction_resistance, - ent, ent_len, addin, addin_len); + ent, ent_len, addin, addin_len); evp_rand_unlock(ctx); return res; } @@ -630,14 +627,12 @@ } static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out, - size_t outlen) + size_t outlen) { unsigned int str = evp_rand_strength_locked(ctx); - if (ctx->meth->nonce == NULL) - return 0; - if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen)) - return 1; + if (ctx->meth->nonce != NULL) + return ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen) > 0; return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0); } --- crypto/openssl/crypto/evp/evp_utils.c.orig +++ crypto/openssl/crypto/evp/evp_utils.c @@ -12,9 +12,9 @@ #include #include #include -#include /* evp_local.h needs it */ -#include /* evp_local.h needs it */ -#include "crypto/evp.h" /* evp_local.h needs it */ +#include /* evp_local.h needs it */ +#include /* evp_local.h needs it */ +#include "crypto/evp.h" /* evp_local.h needs it */ #include "evp_local.h" /* @@ -24,36 +24,36 @@ * Since these functions are used to implement ctrl functionality, we * use the same value, and other callers will have to compensate. */ -#define PARAM_CHECK(obj, func, errfunc) \ - if (obj == NULL) \ - return 0; \ - if (obj->prov == NULL) \ - return EVP_CTRL_RET_UNSUPPORTED; \ - if (obj->func == NULL) { \ - errfunc(); \ - return 0; \ +#define PARAM_CHECK(obj, func, errfunc) \ + if (obj == NULL) \ + return 0; \ + if (obj->prov == NULL) \ + return EVP_CTRL_RET_UNSUPPORTED; \ + if (obj->func == NULL) { \ + errfunc(); \ + return 0; \ } -#define PARAM_FUNC(name, func, type, err) \ -int name (const type *obj, OSSL_PARAM params[]) \ -{ \ - PARAM_CHECK(obj, func, err) \ - return obj->func(params); \ -} +#define PARAM_FUNC(name, func, type, err) \ + int name(const type *obj, OSSL_PARAM params[]) \ + { \ + PARAM_CHECK(obj, func, err) \ + return obj->func(params); \ + } -#define PARAM_CTX_FUNC(name, func, type, err) \ -int name (const type *obj, void *algctx, OSSL_PARAM params[]) \ -{ \ - PARAM_CHECK(obj, func, err) \ - return obj->func(algctx, params); \ -} +#define PARAM_CTX_FUNC(name, func, type, err) \ + int name(const type *obj, void *algctx, OSSL_PARAM params[]) \ + { \ + PARAM_CHECK(obj, func, err) \ + return obj->func(algctx, params); \ + } -#define PARAM_FUNCTIONS(type, \ - getname, getfunc, \ - getctxname, getctxfunc, \ - setctxname, setctxfunc) \ - PARAM_FUNC(getname, getfunc, type, geterr) \ - PARAM_CTX_FUNC(getctxname, getctxfunc, type, geterr) \ +#define PARAM_FUNCTIONS(type, \ + getname, getfunc, \ + getctxname, getctxfunc, \ + setctxname, setctxfunc) \ + PARAM_FUNC(getname, getfunc, type, geterr) \ + PARAM_CTX_FUNC(getctxname, getctxfunc, type, geterr) \ PARAM_CTX_FUNC(setctxname, setctxfunc, type, seterr) /* @@ -71,11 +71,11 @@ } PARAM_FUNCTIONS(EVP_CIPHER, - evp_do_ciph_getparams, get_params, - evp_do_ciph_ctx_getparams, get_ctx_params, - evp_do_ciph_ctx_setparams, set_ctx_params) + evp_do_ciph_getparams, get_params, + evp_do_ciph_ctx_getparams, get_ctx_params, + evp_do_ciph_ctx_setparams, set_ctx_params) PARAM_FUNCTIONS(EVP_MD, - evp_do_md_getparams, get_params, - evp_do_md_ctx_getparams, get_ctx_params, - evp_do_md_ctx_setparams, set_ctx_params) + evp_do_md_getparams, get_params, + evp_do_md_ctx_getparams, get_ctx_params, + evp_do_md_ctx_setparams, set_ctx_params) --- crypto/openssl/crypto/evp/exchange.c.orig +++ crypto/openssl/crypto/evp/exchange.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include "internal/refcount.h" #include "internal/provider.h" #include "internal/core.h" -#include "internal/numbers.h" /* includes SIZE_MAX */ +#include "internal/numbers.h" /* includes SIZE_MAX */ #include "crypto/evp.h" #include "evp_local.h" @@ -41,8 +41,8 @@ } static void *evp_keyexch_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_KEYEXCH *exchange = NULL; @@ -123,8 +123,8 @@ } } if (fncnt != 4 - || (gparamfncnt != 0 && gparamfncnt != 2) - || (sparamfncnt != 0 && sparamfncnt != 2)) { + || (gparamfncnt != 0 && gparamfncnt != 2) + || (sparamfncnt != 0 && sparamfncnt != 2)) { /* * In order to be a consistent set of functions we must have at least * a complete set of "exchange" functions: init, derive, newctx, @@ -139,7 +139,7 @@ return exchange; - err: +err: EVP_KEYEXCH_free(exchange); return NULL; } @@ -173,23 +173,23 @@ } EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties, - evp_keyexch_from_algorithm, - (int (*)(void *))EVP_KEYEXCH_up_ref, - (void (*)(void *))EVP_KEYEXCH_free); + evp_keyexch_from_algorithm, + (int (*)(void *))EVP_KEYEXCH_up_ref, + (void (*)(void *))EVP_KEYEXCH_free); } EVP_KEYEXCH *evp_keyexch_fetch_from_prov(OSSL_PROVIDER *prov, - const char *algorithm, - const char *properties) + const char *algorithm, + const char *properties) { return evp_generic_fetch_from_prov(prov, OSSL_OP_KEYEXCH, - algorithm, properties, - evp_keyexch_from_algorithm, - (int (*)(void *))EVP_KEYEXCH_up_ref, - (void (*)(void *))EVP_KEYEXCH_free); + algorithm, properties, + evp_keyexch_from_algorithm, + (int (*)(void *))EVP_KEYEXCH_up_ref, + (void (*)(void *))EVP_KEYEXCH_free); } int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) @@ -242,20 +242,19 @@ * Try to derive the supported exch from |ctx->keymgmt|. */ if (!ossl_assert(ctx->pkey->keymgmt == NULL - || ctx->pkey->keymgmt == ctx->keymgmt)) { + || ctx->pkey->keymgmt == ctx->keymgmt)) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); goto err; } supported_exch = evp_keymgmt_util_query_operation_name(ctx->keymgmt, - OSSL_OP_KEYEXCH); + OSSL_OP_KEYEXCH); if (supported_exch == NULL) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } - /* * We perform two iterations: * @@ -286,16 +285,14 @@ switch (iter) { case 1: - exchange = - EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery); + exchange = EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery); if (exchange != NULL) tmp_prov = EVP_KEYEXCH_get0_provider(exchange); break; case 2: tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); - exchange = - evp_keyexch_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_exch, ctx->propquery); + exchange = evp_keyexch_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + supported_exch, ctx->propquery); if (exchange == NULL) goto legacy; break; @@ -312,13 +309,12 @@ * to it (evp_pkey_export_to_provider() is smart enough to only actually * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt) */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); + tmp_keymgmt_tofree = tmp_keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + EVP_KEYMGMT_get0_name(ctx->keymgmt), + ctx->propquery); if (tmp_keymgmt != NULL) provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); + &tmp_keymgmt, ctx->propquery); if (tmp_keymgmt == NULL) EVP_KEYMGMT_free(tmp_keymgmt_tofree); } @@ -343,13 +339,13 @@ EVP_KEYMGMT_free(tmp_keymgmt); return ret ? 1 : 0; - err: +err: evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; EVP_KEYMGMT_free(tmp_keymgmt); return 0; - legacy: +legacy: /* * If we don't have the full support we need with provided methods, * let's go see if legacy does. @@ -375,7 +371,7 @@ } int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer, - int validate_peer) + int validate_peer) { int ret = 0, check; void *provkey = NULL; @@ -414,14 +410,13 @@ * to it (evp_pkey_export_to_provider() is smart enough to only actually * export it if |tmp_keymgmt| is different from |peer|'s keymgmt) */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *) - EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange), - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); + tmp_keymgmt_tofree = tmp_keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *) + EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange), + EVP_KEYMGMT_get0_name(ctx->keymgmt), + ctx->propquery); if (tmp_keymgmt != NULL) provkey = evp_pkey_export_to_provider(peer, ctx->libctx, - &tmp_keymgmt, ctx->propquery); + &tmp_keymgmt, ctx->propquery); EVP_KEYMGMT_free(tmp_keymgmt_tofree); /* @@ -430,16 +425,22 @@ */ if (provkey == NULL) goto legacy; - return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey); + ret = ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey); + if (ret <= 0) + return ret; + EVP_PKEY_free(ctx->peerkey); + ctx->peerkey = peer; + EVP_PKEY_up_ref(peer); + return 1; - legacy: +legacy: #ifdef FIPS_MODULE return ret; #else if (ctx->pmeth == NULL || !(ctx->pmeth->derive != NULL - || ctx->pmeth->encrypt != NULL - || ctx->pmeth->decrypt != NULL) + || ctx->pmeth->encrypt != NULL + || ctx->pmeth->decrypt != NULL) || ctx->pmeth->ctrl == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; @@ -476,8 +477,7 @@ * (different key types) is impossible here because it is checked earlier. * -2 is OK for us here, as well as 1, so we can check for 0 only. */ - if (!EVP_PKEY_missing_parameters(peer) && - !EVP_PKEY_parameters_eq(ctx->pkey, peer)) { + if (!EVP_PKEY_missing_parameters(peer) && !EVP_PKEY_parameters_eq(ctx->pkey, peer)) { ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS); return -1; } @@ -520,17 +520,16 @@ goto legacy; ret = ctx->op.kex.exchange->derive(ctx->op.kex.algctx, key, pkeylen, - key != NULL ? *pkeylen : 0); + key != NULL ? *pkeylen : 0); return ret; - legacy: +legacy: if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) - return ctx->pmeth->derive(ctx, key, pkeylen); + M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) return ctx->pmeth->derive(ctx, key, pkeylen); } int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch) @@ -551,23 +550,23 @@ int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name) { return keyexch != NULL - && evp_is_a(keyexch->prov, keyexch->name_id, NULL, name); + && evp_is_a(keyexch->prov, keyexch->name_id, NULL, name); } void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEYEXCH *keyexch, void *arg), - void *arg) + void (*fn)(EVP_KEYEXCH *keyexch, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_KEYEXCH, - (void (*)(void *, void *))fn, arg, - evp_keyexch_from_algorithm, - (int (*)(void *))EVP_KEYEXCH_up_ref, - (void (*)(void *))EVP_KEYEXCH_free); + (void (*)(void *, void *))fn, arg, + evp_keyexch_from_algorithm, + (int (*)(void *))EVP_KEYEXCH_up_ref, + (void (*)(void *))EVP_KEYEXCH_free); } int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (keyexch->prov != NULL) return evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data); --- crypto/openssl/crypto/evp/kdf_lib.c.orig +++ crypto/openssl/crypto/evp/kdf_lib.c @@ -130,15 +130,15 @@ *params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &s); if (ctx->meth->get_ctx_params != NULL && ctx->meth->get_ctx_params(ctx->algctx, params)) - return s; + return s; if (ctx->meth->get_params != NULL && ctx->meth->get_params(params)) - return s; + return s; return 0; } int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { if (ctx == NULL) return 0; @@ -174,8 +174,8 @@ } int EVP_KDF_names_do_all(const EVP_KDF *kdf, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (kdf->prov != NULL) return evp_names_do_all(kdf->prov, kdf->name_id, fn, data); --- crypto/openssl/crypto/evp/kdf_meth.c.orig +++ crypto/openssl/crypto/evp/kdf_meth.c @@ -57,8 +57,8 @@ } static void *evp_kdf_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_KDF *kdf = NULL; @@ -108,20 +108,17 @@ case OSSL_FUNC_KDF_GETTABLE_PARAMS: if (kdf->gettable_params != NULL) break; - kdf->gettable_params = - OSSL_FUNC_kdf_gettable_params(fns); + kdf->gettable_params = OSSL_FUNC_kdf_gettable_params(fns); break; case OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS: if (kdf->gettable_ctx_params != NULL) break; - kdf->gettable_ctx_params = - OSSL_FUNC_kdf_gettable_ctx_params(fns); + kdf->gettable_ctx_params = OSSL_FUNC_kdf_gettable_ctx_params(fns); break; case OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS: if (kdf->settable_ctx_params != NULL) break; - kdf->settable_ctx_params = - OSSL_FUNC_kdf_settable_ctx_params(fns); + kdf->settable_ctx_params = OSSL_FUNC_kdf_settable_ctx_params(fns); break; case OSSL_FUNC_KDF_GET_PARAMS: if (kdf->get_params != NULL) @@ -158,11 +155,11 @@ } EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch(libctx, OSSL_OP_KDF, algorithm, properties, - evp_kdf_from_algorithm, evp_kdf_up_ref, - evp_kdf_free); + evp_kdf_from_algorithm, evp_kdf_up_ref, + evp_kdf_free); } int EVP_KDF_up_ref(EVP_KDF *kdf) @@ -223,10 +220,10 @@ } void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KDF *kdf, void *arg), - void *arg) + void (*fn)(EVP_KDF *kdf, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_KDF, - (void (*)(void *, void *))fn, arg, - evp_kdf_from_algorithm, evp_kdf_up_ref, evp_kdf_free); + (void (*)(void *, void *))fn, arg, + evp_kdf_from_algorithm, evp_kdf_up_ref, evp_kdf_free); } --- crypto/openssl/crypto/evp/kem.c.orig +++ crypto/openssl/crypto/evp/kem.c @@ -18,7 +18,7 @@ #include "evp_local.h" static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { int ret = 0; EVP_KEM *kem = NULL; @@ -45,12 +45,12 @@ * Try to derive the supported kem from |ctx->keymgmt|. */ if (!ossl_assert(ctx->pkey->keymgmt == NULL - || ctx->pkey->keymgmt == ctx->keymgmt)) { + || ctx->pkey->keymgmt == ctx->keymgmt)) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); goto err; } supported_kem = evp_keymgmt_util_query_operation_name(ctx->keymgmt, - OSSL_OP_KEM); + OSSL_OP_KEM); if (supported_kem == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; @@ -95,11 +95,11 @@ case 2: tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); kem = evp_kem_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_kem, ctx->propquery); + supported_kem, ctx->propquery); if (kem == NULL) { ERR_raise(ERR_LIB_EVP, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ret = -2; goto err; } @@ -117,13 +117,12 @@ * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt) */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); + tmp_keymgmt_tofree = tmp_keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + EVP_KEYMGMT_get0_name(ctx->keymgmt), + ctx->propquery); if (tmp_keymgmt != NULL) provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); + &tmp_keymgmt, ctx->propquery); if (tmp_keymgmt == NULL) EVP_KEYMGMT_free(tmp_keymgmt_tofree); } @@ -169,7 +168,7 @@ if (ret > 0) return 1; - err: +err: if (ret <= 0) { evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; @@ -184,8 +183,8 @@ } int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - unsigned char *secret, size_t *secretlen) + unsigned char *out, size_t *outlen, + unsigned char *secret, size_t *secretlen) { if (ctx == NULL) return 0; @@ -204,7 +203,7 @@ return 0; return ctx->op.encap.kem->encapsulate(ctx->op.encap.algctx, - out, outlen, secret, secretlen); + out, outlen, secret, secretlen); } int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) @@ -213,8 +212,8 @@ } int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, - unsigned char *secret, size_t *secretlen, - const unsigned char *in, size_t inlen) + unsigned char *secret, size_t *secretlen, + const unsigned char *in, size_t inlen) { if (ctx == NULL || (in == NULL || inlen == 0) @@ -231,7 +230,7 @@ return -2; } return ctx->op.encap.kem->decapsulate(ctx->op.encap.algctx, - secret, secretlen, in, inlen); + secret, secretlen, in, inlen); } static EVP_KEM *evp_kem_new(OSSL_PROVIDER *prov) @@ -257,7 +256,7 @@ } static void *evp_kem_from_algorithm(int name_id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_KEM *kem = NULL; @@ -367,7 +366,7 @@ } return kem; - err: +err: EVP_KEM_free(kem); return NULL; } @@ -402,21 +401,21 @@ } EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch(ctx, OSSL_OP_KEM, algorithm, properties, - evp_kem_from_algorithm, - (int (*)(void *))EVP_KEM_up_ref, - (void (*)(void *))EVP_KEM_free); + evp_kem_from_algorithm, + (int (*)(void *))EVP_KEM_up_ref, + (void (*)(void *))EVP_KEM_free); } EVP_KEM *evp_kem_fetch_from_prov(OSSL_PROVIDER *prov, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch_from_prov(prov, OSSL_OP_KEM, algorithm, properties, - evp_kem_from_algorithm, - (int (*)(void *))EVP_KEM_up_ref, - (void (*)(void *))EVP_KEM_free); + evp_kem_from_algorithm, + (int (*)(void *))EVP_KEM_up_ref, + (void (*)(void *))EVP_KEM_free); } int EVP_KEM_is_a(const EVP_KEM *kem, const char *name) @@ -440,18 +439,18 @@ } void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEM *kem, void *arg), - void *arg) + void (*fn)(EVP_KEM *kem, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_KEM, (void (*)(void *, void *))fn, arg, - evp_kem_from_algorithm, - (int (*)(void *))EVP_KEM_up_ref, - (void (*)(void *))EVP_KEM_free); + evp_kem_from_algorithm, + (int (*)(void *))EVP_KEM_up_ref, + (void (*)(void *))EVP_KEM_free); } int EVP_KEM_names_do_all(const EVP_KEM *kem, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (kem->prov != NULL) return evp_names_do_all(kem->prov, kem->name_id, fn, data); --- crypto/openssl/crypto/evp/keymgmt_lib.c.orig +++ crypto/openssl/crypto/evp/keymgmt_lib.c @@ -48,7 +48,7 @@ return 1; if (evp_keymgmt_import(data->keymgmt, data->keydata, data->selection, - params)) + params)) return 1; if (delete_on_error) { evp_keymgmt_freedata(data->keymgmt, data->keydata); @@ -58,7 +58,7 @@ } int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, - void *keydata) + void *keydata) { if (pkey == NULL || keymgmt == NULL || keydata == NULL || !EVP_PKEY_set_type_by_keymgmt(pkey, keymgmt)) { @@ -85,16 +85,16 @@ } int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, - OSSL_CALLBACK *export_cb, void *export_cbarg) + OSSL_CALLBACK *export_cb, void *export_cbarg) { if (pk == NULL || export_cb == NULL) return 0; return evp_keymgmt_export(pk->keymgmt, pk->keydata, selection, - export_cb, export_cbarg); + export_cb, export_cbarg); } void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, - int selection) + int selection) { struct evp_keymgmt_util_try_import_data_st import_data; OP_CACHE_ELEM *op; @@ -156,7 +156,7 @@ */ /* Setup for the export callback */ - import_data.keydata = NULL; /* evp_keymgmt_util_try_import will create it */ + import_data.keydata = NULL; /* evp_keymgmt_util_try_import will create it */ import_data.keymgmt = keymgmt; import_data.selection = selection; @@ -165,7 +165,7 @@ * which does the import for us. If successful, we're done. */ if (!evp_keymgmt_util_export(pk, selection, - &evp_keymgmt_util_try_import, &import_data)) + &evp_keymgmt_util_try_import, &import_data)) /* If there was an error, bail out */ return NULL; @@ -198,7 +198,7 @@ /* Add the new export to the operation cache */ if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata, - selection)) { + selection)) { CRYPTO_THREAD_unlock(pk->lock); evp_keymgmt_freedata(keymgmt, import_data.keydata); return NULL; @@ -234,8 +234,8 @@ } OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt, - int selection) + EVP_KEYMGMT *keymgmt, + int selection) { int i, end = sk_OP_CACHE_ELEM_num(pk->operation_cache); OP_CACHE_ELEM *p; @@ -249,16 +249,16 @@ for (i = 0; i < end; i++) { p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i); if ((p->selection & selection) == selection - && (keymgmt == p->keymgmt - || (keymgmt->name_id == p->keymgmt->name_id - && keymgmt->prov == p->keymgmt->prov))) + && (keymgmt == p->keymgmt + || (keymgmt->name_id == p->keymgmt->name_id + && keymgmt->prov == p->keymgmt->prov))) return p; } return NULL; } int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, - void *keydata, int selection) + void *keydata, int selection) { OP_CACHE_ELEM *p = NULL; @@ -305,7 +305,7 @@ params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits); params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS, - &security_bits); + &security_bits); params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size); params[3] = OSSL_PARAM_construct_end(); if (evp_keymgmt_get_params(pk->keymgmt, pk->keydata, params)) { @@ -317,7 +317,7 @@ } void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, - int selection, const OSSL_PARAM params[]) + int selection, const OSSL_PARAM params[]) { void *keydata = NULL; @@ -386,7 +386,7 @@ && keymgmt2 != NULL && !match_type(keymgmt1, keymgmt2)) { ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); - return -1; /* Not the same type */ + return -1; /* Not the same type */ } /* @@ -399,9 +399,8 @@ ok = 1; if (keydata1 != NULL) { - tmp_keydata = - evp_keymgmt_util_export_to_provider(pk1, keymgmt2, - selection); + tmp_keydata = evp_keymgmt_util_export_to_provider(pk1, keymgmt2, + selection); ok = (tmp_keydata != NULL); } if (ok) { @@ -420,9 +419,8 @@ ok = 1; if (keydata2 != NULL) { - tmp_keydata = - evp_keymgmt_util_export_to_provider(pk2, keymgmt1, - selection); + tmp_keydata = evp_keymgmt_util_export_to_provider(pk2, keymgmt1, + selection); ok = (tmp_keydata != NULL); } if (ok) { @@ -467,8 +465,8 @@ if (to_keymgmt == from->keymgmt && to_keymgmt->dup != NULL && to_keydata == NULL) { to_keydata = alloc_keydata = evp_keymgmt_dup(to_keymgmt, - from->keydata, - selection); + from->keydata, + selection); if (to_keydata == NULL) return 0; } else if (match_type(to_keymgmt, from->keymgmt)) { @@ -479,8 +477,8 @@ import_data.selection = selection; if (!evp_keymgmt_util_export(from, selection, - &evp_keymgmt_util_try_import, - &import_data)) + &evp_keymgmt_util_try_import, + &import_data)) return 0; /* @@ -515,7 +513,7 @@ } void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, - void *genctx, OSSL_CALLBACK *cb, void *cbarg) + void *genctx, OSSL_CALLBACK *cb, void *cbarg) { void *keydata = NULL; @@ -535,8 +533,8 @@ * returns for no digest. */ int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, - void *keydata, - char *mdname, size_t mdname_sz) + void *keydata, + char *mdname, size_t mdname_sz) { OSSL_PARAM params[3]; char mddefault[100] = ""; @@ -544,13 +542,11 @@ char *result = NULL; int rv = -2; - params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, - mddefault, sizeof(mddefault)); - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, - mdmandatory, - sizeof(mdmandatory)); + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, + mddefault, sizeof(mddefault)); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, + mdmandatory, + sizeof(mdmandatory)); params[2] = OSSL_PARAM_construct_end(); if (!evp_keymgmt_get_params(keymgmt, keydata, params)) @@ -580,7 +576,7 @@ * assuming that it works as a default operation name. */ const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, - int op_id) + int op_id) { const char *name = NULL; --- crypto/openssl/crypto/evp/keymgmt_meth.c.orig +++ crypto/openssl/crypto/evp/keymgmt_meth.c @@ -34,8 +34,8 @@ } static void *keymgmt_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_KEYMGMT *keymgmt = NULL; @@ -65,21 +65,18 @@ break; case OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE: if (keymgmt->gen_set_template == NULL) - keymgmt->gen_set_template = - OSSL_FUNC_keymgmt_gen_set_template(fns); + keymgmt->gen_set_template = OSSL_FUNC_keymgmt_gen_set_template(fns); break; case OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS: if (keymgmt->gen_set_params == NULL) { setgenparamfncnt++; - keymgmt->gen_set_params = - OSSL_FUNC_keymgmt_gen_set_params(fns); + keymgmt->gen_set_params = OSSL_FUNC_keymgmt_gen_set_params(fns); } break; case OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS: if (keymgmt->gen_settable_params == NULL) { setgenparamfncnt++; - keymgmt->gen_settable_params = - OSSL_FUNC_keymgmt_gen_settable_params(fns); + keymgmt->gen_settable_params = OSSL_FUNC_keymgmt_gen_settable_params(fns); } break; case OSSL_FUNC_KEYMGMT_GEN: @@ -107,11 +104,10 @@ case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS: if (keymgmt->gettable_params == NULL) { getparamfncnt++; - keymgmt->gettable_params = - OSSL_FUNC_keymgmt_gettable_params(fns); + keymgmt->gettable_params = OSSL_FUNC_keymgmt_gettable_params(fns); } break; - case OSSL_FUNC_KEYMGMT_SET_PARAMS: + case OSSL_FUNC_KEYMGMT_SET_PARAMS: if (keymgmt->set_params == NULL) { setparamfncnt++; keymgmt->set_params = OSSL_FUNC_keymgmt_set_params(fns); @@ -120,14 +116,12 @@ case OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS: if (keymgmt->settable_params == NULL) { setparamfncnt++; - keymgmt->settable_params = - OSSL_FUNC_keymgmt_settable_params(fns); + keymgmt->settable_params = OSSL_FUNC_keymgmt_settable_params(fns); } break; case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME: if (keymgmt->query_operation_name == NULL) - keymgmt->query_operation_name = - OSSL_FUNC_keymgmt_query_operation_name(fns); + keymgmt->query_operation_name = OSSL_FUNC_keymgmt_query_operation_name(fns); break; case OSSL_FUNC_KEYMGMT_HAS: if (keymgmt->has == NULL) @@ -204,33 +198,33 @@ } EVP_KEYMGMT *evp_keymgmt_fetch_by_number(OSSL_LIB_CTX *ctx, int name_id, - const char *properties) + const char *properties) { return evp_generic_fetch_by_number(ctx, - OSSL_OP_KEYMGMT, name_id, properties, - keymgmt_from_algorithm, - (int (*)(void *))EVP_KEYMGMT_up_ref, - (void (*)(void *))EVP_KEYMGMT_free); + OSSL_OP_KEYMGMT, name_id, properties, + keymgmt_from_algorithm, + (int (*)(void *))EVP_KEYMGMT_up_ref, + (void (*)(void *))EVP_KEYMGMT_free); } EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties) + const char *name, + const char *properties) { return evp_generic_fetch_from_prov(prov, OSSL_OP_KEYMGMT, - name, properties, - keymgmt_from_algorithm, - (int (*)(void *))EVP_KEYMGMT_up_ref, - (void (*)(void *))EVP_KEYMGMT_free); + name, properties, + keymgmt_from_algorithm, + (int (*)(void *))EVP_KEYMGMT_up_ref, + (void (*)(void *))EVP_KEYMGMT_free); } EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch(ctx, OSSL_OP_KEYMGMT, algorithm, properties, - keymgmt_from_algorithm, - (int (*)(void *))EVP_KEYMGMT_up_ref, - (void (*)(void *))EVP_KEYMGMT_free); + keymgmt_from_algorithm, + (int (*)(void *))EVP_KEYMGMT_up_ref, + (void (*)(void *))EVP_KEYMGMT_free); } int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt) @@ -280,23 +274,23 @@ int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name) { return keymgmt != NULL - && evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name); + && evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name); } void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), - void *arg) + void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_KEYMGMT, - (void (*)(void *, void *))fn, arg, - keymgmt_from_algorithm, - (int (*)(void *))EVP_KEYMGMT_up_ref, - (void (*)(void *))EVP_KEYMGMT_free); + (void (*)(void *, void *))fn, arg, + keymgmt_from_algorithm, + (int (*)(void *))EVP_KEYMGMT_up_ref, + (void (*)(void *))EVP_KEYMGMT_free); } int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (keymgmt->prov != NULL) return evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data); @@ -328,7 +322,7 @@ } void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); @@ -338,7 +332,7 @@ } int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, - void *template) + void *template) { /* * It's arguable if we actually should return success in this case, as @@ -352,7 +346,7 @@ } int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { if (keymgmt->gen_set_params == NULL) return 0; @@ -369,7 +363,7 @@ } void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, - OSSL_CALLBACK *cb, void *cbarg) + OSSL_CALLBACK *cb, void *cbarg) { if (keymgmt->gen == NULL) return NULL; @@ -388,7 +382,7 @@ } void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, - const void *objref, size_t objref_sz) + const void *objref, size_t objref_sz) { if (evp_keymgmt_has_load(keymgmt)) return keymgmt->load(objref, objref_sz); @@ -396,7 +390,7 @@ } int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, void *keydata, - OSSL_PARAM params[]) + OSSL_PARAM params[]) { if (keymgmt->get_params == NULL) return 1; @@ -413,7 +407,7 @@ } int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *keydata, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { if (keymgmt->set_params == NULL) return 1; @@ -436,7 +430,7 @@ } int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, int checktype) + int selection, int checktype) { /* We assume valid if the implementation doesn't have a function */ if (keymgmt->validate == NULL) @@ -445,8 +439,8 @@ } int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, - const void *keydata1, const void *keydata2, - int selection) + const void *keydata1, const void *keydata2, + int selection) { /* We assume no match if the implementation doesn't have a function */ if (keymgmt->match == NULL) @@ -455,7 +449,7 @@ } int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, const OSSL_PARAM params[]) + int selection, const OSSL_PARAM params[]) { if (keymgmt->import == NULL) return 0; @@ -463,7 +457,7 @@ } const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, - int selection) + int selection) { if (keymgmt->import_types == NULL) return NULL; @@ -471,7 +465,7 @@ } int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, OSSL_CALLBACK *param_cb, void *cbarg) + int selection, OSSL_CALLBACK *param_cb, void *cbarg) { if (keymgmt->export == NULL) return 0; @@ -479,7 +473,7 @@ } const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, - int selection) + int selection) { if (keymgmt->export_types == NULL) return NULL; @@ -487,7 +481,7 @@ } void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, const void *keydata_from, - int selection) + int selection) { /* We assume no dup if the implementation doesn't have a function */ if (keymgmt->dup == NULL) --- crypto/openssl/crypto/evp/legacy_blake2.c.orig +++ crypto/openssl/crypto/evp/legacy_blake2.c @@ -8,7 +8,7 @@ */ #include "crypto/evp.h" -#include "prov/blake2.h" /* diverse BLAKE2 macros */ +#include "prov/blake2.h" /* diverse BLAKE2 macros */ #include "legacy_meth.h" #define ossl_blake2b_init ossl_blake2b512_init @@ -24,7 +24,7 @@ 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(blake2b_int_init, blake2b_int_update, - blake2b_int_final, NULL, BLAKE2B_BLOCKBYTES), + blake2b_int_final, NULL, BLAKE2B_BLOCKBYTES), }; const EVP_MD *EVP_blake2b512(void) @@ -39,7 +39,7 @@ 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(blake2s_int_init, blake2s_int_update, - blake2s_int_final, NULL, BLAKE2S_BLOCKBYTES), + blake2s_int_final, NULL, BLAKE2S_BLOCKBYTES), }; const EVP_MD *EVP_blake2s256(void) --- crypto/openssl/crypto/evp/legacy_md5_sha1.c.orig +++ crypto/openssl/crypto/evp/legacy_md5_sha1.c @@ -15,7 +15,7 @@ #include "internal/deprecated.h" #include "crypto/evp.h" -#include "prov/md5_sha1.h" /* diverse MD5_SHA1 macros */ +#include "prov/md5_sha1.h" /* diverse MD5_SHA1 macros */ #include "legacy_meth.h" IMPLEMENT_LEGACY_EVP_MD_METH_LC(md5_sha1_int, ossl_md5_sha1) @@ -31,8 +31,8 @@ 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(md5_sha1_int_init, md5_sha1_int_update, - md5_sha1_int_final, md5_sha1_int_ctrl, - MD5_SHA1_CBLOCK), + md5_sha1_int_final, md5_sha1_int_ctrl, + MD5_SHA1_CBLOCK), }; const EVP_MD *EVP_md5_sha1(void) --- crypto/openssl/crypto/evp/legacy_mdc2.c.orig +++ crypto/openssl/crypto/evp/legacy_mdc2.c @@ -26,7 +26,7 @@ 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(mdc2_init, mdc2_update, mdc2_final, NULL, - MDC2_BLOCK), + MDC2_BLOCK), }; const EVP_MD *EVP_mdc2(void) --- crypto/openssl/crypto/evp/legacy_meth.h.orig +++ crypto/openssl/crypto/evp/legacy_meth.h @@ -7,34 +7,33 @@ * https://www.openssl.org/source/license.html */ -#define IMPLEMENT_LEGACY_EVP_MD_METH(nm, fn) \ -static int nm##_init(EVP_MD_CTX *ctx) \ -{ \ - return fn##_Init(EVP_MD_CTX_get0_md_data(ctx)); \ -} \ -static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ -{ \ - return fn##_Update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ -} \ -static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ -{ \ - return fn##_Final(md, EVP_MD_CTX_get0_md_data(ctx)); \ -} +#define IMPLEMENT_LEGACY_EVP_MD_METH(nm, fn) \ + static int nm##_init(EVP_MD_CTX *ctx) \ + { \ + return fn##_Init(EVP_MD_CTX_get0_md_data(ctx)); \ + } \ + static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ + { \ + return fn##_Update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ + } \ + static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ + { \ + return fn##_Final(md, EVP_MD_CTX_get0_md_data(ctx)); \ + } -#define IMPLEMENT_LEGACY_EVP_MD_METH_LC(nm, fn) \ -static int nm##_init(EVP_MD_CTX *ctx) \ -{ \ - return fn##_init(EVP_MD_CTX_get0_md_data(ctx)); \ -} \ -static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ -{ \ - return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ -} \ -static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ -{ \ - return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ -} +#define IMPLEMENT_LEGACY_EVP_MD_METH_LC(nm, fn) \ + static int nm##_init(EVP_MD_CTX *ctx) \ + { \ + return fn##_init(EVP_MD_CTX_get0_md_data(ctx)); \ + } \ + static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ + { \ + return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ + } \ + static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ + { \ + return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ + } - -#define LEGACY_EVP_MD_METH_TABLE(init, update, final, ctrl, blksz) \ +#define LEGACY_EVP_MD_METH_TABLE(init, update, final, ctrl, blksz) \ init, update, final, NULL, NULL, blksz, 0, ctrl --- crypto/openssl/crypto/evp/legacy_ripemd.c.orig +++ crypto/openssl/crypto/evp/legacy_ripemd.c @@ -26,7 +26,7 @@ 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(ripe_init, ripe_update, ripe_final, NULL, - RIPEMD160_CBLOCK), + RIPEMD160_CBLOCK), }; const EVP_MD *EVP_ripemd160(void) --- crypto/openssl/crypto/evp/legacy_sha.c.orig +++ crypto/openssl/crypto/evp/legacy_sha.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,8 +13,8 @@ */ #include "internal/deprecated.h" -#include /* diverse SHA macros */ -#include "internal/sha3.h" /* KECCAK1600_WIDTH */ +#include /* diverse SHA macros */ +#include "internal/sha3.h" /* KECCAK1600_WIDTH */ #include "crypto/evp.h" /* Used by legacy methods */ #include "crypto/sha.h" @@ -26,32 +26,32 @@ * These only remain to support engines that can get these methods. * Hardware support for SHA3 has been removed from these legacy cases. */ -#define IMPLEMENT_LEGACY_EVP_MD_METH_SHA3(nm, fn, tag) \ -static int nm##_init(EVP_MD_CTX *ctx) \ -{ \ - return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \ -} \ -static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ -{ \ - return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ -} \ -static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ -{ \ - return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ -} -#define IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(nm, fn, tag) \ -static int nm##_init(EVP_MD_CTX *ctx) \ -{ \ - return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \ -} \ +#define IMPLEMENT_LEGACY_EVP_MD_METH_SHA3(nm, fn, tag) \ + static int nm##_init(EVP_MD_CTX *ctx) \ + { \ + return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \ + } \ + static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ + { \ + return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ + } \ + static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ + { \ + return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ + } +#define IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(nm, fn, tag) \ + static int nm##_init(EVP_MD_CTX *ctx) \ + { \ + return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \ + } -#define sha512_224_Init sha512_224_init -#define sha512_256_Init sha512_256_init +#define sha512_224_Init sha512_224_init +#define sha512_256_Init sha512_256_init -#define sha512_224_Update SHA512_Update -#define sha512_224_Final SHA512_Final -#define sha512_256_Update SHA512_Update -#define sha512_256_Final SHA512_Final +#define sha512_224_Update SHA512_Update +#define sha512_224_Final SHA512_Final +#define sha512_256_Update SHA512_Update +#define sha512_256_Final SHA512_Final IMPLEMENT_LEGACY_EVP_MD_METH(sha1, SHA1) IMPLEMENT_LEGACY_EVP_MD_METH(sha224, SHA224) @@ -66,7 +66,7 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) { return ossl_sha1_ctrl(ctx != NULL ? EVP_MD_CTX_get0_md_data(ctx) : NULL, - cmd, p1, p2); + cmd, p1, p2); } static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) @@ -86,8 +86,6 @@ } } - - static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -95,7 +93,7 @@ EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha1_init, sha1_update, sha1_final, sha1_int_ctrl, - SHA_CBLOCK), + SHA_CBLOCK), }; const EVP_MD *EVP_sha1(void) @@ -110,7 +108,7 @@ EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha224_init, sha224_update, sha224_final, NULL, - SHA256_CBLOCK), + SHA256_CBLOCK), }; const EVP_MD *EVP_sha224(void) @@ -125,7 +123,7 @@ EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha256_init, sha256_update, sha256_final, NULL, - SHA256_CBLOCK), + SHA256_CBLOCK), }; const EVP_MD *EVP_sha256(void) @@ -140,7 +138,7 @@ EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha512_224_int_init, sha512_224_int_update, - sha512_224_int_final, NULL, SHA512_CBLOCK), + sha512_224_int_final, NULL, SHA512_CBLOCK), }; const EVP_MD *EVP_sha512_224(void) @@ -155,7 +153,7 @@ EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha512_256_int_init, sha512_256_int_update, - sha512_256_int_final, NULL, SHA512_CBLOCK), + sha512_256_int_final, NULL, SHA512_CBLOCK), }; const EVP_MD *EVP_sha512_256(void) @@ -170,7 +168,7 @@ EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha384_init, sha384_update, sha384_final, NULL, - SHA512_CBLOCK), + SHA512_CBLOCK), }; const EVP_MD *EVP_sha384(void) @@ -185,7 +183,7 @@ EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha512_init, sha512_update, sha512_final, NULL, - SHA512_CBLOCK), + SHA512_CBLOCK), }; const EVP_MD *EVP_sha512(void) @@ -193,35 +191,35 @@ return &sha512_md; } -#define EVP_MD_SHA3(bitlen) \ -const EVP_MD *EVP_sha3_##bitlen(void) \ -{ \ - static const EVP_MD sha3_##bitlen##_md = { \ - NID_sha3_##bitlen, \ - NID_RSA_SHA3_##bitlen, \ - bitlen / 8, \ - EVP_MD_FLAG_DIGALGID_ABSENT, \ - EVP_ORIG_GLOBAL, \ - LEGACY_EVP_MD_METH_TABLE(sha3_int_init, sha3_int_update, \ - sha3_int_final, NULL, \ - (KECCAK1600_WIDTH - bitlen * 2) / 8), \ - }; \ - return &sha3_##bitlen##_md; \ -} -#define EVP_MD_SHAKE(bitlen) \ -const EVP_MD *EVP_shake##bitlen(void) \ -{ \ - static const EVP_MD shake##bitlen##_md = { \ - NID_shake##bitlen, \ - 0, \ - bitlen / 8, \ - EVP_MD_FLAG_XOF, \ - EVP_ORIG_GLOBAL, \ - LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \ - shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \ - }; \ - return &shake##bitlen##_md; \ -} +#define EVP_MD_SHA3(bitlen) \ + const EVP_MD *EVP_sha3_##bitlen(void) \ + { \ + static const EVP_MD sha3_##bitlen##_md = { \ + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ + EVP_MD_FLAG_DIGALGID_ABSENT, \ + EVP_ORIG_GLOBAL, \ + LEGACY_EVP_MD_METH_TABLE(sha3_int_init, sha3_int_update, \ + sha3_int_final, NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8), \ + }; \ + return &sha3_##bitlen##_md; \ + } +#define EVP_MD_SHAKE(bitlen) \ + const EVP_MD *EVP_shake##bitlen(void) \ + { \ + static const EVP_MD shake##bitlen##_md = { \ + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ + EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT, \ + EVP_ORIG_GLOBAL, \ + LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \ + shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \ + }; \ + return &shake##bitlen##_md; \ + } EVP_MD_SHA3(224) EVP_MD_SHA3(256) --- crypto/openssl/crypto/evp/legacy_wp.c.orig +++ crypto/openssl/crypto/evp/legacy_wp.c @@ -26,7 +26,7 @@ 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(wp_init, wp_update, wp_final, NULL, - WHIRLPOOL_BBLOCK / 8), + WHIRLPOOL_BBLOCK / 8), }; const EVP_MD *EVP_whirlpool(void) --- crypto/openssl/crypto/evp/m_sigver.c.orig +++ crypto/openssl/crypto/evp/m_sigver.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ #include #include "crypto/evp.h" #include "internal/provider.h" -#include "internal/numbers.h" /* includes SIZE_MAX */ +#include "internal/numbers.h" /* includes SIZE_MAX */ #include "evp_local.h" #ifndef FIPS_MODULE @@ -37,17 +37,17 @@ } static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, const char *mdname, - OSSL_LIB_CTX *libctx, const char *props, - ENGINE *e, EVP_PKEY *pkey, int ver, - const OSSL_PARAM params[]) + const EVP_MD *type, const char *mdname, + OSSL_LIB_CTX *libctx, const char *props, + ENGINE *e, EVP_PKEY *pkey, int ver, + const OSSL_PARAM params[]) { EVP_PKEY_CTX *locpctx = NULL; EVP_SIGNATURE *signature = NULL; EVP_KEYMGMT *tmp_keymgmt = NULL; const OSSL_PROVIDER *tmp_prov = NULL; const char *supported_sig = NULL; - char locmdname[80] = ""; /* 80 chars should be enough */ + char locmdname[80] = ""; /* 80 chars should be enough */ void *provkey = NULL; int ret, iter, reinit = 1; @@ -80,8 +80,7 @@ /* do not reinitialize if pkey is set or operation is different */ if (reinit && (pkey != NULL - || locpctx->operation != (ver ? EVP_PKEY_OP_VERIFYCTX - : EVP_PKEY_OP_SIGNCTX) + || locpctx->operation != (ver ? EVP_PKEY_OP_VERIFYCTX : EVP_PKEY_OP_SIGNCTX) || (signature = locpctx->op.sig.signature) == NULL || locpctx->op.sig.algctx == NULL)) reinit = 0; @@ -107,13 +106,13 @@ * Try to derive the supported signature from |locpctx->keymgmt|. */ if (!ossl_assert(locpctx->pkey->keymgmt == NULL - || locpctx->pkey->keymgmt == locpctx->keymgmt)) { + || locpctx->pkey->keymgmt == locpctx->keymgmt)) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); goto err; } supported_sig = evp_keymgmt_util_query_operation_name(locpctx->keymgmt, - OSSL_OP_SIGNATURE); + OSSL_OP_SIGNATURE); if (supported_sig == NULL) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -151,15 +150,14 @@ switch (iter) { case 1: signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig, - locpctx->propquery); + locpctx->propquery); if (signature != NULL) tmp_prov = EVP_SIGNATURE_get0_provider(signature); break; case 2: tmp_prov = EVP_KEYMGMT_get0_provider(locpctx->keymgmt); - signature = - evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_sig, locpctx->propquery); + signature = evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + supported_sig, locpctx->propquery); if (signature == NULL) goto legacy; break; @@ -177,13 +175,12 @@ * export it if |tmp_keymgmt| is different from |locpctx->pkey|'s keymgmt) */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(locpctx->keymgmt), - locpctx->propquery); + tmp_keymgmt_tofree = tmp_keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + EVP_KEYMGMT_get0_name(locpctx->keymgmt), + locpctx->propquery); if (tmp_keymgmt != NULL) provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx, - &tmp_keymgmt, locpctx->propquery); + &tmp_keymgmt, locpctx->propquery); if (tmp_keymgmt == NULL) EVP_KEYMGMT_free(tmp_keymgmt_tofree); } @@ -205,11 +202,11 @@ locpctx->op.sig.algctx = signature->newctx(ossl_provider_ctx(signature->prov), props); if (locpctx->op.sig.algctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } - reinitialize: +reinitialize: if (pctx != NULL) *pctx = locpctx; @@ -220,8 +217,9 @@ } else { if (mdname == NULL && !reinit) { if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey, - locmdname, - sizeof(locmdname)) > 0) { + locmdname, + sizeof(locmdname)) + > 0) { mdname = canon_mdname(locmdname); } } @@ -239,7 +237,7 @@ * This might be requested by a later call to EVP_MD_CTX_get0_md(). * In that case the "explicit fetch" rules apply for that * function (as per man pages), i.e. the ref count is not updated - * so the EVP_MD should not be used beyound the lifetime of the + * so the EVP_MD should not be used beyond the lifetime of the * EVP_MD_CTX. */ ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); @@ -264,14 +262,14 @@ goto err; } ret = signature->digest_verify_init(locpctx->op.sig.algctx, - mdname, provkey, params); + mdname, provkey, params); } else { if (signature->digest_sign_init == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } ret = signature->digest_sign_init(locpctx->op.sig.algctx, - mdname, provkey, params); + mdname, provkey, params); } /* @@ -280,16 +278,16 @@ */ if (ret > 0 || mdname != NULL) goto end; - if (type == NULL) /* This check is redundant but clarifies matters */ + if (type == NULL) /* This check is redundant but clarifies matters */ ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST); - err: +err: evp_pkey_ctx_free_old_ops(locpctx); locpctx->operation = EVP_PKEY_OP_UNDEFINED; EVP_KEYMGMT_free(tmp_keymgmt); return 0; - legacy: +legacy: /* * If we don't have the full support we need with provided methods, * let's go see if legacy does. @@ -361,7 +359,7 @@ ret = 1; - end: +end: #ifndef FIPS_MODULE if (ret > 0) ret = evp_pkey_ctx_use_cached_data(locpctx); @@ -372,35 +370,35 @@ } int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const char *mdname, OSSL_LIB_CTX *libctx, - const char *props, EVP_PKEY *pkey, - const OSSL_PARAM params[]) + const char *mdname, OSSL_LIB_CTX *libctx, + const char *props, EVP_PKEY *pkey, + const OSSL_PARAM params[]) { return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0, - params); + params); } int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0, - NULL); + NULL); } int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const char *mdname, OSSL_LIB_CTX *libctx, - const char *props, EVP_PKEY *pkey, - const OSSL_PARAM params[]) + const char *mdname, OSSL_LIB_CTX *libctx, + const char *props, EVP_PKEY *pkey, + const OSSL_PARAM params[]) { return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1, - params); + params); } int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, - NULL); + NULL); } #endif /* FIPS_MDOE */ @@ -409,9 +407,9 @@ EVP_PKEY_CTX *pctx = ctx->pctx; if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) goto legacy; if (pctx->op.sig.signature->digest_sign_update == NULL) { @@ -420,9 +418,9 @@ } return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.algctx, - data, dsize); + data, dsize); - legacy: +legacy: if (pctx != NULL) { /* do_sigver_init() checked that |digest_custom| is non-NULL */ if (pctx->flag_call_digest_custom @@ -439,9 +437,9 @@ EVP_PKEY_CTX *pctx = ctx->pctx; if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) goto legacy; if (pctx->op.sig.signature->digest_verify_update == NULL) { @@ -450,9 +448,9 @@ } return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.algctx, - data, dsize); + data, dsize); - legacy: +legacy: if (pctx != NULL) { /* do_sigver_init() checked that |digest_custom| is non-NULL */ if (pctx->flag_call_digest_custom @@ -466,32 +464,32 @@ #ifndef FIPS_MODULE int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) + size_t *siglen) { int sctx = 0, r = 0; EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) + || pctx->operation != EVP_PKEY_OP_SIGNCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) goto legacy; if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen); + sigret, siglen, + sigret == NULL ? 0 : *siglen); dctx = EVP_PKEY_CTX_dup(pctx); if (dctx == NULL) return 0; r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx, - sigret, siglen, - *siglen); + sigret, siglen, + *siglen); EVP_PKEY_CTX_free(dctx); return r; - legacy: +legacy: if (pctx == NULL || pctx->pmeth == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -541,7 +539,7 @@ } if (sctx) r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, - sigret, siglen, tmp_ctx); + sigret, siglen, tmp_ctx); else r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); EVP_MD_CTX_free(tmp_ctx); @@ -565,19 +563,19 @@ } int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *tbs, size_t tbslen) { EVP_PKEY_CTX *pctx = ctx->pctx; if (pctx != NULL - && pctx->operation == EVP_PKEY_OP_SIGNCTX - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature != NULL) { + && pctx->operation == EVP_PKEY_OP_SIGNCTX + && pctx->op.sig.algctx != NULL + && pctx->op.sig.signature != NULL) { if (pctx->op.sig.signature->digest_sign != NULL) return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen, - tbs, tbslen); + sigret, siglen, + sigret == NULL ? 0 : *siglen, + tbs, tbslen); } else { /* legacy */ if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestsign != NULL) @@ -590,7 +588,7 @@ } int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) + size_t siglen) { unsigned char md[EVP_MAX_MD_SIZE]; int r = 0; @@ -599,24 +597,24 @@ EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) + || pctx->operation != EVP_PKEY_OP_VERIFYCTX + || pctx->op.sig.algctx == NULL + || pctx->op.sig.signature == NULL) goto legacy; if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, - sig, siglen); + sig, siglen); dctx = EVP_PKEY_CTX_dup(pctx); if (dctx == NULL) return 0; r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, - sig, siglen); + sig, siglen); EVP_PKEY_CTX_free(dctx); return r; - legacy: +legacy: if (pctx == NULL || pctx->pmeth == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -647,7 +645,7 @@ } if (vctx) r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, - sig, siglen, tmp_ctx); + sig, siglen, tmp_ctx); else r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); EVP_MD_CTX_free(tmp_ctx); @@ -658,7 +656,7 @@ } int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, - size_t siglen, const unsigned char *tbs, size_t tbslen) + size_t siglen, const unsigned char *tbs, size_t tbslen) { EVP_PKEY_CTX *pctx = ctx->pctx; @@ -668,12 +666,12 @@ } if (pctx->operation == EVP_PKEY_OP_VERIFYCTX - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature != NULL) { + && pctx->op.sig.algctx != NULL + && pctx->op.sig.signature != NULL) { if (pctx->op.sig.signature->digest_verify != NULL) return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx, - sigret, siglen, - tbs, tbslen); + sigret, siglen, + tbs, tbslen); } else { /* legacy */ if (pctx->pmeth != NULL && pctx->pmeth->digestverify != NULL) --- crypto/openssl/crypto/evp/mac_lib.c.orig +++ crypto/openssl/crypto/evp/mac_lib.c @@ -116,7 +116,7 @@ } int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return ctx->meth->init(ctx->algctx, key, keylen, params); } @@ -127,7 +127,7 @@ } static int evp_mac_final(EVP_MAC_CTX *ctx, int xof, - unsigned char *out, size_t *outl, size_t outsize) + unsigned char *out, size_t *outl, size_t outsize) { size_t l; int res; @@ -172,7 +172,7 @@ } int EVP_MAC_final(EVP_MAC_CTX *ctx, - unsigned char *out, size_t *outl, size_t outsize) + unsigned char *out, size_t *outl, size_t outsize) { return evp_mac_final(ctx, 0, out, outl, outsize); } @@ -230,8 +230,8 @@ } int EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (mac->prov != NULL) return evp_names_do_all(mac->prov, mac->name_id, fn, data); @@ -240,15 +240,15 @@ } unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, - const char *name, const char *propq, - const char *subalg, const OSSL_PARAM *params, - const void *key, size_t keylen, - const unsigned char *data, size_t datalen, - unsigned char *out, size_t outsize, size_t *outlen) + const char *name, const char *propq, + const char *subalg, const OSSL_PARAM *params, + const void *key, size_t keylen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outsize, size_t *outlen) { EVP_MAC *mac = EVP_MAC_fetch(libctx, name, propq); OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - EVP_MAC_CTX *ctx = NULL; + EVP_MAC_CTX *ctx = NULL; size_t len = 0; unsigned char *res = NULL; @@ -272,18 +272,17 @@ goto err; } } - subalg_param[0] = - OSSL_PARAM_construct_utf8_string(param_name, (char *)subalg, 0); + subalg_param[0] = OSSL_PARAM_construct_utf8_string(param_name, (char *)subalg, 0); } /* Single-shot - on NULL key input, set dummy key value for EVP_MAC_Init. */ if (key == NULL && keylen == 0) key = data; if ((ctx = EVP_MAC_CTX_new(mac)) != NULL - && EVP_MAC_CTX_set_params(ctx, subalg_param) - && EVP_MAC_CTX_set_params(ctx, params) - && EVP_MAC_init(ctx, key, keylen, params) - && EVP_MAC_update(ctx, data, datalen) - && EVP_MAC_final(ctx, out, &len, outsize)) { + && EVP_MAC_CTX_set_params(ctx, subalg_param) + && EVP_MAC_CTX_set_params(ctx, params) + && EVP_MAC_init(ctx, key, keylen, params) + && EVP_MAC_update(ctx, data, datalen) + && EVP_MAC_final(ctx, out, &len, outsize)) { if (out == NULL) { out = OPENSSL_malloc(len); if (out != NULL && !EVP_MAC_final(ctx, out, NULL, len)) { @@ -296,7 +295,7 @@ *outlen = len; } - err: +err: EVP_MAC_CTX_free(ctx); EVP_MAC_free(mac); return res; --- crypto/openssl/crypto/evp/mac_meth.c.orig +++ crypto/openssl/crypto/evp/mac_meth.c @@ -58,8 +58,8 @@ } static void *evp_mac_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_MAC *mac = NULL; @@ -116,20 +116,17 @@ case OSSL_FUNC_MAC_GETTABLE_PARAMS: if (mac->gettable_params != NULL) break; - mac->gettable_params = - OSSL_FUNC_mac_gettable_params(fns); + mac->gettable_params = OSSL_FUNC_mac_gettable_params(fns); break; case OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS: if (mac->gettable_ctx_params != NULL) break; - mac->gettable_ctx_params = - OSSL_FUNC_mac_gettable_ctx_params(fns); + mac->gettable_ctx_params = OSSL_FUNC_mac_gettable_ctx_params(fns); break; case OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS: if (mac->settable_ctx_params != NULL) break; - mac->settable_ctx_params = - OSSL_FUNC_mac_settable_ctx_params(fns); + mac->settable_ctx_params = OSSL_FUNC_mac_settable_ctx_params(fns); break; case OSSL_FUNC_MAC_GET_PARAMS: if (mac->get_params != NULL) @@ -167,11 +164,11 @@ } EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch(libctx, OSSL_OP_MAC, algorithm, properties, - evp_mac_from_algorithm, evp_mac_up_ref, - evp_mac_free); + evp_mac_from_algorithm, evp_mac_up_ref, + evp_mac_free); } int EVP_MAC_up_ref(EVP_MAC *mac) @@ -237,10 +234,10 @@ } void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_MAC *mac, void *arg), - void *arg) + void (*fn)(EVP_MAC *mac, void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_MAC, - (void (*)(void *, void *))fn, arg, - evp_mac_from_algorithm, evp_mac_up_ref, evp_mac_free); + (void (*)(void *, void *))fn, arg, + evp_mac_from_algorithm, evp_mac_up_ref, evp_mac_free); } --- crypto/openssl/crypto/evp/names.c.orig +++ crypto/openssl/crypto/evp/names.c @@ -24,11 +24,11 @@ return 0; r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); + (const char *)c); if (r == 0) return 0; r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); + (const char *)c); return r; } @@ -42,17 +42,17 @@ if (r == 0) return 0; r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, - (const char *)md); + (const char *)md); if (r == 0) return 0; if (md->pkey_type && md->type != md->pkey_type) { r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), - OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); + OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); if (r == 0) return 0; r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), - OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); + OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); } return r; } @@ -73,7 +73,7 @@ } const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, - const char *name) + const char *name) { const EVP_CIPHER *cp; OSSL_NAMEMAP *namemap; @@ -95,7 +95,7 @@ */ namemap = ossl_namemap_stored(libctx); - retry: +retry: id = ossl_namemap_name2num(namemap, name); if (id == 0) { EVP_CIPHER *fetched_cipher; @@ -154,7 +154,7 @@ */ namemap = ossl_namemap_stored(libctx); - retry: +retry: id = ossl_namemap_name2num(namemap, name); if (id == 0) { EVP_MD *fetched_md; @@ -196,8 +196,8 @@ struct doall_cipher { void *arg; - void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, void *arg); + void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *arg); }; static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg) @@ -209,9 +209,9 @@ dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg); } -void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, void *x), - void *arg) +void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg) { struct doall_cipher dc; @@ -223,9 +223,10 @@ OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); } -void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, - void *x), void *arg) +void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, + void *x), + void *arg) { struct doall_cipher dc; @@ -239,8 +240,8 @@ struct doall_md { void *arg; - void (*fn) (const EVP_MD *ciph, - const char *from, const char *to, void *arg); + void (*fn)(const EVP_MD *ciph, + const char *from, const char *to, void *arg); }; static void do_all_md_fn(const OBJ_NAME *nm, void *arg) @@ -252,9 +253,9 @@ dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg); } -void EVP_MD_do_all(void (*fn) (const EVP_MD *md, - const char *from, const char *to, void *x), - void *arg) +void EVP_MD_do_all(void (*fn)(const EVP_MD *md, + const char *from, const char *to, void *x), + void *arg) { struct doall_md dc; @@ -266,9 +267,10 @@ OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); } -void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md, - const char *from, const char *to, - void *x), void *arg) +void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md, + const char *from, const char *to, + void *x), + void *arg) { struct doall_md dc; --- crypto/openssl/crypto/evp/p5_crpt.c.orig +++ crypto/openssl/crypto/evp/p5_crpt.c @@ -24,9 +24,9 @@ } int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx, - const char *propq) + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx, + const char *propq) { unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; @@ -42,8 +42,7 @@ const char *mdname = EVP_MD_name(md); /* Extract useful info from parameter */ - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { + if (param == NULL || param->type != V_ASN1_SEQUENCE || param->value.sequence == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); return 0; } @@ -87,12 +86,12 @@ if (kctx == NULL) goto err; *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (char *)pass, (size_t)passlen); + (char *)pass, (size_t)passlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - salt, saltlen); + salt, saltlen); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_derive(kctx, md_tmp, mdsize, params) != 1) goto err; @@ -104,17 +103,16 @@ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; - err: +err: EVP_KDF_CTX_free(kctx); PBEPARAM_free(pbe); return rv; } int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de) + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de) { return PKCS5_PBE_keyivgen_ex(cctx, pass, passlen, param, cipher, md, en_de, - NULL, NULL); + NULL, NULL); } - --- crypto/openssl/crypto/evp/p5_crpt2.c.orig +++ crypto/openssl/crypto/evp/p5_crpt2.c @@ -20,9 +20,9 @@ #include "evp_local.h" int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, int keylen, unsigned char *out, - OSSL_LIB_CTX *libctx, const char *propq) + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out, + OSSL_LIB_CTX *libctx, const char *propq) { const char *empty = ""; int rv = 1, mode = 1; @@ -43,62 +43,63 @@ kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, propq); if (kdf == NULL) - return 0; + return 0; kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) return 0; *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (char *)pass, (size_t)passlen); + (char *)pass, (size_t)passlen); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)salt, saltlen); + (unsigned char *)salt, saltlen); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_derive(kctx, out, keylen, params) != 1) rv = 0; EVP_KDF_CTX_free(kctx); - OSSL_TRACE_BEGIN(PKCS5V2) { + OSSL_TRACE_BEGIN(PKCS5V2) + { BIO_printf(trc_out, "Password:\n"); BIO_hex_string(trc_out, - 0, passlen, pass, passlen); + 0, passlen, pass, passlen); BIO_printf(trc_out, "\n"); BIO_printf(trc_out, "Salt:\n"); BIO_hex_string(trc_out, - 0, saltlen, salt, saltlen); + 0, saltlen, salt, saltlen); BIO_printf(trc_out, "\n"); BIO_printf(trc_out, "Iteration count %d\n", iter); BIO_printf(trc_out, "Key:\n"); BIO_hex_string(trc_out, - 0, keylen, out, keylen); + 0, keylen, out, keylen); BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(PKCS5V2); + } + OSSL_TRACE_END(PKCS5V2); return rv; } int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, - int saltlen, int iter, const EVP_MD *digest, int keylen, - unsigned char *out) + int saltlen, int iter, const EVP_MD *digest, int keylen, + unsigned char *out) { return ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, digest, - keylen, out, NULL, NULL); + keylen, out, NULL, NULL); } - int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - int keylen, unsigned char *out) + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out) { EVP_MD *digest; int r = 0; if ((digest = EVP_MD_fetch(NULL, SN_sha1, NULL)) != NULL) r = ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, - digest, keylen, out, NULL, NULL); + digest, keylen, out, NULL, NULL); EVP_MD_free(digest); return r; } @@ -110,9 +111,9 @@ */ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, - const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) + ASN1_TYPE *param, const EVP_CIPHER *c, + const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq) { PBE2PARAM *pbe2 = NULL; char ciph_name[80]; @@ -130,7 +131,7 @@ /* See if we recognise the key derivation function */ if (!EVP_PBE_find_ex(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm), - NULL, NULL, NULL, &kdf)) { + NULL, NULL, NULL, &kdf)) { ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); goto err; } @@ -164,23 +165,23 @@ goto err; } rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de, libctx, propq); - err: +err: EVP_CIPHER_free(cipher_fetch); PBE2PARAM_free(pbe2); return rv; } int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, - const EVP_MD *md, int en_de) + ASN1_TYPE *param, const EVP_CIPHER *c, + const EVP_MD *md, int en_de) { return PKCS5_v2_PBE_keyivgen_ex(ctx, pass, passlen, param, c, md, en_de, NULL, NULL); } int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; int saltlen, iter, t; @@ -252,10 +253,10 @@ saltlen = kdf->salt->value.octet_string->length; iter = ASN1_INTEGER_get(kdf->iter); if (!ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, prfmd, - keylen, key, libctx, propq)) + keylen, key, libctx, propq)) goto err; rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - err: +err: OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); EVP_MD_free(prfmd_fetch); @@ -263,9 +264,9 @@ } int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de) + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de) { return PKCS5_v2_PBKDF2_keyivgen_ex(ctx, pass, passlen, param, c, md, en_de, - NULL, NULL); + NULL, NULL); } --- crypto/openssl/crypto/evp/p_dec.c.orig +++ crypto/openssl/crypto/evp/p_dec.c @@ -19,7 +19,7 @@ #include "crypto/evp.h" int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, - EVP_PKEY *priv) + EVP_PKEY *priv) { int ret = -1; RSA *rsa = NULL; @@ -33,8 +33,7 @@ if (rsa == NULL) goto err; - ret = - RSA_private_decrypt(ekl, ek, key, rsa, RSA_PKCS1_PADDING); - err: + ret = RSA_private_decrypt(ekl, ek, key, rsa, RSA_PKCS1_PADDING); +err: return ret; } --- crypto/openssl/crypto/evp/p_enc.c.orig +++ crypto/openssl/crypto/evp/p_enc.c @@ -19,7 +19,7 @@ #include "crypto/evp.h" int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, - int key_len, EVP_PKEY *pubk) + int key_len, EVP_PKEY *pubk) { int ret = 0; RSA *rsa = NULL; @@ -33,8 +33,7 @@ if (rsa == NULL) goto err; - ret = - RSA_public_encrypt(key_len, key, ek, rsa, RSA_PKCS1_PADDING); - err: + ret = RSA_public_encrypt(key_len, key, ek, rsa, RSA_PKCS1_PADDING); +err: return ret; } --- crypto/openssl/crypto/evp/p_lib.c.orig +++ crypto/openssl/crypto/evp/p_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,14 +28,14 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include #include #include #include -#include "internal/numbers.h" /* includes SIZE_MAX */ +#include "internal/numbers.h" /* includes SIZE_MAX */ #include "internal/ffc.h" #include "crypto/evp.h" #include "crypto/dh.h" @@ -44,20 +44,20 @@ #include "crypto/ecx.h" #include "crypto/rsa.h" #ifndef FIPS_MODULE -# include "crypto/asn1.h" -# include "crypto/x509.h" +#include "crypto/asn1.h" +#include "crypto/x509.h" #endif #include "internal/provider.h" #include "evp_local.h" static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, - int len, EVP_KEYMGMT *keymgmt); + int len, EVP_KEYMGMT *keymgmt); static void evp_pkey_free_it(EVP_PKEY *key); #ifndef FIPS_MODULE /* The type of parameters selected in key parameter functions */ -# define SELECT_PARAMETERS OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS +#define SELECT_PARAMETERS OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS int EVP_PKEY_get_bits(const EVP_PKEY *pkey) { @@ -85,7 +85,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) { -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { int ret = pkey->save_parameters; @@ -93,8 +93,8 @@ pkey->save_parameters = mode; return ret; } -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { int ret = pkey->save_parameters; @@ -102,7 +102,7 @@ pkey->save_parameters = mode; return ret; } -# endif +#endif return 0; } @@ -190,9 +190,8 @@ */ if (to->keymgmt != NULL && to->keydata == NULL) { EVP_KEYMGMT *to_keymgmt = to->keymgmt; - void *from_keydata = - evp_pkey_export_to_provider((EVP_PKEY *)from, NULL, &to_keymgmt, - NULL); + void *from_keydata = evp_pkey_export_to_provider((EVP_PKEY *)from, NULL, &to_keymgmt, + NULL); /* * If we get a NULL, it could be an internal error, or it could be @@ -202,15 +201,16 @@ ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); else ok = (to->keydata = evp_keymgmt_dup(to->keymgmt, - from_keydata, - SELECT_PARAMETERS)) != NULL; + from_keydata, + SELECT_PARAMETERS)) + != NULL; goto end; } /* Both keys are legacy */ if (from->ameth != NULL && from->ameth->param_copy != NULL) ok = from->ameth->param_copy(to, from); - end: +end: EVP_PKEY_free(downgraded_from); return ok; } @@ -232,7 +232,7 @@ * a call to evp_keymgmt_util_match(). */ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b, - int selection) + int selection) { EVP_KEYMGMT *keymgmt1 = NULL, *keymgmt2 = NULL; void *keydata1 = NULL, *keydata2 = NULL, *tmp_keydata = NULL; @@ -251,10 +251,10 @@ */ if (evp_pkey_is_legacy(a) && !EVP_KEYMGMT_is_a(b->keymgmt, OBJ_nid2sn(a->type))) - return -1; /* not the same key type */ + return -1; /* not the same key type */ if (evp_pkey_is_legacy(b) && !EVP_KEYMGMT_is_a(a->keymgmt, OBJ_nid2sn(b->type))) - return -1; /* not the same key type */ + return -1; /* not the same key type */ /* * We've determined that they both are the same keytype, so the next @@ -267,16 +267,14 @@ keydata2 = b->keydata; if (keymgmt2 != NULL && keymgmt2->match != NULL) { - tmp_keydata = - evp_pkey_export_to_provider((EVP_PKEY *)a, NULL, &keymgmt2, NULL); + tmp_keydata = evp_pkey_export_to_provider((EVP_PKEY *)a, NULL, &keymgmt2, NULL); if (tmp_keydata != NULL) { keymgmt1 = keymgmt2; keydata1 = tmp_keydata; } } if (tmp_keydata == NULL && keymgmt1 != NULL && keymgmt1->match != NULL) { - tmp_keydata = - evp_pkey_export_to_provider((EVP_PKEY *)b, NULL, &keymgmt1, NULL); + tmp_keydata = evp_pkey_export_to_provider((EVP_PKEY *)b, NULL, &keymgmt1, NULL); if (tmp_keydata != NULL) { keymgmt2 = keymgmt1; keydata2 = tmp_keydata; @@ -294,7 +292,7 @@ return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection); } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { return EVP_PKEY_parameters_eq(a, b); @@ -319,7 +317,7 @@ return -2; } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { return EVP_PKEY_eq(a, b); @@ -370,22 +368,21 @@ return -2; } - static EVP_PKEY *new_raw_key_int(OSSL_LIB_CTX *libctx, - const char *strtype, - const char *propq, - int nidtype, - ENGINE *e, - const unsigned char *key, - size_t len, - int key_is_priv) + const char *strtype, + const char *propq, + int nidtype, + ENGINE *e, + const unsigned char *key, + size_t len, + int key_is_priv) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; const EVP_PKEY_ASN1_METHOD *ameth = NULL; int result = 0; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE /* Check if there is an Engine for this type */ if (e == NULL) { ENGINE *tmpe = NULL; @@ -401,7 +398,7 @@ ENGINE_finish(tmpe); } -# endif +#endif if (e == NULL && ameth == NULL) { /* @@ -409,9 +406,9 @@ * a provider. */ ctx = EVP_PKEY_CTX_new_from_name(libctx, - strtype != NULL ? strtype - : OBJ_nid2sn(nidtype), - propq); + strtype != NULL ? strtype + : OBJ_nid2sn(nidtype), + propq); if (ctx == NULL) goto err; /* May fail if no provider available */ @@ -421,9 +418,9 @@ ERR_clear_last_mark(); params[0] = OSSL_PARAM_construct_octet_string( - key_is_priv ? OSSL_PKEY_PARAM_PRIV_KEY - : OSSL_PKEY_PARAM_PUB_KEY, - (void *)key, len); + key_is_priv ? OSSL_PKEY_PARAM_PRIV_KEY + : OSSL_PKEY_PARAM_PUB_KEY, + (void *)key, len); if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) != 1) { ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); @@ -477,7 +474,7 @@ } result = 1; - err: +err: if (!result) { EVP_PKEY_free(pkey); pkey = NULL; @@ -487,38 +484,37 @@ } EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, - const char *keytype, - const char *propq, - const unsigned char *priv, size_t len) + const char *keytype, + const char *propq, + const unsigned char *priv, size_t len) { return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, priv, - len, 1); + len, 1); } EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, - const unsigned char *priv, - size_t len) + const unsigned char *priv, + size_t len) { return new_raw_key_int(NULL, NULL, NULL, type, e, priv, len, 1); } EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OSSL_LIB_CTX *libctx, - const char *keytype, const char *propq, - const unsigned char *pub, size_t len) + const char *keytype, const char *propq, + const unsigned char *pub, size_t len) { return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, pub, - len, 0); + len, 0); } EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, - const unsigned char *pub, - size_t len) + const unsigned char *pub, + size_t len) { return new_raw_key_int(NULL, NULL, NULL, type, e, pub, len, 0); } -struct raw_key_details_st -{ +struct raw_key_details_st { unsigned char **key; size_t *len; int selection; @@ -532,23 +528,23 @@ if (raw_key->selection == OSSL_KEYMGMT_SELECT_PRIVATE_KEY) { if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY)) - != NULL) + != NULL) return OSSL_PARAM_get_octet_string(p, (void **)raw_key->key, - raw_key->key == NULL ? 0 : *raw_key->len, - raw_key->len); + raw_key->key == NULL ? 0 : *raw_key->len, + raw_key->len); } else if (raw_key->selection == OSSL_KEYMGMT_SELECT_PUBLIC_KEY) { if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY)) - != NULL) + != NULL) return OSSL_PARAM_get_octet_string(p, (void **)raw_key->key, - raw_key->key == NULL ? 0 : *raw_key->len, - raw_key->len); + raw_key->key == NULL ? 0 : *raw_key->len, + raw_key->len); } return 0; } int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, - size_t *len) + size_t *len) { if (pkey->keymgmt != NULL) { struct raw_key_details_st raw_key; @@ -558,7 +554,7 @@ raw_key.selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; return evp_keymgmt_util_export(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, - get_raw_key_details, &raw_key); + get_raw_key_details, &raw_key); } if (pkey->ameth == NULL) { @@ -580,7 +576,7 @@ } int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, - size_t *len) + size_t *len) { if (pkey->keymgmt != NULL) { struct raw_key_details_st raw_key; @@ -590,7 +586,7 @@ raw_key.selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY; return evp_keymgmt_util_export(pkey, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, - get_raw_key_details, &raw_key); + get_raw_key_details, &raw_key); } if (pkey->ameth == NULL) { @@ -598,7 +594,7 @@ return 0; } - if (pkey->ameth->get_pub_key == NULL) { + if (pkey->ameth->get_pub_key == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } @@ -612,15 +608,15 @@ } static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len, - const char *cipher_name, - const EVP_CIPHER *cipher, - OSSL_LIB_CTX *libctx, - const char *propq, ENGINE *e) + const char *cipher_name, + const EVP_CIPHER *cipher, + OSSL_LIB_CTX *libctx, + const char *propq, ENGINE *e) { -# ifndef OPENSSL_NO_CMAC -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_CMAC +#ifndef OPENSSL_NO_ENGINE const char *engine_id = e != NULL ? ENGINE_get_id(e) : NULL; -# endif +#endif OSSL_PARAM params[5], *p = params; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx; @@ -643,17 +639,17 @@ } *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, - (void *)priv, len); + (void *)priv, len); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_CIPHER, - (char *)cipher_name, 0); + (char *)cipher_name, 0); if (propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, - (char *)propq, 0); -# ifndef OPENSSL_NO_ENGINE + (char *)propq, 0); +#ifndef OPENSSL_NO_ENGINE if (engine_id != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_ENGINE, - (char *)engine_id, 0); -# endif + (char *)engine_id, 0); +#endif *p = OSSL_PARAM_construct_end(); if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) { @@ -661,18 +657,18 @@ goto err; } - err: +err: EVP_PKEY_CTX_free(ctx); return pkey; -# else +#else ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return NULL; -# endif +#endif } EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, - size_t len, const EVP_CIPHER *cipher) + size_t len, const EVP_CIPHER *cipher) { return new_cmac_key_int(priv, len, NULL, cipher, NULL, NULL, e); } @@ -687,7 +683,7 @@ return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len, NULL); } -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) { if (e != NULL) { @@ -710,35 +706,35 @@ { return pkey->engine; } -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 static void detect_foreign_key(EVP_PKEY *pkey) { switch (pkey->type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA_PSS: pkey->foreign = pkey->pkey.rsa != NULL - && ossl_rsa_is_foreign(pkey->pkey.rsa); + && ossl_rsa_is_foreign(pkey->pkey.rsa); break; -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC case EVP_PKEY_SM2: break; case EVP_PKEY_EC: pkey->foreign = pkey->pkey.ec != NULL - && ossl_ec_key_is_foreign(pkey->pkey.ec); + && ossl_ec_key_is_foreign(pkey->pkey.ec); break; -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: pkey->foreign = pkey->pkey.dsa != NULL - && ossl_dsa_is_foreign(pkey->pkey.dsa); + && ossl_dsa_is_foreign(pkey->pkey.dsa); break; #endif -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH case EVP_PKEY_DH: pkey->foreign = pkey->pkey.dh != NULL - && ossl_dh_is_foreign(pkey->pkey.dh); + && ossl_dh_is_foreign(pkey->pkey.dh); break; #endif default: @@ -749,7 +745,7 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC int pktype; pktype = EVP_PKEY_type(type); @@ -765,11 +761,11 @@ */ if (curve == NID_sm2 && pktype == EVP_PKEY_EC) type = EVP_PKEY_SM2; - else if(curve != NID_sm2 && pktype == EVP_PKEY_SM2) + else if (curve != NID_sm2 && pktype == EVP_PKEY_SM2) type = EVP_PKEY_EC; } } -# endif +#endif if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) return 0; @@ -779,7 +775,7 @@ return (key != NULL); } -# endif +#endif void *EVP_PKEY_get0(const EVP_PKEY *pkey) { @@ -807,7 +803,7 @@ return NULL; } -# ifndef OPENSSL_NO_POLY1305 +#ifndef OPENSSL_NO_POLY1305 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) { const ASN1_OCTET_STRING *os = NULL; @@ -822,9 +818,9 @@ } return NULL; } -# endif +#endif -# ifndef OPENSSL_NO_SIPHASH +#ifndef OPENSSL_NO_SIPHASH const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) { const ASN1_OCTET_STRING *os = NULL; @@ -840,9 +836,9 @@ } return NULL; } -# endif +#endif -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA static DSA *evp_pkey_get0_DSA_int(const EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_DSA) { @@ -872,9 +868,9 @@ DSA_up_ref(ret); return ret; } -# endif /* OPENSSL_NO_DSA */ +#endif /* OPENSSL_NO_DSA */ -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) { if (EVP_PKEY_get_base_id(pkey) != type) { @@ -893,19 +889,19 @@ return ret; } -# define IMPLEMENT_ECX_VARIANT(NAME) \ - ECX_KEY *ossl_evp_pkey_get1_##NAME(EVP_PKEY *pkey) \ - { \ - return evp_pkey_get1_ECX_KEY(pkey, EVP_PKEY_##NAME); \ +#define IMPLEMENT_ECX_VARIANT(NAME) \ + ECX_KEY *ossl_evp_pkey_get1_##NAME(EVP_PKEY *pkey) \ + { \ + return evp_pkey_get1_ECX_KEY(pkey, EVP_PKEY_##NAME); \ } IMPLEMENT_ECX_VARIANT(X25519) IMPLEMENT_ECX_VARIANT(X448) IMPLEMENT_ECX_VARIANT(ED25519) IMPLEMENT_ECX_VARIANT(ED448) -# endif +#endif -# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *dhkey) { @@ -964,7 +960,7 @@ DH_up_ref(ret); return ret; } -# endif +#endif int EVP_PKEY_type(int type) { @@ -976,9 +972,9 @@ ret = ameth->pkey_id; else ret = NID_undef; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE ENGINE_finish(e); -# endif +#endif return ret; } @@ -1005,18 +1001,18 @@ * This should be cleaned away along with all other #legacy support. */ static const OSSL_ITEM standard_name2type[] = { - { EVP_PKEY_RSA, "RSA" }, + { EVP_PKEY_RSA, "RSA" }, { EVP_PKEY_RSA_PSS, "RSA-PSS" }, - { EVP_PKEY_EC, "EC" }, + { EVP_PKEY_EC, "EC" }, { EVP_PKEY_ED25519, "ED25519" }, - { EVP_PKEY_ED448, "ED448" }, - { EVP_PKEY_X25519, "X25519" }, - { EVP_PKEY_X448, "X448" }, - { EVP_PKEY_SM2, "SM2" }, - { EVP_PKEY_DH, "DH" }, - { EVP_PKEY_DHX, "X9.42 DH" }, - { EVP_PKEY_DHX, "DHX" }, - { EVP_PKEY_DSA, "DSA" }, + { EVP_PKEY_ED448, "ED448" }, + { EVP_PKEY_X25519, "X25519" }, + { EVP_PKEY_X448, "X448" }, + { EVP_PKEY_SM2, "SM2" }, + { EVP_PKEY_DH, "DH" }, + { EVP_PKEY_DHX, "X9.42 DH" }, + { EVP_PKEY_DHX, "DHX" }, + { EVP_PKEY_DSA, "DSA" }, }; int evp_pkey_name2type(const char *name) @@ -1056,8 +1052,8 @@ } int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (!evp_pkey_is_typed(pkey)) return 0; @@ -1078,32 +1074,31 @@ case EVP_PKEY_RSA: case EVP_PKEY_RSA_PSS: return 1; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: return 1; -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC case EVP_PKEY_ED25519: case EVP_PKEY_ED448: return 1; - case EVP_PKEY_EC: /* Including SM2 */ + case EVP_PKEY_EC: /* Including SM2 */ return EC_KEY_can_sign(pkey->pkey.ec); -# endif +#endif default: break; } } else { const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - const char *supported_sig = - pkey->keymgmt->query_operation_name != NULL - ? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE) - : EVP_KEYMGMT_get0_name(pkey->keymgmt); - EVP_SIGNATURE *signature = NULL; - - signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL); - if (signature != NULL) { - EVP_SIGNATURE_free(signature); + EVP_SIGNATURE *sig; + const char *name; + + name = evp_keymgmt_util_query_operation_name(pkey->keymgmt, + OSSL_OP_SIGNATURE); + sig = EVP_SIGNATURE_fetch(libctx, name, NULL); + if (sig != NULL) { + EVP_SIGNATURE_free(sig); return 1; } } @@ -1123,14 +1118,14 @@ } static int print_set_indent(BIO **out, int *pop_f_prefix, long *saved_indent, - long indent) + long indent) { *pop_f_prefix = 0; *saved_indent = 0; if (indent > 0) { long i = BIO_get_indent(*out); - *saved_indent = (i < 0 ? 0 : i); + *saved_indent = (i < 0 ? 0 : i); if (BIO_set_indent(*out, indent) <= 0) { BIO *prefbio = BIO_new(BIO_f_prefix()); @@ -1148,30 +1143,31 @@ } static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, - const char *kstr) + const char *kstr) { return BIO_indent(out, indent, 128) && BIO_printf(out, "%s algorithm \"%s\" unsupported\n", - kstr, OBJ_nid2ln(pkey->type)) > 0; + kstr, OBJ_nid2ln(pkey->type)) + > 0; } static int print_pkey(const EVP_PKEY *pkey, BIO *out, int indent, - int selection /* For provided encoding */, - const char *propquery /* For provided encoding */, - int (*legacy_print)(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx), - ASN1_PCTX *legacy_pctx /* For legacy print */) + int selection /* For provided encoding */, + const char *propquery /* For provided encoding */, + int (*legacy_print)(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + ASN1_PCTX *legacy_pctx /* For legacy print */) { int pop_f_prefix; long saved_indent; OSSL_ENCODER_CTX *ctx = NULL; - int ret = -2; /* default to unsupported */ + int ret = -2; /* default to unsupported */ if (!print_set_indent(&out, &pop_f_prefix, &saved_indent, indent)) return 0; ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "TEXT", NULL, - propquery); + propquery); if (OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) ret = OSSL_ENCODER_to_bio(ctx, out); OSSL_ENCODER_CTX_free(ctx); @@ -1185,38 +1181,38 @@ else ret = unsup_alg(out, pkey, 0, "Public Key"); - end: +end: print_reset_indent(&out, pop_f_prefix, saved_indent); return ret; } int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) + int indent, ASN1_PCTX *pctx) { return print_pkey(pkey, out, indent, EVP_PKEY_PUBLIC_KEY, NULL, - (pkey->ameth != NULL ? pkey->ameth->pub_print : NULL), - pctx); + (pkey->ameth != NULL ? pkey->ameth->pub_print : NULL), + pctx); } int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) + int indent, ASN1_PCTX *pctx) { return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL, - (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL), - pctx); + (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL), + pctx); } int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) + int indent, ASN1_PCTX *pctx) { return print_pkey(pkey, out, indent, EVP_PKEY_KEY_PARAMETERS, NULL, - (pkey->ameth != NULL ? pkey->ameth->param_print : NULL), - pctx); + (pkey->ameth != NULL ? pkey->ameth->param_print : NULL), + pctx); } -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int EVP_PKEY_print_public_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) + int indent, ASN1_PCTX *pctx) { int ret; BIO *b = BIO_new_fp(fp, BIO_NOCLOSE); @@ -1229,7 +1225,7 @@ } int EVP_PKEY_print_private_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) + int indent, ASN1_PCTX *pctx) { int ret; BIO *b = BIO_new_fp(fp, BIO_NOCLOSE); @@ -1242,7 +1238,7 @@ } int EVP_PKEY_print_params_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) + int indent, ASN1_PCTX *pctx) { int ret; BIO *b = BIO_new_fp(fp, BIO_NOCLOSE); @@ -1253,7 +1249,7 @@ BIO_free(b); return ret; } -# endif +#endif static void mdname2nid(const char *mdname, void *data) { @@ -1268,49 +1264,48 @@ } static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op, - int arg1, void *arg2) + int arg1, void *arg2) { if (pkey->keymgmt == NULL) return 0; switch (op) { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - { - char mdname[80] = ""; - int rv = EVP_PKEY_get_default_digest_name(pkey, mdname, - sizeof(mdname)); - - if (rv > 0) { - int mdnum; - OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov); - /* Make sure the MD is in the namemap if available */ - EVP_MD *md; - OSSL_NAMEMAP *namemap; - int nid = NID_undef; - - (void)ERR_set_mark(); - md = EVP_MD_fetch(libctx, mdname, NULL); - (void)ERR_pop_to_mark(); - namemap = ossl_namemap_stored(libctx); + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: { + char mdname[80] = ""; + int rv = EVP_PKEY_get_default_digest_name(pkey, mdname, + sizeof(mdname)); + + if (rv > 0) { + int mdnum; + OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov); + /* Make sure the MD is in the namemap if available */ + EVP_MD *md; + OSSL_NAMEMAP *namemap; + int nid = NID_undef; + + (void)ERR_set_mark(); + md = EVP_MD_fetch(libctx, mdname, NULL); + (void)ERR_pop_to_mark(); + namemap = ossl_namemap_stored(libctx); - /* - * The only reason to fetch the MD was to make sure it is in the - * namemap. We can immediately free it. - */ - EVP_MD_free(md); - mdnum = ossl_namemap_name2num(namemap, mdname); - if (mdnum == 0) - return 0; + /* + * The only reason to fetch the MD was to make sure it is in the + * namemap. We can immediately free it. + */ + EVP_MD_free(md); + mdnum = ossl_namemap_name2num(namemap, mdname); + if (mdnum == 0) + return 0; - /* - * We have the namemap number - now we need to find the - * associated nid - */ - if (!ossl_namemap_doall_names(namemap, mdnum, mdname2nid, &nid)) - return 0; - *(int *)arg2 = nid; - } - return rv; + /* + * We have the namemap number - now we need to find the + * associated nid + */ + if (!ossl_namemap_doall_names(namemap, mdnum, mdname2nid, &nid)) + return 0; + *(int *)arg2 = nid; } + return rv; + } default: return -2; } @@ -1333,12 +1328,12 @@ } int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, - char *mdname, size_t mdname_sz) + char *mdname, size_t mdname_sz) { if (pkey->ameth == NULL) return evp_keymgmt_util_get_deflt_digest_name(pkey->keymgmt, - pkey->keydata, - mdname, mdname_sz); + pkey->keydata, + mdname, mdname_sz); { int nid = NID_undef; @@ -1352,14 +1347,14 @@ } int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char *gname, size_t gname_sz, - size_t *gname_len) + size_t *gname_len) { return EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, - gname, gname_sz, gname_len); + gname, gname_sz, gname_len); } int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, - const char *name, const char *propq) + const char *name, const char *propq) { int rv; EVP_MD_CTX *ctx = NULL; @@ -1369,7 +1364,7 @@ ERR_set_mark(); rv = EVP_DigestSignInit_ex(ctx, NULL, name, libctx, - propq, pkey, NULL); + propq, pkey, NULL); ERR_pop_to_mark(); EVP_MD_CTX_free(ctx); @@ -1377,21 +1372,21 @@ } int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub, - size_t publen) + size_t publen) { if (pkey == NULL) return 0; if (evp_pkey_is_provided(pkey)) - return - EVP_PKEY_set_octet_string_param(pkey, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - (unsigned char *)pub, publen); + return EVP_PKEY_set_octet_string_param(pkey, + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + (unsigned char *)pub, publen); if (publen > INT_MAX) return 0; /* Historically this function was EVP_PKEY_set1_tls_encodedpoint */ if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, publen, - (void *)pub) <= 0) + (void *)pub) + <= 0) return 0; return 1; } @@ -1411,8 +1406,8 @@ * to allocate. */ EVP_PKEY_get_octet_string_param(pkey, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - NULL, 0, &return_size); + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + NULL, 0, &return_size); if (return_size == OSSL_PARAM_UNMODIFIED) return 0; @@ -1422,8 +1417,8 @@ return 0; if (!EVP_PKEY_get_octet_string_param(pkey, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - buf, return_size, NULL)) { + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + buf, return_size, NULL)) { OPENSSL_free(buf); return 0; } @@ -1431,7 +1426,6 @@ return return_size; } - rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppub); if (rv <= 0) return 0; @@ -1470,7 +1464,7 @@ #endif return ret; - err: +err: CRYPTO_THREAD_lock_free(ret->lock); OPENSSL_free(ret); return NULL; @@ -1490,11 +1484,11 @@ */ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, - int len, EVP_KEYMGMT *keymgmt) + int len, EVP_KEYMGMT *keymgmt) { #ifndef FIPS_MODULE const EVP_PKEY_ASN1_METHOD *ameth = NULL; - ENGINE **eptr = (e == NULL) ? &e : NULL; + ENGINE **eptr = (e == NULL) ? &e : NULL; #endif /* @@ -1525,13 +1519,13 @@ && type == pkey->save_type && pkey->ameth != NULL) return 1; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE /* If we have ENGINEs release them */ ENGINE_finish(pkey->engine); pkey->engine = NULL; ENGINE_finish(pkey->pmeth_engine); pkey->pmeth_engine = NULL; -# endif +#endif #endif } #ifndef FIPS_MODULE @@ -1539,12 +1533,11 @@ ameth = EVP_PKEY_asn1_find_str(eptr, str, len); else if (type != EVP_PKEY_NONE) ameth = EVP_PKEY_asn1_find(eptr, type); -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE if (pkey == NULL && eptr != NULL) ENGINE_finish(e); -# endif #endif - +#endif { int check = 1; @@ -1592,12 +1585,12 @@ } else { pkey->type = EVP_PKEY_KEYMGMT; } -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE if (eptr == NULL && e != NULL && !ENGINE_init(e)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; } -# endif +#endif pkey->engine = e; #endif } @@ -1616,7 +1609,7 @@ ERR_set_mark(); if (pkey_set_type(NULL, NULL, EVP_PKEY_NONE, name, strlen(name), - NULL)) { + NULL)) { if (str[0] == NULL) str[0] = name; else if (str[1] == NULL) @@ -1630,8 +1623,8 @@ int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt) { #ifndef FIPS_MODULE -# define EVP_PKEY_TYPE_STR str[0] -# define EVP_PKEY_TYPE_STRLEN (str[0] == NULL ? -1 : (int)strlen(str[0])) +#define EVP_PKEY_TYPE_STR str[0] +#define EVP_PKEY_TYPE_STRLEN (str[0] == NULL ? -1 : (int)strlen(str[0])) /* * Find at most two strings that have an associated EVP_PKEY_ASN1_METHOD * Ideally, only one should be found. If two (or more) are found, the @@ -1640,17 +1633,17 @@ const char *str[2] = { NULL, NULL }; if (!EVP_KEYMGMT_names_do_all(keymgmt, find_ameth, &str) - || str[1] != NULL) { + || str[1] != NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); return 0; } #else -# define EVP_PKEY_TYPE_STR NULL -# define EVP_PKEY_TYPE_STRLEN -1 +#define EVP_PKEY_TYPE_STR NULL +#define EVP_PKEY_TYPE_STRLEN -1 #endif return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, - EVP_PKEY_TYPE_STR, EVP_PKEY_TYPE_STRLEN, - keymgmt); + EVP_PKEY_TYPE_STR, EVP_PKEY_TYPE_STRLEN, + keymgmt); #undef EVP_PKEY_TYPE_STR #undef EVP_PKEY_TYPE_STRLEN @@ -1686,7 +1679,7 @@ if (evp_pkey_is_provided(pkey)) { if (!evp_keymgmt_util_copy(dup_pk, pkey, - OSSL_KEYMGMT_SELECT_ALL)) + OSSL_KEYMGMT_SELECT_ALL)) goto err; goto done; } @@ -1710,7 +1703,7 @@ done: /* copy auxiliary data */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, - &dup_pk->ex_data, &pkey->ex_data)) + &dup_pk->ex_data, &pkey->ex_data)) goto err; if (pkey->attributes != NULL) { @@ -1749,15 +1742,15 @@ ameth->pkey_free(x); x->pkey.ptr = NULL; } -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE ENGINE_finish(tmpe); ENGINE_finish(x->engine); x->engine = NULL; ENGINE_finish(x->pmeth_engine); x->pmeth_engine = NULL; -# endif +#endif } -#endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ static void evp_pkey_free_it(EVP_PKEY *x) { @@ -1828,8 +1821,8 @@ } void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, - EVP_KEYMGMT **keymgmt, - const char *propquery) + EVP_KEYMGMT **keymgmt, + const char *propquery) { EVP_KEYMGMT *allocated_keymgmt = NULL; EVP_KEYMGMT *tmp_keymgmt = NULL; @@ -1896,7 +1889,7 @@ if (!CRYPTO_THREAD_read_lock(pk->lock)) goto end; op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt, - selection); + selection); /* * If |tmp_keymgmt| is present in the operation cache, it means @@ -1928,7 +1921,7 @@ goto end; if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt->import, - libctx, propquery)) { + libctx, propquery)) { evp_keymgmt_freedata(tmp_keymgmt, keydata); keydata = NULL; goto end; @@ -1949,7 +1942,7 @@ if (!CRYPTO_THREAD_write_lock(pk->lock)) goto end; if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy - && !evp_keymgmt_util_clear_operation_cache(pk, 0)) { + && !evp_keymgmt_util_clear_operation_cache(pk, 0)) { CRYPTO_THREAD_unlock(pk->lock); evp_keymgmt_freedata(tmp_keymgmt, keydata); keydata = NULL; @@ -1971,7 +1964,7 @@ /* Add the new export to the operation cache */ if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata, - selection)) { + selection)) { CRYPTO_THREAD_unlock(pk->lock); evp_keymgmt_freedata(tmp_keymgmt, keydata); keydata = NULL; @@ -1984,11 +1977,11 @@ CRYPTO_THREAD_unlock(pk->lock); goto end; } -#endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt, selection); - end: +end: /* * If nothing was exported, |tmp_keymgmt| might point at a freed * EVP_KEYMGMT, so we clear it to be safe. It shouldn't be useful for @@ -2030,8 +2023,8 @@ */ if (!ossl_assert(type != EVP_PKEY_NONE)) { ERR_raise_data(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR, - "keymgmt key type = %s but legacy type = EVP_PKEY_NONE", - keytype); + "keymgmt key type = %s but legacy type = EVP_PKEY_NONE", + keytype); return 0; } @@ -2057,25 +2050,23 @@ if ((*dest)->ameth->import_from == NULL) { ERR_raise_data(ERR_LIB_EVP, EVP_R_NO_IMPORT_FUNCTION, - "key type = %s", keytype); + "key type = %s", keytype); } else { /* * We perform the export in the same libctx as the keymgmt * that we are using. */ - OSSL_LIB_CTX *libctx = - ossl_provider_libctx(keymgmt->prov); - EVP_PKEY_CTX *pctx = - EVP_PKEY_CTX_new_from_pkey(libctx, *dest, NULL); + OSSL_LIB_CTX *libctx = ossl_provider_libctx(keymgmt->prov); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_pkey(libctx, *dest, NULL); if (pctx == NULL) ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); if (pctx != NULL && evp_keymgmt_export(keymgmt, keydata, - OSSL_KEYMGMT_SELECT_ALL, - (*dest)->ameth->import_from, - pctx)) { + OSSL_KEYMGMT_SELECT_ALL, + (*dest)->ameth->import_from, + pctx)) { /* Synchronize the dirty count */ (*dest)->dirty_cnt_copy = (*dest)->ameth->dirty_cnt(*dest); @@ -2086,7 +2077,7 @@ } ERR_raise_data(ERR_LIB_EVP, EVP_R_KEYMGMT_EXPORT_FAILURE, - "key type = %s", keytype); + "key type = %s", keytype); } } @@ -2144,15 +2135,15 @@ goto err; } - err: +err: EVP_PKEY_free(tmp_copy); return ret; } -#endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name, - BIGNUM **bn) + BIGNUM **bn) { int ret = 0; OSSL_PARAM params[2]; @@ -2201,8 +2192,8 @@ } int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, - unsigned char *buf, size_t max_buf_sz, - size_t *out_len) + unsigned char *buf, size_t max_buf_sz, + size_t *out_len) { OSSL_PARAM params[2]; int ret1 = 0, ret2 = 0; @@ -2220,8 +2211,8 @@ } int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, - char *str, size_t max_buf_sz, - size_t *out_len) + char *str, size_t max_buf_sz, + size_t *out_len) { OSSL_PARAM params[2]; int ret1 = 0, ret2 = 0; @@ -2247,7 +2238,7 @@ } int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name, - int *out) + int *out) { OSSL_PARAM params[2]; @@ -2261,7 +2252,7 @@ } int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name, - size_t *out) + size_t *out) { OSSL_PARAM params[2]; @@ -2299,7 +2290,7 @@ } int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, - const BIGNUM *bn) + const BIGNUM *bn) { OSSL_PARAM params[2]; unsigned char buffer[2048]; @@ -2323,7 +2314,7 @@ } int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name, - const char *str) + const char *str) { OSSL_PARAM params[2]; @@ -2336,7 +2327,7 @@ } int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name, - const unsigned char *buf, size_t bsize) + const unsigned char *buf, size_t bsize) { OSSL_PARAM params[2]; @@ -2344,7 +2335,7 @@ return 0; params[0] = OSSL_PARAM_construct_octet_string(key_name, - (unsigned char *)buf, bsize); + (unsigned char *)buf, bsize); params[1] = OSSL_PARAM_construct_end(); return EVP_PKEY_set_params(pkey, params); } @@ -2370,11 +2361,11 @@ * sure. This bit of code can be enabled if we find the need. If * not, it can safely be removed when #legacy support is removed. */ -# if 0 +#if 0 else if (evp_pkey_is_legacy(pkey)) { return evp_pkey_set_params_to_ctrl(pkey, params); } -# endif +#endif #endif } ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); @@ -2412,8 +2403,8 @@ return 0; if (pkey->keymgmt == NULL - || pkey->keydata == NULL) { -# ifndef OPENSSL_NO_EC + || pkey->keydata == NULL) { +#ifndef OPENSSL_NO_EC /* Might work through the legacy route */ const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); @@ -2421,14 +2412,14 @@ return 0; return EC_KEY_get_conv_form(ec); -# else +#else return 0; -# endif +#endif } if (!EVP_PKEY_get_utf8_string_param(pkey, - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - name, sizeof(name), &name_len)) + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + name, sizeof(name), &name_len)) return 0; if (strcmp(name, "uncompressed") == 0) @@ -2452,8 +2443,8 @@ return 0; if (pkey->keymgmt == NULL - || pkey->keydata == NULL) { -# ifndef OPENSSL_NO_EC + || pkey->keydata == NULL) { +#ifndef OPENSSL_NO_EC /* Might work through the legacy route */ const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); const EC_GROUP *grp; @@ -2465,13 +2456,13 @@ return 0; return EC_GROUP_get_field_type(grp); -# else +#else return 0; -# endif +#endif } if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_EC_FIELD_TYPE, - fstr, sizeof(fstr), &fstrlen)) + fstr, sizeof(fstr), &fstrlen)) return 0; if (strcmp(fstr, SN_X9_62_prime_field) == 0) --- crypto/openssl/crypto/evp/p_open.c.orig +++ crypto/openssl/crypto/evp/p_open.c @@ -16,8 +16,8 @@ #include int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *ek, int ekl, const unsigned char *iv, - EVP_PKEY *priv) + const unsigned char *ek, int ekl, const unsigned char *iv, + EVP_PKEY *priv) { unsigned char *key = NULL; size_t keylen = 0; @@ -55,7 +55,7 @@ goto err; ret = 1; - err: +err: EVP_PKEY_CTX_free(pctx); OPENSSL_clear_free(key, keylen); return ret; --- crypto/openssl/crypto/evp/p_seal.c.orig +++ crypto/openssl/crypto/evp/p_seal.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,8 +18,8 @@ #include int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char **ek, int *ekl, unsigned char *iv, - EVP_PKEY **pubk, int npubk) + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk) { unsigned char key[EVP_MAX_KEY_LENGTH]; const OSSL_PROVIDER *prov; @@ -35,7 +35,7 @@ return 0; } if ((cipher = EVP_CIPHER_CTX_get0_cipher(ctx)) != NULL - && (prov = EVP_CIPHER_get0_provider(cipher)) != NULL) + && (prov = EVP_CIPHER_get0_provider(cipher)) != NULL) libctx = ossl_provider_libctx(prov); if ((npubk <= 0) || !pubk) return 1; @@ -56,6 +56,7 @@ for (i = 0; i < npubk; i++) { size_t keylen = len; + size_t outlen = EVP_PKEY_get_size(pubk[i]); pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL); if (pctx == NULL) { @@ -64,9 +65,9 @@ } if (EVP_PKEY_encrypt_init(pctx) <= 0 - || EVP_PKEY_encrypt(pctx, ek[i], &keylen, key, keylen) <= 0) + || EVP_PKEY_encrypt(pctx, ek[i], &outlen, key, keylen) <= 0) goto err; - ekl[i] = (int)keylen; + ekl[i] = (int)outlen; EVP_PKEY_CTX_free(pctx); } pctx = NULL; --- crypto/openssl/crypto/evp/p_sign.c.orig +++ crypto/openssl/crypto/evp/p_sign.c @@ -15,8 +15,8 @@ #include "crypto/evp.h" int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, - const char *propq) + unsigned int *siglen, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, + const char *propq) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; @@ -57,13 +57,13 @@ goto err; *siglen = sltmp; i = 1; - err: +err: EVP_PKEY_CTX_free(pkctx); return i; } int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey) + unsigned int *siglen, EVP_PKEY *pkey) { return EVP_SignFinal_ex(ctx, sigret, siglen, pkey, NULL, NULL); } --- crypto/openssl/crypto/evp/p_verify.c.orig +++ crypto/openssl/crypto/evp/p_verify.c @@ -15,8 +15,8 @@ #include "crypto/evp.h" int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, - const char *propq) + unsigned int siglen, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, + const char *propq) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; @@ -51,13 +51,13 @@ if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_get0_md(ctx)) <= 0) goto err; i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); - err: +err: EVP_PKEY_CTX_free(pkctx); return i; } int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey) + unsigned int siglen, EVP_PKEY *pkey) { return EVP_VerifyFinal_ex(ctx, sigbuf, siglen, pkey, NULL, NULL); } --- crypto/openssl/crypto/evp/pbe_scrypt.c.orig +++ crypto/openssl/crypto/evp/pbe_scrypt.c @@ -21,24 +21,24 @@ */ #ifdef SCRYPT_MAX_MEM -# if SCRYPT_MAX_MEM == 0 -# undef SCRYPT_MAX_MEM +#if SCRYPT_MAX_MEM == 0 +#undef SCRYPT_MAX_MEM /* * Although we could theoretically allocate SIZE_MAX memory that would leave * no memory available for anything else so set limit as half that. */ -# define SCRYPT_MAX_MEM (SIZE_MAX/2) -# endif +#define SCRYPT_MAX_MEM (SIZE_MAX / 2) +#endif #else /* Default memory limit: 32 MB */ -# define SCRYPT_MAX_MEM (1024 * 1024 * 32) +#define SCRYPT_MAX_MEM (1024 * 1024 * 32) #endif int EVP_PBE_scrypt_ex(const char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen, - OSSL_LIB_CTX *ctx, const char *propq) + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen, + OSSL_LIB_CTX *ctx, const char *propq) { const char *empty = ""; int rv = 1; @@ -71,10 +71,10 @@ return 0; *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (unsigned char *)pass, - passlen); + (unsigned char *)pass, + passlen); *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)salt, saltlen); + (unsigned char *)salt, saltlen); *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, &N); *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_R, &r); *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p); @@ -88,12 +88,12 @@ } int EVP_PBE_scrypt(const char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen) + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen) { return EVP_PBE_scrypt_ex(pass, passlen, salt, saltlen, N, r, p, maxmem, - key, keylen, NULL, NULL); + key, keylen, NULL, NULL); } #endif --- crypto/openssl/crypto/evp/pmeth_check.c.orig +++ crypto/openssl/crypto/evp/pmeth_check.c @@ -14,7 +14,7 @@ #include #include "crypto/bn.h" #ifndef FIPS_MODULE -# include "crypto/asn1.h" +#include "crypto/asn1.h" #endif #include "crypto/evp.h" #include "evp_local.h" @@ -35,7 +35,7 @@ keymgmt = ctx->keymgmt; keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &keymgmt, ctx->propquery); + &keymgmt, ctx->propquery); if (keydata == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -55,7 +55,8 @@ } if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, - checktype)) != -1) + checktype)) + != -1) return ok; if (pkey->type == EVP_PKEY_NONE) @@ -73,7 +74,7 @@ return pkey->ameth->pkey_public_check(pkey); #endif - not_supported: +not_supported: ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } @@ -99,8 +100,9 @@ } if ((ok = try_provided_check(ctx, - OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - checktype)) != -1) + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, + checktype)) + != -1) return ok; if (pkey->type == EVP_PKEY_NONE) @@ -118,7 +120,7 @@ return pkey->ameth->pkey_param_check(pkey); #endif - not_supported: +not_supported: ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } @@ -144,7 +146,8 @@ } if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, - OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1) + OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) + != -1) return ok; /* not supported for legacy keys */ @@ -168,7 +171,8 @@ } if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR, - OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1) + OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) + != -1) return ok; if (pkey->type == EVP_PKEY_NONE) @@ -186,8 +190,7 @@ return pkey->ameth->pkey_check(pkey); #endif - not_supported: +not_supported: ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - --- crypto/openssl/crypto/evp/pmeth_gn.c.orig +++ crypto/openssl/crypto/evp/pmeth_gn.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ #include #include "crypto/bn.h" #ifndef FIPS_MODULE -# include "crypto/asn1.h" +#include "crypto/asn1.h" #endif #include "crypto/evp.h" #include "evp_local.h" @@ -37,14 +37,12 @@ switch (operation) { case EVP_PKEY_OP_PARAMGEN: - ctx->op.keymgmt.genctx = - evp_keymgmt_gen_init(ctx->keymgmt, - OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, NULL); + ctx->op.keymgmt.genctx = evp_keymgmt_gen_init(ctx->keymgmt, + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, NULL); break; case EVP_PKEY_OP_KEYGEN: - ctx->op.keymgmt.genctx = - evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR, - NULL); + ctx->op.keymgmt.genctx = evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR, + NULL); break; } @@ -54,7 +52,7 @@ ret = 1; goto end; - legacy: +legacy: #ifdef FIPS_MODULE goto not_supported; #else @@ -78,14 +76,14 @@ } #endif - end: +end: if (ret <= 0 && ctx != NULL) { evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; } return ret; - not_supported: +not_supported: ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ret = -2; goto end; @@ -108,14 +106,14 @@ int p = -1, n = -1; if (ctx->pkey_gencb == NULL) - return 1; /* No callback? That's fine */ + return 1; /* No callback? That's fine */ if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_POTENTIAL)) - == NULL + == NULL || !OSSL_PARAM_get_int(param, &p)) return 0; if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_ITERATION)) - == NULL + == NULL || !OSSL_PARAM_get_int(param, &n)) return 0; @@ -153,7 +151,7 @@ goto legacy; /* - * Asssigning gentmp to ctx->keygen_info is something our legacy + * Assigning gentmp to ctx->keygen_info is something our legacy * implementations do. Because the provider implementations aren't * allowed to reach into our EVP_PKEY_CTX, we need to provide similar * space for backward compatibility. It's ok that we attach a local @@ -167,9 +165,8 @@ ret = 1; if (ctx->pkey != NULL) { EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt; - void *keydata = - evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); + void *keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, + &tmp_keymgmt, ctx->propquery); if (tmp_keymgmt == NULL) goto not_supported; @@ -178,7 +175,7 @@ * with that as it sees fit. */ ret = evp_keymgmt_gen_set_template(ctx->keymgmt, - ctx->op.keymgmt.genctx, keydata); + ctx->op.keymgmt.genctx, keydata); } /* @@ -187,7 +184,7 @@ */ ret = ret && (evp_keymgmt_util_gen(*ppkey, ctx->keymgmt, ctx->op.keymgmt.genctx, - ossl_callback_to_pkey_gencb, ctx) + ossl_callback_to_pkey_gencb, ctx) != NULL); ctx->keygen_info = NULL; @@ -205,7 +202,7 @@ goto end; - legacy: +legacy: #ifdef FIPS_MODULE goto not_supported; #else @@ -232,7 +229,7 @@ } #endif - end: +end: if (ret <= 0) { if (allocated_pkey != NULL) *ppkey = NULL; @@ -240,16 +237,16 @@ } return ret; - not_supported: +not_supported: ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ret = -2; goto end; - not_initialized: +not_initialized: ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); ret = -1; goto end; #ifndef FIPS_MODULE - not_accessible: +not_accessible: ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS); ret = -1; goto end; @@ -314,7 +311,7 @@ #ifndef FIPS_MODULE EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, - const unsigned char *key, int keylen) + const unsigned char *key, int keylen) { EVP_PKEY_CTX *mac_ctx = NULL; EVP_PKEY *mac_key = NULL; @@ -327,7 +324,7 @@ goto merr; if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) goto merr; - merr: +merr: EVP_PKEY_CTX_free(mac_ctx); return mac_key; } @@ -348,7 +345,7 @@ ctx->operation = operation; return 1; - not_supported: +not_supported: if (ctx != NULL) ctx->operation = EVP_PKEY_OP_UNDEFINED; ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); @@ -361,7 +358,7 @@ } int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, - OSSL_PARAM params[]) + OSSL_PARAM params[]) { void *keydata = NULL; EVP_PKEY *allocated_pkey = NULL; @@ -427,7 +424,7 @@ static OSSL_FUNC_keymgmt_import_fn pkey_fake_import; static int pkey_fake_import(void *fake_keydata, int ignored_selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { struct fake_import_data_st *data = fake_keydata; @@ -436,7 +433,7 @@ #endif int EVP_PKEY_export(const EVP_PKEY *pkey, int selection, - OSSL_CALLBACK *export_cb, void *export_cbarg) + OSSL_CALLBACK *export_cb, void *export_cbarg) { if (pkey == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); @@ -454,7 +451,7 @@ * interested in the resulting OSSL_PARAM array. */ return pkey->ameth->export_to(pkey, &data, pkey_fake_import, - NULL, NULL); + NULL, NULL); } #endif return evp_keymgmt_util_export(pkey, selection, export_cb, export_cbarg); --- crypto/openssl/crypto/evp/pmeth_lib.c.orig +++ crypto/openssl/crypto/evp/pmeth_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include #include @@ -25,7 +25,7 @@ #include #include "internal/cryptlib.h" #ifndef FIPS_MODULE -# include "crypto/asn1.h" +#include "crypto/asn1.h" #endif #include "crypto/evp.h" #include "crypto/dh.h" @@ -38,11 +38,11 @@ #ifndef FIPS_MODULE static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, - int keytype, int optype, - int cmd, const char *name, - const void *data, size_t data_len); + int keytype, int optype, + int cmd, const char *name, + const void *data, size_t data_len); static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx, - int cmd, const char *name); + int cmd, const char *name); static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx); typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void); @@ -53,27 +53,27 @@ /* This array needs to be in order of NIDs */ static pmeth_fn standard_methods[] = { ossl_rsa_pkey_method, -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH ossl_dh_pkey_method, -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA ossl_dsa_pkey_method, -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC ossl_ec_pkey_method, -# endif +#endif ossl_rsa_pss_pkey_method, -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH ossl_dhx_pkey_method, -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC ossl_ecx25519_pkey_method, ossl_ecx448_pkey_method, -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC ossl_ed25519_pkey_method, ossl_ed448_pkey_method, -# endif +#endif }; DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); @@ -86,7 +86,7 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); static int pmeth_cmp(const EVP_PKEY_METHOD *const *a, - const EVP_PKEY_METHOD *const *b) + const EVP_PKEY_METHOD *const *b) { return ((*a)->pkey_id - (*b)->pkey_id); } @@ -117,7 +117,7 @@ tmp.pkey_id = type; t = &tmp; ret = OBJ_bsearch_pmeth_func(&t, standard_methods, - OSSL_NELEM(standard_methods)); + OSSL_NELEM(standard_methods)); if (ret == NULL || *ret == NULL) return NULL; return (**ret)(); @@ -139,7 +139,7 @@ } static void help_get_legacy_alg_type_from_keymgmt(const char *keytype, - void *arg) + void *arg) { int *type = arg; @@ -152,7 +152,7 @@ int type = NID_undef; EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt, - &type); + &type); return type; } #endif /* FIPS_MODULE */ @@ -163,7 +163,7 @@ return EVP_PKEY_STATE_UNKNOWN; if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) - && ctx->op.kex.algctx != NULL) + && ctx->op.kex.algctx != NULL) || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) && ctx->op.sig.algctx != NULL) || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) @@ -178,9 +178,9 @@ } static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, - EVP_PKEY *pkey, ENGINE *e, - const char *keytype, const char *propquery, - int id) + EVP_PKEY *pkey, ENGINE *e, + const char *keytype, const char *propquery, + int id) { EVP_PKEY_CTX *ret = NULL; @@ -232,7 +232,7 @@ if (e == NULL && (pkey == NULL || pkey->foreign == 0)) keytype = OBJ_nid2sn(id); -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE if (e == NULL && pkey != NULL) e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine; /* Try to find an ENGINE which implements this method */ @@ -252,15 +252,15 @@ if (e != NULL) pmeth = ENGINE_get_pkey_meth(e, id); else -# endif /* OPENSSL_NO_ENGINE */ - if (pkey != NULL && pkey->foreign) - pmeth = EVP_PKEY_meth_find(id); - else - app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id); +#endif /* OPENSSL_NO_ENGINE */ + if (pkey != NULL && pkey->foreign) + pmeth = EVP_PKEY_meth_find(id); + else + app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id); - /* END legacy */ + /* END legacy */ #endif /* FIPS_MODULE */ - common: +common: /* * If there's no engine and no app supplied pmeth and there's a name, we try * fetching a provider implementation. @@ -281,7 +281,7 @@ keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery); } if (keymgmt == NULL) - return NULL; /* EVP_KEYMGMT_fetch() recorded an error */ + return NULL; /* EVP_KEYMGMT_fetch() recorded an error */ #ifndef FIPS_MODULE /* @@ -363,14 +363,14 @@ /*- All methods below can also be used in FIPS_MODULE */ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx, - const char *name, - const char *propquery) + const char *name, + const char *propquery) { return int_ctx_new(libctx, NULL, NULL, name, propquery, -1); } EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, EVP_PKEY *pkey, - const char *propquery) + const char *propquery) { return int_ctx_new(libctx, pkey, NULL, NULL, propquery, -1); } @@ -395,8 +395,7 @@ EVP_KEM_free(ctx->op.encap.kem); ctx->op.encap.algctx = NULL; ctx->op.encap.kem = NULL; - } - else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { + } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { if (ctx->op.ciph.algctx != NULL && ctx->op.ciph.cipher != NULL) ctx->op.ciph.cipher->freectx(ctx->op.ciph.algctx); EVP_ASYM_CIPHER_free(ctx->op.ciph.cipher); @@ -434,7 +433,7 @@ #ifndef FIPS_MODULE void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, - const EVP_PKEY_METHOD *meth) + const EVP_PKEY_METHOD *meth) { if (ppkey_id) *ppkey_id = meth->pkey_id; @@ -474,13 +473,13 @@ { EVP_PKEY_CTX *rctx; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a pkey context using an ENGINE */ if (pctx->engine && !ENGINE_init(pctx->engine)) { ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); return 0; } -# endif +#endif rctx = OPENSSL_zalloc(sizeof(*rctx)); if (rctx == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); @@ -501,6 +500,12 @@ } rctx->legacy_keytype = pctx->legacy_keytype; + if (pctx->keymgmt != NULL) { + if (!EVP_KEYMGMT_up_ref(pctx->keymgmt)) + goto err; + rctx->keymgmt = pctx->keymgmt; + } + if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) { if (pctx->op.kex.exchange != NULL) { rctx->op.kex.exchange = pctx->op.kex.exchange; @@ -591,9 +596,9 @@ } rctx->pmeth = pctx->pmeth; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE rctx->engine = pctx->engine; -# endif +#endif if (pctx->peerkey != NULL) EVP_PKEY_up_ref(pctx->peerkey); @@ -604,8 +609,11 @@ EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt; void *provkey; + if (pctx->pkey == NULL) + return rctx; + provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx, - &tmp_keymgmt, pctx->propquery); + &tmp_keymgmt, pctx->propquery); if (provkey == NULL) goto err; if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) @@ -627,7 +635,7 @@ { if (app_pkey_methods == NULL) { app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (app_pkey_methods == NULL){ + if (app_pkey_methods == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); return 0; } @@ -693,36 +701,32 @@ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchange != NULL && ctx->op.kex.exchange->set_ctx_params != NULL) - return - ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.algctx, - params); + return ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.algctx, + params); if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) && ctx->op.sig.signature != NULL && ctx->op.sig.signature->set_ctx_params != NULL) - return - ctx->op.sig.signature->set_ctx_params(ctx->op.sig.algctx, - params); + return ctx->op.sig.signature->set_ctx_params(ctx->op.sig.algctx, + params); if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) && ctx->op.ciph.cipher != NULL && ctx->op.ciph.cipher->set_ctx_params != NULL) - return - ctx->op.ciph.cipher->set_ctx_params(ctx->op.ciph.algctx, - params); + return ctx->op.ciph.cipher->set_ctx_params(ctx->op.ciph.algctx, + params); if (EVP_PKEY_CTX_IS_GEN_OP(ctx) && ctx->keymgmt != NULL && ctx->keymgmt->gen_set_params != NULL) - return - evp_keymgmt_gen_set_params(ctx->keymgmt, ctx->op.keymgmt.genctx, - params); + return evp_keymgmt_gen_set_params(ctx->keymgmt, ctx->op.keymgmt.genctx, + params); if (EVP_PKEY_CTX_IS_KEM_OP(ctx) && ctx->op.encap.kem != NULL && ctx->op.encap.kem->set_ctx_params != NULL) - return - ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx, - params); + return ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx, + params); break; -#ifndef FIPS_MODULE case EVP_PKEY_STATE_UNKNOWN: + break; +#ifndef FIPS_MODULE case EVP_PKEY_STATE_LEGACY: return evp_pkey_ctx_set_params_to_ctrl(ctx, params); #endif @@ -737,30 +741,27 @@ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchange != NULL && ctx->op.kex.exchange->get_ctx_params != NULL) - return - ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.algctx, - params); + return ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.algctx, + params); if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) && ctx->op.sig.signature != NULL && ctx->op.sig.signature->get_ctx_params != NULL) - return - ctx->op.sig.signature->get_ctx_params(ctx->op.sig.algctx, - params); + return ctx->op.sig.signature->get_ctx_params(ctx->op.sig.algctx, + params); if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) && ctx->op.ciph.cipher != NULL && ctx->op.ciph.cipher->get_ctx_params != NULL) - return - ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.algctx, - params); + return ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.algctx, + params); if (EVP_PKEY_CTX_IS_KEM_OP(ctx) && ctx->op.encap.kem != NULL && ctx->op.encap.kem->get_ctx_params != NULL) - return - ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx, - params); + return ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx, + params); break; -#ifndef FIPS_MODULE case EVP_PKEY_STATE_UNKNOWN: + break; +#ifndef FIPS_MODULE case EVP_PKEY_STATE_LEGACY: return evp_pkey_ctx_get_params_to_ctrl(ctx, params); #endif @@ -774,34 +775,34 @@ void *provctx; if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) - && ctx->op.kex.exchange != NULL - && ctx->op.kex.exchange->gettable_ctx_params != NULL) { + && ctx->op.kex.exchange != NULL + && ctx->op.kex.exchange->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange)); return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.algctx, - provctx); + provctx); } if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.signature != NULL - && ctx->op.sig.signature->gettable_ctx_params != NULL) { + && ctx->op.sig.signature != NULL + && ctx->op.sig.signature->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx( - EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); + EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.algctx, - provctx); + provctx); } if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.cipher != NULL - && ctx->op.ciph.cipher->gettable_ctx_params != NULL) { + && ctx->op.ciph.cipher != NULL + && ctx->op.ciph.cipher->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx( - EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); + EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.algctx, - provctx); + provctx); } if (EVP_PKEY_CTX_IS_KEM_OP(ctx) && ctx->op.encap.kem != NULL && ctx->op.encap.kem->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem)); return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx, - provctx); + provctx); } return NULL; } @@ -811,41 +812,41 @@ void *provctx; if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) - && ctx->op.kex.exchange != NULL - && ctx->op.kex.exchange->settable_ctx_params != NULL) { + && ctx->op.kex.exchange != NULL + && ctx->op.kex.exchange->settable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange)); return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.algctx, - provctx); + provctx); } if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.signature != NULL - && ctx->op.sig.signature->settable_ctx_params != NULL) { + && ctx->op.sig.signature != NULL + && ctx->op.sig.signature->settable_ctx_params != NULL) { provctx = ossl_provider_ctx( - EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); + EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.algctx, - provctx); + provctx); } if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.cipher != NULL - && ctx->op.ciph.cipher->settable_ctx_params != NULL) { + && ctx->op.ciph.cipher != NULL + && ctx->op.ciph.cipher->settable_ctx_params != NULL) { provctx = ossl_provider_ctx( - EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); + EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.algctx, - provctx); + provctx); } if (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->keymgmt != NULL - && ctx->keymgmt->gen_settable_params != NULL) { + && ctx->keymgmt != NULL + && ctx->keymgmt->gen_settable_params != NULL) { provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt)); return ctx->keymgmt->gen_settable_params(ctx->op.keymgmt.genctx, - provctx); + provctx); } if (EVP_PKEY_CTX_IS_KEM_OP(ctx) && ctx->op.encap.kem != NULL && ctx->op.encap.kem->settable_ctx_params != NULL) { provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem)); return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.algctx, - provctx); + provctx); } return NULL; } @@ -879,7 +880,7 @@ for (p = params; p->key != NULL; p++) { /* Check the ctx actually understands this parameter */ - if (OSSL_PARAM_locate_const(settable, p->key) == NULL ) + if (OSSL_PARAM_locate_const(settable, p->key) == NULL) return -2; } } @@ -902,9 +903,9 @@ const OSSL_PARAM *gettable = EVP_PKEY_CTX_gettable_params(ctx); const OSSL_PARAM *p; - for (p = params; p->key != NULL; p++ ) { + for (p = params; p->key != NULL; p++) { /* Check the ctx actually understands this parameter */ - if (OSSL_PARAM_locate_const(gettable, p->key) == NULL ) + if (OSSL_PARAM_locate_const(gettable, p->key) == NULL) return -2; } } @@ -927,11 +928,11 @@ if (ctx->op.sig.algctx == NULL) return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_GET_MD, 0, (void *)(md)); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, - name, - sizeof(name)); + name, + sizeof(name)); *p = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params)) @@ -947,8 +948,8 @@ } static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, - int fallback, const char *param, int op, - int ctrl) + int fallback, const char *param, int op, + int ctrl) { OSSL_PARAM md_params[2], *p = md_params; const char *name; @@ -969,11 +970,11 @@ } *p++ = OSSL_PARAM_construct_utf8_string(param, - /* - * Cast away the const. This is read - * only so should be safe - */ - (char *)name, 0); + /* + * Cast away the const. This is read + * only so should be safe + */ + (char *)name, 0); *p = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, md_params); @@ -982,21 +983,21 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return evp_pkey_ctx_set_md(ctx, md, ctx->op.sig.algctx == NULL, - OSSL_SIGNATURE_PARAM_DIGEST, - EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD); + OSSL_SIGNATURE_PARAM_DIGEST, + EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD); } int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_DIGEST, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_TLS_MD); + OSSL_KDF_PARAM_DIGEST, + EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_TLS_MD); } static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback, - const char *param, int op, int ctrl, - const unsigned char *data, - int datalen) + const char *param, int op, int ctrl, + const unsigned char *data, + int datalen) { OSSL_PARAM octet_string_params[2], *p = octet_string_params; @@ -1017,21 +1018,21 @@ } *p++ = OSSL_PARAM_construct_octet_string(param, - /* - * Cast away the const. This is read - * only so should be safe - */ - (unsigned char *)data, - (size_t)datalen); + /* + * Cast away the const. This is read + * only so should be safe + */ + (unsigned char *)data, + (size_t)datalen); *p = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, octet_string_params); } static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, - const char *param, int op, int ctrl, - const unsigned char *data, - int datalen) + const char *param, int op, int ctrl, + const unsigned char *data, + int datalen) { OSSL_PARAM os_params[2]; const OSSL_PARAM *gettables; @@ -1062,7 +1063,7 @@ gettables = EVP_PKEY_CTX_gettable_params(ctx); if (gettables == NULL || OSSL_PARAM_locate_const(gettables, param) == NULL) return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, - data, datalen); + data, datalen); /* Get the original value length */ os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0); @@ -1095,66 +1096,66 @@ memcpy(&info[info_len], data, datalen); ret = EVP_PKEY_CTX_set_params(ctx, os_params); - error: +error: OPENSSL_clear_free(info, info_alloc); return ret; } int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx, - const unsigned char *sec, int seclen) + const unsigned char *sec, int seclen) { return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_SECRET, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_SECRET, - sec, seclen); + OSSL_KDF_PARAM_SECRET, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_TLS_SECRET, + sec, seclen); } int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, int seedlen) + const unsigned char *seed, int seedlen) { return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_SEED, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_SEED, - seed, seedlen); + OSSL_KDF_PARAM_SEED, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_TLS_SEED, + seed, seedlen); } int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_DIGEST, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MD); + OSSL_KDF_PARAM_DIGEST, + EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MD); } int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx, - const unsigned char *salt, int saltlen) + const unsigned char *salt, int saltlen) { return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_SALT, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_SALT, - salt, saltlen); + OSSL_KDF_PARAM_SALT, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_HKDF_SALT, + salt, saltlen); } int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, - const unsigned char *key, int keylen) + const unsigned char *key, int keylen) { return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_KEY, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_KEY, - key, keylen); + OSSL_KDF_PARAM_KEY, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_HKDF_KEY, + key, keylen); } int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, - const unsigned char *info, int infolen) + const unsigned char *info, int infolen) { return evp_pkey_ctx_add1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_INFO, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_INFO, - info, infolen); + OSSL_KDF_PARAM_INFO, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_HKDF_INFO, + info, infolen); } int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) @@ -1170,7 +1171,7 @@ /* Code below to be removed when legacy support is dropped. */ if (ctx->op.kex.algctx == NULL) return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_MODE, mode, NULL); + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL); /* end of legacy support */ if (mode < 0) { @@ -1185,27 +1186,27 @@ } int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass, - int passlen) + int passlen) { return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_PASSWORD, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_PASS, - (const unsigned char *)pass, passlen); + OSSL_KDF_PARAM_PASSWORD, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_PASS, + (const unsigned char *)pass, passlen); } int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx, - const unsigned char *salt, int saltlen) + const unsigned char *salt, int saltlen) { return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_SALT, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_SALT, - salt, saltlen); + OSSL_KDF_PARAM_SALT, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_SCRYPT_SALT, + salt, saltlen); } static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX *ctx, const char *param, - int op, int ctrl, uint64_t val) + int op, int ctrl, uint64_t val) { OSSL_PARAM uint64_params[2], *p = uint64_params; @@ -1229,41 +1230,41 @@ int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n) { return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_N, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_N, - n); + EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_N, + n); } int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *ctx, uint64_t r) { return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_R, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_R, - r); + EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_R, + r); } int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p) { return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_P, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_P, - p); + EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_P, + p); } int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx, - uint64_t maxmem_bytes) + uint64_t maxmem_bytes) { return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_MAXMEM, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, - maxmem_bytes); + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, + maxmem_bytes); } int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, - int keylen) + int keylen) { return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.keymgmt.genctx == NULL, - OSSL_PKEY_PARAM_PRIV_KEY, - EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, - key, keylen); + OSSL_PKEY_PARAM_PRIV_KEY, + EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_SET_MAC_KEY, + key, keylen); } int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op) @@ -1279,7 +1280,7 @@ return -2; } *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION, - (char *)op, 0); + (char *)op, 0); *p = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); } @@ -1296,11 +1297,11 @@ } *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID, - /* - * Cast away the const. This is - * read only so should be safe - */ - (void *)id, (size_t)len); + /* + * Cast away the const. This is + * read only so should be safe + */ + (void *)id, (size_t)len); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, params); @@ -1312,7 +1313,7 @@ int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len) { return EVP_PKEY_CTX_ctrl(ctx, -1, -1, - EVP_PKEY_CTRL_SET1_ID, (int)len, (void*)(id)); + EVP_PKEY_CTRL_SET1_ID, (int)len, (void *)(id)); } static int get1_id_data(EVP_PKEY_CTX *ctx, void *id, size_t *id_len) @@ -1328,7 +1329,7 @@ } *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID, - &tmp_id, 0); + &tmp_id, 0); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_get_params_strict(ctx, params); @@ -1357,17 +1358,17 @@ int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id) { - return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GET1_ID, 0, (void*)id); + return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GET1_ID, 0, (void *)id); } int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len) { return EVP_PKEY_CTX_ctrl(ctx, -1, -1, - EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)id_len); + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void *)id_len); } static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2) + int cmd, int p1, void *p2) { int ret = 0; @@ -1410,7 +1411,7 @@ } int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2) + int cmd, int p1, void *p2) { int ret = 0; @@ -1421,7 +1422,7 @@ /* If unsupported, we don't want that reported here */ ERR_set_mark(); ret = evp_pkey_ctx_store_cached_data(ctx, keytype, optype, - cmd, NULL, p2, p1); + cmd, NULL, p2, p1); if (ret == -2) { ERR_pop_to_mark(); } else { @@ -1438,14 +1439,13 @@ } int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, uint64_t value) + int cmd, uint64_t value) { return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value); } - static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx, - const char *name, const char *value) + const char *name, const char *value) { int ret = 0; @@ -1465,8 +1465,8 @@ } if (strcmp(name, "digest") == 0) ret = EVP_PKEY_CTX_md(ctx, - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_MD, value); + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_MD, value); else ret = ctx->pmeth->ctrl_str(ctx, name, value); break; @@ -1476,14 +1476,14 @@ } int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, - const char *name, const char *value) + const char *name, const char *value) { int ret = 0; /* If unsupported, we don't want that reported here */ ERR_set_mark(); ret = evp_pkey_ctx_store_cached_data(ctx, -1, -1, -1, - name, value, strlen(value) + 1); + name, value, strlen(value) + 1); if (ret == -2) { ERR_pop_to_mark(); } else { @@ -1517,9 +1517,9 @@ } static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, - int keytype, int optype, - int cmd, const char *name, - const void *data, size_t data_len) + int keytype, int optype, + int cmd, const char *name, + const void *data, size_t data_len) { /* * Check that it's one of the supported commands. The ctrl commands @@ -1542,7 +1542,7 @@ return -2; } if (!EVP_KEYMGMT_is_a(ctx->keymgmt, - evp_pkey_type2name(keytype))) { + evp_pkey_type2name(keytype))) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); return -1; } @@ -1590,7 +1590,7 @@ } static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx, - int cmd, const char *name) + int cmd, const char *name) { cmd = decode_cmd(cmd, name); switch (cmd) { @@ -1621,8 +1621,8 @@ ret = evp_pkey_ctx_ctrl_str_int(ctx, name, val); else ret = evp_pkey_ctx_ctrl_int(ctx, -1, ctx->operation, - EVP_PKEY_CTRL_SET1_ID, - (int)len, (void *)val); + EVP_PKEY_CTRL_SET1_ID, + (int)len, (void *)val); } return ret; @@ -1741,213 +1741,212 @@ } void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init) (EVP_PKEY_CTX *ctx)) + int (*init)(EVP_PKEY_CTX *ctx)) { pmeth->init = init; } void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, - int (*copy) (EVP_PKEY_CTX *dst, - const EVP_PKEY_CTX *src)) + int (*copy)(EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src)) { pmeth->copy = copy; } void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, - void (*cleanup) (EVP_PKEY_CTX *ctx)) + void (*cleanup)(EVP_PKEY_CTX *ctx)) { pmeth->cleanup = cleanup; } void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, - int (*paramgen_init) (EVP_PKEY_CTX *ctx), - int (*paramgen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)) + int (*paramgen_init)(EVP_PKEY_CTX *ctx), + int (*paramgen)(EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) { pmeth->paramgen_init = paramgen_init; pmeth->paramgen = paramgen; } void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, - int (*keygen_init) (EVP_PKEY_CTX *ctx), - int (*keygen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)) + int (*keygen_init)(EVP_PKEY_CTX *ctx), + int (*keygen)(EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) { pmeth->keygen_init = keygen_init; pmeth->keygen = keygen; } void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, - int (*sign_init) (EVP_PKEY_CTX *ctx), - int (*sign) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)) + int (*sign_init)(EVP_PKEY_CTX *ctx), + int (*sign)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) { pmeth->sign_init = sign_init; pmeth->sign = sign; } void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, - int (*verify_init) (EVP_PKEY_CTX *ctx), - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)) + int (*verify_init)(EVP_PKEY_CTX *ctx), + int (*verify)(EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) { pmeth->verify_init = verify_init; pmeth->verify = verify; } void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, - int (*verify_recover_init) (EVP_PKEY_CTX - *ctx), - int (*verify_recover) (EVP_PKEY_CTX - *ctx, - unsigned char - *sig, - size_t *siglen, - const unsigned - char *tbs, - size_t tbslen)) + int (*verify_recover_init)(EVP_PKEY_CTX + *ctx), + int (*verify_recover)(EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) { pmeth->verify_recover_init = verify_recover_init; pmeth->verify_recover = verify_recover; } void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, - int (*signctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*signctx) (EVP_PKEY_CTX *ctx, - unsigned char *sig, - size_t *siglen, - EVP_MD_CTX *mctx)) + int (*signctx_init)(EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx)(EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)) { pmeth->signctx_init = signctx_init; pmeth->signctx = signctx; } void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*verifyctx) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - int siglen, - EVP_MD_CTX *mctx)) + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx)(EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)) { pmeth->verifyctx_init = verifyctx_init; pmeth->verifyctx = verifyctx; } void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, - int (*encrypt_init) (EVP_PKEY_CTX *ctx), - int (*encryptfn) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)) + int (*encrypt_init)(EVP_PKEY_CTX *ctx), + int (*encryptfn)(EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) { pmeth->encrypt_init = encrypt_init; pmeth->encrypt = encryptfn; } void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, - int (*decrypt_init) (EVP_PKEY_CTX *ctx), - int (*decrypt) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)) + int (*decrypt_init)(EVP_PKEY_CTX *ctx), + int (*decrypt)(EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) { pmeth->decrypt_init = decrypt_init; pmeth->decrypt = decrypt; } void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, - int (*derive_init) (EVP_PKEY_CTX *ctx), - int (*derive) (EVP_PKEY_CTX *ctx, - unsigned char *key, - size_t *keylen)) + int (*derive_init)(EVP_PKEY_CTX *ctx), + int (*derive)(EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)) { pmeth->derive_init = derive_init; pmeth->derive = derive; } void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, - void *p2), - int (*ctrl_str) (EVP_PKEY_CTX *ctx, - const char *type, - const char *value)) + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str)(EVP_PKEY_CTX *ctx, + const char *type, + const char *value)) { pmeth->ctrl = ctrl; pmeth->ctrl_str = ctrl_str; } void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, - int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)) + int (*digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) { pmeth->digestsign = digestsign; } void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, - int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen)) + int (*digestverify)(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) { pmeth->digestverify = digestverify; } void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)) + int (*check)(EVP_PKEY *pkey)) { pmeth->check = check; } void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)) + int (*check)(EVP_PKEY *pkey)) { pmeth->public_check = check; } void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)) + int (*check)(EVP_PKEY *pkey)) { pmeth->param_check = check; } void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, - int (*digest_custom) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx)) + int (*digest_custom)(EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)) { pmeth->digest_custom = digest_custom; } void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, - int (**pinit) (EVP_PKEY_CTX *ctx)) + int (**pinit)(EVP_PKEY_CTX *ctx)) { *pinit = pmeth->init; } void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, - int (**pcopy) (EVP_PKEY_CTX *dst, - const EVP_PKEY_CTX *src)) + int (**pcopy)(EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src)) { *pcopy = pmeth->copy; } void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, - void (**pcleanup) (EVP_PKEY_CTX *ctx)) + void (**pcleanup)(EVP_PKEY_CTX *ctx)) { *pcleanup = pmeth->cleanup; } void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, - int (**pparamgen_init) (EVP_PKEY_CTX *ctx), - int (**pparamgen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)) + int (**pparamgen_init)(EVP_PKEY_CTX *ctx), + int (**pparamgen)(EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) { if (pparamgen_init) *pparamgen_init = pmeth->paramgen_init; @@ -1956,9 +1955,9 @@ } void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, - int (**pkeygen_init) (EVP_PKEY_CTX *ctx), - int (**pkeygen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)) + int (**pkeygen_init)(EVP_PKEY_CTX *ctx), + int (**pkeygen)(EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) { if (pkeygen_init) *pkeygen_init = pmeth->keygen_init; @@ -1967,11 +1966,11 @@ } void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, - int (**psign_init) (EVP_PKEY_CTX *ctx), - int (**psign) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)) + int (**psign_init)(EVP_PKEY_CTX *ctx), + int (**psign)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) { if (psign_init) *psign_init = pmeth->sign_init; @@ -1980,12 +1979,12 @@ } void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, - int (**pverify_init) (EVP_PKEY_CTX *ctx), - int (**pverify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)) + int (**pverify_init)(EVP_PKEY_CTX *ctx), + int (**pverify)(EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) { if (pverify_init) *pverify_init = pmeth->verify_init; @@ -1994,16 +1993,15 @@ } void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, - int (**pverify_recover_init) (EVP_PKEY_CTX - *ctx), - int (**pverify_recover) (EVP_PKEY_CTX - *ctx, - unsigned char - *sig, - size_t *siglen, - const unsigned - char *tbs, - size_t tbslen)) + int (**pverify_recover_init)(EVP_PKEY_CTX + *ctx), + int (**pverify_recover)(EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) { if (pverify_recover_init) *pverify_recover_init = pmeth->verify_recover_init; @@ -2012,12 +2010,12 @@ } void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, - int (**psignctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (**psignctx) (EVP_PKEY_CTX *ctx, - unsigned char *sig, - size_t *siglen, - EVP_MD_CTX *mctx)) + int (**psignctx_init)(EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx)(EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)) { if (psignctx_init) *psignctx_init = pmeth->signctx_init; @@ -2026,12 +2024,12 @@ } void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, - int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (**pverifyctx) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - int siglen, - EVP_MD_CTX *mctx)) + int (**pverifyctx_init)(EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx)(EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)) { if (pverifyctx_init) *pverifyctx_init = pmeth->verifyctx_init; @@ -2040,12 +2038,12 @@ } void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, - int (**pencrypt_init) (EVP_PKEY_CTX *ctx), - int (**pencryptfn) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)) + int (**pencrypt_init)(EVP_PKEY_CTX *ctx), + int (**pencryptfn)(EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) { if (pencrypt_init) *pencrypt_init = pmeth->encrypt_init; @@ -2054,12 +2052,12 @@ } void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, - int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), - int (**pdecrypt) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)) + int (**pdecrypt_init)(EVP_PKEY_CTX *ctx), + int (**pdecrypt)(EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) { if (pdecrypt_init) *pdecrypt_init = pmeth->decrypt_init; @@ -2068,10 +2066,10 @@ } void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, - int (**pderive_init) (EVP_PKEY_CTX *ctx), - int (**pderive) (EVP_PKEY_CTX *ctx, - unsigned char *key, - size_t *keylen)) + int (**pderive_init)(EVP_PKEY_CTX *ctx), + int (**pderive)(EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)) { if (pderive_init) *pderive_init = pmeth->derive_init; @@ -2080,11 +2078,11 @@ } void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, - int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, - void *p2), - int (**pctrl_str) (EVP_PKEY_CTX *ctx, - const char *type, - const char *value)) + int (**pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str)(EVP_PKEY_CTX *ctx, + const char *type, + const char *value)) { if (pctrl) *pctrl = pmeth->ctrl; @@ -2093,46 +2091,46 @@ } void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth, - int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)) + int (**digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) { if (digestsign) *digestsign = pmeth->digestsign; } void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth, - int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen)) + int (**digestverify)(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) { if (digestverify) *digestverify = pmeth->digestverify; } void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)) + int (**pcheck)(EVP_PKEY *pkey)) { if (pcheck != NULL) *pcheck = pmeth->check; } void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)) + int (**pcheck)(EVP_PKEY *pkey)) { if (pcheck != NULL) *pcheck = pmeth->public_check; } void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)) + int (**pcheck)(EVP_PKEY *pkey)) { if (pcheck != NULL) *pcheck = pmeth->param_check; } void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth, - int (**pdigest_custom) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx)) + int (**pdigest_custom)(EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)) { if (pdigest_custom != NULL) *pdigest_custom = pmeth->digest_custom; --- crypto/openssl/crypto/evp/signature.c.orig +++ crypto/openssl/crypto/evp/signature.c @@ -11,7 +11,7 @@ #include #include #include -#include "internal/numbers.h" /* includes SIZE_MAX */ +#include "internal/numbers.h" /* includes SIZE_MAX */ #include "internal/cryptlib.h" #include "internal/provider.h" #include "internal/core.h" @@ -41,8 +41,8 @@ } static void *evp_signature_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { const OSSL_DISPATCH *fns = algodef->implementation; EVP_SIGNATURE *signature = NULL; @@ -272,7 +272,7 @@ } return signature; - err: +err: EVP_SIGNATURE_free(signature); return NULL; } @@ -306,29 +306,29 @@ } EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) + const char *properties) { return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties, - evp_signature_from_algorithm, - (int (*)(void *))EVP_SIGNATURE_up_ref, - (void (*)(void *))EVP_SIGNATURE_free); + evp_signature_from_algorithm, + (int (*)(void *))EVP_SIGNATURE_up_ref, + (void (*)(void *))EVP_SIGNATURE_free); } EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov, - const char *algorithm, - const char *properties) + const char *algorithm, + const char *properties) { return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE, - algorithm, properties, - evp_signature_from_algorithm, - (int (*)(void *))EVP_SIGNATURE_up_ref, - (void (*)(void *))EVP_SIGNATURE_free); + algorithm, properties, + evp_signature_from_algorithm, + (int (*)(void *))EVP_SIGNATURE_up_ref, + (void (*)(void *))EVP_SIGNATURE_free); } int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name) { return signature != NULL - && evp_is_a(signature->prov, signature->name_id, NULL, name); + && evp_is_a(signature->prov, signature->name_id, NULL, name); } int evp_signature_get_number(const EVP_SIGNATURE *signature) @@ -347,21 +347,20 @@ } void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_SIGNATURE *signature, - void *arg), - void *arg) + void (*fn)(EVP_SIGNATURE *signature, + void *arg), + void *arg) { evp_generic_do_all(libctx, OSSL_OP_SIGNATURE, - (void (*)(void *, void *))fn, arg, - evp_signature_from_algorithm, - (int (*)(void *))EVP_SIGNATURE_up_ref, - (void (*)(void *))EVP_SIGNATURE_free); + (void (*)(void *, void *))fn, arg, + evp_signature_from_algorithm, + (int (*)(void *))EVP_SIGNATURE_up_ref, + (void (*)(void *))EVP_SIGNATURE_free); } - int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (signature->prov != NULL) return evp_names_do_all(signature->prov, signature->name_id, fn, data); @@ -392,7 +391,7 @@ } static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { int ret = 0; void *provkey = NULL; @@ -425,13 +424,13 @@ * Try to derive the supported signature from |ctx->keymgmt|. */ if (!ossl_assert(ctx->pkey->keymgmt == NULL - || ctx->pkey->keymgmt == ctx->keymgmt)) { + || ctx->pkey->keymgmt == ctx->keymgmt)) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); goto err; } supported_sig = evp_keymgmt_util_query_operation_name(ctx->keymgmt, - OSSL_OP_SIGNATURE); + OSSL_OP_SIGNATURE); if (supported_sig == NULL) { ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -468,16 +467,14 @@ switch (iter) { case 1: - signature = - EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery); + signature = EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery); if (signature != NULL) tmp_prov = EVP_SIGNATURE_get0_provider(signature); break; case 2: tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); - signature = - evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_sig, ctx->propquery); + signature = evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + supported_sig, ctx->propquery); if (signature == NULL) goto legacy; break; @@ -495,13 +492,12 @@ * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt) */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); + tmp_keymgmt_tofree = tmp_keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, + EVP_KEYMGMT_get0_name(ctx->keymgmt), + ctx->propquery); if (tmp_keymgmt != NULL) provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); + &tmp_keymgmt, ctx->propquery); if (tmp_keymgmt == NULL) EVP_KEYMGMT_free(tmp_keymgmt_tofree); } @@ -516,8 +512,7 @@ /* No more legacy from here down to legacy: */ ctx->op.sig.signature = signature; - ctx->op.sig.algctx = - signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery); + ctx->op.sig.algctx = signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery); if (ctx->op.sig.algctx == NULL) { /* The provider key can stay in the cache */ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -548,7 +543,7 @@ goto err; } ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey, - params); + params); break; default: ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); @@ -562,7 +557,7 @@ } goto end; - legacy: +legacy: /* * If we don't have the full support we need with provided methods, * let's go see if legacy does. @@ -572,10 +567,10 @@ tmp_keymgmt = NULL; if (ctx->pmeth == NULL - || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL) - || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL) - || (operation == EVP_PKEY_OP_VERIFYRECOVER - && ctx->pmeth->verify_recover == NULL)) { + || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL) + || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL) + || (operation == EVP_PKEY_OP_VERIFYRECOVER + && ctx->pmeth->verify_recover == NULL)) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } @@ -602,7 +597,7 @@ } if (ret <= 0) goto err; - end: +end: #ifndef FIPS_MODULE if (ret > 0) ret = evp_pkey_ctx_use_cached_data(ctx); @@ -610,7 +605,7 @@ EVP_KEYMGMT_free(tmp_keymgmt); return ret; - err: +err: evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_UNDEFINED; EVP_KEYMGMT_free(tmp_keymgmt); @@ -628,8 +623,8 @@ } int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen) + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) { int ret; @@ -652,18 +647,17 @@ } ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen, - (sig == NULL) ? 0 : *siglen, tbs, tbslen); + (sig == NULL) ? 0 : *siglen, tbs, tbslen); return ret; - legacy: +legacy: if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) - return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); + M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); } int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) @@ -677,8 +671,8 @@ } int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) { int ret; @@ -701,10 +695,10 @@ } ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen, - tbs, tbslen); + tbs, tbslen); return ret; - legacy: +legacy: if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; @@ -719,14 +713,14 @@ } int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params); } int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen) + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen) { int ret; @@ -749,15 +743,14 @@ } ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout, - routlen, - (rout == NULL ? 0 : *routlen), - sig, siglen); + routlen, + (rout == NULL ? 0 : *routlen), + sig, siglen); return ret; - legacy: +legacy: if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) - return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); + M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); } --- crypto/openssl/crypto/ex_data.c.orig +++ crypto/openssl/crypto/ex_data.c @@ -41,7 +41,7 @@ * If we get here, someone (who?) cleaned up the lock, so just * treat it as an error. */ - return NULL; + return NULL; } if (!CRYPTO_THREAD_write_lock(global->ex_data_lock)) @@ -80,24 +80,23 @@ global->ex_data_lock = NULL; } - /* * Unregister a new index by replacing the callbacks with no-ops. * Any in-use instances are leaked. */ static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) + long argl, void *argp) { } static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) + long argl, void *argp) { } static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **from_d, int idx, - long argl, void *argp) + void **from_d, int idx, + long argl, void *argp) { return 1; } @@ -139,11 +138,11 @@ * Register a new index. */ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, - long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func, - int priority) + long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func, + int priority) { int toret = -1; EX_CALLBACK *a; @@ -190,17 +189,17 @@ toret = sk_EX_CALLBACK_num(ip->meth) - 1; (void)sk_EX_CALLBACK_set(ip->meth, toret, a); - err: +err: CRYPTO_THREAD_unlock(global->ex_data_lock); return toret; } int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func) { return ossl_crypto_get_ex_new_index_ex(NULL, class_index, argl, argp, - new_func, dup_func, free_func, 0); + new_func, dup_func, free_func, 0); } /* @@ -211,7 +210,7 @@ * to the global "ex_data" state (ie. class definitions), not 'ad' itself. */ int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj, - CRYPTO_EX_DATA *ad) + CRYPTO_EX_DATA *ad) { int mx, i; void *ptr; @@ -249,7 +248,7 @@ if (storage[i] != NULL && storage[i]->new_func != NULL) { ptr = CRYPTO_get_ex_data(ad, i); storage[i]->new_func(obj, ptr, ad, i, - storage[i]->argl, storage[i]->argp); + storage[i]->argl, storage[i]->argp); } } if (storage != stack) @@ -267,7 +266,7 @@ * for each index in the class used by this variable */ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - const CRYPTO_EX_DATA *from) + const CRYPTO_EX_DATA *from) { int mx, j, i; void *ptr; @@ -325,12 +324,12 @@ ptr = CRYPTO_get_ex_data(from, i); if (storage[i] != NULL && storage[i]->dup_func != NULL) if (!storage[i]->dup_func(to, from, &ptr, i, - storage[i]->argl, storage[i]->argp)) + storage[i]->argl, storage[i]->argp)) goto err; CRYPTO_set_ex_data(to, i, ptr); } toret = 1; - err: +err: if (storage != stack) OPENSSL_free(storage); return toret; @@ -408,7 +407,7 @@ if (storage != stack) OPENSSL_free(storage); - err: +err: sk_void_free(ad->sk); ad->sk = NULL; ad->ctx = NULL; @@ -419,7 +418,7 @@ * function */ int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, - int idx) + int idx) { void *curval; @@ -432,7 +431,7 @@ } int ossl_crypto_alloc_ex_data_intern(int class_index, void *obj, - CRYPTO_EX_DATA *ad, int idx) + CRYPTO_EX_DATA *ad, int idx) { EX_CALLBACK *f; EX_CALLBACKS *ip; --- crypto/openssl/crypto/ffc/ffc_backend.c.orig +++ crypto/openssl/crypto/ffc/ffc_backend.c @@ -27,7 +27,7 @@ if (ffc == NULL) return 0; - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); if (prm != NULL) { /* * In a no-dh build we just go straight to err because we have no @@ -57,7 +57,7 @@ if (prm != NULL) { if (!OSSL_PARAM_get_int(prm, &i)) goto err; - ffc->gindex = i; + ffc->gindex = i; } prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER); if (prm != NULL) { @@ -72,28 +72,28 @@ if (prm != NULL) { if (!OSSL_PARAM_get_int(prm, &i)) goto err; - ffc->h = i; + ffc->h = i; } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED); if (prm != NULL) { if (prm->data_type != OSSL_PARAM_OCTET_STRING) goto err; if (!ossl_ffc_params_set_seed(ffc, prm->data, prm->data_size)) goto err; } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ); if (prm != NULL) { if (!OSSL_PARAM_get_int(prm, &i)) goto err; ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_PQ, i); } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_G); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_G); if (prm != NULL) { if (!OSSL_PARAM_get_int(prm, &i)) goto err; ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_G, i); } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY); if (prm != NULL) { if (!OSSL_PARAM_get_int(prm, &i)) goto err; @@ -121,7 +121,7 @@ ossl_ffc_params_set0_j(ffc, j); return 1; - err: +err: BN_free(j); BN_free(p); BN_free(q); --- crypto/openssl/crypto/ffc/ffc_dh.c.orig +++ crypto/openssl/crypto/ffc/ffc_dh.c @@ -13,35 +13,37 @@ #ifndef OPENSSL_NO_DH -# define FFDHE(sz, keylength) { \ - SN_ffdhe##sz, NID_ffdhe##sz, \ - sz, \ - keylength, \ - &ossl_bignum_ffdhe##sz##_p, &ossl_bignum_ffdhe##sz##_q, \ - &ossl_bignum_const_2, \ - } +#define FFDHE(sz, keylength) { \ + SN_ffdhe##sz, \ + NID_ffdhe##sz, \ + sz, \ + keylength, \ + &ossl_bignum_ffdhe##sz##_p, \ + &ossl_bignum_ffdhe##sz##_q, \ + &ossl_bignum_const_2, \ +} -# define MODP(sz, keylength) { \ - SN_modp_##sz, NID_modp_##sz, \ - sz, \ - keylength, \ - &ossl_bignum_modp_##sz##_p, &ossl_bignum_modp_##sz##_q, \ - &ossl_bignum_const_2 \ - } +#define MODP(sz, keylength) { \ + SN_modp_##sz, NID_modp_##sz, \ + sz, \ + keylength, \ + &ossl_bignum_modp_##sz##_p, &ossl_bignum_modp_##sz##_q, \ + &ossl_bignum_const_2 \ +} -# define RFC5114(name, uid, sz, tag) { \ - name, uid, \ - sz, \ - 0, \ - &ossl_bignum_dh##tag##_p, &ossl_bignum_dh##tag##_q, \ - &ossl_bignum_dh##tag##_g \ - } +#define RFC5114(name, uid, sz, tag) { \ + name, uid, \ + sz, \ + 0, \ + &ossl_bignum_dh##tag##_p, &ossl_bignum_dh##tag##_q, \ + &ossl_bignum_dh##tag##_g \ +} #else -# define FFDHE(sz, keylength) { SN_ffdhe##sz, NID_ffdhe##sz } -# define MODP(sz, keylength) { SN_modp_##sz, NID_modp_##sz } -# define RFC5114(name, uid, sz, tag) { name, uid } +#define FFDHE(sz, keylength) { SN_ffdhe##sz, NID_ffdhe##sz } +#define MODP(sz, keylength) { SN_modp_##sz, NID_modp_##sz } +#define RFC5114(name, uid, sz, tag) { name, uid } #endif @@ -76,10 +78,10 @@ MODP(4096, 325), MODP(6144, 375), MODP(8192, 400), - /* - * Additional dh named groups from RFC 5114 that have a different g. - * The uid can be any unique identifier. - */ +/* + * Additional dh named groups from RFC 5114 that have a different g. + * The uid can be any unique identifier. + */ #ifndef FIPS_MODULE RFC5114("dh_1024_160", 1, 1024, 1024_160), RFC5114("dh_2048_224", 2, 2048, 2048_224), @@ -111,8 +113,8 @@ #ifndef OPENSSL_NO_DH const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p, - const BIGNUM *q, - const BIGNUM *g) + const BIGNUM *q, + const BIGNUM *g) { size_t i; @@ -163,7 +165,7 @@ return 0; ossl_ffc_params_set0_pqg(ffc, (BIGNUM *)group->p, (BIGNUM *)group->q, - (BIGNUM *)group->g); + (BIGNUM *)group->g); ffc->keylength = group->keylength; /* flush the cached nid, The DH layer is responsible for caching */ --- crypto/openssl/crypto/ffc/ffc_key_generate.c.orig +++ crypto/openssl/crypto/ffc/ffc_key_generate.c @@ -20,7 +20,7 @@ * priv_key is the returned private key, */ int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, - int N, int s, BIGNUM *priv) + int N, int s, BIGNUM *priv) { int ret = 0, qbits = BN_num_bits(params->q); BIGNUM *m, *two_powN = NULL; --- crypto/openssl/crypto/ffc/ffc_key_validate.c.orig +++ crypto/openssl/crypto/ffc/ffc_key_validate.c @@ -17,7 +17,7 @@ * ret contains 0 on success, or error flags (see FFC_ERROR_PUBKEY_TOO_SMALL) */ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, - const BIGNUM *pub_key, int *ret) + const BIGNUM *pub_key, int *ret) { int ok = 0; BIGNUM *tmp = NULL; @@ -48,7 +48,7 @@ if (BN_cmp(pub_key, tmp) >= 0) *ret |= FFC_ERROR_PUBKEY_TOO_LARGE; ok = 1; - err: +err: if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -60,7 +60,7 @@ * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation. */ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, - const BIGNUM *pub_key, int *ret) + const BIGNUM *pub_key, int *ret) { int ok = 0; BIGNUM *tmp = NULL; @@ -85,7 +85,7 @@ } ok = 1; - err: +err: if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -100,7 +100,7 @@ * Note: This assumes that the domain parameters are valid. */ int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv, - int *ret) + int *ret) { int ok = 0; --- crypto/openssl/crypto/ffc/ffc_params.c.orig +++ crypto/openssl/crypto/ffc/ffc_params.c @@ -14,7 +14,7 @@ #include "internal/nelem.h" #ifndef FIPS_MODULE -# include /* ossl_ffc_params_print */ +#include /* ossl_ffc_params_print */ #endif void ossl_ffc_params_init(FFC_PARAMS *params) @@ -52,7 +52,7 @@ } void ossl_ffc_params_get0_pqg(const FFC_PARAMS *d, const BIGNUM **p, - const BIGNUM **q, const BIGNUM **g) + const BIGNUM **q, const BIGNUM **g) { if (p != NULL) *p = d->p; @@ -62,7 +62,6 @@ *g = d->g; } - /* j is the 'cofactor' that is optionally output for ASN1. */ void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j) { @@ -73,7 +72,7 @@ } int ossl_ffc_params_set_seed(FFC_PARAMS *params, - const unsigned char *seed, size_t seedlen) + const unsigned char *seed, size_t seedlen) { if (params == NULL) return 0; @@ -117,7 +116,7 @@ } void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, - int enable) + int enable) { if (enable) params->flags |= flags; @@ -133,8 +132,8 @@ } int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, - const unsigned char *seed, - size_t seedlen, int counter) + const unsigned char *seed, + size_t seedlen, int counter) { if (!ossl_ffc_params_set_seed(params, seed, seedlen)) return 0; @@ -143,8 +142,8 @@ } void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params, - unsigned char **seed, size_t *seedlen, - int *pcounter) + unsigned char **seed, size_t *seedlen, + int *pcounter) { if (seed != NULL) *seed = params->seed; @@ -165,7 +164,7 @@ if (src == NULL) a = NULL; else if (BN_get_flags(src, BN_FLG_STATIC_DATA) - && !BN_get_flags(src, BN_FLG_MALLOCED)) + && !BN_get_flags(src, BN_FLG_MALLOCED)) a = (BIGNUM *)src; else if ((a = BN_dup(src)) == NULL) return 0; @@ -188,7 +187,7 @@ dst->seedlen = src->seedlen; if (src->seed != NULL) { dst->seed = OPENSSL_memdup(src->seed, src->seedlen); - if (dst->seed == NULL) + if (dst->seed == NULL) return 0; } else { dst->seed = NULL; @@ -205,12 +204,12 @@ int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q) { return BN_cmp(a->p, b->p) == 0 - && BN_cmp(a->g, b->g) == 0 - && (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */ + && BN_cmp(a->g, b->g) == 0 + && (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */ } int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, - OSSL_PARAM params[]) + OSSL_PARAM params[]) { int test_flags; @@ -228,20 +227,20 @@ return 0; if (ffc->j != NULL && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_COFACTOR, - ffc->j)) + ffc->j)) return 0; if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_GINDEX, - ffc->gindex)) + ffc->gindex)) return 0; if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_PCOUNTER, - ffc->pcounter)) + ffc->pcounter)) return 0; if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_H, ffc->h)) return 0; if (ffc->seed != NULL && !ossl_param_build_set_octet_string(bld, params, - OSSL_PKEY_PARAM_FFC_SEED, - ffc->seed, ffc->seedlen)) + OSSL_PKEY_PARAM_FFC_SEED, + ffc->seed, ffc->seedlen)) return 0; if (ffc->nid != NID_undef) { const DH_NAMED_GROUP *group = ossl_ffc_uid_to_dh_named_group(ffc->nid); @@ -249,33 +248,33 @@ if (name == NULL || !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_GROUP_NAME, - name)) + OSSL_PKEY_PARAM_GROUP_NAME, + name)) return 0; } test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0); if (!ossl_param_build_set_int(bld, params, - OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, test_flags)) + OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, test_flags)) return 0; test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_G) != 0); if (!ossl_param_build_set_int(bld, params, - OSSL_PKEY_PARAM_FFC_VALIDATE_G, test_flags)) + OSSL_PKEY_PARAM_FFC_VALIDATE_G, test_flags)) return 0; test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) != 0); if (!ossl_param_build_set_int(bld, params, - OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY, - test_flags)) + OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY, + test_flags)) return 0; if (ffc->mdname != NULL && !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_FFC_DIGEST, - ffc->mdname)) - return 0; + OSSL_PKEY_PARAM_FFC_DIGEST, + ffc->mdname)) + return 0; if (ffc->mdprops != NULL && !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, - ffc->mdprops)) + OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, + ffc->mdprops)) return 0; return 1; } @@ -306,7 +305,8 @@ goto err; } if (BIO_printf(bp, "%02x%s", ffc->seed[i], - ((i + 1) == ffc->seedlen) ? "" : ":") <= 0) + ((i + 1) == ffc->seedlen) ? "" : ":") + <= 0) goto err; } if (BIO_write(bp, "\n", 1) <= 0) --- crypto/openssl/crypto/ffc/ffc_params_generate.c.orig +++ crypto/openssl/crypto/ffc/ffc_params_generate.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,9 +45,9 @@ /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ if (L == 2048 && (N == 224 || N == 256)) return 112; -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH ERR_raise(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS); -# endif +#endif } else if (type == FFC_PARAM_TYPE_DSA) { /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */ /* In fips mode 1024/160 can only be used for verification */ @@ -57,9 +57,9 @@ return 112; if (L == 3072 && N == 256) return 128; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); -# endif +#endif } return 0; } @@ -73,9 +73,9 @@ /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ if (L == 2048 && (N == 224 || N == 256)) return 112; -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH ERR_raise(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS); -# endif +#endif } else if (type == FFC_PARAM_TYPE_DSA) { if (L >= 3072 && N >= 256) return 128; @@ -83,9 +83,9 @@ return 112; if (L >= 1024 && N >= 160) return 80; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); -# endif +#endif } return 0; } @@ -93,9 +93,9 @@ /* FIPS186-4 A.2.1 Unverifiable Generation of Generator g */ static int generate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, BIGNUM *g, - BIGNUM *hbn, const BIGNUM *p, - const BIGNUM *e,const BIGNUM *pm1, - int *hret) + BIGNUM *hbn, const BIGNUM *p, + const BIGNUM *e, const BIGNUM *pm1, + int *hret) { int h = 2; @@ -130,9 +130,9 @@ * Returns a value in g. */ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont, - const EVP_MD *evpmd, BIGNUM *g, BIGNUM *tmp, - const BIGNUM *p, const BIGNUM *e, - int gindex, unsigned char *seed, size_t seedlen) + const EVP_MD *evpmd, BIGNUM *g, BIGNUM *tmp, + const BIGNUM *p, const BIGNUM *e, + int gindex, unsigned char *seed, size_t seedlen) { int ret = 0; int counter = 1; @@ -148,11 +148,11 @@ if (mctx == NULL) return 0; - /* - * A.2.3 Step (4) & (5) - * A.2.4 Step (6) & (7) - * counter = 0; counter += 1 - */ + /* + * A.2.3 Step (4) & (5) + * A.2.4 Step (6) & (7) + * counter = 0; counter += 1 + */ for (counter = 1; counter <= 0xFFFF; ++counter) { /* * A.2.3 Step (7) & (8) & (9) @@ -166,13 +166,13 @@ md[1] = (unsigned char)((counter >> 8) & 0xff); md[2] = (unsigned char)(counter & 0xff); if (!EVP_DigestInit_ex(mctx, evpmd, NULL) - || !EVP_DigestUpdate(mctx, seed, seedlen) - || !EVP_DigestUpdate(mctx, ggen, sizeof(ggen)) - || !EVP_DigestUpdate(mctx, md, 3) - || !EVP_DigestFinal_ex(mctx, md, NULL) - || (BN_bin2bn(md, mdsize, tmp) == NULL) - || !BN_mod_exp_mont(g, tmp, e, p, ctx, mont)) - break; /* exit on failure */ + || !EVP_DigestUpdate(mctx, seed, seedlen) + || !EVP_DigestUpdate(mctx, ggen, sizeof(ggen)) + || !EVP_DigestUpdate(mctx, md, 3) + || !EVP_DigestFinal_ex(mctx, md, NULL) + || (BN_bin2bn(md, mdsize, tmp) == NULL) + || !BN_mod_exp_mont(g, tmp, e, p, ctx, mont)) + break; /* exit on failure */ /* * A.2.3 Step (10) * A.2.4 Step (12) @@ -189,9 +189,9 @@ /* Generation of p is the same for FIPS 186-4 & FIPS 186-2 */ static int generate_p(BN_CTX *ctx, const EVP_MD *evpmd, int max_counter, int n, - unsigned char *buf, size_t buf_len, const BIGNUM *q, - BIGNUM *p, int L, BN_GENCB *cb, int *counter, - int *res) + unsigned char *buf, size_t buf_len, const BIGNUM *q, + BIGNUM *p, int L, BN_GENCB *cb, int *counter, + int *res) { int ret = -1; int i, j, k, r; @@ -242,14 +242,14 @@ * tmp = V(j) = Hash((seed + offset + j) % 2^seedlen) */ if (!EVP_Digest(buf, buf_len, md, NULL, evpmd, NULL) - || (BN_bin2bn(md, mdsize, tmp) == NULL) - /* - * A.1.1.2 Step (11.2) - * A.1.1.3 Step (13.2) - * W += V(j) * 2^(outlen * j) - */ - || !BN_lshift(tmp, tmp, (mdsize << 3) * j) - || !BN_add(W, W, tmp)) + || (BN_bin2bn(md, mdsize, tmp) == NULL) + /* + * A.1.1.2 Step (11.2) + * A.1.1.3 Step (13.2) + * W += V(j) * 2^(outlen * j) + */ + || !BN_lshift(tmp, tmp, (mdsize << 3) * j) + || !BN_add(W, W, tmp)) goto err; } @@ -259,22 +259,22 @@ * X = W + 2^(L-1) where W < 2^(L-1) */ if (!BN_mask_bits(W, L - 1) - || !BN_copy(X, W) - || !BN_add(X, X, test) - /* - * A.1.1.2 Step (11.4) AND - * A.1.1.3 Step (13.4) - * c = X mod 2q - */ - || !BN_lshift1(tmp, q) - || !BN_mod(c, X, tmp, ctx) - /* - * A.1.1.2 Step (11.5) AND - * A.1.1.3 Step (13.5) - * p = X - (c - 1) - */ - || !BN_sub(tmp, c, BN_value_one()) - || !BN_sub(p, X, tmp)) + || !BN_copy(X, W) + || !BN_add(X, X, test) + /* + * A.1.1.2 Step (11.4) AND + * A.1.1.3 Step (13.4) + * c = X mod 2q + */ + || !BN_lshift1(tmp, q) + || !BN_mod(c, X, tmp, ctx) + /* + * A.1.1.2 Step (11.5) AND + * A.1.1.3 Step (13.5) + * p = X - (c - 1) + */ + || !BN_sub(tmp, c, BN_value_one()) + || !BN_sub(p, X, tmp)) goto err; /* @@ -294,7 +294,7 @@ /* A.1.1.2 Step (11.8) : Return if p is prime */ if (r > 0) { *counter = i; - ret = 1; /* return success */ + ret = 1; /* return success */ goto err; } if (r != 0) @@ -311,9 +311,9 @@ } static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, - int qsize, unsigned char *seed, size_t seedlen, - int generate_seed, int *retm, int *res, - BN_GENCB *cb) + int qsize, unsigned char *seed, size_t seedlen, + int generate_seed, int *retm, int *res, + BN_GENCB *cb) { int ret = 0, r; int m = *retm; @@ -324,12 +324,12 @@ /* find q */ for (;;) { - if(!BN_GENCB_call(cb, 0, m++)) + if (!BN_GENCB_call(cb, 0, m++)) goto err; /* A.1.1.2 Step (5) : generate seed with size seed_len */ if (generate_seed - && RAND_bytes_ex(libctx, seed, seedlen, 0) <= 0) + && RAND_bytes_ex(libctx, seed, seedlen, 0) <= 0) goto err; /* * A.1.1.2 Step (6) AND @@ -352,7 +352,7 @@ * q = U + 2^(N-1) + (1 - U %2) (This sets top and bottom bits) */ pmd[0] |= 0x80; - pmd[qsize-1] |= 0x01; + pmd[qsize - 1] |= 0x01; if (!BN_bin2bn(pmd, qsize, q)) goto err; @@ -384,9 +384,9 @@ } static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, - unsigned char *buf, unsigned char *seed, - size_t qsize, int generate_seed, int *retm, - int *res, BN_GENCB *cb) + unsigned char *buf, unsigned char *seed, + size_t qsize, int generate_seed, int *retm, + int *res, BN_GENCB *cb) { unsigned char buf2[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE]; @@ -435,7 +435,7 @@ } if (r != 0) goto err; /* Exit if error */ - /* Try another iteration if it wasnt prime - was in old code.. */ + /* Try another iteration if it wasn't prime - was in old code.. */ generate_seed = 1; } err: @@ -511,9 +511,9 @@ * but G is unverifiable. */ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, - FFC_PARAMS *params, int mode, int type, - size_t L, size_t N, int *res, - BN_GENCB *cb) + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb) { int ok = FFC_PARAM_RET_STATUS_FAILED; unsigned char *seed = NULL, *seed_tmp = NULL; @@ -673,7 +673,7 @@ * A.1.1.3 Step (10) * n = floor(L / hash_outlen) - 1 */ - n = (L - 1 ) / (mdsize << 3); + n = (L - 1) / (mdsize << 3); /* Calculate 2^(L-1): Used in step A.1.1.2 Step (11.3) */ if (!BN_lshift(test, BN_value_one(), L - 1)) @@ -681,21 +681,21 @@ for (;;) { if (!generate_q_fips186_4(ctx, q, md, qsize, seed, seedlen, - seed != params->seed, &m, res, cb)) + seed != params->seed, &m, res, cb)) goto err; /* A.1.1.3 Step (9): Verify that q matches the expected value */ if (verify && (BN_cmp(q, params->q) != 0)) { *res = FFC_CHECK_Q_MISMATCH; goto err; } - if(!BN_GENCB_call(cb, 2, 0)) + if (!BN_GENCB_call(cb, 2, 0)) goto err; - if(!BN_GENCB_call(cb, 3, 0)) + if (!BN_GENCB_call(cb, 3, 0)) goto err; memcpy(seed_tmp, seed, seedlen); r = generate_p(ctx, md, counter, n, seed_tmp, seedlen, q, p, L, - cb, &pcounter, res); + cb, &pcounter, res); if (r > 0) break; /* found p */ if (r < 0) @@ -710,7 +710,7 @@ goto err; } } - if(!BN_GENCB_call(cb, 2, 1)) + if (!BN_GENCB_call(cb, 2, 1)) goto err; /* * Gets here if we found p. @@ -730,7 +730,7 @@ if (((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) && !ossl_ffc_params_validate_unverifiable_g(ctx, mont, p, q, params->g, - tmp, res)) + tmp, res)) goto err; /* @@ -746,7 +746,7 @@ if ((seed != NULL) && (params->gindex != FFC_UNVERIFIABLE_GINDEX)) { canonical_g = 1; if (!generate_canonical_g(ctx, mont, md, g, tmp, p, e, - params->gindex, seed, seedlen)) { + params->gindex, seed, seedlen)) { *res = FFC_CHECK_INVALID_G; goto err; } @@ -779,7 +779,7 @@ if (params->p == NULL || params->q == NULL || params->g == NULL) goto err; if (!ossl_ffc_params_set_validate_params(params, seed, seedlen, - pcounter)) + pcounter)) goto err; params->h = hret; } @@ -804,9 +804,9 @@ /* Note this function is only used for verification in fips mode */ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, - FFC_PARAMS *params, int mode, int type, - size_t L, size_t N, int *res, - BN_GENCB *cb) + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb) { int ok = FFC_PARAM_RET_STATUS_FAILED; unsigned char seed[SHA256_DIGEST_LENGTH]; @@ -928,7 +928,7 @@ use_random_seed = (seed_in == NULL); for (;;) { if (!generate_q_fips186_2(ctx, q, md, buf, seed, qsize, - use_random_seed, &m, res, cb)) + use_random_seed, &m, res, cb)) goto err; if (!BN_GENCB_call(cb, 2, 0)) @@ -949,7 +949,7 @@ } rv = generate_p(ctx, md, counter, n, buf, qsize, q, p, L, cb, - &pcounter, res); + &pcounter, res); if (rv > 0) break; /* found it */ if (rv == -1) @@ -991,9 +991,9 @@ if (!generate_unverifiable_g(ctx, mont, g, tmp, p, r0, test, &hret)) goto err; } else if (((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) - && !ossl_ffc_params_validate_unverifiable_g(ctx, mont, p, q, - params->g, tmp, - res)) { + && !ossl_ffc_params_validate_unverifiable_g(ctx, mont, p, q, + params->g, tmp, + res)) { goto err; } @@ -1034,22 +1034,22 @@ } int ossl_ffc_params_FIPS186_4_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - int *res, BN_GENCB *cb) + int type, size_t L, size_t N, + int *res, BN_GENCB *cb) { return ossl_ffc_params_FIPS186_4_gen_verify(libctx, params, - FFC_PARAM_MODE_GENERATE, - type, L, N, res, cb); + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb); } /* This should no longer be used in FIPS mode */ int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - int *res, BN_GENCB *cb) + int type, size_t L, size_t N, + int *res, BN_GENCB *cb) { if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, - FFC_PARAM_MODE_GENERATE, - type, L, N, res, cb)) + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb)) return 0; ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1); --- crypto/openssl/crypto/ffc/ffc_params_validate.c.orig +++ crypto/openssl/crypto/ffc/ffc_params_validate.c @@ -21,9 +21,9 @@ /* FIPS186-4 A.2.2 Unverifiable partial validation of Generator g */ int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, - const BIGNUM *p, const BIGNUM *q, - const BIGNUM *g, BIGNUM *tmp, - int *ret) + const BIGNUM *p, const BIGNUM *q, + const BIGNUM *g, BIGNUM *tmp, + int *ret) { /* * A.2.2 Step (1) AND @@ -50,8 +50,8 @@ } int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx, - const FFC_PARAMS *params, int type, - int *res, BN_GENCB *cb) + const FFC_PARAMS *params, int type, + int *res, BN_GENCB *cb) { size_t L, N; @@ -62,14 +62,14 @@ L = BN_num_bits(params->p); N = BN_num_bits(params->q); return ossl_ffc_params_FIPS186_4_gen_verify(libctx, (FFC_PARAMS *)params, - FFC_PARAM_MODE_VERIFY, type, - L, N, res, cb); + FFC_PARAM_MODE_VERIFY, type, + L, N, res, cb); } /* This may be used in FIPS mode to validate deprecated FIPS-186-2 Params */ int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx, - const FFC_PARAMS *params, int type, - int *res, BN_GENCB *cb) + const FFC_PARAMS *params, int type, + int *res, BN_GENCB *cb) { size_t L, N; @@ -82,8 +82,8 @@ L = BN_num_bits(params->p); N = BN_num_bits(params->q); return ossl_ffc_params_FIPS186_2_gen_verify(libctx, (FFC_PARAMS *)params, - FFC_PARAM_MODE_VERIFY, type, - L, N, res, cb); + FFC_PARAM_MODE_VERIFY, type, + L, N, res, cb); } /* @@ -93,11 +93,11 @@ * this test. */ int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, const FFC_PARAMS *params, - int paramstype, int *res) + int paramstype, int *res) { int ret; int tmpres = 0; - FFC_PARAMS tmpparams = {0}; + FFC_PARAMS tmpparams = { 0 }; if (params == NULL) return 0; @@ -114,11 +114,11 @@ #ifndef FIPS_MODULE if (params->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) ret = ossl_ffc_params_FIPS186_2_validate(libctx, &tmpparams, paramstype, - res, NULL); + res, NULL); else #endif ret = ossl_ffc_params_FIPS186_4_validate(libctx, &tmpparams, paramstype, - res, NULL); + res, NULL); #ifndef OPENSSL_NO_DH if (ret == FFC_PARAM_RET_STATUS_FAILED && (*res & FFC_ERROR_NOT_SUITABLE_GENERATOR) != 0) { @@ -137,7 +137,7 @@ * p and q. */ int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, const FFC_PARAMS *params, - int paramstype, int *res) + int paramstype, int *res) { int tmpres = 0; @@ -149,15 +149,15 @@ #ifdef FIPS_MODULE return ossl_ffc_params_FIPS186_4_validate(libctx, params, paramstype, - res, NULL); + res, NULL); #else if (params->seed != NULL) { if (params->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) return ossl_ffc_params_FIPS186_2_validate(libctx, params, paramstype, - res, NULL); + res, NULL); else return ossl_ffc_params_FIPS186_4_validate(libctx, params, paramstype, - res, NULL); + res, NULL); } else { int ret = 0; @@ -168,15 +168,15 @@ if ((ctx = BN_CTX_new_ex(libctx)) == NULL) return 0; if (BN_check_prime(params->q, ctx, NULL) != 1) { -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA ERR_raise(ERR_LIB_DSA, DSA_R_Q_NOT_PRIME); -# endif +#endif ret = 0; } if (ret && BN_check_prime(params->p, ctx, NULL) != 1) { -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA ERR_raise(ERR_LIB_DSA, DSA_R_P_NOT_PRIME); -# endif +#endif ret = 0; } BN_CTX_free(ctx); --- crypto/openssl/crypto/getenv.c.orig +++ crypto/openssl/crypto/getenv.c @@ -8,7 +8,7 @@ */ #ifndef _GNU_SOURCE -# define _GNU_SOURCE +#define _GNU_SOURCE #endif #include @@ -34,10 +34,7 @@ * For the code pages listed below, dwFlags must be set to 0. * Otherwise, the function fails with ERROR_INVALID_FLAGS. */ - if (curacp == 50220 || curacp == 50221 || curacp == 50222 || - curacp == 50225 || curacp == 50227 || curacp == 50229 || - (57002 <= curacp && curacp <=57011) || curacp == 65000 || - curacp == 42) + if (curacp == 50220 || curacp == 50221 || curacp == 50222 || curacp == 50225 || curacp == 50227 || curacp == 50229 || (57002 <= curacp && curacp <= 57011) || curacp == 65000 || curacp == 42) dwFlags = 0; /* query for buffer len */ @@ -62,7 +59,7 @@ if (GetEnvironmentVariableW(namew, valw, envlen) < envlen) { /* determine value string size in utf-8 */ vallen = WideCharToMultiByte(CP_UTF8, 0, valw, -1, NULL, 0, - NULL, NULL); + NULL, NULL); } } @@ -72,7 +69,8 @@ if (NULL != val) { /* convert value string from wide to utf-8 */ if (WideCharToMultiByte(CP_UTF8, 0, valw, -1, val, vallen, - NULL, NULL) == 0) { + NULL, NULL) + == 0) { OPENSSL_free(val); val = NULL; } @@ -89,10 +87,10 @@ #endif #if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 17) -# define SECURE_GETENV +#if __GLIBC_PREREQ(2, 17) +#define SECURE_GETENV return secure_getenv(name); -# endif +#endif #endif #ifndef SECURE_GETENV --- crypto/openssl/crypto/hmac/hmac.c.orig +++ crypto/openssl/crypto/hmac/hmac.c @@ -23,7 +23,7 @@ #include "hmac_local.h" int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl) + const EVP_MD *md, ENGINE *impl) { int rv = 0, reset = 0; int i, j; @@ -59,9 +59,9 @@ return 0; if (j < len) { if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) - || !EVP_DigestUpdate(ctx->md_ctx, key, len) - || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, - &keytmp_length)) + || !EVP_DigestUpdate(ctx->md_ctx, key, len) + || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, + &keytmp_length)) return 0; } else { if (len < 0 || len > (int)sizeof(keytmp)) @@ -71,26 +71,26 @@ } if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE) memset(&keytmp[keytmp_length], 0, - HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length); + HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length); for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x36 ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) - || !EVP_DigestUpdate(ctx->i_ctx, pad, - EVP_MD_get_block_size(md))) + || !EVP_DigestUpdate(ctx->i_ctx, pad, + EVP_MD_get_block_size(md))) goto err; for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x5c ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) - || !EVP_DigestUpdate(ctx->o_ctx, pad, - EVP_MD_get_block_size(md))) + || !EVP_DigestUpdate(ctx->o_ctx, pad, + EVP_MD_get_block_size(md))) goto err; } if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) goto err; rv = 1; - err: +err: if (reset) { OPENSSL_cleanse(keytmp, sizeof(keytmp)); OPENSSL_cleanse(pad, sizeof(pad)); @@ -131,7 +131,7 @@ if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len)) goto err; return 1; - err: +err: return 0; } @@ -213,14 +213,14 @@ goto err; dctx->md = sctx->md; return 1; - err: +err: hmac_ctx_cleanup(dctx); return 0; } unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *data, size_t data_len, - unsigned char *md, unsigned int *md_len) + const unsigned char *data, size_t data_len, + unsigned char *md, unsigned int *md_len) { static unsigned char static_md[EVP_MAX_MD_SIZE]; int size = EVP_MD_get_size(evp_md); @@ -229,8 +229,8 @@ if (size >= 0) { ret = EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, - key, key_len, data, data_len, - md == NULL ? static_md : md, size, &temp_md_len); + key, key_len, data, data_len, + md == NULL ? static_md : md, size, &temp_md_len); if (md_len != NULL) *md_len = (unsigned int)temp_md_len; } --- crypto/openssl/crypto/hmac/hmac_local.h.orig +++ crypto/openssl/crypto/hmac/hmac_local.h @@ -8,10 +8,10 @@ */ #ifndef OSSL_CRYPTO_HMAC_LOCAL_H -# define OSSL_CRYPTO_HMAC_LOCAL_H +#define OSSL_CRYPTO_HMAC_LOCAL_H /* The current largest case is for SHA3-224 */ -#define HMAC_MAX_MD_CBLOCK_SIZE 144 +#define HMAC_MAX_MD_CBLOCK_SIZE 144 struct hmac_ctx_st { const EVP_MD *md; --- crypto/openssl/crypto/http/http_client.c.orig +++ crypto/openssl/crypto/http/http_client.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -27,63 +27,63 @@ #define HTTP_PREFIX "HTTP/" #define HTTP_VERSION_PATT "1." /* allow 1.x */ #define HTTP_VERSION_STR_LEN sizeof(HTTP_VERSION_PATT) /* == strlen("1.0") */ -#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT -#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */ +#define HTTP_PREFIX_VERSION HTTP_PREFIX "" HTTP_VERSION_PATT +#define HTTP_1_0 HTTP_PREFIX_VERSION "0" /* "HTTP/1.0" */ #define HTTP_LINE1_MINLEN (sizeof(HTTP_PREFIX_VERSION "x 200\n") - 1) #define HTTP_VERSION_MAX_REDIRECTIONS 50 -#define HTTP_STATUS_CODE_OK 200 +#define HTTP_STATUS_CODE_OK 200 #define HTTP_STATUS_CODE_MOVED_PERMANENTLY 301 -#define HTTP_STATUS_CODE_FOUND 302 +#define HTTP_STATUS_CODE_FOUND 302 /* Stateful HTTP request code, supporting blocking and non-blocking I/O */ /* Opaque HTTP request status structure */ struct ossl_http_req_ctx_st { - int state; /* Current I/O state */ - unsigned char *buf; /* Buffer to write request or read response */ - int buf_size; /* Buffer size */ - int free_wbio; /* wbio allocated internally, free with ctx */ - BIO *wbio; /* BIO to write/send request to */ - BIO *rbio; /* BIO to read/receive response from */ - OSSL_HTTP_bio_cb_t upd_fn; /* Optional BIO update callback used for TLS */ - void *upd_arg; /* Optional arg for update callback function */ - int use_ssl; /* Use HTTPS */ - char *proxy; /* Optional proxy name or URI */ - char *server; /* Optional server host name */ - char *port; /* Optional server port */ - BIO *mem; /* Mem BIO holding request header or response */ - BIO *req; /* BIO holding the request provided by caller */ - int method_POST; /* HTTP method is POST (else GET) */ - char *expected_ct; /* Optional expected Content-Type */ - int expect_asn1; /* Response must be ASN.1-encoded */ - unsigned char *pos; /* Current position sending data */ - long len_to_send; /* Number of bytes still to send */ - size_t resp_len; /* Length of response */ - size_t max_resp_len; /* Maximum length of response, or 0 */ - int keep_alive; /* Persistent conn. 0=no, 1=prefer, 2=require */ - time_t max_time; /* Maximum end time of current transfer, or 0 */ - time_t max_total_time; /* Maximum end time of total transfer, or 0 */ - char *redirection_url; /* Location obtained from HTTP status 301/302 */ + int state; /* Current I/O state */ + unsigned char *buf; /* Buffer to write request or read response */ + int buf_size; /* Buffer size */ + int free_wbio; /* wbio allocated internally, free with ctx */ + BIO *wbio; /* BIO to write/send request to */ + BIO *rbio; /* BIO to read/receive response from */ + OSSL_HTTP_bio_cb_t upd_fn; /* Optional BIO update callback used for TLS */ + void *upd_arg; /* Optional arg for update callback function */ + int use_ssl; /* Use HTTPS */ + char *proxy; /* Optional proxy name or URI */ + char *server; /* Optional server host name */ + char *port; /* Optional server port */ + BIO *mem; /* Mem BIO holding request header or response */ + BIO *req; /* BIO holding the request provided by caller */ + int method_POST; /* HTTP method is POST (else GET) */ + char *expected_ct; /* Optional expected Content-Type */ + int expect_asn1; /* Response must be ASN.1-encoded */ + unsigned char *pos; /* Current position sending data */ + long len_to_send; /* Number of bytes still to send */ + size_t resp_len; /* Length of response */ + size_t max_resp_len; /* Maximum length of response, or 0 */ + int keep_alive; /* Persistent conn. 0=no, 1=prefer, 2=require */ + time_t max_time; /* Maximum end time of current transfer, or 0 */ + time_t max_total_time; /* Maximum end time of total transfer, or 0 */ + char *redirection_url; /* Location obtained from HTTP status 301/302 */ }; /* HTTP states */ -#define OHS_NOREAD 0x1000 /* If set no reading should be performed */ -#define OHS_ERROR (0 | OHS_NOREAD) /* Error condition */ -#define OHS_ADD_HEADERS (1 | OHS_NOREAD) /* Adding header lines to request */ -#define OHS_WRITE_INIT (2 | OHS_NOREAD) /* 1st call: ready to start send */ -#define OHS_WRITE_HDR (3 | OHS_NOREAD) /* Request header being sent */ -#define OHS_WRITE_REQ (4 | OHS_NOREAD) /* Request contents being sent */ -#define OHS_FLUSH (5 | OHS_NOREAD) /* Request being flushed */ -#define OHS_FIRSTLINE 1 /* First line of response being read */ -#define OHS_HEADERS 2 /* MIME headers of response being read */ -#define OHS_REDIRECT 3 /* MIME headers being read, expecting Location */ -#define OHS_ASN1_HEADER 4 /* ASN1 sequence header (tag+length) being read */ -#define OHS_ASN1_CONTENT 5 /* ASN1 content octets being read */ -#define OHS_ASN1_DONE (6 | OHS_NOREAD) /* ASN1 content read completed */ -#define OHS_STREAM (7 | OHS_NOREAD) /* HTTP content stream to be read */ +#define OHS_NOREAD 0x1000 /* If set no reading should be performed */ +#define OHS_ERROR (0 | OHS_NOREAD) /* Error condition */ +#define OHS_ADD_HEADERS (1 | OHS_NOREAD) /* Adding header lines to request */ +#define OHS_WRITE_INIT (2 | OHS_NOREAD) /* 1st call: ready to start send */ +#define OHS_WRITE_HDR (3 | OHS_NOREAD) /* Request header being sent */ +#define OHS_WRITE_REQ (4 | OHS_NOREAD) /* Request contents being sent */ +#define OHS_FLUSH (5 | OHS_NOREAD) /* Request being flushed */ +#define OHS_FIRSTLINE 1 /* First line of response being read */ +#define OHS_HEADERS 2 /* MIME headers of response being read */ +#define OHS_REDIRECT 3 /* MIME headers being read, expecting Location */ +#define OHS_ASN1_HEADER 4 /* ASN1 sequence header (tag+length) being read */ +#define OHS_ASN1_CONTENT 5 /* ASN1 content octets being read */ +#define OHS_ASN1_DONE (6 | OHS_NOREAD) /* ASN1 content read completed */ +#define OHS_STREAM (7 | OHS_NOREAD) /* HTTP content stream to be read */ /* Low-level HTTP API implementation */ @@ -153,7 +153,7 @@ } void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, - unsigned long len) + unsigned long len) { if (rctx == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); @@ -168,8 +168,8 @@ * a plain HTTP proxy is used and |path| does not begin with 'http://'. */ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, - const char *server, const char *port, - const char *path) + const char *server, const char *port, + const char *path) { if (rctx == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); @@ -188,14 +188,14 @@ * Section 5.1.2 of RFC 1945 states that the absoluteURI form is only * allowed when using a proxy */ - if (BIO_printf(rctx->mem, OSSL_HTTP_PREFIX"%s", server) <= 0) + if (BIO_printf(rctx->mem, OSSL_HTTP_PREFIX "%s", server) <= 0) return 0; if (port != NULL && BIO_printf(rctx->mem, ":%s", port) <= 0) return 0; } /* Make sure path includes a forward slash (abs_path) */ - if (path == NULL) { + if (path == NULL) { path = "/"; } else if (HAS_PREFIX(path, "http://")) { /* absoluteURI for proxy use */ if (server != NULL) { @@ -209,7 +209,7 @@ * Add (the rest of) the path and the HTTP version, * which is fixed to 1.0 for straightforward implementation of keep-alive */ - if (BIO_printf(rctx->mem, "%s "HTTP_1_0"\r\n", path) <= 0) + if (BIO_printf(rctx->mem, "%s " HTTP_1_0 "\r\n", path) <= 0) return 0; rctx->resp_len = 0; @@ -218,7 +218,7 @@ } int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx, - const char *name, const char *value) + const char *name, const char *value) { if (rctx == NULL || name == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); @@ -241,15 +241,15 @@ } int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx, - const char *content_type, int asn1, - int timeout, int keep_alive) + const char *content_type, int asn1, + int timeout, int keep_alive) { if (rctx == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (keep_alive != 0 - && rctx->state != OHS_ERROR && rctx->state != OHS_ADD_HEADERS) { + && rctx->state != OHS_ERROR && rctx->state != OHS_ADD_HEADERS) { /* Cannot anymore set keep-alive in request header */ ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -258,7 +258,7 @@ OPENSSL_free(rctx->expected_ct); rctx->expected_ct = NULL; if (content_type != NULL - && (rctx->expected_ct = OPENSSL_strdup(content_type)) == NULL) + && (rctx->expected_ct = OPENSSL_strdup(content_type)) == NULL) return 0; rctx->expect_asn1 = asn1; @@ -271,7 +271,7 @@ } static int set1_content(OSSL_HTTP_REQ_CTX *rctx, - const char *content_type, BIO *req) + const char *content_type, BIO *req) { long req_len = 0; #ifndef OPENSSL_NO_STDIO @@ -284,7 +284,7 @@ } if (rctx->keep_alive != 0 - && !OSSL_HTTP_REQ_CTX_add1_header(rctx, "Connection", "keep-alive")) + && !OSSL_HTTP_REQ_CTX_add1_header(rctx, "Connection", "keep-alive")) return 0; BIO_free(rctx->req); @@ -297,7 +297,7 @@ } if (content_type != NULL - && BIO_printf(rctx->mem, "Content-Type: %s\r\n", content_type) <= 0) + && BIO_printf(rctx->mem, "Content-Type: %s\r\n", content_type) <= 0) return 0; /* @@ -322,10 +322,10 @@ } if (( #ifndef OPENSSL_NO_STDIO - fp != NULL /* definitely correct req_len */ || + fp != NULL /* definitely correct req_len */ || #endif - req_len > 0) - && BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) < 0) + req_len > 0) + && BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) < 0) return 0; if (!BIO_up_ref(req)) @@ -335,7 +335,7 @@ } int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, - const ASN1_ITEM *it, const ASN1_VALUE *req) + const ASN1_ITEM *it, const ASN1_VALUE *req) { BIO *mem = NULL; int res = 1; @@ -348,7 +348,7 @@ } static int add1_headers(OSSL_HTTP_REQ_CTX *rctx, - const STACK_OF(CONF_VALUE) *headers, const char *host) + const STACK_OF(CONF_VALUE) *headers, const char *host) { int i; int add_host = host != NULL && *host != '\0'; @@ -369,11 +369,11 @@ /* Create OSSL_HTTP_REQ_CTX structure using the values provided. */ static OSSL_HTTP_REQ_CTX *http_req_ctx_new(int free_wbio, BIO *wbio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, - void *arg, int use_ssl, - const char *proxy, - const char *server, const char *port, - int buf_size, int overall_timeout) + OSSL_HTTP_bio_cb_t bio_update_fn, + void *arg, int use_ssl, + const char *proxy, + const char *server, const char *port, + int buf_size, int overall_timeout) { OSSL_HTTP_REQ_CTX *rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, buf_size); @@ -384,19 +384,18 @@ rctx->upd_arg = arg; rctx->use_ssl = use_ssl; if (proxy != NULL - && (rctx->proxy = OPENSSL_strdup(proxy)) == NULL) + && (rctx->proxy = OPENSSL_strdup(proxy)) == NULL) goto err; if (server != NULL - && (rctx->server = OPENSSL_strdup(server)) == NULL) + && (rctx->server = OPENSSL_strdup(server)) == NULL) goto err; if (port != NULL - && (rctx->port = OPENSSL_strdup(port)) == NULL) + && (rctx->port = OPENSSL_strdup(port)) == NULL) goto err; - rctx->max_total_time = - overall_timeout > 0 ? time(NULL) + overall_timeout : 0; + rctx->max_total_time = overall_timeout > 0 ? time(NULL) + overall_timeout : 0; return rctx; - err: +err: OSSL_HTTP_REQ_CTX_free(rctx); return NULL; } @@ -472,11 +471,11 @@ ERR_raise_data(ERR_LIB_HTTP, err, "code=%s", code); else ERR_raise_data(ERR_LIB_HTTP, err, "code=%s, reason=%s", code, - reason); + reason); return retcode; } - err: +err: for (i = 0; i < 60 && line[i] != '\0'; i++) if (!ossl_isprint(line[i])) line[i] = ' '; @@ -489,13 +488,13 @@ { if (rctx->max_resp_len != 0 && len > rctx->max_resp_len) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MAX_RESP_LEN_EXCEEDED, - "length=%zu, max=%zu", len, rctx->max_resp_len); + "length=%zu, max=%zu", len, rctx->max_resp_len); return 0; } if (rctx->resp_len != 0 && rctx->resp_len != len) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INCONSISTENT_CONTENT_LENGTH, - "ASN.1 length=%zu, Content-Length=%zu", - len, rctx->resp_len); + "ASN.1 length=%zu, Content-Length=%zu", + len, rctx->resp_len); return 0; } rctx->resp_len = len; @@ -539,7 +538,7 @@ } rctx->redirection_url = NULL; - next_io: +next_io: buf = (char *)rctx->buf; if ((rctx->state & OHS_NOREAD) == 0) { if (rctx->expect_asn1) { @@ -640,7 +639,7 @@ case OHS_REDIRECT: /* Attempt to read a line in */ - next_line: + next_line: /* * Due to strange memory BIO behavior with BIO_gets we have to check * there's a complete line in there before calling BIO_gets or we'll @@ -704,16 +703,16 @@ } if (value != NULL && line_end != NULL) { if (rctx->state == OHS_REDIRECT - && OPENSSL_strcasecmp(key, "Location") == 0) { + && OPENSSL_strcasecmp(key, "Location") == 0) { rctx->redirection_url = value; return 0; } if (rctx->state == OHS_HEADERS && rctx->expected_ct != NULL - && OPENSSL_strcasecmp(key, "Content-Type") == 0) { + && OPENSSL_strcasecmp(key, "Content-Type") == 0) { if (OPENSSL_strcasecmp(rctx->expected_ct, value) != 0) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE, - "expected=%s, actual=%s", - rctx->expected_ct, value); + "expected=%s, actual=%s", + rctx->expected_ct, value); return 0; } found_expected_ct = 1; @@ -729,8 +728,8 @@ resp_len = (size_t)strtoul(value, &line_end, 10); if (line_end == value || *line_end != '\0') { ERR_raise_data(ERR_LIB_HTTP, - HTTP_R_ERROR_PARSING_CONTENT_LENGTH, - "input=%s", value); + HTTP_R_ERROR_PARSING_CONTENT_LENGTH, + "input=%s", value); return 0; } if (!check_set_resp_len(rctx, resp_len)) @@ -747,7 +746,7 @@ goto next_line; if (rctx->keep_alive != 0 /* do not let server initiate keep_alive */ - && !found_keep_alive /* otherwise there is no change */) { + && !found_keep_alive /* otherwise there is no change */) { if (rctx->keep_alive == 2) { rctx->keep_alive = 0; ERR_raise(ERR_LIB_HTTP, HTTP_R_SERVER_CANCELED_CONNECTION); @@ -761,7 +760,7 @@ if (rctx->expected_ct != NULL && !found_expected_ct) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MISSING_CONTENT_TYPE, - "expected=%s", rctx->expected_ct); + "expected=%s", rctx->expected_ct); return 0; } if (rctx->state == OHS_REDIRECT) { @@ -836,7 +835,7 @@ } int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx, - ASN1_VALUE **pval, const ASN1_ITEM *it) + ASN1_VALUE **pval, const ASN1_ITEM *it) { const unsigned char *p; int rv; @@ -846,7 +845,6 @@ return rv; *pval = ASN1_item_d2i(NULL, &p, BIO_get_mem_data(rctx->mem, &p), it); return *pval != NULL; - } #ifndef OPENSSL_NO_SOCK @@ -867,10 +865,10 @@ /* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */ static BIO *http_new_bio(const char *server /* optionally includes ":port" */, - const char *server_port /* explicit server port */, - int use_ssl, - const char *proxy /* optionally includes ":port" */, - const char *proxy_port /* explicit proxy port */) + const char *server_port /* explicit server port */, + int use_ssl, + const char *proxy /* optionally includes ":port" */, + const char *proxy_port /* explicit proxy port */) { const char *host = server; const char *port = server_port; @@ -892,7 +890,7 @@ if (port != NULL) (void)BIO_set_conn_port(cbio, port); - end: +end: return cbio; } #endif /* OPENSSL_NO_SOCK */ @@ -938,10 +936,10 @@ /* Initiate an HTTP session using bio, else use given server, proxy, etc. */ OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port, - const char *proxy, const char *no_proxy, - int use_ssl, BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, int overall_timeout) + const char *proxy, const char *no_proxy, + int use_ssl, BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, int overall_timeout) { BIO *cbio; /* == bio if supplied, used as connection BIO if rbio is NULL */ OSSL_HTTP_REQ_CTX *rctx = NULL; @@ -974,8 +972,8 @@ proxy = OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl); if (proxy != NULL && !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */, - &proxy_host, &proxy_port, NULL /* num */, - NULL /* path */, NULL, NULL)) + &proxy_host, &proxy_port, NULL /* num */, + NULL /* path */, NULL, NULL)) return NULL; cbio = http_new_bio(server, port, use_ssl, proxy_host, proxy_port); OPENSSL_free(proxy_host); @@ -1010,10 +1008,10 @@ } rctx = http_req_ctx_new(bio == NULL, cbio, rbio != NULL ? rbio : cbio, - bio_update_fn, arg, use_ssl, proxy, server, port, - buf_size, overall_timeout); + bio_update_fn, arg, use_ssl, proxy, server, port, + buf_size, overall_timeout); - end: +end: if (rctx != NULL) /* remove any spurious error queue entries by ssl_add_cert_chain() */ (void)ERR_pop_to_mark(); @@ -1024,10 +1022,10 @@ } int OSSL_HTTP_set1_request(OSSL_HTTP_REQ_CTX *rctx, const char *path, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, BIO *req, - const char *expected_content_type, int expect_asn1, - size_t max_resp_len, int timeout, int keep_alive) + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, BIO *req, + const char *expected_content_type, int expect_asn1, + size_t max_resp_len, int timeout, int keep_alive) { int use_http_proxy; @@ -1043,11 +1041,12 @@ rctx->max_resp_len = max_resp_len; /* allows for 0: indefinite */ return OSSL_HTTP_REQ_CTX_set_request_line(rctx, req != NULL, - use_http_proxy ? rctx->server - : NULL, rctx->port, path) + use_http_proxy ? rctx->server + : NULL, + rctx->port, path) && add1_headers(rctx, headers, rctx->server) && OSSL_HTTP_REQ_CTX_set_expected(rctx, expected_content_type, - expect_asn1, timeout, keep_alive) + expect_asn1, timeout, keep_alive) && set1_content(rctx, content_type, req); } @@ -1083,26 +1082,25 @@ int reason = ERR_GET_REASON(err); if (lib == ERR_LIB_SSL || lib == ERR_LIB_HTTP - || (lib == ERR_LIB_BIO && reason == BIO_R_CONNECT_TIMEOUT) - || (lib == ERR_LIB_BIO && reason == BIO_R_CONNECT_ERROR) + || (lib == ERR_LIB_BIO && reason == BIO_R_CONNECT_TIMEOUT) + || (lib == ERR_LIB_BIO && reason == BIO_R_CONNECT_ERROR) #ifndef OPENSSL_NO_CMP - || (lib == ERR_LIB_CMP - && reason == CMP_R_POTENTIALLY_INVALID_CERTIFICATE) + || (lib == ERR_LIB_CMP + && reason == CMP_R_POTENTIALLY_INVALID_CERTIFICATE) #endif - ) { + ) { if (rctx->server != NULL) { BIO_snprintf(buf, sizeof(buf), "server=http%s://%s%s%s", - rctx->use_ssl ? "s" : "", rctx->server, - rctx->port != NULL ? ":" : "", - rctx->port != NULL ? rctx->port : ""); + rctx->use_ssl ? "s" : "", rctx->server, + rctx->port != NULL ? ":" : "", + rctx->port != NULL ? rctx->port : ""); ERR_add_error_data(1, buf); } if (rctx->proxy != NULL) ERR_add_error_data(2, " proxy=", rctx->proxy); if (err == 0) { BIO_snprintf(buf, sizeof(buf), " peer has disconnected%s", - rctx->use_ssl ? " violating the protocol" : - ", likely because it requires the use of TLS"); + rctx->use_ssl ? " violating the protocol" : ", likely because it requires the use of TLS"); ERR_add_error_data(1, buf); } } @@ -1122,8 +1120,7 @@ } if (*new_url == '/') /* redirection to same server => same protocol */ return 1; - if (HAS_PREFIX(old_url, OSSL_HTTPS_NAME":") && - !HAS_PREFIX(new_url, OSSL_HTTPS_NAME":")) { + if (HAS_PREFIX(old_url, OSSL_HTTPS_NAME ":") && !HAS_PREFIX(new_url, OSSL_HTTPS_NAME ":")) { ERR_raise(ERR_LIB_HTTP, HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP); return 0; } @@ -1132,19 +1129,18 @@ /* Get data via HTTP from server at given URL, potentially with redirection */ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, - BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, const STACK_OF(CONF_VALUE) *headers, - const char *expected_ct, int expect_asn1, - size_t max_resp_len, int timeout) + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, const STACK_OF(CONF_VALUE) *headers, + const char *expected_ct, int expect_asn1, + size_t max_resp_len, int timeout) { - char *current_url, *redirection_url = NULL; + char *current_url; int n_redirs = 0; char *host; char *port; char *path; int use_ssl; - OSSL_HTTP_REQ_CTX *rctx = NULL; BIO *resp = NULL; time_t max_time = timeout > 0 ? time(NULL) + timeout : 0; @@ -1156,31 +1152,35 @@ return NULL; for (;;) { + char *redirection_url; + OSSL_HTTP_REQ_CTX *rctx; + if (!OSSL_HTTP_parse_url(current_url, &use_ssl, NULL /* user */, &host, - &port, NULL /* port_num */, &path, NULL, NULL)) + &port, NULL /* port_num */, &path, NULL, NULL)) break; rctx = OSSL_HTTP_open(host, port, proxy, no_proxy, - use_ssl, bio, rbio, bio_update_fn, arg, - buf_size, timeout); + use_ssl, bio, rbio, bio_update_fn, arg, + buf_size, timeout); new_rpath: + redirection_url = NULL; if (rctx != NULL) { if (!OSSL_HTTP_set1_request(rctx, path, headers, - NULL /* content_type */, - NULL /* req */, - expected_ct, expect_asn1, max_resp_len, - -1 /* use same max time (timeout) */, - 0 /* no keep_alive */)) { + NULL /* content_type */, + NULL /* req */, + expected_ct, expect_asn1, max_resp_len, + -1 /* use same max time (timeout) */, + 0 /* no keep_alive */)) { OSSL_HTTP_REQ_CTX_free(rctx); rctx = NULL; - } else { + } else { resp = OSSL_HTTP_exchange(rctx, &redirection_url); - } + } } OPENSSL_free(path); if (resp == NULL && redirection_url != NULL) { if (redirection_ok(++n_redirs, current_url, redirection_url) - && may_still_retry(max_time, &timeout)) { + && may_still_retry(max_time, &timeout)) { (void)BIO_reset(bio); OPENSSL_free(current_url); current_url = redirection_url; @@ -1190,7 +1190,6 @@ OPENSSL_free(host); OPENSSL_free(port); (void)OSSL_HTTP_close(rctx, 1); - rctx = NULL; BIO_free(resp); OPENSSL_free(current_url); return NULL; @@ -1200,7 +1199,6 @@ OPENSSL_free(host); OPENSSL_free(port); (void)OSSL_HTTP_close(rctx, 1); - rctx = NULL; continue; } /* if redirection not allowed, ignore it */ @@ -1210,7 +1208,6 @@ OPENSSL_free(port); if (!OSSL_HTTP_close(rctx, resp != NULL)) { BIO_free(resp); - rctx = NULL; resp = NULL; } break; @@ -1221,29 +1218,29 @@ /* Exchange request and response over a connection managed via |prctx| */ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx, - const char *server, const char *port, - const char *path, int use_ssl, - const char *proxy, const char *no_proxy, - BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, const STACK_OF(CONF_VALUE) *headers, - const char *content_type, BIO *req, - const char *expected_ct, int expect_asn1, - size_t max_resp_len, int timeout, int keep_alive) + const char *server, const char *port, + const char *path, int use_ssl, + const char *proxy, const char *no_proxy, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, const STACK_OF(CONF_VALUE) *headers, + const char *content_type, BIO *req, + const char *expected_ct, int expect_asn1, + size_t max_resp_len, int timeout, int keep_alive) { OSSL_HTTP_REQ_CTX *rctx = prctx == NULL ? NULL : *prctx; BIO *resp = NULL; if (rctx == NULL) { rctx = OSSL_HTTP_open(server, port, proxy, no_proxy, - use_ssl, bio, rbio, bio_update_fn, arg, - buf_size, timeout); + use_ssl, bio, rbio, bio_update_fn, arg, + buf_size, timeout); timeout = -1; /* Already set during opening the connection */ } if (rctx != NULL) { if (OSSL_HTTP_set1_request(rctx, path, headers, content_type, req, - expected_ct, expect_asn1, - max_resp_len, timeout, keep_alive)) + expected_ct, expect_asn1, + max_resp_len, timeout, keep_alive)) resp = OSSL_HTTP_exchange(rctx, NULL); if (resp == NULL || !OSSL_HTTP_is_alive(rctx)) { if (!OSSL_HTTP_close(rctx, resp != NULL)) { @@ -1266,7 +1263,7 @@ /* callback can be used to finish TLS session and free its BIO */ if (rctx != NULL && rctx->upd_fn != NULL) { wbio = (*rctx->upd_fn)(rctx->wbio, rctx->upd_arg, - 0 /* disconnect */, ok); + 0 /* disconnect */, ok); ret = wbio != NULL; if (ret) rctx->wbio = wbio; @@ -1305,8 +1302,8 @@ * to print additional diagnostic information in a user-oriented way. */ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, - const char *proxyuser, const char *proxypass, - int timeout, BIO *bio_err, const char *prog) + const char *proxyuser, const char *proxypass, + int timeout, BIO *bio_err, const char *prog) { #undef BUF_SIZE #define BUF_SIZE (8 * 1024) @@ -1319,7 +1316,7 @@ time_t max_time = timeout > 0 ? time(NULL) + timeout : 0; if (bio == NULL || server == NULL - || (bio_err != NULL && prog == NULL)) { + || (bio_err != NULL && prog == NULL)) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); goto end; } @@ -1332,7 +1329,11 @@ } BIO_push(fbio, bio); - BIO_printf(fbio, "CONNECT %s:%s "HTTP_1_0"\r\n", server, port); + /* Add square brackets around a naked IPv6 address */ + if (server[0] != '[' && strchr(server, ':') != NULL) + BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port); + else + BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port); /* * Workaround for broken proxies which would otherwise close @@ -1351,7 +1352,8 @@ if (proxyauth == NULL) goto end; if (BIO_snprintf(proxyauth, len + 1, "%s:%s", proxyuser, - proxypass != NULL ? proxypass : "") != (int)len) + proxypass != NULL ? proxypass : "") + != (int)len) goto proxy_end; proxyauthenc = base64encode(proxyauth, len); if (proxyauthenc != NULL) { @@ -1380,7 +1382,7 @@ rv = BIO_wait(fbio, max_time, 100 /* milliseconds */); if (rv <= 0) { BIO_printf(bio_err, "%s: HTTP CONNECT %s\n", prog, - rv == 0 ? "timed out" : "failed waiting for data"); + rv == 0 ? "timed out" : "failed waiting for data"); goto end; } @@ -1398,7 +1400,7 @@ if (!HAS_PREFIX(mbuf, HTTP_PREFIX) != 0) { ERR_raise(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR); BIO_printf(bio_err, "%s: HTTP CONNECT failed, non-HTTP response\n", - prog); + prog); /* Wrong protocol, not even HTTP, so stop reading headers */ goto end; } @@ -1406,8 +1408,8 @@ if (!HAS_PREFIX(mbufp, HTTP_VERSION_PATT) != 0) { ERR_raise(ERR_LIB_HTTP, HTTP_R_RECEIVED_WRONG_HTTP_VERSION); BIO_printf(bio_err, - "%s: HTTP CONNECT failed, bad HTTP version %.*s\n", - prog, (int)HTTP_VERSION_STR_LEN, mbufp); + "%s: HTTP CONNECT failed, bad HTTP version %.*s\n", + prog, (int)HTTP_VERSION_STR_LEN, mbufp); goto end; } mbufp += HTTP_VERSION_STR_LEN; @@ -1419,9 +1421,9 @@ read_len--; mbuf[read_len] = '\0'; ERR_raise_data(ERR_LIB_HTTP, HTTP_R_CONNECT_FAILURE, - "reason=%s", mbufp); + "reason=%s", mbufp); BIO_printf(bio_err, "%s: HTTP CONNECT failed, reason=%s\n", - prog, mbufp); + prog, mbufp); goto end; } ret = 1; @@ -1437,7 +1439,7 @@ read_len = BIO_gets(fbio, mbuf, BUF_SIZE); } while (read_len > 2); - end: +end: if (fbio != NULL) { (void)BIO_flush(fbio); BIO_pop(fbio); --- crypto/openssl/crypto/http/http_err.c.orig +++ crypto/openssl/crypto/http/http_err.c @@ -15,59 +15,59 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA HTTP_str_reasons[] = { - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN), - "asn1 len exceeds max resp len"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONNECT_FAILURE), "connect failure"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_ASN1_LENGTH), - "error parsing asn1 length"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_CONTENT_LENGTH), - "error parsing content length"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_URL), "error parsing url"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_RECEIVING), "error receiving"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_SENDING), "error sending"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_FAILED_READING_DATA), - "failed reading data"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_HEADER_PARSE_ERROR), - "header parse error"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INCONSISTENT_CONTENT_LENGTH), - "inconsistent content length"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_PORT_NUMBER), - "invalid port number"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_PATH), "invalid url path"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_SCHEME), - "invalid url scheme"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MAX_RESP_LEN_EXCEEDED), - "max resp len exceeded"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_ASN1_ENCODING), - "missing asn1 encoding"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_CONTENT_TYPE), - "missing content type"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_REDIRECT_LOCATION), - "missing redirect location"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RECEIVED_ERROR), "received error"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RECEIVED_WRONG_HTTP_VERSION), - "received wrong http version"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP), - "redirection from https to http"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_REDIRECTION_NOT_ENABLED), - "redirection not enabled"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RESPONSE_LINE_TOO_LONG), - "response line too long"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RESPONSE_PARSE_ERROR), - "response parse error"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RETRY_TIMEOUT), "retry timeout"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SERVER_CANCELED_CONNECTION), - "server canceled connection"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SOCK_NOT_SUPPORTED), - "sock not supported"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_STATUS_CODE_UNSUPPORTED), - "status code unsupported"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_TLS_NOT_ENABLED), "tls not enabled"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_TOO_MANY_REDIRECTIONS), - "too many redirections"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_UNEXPECTED_CONTENT_TYPE), - "unexpected content type"}, - {0, NULL} + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN), + "asn1 len exceeds max resp len" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONNECT_FAILURE), "connect failure" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_ASN1_LENGTH), + "error parsing asn1 length" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_CONTENT_LENGTH), + "error parsing content length" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_URL), "error parsing url" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_RECEIVING), "error receiving" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_SENDING), "error sending" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_FAILED_READING_DATA), + "failed reading data" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_HEADER_PARSE_ERROR), + "header parse error" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INCONSISTENT_CONTENT_LENGTH), + "inconsistent content length" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_PORT_NUMBER), + "invalid port number" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_PATH), "invalid url path" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_SCHEME), + "invalid url scheme" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MAX_RESP_LEN_EXCEEDED), + "max resp len exceeded" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_ASN1_ENCODING), + "missing asn1 encoding" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_CONTENT_TYPE), + "missing content type" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_REDIRECT_LOCATION), + "missing redirect location" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RECEIVED_ERROR), "received error" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RECEIVED_WRONG_HTTP_VERSION), + "received wrong http version" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP), + "redirection from https to http" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_REDIRECTION_NOT_ENABLED), + "redirection not enabled" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RESPONSE_LINE_TOO_LONG), + "response line too long" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RESPONSE_PARSE_ERROR), + "response parse error" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RETRY_TIMEOUT), "retry timeout" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SERVER_CANCELED_CONNECTION), + "server canceled connection" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SOCK_NOT_SUPPORTED), + "sock not supported" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_STATUS_CODE_UNSUPPORTED), + "status code unsupported" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_TLS_NOT_ENABLED), "tls not enabled" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_TOO_MANY_REDIRECTIONS), + "too many redirections" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_UNEXPECTED_CONTENT_TYPE), + "unexpected content type" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/http/http_lib.c.orig +++ crypto/openssl/crypto/http/http_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,10 +7,10 @@ * https://www.openssl.org/source/license.html */ -#include /* for sscanf() */ +#include /* for sscanf() */ #include #ifndef OPENSSL_NO_SOCK -# include "../bio/bio_local.h" /* for NI_MAXHOST */ +#include "../bio/bio_local.h" /* for NI_MAXHOST */ #endif #include #include @@ -18,7 +18,7 @@ #include #include "internal/cryptlib.h" /* for ossl_assert() */ #ifndef NI_MAXHOST -# define NI_MAXHOST 255 +#define NI_MAXHOST 255 #endif #include "crypto/ctype.h" /* for ossl_isspace() */ @@ -51,10 +51,11 @@ } int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, - char **pport, int *pport_num, - char **ppath, char **pquery, char **pfrag) + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag) { const char *p, *tmp; + const char *authority_end; const char *scheme, *scheme_end; const char *user, *user_end; const char *host, *host_end; @@ -92,7 +93,10 @@ /* parse optional "userinfo@" */ user = user_end = host = p; - host = strchr(p, '@'); + authority_end = strpbrk(p, "/?#"); + if (authority_end == NULL) + authority_end = p + strlen(p); + host = memchr(p, '@', authority_end - p); if (host != NULL) user_end = host++; else @@ -162,11 +166,11 @@ } if (!copy_substring(pscheme, scheme, scheme_end) - || !copy_substring(phost, host, host_end) - || !copy_substring(pport, port, port_end) - || !copy_substring(puser, user, user_end) - || !copy_substring(pquery, query, query_end) - || !copy_substring(pfrag, frag, frag_end)) + || !copy_substring(phost, host, host_end) + || !copy_substring(pport, port, port_end) + || !copy_substring(puser, user, user_end) + || !copy_substring(pquery, query, query_end) + || !copy_substring(pfrag, frag, frag_end)) goto err; if (pport_num != NULL) *pport_num = (int)portnum; @@ -182,10 +186,10 @@ } return 1; - parse_err: +parse_err: ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_URL); - err: +err: free_pstring(pscheme); free_pstring(puser); free_pstring(phost); @@ -197,8 +201,8 @@ } int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, - char **pport, int *pport_num, - char **ppath, char **pquery, char **pfrag) + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag) { char *scheme, *port; int ssl = 0, portnum; @@ -207,7 +211,7 @@ if (pssl != NULL) *pssl = 0; if (!OSSL_parse_url(url, &scheme, puser, phost, &port, pport_num, - ppath, pquery, pfrag)) + ppath, pquery, pfrag)) return 0; /* check for optional HTTP scheme "http[s]" */ @@ -244,7 +248,7 @@ } return 1; - err: +err: free_pstring(puser); free_pstring(phost); free_pstring(ppath); @@ -283,15 +287,15 @@ if (no_proxy != NULL) found = strstr(no_proxy, server); while (found != NULL - && ((found != no_proxy && !ossl_isspace(found[-1]) && found[-1] != ',') - || (found[sl] != '\0' && !ossl_isspace(found[sl]) && found[sl] != ','))) + && ((found != no_proxy && !ossl_isspace(found[-1]) && found[-1] != ',') + || (found[sl] != '\0' && !ossl_isspace(found[sl]) && found[sl] != ','))) found = strstr(found + 1, server); return found == NULL; } /* Take default value from environment variable(s), respect no_proxy */ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, - const char *server, int use_ssl) + const char *server, int use_ssl) { /* * using environment variable names, both lowercase and uppercase variants, --- crypto/openssl/crypto/idea/i_cbc.c.orig +++ crypto/openssl/crypto/idea/i_cbc.c @@ -18,8 +18,8 @@ #include "idea_local.h" void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, - int encrypt) + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int encrypt) { register unsigned long tin0, tin1; register unsigned long tout0, tout1, xor0, xor1; --- crypto/openssl/crypto/idea/i_cfb64.c.orig +++ crypto/openssl/crypto/idea/i_cfb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,8 +24,8 @@ */ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *schedule, - unsigned char *ivec, int *num, int encrypt) + long length, IDEA_KEY_SCHEDULE *schedule, + unsigned char *ivec, int *num, int encrypt) { register unsigned long v0, v1, t; register int n = *num; @@ -37,6 +37,7 @@ *num = -1; return; } + n = n & 0x07; iv = (unsigned char *)ivec; if (encrypt) { --- crypto/openssl/crypto/idea/i_ecb.c.orig +++ crypto/openssl/crypto/idea/i_ecb.c @@ -24,7 +24,7 @@ } void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, - IDEA_KEY_SCHEDULE *ks) + IDEA_KEY_SCHEDULE *ks) { unsigned long l0, l1, d[2]; --- crypto/openssl/crypto/idea/i_ofb64.c.orig +++ crypto/openssl/crypto/idea/i_ofb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,8 +23,8 @@ * used is contained in *num; */ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *schedule, - unsigned char *ivec, int *num) + long length, IDEA_KEY_SCHEDULE *schedule, + unsigned char *ivec, int *num) { register unsigned long v0, v1, t; register int n = *num; @@ -39,6 +39,7 @@ *num = -1; return; } + n = n & 0x07; iv = (unsigned char *)ivec; n2l(iv, v0); --- crypto/openssl/crypto/idea/idea_local.h.orig +++ crypto/openssl/crypto/idea/idea_local.h @@ -7,96 +7,115 @@ * https://www.openssl.org/source/license.html */ -#define idea_mul(r,a,b,ul) \ -ul=(unsigned long)a*b; \ -if (ul != 0) \ - { \ - r=(ul&0xffff)-(ul>>16); \ - r-=((r)>>16); \ - } \ -else \ - r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ +#define idea_mul(r, a, b, ul) \ + ul = (unsigned long)a * b; \ + if (ul != 0) { \ + r = (ul & 0xffff) - (ul >> 16); \ + r -= ((r) >> 16); \ + } else \ + r = (-(int)a - b + 1); /* assuming a or b is 0 and in range */ /* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } +#define n2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))) << 24; \ + /* fall thru */ \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))) << 24; \ + } \ + } /* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } +#define l2nn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + /* fall thru */ \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 8) & 0xff); \ + /* fall thru */ \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 16) & 0xff); \ + /* fall thru */ \ + case 5: \ + *(--(c)) = (unsigned char)(((l2) >> 24) & 0xff); \ + /* fall thru */ \ + case 4: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + /* fall thru */ \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 8) & 0xff); \ + /* fall thru */ \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 16) & 0xff); \ + /* fall thru */ \ + case 1: \ + *(--(c)) = (unsigned char)(((l1) >> 24) & 0xff); \ + } \ + } #undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) +#define n2l(c, l) (l = ((unsigned long)(*((c)++))) << 24L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++)))) #undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) #undef s2n -#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) +#define s2n(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff)) #undef n2s -#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \ - l|=((IDEA_INT)(*((c)++))) ) +#define n2s(c, l) (l = ((IDEA_INT)(*((c)++))) << 8L, \ + l |= ((IDEA_INT)(*((c)++)))) - -#define E_IDEA(num) \ - x1&=0xffff; \ - idea_mul(x1,x1,*p,ul); p++; \ - x2+= *(p++); \ - x3+= *(p++); \ - x4&=0xffff; \ - idea_mul(x4,x4,*p,ul); p++; \ - t0=(x1^x3)&0xffff; \ - idea_mul(t0,t0,*p,ul); p++; \ - t1=(t0+(x2^x4))&0xffff; \ - idea_mul(t1,t1,*p,ul); p++; \ - t0+=t1; \ - x1^=t1; \ - x4^=t0; \ - ul=x2^t0; /* do the swap to x3 */ \ - x2=x3^t1; \ - x3=ul; +#define E_IDEA(num) \ + x1 &= 0xffff; \ + idea_mul(x1, x1, *p, ul); \ + p++; \ + x2 += *(p++); \ + x3 += *(p++); \ + x4 &= 0xffff; \ + idea_mul(x4, x4, *p, ul); \ + p++; \ + t0 = (x1 ^ x3) & 0xffff; \ + idea_mul(t0, t0, *p, ul); \ + p++; \ + t1 = (t0 + (x2 ^ x4)) & 0xffff; \ + idea_mul(t1, t1, *p, ul); \ + p++; \ + t0 += t1; \ + x1 ^= t1; \ + x4 ^= t0; \ + ul = x2 ^ t0; /* do the swap to x3 */ \ + x2 = x3 ^ t1; \ + x3 = ul; --- crypto/openssl/crypto/info.c.orig +++ crypto/openssl/crypto/info.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,13 +16,16 @@ #include "buildinf.h" #if defined(__arm__) || defined(__arm) || defined(__aarch64__) -# include "arm_arch.h" -# define CPU_INFO_STR_LEN 128 +#include "arm_arch.h" +#define CPU_INFO_STR_LEN 128 +#elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC) +#include "crypto/ppc_arch.h" +#define CPU_INFO_STR_LEN 128 #elif defined(__s390__) || defined(__s390x__) -# include "s390x_arch.h" -# define CPU_INFO_STR_LEN 2048 +#include "s390x_arch.h" +#define CPU_INFO_STR_LEN 2048 #else -# define CPU_INFO_STR_LEN 128 +#define CPU_INFO_STR_LEN 128 #endif /* extern declaration to avoid warning */ @@ -38,95 +41,100 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings) { #if defined(OPENSSL_CPUID_OBJ) -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) const char *env; BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), - CPUINFO_PREFIX "OPENSSL_ia32cap=0x%llx:0x%llx", - (unsigned long long)OPENSSL_ia32cap_P[0] | - (unsigned long long)OPENSSL_ia32cap_P[1] << 32, - (unsigned long long)OPENSSL_ia32cap_P[2] | - (unsigned long long)OPENSSL_ia32cap_P[3] << 32); + CPUINFO_PREFIX "OPENSSL_ia32cap=0x%llx:0x%llx", + (unsigned long long)OPENSSL_ia32cap_P[0] | (unsigned long long)OPENSSL_ia32cap_P[1] << 32, + (unsigned long long)OPENSSL_ia32cap_P[2] | (unsigned long long)OPENSSL_ia32cap_P[3] << 32); if ((env = getenv("OPENSSL_ia32cap")) != NULL) BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), - sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), - " env:%s", env); -# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); +#elif defined(__arm__) || defined(__arm) || defined(__aarch64__) const char *env; BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), - CPUINFO_PREFIX "OPENSSL_armcap=0x%x", OPENSSL_armcap_P); + CPUINFO_PREFIX "OPENSSL_armcap=0x%x", OPENSSL_armcap_P); if ((env = getenv("OPENSSL_armcap")) != NULL) BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), - sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), - " env:%s", env); -# elif defined(__s390__) || defined(__s390x__) + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); +#elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC) const char *env; BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), - CPUINFO_PREFIX "OPENSSL_s390xcap=" - "stfle:0x%llx:0x%llx:0x%llx:0x%llx:" - "kimd:0x%llx:0x%llx:" - "klmd:0x%llx:0x%llx:" - "km:0x%llx:0x%llx:" - "kmc:0x%llx:0x%llx:" - "kmac:0x%llx:0x%llx:" - "kmctr:0x%llx:0x%llx:" - "kmo:0x%llx:0x%llx:" - "kmf:0x%llx:0x%llx:" - "prno:0x%llx:0x%llx:" - "kma:0x%llx:0x%llx:" - "pcc:0x%llx:0x%llx:" - "kdsa:0x%llx:0x%llx", - OPENSSL_s390xcap_P.stfle[0], OPENSSL_s390xcap_P.stfle[1], - OPENSSL_s390xcap_P.stfle[2], OPENSSL_s390xcap_P.stfle[3], - OPENSSL_s390xcap_P.kimd[0], OPENSSL_s390xcap_P.kimd[1], - OPENSSL_s390xcap_P.klmd[0], OPENSSL_s390xcap_P.klmd[1], - OPENSSL_s390xcap_P.km[0], OPENSSL_s390xcap_P.km[1], - OPENSSL_s390xcap_P.kmc[0], OPENSSL_s390xcap_P.kmc[1], - OPENSSL_s390xcap_P.kmac[0], OPENSSL_s390xcap_P.kmac[1], - OPENSSL_s390xcap_P.kmctr[0], OPENSSL_s390xcap_P.kmctr[1], - OPENSSL_s390xcap_P.kmo[0], OPENSSL_s390xcap_P.kmo[1], - OPENSSL_s390xcap_P.kmf[0], OPENSSL_s390xcap_P.kmf[1], - OPENSSL_s390xcap_P.prno[0], OPENSSL_s390xcap_P.prno[1], - OPENSSL_s390xcap_P.kma[0], OPENSSL_s390xcap_P.kma[1], - OPENSSL_s390xcap_P.pcc[0], OPENSSL_s390xcap_P.pcc[1], - OPENSSL_s390xcap_P.kdsa[0], OPENSSL_s390xcap_P.kdsa[1]); + CPUINFO_PREFIX "OPENSSL_ppccap=0x%x", OPENSSL_ppccap_P); + if ((env = getenv("OPENSSL_ppccap")) != NULL) + BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); +#elif defined(__s390__) || defined(__s390x__) + const char *env; + + BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), + CPUINFO_PREFIX "OPENSSL_s390xcap=" + "stfle:0x%llx:0x%llx:0x%llx:0x%llx:" + "kimd:0x%llx:0x%llx:" + "klmd:0x%llx:0x%llx:" + "km:0x%llx:0x%llx:" + "kmc:0x%llx:0x%llx:" + "kmac:0x%llx:0x%llx:" + "kmctr:0x%llx:0x%llx:" + "kmo:0x%llx:0x%llx:" + "kmf:0x%llx:0x%llx:" + "prno:0x%llx:0x%llx:" + "kma:0x%llx:0x%llx:" + "pcc:0x%llx:0x%llx:" + "kdsa:0x%llx:0x%llx", + OPENSSL_s390xcap_P.stfle[0], OPENSSL_s390xcap_P.stfle[1], + OPENSSL_s390xcap_P.stfle[2], OPENSSL_s390xcap_P.stfle[3], + OPENSSL_s390xcap_P.kimd[0], OPENSSL_s390xcap_P.kimd[1], + OPENSSL_s390xcap_P.klmd[0], OPENSSL_s390xcap_P.klmd[1], + OPENSSL_s390xcap_P.km[0], OPENSSL_s390xcap_P.km[1], + OPENSSL_s390xcap_P.kmc[0], OPENSSL_s390xcap_P.kmc[1], + OPENSSL_s390xcap_P.kmac[0], OPENSSL_s390xcap_P.kmac[1], + OPENSSL_s390xcap_P.kmctr[0], OPENSSL_s390xcap_P.kmctr[1], + OPENSSL_s390xcap_P.kmo[0], OPENSSL_s390xcap_P.kmo[1], + OPENSSL_s390xcap_P.kmf[0], OPENSSL_s390xcap_P.kmf[1], + OPENSSL_s390xcap_P.prno[0], OPENSSL_s390xcap_P.prno[1], + OPENSSL_s390xcap_P.kma[0], OPENSSL_s390xcap_P.kma[1], + OPENSSL_s390xcap_P.pcc[0], OPENSSL_s390xcap_P.pcc[1], + OPENSSL_s390xcap_P.kdsa[0], OPENSSL_s390xcap_P.kdsa[1]); if ((env = getenv("OPENSSL_s390xcap")) != NULL) BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), - sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), - " env:%s", env); -# endif + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); +#endif #endif { static char seeds[512] = ""; -#define add_seeds_string(str) \ - do { \ - if (seeds[0] != '\0') \ - OPENSSL_strlcat(seeds, " ", sizeof(seeds)); \ - OPENSSL_strlcat(seeds, str, sizeof(seeds)); \ - } while (0) -#define add_seeds_stringlist(label, strlist) \ - do { \ - add_seeds_string(label "("); \ - { \ - const char *dev[] = { strlist, NULL }; \ - const char **p; \ - int first = 1; \ - \ - for (p = dev; *p != NULL; p++) { \ - if (!first) \ - OPENSSL_strlcat(seeds, " ", sizeof(seeds)); \ - first = 0; \ - OPENSSL_strlcat(seeds, *p, sizeof(seeds)); \ - } \ - } \ - OPENSSL_strlcat(seeds, ")", sizeof(seeds)); \ - } while (0) +#define add_seeds_string(str) \ + do { \ + if (seeds[0] != '\0') \ + OPENSSL_strlcat(seeds, " ", sizeof(seeds)); \ + OPENSSL_strlcat(seeds, str, sizeof(seeds)); \ + } while (0) +#define add_seeds_stringlist(label, strlist) \ + do { \ + add_seeds_string(label "("); \ + { \ + const char *dev[] = { strlist, NULL }; \ + const char **p; \ + int first = 1; \ + \ + for (p = dev; *p != NULL; p++) { \ + if (!first) \ + OPENSSL_strlcat(seeds, " ", sizeof(seeds)); \ + first = 0; \ + OPENSSL_strlcat(seeds, *p, sizeof(seeds)); \ + } \ + } \ + OPENSSL_strlcat(seeds, ")", sizeof(seeds)); \ + } while (0) #ifdef OPENSSL_RAND_SEED_NONE add_seeds_string("none"); @@ -180,14 +188,13 @@ return "\\"; #elif defined(__VMS) return ""; -#else /* Assume POSIX */ +#else /* Assume POSIX */ return "/"; #endif - case OPENSSL_INFO_LIST_SEPARATOR: - { - static const char list_sep[] = { LIST_SEPARATOR_CHAR, '\0' }; - return list_sep; - } + case OPENSSL_INFO_LIST_SEPARATOR: { + static const char list_sep[] = { LIST_SEPARATOR_CHAR, '\0' }; + return list_sep; + } case OPENSSL_INFO_SEED_SOURCE: return seed_sources; case OPENSSL_INFO_CPU_SETTINGS: --- crypto/openssl/crypto/init.c.orig +++ crypto/openssl/crypto/init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,26 +98,26 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit) { #ifndef OPENSSL_NO_ATEXIT -# ifdef OPENSSL_INIT_DEBUG +#ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n"); -# endif -# ifndef OPENSSL_SYS_UEFI -# if defined(_WIN32) && !defined(__BORLANDC__) +#endif +#ifndef OPENSSL_SYS_UEFI +#if defined(_WIN32) && !defined(__BORLANDC__) /* We use _onexit() in preference because it gets called on DLL unload */ if (_onexit(win32atexit) == NULL) return 0; -# else +#else if (atexit(OPENSSL_cleanup) != 0) return 0; -# endif -# endif +#endif +#endif #endif return 1; } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit, - ossl_init_register_atexit) + ossl_init_register_atexit) { #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n"); @@ -133,23 +133,23 @@ #if !defined(OPENSSL_USE_NODELETE) \ && !defined(OPENSSL_NO_PINSHARED) -# if defined(DSO_WIN32) && !defined(_WIN32_WCE) +#if defined(DSO_WIN32) && !defined(_WIN32_WCE) { HMODULE handle = NULL; BOOL ret; /* We don't use the DSO route for WIN32 because there is a better way */ ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS - | GET_MODULE_HANDLE_EX_FLAG_PIN, - (void *)&base_inited, &handle); + | GET_MODULE_HANDLE_EX_FLAG_PIN, + (void *)&base_inited, &handle); OSSL_TRACE1(INIT, - "ossl_init_load_crypto_nodelete: " - "obtained DSO reference? %s\n", - (ret == TRUE ? "No!" : "Yes.")); + "ossl_init_load_crypto_nodelete: " + "obtained DSO reference? %s\n", + (ret == TRUE ? "No!" : "Yes.")); return (ret == TRUE) ? 1 : 0; } -# elif !defined(DSO_NONE) +#elif !defined(DSO_NONE) /* * Deliberately leak a reference to ourselves. This will force the library * to remain loaded until the atexit() handler is run at process exit. @@ -168,11 +168,11 @@ * already. */ OSSL_TRACE1(INIT, "obtained DSO reference? %s\n", - (dso == NULL ? "No!" : "Yes.")); + (dso == NULL ? "No!" : "Yes.")); DSO_free(dso); err_unshelve_state(err); } -# endif +#endif #endif return 1; @@ -195,7 +195,7 @@ } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings, - ossl_init_load_crypto_strings) + ossl_init_load_crypto_strings) { /* Do nothing in this case */ return 1; @@ -216,7 +216,7 @@ } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers, - ossl_init_add_all_ciphers) + ossl_init_add_all_ciphers) { /* Do nothing */ return 1; @@ -237,34 +237,31 @@ } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests, - ossl_init_add_all_digests) + ossl_init_add_all_digests) { /* Do nothing */ return 1; } static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; -static int config_inited = 0; static const OPENSSL_INIT_SETTINGS *conf_settings = NULL; DEFINE_RUN_ONCE_STATIC(ossl_init_config) { int ret = ossl_config_int(NULL); - config_inited = 1; return ret; } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config) { int ret = ossl_config_int(conf_settings); - config_inited = 1; return ret; } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config) { OSSL_TRACE(INIT, "ossl_no_config_int()\n"); ossl_no_config_int(); - config_inited = 1; + return 1; } @@ -287,7 +284,7 @@ engine_load_openssl_int(); return 1; } -# ifndef OPENSSL_NO_RDRAND +#ifndef OPENSSL_NO_RDRAND static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand) { @@ -295,7 +292,7 @@ engine_load_rdrand_int(); return 1; } -# endif +#endif static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic) { @@ -303,8 +300,8 @@ engine_load_dynamic_int(); return 1; } -# ifndef OPENSSL_NO_STATIC_ENGINE -# ifndef OPENSSL_NO_DEVCRYPTOENG +#ifndef OPENSSL_NO_STATIC_ENGINE +#ifndef OPENSSL_NO_DEVCRYPTOENG static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto) { @@ -312,8 +309,8 @@ engine_load_devcrypto_int(); return 1; } -# endif -# if !defined(OPENSSL_NO_PADLOCKENG) +#endif +#if !defined(OPENSSL_NO_PADLOCKENG) static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock) { @@ -321,8 +318,8 @@ engine_load_padlock_int(); return 1; } -# endif -# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) +#endif +#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi) { @@ -330,8 +327,8 @@ engine_load_capi_int(); return 1; } -# endif -# if !defined(OPENSSL_NO_AFALGENG) +#endif +#if !defined(OPENSSL_NO_AFALGENG) static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) { @@ -339,8 +336,8 @@ engine_load_afalg_int(); return 1; } -# endif -# endif +#endif +#endif #endif void OPENSSL_cleanup(void) @@ -466,7 +463,7 @@ uint64_t tmp; int aloaddone = 0; - /* Applications depend on 0 being returned when cleanup was already done */ + /* Applications depend on 0 being returned when cleanup was already done */ if (stopped) { if (!(opts & OPENSSL_INIT_BASE_ONLY)) ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL); @@ -532,7 +529,7 @@ */ if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) { if (!RUN_ONCE_ALT(®ister_atexit, ossl_init_no_register_atexit, - ossl_init_register_atexit)) + ossl_init_register_atexit)) return 0; } else if (!RUN_ONCE(®ister_atexit, ossl_init_register_atexit)) { return 0; @@ -542,39 +539,39 @@ return 0; if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) - && !RUN_ONCE_ALT(&load_crypto_strings, - ossl_init_no_load_crypto_strings, - ossl_init_load_crypto_strings)) + && !RUN_ONCE_ALT(&load_crypto_strings, + ossl_init_no_load_crypto_strings, + ossl_init_load_crypto_strings)) return 0; if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS) - && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings)) + && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings)) return 0; if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS) - && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers, - ossl_init_add_all_ciphers)) + && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers, + ossl_init_add_all_ciphers)) return 0; if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS) - && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers)) + && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers)) return 0; if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS) - && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests, - ossl_init_add_all_digests)) + && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests, + ossl_init_add_all_digests)) return 0; if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS) - && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) + && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) return 0; if ((opts & OPENSSL_INIT_ATFORK) - && !openssl_init_fork_handlers()) + && !openssl_init_fork_handlers()) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) - && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config)) + && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config)) return 0; if (opts & OPENSSL_INIT_LOAD_CONFIG) { @@ -593,7 +590,7 @@ return 0; conf_settings = settings; ret = RUN_ONCE_ALT(&config, ossl_init_config_settings, - ossl_init_config); + ossl_init_config); conf_settings = NULL; CRYPTO_THREAD_unlock(init_lock); } @@ -604,46 +601,44 @@ } if ((opts & OPENSSL_INIT_ASYNC) - && !RUN_ONCE(&async, ossl_init_async)) + && !RUN_ONCE(&async, ossl_init_async)) return 0; #ifndef OPENSSL_NO_ENGINE if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) - && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) + && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) return 0; -# ifndef OPENSSL_NO_RDRAND +#ifndef OPENSSL_NO_RDRAND if ((opts & OPENSSL_INIT_ENGINE_RDRAND) - && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) + && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) return 0; -# endif +#endif if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC) - && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) + && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) return 0; -# ifndef OPENSSL_NO_STATIC_ENGINE -# ifndef OPENSSL_NO_DEVCRYPTOENG +#ifndef OPENSSL_NO_STATIC_ENGINE +#ifndef OPENSSL_NO_DEVCRYPTOENG if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) - && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) + && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) return 0; -# endif -# if !defined(OPENSSL_NO_PADLOCKENG) +#endif +#if !defined(OPENSSL_NO_PADLOCKENG) if ((opts & OPENSSL_INIT_ENGINE_PADLOCK) - && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) + && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) return 0; -# endif -# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) +#endif +#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) if ((opts & OPENSSL_INIT_ENGINE_CAPI) - && !RUN_ONCE(&engine_capi, ossl_init_engine_capi)) + && !RUN_ONCE(&engine_capi, ossl_init_engine_capi)) return 0; -# endif -# if !defined(OPENSSL_NO_AFALGENG) +#endif +#if !defined(OPENSSL_NO_AFALGENG) if ((opts & OPENSSL_INIT_ENGINE_AFALG) - && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg)) + && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg)) return 0; -# endif -# endif - if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_ENGINE_OPENSSL - | OPENSSL_INIT_ENGINE_AFALG)) { +#endif +#endif + if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_ENGINE_OPENSSL | OPENSSL_INIT_ENGINE_AFALG)) { ENGINE_register_all_complete(); } #endif @@ -658,10 +653,10 @@ { OPENSSL_INIT_STOP *newhand; -#if !defined(OPENSSL_USE_NODELETE)\ +#if !defined(OPENSSL_USE_NODELETE) \ && !defined(OPENSSL_NO_PINSHARED) { -# if defined(DSO_WIN32) && !defined(_WIN32_WCE) +#if defined(DSO_WIN32) && !defined(_WIN32_WCE) HMODULE handle = NULL; BOOL ret; union { @@ -676,12 +671,12 @@ * way */ ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS - | GET_MODULE_HANDLE_EX_FLAG_PIN, - handlersym.sym, &handle); + | GET_MODULE_HANDLE_EX_FLAG_PIN, + handlersym.sym, &handle); if (!ret) return 0; -# elif !defined(DSO_NONE) +#elif !defined(DSO_NONE) /* * Deliberately leak a reference to the handler. This will force the * library/code containing the handler to remain loaded until we run the @@ -700,11 +695,11 @@ dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); /* See same code above in ossl_init_base() for an explanation. */ OSSL_TRACE1(INIT, - "atexit: obtained DSO reference? %s\n", - (dso == NULL ? "No!" : "Yes.")); + "atexit: obtained DSO reference? %s\n", + (dso == NULL ? "No!" : "Yes.")); DSO_free(dso); ERR_pop_to_mark(); -# endif +#endif } #endif @@ -719,4 +714,3 @@ return 1; } - --- crypto/openssl/crypto/initthread.c.orig +++ crypto/openssl/crypto/initthread.c @@ -82,10 +82,10 @@ #endif #ifndef FIPS_MODULE -static int init_thread_push_handlers(THREAD_EVENT_HANDLER **hands); +static int init_thread_push_handlers(THREAD_EVENT_HANDLER **hands); static void init_thread_remove_handlers(THREAD_EVENT_HANDLER **handsin); static void init_thread_destructor(void *hands); -static int init_thread_deregister(void *arg, int all); +static int init_thread_deregister(void *arg, int all); #endif static void init_thread_stop(void *arg, THREAD_EVENT_HANDLER **hands); @@ -201,7 +201,7 @@ int ossl_init_thread(void) { if (!CRYPTO_THREAD_init_local(&destructor_key.value, - init_thread_destructor)) + init_thread_destructor)) return 0; return 1; @@ -256,7 +256,7 @@ if (tlocal == NULL) return NULL; - if (!CRYPTO_THREAD_init_local(tlocal, NULL)) { + if (!CRYPTO_THREAD_init_local(tlocal, NULL)) { goto err; } @@ -268,7 +268,7 @@ goto err; return tlocal; - err: +err: OPENSSL_free(hands); OPENSSL_free(tlocal); return NULL; @@ -295,7 +295,7 @@ THREAD_EVENT_HANDLER **hands; CRYPTO_THREAD_LOCAL *local = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX, - &thread_event_ossl_ctx_method); + &thread_event_ossl_ctx_method); if (local == NULL) return; @@ -305,7 +305,6 @@ } #endif /* FIPS_MODULE */ - static void init_thread_stop(void *arg, THREAD_EVENT_HANDLER **hands) { THREAD_EVENT_HANDLER *curr, *prev = NULL, *tmp; @@ -350,7 +349,7 @@ } int ossl_init_thread_start(const void *index, void *arg, - OSSL_thread_stop_handler_fn handfn) + OSSL_thread_stop_handler_fn handfn) { THREAD_EVENT_HANDLER **hands; THREAD_EVENT_HANDLER *hand; @@ -364,7 +363,7 @@ */ CRYPTO_THREAD_LOCAL *local = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX, - &thread_event_ossl_ctx_method); + &thread_event_ossl_ctx_method); #else /* * Outside of FIPS mode the list of THREAD_EVENT_HANDLERs is unique per @@ -387,7 +386,7 @@ * is a callback to libcrypto defined in fipsprov.c */ if (!c_thread_start(FIPS_get_core_handle(ctx), ossl_arg_thread_stop, - ctx)) + ctx)) return 0; } #endif --- crypto/openssl/crypto/lhash/lh_stats.c.orig +++ crypto/openssl/crypto/lhash/lh_stats.c @@ -20,7 +20,7 @@ #include #include "lhash_local.h" -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) { BIO *bp; @@ -57,13 +57,13 @@ BIO_free(bp); } -# endif +#endif void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) { BIO_printf(out, "num_items = %lu\n", lh->num_items); - BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); - BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); + BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); + BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); BIO_printf(out, "num_expands = 0\n"); BIO_printf(out, "num_expand_reallocs = 0\n"); BIO_printf(out, "num_contracts = 0\n"); @@ -111,7 +111,7 @@ if (n_used == 0) return; BIO_printf(out, "load %d.%02d actual load %d.%02d\n", - (int)(total / lh->num_nodes), - (int)((total % lh->num_nodes) * 100 / lh->num_nodes), - (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); + (int)(total / lh->num_nodes), + (int)((total % lh->num_nodes) * 100 / lh->num_nodes), + (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); } --- crypto/openssl/crypto/lhash/lhash.c.orig +++ crypto/openssl/crypto/lhash/lhash.c @@ -36,9 +36,9 @@ */ #undef MIN_NODES -#define MIN_NODES 16 -#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ -#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ +#define MIN_NODES 16 +#define UP_LOAD (2 * LH_LOAD_MULT) /* load times 256 (default 2) */ +#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ static int expand(OPENSSL_LHASH *lh); static void contract(OPENSSL_LHASH *lh); @@ -112,7 +112,7 @@ lh->error = 0; if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh)) - return NULL; /* 'lh->error++' already done in 'expand' */ + return NULL; /* 'lh->error++' already done in 'expand' */ rn = getrn(lh, data, &hash); @@ -127,7 +127,7 @@ *rn = nn; ret = NULL; lh->num_items++; - } else { /* replace same key */ + } else { /* replace same key */ ret = (*rn)->data; (*rn)->data = data; } @@ -153,8 +153,7 @@ } lh->num_items--; - if ((lh->num_nodes > MIN_NODES) && - (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))) + if ((lh->num_nodes > MIN_NODES) && (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))) contract(lh); return ret; @@ -174,8 +173,8 @@ } static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, - OPENSSL_LH_DOALL_FUNC func, - OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg) + OPENSSL_LH_DOALL_FUNC func, + OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg) { int i; OPENSSL_LH_NODE *a, *n; @@ -262,7 +261,7 @@ lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */ if (lh->p == 0) { n = OPENSSL_realloc(lh->b, - (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax)); + (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax)); if (n == NULL) { /* fputs("realloc error in lhash",stderr); */ lh->error++; @@ -288,13 +287,13 @@ } static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, - const void *data, unsigned long *rhash) + const void *data, unsigned long *rhash) { OPENSSL_LH_NODE **ret, *n1; unsigned long hash, nn; OPENSSL_LH_COMPFUNC cf; - hash = (*(lh->hash)) (data); + hash = (*(lh->hash))(data); *rhash = hash; nn = hash % lh->pmax; --- crypto/openssl/crypto/lhash/lhash_local.h.orig +++ crypto/openssl/crypto/lhash/lhash_local.h @@ -24,8 +24,8 @@ unsigned int num_alloc_nodes; unsigned int p; unsigned int pmax; - unsigned long up_load; /* load times 256 */ - unsigned long down_load; /* load times 256 */ + unsigned long up_load; /* load times 256 */ + unsigned long down_load; /* load times 256 */ unsigned long num_items; int error; }; --- crypto/openssl/crypto/md2/md2_dgst.c.orig +++ crypto/openssl/crypto/md2/md2_dgst.c @@ -24,7 +24,7 @@ * Implemented from RFC1319 The MD2 Message-Digest Algorithm */ -#define UCHAR unsigned char +#define UCHAR unsigned char static void md2_block(MD2_CTX *c, const unsigned char *d); /* @@ -32,38 +32,262 @@ * a random byte string. */ static const MD2_INT S[256] = { - 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, - 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, - 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, - 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, - 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, - 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, - 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, - 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, - 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, - 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, - 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, - 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, - 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, - 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, - 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, - 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, - 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, - 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, - 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, - 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, - 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, - 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, - 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, - 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, - 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, - 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, - 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, - 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, - 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, - 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, - 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, - 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, + 0x29, + 0x2E, + 0x43, + 0xC9, + 0xA2, + 0xD8, + 0x7C, + 0x01, + 0x3D, + 0x36, + 0x54, + 0xA1, + 0xEC, + 0xF0, + 0x06, + 0x13, + 0x62, + 0xA7, + 0x05, + 0xF3, + 0xC0, + 0xC7, + 0x73, + 0x8C, + 0x98, + 0x93, + 0x2B, + 0xD9, + 0xBC, + 0x4C, + 0x82, + 0xCA, + 0x1E, + 0x9B, + 0x57, + 0x3C, + 0xFD, + 0xD4, + 0xE0, + 0x16, + 0x67, + 0x42, + 0x6F, + 0x18, + 0x8A, + 0x17, + 0xE5, + 0x12, + 0xBE, + 0x4E, + 0xC4, + 0xD6, + 0xDA, + 0x9E, + 0xDE, + 0x49, + 0xA0, + 0xFB, + 0xF5, + 0x8E, + 0xBB, + 0x2F, + 0xEE, + 0x7A, + 0xA9, + 0x68, + 0x79, + 0x91, + 0x15, + 0xB2, + 0x07, + 0x3F, + 0x94, + 0xC2, + 0x10, + 0x89, + 0x0B, + 0x22, + 0x5F, + 0x21, + 0x80, + 0x7F, + 0x5D, + 0x9A, + 0x5A, + 0x90, + 0x32, + 0x27, + 0x35, + 0x3E, + 0xCC, + 0xE7, + 0xBF, + 0xF7, + 0x97, + 0x03, + 0xFF, + 0x19, + 0x30, + 0xB3, + 0x48, + 0xA5, + 0xB5, + 0xD1, + 0xD7, + 0x5E, + 0x92, + 0x2A, + 0xAC, + 0x56, + 0xAA, + 0xC6, + 0x4F, + 0xB8, + 0x38, + 0xD2, + 0x96, + 0xA4, + 0x7D, + 0xB6, + 0x76, + 0xFC, + 0x6B, + 0xE2, + 0x9C, + 0x74, + 0x04, + 0xF1, + 0x45, + 0x9D, + 0x70, + 0x59, + 0x64, + 0x71, + 0x87, + 0x20, + 0x86, + 0x5B, + 0xCF, + 0x65, + 0xE6, + 0x2D, + 0xA8, + 0x02, + 0x1B, + 0x60, + 0x25, + 0xAD, + 0xAE, + 0xB0, + 0xB9, + 0xF6, + 0x1C, + 0x46, + 0x61, + 0x69, + 0x34, + 0x40, + 0x7E, + 0x0F, + 0x55, + 0x47, + 0xA3, + 0x23, + 0xDD, + 0x51, + 0xAF, + 0x3A, + 0xC3, + 0x5C, + 0xF9, + 0xCE, + 0xBA, + 0xC5, + 0xEA, + 0x26, + 0x2C, + 0x53, + 0x0D, + 0x6E, + 0x85, + 0x28, + 0x84, + 0x09, + 0xD3, + 0xDF, + 0xCD, + 0xF4, + 0x41, + 0x81, + 0x4D, + 0x52, + 0x6A, + 0xDC, + 0x37, + 0xC8, + 0x6C, + 0xC1, + 0xAB, + 0xFA, + 0x24, + 0xE1, + 0x7B, + 0x08, + 0x0C, + 0xBD, + 0xB1, + 0x4A, + 0x78, + 0x88, + 0x95, + 0x8B, + 0xE3, + 0x63, + 0xE8, + 0x6D, + 0xE9, + 0xCB, + 0xD5, + 0xFE, + 0x3B, + 0x00, + 0x1D, + 0x39, + 0xF2, + 0xEF, + 0xB7, + 0x0E, + 0x66, + 0x58, + 0xD0, + 0xE4, + 0xA6, + 0x77, + 0x72, + 0xF8, + 0xEB, + 0x75, + 0x4B, + 0x0A, + 0x31, + 0x44, + 0x50, + 0xB4, + 0x8F, + 0xED, + 0x1F, + 0x1A, + 0xDB, + 0x99, + 0x8D, + 0x33, + 0x9F, + 0x11, + 0x83, + 0x14, }; const char *MD2_options(void) @@ -164,16 +388,16 @@ p2 = c->cksm; v = MD2_BLOCK - c->num; for (i = c->num; i < MD2_BLOCK; i++) - cp[i] = (UCHAR) v; + cp[i] = (UCHAR)v; md2_block(c, cp); for (i = 0; i < MD2_BLOCK; i++) - cp[i] = (UCHAR) p2[i]; + cp[i] = (UCHAR)p2[i]; md2_block(c, cp); for (i = 0; i < 16; i++) - md[i] = (UCHAR) (p1[i] & 0xff); + md[i] = (UCHAR)(p1[i] & 0xff); OPENSSL_cleanse(c, sizeof(*c)); return 1; } --- crypto/openssl/crypto/md4/md4_dgst.c.orig +++ crypto/openssl/crypto/md4/md4_dgst.c @@ -37,22 +37,22 @@ } #ifndef md4_block_data_order -# ifdef X -# undef X -# endif +#ifdef X +#undef X +#endif void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) { const unsigned char *data = data_; register unsigned MD32_REG_T A, B, C, D, l; -# ifndef MD32_XARRAY +#ifndef MD32_XARRAY /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# define X(i) XX##i -# else +#define X(i) XX##i +#else MD4_LONG XX[MD4_LBLOCK]; -# define X(i) XX[i] -# endif +#define X(i) XX[i] +#endif A = c->A; B = c->B; --- crypto/openssl/crypto/md4/md4_local.h.orig +++ crypto/openssl/crypto/md4/md4_local.h @@ -16,20 +16,25 @@ #define DATA_ORDER_IS_LITTLE_ENDIAN -#define HASH_LONG MD4_LONG -#define HASH_CTX MD4_CTX -#define HASH_CBLOCK MD4_CBLOCK -#define HASH_UPDATE MD4_Update -#define HASH_TRANSFORM MD4_Transform -#define HASH_FINAL MD4_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER md4_block_data_order +#define HASH_LONG MD4_LONG +#define HASH_CTX MD4_CTX +#define HASH_CBLOCK MD4_CBLOCK +#define HASH_UPDATE MD4_Update +#define HASH_TRANSFORM MD4_Transform +#define HASH_FINAL MD4_Final +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned long ll; \ + ll = (c)->A; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->B; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->C; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->D; \ + (void)HOST_l2c(ll, (s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER md4_block_data_order #include "crypto/md32_common.h" @@ -43,18 +48,24 @@ * below. Wei attributes these optimizations to Peter Gutmann's SHS code, * and he attributes it to Rich Schroeppel. */ -#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) -#define H(b,c,d) ((b) ^ (c) ^ (d)) +#define F(b, c, d) ((((c) ^ (d)) & (b)) ^ (d)) +#define G(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) +#define H(b, c, d) ((b) ^ (c) ^ (d)) -#define R0(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+F((b),(c),(d))); \ - a=ROTATE(a,s); }; +#define R0(a, b, c, d, k, s, t) \ + { \ + a += ((k) + (t) + F((b), (c), (d))); \ + a = ROTATE(a, s); \ + }; -#define R1(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); }; +#define R1(a, b, c, d, k, s, t) \ + { \ + a += ((k) + (t) + G((b), (c), (d))); \ + a = ROTATE(a, s); \ + }; -#define R2(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+H((b),(c),(d))); \ - a=ROTATE(a,s); }; +#define R2(a, b, c, d, k, s, t) \ + { \ + a += ((k) + (t) + H((b), (c), (d))); \ + a = ROTATE(a, s); \ + }; --- crypto/openssl/crypto/md4/md4_one.c.orig +++ crypto/openssl/crypto/md4/md4_one.c @@ -19,7 +19,7 @@ #include #ifdef CHARSET_EBCDIC -# include +#include #endif unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) --- crypto/openssl/crypto/md5/md5_dgst.c.orig +++ crypto/openssl/crypto/md5/md5_dgst.c @@ -37,22 +37,22 @@ } #ifndef md5_block_data_order -# ifdef X -# undef X -# endif +#ifdef X +#undef X +#endif void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) { const unsigned char *data = data_; register unsigned MD32_REG_T A, B, C, D, l; -# ifndef MD32_XARRAY +#ifndef MD32_XARRAY /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# define X(i) XX##i -# else +#define X(i) XX##i +#else MD5_LONG XX[MD5_LBLOCK]; -# define X(i) XX[i] -# endif +#define X(i) XX[i] +#endif A = c->A; B = c->B; --- crypto/openssl/crypto/md5/md5_local.h.orig +++ crypto/openssl/crypto/md5/md5_local.h @@ -13,34 +13,38 @@ #include #ifdef MD5_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -# define md5_block_data_order ossl_md5_block_asm_data_order -# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) -# define md5_block_data_order ossl_md5_block_asm_data_order -# elif defined(__sparc) || defined(__sparc__) -# define md5_block_data_order ossl_md5_block_asm_data_order -# endif +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +#define md5_block_data_order ossl_md5_block_asm_data_order +#elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) +#define md5_block_data_order ossl_md5_block_asm_data_order +#elif defined(__sparc) || defined(__sparc__) +#define md5_block_data_order ossl_md5_block_asm_data_order +#endif #endif void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); #define DATA_ORDER_IS_LITTLE_ENDIAN -#define HASH_LONG MD5_LONG -#define HASH_CTX MD5_CTX -#define HASH_CBLOCK MD5_CBLOCK -#define HASH_UPDATE MD5_Update -#define HASH_TRANSFORM MD5_Transform -#define HASH_FINAL MD5_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER md5_block_data_order +#define HASH_LONG MD5_LONG +#define HASH_CTX MD5_CTX +#define HASH_CBLOCK MD5_CBLOCK +#define HASH_UPDATE MD5_Update +#define HASH_TRANSFORM MD5_Transform +#define HASH_FINAL MD5_Final +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned long ll; \ + ll = (c)->A; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->B; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->C; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->D; \ + (void)HOST_l2c(ll, (s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER md5_block_data_order #include "crypto/md32_common.h" @@ -54,27 +58,35 @@ * below. Wei attributes these optimizations to Peter Gutmann's * SHS code, and he attributes it to Rich Schroeppel. */ -#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c)) -#define H(b,c,d) ((b) ^ (c) ^ (d)) -#define I(b,c,d) (((~(d)) | (b)) ^ (c)) +#define F(b, c, d) ((((c) ^ (d)) & (b)) ^ (d)) +#define G(b, c, d) ((((b) ^ (c)) & (d)) ^ (c)) +#define H(b, c, d) ((b) ^ (c) ^ (d)) +#define I(b, c, d) (((~(d)) | (b)) ^ (c)) -#define R0(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+F((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; +#define R0(a, b, c, d, k, s, t) \ + { \ + a += ((k) + (t) + F((b), (c), (d))); \ + a = ROTATE(a, s); \ + a += b; \ + }; -#define R1(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; +#define R1(a, b, c, d, k, s, t) \ + { \ + a += ((k) + (t) + G((b), (c), (d))); \ + a = ROTATE(a, s); \ + a += b; \ + }; -#define R2(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+H((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; +#define R2(a, b, c, d, k, s, t) \ + { \ + a += ((k) + (t) + H((b), (c), (d))); \ + a = ROTATE(a, s); \ + a += b; \ + }; -#define R3(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+I((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; +#define R3(a, b, c, d, k, s, t) \ + { \ + a += ((k) + (t) + I((b), (c), (d))); \ + a = ROTATE(a, s); \ + a += b; \ + }; --- crypto/openssl/crypto/md5/md5_one.c.orig +++ crypto/openssl/crypto/md5/md5_one.c @@ -19,7 +19,7 @@ #include #ifdef CHARSET_EBCDIC -# include +#include #endif unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) --- crypto/openssl/crypto/mdc2/mdc2dgst.c.orig +++ crypto/openssl/crypto/mdc2/mdc2dgst.c @@ -21,16 +21,16 @@ #include #undef c2l -#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<<24L) +#define c2l(c, l) (l = ((DES_LONG)(*((c)++))), \ + l |= ((DES_LONG)(*((c)++))) << 8L, \ + l |= ((DES_LONG)(*((c)++))) << 16L, \ + l |= ((DES_LONG)(*((c)++))) << 24L) #undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +#define l2c(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24L) & 0xff)) static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); int MDC2_Init(MDC2_CTX *c) --- crypto/openssl/crypto/mem.c.orig +++ crypto/openssl/crypto/mem.c @@ -24,19 +24,19 @@ static CRYPTO_free_fn free_impl = CRYPTO_free; #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE) -# include "internal/tsan_assist.h" +#include "internal/tsan_assist.h" -# ifdef TSAN_REQUIRES_LOCKING -# define INCREMENT(x) /* empty */ -# define LOAD(x) 0 -# else /* TSAN_REQUIRES_LOCKING */ +#ifdef TSAN_REQUIRES_LOCKING +#define INCREMENT(x) /* empty */ +#define LOAD(x) 0 +#else /* TSAN_REQUIRES_LOCKING */ static TSAN_QUALIFIER int malloc_count; static TSAN_QUALIFIER int realloc_count; static TSAN_QUALIFIER int free_count; -# define INCREMENT(x) tsan_counter(&(x)) -# define LOAD(x) tsan_load(&x) -# endif /* TSAN_REQUIRES_LOCKING */ +#define INCREMENT(x) tsan_counter(&(x)) +#define LOAD(x) tsan_load(&x) +#endif /* TSAN_REQUIRES_LOCKING */ static char *md_failstring; static long md_count; @@ -46,17 +46,19 @@ static void parseit(void); static int shouldfail(void); -# define FAILTEST() if (shouldfail()) return NULL +#define FAILTEST() \ + if (shouldfail()) \ + return NULL #else -# define INCREMENT(x) /* empty */ -# define FAILTEST() /* empty */ +#define INCREMENT(x) /* empty */ +#define FAILTEST() /* empty */ #endif int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, - CRYPTO_realloc_fn realloc_fn, - CRYPTO_free_fn free_fn) + CRYPTO_realloc_fn realloc_fn, + CRYPTO_free_fn free_fn) { if (!allow_customize) return 0; @@ -70,8 +72,8 @@ } void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, - CRYPTO_realloc_fn *realloc_fn, - CRYPTO_free_fn *free_fn) + CRYPTO_realloc_fn *realloc_fn, + CRYPTO_free_fn *free_fn) { if (malloc_fn != NULL) *malloc_fn = malloc_impl; @@ -126,10 +128,10 @@ * Some rand() implementations aren't good, but we're not * dealing with secure randomness here. */ -# ifdef _WIN32 -# define random() rand() -# define srandom(seed) srand(seed) -# endif +#ifdef _WIN32 +#define random() rand() +#define srandom(seed) srand(seed) +#endif /* * See if the current malloc should fail. */ @@ -137,20 +139,20 @@ { int roll = (int)(random() % 10000); int shoulditfail = roll < md_fail_percent; -# ifndef _WIN32 -/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ +#ifndef _WIN32 + /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ int len; char buff[80]; if (md_tracefd > 0) { BIO_snprintf(buff, sizeof(buff), - "%c C%ld %%%d R%d\n", - shoulditfail ? '-' : '+', md_count, md_fail_percent, roll); + "%c C%ld %%%d R%d\n", + shoulditfail ? '-' : '+', md_count, md_fail_percent, roll); len = strlen(buff); if (write(md_tracefd, buff, len) != len) perror("shouldfail write failed"); } -# endif +#endif if (md_count) { /* If we used up this one, go to the next. */ @@ -226,7 +228,7 @@ } void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num, - const char *file, int line) + const char *file, int line) { void *ret = NULL; @@ -240,7 +242,7 @@ /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */ if (num < old_len) { - OPENSSL_cleanse((char*)str + num, old_len - num); + OPENSSL_cleanse((char *)str + num, old_len - num); return str; } @@ -274,7 +276,7 @@ #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 int CRYPTO_mem_ctrl(int mode) { (void)mode; @@ -289,7 +291,9 @@ int CRYPTO_mem_debug_push(const char *info, const char *file, int line) { - (void)info; (void)file; (void)line; + (void)info; + (void)file; + (void)line; return 0; } @@ -299,21 +303,33 @@ } void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, - const char *file, int line) + const char *file, int line) { - (void)addr; (void)num; (void)flag; (void)file; (void)line; + (void)addr; + (void)num; + (void)flag; + (void)file; + (void)line; } void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, - const char *file, int line) + const char *file, int line) { - (void)addr1; (void)addr2; (void)num; (void)flag; (void)file; (void)line; + (void)addr1; + (void)addr2; + (void)num; + (void)flag; + (void)file; + (void)line; } void CRYPTO_mem_debug_free(void *addr, int flag, - const char *file, int line) + const char *file, int line) { - (void)addr; (void)flag; (void)file; (void)line; + (void)addr; + (void)flag; + (void)file; + (void)line; } int CRYPTO_mem_leaks(BIO *b) @@ -322,21 +338,22 @@ return -1; } -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int CRYPTO_mem_leaks_fp(FILE *fp) { (void)fp; return -1; } -# endif +#endif int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), - void *u) + void *u) { - (void)cb; (void)u; + (void)cb; + (void)u; return -1; } -# endif +#endif #endif --- crypto/openssl/crypto/mem_sec.c.orig +++ crypto/openssl/crypto/mem_sec.c @@ -21,57 +21,56 @@ #include #ifndef OPENSSL_NO_SECURE_MEMORY -# if defined(_WIN32) -# include -# if defined(WINAPI_FAMILY_PARTITION) -# if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) +#if defined(_WIN32) +#include +#if defined(WINAPI_FAMILY_PARTITION) +#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) /* * While VirtualLock is available under the app partition (e.g. UWP), * the headers do not define the API. Define it ourselves instead. */ WINBASEAPI BOOL -WINAPI -VirtualLock( - _In_ LPVOID lpAddress, - _In_ SIZE_T dwSize - ); -# endif -# endif -# endif -# include -# include -# if defined(OPENSSL_SYS_UNIX) -# include -# endif -# include -# if defined(OPENSSL_SYS_UNIX) -# include -# if defined(__FreeBSD__) -# define MADV_DONTDUMP MADV_NOCORE -# endif -# if !defined(MAP_CONCEAL) -# define MAP_CONCEAL 0 -# endif -# endif -# if defined(OPENSSL_SYS_LINUX) -# include -# if defined(SYS_mlock2) -# include -# include -# endif -# include -# endif -# include -# include + WINAPI + VirtualLock( + _In_ LPVOID lpAddress, + _In_ SIZE_T dwSize); +#endif +#endif +#endif +#include +#include +#if defined(OPENSSL_SYS_UNIX) +#include +#endif +#include +#if defined(OPENSSL_SYS_UNIX) +#include +#if defined(__FreeBSD__) +#define MADV_DONTDUMP MADV_NOCORE +#endif +#if !defined(MAP_CONCEAL) +#define MAP_CONCEAL 0 +#endif +#endif +#if defined(OPENSSL_SYS_LINUX) +#include +#if defined(SYS_mlock2) +#include +#include +#endif +#include +#endif +#include +#include #endif #define CLEAR(p, s) OPENSSL_cleanse(p, s) #ifndef PAGE_SIZE -# define PAGE_SIZE 4096 +#define PAGE_SIZE 4096 #endif #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) -# define MAP_ANON MAP_ANONYMOUS +#define MAP_ANON MAP_ANONYMOUS #endif #ifndef OPENSSL_NO_SECURE_MEMORY @@ -193,7 +192,7 @@ } void CRYPTO_secure_clear_free(void *ptr, size_t num, - const char *file, int line) + const char *file, int line) { #ifndef OPENSSL_NO_SECURE_MEMORY size_t actual_size; @@ -271,7 +270,6 @@ */ #ifndef OPENSSL_NO_SECURE_MEMORY - /* * The implementation provided here uses a fixed-sized mmap() heap, * which is locked into memory, not written to core files, and protected @@ -289,25 +287,22 @@ #define ONE ((size_t)1) -# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7))) -# define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7))) -# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7)))) +#define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7))) +#define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7))) +#define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7)))) #define WITHIN_ARENA(p) \ - ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size]) + ((char *)(p) >= sh.arena && (char *)(p) < &sh.arena[sh.arena_size]) #define WITHIN_FREELIST(p) \ - ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size]) - + ((char *)(p) >= (char *)sh.freelist && (char *)(p) < (char *)&sh.freelist[sh.freelist_size]) -typedef struct sh_list_st -{ +typedef struct sh_list_st { struct sh_list_st *next; struct sh_list_st **p_next; } SH_LIST; -typedef struct sh_st -{ - char* map_result; +typedef struct sh_st { + char *map_result; size_t map_size; char *arena; size_t arena_size; @@ -335,7 +330,6 @@ return list; } - static int sh_testbit(char *ptr, int list, unsigned char *table) { size_t bit; @@ -406,7 +400,6 @@ OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)); } - static int sh_init(size_t size, size_t minsize) { int ret; @@ -443,9 +436,9 @@ minsize++; } else { /* make sure minsize is a powers of 2 */ - OPENSSL_assert((minsize & (minsize - 1)) == 0); - if ((minsize & (minsize - 1)) != 0) - goto err; + OPENSSL_assert((minsize & (minsize - 1)) == 0); + if ((minsize & (minsize - 1)) != 0) + goto err; } sh.arena_size = size; @@ -476,13 +469,13 @@ goto err; /* Allocate space for heap, and two extra pages as guards */ -#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE) +#if defined(_SC_PAGE_SIZE) || defined(_SC_PAGESIZE) { -# if defined(_SC_PAGE_SIZE) +#if defined(_SC_PAGE_SIZE) long tmppgsize = sysconf(_SC_PAGE_SIZE); -# else +#else long tmppgsize = sysconf(_SC_PAGESIZE); -# endif +#endif if (tmppgsize < 1) pgsize = PAGE_SIZE; else @@ -497,28 +490,28 @@ sh.map_size = pgsize + sh.arena_size + pgsize; #if !defined(_WIN32) -# ifdef MAP_ANON +#ifdef MAP_ANON sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); -# else + PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_CONCEAL, -1, 0); +#else { int fd; sh.map_result = MAP_FAILED; if ((fd = open("/dev/zero", O_RDWR)) >= 0) { sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); + PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); close(fd); } } -# endif +#endif if (sh.map_result == MAP_FAILED) goto err; #else sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); if (sh.map_result == NULL) - goto err; + goto err; #endif sh.arena = (char *)(sh.map_result + pgsize); @@ -570,7 +563,7 @@ return ret; - err: +err: sh_done(); return 0; } @@ -657,7 +650,7 @@ sh_add_to_list(&sh.freelist[slist], temp); OPENSSL_assert(sh.freelist[slist] == temp); - OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); + OPENSSL_assert(temp - (sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); } /* peel off memory to hand back */ --- crypto/openssl/crypto/mips_arch.h.orig +++ crypto/openssl/crypto/mips_arch.h @@ -8,33 +8,31 @@ */ #ifndef OSSL_CRYPTO_MIPS_ARCH_H -# define OSSL_CRYPTO_MIPS_ARCH_H +#define OSSL_CRYPTO_MIPS_ARCH_H -# if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \ - defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \ - && !defined(_MIPS_ARCH_MIPS32R2) -# define _MIPS_ARCH_MIPS32R2 -# endif +#if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \ + && !defined(_MIPS_ARCH_MIPS32R2) +#define _MIPS_ARCH_MIPS32R2 +#endif -# if (defined(_MIPS_ARCH_MIPS64R3) || defined(_MIPS_ARCH_MIPS64R5) || \ - defined(_MIPS_ARCH_MIPS64R6)) \ - && !defined(_MIPS_ARCH_MIPS64R2) -# define _MIPS_ARCH_MIPS64R2 -# endif +#if (defined(_MIPS_ARCH_MIPS64R3) || defined(_MIPS_ARCH_MIPS64R5) || defined(_MIPS_ARCH_MIPS64R6)) \ + && !defined(_MIPS_ARCH_MIPS64R2) +#define _MIPS_ARCH_MIPS64R2 +#endif -# if defined(_MIPS_ARCH_MIPS64R6) -# define dmultu(rs,rt) -# define mflo(rd,rs,rt) dmulu rd,rs,rt -# define mfhi(rd,rs,rt) dmuhu rd,rs,rt -# elif defined(_MIPS_ARCH_MIPS32R6) -# define multu(rs,rt) -# define mflo(rd,rs,rt) mulu rd,rs,rt -# define mfhi(rd,rs,rt) muhu rd,rs,rt -# else -# define dmultu(rs,rt) dmultu rs,rt -# define multu(rs,rt) multu rs,rt -# define mflo(rd,rs,rt) mflo rd -# define mfhi(rd,rs,rt) mfhi rd -# endif +#if defined(_MIPS_ARCH_MIPS64R6) +#define dmultu(rs, rt) +#define mflo(rd, rs, rt) dmulu rd, rs, rt +#define mfhi(rd, rs, rt) dmuhu rd, rs, rt +#elif defined(_MIPS_ARCH_MIPS32R6) +#define multu(rs, rt) +#define mflo(rd, rs, rt) mulu rd, rs, rt +#define mfhi(rd, rs, rt) muhu rd, rs, rt +#else +#define dmultu(rs, rt) dmultu rs, rt +#define multu(rs, rt) multu rs, rt +#define mflo(rd, rs, rt) mflo rd +#define mfhi(rd, rs, rt) mfhi rd +#endif #endif --- crypto/openssl/crypto/modes/asm/ghash-armv4.pl.orig +++ crypto/openssl/crypto/modes/asm/ghash-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -55,7 +55,7 @@ # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # -# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf +# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf # ==================================================================== # Note about "528B" variant. In ARM case it makes lesser sense to --- crypto/openssl/crypto/modes/cbc128.c.orig +++ crypto/openssl/crypto/modes/cbc128.c @@ -12,7 +12,7 @@ #include "crypto/modes.h" #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) -# define STRICT_ALIGNMENT 0 +#define STRICT_ALIGNMENT 0 #endif #if defined(__GNUC__) && !STRICT_ALIGNMENT @@ -22,8 +22,8 @@ #endif void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block) + size_t len, const void *key, + unsigned char ivec[16], block128_f block) { size_t n; const unsigned char *iv = ivec; @@ -32,12 +32,11 @@ return; #if !defined(OPENSSL_SMALL_FOOTPRINT) - if (STRICT_ALIGNMENT && - ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { + if (STRICT_ALIGNMENT && ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { while (len >= 16) { for (n = 0; n < 16; ++n) out[n] = in[n] ^ iv[n]; - (*block) (out, out, key); + (*block)(out, out, key); iv = out; len -= 16; in += 16; @@ -46,9 +45,8 @@ } else { while (len >= 16) { for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t_aX *)(out + n) = - *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n); - (*block) (out, out, key); + *(size_t_aX *)(out + n) = *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n); + (*block)(out, out, key); iv = out; len -= 16; in += 16; @@ -61,7 +59,7 @@ out[n] = in[n] ^ iv[n]; for (; n < 16; ++n) out[n] = iv[n]; - (*block) (out, out, key); + (*block)(out, out, key); iv = out; if (len <= 16) break; @@ -74,8 +72,8 @@ } void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block) + size_t len, const void *key, + unsigned char ivec[16], block128_f block) { size_t n; union { @@ -90,10 +88,9 @@ if (in != out) { const unsigned char *iv = ivec; - if (STRICT_ALIGNMENT && - ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { + if (STRICT_ALIGNMENT && ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { while (len >= 16) { - (*block) (in, out, key); + (*block)(in, out, key); for (n = 0; n < 16; ++n) out[n] ^= iv[n]; iv = in; @@ -106,7 +103,7 @@ size_t_aX *out_t = (size_t_aX *)out; size_t_aX *iv_t = (size_t_aX *)iv; - (*block) (in, out, key); + (*block)(in, out, key); for (n = 0; n < 16 / sizeof(size_t); n++) out_t[n] ^= iv_t[n]; iv = in; @@ -118,11 +115,10 @@ if (ivec != iv) memcpy(ivec, iv, 16); } else { - if (STRICT_ALIGNMENT && - ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { + if (STRICT_ALIGNMENT && ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { unsigned char c; while (len >= 16) { - (*block) (in, tmp.c, key); + (*block)(in, tmp.c, key); for (n = 0; n < 16; ++n) { c = in[n]; out[n] = tmp.c[n] ^ ivec[n]; @@ -139,7 +135,7 @@ size_t_aX *ivec_t = (size_t_aX *)ivec; const size_t_aX *in_t = (const size_t_aX *)in; - (*block) (in, tmp.c, key); + (*block)(in, tmp.c, key); for (n = 0; n < 16 / sizeof(size_t); n++) { c = in_t[n]; out_t[n] = tmp.t[n] ^ ivec_t[n]; @@ -154,7 +150,7 @@ #endif while (len) { unsigned char c; - (*block) (in, tmp.c, key); + (*block)(in, tmp.c, key); for (n = 0; n < 16 && n < len; ++n) { c = in[n]; out[n] = tmp.c[n] ^ ivec[n]; --- crypto/openssl/crypto/modes/ccm128.c.orig +++ crypto/openssl/crypto/modes/ccm128.c @@ -12,11 +12,11 @@ #include "crypto/modes.h" #ifndef STRICT_ALIGNMENT -# ifdef __GNUC__ +#ifdef __GNUC__ typedef u64 u64_a1 __attribute((__aligned__(1))); -# else +#else typedef u64 u64_a1; -# endif +#endif #endif /* @@ -24,8 +24,8 @@ * called once per session setup... */ void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, - unsigned int M, unsigned int L, void *key, - block128_f block) + unsigned int M, unsigned int L, void *key, + block128_f block) { memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c)); ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3; @@ -38,12 +38,12 @@ /* Then you setup per-message nonce and pass the length of the message */ int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, - const unsigned char *nonce, size_t nlen, size_t mlen) + const unsigned char *nonce, size_t nlen, size_t mlen) { unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */ if (nlen < (14 - L)) - return -1; /* nonce is too short */ + return -1; /* nonce is too short */ if (sizeof(mlen) == 8 && L >= 3) { ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8))); @@ -58,7 +58,7 @@ ctx->nonce.c[14] = (u8)(mlen >> 8); ctx->nonce.c[15] = (u8)mlen; - ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ + ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ memcpy(&ctx->nonce.c[1], nonce, 14 - L); return 0; @@ -66,7 +66,7 @@ /* Then you pass additional authentication data, this is optional */ void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, - const unsigned char *aad, size_t alen) + const unsigned char *aad, size_t alen) { unsigned int i; block128_f block = ctx->block; @@ -74,15 +74,15 @@ if (alen == 0) return; - ctx->nonce.c[0] |= 0x40; /* set Adata flag */ - (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++; + ctx->nonce.c[0] |= 0x40; /* set Adata flag */ + (*block)(ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++; if (alen < (0x10000 - 0x100)) { ctx->cmac.c[0] ^= (u8)(alen >> 8); ctx->cmac.c[1] ^= (u8)alen; i = 2; } else if (sizeof(alen) == 8 - && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) { + && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) { ctx->cmac.c[0] ^= 0xFF; ctx->cmac.c[1] ^= 0xFF; ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen) * 8))); @@ -107,7 +107,7 @@ do { for (; i < 16 && alen; ++i, ++aad, --alen) ctx->cmac.c[i] ^= *aad; - (*block) (ctx->cmac.c, ctx->cmac.c, ctx->key), ctx->blocks++; + (*block)(ctx->cmac.c, ctx->cmac.c, ctx->key), ctx->blocks++; i = 0; } while (alen); } @@ -135,8 +135,8 @@ } int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len) + const unsigned char *inp, unsigned char *out, + size_t len) { size_t n; unsigned int i, L; @@ -149,7 +149,7 @@ } scratch; if (!(flags0 & 0x40)) - (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; + (*block)(ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; ctx->nonce.c[0] = L = flags0 & 7; for (n = 0, i = 15 - L; i < 15; ++i) { @@ -157,15 +157,15 @@ ctx->nonce.c[i] = 0; n <<= 8; } - n |= ctx->nonce.c[15]; /* reconstructed length */ + n |= ctx->nonce.c[15]; /* reconstructed length */ ctx->nonce.c[15] = 1; if (n != len) - return -1; /* length mismatch */ + return -1; /* length mismatch */ ctx->blocks += ((len + 15) >> 3) | 1; if (ctx->blocks > (U64(1) << 61)) - return -2; /* too much data */ + return -2; /* too much data */ while (len >= 16) { #if defined(STRICT_ALIGNMENT) @@ -181,8 +181,8 @@ ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0]; ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1]; #endif - (*block) (ctx->cmac.c, ctx->cmac.c, key); - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->cmac.c, ctx->cmac.c, key); + (*block)(ctx->nonce.c, scratch.c, key); ctr64_inc(ctx->nonce.c); #if defined(STRICT_ALIGNMENT) temp.u[0] ^= scratch.u[0]; @@ -200,8 +200,8 @@ if (len) { for (i = 0; i < len; ++i) ctx->cmac.c[i] ^= inp[i]; - (*block) (ctx->cmac.c, ctx->cmac.c, key); - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->cmac.c, ctx->cmac.c, key); + (*block)(ctx->nonce.c, scratch.c, key); for (i = 0; i < len; ++i) out[i] = scratch.c[i] ^ inp[i]; } @@ -209,7 +209,7 @@ for (i = 15 - L; i < 16; ++i) ctx->nonce.c[i] = 0; - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->nonce.c, scratch.c, key); ctx->cmac.u[0] ^= scratch.u[0]; ctx->cmac.u[1] ^= scratch.u[1]; @@ -219,8 +219,8 @@ } int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len) + const unsigned char *inp, unsigned char *out, + size_t len) { size_t n; unsigned int i, L; @@ -233,7 +233,7 @@ } scratch; if (!(flags0 & 0x40)) - (*block) (ctx->nonce.c, ctx->cmac.c, key); + (*block)(ctx->nonce.c, ctx->cmac.c, key); ctx->nonce.c[0] = L = flags0 & 7; for (n = 0, i = 15 - L; i < 15; ++i) { @@ -241,7 +241,7 @@ ctx->nonce.c[i] = 0; n <<= 8; } - n |= ctx->nonce.c[15]; /* reconstructed length */ + n |= ctx->nonce.c[15]; /* reconstructed length */ ctx->nonce.c[15] = 1; if (n != len) @@ -254,7 +254,7 @@ u8 c[16]; } temp; #endif - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->nonce.c, scratch.c, key); ctr64_inc(ctx->nonce.c); #if defined(STRICT_ALIGNMENT) memcpy(temp.c, inp, 16); @@ -263,11 +263,11 @@ memcpy(out, scratch.c, 16); #else ctx->cmac.u[0] ^= (((u64_a1 *)out)[0] - = scratch.u[0] ^ ((u64_a1 *)inp)[0]); + = scratch.u[0] ^ ((u64_a1 *)inp)[0]); ctx->cmac.u[1] ^= (((u64_a1 *)out)[1] - = scratch.u[1] ^ ((u64_a1 *)inp)[1]); + = scratch.u[1] ^ ((u64_a1 *)inp)[1]); #endif - (*block) (ctx->cmac.c, ctx->cmac.c, key); + (*block)(ctx->cmac.c, ctx->cmac.c, key); inp += 16; out += 16; @@ -275,16 +275,16 @@ } if (len) { - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->nonce.c, scratch.c, key); for (i = 0; i < len; ++i) ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]); - (*block) (ctx->cmac.c, ctx->cmac.c, key); + (*block)(ctx->cmac.c, ctx->cmac.c, key); } for (i = 15 - L; i < 16; ++i) ctx->nonce.c[i] = 0; - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->nonce.c, scratch.c, key); ctx->cmac.u[0] ^= scratch.u[0]; ctx->cmac.u[1] ^= scratch.u[1]; @@ -302,14 +302,14 @@ --n; val += counter[n] + (inc & 0xff); counter[n] = (unsigned char)val; - val >>= 8; /* carry bit */ + val >>= 8; /* carry bit */ inc >>= 8; } while (n && (inc || val)); } int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len, ccm128_f stream) + const unsigned char *inp, unsigned char *out, + size_t len, ccm128_f stream) { size_t n; unsigned int i, L; @@ -322,7 +322,7 @@ } scratch; if (!(flags0 & 0x40)) - (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; + (*block)(ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; ctx->nonce.c[0] = L = flags0 & 7; for (n = 0, i = 15 - L; i < 15; ++i) { @@ -330,18 +330,18 @@ ctx->nonce.c[i] = 0; n <<= 8; } - n |= ctx->nonce.c[15]; /* reconstructed length */ + n |= ctx->nonce.c[15]; /* reconstructed length */ ctx->nonce.c[15] = 1; if (n != len) - return -1; /* length mismatch */ + return -1; /* length mismatch */ ctx->blocks += ((len + 15) >> 3) | 1; if (ctx->blocks > (U64(1) << 61)) - return -2; /* too much data */ + return -2; /* too much data */ if ((n = len / 16)) { - (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c); + (*stream)(inp, out, n, key, ctx->nonce.c, ctx->cmac.c); n *= 16; inp += n; out += n; @@ -353,8 +353,8 @@ if (len) { for (i = 0; i < len; ++i) ctx->cmac.c[i] ^= inp[i]; - (*block) (ctx->cmac.c, ctx->cmac.c, key); - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->cmac.c, ctx->cmac.c, key); + (*block)(ctx->nonce.c, scratch.c, key); for (i = 0; i < len; ++i) out[i] = scratch.c[i] ^ inp[i]; } @@ -362,7 +362,7 @@ for (i = 15 - L; i < 16; ++i) ctx->nonce.c[i] = 0; - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->nonce.c, scratch.c, key); ctx->cmac.u[0] ^= scratch.u[0]; ctx->cmac.u[1] ^= scratch.u[1]; @@ -372,8 +372,8 @@ } int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len, ccm128_f stream) + const unsigned char *inp, unsigned char *out, + size_t len, ccm128_f stream) { size_t n; unsigned int i, L; @@ -386,7 +386,7 @@ } scratch; if (!(flags0 & 0x40)) - (*block) (ctx->nonce.c, ctx->cmac.c, key); + (*block)(ctx->nonce.c, ctx->cmac.c, key); ctx->nonce.c[0] = L = flags0 & 7; for (n = 0, i = 15 - L; i < 15; ++i) { @@ -394,14 +394,14 @@ ctx->nonce.c[i] = 0; n <<= 8; } - n |= ctx->nonce.c[15]; /* reconstructed length */ + n |= ctx->nonce.c[15]; /* reconstructed length */ ctx->nonce.c[15] = 1; if (n != len) return -1; if ((n = len / 16)) { - (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c); + (*stream)(inp, out, n, key, ctx->nonce.c, ctx->cmac.c); n *= 16; inp += n; out += n; @@ -411,16 +411,16 @@ } if (len) { - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->nonce.c, scratch.c, key); for (i = 0; i < len; ++i) ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]); - (*block) (ctx->cmac.c, ctx->cmac.c, key); + (*block)(ctx->cmac.c, ctx->cmac.c, key); } for (i = 15 - L; i < 16; ++i) ctx->nonce.c[i] = 0; - (*block) (ctx->nonce.c, scratch.c, key); + (*block)(ctx->nonce.c, scratch.c, key); ctx->cmac.u[0] ^= scratch.u[0]; ctx->cmac.u[1] ^= scratch.u[1]; --- crypto/openssl/crypto/modes/cfb128.c.orig +++ crypto/openssl/crypto/modes/cfb128.c @@ -23,9 +23,9 @@ * used is contained in *num; */ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block) + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) { unsigned int n; size_t l = 0; @@ -46,17 +46,15 @@ --len; n = (n + 1) % 16; } -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out | (size_t)ivec) % - sizeof(size_t) != 0) +#if defined(STRICT_ALIGNMENT) + if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) break; -# endif +#endif while (len >= 16) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - *(size_t_aX *)(out + n) = - *(size_t_aX *)(ivec + n) - ^= *(size_t_aX *)(in + n); + *(size_t_aX *)(out + n) = *(size_t_aX *)(ivec + n) + ^= *(size_t_aX *)(in + n); } len -= 16; out += 16; @@ -64,7 +62,7 @@ n = 0; } if (len) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); while (len--) { out[n] = ivec[n] ^= in[n]; ++n; @@ -78,7 +76,7 @@ #endif while (l < len) { if (n == 0) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); } out[l] = ivec[n] ^= in[l]; ++l; @@ -96,13 +94,12 @@ --len; n = (n + 1) % 16; } -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out | (size_t)ivec) % - sizeof(size_t) != 0) +#if defined(STRICT_ALIGNMENT) + if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) break; -# endif +#endif while (len >= 16) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { size_t t = *(size_t_aX *)(in + n); *(size_t_aX *)(out + n) @@ -115,7 +112,7 @@ n = 0; } if (len) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); while (len--) { unsigned char c; out[n] = ivec[n] ^ (c = in[n]); @@ -132,7 +129,7 @@ while (l < len) { unsigned char c; if (n == 0) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); } out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; @@ -148,9 +145,9 @@ * it corrupts any extra bits in the last byte of out */ static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out, - int nbits, const void *key, - unsigned char ivec[16], int enc, - block128_f block) + int nbits, const void *key, + unsigned char ivec[16], int enc, + block128_f block) { int n, rem, num; unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't @@ -162,12 +159,12 @@ /* fill in the first half of the new IV with the current IV */ memcpy(ovec, ivec, 16); /* construct the new IV */ - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); num = (nbits + 7) / 8; - if (enc) /* encrypt the input */ + if (enc) /* encrypt the input */ for (n = 0; n < num; ++n) out[n] = (ovec[16 + n] = in[n] ^ ivec[n]); - else /* decrypt the input */ + else /* decrypt the input */ for (n = 0; n < num; ++n) out[n] = (ovec[16 + n] = in[n]) ^ ivec[n]; /* shift ovec left... */ @@ -184,9 +181,9 @@ /* N.B. This expects the input to be packed, MS bit first */ void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, - size_t bits, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block) + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) { size_t n; unsigned char c[1], d[1]; @@ -194,15 +191,14 @@ for (n = 0; n < bits; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; cfbr_encrypt_block(c, d, 1, key, ivec, enc, block); - out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) | - ((d[0] & 0x80) >> (unsigned int)(n % 8)); + out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); } } void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block) + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) { size_t n; --- crypto/openssl/crypto/modes/ctr128.c.orig +++ crypto/openssl/crypto/modes/ctr128.c @@ -71,10 +71,10 @@ * doesn't overflow into the rest of the IV when incremented. */ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], - unsigned char ecount_buf[16], unsigned int *num, - block128_f block) + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block) { unsigned int n; size_t l = 0; @@ -90,17 +90,17 @@ n = (n + 1) % 16; } -# if defined(STRICT_ALIGNMENT) +#if defined(STRICT_ALIGNMENT) if (((size_t)in | (size_t)out | (size_t)ecount_buf) - % sizeof(size_t) != 0) + % sizeof(size_t) + != 0) break; -# endif +#endif while (len >= 16) { - (*block) (ivec, ecount_buf, key); + (*block)(ivec, ecount_buf, key); ctr128_inc_aligned(ivec); for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t_aX *)(out + n) = - *(size_t_aX *)(in + n) + *(size_t_aX *)(out + n) = *(size_t_aX *)(in + n) ^ *(size_t_aX *)(ecount_buf + n); len -= 16; out += 16; @@ -108,7 +108,7 @@ n = 0; } if (len) { - (*block) (ivec, ecount_buf, key); + (*block)(ivec, ecount_buf, key); ctr128_inc_aligned(ivec); while (len--) { out[n] = in[n] ^ ecount_buf[n]; @@ -123,7 +123,7 @@ #endif while (l < len) { if (n == 0) { - (*block) (ivec, ecount_buf, key); + (*block)(ivec, ecount_buf, key); ctr128_inc(ivec); } out[l] = in[l] ^ ecount_buf[n]; @@ -148,14 +148,14 @@ } void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], - unsigned char ecount_buf[16], - unsigned int *num, ctr128_f func) + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f func) { unsigned int n, ctr32; - n = *num; + n = *num; while (n && len) { *(out++) = *(in++) ^ ecount_buf[n]; @@ -184,7 +184,7 @@ blocks -= ctr32; ctr32 = 0; } - (*func) (in, out, blocks, key, ivec); + (*func)(in, out, blocks, key, ivec); /* (*ctr) does not update ivec, caller does: */ PUTU32(ivec + 12, ctr32); /* ... overflow was detected, propagate carry. */ @@ -197,7 +197,7 @@ } if (len) { memset(ecount_buf, 0, 16); - (*func) (ecount_buf, ecount_buf, 1, key, ivec); + (*func)(ecount_buf, ecount_buf, 1, key, ivec); ++ctr32; PUTU32(ivec + 12, ctr32); if (ctr32 == 0) --- crypto/openssl/crypto/modes/cts128.c.orig +++ crypto/openssl/crypto/modes/cts128.c @@ -25,9 +25,9 @@ */ size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], - block128_f block) + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block) { size_t residue, n; @@ -46,7 +46,7 @@ for (n = 0; n < residue; ++n) ivec[n] ^= in[n]; - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); memcpy(out, out - 16, residue); memcpy(out - 16, ivec, 16); @@ -54,10 +54,10 @@ } size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, - unsigned char ivec[16], - block128_f block) + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block) { size_t residue, n; @@ -78,15 +78,15 @@ for (n = 0; n < residue; ++n) ivec[n] ^= in[n]; - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); memcpy(out - 16 + residue, ivec, 16); return len + residue; } size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc) { size_t residue; union { @@ -102,27 +102,27 @@ len -= residue; - (*cbc) (in, out, len, key, ivec, 1); + (*cbc)(in, out, len, key, ivec, 1); in += len; out += len; #if defined(CBC_HANDLES_TRUNCATED_IO) memcpy(tmp.c, out - 16, 16); - (*cbc) (in, out - 16, residue, key, ivec, 1); + (*cbc)(in, out - 16, residue, key, ivec, 1); memcpy(out, tmp.c, residue); #else memset(tmp.c, 0, sizeof(tmp)); memcpy(tmp.c, in, residue); memcpy(out, out - 16, residue); - (*cbc) (tmp.c, out - 16, 16, key, ivec, 1); + (*cbc)(tmp.c, out - 16, 16, key, ivec, 1); #endif return len + residue; } size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc) { size_t residue; union { @@ -137,7 +137,7 @@ len -= residue; - (*cbc) (in, out, len, key, ivec, 1); + (*cbc)(in, out, len, key, ivec, 1); if (residue == 0) return len; @@ -146,19 +146,19 @@ out += len; #if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc) (in, out - 16 + residue, residue, key, ivec, 1); + (*cbc)(in, out - 16 + residue, residue, key, ivec, 1); #else memset(tmp.c, 0, sizeof(tmp)); memcpy(tmp.c, in, residue); - (*cbc) (tmp.c, out - 16 + residue, 16, key, ivec, 1); + (*cbc)(tmp.c, out - 16 + residue, 16, key, ivec, 1); #endif return len + residue; } size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], - block128_f block) + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block) { size_t residue, n; union { @@ -180,11 +180,11 @@ out += len; } - (*block) (in, tmp.c + 16, key); + (*block)(in, tmp.c + 16, key); memcpy(tmp.c, tmp.c + 16, 16); memcpy(tmp.c, in + 16, residue); - (*block) (tmp.c, tmp.c, key); + (*block)(tmp.c, tmp.c, key); for (n = 0; n < 16; ++n) { unsigned char c = in[n]; @@ -198,10 +198,10 @@ } size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, - unsigned char ivec[16], - block128_f block) + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block) { size_t residue, n; union { @@ -227,11 +227,11 @@ out += len; } - (*block) (in + residue, tmp.c + 16, key); + (*block)(in + residue, tmp.c + 16, key); memcpy(tmp.c, tmp.c + 16, 16); memcpy(tmp.c, in, residue); - (*block) (tmp.c, tmp.c, key); + (*block)(tmp.c, tmp.c, key); for (n = 0; n < 16; ++n) { unsigned char c = in[n]; @@ -246,8 +246,8 @@ } size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc) { size_t residue; union { @@ -264,7 +264,7 @@ len -= 16 + residue; if (len) { - (*cbc) (in, out, len, key, ivec, 0); + (*cbc)(in, out, len, key, ivec, 0); in += len; out += len; } @@ -273,21 +273,21 @@ /* * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ - (*cbc) (in, tmp.c, 16, key, tmp.c + 16, 0); + (*cbc)(in, tmp.c, 16, key, tmp.c + 16, 0); memcpy(tmp.c, in + 16, residue); #if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0); + (*cbc)(tmp.c, out, 16 + residue, key, ivec, 0); #else - (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0); + (*cbc)(tmp.c, tmp.c, 32, key, ivec, 0); memcpy(out, tmp.c, 16 + residue); #endif return 16 + len + residue; } size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc) { size_t residue; union { @@ -301,14 +301,14 @@ residue = len % 16; if (residue == 0) { - (*cbc) (in, out, len, key, ivec, 0); + (*cbc)(in, out, len, key, ivec, 0); return len; } len -= 16 + residue; if (len) { - (*cbc) (in, out, len, key, ivec, 0); + (*cbc)(in, out, len, key, ivec, 0); in += len; out += len; } @@ -317,13 +317,13 @@ /* * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ - (*cbc) (in + residue, tmp.c, 16, key, tmp.c + 16, 0); + (*cbc)(in + residue, tmp.c, 16, key, tmp.c + 16, 0); memcpy(tmp.c, in, residue); #if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0); + (*cbc)(tmp.c, out, 16 + residue, key, ivec, 0); #else - (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0); + (*cbc)(tmp.c, tmp.c, 32, key, ivec, 0); memcpy(out, tmp.c, 16 + residue); #endif return 16 + len + residue; --- crypto/openssl/crypto/modes/gcm128.c.orig +++ crypto/openssl/crypto/modes/gcm128.c @@ -21,25 +21,25 @@ #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) /* redefine, because alignment is ensured */ -# undef GETU32 -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# undef PUTU32 -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) -#endif - -#define PACK(s) ((size_t)(s)<<(sizeof(size_t)*8-16)) -#define REDUCE1BIT(V) do { \ - if (sizeof(size_t)==8) { \ - u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \ - V.lo = (V.hi<<63)|(V.lo>>1); \ - V.hi = (V.hi>>1 )^T; \ - } \ - else { \ - u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \ - V.lo = (V.hi<<63)|(V.lo>>1); \ - V.hi = (V.hi>>1 )^((u64)T<<32); \ - } \ -} while(0) +#undef GETU32 +#define GETU32(p) BSWAP4(*(const u32 *)(p)) +#undef PUTU32 +#define PUTU32(p, v) *(u32 *)(p) = BSWAP4(v) +#endif + +#define PACK(s) ((size_t)(s) << (sizeof(size_t) * 8 - 16)) +#define REDUCE1BIT(V) \ + do { \ + if (sizeof(size_t) == 8) { \ + u64 T = U64(0xe100000000000000) & (0 - (V.lo & 1)); \ + V.lo = (V.hi << 63) | (V.lo >> 1); \ + V.hi = (V.hi >> 1) ^ T; \ + } else { \ + u32 T = 0xe1000000U & (0 - (u32)(V.lo & 1)); \ + V.lo = (V.hi << 63) | (V.lo >> 1); \ + V.hi = (V.hi >> 1) ^ ((u64)T << 32); \ + } \ + } while (0) /*- * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should @@ -75,7 +75,7 @@ * * Value of 1 is not appropriate for performance reasons. */ -#if TABLE_BITS==8 +#if TABLE_BITS == 8 static void gcm_init_8bit(u128 Htable[256], u64 H[2]) { @@ -193,10 +193,10 @@ } if (IS_LITTLE_ENDIAN) { -# ifdef BSWAP8 +#ifdef BSWAP8 Xi[0] = BSWAP8(Z.hi); Xi[1] = BSWAP8(Z.lo); -# else +#else u8 *p = (u8 *)Xi; u32 v; v = (u32)(Z.hi >> 32); @@ -207,30 +207,30 @@ PUTU32(p + 8, v); v = (u32)(Z.lo); PUTU32(p + 12, v); -# endif +#endif } else { Xi[0] = Z.hi; Xi[1] = Z.lo; } } -# define GCM_MUL(ctx) gcm_gmult_8bit(ctx->Xi.u,ctx->Htable) +#define GCM_MUL(ctx) gcm_gmult_8bit(ctx->Xi.u, ctx->Htable) -#elif TABLE_BITS==4 +#elif TABLE_BITS == 4 static void gcm_init_4bit(u128 Htable[16], u64 H[2]) { u128 V; -# if defined(OPENSSL_SMALL_FOOTPRINT) +#if defined(OPENSSL_SMALL_FOOTPRINT) int i; -# endif +#endif Htable[0].hi = 0; Htable[0].lo = 0; V.hi = H[0]; V.lo = H[1]; -# if defined(OPENSSL_SMALL_FOOTPRINT) +#if defined(OPENSSL_SMALL_FOOTPRINT) for (Htable[8] = V, i = 4; i > 0; i >>= 1) { REDUCE1BIT(V); Htable[i] = V; @@ -244,7 +244,7 @@ Hi[j].lo = V.lo ^ Htable[j].lo; } } -# else +#else Htable[8] = V; REDUCE1BIT(V); Htable[4] = V; @@ -265,8 +265,8 @@ Htable[13].hi = V.hi ^ Htable[5].hi, Htable[13].lo = V.lo ^ Htable[5].lo; Htable[14].hi = V.hi ^ Htable[6].hi, Htable[14].lo = V.lo ^ Htable[6].lo; Htable[15].hi = V.hi ^ Htable[7].hi, Htable[15].lo = V.lo ^ Htable[7].lo; -# endif -# if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm)) +#endif +#if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm)) /* * ARM assembler expects specific dword order in Htable. */ @@ -279,17 +279,18 @@ V = Htable[j]; Htable[j].hi = V.lo; Htable[j].lo = V.hi; - } else + } + else for (j = 0; j < 16; ++j) { V = Htable[j]; Htable[j].hi = V.lo << 32 | V.lo >> 32; Htable[j].lo = V.hi << 32 | V.hi >> 32; } } -# endif +#endif } -# ifndef GHASH_ASM +#ifndef GHASH_ASM static const size_t rem_4bit[16] = { PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460), PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0), @@ -343,10 +344,10 @@ } if (IS_LITTLE_ENDIAN) { -# ifdef BSWAP8 +#ifdef BSWAP8 Xi[0] = BSWAP8(Z.hi); Xi[1] = BSWAP8(Z.lo); -# else +#else u8 *p = (u8 *)Xi; u32 v; v = (u32)(Z.hi >> 32); @@ -357,14 +358,14 @@ PUTU32(p + 8, v); v = (u32)(Z.lo); PUTU32(p + 12, v); -# endif +#endif } else { Xi[0] = Z.hi; Xi[1] = Z.lo; } } -# if !defined(OPENSSL_SMALL_FOOTPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT) /* * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for * details... Compiler-generated code doesn't seem to give any @@ -373,14 +374,14 @@ * non-trivial optimization[s]... */ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) + const u8 *inp, size_t len) { u128 Z; int cnt; size_t rem, nlo, nhi; DECLARE_IS_ENDIAN; -# if 1 +#if 1 do { cnt = 15; nlo = ((const u8 *)Xi)[15]; @@ -422,15 +423,15 @@ Z.hi ^= Htable[nlo].hi; Z.lo ^= Htable[nlo].lo; } -# else +#else /* * Extra 256+16 bytes per-key plus 512 bytes shared tables * [should] give ~50% improvement... One could have PACK()-ed * the rem_8bit even here, but the priority is to minimize * cache footprint... */ - u128 Hshr4[16]; /* Htable shifted right by 4 bits */ - u8 Hshl4[16]; /* Htable shifted left by 4 bits */ + u128 Hshr4[16]; /* Htable shifted right by 4 bits */ + u8 Hshl4[16]; /* Htable shifted left by 4 bits */ static const unsigned short rem_8bit[256] = { 0x0000, 0x01C2, 0x0384, 0x0246, 0x0708, 0x06CA, 0x048C, 0x054E, 0x0E10, 0x0FD2, 0x0D94, 0x0C56, 0x0918, 0x08DA, 0x0A9C, 0x0B5E, @@ -515,13 +516,13 @@ Z.hi ^= Htable[nhi].hi; Z.lo ^= Htable[nhi].lo; Z.hi ^= ((u64)rem_8bit[rem << 4]) << 48; -# endif +#endif if (IS_LITTLE_ENDIAN) { -# ifdef BSWAP8 +#ifdef BSWAP8 Xi[0] = BSWAP8(Z.hi); Xi[1] = BSWAP8(Z.lo); -# else +#else u8 *p = (u8 *)Xi; u32 v; v = (u32)(Z.hi >> 32); @@ -532,32 +533,32 @@ PUTU32(p + 8, v); v = (u32)(Z.lo); PUTU32(p + 12, v); -# endif +#endif } else { Xi[0] = Z.hi; Xi[1] = Z.lo; } } while (inp += 16, len -= 16); } -# endif -# else +#endif +#else void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif + size_t len); +#endif -# define GCM_MUL(ctx) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable) -# if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT) -# define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len) +#define GCM_MUL(ctx) gcm_gmult_4bit(ctx->Xi.u, ctx->Htable) +#if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT) +#define GHASH(ctx, in, len) gcm_ghash_4bit((ctx)->Xi.u, (ctx)->Htable, in, len) /* * GHASH_CHUNK is "stride parameter" missioned to mitigate cache trashing * effect. In other words idea is to hash data while it's still in L1 cache * after encryption pass... */ -# define GHASH_CHUNK (3*1024) -# endif +#define GHASH_CHUNK (3 * 1024) +#endif -#else /* TABLE_BITS */ +#else /* TABLE_BITS */ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) { @@ -567,18 +568,18 @@ const long *xi = (const long *)Xi; DECLARE_IS_ENDIAN; - V.hi = H[0]; /* H is in host byte order, no byte swapping */ + V.hi = H[0]; /* H is in host byte order, no byte swapping */ V.lo = H[1]; for (j = 0; j < 16 / sizeof(long); ++j) { if (IS_LITTLE_ENDIAN) { if (sizeof(long) == 8) { -# ifdef BSWAP8 +#ifdef BSWAP8 X = (long)(BSWAP8(xi[j])); -# else +#else const u8 *p = (const u8 *)(xi + j); X = (long)((u64)GETU32(p) << 32 | GETU32(p + 4)); -# endif +#endif } else { const u8 *p = (const u8 *)(xi + j); X = (long)GETU32(p); @@ -596,10 +597,10 @@ } if (IS_LITTLE_ENDIAN) { -# ifdef BSWAP8 +#ifdef BSWAP8 Xi[0] = BSWAP8(Z.hi); Xi[1] = BSWAP8(Z.lo); -# else +#else u8 *p = (u8 *)Xi; u32 v; v = (u32)(Z.hi >> 32); @@ -610,95 +611,92 @@ PUTU32(p + 8, v); v = (u32)(Z.lo); PUTU32(p + 12, v); -# endif +#endif } else { Xi[0] = Z.hi; Xi[1] = Z.lo; } } -# define GCM_MUL(ctx) gcm_gmult_1bit(ctx->Xi.u,ctx->H.u) +#define GCM_MUL(ctx) gcm_gmult_1bit(ctx->Xi.u, ctx->H.u) #endif -#if TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ)) -# if !defined(I386_ONLY) && \ - (defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define GHASH_ASM_X86_OR_64 -# define GCM_FUNCREF_4BIT +#if TABLE_BITS == 4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ)) +#if !defined(I386_ONLY) && (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +#define GHASH_ASM_X86_OR_64 +#define GCM_FUNCREF_4BIT void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); + size_t len); -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define gcm_init_avx gcm_init_clmul -# define gcm_gmult_avx gcm_gmult_clmul -# define gcm_ghash_avx gcm_ghash_clmul -# else +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +#define gcm_init_avx gcm_init_clmul +#define gcm_gmult_avx gcm_gmult_clmul +#define gcm_ghash_avx gcm_ghash_clmul +#else void gcm_init_avx(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_avx(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif + size_t len); +#endif -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define GHASH_ASM_X86 +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +#define GHASH_ASM_X86 void gcm_gmult_4bit_mmx(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_4bit_mmx(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); + size_t len); void gcm_gmult_4bit_x86(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_4bit_x86(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif -# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) -# include "arm_arch.h" -# if __ARM_MAX_ARCH__>=7 -# define GHASH_ASM_ARM -# define GCM_FUNCREF_4BIT -# define PMULL_CAPABLE (OPENSSL_armcap_P & ARMV8_PMULL) -# if defined(__arm__) || defined(__arm) -# define NEON_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif + size_t len); +#endif +#elif defined(__arm__) || defined(__arm) || defined(__aarch64__) +#include "arm_arch.h" +#if __ARM_MAX_ARCH__ >= 7 +#define GHASH_ASM_ARM +#define GCM_FUNCREF_4BIT +#define PMULL_CAPABLE (OPENSSL_armcap_P & ARMV8_PMULL) +#if defined(__arm__) || defined(__arm) +#define NEON_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +#endif void gcm_init_neon(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_neon(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_neon(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); + size_t len); void gcm_init_v8(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_v8(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_v8(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif -# elif defined(__sparc__) || defined(__sparc) -# include "crypto/sparc_arch.h" -# define GHASH_ASM_SPARC -# define GCM_FUNCREF_4BIT + size_t len); +#endif +#elif defined(__sparc__) || defined(__sparc) +#include "crypto/sparc_arch.h" +#define GHASH_ASM_SPARC +#define GCM_FUNCREF_4BIT void gcm_init_vis3(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_vis3(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_vis3(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# elif defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) -# include "crypto/ppc_arch.h" -# define GHASH_ASM_PPC -# define GCM_FUNCREF_4BIT + size_t len); +#elif defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) +#include "crypto/ppc_arch.h" +#define GHASH_ASM_PPC +#define GCM_FUNCREF_4BIT void gcm_init_p8(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_p8(u64 Xi[2], const u128 Htable[16]); void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif + size_t len); +#endif #endif #ifdef GCM_FUNCREF_4BIT -# undef GCM_MUL -# define GCM_MUL(ctx) (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable) -# ifdef GHASH -# undef GHASH -# define GHASH(ctx,in,len) (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len) -# endif +#undef GCM_MUL +#define GCM_MUL(ctx) (*gcm_gmult_p)(ctx->Xi.u, ctx->Htable) +#ifdef GHASH +#undef GHASH +#define GHASH(ctx, in, len) (*gcm_ghash_p)(ctx->Xi.u, ctx->Htable, in, len) +#endif #endif void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) @@ -709,7 +707,7 @@ ctx->block = block; ctx->key = key; - (*block) (ctx->H.c, ctx->H.c, key); + (*block)(ctx->H.c, ctx->H.c, key); if (IS_LITTLE_ENDIAN) { /* H is stored in host byte order */ @@ -725,16 +723,16 @@ ctx->H.u[1] = lo; #endif } -#if TABLE_BITS==8 +#if TABLE_BITS == 8 gcm_init_8bit(ctx->Htable, ctx->H.u); -#elif TABLE_BITS==4 -# if defined(GHASH) -# define CTX__GHASH(f) (ctx->ghash = (f)) -# else -# define CTX__GHASH(f) (ctx->ghash = NULL) -# endif -# if defined(GHASH_ASM_X86_OR_64) -# if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) +#elif TABLE_BITS == 4 +#if defined(GHASH) +#define CTX__GHASH(f) (ctx->ghash = (f)) +#else +#define CTX__GHASH(f) (ctx->ghash = NULL) +#endif +#if defined(GHASH_ASM_X86_OR_64) +#if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) if (OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */ if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */ gcm_init_avx(ctx->Htable, ctx->H.u); @@ -747,45 +745,45 @@ } return; } -# endif +#endif gcm_init_4bit(ctx->Htable, ctx->H.u); -# if defined(GHASH_ASM_X86) /* x86 only */ -# if defined(OPENSSL_IA32_SSE2) +#if defined(GHASH_ASM_X86) /* x86 only */ +#if defined(OPENSSL_IA32_SSE2) if (OPENSSL_ia32cap_P[0] & (1 << 25)) { /* check SSE bit */ -# else +#else if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */ -# endif +#endif ctx->gmult = gcm_gmult_4bit_mmx; CTX__GHASH(gcm_ghash_4bit_mmx); } else { ctx->gmult = gcm_gmult_4bit_x86; CTX__GHASH(gcm_ghash_4bit_x86); } -# else +#else ctx->gmult = gcm_gmult_4bit; CTX__GHASH(gcm_ghash_4bit); -# endif -# elif defined(GHASH_ASM_ARM) -# ifdef PMULL_CAPABLE +#endif +#elif defined(GHASH_ASM_ARM) +#ifdef PMULL_CAPABLE if (PMULL_CAPABLE) { gcm_init_v8(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_v8; CTX__GHASH(gcm_ghash_v8); } else -# endif -# ifdef NEON_CAPABLE - if (NEON_CAPABLE) { +#endif +#ifdef NEON_CAPABLE + if (NEON_CAPABLE) { gcm_init_neon(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_neon; CTX__GHASH(gcm_ghash_neon); } else -# endif +#endif { gcm_init_4bit(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_4bit; CTX__GHASH(gcm_ghash_4bit); } -# elif defined(GHASH_ASM_SPARC) +#elif defined(GHASH_ASM_SPARC) if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) { gcm_init_vis3(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_vis3; @@ -795,7 +793,7 @@ ctx->gmult = gcm_gmult_4bit; CTX__GHASH(gcm_ghash_4bit); } -# elif defined(GHASH_ASM_PPC) +#elif defined(GHASH_ASM_PPC) if (OPENSSL_ppccap_P & PPC_CRYPTO207) { gcm_init_p8(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_p8; @@ -805,24 +803,24 @@ ctx->gmult = gcm_gmult_4bit; CTX__GHASH(gcm_ghash_4bit); } -# else +#else gcm_init_4bit(ctx->Htable, ctx->H.u); -# endif -# undef CTX__GHASH +#endif +#undef CTX__GHASH #endif } void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, - size_t len) + size_t len) { DECLARE_IS_ENDIAN; unsigned int ctr; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; + void (*gcm_gmult_p)(u64 Xi[2], const u128 Htable[16]) = ctx->gmult; #endif - ctx->len.u[0] = 0; /* AAD length */ - ctx->len.u[1] = 0; /* message length */ + ctx->len.u[0] = 0; /* AAD length */ + ctx->len.u[1] = 0; /* message length */ ctx->ares = 0; ctx->mres = 0; @@ -890,7 +888,7 @@ ctx->Xi.u[0] = 0; ctx->Xi.u[1] = 0; - (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key); + (*ctx->block)(ctx->Yi.c, ctx->EK0.c, ctx->key); ++ctr; if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 @@ -903,17 +901,18 @@ } int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, - size_t len) + size_t len) { size_t i; unsigned int n; u64 alen = ctx->len.u[0]; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif + void (*gcm_gmult_p)(u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +#ifdef GHASH + void (*gcm_ghash_p)(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) + = ctx->ghash; +#endif #endif if (ctx->len.u[1]) @@ -964,8 +963,8 @@ } int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) + const unsigned char *in, unsigned char *out, + size_t len) { DECLARE_IS_ENDIAN; unsigned int n, ctr, mres; @@ -974,11 +973,12 @@ block128_f block = ctx->block; void *key = ctx->key; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif + void (*gcm_gmult_p)(u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + void (*gcm_ghash_p)(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) + = ctx->ghash; +#endif #endif mlen += len; @@ -1020,7 +1020,7 @@ if (16 % sizeof(size_t) == 0) { /* always true actually */ do { if (n) { -# if defined(GHASH) +#if defined(GHASH) while (n && len) { ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n]; --len; @@ -1033,7 +1033,7 @@ ctx->mres = mres; return 0; } -# else +#else while (n && len) { ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; --len; @@ -1046,18 +1046,18 @@ ctx->mres = n; return 0; } -# endif +#endif } -# if defined(STRICT_ALIGNMENT) +#if defined(STRICT_ALIGNMENT) if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) break; -# endif -# if defined(GHASH) +#endif +#if defined(GHASH) if (len >= 16 && mres) { GHASH(ctx, ctx->Xn, mres); mres = 0; } -# if defined(GHASH_CHUNK) +#if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -1065,14 +1065,14 @@ size_t_aX *out_t = (size_t_aX *)out; const size_t_aX *in_t = (const size_t_aX *)in; - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) @@ -1084,7 +1084,7 @@ GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK); len -= GHASH_CHUNK; } -# endif +#endif if ((i = (len & (size_t)-16))) { size_t j = i; @@ -1092,14 +1092,14 @@ size_t_aX *out_t = (size_t_aX *)out; const size_t_aX *in_t = (const size_t_aX *)in; - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) @@ -1110,19 +1110,19 @@ } GHASH(ctx, out - j, j); } -# else +#else while (len >= 16) { size_t *out_t = (size_t *)out; const size_t *in_t = (const size_t *)in; - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) @@ -1132,30 +1132,30 @@ in += 16; len -= 16; } -# endif +#endif if (len) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; -# if defined(GHASH) +#if defined(GHASH) while (len--) { ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n]; ++n; } -# else +#else while (len--) { ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n]; ++n; } mres = n; -# endif +#endif } ctx->mres = mres; @@ -1165,7 +1165,7 @@ #endif for (i = 0; i < len; ++i) { if (n == 0) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 @@ -1180,7 +1180,7 @@ ctx->Xn[mres++] = out[i] = in[i] ^ ctx->EKi.c[n]; n = (n + 1) % 16; if (mres == sizeof(ctx->Xn)) { - GHASH(ctx,ctx->Xn,sizeof(ctx->Xn)); + GHASH(ctx, ctx->Xn, sizeof(ctx->Xn)); mres = 0; } #else @@ -1196,8 +1196,8 @@ } int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) + const unsigned char *in, unsigned char *out, + size_t len) { DECLARE_IS_ENDIAN; unsigned int n, ctr, mres; @@ -1206,11 +1206,12 @@ block128_f block = ctx->block; void *key = ctx->key; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif + void (*gcm_gmult_p)(u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + void (*gcm_ghash_p)(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) + = ctx->ghash; +#endif #endif mlen += len; @@ -1252,7 +1253,7 @@ if (16 % sizeof(size_t) == 0) { /* always true actually */ do { if (n) { -# if defined(GHASH) +#if defined(GHASH) while (n && len) { *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n]; --len; @@ -1265,7 +1266,7 @@ ctx->mres = mres; return 0; } -# else +#else while (n && len) { u8 c = *(in++); *(out++) = c ^ ctx->EKi.c[n]; @@ -1280,18 +1281,18 @@ ctx->mres = n; return 0; } -# endif +#endif } -# if defined(STRICT_ALIGNMENT) +#if defined(STRICT_ALIGNMENT) if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) break; -# endif -# if defined(GHASH) +#endif +#if defined(GHASH) if (len >= 16 && mres) { GHASH(ctx, ctx->Xn, mres); mres = 0; } -# if defined(GHASH_CHUNK) +#if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -1300,14 +1301,14 @@ size_t_aX *out_t = (size_t_aX *)out; const size_t_aX *in_t = (const size_t_aX *)in; - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) @@ -1318,21 +1319,21 @@ } len -= GHASH_CHUNK; } -# endif +#endif if ((i = (len & (size_t)-16))) { GHASH(ctx, in, i); while (len >= 16) { size_t_aX *out_t = (size_t_aX *)out; const size_t_aX *in_t = (const size_t_aX *)in; - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) @@ -1342,19 +1343,19 @@ len -= 16; } } -# else +#else while (len >= 16) { size_t *out_t = (size_t *)out; const size_t *in_t = (const size_t *)in; - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) { @@ -1367,24 +1368,24 @@ in += 16; len -= 16; } -# endif +#endif if (len) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; -# if defined(GHASH) +#if defined(GHASH) while (len--) { out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n]; ++n; } -# else +#else while (len--) { u8 c = in[n]; ctx->Xi.c[n] ^= c; @@ -1392,7 +1393,7 @@ ++n; } mres = n; -# endif +#endif } ctx->mres = mres; @@ -1403,7 +1404,7 @@ for (i = 0; i < len; ++i) { u8 c; if (n == 0) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); + (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) #ifdef BSWAP4 @@ -1418,7 +1419,7 @@ out[i] = (ctx->Xn[mres++] = c = in[i]) ^ ctx->EKi.c[n]; n = (n + 1) % 16; if (mres == sizeof(ctx->Xn)) { - GHASH(ctx,ctx->Xn,sizeof(ctx->Xn)); + GHASH(ctx, ctx->Xn, sizeof(ctx->Xn)); mres = 0; } #else @@ -1436,8 +1437,8 @@ } int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len, ctr128_f stream) + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream) { #if defined(OPENSSL_SMALL_FOOTPRINT) return CRYPTO_gcm128_encrypt(ctx, in, out, len); @@ -1447,13 +1448,14 @@ size_t i; u64 mlen = ctx->len.u[1]; void *key = ctx->key; -# ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif -# endif +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +#ifdef GHASH + void (*gcm_ghash_p)(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) + = ctx->ghash; +#endif +#endif mlen += len; if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) @@ -1481,17 +1483,17 @@ } if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctr = BSWAP4(ctx->Yi.d[3]); -# else +#else ctr = GETU32(ctx->Yi.c + 12); -# endif +#endif else ctr = ctx->Yi.d[3]; n = mres % 16; if (n) { -# if defined(GHASH) +#if defined(GHASH) while (n && len) { ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n]; --len; @@ -1504,7 +1506,7 @@ ctx->mres = mres; return 0; } -# else +#else while (n && len) { ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; --len; @@ -1517,23 +1519,23 @@ ctx->mres = n; return 0; } -# endif +#endif } -# if defined(GHASH) - if (len >= 16 && mres) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } -# if defined(GHASH_CHUNK) +#if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } +#if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { - (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); + (*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; GHASH(ctx, out, GHASH_CHUNK); @@ -1541,52 +1543,52 @@ in += GHASH_CHUNK; len -= GHASH_CHUNK; } -# endif -# endif +#endif +#endif if ((i = (len & (size_t)-16))) { size_t j = i / 16; - (*stream) (in, out, j, key, ctx->Yi.c); + (*stream)(in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; in += i; len -= i; -# if defined(GHASH) +#if defined(GHASH) GHASH(ctx, out, i); out += i; -# else +#else while (j--) { for (i = 0; i < 16; ++i) ctx->Xi.c[i] ^= out[i]; GCM_MUL(ctx); out += 16; } -# endif +#endif } if (len) { - (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); + (*ctx->block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; while (len--) { -# if defined(GHASH) +#if defined(GHASH) ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n]; -# else +#else ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n]; -# endif +#endif ++n; } } @@ -1597,8 +1599,8 @@ } int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len, ctr128_f stream) + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream) { #if defined(OPENSSL_SMALL_FOOTPRINT) return CRYPTO_gcm128_decrypt(ctx, in, out, len); @@ -1608,13 +1610,14 @@ size_t i; u64 mlen = ctx->len.u[1]; void *key = ctx->key; -# ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif -# endif +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +#ifdef GHASH + void (*gcm_ghash_p)(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) + = ctx->ghash; +#endif +#endif mlen += len; if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) @@ -1625,7 +1628,7 @@ if (ctx->ares) { /* First call to decrypt finalizes GHASH(AAD) */ -# if defined(GHASH) +#if defined(GHASH) if (len == 0) { GCM_MUL(ctx); ctx->ares = 0; @@ -1635,24 +1638,24 @@ ctx->Xi.u[0] = 0; ctx->Xi.u[1] = 0; mres = sizeof(ctx->Xi); -# else +#else GCM_MUL(ctx); -# endif +#endif ctx->ares = 0; } if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctr = BSWAP4(ctx->Yi.d[3]); -# else +#else ctr = GETU32(ctx->Yi.c + 12); -# endif +#endif else ctr = ctx->Yi.d[3]; n = mres % 16; if (n) { -# if defined(GHASH) +#if defined(GHASH) while (n && len) { *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n]; --len; @@ -1665,7 +1668,7 @@ ctx->mres = mres; return 0; } -# else +#else while (n && len) { u8 c = *(in++); *(out++) = c ^ ctx->EKi.c[n]; @@ -1680,38 +1683,38 @@ ctx->mres = n; return 0; } -# endif +#endif } -# if defined(GHASH) +#if defined(GHASH) if (len >= 16 && mres) { GHASH(ctx, ctx->Xn, mres); mres = 0; } -# if defined(GHASH_CHUNK) +#if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { GHASH(ctx, in, GHASH_CHUNK); - (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); + (*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; out += GHASH_CHUNK; in += GHASH_CHUNK; len -= GHASH_CHUNK; } -# endif -# endif +#endif +#endif if ((i = (len & (size_t)-16))) { size_t j = i / 16; -# if defined(GHASH) +#if defined(GHASH) GHASH(ctx, in, i); -# else +#else while (j--) { size_t k; for (k = 0; k < 16; ++k) @@ -1721,15 +1724,15 @@ } j = i / 16; in -= i; -# endif - (*stream) (in, out, j, key, ctx->Yi.c); +#endif + (*stream)(in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; out += i; @@ -1737,24 +1740,24 @@ len -= i; } if (len) { - (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); + (*ctx->block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 +#ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +#else PUTU32(ctx->Yi.c + 12, ctr); -# endif +#endif else ctx->Yi.d[3] = ctr; while (len--) { -# if defined(GHASH) +#if defined(GHASH) out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n]; -# else +#else u8 c = in[n]; ctx->Xi.c[mres++] ^= c; out[n] = c ^ ctx->EKi.c[n]; -# endif +#endif ++n; } } @@ -1765,17 +1768,18 @@ } int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, - size_t len) + size_t len) { DECLARE_IS_ENDIAN; u64 alen = ctx->len.u[0] << 3; u64 clen = ctx->len.u[1] << 3; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif + void (*gcm_gmult_p)(u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + void (*gcm_ghash_p)(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) + = ctx->ghash; +#endif #endif #if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) @@ -1839,7 +1843,7 @@ { CRYPTO_gcm128_finish(ctx, NULL, 0); memcpy(tag, ctx->Xi.c, - len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c)); + len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c)); } GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) --- crypto/openssl/crypto/modes/ocb128.c.orig +++ crypto/openssl/crypto/modes/ocb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,7 +40,7 @@ * Shift a block of 16 bytes left by shift bits */ static void ocb_block_lshift(const unsigned char *in, size_t shift, - unsigned char *out) + unsigned char *out) { int i; unsigned char carry = 0, carry_next; @@ -76,8 +76,8 @@ * Perform an xor on in1 and in2 - each of len bytes. Store result in out */ static void ocb_block_xor(const unsigned char *in1, - const unsigned char *in2, size_t len, - unsigned char *out) + const unsigned char *in2, size_t len, + unsigned char *out) { size_t i; for (i = 0; i < len; i++) { @@ -128,15 +128,15 @@ * Create a new OCB128_CONTEXT */ OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, - block128_f encrypt, block128_f decrypt, - ocb128_f stream) + block128_f encrypt, block128_f decrypt, + ocb128_f stream) { OCB128_CONTEXT *octx; int ret; if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) { ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt, - stream); + stream); if (ret) return octx; OPENSSL_free(octx); @@ -149,8 +149,8 @@ * Initialise an existing OCB128_CONTEXT */ int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, - block128_f encrypt, block128_f decrypt, - ocb128_f stream) + block128_f encrypt, block128_f decrypt, + ocb128_f stream) { memset(ctx, 0, sizeof(*ctx)); ctx->l_index = 0; @@ -181,11 +181,11 @@ ocb_double(&ctx->l_dollar, ctx->l); /* L_{i} = double(L_{i-1}) */ - ocb_double(ctx->l, ctx->l+1); - ocb_double(ctx->l+1, ctx->l+2); - ocb_double(ctx->l+2, ctx->l+3); - ocb_double(ctx->l+3, ctx->l+4); - ctx->l_index = 4; /* enough to process up to 496 bytes */ + ocb_double(ctx->l, ctx->l + 1); + ocb_double(ctx->l + 1, ctx->l + 2); + ocb_double(ctx->l + 2, ctx->l + 3); + ocb_double(ctx->l + 3, ctx->l + 4); + ctx->l_index = 4; /* enough to process up to 496 bytes */ return 1; } @@ -194,7 +194,7 @@ * Copy an OCB128_CONTEXT object */ int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, - void *keyenc, void *keydec) + void *keyenc, void *keydec) { memcpy(dest, src, sizeof(OCB128_CONTEXT)); if (keyenc) @@ -215,7 +215,7 @@ * Set the IV to be used for this operation. Must be 1 - 15 bytes. */ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, - size_t len, size_t taglen) + size_t len, size_t taglen) { unsigned char ktop[16], tmp[16], mask; unsigned char stretch[24], nonce[16]; @@ -255,8 +255,7 @@ ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c); mask = 0xff; mask <<= 8 - shift; - ctx->sess.offset.c[15] |= - (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); + ctx->sess.offset.c[15] |= (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); return 1; } @@ -266,7 +265,7 @@ * have a partial block */ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, - size_t len) + size_t len) { u64 i, all_num_blocks; size_t num_blocks, last_len; @@ -304,7 +303,7 @@ if (last_len > 0) { /* Offset_* = Offset_m xor L_* */ ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star, - &ctx->sess.offset_aad); + &ctx->sess.offset_aad); /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ memset(tmp.c, 0, 16); @@ -327,8 +326,8 @@ * the final time can have a partial block */ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) + const unsigned char *in, unsigned char *out, + size_t len) { u64 i, all_num_blocks; size_t num_blocks, last_len; @@ -354,8 +353,8 @@ return 0; ctx->stream(in, out, num_blocks, ctx->keyenc, - (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, - (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); processed_bytes = num_blocks * 16; in += processed_bytes; out += processed_bytes; @@ -406,7 +405,7 @@ ocb_block_xor(in, pad.c, last_len, out); /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - memset(pad.c, 0, 16); /* borrow pad */ + memset(pad.c, 0, 16); /* borrow pad */ memcpy(pad.c, in, last_len); pad.c[last_len] = 0x80; ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); @@ -422,8 +421,8 @@ * the final time can have a partial block */ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) + const unsigned char *in, unsigned char *out, + size_t len) { u64 i, all_num_blocks; size_t num_blocks, last_len; @@ -449,8 +448,8 @@ return 0; ctx->stream(in, out, num_blocks, ctx->keydec, - (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, - (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); processed_bytes = num_blocks * 16; in += processed_bytes; out += processed_bytes; @@ -501,7 +500,7 @@ ocb_block_xor(in, pad.c, last_len, out); /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - memset(pad.c, 0, 16); /* borrow pad */ + memset(pad.c, 0, 16); /* borrow pad */ memcpy(pad.c, out, last_len); pad.c[last_len] = 0x80; ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); @@ -513,7 +512,7 @@ } static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len, - int write) + int write) { OCB_BLOCK tmp; @@ -541,9 +540,9 @@ * Calculate the tag and verify it against the supplied tag */ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, - size_t len) + size_t len) { - return ocb_finish(ctx, (unsigned char*)tag, len, 0); + return ocb_finish(ctx, (unsigned char *)tag, len, 0); } /* @@ -565,4 +564,4 @@ } } -#endif /* OPENSSL_NO_OCB */ +#endif /* OPENSSL_NO_OCB */ --- crypto/openssl/crypto/modes/ofb128.c.orig +++ crypto/openssl/crypto/modes/ofb128.c @@ -23,8 +23,8 @@ * used is contained in *num; */ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], int *num, block128_f block) + size_t len, const void *key, + unsigned char ivec[16], int *num, block128_f block) { unsigned int n; size_t l = 0; @@ -44,16 +44,14 @@ --len; n = (n + 1) % 16; } -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != - 0) +#if defined(STRICT_ALIGNMENT) + if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) break; -# endif +#endif while (len >= 16) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) - *(size_t_aX *)(out + n) = - *(size_t_aX *)(in + n) + *(size_t_aX *)(out + n) = *(size_t_aX *)(in + n) ^ *(size_t_aX *)(ivec + n); len -= 16; out += 16; @@ -61,7 +59,7 @@ n = 0; } if (len) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); while (len--) { out[n] = in[n] ^ ivec[n]; ++n; @@ -75,7 +73,7 @@ #endif while (l < len) { if (n == 0) { - (*block) (ivec, ivec, key); + (*block)(ivec, ivec, key); } out[l] = in[l] ^ ivec[n]; ++l; --- crypto/openssl/crypto/modes/siv128.c.orig +++ crypto/openssl/crypto/modes/siv128.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,7 @@ } static ossl_inline void siv128_xorblock(SIV_BLOCK *x, - SIV_BLOCK const *y) + SIV_BLOCK const *y) { x->word[0] ^= y->word[0]; x->word[1] ^= y->word[1]; @@ -87,7 +87,7 @@ } __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *out, - unsigned char const* in, size_t len) + unsigned char const *in, size_t len) { SIV_BLOCK t; size_t out_len = sizeof(out->byte); @@ -101,7 +101,7 @@ if (len >= SIV_LEN) { if (!EVP_MAC_update(mac_ctx, in, len - SIV_LEN)) goto err; - memcpy(&t, in + (len-SIV_LEN), SIV_LEN); + memcpy(&t, in + (len - SIV_LEN), SIV_LEN); siv128_xorblock(&t, &ctx->d); if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN)) goto err; @@ -125,10 +125,9 @@ return ret; } - __owur static ossl_inline int siv128_do_encrypt(EVP_CIPHER_CTX *ctx, unsigned char *out, - unsigned char const *in, size_t len, - SIV_BLOCK *icv) + unsigned char const *in, size_t len, + SIV_BLOCK *icv) { int out_len = (int)len; @@ -141,8 +140,8 @@ * Create a new SIV128_CONTEXT */ SIV128_CONTEXT *ossl_siv128_new(const unsigned char *key, int klen, - EVP_CIPHER *cbc, EVP_CIPHER *ctr, - OSSL_LIB_CTX *libctx, const char *propq) + EVP_CIPHER *cbc, EVP_CIPHER *ctr, + OSSL_LIB_CTX *libctx, const char *propq) { SIV128_CONTEXT *ctx; int ret; @@ -161,8 +160,8 @@ * Initialise an existing SIV128_CONTEXT */ int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, - const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, - OSSL_LIB_CTX *libctx, const char *propq) + const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, + OSSL_LIB_CTX *libctx, const char *propq) { static const unsigned char zero[SIV_LEN] = { 0 }; size_t out_len = SIV_LEN; @@ -186,25 +185,27 @@ cbc_name = EVP_CIPHER_get0_name(cbc); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - (char *)cbc_name, 0); + (char *)cbc_name, 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - (void *)key, klen); + (void *)key, klen); params[2] = OSSL_PARAM_construct_end(); if ((ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL - || (ctx->mac = - EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, propq)) == NULL - || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL - || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) - || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) - || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL - || !EVP_MAC_update(mac_ctx, zero, sizeof(zero)) - || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, - sizeof(ctx->d.byte))) { + || (ctx->mac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, propq)) == NULL + || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL + || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) + || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) + || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL + || !EVP_MAC_update(mac_ctx, zero, sizeof(zero)) + || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, + sizeof(ctx->d.byte))) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); + ctx->cipher_ctx = NULL; EVP_MAC_CTX_free(ctx->mac_ctx_init); + ctx->mac_ctx_init = NULL; EVP_MAC_CTX_free(mac_ctx); EVP_MAC_free(ctx->mac); + ctx->mac = NULL; return 0; } EVP_MAC_CTX_free(mac_ctx); @@ -244,7 +245,7 @@ * is the nonce, but it's not treated special */ int ossl_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, - size_t len) + size_t len) { SIV_BLOCK mac_out; size_t out_len = SIV_LEN; @@ -255,7 +256,7 @@ if ((mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, aad, len) || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len, - sizeof(mac_out.byte)) + sizeof(mac_out.byte)) || out_len != SIV_LEN) { EVP_MAC_CTX_free(mac_ctx); return 0; @@ -271,8 +272,8 @@ * Provide any data to be encrypted. This can be called once. */ int ossl_siv128_encrypt(SIV128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) + const unsigned char *in, unsigned char *out, + size_t len) { SIV_BLOCK q; @@ -298,10 +299,10 @@ * Provide any data to be decrypted. This can be called once. */ int ossl_siv128_decrypt(SIV128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) + const unsigned char *in, unsigned char *out, + size_t len) { - unsigned char* p; + unsigned char *p; SIV_BLOCK t, q; int i; @@ -390,4 +391,4 @@ return 1; } -#endif /* OPENSSL_NO_SIV */ +#endif /* OPENSSL_NO_SIV */ --- crypto/openssl/crypto/modes/wrap128.c.orig +++ crypto/openssl/crypto/modes/wrap128.c @@ -18,7 +18,14 @@ /** RFC 3394 section 2.2.3.1 Default Initial Value */ static const unsigned char default_iv[] = { - 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, + 0xA6, + 0xA6, + 0xA6, + 0xA6, + 0xA6, + 0xA6, + 0xA6, + 0xA6, }; /** RFC 5649 section 3 Alternative Initial Value 32-bit constant */ @@ -46,9 +53,9 @@ * Output length if wrapping succeeded. */ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block) { unsigned char *A, B[16], *R; size_t i, j, t; @@ -97,9 +104,9 @@ * Output length otherwise. */ static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block) { unsigned char *A, B[16], *R; size_t i, j, t; @@ -148,8 +155,8 @@ * Output length otherwise. */ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, - unsigned char *out, const unsigned char *in, - size_t inlen, block128_f block) + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block) { size_t ret; unsigned char got_iv[8]; @@ -181,9 +188,9 @@ * Output length if wrapping succeeded. */ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block) { /* n: number of 64-bit blocks in the padded key data * @@ -206,7 +213,7 @@ if (!icv) memcpy(aiv, default_aiv, 4); else - memcpy(aiv, icv, 4); /* Standard doesn't mention this. */ + memcpy(aiv, icv, 4); /* Standard doesn't mention this. */ aiv[4] = (inlen >> 24) & 0xFF; aiv[5] = (inlen >> 16) & 0xFF; @@ -223,7 +230,7 @@ memcpy(out, aiv, 8); memset(out + 8 + inlen, 0, padding_len); block(out, out, key); - ret = 16; /* AIV + padded input */ + ret = 16; /* AIV + padded input */ } else { memmove(out, in, inlen); memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */ @@ -249,9 +256,9 @@ * Output length if unwrapping succeeded and IV matches. */ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block) { /* n: number of 64-bit blocks in the padded key data */ size_t n = inlen / 8 - 1; @@ -307,10 +314,10 @@ * LSB(32,AIV). */ - ptext_len = ((unsigned int)aiv[4] << 24) - | ((unsigned int)aiv[5] << 16) - | ((unsigned int)aiv[6] << 8) - | (unsigned int)aiv[7]; + ptext_len = ((unsigned int)aiv[4] << 24) + | ((unsigned int)aiv[5] << 16) + | ((unsigned int)aiv[6] << 8) + | (unsigned int)aiv[7]; if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) { OPENSSL_cleanse(out, inlen); return 0; --- crypto/openssl/crypto/modes/xts128.c.orig +++ crypto/openssl/crypto/modes/xts128.c @@ -13,17 +13,17 @@ #include "crypto/modes.h" #ifndef STRICT_ALIGNMENT -# ifdef __GNUC__ +#ifdef __GNUC__ typedef u64 u64_a1 __attribute((__aligned__(1))); -# else +#else typedef u64 u64_a1; -# endif +#endif #endif int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, - const unsigned char iv[16], - const unsigned char *inp, unsigned char *out, - size_t len, int enc) + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc) { DECLARE_IS_ENDIAN; union { @@ -38,7 +38,7 @@ memcpy(tweak.c, iv, 16); - (*ctx->block2) (tweak.c, tweak.c, ctx->key2); + (*ctx->block2)(tweak.c, tweak.c, ctx->key2); if (!enc && (len % 16)) len -= 16; @@ -52,7 +52,7 @@ scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0]; scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1]; #endif - (*ctx->block1) (scratch.c, scratch.c, ctx->key1); + (*ctx->block1)(scratch.c, scratch.c, ctx->key1); #if defined(STRICT_ALIGNMENT) scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; @@ -97,7 +97,7 @@ } scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; - (*ctx->block1) (scratch.c, scratch.c, ctx->key1); + (*ctx->block1)(scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; memcpy(out - 16, scratch.c, 16); @@ -135,7 +135,7 @@ scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0]; scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1]; #endif - (*ctx->block1) (scratch.c, scratch.c, ctx->key1); + (*ctx->block1)(scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; @@ -146,7 +146,7 @@ } scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; - (*ctx->block1) (scratch.c, scratch.c, ctx->key1); + (*ctx->block1)(scratch.c, scratch.c, ctx->key1); #if defined(STRICT_ALIGNMENT) scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; --- crypto/openssl/crypto/o_dir.c.orig +++ crypto/openssl/crypto/o_dir.c @@ -22,6 +22,7 @@ #include "internal/o_dir.h" +/* clang-format off */ #define LPDIR_H #if defined OPENSSL_SYS_UNIX || defined DJGPP \ || (defined __VMS_VER && __VMS_VER >= 70000000) @@ -35,3 +36,4 @@ #else # include "LPdir_nyi.c" #endif +/* clang-format on */ --- crypto/openssl/crypto/o_fopen.c.orig +++ crypto/openssl/crypto/o_fopen.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -# if defined(__linux) || defined(__sun) || defined(__hpux) +#if defined(__linux) || defined(__sun) || defined(__hpux) /* * Following definition aliases fopen to fopen64 on above mentioned * platforms. This makes it possible to open and sequentially access files @@ -20,25 +20,25 @@ * of 32-bit platforms which allow for sequential access of large files * without extra "magic" comprise *BSD, Darwin, IRIX... */ -# ifndef _FILE_OFFSET_BITS -# define _FILE_OFFSET_BITS 64 -# endif -# endif +#ifndef _FILE_OFFSET_BITS +#define _FILE_OFFSET_BITS 64 +#endif +#endif #include "e_os.h" #include "internal/cryptlib.h" #if !defined(OPENSSL_NO_STDIO) -# include -# ifdef __DJGPP__ -# include -# endif +#include +#ifdef __DJGPP__ +#include +#endif FILE *openssl_fopen(const char *filename, const char *mode) { FILE *file = NULL; -# if defined(_WIN32) && defined(CP_UTF8) +#if defined(_WIN32) && defined(CP_UTF8) int sz, len_0 = (int)strlen(filename) + 1; DWORD flags; @@ -55,21 +55,17 @@ * back to fopen... */ if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS), - filename, len_0, NULL, 0)) > 0 || - (GetLastError() == ERROR_INVALID_FLAGS && - (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), - filename, len_0, NULL, 0)) > 0) - ) { + filename, len_0, NULL, 0)) + > 0 + || (GetLastError() == ERROR_INVALID_FLAGS && (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), filename, len_0, NULL, 0)) > 0)) { WCHAR wmode[8]; WCHAR *wfilename = _alloca(sz * sizeof(WCHAR)); if (MultiByteToWideChar(CP_UTF8, flags, - filename, len_0, wfilename, sz) && - MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, - wmode, OSSL_NELEM(wmode)) && - (file = _wfopen(wfilename, wmode)) == NULL && - (errno == ENOENT || errno == EBADF) - ) { + filename, len_0, wfilename, sz) + && MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, + wmode, OSSL_NELEM(wmode)) + && (file = _wfopen(wfilename, wmode)) == NULL && (errno == ENOENT || errno == EBADF)) { /* * UTF-8 decode succeeded, but no file, filename * could still have been locale-ized... @@ -79,11 +75,11 @@ } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { file = fopen(filename, mode); } -# elif defined(__DJGPP__) +#elif defined(__DJGPP__) { char *newname = NULL; - if (pathconf(filename, _PC_NAME_MAX) <= 12) { /* 8.3 file system? */ + if (pathconf(filename, _PC_NAME_MAX) <= 12) { /* 8.3 file system? */ char *iterator; char lastchar; @@ -110,9 +106,9 @@ OPENSSL_free(newname); } -# else +#else file = fopen(filename, mode); -# endif +#endif return file; } --- crypto/openssl/crypto/o_str.c.orig +++ crypto/openssl/crypto/o_str.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ #define DEFAULT_SEPARATOR ':' #define CH_ZERO '\0' -char *CRYPTO_strdup(const char *str, const char* file, int line) +char *CRYPTO_strdup(const char *str, const char *file, int line) { char *ret; @@ -30,7 +30,7 @@ return ret; } -char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line) { size_t maxlen; char *ret; @@ -48,7 +48,7 @@ return ret; } -void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line) +void *CRYPTO_memdup(const void *data, size_t siz, const char *file, int line) { void *ret; @@ -67,7 +67,8 @@ { const char *p; - for (p = str; maxlen-- != 0 && *p != CH_ZERO; ++p) ; + for (p = str; maxlen-- != 0 && *p != CH_ZERO; ++p) + ; return p - str; } @@ -108,35 +109,41 @@ case '3': return 3; case '4': - return 4; + return 4; case '5': - return 5; + return 5; case '6': - return 6; + return 6; case '7': - return 7; + return 7; case '8': - return 8; + return 8; case '9': - return 9; - case 'a': case 'A': - return 0x0A; - case 'b': case 'B': - return 0x0B; - case 'c': case 'C': - return 0x0C; - case 'd': case 'D': - return 0x0D; - case 'e': case 'E': - return 0x0E; - case 'f': case 'F': - return 0x0F; + return 9; + case 'a': + case 'A': + return 0x0A; + case 'b': + case 'B': + return 0x0B; + case 'c': + case 'C': + return 0x0C; + case 'd': + case 'D': + return 0x0D; + case 'e': + case 'E': + return 0x0E; + case 'f': + case 'F': + return 0x0F; } return -1; } static int hexstr2buf_sep(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str, const char sep) + const char *str, const char sep) { unsigned char *q; unsigned char ch, cl; @@ -144,7 +151,7 @@ const unsigned char *p; size_t cnt; - for (p = (const unsigned char *)str, q = buf, cnt = 0; *p; ) { + for (p = (const unsigned char *)str, q = buf, cnt = 0; *p;) { ch = *p++; /* A separator of CH_ZERO means there is no separator */ if (ch == sep && sep != CH_ZERO) @@ -179,13 +186,13 @@ * Given a string of hex digits convert to a buffer */ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str, const char sep) + const char *str, const char sep) { return hexstr2buf_sep(buf, buf_n, buflen, str, sep); } unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen, - const char sep) + const char sep) { unsigned char *buf; size_t buf_n, tmp_buflen; @@ -219,8 +226,8 @@ } static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength, - const unsigned char *buf, size_t buflen, - const char sep) + const unsigned char *buf, size_t buflen, + const char sep) { static const char hexdig[] = "0123456789ABCDEF"; const unsigned char *p; @@ -229,6 +236,11 @@ int has_sep = (sep != CH_ZERO); size_t len = has_sep ? buflen * 3 : 1 + buflen * 2; + if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) { + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES); + return 0; + } + if (len == 0) ++len; if (strlength != NULL) @@ -259,8 +271,8 @@ } int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, - const unsigned char *buf, size_t buflen, - const char sep) + const unsigned char *buf, size_t buflen, + const char sep) { return buf2hexstr_sep(str, str_n, strlength, buf, buflen, sep); } @@ -270,10 +282,18 @@ char *tmp; size_t tmp_n; + if (buflen < 0) + return NULL; if (buflen == 0) return OPENSSL_zalloc(1); - tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2; + if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3) + || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) { + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES); + return NULL; + } + + tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2; if ((tmp = OPENSSL_malloc(tmp_n)) == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; @@ -285,7 +305,6 @@ return NULL; } - /* * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its * hex representation @@@ (Contents of buffer are always kept in ASCII, also @@ -298,7 +317,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) { -#if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE) +#if defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) return !strerror_s(buf, buflen, errnum); #elif defined(_GNU_SOURCE) char *err; @@ -321,8 +340,7 @@ if (err != buf) OPENSSL_strlcpy(buf, err, buflen); return 1; -#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \ - (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) +#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) /* * We can use "real" strerror_r. The OpenSSL version differs in that it * gives 1 on success and 0 on failure for consistency with other OpenSSL --- crypto/openssl/crypto/o_time.c.orig +++ crypto/openssl/crypto/o_time.c @@ -25,12 +25,12 @@ * pointers. */ #if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE -# pragma pointer_size save -# pragma pointer_size 32 +#pragma pointer_size save +#pragma pointer_size 32 #endif struct tm data, *ts2 = &data; #if defined OPENSSL_SYS_VMS && __INITIAL_POINTER_SIZE -# pragma pointer_size restore +#pragma pointer_size restore #endif if (gmtime_r(timer, ts2) == NULL) return NULL; @@ -41,7 +41,7 @@ if (gmtime_r(timer, result) == NULL) return NULL; ts = result; -#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) +#elif defined(OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) if (gmtime_s(result, timer)) return NULL; ts = result; @@ -67,7 +67,7 @@ static long date_to_julian(int y, int m, int d); static void julian_to_date(long jd, int *y, int *m, int *d); static int julian_adj(const struct tm *tm, int off_day, long offset_sec, - long *pday, int *psec); + long *pday, int *psec); int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) { @@ -96,11 +96,10 @@ tm->tm_sec = time_sec % 60; return 1; - } int OPENSSL_gmtime_diff(int *pday, int *psec, - const struct tm *from, const struct tm *to) + const struct tm *from, const struct tm *to) { int from_sec, to_sec, diff_sec; long from_jd, to_jd, diff_day; @@ -126,12 +125,11 @@ *psec = diff_sec; return 1; - } /* Convert tm structure and offset into julian day and seconds */ static int julian_adj(const struct tm *tm, int off_day, long offset_sec, - long *pday, int *psec) + long *pday, int *psec) { int offset_hms; long offset_day, time_jd; @@ -178,9 +176,7 @@ */ static long date_to_julian(int y, int m, int d) { - return (1461 * (y + 4800 + (m - 14) / 12)) / 4 + - (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 - - (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075; + return (1461 * (y + 4800 + (m - 14) / 12)) / 4 + (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 - (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075; } static void julian_to_date(long jd, int *y, int *m, int *d) --- crypto/openssl/crypto/objects/o_names.c.orig +++ crypto/openssl/crypto/objects/o_names.c @@ -30,9 +30,9 @@ static CRYPTO_RWLOCK *obj_lock = NULL; struct name_funcs_st { - unsigned long (*hash_func) (const char *name); - int (*cmp_func) (const char *a, const char *b); - void (*free_func) (const char *, int, const char *); + unsigned long (*hash_func)(const char *name); + int (*cmp_func)(const char *a, const char *b); + void (*free_func)(const char *, int, const char *); }; static STACK_OF(NAME_FUNCS) *name_funcs_stack; @@ -65,9 +65,9 @@ return RUN_ONCE(&init, o_names_init); } -int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), - int (*cmp_func) (const char *, const char *), - void (*free_func) (const char *, int, const char *)) +int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), + int (*cmp_func)(const char *, const char *), + void (*free_func)(const char *, int, const char *)) { int ret = 0, i, push; NAME_FUNCS *name_funcs; @@ -126,7 +126,8 @@ if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { ret = sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->cmp_func(a->name, b->name); + a->type) + ->cmp_func(a->name, b->name); } else ret = OPENSSL_strcasecmp(a->name, b->name); } @@ -139,9 +140,9 @@ if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { - ret = - sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->hash_func(a->name); + ret = sk_NAME_FUNCS_value(name_funcs_stack, + a->type) + ->hash_func(a->name); } else { ret = ossl_lh_strcasehash(a->name); } @@ -221,8 +222,9 @@ * get three arguments... -- Richard Levitte */ sk_NAME_FUNCS_value(name_funcs_stack, - ret->type)->free_func(ret->name, ret->type, - ret->data); + ret->type) + ->free_func(ret->name, ret->type, + ret->data); } OPENSSL_free(ret); } else { @@ -264,8 +266,9 @@ * get three arguments... -- Richard Levitte */ sk_NAME_FUNCS_value(name_funcs_stack, - ret->type)->free_func(ret->name, ret->type, - ret->data); + ret->type) + ->free_func(ret->name, ret->type, + ret->data); } OPENSSL_free(ret); ok = 1; @@ -277,7 +280,7 @@ typedef struct { int type; - void (*fn) (const OBJ_NAME *, void *arg); + void (*fn)(const OBJ_NAME *, void *arg); void *arg; } OBJ_DOALL; @@ -289,8 +292,8 @@ IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL); -void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), - void *arg) +void OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *arg), + void *arg) { OBJ_DOALL d; @@ -326,15 +329,14 @@ } void OBJ_NAME_do_all_sorted(int type, - void (*fn) (const OBJ_NAME *, void *arg), - void *arg) + void (*fn)(const OBJ_NAME *, void *arg), + void *arg) { struct doall_sorted d; int n; d.type = type; - d.names = - OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh)); + d.names = OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh)); /* Really should return an error if !d.names...but its a void function! */ if (d.names != NULL) { d.n = 0; --- crypto/openssl/crypto/objects/obj_compat.h.orig +++ crypto/openssl/crypto/objects/obj_compat.h @@ -9,46 +9,46 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 -#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm SN_magma_ctr_acpkm -#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm NID_magma_ctr_acpkm -#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_magma_ctr_acpkm +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm SN_magma_ctr_acpkm +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm NID_magma_ctr_acpkm +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_magma_ctr_acpkm -#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac SN_magma_ctr_acpkm_omac -#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac NID_magma_ctr_acpkm_omac -#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_magma_ctr_acpkm_omac +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac SN_magma_ctr_acpkm_omac +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac NID_magma_ctr_acpkm_omac +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_magma_ctr_acpkm_omac -#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm SN_kuznyechik_ctr_acpkm -#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm NID_kuznyechik_ctr_acpkm -#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_kuznyechik_ctr_acpkm +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm SN_kuznyechik_ctr_acpkm +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm NID_kuznyechik_ctr_acpkm +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_kuznyechik_ctr_acpkm -#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac SN_kuznyechik_ctr_acpkm_omac -#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac NID_kuznyechik_ctr_acpkm_omac -#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_kuznyechik_ctr_acpkm_omac +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac SN_kuznyechik_ctr_acpkm_omac +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac NID_kuznyechik_ctr_acpkm_omac +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_kuznyechik_ctr_acpkm_omac -#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 SN_magma_kexp15 -#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 NID_magma_kexp15 -#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_magma_kexp15 +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 SN_magma_kexp15 +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 NID_magma_kexp15 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_magma_kexp15 -#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 SN_kuznyechik_kexp15 -#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 NID_kuznyechik_kexp15 -#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_kuznyechik_kexp15 +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 SN_kuznyechik_kexp15 +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 NID_kuznyechik_kexp15 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_kuznyechik_kexp15 -#define SN_grasshopper_ecb SN_kuznyechik_ecb -#define NID_grasshopper_ecb NID_kuznyechik_ecb +#define SN_grasshopper_ecb SN_kuznyechik_ecb +#define NID_grasshopper_ecb NID_kuznyechik_ecb -#define SN_grasshopper_ctr SN_kuznyechik_ctr -#define NID_grasshopper_ctr NID_kuznyechik_ctr +#define SN_grasshopper_ctr SN_kuznyechik_ctr +#define NID_grasshopper_ctr NID_kuznyechik_ctr -#define SN_grasshopper_ofb SN_kuznyechik_ofb -#define NID_grasshopper_ofb NID_kuznyechik_ofb +#define SN_grasshopper_ofb SN_kuznyechik_ofb +#define NID_grasshopper_ofb NID_kuznyechik_ofb -#define SN_grasshopper_cbc SN_kuznyechik_cbc -#define NID_grasshopper_cbc NID_kuznyechik_cbc +#define SN_grasshopper_cbc SN_kuznyechik_cbc +#define NID_grasshopper_cbc NID_kuznyechik_cbc -#define SN_grasshopper_cfb SN_kuznyechik_cfb -#define NID_grasshopper_cfb NID_kuznyechik_cfb +#define SN_grasshopper_cfb SN_kuznyechik_cfb +#define NID_grasshopper_cfb NID_kuznyechik_cfb -#define SN_grasshopper_mac SN_kuznyechik_mac -#define NID_grasshopper_mac NID_kuznyechik_mac +#define SN_grasshopper_mac SN_kuznyechik_mac +#define NID_grasshopper_mac NID_kuznyechik_mac -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ --- crypto/openssl/crypto/objects/obj_dat.c.orig +++ crypto/openssl/crypto/objects/obj_dat.c @@ -25,10 +25,10 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj); -#define ADDED_DATA 0 -#define ADDED_SNAME 1 -#define ADDED_LNAME 2 -#define ADDED_NID 3 +#define ADDED_DATA 0 +#define ADDED_SNAME 1 +#define ADDED_LNAME 2 +#define ADDED_NID 3 struct added_obj_st { int type; @@ -134,8 +134,7 @@ static void cleanup1_doall(ADDED_OBJ *a) { a->obj->nid = 0; - a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC | - ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA; + a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA; } static void cleanup2_doall(ADDED_OBJ *a) @@ -203,14 +202,12 @@ OPENSSL_free(aop); } } - o->flags &= - ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | - ASN1_OBJECT_FLAG_DYNAMIC_DATA); + o->flags &= ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA); return o->nid; - err2: +err2: ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE); - err: +err: for (i = ADDED_DATA; i <= ADDED_NID; i++) OPENSSL_free(ao[i]); ASN1_OBJECT_free(o); @@ -369,8 +366,7 @@ int i, j; if (!no_name) { - if (((nid = OBJ_sn2nid(s)) != NID_undef) || - ((nid = OBJ_ln2nid(s)) != NID_undef)) + if (((nid = OBJ_sn2nid(s)) != NID_undef) || ((nid = OBJ_ln2nid(s)) != NID_undef)) return OBJ_nid2obj(nid); if (!ossl_isdigit(*s)) { ERR_raise(ERR_LIB_OBJ, OBJ_R_UNKNOWN_OBJECT_NAME); @@ -557,7 +553,7 @@ BN_free(bl); return n; - err: +err: BN_free(bl); return -1; } @@ -621,15 +617,15 @@ } const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, - int (*cmp) (const void *, const void *)) + int (*cmp)(const void *, const void *)) { return OBJ_bsearch_ex_(key, base, num, size, cmp, 0); } const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, - int size, - int (*cmp) (const void *, const void *), - int flags) + int size, + int (*cmp)(const void *, const void *), + int flags) { const char *p = ossl_bsearch(key, base, num, size, cmp, flags); @@ -646,7 +642,7 @@ for (i = 0; i < num; ++i) { p1 = &(base_[i * size]); - c = (*cmp) (key, p1); + c = (*cmp)(key, p1); if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))) return p1; @@ -716,7 +712,7 @@ /* Check to see if short or long name already present */ if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef) - || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) { + || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) { ERR_raise(ERR_LIB_OBJ, OBJ_R_OID_EXISTS); return 0; } @@ -744,7 +740,7 @@ tmpoid->sn = NULL; tmpoid->ln = NULL; - err: +err: ASN1_OBJECT_free(tmpoid); return ok; } --- crypto/openssl/crypto/objects/obj_dat.h.orig +++ crypto/openssl/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at --- crypto/openssl/crypto/objects/obj_err.c.orig +++ crypto/openssl/crypto/objects/obj_err.c @@ -15,11 +15,11 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA OBJ_str_reasons[] = { - {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists"}, - {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid"}, - {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_OBJECT_NAME), - "unknown object name"}, - {0, NULL} + { ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists" }, + { ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid" }, + { ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_OBJECT_NAME), + "unknown object name" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/objects/obj_lib.c.orig +++ crypto/openssl/crypto/objects/obj_lib.c @@ -31,9 +31,7 @@ /* Set dynamic flags so everything gets freed up on error */ - r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | - ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | - ASN1_OBJECT_FLAG_DYNAMIC_DATA); + r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA); if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL) goto err; @@ -48,7 +46,7 @@ goto err; return r; - err: +err: ASN1_OBJECT_free(r); ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE); return NULL; --- crypto/openssl/crypto/ocsp/ocsp_asn.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_asn.c @@ -13,41 +13,41 @@ #include "ocsp_local.h" ASN1_SEQUENCE(OCSP_SIGNATURE) = { - ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) + ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) } ASN1_SEQUENCE_END(OCSP_SIGNATURE) IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) ASN1_SEQUENCE(OCSP_CERTID) = { - ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR), - ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), - ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), - ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER) + ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR), + ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), + ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), + ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER) } ASN1_SEQUENCE_END(OCSP_CERTID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) ASN1_SEQUENCE(OCSP_ONEREQ) = { - ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0) + ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0) } ASN1_SEQUENCE_END(OCSP_ONEREQ) IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ) ASN1_SEQUENCE(OCSP_REQINFO) = { - ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0), - ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1), - ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2) + ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0), + ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1), + ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2) } ASN1_SEQUENCE_END(OCSP_REQINFO) IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO) ASN1_SEQUENCE(OCSP_REQUEST) = { - ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), - ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) + ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), + ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) } ASN1_SEQUENCE_END(OCSP_REQUEST) IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) @@ -55,81 +55,81 @@ /* OCSP_RESPONSE templates */ ASN1_SEQUENCE(OCSP_RESPBYTES) = { - ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), - ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) + ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), + ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(OCSP_RESPBYTES) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) ASN1_SEQUENCE(OCSP_RESPONSE) = { - ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED), - ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0) + ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED), + ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0) } ASN1_SEQUENCE_END(OCSP_RESPONSE) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) ASN1_CHOICE(OCSP_RESPID) = { - ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), - ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) + ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), + ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) } ASN1_CHOICE_END(OCSP_RESPID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { - ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) + ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), + ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) ASN1_CHOICE(OCSP_CERTSTATUS) = { - ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0), - ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1), - ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2) + ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0), + ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1), + ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2) } ASN1_CHOICE_END(OCSP_CERTSTATUS) IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) ASN1_SEQUENCE(OCSP_SINGLERESP) = { - ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), - ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), - ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) + ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), + ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), + ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), + ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) } ASN1_SEQUENCE_END(OCSP_SINGLERESP) IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) ASN1_SEQUENCE(OCSP_RESPDATA) = { - ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), - ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID), - ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), - ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) + ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), + ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID), + ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), + ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) } ASN1_SEQUENCE_END(OCSP_RESPDATA) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) ASN1_SEQUENCE(OCSP_BASICRESP) = { - ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), - ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) + ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), + ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) } ASN1_SEQUENCE_END(OCSP_BASICRESP) IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) ASN1_SEQUENCE(OCSP_CRLID) = { - ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), - ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), - ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) + ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), + ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), + ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) } ASN1_SEQUENCE_END(OCSP_CRLID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) ASN1_SEQUENCE(OCSP_SERVICELOC) = { - ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME), - ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION) + ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME), + ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION) } ASN1_SEQUENCE_END(OCSP_SERVICELOC) IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC) --- crypto/openssl/crypto/ocsp/ocsp_cl.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_cl.c @@ -64,12 +64,12 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) { if (req->optionalSignature == NULL - && (req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) + && (req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) return 0; if (cert == NULL) return 1; return ossl_x509_add_cert_new(&req->optionalSignature->certs, cert, - X509_ADD_FLAG_UP_REF); + X509_ADD_FLAG_UP_REF); } /* @@ -78,10 +78,10 @@ * in the request. Behaves like PKCS7_sign(). */ int OCSP_request_sign(OCSP_REQUEST *req, - X509 *signer, - EVP_PKEY *key, - const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags) + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags) { if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) goto err; @@ -91,7 +91,7 @@ if (key != NULL) { if (!X509_check_private_key(signer, key)) { ERR_raise(ERR_LIB_OCSP, - OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; } if (!OCSP_REQUEST_sign(req, key, dgst, signer->libctx, signer->propq)) @@ -101,12 +101,12 @@ if ((flags & OCSP_NOCERTS) == 0) { if (!OCSP_request_add1_cert(req, signer) || !X509_add_certs(req->optionalSignature->certs, certs, - X509_ADD_FLAG_UP_REF)) + X509_ADD_FLAG_UP_REF)) goto err; } return 1; - err: +err: OCSP_SIGNATURE_free(req->optionalSignature); req->optionalSignature = NULL; return 0; @@ -181,8 +181,8 @@ } int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, - const ASN1_OCTET_STRING **pid, - const X509_NAME **pname) + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname) { const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; @@ -199,8 +199,8 @@ } int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, - ASN1_OCTET_STRING **pid, - X509_NAME **pname) + ASN1_OCTET_STRING **pid, + X509_NAME **pname) { const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; @@ -246,9 +246,9 @@ * revoked. Returns numerical value of status. */ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd) + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd) { int ret; OCSP_CERTSTATUS *cst; @@ -281,10 +281,10 @@ * found extract status information. Return 0 is successful. */ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, - int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd) + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd) { int i = OCSP_resp_find(bs, id, -1); OCSP_SINGLERESP *single; @@ -308,7 +308,7 @@ * parameter specifies the maximum age the thisUpdate field can be. */ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, - ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) + ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) { int ret = 1; time_t t_now, t_tmp; --- crypto/openssl/crypto/ocsp/ocsp_err.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_err.c @@ -14,60 +14,60 @@ #ifndef OPENSSL_NO_OCSP -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA OCSP_str_reasons[] = { - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_ERR), "digest err"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_NAME_ERR), "digest name err"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_SIZE_ERR), "digest size err"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), - "error in nextupdate field"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_THISUPDATE_FIELD), - "error in thisupdate field"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_MISSING_OCSPSIGNING_USAGE), - "missing ocspsigning usage"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), - "nextupdate before thisupdate"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NOT_BASIC_RESPONSE), - "not basic response"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_CERTIFICATES_IN_CHAIN), - "no certificates in chain"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_RESPONSE_DATA), "no response data"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_REVOKED_TIME), "no revoked time"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_SIGNER_KEY), "no signer key"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_REQUEST_NOT_SIGNED), - "request not signed"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), - "response contains no revocation data"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ROOT_CA_NOT_TRUSTED), - "root ca not trusted"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNATURE_FAILURE), "signature failure"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_EXPIRED), "status expired"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_NOT_YET_VALID), - "status not yet valid"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_TOO_OLD), "status too old"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_MESSAGE_DIGEST), - "unknown message digest"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_NID), "unknown nid"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), - "unsupported requestorname type"}, - {0, NULL} + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_ERR), "digest err" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_NAME_ERR), "digest name err" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_SIZE_ERR), "digest size err" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), + "error in nextupdate field" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_THISUPDATE_FIELD), + "error in thisupdate field" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_MISSING_OCSPSIGNING_USAGE), + "missing ocspsigning usage" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), + "nextupdate before thisupdate" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NOT_BASIC_RESPONSE), + "not basic response" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_CERTIFICATES_IN_CHAIN), + "no certificates in chain" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_RESPONSE_DATA), "no response data" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_REVOKED_TIME), "no revoked time" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_SIGNER_KEY), "no signer key" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_REQUEST_NOT_SIGNED), + "request not signed" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), + "response contains no revocation data" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ROOT_CA_NOT_TRUSTED), + "root ca not trusted" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNATURE_FAILURE), "signature failure" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_EXPIRED), "status expired" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_NOT_YET_VALID), + "status not yet valid" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_TOO_OLD), "status too old" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_MESSAGE_DIGEST), + "unknown message digest" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_NID), "unknown nid" }, + { ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), + "unsupported requestorname type" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_OCSP_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(OCSP_str_reasons[0].error) == NULL) ERR_load_strings_const(OCSP_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/ocsp/ocsp_ext.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_ext.c @@ -27,21 +27,18 @@ int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) { - return (X509v3_get_ext_by_NID - (x->tbsRequest.requestExtensions, nid, lastpos)); + return (X509v3_get_ext_by_NID(x->tbsRequest.requestExtensions, nid, lastpos)); } int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { - return (X509v3_get_ext_by_OBJ - (x->tbsRequest.requestExtensions, obj, lastpos)); + return (X509v3_get_ext_by_OBJ(x->tbsRequest.requestExtensions, obj, lastpos)); } int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) { - return (X509v3_get_ext_by_critical - (x->tbsRequest.requestExtensions, crit, lastpos)); + return (X509v3_get_ext_by_critical(x->tbsRequest.requestExtensions, crit, lastpos)); } X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) @@ -60,16 +57,15 @@ } int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, - unsigned long flags) + unsigned long flags) { return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value, - crit, flags); + crit, flags); } int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) { - return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) != - NULL); + return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) != NULL); } /* Single extensions */ @@ -85,15 +81,14 @@ } int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos); } int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) { - return (X509v3_get_ext_by_critical - (x->singleRequestExtensions, crit, lastpos)); + return (X509v3_get_ext_by_critical(x->singleRequestExtensions, crit, lastpos)); } X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) @@ -112,10 +107,10 @@ } int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, - unsigned long flags) + unsigned long flags) { return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, - flags); + flags); } int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) @@ -132,22 +127,19 @@ int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) { - return (X509v3_get_ext_by_NID - (x->tbsResponseData.responseExtensions, nid, lastpos)); + return (X509v3_get_ext_by_NID(x->tbsResponseData.responseExtensions, nid, lastpos)); } int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { - return (X509v3_get_ext_by_OBJ - (x->tbsResponseData.responseExtensions, obj, lastpos)); + return (X509v3_get_ext_by_OBJ(x->tbsResponseData.responseExtensions, obj, lastpos)); } int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, - int lastpos) + int lastpos) { - return (X509v3_get_ext_by_critical - (x->tbsResponseData.responseExtensions, crit, lastpos)); + return (X509v3_get_ext_by_critical(x->tbsResponseData.responseExtensions, crit, lastpos)); } X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) @@ -161,23 +153,23 @@ } void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, - int *idx) + int *idx) { return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit, - idx); + idx); } int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, - int crit, unsigned long flags) + int crit, unsigned long flags) { return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid, - value, crit, flags); + value, crit, flags); } int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) { return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc) - != NULL); + != NULL); } /* OCSP single response extensions */ @@ -193,13 +185,13 @@ } int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos); } int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, - int lastpos) + int lastpos) { return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos); } @@ -215,13 +207,13 @@ } void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, - int *idx) + int *idx) { return X509V3_get_d2i(x->singleExtensions, nid, crit, idx); } int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, - int crit, unsigned long flags) + int crit, unsigned long flags) { return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); } @@ -242,7 +234,7 @@ */ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, - unsigned char *val, int len) + unsigned char *val, int len) { unsigned char *tmpval; ASN1_OCTET_STRING os; @@ -269,10 +261,11 @@ else if (RAND_bytes(tmpval, len) <= 0) goto err; if (X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, - &os, 0, X509V3_ADD_REPLACE) <= 0) + &os, 0, X509V3_ADD_REPLACE) + <= 0) goto err; ret = 1; - err: +err: OPENSSL_free(os.data); return ret; } @@ -289,7 +282,7 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) { return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val, - len); + len); } /*- @@ -335,7 +328,7 @@ req_ext = OCSP_REQUEST_get_ext(req, req_idx); resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext), - X509_EXTENSION_get_data(resp_ext))) + X509_EXTENSION_get_data(resp_ext))) return 0; return 1; } @@ -383,7 +376,7 @@ goto err; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); - err: +err: OCSP_CRLID_free(cid); return x; } @@ -404,7 +397,7 @@ oids++; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); - err: +err: sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); return x; } @@ -420,7 +413,7 @@ if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); - err: +err: ASN1_GENERALIZEDTIME_free(gt); return x; } @@ -464,7 +457,7 @@ urls++; } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); - err: +err: ASN1_IA5STRING_free(ia5); ACCESS_DESCRIPTION_free(ad); OCSP_SERVICELOC_free(sloc); --- crypto/openssl/crypto/ocsp/ocsp_http.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_http.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_OCSP OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, - const OCSP_REQUEST *req, int buf_size) + const OCSP_REQUEST *req, int buf_size) { OSSL_HTTP_REQ_CTX *rctx = OSSL_HTTP_REQ_CTX_new(io, io, buf_size); @@ -29,21 +29,21 @@ * max_resp_len = 100 KiB */ if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, 1 /* POST */, - NULL, NULL, path)) + NULL, NULL, path)) goto err; /* by default, no extra headers */ if (!OSSL_HTTP_REQ_CTX_set_expected(rctx, - NULL /* content_type */, 1 /* asn1 */, - 0 /* timeout */, 0 /* keep_alive */)) + NULL /* content_type */, 1 /* asn1 */, + 0 /* timeout */, 0 /* keep_alive */)) goto err; if (req != NULL && !OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request", - ASN1_ITEM_rptr(OCSP_REQUEST), - (const ASN1_VALUE *)req)) + ASN1_ITEM_rptr(OCSP_REQUEST), + (const ASN1_VALUE *)req)) goto err; return rctx; - err: +err: OSSL_HTTP_REQ_CTX_free(rctx); return NULL; } @@ -60,7 +60,7 @@ mem = OSSL_HTTP_REQ_CTX_exchange(ctx); /* ASN1_item_d2i_bio handles NULL bio gracefully */ resp = (OCSP_RESPONSE *)ASN1_item_d2i_bio(ASN1_ITEM_rptr(OCSP_RESPONSE), - mem, NULL); + mem, NULL); OSSL_HTTP_REQ_CTX_free(ctx); return resp; --- crypto/openssl/crypto/ocsp/ocsp_lib.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_lib.c @@ -20,7 +20,7 @@ /* Convert a certificate and its issuer to an OCSP_CERTID */ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, - const X509 *issuer) + const X509 *issuer) { const X509_NAME *iname; const ASN1_INTEGER *serial; @@ -40,9 +40,9 @@ } OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, - const X509_NAME *issuerName, - const ASN1_BIT_STRING *issuerKey, - const ASN1_INTEGER *serialNumber) + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber) { int nid; unsigned int i; @@ -82,9 +82,9 @@ goto err; } return cid; - digerr: +digerr: ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR); - err: +err: OCSP_CERTID_free(cid); return NULL; } --- crypto/openssl/crypto/ocsp/ocsp_local.h.orig +++ crypto/openssl/crypto/ocsp/ocsp_local.h @@ -168,26 +168,26 @@ * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */ - /* - * Note 1: The value for "signature" is specified in the OCSP rfc2560 as - * follows: "The value for the signature SHALL be computed on the hash of - * the DER encoding ResponseData." This means that you must hash the - * DER-encoded tbsResponseData, and then run it through a crypto-signing - * function, which will (at least w/RSA) do a hash-'n'-private-encrypt - * operation. This seems a bit odd, but that's the spec. Also note that - * the data structures do not leave anywhere to independently specify the - * algorithm used for the initial hash. So, we look at the - * signature-specification algorithm, and try to do something intelligent. - * -- Kathy Weinhold, CertCo - */ - /* - * Note 2: It seems that the mentioned passage from RFC 2560 (section - * 4.2.1) is open for interpretation. I've done tests against another - * responder, and found that it doesn't do the double hashing that the RFC - * seems to say one should. Therefore, all relevant functions take a flag - * saying which variant should be used. -- Richard Levitte, OpenSSL team - * and CeloCom - */ +/* + * Note 1: The value for "signature" is specified in the OCSP rfc2560 as + * follows: "The value for the signature SHALL be computed on the hash of + * the DER encoding ResponseData." This means that you must hash the + * DER-encoded tbsResponseData, and then run it through a crypto-signing + * function, which will (at least w/RSA) do a hash-'n'-private-encrypt + * operation. This seems a bit odd, but that's the spec. Also note that + * the data structures do not leave anywhere to independently specify the + * algorithm used for the initial hash. So, we look at the + * signature-specification algorithm, and try to do something intelligent. + * -- Kathy Weinhold, CertCo + */ +/* + * Note 2: It seems that the mentioned passage from RFC 2560 (section + * 4.2.1) is open for interpretation. I've done tests against another + * responder, and found that it doesn't do the double hashing that the RFC + * seems to say one should. Therefore, all relevant functions take a flag + * saying which variant should be used. -- Richard Levitte, OpenSSL team + * and CeloCom + */ struct ocsp_basic_response_st { OCSP_RESPDATA tbsResponseData; X509_ALGOR signatureAlgorithm; @@ -217,30 +217,30 @@ STACK_OF(ACCESS_DESCRIPTION) *locator; }; -# define OCSP_REQUEST_sign(o, pkey, md, libctx, propq)\ - ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &(o)->optionalSignature->signatureAlgorithm, NULL,\ - (o)->optionalSignature->signature, &(o)->tbsRequest,\ - NULL, pkey, md, libctx, propq) - -# define OCSP_BASICRESP_sign(o, pkey, md, d, libctx, propq)\ - ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &(o)->signatureAlgorithm, NULL,\ - (o)->signature, &(o)->tbsResponseData,\ - NULL, pkey, md, libctx, propq) - -# define OCSP_BASICRESP_sign_ctx(o, ctx, d)\ - ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &(o)->signatureAlgorithm, NULL,\ - (o)->signature, &(o)->tbsResponseData, ctx) - -# define OCSP_REQUEST_verify(a, r, libctx, propq)\ - ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &(a)->optionalSignature->signatureAlgorithm,\ - (a)->optionalSignature->signature, &(a)->tbsRequest,\ - NULL, r, libctx, propq) - -# define OCSP_BASICRESP_verify(a, r, libctx, propq)\ - ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &(a)->signatureAlgorithm, (a)->signature,\ - &(a)->tbsResponseData, NULL, r, libctx, propq) +#define OCSP_REQUEST_sign(o, pkey, md, libctx, propq) \ + ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_REQINFO), \ + &(o)->optionalSignature->signatureAlgorithm, NULL, \ + (o)->optionalSignature->signature, &(o)->tbsRequest, \ + NULL, pkey, md, libctx, propq) + +#define OCSP_BASICRESP_sign(o, pkey, md, d, libctx, propq) \ + ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_RESPDATA), \ + &(o)->signatureAlgorithm, NULL, \ + (o)->signature, &(o)->tbsResponseData, \ + NULL, pkey, md, libctx, propq) + +#define OCSP_BASICRESP_sign_ctx(o, ctx, d) \ + ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA), \ + &(o)->signatureAlgorithm, NULL, \ + (o)->signature, &(o)->tbsResponseData, ctx) + +#define OCSP_REQUEST_verify(a, r, libctx, propq) \ + ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_REQINFO), \ + &(a)->optionalSignature->signatureAlgorithm, \ + (a)->optionalSignature->signature, &(a)->tbsRequest, \ + NULL, r, libctx, propq) + +#define OCSP_BASICRESP_verify(a, r, libctx, propq) \ + ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_RESPDATA), \ + &(a)->signatureAlgorithm, (a)->signature, \ + &(a)->tbsResponseData, NULL, r, libctx, propq) --- crypto/openssl/crypto/ocsp/ocsp_prn.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_prn.c @@ -49,12 +49,12 @@ const char *OCSP_response_status_str(long s) { static const OCSP_TBLSTR rstat_tbl[] = { - {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"}, - {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"}, - {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"}, - {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"}, - {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"}, - {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"} + { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, + { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, + { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, + { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, + { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, + { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }; return table2string(s, rstat_tbl); } @@ -62,9 +62,9 @@ const char *OCSP_cert_status_str(long s) { static const OCSP_TBLSTR cstat_tbl[] = { - {V_OCSP_CERTSTATUS_GOOD, "good"}, - {V_OCSP_CERTSTATUS_REVOKED, "revoked"}, - {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"} + { V_OCSP_CERTSTATUS_GOOD, "good" }, + { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, + { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; return table2string(s, cstat_tbl); } @@ -72,14 +72,14 @@ const char *OCSP_crl_reason_str(long s) { static const OCSP_TBLSTR reason_tbl[] = { - {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"}, - {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"}, - {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"}, - {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"}, - {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"}, - {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"}, - {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"}, - {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"} + { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, + { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, + { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, + { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, + { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, + { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, + { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, + { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }; return table2string(s, reason_tbl); } @@ -110,12 +110,12 @@ cid = one->reqCert; ocsp_certid_print(bp, cid, 8); if (!X509V3_extensions_print(bp, - "Request Single Extensions", - one->singleRequestExtensions, flags, 8)) + "Request Single Extensions", + one->singleRequestExtensions, flags, 8)) goto err; } if (!X509V3_extensions_print(bp, "Request Extensions", - inf->requestExtensions, flags, 4)) + inf->requestExtensions, flags, 4)) goto err; if (sig) { X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature); @@ -125,7 +125,7 @@ } } return 1; - err: +err: return 0; } @@ -146,7 +146,8 @@ goto err; l = ASN1_ENUMERATED_get(o->responseStatus); if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", - OCSP_response_status_str(l), l) <= 0) + OCSP_response_status_str(l), l) + <= 0) goto err; if (rb == NULL) return 1; @@ -193,7 +194,8 @@ goto err; cst = single->certStatus; if (BIO_printf(bp, " Cert Status: %s", - OCSP_cert_status_str(cst->type)) <= 0) + OCSP_cert_status_str(cst->type)) + <= 0) goto err; if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { rev = cst->value.revoked; @@ -204,8 +206,9 @@ if (rev->revocationReason) { l = ASN1_ENUMERATED_get(rev->revocationReason); if (BIO_printf(bp, - "\n Revocation Reason: %s (0x%lx)", - OCSP_crl_reason_str(l), l) <= 0) + "\n Revocation Reason: %s (0x%lx)", + OCSP_crl_reason_str(l), l) + <= 0) goto err; } } @@ -222,14 +225,14 @@ if (BIO_write(bp, "\n", 1) <= 0) goto err; if (!X509V3_extensions_print(bp, - "Response Single Extensions", - single->singleExtensions, flags, 8)) + "Response Single Extensions", + single->singleExtensions, flags, 8)) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (!X509V3_extensions_print(bp, "Response Extensions", - rd->responseExtensions, flags, 4)) + rd->responseExtensions, flags, 4)) goto err; if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0) goto err; @@ -240,7 +243,7 @@ } ret = 1; - err: +err: OCSP_BASICRESP_free(br); return ret; } --- crypto/openssl/crypto/ocsp/ocsp_srv.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_srv.c @@ -36,8 +36,8 @@ } int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, - ASN1_OCTET_STRING **pikeyHash, - ASN1_INTEGER **pserial, OCSP_CERTID *cid) + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid) { if (!cid) return 0; @@ -73,21 +73,20 @@ if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL) goto err; rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); - if (!ASN1_item_pack - (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response)) - goto err; + if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response)) + goto err; return rsp; - err: +err: OCSP_RESPONSE_free(rsp); return NULL; } OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - OCSP_CERTID *cid, - int status, int reason, - ASN1_TIME *revtime, - ASN1_TIME *thisupd, - ASN1_TIME *nextupd) + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd) { OCSP_SINGLERESP *single = NULL; OCSP_CERTSTATUS *cs; @@ -95,7 +94,8 @@ if (rsp->tbsResponseData.responses == NULL && (rsp->tbsResponseData.responses - = sk_OCSP_SINGLERESP_new_null()) == NULL) + = sk_OCSP_SINGLERESP_new_null()) + == NULL) goto err; if ((single = OCSP_SINGLERESP_new()) == NULL) @@ -103,8 +103,7 @@ if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) goto err; - if (nextupd && - !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) + if (nextupd && !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) goto err; OCSP_CERTID_free(single->certId); @@ -143,12 +142,11 @@ default: goto err; - } if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single))) goto err; return single; - err: +err: OCSP_SINGLERESP_free(single); return NULL; } @@ -165,8 +163,8 @@ * include one or more optional certificates in the response. */ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, - X509 *signer, EVP_MD_CTX *ctx, - STACK_OF(X509) *certs, unsigned long flags) + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags) { OCSP_RESPID *rid; EVP_PKEY *pkey; @@ -196,8 +194,7 @@ goto err; } - if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0)) + if (!(flags & OCSP_NOTIME) && !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0)) goto err; /* @@ -208,13 +205,13 @@ goto err; return 1; - err: +err: return 0; } int OCSP_basic_sign(OCSP_BASICRESP *brsp, - X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags) + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags) { EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_PKEY_CTX *pkctx = NULL; @@ -224,7 +221,7 @@ return 0; if (!EVP_DigestSignInit_ex(ctx, &pkctx, EVP_MD_get0_name(dgst), - signer->libctx, signer->propq, key, NULL)) { + signer->libctx, signer->propq, key, NULL)) { EVP_MD_CTX_free(ctx); return 0; } @@ -244,7 +241,7 @@ } int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { ASN1_OCTET_STRING *byKey = NULL; unsigned char md[SHA_DIGEST_LENGTH]; @@ -271,7 +268,7 @@ respid->value.byKey = byKey; ret = 1; - err: +err: EVP_MD_free(sha1); return ret; } @@ -284,7 +281,7 @@ } int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { EVP_MD *sha1 = NULL; int ret = 0; @@ -304,17 +301,19 @@ goto err; ret = (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH) - && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, - SHA_DIGEST_LENGTH) == 0); + && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, + SHA_DIGEST_LENGTH) + == 0); } else if (respid->type == V_OCSP_RESPID_NAME) { if (respid->value.byName == NULL) return 0; return X509_NAME_cmp(respid->value.byName, - X509_get_subject_name(cert)) == 0; + X509_get_subject_name(cert)) + == 0; } - err: +err: EVP_MD_free(sha1); return ret; } --- crypto/openssl/crypto/ocsp/ocsp_vfy.c.orig +++ crypto/openssl/crypto/ocsp/ocsp_vfy.c @@ -14,22 +14,22 @@ #include "ocsp_local.h" static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, - STACK_OF(X509) *certs, unsigned long flags); + STACK_OF(X509) *certs, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain); static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, - OCSP_CERTID **ret); + OCSP_CERTID **ret); static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp); + STACK_OF(OCSP_SINGLERESP) *sresp); static int ocsp_check_delegated(X509 *x); static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - const X509_NAME *nm, STACK_OF(X509) *certs, - unsigned long flags); + const X509_NAME *nm, STACK_OF(X509) *certs, + unsigned long flags); /* Returns 1 on success, 0 on failure, or -1 on fatal error */ static int ocsp_verify_signer(X509 *signer, int response, - X509_STORE *st, unsigned long flags, - STACK_OF(X509) *untrusted, STACK_OF(X509) **chain) + X509_STORE *st, unsigned long flags, + STACK_OF(X509) *untrusted, STACK_OF(X509) **chain) { X509_STORE_CTX *ctx = X509_STORE_CTX_new(); X509_VERIFY_PARAM *vp; @@ -48,7 +48,7 @@ if ((flags & OCSP_PARTIAL_CHAIN) != 0) X509_VERIFY_PARAM_set_flags(vp, X509_V_FLAG_PARTIAL_CHAIN); if (response - && X509_get_ext_by_NID(signer, NID_id_pkix_OCSP_noCheck, -1) >= 0) + && X509_get_ext_by_NID(signer, NID_id_pkix_OCSP_noCheck, -1) >= 0) /* * Locally disable revocation status checking for OCSP responder cert. * Done here for CRLs; should be done also for OCSP-based checks. @@ -62,19 +62,19 @@ int err = X509_STORE_CTX_get_error(ctx); ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR, - "Verify error: %s", X509_verify_cert_error_string(err)); + "Verify error: %s", X509_verify_cert_error_string(err)); goto end; } if (chain != NULL) *chain = X509_STORE_CTX_get1_chain(ctx); - end: +end: X509_STORE_CTX_free(ctx); return ret; } static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs, - X509 *signer, unsigned long flags) + X509 *signer, unsigned long flags) { EVP_PKEY *skey; int ret = 1; @@ -96,7 +96,7 @@ /* Verify a basic response message */ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) + X509_STORE *st, unsigned long flags) { X509 *signer, *x; STACK_OF(X509) *chain = NULL; @@ -153,20 +153,20 @@ ret = 1; } - end: +end: sk_X509_pop_free(chain, X509_free); sk_X509_free(untrusted); return ret; } int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, - STACK_OF(X509) *extra_certs) + STACK_OF(X509) *extra_certs) { return ocsp_find_signer(signer, bs, extra_certs, 0) > 0; } static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, - STACK_OF(X509) *certs, unsigned long flags) + STACK_OF(X509) *certs, unsigned long flags) { X509 *signer; OCSP_RESPID *rid = &bs->tbsResponseData.responderId; @@ -175,8 +175,7 @@ *psigner = signer; return 2; } - if ((flags & OCSP_NOINTERN) == 0 && - (signer = ocsp_find_signer_sk(bs->certs, rid))) { + if ((flags & OCSP_NOINTERN) == 0 && (signer = ocsp_find_signer_sk(bs->certs, rid))) { *psigner = signer; return 1; } @@ -284,7 +283,7 @@ if (OCSP_id_issuer_cmp(cid, tmpid)) { /* If algorithm mismatch let caller deal with it */ if (OBJ_cmp(tmpid->hashAlgorithm.algorithm, - cid->hashAlgorithm.algorithm)) + cid->hashAlgorithm.algorithm)) return 2; /* Else mismatch */ return 0; @@ -301,7 +300,7 @@ * Returns -1 on fatal error, 0 if there is no match and 1 if there is a match. */ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp) + STACK_OF(OCSP_SINGLERESP) *sresp) { int ret = -1; EVP_MD *dgst = NULL; @@ -332,8 +331,7 @@ ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR); goto end; } - if (cid->issuerNameHash.length != mdlen || - cid->issuerKeyHash.length != mdlen) { + if (cid->issuerNameHash.length != mdlen || cid->issuerKeyHash.length != mdlen) { ret = 0; goto end; } @@ -383,7 +381,7 @@ * Returns 1 on success, 0 on failure and on fatal error. */ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, - X509_STORE *store, unsigned long flags) + X509_STORE *store, unsigned long flags) { X509 *signer; const X509_NAME *nm; @@ -413,14 +411,14 @@ if ((flags & OCSP_NOVERIFY) != 0) return 1; return ocsp_verify_signer(signer, 0, store, flags, - (flags & OCSP_NOCHAIN) != 0 ? - NULL : req->optionalSignature->certs, NULL) > 0; + (flags & OCSP_NOCHAIN) != 0 ? NULL : req->optionalSignature->certs, NULL) + > 0; /* using '> 0' here to avoid breaking backward compatibility returning -1 */ } static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - const X509_NAME *nm, STACK_OF(X509) *certs, - unsigned long flags) + const X509_NAME *nm, STACK_OF(X509) *certs, + unsigned long flags) { X509 *signer; --- crypto/openssl/crypto/ocsp/v3_ocsp.c.orig +++ crypto/openssl/crypto/ocsp/v3_ocsp.c @@ -21,25 +21,23 @@ */ static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); + BIO *out, int indent); static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); -static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, - int indent); + BIO *out, int indent); static void *ocsp_nonce_new(void); static int i2d_ocsp_nonce(const void *a, unsigned char **pp); static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); static void ocsp_nonce_free(void *a); static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); + BIO *out, int indent); static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, - void *nocheck, BIO *out, int indent); + void *nocheck, BIO *out, int indent); static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); + X509V3_CTX *ctx, const char *str); static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind); + BIO *bp, int ind); const X509V3_EXT_METHOD ossl_v3_ocsp_crlid = { NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), @@ -59,24 +57,6 @@ NULL }; -const X509V3_EXT_METHOD ossl_v3_crl_invdate = { - NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_acutoff, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_crl_hold = { - NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_object, 0, - NULL -}; - const X509V3_EXT_METHOD ossl_v3_ocsp_nonce = { NID_id_pkix_OCSP_Nonce, 0, NULL, ocsp_nonce_new, @@ -108,7 +88,7 @@ }; static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, - int ind) + int ind) { OCSP_CRLID *a = in; if (a->crlUrl) { @@ -136,12 +116,12 @@ goto err; } return 1; - err: +err: return 0; } static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, - BIO *bp, int ind) + BIO *bp, int ind) { if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; @@ -150,16 +130,6 @@ return 1; } -static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, - int ind) -{ - if (BIO_printf(bp, "%*s", ind, "") <= 0) - return 0; - if (i2a_ASN1_OBJECT(bp, oid) <= 0) - return 0; - return 1; -} - /* * OCSP nonce. This is needs special treatment because it doesn't have an * ASN1 encoding at all: it just contains arbitrary data. @@ -200,7 +170,7 @@ *pos = os; return os; - err: +err: if ((pos == NULL) || (*pos != os)) ASN1_OCTET_STRING_free(os); ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE); @@ -213,7 +183,7 @@ } static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent) + BIO *out, int indent) { if (BIO_printf(out, "%*s", indent, "") <= 0) return 0; @@ -225,19 +195,19 @@ /* Nocheck is just a single NULL. Don't print anything and always set it */ static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, - BIO *out, int indent) + BIO *out, int indent) { return 1; } static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) + X509V3_CTX *ctx, const char *str) { return ASN1_NULL_new(); } static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind) + BIO *bp, int ind) { int i; OCSP_SERVICELOC *a = in; @@ -259,6 +229,6 @@ goto err; } return 1; - err: +err: return 0; } --- crypto/openssl/crypto/packet.c.orig +++ crypto/openssl/crypto/packet.c @@ -11,7 +11,7 @@ #include "internal/packet.h" #include -#define DEFAULT_BUF_SIZE 256 +#define DEFAULT_BUF_SIZE 256 int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes) { @@ -24,21 +24,21 @@ } int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, - unsigned char **allocbytes, size_t lenbytes) + unsigned char **allocbytes, size_t lenbytes) { if (!WPACKET_start_sub_packet_len__(pkt, lenbytes) - || !WPACKET_allocate_bytes(pkt, len, allocbytes) - || !WPACKET_close(pkt)) + || !WPACKET_allocate_bytes(pkt, len, allocbytes) + || !WPACKET_close(pkt)) return 0; return 1; } -#define GETBUF(p) (((p)->staticbuf != NULL) \ - ? (p)->staticbuf \ - : ((p)->buf != NULL \ - ? (unsigned char *)(p)->buf->data \ - : NULL)) +#define GETBUF(p) (((p)->staticbuf != NULL) \ + ? (p)->staticbuf \ + : ((p)->buf != NULL \ + ? (unsigned char *)(p)->buf->data \ + : NULL)) int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes) { @@ -75,7 +75,7 @@ } int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, - unsigned char **allocbytes, size_t lenbytes) + unsigned char **allocbytes, size_t lenbytes) { if (pkt->endfirst && lenbytes > 0) return 0; @@ -126,7 +126,7 @@ } int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len, - size_t lenbytes) + size_t lenbytes) { size_t max = maxmaxsize(lenbytes); @@ -225,7 +225,6 @@ return 1; } - /* * Internal helper function used by WPACKET_close(), WPACKET_finish() and * WPACKET_fill_lengths() to close a sub-packet and write out its length if @@ -237,11 +236,11 @@ size_t packlen = pkt->written - sub->pwritten; if (packlen == 0 - && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0) + && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0) return 0; if (packlen == 0 - && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) { + && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) { /* We can't handle this case. Return an error */ if (!doclose) return 0; @@ -262,13 +261,14 @@ unsigned char *buf = GETBUF(pkt); if (buf != NULL - && !put_value(&buf[sub->packet_len], packlen, - sub->lenbytes)) + && !put_value(&buf[sub->packet_len], packlen, + sub->lenbytes)) return 0; } else if (pkt->endfirst && sub->parent != NULL - && (packlen != 0 - || (sub->flags - & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) == 0)) { + && (packlen != 0 + || (sub->flags + & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) + == 0)) { size_t tmplen = packlen; size_t numlenbytes = 1; @@ -385,8 +385,8 @@ /* Internal API, so should not fail */ if (!ossl_assert(size <= sizeof(uint64_t)) - || !WPACKET_allocate_bytes(pkt, size, &data) - || !put_value(data, val, size)) + || !WPACKET_allocate_bytes(pkt, size, &data) + || !put_value(data, val, size)) return 0; return 1; @@ -450,11 +450,11 @@ } int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len, - size_t lenbytes) + size_t lenbytes) { if (!WPACKET_start_sub_packet_len__(pkt, lenbytes) - || !WPACKET_memcpy(pkt, src, len) - || !WPACKET_close(pkt)) + || !WPACKET_memcpy(pkt, src, len) + || !WPACKET_close(pkt)) return 0; return 1; --- crypto/openssl/crypto/param_build.c.orig +++ crypto/openssl/crypto/param_build.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -32,7 +32,7 @@ union { /* * These fields are never directly addressed, but their sizes are - * imporant so that all native types can be copied here without overrun. + * important so that all native types can be copied here without overrun. */ ossl_intmax_t i; ossl_uintmax_t u; @@ -49,8 +49,8 @@ }; static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key, - int size, size_t alloc, int type, - int secure) + int size, size_t alloc, int type, + int secure) { OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd)); @@ -74,7 +74,7 @@ } static int param_push_num(OSSL_PARAM_BLD *bld, const char *key, - void *num, size_t size, int type) + void *num, size_t size, int type) { OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0); @@ -121,92 +121,152 @@ int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, - unsigned int num) + unsigned int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); + OSSL_PARAM_UNSIGNED_INTEGER); } int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key, - long int num) + long int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, - unsigned long int num) + unsigned long int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); + OSSL_PARAM_UNSIGNED_INTEGER); } int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key, - int32_t num) + int32_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, - uint32_t num) + uint32_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); + OSSL_PARAM_UNSIGNED_INTEGER); } int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key, - int64_t num) + int64_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, - uint64_t num) + uint64_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); + OSSL_PARAM_UNSIGNED_INTEGER); } int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, - size_t num) + size_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); + OSSL_PARAM_UNSIGNED_INTEGER); } int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key, - time_t num) + time_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_INTEGER); + OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key, - double num) + double num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL); } int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, - const BIGNUM *bn) + const BIGNUM *bn) { return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn, - bn == NULL ? 0 : BN_num_bytes(bn)); + bn == NULL ? 0 : BN_num_bytes(bn)); } int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, - const BIGNUM *bn, size_t sz) + const BIGNUM *bn, size_t sz) { int n, secure = 0; OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bn != NULL) { if (BN_is_negative(bn)) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED, - "Negative big numbers are unsupported for OSSL_PARAM"); + "Negative big numbers are unsupported for OSSL_PARAM"); return 0; } @@ -234,11 +294,16 @@ } int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, - const char *buf, size_t bsize) + const char *buf, size_t bsize) { OSSL_PARAM_BLD_DEF *pd; int secure; + if (bld == NULL || key == NULL || buf == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bsize == 0) bsize = strlen(buf); if (bsize > INT_MAX) { @@ -254,10 +319,15 @@ } int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, - char *buf, size_t bsize) + char *buf, size_t bsize) { OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bsize == 0) bsize = strlen(buf); if (bsize > INT_MAX) { @@ -272,11 +342,16 @@ } int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, - const void *buf, size_t bsize) + const void *buf, size_t bsize) { OSSL_PARAM_BLD_DEF *pd; int secure; + if (bld == NULL || key == NULL || buf == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bsize > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; @@ -290,10 +365,15 @@ } int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, - void *buf, size_t bsize) + void *buf, size_t bsize) { OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bsize > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; @@ -306,8 +386,8 @@ } static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param, - OSSL_PARAM_ALIGNED_BLOCK *blk, - OSSL_PARAM_ALIGNED_BLOCK *secure) + OSSL_PARAM_ALIGNED_BLOCK *blk, + OSSL_PARAM_ALIGNED_BLOCK *secure) { int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); OSSL_PARAM_BLD_DEF *pd; @@ -332,11 +412,11 @@ /* BIGNUM */ BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size); } else if (pd->type == OSSL_PARAM_OCTET_PTR - || pd->type == OSSL_PARAM_UTF8_PTR) { + || pd->type == OSSL_PARAM_UTF8_PTR) { /* PTR */ *(const void **)p = pd->string; } else if (pd->type == OSSL_PARAM_OCTET_STRING - || pd->type == OSSL_PARAM_UTF8_STRING) { + || pd->type == OSSL_PARAM_UTF8_STRING) { if (pd->string != NULL) memcpy(p, pd->string, pd->size); else @@ -359,10 +439,18 @@ { OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL; OSSL_PARAM *params, *last; - const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); - const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params)); - const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks); - const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks; + int num; + size_t p_blks, total, ss; + + if (bld == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); + p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params)); + total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks); + ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks; if (ss > 0) { s = OPENSSL_secure_malloc(ss); --- crypto/openssl/crypto/param_build_set.c.orig +++ crypto/openssl/crypto/param_build_set.c @@ -20,7 +20,7 @@ DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) int ossl_param_build_set_int(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, int num) + const char *key, int num) { if (bld != NULL) return OSSL_PARAM_BLD_push_int(bld, key, num); @@ -31,7 +31,7 @@ } int ossl_param_build_set_long(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, long num) + const char *key, long num) { if (bld != NULL) return OSSL_PARAM_BLD_push_long(bld, key, num); @@ -42,7 +42,7 @@ } int ossl_param_build_set_utf8_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const char *buf) + const char *key, const char *buf) { if (bld != NULL) return OSSL_PARAM_BLD_push_utf8_string(bld, key, buf, 0); @@ -53,9 +53,9 @@ } int ossl_param_build_set_octet_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, - const unsigned char *data, - size_t data_len) + const char *key, + const unsigned char *data, + size_t data_len) { if (bld != NULL) return OSSL_PARAM_BLD_push_octet_string(bld, key, data, data_len); @@ -67,7 +67,7 @@ } int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const BIGNUM *bn, size_t sz) + const char *key, const BIGNUM *bn, size_t sz) { if (bld != NULL) return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn, sz); @@ -82,7 +82,7 @@ } int ossl_param_build_set_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const BIGNUM *bn) + const char *key, const BIGNUM *bn) { if (bld != NULL) return OSSL_PARAM_BLD_push_BN(bld, key, bn); @@ -94,8 +94,8 @@ } int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, - const char *names[], - STACK_OF(BIGNUM_const) *stk) + const char *names[], + STACK_OF(BIGNUM_const) *stk) { int i, sz = sk_BIGNUM_const_num(stk); OSSL_PARAM *p; --- crypto/openssl/crypto/params.c.orig +++ crypto/openssl/crypto/params.c @@ -41,7 +41,7 @@ } static OSSL_PARAM ossl_param_construct(const char *key, unsigned int data_type, - void *data, size_t data_size) + void *data, size_t data_size) { OSSL_PARAM res; @@ -91,8 +91,8 @@ * Both integers are in native byte ordering. */ static int copy_integer(unsigned char *dest, size_t dest_len, - const unsigned char *src, size_t src_len, - unsigned char pad, int signed_int) + const unsigned char *src, size_t src_len, + unsigned char pad, int signed_int) { size_t n; DECLARE_IS_ENDIAN; @@ -105,11 +105,11 @@ } else { n = src_len - dest_len; if (!check_sign_bytes(src, n, pad) - /* - * Shortening a signed value must retain the correct sign. - * Avoiding this kind of thing: -253 = 0xff03 -> 0x03 = 3 - */ - || (signed_int && ((pad ^ src[n]) & 0x80) != 0)) + /* + * Shortening a signed value must retain the correct sign. + * Avoiding this kind of thing: -253 = 0xff03 -> 0x03 = 3 + */ + || (signed_int && ((pad ^ src[n]) & 0x80) != 0)) return 0; memcpy(dest, src + n, dest_len); } @@ -121,11 +121,11 @@ } else { n = src_len - dest_len; if (!check_sign_bytes(src + dest_len, n, pad) - /* - * Shortening a signed value must retain the correct sign. - * Avoiding this kind of thing: 130 = 0x0082 -> 0x82 = -126 - */ - || (signed_int && ((pad ^ src[dest_len - 1]) & 0x80) != 0)) + /* + * Shortening a signed value must retain the correct sign. + * Avoiding this kind of thing: 130 = 0x0082 -> 0x82 = -126 + */ + || (signed_int && ((pad ^ src[dest_len - 1]) & 0x80) != 0)) return 0; memcpy(dest, src, dest_len); } @@ -135,22 +135,22 @@ /* Copy a signed number to a signed number of possibly different length */ static int signed_from_signed(void *dest, size_t dest_len, - const void *src, size_t src_len) + const void *src, size_t src_len) { return copy_integer(dest, dest_len, src, src_len, - is_negative(src, src_len) ? 0xff : 0, 1); + is_negative(src, src_len) ? 0xff : 0, 1); } /* Copy an unsigned number to a signed number of possibly different length */ static int signed_from_unsigned(void *dest, size_t dest_len, - const void *src, size_t src_len) + const void *src, size_t src_len) { return copy_integer(dest, dest_len, src, src_len, 0, 1); } /* Copy a signed number to an unsigned number of possibly different length */ static int unsigned_from_signed(void *dest, size_t dest_len, - const void *src, size_t src_len) + const void *src, size_t src_len) { if (is_negative(src, src_len)) return 0; @@ -159,7 +159,7 @@ /* Copy an unsigned number to an unsigned number of possibly different length */ static int unsigned_from_unsigned(void *dest, size_t dest_len, - const void *src, size_t src_len) + const void *src, size_t src_len) { return copy_integer(dest, dest_len, src, src_len, 0, 0); } @@ -276,7 +276,7 @@ OSSL_PARAM OSSL_PARAM_construct_uint(const char *key, unsigned int *buf) { return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(unsigned int)); + sizeof(unsigned int)); } int OSSL_PARAM_get_long(const OSSL_PARAM *p, long int *val) @@ -339,12 +339,12 @@ OSSL_PARAM OSSL_PARAM_construct_ulong(const char *key, unsigned long int *buf) { return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(unsigned long int)); + sizeof(unsigned long int)); } int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val) { - if (val == NULL || p == NULL ) + if (val == NULL || p == NULL) return 0; if (p->data_type == OSSL_PARAM_INTEGER) { @@ -463,7 +463,7 @@ OSSL_PARAM OSSL_PARAM_construct_int32(const char *key, int32_t *buf) { return ossl_param_construct(key, OSSL_PARAM_INTEGER, buf, - sizeof(int32_t)); + sizeof(int32_t)); } int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val) @@ -589,12 +589,12 @@ OSSL_PARAM OSSL_PARAM_construct_uint32(const char *key, uint32_t *buf) { return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(uint32_t)); + sizeof(uint32_t)); } int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val) { - if (val == NULL || p == NULL ) + if (val == NULL || p == NULL) return 0; if (p->data_type == OSSL_PARAM_INTEGER) { @@ -635,13 +635,13 @@ case sizeof(double): d = *(const double *)p->data; if (d >= INT64_MIN - /* - * By subtracting 65535 (2^16-1) we cancel the low order - * 15 bits of INT64_MAX to avoid using imprecise floating - * point values. - */ - && d < (double)(INT64_MAX - 65535) + 65536.0 - && d == (int64_t)d) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order + * 15 bits of INT64_MAX to avoid using imprecise floating + * point values. + */ + && d < (double)(INT64_MAX - 65535) + 65536.0 + && d == (int64_t)d) { *val = (int64_t)d; return 1; } @@ -769,13 +769,13 @@ case sizeof(double): d = *(const double *)p->data; if (d >= 0 - /* - * By subtracting 65535 (2^16-1) we cancel the low order - * 15 bits of UINT64_MAX to avoid using imprecise floating - * point values. - */ - && d < (double)(UINT64_MAX - 65535) + 65536.0 - && d == (uint64_t)d) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order + * 15 bits of UINT64_MAX to avoid using imprecise floating + * point values. + */ + && d < (double)(UINT64_MAX - 65535) + 65536.0 + && d == (uint64_t)d) { *val = (uint64_t)d; return 1; } @@ -852,7 +852,7 @@ OSSL_PARAM OSSL_PARAM_construct_uint64(const char *key, uint64_t *buf) { return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(uint64_t)); + sizeof(uint64_t)); } int OSSL_PARAM_get_size_t(const OSSL_PARAM *p, size_t *val) @@ -884,7 +884,7 @@ OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf) { return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(size_t)); + sizeof(size_t)); } int OSSL_PARAM_get_time_t(const OSSL_PARAM *p, time_t *val) @@ -965,10 +965,10 @@ } OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, - size_t bsize) + size_t bsize) { return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, - buf, bsize); + buf, bsize); } #ifndef OPENSSL_SYS_UEFI @@ -1033,7 +1033,7 @@ return 1; } } else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER - && val == (uint64_t)val) { + && val == (uint64_t)val) { p->return_size = sizeof(double); if (p->data == NULL) return 1; @@ -1047,17 +1047,18 @@ break; case sizeof(uint64_t): if (val >= 0 - /* - * By subtracting 65535 (2^16-1) we cancel the low order - * 15 bits of UINT64_MAX to avoid using imprecise floating - * point values. - */ - && val < (double)(UINT64_MAX - 65535) + 65536.0) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order + * 15 bits of UINT64_MAX to avoid using imprecise floating + * point values. + */ + && val < (double)(UINT64_MAX - 65535) + 65536.0) { p->return_size = sizeof(uint64_t); *(uint64_t *)p->data = (uint64_t)val; return 1; } - break; } + break; + } } else if (p->data_type == OSSL_PARAM_INTEGER && val == (int64_t)val) { p->return_size = sizeof(double); if (p->data == NULL) @@ -1072,12 +1073,12 @@ break; case sizeof(int64_t): if (val >= INT64_MIN - /* - * By subtracting 65535 (2^16-1) we cancel the low order - * 15 bits of INT64_MAX to avoid using imprecise floating - * point values. - */ - && val < (double)(INT64_MAX - 65535) + 65536.0) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order + * 15 bits of INT64_MAX to avoid using imprecise floating + * point values. + */ + && val < (double)(INT64_MAX - 65535) + 65536.0) { p->return_size = sizeof(int64_t); *(int64_t *)p->data = (int64_t)val; return 1; @@ -1095,8 +1096,8 @@ #endif static int get_string_internal(const OSSL_PARAM *p, void **val, - size_t *max_len, size_t *used_len, - unsigned int type) + size_t *max_len, size_t *used_len, + unsigned int type) { size_t sz, alloc_sz; @@ -1137,7 +1138,7 @@ int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, size_t max_len) { int ret = get_string_internal(p, (void **)val, &max_len, NULL, - OSSL_PARAM_UTF8_STRING); + OSSL_PARAM_UTF8_STRING); /* * We try to ensure that the copied string is terminated with a @@ -1157,21 +1158,21 @@ if (data_length >= max_len) data_length = OPENSSL_strnlen(p->data, data_length); if (data_length >= max_len) - return 0; /* No space for a terminating NUL byte */ + return 0; /* No space for a terminating NUL byte */ (*val)[data_length] = '\0'; return ret; } int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, size_t max_len, - size_t *used_len) + size_t *used_len) { return get_string_internal(p, val, &max_len, used_len, - OSSL_PARAM_OCTET_STRING); + OSSL_PARAM_OCTET_STRING); } static int set_string_internal(OSSL_PARAM *p, const void *val, size_t len, - unsigned int type) + unsigned int type) { p->return_size = len; if (p->data == NULL) @@ -1198,7 +1199,7 @@ } int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, - size_t len) + size_t len) { if (p == NULL) return 0; @@ -1210,7 +1211,7 @@ } OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, - size_t bsize) + size_t bsize) { if (buf != NULL && bsize == 0) bsize = strlen(buf); @@ -1218,13 +1219,13 @@ } OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, - size_t bsize) + size_t bsize) { return ossl_param_construct(key, OSSL_PARAM_OCTET_STRING, buf, bsize); } static int get_ptr_internal(const OSSL_PARAM *p, const void **val, - size_t *used_len, unsigned int type) + size_t *used_len, unsigned int type) { if (val == NULL || p == NULL || p->data_type != type) return 0; @@ -1240,13 +1241,13 @@ } int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, - size_t *used_len) + size_t *used_len) { return get_ptr_internal(p, val, used_len, OSSL_PARAM_OCTET_PTR); } static int set_ptr_internal(OSSL_PARAM *p, const void *val, - unsigned int type, size_t len) + unsigned int type, size_t len) { p->return_size = len; if (p->data_type != type) @@ -1262,11 +1263,11 @@ return 0; p->return_size = 0; return set_ptr_internal(p, val, OSSL_PARAM_UTF8_PTR, - val == NULL ? 0 : strlen(val)); + val == NULL ? 0 : strlen(val)); } int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, - size_t used_len) + size_t used_len) { if (p == NULL) return 0; @@ -1275,13 +1276,13 @@ } OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, - size_t bsize) + size_t bsize) { return ossl_param_construct(key, OSSL_PARAM_UTF8_PTR, buf, bsize); } OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, - size_t bsize) + size_t bsize) { return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, bsize); } @@ -1294,7 +1295,7 @@ } static int get_string_ptr_internal(const OSSL_PARAM *p, const void **val, - size_t *used_len, unsigned int type) + size_t *used_len, unsigned int type) { if (val == NULL || p == NULL || p->data_type != type) return 0; @@ -1308,11 +1309,11 @@ { return OSSL_PARAM_get_utf8_ptr(p, val) || get_string_ptr_internal(p, (const void **)val, NULL, - OSSL_PARAM_UTF8_STRING); + OSSL_PARAM_UTF8_STRING); } int OSSL_PARAM_get_octet_string_ptr(const OSSL_PARAM *p, const void **val, - size_t *used_len) + size_t *used_len) { return OSSL_PARAM_get_octet_ptr(p, val, used_len) || get_string_ptr_internal(p, val, used_len, OSSL_PARAM_OCTET_STRING); --- crypto/openssl/crypto/params_dup.c.orig +++ crypto/openssl/crypto/params_dup.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,18 +12,18 @@ #include #include "internal/param_build_set.h" -#define OSSL_PARAM_ALLOCATED_END 127 -#define OSSL_PARAM_MERGE_LIST_MAX 128 +#define OSSL_PARAM_ALLOCATED_END 127 +#define OSSL_PARAM_MERGE_LIST_MAX 128 #define OSSL_PARAM_BUF_PUBLIC 0 #define OSSL_PARAM_BUF_SECURE 1 -#define OSSL_PARAM_BUF_MAX (OSSL_PARAM_BUF_SECURE + 1) +#define OSSL_PARAM_BUF_MAX (OSSL_PARAM_BUF_SECURE + 1) typedef struct { OSSL_PARAM_ALIGNED_BLOCK *alloc; /* The allocated buffer */ - OSSL_PARAM_ALIGNED_BLOCK *cur; /* Current position in the allocated buf */ - size_t blocks; /* Number of aligned blocks */ - size_t alloc_sz; /* The size of the allocated buffer (in bytes) */ + OSSL_PARAM_ALIGNED_BLOCK *cur; /* Current position in the allocated buf */ + size_t blocks; /* Number of aligned blocks */ + size_t alloc_sz; /* The size of the allocated buffer (in bytes) */ } OSSL_PARAM_BUF; size_t ossl_param_bytes_to_blocks(size_t bytes) @@ -32,14 +32,13 @@ } static int ossl_param_buf_alloc(OSSL_PARAM_BUF *out, size_t extra_blocks, - int is_secure) + int is_secure) { size_t sz = OSSL_PARAM_ALIGN_SIZE * (extra_blocks + out->blocks); out->alloc = is_secure ? OPENSSL_secure_zalloc(sz) : OPENSSL_zalloc(sz); if (out->alloc == NULL) { - ERR_raise(ERR_LIB_CRYPTO, is_secure ? CRYPTO_R_SECURE_MALLOC_FAILURE - : ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_CRYPTO, is_secure ? CRYPTO_R_SECURE_MALLOC_FAILURE : ERR_R_MALLOC_FAILURE); return 0; } out->alloc_sz = sz; @@ -48,7 +47,7 @@ } void ossl_param_set_secure_block(OSSL_PARAM *last, void *secure_buffer, - size_t secure_buffer_sz) + size_t secure_buffer_sz) { last->key = NULL; last->data_size = secure_buffer_sz; @@ -57,8 +56,8 @@ } static OSSL_PARAM *ossl_param_dup(const OSSL_PARAM *src, OSSL_PARAM *dst, - OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX], - int *param_count) + OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX], + int *param_count) { const OSSL_PARAM *in; int has_dst = (dst != NULL); @@ -132,7 +131,7 @@ last = ossl_param_dup(src, dst, buf, NULL); /* Store the allocated secure memory buffer in the last param block */ ossl_param_set_secure_block(last, buf[OSSL_PARAM_BUF_SECURE].alloc, - buf[OSSL_PARAM_BUF_SECURE].alloc_sz); + buf[OSSL_PARAM_BUF_SECURE].alloc_sz); return dst; } @@ -151,7 +150,7 @@ const OSSL_PARAM *p = NULL; const OSSL_PARAM **p1cur, **p2cur; OSSL_PARAM *params, *dst; - size_t list1_sz = 0, list2_sz = 0; + size_t list1_sz = 0, list2_sz = 0; int diff; if (p1 == NULL && p2 == NULL) @@ -177,7 +176,7 @@ qsort(list1, list1_sz, sizeof(OSSL_PARAM *), compare_params); qsort(list2, list2_sz, sizeof(OSSL_PARAM *), compare_params); - /* Allocate enough space to store the merged parameters */ + /* Allocate enough space to store the merged parameters */ params = OPENSSL_zalloc((list1_sz + list2_sz + 1) * sizeof(*p1)); if (params == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); @@ -189,18 +188,18 @@ while (1) { /* If list1 is finished just tack list2 onto the end */ if (*p1cur == NULL) { - do { + while (*p2cur != NULL) { *dst++ = **p2cur; p2cur++; - } while (*p2cur != NULL); + } break; } /* If list2 is finished just tack list1 onto the end */ if (*p2cur == NULL) { - do { + while (*p1cur != NULL) { *dst++ = **p1cur; p1cur++; - } while (*p1cur != NULL); + } break; } /* consume the list element with the smaller key */ --- crypto/openssl/crypto/params_from_text.c.orig +++ crypto/openssl/crypto/params_from_text.c @@ -22,10 +22,10 @@ */ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key, - const char *value, size_t value_n, - /* Output parameters */ - const OSSL_PARAM **paramdef, int *ishex, - size_t *buf_n, BIGNUM **tmpbn, int *found) + const char *value, size_t value_n, + /* Output parameters */ + const OSSL_PARAM **paramdef, int *ishex, + size_t *buf_n, BIGNUM **tmpbn, int *found) { const OSSL_PARAM *p; size_t buf_bits; @@ -135,8 +135,8 @@ } static int construct_from_text(OSSL_PARAM *to, const OSSL_PARAM *paramdef, - const char *value, size_t value_n, int ishex, - void *buf, size_t buf_n, BIGNUM *tmpbn) + const char *value, size_t value_n, int ishex, + void *buf, size_t buf_n, BIGNUM *tmpbn) { if (buf == NULL) return 0; @@ -201,9 +201,9 @@ } int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, - const OSSL_PARAM *paramdefs, - const char *key, const char *value, - size_t value_n, int *found) + const OSSL_PARAM *paramdefs, + const char *key, const char *value, + size_t value_n, int *found) { const OSSL_PARAM *paramdef = NULL; int ishex = 0; @@ -216,7 +216,7 @@ return 0; if (!prepare_from_text(paramdefs, key, value, value_n, - ¶mdef, &ishex, &buf_n, &tmpbn, found)) + ¶mdef, &ishex, &buf_n, &tmpbn, found)) goto err; if ((buf = OPENSSL_zalloc(buf_n > 0 ? buf_n : 1)) == NULL) { @@ -225,12 +225,12 @@ } ok = construct_from_text(to, paramdef, value, value_n, ishex, - buf, buf_n, tmpbn); + buf, buf_n, tmpbn); BN_free(tmpbn); if (!ok) OPENSSL_free(buf); return ok; - err: +err: BN_free(tmpbn); return 0; } --- crypto/openssl/crypto/passphrase.c.orig +++ crypto/openssl/crypto/passphrase.c @@ -18,7 +18,7 @@ if (data != NULL) { if (data->type == is_expl_passphrase) OPENSSL_clear_free(data->_.expl_passphrase.passphrase_copy, - data->_.expl_passphrase.passphrase_len); + data->_.expl_passphrase.passphrase_len); ossl_pw_clear_passphrase_cache(data); memset(data, 0, sizeof(*data)); } @@ -31,8 +31,8 @@ } int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, - const unsigned char *passphrase, - size_t passphrase_len) + const unsigned char *passphrase, + size_t passphrase_len) { if (!ossl_assert(data != NULL && passphrase != NULL)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); @@ -40,9 +40,8 @@ } ossl_pw_clear_passphrase_data(data); data->type = is_expl_passphrase; - data->_.expl_passphrase.passphrase_copy = - passphrase_len != 0 ? OPENSSL_memdup(passphrase, passphrase_len) - : OPENSSL_malloc(1); + data->_.expl_passphrase.passphrase_copy = passphrase_len != 0 ? OPENSSL_memdup(passphrase, passphrase_len) + : OPENSSL_malloc(1); if (data->_.expl_passphrase.passphrase_copy == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; @@ -52,7 +51,7 @@ } int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data, - pem_password_cb *cb, void *cbarg) + pem_password_cb *cb, void *cbarg) { if (!ossl_assert(data != NULL && cb != NULL)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); @@ -66,7 +65,7 @@ } int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { if (!ossl_assert(data != NULL && cb != NULL)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); @@ -80,7 +79,7 @@ } int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data, - const UI_METHOD *ui_method, void *ui_data) + const UI_METHOD *ui_method, void *ui_data) { if (!ossl_assert(data != NULL && ui_method != NULL)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); @@ -105,7 +104,6 @@ return 1; } - /*- * UI_METHOD processor. It differs from UI_UTIL_read_pw() like this: * @@ -116,8 +114,8 @@ * 4. It reports back the length of the prompted pass phrase. */ static int do_ui_passphrase(char *pass, size_t pass_size, size_t *pass_len, - const char *prompt_info, int verify, - const UI_METHOD *ui_method, void *ui_data) + const char *prompt_info, int verify, + const UI_METHOD *ui_method, void *ui_data) { char *prompt = NULL, *ipass = NULL, *vpass = NULL; int prompt_idx = -1, verify_idx = -1, res; @@ -155,8 +153,9 @@ } prompt_idx = UI_add_input_string(ui, prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - ipass, 0, pass_size) - 1; + UI_INPUT_FLAG_DEFAULT_PWD, + ipass, 0, pass_size) + - 1; if (prompt_idx < 0) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); goto end; @@ -170,9 +169,10 @@ goto end; } verify_idx = UI_add_verify_string(ui, prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - vpass, 0, pass_size, - ipass) - 1; + UI_INPUT_FLAG_DEFAULT_PWD, + vpass, 0, pass_size, + ipass) + - 1; if (verify_idx < 0) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); goto end; @@ -198,7 +198,7 @@ break; } - end: +end: OPENSSL_clear_free(vpass, pass_size + 1); OPENSSL_clear_free(ipass, pass_size + 1); OPENSSL_free(prompt); @@ -208,8 +208,8 @@ /* Central pw prompting dispatcher */ int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len, - const OSSL_PARAM params[], int verify, - struct ossl_passphrase_data_st *data) + const OSSL_PARAM params[], int verify, + struct ossl_passphrase_data_st *data) { const char *source = NULL; size_t source_len = 0; @@ -251,10 +251,11 @@ /* Handle the is_pem_password and is_ui_method cases */ if ((p = OSSL_PARAM_locate_const(params, - OSSL_PASSPHRASE_PARAM_INFO)) != NULL) { + OSSL_PASSPHRASE_PARAM_INFO)) + != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT, - "Prompt info data type incorrect"); + "Prompt info data type incorrect"); return 0; } prompt_info = p->data; @@ -264,8 +265,7 @@ /* We use a UI wrapper for PEM */ pem_password_cb *cb = data->_.pem_password.password_cb; - ui_method = allocated_ui_method = - UI_UTIL_wrap_read_pem_callback(cb, verify); + ui_method = allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, verify); ui_data = data->_.pem_password.password_cbarg; if (ui_method == NULL) { @@ -279,23 +279,22 @@ if (ui_method == NULL) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT, - "No password method specified"); + "No password method specified"); return 0; } ret = do_ui_passphrase(pass, pass_size, pass_len, prompt_info, verify, - ui_method, ui_data); + ui_method, ui_data); UI_destroy_method(allocated_ui_method); - do_cache: +do_cache: if (ret && data->flag_cache_passphrase) { if (data->cached_passphrase == NULL || *pass_len > data->cached_passphrase_len) { - void *new_cache = - OPENSSL_clear_realloc(data->cached_passphrase, - data->cached_passphrase_len, - *pass_len + 1); + void *new_cache = OPENSSL_clear_realloc(data->cached_passphrase, + data->cached_passphrase_len, + *pass_len + 1); if (new_cache == NULL) { OPENSSL_cleanse(pass, *pass_len); @@ -313,7 +312,7 @@ } static int ossl_pw_get_password(char *buf, int size, int rwflag, - void *userdata, const char *info) + void *userdata, const char *info) { size_t password_len = 0; OSSL_PARAM params[] = { @@ -323,7 +322,7 @@ params[0].data = (void *)info; if (ossl_pw_get_passphrase(buf, (size_t)size, &password_len, params, - rwflag, userdata)) + rwflag, userdata)) return (int)password_len; return -1; } @@ -339,15 +338,15 @@ } int ossl_pw_passphrase_callback_enc(char *pass, size_t pass_size, - size_t *pass_len, - const OSSL_PARAM params[], void *arg) + size_t *pass_len, + const OSSL_PARAM params[], void *arg) { return ossl_pw_get_passphrase(pass, pass_size, pass_len, params, 1, arg); } int ossl_pw_passphrase_callback_dec(char *pass, size_t pass_size, - size_t *pass_len, - const OSSL_PARAM params[], void *arg) + size_t *pass_len, + const OSSL_PARAM params[], void *arg) { return ossl_pw_get_passphrase(pass, pass_size, pass_len, params, 0, arg); } --- crypto/openssl/crypto/pem/pem_all.c.orig +++ crypto/openssl/crypto/pem/pem_all.c @@ -42,7 +42,7 @@ IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, - PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) + PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) #ifndef OPENSSL_NO_DEPRECATED_3_0 /* * We treat RSA or DSA private keys as a special case. For private keys we @@ -67,14 +67,14 @@ } RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, - void *u) + void *u) { EVP_PKEY *pktmp; pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); return pkey_get_rsa(pktmp, rsa); } -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) { @@ -83,7 +83,7 @@ return pkey_get_rsa(pktmp, rsa); } -# endif +#endif IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) @@ -107,7 +107,7 @@ } DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, - void *u) + void *u) { EVP_PKEY *pktmp; pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); @@ -116,7 +116,7 @@ IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) { EVP_PKEY *pktmp; @@ -124,13 +124,13 @@ return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ } -# endif +#endif IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) #endif #ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) { EC_KEY *dtmp; @@ -148,7 +148,7 @@ } EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, - void *u) + void *u) { EVP_PKEY *pktmp; pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); @@ -156,22 +156,21 @@ } IMPLEMENT_PEM_rw(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, - ECPKParameters) - + ECPKParameters) IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, - ECPrivateKey) + ECPrivateKey) IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, - void *u) + void *u) { EVP_PKEY *pktmp; pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ } -# endif -# endif /* !OPENSSL_NO_EC */ +#endif +#endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ #ifndef OPENSSL_NO_DH @@ -205,7 +204,7 @@ return ret; } -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) { BIO *b; @@ -220,7 +219,7 @@ BIO_free(b); return ret; } -# endif +#endif #endif IMPLEMENT_PEM_provided_write(PUBKEY, EVP_PKEY, pkey, PEM_STRING_PUBLIC, PUBKEY) --- crypto/openssl/crypto/pem/pem_err.c.orig +++ crypto/openssl/crypto/pem/pem_err.c @@ -15,51 +15,51 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA PEM_str_reasons[] = { - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "bad end line"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "bad iv chars"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "bad magic number"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "bad password read"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "bad version number"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "bio write failure"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "cipher is null"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY), - "error converting private key"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_DSS_KEY_BLOB), - "expecting dss key blob"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB), - "expecting private key blob"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB), - "expecting public key blob"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_RSA_KEY_BLOB), - "expecting rsa key blob"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_HEADER_TOO_LONG), "header too long"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER), - "inconsistent header"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR), - "keyblob header parse error"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_MISSING_DEK_IV), "missing dek iv"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "not dek info"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "not encrypted"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "not proc type"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "no start line"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD), - "problems getting password"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "pvk too short"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "read key"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "short header"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION), - "unsupported encryption"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), - "unsupported key components"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE), - "unsupported public key type"}, - {0, NULL} + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "bad end line" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "bad iv chars" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "bad magic number" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "bad password read" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "bad version number" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "bio write failure" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "cipher is null" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY), + "error converting private key" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_DSS_KEY_BLOB), + "expecting dss key blob" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB), + "expecting private key blob" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB), + "expecting public key blob" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_RSA_KEY_BLOB), + "expecting rsa key blob" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_HEADER_TOO_LONG), "header too long" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER), + "inconsistent header" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR), + "keyblob header parse error" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_MISSING_DEK_IV), "missing dek iv" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "not dek info" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "not encrypted" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "not proc type" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "no start line" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD), + "problems getting password" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "pvk too short" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "read key" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "short header" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION), + "unsupported encryption" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), + "unsupported key components" }, + { ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/pem/pem_info.c.orig +++ crypto/openssl/crypto/pem/pem_info.c @@ -27,7 +27,7 @@ #ifndef OPENSSL_NO_STDIO STACK_OF(X509_INFO) *PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, - void *u, OSSL_LIB_CTX *libctx, const char *propq) + void *u, OSSL_LIB_CTX *libctx, const char *propq) { BIO *b; STACK_OF(X509_INFO) *ret; @@ -43,16 +43,16 @@ } STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL); } #endif STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, - const char *propq) + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, + const char *propq) { X509_INFO *xi = NULL; char *name = NULL, *header = NULL, *str; @@ -90,10 +90,10 @@ goto err; } ERR_clear_last_mark(); - start: + start: if (strcmp(name, PEM_STRING_X509) == 0 - || strcmp(name, PEM_STRING_X509_OLD) == 0 - || strcmp(name, PEM_STRING_X509_TRUSTED) == 0) { + || strcmp(name, PEM_STRING_X509_OLD) == 0 + || strcmp(name, PEM_STRING_X509_TRUSTED) == 0) { if (xi->x509 != NULL) { if (!sk_X509_INFO_push(ret, xi)) goto err; @@ -102,15 +102,15 @@ goto start; } if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) - d2i = (D2I_OF(void)) d2i_X509_AUX; + d2i = (D2I_OF(void))d2i_X509_AUX; else - d2i = (D2I_OF(void)) d2i_X509; + d2i = (D2I_OF(void))d2i_X509; xi->x509 = X509_new_ex(libctx, propq); if (xi->x509 == NULL) goto err; pp = &(xi->x509); } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) { - d2i = (D2I_OF(void)) d2i_X509_CRL; + d2i = (D2I_OF(void))d2i_X509_CRL; if (xi->crl != NULL) { if (!sk_X509_INFO_push(ret, xi)) goto err; @@ -137,13 +137,13 @@ xi->enc_data = NULL; xi->enc_len = 0; - d2i = (D2I_OF(void)) d2i_AutoPrivateKey; + d2i = (D2I_OF(void))d2i_AutoPrivateKey; xi->x_pkey = X509_PKEY_new(); if (xi->x_pkey == NULL) goto err; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10 /* assume encrypted */ - || strcmp(name, PEM_STRING_PKCS8) == 0) + || strcmp(name, PEM_STRING_PKCS8) == 0) raw = 1; } else { /* unknown */ d2i = NULL; @@ -161,7 +161,8 @@ p = data; if (ptype) { if (d2i_PrivateKey_ex(ptype, pp, &p, len, - libctx, propq) == NULL) { + libctx, propq) + == NULL) { ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB); goto err; } @@ -169,7 +170,7 @@ ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB); goto err; } - } else { /* encrypted key data */ + } else { /* encrypted key data */ if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher)) goto err; xi->enc_data = (char *)data; @@ -189,14 +190,13 @@ * if the last one hasn't been pushed yet and there is anything in it * then add it to the stack ... */ - if ((xi->x509 != NULL) || (xi->crl != NULL) || - (xi->x_pkey != NULL) || (xi->enc_data != NULL)) { + if ((xi->x509 != NULL) || (xi->crl != NULL) || (xi->x_pkey != NULL) || (xi->enc_data != NULL)) { if (!sk_X509_INFO_push(ret, xi)) goto err; xi = NULL; } ok = 1; - err: +err: X509_INFO_free(xi); if (!ok) { for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) { @@ -215,15 +215,15 @@ } STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL); } /* A TJH addition */ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) { int i, ret = 0; unsigned char *data = NULL; @@ -234,12 +234,12 @@ if (enc != NULL) { objstr = EVP_CIPHER_get0_name(enc); if (objstr == NULL - /* - * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" - * fits into buf - */ + /* + * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" + * fits into buf + */ || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13 - > sizeof(buf)) { + > sizeof(buf)) { ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; } @@ -277,7 +277,7 @@ buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc), - (const char *)iv); + (const char *)iv); /* use the normal code to write things out */ i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); @@ -287,8 +287,9 @@ /* Add DSA/DH */ /* normal optionally encrypted stuff */ if (PEM_write_bio_RSAPrivateKey(bp, - EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey), - enc, kstr, klen, cb, u) <= 0) + EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey), + enc, kstr, klen, cb, u) + <= 0) goto err; } } @@ -305,7 +306,7 @@ ret = 1; - err: +err: OPENSSL_cleanse(buf, PEM_BUFSIZE); return ret; } --- crypto/openssl/crypto/pem/pem_lib.c.orig +++ crypto/openssl/crypto/pem/pem_lib.c @@ -25,7 +25,7 @@ #include #include -#define MIN_LENGTH 4 +#define MIN_LENGTH 4 static int load_iv(char **fromp, unsigned char *to, int num); static int check_pem(const char *nm, const char *name); @@ -107,7 +107,7 @@ #ifndef OPENSSL_NO_STDIO void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { BIO *b; void *ret; @@ -233,9 +233,9 @@ } static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen, - char **pnm, const char *name, BIO *bp, - pem_password_cb *cb, void *u, - unsigned int flags) + char **pnm, const char *name, BIO *bp, + pem_password_cb *cb, void *u, + unsigned int flags) { EVP_CIPHER_INFO cipher; char *nm = NULL, *header = NULL; @@ -266,7 +266,7 @@ ret = 1; - err: +err: if (!ret || pnm == NULL) pem_free(nm, flags, 0); pem_free(header, flags, 0); @@ -276,24 +276,26 @@ } int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, - const char *name, BIO *bp, pem_password_cb *cb, - void *u) { + const char *name, BIO *bp, pem_password_cb *cb, + void *u) +{ return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u, - PEM_FLAG_EAY_COMPATIBLE); + PEM_FLAG_EAY_COMPATIBLE); } int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, - const char *name, BIO *bp, pem_password_cb *cb, - void *u) { + const char *name, BIO *bp, pem_password_cb *cb, + void *u) +{ return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u, - PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE); + PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE); } #ifndef OPENSSL_NO_STDIO int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, - const void *x, const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *callback, void *u) { BIO *b; int ret; @@ -310,9 +312,9 @@ #endif int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - const void *x, const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *callback, void *u) { EVP_CIPHER_CTX *ctx = NULL; int dsize = 0, i = 0, j = 0, ret = 0; @@ -325,13 +327,13 @@ if (enc != NULL) { objstr = EVP_CIPHER_get0_name(enc); if (objstr == NULL || EVP_CIPHER_get_iv_length(enc) == 0 - || EVP_CIPHER_get_iv_length(enc) > (int)sizeof(iv) - /* - * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" - * fits into buf - */ - || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13 - > sizeof(buf)) { + || EVP_CIPHER_get_iv_length(enc) > (int)sizeof(iv) + /* + * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" + * fits into buf + */ + || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13 + > sizeof(buf)) { ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; } @@ -357,7 +359,7 @@ if (callback == NULL) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); else - klen = (*callback) (buf, PEM_BUFSIZE, 1, u); + klen = (*callback)(buf, PEM_BUFSIZE, 1, u); if (klen <= 0) { ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY); goto err; @@ -402,7 +404,7 @@ i = PEM_write_bio(bp, name, buf, data, i); if (i <= 0) ret = 0; - err: +err: OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(iv, sizeof(iv)); EVP_CIPHER_CTX_free(ctx); @@ -412,12 +414,12 @@ } int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, - pem_password_cb *callback, void *u) + pem_password_cb *callback, void *u) { int ok; int keylen; long len = *plen; - int ilen = (int) len; /* EVP_DecryptUpdate etc. take int lengths */ + int ilen = (int)len; /* EVP_DecryptUpdate etc. take int lengths */ EVP_CIPHER_CTX *ctx; unsigned char key[EVP_MAX_KEY_LENGTH]; char buf[PEM_BUFSIZE]; @@ -446,7 +448,7 @@ #endif if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), - (unsigned char *)buf, keylen, 1, key, NULL)) + (unsigned char *)buf, keylen, 1, key, NULL)) return 0; ctx = EVP_CIPHER_CTX_new(); @@ -498,11 +500,11 @@ if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; - if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) { + if (strncmp(header, ProcType, sizeof(ProcType) - 1) != 0) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_PROC_TYPE); return 0; } - header += sizeof(ProcType)-1; + header += sizeof(ProcType) - 1; header += strspn(header, " \t"); if (*header++ != '4' || *header++ != ',') @@ -510,12 +512,11 @@ header += strspn(header, " \t"); /* We expect "ENCRYPTED" followed by optional white-space + line break */ - if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 || - strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) { + if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED) - 1) != 0 || strspn(header + sizeof(ENCRYPTED) - 1, " \t\r\n") == 0) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_ENCRYPTED); return 0; } - header += sizeof(ENCRYPTED)-1; + header += sizeof(ENCRYPTED) - 1; header += strspn(header, " \t\r"); if (*header++ != '\n') { ERR_raise(ERR_LIB_PEM, PEM_R_SHORT_HEADER); @@ -526,11 +527,11 @@ * https://tools.ietf.org/html/rfc1421#section-4.6.1.3 * We expect "DEK-Info: algo[,hex-parameters]" */ - if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) { + if (strncmp(header, DEKInfo, sizeof(DEKInfo) - 1) != 0) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_DEK_INFO); return 0; } - header += sizeof(DEKInfo)-1; + header += sizeof(DEKInfo) - 1; header += strspn(header, " \t"); /* @@ -589,7 +590,7 @@ #ifndef OPENSSL_NO_STDIO int PEM_write(FILE *fp, const char *name, const char *header, - const unsigned char *data, long len) + const unsigned char *data, long len) { BIO *b; int ret; @@ -606,7 +607,7 @@ #endif int PEM_write_bio(BIO *bp, const char *name, const char *header, - const unsigned char *data, long len) + const unsigned char *data, long len) { int nlen, n, i, j, outl; unsigned char *buf = NULL; @@ -622,9 +623,7 @@ EVP_EncodeInit(ctx); nlen = strlen(name); - if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || - (BIO_write(bp, name, nlen) != nlen) || - (BIO_write(bp, "-----\n", 6) != 6)) + if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || (BIO_write(bp, name, nlen) != nlen) || (BIO_write(bp, "-----\n", 6) != 6)) goto err; i = header != NULL ? strlen(header) : 0; @@ -653,13 +652,11 @@ EVP_EncodeFinal(ctx, buf, &outl); if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) goto err; - if ((BIO_write(bp, "-----END ", 9) != 9) || - (BIO_write(bp, name, nlen) != nlen) || - (BIO_write(bp, "-----\n", 6) != 6)) + if ((BIO_write(bp, "-----END ", 9) != 9) || (BIO_write(bp, name, nlen) != nlen) || (BIO_write(bp, "-----\n", 6) != 6)) goto err; retval = i + outl; - err: +err: if (retval == 0) ERR_raise(ERR_LIB_PEM, reason); EVP_ENCODE_CTX_free(ctx); @@ -669,7 +666,7 @@ #ifndef OPENSSL_NO_STDIO int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, - long *len) + long *len) { BIO *b; int ret; @@ -692,7 +689,7 @@ if (first_call) { /* Other BOMs imply unsupported multibyte encoding, * so don't strip them and let the error raise */ - const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + const unsigned char utf8_bom[3] = { 0xEF, 0xBB, 0xBF }; if (len > 3 && memcmp(linebuf, utf8_bom, 3) == 0) { memmove(linebuf, linebuf + 3, len - 3); @@ -770,8 +767,8 @@ /* Allow leading empty or non-matching lines. */ } while (strncmp(linebuf, beginstr, BEGINLEN) != 0 - || len < TAILLEN - || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0); + || len < TAILLEN + || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0); linebuf[len - TAILLEN] = '\0'; len = len - BEGINLEN - TAILLEN + 1; *name = pem_malloc(len, flags); @@ -806,7 +803,7 @@ * We need the name of the PEM-encoded type to verify the end string. */ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, - unsigned int flags) + unsigned int flags) { BIO *tmp = *header; char *linebuf, *p; @@ -824,7 +821,7 @@ return 0; } - while(1) { + while (1) { flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { @@ -838,7 +835,7 @@ * appear due to reading a line up until the char before the newline. */ prev_partial_line_read = partial_line_read; - partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n'; + partial_line_read = len == LINESIZE - 1 && linebuf[LINESIZE - 2] != '\n'; if (got_header == MAYBE_HEADER) { if (memchr(linebuf, ':', len) != NULL) @@ -870,8 +867,7 @@ if (strncmp(linebuf, endstr, ENDLEN) == 0) { p = linebuf + ENDLEN; namelen = strlen(name); - if (strncmp(p, name, namelen) != 0 || - strncmp(p + namelen, tailstr, TAILLEN) != 0) { + if (strncmp(p, name, namelen) != 0 || strncmp(p + namelen, tailstr, TAILLEN) != 0) { ERR_raise(ERR_LIB_PEM, PEM_R_BAD_END_LINE); goto err; } @@ -916,14 +912,14 @@ * for line endings). Other characters are malformed input and will be rejected. */ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, - unsigned char **data, long *len_out, unsigned int flags) + unsigned char **data, long *len_out, unsigned int flags) { EVP_ENCODE_CTX *ctx = NULL; const BIO_METHOD *bmeth; BIO *headerB = NULL, *dataB = NULL; char *name = NULL; int len, taillen, headerlen, ret = 0; - BUF_MEM * buf_mem; + BUF_MEM *buf_mem; *len_out = 0; *name_out = *header = NULL; @@ -961,10 +957,12 @@ } EVP_DecodeInit(ctx); - if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len, - (unsigned char*)buf_mem->data, len) < 0 - || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]), - &taillen) < 0) { + if (EVP_DecodeUpdate(ctx, (unsigned char *)buf_mem->data, &len, + (unsigned char *)buf_mem->data, len) + < 0 + || EVP_DecodeFinal(ctx, (unsigned char *)&(buf_mem->data[len]), + &taillen) + < 0) { ERR_raise(ERR_LIB_PEM, PEM_R_BAD_BASE64_DECODE); goto end; } @@ -1001,7 +999,7 @@ } int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, - long *len) + long *len) { return PEM_read_bio_ex(bp, name, header, data, len, PEM_FLAG_EAY_COMPATIBLE); } --- crypto/openssl/crypto/pem/pem_local.h.orig +++ crypto/openssl/crypto/pem/pem_local.h @@ -23,34 +23,33 @@ * decoding operation can return an object that contains what libcrypto * expects. */ -# define PEM_SELECTION_PUBKEY EVP_PKEY_PUBLIC_KEY -# define PEM_SELECTION_PrivateKey EVP_PKEY_KEYPAIR -# define PEM_SELECTION_Parameters EVP_PKEY_KEY_PARAMETERS +#define PEM_SELECTION_PUBKEY EVP_PKEY_PUBLIC_KEY +#define PEM_SELECTION_PrivateKey EVP_PKEY_KEYPAIR +#define PEM_SELECTION_Parameters EVP_PKEY_KEY_PARAMETERS /* * Properties, named according to the ASN.1 names used throughout libcrypto. */ -# define PEM_STRUCTURE_PUBKEY "SubjectPublicKeyInfo" -# define PEM_STRUCTURE_PrivateKey "PrivateKeyInfo" -# define PEM_STRUCTURE_Parameters "type-specific" +#define PEM_STRUCTURE_PUBKEY "SubjectPublicKeyInfo" +#define PEM_STRUCTURE_PrivateKey "PrivateKeyInfo" +#define PEM_STRUCTURE_Parameters "type-specific" -# define PEM_STRUCTURE_RSAPrivateKey "type-specific" -# define PEM_STRUCTURE_RSAPublicKey "type-specific" +#define PEM_STRUCTURE_RSAPrivateKey "type-specific" +#define PEM_STRUCTURE_RSAPublicKey "type-specific" /* Alternative IMPLEMENT macros for provided encoders */ -# define IMPLEMENT_PEM_provided_write_body_vars(type, asn1, pq) \ - int ret = 0; \ - OSSL_ENCODER_CTX *ctx = \ - OSSL_ENCODER_CTX_new_for_##type(x, PEM_SELECTION_##asn1, \ - "PEM", PEM_STRUCTURE_##asn1, \ - (pq)); \ - \ - if (OSSL_ENCODER_CTX_get_num_encoders(ctx) == 0) { \ - OSSL_ENCODER_CTX_free(ctx); \ - goto legacy; \ +#define IMPLEMENT_PEM_provided_write_body_vars(type, asn1, pq) \ + int ret = 0; \ + OSSL_ENCODER_CTX *ctx = OSSL_ENCODER_CTX_new_for_##type(x, PEM_SELECTION_##asn1, \ + "PEM", PEM_STRUCTURE_##asn1, \ + (pq)); \ + \ + if (OSSL_ENCODER_CTX_get_num_encoders(ctx) == 0) { \ + OSSL_ENCODER_CTX_free(ctx); \ + goto legacy; \ } -# define IMPLEMENT_PEM_provided_write_body_pass() \ +#define IMPLEMENT_PEM_provided_write_body_pass() \ ret = 1; \ if (kstr == NULL && cb == NULL) { \ if (u != NULL) { \ @@ -63,14 +62,14 @@ if (enc != NULL) { \ ret = 0; \ if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc), \ - NULL)) { \ + NULL)) { \ ret = 1; \ if (kstr != NULL \ && !OSSL_ENCODER_CTX_set_passphrase(ctx, kstr, klen)) \ ret = 0; \ else if (cb != NULL \ - && !OSSL_ENCODER_CTX_set_pem_password_cb(ctx, \ - cb, u)) \ + && !OSSL_ENCODER_CTX_set_pem_password_cb(ctx, \ + cb, u)) \ ret = 0; \ } \ } \ @@ -78,48 +77,47 @@ OSSL_ENCODER_CTX_free(ctx); \ return 0; \ } -# define IMPLEMENT_PEM_provided_write_body_main(type, outtype) \ - ret = OSSL_ENCODER_to_##outtype(ctx, out); \ - OSSL_ENCODER_CTX_free(ctx); \ +#define IMPLEMENT_PEM_provided_write_body_main(type, outtype) \ + ret = OSSL_ENCODER_to_##outtype(ctx, out); \ + OSSL_ENCODER_CTX_free(ctx); \ return ret -# define IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ - writename) \ - legacy: \ - return PEM_ASN1_##writename((i2d_of_void *)i2d_##asn1, str, out, \ - x, NULL, NULL, 0, NULL, NULL) -# define IMPLEMENT_PEM_provided_write_body_fallback_cb(str, asn1, \ - writename) \ - legacy: \ - return PEM_ASN1_##writename##((i2d_of_void *)i2d_##asn1, str, out, \ - x, enc, kstr, klen, cb, u) - -# define IMPLEMENT_PEM_provided_write_to(name, TYPE, type, str, asn1, \ - OUTTYPE, outtype, writename) \ - PEM_write_fnsig(name, TYPE, OUTTYPE, writename) \ - { \ - IMPLEMENT_PEM_provided_write_body_vars(type, asn1, NULL); \ - IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ - IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ - writename); \ - } \ - PEM_write_ex_fnsig(name, TYPE, OUTTYPE, writename) \ - { \ - IMPLEMENT_PEM_provided_write_body_vars(type, asn1, propq); \ - IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ - IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ - writename); \ +#define IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ + writename) \ + legacy: \ + return PEM_ASN1_##writename((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL, NULL, 0, NULL, NULL) +#define IMPLEMENT_PEM_provided_write_body_fallback_cb(str, asn1, \ + writename) \ + legacy: \ + return PEM_ASN1_##writename##((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u) + +#define IMPLEMENT_PEM_provided_write_to(name, TYPE, type, str, asn1, \ + OUTTYPE, outtype, writename) \ + PEM_write_fnsig(name, TYPE, OUTTYPE, writename) \ + { \ + IMPLEMENT_PEM_provided_write_body_vars(type, asn1, NULL); \ + IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ + IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ + writename); \ + } \ + PEM_write_ex_fnsig(name, TYPE, OUTTYPE, writename) \ + { \ + IMPLEMENT_PEM_provided_write_body_vars(type, asn1, propq); \ + IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ + IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ + writename); \ } - -# define IMPLEMENT_PEM_provided_write_cb_to(name, TYPE, type, str, asn1, \ - OUTTYPE, outtype, writename) \ +#define IMPLEMENT_PEM_provided_write_cb_to(name, TYPE, type, str, asn1, \ + OUTTYPE, outtype, writename) \ PEM_write_cb_fnsig(name, TYPE, OUTTYPE, writename) \ { \ IMPLEMENT_PEM_provided_write_body_vars(type, asn1, NULL); \ IMPLEMENT_PEM_provided_write_body_pass(); \ IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ IMPLEMENT_PEM_provided_write_body_fallback_cb(str, asn1, \ - writename); \ + writename); \ } \ PEM_write_ex_cb_fnsig(name, TYPE, OUTTYPE, writename) \ { \ @@ -127,41 +125,40 @@ IMPLEMENT_PEM_provided_write_body_pass(); \ IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ - writename); \ + writename); \ } -# ifdef OPENSSL_NO_STDIO +#ifdef OPENSSL_NO_STDIO -# define IMPLEMENT_PEM_provided_write_fp(name, TYPE, type, str, asn1) -# define IMPLEMENT_PEM_provided_write_cb_fp(name, TYPE, type, str, asn1) +#define IMPLEMENT_PEM_provided_write_fp(name, TYPE, type, str, asn1) +#define IMPLEMENT_PEM_provided_write_cb_fp(name, TYPE, type, str, asn1) -# else +#else -# define IMPLEMENT_PEM_provided_write_fp(name, TYPE, type, str, asn1) \ +#define IMPLEMENT_PEM_provided_write_fp(name, TYPE, type, str, asn1) \ IMPLEMENT_PEM_provided_write_to(name, TYPE, type, str, asn1, FILE, fp, write) -# define IMPLEMENT_PEM_provided_write_cb_fp(name, TYPE, type, str, asn1) \ +#define IMPLEMENT_PEM_provided_write_cb_fp(name, TYPE, type, str, asn1) \ IMPLEMENT_PEM_provided_write_cb_to(name, TYPE, type, str, asn1, FILE, fp, write) -# endif +#endif -# define IMPLEMENT_PEM_provided_write_bio(name, TYPE, type, str, asn1) \ +#define IMPLEMENT_PEM_provided_write_bio(name, TYPE, type, str, asn1) \ IMPLEMENT_PEM_provided_write_to(name, TYPE, type, str, asn1, BIO, bio, write_bio) -# define IMPLEMENT_PEM_provided_write_cb_bio(name, TYPE, type, str, asn1) \ +#define IMPLEMENT_PEM_provided_write_cb_bio(name, TYPE, type, str, asn1) \ IMPLEMENT_PEM_provided_write_cb_to(name, TYPE, type, str, asn1, BIO, bio, write_bio) -# define IMPLEMENT_PEM_provided_write(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_bio(name, TYPE, type, str, asn1) \ +#define IMPLEMENT_PEM_provided_write(name, TYPE, type, str, asn1) \ + IMPLEMENT_PEM_provided_write_bio(name, TYPE, type, str, asn1) \ IMPLEMENT_PEM_provided_write_fp(name, TYPE, type, str, asn1) -# define IMPLEMENT_PEM_provided_write_cb(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_cb_bio(name, TYPE, type, str, asn1) \ +#define IMPLEMENT_PEM_provided_write_cb(name, TYPE, type, str, asn1) \ + IMPLEMENT_PEM_provided_write_cb_bio(name, TYPE, type, str, asn1) \ IMPLEMENT_PEM_provided_write_cb_fp(name, TYPE, type, str, asn1) -# define IMPLEMENT_PEM_provided_rw(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_read(name, TYPE, str, asn1) \ +#define IMPLEMENT_PEM_provided_rw(name, TYPE, type, str, asn1) \ + IMPLEMENT_PEM_read(name, TYPE, str, asn1) \ IMPLEMENT_PEM_provided_write(name, TYPE, type, str, asn1) -# define IMPLEMENT_PEM_provided_rw_cb(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_read(name, TYPE, str, asn1) \ +#define IMPLEMENT_PEM_provided_rw_cb(name, TYPE, type, str, asn1) \ + IMPLEMENT_PEM_read(name, TYPE, str, asn1) \ IMPLEMENT_PEM_provided_write_cb(name, TYPE, type, str, asn1) - --- crypto/openssl/crypto/pem/pem_oth.c.orig +++ crypto/openssl/crypto/pem/pem_oth.c @@ -18,7 +18,7 @@ /* Handle 'other' PEMs: not private keys */ void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { const unsigned char *p = NULL; unsigned char *data = NULL; --- crypto/openssl/crypto/pem/pem_pk8.c.orig +++ crypto/openssl/crypto/pem/pem_pk8.c @@ -19,17 +19,17 @@ #include static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, - int nid, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u, - const char *propq); + int nid, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cb, void *u, + const char *propq); #ifndef OPENSSL_NO_STDIO static int do_pk8pkey_fp(FILE *bp, const EVP_PKEY *x, int isder, - int nid, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u, - const char *propq); + int nid, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cb, void *u, + const char *propq); #endif /* * These functions write a private key in PKCS#8 format: it is a "drop in" @@ -39,42 +39,41 @@ */ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u) + const char *kstr, int klen, + pem_password_cb *cb, void *u) { return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u, NULL); } int PEM_write_bio_PKCS8PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u) + const char *kstr, int klen, + pem_password_cb *cb, void *u) { return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u, NULL); } int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u) + const char *kstr, int klen, + pem_password_cb *cb, void *u) { return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u, NULL); } int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u) + const char *kstr, int klen, + pem_password_cb *cb, void *u) { return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u, NULL); } static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, - const EVP_CIPHER *enc, const char *kstr, int klen, - pem_password_cb *cb, void *u, const char *propq) + const EVP_CIPHER *enc, const char *kstr, int klen, + pem_password_cb *cb, void *u, const char *propq) { int ret = 0; const char *outtype = isder ? "DER" : "PEM"; - OSSL_ENCODER_CTX *ctx = - OSSL_ENCODER_CTX_new_for_pkey(x, OSSL_KEYMGMT_SELECT_ALL, - outtype, "PrivateKeyInfo", propq); + OSSL_ENCODER_CTX *ctx = OSSL_ENCODER_CTX_new_for_pkey(x, OSSL_KEYMGMT_SELECT_ALL, + outtype, "PrivateKeyInfo", propq); if (ctx == NULL) return 0; @@ -104,7 +103,7 @@ if (enc != NULL) { ret = 0; if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc), - NULL)) { + NULL)) { const unsigned char *ukstr = (const unsigned char *)kstr; /* @@ -118,7 +117,7 @@ && !OSSL_ENCODER_CTX_set_passphrase(ctx, ukstr, klen)) ret = 0; else if (cb != NULL - && !OSSL_ENCODER_CTX_set_pem_password_cb(ctx, cb, u)) + && !OSSL_ENCODER_CTX_set_pem_password_cb(ctx, cb, u)) ret = 0; } } @@ -159,7 +158,7 @@ else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); } - legacy_end: + legacy_end: PKCS8_PRIV_KEY_INFO_free(p8inf); } OSSL_ENCODER_CTX_free(ctx); @@ -167,7 +166,7 @@ } EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u) + void *u) { PKCS8_PRIV_KEY_INFO *p8inf = NULL; X509_SIG *p8 = NULL; @@ -206,36 +205,36 @@ #ifndef OPENSSL_NO_STDIO int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u) + const char *kstr, int klen, + pem_password_cb *cb, void *u) { return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u, NULL); } int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u) + const char *kstr, int klen, + pem_password_cb *cb, void *u) { return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u, NULL); } int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u) + const char *kstr, int klen, + pem_password_cb *cb, void *u) { return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u, NULL); } int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u) + const char *kstr, int klen, + pem_password_cb *cb, void *u) { return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u, NULL); } static int do_pk8pkey_fp(FILE *fp, const EVP_PKEY *x, int isder, int nid, - const EVP_CIPHER *enc, const char *kstr, int klen, - pem_password_cb *cb, void *u, const char *propq) + const EVP_CIPHER *enc, const char *kstr, int klen, + pem_password_cb *cb, void *u, const char *propq) { BIO *bp; int ret; @@ -250,7 +249,7 @@ } EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u) + void *u) { BIO *bp; EVP_PKEY *ret; @@ -268,6 +267,5 @@ IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG) - IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, - PKCS8_PRIV_KEY_INFO) + PKCS8_PRIV_KEY_INFO) --- crypto/openssl/crypto/pem/pem_pkey.c.orig +++ crypto/openssl/crypto/pem/pem_pkey.c @@ -31,10 +31,10 @@ int ossl_pem_check_suffix(const char *pem_str, const char *suffix); static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, - const char *propq, - int selection) + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, + const char *propq, + int selection) { EVP_PKEY *pkey = NULL; OSSL_DECODER_CTX *dctx = NULL; @@ -45,7 +45,7 @@ return NULL; dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, NULL, - selection, libctx, propq); + selection, libctx, propq); if (dctx == NULL) return NULL; @@ -91,16 +91,16 @@ *x = pkey; } - err: +err: OSSL_DECODER_CTX_free(dctx); return pkey; } static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, - const char *propq, - int selection) + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, + const char *propq, + int selection) { char *nm = NULL; const unsigned char *p = NULL; @@ -109,22 +109,22 @@ int slen; EVP_PKEY *ret = NULL; - ERR_set_mark(); /* not interested in PEM read errors */ + ERR_set_mark(); /* not interested in PEM read errors */ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, - PEM_STRING_EVP_PKEY, - bp, cb, u)) { + PEM_STRING_EVP_PKEY, + bp, cb, u)) { ERR_pop_to_mark(); return NULL; - } + } } else { const char *pem_string = PEM_STRING_PARAMETERS; if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) pem_string = PEM_STRING_PUBLIC; if (!PEM_bytes_read_bio(&data, &len, &nm, - pem_string, - bp, cb, u)) { + pem_string, + bp, cb, u)) { ERR_pop_to_mark(); return NULL; } @@ -177,13 +177,13 @@ if (ameth == NULL || ameth->old_priv_decode == NULL) goto p8err; ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx, - propq); + propq); } else if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0 - && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { /* Trying legacy PUBKEY decoding only if we do not want private key. */ ret = ossl_d2i_PUBKEY_legacy(x, &p, len); } else if ((selection & EVP_PKEY_KEYPAIR) == 0 - && (slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { + && (slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { /* Trying legacy params decoding only if we do not want a key. */ ret = EVP_PKEY_new(); if (ret == NULL) @@ -201,21 +201,21 @@ } } - p8err: +p8err: if (ret == NULL && ERR_peek_last_error() == 0) /* ensure some error is reported but do not hide the real one */ ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB); - err: +err: OPENSSL_secure_free(nm); OPENSSL_secure_clear_free(data, len); return ret; } static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, - const char *propq, - int selection) + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, + const char *propq, + int selection) { EVP_PKEY *ret = NULL; BIO *new_bio = NULL; @@ -239,18 +239,19 @@ ERR_set_mark(); ret = pem_read_bio_key_decoder(bp, x, ossl_pw_pem_password, &pwdata, - libctx, propq, selection); + libctx, propq, selection); if (ret == NULL && (BIO_seek(bp, pos) < 0 || (ret = pem_read_bio_key_legacy(bp, x, - ossl_pw_pem_password, &pwdata, - libctx, propq, - selection)) == NULL)) + ossl_pw_pem_password, &pwdata, + libctx, propq, + selection)) + == NULL)) ERR_clear_last_mark(); else ERR_pop_to_mark(); - err: +err: ossl_pw_clear_passphrase_data(&pwdata); if (new_bio != NULL) { BIO_pop(new_bio); @@ -260,23 +261,23 @@ } EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq) { return pem_read_bio_key(bp, x, cb, u, libctx, propq, - EVP_PKEY_PUBLIC_KEY); + EVP_PKEY_PUBLIC_KEY); } EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u) + void *u) { return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL); } #ifndef OPENSSL_NO_STDIO EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq) { BIO *b; EVP_PKEY *ret; @@ -298,16 +299,16 @@ #endif EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq) { return pem_read_bio_key(bp, x, cb, u, libctx, propq, - /* we also want the public key, if available */ - EVP_PKEY_KEYPAIR); + /* we also want the public key, if available */ + EVP_PKEY_KEYPAIR); } EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u) + void *u) { return PEM_read_bio_PrivateKey_ex(bp, x, cb, u, NULL, NULL); } @@ -319,27 +320,27 @@ IMPLEMENT_PEM_provided_write_body_pass(); IMPLEMENT_PEM_provided_write_body_main(pkey, bio); - legacy: +legacy: if (x != NULL && (x->ameth == NULL || x->ameth->priv_encode != NULL)) return PEM_write_bio_PKCS8PrivateKey(out, x, enc, - (const char *)kstr, klen, cb, u); + (const char *)kstr, klen, cb, u); return PEM_write_bio_PrivateKey_traditional(out, x, enc, kstr, klen, cb, u); } PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio) { return PEM_write_bio_PrivateKey_ex(out, x, enc, kstr, klen, cb, u, - NULL, NULL); + NULL, NULL); } /* * Note: there is no way to tell a provided pkey encoder to use "traditional" - * encoding. Therefore, if the pkey is provided, we try to take a copy + * encoding. Therefore, if the pkey is provided, we try to take a copy */ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, - const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) + const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) { char pem_str[80]; EVP_PKEY *copy = NULL; @@ -360,7 +361,7 @@ } BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); ret = PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, - pem_str, bp, x, enc, kstr, klen, cb, u); + pem_str, bp, x, enc, kstr, klen, cb, u); EVP_PKEY_free(copy); return ret; @@ -372,14 +373,14 @@ } EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { /* * PEM_read_bio_Parameters(_ex) should never ask for a password. Any attempt * to get a password just fails. */ return pem_read_bio_key(bp, x, no_password_cb, NULL, libctx, propq, - EVP_PKEY_KEY_PARAMETERS); + EVP_PKEY_KEY_PARAMETERS); } EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) @@ -394,19 +395,19 @@ IMPLEMENT_PEM_provided_write_body_main(pkey, bio); - legacy: +legacy: if (!x->ameth || !x->ameth->param_encode) return 0; BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str); return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode, - pem_str, out, x, NULL, NULL, 0, 0, NULL); + pem_str, out, x, NULL, NULL, 0, 0, NULL); } #ifndef OPENSSL_NO_STDIO EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u, OSSL_LIB_CTX *libctx, - const char *propq) + void *u, OSSL_LIB_CTX *libctx, + const char *propq) { BIO *b; EVP_PKEY *ret; @@ -422,7 +423,7 @@ } EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u) + void *u) { return PEM_read_PrivateKey_ex(fp, x, cb, u, NULL, NULL); } @@ -437,7 +438,7 @@ return 0; } ret = PEM_write_bio_PrivateKey_ex(b, x, enc, kstr, klen, cb, u, - libctx, propq); + libctx, propq); BIO_free(b); return ret; } --- crypto/openssl/crypto/pem/pem_sign.c.orig +++ crypto/openssl/crypto/pem/pem_sign.c @@ -20,13 +20,13 @@ } int PEM_SignUpdate(EVP_MD_CTX *ctx, - const unsigned char *data, unsigned int count) + const unsigned char *data, unsigned int count) { return EVP_DigestUpdate(ctx, data, count); } int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey) + unsigned int *siglen, EVP_PKEY *pkey) { unsigned char *m; int i, ret = 0; @@ -44,7 +44,7 @@ i = EVP_EncodeBlock(sigret, m, m_len); *siglen = i; ret = 1; - err: +err: /* ctx has been zeroed by EVP_SignFinal() */ OPENSSL_free(m); return ret; --- crypto/openssl/crypto/pem/pvkfmt.c.orig +++ crypto/openssl/crypto/pem/pvkfmt.c @@ -65,8 +65,9 @@ * (EVP_PKEY_RSA or EVP_PKEY_DSA), even if the resulting EVP_PKEY wasn't * created. */ -#define isdss_to_evp_type(isdss) \ - (isdss == 0 ? EVP_PKEY_RSA : isdss == 1 ? EVP_PKEY_DSA : EVP_PKEY_NONE) +#define isdss_to_evp_type(isdss) \ + (isdss == 0 ? EVP_PKEY_RSA : isdss == 1 ? EVP_PKEY_DSA \ + : EVP_PKEY_NONE) static EVP_PKEY *evp_pkey_new0_key(void *key, int evp_type) { EVP_PKEY *pkey = NULL; @@ -120,27 +121,27 @@ /* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ -# define MS_PUBLICKEYBLOB 0x6 -# define MS_PRIVATEKEYBLOB 0x7 -# define MS_RSA1MAGIC 0x31415352L -# define MS_RSA2MAGIC 0x32415352L -# define MS_DSS1MAGIC 0x31535344L -# define MS_DSS2MAGIC 0x32535344L +#define MS_PUBLICKEYBLOB 0x6 +#define MS_PRIVATEKEYBLOB 0x7 +#define MS_RSA1MAGIC 0x31415352L +#define MS_RSA2MAGIC 0x32415352L +#define MS_DSS1MAGIC 0x31535344L +#define MS_DSS2MAGIC 0x32535344L -# define MS_KEYALG_RSA_KEYX 0xa400 -# define MS_KEYALG_DSS_SIGN 0x2200 +#define MS_KEYALG_RSA_KEYX 0xa400 +#define MS_KEYALG_DSS_SIGN 0x2200 -# define MS_KEYTYPE_KEYX 0x1 -# define MS_KEYTYPE_SIGN 0x2 +#define MS_KEYTYPE_KEYX 0x1 +#define MS_KEYTYPE_SIGN 0x2 /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ -# define MS_PVKMAGIC 0xb0b5f11eL +#define MS_PVKMAGIC 0xb0b5f11eL /* Salt length for PVK files */ -# define PVK_SALTLEN 0x10 +#define PVK_SALTLEN 0x10 /* Maximum length in PVK header */ -# define PVK_MAX_KEYLEN 102400 +#define PVK_MAX_KEYLEN 102400 /* Maximum salt length */ -# define PVK_MAX_SALTLEN 10240 +#define PVK_MAX_SALTLEN 10240 /* * Read the MSBLOB header and get relevant data from it. @@ -157,8 +158,8 @@ * header data. */ int ossl_do_blob_header(const unsigned char **in, unsigned int length, - unsigned int *pmagic, unsigned int *pbitlen, - int *pisdss, int *pispub) + unsigned int *pmagic, unsigned int *pbitlen, + int *pisdss, int *pispub) { const unsigned char *p = *in; @@ -276,11 +277,10 @@ */ return 4 + 2 * nbyte + 5 * hnbyte; } - } static void *do_b2i_key(const unsigned char **in, unsigned int length, - int *isdss, int *ispub) + int *isdss, int *ispub) { const unsigned char *p = *in; unsigned int bitlen, magic; @@ -364,14 +364,14 @@ } pkey = evp_pkey_new0_key(key, isdss_to_evp_type(isdss)); - err: +err: OPENSSL_free(buf); return pkey; } #ifndef OPENSSL_NO_DSA DSA *ossl_b2i_DSA_after_header(const unsigned char **in, unsigned int bitlen, - int ispub) + int ispub) { const unsigned char *p = *in; DSA *dsa = NULL; @@ -425,7 +425,7 @@ *in = p; return dsa; - memerr: +memerr: ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); DSA_free(dsa); BN_free(pbn); @@ -439,7 +439,7 @@ #endif RSA *ossl_b2i_RSA_after_header(const unsigned char **in, unsigned int bitlen, - int ispub) + int ispub) { const unsigned char *pin = *in; BIGNUM *e = NULL, *n = NULL, *d = NULL; @@ -484,7 +484,7 @@ *in = pin; return rsa; - memerr: +memerr: ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); BN_free(e); BN_free(n); @@ -602,7 +602,7 @@ #endif if (!noinc) *out += outlen; - end: +end: return outlen; } @@ -656,7 +656,7 @@ goto badkey; } return bitlen; - badkey: +badkey: ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS); return 0; } @@ -707,7 +707,7 @@ } return bitlen; - badkey: +badkey: ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS); return 0; } @@ -746,8 +746,8 @@ } int ossl_do_PVK_header(const unsigned char **in, unsigned int length, - int skip_magic, - unsigned int *psaltlen, unsigned int *pkeylen) + int skip_magic, + unsigned int *psaltlen, unsigned int *pkeylen) { const unsigned char *p = *in; unsigned int pvk_magic, is_encrypted; @@ -772,7 +772,8 @@ p += 4; /* * keytype = - */ read_ledword(&p); + */ + read_ledword(&p); is_encrypted = read_ledword(&p); *psaltlen = read_ledword(&p); *pkeylen = read_ledword(&p); @@ -791,9 +792,9 @@ #ifndef OPENSSL_NO_RC4 static int derive_pvk_key(unsigned char *key, - const unsigned char *salt, unsigned int saltlen, - const unsigned char *pass, int passlen, - OSSL_LIB_CTX *libctx, const char *propq) + const unsigned char *salt, unsigned int saltlen, + const unsigned char *pass, int passlen, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); int rv = 0; @@ -818,10 +819,10 @@ #endif static void *do_PVK_body_key(const unsigned char **in, - unsigned int saltlen, unsigned int keylen, - pem_password_cb *cb, void *u, - int *isdss, int *ispub, - OSSL_LIB_CTX *libctx, const char *propq) + unsigned int saltlen, unsigned int keylen, + pem_password_cb *cb, void *u, + int *isdss, int *ispub, + OSSL_LIB_CTX *libctx, const char *propq) { const unsigned char *p = *in; unsigned char *enctmp = NULL; @@ -858,7 +859,7 @@ goto err; } if (!derive_pvk_key(keybuf, p, saltlen, - (unsigned char *)psbuf, inlen, libctx, propq)) + (unsigned char *)psbuf, inlen, libctx, propq)) goto err; p += saltlen; /* Copy BLOBHEADER across, decrypt rest */ @@ -902,7 +903,7 @@ } key = do_b2i_key(&p, keylen, isdss, ispub); - err: +err: EVP_CIPHER_CTX_free(cctx); #ifndef OPENSSL_NO_RC4 EVP_CIPHER_free(rc4); @@ -915,8 +916,8 @@ } static void *do_PVK_key_bio(BIO *in, pem_password_cb *cb, void *u, - int *isdss, int *ispub, - OSSL_LIB_CTX *libctx, const char *propq) + int *isdss, int *ispub, + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char pvk_hdr[24], *buf = NULL; const unsigned char *p; @@ -945,17 +946,17 @@ } key = do_PVK_body_key(&p, saltlen, keylen, cb, u, isdss, ispub, libctx, propq); - err: +err: OPENSSL_clear_free(buf, buflen); return key; } #ifndef OPENSSL_NO_DSA DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { int isdss = 1; - int ispub = 0; /* PVK keys are always private */ + int ispub = 0; /* PVK keys are always private */ return do_PVK_key_bio(in, cb, u, &isdss, &ispub, libctx, propq); } @@ -967,10 +968,10 @@ #endif RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { int isdss = 0; - int ispub = 0; /* PVK keys are always private */ + int ispub = 0; /* PVK keys are always private */ return do_PVK_key_bio(in, cb, u, &isdss, &ispub, libctx, propq); } @@ -981,7 +982,7 @@ } EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { int isdss = -1; int ispub = -1; @@ -996,8 +997,8 @@ } static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, - const char *propq) + pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, + const char *propq) { int ret = -1; int outlen = 24, pklen; @@ -1064,7 +1065,7 @@ goto error; } if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, - (unsigned char *)psbuf, inlen, libctx, propq)) + (unsigned char *)psbuf, inlen, libctx, propq)) goto error; if ((rc4 = EVP_CIPHER_fetch(libctx, "RC4", propq)) == NULL) goto error; @@ -1087,7 +1088,7 @@ if (*out == NULL) *out = start; ret = outlen; - error: +error: EVP_CIPHER_CTX_free(cctx); #ifndef OPENSSL_NO_RC4 EVP_CIPHER_free(rc4); @@ -1099,8 +1100,8 @@ } int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, - const char *propq) + pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, + const char *propq) { unsigned char *tmp = NULL; int outlen, wrlen; @@ -1118,8 +1119,7 @@ } int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { return i2b_PVK_bio_ex(out, pk, enclevel, cb, u, NULL, NULL); } - --- crypto/openssl/crypto/perlasm/sparcv9_modes.pl.orig +++ crypto/openssl/crypto/perlasm/sparcv9_modes.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -46,8 +46,8 @@ .align 32 ${alg}${bits}_t4_cbc_encrypt: save %sp, -$::frame, %sp - cmp $len, 0 - be,pn $::size_t_cc, .L${bits}_cbc_enc_abort + cmp $len, 15 + bleu,pn $::size_t_cc, .L${bits}_cbc_enc_abort srln $len, 0, $len ! needed on v8+, "nop" on v9 sub $inp, $out, $blk_init ! $inp!=$out ___ @@ -264,8 +264,8 @@ .align 32 ${alg}${bits}_t4_cbc_decrypt: save %sp, -$::frame, %sp - cmp $len, 0 - be,pn $::size_t_cc, .L${bits}_cbc_dec_abort + cmp $len, 15 + bleu,pn $::size_t_cc, .L${bits}_cbc_dec_abort srln $len, 0, $len ! needed on v8+, "nop" on v9 sub $inp, $out, $blk_init ! $inp!=$out ___ --- crypto/openssl/crypto/perlasm/x86_64-xlate.pl.orig +++ crypto/openssl/crypto/perlasm/x86_64-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -585,8 +585,7 @@ ); # Following constants are defined in x86_64 ABI supplement, for - # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf, - # see section 3.7 "Stack Unwind Algorithm". + # example available at https://gitlab.com/x86-psABIs/x86-64-ABI. my %DW_reg_idx = ( "%rax"=>0, "%rdx"=>1, "%rcx"=>2, "%rbx"=>3, "%rsi"=>4, "%rdi"=>5, "%rbp"=>6, "%rsp"=>7, --- crypto/openssl/crypto/pkcs12/p12_add.c.orig +++ crypto/openssl/crypto/pkcs12/p12_add.c @@ -18,7 +18,7 @@ /* Pack an object into an OCTET STRING and turn into a safebag */ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - int nid1, int nid2) + int nid1, int nid2) { PKCS12_BAGS *bag; PKCS12_SAFEBAG *safebag; @@ -40,7 +40,7 @@ safebag->type = OBJ_nid2obj(nid2); return safebag; - err: +err: PKCS12_BAGS_free(bag); return NULL; } @@ -66,7 +66,7 @@ } return p7; - err: +err: PKCS7_free(p7); return NULL; } @@ -90,9 +90,9 @@ /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags, - OSSL_LIB_CTX *ctx, const char *propq) + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags, + OSSL_LIB_CTX *ctx, const char *propq) { PKCS7 *p7; X509_ALGOR *pbe; @@ -127,9 +127,8 @@ X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); p7->d.encrypted->enc_data->algorithm = pbe; ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); - if (!(p7->d.encrypted->enc_data->enc_data = - PKCS12_item_i2d_encrypt_ex(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, - passlen, bags, 1, ctx, propq))) { + if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt_ex(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, + passlen, bags, 1, ctx, propq))) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR); goto err; } @@ -137,22 +136,22 @@ EVP_CIPHER_free(pbe_ciph_fetch); return p7; - err: +err: PKCS7_free(p7); EVP_CIPHER_free(pbe_ciph_fetch); return NULL; } PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags) + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags) { return PKCS12_pack_p7encdata_ex(pbe_nid, pass, passlen, salt, saltlen, - iter, bags, NULL, NULL); + iter, bags, NULL, NULL); } STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, - int passlen) + int passlen) { if (!PKCS7_type_is_encrypted(p7)) return NULL; @@ -163,21 +162,21 @@ } return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm, - ASN1_ITEM_rptr(PKCS12_SAFEBAGS), - pass, passlen, - p7->d.encrypted->enc_data->enc_data, 1, - p7->ctx.libctx, p7->ctx.propq); + ASN1_ITEM_rptr(PKCS12_SAFEBAGS), + pass, passlen, + p7->d.encrypted->enc_data->enc_data, 1, + p7->ctx.libctx, p7->ctx.propq); } PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey_ex(const PKCS12_SAFEBAG *bag, - const char *pass, int passlen, - OSSL_LIB_CTX *ctx, const char *propq) + const char *pass, int passlen, + OSSL_LIB_CTX *ctx, const char *propq) { return PKCS8_decrypt_ex(bag->value.shkeybag, pass, passlen, ctx, propq); } PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, - const char *pass, int passlen) + const char *pass, int passlen) { return PKCS12_decrypt_skey_ex(bag, pass, passlen, NULL, NULL); } @@ -185,7 +184,7 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) { if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), - &p12->authsafes->d.data)) + &p12->authsafes->d.data)) return 1; return 0; } @@ -207,7 +206,7 @@ } p7s = ASN1_item_unpack(p12->authsafes->d.data, - ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); if (p7s != NULL) { for (i = 0; i < sk_PKCS7_num(p7s); i++) { p7 = sk_PKCS7_value(p7s, i); --- crypto/openssl/crypto/pkcs12/p12_asn.c.orig +++ crypto/openssl/crypto/pkcs12/p12_asn.c @@ -16,17 +16,17 @@ /* PKCS#12 ASN1 module */ ASN1_SEQUENCE(PKCS12) = { - ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS12, authsafes, PKCS7), - ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) + ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS12, authsafes, PKCS7), + ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) } ASN1_SEQUENCE_END(PKCS12) IMPLEMENT_ASN1_FUNCTIONS(PKCS12) ASN1_SEQUENCE(PKCS12_MAC_DATA) = { - ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), - ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), - ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) + ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), + ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), + ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) } ASN1_SEQUENCE_END(PKCS12_MAC_DATA) IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) @@ -34,14 +34,14 @@ ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0); ASN1_ADB(PKCS12_BAGS) = { - ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), + ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), + ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), + ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); ASN1_SEQUENCE(PKCS12_BAGS) = { - ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS12_BAGS), + ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(PKCS12_BAGS), } ASN1_SEQUENCE_END(PKCS12_BAGS) IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) @@ -49,28 +49,26 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0); ASN1_ADB(PKCS12_SAFEBAG) = { - ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), - ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), - ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), - ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), - ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) + ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), + ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), + ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), + ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), + ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), + ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) } ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL); ASN1_SEQUENCE(PKCS12_SAFEBAG) = { - ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS12_SAFEBAG), - ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) + ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(PKCS12_SAFEBAG), + ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) } ASN1_SEQUENCE_END(PKCS12_SAFEBAG) IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG) /* SEQUENCE OF SafeBag */ -ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) +ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS) /* Authsafes: SEQUENCE OF PKCS7 */ -ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) +ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES) --- crypto/openssl/crypto/pkcs12/p12_attr.c.orig +++ crypto/openssl/crypto/pkcs12/p12_attr.c @@ -15,10 +15,11 @@ /* Add a local keyid to a safebag */ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen) + int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, - V_ASN1_OCTET_STRING, name, namelen) != NULL) + V_ASN1_OCTET_STRING, name, namelen) + != NULL) return 1; else return 0; @@ -30,36 +31,39 @@ { unsigned char us_val = (unsigned char)usage; return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, - V_ASN1_BIT_STRING, &us_val, 1); + V_ASN1_BIT_STRING, &us_val, 1); } /* Add a friendlyname to a safebag */ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen) + int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_ASC, (unsigned char *)name, namelen) != NULL) + MBSTRING_ASC, (unsigned char *)name, namelen) + != NULL) return 1; else return 0; } int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, - int namelen) + int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_UTF8, (unsigned char *)name, namelen) != NULL) + MBSTRING_UTF8, (unsigned char *)name, namelen) + != NULL) return 1; else return 0; } int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, - const unsigned char *name, int namelen) + const unsigned char *name, int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_BMP, name, namelen) != NULL) + MBSTRING_BMP, name, namelen) + != NULL) return 1; else return 0; @@ -68,14 +72,15 @@ int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, - MBSTRING_ASC, (unsigned char *)name, namelen) != NULL) + MBSTRING_ASC, (unsigned char *)name, namelen) + != NULL) return 1; else return 0; } int PKCS12_add1_attr_by_NID(PKCS12_SAFEBAG *bag, int nid, int type, - const unsigned char *bytes, int len) + const unsigned char *bytes, int len) { if (X509at_add1_attr_by_NID(&bag->attrib, nid, type, bytes, len) != NULL) return 1; @@ -84,7 +89,7 @@ } int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, - const unsigned char *bytes, int len) + const unsigned char *bytes, int len) { if (X509at_add1_attr_by_txt(&bag->attrib, attrname, type, bytes, len) != NULL) return 1; @@ -93,7 +98,7 @@ } ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, - int attr_nid) + int attr_nid) { X509_ATTRIBUTE *attrib; int i; @@ -111,7 +116,7 @@ if (atype->type != V_ASN1_BMPSTRING) return NULL; return OPENSSL_uni2utf8(atype->value.bmpstring->data, - atype->value.bmpstring->length); + atype->value.bmpstring->length); } const STACK_OF(X509_ATTRIBUTE) * --- crypto/openssl/crypto/pkcs12/p12_crpt.c.orig +++ crypto/openssl/crypto/pkcs12/p12_crpt.c @@ -21,9 +21,9 @@ } int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq) { PBEPARAM *pbe; int saltlen, iter, ret; @@ -49,18 +49,18 @@ salt = pbe->salt->data; saltlen = pbe->salt->length; if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_KEY_ID, - iter, EVP_CIPHER_get_key_length(cipher), - key, md, - libctx, propq)) { + iter, EVP_CIPHER_get_key_length(cipher), + key, md, + libctx, propq)) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); PBEPARAM_free(pbe); return 0; } if (EVP_CIPHER_get_iv_length(cipher) > 0) { if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_IV_ID, - iter, EVP_CIPHER_get_iv_length(cipher), - iv, md, - libctx, propq)) { + iter, EVP_CIPHER_get_iv_length(cipher), + iv, md, + libctx, propq)) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR); PBEPARAM_free(pbe); return 0; @@ -76,10 +76,9 @@ } int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de) + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de) { return PKCS12_PBE_keyivgen_ex(ctx, pass, passlen, param, cipher, md, en_de, - NULL, NULL); + NULL, NULL); } - --- crypto/openssl/crypto/pkcs12/p12_crt.c.orig +++ crypto/openssl/crypto/pkcs12/p12_crt.c @@ -13,13 +13,13 @@ #include "p12_local.h" static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, - PKCS12_SAFEBAG *bag); + PKCS12_SAFEBAG *bag); static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, - X509 *cert, - const char *name, - int namelen, - unsigned char *keyid, - int keyidlen); + X509 *cert, + const char *name, + int namelen, + unsigned char *keyid, + int keyidlen); static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) { @@ -35,9 +35,9 @@ } PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, - X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, - int iter, int mac_iter, int keytype, - OSSL_LIB_CTX *ctx, const char *propq) + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq) { PKCS12 *p12 = NULL; STACK_OF(PKCS7) *safes = NULL; @@ -91,8 +91,7 @@ goto err; } - if (bags && !PKCS12_add_safe_ex(&safes, bags, nid_cert, iter, pass, - ctx, propq)) + if (bags && !PKCS12_add_safe_ex(&safes, bags, nid_cert, iter, pass, ctx, propq)) goto err; sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); @@ -100,7 +99,7 @@ if (pkey) { bag = PKCS12_add_key_ex(&bags, pkey, keytype, iter, nid_key, pass, - ctx, propq); + ctx, propq); if (!bag) goto err; @@ -131,34 +130,32 @@ safes = NULL; - if ((mac_iter != -1) && - !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) + if ((mac_iter != -1) && !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) goto err; return p12; - err: +err: PKCS12_free(p12); sk_PKCS7_pop_free(safes, PKCS7_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); return NULL; - } PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, - STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, - int mac_iter, int keytype) + STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, + int mac_iter, int keytype) { return PKCS12_create_ex(pass, name, pkey, cert, ca, nid_key, nid_cert, - iter, mac_iter, keytype, NULL, NULL); + iter, mac_iter, keytype, NULL, NULL); } static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, - X509 *cert, - const char *name, - int namelen, - unsigned char *keyid, - int keyidlen) + X509 *cert, + const char *name, + int namelen, + unsigned char *keyid, + int keyidlen) { PKCS12_SAFEBAG *bag = NULL; @@ -177,7 +174,7 @@ return bag; - err: +err: PKCS12_SAFEBAG_free(bag); return NULL; } @@ -199,9 +196,9 @@ } PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, - int nid_key, const char *pass, - OSSL_LIB_CTX *ctx, const char *propq) + EVP_PKEY *key, int key_usage, int iter, + int nid_key, const char *pass, + OSSL_LIB_CTX *ctx, const char *propq) { PKCS12_SAFEBAG *bag = NULL; @@ -217,11 +214,11 @@ if (nid_key != -1) { /* This call does not take ownership of p8 */ bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0, - iter, p8, ctx, propq); + iter, p8, ctx, propq); } else { bag = PKCS12_SAFEBAG_create0_p8inf(p8); if (bag != NULL) - p8 = NULL; /* bag takes ownership of p8 */ + p8 = NULL; /* bag takes ownership of p8 */ } /* This does not need to be in the error path */ if (p8 != NULL) @@ -232,22 +229,21 @@ return bag; - err: +err: PKCS12_SAFEBAG_free(bag); return NULL; - } PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, - int nid_key, const char *pass) + EVP_PKEY *key, int key_usage, int iter, + int nid_key, const char *pass) { return PKCS12_add_key_ex(pbags, key, key_usage, iter, nid_key, pass, - NULL, NULL); + NULL, NULL); } -PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, - int nid_type, const unsigned char *value, int len) +PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, + int nid_type, const unsigned char *value, int len) { PKCS12_SAFEBAG *bag = NULL; @@ -259,14 +255,14 @@ goto err; return bag; - err: +err: PKCS12_SAFEBAG_free(bag); return NULL; } int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int nid_safe, int iter, const char *pass, - OSSL_LIB_CTX *ctx, const char *propq) + int nid_safe, int iter, const char *pass, + OSSL_LIB_CTX *ctx, const char *propq) { PKCS7 *p7 = NULL; int free_safes = 0; @@ -297,7 +293,7 @@ return 1; - err: +err: if (free_safes) { sk_PKCS7_free(*psafes); *psafes = NULL; @@ -307,13 +303,13 @@ } int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int nid_safe, int iter, const char *pass) + int nid_safe, int iter, const char *pass) { return PKCS12_add_safe_ex(psafes, bags, nid_safe, iter, pass, NULL, NULL); } static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, - PKCS12_SAFEBAG *bag) + PKCS12_SAFEBAG *bag) { int free_bags = 0; @@ -335,11 +331,10 @@ } return 1; - } PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int nid_p7, - OSSL_LIB_CTX *ctx, const char *propq) + OSSL_LIB_CTX *ctx, const char *propq) { PKCS12 *p12; @@ -355,7 +350,6 @@ } return p12; - } PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) --- crypto/openssl/crypto/pkcs12/p12_decr.c.orig +++ crypto/openssl/crypto/pkcs12/p12_decr.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,10 +17,10 @@ * OPENSSL_malloc'ed buffer */ unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, - const char *pass, int passlen, - const unsigned char *in, int inlen, - unsigned char **data, int *datalen, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, int en_de, + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char *out = NULL; int outlen, i; @@ -34,7 +34,7 @@ /* Process data */ if (!EVP_PBE_CipherInit_ex(algor->algorithm, pass, passlen, - algor->parameter, ctx, en_de, libctx, propq)) + algor->parameter, ctx, en_de, libctx, propq)) goto err; /* @@ -45,7 +45,8 @@ */ max_out_len = inlen + EVP_CIPHER_CTX_get_block_size(ctx); if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { + & EVP_CIPH_FLAG_CIPHER_WITH_MAC) + != 0) { if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) { ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); goto err; @@ -60,7 +61,8 @@ } inlen -= mac_len; if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - (int)mac_len, (unsigned char *)in+inlen) < 0) { + (int)mac_len, (unsigned char *)in + inlen) + < 0) { ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); goto err; } @@ -84,16 +86,18 @@ OPENSSL_free(out); out = NULL; ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR, - passlen == 0 ? "empty password" - : "maybe wrong password"); + passlen == 0 ? "empty password" + : "maybe wrong password"); goto err; } outlen += i; if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { + & EVP_CIPH_FLAG_CIPHER_WITH_MAC) + != 0) { if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - (int)mac_len, out+outlen) < 0) { + (int)mac_len, out + outlen) + < 0) { OPENSSL_free(out); out = NULL; ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); @@ -106,19 +110,18 @@ *datalen = outlen; if (data) *data = out; - err: +err: EVP_CIPHER_CTX_free(ctx); return out; - } unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, - const char *pass, int passlen, - const unsigned char *in, int inlen, - unsigned char **data, int *datalen, int en_de) + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, int en_de) { return PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, data, datalen, - en_de, NULL, NULL); + en_de, NULL, NULL); } /* @@ -127,10 +130,10 @@ */ void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - const ASN1_OCTET_STRING *oct, int zbuf, - OSSL_LIB_CTX *libctx, - const char *propq) + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf, + OSSL_LIB_CTX *libctx, + const char *propq) { unsigned char *out = NULL; const unsigned char *p; @@ -143,14 +146,16 @@ } if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length, - &out, &outlen, 0, libctx, propq)) + &out, &outlen, 0, libctx, propq)) return NULL; p = out; - OSSL_TRACE_BEGIN(PKCS12_DECRYPT) { + OSSL_TRACE_BEGIN(PKCS12_DECRYPT) + { BIO_printf(trc_out, "\n"); BIO_dump(trc_out, out, outlen); BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(PKCS12_DECRYPT); + } + OSSL_TRACE_END(PKCS12_DECRYPT); ret = ASN1_item_d2i(NULL, &p, outlen, it); if (zbuf) OPENSSL_cleanse(out, outlen); @@ -161,11 +166,11 @@ } void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - const ASN1_OCTET_STRING *oct, int zbuf) + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf) { return PKCS12_item_decrypt_d2i_ex(algor, it, pass, passlen, oct, zbuf, - NULL, NULL); + NULL, NULL); } /* @@ -174,11 +179,11 @@ */ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf, - OSSL_LIB_CTX *ctx, - const char *propq) + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf, + OSSL_LIB_CTX *ctx, + const char *propq) { ASN1_OCTET_STRING *oct = NULL; unsigned char *in = NULL; @@ -194,7 +199,7 @@ goto err; } if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, &oct->data, - &oct->length, 1, ctx, propq)) { + &oct->length, 1, ctx, propq)) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR); OPENSSL_free(in); goto err; @@ -203,15 +208,15 @@ OPENSSL_cleanse(in, inlen); OPENSSL_free(in); return oct; - err: +err: ASN1_OCTET_STRING_free(oct); return NULL; } ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf) + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf) { return PKCS12_item_i2d_encrypt_ex(algor, it, pass, passlen, obj, zbuf, NULL, NULL); } --- crypto/openssl/crypto/pkcs12/p12_init.c.orig +++ crypto/openssl/crypto/pkcs12/p12_init.c @@ -46,7 +46,7 @@ } return pkcs12; - err: +err: PKCS12_free(pkcs12); return NULL; } @@ -55,4 +55,3 @@ { return PKCS12_init_ex(mode, NULL, NULL); } - --- crypto/openssl/crypto/pkcs12/p12_key.c.orig +++ crypto/openssl/crypto/pkcs12/p12_key.c @@ -17,9 +17,9 @@ #include "internal/provider.h" int PKCS12_key_gen_asc_ex(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq) + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq) { int ret; unsigned char *unipass; @@ -33,23 +33,23 @@ return 0; } ret = PKCS12_key_gen_uni_ex(unipass, uniplen, salt, saltlen, id, iter, - n, out, md_type, ctx, propq); + n, out, md_type, ctx, propq); OPENSSL_clear_free(unipass, uniplen); return ret > 0; } int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type) + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type) { return PKCS12_key_gen_asc_ex(pass, passlen, salt, saltlen, id, iter, n, - out, md_type, NULL, NULL); + out, md_type, NULL, NULL); } int PKCS12_key_gen_utf8_ex(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq) + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq) { int ret; unsigned char *unipass; @@ -63,23 +63,23 @@ return 0; } ret = PKCS12_key_gen_uni_ex(unipass, uniplen, salt, saltlen, id, iter, - n, out, md_type, ctx, propq); + n, out, md_type, ctx, propq); OPENSSL_clear_free(unipass, uniplen); return ret > 0; } int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type) + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type) { return PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, id, iter, n, - out, md_type, NULL, NULL); + out, md_type, NULL, NULL); } int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *libctx, const char *propq) + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *libctx, const char *propq) { int res = 0; EVP_KDF *kdf; @@ -98,17 +98,18 @@ return 0; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)EVP_MD_get0_name(md_type), - 0); + (char *)EVP_MD_get0_name(md_type), + 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - pass, passlen); + pass, passlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - salt, saltlen); + salt, saltlen); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS12_ID, &id); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter); *p = OSSL_PARAM_construct_end(); - OSSL_TRACE_BEGIN(PKCS12_KEYGEN) { + OSSL_TRACE_BEGIN(PKCS12_KEYGEN) + { BIO_printf(trc_out, "PKCS12_key_gen_uni_ex(): ID %d, ITER %d\n", id, iter); BIO_printf(trc_out, "Password (length %d):\n", passlen); BIO_hex_string(trc_out, 0, passlen, pass, passlen); @@ -116,23 +117,26 @@ BIO_printf(trc_out, "Salt (length %d):\n", saltlen); BIO_hex_string(trc_out, 0, saltlen, salt, saltlen); BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(PKCS12_KEYGEN); + } + OSSL_TRACE_END(PKCS12_KEYGEN); if (EVP_KDF_derive(ctx, out, (size_t)n, params)) { res = 1; - OSSL_TRACE_BEGIN(PKCS12_KEYGEN) { + OSSL_TRACE_BEGIN(PKCS12_KEYGEN) + { BIO_printf(trc_out, "Output KEY (length %d)\n", n); BIO_hex_string(trc_out, 0, n, out, n); BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(PKCS12_KEYGEN); + } + OSSL_TRACE_END(PKCS12_KEYGEN); } EVP_KDF_CTX_free(ctx); return res; } int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type) + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type) { return PKCS12_key_gen_uni_ex(pass, passlen, salt, saltlen, id, iter, n, out, md_type, NULL, NULL); } --- crypto/openssl/crypto/pkcs12/p12_kiss.c.orig +++ crypto/openssl/crypto/pkcs12/p12_kiss.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,13 +15,13 @@ /* Simplified PKCS#12 routines */ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); /* * Parse and decrypt a PKCS#12 structure returning user key, user cert and @@ -31,7 +31,7 @@ */ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca) + STACK_OF(X509) **ca) { STACK_OF(X509) *ocerts = NULL; X509 *x = NULL; @@ -74,7 +74,7 @@ /* If needed, allocate stack for other certificates */ if ((cert != NULL || ca != NULL) - && (ocerts = sk_X509_new_null()) == NULL) { + && (ocerts = sk_X509_new_null()) == NULL) { ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); goto err; } @@ -83,7 +83,7 @@ int err = ERR_peek_last_error(); if (ERR_GET_LIB(err) != ERR_LIB_EVP - && ERR_GET_REASON(err) != EVP_R_UNSUPPORTED_ALGORITHM) + && ERR_GET_REASON(err) != EVP_R_UNSUPPORTED_ALGORITHM) ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR); goto err; } @@ -91,7 +91,7 @@ /* Split the certs in ocerts over *cert and *ca as far as requested */ while ((x = sk_X509_shift(ocerts)) != NULL) { if (pkey != NULL && *pkey != NULL - && cert != NULL && *cert == NULL) { + && cert != NULL && *cert == NULL) { int match; ERR_set_mark(); @@ -114,7 +114,7 @@ return 1; - err: +err: if (pkey != NULL) { EVP_PKEY_free(*pkey); @@ -127,14 +127,13 @@ X509_free(x); sk_X509_pop_free(ocerts, X509_free); return 0; - } /* Parse the outer PKCS#12 structure */ /* pkey and/or ocerts may be NULL */ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts) + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { STACK_OF(PKCS7) *asafes; STACK_OF(PKCS12_SAFEBAG) *bags; @@ -169,12 +168,12 @@ /* pkey and/or ocerts may be NULL */ static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), - pass, passlen, pkey, ocerts)) + pass, passlen, pkey, ocerts)) return 0; } return 1; @@ -182,7 +181,7 @@ /* pkey and/or ocerts may be NULL */ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts) + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; @@ -224,7 +223,7 @@ case NID_certBag: if (ocerts == NULL - || PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) + || PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) return 1; if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL) return 0; @@ -256,7 +255,7 @@ case NID_safeContentsBag: return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey, - ocerts); + ocerts); default: return 1; --- crypto/openssl/crypto/pkcs12/p12_local.h.orig +++ crypto/openssl/crypto/pkcs12/p12_local.h @@ -10,7 +10,7 @@ struct PKCS12_MAC_DATA_st { X509_SIG *dinfo; ASN1_OCTET_STRING *salt; - ASN1_INTEGER *iter; /* defaults to 1 */ + ASN1_INTEGER *iter; /* defaults to 1 */ }; struct PKCS12_st { @@ -24,7 +24,7 @@ union { struct pkcs12_bag_st *bag; /* secret, crl and certbag */ struct pkcs8_priv_key_info_st *keybag; /* keybag */ - X509_SIG *shkeybag; /* shrouded key bag */ + X509_SIG *shkeybag; /* shrouded key bag */ STACK_OF(PKCS12_SAFEBAG) *safes; ASN1_TYPE *other; } value; @@ -38,6 +38,6 @@ ASN1_OCTET_STRING *x509crl; ASN1_OCTET_STRING *octet; ASN1_IA5STRING *sdsicert; - ASN1_TYPE *other; /* Secret or other bag */ + ASN1_TYPE *other; /* Secret or other bag */ } value; }; --- crypto/openssl/crypto/pkcs12/p12_mutl.c.orig +++ crypto/openssl/crypto/pkcs12/p12_mutl.c @@ -27,10 +27,10 @@ } void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, - const X509_ALGOR **pmacalg, - const ASN1_OCTET_STRING **psalt, - const ASN1_INTEGER **piter, - const PKCS12 *p12) + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12) { if (p12->mac) { X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac); @@ -53,9 +53,9 @@ #define TK26_MAC_KEY_LEN 32 static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, - const unsigned char *salt, int saltlen, - int iter, int keylen, unsigned char *key, - const EVP_MD *digest) + const unsigned char *salt, int saltlen, + int iter, int keylen, unsigned char *key, + const EVP_MD *digest) { unsigned char out[96]; @@ -64,7 +64,7 @@ } if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, - digest, sizeof(out), out)) { + digest, sizeof(out), out)) { return 0; } memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN); @@ -74,12 +74,12 @@ /* Generate a MAC */ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen, - int (*pkcs12_key_gen)(const char *pass, int passlen, - unsigned char *salt, int slen, - int id, int iter, int n, - unsigned char *out, - const EVP_MD *md_type)) + unsigned char *mac, unsigned int *maclen, + int (*pkcs12_key_gen)(const char *pass, int passlen, + unsigned char *salt, int slen, + int id, int iter, int n, + unsigned char *out, + const EVP_MD *md_type)) { int ret = 0; const EVP_MD *md; @@ -116,7 +116,7 @@ (void)ERR_set_mark(); md = md_fetch = EVP_MD_fetch(p12->authsafes->ctx.libctx, md_name, - p12->authsafes->ctx.propq); + p12->authsafes->ctx.propq); if (md == NULL) md = EVP_get_digestbynid(OBJ_obj2nid(macoid)); @@ -132,28 +132,28 @@ if (md_size < 0) goto err; if ((md_nid == NID_id_GostR3411_94 - || md_nid == NID_id_GostR3411_2012_256 - || md_nid == NID_id_GostR3411_2012_512) + || md_nid == NID_id_GostR3411_2012_256 + || md_nid == NID_id_GostR3411_2012_512) && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { md_size = TK26_MAC_KEY_LEN; if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, - md_size, key, md)) { + md_size, key, md)) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); goto err; } } else { if (pkcs12_key_gen != NULL) { if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, - iter, md_size, key, md)) { + iter, md_size, key, md)) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); goto err; } } else { /* Default to UTF-8 password */ if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID, - iter, md_size, key, md, - p12->authsafes->ctx.libctx, - p12->authsafes->ctx.propq)) { + iter, md_size, key, md, + p12->authsafes->ctx.libctx, + p12->authsafes->ctx.propq)) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); goto err; } @@ -162,7 +162,7 @@ if ((hmac = HMAC_CTX_new()) == NULL || !HMAC_Init_ex(hmac, key, md_size, md, NULL) || !HMAC_Update(hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length) + p12->authsafes->d.data->length) || !HMAC_Final(hmac, mac, maclen)) { goto err; } @@ -176,7 +176,7 @@ } int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen) + unsigned char *mac, unsigned int *maclen) { return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL); } @@ -207,8 +207,8 @@ /* Set a mac */ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - const EVP_MD *md_type) + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; @@ -240,7 +240,7 @@ /* Set up a mac structure */ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, - const EVP_MD *md_type) + const EVP_MD *md_type) { X509_ALGOR *macalg; @@ -270,14 +270,15 @@ p12->mac->salt->length = saltlen; if (salt == NULL) { if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data, - (size_t)saltlen, 0) <= 0) + (size_t)saltlen, 0) + <= 0) return 0; } else { memcpy(p12->mac->salt->data, salt, saltlen); } X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_get_type(md_type)), - V_ASN1_NULL, NULL)) { + V_ASN1_NULL, NULL)) { ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); return 0; } --- crypto/openssl/crypto/pkcs12/p12_npas.c.orig +++ crypto/openssl/crypto/pkcs12/p12_npas.c @@ -19,11 +19,11 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, - const char *newpass); + const char *newpass); static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, - const char *newpass); + const char *newpass); static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, - int *psaltlen); + int *psaltlen); /* * Change the password on a PKCS#12 structure. @@ -78,8 +78,8 @@ } else if (bagnid == NID_pkcs7_encrypted) { bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); if (p7->d.encrypted == NULL - || !alg_get(p7->d.encrypted->enc_data->algorithm, - &pbe_nid, &pbe_iter, &pbe_saltlen)) + || !alg_get(p7->d.encrypted->enc_data->algorithm, + &pbe_nid, &pbe_iter, &pbe_saltlen)) goto err; } else { continue; @@ -93,7 +93,7 @@ p7new = PKCS12_pack_p7data(bags); else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, - pbe_saltlen, pbe_iter, bags); + pbe_saltlen, pbe_iter, bags); if (p7new == NULL || !sk_PKCS7_push(newsafes, p7new)) goto err; sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); @@ -131,7 +131,7 @@ } static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, - const char *newpass) + const char *newpass) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { @@ -144,7 +144,7 @@ /* Change password of safebag: only needs handle shrouded keybags */ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, - const char *newpass) + const char *newpass) { PKCS8_PRIV_KEY_INFO *p8; X509_SIG *p8new; @@ -162,7 +162,7 @@ return 0; } p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, - p8_iter, p8); + p8_iter, p8); PKCS8_PRIV_KEY_INFO_free(p8); if (p8new == NULL) return 0; @@ -172,7 +172,7 @@ } static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, - int *psaltlen) + int *psaltlen) { PBEPARAM *pbe; --- crypto/openssl/crypto/pkcs12/p12_p8d.c.orig +++ crypto/openssl/crypto/pkcs12/p12_p8d.c @@ -12,21 +12,20 @@ #include PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, - int passlen, OSSL_LIB_CTX *ctx, - const char *propq) + int passlen, OSSL_LIB_CTX *ctx, + const char *propq) { const X509_ALGOR *dalg; const ASN1_OCTET_STRING *doct; X509_SIG_get0(p8, &dalg, &doct); return PKCS12_item_decrypt_d2i_ex(dalg, - ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, - passlen, doct, 1, ctx, propq); + ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, + passlen, doct, 1, ctx, propq); } PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, - int passlen) + int passlen) { return PKCS8_decrypt_ex(p8, pass, passlen, NULL, NULL); } - --- crypto/openssl/crypto/pkcs12/p12_p8e.c.orig +++ crypto/openssl/crypto/pkcs12/p12_p8e.c @@ -14,10 +14,10 @@ #include "crypto/x509.h" X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) + const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq) { X509_SIG *p8 = NULL; X509_ALGOR *pbe; @@ -28,7 +28,7 @@ return NULL; } pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1, - libctx); + libctx); } else { ERR_set_mark(); if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) { @@ -38,7 +38,7 @@ return NULL; } pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, - pbe_nid, libctx); + pbe_nid, libctx); } else { ERR_pop_to_mark(); pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx); @@ -58,24 +58,23 @@ } X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf) + const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf) { return PKCS8_encrypt_ex(pbe_nid, cipher, pass, passlen, salt, saltlen, iter, - p8inf, NULL, NULL); + p8inf, NULL, NULL); } X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, - PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, - OSSL_LIB_CTX *ctx, const char *propq) + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, + OSSL_LIB_CTX *ctx, const char *propq) { X509_SIG *p8; ASN1_OCTET_STRING *enckey; - enckey = - PKCS12_item_i2d_encrypt_ex(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), - pass, passlen, p8inf, 1, ctx, propq); + enckey = PKCS12_item_i2d_encrypt_ex(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), + pass, passlen, p8inf, 1, ctx, propq); if (!enckey) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR); return NULL; @@ -95,7 +94,7 @@ } X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, - PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe) + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe) { return PKCS8_set0_pbe_ex(pass, passlen, p8inf, pbe, NULL, NULL); } --- crypto/openssl/crypto/pkcs12/p12_sbag.c.orig +++ crypto/openssl/crypto/pkcs12/p12_sbag.c @@ -20,7 +20,7 @@ #endif const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, - int attr_nid) + int attr_nid) { return PKCS12_get_attr_gen(bag->attrib, attr_nid); } @@ -73,11 +73,20 @@ const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag) { + int btype = PKCS12_SAFEBAG_get_nid(bag); + + if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag) + return NULL; return bag->value.bag->type; } const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag) { + int vtype = PKCS12_SAFEBAG_get_bag_nid(bag); + + if (vtype == -1 || vtype == NID_x509Certificate || vtype == NID_x509Crl + || vtype == NID_sdsiCertificate) + return NULL; return bag->value.bag->value.other; } @@ -88,7 +97,7 @@ if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) return NULL; return ASN1_item_unpack(bag->value.bag->value.octet, - ASN1_ITEM_rptr(X509)); + ASN1_ITEM_rptr(X509)); } X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag) @@ -98,19 +107,19 @@ if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) return NULL; return ASN1_item_unpack(bag->value.bag->value.octet, - ASN1_ITEM_rptr(X509_CRL)); + ASN1_ITEM_rptr(X509_CRL)); } PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509) { return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), - NID_x509Certificate, NID_certBag); + NID_x509Certificate, NID_certBag); } PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl) { return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), - NID_x509Crl, NID_crlBag); + NID_x509Crl, NID_crlBag); } PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char *value, int len) @@ -124,30 +133,28 @@ } bag->type = OBJ_nid2obj(type); - switch(vtype) { - case V_ASN1_OCTET_STRING: - { - ASN1_OCTET_STRING *strtmp = ASN1_OCTET_STRING_new(); - - if (strtmp == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Pack data into an octet string */ - if (!ASN1_OCTET_STRING_set(strtmp, value, len)) { - ASN1_OCTET_STRING_free(strtmp); - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR); - goto err; - } - bag->value.other = ASN1_TYPE_new(); - if (bag->value.other == NULL) { - ASN1_OCTET_STRING_free(strtmp); - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - ASN1_TYPE_set(bag->value.other, vtype, strtmp); + switch (vtype) { + case V_ASN1_OCTET_STRING: { + ASN1_OCTET_STRING *strtmp = ASN1_OCTET_STRING_new(); + + if (strtmp == NULL) { + ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); + goto err; + } + /* Pack data into an octet string */ + if (!ASN1_OCTET_STRING_set(strtmp, value, len)) { + ASN1_OCTET_STRING_free(strtmp); + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR); + goto err; + } + bag->value.other = ASN1_TYPE_new(); + if (bag->value.other == NULL) { + ASN1_OCTET_STRING_free(strtmp); + ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); + goto err; } - break; + ASN1_TYPE_set(bag->value.other, vtype, strtmp); + } break; default: ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_TYPE); @@ -161,8 +168,8 @@ safebag->value.bag = bag; safebag->type = OBJ_nid2obj(NID_secretBag); return safebag; - - err: + +err: PKCS12_BAGS_free(bag); return NULL; } @@ -199,13 +206,13 @@ } PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, - const char *pass, - int passlen, - unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *ctx, - const char *propq) + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *ctx, + const char *propq) { PKCS12_SAFEBAG *bag = NULL; const EVP_CIPHER *pbe_ciph = NULL; @@ -222,7 +229,7 @@ pbe_nid = -1; p8 = PKCS8_encrypt_ex(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, - p8inf, ctx, propq); + p8inf, ctx, propq); if (p8 == NULL) goto err; @@ -236,13 +243,13 @@ } PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, - const char *pass, - int passlen, - unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf) + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf) { return PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(pbe_nid, pass, passlen, - salt, saltlen, iter, p8inf, - NULL, NULL); + salt, saltlen, iter, p8inf, + NULL, NULL); } --- crypto/openssl/crypto/pkcs12/p12_utl.c.orig +++ crypto/openssl/crypto/pkcs12/p12_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ /* Cheap and nasty Unicode stuff */ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, - unsigned char **uni, int *unilen) + unsigned char **uni, int *unilen) { int ulen, i; unsigned char *unitmp; @@ -77,7 +77,7 @@ * bytes the string occupies, and treat it, the length, accordingly. */ unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, - unsigned char **uni, int *unilen) + unsigned char **uni, int *unilen) { int ulen, i, j; unsigned char *unitmp, *ret; @@ -87,7 +87,7 @@ asclen = strlen(asc); for (ulen = 0, i = 0; i < asclen; i += j) { - j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); + j = UTF8_getc((const unsigned char *)asc + i, asclen - i, &utf32chr); /* * Following condition is somewhat opportunistic is sense that @@ -108,16 +108,16 @@ if (j < 0) return OPENSSL_asc2uni(asc, asclen, uni, unilen); - if (utf32chr > 0x10FFFF) /* UTF-16 cap */ + if (utf32chr > 0x10FFFF) /* UTF-16 cap */ return NULL; - if (utf32chr >= 0x10000) /* pair of UTF-16 characters */ - ulen += 2*2; - else /* or just one */ + if (utf32chr >= 0x10000) /* pair of UTF-16 characters */ + ulen += 2 * 2; + else /* or just one */ ulen += 2; } - ulen += 2; /* for trailing UTF16 zero */ + ulen += 2; /* for trailing UTF16 zero */ if ((ret = OPENSSL_malloc(ulen)) == NULL) { ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); @@ -125,19 +125,19 @@ } /* re-run the loop writing down UTF-16 characters in big-endian order */ for (unitmp = ret, i = 0; i < asclen; i += j) { - j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); - if (utf32chr >= 0x10000) { /* pair if UTF-16 characters */ + j = UTF8_getc((const unsigned char *)asc + i, asclen - i, &utf32chr); + if (utf32chr >= 0x10000) { /* pair if UTF-16 characters */ unsigned int hi, lo; utf32chr -= 0x10000; - hi = 0xD800 + (utf32chr>>10); - lo = 0xDC00 + (utf32chr&0x3ff); - *unitmp++ = (unsigned char)(hi>>8); + hi = 0xD800 + (utf32chr >> 10); + lo = 0xDC00 + (utf32chr & 0x3ff); + *unitmp++ = (unsigned char)(hi >> 8); *unitmp++ = (unsigned char)(hi); - *unitmp++ = (unsigned char)(lo>>8); + *unitmp++ = (unsigned char)(lo >> 8); *unitmp++ = (unsigned char)(lo); - } else { /* or just one */ - *unitmp++ = (unsigned char)(utf32chr>>8); + } else { /* or just one */ + *unitmp++ = (unsigned char)(utf32chr >> 8); *unitmp++ = (unsigned char)(utf32chr); } } @@ -155,27 +155,31 @@ { unsigned long utf32chr; - if (len == 0) return 0; + if (len == 0) + return 0; - if (len < 2) return -1; + if (len < 2) + return -1; /* pull UTF-16 character in big-endian order */ - utf32chr = (utf16[0]<<8) | utf16[1]; + utf32chr = (utf16[0] << 8) | utf16[1]; - if (utf32chr >= 0xD800 && utf32chr < 0xE000) { /* two chars */ + if (utf32chr >= 0xD800 && utf32chr < 0xE000) { /* two chars */ unsigned int lo; - if (len < 4) return -1; + if (len < 4) + return -1; utf32chr -= 0xD800; utf32chr <<= 10; - lo = (utf16[2]<<8) | utf16[3]; - if (lo < 0xDC00 || lo >= 0xE000) return -1; - utf32chr |= lo-0xDC00; + lo = (utf16[2] << 8) | utf16[3]; + if (lo < 0xDC00 || lo >= 0xE000) + return -1; + utf32chr |= lo - 0xDC00; utf32chr += 0x10000; } - return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr); + return UTF8_putc((unsigned char *)str, 4, utf32chr); } char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) @@ -187,21 +191,24 @@ if (unilen & 1) return NULL; - for (asclen = 0, i = 0; i < unilen; ) { - j = bmp_to_utf8(NULL, uni+i, unilen-i); + for (asclen = 0, i = 0; i < unilen;) { + j = bmp_to_utf8(NULL, uni + i, unilen - i); /* * falling back to OPENSSL_uni2asc makes lesser sense [than * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above], * it's done rather to maintain symmetry... */ - if (j < 0) return OPENSSL_uni2asc(uni, unilen); - if (j == 4) i += 4; - else i += 2; + if (j < 0) + return OPENSSL_uni2asc(uni, unilen); + if (j == 4) + i += 4; + else + i += 2; asclen += j; } /* If no terminating zero allow for one */ - if (!unilen || (uni[unilen-2]||uni[unilen - 1])) + if (!unilen || (uni[unilen - 2] || uni[unilen - 1])) asclen++; if ((asctmp = OPENSSL_malloc(asclen)) == NULL) { @@ -210,20 +217,22 @@ } /* re-run the loop emitting UTF-8 string */ - for (asclen = 0, i = 0; i < unilen; ) { - j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); + for (asclen = 0, i = 0; i < unilen;) { + j = bmp_to_utf8(asctmp + asclen, uni + i, unilen - i); /* when UTF8_putc fails */ if (j < 0) { OPENSSL_free(asctmp); return NULL; } - if (j == 4) i += 4; - else i += 2; + if (j == 4) + i += 4; + else + i += 2; asclen += j; } /* If no terminating zero write one */ - if (!unilen || (uni[unilen-2]||uni[unilen - 1])) + if (!unilen || (uni[unilen - 2] || uni[unilen - 1])) asctmp[asclen] = '\0'; return asctmp; --- crypto/openssl/crypto/pkcs12/pk12err.c.orig +++ crypto/openssl/crypto/pkcs12/pk12err.c @@ -15,38 +15,38 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA PKCS12_str_reasons[] = { - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE), - "cant pack structure"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA), - "content type not data"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), - "error setting encrypted data type"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT), - "invalid null argument"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER), - "invalid null pkcs12 pointer"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_TYPE), "invalid type"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR), - "mac generation error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR), - "mac string set error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE), - "mac verify failure"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR), - "pkcs12 cipherfinal error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), - "unknown digest algorithm"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE), - "unsupported pkcs12 mode"}, - {0, NULL} + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE), + "cant pack structure" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA), + "content type not data" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), + "error setting encrypted data type" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT), + "invalid null argument" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER), + "invalid null pkcs12 pointer" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_TYPE), "invalid type" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR), + "mac generation error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR), + "mac string set error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE), + "mac verify failure" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR), + "pkcs12 cipherfinal error" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), + "unknown digest algorithm" }, + { ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE), + "unsupported pkcs12 mode" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/pkcs7/bio_pk7.c.orig +++ crypto/openssl/crypto/pkcs7/bio_pk7.c @@ -12,7 +12,7 @@ #include #if !defined(OPENSSL_SYS_VXWORKS) -# include +#include #endif #include --- crypto/openssl/crypto/pkcs7/pk7_asn1.c.orig +++ crypto/openssl/crypto/pkcs7/pk7_asn1.c @@ -21,17 +21,17 @@ ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); ASN1_ADB(PKCS7) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) + ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), + ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), + ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), + ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); /* PKCS#7 streaming support */ static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { ASN1_STREAM_ARG *sarg = exarg; PKCS7 **pp7 = (PKCS7 **)pval; @@ -53,15 +53,14 @@ if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) return 0; break; - } return 1; } ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = { - ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS7) -}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7) + ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(PKCS7) +} ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7) PKCS7 *d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len) { @@ -75,7 +74,7 @@ } ret = (PKCS7 *)ASN1_item_d2i_ex((ASN1_VALUE **)a, in, len, (PKCS7_it()), - libctx, propq); + libctx, propq); if (ret != NULL) ossl_pkcs7_resolve_libctx(ret); return ret; @@ -83,7 +82,7 @@ int i2d_PKCS7(const PKCS7 *a, unsigned char **out) { - return ASN1_item_i2d((const ASN1_VALUE *)a, out, (PKCS7_it()));\ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, (PKCS7_it())); } PKCS7 *PKCS7_new(void) @@ -94,7 +93,7 @@ PKCS7 *PKCS7_new_ex(OSSL_LIB_CTX *libctx, const char *propq) { PKCS7 *pkcs7 = (PKCS7 *)ASN1_item_new_ex(ASN1_ITEM_rptr(PKCS7), libctx, - propq); + propq); if (pkcs7 != NULL) { pkcs7->ctx.libctx = libctx; @@ -124,19 +123,19 @@ IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { - ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), - ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) + ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), + ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), + ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), + ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), + ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), + ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) /* Minor tweak to operation: free up EVP_PKEY */ static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { if (operation == ASN1_OP_FREE_POST) { PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; @@ -146,40 +145,40 @@ } ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { - ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), - /* NB this should be a SET OF but we use a SEQUENCE OF so the - * original order * is retained when the structure is reencoded. - * Since the attributes are implicitly tagged this will not affect - * the encoding. - */ - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) + ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), + /* NB this should be a SET OF but we use a SEQUENCE OF so the + * original order * is retained when the structure is reencoded. + * Since the attributes are implicitly tagged this will not affect + * the encoding. + */ + ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) } ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { - ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), - ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) + ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), + ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) } ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { - ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), - ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) + ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), + ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), + ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) } ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) /* Minor tweak to operation: free up X509 */ static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { if (operation == ASN1_OP_FREE_POST) { PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; @@ -189,46 +188,46 @@ } ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { - ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), - ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), - ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) + ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), + ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), + ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { - ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), - ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), - ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0) + ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), + ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), + ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0) } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { - ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) + ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), + ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), + ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), + ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), + ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), + ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), + ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { - ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) + ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) } ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { - ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), - ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), - ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) + ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), + ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), + ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) } ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) @@ -240,8 +239,7 @@ * encoding. */ -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) /* @@ -249,9 +247,8 @@ * SEQUENCE OF and tag it to SET OF */ -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, - V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, + V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) --- crypto/openssl/crypto/pkcs7/pk7_attr.c.orig +++ crypto/openssl/crypto/pkcs7/pk7_attr.c @@ -18,7 +18,7 @@ #include int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, - STACK_OF(X509_ALGOR) *cap) + STACK_OF(X509_ALGOR) *cap) { ASN1_STRING *seq; @@ -27,9 +27,9 @@ return 0; } seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, - ASN1_ITEM_rptr(X509_ALGORS)); + ASN1_ITEM_rptr(X509_ALGORS)); if (!PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, seq)) { + V_ASN1_SEQUENCE, seq)) { ASN1_STRING_free(seq); return 0; } @@ -47,7 +47,7 @@ p = cap->value.sequence->data; return (STACK_OF(X509_ALGOR) *) ASN1_item_d2i(NULL, &p, cap->value.sequence->length, - ASN1_ITEM_rptr(X509_ALGORS)); + ASN1_ITEM_rptr(X509_ALGORS)); } /* Basic smime-capabilities OID and optional integer arg */ @@ -94,7 +94,7 @@ if (!coid) coid = OBJ_nid2obj(NID_pkcs7_data); return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, coid); + V_ASN1_OBJECT, coid); } int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) @@ -106,7 +106,7 @@ return 0; } if (!PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, - V_ASN1_UTCTIME, t)) { + V_ASN1_UTCTIME, t)) { ASN1_TIME_free(tmp); return 0; } @@ -114,7 +114,7 @@ } int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, - const unsigned char *md, int mdlen) + const unsigned char *md, int mdlen) { ASN1_OCTET_STRING *os; os = ASN1_OCTET_STRING_new(); @@ -122,7 +122,7 @@ return 0; if (!ASN1_STRING_set(os, md, mdlen) || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, os)) { + V_ASN1_OCTET_STRING, os)) { ASN1_OCTET_STRING_free(os); return 0; } --- crypto/openssl/crypto/pkcs7/pk7_doit.c.orig +++ crypto/openssl/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ #include "pk7_local.h" static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value); + void *value); static ASN1_TYPE *get_attribute(const STACK_OF(X509_ATTRIBUTE) *sk, int nid); int PKCS7_type_is_other(PKCS7 *p7) @@ -41,7 +41,6 @@ } return isOther; - } ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) @@ -55,7 +54,7 @@ } static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, - const PKCS7_CTX *ctx) + const PKCS7_CTX *ctx) { BIO *btmp; char name[OSSL_MAX_NAME_SIZE]; @@ -71,7 +70,7 @@ (void)ERR_set_mark(); fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name, - ossl_pkcs7_ctx_get0_propq(ctx)); + ossl_pkcs7_ctx_get0_propq(ctx)); if (fetched != NULL) md = fetched; else @@ -100,13 +99,13 @@ return 1; - err: +err: BIO_free(btmp); return 0; } static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, - unsigned char *key, int keylen) + unsigned char *key, int keylen) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; @@ -120,7 +119,7 @@ return 0; pctx = EVP_PKEY_CTX_new_from_pkey(ossl_pkcs7_ctx_get0_libctx(ctx), pkey, - ossl_pkcs7_ctx_get0_propq(ctx)); + ossl_pkcs7_ctx_get0_propq(ctx)); if (pctx == NULL) return 0; @@ -145,16 +144,15 @@ ret = 1; - err: +err: EVP_PKEY_CTX_free(pctx); OPENSSL_free(ek); return ret; - } static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, - size_t fixlen) + PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, + size_t fixlen) { EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; @@ -163,7 +161,7 @@ const PKCS7_CTX *ctx = ri->ctx; pctx = EVP_PKEY_CTX_new_from_pkey(ossl_pkcs7_ctx_get0_libctx(ctx), pkey, - ossl_pkcs7_ctx_get0_propq(ctx)); + ossl_pkcs7_ctx_get0_propq(ctx)); if (pctx == NULL) return -1; @@ -171,7 +169,8 @@ goto err; if (EVP_PKEY_decrypt(pctx, NULL, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) + ri->enc_key->data, ri->enc_key->length) + <= 0) goto err; ek = OPENSSL_malloc(eklen); @@ -182,9 +181,10 @@ } if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0 - || eklen == 0 - || (fixlen != 0 && eklen != fixlen)) { + ri->enc_key->data, ri->enc_key->length) + <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { ret = 0; ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); goto err; @@ -196,7 +196,7 @@ *pek = ek; *peklen = eklen; - err: +err: EVP_PKEY_CTX_free(pctx); if (!ret) OPENSSL_free(ek); @@ -309,8 +309,8 @@ (void)ERR_set_mark(); fetched_cipher = EVP_CIPHER_fetch(libctx, - EVP_CIPHER_get0_name(evp_cipher), - propq); + EVP_CIPHER_get0_name(evp_cipher), + propq); (void)ERR_pop_to_mark(); if (fetched_cipher != NULL) cipher = fetched_cipher; @@ -334,8 +334,11 @@ if (xalg->parameter == NULL) goto err; } - if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) + if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) { + ASN1_TYPE_free(xalg->parameter); + xalg->parameter = NULL; goto err; + } } /* Lets do the pub key stuff :-) */ @@ -373,7 +376,7 @@ out = bio; return out; - err: +err: EVP_CIPHER_free(fetched_cipher); BIO_free_all(out); BIO_free_all(btmp); @@ -384,11 +387,11 @@ { int ret; ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, - X509_get_issuer_name(pcert)); + X509_get_issuer_name(pcert)); if (ret) return ret; return ASN1_INTEGER_cmp(X509_get0_serialNumber(pcert), - ri->issuer_and_serial->serial); + ri->issuer_and_serial->serial); } /* int */ @@ -565,7 +568,7 @@ } if (ri == NULL) { ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); + PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); goto err; } } @@ -580,7 +583,8 @@ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); ri->ctx = p7_ctx; if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, - EVP_CIPHER_get_key_length(cipher)) < 0) + EVP_CIPHER_get_key_length(cipher)) + < 0) goto err; ERR_clear_error(); } @@ -663,7 +667,7 @@ EVP_CIPHER_free(evp_cipher); return out; - err: +err: EVP_CIPHER_free(evp_cipher); OPENSSL_clear_free(ek, eklen); OPENSSL_clear_free(tkey, tkeylen); @@ -788,6 +792,10 @@ break; case NID_pkcs7_signed: si_sk = p7->d.sign->signer_info; + if (p7->d.sign->contents == NULL) { + ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); + goto err; + } os = PKCS7_get_octet_string(p7->d.sign->contents); /* If detached data then the content is excluded */ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { @@ -798,6 +806,10 @@ break; case NID_pkcs7_digest: + if (p7->d.digest->contents == NULL) { + ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); + goto err; + } os = PKCS7_get_octet_string(p7->d.digest->contents); /* If detached data then the content is excluded */ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { @@ -851,8 +863,8 @@ goto err; if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey, - ossl_pkcs7_ctx_get0_libctx(p7_ctx), - ossl_pkcs7_ctx_get0_propq(p7_ctx))) { + ossl_pkcs7_ctx_get0_libctx(p7_ctx), + ossl_pkcs7_ctx_get0_propq(p7_ctx))) { OPENSSL_free(abuf); ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); goto err; @@ -864,7 +876,7 @@ unsigned char md_data[EVP_MAX_MD_SIZE]; unsigned int md_len; if (!PKCS7_find_digest(&mdc, bio, - OBJ_obj2nid(p7->d.digest->md->algorithm))) + OBJ_obj2nid(p7->d.digest->md->algorithm))) goto err; if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) goto err; @@ -898,7 +910,7 @@ } } ret = 1; - err: +err: EVP_MD_CTX_free(ctx_tmp); return ret; } @@ -924,13 +936,14 @@ } if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_get0_name(md), - ossl_pkcs7_ctx_get0_libctx(ctx), - ossl_pkcs7_ctx_get0_propq(ctx), si->pkey, - NULL) <= 0) + ossl_pkcs7_ctx_get0_libctx(ctx), + ossl_pkcs7_ctx_get0_propq(ctx), si->pkey, + NULL) + <= 0) goto err; alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); + ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); if (!abuf) goto err; if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) @@ -951,14 +964,14 @@ return 1; - err: +err: OPENSSL_free(abuf); EVP_MD_CTX_free(mctx); return 0; } int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, - PKCS7 *p7, PKCS7_SIGNER_INFO *si) + PKCS7 *p7, PKCS7_SIGNER_INFO *si) { PKCS7_ISSUER_AND_SERIAL *ias; int ret = 0, i; @@ -1007,12 +1020,12 @@ } return PKCS7_signatureVerify(bio, p7, si, x509); - err: +err: return ret; } int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509) + X509 *x509) { ASN1_OCTET_STRING *os; EVP_MD_CTX *mdc_tmp, *mdc; @@ -1043,8 +1056,7 @@ btmp = bio; for (;;) { - if ((btmp == NULL) || - ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { + if ((btmp == NULL) || ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; } @@ -1085,8 +1097,7 @@ ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; } - if ((message_digest->length != (int)md_len) || - (memcmp(message_digest->data, md_dat, md_len))) { + if ((message_digest->length != (int)md_len) || (memcmp(message_digest->data, md_dat, md_len))) { ERR_raise(ERR_LIB_PKCS7, PKCS7_R_DIGEST_FAILURE); ret = -1; goto err; @@ -1107,7 +1118,7 @@ (void)ERR_pop_to_mark(); alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); + ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); if (alen <= 0) { ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB); ret = -1; @@ -1131,7 +1142,7 @@ goto err; } ret = 1; - err: +err: OPENSSL_free(abuf); EVP_MD_CTX_free(mdc_tmp); EVP_MD_free(fetched_md); @@ -1188,7 +1199,7 @@ } int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk) + STACK_OF(X509_ATTRIBUTE) *sk) { int i; @@ -1198,8 +1209,7 @@ return 0; for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, - X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value - (sk, i)))) + X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) return 0; } @@ -1207,7 +1217,7 @@ } int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk) + STACK_OF(X509_ATTRIBUTE) *sk) { int i; @@ -1217,8 +1227,7 @@ return 0; for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, - X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value - (sk, i)))) + X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) return 0; } @@ -1226,19 +1235,19 @@ } int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) + void *value) { return add_attribute(&(p7si->auth_attr), nid, atrtype, value); } int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) + void *value) { return add_attribute(&(p7si->unauth_attr), nid, atrtype, value); } static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value) + void *value) { X509_ATTRIBUTE *attr = NULL; int i, n; @@ -1256,7 +1265,7 @@ if (!sk_X509_ATTRIBUTE_push(*sk, NULL)) return 0; - end: +end: attr = X509_ATTRIBUTE_create(nid, atrtype, value); if (attr == NULL) { if (i == n) @@ -1264,6 +1273,6 @@ return 0; } X509_ATTRIBUTE_free(sk_X509_ATTRIBUTE_value(*sk, i)); - (void) sk_X509_ATTRIBUTE_set(*sk, i, attr); + (void)sk_X509_ATTRIBUTE_set(*sk, i, attr); return 1; } --- crypto/openssl/crypto/pkcs7/pk7_lib.c.orig +++ crypto/openssl/crypto/pkcs7/pk7_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,13 +42,14 @@ } } else { ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); ret = 0; } break; case PKCS7_OP_GET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { - if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL) + if (p7->d.sign == NULL || p7->d.sign->contents == NULL + || p7->d.sign->contents->d.ptr == NULL) ret = 1; else ret = 0; @@ -56,7 +57,7 @@ p7->detached = ret; } else { ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); ret = 0; } @@ -80,7 +81,7 @@ goto err; return 1; - err: +err: PKCS7_free(ret); return 0; } @@ -108,7 +109,7 @@ goto err; } return 1; - err: +err: return 0; } @@ -119,7 +120,7 @@ /* * PKCS7_content_free(p7); */ - obj = OBJ_nid2obj(type); /* will not fail */ + obj = OBJ_nid2obj(type); /* will not fail */ switch (type) { case NID_pkcs7_signed: @@ -179,7 +180,7 @@ goto err; } return 1; - err: +err: return 0; } @@ -223,7 +224,7 @@ break; } } - if (!j) { /* we need to add another algorithm */ + if (!j) { /* we need to add another algorithm */ int nid; if ((alg = X509_ALGOR_new()) == NULL @@ -308,7 +309,7 @@ } static int pkcs7_ecdsa_or_dsa_sign_verify_setup(PKCS7_SIGNER_INFO *si, - int verify) + int verify) { if (verify == 0) { int snid, hnid; @@ -341,7 +342,7 @@ } int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) + const EVP_MD *dgst) { int ret; @@ -349,7 +350,7 @@ if (!ASN1_INTEGER_set(p7i->version, 1)) goto err; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509))) + X509_get_issuer_name(x509))) goto err; /* @@ -357,8 +358,7 @@ * ugly way. */ ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - if (!(p7i->issuer_and_serial->serial = - ASN1_INTEGER_dup(X509_get0_serialNumber(x509)))) + if (!(p7i->issuer_and_serial->serial = ASN1_INTEGER_dup(X509_get0_serialNumber(x509)))) goto err; /* lets keep the pkey around for a while */ @@ -368,7 +368,7 @@ /* Set the algorithms */ X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_get_type(dgst)), - V_ASN1_NULL, NULL); + V_ASN1_NULL, NULL); if (EVP_PKEY_is_a(pkey, "EC") || EVP_PKEY_is_a(pkey, "DSA")) return pkcs7_ecdsa_or_dsa_sign_verify_setup(p7i, 0); @@ -385,12 +385,12 @@ } } ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - err: +err: return 0; } PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) + const EVP_MD *dgst) { PKCS7_SIGNER_INFO *si = NULL; @@ -412,7 +412,7 @@ if (!PKCS7_add_signer(p7, si)) goto err; return si; - err: +err: PKCS7_SIGNER_INFO_free(si); return NULL; } @@ -551,7 +551,7 @@ } void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, - X509_ALGOR **pdig, X509_ALGOR **psig) + X509_ALGOR **pdig, X509_ALGOR **psig) { if (pk) *pk = si->pkey; @@ -579,7 +579,7 @@ goto err; ri->ctx = ossl_pkcs7_get0_ctx(p7); return ri; - err: +err: PKCS7_RECIP_INFO_free(ri); return NULL; } @@ -626,12 +626,11 @@ if (!ASN1_INTEGER_set(p7i->version, 0)) return 0; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509))) + X509_get_issuer_name(x509))) return 0; ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - if (!(p7i->issuer_and_serial->serial = - ASN1_INTEGER_dup(X509_get0_serialNumber(x509)))) + if (!(p7i->issuer_and_serial->serial = ASN1_INTEGER_dup(X509_get0_serialNumber(x509)))) return 0; pkey = X509_get0_pubkey(x509); @@ -648,14 +647,14 @@ if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) { ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; } ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i); if (ret == -2) { ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; } if (ret <= 0) { @@ -668,7 +667,7 @@ return 1; - err: +err: return 0; } @@ -676,9 +675,8 @@ { if (PKCS7_type_is_signed(p7)) return (X509_find_by_issuer_and_serial(p7->d.sign->cert, - si->issuer_and_serial->issuer, - si-> - issuer_and_serial->serial)); + si->issuer_and_serial->issuer, + si->issuer_and_serial->serial)); else return NULL; } @@ -740,6 +738,10 @@ break; case NID_pkcs7_signed: + if (p7->d.sign == NULL || p7->d.sign->contents == NULL) { + ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); + break; + } os = p7->d.sign->contents->d.data; break; --- crypto/openssl/crypto/pkcs7/pk7_mime.c.orig +++ crypto/openssl/crypto/pkcs7/pk7_mime.c @@ -18,13 +18,13 @@ int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) { return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, - ASN1_ITEM_rptr(PKCS7)); + ASN1_ITEM_rptr(PKCS7)); } int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) { return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)p7, in, flags, - "PKCS7", ASN1_ITEM_rptr(PKCS7)); + "PKCS7", ASN1_ITEM_rptr(PKCS7)); } int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) @@ -44,9 +44,9 @@ flags ^= SMIME_OLDMIME; return SMIME_write_ASN1_ex(bio, (ASN1_VALUE *)p7, data, flags, ctype_nid, - NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7), - ossl_pkcs7_ctx_get0_libctx(ctx), - ossl_pkcs7_ctx_get0_propq(ctx)); + NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7), + ossl_pkcs7_ctx_get0_libctx(ctx), + ossl_pkcs7_ctx_get0_propq(ctx)); } PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7) @@ -61,7 +61,7 @@ } ret = (PKCS7 *)SMIME_read_ASN1_ex(bio, 0, bcont, ASN1_ITEM_rptr(PKCS7), - (ASN1_VALUE **)p7, libctx, propq); + (ASN1_VALUE **)p7, libctx, propq); if (ret != NULL) ossl_pkcs7_resolve_libctx(ret); return ret; --- crypto/openssl/crypto/pkcs7/pk7_smime.c.orig +++ crypto/openssl/crypto/pkcs7/pk7_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,12 +17,11 @@ #define BUFFERSIZE 4096 - static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags, OSSL_LIB_CTX *libctx, - const char *propq) + BIO *data, int flags, OSSL_LIB_CTX *libctx, + const char *propq) { PKCS7 *p7; int i; @@ -59,18 +58,17 @@ if (PKCS7_final(p7, data, flags)) return p7; - err: +err: PKCS7_free(p7); return NULL; } PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags) + BIO *data, int flags) { return PKCS7_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL); } - int PKCS7_final(PKCS7 *p7, BIO *data, int flags) { BIO *p7bio; @@ -95,7 +93,6 @@ BIO_free_all(p7bio); return ret; - } /* Check to see if a cipher exists and if so add S/MIME capabilities */ @@ -115,15 +112,15 @@ } PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, - EVP_PKEY *pkey, const EVP_MD *md, - int flags) + EVP_PKEY *pkey, const EVP_MD *md, + int flags) { PKCS7_SIGNER_INFO *si = NULL; STACK_OF(X509_ALGOR) *smcap = NULL; if (!X509_check_private_key(signcert, pkey)) { ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return NULL; } @@ -173,7 +170,7 @@ } } return si; - err: +err: sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); return NULL; } @@ -200,7 +197,6 @@ osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); break; } - } if (osdig != NULL) @@ -211,7 +207,7 @@ } int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags) + BIO *indata, BIO *out, int flags) { STACK_OF(X509) *signers; X509 *signer; @@ -268,7 +264,7 @@ /* Now verify the certificates */ p7_ctx = ossl_pkcs7_get0_ctx(p7); cert_ctx = X509_STORE_CTX_new_ex(ossl_pkcs7_ctx_get0_libctx(p7_ctx), - ossl_pkcs7_ctx_get0_propq(p7_ctx)); + ossl_pkcs7_ctx_get0_propq(p7_ctx)); if (cert_ctx == NULL) goto err; if (!(flags & PKCS7_NOVERIFY)) @@ -276,7 +272,7 @@ signer = sk_X509_value(signers, k); if (!(flags & PKCS7_NOCHAIN)) { if (!X509_STORE_CTX_init(cert_ctx, store, signer, - p7->d.sign->cert)) { + p7->d.sign->cert)) { ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); goto err; } @@ -293,8 +289,8 @@ j = X509_STORE_CTX_get_error(cert_ctx); if (i <= 0) { ERR_raise_data(ERR_LIB_PKCS7, PKCS7_R_CERTIFICATE_VERIFY_ERROR, - "Verify error: %s", - X509_verify_cert_error_string(j)); + "Verify error: %s", + X509_verify_cert_error_string(j)); goto err; } /* Check for revocation status here */ @@ -347,10 +343,8 @@ if (flags & PKCS7_TEXT) { if (!SMIME_text(tmpout, out)) { ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR); - BIO_free(tmpout); goto err; } - BIO_free(tmpout); } /* Now Verify All Signatures */ @@ -367,7 +361,9 @@ ret = 1; - err: +err: + if (flags & PKCS7_TEXT) + BIO_free(tmpout); X509_STORE_CTX_free(cert_ctx); OPENSSL_free(buf); if (tmpin == indata) { @@ -380,7 +376,7 @@ } STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, - int flags) + int flags) { STACK_OF(X509) *signers; STACK_OF(PKCS7_SIGNER_INFO) *sinfos; @@ -420,12 +416,11 @@ /* If any certificates passed they take priority */ if (certs) signer = X509_find_by_issuer_and_serial(certs, - ias->issuer, ias->serial); + ias->issuer, ias->serial); if (!signer && !(flags & PKCS7_NOINTERN) && p7->d.sign->cert) - signer = - X509_find_by_issuer_and_serial(p7->d.sign->cert, - ias->issuer, ias->serial); + signer = X509_find_by_issuer_and_serial(p7->d.sign->cert, + ias->issuer, ias->serial); if (!signer) { ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); sk_X509_free(signers); @@ -443,8 +438,8 @@ /* Build a complete PKCS#7 enveloped data */ PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, int flags, - OSSL_LIB_CTX *libctx, const char *propq) + const EVP_CIPHER *cipher, int flags, + OSSL_LIB_CTX *libctx, const char *propq) { PKCS7 *p7; BIO *p7bio = NULL; @@ -477,21 +472,19 @@ if (PKCS7_final(p7, in, flags)) return p7; - err: +err: BIO_free_all(p7bio); PKCS7_free(p7); return NULL; - } PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags) + int flags) { return PKCS7_encrypt_ex(certs, in, cipher, flags, NULL, NULL); } - int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { BIO *tmpmem; @@ -510,7 +503,7 @@ if (cert && !X509_check_private_key(cert, pkey)) { ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return 0; } --- crypto/openssl/crypto/pkcs7/pkcs7err.c.orig +++ crypto/openssl/crypto/pkcs7/pkcs7err.c @@ -15,75 +15,75 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA PKCS7_str_reasons[] = { - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), - "cipher has no object identifier"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_NOT_INITIALIZED), - "cipher not initialized"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CONTENT_AND_DATA_PRESENT), - "content and data present"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CTRL_ERROR), "ctrl error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DIGEST_FAILURE), "digest failure"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_CTRL_FAILURE), - "encryption ctrl failure"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "encryption not supported for this key type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_ADDING_RECIPIENT), - "error adding recipient"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_SETTING_CIPHER), - "error setting cipher"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_NULL_POINTER), - "invalid null pointer"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_SIGNED_DATA_TYPE), - "invalid signed data type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_CONTENT), "no content"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_DEFAULT_DIGEST), - "no default digest"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), - "no matching digest type found"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), - "no recipient matches certificate"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNATURES_ON_DATA), - "no signatures on data"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNERS), "no signers"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), - "operation not supported on this type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), - "pkcs7 add signature error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNER_ERROR), - "pkcs7 add signer error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNATURE_FAILURE), - "signature failure"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_CTRL_FAILURE), - "signing ctrl failure"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "signing not supported for this key type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), - "unable to find certificate"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MEM_BIO), - "unable to find mem bio"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), - "unable to find message digest"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_DIGEST_TYPE), - "unknown digest type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_OPERATION), - "unknown operation"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CIPHER_TYPE), - "unsupported cipher type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_CONTENT_TYPE), - "wrong content type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"}, - {0, NULL} + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), + "cipher has no object identifier" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_NOT_INITIALIZED), + "cipher not initialized" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CONTENT_AND_DATA_PRESENT), + "content and data present" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CTRL_ERROR), "ctrl error" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DECRYPT_ERROR), "decrypt error" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DIGEST_FAILURE), "digest failure" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_CTRL_FAILURE), + "encryption ctrl failure" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "encryption not supported for this key type" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_ADDING_RECIPIENT), + "error adding recipient" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_SETTING_CIPHER), + "error setting cipher" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_NULL_POINTER), + "invalid null pointer" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_SIGNED_DATA_TYPE), + "invalid signed data type" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_CONTENT), "no content" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_DEFAULT_DIGEST), + "no default digest" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), + "no matching digest type found" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), + "no recipient matches certificate" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNATURES_ON_DATA), + "no signatures on data" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNERS), "no signers" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), + "operation not supported on this type" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), + "pkcs7 add signature error" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNER_ERROR), + "pkcs7 add signer error" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNATURE_FAILURE), + "signature failure" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_CTRL_FAILURE), + "signing ctrl failure" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "signing not supported for this key type" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SMIME_TEXT_ERROR), "smime text error" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), + "unable to find certificate" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MEM_BIO), + "unable to find mem bio" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), + "unable to find message digest" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_DIGEST_TYPE), + "unknown digest type" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_OPERATION), + "unknown operation" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CIPHER_TYPE), + "unsupported cipher type" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_CONTENT_TYPE), + "wrong content type" }, + { ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/poly1305/poly1305.c.orig +++ crypto/openssl/crypto/poly1305/poly1305.c @@ -21,10 +21,7 @@ /* pick 32-bit unsigned integer in little endian order */ static unsigned int U8TOU32(const unsigned char *p) { - return (((unsigned int)(p[0] & 0xff)) | - ((unsigned int)(p[1] & 0xff) << 8) | - ((unsigned int)(p[2] & 0xff) << 16) | - ((unsigned int)(p[3] & 0xff) << 24)); + return (((unsigned int)(p[0] & 0xff)) | ((unsigned int)(p[1] & 0xff) << 8) | ((unsigned int)(p[2] & 0xff) << 16) | ((unsigned int)(p[3] & 0xff) << 24)); } /* @@ -90,11 +87,10 @@ /* * Type-agnostic "rip-off" from constant_time.h */ -# define CONSTANT_TIME_CARRY(a,b) ( \ - (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \ - ) +#define CONSTANT_TIME_CARRY(a, b) ( \ + (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1)) -# if defined(INT64_MAX) && defined(INT128_MAX) +#if defined(INT64_MAX) && defined(INT128_MAX) typedef unsigned long u64; typedef uint128_t u128; @@ -107,14 +103,7 @@ /* pick 32-bit unsigned integer in little endian order */ static u64 U8TOU64(const unsigned char *p) { - return (((u64)(p[0] & 0xff)) | - ((u64)(p[1] & 0xff) << 8) | - ((u64)(p[2] & 0xff) << 16) | - ((u64)(p[3] & 0xff) << 24) | - ((u64)(p[4] & 0xff) << 32) | - ((u64)(p[5] & 0xff) << 40) | - ((u64)(p[6] & 0xff) << 48) | - ((u64)(p[7] & 0xff) << 56)); + return (((u64)(p[0] & 0xff)) | ((u64)(p[1] & 0xff) << 8) | ((u64)(p[2] & 0xff) << 16) | ((u64)(p[3] & 0xff) << 24) | ((u64)(p[4] & 0xff) << 32) | ((u64)(p[5] & 0xff) << 40) | ((u64)(p[6] & 0xff) << 48) | ((u64)(p[7] & 0xff) << 56)); } /* store a 32-bit unsigned integer in little endian */ @@ -132,7 +121,7 @@ static void poly1305_init(void *ctx, const unsigned char key[16]) { - poly1305_internal *st = (poly1305_internal *) ctx; + poly1305_internal *st = (poly1305_internal *)ctx; /* h = 0 */ st->h[0] = 0; @@ -173,11 +162,8 @@ h2 += (u64)(d1 >> 64) + padbit; /* h *= r "%" p, where "%" stands for "partial remainder" */ - d0 = ((u128)h0 * r0) + - ((u128)h1 * s1); - d1 = ((u128)h0 * r1) + - ((u128)h1 * r0) + - (h2 * s1); + d0 = ((u128)h0 * r0) + ((u128)h1 * s1); + d1 = ((u128)h0 * r1) + ((u128)h1 * r0) + (h2 * s1); h2 = (h2 * r0); /* last reduction step: */ @@ -189,8 +175,8 @@ c = (h2 >> 2) + (h2 & ~3UL); h2 &= 3; h0 += c; - h1 += (c = CONSTANT_TIME_CARRY(h0,c)); - h2 += CONSTANT_TIME_CARRY(h1,c); + h1 += (c = CONSTANT_TIME_CARRY(h0, c)); + h2 += CONSTANT_TIME_CARRY(h1, c); /* * Occasional overflows to 3rd bit of h2 are taken care of * "naturally". If after this point we end up at the top of @@ -211,9 +197,9 @@ } static void poly1305_emit(void *ctx, unsigned char mac[16], - const u32 nonce[4]) + const u32 nonce[4]) { - poly1305_internal *st = (poly1305_internal *) ctx; + poly1305_internal *st = (poly1305_internal *)ctx; u64 h0, h1, h2; u64 g0, g1, g2; u128 t; @@ -237,22 +223,22 @@ h1 = (h1 & mask) | g1; /* mac = (h + nonce) % (2^128) */ - h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); - h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); + h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1] << 32)); + h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3] << 32) + (t >> 64)); U64TO8(mac + 0, h0); U64TO8(mac + 8, h1); } -# else +#else -# if defined(_WIN32) && !defined(__MINGW32__) +#if defined(_WIN32) && !defined(__MINGW32__) typedef unsigned __int64 u64; -# elif defined(__arch64__) +#elif defined(__arch64__) typedef unsigned long u64; -# else +#else typedef unsigned long long u64; -# endif +#endif typedef struct { u32 h[5]; @@ -270,7 +256,7 @@ static void poly1305_init(void *ctx, const unsigned char key[16]) { - poly1305_internal *st = (poly1305_internal *) ctx; + poly1305_internal *st = (poly1305_internal *)ctx; /* h = 0 */ st->h[0] = 0; @@ -319,25 +305,10 @@ h4 += (u32)(d3 >> 32) + padbit; /* h *= r "%" p, where "%" stands for "partial remainder" */ - d0 = ((u64)h0 * r0) + - ((u64)h1 * s3) + - ((u64)h2 * s2) + - ((u64)h3 * s1); - d1 = ((u64)h0 * r1) + - ((u64)h1 * r0) + - ((u64)h2 * s3) + - ((u64)h3 * s2) + - (h4 * s1); - d2 = ((u64)h0 * r2) + - ((u64)h1 * r1) + - ((u64)h2 * r0) + - ((u64)h3 * s3) + - (h4 * s2); - d3 = ((u64)h0 * r3) + - ((u64)h1 * r2) + - ((u64)h2 * r1) + - ((u64)h3 * r0) + - (h4 * s3); + d0 = ((u64)h0 * r0) + ((u64)h1 * s3) + ((u64)h2 * s2) + ((u64)h3 * s1); + d1 = ((u64)h0 * r1) + ((u64)h1 * r0) + ((u64)h2 * s3) + ((u64)h3 * s2) + (h4 * s1); + d2 = ((u64)h0 * r2) + ((u64)h1 * r1) + ((u64)h2 * r0) + ((u64)h3 * s3) + (h4 * s2); + d3 = ((u64)h0 * r3) + ((u64)h1 * r2) + ((u64)h2 * r1) + ((u64)h3 * r0) + (h4 * s3); h4 = (h4 * r0); /* last reduction step: */ @@ -351,10 +322,10 @@ c = (h4 >> 2) + (h4 & ~3U); h4 &= 3; h0 += c; - h1 += (c = CONSTANT_TIME_CARRY(h0,c)); - h2 += (c = CONSTANT_TIME_CARRY(h1,c)); - h3 += (c = CONSTANT_TIME_CARRY(h2,c)); - h4 += CONSTANT_TIME_CARRY(h3,c); + h1 += (c = CONSTANT_TIME_CARRY(h0, c)); + h2 += (c = CONSTANT_TIME_CARRY(h1, c)); + h3 += (c = CONSTANT_TIME_CARRY(h2, c)); + h4 += CONSTANT_TIME_CARRY(h3, c); /* * Occasional overflows to 3rd bit of h4 are taken care of * "naturally". If after this point we end up at the top of @@ -377,9 +348,9 @@ } static void poly1305_emit(void *ctx, unsigned char mac[16], - const u32 nonce[4]) + const u32 nonce[4]) { - poly1305_internal *st = (poly1305_internal *) ctx; + poly1305_internal *st = (poly1305_internal *)ctx; u32 h0, h1, h2, h3, h4; u32 g0, g1, g2, g3, g4; u64 t; @@ -421,13 +392,13 @@ U32TO8(mac + 8, h2); U32TO8(mac + 12, h3); } -# endif +#endif #else int poly1305_init(void *ctx, const unsigned char key[16], void *func); void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, - unsigned int padbit); + unsigned int padbit); void poly1305_emit(void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); + const unsigned int nonce[4]); #endif void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]) @@ -453,7 +424,6 @@ #endif ctx->num = 0; - } #ifdef POLY1305_ASM @@ -461,8 +431,8 @@ * This "eclipses" poly1305_blocks and poly1305_emit, but it's * conscious choice imposed by -Wshadow compiler warnings. */ -# define poly1305_blocks (*poly1305_blocks_p) -# define poly1305_emit (*poly1305_emit_p) +#define poly1305_blocks (*poly1305_blocks_p) +#define poly1305_emit (*poly1305_emit_p) #endif void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len) @@ -516,7 +486,7 @@ size_t num; if ((num = ctx->num)) { - ctx->data[num++] = 1; /* pad bit */ + ctx->data[num++] = 1; /* pad bit */ while (num < POLY1305_BLOCK_SIZE) ctx->data[num++] = 0; poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 0); --- crypto/openssl/crypto/poly1305/poly1305_base2_44.c.orig +++ crypto/openssl/crypto/poly1305/poly1305_base2_44.c @@ -31,14 +31,7 @@ /* pick 64-bit unsigned integer in little endian order */ static u64 U8TOU64(const unsigned char *p) { - return (((u64)(p[0] & 0xff)) | - ((u64)(p[1] & 0xff) << 8) | - ((u64)(p[2] & 0xff) << 16) | - ((u64)(p[3] & 0xff) << 24) | - ((u64)(p[4] & 0xff) << 32) | - ((u64)(p[5] & 0xff) << 40) | - ((u64)(p[6] & 0xff) << 48) | - ((u64)(p[7] & 0xff) << 56)); + return (((u64)(p[0] & 0xff)) | ((u64)(p[1] & 0xff) << 8) | ((u64)(p[2] & 0xff) << 16) | ((u64)(p[3] & 0xff) << 24) | ((u64)(p[4] & 0xff) << 32) | ((u64)(p[5] & 0xff) << 40) | ((u64)(p[6] & 0xff) << 48) | ((u64)(p[7] & 0xff) << 56)); } /* store a 64-bit unsigned integer in little endian */ @@ -69,7 +62,7 @@ /* break r1:r0 to three 44-bit digits, masks are 1<<44-1 */ st->r[0] = r0 & 0x0fffffffffff; - st->r[1] = ((r0 >> 44) | (r1 << 20)) & 0x0fffffffffff; + st->r[1] = ((r0 >> 44) | (r1 << 20)) & 0x0fffffffffff; st->r[2] = (r1 >> 24); st->s[0] = (st->r[1] + (st->r[1] << 2)) << 2; @@ -79,7 +72,7 @@ } void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, - u32 padbit) + u32 padbit) { poly1305_internal *st = (poly1305_internal *)ctx; u64 r0, r1, r2; @@ -107,8 +100,8 @@ /* h += m[i], m[i] is broken to 44-bit digits */ h0 += m0 & 0x0fffffffffff; - h1 += ((m0 >> 44) | (m1 << 20)) & 0x0fffffffffff; - h2 += (m1 >> 24) + pad; + h1 += ((m0 >> 44) | (m1 << 20)) & 0x0fffffffffff; + h2 += (m1 >> 24) + pad; /* h *= r "%" p, where "%" stands for "partial remainder" */ d0 = ((u128)h0 * r0) + ((u128)h1 * s2) + ((u128)h2 * s1); @@ -134,7 +127,7 @@ void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4]) { - poly1305_internal *st = (poly1305_internal *) ctx; + poly1305_internal *st = (poly1305_internal *)ctx; u64 h0, h1, h2; u64 g0, g1, g2; u128 t; @@ -145,8 +138,10 @@ h2 = st->h[2]; /* after "lazy" reduction, convert 44+bit digits to 64-bit ones */ - h0 = (u64)(t = (u128)h0 + (h1 << 44)); h1 >>= 20; - h1 = (u64)(t = (u128)h1 + (h2 << 24) + (t >> 64)); h2 >>= 40; + h0 = (u64)(t = (u128)h0 + (h1 << 44)); + h1 >>= 20; + h1 = (u64)(t = (u128)h1 + (h2 << 24) + (t >> 64)); + h2 >>= 40; h2 += (u64)(t >> 64); /* compare to modulus by computing h + -p */ @@ -163,8 +158,8 @@ h1 = (h1 & mask) | g1; /* mac = (h + nonce) % (2^128) */ - h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); - h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); + h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1] << 32)); + h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3] << 32) + (t >> 64)); U64TO8(mac + 0, h0); U64TO8(mac + 8, h1); --- crypto/openssl/crypto/poly1305/poly1305_ieee754.c.orig +++ crypto/openssl/crypto/poly1305/poly1305_ieee754.c @@ -46,8 +46,8 @@ * SPARC T4 16.1 */ -#if !(defined(__GNUC__) && __GNUC__>=2) -# error "this is gcc-specific template" +#if !(defined(__GNUC__) && __GNUC__ >= 2) +#error "this is gcc-specific template" #endif #include @@ -55,35 +55,37 @@ typedef unsigned char u8; typedef unsigned int u32; typedef unsigned long long u64; -typedef union { double d; u64 u; } elem64; +typedef union { + double d; + u64 u; +} elem64; -#define TWO(p) ((double)(1ULL<<(p))) -#define TWO0 TWO(0) -#define TWO32 TWO(32) -#define TWO64 (TWO32*TWO(32)) -#define TWO96 (TWO64*TWO(32)) -#define TWO130 (TWO96*TWO(34)) +#define TWO(p) ((double)(1ULL << (p))) +#define TWO0 TWO(0) +#define TWO32 TWO(32) +#define TWO64 (TWO32 * TWO(32)) +#define TWO96 (TWO64 * TWO(32)) +#define TWO130 (TWO96 * TWO(34)) -#define EXP(p) ((1023ULL+(p))<<52) +#define EXP(p) ((1023ULL + (p)) << 52) #if defined(__x86_64__) || (defined(__PPC__) && defined(__LITTLE_ENDIAN__)) -# define U8TOU32(p) (*(const u32 *)(p)) -# define U32TO8(p,v) (*(u32 *)(p) = (v)) +#define U8TOU32(p) (*(const u32 *)(p)) +#define U32TO8(p, v) (*(u32 *)(p) = (v)) #elif defined(__PPC__) -# define U8TOU32(p) ({u32 ret; asm ("lwbrx %0,0,%1":"=r"(ret):"b"(p)); ret; }) -# define U32TO8(p,v) asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory") +#define U8TOU32(p) ({u32 ret; asm ("lwbrx %0,0,%1":"=r"(ret):"b"(p)); ret; }) +#define U32TO8(p, v) asm("stwbrx %0,0,%1" ::"r"(v), "b"(p) : "memory") #elif defined(__s390x__) -# define U8TOU32(p) ({u32 ret; asm ("lrv %0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; }) -# define U32TO8(p,v) asm ("strv %1,%0":"=m"(*(u32 *)(p)):"d"(v)) +#define U8TOU32(p) ({u32 ret; asm ("lrv %0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; }) +#define U32TO8(p, v) asm("strv %1,%0" : "=m"(*(u32 *)(p)) : "d"(v)) #endif #ifndef U8TOU32 -# define U8TOU32(p) ((u32)(p)[0] | (u32)(p)[1]<<8 | \ - (u32)(p)[2]<<16 | (u32)(p)[3]<<24 ) +#define U8TOU32(p) ((u32)(p)[0] | (u32)(p)[1] << 8 | (u32)(p)[2] << 16 | (u32)(p)[3] << 24) #endif #ifndef U32TO8 -# define U32TO8(p,v) ((p)[0] = (u8)(v), (p)[1] = (u8)((v)>>8), \ - (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) ) +#define U32TO8(p, v) ((p)[0] = (u8)(v), (p)[1] = (u8)((v) >> 8), \ + (p)[2] = (u8)((v) >> 16), (p)[3] = (u8)((v) >> 24)) #endif typedef struct { @@ -100,7 +102,7 @@ #elif defined(__s390x__) static const u32 fpc = 1; #elif defined(__sparc__) -static const u64 fsr = 1ULL<<30; +static const u64 fsr = 1ULL << 30; #elif defined(__mips__) static const u32 fcsr = 1; #else @@ -109,7 +111,7 @@ int poly1305_init(void *ctx, const unsigned char key[16]) { - poly1305_internal *st = (poly1305_internal *) ctx; + poly1305_internal *st = (poly1305_internal *)ctx; elem64 r0, r1, r2, r3; /* h = 0, biased */ @@ -119,10 +121,10 @@ st->h[2].d = TWO(52)*TWO64; st->h[3].d = TWO(52)*TWO96; #else - st->h[0].u = EXP(52+0); - st->h[1].u = EXP(52+32); - st->h[2].u = EXP(52+64); - st->h[3].u = EXP(52+96); + st->h[0].u = EXP(52 + 0); + st->h[1].u = EXP(52 + 32); + st->h[2].u = EXP(52 + 64); + st->h[3].u = EXP(52 + 96); #endif if (key) { @@ -132,89 +134,82 @@ #if defined(__x86_64__) u32 mxcsr_orig; - asm volatile ("stmxcsr %0":"=m"(mxcsr_orig)); - asm volatile ("ldmxcsr %0"::"m"(mxcsr)); + asm volatile("stmxcsr %0" : "=m"(mxcsr_orig)); + asm volatile("ldmxcsr %0" ::"m"(mxcsr)); #elif defined(__PPC__) double fpscr_orig, fpscr = *(double *)&one; - asm volatile ("mffs %0":"=f"(fpscr_orig)); - asm volatile ("mtfsf 255,%0"::"f"(fpscr)); + asm volatile("mffs %0" : "=f"(fpscr_orig)); + asm volatile("mtfsf 255,%0" ::"f"(fpscr)); #elif defined(__s390x__) u32 fpc_orig; - asm volatile ("stfpc %0":"=m"(fpc_orig)); - asm volatile ("lfpc %0"::"m"(fpc)); + asm volatile("stfpc %0" : "=m"(fpc_orig)); + asm volatile("lfpc %0" ::"m"(fpc)); #elif defined(__sparc__) u64 fsr_orig; - asm volatile ("stx %%fsr,%0":"=m"(fsr_orig)); - asm volatile ("ldx %0,%%fsr"::"m"(fsr)); + asm volatile("stx %%fsr,%0" : "=m"(fsr_orig)); + asm volatile("ldx %0,%%fsr" ::"m"(fsr)); #elif defined(__mips__) u32 fcsr_orig; - asm volatile ("cfc1 %0,$31":"=r"(fcsr_orig)); - asm volatile ("ctc1 %0,$31"::"r"(fcsr)); + asm volatile("cfc1 %0,$31" : "=r"(fcsr_orig)); + asm volatile("ctc1 %0,$31" ::"r"(fcsr)); #endif /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ - r0.u = EXP(52+0) | (U8TOU32(&key[0]) & 0x0fffffff); - r1.u = EXP(52+32) | (U8TOU32(&key[4]) & 0x0ffffffc); - r2.u = EXP(52+64) | (U8TOU32(&key[8]) & 0x0ffffffc); - r3.u = EXP(52+96) | (U8TOU32(&key[12]) & 0x0ffffffc); + r0.u = EXP(52 + 0) | (U8TOU32(&key[0]) & 0x0fffffff); + r1.u = EXP(52 + 32) | (U8TOU32(&key[4]) & 0x0ffffffc); + r2.u = EXP(52 + 64) | (U8TOU32(&key[8]) & 0x0ffffffc); + r3.u = EXP(52 + 96) | (U8TOU32(&key[12]) & 0x0ffffffc); - st->r[0] = r0.d - TWO(52)*TWO0; - st->r[2] = r1.d - TWO(52)*TWO32; - st->r[4] = r2.d - TWO(52)*TWO64; - st->r[6] = r3.d - TWO(52)*TWO96; + st->r[0] = r0.d - TWO(52) * TWO0; + st->r[2] = r1.d - TWO(52) * TWO32; + st->r[4] = r2.d - TWO(52) * TWO64; + st->r[6] = r3.d - TWO(52) * TWO96; - st->s[0] = st->r[2] * (5.0/TWO130); - st->s[2] = st->r[4] * (5.0/TWO130); - st->s[4] = st->r[6] * (5.0/TWO130); + st->s[0] = st->r[2] * (5.0 / TWO130); + st->s[2] = st->r[4] * (5.0 / TWO130); + st->s[4] = st->r[6] * (5.0 / TWO130); /* * base 2^32 -> base 2^16 */ - st->r[1] = (st->r[0] + TWO(52)*TWO(16)*TWO0) - - TWO(52)*TWO(16)*TWO0; + st->r[1] = (st->r[0] + TWO(52) * TWO(16) * TWO0) - TWO(52) * TWO(16) * TWO0; st->r[0] -= st->r[1]; - st->r[3] = (st->r[2] + TWO(52)*TWO(16)*TWO32) - - TWO(52)*TWO(16)*TWO32; + st->r[3] = (st->r[2] + TWO(52) * TWO(16) * TWO32) - TWO(52) * TWO(16) * TWO32; st->r[2] -= st->r[3]; - st->r[5] = (st->r[4] + TWO(52)*TWO(16)*TWO64) - - TWO(52)*TWO(16)*TWO64; + st->r[5] = (st->r[4] + TWO(52) * TWO(16) * TWO64) - TWO(52) * TWO(16) * TWO64; st->r[4] -= st->r[5]; - st->r[7] = (st->r[6] + TWO(52)*TWO(16)*TWO96) - - TWO(52)*TWO(16)*TWO96; + st->r[7] = (st->r[6] + TWO(52) * TWO(16) * TWO96) - TWO(52) * TWO(16) * TWO96; st->r[6] -= st->r[7]; - st->s[1] = (st->s[0] + TWO(52)*TWO(16)*TWO0/TWO96) - - TWO(52)*TWO(16)*TWO0/TWO96; + st->s[1] = (st->s[0] + TWO(52) * TWO(16) * TWO0 / TWO96) - TWO(52) * TWO(16) * TWO0 / TWO96; st->s[0] -= st->s[1]; - st->s[3] = (st->s[2] + TWO(52)*TWO(16)*TWO32/TWO96) - - TWO(52)*TWO(16)*TWO32/TWO96; + st->s[3] = (st->s[2] + TWO(52) * TWO(16) * TWO32 / TWO96) - TWO(52) * TWO(16) * TWO32 / TWO96; st->s[2] -= st->s[3]; - st->s[5] = (st->s[4] + TWO(52)*TWO(16)*TWO64/TWO96) - - TWO(52)*TWO(16)*TWO64/TWO96; + st->s[5] = (st->s[4] + TWO(52) * TWO(16) * TWO64 / TWO96) - TWO(52) * TWO(16) * TWO64 / TWO96; st->s[4] -= st->s[5]; /* * restore original FPU control register */ #if defined(__x86_64__) - asm volatile ("ldmxcsr %0"::"m"(mxcsr_orig)); + asm volatile("ldmxcsr %0" ::"m"(mxcsr_orig)); #elif defined(__PPC__) - asm volatile ("mtfsf 255,%0"::"f"(fpscr_orig)); + asm volatile("mtfsf 255,%0" ::"f"(fpscr_orig)); #elif defined(__s390x__) - asm volatile ("lfpc %0"::"m"(fpc_orig)); + asm volatile("lfpc %0" ::"m"(fpc_orig)); #elif defined(__sparc__) - asm volatile ("ldx %0,%%fsr"::"m"(fsr_orig)); + asm volatile("ldx %0,%%fsr" ::"m"(fsr_orig)); #elif defined(__mips__) - asm volatile ("ctc1 %0,$31"::"r"(fcsr_orig)); + asm volatile("ctc1 %0,$31" ::"r"(fcsr_orig)); #endif } @@ -222,11 +217,11 @@ } void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, - int padbit) + int padbit) { poly1305_internal *st = (poly1305_internal *)ctx; elem64 in0, in1, in2, in3; - u64 pad = (u64)padbit<<32; + u64 pad = (u64)padbit << 32; double x0, x1, x2, x3; double h0lo, h0hi, h1lo, h1hi, h2lo, h2hi, h3lo, h3hi; @@ -254,37 +249,37 @@ #if defined(__x86_64__) u32 mxcsr_orig; - asm volatile ("stmxcsr %0":"=m"(mxcsr_orig)); - asm volatile ("ldmxcsr %0"::"m"(mxcsr)); + asm volatile("stmxcsr %0" : "=m"(mxcsr_orig)); + asm volatile("ldmxcsr %0" ::"m"(mxcsr)); #elif defined(__PPC__) double fpscr_orig, fpscr = *(double *)&one; - asm volatile ("mffs %0":"=f"(fpscr_orig)); - asm volatile ("mtfsf 255,%0"::"f"(fpscr)); + asm volatile("mffs %0" : "=f"(fpscr_orig)); + asm volatile("mtfsf 255,%0" ::"f"(fpscr)); #elif defined(__s390x__) u32 fpc_orig; - asm volatile ("stfpc %0":"=m"(fpc_orig)); - asm volatile ("lfpc %0"::"m"(fpc)); + asm volatile("stfpc %0" : "=m"(fpc_orig)); + asm volatile("lfpc %0" ::"m"(fpc)); #elif defined(__sparc__) u64 fsr_orig; - asm volatile ("stx %%fsr,%0":"=m"(fsr_orig)); - asm volatile ("ldx %0,%%fsr"::"m"(fsr)); + asm volatile("stx %%fsr,%0" : "=m"(fsr_orig)); + asm volatile("ldx %0,%%fsr" ::"m"(fsr)); #elif defined(__mips__) u32 fcsr_orig; - asm volatile ("cfc1 %0,$31":"=r"(fcsr_orig)); - asm volatile ("ctc1 %0,$31"::"r"(fcsr)); + asm volatile("cfc1 %0,$31" : "=r"(fcsr_orig)); + asm volatile("ctc1 %0,$31" ::"r"(fcsr)); #endif /* * load base 2^32 and de-bias */ - h0lo = st->h[0].d - TWO(52)*TWO0; - h1lo = st->h[1].d - TWO(52)*TWO32; - h2lo = st->h[2].d - TWO(52)*TWO64; - h3lo = st->h[3].d - TWO(52)*TWO96; + h0lo = st->h[0].d - TWO(52) * TWO0; + h1lo = st->h[1].d - TWO(52) * TWO32; + h2lo = st->h[2].d - TWO(52) * TWO64; + h3lo = st->h[3].d - TWO(52) * TWO96; #ifdef __clang__ h0hi = 0; @@ -292,15 +287,15 @@ h2hi = 0; h3hi = 0; #else - in0.u = EXP(52+0) | U8TOU32(&inp[0]); - in1.u = EXP(52+32) | U8TOU32(&inp[4]); - in2.u = EXP(52+64) | U8TOU32(&inp[8]); - in3.u = EXP(52+96) | U8TOU32(&inp[12]) | pad; + in0.u = EXP(52 + 0) | U8TOU32(&inp[0]); + in1.u = EXP(52 + 32) | U8TOU32(&inp[4]); + in2.u = EXP(52 + 64) | U8TOU32(&inp[8]); + in3.u = EXP(52 + 96) | U8TOU32(&inp[12]) | pad; - x0 = in0.d - TWO(52)*TWO0; - x1 = in1.d - TWO(52)*TWO32; - x2 = in2.d - TWO(52)*TWO64; - x3 = in3.d - TWO(52)*TWO96; + x0 = in0.d - TWO(52) * TWO0; + x1 = in1.d - TWO(52) * TWO32; + x2 = in2.d - TWO(52) * TWO64; + x3 = in3.d - TWO(52) * TWO96; x0 += h0lo; x1 += h1lo; @@ -311,15 +306,15 @@ #endif do { - in0.u = EXP(52+0) | U8TOU32(&inp[0]); - in1.u = EXP(52+32) | U8TOU32(&inp[4]); - in2.u = EXP(52+64) | U8TOU32(&inp[8]); - in3.u = EXP(52+96) | U8TOU32(&inp[12]) | pad; + in0.u = EXP(52 + 0) | U8TOU32(&inp[0]); + in1.u = EXP(52 + 32) | U8TOU32(&inp[4]); + in2.u = EXP(52 + 64) | U8TOU32(&inp[8]); + in3.u = EXP(52 + 96) | U8TOU32(&inp[12]) | pad; - x0 = in0.d - TWO(52)*TWO0; - x1 = in1.d - TWO(52)*TWO32; - x2 = in2.d - TWO(52)*TWO64; - x3 = in3.d - TWO(52)*TWO96; + x0 = in0.d - TWO(52) * TWO0; + x1 = in1.d - TWO(52) * TWO32; + x2 = in2.d - TWO(52) * TWO64; + x3 = in3.d - TWO(52) * TWO96; /* * note that there are multiple ways to accumulate input, e.g. @@ -333,28 +328,28 @@ /* * carries that cross 32n-bit (and 130-bit) boundaries */ - c0lo = (h0lo + TWO(52)*TWO32) - TWO(52)*TWO32; - c1lo = (h1lo + TWO(52)*TWO64) - TWO(52)*TWO64; - c2lo = (h2lo + TWO(52)*TWO96) - TWO(52)*TWO96; - c3lo = (h3lo + TWO(52)*TWO130) - TWO(52)*TWO130; + c0lo = (h0lo + TWO(52) * TWO32) - TWO(52) * TWO32; + c1lo = (h1lo + TWO(52) * TWO64) - TWO(52) * TWO64; + c2lo = (h2lo + TWO(52) * TWO96) - TWO(52) * TWO96; + c3lo = (h3lo + TWO(52) * TWO130) - TWO(52) * TWO130; - c0hi = (h0hi + TWO(52)*TWO32) - TWO(52)*TWO32; - c1hi = (h1hi + TWO(52)*TWO64) - TWO(52)*TWO64; - c2hi = (h2hi + TWO(52)*TWO96) - TWO(52)*TWO96; - c3hi = (h3hi + TWO(52)*TWO130) - TWO(52)*TWO130; + c0hi = (h0hi + TWO(52) * TWO32) - TWO(52) * TWO32; + c1hi = (h1hi + TWO(52) * TWO64) - TWO(52) * TWO64; + c2hi = (h2hi + TWO(52) * TWO96) - TWO(52) * TWO96; + c3hi = (h3hi + TWO(52) * TWO130) - TWO(52) * TWO130; /* * base 2^48 -> base 2^32 with last reduction step */ - x1 = (h1lo - c1lo) + c0lo; - x2 = (h2lo - c2lo) + c1lo; - x3 = (h3lo - c3lo) + c2lo; - x0 = (h0lo - c0lo) + c3lo * (5.0/TWO130); + x1 = (h1lo - c1lo) + c0lo; + x2 = (h2lo - c2lo) + c1lo; + x3 = (h3lo - c3lo) + c2lo; + x0 = (h0lo - c0lo) + c3lo * (5.0 / TWO130); x1 += (h1hi - c1hi) + c0hi; x2 += (h2hi - c2hi) + c1hi; x3 += (h3hi - c3hi) + c2hi; - x0 += (h0hi - c0hi) + c3hi * (5.0/TWO130); + x0 += (h0hi - c0hi) + c3hi * (5.0 / TWO130); #ifndef __clang__ fast_entry: @@ -380,56 +375,56 @@ /* * carries that cross 32n-bit (and 130-bit) boundaries */ - c0lo = (h0lo + TWO(52)*TWO32) - TWO(52)*TWO32; - c1lo = (h1lo + TWO(52)*TWO64) - TWO(52)*TWO64; - c2lo = (h2lo + TWO(52)*TWO96) - TWO(52)*TWO96; - c3lo = (h3lo + TWO(52)*TWO130) - TWO(52)*TWO130; + c0lo = (h0lo + TWO(52) * TWO32) - TWO(52) * TWO32; + c1lo = (h1lo + TWO(52) * TWO64) - TWO(52) * TWO64; + c2lo = (h2lo + TWO(52) * TWO96) - TWO(52) * TWO96; + c3lo = (h3lo + TWO(52) * TWO130) - TWO(52) * TWO130; - c0hi = (h0hi + TWO(52)*TWO32) - TWO(52)*TWO32; - c1hi = (h1hi + TWO(52)*TWO64) - TWO(52)*TWO64; - c2hi = (h2hi + TWO(52)*TWO96) - TWO(52)*TWO96; - c3hi = (h3hi + TWO(52)*TWO130) - TWO(52)*TWO130; + c0hi = (h0hi + TWO(52) * TWO32) - TWO(52) * TWO32; + c1hi = (h1hi + TWO(52) * TWO64) - TWO(52) * TWO64; + c2hi = (h2hi + TWO(52) * TWO96) - TWO(52) * TWO96; + c3hi = (h3hi + TWO(52) * TWO130) - TWO(52) * TWO130; /* * base 2^48 -> base 2^32 with last reduction step */ - x1 = (h1lo - c1lo) + c0lo; - x2 = (h2lo - c2lo) + c1lo; - x3 = (h3lo - c3lo) + c2lo; - x0 = (h0lo - c0lo) + c3lo * (5.0/TWO130); + x1 = (h1lo - c1lo) + c0lo; + x2 = (h2lo - c2lo) + c1lo; + x3 = (h3lo - c3lo) + c2lo; + x0 = (h0lo - c0lo) + c3lo * (5.0 / TWO130); x1 += (h1hi - c1hi) + c0hi; x2 += (h2hi - c2hi) + c1hi; x3 += (h3hi - c3hi) + c2hi; - x0 += (h0hi - c0hi) + c3hi * (5.0/TWO130); + x0 += (h0hi - c0hi) + c3hi * (5.0 / TWO130); /* * store base 2^32, with bias */ - st->h[1].d = x1 + TWO(52)*TWO32; - st->h[2].d = x2 + TWO(52)*TWO64; - st->h[3].d = x3 + TWO(52)*TWO96; - st->h[0].d = x0 + TWO(52)*TWO0; + st->h[1].d = x1 + TWO(52) * TWO32; + st->h[2].d = x2 + TWO(52) * TWO64; + st->h[3].d = x3 + TWO(52) * TWO96; + st->h[0].d = x0 + TWO(52) * TWO0; /* * restore original FPU control register */ #if defined(__x86_64__) - asm volatile ("ldmxcsr %0"::"m"(mxcsr_orig)); + asm volatile("ldmxcsr %0" ::"m"(mxcsr_orig)); #elif defined(__PPC__) - asm volatile ("mtfsf 255,%0"::"f"(fpscr_orig)); + asm volatile("mtfsf 255,%0" ::"f"(fpscr_orig)); #elif defined(__s390x__) - asm volatile ("lfpc %0"::"m"(fpc_orig)); + asm volatile("lfpc %0" ::"m"(fpc_orig)); #elif defined(__sparc__) - asm volatile ("ldx %0,%%fsr"::"m"(fsr_orig)); + asm volatile("ldx %0,%%fsr" ::"m"(fsr_orig)); #elif defined(__mips__) - asm volatile ("ctc1 %0,$31"::"r"(fcsr_orig)); + asm volatile("ctc1 %0,$31" ::"r"(fcsr_orig)); #endif } void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4]) { - poly1305_internal *st = (poly1305_internal *) ctx; + poly1305_internal *st = (poly1305_internal *)ctx; u64 h0, h1, h2, h3, h4; u32 g0, g1, g2, g3, g4; u64 t; @@ -446,15 +441,19 @@ /* * can be partially reduced, so reduce... */ - h4 = h3>>32; h3 &= 0xffffffffU; - g4 = h4&-4; + h4 = h3 >> 32; + h3 &= 0xffffffffU; + g4 = h4 & -4; h4 &= 3; - g4 += g4>>2; + g4 += g4 >> 2; h0 += g4; - h1 += h0>>32; h0 &= 0xffffffffU; - h2 += h1>>32; h1 &= 0xffffffffU; - h3 += h2>>32; h2 &= 0xffffffffU; + h1 += h0 >> 32; + h0 &= 0xffffffffU; + h2 += h1 >> 32; + h1 &= 0xffffffffU; + h3 += h2 >> 32; + h2 &= 0xffffffffU; /* compute h + -p */ g0 = (u32)(t = h0 + 5); --- crypto/openssl/crypto/poly1305/poly1305_ppc.c.orig +++ crypto/openssl/crypto/poly1305/poly1305_ppc.c @@ -14,34 +14,34 @@ void poly1305_init_int(void *ctx, const unsigned char key[16]); void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, - unsigned int padbit); + unsigned int padbit); void poly1305_emit(void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); + const unsigned int nonce[4]); void poly1305_init_fpu(void *ctx, const unsigned char key[16]); void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len, - unsigned int padbit); + unsigned int padbit); void poly1305_emit_fpu(void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); + const unsigned int nonce[4]); void poly1305_init_vsx(void *ctx, const unsigned char key[16]); void poly1305_blocks_vsx(void *ctx, const unsigned char *inp, size_t len, - unsigned int padbit); + unsigned int padbit); void poly1305_emit_vsx(void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); + const unsigned int nonce[4]); int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]); int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]) { if (OPENSSL_ppccap_P & PPC_CRYPTO207) { poly1305_init_int(ctx, key); - func[0] = (void*)(uintptr_t)poly1305_blocks_vsx; - func[1] = (void*)(uintptr_t)poly1305_emit; + func[0] = (void *)(uintptr_t)poly1305_blocks_vsx; + func[1] = (void *)(uintptr_t)poly1305_emit; } else if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) { poly1305_init_fpu(ctx, key); - func[0] = (void*)(uintptr_t)poly1305_blocks_fpu; - func[1] = (void*)(uintptr_t)poly1305_emit_fpu; + func[0] = (void *)(uintptr_t)poly1305_blocks_fpu; + func[1] = (void *)(uintptr_t)poly1305_emit_fpu; } else { poly1305_init_int(ctx, key); - func[0] = (void*)(uintptr_t)poly1305_blocks; - func[1] = (void*)(uintptr_t)poly1305_emit; + func[0] = (void *)(uintptr_t)poly1305_blocks; + func[1] = (void *)(uintptr_t)poly1305_emit; } return 1; } --- crypto/openssl/crypto/ppccap.c.orig +++ crypto/openssl/crypto/ppccap.c @@ -14,17 +14,17 @@ #include #include #if defined(__linux) || defined(_AIX) -# include +#include +#endif +#if defined(_AIX53) /* defined even on post-5.3 */ +#include +#if !defined(__power_set) +#define __power_set(a) (_system_configuration.implementation & (a)) #endif -#if defined(_AIX53) /* defined even on post-5.3 */ -# include -# if !defined(__power_set) -# define __power_set(a) (_system_configuration.implementation & (a)) -# endif #endif #if defined(__APPLE__) && defined(__MACH__) -# include -# include +#include +#include #endif #include #include "internal/cryptlib.h" @@ -86,55 +86,51 @@ } #if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 16) -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# elif defined(__ANDROID_API__) +#if __GLIBC_PREREQ(2, 16) +#include +#define OSSL_IMPLEMENT_GETAUXVAL +#elif defined(__ANDROID_API__) /* see https://developer.android.google.cn/ndk/guides/cpu-features */ -# if __ANDROID_API__ >= 18 -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# endif +#if __ANDROID_API__ >= 18 +#include +#define OSSL_IMPLEMENT_GETAUXVAL +#endif +#endif #endif #if defined(__FreeBSD__) -# include -# if __FreeBSD_version >= 1200000 -# include -# define OSSL_IMPLEMENT_GETAUXVAL +#include +#if __FreeBSD_version >= 1200000 +#include +#define OSSL_IMPLEMENT_GETAUXVAL static unsigned long getauxval(unsigned long key) { - unsigned long val = 0ul; + unsigned long val = 0ul; - if (elf_aux_info((int)key, &val, sizeof(val)) != 0) - return 0ul; + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; - return val; + return val; } -# endif +#endif #endif /* I wish was universally available */ -#ifndef AT_HWCAP -# define AT_HWCAP 16 /* AT_HWCAP */ -#endif -#define HWCAP_PPC64 (1U << 30) -#define HWCAP_ALTIVEC (1U << 28) -#define HWCAP_FPU (1U << 27) -#define HWCAP_POWER6_EXT (1U << 9) -#define HWCAP_VSX (1U << 7) - -#ifndef AT_HWCAP2 -# define AT_HWCAP2 26 /* AT_HWCAP2 */ +#define HWCAP 16 /* AT_HWCAP */ +#define HWCAP_PPC64 (1U << 30) +#define HWCAP_ALTIVEC (1U << 28) +#define HWCAP_FPU (1U << 27) +#define HWCAP_POWER6_EXT (1U << 9) +#define HWCAP_VSX (1U << 7) + +#define HWCAP2 26 /* AT_HWCAP2 */ +#define HWCAP_VEC_CRYPTO (1U << 25) +#define HWCAP_ARCH_3_00 (1U << 23) + +#if defined(__GNUC__) && __GNUC__ >= 2 +__attribute__((constructor)) #endif -#define HWCAP_VEC_CRYPTO (1U << 25) -#define HWCAP_ARCH_3_00 (1U << 23) - -# if defined(__GNUC__) && __GNUC__>=2 -__attribute__ ((constructor)) -# endif void OPENSSL_cpuid_setup(void) { char *e; @@ -158,15 +154,15 @@ if (sizeof(size_t) == 4) { struct utsname uts; -# if defined(_SC_AIX_KERNEL_BITMODE) +#if defined(_SC_AIX_KERNEL_BITMODE) if (sysconf(_SC_AIX_KERNEL_BITMODE) != 64) return; -# endif +#endif if (uname(&uts) != 0 || atoi(uts.version) < 6) return; } -# if defined(__power_set) +#if defined(__power_set) /* * Value used in __power_set is a single-bit 1<prop, b->prop); } @@ -53,12 +53,13 @@ if (property_defns != NULL) { lh_PROPERTY_DEFN_ELEM_doall(property_defns, - &property_defn_free); + &property_defn_free); lh_PROPERTY_DEFN_ELEM_free(property_defns); } } -static void *property_defns_new(OSSL_LIB_CTX *ctx) { +static void *property_defns_new(OSSL_LIB_CTX *ctx) +{ return lh_PROPERTY_DEFN_ELEM_new(&property_defn_hash, &property_defn_cmp); } @@ -74,8 +75,8 @@ LHASH_OF(PROPERTY_DEFN_ELEM) *property_defns; property_defns = ossl_lib_ctx_get_data(ctx, - OSSL_LIB_CTX_PROPERTY_DEFN_INDEX, - &property_defns_method); + OSSL_LIB_CTX_PROPERTY_DEFN_INDEX, + &property_defns_method); if (property_defns == NULL || !ossl_lib_ctx_read_lock(ctx)) return NULL; @@ -93,7 +94,7 @@ * overwritten with the existing entry from the cache. */ int ossl_prop_defn_set(OSSL_LIB_CTX *ctx, const char *prop, - OSSL_PROPERTY_LIST **pl) + OSSL_PROPERTY_LIST **pl) { PROPERTY_DEFN_ELEM elem, *old, *p = NULL; size_t len; @@ -101,8 +102,8 @@ int res = 1; property_defns = ossl_lib_ctx_get_data(ctx, - OSSL_LIB_CTX_PROPERTY_DEFN_INDEX, - &property_defns_method); + OSSL_LIB_CTX_PROPERTY_DEFN_INDEX, + &property_defns_method); if (property_defns == NULL) return 0; @@ -137,7 +138,7 @@ } OPENSSL_free(p); res = 0; - end: +end: ossl_lib_ctx_unlock(ctx); return res; } --- crypto/openssl/crypto/property/property.c.orig +++ crypto/openssl/crypto/property/property.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -29,7 +29,7 @@ * If reducing this, also ensure the stochastic test in test/property_test.c * isn't likely to fail. */ -#define IMPL_CACHE_FLUSH_THRESHOLD 500 +#define IMPL_CACHE_FLUSH_THRESHOLD 500 typedef struct { void *method; @@ -62,7 +62,7 @@ struct ossl_method_store_st { OSSL_LIB_CTX *ctx; - SPARSE_ARRAY_OF(ALGORITHM) *algs; + SPARSE_ARRAY_OF(ALGORITHM) * algs; /* * Lock to protect the |algs| array from concurrent writing, when * individual implementations or queries are inserted. This is used @@ -105,7 +105,7 @@ } OSSL_GLOBAL_PROPERTIES; static void ossl_method_cache_flush_alg(OSSL_METHOD_STORE *store, - ALGORITHM *alg); + ALGORITHM *alg); static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid); /* Global properties are stored per library context */ @@ -131,7 +131,7 @@ }; OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx, - ossl_unused int loadconfig) + ossl_unused int loadconfig) { OSSL_GLOBAL_PROPERTIES *globp; @@ -140,7 +140,7 @@ return NULL; #endif globp = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, - &ossl_ctx_global_properties_method); + &ossl_ctx_global_properties_method); return globp != NULL ? &globp->list : NULL; } @@ -150,7 +150,7 @@ { OSSL_GLOBAL_PROPERTIES *globp = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, - &ossl_ctx_global_properties_method); + &ossl_ctx_global_properties_method); return globp != NULL && globp->no_mirrored ? 1 : 0; } @@ -159,7 +159,7 @@ { OSSL_GLOBAL_PROPERTIES *globp = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, - &ossl_ctx_global_properties_method); + &ossl_ctx_global_properties_method); if (globp != NULL) globp->no_mirrored = 1; @@ -203,7 +203,7 @@ if (res == 0 && a->provider != NULL && b->provider != NULL) res = b->provider > a->provider ? 1 : b->provider < a->provider ? -1 - : 0; + : 0; return res; } @@ -297,9 +297,9 @@ } int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, - int nid, const char *properties, void *method, - int (*method_up_ref)(void *), - void (*method_destruct)(void *)) + int nid, const char *properties, void *method, + int (*method_up_ref)(void *), + void (*method_destruct)(void *)) { ALGORITHM *alg = NULL; IMPLEMENTATION *impl; @@ -329,7 +329,7 @@ /* Insert into the hash table if required */ if (!ossl_property_write_lock(store)) { - OPENSSL_free(impl); + impl_free(impl); return 0; } ossl_method_cache_flush(store, nid); @@ -347,8 +347,8 @@ alg = ossl_method_store_retrieve(store, nid); if (alg == NULL) { if ((alg = OPENSSL_zalloc(sizeof(*alg))) == NULL - || (alg->impls = sk_IMPLEMENTATION_new_null()) == NULL - || (alg->cache = lh_QUERY_new(&query_hash, &query_cmp)) == NULL) + || (alg->impls = sk_IMPLEMENTATION_new_null()) == NULL + || (alg->cache = lh_QUERY_new(&query_hash, &query_cmp)) == NULL) goto err; alg->nid = nid; if (!ossl_method_store_insert(store, alg)) @@ -379,7 +379,7 @@ } int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid, - const void *method) + const void *method) { ALGORITHM *alg = NULL; int i; @@ -451,7 +451,7 @@ } int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store, - const OSSL_PROVIDER *prov) + const OSSL_PROVIDER *prov) { struct alg_cleanup_by_provider_data_st data; @@ -465,8 +465,8 @@ } static void alg_do_one(ALGORITHM *alg, IMPLEMENTATION *impl, - void (*fn)(int id, void *method, void *fnarg), - void *fnarg) + void (*fn)(int id, void *method, void *fnarg), + void *fnarg) { fn(alg->nid, impl->method.method, fnarg); } @@ -475,12 +475,24 @@ { STACK_OF(ALGORITHM) *newalg = arg; + alg = OPENSSL_memdup(alg, sizeof(ALGORITHM)); + if (alg == NULL) + return; + + alg->impls = sk_IMPLEMENTATION_dup(alg->impls); + (void)sk_ALGORITHM_push(newalg, alg); } +static void del_tmpalg(ALGORITHM *alg) +{ + sk_IMPLEMENTATION_free(alg->impls); + OPENSSL_free(alg); +} + void ossl_method_store_do_all(OSSL_METHOD_STORE *store, - void (*fn)(int id, void *method, void *fnarg), - void *fnarg) + void (*fn)(int id, void *method, void *fnarg), + void *fnarg) { int i, j; int numalgs, numimps; @@ -491,9 +503,9 @@ if (!ossl_property_read_lock(store)) return; - + tmpalgs = sk_ALGORITHM_new_reserve(NULL, - ossl_sa_ALGORITHM_num(store->algs)); + ossl_sa_ALGORITHM_num(store->algs)); if (tmpalgs == NULL) { ossl_property_unlock(store); return; @@ -508,13 +520,13 @@ for (j = 0; j < numimps; j++) alg_do_one(alg, sk_IMPLEMENTATION_value(alg->impls, j), fn, fnarg); } - sk_ALGORITHM_free(tmpalgs); + sk_ALGORITHM_pop_free(tmpalgs, del_tmpalg); } } int ossl_method_store_fetch(OSSL_METHOD_STORE *store, - int nid, const char *prop_query, - const OSSL_PROVIDER **prov_rw, void **method) + int nid, const char *prop_query, + const OSSL_PROVIDER **prov_rw, void **method) { OSSL_PROPERTY_LIST **plp; ALGORITHM *alg; @@ -529,7 +541,7 @@ #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG) if (ossl_lib_ctx_is_default(store->ctx) - && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) + && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) return 0; #endif @@ -596,7 +608,7 @@ } static void ossl_method_cache_flush_alg(OSSL_METHOD_STORE *store, - ALGORITHM *alg) + ALGORITHM *alg) { store->cache_nelem -= lh_QUERY_num_items(alg->cache); impl_cache_flush_alg(0, alg); @@ -662,7 +674,7 @@ } static void impl_cache_flush_one_alg(ossl_uintmax_t idx, ALGORITHM *alg, - void *v) + void *v) { IMPL_CACHE_FLUSH *state = (IMPL_CACHE_FLUSH *)v; unsigned long orig_down_load = lh_QUERY_get_down_load(alg->cache); @@ -670,7 +682,7 @@ state->cache = alg->cache; lh_QUERY_set_down_load(alg->cache, 0); lh_QUERY_doall_IMPL_CACHE_FLUSH(state->cache, &impl_cache_flush_cache, - state); + state); lh_QUERY_set_down_load(alg->cache, orig_down_load); } @@ -695,7 +707,7 @@ } int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, - int nid, const char *prop_query, void **method) + int nid, const char *prop_query, void **method) { ALGORITHM *alg; QUERY elem, *r; @@ -725,9 +737,9 @@ } int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, - int nid, const char *prop_query, void *method, - int (*method_up_ref)(void *), - void (*method_destruct)(void *)) + int nid, const char *prop_query, void *method, + int (*method_up_ref)(void *), + void (*method_destruct)(void *)) { QUERY elem, *old, *p = NULL; ALGORITHM *alg; --- crypto/openssl/crypto/property/property_err.c.orig +++ crypto/openssl/crypto/property/property_err.c @@ -14,24 +14,24 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA PROP_str_reasons[] = { - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NAME_TOO_LONG), "name too long"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_ASCII_CHARACTER), - "not an ascii character"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_HEXADECIMAL_DIGIT), - "not an hexadecimal digit"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_IDENTIFIER), "not an identifier"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_OCTAL_DIGIT), - "not an octal digit"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_A_DECIMAL_DIGIT), - "not a decimal digit"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_MATCHING_STRING_DELIMITER), - "no matching string delimiter"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_VALUE), "no value"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_PARSE_FAILED), "parse failed"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_STRING_TOO_LONG), "string too long"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_TRAILING_CHARACTERS), - "trailing characters"}, - {0, NULL} + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NAME_TOO_LONG), "name too long" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_ASCII_CHARACTER), + "not an ascii character" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_HEXADECIMAL_DIGIT), + "not an hexadecimal digit" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_IDENTIFIER), "not an identifier" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_OCTAL_DIGIT), + "not an octal digit" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_A_DECIMAL_DIGIT), + "not a decimal digit" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_MATCHING_STRING_DELIMITER), + "no matching string delimiter" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_VALUE), "no value" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_PARSE_FAILED), "parse failed" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_STRING_TOO_LONG), "string too long" }, + { ERR_PACK(ERR_LIB_PROP, 0, PROP_R_TRAILING_CHARACTERS), + "trailing characters" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/property/property_local.h.orig +++ crypto/openssl/crypto/property/property_local.h @@ -14,7 +14,9 @@ typedef int OSSL_PROPERTY_IDX; typedef enum { - OSSL_PROPERTY_OPER_EQ, OSSL_PROPERTY_OPER_NE, OSSL_PROPERTY_OVERRIDE + OSSL_PROPERTY_OPER_EQ, + OSSL_PROPERTY_OPER_NE, + OSSL_PROPERTY_OVERRIDE } OSSL_PROPERTY_OPER; struct ossl_property_definition_st { @@ -23,8 +25,8 @@ OSSL_PROPERTY_OPER oper; unsigned int optional : 1; union { - int64_t int_val; /* Signed integer */ - OSSL_PROPERTY_IDX str_val; /* String */ + int64_t int_val; /* Signed integer */ + OSSL_PROPERTY_IDX str_val; /* String */ } v; }; @@ -34,15 +36,15 @@ OSSL_PROPERTY_DEFINITION properties[1]; }; -#define OSSL_PROPERTY_TRUE 1 -#define OSSL_PROPERTY_FALSE 2 +#define OSSL_PROPERTY_TRUE 1 +#define OSSL_PROPERTY_FALSE 2 /* Property string functions */ OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s, - int create); + int create); const char *ossl_property_name_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx); OSSL_PROPERTY_IDX ossl_property_value(OSSL_LIB_CTX *ctx, const char *s, - int create); + int create); const char *ossl_property_value_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx); /* Property list functions */ @@ -52,4 +54,4 @@ /* Property definition cache functions */ OSSL_PROPERTY_LIST *ossl_prop_defn_get(OSSL_LIB_CTX *ctx, const char *prop); int ossl_prop_defn_set(OSSL_LIB_CTX *ctx, const char *prop, - OSSL_PROPERTY_LIST **pl); + OSSL_PROPERTY_LIST **pl); --- crypto/openssl/crypto/property/property_parse.c.orig +++ crypto/openssl/crypto/property/property_parse.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -54,7 +54,7 @@ } static int parse_name(OSSL_LIB_CTX *ctx, const char *t[], int create, - OSSL_PROPERTY_IDX *idx) + OSSL_PROPERTY_IDX *idx) { char name[100]; int err = 0; @@ -65,7 +65,7 @@ for (;;) { if (!ossl_isalpha(*s)) { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_IDENTIFIER, - "HERE-->%s", *t); + "HERE-->%s", *t); return 0; } do { @@ -101,20 +101,20 @@ do { if (!ossl_isdigit(*s)) { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_A_DECIMAL_DIGIT, - "HERE-->%s", *t); + "HERE-->%s", *t); return 0; } /* overflow check */ if (v > ((INT64_MAX - (*s - '0')) / 10)) { ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, - "Property %s overflows", *t); + "Property %s overflows", *t); return 0; } v = v * 10 + (*s++ - '0'); } while (ossl_isdigit(*s)); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_A_DECIMAL_DIGIT, - "HERE-->%s", *t); + "HERE-->%s", *t); return 0; } *t = skip_space(s); @@ -136,13 +136,13 @@ sval = ossl_tolower(*s) - 'a' + 10; } else { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT, - "%s", *t); + "%s", *t); return 0; } if (v > ((INT64_MAX - sval) / 16)) { ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, - "Property %s overflows", *t); + "Property %s overflows", *t); return 0; } @@ -151,7 +151,7 @@ } while (ossl_isxdigit(*++s)); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT, - "HERE-->%s", *t); + "HERE-->%s", *t); return 0; } *t = skip_space(s); @@ -168,12 +168,12 @@ do { if (*s == '9' || *s == '8' || !ossl_isdigit(*s)) { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_OCTAL_DIGIT, - "HERE-->%s", *t); + "HERE-->%s", *t); return 0; } if (v > ((INT64_MAX - (*s - '0')) / 8)) { ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, - "Property %s overflows", *t); + "Property %s overflows", *t); return 0; } @@ -181,7 +181,7 @@ } while (ossl_isdigit(*++s) && *s != '9' && *s != '8'); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_OCTAL_DIGIT, - "HERE-->%s", *t); + "HERE-->%s", *t); return 0; } *t = skip_space(s); @@ -191,7 +191,7 @@ } static int parse_string(OSSL_LIB_CTX *ctx, const char *t[], char delim, - OSSL_PROPERTY_DEFINITION *res, const int create) + OSSL_PROPERTY_DEFINITION *res, const int create) { char v[1000]; const char *s = *t; @@ -207,7 +207,7 @@ } if (*s == '\0') { ERR_raise_data(ERR_LIB_PROP, PROP_R_NO_MATCHING_STRING_DELIMITER, - "HERE-->%c%s", delim, *t); + "HERE-->%c%s", delim, *t); return 0; } v[i] = '\0'; @@ -222,7 +222,7 @@ } static int parse_unquoted(OSSL_LIB_CTX *ctx, const char *t[], - OSSL_PROPERTY_DEFINITION *res, const int create) + OSSL_PROPERTY_DEFINITION *res, const int create) { char v[1000]; const char *s = *t; @@ -240,7 +240,7 @@ } if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_ASCII_CHARACTER, - "HERE-->%s", s); + "HERE-->%s", s); return 0; } v[i] = 0; @@ -254,7 +254,7 @@ } static int parse_value(OSSL_LIB_CTX *ctx, const char *t[], - OSSL_PROPERTY_DEFINITION *res, int create) + OSSL_PROPERTY_DEFINITION *res, int create) { const char *s = *t; int r = 0; @@ -285,7 +285,7 @@ } static int pd_compare(const OSSL_PROPERTY_DEFINITION *const *p1, - const OSSL_PROPERTY_DEFINITION *const *p2) + const OSSL_PROPERTY_DEFINITION *const *p2) { const OSSL_PROPERTY_DEFINITION *pd1 = *p1; const OSSL_PROPERTY_DEFINITION *pd2 = *p2; @@ -310,7 +310,7 @@ */ static OSSL_PROPERTY_LIST * stack_to_property_list(OSSL_LIB_CTX *ctx, - STACK_OF(OSSL_PROPERTY_DEFINITION) *sk) + STACK_OF(OSSL_PROPERTY_DEFINITION) *sk) { const int n = sk_OSSL_PROPERTY_DEFINITION_num(sk); OSSL_PROPERTY_LIST *r; @@ -318,7 +318,7 @@ int i; r = OPENSSL_malloc(sizeof(*r) - + (n <= 0 ? 0 : n - 1) * sizeof(r->properties[0])); + + (n <= 0 ? 0 : n - 1) * sizeof(r->properties[0])); if (r != NULL) { sk_OSSL_PROPERTY_DEFINITION_sort(sk); @@ -331,8 +331,8 @@ if (i > 0 && r->properties[i].name_idx == prev_name_idx) { OPENSSL_free(r); ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, - "Duplicated name `%s'", - ossl_property_name_str(ctx, prev_name_idx)); + "Duplicated name `%s'", + ossl_property_name_str(ctx, prev_name_idx)); return NULL; } prev_name_idx = r->properties[i].name_idx; @@ -368,13 +368,13 @@ prop->oper = OSSL_PROPERTY_OPER_EQ; if (prop->name_idx == 0) { ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, - "Unknown name HERE-->%s", start); + "Unknown name HERE-->%s", start); goto err; } if (match_ch(&s, '=')) { if (!parse_value(ctx, &s, prop, 1)) { ERR_raise_data(ERR_LIB_PROP, PROP_R_NO_VALUE, - "HERE-->%s", start); + "HERE-->%s", start); goto err; } } else { @@ -390,7 +390,7 @@ } if (*s != '\0') { ERR_raise_data(ERR_LIB_PROP, PROP_R_TRAILING_CHARACTERS, - "HERE-->%s", s); + "HERE-->%s", s); goto err; } res = stack_to_property_list(ctx, sk); @@ -402,7 +402,7 @@ } OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s, - int create_values) + int create_values) { STACK_OF(OSSL_PROPERTY_DEFINITION) *sk; OSSL_PROPERTY_LIST *res = NULL; @@ -445,7 +445,7 @@ if (!parse_value(ctx, &s, prop, create_values)) prop->type = OSSL_PROPERTY_TYPE_VALUE_UNDEFINED; -skip_value: + skip_value: if (!sk_OSSL_PROPERTY_DEFINITION_push(sk, prop)) goto err; prop = NULL; @@ -453,7 +453,7 @@ } if (*s != '\0') { ERR_raise_data(ERR_LIB_PROP, PROP_R_TRAILING_CHARACTERS, - "HERE-->%s", s); + "HERE-->%s", s); goto err; } res = stack_to_property_list(ctx, sk); @@ -469,7 +469,7 @@ * Return the number of clauses matched or -1 if a mandatory clause is false. */ int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, - const OSSL_PROPERTY_LIST *defn) + const OSSL_PROPERTY_LIST *defn) { const OSSL_PROPERTY_DEFINITION *const q = query->properties; const OSSL_PROPERTY_DEFINITION *const d = defn->properties; @@ -482,13 +482,13 @@ continue; } if (j < defn->num_properties) { - if (q[i].name_idx > d[j].name_idx) { /* skip defn, not in query */ + if (q[i].name_idx > d[j].name_idx) { /* skip defn, not in query */ j++; continue; } if (q[i].name_idx == d[j].name_idx) { /* both in defn and query */ const int eq = q[i].type == d[j].type - && memcmp(&q[i].v, &d[j].v, sizeof(q[i].v)) == 0; + && memcmp(&q[i].v, &d[j].v, sizeof(q[i].v)) == 0; if ((eq && oper == OSSL_PROPERTY_OPER_EQ) || (!eq && oper == OSSL_PROPERTY_OPER_NE)) @@ -512,10 +512,10 @@ else if (!q[i].optional) return -1; } else if (q[i].type != OSSL_PROPERTY_TYPE_STRING - || (oper == OSSL_PROPERTY_OPER_EQ - && q[i].v.str_val != OSSL_PROPERTY_FALSE) - || (oper == OSSL_PROPERTY_OPER_NE - && q[i].v.str_val == OSSL_PROPERTY_FALSE)) { + || (oper == OSSL_PROPERTY_OPER_EQ + && q[i].v.str_val != OSSL_PROPERTY_FALSE) + || (oper == OSSL_PROPERTY_OPER_NE + && q[i].v.str_val == OSSL_PROPERTY_FALSE)) { if (!q[i].optional) return -1; } else { @@ -536,7 +536,7 @@ * If there is a common name, the one from the first list is used. */ OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, - const OSSL_PROPERTY_LIST *b) + const OSSL_PROPERTY_LIST *b) { const OSSL_PROPERTY_DEFINITION *const ap = a->properties; const OSSL_PROPERTY_DEFINITION *const bp = b->properties; @@ -546,7 +546,7 @@ const int t = a->num_properties + b->num_properties; r = OPENSSL_malloc(sizeof(*r) - + (t == 0 ? 0 : t - 1) * sizeof(r->properties[0])); + + (t == 0 ? 0 : t - 1) * sizeof(r->properties[0])); if (r == NULL) return NULL; @@ -575,12 +575,12 @@ int ossl_property_parse_init(OSSL_LIB_CTX *ctx) { static const char *const predefined_names[] = { - "provider", /* Name of provider (default, legacy, fips) */ - "version", /* Version number of this provider */ - "fips", /* FIPS validated or FIPS supporting algorithm */ - "output", /* Output type for encoders */ - "input", /* Input type for decoders */ - "structure", /* Structure name for encoders and decoders */ + "provider", /* Name of provider (default, legacy, fips) */ + "version", /* Version number of this provider */ + "fips", /* FIPS validated or FIPS supporting algorithm */ + "output", /* Output type for encoders */ + "input", /* Input type for decoders */ + "structure", /* Structure name for encoders and decoders */ }; size_t i; @@ -642,7 +642,7 @@ } quotes = quote != '\0'; - if (*remain == 0) { + if (*remain <= (size_t)quotes) { *needed += 2 * quotes; return; } @@ -678,7 +678,8 @@ len++; tmpval = -tmpval; } - for (; tmpval > 9; len++, tmpval /= 10); + for (; tmpval > 9; len++, tmpval /= 10) + ; *needed += len; @@ -696,8 +697,8 @@ } size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, - const OSSL_PROPERTY_LIST *list, char *buf, - size_t bufsize) + const OSSL_PROPERTY_LIST *list, char *buf, + size_t bufsize) { int i; const OSSL_PROPERTY_DEFINITION *prop = NULL; @@ -730,31 +731,31 @@ put_str(val, &buf, &bufsize, &needed); switch (prop->oper) { - case OSSL_PROPERTY_OPER_NE: - put_char('!', &buf, &bufsize, &needed); - /* fall through */ - case OSSL_PROPERTY_OPER_EQ: - put_char('=', &buf, &bufsize, &needed); - /* put value */ - switch (prop->type) { - case OSSL_PROPERTY_TYPE_STRING: - val = ossl_property_value_str(ctx, prop->v.str_val); - if (val == NULL) - return 0; - put_str(val, &buf, &bufsize, &needed); - break; - - case OSSL_PROPERTY_TYPE_NUMBER: - put_num(prop->v.int_val, &buf, &bufsize, &needed); - break; - - default: + case OSSL_PROPERTY_OPER_NE: + put_char('!', &buf, &bufsize, &needed); + /* fall through */ + case OSSL_PROPERTY_OPER_EQ: + put_char('=', &buf, &bufsize, &needed); + /* put value */ + switch (prop->type) { + case OSSL_PROPERTY_TYPE_STRING: + val = ossl_property_value_str(ctx, prop->v.str_val); + if (val == NULL) return 0; - } + put_str(val, &buf, &bufsize, &needed); break; - default: - /* do nothing */ + + case OSSL_PROPERTY_TYPE_NUMBER: + put_num(prop->v.int_val, &buf, &bufsize, &needed); break; + + default: + return 0; + } + break; + default: + /* do nothing */ + break; } } --- crypto/openssl/crypto/property/property_query.c.orig +++ crypto/openssl/crypto/property/property_query.c @@ -14,15 +14,14 @@ static int property_idx_cmp(const void *keyp, const void *compare) { OSSL_PROPERTY_IDX key = *(const OSSL_PROPERTY_IDX *)keyp; - const OSSL_PROPERTY_DEFINITION *defn = - (const OSSL_PROPERTY_DEFINITION *)compare; + const OSSL_PROPERTY_DEFINITION *defn = (const OSSL_PROPERTY_DEFINITION *)compare; return key - defn->name_idx; } const OSSL_PROPERTY_DEFINITION * ossl_property_find_property(const OSSL_PROPERTY_LIST *list, - OSSL_LIB_CTX *libctx, const char *name) + OSSL_LIB_CTX *libctx, const char *name) { OSSL_PROPERTY_IDX name_idx; @@ -31,7 +30,7 @@ return NULL; return ossl_bsearch(&name_idx, list->properties, list->num_properties, - sizeof(*list->properties), &property_idx_cmp, 0); + sizeof(*list->properties), &property_idx_cmp, 0); } OSSL_PROPERTY_TYPE ossl_property_get_type(const OSSL_PROPERTY_DEFINITION *prop) @@ -40,7 +39,7 @@ } const char *ossl_property_get_string_value(OSSL_LIB_CTX *libctx, - const OSSL_PROPERTY_DEFINITION *prop) + const OSSL_PROPERTY_DEFINITION *prop) { const char *value = NULL; @@ -64,8 +63,8 @@ return query->has_optional ? 1 : 0; } -int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, - const OSSL_PROPERTY_LIST *prop_list) +int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, + const OSSL_PROPERTY_LIST *prop_list) { const OSSL_PROPERTY_DEFINITION *prop; @@ -74,9 +73,8 @@ if (prop == NULL || prop->optional || prop->oper == OSSL_PROPERTY_OVERRIDE) return 0; return (prop->type == OSSL_PROPERTY_TYPE_STRING - && ((prop->oper == OSSL_PROPERTY_OPER_EQ - && prop->v.str_val == OSSL_PROPERTY_TRUE) - || (prop->oper == OSSL_PROPERTY_OPER_NE - && prop->v.str_val != OSSL_PROPERTY_TRUE))); + && ((prop->oper == OSSL_PROPERTY_OPER_EQ + && prop->v.str_val == OSSL_PROPERTY_TRUE) + || (prop->oper == OSSL_PROPERTY_OPER_NE + && prop->v.str_val != OSSL_PROPERTY_TRUE))); } - --- crypto/openssl/crypto/property/property_string.c.orig +++ crypto/openssl/crypto/property/property_string.c @@ -83,7 +83,8 @@ OPENSSL_free(propdata); } -static void *property_string_data_new(OSSL_LIB_CTX *ctx) { +static void *property_string_data_new(OSSL_LIB_CTX *ctx) +{ PROPERTY_STRING_DATA *propdata = OPENSSL_zalloc(sizeof(*propdata)); if (propdata == NULL) @@ -94,12 +95,12 @@ goto err; propdata->prop_names = lh_PROPERTY_STRING_new(&property_hash, - &property_cmp); + &property_cmp); if (propdata->prop_names == NULL) goto err; propdata->prop_values = lh_PROPERTY_STRING_new(&property_hash, - &property_cmp); + &property_cmp); if (propdata->prop_values == NULL) goto err; @@ -117,7 +118,7 @@ }; static PROPERTY_STRING *new_property_string(const char *s, - OSSL_PROPERTY_IDX *pidx) + OSSL_PROPERTY_IDX *pidx) { const size_t l = strlen(s); PROPERTY_STRING *ps = OPENSSL_malloc(sizeof(*ps) + l); @@ -135,9 +136,9 @@ } static OSSL_PROPERTY_IDX ossl_property_string(CRYPTO_RWLOCK *lock, - PROP_TABLE *t, - OSSL_PROPERTY_IDX *pidx, - const char *s) + PROP_TABLE *t, + OSSL_PROPERTY_IDX *pidx, + const char *s) { PROPERTY_STRING p, *ps, *ps_new; @@ -182,12 +183,12 @@ } static const char *ossl_property_str(int name, OSSL_LIB_CTX *ctx, - OSSL_PROPERTY_IDX idx) + OSSL_PROPERTY_IDX idx) { struct find_str_st findstr; PROPERTY_STRING_DATA *propdata = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX, - &property_string_data_method); + &property_string_data_method); if (propdata == NULL) return NULL; @@ -201,24 +202,24 @@ } lh_PROPERTY_STRING_doall_arg(name ? propdata->prop_names : propdata->prop_values, - find_str_fn, &findstr); + find_str_fn, &findstr); CRYPTO_THREAD_unlock(propdata->lock); return findstr.str; } OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s, - int create) + int create) { PROPERTY_STRING_DATA *propdata = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX, - &property_string_data_method); + &property_string_data_method); if (propdata == NULL) return 0; return ossl_property_string(propdata->lock, propdata->prop_names, - create ? &propdata->prop_name_idx : NULL, - s); + create ? &propdata->prop_name_idx : NULL, + s); } const char *ossl_property_name_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx) @@ -227,17 +228,17 @@ } OSSL_PROPERTY_IDX ossl_property_value(OSSL_LIB_CTX *ctx, const char *s, - int create) + int create) { PROPERTY_STRING_DATA *propdata = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX, - &property_string_data_method); + &property_string_data_method); if (propdata == NULL) return 0; return ossl_property_string(propdata->lock, propdata->prop_values, - create ? &propdata->prop_value_idx : NULL, - s); + create ? &propdata->prop_value_idx : NULL, + s); } const char *ossl_property_value_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx) --- crypto/openssl/crypto/provider.c.orig +++ crypto/openssl/crypto/provider.c @@ -16,7 +16,7 @@ #include "provider_local.h" OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name, - int retain_fallbacks) + int retain_fallbacks) { OSSL_PROVIDER *prov = NULL, *actual; int isnew = 0; @@ -76,15 +76,15 @@ } const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { return ossl_provider_query_operation(prov, operation_id, no_cache); } void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov, - int operation_id, - const OSSL_ALGORITHM *algs) + int operation_id, + const OSSL_ALGORITHM *algs) { ossl_provider_unquery_operation(prov, operation_id, algs); } @@ -105,15 +105,15 @@ } int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, - const char *capability, - OSSL_CALLBACK *cb, - void *arg) + const char *capability, + OSSL_CALLBACK *cb, + void *arg) { return ossl_provider_get_capabilities(prov, capability, cb, arg); } int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name, - OSSL_provider_init_fn *init_fn) + OSSL_provider_init_fn *init_fn) { OSSL_PROVIDER_INFO entry; @@ -141,9 +141,9 @@ } int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx, - int (*cb)(OSSL_PROVIDER *provider, - void *cbdata), - void *cbdata) + int (*cb)(OSSL_PROVIDER *provider, + void *cbdata), + void *cbdata) { return ossl_provider_doall_activated(ctx, cb, cbdata); } --- crypto/openssl/crypto/provider_child.c.orig +++ crypto/openssl/crypto/provider_child.c @@ -55,9 +55,9 @@ static OSSL_provider_init_fn ossl_child_provider_init; static int ossl_child_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; OSSL_LIB_CTX *ctx; @@ -85,7 +85,7 @@ ctx = (OSSL_LIB_CTX *)c_get_libctx(handle); gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); + &child_prov_ossl_ctx_method); if (gbl == NULL) return 0; @@ -104,7 +104,7 @@ int ret = 0; gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); + &child_prov_ossl_ctx_method); if (gbl == NULL) return 0; @@ -139,7 +139,8 @@ * init children */ if ((cprov = ossl_provider_new(ctx, provname, ossl_child_provider_init, - 1)) == NULL) + 1)) + == NULL) goto err; if (!ossl_provider_activate(cprov, 0, 0)) { @@ -156,7 +157,7 @@ } ret = 1; - err: +err: CRYPTO_THREAD_unlock(gbl->lock); return ret; } @@ -169,7 +170,7 @@ OSSL_PROVIDER *cprov; gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); + &child_prov_ossl_ctx_method); if (gbl == NULL) return 0; @@ -183,7 +184,7 @@ */ ossl_provider_free(cprov); if (ossl_provider_is_child(cprov) - && !ossl_provider_deactivate(cprov, 1)) + && !ossl_provider_deactivate(cprov, 1)) return 0; return 1; @@ -197,8 +198,8 @@ } int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, - const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in) + const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in) { struct child_prov_globals *gbl; @@ -206,7 +207,7 @@ return 0; gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); + &child_prov_ossl_ctx_method); if (gbl == NULL) return 0; @@ -248,12 +249,12 @@ } if (gbl->c_get_libctx == NULL - || gbl->c_provider_register_child_cb == NULL - || gbl->c_prov_name == NULL - || gbl->c_prov_get0_provider_ctx == NULL - || gbl->c_prov_get0_dispatch == NULL - || gbl->c_prov_up_ref == NULL - || gbl->c_prov_free == NULL) + || gbl->c_provider_register_child_cb == NULL + || gbl->c_prov_name == NULL + || gbl->c_prov_get0_provider_ctx == NULL + || gbl->c_prov_get0_dispatch == NULL + || gbl->c_prov_up_ref == NULL + || gbl->c_prov_free == NULL) return 0; gbl->lock = CRYPTO_THREAD_lock_new(); @@ -261,10 +262,10 @@ return 0; if (!gbl->c_provider_register_child_cb(gbl->handle, - provider_create_child_cb, - provider_remove_child_cb, - provider_global_props_cb, - ctx)) + provider_create_child_cb, + provider_remove_child_cb, + provider_global_props_cb, + ctx)) return 0; return 1; @@ -274,7 +275,7 @@ { struct child_prov_globals *gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); + &child_prov_ossl_ctx_method); if (gbl == NULL) return; @@ -299,8 +300,8 @@ const OSSL_CORE_HANDLE *parent_handle; gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov), - OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); + OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, + &child_prov_ossl_ctx_method); if (gbl == NULL) return 0; @@ -316,8 +317,8 @@ const OSSL_CORE_HANDLE *parent_handle; gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov), - OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); + OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, + &child_prov_ossl_ctx_method); if (gbl == NULL) return 0; --- crypto/openssl/crypto/provider_conf.c.orig +++ crypto/openssl/crypto/provider_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,7 @@ PROVIDER_CONF_GLOBAL *pcgbl = vpcgbl; sk_OSSL_PROVIDER_pop_free(pcgbl->activated_providers, - ossl_provider_free); + ossl_provider_free); OSSL_TRACE(CONF, "Cleaned up providers\n"); CRYPTO_THREAD_lock_free(pcgbl->lock); @@ -78,10 +78,10 @@ * < 0 for fatal errors */ static int provider_conf_params_internal(OSSL_PROVIDER *prov, - OSSL_PROVIDER_INFO *provinfo, - const char *name, const char *value, - const CONF *cnf, - STACK_OF(OPENSSL_CSTRING) *visited) + OSSL_PROVIDER_INFO *provinfo, + const char *name, const char *value, + const CONF *cnf, + STACK_OF(OPENSSL_CSTRING) *visited) { STACK_OF(CONF_VALUE) *sect; int ok = 1; @@ -130,7 +130,7 @@ buffer[buffer_len] = '\0'; OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer)); rc = provider_conf_params_internal(prov, provinfo, buffer, - sectconf->value, cnf, visited); + sectconf->value, cnf, visited); if (rc < 0) { sk_OPENSSL_CSTRING_pop(visited); return rc; @@ -152,16 +152,16 @@ /* * recursively parse the provider configuration section - * of the config file. + * of the config file. * Returns * 1 on success * 0 on non-fatal error * < 0 on fatal errors */ static int provider_conf_params(OSSL_PROVIDER *prov, - OSSL_PROVIDER_INFO *provinfo, - const char *name, const char *value, - const CONF *cnf) + OSSL_PROVIDER_INFO *provinfo, + const char *name, const char *value, + const CONF *cnf) { int rc; STACK_OF(OPENSSL_CSTRING) *visited = sk_OPENSSL_CSTRING_new_null(); @@ -170,7 +170,7 @@ return -1; rc = provider_conf_params_internal(prov, provinfo, name, - value, cnf, visited); + value, cnf, visited); sk_OPENSSL_CSTRING_free(visited); @@ -178,7 +178,7 @@ } static int prov_already_activated(const char *name, - STACK_OF(OSSL_PROVIDER) *activated) + STACK_OF(OSSL_PROVIDER) *activated) { int i, max; @@ -198,7 +198,7 @@ } static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, - const char *value, const CONF *cnf) + const char *value, const CONF *cnf) { int i; STACK_OF(CONF_VALUE) *ecmds; @@ -216,7 +216,7 @@ if (!ecmds) { ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, - "section=%s not found", value); + "section=%s not found", value); return 0; } @@ -227,7 +227,7 @@ const char *confvalue = ecmd->value; OSSL_TRACE2(CONF, "Provider command: %s = %s\n", - confname, confvalue); + confname, confvalue); /* First handle some special pseudo confs */ @@ -246,7 +246,7 @@ if (activate) { PROVIDER_CONF_GLOBAL *pcgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, - &provider_conf_ossl_ctx_method); + &provider_conf_ossl_ctx_method); if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); @@ -254,12 +254,12 @@ } if (!prov_already_activated(name, pcgbl->activated_providers)) { /* - * There is an attempt to activate a provider, so we should disable - * loading of fallbacks. Otherwise a misconfiguration could mean the - * intended provider does not get loaded. Subsequent fetches could - * then fallback to the default provider - which may be the wrong - * thing. - */ + * There is an attempt to activate a provider, so we should disable + * loading of fallbacks. Otherwise a misconfiguration could mean the + * intended provider does not get loaded. Subsequent fetches could + * then fallback to the default provider - which may be the wrong + * thing. + */ if (!ossl_provider_disable_fallback_loading(libctx)) { CRYPTO_THREAD_unlock(pcgbl->lock); ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); @@ -287,7 +287,7 @@ ossl_provider_deactivate(prov, 1); ok = 0; } else if (actual != prov - && !ossl_provider_activate(actual, 1, 0)) { + && !ossl_provider_activate(actual, 1, 0)) { ossl_provider_free(actual); ok = 0; } else { @@ -295,7 +295,7 @@ pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); if (pcgbl->activated_providers == NULL || !sk_OSSL_PROVIDER_push(pcgbl->activated_providers, - actual)) { + actual)) { ossl_provider_deactivate(actual, 1); ossl_provider_free(actual); ok = 0; @@ -331,7 +331,7 @@ ok = provider_conf_params(NULL, &entry, NULL, value, cnf); if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) { ok = ossl_provider_info_add_to_store(libctx, &entry); - added = 1; + added = ok; } if (added == 0) ossl_provider_info_clear(&entry); @@ -355,7 +355,7 @@ int i; OSSL_TRACE1(CONF, "Loading providers module: section %s\n", - CONF_imodule_get_value(md)); + CONF_imodule_get_value(md)); /* Value is a section containing PROVIDERs to configure */ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); @@ -368,7 +368,7 @@ for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { cval = sk_CONF_VALUE_value(elist, i); if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf), - cval->name, cval->value, cnf)) + cval->name, cval->value, cnf)) return 0; } --- crypto/openssl/crypto/provider_core.c.orig +++ crypto/openssl/crypto/provider_core.c @@ -30,7 +30,7 @@ #include "internal/core.h" #include "provider_local.h" #ifndef FIPS_MODULE -# include +#include #endif /* @@ -117,8 +117,8 @@ */ static OSSL_PROVIDER *provider_new(const char *name, - OSSL_provider_init_fn *init_function, - STACK_OF(INFOPAIR) *parameters); + OSSL_provider_init_fn *init_function, + STACK_OF(INFOPAIR) *parameters); /*- * Provider Object structure @@ -136,20 +136,20 @@ DEFINE_STACK_OF(OSSL_PROVIDER_CHILD_CB) #endif -struct provider_store_st; /* Forward declaration */ +struct provider_store_st; /* Forward declaration */ struct ossl_provider_st { /* Flag bits */ - unsigned int flag_initialized:1; - unsigned int flag_activated:1; - unsigned int flag_fallback:1; /* Can be used as fallback */ + unsigned int flag_initialized : 1; + unsigned int flag_activated : 1; + unsigned int flag_fallback : 1; /* Can be used as fallback */ /* Getting and setting the flags require synchronization */ CRYPTO_RWLOCK *flag_lock; /* OpenSSL library side data */ CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */ + CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */ int activatecnt; char *name; char *path; @@ -163,10 +163,10 @@ * In the FIPS module inner provider, this isn't needed, since the * error upcalls are always direct calls to the outer provider. */ - int error_lib; /* ERR library number, one for each provider */ -# ifndef OPENSSL_NO_ERR + int error_lib; /* ERR library number, one for each provider */ +#ifndef OPENSSL_NO_ERR ERR_STRING_DATA *error_strings; /* Copy of what the provider gives us */ -# endif +#endif #endif /* Provider side functions */ @@ -189,7 +189,7 @@ #ifndef FIPS_MODULE /* Whether this provider is the child of some other provider */ const OSSL_CORE_HANDLE *handle; - unsigned int ischild:1; + unsigned int ischild : 1; #endif /* Provider side data */ @@ -198,8 +198,8 @@ }; DEFINE_STACK_OF(OSSL_PROVIDER) -static int ossl_provider_cmp(const OSSL_PROVIDER * const *a, - const OSSL_PROVIDER * const *b) +static int ossl_provider_cmp(const OSSL_PROVIDER *const *a, + const OSSL_PROVIDER *const *b) { return strcmp((*a)->name, (*b)->name); } @@ -222,8 +222,8 @@ OSSL_PROVIDER_INFO *provinfo; size_t numprovinfo; size_t provinfosz; - unsigned int use_fallbacks:1; - unsigned int freeing:1; + unsigned int use_fallbacks : 1; + unsigned int freeing : 1; }; /* @@ -270,7 +270,7 @@ goto err; } return dest; - err: +err: OPENSSL_free(dest->name); OPENSSL_free(dest); return NULL; @@ -295,7 +295,7 @@ sk_OSSL_PROVIDER_pop_free(store->providers, provider_deactivate_free); #ifndef FIPS_MODULE sk_OSSL_PROVIDER_CHILD_CB_pop_free(store->child_cbs, - ossl_provider_child_cb_free); + ossl_provider_child_cb_free); #endif CRYPTO_THREAD_lock_free(store->default_path_lock); CRYPTO_THREAD_lock_free(store->lock); @@ -337,7 +337,7 @@ struct provider_store_st *store = NULL; store = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_STORE_INDEX, - &provider_store_method); + &provider_store_method); if (store == NULL) ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); return store; @@ -357,10 +357,10 @@ return 0; } -#define BUILTINS_BLOCK_SIZE 10 +#define BUILTINS_BLOCK_SIZE 10 int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx, - OSSL_PROVIDER_INFO *entry) + OSSL_PROVIDER_INFO *entry) { struct provider_store_st *store = get_provider_store(libctx); int ret = 0; @@ -379,7 +379,7 @@ return 0; if (store->provinfosz == 0) { store->provinfo = OPENSSL_zalloc(sizeof(*store->provinfo) - * BUILTINS_BLOCK_SIZE); + * BUILTINS_BLOCK_SIZE); if (store->provinfo == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); goto err; @@ -390,7 +390,7 @@ size_t newsz = store->provinfosz + BUILTINS_BLOCK_SIZE; tmpbuiltins = OPENSSL_realloc(store->provinfo, - sizeof(*store->provinfo) * newsz); + sizeof(*store->provinfo) * newsz); if (tmpbuiltins == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); goto err; @@ -402,19 +402,21 @@ store->numprovinfo++; ret = 1; - err: +err: CRYPTO_THREAD_unlock(store->lock); return ret; } OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, - ossl_unused int noconfig) + ossl_unused int noconfig) { struct provider_store_st *store = NULL; OSSL_PROVIDER *prov = NULL; if ((store = get_provider_store(libctx)) != NULL) { - OSSL_PROVIDER tmpl = { 0, }; + OSSL_PROVIDER tmpl = { + 0, + }; int i; #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG) @@ -451,8 +453,8 @@ */ static OSSL_PROVIDER *provider_new(const char *name, - OSSL_provider_init_fn *init_function, - STACK_OF(INFOPAIR) *parameters) + OSSL_provider_init_fn *init_function, + STACK_OF(INFOPAIR) *parameters) { OSSL_PROVIDER *prov = NULL; @@ -460,7 +462,7 @@ #ifndef HAVE_ATOMICS || (prov->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL #endif - ) { + ) { OPENSSL_free(prov); ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; @@ -472,8 +474,9 @@ || (prov->flag_lock = CRYPTO_THREAD_lock_new()) == NULL || (prov->name = OPENSSL_strdup(name)) == NULL || (prov->parameters = sk_INFOPAIR_deep_copy(parameters, - infopair_copy, - infopair_free)) == NULL) { + infopair_copy, + infopair_free)) + == NULL) { ossl_provider_free(prov); ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; @@ -528,8 +531,8 @@ * will fail. */ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, - OSSL_provider_init_fn *init_function, - int noconfig) + OSSL_provider_init_fn *init_function, + int noconfig) { struct provider_store_st *store = NULL; OSSL_PROVIDER_INFO template; @@ -615,11 +618,13 @@ } int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, - int retain_fallbacks) + int retain_fallbacks) { struct provider_store_st *store; int idx; - OSSL_PROVIDER tmpl = { 0, }; + OSSL_PROVIDER tmpl = { + 0, + }; OSSL_PROVIDER *actualtmp = NULL; if (actualprov != NULL) @@ -678,7 +683,7 @@ return 1; - err: +err: CRYPTO_THREAD_unlock(store->lock); return 0; } @@ -702,13 +707,13 @@ if (prov->flag_initialized) { ossl_provider_teardown(prov); #ifndef OPENSSL_NO_ERR -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE if (prov->error_strings != NULL) { ERR_unload_strings(prov->error_lib, prov->error_strings); OPENSSL_free(prov->error_strings); prov->error_strings = NULL; } -# endif +#endif #endif OPENSSL_free(prov->operation_bits); prov->operation_bits = NULL; @@ -757,7 +762,7 @@ } static int infopair_add(STACK_OF(INFOPAIR) **infopairsk, const char *name, - const char *value) + const char *value) { INFOPAIR *pair = NULL; @@ -779,14 +784,14 @@ } int ossl_provider_add_parameter(OSSL_PROVIDER *prov, - const char *name, const char *value) + const char *name, const char *value) { return infopair_add(&prov->parameters, name, value); } int ossl_provider_info_add_parameter(OSSL_PROVIDER_INFO *provinfo, - const char *name, - const char *value) + const char *name, + const char *value) { return infopair_add(&provinfo->parameters, name, value); } @@ -806,7 +811,7 @@ static const OSSL_DISPATCH *core_dispatch; /* Define further down */ int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx, - const char *path) + const char *path) { struct provider_store_st *store; char *p = NULL; @@ -819,7 +824,7 @@ } } if ((store = get_provider_store(libctx)) != NULL - && CRYPTO_THREAD_write_lock(store->default_path_lock)) { + && CRYPTO_THREAD_write_lock(store->default_path_lock)) { OPENSSL_free(store->default_path); store->default_path = p; CRYPTO_THREAD_unlock(store->default_path_lock); @@ -837,11 +842,11 @@ static int provider_init(OSSL_PROVIDER *prov) { const OSSL_DISPATCH *provider_dispatch = NULL; - void *tmp_provctx = NULL; /* safety measure */ + void *tmp_provctx = NULL; /* safety measure */ #ifndef OPENSSL_NO_ERR -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE OSSL_FUNC_provider_get_reason_strings_fn *p_get_reason_strings = NULL; -# endif +#endif #endif int ok = 0; @@ -872,7 +877,7 @@ } if ((store = get_provider_store(prov->libctx)) == NULL - || !CRYPTO_THREAD_read_lock(store->default_path_lock)) + || !CRYPTO_THREAD_read_lock(store->default_path_lock)) goto end; if (store->default_path != NULL) { @@ -894,12 +899,11 @@ } DSO_ctrl(prov->module, DSO_CTRL_SET_FLAGS, - DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); + DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); module_path = prov->path; if (module_path == NULL) - module_path = allocated_path = - DSO_convert_filename(prov->module, prov->name); + module_path = allocated_path = DSO_convert_filename(prov->module, prov->name); if (module_path != NULL) merged_path = DSO_merge(prov->module, module_path, load_dir); @@ -917,7 +921,7 @@ if (prov->module == NULL) { /* DSO has already recorded errors, this is just a tracepoint */ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_DSO_LIB, - "name=%s", prov->name); + "name=%s", prov->name); goto end; } @@ -929,15 +933,15 @@ /* Check for and call the initialise function for the provider. */ if (prov->init_function == NULL) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED, - "name=%s, provider has no provider init function", - prov->name); + "name=%s, provider has no provider init function", + prov->name); goto end; } if (!prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch, - &provider_dispatch, &tmp_provctx)) { + &provider_dispatch, &tmp_provctx)) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, - "name=%s", prov->name); + "name=%s", prov->name); goto end; } prov->provctx = tmp_provctx; @@ -947,47 +951,39 @@ for (; provider_dispatch->function_id != 0; provider_dispatch++) { switch (provider_dispatch->function_id) { case OSSL_FUNC_PROVIDER_TEARDOWN: - prov->teardown = - OSSL_FUNC_provider_teardown(provider_dispatch); + prov->teardown = OSSL_FUNC_provider_teardown(provider_dispatch); break; case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS: - prov->gettable_params = - OSSL_FUNC_provider_gettable_params(provider_dispatch); + prov->gettable_params = OSSL_FUNC_provider_gettable_params(provider_dispatch); break; case OSSL_FUNC_PROVIDER_GET_PARAMS: - prov->get_params = - OSSL_FUNC_provider_get_params(provider_dispatch); + prov->get_params = OSSL_FUNC_provider_get_params(provider_dispatch); break; case OSSL_FUNC_PROVIDER_SELF_TEST: - prov->self_test = - OSSL_FUNC_provider_self_test(provider_dispatch); + prov->self_test = OSSL_FUNC_provider_self_test(provider_dispatch); break; case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: - prov->get_capabilities = - OSSL_FUNC_provider_get_capabilities(provider_dispatch); + prov->get_capabilities = OSSL_FUNC_provider_get_capabilities(provider_dispatch); break; case OSSL_FUNC_PROVIDER_QUERY_OPERATION: - prov->query_operation = - OSSL_FUNC_provider_query_operation(provider_dispatch); + prov->query_operation = OSSL_FUNC_provider_query_operation(provider_dispatch); break; case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: - prov->unquery_operation = - OSSL_FUNC_provider_unquery_operation(provider_dispatch); + prov->unquery_operation = OSSL_FUNC_provider_unquery_operation(provider_dispatch); break; #ifndef OPENSSL_NO_ERR -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: - p_get_reason_strings = - OSSL_FUNC_provider_get_reason_strings(provider_dispatch); + p_get_reason_strings = OSSL_FUNC_provider_get_reason_strings(provider_dispatch); break; -# endif +#endif #endif } } } #ifndef OPENSSL_NO_ERR -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE if (p_get_reason_strings != NULL) { const OSSL_ITEM *reasonstrings = p_get_reason_strings(prov->provctx); size_t cnt, cnt2; @@ -1005,11 +1001,10 @@ goto end; cnt++; } - cnt++; /* One for the terminating item */ + cnt++; /* One for the terminating item */ /* Allocate one extra item for the "library" name */ - prov->error_strings = - OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1)); + prov->error_strings = OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1)); if (prov->error_strings == NULL) goto end; @@ -1023,20 +1018,20 @@ * 1..cnt. */ for (cnt2 = 1; cnt2 <= cnt; cnt2++) { - prov->error_strings[cnt2].error = (int)reasonstrings[cnt2-1].id; - prov->error_strings[cnt2].string = reasonstrings[cnt2-1].ptr; + prov->error_strings[cnt2].error = (int)reasonstrings[cnt2 - 1].id; + prov->error_strings[cnt2].string = reasonstrings[cnt2 - 1].ptr; } ERR_load_strings(prov->error_lib, prov->error_strings); } -# endif +#endif #endif /* With this flag set, this provider has become fully "loaded". */ prov->flag_initialized = 1; ok = 1; - end: +end: return ok; } @@ -1047,7 +1042,7 @@ * Return -1 on failure and the activation count on success */ static int provider_deactivate(OSSL_PROVIDER *prov, int upcalls, - int removechildren) + int removechildren) { int count; struct provider_store_st *store; @@ -1129,9 +1124,9 @@ store = prov->store; /* - * If the provider hasn't been added to the store, then we don't need - * any locks because we've not shared it with other threads. - */ + * If the provider hasn't been added to the store, then we don't need + * any locks because we've not shared it with other threads. + */ if (store == NULL) { lock = 0; if (!provider_init(prov)) @@ -1274,7 +1269,7 @@ int count; if (prov == NULL - || (count = provider_deactivate(prov, 1, removechildren)) < 0) + || (count = provider_deactivate(prov, 1, removechildren)) < 0) return 0; return count == 0 ? provider_remove_store_methods(prov) : 1; } @@ -1351,15 +1346,15 @@ store->use_fallbacks = 0; ret = 1; } - err: +err: CRYPTO_THREAD_unlock(store->lock); return ret; } int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, - int (*cb)(OSSL_PROVIDER *provider, - void *cbdata), - void *cbdata) + int (*cb)(OSSL_PROVIDER *provider, + void *cbdata), + void *cbdata) { int ret = 0, curr, max, ref = 0; struct provider_store_st *store = get_provider_store(ctx); @@ -1447,9 +1442,9 @@ ret = 1; goto finish; - err_unlock: +err_unlock: CRYPTO_THREAD_unlock(store->lock); - finish: +finish: /* * The pop_free call doesn't do what we want on an error condition. We * either start from the first item in the stack, or part way through if @@ -1561,22 +1556,24 @@ { if (prov->teardown != NULL #ifndef FIPS_MODULE - && !prov->ischild + && !prov->ischild #endif - ) + ) prov->teardown(prov->provctx); } const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov) { return prov->gettable_params == NULL - ? NULL : prov->gettable_params(prov->provctx); + ? NULL + : prov->gettable_params(prov->provctx); } int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) { return prov->get_params == NULL - ? 0 : prov->get_params(prov->provctx, params); + ? 0 + : prov->get_params(prov->provctx, params); } int ossl_provider_self_test(const OSSL_PROVIDER *prov) @@ -1592,17 +1589,18 @@ } int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, - const char *capability, - OSSL_CALLBACK *cb, - void *arg) + const char *capability, + OSSL_CALLBACK *cb, + void *arg) { return prov->get_capabilities == NULL - ? 1 : prov->get_capabilities(prov->provctx, capability, cb, arg); + ? 1 + : prov->get_capabilities(prov->provctx, capability, cb, arg); } const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { const OSSL_ALGORITHM *res; @@ -1618,8 +1616,8 @@ } void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, - int operation_id, - const OSSL_ALGORITHM *algs) + int operation_id, + const OSSL_ALGORITHM *algs) { if (prov->unquery_operation != NULL) prov->unquery_operation(prov->provctx, operation_id, algs); @@ -1634,7 +1632,7 @@ return 0; if (provider->operation_bits_sz <= byte) { unsigned char *tmp = OPENSSL_realloc(provider->operation_bits, - byte + 1); + byte + 1); if (tmp == NULL) { CRYPTO_THREAD_unlock(provider->opbits_lock); @@ -1643,7 +1641,7 @@ } provider->operation_bits = tmp; memset(provider->operation_bits + provider->operation_bits_sz, - '\0', byte + 1 - provider->operation_bits_sz); + '\0', byte + 1 - provider->operation_bits_sz); provider->operation_bits_sz = byte + 1; } provider->operation_bits[byte] |= bit; @@ -1652,7 +1650,7 @@ } int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, - int *result) + int *result) { size_t byte = bitnum / 8; unsigned char bit = (1 << (bitnum % 8)) & 0xFF; @@ -1715,16 +1713,16 @@ } static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle, - int (*create_cb)( - const OSSL_CORE_HANDLE *provider, - void *cbdata), - int (*remove_cb)( - const OSSL_CORE_HANDLE *provider, - void *cbdata), - int (*global_props_cb)( - const char *props, - void *cbdata), - void *cbdata) + int (*create_cb)( + const OSSL_CORE_HANDLE *provider, + void *cbdata), + int (*remove_cb)( + const OSSL_CORE_HANDLE *provider, + void *cbdata), + int (*global_props_cb)( + const char *props, + void *cbdata), + void *cbdata) { /* * This is really an OSSL_PROVIDER that we created and cast to @@ -1846,10 +1844,10 @@ static const OSSL_PARAM param_types[] = { OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_PROV_NAME, OSSL_PARAM_UTF8_PTR, - NULL, 0), + NULL, 0), #ifndef FIPS_MODULE OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, OSSL_PARAM_UTF8_PTR, - NULL, 0), + NULL, 0), #endif OSSL_PARAM_END }; @@ -1932,7 +1930,8 @@ #ifndef FIPS_MODULE if ((p = OSSL_PARAM_locate(params, - OSSL_PROV_PARAM_CORE_MODULE_FILENAME)) != NULL) + OSSL_PROV_PARAM_CORE_MODULE_FILENAME)) + != NULL) OSSL_PARAM_set_utf8_ptr(p, ossl_provider_module_path(prov)); #endif @@ -1967,8 +1966,8 @@ } static int core_thread_start(const OSSL_CORE_HANDLE *handle, - OSSL_thread_stop_handler_fn handfn, - void *arg) + OSSL_thread_stop_handler_fn handfn, + void *arg) { /* * We created this object originally and we know it is actually an @@ -1998,13 +1997,13 @@ } static void core_set_error_debug(const OSSL_CORE_HANDLE *handle, - const char *file, int line, const char *func) + const char *file, int line, const char *func) { ERR_set_debug(file, line, func); } static void core_vset_error(const OSSL_CORE_HANDLE *handle, - uint32_t reason, const char *fmt, va_list args) + uint32_t reason, const char *fmt, va_list args) { /* * We created this object originally and we know it is actually an @@ -2040,7 +2039,7 @@ } static void core_self_test_get_callback(OPENSSL_CORE_CTX *libctx, - OSSL_CALLBACK **cb, void **cbarg) + OSSL_CALLBACK **cb, void **cbarg) { OSSL_SELF_TEST_get_callback((OSSL_LIB_CTX *)libctx, cb, cbarg); } @@ -2062,20 +2061,20 @@ } static int core_provider_up_ref_intern(const OSSL_CORE_HANDLE *prov, - int activate) + int activate) { return provider_up_ref_intern((OSSL_PROVIDER *)prov, activate); } static int core_provider_free_intern(const OSSL_CORE_HANDLE *prov, - int deactivate) + int deactivate) { return provider_free_intern((OSSL_PROVIDER *)prov, deactivate); } static int core_obj_add_sigid(const OSSL_CORE_HANDLE *prov, - const char *sign_name, const char *digest_name, - const char *pkey_name) + const char *sign_name, const char *digest_name, + const char *pkey_name) { int sign_nid = OBJ_txt2nid(sign_name); int digest_nid = NID_undef; @@ -2083,7 +2082,7 @@ if (digest_name != NULL && digest_name[0] != '\0' && (digest_nid = OBJ_txt2nid(digest_name)) == NID_undef) - return 0; + return 0; if (sign_nid == NID_undef) return 0; @@ -2102,11 +2101,11 @@ } static int core_obj_create(const OSSL_CORE_HANDLE *prov, const char *oid, - const char *sn, const char *ln) + const char *sn, const char *ln) { /* Check if it already exists and create it if not */ return OBJ_txt2nid(oid) != NID_undef - || OBJ_create(oid, sn, ln) != NID_undef; + || OBJ_create(oid, sn, ln) != NID_undef; } #endif /* FIPS_MODULE */ @@ -2124,7 +2123,7 @@ { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error }, { OSSL_FUNC_CORE_SET_ERROR_MARK, (void (*)(void))core_set_error_mark }, { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, - (void (*)(void))core_clear_last_error_mark }, + (void (*)(void))core_clear_last_error_mark }, { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark }, { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file }, { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf }, --- crypto/openssl/crypto/provider_local.h.orig +++ crypto/openssl/crypto/provider_local.h @@ -20,14 +20,14 @@ char *path; OSSL_provider_init_fn *init; STACK_OF(INFOPAIR) *parameters; - unsigned int is_fallback:1; + unsigned int is_fallback : 1; } OSSL_PROVIDER_INFO; extern const OSSL_PROVIDER_INFO ossl_predefined_providers[]; void ossl_provider_info_clear(OSSL_PROVIDER_INFO *info); int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx, - OSSL_PROVIDER_INFO *entry); + OSSL_PROVIDER_INFO *entry); int ossl_provider_info_add_parameter(OSSL_PROVIDER_INFO *provinfo, - const char *name, - const char *value); + const char *name, + const char *value); --- crypto/openssl/crypto/provider_predefined.c.orig +++ crypto/openssl/crypto/provider_predefined.c @@ -22,9 +22,9 @@ { "fips", NULL, ossl_fips_intern_provider_init, NULL, 1 }, #else { "default", NULL, ossl_default_provider_init, NULL, 1 }, -# ifdef STATIC_LEGACY +#ifdef STATIC_LEGACY { "legacy", NULL, ossl_legacy_provider_init, NULL, 0 }, -# endif +#endif { "base", NULL, ossl_base_provider_init, NULL, 0 }, { "null", NULL, ossl_null_provider_init, NULL, 0 }, #endif --- crypto/openssl/crypto/punycode.c.orig +++ crypto/openssl/crypto/punycode.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ */ static int adapt(unsigned int delta, unsigned int numpoints, - unsigned int firsttime) + unsigned int firsttime) { unsigned int k = 0; @@ -116,7 +116,7 @@ */ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, - unsigned int *pDecoded, unsigned int *pout_length) + unsigned int *pDecoded, unsigned int *pout_length) { unsigned int n = initial_n; unsigned int i = 0; @@ -164,7 +164,8 @@ return 0; i = i + digit * w; - t = (k <= bias) ? tmin : (k >= bias + tmax) ? tmax : k - bias; + t = (k <= bias) ? tmin : (k >= bias + tmax) ? tmax + : k - bias; if ((unsigned int)digit < t) break; @@ -184,7 +185,7 @@ return 0; memmove(pDecoded + i + 1, pDecoded + i, - (written_out - i) * sizeof(*pDecoded)); + (written_out - i) * sizeof(*pDecoded)); pDecoded[i] = n; i++; written_out++; @@ -257,7 +258,7 @@ size_t size = 0, maxsize; int result = 1; unsigned int i, j; - unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */ + unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */ if (out == NULL) { result = 0; @@ -266,16 +267,16 @@ maxsize = *outlen; } -#define PUSHC(c) \ - do \ - if (size++ < maxsize) \ - *outptr++ = c; \ - else \ - result = 0; \ +#define PUSHC(c) \ + do \ + if (size++ < maxsize) \ + *outptr++ = c; \ + else \ + result = 0; \ while (0) while (1) { - char *tmpptr = strchr(inptr, '.'); + const char *tmpptr = strchr(inptr, '.'); size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr); if (strncmp(inptr, "xn--", 4) != 0) { --- crypto/openssl/crypto/rand/prov_seed.c.orig +++ crypto/openssl/crypto/rand/prov_seed.c @@ -13,8 +13,8 @@ #include size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, int entropy, - size_t min_len, size_t max_len) + unsigned char **pout, int entropy, + size_t min_len, size_t max_len) { size_t ret = 0; size_t entropy_available; @@ -30,7 +30,7 @@ entropy_available = ossl_pool_acquire_entropy(pool); if (entropy_available > 0) { - ret = ossl_rand_pool_length(pool); + ret = ossl_rand_pool_length(pool); *pout = ossl_rand_pool_detach(pool); } @@ -39,14 +39,14 @@ } void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len) + unsigned char *buf, size_t len) { OPENSSL_secure_clear_free(buf, len); } size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, size_t min_len, size_t max_len, - const void *salt, size_t salt_len) + unsigned char **pout, size_t min_len, size_t max_len, + const void *salt, size_t salt_len) { size_t ret = 0; RAND_POOL *pool; @@ -62,15 +62,15 @@ if (salt != NULL && !ossl_rand_pool_add(pool, salt, salt_len, 0)) goto err; - ret = ossl_rand_pool_length(pool); + ret = ossl_rand_pool_length(pool); *pout = ossl_rand_pool_detach(pool); - err: +err: ossl_rand_pool_free(pool); return ret; } void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len) + unsigned char *buf, size_t len) { OPENSSL_clear_free(buf, len); } --- crypto/openssl/crypto/rand/rand_deprecated.c.orig +++ crypto/openssl/crypto/rand/rand_deprecated.c @@ -12,10 +12,10 @@ #include #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -# include -# if OPENSSL_API_COMPAT < 0x10100000L +#include +#if OPENSSL_API_COMPAT < 0x10100000L -# define DEPRECATED_RAND_FUNCTIONS_DEFINED +#define DEPRECATED_RAND_FUNCTIONS_DEFINED int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { @@ -27,7 +27,7 @@ { RAND_poll(); } -# endif +#endif #endif #ifndef DEPRECATED_RAND_FUNCTIONS_DEFINED --- crypto/openssl/crypto/rand/rand_egd.c.orig +++ crypto/openssl/crypto/rand/rand_egd.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -35,22 +35,22 @@ #else -# include -# include -# include -# include -# ifndef NO_SYS_UN_H -# include -# else +#include +#include +#include +#include +#ifndef NO_SYS_UN_H +#include +#else struct sockaddr_un { - short sun_family; /* AF_UNIX */ - char sun_path[108]; /* path name (gag) */ + short sun_family; /* AF_UNIX */ + char sun_path[108]; /* path name (gag) */ }; -# endif /* NO_SYS_UN_H */ -# include -# include +#endif /* NO_SYS_UN_H */ +#include +#include -# if defined(OPENSSL_SYS_TANDEM) +#if defined(OPENSSL_SYS_TANDEM) /* * HPNS: * @@ -66,31 +66,30 @@ * the two modes or revise the EGD code to listen on two different sockets * (each in one of the two modes) or use the hardware randomizer. */ -_variable -int hpns_socket(int family, - int type, - int protocol, - char* transport) +_variable int hpns_socket(int family, + int type, + int protocol, + char *transport) { - int socket_rc; + int socket_rc; char current_transport[20]; -# define AF_UNIX_PORTABILITY "$ZAFN2" -# define AF_UNIX_COMPATIBILITY "$ZPLS" +#define AF_UNIX_PORTABILITY "$ZAFN2" +#define AF_UNIX_COMPATIBILITY "$ZPLS" if (!_arg_present(transport) || transport == NULL || transport[0] == '\0') return socket(family, type, protocol); socket_transport_name_get(AF_UNIX, current_transport, 20); - if (strcmp(current_transport,transport) == 0) + if (strcmp(current_transport, transport) == 0) return socket(family, type, protocol); /* set the requested socket transport */ if (socket_transport_name_set(AF_UNIX, transport)) return -1; - socket_rc = socket(family,type,protocol); + socket_rc = socket(family, type, protocol); /* set mode back to what it was */ if (socket_transport_name_set(AF_UNIX, current_transport)) @@ -103,17 +102,19 @@ static int hpns_connect_attempt = 0; -# endif /* defined(OPENSSL_SYS_HPNS) */ - +#endif /* defined(OPENSSL_SYS_HPNS) */ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { FILE *fp = NULL; struct sockaddr_un addr; - int mybuffer, ret = -1, i, numbytes, fd; + int mybuffer, ret = -1, i, numbytes, fd = -1; unsigned char tempbuf[255]; +#if defined(OPENSSL_SYS_TANDEM) + int hpns_connect_attempt = 0; +#endif - if (bytes > (int)sizeof(tempbuf)) + if (bytes <= 0 || bytes > (int)sizeof(tempbuf)) return -1; /* Make socket. */ @@ -128,35 +129,34 @@ #else fd = socket(AF_UNIX, SOCK_STREAM, 0); #endif - if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL) + if (fd == -1) return -1; - setbuf(fp, NULL); /* Try to connect */ - for ( ; ; ) { + for (;;) { if (connect(fd, (struct sockaddr *)&addr, i) == 0) break; -# ifdef EISCONN +#ifdef EISCONN if (errno == EISCONN) break; -# endif +#endif switch (errno) { -# ifdef EINTR +#ifdef EINTR case EINTR: -# endif -# ifdef EAGAIN +#endif +#ifdef EAGAIN case EAGAIN: -# endif -# ifdef EINPROGRESS +#endif +#ifdef EINPROGRESS case EINPROGRESS: -# endif -# ifdef EALREADY +#endif +#ifdef EALREADY case EALREADY: -# endif +#endif /* No error, try again */ break; default: -# if defined(OPENSSL_SYS_TANDEM) +#if defined(OPENSSL_SYS_TANDEM) if (hpns_connect_attempt == 0) { /* try the other kind of AF_UNIX socket */ close(fd); @@ -164,15 +164,23 @@ if (fd == -1) return -1; ++hpns_connect_attempt; - break; /* try the connect again */ + break; /* try the connect again */ } -# endif +#endif ret = -1; goto err; } } + /* Create stream only after a successful connect to avoid stale FILE* on fd swap. */ + fp = fdopen(fd, "r+"); + if (fp == NULL) { + close(fd); + return -1; + } + setbuf(fp, NULL); + /* Make request, see how many bytes we can get back. */ tempbuf[0] = 1; tempbuf[1] = bytes; @@ -182,6 +190,9 @@ goto err; numbytes = tempbuf[0]; + if (numbytes <= 0 || numbytes > bytes || numbytes > (int)sizeof(tempbuf)) + goto err; + /* Which buffer are we using? */ mybuffer = buf == NULL; if (mybuffer) @@ -195,9 +206,11 @@ if (mybuffer) RAND_add(tempbuf, i, i); - err: +err: if (fp != NULL) fclose(fp); + else if (fd != -1) + close(fd); return ret; } --- crypto/openssl/crypto/rand/rand_err.c.orig +++ crypto/openssl/crypto/rand/rand_err.c @@ -15,84 +15,84 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA RAND_str_reasons[] = { - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG), - "additional input too long"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED), - "already instantiated"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE), - "argument out of range"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED), - "drbg already initialized"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED), - "drbg not initialised"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG), - "entropy input too long"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE), - "entropy out of range"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED), - "error entropy pool was ignored"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG), - "error initialising drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG), - "error instantiating drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT), - "error retrieving additional input"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY), - "error retrieving entropy"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE), - "error retrieving nonce"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK), - "failed to create lock"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED), - "Function not implemented"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INSUFFICIENT_DRBG_STRENGTH), - "insufficient drbg strength"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE), - "Not a regular file"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED), - "no drbg implementation selected"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED), - "parent locking not enabled"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK), - "parent strength too weak"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG), - "personalisation string too long"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED), - "prediction resistance not supported"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW), - "random pool overflow"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW), - "random pool underflow"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG), - "request too large for drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED), - "too little nonce requested"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED), - "too much nonce requested"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_CREATE_DRBG), - "unable to create drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_FETCH_DRBG), - "unable to fetch drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER), - "unable to get parent reseed prop counter"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_STRENGTH), - "unable to get parent strength"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_LOCK_PARENT), - "unable to lock parent"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS), - "unsupported drbg flags"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE), - "unsupported drbg type"}, - {0, NULL} + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG), + "additional input too long" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED), + "already instantiated" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE), + "argument out of range" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED), + "drbg already initialized" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED), + "drbg not initialised" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG), + "entropy input too long" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE), + "entropy out of range" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED), + "error entropy pool was ignored" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG), + "error initialising drbg" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG), + "error instantiating drbg" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT), + "error retrieving additional input" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY), + "error retrieving entropy" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE), + "error retrieving nonce" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK), + "failed to create lock" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED), + "Function not implemented" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INSUFFICIENT_DRBG_STRENGTH), + "insufficient drbg strength" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE), + "Not a regular file" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED), + "no drbg implementation selected" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED), + "parent locking not enabled" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK), + "parent strength too weak" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG), + "personalisation string too long" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED), + "prediction resistance not supported" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW), + "random pool overflow" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW), + "random pool underflow" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG), + "request too large for drbg" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED), + "too little nonce requested" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED), + "too much nonce requested" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_CREATE_DRBG), + "unable to create drbg" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_FETCH_DRBG), + "unable to fetch drbg" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER), + "unable to get parent reseed prop counter" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_STRENGTH), + "unable to get parent strength" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_LOCK_PARENT), + "unable to lock parent" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS), + "unsupported drbg flags" }, + { ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE), + "unsupported drbg type" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/rand/rand_lib.c.orig +++ crypto/openssl/crypto/rand/rand_lib.c @@ -20,42 +20,42 @@ #include "rand_local.h" #ifndef FIPS_MODULE -# include -# include -# include -# include -# include -# include -# include "crypto/rand_pool.h" -# include "prov/seeding.h" -# include "e_os.h" - -# ifndef OPENSSL_NO_ENGINE +#include +#include +#include +#include +#include +#include +#include "crypto/rand_pool.h" +#include "prov/seeding.h" +#include "e_os.h" + +#ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref; static CRYPTO_RWLOCK *rand_engine_lock; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 static CRYPTO_RWLOCK *rand_meth_lock; static const RAND_METHOD *default_RAND_meth; -# endif +#endif static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; static int rand_inited = 0; DEFINE_RUN_ONCE_STATIC(do_rand_init) { -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE rand_engine_lock = CRYPTO_THREAD_lock_new(); if (rand_engine_lock == NULL) return 0; -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 rand_meth_lock = CRYPTO_THREAD_lock_new(); if (rand_meth_lock == NULL) goto err; -# endif +#endif if (!ossl_rand_pool_init()) goto err; @@ -63,21 +63,21 @@ rand_inited = 1; return 1; - err: -# ifndef OPENSSL_NO_DEPRECATED_3_0 +err: +#ifndef OPENSSL_NO_DEPRECATED_3_0 CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); rand_engine_lock = NULL; -# endif +#endif return 0; } void ossl_rand_cleanup_int(void) { -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = default_RAND_meth; if (!rand_inited) @@ -86,16 +86,16 @@ if (meth != NULL && meth->cleanup != NULL) meth->cleanup(); RAND_set_rand_method(NULL); -# endif +#endif ossl_rand_pool_cleanup(); -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); rand_engine_lock = NULL; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; -# endif +#endif ossl_release_default_drbg_ctx(); rand_inited = 0; } @@ -122,7 +122,7 @@ { static const char salt[] = "polling"; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); int ret = meth == RAND_OpenSSL(); @@ -132,8 +132,8 @@ if (!ret) { /* fill random pool and seed the current legacy RNG */ RAND_POOL *pool = ossl_rand_pool_new(RAND_DRBG_STRENGTH, 1, - (RAND_DRBG_STRENGTH + 7) / 8, - RAND_POOL_MAX_LENGTH); + (RAND_DRBG_STRENGTH + 7) / 8, + RAND_POOL_MAX_LENGTH); if (pool == NULL) return 0; @@ -143,34 +143,35 @@ if (meth->add == NULL || meth->add(ossl_rand_pool_buffer(pool), - ossl_rand_pool_length(pool), - (ossl_rand_pool_entropy(pool) / 8.0)) == 0) + ossl_rand_pool_length(pool), + (ossl_rand_pool_entropy(pool) / 8.0)) + == 0) goto err; ret = 1; - err: + err: ossl_rand_pool_free(pool); return ret; } -# endif +#endif RAND_seed(salt, sizeof(salt)); return 1; } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 static int rand_set_rand_method_internal(const RAND_METHOD *meth, - ossl_unused ENGINE *e) + ossl_unused ENGINE *e) { if (!RUN_ONCE(&rand_init, do_rand_init)) return 0; if (!CRYPTO_THREAD_write_lock(rand_meth_lock)) return 0; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE ENGINE_finish(funct_ref); funct_ref = e; -# endif +#endif default_RAND_meth = meth; CRYPTO_THREAD_unlock(rand_meth_lock); return 1; @@ -191,28 +192,28 @@ if (!CRYPTO_THREAD_write_lock(rand_meth_lock)) return NULL; if (default_RAND_meth == NULL) { -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE ENGINE *e; /* If we have an engine that can do RAND, use it. */ if ((e = ENGINE_get_default_RAND()) != NULL - && (tmp_meth = ENGINE_get_RAND(e)) != NULL) { + && (tmp_meth = ENGINE_get_RAND(e)) != NULL) { funct_ref = e; default_RAND_meth = tmp_meth; } else { ENGINE_finish(e); default_RAND_meth = &ossl_rand_meth; } -# else +#else default_RAND_meth = &ossl_rand_meth; -# endif +#endif } tmp_meth = default_RAND_meth; CRYPTO_THREAD_unlock(rand_meth_lock); return tmp_meth; } -# if !defined(OPENSSL_NO_ENGINE) +#if !defined(OPENSSL_NO_ENGINE) int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -239,20 +240,20 @@ CRYPTO_THREAD_unlock(rand_engine_lock); return 1; } -# endif -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ void RAND_seed(const void *buf, int num) { EVP_RAND_CTX *drbg; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth->seed != NULL) { meth->seed(buf, num); return; } -# endif +#endif drbg = RAND_get0_primary(NULL); if (drbg != NULL && num > 0) @@ -262,26 +263,26 @@ void RAND_add(const void *buf, int num, double randomness) { EVP_RAND_CTX *drbg; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth->add != NULL) { meth->add(buf, num, randomness); return; } -# endif +#endif drbg = RAND_get0_primary(NULL); if (drbg != NULL && num > 0) -# ifdef OPENSSL_RAND_SEED_NONE +#ifdef OPENSSL_RAND_SEED_NONE /* Without an entropy source, we have to rely on the user */ EVP_RAND_reseed(drbg, 0, buf, num, NULL, 0); -# else +#else /* With an entropy source, we downgrade this to additional input */ EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); -# endif +#endif } -# if !defined(OPENSSL_NO_DEPRECATED_1_1_0) +#if !defined(OPENSSL_NO_DEPRECATED_1_1_0) int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); @@ -291,30 +292,30 @@ ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } -# endif +#endif int RAND_status(void) { EVP_RAND_CTX *rand; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) return meth->status != NULL ? meth->status() : 0; -# endif +#endif if ((rand = RAND_get0_primary(NULL)) == NULL) return 0; return EVP_RAND_get_state(rand) == EVP_RAND_STATE_READY; } -# else /* !FIPS_MODULE */ +#else /* !FIPS_MODULE */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *RAND_get_rand_method(void) { return NULL; } -# endif +#endif #endif /* !FIPS_MODULE */ /* @@ -323,7 +324,7 @@ * sure we're instantiated and use the private DRBG. */ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, - unsigned int strength) + unsigned int strength) { EVP_RAND_CTX *rand; #if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE) @@ -352,7 +353,7 @@ } int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, - unsigned int strength) + unsigned int strength) { EVP_RAND_CTX *rand; #if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE) @@ -453,7 +454,7 @@ * We need to ensure that base libcrypto thread handling has been * initialised. */ - OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL); #endif dgbl->lock = CRYPTO_THREAD_lock_new(); @@ -468,9 +469,9 @@ return dgbl; - err2: +err2: CRYPTO_THREAD_cleanup_local(&dgbl->private); - err1: +err1: CRYPTO_THREAD_lock_free(dgbl->lock); OPENSSL_free(dgbl); return NULL; @@ -507,7 +508,7 @@ static RAND_GLOBAL *rand_get_global(OSSL_LIB_CTX *libctx) { return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DRBG_INDEX, - &rand_drbg_ossl_ctx_method); + &rand_drbg_ossl_ctx_method); } static void rand_delete_thread_state(void *arg) @@ -560,8 +561,8 @@ #endif static EVP_RAND_CTX *rand_new_drbg(OSSL_LIB_CTX *libctx, EVP_RAND_CTX *parent, - unsigned int reseed_interval, - time_t reseed_time_interval) + unsigned int reseed_interval, + time_t reseed_time_interval) { EVP_RAND *rand; RAND_GLOBAL *dgbl = rand_get_global(libctx); @@ -590,18 +591,18 @@ */ cipher = dgbl->rng_cipher != NULL ? dgbl->rng_cipher : "AES-256-CTR"; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, - cipher, 0); + cipher, 0); if (dgbl->rng_digest != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST, - dgbl->rng_digest, 0); + dgbl->rng_digest, 0); if (dgbl->rng_propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, - dgbl->rng_propq, 0); + dgbl->rng_propq, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_MAC, "HMAC", 0); *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, - &reseed_interval); + &reseed_interval); *p++ = OSSL_PARAM_construct_time_t(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, - &reseed_time_interval); + &reseed_time_interval); *p = OSSL_PARAM_construct_end(); if (!EVP_RAND_instantiate(ctx, 0, 0, NULL, 0, params)) { ERR_raise(ERR_LIB_RAND, RAND_R_ERROR_INSTANTIATING_DRBG); @@ -651,12 +652,12 @@ #endif ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed, - PRIMARY_RESEED_INTERVAL, - PRIMARY_RESEED_TIME_INTERVAL); + PRIMARY_RESEED_INTERVAL, + PRIMARY_RESEED_TIME_INTERVAL); /* - * The primary DRBG may be shared between multiple threads so we must - * enable locking. - */ + * The primary DRBG may be shared between multiple threads so we must + * enable locking. + */ if (ret != NULL && !EVP_RAND_enable_locking(ret)) { ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_ENABLE_LOCKING); EVP_RAND_CTX_free(ret); @@ -691,10 +692,10 @@ * used this thread. */ if (CRYPTO_THREAD_get_local(&dgbl->private) == NULL - && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) + && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) return NULL; rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL, - SECONDARY_RESEED_TIME_INTERVAL); + SECONDARY_RESEED_TIME_INTERVAL); CRYPTO_THREAD_set_local(&dgbl->public, rand); } return rand; @@ -724,10 +725,10 @@ * used this thread. */ if (CRYPTO_THREAD_get_local(&dgbl->public) == NULL - && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) + && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) return NULL; rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL, - SECONDARY_RESEED_TIME_INTERVAL); + SECONDARY_RESEED_TIME_INTERVAL); CRYPTO_THREAD_set_local(&dgbl->private, rand); } return rand; @@ -761,7 +762,7 @@ int i, r = 1; OSSL_TRACE1(CONF, "Loading random module: section %s\n", - CONF_imodule_get_value(md)); + CONF_imodule_get_value(md)); /* Value is a section containing RANDOM configuration */ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); @@ -795,15 +796,14 @@ return 0; } else { ERR_raise_data(ERR_LIB_CRYPTO, - CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION, - "name=%s, value=%s", cval->name, cval->value); + CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION, + "name=%s, value=%s", cval->name, cval->value); r = 0; } } return r; } - static void random_conf_deinit(CONF_IMODULE *md) { OSSL_TRACE(CONF, "Cleaned up random\n"); @@ -816,14 +816,14 @@ } int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq, - const char *cipher, const char *digest) + const char *cipher, const char *digest) { RAND_GLOBAL *dgbl = rand_get_global(ctx); if (dgbl == NULL) return 0; if (dgbl->primary != NULL) { - ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED); + ERR_raise(ERR_LIB_RAND, RAND_R_ALREADY_INSTANTIATED); return 0; } return random_set_string(&dgbl->rng_name, drbg) @@ -833,14 +833,14 @@ } int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed, - const char *propq) + const char *propq) { RAND_GLOBAL *dgbl = rand_get_global(ctx); if (dgbl == NULL) return 0; if (dgbl->primary != NULL) { - ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED); + ERR_raise(ERR_LIB_RAND, RAND_R_ALREADY_INSTANTIATED); return 0; } return random_set_string(&dgbl->seed_name, seed) --- crypto/openssl/crypto/rand/rand_local.h.orig +++ crypto/openssl/crypto/rand/rand_local.h @@ -8,26 +8,26 @@ */ #ifndef OSSL_CRYPTO_RAND_LOCAL_H -# define OSSL_CRYPTO_RAND_LOCAL_H +#define OSSL_CRYPTO_RAND_LOCAL_H -# include -# include -# include -# include -# include -# include -# include "internal/tsan_assist.h" -# include "crypto/rand.h" +#include +#include +#include +#include +#include +#include +#include "internal/tsan_assist.h" +#include "crypto/rand.h" /* Default reseed intervals */ -# define PRIMARY_RESEED_INTERVAL (1 << 8) -# define SECONDARY_RESEED_INTERVAL (1 << 16) -# define PRIMARY_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */ -# define SECONDARY_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */ +#define PRIMARY_RESEED_INTERVAL (1 << 8) +#define SECONDARY_RESEED_INTERVAL (1 << 16) +#define PRIMARY_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */ +#define SECONDARY_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */ -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE /* The global RAND method, and the global buffer and DRBG instance. */ extern RAND_METHOD ossl_rand_meth; -# endif +#endif #endif --- crypto/openssl/crypto/rand/rand_meth.c.orig +++ crypto/openssl/crypto/rand/rand_meth.c @@ -36,7 +36,7 @@ if (drbg == NULL) return 0; - return EVP_RAND_get_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0; + return EVP_RAND_get_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0; } /* Implements the default OpenSSL RAND_bytes() method */ --- crypto/openssl/crypto/rand/rand_pool.c.orig +++ crypto/openssl/crypto/rand/rand_pool.c @@ -20,7 +20,7 @@ * Allocate memory and initialize a new random pool */ RAND_POOL *ossl_rand_pool_new(int entropy_requested, int secure, - size_t min_len, size_t max_len) + size_t min_len, size_t max_len) { RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); @@ -31,8 +31,7 @@ } pool->min_len = min_len; - pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? - RAND_POOL_MAX_LENGTH : max_len; + pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? RAND_POOL_MAX_LENGTH : max_len; pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len; if (pool->alloc_len > pool->max_len) pool->alloc_len = pool->max_len; @@ -63,7 +62,7 @@ * provided by RAND_add() and RAND_seed() into the DRBG. */ RAND_POOL *ossl_rand_pool_attach(const unsigned char *buffer, size_t len, - size_t entropy) + size_t entropy) { RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); @@ -77,7 +76,7 @@ * modified (in contrary to allocated buffers which are zeroed and * freed in the end). */ - pool->buffer = (unsigned char *) buffer; + pool->buffer = (unsigned char *)buffer; pool->len = len; pool->attached = 1; @@ -168,7 +167,6 @@ #define ENTROPY_TO_BYTES(bits, entropy_factor) \ (((bits) * (entropy_factor) + 7) / 8) - /* * Checks whether the |pool|'s entropy is available to the caller. * This is the case when entropy count and buffer length are high enough. @@ -261,8 +259,7 @@ return 0; } - if (pool->len < pool->min_len && - bytes_needed < pool->min_len - pool->len) + if (pool->len < pool->min_len && bytes_needed < pool->min_len - pool->len) /* to meet the min_len requirement */ bytes_needed = pool->min_len - pool->len; @@ -303,7 +300,7 @@ * Returns 1 if the added amount is adequate, otherwise 0 */ int ossl_rand_pool_add(RAND_POOL *pool, - const unsigned char *buffer, size_t len, size_t entropy) + const unsigned char *buffer, size_t len, size_t entropy) { if (len > pool->max_len - pool->len) { ERR_raise(ERR_LIB_RAND, RAND_R_ENTROPY_INPUT_TOO_LONG); --- crypto/openssl/crypto/rand/randfile.c.orig +++ crypto/openssl/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,13 +7,13 @@ * https://www.openssl.org/source/license.html */ -#if defined (__TANDEM) && defined (_SPT_MODEL_) +#if defined(__TANDEM) && defined(_SPT_MODEL_) /* * These definitions have to come first in SPT due to scoping of the * declarations in c99 associated with SPT use of stat. */ -# include -# include +#include +#include #endif #include "e_os.h" @@ -29,22 +29,22 @@ #include #ifdef OPENSSL_SYS_VMS -# include +#include #endif #include #ifndef OPENSSL_NO_POSIX_IO -# include -# include -# if defined(_WIN32) && !defined(_WIN32_WCE) -# include -# include -# define stat _stat -# define chmod _chmod -# define open _open -# define fdopen _fdopen -# define fstat _fstat -# define fileno _fileno -# endif +#include +#include +#if defined(_WIN32) && !defined(_WIN32_WCE) +#include +#include +#define stat _stat +#define chmod _chmod +#define open _open +#define fdopen _fdopen +#define fstat _fstat +#define fileno _fileno +#endif #endif /* @@ -54,9 +54,9 @@ * would look like ((m) & MASK == TYPE), but since MASK availability * is as questionable, we settle for this poor-man fallback... */ -# if !defined(S_ISREG) -# define S_ISREG(m) ((m) & S_IFREG) -# endif +#if !defined(S_ISREG) +#define S_ISREG(m) ((m) & S_IFREG) +#endif #define RAND_BUF_SIZE 1024 #define RFILE ".rnd" @@ -70,11 +70,10 @@ * This declaration is a nasty hack to get around vms' extension to fopen for * passing in sharing options being disabled by /STANDARD=ANSI89 */ -static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = - (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; -# define VMS_OPEN_ATTRS \ - "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" -# define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) +static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; +#define VMS_OPEN_ATTRS \ + "shr=get,put,upd,del", "ctx=bin,stm", "rfm=stm", "rat=none", "mrs=0" +#define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) #endif /* @@ -105,14 +104,14 @@ if ((in = openssl_fopen(file, "rb")) == NULL) { ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, - "Filename=%s", file); + "Filename=%s", file); return -1; } #ifndef OPENSSL_NO_POSIX_IO if (fstat(fileno(in), &sb) < 0) { ERR_raise_data(ERR_LIB_RAND, RAND_R_INTERNAL_ERROR, - "Filename=%s", file); + "Filename=%s", file); fclose(in); return -1; } @@ -132,8 +131,8 @@ * temporarily. */ #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment save -# pragma message disable maylosedata2 +#pragma environment save +#pragma message disable maylosedata2 #endif /* * Don't buffer, because even if |file| is regular file, we have @@ -142,17 +141,17 @@ */ setbuf(in, NULL); #if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment restore +#pragma environment restore #endif - for ( ; ; ) { + for (;;) { if (bytes > 0) n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; else n = RAND_LOAD_BUF_SIZE; i = fread(buf, 1, n, in); #ifdef EINTR - if (ferror(in) && errno == EINTR){ + if (ferror(in) && errno == EINTR) { clearerr(in); if (i == 0) continue; @@ -167,6 +166,10 @@ /* If given a bytecount, and we did it, break. */ if (bytes > 0 && (bytes -= i) <= 0) break; + + /* We can hit a signed integer overflow on the next iteration */ + if (ret > INT_MAX - RAND_LOAD_BUF_SIZE) + break; } OPENSSL_cleanse(buf, sizeof(buf)); @@ -189,21 +192,20 @@ if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) { ERR_raise_data(ERR_LIB_RAND, RAND_R_NOT_A_REGULAR_FILE, - "Filename=%s", file); + "Filename=%s", file); return -1; } #endif /* Collect enough random data. */ if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1) - return -1; + return -1; -#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ - !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) +#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) { -# ifndef O_BINARY -# define O_BINARY 0 -# endif +#ifndef O_BINARY +#define O_BINARY 0 +#endif /* * chmod(..., 0600) is too late to protect the file, permissions * should be restrictive from the start @@ -215,7 +217,7 @@ if (out == NULL) { close(fd); ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, - "Filename=%s", file); + "Filename=%s", file); return -1; } } @@ -247,7 +249,7 @@ out = openssl_fopen(file, "wb"); if (out == NULL) { ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, - "Filename=%s", file); + "Filename=%s", file); return -1; } @@ -278,8 +280,9 @@ if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) { use_randfile = 0; if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0 - && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE", - NULL, 0)) == 0) + && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE", + NULL, 0)) + == 0) envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0); } @@ -289,11 +292,13 @@ WCHAR *val = _alloca(envlen * sizeof(WCHAR)); if (GetEnvironmentVariableW(var, val, envlen) < envlen - && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, - NULL, NULL)) != 0) { + && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, + NULL, NULL)) + != 0) { s = _alloca(sz); if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, - NULL, NULL) == 0) + NULL, NULL) + == 0) s = NULL; } } --- crypto/openssl/crypto/rc2/rc2_cbc.c.orig +++ crypto/openssl/crypto/rc2/rc2_cbc.c @@ -17,7 +17,7 @@ #include "rc2_local.h" void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - RC2_KEY *ks, unsigned char *iv, int encrypt) + RC2_KEY *ks, unsigned char *iv, int encrypt) { register unsigned long tin0, tin1; register unsigned long tout0, tout1, xor0, xor1; @@ -99,11 +99,11 @@ unsigned long l; l = d[0]; - x0 = (RC2_INT) l & 0xffff; - x1 = (RC2_INT) (l >> 16L); + x0 = (RC2_INT)l & 0xffff; + x1 = (RC2_INT)(l >> 16L); l = d[1]; - x2 = (RC2_INT) l & 0xffff; - x3 = (RC2_INT) (l >> 16L); + x2 = (RC2_INT)l & 0xffff; + x3 = (RC2_INT)(l >> 16L); n = 3; i = 5; @@ -131,10 +131,8 @@ } } - d[0] = - (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); - d[1] = - (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); + d[0] = (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); + d[1] = (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); } void RC2_decrypt(unsigned long *d, RC2_KEY *key) @@ -145,11 +143,11 @@ unsigned long l; l = d[0]; - x0 = (RC2_INT) l & 0xffff; - x1 = (RC2_INT) (l >> 16L); + x0 = (RC2_INT)l & 0xffff; + x1 = (RC2_INT)(l >> 16L); l = d[1]; - x2 = (RC2_INT) l & 0xffff; - x3 = (RC2_INT) (l >> 16L); + x2 = (RC2_INT)l & 0xffff; + x3 = (RC2_INT)(l >> 16L); n = 3; i = 5; @@ -178,8 +176,6 @@ } } - d[0] = - (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); - d[1] = - (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); + d[0] = (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); + d[1] = (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); } --- crypto/openssl/crypto/rc2/rc2_ecb.c.orig +++ crypto/openssl/crypto/rc2/rc2_ecb.c @@ -26,7 +26,7 @@ */ void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks, - int encrypt) + int encrypt) { unsigned long l, d[2]; --- crypto/openssl/crypto/rc2/rc2_local.h.orig +++ crypto/openssl/crypto/rc2/rc2_local.h @@ -8,127 +8,163 @@ */ #undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) +#define c2l(c, l) (l = ((unsigned long)(*((c)++))), \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 24L) /* NOTE - c is not incremented as per c2l */ #undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } +#define c2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))) << 24L; \ + /* fall thru */ \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 16L; \ + /* fall thru */ \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 8L; \ + /* fall thru */ \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))) << 24L; \ + /* fall thru */ \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 16L; \ + /* fall thru */ \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 8L; \ + /* fall thru */ \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))); \ + } \ + } #undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +#define l2c(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24L) & 0xff)) /* NOTE - c is not incremented as per l2c */ #undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } +#define l2cn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2) >> 24L) & 0xff); \ + /* fall thru */ \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 16L) & 0xff); \ + /* fall thru */ \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 8L) & 0xff); \ + /* fall thru */ \ + case 5: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + /* fall thru */ \ + case 4: \ + *(--(c)) = (unsigned char)(((l1) >> 24L) & 0xff); \ + /* fall thru */ \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 16L) & 0xff); \ + /* fall thru */ \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 8L) & 0xff); \ + /* fall thru */ \ + case 1: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + } \ + } /* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } +#define n2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))) << 24; \ + /* fall thru */ \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))) << 24; \ + } \ + } /* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } +#define l2nn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + /* fall thru */ \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 8) & 0xff); \ + /* fall thru */ \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 16) & 0xff); \ + /* fall thru */ \ + case 5: \ + *(--(c)) = (unsigned char)(((l2) >> 24) & 0xff); \ + /* fall thru */ \ + case 4: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + /* fall thru */ \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 8) & 0xff); \ + /* fall thru */ \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 16) & 0xff); \ + /* fall thru */ \ + case 1: \ + *(--(c)) = (unsigned char)(((l1) >> 24) & 0xff); \ + } \ + } #undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) +#define n2l(c, l) (l = ((unsigned long)(*((c)++))) << 24L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++)))) #undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) -#define C_RC2(n) \ - t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \ - x0=(t<<1)|(t>>15); \ - t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \ - x1=(t<<2)|(t>>14); \ - t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \ - x2=(t<<3)|(t>>13); \ - t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \ - x3=(t<<5)|(t>>11); +#define C_RC2(n) \ + t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff; \ + x0 = (t << 1) | (t >> 15); \ + t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff; \ + x1 = (t << 2) | (t >> 14); \ + t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff; \ + x2 = (t << 3) | (t >> 13); \ + t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff; \ + x3 = (t << 5) | (t >> 11); --- crypto/openssl/crypto/rc2/rc2_skey.c.orig +++ crypto/openssl/crypto/rc2/rc2_skey.c @@ -17,32 +17,266 @@ #include "rc2_local.h" static const unsigned char key_table[256] = { - 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, - 0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, - 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5, - 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, - 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, - 0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, - 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f, - 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, - 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, - 0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, - 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde, - 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, - 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, - 0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, - 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85, - 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, - 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, - 0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, - 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b, - 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, - 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, - 0xfe, 0x7f, 0xc1, 0xad, + 0xd9, + 0x78, + 0xf9, + 0xc4, + 0x19, + 0xdd, + 0xb5, + 0xed, + 0x28, + 0xe9, + 0xfd, + 0x79, + 0x4a, + 0xa0, + 0xd8, + 0x9d, + 0xc6, + 0x7e, + 0x37, + 0x83, + 0x2b, + 0x76, + 0x53, + 0x8e, + 0x62, + 0x4c, + 0x64, + 0x88, + 0x44, + 0x8b, + 0xfb, + 0xa2, + 0x17, + 0x9a, + 0x59, + 0xf5, + 0x87, + 0xb3, + 0x4f, + 0x13, + 0x61, + 0x45, + 0x6d, + 0x8d, + 0x09, + 0x81, + 0x7d, + 0x32, + 0xbd, + 0x8f, + 0x40, + 0xeb, + 0x86, + 0xb7, + 0x7b, + 0x0b, + 0xf0, + 0x95, + 0x21, + 0x22, + 0x5c, + 0x6b, + 0x4e, + 0x82, + 0x54, + 0xd6, + 0x65, + 0x93, + 0xce, + 0x60, + 0xb2, + 0x1c, + 0x73, + 0x56, + 0xc0, + 0x14, + 0xa7, + 0x8c, + 0xf1, + 0xdc, + 0x12, + 0x75, + 0xca, + 0x1f, + 0x3b, + 0xbe, + 0xe4, + 0xd1, + 0x42, + 0x3d, + 0xd4, + 0x30, + 0xa3, + 0x3c, + 0xb6, + 0x26, + 0x6f, + 0xbf, + 0x0e, + 0xda, + 0x46, + 0x69, + 0x07, + 0x57, + 0x27, + 0xf2, + 0x1d, + 0x9b, + 0xbc, + 0x94, + 0x43, + 0x03, + 0xf8, + 0x11, + 0xc7, + 0xf6, + 0x90, + 0xef, + 0x3e, + 0xe7, + 0x06, + 0xc3, + 0xd5, + 0x2f, + 0xc8, + 0x66, + 0x1e, + 0xd7, + 0x08, + 0xe8, + 0xea, + 0xde, + 0x80, + 0x52, + 0xee, + 0xf7, + 0x84, + 0xaa, + 0x72, + 0xac, + 0x35, + 0x4d, + 0x6a, + 0x2a, + 0x96, + 0x1a, + 0xd2, + 0x71, + 0x5a, + 0x15, + 0x49, + 0x74, + 0x4b, + 0x9f, + 0xd0, + 0x5e, + 0x04, + 0x18, + 0xa4, + 0xec, + 0xc2, + 0xe0, + 0x41, + 0x6e, + 0x0f, + 0x51, + 0xcb, + 0xcc, + 0x24, + 0x91, + 0xaf, + 0x50, + 0xa1, + 0xf4, + 0x70, + 0x39, + 0x99, + 0x7c, + 0x3a, + 0x85, + 0x23, + 0xb8, + 0xb4, + 0x7a, + 0xfc, + 0x02, + 0x36, + 0x5b, + 0x25, + 0x55, + 0x97, + 0x31, + 0x2d, + 0x5d, + 0xfa, + 0x98, + 0xe3, + 0x8a, + 0x92, + 0xae, + 0x05, + 0xdf, + 0x29, + 0x10, + 0x67, + 0x6c, + 0xba, + 0xc9, + 0xd3, + 0x00, + 0xe6, + 0xcf, + 0xe1, + 0x9e, + 0xa8, + 0x2c, + 0x63, + 0x16, + 0x01, + 0x3f, + 0x58, + 0xe2, + 0x89, + 0xa9, + 0x0d, + 0x38, + 0x34, + 0x1b, + 0xab, + 0x33, + 0xff, + 0xb0, + 0xbb, + 0x48, + 0x0c, + 0x5f, + 0xb9, + 0xb1, + 0xcd, + 0x2e, + 0xc5, + 0xf3, + 0xdb, + 0x47, + 0xe5, + 0xa5, + 0x9c, + 0x77, + 0x0a, + 0xa6, + 0x20, + 0x68, + 0xfe, + 0x7f, + 0xc1, + 0xad, }; #if defined(_MSC_VER) && defined(_ARM_) -# pragma optimize("g",off) +#pragma optimize("g", off) #endif /* @@ -60,7 +294,7 @@ unsigned int c, d; k = (unsigned char *)&(key->data[0]); - *k = 0; /* for if there is a zero length key */ + *k = 0; /* for if there is a zero length key */ if (len > 128) len = 128; @@ -100,5 +334,5 @@ } #if defined(_MSC_VER) -# pragma optimize("",on) +#pragma optimize("", on) #endif --- crypto/openssl/crypto/rc2/rc2cfb64.c.orig +++ crypto/openssl/crypto/rc2/rc2cfb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,11 +23,11 @@ */ void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC2_KEY *schedule, unsigned char *ivec, - int *num, int encrypt) + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int encrypt) { register unsigned long v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned long ti[2]; unsigned char *iv, c, cc; --- crypto/openssl/crypto/rc2/rc2ofb64.c.orig +++ crypto/openssl/crypto/rc2/rc2ofb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,11 +22,11 @@ * used is contained in *num; */ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC2_KEY *schedule, unsigned char *ivec, - int *num) + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num) { register unsigned long v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned char d[8]; register char *dp; --- crypto/openssl/crypto/rc4/rc4_enc.c.orig +++ crypto/openssl/crypto/rc4/rc4_enc.c @@ -25,7 +25,7 @@ */ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, - unsigned char *outdata) + unsigned char *outdata) { register RC4_INT *d; register RC4_INT x, y, tx, ty; @@ -35,13 +35,13 @@ y = key->y; d = key->data; -#define LOOP(in,out) \ - x=((x+1)&0xff); \ - tx=d[x]; \ - y=(tx+y)&0xff; \ - d[x]=ty=d[y]; \ - d[y]=tx; \ - (out) = d[(tx+ty)&0xff]^ (in); +#define LOOP(in, out) \ + x = ((x + 1) & 0xff); \ + tx = d[x]; \ + y = (tx + y) & 0xff; \ + d[x] = ty = d[y]; \ + d[y] = tx; \ + (out) = d[(tx + ty) & 0xff] ^ (in); i = len >> 3; if (i) { --- crypto/openssl/crypto/rc4/rc4_local.h.orig +++ crypto/openssl/crypto/rc4/rc4_local.h @@ -8,9 +8,9 @@ */ #ifndef OSSL_CRYPTO_RC4_LOCAL_H -# define OSSL_CRYPTO_RC4_LOCAL_H +#define OSSL_CRYPTO_RC4_LOCAL_H -# include -# include "internal/cryptlib.h" +#include +#include "internal/cryptlib.h" #endif --- crypto/openssl/crypto/rc4/rc4_skey.c.orig +++ crypto/openssl/crypto/rc4/rc4_skey.c @@ -45,12 +45,15 @@ key->y = 0; id1 = id2 = 0; -#define SK_LOOP(d,n) { \ - tmp=d[(n)]; \ - id2 = (data[id1] + tmp + id2) & 0xff; \ - if (++id1 == len) id1=0; \ - d[(n)]=d[id2]; \ - d[id2]=tmp; } +#define SK_LOOP(d, n) \ + { \ + tmp = d[(n)]; \ + id2 = (data[id1] + tmp + id2) & 0xff; \ + if (++id1 == len) \ + id1 = 0; \ + d[(n)] = d[id2]; \ + d[id2] = tmp; \ + } for (i = 0; i < 256; i++) d[i] = i; --- crypto/openssl/crypto/rc5/rc5_ecb.c.orig +++ crypto/openssl/crypto/rc5/rc5_ecb.c @@ -18,7 +18,7 @@ #include void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, - RC5_32_KEY *ks, int encrypt) + RC5_32_KEY *ks, int encrypt) { unsigned long l, d[2]; --- crypto/openssl/crypto/rc5/rc5_enc.c.orig +++ crypto/openssl/crypto/rc5/rc5_enc.c @@ -18,8 +18,8 @@ #include "rc5_local.h" void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *ks, unsigned char *iv, - int encrypt) + long length, RC5_32_KEY *ks, unsigned char *iv, + int encrypt) { register unsigned long tin0, tin1; register unsigned long tout0, tout1, xor0, xor1; --- crypto/openssl/crypto/rc5/rc5_local.h.orig +++ crypto/openssl/crypto/rc5/rc5_local.h @@ -10,177 +10,215 @@ #include #undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) +#define c2l(c, l) (l = ((unsigned long)(*((c)++))), \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 24L) /* NOTE - c is not incremented as per c2l */ #undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } +#define c2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))) << 24L; \ + /* fall thru */ \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 16L; \ + /* fall thru */ \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 8L; \ + /* fall thru */ \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))) << 24L; \ + /* fall thru */ \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 16L; \ + /* fall thru */ \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 8L; \ + /* fall thru */ \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))); \ + } \ + } #undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) +#define l2c(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24L) & 0xff)) /* NOTE - c is not incremented as per l2c */ #undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } +#define l2cn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2) >> 24L) & 0xff); \ + /* fall thru */ \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 16L) & 0xff); \ + /* fall thru */ \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 8L) & 0xff); \ + /* fall thru */ \ + case 5: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + /* fall thru */ \ + case 4: \ + *(--(c)) = (unsigned char)(((l1) >> 24L) & 0xff); \ + /* fall thru */ \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 16L) & 0xff); \ + /* fall thru */ \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 8L) & 0xff); \ + /* fall thru */ \ + case 1: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + } \ + } /* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } +#define n2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))) << 24; \ + /* fall thru */ \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + /* fall thru */ \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + /* fall thru */ \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))) << 24; \ + } \ + } /* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } +#define l2nn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + /* fall thru */ \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 8) & 0xff); \ + /* fall thru */ \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 16) & 0xff); \ + /* fall thru */ \ + case 5: \ + *(--(c)) = (unsigned char)(((l2) >> 24) & 0xff); \ + /* fall thru */ \ + case 4: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + /* fall thru */ \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 8) & 0xff); \ + /* fall thru */ \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 16) & 0xff); \ + /* fall thru */ \ + case 1: \ + *(--(c)) = (unsigned char)(((l1) >> 24) & 0xff); \ + } \ + } #undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) +#define n2l(c, l) (l = ((unsigned long)(*((c)++))) << 24L, \ + l |= ((unsigned long)(*((c)++))) << 16L, \ + l |= ((unsigned long)(*((c)++))) << 8L, \ + l |= ((unsigned long)(*((c)++)))) #undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16L) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8L) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) #if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) -# define ROTATE_l32(a,n) _lrotl(a,n) -# define ROTATE_r32(a,n) _lrotr(a,n) +#define ROTATE_l32(a, n) _lrotl(a, n) +#define ROTATE_r32(a, n) _lrotr(a, n) #elif defined(__ICC) -# define ROTATE_l32(a,n) _rotl(a,n) -# define ROTATE_r32(a,n) _rotr(a,n) -#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE_l32(a,n) ({ register unsigned int ret; \ - asm ("roll %%cl,%0" \ - : "=r"(ret) \ - : "c"(n),"0"((unsigned int)(a)) \ - : "cc"); \ - ret; \ - }) -# define ROTATE_r32(a,n) ({ register unsigned int ret; \ - asm ("rorl %%cl,%0" \ - : "=r"(ret) \ - : "c"(n),"0"((unsigned int)(a)) \ - : "cc"); \ - ret; \ - }) -# endif +#define ROTATE_l32(a, n) _rotl(a, n) +#define ROTATE_r32(a, n) _rotr(a, n) +#elif defined(__GNUC__) && __GNUC__ >= 2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +#define ROTATE_l32(a, n) ({ \ + register unsigned int ret; \ + asm("roll %%cl,%0" \ + : "=r"(ret) \ + : "c"(n), "0"((unsigned int)(a)) \ + : "cc"); \ + ret; \ +}) +#define ROTATE_r32(a, n) ({ \ + register unsigned int ret; \ + asm("rorl %%cl,%0" \ + : "=r"(ret) \ + : "c"(n), "0"((unsigned int)(a)) \ + : "cc"); \ + ret; \ +}) +#endif #endif #ifndef ROTATE_l32 -# define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>((32-n)&0x1f))) +#define ROTATE_l32(a, n) (((a) << (n & 0x1f)) | (((a) & 0xffffffff) >> ((32 - n) & 0x1f))) #endif #ifndef ROTATE_r32 -# define ROTATE_r32(a,n) (((a)<<((32-n)&0x1f))|(((a)&0xffffffff)>>(n&0x1f))) +#define ROTATE_r32(a, n) (((a) << ((32 - n) & 0x1f)) | (((a) & 0xffffffff) >> (n & 0x1f))) #endif -#define RC5_32_MASK 0xffffffffL +#define RC5_32_MASK 0xffffffffL -#define RC5_16_P 0xB7E1 -#define RC5_16_Q 0x9E37 -#define RC5_32_P 0xB7E15163L -#define RC5_32_Q 0x9E3779B9L -#define RC5_64_P 0xB7E151628AED2A6BLL -#define RC5_64_Q 0x9E3779B97F4A7C15LL +#define RC5_16_P 0xB7E1 +#define RC5_16_Q 0x9E37 +#define RC5_32_P 0xB7E15163L +#define RC5_32_Q 0x9E3779B9L +#define RC5_64_P 0xB7E151628AED2A6BLL +#define RC5_64_Q 0x9E3779B97F4A7C15LL -#define E_RC5_32(a,b,s,n) \ - a^=b; \ - a=ROTATE_l32(a,b); \ - a+=s[n]; \ - a&=RC5_32_MASK; \ - b^=a; \ - b=ROTATE_l32(b,a); \ - b+=s[n+1]; \ - b&=RC5_32_MASK; +#define E_RC5_32(a, b, s, n) \ + a ^= b; \ + a = ROTATE_l32(a, b); \ + a += s[n]; \ + a &= RC5_32_MASK; \ + b ^= a; \ + b = ROTATE_l32(b, a); \ + b += s[n + 1]; \ + b &= RC5_32_MASK; -#define D_RC5_32(a,b,s,n) \ - b-=s[n+1]; \ - b&=RC5_32_MASK; \ - b=ROTATE_r32(b,a); \ - b^=a; \ - a-=s[n]; \ - a&=RC5_32_MASK; \ - a=ROTATE_r32(a,b); \ - a^=b; +#define D_RC5_32(a, b, s, n) \ + b -= s[n + 1]; \ + b &= RC5_32_MASK; \ + b = ROTATE_r32(b, a); \ + b ^= a; \ + a -= s[n]; \ + a &= RC5_32_MASK; \ + a = ROTATE_r32(a, b); \ + a ^= b; --- crypto/openssl/crypto/rc5/rc5_skey.c.orig +++ crypto/openssl/crypto/rc5/rc5_skey.c @@ -17,7 +17,7 @@ #include "rc5_local.h" int RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, - int rounds) + int rounds) { RC5_32_INT L[64], l, ll, A, B, *S, k; int i, j, m, c, t, ii, jj; @@ -25,8 +25,7 @@ if (len > 255) return 0; - if ((rounds != RC5_16_ROUNDS) && - (rounds != RC5_12_ROUNDS) && (rounds != RC5_8_ROUNDS)) + if ((rounds != RC5_16_ROUNDS) && (rounds != RC5_12_ROUNDS) && (rounds != RC5_8_ROUNDS)) rounds = RC5_16_ROUNDS; key->rounds = rounds; --- crypto/openssl/crypto/rc5/rc5cfb64.c.orig +++ crypto/openssl/crypto/rc5/rc5cfb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,11 +23,11 @@ */ void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *schedule, - unsigned char *ivec, int *num, int encrypt) + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int encrypt) { register unsigned long v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned long ti[2]; unsigned char *iv, c, cc; --- crypto/openssl/crypto/rc5/rc5ofb64.c.orig +++ crypto/openssl/crypto/rc5/rc5ofb64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,11 +22,11 @@ * used is contained in *num; */ void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *schedule, - unsigned char *ivec, int *num) + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num) { register unsigned long v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned char d[8]; register char *dp; --- crypto/openssl/crypto/ripemd/rmd_dgst.c.orig +++ crypto/openssl/crypto/ripemd/rmd_dgst.c @@ -19,7 +19,7 @@ #ifdef RMD160_ASM void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num); -# define ripemd160_block ripemd160_block_x86 +#define ripemd160_block ripemd160_block_x86 #else void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); #endif @@ -36,23 +36,23 @@ } #ifndef ripemd160_block_data_order -# ifdef X -# undef X -# endif +#ifdef X +#undef X +#endif void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num) { const unsigned char *data = p; register unsigned MD32_REG_T A, B, C, D, E; unsigned MD32_REG_T a, b, c, d, e, l; -# ifndef MD32_XARRAY +#ifndef MD32_XARRAY /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# define X(i) XX##i -# else +#define X(i) XX##i +#else RIPEMD160_LONG XX[16]; -# define X(i) XX[i] -# endif +#define X(i) XX[i] +#endif for (; num--;) { @@ -282,7 +282,6 @@ ctx->D = ctx->E + a + B; ctx->E = ctx->A + b + C; ctx->A = D; - } } #endif --- crypto/openssl/crypto/ripemd/rmd_local.h.orig +++ crypto/openssl/crypto/ripemd/rmd_local.h @@ -17,71 +17,87 @@ * FOR EXPLANATIONS ON FOLLOWING "CODE." */ #ifdef RMD160_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define ripemd160_block_data_order ripemd160_block_asm_data_order -# endif +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +#define ripemd160_block_data_order ripemd160_block_asm_data_order +#endif #endif void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); #define DATA_ORDER_IS_LITTLE_ENDIAN -#define HASH_LONG RIPEMD160_LONG -#define HASH_CTX RIPEMD160_CTX -#define HASH_CBLOCK RIPEMD160_CBLOCK -#define HASH_UPDATE RIPEMD160_Update -#define HASH_TRANSFORM RIPEMD160_Transform -#define HASH_FINAL RIPEMD160_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - ll=(c)->E; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order +#define HASH_LONG RIPEMD160_LONG +#define HASH_CTX RIPEMD160_CTX +#define HASH_CBLOCK RIPEMD160_CBLOCK +#define HASH_UPDATE RIPEMD160_Update +#define HASH_TRANSFORM RIPEMD160_Transform +#define HASH_FINAL RIPEMD160_Final +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned long ll; \ + ll = (c)->A; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->B; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->C; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->D; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->E; \ + (void)HOST_l2c(ll, (s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order #include "crypto/md32_common.h" /* * Transformed F2 and F4 are courtesy of Wei Dai */ -#define F1(x,y,z) ((x) ^ (y) ^ (z)) -#define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) -#define F3(x,y,z) (((~(y)) | (x)) ^ (z)) -#define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) -#define F5(x,y,z) (((~(z)) | (y)) ^ (x)) +#define F1(x, y, z) ((x) ^ (y) ^ (z)) +#define F2(x, y, z) ((((y) ^ (z)) & (x)) ^ (z)) +#define F3(x, y, z) (((~(y)) | (x)) ^ (z)) +#define F4(x, y, z) ((((x) ^ (y)) & (z)) ^ (y)) +#define F5(x, y, z) (((~(z)) | (y)) ^ (x)) -#define RIPEMD160_A 0x67452301L -#define RIPEMD160_B 0xEFCDAB89L -#define RIPEMD160_C 0x98BADCFEL -#define RIPEMD160_D 0x10325476L -#define RIPEMD160_E 0xC3D2E1F0L +#define RIPEMD160_A 0x67452301L +#define RIPEMD160_B 0xEFCDAB89L +#define RIPEMD160_C 0x98BADCFEL +#define RIPEMD160_D 0x10325476L +#define RIPEMD160_E 0xC3D2E1F0L #include "rmdconst.h" -#define RIP1(a,b,c,d,e,w,s) { \ - a+=F1(b,c,d)+X(w); \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } +#define RIP1(a, b, c, d, e, w, s) \ + { \ + a += F1(b, c, d) + X(w); \ + a = ROTATE(a, s) + e; \ + c = ROTATE(c, 10); \ + } -#define RIP2(a,b,c,d,e,w,s,K) { \ - a+=F2(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } +#define RIP2(a, b, c, d, e, w, s, K) \ + { \ + a += F2(b, c, d) + X(w) + K; \ + a = ROTATE(a, s) + e; \ + c = ROTATE(c, 10); \ + } -#define RIP3(a,b,c,d,e,w,s,K) { \ - a+=F3(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } +#define RIP3(a, b, c, d, e, w, s, K) \ + { \ + a += F3(b, c, d) + X(w) + K; \ + a = ROTATE(a, s) + e; \ + c = ROTATE(c, 10); \ + } -#define RIP4(a,b,c,d,e,w,s,K) { \ - a+=F4(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } +#define RIP4(a, b, c, d, e, w, s, K) \ + { \ + a += F4(b, c, d) + X(w) + K; \ + a = ROTATE(a, s) + e; \ + c = ROTATE(c, 10); \ + } -#define RIP5(a,b,c,d,e,w,s,K) { \ - a+=F5(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } +#define RIP5(a, b, c, d, e, w, s, K) \ + { \ + a += F5(b, c, d) + X(w) + K; \ + a = ROTATE(a, s) + e; \ + c = ROTATE(c, 10); \ + } --- crypto/openssl/crypto/ripemd/rmdconst.h.orig +++ crypto/openssl/crypto/ripemd/rmdconst.h @@ -19,332 +19,332 @@ #define KR3 0x7A6D76E9L #define KR4 0x00000000L -#define WL00 0 +#define WL00 0 #define SL00 11 -#define WL01 1 +#define WL01 1 #define SL01 14 -#define WL02 2 +#define WL02 2 #define SL02 15 -#define WL03 3 +#define WL03 3 #define SL03 12 -#define WL04 4 -#define SL04 5 -#define WL05 5 -#define SL05 8 -#define WL06 6 -#define SL06 7 -#define WL07 7 -#define SL07 9 -#define WL08 8 +#define WL04 4 +#define SL04 5 +#define WL05 5 +#define SL05 8 +#define WL06 6 +#define SL06 7 +#define WL07 7 +#define SL07 9 +#define WL08 8 #define SL08 11 -#define WL09 9 +#define WL09 9 #define SL09 13 #define WL10 10 #define SL10 14 #define WL11 11 #define SL11 15 #define WL12 12 -#define SL12 6 +#define SL12 6 #define WL13 13 -#define SL13 7 +#define SL13 7 #define WL14 14 -#define SL14 9 +#define SL14 9 #define WL15 15 -#define SL15 8 +#define SL15 8 -#define WL16 7 -#define SL16 7 -#define WL17 4 -#define SL17 6 +#define WL16 7 +#define SL16 7 +#define WL17 4 +#define SL17 6 #define WL18 13 -#define SL18 8 -#define WL19 1 +#define SL18 8 +#define WL19 1 #define SL19 13 #define WL20 10 #define SL20 11 -#define WL21 6 -#define SL21 9 +#define WL21 6 +#define SL21 9 #define WL22 15 -#define SL22 7 -#define WL23 3 +#define SL22 7 +#define WL23 3 #define SL23 15 #define WL24 12 -#define SL24 7 -#define WL25 0 +#define SL24 7 +#define WL25 0 #define SL25 12 -#define WL26 9 +#define WL26 9 #define SL26 15 -#define WL27 5 -#define SL27 9 -#define WL28 2 +#define WL27 5 +#define SL27 9 +#define WL28 2 #define SL28 11 #define WL29 14 -#define SL29 7 +#define SL29 7 #define WL30 11 #define SL30 13 -#define WL31 8 +#define WL31 8 #define SL31 12 -#define WL32 3 +#define WL32 3 #define SL32 11 #define WL33 10 #define SL33 13 #define WL34 14 -#define SL34 6 -#define WL35 4 -#define SL35 7 -#define WL36 9 +#define SL34 6 +#define WL35 4 +#define SL35 7 +#define WL36 9 #define SL36 14 #define WL37 15 -#define SL37 9 -#define WL38 8 +#define SL37 9 +#define WL38 8 #define SL38 13 -#define WL39 1 +#define WL39 1 #define SL39 15 -#define WL40 2 +#define WL40 2 #define SL40 14 -#define WL41 7 -#define SL41 8 -#define WL42 0 +#define WL41 7 +#define SL41 8 +#define WL42 0 #define SL42 13 -#define WL43 6 -#define SL43 6 +#define WL43 6 +#define SL43 6 #define WL44 13 -#define SL44 5 +#define SL44 5 #define WL45 11 #define SL45 12 -#define WL46 5 -#define SL46 7 +#define WL46 5 +#define SL46 7 #define WL47 12 -#define SL47 5 +#define SL47 5 -#define WL48 1 +#define WL48 1 #define SL48 11 -#define WL49 9 +#define WL49 9 #define SL49 12 #define WL50 11 #define SL50 14 #define WL51 10 #define SL51 15 -#define WL52 0 +#define WL52 0 #define SL52 14 -#define WL53 8 +#define WL53 8 #define SL53 15 #define WL54 12 -#define SL54 9 -#define WL55 4 -#define SL55 8 +#define SL54 9 +#define WL55 4 +#define SL55 8 #define WL56 13 -#define SL56 9 -#define WL57 3 +#define SL56 9 +#define WL57 3 #define SL57 14 -#define WL58 7 -#define SL58 5 +#define WL58 7 +#define SL58 5 #define WL59 15 -#define SL59 6 +#define SL59 6 #define WL60 14 -#define SL60 8 -#define WL61 5 -#define SL61 6 -#define WL62 6 -#define SL62 5 -#define WL63 2 +#define SL60 8 +#define WL61 5 +#define SL61 6 +#define WL62 6 +#define SL62 5 +#define WL63 2 #define SL63 12 -#define WL64 4 -#define SL64 9 -#define WL65 0 +#define WL64 4 +#define SL64 9 +#define WL65 0 #define SL65 15 -#define WL66 5 -#define SL66 5 -#define WL67 9 +#define WL66 5 +#define SL66 5 +#define WL67 9 #define SL67 11 -#define WL68 7 -#define SL68 6 +#define WL68 7 +#define SL68 6 #define WL69 12 -#define SL69 8 -#define WL70 2 +#define SL69 8 +#define WL70 2 #define SL70 13 #define WL71 10 #define SL71 12 #define WL72 14 -#define SL72 5 -#define WL73 1 +#define SL72 5 +#define WL73 1 #define SL73 12 -#define WL74 3 +#define WL74 3 #define SL74 13 -#define WL75 8 +#define WL75 8 #define SL75 14 #define WL76 11 #define SL76 11 -#define WL77 6 -#define SL77 8 +#define WL77 6 +#define SL77 8 #define WL78 15 -#define SL78 5 +#define SL78 5 #define WL79 13 -#define SL79 6 +#define SL79 6 -#define WR00 5 -#define SR00 8 +#define WR00 5 +#define SR00 8 #define WR01 14 -#define SR01 9 -#define WR02 7 -#define SR02 9 -#define WR03 0 +#define SR01 9 +#define WR02 7 +#define SR02 9 +#define WR03 0 #define SR03 11 -#define WR04 9 +#define WR04 9 #define SR04 13 -#define WR05 2 +#define WR05 2 #define SR05 15 #define WR06 11 #define SR06 15 -#define WR07 4 -#define SR07 5 +#define WR07 4 +#define SR07 5 #define WR08 13 -#define SR08 7 -#define WR09 6 -#define SR09 7 +#define SR08 7 +#define WR09 6 +#define SR09 7 #define WR10 15 -#define SR10 8 -#define WR11 8 +#define SR10 8 +#define WR11 8 #define SR11 11 -#define WR12 1 +#define WR12 1 #define SR12 14 #define WR13 10 #define SR13 14 -#define WR14 3 +#define WR14 3 #define SR14 12 #define WR15 12 -#define SR15 6 +#define SR15 6 -#define WR16 6 -#define SR16 9 +#define WR16 6 +#define SR16 9 #define WR17 11 #define SR17 13 -#define WR18 3 +#define WR18 3 #define SR18 15 -#define WR19 7 -#define SR19 7 -#define WR20 0 +#define WR19 7 +#define SR19 7 +#define WR20 0 #define SR20 12 #define WR21 13 -#define SR21 8 -#define WR22 5 -#define SR22 9 +#define SR21 8 +#define WR22 5 +#define SR22 9 #define WR23 10 #define SR23 11 #define WR24 14 -#define SR24 7 +#define SR24 7 #define WR25 15 -#define SR25 7 -#define WR26 8 +#define SR25 7 +#define WR26 8 #define SR26 12 #define WR27 12 -#define SR27 7 -#define WR28 4 -#define SR28 6 -#define WR29 9 +#define SR27 7 +#define WR28 4 +#define SR28 6 +#define WR29 9 #define SR29 15 -#define WR30 1 +#define WR30 1 #define SR30 13 -#define WR31 2 +#define WR31 2 #define SR31 11 #define WR32 15 -#define SR32 9 -#define WR33 5 -#define SR33 7 -#define WR34 1 +#define SR32 9 +#define WR33 5 +#define SR33 7 +#define WR34 1 #define SR34 15 -#define WR35 3 +#define WR35 3 #define SR35 11 -#define WR36 7 -#define SR36 8 +#define WR36 7 +#define SR36 8 #define WR37 14 -#define SR37 6 -#define WR38 6 -#define SR38 6 -#define WR39 9 +#define SR37 6 +#define WR38 6 +#define SR38 6 +#define WR39 9 #define SR39 14 #define WR40 11 #define SR40 12 -#define WR41 8 +#define WR41 8 #define SR41 13 #define WR42 12 -#define SR42 5 -#define WR43 2 +#define SR42 5 +#define WR43 2 #define SR43 14 #define WR44 10 #define SR44 13 -#define WR45 0 +#define WR45 0 #define SR45 13 -#define WR46 4 -#define SR46 7 +#define WR46 4 +#define SR46 7 #define WR47 13 -#define SR47 5 +#define SR47 5 -#define WR48 8 +#define WR48 8 #define SR48 15 -#define WR49 6 -#define SR49 5 -#define WR50 4 -#define SR50 8 -#define WR51 1 +#define WR49 6 +#define SR49 5 +#define WR50 4 +#define SR50 8 +#define WR51 1 #define SR51 11 -#define WR52 3 +#define WR52 3 #define SR52 14 #define WR53 11 #define SR53 14 #define WR54 15 -#define SR54 6 -#define WR55 0 +#define SR54 6 +#define WR55 0 #define SR55 14 -#define WR56 5 -#define SR56 6 +#define WR56 5 +#define SR56 6 #define WR57 12 -#define SR57 9 -#define WR58 2 +#define SR57 9 +#define WR58 2 #define SR58 12 #define WR59 13 -#define SR59 9 -#define WR60 9 +#define SR59 9 +#define WR60 9 #define SR60 12 -#define WR61 7 -#define SR61 5 +#define WR61 7 +#define SR61 5 #define WR62 10 #define SR62 15 #define WR63 14 -#define SR63 8 +#define SR63 8 #define WR64 12 -#define SR64 8 +#define SR64 8 #define WR65 15 -#define SR65 5 +#define SR65 5 #define WR66 10 #define SR66 12 -#define WR67 4 -#define SR67 9 -#define WR68 1 +#define WR67 4 +#define SR67 9 +#define WR68 1 #define SR68 12 -#define WR69 5 -#define SR69 5 -#define WR70 8 +#define WR69 5 +#define SR69 5 +#define WR70 8 #define SR70 14 -#define WR71 7 -#define SR71 6 -#define WR72 6 -#define SR72 8 -#define WR73 2 +#define WR71 7 +#define SR71 6 +#define WR72 6 +#define SR72 8 +#define WR73 2 #define SR73 13 #define WR74 13 -#define SR74 6 +#define SR74 6 #define WR75 14 -#define SR75 5 -#define WR76 0 +#define SR75 5 +#define WR76 0 #define SR76 15 -#define WR77 3 +#define WR77 3 #define SR77 13 -#define WR78 9 +#define WR78 9 #define SR78 11 #define WR79 11 #define SR79 11 --- crypto/openssl/crypto/rsa/rsa_acvp_test_params.c.orig +++ crypto/openssl/crypto/rsa/rsa_acvp_test_params.c @@ -92,22 +92,22 @@ /* Set the input parameters */ if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP1)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xp1)) + && !OSSL_PARAM_get_BN(p, &t->Xp1)) goto err; if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP2)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xp2)) + && !OSSL_PARAM_get_BN(p, &t->Xp2)) goto err; if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xp)) + && !OSSL_PARAM_get_BN(p, &t->Xp)) goto err; if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ1)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xq1)) + && !OSSL_PARAM_get_BN(p, &t->Xq1)) goto err; if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ2)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xq2)) + && !OSSL_PARAM_get_BN(p, &t->Xq2)) goto err; if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xq)) + && !OSSL_PARAM_get_BN(p, &t->Xq)) goto err; /* Setup the output parameters */ @@ -133,17 +133,17 @@ t = r->acvp_test; if (t != NULL) { if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_P1)) != NULL - && !OSSL_PARAM_set_BN(p, t->p1)) - return 0; + && !OSSL_PARAM_set_BN(p, t->p1)) + return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_P2)) != NULL - && !OSSL_PARAM_set_BN(p, t->p2)) - return 0; + && !OSSL_PARAM_set_BN(p, t->p2)) + return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_Q1)) != NULL - && !OSSL_PARAM_set_BN(p, t->q1)) - return 0; + && !OSSL_PARAM_set_BN(p, t->q1)) + return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_Q2)) != NULL - && !OSSL_PARAM_set_BN(p, t->q2)) - return 0; + && !OSSL_PARAM_set_BN(p, t->q2)) + return 0; } return 1; } @@ -164,4 +164,3 @@ OPENSSL_free(t); } } - --- crypto/openssl/crypto/rsa/rsa_ameth.c.orig +++ crypto/openssl/crypto/rsa/rsa_ameth.c @@ -27,7 +27,7 @@ /* Set any parameters associated with pkey */ static int rsa_param_encode(const EVP_PKEY *pkey, - ASN1_STRING **pstr, int *pstrtype) + ASN1_STRING **pstr, int *pstrtype) { const RSA *rsa = pkey->pkey.rsa; @@ -65,7 +65,7 @@ return 0; } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - strtype, str, penc, penclen)) + strtype, str, penc, penclen)) return 1; OPENSSL_free(penc); @@ -116,7 +116,7 @@ * cards. */ if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) - || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) { + || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) { return 1; } @@ -127,7 +127,7 @@ } static int old_rsa_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) + const unsigned char **pder, int derlen) { RSA *rsa; @@ -160,7 +160,7 @@ } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, - strtype, str, rk, rklen)) { + strtype, str, rk, rklen)) { ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); ASN1_STRING_free(str); OPENSSL_clear_free(rk, rklen); @@ -203,7 +203,7 @@ } static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss, - int indent) + int indent) { int rv = 0; X509_ALGOR *maskHash = NULL; @@ -220,7 +220,7 @@ return 0; } } else if (pss == NULL) { - if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0) + if (BIO_puts(bp, "(INVALID PSS PARAMETERS)\n") <= 0) return 0; return 1; } @@ -291,10 +291,9 @@ rv = 1; - err: +err: X509_ALGOR_free(maskHash); return rv; - } static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv) @@ -311,12 +310,13 @@ if (!BIO_indent(bp, off, 128)) goto err; - if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ? "RSA-PSS" : "RSA") <= 0) + if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ? "RSA-PSS" : "RSA") <= 0) goto err; if (priv && x->d) { if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n", - mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0) + mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) + <= 0) goto err; str = "modulus:"; s = "publicExponent:"; @@ -382,24 +382,24 @@ if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off)) goto err; ret = 1; - err: +err: return ret; } static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return pkey_rsa_print(bp, pkey, indent, 0); } static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) + ASN1_PCTX *ctx) { return pkey_rsa_print(bp, pkey, indent, 1); } static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) + const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) { if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) { int rv; @@ -427,7 +427,7 @@ case ASN1_PKEY_CTRL_DEFAULT_MD_NID: if (pkey->pkey.rsa->pss != NULL) { if (!ossl_rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md, - &min_saltlen)) { + &min_saltlen)) { ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); return 0; } @@ -474,7 +474,7 @@ } RSA_PSS_PARAMS *ossl_rsa_pss_params_create(const EVP_MD *sigmd, - const EVP_MD *mgf1md, int saltlen) + const EVP_MD *mgf1md, int saltlen) { RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); @@ -496,7 +496,7 @@ if (!ossl_x509_algor_new_from_md(&pss->maskHash, mgf1md)) goto err; return pss; - err: +err: RSA_PSS_PARAMS_free(pss); return NULL; } @@ -521,7 +521,7 @@ */ int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, - const X509_ALGOR *sigalg, EVP_PKEY *pkey) + const X509_ALGOR *sigalg, EVP_PKEY *pkey) { int rv = -1; int saltlen; @@ -566,13 +566,13 @@ /* Carry on */ rv = 1; - err: +err: RSA_PSS_PARAMS_free(pss); return rv; } static int rsa_pss_verify_param(const EVP_MD **pmd, const EVP_MD **pmgf1md, - int *psaltlen, int *ptrailerField) + int *psaltlen, int *ptrailerField) { if (psaltlen != NULL && *psaltlen < 0) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH); @@ -590,7 +590,7 @@ } int ossl_rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, - const EVP_MD **pmgf1md, int *psaltlen) + const EVP_MD **pmgf1md, int *psaltlen) { /* * Callers do not care about the trailer field, and yet, we must @@ -603,7 +603,7 @@ int trailerField = 0; return ossl_rsa_pss_get_param_unverified(pss, pmd, pmgf1md, psaltlen, - &trailerField) + &trailerField) && rsa_pss_verify_param(pmd, pmgf1md, psaltlen, &trailerField); } @@ -613,8 +613,8 @@ */ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, - const void *asn, const X509_ALGOR *sigalg, - const ASN1_BIT_STRING *sig, EVP_PKEY *pkey) + const void *asn, const X509_ALGOR *sigalg, + const ASN1_BIT_STRING *sig, EVP_PKEY *pkey) { /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) { @@ -629,8 +629,8 @@ } static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *sig) + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *sig) { int pad_mode; EVP_PKEY_CTX *pkctx = EVP_MD_CTX_get_pkey_ctx(ctx); @@ -660,16 +660,16 @@ return 0; } if (!X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os2)) { + V_ASN1_SEQUENCE, os2)) { ASN1_STRING_free(os1); ASN1_STRING_free(os2); return 0; } } if (!X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os1)) { - ASN1_STRING_free(os1); - return 0; + V_ASN1_SEQUENCE, os1)) { + ASN1_STRING_free(os1); + return 0; } return 3; } @@ -702,7 +702,7 @@ } static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, - const ASN1_STRING *sig) + const ASN1_STRING *sig) { int rv = 0; int mdnid, saltlen; @@ -724,8 +724,8 @@ * match and salt length must equal digest size */ if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512) - && mdnid == EVP_MD_get_type(mgf1md) - && saltlen == EVP_MD_get_size(md)) + && mdnid == EVP_MD_get_type(mgf1md) + && saltlen == EVP_MD_get_size(md)) flags = X509_SIG_INFO_TLS; else flags = 0; @@ -748,9 +748,9 @@ else if (mdnid == NID_md5) secbits = 39; X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, secbits, - flags); + flags); rv = 1; - err: +err: RSA_PSS_PARAMS_free(pss); return rv; } @@ -770,9 +770,9 @@ * checks in this method since the caller tests EVP_KEYMGMT_is_a() first. */ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type, - void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) + void *to_keydata, + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq) { RSA *rsa = from->pkey.rsa; OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); @@ -799,14 +799,14 @@ RSA_PSS_PARAMS_30 pss_params; if (!ossl_rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md, - &saltlen, &trailerfield)) + &saltlen, &trailerfield)) goto err; md_nid = EVP_MD_get_type(md); mgf1md_nid = EVP_MD_get_type(mgf1md); if (!ossl_rsa_pss_params_30_set_defaults(&pss_params) || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid) || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params, - mgf1md_nid) + mgf1md_nid) || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen) || !ossl_rsa_pss_params_30_todata(&pss_params, tmpl, NULL)) goto err; @@ -819,19 +819,21 @@ /* We export, the provider imports */ rv = importer(to_keydata, selection, params); - err: +err: OSSL_PARAM_free(params); OSSL_PARAM_BLD_free(tmpl); return rv; } static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx, - int rsa_type) + int rsa_type) { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); RSA *rsa = ossl_rsa_new_with_ctx(pctx->libctx); - RSA_PSS_PARAMS_30 rsa_pss_params = { 0, }; + RSA_PSS_PARAMS_30 rsa_pss_params = { + 0, + }; int pss_defaults_set = 0; int ok = 0; @@ -844,7 +846,7 @@ RSA_set_flags(rsa, rsa_type); if (!ossl_rsa_pss_params_30_fromdata(&rsa_pss_params, &pss_defaults_set, - params, pctx->libctx)) + params, pctx->libctx)) goto err; switch (rsa_type) { @@ -870,7 +872,8 @@ const EVP_MD *mgf1md = EVP_get_digestbynid(mgf1mdnid); if ((rsa->pss = ossl_rsa_pss_params_create(md, mgf1md, - saltlen)) == NULL) + saltlen)) + == NULL) goto err; } break; @@ -891,26 +894,26 @@ break; } - err: +err: if (!ok) RSA_free(rsa); return ok; } static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq) { return rsa_int_export_to(from, RSA_FLAG_TYPE_RSA, to_keydata, - importer, libctx, propq); + importer, libctx, propq); } static int rsa_pss_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq) { return rsa_int_export_to(from, RSA_FLAG_TYPE_RSASSAPSS, to_keydata, - importer, libctx, propq); + importer, libctx, propq); } static int rsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx) @@ -942,91 +945,88 @@ } const EVP_PKEY_ASN1_METHOD ossl_rsa_asn1_meths[2] = { - { - EVP_PKEY_RSA, - EVP_PKEY_RSA, - ASN1_PKEY_SIGPARAM_NULL, - - "RSA", - "OpenSSL RSA method", - - rsa_pub_decode, - rsa_pub_encode, - rsa_pub_cmp, - rsa_pub_print, - - rsa_priv_decode, - rsa_priv_encode, - rsa_priv_print, - - int_rsa_size, - rsa_bits, - rsa_security_bits, - - 0, 0, 0, 0, 0, 0, - - rsa_sig_print, - int_rsa_free, - rsa_pkey_ctrl, - old_rsa_priv_decode, - old_rsa_priv_encode, - rsa_item_verify, - rsa_item_sign, - rsa_sig_info_set, - rsa_pkey_check, - - 0, 0, - 0, 0, 0, 0, - - rsa_pkey_dirty_cnt, - rsa_pkey_export_to, - rsa_pkey_import_from, - rsa_pkey_copy - }, - - { - EVP_PKEY_RSA2, - EVP_PKEY_RSA, - ASN1_PKEY_ALIAS} + { EVP_PKEY_RSA, + EVP_PKEY_RSA, + ASN1_PKEY_SIGPARAM_NULL, + + "RSA", + "OpenSSL RSA method", + + rsa_pub_decode, + rsa_pub_encode, + rsa_pub_cmp, + rsa_pub_print, + + rsa_priv_decode, + rsa_priv_encode, + rsa_priv_print, + + int_rsa_size, + rsa_bits, + rsa_security_bits, + + 0, 0, 0, 0, 0, 0, + + rsa_sig_print, + int_rsa_free, + rsa_pkey_ctrl, + old_rsa_priv_decode, + old_rsa_priv_encode, + rsa_item_verify, + rsa_item_sign, + rsa_sig_info_set, + rsa_pkey_check, + + 0, 0, + 0, 0, 0, 0, + + rsa_pkey_dirty_cnt, + rsa_pkey_export_to, + rsa_pkey_import_from, + rsa_pkey_copy }, + + { EVP_PKEY_RSA2, + EVP_PKEY_RSA, + ASN1_PKEY_ALIAS } }; const EVP_PKEY_ASN1_METHOD ossl_rsa_pss_asn1_meth = { - EVP_PKEY_RSA_PSS, - EVP_PKEY_RSA_PSS, - ASN1_PKEY_SIGPARAM_NULL, - - "RSA-PSS", - "OpenSSL RSA-PSS method", - - rsa_pub_decode, - rsa_pub_encode, - rsa_pub_cmp, - rsa_pub_print, - - rsa_priv_decode, - rsa_priv_encode, - rsa_priv_print, - - int_rsa_size, - rsa_bits, - rsa_security_bits, - - 0, 0, 0, 0, 0, 0, - - rsa_sig_print, - int_rsa_free, - rsa_pkey_ctrl, - 0, 0, - rsa_item_verify, - rsa_item_sign, - rsa_sig_info_set, - rsa_pkey_check, - - 0, 0, - 0, 0, 0, 0, - - rsa_pkey_dirty_cnt, - rsa_pss_pkey_export_to, - rsa_pss_pkey_import_from, - rsa_pkey_copy + EVP_PKEY_RSA_PSS, + EVP_PKEY_RSA_PSS, + ASN1_PKEY_SIGPARAM_NULL, + + "RSA-PSS", + "OpenSSL RSA-PSS method", + + rsa_pub_decode, + rsa_pub_encode, + rsa_pub_cmp, + rsa_pub_print, + + rsa_priv_decode, + rsa_priv_encode, + rsa_priv_print, + + int_rsa_size, + rsa_bits, + rsa_security_bits, + + 0, 0, 0, 0, 0, 0, + + rsa_sig_print, + int_rsa_free, + rsa_pkey_ctrl, + 0, 0, + rsa_item_verify, + rsa_item_sign, + rsa_sig_info_set, + rsa_pkey_check, + + 0, 0, + 0, 0, 0, 0, + + rsa_pkey_dirty_cnt, + rsa_pss_pkey_export_to, + rsa_pss_pkey_import_from, + rsa_pkey_copy }; --- crypto/openssl/crypto/rsa/rsa_asn1.c.orig +++ crypto/openssl/crypto/rsa/rsa_asn1.c @@ -26,7 +26,7 @@ * RSA keys. */ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)RSA_new(); @@ -49,33 +49,32 @@ /* Based on definitions in RFC 8017 appendix A.1.2 */ ASN1_SEQUENCE(RSA_PRIME_INFO) = { - ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM), - ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM), - ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM), + ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM), + ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM), + ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM), } ASN1_SEQUENCE_END(RSA_PRIME_INFO) ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { - ASN1_EMBED(RSA, version, INT32), - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), - ASN1_SIMPLE(RSA, d, CBIGNUM), - ASN1_SIMPLE(RSA, p, CBIGNUM), - ASN1_SIMPLE(RSA, q, CBIGNUM), - ASN1_SIMPLE(RSA, dmp1, CBIGNUM), - ASN1_SIMPLE(RSA, dmq1, CBIGNUM), - ASN1_SIMPLE(RSA, iqmp, CBIGNUM), - ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO) + ASN1_EMBED(RSA, version, INT32), + ASN1_SIMPLE(RSA, n, BIGNUM), + ASN1_SIMPLE(RSA, e, BIGNUM), + ASN1_SIMPLE(RSA, d, CBIGNUM), + ASN1_SIMPLE(RSA, p, CBIGNUM), + ASN1_SIMPLE(RSA, q, CBIGNUM), + ASN1_SIMPLE(RSA, dmp1, CBIGNUM), + ASN1_SIMPLE(RSA, dmq1, CBIGNUM), + ASN1_SIMPLE(RSA, iqmp, CBIGNUM), + ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO) } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) - ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), + ASN1_SIMPLE(RSA, n, BIGNUM), + ASN1_SIMPLE(RSA, e, BIGNUM), } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) /* Free up maskHash */ static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { if (operation == ASN1_OP_FREE_PRE) { RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval; @@ -85,10 +84,10 @@ } ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = { - ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), - ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), - ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), - ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3) + ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR, 0), + ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR, 1), + ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER, 2), + ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER, 3) } ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS) @@ -96,7 +95,7 @@ /* Free up maskHash */ static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { if (operation == ASN1_OP_FREE_PRE) { RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval; @@ -106,9 +105,9 @@ } ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = { - ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0), - ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1), - ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2), + ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0), + ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1), + ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2), } ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) --- crypto/openssl/crypto/rsa/rsa_backend.c.orig +++ crypto/openssl/crypto/rsa/rsa_backend.c @@ -19,8 +19,8 @@ #include #include #ifndef FIPS_MODULE -# include -# include "crypto/asn1.h" +#include +#include "crypto/asn1.h" #endif #include "internal/sizes.h" #include "internal/param_build_set.h" @@ -36,7 +36,7 @@ DEFINE_STACK_OF(BIGNUM) static int collect_numbers(STACK_OF(BIGNUM) *numbers, - const OSSL_PARAM params[], const char *names[]) + const OSSL_PARAM params[], const char *names[]) { const OSSL_PARAM *p = NULL; int i; @@ -44,7 +44,7 @@ if (numbers == NULL) return 0; - for (i = 0; names[i] != NULL; i++){ + for (i = 0; names[i] != NULL; i++) { p = OSSL_PARAM_locate_const(params, names[i]); if (p != NULL) { BIGNUM *tmp = NULL; @@ -63,7 +63,7 @@ int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private) { - const OSSL_PARAM *param_n, *param_e, *param_d = NULL; + const OSSL_PARAM *param_n, *param_e, *param_d = NULL; BIGNUM *n = NULL, *e = NULL, *d = NULL; STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL; int is_private = 0; @@ -89,11 +89,11 @@ if (is_private) { if (!collect_numbers(factors = sk_BIGNUM_new_null(), params, - ossl_rsa_mp_factor_names) + ossl_rsa_mp_factor_names) || !collect_numbers(exps = sk_BIGNUM_new_null(), params, - ossl_rsa_mp_exp_names) + ossl_rsa_mp_exp_names) || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params, - ossl_rsa_mp_coeff_names)) + ossl_rsa_mp_coeff_names)) goto err; /* It's ok if this private key just has n, e and d */ @@ -102,13 +102,12 @@ goto err; } - sk_BIGNUM_free(factors); sk_BIGNUM_free(exps); sk_BIGNUM_free(coeffs); return 1; - err: +err: BN_free(n); BN_free(e); BN_free(d); @@ -121,7 +120,7 @@ DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], - int include_private) + int include_private) { int ret = 0; const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; @@ -143,16 +142,16 @@ if (include_private && rsa_d != NULL) { if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, - rsa_d) + rsa_d) || !ossl_param_build_set_multi_key_bn(bld, params, - ossl_rsa_mp_factor_names, - factors) + ossl_rsa_mp_factor_names, + factors) || !ossl_param_build_set_multi_key_bn(bld, params, - ossl_rsa_mp_exp_names, exps) + ossl_rsa_mp_exp_names, exps) || !ossl_param_build_set_multi_key_bn(bld, params, - ossl_rsa_mp_coeff_names, - coeffs)) - goto err; + ossl_rsa_mp_coeff_names, + coeffs)) + goto err; } #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) @@ -161,7 +160,7 @@ ossl_rsa_acvp_test_get_params(rsa, params); #endif ret = 1; - err: +err: sk_BIGNUM_const_free(factors); sk_BIGNUM_const_free(exps); sk_BIGNUM_const_free(coeffs); @@ -169,7 +168,7 @@ } int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, - OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) + OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) { int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss); @@ -178,17 +177,16 @@ int saltlen = ossl_rsa_pss_params_30_saltlen(pss); int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL); int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL); - int default_maskgenhashalg_nid = - ossl_rsa_pss_params_30_maskgenhashalg(NULL); - const char *mdname = - (hashalg_nid == default_hashalg_nid - ? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid)); - const char *mgfname = - (maskgenalg_nid == default_maskgenalg_nid - ? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid)); - const char *mgf1mdname = - (maskgenhashalg_nid == default_maskgenhashalg_nid - ? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid)); + int default_maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(NULL); + const char *mdname = (hashalg_nid == default_hashalg_nid + ? NULL + : ossl_rsa_oaeppss_nid2name(hashalg_nid)); + const char *mgfname = (maskgenalg_nid == default_maskgenalg_nid + ? NULL + : ossl_rsa_oaeppss_nid2name(maskgenalg_nid)); + const char *mgf1mdname = (maskgenhashalg_nid == default_maskgenhashalg_nid + ? NULL + : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid)); const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST; const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC; const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST; @@ -200,13 +198,13 @@ * if it has a default value; saltlen. */ if ((mdname != NULL - && !ossl_param_build_set_utf8_string(bld, params, key_md, mdname)) + && !ossl_param_build_set_utf8_string(bld, params, key_md, mdname)) || (mgfname != NULL && !ossl_param_build_set_utf8_string(bld, params, - key_mgf, mgfname)) + key_mgf, mgfname)) || (mgf1mdname != NULL && !ossl_param_build_set_utf8_string(bld, params, - key_mgf1_md, mgf1mdname)) + key_mgf1_md, mgf1mdname)) || (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen))) return 0; } @@ -214,11 +212,11 @@ } int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, - int *defaults_set, - const OSSL_PARAM params[], - OSSL_LIB_CTX *libctx) + int *defaults_set, + const OSSL_PARAM params[], + OSSL_LIB_CTX *libctx) { - const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md, *param_saltlen; + const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md, *param_saltlen; const OSSL_PARAM *param_propq; const char *propq = NULL; EVP_MD *md = NULL, *mgf1md = NULL; @@ -227,16 +225,11 @@ if (pss_params == NULL) return 0; - param_propq = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS); - param_md = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST); - param_mgf = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC); - param_mgf1md = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST); - param_saltlen = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN); + param_propq = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS); + param_md = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST); + param_mgf = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC); + param_mgf1md = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST); + param_saltlen = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN); if (param_propq != NULL) { if (param_propq->data_type == OSSL_PARAM_UTF8_STRING) @@ -265,7 +258,8 @@ return 0; if (OPENSSL_strcasecmp(param_mgf->data, - ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) + ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) + != 0) return 0; } @@ -284,7 +278,7 @@ if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL || !ossl_rsa_pss_params_30_set_hashalg(pss_params, - ossl_rsa_oaeppss_md2nid(md))) + ossl_rsa_oaeppss_md2nid(md))) goto err; } @@ -298,7 +292,7 @@ if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL || !ossl_rsa_pss_params_30_set_maskgenhashalg( - pss_params, ossl_rsa_oaeppss_md2nid(mgf1md))) + pss_params, ossl_rsa_oaeppss_md2nid(mgf1md))) goto err; } @@ -310,7 +304,7 @@ ret = 1; - err: +err: EVP_MD_free(md); EVP_MD_free(mgf1md); return ret; @@ -418,13 +412,13 @@ } } if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA, - &dupkey->ex_data, &rsa->ex_data)) + &dupkey->ex_data, &rsa->ex_data)) goto err; #endif return dupkey; - err: +err: RSA_free(dupkey); return NULL; } @@ -435,7 +429,7 @@ RSA_PSS_PARAMS *pss; pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), - alg->parameter); + alg->parameter); if (pss == NULL) return NULL; @@ -473,17 +467,17 @@ * be checked, eventually. */ if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md, - &saltlen, &trailerField)) + &saltlen, &trailerField)) return 0; md_nid = EVP_MD_get_type(md); mgf1md_nid = EVP_MD_get_type(mgf1md); if (!ossl_rsa_pss_params_30_set_defaults(&pss_params) || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid) || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params, - mgf1md_nid) + mgf1md_nid) || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen) || !ossl_rsa_pss_params_30_set_trailerfield(&pss_params, - trailerField)) + trailerField)) return 0; *pss = pss_params; } @@ -491,8 +485,8 @@ } int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss, - const EVP_MD **pmd, const EVP_MD **pmgf1md, - int *psaltlen, int *ptrailerField) + const EVP_MD **pmd, const EVP_MD **pmgf1md, + int *psaltlen, int *ptrailerField) { RSA_PSS_PARAMS_30 pss_params; @@ -514,7 +508,8 @@ if (pss->trailerField) *ptrailerField = ASN1_INTEGER_get(pss->trailerField); else - *ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);; + *ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params); + ; return 1; } @@ -546,7 +541,7 @@ } RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { const unsigned char *p; RSA *rsa; --- crypto/openssl/crypto/rsa/rsa_chk.c.orig +++ crypto/openssl/crypto/rsa/rsa_chk.c @@ -27,7 +27,7 @@ RSA_PRIME_INFO *pinfo; if (key->p == NULL || key->q == NULL || key->n == NULL - || key->e == NULL || key->d == NULL) { + || key->e == NULL || key->d == NULL) { ERR_raise(ERR_LIB_RSA, RSA_R_VALUE_MISSING); return 0; } @@ -36,7 +36,7 @@ if (key->version == RSA_ASN1_VERSION_MULTI) { ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos); if (ex_primes <= 0 - || (ex_primes + 2) > ossl_rsa_multip_cap(BN_num_bits(key->n))) { + || (ex_primes + 2) > ossl_rsa_multip_cap(BN_num_bits(key->n))) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MULTI_PRIME_KEY); return 0; } @@ -49,7 +49,7 @@ m = BN_new(); ctx = BN_CTX_new_ex(key->libctx); if (i == NULL || j == NULL || k == NULL || l == NULL - || m == NULL || ctx == NULL) { + || m == NULL || ctx == NULL) { ret = -1; ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); goto err; @@ -223,7 +223,7 @@ } } - err: +err: BN_free(i); BN_free(j); BN_free(k); @@ -262,8 +262,8 @@ { #ifdef FIPS_MODULE return ossl_rsa_validate_public(key) - && ossl_rsa_validate_private(key) - && ossl_rsa_validate_pairwise(key); + && ossl_rsa_validate_private(key) + && ossl_rsa_validate_pairwise(key); #else return rsa_validate_keypair_multiprime(key, cb); #endif /* FIPS_MODULE */ --- crypto/openssl/crypto/rsa/rsa_crpt.c.orig +++ crypto/openssl/crypto/rsa/rsa_crpt.c @@ -31,25 +31,25 @@ } int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) + RSA *rsa, int padding) { return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); } int RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) + unsigned char *to, RSA *rsa, int padding) { return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); } int RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) + unsigned char *to, RSA *rsa, int padding) { return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); } int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) + RSA *rsa, int padding) { return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } @@ -81,12 +81,12 @@ rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; ret = 1; - err: +err: return ret; } static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, - const BIGNUM *q, BN_CTX *ctx) + const BIGNUM *q, BN_CTX *ctx) { BIGNUM *ret = NULL, *r0, *r1, *r2; @@ -108,7 +108,7 @@ goto err; ret = BN_mod_inverse(NULL, d, r0, ctx); - err: +err: BN_CTX_end(ctx); return ret; } @@ -153,7 +153,7 @@ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, - rsa->_method_mod_n); + rsa->_method_mod_n); /* We MUST free n before any further use of rsa->n */ BN_free(n); } @@ -164,7 +164,7 @@ BN_BLINDING_set_current_thread(ret); - err: +err: BN_CTX_end(ctx); if (ctx != in_ctx) BN_CTX_free(ctx); --- crypto/openssl/crypto/rsa/rsa_depr.c.orig +++ crypto/openssl/crypto/rsa/rsa_depr.c @@ -27,7 +27,7 @@ #include RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback) (int, int, void *), void *cb_arg) + void (*callback)(int, int, void *), void *cb_arg) { int i; BN_GENCB *cb = BN_GENCB_new(); @@ -54,7 +54,7 @@ BN_GENCB_free(cb); return rsa; } - err: +err: BN_free(e); RSA_free(rsa); BN_GENCB_free(cb); --- crypto/openssl/crypto/rsa/rsa_err.c.orig +++ crypto/openssl/crypto/rsa/rsa_err.c @@ -15,143 +15,143 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA RSA_str_reasons[] = { - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT), - "bad fixed header decrypt"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01), - "block type is not 01"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02), - "block type is not 02"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN), - "data greater than mod len"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "data too large"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), - "data too large for key size"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS), - "data too large for modulus"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "data too small"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), - "data too small for key size"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_DOES_NOT_MATCH), - "digest does not match"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED), "digest not allowed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), - "digest too big for rsa key"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMP1_NOT_CONGRUENT_TO_D), - "dmp1 not congruent to d"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMQ1_NOT_CONGRUENT_TO_D), - "dmq1 not congruent to d"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1), - "d e not congruent to 1"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID), - "first octet invalid"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), - "illegal or unsupported padding mode"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST_LENGTH), - "invalid digest length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_HEADER), "invalid header"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEYPAIR), "invalid keypair"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LENGTH), "invalid length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH), - "invalid message length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MODULUS), "invalid modulus"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MULTI_PRIME_KEY), - "invalid multi prime key"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_OAEP_PARAMETERS), - "invalid oaep parameters"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING), "invalid padding"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING_MODE), - "invalid padding mode"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_PARAMETERS), - "invalid pss parameters"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_SALTLEN), - "invalid pss saltlen"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_REQUEST), "invalid request"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_SALT_LENGTH), - "invalid salt length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_STRENGTH), "invalid strength"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_TRAILER), "invalid trailer"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_X931_DIGEST), - "invalid x931 digest"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_IQMP_NOT_INVERSE_OF_Q), - "iqmp not inverse of q"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_PRIME_NUM_INVALID), - "key prime num invalid"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED), - "mgf1 digest not allowed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R), - "mp coefficient not inverse of r"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D), - "mp exponent not congruent to d"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), - "null before block missing"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), - "n does not equal product of primes"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_P_Q), - "n does not equal p q"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), - "oaep decoding error"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), - "padding check failed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PAIRWISE_TEST_FAILURE), - "pairwise test failure"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR), - "pkcs decoding error"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PSS_SALTLEN_TOO_SMALL), - "pss saltlen too small"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PUB_EXPONENT_OUT_OF_RANGE), - "pub exponent out of range"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT), - "randomness source strength insufficient"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), - "rsa operations not supported"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED), - "salt length check failed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED), - "salt length recovery failed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK), - "sslv3 rollback attack"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), - "the asn1 object identifier is not known for this md"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE), - "unknown algorithm type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_MASK_DIGEST), - "unknown mask digest"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE), - "unknown padding type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), - "unsupported encryption type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_LABEL_SOURCE), - "unsupported label source"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_ALGORITHM), - "unsupported mask algorithm"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), - "unsupported mask parameter"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), - "unsupported signature type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH), - "wrong signature length"}, - {0, NULL} + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT), + "bad fixed header decrypt" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "bad signature" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01), + "block type is not 01" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02), + "block type is not 02" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN), + "data greater than mod len" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "data too large" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), + "data too large for key size" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS), + "data too large for modulus" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "data too small" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), + "data too small for key size" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_DOES_NOT_MATCH), + "digest does not match" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED), "digest not allowed" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), + "digest too big for rsa key" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMP1_NOT_CONGRUENT_TO_D), + "dmp1 not congruent to d" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMQ1_NOT_CONGRUENT_TO_D), + "dmq1 not congruent to d" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1), + "d e not congruent to 1" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID), + "first octet invalid" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), + "illegal or unsupported padding mode" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST), "invalid digest" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST_LENGTH), + "invalid digest length" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_HEADER), "invalid header" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEYPAIR), "invalid keypair" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEY_LENGTH), "invalid key length" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LENGTH), "invalid length" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH), + "invalid message length" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MODULUS), "invalid modulus" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MULTI_PRIME_KEY), + "invalid multi prime key" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_OAEP_PARAMETERS), + "invalid oaep parameters" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING), "invalid padding" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING_MODE), + "invalid padding mode" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_PARAMETERS), + "invalid pss parameters" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_SALTLEN), + "invalid pss saltlen" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_REQUEST), "invalid request" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_SALT_LENGTH), + "invalid salt length" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_STRENGTH), "invalid strength" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_TRAILER), "invalid trailer" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_X931_DIGEST), + "invalid x931 digest" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_IQMP_NOT_INVERSE_OF_Q), + "iqmp not inverse of q" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_PRIME_NUM_INVALID), + "key prime num invalid" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "key size too small" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED), + "mgf1 digest not allowed" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MISSING_PRIVATE_KEY), + "missing private key" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R), + "mp coefficient not inverse of r" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D), + "mp exponent not congruent to d" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), + "null before block missing" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), + "n does not equal product of primes" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_P_Q), + "n does not equal p q" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), + "oaep decoding error" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), + "padding check failed" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PAIRWISE_TEST_FAILURE), + "pairwise test failure" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR), + "pkcs decoding error" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PSS_SALTLEN_TOO_SMALL), + "pss saltlen too small" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PUB_EXPONENT_OUT_OF_RANGE), + "pub exponent out of range" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT), + "randomness source strength insufficient" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), + "rsa operations not supported" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED), + "salt length check failed" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED), + "salt length recovery failed" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK), + "sslv3 rollback attack" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), + "the asn1 object identifier is not known for this md" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE), + "unknown algorithm type" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_DIGEST), "unknown digest" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_MASK_DIGEST), + "unknown mask digest" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE), + "unknown padding type" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), + "unsupported encryption type" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_LABEL_SOURCE), + "unsupported label source" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_ALGORITHM), + "unsupported mask algorithm" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), + "unsupported mask parameter" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), + "unsupported signature type" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing" }, + { ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH), + "wrong signature length" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/rsa/rsa_gen.c.orig +++ crypto/openssl/crypto/rsa/rsa_gen.c @@ -29,7 +29,7 @@ static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg); static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb, int pairwise_test); + BIGNUM *e_value, BN_GENCB *cb, int pairwise_test); /* * NB: this wrapper would normally be placed in rsa_lib.c and the static @@ -44,17 +44,17 @@ return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); return RSA_generate_multi_prime_key(rsa, bits, RSA_DEFAULT_PRIME_NUM, - e_value, cb); + e_value, cb); } int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb) + BIGNUM *e_value, BN_GENCB *cb) { #ifndef FIPS_MODULE /* multi-prime is only supported with the builtin key generation */ if (rsa->meth->rsa_multi_prime_keygen != NULL) { return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, - e_value, cb); + e_value, cb); } else if (rsa->meth->rsa_keygen != NULL) { /* * However, if rsa->meth implements only rsa_keygen, then we @@ -73,7 +73,7 @@ #ifndef FIPS_MODULE static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb) + BIGNUM *e_value, BN_GENCB *cb) { BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime; int n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0; @@ -86,7 +86,7 @@ int ok = -1; if (bits < RSA_MIN_MODULUS_BITS) { - ok = 0; /* we set our own err */ + ok = 0; /* we set our own err */ ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL); goto err; } @@ -98,7 +98,7 @@ } if (primes < RSA_DEFAULT_PRIME_NUM || primes > ossl_rsa_multip_cap(bits)) { - ok = 0; /* we set our own err */ + ok = 0; /* we set our own err */ ERR_raise(ERR_LIB_RSA, RSA_R_KEY_PRIME_NUM_INVALID); goto err; } @@ -155,7 +155,7 @@ if (rsa->prime_infos != NULL) { /* could this happen? */ sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, - ossl_rsa_multip_info_free); + ossl_rsa_multip_info_free); } rsa->prime_infos = prime_infos; @@ -187,9 +187,9 @@ BN_set_flags(prime, BN_FLG_CONSTTIME); for (;;) { - redo: + redo: if (!BN_generate_prime_ex2(prime, bitsr[i] + adj, 0, NULL, NULL, - cb, ctx)) + cb, ctx)) goto err; /* * prime should not be equal to p, q, r_3... @@ -207,7 +207,8 @@ prev_prime = rsa->q; else prev_prime = sk_RSA_PRIME_INFO_value(prime_infos, - j - 2)->r; + j - 2) + ->r; if (!BN_cmp(prime, prev_prime)) { goto redo; @@ -219,7 +220,7 @@ ERR_set_mark(); BN_set_flags(r2, BN_FLG_CONSTTIME); if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { - /* GCD == 1 since inverse exists */ + /* GCD == 1 since inverse exists */ break; } error = ERR_peek_last_error(); @@ -347,7 +348,7 @@ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { BN_free(pr0); - goto err; /* d */ + goto err; /* d */ } /* We MUST free pr0 before any further use of r0 */ BN_free(pr0); @@ -410,7 +411,7 @@ } ok = 1; - err: +err: if (ok == -1) { ERR_raise(ERR_LIB_RSA, ERR_R_BN_LIB); ok = 0; @@ -422,7 +423,7 @@ #endif /* FIPS_MODULE */ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb, int pairwise_test) + BIGNUM *e_value, BN_GENCB *cb, int pairwise_test) { int ok = 0; @@ -435,8 +436,8 @@ * public exponent <= 2^16 will use the older rsa_multiprime_keygen(). */ if (primes == 2 - && bits >= 2048 - && (e_value == NULL || BN_num_bits(e_value) > 16)) + && bits >= 2048 + && (e_value == NULL || BN_num_bits(e_value) > 16)) ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb); else ok = rsa_multiprime_keygen(rsa, bits, primes, e_value, cb); @@ -480,7 +481,7 @@ int ret = 0; unsigned int ciphertxt_len; unsigned char *ciphertxt = NULL; - const unsigned char plaintxt[16] = {0}; + const unsigned char plaintxt[16] = { 0 }; unsigned char *decoded = NULL; unsigned int decoded_len; unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len); @@ -491,7 +492,7 @@ if (st == NULL) goto err; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, - OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); + OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); ciphertxt_len = RSA_size(rsa); /* @@ -504,7 +505,7 @@ decoded = ciphertxt + ciphertxt_len; ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa, - padding); + padding); if (ciphertxt_len <= 0) goto err; if (ciphertxt_len == plaintxt_len @@ -514,9 +515,9 @@ OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt); decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa, - padding); + padding); if (decoded_len != plaintxt_len - || memcmp(decoded, plaintxt, decoded_len) != 0) + || memcmp(decoded, plaintxt, decoded_len) != 0) goto err; ret = 1; --- crypto/openssl/crypto/rsa/rsa_lib.c.orig +++ crypto/openssl/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include #include @@ -125,7 +125,7 @@ return ret; - err: +err: RSA_free(ret); return NULL; } @@ -223,10 +223,10 @@ static const unsigned int cbrt_scale = 1 << (2 * 18 / 3); /* Define some constants, none exceed 32 bits */ -static const unsigned int log_2 = 0x02c5c8; /* scale * log(2) */ -static const unsigned int log_e = 0x05c551; /* scale * log2(M_E) */ -static const unsigned int c1_923 = 0x07b126; /* scale * 1.923 */ -static const unsigned int c4_690 = 0x12c28f; /* scale * 4.690 */ +static const unsigned int log_2 = 0x02c5c8; /* scale * log(2) */ +static const unsigned int log_e = 0x05c551; /* scale * log2(M_E) */ +static const unsigned int c1_923 = 0x07b126; /* scale * 1.923 */ +static const unsigned int c4_690 = 0x12c28f; /* scale * 4.690 */ /* * Multiply two scaled integers together and rescale the result. @@ -322,19 +322,19 @@ * the standards but are defined to be canonical. */ switch (n) { - case 2048: /* SP 800-56B rev 2 Appendix D and FIPS 140-2 IG 7.5 */ + case 2048: /* SP 800-56B rev 2 Appendix D and FIPS 140-2 IG 7.5 */ return 112; - case 3072: /* SP 800-56B rev 2 Appendix D and FIPS 140-2 IG 7.5 */ + case 3072: /* SP 800-56B rev 2 Appendix D and FIPS 140-2 IG 7.5 */ return 128; - case 4096: /* SP 800-56B rev 2 Appendix D */ + case 4096: /* SP 800-56B rev 2 Appendix D */ return 152; - case 6144: /* SP 800-56B rev 2 Appendix D */ + case 6144: /* SP 800-56B rev 2 Appendix D */ return 176; - case 7680: /* FIPS 140-2 IG 7.5 */ + case 7680: /* FIPS 140-2 IG 7.5 */ return 192; - case 8192: /* SP 800-56B rev 2 Appendix D */ + case 8192: /* SP 800-56B rev 2 Appendix D */ return 200; - case 15360: /* FIPS 140-2 IG 7.5 */ + case 15360: /* FIPS 140-2 IG 7.5 */ return 256; } @@ -364,15 +364,13 @@ x = n * (uint64_t)log_2; lx = ilog_e(x); y = (uint16_t)((mul2(c1_923, icbrt64(mul2(mul2(x, lx), lx))) - c4_690) - / log_2); + / log_2); y = (y + 4) & ~7; if (y > cap) y = cap; return y; } - - int RSA_security_bits(const RSA *rsa) { int bits = BN_num_bits(rsa->n); @@ -477,7 +475,7 @@ * and related functions to let user pass a triplet? */ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], - BIGNUM *coeffs[], int pnum) + BIGNUM *coeffs[], int pnum) { STACK_OF(RSA_PRIME_INFO) *prime_infos, *old = NULL; RSA_PRIME_INFO *pinfo; @@ -535,7 +533,7 @@ r->dirty_cnt++; return 1; - err: +err: /* r, d, t should not be freed */ sk_RSA_PRIME_INFO_pop_free(prime_infos, ossl_rsa_multip_info_free_ex); return 0; @@ -543,7 +541,7 @@ #endif void RSA_get0_key(const RSA *r, - const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { if (n != NULL) *n = r->n; @@ -594,8 +592,8 @@ #endif void RSA_get0_crt_params(const RSA *r, - const BIGNUM **dmp1, const BIGNUM **dmq1, - const BIGNUM **iqmp) + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp) { if (dmp1 != NULL) *dmp1 = r->dmp1; @@ -607,7 +605,7 @@ #ifndef FIPS_MODULE int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], - const BIGNUM *coeffs[]) + const BIGNUM *coeffs[]) { int pnum; @@ -734,15 +732,15 @@ && ctx->pmeth->pkey_id != EVP_PKEY_RSA && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) return -1; - return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2); + return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2); } #endif DEFINE_STACK_OF(BIGNUM) int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, - const STACK_OF(BIGNUM) *exps, - const STACK_OF(BIGNUM) *coeffs) + const STACK_OF(BIGNUM) *exps, + const STACK_OF(BIGNUM) *coeffs) { #ifndef FIPS_MODULE STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL; @@ -757,16 +755,16 @@ return 0; if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0), - sk_BIGNUM_value(primes, 1))) + sk_BIGNUM_value(primes, 1))) return 0; if (pnum == sk_BIGNUM_num(exps) && pnum == sk_BIGNUM_num(coeffs) + 1) { if (!RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), - sk_BIGNUM_value(exps, 1), - sk_BIGNUM_value(coeffs, 0))) - return 0; + sk_BIGNUM_value(exps, 1), + sk_BIGNUM_value(coeffs, 0))) + return 0; } #ifndef FIPS_MODULE @@ -833,7 +831,7 @@ return 1; #ifndef FIPS_MODULE - err: +err: /* r, d, t should not be freed */ sk_RSA_PRIME_INFO_pop_free(prime_infos, ossl_rsa_multip_info_free_ex); return 0; @@ -843,8 +841,8 @@ DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, - STACK_OF(BIGNUM_const) *exps, - STACK_OF(BIGNUM_const) *coeffs) + STACK_OF(BIGNUM_const) *exps, + STACK_OF(BIGNUM_const) *coeffs) { #ifndef FIPS_MODULE RSA_PRIME_INFO *pinfo; @@ -880,11 +878,11 @@ #ifndef FIPS_MODULE /* Helpers to set or get diverse hash algorithm names */ static int int_set_rsa_md_name(EVP_PKEY_CTX *ctx, - /* For checks */ - int keytype, int optype, - /* For EVP_PKEY_CTX_set_params() */ - const char *mdkey, const char *mdname, - const char *propkey, const char *mdprops) + /* For checks */ + int keytype, int optype, + /* For EVP_PKEY_CTX_set_params() */ + const char *mdkey, const char *mdname, + const char *propkey, const char *mdprops) { OSSL_PARAM params[3], *p = params; @@ -920,11 +918,11 @@ /* Helpers to set or get diverse hash algorithm names */ static int int_get_rsa_md_name(EVP_PKEY_CTX *ctx, - /* For checks */ - int keytype, int optype, - /* For EVP_PKEY_CTX_get_params() */ - const char *mdkey, - char *mdname, size_t mdnamesize) + /* For checks */ + int keytype, int optype, + /* For EVP_PKEY_CTX_get_params() */ + const char *mdkey, + char *mdname, size_t mdnamesize) { OSSL_PARAM params[2], *p = params; @@ -961,7 +959,7 @@ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode) { return RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, - pad_mode, NULL); + pad_mode, NULL); } /* @@ -971,7 +969,7 @@ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode) { return RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, - 0, pad_mode); + 0, pad_mode); } /* @@ -981,16 +979,16 @@ int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_MD, 0, (void *)(md)); } int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx, - const char *mdname, - const char *mdprops) + const char *mdname, + const char *mdprops) { return int_set_rsa_md_name(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - OSSL_PKEY_PARAM_RSA_DIGEST, mdname, - OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, mdprops); + OSSL_PKEY_PARAM_RSA_DIGEST, mdname, + OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, mdprops); } /* @@ -1004,24 +1002,23 @@ return -1; return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)); } int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, - const char *mdprops) + const char *mdprops) { - return - int_set_rsa_md_name(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, mdname, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, mdprops); + return int_set_rsa_md_name(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, + OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, mdname, + OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, mdprops); } int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, - size_t namesize) + size_t namesize) { return int_get_rsa_md_name(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, - name, namesize); + OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, + name, namesize); } /* @@ -1035,7 +1032,7 @@ return -1; return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)md); + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)md); } /* @@ -1045,24 +1042,24 @@ int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)); } int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, - const char *mdprops) + const char *mdprops) { return int_set_rsa_md_name(ctx, -1, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - OSSL_PKEY_PARAM_MGF1_DIGEST, mdname, - OSSL_PKEY_PARAM_MGF1_PROPERTIES, mdprops); + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + OSSL_PKEY_PARAM_MGF1_DIGEST, mdname, + OSSL_PKEY_PARAM_MGF1_PROPERTIES, mdprops); } int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, - size_t namesize) + size_t namesize) { return int_get_rsa_md_name(ctx, -1, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - OSSL_PKEY_PARAM_MGF1_DIGEST, name, namesize); + EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, + OSSL_PKEY_PARAM_MGF1_DIGEST, name, namesize); } /* @@ -1072,15 +1069,15 @@ int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)); } int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx, - const char *mdname) + const char *mdname) { return int_set_rsa_md_name(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - OSSL_PKEY_PARAM_MGF1_DIGEST, mdname, - NULL, NULL); + OSSL_PKEY_PARAM_MGF1_DIGEST, mdname, + NULL, NULL); } /* @@ -1090,7 +1087,7 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) { return RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(md)); + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(md)); } int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) @@ -1120,14 +1117,14 @@ /* Cast away the const. This is read only so should be safe */ *p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, - (void *)plabel, (size_t)llen); + (void *)plabel, (size_t)llen); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params); if (ret <= 0) return ret; - /* Ownership is supposed to be transfered to the callee. */ + /* Ownership is supposed to be transferred to the callee. */ OPENSSL_free(label); return 1; } @@ -1148,7 +1145,7 @@ return -1; *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, - (void **)label, 0); + (void **)label, 0); *p++ = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_get_params(ctx, rsa_params)) @@ -1178,7 +1175,7 @@ * EVP_PKEY_OP_TYPE_SIG */ return RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltlen, NULL); + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltlen, NULL); } /* @@ -1197,7 +1194,7 @@ * EVP_PKEY_OP_TYPE_SIG */ return RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, saltlen); + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, saltlen); } int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen) @@ -1214,7 +1211,7 @@ return -1; *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, - &saltlen); + &saltlen); *p++ = OSSL_PARAM_construct_end(); return evp_pkey_ctx_set_params_strict(ctx, pad_params); @@ -1245,7 +1242,7 @@ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp) { int ret = RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp); + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp); /* * Satisfy memory semantics for pre-3.0 callers of @@ -1274,7 +1271,7 @@ return 0; } ret = EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp); + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp); if (evp_pkey_ctx_is_legacy(ctx) && ret <= 0) BN_free(pubexp); return ret; --- crypto/openssl/crypto/rsa/rsa_local.h.orig +++ crypto/openssl/crypto/rsa/rsa_local.h @@ -13,7 +13,7 @@ #include "internal/refcount.h" #include "crypto/rsa.h" -#define RSA_MAX_PRIME_NUM 5 +#define RSA_MAX_PRIME_NUM 5 typedef struct rsa_prime_info_st { BIGNUM *r; @@ -102,23 +102,23 @@ struct rsa_meth_st { char *name; - int (*rsa_pub_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_pub_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); /* Can be null */ - int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); /* Can be null */ - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* called at new */ - int (*init) (RSA *rsa); + int (*init)(RSA *rsa); /* called at free */ - int (*finish) (RSA *rsa); + int (*finish)(RSA *rsa); /* RSA_METHOD_FLAG_* things */ int flags; /* may be needed! */ @@ -129,22 +129,22 @@ * this to work the RSA_public_decrypt() and RSA_private_encrypt() should * *NOT* be used. RSA_sign(), RSA_verify() should be used instead. */ - int (*rsa_sign) (int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa); - int (*rsa_verify) (int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa); + int (*rsa_sign)(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); + int (*rsa_verify)(int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); /* * If this callback is NULL, the builtin software RSA key-gen will be * used. This is for behavioural compatibility whilst the code gets * rewired, but one day it would be nice to assume there are no such * things as "builtin software" implementations. */ - int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); - int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes, - BIGNUM *e, BN_GENCB *cb); + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + int (*rsa_multi_prime_keygen)(RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); }; /* Macros to test if a pkey or ctx is for a PSS key */ @@ -152,9 +152,9 @@ #define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) RSA_PSS_PARAMS *ossl_rsa_pss_params_create(const EVP_MD *sigmd, - const EVP_MD *mgf1md, int saltlen); + const EVP_MD *mgf1md, int saltlen); int ossl_rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, - const EVP_MD **pmgf1md, int *psaltlen); + const EVP_MD **pmgf1md, int *psaltlen); /* internal function to clear and free multi-prime parameters */ void ossl_rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo); void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo); @@ -164,10 +164,10 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength); int ossl_rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q, - int nbits); + int nbits); int ossl_rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q, - BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1, - BIGNUM *p1q1); + BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1, + BIGNUM *p1q1); int ossl_rsa_check_public_exponent(const BIGNUM *e); int ossl_rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx); @@ -179,18 +179,18 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa); int ossl_rsa_sp800_56b_check_private(const RSA *rsa); int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed, - int strength, int nbits); + int strength, int nbits); int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, - BN_GENCB *cb); + BN_GENCB *cb); int ossl_rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, - const BIGNUM *e, BN_CTX *ctx); + const BIGNUM *e, BN_CTX *ctx); int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, - int nbits, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb); + int nbits, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to, - int tlen, const unsigned char *from, - int flen); + int tlen, const unsigned char *from, + int flen); #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ --- crypto/openssl/crypto/rsa/rsa_meth.c.orig +++ crypto/openssl/crypto/rsa/rsa_meth.c @@ -103,190 +103,180 @@ return 1; } -int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) { return meth->rsa_pub_enc; } int RSA_meth_set_pub_enc(RSA_METHOD *meth, - int (*pub_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) + int (*pub_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) { meth->rsa_pub_enc = pub_enc; return 1; } -int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) { return meth->rsa_pub_dec; } int RSA_meth_set_pub_dec(RSA_METHOD *meth, - int (*pub_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) + int (*pub_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) { meth->rsa_pub_dec = pub_dec; return 1; } -int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) { return meth->rsa_priv_enc; } int RSA_meth_set_priv_enc(RSA_METHOD *meth, - int (*priv_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) + int (*priv_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) { meth->rsa_priv_enc = priv_enc; return 1; } -int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) { return meth->rsa_priv_dec; } int RSA_meth_set_priv_dec(RSA_METHOD *meth, - int (*priv_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) + int (*priv_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) { meth->rsa_priv_dec = priv_dec; return 1; } - /* Can be null */ -int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx) +/* Can be null */ +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx) { return meth->rsa_mod_exp; } int RSA_meth_set_mod_exp(RSA_METHOD *meth, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, - BN_CTX *ctx)) + int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)) { meth->rsa_mod_exp = mod_exp; return 1; } - /* Can be null */ -int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +/* Can be null */ +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return meth->bn_mod_exp; } int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, - int (*bn_mod_exp) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx)) + int (*bn_mod_exp)(BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx)) { meth->bn_mod_exp = bn_mod_exp; return 1; } - /* called at new */ -int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa) +/* called at new */ +int (*RSA_meth_get_init(const RSA_METHOD *meth))(RSA *rsa) { return meth->init; } -int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) +int RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa)) { meth->init = init; return 1; } - /* called at free */ -int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa) +/* called at free */ +int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) { return meth->finish; } -int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) +int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) { meth->finish = finish; return 1; } -int (*RSA_meth_get_sign(const RSA_METHOD *meth)) - (int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa) +int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa) { return meth->rsa_sign; } int RSA_meth_set_sign(RSA_METHOD *meth, - int (*sign) (int type, const unsigned char *m, - unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa)) + int (*sign)(int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)) { meth->rsa_sign = sign; return 1; } -int (*RSA_meth_get_verify(const RSA_METHOD *meth)) - (int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa) +int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa) { return meth->rsa_verify; } int RSA_meth_set_verify(RSA_METHOD *meth, - int (*verify) (int dtype, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa)) + int (*verify)(int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)) { meth->rsa_verify = verify; return 1; } -int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) +int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { return meth->rsa_keygen; } int RSA_meth_set_keygen(RSA_METHOD *meth, - int (*keygen) (RSA *rsa, int bits, BIGNUM *e, - BN_GENCB *cb)) + int (*keygen)(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)) { meth->rsa_keygen = keygen; return 1; } -int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb) +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb) { return meth->rsa_multi_prime_keygen; } int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, - int (*keygen) (RSA *rsa, int bits, - int primes, BIGNUM *e, - BN_GENCB *cb)) + int (*keygen)(RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)) { meth->rsa_multi_prime_keygen = keygen; return 1; --- crypto/openssl/crypto/rsa/rsa_mp.c.orig +++ crypto/openssl/crypto/rsa/rsa_mp.c @@ -48,7 +48,7 @@ return pinfo; - err: +err: BN_free(pinfo->r); BN_free(pinfo->d); BN_free(pinfo->t); @@ -92,7 +92,7 @@ } rv = 1; - err: +err: BN_CTX_free(ctx); return rv; } --- crypto/openssl/crypto/rsa/rsa_none.c.orig +++ crypto/openssl/crypto/rsa/rsa_none.c @@ -18,7 +18,7 @@ #include int RSA_padding_add_none(unsigned char *to, int tlen, - const unsigned char *from, int flen) + const unsigned char *from, int flen) { if (flen > tlen) { ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); @@ -35,7 +35,7 @@ } int RSA_padding_check_none(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num) + const unsigned char *from, int flen, int num) { if (flen > tlen) { --- crypto/openssl/crypto/rsa/rsa_oaep.c.orig +++ crypto/openssl/crypto/rsa/rsa_oaep.c @@ -37,11 +37,11 @@ #include "rsa_local.h" int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen) + const unsigned char *from, int flen, + const unsigned char *param, int plen) { return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen, - param, plen, NULL, NULL); + param, plen, NULL, NULL); } /* @@ -52,11 +52,11 @@ * to avoid complicating an already difficult enough function. */ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, - unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, - int plen, const EVP_MD *md, - const EVP_MD *mgf1md) + unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md) { int rv = 0; int i, emlen = tlen - 1; @@ -132,34 +132,34 @@ seed[i] ^= seedmask[i]; rv = 1; - err: +err: OPENSSL_cleanse(seedmask, sizeof(seedmask)); OPENSSL_clear_free(dbmask, dbmask_len); return rv; } int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen, - const EVP_MD *md, const EVP_MD *mgf1md) + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md) { return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen, - param, plen, md, mgf1md); + param, plen, md, mgf1md); } int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num, - const unsigned char *param, int plen) + const unsigned char *from, int flen, int num, + const unsigned char *param, int plen) { return RSA_padding_check_PKCS1_OAEP_mgf1(to, tlen, from, flen, num, - param, plen, NULL, NULL); + param, plen, NULL, NULL); } int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - int num, const unsigned char *param, - int plen, const EVP_MD *md, - const EVP_MD *mgf1md) + const unsigned char *from, int flen, + int num, const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md) { int i, dblen = 0, mlen = -1, one_index = 0, msg_index; unsigned int good = 0, found_one_byte, mask; @@ -169,7 +169,7 @@ * Y || maskedSeed || maskedDB */ unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], - phash[EVP_MAX_MD_SIZE]; + phash[EVP_MAX_MD_SIZE]; int mdlen; if (md == NULL) { @@ -260,7 +260,7 @@ unsigned int equals1 = constant_time_eq(db[i], 1); unsigned int equals0 = constant_time_is_zero(db[i]); one_index = constant_time_select_int(~found_one_byte & equals1, - i, one_index); + i, one_index); found_one_byte |= equals1; good &= (found_one_byte | equals0); } @@ -291,7 +291,7 @@ * The loop below has overall complexity of O(N*log(N)). */ tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen), - dblen - mdlen - 1, tlen); + dblen - mdlen - 1, tlen); for (msg_index = 1; msg_index < dblen - mdlen - 1; msg_index <<= 1) { mask = ~constant_time_eq(msg_index & (dblen - mdlen - 1 - mlen), 0); for (i = mdlen + 1; i < dblen - msg_index; i++) @@ -314,7 +314,7 @@ ERR_raise(ERR_LIB_RSA, RSA_R_OAEP_DECODING_ERROR); err_clear_last_constant_time(1 & good); #endif - cleanup: +cleanup: OPENSSL_cleanse(seed, sizeof(seed)); OPENSSL_clear_free(db, dblen); OPENSSL_clear_free(em, num); @@ -330,7 +330,7 @@ * The range checking steps inm the process are performed outside. */ int PKCS1_MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen, const EVP_MD *dgst) + const unsigned char *seed, long seedlen, const EVP_MD *dgst) { long i, outlen = 0; unsigned char cnt[4]; @@ -368,7 +368,7 @@ } } rv = 0; - err: +err: OPENSSL_cleanse(md, sizeof(md)); EVP_MD_CTX_free(c); return rv; --- crypto/openssl/crypto/rsa/rsa_ossl.c.orig +++ crypto/openssl/crypto/rsa/rsa_ossl.c @@ -19,34 +19,34 @@ #include "internal/constant_time.h" static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + unsigned char *to, RSA *rsa, int padding); static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + unsigned char *to, RSA *rsa, int padding); static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + unsigned char *to, RSA *rsa, int padding); static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + unsigned char *to, RSA *rsa, int padding); static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, - BN_CTX *ctx); + BN_CTX *ctx); static int rsa_ossl_init(RSA *rsa); static int rsa_ossl_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_ossl_meth = { "OpenSSL PKCS#1 RSA", rsa_ossl_public_encrypt, - rsa_ossl_public_decrypt, /* signature verification */ - rsa_ossl_private_encrypt, /* signing */ + rsa_ossl_public_decrypt, /* signature verification */ + rsa_ossl_private_encrypt, /* signing */ rsa_ossl_private_decrypt, rsa_ossl_mod_exp, - BN_mod_exp_mont, /* XXX probably we should not use Montgomery - * if e == 3 */ + BN_mod_exp_mont, /* XXX probably we should not use Montgomery + * if e == 3 */ rsa_ossl_init, rsa_ossl_finish, - RSA_FLAG_FIPS_METHOD, /* flags */ + RSA_FLAG_FIPS_METHOD, /* flags */ NULL, - 0, /* rsa_sign */ - 0, /* rsa_verify */ - NULL, /* rsa_keygen */ - NULL /* rsa_multi_prime_keygen */ + 0, /* rsa_sign */ + 0, /* rsa_verify */ + NULL, /* rsa_keygen */ + NULL /* rsa_multi_prime_keygen */ }; static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth; @@ -72,7 +72,7 @@ } static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) + unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret; int i, num = 0, r = -1; @@ -112,12 +112,12 @@ switch (padding) { case RSA_PKCS1_PADDING: i = ossl_rsa_padding_add_PKCS1_type_2_ex(rsa->libctx, buf, num, - from, flen); + from, flen); break; case RSA_PKCS1_OAEP_PADDING: i = ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(rsa->libctx, buf, num, - from, flen, NULL, 0, - NULL, NULL); + from, flen, NULL, 0, + NULL, NULL); break; case RSA_NO_PADDING: i = RSA_padding_add_none(buf, num, from, flen); @@ -140,11 +140,11 @@ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, - rsa->n, ctx)) + rsa->n, ctx)) goto err; if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, - rsa->_method_mod_n)) + rsa->_method_mod_n)) goto err; /* @@ -152,7 +152,7 @@ * the length of the modulus. */ r = BN_bn2binpad(ret, to, num); - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); @@ -194,13 +194,13 @@ ret = rsa->mt_blinding; } - err: +err: CRYPTO_THREAD_unlock(rsa->lock); return ret; } static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, - BN_CTX *ctx) + BN_CTX *ctx) { if (unblind == NULL) { /* @@ -224,7 +224,7 @@ } static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, - BN_CTX *ctx) + BN_CTX *ctx) { /* * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex @@ -240,7 +240,7 @@ /* signing */ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) + unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret, *res; int i, num = 0, r = -1; @@ -295,7 +295,7 @@ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, - rsa->n, ctx)) + rsa->n, ctx)) goto err; if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { @@ -315,11 +315,7 @@ goto err; } - if ((rsa->flags & RSA_FLAG_EXT_PKEY) || - (rsa->version == RSA_ASN1_VERSION_MULTI) || - ((rsa->p != NULL) && - (rsa->q != NULL) && - (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { + if ((rsa->flags & RSA_FLAG_EXT_PKEY) || (rsa->version == RSA_ASN1_VERSION_MULTI) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; } else { @@ -336,7 +332,7 @@ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, - rsa->_method_mod_n)) { + rsa->_method_mod_n)) { BN_free(d); goto err; } @@ -364,7 +360,7 @@ * the length of the modulus. */ r = BN_bn2binpad(res, to, num); - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); @@ -372,7 +368,7 @@ } static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) + unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret; int j, num = 0, r = -1; @@ -419,7 +415,7 @@ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, - rsa->n, ctx)) + rsa->n, ctx)) goto err; if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { @@ -440,11 +436,7 @@ } /* do the decrypt */ - if ((rsa->flags & RSA_FLAG_EXT_PKEY) || - (rsa->version == RSA_ASN1_VERSION_MULTI) || - ((rsa->p != NULL) && - (rsa->q != NULL) && - (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { + if ((rsa->flags & RSA_FLAG_EXT_PKEY) || (rsa->version == RSA_ASN1_VERSION_MULTI) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; } else { @@ -460,7 +452,7 @@ } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, - rsa->_method_mod_n)) { + rsa->_method_mod_n)) { BN_free(d); goto err; } @@ -500,7 +492,7 @@ err_clear_last_constant_time(1 & ~constant_time_msb(r)); #endif - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); @@ -509,7 +501,7 @@ /* signature verification */ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) + unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret; int i, num = 0, r = -1; @@ -565,11 +557,11 @@ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, - rsa->n, ctx)) + rsa->n, ctx)) goto err; if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, - rsa->_method_mod_n)) + rsa->_method_mod_n)) goto err; if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12)) @@ -597,7 +589,7 @@ if (r < 0) ERR_raise(ERR_LIB_RSA, RSA_R_PADDING_CHECK_FAILED); - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); @@ -628,7 +620,7 @@ #ifndef FIPS_MODULE if (rsa->version == RSA_ASN1_VERSION_MULTI && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0 - || ex_primes > RSA_MAX_PRIME_NUM - 2)) + || ex_primes > RSA_MAX_PRIME_NUM - 2)) goto err; #endif @@ -643,11 +635,11 @@ * BN_FLG_CONSTTIME flag */ if (!(BN_with_flags(factor, rsa->p, BN_FLG_CONSTTIME), - BN_MONT_CTX_set_locked(&rsa->_method_mod_p, rsa->lock, - factor, ctx)) + BN_MONT_CTX_set_locked(&rsa->_method_mod_p, rsa->lock, + factor, ctx)) || !(BN_with_flags(factor, rsa->q, BN_FLG_CONSTTIME), - BN_MONT_CTX_set_locked(&rsa->_method_mod_q, rsa->lock, - factor, ctx))) { + BN_MONT_CTX_set_locked(&rsa->_method_mod_q, rsa->lock, + factor, ctx))) { BN_free(factor); goto err; } @@ -668,14 +660,14 @@ smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont) #ifndef FIPS_MODULE - && (ex_primes == 0) + && (ex_primes == 0) #endif - && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p)); + && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p)); } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, - rsa->n, ctx)) + rsa->n, ctx)) goto err; if (smooth) { @@ -699,10 +691,10 @@ * r1 = r1^dmp1 mod p */ || !BN_mod_exp_mont_consttime_x2(m1, m1, rsa->dmq1, rsa->q, - rsa->_method_mod_q, - r1, r1, rsa->dmp1, rsa->p, - rsa->_method_mod_p, - ctx) + rsa->_method_mod_q, + r1, r1, rsa->dmp1, rsa->p, + rsa->_method_mod_p, + ctx) /* r1 = (r1 - m1) mod p */ /* * bn_mod_sub_fixed_top is not regular modular subtraction, @@ -715,7 +707,7 @@ /* r1 = r1 * iqmp mod p */ || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx) || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p, - ctx) + ctx) /* r0 = r1 * q + m1 */ || !bn_mul_fixed_top(r0, r1, rsa->q, ctx) || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n)) @@ -746,7 +738,7 @@ /* compute r1^dmq1 mod q */ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, - rsa->_method_mod_q)) { + rsa->_method_mod_q)) { BN_free(c); BN_free(dmq1); goto err; @@ -772,7 +764,7 @@ /* compute r1^dmp1 mod p */ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, - rsa->_method_mod_p)) { + rsa->_method_mod_p)) { BN_free(dmp1); goto err; } @@ -909,16 +901,16 @@ } #endif - tail: +tail: if (rsa->e && rsa->n) { if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) { if (!BN_mod_exp_mont(vrfy, r0, rsa->e, rsa->n, ctx, - rsa->_method_mod_n)) + rsa->_method_mod_n)) goto err; } else { bn_correct_top(r0); if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, - rsa->_method_mod_n)) + rsa->_method_mod_n)) goto err; } /* @@ -932,7 +924,7 @@ if (BN_is_zero(vrfy)) { bn_correct_top(r0); ret = 1; - goto err; /* not actually error */ + goto err; /* not actually error */ } if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; @@ -952,7 +944,7 @@ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, - rsa->_method_mod_n)) { + rsa->_method_mod_n)) { BN_free(d); goto err; } @@ -970,7 +962,7 @@ */ bn_correct_top(r0); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } --- crypto/openssl/crypto/rsa/rsa_pk1.c.orig +++ crypto/openssl/crypto/rsa/rsa_pk1.c @@ -26,7 +26,7 @@ #include "rsa_local.h" int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *from, int flen) + const unsigned char *from, int flen) { int j; unsigned char *p; @@ -39,7 +39,7 @@ p = (unsigned char *)to; *(p++) = 0; - *(p++) = 1; /* Private Key BT (Block Type) */ + *(p++) = 1; /* Private Key BT (Block Type) */ /* pad out with 0xff data */ j = tlen - 3 - flen; @@ -51,8 +51,8 @@ } int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - int num) + const unsigned char *from, int flen, + int num) { int i, j; const unsigned char *p; @@ -84,9 +84,9 @@ } /* scan over padding data */ - j = flen - 1; /* one for type. */ + j = flen - 1; /* one for type. */ for (i = 0; i < j; i++) { - if (*p != 0xff) { /* should decrypt to 0xff */ + if (*p != 0xff) { /* should decrypt to 0xff */ if (*p == 0) { p++; break; @@ -107,7 +107,7 @@ ERR_raise(ERR_LIB_RSA, RSA_R_BAD_PAD_BYTE_COUNT); return -1; } - i++; /* Skip over the '\0' */ + i++; /* Skip over the '\0' */ j -= i; if (j > tlen) { ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE); @@ -119,8 +119,8 @@ } int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to, - int tlen, const unsigned char *from, - int flen) + int tlen, const unsigned char *from, + int flen) { int i, j; unsigned char *p; @@ -136,7 +136,7 @@ p = (unsigned char *)to; *(p++) = 0; - *(p++) = 2; /* Public Key BT (Block Type) */ + *(p++) = 2; /* Public Key BT (Block Type) */ /* pad out with non-zero random data */ j = tlen - 3 - flen; @@ -159,14 +159,14 @@ } int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *from, int flen) + const unsigned char *from, int flen) { return ossl_rsa_padding_add_PKCS1_type_2_ex(NULL, to, tlen, from, flen); } int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *from, int flen, - int num) + const unsigned char *from, int flen, + int num) { int i; /* |em| is the encoded message, zero-padded to exactly |num| bytes */ @@ -214,7 +214,7 @@ unsigned int equals0 = constant_time_is_zero(em[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, - i, zero_index); + i, zero_index); found_zero_byte |= equals0; } @@ -248,7 +248,7 @@ * The loop below has overall complexity of O(N*log(N)). */ tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), - num - RSA_PKCS1_PADDING_SIZE, tlen); + num - RSA_PKCS1_PADDING_SIZE, tlen); for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) @@ -295,10 +295,10 @@ * https://tools.ietf.org/html/rfc5246#section-7.4.7.1). */ int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *libctx, - unsigned char *to, size_t tlen, - const unsigned char *from, - size_t flen, int client_version, - int alt_version) + unsigned char *to, size_t tlen, + const unsigned char *from, + size_t flen, int client_version, + int alt_version) { unsigned int i, good, version_good; unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; @@ -308,7 +308,7 @@ * we've been called incorrectly. We can fail immediately. */ if (flen < RSA_PKCS1_PADDING_SIZE + SSL_MAX_MASTER_KEY_LENGTH - || tlen < SSL_MAX_MASTER_KEY_LENGTH) { + || tlen < SSL_MAX_MASTER_KEY_LENGTH) { ERR_raise(ERR_LIB_RSA, RSA_R_PKCS_DECODING_ERROR); return -1; } @@ -318,7 +318,8 @@ * to decrypt. */ if (RAND_priv_bytes_ex(libctx, rand_premaster_secret, - sizeof(rand_premaster_secret), 0) <= 0) { + sizeof(rand_premaster_secret), 0) + <= 0) { ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); return -1; } @@ -331,7 +332,6 @@ good &= ~constant_time_is_zero_8(from[i]); good &= constant_time_is_zero_8(from[flen - SSL_MAX_MASTER_KEY_LENGTH - 1]); - /* * If the version in the decrypted pre-master secret is correct then * version_good will be 0xff, otherwise it'll be zero. The @@ -340,12 +340,10 @@ * check as a "bad version oracle". Thus version checks are done in * constant time and are treated like any other decryption error. */ - version_good = - constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH], - (client_version >> 8) & 0xff); - version_good &= - constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH + 1], - client_version & 0xff); + version_good = constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH], + (client_version >> 8) & 0xff); + version_good &= constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH + 1], + client_version & 0xff); /* * The premaster secret must contain the same version number as the @@ -360,27 +358,23 @@ if (alt_version > 0) { unsigned int workaround_good; - workaround_good = - constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH], - (alt_version >> 8) & 0xff); - workaround_good &= - constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH + 1], - alt_version & 0xff); + workaround_good = constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH], + (alt_version >> 8) & 0xff); + workaround_good &= constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH + 1], + alt_version & 0xff); version_good |= workaround_good; } good &= version_good; - /* * Now copy the result over to the to buffer if good, or random data if * not good. */ for (i = 0; i < SSL_MAX_MASTER_KEY_LENGTH; i++) { - to[i] = - constant_time_select_8(good, - from[flen - SSL_MAX_MASTER_KEY_LENGTH + i], - rand_premaster_secret[i]); + to[i] = constant_time_select_8(good, + from[flen - SSL_MAX_MASTER_KEY_LENGTH + i], + rand_premaster_secret[i]); } /* --- crypto/openssl/crypto/rsa/rsa_pmeth.c.orig +++ crypto/openssl/crypto/rsa/rsa_pmeth.c @@ -111,8 +111,7 @@ { if (ctx->tbuf != NULL) return 1; - if ((ctx->tbuf = - OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pk->pkey)))) == NULL) { + if ((ctx->tbuf = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pk->pkey)))) == NULL) { ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); return 0; } @@ -131,8 +130,8 @@ } static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) + size_t *siglen, const unsigned char *tbs, + size_t tbslen) { int ret; RSA_PKEY_CTX *rctx = ctx->data; @@ -170,11 +169,11 @@ memcpy(rctx->tbuf, tbs, tbslen); rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_get_type(rctx->md)); ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, - sig, rsa, RSA_X931_PADDING); + sig, rsa, RSA_X931_PADDING); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { unsigned int sltmp; ret = RSA_sign(EVP_MD_get_type(rctx->md), - tbs, tbslen, sig, &sltmp, rsa); + tbs, tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; ret = sltmp; @@ -182,12 +181,12 @@ if (!setup_tbuf(rctx, ctx)) return -1; if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, - rctx->tbuf, tbs, - rctx->md, rctx->mgf1md, - rctx->saltlen)) + rctx->tbuf, tbs, + rctx->md, rctx->mgf1md, + rctx->saltlen)) return -1; ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, - sig, rsa, RSA_NO_PADDING); + sig, rsa, RSA_NO_PADDING); } else { return -1; } @@ -201,8 +200,8 @@ } static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen) + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen) { int ret; RSA_PKEY_CTX *rctx = ctx->data; @@ -218,7 +217,7 @@ if (!setup_tbuf(rctx, ctx)) return -1; ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, - RSA_X931_PADDING); + RSA_X931_PADDING); if (ret < 1) return 0; ret--; @@ -235,8 +234,8 @@ } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { size_t sltmp; ret = ossl_rsa_verify(EVP_MD_get_type(rctx->md), - NULL, 0, rout, &sltmp, - sig, siglen, rsa); + NULL, 0, rout, &sltmp, + sig, siglen, rsa); if (ret <= 0) return 0; ret = sltmp; @@ -253,8 +252,8 @@ } static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) { RSA_PKEY_CTX *rctx = ctx->data; /* @@ -268,7 +267,7 @@ if (rctx->md) { if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_get_type(rctx->md), tbs, tbslen, - sig, siglen, rsa); + sig, siglen, rsa); if (tbslen != (size_t)EVP_MD_get_size(rctx->md)) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -281,12 +280,12 @@ if (!setup_tbuf(rctx, ctx)) return -1; ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, - rsa, RSA_NO_PADDING); + rsa, RSA_NO_PADDING); if (ret <= 0) return 0; ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, - rctx->md, rctx->mgf1md, - rctx->tbuf, rctx->saltlen); + rctx->md, rctx->mgf1md, + rctx->tbuf, rctx->saltlen); if (ret <= 0) return 0; return 1; @@ -297,7 +296,7 @@ if (!setup_tbuf(rctx, ctx)) return -1; rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, - rsa, rctx->pad_mode); + rsa, rctx->pad_mode); if (rslen == 0) return 0; } @@ -306,12 +305,11 @@ return 0; return 1; - } static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) { int ret; RSA_PKEY_CTX *rctx = ctx->data; @@ -327,10 +325,10 @@ if (!setup_tbuf(rctx, ctx)) return -1; if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen, - in, inlen, - rctx->oaep_label, - rctx->oaep_labellen, - rctx->md, rctx->mgf1md)) + in, inlen, + rctx->oaep_label, + rctx->oaep_labellen, + rctx->md, rctx->mgf1md)) return -1; ret = RSA_public_encrypt(klen, rctx->tbuf, out, rsa, RSA_NO_PADDING); } else { @@ -343,8 +341,8 @@ } static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) { int ret; RSA_PKEY_CTX *rctx = ctx->data; @@ -362,10 +360,10 @@ if (ret <= 0) return ret; ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf, - ret, ret, - rctx->oaep_label, - rctx->oaep_labellen, - rctx->md, rctx->mgf1md); + ret, ret, + rctx->oaep_label, + rctx->oaep_labellen, + rctx->md, rctx->mgf1md); } else { ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode); } @@ -394,7 +392,7 @@ return 0; } } else { - switch(mdnid) { + switch (mdnid) { /* List of all supported RSA digests */ case NID_sha1: case NID_sha224: @@ -418,7 +416,6 @@ default: ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST); return 0; - } } @@ -435,8 +432,7 @@ if (!check_padding_md(rctx->md, p1)) return 0; if (p1 == RSA_PKCS1_PSS_PADDING) { - if (!(ctx->operation & - (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) + if (!(ctx->operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) goto bad_pad; if (!rctx->md) rctx->md = EVP_sha1(); @@ -452,7 +448,7 @@ rctx->pad_mode = p1; return 1; } - bad_pad: + bad_pad: ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); return -2; @@ -478,7 +474,7 @@ return -2; } if ((p1 == RSA_PSS_SALTLEN_DIGEST - && rctx->min_saltlen > EVP_MD_get_size(rctx->md)) + && rctx->min_saltlen > EVP_MD_get_size(rctx->md)) || (p1 >= 0 && p1 < rctx->min_saltlen)) { ERR_raise(ERR_LIB_RSA, RSA_R_PSS_SALTLEN_TOO_SMALL); return 0; @@ -596,7 +592,7 @@ #ifndef OPENSSL_NO_CMS case EVP_PKEY_CTRL_CMS_SIGN: #endif - return 1; + return 1; case EVP_PKEY_CTRL_PKCS7_ENCRYPT: case EVP_PKEY_CTRL_PKCS7_DECRYPT: @@ -604,8 +600,8 @@ case EVP_PKEY_CTRL_CMS_DECRYPT: case EVP_PKEY_CTRL_CMS_ENCRYPT: #endif - if (!pkey_ctx_is_pss(ctx)) - return 1; + if (!pkey_ctx_is_pss(ctx)) + return 1; /* fall through */ case EVP_PKEY_CTRL_PEER_KEY: ERR_raise(ERR_LIB_RSA, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); @@ -613,12 +609,11 @@ default: return -2; - } } static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) + const char *type, const char *value) { if (value == NULL) { ERR_raise(ERR_LIB_RSA, RSA_R_VALUE_MISSING); @@ -685,18 +680,18 @@ if (strcmp(type, "rsa_mgf1_md") == 0) return EVP_PKEY_CTX_md(ctx, - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, value); + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_RSA_MGF1_MD, value); if (pkey_ctx_is_pss(ctx)) { if (strcmp(type, "rsa_pss_keygen_mgf1_md") == 0) return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_MGF1_MD, value); + EVP_PKEY_CTRL_RSA_MGF1_MD, value); if (strcmp(type, "rsa_pss_keygen_md") == 0) return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_MD, value); + EVP_PKEY_CTRL_MD, value); if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) { int saltlen = atoi(value); @@ -707,7 +702,7 @@ if (strcmp(type, "rsa_oaep_md") == 0) return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_MD, value); + EVP_PKEY_CTRL_RSA_OAEP_MD, value); if (strcmp(type, "rsa_oaep_label") == 0) { unsigned char *lab; @@ -737,8 +732,9 @@ if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2) return 1; rsa->pss = ossl_rsa_pss_params_create(rctx->md, rctx->mgf1md, - rctx->saltlen == -2 - ? 0 : rctx->saltlen); + rctx->saltlen == -2 + ? 0 + : rctx->saltlen); if (rsa->pss == NULL) return 0; return 1; @@ -770,7 +766,7 @@ pcb = NULL; } ret = RSA_generate_multi_prime_key(rsa, rctx->nbits, rctx->primes, - rctx->pub_exp, pcb); + rctx->pub_exp, pcb); BN_GENCB_free(pcb); if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) { RSA_free(rsa); --- crypto/openssl/crypto/rsa/rsa_pss.c.orig +++ crypto/openssl/crypto/rsa/rsa_pss.c @@ -25,19 +25,19 @@ static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; #if defined(_MSC_VER) && defined(_ARM_) -# pragma optimize("g", off) +#pragma optimize("g", off) #endif int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, const unsigned char *EM, - int sLen) + const EVP_MD *Hash, const unsigned char *EM, + int sLen) { return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen); } int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - const unsigned char *EM, int sLen) + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen) { int i; int ret = 0; @@ -107,15 +107,16 @@ DB[i] ^= EM[i]; if (MSBits) DB[0] &= 0xFF >> (8 - MSBits); - for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ; + for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) + ; if (DB[i++] != 0x1) { ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED); goto err; } if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) { ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED, - "expected: %d retrieved: %d", sLen, - maskedDBLen - i); + "expected: %d retrieved: %d", sLen, + maskedDBLen - i); goto err; } if (!EVP_DigestInit_ex(ctx, Hash, NULL) @@ -135,25 +136,24 @@ ret = 1; } - err: +err: OPENSSL_free(DB); EVP_MD_CTX_free(ctx); return ret; - } int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, - const EVP_MD *Hash, int sLen) + const unsigned char *mHash, + const EVP_MD *Hash, int sLen) { return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen); } int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - int sLen) + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen) { int i; int ret = 0; @@ -247,12 +247,11 @@ ret = 1; - err: +err: EVP_MD_CTX_free(ctx); OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */ return ret; - } /* @@ -278,13 +277,13 @@ * } */ static const RSA_PSS_PARAMS_30 default_RSASSA_PSS_params = { - NID_sha1, /* default hashAlgorithm */ + NID_sha1, /* default hashAlgorithm */ { - NID_mgf1, /* default maskGenAlgorithm */ - NID_sha1 /* default MGF1 hash */ + NID_mgf1, /* default maskGenAlgorithm */ + NID_sha1 /* default MGF1 hash */ }, - 20, /* default saltLength */ - 1 /* default trailerField (0xBC) */ + 20, /* default saltLength */ + 1 /* default trailerField (0xBC) */ }; int ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params) @@ -297,22 +296,25 @@ int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params) { - static RSA_PSS_PARAMS_30 pss_params_cmp = { 0, }; + static RSA_PSS_PARAMS_30 pss_params_cmp = { + 0, + }; return rsa_pss_params == NULL || memcmp(rsa_pss_params, &pss_params_cmp, - sizeof(*rsa_pss_params)) == 0; + sizeof(*rsa_pss_params)) + == 0; } int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, - const RSA_PSS_PARAMS_30 *from) + const RSA_PSS_PARAMS_30 *from) { memcpy(to, from, sizeof(*to)); return 1; } int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int hashalg_nid) + int hashalg_nid) { if (rsa_pss_params == NULL) return 0; @@ -321,7 +323,7 @@ } int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int maskgenalg_nid) + int maskgenalg_nid) { if (rsa_pss_params == NULL) return 0; @@ -330,7 +332,7 @@ } int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int maskgenhashalg_nid) + int maskgenhashalg_nid) { if (rsa_pss_params == NULL) return 0; @@ -339,7 +341,7 @@ } int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, - int saltlen) + int saltlen) { if (rsa_pss_params == NULL) return 0; @@ -348,7 +350,7 @@ } int ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params, - int trailerfield) + int trailerfield) { if (rsa_pss_params == NULL) return 0; @@ -392,5 +394,5 @@ } #if defined(_MSC_VER) -# pragma optimize("",on) +#pragma optimize("", on) #endif --- crypto/openssl/crypto/rsa/rsa_saos.c.orig +++ crypto/openssl/crypto/rsa/rsa_saos.c @@ -21,9 +21,9 @@ #include int RSA_sign_ASN1_OCTET_STRING(int type, - const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, - RSA *rsa) + const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa) { ASN1_OCTET_STRING sig; int i, j, ret = 1; @@ -57,9 +57,9 @@ } int RSA_verify_ASN1_OCTET_STRING(int dtype, - const unsigned char *m, - unsigned int m_len, unsigned char *sigbuf, - unsigned int siglen, RSA *rsa) + const unsigned char *m, + unsigned int m_len, unsigned char *sigbuf, + unsigned int siglen, RSA *rsa) { int i, ret = 0; unsigned char *s; @@ -86,13 +86,12 @@ if (sig == NULL) goto err; - if (((unsigned int)sig->length != m_len) || - (memcmp(m, sig->data, m_len) != 0)) { + if (((unsigned int)sig->length != m_len) || (memcmp(m, sig->data, m_len) != 0)) { ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); } else { ret = 1; } - err: +err: ASN1_OCTET_STRING_free(sig); OPENSSL_clear_free(s, (unsigned int)siglen); return ret; --- crypto/openssl/crypto/rsa/rsa_schemes.c.orig +++ crypto/openssl/crypto/rsa/rsa_schemes.c @@ -15,8 +15,8 @@ #include "crypto/rsa.h" static int meth2nid(const void *meth, - int (*meth_is_a)(const void *meth, const char *name), - const OSSL_ITEM *items, size_t items_n) + int (*meth_is_a)(const void *meth, const char *name), + const OSSL_ITEM *items, size_t items_n) { size_t i; @@ -38,7 +38,7 @@ } /* - * The list of permitted hash functions are taken from + * The list of permitted hash functions are taken from * https://tools.ietf.org/html/rfc8017#appendix-A.2.1: * * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { @@ -53,13 +53,13 @@ * } */ static const OSSL_ITEM oaeppss_name_nid_map[] = { - { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, - { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, - { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, - { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, - { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, - { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 }, - { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 }, + { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, + { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, + { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, + { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, + { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, + { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 }, + { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 }, }; static int md_is_a(const void *md, const char *name) @@ -70,7 +70,7 @@ int ossl_rsa_oaeppss_md2nid(const EVP_MD *md) { return meth2nid(md, md_is_a, - oaeppss_name_nid_map, OSSL_NELEM(oaeppss_name_nid_map)); + oaeppss_name_nid_map, OSSL_NELEM(oaeppss_name_nid_map)); } const char *ossl_rsa_oaeppss_nid2name(int md) --- crypto/openssl/crypto/rsa/rsa_sign.c.orig +++ crypto/openssl/crypto/rsa/rsa_sign.c @@ -19,21 +19,21 @@ #include #include #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_MD2 -# include /* uses MD2_DIGEST_LENGTH */ -# endif -# ifndef OPENSSL_NO_MD4 -# include /* uses MD4_DIGEST_LENGTH */ -# endif -# ifndef OPENSSL_NO_MD5 -# include /* uses MD5_DIGEST_LENGTH */ -# endif -# ifndef OPENSSL_NO_MDC2 -# include /* uses MDC2_DIGEST_LENGTH */ -# endif -# ifndef OPENSSL_NO_RMD160 -# include /* uses RIPEMD160_DIGEST_LENGTH */ -# endif +#ifndef OPENSSL_NO_MD2 +#include /* uses MD2_DIGEST_LENGTH */ +#endif +#ifndef OPENSSL_NO_MD4 +#include /* uses MD4_DIGEST_LENGTH */ +#endif +#ifndef OPENSSL_NO_MD5 +#include /* uses MD5_DIGEST_LENGTH */ +#endif +#ifndef OPENSSL_NO_MDC2 +#include /* uses MDC2_DIGEST_LENGTH */ +#endif +#ifndef OPENSSL_NO_RMD160 +#include /* uses RIPEMD160_DIGEST_LENGTH */ +#endif #endif #include /* uses SHA???_DIGEST_LENGTH */ #include "crypto/rsa.h" @@ -74,64 +74,64 @@ #define ASN1_OID 0x06 /* SHA OIDs are of the form: (2 16 840 1 101 3 4 2 |n|) */ -#define ENCODE_DIGESTINFO_SHA(name, n, sz) \ -static const unsigned char digestinfo_##name##_der[] = { \ - ASN1_SEQUENCE, 0x11 + sz, \ - ASN1_SEQUENCE, 0x0d, \ - ASN1_OID, 0x09, 2 * 40 + 16, 0x86, 0x48, 1, 101, 3, 4, 2, n, \ - ASN1_NULL, 0x00, \ - ASN1_OCTET_STRING, sz \ -}; +#define ENCODE_DIGESTINFO_SHA(name, n, sz) \ + static const unsigned char digestinfo_##name##_der[] = { \ + ASN1_SEQUENCE, 0x11 + sz, \ + ASN1_SEQUENCE, 0x0d, \ + ASN1_OID, 0x09, 2 * 40 + 16, 0x86, 0x48, 1, 101, 3, 4, 2, n, \ + ASN1_NULL, 0x00, \ + ASN1_OCTET_STRING, sz \ + }; /* MD2, MD4 and MD5 OIDs are of the form: (1 2 840 113549 2 |n|) */ -#define ENCODE_DIGESTINFO_MD(name, n, sz) \ -static const unsigned char digestinfo_##name##_der[] = { \ - ASN1_SEQUENCE, 0x10 + sz, \ - ASN1_SEQUENCE, 0x0c, \ - ASN1_OID, 0x08, 1 * 40 + 2, 0x86, 0x48, 0x86, 0xf7, 0x0d, 2, n, \ - ASN1_NULL, 0x00, \ - ASN1_OCTET_STRING, sz \ -}; +#define ENCODE_DIGESTINFO_MD(name, n, sz) \ + static const unsigned char digestinfo_##name##_der[] = { \ + ASN1_SEQUENCE, 0x10 + sz, \ + ASN1_SEQUENCE, 0x0c, \ + ASN1_OID, 0x08, 1 * 40 + 2, 0x86, 0x48, 0x86, 0xf7, 0x0d, 2, n, \ + ASN1_NULL, 0x00, \ + ASN1_OCTET_STRING, sz \ + }; #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_MD2 +#ifndef OPENSSL_NO_MD2 ENCODE_DIGESTINFO_MD(md2, 0x02, MD2_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD4 +#endif +#ifndef OPENSSL_NO_MD4 ENCODE_DIGESTINFO_MD(md4, 0x03, MD4_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD5 +#endif +#ifndef OPENSSL_NO_MD5 ENCODE_DIGESTINFO_MD(md5, 0x05, MD5_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_MDC2 /* MDC-2 (2 5 8 3 101) */ static const unsigned char digestinfo_mdc2_der[] = { ASN1_SEQUENCE, 0x0c + MDC2_DIGEST_LENGTH, - ASN1_SEQUENCE, 0x08, - ASN1_OID, 0x04, 2 * 40 + 5, 8, 3, 101, - ASN1_NULL, 0x00, - ASN1_OCTET_STRING, MDC2_DIGEST_LENGTH + ASN1_SEQUENCE, 0x08, + ASN1_OID, 0x04, 2 * 40 + 5, 8, 3, 101, + ASN1_NULL, 0x00, + ASN1_OCTET_STRING, MDC2_DIGEST_LENGTH }; -# endif -# ifndef OPENSSL_NO_RMD160 +#endif +#ifndef OPENSSL_NO_RMD160 /* RIPEMD160 (1 3 36 3 2 1) */ static const unsigned char digestinfo_ripemd160_der[] = { ASN1_SEQUENCE, 0x0d + RIPEMD160_DIGEST_LENGTH, - ASN1_SEQUENCE, 0x09, - ASN1_OID, 0x05, 1 * 40 + 3, 36, 3, 2, 1, - ASN1_NULL, 0x00, - ASN1_OCTET_STRING, RIPEMD160_DIGEST_LENGTH + ASN1_SEQUENCE, 0x09, + ASN1_OID, 0x05, 1 * 40 + 3, 36, 3, 2, 1, + ASN1_NULL, 0x00, + ASN1_OCTET_STRING, RIPEMD160_DIGEST_LENGTH }; -# endif +#endif #endif /* FIPS_MODULE */ /* SHA-1 (1 3 14 3 2 26) */ static const unsigned char digestinfo_sha1_der[] = { ASN1_SEQUENCE, 0x0d + SHA_DIGEST_LENGTH, - ASN1_SEQUENCE, 0x09, - ASN1_OID, 0x05, 1 * 40 + 3, 14, 3, 2, 26, - ASN1_NULL, 0x00, - ASN1_OCTET_STRING, SHA_DIGEST_LENGTH + ASN1_SEQUENCE, 0x09, + ASN1_OID, 0x05, 1 * 40 + 3, 14, 3, 2, 26, + ASN1_NULL, 0x00, + ASN1_OCTET_STRING, SHA_DIGEST_LENGTH }; ENCODE_DIGESTINFO_SHA(sha256, 0x01, SHA256_DIGEST_LENGTH) @@ -145,90 +145,89 @@ ENCODE_DIGESTINFO_SHA(sha3_384, 0x09, SHA384_DIGEST_LENGTH) ENCODE_DIGESTINFO_SHA(sha3_512, 0x0a, SHA512_DIGEST_LENGTH) -#define MD_CASE(name) \ - case NID_##name: \ - *len = sizeof(digestinfo_##name##_der); \ +#define MD_CASE(name) \ + case NID_##name: \ + *len = sizeof(digestinfo_##name##_der); \ return digestinfo_##name##_der; const unsigned char *ossl_rsa_digestinfo_encoding(int md_nid, size_t *len) { switch (md_nid) { #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_MDC2 - MD_CASE(mdc2) -# endif -# ifndef OPENSSL_NO_MD2 - MD_CASE(md2) -# endif -# ifndef OPENSSL_NO_MD4 - MD_CASE(md4) -# endif -# ifndef OPENSSL_NO_MD5 - MD_CASE(md5) -# endif -# ifndef OPENSSL_NO_RMD160 - MD_CASE(ripemd160) -# endif +#ifndef OPENSSL_NO_MDC2 + MD_CASE(mdc2) +#endif +#ifndef OPENSSL_NO_MD2 + MD_CASE(md2) +#endif +#ifndef OPENSSL_NO_MD4 + MD_CASE(md4) +#endif +#ifndef OPENSSL_NO_MD5 + MD_CASE(md5) +#endif +#ifndef OPENSSL_NO_RMD160 + MD_CASE(ripemd160) +#endif #endif /* FIPS_MODULE */ - MD_CASE(sha1) - MD_CASE(sha224) - MD_CASE(sha256) - MD_CASE(sha384) - MD_CASE(sha512) - MD_CASE(sha512_224) - MD_CASE(sha512_256) - MD_CASE(sha3_224) - MD_CASE(sha3_256) - MD_CASE(sha3_384) - MD_CASE(sha3_512) + MD_CASE(sha1) + MD_CASE(sha224) + MD_CASE(sha256) + MD_CASE(sha384) + MD_CASE(sha512) + MD_CASE(sha512_224) + MD_CASE(sha512_256) + MD_CASE(sha3_224) + MD_CASE(sha3_256) + MD_CASE(sha3_384) + MD_CASE(sha3_512) default: return NULL; } } -#define MD_NID_CASE(name, sz) \ - case NID_##name: \ +#define MD_NID_CASE(name, sz) \ + case NID_##name: \ return sz; static int digest_sz_from_nid(int nid) { switch (nid) { #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_MDC2 - MD_NID_CASE(mdc2, MDC2_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD2 - MD_NID_CASE(md2, MD2_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD4 - MD_NID_CASE(md4, MD4_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD5 - MD_NID_CASE(md5, MD5_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_RMD160 - MD_NID_CASE(ripemd160, RIPEMD160_DIGEST_LENGTH) -# endif +#ifndef OPENSSL_NO_MDC2 + MD_NID_CASE(mdc2, MDC2_DIGEST_LENGTH) +#endif +#ifndef OPENSSL_NO_MD2 + MD_NID_CASE(md2, MD2_DIGEST_LENGTH) +#endif +#ifndef OPENSSL_NO_MD4 + MD_NID_CASE(md4, MD4_DIGEST_LENGTH) +#endif +#ifndef OPENSSL_NO_MD5 + MD_NID_CASE(md5, MD5_DIGEST_LENGTH) +#endif +#ifndef OPENSSL_NO_RMD160 + MD_NID_CASE(ripemd160, RIPEMD160_DIGEST_LENGTH) +#endif #endif /* FIPS_MODULE */ - MD_NID_CASE(sha1, SHA_DIGEST_LENGTH) - MD_NID_CASE(sha224, SHA224_DIGEST_LENGTH) - MD_NID_CASE(sha256, SHA256_DIGEST_LENGTH) - MD_NID_CASE(sha384, SHA384_DIGEST_LENGTH) - MD_NID_CASE(sha512, SHA512_DIGEST_LENGTH) - MD_NID_CASE(sha512_224, SHA224_DIGEST_LENGTH) - MD_NID_CASE(sha512_256, SHA256_DIGEST_LENGTH) - MD_NID_CASE(sha3_224, SHA224_DIGEST_LENGTH) - MD_NID_CASE(sha3_256, SHA256_DIGEST_LENGTH) - MD_NID_CASE(sha3_384, SHA384_DIGEST_LENGTH) - MD_NID_CASE(sha3_512, SHA512_DIGEST_LENGTH) + MD_NID_CASE(sha1, SHA_DIGEST_LENGTH) + MD_NID_CASE(sha224, SHA224_DIGEST_LENGTH) + MD_NID_CASE(sha256, SHA256_DIGEST_LENGTH) + MD_NID_CASE(sha384, SHA384_DIGEST_LENGTH) + MD_NID_CASE(sha512, SHA512_DIGEST_LENGTH) + MD_NID_CASE(sha512_224, SHA224_DIGEST_LENGTH) + MD_NID_CASE(sha512_256, SHA256_DIGEST_LENGTH) + MD_NID_CASE(sha3_224, SHA224_DIGEST_LENGTH) + MD_NID_CASE(sha3_256, SHA256_DIGEST_LENGTH) + MD_NID_CASE(sha3_384, SHA384_DIGEST_LENGTH) + MD_NID_CASE(sha3_512, SHA512_DIGEST_LENGTH) default: return 0; } } - /* Size of an SSL signature: MD5+SHA1 */ -#define SSL_SIG_LENGTH 36 +#define SSL_SIG_LENGTH 36 /* * Encodes a DigestInfo prefix of hash |type| and digest |m|, as @@ -240,7 +239,7 @@ * |*out| with OPENSSL_free(). Otherwise, it returns zero. */ static int encode_pkcs1(unsigned char **out, size_t *out_len, int type, - const unsigned char *m, size_t m_len) + const unsigned char *m, size_t m_len) { size_t di_prefix_len, dig_info_len; const unsigned char *di_prefix; @@ -253,7 +252,7 @@ di_prefix = ossl_rsa_digestinfo_encoding(type, &di_prefix_len); if (di_prefix == NULL) { ERR_raise(ERR_LIB_RSA, - RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); return 0; } dig_info_len = di_prefix_len + m_len; @@ -271,7 +270,7 @@ } int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) + unsigned char *sigret, unsigned int *siglen, RSA *rsa) { int encrypt_len, ret = 0; size_t encoded_len = 0; @@ -307,7 +306,7 @@ goto err; } encrypt_len = RSA_private_encrypt((int)encoded_len, encoded, sigret, rsa, - RSA_PKCS1_PADDING); + RSA_PKCS1_PADDING); if (encrypt_len <= 0) goto err; @@ -329,8 +328,8 @@ * It returns one on successful verification or zero otherwise. */ int ossl_rsa_verify(int type, const unsigned char *m, unsigned int m_len, - unsigned char *rm, size_t *prm_len, - const unsigned char *sigbuf, size_t siglen, RSA *rsa) + unsigned char *rm, size_t *prm_len, + const unsigned char *sigbuf, size_t siglen, RSA *rsa) { int len, ret = 0; size_t decrypt_len, encoded_len = 0; @@ -349,7 +348,7 @@ } len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa, - RSA_PKCS1_PADDING); + RSA_PKCS1_PADDING); if (len <= 0) goto err; decrypt_len = len; @@ -381,7 +380,7 @@ } } } else if (type == NID_mdc2 && decrypt_len == 2 + 16 - && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) { + && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) { /* * Oddball MDC2 case: signature can be OCTET STRING. check for correct * tag and length octets. @@ -426,7 +425,7 @@ goto err; if (encoded_len != decrypt_len - || memcmp(encoded, decrypt_buf, encoded_len) != 0) { + || memcmp(encoded, decrypt_buf, encoded_len) != 0) { ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); goto err; } @@ -447,7 +446,7 @@ } int RSA_verify(int type, const unsigned char *m, unsigned int m_len, - const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { if (rsa->meth->rsa_verify != NULL) --- crypto/openssl/crypto/rsa/rsa_sp800_56b_check.c.orig +++ crypto/openssl/crypto/rsa/rsa_sp800_56b_check.c @@ -46,30 +46,30 @@ ret = 0; } ret = ret - /* p1 = p -1 */ - && (BN_copy(p1, rsa->p) != NULL) - && BN_sub_word(p1, 1) - /* q1 = q - 1 */ - && (BN_copy(q1, rsa->q) != NULL) - && BN_sub_word(q1, 1) - /* (a) 1 < dP < (p – 1). */ - && (BN_cmp(rsa->dmp1, BN_value_one()) > 0) - && (BN_cmp(rsa->dmp1, p1) < 0) - /* (b) 1 < dQ < (q - 1). */ - && (BN_cmp(rsa->dmq1, BN_value_one()) > 0) - && (BN_cmp(rsa->dmq1, q1) < 0) - /* (c) 1 < qInv < p */ - && (BN_cmp(rsa->iqmp, BN_value_one()) > 0) - && (BN_cmp(rsa->iqmp, rsa->p) < 0) - /* (d) 1 = (dP . e) mod (p - 1)*/ - && BN_mod_mul(r, rsa->dmp1, rsa->e, p1, ctx) - && BN_is_one(r) - /* (e) 1 = (dQ . e) mod (q - 1) */ - && BN_mod_mul(r, rsa->dmq1, rsa->e, q1, ctx) - && BN_is_one(r) - /* (f) 1 = (qInv . q) mod p */ - && BN_mod_mul(r, rsa->iqmp, rsa->q, rsa->p, ctx) - && BN_is_one(r); + /* p1 = p -1 */ + && (BN_copy(p1, rsa->p) != NULL) + && BN_sub_word(p1, 1) + /* q1 = q - 1 */ + && (BN_copy(q1, rsa->q) != NULL) + && BN_sub_word(q1, 1) + /* (a) 1 < dP < (p – 1). */ + && (BN_cmp(rsa->dmp1, BN_value_one()) > 0) + && (BN_cmp(rsa->dmp1, p1) < 0) + /* (b) 1 < dQ < (q - 1). */ + && (BN_cmp(rsa->dmq1, BN_value_one()) > 0) + && (BN_cmp(rsa->dmq1, q1) < 0) + /* (c) 1 < qInv < p */ + && (BN_cmp(rsa->iqmp, BN_value_one()) > 0) + && (BN_cmp(rsa->iqmp, rsa->p) < 0) + /* (d) 1 = (dP . e) mod (p - 1)*/ + && BN_mod_mul(r, rsa->dmp1, rsa->e, p1, ctx) + && BN_is_one(r) + /* (e) 1 = (dQ . e) mod (q - 1) */ + && BN_mod_mul(r, rsa->dmq1, rsa->e, q1, ctx) + && BN_is_one(r) + /* (f) 1 = (qInv . q) mod p */ + && BN_mod_mul(r, rsa->iqmp, rsa->q, rsa->p, ctx) + && BN_is_one(r); BN_clear(r); BN_clear(p1); BN_clear(q1); @@ -140,8 +140,8 @@ /* (Steps 5 a-b) prime test */ if (BN_check_prime(p, ctx, NULL) != 1 - /* (Step 5c) (√2)(2^(nbits/2 - 1) <= p <= 2^(nbits/2 - 1) */ - || ossl_rsa_check_prime_factor_range(p, nbits, ctx) != 1) + /* (Step 5c) (√2)(2^(nbits/2 - 1) <= p <= 2^(nbits/2 - 1) */ + || ossl_rsa_check_prime_factor_range(p, nbits, ctx) != 1) return 0; BN_CTX_start(ctx); @@ -155,11 +155,11 @@ ret = 0; } ret = ret - /* (Step 5d) GCD(p-1, e) = 1 */ - && (BN_copy(p1, p) != NULL) - && BN_sub_word(p1, 1) - && BN_gcd(gcd, p1, e, ctx) - && BN_is_one(gcd); + /* (Step 5d) GCD(p-1, e) = 1 */ + && (BN_copy(p1, p) != NULL) + && BN_sub_word(p1, 1) + && BN_gcd(gcd, p1, e, ctx) + && BN_is_one(gcd); BN_clear(p1); BN_CTX_end(ctx); @@ -200,14 +200,15 @@ ret = 0; } ret = (ret - /* LCM(p - 1, q - 1) */ - && (ossl_rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, - p1q1) == 1) - /* (Step 6a) d < LCM(p - 1, q - 1) */ - && (BN_cmp(rsa->d, lcm) < 0) - /* (Step 6b) 1 = (e . d) mod LCM(p - 1, q - 1) */ - && BN_mod_mul(r, rsa->e, rsa->d, lcm, ctx) - && BN_is_one(r)); + /* LCM(p - 1, q - 1) */ + && (ossl_rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, + p1q1) + == 1) + /* (Step 6a) d < LCM(p - 1, q - 1) */ + && (BN_cmp(rsa->d, lcm) < 0) + /* (Step 6b) 1 = (e . d) mod LCM(p - 1, q - 1) */ + && BN_mod_mul(r, rsa->e, rsa->d, lcm, ctx) + && BN_is_one(r)); BN_clear(r); BN_clear(p1); @@ -240,7 +241,7 @@ * i.e- numbits(p-q-1) > (nbits/2 -100) */ int ossl_rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q, - int nbits) + int nbits) { int bitlen = (nbits >> 1) - 100; @@ -263,14 +264,14 @@ * BN_FLG_CONSTTIME. */ int ossl_rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q, - BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1, - BIGNUM *p1q1) + BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1, + BIGNUM *p1q1) { - return BN_sub(p1, p, BN_value_one()) /* p-1 */ - && BN_sub(q1, q, BN_value_one()) /* q-1 */ - && BN_mul(p1q1, p1, q1, ctx) /* (p-1)(q-1) */ - && BN_gcd(gcd, p1, q1, ctx) - && BN_div(lcm, NULL, p1q1, gcd, ctx); /* LCM((p-1, q-1)) */ + return BN_sub(p1, p, BN_value_one()) /* p-1 */ + && BN_sub(q1, q, BN_value_one()) /* q-1 */ + && BN_mul(p1q1, p1, q1, ctx) /* (p-1)(q-1) */ + && BN_gcd(gcd, p1, q1, ctx) + && BN_div(lcm, NULL, p1q1, gcd, ctx); /* LCM((p-1, q-1)) */ } /* @@ -334,9 +335,7 @@ #ifdef FIPS_MODULE if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) { #else - if (ret != 1 || (status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME - && (nbits >= RSA_MIN_MODULUS_BITS - || status != BN_PRIMETEST_COMPOSITE_WITH_FACTOR))) { + if (ret != 1 || (status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME && (nbits >= RSA_MIN_MODULUS_BITS || status != BN_PRIMETEST_COMPOSITE_WITH_FACTOR))) { #endif ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS); ret = 0; @@ -372,17 +371,17 @@ * 6.4.1.3.3 "rsakpv2 - crt" */ int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed, - int strength, int nbits) + int strength, int nbits) { int ret = 0; BN_CTX *ctx = NULL; BIGNUM *r = NULL; if (rsa->p == NULL - || rsa->q == NULL - || rsa->e == NULL - || rsa->d == NULL - || rsa->n == NULL) { + || rsa->q == NULL + || rsa->e == NULL + || rsa->d == NULL + || rsa->n == NULL) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_REQUEST); return 0; } @@ -426,12 +425,12 @@ /* (Step 5): check prime factors p & q */ ret = ossl_rsa_check_prime_factor(rsa->p, rsa->e, nbits, ctx) - && ossl_rsa_check_prime_factor(rsa->q, rsa->e, nbits, ctx) - && (ossl_rsa_check_pminusq_diff(r, rsa->p, rsa->q, nbits) > 0) - /* (Step 6): Check the private exponent d */ - && ossl_rsa_check_private_exponent(rsa, nbits, ctx) - /* 6.4.1.2.3 (Step 7): Check the CRT components */ - && ossl_rsa_check_crt_components(rsa, ctx); + && ossl_rsa_check_prime_factor(rsa->q, rsa->e, nbits, ctx) + && (ossl_rsa_check_pminusq_diff(r, rsa->p, rsa->q, nbits) > 0) + /* (Step 6): Check the private exponent d */ + && ossl_rsa_check_private_exponent(rsa, nbits, ctx) + /* 6.4.1.2.3 (Step 7): Check the CRT components */ + && ossl_rsa_check_crt_components(rsa, ctx); if (ret != 1) ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR); --- crypto/openssl/crypto/rsa/rsa_sp800_56b_gen.c.orig +++ crypto/openssl/crypto/rsa/rsa_sp800_56b_gen.c @@ -55,8 +55,8 @@ * (Required for CAVS testing). */ int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, - int nbits, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) + int nbits, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb) { int ret = 0, ok; /* Temp allocated BIGNUMS */ @@ -123,12 +123,12 @@ /* (Step 4) Generate p, Xp */ if (!ossl_bn_rsa_fips186_4_gen_prob_primes(rsa->p, Xpo, p1, p2, Xp, Xp1, Xp2, - nbits, e, ctx, cb)) + nbits, e, ctx, cb)) goto err; - for(;;) { + for (;;) { /* (Step 5) Generate q, Xq*/ if (!ossl_bn_rsa_fips186_4_gen_prob_primes(rsa->q, Xqo, q1, q2, Xq, Xq1, - Xq2, nbits, e, ctx, cb)) + Xq2, nbits, e, ctx, cb)) goto err; /* (Step 6) |Xp - Xq| > 2^(nbitlen/2 - 100) */ @@ -202,7 +202,7 @@ */ if (EVP_RAND_get_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) { ERR_raise(ERR_LIB_RSA, - RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT); + RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT); return 0; } #endif @@ -230,7 +230,7 @@ * 1 = success. */ int ossl_rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, - const BIGNUM *e, BN_CTX *ctx) + const BIGNUM *e, BN_CTX *ctx) { int ret = -1; BIGNUM *p1, *q1, *lcm, *p1q1, *gcd; @@ -354,7 +354,7 @@ * Returns: 1 if successfully generated otherwise it returns 0. */ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, - BN_GENCB *cb) + BN_GENCB *cb) { int ret = 0; int ok; @@ -372,7 +372,7 @@ return 0; /* Check that the RNG is capable of generating a key this large */ - if (!rsa_validate_rng_strength(RAND_get0_private(rsa->libctx), nbits)) + if (!rsa_validate_rng_strength(RAND_get0_private(rsa->libctx), nbits)) return 0; ctx = BN_CTX_new_ex(rsa->libctx); @@ -438,9 +438,9 @@ BN_set_flags(k, BN_FLG_CONSTTIME); ret = (BN_set_word(k, 2) - && BN_mod_exp(tmp, k, rsa->e, rsa->n, ctx) - && BN_mod_exp(tmp, tmp, rsa->d, rsa->n, ctx) - && BN_cmp(k, tmp) == 0); + && BN_mod_exp(tmp, k, rsa->e, rsa->n, ctx) + && BN_mod_exp(tmp, tmp, rsa->d, rsa->n, ctx) + && BN_cmp(k, tmp) == 0); if (ret == 0) ERR_raise(ERR_LIB_RSA, RSA_R_PAIRWISE_TEST_FAILURE); err: --- crypto/openssl/crypto/rsa/rsa_x931.c.orig +++ crypto/openssl/crypto/rsa/rsa_x931.c @@ -20,7 +20,7 @@ #include int RSA_padding_add_X931(unsigned char *to, int tlen, - const unsigned char *from, int flen) + const unsigned char *from, int flen) { int j; unsigned char *p; @@ -57,7 +57,7 @@ } int RSA_padding_check_X931(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num) + const unsigned char *from, int flen, int num) { int i = 0, j; const unsigned char *p; @@ -117,7 +117,6 @@ case NID_sha512: return 0x35; - } return -1; } --- crypto/openssl/crypto/rsa/rsa_x931g.c.orig +++ crypto/openssl/crypto/rsa/rsa_x931g.c @@ -23,9 +23,9 @@ /* X9.31 RSA key derivation and generation */ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, - BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, - const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, - const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) + BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, + const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) { BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; BN_CTX *ctx = NULL, *ctx2 = NULL; @@ -65,7 +65,7 @@ goto err; if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, - Xp, Xp1, Xp2, e, ctx, cb)) + Xp, Xp1, Xp2, e, ctx, cb)) goto err; } @@ -74,7 +74,7 @@ if (rsa->q == NULL) goto err; if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, - Xq, Xq1, Xq2, e, ctx, cb)) + Xq, Xq1, Xq2, e, ctx, cb)) goto err; } @@ -98,17 +98,17 @@ /* calculate d */ if (!BN_sub(r1, rsa->p, BN_value_one())) - goto err; /* p-1 */ + goto err; /* p-1 */ if (!BN_sub(r2, rsa->q, BN_value_one())) - goto err; /* q-1 */ + goto err; /* q-1 */ if (!BN_mul(r0, r1, r2, ctx)) - goto err; /* (p-1)(q-1) */ + goto err; /* (p-1)(q-1) */ if (!BN_gcd(r3, r1, r2, ctx)) goto err; if (!BN_div(r0, NULL, r0, r3, ctx)) - goto err; /* LCM((p-1)(q-1)) */ + goto err; /* LCM((p-1)(q-1)) */ ctx2 = BN_CTX_new(); if (ctx2 == NULL) @@ -139,17 +139,16 @@ rsa->dirty_cnt++; ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); BN_CTX_free(ctx2); return ret; - } int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, - BN_GENCB *cb) + BN_GENCB *cb) { int ok = 0; BIGNUM *Xp = NULL, *Xq = NULL; @@ -175,11 +174,11 @@ /* Generate two primes from Xp, Xq */ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, - e, ctx, cb)) + e, ctx, cb)) goto error; if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, - e, ctx, cb)) + e, ctx, cb)) goto error; /* @@ -188,13 +187,13 @@ */ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) + NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) goto error; rsa->dirty_cnt++; ok = 1; - error: +error: BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -202,5 +201,4 @@ return 1; return 0; - } --- crypto/openssl/crypto/s390x_arch.h.orig +++ crypto/openssl/crypto/s390x_arch.h @@ -8,47 +8,47 @@ */ #ifndef OSSL_CRYPTO_S390X_ARCH_H -# define OSSL_CRYPTO_S390X_ARCH_H +#define OSSL_CRYPTO_S390X_ARCH_H -# ifndef __ASSEMBLER__ +#ifndef __ASSEMBLER__ void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc, - void *param); + void *param); void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out, - size_t outlen, unsigned int fc, void *param); + size_t outlen, unsigned int fc, void *param); void s390x_km(const unsigned char *in, size_t len, unsigned char *out, - unsigned int fc, void *param); + unsigned int fc, void *param); void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc, - void *param); + void *param); void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out, - unsigned int fc, void *param); + unsigned int fc, void *param); void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out, - unsigned int fc, void *param); + unsigned int fc, void *param); void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in, - size_t len, unsigned char *out, unsigned int fc, void *param); + size_t len, unsigned char *out, unsigned int fc, void *param); int s390x_pcc(unsigned int fc, void *param); int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in, - size_t len); + size_t len); void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]); void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]); int s390x_x25519_mul(unsigned char u_dst[32], - const unsigned char u_src[32], - const unsigned char d_src[32]); + const unsigned char u_src[32], + const unsigned char d_src[32]); int s390x_x448_mul(unsigned char u_dst[56], - const unsigned char u_src[56], - const unsigned char d_src[56]); + const unsigned char u_src[56], + const unsigned char d_src[56]); int s390x_ed25519_mul(unsigned char x_dst[32], - unsigned char y_dst[32], - const unsigned char x_src[32], - const unsigned char y_src[32], - const unsigned char d_src[32]); + unsigned char y_dst[32], + const unsigned char x_src[32], + const unsigned char y_src[32], + const unsigned char d_src[32]); int s390x_ed448_mul(unsigned char x_dst[57], - unsigned char y_dst[57], - const unsigned char x_src[57], - const unsigned char y_src[57], - const unsigned char d_src[57]); + unsigned char y_dst[57], + const unsigned char x_src[57], + const unsigned char y_src[57], + const unsigned char d_src[57]); /* * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by @@ -73,101 +73,101 @@ }; #if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) +__attribute__((visibility("hidden"))) #endif extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; /* Max number of 64-bit words currently returned by STFLE */ -# define S390X_STFLE_MAX 3 +#define S390X_STFLE_MAX 3 /* convert facility bit number or function code to bit mask */ -# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64)) +#define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64)) -# endif +#endif /* OPENSSL_s390xcap_P offsets [bytes] */ -# define S390X_STFLE 0x00 -# define S390X_KIMD 0x20 -# define S390X_KLMD 0x30 -# define S390X_KM 0x40 -# define S390X_KMC 0x50 -# define S390X_KMAC 0x60 -# define S390X_KMCTR 0x70 -# define S390X_KMO 0x80 -# define S390X_KMF 0x90 -# define S390X_PRNO 0xa0 -# define S390X_KMA 0xb0 -# define S390X_PCC 0xc0 -# define S390X_KDSA 0xd0 +#define S390X_STFLE 0x00 +#define S390X_KIMD 0x20 +#define S390X_KLMD 0x30 +#define S390X_KM 0x40 +#define S390X_KMC 0x50 +#define S390X_KMAC 0x60 +#define S390X_KMCTR 0x70 +#define S390X_KMO 0x80 +#define S390X_KMF 0x90 +#define S390X_PRNO 0xa0 +#define S390X_KMA 0xb0 +#define S390X_PCC 0xc0 +#define S390X_KDSA 0xd0 /* Facility Bit Numbers */ -# define S390X_MSA 17 /* message-security-assist */ -# define S390X_STCKF 25 /* store-clock-fast */ -# define S390X_MSA5 57 /* message-security-assist-ext. 5 */ -# define S390X_MSA3 76 /* message-security-assist-ext. 3 */ -# define S390X_MSA4 77 /* message-security-assist-ext. 4 */ -# define S390X_VX 129 /* vector */ -# define S390X_VXD 134 /* vector packed decimal */ -# define S390X_VXE 135 /* vector enhancements 1 */ -# define S390X_MSA8 146 /* message-security-assist-ext. 8 */ -# define S390X_MSA9 155 /* message-security-assist-ext. 9 */ +#define S390X_MSA 17 /* message-security-assist */ +#define S390X_STCKF 25 /* store-clock-fast */ +#define S390X_MSA5 57 /* message-security-assist-ext. 5 */ +#define S390X_MSA3 76 /* message-security-assist-ext. 3 */ +#define S390X_MSA4 77 /* message-security-assist-ext. 4 */ +#define S390X_VX 129 /* vector */ +#define S390X_VXD 134 /* vector packed decimal */ +#define S390X_VXE 135 /* vector enhancements 1 */ +#define S390X_MSA8 146 /* message-security-assist-ext. 8 */ +#define S390X_MSA9 155 /* message-security-assist-ext. 9 */ /* Function Codes */ /* all instructions */ -# define S390X_QUERY 0 +#define S390X_QUERY 0 /* kimd/klmd */ -# define S390X_SHA_1 1 -# define S390X_SHA_256 2 -# define S390X_SHA_512 3 -# define S390X_SHA3_224 32 -# define S390X_SHA3_256 33 -# define S390X_SHA3_384 34 -# define S390X_SHA3_512 35 -# define S390X_SHAKE_128 36 -# define S390X_SHAKE_256 37 -# define S390X_GHASH 65 +#define S390X_SHA_1 1 +#define S390X_SHA_256 2 +#define S390X_SHA_512 3 +#define S390X_SHA3_224 32 +#define S390X_SHA3_256 33 +#define S390X_SHA3_384 34 +#define S390X_SHA3_512 35 +#define S390X_SHAKE_128 36 +#define S390X_SHAKE_256 37 +#define S390X_GHASH 65 /* km/kmc/kmac/kmctr/kmo/kmf/kma */ -# define S390X_AES_128 18 -# define S390X_AES_192 19 -# define S390X_AES_256 20 +#define S390X_AES_128 18 +#define S390X_AES_192 19 +#define S390X_AES_256 20 /* km */ -# define S390X_XTS_AES_128 50 -# define S390X_XTS_AES_256 52 +#define S390X_XTS_AES_128 50 +#define S390X_XTS_AES_256 52 /* prno */ -# define S390X_SHA_512_DRNG 3 -# define S390X_TRNG 114 +#define S390X_SHA_512_DRNG 3 +#define S390X_TRNG 114 /* pcc */ -# define S390X_SCALAR_MULTIPLY_P256 64 -# define S390X_SCALAR_MULTIPLY_P384 65 -# define S390X_SCALAR_MULTIPLY_P521 66 -# define S390X_SCALAR_MULTIPLY_ED25519 72 -# define S390X_SCALAR_MULTIPLY_ED448 73 -# define S390X_SCALAR_MULTIPLY_X25519 80 -# define S390X_SCALAR_MULTIPLY_X448 81 +#define S390X_SCALAR_MULTIPLY_P256 64 +#define S390X_SCALAR_MULTIPLY_P384 65 +#define S390X_SCALAR_MULTIPLY_P521 66 +#define S390X_SCALAR_MULTIPLY_ED25519 72 +#define S390X_SCALAR_MULTIPLY_ED448 73 +#define S390X_SCALAR_MULTIPLY_X25519 80 +#define S390X_SCALAR_MULTIPLY_X448 81 /* kdsa */ -# define S390X_ECDSA_VERIFY_P256 1 -# define S390X_ECDSA_VERIFY_P384 2 -# define S390X_ECDSA_VERIFY_P521 3 -# define S390X_ECDSA_SIGN_P256 9 -# define S390X_ECDSA_SIGN_P384 10 -# define S390X_ECDSA_SIGN_P521 11 -# define S390X_EDDSA_VERIFY_ED25519 32 -# define S390X_EDDSA_VERIFY_ED448 36 -# define S390X_EDDSA_SIGN_ED25519 40 -# define S390X_EDDSA_SIGN_ED448 44 +#define S390X_ECDSA_VERIFY_P256 1 +#define S390X_ECDSA_VERIFY_P384 2 +#define S390X_ECDSA_VERIFY_P521 3 +#define S390X_ECDSA_SIGN_P256 9 +#define S390X_ECDSA_SIGN_P384 10 +#define S390X_ECDSA_SIGN_P521 11 +#define S390X_EDDSA_VERIFY_ED25519 32 +#define S390X_EDDSA_VERIFY_ED448 36 +#define S390X_EDDSA_SIGN_ED25519 40 +#define S390X_EDDSA_SIGN_ED448 44 /* Register 0 Flags */ -# define S390X_DECRYPT 0x80 -# define S390X_KMA_LPC 0x100 -# define S390X_KMA_LAAD 0x200 -# define S390X_KMA_HS 0x400 -# define S390X_KDSA_D 0x80 +#define S390X_DECRYPT 0x80 +#define S390X_KMA_LPC 0x100 +#define S390X_KMA_LAAD 0x200 +#define S390X_KMA_HS 0x400 +#define S390X_KDSA_D 0x80 #endif --- crypto/openssl/crypto/s390xcap.c.orig +++ crypto/openssl/crypto/s390xcap.c @@ -17,43 +17,47 @@ #include "s390x_arch.h" #if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 16) -# include -# if defined(HWCAP_S390_STFLE) && defined(HWCAP_S390_VX) -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# endif +#if __GLIBC_PREREQ(2, 16) +#include +#if defined(HWCAP_S390_STFLE) && defined(HWCAP_S390_VX) +#define OSSL_IMPLEMENT_GETAUXVAL +#endif +#endif #endif -#define LEN 128 +#define LEN 128 #define STR_(S) #S -#define STR(S) STR_(S) - -#define TOK_FUNC(NAME) \ - (sscanf(tok_begin, \ - " " STR(NAME) " : %" STR(LEN) "[^:] : " \ - "%" STR(LEN) "s %" STR(LEN) "s ", \ - tok[0], tok[1], tok[2]) == 2) { \ - \ - off = (tok[0][0] == '~') ? 1 : 0; \ - if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \ - goto ret; \ - if (off) \ - cap->NAME[0] = ~cap->NAME[0]; \ - \ - off = (tok[1][0] == '~') ? 1 : 0; \ - if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \ - goto ret; \ - if (off) \ - cap->NAME[1] = ~cap->NAME[1]; \ +#define STR(S) STR_(S) + +#define TOK_FUNC(NAME) \ + (sscanf(tok_begin, \ + " " STR(NAME) " : %" STR(LEN) "[^:] : " \ + "%" STR(LEN) "s %" STR(LEN) "s ", \ + tok[0], tok[1], tok[2]) \ + == 2) \ + { \ + \ + off = (tok[0][0] == '~') ? 1 : 0; \ + if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \ + goto ret; \ + if (off) \ + cap->NAME[0] = ~cap->NAME[0]; \ + \ + off = (tok[1][0] == '~') ? 1 : 0; \ + if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \ + goto ret; \ + if (off) \ + cap->NAME[1] = ~cap->NAME[1]; \ } -#define TOK_CPU(NAME) \ - (sscanf(tok_begin, \ - " %" STR(LEN) "s %" STR(LEN) "s ", \ - tok[0], tok[1]) == 1 \ - && !strcmp(tok[0], #NAME)) { \ - memcpy(cap, &NAME, sizeof(*cap)); \ +#define TOK_CPU(NAME) \ + (sscanf(tok_begin, \ + " %" STR(LEN) "s %" STR(LEN) "s ", \ + tok[0], tok[1]) \ + == 1 \ + && !strcmp(tok[0], #NAME)) \ + { \ + memcpy(cap, &NAME, sizeof(*cap)); \ } #ifndef OSSL_IMPLEMENT_GETAUXVAL @@ -75,7 +79,7 @@ struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; #if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) +__attribute__((visibility("hidden"))) #endif void OPENSSL_cpuid_setup(void) { @@ -98,8 +102,8 @@ /* protection against disabled vector facility */ if (!(hwcap & HWCAP_S390_VX)) { OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE)); + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE)); } } #else @@ -128,8 +132,8 @@ OPENSSL_vx_probe(); } else { OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE)); + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE)); } sigaction(SIGFPE, &oact_fpe, NULL); @@ -192,19 +196,19 @@ * Facility detection would fail on real hw (no STFLE). */ static const struct OPENSSL_s390xcap_st z900 = { - /*.stfle = */{0ULL, 0ULL, 0ULL, 0ULL}, - /*.kimd = */{0ULL, 0ULL}, - /*.klmd = */{0ULL, 0ULL}, - /*.km = */{0ULL, 0ULL}, - /*.kmc = */{0ULL, 0ULL}, - /*.kmac = */{0ULL, 0ULL}, - /*.kmctr = */{0ULL, 0ULL}, - /*.kmo = */{0ULL, 0ULL}, - /*.kmf = */{0ULL, 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{0ULL, 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, + /*.stfle = */ { 0ULL, 0ULL, 0ULL, 0ULL }, + /*.kimd = */ { 0ULL, 0ULL }, + /*.klmd = */ { 0ULL, 0ULL }, + /*.km = */ { 0ULL, 0ULL }, + /*.kmc = */ { 0ULL, 0ULL }, + /*.kmac = */ { 0ULL, 0ULL }, + /*.kmctr = */ { 0ULL, 0ULL }, + /*.kmo = */ { 0ULL, 0ULL }, + /*.kmf = */ { 0ULL, 0ULL }, + /*.prno = */ { 0ULL, 0ULL }, + /*.kma = */ { 0ULL, 0ULL }, + /*.pcc = */ { 0ULL, 0ULL }, + /*.kdsa = */ { 0ULL, 0ULL }, }; /*- @@ -212,27 +216,20 @@ * Implements MSA. Facility detection would fail on real hw (no STFLE). */ static const struct OPENSSL_s390xcap_st z990 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA), - 0ULL, 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1), - 0ULL}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmctr = */{0ULL, 0ULL}, - /*.kmo = */{0ULL, 0ULL}, - /*.kmf = */{0ULL, 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{0ULL, 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, + /*.stfle = */ { S390X_CAPBIT(S390X_MSA), + 0ULL, 0ULL, 0ULL }, + /*.kimd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1), 0ULL }, + /*.klmd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1), 0ULL }, + /*.km = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kmc = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kmac = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kmctr = */ { 0ULL, 0ULL }, + /*.kmo = */ { 0ULL, 0ULL }, + /*.kmf = */ { 0ULL, 0ULL }, + /*.prno = */ { 0ULL, 0ULL }, + /*.kma = */ { 0ULL, 0ULL }, + /*.pcc = */ { 0ULL, 0ULL }, + /*.kdsa = */ { 0ULL, 0ULL }, }; /*- @@ -240,32 +237,21 @@ * Implements MSA and MSA1. */ static const struct OPENSSL_s390xcap_st z9 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - 0ULL, 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256), - 0ULL}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmctr = */{0ULL, 0ULL}, - /*.kmo = */{0ULL, 0ULL}, - /*.kmf = */{0ULL, 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{0ULL, 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, + /*.stfle = */ { S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF), + 0ULL, 0ULL, 0ULL }, + /*.kimd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256), 0ULL }, + /*.klmd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256), 0ULL }, + /*.km = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128), 0ULL }, + /*.kmc = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128), 0ULL }, + /*.kmac = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kmctr = */ { 0ULL, 0ULL }, + /*.kmo = */ { 0ULL, 0ULL }, + /*.kmf = */ { 0ULL, 0ULL }, + /*.prno = */ { 0ULL, 0ULL }, + /*.kma = */ { 0ULL, 0ULL }, + /*.pcc = */ { 0ULL, 0ULL }, + /*.kdsa = */ { 0ULL, 0ULL }, }; /*- @@ -273,38 +259,21 @@ * Implements MSA and MSA1-2. */ static const struct OPENSSL_s390xcap_st z10 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - 0ULL, 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmctr = */{0ULL, 0ULL}, - /*.kmo = */{0ULL, 0ULL}, - /*.kmf = */{0ULL, 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{0ULL, 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, + /*.stfle = */ { S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF), + 0ULL, 0ULL, 0ULL }, + /*.kimd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512), 0ULL }, + /*.klmd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512), 0ULL }, + /*.km = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmc = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmac = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kmctr = */ { 0ULL, 0ULL }, + /*.kmo = */ { 0ULL, 0ULL }, + /*.kmf = */ { 0ULL, 0ULL }, + /*.prno = */ { 0ULL, 0ULL }, + /*.kma = */ { 0ULL, 0ULL }, + /*.pcc = */ { 0ULL, 0ULL }, + /*.kdsa = */ { 0ULL, 0ULL }, }; /*- @@ -312,58 +281,23 @@ * Implements MSA and MSA1-4. */ static const struct OPENSSL_s390xcap_st z196 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, + /*.stfle = */ { S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + 0ULL, 0ULL }, + /*.kimd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512), S390X_CAPBIT(S390X_GHASH) }, + /*.klmd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512), 0ULL }, + /*.km = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256) | S390X_CAPBIT(S390X_XTS_AES_128) | S390X_CAPBIT(S390X_XTS_AES_256), 0ULL }, + /*.kmc = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmac = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmctr = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmo = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmf = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.prno = */ { 0ULL, 0ULL }, + /*.kma = */ { 0ULL, 0ULL }, + /*.pcc = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kdsa = */ { 0ULL, 0ULL }, }; /*- @@ -371,58 +305,23 @@ * Implements MSA and MSA1-4. */ static const struct OPENSSL_s390xcap_st zEC12 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, + /*.stfle = */ { S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + 0ULL, 0ULL }, + /*.kimd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512), S390X_CAPBIT(S390X_GHASH) }, + /*.klmd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512), 0ULL }, + /*.km = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256) | S390X_CAPBIT(S390X_XTS_AES_128) | S390X_CAPBIT(S390X_XTS_AES_256), 0ULL }, + /*.kmc = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmac = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmctr = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmo = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmf = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.prno = */ { 0ULL, 0ULL }, + /*.kma = */ { 0ULL, 0ULL }, + /*.pcc = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kdsa = */ { 0ULL, 0ULL }, }; /*- @@ -430,62 +329,25 @@ * Implements MSA and MSA1-5. */ static const struct OPENSSL_s390xcap_st z13 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF) - | S390X_CAPBIT(S390X_MSA5), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - S390X_CAPBIT(S390X_VX), - 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_512_DRNG), - 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, + /*.stfle = */ { S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF) + | S390X_CAPBIT(S390X_MSA5), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + S390X_CAPBIT(S390X_VX), + 0ULL }, + /*.kimd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512), S390X_CAPBIT(S390X_GHASH) }, + /*.klmd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512), 0ULL }, + /*.km = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256) | S390X_CAPBIT(S390X_XTS_AES_128) | S390X_CAPBIT(S390X_XTS_AES_256), 0ULL }, + /*.kmc = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmac = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmctr = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmo = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmf = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.prno = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_512_DRNG), 0ULL }, + /*.kma = */ { 0ULL, 0ULL }, + /*.pcc = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kdsa = */ { 0ULL, 0ULL }, }; /*- @@ -493,81 +355,28 @@ * Implements MSA and MSA1-8. */ static const struct OPENSSL_s390xcap_st z14 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF) - | S390X_CAPBIT(S390X_MSA5), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE) - | S390X_CAPBIT(S390X_MSA8), - 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_512_DRNG), - S390X_CAPBIT(S390X_TRNG)}, - /*.kma = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, + /*.stfle = */ { S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF) + | S390X_CAPBIT(S390X_MSA5), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE) + | S390X_CAPBIT(S390X_MSA8), + 0ULL }, + /*.kimd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512) | S390X_CAPBIT(S390X_SHA3_224) | S390X_CAPBIT(S390X_SHA3_256) | S390X_CAPBIT(S390X_SHA3_384) | S390X_CAPBIT(S390X_SHA3_512) | S390X_CAPBIT(S390X_SHAKE_128) | S390X_CAPBIT(S390X_SHAKE_256), S390X_CAPBIT(S390X_GHASH) }, + /*.klmd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512) | S390X_CAPBIT(S390X_SHA3_224) | S390X_CAPBIT(S390X_SHA3_256) | S390X_CAPBIT(S390X_SHA3_384) | S390X_CAPBIT(S390X_SHA3_512) | S390X_CAPBIT(S390X_SHAKE_128) | S390X_CAPBIT(S390X_SHAKE_256), 0ULL }, + /*.km = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256) | S390X_CAPBIT(S390X_XTS_AES_128) | S390X_CAPBIT(S390X_XTS_AES_256), 0ULL }, + /*.kmc = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmac = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmctr = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmo = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmf = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.prno = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_512_DRNG), S390X_CAPBIT(S390X_TRNG) }, + /*.kma = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.pcc = */ { S390X_CAPBIT(S390X_QUERY), 0ULL }, + /*.kdsa = */ { 0ULL, 0ULL }, }; /*- @@ -575,99 +384,29 @@ * Implements MSA and MSA1-9. */ static const struct OPENSSL_s390xcap_st z15 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF) - | S390X_CAPBIT(S390X_MSA5), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE) - | S390X_CAPBIT(S390X_MSA8) - | S390X_CAPBIT(S390X_MSA9), - 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_512_DRNG), - S390X_CAPBIT(S390X_TRNG)}, - /*.kma = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)}, - /*.kdsa = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) - | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) - | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521) - | S390X_CAPBIT(S390X_ECDSA_SIGN_P256) - | S390X_CAPBIT(S390X_ECDSA_SIGN_P384) - | S390X_CAPBIT(S390X_ECDSA_SIGN_P521) - | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519) - | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448) - | S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) - | S390X_CAPBIT(S390X_EDDSA_SIGN_ED448), - 0ULL}, + /*.stfle = */ { S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF) + | S390X_CAPBIT(S390X_MSA5), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE) + | S390X_CAPBIT(S390X_MSA8) + | S390X_CAPBIT(S390X_MSA9), + 0ULL }, + /*.kimd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512) | S390X_CAPBIT(S390X_SHA3_224) | S390X_CAPBIT(S390X_SHA3_256) | S390X_CAPBIT(S390X_SHA3_384) | S390X_CAPBIT(S390X_SHA3_512) | S390X_CAPBIT(S390X_SHAKE_128) | S390X_CAPBIT(S390X_SHAKE_256), S390X_CAPBIT(S390X_GHASH) }, + /*.klmd = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_1) | S390X_CAPBIT(S390X_SHA_256) | S390X_CAPBIT(S390X_SHA_512) | S390X_CAPBIT(S390X_SHA3_224) | S390X_CAPBIT(S390X_SHA3_256) | S390X_CAPBIT(S390X_SHA3_384) | S390X_CAPBIT(S390X_SHA3_512) | S390X_CAPBIT(S390X_SHAKE_128) | S390X_CAPBIT(S390X_SHAKE_256), 0ULL }, + /*.km = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256) | S390X_CAPBIT(S390X_XTS_AES_128) | S390X_CAPBIT(S390X_XTS_AES_256), 0ULL }, + /*.kmc = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmac = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmctr = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmo = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.kmf = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.prno = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_SHA_512_DRNG), S390X_CAPBIT(S390X_TRNG) }, + /*.kma = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_AES_128) | S390X_CAPBIT(S390X_AES_192) | S390X_CAPBIT(S390X_AES_256), 0ULL }, + /*.pcc = */ { S390X_CAPBIT(S390X_QUERY), S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521) | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519) | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448) }, + /*.kdsa = */ { S390X_CAPBIT(S390X_QUERY) | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521) | S390X_CAPBIT(S390X_ECDSA_SIGN_P256) | S390X_CAPBIT(S390X_ECDSA_SIGN_P384) | S390X_CAPBIT(S390X_ECDSA_SIGN_P521) | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519) | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448) | S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) | S390X_CAPBIT(S390X_EDDSA_SIGN_ED448), 0ULL }, }; char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1]; @@ -688,9 +427,9 @@ while (tok_begin != NULL) { /* stfle token */ if ((n = sscanf(tok_begin, - " stfle : %" STR(LEN) "[^:] : " - "%" STR(LEN) "[^:] : %" STR(LEN) "s ", - tok[0], tok[1], tok[2]))) { + " stfle : %" STR(LEN) "[^:] : " + "%" STR(LEN) "[^:] : %" STR(LEN) "s ", + tok[0], tok[1], tok[2]))) { for (i = 0; i < n; i++) { off = (tok[i][0] == '~') ? 1 : 0; if (sscanf(tok[i] + off, "%llx", &cap->stfle[i]) != 1) @@ -701,38 +440,21 @@ } /* query function tokens */ - else if TOK_FUNC(kimd) - else if TOK_FUNC(klmd) - else if TOK_FUNC(km) - else if TOK_FUNC(kmc) - else if TOK_FUNC(kmac) - else if TOK_FUNC(kmctr) - else if TOK_FUNC(kmo) - else if TOK_FUNC(kmf) - else if TOK_FUNC(prno) - else if TOK_FUNC(kma) - else if TOK_FUNC(pcc) - else if TOK_FUNC(kdsa) - - /* CPU model tokens */ - else if TOK_CPU(z900) - else if TOK_CPU(z990) - else if TOK_CPU(z9) - else if TOK_CPU(z10) - else if TOK_CPU(z196) - else if TOK_CPU(zEC12) - else if TOK_CPU(z13) - else if TOK_CPU(z14) - else if TOK_CPU(z15) - - /* whitespace(ignored) or invalid tokens */ - else { - while (*tok_begin != '\0') { - if (!ossl_isspace(*tok_begin)) - goto ret; - tok_begin++; + else if TOK_FUNC (kimd) + else if TOK_FUNC (klmd) else if TOK_FUNC (km) else if TOK_FUNC (kmc) else if TOK_FUNC (kmac) else if TOK_FUNC (kmctr) else if TOK_FUNC (kmo) else if TOK_FUNC (kmf) else if TOK_FUNC (prno) else if TOK_FUNC (kma) else if TOK_FUNC (pcc) else if TOK_FUNC (kdsa) + + /* CPU model tokens */ + else if TOK_CPU (z900) else if TOK_CPU (z990) else if TOK_CPU (z9) else if TOK_CPU (z10) else if TOK_CPU (z196) else if TOK_CPU (zEC12) else if TOK_CPU (z13) else if TOK_CPU (z14) else if TOK_CPU (z15) + + /* whitespace(ignored) or invalid tokens */ + else + { + while (*tok_begin != '\0') { + if (!ossl_isspace(*tok_begin)) + goto ret; + tok_begin++; + } } - } tok_begin = tok_end; tok_end = strtok(NULL, ";"); --- crypto/openssl/crypto/s390xcpuid.pl.orig +++ crypto/openssl/crypto/s390xcpuid.pl @@ -481,16 +481,12 @@ s390x_kdsa: lr %r0,$fc l${g}r %r1,$param - lhi %r2,0 .long 0xb93a0004 # kdsa %r0,$in brc 1,.-4 # pay attention to "partial completion" - brc 7,.Lkdsa_err # if CC==0 return 0, else return 1 -.Lkdsa_out: + ipm %r2 # load program mask and + srl %r2,28 # extract cc br $ra -.Lkdsa_err: - lhi %r2,1 - j .Lkdsa_out .size s390x_kdsa,.-s390x_kdsa ___ } --- crypto/openssl/crypto/seed/seed.c.orig +++ crypto/openssl/crypto/seed/seed.c @@ -40,411 +40,400 @@ */ #include "internal/deprecated.h" -# include -# include -# include -# ifdef _WIN32 -# include -# endif +#include +#include +#include +#ifdef _WIN32 +#include +#endif -# include -# include "seed_local.h" +#include +#include "seed_local.h" -# ifdef SS /* can get defined on Solaris by inclusion of - * */ -# undef SS -# endif +#ifdef SS /* can get defined on Solaris by inclusion of \ + * */ +#undef SS +#endif -# if !defined(OPENSSL_SMALL_FOOTPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT) -# define G_FUNC(v) \ - SS[0][(unsigned char) (v) & 0xff] ^ \ - SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \ - SS[2][(unsigned char)((v)>>16) & 0xff] ^ \ - SS[3][(unsigned char)((v)>>24) & 0xff] +#define G_FUNC(v) \ + SS[0][(unsigned char)(v) & 0xff] ^ SS[1][(unsigned char)((v) >> 8) & 0xff] ^ SS[2][(unsigned char)((v) >> 16) & 0xff] ^ SS[3][(unsigned char)((v) >> 24) & 0xff] static const seed_word SS[4][256] = { { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, - 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, - 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, - 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, - 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, - 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314, - 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, - 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec, - 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, - 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074, - 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, - 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100, - 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, - 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8, - 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, - 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8, - 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, - 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c, - 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, - 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4, - 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, - 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008, - 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, - 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0, - 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, - 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8, - 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, - 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208, - 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, - 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064, - 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, - 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264, - 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, - 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0, - 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, - 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc, - 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, - 0x36063234, 0x15051114, 0x22022220, 0x38083038, - 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, - 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394, - 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, - 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188, - 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, - 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4, - 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, - 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8, - 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, - 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4, - 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, - 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040, - 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, - 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154, - 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, - 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254, - 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, - 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8, - 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, - 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0, - 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, - 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088, - 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, - 0x22426260, 0x29092128, 0x07070304, 0x33033330, - 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, - 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298 - }, + 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, + 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, + 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, + 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, + 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314, + 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, + 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec, + 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, + 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074, + 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, + 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100, + 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, + 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8, + 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, + 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8, + 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, + 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c, + 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, + 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4, + 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, + 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008, + 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, + 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0, + 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, + 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8, + 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, + 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208, + 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, + 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064, + 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, + 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264, + 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, + 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0, + 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, + 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc, + 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, + 0x36063234, 0x15051114, 0x22022220, 0x38083038, + 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, + 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394, + 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, + 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188, + 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, + 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4, + 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, + 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8, + 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, + 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4, + 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, + 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040, + 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, + 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154, + 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, + 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254, + 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, + 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8, + 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, + 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0, + 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, + 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088, + 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, + 0x22426260, 0x29092128, 0x07070304, 0x33033330, + 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, + 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298 }, { 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, - 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0, - 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, - 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53, - 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, - 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3, - 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, - 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43, - 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, - 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0, - 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, - 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890, - 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, - 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3, - 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, - 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272, - 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, - 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83, - 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, - 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430, - 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, - 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0, - 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, - 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1, - 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, - 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1, - 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, - 0x20220222, 0x04040400, 0x68284860, 0x70314171, - 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, - 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951, - 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, - 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0, - 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, - 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3, - 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, - 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41, - 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, - 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62, - 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, - 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0, - 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, - 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303, - 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, - 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901, - 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, - 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501, - 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, - 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343, - 0x84058581, 0x14140410, 0x88098981, 0x981b8b93, - 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971, - 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, - 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53, - 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, - 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642, - 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, - 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1, - 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, - 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70, - 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, - 0x30320232, 0x84048480, 0x68294961, 0x90138393, - 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, - 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783, - 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, - 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3 - }, + 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0, + 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, + 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53, + 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, + 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3, + 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, + 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43, + 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, + 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0, + 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, + 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890, + 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, + 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3, + 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, + 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272, + 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, + 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83, + 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, + 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430, + 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, + 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0, + 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, + 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1, + 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, + 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1, + 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, + 0x20220222, 0x04040400, 0x68284860, 0x70314171, + 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, + 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951, + 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, + 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0, + 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, + 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3, + 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, + 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41, + 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, + 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62, + 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, + 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0, + 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, + 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303, + 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, + 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901, + 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, + 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501, + 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, + 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343, + 0x84058581, 0x14140410, 0x88098981, 0x981b8b93, + 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971, + 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, + 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53, + 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, + 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642, + 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, + 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1, + 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, + 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70, + 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, + 0x30320232, 0x84048480, 0x68294961, 0x90138393, + 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, + 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783, + 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, + 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3 }, { 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, - 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505, - 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, - 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343, - 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, - 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707, - 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, - 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece, - 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, - 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444, - 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, - 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101, - 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, - 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9, - 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, - 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9, - 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, - 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f, - 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, - 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5, - 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, - 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808, - 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, - 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1, - 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, - 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b, - 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, - 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a, - 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, - 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444, - 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, - 0x02040606, 0x21202101, 0x63682b4b, 0x62642646, - 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, - 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0, - 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, - 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf, - 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, - 0x32343606, 0x11141505, 0x22202202, 0x30383808, - 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, - 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787, - 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, - 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989, - 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, - 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4, - 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, - 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888, - 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, - 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484, - 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, - 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040, - 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, - 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545, - 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, - 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646, - 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, - 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca, - 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, - 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282, - 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, - 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888, - 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, - 0x62602242, 0x21282909, 0x03040707, 0x33303303, - 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, - 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a - }, + 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505, + 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, + 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343, + 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, + 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707, + 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, + 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece, + 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, + 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444, + 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, + 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101, + 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, + 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9, + 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, + 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9, + 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, + 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f, + 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, + 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5, + 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, + 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808, + 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, + 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1, + 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, + 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b, + 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, + 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a, + 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, + 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444, + 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, + 0x02040606, 0x21202101, 0x63682b4b, 0x62642646, + 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, + 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0, + 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, + 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf, + 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, + 0x32343606, 0x11141505, 0x22202202, 0x30383808, + 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, + 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787, + 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, + 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989, + 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, + 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4, + 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, + 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888, + 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, + 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484, + 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, + 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040, + 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, + 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545, + 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, + 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646, + 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, + 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca, + 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, + 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282, + 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, + 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888, + 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, + 0x62602242, 0x21282909, 0x03040707, 0x33303303, + 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, + 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a }, { 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, - 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838, - 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, - 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b, - 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, - 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427, - 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, - 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b, - 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, - 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434, - 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, - 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818, - 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, - 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f, - 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, - 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032, - 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, - 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b, - 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, - 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434, - 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, - 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838, - 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, - 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839, - 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, - 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031, - 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, - 0x02222022, 0x04000404, 0x48606828, 0x41717031, - 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, - 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819, - 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, - 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010, - 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, - 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f, - 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, - 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d, - 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, - 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e, - 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, - 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c, - 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, - 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003, - 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, - 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809, - 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, - 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405, - 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, - 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003, - 0x85818405, 0x04101414, 0x89818809, 0x8b93981b, - 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839, - 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, - 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f, - 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, - 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406, - 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, - 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d, - 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, - 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c, - 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, - 0x02323032, 0x84808404, 0x49616829, 0x83939013, - 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, - 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407, - 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, - 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437 - } + 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838, + 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, + 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b, + 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, + 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427, + 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, + 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b, + 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, + 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434, + 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, + 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818, + 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, + 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f, + 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, + 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032, + 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, + 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b, + 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, + 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434, + 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, + 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838, + 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, + 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839, + 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, + 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031, + 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, + 0x02222022, 0x04000404, 0x48606828, 0x41717031, + 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, + 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819, + 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, + 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010, + 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, + 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f, + 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, + 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d, + 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, + 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e, + 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, + 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c, + 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, + 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003, + 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, + 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809, + 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, + 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405, + 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, + 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003, + 0x85818405, 0x04101414, 0x89818809, 0x8b93981b, + 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839, + 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, + 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f, + 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, + 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406, + 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, + 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d, + 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, + 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c, + 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, + 0x02323032, 0x84808404, 0x49616829, 0x83939013, + 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, + 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407, + 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, + 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437 } }; #else /* on x86_64 >5x size reduction at 40% performance penalty */ static const unsigned char SEED_Sbox[2][256] = { -{ - 0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25, - 0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63, - 0x28, 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17, - 0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE, - 0x70, 0x8C, 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74, - 0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01, - 0x24, 0x1C, 0x73, 0x98, 0x10, 0xCC, 0xF2, 0xD9, - 0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9, - 0x60, 0x50, 0xA3, 0xEB, 0x0D, 0xB6, 0x9E, 0x4F, - 0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5, - 0x61, 0xC3, 0xB4, 0x41, 0x52, 0x7D, 0x8D, 0x08, - 0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1, - 0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B, 0x0E, 0xAB, - 0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A, - 0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE, 0x64, - 0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66, - 0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0, - 0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF, - 0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38, - 0xF4, 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97, - 0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89, - 0x75, 0xFB, 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4, - 0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8, - 0x0F, 0x8E, 0x42, 0x23, 0x91, 0x6C, 0xDB, 0xA4, - 0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40, - 0xBE, 0x3E, 0xBC, 0xC1, 0xAA, 0xBA, 0x4E, 0x55, - 0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56, - 0x77, 0xA0, 0xED, 0x46, 0xB5, 0x2B, 0x65, 0xFA, - 0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2, - 0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0, 0xCD, 0x88, - 0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33, - 0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A, 0x9A - }, - { - 0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8, - 0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B, - 0xC3, 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7, - 0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B, - 0xEF, 0x88, 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4, - 0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98, - 0x28, 0x4E, 0xF6, 0x3E, 0xA5, 0xF9, 0x0D, 0xDF, - 0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72, - 0x42, 0xD4, 0x41, 0xC0, 0x73, 0x67, 0xAC, 0x8B, - 0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34, - 0xD2, 0x0B, 0xEE, 0xE9, 0x5D, 0x94, 0x18, 0xF8, - 0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9, - 0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A, 0x6A, 0xB1, - 0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71, - 0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6, 0x59, - 0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0, - 0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF, - 0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D, - 0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E, - 0x9F, 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC, - 0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03, - 0x64, 0x6D, 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09, - 0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05, - 0xFA, 0x01, 0xF0, 0x2A, 0x5E, 0xA9, 0x56, 0x43, - 0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79, - 0x97, 0xFC, 0x1E, 0x82, 0x21, 0x8C, 0x1B, 0x5F, - 0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46, - 0xED, 0x58, 0x52, 0xEB, 0x7E, 0xDA, 0xC9, 0xFD, - 0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C, - 0x0E, 0x50, 0x39, 0x26, 0x32, 0x84, 0x69, 0x93, - 0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87, - 0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A, 0xB7 - } + { 0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25, + 0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63, + 0x28, 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17, + 0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE, + 0x70, 0x8C, 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74, + 0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01, + 0x24, 0x1C, 0x73, 0x98, 0x10, 0xCC, 0xF2, 0xD9, + 0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9, + 0x60, 0x50, 0xA3, 0xEB, 0x0D, 0xB6, 0x9E, 0x4F, + 0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5, + 0x61, 0xC3, 0xB4, 0x41, 0x52, 0x7D, 0x8D, 0x08, + 0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1, + 0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B, 0x0E, 0xAB, + 0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A, + 0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE, 0x64, + 0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66, + 0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0, + 0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF, + 0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38, + 0xF4, 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97, + 0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89, + 0x75, 0xFB, 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4, + 0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8, + 0x0F, 0x8E, 0x42, 0x23, 0x91, 0x6C, 0xDB, 0xA4, + 0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40, + 0xBE, 0x3E, 0xBC, 0xC1, 0xAA, 0xBA, 0x4E, 0x55, + 0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56, + 0x77, 0xA0, 0xED, 0x46, 0xB5, 0x2B, 0x65, 0xFA, + 0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2, + 0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0, 0xCD, 0x88, + 0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33, + 0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A, 0x9A }, + { 0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8, + 0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B, + 0xC3, 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7, + 0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B, + 0xEF, 0x88, 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4, + 0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98, + 0x28, 0x4E, 0xF6, 0x3E, 0xA5, 0xF9, 0x0D, 0xDF, + 0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72, + 0x42, 0xD4, 0x41, 0xC0, 0x73, 0x67, 0xAC, 0x8B, + 0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34, + 0xD2, 0x0B, 0xEE, 0xE9, 0x5D, 0x94, 0x18, 0xF8, + 0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9, + 0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A, 0x6A, 0xB1, + 0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71, + 0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6, 0x59, + 0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0, + 0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF, + 0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D, + 0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E, + 0x9F, 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC, + 0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03, + 0x64, 0x6D, 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09, + 0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05, + 0xFA, 0x01, 0xF0, 0x2A, 0x5E, 0xA9, 0x56, 0x43, + 0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79, + 0x97, 0xFC, 0x1E, 0x82, 0x21, 0x8C, 0x1B, 0x5F, + 0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46, + 0xED, 0x58, 0x52, 0xEB, 0x7E, 0xDA, 0xC9, 0xFD, + 0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C, + 0x0E, 0x50, 0x39, 0x26, 0x32, 0x84, 0x69, 0x93, + 0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87, + 0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A, 0xB7 } }; static unsigned int G_FUNC(unsigned int v) { unsigned int s0, s1, s2, s3, ret; - s0 = SEED_Sbox[0][(unsigned char) (v) & 0xff]; - s1 = SEED_Sbox[1][(unsigned char)((v)>> 8) & 0xff]; - s2 = SEED_Sbox[0][(unsigned char)((v)>>16) & 0xff]; - s3 = SEED_Sbox[1][(unsigned char)((v)>>24) & 0xff]; + s0 = SEED_Sbox[0][(unsigned char)(v) & 0xff]; + s1 = SEED_Sbox[1][(unsigned char)((v) >> 8) & 0xff]; + s2 = SEED_Sbox[0][(unsigned char)((v) >> 16) & 0xff]; + s3 = SEED_Sbox[1][(unsigned char)((v) >> 24) & 0xff]; - ret = ((s0 & 0xFC) ^ (s1 & 0xF3) ^ (s2 & 0xCF) ^ (s3 & 0x3F)); + ret = ((s0 & 0xFC) ^ (s1 & 0xF3) ^ (s2 & 0xCF) ^ (s3 & 0x3F)); ret |= ((s0 & 0xF3) ^ (s1 & 0xCF) ^ (s2 & 0x3F) ^ (s3 & 0xFC)) << 8; ret |= ((s0 & 0xCF) ^ (s1 & 0x3F) ^ (s2 & 0xFC) ^ (s3 & 0xF3)) << 16; ret |= ((s0 & 0x3F) ^ (s1 & 0xFC) ^ (s2 & 0xF3) ^ (s3 & 0xCF)) << 24; return ret; } -# endif +#endif /* key schedule constants - golden ratio */ -# define KC0 0x9e3779b9 -# define KC1 0x3c6ef373 -# define KC2 0x78dde6e6 -# define KC3 0xf1bbcdcc -# define KC4 0xe3779b99 -# define KC5 0xc6ef3733 -# define KC6 0x8dde6e67 -# define KC7 0x1bbcdccf -# define KC8 0x3779b99e -# define KC9 0x6ef3733c -# define KC10 0xdde6e678 -# define KC11 0xbbcdccf1 -# define KC12 0x779b99e3 -# define KC13 0xef3733c6 -# define KC14 0xde6e678d -# define KC15 0xbcdccf1b +#define KC0 0x9e3779b9 +#define KC1 0x3c6ef373 +#define KC2 0x78dde6e6 +#define KC3 0xf1bbcdcc +#define KC4 0xe3779b99 +#define KC5 0xc6ef3733 +#define KC6 0x8dde6e67 +#define KC7 0x1bbcdccf +#define KC8 0x3779b99e +#define KC9 0x6ef3733c +#define KC10 0xdde6e678 +#define KC11 0xbbcdccf1 +#define KC12 0x779b99e3 +#define KC13 0xef3733c6 +#define KC14 0xde6e678d +#define KC15 0xbcdccf1b -# if defined(OPENSSL_SMALL_FOOTPRINT) +#if defined(OPENSSL_SMALL_FOOTPRINT) static const seed_word KC[] = { KC0, KC1, KC2, KC3, KC4, KC5, KC6, KC7, KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15 }; -# endif +#endif void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], - SEED_KEY_SCHEDULE *ks) + SEED_KEY_SCHEDULE *ks) { seed_word x1, x2, x3, x4; seed_word t0, t1; @@ -460,7 +449,7 @@ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1); KEYUPDATE_TEMP(t0, t1, &ks->data[2]); -# if !defined(OPENSSL_SMALL_FOOTPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT) KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2); KEYUPDATE_TEMP(t0, t1, &ks->data[4]); KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3); @@ -489,7 +478,7 @@ KEYUPDATE_TEMP(t0, t1, &ks->data[28]); KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15); KEYUPDATE_TEMP(t0, t1, &ks->data[30]); -# else +#else { int i; for (i = 2; i < 16; i += 2) { @@ -499,12 +488,12 @@ KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2 + 2]); } } -# endif +#endif } void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], - unsigned char d[SEED_BLOCK_SIZE], - const SEED_KEY_SCHEDULE *ks) + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks) { seed_word x1, x2, x3, x4; seed_word t0, t1; @@ -514,7 +503,7 @@ char2word(s + 8, x3); char2word(s + 12, x4); -# if !defined(OPENSSL_SMALL_FOOTPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT) E_SEED(t0, t1, x1, x2, x3, x4, 0); E_SEED(t0, t1, x3, x4, x1, x2, 2); E_SEED(t0, t1, x1, x2, x3, x4, 4); @@ -531,7 +520,7 @@ E_SEED(t0, t1, x3, x4, x1, x2, 26); E_SEED(t0, t1, x1, x2, x3, x4, 28); E_SEED(t0, t1, x3, x4, x1, x2, 30); -# else +#else { int i; for (i = 0; i < 30; i += 4) { @@ -539,7 +528,7 @@ E_SEED(t0, t1, x3, x4, x1, x2, i + 2); } } -# endif +#endif word2char(x3, d); word2char(x4, d + 4); @@ -548,8 +537,8 @@ } void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], - unsigned char d[SEED_BLOCK_SIZE], - const SEED_KEY_SCHEDULE *ks) + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks) { seed_word x1, x2, x3, x4; seed_word t0, t1; @@ -559,7 +548,7 @@ char2word(s + 8, x3); char2word(s + 12, x4); -# if !defined(OPENSSL_SMALL_FOOTPRINT) +#if !defined(OPENSSL_SMALL_FOOTPRINT) E_SEED(t0, t1, x1, x2, x3, x4, 30); E_SEED(t0, t1, x3, x4, x1, x2, 28); E_SEED(t0, t1, x1, x2, x3, x4, 26); @@ -576,16 +565,15 @@ E_SEED(t0, t1, x3, x4, x1, x2, 4); E_SEED(t0, t1, x1, x2, x3, x4, 2); E_SEED(t0, t1, x3, x4, x1, x2, 0); -# else +#else { int i; for (i = 30; i > 0; i -= 4) { E_SEED(t0, t1, x1, x2, x3, x4, i); E_SEED(t0, t1, x3, x4, x1, x2, i - 2); - } } -# endif +#endif word2char(x3, d); word2char(x4, d + 4); @@ -593,4 +581,4 @@ word2char(x2, d + 12); } -#endif /* OPENSSL_NO_SEED */ +#endif /* OPENSSL_NO_SEED */ --- crypto/openssl/crypto/seed/seed_cbc.c.orig +++ crypto/openssl/crypto/seed/seed_cbc.c @@ -17,13 +17,13 @@ #include void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], int enc) + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc) { if (enc) CRYPTO_cbc128_encrypt(in, out, len, ks, ivec, - (block128_f) SEED_encrypt); + (block128_f)SEED_encrypt); else CRYPTO_cbc128_decrypt(in, out, len, ks, ivec, - (block128_f) SEED_decrypt); + (block128_f)SEED_decrypt); } --- crypto/openssl/crypto/seed/seed_cfb.c.orig +++ crypto/openssl/crypto/seed/seed_cfb.c @@ -17,10 +17,10 @@ #include void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], int *num, - int enc) + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, + int enc) { CRYPTO_cfb128_encrypt(in, out, len, ks, ivec, num, enc, - (block128_f) SEED_encrypt); + (block128_f)SEED_encrypt); } --- crypto/openssl/crypto/seed/seed_ecb.c.orig +++ crypto/openssl/crypto/seed/seed_ecb.c @@ -16,7 +16,7 @@ #include void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, - const SEED_KEY_SCHEDULE *ks, int enc) + const SEED_KEY_SCHEDULE *ks, int enc) { if (enc) SEED_encrypt(in, out, ks); --- crypto/openssl/crypto/seed/seed_local.h.orig +++ crypto/openssl/crypto/seed/seed_local.h @@ -33,80 +33,79 @@ * */ #ifndef OSSL_CRYPTO_SEED_LOCAL_H -# define OSSL_CRYPTO_SEED_LOCAL_H +#define OSSL_CRYPTO_SEED_LOCAL_H -# include -# include +#include +#include -# ifdef SEED_LONG /* need 32-bit type */ +#ifdef SEED_LONG /* need 32-bit type */ typedef unsigned long seed_word; -# else +#else typedef unsigned int seed_word; -# endif +#endif +#define char2word(c, i) \ + (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3])) -# define char2word(c, i) \ - (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3])) +#define word2char(l, c) \ + *((c) + 0) = (unsigned char)((l) >> 24) & 0xff; \ + *((c) + 1) = (unsigned char)((l) >> 16) & 0xff; \ + *((c) + 2) = (unsigned char)((l) >> 8) & 0xff; \ + *((c) + 3) = (unsigned char)((l)) & 0xff -# define word2char(l, c) \ - *((c)+0) = (unsigned char)((l)>>24) & 0xff; \ - *((c)+1) = (unsigned char)((l)>>16) & 0xff; \ - *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \ - *((c)+3) = (unsigned char)((l)) & 0xff +#define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC) \ + (T0) = (X3); \ + (X3) = (((X3) << 8) ^ ((X4) >> 24)) & 0xffffffff; \ + (X4) = (((X4) << 8) ^ ((T0) >> 24)) & 0xffffffff; \ + (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ + (T1) = ((X2) + (KC) - (X4)) & 0xffffffff -# define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC) \ - (T0) = (X3); \ - (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff; \ - (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff; \ - (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ - (T1) = ((X2) + (KC) - (X4)) & 0xffffffff +#define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC) \ + (T0) = (X1); \ + (X1) = (((X1) >> 8) ^ ((X2) << 24)) & 0xffffffff; \ + (X2) = (((X2) >> 8) ^ ((T0) << 24)) & 0xffffffff; \ + (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ + (T1) = ((X2) + (KC) - (X4)) & 0xffffffff -# define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC) \ - (T0) = (X1); \ - (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff; \ - (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff; \ - (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ - (T1) = ((X2) + (KC) - (X4)) & 0xffffffff +#define KEYUPDATE_TEMP(T0, T1, K) \ + (K)[0] = G_FUNC((T0)); \ + (K)[1] = G_FUNC((T1)) -# define KEYUPDATE_TEMP(T0, T1, K) \ - (K)[0] = G_FUNC((T0)); \ - (K)[1] = G_FUNC((T1)) +#define XOR_SEEDBLOCK(DST, SRC) \ + ((DST))[0] ^= ((SRC))[0]; \ + ((DST))[1] ^= ((SRC))[1]; \ + ((DST))[2] ^= ((SRC))[2]; \ + ((DST))[3] ^= ((SRC))[3] -# define XOR_SEEDBLOCK(DST, SRC) \ - ((DST))[0] ^= ((SRC))[0]; \ - ((DST))[1] ^= ((SRC))[1]; \ - ((DST))[2] ^= ((SRC))[2]; \ - ((DST))[3] ^= ((SRC))[3] +#define MOV_SEEDBLOCK(DST, SRC) \ + ((DST))[0] = ((SRC))[0]; \ + ((DST))[1] = ((SRC))[1]; \ + ((DST))[2] = ((SRC))[2]; \ + ((DST))[3] = ((SRC))[3] -# define MOV_SEEDBLOCK(DST, SRC) \ - ((DST))[0] = ((SRC))[0]; \ - ((DST))[1] = ((SRC))[1]; \ - ((DST))[2] = ((SRC))[2]; \ - ((DST))[3] = ((SRC))[3] +#define CHAR2WORD(C, I) \ + char2word((C), (I)[0]); \ + char2word((C + 4), (I)[1]); \ + char2word((C + 8), (I)[2]); \ + char2word((C + 12), (I)[3]) -# define CHAR2WORD(C, I) \ - char2word((C), (I)[0]); \ - char2word((C+4), (I)[1]); \ - char2word((C+8), (I)[2]); \ - char2word((C+12), (I)[3]) +#define WORD2CHAR(I, C) \ + word2char((I)[0], (C)); \ + word2char((I)[1], (C + 4)); \ + word2char((I)[2], (C + 8)); \ + word2char((I)[3], (C + 12)) -# define WORD2CHAR(I, C) \ - word2char((I)[0], (C)); \ - word2char((I)[1], (C+4)); \ - word2char((I)[2], (C+8)); \ - word2char((I)[3], (C+12)) +#define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \ + (T0) = (X3) ^ (ks->data)[(rbase)]; \ + (T1) = (X4) ^ (ks->data)[(rbase) + 1]; \ + (T1) ^= (T0); \ + (T1) = G_FUNC((T1)); \ + (T0) = ((T0) + (T1)) & 0xffffffff; \ + (T0) = G_FUNC((T0)); \ + (T1) = ((T1) + (T0)) & 0xffffffff; \ + (T1) = G_FUNC((T1)); \ + (T0) = ((T0) + (T1)) & 0xffffffff; \ + (X1) ^= (T0); \ + (X2) ^= (T1) -# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \ - (T0) = (X3) ^ (ks->data)[(rbase)]; \ - (T1) = (X4) ^ (ks->data)[(rbase)+1]; \ - (T1) ^= (T0); \ - (T1) = G_FUNC((T1)); \ - (T0) = ((T0) + (T1)) & 0xffffffff; \ - (T0) = G_FUNC((T0)); \ - (T1) = ((T1) + (T0)) & 0xffffffff; \ - (T1) = G_FUNC((T1)); \ - (T0) = ((T0) + (T1)) & 0xffffffff; \ - (X1) ^= (T0); \ - (X2) ^= (T1) - -#endif /* OSSL_CRYPTO_SEED_LOCAL_H */ +#endif /* OSSL_CRYPTO_SEED_LOCAL_H */ --- crypto/openssl/crypto/seed/seed_ofb.c.orig +++ crypto/openssl/crypto/seed/seed_ofb.c @@ -17,9 +17,9 @@ #include void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], int *num) + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num) { CRYPTO_ofb128_encrypt(in, out, len, ks, ivec, num, - (block128_f) SEED_encrypt); + (block128_f)SEED_encrypt); } --- crypto/openssl/crypto/self_test_core.c.orig +++ crypto/openssl/crypto/self_test_core.c @@ -12,14 +12,12 @@ #include #include "internal/cryptlib.h" -typedef struct self_test_cb_st -{ +typedef struct self_test_cb_st { OSSL_CALLBACK *cb; void *cbarg; } SELF_TEST_CB; -struct ossl_self_test_st -{ +struct ossl_self_test_st { /* local state variables */ const char *phase; const char *type; @@ -54,11 +52,11 @@ static SELF_TEST_CB *get_self_test_callback(OSSL_LIB_CTX *libctx) { return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_SELF_TEST_CB_INDEX, - &self_test_set_callback_method); + &self_test_set_callback_method); } void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK *cb, - void *cbarg) + void *cbarg) { SELF_TEST_CB *stcb = get_self_test_callback(libctx); @@ -69,7 +67,7 @@ } void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, - void **cbarg) + void **cbarg) { SELF_TEST_CB *stcb = get_self_test_callback(libctx); @@ -85,15 +83,12 @@ size_t n = 0; if (st->cb != NULL) { - st->params[n++] = - OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_PHASE, - (char *)st->phase, 0); - st->params[n++] = - OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_TYPE, - (char *)st->type, 0); - st->params[n++] = - OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_DESC, - (char *)st->desc, 0); + st->params[n++] = OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_PHASE, + (char *)st->phase, 0); + st->params[n++] = OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_TYPE, + (char *)st->type, 0); + st->params[n++] = OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_DESC, + (char *)st->desc, 0); } st->params[n++] = OSSL_PARAM_construct_end(); } @@ -121,7 +116,7 @@ /* Can be used during application testing to log that a test has started. */ void OSSL_SELF_TEST_onbegin(OSSL_SELF_TEST *st, const char *type, - const char *desc) + const char *desc) { if (st != NULL && st->cb != NULL) { st->phase = OSSL_SELF_TEST_PHASE_START; @@ -139,8 +134,7 @@ void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret) { if (st != NULL && st->cb != NULL) { - st->phase = - (ret == 1 ? OSSL_SELF_TEST_PHASE_PASS : OSSL_SELF_TEST_PHASE_FAIL); + st->phase = (ret == 1 ? OSSL_SELF_TEST_PHASE_PASS : OSSL_SELF_TEST_PHASE_FAIL); self_test_setparams(st); (void)st->cb(st->params, st->cb_arg); --- crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl.orig +++ crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,7 @@ $code.=<<___; .text +.machine "z10" .type __KeccakF1600,\@function .align 32 --- crypto/openssl/crypto/sha/keccak1600.c.orig +++ crypto/openssl/crypto/sha/keccak1600.c @@ -12,7 +12,7 @@ #include size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, - size_t r); + size_t r); void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); #if !defined(KECCAK1600_ASM) || !defined(SELFTEST) @@ -20,33 +20,27 @@ /* * Choose some sensible defaults */ -#if !defined(KECCAK_REF) && !defined(KECCAK_1X) && !defined(KECCAK_1X_ALT) && \ - !defined(KECCAK_2X) && !defined(KECCAK_INPLACE) -# define KECCAK_2X /* default to KECCAK_2X variant */ +#if !defined(KECCAK_REF) && !defined(KECCAK_1X) && !defined(KECCAK_1X_ALT) && !defined(KECCAK_2X) && !defined(KECCAK_INPLACE) +#define KECCAK_2X /* default to KECCAK_2X variant */ #endif -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - (defined(__x86_64) && !defined(__BMI__)) || defined(_M_X64) || \ - defined(__mips) || defined(__riscv) || defined(__s390__) || \ - defined(__EMSCRIPTEN__) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || (defined(__x86_64) && !defined(__BMI__)) || defined(_M_X64) || defined(__mips) || defined(__riscv) || defined(__s390__) || defined(__EMSCRIPTEN__) /* * These don't have "and with complement" instruction, so minimize amount * of "not"-s. Implemented only in the [default] KECCAK_2X variant. */ -# define KECCAK_COMPLEMENTING_TRANSFORM +#define KECCAK_COMPLEMENTING_TRANSFORM #endif -#if defined(__x86_64__) || defined(__aarch64__) || \ - defined(__mips64) || defined(__ia64) || \ - (defined(__VMS) && !defined(__vax)) +#if defined(__x86_64__) || defined(__aarch64__) || defined(__mips64) || defined(__ia64) || (defined(__VMS) && !defined(__vax)) /* * These are available even in ILP32 flavours, but even then they are * capable of performing 64-bit operations as efficiently as in *P64. * Since it's not given that we can use sizeof(void *), just shunt it. */ -# define BIT_INTERLEAVE (0) +#define BIT_INTERLEAVE (0) #else -# define BIT_INTERLEAVE (sizeof(void *) < 8) +#define BIT_INTERLEAVE (sizeof(void *) < 8) #endif #define ROL32(a, offset) (((a) << (offset)) | ((a) >> ((32 - (offset)) & 31))) @@ -56,7 +50,7 @@ if (offset == 0) { return val; } else if (!BIT_INTERLEAVE) { - return (val << offset) | (val >> (64-offset)); + return (val << offset) | (val >> (64 - offset)); } else { uint32_t hi = (uint32_t)(val >> 32), lo = (uint32_t)val; @@ -77,11 +71,11 @@ } static const unsigned char rhotates[5][5] = { - { 0, 1, 62, 28, 27 }, - { 36, 44, 6, 55, 20 }, - { 3, 10, 43, 25, 39 }, - { 41, 45, 15, 21, 8 }, - { 18, 2, 61, 56, 14 } + { 0, 1, 62, 28, 27 }, + { 36, 44, 6, 55, 20 }, + { 3, 10, 43, 25, 39 }, + { 41, 45, 15, 21, 8 }, + { 18, 2, 61, 56, 14 } }; static const uint64_t iotas[] = { @@ -261,8 +255,8 @@ */ static void Round(uint64_t A[5][5], size_t i) { - uint64_t C[5], E[2]; /* registers */ - uint64_t D[5], T[2][5]; /* memory */ + uint64_t C[5], E[2]; /* registers */ + uint64_t D[5], T[2][5]; /* memory */ assert(i < (sizeof(iotas) / sizeof(iotas[0]))); @@ -285,11 +279,11 @@ T[0][3] = A[0][3] ^ C[2]; /* D[3] */ T[0][4] = A[0][4] ^ E[1]; /* D[4] */ - C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ - C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ - C[0] = A[0][0] ^ C[0]; /* rotate by 0 */ /* D[0] */ - C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ - C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]); /* D[1] */ + C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ + C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ + C[0] = A[0][0] ^ C[0]; /* rotate by 0 */ /* D[0] */ + C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ + C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]); /* D[1] */ #else D[0] = ROL64(C[1], 1) ^ C[4]; D[1] = ROL64(C[2], 1) ^ C[0]; @@ -303,7 +297,7 @@ T[0][3] = A[0][3] ^ D[3]; T[0][4] = A[0][4] ^ D[4]; - C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); @@ -321,11 +315,11 @@ T[1][3] = A[1][3] ^ (E[1] = D[3]); T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */ - C[0] = ROL64(T[0][3], rhotates[0][3]); - C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]); /* D[4] */ - C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]); /* D[0] */ - C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]); /* D[1] */ - C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]); /* D[2] */ + C[0] = ROL64(T[0][3], rhotates[0][3]); + C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]); /* D[4] */ + C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]); /* D[0] */ + C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]); /* D[1] */ + C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]); /* D[2] */ A[1][0] = C[0] ^ (~C[1] & C[2]); A[1][1] = C[1] ^ (~C[2] & C[3]); @@ -333,8 +327,8 @@ A[1][3] = C[3] ^ (~C[4] & C[0]); A[1][4] = C[4] ^ (~C[0] & C[1]); - C[0] = ROL64(T[0][1], rhotates[0][1]); - C[1] = ROL64(T[1][2], rhotates[1][2]); + C[0] = ROL64(T[0][1], rhotates[0][1]); + C[1] = ROL64(T[1][2], rhotates[1][2]); C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); @@ -345,9 +339,9 @@ A[2][3] = C[3] ^ (~C[4] & C[0]); A[2][4] = C[4] ^ (~C[0] & C[1]); - C[0] = ROL64(T[0][4], rhotates[0][4]); - C[1] = ROL64(T[1][0], rhotates[1][0]); - C[2] = ROL64(T[1][1], rhotates[2][1]); /* originally A[2][1] */ + C[0] = ROL64(T[0][4], rhotates[0][4]); + C[1] = ROL64(T[1][0], rhotates[1][0]); + C[2] = ROL64(T[1][1], rhotates[2][1]); /* originally A[2][1] */ C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); @@ -357,10 +351,10 @@ A[3][3] = C[3] ^ (~C[4] & C[0]); A[3][4] = C[4] ^ (~C[0] & C[1]); - C[0] = ROL64(T[0][2], rhotates[0][2]); - C[1] = ROL64(T[1][3], rhotates[1][3]); - C[2] = ROL64(T[1][4], rhotates[2][4]); /* originally A[2][4] */ - C[3] = ROL64(T[0][0], rhotates[3][0]); /* originally A[3][0] */ + C[0] = ROL64(T[0][2], rhotates[0][2]); + C[1] = ROL64(T[1][3], rhotates[1][3]); + C[2] = ROL64(T[1][4], rhotates[2][4]); /* originally A[2][4] */ + C[3] = ROL64(T[0][0], rhotates[3][0]); /* originally A[3][0] */ C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); A[4][0] = C[0] ^ (~C[1] & C[2]); @@ -399,8 +393,8 @@ C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; - D[1] = C[0] ^ ROL64(C[2], 1); - D[2] = C[1] ^ ROL64(C[3], 1); + D[1] = C[0] ^ ROL64(C[2], 1); + D[2] = C[1] ^ ROL64(C[3], 1); D[3] = C[2] ^= ROL64(C[4], 1); D[4] = C[3] ^= ROL64(C[0], 1); D[0] = C[4] ^= ROL64(C[1], 1); @@ -465,10 +459,10 @@ A[1][2] = ROL64(A[2][0], rhotates[2][0]); A[3][1] = ROL64(A[1][0], rhotates[1][0]); - A[1][0] = ROL64(C[3], rhotates[0][3]); - A[2][0] = ROL64(C[1], rhotates[0][1]); - A[3][0] = ROL64(C[4], rhotates[0][4]); - A[4][0] = ROL64(C[2], rhotates[0][2]); + A[1][0] = ROL64(C[3], rhotates[0][3]); + A[2][0] = ROL64(C[1], rhotates[0][1]); + A[3][0] = ROL64(C[4], rhotates[0][4]); + A[4][0] = ROL64(C[2], rhotates[0][2]); C[0] = A[0][0]; C[1] = A[1][0]; @@ -483,8 +477,8 @@ A[1][2] ^= (~A[1][3] & A[1][4]); A[0][3] ^= (~A[0][4] & C[0]); A[1][3] ^= (~A[1][4] & C[1]); - A[0][4] ^= (~C[0] & D[0]); - A[1][4] ^= (~C[1] & D[1]); + A[0][4] ^= (~C[0] & D[0]); + A[1][4] ^= (~C[1] & D[1]); C[2] = A[2][0]; C[3] = A[3][0]; @@ -499,8 +493,8 @@ A[3][2] ^= (~A[3][3] & A[3][4]); A[2][3] ^= (~A[2][4] & C[2]); A[3][3] ^= (~A[3][4] & C[3]); - A[2][4] ^= (~C[2] & D[2]); - A[3][4] ^= (~C[3] & D[3]); + A[2][4] ^= (~C[2] & D[2]); + A[3][4] ^= (~C[3] & D[3]); C[4] = A[4][0]; D[4] = A[4][1]; @@ -509,7 +503,7 @@ A[4][1] ^= (~A[4][2] & A[4][3]); A[4][2] ^= (~A[4][3] & A[4][4]); A[4][3] ^= (~A[4][4] & C[4]); - A[4][4] ^= (~C[4] & D[4]); + A[4][4] ^= (~C[4] & D[4]); A[0][0] ^= iotas[i]; } @@ -550,18 +544,18 @@ D[3] = ROL64(C[4], 1) ^ C[2]; D[4] = ROL64(C[0], 1) ^ C[3]; - C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); #ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i]; + R[0][0] = C[0] ^ (C[1] | C[2]) ^ iotas[i]; R[0][1] = C[1] ^ (~C[2] | C[3]); - R[0][2] = C[2] ^ ( C[3] & C[4]); - R[0][3] = C[3] ^ ( C[4] | C[0]); - R[0][4] = C[4] ^ ( C[0] & C[1]); + R[0][2] = C[2] ^ (C[3] & C[4]); + R[0][3] = C[3] ^ (C[4] | C[0]); + R[0][4] = C[4] ^ (C[0] & C[1]); #else R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; R[0][1] = C[1] ^ (~C[2] & C[3]); @@ -577,11 +571,11 @@ C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); #ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[1][0] = C[0] ^ (C[1] | C[2]); - R[1][1] = C[1] ^ (C[2] & C[3]); + R[1][0] = C[0] ^ (C[1] | C[2]); + R[1][1] = C[1] ^ (C[2] & C[3]); R[1][2] = C[2] ^ (C[3] | ~C[4]); - R[1][3] = C[3] ^ (C[4] | C[0]); - R[1][4] = C[4] ^ (C[0] & C[1]); + R[1][3] = C[3] ^ (C[4] | C[0]); + R[1][4] = C[4] ^ (C[0] & C[1]); #else R[1][0] = C[0] ^ (~C[1] & C[2]); R[1][1] = C[1] ^ (~C[2] & C[3]); @@ -597,11 +591,11 @@ C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); #ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[2][0] = C[0] ^ ( C[1] | C[2]); - R[2][1] = C[1] ^ ( C[2] & C[3]); - R[2][2] = C[2] ^ (~C[3] & C[4]); - R[2][3] = ~C[3] ^ ( C[4] | C[0]); - R[2][4] = C[4] ^ ( C[0] & C[1]); + R[2][0] = C[0] ^ (C[1] | C[2]); + R[2][1] = C[1] ^ (C[2] & C[3]); + R[2][2] = C[2] ^ (~C[3] & C[4]); + R[2][3] = ~C[3] ^ (C[4] | C[0]); + R[2][4] = C[4] ^ (C[0] & C[1]); #else R[2][0] = C[0] ^ (~C[1] & C[2]); R[2][1] = C[1] ^ (~C[2] & C[3]); @@ -617,11 +611,11 @@ C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); #ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[3][0] = C[0] ^ ( C[1] & C[2]); - R[3][1] = C[1] ^ ( C[2] | C[3]); - R[3][2] = C[2] ^ (~C[3] | C[4]); - R[3][3] = ~C[3] ^ ( C[4] & C[0]); - R[3][4] = C[4] ^ ( C[0] | C[1]); + R[3][0] = C[0] ^ (C[1] & C[2]); + R[3][1] = C[1] ^ (C[2] | C[3]); + R[3][2] = C[2] ^ (~C[3] | C[4]); + R[3][3] = ~C[3] ^ (C[4] & C[0]); + R[3][4] = C[4] ^ (C[0] | C[1]); #else R[3][0] = C[0] ^ (~C[1] & C[2]); R[3][1] = C[1] ^ (~C[2] & C[3]); @@ -637,11 +631,11 @@ C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); #ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[4][0] = C[0] ^ (~C[1] & C[2]); - R[4][1] = ~C[1] ^ ( C[2] | C[3]); - R[4][2] = C[2] ^ ( C[3] & C[4]); - R[4][3] = C[3] ^ ( C[4] | C[0]); - R[4][4] = C[4] ^ ( C[0] & C[1]); + R[4][0] = C[0] ^ (~C[1] & C[2]); + R[4][1] = ~C[1] ^ (C[2] | C[3]); + R[4][2] = C[2] ^ (C[3] & C[4]); + R[4][3] = C[3] ^ (C[4] | C[0]); + R[4][4] = C[4] ^ (C[0] & C[1]); #else R[4][0] = C[0] ^ (~C[1] & C[2]); R[4][1] = C[1] ^ (~C[2] & C[3]); @@ -680,7 +674,7 @@ #endif } -#else /* define KECCAK_INPLACE to compile this code path */ +#else /* define KECCAK_INPLACE to compile this code path */ /* * This implementation is KECCAK_1X from above combined 4 times with * a twist that allows to omit temporary storage and perform in-place @@ -709,7 +703,7 @@ D[3] = ROL64(C[4], 1) ^ C[2]; D[4] = ROL64(C[0], 1) ^ C[3]; - B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ B[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); B[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); B[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); @@ -776,7 +770,7 @@ D[3] = ROL64(C[4], 1) ^ C[2]; D[4] = ROL64(C[0], 1) ^ C[3]; - B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ B[1] = ROL64(A[3][1] ^ D[1], rhotates[1][1]); B[2] = ROL64(A[1][2] ^ D[2], rhotates[2][2]); B[3] = ROL64(A[4][3] ^ D[3], rhotates[3][3]); @@ -843,7 +837,7 @@ D[3] = ROL64(C[4], 1) ^ C[2]; D[4] = ROL64(C[0], 1) ^ C[3]; - B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ B[1] = ROL64(A[2][1] ^ D[1], rhotates[1][1]); B[2] = ROL64(A[4][2] ^ D[2], rhotates[2][2]); B[3] = ROL64(A[1][3] ^ D[3], rhotates[3][3]); @@ -910,7 +904,7 @@ D[3] = ROL64(C[4], 1) ^ C[2]; D[4] = ROL64(C[0], 1) ^ C[3]; - B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ B[1] = ROL64(A[0][1] ^ D[1], rhotates[1][1]); B[2] = ROL64(A[0][2] ^ D[2], rhotates[2][2]); B[3] = ROL64(A[0][3] ^ D[3], rhotates[3][3]); @@ -989,28 +983,44 @@ uint32_t t0, t1; t0 = lo & 0x55555555; - t0 |= t0 >> 1; t0 &= 0x33333333; - t0 |= t0 >> 2; t0 &= 0x0f0f0f0f; - t0 |= t0 >> 4; t0 &= 0x00ff00ff; - t0 |= t0 >> 8; t0 &= 0x0000ffff; + t0 |= t0 >> 1; + t0 &= 0x33333333; + t0 |= t0 >> 2; + t0 &= 0x0f0f0f0f; + t0 |= t0 >> 4; + t0 &= 0x00ff00ff; + t0 |= t0 >> 8; + t0 &= 0x0000ffff; t1 = hi & 0x55555555; - t1 |= t1 >> 1; t1 &= 0x33333333; - t1 |= t1 >> 2; t1 &= 0x0f0f0f0f; - t1 |= t1 >> 4; t1 &= 0x00ff00ff; - t1 |= t1 >> 8; t1 <<= 16; + t1 |= t1 >> 1; + t1 &= 0x33333333; + t1 |= t1 >> 2; + t1 &= 0x0f0f0f0f; + t1 |= t1 >> 4; + t1 &= 0x00ff00ff; + t1 |= t1 >> 8; + t1 <<= 16; lo &= 0xaaaaaaaa; - lo |= lo << 1; lo &= 0xcccccccc; - lo |= lo << 2; lo &= 0xf0f0f0f0; - lo |= lo << 4; lo &= 0xff00ff00; - lo |= lo << 8; lo >>= 16; + lo |= lo << 1; + lo &= 0xcccccccc; + lo |= lo << 2; + lo &= 0xf0f0f0f0; + lo |= lo << 4; + lo &= 0xff00ff00; + lo |= lo << 8; + lo >>= 16; hi &= 0xaaaaaaaa; - hi |= hi << 1; hi &= 0xcccccccc; - hi |= hi << 2; hi &= 0xf0f0f0f0; - hi |= hi << 4; hi &= 0xff00ff00; - hi |= hi << 8; hi &= 0xffff0000; + hi |= hi << 1; + hi &= 0xcccccccc; + hi |= hi << 2; + hi &= 0xf0f0f0f0; + hi |= hi << 4; + hi &= 0xff00ff00; + hi |= hi << 8; + hi &= 0xffff0000; Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0); } @@ -1025,28 +1035,44 @@ uint32_t t0, t1; t0 = lo & 0x0000ffff; - t0 |= t0 << 8; t0 &= 0x00ff00ff; - t0 |= t0 << 4; t0 &= 0x0f0f0f0f; - t0 |= t0 << 2; t0 &= 0x33333333; - t0 |= t0 << 1; t0 &= 0x55555555; + t0 |= t0 << 8; + t0 &= 0x00ff00ff; + t0 |= t0 << 4; + t0 &= 0x0f0f0f0f; + t0 |= t0 << 2; + t0 &= 0x33333333; + t0 |= t0 << 1; + t0 &= 0x55555555; t1 = hi << 16; - t1 |= t1 >> 8; t1 &= 0xff00ff00; - t1 |= t1 >> 4; t1 &= 0xf0f0f0f0; - t1 |= t1 >> 2; t1 &= 0xcccccccc; - t1 |= t1 >> 1; t1 &= 0xaaaaaaaa; + t1 |= t1 >> 8; + t1 &= 0xff00ff00; + t1 |= t1 >> 4; + t1 &= 0xf0f0f0f0; + t1 |= t1 >> 2; + t1 &= 0xcccccccc; + t1 |= t1 >> 1; + t1 &= 0xaaaaaaaa; lo >>= 16; - lo |= lo << 8; lo &= 0x00ff00ff; - lo |= lo << 4; lo &= 0x0f0f0f0f; - lo |= lo << 2; lo &= 0x33333333; - lo |= lo << 1; lo &= 0x55555555; + lo |= lo << 8; + lo &= 0x00ff00ff; + lo |= lo << 4; + lo &= 0x0f0f0f0f; + lo |= lo << 2; + lo &= 0x33333333; + lo |= lo << 1; + lo &= 0x55555555; hi &= 0xffff0000; - hi |= hi >> 8; hi &= 0xff00ff00; - hi |= hi >> 4; hi &= 0xf0f0f0f0; - hi |= hi >> 2; hi &= 0xcccccccc; - hi |= hi >> 1; hi &= 0xaaaaaaaa; + hi |= hi >> 8; + hi &= 0xff00ff00; + hi |= hi >> 4; + hi &= 0xf0f0f0f0; + hi |= hi >> 2; + hi &= 0xcccccccc; + hi |= hi >> 1; + hi &= 0xaaaaaaaa; Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0); } @@ -1065,7 +1091,7 @@ * caller's responsibility. */ size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, - size_t r) + size_t r) { uint64_t *A_flat = (uint64_t *)A; size_t i, w = r / 8; @@ -1074,10 +1100,7 @@ while (len >= r) { for (i = 0; i < w; i++) { - uint64_t Ai = (uint64_t)inp[0] | (uint64_t)inp[1] << 8 | - (uint64_t)inp[2] << 16 | (uint64_t)inp[3] << 24 | - (uint64_t)inp[4] << 32 | (uint64_t)inp[5] << 40 | - (uint64_t)inp[6] << 48 | (uint64_t)inp[7] << 56; + uint64_t Ai = (uint64_t)inp[0] | (uint64_t)inp[1] << 8 | (uint64_t)inp[2] << 16 | (uint64_t)inp[3] << 24 | (uint64_t)inp[4] << 32 | (uint64_t)inp[5] << 40 | (uint64_t)inp[6] << 48 | (uint64_t)inp[7] << 56; inp += 8; A_flat[i] ^= BitInterleave(Ai); @@ -1142,7 +1165,7 @@ */ void SHA3_sponge(const unsigned char *inp, size_t len, - unsigned char *out, size_t d, size_t r) + unsigned char *out, size_t d, size_t r) { uint64_t A[5][5]; @@ -1151,7 +1174,7 @@ SHA3_squeeze(A, out, d, r); } -# include +#include int main() { @@ -1242,11 +1265,11 @@ printf(++i % 16 && i != sizeof(out) ? " " : "\n"); } - if (memcmp(out,result,sizeof(out))) { - fprintf(stderr,"failure\n"); + if (memcmp(out, result, sizeof(out))) { + fprintf(stderr, "failure\n"); return 1; } else { - fprintf(stderr,"success\n"); + fprintf(stderr, "success\n"); return 0; } } --- crypto/openssl/crypto/sha/sha256.c.orig +++ crypto/openssl/crypto/sha/sha256.c @@ -65,9 +65,9 @@ #define DATA_ORDER_IS_BIG_ENDIAN -#define HASH_LONG SHA_LONG -#define HASH_CTX SHA256_CTX -#define HASH_CBLOCK SHA_CBLOCK +#define HASH_LONG SHA_LONG +#define HASH_CTX SHA256_CTX +#define HASH_CBLOCK SHA_CBLOCK /* * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." @@ -77,35 +77,42 @@ * Idea behind separate cases for pre-defined lengths is to let the * compiler decide if it's appropriate to unroll small loops. */ -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - unsigned int nn; \ - switch ((c)->md_len) \ - { case SHA224_DIGEST_LENGTH: \ - for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - case SHA256_DIGEST_LENGTH: \ - for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - default: \ - if ((c)->md_len > SHA256_DIGEST_LENGTH) \ - return 0; \ - for (nn=0;nn<(c)->md_len/4;nn++) \ - { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - } \ - } while (0) - -#define HASH_UPDATE SHA256_Update -#define HASH_TRANSFORM SHA256_Transform -#define HASH_FINAL SHA256_Final -#define HASH_BLOCK_DATA_ORDER sha256_block_data_order +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned long ll; \ + unsigned int nn; \ + switch ((c)->md_len) { \ + case SHA224_DIGEST_LENGTH: \ + for (nn = 0; nn < SHA224_DIGEST_LENGTH / 4; nn++) { \ + ll = (c)->h[nn]; \ + (void)HOST_l2c(ll, (s)); \ + } \ + break; \ + case SHA256_DIGEST_LENGTH: \ + for (nn = 0; nn < SHA256_DIGEST_LENGTH / 4; nn++) { \ + ll = (c)->h[nn]; \ + (void)HOST_l2c(ll, (s)); \ + } \ + break; \ + default: \ + if ((c)->md_len > SHA256_DIGEST_LENGTH) \ + return 0; \ + for (nn = 0; nn < (c)->md_len / 4; nn++) { \ + ll = (c)->h[nn]; \ + (void)HOST_l2c(ll, (s)); \ + } \ + break; \ + } \ + } while (0) + +#define HASH_UPDATE SHA256_Update +#define HASH_TRANSFORM SHA256_Transform +#define HASH_FINAL SHA256_Final +#define HASH_BLOCK_DATA_ORDER sha256_block_data_order #ifndef SHA256_ASM static #endif -void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); + void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); #include "crypto/md32_common.h" @@ -134,18 +141,18 @@ * is left one. This is why you might notice that rotation coefficients * differ from those observed in FIPS document by 32-N... */ -# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) -# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) -# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) -# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) +#define Sigma0(x) (ROTATE((x), 30) ^ ROTATE((x), 19) ^ ROTATE((x), 10)) +#define Sigma1(x) (ROTATE((x), 26) ^ ROTATE((x), 21) ^ ROTATE((x), 7)) +#define sigma0(x) (ROTATE((x), 25) ^ ROTATE((x), 14) ^ ((x) >> 3)) +#define sigma1(x) (ROTATE((x), 15) ^ ROTATE((x), 13) ^ ((x) >> 10)) -# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -# ifdef OPENSSL_SMALL_FOOTPRINT +#ifdef OPENSSL_SMALL_FOOTPRINT static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - size_t num) + size_t num) { unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2; SHA_LONG X[16], l; @@ -205,25 +212,31 @@ ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; - } } -# else - -# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ - h = Sigma0(a) + Maj(a,b,c); \ - d += T1; h += T1; } while (0) - -# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ - ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) +#else + +#define ROUND_00_15(i, a, b, c, d, e, f, g, h) \ + do { \ + T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; \ + h = Sigma0(a) + Maj(a, b, c); \ + d += T1; \ + h += T1; \ + } while (0) + +#define ROUND_16_63(i, a, b, c, d, e, f, g, h, X) \ + do { \ + s0 = X[(i + 1) & 0x0f]; \ + s0 = sigma0(s0); \ + s1 = X[(i + 14) & 0x0f]; \ + s1 = sigma1(s1); \ + T1 = X[(i) & 0x0f] += s0 + s1 + X[(i + 9) & 0x0f]; \ + ROUND_00_15(i, a, b, c, d, e, f, g, h); \ + } while (0) static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - size_t num) + size_t num) { unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1; SHA_LONG X[16]; @@ -352,9 +365,8 @@ ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; - } } -# endif -#endif /* SHA256_ASM */ +#endif +#endif /* SHA256_ASM */ --- crypto/openssl/crypto/sha/sha3.c.orig +++ crypto/openssl/crypto/sha/sha3.c @@ -51,7 +51,7 @@ if (len == 0) return 1; - if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */ + if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */ rem = bsz - num; if (len < rem) { --- crypto/openssl/crypto/sha/sha512.c.orig +++ crypto/openssl/crypto/sha/sha512.c @@ -59,20 +59,16 @@ #include "internal/cryptlib.h" #include "crypto/sha.h" -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ - defined(__aarch64__) || \ - defined(SHA512_ASM) -# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || defined(__s390__) || defined(__s390x__) || defined(__aarch64__) || defined(SHA512_ASM) +#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define U64(C) C##UI64 +#define U64(C) C##UI64 #elif defined(__arch64__) -# define U64(C) C##UL +#define U64(C) C##UL #else -# define U64(C) C##ULL +#define U64(C) C##ULL #endif int sha512_224_init(SHA512_CTX *c) @@ -150,14 +146,14 @@ #ifndef SHA512_ASM static #endif -void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); + void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); int SHA512_Final(unsigned char *md, SHA512_CTX *c) { unsigned char *p = (unsigned char *)c->u.p; size_t n = c->num; - p[n] = 0x80; /* There always is a room for one */ + p[n] = 0x80; /* There always is a room for one */ n++; if (n > (sizeof(c->u) - 16)) { memset(p + n, 0, sizeof(c->u) - n); @@ -166,7 +162,7 @@ } memset(p + n, 0, sizeof(c->u) - 16 - n); -#ifdef B_ENDIAN +#ifdef B_ENDIAN c->u.d[SHA_LBLOCK - 2] = c->Nh; c->u.d[SHA_LBLOCK - 1] = c->Nl; #else @@ -285,11 +281,11 @@ if (len == 0) return 1; - l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff); + l = (c->Nl + (((SHA_LONG64)len) << 3)) & U64(0xffffffffffffffff); if (l < c->Nl) c->Nh++; if (sizeof(len) >= 8) - c->Nh += (((SHA_LONG64) len) >> 61); + c->Nh += (((SHA_LONG64)len) >> 61); c->Nl = l; if (c->num != 0) { @@ -310,12 +306,12 @@ if ((size_t)data % sizeof(c->u.d[0]) != 0) while (len >= sizeof(c->u)) memcpy(p, data, sizeof(c->u)), - sha512_block_data_order(c, p, 1), - len -= sizeof(c->u), data += sizeof(c->u); + sha512_block_data_order(c, p, 1), + len -= sizeof(c->u), data += sizeof(c->u); else #endif sha512_block_data_order(c, data, len / sizeof(c->u)), - data += len, len %= sizeof(c->u), data -= len; + data += len, len %= sizeof(c->u), data -= len; } if (len != 0) @@ -382,111 +378,97 @@ U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) }; -# ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && \ - !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__x86_64) || defined(__x86_64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ +#ifndef PEDANTIC +#if defined(__GNUC__) && __GNUC__ >= 2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +#if defined(__x86_64) || defined(__x86_64__) +#define ROTR(a, n) ({ SHA_LONG64 ret; \ asm ("rorq %1,%0" \ : "=r"(ret) \ : "J"(n),"0"(a) \ - : "cc"); ret; }) -# if !defined(B_ENDIAN) -# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ + : "cc"); ret; }) +#if !defined(B_ENDIAN) +#define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ asm ("bswapq %0" \ : "=r"(ret) \ - : "0"(ret)); ret; }) -# endif -# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) -# if defined(I386_ONLY) -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + : "0"(ret)); ret; }) +#endif +#elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) +#if defined(I386_ONLY) +#define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ unsigned int hi=p[0],lo=p[1]; \ asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ "roll $16,%%eax; roll $16,%%edx; "\ "xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ : "=a"(lo),"=d"(hi) \ : "0"(lo),"1"(hi) : "cc"); \ - ((SHA_LONG64)hi)<<32|lo; }) -# else -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + ((SHA_LONG64)hi)<<32|lo; }) +#else +#define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ unsigned int hi=p[0],lo=p[1]; \ asm ("bswapl %0; bswapl %1;" \ : "=r"(lo),"=r"(hi) \ : "0"(lo),"1"(hi)); \ - ((SHA_LONG64)hi)<<32|lo; }) -# endif -# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ + ((SHA_LONG64)hi)<<32|lo; }) +#endif +#elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +#define ROTR(a, n) ({ SHA_LONG64 ret; \ asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ - : "r"(a),"K"(n)); ret; }) -# elif defined(__aarch64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ + : "r"(a),"K"(n)); ret; }) +#elif defined(__aarch64__) +#define ROTR(a, n) ({ SHA_LONG64 ret; \ asm ("ror %0,%1,%2" \ : "=r"(ret) \ - : "r"(a),"I"(n)); ret; }) -# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ - __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -# define PULL64(x) ({ SHA_LONG64 ret; \ + : "r"(a),"I"(n)); ret; }) +#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define PULL64(x) ({ SHA_LONG64 ret; \ asm ("rev %0,%1" \ : "=r"(ret) \ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) -# endif -# endif -# elif defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# pragma intrinsic(_rotr64) -# define ROTR(a,n) _rotr64((a),n) -# endif -# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && \ - !defined(OPENSSL_NO_INLINE_ASM) -# if defined(I386_ONLY) +#endif +#endif +#elif defined(_MSC_VER) +#if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +#pragma intrinsic(_rotr64) +#define ROTR(a, n) _rotr64((a), n) +#endif +#if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +#if defined(I386_ONLY) static SHA_LONG64 __fastcall __pull64be(const void *x) { - _asm mov edx,[ecx + 0] - _asm mov eax,[ecx + 4] - _asm xchg dh, dl - _asm xchg ah, al - _asm rol edx, 16 - _asm rol eax, 16 - _asm xchg dh, dl - _asm xchg ah, al + _asm mov edx, [ecx + 0] _asm mov eax, [ecx + 4] _asm xchg dh, dl _asm xchg ah, al _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al } -# else -static SHA_LONG64 __fastcall __pull64be(const void *x) -{ - _asm mov edx,[ecx + 0] - _asm mov eax,[ecx + 4] - _asm bswap edx - _asm bswap eax +#else +static SHA_LONG64 __fastcall __pull64be(const void *x) { + _asm mov edx, [ecx + 0] _asm mov eax, [ecx + 4] _asm bswap edx _asm bswap eax } -# endif -# define PULL64(x) __pull64be(&(x)) -# endif -# endif -# endif -# ifndef PULL64 -# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) -# endif -# ifndef ROTR -# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) -# endif -# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) -# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) -# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) -# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) +#endif +#define PULL64(x) __pull64be(&(x)) +#endif +#endif +#endif +#ifndef PULL64 +#define B(x, j) (((SHA_LONG64)(*(((const unsigned char *)(&x)) + j))) << ((7 - j) * 8)) +#define PULL64(x) (B(x, 0) | B(x, 1) | B(x, 2) | B(x, 3) | B(x, 4) | B(x, 5) | B(x, 6) | B(x, 7)) +#endif +#ifndef ROTR +#define ROTR(x, s) (((x) >> s) | (x) << (64 - s)) +#endif +#define Sigma0(x) (ROTR((x), 28) ^ ROTR((x), 34) ^ ROTR((x), 39)) +#define Sigma1(x) (ROTR((x), 14) ^ ROTR((x), 18) ^ ROTR((x), 41)) +#define sigma0(x) (ROTR((x), 1) ^ ROTR((x), 8) ^ ((x) >> 7)) +#define sigma1(x) (ROTR((x), 19) ^ ROTR((x), 61) ^ ((x) >> 6)) +#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) /* * This code should give better results on 32-bit CPU with less than * ~24 registers, both size and performance wise... */ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - size_t num) + size_t num) { const SHA_LONG64 *W = in; SHA_LONG64 A, E, T; @@ -506,11 +488,11 @@ F[7] = ctx->h[7]; for (i = 0; i < 16; i++, F--) { -# ifdef B_ENDIAN +#ifdef B_ENDIAN T = W[i]; -# else +#else T = PULL64(W[i]); -# endif +#endif F[0] = A; F[4] = E; F[8] = T; @@ -545,10 +527,10 @@ } } -# elif defined(OPENSSL_SMALL_FOOTPRINT) +#elif defined(OPENSSL_SMALL_FOOTPRINT) static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - size_t num) + size_t num) { const SHA_LONG64 *W = in; SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2; @@ -567,11 +549,11 @@ h = ctx->h[7]; for (i = 0; i < 16; i++) { -# ifdef B_ENDIAN +#ifdef B_ENDIAN T1 = X[i] = W[i]; -# else +#else T1 = X[i] = PULL64(W[i]); -# endif +#endif T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; T2 = Sigma0(a) + Maj(a, b, c); h = g; @@ -616,20 +598,27 @@ } } -# else -# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ - T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ - h = Sigma0(a) + Maj(a,b,c); \ - d += T1; h += T1; } while (0) - -# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ - ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) +#else +#define ROUND_00_15(i, a, b, c, d, e, f, g, h) \ + do { \ + T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; \ + h = Sigma0(a) + Maj(a, b, c); \ + d += T1; \ + h += T1; \ + } while (0) + +#define ROUND_16_80(i, j, a, b, c, d, e, f, g, h, X) \ + do { \ + s0 = X[(j + 1) & 0x0f]; \ + s0 = sigma0(s0); \ + s1 = X[(j + 14) & 0x0f]; \ + s1 = sigma1(s1); \ + T1 = X[(j) & 0x0f] += s0 + s1 + X[(j + 9) & 0x0f]; \ + ROUND_00_15(i + j, a, b, c, d, e, f, g, h); \ + } while (0) static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - size_t num) + size_t num) { const SHA_LONG64 *W = in; SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1; @@ -647,7 +636,7 @@ g = ctx->h[6]; h = ctx->h[7]; -# ifdef B_ENDIAN +#ifdef B_ENDIAN T1 = X[0] = W[0]; ROUND_00_15(0, a, b, c, d, e, f, g, h); T1 = X[1] = W[1]; @@ -680,7 +669,7 @@ ROUND_00_15(14, c, d, e, f, g, h, a, b); T1 = X[15] = W[15]; ROUND_00_15(15, b, c, d, e, f, g, h, a); -# else +#else T1 = X[0] = PULL64(W[0]); ROUND_00_15(0, a, b, c, d, e, f, g, h); T1 = X[1] = PULL64(W[1]); @@ -713,7 +702,7 @@ ROUND_00_15(14, c, d, e, f, g, h, a, b); T1 = X[15] = PULL64(W[15]); ROUND_00_15(15, b, c, d, e, f, g, h, a); -# endif +#endif for (i = 16; i < 80; i += 16) { ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X); @@ -747,6 +736,6 @@ } } -# endif +#endif -#endif /* SHA512_ASM */ +#endif /* SHA512_ASM */ --- crypto/openssl/crypto/sha/sha_local.h.orig +++ crypto/openssl/crypto/sha/sha_local.h @@ -16,26 +16,31 @@ #define DATA_ORDER_IS_BIG_ENDIAN -#define HASH_LONG SHA_LONG -#define HASH_CTX SHA_CTX -#define HASH_CBLOCK SHA_CBLOCK -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ - } while (0) - -#define HASH_UPDATE SHA1_Update -#define HASH_TRANSFORM SHA1_Transform -#define HASH_FINAL SHA1_Final -#define HASH_INIT SHA1_Init -#define HASH_BLOCK_DATA_ORDER sha1_block_data_order -#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ - ix=(a)=ROTATE((a),1) \ - ) +#define HASH_LONG SHA_LONG +#define HASH_CTX SHA_CTX +#define HASH_CBLOCK SHA_CBLOCK +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned long ll; \ + ll = (c)->h0; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->h1; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->h2; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->h3; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->h4; \ + (void)HOST_l2c(ll, (s)); \ + } while (0) + +#define HASH_UPDATE SHA1_Update +#define HASH_TRANSFORM SHA1_Transform +#define HASH_FINAL SHA1_Final +#define HASH_INIT SHA1_Init +#define HASH_BLOCK_DATA_ORDER sha1_block_data_order +#define Xupdate(a, ix, ia, ib, ic, id) ((a) = (ia ^ ib ^ ic ^ id), \ + ix = (a) = ROTATE((a), 1)) #ifndef SHA1_ASM static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); @@ -75,75 +80,75 @@ * I've just become aware of another tweak to be made, again from Wei Dai, * in F_40_59, (x&a)|(y&a) -> (x|y)&a */ -#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) -#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) -#define F_60_79(b,c,d) F_20_39(b,c,d) +#define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d)) +#define F_20_39(b, c, d) ((b) ^ (c) ^ (d)) +#define F_40_59(b, c, d) (((b) & (c)) | (((b) | (c)) & (d))) +#define F_60_79(b, c, d) F_20_39(b, c, d) #ifndef OPENSSL_SMALL_FOOTPRINT -# define BODY_00_15(i,a,b,c,d,e,f,xi) \ - (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ - Xupdate(f,xi,xa,xb,xc,xd); \ - (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ - Xupdate(f,xi,xa,xb,xc,xd); \ - (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# ifdef X -# undef X -# endif -# ifndef MD32_XARRAY - /* - * Originally X was an array. As it's automatic it's natural - * to expect RISC compiler to accommodate at least part of it in - * the register bank, isn't it? Unfortunately not all compilers - * "find" this expectation reasonable:-( On order to make such - * compilers generate better code I replace X[] with a bunch of - * X0, X1, etc. See the function body below... - */ -# define X(i) XX##i -# else - /* - * However! Some compilers (most notably HP C) get overwhelmed by - * that many local variables so that we have to have the way to - * fall down to the original behavior. - */ -# define X(i) XX[i] -# endif - -# if !defined(SHA1_ASM) +#define BODY_00_15(i, a, b, c, d, e, f, xi) \ + (f) = xi + (e) + K_00_19 + ROTATE((a), 5) + F_00_19((b), (c), (d)); \ + (b) = ROTATE((b), 30); + +#define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \ + Xupdate(f, xi, xa, xb, xc, xd); \ + (f) += (e) + K_00_19 + ROTATE((a), 5) + F_00_19((b), (c), (d)); \ + (b) = ROTATE((b), 30); + +#define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \ + Xupdate(f, xi, xa, xb, xc, xd); \ + (f) += (e) + K_20_39 + ROTATE((a), 5) + F_20_39((b), (c), (d)); \ + (b) = ROTATE((b), 30); + +#define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \ + Xupdate(f, xa, xa, xb, xc, xd); \ + (f) += (e) + K_20_39 + ROTATE((a), 5) + F_20_39((b), (c), (d)); \ + (b) = ROTATE((b), 30); + +#define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \ + Xupdate(f, xa, xa, xb, xc, xd); \ + (f) += (e) + K_40_59 + ROTATE((a), 5) + F_40_59((b), (c), (d)); \ + (b) = ROTATE((b), 30); + +#define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \ + Xupdate(f, xa, xa, xb, xc, xd); \ + (f) = xa + (e) + K_60_79 + ROTATE((a), 5) + F_60_79((b), (c), (d)); \ + (b) = ROTATE((b), 30); + +#ifdef X +#undef X +#endif +#ifndef MD32_XARRAY +/* + * Originally X was an array. As it's automatic it's natural + * to expect RISC compiler to accommodate at least part of it in + * the register bank, isn't it? Unfortunately not all compilers + * "find" this expectation reasonable:-( On order to make such + * compilers generate better code I replace X[] with a bunch of + * X0, X1, etc. See the function body below... + */ +#define X(i) XX##i +#else +/* + * However! Some compilers (most notably HP C) get overwhelmed by + * that many local variables so that we have to have the way to + * fall down to the original behavior. + */ +#define X(i) XX[i] +#endif + +#if !defined(SHA1_ASM) static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) { const unsigned char *data = p; register unsigned MD32_REG_T A, B, C, D, E, T, l; -# ifndef MD32_XARRAY +#ifndef MD32_XARRAY unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# else +#else SHA_LONG XX[16]; -# endif +#endif A = c->h0; B = c->h1; @@ -326,43 +331,52 @@ C = c->h2; D = c->h3; E = c->h4; - } } -# endif - -#else /* OPENSSL_SMALL_FOOTPRINT */ - -# define BODY_00_15(xi) do { \ - T=E+K_00_19+F_00_19(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xi; } while(0) - -# define BODY_16_19(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_00_19+F_00_19(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_20_39(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_20_39+F_20_39(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_40_59(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_40_59+F_40_59(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_60_79(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T=E+K_60_79+F_60_79(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xa; } while(0) - -# if !defined(SHA1_ASM) +#endif + +#else /* OPENSSL_SMALL_FOOTPRINT */ + +#define BODY_00_15(xi) \ + do { \ + T = E + K_00_19 + F_00_19(B, C, D); \ + E = D, D = C, C = ROTATE(B, 30), B = A; \ + A = ROTATE(A, 5) + T + xi; \ + } while (0) + +#define BODY_16_19(xa, xb, xc, xd) \ + do { \ + Xupdate(T, xa, xa, xb, xc, xd); \ + T += E + K_00_19 + F_00_19(B, C, D); \ + E = D, D = C, C = ROTATE(B, 30), B = A; \ + A = ROTATE(A, 5) + T; \ + } while (0) + +#define BODY_20_39(xa, xb, xc, xd) \ + do { \ + Xupdate(T, xa, xa, xb, xc, xd); \ + T += E + K_20_39 + F_20_39(B, C, D); \ + E = D, D = C, C = ROTATE(B, 30), B = A; \ + A = ROTATE(A, 5) + T; \ + } while (0) + +#define BODY_40_59(xa, xb, xc, xd) \ + do { \ + Xupdate(T, xa, xa, xb, xc, xd); \ + T += E + K_40_59 + F_40_59(B, C, D); \ + E = D, D = C, C = ROTATE(B, 30), B = A; \ + A = ROTATE(A, 5) + T; \ + } while (0) + +#define BODY_60_79(xa, xb, xc, xd) \ + do { \ + Xupdate(T, xa, xa, xb, xc, xd); \ + T = E + K_60_79 + F_60_79(B, C, D); \ + E = D, D = C, C = ROTATE(B, 30), B = A; \ + A = ROTATE(A, 5) + T + xa; \ + } while (0) + +#if !defined(SHA1_ASM) static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) { const unsigned char *data = p; @@ -387,15 +401,15 @@ } for (; i < 24; i++) { BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15], - X[(i + 13) & 15]); + X[(i + 13) & 15]); } for (i = 0; i < 20; i++) { BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], - X[(i + 5) & 15]); + X[(i + 5) & 15]); } for (i = 4; i < 24; i++) { BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], - X[(i + 5) & 15]); + X[(i + 5) & 15]); } c->h0 = (c->h0 + A) & 0xffffffffL; @@ -412,9 +426,8 @@ C = c->h2; D = c->h3; E = c->h4; - } } -# endif +#endif #endif --- crypto/openssl/crypto/sha/sha_ppc.c.orig +++ crypto/openssl/crypto/sha/sha_ppc.c @@ -19,8 +19,7 @@ void sha256_block_data_order(void *ctx, const void *inp, size_t len); void sha256_block_data_order(void *ctx, const void *inp, size_t len) { - OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) : - sha256_block_ppc(ctx, inp, len); + OPENSSL_ppccap_P &PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) : sha256_block_ppc(ctx, inp, len); } void sha512_block_p8(void *ctx, const void *inp, size_t len); @@ -28,6 +27,5 @@ void sha512_block_data_order(void *ctx, const void *inp, size_t len); void sha512_block_data_order(void *ctx, const void *inp, size_t len) { - OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) : - sha512_block_ppc(ctx, inp, len); + OPENSSL_ppccap_P &PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) : sha512_block_ppc(ctx, inp, len); } --- crypto/openssl/crypto/siphash/siphash.c.orig +++ crypto/openssl/crypto/siphash/siphash.c @@ -31,38 +31,35 @@ #define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b)))) -#define U32TO8_LE(p, v) \ - (p)[0] = (uint8_t)((v)); \ - (p)[1] = (uint8_t)((v) >> 8); \ - (p)[2] = (uint8_t)((v) >> 16); \ +#define U32TO8_LE(p, v) \ + (p)[0] = (uint8_t)((v)); \ + (p)[1] = (uint8_t)((v) >> 8); \ + (p)[2] = (uint8_t)((v) >> 16); \ (p)[3] = (uint8_t)((v) >> 24); -#define U64TO8_LE(p, v) \ - U32TO8_LE((p), (uint32_t)((v))); \ +#define U64TO8_LE(p, v) \ + U32TO8_LE((p), (uint32_t)((v))); \ U32TO8_LE((p) + 4, (uint32_t)((v) >> 32)); -#define U8TO64_LE(p) \ - (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) | \ - ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) | \ - ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) | \ - ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56)) - -#define SIPROUND \ - do { \ - v0 += v1; \ - v1 = ROTL(v1, 13); \ - v1 ^= v0; \ - v0 = ROTL(v0, 32); \ - v2 += v3; \ - v3 = ROTL(v3, 16); \ - v3 ^= v2; \ - v0 += v3; \ - v3 = ROTL(v3, 21); \ - v3 ^= v0; \ - v2 += v1; \ - v1 = ROTL(v1, 17); \ - v1 ^= v2; \ - v2 = ROTL(v2, 32); \ +#define U8TO64_LE(p) \ + (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) | ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) | ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) | ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56)) + +#define SIPROUND \ + do { \ + v0 += v1; \ + v1 = ROTL(v1, 13); \ + v1 ^= v0; \ + v0 = ROTL(v0, 32); \ + v2 += v3; \ + v3 = ROTL(v3, 16); \ + v3 ^= v2; \ + v0 += v3; \ + v3 = ROTL(v3, 21); \ + v3 ^= v0; \ + v2 += v1; \ + v1 = ROTL(v1, 17); \ + v1 ^= v2; \ + v2 = ROTL(v2, 32); \ } while (0) size_t SipHash_ctx_size(void) @@ -172,7 +169,7 @@ SIPROUND; v0 ^= m; } - left = inlen & (SIPHASH_BLOCK_SIZE-1); /* gets put into leavings */ + left = inlen & (SIPHASH_BLOCK_SIZE - 1); /* gets put into leavings */ end = in + inlen - left; for (; in != end; in += 8) { @@ -224,7 +221,7 @@ b |= ((uint64_t)ctx->leavings[2]) << 16; /* fall thru */ case 2: - b |= ((uint64_t)ctx->leavings[1]) << 8; + b |= ((uint64_t)ctx->leavings[1]) << 8; /* fall thru */ case 1: b |= ((uint64_t)ctx->leavings[0]); @@ -242,14 +239,14 @@ v2 ^= 0xff; for (i = 0; i < ctx->drounds; ++i) SIPROUND; - b = v0 ^ v1 ^ v2 ^ v3; + b = v0 ^ v1 ^ v2 ^ v3; U64TO8_LE(out, b); if (ctx->hash_size == SIPHASH_MIN_DIGEST_SIZE) return 1; v1 ^= 0xdd; for (i = 0; i < ctx->drounds; ++i) SIPROUND; - b = v0 ^ v1 ^ v2 ^ v3; + b = v0 ^ v1 ^ v2 ^ v3; U64TO8_LE(out + 8, b); return 1; } --- crypto/openssl/crypto/sm2/sm2_crypt.c.orig +++ crypto/openssl/crypto/sm2/sm2_crypt.c @@ -53,13 +53,13 @@ size_t field_size = 0; if (p == NULL || a == NULL || b == NULL) - goto done; + goto done; if (!EC_GROUP_get_curve(group, p, a, b, NULL)) goto done; field_size = (BN_num_bits(p) + 7) / 8; - done: +done: BN_free(p); BN_free(a); BN_free(b); @@ -80,7 +80,7 @@ } int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, - size_t *pt_size) + size_t *pt_size) { struct SM2_Ciphertext_st *sm2_ctext = NULL; @@ -98,7 +98,7 @@ } int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, - size_t msg_len, size_t *ct_size) + size_t msg_len, size_t *ct_size) { const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); const int md_size = EVP_MD_get_size(digest); @@ -109,8 +109,8 @@ /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */ sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER) - + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) - + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); + + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) + + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */ *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); @@ -118,9 +118,9 @@ } int ossl_sm2_encrypt(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *msg, size_t msg_len, - uint8_t *ciphertext_buf, size_t *ciphertext_len) + const EVP_MD *digest, + const uint8_t *msg, size_t msg_len, + uint8_t *ciphertext_buf, size_t *ciphertext_len) { int rc = 0, ciphertext_leni; size_t i; @@ -193,8 +193,8 @@ msg_mask = OPENSSL_zalloc(msg_len); if (msg_mask == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; + ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); + goto done; } again: @@ -204,22 +204,22 @@ } if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) - || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx) - || !EC_POINT_mul(group, kP, NULL, P, k, ctx) - || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) { + || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx) + || !EC_POINT_mul(group, kP, NULL, P, k, ctx) + || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) { ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); goto done; } if (BN_bn2binpad(x2, x2y2, field_size) < 0 - || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) { + || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; } /* X9.63 with no salt happens to match the KDF used in SM2 */ if (!ossl_ecdh_kdf_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, - digest, libctx, propq)) { + digest, libctx, propq)) { ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); goto done; } @@ -238,10 +238,10 @@ goto done; } if (EVP_DigestInit(hash, fetched_digest) == 0 - || EVP_DigestUpdate(hash, x2y2, field_size) == 0 - || EVP_DigestUpdate(hash, msg, msg_len) == 0 - || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0 - || EVP_DigestFinal(hash, C3, NULL) == 0) { + || EVP_DigestUpdate(hash, x2y2, field_size) == 0 + || EVP_DigestUpdate(hash, msg, msg_len) == 0 + || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0 + || EVP_DigestFinal(hash, C3, NULL) == 0) { ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); goto done; } @@ -252,11 +252,11 @@ ctext_struct.C2 = ASN1_OCTET_STRING_new(); if (ctext_struct.C3 == NULL || ctext_struct.C2 == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; + ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); + goto done; } if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size) - || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) { + || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; } @@ -271,7 +271,7 @@ rc = 1; - done: +done: EVP_MD_free(fetched_digest); ASN1_OCTET_STRING_free(ctext_struct.C2); ASN1_OCTET_STRING_free(ctext_struct.C3); @@ -286,9 +286,9 @@ } int ossl_sm2_decrypt(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *ciphertext, size_t ciphertext_len, - uint8_t *ptext_buf, size_t *ptext_len) + const EVP_MD *digest, + const uint8_t *ciphertext, size_t ciphertext_len, + uint8_t *ptext_buf, size_t *ptext_len) { int rc = 0; int i; @@ -311,7 +311,7 @@ const char *propq = ossl_ec_key_get0_propq(key); if (field_size == 0 || hash_size <= 0) - goto done; + goto done; memset(ptext_buf, 0xFF, *ptext_len); @@ -366,18 +366,18 @@ } if (!EC_POINT_set_affine_coordinates(group, C1, sm2_ctext->C1x, - sm2_ctext->C1y, ctx) - || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), - ctx) - || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) { + sm2_ctext->C1y, ctx) + || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), + ctx) + || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) { ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); goto done; } if (BN_bn2binpad(x2, x2y2, field_size) < 0 - || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0 - || !ossl_ecdh_kdf_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, - NULL, 0, digest, libctx, propq)) { + || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0 + || !ossl_ecdh_kdf_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, + NULL, 0, digest, libctx, propq)) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; } @@ -397,10 +397,10 @@ } if (!EVP_DigestInit(hash, digest) - || !EVP_DigestUpdate(hash, x2y2, field_size) - || !EVP_DigestUpdate(hash, ptext_buf, msg_len) - || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size) - || !EVP_DigestFinal(hash, computed_C3, NULL)) { + || !EVP_DigestUpdate(hash, x2y2, field_size) + || !EVP_DigestUpdate(hash, ptext_buf, msg_len) + || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size) + || !EVP_DigestFinal(hash, computed_C3, NULL)) { ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); goto done; } @@ -413,7 +413,7 @@ rc = 1; *ptext_len = msg_len; - done: +done: if (rc == 0) memset(ptext_buf, 0, *ptext_len); --- crypto/openssl/crypto/sm2/sm2_err.c.orig +++ crypto/openssl/crypto/sm2/sm2_err.c @@ -13,36 +13,36 @@ #ifndef OPENSSL_NO_SM2 -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA SM2_str_reasons[] = { - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DIST_ID_TOO_LARGE), "dist id too large"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_NOT_SET), "id not set"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_TOO_LARGE), "id too large"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE), - "invalid digest type"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PRIVATE_KEY), - "invalid private key"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"}, - {0, NULL} + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DIST_ID_TOO_LARGE), "dist id too large" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_NOT_SET), "id not set" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_TOO_LARGE), "id too large" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE), + "invalid digest type" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PRIVATE_KEY), + "invalid private key" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set" }, + { ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_SM2_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(SM2_str_reasons[0].error) == NULL) ERR_load_strings_const(SM2_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/sm2/sm2_key.c.orig +++ crypto/openssl/crypto/sm2/sm2_key.c @@ -27,9 +27,9 @@ const BIGNUM *priv_key = NULL, *order = NULL; if (eckey == NULL - || (group = EC_KEY_get0_group(eckey)) == NULL - || (priv_key = EC_KEY_get0_private_key(eckey)) == NULL - || (order = EC_GROUP_get0_order(group)) == NULL ) { + || (group = EC_KEY_get0_group(eckey)) == NULL + || (priv_key = EC_KEY_get0_private_key(eckey)) == NULL + || (order = EC_GROUP_get0_order(group)) == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -45,7 +45,7 @@ } ret = 1; - end: +end: BN_free(max); return ret; } --- crypto/openssl/crypto/sm2/sm2_sign.c.orig +++ crypto/openssl/crypto/sm2/sm2_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -22,10 +22,10 @@ #include int ossl_sm2_compute_z_digest(uint8_t *out, - const EVP_MD *digest, - const uint8_t *id, - const size_t id_len, - const EC_KEY *key) + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const EC_KEY *key) { int rc = 0; const EC_GROUP *group = EC_KEY_get0_group(key); @@ -114,31 +114,31 @@ } if (BN_bn2binpad(a, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || BN_bn2binpad(b, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || !EC_POINT_get_affine_coordinates(group, - EC_GROUP_get0_generator(group), - xG, yG, ctx) - || BN_bn2binpad(xG, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || BN_bn2binpad(yG, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || !EC_POINT_get_affine_coordinates(group, - pubkey, - xA, yA, ctx) - || BN_bn2binpad(xA, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || BN_bn2binpad(yA, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || !EVP_DigestFinal(hash, out, NULL)) { + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(b, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EC_POINT_get_affine_coordinates(group, + EC_GROUP_get0_generator(group), + xG, yG, ctx) + || BN_bn2binpad(xG, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(yG, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EC_POINT_get_affine_coordinates(group, + pubkey, + xA, yA, ctx) + || BN_bn2binpad(xA, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(yA, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EVP_DigestFinal(hash, out, NULL)) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; } rc = 1; - done: +done: OPENSSL_free(buf); BN_CTX_free(ctx); EVP_MD_CTX_free(hash); @@ -146,10 +146,10 @@ } static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, - const EC_KEY *key, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len) + const EC_KEY *key, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len) { EVP_MD_CTX *hash = EVP_MD_CTX_new(); const int md_size = EVP_MD_get_size(digest); @@ -182,10 +182,10 @@ } if (!EVP_DigestInit(hash, fetched_digest) - || !EVP_DigestUpdate(hash, z, md_size) - || !EVP_DigestUpdate(hash, msg, msg_len) - /* reuse z buffer to hold H(Z || M) */ - || !EVP_DigestFinal(hash, z, NULL)) { + || !EVP_DigestUpdate(hash, z, md_size) + || !EVP_DigestUpdate(hash, msg, msg_len) + /* reuse z buffer to hold H(Z || M) */ + || !EVP_DigestFinal(hash, z, NULL)) { ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); goto done; } @@ -194,7 +194,7 @@ if (e == NULL) ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - done: +done: EVP_MD_free(fetched_digest); OPENSSL_free(z); EVP_MD_CTX_free(hash); @@ -217,6 +217,10 @@ BIGNUM *tmp = NULL; OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); + if (dA == NULL) { + ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY); + goto done; + } kG = EC_POINT_new(group); ctx = BN_CTX_new_ex(libctx); if (kG == NULL || ctx == NULL) { @@ -262,9 +266,9 @@ } if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) - || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL, - ctx) - || !BN_mod_add(r, e, x1, order, ctx)) { + || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL, + ctx) + || !BN_mod_add(r, e, x1, order, ctx)) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; } @@ -282,10 +286,10 @@ continue; if (!BN_add(s, dA, BN_value_one()) - || !ossl_ec_group_do_inverse_ord(group, s, s, ctx) - || !BN_mod_mul(tmp, dA, r, order, ctx) - || !BN_sub(tmp, k, tmp) - || !BN_mod_mul(s, s, tmp, order, ctx)) { + || !ossl_ec_group_do_inverse_ord(group, s, s, ctx) + || !BN_mod_mul(tmp, dA, r, order, ctx) + || !BN_sub(tmp, k, tmp) + || !BN_mod_mul(s, s, tmp, order, ctx)) { ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); goto done; } @@ -300,12 +304,12 @@ goto done; } - /* takes ownership of r and s */ + /* takes ownership of r and s */ ECDSA_SIG_set0(sig, r, s); break; } - done: +done: if (sig == NULL) { BN_free(r); BN_free(s); @@ -317,7 +321,7 @@ } static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, - const BIGNUM *e) + const BIGNUM *e) { int ret = 0; const EC_GROUP *group = EC_KEY_get0_group(key); @@ -362,9 +366,9 @@ ECDSA_SIG_get0(sig, &r, &s); if (BN_cmp(r, BN_value_one()) < 0 - || BN_cmp(s, BN_value_one()) < 0 - || BN_cmp(order, r) <= 0 - || BN_cmp(order, s) <= 0) { + || BN_cmp(s, BN_value_one()) < 0 + || BN_cmp(order, r) <= 0 + || BN_cmp(order, s) <= 0) { ERR_raise(ERR_LIB_SM2, SM2_R_BAD_SIGNATURE); goto done; } @@ -380,7 +384,7 @@ } if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) - || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) { + || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) { ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); goto done; } @@ -393,17 +397,17 @@ if (BN_cmp(r, t) == 0) ret = 1; - done: +done: EC_POINT_free(pt); BN_CTX_free(ctx); return ret; } ECDSA_SIG *ossl_sm2_do_sign(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len) + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len) { BIGNUM *e = NULL; ECDSA_SIG *sig = NULL; @@ -416,17 +420,17 @@ sig = sm2_sig_gen(key, e); - done: +done: BN_free(e); return sig; } int ossl_sm2_do_verify(const EC_KEY *key, - const EVP_MD *digest, - const ECDSA_SIG *sig, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len) + const EVP_MD *digest, + const ECDSA_SIG *sig, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len) { BIGNUM *e = NULL; int ret = 0; @@ -439,14 +443,14 @@ ret = sm2_sig_verify(key, sig, e); - done: +done: BN_free(e); return ret; } int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, - EC_KEY *eckey) + unsigned char *sig, unsigned int *siglen, + EC_KEY *eckey) { BIGNUM *e = NULL; ECDSA_SIG *s = NULL; @@ -460,8 +464,8 @@ e = BN_bin2bn(dgst, dgstlen, NULL); if (e == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); - goto done; + ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); + goto done; } s = sm2_sig_gen(eckey, e); @@ -472,22 +476,22 @@ sigleni = i2d_ECDSA_SIG(s, &sig); if (sigleni < 0) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; + ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); + goto done; } *siglen = (unsigned int)sigleni; ret = 1; - done: +done: ECDSA_SIG_free(s); BN_free(e); return ret; } int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int sig_len, - EC_KEY *eckey) + const unsigned char *sig, int sig_len, + EC_KEY *eckey) { ECDSA_SIG *s = NULL; BIGNUM *e = NULL; @@ -520,7 +524,7 @@ ret = sm2_sig_verify(eckey, s, e); - done: +done: OPENSSL_free(der); BN_free(e); ECDSA_SIG_free(s); --- crypto/openssl/crypto/sm3/legacy_sm3.c.orig +++ crypto/openssl/crypto/sm3/legacy_sm3.c @@ -8,7 +8,6 @@ * https://www.openssl.org/source/license.html */ - #include "crypto/evp.h" #include "../evp/legacy_meth.h" #include "internal/sm3.h" @@ -22,7 +21,7 @@ 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sm3_int_init, sm3_int_update, sm3_int_final, NULL, - SM3_CBLOCK), + SM3_CBLOCK), }; const EVP_MD *EVP_sm3(void) --- crypto/openssl/crypto/sm3/sm3.c.orig +++ crypto/openssl/crypto/sm3/sm3.c @@ -46,9 +46,9 @@ H = ctx->H; /* - * We have to load all message bytes immediately since SM3 reads - * them slightly out of order. - */ + * We have to load all message bytes immediately since SM3 reads + * them slightly out of order. + */ (void)HOST_c2l(data, W00); (void)HOST_c2l(data, W01); (void)HOST_c2l(data, W02); --- crypto/openssl/crypto/sm3/sm3_local.h.orig +++ crypto/openssl/crypto/sm3/sm3_local.h @@ -14,25 +14,33 @@ #define DATA_ORDER_IS_BIG_ENDIAN -#define HASH_LONG SM3_WORD -#define HASH_CTX SM3_CTX -#define HASH_CBLOCK SM3_CBLOCK -#define HASH_UPDATE ossl_sm3_update -#define HASH_TRANSFORM ossl_sm3_transform -#define HASH_FINAL ossl_sm3_final -#define HASH_MAKE_STRING(c, s) \ - do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll, (s)); \ - ll=(c)->B; (void)HOST_l2c(ll, (s)); \ - ll=(c)->C; (void)HOST_l2c(ll, (s)); \ - ll=(c)->D; (void)HOST_l2c(ll, (s)); \ - ll=(c)->E; (void)HOST_l2c(ll, (s)); \ - ll=(c)->F; (void)HOST_l2c(ll, (s)); \ - ll=(c)->G; (void)HOST_l2c(ll, (s)); \ - ll=(c)->H; (void)HOST_l2c(ll, (s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER ossl_sm3_block_data_order +#define HASH_LONG SM3_WORD +#define HASH_CTX SM3_CTX +#define HASH_CBLOCK SM3_CBLOCK +#define HASH_UPDATE ossl_sm3_update +#define HASH_TRANSFORM ossl_sm3_transform +#define HASH_FINAL ossl_sm3_final +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned long ll; \ + ll = (c)->A; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->B; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->C; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->D; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->E; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->F; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->G; \ + (void)HOST_l2c(ll, (s)); \ + ll = (c)->H; \ + (void)HOST_l2c(ll, (s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER ossl_sm3_block_data_order void ossl_sm3_block_data_order(SM3_CTX *c, const void *p, size_t num); void ossl_sm3_transform(SM3_CTX *c, const unsigned char *data); @@ -42,33 +50,33 @@ #define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17)) #define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) -#define FF0(X,Y,Z) (X ^ Y ^ Z) -#define GG0(X,Y,Z) (X ^ Y ^ Z) +#define FF0(X, Y, Z) (X ^ Y ^ Z) +#define GG0(X, Y, Z) (X ^ Y ^ Z) -#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z)) -#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z)))) +#define FF1(X, Y, Z) ((X & Y) | ((X | Y) & Z)) +#define GG1(X, Y, Z) ((Z ^ (X & (Y ^ Z)))) -#define EXPAND(W0,W7,W13,W3,W10) \ - (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10) +#define EXPAND(W0, W7, W13, W3, W10) \ + (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10) -#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG) \ - do { \ - const SM3_WORD A12 = ROTATE(A, 12); \ - const SM3_WORD A12_SM = A12 + E + TJ; \ - const SM3_WORD SS1 = ROTATE(A12_SM, 7); \ - const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \ - const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi; \ - B = ROTATE(B, 9); \ - D = TT1; \ - F = ROTATE(F, 19); \ - H = P0(TT2); \ - } while(0) +#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG) \ + do { \ + const SM3_WORD A12 = ROTATE(A, 12); \ + const SM3_WORD A12_SM = A12 + E + TJ; \ + const SM3_WORD SS1 = ROTATE(A12_SM, 7); \ + const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \ + const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi; \ + B = ROTATE(B, 9); \ + D = TT1; \ + F = ROTATE(F, 19); \ + H = P0(TT2); \ + } while (0) -#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ - RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0) +#define R1(A, B, C, D, E, F, G, H, TJ, Wi, Wj) \ + RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF0, GG0) -#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ - RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1) +#define R2(A, B, C, D, E, F, G, H, TJ, Wi, Wj) \ + RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF1, GG1) #define SM3_A 0x7380166fUL #define SM3_B 0x4914b2b9UL --- crypto/openssl/crypto/sm4/sm4.c.orig +++ crypto/openssl/crypto/sm4/sm4.c @@ -83,7 +83,8 @@ 0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212, 0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373, 0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8, - 0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 }; + 0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 +}; static ossl_inline uint32_t rotl(uint32_t a, uint8_t n) { @@ -92,10 +93,7 @@ static ossl_inline uint32_t load_u32_be(const uint8_t *b, uint32_t n) { - return ((uint32_t)b[4 * n] << 24) | - ((uint32_t)b[4 * n + 1] << 16) | - ((uint32_t)b[4 * n + 2] << 8) | - ((uint32_t)b[4 * n + 3]); + return ((uint32_t)b[4 * n] << 24) | ((uint32_t)b[4 * n + 1] << 16) | ((uint32_t)b[4 * n + 2] << 8) | ((uint32_t)b[4 * n + 3]); } static ossl_inline void store_u32_be(uint32_t v, uint8_t *b) @@ -123,10 +121,7 @@ static ossl_inline uint32_t SM4_T(uint32_t X) { - return SM4_SBOX_T[(uint8_t)(X >> 24)] ^ - rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^ - rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^ - rotl(SM4_SBOX_T[(uint8_t)X], 8); + return SM4_SBOX_T[(uint8_t)(X >> 24)] ^ rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^ rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^ rotl(SM4_SBOX_T[(uint8_t)X], 8); } int ossl_sm4_set_key(const uint8_t *key, SM4_KEY *ks) @@ -134,8 +129,7 @@ /* * Family Key */ - static const uint32_t FK[4] = - { 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc }; + static const uint32_t FK[4] = { 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc }; /* * Constant Key @@ -176,13 +170,13 @@ return 1; } -#define SM4_RNDS(k0, k1, k2, k3, F) \ - do { \ - B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \ - B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \ - B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \ - B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \ - } while(0) +#define SM4_RNDS(k0, k1, k2, k3, F) \ + do { \ + B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \ + B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \ + B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \ + B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \ + } while (0) void ossl_sm4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) { @@ -195,9 +189,9 @@ * Uses byte-wise sbox in the first and last rounds to provide some * protection from cache based side channels. */ - SM4_RNDS( 0, 1, 2, 3, SM4_T_slow); - SM4_RNDS( 4, 5, 6, 7, SM4_T); - SM4_RNDS( 8, 9, 10, 11, SM4_T); + SM4_RNDS(0, 1, 2, 3, SM4_T_slow); + SM4_RNDS(4, 5, 6, 7, SM4_T); + SM4_RNDS(8, 9, 10, 11, SM4_T); SM4_RNDS(12, 13, 14, 15, SM4_T); SM4_RNDS(16, 17, 18, 19, SM4_T); SM4_RNDS(20, 21, 22, 23, SM4_T); @@ -222,9 +216,9 @@ SM4_RNDS(23, 22, 21, 20, SM4_T); SM4_RNDS(19, 18, 17, 16, SM4_T); SM4_RNDS(15, 14, 13, 12, SM4_T); - SM4_RNDS(11, 10, 9, 8, SM4_T); - SM4_RNDS( 7, 6, 5, 4, SM4_T); - SM4_RNDS( 3, 2, 1, 0, SM4_T_slow); + SM4_RNDS(11, 10, 9, 8, SM4_T); + SM4_RNDS(7, 6, 5, 4, SM4_T); + SM4_RNDS(3, 2, 1, 0, SM4_T_slow); store_u32_be(B3, out); store_u32_be(B2, out + 4); --- crypto/openssl/crypto/sparcv9cap.c.orig +++ crypto/openssl/crypto/sparcv9cap.c @@ -19,9 +19,10 @@ #include "crypto/sparc_arch.h" #if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) +__attribute__((visibility("hidden"))) #endif -unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 }; +unsigned int OPENSSL_sparcv9cap_P[2] + = { SPARCV9_TICK_PRIVILEGED, 0 }; unsigned long _sparcv9_rdtick(void); void _sparcv9_vis1_probe(void); @@ -49,8 +50,7 @@ size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt) { - if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) == - SPARCV9_BLK) + if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) == SPARCV9_BLK) return _sparcv9_vis1_instrument_bus(out, cnt); else return 0; @@ -58,8 +58,7 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) { - if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) == - SPARCV9_BLK) + if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) == SPARCV9_BLK) return _sparcv9_vis1_instrument_bus2(out, cnt, max); else return 0; @@ -72,14 +71,14 @@ } #if defined(__sun) && defined(__SVR4) -# if defined(__GNUC__) && __GNUC__>=2 -extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak)); -# elif defined(__SUNPRO_C) +#if defined(__GNUC__) && __GNUC__ >= 2 +extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__((weak)); +#elif defined(__SUNPRO_C) #pragma weak getisax extern unsigned int getisax(unsigned int vec[], unsigned int sz); -# else -static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL; -# endif +#else +static unsigned int (*getisax)(unsigned int vec[], unsigned int sz) = NULL; +#endif #endif void OPENSSL_cpuid_setup(void) @@ -104,36 +103,47 @@ if (getisax != NULL) { unsigned int vec[2] = { 0, 0 }; - if (getisax (vec,2)) { - if (vec[0]&0x00020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1; - if (vec[0]&0x00040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; - if (vec[0]&0x00080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK; - if (vec[0]&0x00100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; - if (vec[0]&0x00400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; - if (vec[0]&0x01000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJHPCACE; - if (vec[0]&0x02000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJDESX; - if (vec[0]&0x08000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_IMA; - if (vec[0]&0x10000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX; - if (vec[1]&0x00008) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS4; + if (getisax(vec, 2)) { + if (vec[0] & 0x00020) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1; + if (vec[0] & 0x00040) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; + if (vec[0] & 0x00080) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK; + if (vec[0] & 0x00100) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; + if (vec[0] & 0x00400) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; + if (vec[0] & 0x01000) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJHPCACE; + if (vec[0] & 0x02000) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJDESX; + if (vec[0] & 0x08000) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_IMA; + if (vec[0] & 0x10000) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX; + if (vec[1] & 0x00008) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS4; /* reconstruct %cfr copy */ - OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff; - OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1; - if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C; - if (vec[1]&0x00000020) OPENSSL_sparcv9cap_P[1] |= CFR_XMPMUL; - if (vec[1]&0x00000040) - OPENSSL_sparcv9cap_P[1] |= CFR_XMONTMUL|CFR_XMONTSQR; + OPENSSL_sparcv9cap_P[1] = (vec[0] >> 17) & 0x3ff; + OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1] & CFR_MONTMUL) << 1; + if (vec[0] & 0x20000000) + OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C; + if (vec[1] & 0x00000020) + OPENSSL_sparcv9cap_P[1] |= CFR_XMPMUL; + if (vec[1] & 0x00000040) + OPENSSL_sparcv9cap_P[1] |= CFR_XMONTMUL | CFR_XMONTSQR; /* Some heuristics */ /* all known VIS2-capable CPUs have unprivileged tick counter */ - if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2) + if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS2) OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; /* detect UltraSPARC-Tx, see sparccpud.S for details... */ - if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) && - _sparcv9_vis1_instrument() >= 12) + if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS1) && _sparcv9_vis1_instrument() >= 12) OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); } @@ -150,9 +160,9 @@ sigfillset(&all_masked); sigdelset(&all_masked, SIGILL); sigdelset(&all_masked, SIGTRAP); -# ifdef SIGEMT +#ifdef SIGEMT sigdelset(&all_masked, SIGEMT); -# endif +#endif sigdelset(&all_masked, SIGFPE); sigdelset(&all_masked, SIGBUS); sigdelset(&all_masked, SIGSEGV); @@ -208,8 +218,7 @@ * loop on UltraSPARC II running Solaris. Things might be * different on Linux... */ - if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) && - sigsetjmp(common_jmp, 1) == 0) { + if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) && sigsetjmp(common_jmp, 1) == 0) { OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr(); } @@ -220,12 +229,12 @@ if (sizeof(size_t) == 8) OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; -# ifdef __linux +#ifdef __linux else { int ret = syscall(340); if (ret >= 0 && ret & 1) OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; } -# endif +#endif } --- crypto/openssl/crypto/sparse_array.c.orig +++ crypto/openssl/crypto/sparse_array.c @@ -31,9 +31,9 @@ * will be three. */ #ifndef OPENSSL_SA_BLOCK_BITS -# define OPENSSL_SA_BLOCK_BITS 4 +#define OPENSSL_SA_BLOCK_BITS 4 #elif OPENSSL_SA_BLOCK_BITS < 2 || OPENSSL_SA_BLOCK_BITS > (BN_BITS2 - 1) -# error OPENSSL_SA_BLOCK_BITS is out of range +#error OPENSSL_SA_BLOCK_BITS is out of range #endif /* @@ -41,12 +41,12 @@ * the number of pointers in a tree node; * a bit mask to quickly extract an index and * the maximum depth of the tree structure. - */ -#define SA_BLOCK_MAX (1 << OPENSSL_SA_BLOCK_BITS) -#define SA_BLOCK_MASK (SA_BLOCK_MAX - 1) -#define SA_BLOCK_MAX_LEVELS (((int)sizeof(ossl_uintmax_t) * 8 \ - + OPENSSL_SA_BLOCK_BITS - 1) \ - / OPENSSL_SA_BLOCK_BITS) + */ +#define SA_BLOCK_MAX (1 << OPENSSL_SA_BLOCK_BITS) +#define SA_BLOCK_MASK (SA_BLOCK_MAX - 1) +#define SA_BLOCK_MAX_LEVELS (((int)sizeof(ossl_uintmax_t) * 8 \ + + OPENSSL_SA_BLOCK_BITS - 1) \ + / OPENSSL_SA_BLOCK_BITS) struct sparse_array_st { int levels; @@ -63,7 +63,7 @@ } static void sa_doall(const OPENSSL_SA *sa, void (*node)(void **), - void (*leaf)(ossl_uintmax_t, void *, void *), void *arg) + void (*leaf)(ossl_uintmax_t, void *, void *), void *arg) { int i[SA_BLOCK_MAX_LEVELS]; void *nodes[SA_BLOCK_MAX_LEVELS]; @@ -74,7 +74,7 @@ nodes[0] = sa->nodes; while (l >= 0) { const int n = i[l]; - void ** const p = nodes[l]; + void **const p = nodes[l]; if (n >= SA_BLOCK_MAX) { if (p != NULL && node != NULL) @@ -141,8 +141,8 @@ } void ossl_sa_doall_arg(const OPENSSL_SA *sa, - void (*leaf)(ossl_uintmax_t, void *, void *), - void *arg) + void (*leaf)(ossl_uintmax_t, void *, void *), + void *arg) { if (sa != NULL) sa_doall(sa, NULL, leaf, arg); @@ -165,7 +165,7 @@ p = sa->nodes; for (level = sa->levels - 1; p != NULL && level > 0; level--) p = (void **)p[(n >> (OPENSSL_SA_BLOCK_BITS * level)) - & SA_BLOCK_MASK]; + & SA_BLOCK_MASK]; r = p == NULL ? NULL : p[n & SA_BLOCK_MASK]; } return r; @@ -189,7 +189,7 @@ if ((n >>= OPENSSL_SA_BLOCK_BITS) == 0) break; - for (;sa->levels < level; sa->levels++) { + for (; sa->levels < level; sa->levels++) { p = alloc_node(); if (p == NULL) return 0; --- crypto/openssl/crypto/srp/srp_lib.c.orig +++ crypto/openssl/crypto/srp/srp_lib.c @@ -15,16 +15,16 @@ #define OPENSSL_SUPPRESS_DEPRECATED #ifndef OPENSSL_NO_SRP -# include "internal/cryptlib.h" -# include -# include -# include -# include "crypto/bn_srp.h" +#include "internal/cryptlib.h" +#include +#include +#include +#include "crypto/bn_srp.h" /* calculate = SHA1(PAD(x) || PAD(y)) */ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char digest[SHA_DIGEST_LENGTH]; unsigned char *tmp = NULL; @@ -46,22 +46,22 @@ || !EVP_Digest(tmp, numN * 2, digest, NULL, sha1, NULL)) goto err; res = BN_bin2bn(digest, sizeof(digest), NULL); - err: +err: EVP_MD_free(sha1); OPENSSL_free(tmp); return res; } static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g, - OSSL_LIB_CTX *libctx, - const char *propq) + OSSL_LIB_CTX *libctx, + const char *propq) { /* k = SHA1(N | PAD(g)) -- tls-srp RFC 5054 */ return srp_Calc_xy(N, g, N, libctx, propq); } BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { /* u = SHA1(PAD(A) || PAD(B) ) -- tls-srp RFC 5054 */ return srp_Calc_xy(A, B, N, libctx, propq); @@ -74,7 +74,7 @@ } BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, - const BIGNUM *b, const BIGNUM *N) + const BIGNUM *b, const BIGNUM *N) { BIGNUM *tmp = NULL, *S = NULL; BN_CTX *bn_ctx; @@ -97,25 +97,23 @@ BN_free(S); S = NULL; } - err: +err: BN_CTX_free(bn_ctx); BN_clear_free(tmp); return S; } BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq) + const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq) { BIGNUM *kv = NULL, *gb = NULL; BIGNUM *B = NULL, *k = NULL; BN_CTX *bn_ctx; - if (b == NULL || N == NULL || g == NULL || v == NULL || - (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) + if (b == NULL || N == NULL || g == NULL || v == NULL || (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) return NULL; - if ((kv = BN_new()) == NULL || - (gb = BN_new()) == NULL || (B = BN_new()) == NULL) + if ((kv = BN_new()) == NULL || (gb = BN_new()) == NULL || (B = BN_new()) == NULL) goto err; /* B = g**b + k*v */ @@ -127,7 +125,7 @@ BN_free(B); B = NULL; } - err: +err: BN_CTX_free(bn_ctx); BN_clear_free(kv); BN_clear_free(gb); @@ -136,13 +134,13 @@ } BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v) + const BIGNUM *v) { return SRP_Calc_B_ex(b, N, g, v, NULL, NULL); } BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char dig[SHA_DIGEST_LENGTH]; EVP_MD_CTX *ctxt; @@ -181,7 +179,7 @@ res = BN_bin2bn(dig, sizeof(dig), NULL); - err: +err: EVP_MD_free(sha1); OPENSSL_free(cs); EVP_MD_CTX_free(ctxt); @@ -210,8 +208,8 @@ } BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, - OSSL_LIB_CTX *libctx, const char *propq) + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, + OSSL_LIB_CTX *libctx, const char *propq) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; BIGNUM *xtmp = NULL; @@ -221,10 +219,7 @@ || a == NULL || (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) return NULL; - if ((tmp = BN_new()) == NULL || - (tmp2 = BN_new()) == NULL || - (tmp3 = BN_new()) == NULL || - (xtmp = BN_new()) == NULL) + if ((tmp = BN_new()) == NULL || (tmp2 = BN_new()) == NULL || (tmp3 = BN_new()) == NULL || (xtmp = BN_new()) == NULL) goto err; BN_with_flags(xtmp, x, BN_FLG_CONSTTIME); @@ -247,7 +242,7 @@ K = NULL; } - err: +err: BN_CTX_free(bn_ctx); BN_free(xtmp); BN_clear_free(tmp); @@ -258,7 +253,7 @@ } BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) { return SRP_Calc_client_key_ex(N, B, g, x, a, u, NULL, NULL); } @@ -278,7 +273,7 @@ if (!BN_nnmod(r, B, N, bn_ctx)) goto err; ret = !BN_is_zero(r); - err: +err: BN_CTX_free(bn_ctx); BN_free(r); return ret; @@ -291,16 +286,16 @@ } static SRP_gN knowngN[] = { - {"8192", &ossl_bn_generator_19, &ossl_bn_group_8192}, - {"6144", &ossl_bn_generator_5, &ossl_bn_group_6144}, - {"4096", &ossl_bn_generator_5, &ossl_bn_group_4096}, - {"3072", &ossl_bn_generator_5, &ossl_bn_group_3072}, - {"2048", &ossl_bn_generator_2, &ossl_bn_group_2048}, - {"1536", &ossl_bn_generator_2, &ossl_bn_group_1536}, - {"1024", &ossl_bn_generator_2, &ossl_bn_group_1024}, + { "8192", &ossl_bn_generator_19, &ossl_bn_group_8192 }, + { "6144", &ossl_bn_generator_5, &ossl_bn_group_6144 }, + { "4096", &ossl_bn_generator_5, &ossl_bn_group_4096 }, + { "3072", &ossl_bn_generator_5, &ossl_bn_group_3072 }, + { "2048", &ossl_bn_generator_2, &ossl_bn_group_2048 }, + { "1536", &ossl_bn_generator_2, &ossl_bn_group_1536 }, + { "1024", &ossl_bn_generator_2, &ossl_bn_group_1024 }, }; -# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN) +#define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN) /* * Check if G and N are known parameters. The values have been generated --- crypto/openssl/crypto/srp/srp_vfy.c.orig +++ crypto/openssl/crypto/srp/srp_vfy.c @@ -15,18 +15,18 @@ #define OPENSSL_SUPPRESS_DEPRECATED #ifndef OPENSSL_NO_SRP -# include "internal/cryptlib.h" -# include "crypto/evp.h" -# include -# include -# include -# include -# include -# include -# include - -# define SRP_RANDOM_SALT_LEN 20 -# define MAX_LEN 2500 +#include "internal/cryptlib.h" +#include "crypto/evp.h" +#include +#include +#include +#include +#include +#include +#include + +#define SRP_RANDOM_SALT_LEN 20 +#define MAX_LEN 2500 /* * Note that SRP uses its own variant of base 64 encoding. A different base64 @@ -84,7 +84,7 @@ /* Add any encoded padding that is required */ if (padsize != 0 - && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { + && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { outl = -1; goto err; } @@ -120,7 +120,7 @@ outl -= padsize; } - err: +err: EVP_ENCODE_CTX_free(ctx); return outl; @@ -134,15 +134,14 @@ { EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); int outl = 0, outl2 = 0; - unsigned char pad[2] = {0, 0}; + unsigned char pad[2] = { 0, 0 }; size_t leadz = 0; if (ctx == NULL) return 0; EVP_EncodeInit(ctx); - evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES - | EVP_ENCODE_CTX_USE_SRP_ALPHABET); + evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES | EVP_ENCODE_CTX_USE_SRP_ALPHABET); /* * We pad at the front with zero bytes until the length is a multiple of 3 @@ -151,14 +150,14 @@ */ leadz = 3 - (size % 3); if (leadz != 3 - && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad, - leadz)) { + && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad, + leadz)) { EVP_ENCODE_CTX_free(ctx); return 0; } if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src, - size)) { + size)) { EVP_ENCODE_CTX_free(ctx); return 0; } @@ -205,14 +204,14 @@ } void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g, - const BIGNUM *N) + const BIGNUM *N) { vinfo->N = N; vinfo->g = g; } int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id, - const char *info) + const char *info) { OPENSSL_free(vinfo->id); OPENSSL_free(vinfo->info); @@ -224,7 +223,7 @@ } static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, - const char *v) + const char *v) { unsigned char tmp[MAX_LEN]; int len; @@ -244,7 +243,7 @@ if (vinfo->s == NULL) goto err; return 1; - err: +err: BN_free(vinfo->v); vinfo->v = NULL; return 0; @@ -271,8 +270,8 @@ SRP_user_pwd_set_gN(ret, src->g, src->N); if (!SRP_user_pwd_set1_ids(ret, src->id, src->info) || !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) { - SRP_user_pwd_free(ret); - return NULL; + SRP_user_pwd_free(ret); + return NULL; } return ret; } @@ -331,7 +330,7 @@ return newgN; OPENSSL_free(newgN->b64_bn); - err: +err: OPENSSL_free(newgN); return NULL; } @@ -373,7 +372,7 @@ if (strcmp(cache->b64_bn, ch) == 0) return cache->bn; } - { /* it is the first time that we find it */ + { /* it is the first time that we find it */ SRP_gN_cache *newgN = SRP_gN_new_init(ch); if (newgN) { if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0) @@ -435,9 +434,9 @@ if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier])) - == NULL + == NULL || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt])) - == NULL + == NULL || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0) goto err; @@ -456,13 +455,11 @@ goto err; SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N); - if (!SRP_user_pwd_set1_ids - (user_pwd, pp[DB_srpid], pp[DB_srpinfo])) + if (!SRP_user_pwd_set1_ids(user_pwd, pp[DB_srpid], pp[DB_srpinfo])) goto err; error_code = SRP_ERR_VBASE_BN_LIB; - if (!SRP_user_pwd_set_sv - (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier])) + if (!SRP_user_pwd_set_sv(user_pwd, pp[DB_srpsalt], pp[DB_srpverifier])) goto err; if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0) @@ -485,7 +482,7 @@ } error_code = SRP_NO_ERROR; - err: +err: /* * there may be still some leaks to fix, if this fails, the application * terminates most likely @@ -504,7 +501,6 @@ sk_SRP_gN_free(SRP_gN_tab); return error_code; - } static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username) @@ -531,7 +527,7 @@ return 1; } -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* * DEPRECATED: use SRP_VBASE_get1_by_user instead. * This method ignores the configured seed and fails for an unknown user. @@ -542,7 +538,7 @@ { return find_user(vb, username); } -# endif +#endif /* * Ownership of the returned pointer is released to the caller. @@ -562,11 +558,10 @@ if ((user = find_user(vb, username)) != NULL) return srp_user_pwd_dup(user); - if ((vb->seed_key == NULL) || - (vb->default_g == NULL) || (vb->default_N == NULL)) + if ((vb->seed_key == NULL) || (vb->default_g == NULL) || (vb->default_N == NULL)) return NULL; -/* if the user is unknown we set parameters as well if we have a seed_key */ + /* if the user is unknown we set parameters as well if we have a seed_key */ if ((user = SRP_user_pwd_new()) == NULL) return NULL; @@ -593,11 +588,11 @@ EVP_MD_free(md); md = NULL; if (SRP_user_pwd_set0_sv(user, - BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), - BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) + BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), + BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) return user; - err: +err: EVP_MD_free(md); EVP_MD_CTX_free(ctxt); SRP_user_pwd_free(user); @@ -608,8 +603,8 @@ * create a verifier (*salt,*verifier,g and N are in base64) */ char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g, - OSSL_LIB_CTX *libctx, const char *propq) + char **verifier, const char *N, const char *g, + OSSL_LIB_CTX *libctx, const char *propq) { int len; char *result = NULL, *vf = NULL; @@ -620,8 +615,7 @@ char *defgNid = NULL; int vfsize = 0; - if ((user == NULL) || - (pass == NULL) || (salt == NULL) || (verifier == NULL)) + if ((user == NULL) || (pass == NULL) || (salt == NULL) || (verifier == NULL)) goto err; if (N) { @@ -631,7 +625,7 @@ if (N_bn_alloc == NULL) goto err; N_bn = N_bn_alloc; - if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0) + if ((len = t_fromb64(tmp, sizeof(tmp), g)) <= 0) goto err; g_bn_alloc = BN_bin2bn(tmp, len, NULL); if (g_bn_alloc == NULL) @@ -661,7 +655,7 @@ goto err; if (!SRP_create_verifier_BN_ex(user, pass, &s, &v, N_bn, g_bn, libctx, - propq)) + propq)) goto err; if (BN_bn2bin(v, tmp) < 0) @@ -689,7 +683,7 @@ vf = NULL; result = defgNid; - err: +err: BN_free(N_bn_alloc); BN_free(g_bn_alloc); OPENSSL_clear_free(vf, vfsize); @@ -699,7 +693,7 @@ } char *SRP_create_verifier(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g) + char **verifier, const char *N, const char *g) { return SRP_create_verifier_ex(user, pass, salt, verifier, N, g, NULL, NULL); } @@ -714,9 +708,9 @@ * BIGNUMS. */ int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g, OSSL_LIB_CTX *libctx, - const char *propq) + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g, OSSL_LIB_CTX *libctx, + const char *propq) { int result = 0; BIGNUM *x = NULL; @@ -724,10 +718,7 @@ unsigned char tmp2[MAX_LEN]; BIGNUM *salttmp = NULL, *verif; - if ((user == NULL) || - (pass == NULL) || - (salt == NULL) || - (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL)) + if ((user == NULL) || (pass == NULL) || (salt == NULL) || (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL)) goto err; if (*salt == NULL) { @@ -758,7 +749,7 @@ *salt = salttmp; *verifier = verif; - err: +err: if (salt != NULL && *salt != salttmp) BN_clear_free(salttmp); BN_clear_free(x); @@ -767,10 +758,10 @@ } int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g) + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g) { return SRP_create_verifier_BN_ex(user, pass, salt, verifier, N, g, NULL, - NULL); + NULL); } #endif --- crypto/openssl/crypto/stack/stack.c.orig +++ crypto/openssl/crypto/stack/stack.c @@ -12,14 +12,15 @@ #include "internal/numbers.h" #include #include -#include /* For ossl_inline */ +#include /* For ossl_inline */ /* * The initial number of nodes in the array. */ static const int min_nodes = 4; static const int max_nodes = SIZE_MAX / sizeof(void *) < INT_MAX - ? (int)(SIZE_MAX / sizeof(void *)) : INT_MAX; + ? (int)(SIZE_MAX / sizeof(void *)) + : INT_MAX; struct stack_st { int num; @@ -30,7 +31,7 @@ }; OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, - OPENSSL_sk_compfunc c) + OPENSSL_sk_compfunc c) { OPENSSL_sk_compfunc old = sk->comp; @@ -71,15 +72,15 @@ memcpy(ret->data, sk->data, sizeof(void *) * sk->num); return ret; - err: +err: ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); OPENSSL_sk_free(ret); return NULL; } OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, - OPENSSL_sk_copyfunc copy_func, - OPENSSL_sk_freefunc free_func) + OPENSSL_sk_copyfunc copy_func, + OPENSSL_sk_freefunc free_func) { OPENSSL_STACK *ret; int i; @@ -120,7 +121,7 @@ } return ret; - err: +err: ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); OPENSSL_sk_free(ret); return NULL; @@ -275,7 +276,7 @@ st->data[st->num] = data; } else { memmove(&st->data[loc + 1], &st->data[loc], - sizeof(st->data[0]) * (st->num - loc)); + sizeof(st->data[0]) * (st->num - loc)); st->data[loc] = data; } st->num++; @@ -289,7 +290,7 @@ if (loc != st->num - 1) memmove(&st->data[loc], &st->data[loc + 1], - sizeof(st->data[0]) * (st->num - loc - 1)); + sizeof(st->data[0]) * (st->num - loc - 1)); st->num--; return (void *)ret; @@ -317,7 +318,7 @@ } static int internal_find(OPENSSL_STACK *st, const void *data, - int ret_val_options, int *pnum) + int ret_val_options, int *pnum) { const void *r; int i; @@ -347,7 +348,7 @@ if (pnum != NULL) ret_val_options |= OSSL_BSEARCH_FIRST_VALUE_ON_MATCH; r = ossl_bsearch(&data, st->data, st->num, sizeof(void *), st->comp, - ret_val_options); + ret_val_options); if (pnum != NULL) { *pnum = 0; @@ -455,7 +456,7 @@ } if (i < 0 || i >= st->num) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT, - "i=%d", i); + "i=%d", i); return NULL; } st->data[i] = data; --- crypto/openssl/crypto/store/store_err.c.orig +++ crypto/openssl/crypto/store/store_err.c @@ -15,52 +15,52 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = { - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE), - "ambiguous content type"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ), - "bad password read"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC), - "error verifying pkcs12 mac"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST), - "fingerprint size does not match digest"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME), - "invalid scheme"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE), - "loader incomplete"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED), - "loading started"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE), - "not a certificate"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_PRIVATE_KEY), - "not a private key"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_PUBLIC_KEY), - "not a public key"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS), - "not parameters"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NO_LOADERS_FOUND), - "no loaders found"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR), - "passphrase callback error"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE), - "path must be absolute"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), - "search only supported for directories"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED), - "ui process interrupted or cancelled"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME), - "unregistered scheme"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION), - "unsupported operation"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE), - "unsupported search type"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED), - "uri authority unsupported"}, - {0, NULL} + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE), + "ambiguous content type" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ), + "bad password read" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC), + "error verifying pkcs12 mac" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST), + "fingerprint size does not match digest" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME), + "invalid scheme" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE), + "loader incomplete" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED), + "loading started" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE), + "not a certificate" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_PRIVATE_KEY), + "not a private key" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_PUBLIC_KEY), + "not a public key" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS), + "not parameters" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NO_LOADERS_FOUND), + "no loaders found" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR), + "passphrase callback error" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE), + "path must be absolute" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), + "search only supported for directories" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED), + "ui process interrupted or cancelled" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME), + "unregistered scheme" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION), + "unsupported operation" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE), + "unsupported search type" }, + { ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED), + "uri authority unsupported" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/store/store_lib.c.orig +++ crypto/openssl/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,38 +33,39 @@ static int ossl_store_close_it(OSSL_STORE_CTX *ctx); static int loader_set_params(OSSL_STORE_LOADER *loader, - OSSL_STORE_LOADER_CTX *loader_ctx, - const OSSL_PARAM params[], const char *propq) + OSSL_STORE_LOADER_CTX *loader_ctx, + const OSSL_PARAM params[], const char *propq) { - if (params != NULL) { - if (!loader->p_set_ctx_params(loader_ctx, params)) - return 0; - } + if (params != NULL) { + if (!loader->p_set_ctx_params(loader_ctx, params)) + return 0; + } - if (propq != NULL) { - OSSL_PARAM propp[2]; + if (propq != NULL) { + OSSL_PARAM propp[2]; - if (OSSL_PARAM_locate_const(params, - OSSL_STORE_PARAM_PROPERTIES) != NULL) - /* use the propq from params */ - return 1; + if (OSSL_PARAM_locate_const(params, + OSSL_STORE_PARAM_PROPERTIES) + != NULL) + /* use the propq from params */ + return 1; - propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES, - (char *)propq, 0); - propp[1] = OSSL_PARAM_construct_end(); + propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES, + (char *)propq, 0); + propp[1] = OSSL_PARAM_construct_end(); - if (!loader->p_set_ctx_params(loader_ctx, propp)) - return 0; + if (!loader->p_set_ctx_params(loader_ctx, propp)) + return 0; } return 1; } OSSL_STORE_CTX * OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data, - const OSSL_PARAM params[], - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data) + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[], + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data) { const OSSL_STORE_LOADER *loader = NULL; OSSL_STORE_LOADER *fetched_loader = NULL; @@ -76,6 +77,11 @@ size_t schemes_n = 0; size_t i; + if (uri == NULL) { + ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + /* * Put the file scheme first. If the uri does represent an existing file, * possible device name and all, then it should be loaded. Only a failed @@ -95,7 +101,7 @@ *p++ = '\0'; if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) { if (strncmp(p, "//", 2) == 0) - schemes_n--; /* Invalidate the file scheme */ + schemes_n--; /* Invalidate the file scheme */ schemes[schemes_n++] = scheme_copy; } } @@ -118,16 +124,14 @@ no_loader_found = 0; if (loader->open_ex != NULL) loader_ctx = loader->open_ex(loader, uri, libctx, propq, - ui_method, ui_data); + ui_method, ui_data); else loader_ctx = loader->open(loader, uri, ui_method, ui_data); } #endif if (loader == NULL - && (fetched_loader = - OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) { - const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_get0_provider(fetched_loader); + && (fetched_loader = OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) { + const OSSL_PROVIDER *provider = OSSL_STORE_LOADER_get0_provider(fetched_loader); void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); no_loader_found = 0; @@ -135,8 +139,8 @@ if (loader_ctx == NULL) { OSSL_STORE_LOADER_free(fetched_loader); fetched_loader = NULL; - } else if(!loader_set_params(fetched_loader, loader_ctx, - params, propq)) { + } else if (!loader_set_params(fetched_loader, loader_ctx, + params, propq)) { (void)fetched_loader->p_close(loader_ctx); OSSL_STORE_LOADER_free(fetched_loader); fetched_loader = NULL; @@ -191,14 +195,16 @@ return ctx; - err: +err: ERR_clear_last_mark(); if (loader_ctx != NULL) { /* * Temporary structure so OSSL_STORE_close() can work even when * |ctx| couldn't be allocated properly */ - OSSL_STORE_CTX tmpctx = { NULL, }; + OSSL_STORE_CTX tmpctx = { + NULL, + }; tmpctx.fetched_loader = fetched_loader; tmpctx.loader = loader; @@ -218,12 +224,12 @@ } OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, - const UI_METHOD *ui_method, void *ui_data, - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data) + const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data) { return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL, - post_process, post_process_data); + post_process, post_process_data); } #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -246,19 +252,17 @@ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; switch (cmd) { - case OSSL_STORE_C_USE_SECMEM: - { - int on = *(va_arg(args, int *)); + case OSSL_STORE_C_USE_SECMEM: { + int on = *(va_arg(args, int *)); - params[0] = OSSL_PARAM_construct_int("use_secmem", &on); - } - break; + params[0] = OSSL_PARAM_construct_int("use_secmem", &on); + } break; default: break; } return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, - params); + params); } } else if (ctx->loader->ctrl != NULL) { return ctx->loader->ctrl(ctx->loader_ctx, cmd, args); @@ -277,7 +281,7 @@ int ret = 1; if (ctx == NULL - || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) { + || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) { ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -291,8 +295,7 @@ && ctx->fetched_loader->p_set_ctx_params != NULL) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = - OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type); + params[0] = OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type); ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params); } #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -336,49 +339,51 @@ return 0; } - ret = 0; /* Assume the worst */ + ret = 0; /* Assume the worst */ switch (search->search_type) { case OSSL_STORE_SEARCH_BY_NAME: if ((name_der_sz = i2d_X509_NAME(search->name, - (unsigned char **)&name_der)) > 0 + (unsigned char **)&name_der)) + > 0 && OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_STORE_PARAM_SUBJECT, - name_der, name_der_sz)) + OSSL_STORE_PARAM_SUBJECT, + name_der, name_der_sz)) ret = 1; break; case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL: if ((name_der_sz = i2d_X509_NAME(search->name, - (unsigned char **)&name_der)) > 0 + (unsigned char **)&name_der)) + > 0 && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL && OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_STORE_PARAM_ISSUER, - name_der, name_der_sz) + OSSL_STORE_PARAM_ISSUER, + name_der, name_der_sz) && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL, - number)) + number)) ret = 1; break; case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT: if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST, - EVP_MD_get0_name(search->digest), - 0) + EVP_MD_get0_name(search->digest), + 0) && OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_STORE_PARAM_FINGERPRINT, - search->string, - search->stringlength)) + OSSL_STORE_PARAM_FINGERPRINT, + search->string, + search->stringlength)) ret = 1; break; case OSSL_STORE_SEARCH_BY_ALIAS: if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS, - (char *)search->string, - search->stringlength)) + (char *)search->string, + search->stringlength)) ret = 1; break; } if (ret) { params = OSSL_PARAM_BLD_to_param(bld); ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, - params); + params); OSSL_PARAM_free(params); } OSSL_PARAM_BLD_free(bld); @@ -403,19 +408,13 @@ OSSL_STORE_INFO *v = NULL; ctx->loading = 1; - again: +again: if (OSSL_STORE_eof(ctx)) return NULL; if (ctx->loader != NULL) OSSL_TRACE(STORE, "Loading next object\n"); - if (ctx->cached_info != NULL - && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { - sk_OSSL_STORE_INFO_free(ctx->cached_info); - ctx->cached_info = NULL; - } - if (ctx->cached_info != NULL) { v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); } else { @@ -427,10 +426,10 @@ ctx->error_flag = 0; if (!ctx->fetched_loader->p_load(ctx->loader_ctx, - ossl_store_handle_load_result, - &load_data, - ossl_pw_passphrase_callback_dec, - &ctx->pwdata)) { + ossl_store_handle_load_result, + &load_data, + ossl_pw_passphrase_callback_dec, + &ctx->pwdata)) { ctx->error_flag = 1; return NULL; } @@ -439,8 +438,8 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->fetched_loader == NULL) v = ctx->loader->load(ctx->loader_ctx, - ctx->pwdata._.ui_method.ui_method, - ctx->pwdata._.ui_method.ui_method_data); + ctx->pwdata._.ui_method.ui_method, + ctx->pwdata._.ui_method.ui_method_data); #endif } @@ -471,7 +470,7 @@ if (v != NULL) OSSL_TRACE1(STORE, "Got a %s\n", - OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v))); + OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v))); return v; } @@ -491,14 +490,23 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) { - int ret = 1; + int ret = 0; - if (ctx->fetched_loader != NULL) - ret = ctx->loader->p_eof(ctx->loader_ctx); + if (ctx->cached_info != NULL + && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { + sk_OSSL_STORE_INFO_free(ctx->cached_info); + ctx->cached_info = NULL; + } + + if (ctx->cached_info == NULL) { + ret = 1; + if (ctx->fetched_loader != NULL) + ret = ctx->loader->p_eof(ctx->loader_ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - ret = ctx->loader->eof(ctx->loader_ctx); + if (ctx->fetched_loader == NULL) + ret = ctx->loader->eof(ctx->loader_ctx); #endif + } return ret != 0; } @@ -668,7 +676,8 @@ { if (info->type == OSSL_STORE_INFO_NAME) { char *ret = OPENSSL_strdup(info->_.name.desc - ? info->_.name.desc : ""); + ? info->_.name.desc + : ""); if (ret == NULL) ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); @@ -799,8 +808,7 @@ int ret = 0; if (ctx->fetched_loader != NULL) { - void *provctx = - ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader)); + void *provctx = ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader)); const OSSL_PARAM *params; const OSSL_PARAM *p_subject = NULL; const OSSL_PARAM *p_issuer = NULL; @@ -815,8 +823,7 @@ p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT); p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER); p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL); - p_fingerprint = - OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT); + p_fingerprint = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT); p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS); switch (search_type) { @@ -863,7 +870,7 @@ } OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, - const ASN1_INTEGER *serial) + const ASN1_INTEGER *serial) { OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); @@ -879,8 +886,9 @@ } OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, - const unsigned char - *bytes, size_t len) + const unsigned char + *bytes, + size_t len) { OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); @@ -891,9 +899,9 @@ if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) { ERR_raise_data(ERR_LIB_OSSL_STORE, - OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST, - "%s size is %d, fingerprint size is %zu", - EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len); + OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST, + "%s size is %d, fingerprint size is %zu", + EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len); OPENSSL_free(search); return NULL; } @@ -938,13 +946,14 @@ } const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH - *criterion) + *criterion) { return criterion->serial; } const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH - *criterion, size_t *length) + *criterion, + size_t *length) { *length = criterion->stringlength; return criterion->string; @@ -961,11 +970,11 @@ } OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, - OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data, - const OSSL_PARAM params[], - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data) + OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[], + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data) { const OSSL_STORE_LOADER *loader = NULL; OSSL_STORE_LOADER *fetched_loader = NULL; @@ -980,13 +989,11 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) loader_ctx = loader->attach(loader, bp, libctx, propq, - ui_method, ui_data); + ui_method, ui_data); #endif if (loader == NULL - && (fetched_loader = - OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) { - const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_get0_provider(fetched_loader); + && (fetched_loader = OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) { + const OSSL_PROVIDER *provider = OSSL_STORE_LOADER_get0_provider(fetched_loader); void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp); @@ -995,7 +1002,7 @@ OSSL_STORE_LOADER_free(fetched_loader); fetched_loader = NULL; } else if (!loader_set_params(fetched_loader, loader_ctx, - params, propq)) { + params, propq)) { (void)fetched_loader->p_close(loader_ctx); OSSL_STORE_LOADER_free(fetched_loader); fetched_loader = NULL; --- crypto/openssl/crypto/store/store_local.h.orig +++ crypto/openssl/crypto/store/store_local.h @@ -26,18 +26,18 @@ struct ossl_store_info_st { int type; union { - void *data; /* used internally as generic pointer */ + void *data; /* used internally as generic pointer */ struct { char *name; char *desc; - } name; /* when type == OSSL_STORE_INFO_NAME */ + } name; /* when type == OSSL_STORE_INFO_NAME */ - EVP_PKEY *params; /* when type == OSSL_STORE_INFO_PARAMS */ - EVP_PKEY *pubkey; /* when type == OSSL_STORE_INFO_PUBKEY */ - EVP_PKEY *pkey; /* when type == OSSL_STORE_INFO_PKEY */ - X509 *x509; /* when type == OSSL_STORE_INFO_CERT */ - X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */ + EVP_PKEY *params; /* when type == OSSL_STORE_INFO_PARAMS */ + EVP_PKEY *pubkey; /* when type == OSSL_STORE_INFO_PUBKEY */ + EVP_PKEY *pkey; /* when type == OSSL_STORE_INFO_PKEY */ + X509 *x509; /* when type == OSSL_STORE_INFO_CERT */ + X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */ } _; }; DEFINE_STACK_OF(OSSL_STORE_INFO) @@ -166,15 +166,15 @@ * ------------------- */ OSSL_STORE_LOADER *ossl_store_loader_fetch(OSSL_LIB_CTX *libctx, - const char *scheme, - const char *properties); + const char *scheme, + const char *properties); OSSL_STORE_LOADER *ossl_store_loader_fetch_by_number(OSSL_LIB_CTX *libctx, - int scheme_id, - const char *properties); + int scheme_id, + const char *properties); /* Standard function to handle the result from OSSL_FUNC_store_load() */ struct ossl_load_result_data_st { - OSSL_STORE_INFO *v; /* To be filled in */ + OSSL_STORE_INFO *v; /* To be filled in */ OSSL_STORE_CTX *ctx; }; OSSL_CALLBACK ossl_store_handle_load_result; --- crypto/openssl/crypto/store/store_meth.c.orig +++ crypto/openssl/crypto/store/store_meth.c @@ -79,7 +79,6 @@ return ossl_method_store_new(ctx); } - static const OSSL_LIB_CTX_METHOD loader_store_method = { /* We want loader_store to be cleaned up before the provider store */ OSSL_LIB_CTX_METHOD_PRIORITY_2, @@ -90,9 +89,9 @@ /* Data to be passed through ossl_method_construct() */ struct loader_data_st { OSSL_LIB_CTX *libctx; - int scheme_id; /* For get_loader_from_store() */ - const char *scheme; /* For get_loader_from_store() */ - const char *propquery; /* For get_loader_from_store() */ + int scheme_id; /* For get_loader_from_store() */ + const char *scheme; /* For get_loader_from_store() */ + const char *propquery; /* For get_loader_from_store() */ OSSL_METHOD_STORE *tmp_store; /* For get_tmp_loader_store() */ @@ -114,7 +113,7 @@ return methdata->tmp_store; } - static void dealloc_tmp_loader_store(void *store) +static void dealloc_tmp_loader_store(void *store) { if (store != NULL) ossl_method_store_free(store); @@ -124,7 +123,7 @@ static OSSL_METHOD_STORE *get_loader_store(OSSL_LIB_CTX *libctx) { return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX, - &loader_store_method); + &loader_store_method); } static int reserve_loader_store(void *store, void *data) @@ -151,7 +150,7 @@ /* Get loader methods from a store, or put one in */ static void *get_loader_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) + void *data) { struct loader_data_st *methdata = data; void *method = NULL; @@ -173,9 +172,9 @@ } static int put_loader_in_store(void *store, void *method, - const OSSL_PROVIDER *prov, - const char *scheme, const char *propdef, - void *data) + const OSSL_PROVIDER *prov, + const char *scheme, const char *propdef, + void *data) { struct loader_data_st *methdata = data; OSSL_NAMEMAP *namemap; @@ -189,11 +188,11 @@ return 0; return ossl_method_store_add(store, prov, id, propdef, method, - up_ref_loader, free_loader); + up_ref_loader, free_loader); } static void *loader_from_algorithm(int scheme_id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov) { OSSL_STORE_LOADER *loader = NULL; const OSSL_DISPATCH *fns = algodef->implementation; @@ -216,8 +215,7 @@ break; case OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS: if (loader->p_settable_ctx_params == NULL) - loader->p_settable_ctx_params = - OSSL_FUNC_store_settable_ctx_params(fns); + loader->p_settable_ctx_params = OSSL_FUNC_store_settable_ctx_params(fns); break; case OSSL_FUNC_STORE_SET_CTX_PARAMS: if (loader->p_set_ctx_params == NULL) @@ -260,7 +258,7 @@ * then call loader_from_algorithm() with that identity number. */ static void *construct_loader(const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov, void *data) + OSSL_PROVIDER *prov, void *data) { /* * This function is only called if get_loader_from_store() returned @@ -298,7 +296,7 @@ /* Fetching support. Can fetch by numeric identity or by scheme */ static OSSL_STORE_LOADER * inner_loader_fetch(struct loader_data_st *methdata, int id, - const char *scheme, const char *properties) + const char *scheme, const char *properties) { OSSL_METHOD_STORE *store = get_loader_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); @@ -349,8 +347,9 @@ methdata->propquery = propq; methdata->flag_construct_error_occurred = 0; if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_STORE, - &prov, 0 /* !force_cache */, - &mcm, methdata)) != NULL) { + &prov, 0 /* !force_cache */, + &mcm, methdata)) + != NULL) { /* * If construction did create a method for us, we know that there * is a correct scheme_id, since those have already been calculated @@ -359,7 +358,7 @@ if (id == 0) id = ossl_namemap_name2num(namemap, scheme); ossl_method_store_cache_set(store, prov, id, propq, method, - up_ref_loader, free_loader); + up_ref_loader, free_loader); } /* @@ -371,29 +370,28 @@ if ((id != 0 || scheme != NULL) && method == NULL) { int code = unsupported ? ERR_R_UNSUPPORTED : ERR_R_FETCH_FAILED; - const char *helpful_msg = - unsupported - ? ( "No store loader found. For standard store loaders you need " - "at least one of the default or base providers available. " - "Did you forget to load them? Info: " ) + const char *helpful_msg = unsupported + ? ("No store loader found. For standard store loaders you need " + "at least one of the default or base providers available. " + "Did you forget to load them? Info: ") : ""; if (scheme == NULL) scheme = ossl_namemap_num2name(namemap, id, 0); ERR_raise_data(ERR_LIB_OSSL_STORE, code, - "%s%s, Scheme (%s : %d), Properties (%s)", - helpful_msg, - ossl_lib_ctx_get_descriptor(methdata->libctx), - scheme == NULL ? "" : scheme, id, - properties == NULL ? "" : properties); + "%s%s, Scheme (%s : %d), Properties (%s)", + helpful_msg, + ossl_lib_ctx_get_descriptor(methdata->libctx), + scheme == NULL ? "" : scheme, id, + properties == NULL ? "" : properties); } return method; } OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx, - const char *scheme, - const char *properties) + const char *scheme, + const char *properties) { struct loader_data_st methdata; void *method; @@ -406,8 +404,8 @@ } OSSL_STORE_LOADER *ossl_store_loader_fetch_by_number(OSSL_LIB_CTX *libctx, - int scheme_id, - const char *properties) + int scheme_id, + const char *properties) { struct loader_data_st methdata; void *method; @@ -501,9 +499,9 @@ } void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*user_fn)(OSSL_STORE_LOADER *loader, - void *arg), - void *user_arg) + void (*user_fn)(OSSL_STORE_LOADER *loader, + void *arg), + void *user_arg) { struct loader_data_st methdata; struct do_one_data_st data; @@ -521,8 +519,8 @@ } int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, - void (*fn)(const char *name, void *data), - void *data) + void (*fn)(const char *name, void *data), + void *data) { if (loader == NULL) return 0; --- crypto/openssl/crypto/store/store_register.c.orig +++ crypto/openssl/crypto/store/store_register.c @@ -64,71 +64,70 @@ } int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, - OSSL_STORE_open_fn open_function) + OSSL_STORE_open_fn open_function) { loader->open = open_function; return 1; } -int OSSL_STORE_LOADER_set_open_ex - (OSSL_STORE_LOADER *loader, - OSSL_STORE_open_ex_fn open_ex_function) +int OSSL_STORE_LOADER_set_open_ex(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_ex_fn open_ex_function) { loader->open_ex = open_ex_function; return 1; } int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, - OSSL_STORE_attach_fn attach_function) + OSSL_STORE_attach_fn attach_function) { loader->attach = attach_function; return 1; } int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, - OSSL_STORE_ctrl_fn ctrl_function) + OSSL_STORE_ctrl_fn ctrl_function) { loader->ctrl = ctrl_function; return 1; } int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, - OSSL_STORE_expect_fn expect_function) + OSSL_STORE_expect_fn expect_function) { loader->expect = expect_function; return 1; } int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, - OSSL_STORE_find_fn find_function) + OSSL_STORE_find_fn find_function) { loader->find = find_function; return 1; } int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, - OSSL_STORE_load_fn load_function) + OSSL_STORE_load_fn load_function) { loader->load = load_function; return 1; } int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, - OSSL_STORE_eof_fn eof_function) + OSSL_STORE_eof_fn eof_function) { loader->eof = eof_function; return 1; } int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, - OSSL_STORE_error_fn error_function) + OSSL_STORE_error_fn error_function) { loader->error = error_function; return 1; } int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, - OSSL_STORE_close_fn close_function) + OSSL_STORE_close_fn close_function) { loader->closefn = close_function; return 1; @@ -144,7 +143,7 @@ } static int store_loader_cmp(const OSSL_STORE_LOADER *a, - const OSSL_STORE_LOADER *b) + const OSSL_STORE_LOADER *b) { assert(a->scheme != NULL && b->scheme != NULL); return strcmp(a->scheme, b->scheme); @@ -155,7 +154,7 @@ { if (loader_register == NULL) { loader_register = lh_OSSL_STORE_LOADER_new(store_loader_hash, - store_loader_cmp); + store_loader_cmp); } return loader_register != NULL; } @@ -173,13 +172,13 @@ */ if (ossl_isalpha(*scheme)) while (*scheme != '\0' - && (ossl_isalpha(*scheme) - || ossl_isdigit(*scheme) - || strchr("+-.", *scheme) != NULL)) + && (ossl_isalpha(*scheme) + || ossl_isdigit(*scheme) + || strchr("+-.", *scheme) != NULL)) scheme++; if (*scheme != '\0') { ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_INVALID_SCHEME, - "scheme=%s", loader->scheme); + "scheme=%s", loader->scheme); return 0; } @@ -233,9 +232,10 @@ if (!ossl_store_register_init()) ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_INTERNAL_ERROR); else if ((loader = lh_OSSL_STORE_LOADER_retrieve(loader_register, - &template)) == NULL) + &template)) + == NULL) ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNREGISTERED_SCHEME, - "scheme=%s", scheme); + "scheme=%s", scheme); CRYPTO_THREAD_unlock(registry_lock); @@ -263,9 +263,10 @@ if (!ossl_store_register_init()) ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_INTERNAL_ERROR); else if ((loader = lh_OSSL_STORE_LOADER_delete(loader_register, - &template)) == NULL) + &template)) + == NULL) ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNREGISTERED_SCHEME, - "scheme=%s", scheme); + "scheme=%s", scheme); CRYPTO_THREAD_unlock(registry_lock); @@ -289,9 +290,10 @@ */ IMPLEMENT_LHASH_DOALL_ARG_CONST(OSSL_STORE_LOADER, void); -int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER - *loader, void *do_arg), - void *do_arg) +int OSSL_STORE_do_all_loaders(void (*do_function)(const OSSL_STORE_LOADER + *loader, + void *do_arg), + void *do_arg) { if (ossl_store_register_init()) lh_OSSL_STORE_LOADER_doall_void(loader_register, do_function, do_arg); --- crypto/openssl/crypto/store/store_result.c.orig +++ crypto/openssl/crypto/store/store_result.c @@ -31,7 +31,7 @@ * numbers, negative ones should be fine. They must never slip out from * this translation unit anyway. */ -# define OSSL_OBJECT_PKCS12 -1 +#define OSSL_OBJECT_PKCS12 -1 #endif /* @@ -73,22 +73,21 @@ static int try_name(struct extracted_param_data_st *, OSSL_STORE_INFO **); static int try_key(struct extracted_param_data_st *, OSSL_STORE_INFO **, - OSSL_STORE_CTX *, const OSSL_PROVIDER *, - OSSL_LIB_CTX *, const char *); + OSSL_STORE_CTX *, const OSSL_PROVIDER *, + OSSL_LIB_CTX *, const char *); static int try_cert(struct extracted_param_data_st *, OSSL_STORE_INFO **, - OSSL_LIB_CTX *, const char *); + OSSL_LIB_CTX *, const char *); static int try_crl(struct extracted_param_data_st *, OSSL_STORE_INFO **, - OSSL_LIB_CTX *, const char *); + OSSL_LIB_CTX *, const char *); static int try_pkcs12(struct extracted_param_data_st *, OSSL_STORE_INFO **, - OSSL_STORE_CTX *, OSSL_LIB_CTX *, const char *); + OSSL_STORE_CTX *, OSSL_LIB_CTX *, const char *); int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg) { struct ossl_load_result_data_st *cbdata = arg; OSSL_STORE_INFO **v = &cbdata->v; OSSL_STORE_CTX *ctx = cbdata->ctx; - const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader); + const OSSL_PROVIDER *provider = OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader); OSSL_LIB_CTX *libctx = ossl_provider_libctx(provider); const char *propq = ctx->properties; const OSSL_PARAM *p; @@ -107,7 +106,7 @@ p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA); if (p != NULL && !OSSL_PARAM_get_octet_string_ptr(p, &helper_data.octet_data, - &helper_data.octet_data_size) + &helper_data.octet_data_size) && !OSSL_PARAM_get_utf8_string_ptr(p, &helper_data.utf8_data)) return 0; p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_STRUCTURE); @@ -115,8 +114,7 @@ && !OSSL_PARAM_get_utf8_string_ptr(p, &helper_data.data_structure)) return 0; p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_REFERENCE); - if (p != NULL && !OSSL_PARAM_get_octet_string_ptr(p, &helper_data.ref, - &helper_data.ref_size)) + if (p != NULL && !OSSL_PARAM_get_octet_string_ptr(p, &helper_data.ref, &helper_data.ref_size)) return 0; p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DESC); if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &helper_data.desc)) @@ -151,7 +149,7 @@ ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED); return (*v != NULL); - err: +err: ERR_clear_last_mark(); return 0; } @@ -184,9 +182,9 @@ */ static EVP_PKEY *try_key_ref(struct extracted_param_data_st *data, - OSSL_STORE_CTX *ctx, - const OSSL_PROVIDER *provider, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_STORE_CTX *ctx, + const OSSL_PROVIDER *provider, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *pk = NULL; EVP_KEYMGMT *keymgmt = NULL; @@ -214,8 +212,7 @@ keydata = evp_keymgmt_load(keymgmt, data->ref, data->ref_size); } else { struct evp_keymgmt_util_try_import_data_st import_data; - OSSL_FUNC_store_export_object_fn *export_object = - ctx->fetched_loader->p_export_object; + OSSL_FUNC_store_export_object_fn *export_object = ctx->fetched_loader->p_export_object; import_data.keymgmt = keymgmt; import_data.keydata = NULL; @@ -227,9 +224,9 @@ * |import_data.keydata| is as much an indicator. */ (void)export_object(ctx->loader_ctx, - data->ref, data->ref_size, - &evp_keymgmt_util_try_import, - &import_data); + data->ref, data->ref_size, + &evp_keymgmt_util_try_import, + &import_data); } keydata = import_data.keydata; @@ -238,7 +235,7 @@ if (keydata == NULL && try_fallback > 0) { EVP_KEYMGMT_free(keymgmt); keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)provider, - data->data_type, propq); + data->data_type, propq); if (keymgmt != NULL) { ERR_pop_to_mark(); ERR_set_mark(); @@ -257,9 +254,9 @@ } static EVP_PKEY *try_key_value(struct extracted_param_data_st *data, - OSSL_STORE_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_STORE_CTX *ctx, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *pk = NULL; OSSL_DECODER_CTX *decoderctx = NULL; @@ -274,8 +271,7 @@ selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; break; case OSSL_STORE_INFO_PUBKEY: - selection = - OSSL_KEYMGMT_SELECT_PUBLIC_KEY + selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; break; case OSSL_STORE_INFO_PKEY: @@ -285,10 +281,9 @@ return NULL; } - decoderctx = - OSSL_DECODER_CTX_new_for_pkey(&pk, NULL, data->data_structure, - data->data_type, selection, libctx, - propq); + decoderctx = OSSL_DECODER_CTX_new_for_pkey(&pk, NULL, data->data_structure, + data->data_type, selection, libctx, + propq); (void)OSSL_DECODER_CTX_set_passphrase_cb(decoderctx, cb, cbarg); /* No error if this couldn't be decoded */ @@ -302,10 +297,10 @@ typedef OSSL_STORE_INFO *store_info_new_fn(EVP_PKEY *); static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, - store_info_new_fn **store_info_new, - OSSL_STORE_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg, - OSSL_LIB_CTX *libctx, const char *propq) + store_info_new_fn **store_info_new, + OSSL_STORE_CTX *ctx, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *pk = NULL; const unsigned char *der = data->octet_data, *derp; @@ -351,8 +346,8 @@ * will be NULL on error anyway. */ PKCS12_pbe_crypt(alg, pbuf, plen, - oct->data, oct->length, - &new_der, &len, 0); + oct->data, oct->length, + &new_der, &len, 0); der_len = len; der = new_der; } @@ -384,8 +379,8 @@ } static int try_key(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - OSSL_STORE_CTX *ctx, const OSSL_PROVIDER *provider, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_STORE_CTX *ctx, const OSSL_PROVIDER *provider, + OSSL_LIB_CTX *libctx, const char *propq) { store_info_new_fn *store_info_new = NULL; @@ -420,7 +415,7 @@ */ if (pk == NULL) pk = try_key_value_legacy(data, &store_info_new, ctx, - cb, cbarg, libctx, propq); + cb, cbarg, libctx, propq); } if (pk != NULL) { @@ -438,7 +433,7 @@ if (evp_keymgmt_util_has(pk, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) store_info_new = OSSL_STORE_INFO_new_PKEY; else if (evp_keymgmt_util_has(pk, - OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) + OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) store_info_new = OSSL_STORE_INFO_new_PUBKEY; else store_info_new = OSSL_STORE_INFO_new_PARAMS; @@ -454,7 +449,7 @@ } static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { if (data->object_type == OSSL_OBJECT_UNKNOWN || data->object_type == OSSL_OBJECT_CERT) { @@ -479,10 +474,12 @@ ignore_trusted = 0; if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, - data->octet_data_size) == NULL + data->octet_data_size) + == NULL && (!ignore_trusted || d2i_X509(&cert, (const unsigned char **)&data->octet_data, - data->octet_data_size) == NULL)) { + data->octet_data_size) + == NULL)) { X509_free(cert); cert = NULL; } @@ -500,14 +497,14 @@ } static int try_crl(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { if (data->object_type == OSSL_OBJECT_UNKNOWN || data->object_type == OSSL_OBJECT_CRL) { X509_CRL *crl; crl = d2i_X509_CRL(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); + data->octet_data_size); if (crl != NULL) /* We determined the object type */ @@ -528,8 +525,8 @@ } static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - OSSL_STORE_CTX *ctx, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_STORE_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq) { int ok = 1; @@ -539,7 +536,7 @@ PKCS12 *p12; p12 = d2i_PKCS12(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); + data->octet_data_size); if (p12 != NULL) { char *pass = NULL; @@ -551,7 +548,7 @@ data->object_type = OSSL_OBJECT_PKCS12; - ok = 0; /* Assume decryption or parse error */ + ok = 0; /* Assume decryption or parse error */ if (!PKCS12_mac_present(p12) || PKCS12_verify_mac(p12, NULL, 0)) { @@ -562,16 +559,16 @@ static char prompt_info[] = "PKCS12 import pass phrase"; OSSL_PARAM pw_params[] = { OSSL_PARAM_utf8_string(OSSL_PASSPHRASE_PARAM_INFO, - prompt_info, - sizeof(prompt_info) - 1), + prompt_info, + sizeof(prompt_info) - 1), OSSL_PARAM_END }; if (!ossl_pw_get_passphrase(tpass, sizeof(tpass) - 1, - &tpass_len, - pw_params, 0, &ctx->pwdata)) { + &tpass_len, + pw_params, 0, &ctx->pwdata)) { ERR_raise(ERR_LIB_OSSL_STORE, - OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); + OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); goto p12_end; } pass = tpass; @@ -582,9 +579,8 @@ pass[tpass_len] = '\0'; if (!PKCS12_verify_mac(p12, pass, tpass_len)) { ERR_raise_data(ERR_LIB_OSSL_STORE, - OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC, - tpass_len == 0 ? "empty password" : - "maybe wrong password"); + OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC, + tpass_len == 0 ? "empty password" : "maybe wrong password"); goto p12_end; } } @@ -595,7 +591,7 @@ OSSL_STORE_INFO *osi_cert = NULL; OSSL_STORE_INFO *osi_ca = NULL; - ok = 1; /* Parsing went through correctly! */ + ok = 1; /* Parsing went through correctly! */ if ((infos = sk_OSSL_STORE_INFO_new_null()) != NULL) { if (pkey != NULL) { @@ -639,7 +635,7 @@ } ctx->cached_info = infos; } - p12_end: + p12_end: OPENSSL_cleanse(tpass, sizeof(tpass)); PKCS12_free(p12); } --- crypto/openssl/crypto/store/store_strings.c.orig +++ crypto/openssl/crypto/store/store_strings.c @@ -10,12 +10,12 @@ #include static char *type_strings[] = { - "Name", /* OSSL_STORE_INFO_NAME */ - "Parameters", /* OSSL_STORE_INFO_PARAMS */ - "Public key", /* OSSL_STORE_INFO_PUBKEY */ - "Pkey", /* OSSL_STORE_INFO_PKEY */ - "Certificate", /* OSSL_STORE_INFO_CERT */ - "CRL" /* OSSL_STORE_INFO_CRL */ + "Name", /* OSSL_STORE_INFO_NAME */ + "Parameters", /* OSSL_STORE_INFO_PARAMS */ + "Public key", /* OSSL_STORE_INFO_PUBKEY */ + "Pkey", /* OSSL_STORE_INFO_PKEY */ + "Certificate", /* OSSL_STORE_INFO_CERT */ + "CRL" /* OSSL_STORE_INFO_CRL */ }; const char *OSSL_STORE_INFO_type_string(int type) --- crypto/openssl/crypto/threads_none.c.orig +++ crypto/openssl/crypto/threads_none.c @@ -12,10 +12,10 @@ #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) -# if defined(OPENSSL_SYS_UNIX) -# include -# include -# endif +#if defined(OPENSSL_SYS_UNIX) +#include +#include +#endif CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { @@ -52,7 +52,8 @@ return 1; } -void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) { +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) +{ if (lock == NULL) return; @@ -128,23 +129,23 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { *val += amount; - *ret = *val; + *ret = *val; return 1; } int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock) + CRYPTO_RWLOCK *lock) { *val |= op; - *ret = *val; + *ret = *val; return 1; } int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) { - *ret = *val; + *ret = *val; return 1; } @@ -156,10 +157,10 @@ int openssl_get_fork_id(void) { -# if defined(OPENSSL_SYS_UNIX) +#if defined(OPENSSL_SYS_UNIX) return getpid(); -# else +#else return 0; -# endif +#endif } #endif --- crypto/openssl/crypto/threads_pthread.c.orig +++ crypto/openssl/crypto/threads_pthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include "internal/cryptlib.h" #if defined(__sun) -# include +#include #endif #if defined(__apple_build_version__) && __apple_build_version__ < 6000000 @@ -31,20 +31,26 @@ #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) -# if defined(OPENSSL_SYS_UNIX) -# include -# include +#if defined(OPENSSL_SYS_UNIX) +#include +#include #endif -# include +#include -# ifdef PTHREAD_RWLOCK_INITIALIZER -# define USE_RWLOCK -# endif +/* + * The Non-Stop KLT thread model currently seems broken in its rwlock + * implementation + * Likewise is there a problem with the glibc implementation on riscv. + */ +#if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_) \ + && !defined(__riscv) +#define USE_RWLOCK +#endif CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK CRYPTO_RWLOCK *lock; if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) { @@ -56,7 +62,7 @@ OPENSSL_free(lock); return NULL; } -# else +#else pthread_mutexattr_t attr; CRYPTO_RWLOCK *lock; @@ -69,13 +75,13 @@ * We don't use recursive mutexes, but try to catch errors if we do. */ pthread_mutexattr_init(&attr); -# if !defined (__TANDEM) && !defined (_SPT_MODEL_) -# if !defined(NDEBUG) && !defined(OPENSSL_NO_MUTEX_ERRORCHECK) +#if !defined(__TANDEM) && !defined(_SPT_MODEL_) +#if !defined(NDEBUG) && !defined(OPENSSL_NO_MUTEX_ERRORCHECK) pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK); -# endif -# else +#endif +#else /* The SPT Thread Library does not define MUTEX attributes. */ -# endif +#endif if (pthread_mutex_init(lock, &attr) != 0) { pthread_mutexattr_destroy(&attr); @@ -84,52 +90,52 @@ } pthread_mutexattr_destroy(&attr); -# endif +#endif return lock; } __owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) { -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK if (pthread_rwlock_rdlock(lock) != 0) return 0; -# else +#else if (pthread_mutex_lock(lock) != 0) { assert(errno != EDEADLK && errno != EBUSY); return 0; } -# endif +#endif return 1; } __owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) { -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK if (pthread_rwlock_wrlock(lock) != 0) return 0; -# else +#else if (pthread_mutex_lock(lock) != 0) { assert(errno != EDEADLK && errno != EBUSY); return 0; } -# endif +#endif return 1; } int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) { -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK if (pthread_rwlock_unlock(lock) != 0) return 0; -# else +#else if (pthread_mutex_unlock(lock) != 0) { assert(errno != EPERM); return 0; } -# endif +#endif return 1; } @@ -139,11 +145,11 @@ if (lock == NULL) return; -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK pthread_rwlock_destroy(lock); -# else +#else pthread_mutex_destroy(lock); -# endif +#endif OPENSSL_free(lock); return; @@ -198,23 +204,23 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { -# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) +#if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) if (__atomic_is_lock_free(sizeof(*val), val)) { *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL); return 1; } -# elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) +#elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) /* This will work for all future Solaris versions. */ if (ret != NULL) { *ret = atomic_add_int_nv((volatile unsigned int *)val, amount); return 1; } -# endif +#endif if (lock == NULL || !CRYPTO_THREAD_write_lock(lock)) return 0; *val += amount; - *ret = *val; + *ret = *val; if (!CRYPTO_THREAD_unlock(lock)) return 0; @@ -223,24 +229,24 @@ } int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock) + CRYPTO_RWLOCK *lock) { -# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) +#if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) if (__atomic_is_lock_free(sizeof(*val), val)) { *ret = __atomic_or_fetch(val, op, __ATOMIC_ACQ_REL); return 1; } -# elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) +#elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) /* This will work for all future Solaris versions. */ if (ret != NULL) { *ret = atomic_or_64_nv(val, op); return 1; } -# endif +#endif if (lock == NULL || !CRYPTO_THREAD_write_lock(lock)) return 0; *val |= op; - *ret = *val; + *ret = *val; if (!CRYPTO_THREAD_unlock(lock)) return 0; @@ -250,32 +256,32 @@ int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) { -# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) +#if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) if (__atomic_is_lock_free(sizeof(*val), val)) { __atomic_load(val, ret, __ATOMIC_ACQUIRE); return 1; } -# elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) +#elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) /* This will work for all future Solaris versions. */ if (ret != NULL) { *ret = atomic_or_64_nv(val, 0); return 1; } -# endif +#endif if (lock == NULL || !CRYPTO_THREAD_read_lock(lock)) return 0; - *ret = *val; + *ret = *val; if (!CRYPTO_THREAD_unlock(lock)) return 0; return 1; } -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE int openssl_init_fork_handlers(void) { return 1; } -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ int openssl_get_fork_id(void) { --- crypto/openssl/crypto/threads_win.c.orig +++ crypto/openssl/crypto/threads_win.c @@ -8,10 +8,10 @@ */ #if defined(_WIN32) -# include -# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 -# define USE_RWLOCK -# endif +#include +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 +#define USE_RWLOCK +#endif #endif /* @@ -23,79 +23,79 @@ */ #if (defined(_MSC_VER) && defined(_M_IX86) && _MSC_VER <= 1600) -# define NO_INTERLOCKEDOR64 +#define NO_INTERLOCKEDOR64 #endif #include #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK typedef struct { SRWLOCK lock; int exclusive; } CRYPTO_win_rwlock; -# endif +#endif CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { CRYPTO_RWLOCK *lock; -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK CRYPTO_win_rwlock *rwlock; if ((lock = OPENSSL_zalloc(sizeof(CRYPTO_win_rwlock))) == NULL) return NULL; rwlock = lock; InitializeSRWLock(&rwlock->lock); -# else +#else if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) { /* Don't set error, to avoid recursion blowup. */ return NULL; } -# if !defined(_WIN32_WCE) +#if !defined(_WIN32_WCE) /* 0x400 is the spin count value suggested in the documentation */ if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { OPENSSL_free(lock); return NULL; } -# else +#else InitializeCriticalSection(lock); -# endif -# endif +#endif +#endif return lock; } __owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) { -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK CRYPTO_win_rwlock *rwlock = lock; AcquireSRWLockShared(&rwlock->lock); -# else +#else EnterCriticalSection(lock); -# endif +#endif return 1; } __owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) { -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK CRYPTO_win_rwlock *rwlock = lock; AcquireSRWLockExclusive(&rwlock->lock); rwlock->exclusive = 1; -# else +#else EnterCriticalSection(lock); -# endif +#endif return 1; } int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) { -# ifdef USE_RWLOCK +#ifdef USE_RWLOCK CRYPTO_win_rwlock *rwlock = lock; if (rwlock->exclusive) { @@ -104,9 +104,9 @@ } else { ReleaseSRWLockShared(&rwlock->lock); } -# else +#else LeaveCriticalSection(lock); -# endif +#endif return 1; } @@ -115,17 +115,17 @@ if (lock == NULL) return; -# ifndef USE_RWLOCK +#ifndef USE_RWLOCK DeleteCriticalSection(lock); -# endif +#endif OPENSSL_free(lock); return; } -# define ONCE_UNINITED 0 -# define ONCE_ININIT 1 -# define ONCE_DONE 2 +#define ONCE_UNINITED 0 +#define ONCE_ININIT 1 +#define ONCE_DONE 2 /* * We don't use InitOnceExecuteOnce because that isn't available in WinXP which @@ -218,7 +218,7 @@ } int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock) + CRYPTO_RWLOCK *lock) { #if (defined(NO_INTERLOCKEDOR64)) if (lock == NULL || !CRYPTO_THREAD_write_lock(lock)) --- crypto/openssl/crypto/trace.c.orig +++ crypto/openssl/crypto/trace.c @@ -23,7 +23,7 @@ static CRYPTO_RWLOCK *trace_lock = NULL; -static const BIO *current_channel = NULL; +static const BIO *current_channel = NULL; /*- * INTERNAL TRACE CHANNEL IMPLEMENTATION @@ -35,7 +35,7 @@ * callback function. */ static int trace_write(BIO *b, const char *buf, - size_t num, size_t *written); + size_t num, size_t *written); static int trace_puts(BIO *b, const char *str); static long trace_ctrl(BIO *channel, int cmd, long argl, void *argp); static int trace_free(BIO *b); @@ -44,15 +44,15 @@ BIO_TYPE_SOURCE_SINK, "trace", trace_write, - NULL, /* old write */ - NULL, /* read_ex */ - NULL, /* read */ + NULL, /* old write */ + NULL, /* read_ex */ + NULL, /* read */ trace_puts, - NULL, /* gets */ - trace_ctrl, /* ctrl */ - NULL, /* create */ - trace_free, /* free */ - NULL, /* callback_ctrl */ + NULL, /* gets */ + trace_ctrl, /* ctrl */ + NULL, /* create */ + trace_free, /* free */ + NULL, /* callback_ctrl */ }; struct trace_data_st { @@ -62,11 +62,11 @@ }; static int trace_write(BIO *channel, - const char *buf, size_t num, size_t *written) + const char *buf, size_t num, size_t *written) { struct trace_data_st *ctx = BIO_get_data(channel); size_t cnt = ctx->callback(buf, num, ctx->category, OSSL_TRACE_CTRL_WRITE, - ctx->data); + ctx->data); *written = cnt; return cnt != 0; @@ -95,7 +95,7 @@ default: break; } - return -2; /* Unsupported */ + return -2; /* Unsupported */ } static int trace_free(BIO *channel) @@ -113,32 +113,33 @@ /* Helper struct and macro to get name string to number mapping */ struct trace_category_st { - const char * const name; + const char *const name; const int num; }; -#define TRACE_CATEGORY_(name) { #name, OSSL_TRACE_CATEGORY_##name } +#define TRACE_CATEGORY_(name) { #name, OSSL_TRACE_CATEGORY_##name } static const struct trace_category_st - trace_categories[OSSL_TRACE_CATEGORY_NUM] = { - TRACE_CATEGORY_(ALL), - TRACE_CATEGORY_(TRACE), - TRACE_CATEGORY_(INIT), - TRACE_CATEGORY_(TLS), - TRACE_CATEGORY_(TLS_CIPHER), - TRACE_CATEGORY_(CONF), - TRACE_CATEGORY_(ENGINE_TABLE), - TRACE_CATEGORY_(ENGINE_REF_COUNT), - TRACE_CATEGORY_(PKCS5V2), - TRACE_CATEGORY_(PKCS12_KEYGEN), - TRACE_CATEGORY_(PKCS12_DECRYPT), - TRACE_CATEGORY_(X509V3_POLICY), - TRACE_CATEGORY_(BN_CTX), - TRACE_CATEGORY_(CMP), - TRACE_CATEGORY_(STORE), - TRACE_CATEGORY_(DECODER), - TRACE_CATEGORY_(ENCODER), - TRACE_CATEGORY_(REF_COUNT) -}; + trace_categories[OSSL_TRACE_CATEGORY_NUM] + = { + TRACE_CATEGORY_(ALL), + TRACE_CATEGORY_(TRACE), + TRACE_CATEGORY_(INIT), + TRACE_CATEGORY_(TLS), + TRACE_CATEGORY_(TLS_CIPHER), + TRACE_CATEGORY_(CONF), + TRACE_CATEGORY_(ENGINE_TABLE), + TRACE_CATEGORY_(ENGINE_REF_COUNT), + TRACE_CATEGORY_(PKCS5V2), + TRACE_CATEGORY_(PKCS12_KEYGEN), + TRACE_CATEGORY_(PKCS12_DECRYPT), + TRACE_CATEGORY_(X509V3_POLICY), + TRACE_CATEGORY_(BN_CTX), + TRACE_CATEGORY_(CMP), + TRACE_CATEGORY_(STORE), + TRACE_CATEGORY_(DECODER), + TRACE_CATEGORY_(ENCODER), + TRACE_CATEGORY_(REF_COUNT) + }; const char *OSSL_trace_get_category_name(int num) { @@ -172,7 +173,8 @@ /* We use one trace channel for each trace category */ static struct { - enum { SIMPLE_CHANNEL, CALLBACK_CHANNEL } type; + enum { SIMPLE_CHANNEL, + CALLBACK_CHANNEL } type; BIO *bio; char *prefix; char *suffix; @@ -195,17 +197,17 @@ switch (type) { case CHANNEL: OSSL_TRACE2(TRACE, "Attach channel %p to category '%s'\n", - data, trace_categories[category].name); + data, trace_categories[category].name); break; case PREFIX: OSSL_TRACE2(TRACE, "Attach prefix \"%s\" to category '%s'\n", - (const char *)data, trace_categories[category].name); + (const char *)data, trace_categories[category].name); break; case SUFFIX: OSSL_TRACE2(TRACE, "Attach suffix \"%s\" to category '%s'\n", - (const char *)data, trace_categories[category].name); + (const char *)data, trace_categories[category].name); break; - default: /* No clue */ + default: /* No clue */ break; } return 1; @@ -216,17 +218,17 @@ switch (type) { case CHANNEL: OSSL_TRACE2(TRACE, "Detach channel %p from category '%s'\n", - data, trace_categories[category].name); + data, trace_categories[category].name); break; case PREFIX: OSSL_TRACE2(TRACE, "Detach prefix \"%s\" from category '%s'\n", - (const char *)data, trace_categories[category].name); + (const char *)data, trace_categories[category].name); break; case SUFFIX: OSSL_TRACE2(TRACE, "Detach suffix \"%s\" from category '%s'\n", - (const char *)data, trace_categories[category].name); + (const char *)data, trace_categories[category].name); break; - default: /* No clue */ + default: /* No clue */ break; } return 1; @@ -240,9 +242,9 @@ } static int set_trace_data(int category, int type, BIO **channel, - const char **prefix, const char **suffix, - int (*attach_cb)(int, int, const void *), - int (*detach_cb)(int, int, const void *)) + const char **prefix, const char **suffix, + int (*attach_cb)(int, int, const void *), + int (*detach_cb)(int, int, const void *)) { BIO *curr_channel = NULL; char *curr_prefix = NULL; @@ -345,11 +347,11 @@ if (category == OSSL_TRACE_CATEGORY_TRACE) continue; set_trace_data(category, 0, &channel, &prefix, &suffix, - trace_attach_cb, trace_detach_cb); + trace_attach_cb, trace_detach_cb); } set_trace_data(OSSL_TRACE_CATEGORY_TRACE, 0, &channel, - &prefix, &suffix, - trace_attach_cb, trace_detach_cb); + &prefix, &suffix, + trace_attach_cb, trace_detach_cb); CRYPTO_THREAD_lock_free(trace_lock); #endif } @@ -359,7 +361,7 @@ #ifndef OPENSSL_NO_TRACE if (category >= 0 && category < OSSL_TRACE_CATEGORY_NUM) return set_trace_data(category, SIMPLE_CHANNEL, &channel, NULL, NULL, - trace_attach_cb, trace_detach_cb); + trace_attach_cb, trace_detach_cb); #endif return 0; } @@ -370,18 +372,18 @@ switch (type) { case CHANNEL: OSSL_TRACE2(TRACE, - "Attach channel %p to category '%s' (with callback)\n", - data, trace_categories[category].name); + "Attach channel %p to category '%s' (with callback)\n", + data, trace_categories[category].name); break; case PREFIX: OSSL_TRACE2(TRACE, "Attach prefix \"%s\" to category '%s'\n", - (const char *)data, trace_categories[category].name); + (const char *)data, trace_categories[category].name); break; case SUFFIX: OSSL_TRACE2(TRACE, "Attach suffix \"%s\" to category '%s'\n", - (const char *)data, trace_categories[category].name); + (const char *)data, trace_categories[category].name); break; - default: /* No clue */ + default: /* No clue */ break; } return 1; @@ -399,8 +401,7 @@ if (callback != NULL) { if ((channel = BIO_new(&trace_method)) == NULL - || (trace_data = - OPENSSL_zalloc(sizeof(struct trace_data_st))) == NULL) + || (trace_data = OPENSSL_zalloc(sizeof(struct trace_data_st))) == NULL) goto err; trace_data->callback = callback; @@ -411,12 +412,12 @@ } if (!set_trace_data(category, CALLBACK_CHANNEL, &channel, NULL, NULL, - trace_attach_w_callback_cb, trace_detach_cb)) + trace_attach_w_callback_cb, trace_detach_cb)) goto err; return 1; - err: +err: BIO_free(channel); OPENSSL_free(trace_data); #endif @@ -429,7 +430,7 @@ #ifndef OPENSSL_NO_TRACE if (category >= 0 && category < OSSL_TRACE_CATEGORY_NUM) return set_trace_data(category, 0, NULL, &prefix, NULL, - trace_attach_cb, trace_detach_cb); + trace_attach_cb, trace_detach_cb); #endif return 0; } @@ -439,7 +440,7 @@ #ifndef OPENSSL_NO_TRACE if (category >= 0 && category < OSSL_TRACE_CATEGORY_NUM) return set_trace_data(category, 0, NULL, NULL, &suffix, - trace_attach_cb, trace_detach_cb); + trace_attach_cb, trace_detach_cb); #endif return 0; } @@ -492,7 +493,7 @@ break; case CALLBACK_CHANNEL: (void)BIO_ctrl(channel, OSSL_TRACE_CTRL_BEGIN, - prefix == NULL ? 0 : strlen(prefix), prefix); + prefix == NULL ? 0 : strlen(prefix), prefix); break; } } @@ -500,7 +501,7 @@ return channel; } -void OSSL_trace_end(int category, BIO * channel) +void OSSL_trace_end(int category, BIO *channel) { #ifndef OPENSSL_NO_TRACE char *suffix = NULL; @@ -521,7 +522,7 @@ break; case CALLBACK_CHANNEL: (void)BIO_ctrl(channel, OSSL_TRACE_CTRL_END, - suffix == NULL ? 0 : strlen(suffix), suffix); + suffix == NULL ? 0 : strlen(suffix), suffix); break; } current_channel = NULL; --- crypto/openssl/crypto/ts/ts_asn1.c.orig +++ crypto/openssl/crypto/ts/ts_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,8 +13,8 @@ #include "ts_local.h" ASN1_SEQUENCE(TS_MSG_IMPRINT) = { - ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), - ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING) + ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), + ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT) IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT) @@ -22,7 +22,7 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) { return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, - d2i_TS_MSG_IMPRINT, bp, a); + d2i_TS_MSG_IMPRINT, bp, a); } int i2d_TS_MSG_IMPRINT_bio(BIO *bp, const TS_MSG_IMPRINT *a) @@ -33,7 +33,7 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) { return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, - d2i_TS_MSG_IMPRINT, fp, a); + d2i_TS_MSG_IMPRINT, fp, a); } int i2d_TS_MSG_IMPRINT_fp(FILE *fp, const TS_MSG_IMPRINT *a) @@ -43,12 +43,12 @@ #endif ASN1_SEQUENCE(TS_REQ) = { - ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER), - ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT), - ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT), - ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER), - ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN), - ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0) + ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER), + ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT), + ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT), + ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER), + ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN), + ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0) } static_ASN1_SEQUENCE_END(TS_REQ) IMPLEMENT_ASN1_FUNCTIONS(TS_REQ) @@ -75,25 +75,25 @@ #endif ASN1_SEQUENCE(TS_ACCURACY) = { - ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER), - ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0), - ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1) + ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER), + ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0), + ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1) } static_ASN1_SEQUENCE_END(TS_ACCURACY) IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY) IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY) ASN1_SEQUENCE(TS_TST_INFO) = { - ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT), - ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT), - ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER), - ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME), - ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY), - ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN), - ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER), - ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0), - ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1) + ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT), + ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT), + ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER), + ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME), + ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY), + ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN), + ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER), + ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0), + ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1) } static_ASN1_SEQUENCE_END(TS_TST_INFO) IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO) @@ -101,7 +101,7 @@ TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) { return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, - a); + a); } int i2d_TS_TST_INFO_bio(BIO *bp, const TS_TST_INFO *a) @@ -112,7 +112,7 @@ TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) { return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, - a); + a); } int i2d_TS_TST_INFO_fp(FILE *fp, const TS_TST_INFO *a) @@ -122,9 +122,9 @@ #endif ASN1_SEQUENCE(TS_STATUS_INFO) = { - ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER), - ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING), - ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING) + ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER), + ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING), + ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(TS_STATUS_INFO) IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO) @@ -156,7 +156,7 @@ } static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { TS_RESP *ts_resp = (TS_RESP *)*pval; if (op == ASN1_OP_NEW_POST) { @@ -171,8 +171,8 @@ } ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = { - ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO), - ASN1_OPT(TS_RESP, token, PKCS7), + ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO), + ASN1_OPT(TS_RESP, token, PKCS7), } static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP) IMPLEMENT_ASN1_FUNCTIONS(TS_RESP) --- crypto/openssl/crypto/ts/ts_conf.c.orig +++ crypto/openssl/crypto/ts/ts_conf.c @@ -20,28 +20,28 @@ #include /* Macro definitions for the configuration file. */ -#define BASE_SECTION "tsa" -#define ENV_DEFAULT_TSA "default_tsa" -#define ENV_SERIAL "serial" -#define ENV_CRYPTO_DEVICE "crypto_device" -#define ENV_SIGNER_CERT "signer_cert" -#define ENV_CERTS "certs" -#define ENV_SIGNER_KEY "signer_key" -#define ENV_SIGNER_DIGEST "signer_digest" -#define ENV_DEFAULT_POLICY "default_policy" -#define ENV_OTHER_POLICIES "other_policies" -#define ENV_DIGESTS "digests" -#define ENV_ACCURACY "accuracy" -#define ENV_ORDERING "ordering" -#define ENV_TSA_NAME "tsa_name" -#define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" -#define ENV_VALUE_SECS "secs" -#define ENV_VALUE_MILLISECS "millisecs" -#define ENV_VALUE_MICROSECS "microsecs" -#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" -#define ENV_VALUE_YES "yes" -#define ENV_VALUE_NO "no" -#define ENV_ESS_CERT_ID_ALG "ess_cert_id_alg" +#define BASE_SECTION "tsa" +#define ENV_DEFAULT_TSA "default_tsa" +#define ENV_SERIAL "serial" +#define ENV_CRYPTO_DEVICE "crypto_device" +#define ENV_SIGNER_CERT "signer_cert" +#define ENV_CERTS "certs" +#define ENV_SIGNER_KEY "signer_key" +#define ENV_SIGNER_DIGEST "signer_digest" +#define ENV_DEFAULT_POLICY "default_policy" +#define ENV_OTHER_POLICIES "other_policies" +#define ENV_DIGESTS "digests" +#define ENV_ACCURACY "accuracy" +#define ENV_ORDERING "ordering" +#define ENV_TSA_NAME "tsa_name" +#define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" +#define ENV_VALUE_SECS "secs" +#define ENV_VALUE_MILLISECS "millisecs" +#define ENV_VALUE_MICROSECS "microsecs" +#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" +#define ENV_VALUE_YES "yes" +#define ENV_VALUE_NO "no" +#define ENV_ESS_CERT_ID_ALG "ess_cert_id_alg" /* Function definitions for certificate and key loading. */ @@ -53,7 +53,7 @@ if ((cert = BIO_new_file(file, "r")) == NULL) goto end; x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); - end: +end: if (x == NULL) ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT); BIO_free(cert); @@ -85,7 +85,7 @@ xi->x509 = NULL; } } - end: +end: if (othercerts == NULL) ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT); sk_X509_INFO_pop_free(allcerts, X509_INFO_free); @@ -101,7 +101,7 @@ if ((key = BIO_new_file(file, "r")) == NULL) goto end; pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); - end: +end: if (pkey == NULL) ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_KEY); BIO_free(key); @@ -131,7 +131,7 @@ } int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, - TS_RESP_CTX *ctx) + TS_RESP_CTX *ctx) { int ret = 0; char *serial = NCONF_get_string(conf, section, ENV_SERIAL); @@ -142,14 +142,14 @@ TS_RESP_CTX_set_serial_cb(ctx, cb, serial); ret = 1; - err: +err: return ret; } #ifndef OPENSSL_NO_ENGINE int TS_CONF_set_crypto_device(CONF *conf, const char *section, - const char *device) + const char *device) { int ret = 0; @@ -161,7 +161,7 @@ goto err; } ret = 1; - err: +err: return ret; } @@ -181,10 +181,10 @@ goto err; ret = 1; - err: +err: if (!ret) ERR_raise_data(ERR_LIB_TS, TS_R_COULD_NOT_SET_ENGINE, - "engine:%s", name); + "engine:%s", name); ENGINE_free(e); return ret; } @@ -192,7 +192,7 @@ #endif int TS_CONF_set_signer_cert(CONF *conf, const char *section, - const char *cert, TS_RESP_CTX *ctx) + const char *cert, TS_RESP_CTX *ctx) { int ret = 0; X509 *cert_obj = NULL; @@ -210,13 +210,13 @@ goto err; ret = 1; - err: +err: X509_free(cert_obj); return ret; } int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, - TS_RESP_CTX *ctx) + TS_RESP_CTX *ctx) { int ret = 0; STACK_OF(X509) *certs_obj = NULL; @@ -230,16 +230,16 @@ goto err; if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) goto err; - end: +end: ret = 1; - err: +err: sk_X509_pop_free(certs_obj, X509_free); return ret; } int TS_CONF_set_signer_key(CONF *conf, const char *section, - const char *key, const char *pass, - TS_RESP_CTX *ctx) + const char *key, const char *pass, + TS_RESP_CTX *ctx) { int ret = 0; EVP_PKEY *key_obj = NULL; @@ -255,13 +255,13 @@ goto err; ret = 1; - err: +err: EVP_PKEY_free(key_obj); return ret; } int TS_CONF_set_signer_digest(CONF *conf, const char *section, - const char *md, TS_RESP_CTX *ctx) + const char *md, TS_RESP_CTX *ctx) { int ret = 0; const EVP_MD *sign_md = NULL; @@ -280,12 +280,12 @@ goto err; ret = 1; - err: +err: return ret; } int TS_CONF_set_def_policy(CONF *conf, const char *section, - const char *policy, TS_RESP_CTX *ctx) + const char *policy, TS_RESP_CTX *ctx) { int ret = 0; ASN1_OBJECT *policy_obj = NULL; @@ -304,7 +304,7 @@ goto err; ret = 1; - err: +err: ASN1_OBJECT_free(policy_obj); return ret; } @@ -330,13 +330,15 @@ ts_CONF_invalid(section, ENV_OTHER_POLICIES); goto err; } - if (!TS_RESP_CTX_add_policy(ctx, objtmp)) + if (!TS_RESP_CTX_add_policy(ctx, objtmp)) { + ASN1_OBJECT_free(objtmp); goto err; + } ASN1_OBJECT_free(objtmp); } ret = 1; - err: +err: sk_CONF_VALUE_pop_free(list, X509V3_conf_free); return ret; } @@ -374,7 +376,7 @@ } ret = 1; - err: +err: sk_CONF_VALUE_pop_free(list, X509V3_conf_free); return ret; } @@ -411,13 +413,13 @@ goto err; ret = 1; - err: +err: sk_CONF_VALUE_pop_free(list, X509V3_conf_free); return ret; } int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section, - TS_RESP_CTX *ctx) + TS_RESP_CTX *ctx) { int ret = 0; long digits = 0; @@ -435,12 +437,12 @@ goto err; return 1; - err: +err: return ret; } static int ts_CONF_add_flag(CONF *conf, const char *section, - const char *field, int flag, TS_RESP_CTX *ctx) + const char *field, int flag, TS_RESP_CTX *ctx) { const char *value = NCONF_get_string(conf, section, field); @@ -467,14 +469,14 @@ } int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, - TS_RESP_CTX *ctx) + TS_RESP_CTX *ctx) { return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, - TS_ESS_CERT_ID_CHAIN, ctx); + TS_ESS_CERT_ID_CHAIN, ctx); } int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, - TS_RESP_CTX *ctx) + TS_RESP_CTX *ctx) { int ret = 0; const EVP_MD *cert_md = NULL; --- crypto/openssl/crypto/ts/ts_err.c.orig +++ crypto/openssl/crypto/ts/ts_err.c @@ -14,76 +14,76 @@ #ifndef OPENSSL_NO_TS -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA TS_str_reasons[] = { - {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_CERT), "cannot load certificate"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_KEY), "cannot load private key"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_ENGINE), - "could not set engine"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_TIME), "could not set time"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_DETACHED_CONTENT), "detached content"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_ERROR), - "ess add signing cert error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR), - "ess add signing cert v2 error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_SIGNING_CERTIFICATE_ERROR), - "ess signing certificate error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_NULL_POINTER), - "invalid null pointer"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE), - "invalid signer certificate purpose"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_MESSAGE_IMPRINT_MISMATCH), - "message imprint mismatch"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_MISMATCH), "nonce mismatch"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_NOT_RETURNED), "nonce not returned"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_CONTENT), "no content"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNATURE_ERROR), - "pkcs7 add signature error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR), - "pkcs7 add signed attr error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_TO_TS_TST_INFO_FAILED), - "pkcs7 to ts tst info failed"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_POLICY_MISMATCH), "policy mismatch"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_RESPONSE_SETUP_ERROR), - "response setup error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_SIGNATURE_FAILURE), "signature failure"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_THERE_MUST_BE_ONE_SIGNER), - "there must be one signer"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TIME_SYSCALL_ERROR), "time syscall error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_NOT_PRESENT), "token not present"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_PRESENT), "token present"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_UNTRUSTED), "tsa untrusted"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TST_INFO_SETUP_ERROR), - "tst info setup error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TS_DATASIGN), "ts datasign"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_MD_ALGORITHM), - "unsupported md algorithm"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_VERSION), "unsupported version"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_BAD_VALUE), "var bad value"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_LOOKUP_FAILURE), - "cannot find config variable"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_WRONG_CONTENT_TYPE), "wrong content type"}, - {0, NULL} + { ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_CERT), "cannot load certificate" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_KEY), "cannot load private key" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_ENGINE), + "could not set engine" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_TIME), "could not set time" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_DETACHED_CONTENT), "detached content" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_ERROR), + "ess add signing cert error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR), + "ess add signing cert v2 error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_SIGNING_CERTIFICATE_ERROR), + "ess signing certificate error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_NULL_POINTER), + "invalid null pointer" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE), + "invalid signer certificate purpose" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_MESSAGE_IMPRINT_MISMATCH), + "message imprint mismatch" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_MISMATCH), "nonce mismatch" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_NOT_RETURNED), "nonce not returned" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_CONTENT), "no content" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNATURE_ERROR), + "pkcs7 add signature error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR), + "pkcs7 add signed attr error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_TO_TS_TST_INFO_FAILED), + "pkcs7 to ts tst info failed" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_POLICY_MISMATCH), "policy mismatch" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_RESPONSE_SETUP_ERROR), + "response setup error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_SIGNATURE_FAILURE), "signature failure" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_THERE_MUST_BE_ONE_SIGNER), + "there must be one signer" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_TIME_SYSCALL_ERROR), "time syscall error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_NOT_PRESENT), "token not present" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_PRESENT), "token present" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_NAME_MISMATCH), "tsa name mismatch" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_UNTRUSTED), "tsa untrusted" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_TST_INFO_SETUP_ERROR), + "tst info setup error" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_TS_DATASIGN), "ts datasign" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_UNACCEPTABLE_POLICY), "unacceptable policy" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_MD_ALGORITHM), + "unsupported md algorithm" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_VERSION), "unsupported version" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_BAD_VALUE), "var bad value" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_LOOKUP_FAILURE), + "cannot find config variable" }, + { ERR_PACK(ERR_LIB_TS, 0, TS_R_WRONG_CONTENT_TYPE), "wrong content type" }, + { 0, NULL } }; -# endif +#endif int ossl_err_load_TS_strings(void) { -# ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(TS_str_reasons[0].error) == NULL) ERR_load_strings_const(TS_str_reasons); -# endif +#endif return 1; } #else --- crypto/openssl/crypto/ts/ts_lib.c.orig +++ crypto/openssl/crypto/ts/ts_lib.c @@ -74,7 +74,7 @@ { int i = OBJ_obj2nid(alg->algorithm); return BIO_printf(bio, "Hash Algorithm: %s\n", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); } int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a) @@ -86,7 +86,7 @@ BIO_printf(bio, "Message data:\n"); msg = a->hashed_msg; BIO_dump_indent(bio, (const char *)ASN1_STRING_get0_data(msg), - ASN1_STRING_length(msg), 4); + ASN1_STRING_length(msg), 4); return 1; } --- crypto/openssl/crypto/ts/ts_local.h.orig +++ crypto/openssl/crypto/ts/ts_local.h @@ -103,23 +103,23 @@ EVP_PKEY *signer_key; const EVP_MD *signer_md; const EVP_MD *ess_cert_id_digest; - STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(X509) *certs; /* Certs to include in signed data. */ STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ - STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ - ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ unsigned clock_precision_digits; /* fraction of seconds in time stamp * token. */ - unsigned flags; /* Optional info, see values above. */ + unsigned flags; /* Optional info, see values above. */ /* Callback functions. */ TS_serial_cb serial_cb; - void *serial_cb_data; /* User data for serial_cb. */ + void *serial_cb_data; /* User data for serial_cb. */ TS_time_cb time_cb; - void *time_cb_data; /* User data for time_cb. */ + void *time_cb_data; /* User data for time_cb. */ TS_extension_cb extension_cb; - void *extension_cb_data; /* User data for extension_cb. */ + void *extension_cb_data; /* User data for extension_cb. */ /* These members are used only while creating the response. */ TS_REQ *request; TS_RESP *response; --- crypto/openssl/crypto/ts/ts_req_print.c.orig +++ crypto/openssl/crypto/ts/ts_req_print.c @@ -43,7 +43,7 @@ BIO_write(bio, "\n", 1); BIO_printf(bio, "Certificate required: %s\n", - a->cert_req ? "yes" : "no"); + a->cert_req ? "yes" : "no"); TS_ext_print_bio(bio, a->extensions); --- crypto/openssl/crypto/ts/ts_rsp_print.c.orig +++ crypto/openssl/crypto/ts/ts_rsp_print.c @@ -21,10 +21,9 @@ }; static int ts_status_map_print(BIO *bio, const struct status_map_st *a, - const ASN1_BIT_STRING *v); + const ASN1_BIT_STRING *v); static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); - int TS_RESP_print_bio(BIO *bio, TS_RESP *a) { BIO_printf(bio, "Status info:\n"); @@ -50,24 +49,24 @@ "Revoked." }; static const struct status_map_st failure_map[] = { - {TS_INFO_BAD_ALG, - "unrecognized or unsupported algorithm identifier"}, - {TS_INFO_BAD_REQUEST, - "transaction not permitted or supported"}, - {TS_INFO_BAD_DATA_FORMAT, - "the data submitted has the wrong format"}, - {TS_INFO_TIME_NOT_AVAILABLE, - "the TSA's time source is not available"}, - {TS_INFO_UNACCEPTED_POLICY, - "the requested TSA policy is not supported by the TSA"}, - {TS_INFO_UNACCEPTED_EXTENSION, - "the requested extension is not supported by the TSA"}, - {TS_INFO_ADD_INFO_NOT_AVAILABLE, - "the additional information requested could not be understood " - "or is not available"}, - {TS_INFO_SYSTEM_FAILURE, - "the request cannot be handled due to system failure"}, - {-1, NULL} + { TS_INFO_BAD_ALG, + "unrecognized or unsupported algorithm identifier" }, + { TS_INFO_BAD_REQUEST, + "transaction not permitted or supported" }, + { TS_INFO_BAD_DATA_FORMAT, + "the data submitted has the wrong format" }, + { TS_INFO_TIME_NOT_AVAILABLE, + "the TSA's time source is not available" }, + { TS_INFO_UNACCEPTED_POLICY, + "the requested TSA policy is not supported by the TSA" }, + { TS_INFO_UNACCEPTED_EXTENSION, + "the requested extension is not supported by the TSA" }, + { TS_INFO_ADD_INFO_NOT_AVAILABLE, + "the additional information requested could not be understood " + "or is not available" }, + { TS_INFO_SYSTEM_FAILURE, + "the request cannot be handled due to system failure" }, + { -1, NULL } }; long status; int i, lines = 0; @@ -100,7 +99,7 @@ } static int ts_status_map_print(BIO *bio, const struct status_map_st *a, - const ASN1_BIT_STRING *v) + const ASN1_BIT_STRING *v) { int lines = 0; --- crypto/openssl/crypto/ts/ts_rsp_sign.c.orig +++ crypto/openssl/crypto/ts/ts_rsp_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,15 +29,14 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx); static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx); static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, - ASN1_OBJECT *policy); + ASN1_OBJECT *policy); static int ts_RESP_process_extensions(TS_RESP_CTX *ctx); static int ts_RESP_sign(TS_RESP_CTX *ctx); static int ts_TST_INFO_content_new(PKCS7 *p7); -static ASN1_GENERALIZEDTIME -*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long, - unsigned); +static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long, + unsigned); /* Default callback for response generation. */ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) @@ -50,10 +49,10 @@ goto err; return serial; - err: +err: ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Error during serial number generation."); + "Error during serial number generation."); ASN1_INTEGER_free(serial); return NULL; } @@ -61,13 +60,13 @@ #if defined(OPENSSL_SYS_UNIX) static int def_time_cb(struct TS_resp_ctx *ctx, void *data, - long *sec, long *usec) + long *sec, long *usec) { struct timeval tv; if (gettimeofday(&tv, NULL) != 0) { ERR_raise(ERR_LIB_TS, TS_R_TIME_SYSCALL_ERROR); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Time is not available."); + "Time is not available."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); return 0; } @@ -80,13 +79,13 @@ #else static int def_time_cb(struct TS_resp_ctx *ctx, void *data, - long *sec, long *usec) + long *sec, long *usec) { time_t t; if (time(&t) == (time_t)-1) { ERR_raise(ERR_LIB_TS, TS_R_TIME_SYSCALL_ERROR); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Time is not available."); + "Time is not available."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); return 0; } @@ -99,10 +98,10 @@ #endif static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, - void *data) + void *data) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Unsupported extension."); + "Unsupported extension."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION); return 0; } @@ -150,7 +149,7 @@ sk_X509_pop_free(ctx->certs, X509_free); sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free); ASN1_OBJECT_free(ctx->default_policy); - sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ + sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ ASN1_INTEGER_free(ctx->seconds); ASN1_INTEGER_free(ctx->millis); ASN1_INTEGER_free(ctx->micros); @@ -190,7 +189,7 @@ if ((ctx->default_policy = OBJ_dup(def_policy)) == NULL) goto err; return 1; - err: +err: ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); return 0; } @@ -216,7 +215,7 @@ goto err; return 1; - err: +err: ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); ASN1_OBJECT_free(copy); return 0; @@ -231,21 +230,21 @@ goto err; return 1; - err: +err: ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); return 0; } -#define TS_RESP_CTX_accuracy_free(ctx) \ - ASN1_INTEGER_free(ctx->seconds); \ - ctx->seconds = NULL; \ - ASN1_INTEGER_free(ctx->millis); \ - ctx->millis = NULL; \ - ASN1_INTEGER_free(ctx->micros); \ - ctx->micros = NULL; +#define TS_RESP_CTX_accuracy_free(ctx) \ + ASN1_INTEGER_free(ctx->seconds); \ + ctx->seconds = NULL; \ + ASN1_INTEGER_free(ctx->millis); \ + ctx->millis = NULL; \ + ASN1_INTEGER_free(ctx->micros); \ + ctx->micros = NULL; int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, - int secs, int millis, int micros) + int secs, int millis, int micros) { TS_RESP_CTX_accuracy_free(ctx); @@ -263,7 +262,7 @@ goto err; return 1; - err: +err: TS_RESP_CTX_accuracy_free(ctx); ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); return 0; @@ -287,14 +286,14 @@ } void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, - TS_extension_cb cb, void *data) + TS_extension_cb cb, void *data) { ctx->extension_cb = cb; ctx->extension_cb_data = data; } int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, - int status, const char *text) + int status, const char *text) { TS_STATUS_INFO *si = NULL; ASN1_UTF8STRING *utf8_text = NULL; @@ -313,12 +312,12 @@ goto err; if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) goto err; - utf8_text = NULL; /* Ownership is lost. */ + utf8_text = NULL; /* Ownership is lost. */ } if (!TS_RESP_set_status_info(ctx->response, si)) goto err; ret = 1; - err: +err: if (!ret) ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); TS_STATUS_INFO_free(si); @@ -327,7 +326,7 @@ } int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, - int status, const char *text) + int status, const char *text) { int ret = 1; TS_STATUS_INFO *si = ctx->response->status_info; @@ -347,7 +346,7 @@ if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1)) goto err; return 1; - err: +err: ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); return 0; } @@ -363,7 +362,7 @@ } int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, - unsigned precision) + unsigned precision) { if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) return 0; @@ -386,7 +385,7 @@ } if ((ctx->request = d2i_TS_REQ_bio(req_bio, NULL)) == NULL) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Bad request format or system error."); + "Bad request format or system error."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); goto end; } @@ -404,21 +403,22 @@ goto end; result = 1; - end: +end: if (!result) { ERR_raise(ERR_LIB_TS, TS_R_RESPONSE_SETUP_ERROR); if (ctx->response != NULL) { if (TS_RESP_CTX_set_status_info_cond(ctx, - TS_STATUS_REJECTION, - "Error during response " - "generation.") == 0) { + TS_STATUS_REJECTION, + "Error during response " + "generation.") + == 0) { TS_RESP_free(ctx->response); ctx->response = NULL; } } } response = ctx->response; - ctx->response = NULL; /* Ownership will be returned to caller. */ + ctx->response = NULL; /* Ownership will be returned to caller. */ ts_RESP_CTX_cleanup(ctx); return response; } @@ -455,7 +455,7 @@ if (TS_REQ_get_version(request) != 1) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Bad request version."); + "Bad request version."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST); return 0; } @@ -470,23 +470,23 @@ } if (!md) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Message digest algorithm is " - "not supported."); + "Message digest algorithm is " + "not supported."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); return 0; } if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Superfluous message digest " - "parameter."); + "Superfluous message digest " + "parameter."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); return 0; } digest = msg_imprint->hashed_msg; if (digest->length != EVP_MD_get_size(md)) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Bad message digest."); + "Bad message digest."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); return 0; } @@ -517,7 +517,8 @@ if (policy == NULL) { ERR_raise(ERR_LIB_TS, TS_R_UNACCEPTABLE_POLICY); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Requested policy is not " "supported."); + "Requested policy is not " + "supported."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY); } return policy; @@ -525,7 +526,7 @@ /* Creates the TS_TST_INFO object based on the settings of the context. */ static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, - ASN1_OBJECT *policy) + ASN1_OBJECT *policy) { int result = 0; TS_TST_INFO *tst_info = NULL; @@ -548,9 +549,9 @@ || !TS_TST_INFO_set_serial(tst_info, serial)) goto end; if (!ctx->time_cb(ctx, ctx->time_cb_data, &sec, &usec) - || (asn1_time = - TS_RESP_set_genTime_with_precision(NULL, sec, usec, - ctx->clock_precision_digits)) == NULL + || (asn1_time = TS_RESP_set_genTime_with_precision(NULL, sec, usec, + ctx->clock_precision_digits)) + == NULL || !TS_TST_INFO_set_time(tst_info, asn1_time)) goto end; @@ -578,8 +579,7 @@ if ((tsa_name = GENERAL_NAME_new()) == NULL) goto end; tsa_name->type = GEN_DIRNAME; - tsa_name->d.dirn = - X509_NAME_dup(X509_get_subject_name(ctx->signer_cert)); + tsa_name->d.dirn = X509_NAME_dup(X509_get_subject_name(ctx->signer_cert)); if (!tsa_name->d.dirn) goto end; if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) @@ -587,14 +587,14 @@ } result = 1; - end: +end: if (!result) { TS_TST_INFO_free(tst_info); tst_info = NULL; ERR_raise(ERR_LIB_TS, TS_R_TST_INFO_SETUP_ERROR); TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, - "Error during TSTInfo " - "generation."); + "Error during TSTInfo " + "generation."); } GENERAL_NAME_free(tsa_name); TS_ACCURACY_free(accuracy); @@ -619,7 +619,7 @@ * For lack of better information, I'm placing a NULL there instead. * The callback can pick its own address out from the ctx anyway... */ - ok = (*ctx->extension_cb) (ctx, ext, NULL); + ok = (*ctx->extension_cb)(ctx, ext, NULL); } return ok; @@ -627,7 +627,7 @@ /* Functions for signing the TS_TST_INFO structure of the context. */ static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si, - const ESS_SIGNING_CERT *sc) + const ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; int len = i2d_ESS_SIGNING_CERT(sc, NULL); @@ -645,12 +645,16 @@ } OPENSSL_free(pp); - return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate, - V_ASN1_SEQUENCE, seq); + if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate, + V_ASN1_SEQUENCE, seq)) { + ASN1_STRING_free(seq); + return 0; + } + return 1; } static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si, - const ESS_SIGNING_CERT_V2 *sc) + const ESS_SIGNING_CERT_V2 *sc) { ASN1_STRING *seq = NULL; int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); @@ -668,8 +672,12 @@ } OPENSSL_free(pp); - return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2, - V_ASN1_SEQUENCE, seq); + if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2, + V_ASN1_SEQUENCE, seq)) { + ASN1_STRING_free(seq); + return 0; + } + return 1; } static int ts_RESP_sign(TS_RESP_CTX *ctx) @@ -677,7 +685,7 @@ int ret = 0; PKCS7 *p7 = NULL; PKCS7_SIGNER_INFO *si; - STACK_OF(X509) *certs; /* Certificates to include in sc. */ + STACK_OF(X509) *certs; /* Certificates to include in sc. */ ESS_SIGNING_CERT_V2 *sc2 = NULL; ESS_SIGNING_CERT *sc = NULL; ASN1_OBJECT *oid; @@ -713,19 +721,20 @@ signer_md = EVP_MD_fetch(ctx->libctx, "SHA256", ctx->propq); else if (EVP_MD_get0_provider(ctx->signer_md) == NULL) signer_md = EVP_MD_fetch(ctx->libctx, EVP_MD_get0_name(ctx->signer_md), - ctx->propq); + ctx->propq); else signer_md = (EVP_MD *)ctx->signer_md; if ((si = PKCS7_add_signature(p7, ctx->signer_cert, - ctx->signer_key, signer_md)) == NULL) { + ctx->signer_key, signer_md)) + == NULL) { ERR_raise(ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNATURE_ERROR); goto err; } oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, oid)) { + V_ASN1_OBJECT, oid)) { ERR_raise(ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); goto err; } @@ -734,7 +743,8 @@ if (ctx->ess_cert_id_digest == NULL || EVP_MD_is_a(ctx->ess_cert_id_digest, SN_sha1)) { if ((sc = OSSL_ESS_signing_cert_new_init(ctx->signer_cert, - certs, 0)) == NULL) + certs, 0)) + == NULL) goto err; if (!ossl_ess_add1_signing_cert(si, sc)) { @@ -743,7 +753,7 @@ } } else { sc2 = OSSL_ESS_signing_cert_v2_new_init(ctx->ess_cert_id_digest, - ctx->signer_cert, certs, 0); + ctx->signer_cert, certs, 0); if (sc2 == NULL) goto err; @@ -768,18 +778,18 @@ goto err; } TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info); - p7 = NULL; /* Ownership is lost. */ - ctx->tst_info = NULL; /* Ownership is lost. */ + p7 = NULL; /* Ownership is lost. */ + ctx->tst_info = NULL; /* Ownership is lost. */ ret = 1; - err: +err: if (signer_md != ctx->signer_md) EVP_MD_free(signer_md); if (!ret) TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, - "Error during signature " - "generation."); + "Error during signature " + "generation."); BIO_free_all(p7bio); ESS_SIGNING_CERT_V2_free(sc2); ESS_SIGNING_CERT_free(sc); @@ -808,15 +818,15 @@ goto err; return 1; - err: +err: ASN1_OCTET_STRING_free(octet_string); PKCS7_free(ret); return 0; } static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( - ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec, - unsigned precision) + ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec, + unsigned precision) { time_t time_sec = (time_t)sec; struct tm *tm = NULL, tm_result; @@ -838,9 +848,9 @@ * fraction-of-second details". */ p += BIO_snprintf(p, p_end - p, - "%04d%02d%02d%02d%02d%02d", - tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); + "%04d%02d%02d%02d%02d%02d", + tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); if (precision > 0) { BIO_snprintf(p, 2 + precision, ".%06ld", usec); p += strlen(p); @@ -861,7 +871,7 @@ * this loop even if all the digits are zero. */ while (*--p == '0') - continue; + continue; if (*p != '.') ++p; } @@ -877,7 +887,7 @@ } return asn1_time; - err: +err: ERR_raise(ERR_LIB_TS, TS_R_COULD_NOT_SET_TIME); return NULL; } --- crypto/openssl/crypto/ts/ts_rsp_verify.c.orig +++ crypto/openssl/crypto/ts/ts_rsp_verify.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,32 +17,32 @@ #include "ts_local.h" static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, - X509 *signer, STACK_OF(X509) **chain); + X509 *signer, STACK_OF(X509) **chain); static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si, - const STACK_OF(X509) *chain); + const STACK_OF(X509) *chain); static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, - PKCS7 *token, TS_TST_INFO *tst_info); + PKCS7 *token, TS_TST_INFO *tst_info); static int ts_check_status_info(TS_RESP *response); static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); static int ts_check_policy(const ASN1_OBJECT *req_oid, - const TS_TST_INFO *tst_info); + const TS_TST_INFO *tst_info); static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, - X509_ALGOR **md_alg, - unsigned char **imprint, unsigned *imprint_len); + X509_ALGOR **md_alg, + unsigned char **imprint, unsigned *imprint_len); static int ts_check_imprints(X509_ALGOR *algor_a, - const unsigned char *imprint_a, unsigned len_a, - TS_TST_INFO *tst_info); + const unsigned char *imprint_a, unsigned len_a, + TS_TST_INFO *tst_info); static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, - GENERAL_NAME *name); + GENERAL_NAME *name); /* * This must be large enough to hold all values in ts_status_text (with * comma separator) or all text fields in ts_failure_info (also with comma). */ -#define TS_STATUS_BUF_SIZE 256 +#define TS_STATUS_BUF_SIZE 256 /* * Local mapping between response codes and descriptions. @@ -56,23 +56,22 @@ "revocationNotification" }; -#define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text) +#define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text) static struct { int code; const char *text; } ts_failure_info[] = { - {TS_INFO_BAD_ALG, "badAlg"}, - {TS_INFO_BAD_REQUEST, "badRequest"}, - {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"}, - {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"}, - {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"}, - {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"}, - {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"}, - {TS_INFO_SYSTEM_FAILURE, "systemFailure"} + { TS_INFO_BAD_ALG, "badAlg" }, + { TS_INFO_BAD_REQUEST, "badRequest" }, + { TS_INFO_BAD_DATA_FORMAT, "badDataFormat" }, + { TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" }, + { TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" }, + { TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" }, + { TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" }, + { TS_INFO_SYSTEM_FAILURE, "systemFailure" } }; - /*- * This function carries out the following tasks: * - Checks if there is one and only one signer. @@ -86,7 +85,7 @@ * - Returns the signer certificate in 'signer', if 'signer' is not NULL. */ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, - X509_STORE *store, X509 **signer_out) + X509_STORE *store, X509 **signer_out) { STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; PKCS7_SIGNER_INFO *si; @@ -127,11 +126,10 @@ goto err; signer = sk_X509_value(signers, 0); - untrusted = sk_X509_new_reserve(NULL, sk_X509_num(certs) - + sk_X509_num(token->d.sign->cert)); + untrusted = sk_X509_new_reserve(NULL, sk_X509_num(certs) + sk_X509_num(token->d.sign->cert)); if (untrusted == NULL - || !X509_add_certs(untrusted, certs, 0) - || !X509_add_certs(untrusted, token->d.sign->cert, 0)) + || !X509_add_certs(untrusted, certs, 0) + || !X509_add_certs(untrusted, token->d.sign->cert, 0)) goto err; if (!ts_verify_cert(store, untrusted, signer, &chain)) goto err; @@ -155,7 +153,7 @@ } ret = 1; - err: +err: BIO_free_all(p7bio); sk_X509_free(untrusted); sk_X509_pop_free(chain, X509_free); @@ -169,7 +167,7 @@ * freeing the vector. */ static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, - X509 *signer, STACK_OF(X509) **chain) + X509 *signer, STACK_OF(X509) **chain) { X509_STORE_CTX *cert_ctx = NULL; int i; @@ -188,7 +186,7 @@ if (i <= 0) { int j = X509_STORE_CTX_get_error(cert_ctx); ERR_raise_data(ERR_LIB_TS, TS_R_CERTIFICATE_VERIFY_ERROR, - "Verify error:%s", X509_verify_cert_error_string(j)); + "Verify error:%s", X509_verify_cert_error_string(j)); goto err; } *chain = X509_STORE_CTX_get1_chain(cert_ctx); @@ -215,8 +213,7 @@ return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); } -static -ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si) +static ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si) { ASN1_TYPE *attr; const unsigned char *p; @@ -229,7 +226,7 @@ } static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si, - const STACK_OF(X509) *chain) + const STACK_OF(X509) *chain) { ESS_SIGNING_CERT *ss = ossl_ess_get_signing_cert(si); ESS_SIGNING_CERT_V2 *ssv2 = ossl_ess_get_signing_cert_v2(si); @@ -258,7 +255,7 @@ goto err; ret = 1; - err: +err: return ret; } @@ -290,7 +287,7 @@ * - Check if the TSA name is the expected TSA. */ static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, - PKCS7 *token, TS_TST_INFO *tst_info) + PKCS7 *token, TS_TST_INFO *tst_info) { X509 *signer = NULL; GENERAL_NAME *tsa_name = tst_info->tsa; @@ -302,7 +299,7 @@ /* Some options require us to also check the signature */ if (((flags & TS_VFY_SIGNER) && tsa_name != NULL) - || (flags & TS_VFY_TSA_NAME)) { + || (flags & TS_VFY_TSA_NAME)) { flags |= TS_VFY_SIGNATURE; } @@ -319,11 +316,11 @@ goto err; if ((flags & TS_VFY_IMPRINT) && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, - tst_info)) + tst_info)) goto err; if ((flags & TS_VFY_DATA) && (!ts_compute_imprint(ctx->data, tst_info, - &md_alg, &imprint, &imprint_len) + &md_alg, &imprint, &imprint_len) || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info))) goto err; if ((flags & TS_VFY_NONCE) @@ -341,7 +338,7 @@ } ret = 1; - err: +err: X509_free(signer); X509_ALGOR_free(md_alg); OPENSSL_free(imprint); @@ -360,7 +357,7 @@ return 1; /* There was an error, get the description in status_text. */ - if (0 <= status && status < (long) OSSL_NELEM(ts_status_text)) + if (0 <= status && status < (long)OSSL_NELEM(ts_status_text)) status_text = ts_status_text[status]; else status_text = "unknown code"; @@ -375,7 +372,7 @@ int first = 1; for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) { if (ASN1_BIT_STRING_get_bit(info->failure_info, - ts_failure_info[i].code)) { + ts_failure_info[i].code)) { if (!first) strcat(failure_text, ","); else @@ -388,10 +385,10 @@ strcpy(failure_text, "unspecified"); ERR_raise_data(ERR_LIB_TS, TS_R_NO_TIME_STAMP_TOKEN, - "status code: %s, status text: %s, failure codes: %s", - status_text, - embedded_status_text ? embedded_status_text : "unspecified", - failure_text); + "status code: %s, status text: %s, failure codes: %s", + status_text, + embedded_status_text ? embedded_status_text : "unspecified", + failure_text); OPENSSL_free(embedded_status_text); return 0; @@ -403,7 +400,7 @@ } static int ts_check_policy(const ASN1_OBJECT *req_oid, - const TS_TST_INFO *tst_info) + const TS_TST_INFO *tst_info) { const ASN1_OBJECT *resp_oid = tst_info->policy_id; @@ -416,8 +413,8 @@ } static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, - X509_ALGOR **md_alg, - unsigned char **imprint, unsigned *imprint_len) + X509_ALGOR **md_alg, + unsigned char **imprint, unsigned *imprint_len) { TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint; X509_ALGOR *md_alg_resp = msg_imprint->hash_algo; @@ -474,7 +471,7 @@ EVP_MD_CTX_free(md_ctx); return 1; - err: +err: EVP_MD_CTX_free(md_ctx); EVP_MD_free(md); X509_ALGOR_free(*md_alg); @@ -486,8 +483,8 @@ } static int ts_check_imprints(X509_ALGOR *algor_a, - const unsigned char *imprint_a, unsigned len_a, - TS_TST_INFO *tst_info) + const unsigned char *imprint_a, unsigned len_a, + TS_TST_INFO *tst_info) { TS_MSG_IMPRINT *b = tst_info->msg_imprint; X509_ALGOR *algor_b = b->hash_algo; @@ -499,15 +496,14 @@ /* The parameter must be NULL in both. */ if ((algor_a->parameter - && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) + && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) || (algor_b->parameter && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL)) goto err; } - ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) && - memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0; - err: + ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) && memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0; +err: if (!ret) ERR_raise(ERR_LIB_TS, TS_R_MESSAGE_IMPRINT_MISMATCH); return ret; --- crypto/openssl/crypto/ts/ts_verify_ctx.c.orig +++ crypto/openssl/crypto/ts/ts_verify_ctx.c @@ -61,14 +61,14 @@ } STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, - STACK_OF(X509) *certs) + STACK_OF(X509) *certs) { ctx->certs = certs; return ctx->certs; } unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, - unsigned char *hexstr, long len) + unsigned char *hexstr, long len) { OPENSSL_free(ctx->imprint); ctx->imprint = hexstr; @@ -140,7 +140,7 @@ ret->flags &= ~TS_VFY_NONCE; return ret; - err: +err: if (ctx) TS_VERIFY_CTX_cleanup(ctx); else --- crypto/openssl/crypto/txt_db/txt_db.c.orig +++ crypto/openssl/crypto/txt_db/txt_db.c @@ -114,7 +114,7 @@ } BUF_MEM_free(buf); return ret; - err: +err: BUF_MEM_free(buf); if (ret != NULL) { sk_OPENSSL_PSTRING_free(ret->data); @@ -126,7 +126,7 @@ } OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, - OPENSSL_STRING *value) + OPENSSL_STRING *value) { OPENSSL_STRING *ret; LHASH_OF(OPENSSL_STRING) *lh; @@ -145,8 +145,8 @@ return ret; } -int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), - OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp) +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp) { LHASH_OF(OPENSSL_STRING) *idx; OPENSSL_STRING *r, *k; @@ -227,7 +227,7 @@ tot += j; } ret = tot; - err: +err: BUF_MEM_free(buf); return ret; } @@ -239,7 +239,7 @@ for (i = 0; i < db->num_fields; i++) { if (db->index[i] != NULL) { - if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) + if ((db->qual[i] != NULL) && (db->qual[i](row) == 0)) continue; r = lh_OPENSSL_STRING_retrieve(db->index[i], row); if (r != NULL) { @@ -253,7 +253,7 @@ for (i = 0; i < db->num_fields; i++) { if (db->index[i] != NULL) { - if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) + if ((db->qual[i] != NULL) && (db->qual[i](row) == 0)) continue; (void)lh_OPENSSL_STRING_insert(db->index[i], row); if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL) @@ -264,16 +264,16 @@ goto err1; return 1; - err1: +err1: db->error = DB_ERROR_MALLOC; while (i-- > 0) { if (db->index[i] != NULL) { - if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) + if ((db->qual[i] != NULL) && (db->qual[i](row) == 0)) continue; (void)lh_OPENSSL_STRING_delete(db->index[i], row); } } - err: +err: return 0; } @@ -298,7 +298,7 @@ */ p = sk_OPENSSL_PSTRING_value(db->data, i); max = p[db->num_fields]; /* last address */ - if (max == NULL) { /* new row */ + if (max == NULL) { /* new row */ for (n = 0; n < db->num_fields; n++) OPENSSL_free(p[n]); } else { --- crypto/openssl/crypto/ui/ui_err.c.orig +++ crypto/openssl/crypto/ui/ui_err.c @@ -15,24 +15,24 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA UI_str_reasons[] = { - {ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), - "common ok and cancel characters"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_LARGE), "index too large"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_SMALL), "index too small"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_NO_RESULT_BUFFER), "no result buffer"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_PROCESSING_ERROR), "processing error"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_LARGE), "result too large"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_SMALL), "result too small"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSASSIGN_ERROR), "sys$assign error"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSDASSGN_ERROR), "sys$dassgn error"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSQIOW_ERROR), "sys$qiow error"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_CONTROL_COMMAND), - "unknown control command"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE), - "unknown ttyget errno value"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED), - "user data duplication unsupported"}, - {0, NULL} + { ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), + "common ok and cancel characters" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_LARGE), "index too large" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_SMALL), "index too small" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_NO_RESULT_BUFFER), "no result buffer" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_PROCESSING_ERROR), "processing error" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_LARGE), "result too large" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_SMALL), "result too small" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSASSIGN_ERROR), "sys$assign error" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSDASSGN_ERROR), "sys$dassgn error" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSQIOW_ERROR), "sys$qiow error" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_CONTROL_COMMAND), + "unknown control command" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE), + "unknown ttyget errno value" }, + { ERR_PACK(ERR_LIB_UI, 0, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED), + "user data duplication unsupported" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/ui/ui_lib.c.orig +++ crypto/openssl/crypto/ui/ui_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -95,16 +95,17 @@ } static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, - int prompt_freeable, - enum UI_string_types type, - int input_flags, char *result_buf) + int prompt_freeable, + enum UI_string_types type, + int input_flags, char *result_buf) { UI_STRING *ret = NULL; if (prompt == NULL) { ERR_raise(ERR_LIB_UI, ERR_R_PASSED_NULL_PARAMETER); } else if ((type == UIT_PROMPT || type == UIT_VERIFY - || type == UIT_BOOLEAN) && result_buf == NULL) { + || type == UIT_BOOLEAN) + && result_buf == NULL) { ERR_raise(ERR_LIB_UI, UI_R_NO_RESULT_BUFFER); } else if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) { ret->out_string = prompt; @@ -117,14 +118,14 @@ } static int general_allocate_string(UI *ui, const char *prompt, - int prompt_freeable, - enum UI_string_types type, int input_flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf) + int prompt_freeable, + enum UI_string_types type, int input_flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf) { int ret = -1; UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, - type, input_flags, result_buf); + type, input_flags, result_buf); if (s != NULL) { if (allocate_string_stack(ui) >= 0) { @@ -144,13 +145,13 @@ } static int general_allocate_boolean(UI *ui, - const char *prompt, - const char *action_desc, - const char *ok_chars, - const char *cancel_chars, - int prompt_freeable, - enum UI_string_types type, - int input_flags, char *result_buf) + const char *prompt, + const char *action_desc, + const char *ok_chars, + const char *cancel_chars, + int prompt_freeable, + enum UI_string_types type, + int input_flags, char *result_buf) { int ret = -1; UI_STRING *s; @@ -168,7 +169,7 @@ } s = general_allocate_prompt(ui, prompt, prompt_freeable, - type, input_flags, result_buf); + type, input_flags, result_buf); if (s != NULL) { if (allocate_string_stack(ui) >= 0) { @@ -195,18 +196,19 @@ * direct reference to the prompt. */ int UI_add_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize) + char *result_buf, int minsize, int maxsize) { return general_allocate_string(ui, prompt, 0, - UIT_PROMPT, flags, result_buf, minsize, - maxsize, NULL); + UIT_PROMPT, flags, result_buf, minsize, + maxsize, NULL); } /* Same as UI_add_input_string(), excepts it takes a copy of the prompt */ int UI_dup_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize) + char *result_buf, int minsize, int maxsize) { char *prompt_copy = NULL; + int ret; if (prompt != NULL) { prompt_copy = OPENSSL_strdup(prompt); @@ -216,25 +218,30 @@ } } - return general_allocate_string(ui, prompt_copy, 1, - UIT_PROMPT, flags, result_buf, minsize, - maxsize, NULL); + ret = general_allocate_string(ui, prompt_copy, 1, + UIT_PROMPT, flags, result_buf, minsize, + maxsize, NULL); + if (ret <= 0) + OPENSSL_free(prompt_copy); + + return ret; } int UI_add_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf) + char *result_buf, int minsize, int maxsize, + const char *test_buf) { return general_allocate_string(ui, prompt, 0, - UIT_VERIFY, flags, result_buf, minsize, - maxsize, test_buf); + UIT_VERIFY, flags, result_buf, minsize, + maxsize, test_buf); } int UI_dup_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf) + char *result_buf, int minsize, int maxsize, + const char *test_buf) { char *prompt_copy = NULL; + int ret; if (prompt != NULL) { prompt_copy = OPENSSL_strdup(prompt); @@ -244,28 +251,32 @@ } } - return general_allocate_string(ui, prompt_copy, 1, - UIT_VERIFY, flags, result_buf, minsize, - maxsize, test_buf); + ret = general_allocate_string(ui, prompt_copy, 1, + UIT_VERIFY, flags, result_buf, minsize, + maxsize, test_buf); + if (ret <= 0) + OPENSSL_free(prompt_copy); + return ret; } int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf) + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf) { return general_allocate_boolean(ui, prompt, action_desc, - ok_chars, cancel_chars, 0, UIT_BOOLEAN, - flags, result_buf); + ok_chars, cancel_chars, 0, UIT_BOOLEAN, + flags, result_buf); } int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf) + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf) { char *prompt_copy = NULL; char *action_desc_copy = NULL; char *ok_chars_copy = NULL; char *cancel_chars_copy = NULL; + int ret; if (prompt != NULL) { prompt_copy = OPENSSL_strdup(prompt); @@ -299,10 +310,15 @@ } } - return general_allocate_boolean(ui, prompt_copy, action_desc_copy, - ok_chars_copy, cancel_chars_copy, 1, - UIT_BOOLEAN, flags, result_buf); - err: + ret = general_allocate_boolean(ui, prompt_copy, action_desc_copy, + ok_chars_copy, cancel_chars_copy, 1, + UIT_BOOLEAN, flags, result_buf); + if (ret <= 0) + goto err; + + return ret; + +err: OPENSSL_free(prompt_copy); OPENSSL_free(action_desc_copy); OPENSSL_free(ok_chars_copy); @@ -313,12 +329,13 @@ int UI_add_info_string(UI *ui, const char *text) { return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, - NULL); + NULL); } int UI_dup_info_string(UI *ui, const char *text) { char *text_copy = NULL; + int ret; if (text != NULL) { text_copy = OPENSSL_strdup(text); @@ -328,19 +345,23 @@ } } - return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, - 0, 0, NULL); + ret = general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, + 0, 0, NULL); + if (ret <= 0) + OPENSSL_free(text_copy); + return ret; } int UI_add_error_string(UI *ui, const char *text) { return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, - NULL); + NULL); } int UI_dup_error_string(UI *ui, const char *text) { char *text_copy = NULL; + int ret; if (text != NULL) { text_copy = OPENSSL_strdup(text); @@ -349,12 +370,16 @@ return -1; } } - return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, - 0, 0, NULL); + + ret = general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, + 0, 0, NULL); + if (ret <= 0) + OPENSSL_free(text_copy); + return ret; } char *UI_construct_prompt(UI *ui, const char *phrase_desc, - const char *object_name) + const char *object_name) { char *prompt = NULL; @@ -482,14 +507,14 @@ if (ui->flags & UI_FLAG_PRINT_ERRORS) ERR_print_errors_cb((int (*)(const char *, size_t, void *)) - print_error, (void *)ui); + print_error, + (void *)ui); for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { if (ui->meth->ui_write_string != NULL && (ui->meth->ui_write_string(ui, - sk_UI_STRING_value(ui->strings, i)) - <= 0)) - { + sk_UI_STRING_value(ui->strings, i)) + <= 0)) { state = "writing strings"; ok = -1; goto err; @@ -498,15 +523,15 @@ if (ui->meth->ui_flush != NULL) switch (ui->meth->ui_flush(ui)) { - case -1: /* Interrupt/Cancel/something... */ + case -1: /* Interrupt/Cancel/something... */ ui->flags &= ~UI_FLAG_REDOABLE; ok = -2; goto err; - case 0: /* Errors */ + case 0: /* Errors */ state = "flushing"; ok = -1; goto err; - default: /* Success */ + default: /* Success */ ok = 0; break; } @@ -514,17 +539,17 @@ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { if (ui->meth->ui_read_string != NULL) { switch (ui->meth->ui_read_string(ui, - sk_UI_STRING_value(ui->strings, - i))) { - case -1: /* Interrupt/Cancel/something... */ + sk_UI_STRING_value(ui->strings, + i))) { + case -1: /* Interrupt/Cancel/something... */ ui->flags &= ~UI_FLAG_REDOABLE; ok = -2; goto err; - case 0: /* Errors */ + case 0: /* Errors */ state = "reading strings"; ok = -1; goto err; - default: /* Success */ + default: /* Success */ ok = 0; break; } @@ -536,7 +561,7 @@ } state = NULL; - err: +err: if (ui->meth->ui_close_session != NULL && ui->meth->ui_close_session(ui) <= 0) { if (state == NULL) @@ -549,24 +574,23 @@ return ok; } -int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)) { if (ui == NULL) { ERR_raise(ERR_LIB_UI, ERR_R_PASSED_NULL_PARAMETER); return -1; } switch (cmd) { - case UI_CTRL_PRINT_ERRORS: - { - int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS); - if (i) - ui->flags |= UI_FLAG_PRINT_ERRORS; - else - ui->flags &= ~UI_FLAG_PRINT_ERRORS; - return save_flag; - } + case UI_CTRL_PRINT_ERRORS: { + int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS); + if (i) + ui->flags |= UI_FLAG_PRINT_ERRORS; + else + ui->flags &= ~UI_FLAG_PRINT_ERRORS; + return save_flag; + } case UI_CTRL_IS_REDOABLE: - return ! !(ui->flags & UI_FLAG_REDOABLE); + return !!(ui->flags & UI_FLAG_REDOABLE); default: break; } @@ -602,7 +626,7 @@ if ((ui_method = OPENSSL_zalloc(sizeof(*ui_method))) == NULL || (ui_method->name = OPENSSL_strdup(name)) == NULL || !CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method, - &ui_method->ex_data)) { + &ui_method->ex_data)) { if (ui_method) OPENSSL_free(ui_method->name); OPENSSL_free(ui_method); @@ -622,13 +646,13 @@ if (ui_method == NULL) return; CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method, - &ui_method->ex_data); + &ui_method->ex_data); OPENSSL_free(ui_method->name); ui_method->name = NULL; OPENSSL_free(ui_method); } -int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)) +int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)) { if (method != NULL) { method->ui_open_session = opener; @@ -638,7 +662,7 @@ } int UI_method_set_writer(UI_METHOD *method, - int (*writer) (UI *ui, UI_STRING *uis)) + int (*writer)(UI *ui, UI_STRING *uis)) { if (method != NULL) { method->ui_write_string = writer; @@ -647,7 +671,7 @@ return -1; } -int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)) +int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)) { if (method != NULL) { method->ui_flush = flusher; @@ -657,7 +681,7 @@ } int UI_method_set_reader(UI_METHOD *method, - int (*reader) (UI *ui, UI_STRING *uis)) + int (*reader)(UI *ui, UI_STRING *uis)) { if (method != NULL) { method->ui_read_string = reader; @@ -666,7 +690,7 @@ return -1; } -int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)) +int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)) { if (method != NULL) { method->ui_close_session = closer; @@ -676,8 +700,8 @@ } int UI_method_set_data_duplicator(UI_METHOD *method, - void *(*duplicator) (UI *ui, void *ui_data), - void (*destructor)(UI *ui, void *ui_data)) + void *(*duplicator)(UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)) { if (method != NULL) { method->ui_duplicate_data = duplicator; @@ -688,9 +712,9 @@ } int UI_method_set_prompt_constructor(UI_METHOD *method, - char *(*prompt_constructor) (UI *ui, - const char *, - const char *)) + char *(*prompt_constructor)(UI *ui, + const char *, + const char *)) { if (method != NULL) { method->ui_construct_prompt = prompt_constructor; @@ -704,57 +728,56 @@ return CRYPTO_set_ex_data(&method->ex_data, idx, data); } -int (*UI_method_get_opener(const UI_METHOD *method)) (UI *) +int (*UI_method_get_opener(const UI_METHOD *method))(UI *) { if (method != NULL) return method->ui_open_session; return NULL; } -int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *) +int (*UI_method_get_writer(const UI_METHOD *method))(UI *, UI_STRING *) { if (method != NULL) return method->ui_write_string; return NULL; } -int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *) +int (*UI_method_get_flusher(const UI_METHOD *method))(UI *) { if (method != NULL) return method->ui_flush; return NULL; } -int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *) +int (*UI_method_get_reader(const UI_METHOD *method))(UI *, UI_STRING *) { if (method != NULL) return method->ui_read_string; return NULL; } -int (*UI_method_get_closer(const UI_METHOD *method)) (UI *) +int (*UI_method_get_closer(const UI_METHOD *method))(UI *) { if (method != NULL) return method->ui_close_session; return NULL; } -char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) - (UI *, const char *, const char *) +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))(UI *, const char *, const char *) { if (method != NULL) return method->ui_construct_prompt; return NULL; } -void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *) +void *(*UI_method_get_data_duplicator(const UI_METHOD *method))(UI *, void *) { if (method != NULL) return method->ui_duplicate_data; return NULL; } -void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *) +void (*UI_method_get_data_destructor(const UI_METHOD *method))(UI *, void *) { if (method != NULL) return method->ui_destroy_data; @@ -886,17 +909,17 @@ if (len < uis->_.string_data.result_minsize) { ui->flags |= UI_FLAG_REDOABLE; ERR_raise_data(ERR_LIB_UI, UI_R_RESULT_TOO_SMALL, - "You must type in %d to %d characters", - uis->_.string_data.result_minsize, - uis->_.string_data.result_maxsize); + "You must type in %d to %d characters", + uis->_.string_data.result_minsize, + uis->_.string_data.result_maxsize); return -1; } if (len > uis->_.string_data.result_maxsize) { ui->flags |= UI_FLAG_REDOABLE; ERR_raise_data(ERR_LIB_UI, UI_R_RESULT_TOO_LARGE, - "You must type in %d to %d characters", - uis->_.string_data.result_minsize, - uis->_.string_data.result_maxsize); + "You must type in %d to %d characters", + uis->_.string_data.result_minsize, + uis->_.string_data.result_maxsize); return -1; } @@ -910,27 +933,26 @@ uis->result_buf[len] = '\0'; uis->result_len = len; break; - case UIT_BOOLEAN: - { - const char *p; + case UIT_BOOLEAN: { + const char *p; - if (uis->result_buf == NULL) { - ERR_raise(ERR_LIB_UI, UI_R_NO_RESULT_BUFFER); - return -1; - } + if (uis->result_buf == NULL) { + ERR_raise(ERR_LIB_UI, UI_R_NO_RESULT_BUFFER); + return -1; + } - uis->result_buf[0] = '\0'; - for (p = result; *p; p++) { - if (strchr(uis->_.boolean_data.ok_chars, *p)) { - uis->result_buf[0] = uis->_.boolean_data.ok_chars[0]; - break; - } - if (strchr(uis->_.boolean_data.cancel_chars, *p)) { - uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0]; - break; - } + uis->result_buf[0] = '\0'; + for (p = result; *p; p++) { + if (strchr(uis->_.boolean_data.ok_chars, *p)) { + uis->result_buf[0] = uis->_.boolean_data.ok_chars[0]; + break; + } + if (strchr(uis->_.boolean_data.cancel_chars, *p)) { + uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0]; + break; } } + } case UIT_NONE: case UIT_INFO: case UIT_ERROR: --- crypto/openssl/crypto/ui/ui_local.h.orig +++ crypto/openssl/crypto/ui/ui_local.h @@ -8,14 +8,14 @@ */ #ifndef OSSL_CRYPTO_UI_LOCAL_H -# define OSSL_CRYPTO_UI_LOCAL_H +#define OSSL_CRYPTO_UI_LOCAL_H -# include -# include +#include +#include -# ifdef _ -# undef _ -# endif +#ifdef _ +#undef _ +#endif struct ui_method_st { char *name; @@ -28,21 +28,21 @@ * whatever. This function should use the ex_data structure to save * intermediate data. */ - int (*ui_open_session) (UI *ui); - int (*ui_write_string) (UI *ui, UI_STRING *uis); + int (*ui_open_session)(UI *ui); + int (*ui_write_string)(UI *ui, UI_STRING *uis); /* * Flush the output. If a GUI dialog box is used, this function can be * used to actually display it. */ - int (*ui_flush) (UI *ui); - int (*ui_read_string) (UI *ui, UI_STRING *uis); - int (*ui_close_session) (UI *ui); + int (*ui_flush)(UI *ui); + int (*ui_read_string)(UI *ui, UI_STRING *uis); + int (*ui_close_session)(UI *ui); /* * Duplicate the ui_data that often comes alongside a ui_method. This * allows some backends to save away UI information for later use. */ - void *(*ui_duplicate_data) (UI *ui, void *ui_data); - void (*ui_destroy_data) (UI *ui, void *ui_data); + void *(*ui_duplicate_data)(UI *ui, void *ui_data); + void (*ui_destroy_data)(UI *ui, void *ui_data); /* * Construct a prompt in a user-defined manner. object_desc is a textual * short description of the object, for example "pass phrase", and @@ -50,8 +50,8 @@ * name. The returned string shall always be allocated on the heap with * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */ - char *(*ui_construct_prompt) (UI *ui, const char *object_desc, - const char *object_name); + char *(*ui_construct_prompt)(UI *ui, const char *object_desc, + const char *object_name); /* * UI_METHOD specific application data. */ @@ -59,18 +59,18 @@ }; struct ui_string_st { - enum UI_string_types type; /* Input */ - const char *out_string; /* Input */ - int input_flags; /* Flags from the user */ + enum UI_string_types type; /* Input */ + const char *out_string; /* Input */ + int input_flags; /* Flags from the user */ /* * The following parameters are completely irrelevant for UIT_INFO, and * can therefore be set to 0 or NULL */ - char *result_buf; /* Input and Output: If not NULL, - * user-defined with size in result_maxsize. - * Otherwise, it may be allocated by the UI - * routine, meaning result_minsize is going - * to be overwritten. */ + char *result_buf; /* Input and Output: If not NULL, + * user-defined with size in result_maxsize. + * Otherwise, it may be allocated by the UI + * routine, meaning result_minsize is going + * to be overwritten. */ size_t result_len; union { struct { @@ -87,8 +87,8 @@ } boolean_data; } _; -# define OUT_STRING_FREEABLE 0x01 - int flags; /* flags for internal use */ +#define OUT_STRING_FREEABLE 0x01 + int flags; /* flags for internal use */ }; struct ui_st { @@ -98,9 +98,9 @@ * echoing status. */ void *user_data; CRYPTO_EX_DATA ex_data; -# define UI_FLAG_REDOABLE 0x0001 -# define UI_FLAG_DUPL_DATA 0x0002 /* user_data was duplicated */ -# define UI_FLAG_PRINT_ERRORS 0x0100 +#define UI_FLAG_REDOABLE 0x0001 +#define UI_FLAG_DUPL_DATA 0x0002 /* user_data was duplicated */ +#define UI_FLAG_PRINT_ERRORS 0x0100 int flags; CRYPTO_RWLOCK *lock; --- crypto/openssl/crypto/ui/ui_null.c.orig +++ crypto/openssl/crypto/ui/ui_null.c @@ -11,11 +11,11 @@ static const UI_METHOD ui_null = { "OpenSSL NULL UI", - NULL, /* opener */ - NULL, /* writer */ - NULL, /* flusher */ - NULL, /* reader */ - NULL, /* closer */ + NULL, /* opener */ + NULL, /* writer */ + NULL, /* flusher */ + NULL, /* reader */ + NULL, /* closer */ NULL }; --- crypto/openssl/crypto/ui/ui_openssl.c.orig +++ crypto/openssl/crypto/ui/ui_openssl.c @@ -19,52 +19,52 @@ * sigaction and fileno included. -pedantic would be more appropriate for the * intended purposes, but we can't prevent users from adding -ansi. */ -# if defined(OPENSSL_SYS_VXWORKS) -# include -# endif - -# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -# ifndef _POSIX_C_SOURCE -# define _POSIX_C_SOURCE 2 -# endif -# endif -# include -# include -# include -# include - -# if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) -# include +#if defined(OPENSSL_SYS_VXWORKS) +#include +#endif + +#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) +#ifndef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 2 +#endif +#endif +#include +#include +#include +#include + +#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) +#include /* * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX * system and have sigaction and termios. */ -# if defined(_POSIX_VERSION) && _POSIX_VERSION>=199309L +#if defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L -# define SIGACTION -# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -# define TERMIOS -# endif +#define SIGACTION +#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) +#define TERMIOS +#endif -# endif -# endif +#endif +#endif -# include "ui_local.h" -# include "internal/cryptlib.h" +#include "ui_local.h" +#include "internal/cryptlib.h" -# ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ -# include -# ifdef __DECC -# pragma message disable DOLLARID -# endif -# endif +#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ +#include +#ifdef __DECC +#pragma message disable DOLLARID +#endif +#endif -# ifdef WIN_CONSOLE_BUG -# include -# ifndef OPENSSL_SYS_WINCE -# include -# endif -# endif +#ifdef WIN_CONSOLE_BUG +#include +#ifndef OPENSSL_SYS_WINCE +#include +#endif +#endif /* * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS, @@ -78,87 +78,87 @@ * may eventually opt to remove its use entirely. */ -# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) +#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -# if defined(_LIBC) -# undef TERMIOS -# define TERMIO -# undef SGTTY +#if defined(_LIBC) +#undef TERMIOS +#define TERMIO +#undef SGTTY /* * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms. */ -# elif !defined(OPENSSL_SYS_VMS) \ - && !defined(OPENSSL_SYS_MSDOS) \ - && !defined(OPENSSL_SYS_VXWORKS) -# define TERMIOS -# undef TERMIO -# undef SGTTY -# endif - -# endif - -# if defined(OPENSSL_SYS_VXWORKS) -# undef TERMIOS -# undef TERMIO -# undef SGTTY -# endif - -# ifdef TERMIOS -# include -# define TTY_STRUCT struct termios -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) tcgetattr(tty,data) -# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) -# endif - -# ifdef TERMIO -# include -# define TTY_STRUCT struct termio -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) ioctl(tty,TCGETA,data) -# define TTY_set(tty,data) ioctl(tty,TCSETA,data) -# endif - -# ifdef SGTTY -# include -# define TTY_STRUCT struct sgttyb -# define TTY_FLAGS sg_flags -# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) -# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) -# endif - -# if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && ! (defined(OPENSSL_SYS_TANDEM) && defined(_SPT_MODEL_)) -# include -# endif - -# ifdef OPENSSL_SYS_MSDOS -# include -# endif - -# ifdef OPENSSL_SYS_VMS -# include -# include -# include -# include +#elif !defined(OPENSSL_SYS_VMS) \ + && !defined(OPENSSL_SYS_MSDOS) \ + && !defined(OPENSSL_SYS_VXWORKS) +#define TERMIOS +#undef TERMIO +#undef SGTTY +#endif + +#endif + +#if defined(OPENSSL_SYS_VXWORKS) +#undef TERMIOS +#undef TERMIO +#undef SGTTY +#endif + +#ifdef TERMIOS +#include +#define TTY_STRUCT struct termios +#define TTY_FLAGS c_lflag +#define TTY_get(tty, data) tcgetattr(tty, data) +#define TTY_set(tty, data) tcsetattr(tty, TCSANOW, data) +#endif + +#ifdef TERMIO +#include +#define TTY_STRUCT struct termio +#define TTY_FLAGS c_lflag +#define TTY_get(tty, data) ioctl(tty, TCGETA, data) +#define TTY_set(tty, data) ioctl(tty, TCSETA, data) +#endif + +#ifdef SGTTY +#include +#define TTY_STRUCT struct sgttyb +#define TTY_FLAGS sg_flags +#define TTY_get(tty, data) ioctl(tty, TIOCGETP, data) +#define TTY_set(tty, data) ioctl(tty, TIOCSETP, data) +#endif + +#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !(defined(OPENSSL_SYS_TANDEM) && defined(_SPT_MODEL_)) +#include +#endif + +#ifdef OPENSSL_SYS_MSDOS +#include +#endif + +#ifdef OPENSSL_SYS_VMS +#include +#include +#include +#include struct IOSB { short iosb$w_value; short iosb$w_count; long iosb$l_info; }; -# endif +#endif -# ifndef NX509_SIG -# define NX509_SIG 32 -# endif +#ifndef NX509_SIG +#define NX509_SIG 32 +#endif /* Define globals. They are protected by a lock */ -# ifdef SIGACTION +#ifdef SIGACTION static struct sigaction savsig[NX509_SIG]; -# else -static void (*savsig[NX509_SIG]) (int); -# endif +#else +static void (*savsig[NX509_SIG])(int); +#endif -# ifdef OPENSSL_SYS_VMS +#ifdef OPENSSL_SYS_VMS static struct IOSB iosb; static $DESCRIPTOR(terminal, "TT"); static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this @@ -166,26 +166,26 @@ * structures? */ static long status; static unsigned short channel = 0; -# elif defined(_WIN32) && !defined(_WIN32_WCE) +#elif defined(_WIN32) && !defined(_WIN32_WCE) static DWORD tty_orig, tty_new; -# else -# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) +#else +#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) static TTY_STRUCT tty_orig, tty_new; -# endif -# endif +#endif +#endif static FILE *tty_in, *tty_out; static int is_a_tty; /* Declare static functions */ -# if !defined(OPENSSL_SYS_WINCE) +#if !defined(OPENSSL_SYS_WINCE) static int read_till_nl(FILE *); static void recsig(int); static void pushsig(void); static void popsig(void); -# endif -# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) +#endif +#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) static int noecho_fgets(char *buf, int size, FILE *tty); -# endif +#endif static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl); static int read_string(UI *ui, UI_STRING *uis); @@ -227,20 +227,20 @@ fputs(UI_get0_action_string(uis), tty_out); fflush(tty_out); return read_string_inner(ui, uis, - UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, - 0); + UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, + 0); case UIT_PROMPT: fputs(UI_get0_output_string(uis), tty_out); fflush(tty_out); return read_string_inner(ui, uis, - UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, - 1); + UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, + 1); case UIT_VERIFY: fprintf(tty_out, "Verifying - %s", UI_get0_output_string(uis)); fflush(tty_out); if ((ok = read_string_inner(ui, uis, - UI_get_input_flags(uis) & - UI_INPUT_FLAG_ECHO, 1)) <= 0) + UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) + <= 0) return ok; if (strcmp(UI_get0_result_string(uis), UI_get0_test_string(uis)) != 0) { fprintf(tty_out, "Verify failure\n"); @@ -256,11 +256,11 @@ return 1; } -# if !defined(OPENSSL_SYS_WINCE) +#if !defined(OPENSSL_SYS_WINCE) /* Internal functions to read a string without echoing */ static int read_till_nl(FILE *in) { -# define SIZE 4 +#define SIZE 4 char buf[SIZE + 1]; do { @@ -271,7 +271,7 @@ } static volatile sig_atomic_t intr_signal; -# endif +#endif static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) { @@ -279,7 +279,7 @@ int ok; char result[BUFSIZ]; int maxsize = BUFSIZ - 1; -# if !defined(OPENSSL_SYS_WINCE) +#if !defined(OPENSSL_SYS_WINCE) char *p = NULL; int echo_eol = !echo; @@ -295,48 +295,46 @@ ps = 2; result[0] = '\0'; -# if defined(_WIN32) +#if defined(_WIN32) if (is_a_tty) { DWORD numread; -# if defined(CP_UTF8) +#if defined(CP_UTF8) if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) { WCHAR wresult[BUFSIZ]; if (ReadConsoleW(GetStdHandle(STD_INPUT_HANDLE), - wresult, maxsize, &numread, NULL)) { - if (numread >= 2 && - wresult[numread-2] == L'\r' && - wresult[numread-1] == L'\n') { - wresult[numread-2] = L'\n'; + wresult, maxsize, &numread, NULL)) { + if (numread >= 2 && wresult[numread - 2] == L'\r' && wresult[numread - 1] == L'\n') { + wresult[numread - 2] = L'\n'; numread--; } wresult[numread] = '\0'; if (WideCharToMultiByte(CP_UTF8, 0, wresult, -1, - result, sizeof(result), NULL, 0) > 0) + result, sizeof(result), NULL, 0) + > 0) p = result; OPENSSL_cleanse(wresult, sizeof(wresult)); } } else -# endif - if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE), - result, maxsize, &numread, NULL)) { - if (numread >= 2 && - result[numread-2] == '\r' && result[numread-1] == '\n') { - result[numread-2] = '\n'; +#endif + if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE), + result, maxsize, &numread, NULL)) { + if (numread >= 2 && result[numread - 2] == '\r' && result[numread - 1] == '\n') { + result[numread - 2] = '\n'; numread--; } result[numread] = '\0'; p = result; } } else -# elif defined(OPENSSL_SYS_MSDOS) +#elif defined(OPENSSL_SYS_MSDOS) if (!echo) { noecho_fgets(result, maxsize, tty_in); - p = result; /* FIXME: noecho_fgets doesn't return errors */ + p = result; /* FIXME: noecho_fgets doesn't return errors */ } else -# endif - p = fgets(result, maxsize, tty_in); +#endif + p = fgets(result, maxsize, tty_in); if (p == NULL) goto error; if (feof(tty_in)) @@ -351,7 +349,7 @@ if (UI_set_result(ui, uis, result) >= 0) ok = 1; - error: +error: if (intr_signal == SIGINT) ok = -1; if (echo_eol) @@ -361,9 +359,9 @@ if (ps >= 1) popsig(); -# else +#else ok = 1; -# endif +#endif OPENSSL_cleanse(result, BUFSIZ); return ok; @@ -376,10 +374,10 @@ return 0; is_a_tty = 1; -# if defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) tty_in = stdin; tty_out = stderr; -# elif defined(_WIN32) && !defined(_WIN32_WCE) +#elif defined(_WIN32) && !defined(_WIN32_WCE) if ((tty_out = fopen("conout$", "w")) == NULL) tty_out = stderr; @@ -390,162 +388,162 @@ if ((tty_in = fopen("conin$", "r")) == NULL) tty_in = stdin; } -# else -# ifdef OPENSSL_SYS_MSDOS -# define DEV_TTY "con" -# else -# define DEV_TTY "/dev/tty" -# endif +#else +#ifdef OPENSSL_SYS_MSDOS +#define DEV_TTY "con" +#else +#define DEV_TTY "/dev/tty" +#endif if ((tty_in = fopen(DEV_TTY, "r")) == NULL) tty_in = stdin; if ((tty_out = fopen(DEV_TTY, "w")) == NULL) tty_out = stderr; -# endif +#endif -# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) +#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) if (TTY_get(fileno(tty_in), &tty_orig) == -1) { -# ifdef ENOTTY +#ifdef ENOTTY if (errno == ENOTTY) is_a_tty = 0; else -# endif -# ifdef EINVAL +#endif +#ifdef EINVAL /* * Ariel Glenn reports that solaris can return EINVAL instead. * This should be ok */ - if (errno == EINVAL) - is_a_tty = 0; - else -# endif -# ifdef ENXIO - /* - * Solaris can return ENXIO. - * This should be ok - */ - if (errno == ENXIO) - is_a_tty = 0; - else -# endif -# ifdef EIO - /* - * Linux can return EIO. - * This should be ok - */ - if (errno == EIO) - is_a_tty = 0; - else -# endif -# ifdef EPERM - /* - * Linux can return EPERM (Operation not permitted), - * e.g. if a daemon executes openssl via fork()+execve() - * This should be ok - */ - if (errno == EPERM) - is_a_tty = 0; - else -# endif -# ifdef ENODEV - /* - * MacOS X returns ENODEV (Operation not supported by device), - * which seems appropriate. - */ - if (errno == ENODEV) + if (errno == EINVAL) is_a_tty = 0; - else -# endif - { - ERR_raise_data(ERR_LIB_UI, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE, - "errno=%d", errno); - return 0; - } + else +#endif +#ifdef ENXIO + /* + * Solaris can return ENXIO. + * This should be ok + */ + if (errno == ENXIO) + is_a_tty = 0; + else +#endif +#ifdef EIO + /* + * Linux can return EIO. + * This should be ok + */ + if (errno == EIO) + is_a_tty = 0; + else +#endif +#ifdef EPERM + /* + * Linux can return EPERM (Operation not permitted), + * e.g. if a daemon executes openssl via fork()+execve() + * This should be ok + */ + if (errno == EPERM) + is_a_tty = 0; + else +#endif +#ifdef ENODEV + /* + * MacOS X returns ENODEV (Operation not supported by device), + * which seems appropriate. + */ + if (errno == ENODEV) + is_a_tty = 0; + else +#endif + { + ERR_raise_data(ERR_LIB_UI, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE, + "errno=%d", errno); + return 0; + } } -# endif -# ifdef OPENSSL_SYS_VMS +#endif +#ifdef OPENSSL_SYS_VMS status = sys$assign(&terminal, &channel, 0, 0); /* if there isn't a TT device, something is very wrong */ if (status != SS$_NORMAL) { ERR_raise_data(ERR_LIB_UI, UI_R_SYSASSIGN_ERROR, - "status=%%X%08X", status); + "status=%%X%08X", status); return 0; } status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, - 0, 0, 0, 0); + 0, 0, 0, 0); /* If IO$_SENSEMODE doesn't work, this is not a terminal device */ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) is_a_tty = 0; -# endif +#endif return 1; } static int noecho_console(UI *ui) { -# ifdef TTY_FLAGS +#ifdef TTY_FLAGS memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); tty_new.TTY_FLAGS &= ~ECHO; -# endif +#endif -# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) +#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; -# endif -# ifdef OPENSSL_SYS_VMS +#endif +#ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; tty_new[1] = tty_orig[1] | TT$M_NOECHO; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, - 0, 0, 0, 0); + 0, 0, 0, 0); if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) { ERR_raise_data(ERR_LIB_UI, UI_R_SYSQIOW_ERROR, - "status=%%X%08X, iosb.iosb$w_value=%%X%08X", - status, iosb.iosb$w_value); + "status=%%X%08X, iosb.iosb$w_value=%%X%08X", + status, iosb.iosb$w_value); return 0; } } -# endif -# if defined(_WIN32) && !defined(_WIN32_WCE) +#endif +#if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; tty_new &= ~ENABLE_ECHO_INPUT; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } -# endif +#endif return 1; } static int echo_console(UI *ui) { -# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) +#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; -# endif -# ifdef OPENSSL_SYS_VMS +#endif +#ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, - 0, 0, 0, 0); + 0, 0, 0, 0); if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) { ERR_raise_data(ERR_LIB_UI, UI_R_SYSQIOW_ERROR, - "status=%%X%08X, iosb.iosb$w_value=%%X%08X", - status, iosb.iosb$w_value); + "status=%%X%08X, iosb.iosb$w_value=%%X%08X", + status, iosb.iosb$w_value); return 0; } } -# endif -# if defined(_WIN32) && !defined(_WIN32_WCE) +#endif +#if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } -# endif +#endif return 1; } @@ -557,104 +555,104 @@ fclose(tty_in); if (tty_out != stderr) fclose(tty_out); -# ifdef OPENSSL_SYS_VMS +#ifdef OPENSSL_SYS_VMS status = sys$dassgn(channel); if (status != SS$_NORMAL) { ERR_raise_data(ERR_LIB_UI, UI_R_SYSDASSGN_ERROR, - "status=%%X%08X", status); + "status=%%X%08X", status); ret = 0; } -# endif +#endif CRYPTO_THREAD_unlock(ui->lock); return ret; } -# if !defined(OPENSSL_SYS_WINCE) +#if !defined(OPENSSL_SYS_WINCE) /* Internal functions to handle signals and act on them */ static void pushsig(void) { -# ifndef OPENSSL_SYS_WIN32 +#ifndef OPENSSL_SYS_WIN32 int i; -# endif -# ifdef SIGACTION +#endif +#ifdef SIGACTION struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; -# endif +#endif -# ifdef OPENSSL_SYS_WIN32 +#ifdef OPENSSL_SYS_WIN32 savsig[SIGABRT] = signal(SIGABRT, recsig); savsig[SIGFPE] = signal(SIGFPE, recsig); savsig[SIGILL] = signal(SIGILL, recsig); savsig[SIGINT] = signal(SIGINT, recsig); savsig[SIGSEGV] = signal(SIGSEGV, recsig); savsig[SIGTERM] = signal(SIGTERM, recsig); -# else +#else for (i = 1; i < NX509_SIG; i++) { -# ifdef SIGUSR1 +#ifdef SIGUSR1 if (i == SIGUSR1) continue; -# endif -# ifdef SIGUSR2 +#endif +#ifdef SIGUSR2 if (i == SIGUSR2) continue; -# endif -# ifdef SIGKILL - if (i == SIGKILL) /* We can't make any action on that. */ +#endif +#ifdef SIGKILL + if (i == SIGKILL) /* We can't make any action on that. */ continue; -# endif -# ifdef SIGACTION +#endif +#ifdef SIGACTION sigaction(i, &sa, &savsig[i]); -# else +#else savsig[i] = signal(i, recsig); -# endif +#endif } -# endif +#endif -# ifdef SIGWINCH +#ifdef SIGWINCH signal(SIGWINCH, SIG_DFL); -# endif +#endif } static void popsig(void) { -# ifdef OPENSSL_SYS_WIN32 +#ifdef OPENSSL_SYS_WIN32 signal(SIGABRT, savsig[SIGABRT]); signal(SIGFPE, savsig[SIGFPE]); signal(SIGILL, savsig[SIGILL]); signal(SIGINT, savsig[SIGINT]); signal(SIGSEGV, savsig[SIGSEGV]); signal(SIGTERM, savsig[SIGTERM]); -# else +#else int i; for (i = 1; i < NX509_SIG; i++) { -# ifdef SIGUSR1 +#ifdef SIGUSR1 if (i == SIGUSR1) continue; -# endif -# ifdef SIGUSR2 +#endif +#ifdef SIGUSR2 if (i == SIGUSR2) continue; -# endif -# ifdef SIGACTION +#endif +#ifdef SIGACTION sigaction(i, &savsig[i], NULL); -# else +#else signal(i, savsig[i]); -# endif +#endif } -# endif +#endif } static void recsig(int i) { intr_signal = i; } -# endif +#endif /* Internal functions specific for Windows */ -# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) +#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) static int noecho_fgets(char *buf, int size, FILE *tty) { int i; @@ -667,11 +665,11 @@ break; } size--; -# if defined(_WIN32) +#if defined(_WIN32) i = _getch(); -# else +#else i = getch(); -# endif +#endif if (i == '\r') i = '\n'; *(p++) = i; @@ -680,7 +678,7 @@ break; } } -# ifdef WIN_CONSOLE_BUG +#ifdef WIN_CONSOLE_BUG /* * Win95 has several evil console bugs: one of these is that the last * character read using getch() is passed to the next read: this is @@ -692,16 +690,16 @@ inh = GetStdHandle(STD_INPUT_HANDLE); FlushConsoleInputBuffer(inh); } -# endif +#endif return strlen(buf); } -# endif +#endif static UI_METHOD ui_openssl = { "OpenSSL default user interface", open_console, write_string, - NULL, /* No flusher is needed for command lines */ + NULL, /* No flusher is needed for command lines */ read_string, close_console, NULL --- crypto/openssl/crypto/ui/ui_util.c.orig +++ crypto/openssl/crypto/ui/ui_util.c @@ -8,7 +8,7 @@ */ #include -#include /* PEM_def_callback() */ +#include /* PEM_def_callback() */ #include "internal/thread_once.h" #include "ui_local.h" @@ -17,20 +17,19 @@ #endif int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, - int verify) + int verify) { char buff[BUFSIZ]; int ret; - ret = - UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, - prompt, verify); + ret = UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, + prompt, verify); OPENSSL_cleanse(buff, BUFSIZ); return ret; } int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify) + int verify) { int ok = -2; UI *ui; @@ -60,7 +59,7 @@ }; static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) + int idx, long argl, void *argp) { /* * Do nothing, the data is allocated externally and assigned later with @@ -69,7 +68,7 @@ } static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **pptr, int idx, long argl, void *argp) + void **pptr, int idx, long argl, void *argp) { if (*pptr != NULL) { *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data)); @@ -80,7 +79,7 @@ } static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) + int idx, long argl, void *argp) { OPENSSL_free(ptr); } @@ -90,9 +89,9 @@ DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init) { ui_method_data_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD, - 0, NULL, ui_new_method_data, - ui_dup_method_data, - ui_free_method_data); + 0, NULL, ui_new_method_data, + ui_dup_method_data, + ui_free_method_data); return 1; } @@ -103,28 +102,26 @@ static int ui_read(UI *ui, UI_STRING *uis) { switch (UI_get_string_type(uis)) { - case UIT_PROMPT: - { - int len; - char result[PEM_BUFSIZE + 1]; /* reserve one byte at the end */ - const struct pem_password_cb_data *data = - UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index); - int maxsize = UI_get_result_maxsize(uis); - - if (maxsize > PEM_BUFSIZE) - maxsize = PEM_BUFSIZE; - len = data->cb(result, maxsize, data->rwflag, - UI_get0_user_data(ui)); - if (len > maxsize) - return -1; - if (len >= 0) - result[len] = '\0'; - if (len < 0) - return len; - if (UI_set_result_ex(ui, uis, result, len) >= 0) - return 1; - return 0; - } + case UIT_PROMPT: { + int len; + char result[PEM_BUFSIZE + 1]; /* reserve one byte at the end */ + const struct pem_password_cb_data *data = UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index); + int maxsize = UI_get_result_maxsize(uis); + + if (maxsize > PEM_BUFSIZE) + maxsize = PEM_BUFSIZE; + len = data->cb(result, maxsize, data->rwflag, + UI_get0_user_data(ui)); + if (len > maxsize) + return -1; + if (len >= 0) + result[len] = '\0'; + if (len < 0) + return len; + if (UI_set_result_ex(ui, uis, result, len) >= 0) + return 1; + return 0; + } case UIT_VERIFY: case UIT_NONE: case UIT_BOOLEAN: --- crypto/openssl/crypto/uid.c.orig +++ crypto/openssl/crypto/uid.c @@ -19,7 +19,7 @@ #elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || (defined(__GLIBC__) && defined(__FreeBSD_kernel__)) -# include +#include int OPENSSL_issetugid(void) { @@ -28,28 +28,28 @@ #else -# include -# include +#include +#include -# if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 16) -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# elif defined(__ANDROID_API__) +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +#if __GLIBC_PREREQ(2, 16) +#include +#define OSSL_IMPLEMENT_GETAUXVAL +#endif +#elif defined(__ANDROID_API__) /* see https://developer.android.google.cn/ndk/guides/cpu-features */ -# if __ANDROID_API__ >= 18 -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# endif +#if __ANDROID_API__ >= 18 +#include +#define OSSL_IMPLEMENT_GETAUXVAL +#endif +#endif int OPENSSL_issetugid(void) { -# ifdef OSSL_IMPLEMENT_GETAUXVAL +#ifdef OSSL_IMPLEMENT_GETAUXVAL return getauxval(AT_SECURE) != 0; -# else +#else return getuid() != geteuid() || getgid() != getegid(); -# endif +#endif } #endif --- crypto/openssl/crypto/vms_rms.h.orig +++ crypto/openssl/crypto/vms_rms.h @@ -9,50 +9,52 @@ #ifdef NAML$C_MAXRSS -# define CC_RMS_NAMX cc$rms_naml -# define FAB_NAMX fab$l_naml -# define FAB_OR_NAML( fab, naml) naml -# define FAB_OR_NAML_DNA naml$l_long_defname -# define FAB_OR_NAML_DNS naml$l_long_defname_size -# define FAB_OR_NAML_FNA naml$l_long_filename -# define FAB_OR_NAML_FNS naml$l_long_filename_size -# define NAMX_ESA naml$l_long_expand -# define NAMX_ESL naml$l_long_expand_size -# define NAMX_ESS naml$l_long_expand_alloc -# define NAMX_NOP naml$b_nop -# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1 +#define CC_RMS_NAMX cc$rms_naml +#define FAB_NAMX fab$l_naml +#define FAB_OR_NAML(fab, naml) naml +#define FAB_OR_NAML_DNA naml$l_long_defname +#define FAB_OR_NAML_DNS naml$l_long_defname_size +#define FAB_OR_NAML_FNA naml$l_long_filename +#define FAB_OR_NAML_FNS naml$l_long_filename_size +#define NAMX_ESA naml$l_long_expand +#define NAMX_ESL naml$l_long_expand_size +#define NAMX_ESS naml$l_long_expand_alloc +#define NAMX_NOP naml$b_nop +#define SET_NAMX_NO_SHORT_UPCASE(nam) nam.naml$v_no_short_upcase = 1 -# if __INITIAL_POINTER_SIZE == 64 -# define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \ - fab.fab$l_fna = (__char_ptr32) -1; -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \ - fab.fab$l_fna = (char *) -1; -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +#if __INITIAL_POINTER_SIZE == 64 +#define NAMX_DNA_FNA_SET(fab) \ + fab.fab$l_dna = (__char_ptr32) - 1; \ + fab.fab$l_fna = (__char_ptr32) - 1; +#else /* __INITIAL_POINTER_SIZE == 64 */ +#define NAMX_DNA_FNA_SET(fab) \ + fab.fab$l_dna = (char *)-1; \ + fab.fab$l_fna = (char *)-1; +#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ -# define NAMX_MAXRSS NAML$C_MAXRSS -# define NAMX_STRUCT NAML +#define NAMX_MAXRSS NAML$C_MAXRSS +#define NAMX_STRUCT NAML -#else /* def NAML$C_MAXRSS */ +#else /* def NAML$C_MAXRSS */ -# define CC_RMS_NAMX cc$rms_nam -# define FAB_NAMX fab$l_nam -# define FAB_OR_NAML( fab, naml) fab -# define FAB_OR_NAML_DNA fab$l_dna -# define FAB_OR_NAML_DNS fab$b_dns -# define FAB_OR_NAML_FNA fab$l_fna -# define FAB_OR_NAML_FNS fab$b_fns -# define NAMX_ESA nam$l_esa -# define NAMX_ESL nam$b_esl -# define NAMX_ESS nam$b_ess -# define NAMX_NOP nam$b_nop -# define NAMX_DNA_FNA_SET(fab) -# define NAMX_MAXRSS NAM$C_MAXRSS -# define NAMX_STRUCT NAM -# ifdef NAM$M_NO_SHORT_UPCASE -# define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1 -# else /* def NAM$M_NO_SHORT_UPCASE */ -# define SET_NAMX_NO_SHORT_UPCASE( nam) -# endif /* def NAM$M_NO_SHORT_UPCASE [else] */ +#define CC_RMS_NAMX cc$rms_nam +#define FAB_NAMX fab$l_nam +#define FAB_OR_NAML(fab, naml) fab +#define FAB_OR_NAML_DNA fab$l_dna +#define FAB_OR_NAML_DNS fab$b_dns +#define FAB_OR_NAML_FNA fab$l_fna +#define FAB_OR_NAML_FNS fab$b_fns +#define NAMX_ESA nam$l_esa +#define NAMX_ESL nam$b_esl +#define NAMX_ESS nam$b_ess +#define NAMX_NOP nam$b_nop +#define NAMX_DNA_FNA_SET(fab) +#define NAMX_MAXRSS NAM$C_MAXRSS +#define NAMX_STRUCT NAM +#ifdef NAM$M_NO_SHORT_UPCASE +#define SET_NAMX_NO_SHORT_UPCASE(nam) naml.naml$v_no_short_upcase = 1 +#else /* def NAM$M_NO_SHORT_UPCASE */ +#define SET_NAMX_NO_SHORT_UPCASE(nam) +#endif /* def NAM$M_NO_SHORT_UPCASE [else] */ -#endif /* def NAML$C_MAXRSS [else] */ +#endif /* def NAML$C_MAXRSS [else] */ --- crypto/openssl/crypto/whrlpool/wp_block.c.orig +++ crypto/openssl/crypto/whrlpool/wp_block.c @@ -55,27 +55,24 @@ typedef unsigned long long u64; #endif -#define ROUNDS 10 +#define ROUNDS 10 #define STRICT_ALIGNMENT -#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || \ - defined(_M_X64)) +#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) /* * Well, formally there're couple of other architectures, which permit * unaligned loads, specifically those not crossing cache lines, IA-64 and * PowerPC... */ -# undef STRICT_ALIGNMENT +#undef STRICT_ALIGNMENT #endif #ifndef STRICT_ALIGNMENT -# ifdef __GNUC__ +#ifdef __GNUC__ typedef u64 u64_a1 __attribute((__aligned__(1))); -# else +#else typedef u64 u64_a1; -# endif +#endif #endif #if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) @@ -86,70 +83,73 @@ #undef SMALL_REGISTER_BANK #if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define SMALL_REGISTER_BANK -# if defined(WHIRLPOOL_ASM) -# ifndef OPENSSL_SMALL_FOOTPRINT +#define SMALL_REGISTER_BANK +#if defined(WHIRLPOOL_ASM) +#ifndef OPENSSL_SMALL_FOOTPRINT /* * it appears that for elder non-MMX * CPUs this is actually faster! */ -# define OPENSSL_SMALL_FOOTPRINT -# endif -# define GO_FOR_MMX(ctx,inp,num) do { \ - void whirlpool_block_mmx(void *,const void *,size_t); \ - if (!(OPENSSL_ia32cap_P[0] & (1<<23))) break; \ - whirlpool_block_mmx(ctx->H.c,inp,num); return; \ - } while (0) -# endif +#define OPENSSL_SMALL_FOOTPRINT +#endif +#define GO_FOR_MMX(ctx, inp, num) \ + do { \ + void whirlpool_block_mmx(void *, const void *, size_t); \ + if (!(OPENSSL_ia32cap_P[0] & (1 << 23))) \ + break; \ + whirlpool_block_mmx(ctx->H.c, inp, num); \ + return; \ + } while (0) +#endif #endif #undef ROTATE #ifndef PEDANTIC -# if defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# include -# pragma intrinsic(_rotl64) -# define ROTATE(a,n) _rotl64((a),n) -# endif -# elif defined(__GNUC__) && __GNUC__>=2 -# if defined(__x86_64) || defined(__x86_64__) -# if defined(L_ENDIAN) -# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \ +#if defined(_MSC_VER) +#if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +#include +#pragma intrinsic(_rotl64) +#define ROTATE(a, n) _rotl64((a), n) +#endif +#elif defined(__GNUC__) && __GNUC__ >= 2 +#if defined(__x86_64) || defined(__x86_64__) +#if defined(L_ENDIAN) +#define ROTATE(a, n) ({ u64 ret; asm ("rolq %1,%0" \ : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) -# elif defined(B_ENDIAN) - /* - * Most will argue that x86_64 is always little-endian. Well, yes, but - * then we have stratus.com who has modified gcc to "emulate" - * big-endian on x86. Is there evidence that they [or somebody else] - * won't do same for x86_64? Naturally no. And this line is waiting - * ready for that brave soul:-) - */ -# define ROTATE(a,n) ({ u64 ret; asm ("rorq %1,%0" \ +#elif defined(B_ENDIAN) +/* + * Most will argue that x86_64 is always little-endian. Well, yes, but + * then we have stratus.com who has modified gcc to "emulate" + * big-endian on x86. Is there evidence that they [or somebody else] + * won't do same for x86_64? Naturally no. And this line is waiting + * ready for that brave soul:-) + */ +#define ROTATE(a, n) ({ u64 ret; asm ("rorq %1,%0" \ : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) -# endif -# elif defined(__ia64) || defined(__ia64__) -# if defined(L_ENDIAN) -# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ +#endif +#elif defined(__ia64) || defined(__ia64__) +#if defined(L_ENDIAN) +#define ROTATE(a, n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ : "=r"(ret) : "r"(a),"M"(64-(n))); ret; }) -# elif defined(B_ENDIAN) -# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ +#elif defined(B_ENDIAN) +#define ROTATE(a, n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ : "=r"(ret) : "r"(a),"M"(n)); ret; }) -# endif -# endif -# endif +#endif +#endif +#endif #endif #if defined(OPENSSL_SMALL_FOOTPRINT) -# if !defined(ROTATE) -# if defined(L_ENDIAN) /* little-endians have to rotate left */ -# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n)) -# elif defined(B_ENDIAN) /* big-endians have to rotate right */ -# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n)) -# endif -# endif -# if defined(ROTATE) && !defined(STRICT_ALIGNMENT) -# define STRICT_ALIGNMENT /* ensure smallest table size */ -# endif +#if !defined(ROTATE) +#if defined(L_ENDIAN) /* little-endians have to rotate left */ +#define ROTATE(i, n) ((i) << (n) ^ (i) >> (64 - n)) +#elif defined(B_ENDIAN) /* big-endians have to rotate right */ +#define ROTATE(i, n) ((i) >> (n) ^ (i) << (64 - n)) +#endif +#endif +#if defined(ROTATE) && !defined(STRICT_ALIGNMENT) +#define STRICT_ALIGNMENT /* ensure smallest table size */ +#endif #endif /* @@ -176,325 +176,322 @@ * Hand-coded assembler would be another alternative:-) */ #ifdef STRICT_ALIGNMENT -# if defined(ROTATE) -# define N 1 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7 -# define C0(K,i) (Cx.q[K.c[(i)*8+0]]) -# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8) -# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16) -# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24) -# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32) -# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40) -# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48) -# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56) -# else -# define N 8 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ - c7,c0,c1,c2,c3,c4,c5,c6, \ - c6,c7,c0,c1,c2,c3,c4,c5, \ - c5,c6,c7,c0,c1,c2,c3,c4, \ - c4,c5,c6,c7,c0,c1,c2,c3, \ - c3,c4,c5,c6,c7,c0,c1,c2, \ - c2,c3,c4,c5,c6,c7,c0,c1, \ - c1,c2,c3,c4,c5,c6,c7,c0 -# define C0(K,i) (Cx.q[0+8*K.c[(i)*8+0]]) -# define C1(K,i) (Cx.q[1+8*K.c[(i)*8+1]]) -# define C2(K,i) (Cx.q[2+8*K.c[(i)*8+2]]) -# define C3(K,i) (Cx.q[3+8*K.c[(i)*8+3]]) -# define C4(K,i) (Cx.q[4+8*K.c[(i)*8+4]]) -# define C5(K,i) (Cx.q[5+8*K.c[(i)*8+5]]) -# define C6(K,i) (Cx.q[6+8*K.c[(i)*8+6]]) -# define C7(K,i) (Cx.q[7+8*K.c[(i)*8+7]]) -# endif +#if defined(ROTATE) +#define N 1 +#define LL(c0, c1, c2, c3, c4, c5, c6, c7) c0, c1, c2, c3, c4, c5, c6, c7 +#define C0(K, i) (Cx.q[K.c[(i) * 8 + 0]]) +#define C1(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 1]], 8) +#define C2(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 2]], 16) +#define C3(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 3]], 24) +#define C4(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 4]], 32) +#define C5(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 5]], 40) +#define C6(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 6]], 48) +#define C7(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 7]], 56) +#else +#define N 8 +#define LL(c0, c1, c2, c3, c4, c5, c6, c7) c0, c1, c2, c3, c4, c5, c6, c7, \ + c7, c0, c1, c2, c3, c4, c5, c6, \ + c6, c7, c0, c1, c2, c3, c4, c5, \ + c5, c6, c7, c0, c1, c2, c3, c4, \ + c4, c5, c6, c7, c0, c1, c2, c3, \ + c3, c4, c5, c6, c7, c0, c1, c2, \ + c2, c3, c4, c5, c6, c7, c0, c1, \ + c1, c2, c3, c4, c5, c6, c7, c0 +#define C0(K, i) (Cx.q[0 + 8 * K.c[(i) * 8 + 0]]) +#define C1(K, i) (Cx.q[1 + 8 * K.c[(i) * 8 + 1]]) +#define C2(K, i) (Cx.q[2 + 8 * K.c[(i) * 8 + 2]]) +#define C3(K, i) (Cx.q[3 + 8 * K.c[(i) * 8 + 3]]) +#define C4(K, i) (Cx.q[4 + 8 * K.c[(i) * 8 + 4]]) +#define C5(K, i) (Cx.q[5 + 8 * K.c[(i) * 8 + 5]]) +#define C6(K, i) (Cx.q[6 + 8 * K.c[(i) * 8 + 6]]) +#define C7(K, i) (Cx.q[7 + 8 * K.c[(i) * 8 + 7]]) +#endif #else -# define N 2 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ - c0,c1,c2,c3,c4,c5,c6,c7 -# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) -# define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]]) -# define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]]) -# define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]]) -# define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]]) -# define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]]) -# define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]]) -# define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]]) +#define N 2 +#define LL(c0, c1, c2, c3, c4, c5, c6, c7) c0, c1, c2, c3, c4, c5, c6, c7, \ + c0, c1, c2, c3, c4, c5, c6, c7 +#define C0(K, i) (((u64 *)(Cx.c + 0))[2 * K.c[(i) * 8 + 0]]) +#define C1(K, i) (((u64_a1 *)(Cx.c + 7))[2 * K.c[(i) * 8 + 1]]) +#define C2(K, i) (((u64_a1 *)(Cx.c + 6))[2 * K.c[(i) * 8 + 2]]) +#define C3(K, i) (((u64_a1 *)(Cx.c + 5))[2 * K.c[(i) * 8 + 3]]) +#define C4(K, i) (((u64_a1 *)(Cx.c + 4))[2 * K.c[(i) * 8 + 4]]) +#define C5(K, i) (((u64_a1 *)(Cx.c + 3))[2 * K.c[(i) * 8 + 5]]) +#define C6(K, i) (((u64_a1 *)(Cx.c + 2))[2 * K.c[(i) * 8 + 6]]) +#define C7(K, i) (((u64_a1 *)(Cx.c + 1))[2 * K.c[(i) * 8 + 7]]) #endif -static const - union { +static const union { u8 c[(256 * N + ROUNDS) * sizeof(u64)]; u64 q[(256 * N + ROUNDS)]; } Cx = { - { - /* Note endian-neutral representation:-) */ - LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8), - LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26), - LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8), - LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb), - LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb), - LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11), - LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09), - LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d), - LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b), - LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff), - LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c), - LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e), - LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96), - LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30), - LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d), - LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8), - LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47), - LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35), - LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37), - LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a), - LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2), - LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c), - LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84), - LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80), - LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5), - LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3), - LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21), - LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c), - LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43), - LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29), - LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d), - LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5), - LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd), - LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8), - LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92), - LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e), - LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13), - LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23), - LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20), - LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44), - LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2), - LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf), - LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c), - LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a), - LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50), - LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9), - LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14), - LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9), - LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c), - LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f), - LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90), - LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07), - LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd), - LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3), - LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d), - LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78), - LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97), - LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02), - LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73), - LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7), - LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6), - LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2), - LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49), - LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56), - LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70), - LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd), - LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb), - LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71), - LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b), - LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf), - LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45), - LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a), - LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4), - LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58), - LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e), - LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f), - LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac), - LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0), - LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef), - LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6), - LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c), - LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12), - LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93), - LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde), - LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6), - LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1), - LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b), - LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f), - LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31), - LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8), - LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9), - LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc), - LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e), - LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b), - LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf), - LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59), - LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2), - LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77), - LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33), - LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4), - LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27), - LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb), - LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89), - LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32), - LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54), - LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d), - LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64), - LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d), - LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d), - LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f), - LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca), - LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7), - LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d), - LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce), - LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f), - LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f), - LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63), - LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a), - LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc), - LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82), - LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a), - LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48), - LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95), - LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf), - LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d), - LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0), - LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91), - LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8), - LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b), - LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9), - LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e), - LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1), - LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6), - LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28), - LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3), - LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74), - LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe), - LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d), - LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea), - LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57), - LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38), - LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad), - LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4), - LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda), - LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7), - LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb), - LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9), - LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a), - LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03), - LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a), - LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e), - LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60), - LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc), - LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46), - LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f), - LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76), - LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa), - LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36), - LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae), - LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b), - LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85), - LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e), - LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7), - LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55), - LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a), - LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81), - LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52), - LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62), - LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3), - LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10), - LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab), - LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0), - LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5), - LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec), - LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16), - LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94), - LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f), - LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5), - LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98), - LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17), - LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4), - LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1), - LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e), - LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42), - LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34), - LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08), - LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee), - LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61), - LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1), - LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f), - LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24), - LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3), - LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25), - LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22), - LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65), - LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79), - LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69), - LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9), - LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19), - LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe), - LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a), - LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0), - LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99), - LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83), - LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04), - LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66), - LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0), - LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1), - LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd), - LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40), - LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c), - LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18), - LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b), - LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51), - LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05), - LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c), - LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39), - LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa), - LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b), - LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc), - LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e), - LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0), - LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88), - LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67), - LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a), - LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87), - LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1), - LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72), - LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53), - LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01), - LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b), - LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4), - LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3), - LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15), - LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c), - LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5), - LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5), - LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4), - LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba), - LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6), - LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7), - LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06), - LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41), - LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7), - LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f), - LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e), - LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6), - LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2), - LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68), - LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c), - LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed), - LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75), - LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86), - LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b), - LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2), -#define RC (&(Cx.q[256*N])) - 0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f, - /* rc[ROUNDS] */ - 0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b, - 0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b, - 0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58, - 0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4, - 0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95, - 0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d, - 0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33 - } - }; + { /* Note endian-neutral representation:-) */ + LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8), + LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26), + LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8), + LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb), + LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb), + LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11), + LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09), + LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d), + LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b), + LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff), + LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c), + LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e), + LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96), + LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30), + LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d), + LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8), + LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47), + LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35), + LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37), + LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a), + LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2), + LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c), + LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84), + LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80), + LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5), + LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3), + LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21), + LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c), + LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43), + LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29), + LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d), + LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5), + LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd), + LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8), + LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92), + LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e), + LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13), + LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23), + LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20), + LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44), + LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2), + LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf), + LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c), + LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a), + LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50), + LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9), + LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14), + LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9), + LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c), + LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f), + LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90), + LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07), + LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd), + LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3), + LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d), + LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78), + LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97), + LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02), + LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73), + LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7), + LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6), + LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2), + LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49), + LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56), + LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70), + LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd), + LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb), + LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71), + LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b), + LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf), + LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45), + LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a), + LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4), + LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58), + LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e), + LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f), + LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac), + LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0), + LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef), + LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6), + LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c), + LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12), + LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93), + LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde), + LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6), + LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1), + LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b), + LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f), + LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31), + LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8), + LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9), + LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc), + LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e), + LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b), + LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf), + LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59), + LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2), + LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77), + LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33), + LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4), + LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27), + LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb), + LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89), + LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32), + LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54), + LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d), + LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64), + LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d), + LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d), + LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f), + LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca), + LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7), + LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d), + LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce), + LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f), + LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f), + LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63), + LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a), + LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc), + LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82), + LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a), + LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48), + LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95), + LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf), + LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d), + LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0), + LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91), + LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8), + LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b), + LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9), + LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e), + LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1), + LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6), + LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28), + LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3), + LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74), + LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe), + LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d), + LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea), + LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57), + LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38), + LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad), + LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4), + LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda), + LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7), + LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb), + LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9), + LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a), + LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03), + LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a), + LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e), + LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60), + LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc), + LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46), + LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f), + LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76), + LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa), + LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36), + LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae), + LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b), + LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85), + LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e), + LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7), + LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55), + LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a), + LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81), + LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52), + LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62), + LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3), + LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10), + LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab), + LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0), + LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5), + LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec), + LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16), + LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94), + LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f), + LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5), + LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98), + LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17), + LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4), + LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1), + LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e), + LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42), + LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34), + LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08), + LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee), + LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61), + LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1), + LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f), + LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24), + LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3), + LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25), + LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22), + LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65), + LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79), + LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69), + LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9), + LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19), + LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe), + LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a), + LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0), + LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99), + LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83), + LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04), + LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66), + LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0), + LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1), + LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd), + LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40), + LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c), + LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18), + LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b), + LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51), + LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05), + LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c), + LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39), + LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa), + LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b), + LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc), + LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e), + LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0), + LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88), + LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67), + LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a), + LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87), + LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1), + LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72), + LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53), + LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01), + LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b), + LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4), + LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3), + LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15), + LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c), + LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5), + LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5), + LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4), + LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba), + LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6), + LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7), + LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06), + LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41), + LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7), + LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f), + LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e), + LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6), + LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2), + LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68), + LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c), + LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed), + LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75), + LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86), + LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b), + LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2), +#define RC (&(Cx.q[256 * N])) + 0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f, + /* rc[ROUNDS] */ + 0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b, + 0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b, + 0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58, + 0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4, + 0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95, + 0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d, + 0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33 } +}; void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) { @@ -518,17 +515,11 @@ for (r = 0; r < ROUNDS; r++) { for (i = 0; i < 8; i++) { L[i] = i ? 0 : RC[r]; - L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^ - C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^ - C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^ - C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7); + L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^ C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^ C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^ C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7); } memcpy(K.q, L, 64); for (i = 0; i < 8; i++) { - L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^ - C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^ - C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^ - C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7); + L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^ C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^ C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^ C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7); } memcpy(S.q, L, 64); } @@ -537,7 +528,7 @@ #else u64 L0, L1, L2, L3, L4, L5, L6, L7; -# ifdef STRICT_ALIGNMENT +#ifdef STRICT_ALIGNMENT if ((size_t)p & 7) { memcpy(S.c, p, 64); S.q[0] ^= (K.q[0] = H->q[0]); @@ -549,7 +540,7 @@ S.q[6] ^= (K.q[6] = H->q[6]); S.q[7] ^= (K.q[7] = H->q[7]); } else -# endif +#endif { const u64_aX *pa = (const u64_aX *)p; S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; @@ -563,23 +554,15 @@ } for (r = 0; r < ROUNDS; r++) { -# ifdef SMALL_REGISTER_BANK - L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^ - C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r]; - L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^ - C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2); - L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^ - C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3); - L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^ - C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4); - L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^ - C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5); - L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^ - C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6); - L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^ - C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7); - L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^ - C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0); +#ifdef SMALL_REGISTER_BANK + L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^ C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r]; + L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^ C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2); + L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^ C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3); + L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^ C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4); + L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^ C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5); + L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^ C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6); + L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^ C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7); + L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^ C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0); K.q[0] = L0; K.q[1] = L1; @@ -590,22 +573,14 @@ K.q[6] = L6; K.q[7] = L7; - L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^ - C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1); - L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^ - C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2); - L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^ - C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3); - L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^ - C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4); - L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^ - C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5); - L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^ - C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6); - L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^ - C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7); - L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^ - C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0); + L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^ C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1); + L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^ C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2); + L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^ C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3); + L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^ C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4); + L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^ C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5); + L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^ C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6); + L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^ C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7); + L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^ C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0); S.q[0] = L0; S.q[1] = L1; @@ -615,7 +590,7 @@ S.q[5] = L5; S.q[6] = L6; S.q[7] = L7; -# else +#else L0 = C0(K, 0); L1 = C1(K, 0); L2 = C2(K, 0); @@ -778,16 +753,16 @@ S.q[5] = L5; S.q[6] = L6; S.q[7] = L7; -# endif +#endif } -# ifdef STRICT_ALIGNMENT +#ifdef STRICT_ALIGNMENT if ((size_t)p & 7) { int i; for (i = 0; i < 64; i++) H->c[i] ^= S.c[i] ^ p[i]; } else -# endif +#endif { const u64_aX *pa = (const u64_aX *)p; H->q[0] ^= S.q[0] ^ pa[0]; --- crypto/openssl/crypto/whrlpool/wp_dgst.c.orig +++ crypto/openssl/crypto/whrlpool/wp_dgst.c @@ -93,7 +93,7 @@ { size_t n; unsigned int bitoff = c->bitoff, - bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7; + bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7; const unsigned char *inp = _inp; /* @@ -102,15 +102,15 @@ * to detect overflows. */ c->bitlen[0] += bits; - if (c->bitlen[0] < bits) { /* overflow */ + if (c->bitlen[0] < bits) { /* overflow */ n = 1; do { c->bitlen[n]++; } while (c->bitlen[n] == 0 - && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t))); + && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t))); } #ifndef OPENSSL_SMALL_FOOTPRINT - reconsider: +reconsider: if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */ while (bits) { if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) { @@ -136,7 +136,7 @@ c->bitoff = bitoff; } } - } else /* bit-oriented loop */ + } else /* bit-oriented loop */ #endif { /*- @@ -160,9 +160,9 @@ c->data[byteoff++] |= inp[0] & (0xff >> inpgap); inpgap = 8 - inpgap; bitoff += inpgap; - bitrem = 0; /* bitoff%8 */ + bitrem = 0; /* bitoff%8 */ bits -= inpgap; - inpgap = 0; /* bits%8 */ + inpgap = 0; /* bits%8 */ inp++; if (bitoff == WHIRLPOOL_BBLOCK) { whirlpool_block(c, c->data, 1); @@ -172,7 +172,7 @@ goto reconsider; } else #endif - if (bits > 8) { + if (bits > 8) { b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap))); b &= 0xff; if (bitrem) @@ -189,7 +189,7 @@ } if (bitrem) c->data[byteoff] = b << (8 - bitrem); - } else { /* remaining less than or equal to 8 bits */ + } else { /* remaining less than or equal to 8 bits */ b = (inp[0] << inpgap) & 0xff; if (bitrem) @@ -233,7 +233,7 @@ } if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) memset(&c->data[byteoff], 0, - (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff); + (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff); /* smash 256-bit c->bitlen in big-endian order */ p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */ for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++) --- crypto/openssl/crypto/x509/by_dir.c.orig +++ crypto/openssl/crypto/x509/by_dir.c @@ -7,13 +7,13 @@ * https://www.openssl.org/source/license.html */ -#if defined (__TANDEM) && defined (_SPT_MODEL_) - /* - * These definitions have to come first in SPT due to scoping of the - * declarations in c99 associated with SPT use of stat. - */ -# include -# include +#if defined(__TANDEM) && defined(_SPT_MODEL_) +/* + * These definitions have to come first in SPT due to scoping of the + * declarations in c99 associated with SPT use of stat. + */ +#include +#include #endif #include "e_os.h" @@ -24,7 +24,7 @@ #include #ifndef OPENSSL_NO_POSIX_IO -# include +#include #endif #include @@ -49,29 +49,29 @@ } BY_DIR; static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, - char **retp); + char **retp); static int new_dir(X509_LOOKUP *lu); static void free_dir(X509_LOOKUP *lu); static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq); + const X509_NAME *name, X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, const char *propq); static X509_LOOKUP_METHOD x509_dir_lookup = { "Load certs from files in a directory", - new_dir, /* new_item */ - free_dir, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - dir_ctrl, /* ctrl */ - get_cert_by_subject, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ - get_cert_by_subject_ex, /* get_by_subject_ex */ - NULL, /* ctrl_ex */ + new_dir, /* new_item */ + free_dir, /* free */ + NULL, /* init */ + NULL, /* shutdown */ + dir_ctrl, /* ctrl */ + get_cert_by_subject, /* get_by_subject */ + NULL, /* get_by_issuer_serial */ + NULL, /* get_by_fingerprint */ + NULL, /* get_by_alias */ + get_cert_by_subject_ex, /* get_by_subject_ex */ + NULL, /* ctrl_ex */ }; X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) @@ -80,7 +80,7 @@ } static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, - char **retp) + char **retp) { int ret = 0; BY_DIR *ld = (BY_DIR *)ctx->method_data; @@ -94,7 +94,7 @@ ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); else ret = add_cert_dir(ld, X509_get_default_cert_dir(), - X509_FILETYPE_PEM); + X509_FILETYPE_PEM); if (!ret) { ERR_raise(ERR_LIB_X509, X509_R_LOADING_CERT_DIR); } @@ -128,7 +128,7 @@ lu->method_data = a; return 1; - err: +err: OPENSSL_free(a); return 0; } @@ -139,7 +139,7 @@ } static int by_dir_hash_cmp(const BY_DIR_HASH *const *a, - const BY_DIR_HASH *const *b) + const BY_DIR_HASH *const *b) { if ((*a)->hash > (*b)->hash) return 1; @@ -224,8 +224,8 @@ } static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) + const X509_NAME *name, X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, const char *propq) { BY_DIR *ctx; union { @@ -315,17 +315,17 @@ * should be added. */ BIO_snprintf(b->data, b->max, - "%s%08lx.%s%d", ent->dir, h, postfix, k); + "%s%08lx.%s%d", ent->dir, h, postfix, k); } else #endif { BIO_snprintf(b->data, b->max, - "%s%c%08lx.%s%d", ent->dir, c, h, postfix, k); + "%s%c%08lx.%s%d", ent->dir, c, h, postfix, k); } #ifndef OPENSSL_NO_POSIX_IO -# ifdef _WIN32 -# define stat _stat -# endif +#ifdef _WIN32 +#define stat _stat +#endif { struct stat st; if (stat(b->data, &st) < 0) @@ -335,7 +335,8 @@ /* found one. */ if (type == X509_LU_X509) { if ((X509_load_cert_file_ex(xl, b->data, ent->dir_type, libctx, - propq)) == 0) + propq)) + == 0) break; } else if (type == X509_LU_CRL) { if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0) @@ -400,7 +401,6 @@ } CRYPTO_THREAD_unlock(ctx->lock); - } if (tmp != NULL) { @@ -417,13 +417,13 @@ goto finish; } } - finish: +finish: BUF_MEM_free(b); return ok; } static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) + const X509_NAME *name, X509_OBJECT *ret) { return get_cert_by_subject_ex(xl, type, name, ret, NULL, NULL); } --- crypto/openssl/crypto/x509/by_file.c.orig +++ crypto/openssl/crypto/x509/by_file.c @@ -18,25 +18,24 @@ #include "x509_local.h" static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); + long argl, char **ret); static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret, OSSL_LIB_CTX *libctx, - const char *propq); - + long argl, char **ret, OSSL_LIB_CTX *libctx, + const char *propq); static X509_LOOKUP_METHOD x509_file_lookup = { "Load file into cache", - NULL, /* new_item */ - NULL, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - by_file_ctrl, /* ctrl */ - NULL, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ - NULL, /* get_by_subject_ex */ - by_file_ctrl_ex, /* ctrl_ex */ + NULL, /* new_item */ + NULL, /* free */ + NULL, /* init */ + NULL, /* shutdown */ + by_file_ctrl, /* ctrl */ + NULL, /* get_by_subject */ + NULL, /* get_by_issuer_serial */ + NULL, /* get_by_fingerprint */ + NULL, /* get_by_alias */ + NULL, /* get_by_subject_ex */ + by_file_ctrl_ex, /* ctrl_ex */ }; X509_LOOKUP_METHOD *X509_LOOKUP_file(void) @@ -45,8 +44,8 @@ } static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, - long argl, char **ret, OSSL_LIB_CTX *libctx, - const char *propq) + long argl, char **ret, OSSL_LIB_CTX *libctx, + const char *propq) { int ok = 0; const char *file; @@ -57,12 +56,14 @@ file = ossl_safe_getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file_ex(ctx, file, X509_FILETYPE_PEM, - libctx, propq) != 0); + libctx, propq) + != 0); else ok = (X509_load_cert_crl_file_ex( - ctx, X509_get_default_cert_file(), - X509_FILETYPE_PEM, libctx, propq) != 0); + ctx, X509_get_default_cert_file(), + X509_FILETYPE_PEM, libctx, propq) + != 0); if (!ok) { ERR_raise(ERR_LIB_X509, X509_R_LOADING_DEFAULTS); @@ -70,10 +71,12 @@ } else { if (argl == X509_FILETYPE_PEM) ok = (X509_load_cert_crl_file_ex(ctx, argp, X509_FILETYPE_PEM, - libctx, propq) != 0); + libctx, propq) + != 0); else ok = (X509_load_cert_file_ex(ctx, argp, (int)argl, libctx, - propq) != 0); + propq) + != 0); } break; } @@ -81,13 +84,13 @@ } static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, - const char *argp, long argl, char **ret) + const char *argp, long argl, char **ret) { return by_file_ctrl_ex(ctx, cmd, argp, argl, ret, NULL, NULL); } int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { int ret = 0; BIO *in = NULL; @@ -115,8 +118,7 @@ for (;;) { ERR_set_mark(); if (PEM_read_bio_X509_AUX(in, &x, NULL, "") == NULL) { - if ((ERR_GET_REASON(ERR_peek_last_error()) == - PEM_R_NO_START_LINE) && (count > 0)) { + if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_pop_to_mark(); break; } else { @@ -145,7 +147,7 @@ } if (ret == 0) ERR_raise(ERR_LIB_X509, X509_R_NO_CERTIFICATE_FOUND); - err: +err: X509_free(x); BIO_free(in); return ret; @@ -174,8 +176,7 @@ for (;;) { x = PEM_read_bio_X509_CRL(in, NULL, NULL, ""); if (x == NULL) { - if ((ERR_GET_REASON(ERR_peek_last_error()) == - PEM_R_NO_START_LINE) && (count > 0)) { + if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); break; } else { @@ -207,14 +208,14 @@ } if (ret == 0) ERR_raise(ERR_LIB_X509, X509_R_NO_CRL_FOUND); - err: +err: X509_CRL_free(x); BIO_free(in); return ret; } int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { STACK_OF(X509_INFO) *inf; X509_INFO *itmp; @@ -249,7 +250,7 @@ } if (count == 0) ERR_raise(ERR_LIB_X509, X509_R_NO_CERTIFICATE_OR_CRL_FOUND); - err: +err: sk_X509_INFO_pop_free(inf, X509_INFO_free); return count; } @@ -258,4 +259,3 @@ { return X509_load_cert_crl_file_ex(ctx, file, type, NULL, NULL); } - --- crypto/openssl/crypto/x509/by_store.c.orig +++ crypto/openssl/crypto/x509/by_store.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,22 +7,31 @@ * https://www.openssl.org/source/license.html */ +#include #include #include "internal/cryptlib.h" #include "crypto/x509.h" #include "x509_local.h" +typedef struct cached_store_st { + char *uri; + OSSL_LIB_CTX *libctx; + char *propq; +} CACHED_STORE; + +DEFINE_STACK_OF(CACHED_STORE) + /* Generic object loader, given expected type and criterion */ -static int cache_objects(X509_LOOKUP *lctx, const char *uri, - const OSSL_STORE_SEARCH *criterion, - int depth, OSSL_LIB_CTX *libctx, const char *propq) +static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store, + const OSSL_STORE_SEARCH *criterion, int depth) { int ok = 0; - OSSL_STORE_CTX *ctx = NULL; + OSSL_STORE_CTX *ctx; X509_STORE *xstore = X509_LOOKUP_get_store(lctx); - if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL, - NULL, NULL)) == NULL) + if ((ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq, + NULL, NULL, NULL, NULL, NULL)) + == NULL) return 0; /* @@ -62,9 +71,14 @@ * This is an entry in the "directory" represented by the current * uri. if |depth| allows, dive into it. */ - if (depth > 0) - ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info), - criterion, depth - 1, libctx, propq); + if (depth > 0) { + CACHED_STORE substore; + + substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info); + substore.libctx = store->libctx; + substore.propq = store->propq; + ok = cache_objects(lctx, &substore, criterion, depth - 1); + } } else { /* * We know that X509_STORE_add_{cert|crl} increments the object's @@ -74,11 +88,11 @@ switch (infotype) { case OSSL_STORE_INFO_CERT: ok = X509_STORE_add_cert(xstore, - OSSL_STORE_INFO_get0_CERT(info)); + OSSL_STORE_INFO_get0_CERT(info)); break; case OSSL_STORE_INFO_CRL: ok = X509_STORE_add_crl(xstore, - OSSL_STORE_INFO_get0_CRL(info)); + OSSL_STORE_INFO_get0_CRL(info)); break; } } @@ -92,23 +106,31 @@ return ok; } - -/* Because OPENSSL_free is a macro and for C type match */ -static void free_uri(OPENSSL_STRING data) +static void free_store(CACHED_STORE *store) { - OPENSSL_free(data); + if (store != NULL) { + OPENSSL_free(store->uri); + OPENSSL_free(store->propq); + OPENSSL_free(store); + } } static void by_store_free(X509_LOOKUP *ctx) { - STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); - sk_OPENSSL_STRING_pop_free(uris, free_uri); + STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); + sk_CACHED_STORE_pop_free(stores, free_store); } static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, - long argl, char **retp, OSSL_LIB_CTX *libctx, - const char *propq) + long argl, char **retp, OSSL_LIB_CTX *libctx, + const char *propq) { + /* + * In some cases below, failing to use the defaults shouldn't result in + * an error. |use_default| is used as the return code in those cases. + */ + int use_default = argp == NULL; + switch (cmd) { case X509_L_ADD_STORE: /* If no URI is given, use the default cert dir as default URI */ @@ -118,43 +140,77 @@ argp = X509_get_default_cert_dir(); { - STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); - char *data = OPENSSL_strdup(argp); + STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); + CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store)); + OSSL_STORE_CTX *sctx; - if (data == NULL) { + if (store == NULL) { return 0; } - if (uris == NULL) { - uris = sk_OPENSSL_STRING_new_null(); - X509_LOOKUP_set_method_data(ctx, uris); + + store->uri = OPENSSL_strdup(argp); + store->libctx = libctx; + if (propq != NULL) + store->propq = OPENSSL_strdup(propq); + /* + * We open this to check for errors now - so we can report those + * errors early. + */ + sctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL, + NULL, NULL, NULL); + if (sctx == NULL + || (propq != NULL && store->propq == NULL) + || store->uri == NULL) { + OSSL_STORE_close(sctx); + free_store(store); + return use_default; + } + OSSL_STORE_close(sctx); + + if (stores == NULL) { + stores = sk_CACHED_STORE_new_null(); + if (stores != NULL) + X509_LOOKUP_set_method_data(ctx, stores); + } + if (stores == NULL || sk_CACHED_STORE_push(stores, store) <= 0) { + free_store(store); + return 0; } - return sk_OPENSSL_STRING_push(uris, data) > 0; + return 1; } - case X509_L_LOAD_STORE: + case X509_L_LOAD_STORE: { /* This is a shortcut for quick loading of specific containers */ - return cache_objects(ctx, argp, NULL, 0, libctx, propq); + CACHED_STORE store; + + store.uri = (char *)argp; + store.libctx = libctx; + store.propq = (char *)propq; + return cache_objects(ctx, &store, NULL, 0); + } + default: + /* Unsupported command */ + return 0; } return 0; } static int by_store_ctrl(X509_LOOKUP *ctx, int cmd, - const char *argp, long argl, char **retp) + const char *argp, long argl, char **retp) { return by_store_ctrl_ex(ctx, cmd, argp, argl, retp, NULL, NULL); } static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) + const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret) { - STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); + STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); int i; int ok = 0; - for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) { - ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion, - 1 /* depth */, libctx, propq); + for (i = 0; i < sk_CACHED_STORE_num(stores); i++) { + ok = cache_objects(ctx, sk_CACHED_STORE_value(stores, i), criterion, + 1 /* depth */); if (ok) break; @@ -162,21 +218,24 @@ return ok; } -static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) +static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret) { - OSSL_STORE_SEARCH *criterion = - OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */ - int ok = by_store(ctx, type, criterion, ret, libctx, propq); - STACK_OF(X509_OBJECT) *store_objects = - X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx)); + OSSL_STORE_SEARCH *criterion = OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */ + int ok = by_store(ctx, type, criterion, ret); + STACK_OF(X509_OBJECT) *store_objects = X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx)); X509_OBJECT *tmp = NULL; OSSL_STORE_SEARCH_free(criterion); - if (ok) + if (ok) { + X509_STORE *store = X509_LOOKUP_get_store(ctx); + + if (!X509_STORE_lock(store)) + return 0; tmp = X509_OBJECT_retrieve_by_subject(store_objects, type, name); + X509_STORE_unlock(store); + } ok = 0; if (tmp != NULL) { @@ -216,12 +275,6 @@ return ok; } -static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) -{ - return by_store_subject_ex(ctx, type, name, ret, NULL, NULL); -} - /* * We lack the implementations for get_by_issuer_serial, get_by_fingerprint * and get_by_alias. There's simply not enough support in the X509_LOOKUP @@ -230,16 +283,16 @@ static X509_LOOKUP_METHOD x509_store_lookup = { "Load certs from STORE URIs", - NULL, /* new_item */ - by_store_free, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - by_store_ctrl, /* ctrl */ - by_store_subject, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ - by_store_subject_ex, + NULL, /* new_item */ + by_store_free, /* free */ + NULL, /* init */ + NULL, /* shutdown */ + by_store_ctrl, /* ctrl */ + by_store_subject, /* get_by_subject */ + NULL, /* get_by_issuer_serial */ + NULL, /* get_by_fingerprint */ + NULL, /* get_by_alias */ + NULL, /* get_by_subject_ex */ by_store_ctrl_ex }; --- crypto/openssl/crypto/x509/pcy_cache.c.orig +++ crypto/openssl/crypto/x509/pcy_cache.c @@ -15,7 +15,7 @@ #include "pcy_local.h" static int policy_data_cmp(const X509_POLICY_DATA *const *a, - const X509_POLICY_DATA *const *b); + const X509_POLICY_DATA *const *b); static int policy_cache_set_int(long *out, ASN1_INTEGER *value); /* @@ -24,7 +24,7 @@ */ static int policy_cache_create(X509 *x, - CERTIFICATEPOLICIES *policies, int crit) + CERTIFICATEPOLICIES *policies, int crit) { int i, num, ret = 0; X509_POLICY_CACHE *cache = x->policy_cache; @@ -54,7 +54,7 @@ goto bad_policy; } cache->anyPolicy = data; - } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) { + } else if (sk_X509_POLICY_DATA_find(cache->data, data) >= 0) { ret = -1; goto bad_policy; } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) { @@ -65,11 +65,11 @@ } ret = 1; - bad_policy: +bad_policy: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; ossl_policy_data_free(data); - just_cleanup: +just_cleanup: sk_POLICYINFO_pop_free(policies, POLICYINFO_free); if (ret <= 0) { sk_X509_POLICY_DATA_pop_free(cache->data, ossl_policy_data_free); @@ -116,10 +116,10 @@ && !ext_pcons->inhibitPolicyMapping) goto bad_cache; if (!policy_cache_set_int(&cache->explicit_skip, - ext_pcons->requireExplicitPolicy)) + ext_pcons->requireExplicitPolicy)) goto bad_cache; if (!policy_cache_set_int(&cache->map_skip, - ext_pcons->inhibitPolicyMapping)) + ext_pcons->inhibitPolicyMapping)) goto bad_cache; } @@ -165,14 +165,13 @@ goto bad_cache; goto just_cleanup; - bad_cache: +bad_cache: x->ex_flags |= EXFLAG_INVALID_POLICY; - just_cleanup: +just_cleanup: POLICY_CONSTRAINTS_free(ext_pcons); ASN1_INTEGER_free(ext_any); return 1; - } void ossl_policy_cache_free(X509_POLICY_CACHE *cache) @@ -195,11 +194,10 @@ } return x->policy_cache; - } X509_POLICY_DATA *ossl_policy_cache_find_data(const X509_POLICY_CACHE *cache, - const ASN1_OBJECT *id) + const ASN1_OBJECT *id) { int idx; X509_POLICY_DATA tmp; @@ -209,7 +207,7 @@ } static int policy_data_cmp(const X509_POLICY_DATA *const *a, - const X509_POLICY_DATA *const *b) + const X509_POLICY_DATA *const *b) { return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); } --- crypto/openssl/crypto/x509/pcy_data.c.orig +++ crypto/openssl/crypto/x509/pcy_data.c @@ -36,7 +36,7 @@ */ X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy, - const ASN1_OBJECT *cid, int crit) + const ASN1_OBJECT *cid, int crit) { X509_POLICY_DATA *ret; ASN1_OBJECT *id; --- crypto/openssl/crypto/x509/pcy_lib.c.orig +++ crypto/openssl/crypto/x509/pcy_lib.c @@ -25,25 +25,23 @@ } X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, - int i) + int i) { if (!tree || (i < 0) || (i >= tree->nlevel)) return NULL; return tree->levels + i; } -STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const - X509_POLICY_TREE - *tree) +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const X509_POLICY_TREE + *tree) { if (!tree) return NULL; return tree->auth_policies; } -STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const - X509_POLICY_TREE - *tree) +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const X509_POLICY_TREE + *tree) { if (!tree) return NULL; @@ -90,9 +88,8 @@ return node->data->valid_policy; } -STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const - X509_POLICY_NODE - *node) +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE + *node) { if (!node) return NULL; @@ -100,7 +97,7 @@ } const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE - *node) + *node) { if (!node) return NULL; --- crypto/openssl/crypto/x509/pcy_local.h.orig +++ crypto/openssl/crypto/x509/pcy_local.h @@ -35,30 +35,30 @@ * extension. If policy mapping is not active its references get deleted. */ -#define POLICY_DATA_FLAG_MAPPED 0x1 +#define POLICY_DATA_FLAG_MAPPED 0x1 /* * This flag indicates the data doesn't correspond to a policy in Certificate * Policies: it has been mapped to any policy. */ -#define POLICY_DATA_FLAG_MAPPED_ANY 0x2 +#define POLICY_DATA_FLAG_MAPPED_ANY 0x2 /* AND with flags to see if any mapping has occurred */ -#define POLICY_DATA_FLAG_MAP_MASK 0x3 +#define POLICY_DATA_FLAG_MAP_MASK 0x3 /* qualifiers are shared and shouldn't be freed */ -#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 +#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 /* Parent node is an extra node and should be freed */ -#define POLICY_DATA_FLAG_EXTRA_NODE 0x8 +#define POLICY_DATA_FLAG_EXTRA_NODE 0x8 /* Corresponding CertificatePolicies is critical */ -#define POLICY_DATA_FLAG_CRITICAL 0x10 +#define POLICY_DATA_FLAG_CRITICAL 0x10 /* This structure is cached with a certificate */ @@ -131,7 +131,7 @@ }; /* Set if anyPolicy present in user policies */ -#define POLICY_FLAG_ANY_POLICY 0x2 +#define POLICY_FLAG_ANY_POLICY 0x2 /* Useful macros */ @@ -141,11 +141,11 @@ /* Internal functions */ X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, - int crit); + int crit); void ossl_policy_data_free(X509_POLICY_DATA *data); X509_POLICY_DATA *ossl_policy_cache_find_data(const X509_POLICY_CACHE *cache, - const ASN1_OBJECT *id); + const ASN1_OBJECT *id); int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void); @@ -153,19 +153,19 @@ void ossl_policy_cache_free(X509_POLICY_CACHE *cache); X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, - const X509_POLICY_NODE *parent, - const ASN1_OBJECT *id); + const X509_POLICY_NODE *parent, + const ASN1_OBJECT *id); X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, - const ASN1_OBJECT *id); + const ASN1_OBJECT *id); X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree, - int extra_data); + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree, + int extra_data); void ossl_policy_node_free(X509_POLICY_NODE *node); int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, - const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); const X509_POLICY_CACHE *ossl_policy_cache_set(X509 *x); --- crypto/openssl/crypto/x509/pcy_map.c.orig +++ crypto/openssl/crypto/x509/pcy_map.c @@ -48,8 +48,8 @@ /* Create a NODE from anyPolicy */ if (data == NULL) { data = ossl_policy_data_new(NULL, map->issuerDomainPolicy, - cache->anyPolicy->flags - & POLICY_DATA_FLAG_CRITICAL); + cache->anyPolicy->flags + & POLICY_DATA_FLAG_CRITICAL); if (data == NULL) goto bad_mapping; data->qualifier_set = cache->anyPolicy->qualifier_set; @@ -65,15 +65,13 @@ } else data->flags |= POLICY_DATA_FLAG_MAPPED; if (!sk_ASN1_OBJECT_push(data->expected_policy_set, - map->subjectDomainPolicy)) + map->subjectDomainPolicy)) goto bad_mapping; map->subjectDomainPolicy = NULL; - } ret = 1; - bad_mapping: +bad_mapping: sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); return ret; - } --- crypto/openssl/crypto/x509/pcy_node.c.orig +++ crypto/openssl/crypto/x509/pcy_node.c @@ -15,7 +15,7 @@ #include "pcy_local.h" static int node_cmp(const X509_POLICY_NODE *const *a, - const X509_POLICY_NODE *const *b) + const X509_POLICY_NODE *const *b) { return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); } @@ -26,7 +26,7 @@ } X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, - const ASN1_OBJECT *id) + const ASN1_OBJECT *id) { X509_POLICY_DATA n; X509_POLICY_NODE l; @@ -37,12 +37,11 @@ idx = sk_X509_POLICY_NODE_find(nodes, &l); return sk_X509_POLICY_NODE_value(nodes, idx); - } X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, - const X509_POLICY_NODE *parent, - const ASN1_OBJECT *id) + const X509_POLICY_NODE *parent, + const ASN1_OBJECT *id) { X509_POLICY_NODE *node; int i; @@ -57,10 +56,10 @@ } X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree, - int extra_data) + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree, + int extra_data) { X509_POLICY_NODE *node; @@ -98,7 +97,7 @@ if (extra_data) { if (tree->extra_data == NULL) tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL){ + if (tree->extra_data == NULL) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto extra_data_error; } @@ -114,15 +113,15 @@ return node; - extra_data_error: +extra_data_error: if (level != NULL) { if (level->anyPolicy == node) level->anyPolicy = NULL; else - (void) sk_X509_POLICY_NODE_pop(level->nodes); + (void)sk_X509_POLICY_NODE_pop(level->nodes); } - node_error: +node_error: ossl_policy_node_free(node); return NULL; } @@ -138,7 +137,7 @@ */ int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, - const X509_POLICY_NODE *node, const ASN1_OBJECT *oid) + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid) { int i; ASN1_OBJECT *policy_oid; @@ -157,5 +156,4 @@ return 1; } return 0; - } --- crypto/openssl/crypto/x509/pcy_tree.c.orig +++ crypto/openssl/crypto/x509/pcy_tree.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,14 +22,14 @@ * door on CVE-2023-0464. */ #ifndef OPENSSL_POLICY_TREE_NODES_MAX -# define OPENSSL_POLICY_TREE_NODES_MAX 1000 +#define OPENSSL_POLICY_TREE_NODES_MAX 1000 #endif static void exnode_free(X509_POLICY_NODE *node); static void expected_print(BIO *channel, - X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, - int indent) + X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, + int indent) { if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) || !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK)) @@ -51,8 +51,8 @@ } static void tree_print(BIO *channel, - char *str, X509_POLICY_TREE *tree, - X509_POLICY_LEVEL *curr) + char *str, X509_POLICY_TREE *tree, + X509_POLICY_LEVEL *curr) { X509_POLICY_LEVEL *plev; @@ -63,15 +63,14 @@ BIO_printf(channel, "Level print after %s\n", str); BIO_printf(channel, "Printing Up to Level %ld\n", - (long)(curr - tree->levels)); + (long)(curr - tree->levels)); for (plev = tree->levels; plev != curr; plev++) { int i; BIO_printf(channel, "Level %ld, flags = %x\n", - (long)(plev - tree->levels), plev->flags); + (long)(plev - tree->levels), plev->flags); for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { - X509_POLICY_NODE *node = - sk_X509_POLICY_NODE_value(plev->nodes, i); + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i); X509_POLICY_NODE_print(channel, node, 2); expected_print(channel, plev, node, 2); @@ -82,10 +81,12 @@ } } -#define TREE_PRINT(str, tree, curr) \ - OSSL_TRACE_BEGIN(X509V3_POLICY) { \ +#define TREE_PRINT(str, tree, curr) \ + OSSL_TRACE_BEGIN(X509V3_POLICY) \ + { \ tree_print(trc_out, "before tree_prune()", tree, curr); \ - } OSSL_TRACE_END(X509V3_POLICY) + } \ + OSSL_TRACE_END(X509V3_POLICY) /*- * Return value: <= 0 on error, or positive bit mask: @@ -95,7 +96,7 @@ * X509_PCY_TREE_EXPLICIT: explicit policy required */ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - unsigned int flags) + unsigned int flags) { X509_POLICY_TREE *tree; X509_POLICY_LEVEL *level; @@ -103,9 +104,9 @@ X509_POLICY_DATA *data = NULL; int ret = X509_PCY_TREE_VALID; int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */ - int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1; - int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1; - int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1; + int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n + 1; + int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n + 1; + int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n + 1; int i; *ptree = NULL; @@ -142,8 +143,8 @@ * policy is required we're done. */ for (i = n - 1; - i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0); - i--) { + i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0); + i--) { X509 *x = sk_X509_value(certs, i); uint32_t ex_flags = X509_get_extension_flags(x); @@ -186,15 +187,16 @@ * policies of anyPolicy. (RFC 5280 has the TA at depth 0 and the leaf at * depth n, we have the leaf at depth 0 and the TA at depth n). */ - if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) { + if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels) * (n + 1))) == NULL) { OPENSSL_free(tree); ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); return X509_PCY_TREE_INTERNAL; } - tree->nlevel = n+1; + tree->nlevel = n + 1; level = tree->levels; if ((data = ossl_policy_data_new(NULL, - OBJ_nid2obj(NID_any_policy), 0)) == NULL) + OBJ_nid2obj(NID_any_policy), 0)) + == NULL) goto bad_tree; if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) { ossl_policy_data_free(data); @@ -246,7 +248,7 @@ *ptree = tree; return ret; - bad_tree: +bad_tree: X509_policy_tree_free(tree); return X509_PCY_TREE_INTERNAL; } @@ -255,8 +257,8 @@ * Return value: 1 on success, 0 otherwise */ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data, - X509_POLICY_TREE *tree) + X509_POLICY_DATA *data, + X509_POLICY_TREE *tree) { X509_POLICY_LEVEL *last = curr - 1; int i, matched = 0; @@ -285,8 +287,8 @@ * Return value: 1 on success, 0 otherwise. */ static int tree_link_nodes(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache, - X509_POLICY_TREE *tree) + const X509_POLICY_CACHE *cache, + X509_POLICY_TREE *tree) { int i; @@ -307,9 +309,9 @@ * Return value: 1 on success, 0 otherwise. */ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache, - const ASN1_OBJECT *id, - X509_POLICY_NODE *node, X509_POLICY_TREE *tree) + const X509_POLICY_CACHE *cache, + const ASN1_OBJECT *id, + X509_POLICY_NODE *node, X509_POLICY_TREE *tree) { X509_POLICY_DATA *data; @@ -336,8 +338,8 @@ * Return value: 1 on success, 0 otherwise. */ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache, - X509_POLICY_NODE *node, X509_POLICY_TREE *tree) + const X509_POLICY_CACHE *cache, + X509_POLICY_NODE *node, X509_POLICY_TREE *tree) { const X509_POLICY_LEVEL *last = curr - 1; int i; @@ -363,7 +365,6 @@ if (!tree_add_unmatched(curr, cache, oid, node, tree)) return 0; } - } return 1; } @@ -372,8 +373,8 @@ * Return value: 1 on success, 0 otherwise */ static int tree_link_any(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache, - X509_POLICY_TREE *tree) + const X509_POLICY_CACHE *cache, + X509_POLICY_TREE *tree) { int i; X509_POLICY_NODE *node; @@ -386,9 +387,7 @@ return 0; } /* Finally add link to anyPolicy */ - if (last->anyPolicy && - ossl_policy_level_add_node(curr, cache->anyPolicy, - last->anyPolicy, tree, 0) == NULL) + if (last->anyPolicy && ossl_policy_level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL) return 0; return 1; } @@ -452,10 +451,9 @@ * Return value: 1 on success, 0 otherwise. */ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, - X509_POLICY_NODE *pcy) + X509_POLICY_NODE *pcy) { - if (*pnodes == NULL && - (*pnodes = ossl_policy_node_cmp_new()) == NULL) + if (*pnodes == NULL && (*pnodes = ossl_policy_node_cmp_new()) == NULL) return 0; if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0) return 1; @@ -479,7 +477,7 @@ * TREE_CALC_OK_DOFREE on success and pnodes needs to be freed */ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, - STACK_OF(X509_POLICY_NODE) **pnodes) + STACK_OF(X509_POLICY_NODE) **pnodes) { X509_POLICY_LEVEL *curr; X509_POLICY_NODE *node, *anyptr; @@ -528,8 +526,8 @@ * Return value: 1 on success, 0 otherwise. */ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - STACK_OF(ASN1_OBJECT) *policy_oids, - STACK_OF(X509_POLICY_NODE) *auth_nodes) + STACK_OF(ASN1_OBJECT) *policy_oids, + STACK_OF(X509_POLICY_NODE) *auth_nodes) { int i; X509_POLICY_NODE *node; @@ -571,7 +569,7 @@ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS | POLICY_DATA_FLAG_EXTRA_NODE; node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent, - tree, 1); + tree, 1); if (node == NULL) { ossl_policy_data_free(extra); return 0; @@ -646,7 +644,6 @@ sk_X509_POLICY_DATA_pop_free(tree->extra_data, ossl_policy_data_free); OPENSSL_free(tree->levels); OPENSSL_free(tree); - } /*- @@ -658,8 +655,8 @@ * X509_PCY_TREE_VALID: Success (null tree if empty or bare TA) */ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, - STACK_OF(X509) *certs, - STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) { int init_ret; int ret; @@ -682,8 +679,10 @@ } else { *pexplicit_policy = 1; /* Tree empty and requireExplicit True: Error */ - if (init_ret & X509_PCY_TREE_EMPTY) + if (init_ret & X509_PCY_TREE_EMPTY) { + X509_policy_tree_free(tree); return X509_PCY_TREE_FAILURE; + } } ret = tree_evaluate(tree); @@ -708,16 +707,18 @@ if (!ret) goto error; - *ptree = tree; - if (init_ret & X509_PCY_TREE_EXPLICIT) { nodes = X509_policy_tree_get0_user_policies(tree); - if (sk_X509_POLICY_NODE_num(nodes) <= 0) + if (sk_X509_POLICY_NODE_num(nodes) <= 0) { + X509_policy_tree_free(tree); return X509_PCY_TREE_FAILURE; + } } + + *ptree = tree; return X509_PCY_TREE_VALID; - error: +error: X509_policy_tree_free(tree); return X509_PCY_TREE_INTERNAL; } --- crypto/openssl/crypto/x509/standard_exts.h.orig +++ crypto/openssl/crypto/x509/standard_exts.h @@ -34,9 +34,7 @@ &ossl_v3_ext_ku, &ossl_v3_delta_crl, &ossl_v3_crl_reason, -#ifndef OPENSSL_NO_OCSP &ossl_v3_crl_invdate, -#endif &ossl_v3_sxnet, &ossl_v3_info, #ifndef OPENSSL_NO_RFC3779 @@ -53,9 +51,7 @@ #endif &ossl_v3_sinfo, &ossl_v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP &ossl_v3_crl_hold, -#endif &ossl_v3_pci, &ossl_v3_name_constraints, &ossl_v3_policy_mappings, @@ -77,4 +73,3 @@ /* Number of standard extensions */ #define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) - --- crypto/openssl/crypto/x509/t_crl.c.orig +++ crypto/openssl/crypto/x509/t_crl.c @@ -34,7 +34,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) { - return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT); + return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT); } int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag) @@ -68,7 +68,7 @@ BIO_printf(out, "\n"); X509V3_extensions_print(out, "CRL extensions", - X509_CRL_get0_extensions(x), 0, 8); + X509_CRL_get0_extensions(x), 0, 8); rev = X509_CRL_get_REVOKED(x); @@ -85,10 +85,9 @@ ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r)); BIO_printf(out, "\n"); X509V3_extensions_print(out, "CRL entry extensions", - X509_REVOKED_get0_extensions(r), 0, 8); + X509_REVOKED_get0_extensions(r), 0, 8); } X509_signature_print(out, sig_alg, sig); return 1; - } --- crypto/openssl/crypto/x509/t_req.c.orig +++ crypto/openssl/crypto/x509/t_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -35,12 +35,12 @@ #endif int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, - unsigned long cflag) + unsigned long cflag) { long l; int i; EVP_PKEY *pkey; - STACK_OF(X509_EXTENSION) *exts; + STACK_OF(X509_EXTENSION) *exts = NULL; char mlch = ' '; int nmindent = 0, printok = 0; @@ -72,7 +72,8 @@ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x), - nmindent, nmflags) < printok) + nmindent, nmflags) + < printok) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; @@ -128,10 +129,10 @@ ii = 0; count = X509_ATTRIBUTE_count(a); if (count == 0) { - ERR_raise(ERR_LIB_X509, X509_R_INVALID_ATTRIBUTES); - return 0; + ERR_raise(ERR_LIB_X509, X509_R_INVALID_ATTRIBUTES); + return 0; } - get_next: + get_next: at = X509_ATTRIBUTE_get0_type(a, ii); type = at->type; bs = at->value.asn1_string; @@ -148,7 +149,7 @@ case V_ASN1_UTF8STRING: case V_ASN1_IA5STRING: if (BIO_write(bp, (char *)bs->data, bs->length) - != bs->length) + != bs->length) goto err; if (BIO_puts(bp, "\n") <= 0) goto err; @@ -184,13 +185,15 @@ if (!X509V3_EXT_print(bp, ex, cflag, 20)) { if (BIO_printf(bp, "%20s", "") <= 0 || ASN1_STRING_print(bp, - X509_EXTENSION_get_data(ex)) <= 0) + X509_EXTENSION_get_data(ex)) + <= 0) goto err; } if (BIO_write(bp, "\n", 1) <= 0) goto err; } sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + exts = NULL; } } @@ -203,7 +206,8 @@ } return 1; - err: +err: + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); return 0; } --- crypto/openssl/crypto/x509/t_x509.c.orig +++ crypto/openssl/crypto/x509/t_x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,7 @@ } int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, - unsigned long cflag) + unsigned long cflag) { BIO *b; int ret; @@ -46,7 +46,7 @@ } int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, - unsigned long cflag) + unsigned long cflag) { long l; int ret = 0, i; @@ -86,9 +86,9 @@ goto err; if (bs->length <= (int)sizeof(long)) { - ERR_set_mark(); - l = ASN1_INTEGER_get(bs); - ERR_pop_to_mark(); + ERR_set_mark(); + l = ASN1_INTEGER_get(bs); + ERR_pop_to_mark(); } else { l = -1; } @@ -110,11 +110,11 @@ for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02x%c", bs->data[i], - ((i + 1 == bs->length) ? '\n' : ':')) <= 0) + ((i + 1 == bs->length) ? '\n' : ':')) + <= 0) goto err; } } - } if (!(cflag & X509_FLAG_NO_SIGNAME)) { @@ -152,8 +152,7 @@ if (!(cflag & X509_FLAG_NO_SUBJECT)) { if (BIO_printf(bp, " Subject:%c", mlch) <= 0) goto err; - if (X509_NAME_print_ex - (bp, X509_get_subject_name(x), nmindent, nmflags) < printok) + if (X509_NAME_print_ex(bp, X509_get_subject_name(x), nmindent, nmflags) < printok) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; @@ -199,7 +198,7 @@ if (!(cflag & X509_FLAG_NO_EXTENSIONS) && !X509V3_extensions_print(bp, "X509v3 extensions", - X509_get0_extensions(x), cflag, 8)) + X509_get0_extensions(x), cflag, 8)) goto err; if (!(cflag & X509_FLAG_NO_SIGDUMP)) { @@ -214,7 +213,7 @@ goto err; } ret = 1; - err: +err: OPENSSL_free(m); return ret; } @@ -243,7 +242,8 @@ goto err; if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL) goto err; - i2d_X509_NAME(subj, &dertmp); + if (i2d_X509_NAME(subj, &dertmp) < 0) + goto err; md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq); if (md == NULL) @@ -269,7 +269,7 @@ goto err; if (!EVP_Digest(ASN1_STRING_get0_data(keybstr), - ASN1_STRING_length(keybstr), SHA1md, NULL, md, NULL)) + ASN1_STRING_length(keybstr), SHA1md, NULL, md, NULL)) goto err; for (i = 0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) @@ -279,7 +279,7 @@ EVP_MD_free(md); return 1; - err: +err: OPENSSL_free(der); EVP_MD_free(md); return 0; @@ -309,7 +309,7 @@ } int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig) + const ASN1_STRING *sig) { int sig_nid; int indent = 4; @@ -357,7 +357,7 @@ else first = 0; OBJ_obj2txt(oidstr, sizeof(oidstr), - sk_ASN1_OBJECT_value(trust, i), 0); + sk_ASN1_OBJECT_value(trust, i), 0); BIO_puts(out, oidstr); } BIO_puts(out, "\n"); @@ -372,7 +372,7 @@ else first = 0; OBJ_obj2txt(oidstr, sizeof(oidstr), - sk_ASN1_OBJECT_value(reject, i), 0); + sk_ASN1_OBJECT_value(reject, i), 0); BIO_puts(out, oidstr); } BIO_puts(out, "\n"); @@ -397,13 +397,12 @@ int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags) { - unsigned long flags = ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | - XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN; + unsigned long flags = ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN; if (cert == NULL) return BIO_printf(bio, " (no certificate)\n") > 0; if (BIO_printf(bio, " certificate\n") <= 0 - || !X509_print_ex(bio, cert, flags, ~X509_FLAG_NO_SUBJECT)) + || !X509_print_ex(bio, cert, flags, ~X509_FLAG_NO_SUBJECT)) return 0; if (X509_check_issued((X509 *)cert, cert) == X509_V_OK) { if (BIO_printf(bio, " self-issued\n") <= 0) @@ -414,7 +413,7 @@ return 0; } if (!X509_print_ex(bio, cert, flags, - ~(X509_FLAG_NO_SERIAL | X509_FLAG_NO_VALIDITY))) + ~(X509_FLAG_NO_SERIAL | X509_FLAG_NO_VALIDITY))) return 0; if (X509_cmp_current_time(X509_get0_notBefore(cert)) > 0) if (BIO_printf(bio, " not yet valid\n") <= 0) @@ -423,7 +422,7 @@ if (BIO_printf(bio, " no more valid\n") <= 0) return 0; return X509_print_ex(bio, cert, flags, - ~neg_cflags & ~X509_FLAG_EXTENSIONS_ONLY_KID); + ~neg_cflags & ~X509_FLAG_EXTENSIONS_ONLY_KID); } static int print_certs(BIO *bio, const STACK_OF(X509) *certs) @@ -440,10 +439,10 @@ if (!ossl_x509_print_ex_brief(bio, cert, 0)) return 0; if (!X509V3_extensions_print(bio, NULL, - X509_get0_extensions(cert), - X509_FLAG_EXTENSIONS_ONLY_KID, 8)) + X509_get0_extensions(cert), + X509_FLAG_EXTENSIONS_ONLY_KID, 8)) return 0; - } + } } return 1; } @@ -469,11 +468,11 @@ BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */ BIO_printf(bio, "%s at depth = %d error = %d (%s)\n", - X509_STORE_CTX_get0_parent_ctx(ctx) != NULL - ? "CRL path validation" - : "Certificate verification", - X509_STORE_CTX_get_error_depth(ctx), - cert_error, X509_verify_cert_error_string(cert_error)); + X509_STORE_CTX_get0_parent_ctx(ctx) != NULL + ? "CRL path validation" + : "Certificate verification", + X509_STORE_CTX_get_error_depth(ctx), + cert_error, X509_verify_cert_error_string(cert_error)); { X509_STORE *ts = X509_STORE_CTX_get0_store(ctx); X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); @@ -505,14 +504,14 @@ BIO_printf(bio, "Failure for:\n"); ossl_x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx), - X509_FLAG_NO_EXTENSIONS); + X509_FLAG_NO_EXTENSIONS); if (cert_error == X509_V_ERR_CERT_UNTRUSTED - || cert_error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT - || cert_error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN - || cert_error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT - || cert_error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY - || cert_error == X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER - || cert_error == X509_V_ERR_STORE_LOOKUP) { + || cert_error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + || cert_error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN + || cert_error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT + || cert_error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY + || cert_error == X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER + || cert_error == X509_V_ERR_STORE_LOOKUP) { BIO_printf(bio, "Non-trusted certs:\n"); print_certs(bio, X509_STORE_CTX_get0_untrusted(ctx)); BIO_printf(bio, "Certs in trust store:\n"); --- crypto/openssl/crypto/x509/v3_addr.c.orig +++ crypto/openssl/crypto/x509/v3_addr.c @@ -33,31 +33,30 @@ */ ASN1_SEQUENCE(IPAddressRange) = { - ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING), - ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING) + ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING), + ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(IPAddressRange) ASN1_CHOICE(IPAddressOrRange) = { - ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING), - ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange) + ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING), + ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange) } ASN1_CHOICE_END(IPAddressOrRange) ASN1_CHOICE(IPAddressChoice) = { - ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL), - ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange) + ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL), + ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange) } ASN1_CHOICE_END(IPAddressChoice) ASN1_SEQUENCE(IPAddressFamily) = { - ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING), - ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice) + ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING), + ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice) } ASN1_SEQUENCE_END(IPAddressFamily) -ASN1_ITEM_TEMPLATE(IPAddrBlocks) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - IPAddrBlocks, IPAddressFamily) +ASN1_ITEM_TEMPLATE(IPAddrBlocks) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + IPAddrBlocks, IPAddressFamily) static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) -IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) + IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange) IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice) IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) @@ -65,7 +64,7 @@ /* * How much buffer space do we need for a raw address? */ -#define ADDR_RAW_BUF_LEN 16 +#define ADDR_RAW_BUF_LEN 16 /* * What's the address length associated with this AFI? @@ -88,9 +87,9 @@ unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) { if (f == NULL - || f->addressFamily == NULL - || f->addressFamily->data == NULL - || f->addressFamily->length < 2) + || f->addressFamily == NULL + || f->addressFamily->data == NULL + || f->addressFamily->length < 2) return 0; return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; } @@ -100,8 +99,8 @@ * At the moment this is coded for simplicity, not speed. */ static int addr_expand(unsigned char *addr, - const ASN1_BIT_STRING *bs, - const int length, const unsigned char fill) + const ASN1_BIT_STRING *bs, + const int length, const unsigned char fill) { if (bs->length < 0 || bs->length > length) return 0; @@ -122,14 +121,14 @@ /* * Extract the prefix length from a bitstring. */ -#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) +#define addr_prefixlen(bs) ((int)((bs)->length * 8 - ((bs)->flags & 7))) /* * i2r handler for one address bitstring. */ static int i2r_address(BIO *out, - const unsigned afi, - const unsigned char fill, const ASN1_BIT_STRING *bs) + const unsigned afi, + const unsigned char fill, const ASN1_BIT_STRING *bs) { unsigned char addr[ADDR_RAW_BUF_LEN]; int i, n; @@ -146,10 +145,11 @@ if (!addr_expand(addr, bs, 16, fill)) return 0; for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00; - n -= 2) ; + n -= 2) + ; for (i = 0; i < n; i += 2) BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1], - (i < 14 ? ":" : "")); + (i < 14 ? ":" : "")); if (i < 16) BIO_puts(out, ":"); if (i == 0) @@ -168,9 +168,9 @@ * i2r handler for a sequence of addresses and ranges. */ static int i2r_IPAddressOrRanges(BIO *out, - const int indent, - const IPAddressOrRanges *aors, - const unsigned afi) + const int indent, + const IPAddressOrRanges *aors, + const unsigned afi) { int i; for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { @@ -199,7 +199,7 @@ * i2r handler for an IPAddrBlocks extension. */ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, - void *ext, BIO *out, int indent) + void *ext, BIO *out, int indent) { const IPAddrBlocks *addr = ext; int i; @@ -245,7 +245,7 @@ break; default: BIO_printf(out, " (Unknown SAFI %u)", - (unsigned)f->addressFamily->data[2]); + (unsigned)f->addressFamily->data[2]); break; } } @@ -256,9 +256,8 @@ case IPAddressChoice_addressesOrRanges: BIO_puts(out, ":\n"); if (!i2r_IPAddressOrRanges(out, - indent + 2, - f->ipAddressChoice-> - u.addressesOrRanges, afi)) + indent + 2, + f->ipAddressChoice->u.addressesOrRanges, afi)) return 0; break; } @@ -277,7 +276,7 @@ * for garbage input, tough noogies. */ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, - const IPAddressOrRange *b, const int length) + const IPAddressOrRange *b, const int length) { unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; int prefixlen_a = 0, prefixlen_b = 0; @@ -320,7 +319,7 @@ * comparison routines are only allowed two arguments. */ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, - const IPAddressOrRange *const *b) + const IPAddressOrRange *const *b) { return IPAddressOrRange_cmp(*a, *b, 4); } @@ -330,7 +329,7 @@ * comparison routines are only allowed two arguments. */ static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, - const IPAddressOrRange *const *b) + const IPAddressOrRange *const *b) { return IPAddressOrRange_cmp(*a, *b, 16); } @@ -340,7 +339,7 @@ * See last paragraph of RFC 3779 2.2.3.7. */ static int range_should_be_prefix(const unsigned char *min, - const unsigned char *max, const int length) + const unsigned char *max, const int length) { unsigned char mask; int i, j; @@ -352,8 +351,10 @@ */ assert(memcmp(min, max, length) <= 0); - for (i = 0; i < length && min[i] == max[i]; i++) ; - for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ; + for (i = 0; i < length && min[i] == max[i]; i++) + ; + for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) + ; if (i < j) return -1; if (i > j) @@ -394,7 +395,7 @@ * Construct a prefix. */ static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, - const int prefixlen, const int afilen) + const int prefixlen, const int afilen) { int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; IPAddressOrRange *aor; @@ -404,8 +405,7 @@ if ((aor = IPAddressOrRange_new()) == NULL) return 0; aor->type = IPAddressOrRange_addressPrefix; - if (aor->u.addressPrefix == NULL && - (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) + if (aor->u.addressPrefix == NULL && (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) goto err; if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen)) goto err; @@ -419,7 +419,7 @@ *result = aor; return 1; - err: +err: IPAddressOrRange_free(aor); return 0; } @@ -430,8 +430,8 @@ * the rest of the code considerably. */ static int make_addressRange(IPAddressOrRange **result, - unsigned char *min, - unsigned char *max, const int length) + unsigned char *min, + unsigned char *max, const int length) { IPAddressOrRange *aor; int i, prefixlen; @@ -447,14 +447,13 @@ aor->type = IPAddressOrRange_addressRange; if ((aor->u.addressRange = IPAddressRange_new()) == NULL) goto err; - if (aor->u.addressRange->min == NULL && - (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) + if (aor->u.addressRange->min == NULL && (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) goto err; - if (aor->u.addressRange->max == NULL && - (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) + if (aor->u.addressRange->max == NULL && (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) goto err; - for (i = length; i > 0 && min[i - 1] == 0x00; --i) ; + for (i = length; i > 0 && min[i - 1] == 0x00; --i) + ; if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) goto err; aor->u.addressRange->min->flags &= ~7; @@ -467,7 +466,8 @@ aor->u.addressRange->min->flags |= 8 - j; } - for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ; + for (i = length; i > 0 && max[i - 1] == 0xFF; --i) + ; if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) goto err; aor->u.addressRange->max->flags &= ~7; @@ -483,7 +483,7 @@ *result = aor; return 1; - err: +err: IPAddressOrRange_free(aor); return 0; } @@ -492,8 +492,8 @@ * Construct a new address family or find an existing one. */ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi) + const unsigned afi, + const unsigned *safi) { IPAddressFamily *f; unsigned char key[3]; @@ -511,18 +511,15 @@ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { f = sk_IPAddressFamily_value(addr, i); - if (f->addressFamily->length == keylen && - !memcmp(f->addressFamily->data, key, keylen)) + if (f->addressFamily->length == keylen && !memcmp(f->addressFamily->data, key, keylen)) return f; } if ((f = IPAddressFamily_new()) == NULL) goto err; - if (f->ipAddressChoice == NULL && - (f->ipAddressChoice = IPAddressChoice_new()) == NULL) + if (f->ipAddressChoice == NULL && (f->ipAddressChoice = IPAddressChoice_new()) == NULL) goto err; - if (f->addressFamily == NULL && - (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) + if (f->addressFamily == NULL && (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) goto err; if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen)) goto err; @@ -531,7 +528,7 @@ return f; - err: +err: IPAddressFamily_free(f); return NULL; } @@ -540,19 +537,14 @@ * Add an inheritance element. */ int X509v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi) + const unsigned afi, const unsigned *safi) { IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); - if (f == NULL || - f->ipAddressChoice == NULL || - (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && - f->ipAddressChoice->u.addressesOrRanges != NULL)) + if (f == NULL || f->ipAddressChoice == NULL || (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && f->ipAddressChoice->u.addressesOrRanges != NULL)) return 0; - if (f->ipAddressChoice->type == IPAddressChoice_inherit && - f->ipAddressChoice->u.inherit != NULL) + if (f->ipAddressChoice->type == IPAddressChoice_inherit && f->ipAddressChoice->u.inherit != NULL) return 1; - if (f->ipAddressChoice->u.inherit == NULL && - (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) + if (f->ipAddressChoice->u.inherit == NULL && (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) return 0; f->ipAddressChoice->type = IPAddressChoice_inherit; return 1; @@ -562,16 +554,13 @@ * Construct an IPAddressOrRange sequence, or return an existing one. */ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi) + const unsigned afi, + const unsigned *safi) { IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); IPAddressOrRanges *aors = NULL; - if (f == NULL || - f->ipAddressChoice == NULL || - (f->ipAddressChoice->type == IPAddressChoice_inherit && - f->ipAddressChoice->u.inherit != NULL)) + if (f == NULL || f->ipAddressChoice == NULL || (f->ipAddressChoice->type == IPAddressChoice_inherit && f->ipAddressChoice->u.inherit != NULL)) return NULL; if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) aors = f->ipAddressChoice->u.addressesOrRanges; @@ -596,15 +585,15 @@ * Add a prefix. */ int X509v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *a, const int prefixlen) + const unsigned afi, + const unsigned *safi, + unsigned char *a, const int prefixlen) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; if (aors == NULL - || !make_addressPrefix(&aor, a, prefixlen, length_from_afi(afi))) + || !make_addressPrefix(&aor, a, prefixlen, length_from_afi(afi))) return 0; if (sk_IPAddressOrRange_push(aors, aor)) return 1; @@ -616,9 +605,9 @@ * Add a range. */ int X509v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *min, unsigned char *max) + const unsigned afi, + const unsigned *safi, + unsigned char *min, unsigned char *max) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -637,17 +626,15 @@ * Extract min and max values from an IPAddressOrRange. */ static int extract_min_max(IPAddressOrRange *aor, - unsigned char *min, unsigned char *max, int length) + unsigned char *min, unsigned char *max, int length) { if (aor == NULL || min == NULL || max == NULL) return 0; switch (aor->type) { case IPAddressOrRange_addressPrefix: - return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && - addr_expand(max, aor->u.addressPrefix, length, 0xFF)); + return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && addr_expand(max, aor->u.addressPrefix, length, 0xFF)); case IPAddressOrRange_addressRange: - return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && - addr_expand(max, aor->u.addressRange->max, length, 0xFF)); + return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && addr_expand(max, aor->u.addressRange->max, length, 0xFF)); } return 0; } @@ -656,16 +643,12 @@ * Public wrapper for extract_min_max(). */ int X509v3_addr_get_range(IPAddressOrRange *aor, - const unsigned afi, - unsigned char *min, - unsigned char *max, const int length) + const unsigned afi, + unsigned char *min, + unsigned char *max, const int length) { int afi_length = length_from_afi(afi); - if (aor == NULL || min == NULL || max == NULL || - afi_length == 0 || length < afi_length || - (aor->type != IPAddressOrRange_addressPrefix && - aor->type != IPAddressOrRange_addressRange) || - !extract_min_max(aor, min, max, afi_length)) + if (aor == NULL || min == NULL || max == NULL || afi_length == 0 || length < afi_length || (aor->type != IPAddressOrRange_addressPrefix && aor->type != IPAddressOrRange_addressRange) || !extract_min_max(aor, min, max, afi_length)) return 0; return afi_length; @@ -682,7 +665,7 @@ * would have expected and is what the following code implements. */ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, - const IPAddressFamily *const *b_) + const IPAddressFamily *const *b_) { const ASN1_OCTET_STRING *a = (*a_)->addressFamily; const ASN1_OCTET_STRING *b = (*b_)->addressFamily; @@ -764,31 +747,28 @@ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); - if (!extract_min_max(a, a_min, a_max, length) || - !extract_min_max(b, b_min, b_max, length)) + if (!extract_min_max(a, a_min, a_max, length) || !extract_min_max(b, b_min, b_max, length)) return 0; /* * Punt misordered list, overlapping start, or inverted range. */ - if (memcmp(a_min, b_min, length) >= 0 || - memcmp(a_min, a_max, length) > 0 || - memcmp(b_min, b_max, length) > 0) + if (memcmp(a_min, b_min, length) >= 0 || memcmp(a_min, a_max, length) > 0 || memcmp(b_min, b_max, length) > 0) return 0; /* * Punt if adjacent or overlapping. Check for adjacency by * subtracting one from b_min first. */ - for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ; + for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) + ; if (memcmp(a_max, b_min, length) >= 0) return 0; /* * Check for range that should be expressed as a prefix. */ - if (a->type == IPAddressOrRange_addressRange && - range_should_be_prefix(a_min, a_max, length) >= 0) + if (a->type == IPAddressOrRange_addressRange && range_should_be_prefix(a_min, a_max, length) >= 0) return 0; } @@ -802,8 +782,7 @@ if (a != NULL && a->type == IPAddressOrRange_addressRange) { if (!extract_min_max(a, a_min, a_max, length)) return 0; - if (memcmp(a_min, a_max, length) > 0 || - range_should_be_prefix(a_min, a_max, length) >= 0) + if (memcmp(a_min, a_max, length) > 0 || range_should_be_prefix(a_min, a_max, length) >= 0) return 0; } } @@ -819,7 +798,7 @@ * Whack an IPAddressOrRanges into canonical form. */ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, - const unsigned afi) + const unsigned afi) { int i, j, length = length_from_afi(afi); @@ -837,15 +816,13 @@ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; - if (!extract_min_max(a, a_min, a_max, length) || - !extract_min_max(b, b_min, b_max, length)) + if (!extract_min_max(a, a_min, a_max, length) || !extract_min_max(b, b_min, b_max, length)) return 0; /* * Punt inverted ranges. */ - if (memcmp(a_min, a_max, length) > 0 || - memcmp(b_min, b_max, length) > 0) + if (memcmp(a_min, a_max, length) > 0 || memcmp(b_min, b_max, length) > 0) return 0; /* @@ -858,7 +835,8 @@ * Merge if a and b are adjacent. We check for * adjacency by subtracting one from b_min first. */ - for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ; + for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) + ; if (memcmp(a_max, b_min, length) == 0) { IPAddressOrRange *merged; if (!make_addressRange(&merged, a_min, b_max, length)) @@ -902,10 +880,7 @@ if (!IPAddressFamily_check_len(f)) return 0; - if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && - !IPAddressOrRanges_canonize(f->ipAddressChoice-> - u.addressesOrRanges, - X509v3_addr_get_afi(f))) + if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges, X509v3_addr_get_afi(f))) return 0; } (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); @@ -919,8 +894,8 @@ * v2i handler for the IPAddrBlocks extension. */ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values) + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values) { static const char v4addr_chars[] = "0123456789."; static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; @@ -952,7 +927,7 @@ safi = &safi_; } else { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR, - "%s", val->name); + "%s", val->name); goto err; } @@ -1023,9 +998,9 @@ case '/': prefixlen = (int)strtoul(s + i2, &t, 10); if (t == s + i2 - || *t != '\0' - || prefixlen > (length * 8) - || prefixlen < 0) { + || *t != '\0' + || prefixlen > (length * 8) + || prefixlen < 0) { ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); X509V3_conf_add_error_name_value(val); goto err; @@ -1081,7 +1056,7 @@ goto err; return addr; - err: +err: OPENSSL_free(s); sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); return NULL; @@ -1091,17 +1066,17 @@ * OpenSSL dispatch */ const X509V3_EXT_METHOD ossl_v3_addr = { - NID_sbgp_ipAddrBlock, /* nid */ - 0, /* flags */ + NID_sbgp_ipAddrBlock, /* nid */ + 0, /* flags */ ASN1_ITEM_ref(IPAddrBlocks), /* template */ - 0, 0, 0, 0, /* old functions, ignored */ - 0, /* i2s */ - 0, /* s2i */ - 0, /* i2v */ - v2i_IPAddrBlocks, /* v2i */ - i2r_IPAddrBlocks, /* i2r */ - 0, /* r2i */ - NULL /* extension-specific data */ + 0, 0, 0, 0, /* old functions, ignored */ + 0, /* i2s */ + 0, /* s2i */ + 0, /* i2v */ + v2i_IPAddrBlocks, /* v2i */ + i2r_IPAddrBlocks, /* i2r */ + 0, /* r2i */ + NULL /* extension-specific data */ }; /* @@ -1124,7 +1099,7 @@ * Figure out whether parent contains child. */ static int addr_contains(IPAddressOrRanges *parent, - IPAddressOrRanges *child, int length) + IPAddressOrRanges *child, int length) { unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN]; unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN]; @@ -1138,13 +1113,13 @@ p = 0; for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { if (!extract_min_max(sk_IPAddressOrRange_value(child, c), - c_min, c_max, length)) + c_min, c_max, length)) return 0; for (;; p++) { if (p >= sk_IPAddressOrRange_num(parent)) return 0; if (!extract_min_max(sk_IPAddressOrRange_value(parent, p), - p_min, p_max, length)) + p_min, p_max, length)) return 0; if (memcmp(p_max, c_max, length) < 0) continue; @@ -1178,8 +1153,8 @@ if (!IPAddressFamily_check_len(fa) || !IPAddressFamily_check_len(fb)) return 0; if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, - fa->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fb)))) + fa->ipAddressChoice->u.addressesOrRanges, + length_from_afi(X509v3_addr_get_afi(fb)))) return 0; } return 1; @@ -1188,18 +1163,18 @@ /* * Validation error handling via callback. */ -# define validation_err(_err_) \ - do { \ - if (ctx != NULL) { \ - ctx->error = _err_; \ - ctx->error_depth = i; \ - ctx->current_cert = x; \ - rv = ctx->verify_cb(0, ctx); \ - } else { \ - rv = 0; \ - } \ - if (rv == 0) \ - goto done; \ +#define validation_err(_err_) \ + do { \ + if (ctx != NULL) { \ + ctx->error = _err_; \ + ctx->error_depth = i; \ + ctx->current_cert = x; \ + rv = ctx->verify_cb(0, ctx); \ + } else { \ + rv = 0; \ + } \ + if (rv == 0) \ + goto done; \ } while (0) /* @@ -1211,16 +1186,16 @@ * X509_V_OK. */ static int addr_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - IPAddrBlocks *ext) + STACK_OF(X509) *chain, + IPAddrBlocks *ext) { IPAddrBlocks *child = NULL; int i, j, ret = 0, rv; X509 *x; if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) - || !ossl_assert(ctx != NULL || ext != NULL) - || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) { + || !ossl_assert(ctx != NULL || ext != NULL) + || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) { if (ctx != NULL) ctx->error = X509_V_ERR_UNSPECIFIED; return 0; @@ -1273,16 +1248,14 @@ continue; } (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, - IPAddressFamily_cmp); + IPAddressFamily_cmp); for (j = 0; j < sk_IPAddressFamily_num(child); j++) { IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); - IPAddressFamily *fp = - sk_IPAddressFamily_value(x->rfc3779_addr, k); + IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k); if (fp == NULL) { - if (fc->ipAddressChoice->type == - IPAddressChoice_addressesOrRanges) { + if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { validation_err(X509_V_ERR_UNNESTED_RESOURCE); break; } @@ -1292,12 +1265,11 @@ if (!IPAddressFamily_check_len(fc) || !IPAddressFamily_check_len(fp)) goto done; - if (fp->ipAddressChoice->type == - IPAddressChoice_addressesOrRanges) { + if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { if (fc->ipAddressChoice->type == IPAddressChoice_inherit || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, - fc->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fc)))) + fc->ipAddressChoice->u.addressesOrRanges, + length_from_afi(X509v3_addr_get_afi(fc)))) (void)sk_IPAddressFamily_set(child, j, fp); else validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -1321,7 +1293,7 @@ } } ret = 1; - done: +done: sk_IPAddressFamily_free(child); return ret; } @@ -1334,8 +1306,8 @@ int X509v3_addr_validate_path(X509_STORE_CTX *ctx) { if (ctx->chain == NULL - || sk_X509_num(ctx->chain) == 0 - || ctx->verify_cb == NULL) { + || sk_X509_num(ctx->chain) == 0 + || ctx->verify_cb == NULL) { ctx->error = X509_V_ERR_UNSPECIFIED; return 0; } @@ -1347,7 +1319,7 @@ * Test whether chain covers extension. */ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, - IPAddrBlocks *ext, int allow_inheritance) + IPAddrBlocks *ext, int allow_inheritance) { if (ext == NULL) return 1; @@ -1358,4 +1330,4 @@ return addr_validate_path_internal(NULL, chain, ext); } -#endif /* OPENSSL_NO_RFC3779 */ +#endif /* OPENSSL_NO_RFC3779 */ --- crypto/openssl/crypto/x509/v3_admis.c.orig +++ crypto/openssl/crypto/x509/v3_admis.c @@ -51,26 +51,26 @@ IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX) static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, - BIO *bp, int ind); + BIO *bp, int ind); const X509V3_EXT_METHOD ossl_v3_ext_admission = { - NID_x509ExtAdmission, /* .ext_nid = */ - 0, /* .ext_flags = */ + NID_x509ExtAdmission, /* .ext_nid = */ + 0, /* .ext_flags = */ ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */ NULL, NULL, NULL, NULL, - NULL, /* .i2s = */ - NULL, /* .s2i = */ - NULL, /* .i2v = */ - NULL, /* .v2i = */ - &i2r_ADMISSION_SYNTAX, /* .i2r = */ - NULL, /* .r2i = */ - NULL /* extension-specific data */ + NULL, /* .i2s = */ + NULL, /* .s2i = */ + NULL, /* .i2v = */ + NULL, /* .v2i = */ + &i2r_ADMISSION_SYNTAX, /* .i2r = */ + NULL, /* .r2i = */ + NULL /* extension-specific data */ }; static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in, - BIO *bp, int ind) + BIO *bp, int ind) { - NAMING_AUTHORITY *namingAuthority = (NAMING_AUTHORITY *) in; + NAMING_AUTHORITY *namingAuthority = (NAMING_AUTHORITY *)in; if (namingAuthority == NULL) return 0; @@ -93,7 +93,8 @@ OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1); if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "", - ln ? " (" : "", objbuf, ln ? ")" : "") <= 0) + ln ? " (" : "", objbuf, ln ? ")" : "") + <= 0) goto err; } if (namingAuthority->namingAuthorityText != NULL) { @@ -102,7 +103,7 @@ || BIO_printf(bp, "\n") <= 0) goto err; } - if (namingAuthority->namingAuthorityUrl != NULL ) { + if (namingAuthority->namingAuthorityUrl != NULL) { if (BIO_printf(bp, "%*s namingAuthorityUrl: ", ind, "") <= 0 || ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0 || BIO_printf(bp, "\n") <= 0) @@ -115,9 +116,9 @@ } static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, - BIO *bp, int ind) + BIO *bp, int ind) { - ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in; + ADMISSION_SYNTAX *admission = (ADMISSION_SYNTAX *)in; int i, j, k; if (admission->admissionAuthority != NULL) { @@ -189,8 +190,9 @@ OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1); if (BIO_printf(bp, "%*s %s%s%s%s\n", ind, "", - ln ? ln : "", ln ? " (" : "", - objbuf, ln ? ")" : "") <= 0) + ln ? ln : "", ln ? " (" : "", + objbuf, ln ? ")" : "") + <= 0) goto err; } } @@ -241,7 +243,7 @@ } void ADMISSION_SYNTAX_set0_admissionAuthority(ADMISSION_SYNTAX *as, - GENERAL_NAME *aa) + GENERAL_NAME *aa) { GENERAL_NAME_free(as->admissionAuthority); as->admissionAuthority = aa; @@ -253,7 +255,7 @@ } void ADMISSION_SYNTAX_set0_contentsOfAdmissions(ADMISSION_SYNTAX *as, - STACK_OF(ADMISSIONS) *a) + STACK_OF(ADMISSIONS) *a) { sk_ADMISSIONS_pop_free(as->contentsOfAdmissions, ADMISSIONS_free); as->contentsOfAdmissions = a; @@ -298,7 +300,7 @@ } void PROFESSION_INFO_set0_addProfessionInfo(PROFESSION_INFO *pi, - ASN1_OCTET_STRING *aos) + ASN1_OCTET_STRING *aos) { ASN1_OCTET_STRING_free(pi->addProfessionInfo); pi->addProfessionInfo = aos; @@ -310,7 +312,7 @@ } void PROFESSION_INFO_set0_namingAuthority(PROFESSION_INFO *pi, - NAMING_AUTHORITY *na) + NAMING_AUTHORITY *na) { NAMING_AUTHORITY_free(pi->namingAuthority); pi->namingAuthority = na; @@ -322,7 +324,7 @@ } void PROFESSION_INFO_set0_professionItems(PROFESSION_INFO *pi, - STACK_OF(ASN1_STRING) *as) + STACK_OF(ASN1_STRING) *as) { sk_ASN1_STRING_pop_free(pi->professionItems, ASN1_STRING_free); pi->professionItems = as; @@ -334,7 +336,7 @@ } void PROFESSION_INFO_set0_professionOIDs(PROFESSION_INFO *pi, - STACK_OF(ASN1_OBJECT) *po) + STACK_OF(ASN1_OBJECT) *po) { sk_ASN1_OBJECT_pop_free(pi->professionOIDs, ASN1_OBJECT_free); pi->professionOIDs = po; @@ -346,7 +348,7 @@ } void PROFESSION_INFO_set0_registrationNumber(PROFESSION_INFO *pi, - ASN1_PRINTABLESTRING *rn) + ASN1_PRINTABLESTRING *rn) { ASN1_PRINTABLESTRING_free(pi->registrationNumber); pi->registrationNumber = rn; --- crypto/openssl/crypto/x509/v3_admis.h.orig +++ crypto/openssl/crypto/x509/v3_admis.h @@ -8,31 +8,31 @@ */ #ifndef OSSL_CRYPTO_X509_V3_ADMIS_H -# define OSSL_CRYPTO_X509_V3_ADMIS_H +#define OSSL_CRYPTO_X509_V3_ADMIS_H struct NamingAuthority_st { - ASN1_OBJECT* namingAuthorityId; - ASN1_IA5STRING* namingAuthorityUrl; - ASN1_STRING* namingAuthorityText; /* i.e. DIRECTORYSTRING */ + ASN1_OBJECT *namingAuthorityId; + ASN1_IA5STRING *namingAuthorityUrl; + ASN1_STRING *namingAuthorityText; /* i.e. DIRECTORYSTRING */ }; struct ProfessionInfo_st { - NAMING_AUTHORITY* namingAuthority; - STACK_OF(ASN1_STRING)* professionItems; /* i.e. DIRECTORYSTRING */ - STACK_OF(ASN1_OBJECT)* professionOIDs; - ASN1_PRINTABLESTRING* registrationNumber; - ASN1_OCTET_STRING* addProfessionInfo; + NAMING_AUTHORITY *namingAuthority; + STACK_OF(ASN1_STRING) *professionItems; /* i.e. DIRECTORYSTRING */ + STACK_OF(ASN1_OBJECT) *professionOIDs; + ASN1_PRINTABLESTRING *registrationNumber; + ASN1_OCTET_STRING *addProfessionInfo; }; struct Admissions_st { - GENERAL_NAME* admissionAuthority; - NAMING_AUTHORITY* namingAuthority; - STACK_OF(PROFESSION_INFO)* professionInfos; + GENERAL_NAME *admissionAuthority; + NAMING_AUTHORITY *namingAuthority; + STACK_OF(PROFESSION_INFO) *professionInfos; }; struct AdmissionSyntax_st { - GENERAL_NAME* admissionAuthority; - STACK_OF(ADMISSIONS)* contentsOfAdmissions; + GENERAL_NAME *admissionAuthority; + STACK_OF(ADMISSIONS) *contentsOfAdmissions; }; #endif --- crypto/openssl/crypto/x509/v3_akeya.c.orig +++ crypto/openssl/crypto/x509/v3_akeya.c @@ -15,9 +15,9 @@ #include ASN1_SEQUENCE(AUTHORITY_KEYID) = { - ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), - ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), - ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) + ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), + ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), + ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) } ASN1_SEQUENCE_END(AUTHORITY_KEYID) IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID) --- crypto/openssl/crypto/x509/v3_akid.c.orig +++ crypto/openssl/crypto/x509/v3_akid.c @@ -17,28 +17,28 @@ #include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, - STACK_OF(CONF_VALUE) - *extlist); + AUTHORITY_KEYID *akeyid, + STACK_OF(CONF_VALUE) + *extlist); static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values); const X509V3_EXT_METHOD ossl_v3_akey_id = { NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), 0, 0, 0, 0, 0, 0, - (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID, + (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, 0, 0, NULL }; static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, - STACK_OF(CONF_VALUE) - *extlist) + AUTHORITY_KEYID *akeyid, + STACK_OF(CONF_VALUE) + *extlist) { char *tmp = NULL; STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; @@ -50,7 +50,7 @@ return NULL; } if (!X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, - tmp, &extlist)) { + tmp, &extlist)) { OPENSSL_free(tmp); ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB); goto err; @@ -78,7 +78,7 @@ OPENSSL_free(tmp); } return extlist; - err: +err: if (origextlist == NULL) sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); return NULL; @@ -94,8 +94,8 @@ */ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values) + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { char keyid = 0, issuer = 0; int i, n = sk_CONF_VALUE_num(values); @@ -129,7 +129,7 @@ issuer = 2; } else { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNKNOWN_OPTION, - "name=%s", cnf->name); + "name=%s", cnf->name); goto err; } } @@ -207,7 +207,7 @@ return akeyid; - err: +err: sk_GENERAL_NAME_free(gens); GENERAL_NAME_free(gen); X509_NAME_free(isname); --- crypto/openssl/crypto/x509/v3_asid.c.orig +++ crypto/openssl/crypto/x509/v3_asid.c @@ -32,23 +32,23 @@ */ ASN1_SEQUENCE(ASRange) = { - ASN1_SIMPLE(ASRange, min, ASN1_INTEGER), - ASN1_SIMPLE(ASRange, max, ASN1_INTEGER) + ASN1_SIMPLE(ASRange, min, ASN1_INTEGER), + ASN1_SIMPLE(ASRange, max, ASN1_INTEGER) } ASN1_SEQUENCE_END(ASRange) ASN1_CHOICE(ASIdOrRange) = { - ASN1_SIMPLE(ASIdOrRange, u.id, ASN1_INTEGER), - ASN1_SIMPLE(ASIdOrRange, u.range, ASRange) + ASN1_SIMPLE(ASIdOrRange, u.id, ASN1_INTEGER), + ASN1_SIMPLE(ASIdOrRange, u.range, ASRange) } ASN1_CHOICE_END(ASIdOrRange) ASN1_CHOICE(ASIdentifierChoice) = { - ASN1_SIMPLE(ASIdentifierChoice, u.inherit, ASN1_NULL), - ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange) + ASN1_SIMPLE(ASIdentifierChoice, u.inherit, ASN1_NULL), + ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange) } ASN1_CHOICE_END(ASIdentifierChoice) ASN1_SEQUENCE(ASIdentifiers) = { - ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0), - ASN1_EXP_OPT(ASIdentifiers, rdi, ASIdentifierChoice, 1) + ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0), + ASN1_EXP_OPT(ASIdentifiers, rdi, ASIdentifierChoice, 1) } ASN1_SEQUENCE_END(ASIdentifiers) IMPLEMENT_ASN1_FUNCTIONS(ASRange) @@ -60,8 +60,8 @@ * i2r method for an ASIdentifierChoice. */ static int i2r_ASIdentifierChoice(BIO *out, - ASIdentifierChoice *choice, - int indent, const char *msg) + ASIdentifierChoice *choice, + int indent, const char *msg) { int i; char *s; @@ -74,8 +74,7 @@ break; case ASIdentifierChoice_asIdsOrRanges: for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) { - ASIdOrRange *aor = - sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); + ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); switch (aor->type) { case ASIdOrRange_id: if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL) @@ -108,38 +107,33 @@ * i2r method for an ASIdentifier extension. */ static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, - void *ext, BIO *out, int indent) + void *ext, BIO *out, int indent) { ASIdentifiers *asid = ext; return (i2r_ASIdentifierChoice(out, asid->asnum, indent, - "Autonomous System Numbers") && - i2r_ASIdentifierChoice(out, asid->rdi, indent, - "Routing Domain Identifiers")); + "Autonomous System Numbers") + && i2r_ASIdentifierChoice(out, asid->rdi, indent, + "Routing Domain Identifiers")); } /* * Sort comparison function for a sequence of ASIdOrRange elements. */ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, - const ASIdOrRange *const *b_) + const ASIdOrRange *const *b_) { const ASIdOrRange *a = *a_, *b = *b_; - assert((a->type == ASIdOrRange_id && a->u.id != NULL) || - (a->type == ASIdOrRange_range && a->u.range != NULL && - a->u.range->min != NULL && a->u.range->max != NULL)); + assert((a->type == ASIdOrRange_id && a->u.id != NULL) || (a->type == ASIdOrRange_range && a->u.range != NULL && a->u.range->min != NULL && a->u.range->max != NULL)); - assert((b->type == ASIdOrRange_id && b->u.id != NULL) || - (b->type == ASIdOrRange_range && b->u.range != NULL && - b->u.range->min != NULL && b->u.range->max != NULL)); + assert((b->type == ASIdOrRange_id && b->u.id != NULL) || (b->type == ASIdOrRange_range && b->u.range != NULL && b->u.range->min != NULL && b->u.range->max != NULL)); if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) return ASN1_INTEGER_cmp(a->u.id, b->u.id); if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) { int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min); - return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, - b->u.range->max); + return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max); } if (a->type == ASIdOrRange_id) @@ -183,7 +177,7 @@ * Add an ID or range to an ASIdentifierChoice. */ int X509v3_asid_add_id_or_range(ASIdentifiers *asid, - int which, ASN1_INTEGER *min, ASN1_INTEGER *max) + int which, ASN1_INTEGER *min, ASN1_INTEGER *max) { ASIdentifierChoice **choice; ASIdOrRange *aor; @@ -233,7 +227,7 @@ goto err; return 1; - err: +err: ASIdOrRange_free(aor); return 0; } @@ -242,7 +236,7 @@ * Extract min and max values from an ASIdOrRange. */ static int extract_min_max(ASIdOrRange *aor, - ASN1_INTEGER **min, ASN1_INTEGER **max) + ASN1_INTEGER **min, ASN1_INTEGER **max) { if (!ossl_assert(aor != NULL)) return 0; @@ -279,8 +273,7 @@ /* * If not a list, or if empty list, it's broken. */ - if (choice->type != ASIdentifierChoice_asIdsOrRanges || - sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) + if (choice->type != ASIdentifierChoice_asIdsOrRanges || sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) return 0; /* @@ -289,33 +282,27 @@ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = - NULL; + ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = NULL; if (!extract_min_max(a, &a_min, &a_max) - || !extract_min_max(b, &b_min, &b_max)) + || !extract_min_max(b, &b_min, &b_max)) goto done; /* * Punt misordered list, overlapping start, or inverted range. */ - if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || - ASN1_INTEGER_cmp(a_min, a_max) > 0 || - ASN1_INTEGER_cmp(b_min, b_max) > 0) + if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || ASN1_INTEGER_cmp(a_min, a_max) > 0 || ASN1_INTEGER_cmp(b_min, b_max) > 0) goto done; /* * Calculate a_max + 1 to check for adjacency. */ - if ((bn == NULL && (bn = BN_new()) == NULL) || - ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1)) { + if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || !BN_add_word(bn, 1)) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto done; } - if ((a_max_plus_one = - BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + if ((a_max_plus_one = BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { a_max_plus_one = orig; ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto done; @@ -337,14 +324,14 @@ ASN1_INTEGER *a_min, *a_max; if (a != NULL && a->type == ASIdOrRange_range) { if (!extract_min_max(a, &a_min, &a_max) - || ASN1_INTEGER_cmp(a_min, a_max) > 0) + || ASN1_INTEGER_cmp(a_min, a_max) > 0) goto done; } } ret = 1; - done: +done: ASN1_INTEGER_free(a_max_plus_one); BN_free(bn); return ret; @@ -355,9 +342,7 @@ */ int X509v3_asid_is_canonical(ASIdentifiers *asid) { - return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) && - ASIdentifierChoice_is_canonical(asid->rdi))); + return (asid == NULL || (ASIdentifierChoice_is_canonical(asid->asnum) && ASIdentifierChoice_is_canonical(asid->rdi))); } /* @@ -379,8 +364,7 @@ /* * If not a list, or if empty list, it's broken. */ - if (choice->type != ASIdentifierChoice_asIdsOrRanges || - sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) { + if (choice->type != ASIdentifierChoice_asIdsOrRanges || sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) { ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); return 0; } @@ -397,11 +381,10 @@ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = - NULL; + ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = NULL; if (!extract_min_max(a, &a_min, &a_max) - || !extract_min_max(b, &b_min, &b_max)) + || !extract_min_max(b, &b_min, &b_max)) goto done; /* @@ -413,8 +396,7 @@ /* * Punt inverted ranges. */ - if (ASN1_INTEGER_cmp(a_min, a_max) > 0 || - ASN1_INTEGER_cmp(b_min, b_max) > 0) + if (ASN1_INTEGER_cmp(a_min, a_max) > 0 || ASN1_INTEGER_cmp(b_min, b_max) > 0) goto done; /* @@ -428,15 +410,12 @@ /* * Calculate a_max + 1 to check for adjacency. */ - if ((bn == NULL && (bn = BN_new()) == NULL) || - ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1)) { + if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || !BN_add_word(bn, 1)) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto done; } - if ((a_max_plus_one = - BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + if ((a_max_plus_one = BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { a_max_plus_one = orig; ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto done; @@ -487,7 +466,7 @@ ASN1_INTEGER *a_min, *a_max; if (a != NULL && a->type == ASIdOrRange_range) { if (!extract_min_max(a, &a_min, &a_max) - || ASN1_INTEGER_cmp(a_min, a_max) > 0) + || ASN1_INTEGER_cmp(a_min, a_max) > 0) goto done; } } @@ -498,7 +477,7 @@ ret = 1; - done: +done: ASN1_INTEGER_free(a_max_plus_one); BN_free(bn); return ret; @@ -509,17 +488,15 @@ */ int X509v3_asid_canonize(ASIdentifiers *asid) { - return (asid == NULL || - (ASIdentifierChoice_canonize(asid->asnum) && - ASIdentifierChoice_canonize(asid->rdi))); + return (asid == NULL || (ASIdentifierChoice_canonize(asid->asnum) && ASIdentifierChoice_canonize(asid->rdi))); } /* * v2i method for an ASIdentifier extension. */ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values) + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values) { ASN1_INTEGER *min = NULL, *max = NULL; ASIdentifiers *asid = NULL; @@ -628,7 +605,7 @@ goto err; return asid; - err: +err: ASIdentifiers_free(asid); ASN1_INTEGER_free(min); ASN1_INTEGER_free(max); @@ -639,17 +616,17 @@ * OpenSSL dispatch. */ const X509V3_EXT_METHOD ossl_v3_asid = { - NID_sbgp_autonomousSysNum, /* nid */ - 0, /* flags */ + NID_sbgp_autonomousSysNum, /* nid */ + 0, /* flags */ ASN1_ITEM_ref(ASIdentifiers), /* template */ - 0, 0, 0, 0, /* old functions, ignored */ - 0, /* i2s */ - 0, /* s2i */ - 0, /* i2v */ - v2i_ASIdentifiers, /* v2i */ - i2r_ASIdentifiers, /* i2r */ - 0, /* r2i */ - NULL /* extension-specific data */ + 0, 0, 0, 0, /* old functions, ignored */ + 0, /* i2s */ + 0, /* s2i */ + 0, /* i2v */ + v2i_ASIdentifiers, /* v2i */ + i2r_ASIdentifiers, /* i2r */ + 0, /* r2i */ + NULL /* extension-specific data */ }; /* @@ -657,11 +634,7 @@ */ int X509v3_asid_inherits(ASIdentifiers *asid) { - return (asid != NULL && - ((asid->asnum != NULL && - asid->asnum->type == ASIdentifierChoice_inherit) || - (asid->rdi != NULL && - asid->rdi->type == ASIdentifierChoice_inherit))); + return (asid != NULL && ((asid->asnum != NULL && asid->asnum->type == ASIdentifierChoice_inherit) || (asid->rdi != NULL && asid->rdi->type == ASIdentifierChoice_inherit))); } /* @@ -685,7 +658,7 @@ if (p >= sk_ASIdOrRange_num(parent)) return 0; if (!extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, - &p_max)) + &p_max)) return 0; if (ASN1_INTEGER_cmp(p_max, c_max) < 0) continue; @@ -715,55 +688,54 @@ return 0; subset = a->asnum == NULL - || (b->asnum != NULL - && asid_contains(b->asnum->u.asIdsOrRanges, - a->asnum->u.asIdsOrRanges)); + || (b->asnum != NULL + && asid_contains(b->asnum->u.asIdsOrRanges, + a->asnum->u.asIdsOrRanges)); if (!subset) return 0; return a->rdi == NULL - || (b->rdi != NULL - && asid_contains(b->rdi->u.asIdsOrRanges, - a->rdi->u.asIdsOrRanges)); + || (b->rdi != NULL + && asid_contains(b->rdi->u.asIdsOrRanges, + a->rdi->u.asIdsOrRanges)); } /* * Validation error handling via callback. */ -#define validation_err(_err_) \ - do { \ - if (ctx != NULL) { \ - ctx->error = _err_; \ - ctx->error_depth = i; \ - ctx->current_cert = x; \ - ret = ctx->verify_cb(0, ctx); \ - } else { \ - ret = 0; \ - } \ - if (!ret) \ - goto done; \ - } while (0) +#define validation_err(_err_) \ + do { \ + if (ctx != NULL) { \ + ctx->error = _err_; \ + ctx->error_depth = i; \ + ctx->current_cert = x; \ + ret = ctx->verify_cb(0, ctx); \ + } else { \ + ret = 0; \ + } \ + if (!ret) \ + goto done; \ + } while (0) /* * Core code for RFC 3779 3.3 path validation. */ static int asid_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - ASIdentifiers *ext) + STACK_OF(X509) *chain, + ASIdentifiers *ext) { ASIdOrRanges *child_as = NULL, *child_rdi = NULL; int i, ret = 1, inherit_as = 0, inherit_rdi = 0; X509 *x; if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) - || !ossl_assert(ctx != NULL || ext != NULL) - || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) { + || !ossl_assert(ctx != NULL || ext != NULL) + || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) { if (ctx != NULL) ctx->error = X509_V_ERR_UNSPECIFIED; return 0; } - /* * Figure out where to start. If we don't have an extension to * check, we're done. Otherwise, check canonical form and @@ -824,12 +796,10 @@ child_as = NULL; inherit_as = 0; } - if (x->rfc3779_asid->asnum != NULL && - x->rfc3779_asid->asnum->type == - ASIdentifierChoice_asIdsOrRanges) { + if (x->rfc3779_asid->asnum != NULL && x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) { if (inherit_as || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, - child_as)) { + child_as)) { child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges; inherit_as = 0; } else { @@ -841,11 +811,8 @@ child_rdi = NULL; inherit_rdi = 0; } - if (x->rfc3779_asid->rdi != NULL && - x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { - if (inherit_rdi || - asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, - child_rdi)) { + if (x->rfc3779_asid->rdi != NULL && x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { + if (inherit_rdi || asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) { child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges; inherit_rdi = 0; } else { @@ -863,15 +830,13 @@ return 0; } if (x->rfc3779_asid != NULL) { - if (x->rfc3779_asid->asnum != NULL && - x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) + if (x->rfc3779_asid->asnum != NULL && x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) validation_err(X509_V_ERR_UNNESTED_RESOURCE); - if (x->rfc3779_asid->rdi != NULL && - x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) + if (x->rfc3779_asid->rdi != NULL && x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) validation_err(X509_V_ERR_UNNESTED_RESOURCE); } - done: +done: return ret; } @@ -883,8 +848,8 @@ int X509v3_asid_validate_path(X509_STORE_CTX *ctx) { if (ctx->chain == NULL - || sk_X509_num(ctx->chain) == 0 - || ctx->verify_cb == NULL) { + || sk_X509_num(ctx->chain) == 0 + || ctx->verify_cb == NULL) { ctx->error = X509_V_ERR_UNSPECIFIED; return 0; } @@ -896,7 +861,7 @@ * Test whether chain covers extension. */ int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, int allow_inheritance) + ASIdentifiers *ext, int allow_inheritance) { if (ext == NULL) return 1; @@ -907,4 +872,4 @@ return asid_validate_path_internal(NULL, chain, ext); } -#endif /* OPENSSL_NO_RFC3779 */ +#endif /* OPENSSL_NO_RFC3779 */ --- crypto/openssl/crypto/x509/v3_bcons.c.orig +++ crypto/openssl/crypto/x509/v3_bcons.c @@ -17,35 +17,35 @@ #include "x509_local.h" static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, - STACK_OF(CONF_VALUE) - *extlist); + BASIC_CONSTRAINTS *bcons, + STACK_OF(CONF_VALUE) + *extlist); static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values); const X509V3_EXT_METHOD ossl_v3_bcons = { NID_basic_constraints, 0, ASN1_ITEM_ref(BASIC_CONSTRAINTS), 0, 0, 0, 0, 0, 0, - (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS, + (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, NULL, NULL, NULL }; ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { - ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), - ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) + ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), + ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) } ASN1_SEQUENCE_END(BASIC_CONSTRAINTS) IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, - STACK_OF(CONF_VALUE) - *extlist) + BASIC_CONSTRAINTS *bcons, + STACK_OF(CONF_VALUE) + *extlist) { X509V3_add_value_bool("CA", bcons->ca, &extlist); X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); @@ -53,8 +53,8 @@ } static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values) + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { BASIC_CONSTRAINTS *bcons = NULL; CONF_VALUE *val; @@ -79,7 +79,7 @@ } } return bcons; - err: +err: BASIC_CONSTRAINTS_free(bcons); return NULL; } --- crypto/openssl/crypto/x509/v3_bitst.c.orig +++ crypto/openssl/crypto/x509/v3_bitst.c @@ -14,38 +14,36 @@ #include "ext_dat.h" static BIT_STRING_BITNAME ns_cert_type_table[] = { - {0, "SSL Client", "client"}, - {1, "SSL Server", "server"}, - {2, "S/MIME", "email"}, - {3, "Object Signing", "objsign"}, - {4, "Unused", "reserved"}, - {5, "SSL CA", "sslCA"}, - {6, "S/MIME CA", "emailCA"}, - {7, "Object Signing CA", "objCA"}, - {-1, NULL, NULL} + { 0, "SSL Client", "client" }, + { 1, "SSL Server", "server" }, + { 2, "S/MIME", "email" }, + { 3, "Object Signing", "objsign" }, + { 4, "Unused", "reserved" }, + { 5, "SSL CA", "sslCA" }, + { 6, "S/MIME CA", "emailCA" }, + { 7, "Object Signing CA", "objCA" }, + { -1, NULL, NULL } }; static BIT_STRING_BITNAME key_usage_type_table[] = { - {0, "Digital Signature", "digitalSignature"}, - {1, "Non Repudiation", "nonRepudiation"}, - {2, "Key Encipherment", "keyEncipherment"}, - {3, "Data Encipherment", "dataEncipherment"}, - {4, "Key Agreement", "keyAgreement"}, - {5, "Certificate Sign", "keyCertSign"}, - {6, "CRL Sign", "cRLSign"}, - {7, "Encipher Only", "encipherOnly"}, - {8, "Decipher Only", "decipherOnly"}, - {-1, NULL, NULL} + { 0, "Digital Signature", "digitalSignature" }, + { 1, "Non Repudiation", "nonRepudiation" }, + { 2, "Key Encipherment", "keyEncipherment" }, + { 3, "Data Encipherment", "dataEncipherment" }, + { 4, "Key Agreement", "keyAgreement" }, + { 5, "Certificate Sign", "keyCertSign" }, + { 6, "CRL Sign", "cRLSign" }, + { 7, "Encipher Only", "encipherOnly" }, + { 8, "Decipher Only", "decipherOnly" }, + { -1, NULL, NULL } }; -const X509V3_EXT_METHOD ossl_v3_nscert = -EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); -const X509V3_EXT_METHOD ossl_v3_key_usage = -EXT_BITSTRING(NID_key_usage, key_usage_type_table); +const X509V3_EXT_METHOD ossl_v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); +const X509V3_EXT_METHOD ossl_v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *ret) + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *ret) { BIT_STRING_BITNAME *bnam; for (bnam = method->usr_data; bnam->lname; bnam++) { @@ -56,8 +54,8 @@ } ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { CONF_VALUE *val; ASN1_BIT_STRING *bs; @@ -82,7 +80,7 @@ } if (!bnam->lname) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT, - "%s", val->name); + "%s", val->name); ASN1_BIT_STRING_free(bs); return NULL; } --- crypto/openssl/crypto/x509/v3_conf.c.orig +++ crypto/openssl/crypto/x509/v3_conf.c @@ -20,20 +20,20 @@ static int v3_check_critical(const char **value); static int v3_check_generic(const char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, const char *value); + int crit, const char *value); static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, - int crit, int type, - X509V3_CTX *ctx); + int crit, int type, + X509V3_CTX *ctx); static char *conf_lhash_get_string(void *db, const char *section, const char *value); static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, - int ext_nid, int crit, void *ext_struc); + int ext_nid, int crit, void *ext_struc); static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, - long *ext_len); + long *ext_len); static X509_EXTENSION *X509V3_EXT_nconf_int(CONF *conf, X509V3_CTX *ctx, - const char *section, - const char *name, const char *value) + const char *section, + const char *name, const char *value) { int crit; int ext_type; @@ -46,23 +46,23 @@ if (!ret) { if (section != NULL) ERR_raise_data(ERR_LIB_X509V3, X509V3_R_ERROR_IN_EXTENSION, - "section=%s, name=%s, value=%s", - section, name, value); + "section=%s, name=%s, value=%s", + section, name, value); else ERR_raise_data(ERR_LIB_X509V3, X509V3_R_ERROR_IN_EXTENSION, - "name=%s, value=%s", name, value); + "name=%s, value=%s", name, value); } return ret; } X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, - const char *value) + const char *value) { return X509V3_EXT_nconf_int(conf, ctx, NULL, name, value); } X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - const char *value) + const char *value) { int crit; int ext_type; @@ -70,14 +70,14 @@ crit = v3_check_critical(&value); if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(OBJ_nid2sn(ext_nid), - value, crit, ext_type, ctx); + value, crit, ext_type, ctx); return do_ext_nconf(conf, ctx, ext_nid, crit, value); } /* CONF *conf: Config file */ /* char *value: Value */ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, const char *value) + int crit, const char *value) { const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; @@ -100,7 +100,7 @@ nval = X509V3_parse_list(value); if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_EXTENSION_STRING, - "name=%s,section=%s", OBJ_nid2sn(ext_nid), value); + "name=%s,section=%s", OBJ_nid2sn(ext_nid), value); if (*value != '@') sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); return NULL; @@ -122,7 +122,7 @@ return NULL; } else { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED, - "name=%s", OBJ_nid2sn(ext_nid)); + "name=%s", OBJ_nid2sn(ext_nid)); return NULL; } @@ -132,11 +132,10 @@ else method->ext_free(ext_struc); return ext; - } static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, - int ext_nid, int crit, void *ext_struc) + int ext_nid, int crit, void *ext_struc) { unsigned char *ext_der = NULL; int ext_len; @@ -146,8 +145,7 @@ /* Convert internal representation to DER */ if (method->it) { ext_der = NULL; - ext_len = - ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); + ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); if (ext_len < 0) goto merr; } else { @@ -174,12 +172,11 @@ return ext; - merr: +merr: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); OPENSSL_free(ext_der); ASN1_OCTET_STRING_free(ext_oct); return NULL; - } /* Given an internal structure, nid and critical flag create an extension */ @@ -232,8 +229,8 @@ /* Create a generic extension: for now just handle DER type */ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, - int crit, int gen_type, - X509V3_CTX *ctx) + int crit, int gen_type, + X509V3_CTX *ctx) { unsigned char *ext_der = NULL; long ext_len = 0; @@ -243,7 +240,7 @@ if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR, - "name=%s", ext); + "name=%s", ext); goto err; } @@ -254,7 +251,7 @@ if (ext_der == NULL) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR, - "value=%s", value); + "value=%s", value); goto err; } @@ -269,16 +266,15 @@ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); - err: +err: ASN1_OBJECT_free(obj); ASN1_OCTET_STRING_free(oct); OPENSSL_free(ext_der); return extension; - } static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, - long *ext_len) + long *ext_len) { ASN1_TYPE *typ; unsigned char *ext_der = NULL; @@ -307,7 +303,7 @@ * Note that on error new elements may have been added to *sk if sk != NULL. */ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, - STACK_OF(X509_EXTENSION) **sk) + STACK_OF(X509_EXTENSION) **sk) { X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; @@ -319,7 +315,8 @@ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if ((ext = X509V3_EXT_nconf_int(conf, ctx, val->section, - val->name, val->value)) == NULL) + val->name, val->value)) + == NULL) return 0; if (sk != NULL) { if (ctx->flags == X509V3_CTX_REPLACE) @@ -339,7 +336,7 @@ * Note that on error new elements may remain added to cert if cert != NULL. */ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509 *cert) + X509 *cert) { STACK_OF(X509_EXTENSION) **sk = NULL; if (cert != NULL) @@ -352,7 +349,7 @@ * Note that on error new elements may remain added to crl if crl != NULL. */ int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509_CRL *crl) + X509_CRL *crl) { STACK_OF(X509_EXTENSION) **sk = NULL; if (crl != NULL) @@ -365,7 +362,7 @@ * Note that on error new elements may remain added to req if req != NULL. */ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509_REQ *req) + X509_REQ *req) { STACK_OF(X509_EXTENSION) *exts = NULL; int ret = X509V3_EXT_add_nconf_sk(conf, ctx, section, &exts); @@ -444,7 +441,7 @@ } void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - X509_CRL *crl, int flags) + X509_CRL *crl, int flags) { if (ctx == NULL) { ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER); @@ -478,7 +475,7 @@ /* Old conf compatibility functions */ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *name, const char *value) + const char *name, const char *value) { CONF *ctmp; X509_EXTENSION *ret; @@ -493,7 +490,7 @@ } X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, const char *value) + X509V3_CTX *ctx, int ext_nid, const char *value) { CONF *ctmp; X509_EXTENSION *ret; @@ -535,7 +532,7 @@ } int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert) + const char *section, X509 *cert) { CONF *ctmp; int ret; @@ -552,7 +549,7 @@ /* Same as above but for a CRL */ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl) + const char *section, X509_CRL *crl) { CONF *ctmp; int ret; @@ -569,7 +566,7 @@ /* Add extensions to certificate request */ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req) + const char *section, X509_REQ *req) { CONF *ctmp; int ret; --- crypto/openssl/crypto/x509/v3_cpols.c.orig +++ crypto/openssl/crypto/x509/v3_cpols.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,16 +21,16 @@ /* Certificate policies extension support: this one is a bit complex... */ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent); + BIO *out, int indent); static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *value); + X509V3_CTX *ctx, const char *value); static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent); + int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org); + STACK_OF(CONF_VALUE) *polstrs, int ia5org); static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org); + STACK_OF(CONF_VALUE) *unot, int ia5org); static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len); static int displaytext_get_tag_len(const char *tagstr); @@ -45,15 +45,14 @@ NULL }; -ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) +ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) ASN1_SEQUENCE(POLICYINFO) = { - ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), - ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) + ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), + ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) } ASN1_SEQUENCE_END(POLICYINFO) IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) @@ -61,33 +60,33 @@ ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); ASN1_ADB(POLICYQUALINFO) = { - ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), - ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) + ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), + ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); ASN1_SEQUENCE(POLICYQUALINFO) = { - ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), - ASN1_ADB_OBJECT(POLICYQUALINFO) + ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), + ASN1_ADB_OBJECT(POLICYQUALINFO) } ASN1_SEQUENCE_END(POLICYQUALINFO) IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) ASN1_SEQUENCE(USERNOTICE) = { - ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), - ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) + ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), + ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) } ASN1_SEQUENCE_END(USERNOTICE) IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) ASN1_SEQUENCE(NOTICEREF) = { - ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), - ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) + ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), + ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) } ASN1_SEQUENCE_END(NOTICEREF) IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *value) + X509V3_CTX *ctx, const char *value) { STACK_OF(POLICYINFO) *pols; char *pstr; @@ -127,7 +126,7 @@ polsect = X509V3_get_section(ctx, pstr + 1); if (polsect == NULL) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_SECTION, - "%s", cnf->name); + "%s", cnf->name); goto err; } pol = policy_section(ctx, polsect, ia5org); @@ -137,8 +136,8 @@ } else { if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { ERR_raise_data(ERR_LIB_X509V3, - X509V3_R_INVALID_OBJECT_IDENTIFIER, - "%s", cnf->name); + X509V3_R_INVALID_OBJECT_IDENTIFIER, + "%s", cnf->name); goto err; } pol = POLICYINFO_new(); @@ -157,14 +156,14 @@ } sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; - err: +err: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; } static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org) + STACK_OF(CONF_VALUE) *polstrs, int ia5org) { int i; CONF_VALUE *cnf; @@ -199,7 +198,7 @@ if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) + strlen(cnf->value))) goto merr; } else if (!ossl_v3_name_cmp(cnf->name, "userNotice")) { STACK_OF(CONF_VALUE) *unot; @@ -236,17 +235,17 @@ return pol; - merr: +merr: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - err: +err: POLICYINFO_free(pol); return NULL; } static int displaytext_get_tag_len(const char *tagstr) { - char *colon = strchr(tagstr, ':'); + const char *colon = strchr(tagstr, ':'); return (colon == NULL) ? -1 : colon - tagstr; } @@ -278,7 +277,7 @@ } static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org) + STACK_OF(CONF_VALUE) *unot, int ia5org) { int i, ret, len, tag; unsigned int tag_len; @@ -323,7 +322,7 @@ else nref->organization->type = V_ASN1_VISIBLESTRING; if (!ASN1_STRING_set(nref->organization, cnf->value, - strlen(cnf->value))) + strlen(cnf->value))) goto merr; } else if (strcmp(cnf->name, "noticeNumbers") == 0) { NOTICEREF *nref; @@ -353,18 +352,17 @@ } } - if (not->noticeref && - (!not->noticeref->noticenos || !not->noticeref->organization)) { + if (not->noticeref && (!not->noticeref->noticenos || !not->noticeref->organization)) { ERR_raise(ERR_LIB_X509V3, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); goto err; } return qual; - merr: +merr: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - err: +err: POLICYQUALINFO_free(qual); return NULL; } @@ -387,16 +385,16 @@ } return 1; - merr: +merr: ASN1_INTEGER_free(aint); ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - err: +err: return 0; } static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent) + BIO *out, int indent) { int i; POLICYINFO *pinfo; @@ -416,7 +414,7 @@ } static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent) + int indent) { POLICYQUALINFO *qualinfo; int i; @@ -427,8 +425,8 @@ switch (OBJ_obj2nid(qualinfo->pqualid)) { case NID_id_qt_cps: BIO_printf(out, "%*sCPS: %.*s", indent, "", - qualinfo->d.cpsuri->length, - qualinfo->d.cpsuri->data); + qualinfo->d.cpsuri->length, + qualinfo->d.cpsuri->data); break; case NID_id_qt_unotice: @@ -452,10 +450,10 @@ NOTICEREF *ref; ref = notice->noticeref; BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", - ref->organization->length, - ref->organization->data); + ref->organization->length, + ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", - sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); + sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { ASN1_INTEGER *num; char *tmp; @@ -477,8 +475,8 @@ } if (notice->exptext) BIO_printf(out, "%*sExplicit Text: %.*s", indent, "", - notice->exptext->length, - notice->exptext->data); + notice->exptext->length, + notice->exptext->data); } void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) @@ -490,11 +488,10 @@ i2a_ASN1_OBJECT(out, dat->valid_policy); BIO_puts(out, "\n"); BIO_printf(out, "%*s%s\n", indent + 2, "", - node_data_critical(dat) ? "Critical" : "Non Critical"); + node_data_critical(dat) ? "Critical" : "Non Critical"); if (dat->qualifier_set) { print_qualifiers(out, dat->qualifier_set, indent + 2); BIO_puts(out, "\n"); - } - else + } else BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); } --- crypto/openssl/crypto/x509/v3_crld.c.orig +++ crypto/openssl/crypto/x509/v3_crld.c @@ -19,9 +19,9 @@ #include "x509_local.h" static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent); + int indent); const X509V3_EXT_METHOD ossl_v3_crld = { NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), @@ -44,7 +44,7 @@ }; static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, - char *sect) + char *sect) { STACK_OF(CONF_VALUE) *gnsect; STACK_OF(GENERAL_NAME) *gens; @@ -65,7 +65,7 @@ } static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, - CONF_VALUE *cnf) + CONF_VALUE *cnf) { STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; @@ -103,7 +103,8 @@ * Since its a name fragment can't have more than one RDNSequence */ if (sk_X509_NAME_ENTRY_value(rnm, - sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { + sk_X509_NAME_ENTRY_num(rnm) - 1) + ->set) { ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_MULTIPLE_RDNS); goto err; } @@ -128,23 +129,23 @@ return 1; - err: +err: sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; } static const BIT_STRING_BITNAME reason_flags[] = { - {0, "Unused", "unused"}, - {1, "Key Compromise", "keyCompromise"}, - {2, "CA Compromise", "CACompromise"}, - {3, "Affiliation Changed", "affiliationChanged"}, - {4, "Superseded", "superseded"}, - {5, "Cessation Of Operation", "cessationOfOperation"}, - {6, "Certificate Hold", "certificateHold"}, - {7, "Privilege Withdrawn", "privilegeWithdrawn"}, - {8, "AA Compromise", "AACompromise"}, - {-1, NULL, NULL} + { 0, "Unused", "unused" }, + { 1, "Key Compromise", "keyCompromise" }, + { 2, "CA Compromise", "CACompromise" }, + { 3, "Affiliation Changed", "affiliationChanged" }, + { 4, "Superseded", "superseded" }, + { 5, "Cessation Of Operation", "cessationOfOperation" }, + { 6, "Certificate Hold", "certificateHold" }, + { 7, "Privilege Withdrawn", "privilegeWithdrawn" }, + { 8, "AA Compromise", "AACompromise" }, + { -1, NULL, NULL } }; static int set_reasons(ASN1_BIT_STRING **preas, char *value) @@ -177,13 +178,13 @@ } ret = 1; - err: +err: sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); return ret; } static int print_reasons(BIO *out, const char *rname, - ASN1_BIT_STRING *rflags, int indent) + ASN1_BIT_STRING *rflags, int indent) { int first = 1; const BIT_STRING_BITNAME *pbn; @@ -205,7 +206,7 @@ } static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) + STACK_OF(CONF_VALUE) *nval) { int i; CONF_VALUE *cnf; @@ -233,13 +234,13 @@ return point; - err: +err: DIST_POINT_free(point); return NULL; } static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { STACK_OF(DIST_POINT) *crld; GENERAL_NAMES *gens = NULL; @@ -285,9 +286,9 @@ } return crld; - merr: +merr: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - err: +err: GENERAL_NAME_free(gen); GENERAL_NAMES_free(gens); sk_DIST_POINT_pop_free(crld, DIST_POINT_free); @@ -295,7 +296,7 @@ } static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; @@ -311,44 +312,41 @@ return 1; } - ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { - ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), - ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) + ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), + ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) } ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type) - IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) ASN1_SEQUENCE(DIST_POINT) = { - ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), - ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), - ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) + ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), + ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), + ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) } ASN1_SEQUENCE_END(DIST_POINT) IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) -ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) +ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) ASN1_SEQUENCE(ISSUING_DIST_POINT) = { - ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0), - ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1), - ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2), - ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3), - ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4), - ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5) + ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0), + ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1), + ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2), + ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3), + ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4), + ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5) } ASN1_SEQUENCE_END(ISSUING_DIST_POINT) IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent); + int indent); static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + STACK_OF(CONF_VALUE) *nval); const X509V3_EXT_METHOD ossl_v3_idp = { NID_issuing_distribution_point, X509V3_EXT_MULTILINE, @@ -362,7 +360,7 @@ }; static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) + STACK_OF(CONF_VALUE) *nval) { ISSUING_DIST_POINT *idp = NULL; CONF_VALUE *cnf; @@ -403,9 +401,9 @@ } return idp; - merr: +merr: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - err: +err: ISSUING_DIST_POINT_free(idp); return NULL; } @@ -438,7 +436,7 @@ } static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent) + int indent) { ISSUING_DIST_POINT *idp = pidp; if (idp->distpoint) @@ -462,7 +460,7 @@ } static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent) + int indent) { STACK_OF(DIST_POINT) *crld = pcrldp; DIST_POINT *point; @@ -483,6 +481,49 @@ return 1; } +static int i2r_crl_invdate(const X509V3_EXT_METHOD *method, void *date, + BIO *out, int indent); +static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, + int indent); + +const X509V3_EXT_METHOD ossl_v3_crl_invdate = { + NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_crl_invdate, 0, + NULL +}; + +const X509V3_EXT_METHOD ossl_v3_crl_hold = { + NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), + 0, 0, 0, 0, + 0, 0, + 0, 0, + i2r_object, 0, + NULL +}; + +static int i2r_crl_invdate(const X509V3_EXT_METHOD *method, void *date, + BIO *bp, int ind) +{ + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (!ASN1_GENERALIZEDTIME_print(bp, date)) + return 0; + return 1; +} + +static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, + int ind) +{ + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (i2a_ASN1_OBJECT(bp, oid) <= 0) + return 0; + return 1; +} + /* Append any nameRelativeToCRLIssuer in dpn to iname, set in dpn->dpname */ int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname) { @@ -506,7 +547,7 @@ if (i2d_X509_NAME(dpn->dpname, NULL) >= 0) return 1; - err: +err: X509_NAME_free(dpn->dpname); dpn->dpname = NULL; return 0; --- crypto/openssl/crypto/x509/v3_enum.c.orig +++ crypto/openssl/crypto/x509/v3_enum.c @@ -13,20 +13,20 @@ #include "ext_dat.h" static ENUMERATED_NAMES crl_reasons[] = { - {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, - {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"}, - {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"}, - {CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", - "affiliationChanged"}, - {CRL_REASON_SUPERSEDED, "Superseded", "superseded"}, - {CRL_REASON_CESSATION_OF_OPERATION, - "Cessation Of Operation", "cessationOfOperation"}, - {CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"}, - {CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"}, - {CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", - "privilegeWithdrawn"}, - {CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"}, - {-1, NULL, NULL} + { CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified" }, + { CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise" }, + { CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise" }, + { CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", + "affiliationChanged" }, + { CRL_REASON_SUPERSEDED, "Superseded", "superseded" }, + { CRL_REASON_CESSATION_OF_OPERATION, + "Cessation Of Operation", "cessationOfOperation" }, + { CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold" }, + { CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL" }, + { CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", + "privilegeWithdrawn" }, + { CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise" }, + { -1, NULL, NULL } }; const X509V3_EXT_METHOD ossl_v3_crl_reason = { @@ -39,7 +39,7 @@ }; char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, - const ASN1_ENUMERATED *e) + const ASN1_ENUMERATED *e) { ENUMERATED_NAMES *enam; long strval; --- crypto/openssl/crypto/x509/v3_extku.c.orig +++ crypto/openssl/crypto/x509/v3_extku.c @@ -15,11 +15,11 @@ #include "ext_dat.h" static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD - *method, void *eku, STACK_OF(CONF_VALUE) - *extlist); + *method, + void *eku, STACK_OF(CONF_VALUE) *extlist); const X509V3_EXT_METHOD ossl_v3_ext_ku = { NID_ext_key_usage, 0, @@ -44,15 +44,14 @@ NULL }; -ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) +ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD - *method, void *a, STACK_OF(CONF_VALUE) - *ext_list) + *method, + void *a, STACK_OF(CONF_VALUE) *ext_list) { EXTENDED_KEY_USAGE *eku = a; int i; @@ -67,8 +66,8 @@ } static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { EXTENDED_KEY_USAGE *extku; char *extval; @@ -93,10 +92,10 @@ if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER, - "%s", extval); + "%s", extval); return NULL; } - sk_ASN1_OBJECT_push(extku, objtmp); /* no failure as it was reserved */ + sk_ASN1_OBJECT_push(extku, objtmp); /* no failure as it was reserved */ } return extku; } --- crypto/openssl/crypto/x509/v3_genn.c.orig +++ crypto/openssl/crypto/x509/v3_genn.c @@ -14,39 +14,38 @@ #include ASN1_SEQUENCE(OTHERNAME) = { - ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), - /* Maybe have a true ANY DEFINED BY later */ - ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) + ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), + /* Maybe have a true ANY DEFINED BY later */ + ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) } ASN1_SEQUENCE_END(OTHERNAME) IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) ASN1_SEQUENCE(EDIPARTYNAME) = { - /* DirectoryString is a CHOICE type so use explicit tagging */ - ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), - ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + /* DirectoryString is a CHOICE type so use explicit tagging */ + ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), + ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) } ASN1_SEQUENCE_END(EDIPARTYNAME) IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) ASN1_CHOICE(GENERAL_NAME) = { - ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), - ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), - ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), - /* Don't decode this */ - ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), - /* X509_NAME is a CHOICE type so use EXPLICIT */ - ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), - ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), - ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), - ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), - ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) + ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), + ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), + ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), + /* Don't decode this */ + ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), + /* X509_NAME is a CHOICE type so use EXPLICIT */ + ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), + ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), + ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), + ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), + ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) } ASN1_CHOICE_END(GENERAL_NAME) IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME) -ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) +ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES) IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) @@ -54,8 +53,8 @@ GENERAL_NAME *GENERAL_NAME_dup(const GENERAL_NAME *a) { return (GENERAL_NAME *)ASN1_dup((i2d_of_void *)i2d_GENERAL_NAME, - (d2i_of_void *)d2i_GENERAL_NAME, - (char *)a); + (d2i_of_void *)d2i_GENERAL_NAME, + (char *)a); } static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) @@ -215,7 +214,7 @@ } int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, - ASN1_OBJECT *oid, ASN1_TYPE *value) + ASN1_OBJECT *oid, ASN1_TYPE *value) { OTHERNAME *oth; oth = OTHERNAME_new(); @@ -229,7 +228,7 @@ } int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, - ASN1_OBJECT **poid, ASN1_TYPE **pvalue) + ASN1_OBJECT **poid, ASN1_TYPE **pvalue) { if (gen->type != GEN_OTHERNAME) return 0; --- crypto/openssl/crypto/x509/v3_ia5.c.orig +++ crypto/openssl/crypto/x509/v3_ia5.c @@ -41,7 +41,7 @@ } ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) + X509V3_CTX *ctx, const char *str) { ASN1_IA5STRING *ia5; if (str == NULL) { @@ -56,9 +56,9 @@ } #ifdef CHARSET_EBCDIC ebcdic2ascii(ia5->data, ia5->data, ia5->length); -#endif /* CHARSET_EBCDIC */ +#endif /* CHARSET_EBCDIC */ return ia5; - err: +err: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); return NULL; } --- crypto/openssl/crypto/x509/v3_info.c.orig +++ crypto/openssl/crypto/x509/v3_info.c @@ -16,44 +16,43 @@ #include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, AUTHORITY_INFO_ACCESS - *ainfo, STACK_OF(CONF_VALUE) - *ret); + *method, + AUTHORITY_INFO_ACCESS + *ainfo, + STACK_OF(CONF_VALUE) + *ret); static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) - *nval); + *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) + *nval); const X509V3_EXT_METHOD ossl_v3_info = { NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), 0, 0, 0, 0, 0, 0, - (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS, + (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, 0, 0, - NULL -}; + NULL }; const X509V3_EXT_METHOD ossl_v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), 0, 0, 0, 0, 0, 0, - (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS, + (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, 0, 0, - NULL -}; + NULL }; ASN1_SEQUENCE(ACCESS_DESCRIPTION) = { - ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), - ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) + ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), + ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) } ASN1_SEQUENCE_END(ACCESS_DESCRIPTION) IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) -ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) +ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) @@ -90,7 +89,7 @@ return sk_CONF_VALUE_new_null(); return tret; - err: +err: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); if (ret == NULL && tret != NULL) sk_CONF_VALUE_pop_free(tret, X509V3_conf_free); @@ -98,10 +97,10 @@ } static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) - *nval) + *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) + *nval) { AUTHORITY_INFO_ACCESS *ainfo = NULL; CONF_VALUE *cnf, ctmp; @@ -137,14 +136,14 @@ acc->method = OBJ_txt2obj(objtmp, 0); if (!acc->method) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_OBJECT, - "value=%s", objtmp); + "value=%s", objtmp); OPENSSL_free(objtmp); goto err; } OPENSSL_free(objtmp); } return ainfo; - err: +err: sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); return NULL; } --- crypto/openssl/crypto/x509/v3_int.c.orig +++ crypto/openssl/crypto/x509/v3_int.c @@ -29,7 +29,7 @@ }; static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, - const char *value) + const char *value) { return s2i_ASN1_INTEGER(meth, value); } --- crypto/openssl/crypto/x509/v3_ist.c.orig +++ crypto/openssl/crypto/x509/v3_ist.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,23 +17,22 @@ /* * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE) - * This extention is required to obtain the status of a qualified certificate at Russian Federation. + * This extension is required to obtain the status of a qualified certificate at Russian Federation. * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ */ ASN1_SEQUENCE(ISSUER_SIGN_TOOL) = { - ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING), - ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING), - ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING), - ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING) + ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING), + ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING), + ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING), + ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING) } ASN1_SEQUENCE_END(ISSUER_SIGN_TOOL) IMPLEMENT_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL) - static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) + STACK_OF(CONF_VALUE) *nval) { ISSUER_SIGN_TOOL *ist = ISSUER_SIGN_TOOL_new(); int i; @@ -93,8 +92,8 @@ } static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method, - ISSUER_SIGN_TOOL *ist, BIO *out, - int indent) + ISSUER_SIGN_TOOL *ist, BIO *out, + int indent) { int new_line = 0; @@ -138,15 +137,15 @@ } const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool = { - NID_issuerSignTool, /* nid */ - X509V3_EXT_MULTILINE, /* flags */ - ASN1_ITEM_ref(ISSUER_SIGN_TOOL), /* template */ - 0, 0, 0, 0, /* old functions, ignored */ - 0, /* i2s */ - 0, /* s2i */ - 0, /* i2v */ + NID_issuerSignTool, /* nid */ + X509V3_EXT_MULTILINE, /* flags */ + ASN1_ITEM_ref(ISSUER_SIGN_TOOL), /* template */ + 0, 0, 0, 0, /* old functions, ignored */ + 0, /* i2s */ + 0, /* s2i */ + 0, /* i2v */ (X509V3_EXT_V2I)v2i_issuer_sign_tool, /* v2i */ (X509V3_EXT_I2R)i2r_issuer_sign_tool, /* i2r */ - 0, /* r2i */ - NULL /* extension-specific data */ + 0, /* r2i */ + NULL /* extension-specific data */ }; --- crypto/openssl/crypto/x509/v3_lib.c.orig +++ crypto/openssl/crypto/x509/v3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; static int ext_cmp(const X509V3_EXT_METHOD *const *a, - const X509V3_EXT_METHOD *const *b); + const X509V3_EXT_METHOD *const *b); static void ext_list_free(X509V3_EXT_METHOD *ext); int X509V3_EXT_add(X509V3_EXT_METHOD *ext) @@ -37,22 +37,22 @@ } static int ext_cmp(const X509V3_EXT_METHOD *const *a, - const X509V3_EXT_METHOD *const *b) + const X509V3_EXT_METHOD *const *b) { return ((*a)->ext_nid - (*b)->ext_nid); } DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, - const X509V3_EXT_METHOD *, ext); + const X509V3_EXT_METHOD *, ext); IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, - const X509V3_EXT_METHOD *, ext); + const X509V3_EXT_METHOD *, ext); #include "standard_exts.h" const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { X509V3_EXT_METHOD tmp; - const X509V3_EXT_METHOD *t = &tmp, *const *ret; + const X509V3_EXT_METHOD *t = &tmp, *const * ret; int idx; if (nid < 0) @@ -99,7 +99,11 @@ *tmpext = *ext; tmpext->ext_nid = nid_to; tmpext->ext_flags |= X509V3_EXT_DYNAMIC; - return X509V3_EXT_add(tmpext); + if (!X509V3_EXT_add(tmpext)) { + OPENSSL_free(tmpext); + return 0; + } + return 1; } void X509V3_EXT_cleanup(void) @@ -160,7 +164,7 @@ */ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, - int *idx) + int *idx) { int lastpos, i; X509_EXTENSION *ex, *found_ex = NULL; @@ -216,7 +220,7 @@ */ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - int crit, unsigned long flags) + int crit, unsigned long flags) { int errcode, extidx = -1; X509_EXTENSION *ext = NULL, *extmp; @@ -252,8 +256,7 @@ /* * If replace existing or delete, error since extension must exist */ - if ((ext_op == X509V3_ADD_REPLACE_EXISTING) || - (ext_op == X509V3_ADD_DELETE)) { + if ((ext_op == X509V3_ADD_REPLACE_EXISTING) || (ext_op == X509V3_ADD_DELETE)) { errcode = X509V3_R_EXTENSION_NOT_FOUND; goto err; } @@ -290,14 +293,14 @@ *x = ret; return 1; - m_fail: +m_fail: /* ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); */ if (ret != *x) sk_X509_EXTENSION_free(ret); X509_EXTENSION_free(ext); return -1; - err: +err: if (!(flags & X509V3_ADD_SILENT)) ERR_raise(ERR_LIB_X509V3, errcode); return 0; --- crypto/openssl/crypto/x509/v3_ncons.c.orig +++ crypto/openssl/crypto/x509/v3_ncons.c @@ -21,18 +21,18 @@ #include "ext_dat.h" static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, - BIO *bp, int ind); + BIO *bp, int ind); static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, - int ind, const char *name); + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, + int ind, const char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); static int nc_match_single(int effective_type, GENERAL_NAME *sub, - GENERAL_NAME *gen); + GENERAL_NAME *gen); static int nc_dn(const X509_NAME *sub, const X509_NAME *nm); static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); @@ -51,37 +51,36 @@ }; ASN1_SEQUENCE(GENERAL_SUBTREE) = { - ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), - ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), - ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) + ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), + ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), + ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) } ASN1_SEQUENCE_END(GENERAL_SUBTREE) ASN1_SEQUENCE(NAME_CONSTRAINTS) = { - ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, - GENERAL_SUBTREE, 0), - ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, - GENERAL_SUBTREE, 1), + ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, + GENERAL_SUBTREE, 0), + ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, + GENERAL_SUBTREE, 1), } ASN1_SEQUENCE_END(NAME_CONSTRAINTS) - IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) - #define IA5_OFFSET_LEN(ia5base, offset) \ ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) /* Like memchr but for ASN1_IA5STRING. Additionally you can specify the * starting point to search from */ -# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) +#define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) /* Like memrrchr but for ASN1_IA5STRING */ static char *ia5memrchr(ASN1_IA5STRING *str, int c) { int i; - for (i = str->length; i > 0 && str->data[i - 1] != c; i--); + for (i = str->length; i > 0 && str->data[i - 1] != c; i--) + ; if (i == 0) return NULL; @@ -123,7 +122,7 @@ } static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { int i; CONF_VALUE tval, *val; @@ -161,9 +160,9 @@ return ncons; - memerr: +memerr: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - err: +err: NAME_CONSTRAINTS_free(ncons); GENERAL_SUBTREE_free(sub); @@ -171,21 +170,21 @@ } static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, - BIO *bp, int ind) + BIO *bp, int ind) { NAME_CONSTRAINTS *ncons = a; do_i2r_name_constraints(method, ncons->permittedSubtrees, - bp, ind, "Permitted"); + bp, ind, "Permitted"); if (ncons->permittedSubtrees && ncons->excludedSubtrees) BIO_puts(bp, "\n"); do_i2r_name_constraints(method, ncons->excludedSubtrees, - bp, ind, "Excluded"); + bp, ind, "Excluded"); return 1; } static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, const char *name) + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, const char *name) { GENERAL_SUBTREE *tree; int i; @@ -207,7 +206,8 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) { /* ip->length should be 8 or 32 and len1 == len2 == 4 or len1 == len2 == 16 */ - int len1 = ip->length >= 16 ? 16 : ip->length >= 4 ? 4 : ip->length; + int len1 = ip->length >= 16 ? 16 : ip->length >= 4 ? 4 + : ip->length; int len2 = ip->length - len1; char *ip1 = ossl_ipaddr_to_asc(ip->data, len1); char *ip2 = ossl_ipaddr_to_asc(ip->data + len1, len2); @@ -259,10 +259,10 @@ * constraints causing a computationally expensive name constraints check. */ if (!add_lengths(&name_count, X509_NAME_entry_count(nm), - sk_GENERAL_NAME_num(x->altname)) + sk_GENERAL_NAME_num(x->altname)) || !add_lengths(&constraint_count, - sk_GENERAL_SUBTREE_num(nc->permittedSubtrees), - sk_GENERAL_SUBTREE_num(nc->excludedSubtrees)) + sk_GENERAL_SUBTREE_num(nc->permittedSubtrees), + sk_GENERAL_SUBTREE_num(nc->excludedSubtrees)) || (name_count > 0 && constraint_count > NAME_CHECK_MAX / name_count)) return X509_V_ERR_UNSPECIFIED; @@ -296,7 +296,6 @@ if (r != X509_V_OK) return r; } - } for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) { @@ -307,7 +306,6 @@ } return X509_V_OK; - } static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) @@ -452,7 +450,8 @@ * Return nonzero if the GeneralSubtree has valid 'minimum' field * (must be absent or 0) and valid 'maximum' field (must be absent). */ -static int nc_minmax_valid(GENERAL_SUBTREE *sub) { +static int nc_minmax_valid(GENERAL_SUBTREE *sub) +{ BIGNUM *bn = NULL; int ok = 1; @@ -480,8 +479,7 @@ * the otherName field may contain EAI email address treated specially * according to RFC 8398, section 6 */ - if (effective_type == GEN_OTHERNAME && - (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox)) { + if (effective_type == GEN_OTHERNAME && (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox)) { effective_type = GEN_EMAIL; } @@ -493,9 +491,7 @@ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); if (effective_type != sub->base->type - || (effective_type == GEN_OTHERNAME && - OBJ_cmp(gen->d.otherName->type_id, - sub->base->d.otherName->type_id) != 0)) + || (effective_type == GEN_OTHERNAME && OBJ_cmp(gen->d.otherName->type_id, sub->base->d.otherName->type_id) != 0)) continue; if (!nc_minmax_valid(sub)) return X509_V_ERR_SUBTREE_MINMAX; @@ -519,9 +515,7 @@ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); if (effective_type != sub->base->type - || (effective_type == GEN_OTHERNAME && - OBJ_cmp(gen->d.otherName->type_id, - sub->base->d.otherName->type_id) != 0)) + || (effective_type == GEN_OTHERNAME && OBJ_cmp(gen->d.otherName->type_id, sub->base->d.otherName->type_id) != 0)) continue; if (!nc_minmax_valid(sub)) return X509_V_ERR_SUBTREE_MINMAX; @@ -531,15 +525,13 @@ return X509_V_ERR_EXCLUDED_VIOLATION; else if (r != X509_V_ERR_PERMITTED_VIOLATION) return r; - } return X509_V_OK; - } static int nc_match_single(int effective_type, GENERAL_NAME *gen, - GENERAL_NAME *base) + GENERAL_NAME *base) { switch (gen->type) { case GEN_OTHERNAME: @@ -566,7 +558,7 @@ case GEN_URI: return nc_uri(gen->d.uniformResourceIdentifier, - base->d.uniformResourceIdentifier); + base->d.uniformResourceIdentifier); case GEN_IPADD: return nc_ip(gen->d.iPAddress, base->d.iPAddress); @@ -574,7 +566,6 @@ default: return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; } - } /* @@ -623,7 +614,6 @@ return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; - } /* @@ -695,12 +685,12 @@ emlptr = emlat + 1; emlhostlen = IA5_OFFSET_LEN(eml, emlptr); if (emlhostlen != strlen(ulabel) - || ia5ncasecmp(ulabel, emlptr, emlhostlen) != 0) { + || ia5ncasecmp(ulabel, emlptr, emlhostlen) != 0) { ret = X509_V_ERR_PERMITTED_VIOLATION; goto end; } - end: +end: OPENSSL_free(baseptr); return ret; } @@ -731,8 +721,7 @@ if (baseat != baseptr) { if ((baseat - baseptr) != (emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; - if (memchr(baseptr, 0, baseat - baseptr) || - memchr(emlptr, 0, emlat - emlptr)) + if (memchr(baseptr, 0, baseat - baseptr) || memchr(emlptr, 0, emlat - emlptr)) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Case sensitive match of local part */ if (strncmp(baseptr, emlptr, emlat - emlptr)) @@ -749,7 +738,6 @@ return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; - } static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) @@ -761,9 +749,9 @@ /* Check for foo:// and skip past it */ if (p == NULL - || IA5_OFFSET_LEN(uri, p) < 3 - || p[1] != '/' - || p[2] != '/') + || IA5_OFFSET_LEN(uri, p) < 3 + || p[1] != '/' + || p[2] != '/') return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; hostptr = p + 3; @@ -799,7 +787,6 @@ return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; - } static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base) @@ -830,5 +817,4 @@ return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; - } --- crypto/openssl/crypto/x509/v3_pci.c.orig +++ crypto/openssl/crypto/x509/v3_pci.c @@ -50,22 +50,29 @@ #include "ext_dat.h" static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, - BIO *out, int indent); + BIO *out, int indent); static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); + X509V3_CTX *ctx, char *str); -const X509V3_EXT_METHOD ossl_v3_pci = - { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), - 0, 0, 0, 0, - 0, 0, - NULL, NULL, +const X509V3_EXT_METHOD ossl_v3_pci = { + NID_proxyCertInfo, + 0, + ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), + 0, + 0, + 0, + 0, + 0, + 0, + NULL, + NULL, (X509V3_EXT_I2R)i2r_pci, (X509V3_EXT_R2I)r2i_pci, NULL, }; static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, - BIO *out, int indent) + BIO *out, int indent) { BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); if (pci->pcPathLengthConstraint) @@ -77,14 +84,14 @@ i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) BIO_printf(out, "\n%*sPolicy Text: %.*s", indent, "", - pci->proxyPolicy->policy->length, - pci->proxyPolicy->policy->data); + pci->proxyPolicy->policy->length, + pci->proxyPolicy->policy->data); return 1; } static int process_pci_value(CONF_VALUE *val, - ASN1_OBJECT **language, ASN1_INTEGER **pathlen, - ASN1_OCTET_STRING **policy) + ASN1_OBJECT **language, ASN1_INTEGER **pathlen, + ASN1_OCTET_STRING **policy) { int free_policy = 0; @@ -102,7 +109,7 @@ } else if (strcmp(val->name, "pathlen") == 0) { if (*pathlen) { ERR_raise(ERR_LIB_X509V3, - X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); + X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } @@ -125,8 +132,7 @@ free_policy = 1; } if (strncmp(val->value, "hex:", 4) == 0) { - unsigned char *tmp_data2 = - OPENSSL_hexstr2buf(val->value + 4, &val_len); + unsigned char *tmp_data2 = OPENSSL_hexstr2buf(val->value + 4, &val_len); if (!tmp_data2) { X509V3_conf_err(val); @@ -134,11 +140,11 @@ } tmp_data = OPENSSL_realloc((*policy)->data, - (*policy)->length + val_len + 1); + (*policy)->length + val_len + 1); if (tmp_data) { (*policy)->data = tmp_data; memcpy(&(*policy)->data[(*policy)->length], - tmp_data2, val_len); + tmp_data2, val_len); (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } else { @@ -165,12 +171,12 @@ goto err; } while ((n = BIO_read(b, buf, sizeof(buf))) > 0 - || (n == 0 && BIO_should_retry(b))) { + || (n == 0 && BIO_should_retry(b))) { if (!n) continue; tmp_data = OPENSSL_realloc((*policy)->data, - (*policy)->length + n + 1); + (*policy)->length + n + 1); if (!tmp_data) { OPENSSL_free((*policy)->data); @@ -197,11 +203,11 @@ } else if (strncmp(val->value, "text:", 5) == 0) { val_len = strlen(val->value + 5); tmp_data = OPENSSL_realloc((*policy)->data, - (*policy)->length + val_len + 1); + (*policy)->length + val_len + 1); if (tmp_data) { (*policy)->data = tmp_data; memcpy(&(*policy)->data[(*policy)->length], - val->value + 5, val_len); + val->value + 5, val_len); (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } else { @@ -228,7 +234,7 @@ } } return 1; - err: +err: if (free_policy) { ASN1_OCTET_STRING_free(*policy); *policy = NULL; @@ -237,7 +243,7 @@ } static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *value) + X509V3_CTX *ctx, char *value) { PROXY_CERT_INFO_EXTENSION *pci = NULL; STACK_OF(CONF_VALUE) *vals; @@ -266,9 +272,8 @@ goto err; } for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) { - success_p = - process_pci_value(sk_CONF_VALUE_value(sect, j), - &language, &pathlen, &policy); + success_p = process_pci_value(sk_CONF_VALUE_value(sect, j), + &language, &pathlen, &policy); } X509V3_section_free(ctx, sect); if (!success_p) @@ -284,13 +289,13 @@ /* Language is mandatory */ if (!language) { ERR_raise(ERR_LIB_X509V3, - X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); + X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); goto err; } i = OBJ_obj2nid(language); if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) { ERR_raise(ERR_LIB_X509V3, - X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); + X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); goto err; } @@ -307,7 +312,7 @@ pci->pcPathLengthConstraint = pathlen; pathlen = NULL; goto end; - err: +err: ASN1_OBJECT_free(language); ASN1_INTEGER_free(pathlen); pathlen = NULL; @@ -315,7 +320,7 @@ policy = NULL; PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; - end: +end: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pci; } --- crypto/openssl/crypto/x509/v3_pcia.c.orig +++ crypto/openssl/crypto/x509/v3_pcia.c @@ -47,18 +47,16 @@ #include #include -ASN1_SEQUENCE(PROXY_POLICY) = - { - ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), - ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) +ASN1_SEQUENCE(PROXY_POLICY) = { + ASN1_SIMPLE(PROXY_POLICY, policyLanguage, ASN1_OBJECT), + ASN1_OPT(PROXY_POLICY, policy, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(PROXY_POLICY) IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) -ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = - { - ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), - ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) +ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = { + ASN1_OPT(PROXY_CERT_INFO_EXTENSION, pcPathLengthConstraint, ASN1_INTEGER), + ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION, proxyPolicy, PROXY_POLICY) } ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) --- crypto/openssl/crypto/x509/v3_pcons.c.orig +++ crypto/openssl/crypto/x509/v3_pcons.c @@ -16,11 +16,11 @@ #include "ext_dat.h" static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD - *method, void *bcons, STACK_OF(CONF_VALUE) - *extlist); + *method, + void *bcons, STACK_OF(CONF_VALUE) *extlist); static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values); const X509V3_EXT_METHOD ossl_v3_policy_constraints = { NID_policy_constraints, 0, @@ -34,27 +34,27 @@ }; ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { - ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), - ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) + ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER, 0), + ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER, 1) } ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD - *method, void *a, STACK_OF(CONF_VALUE) - *extlist) + *method, + void *a, STACK_OF(CONF_VALUE) *extlist) { POLICY_CONSTRAINTS *pcons = a; X509V3_add_value_int("Require Explicit Policy", - pcons->requireExplicitPolicy, &extlist); + pcons->requireExplicitPolicy, &extlist); X509V3_add_value_int("Inhibit Policy Mapping", - pcons->inhibitPolicyMapping, &extlist); + pcons->inhibitPolicyMapping, &extlist); return extlist; } static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values) + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { POLICY_CONSTRAINTS *pcons = NULL; CONF_VALUE *val; @@ -74,18 +74,18 @@ goto err; } else { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_NAME, - "%s", val->name); + "%s", val->name); goto err; } } if (pcons->inhibitPolicyMapping == NULL - && pcons->requireExplicitPolicy == NULL) { + && pcons->requireExplicitPolicy == NULL) { ERR_raise(ERR_LIB_X509V3, X509V3_R_ILLEGAL_EMPTY_EXTENSION); goto err; } return pcons; - err: +err: POLICY_CONSTRAINTS_free(pcons); return NULL; } --- crypto/openssl/crypto/x509/v3_pku.c.orig +++ crypto/openssl/crypto/x509/v3_pku.c @@ -15,8 +15,8 @@ #include "ext_dat.h" static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, - int indent); + PKEY_USAGE_PERIOD *usage, BIO *out, + int indent); const X509V3_EXT_METHOD ossl_v3_pkey_usage_period = { NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), @@ -27,15 +27,15 @@ }; ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = { - ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), - ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) + ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), + ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) } ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD) IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, - int indent) + PKEY_USAGE_PERIOD *usage, BIO *out, + int indent) { BIO_printf(out, "%*s", indent, ""); if (usage->notBefore) { --- crypto/openssl/crypto/x509/v3_pmaps.c.orig +++ crypto/openssl/crypto/x509/v3_pmaps.c @@ -15,10 +15,10 @@ #include "ext_dat.h" static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD - *method, void *pmps, STACK_OF(CONF_VALUE) - *extlist); + *method, + void *pmps, STACK_OF(CONF_VALUE) *extlist); const X509V3_EXT_METHOD ossl_v3_policy_mappings = { NID_policy_mappings, 0, @@ -32,20 +32,19 @@ }; ASN1_SEQUENCE(POLICY_MAPPING) = { - ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), - ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) + ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), + ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) } ASN1_SEQUENCE_END(POLICY_MAPPING) -ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, - POLICY_MAPPING) +ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, + POLICY_MAPPING) ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD - *method, void *a, STACK_OF(CONF_VALUE) - *ext_list) + *method, + void *a, STACK_OF(CONF_VALUE) *ext_list) { POLICY_MAPPINGS *pmaps = a; POLICY_MAPPING *pmap; @@ -63,7 +62,7 @@ } static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { POLICY_MAPPING *pmap = NULL; ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; @@ -81,14 +80,14 @@ val = sk_CONF_VALUE_value(nval, i); if (!val->value || !val->name) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER, - "%s", val->name); + "%s", val->name); goto err; } obj1 = OBJ_txt2obj(val->name, 0); obj2 = OBJ_txt2obj(val->value, 0); if (!obj1 || !obj2) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER, - "%s", val->name); + "%s", val->name); goto err; } pmap = POLICY_MAPPING_new(); @@ -102,7 +101,7 @@ sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */ } return pmaps; - err: +err: ASN1_OBJECT_free(obj1); ASN1_OBJECT_free(obj2); sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); --- crypto/openssl/crypto/x509/v3_prn.c.orig +++ crypto/openssl/crypto/x509/v3_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,12 +17,12 @@ /* Extension printing routines */ static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, - unsigned long flag, int indent, int supported); + unsigned long flag, int indent, int supported); /* Print out a name+value stack */ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, - int ml) + int ml) { int i; CONF_VALUE *nval; @@ -38,8 +38,7 @@ if (i > 0) BIO_printf(out, "\n"); BIO_printf(out, "%*s", indent, ""); - } - else if (i > 0) + } else if (i > 0) BIO_printf(out, ", "); nval = sk_CONF_VALUE_value(val, i); if (!nval->name) @@ -68,7 +67,7 @@ /* Main routine: print out a general extension */ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - int indent) + int indent) { void *ext_str = NULL; char *value = NULL; @@ -119,14 +118,14 @@ goto err; } X509V3_EXT_val_prn(out, nval, indent, - method->ext_flags & X509V3_EXT_MULTILINE); + method->ext_flags & X509V3_EXT_MULTILINE); } else if (method->i2r) { if (!method->i2r(method, ext_str, out, indent)) ok = 0; } else ok = 0; - err: +err: sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); OPENSSL_free(value); if (method->it) @@ -137,8 +136,8 @@ } int X509V3_extensions_print(BIO *bp, const char *title, - const STACK_OF(X509_EXTENSION) *exts, - unsigned long flag, int indent) + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent) { int i, j; @@ -157,8 +156,8 @@ ex = sk_X509_EXTENSION_value(exts, i); obj = X509_EXTENSION_get_object(ex); if ((flag & X509_FLAG_EXTENSIONS_ONLY_KID) != 0 - && OBJ_obj2nid(obj) != NID_subject_key_identifier - && OBJ_obj2nid(obj) != NID_authority_key_identifier) + && OBJ_obj2nid(obj) != NID_subject_key_identifier + && OBJ_obj2nid(obj) != NID_authority_key_identifier) continue; if (indent && BIO_printf(bp, "%*s", indent, "") <= 0) return 0; @@ -177,7 +176,7 @@ } static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, - unsigned long flag, int indent, int supported) + unsigned long flag, int indent, int supported) { switch (flag & X509V3_EXT_UNKNOWN_MASK) { @@ -192,9 +191,9 @@ return 1; case X509V3_EXT_PARSE_UNKNOWN: - return ASN1_parse_dump(out, ext, extlen, indent, -1); + return ASN1_parse_dump(out, ext, extlen, indent, -1) > 0; case X509V3_EXT_DUMP_UNKNOWN: - return BIO_dump_indent(out, (const char *)ext, extlen, indent); + return BIO_dump_indent(out, (const char *)ext, extlen, indent) > 0; default: return 1; --- crypto/openssl/crypto/x509/v3_purp.c.orig +++ crypto/openssl/crypto/x509/v3_purp.c @@ -18,49 +18,49 @@ static int check_ssl_ca(const X509 *x); static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int purpose_smime(const X509 *x, int require_ca); static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int no_check_purpose(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int check_purpose_ocsp_helper(const X509_PURPOSE *xp, const X509 *x, - int require_ca); + int require_ca); static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b); static void xptable_free(X509_PURPOSE *p); static X509_PURPOSE xstandard[] = { - {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, - check_purpose_ssl_client, "SSL client", "sslclient", NULL}, - {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, - check_purpose_ssl_server, "SSL server", "sslserver", NULL}, - {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, - check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, - {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, - "S/MIME signing", "smimesign", NULL}, - {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, - check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, - {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, - "CRL signing", "crlsign", NULL}, - {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check_purpose, - "Any Purpose", "any", - NULL}, - {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, check_purpose_ocsp_helper, - "OCSP helper", "ocsphelper", NULL}, - {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, - check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", - NULL}, + { X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, + check_purpose_ssl_client, "SSL client", "sslclient", NULL }, + { X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, + check_purpose_ssl_server, "SSL server", "sslserver", NULL }, + { X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, + check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL }, + { X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, + "S/MIME signing", "smimesign", NULL }, + { X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, + check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL }, + { X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, + "CRL signing", "crlsign", NULL }, + { X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check_purpose, + "Any Purpose", "any", + NULL }, + { X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, check_purpose_ocsp_helper, + "OCSP helper", "ocsphelper", NULL }, + { X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, + check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", + NULL }, }; #define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) @@ -151,8 +151,8 @@ } int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck) (const X509_PURPOSE *, const X509 *, int), - const char *name, const char *sname, void *arg) + int (*ck)(const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg) { int idx; X509_PURPOSE *ptmp; @@ -181,7 +181,7 @@ /* Dup supplied name */ ptmp->name = OPENSSL_strdup(name); ptmp->sname = OPENSSL_strdup(sname); - if (ptmp->name == NULL|| ptmp->sname == NULL) { + if (ptmp->name == NULL || ptmp->sname == NULL) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto err; } @@ -208,7 +208,7 @@ } } return 1; - err: +err: if (idx == -1) { OPENSSL_free(ptmp->name); OPENSSL_free(ptmp->sname); @@ -275,22 +275,22 @@ */ static const int supported_nids[] = { NID_netscape_cert_type, /* 71 */ - NID_key_usage, /* 83 */ - NID_subject_alt_name, /* 85 */ - NID_basic_constraints, /* 87 */ + NID_key_usage, /* 83 */ + NID_subject_alt_name, /* 85 */ + NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ NID_crl_distribution_points, /* 103 */ - NID_ext_key_usage, /* 126 */ + NID_ext_key_usage, /* 126 */ #ifndef OPENSSL_NO_RFC3779 - NID_sbgp_ipAddrBlock, /* 290 */ + NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_autonomousSysNum, /* 291 */ #endif NID_id_pkix_OCSP_noCheck, /* 369 */ NID_policy_constraints, /* 401 */ - NID_proxyCertInfo, /* 663 */ - NID_name_constraints, /* 666 */ - NID_policy_mappings, /* 747 */ - NID_inhibit_any_policy /* 748 */ + NID_proxyCertInfo, /* 663 */ + NID_name_constraints, /* 666 */ + NID_policy_mappings, /* 747 */ + NID_inhibit_any_policy /* 748 */ }; int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); @@ -371,15 +371,16 @@ if (issuer_key == NULL) return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), - NULL, &subj_sig_nid) == 0) - return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; + NULL, &subj_sig_nid) + == 0) + return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; if (EVP_PKEY_is_a(issuer_key, OBJ_nid2sn(subj_sig_nid)) || (EVP_PKEY_is_a(issuer_key, "RSA") && subj_sig_nid == NID_rsassaPss)) return X509_V_OK; return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; } -#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) +#define V1_ROOT (EXFLAG_V1 | EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) != 0 && ((x)->ex_kusage & (usage)) == 0) #define xku_reject(x, usage) \ @@ -555,8 +556,8 @@ if (X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)) == 0) { x->ex_flags |= EXFLAG_SI; /* Cert is self-issued */ if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ - /* .. and the signature alg matches the PUBKEY alg: */ - && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) + /* .. and the signature alg matches the PUBKEY alg: */ + && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ /* This is very related to ossl_x509_likely_issued(x, x) == X509_V_OK */ } @@ -635,7 +636,7 @@ ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_CERTIFICATE); /* If computing sha1_hash failed the error queue already reflects this. */ - err: +err: x->ex_flags |= EXFLAG_SET; /* indicate that cert has been processed */ CRYPTO_THREAD_unlock(x->lock); return 0; @@ -712,7 +713,7 @@ } static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { if (xku_reject(x, XKU_SSL_CLIENT)) return 0; @@ -733,10 +734,10 @@ * key types. */ #define KU_TLS \ - KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT + KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT | KU_KEY_AGREEMENT static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC)) return 0; @@ -749,11 +750,10 @@ return 0; return 1; - } static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { int ret; ret = check_purpose_ssl_server(xp, x, require_ca); @@ -793,7 +793,7 @@ } static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { int ret; ret = purpose_smime(x, require_ca); @@ -805,7 +805,7 @@ } static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { int ret; ret = purpose_smime(x, require_ca); @@ -817,7 +817,7 @@ } static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { if (require_ca) { int ca_ret; @@ -836,7 +836,7 @@ * is valid. Additional checks must be made on the chain. */ static int check_purpose_ocsp_helper(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { /* * Must be a valid CA. Should we really support the "I don't know" value @@ -849,7 +849,7 @@ } static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { int i_ext; @@ -864,8 +864,7 @@ * be rejected). */ if ((x->ex_flags & EXFLAG_KUSAGE) - && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) || - !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) + && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) || !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) return 0; /* Only time stamp key usage is permitted and it's required. */ @@ -884,7 +883,7 @@ } static int no_check_purpose(const X509_PURPOSE *xp, const X509 *x, - int require_ca) + int require_ca) { return 1; } @@ -917,12 +916,13 @@ int ret; if (X509_NAME_cmp(X509_get_subject_name(issuer), - X509_get_issuer_name(subject)) != 0) + X509_get_issuer_name(subject)) + != 0) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; /* set issuer->skid and subject->akid */ if (!ossl_x509v3_cache_extensions(issuer) - || !ossl_x509v3_cache_extensions(subject)) + || !ossl_x509v3_cache_extensions(subject)) return X509_V_ERR_UNSPECIFIED; ret = X509_check_akid(issuer, subject->akid); @@ -956,12 +956,10 @@ return X509_V_OK; /* Check key ids (if present) */ - if (akid->keyid && issuer->skid && - ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid)) + if (akid->keyid && issuer->skid && ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid)) return X509_V_ERR_AKID_SKID_MISMATCH; /* Check serial number */ - if (akid->serial && - ASN1_INTEGER_cmp(X509_get0_serialNumber(issuer), akid->serial)) + if (akid->serial && ASN1_INTEGER_cmp(X509_get0_serialNumber(issuer), akid->serial)) return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; /* Check issuer name */ if (akid->issuer) { @@ -1051,7 +1049,7 @@ { /* Called for side effect of caching extensions */ if (X509_check_purpose(x, -1, 0) != 1 - || (x->ex_flags & EXFLAG_BCONS) == 0) + || (x->ex_flags & EXFLAG_BCONS) == 0) return -1; return x->ex_pathlen; } @@ -1060,7 +1058,7 @@ { /* Called for side effect of caching extensions */ if (X509_check_purpose(x, -1, 0) != 1 - || (x->ex_flags & EXFLAG_PROXY) == 0) + || (x->ex_flags & EXFLAG_PROXY) == 0) return -1; return x->ex_pcpathlen; } --- crypto/openssl/crypto/x509/v3_san.c.orig +++ crypto/openssl/crypto/x509/v3_san.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,41 +16,41 @@ #include "ext_dat.h" static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); const X509V3_EXT_METHOD ossl_v3_alt[3] = { - {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_GENERAL_NAMES, - (X509V3_EXT_V2I)v2i_subject_alt, - NULL, NULL, NULL}, - - {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_GENERAL_NAMES, - (X509V3_EXT_V2I)v2i_issuer_alt, - NULL, NULL, NULL}, - - {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_GENERAL_NAMES, - NULL, NULL, NULL, NULL}, + { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), + 0, 0, 0, 0, + 0, 0, + (X509V3_EXT_I2V)i2v_GENERAL_NAMES, + (X509V3_EXT_V2I)v2i_subject_alt, + NULL, NULL, NULL }, + + { NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), + 0, 0, 0, 0, + 0, 0, + (X509V3_EXT_I2V)i2v_GENERAL_NAMES, + (X509V3_EXT_V2I)v2i_issuer_alt, + NULL, NULL, NULL }, + + { NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), + 0, 0, 0, 0, + 0, 0, + (X509V3_EXT_I2V)i2v_GENERAL_NAMES, + NULL, NULL, NULL, NULL }, }; STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - GENERAL_NAMES *gens, - STACK_OF(CONF_VALUE) *ret) + GENERAL_NAMES *gens, + STACK_OF(CONF_VALUE) *ret) { int i; GENERAL_NAME *gen; @@ -77,8 +77,8 @@ } STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, - GENERAL_NAME *gen, - STACK_OF(CONF_VALUE) *ret) + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret) { char othername[300]; char oline[256], *tmp; @@ -88,64 +88,64 @@ switch (OBJ_obj2nid(gen->d.otherName->type_id)) { case NID_id_on_SmtpUTF8Mailbox: if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !x509v3_add_len_value_uchar("othername: SmtpUTF8Mailbox:", - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) + || !x509v3_add_len_value_uchar("othername: SmtpUTF8Mailbox:", + gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, + &ret)) return NULL; break; case NID_XmppAddr: if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !x509v3_add_len_value_uchar("othername: XmppAddr:", - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) + || !x509v3_add_len_value_uchar("othername: XmppAddr:", + gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, + &ret)) return NULL; break; case NID_SRVName: if (gen->d.otherName->value->type != V_ASN1_IA5STRING - || !x509v3_add_len_value_uchar("othername: SRVName:", - gen->d.otherName->value->value.ia5string->data, - gen->d.otherName->value->value.ia5string->length, - &ret)) + || !x509v3_add_len_value_uchar("othername: SRVName:", + gen->d.otherName->value->value.ia5string->data, + gen->d.otherName->value->value.ia5string->length, + &ret)) return NULL; break; case NID_ms_upn: if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !x509v3_add_len_value_uchar("othername: UPN:", - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) + || !x509v3_add_len_value_uchar("othername: UPN:", + gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, + &ret)) return NULL; break; case NID_NAIRealm: if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !x509v3_add_len_value_uchar("othername: NAIRealm:", - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) + || !x509v3_add_len_value_uchar("othername: NAIRealm:", + gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, + &ret)) return NULL; break; default: - if (OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 0) > 0) + if (OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 0) > 0) BIO_snprintf(othername, sizeof(othername), "othername: %s:", - oline); + oline); else OPENSSL_strlcpy(othername, "othername:", sizeof(othername)); /* check if the value is something printable */ if (gen->d.otherName->value->type == V_ASN1_IA5STRING) { if (x509v3_add_len_value_uchar(othername, - gen->d.otherName->value->value.ia5string->data, - gen->d.otherName->value->value.ia5string->length, - &ret)) + gen->d.otherName->value->value.ia5string->data, + gen->d.otherName->value->value.ia5string->length, + &ret)) return ret; } if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { if (x509v3_add_len_value_uchar(othername, - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) + gen->d.otherName->value->value.utf8string->data, + gen->d.otherName->value->value.utf8string->length, + &ret)) return ret; } if (!X509V3_add_value(othername, "", &ret)) @@ -166,25 +166,25 @@ case GEN_EMAIL: if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, - gen->d.ia5->length, &ret)) + gen->d.ia5->length, &ret)) return NULL; break; case GEN_DNS: if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, - gen->d.ia5->length, &ret)) + gen->d.ia5->length, &ret)) return NULL; break; case GEN_URI: if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, - gen->d.ia5->length, &ret)) + gen->d.ia5->length, &ret)) return NULL; break; case GEN_DIRNAME: if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL - || !X509V3_add_value("DirName", oline, &ret)) + || !X509V3_add_value("DirName", oline, &ret)) return NULL; break; @@ -214,9 +214,9 @@ nid = OBJ_obj2nid(gen->d.otherName->type_id); /* Validate the types are as we expect before we use them */ if ((nid == NID_SRVName - && gen->d.otherName->value->type != V_ASN1_IA5STRING) - || (nid != NID_SRVName - && gen->d.otherName->value->type != V_ASN1_UTF8STRING)) { + && gen->d.otherName->value->type != V_ASN1_IA5STRING) + || (nid != NID_SRVName + && gen->d.otherName->value->type != V_ASN1_UTF8STRING)) { BIO_printf(out, "othername:"); break; } @@ -224,28 +224,28 @@ switch (nid) { case NID_id_on_SmtpUTF8Mailbox: BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s", - gen->d.otherName->value->value.utf8string->length, - gen->d.otherName->value->value.utf8string->data); + gen->d.otherName->value->value.utf8string->length, + gen->d.otherName->value->value.utf8string->data); break; case NID_XmppAddr: BIO_printf(out, "othername:XmppAddr:%.*s", - gen->d.otherName->value->value.utf8string->length, - gen->d.otherName->value->value.utf8string->data); + gen->d.otherName->value->value.utf8string->length, + gen->d.otherName->value->value.utf8string->data); break; case NID_SRVName: BIO_printf(out, "othername:SRVName:%.*s", - gen->d.otherName->value->value.ia5string->length, - gen->d.otherName->value->value.ia5string->data); + gen->d.otherName->value->value.ia5string->length, + gen->d.otherName->value->value.ia5string->data); break; case NID_ms_upn: BIO_printf(out, "othername:UPN:%.*s", - gen->d.otherName->value->value.utf8string->length, - gen->d.otherName->value->value.utf8string->data); + gen->d.otherName->value->value.utf8string->length, + gen->d.otherName->value->value.utf8string->data); break; case NID_NAIRealm: BIO_printf(out, "othername:NAIRealm:%.*s", - gen->d.otherName->value->value.utf8string->length, - gen->d.otherName->value->value.utf8string->data); + gen->d.otherName->value->value.utf8string->length, + gen->d.otherName->value->value.utf8string->data); break; default: BIO_printf(out, "othername:"); @@ -299,8 +299,8 @@ } static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { const int num = sk_CONF_VALUE_num(nval); GENERAL_NAMES *gens = sk_GENERAL_NAME_new_reserve(NULL, num); @@ -327,7 +327,7 @@ } } return gens; - err: +err: sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return NULL; } @@ -364,21 +364,20 @@ for (i = 0; i < num; i++) { gen = sk_GENERAL_NAME_value(ialt, i); - sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } sk_GENERAL_NAME_free(ialt); return 1; - err: +err: sk_GENERAL_NAME_free(ialt); return 0; - } static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { GENERAL_NAMES *gens; CONF_VALUE *cnf; @@ -399,7 +398,7 @@ if (!copy_email(ctx, gens, 0)) goto err; } else if (ossl_v3_name_cmp(cnf->name, "email") == 0 - && cnf->value && strcmp(cnf->value, "move") == 0) { + && cnf->value && strcmp(cnf->value, "move") == 0) { if (!copy_email(ctx, gens, 1)) goto err; } else { @@ -410,7 +409,7 @@ } } return gens; - err: +err: sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return NULL; } @@ -435,13 +434,12 @@ return 0; } /* Find the subject name */ - nm = ctx->subject_cert != NULL ? - X509_get_subject_name(ctx->subject_cert) : - X509_REQ_get_subject_name(ctx->subject_req); + nm = ctx->subject_cert != NULL ? X509_get_subject_name(ctx->subject_cert) : X509_REQ_get_subject_name(ctx->subject_req); /* Now add any email address(es) to STACK */ while ((i = X509_NAME_get_index_by_NID(nm, - NID_pkcs9_emailAddress, i)) >= 0) { + NID_pkcs9_emailAddress, i)) + >= 0) { ne = X509_NAME_get_entry(nm, i); email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); if (move_p) { @@ -465,15 +463,14 @@ return 1; - err: +err: GENERAL_NAME_free(gen); ASN1_IA5STRING_free(email); return 0; - } GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { GENERAL_NAME *gen; GENERAL_NAMES *gens; @@ -492,24 +489,24 @@ cnf = sk_CONF_VALUE_value(nval, i); if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; - sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } return gens; - err: +err: sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return NULL; } GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf) + X509V3_CTX *ctx, CONF_VALUE *cnf) { return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); } GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, const char *value, - int is_nc) + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, const char *value, + int is_nc) { char is_string = 0; GENERAL_NAME *gen = NULL; @@ -536,17 +533,15 @@ is_string = 1; break; - case GEN_RID: - { - ASN1_OBJECT *obj; - if ((obj = OBJ_txt2obj(value, 0)) == NULL) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_OBJECT, - "value=%s", value); - goto err; - } - gen->d.rid = obj; + case GEN_RID: { + ASN1_OBJECT *obj; + if ((obj = OBJ_txt2obj(value, 0)) == NULL) { + ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_OBJECT, + "value=%s", value); + goto err; } - break; + gen->d.rid = obj; + } break; case GEN_IPADD: if (is_nc) @@ -555,7 +550,7 @@ gen->d.ip = a2i_IPADDRESS(value); if (gen->d.ip == NULL) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_IP_ADDRESS, - "value=%s", value); + "value=%s", value); goto err; } break; @@ -579,9 +574,7 @@ } if (is_string) { - if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || - !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, - strlen(value))) { + if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { ASN1_IA5STRING_free(gen->d.ia5); gen->d.ia5 = NULL; ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); @@ -593,15 +586,15 @@ return gen; - err: +err: if (!out) GENERAL_NAME_free(gen); return NULL; } GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) { int type; @@ -631,17 +624,17 @@ type = GEN_OTHERNAME; else { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_OPTION, - "name=%s", name); + "name=%s", name); return NULL; } return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); - } static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { - char *objtmp = NULL, *p; + char *objtmp = NULL; + const char *p; int objlen; if ((p = strchr(value, ';')) == NULL) @@ -665,7 +658,7 @@ goto err; return 1; - err: +err: OTHERNAME_free(gen->d.otherName); gen->d.otherName = NULL; return 0; @@ -682,7 +675,7 @@ sk = X509V3_get_section(ctx, value); if (!sk) { ERR_raise_data(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND, - "section=%s", value); + "section=%s", value); goto err; } /* FIXME: should allow other character types... */ --- crypto/openssl/crypto/x509/v3_skid.c.orig +++ crypto/openssl/crypto/x509/v3_skid.c @@ -14,7 +14,7 @@ #include "ext_dat.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); + X509V3_CTX *ctx, char *str); const X509V3_EXT_METHOD ossl_v3_skey_id = { NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), 0, 0, 0, 0, @@ -25,13 +25,13 @@ }; char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - const ASN1_OCTET_STRING *oct) + const ASN1_OCTET_STRING *oct) { return OPENSSL_buf2hexstr(oct->data, oct->length); } ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) + X509V3_CTX *ctx, const char *str) { ASN1_OCTET_STRING *oct; long length; @@ -49,7 +49,6 @@ oct->length = length; return oct; - } ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey) @@ -78,7 +77,7 @@ X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL) - && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { EVP_MD_free(md); return oct; } @@ -89,7 +88,7 @@ } static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) + X509V3_CTX *ctx, char *str) { if (strcmp(str, "none") == 0) return ASN1_OCTET_STRING_new(); /* dummy */ @@ -105,7 +104,5 @@ return NULL; } - return ossl_x509_pubkey_hash(ctx->subject_cert != NULL ? - ctx->subject_cert->cert_info.key : - ctx->subject_req->req_info.pubkey); + return ossl_x509_pubkey_hash(ctx->subject_cert != NULL ? ctx->subject_cert->cert_info.key : ctx->subject_req->req_info.pubkey); } --- crypto/openssl/crypto/x509/v3_sxnet.c.orig +++ crypto/openssl/crypto/x509/v3_sxnet.c @@ -20,10 +20,10 @@ #define SXNET_TEST static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent); + int indent); #ifdef SXNET_TEST static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + STACK_OF(CONF_VALUE) *nval); #endif const X509V3_EXT_METHOD ossl_v3_sxnet = { NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), @@ -41,21 +41,21 @@ }; ASN1_SEQUENCE(SXNETID) = { - ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), - ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) + ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), + ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(SXNETID) IMPLEMENT_ASN1_FUNCTIONS(SXNETID) ASN1_SEQUENCE(SXNET) = { - ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), - ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) + ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), + ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) } ASN1_SEQUENCE_END(SXNET) IMPLEMENT_ASN1_FUNCTIONS(SXNET) static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent) + int indent) { int64_t v; char *tmp; @@ -67,8 +67,8 @@ * LONG_MAX since that would cause on overflow. */ if (!ASN1_INTEGER_get_int64(&v, sx->version) - || v >= LONG_MAX - || v < LONG_MIN) { + || v >= LONG_MAX + || v < LONG_MIN) { BIO_printf(out, "%*sVersion: ", indent, ""); } else { long vl = (long)v; @@ -96,7 +96,7 @@ */ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) + STACK_OF(CONF_VALUE) *nval) { CONF_VALUE *cnf; SXNET *sx = NULL; @@ -106,7 +106,7 @@ if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) { SXNET_free(sx); return NULL; - } + } } return sx; } @@ -135,7 +135,7 @@ /* Add an id given the zone as an unsigned long */ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, - int userlen) + int userlen) { ASN1_INTEGER *izone; @@ -158,7 +158,7 @@ */ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, - int userlen) + int userlen) { SXNET *sx = NULL; SXNETID *id = NULL; @@ -201,7 +201,7 @@ *psx = sx; return 1; - err: +err: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); SXNETID_free(id); if (*psx == NULL) --- crypto/openssl/crypto/x509/v3_tlsf.c.orig +++ crypto/openssl/crypto/x509/v3_tlsf.c @@ -17,17 +17,16 @@ #include "x509_local.h" static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, - TLS_FEATURE *tls_feature, - STACK_OF(CONF_VALUE) *ext_list); + TLS_FEATURE *tls_feature, + STACK_OF(CONF_VALUE) *ext_list); static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); -ASN1_ITEM_TEMPLATE(TLS_FEATURE) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) +ASN1_ITEM_TEMPLATE(TLS_FEATURE) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) const X509V3_EXT_METHOD ossl_v3_tls_feature = { NID_tlsfeature, 0, @@ -40,7 +39,6 @@ NULL }; - typedef struct { long num; const char *name; @@ -58,8 +56,8 @@ * returned. */ static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, - TLS_FEATURE *tls_feature, - STACK_OF(CONF_VALUE) *ext_list) + TLS_FEATURE *tls_feature, + STACK_OF(CONF_VALUE) *ext_list) { int i; size_t j; @@ -85,7 +83,7 @@ * error, NULL is returned. */ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { TLS_FEATURE *tlsf; char *extval, *endptr; @@ -114,8 +112,7 @@ tlsextid = tls_feature_tbl[j].num; else { tlsextid = strtol(extval, &endptr, 10); - if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || - (tlsextid > 65535)) { + if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || (tlsextid > 65535)) { ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SYNTAX); X509V3_conf_add_error_name_value(val); goto err; @@ -123,8 +120,8 @@ } if ((ai = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(ai, tlsextid) - || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { + || !ASN1_INTEGER_set(ai, tlsextid) + || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto err; } @@ -133,7 +130,7 @@ } return tlsf; - err: +err: sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); ASN1_INTEGER_free(ai); return NULL; --- crypto/openssl/crypto/x509/v3_utf8.c.orig +++ crypto/openssl/crypto/x509/v3_utf8.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,18 +16,17 @@ /* * Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String) - * This extention is required to obtain the status of a qualified certificate at Russian Federation. + * This extension is required to obtain the status of a qualified certificate at Russian Federation. * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ */ - const X509V3_EXT_METHOD ossl_v3_utf8_list[1] = { EXT_UTF8STRING(NID_subjectSignTool), }; char *i2s_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, - ASN1_UTF8STRING *utf8) + ASN1_UTF8STRING *utf8) { char *tmp; @@ -45,7 +44,7 @@ } ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) + X509V3_CTX *ctx, const char *str) { ASN1_UTF8STRING *utf8; if (str == NULL) { @@ -63,6 +62,6 @@ } #ifdef CHARSET_EBCDIC ebcdic2ascii(utf8->data, utf8->data, utf8->length); -#endif /* CHARSET_EBCDIC */ +#endif /* CHARSET_EBCDIC */ return utf8; } --- crypto/openssl/crypto/x509/v3_utl.c.orig +++ crypto/openssl/crypto/x509/v3_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,10 +25,10 @@ static char *strip_spaces(char *name); static int sk_strcmp(const char *const *a, const char *const *b); static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, - GENERAL_NAMES *gens); + GENERAL_NAMES *gens); static void str_free(OPENSSL_STRING str); static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, - const ASN1_IA5STRING *email); + const ASN1_IA5STRING *email); static int ipv4_from_asc(unsigned char *v4, const char *in); static int ipv6_from_asc(unsigned char *v6, const char *in); @@ -38,7 +38,7 @@ /* Add a CONF_VALUE name value pair to stack */ static int x509v3_add_len_value(const char *name, const char *value, - size_t vallen, STACK_OF(CONF_VALUE) **extlist) + size_t vallen, STACK_OF(CONF_VALUE) **extlist) { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; @@ -47,7 +47,7 @@ if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) goto err; if (value != NULL) { - /* We don't allow embeded NUL characters */ + /* We don't allow embedded NUL characters */ if (memchr(value, 0, vallen) != NULL) goto err; tvalue = OPENSSL_strndup(value, vallen); @@ -64,7 +64,7 @@ if (!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; return 1; - err: +err: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); if (sk_allocated) { sk_CONF_VALUE_free(*extlist); @@ -77,23 +77,23 @@ } int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) + STACK_OF(CONF_VALUE) **extlist) { return x509v3_add_len_value(name, value, - value != NULL ? strlen((const char *)value) : 0, - extlist); + value != NULL ? strlen((const char *)value) : 0, + extlist); } int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist) + STACK_OF(CONF_VALUE) **extlist) { return x509v3_add_len_value(name, (const char *)value, - value != NULL ? strlen((const char *)value) : 0, - extlist); + value != NULL ? strlen((const char *)value) : 0, + extlist); } int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, - size_t vallen, STACK_OF(CONF_VALUE) **extlist) + size_t vallen, STACK_OF(CONF_VALUE) **extlist) { return x509v3_add_len_value(name, (const char *)value, vallen, extlist); } @@ -111,7 +111,7 @@ } int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) + STACK_OF(CONF_VALUE) **extlist) { if (asn1_bool) return X509V3_add_value(name, "TRUE", extlist); @@ -119,7 +119,7 @@ } int X509V3_add_value_bool_nf(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) + STACK_OF(CONF_VALUE) **extlist) { if (asn1_bool) return X509V3_add_value(name, "TRUE", extlist); @@ -247,7 +247,7 @@ } int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist) + STACK_OF(CONF_VALUE) **extlist) { char *strtmp; int ret; @@ -285,7 +285,7 @@ *asn1_bool = 0; return 1; } - err: +err: ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_BOOLEAN_STRING); X509V3_conf_add_error_name_value(value); return 0; @@ -303,8 +303,8 @@ return 1; } -#define HDR_NAME 1 -#define HDR_VALUE 2 +#define HDR_NAME 1 +#define HDR_VALUE 2 /* * #define DEBUG @@ -328,7 +328,7 @@ ntmp = NULL; /* Go through all characters */ for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n'); - p++) { + p++) { switch (state) { case HDR_NAME: @@ -370,7 +370,6 @@ ntmp = NULL; q = p + 1; } - } } @@ -396,11 +395,10 @@ OPENSSL_free(linebuf); return values; - err: +err: OPENSSL_free(linebuf); sk_CONF_VALUE_pop_free(values, X509V3_conf_free); return NULL; - } /* Delete leading and trailing spaces from a string */ @@ -424,7 +422,6 @@ return p; } - /* * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* */ @@ -472,8 +469,7 @@ ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) { if (ad->location->type == GEN_URI) { - if (!append_ia5 - (&ret, ad->location->d.uniformResourceIdentifier)) + if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) break; } } @@ -497,7 +493,7 @@ } static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, - GENERAL_NAMES *gens) + GENERAL_NAMES *gens) { STACK_OF(OPENSSL_STRING) *ret = NULL; X509_NAME_ENTRY *ne; @@ -508,7 +504,8 @@ /* Now add any email address(es) to STACK */ /* First supplied X509_NAME */ while ((i = X509_NAME_get_index_by_NID(name, - NID_pkcs9_emailAddress, i)) >= 0) { + NID_pkcs9_emailAddress, i)) + >= 0) { ne = X509_NAME_get_entry(name, i); email = X509_NAME_ENTRY_get_data(ne); if (!append_ia5(&ret, email)) @@ -530,7 +527,7 @@ } static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, - const ASN1_IA5STRING *email) + const ASN1_IA5STRING *email) { char *emtmp; @@ -572,14 +569,14 @@ sk_OPENSSL_STRING_pop_free(sk, str_free); } -typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags); +typedef int (*equal_fn)(const unsigned char *pattern, size_t pattern_len, + const unsigned char *subject, size_t subject_len, + unsigned int flags); /* Skip pattern prefix to match "wildcard" subject */ static void skip_prefix(const unsigned char **p, size_t *plen, - size_t subject_len, - unsigned int flags) + size_t subject_len, + unsigned int flags) { const unsigned char *pattern = *p; size_t pattern_len = *plen; @@ -594,8 +591,7 @@ return; while (pattern_len > subject_len && *pattern) { - if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) && - *pattern == '.') + if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) && *pattern == '.') break; ++pattern; --pattern_len; @@ -610,8 +606,8 @@ /* Compare while ASCII ignoring case. */ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) + const unsigned char *subject, size_t subject_len, + unsigned int flags) { skip_prefix(&pattern, &pattern_len, subject_len, flags); if (pattern_len != subject_len) @@ -640,8 +636,8 @@ /* Compare using memcmp. */ static int equal_case(const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) + const unsigned char *subject, size_t subject_len, + unsigned int flags) { skip_prefix(&pattern, &pattern_len, subject_len, flags); if (pattern_len != subject_len) @@ -654,8 +650,8 @@ * case-insensitive manner. */ static int equal_email(const unsigned char *a, size_t a_len, - const unsigned char *b, size_t b_len, - unsigned int unused_flags) + const unsigned char *b, size_t b_len, + unsigned int unused_flags) { size_t i = a_len; @@ -684,9 +680,9 @@ * characters in-between are valid. */ static int wildcard_match(const unsigned char *prefix, size_t prefix_len, - const unsigned char *suffix, size_t suffix_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) + const unsigned char *suffix, size_t suffix_len, + const unsigned char *subject, size_t subject_len, + unsigned int flags) { const unsigned char *wildcard_start; const unsigned char *wildcard_end; @@ -714,8 +710,7 @@ allow_multi = 1; } /* IDNA labels cannot match partial wildcards */ - if (!allow_idna && - subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0) + if (!allow_idna && subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0) return 0; /* The wildcard may match a literal '*' */ if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') @@ -726,21 +721,18 @@ * allow_multi is set. */ for (p = wildcard_start; p != wildcard_end; ++p) - if (!(('0' <= *p && *p <= '9') || - ('A' <= *p && *p <= 'Z') || - ('a' <= *p && *p <= 'z') || - *p == '-' || (allow_multi && *p == '.'))) + if (!(('0' <= *p && *p <= '9') || ('A' <= *p && *p <= 'Z') || ('a' <= *p && *p <= 'z') || *p == '-' || (allow_multi && *p == '.'))) return 0; return 1; } -#define LABEL_START (1 << 0) -#define LABEL_END (1 << 1) -#define LABEL_HYPHEN (1 << 2) -#define LABEL_IDNA (1 << 3) +#define LABEL_START (1 << 0) +#define LABEL_END (1 << 1) +#define LABEL_HYPHEN (1 << 2) +#define LABEL_IDNA (1 << 3) static const unsigned char *valid_star(const unsigned char *p, size_t len, - unsigned int flags) + unsigned int flags) { const unsigned char *star = 0; size_t i; @@ -772,8 +764,8 @@ star = &p[i]; state &= ~LABEL_START; } else if (('a' <= p[i] && p[i] <= 'z') - || ('A' <= p[i] && p[i] <= 'Z') - || ('0' <= p[i] && p[i] <= '9')) { + || ('A' <= p[i] && p[i] <= 'Z') + || ('0' <= p[i] && p[i] <= '9')) { if ((state & LABEL_START) != 0 && len - i >= 4 && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0) state |= LABEL_IDNA; @@ -804,8 +796,8 @@ /* Compare using wildcards. */ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) + const unsigned char *subject, size_t subject_len, + unsigned int flags) { const unsigned char *star = NULL; @@ -817,10 +809,10 @@ star = valid_star(pattern, pattern_len, flags); if (star == NULL) return equal_nocase(pattern, pattern_len, - subject, subject_len, flags); + subject, subject_len, flags); return wildcard_match(pattern, star - pattern, - star + 1, (pattern + pattern_len) - star - 1, - subject, subject_len, flags); + star + 1, (pattern + pattern_len) - star - 1, + subject, subject_len, flags); } /* @@ -830,8 +822,8 @@ */ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, - unsigned int flags, const char *b, size_t blen, - char **peername) + unsigned int flags, const char *b, size_t blen, + char **peername) { int rv = 0; @@ -874,7 +866,7 @@ } static int do_x509_check(X509 *x, const char *chk, size_t chklen, - unsigned int flags, int check_type, char **peername) + unsigned int flags, int check_type, char **peername) { GENERAL_NAMES *gens = NULL; const X509_NAME *name = NULL; @@ -920,7 +912,7 @@ default: continue; case GEN_OTHERNAME: - switch (OBJ_obj2nid(gen->d.otherName->type_id)) { + switch (OBJ_obj2nid(gen->d.otherName->type_id)) { default: continue; case NID_id_on_SmtpUTF8Mailbox: @@ -976,7 +968,8 @@ san_present = 1; /* Positive on success, negative on error! */ if ((rv = do_check_string(cstr, alt_type, equal, flags, - chk, chklen, peername)) != 0) + chk, chklen, peername)) + != 0) break; } GENERAL_NAMES_free(gens); @@ -998,14 +991,15 @@ /* Positive on success, negative on error! */ if ((rv = do_check_string(str, -1, equal, flags, - chk, chklen, peername)) != 0) + chk, chklen, peername)) + != 0) return rv; } return 0; } int X509_check_host(X509 *x, const char *chk, size_t chklen, - unsigned int flags, char **peername) + unsigned int flags, char **peername) { if (chk == NULL) return -2; @@ -1024,7 +1018,7 @@ } int X509_check_email(X509 *x, const char *chk, size_t chklen, - unsigned int flags) + unsigned int flags) { if (chk == NULL) return -2; @@ -1043,7 +1037,7 @@ } int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags) + unsigned int flags) { if (chk == NULL) return -2; @@ -1078,8 +1072,8 @@ break; case 16: /* IPv6 */ for (out = buf, i = 8, remain = sizeof(buf); - i-- > 0 && bytes >= 0; - remain -= bytes, out += bytes) { + i-- > 0 && bytes >= 0; + remain -= bytes, out += bytes) { const char *template = (i > 0 ? "%X:" : "%X"); bytes = BIO_snprintf(out, remain, template, p[0] << 8 | p[1]); @@ -1126,15 +1120,16 @@ ASN1_OCTET_STRING *ret = NULL; unsigned char ipout[32]; char *iptmp = NULL, *p; + const char *slash; int iplen1, iplen2; - p = strchr(ipasc, '/'); - if (p == NULL) + slash = strchr(ipasc, '/'); + if (slash == NULL) return NULL; iptmp = OPENSSL_strdup(ipasc); if (iptmp == NULL) return NULL; - p = iptmp + (p - ipasc); + p = iptmp + (slash - ipasc); *p++ = 0; iplen1 = ossl_a2i_ipadd(ipout, iptmp); @@ -1158,7 +1153,7 @@ return ret; - err: +err: OPENSSL_free(iptmp); ASN1_OCTET_STRING_free(ret); return NULL; @@ -1238,7 +1233,7 @@ /* More than three zeroes is an error */ if (v6stat.zero_cnt > 3) { return 0; - /* Can only have three zeroes if nothing else present */ + /* Can only have three zeroes if nothing else present */ } else if (v6stat.zero_cnt == 3) { if (v6stat.total > 0) return 0; @@ -1265,8 +1260,8 @@ /* Copy final part */ if (v6stat.total != v6stat.zero_pos) memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, - v6stat.tmp + v6stat.zero_pos, - v6stat.total - v6stat.zero_pos); + v6stat.tmp + v6stat.zero_pos, + v6stat.total - v6stat.zero_pos); } else { memcpy(v6, v6stat.tmp, 16); } @@ -1336,7 +1331,7 @@ } int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, - unsigned long chtype) + unsigned long chtype) { CONF_VALUE *v; int i, mval, spec_char, plus_char; @@ -1356,7 +1351,7 @@ spec_char = ((*p == ':') || (*p == ',') || (*p == '.')); #else spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[',']) - || (*p == os_toascii['.'])); + || (*p == os_toascii['.'])); #endif if (spec_char) { p++; @@ -1377,10 +1372,9 @@ mval = 0; } if (!X509_NAME_add_entry_by_txt(nm, type, chtype, - (unsigned char *)v->value, -1, -1, - mval)) + (unsigned char *)v->value, -1, -1, + mval)) return 0; - } return 1; } --- crypto/openssl/crypto/x509/v3err.c.orig +++ crypto/openssl/crypto/x509/v3err.c @@ -15,124 +15,124 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA X509V3_str_reasons[] = { - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR), - "bn to asn1 integer error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "dirname error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET), - "distpoint already set"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID), - "duplicate zone id"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EMPTY_KEY_USAGE), "empty key usage"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE), - "error converting zone"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION), - "error creating extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION), - "error in extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME), - "expected a section name"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS), - "extension exists"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR), - "extension name error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND), - "extension not found"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), - "extension setting not supported"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR), - "extension value error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION), - "illegal empty extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), - "incorrect policy syntax tag"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER), - "invalid asnumber"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING), - "invalid boolean string"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_CERTIFICATE), - "invalid certificate"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EMPTY_NAME), - "invalid empty name"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING), - "invalid extension string"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE), - "invalid inheritance"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS), - "invalid ipaddress"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS), - "invalid multiple rdns"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "invalid name"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT), - "invalid null argument"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE), - "invalid null value"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "invalid number"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "invalid numbers"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER), - "invalid object identifier"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "invalid option"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER), - "invalid policy identifier"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING), - "invalid proxy policy setting"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "invalid purpose"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "invalid safi"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "invalid section"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "invalid syntax"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR), - "issuer decode error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), - "need organization and numbers"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEGATIVE_PATHLEN), - "negative pathlen"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE), - "no config database"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE), - "no issuer certificate"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS), - "no issuer details"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER), - "no policy identifier"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), - "no proxy cert policy language defined"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS), - "no subject details"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED), - "operation not defined"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "othername error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), - "policy language already defined"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH), - "policy path length"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), - "policy path length already defined"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), - "policy when proxy language requires no policy"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND), - "section not found"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), - "unable to get issuer details"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), - "unable to get issuer keyid"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), - "unknown bit string argument"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION), - "unknown extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME), - "unknown extension name"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "unknown option"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION), - "unsupported option"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE), - "unsupported type"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "user too long"}, - {0, NULL} + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR), + "bn to asn1 integer error" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "dirname error" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET), + "distpoint already set" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID), + "duplicate zone id" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EMPTY_KEY_USAGE), "empty key usage" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE), + "error converting zone" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION), + "error creating extension" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION), + "error in extension" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME), + "expected a section name" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS), + "extension exists" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR), + "extension name error" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND), + "extension not found" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), + "extension setting not supported" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR), + "extension value error" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION), + "illegal empty extension" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), + "incorrect policy syntax tag" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER), + "invalid asnumber" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING), + "invalid boolean string" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_CERTIFICATE), + "invalid certificate" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EMPTY_NAME), + "invalid empty name" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING), + "invalid extension string" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE), + "invalid inheritance" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS), + "invalid ipaddress" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS), + "invalid multiple rdns" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "invalid name" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT), + "invalid null argument" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE), + "invalid null value" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "invalid number" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "invalid numbers" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER), + "invalid object identifier" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "invalid option" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER), + "invalid policy identifier" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING), + "invalid proxy policy setting" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "invalid purpose" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "invalid safi" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "invalid section" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "invalid syntax" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR), + "issuer decode error" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), + "need organization and numbers" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEGATIVE_PATHLEN), + "negative pathlen" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE), + "no config database" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE), + "no issuer certificate" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS), + "no issuer details" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER), + "no policy identifier" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), + "no proxy cert policy language defined" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "no public key" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS), + "no subject details" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED), + "operation not defined" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "othername error" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), + "policy language already defined" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH), + "policy path length" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), + "policy path length already defined" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), + "policy when proxy language requires no policy" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND), + "section not found" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), + "unable to get issuer details" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), + "unable to get issuer keyid" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), + "unknown bit string argument" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION), + "unknown extension" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME), + "unknown extension name" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "unknown option" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION), + "unsupported option" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE), + "unsupported type" }, + { ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "user too long" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/x509/x509_att.c.orig +++ crypto/openssl/crypto/x509/x509_att.c @@ -24,7 +24,7 @@ } int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos) + int lastpos) { const ASN1_OBJECT *obj = OBJ_nid2obj(nid); @@ -34,7 +34,7 @@ } int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, - const ASN1_OBJECT *obj, int lastpos) + const ASN1_OBJECT *obj, int lastpos) { int n; X509_ATTRIBUTE *ex; @@ -72,7 +72,7 @@ } STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr) + X509_ATTRIBUTE *attr) { X509_ATTRIBUTE *new_attr = NULL; STACK_OF(X509_ATTRIBUTE) *sk = NULL; @@ -96,9 +96,9 @@ if (*x == NULL) *x = sk; return sk; - err: +err: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - err2: +err2: X509_ATTRIBUTE_free(new_attr); if (*x == NULL) sk_X509_ATTRIBUTE_free(sk); @@ -106,7 +106,7 @@ } STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr) + X509_ATTRIBUTE *attr) { if (x == NULL || attr == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); @@ -121,10 +121,10 @@ } STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, - const ASN1_OBJECT *obj, - int type, - const unsigned char *bytes, - int len) + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; @@ -138,10 +138,11 @@ } STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) - **x, const ASN1_OBJECT *obj, - int type, - const unsigned char *bytes, - int len) + **x, + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len) { if (x == NULL || obj == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); @@ -156,9 +157,9 @@ } STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, - int nid, int type, - const unsigned char *bytes, - int len) + int nid, int type, + const unsigned char *bytes, + int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; @@ -172,9 +173,10 @@ } STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) - **x, int nid, int type, - const unsigned char *bytes, - int len) + **x, + int nid, int type, + const unsigned char *bytes, + int len) { if (x == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); @@ -189,10 +191,10 @@ } STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, - const char *attrname, - int type, - const unsigned char *bytes, - int len) + const char *attrname, + int type, + const unsigned char *bytes, + int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; @@ -206,10 +208,11 @@ } STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) - **x, const char *attrname, - int type, - const unsigned char *bytes, - int len) + **x, + const char *attrname, + int type, + const unsigned char *bytes, + int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; @@ -222,7 +225,7 @@ } void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, - const ASN1_OBJECT *obj, int lastpos, int type) + const ASN1_OBJECT *obj, int lastpos, int type) { int i; X509_ATTRIBUTE *at; @@ -255,8 +258,8 @@ } X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, - int atrtype, const void *data, - int len) + int atrtype, const void *data, + int len) { ASN1_OBJECT *obj; X509_ATTRIBUTE *ret; @@ -273,9 +276,9 @@ } X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, - const ASN1_OBJECT *obj, - int atrtype, const void *data, - int len) + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len) { X509_ATTRIBUTE *ret; @@ -295,16 +298,16 @@ if ((attr != NULL) && (*attr == NULL)) *attr = ret; return ret; - err: +err: if ((attr == NULL) || (ret != *attr)) X509_ATTRIBUTE_free(ret); return NULL; } X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, - const char *atrname, int type, - const unsigned char *bytes, - int len) + const char *atrname, int type, + const unsigned char *bytes, + int len) { ASN1_OBJECT *obj; X509_ATTRIBUTE *nattr; @@ -312,7 +315,7 @@ obj = OBJ_txt2obj(atrname, 0); if (obj == NULL) { ERR_raise_data(ERR_LIB_X509, X509_R_INVALID_FIELD_NAME, - "name=%s", atrname); + "name=%s", atrname); return NULL; } nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len); @@ -330,7 +333,7 @@ } int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - const void *data, int len) + const void *data, int len) { ASN1_TYPE *ttmp = NULL; ASN1_STRING *stmp = NULL; @@ -339,7 +342,7 @@ return 0; if (attrtype & MBSTRING_FLAG) { stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, - OBJ_obj2nid(attr->object)); + OBJ_obj2nid(attr->object)); if (!stmp) { ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB); return 0; @@ -373,7 +376,7 @@ if (!sk_ASN1_TYPE_push(attr->set, ttmp)) goto err; return 1; - err: +err: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); ASN1_TYPE_free(ttmp); ASN1_STRING_free(stmp); @@ -395,15 +398,15 @@ } void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, - int atrtype, void *data) + int atrtype, void *data) { ASN1_TYPE *ttmp; ttmp = X509_ATTRIBUTE_get0_type(attr, idx); if (!ttmp) return NULL; if (atrtype == V_ASN1_BOOLEAN - || atrtype == V_ASN1_NULL - || atrtype != ASN1_TYPE_get(ttmp)) { + || atrtype == V_ASN1_NULL + || atrtype != ASN1_TYPE_get(ttmp)) { ERR_raise(ERR_LIB_X509, X509_R_WRONG_TYPE); return NULL; } --- crypto/openssl/crypto/x509/x509_cmp.c.orig +++ crypto/openssl/crypto/x509/x509_cmp.c @@ -55,16 +55,13 @@ goto err; if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) goto err; - if (!EVP_DigestUpdate - (ctx, (unsigned char *)a->cert_info.serialNumber.data, - (unsigned long)a->cert_info.serialNumber.length)) + if (!EVP_DigestUpdate(ctx, (unsigned char *)a->cert_info.serialNumber.data, + (unsigned long)a->cert_info.serialNumber.length)) goto err; if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL)) goto err; - ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - err: + ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) & 0xffffffffL; +err: OPENSSL_free(f); EVP_MD_free(digest); EVP_MD_CTX_free(ctx); @@ -92,7 +89,7 @@ int rv; if ((a->flags & EXFLAG_NO_FINGERPRINT) == 0 - && (b->flags & EXFLAG_NO_FINGERPRINT) == 0) + && (b->flags & EXFLAG_NO_FINGERPRINT) == 0) rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); else return -2; @@ -164,7 +161,7 @@ (void)X509_check_purpose((X509 *)b, -1, 0); if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0 - && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) + && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); if (rv != 0) return rv < 0 ? -1 : 1; @@ -176,7 +173,7 @@ if (a->cert_info.enc.len > b->cert_info.enc.len) return 1; rv = memcmp(a->cert_info.enc.enc, - b->cert_info.enc.enc, a->cert_info.enc.len); + b->cert_info.enc.enc, a->cert_info.enc.len); } return rv < 0 ? -1 : rv > 0; } @@ -217,7 +214,7 @@ return ret > 0 ? 1 : 0; } if (!sk_X509_insert(sk, cert, - (flags & X509_ADD_FLAG_PREPEND) != 0 ? 0 : -1)) { + (flags & X509_ADD_FLAG_PREPEND) != 0 ? 0 : -1)) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); return 0; } @@ -237,7 +234,7 @@ } int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs, - int flags) + int flags) /* compiler would allow 'const' for the certs, yet they may get up-ref'ed */ { int n = sk_X509_num(certs /* may be NULL */); @@ -289,7 +286,7 @@ } unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, - const char *propq, int *ok) + const char *propq, int *ok) { unsigned long ret = 0; unsigned char md[SHA_DIGEST_LENGTH]; @@ -302,9 +299,7 @@ *ok = 0; if (i2d_ret >= 0 && sha1 != NULL && EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, sha1, NULL)) { - ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; + ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) & 0xffffffffL; if (ok != NULL) *ok = 1; } @@ -334,11 +329,9 @@ if (EVP_DigestInit_ex(md_ctx, md5, NULL) && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length) && EVP_DigestFinal_ex(md_ctx, md, NULL)) - ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; + ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) & 0xffffffffL; - end: +end: EVP_MD_CTX_free(md_ctx); EVP_MD_free(md5); @@ -348,7 +341,7 @@ /* Search a stack of X509 for a match */ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, - const ASN1_INTEGER *serial) + const ASN1_INTEGER *serial) { int i; X509 x, *x509 = NULL; @@ -438,7 +431,7 @@ return X509_V_ERR_SUITE_B_INVALID_ALGORITHM; if (!EVP_PKEY_get_group_name(pkey, curve_name, sizeof(curve_name), - &curve_name_len)) + &curve_name_len)) return X509_V_ERR_SUITE_B_INVALID_CURVE; curve_nid = OBJ_txt2nid(curve_name); @@ -465,7 +458,7 @@ } int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - unsigned long flags) + unsigned long flags) { int rv, i, sign_nid; EVP_PKEY *pk; @@ -521,11 +514,12 @@ /* Final check: root CA signature */ rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); - end: +end: if (rv != X509_V_OK) { /* Invalid signature or LOS errors are for previous cert */ if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM - || rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) && i) + || rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) + && i) i--; /* * If we have LOS error and flags changed then we are signing P-384 @@ -550,7 +544,7 @@ #else int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - unsigned long flags) + unsigned long flags) { return 0; } @@ -582,7 +576,7 @@ } return ret; - err: +err: while (i-- > 0) X509_free(sk_X509_value(ret, i)); sk_X509_free(ret); --- crypto/openssl/crypto/x509/x509_d2.c.orig +++ crypto/openssl/crypto/x509/x509_d2.c @@ -13,7 +13,7 @@ #include int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { X509_LOOKUP *lookup; @@ -43,14 +43,15 @@ } int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { X509_LOOKUP *lookup; if (file == NULL || (lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file())) == NULL || X509_LOOKUP_load_file_ex(lookup, file, X509_FILETYPE_PEM, libctx, - propq) <= 0) + propq) + <= 0) return 0; return 1; @@ -74,7 +75,7 @@ } int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { X509_LOOKUP *lookup; @@ -92,8 +93,8 @@ } int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, - const char *path, OSSL_LIB_CTX *libctx, - const char *propq) + const char *path, OSSL_LIB_CTX *libctx, + const char *propq) { if (file == NULL && path == NULL) return 0; @@ -105,7 +106,7 @@ } int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - const char *path) + const char *path) { return X509_STORE_load_locations_ex(ctx, file, path, NULL, NULL); } --- crypto/openssl/crypto/x509/x509_err.c.orig +++ crypto/openssl/crypto/x509/x509_err.c @@ -15,73 +15,73 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA X509_str_reasons[] = { - {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR), - "base64 decode error"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERTIFICATE_VERIFICATION_FAILED), - "certificate verification failed"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE), - "cert already in hash table"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), - "crl verify failure"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_DUPLICATE_ATTRIBUTE), - "duplicate attribute"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_GETTING_MD_BY_NID), - "error getting md by nid"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_USING_SIGINF_SET), - "error using siginf set"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES), - "invalid attributes"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DISTPOINT), "invalid distpoint"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), - "invalid field name"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "issuer mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "key type mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH), - "key values mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "loading cert dir"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "loading defaults"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED), - "method not supported"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NAME_TOO_LONG), "name too long"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER), - "newer crl not newer"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_FOUND), - "no certificate found"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND), - "no certificate or crl found"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), - "no cert set for us to verify"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_FOUND), "no crl found"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "no crl number"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR), - "public key decode error"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR), - "public key encode error"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "should retry"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), - "unable to find parameters in chain"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), - "unable to get certs public key"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "unknown key type"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID), - "unknown purpose id"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_SIGID_ALGS), - "unknown sigid algs"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM), - "unsupported algorithm"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "wrong type"}, - {0, NULL} + { ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR), + "base64 decode error" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_CERTIFICATE_VERIFICATION_FAILED), + "certificate verification failed" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE), + "cert already in hash table" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), + "crl verify failure" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_DUPLICATE_ATTRIBUTE), + "duplicate attribute" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_GETTING_MD_BY_NID), + "error getting md by nid" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_USING_SIGINF_SET), + "error using siginf set" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES), + "invalid attributes" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DISTPOINT), "invalid distpoint" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), + "invalid field name" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "issuer mismatch" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "key type mismatch" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH), + "key values mismatch" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "loading cert dir" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "loading defaults" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED), + "method not supported" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_NAME_TOO_LONG), "name too long" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER), + "newer crl not newer" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_FOUND), + "no certificate found" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND), + "no certificate or crl found" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), + "no cert set for us to verify" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_FOUND), "no crl found" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "no crl number" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR), + "public key decode error" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR), + "public key encode error" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "should retry" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), + "unable to find parameters in chain" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), + "unable to get certs public key" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "unknown key type" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID), + "unknown purpose id" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_SIGID_ALGS), + "unknown sigid algs" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM), + "unsupported algorithm" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type" }, + { ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "wrong type" }, + { 0, NULL } }; #endif --- crypto/openssl/crypto/x509/x509_ext.c.orig +++ crypto/openssl/crypto/x509/x509_ext.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ } int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { return X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos); } @@ -42,9 +42,21 @@ return X509v3_get_ext(x->crl.extensions, loc); } +static X509_EXTENSION *delete_ext(STACK_OF(X509_EXTENSION) **sk, int loc) +{ + X509_EXTENSION *ret = X509v3_delete_ext(*sk, loc); + + /* Empty extension lists are omitted. */ + if (*sk != NULL && sk_X509_EXTENSION_num(*sk) == 0) { + sk_X509_EXTENSION_pop_free(*sk, X509_EXTENSION_free); + *sk = NULL; + } + return ret; +} + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) { - return X509v3_delete_ext(x->crl.extensions, loc); + return delete_ext(&x->crl.extensions, loc); } void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) @@ -53,7 +65,7 @@ } int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags) + unsigned long flags) { return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags); } @@ -80,8 +92,7 @@ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) { - return (X509v3_get_ext_by_critical - (x->cert_info.extensions, crit, lastpos)); + return (X509v3_get_ext_by_critical(x->cert_info.extensions, crit, lastpos)); } X509_EXTENSION *X509_get_ext(const X509 *x, int loc) @@ -91,7 +102,7 @@ X509_EXTENSION *X509_delete_ext(X509 *x, int loc) { - return X509v3_delete_ext(x->cert_info.extensions, loc); + return delete_ext(&x->cert_info.extensions, loc); } int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) @@ -105,10 +116,10 @@ } int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags) + unsigned long flags) { return X509V3_add1_i2d(&x->cert_info.extensions, nid, value, crit, - flags); + flags); } int X509_REVOKED_get_ext_count(const X509_REVOKED *x) @@ -122,7 +133,7 @@ } int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { return X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos); } @@ -139,7 +150,7 @@ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) { - return X509v3_delete_ext(x->extensions, loc); + return delete_ext(&x->extensions, loc); } int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) @@ -153,7 +164,7 @@ } int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags) + unsigned long flags) { return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); } --- crypto/openssl/crypto/x509/x509_local.h.orig +++ crypto/openssl/crypto/x509/x509_local.h @@ -20,22 +20,22 @@ struct X509_VERIFY_PARAM_st { char *name; - time_t check_time; /* Time to use */ - uint32_t inh_flags; /* Inheritance flags */ - unsigned long flags; /* Various verify flags */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - int depth; /* Verify depth */ - int auth_level; /* Security level for chain verification */ + time_t check_time; /* Time to use */ + uint32_t inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + int auth_level; /* Security level for chain verification */ STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ /* Peer identity details */ STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ - unsigned int hostflags; /* Flags to control matching features */ - char *peername; /* Matching hostname in peer certificate */ - char *email; /* If not NULL email address to match */ + unsigned int hostflags; /* Flags to control matching features */ + char *peername; /* Matching hostname in peer certificate */ + char *email; /* If not NULL email address to match */ size_t emaillen; - unsigned char *ip; /* If not NULL IP address to match */ - size_t iplen; /* Length of IP address */ + unsigned char *ip; /* If not NULL IP address to match */ + size_t iplen; /* Length of IP address */ }; /* No error callback if depth < 0 */ @@ -60,50 +60,50 @@ * redirected to more efficient callbacks: for example a CRL entry database. */ -#define X509_CRL_METHOD_DYNAMIC 1 +#define X509_CRL_METHOD_DYNAMIC 1 struct x509_crl_method_st { int flags; - int (*crl_init) (X509_CRL *crl); - int (*crl_free) (X509_CRL *crl); - int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - const ASN1_INTEGER *ser, const X509_NAME *issuer); - int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); + int (*crl_init)(X509_CRL *crl); + int (*crl_free)(X509_CRL *crl); + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, + const ASN1_INTEGER *ser, const X509_NAME *issuer); + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk); }; struct x509_lookup_method_st { char *name; - int (*new_item) (X509_LOOKUP *ctx); - void (*free) (X509_LOOKUP *ctx); - int (*init) (X509_LOOKUP *ctx); - int (*shutdown) (X509_LOOKUP *ctx); - int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret); - int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret); - int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, - const ASN1_INTEGER *serial, - X509_OBJECT *ret); - int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret); - int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret); - int (*get_by_subject_ex) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq); - int (*ctrl_ex) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret, OSSL_LIB_CTX *libctx, const char *propq); + int (*new_item)(X509_LOOKUP *ctx); + void (*free)(X509_LOOKUP *ctx); + int (*init)(X509_LOOKUP *ctx); + int (*shutdown)(X509_LOOKUP *ctx); + int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret); + int (*get_by_subject)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret); + int (*get_by_issuer_serial)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, + const ASN1_INTEGER *serial, + X509_OBJECT *ret); + int (*get_by_fingerprint)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); + int (*get_by_alias)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); + int (*get_by_subject_ex)(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, const char *propq); + int (*ctrl_ex)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret, OSSL_LIB_CTX *libctx, const char *propq); }; /* This is the functions plus an instance of the local variables. */ struct x509_lookup_st { - int init; /* have we been started */ - int skip; /* don't use us. */ + int init; /* have we been started */ + int skip; /* don't use us. */ X509_LOOKUP_METHOD *method; /* the functions */ - void *method_data; /* method data */ - X509_STORE *store_ctx; /* who owns us */ + void *method_data; /* method data */ + X509_STORE *store_ctx; /* who owns us */ }; /* @@ -113,36 +113,36 @@ */ struct x509_store_st { /* The following is a cache of trusted certs */ - int cache; /* if true, stash any hits */ + int cache; /* if true, stash any hits */ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ /* These are external lookup methods */ STACK_OF(X509_LOOKUP) *get_cert_methods; X509_VERIFY_PARAM *param; /* Callbacks for various operations */ /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); + int (*verify)(X509_STORE_CTX *ctx); /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); + int (*verify_cb)(int ok, X509_STORE_CTX *ctx); /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); + int (*check_revocation)(X509_STORE_CTX *ctx); /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, - const X509_NAME *nm); + int (*check_policy)(X509_STORE_CTX *ctx); + STACK_OF(X509) *(*lookup_certs)(X509_STORE_CTX *ctx, + const X509_NAME *nm); /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */ - STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx, - const X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); + STACK_OF(X509_CRL) *(*lookup_crls)(const X509_STORE_CTX *ctx, + const X509_NAME *nm); + int (*cleanup)(X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; --- crypto/openssl/crypto/x509/x509_lu.c.orig +++ crypto/openssl/crypto/x509/x509_lu.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,7 +37,7 @@ if (ctx == NULL) return; if ((ctx->method != NULL) && (ctx->method->free != NULL)) - (*ctx->method->free) (ctx); + (*ctx->method->free)(ctx); OPENSSL_free(ctx); } @@ -72,7 +72,7 @@ } int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret, OSSL_LIB_CTX *libctx, const char *propq) + char **ret, OSSL_LIB_CTX *libctx, const char *propq) { if (ctx->method == NULL) return -1; @@ -84,14 +84,14 @@ } int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret) + char **ret) { return X509_LOOKUP_ctrl_ex(ctx, cmd, argc, argl, ret, NULL, NULL); } int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) + const X509_NAME *name, X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, const char *propq) { if (ctx->skip || ctx->method == NULL @@ -100,21 +100,21 @@ return 0; if (ctx->method->get_by_subject_ex != NULL) return ctx->method->get_by_subject_ex(ctx, type, name, ret, libctx, - propq); + propq); else return ctx->method->get_by_subject(ctx, type, name, ret); } int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) + const X509_NAME *name, X509_OBJECT *ret) { return X509_LOOKUP_by_subject_ex(ctx, type, name, ret, NULL, NULL); } int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, - const ASN1_INTEGER *serial, - X509_OBJECT *ret) + const X509_NAME *name, + const ASN1_INTEGER *serial, + X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) return 0; @@ -122,8 +122,8 @@ } int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret) + const unsigned char *bytes, int len, + X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) return 0; @@ -131,7 +131,7 @@ } int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret) + const char *str, int len, X509_OBJECT *ret) { if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) return 0; @@ -154,9 +154,8 @@ return ctx->store_ctx; } - static int x509_object_cmp(const X509_OBJECT *const *a, - const X509_OBJECT *const *b) + const X509_OBJECT *const *b) { int ret; @@ -291,8 +290,8 @@ } X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, - X509_LOOKUP_TYPE type, - const X509_NAME *name) + X509_LOOKUP_TYPE type, + const X509_NAME *name) { X509_OBJECT *ret = X509_OBJECT_new(); @@ -307,8 +306,8 @@ /* Also fill the cache with all matching certificates */ int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, - X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) + X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret) { X509_STORE *store = vs->store; X509_LOOKUP *lu; @@ -331,7 +330,7 @@ for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) { lu = sk_X509_LOOKUP_value(store->get_cert_methods, i); j = X509_LOOKUP_by_subject_ex(lu, type, name, &stmp, vs->libctx, - vs->propq); + vs->propq); if (j) { tmp = &stmp; break; @@ -350,7 +349,8 @@ return 1; } -static int x509_store_add(X509_STORE *store, void *x, int crl) { +static int x509_store_add(X509_STORE *store, void *x, int crl) +{ X509_OBJECT *obj; int ret = 0, added = 0; @@ -374,7 +374,6 @@ } if (!X509_STORE_lock(store)) { - obj->type = X509_LU_NONE; X509_OBJECT_free(obj); return 0; } @@ -387,7 +386,7 @@ } X509_STORE_unlock(store); - if (added == 0) /* obj not pushed */ + if (added == 0) /* obj not pushed */ X509_OBJECT_free(obj); return ret; @@ -500,7 +499,7 @@ } static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - const X509_NAME *name, int *pnmatch) + const X509_NAME *name, int *pnmatch) { X509_OBJECT stmp; X509 x509_s; @@ -527,14 +526,14 @@ } int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - const X509_NAME *name) + const X509_NAME *name) { return x509_object_idx_cnt(h, type, name, NULL); } X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, - X509_LOOKUP_TYPE type, - const X509_NAME *name) + X509_LOOKUP_TYPE type, + const X509_NAME *name) { int idx; idx = X509_OBJECT_idx_by_subject(h, type, name); @@ -574,15 +573,15 @@ X509_STORE_unlock(store); return sk; - err: +err: X509_STORE_unlock(store); - out_free: +out_free: sk_X509_pop_free(sk, X509_free); return NULL; } STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, - const X509_NAME *nm) + const X509_NAME *nm) { int i, idx, cnt; STACK_OF(X509) *sk = NULL; @@ -637,7 +636,7 @@ } STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *ctx, - const X509_NAME *nm) + const X509_NAME *nm) { int i, idx, cnt; STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); @@ -647,9 +646,9 @@ /* Always do lookup to possibly add new CRLs to cache */ if (sk == NULL - || xobj == NULL - || store == NULL - || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { + || xobj == NULL + || store == NULL + || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { X509_OBJECT_free(xobj); sk_X509_CRL_free(sk); return NULL; @@ -686,7 +685,7 @@ } X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, - X509_OBJECT *x) + X509_OBJECT *x) { int idx, i, num; X509_OBJECT *obj; @@ -699,7 +698,7 @@ for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) { obj = sk_X509_OBJECT_value(h, i); if (x509_object_cmp((const X509_OBJECT **)&obj, - (const X509_OBJECT **)&x)) + (const X509_OBJECT **)&x)) return NULL; if (x->type == X509_LU_X509) { if (!X509_cmp(obj->data.x509, x->data.x509)) @@ -784,7 +783,8 @@ */ if (*issuer == NULL || ASN1_TIME_compare(X509_get0_notAfter(pobj->data.x509), - X509_get0_notAfter(*issuer)) > 0) + X509_get0_notAfter(*issuer)) + > 0) *issuer = pobj->data.x509; } } @@ -839,7 +839,7 @@ } void X509_STORE_set_verify_cb(X509_STORE *ctx, - X509_STORE_CTX_verify_cb verify_cb) + X509_STORE_CTX_verify_cb verify_cb) { ctx->verify_cb = verify_cb; } @@ -850,7 +850,7 @@ } void X509_STORE_set_get_issuer(X509_STORE *ctx, - X509_STORE_CTX_get_issuer_fn get_issuer) + X509_STORE_CTX_get_issuer_fn get_issuer) { ctx->get_issuer = get_issuer; } @@ -861,7 +861,7 @@ } void X509_STORE_set_check_issued(X509_STORE *ctx, - X509_STORE_CTX_check_issued_fn check_issued) + X509_STORE_CTX_check_issued_fn check_issued) { ctx->check_issued = check_issued; } @@ -872,7 +872,7 @@ } void X509_STORE_set_check_revocation(X509_STORE *ctx, - X509_STORE_CTX_check_revocation_fn check_revocation) + X509_STORE_CTX_check_revocation_fn check_revocation) { ctx->check_revocation = check_revocation; } @@ -883,7 +883,7 @@ } void X509_STORE_set_get_crl(X509_STORE *ctx, - X509_STORE_CTX_get_crl_fn get_crl) + X509_STORE_CTX_get_crl_fn get_crl) { ctx->get_crl = get_crl; } @@ -894,7 +894,7 @@ } void X509_STORE_set_check_crl(X509_STORE *ctx, - X509_STORE_CTX_check_crl_fn check_crl) + X509_STORE_CTX_check_crl_fn check_crl) { ctx->check_crl = check_crl; } @@ -905,7 +905,7 @@ } void X509_STORE_set_cert_crl(X509_STORE *ctx, - X509_STORE_CTX_cert_crl_fn cert_crl) + X509_STORE_CTX_cert_crl_fn cert_crl) { ctx->cert_crl = cert_crl; } @@ -916,7 +916,7 @@ } void X509_STORE_set_check_policy(X509_STORE *ctx, - X509_STORE_CTX_check_policy_fn check_policy) + X509_STORE_CTX_check_policy_fn check_policy) { ctx->check_policy = check_policy; } @@ -927,7 +927,7 @@ } void X509_STORE_set_lookup_certs(X509_STORE *ctx, - X509_STORE_CTX_lookup_certs_fn lookup_certs) + X509_STORE_CTX_lookup_certs_fn lookup_certs) { ctx->lookup_certs = lookup_certs; } @@ -938,7 +938,7 @@ } void X509_STORE_set_lookup_crls(X509_STORE *ctx, - X509_STORE_CTX_lookup_crls_fn lookup_crls) + X509_STORE_CTX_lookup_crls_fn lookup_crls) { ctx->lookup_crls = lookup_crls; } @@ -949,7 +949,7 @@ } void X509_STORE_set_cleanup(X509_STORE *ctx, - X509_STORE_CTX_cleanup_fn ctx_cleanup) + X509_STORE_CTX_cleanup_fn ctx_cleanup) { ctx->cleanup = ctx_cleanup; } --- crypto/openssl/crypto/x509/x509_meth.c.orig +++ crypto/openssl/crypto/x509/x509_meth.c @@ -44,55 +44,51 @@ } int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, - int (*new_item) (X509_LOOKUP *ctx)) + int (*new_item)(X509_LOOKUP *ctx)) { method->new_item = new_item; return 1; } -int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx) +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx) { return method->new_item; } int X509_LOOKUP_meth_set_free( X509_LOOKUP_METHOD *method, - void (*free_fn) (X509_LOOKUP *ctx)) + void (*free_fn)(X509_LOOKUP *ctx)) { method->free = free_fn; return 1; } -void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx) +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx) { return method->free; } int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, - int (*init) (X509_LOOKUP *ctx)) + int (*init)(X509_LOOKUP *ctx)) { method->init = init; return 1; } -int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx) +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx) { return method->init; } int X509_LOOKUP_meth_set_shutdown( X509_LOOKUP_METHOD *method, - int (*shutdown) (X509_LOOKUP *ctx)) + int (*shutdown)(X509_LOOKUP *ctx)) { method->shutdown = shutdown; return 1; } -int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx) +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx) { return method->shutdown; } @@ -123,7 +119,6 @@ return method->get_by_subject; } - int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial) { @@ -132,12 +127,11 @@ } X509_LOOKUP_get_by_issuer_serial_fn - X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method) +X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method) { return method->get_by_issuer_serial; } - int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint) { @@ -152,7 +146,7 @@ } int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_alias_fn get_by_alias) + X509_LOOKUP_get_by_alias_fn get_by_alias) { method->get_by_alias = get_by_alias; return 1; @@ -163,4 +157,3 @@ { return method->get_by_alias; } - --- crypto/openssl/crypto/x509/x509_obj.c.orig +++ crypto/openssl/crypto/x509/x509_obj.c @@ -20,7 +20,7 @@ * anything encountered in practice. */ -#define NAME_ONELINE_MAX (1024 * 1024) +#define NAME_ONELINE_MAX (1024 * 1024) char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) { @@ -59,7 +59,7 @@ return buf; } - len--; /* space for '\0' */ + len--; /* space for '\0' */ l = 0; for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { ne = sk_X509_NAME_ENTRY_value(a->entries, i); @@ -78,11 +78,7 @@ } q = ne->value->data; #ifdef CHARSET_EBCDIC - if (type == V_ASN1_GENERALSTRING || - type == V_ASN1_VISIBLESTRING || - type == V_ASN1_PRINTABLESTRING || - type == V_ASN1_TELETEXSTRING || - type == V_ASN1_IA5STRING) { + if (type == V_ASN1_GENERALSTRING || type == V_ASN1_VISIBLESTRING || type == V_ASN1_PRINTABLESTRING || type == V_ASN1_TELETEXSTRING || type == V_ASN1_IA5STRING) { if (num > (int)sizeof(ebcdic_buf)) num = sizeof(ebcdic_buf); ascii2ebcdic(ebcdic_buf, q, num); @@ -111,8 +107,7 @@ l2++; if (q[j] == '/' || q[j] == '+') l2++; /* char needs to be escaped */ - else if ((ossl_toascii(q[j]) < ossl_toascii(' ')) || - (ossl_toascii(q[j]) > ossl_toascii('~'))) + else if ((ossl_toascii(q[j]) < ossl_toascii(' ')) || (ossl_toascii(q[j]) > ossl_toascii('~'))) l2 += 3; } @@ -135,7 +130,7 @@ p += l1; *(p++) = '='; -#ifndef CHARSET_EBCDIC /* q was assigned above already. */ +#ifndef CHARSET_EBCDIC /* q was assigned above already. */ q = ne->value->data; #endif @@ -179,9 +174,9 @@ if (i == 0) *p = '\0'; return p; - err: +err: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - end: +end: BUF_MEM_free(b); return NULL; } --- crypto/openssl/crypto/x509/x509_r2x.c.orig +++ crypto/openssl/crypto/x509/x509_r2x.c @@ -37,8 +37,8 @@ goto err; if (!ASN1_INTEGER_set(xi->version, 2)) goto err; -/*- xi->extensions=ri->attributes; <- bad, should not ever be done - ri->attributes=NULL; */ + /*- xi->extensions=ri->attributes; <- bad, should not ever be done + ri->attributes=NULL; */ } xn = X509_REQ_get_subject_name(r); @@ -49,8 +49,7 @@ if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL) goto err; - if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) == - NULL) + if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) == NULL) goto err; pubkey = X509_REQ_get0_pubkey(r); @@ -61,7 +60,7 @@ goto err; return ret; - err: +err: X509_free(ret); return NULL; } --- crypto/openssl/crypto/x509/x509_req.c.orig +++ crypto/openssl/crypto/x509/x509_req.c @@ -38,7 +38,7 @@ ri->version->data = OPENSSL_malloc(1); if (ri->version->data == NULL) goto err; - ri->version->data[0] = 0; /* version == 0 */ + ri->version->data[0] = 0; /* version == 0 */ if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) goto err; @@ -55,7 +55,7 @@ goto err; } return ret; - err: +err: X509_REQ_free(ret); return NULL; } @@ -160,7 +160,7 @@ p = ext->value.sequence->data; return (STACK_OF(X509_EXTENSION) *) ASN1_item_d2i(NULL, &p, ext->value.sequence->length, - ASN1_ITEM_rptr(X509_EXTENSIONS)); + ASN1_ITEM_rptr(X509_EXTENSIONS)); } /* @@ -168,7 +168,7 @@ * in case we want to create a non standard one. */ int X509_REQ_add_extensions_nid(X509_REQ *req, - const STACK_OF(X509_EXTENSION) *exts, int nid) + const STACK_OF(X509_EXTENSION) *exts, int nid) { int extlen; int rv = 0; @@ -176,7 +176,7 @@ /* Generate encoding of extensions */ extlen = ASN1_item_i2d((const ASN1_VALUE *)exts, &ext, - ASN1_ITEM_rptr(X509_EXTENSIONS)); + ASN1_ITEM_rptr(X509_EXTENSIONS)); if (extlen <= 0) return 0; rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); @@ -203,7 +203,7 @@ } int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { return X509at_get_attr_by_OBJ(req->req_info.attributes, obj, lastpos); } @@ -240,45 +240,45 @@ } int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) { if (req == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (!X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj, - type, bytes, len)) + type, bytes, len)) return 0; req->req_info.enc.modified = 1; return 1; } int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len) + int nid, int type, + const unsigned char *bytes, int len) { if (req == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (!X509at_add1_attr_by_NID(&req->req_info.attributes, nid, - type, bytes, len)) + type, bytes, len)) return 0; req->req_info.enc.modified = 1; return 1; } int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len) + const char *attrname, int type, + const unsigned char *bytes, int len) { if (req == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (!X509at_add1_attr_by_txt(&req->req_info.attributes, attrname, - type, bytes, len)) + type, bytes, len)) return 0; req->req_info.enc.modified = 1; return 1; @@ -295,7 +295,7 @@ } void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg) + const X509_ALGOR **palg) { if (psig != NULL) *psig = req->signature; --- crypto/openssl/crypto/x509/x509_set.c.orig +++ crypto/openssl/crypto/x509/x509_set.c @@ -149,7 +149,7 @@ } void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, - const ASN1_BIT_STRING **psuid) + const ASN1_BIT_STRING **psuid) { if (piuid != NULL) *piuid = x->cert_info.issuerUID; @@ -163,7 +163,7 @@ } int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, - int *secbits, uint32_t *flags) + int *secbits, uint32_t *flags) { if (mdnid != NULL) *mdnid = siginf->mdnid; @@ -177,7 +177,7 @@ } void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, - int secbits, uint32_t flags) + int secbits, uint32_t flags) { siginf->mdnid = mdnid; siginf->pknid = pknid; @@ -186,7 +186,7 @@ } int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, - uint32_t *flags) + uint32_t *flags) { X509_check_purpose(x, -1, -1); return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags); @@ -194,7 +194,7 @@ /* Modify *siginf according to alg and sig. Return 1 on success, else 0. */ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig) + const ASN1_STRING *sig) { int pknid, mdnid; const EVP_MD *md; @@ -205,7 +205,7 @@ siginf->secbits = -1; siginf->flags = 0; if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid) - || pknid == NID_undef) { + || pknid == NID_undef) { ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS); return 0; } @@ -217,7 +217,7 @@ /* If we have one, use a custom handler for this algorithm */ ameth = EVP_PKEY_asn1_find(NULL, pknid); if (ameth == NULL || ameth->siginf_set == NULL - || !ameth->siginf_set(siginf, alg, sig)) { + || !ameth->siginf_set(siginf, alg, sig)) { ERR_raise(ERR_LIB_X509, X509_R_ERROR_USING_SIGINF_SET); return 0; } --- crypto/openssl/crypto/x509/x509_trust.c.orig +++ crypto/openssl/crypto/x509/x509_trust.c @@ -20,7 +20,7 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int flags); static int obj_trust(int id, X509 *x, int flags); -static int (*default_trust) (int id, X509 *x, int flags) = obj_trust; +static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; /* * WARNING: the following table should be kept in order of trust and without @@ -29,23 +29,23 @@ */ static X509_TRUST trstandard[] = { - {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, - {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, - NULL}, - {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, - NULL}, - {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, - NULL}, - {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, - NULL}, - {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, - NULL}, - {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, - NULL}, - {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} + { X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL }, + { X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, + NULL }, + { X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, + NULL }, + { X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, + NULL }, + { X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, + NULL }, + { X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, + NULL }, + { X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, + NULL }, + { X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL } }; -#define X509_TRUST_COUNT OSSL_NELEM(trstandard) +#define X509_TRUST_COUNT OSSL_NELEM(trstandard) static STACK_OF(X509_TRUST) *trtable = NULL; @@ -54,9 +54,10 @@ return (*a)->trust - (*b)->trust; } -int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, - int) { - int (*oldtrust) (int, X509 *, int); +int (*X509_TRUST_set_default(int (*trust)(int, X509 *, int)))(int, X509 *, + int) +{ + int (*oldtrust)(int, X509 *, int); oldtrust = default_trust; default_trust = trust; return oldtrust; @@ -70,7 +71,7 @@ /* We get this as a default value */ if (id == X509_TRUST_DEFAULT) return obj_trust(NID_anyExtendedKeyUsage, x, - flags | X509_TRUST_DO_SS_COMPAT); + flags | X509_TRUST_DO_SS_COMPAT); idx = X509_TRUST_get_by_id(id); if (idx < 0) return default_trust(id, x, flags); @@ -120,8 +121,8 @@ return 1; } -int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), - const char *name, int arg1, void *arg2) +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2) { int idx; X509_TRUST *trtmp; @@ -166,7 +167,8 @@ if (trtable == NULL && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err;; + goto err; + ; } if (!sk_X509_TRUST_push(trtable, trtmp)) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); @@ -174,7 +176,7 @@ } } return 1; - err: +err: if (idx < 0) { OPENSSL_free(trtmp->name); OPENSSL_free(trtmp); @@ -258,8 +260,7 @@ ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i); int nid = OBJ_obj2nid(obj); - if (nid == id || (nid == NID_anyExtendedKeyUsage && - (flags & X509_TRUST_OK_ANY_EKU))) + if (nid == id || (nid == NID_anyExtendedKeyUsage && (flags & X509_TRUST_OK_ANY_EKU))) return X509_TRUST_REJECTED; } } @@ -269,8 +270,7 @@ ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i); int nid = OBJ_obj2nid(obj); - if (nid == id || (nid == NID_anyExtendedKeyUsage && - (flags & X509_TRUST_OK_ANY_EKU))) + if (nid == id || (nid == NID_anyExtendedKeyUsage && (flags & X509_TRUST_OK_ANY_EKU))) return X509_TRUST_TRUSTED; } /* --- crypto/openssl/crypto/x509/x509_txt.c.orig +++ crypto/openssl/crypto/x509/x509_txt.c @@ -102,8 +102,7 @@ case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: return "key usage does not include digital signature"; case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: - return - "proxy certificates not allowed, please set the appropriate flag"; + return "proxy certificates not allowed, please set the appropriate flag"; case X509_V_ERR_INVALID_EXTENSION: return "invalid or inconsistent certificate extension"; case X509_V_ERR_INVALID_POLICY_EXTENSION: --- crypto/openssl/crypto/x509/x509_v3.c.orig +++ crypto/openssl/crypto/x509/x509_v3.c @@ -28,7 +28,7 @@ } int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, - int lastpos) + int lastpos) { ASN1_OBJECT *obj; @@ -39,7 +39,7 @@ } int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, - const ASN1_OBJECT *obj, int lastpos) + const ASN1_OBJECT *obj, int lastpos) { int n; X509_EXTENSION *ex; @@ -59,7 +59,7 @@ } int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, - int lastpos) + int lastpos) { int n; X509_EXTENSION *ex; @@ -97,7 +97,7 @@ } STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc) + X509_EXTENSION *ex, int loc) { X509_EXTENSION *new_ex = NULL; int n; @@ -127,9 +127,9 @@ if (*x == NULL) *x = sk; return sk; - err: +err: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - err2: +err2: X509_EXTENSION_free(new_ex); if (x != NULL && *x == NULL) sk_X509_EXTENSION_free(sk); @@ -137,8 +137,8 @@ } X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, - int crit, - ASN1_OCTET_STRING *data) + int crit, + ASN1_OCTET_STRING *data) { ASN1_OBJECT *obj; X509_EXTENSION *ret; @@ -155,8 +155,8 @@ } X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - const ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data) + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data) { X509_EXTENSION *ret; @@ -178,7 +178,7 @@ if ((ex != NULL) && (*ex == NULL)) *ex = ret; return ret; - err: +err: if ((ex == NULL) || (ret != *ex)) X509_EXTENSION_free(ret); return NULL; --- crypto/openssl/crypto/x509/x509_vfy.c.orig +++ crypto/openssl/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,16 +30,16 @@ /* CRL score values */ -#define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */ -#define CRL_SCORE_SCOPE 0x080 /* certificate is within CRL scope */ -#define CRL_SCORE_TIME 0x040 /* CRL times valid */ -#define CRL_SCORE_ISSUER_NAME 0x020 /* Issuer name matches certificate */ +#define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */ +#define CRL_SCORE_SCOPE 0x080 /* certificate is within CRL scope */ +#define CRL_SCORE_TIME 0x040 /* CRL times valid */ +#define CRL_SCORE_ISSUER_NAME 0x020 /* Issuer name matches certificate */ #define CRL_SCORE_VALID /* If this score or above CRL is probably valid */ \ (CRL_SCORE_NOCRITICAL | CRL_SCORE_TIME | CRL_SCORE_SCOPE) -#define CRL_SCORE_ISSUER_CERT 0x018 /* CRL issuer is certificate issuer */ -#define CRL_SCORE_SAME_PATH 0x008 /* CRL issuer is on certificate path */ -#define CRL_SCORE_AKID 0x004 /* CRL issuer matches CRL AKID */ -#define CRL_SCORE_TIME_DELTA 0x002 /* Have a delta CRL with valid times */ +#define CRL_SCORE_ISSUER_CERT 0x018 /* CRL issuer is certificate issuer */ +#define CRL_SCORE_SAME_PATH 0x008 /* CRL issuer is on certificate path */ +#define CRL_SCORE_AKID 0x004 /* CRL issuer matches CRL AKID */ +#define CRL_SCORE_TIME_DELTA 0x002 /* Have a delta CRL with valid times */ static int build_chain(X509_STORE_CTX *ctx); static int verify_chain(X509_STORE_CTX *ctx); @@ -61,20 +61,20 @@ static int check_curve(X509 *cert); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, - unsigned int *preasons, X509_CRL *crl, X509 *x); + unsigned int *preasons, X509_CRL *crl, X509 *x); static int get_crl_delta(X509_STORE_CTX *ctx, - X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); + X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, - int *pcrl_score, X509_CRL *base, - STACK_OF(X509_CRL) *crls); + int *pcrl_score, X509_CRL *base, + STACK_OF(X509_CRL) *crls); static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, - int *pcrl_score); + int *pcrl_score); static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, - unsigned int *preasons); + unsigned int *preasons); static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); static int check_crl_chain(X509_STORE_CTX *ctx, - STACK_OF(X509) *cert_path, - STACK_OF(X509) *crl_path); + STACK_OF(X509) *cert_path, + STACK_OF(X509) *crl_path); static int internal_verify(X509_STORE_CTX *ctx); @@ -163,9 +163,9 @@ return ctx->verify_cb(0, ctx); } -#define CB_FAIL_IF(cond, ctx, cert, depth, err) \ +#define CB_FAIL_IF(cond, ctx, cert, depth, err) \ if ((cond) && verify_cb_cert(ctx, cert, depth, err) == 0) \ - return 0 + return 0 /*- * Inform the verify callback of an error, CRL-specific variant. Here, the @@ -196,13 +196,13 @@ * check the security of issuer keys. */ CB_FAIL_IF(i > 0 && !check_key_level(ctx, cert), - ctx, cert, i, X509_V_ERR_CA_KEY_TOO_SMALL); + ctx, cert, i, X509_V_ERR_CA_KEY_TOO_SMALL); /* * We also check the signature algorithm security of all certificates * except those of the trust anchor at index num-1. */ CB_FAIL_IF(i < num - 1 && !check_sig_level(ctx, cert), - ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK); + ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK); } return 1; } @@ -222,7 +222,7 @@ return ok; err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, - ctx->param->flags); + ctx->param->flags); CB_FAIL_IF(err != X509_V_OK, ctx, NULL, ctx->error_depth, err); /* Verify chain signatures and expiration times */ @@ -290,7 +290,7 @@ /* If the peer's public key is too weak, we can stop early. */ CB_FAIL_IF(!check_key_level(ctx, ctx->cert), - ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL); + ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL); ret = DANETLS_ENABLED(ctx->dane) ? dane_verify(ctx) : verify_chain(ctx); @@ -332,8 +332,7 @@ || !sk_X509_contains(ctx->chain, issuer))) { if (ossl_x509_check_cert_time(ctx, issuer, -1)) return issuer; - if (rv == NULL || ASN1_TIME_compare(X509_get0_notAfter(issuer), - X509_get0_notAfter(rv)) > 0) + if (rv == NULL || ASN1_TIME_compare(X509_get0_notAfter(issuer), X509_get0_notAfter(rv)) > 0) rv = issuer; } } @@ -371,7 +370,7 @@ * Returns NULL on internal error (such as out of memory). */ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, - const X509_NAME *nm) + const X509_NAME *nm) { STACK_OF(X509) *sk = sk_X509_new_null(); X509 *x; @@ -398,7 +397,7 @@ * Sadly, returns 0 also on internal error. */ static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth, - int must_be_ca) + int must_be_ca) { int tr_ok = X509_TRUST_UNTRUSTED; @@ -471,24 +470,23 @@ allow_proxy_certs = 0; purpose = X509_PURPOSE_CRL_SIGN; } else { - allow_proxy_certs = - (ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS) != 0; + allow_proxy_certs = (ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS) != 0; purpose = ctx->param->purpose; } for (i = 0; i < num; i++) { x = sk_X509_value(ctx->chain, i); CB_FAIL_IF((ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) == 0 - && (x->ex_flags & EXFLAG_CRITICAL) != 0, - ctx, x, i, X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION); + && (x->ex_flags & EXFLAG_CRITICAL) != 0, + ctx, x, i, X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION); CB_FAIL_IF(!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY) != 0, - ctx, x, i, X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED); + ctx, x, i, X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED); ret = X509_check_ca(x); switch (must_be_ca) { case -1: CB_FAIL_IF((ctx->param->flags & X509_V_FLAG_X509_STRICT) != 0 - && ret != 1 && ret != 0, - ctx, x, i, X509_V_ERR_INVALID_CA); + && ret != 1 && ret != 0, + ctx, x, i, X509_V_ERR_INVALID_CA); break; case 0: CB_FAIL_IF(ret != 0, ctx, x, i, X509_V_ERR_INVALID_NON_CA); @@ -496,9 +494,10 @@ default: /* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */ CB_FAIL_IF(ret == 0 - || ((i + 1 < num + || ((i + 1 < num || (ctx->param->flags & X509_V_FLAG_X509_STRICT) != 0) - && ret != 1), ctx, x, i, X509_V_ERR_INVALID_CA); + && ret != 1), + ctx, x, i, X509_V_ERR_INVALID_CA); break; } if (num > 1) { @@ -521,62 +520,63 @@ /* Check Basic Constraints according to RFC 5280 section 4.2.1.9 */ if (x->ex_pathlen != -1) { CB_FAIL_IF((x->ex_flags & EXFLAG_CA) == 0, - ctx, x, i, X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA); + ctx, x, i, X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA); CB_FAIL_IF((x->ex_kusage & KU_KEY_CERT_SIGN) == 0, ctx, - x, i, X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN); + x, i, X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN); } CB_FAIL_IF((x->ex_flags & EXFLAG_CA) != 0 - && (x->ex_flags & EXFLAG_BCONS) != 0 - && (x->ex_flags & EXFLAG_BCONS_CRITICAL) == 0, - ctx, x, i, X509_V_ERR_CA_BCONS_NOT_CRITICAL); + && (x->ex_flags & EXFLAG_BCONS) != 0 + && (x->ex_flags & EXFLAG_BCONS_CRITICAL) == 0, + ctx, x, i, X509_V_ERR_CA_BCONS_NOT_CRITICAL); /* Check Key Usage according to RFC 5280 section 4.2.1.3 */ if ((x->ex_flags & EXFLAG_CA) != 0) { CB_FAIL_IF((x->ex_flags & EXFLAG_KUSAGE) == 0, - ctx, x, i, X509_V_ERR_CA_CERT_MISSING_KEY_USAGE); + ctx, x, i, X509_V_ERR_CA_CERT_MISSING_KEY_USAGE); } else { CB_FAIL_IF((x->ex_kusage & KU_KEY_CERT_SIGN) != 0, ctx, x, i, - X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA); + X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA); } /* Check issuer is non-empty acc. to RFC 5280 section 4.1.2.4 */ CB_FAIL_IF(X509_NAME_entry_count(X509_get_issuer_name(x)) == 0, - ctx, x, i, X509_V_ERR_ISSUER_NAME_EMPTY); + ctx, x, i, X509_V_ERR_ISSUER_NAME_EMPTY); /* Check subject is non-empty acc. to RFC 5280 section 4.1.2.6 */ CB_FAIL_IF(((x->ex_flags & EXFLAG_CA) != 0 - || (x->ex_kusage & KU_CRL_SIGN) != 0 - || x->altname == NULL) - && X509_NAME_entry_count(X509_get_subject_name(x)) == 0, - ctx, x, i, X509_V_ERR_SUBJECT_NAME_EMPTY); + || (x->ex_kusage & KU_CRL_SIGN) != 0 + || x->altname == NULL) + && X509_NAME_entry_count(X509_get_subject_name(x)) == 0, + ctx, x, i, X509_V_ERR_SUBJECT_NAME_EMPTY); CB_FAIL_IF(X509_NAME_entry_count(X509_get_subject_name(x)) == 0 - && x->altname != NULL - && (x->ex_flags & EXFLAG_SAN_CRITICAL) == 0, - ctx, x, i, X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL); + && x->altname != NULL + && (x->ex_flags & EXFLAG_SAN_CRITICAL) == 0, + ctx, x, i, X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL); /* Check SAN is non-empty according to RFC 5280 section 4.2.1.6 */ CB_FAIL_IF(x->altname != NULL - && sk_GENERAL_NAME_num(x->altname) <= 0, - ctx, x, i, X509_V_ERR_EMPTY_SUBJECT_ALT_NAME); + && sk_GENERAL_NAME_num(x->altname) <= 0, + ctx, x, i, X509_V_ERR_EMPTY_SUBJECT_ALT_NAME); /* Check sig alg consistency acc. to RFC 5280 section 4.1.1.2 */ CB_FAIL_IF(X509_ALGOR_cmp(&x->sig_alg, &x->cert_info.signature) != 0, - ctx, x, i, X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY); + ctx, x, i, X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY); CB_FAIL_IF(x->akid != NULL - && (x->ex_flags & EXFLAG_AKID_CRITICAL) != 0, - ctx, x, i, X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL); + && (x->ex_flags & EXFLAG_AKID_CRITICAL) != 0, + ctx, x, i, X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL); CB_FAIL_IF(x->skid != NULL - && (x->ex_flags & EXFLAG_SKID_CRITICAL) != 0, - ctx, x, i, X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL); + && (x->ex_flags & EXFLAG_SKID_CRITICAL) != 0, + ctx, x, i, X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL); if (X509_get_version(x) >= X509_VERSION_3) { /* Check AKID presence acc. to RFC 5280 section 4.2.1.1 */ CB_FAIL_IF(i + 1 < num /* * this means not last cert in chain, * taken as "generated by conforming CAs" */ - && (x->akid == NULL || x->akid->keyid == NULL), ctx, - x, i, X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER); + && (x->akid == NULL || x->akid->keyid == NULL), + ctx, + x, i, X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER); /* Check SKID presence acc. to RFC 5280 section 4.2.1.2 */ CB_FAIL_IF((x->ex_flags & EXFLAG_CA) != 0 && x->skid == NULL, - ctx, x, i, X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER); + ctx, x, i, X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER); } else { CB_FAIL_IF(sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0, - ctx, x, i, X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3); + ctx, x, i, X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3); } } @@ -585,8 +585,8 @@ return 0; /* Check path length */ CB_FAIL_IF(i > 1 && x->ex_pathlen != -1 - && plen > x->ex_pathlen + proxy_path_length, - ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED); + && plen > x->ex_pathlen + proxy_path_length, + ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED); /* Increment path length if not a self-issued intermediate CA */ if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0) plen++; @@ -609,7 +609,7 @@ */ if (x->ex_pcpathlen != -1) { CB_FAIL_IF(proxy_path_length > x->ex_pcpathlen, - ctx, x, i, X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED); + ctx, x, i, X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED); proxy_path_length = x->ex_pcpathlen; } proxy_path_length++; @@ -692,7 +692,7 @@ */ if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject, last_loc)) == X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject, - last_loc - 1))) { + last_loc - 1))) { err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION; goto proxy_name_done; } @@ -739,9 +739,11 @@ /* If EE certificate check commonName too */ if (rv == X509_V_OK && i == 0 && (ctx->param->hostflags - & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0 + & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) + == 0 && ((ctx->param->hostflags - & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0 + & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) + != 0 || (ret = has_san_id(x, GEN_DNS)) == 0)) rv = NAME_CONSTRAINTS_check_CN(x, nc); if (ret < 0) @@ -795,7 +797,7 @@ return 0; } if (vpm->email != NULL - && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) { + && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) { if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) return 0; } @@ -853,7 +855,7 @@ } if (num_untrusted == num - && (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) != 0) { + && (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) != 0) { /* * Last-resort call with no new trusted certificates, check the leaf * for a direct trust store match. @@ -889,11 +891,12 @@ */ return X509_TRUST_UNTRUSTED; - rejected: +rejected: return verify_cb_cert(ctx, x, i, X509_V_ERR_CERT_REJECTED) == 0 - ? X509_TRUST_REJECTED : X509_TRUST_UNTRUSTED; + ? X509_TRUST_REJECTED + : X509_TRUST_UNTRUSTED; - trusted: +trusted: if (!DANETLS_ENABLED(dane)) return X509_TRUST_TRUSTED; if (dane->pdpth < 0) @@ -948,10 +951,20 @@ unsigned int last_reasons = ctx->current_reasons; /* Try to retrieve relevant CRL */ - if (ctx->get_crl != NULL) + if (ctx->get_crl != NULL) { + X509 *crl_issuer = NULL; + unsigned int reasons = 0; + ok = ctx->get_crl(ctx, &crl, x); - else + if (crl != NULL) { + ctx->current_crl_score = get_crl_score(ctx, &crl_issuer, + &reasons, crl, x); + ctx->current_issuer = crl_issuer; + ctx->current_reasons = reasons; + } + } else { ok = get_crl_delta(ctx, &crl, &dcrl, x); + } /* If error looking up CRL, nothing we can do except notify callback */ if (!ok) { ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL); @@ -980,6 +993,7 @@ goto done; } + ctx->current_crl = NULL; X509_CRL_free(crl); X509_CRL_free(dcrl); crl = NULL; @@ -993,7 +1007,7 @@ goto done; } } - done: +done: X509_CRL_free(crl); X509_CRL_free(dcrl); @@ -1054,8 +1068,8 @@ } static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, - X509 **pissuer, int *pscore, unsigned int *preasons, - STACK_OF(X509_CRL) *crls) + X509 **pissuer, int *pscore, unsigned int *preasons, + STACK_OF(X509_CRL) *crls) { int i, crl_score, best_score = *pscore; unsigned int reasons, best_reasons = 0; @@ -1074,7 +1088,8 @@ int day, sec; if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl), - X509_CRL_get0_lastUpdate(crl)) == 0) + X509_CRL_get0_lastUpdate(crl)) + == 0) continue; /* * ASN1_TIME_diff never returns inconsistent signs for |day| @@ -1150,7 +1165,8 @@ return 0; /* Issuer names must match */ if (X509_NAME_cmp(X509_CRL_get_issuer(base), - X509_CRL_get_issuer(delta)) != 0) + X509_CRL_get_issuer(delta)) + != 0) return 0; /* AKID and IDP must match */ if (!crl_extension_match(delta, base, NID_authority_key_identifier)) @@ -1161,6 +1177,8 @@ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) return 0; /* Delta CRL number must exceed full CRL number */ + if (delta->crl_number == NULL) + return 0; return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0; } @@ -1169,7 +1187,7 @@ * retrieve a chain of deltas... */ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, - X509_CRL *base, STACK_OF(X509_CRL) *crls) + X509_CRL *base, STACK_OF(X509_CRL) *crls) { X509_CRL *delta; int i; @@ -1199,7 +1217,7 @@ * is rejected, otherwise reasons is updated. */ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, - unsigned int *preasons, X509_CRL *crl, X509 *x) + unsigned int *preasons, X509_CRL *crl, X509 *x) { int crl_score = 0; unsigned int tmp_reasons = *preasons, crl_reasons; @@ -1255,11 +1273,10 @@ *preasons = tmp_reasons; return crl_score; - } static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, - X509 **pissuer, int *pcrl_score) + X509 **pissuer, int *pcrl_score) { X509 *crl_issuer = NULL; const X509_NAME *cnm = X509_CRL_get_issuer(crl); @@ -1318,7 +1335,7 @@ */ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) { - X509_STORE_CTX crl_ctx = {0}; + X509_STORE_CTX crl_ctx = { 0 }; int ret; /* Don't allow recursive CRL path validation */ @@ -1341,7 +1358,7 @@ /* Check chain is acceptable */ ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); - err: +err: X509_STORE_CTX_cleanup(&crl_ctx); return ret; } @@ -1355,8 +1372,8 @@ * RFC5280 version */ static int check_crl_chain(X509_STORE_CTX *ctx, - STACK_OF(X509) *cert_path, - STACK_OF(X509) *crl_path) + STACK_OF(X509) *cert_path, + STACK_OF(X509) *crl_path) { X509 *cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); X509 *crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); @@ -1424,7 +1441,6 @@ } return 0; - } static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) @@ -1448,7 +1464,7 @@ /* Check CRLDP and IDP */ static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, - unsigned int *preasons) + unsigned int *preasons) { int i; @@ -1467,14 +1483,14 @@ if (crldp_check_crlissuer(dp, crl, crl_score)) { if (crl->idp == NULL - || idp_check_dp(dp->distpoint, crl->idp->distpoint)) { + || idp_check_dp(dp->distpoint, crl->idp->distpoint)) { *preasons &= dp->dp_reasons; return 1; } } } return (crl->idp == NULL || crl->idp->distpoint == NULL) - && (crl_score & CRL_SCORE_ISSUER_NAME) != 0; + && (crl_score & CRL_SCORE_ISSUER_NAME) != 0; } /* @@ -1482,7 +1498,7 @@ * to find a delta CRL too */ static int get_crl_delta(X509_STORE_CTX *ctx, - X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) + X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) { int ok; X509 *issuer = NULL; @@ -1494,7 +1510,7 @@ reasons = ctx->current_reasons; ok = get_crl_sk(ctx, &crl, &dcrl, - &issuer, &crl_score, &reasons, ctx->crls); + &issuer, &crl_score, &reasons, ctx->crls); if (ok) goto done; @@ -1509,7 +1525,7 @@ sk_X509_CRL_pop_free(skcrl, X509_CRL_free); - done: +done: /* If we got any kind of CRL use it and return success */ if (crl != NULL) { ctx->current_issuer = issuer; @@ -1533,17 +1549,16 @@ /* If we have an alternative CRL issuer cert use that */ if (ctx->current_issuer != NULL) { issuer = ctx->current_issuer; - /* - * Else find CRL issuer: if not last certificate then issuer is next - * certificate in chain. - */ + /* + * Else find CRL issuer: if not last certificate then issuer is next + * certificate in chain. + */ } else if (cnum < chnum) { issuer = sk_X509_value(ctx->chain, cnum + 1); } else { issuer = sk_X509_value(ctx->chain, chnum); /* If not self-issued, can't check signature */ - if (!ctx->check_issued(ctx, issuer, issuer) && - !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)) + if (!ctx->check_issued(ctx, issuer, issuer) && !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)) return 0; } @@ -1555,33 +1570,25 @@ */ if (crl->base_crl_number == NULL) { /* Check for cRLSign bit if keyUsage present */ - if ((issuer->ex_flags & EXFLAG_KUSAGE) != 0 && - (issuer->ex_kusage & KU_CRL_SIGN) == 0 && - !verify_cb_crl(ctx, X509_V_ERR_KEYUSAGE_NO_CRL_SIGN)) + if ((issuer->ex_flags & EXFLAG_KUSAGE) != 0 && (issuer->ex_kusage & KU_CRL_SIGN) == 0 && !verify_cb_crl(ctx, X509_V_ERR_KEYUSAGE_NO_CRL_SIGN)) return 0; - if ((ctx->current_crl_score & CRL_SCORE_SCOPE) == 0 && - !verify_cb_crl(ctx, X509_V_ERR_DIFFERENT_CRL_SCOPE)) + if ((ctx->current_crl_score & CRL_SCORE_SCOPE) == 0 && !verify_cb_crl(ctx, X509_V_ERR_DIFFERENT_CRL_SCOPE)) return 0; - if ((ctx->current_crl_score & CRL_SCORE_SAME_PATH) == 0 && - check_crl_path(ctx, ctx->current_issuer) <= 0 && - !verify_cb_crl(ctx, X509_V_ERR_CRL_PATH_VALIDATION_ERROR)) + if ((ctx->current_crl_score & CRL_SCORE_SAME_PATH) == 0 && check_crl_path(ctx, ctx->current_issuer) <= 0 && !verify_cb_crl(ctx, X509_V_ERR_CRL_PATH_VALIDATION_ERROR)) return 0; - if ((crl->idp_flags & IDP_INVALID) != 0 && - !verify_cb_crl(ctx, X509_V_ERR_INVALID_EXTENSION)) + if ((crl->idp_flags & IDP_INVALID) != 0 && !verify_cb_crl(ctx, X509_V_ERR_INVALID_EXTENSION)) return 0; } - if ((ctx->current_crl_score & CRL_SCORE_TIME) == 0 && - !check_crl_time(ctx, crl, 1)) + if ((ctx->current_crl_score & CRL_SCORE_TIME) == 0 && !check_crl_time(ctx, crl, 1)) return 0; /* Attempt to get issuer certificate public key */ ikey = X509_get0_pubkey(issuer); - if (ikey == NULL && - !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) + if (ikey == NULL && !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) return 0; if (ikey != NULL) { @@ -1590,8 +1597,7 @@ if (rv != X509_V_OK && !verify_cb_crl(ctx, rv)) return 0; /* Verify CRL signature */ - if (X509_CRL_verify(crl, ikey) <= 0 && - !verify_cb_crl(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE)) + if (X509_CRL_verify(crl, ikey) <= 0 && !verify_cb_crl(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE)) return 0; } return 1; @@ -1609,8 +1615,7 @@ * change the meaning of CRL entries. */ if ((ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) == 0 - && (crl->flags & EXFLAG_CRITICAL) != 0 && - !verify_cb_crl(ctx, X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION)) + && (crl->flags & EXFLAG_CRITICAL) != 0 && !verify_cb_crl(ctx, X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION)) return 0; /* * Look for serial number of certificate in CRL. If found, make sure @@ -1646,7 +1651,7 @@ if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) goto memerr; ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, - ctx->param->policies, ctx->param->flags); + ctx->param->policies, ctx->param->flags); if (ctx->bare_ta_signed) (void)sk_X509_pop(ctx->chain); @@ -1663,7 +1668,7 @@ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0) cbcalled = 1; CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0, - ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); + ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION); } if (!cbcalled) { /* Should not be able to get here */ @@ -1697,7 +1702,7 @@ return 1; - memerr: +memerr: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return -1; @@ -1755,15 +1760,15 @@ */ xi = NULL; } else if (ossl_x509_likely_issued(xi, xi) != X509_V_OK - /* exceptional case: last cert in the chain is not self-issued */ - && ((ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) == 0)) { + /* exceptional case: last cert in the chain is not self-issued */ + && ((ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) == 0)) { if (n > 0) { n--; ctx->error_depth = n; xs = sk_X509_value(ctx->chain, n); } else { CB_FAIL_IF(1, ctx, xi, 0, - X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); } /* * The below code will certainly not do a @@ -1813,15 +1818,16 @@ * we are free to ignore any key usage restrictions on such certs. */ int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0 - ? X509_V_OK : ossl_x509_signing_allowed(xi, xs); + ? X509_V_OK + : ossl_x509_signing_allowed(xi, xs); CB_FAIL_IF(ret != X509_V_OK, ctx, xi, issuer_depth, ret); if ((pkey = X509_get0_pubkey(xi)) == NULL) { CB_FAIL_IF(1, ctx, xi, issuer_depth, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY); + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY); } else { CB_FAIL_IF(X509_verify(xs, pkey) <= 0, - ctx, xs, n, X509_V_ERR_CERT_SIGNATURE_FAILURE); + ctx, xs, n, X509_V_ERR_CERT_SIGNATURE_FAILURE); } } @@ -1918,7 +1924,7 @@ */ ret = (day >= 0 && sec >= 0) ? -1 : 1; - err: +err: ASN1_TIME_free(asn1_cmp_time); return ret; } @@ -1928,7 +1934,7 @@ * or else 1 if it is past the end, or -1 if it is before the start */ int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, - const ASN1_TIME *start, const ASN1_TIME *end) + const ASN1_TIME *start, const ASN1_TIME *end) { time_t ref_time; time_t *time = NULL; @@ -1959,7 +1965,7 @@ } ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, - int offset_day, long offset_sec, time_t *in_tm) + int offset_day, long offset_sec, time_t *in_tm) { time_t t; @@ -2018,7 +2024,7 @@ * Sadly, returns NULL also on internal error. */ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, - EVP_PKEY *skey, const EVP_MD *md, unsigned int flags) + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags) { X509_CRL *crl = NULL; int i; @@ -2036,7 +2042,8 @@ } /* Issuer names must match */ if (X509_NAME_cmp(X509_CRL_get_issuer(base), - X509_CRL_get_issuer(newer)) != 0) { + X509_CRL_get_issuer(newer)) + != 0) { ERR_raise(ERR_LIB_X509, X509_R_ISSUER_MISMATCH); return NULL; } @@ -2055,8 +2062,7 @@ return NULL; } /* CRLs must verify */ - if (skey != NULL && (X509_CRL_verify(base, skey) <= 0 || - X509_CRL_verify(newer, skey) <= 0)) { + if (skey != NULL && (X509_CRL_verify(base, skey) <= 0 || X509_CRL_verify(newer, skey) <= 0)) { ERR_raise(ERR_LIB_X509, X509_R_CRL_VERIFY_FAILURE); return NULL; } @@ -2116,7 +2122,7 @@ return crl; - memerr: +memerr: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); X509_CRL_free(crl); return NULL; @@ -2229,7 +2235,7 @@ * client/server. */ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust) + int purpose, int trust) { int idx; @@ -2319,7 +2325,7 @@ } int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, - STACK_OF(X509) *chain) + STACK_OF(X509) *chain) { if (ctx == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); @@ -2439,11 +2445,11 @@ } if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, - &ctx->ex_data)) + &ctx->ex_data)) return 1; ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - err: +err: /* * On error clean up allocated storage, if the store context was not * allocated with X509_STORE_CTX_new() this is our last chance to do so. @@ -2500,7 +2506,7 @@ } void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, - time_t t) + time_t t) { X509_VERIFY_PARAM_set_time(ctx->param, t); } @@ -2527,7 +2533,7 @@ } void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, - X509_STORE_CTX_verify_cb verify_cb) + X509_STORE_CTX_verify_cb verify_cb) { ctx->verify_cb = verify_cb; } @@ -2538,7 +2544,7 @@ } void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, - X509_STORE_CTX_verify_fn verify) + X509_STORE_CTX_verify_fn verify) { ctx->verify = verify; } @@ -2650,7 +2656,7 @@ } static unsigned char *dane_i2d(X509 *cert, uint8_t selector, - unsigned int *i2dlen) + unsigned int *i2dlen) { unsigned char *buf = NULL; int len; @@ -2804,14 +2810,13 @@ * DANE match is dispositive, but with PKIX we still need to build a * full chain. */ - if (cmplen == t->dlen && - memcmp(cmpbuf, t->data, cmplen) == 0) { + if (cmplen == t->dlen && memcmp(cmpbuf, t->data, cmplen) == 0) { if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK) matched = 1; if (matched || dane->mdpth < 0) { dane->mdpth = depth; dane->mtlsa = t; - OPENSSL_free(dane->mcert); + X509_free(dane->mcert); dane->mcert = cert; X509_up_ref(cert); } @@ -2861,10 +2866,7 @@ for (i = 0; i < recnum; ++i) { t = sk_danetls_record_value(dane->trecs, i); - if (t->usage != DANETLS_USAGE_DANE_TA || - t->selector != DANETLS_SELECTOR_SPKI || - t->mtype != DANETLS_MATCHING_FULL || - X509_verify(cert, t->spki) <= 0) + if (t->usage != DANETLS_USAGE_DANE_TA || t->selector != DANETLS_SELECTOR_SPKI || t->mtype != DANETLS_MATCHING_FULL || X509_verify(cert, t->spki) <= 0) continue; /* Clear any PKIX-?? matches that failed to extend to a full chain */ @@ -2938,8 +2940,7 @@ if (!check_leaf_suiteb(ctx, cert)) return 0; /* Callback invoked as needed */ - if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 && - !check_id(ctx)) + if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 && !check_id(ctx)) return 0; /* Bypass internal_verify(), issue depth 0 success callback */ ctx->error_depth = 0; @@ -3004,7 +3005,7 @@ goto int_err; #define S_DOUNTRUSTED (1 << 0) /* Search untrusted chain */ -#define S_DOTRUSTED (1 << 1) /* Search trusted store */ +#define S_DOTRUSTED (1 << 1) /* Search trusted store */ #define S_DOALTERNATE (1 << 2) /* Retry with pruned alternate chain */ /* * Set up search policy, untrusted if possible, trusted-first if enabled, @@ -3138,14 +3139,12 @@ X509_free(sk_X509_pop(ctx->chain)); ctx->num_untrusted = num; - if (DANETLS_ENABLED(dane) && - dane->mdpth >= ctx->num_untrusted) { + if (DANETLS_ENABLED(dane) && dane->mdpth >= ctx->num_untrusted) { dane->mdpth = -1; X509_free(dane->mcert); dane->mcert = NULL; } - if (DANETLS_ENABLED(dane) && - dane->pdpth >= ctx->num_untrusted) + if (DANETLS_ENABLED(dane) && dane->pdpth >= ctx->num_untrusted) dane->pdpth = -1; } @@ -3214,8 +3213,7 @@ if ((search & S_DOALTERNATE) != 0 && --alt_untrusted > 0) continue; /* Still no luck and no fallbacks left? */ - if (!may_alternate || (search & S_DOALTERNATE) != 0 || - ctx->num_untrusted < 2) + if (!may_alternate || (search & S_DOALTERNATE) != 0 || ctx->num_untrusted < 2) break; /* Search for a trusted issuer of a shorter chain */ search |= S_DOALTERNATE; @@ -3231,8 +3229,7 @@ if (!ossl_assert(num == ctx->num_untrusted)) goto int_err; curr = sk_X509_value(ctx->chain, num - 1); - issuer = (X509_self_signed(curr, 0) > 0 || num > max_depth) ? - NULL : find_issuer(ctx, sk_untrusted, curr); + issuer = (X509_self_signed(curr, 0) > 0 || num > max_depth) ? NULL : find_issuer(ctx, sk_untrusted, curr); if (issuer == NULL) { /* * Once we have reached a self-signed cert or num > max_depth @@ -3284,7 +3281,7 @@ return 0; case X509_TRUST_UNTRUSTED: default: - switch(ctx->error) { + switch (ctx->error) { case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: @@ -3296,28 +3293,28 @@ break; } CB_FAIL_IF(num > max_depth, - ctx, NULL, num - 1, X509_V_ERR_CERT_CHAIN_TOO_LONG); + ctx, NULL, num - 1, X509_V_ERR_CERT_CHAIN_TOO_LONG); CB_FAIL_IF(DANETLS_ENABLED(dane) - && (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0), - ctx, NULL, num - 1, X509_V_ERR_DANE_NO_MATCH); + && (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0), + ctx, NULL, num - 1, X509_V_ERR_DANE_NO_MATCH); if (X509_self_signed(sk_X509_value(ctx->chain, num - 1), 0) > 0) return verify_cb_cert(ctx, NULL, num - 1, - num == 1 - ? X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT - : X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN); + num == 1 + ? X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + : X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN); return verify_cb_cert(ctx, NULL, num - 1, - ctx->num_untrusted < num - ? X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT - : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY); + ctx->num_untrusted < num + ? X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT + : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY); } - int_err: +int_err: ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); ctx->error = X509_V_ERR_UNSPECIFIED; sk_X509_free(sk_untrusted); return -1; - memerr: +memerr: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; sk_X509_free(sk_untrusted); @@ -3325,8 +3322,8 @@ } STACK_OF(X509) *X509_build_chain(X509 *target, STACK_OF(X509) *certs, - X509_STORE *store, int with_self_signed, - OSSL_LIB_CTX *libctx, const char *propq) + X509_STORE *store, int with_self_signed, + OSSL_LIB_CTX *libctx, const char *propq) { int finish_chain = store != NULL; X509_STORE_CTX *ctx; @@ -3361,7 +3358,7 @@ result = NULL; } - err: +err: X509_STORE_CTX_free(ctx); return result; } @@ -3419,8 +3416,8 @@ int ret, val; ret = EVP_PKEY_get_int_param(pkey, - OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, - &val); + OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, + &val); return ret == 1 ? !val : -1; } --- crypto/openssl/crypto/x509/x509_vpm.c.orig +++ crypto/openssl/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,7 +34,7 @@ } static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, - const char *name, size_t namelen) + const char *name, size_t namelen) { char *copy; @@ -45,7 +45,7 @@ if (namelen == 0 || name == NULL) namelen = name ? strlen(name) : 0; else if (name != NULL - && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen) != NULL) + && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen) != NULL) return 0; if (namelen > 0 && name[namelen - 1] == '\0') --namelen; @@ -61,8 +61,7 @@ if (copy == NULL) return 0; - if (vpm->hosts == NULL && - (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { + if (vpm->hosts == NULL && (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { OPENSSL_free(copy); return 0; } @@ -146,12 +145,12 @@ /* Macro to test and copy a field if necessary */ -#define x509_verify_param_copy(field, def) \ +#define x509_verify_param_copy(field, def) \ if (test_x509_verify_param_copy(field, def)) \ dest->field = src->field; int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, - const X509_VERIFY_PARAM *src) + const X509_VERIFY_PARAM *src) { unsigned long inh_flags; int to_default, to_overwrite; @@ -198,8 +197,7 @@ sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); dest->hosts = NULL; if (src->hosts != NULL) { - dest->hosts = - sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); + dest->hosts = sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); if (dest->hosts == NULL) return 0; } @@ -219,7 +217,7 @@ } int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, - const X509_VERIFY_PARAM *from) + const X509_VERIFY_PARAM *from) { unsigned long save_flags; int ret; @@ -236,7 +234,7 @@ } static int int_x509_param_set1(char **pdest, size_t *pdestlen, - const char *src, size_t srclen) + const char *src, size_t srclen) { char *tmp; @@ -276,7 +274,7 @@ } int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, - unsigned long flags) + unsigned long flags) { param->flags &= ~flags; return 1; @@ -330,7 +328,7 @@ } int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, - ASN1_OBJECT *policy) + ASN1_OBJECT *policy) { if (param->policies == NULL) { param->policies = sk_ASN1_OBJECT_new_null(); @@ -344,7 +342,7 @@ } int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, - STACK_OF(ASN1_OBJECT) *policies) + STACK_OF(ASN1_OBJECT) *policies) { int i; ASN1_OBJECT *oid, *doid; @@ -384,19 +382,19 @@ } int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen) + const char *name, size_t namelen) { return int_x509_param_set_hosts(param, SET_HOST, name, namelen); } int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen) + const char *name, size_t namelen) { return int_x509_param_set_hosts(param, ADD_HOST, name, namelen); } void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned int flags) + unsigned int flags) { param->hostflags = flags; } @@ -417,7 +415,7 @@ * the target peername. */ void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to, - X509_VERIFY_PARAM *from) + X509_VERIFY_PARAM *from) { char *peername = (from != NULL) ? from->peername : NULL; @@ -435,14 +433,13 @@ } int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const char *email, size_t emaillen) + const char *email, size_t emaillen) { return int_x509_param_set1(¶m->email, ¶m->emaillen, - email, emaillen); + email, emaillen); } -static unsigned char -*int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen) +static unsigned char *int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen) { if (param == NULL || param->ip == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); @@ -462,14 +459,14 @@ } int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, - const unsigned char *ip, size_t iplen) + const unsigned char *ip, size_t iplen) { if (iplen != 0 && iplen != 4 && iplen != 16) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } return int_x509_param_set1((char **)¶m->ip, ¶m->iplen, - (char *)ip, iplen); + (char *)ip, iplen); } int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) @@ -506,61 +503,56 @@ */ static const X509_VERIFY_PARAM default_table[] = { - { - "default", /* X509 default parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - X509_V_FLAG_TRUSTED_FIRST, /* flags */ - 0, /* purpose */ - 0, /* trust */ - 100, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { - "pkcs7", /* S/MIME sign parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - 0, /* flags */ - X509_PURPOSE_SMIME_SIGN, /* purpose */ - X509_TRUST_EMAIL, /* trust */ - -1, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { - "smime_sign", /* S/MIME sign parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - 0, /* flags */ - X509_PURPOSE_SMIME_SIGN, /* purpose */ - X509_TRUST_EMAIL, /* trust */ - -1, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { - "ssl_client", /* SSL/TLS client parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - 0, /* flags */ - X509_PURPOSE_SSL_CLIENT, /* purpose */ - X509_TRUST_SSL_CLIENT, /* trust */ - -1, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { - "ssl_server", /* SSL/TLS server parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - 0, /* flags */ - X509_PURPOSE_SSL_SERVER, /* purpose */ - X509_TRUST_SSL_SERVER, /* trust */ - -1, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id} + { "default", /* X509 default parameters */ + 0, /* check time to use */ + 0, /* inheritance flags */ + X509_V_FLAG_TRUSTED_FIRST, /* flags */ + 0, /* purpose */ + 0, /* trust */ + 100, /* depth */ + -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id }, + { "pkcs7", /* S/MIME sign parameters */ + 0, /* check time to use */ + 0, /* inheritance flags */ + 0, /* flags */ + X509_PURPOSE_SMIME_SIGN, /* purpose */ + X509_TRUST_EMAIL, /* trust */ + -1, /* depth */ + -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id }, + { "smime_sign", /* S/MIME sign parameters */ + 0, /* check time to use */ + 0, /* inheritance flags */ + 0, /* flags */ + X509_PURPOSE_SMIME_SIGN, /* purpose */ + X509_TRUST_EMAIL, /* trust */ + -1, /* depth */ + -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id }, + { "ssl_client", /* SSL/TLS client parameters */ + 0, /* check time to use */ + 0, /* inheritance flags */ + 0, /* flags */ + X509_PURPOSE_SSL_CLIENT, /* purpose */ + X509_TRUST_SSL_CLIENT, /* trust */ + -1, /* depth */ + -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id }, + { "ssl_server", /* SSL/TLS server parameters */ + 0, /* check time to use */ + 0, /* inheritance flags */ + 0, /* flags */ + X509_PURPOSE_SSL_SERVER, /* purpose */ + X509_TRUST_SSL_SERVER, /* trust */ + -1, /* depth */ + -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id } }; static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; @@ -574,7 +566,7 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table); static int param_cmp(const X509_VERIFY_PARAM *const *a, - const X509_VERIFY_PARAM *const *b) + const X509_VERIFY_PARAM *const *b) { return strcmp((*a)->name, (*b)->name); } @@ -614,6 +606,11 @@ { int num = OSSL_NELEM(default_table); + if (id < 0) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); + return NULL; + } + if (id < num) return default_table + id; return sk_X509_VERIFY_PARAM_value(param_table, id - num); --- crypto/openssl/crypto/x509/x509cset.c.orig +++ crypto/openssl/crypto/x509/x509cset.c @@ -119,7 +119,7 @@ } void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg) + const X509_ALGOR **palg) { if (psig != NULL) *psig = &crl->signature; --- crypto/openssl/crypto/x509/x509name.c.orig +++ crypto/openssl/crypto/x509/x509name.c @@ -17,7 +17,7 @@ #include "crypto/x509.h" int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, - char *buf, int len) + char *buf, int len) { ASN1_OBJECT *obj; @@ -28,7 +28,7 @@ } int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, - char *buf, int len) + char *buf, int len) { int i; const ASN1_STRING *data; @@ -69,7 +69,7 @@ /* NOTE: you should be passing -1, not 0 as lastpos */ int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, - int lastpos) + int lastpos) { int n; X509_NAME_ENTRY *ne; @@ -139,8 +139,8 @@ } int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len, int loc, - int set) + const unsigned char *bytes, int len, int loc, + int set) { X509_NAME_ENTRY *ne; int ret; @@ -154,8 +154,8 @@ } int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, - const unsigned char *bytes, int len, int loc, - int set) + const unsigned char *bytes, int len, int loc, + int set) { X509_NAME_ENTRY *ne; int ret; @@ -168,8 +168,8 @@ } int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, - const unsigned char *bytes, int len, int loc, - int set) + const unsigned char *bytes, int len, int loc, + int set) { X509_NAME_ENTRY *ne; int ret; @@ -186,7 +186,7 @@ * guy we are about to stomp on. */ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, - int set) + int set) { X509_NAME_ENTRY *new_name = NULL; int n, i, inc; @@ -210,7 +210,7 @@ } else { set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; } - } else { /* if (set >= 0) */ + } else { /* if (set >= 0) */ if (loc >= n) { if (loc != 0) @@ -234,15 +234,15 @@ sk_X509_NAME_ENTRY_value(sk, i)->set += 1; } return 1; - err: +err: X509_NAME_ENTRY_free(new_name); return 0; } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - const char *field, int type, - const unsigned char *bytes, - int len) + const char *field, int type, + const unsigned char *bytes, + int len) { ASN1_OBJECT *obj; X509_NAME_ENTRY *nentry; @@ -250,7 +250,7 @@ obj = OBJ_txt2obj(field, 0); if (obj == NULL) { ERR_raise_data(ERR_LIB_X509, X509_R_INVALID_FIELD_NAME, - "name=%s", field); + "name=%s", field); return NULL; } nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); @@ -259,9 +259,9 @@ } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type, - const unsigned char *bytes, - int len) + int type, + const unsigned char *bytes, + int len) { ASN1_OBJECT *obj; X509_NAME_ENTRY *nentry; @@ -277,9 +277,9 @@ } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, - int len) + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len) { X509_NAME_ENTRY *ret; @@ -297,7 +297,7 @@ if ((ne != NULL) && (*ne == NULL)) *ne = ret; return ret; - err: +err: if ((ne == NULL) || (ret != *ne)) X509_NAME_ENTRY_free(ret); return NULL; @@ -315,7 +315,7 @@ } int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - const unsigned char *bytes, int len) + const unsigned char *bytes, int len) { int i; @@ -323,8 +323,10 @@ return 0; if ((type > 0) && (type & MBSTRING_FLAG)) return ASN1_STRING_set_by_NID(&ne->value, bytes, - len, type, - OBJ_obj2nid(ne->object)) ? 1 : 0; + len, type, + OBJ_obj2nid(ne->object)) + ? 1 + : 0; if (len < 0) len = strlen((const char *)bytes); i = ASN1_STRING_set(ne->value, bytes, len); --- crypto/openssl/crypto/x509/x509type.c.orig +++ crypto/openssl/crypto/x509/x509type.c @@ -32,7 +32,7 @@ switch (EVP_PKEY_get_id(pk)) { case EVP_PKEY_RSA: ret = EVP_PK_RSA | EVP_PKT_SIGN; -/* if (!sign only extension) */ + /* if (!sign only extension) */ ret |= EVP_PKT_ENC; break; case EVP_PKEY_RSA_PSS: --- crypto/openssl/crypto/x509/x_all.c.orig +++ crypto/openssl/crypto/x509/x_all.c @@ -34,16 +34,16 @@ return 0; return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, - &a->signature, &a->cert_info, - a->distinguishing_id, r, a->libctx, a->propq); + &a->signature, &a->cert_info, + a->distinguishing_id, r, a->libctx, a->propq); } int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg, - a->signature, &a->req_info, a->distinguishing_id, - r, libctx, propq); + a->signature, &a->req_info, a->distinguishing_id, + r, libctx, propq); } int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) @@ -54,7 +54,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) { return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), - &a->sig_algor, a->signature, a->spkac, r); + &a->sig_algor, a->signature, a->spkac, r); } int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) @@ -73,8 +73,8 @@ */ x->cert_info.enc.modified = 1; return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, - &x->sig_alg, &x->signature, &x->cert_info, NULL, - pkey, md, x->libctx, x->propq); + &x->sig_alg, &x->signature, &x->cert_info, NULL, + pkey, md, x->libctx, x->propq); } int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) @@ -85,20 +85,19 @@ } x->cert_info.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), - &x->cert_info.signature, - &x->sig_alg, &x->signature, &x->cert_info, ctx); + &x->cert_info.signature, + &x->sig_alg, &x->signature, &x->cert_info, ctx); } static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, - int timeout, const ASN1_ITEM *it) + int timeout, const ASN1_ITEM *it) { - size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ? - OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN; + size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ? OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN; BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */, - bio, rbio, NULL /* cb */, NULL /* arg */, - 1024 /* buf_size */, NULL /* headers */, - NULL /* expected_ct */, 1 /* expect_asn1 */, - max_resp_len, timeout); + bio, rbio, NULL /* cb */, NULL /* arg */, + 1024 /* buf_size */, NULL /* headers */, + NULL /* expected_ct */, 1 /* expect_asn1 */, + max_resp_len, timeout); ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL); BIO_free(mem); @@ -108,7 +107,7 @@ X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) { return (X509 *)simple_get_asn1(url, bio, rbio, timeout, - ASN1_ITEM_rptr(X509)); + ASN1_ITEM_rptr(X509)); } int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) @@ -119,8 +118,8 @@ } x->req_info.enc.modified = 1; return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, - x->signature, &x->req_info, NULL, - pkey, md, x->libctx, x->propq); + x->signature, &x->req_info, NULL, + pkey, md, x->libctx, x->propq); } int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) @@ -131,8 +130,8 @@ } x->req_info.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), - &x->sig_alg, NULL, x->signature, &x->req_info, - ctx); + &x->sig_alg, NULL, x->signature, &x->req_info, + ctx); } int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) @@ -143,8 +142,8 @@ } x->crl.enc.modified = 1; return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, - &x->sig_alg, &x->signature, &x->crl, NULL, - pkey, md, x->libctx, x->propq); + &x->sig_alg, &x->signature, &x->crl, NULL, + pkey, md, x->libctx, x->propq); } int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) @@ -155,21 +154,20 @@ } x->crl.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), - &x->crl.sig_alg, &x->sig_alg, &x->signature, - &x->crl, ctx); + &x->crl.sig_alg, &x->sig_alg, &x->signature, + &x->crl, ctx); } X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) { return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout, - ASN1_ITEM_rptr(X509_CRL)); + ASN1_ITEM_rptr(X509_CRL)); } int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { - return - ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, - x->signature, x->spkac, NULL, pkey, md, NULL, NULL); + return ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, + x->signature, x->spkac, NULL, pkey, md, NULL, NULL); } #ifndef OPENSSL_NO_STDIO @@ -311,8 +309,9 @@ RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) { return ASN1_d2i_fp((void *(*)(void)) - RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp, - (void **)rsa); + RSA_new, + (D2I_OF(void))d2i_RSA_PUBKEY, fp, + (void **)rsa); } int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa) @@ -357,7 +356,7 @@ } #ifndef OPENSSL_NO_DSA -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) { return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); @@ -377,7 +376,7 @@ { return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); } -# endif +#endif DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) { @@ -402,7 +401,7 @@ #endif #ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) { return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); @@ -422,7 +421,7 @@ { return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); } -# endif +#endif EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) { return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); @@ -445,7 +444,7 @@ #endif int X509_pubkey_digest(const X509 *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) + unsigned char *md, unsigned int *len) { ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data); @@ -455,10 +454,10 @@ } int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data, - unsigned int *len) + unsigned int *len) { if (EVP_MD_is_a(md, SN_sha1) && (cert->ex_flags & EXFLAG_SET) != 0 - && (cert->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { + && (cert->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { /* Asking for SHA1 and we already computed it. */ if (len != NULL) *len = sizeof(cert->sha1_hash); @@ -466,12 +465,12 @@ return 1; } return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert, - data, len, cert->libctx, cert->propq); + data, len, cert->libctx, cert->propq); } /* calculate cert digest using the same hash algorithm as in its signature */ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, - EVP_MD **md_used, int *md_is_fallback) + EVP_MD **md_used, int *md_is_fallback) { unsigned int len; unsigned char hash[EVP_MAX_MD_SIZE]; @@ -503,8 +502,8 @@ if (pss == NULL || !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md, - &saltlen, - &trailerfield) + &saltlen, + &trailerfield) || mmd == NULL) { RSA_PSS_PARAMS_free(pss); ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); @@ -513,7 +512,8 @@ RSA_PSS_PARAMS_free(pss); /* Fetch explicitly and do not fallback */ if ((md = EVP_MD_fetch(cert->libctx, EVP_MD_get0_name(mmd), - cert->propq)) == NULL) + cert->propq)) + == NULL) /* Error code from fetch is sufficient */ return NULL; } else if (pknid != NID_undef) { @@ -530,7 +530,8 @@ break; } if ((md = EVP_MD_fetch(cert->libctx, md_name, - cert->propq)) == NULL) + cert->propq)) + == NULL) return NULL; if (md_is_fallback != NULL) *md_is_fallback = 1; @@ -540,13 +541,14 @@ return NULL; } } else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid), - cert->propq)) == NULL - && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) { + cert->propq)) + == NULL + && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) { ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); return NULL; } if (!X509_digest(cert, md, hash, &len) - || (new = ASN1_OCTET_STRING_new()) == NULL) + || (new = ASN1_OCTET_STRING_new()) == NULL) goto err; if (ASN1_OCTET_STRING_set(new, hash, len)) { if (md_used != NULL) @@ -556,21 +558,21 @@ return new; } ASN1_OCTET_STRING_free(new); - err: +err: EVP_MD_free(md); return NULL; } int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) + unsigned char *md, unsigned int *len) { if (type == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (EVP_MD_is_a(type, SN_sha1) - && (data->flags & EXFLAG_SET) != 0 - && (data->flags & EXFLAG_NO_FINGERPRINT) == 0) { + && (data->flags & EXFLAG_SET) != 0 + && (data->flags & EXFLAG_NO_FINGERPRINT) == 0) { /* Asking for SHA1; always computed in CRL d2i. */ if (len != NULL) *len = sizeof(data->sha1_hash); @@ -578,29 +580,29 @@ return 1; } return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL), type, (char *)data, - md, len, data->libctx, data->propq); + md, len, data->libctx, data->propq); } int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) + unsigned char *md, unsigned int *len) { return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ), type, (char *)data, - md, len, data->libctx, data->propq); + md, len, data->libctx, data->propq); } int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) + unsigned char *md, unsigned int *len) { return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data, - md, len); + md, len); } int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, - const EVP_MD *type, unsigned char *md, - unsigned int *len) + const EVP_MD *type, unsigned char *md, + unsigned int *len) { return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, - (char *)data, md, len); + (char *)data, md, len); } #ifndef OPENSSL_NO_STDIO @@ -629,7 +631,7 @@ X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk) { return ASN1_d2i_fp_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY, - fp, xpk); + fp, xpk); } int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk) @@ -641,7 +643,7 @@ X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk) { return ASN1_d2i_bio_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY, - bp, xpk); + bp, xpk); } int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk) @@ -651,16 +653,16 @@ #ifndef OPENSSL_NO_STDIO PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, - PKCS8_PRIV_KEY_INFO **p8inf) + PKCS8_PRIV_KEY_INFO **p8inf) { return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, - d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); + d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); } int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf) { return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp, - p8inf); + p8inf); } int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key) @@ -687,7 +689,7 @@ } EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { BIO *b; void *ret; @@ -715,16 +717,16 @@ #endif PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, - PKCS8_PRIV_KEY_INFO **p8inf) + PKCS8_PRIV_KEY_INFO **p8inf) { return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, - d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); + d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); } int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf) { return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp, - p8inf); + p8inf); } int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key) @@ -751,7 +753,7 @@ } EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { BUF_MEM *b = NULL; const unsigned char *p; @@ -764,7 +766,7 @@ p = (unsigned char *)b->data; ret = d2i_AutoPrivateKey_ex(a, &p, len, libctx, propq); - err: +err: BUF_MEM_free(b); return ret; } --- crypto/openssl/crypto/x509/x_attrib.c.orig +++ crypto/openssl/crypto/x509/x_attrib.c @@ -26,8 +26,8 @@ */ ASN1_SEQUENCE(X509_ATTRIBUTE) = { - ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), - ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) + ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), + ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) } ASN1_SEQUENCE_END(X509_ATTRIBUTE) IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) @@ -51,7 +51,7 @@ ASN1_TYPE_set(val, atrtype, value); return ret; - err: +err: X509_ATTRIBUTE_free(ret); ASN1_TYPE_free(val); return NULL; --- crypto/openssl/crypto/x509/x_crl.c.orig +++ crypto/openssl/crypto/x509/x_crl.c @@ -16,19 +16,19 @@ #include "x509_local.h" static int X509_REVOKED_cmp(const X509_REVOKED *const *a, - const X509_REVOKED *const *b); + const X509_REVOKED *const *b); static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); ASN1_SEQUENCE(X509_REVOKED) = { - ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER), - ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), - ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) + ASN1_EMBED(X509_REVOKED, serialNumber, ASN1_INTEGER), + ASN1_SIMPLE(X509_REVOKED, revocationDate, ASN1_TIME), + ASN1_SEQUENCE_OF_OPT(X509_REVOKED, extensions, X509_EXTENSION) } ASN1_SEQUENCE_END(X509_REVOKED) static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); static int def_crl_lookup(X509_CRL *crl, - X509_REVOKED **ret, const ASN1_INTEGER *serial, - const X509_NAME *issuer); + X509_REVOKED **ret, const ASN1_INTEGER *serial, + const X509_NAME *issuer); static X509_CRL_METHOD int_crl_meth = { 0, @@ -45,7 +45,7 @@ * revoked field. */ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; @@ -63,15 +63,14 @@ return 1; } - ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { - ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), - ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), - ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), - ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), - ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), - ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) + ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), + ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR), + ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), + ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), + ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), + ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), + ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) /* @@ -95,7 +94,7 @@ ASN1_ENUMERATED *reason; X509_EXTENSION *ext; gtmp = X509_REVOKED_get_ext_d2i(rev, - NID_certificate_issuer, &j, NULL); + NID_certificate_issuer, &j, NULL); if (!gtmp && (j != -1)) { crl->flags |= EXFLAG_INVALID; return 1; @@ -142,11 +141,9 @@ break; } } - } return 1; - } /* @@ -154,7 +151,7 @@ * and hash of the whole CRL or set EXFLAG_NO_FINGERPRINT if this fails. */ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { X509_CRL *crl = (X509_CRL *)*pval; STACK_OF(X509_EXTENSION) *exts; @@ -191,30 +188,29 @@ if (!X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL)) crl->flags |= EXFLAG_NO_FINGERPRINT; crl->idp = X509_CRL_get_ext_d2i(crl, - NID_issuing_distribution_point, &i, - NULL); + NID_issuing_distribution_point, &i, + NULL); if (crl->idp != NULL) { if (!setup_idp(crl, crl->idp)) crl->flags |= EXFLAG_INVALID; - } - else if (i != -1) { + } else if (i != -1) { crl->flags |= EXFLAG_INVALID; } crl->akid = X509_CRL_get_ext_d2i(crl, - NID_authority_key_identifier, &i, - NULL); + NID_authority_key_identifier, &i, + NULL); if (crl->akid == NULL && i != -1) crl->flags |= EXFLAG_INVALID; crl->crl_number = X509_CRL_get_ext_d2i(crl, - NID_crl_number, &i, NULL); + NID_crl_number, &i, NULL); if (crl->crl_number == NULL && i != -1) crl->flags |= EXFLAG_INVALID; crl->base_crl_number = X509_CRL_get_ext_d2i(crl, - NID_delta_crl, &i, - NULL); + NID_delta_crl, &i, + NULL); if (crl->base_crl_number == NULL && i != -1) crl->flags |= EXFLAG_INVALID; /* Delta CRLs must have CRL number */ @@ -270,14 +266,12 @@ sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); OPENSSL_free(crl->propq); break; - case ASN1_OP_DUP_POST: - { - X509_CRL *old = exarg; + case ASN1_OP_DUP_POST: { + X509_CRL *old = exarg; - if (!ossl_x509_crl_set0_libctx(crl, old->libctx, old->propq)) - return 0; - } - break; + if (!ossl_x509_crl_set0_libctx(crl, old->libctx, old->propq)) + return 0; + } break; } return 1; } @@ -322,9 +316,9 @@ } ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { - ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO), - ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR), - ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING) + ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO), + ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR), + ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) @@ -338,10 +332,10 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) static int X509_REVOKED_cmp(const X509_REVOKED *const *a, - const X509_REVOKED *const *b) + const X509_REVOKED *const *b) { return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber, - (ASN1_STRING *)&(*b)->serialNumber)); + (ASN1_STRING *)&(*b)->serialNumber)); } X509_CRL *X509_CRL_new_ex(OSSL_LIB_CTX *libctx, const char *propq) @@ -379,7 +373,7 @@ } int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, const ASN1_INTEGER *serial) + X509_REVOKED **ret, const ASN1_INTEGER *serial) { if (crl->meth->crl_lookup) return crl->meth->crl_lookup(crl, ret, serial, NULL); @@ -390,20 +384,20 @@ { if (crl->meth->crl_lookup) return crl->meth->crl_lookup(crl, ret, - X509_get0_serialNumber(x), - X509_get_issuer_name(x)); + X509_get0_serialNumber(x), + X509_get_issuer_name(x)); return 0; } static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) { return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CRL_INFO), - &crl->sig_alg, &crl->signature, &crl->crl, NULL, - r, crl->libctx, crl->propq); + &crl->sig_alg, &crl->signature, &crl->crl, NULL, + r, crl->libctx, crl->propq); } static int crl_revoked_issuer_match(X509_CRL *crl, const X509_NAME *nm, - X509_REVOKED *rev) + X509_REVOKED *rev) { int i; @@ -426,12 +420,11 @@ return 1; } return 0; - } static int def_crl_lookup(X509_CRL *crl, - X509_REVOKED **ret, const ASN1_INTEGER *serial, - const X509_NAME *issuer) + X509_REVOKED **ret, const ASN1_INTEGER *serial, + const X509_NAME *issuer) { X509_REVOKED rtmp, *rev; int idx, num; @@ -477,14 +470,14 @@ default_crl_method = meth; } -X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), - int (*crl_free) (X509_CRL *crl), - int (*crl_lookup) (X509_CRL *crl, - X509_REVOKED **ret, - const ASN1_INTEGER *ser, - const X509_NAME *issuer), - int (*crl_verify) (X509_CRL *crl, - EVP_PKEY *pk)) +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl), + int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, + X509_REVOKED **ret, + const ASN1_INTEGER *ser, + const X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, + EVP_PKEY *pk)) { X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m)); @@ -518,7 +511,7 @@ } int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { if (x != NULL) { x->libctx = libctx; --- crypto/openssl/crypto/x509/x_exten.c.orig +++ crypto/openssl/crypto/x509/x_exten.c @@ -14,13 +14,12 @@ #include "x509_local.h" ASN1_SEQUENCE(X509_EXTENSION) = { - ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), - ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), - ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING) + ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), + ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), + ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(X509_EXTENSION) -ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) +ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) --- crypto/openssl/crypto/x509/x_name.c.orig +++ crypto/openssl/crypto/x509/x_name.c @@ -24,28 +24,28 @@ #define X509_NAME_MAX (1024 * 1024) static int x509_name_ex_d2i(ASN1_VALUE **val, - const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx); + const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx); static int x509_name_ex_i2d(const ASN1_VALUE **val, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); + const ASN1_ITEM *it, int tag, int aclass); static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); static int x509_name_encode(X509_NAME *a); static int x509_name_canon(X509_NAME *a); static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in); -static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname, - unsigned char **in); +static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname, + unsigned char **in); static int x509_name_ex_print(BIO *out, const ASN1_VALUE **pval, - int indent, - const char *fname, const ASN1_PCTX *pctx); + int indent, + const char *fname, const ASN1_PCTX *pctx); ASN1_SEQUENCE(X509_NAME_ENTRY) = { - ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), - ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) + ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), + ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) } ASN1_SEQUENCE_END(X509_NAME_ENTRY) IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) @@ -56,30 +56,30 @@ * declare two template wrappers for this */ -ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) +ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) -ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) + ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) + = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) -/* - * Normally that's where it would end: we'd have two nested STACK structures - * representing the ASN1. Unfortunately X509_NAME uses a completely different - * form and caches encodings so we have to process the internal form and - * convert to the external form. - */ + /* + * Normally that's where it would end: we'd have two nested STACK structures + * representing the ASN1. Unfortunately X509_NAME uses a completely different + * form and caches encodings so we have to process the internal form and + * convert to the external form. + */ -static const ASN1_EXTERN_FUNCS x509_name_ff = { - NULL, - x509_name_ex_new, - x509_name_ex_free, - 0, /* Default clear behaviour is OK */ - x509_name_ex_d2i, - x509_name_ex_i2d, - x509_name_ex_print -}; + static const ASN1_EXTERN_FUNCS x509_name_ff + = { + NULL, + x509_name_ex_new, + x509_name_ex_free, + 0, /* Default clear behaviour is OK */ + x509_name_ex_d2i, + x509_name_ex_i2d, + x509_name_ex_print + }; IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) @@ -101,7 +101,7 @@ *val = (ASN1_VALUE *)ret; return 1; - memerr: +memerr: ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); if (ret) { sk_X509_NAME_ENTRY_free(ret->entries); @@ -136,9 +136,9 @@ } static int x509_name_ex_d2i(ASN1_VALUE **val, - const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, - char opt, ASN1_TLC *ctx) + const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx) { const unsigned char *p = *in, *q; union { @@ -163,8 +163,8 @@ /* Get internal representation of Name */ ret = ASN1_item_ex_d2i(&intname.a, - &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), - tag, aclass, opt, ctx); + &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), + tag, aclass, opt, ctx); if (ret <= 0) return ret; @@ -193,23 +193,23 @@ if (!ret) goto err; sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, - local_sk_X509_NAME_ENTRY_free); + local_sk_X509_NAME_ENTRY_free); nm.x->modified = 0; *val = nm.a; *in = p; return ret; - err: +err: if (nm.x != NULL) X509_NAME_free(nm.x); sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, - local_sk_X509_NAME_ENTRY_pop_free); + local_sk_X509_NAME_ENTRY_pop_free); ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } static int x509_name_ex_i2d(const ASN1_VALUE **val, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) + const ASN1_ITEM *it, int tag, int aclass) { int ret; X509_NAME *a = (X509_NAME *)*val; @@ -263,29 +263,30 @@ goto memerr; } len = ASN1_item_ex_i2d(&intname.a, NULL, - ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); + ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); if (!BUF_MEM_grow(a->bytes, len)) goto memerr; p = (unsigned char *)a->bytes->data; ASN1_item_ex_i2d(&intname.a, - &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); + &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, - local_sk_X509_NAME_ENTRY_free); + local_sk_X509_NAME_ENTRY_free); a->modified = 0; return len; - memerr: +memerr: sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, - local_sk_X509_NAME_ENTRY_free); + local_sk_X509_NAME_ENTRY_free); ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } static int x509_name_ex_print(BIO *out, const ASN1_VALUE **pval, - int indent, - const char *fname, const ASN1_PCTX *pctx) + int indent, + const char *fname, const ASN1_PCTX *pctx) { if (X509_NAME_print_ex(out, (const X509_NAME *)*pval, - indent, pctx->nm_flags) <= 0) + indent, pctx->nm_flags) + <= 0) return 0; return 2; } @@ -371,17 +372,17 @@ ret = 1; - err: +err: X509_NAME_ENTRY_free(tmpentry); sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, - local_sk_X509_NAME_ENTRY_pop_free); + local_sk_X509_NAME_ENTRY_pop_free); return ret; } /* Bitmap of all the types of string that will be canonicalized. */ -#define ASN1_MASK_CANON \ - (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ +#define ASN1_MASK_CANON \ + (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ | B_ASN1_VISIBLESTRING) @@ -449,8 +450,7 @@ do { from++; i++; - } - while (ossl_isspace(*from)); + } while (ossl_isspace(*from)); } else { *to++ = ossl_tolower(*from); from++; @@ -461,11 +461,10 @@ out->length = to - out->data; return 1; - } -static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, - unsigned char **in) +static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, + unsigned char **in) { int i, len, ltmp; const ASN1_VALUE *v; @@ -475,7 +474,7 @@ for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) { v = sk_ASN1_VALUE_value(intname, i); ltmp = ASN1_item_ex_i2d(&v, in, - ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); + ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); if (ltmp < 0 || len > INT_MAX - ltmp) return -1; len += ltmp; @@ -508,19 +507,15 @@ OPENSSL_free(b); return 1; } - s = b + 1; /* skip the first slash */ + s = b + 1; /* skip the first slash */ c = s; for (;;) { - if (((*s == '/') && - (ossl_isupper(s[1]) && ((s[2] == '=') || - (ossl_isupper(s[2]) && (s[3] == '=')) - ))) || (*s == '\0')) - { + if (((*s == '/') && (ossl_isupper(s[1]) && ((s[2] == '=') || (ossl_isupper(s[2]) && (s[3] == '='))))) || (*s == '\0')) { i = s - c; if (BIO_write(bp, c, i) != i) goto err; - c = s + 1; /* skip following slash */ + c = s + 1; /* skip following slash */ if (*s != '\0') { if (BIO_write(bp, ", ", 2) != 2) goto err; @@ -533,14 +528,14 @@ OPENSSL_free(b); return 1; - err: +err: ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); OPENSSL_free(b); return 0; } int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, - size_t *pderlen) + size_t *pderlen) { /* Make sure encoding is valid */ if (i2d_X509_NAME(nm, NULL) <= 0) --- crypto/openssl/crypto/x509/x_pubkey.c.orig +++ crypto/openssl/crypto/x509/x_pubkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,7 @@ static int x509_pubkey_decode(EVP_PKEY **pk, const X509_PUBKEY *key); static int x509_pubkey_set0_libctx(X509_PUBKEY *x, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { if (x != NULL) { x->libctx = libctx; @@ -61,20 +61,20 @@ } ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = { - ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), - ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) + ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), + ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) -X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, - long len, OSSL_LIB_CTX *libctx) +X509_PUBKEY +*ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx) { X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); if (xpub == NULL) return NULL; return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), - libctx, NULL); + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), + libctx, NULL); } void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub) @@ -101,14 +101,13 @@ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; return (pubkey->algor != NULL - || (pubkey->algor = X509_ALGOR_new()) != NULL) + || (pubkey->algor = X509_ALGOR_new()) != NULL) && (pubkey->public_key != NULL || (pubkey->public_key = ASN1_BIT_STRING_new()) != NULL); } - static int x509_pubkey_ex_new_ex(ASN1_VALUE **pval, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { X509_PUBKEY *ret; @@ -126,10 +125,10 @@ } static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, - char opt, ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, - const char *propq) + const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq) { const unsigned char *in_saved = *in; size_t publen; @@ -146,10 +145,14 @@ } /* This ensures that |*in| advances properly no matter what */ - if ((ret = ASN1_item_ex_d2i(pval, in, len, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), - tag, aclass, opt, ctx)) <= 0) + if ((ret = asn1_item_embed_d2i(pval, in, len, + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), + tag, aclass, opt, ctx, 0, + NULL, NULL)) + <= 0) { + x509_pubkey_ex_free(pval, it); return ret; + } publen = *in - in_saved; if (!ossl_assert(publen > 0)) { @@ -170,7 +173,7 @@ /* * Try to decode with legacy method first. This ensures that engines - * aren't overriden by providers. + * aren't overridden by providers. */ if ((ret = x509_pubkey_decode(&pubkey->pkey, pubkey)) == -1) { /* -1 indicates a fatal error, like malloc failure */ @@ -185,9 +188,9 @@ size_t slen = publen; /* - * The decoders don't know how to handle anything other than Universal - * class so we modify the data accordingly. - */ + * The decoders don't know how to handle anything other than Universal + * class so we modify the data accordingly. + */ if (aclass != V_ASN1_UNIVERSAL) { tmpbuf = OPENSSL_memdup(in_saved, publen); if (tmpbuf == NULL) { @@ -200,16 +203,17 @@ p = in_saved; if (OBJ_obj2txt(txtoidname, sizeof(txtoidname), - pubkey->algor->algorithm, 0) <= 0) { + pubkey->algor->algorithm, 0) + <= 0) { ERR_clear_last_mark(); goto end; } - if ((dctx = - OSSL_DECODER_CTX_new_for_pkey(&pubkey->pkey, - "DER", "SubjectPublicKeyInfo", - txtoidname, EVP_PKEY_PUBLIC_KEY, - pubkey->libctx, - pubkey->propq)) != NULL) + if ((dctx = OSSL_DECODER_CTX_new_for_pkey(&pubkey->pkey, + "DER", "SubjectPublicKeyInfo", + txtoidname, EVP_PKEY_PUBLIC_KEY, + pubkey->libctx, + pubkey->propq)) + != NULL) /* * As said higher up, we're being opportunistic. In other words, * we don't care if we fail. @@ -229,31 +233,31 @@ ERR_pop_to_mark(); ret = 1; - end: +end: OSSL_DECODER_CTX_free(dctx); OPENSSL_free(tmpbuf); return ret; } static int x509_pubkey_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) + const ASN1_ITEM *it, int tag, int aclass) { return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), - tag, aclass); + tag, aclass); } static int x509_pubkey_ex_print(BIO *out, const ASN1_VALUE **pval, int indent, - const char *fname, const ASN1_PCTX *pctx) + const char *fname, const ASN1_PCTX *pctx) { return ASN1_item_print(out, *pval, indent, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), pctx); + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), pctx); } static const ASN1_EXTERN_FUNCS x509_pubkey_ff = { NULL, NULL, x509_pubkey_ex_free, - 0, /* Default clear behaviour is OK */ + 0, /* Default clear behaviour is OK */ NULL, x509_pubkey_ex_i2d, x509_pubkey_ex_print, @@ -285,14 +289,14 @@ X509_PUBKEY *pubkey = OPENSSL_zalloc(sizeof(*pubkey)); if (pubkey == NULL - || !x509_pubkey_set0_libctx(pubkey, a->libctx, a->propq) - || (pubkey->algor = X509_ALGOR_dup(a->algor)) == NULL - || (pubkey->public_key = ASN1_BIT_STRING_new()) == NULL - || !ASN1_BIT_STRING_set(pubkey->public_key, - a->public_key->data, - a->public_key->length)) { + || !x509_pubkey_set0_libctx(pubkey, a->libctx, a->propq) + || (pubkey->algor = X509_ALGOR_dup(a->algor)) == NULL + || (pubkey->public_key = ASN1_BIT_STRING_new()) == NULL + || !ASN1_BIT_STRING_set(pubkey->public_key, + a->public_key->data, + a->public_key->length)) { x509_pubkey_ex_free((ASN1_VALUE **)&pubkey, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL)); + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL)); ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); return NULL; } @@ -304,7 +308,7 @@ pubkey->flag_force_legacy = 1; if (x509_pubkey_decode(&pubkey->pkey, pubkey) <= 0) { x509_pubkey_ex_free((ASN1_VALUE **)&pubkey, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL)); + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL)); ERR_clear_last_mark(); return NULL; } @@ -340,10 +344,9 @@ } else if (evp_pkey_is_provided(pkey)) { unsigned char *der = NULL; size_t derlen = 0; - OSSL_ENCODER_CTX *ectx = - OSSL_ENCODER_CTX_new_for_pkey(pkey, EVP_PKEY_PUBLIC_KEY, - "DER", "SubjectPublicKeyInfo", - NULL); + OSSL_ENCODER_CTX *ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, EVP_PKEY_PUBLIC_KEY, + "DER", "SubjectPublicKeyInfo", + NULL); if (OSSL_ENCODER_to_data(ectx, &der, &derlen)) { const unsigned char *pder = der; @@ -383,7 +386,7 @@ pk->pkey = pkey; return 1; - error: +error: X509_PUBKEY_free(pk); return 0; } @@ -441,7 +444,7 @@ *ppkey = pkey; return 1; - error: +error: EVP_PKEY_free(pkey); return 0; } @@ -478,13 +481,12 @@ * or decode as X509_PUBKEY */ static EVP_PKEY *d2i_PUBKEY_int(EVP_PKEY **a, - const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq, - unsigned int force_legacy, - X509_PUBKEY * - (*d2i_x509_pubkey)(X509_PUBKEY **a, - const unsigned char **in, - long len)) + const unsigned char **pp, long length, + OSSL_LIB_CTX *libctx, const char *propq, + unsigned int force_legacy, + X509_PUBKEY *(*d2i_x509_pubkey)(X509_PUBKEY **a, + const unsigned char **in, + long len)) { X509_PUBKEY *xpk, *xpk2 = NULL, **pxpk = NULL; EVP_PKEY *pktmp = NULL; @@ -513,7 +515,7 @@ goto end; pktmp = X509_PUBKEY_get(xpk); X509_PUBKEY_free(xpk); - xpk2 = NULL; /* We know that xpk == xpk2 */ + xpk2 = NULL; /* We know that xpk == xpk2 */ if (pktmp == NULL) goto end; *pp = q; @@ -521,20 +523,20 @@ EVP_PKEY_free(*a); *a = pktmp; } - end: +end: X509_PUBKEY_free(xpk2); return pktmp; } /* For the algorithm specific d2i functions further down */ EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, - long length) + long length) { return d2i_PUBKEY_int(a, pp, length, NULL, NULL, 1, d2i_X509_PUBKEY); } EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { return d2i_PUBKEY_int(a, pp, length, libctx, propq, 0, d2i_X509_PUBKEY); } @@ -564,10 +566,9 @@ } X509_PUBKEY_free(xpk); } else if (a->keymgmt != NULL) { - OSSL_ENCODER_CTX *ctx = - OSSL_ENCODER_CTX_new_for_pkey(a, EVP_PKEY_PUBLIC_KEY, - "DER", "SubjectPublicKeyInfo", - NULL); + OSSL_ENCODER_CTX *ctx = OSSL_ENCODER_CTX_new_for_pkey(a, EVP_PKEY_PUBLIC_KEY, + "DER", "SubjectPublicKeyInfo", + NULL); BIO *out = BIO_new(BIO_s_mem()); BUF_MEM *buf = NULL; @@ -833,7 +834,7 @@ } ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length) + const unsigned char **pp, long length) { EVP_PKEY *pkey; ECX_KEY *key = NULL; @@ -874,7 +875,7 @@ } ECX_KEY *ossl_d2i_ED448_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length) + const unsigned char **pp, long length) { EVP_PKEY *pkey; ECX_KEY *key = NULL; @@ -916,7 +917,7 @@ } ECX_KEY *ossl_d2i_X25519_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length) + const unsigned char **pp, long length) { EVP_PKEY *pkey; ECX_KEY *key = NULL; @@ -958,7 +959,7 @@ } ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length) + const unsigned char **pp, long length) { EVP_PKEY *pkey; ECX_KEY *key = NULL; @@ -1002,8 +1003,8 @@ #endif int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, - int ptype, void *pval, - unsigned char *penc, int penclen) + int ptype, void *pval, + unsigned char *penc, int penclen) { if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) return 0; @@ -1019,8 +1020,8 @@ } int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, const X509_PUBKEY *pub) + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, const X509_PUBKEY *pub) { if (ppkalg) *ppkalg = pub->algor->algorithm; @@ -1062,7 +1063,7 @@ } int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq, - const X509_PUBKEY *key) + const X509_PUBKEY *key) { if (plibctx) *plibctx = key->libctx; --- crypto/openssl/crypto/x509/x_req.c.orig +++ crypto/openssl/crypto/x509/x_req.c @@ -33,7 +33,7 @@ */ static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; @@ -46,7 +46,7 @@ } static int req_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { X509_REQ *ret = (X509_REQ *)*pval; @@ -62,66 +62,60 @@ ASN1_OCTET_STRING_free(ret->distinguishing_id); OPENSSL_free(ret->propq); break; - case ASN1_OP_DUP_POST: - { - X509_REQ *old = exarg; + case ASN1_OP_DUP_POST: { + X509_REQ *old = exarg; - if (!ossl_x509_req_set0_libctx(ret, old->libctx, old->propq)) - return 0; - if (old->req_info.pubkey != NULL) { - EVP_PKEY *pkey = X509_PUBKEY_get0(old->req_info.pubkey); - - if (pkey != NULL) { - pkey = EVP_PKEY_dup(pkey); - if (pkey == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!X509_PUBKEY_set(&ret->req_info.pubkey, pkey)) { - EVP_PKEY_free(pkey); - ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); - return 0; - } + if (!ossl_x509_req_set0_libctx(ret, old->libctx, old->propq)) + return 0; + if (old->req_info.pubkey != NULL) { + EVP_PKEY *pkey = X509_PUBKEY_get0(old->req_info.pubkey); + + if (pkey != NULL) { + pkey = EVP_PKEY_dup(pkey); + if (pkey == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!X509_PUBKEY_set(&ret->req_info.pubkey, pkey)) { EVP_PKEY_free(pkey); + ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); + return 0; } + EVP_PKEY_free(pkey); } } - break; - case ASN1_OP_GET0_LIBCTX: - { - OSSL_LIB_CTX **libctx = exarg; + } break; + case ASN1_OP_GET0_LIBCTX: { + OSSL_LIB_CTX **libctx = exarg; - *libctx = ret->libctx; - } - break; - case ASN1_OP_GET0_PROPQ: - { - const char **propq = exarg; + *libctx = ret->libctx; + } break; + case ASN1_OP_GET0_PROPQ: { + const char **propq = exarg; - *propq = ret->propq; - } - break; + *propq = ret->propq; + } break; } return 1; } ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { - ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), - ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), - /* This isn't really OPTIONAL but it gets round invalid - * encodings - */ - ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) + ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), + ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), + /* This isn't really OPTIONAL but it gets round invalid + * encodings + */ + ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) } ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) ASN1_SEQUENCE_ref(X509_REQ, req_cb) = { - ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), - ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) + ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), + ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), + ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) @@ -145,7 +139,7 @@ * Use X509_REQ_new_ex() instead if possible. */ int ossl_x509_req_set0_libctx(X509_REQ *x, OSSL_LIB_CTX *libctx, - const char *propq) + const char *propq) { if (x != NULL) { x->libctx = libctx; --- crypto/openssl/crypto/x509/x_x509.c.orig +++ crypto/openssl/crypto/x509/x_x509.c @@ -16,16 +16,16 @@ #include "crypto/x509.h" ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { - ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), - ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER), - ASN1_EMBED(X509_CINF, signature, X509_ALGOR), - ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), - ASN1_EMBED(X509_CINF, validity, X509_VAL), - ASN1_SIMPLE(X509_CINF, subject, X509_NAME), - ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), - ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), - ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), - ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) + ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), + ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER), + ASN1_EMBED(X509_CINF, signature, X509_ALGOR), + ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), + ASN1_EMBED(X509_CINF, validity, X509_VAL), + ASN1_SIMPLE(X509_CINF, subject, X509_NAME), + ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), + ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), + ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), + ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) } ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) @@ -34,7 +34,7 @@ extern void ossl_policy_cache_free(X509_POLICY_CACHE *cache); static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { X509 *ret = (X509 *)*pval; @@ -98,29 +98,23 @@ OPENSSL_free(ret->propq); break; - case ASN1_OP_DUP_POST: - { - X509 *old = exarg; + case ASN1_OP_DUP_POST: { + X509 *old = exarg; - if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq)) - return 0; - } - break; - case ASN1_OP_GET0_LIBCTX: - { - OSSL_LIB_CTX **libctx = exarg; + if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq)) + return 0; + } break; + case ASN1_OP_GET0_LIBCTX: { + OSSL_LIB_CTX **libctx = exarg; - *libctx = ret->libctx; - } - break; + *libctx = ret->libctx; + } break; - case ASN1_OP_GET0_PROPQ: - { - const char **propq = exarg; + case ASN1_OP_GET0_PROPQ: { + const char **propq = exarg; - *propq = ret->propq; - } - break; + *propq = ret->propq; + } break; default: break; @@ -130,9 +124,9 @@ } ASN1_SEQUENCE_ref(X509, x509_cb) = { - ASN1_EMBED(X509, cert_info, X509_CINF), - ASN1_EMBED(X509, sig_alg, X509_ALGOR), - ASN1_EMBED(X509, signature, ASN1_BIT_STRING) + ASN1_EMBED(X509, cert_info, X509_CINF), + ASN1_EMBED(X509, sig_alg, X509_ALGOR), + ASN1_EMBED(X509, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END_ref(X509, X509) IMPLEMENT_ASN1_FUNCTIONS(X509) @@ -208,7 +202,7 @@ goto err; *pp = q; return ret; - err: +err: if (freeret) { X509_free(ret); if (a) @@ -293,7 +287,7 @@ } void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x) + const X509_ALGOR **palg, const X509 *x) { if (psig) *psig = &x->signature; --- crypto/openssl/crypto/x509/x_x509a.c.orig +++ crypto/openssl/crypto/x509/x_x509a.c @@ -24,11 +24,11 @@ static X509_CERT_AUX *aux_get(X509 *x); ASN1_SEQUENCE(X509_CERT_AUX) = { - ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), - ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), - ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), - ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), - ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) + ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), + ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), + ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), + ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), + ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) } ASN1_SEQUENCE_END(X509_CERT_AUX) IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) @@ -116,7 +116,7 @@ goto err; if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) return 1; - err: +err: ASN1_OBJECT_free(objtmp); return 0; } @@ -137,7 +137,7 @@ if (sk_ASN1_OBJECT_push(aux->reject, objtmp) > 0) res = 1; - err: +err: if (!res) ASN1_OBJECT_free(objtmp); return res; --- crypto/openssl/demos/bio/client-arg.c.orig +++ crypto/openssl/demos/bio/client-arg.c @@ -100,7 +100,7 @@ break; BIO_write(out, tmpbuf, len); } - end: +end: SSL_CONF_CTX_free(cctx); BIO_free_all(sbio); BIO_free(out); --- crypto/openssl/demos/bio/client-conf.c.orig +++ crypto/openssl/demos/bio/client-conf.c @@ -55,7 +55,7 @@ continue; if (rv != -2) { fprintf(stderr, "Error processing %s = %s\n", - cnf->name, cnf->value); + cnf->name, cnf->value); ERR_print_errors_fp(stderr); goto end; } @@ -108,7 +108,7 @@ break; BIO_write(out, tmpbuf, len); } - end: +end: SSL_CONF_CTX_free(cctx); BIO_free_all(sbio); BIO_free(out); --- crypto/openssl/demos/bio/saccept.c.orig +++ crypto/openssl/demos/bio/saccept.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ #include #include -#define CERT_FILE "server.pem" +#define CERT_FILE "server.pem" static volatile int done = 0; @@ -49,7 +49,8 @@ { char *port = NULL; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; char buf[512]; int ret = EXIT_FAILURE, i; @@ -79,11 +80,12 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; /* Arrange to leave server loop on interrupt */ sigsetup(); - again: +again: /* * The first call will setup the accept socket, and the second will get a * socket. In this loop, the first actual accept will occur in the @@ -113,9 +115,10 @@ } ret = EXIT_SUCCESS; - err: +err: if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } --- crypto/openssl/demos/bio/sconnect.c.orig +++ crypto/openssl/demos/bio/sconnect.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -58,7 +58,6 @@ ssl = SSL_new(ssl_ctx); SSL_set_connect_state(ssl); - /* Use it inside an SSL BIO */ ssl_bio = BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); @@ -69,8 +68,10 @@ /* The BIO has parsed the host:port and even IPv6 literals in [] */ hostname = BIO_get_conn_hostname(out); - if (!hostname || SSL_set1_host(ssl, hostname) <= 0) + if (!hostname || SSL_set1_host(ssl, hostname) <= 0) { + BIO_free(ssl_bio); goto err; + } BIO_set_nbio(out, 1); out = BIO_push(ssl_bio, out); @@ -114,14 +115,14 @@ ret = EXIT_SUCCESS; goto done; - err: +err: if (ERR_peek_error() == 0) { /* system call error */ fprintf(stderr, "errno=%d ", errno); perror("error"); } else { ERR_print_errors_fp(stderr); } - done: +done: BIO_free_all(out); SSL_CTX_free(ssl_ctx); return ret; --- crypto/openssl/demos/bio/server-arg.c.orig +++ crypto/openssl/demos/bio/server-arg.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,8 @@ int main(int argc, char *argv[]) { char *port = "*:4433"; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; SSL_CONF_CTX *cctx; char buf[512]; @@ -86,7 +87,7 @@ while (rv) { X509 *x = SSL_CTX_get0_certificate(ctx); X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, - XN_FLAG_ONELINE); + XN_FLAG_ONELINE); printf("\n"); rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT); } @@ -105,8 +106,9 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; - again: +again: /* * The first call will setup the accept socket, and the second will get a * socket. In this loop, the first actual accept will occur in the @@ -136,9 +138,10 @@ } ret = EXIT_SUCCESS; - err: +err: if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } --- crypto/openssl/demos/bio/server-cmod.c.orig +++ crypto/openssl/demos/bio/server-cmod.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,8 @@ unsigned char buf[512]; char *port = "*:4433"; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; int ret = EXIT_FAILURE, i; @@ -52,8 +53,9 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; - again: +again: /* * The first call will setup the accept socket, and the second will get a * socket. In this loop, the first actual accept will occur in the @@ -86,9 +88,10 @@ } ret = EXIT_SUCCESS; - err: +err: if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } --- crypto/openssl/demos/bio/server-conf.c.orig +++ crypto/openssl/demos/bio/server-conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,8 @@ { char *port = "*:4433"; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; SSL_CONF_CTX *cctx = NULL; CONF *conf = NULL; @@ -67,7 +68,7 @@ continue; if (rv != -2) { fprintf(stderr, "Error processing %s = %s\n", - cnf->name, cnf->value); + cnf->name, cnf->value); ERR_print_errors_fp(stderr); goto err; } @@ -97,8 +98,9 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; - again: +again: /* * The first call will setup the accept socket, and the second will get a * socket. In this loop, the first actual accept will occur in the @@ -131,9 +133,10 @@ } ret = EXIT_SUCCESS; - err: +err: if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } --- crypto/openssl/demos/cipher/aesccm.c.orig +++ crypto/openssl/demos/cipher/aesccm.c @@ -67,7 +67,6 @@ OSSL_LIB_CTX *libctx = NULL; const char *propq = NULL; - int aes_ccm_encrypt(void) { int ret = 0; @@ -96,10 +95,10 @@ /* Default nonce length for AES-CCM is 7 bytes (56 bits). */ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &ccm_nonce_len); + &ccm_nonce_len); /* Set tag length */ params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - NULL, ccm_tag_len); + NULL, ccm_tag_len); /* * Initialise encrypt operation with the cipher & mode, @@ -134,7 +133,7 @@ /* Get tag */ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - outtag, ccm_tag_len); + outtag, ccm_tag_len); params[1] = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_get_params(ctx, params)) @@ -180,11 +179,11 @@ /* Set nonce length if default 96 bits is not appropriate */ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &ccm_nonce_len); + &ccm_nonce_len); /* Set tag length */ params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - (unsigned char *)ccm_tag, - sizeof(ccm_tag)); + (unsigned char *)ccm_tag, + sizeof(ccm_tag)); /* * Initialise decrypt operation with the cipher & mode, * nonce length and expected tag parameters. --- crypto/openssl/demos/cipher/aesgcm.c.orig +++ crypto/openssl/demos/cipher/aesgcm.c @@ -94,14 +94,14 @@ /* Set IV length if default 96 bits is not appropriate */ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &gcm_ivlen); + &gcm_ivlen); /* * Initialise an encrypt operation with the cipher/mode, key, IV and * IV length parameter. * For demonstration purposes the IV is being set here. In a compliant * application the IV would be generated internally so the iv passed in - * would be NULL. + * would be NULL. */ if (!EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) goto err; @@ -124,7 +124,7 @@ /* Get tag */ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - outtag, 16); + outtag, 16); if (!EVP_CIPHER_CTX_get_params(ctx, params)) goto err; @@ -169,7 +169,7 @@ /* Set IV length if default 96 bits is not appropriate */ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &gcm_ivlen); + &gcm_ivlen); /* * Initialise an encrypt operation with the cipher/mode, key, IV and @@ -192,7 +192,7 @@ /* Set expected tag value. */ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - (void*)gcm_tag, sizeof(gcm_tag)); + (void *)gcm_tag, sizeof(gcm_tag)); if (!EVP_CIPHER_CTX_set_params(ctx, params)) goto err; --- crypto/openssl/demos/cipher/aeskeywrap.c.orig +++ crypto/openssl/demos/cipher/aeskeywrap.c @@ -27,22 +27,102 @@ /* Unique initialisation vector */ static const unsigned char wrap_iv[] = { - 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84, - 0x99, 0xaa, 0x3e, 0x68, + 0x99, + 0xaa, + 0x3e, + 0x68, + 0xed, + 0x81, + 0x73, + 0xa0, + 0xee, + 0xd0, + 0x66, + 0x84, + 0x99, + 0xaa, + 0x3e, + 0x68, }; /* Example plaintext to encrypt */ static const unsigned char wrap_pt[] = { - 0xad, 0x4f, 0xc9, 0xfc, 0x77, 0x69, 0xc9, 0xea, 0xfc, 0xdf, 0x00, 0xac, - 0x34, 0xec, 0x40, 0xbc, 0x28, 0x3f, 0xa4, 0x5e, 0xd8, 0x99, 0xe4, 0x5d, - 0x5e, 0x7a, 0xc4, 0xe6, 0xca, 0x7b, 0xa5, 0xb7, + 0xad, + 0x4f, + 0xc9, + 0xfc, + 0x77, + 0x69, + 0xc9, + 0xea, + 0xfc, + 0xdf, + 0x00, + 0xac, + 0x34, + 0xec, + 0x40, + 0xbc, + 0x28, + 0x3f, + 0xa4, + 0x5e, + 0xd8, + 0x99, + 0xe4, + 0x5d, + 0x5e, + 0x7a, + 0xc4, + 0xe6, + 0xca, + 0x7b, + 0xa5, + 0xb7, }; /* Expected ciphertext value */ static const unsigned char wrap_ct[] = { - 0x97, 0x99, 0x55, 0xca, 0xf6, 0x3e, 0x95, 0x54, 0x39, 0xd6, 0xaf, 0x63, 0xff, 0x2c, 0xe3, 0x96, - 0xf7, 0x0d, 0x2c, 0x9c, 0xc7, 0x43, 0xc0, 0xb6, 0x31, 0x43, 0xb9, 0x20, 0xac, 0x6b, 0xd3, 0x67, - 0xad, 0x01, 0xaf, 0xa7, 0x32, 0x74, 0x26, 0x92, + 0x97, + 0x99, + 0x55, + 0xca, + 0xf6, + 0x3e, + 0x95, + 0x54, + 0x39, + 0xd6, + 0xaf, + 0x63, + 0xff, + 0x2c, + 0xe3, + 0x96, + 0xf7, + 0x0d, + 0x2c, + 0x9c, + 0xc7, + 0x43, + 0xc0, + 0xb6, + 0x31, + 0x43, + 0xb9, + 0x20, + 0xac, + 0x6b, + 0xd3, + 0x67, + 0xad, + 0x01, + 0xaf, + 0xa7, + 0x32, + 0x74, + 0x26, + 0x92, }; /* @@ -171,11 +251,10 @@ int main(int argc, char **argv) { if (!aes_wrap_encrypt()) - return 1; + return 1; if (!aes_wrap_decrypt()) return 1; return 0; } - --- crypto/openssl/demos/cipher/ariacbc.c.orig +++ crypto/openssl/demos/cipher/ariacbc.c @@ -27,8 +27,22 @@ /* Unique initialisation vector */ static const unsigned char cbc_iv[] = { - 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84, - 0x99, 0xaa, 0x3e, 0x68, + 0x99, + 0xaa, + 0x3e, + 0x68, + 0xed, + 0x81, + 0x73, + 0xa0, + 0xee, + 0xd0, + 0x66, + 0x84, + 0x99, + 0xaa, + 0x3e, + 0x68, }; /* Example plaintext to encrypt */ @@ -169,7 +183,7 @@ int main(int argc, char **argv) { if (!aria_cbc_encrypt()) - return 1; + return 1; if (!aria_cbc_decrypt()) return 1; --- crypto/openssl/demos/cms/cms_comp.c.orig +++ crypto/openssl/demos/cms/cms_comp.c @@ -50,7 +50,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Compressing Data\n"); --- crypto/openssl/demos/cms/cms_ddec.c.orig +++ crypto/openssl/demos/cms/cms_ddec.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,7 +57,7 @@ /* Open file containing detached content */ dcont = BIO_new_file("smencr.out", "rb"); - if (!in) + if (dcont == NULL) goto err; out = BIO_new_file("encrout.txt", "w"); @@ -70,7 +70,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Decrypting Data\n"); --- crypto/openssl/demos/cms/cms_dec.c.orig +++ crypto/openssl/demos/cms/cms_dec.c @@ -61,7 +61,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Decrypting Data\n"); --- crypto/openssl/demos/cms/cms_denc.c.orig +++ crypto/openssl/demos/cms/cms_denc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,7 +57,7 @@ dout = BIO_new_file("smencr.out", "wb"); - if (!in) + if (in == NULL || dout == NULL) goto err; /* encrypt content */ @@ -79,7 +79,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Encrypting Data\n"); --- crypto/openssl/demos/cms/cms_enc.c.orig +++ crypto/openssl/demos/cms/cms_enc.c @@ -75,7 +75,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Encrypting Data\n"); --- crypto/openssl/demos/cms/cms_sign.c.orig +++ crypto/openssl/demos/cms/cms_sign.c @@ -71,7 +71,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Signing Data\n"); --- crypto/openssl/demos/cms/cms_sign2.c.orig +++ crypto/openssl/demos/cms/cms_sign2.c @@ -79,7 +79,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Signing Data\n"); --- crypto/openssl/demos/cms/cms_uncomp.c.orig +++ crypto/openssl/demos/cms/cms_uncomp.c @@ -44,7 +44,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Uncompressing Data\n"); --- crypto/openssl/demos/cms/cms_ver.c.orig +++ crypto/openssl/demos/cms/cms_ver.c @@ -71,7 +71,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Verifying Data\n"); --- crypto/openssl/demos/digest/BIO_f_md.c.orig +++ crypto/openssl/demos/digest/BIO_f_md.c @@ -34,7 +34,7 @@ * The default digest is SHA3-512 */ -int main(int argc, char * argv[]) +int main(int argc, char *argv[]) { int result = 1; OSSL_LIB_CTX *library_context = NULL; @@ -44,10 +44,10 @@ unsigned char buffer[512]; size_t readct, writect; size_t digest_size; - char *digest_value=NULL; + char *digest_value = NULL; int j; - input = BIO_new_fd( fileno(stdin), 1 ); + input = BIO_new_fd(fileno(stdin), 1); if (input == NULL) { fprintf(stderr, "BIO_new_fd() for stdin returned NULL\n"); goto cleanup; @@ -60,10 +60,10 @@ /* * Fetch a message digest by name - * The algorithm name is case insensitive. + * The algorithm name is case insensitive. * See providers(7) for details about algorithm fetching */ - md = EVP_MD_fetch( library_context, "SHA3-512", NULL ); + md = EVP_MD_fetch(library_context, "SHA3-512", NULL); if (md == NULL) { fprintf(stderr, "EVP_MD_fetch did not find SHA3-512.\n"); goto cleanup; @@ -81,17 +81,17 @@ goto cleanup; } /* set our bio_digest BIO to digest data */ - if (BIO_set_md(bio_digest,md) != 1) { - fprintf(stderr, "BIO_set_md failed.\n"); - goto cleanup; + if (BIO_set_md(bio_digest, md) != 1) { + fprintf(stderr, "BIO_set_md failed.\n"); + goto cleanup; } /*- * We will use BIO chaining so that as we read, the digest gets updated * See the man page for BIO_push */ - BIO *reading = BIO_push( bio_digest, input ); - - while( BIO_read(reading, buffer, sizeof(buffer)) > 0 ) + BIO *reading = BIO_push(bio_digest, input); + + while (BIO_read(reading, buffer, sizeof(buffer)) > 0) ; /*- @@ -102,14 +102,14 @@ fprintf(stderr, "BIO_gets(bio_digest) failed\n"); goto cleanup; } - for (j=0; jprivk = - EVP_PKEY_new_raw_private_key_ex(libctx, "X25519", propq, - kat_privk_data, - sizeof(peer1_privk_data)); + local_peer->privk = EVP_PKEY_new_raw_private_key_ex(libctx, "X25519", propq, + kat_privk_data, + sizeof(peer1_privk_data)); else local_peer->privk = EVP_PKEY_Q_keygen(libctx, propq, "X25519"); @@ -84,10 +83,11 @@ /* Get public key corresponding to the private key */ if (EVP_PKEY_get_octet_string_param(local_peer->privk, - OSSL_PKEY_PARAM_PUB_KEY, - local_peer->pubk_data, - sizeof(local_peer->pubk_data), - &pubk_data_len) == 0) { + OSSL_PKEY_PARAM_PUB_KEY, + local_peer->pubk_data, + sizeof(local_peer->pubk_data), + &pubk_data_len) + == 0) { fprintf(stderr, "EVP_PKEY_get_octet_string_param() failed\n"); goto end; } @@ -95,7 +95,7 @@ /* X25519 public keys are always 32 bytes */ if (pubk_data_len != 32) { fprintf(stderr, "EVP_PKEY_get_octet_string_param() " - "yielded wrong length\n"); + "yielded wrong length\n"); goto end; } @@ -127,9 +127,8 @@ local_peer->secret = NULL; /* Load public key for remote peer. */ - remote_peer_pubk = - EVP_PKEY_new_raw_public_key_ex(libctx, "X25519", propq, - remote_peer_pubk_data, 32); + remote_peer_pubk = EVP_PKEY_new_raw_public_key_ex(libctx, "X25519", propq, + remote_peer_pubk_data, 32); if (remote_peer_pubk == NULL) { fprintf(stderr, "EVP_PKEY_new_raw_public_key_ex() failed\n"); goto end; @@ -179,7 +178,8 @@ /* Derive the shared secret. */ if (EVP_PKEY_derive(ctx, local_peer->secret, - &local_peer->secret_len) == 0) { + &local_peer->secret_len) + == 0) { fprintf(stderr, "EVP_PKEY_derive() failed\n"); goto end; } @@ -204,7 +204,7 @@ { int rv = 0; OSSL_LIB_CTX *libctx = NULL; - PEER_DATA peer1 = {"peer 1"}, peer2 = {"peer 2"}; + PEER_DATA peer1 = { "peer 1" }, peer2 = { "peer 2" }; /* * Each peer generates its private key and sends its public key @@ -212,11 +212,13 @@ * later use. */ if (keyexch_x25519_before(libctx, use_kat ? peer1_privk_data : NULL, - &peer1) == 0) + &peer1) + == 0) return 0; if (keyexch_x25519_before(libctx, use_kat ? peer2_privk_data : NULL, - &peer2) == 0) + &peer2) + == 0) return 0; /* @@ -244,8 +246,7 @@ } /* If we are doing the KAT, the secret should equal our reference result. */ - if (use_kat && CRYPTO_memcmp(peer1.secret, expected_result, - peer1.secret_len) != 0) { + if (use_kat && CRYPTO_memcmp(peer1.secret, expected_result, peer1.secret_len) != 0) { fprintf(stderr, "Did not get expected result\n"); goto end; } --- crypto/openssl/demos/mac/cmac-aes256.c.orig +++ crypto/openssl/demos/mac/cmac-aes256.c @@ -26,36 +26,76 @@ * It is done here solely for educational purposes. */ static unsigned char key[] = { - 0x6c, 0xde, 0x14, 0xf5, 0xd5, 0x2a, 0x4a, 0xdf, - 0x12, 0x39, 0x1e, 0xbf, 0x36, 0xf9, 0x6a, 0x46, - 0x48, 0xd0, 0xb6, 0x51, 0x89, 0xfc, 0x24, 0x85, - 0xa8, 0x8d, 0xdf, 0x7e, 0x80, 0x14, 0xc8, 0xce, + 0x6c, + 0xde, + 0x14, + 0xf5, + 0xd5, + 0x2a, + 0x4a, + 0xdf, + 0x12, + 0x39, + 0x1e, + 0xbf, + 0x36, + 0xf9, + 0x6a, + 0x46, + 0x48, + 0xd0, + 0xb6, + 0x51, + 0x89, + 0xfc, + 0x24, + 0x85, + 0xa8, + 0x8d, + 0xdf, + 0x7e, + 0x80, + 0x14, + 0xc8, + 0xce, }; -static const unsigned char data[] = - "To be, or not to be, that is the question,\n" - "Whether tis nobler in the minde to suffer\n" - "The ſlings and arrowes of outragious fortune,\n" - "Or to take Armes again in a sea of troubles,\n" - "And by opposing, end them, to die to sleep;\n" - "No more, and by a sleep, to say we end\n" - "The heart-ache, and the thousand natural shocks\n" - "That flesh is heir to? tis a consumation\n" - "Devoutly to be wished. To die to sleep,\n" - "To sleepe, perchance to dreame, Aye, there's the rub,\n" - "For in that sleep of death what dreams may come\n" - "When we haue shuffled off this mortal coil\n" - "Must give us pause. There's the respect\n" - "That makes calamity of so long life:\n" - "For who would bear the Ships and Scorns of time,\n" - "The oppressor's wrong, the proud man's Contumely,\n" - "The pangs of dispised love, the Law's delay,\n" -; +static const unsigned char data[] = "To be, or not to be, that is the question,\n" + "Whether tis nobler in the minde to suffer\n" + "The ſlings and arrowes of outragious fortune,\n" + "Or to take Armes again in a sea of troubles,\n" + "And by opposing, end them, to die to sleep;\n" + "No more, and by a sleep, to say we end\n" + "The heart-ache, and the thousand natural shocks\n" + "That flesh is heir to? tis a consumation\n" + "Devoutly to be wished. To die to sleep,\n" + "To sleepe, perchance to dreame, Aye, there's the rub,\n" + "For in that sleep of death what dreams may come\n" + "When we haue shuffled off this mortal coil\n" + "Must give us pause. There's the respect\n" + "That makes calamity of so long life:\n" + "For who would bear the Ships and Scorns of time,\n" + "The oppressor's wrong, the proud man's Contumely,\n" + "The pangs of dispised love, the Law's delay,\n"; /* The known value of the CMAC/AES256 MAC of the above soliloqy */ static const unsigned char expected_output[] = { - 0x67, 0x92, 0x32, 0x23, 0x50, 0x3d, 0xc5, 0xba, - 0x78, 0xd4, 0x6d, 0x63, 0xf2, 0x2b, 0xe9, 0x56, + 0x67, + 0x92, + 0x32, + 0x23, + 0x50, + 0x3d, + 0xc5, + 0xba, + 0x78, + 0xd4, + 0x6d, + 0x63, + 0xf2, + 0x2b, + 0xe9, + 0x56, }; /* @@ -96,7 +136,7 @@ /* The underlying cipher to be used */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, cipher_name, - sizeof(cipher_name)); + sizeof(cipher_name)); *p = OSSL_PARAM_construct_end(); /* Initialise the CMAC operation */ --- crypto/openssl/demos/mac/gmac.c.orig +++ crypto/openssl/demos/mac/gmac.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -85,9 +85,9 @@ goto end; } - /* GMAC requries a GCM mode cipher to be specified */ + /* GMAC requires a GCM mode cipher to be specified */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - "AES-128-GCM", 0); + "AES-128-GCM", 0); /* * If a non-default property query is required when fetching the GCM mode @@ -95,11 +95,11 @@ */ if (propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES, - propq, 0); + propq, 0); /* Set the initialisation vector (IV) */ *p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, - iv, sizeof(iv)); + iv, sizeof(iv)); *p = OSSL_PARAM_construct_end(); /* Initialise the GMAC operation */ --- crypto/openssl/demos/mac/hmac-sha512.c.orig +++ crypto/openssl/demos/mac/hmac-sha512.c @@ -26,46 +26,156 @@ * It is done here solely for educational purposes. */ static unsigned char key[] = { - 0x25, 0xfd, 0x12, 0x99, 0xdf, 0xad, 0x1a, 0x03, - 0x0a, 0x81, 0x3c, 0x2d, 0xcc, 0x05, 0xd1, 0x5c, - 0x17, 0x7a, 0x36, 0x73, 0x17, 0xef, 0x41, 0x75, - 0x71, 0x18, 0xe0, 0x1a, 0xda, 0x99, 0xc3, 0x61, - 0x38, 0xb5, 0xb1, 0xe0, 0x82, 0x2c, 0x70, 0xa4, - 0xc0, 0x8e, 0x5e, 0xf9, 0x93, 0x9f, 0xcf, 0xf7, - 0x32, 0x4d, 0x0c, 0xbd, 0x31, 0x12, 0x0f, 0x9a, - 0x15, 0xee, 0x82, 0xdb, 0x8d, 0x29, 0x54, 0x14, + 0x25, + 0xfd, + 0x12, + 0x99, + 0xdf, + 0xad, + 0x1a, + 0x03, + 0x0a, + 0x81, + 0x3c, + 0x2d, + 0xcc, + 0x05, + 0xd1, + 0x5c, + 0x17, + 0x7a, + 0x36, + 0x73, + 0x17, + 0xef, + 0x41, + 0x75, + 0x71, + 0x18, + 0xe0, + 0x1a, + 0xda, + 0x99, + 0xc3, + 0x61, + 0x38, + 0xb5, + 0xb1, + 0xe0, + 0x82, + 0x2c, + 0x70, + 0xa4, + 0xc0, + 0x8e, + 0x5e, + 0xf9, + 0x93, + 0x9f, + 0xcf, + 0xf7, + 0x32, + 0x4d, + 0x0c, + 0xbd, + 0x31, + 0x12, + 0x0f, + 0x9a, + 0x15, + 0xee, + 0x82, + 0xdb, + 0x8d, + 0x29, + 0x54, + 0x14, }; -static const unsigned char data[] = - "To be, or not to be, that is the question,\n" - "Whether tis nobler in the minde to suffer\n" - "The ſlings and arrowes of outragious fortune,\n" - "Or to take Armes again in a sea of troubles,\n" - "And by opposing, end them, to die to sleep;\n" - "No more, and by a sleep, to say we end\n" - "The heart-ache, and the thousand natural shocks\n" - "That flesh is heir to? tis a consumation\n" - "Devoutly to be wished. To die to sleep,\n" - "To sleepe, perchance to dreame, Aye, there's the rub,\n" - "For in that sleep of death what dreams may come\n" - "When we haue shuffled off this mortal coil\n" - "Must give us pause. There's the respect\n" - "That makes calamity of so long life:\n" - "For who would bear the Ships and Scorns of time,\n" - "The oppressor's wrong, the proud man's Contumely,\n" - "The pangs of dispised love, the Law's delay,\n" -; +static const unsigned char data[] = "To be, or not to be, that is the question,\n" + "Whether tis nobler in the minde to suffer\n" + "The ſlings and arrowes of outragious fortune,\n" + "Or to take Armes again in a sea of troubles,\n" + "And by opposing, end them, to die to sleep;\n" + "No more, and by a sleep, to say we end\n" + "The heart-ache, and the thousand natural shocks\n" + "That flesh is heir to? tis a consumation\n" + "Devoutly to be wished. To die to sleep,\n" + "To sleepe, perchance to dreame, Aye, there's the rub,\n" + "For in that sleep of death what dreams may come\n" + "When we haue shuffled off this mortal coil\n" + "Must give us pause. There's the respect\n" + "That makes calamity of so long life:\n" + "For who would bear the Ships and Scorns of time,\n" + "The oppressor's wrong, the proud man's Contumely,\n" + "The pangs of dispised love, the Law's delay,\n"; /* The known value of the HMAC/SHA3-512 MAC of the above soliloqy */ static const unsigned char expected_output[] = { - 0x3b, 0x77, 0x5f, 0xf1, 0x4f, 0x9e, 0xb9, 0x23, - 0x8f, 0xdc, 0xa0, 0x68, 0x15, 0x7b, 0x8a, 0xf1, - 0x96, 0x23, 0xaa, 0x3c, 0x1f, 0xe9, 0xdc, 0x89, - 0x11, 0x7d, 0x58, 0x07, 0xe7, 0x96, 0x17, 0xe3, - 0x44, 0x8b, 0x03, 0x37, 0x91, 0xc0, 0x6e, 0x06, - 0x7c, 0x54, 0xe4, 0xa4, 0xcc, 0xd5, 0x16, 0xbb, - 0x5e, 0x4d, 0x64, 0x7d, 0x88, 0x23, 0xc9, 0xb7, - 0x25, 0xda, 0xbe, 0x4b, 0xe4, 0xd5, 0x34, 0x30, + 0x3b, + 0x77, + 0x5f, + 0xf1, + 0x4f, + 0x9e, + 0xb9, + 0x23, + 0x8f, + 0xdc, + 0xa0, + 0x68, + 0x15, + 0x7b, + 0x8a, + 0xf1, + 0x96, + 0x23, + 0xaa, + 0x3c, + 0x1f, + 0xe9, + 0xdc, + 0x89, + 0x11, + 0x7d, + 0x58, + 0x07, + 0xe7, + 0x96, + 0x17, + 0xe3, + 0x44, + 0x8b, + 0x03, + 0x37, + 0x91, + 0xc0, + 0x6e, + 0x06, + 0x7c, + 0x54, + 0xe4, + 0xa4, + 0xcc, + 0xd5, + 0x16, + 0xbb, + 0x5e, + 0x4d, + 0x64, + 0x7d, + 0x88, + 0x23, + 0xc9, + 0xb7, + 0x25, + 0xda, + 0xbe, + 0x4b, + 0xe4, + 0xd5, + 0x34, + 0x30, }; /* @@ -107,7 +217,7 @@ /* The underlying digest to be used */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, digest_name, - sizeof(digest_name)); + sizeof(digest_name)); *p = OSSL_PARAM_construct_end(); /* Initialise the HMAC operation */ --- crypto/openssl/demos/mac/poly1305.c.orig +++ crypto/openssl/demos/mac/poly1305.c @@ -151,7 +151,7 @@ * computation below. */ if (!EVP_EncryptUpdate(aesctx, composite_key + 16, &aes_len, - test_n, sizeof(test_n))) { + test_n, sizeof(test_n))) { fprintf(stderr, "EVP_EncryptUpdate() failed\n"); goto end; } --- crypto/openssl/demos/pkcs12/pkread.c.orig +++ crypto/openssl/demos/pkcs12/pkread.c @@ -30,7 +30,7 @@ for (n = 0; n < sk_PKCS7_num(safes) && name == NULL; n++) { safe = sk_PKCS7_value(safes, n); if (OBJ_obj2nid(safe->type) != NID_pkcs7_data - || (bags = PKCS12_unpack_p7data(safe)) == NULL) + || (bags = PKCS12_unpack_p7data(safe)) == NULL) continue; for (m = 0; m < sk_PKCS12_SAFEBAG_num(bags) && name == NULL; m++) { @@ -101,7 +101,7 @@ ret = EXIT_SUCCESS; - err: +err: OPENSSL_free(name); X509_free(cert); EVP_PKEY_free(pkey); --- crypto/openssl/demos/pkey/EVP_PKEY_DSA_keygen.c.orig +++ crypto/openssl/demos/pkey/EVP_PKEY_DSA_keygen.c @@ -34,7 +34,7 @@ } if (EVP_PKEY_paramgen_init(ctx) <= 0 - || EVP_PKEY_paramgen(ctx, &dsaparamkey) <= 0) { + || EVP_PKEY_paramgen(ctx, &dsaparamkey) <= 0) { fprintf(stderr, "DSA paramgen failed\n"); goto cleanup; } @@ -66,7 +66,7 @@ /* Generate a key using the dsa params */ if (EVP_PKEY_keygen_init(ctx) <= 0 - || EVP_PKEY_keygen(ctx, &dsakey) <= 0) { + || EVP_PKEY_keygen(ctx, &dsakey) <= 0) { fprintf(stderr, "DSA keygen failed\n"); goto cleanup; } --- crypto/openssl/demos/pkey/EVP_PKEY_DSA_paramfromdata.c.orig +++ crypto/openssl/demos/pkey/EVP_PKEY_DSA_paramfromdata.c @@ -39,8 +39,8 @@ if (bld == NULL) goto cleanup; if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) goto cleanup; params = OSSL_PARAM_BLD_to_param(bld); if (params == NULL) @@ -53,7 +53,7 @@ } if (EVP_PKEY_fromdata_init(ctx) <= 0 - || EVP_PKEY_fromdata(ctx, &dsaparamkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { + || EVP_PKEY_fromdata(ctx, &dsaparamkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { fprintf(stderr, "EVP_PKEY_fromdata() failed\n"); goto cleanup; } --- crypto/openssl/demos/pkey/EVP_PKEY_DSA_paramgen.c.orig +++ crypto/openssl/demos/pkey/EVP_PKEY_DSA_paramgen.c @@ -37,20 +37,20 @@ * for more information. */ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, - "fips186_4", 0); + "fips186_4", 0); params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_PBITS, &pbits); params[2] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_QBITS, &qbits); params[3] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex); params[4] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, - "SHA384", 0); + "SHA384", 0); params[5] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, - "provider=default", 0); + "provider=default", 0); params[6] = OSSL_PARAM_construct_end(); /* Generate a dsa param key using optional params */ if (EVP_PKEY_paramgen_init(ctx) <= 0 - || EVP_PKEY_CTX_set_params(ctx, params) <= 0 - || EVP_PKEY_paramgen(ctx, &dsaparamkey) <= 0) { + || EVP_PKEY_CTX_set_params(ctx, params) <= 0 + || EVP_PKEY_paramgen(ctx, &dsaparamkey) <= 0) { fprintf(stderr, "DSA paramgen failed\n"); goto cleanup; } --- crypto/openssl/demos/pkey/EVP_PKEY_DSA_paramvalidate.c.orig +++ crypto/openssl/demos/pkey/EVP_PKEY_DSA_paramvalidate.c @@ -27,26 +27,24 @@ #include "dsa.inc" /* The following values were output from the EVP_PKEY_DSA_paramgen demo */ -static const char dsapem[] = - "-----BEGIN DSA PARAMETERS-----\n" - "MIICLAKCAQEA1pobSR1FJ3+Tvi0J6Tk1PSV2owZey1Nuo847hGw/59VCS6RPQEqr\n" - "vp5fhbvBjupBeVGA/AMH6rI4i4h6jlhurrqH1CqUHVcDhJzxV668bMLiP3mIxg5o\n" - "9Yq8x6BnSOtH5Je0tpeE0/fEvvLjCwBUbwnwWxzjANcvDUEt9XYeRrtB2v52fr56\n" - "hVYz3wMMNog4CEDOLTvx7/84eVPuUeWDRQFH1EaHMdulP34KBcatEEpEZapkepng\n" - "nohm9sFSPQhq2utpkH7pNXdG0EILBtRDCvUpF5720a48LYofdggh2VEZfgElAGFk\n" - "dW/CkvyBDmGIzil5aTz4MMsdudaVYgzt6wIhAPsSGC42Qa+X0AFGvonb5nmfUVm/\n" - "8aC+tHk7Nb2AYLHXAoIBADx5C0H1+QHsmGKvuOaY+WKUt7aWUrEivD1zBMJAQ6bL\n" - "Wv9lbCq1CFHvVzojeOVpn872NqDEpkx4HTpvqhxWL5CkbN/HaGItsQzkD59AQg3v\n" - "4YsLlkesq9Jq6x/aWetJXWO36fszFv1gpD3NY3wliBvMYHx62jfc5suh9D3ZZvu7\n" - "PLGH4X4kcfzK/R2b0oVbEBjVTe5GMRYZRqnvfSW2f2fA7BzI1OL83UxDDe58cL2M\n" - "GcAoUYXOBAfZ37qLMm2juf+o5gCrT4CXfRPu6kbapt7V/YIc1nsNgeAOKKoFBHBQ\n" - "gc5u5G6G/j79FVoSDq9DYwTJcHPsU+eHj1uWHso1AjQ=\n" - "-----END DSA PARAMETERS-----\n"; - -static const char hexseed[] = - "cba30ccd905aa7675a0b81769704bf3c" - "ccf2ca1892b2eaf6b9e2b38d9bf6affc" - "42ada55986d8a1772b442770954d0b65"; +static const char dsapem[] = "-----BEGIN DSA PARAMETERS-----\n" + "MIICLAKCAQEA1pobSR1FJ3+Tvi0J6Tk1PSV2owZey1Nuo847hGw/59VCS6RPQEqr\n" + "vp5fhbvBjupBeVGA/AMH6rI4i4h6jlhurrqH1CqUHVcDhJzxV668bMLiP3mIxg5o\n" + "9Yq8x6BnSOtH5Je0tpeE0/fEvvLjCwBUbwnwWxzjANcvDUEt9XYeRrtB2v52fr56\n" + "hVYz3wMMNog4CEDOLTvx7/84eVPuUeWDRQFH1EaHMdulP34KBcatEEpEZapkepng\n" + "nohm9sFSPQhq2utpkH7pNXdG0EILBtRDCvUpF5720a48LYofdggh2VEZfgElAGFk\n" + "dW/CkvyBDmGIzil5aTz4MMsdudaVYgzt6wIhAPsSGC42Qa+X0AFGvonb5nmfUVm/\n" + "8aC+tHk7Nb2AYLHXAoIBADx5C0H1+QHsmGKvuOaY+WKUt7aWUrEivD1zBMJAQ6bL\n" + "Wv9lbCq1CFHvVzojeOVpn872NqDEpkx4HTpvqhxWL5CkbN/HaGItsQzkD59AQg3v\n" + "4YsLlkesq9Jq6x/aWetJXWO36fszFv1gpD3NY3wliBvMYHx62jfc5suh9D3ZZvu7\n" + "PLGH4X4kcfzK/R2b0oVbEBjVTe5GMRYZRqnvfSW2f2fA7BzI1OL83UxDDe58cL2M\n" + "GcAoUYXOBAfZ37qLMm2juf+o5gCrT4CXfRPu6kbapt7V/YIc1nsNgeAOKKoFBHBQ\n" + "gc5u5G6G/j79FVoSDq9DYwTJcHPsU+eHj1uWHso1AjQ=\n" + "-----END DSA PARAMETERS-----\n"; + +static const char hexseed[] = "cba30ccd905aa7675a0b81769704bf3c" + "ccf2ca1892b2eaf6b9e2b38d9bf6affc" + "42ada55986d8a1772b442770954d0b65"; const int gindex = 42; const int pcounter = 363; static const char digest[] = "SHA384"; @@ -56,7 +54,7 @@ * plus extra parameters. */ EVP_PKEY_CTX *create_merged_key(EVP_PKEY *dsaparams, const OSSL_PARAM *newparams, - OSSL_LIB_CTX *libctx, const char *propq) + OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY_CTX *out = NULL; EVP_PKEY_CTX *ctx = NULL; @@ -81,8 +79,9 @@ goto cleanup; } if (EVP_PKEY_fromdata_init(ctx) <= 0 - || EVP_PKEY_fromdata(ctx, &pkey, - EVP_PKEY_KEY_PARAMETERS, mergedparams) <= 0) { + || EVP_PKEY_fromdata(ctx, &pkey, + EVP_PKEY_KEY_PARAMETERS, mergedparams) + <= 0) { fprintf(stderr, "EVP_PKEY_fromdata() failed\n"); goto cleanup; } @@ -154,10 +153,10 @@ * For illustration purposes it deliberately omits a required parameter. */ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, - "fips186_4", 0); + "fips186_4", 0); /* Force it to do a proper validation by setting the seed */ params[1] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, - (void *)seed, seedlen); + (void *)seed, seedlen); params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, (int *)&gindex); params[3] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, (int *)&pcounter); params[4] = OSSL_PARAM_construct_end(); @@ -178,7 +177,7 @@ * needed */ params[4] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, - (char *)digest, 0); + (char *)digest, 0); params[5] = OSSL_PARAM_construct_end(); ctx2 = create_merged_key(dsaparamskey, params, libctx, propq); if (ctx2 == NULL) --- crypto/openssl/demos/pkey/EVP_PKEY_EC_keygen.c.orig +++ crypto/openssl/demos/pkey/EVP_PKEY_EC_keygen.c @@ -53,13 +53,13 @@ } params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - (char *)curvename, 0); + (char *)curvename, 0); /* * This is an optional parameter. * For many curves where the cofactor is 1, setting this has no effect. */ params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, - &use_cofactordh); + &use_cofactordh); params[2] = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_set_params(genctx, params)) { fprintf(stderr, "EVP_PKEY_CTX_set_params() failed\n"); @@ -92,15 +92,15 @@ size_t out_pubkey_len, out_privkey_len = 0; if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, - out_curvename, sizeof(out_curvename), - NULL)) { + out_curvename, sizeof(out_curvename), + NULL)) { fprintf(stderr, "Failed to get curve name\n"); goto cleanup; } if (!EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, - out_pubkey, sizeof(out_pubkey), - &out_pubkey_len)) { + out_pubkey, sizeof(out_pubkey), + &out_pubkey_len)) { fprintf(stderr, "Failed to get public key\n"); goto cleanup; } --- crypto/openssl/demos/pkey/EVP_PKEY_RSA_keygen.c.orig +++ crypto/openssl/demos/pkey/EVP_PKEY_RSA_keygen.c @@ -1,5 +1,5 @@ /*- - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,7 +254,7 @@ if (argc > 1) { bits_i = atoi(argv[1]); - if (bits < 512) { + if (bits_i < 512) { fprintf(stderr, "Invalid RSA key size\n"); return 1; } --- crypto/openssl/demos/signature/EVP_Signature_demo.c.orig +++ crypto/openssl/demos/signature/EVP_Signature_demo.c @@ -24,18 +24,14 @@ * the soliloquy from Hamlet scene 1 act 3 */ -static const char *hamlet_1 = - "To be, or not to be, that is the question,\n" - "Whether tis nobler in the minde to suffer\n" - "The slings and arrowes of outragious fortune,\n" - "Or to take Armes again in a sea of troubles,\n" -; -static const char *hamlet_2 = - "And by opposing, end them, to die to sleep;\n" - "No more, and by a sleep, to say we end\n" - "The heart-ache, and the thousand natural shocks\n" - "That flesh is heir to? tis a consumation\n" -; +static const char *hamlet_1 = "To be, or not to be, that is the question,\n" + "Whether tis nobler in the minde to suffer\n" + "The slings and arrowes of outragious fortune,\n" + "Or to take Armes again in a sea of troubles,\n"; +static const char *hamlet_2 = "And by opposing, end them, to die to sleep;\n" + "No more, and by a sleep, to say we end\n" + "The heart-ache, and the thousand natural shocks\n" + "That flesh is heir to? tis a consumation\n"; /* * For demo_sign, load EC private key priv_key from priv_key_der[]. @@ -44,22 +40,22 @@ static EVP_PKEY *get_key(OSSL_LIB_CTX *libctx, const char *propq, int public) { OSSL_DECODER_CTX *dctx = NULL; - EVP_PKEY *pkey = NULL; + EVP_PKEY *pkey = NULL; int selection; const unsigned char *data; size_t data_len; if (public) { selection = EVP_PKEY_PUBLIC_KEY; - data = pub_key_der; + data = pub_key_der; data_len = sizeof(pub_key_der); } else { - selection = EVP_PKEY_KEYPAIR; + selection = EVP_PKEY_KEYPAIR; data = priv_key_der; data_len = sizeof(priv_key_der); } dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC", - selection, libctx, propq); + selection, libctx, propq); (void)OSSL_DECODER_from_data(dctx, &data, &data_len); OSSL_DECODER_CTX_free(dctx); if (pkey == NULL) @@ -67,8 +63,8 @@ return pkey; } -static int demo_sign(OSSL_LIB_CTX *libctx, const char *sig_name, - size_t *sig_out_len, unsigned char **sig_out_value) +static int demo_sign(OSSL_LIB_CTX *libctx, const char *sig_name, + size_t *sig_out_len, unsigned char **sig_out_value) { int result = 0, public = 0; size_t sig_len; @@ -97,7 +93,7 @@ * sign provider. */ if (!EVP_DigestSignInit_ex(sign_context, NULL, sig_name, - libctx, NULL, priv_key, NULL)) { + libctx, NULL, priv_key, NULL)) { fprintf(stderr, "EVP_DigestSignInit_ex failed.\n"); goto cleanup; } @@ -148,7 +144,7 @@ } static int demo_verify(OSSL_LIB_CTX *libctx, const char *sig_name, - size_t sig_len, unsigned char *sig_value) + size_t sig_len, unsigned char *sig_value) { int result = 0, public = 1; const char *propq = NULL; @@ -172,7 +168,7 @@ } /* Verify */ if (!EVP_DigestVerifyInit_ex(verify_context, NULL, sig_name, - libctx, NULL, pub_key, NULL)) { + libctx, NULL, pub_key, NULL)) { fprintf(stderr, "EVP_DigestVerifyInit failed.\n"); goto cleanup; } --- crypto/openssl/demos/signature/EVP_Signature_demo.h.orig +++ crypto/openssl/demos/signature/EVP_Signature_demo.h @@ -9,68 +9,707 @@ /* Signers private EC key */ static const unsigned char priv_key_der[] = { -0x30, 0x82, 0x01, 0x68, 0x02, 0x01, 0x01, 0x04, 0x20, 0x51, 0x77, 0xae, -0xf4, 0x18, 0xf4, 0x6b, 0xc4, 0xe5, 0xbb, 0xe9, 0xe6, 0x9e, 0x6d, 0xb0, -0xea, 0x12, 0xf9, 0xf3, 0xdb, 0x9d, 0x56, 0x59, 0xf7, 0x5a, 0x17, 0xd7, -0xd1, 0xe4, 0xd7, 0x47, 0x28, 0xa0, 0x81, 0xfa, 0x30, 0x81, 0xf7, 0x02, -0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, -0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0x30, 0x5b, 0x04, 0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, -0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, -0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, -0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, -0x00, 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, -0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04, -0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, -0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, -0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, -0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, -0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, -0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, -0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, -0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, -0x63, 0x25, 0x51, 0x02, 0x01, 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, -0x4f, 0xe7, 0x7b, 0xb6, 0xbb, 0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40, -0xc8, 0xd8, 0x71, 0xca, 0x6d, 0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00, -0x6c, 0xc6, 0x2f, 0x01, 0x31, 0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, -0x33, 0xc7, 0x5b, 0xb9, 0x24, 0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, -0x06, 0x53, 0x73, 0x6a, 0xff, 0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d, -0x0e, 0x1f, 0x95, 0x65, + 0x30, + 0x82, + 0x01, + 0x68, + 0x02, + 0x01, + 0x01, + 0x04, + 0x20, + 0x51, + 0x77, + 0xae, + 0xf4, + 0x18, + 0xf4, + 0x6b, + 0xc4, + 0xe5, + 0xbb, + 0xe9, + 0xe6, + 0x9e, + 0x6d, + 0xb0, + 0xea, + 0x12, + 0xf9, + 0xf3, + 0xdb, + 0x9d, + 0x56, + 0x59, + 0xf7, + 0x5a, + 0x17, + 0xd7, + 0xd1, + 0xe4, + 0xd7, + 0x47, + 0x28, + 0xa0, + 0x81, + 0xfa, + 0x30, + 0x81, + 0xf7, + 0x02, + 0x01, + 0x01, + 0x30, + 0x2c, + 0x06, + 0x07, + 0x2a, + 0x86, + 0x48, + 0xce, + 0x3d, + 0x01, + 0x01, + 0x02, + 0x21, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0x00, + 0x00, + 0x00, + 0x01, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x30, + 0x5b, + 0x04, + 0x20, + 0xff, + 0xff, + 0xff, + 0xff, + 0x00, + 0x00, + 0x00, + 0x01, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xfc, + 0x04, + 0x20, + 0x5a, + 0xc6, + 0x35, + 0xd8, + 0xaa, + 0x3a, + 0x93, + 0xe7, + 0xb3, + 0xeb, + 0xbd, + 0x55, + 0x76, + 0x98, + 0x86, + 0xbc, + 0x65, + 0x1d, + 0x06, + 0xb0, + 0xcc, + 0x53, + 0xb0, + 0xf6, + 0x3b, + 0xce, + 0x3c, + 0x3e, + 0x27, + 0xd2, + 0x60, + 0x4b, + 0x03, + 0x15, + 0x00, + 0xc4, + 0x9d, + 0x36, + 0x08, + 0x86, + 0xe7, + 0x04, + 0x93, + 0x6a, + 0x66, + 0x78, + 0xe1, + 0x13, + 0x9d, + 0x26, + 0xb7, + 0x81, + 0x9f, + 0x7e, + 0x90, + 0x04, + 0x41, + 0x04, + 0x6b, + 0x17, + 0xd1, + 0xf2, + 0xe1, + 0x2c, + 0x42, + 0x47, + 0xf8, + 0xbc, + 0xe6, + 0xe5, + 0x63, + 0xa4, + 0x40, + 0xf2, + 0x77, + 0x03, + 0x7d, + 0x81, + 0x2d, + 0xeb, + 0x33, + 0xa0, + 0xf4, + 0xa1, + 0x39, + 0x45, + 0xd8, + 0x98, + 0xc2, + 0x96, + 0x4f, + 0xe3, + 0x42, + 0xe2, + 0xfe, + 0x1a, + 0x7f, + 0x9b, + 0x8e, + 0xe7, + 0xeb, + 0x4a, + 0x7c, + 0x0f, + 0x9e, + 0x16, + 0x2b, + 0xce, + 0x33, + 0x57, + 0x6b, + 0x31, + 0x5e, + 0xce, + 0xcb, + 0xb6, + 0x40, + 0x68, + 0x37, + 0xbf, + 0x51, + 0xf5, + 0x02, + 0x21, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0x00, + 0x00, + 0x00, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xbc, + 0xe6, + 0xfa, + 0xad, + 0xa7, + 0x17, + 0x9e, + 0x84, + 0xf3, + 0xb9, + 0xca, + 0xc2, + 0xfc, + 0x63, + 0x25, + 0x51, + 0x02, + 0x01, + 0x01, + 0xa1, + 0x44, + 0x03, + 0x42, + 0x00, + 0x04, + 0x4f, + 0xe7, + 0x7b, + 0xb6, + 0xbb, + 0x54, + 0x42, + 0x39, + 0xed, + 0x5d, + 0xe5, + 0x40, + 0xc8, + 0xd8, + 0x71, + 0xca, + 0x6d, + 0x83, + 0x71, + 0xd1, + 0x88, + 0x2a, + 0x65, + 0x00, + 0x6c, + 0xc6, + 0x2f, + 0x01, + 0x31, + 0x49, + 0xbe, + 0x76, + 0x7a, + 0x67, + 0x6a, + 0x28, + 0x33, + 0xc7, + 0x5b, + 0xb9, + 0x24, + 0x45, + 0x24, + 0x6e, + 0xf0, + 0x6d, + 0x2f, + 0x34, + 0x06, + 0x53, + 0x73, + 0x6a, + 0xff, + 0x90, + 0x90, + 0xc1, + 0x6d, + 0x9b, + 0x94, + 0x0d, + 0x0e, + 0x1f, + 0x95, + 0x65, }; /* The matching public key used for verifying */ static const unsigned char pub_key_der[] = { -0x30, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x03, 0x06, 0x07, 0x2a, 0x86, -0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xf7, 0x02, 0x01, 0x01, 0x30, -0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, -0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30, 0x5b, 0x04, -0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x04, 0x20, 0x5a, -0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76, -0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b, -0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, 0x00, 0xc4, 0x9d, -0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, -0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04, 0x6b, 0x17, 0xd1, -0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, -0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, -0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, -0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, -0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, -0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad, -0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51, -0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xe7, 0x7b, 0xb6, 0xbb, -0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40, 0xc8, 0xd8, 0x71, 0xca, 0x6d, -0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00, 0x6c, 0xc6, 0x2f, 0x01, 0x31, -0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, 0x33, 0xc7, 0x5b, 0xb9, 0x24, -0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, 0x06, 0x53, 0x73, 0x6a, 0xff, -0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d, 0x0e, 0x1f, 0x95, 0x65, + 0x30, + 0x82, + 0x01, + 0x4b, + 0x30, + 0x82, + 0x01, + 0x03, + 0x06, + 0x07, + 0x2a, + 0x86, + 0x48, + 0xce, + 0x3d, + 0x02, + 0x01, + 0x30, + 0x81, + 0xf7, + 0x02, + 0x01, + 0x01, + 0x30, + 0x2c, + 0x06, + 0x07, + 0x2a, + 0x86, + 0x48, + 0xce, + 0x3d, + 0x01, + 0x01, + 0x02, + 0x21, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0x00, + 0x00, + 0x00, + 0x01, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x30, + 0x5b, + 0x04, + 0x20, + 0xff, + 0xff, + 0xff, + 0xff, + 0x00, + 0x00, + 0x00, + 0x01, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xfc, + 0x04, + 0x20, + 0x5a, + 0xc6, + 0x35, + 0xd8, + 0xaa, + 0x3a, + 0x93, + 0xe7, + 0xb3, + 0xeb, + 0xbd, + 0x55, + 0x76, + 0x98, + 0x86, + 0xbc, + 0x65, + 0x1d, + 0x06, + 0xb0, + 0xcc, + 0x53, + 0xb0, + 0xf6, + 0x3b, + 0xce, + 0x3c, + 0x3e, + 0x27, + 0xd2, + 0x60, + 0x4b, + 0x03, + 0x15, + 0x00, + 0xc4, + 0x9d, + 0x36, + 0x08, + 0x86, + 0xe7, + 0x04, + 0x93, + 0x6a, + 0x66, + 0x78, + 0xe1, + 0x13, + 0x9d, + 0x26, + 0xb7, + 0x81, + 0x9f, + 0x7e, + 0x90, + 0x04, + 0x41, + 0x04, + 0x6b, + 0x17, + 0xd1, + 0xf2, + 0xe1, + 0x2c, + 0x42, + 0x47, + 0xf8, + 0xbc, + 0xe6, + 0xe5, + 0x63, + 0xa4, + 0x40, + 0xf2, + 0x77, + 0x03, + 0x7d, + 0x81, + 0x2d, + 0xeb, + 0x33, + 0xa0, + 0xf4, + 0xa1, + 0x39, + 0x45, + 0xd8, + 0x98, + 0xc2, + 0x96, + 0x4f, + 0xe3, + 0x42, + 0xe2, + 0xfe, + 0x1a, + 0x7f, + 0x9b, + 0x8e, + 0xe7, + 0xeb, + 0x4a, + 0x7c, + 0x0f, + 0x9e, + 0x16, + 0x2b, + 0xce, + 0x33, + 0x57, + 0x6b, + 0x31, + 0x5e, + 0xce, + 0xcb, + 0xb6, + 0x40, + 0x68, + 0x37, + 0xbf, + 0x51, + 0xf5, + 0x02, + 0x21, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0x00, + 0x00, + 0x00, + 0x00, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xbc, + 0xe6, + 0xfa, + 0xad, + 0xa7, + 0x17, + 0x9e, + 0x84, + 0xf3, + 0xb9, + 0xca, + 0xc2, + 0xfc, + 0x63, + 0x25, + 0x51, + 0x02, + 0x01, + 0x01, + 0x03, + 0x42, + 0x00, + 0x04, + 0x4f, + 0xe7, + 0x7b, + 0xb6, + 0xbb, + 0x54, + 0x42, + 0x39, + 0xed, + 0x5d, + 0xe5, + 0x40, + 0xc8, + 0xd8, + 0x71, + 0xca, + 0x6d, + 0x83, + 0x71, + 0xd1, + 0x88, + 0x2a, + 0x65, + 0x00, + 0x6c, + 0xc6, + 0x2f, + 0x01, + 0x31, + 0x49, + 0xbe, + 0x76, + 0x7a, + 0x67, + 0x6a, + 0x28, + 0x33, + 0xc7, + 0x5b, + 0xb9, + 0x24, + 0x45, + 0x24, + 0x6e, + 0xf0, + 0x6d, + 0x2f, + 0x34, + 0x06, + 0x53, + 0x73, + 0x6a, + 0xff, + 0x90, + 0x90, + 0xc1, + 0x6d, + 0x9b, + 0x94, + 0x0d, + 0x0e, + 0x1f, + 0x95, + 0x65, }; - --- crypto/openssl/demos/signature/rsa_pss_direct.c.orig +++ crypto/openssl/demos/signature/rsa_pss_direct.c @@ -21,7 +21,7 @@ * The digest to be signed. This should be the output of a hash function. * Here we sign an all-zeroes digest for demonstration purposes. */ -static const unsigned char test_digest[32] = {0}; +static const unsigned char test_digest[32] = { 0 }; /* A property query used for selecting algorithm implementations. */ static const char *propq = NULL; @@ -48,7 +48,7 @@ /* Load DER-encoded RSA private key. */ ppriv_key = rsa_priv_key; pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key, - sizeof(rsa_priv_key), libctx, propq); + sizeof(rsa_priv_key), libctx, propq); if (pkey == NULL) { fprintf(stderr, "Failed to load private key\n"); goto end; @@ -86,7 +86,8 @@ /* Determine length of signature. */ if (EVP_PKEY_sign(ctx, NULL, sig_len, - test_digest, sizeof(test_digest)) == 0) { + test_digest, sizeof(test_digest)) + == 0) { fprintf(stderr, "Failed to get signature length\n"); goto end; } @@ -100,7 +101,8 @@ /* Generate signature. */ if (EVP_PKEY_sign(ctx, *sig, sig_len, - test_digest, sizeof(test_digest)) != 1) { + test_digest, sizeof(test_digest)) + != 1) { fprintf(stderr, "Failed to sign\n"); goto end; } @@ -169,9 +171,10 @@ /* Verify signature. */ if (EVP_PKEY_verify(ctx, sig, sig_len, - test_digest, sizeof(test_digest)) == 0) { + test_digest, sizeof(test_digest)) + == 0) { fprintf(stderr, "Failed to verify signature; " - "signature may be invalid\n"); + "signature may be invalid\n"); goto end; } --- crypto/openssl/demos/signature/rsa_pss_hash.c.orig +++ crypto/openssl/demos/signature/rsa_pss_hash.c @@ -18,8 +18,7 @@ #include "rsa_pss.h" /* The data to be signed. This will be hashed. */ -static const char test_message[] = - "This is an example message to be signed."; +static const char test_message[] = "This is an example message to be signed."; /* A property query used for selecting algorithm implementations. */ static const char *propq = NULL; @@ -43,7 +42,7 @@ /* Load DER-encoded RSA private key. */ ppriv_key = rsa_priv_key; pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key, - sizeof(rsa_priv_key), libctx, propq); + sizeof(rsa_priv_key), libctx, propq); if (pkey == NULL) { fprintf(stderr, "Failed to load private key\n"); goto end; @@ -58,11 +57,12 @@ /* Initialize MD context for signing. */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, - OSSL_PKEY_RSA_PAD_MODE_PSS, 0); + OSSL_PKEY_RSA_PAD_MODE_PSS, 0); *p = OSSL_PARAM_construct_end(); if (EVP_DigestSignInit_ex(mctx, NULL, "SHA256", libctx, propq, - pkey, params) == 0) { + pkey, params) + == 0) { fprintf(stderr, "Failed to initialize signing context\n"); goto end; } @@ -136,11 +136,12 @@ /* Initialize MD context for verification. */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, - OSSL_PKEY_RSA_PAD_MODE_PSS, 0); + OSSL_PKEY_RSA_PAD_MODE_PSS, 0); *p = OSSL_PARAM_construct_end(); if (EVP_DigestVerifyInit_ex(mctx, NULL, "SHA256", libctx, propq, - pkey, params) == 0) { + pkey, params) + == 0) { fprintf(stderr, "Failed to initialize signing context\n"); goto end; } @@ -157,7 +158,7 @@ /* Verify signature. */ if (EVP_DigestVerifyFinal(mctx, sig, sig_len) == 0) { fprintf(stderr, "Failed to verify signature; " - "signature may be invalid\n"); + "signature may be invalid\n"); goto end; } --- crypto/openssl/demos/smime/smdec.c.orig +++ crypto/openssl/demos/smime/smdec.c @@ -61,7 +61,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Signing Data\n"); ERR_print_errors_fp(stderr); @@ -74,5 +74,4 @@ BIO_free(tbio); return ret; - } --- crypto/openssl/demos/smime/smenc.c.orig +++ crypto/openssl/demos/smime/smenc.c @@ -75,7 +75,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Encrypting Data\n"); ERR_print_errors_fp(stderr); @@ -87,5 +87,4 @@ BIO_free(out); BIO_free(tbio); return ret; - } --- crypto/openssl/demos/smime/smsign.c.orig +++ crypto/openssl/demos/smime/smsign.c @@ -71,7 +71,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Signing Data\n"); ERR_print_errors_fp(stderr); @@ -84,5 +84,4 @@ BIO_free(tbio); return ret; - } --- crypto/openssl/demos/smime/smsign2.c.orig +++ crypto/openssl/demos/smime/smsign2.c @@ -79,7 +79,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Signing Data\n"); ERR_print_errors_fp(stderr); --- crypto/openssl/demos/smime/smver.c.orig +++ crypto/openssl/demos/smime/smver.c @@ -71,7 +71,7 @@ ret = 0; - err: +err: if (ret) { fprintf(stderr, "Error Verifying Data\n"); ERR_print_errors_fp(stderr); --- crypto/openssl/doc/README.md.orig +++ crypto/openssl/doc/README.md @@ -6,10 +6,6 @@ [fingerprints.txt](fingerprints.txt) PGP fingerprints of authorised release signers -standards.txt -standards.txt - Moved to the web, - [HOWTO/](HOWTO/) A few how-to documents; not necessarily up-to-date @@ -27,4 +23,4 @@ Algorithm specific EVP_PKEY documentation. Formatted versions of the manpages (apps,ssl,crypto) can be found at - + --- crypto/openssl/doc/build.info.orig +++ crypto/openssl/doc/build.info @@ -679,6 +679,10 @@ GENERATE[html/man3/BIO_set_callback.html]=man3/BIO_set_callback.pod DEPEND[man/man3/BIO_set_callback.3]=man3/BIO_set_callback.pod GENERATE[man/man3/BIO_set_callback.3]=man3/BIO_set_callback.pod +DEPEND[html/man3/BIO_set_flags.html]=man3/BIO_set_flags.pod +GENERATE[html/man3/BIO_set_flags.html]=man3/BIO_set_flags.pod +DEPEND[man/man3/BIO_set_flags.3]=man3/BIO_set_flags.pod +GENERATE[man/man3/BIO_set_flags.3]=man3/BIO_set_flags.pod DEPEND[html/man3/BIO_should_retry.html]=man3/BIO_should_retry.pod GENERATE[html/man3/BIO_should_retry.html]=man3/BIO_should_retry.pod DEPEND[man/man3/BIO_should_retry.3]=man3/BIO_should_retry.pod @@ -779,6 +783,10 @@ GENERATE[html/man3/CMS_EncryptedData_encrypt.html]=man3/CMS_EncryptedData_encrypt.pod DEPEND[man/man3/CMS_EncryptedData_encrypt.3]=man3/CMS_EncryptedData_encrypt.pod GENERATE[man/man3/CMS_EncryptedData_encrypt.3]=man3/CMS_EncryptedData_encrypt.pod +DEPEND[html/man3/CMS_EncryptedData_set1_key.html]=man3/CMS_EncryptedData_set1_key.pod +GENERATE[html/man3/CMS_EncryptedData_set1_key.html]=man3/CMS_EncryptedData_set1_key.pod +DEPEND[man/man3/CMS_EncryptedData_set1_key.3]=man3/CMS_EncryptedData_set1_key.pod +GENERATE[man/man3/CMS_EncryptedData_set1_key.3]=man3/CMS_EncryptedData_set1_key.pod DEPEND[html/man3/CMS_EnvelopedData_create.html]=man3/CMS_EnvelopedData_create.pod GENERATE[html/man3/CMS_EnvelopedData_create.html]=man3/CMS_EnvelopedData_create.pod DEPEND[man/man3/CMS_EnvelopedData_create.3]=man3/CMS_EnvelopedData_create.pod @@ -1091,6 +1099,10 @@ GENERATE[html/man3/EVP_BytesToKey.html]=man3/EVP_BytesToKey.pod DEPEND[man/man3/EVP_BytesToKey.3]=man3/EVP_BytesToKey.pod GENERATE[man/man3/EVP_BytesToKey.3]=man3/EVP_BytesToKey.pod +DEPEND[html/man3/EVP_CIPHER_CTX_get_app_data.html]=man3/EVP_CIPHER_CTX_get_app_data.pod +GENERATE[html/man3/EVP_CIPHER_CTX_get_app_data.html]=man3/EVP_CIPHER_CTX_get_app_data.pod +DEPEND[man/man3/EVP_CIPHER_CTX_get_app_data.3]=man3/EVP_CIPHER_CTX_get_app_data.pod +GENERATE[man/man3/EVP_CIPHER_CTX_get_app_data.3]=man3/EVP_CIPHER_CTX_get_app_data.pod DEPEND[html/man3/EVP_CIPHER_CTX_get_cipher_data.html]=man3/EVP_CIPHER_CTX_get_cipher_data.pod GENERATE[html/man3/EVP_CIPHER_CTX_get_cipher_data.html]=man3/EVP_CIPHER_CTX_get_cipher_data.pod DEPEND[man/man3/EVP_CIPHER_CTX_get_cipher_data.3]=man3/EVP_CIPHER_CTX_get_cipher_data.pod @@ -2953,6 +2965,7 @@ html/man3/BIO_s_null.html \ html/man3/BIO_s_socket.html \ html/man3/BIO_set_callback.html \ +html/man3/BIO_set_flags.html \ html/man3/BIO_should_retry.html \ html/man3/BIO_socket_wait.html \ html/man3/BN_BLINDING_new.html \ @@ -2978,6 +2991,7 @@ html/man3/BUF_MEM_new.html \ html/man3/CMS_EncryptedData_decrypt.html \ html/man3/CMS_EncryptedData_encrypt.html \ +html/man3/CMS_EncryptedData_set1_key.html \ html/man3/CMS_EnvelopedData_create.html \ html/man3/CMS_add0_cert.html \ html/man3/CMS_add1_recipient_cert.html \ @@ -3056,6 +3070,7 @@ html/man3/ERR_set_mark.html \ html/man3/EVP_ASYM_CIPHER_free.html \ html/man3/EVP_BytesToKey.html \ +html/man3/EVP_CIPHER_CTX_get_app_data.html \ html/man3/EVP_CIPHER_CTX_get_cipher_data.html \ html/man3/EVP_CIPHER_CTX_get_original_iv.html \ html/man3/EVP_CIPHER_meth_new.html \ @@ -3561,6 +3576,7 @@ man/man3/BIO_s_null.3 \ man/man3/BIO_s_socket.3 \ man/man3/BIO_set_callback.3 \ +man/man3/BIO_set_flags.3 \ man/man3/BIO_should_retry.3 \ man/man3/BIO_socket_wait.3 \ man/man3/BN_BLINDING_new.3 \ @@ -3586,6 +3602,7 @@ man/man3/BUF_MEM_new.3 \ man/man3/CMS_EncryptedData_decrypt.3 \ man/man3/CMS_EncryptedData_encrypt.3 \ +man/man3/CMS_EncryptedData_set1_key.3 \ man/man3/CMS_EnvelopedData_create.3 \ man/man3/CMS_add0_cert.3 \ man/man3/CMS_add1_recipient_cert.3 \ @@ -3664,6 +3681,7 @@ man/man3/ERR_set_mark.3 \ man/man3/EVP_ASYM_CIPHER_free.3 \ man/man3/EVP_BytesToKey.3 \ +man/man3/EVP_CIPHER_CTX_get_app_data.3 \ man/man3/EVP_CIPHER_CTX_get_cipher_data.3 \ man/man3/EVP_CIPHER_CTX_get_original_iv.3 \ man/man3/EVP_CIPHER_meth_new.3 \ --- /dev/null +++ crypto/openssl/doc/internal/man3/bn_mul_words.pod @@ -0,0 +1,231 @@ +=pod + +=head1 NAME + +bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, +bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8, +bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal, +bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive, +bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive, +bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top, +mul, mul_add, sqr - BIGNUM +library internal functions + +=head1 SYNOPSIS + + #include + + BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); + BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, + BN_ULONG w); + void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); + BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); + BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, + int num); + BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, + int num); + + void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); + void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); + void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a); + void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a); + + int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n); + + void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, + int nb); + void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); + void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + int dna, int dnb, BN_ULONG *tmp); + void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, + int n, int tna, int tnb, BN_ULONG *tmp); + void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, + int n2, BN_ULONG *tmp); + + void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); + void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp); + + BIGNUM *bn_expand(BIGNUM *a, int bits); + BIGNUM *bn_wexpand(BIGNUM *a, int n); + BIGNUM *bn_expand2(BIGNUM *a, int n); + void bn_fix_top(BIGNUM *a); + +The following are macros: + + void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); + void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); + void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a); + + void bn_check_top(BIGNUM *a); + +=head1 DESCRIPTION + +This page documents the internal functions used by the OpenSSL +B implementation. They are described here to facilitate +debugging and extending the library. They are I to be used by +applications. + +=head2 The BIGNUM structure + + typedef struct bignum_st BIGNUM; + + struct bignum_st + { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; + }; + + +The integer value is stored in B, a malloc()ed array of words (B), +least significant word first. A B can be either 16, 32 or 64 bits +in size, depending on the 'number of bits' (B) specified in +C. + +B is the size of the B array that has been allocated. B +is the number of words being used, so for a value of 4, bn.d[0]=4 and +bn.top=1. B is 1 if the number is negative. When a B is +B<0>, the B field can be B and B == B<0>. + +B is a bit field of flags which are defined in C. The +flags begin with B. The macros BN_set_flags(b, n) and +BN_get_flags(b, n) exist to enable or fetch flag(s) B from B +structure B. + +Various routines in this library require the use of temporary +B variables during their execution. Since dynamic memory +allocation to create Bs is rather expensive when used in +conjunction with repeated subroutine calls, the B structure is +used. This structure contains B Bs, see +L. + +=head2 Low-level arithmetic operations + +These functions are implemented in C and for several platforms in +assembly language: + +bn_mul_words(B, B, B, B) operates on the B word +arrays B and B. It computes B * B, places the result +in B, and returns the high word (carry). + +bn_mul_add_words(B, B, B, B) operates on the B +word arrays B and B. It computes B * B + B, places +the result in B, and returns the high word (carry). + +bn_sqr_words(B, B, B) operates on the B word array +B and the 2*B word array B. It computes B * B +word-wise, and places the low and high bytes of the result in B. + +bn_div_words(B, B, B) divides the two word number (B, B) +by B and returns the result. + +bn_add_words(B, B, B, B) operates on the B word +arrays B, B and B. It computes B + B, places the +result in B, and returns the high word (carry). + +bn_sub_words(B, B, B, B) operates on the B word +arrays B, B and B. It computes B - B, places the +result in B, and returns the carry (1 if B E B, 0 +otherwise). + +bn_mul_comba4(B, B, B) operates on the 4 word arrays B and +B and the 8 word array B. It computes B*B and places the +result in B. + +bn_mul_comba8(B, B, B) operates on the 8 word arrays B and +B and the 16 word array B. It computes B*B and places the +result in B. + +bn_sqr_comba4(B, B, B) operates on the 4 word arrays B and +B and the 8 word array B. + +bn_sqr_comba8(B, B, B) operates on the 8 word arrays B and +B and the 16 word array B. + +The following functions are implemented in C: + +bn_cmp_words(B, B, B) operates on the B word arrays B +and B. It returns 1, 0 and -1 if B is greater than, equal and +less than B. + +bn_mul_normal(B, B, B, B, B) operates on the B +word array B, the B word array B and the B+B word +array B. It computes B*B and places the result in B. + +bn_mul_low_normal(B, B, B, B) operates on the B word +arrays B, B and B. It computes the B low words of +B*B and places the result in B. + +bn_mul_recursive(B, B, B, B, B, B, B) operates +on the word arrays B and B of length B+B and B+B +(B and B are currently allowed to be 0 or negative) and the 2*B +word arrays B and B. B must be a power of 2. It computes +B*B and places the result in B. + +bn_mul_part_recursive(B, B, B, B, B, B, B) +operates on the word arrays B and B of length B+B and +B+B and the 4*B word arrays B and B. + +bn_mul_low_recursive(B, B, B, B, B) operates on the +B word arrays B and B and the B/2 word arrays B +and B. + +BN_mul() calls bn_mul_normal(), or an optimized implementation if the +factors have the same size: bn_mul_comba8() is used if they are 8 +words long, bn_mul_recursive() if they are larger than +B and the size is an exact multiple of the word +size, and bn_mul_part_recursive() for others that are larger than +B. + +bn_sqr_normal(B, B, B, B) operates on the B word array +B and the 2*B word arrays B and B. + +The implementations use the following macros which, depending on the +architecture, may use "long long" C operations or inline assembler. +They are defined in C. + +mul(B, B, B, B) computes B*B+B and places the +low word of the result in B and the high word in B. + +mul_add(B, B, B, B) computes B*B+B+B and +places the low word of the result in B and the high word in B. + +sqr(B, B, B) computes B*B and places the low word +of the result in B and the high word in B. + +=head2 Size changes + +bn_expand() ensures that B has enough space for a B bit +number. bn_wexpand() ensures that B has enough space for an +B word number. If the number has to be expanded, both macros +call bn_expand2(), which allocates a new B array and copies the +data. They return B on error, B otherwise. + +The bn_fix_top() macro reduces Btop> to point to the most +significant nonzero word plus one when B has shrunk. + +=head2 Debugging + +bn_check_top() verifies that C<((a)-Etop E= 0 && (a)-Etop +E= (a)-Edmax)>. A violation will cause the program to abort. + +If B is not defined, bn_check_top() is +defined as an empty macro. + +=head1 RETURN VALUES + +Described above. + +=head1 COPYRIGHT + +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut --- crypto/openssl/doc/man1/CA.pl.pod.orig +++ crypto/openssl/doc/man1/CA.pl.pod @@ -104,7 +104,7 @@ list box), otherwise the name "My Certificate" is used. Delegates work to L. -=item B<-sign>, B<-signcert>, B<-xsign> +=item B<-sign>, B<-xsign> Calls the L command to sign a certificate request. It expects the request to be in the file F. The new certificate is written to the @@ -189,7 +189,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man1/openssl-ciphers.pod.in.orig +++ crypto/openssl/doc/man1/openssl-ciphers.pod.in @@ -117,16 +117,16 @@ The actual cipher string can take several different forms. -It can consist of a single cipher suite such as B. +It can consist of a single cipher suite such as B. It can represent a list of cipher suites containing a certain algorithm, or -cipher suites of a certain type. For example B represents all ciphers -suites using the digest algorithm SHA1 and B represents all SSL v3 -algorithms. +cipher suites of a certain type. For example B represents all cipher +suites using the digest algorithm SHA256 and B represents all +cipher suites introduced in TLS v.1.2. Lists of cipher suites can be combined in a single cipher string using the B<+> character. This is used as a logical B operation. For example -B represents all cipher suites containing the SHA1 B the DES +B represents all cipher suites using the SHA256 B the AES algorithms. Each cipher string can be optionally preceded by the characters B, @@ -157,7 +157,7 @@ The cipher list can be prefixed with the B keyword, which enables the default cipher list as defined below. Unlike cipher strings, this prefix may not be combined with other strings using B<+> character. -For example, B is not valid. +For example, B is not valid. The content of the default list is determined at compile time and normally corresponds to B. @@ -170,11 +170,12 @@ =item B -The ciphers included in B, but not enabled by default. Currently -this includes all RC4 and anonymous ciphers. Note that this rule does -not cover B, which is not included by B (use B if -necessary). Note that RC4 based cipher suites are not built into OpenSSL by -default (see the enable-weak-ssl-ciphers option to Configure). +The cipher suites included in B, but not enabled by default. The default +cipher suite list provides strong security and reasonable interoperability. +A cipher suite can be not included in the default list for different reasons: +because it is weak, or not "mature" enough, or not widely used, etc. +Note that this rule does not cover B, which is not included by B +(use B if necessary). =item B @@ -202,6 +203,10 @@ encryption algorithms but excluding export cipher suites. All these cipher suites have been removed as of OpenSSL 1.1.0. +=item B + +Cipher suites permitted in FIPS mode. + =item B, B The "NULL" ciphers that is those offering no encryption. Because these offer no @@ -224,14 +229,8 @@ =item B, B, B -Cipher suites using RSA key exchange or authentication. B is an alias for -B. - -=item B, B, B - -Cipher suites using static DH key agreement and DH certificates signed by CAs -with RSA and DSS keys or either respectively. -All these cipher suites have been removed in OpenSSL 1.1.0. +Cipher suites using RSA key exchange, RSA authentication, or both of them +respectively. =item B, B, B @@ -264,12 +263,6 @@ Cipher suites using DSS authentication, i.e. the certificates carry DSS keys. -=item B - -Cipher suites effectively using DH authentication, i.e. the certificates carry -DH keys. -All these cipher suites have been removed in OpenSSL 1.1.0. - =item B, B Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA @@ -277,8 +270,7 @@ =item B, B, B -Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or -SSL v3.0 respectively. +Lists cipher suites introduced in TLS v1.2, TLS v1.0 or SSL v3.0 respectively. Note: there are no cipher suites specific to TLS v1.1. Since this is only the minimum version, if, for example, TLSv1.0 is negotiated then both TLSv1.0 and SSLv3.0 cipher suites are available. @@ -302,10 +294,13 @@ cipher suites using both 16 and 8 octet Integrity Check Value (ICV) while B only references 8 octet ICV. -=item B, B, B +=item B, B + +Cipher suites using 128 bit ARIA or 256 bit ARIA respectively. -Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit -ARIA. +=item B, B + +Cipher suites using either 128 or 256 bit ARIA. =item B, B, B @@ -355,24 +350,46 @@ =item B -Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication +Cipher suites using GOST R 34.10 (either 2001 or 2012) for authentication (needs an engine supporting GOST algorithms). =item B -Cipher suites using GOST R 34.10-2001 authentication. +Cipher suites that can be uses with GOST R 34.10-2001 keys for authentication. + +=item B + +Cipher suites that can be used with GOST R 34.10-2012 keys for authentication. =item B -Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357. +Cipher suites using VKO 34.10 key exchange and key wrap specified in the +RFC 4357 or RFC 7836. + +=item B + +Cipher suites using VKO 34.10 key exchange specified in the RFC 7836 and +KExp15 key export specified in the RFC 9189. =item B Cipher suites, using HMAC based on GOST R 34.11-94. +=item B + +Cipher suites, using HMAC based on GOST R 34.11-2012 256 bits. + =item B -Cipher suites using GOST 28147-89 MAC B HMAC. +Cipher suites using GOST 28147-89 MAC B HMAC with S-boxes A. + +=item B + +Cipher suites using GOST 28147-89 MAC B HMAC with S-boxes Z. + +=item B + +Cipher suites using any GOST cipher (GOST 28147-89, Magma or Kuznyechik). =item B @@ -387,6 +404,14 @@ Cipher suites using PSK authentication (currently all PSK modes apart from RSA_PSK). +=item B, B + +Cipher suites using SRP key exchange. + +=item B + +Cipher suites using SRP authentication. + =item B, B, B Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) @@ -418,310 +443,398 @@ that several cipher suite names do not include the authentication used, e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. -=head2 SSL v3.0 cipher suites - - SSL_RSA_WITH_NULL_MD5 NULL-MD5 - SSL_RSA_WITH_NULL_SHA NULL-SHA - SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 - SSL_RSA_WITH_RC4_128_SHA RC4-SHA - SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - - SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA - SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - - SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA - - SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. - SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. - -=head2 TLS v1.0 cipher suites - - TLS_RSA_WITH_NULL_MD5 NULL-MD5 - TLS_RSA_WITH_NULL_SHA NULL-SHA - TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 - TLS_RSA_WITH_RC4_128_SHA RC4-SHA - TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - - TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA - -=head2 AES cipher suites from RFC3268, extending TLS v1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA - TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA - - TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA - TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA - TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA - TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA - - TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA - TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA - TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA - TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA - - TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA - TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA - -=head2 Camellia cipher suites from RFC4132, extending TLS v1.0 - - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA - - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH-DSS-CAMELLIA128-SHA - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH-DSS-CAMELLIA256-SHA - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH-RSA-CAMELLIA128-SHA - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH-RSA-CAMELLIA256-SHA - - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA - - TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA - TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA - -=head2 SEED cipher suites from RFC4162, extending TLS v1.0 - - TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA - - TLS_DH_DSS_WITH_SEED_CBC_SHA DH-DSS-SEED-SHA - TLS_DH_RSA_WITH_SEED_CBC_SHA DH-RSA-SEED-SHA - - TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA - TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA - - TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA - -=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0 +=head2 AES cipher suites for TLS v1.2 + + TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256 + TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA + TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256 + TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256 + TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA + TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384 + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256 + TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA + TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 + TLS_DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA + TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA + TLS_DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8 + TLS_DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA + TLS_DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8 + TLS_DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384 + TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA + TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH-AES128-CCM8 + TLS_ECDH_anon_WITH_AES_128_CCM AECDH-AES128-CCM + TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA + TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH-AES256-CCM8 + TLS_ECDH_anon_WITH_AES_256_CCM AECDH-AES256-CCM + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256 + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA + TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE-RSA-AES128-CCM8 + TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE-RSA-AES128-CCM + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA + TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE-RSA-AES256-CCM8 + TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE-RSA-AES256-CCM + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384 + TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 + TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA + TLS_PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 + TLS_PSK_WITH_AES_128_CCM PSK-AES128-CCM + TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 + TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + TLS_PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 + TLS_PSK_WITH_AES_256_CCM PSK-AES256-CCM + TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 + TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA + TLS_RSA_WITH_AES_128_CCM_8 AES128-CCM8 + TLS_RSA_WITH_AES_128_CCM AES128-CCM + TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 + TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 + TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA + TLS_RSA_WITH_AES_256_CCM_8 AES256-CCM8 + TLS_RSA_WITH_AES_256_CCM AES256-CCM + TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 + +=head2 Camellia cipher suites for TLS v1.2 + + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 ADH-CAMELLIA128-SHA256 + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA + TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 ADH-CAMELLIA128-GCM-SHA256 + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 ADH-CAMELLIA256-SHA256 + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA + TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 ADH-CAMELLIA256-GCM-SHA384 + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 DHE-DSS-CAMELLIA128-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA + TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 DHE-DSS-CAMELLIA128-GCM-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 DHE-DSS-CAMELLIA256-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA + TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 DHE-DSS-CAMELLIA256-GCM-SHA384 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DHE-RSA-CAMELLIA128-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 DHE-RSA-CAMELLIA128-GCM-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DHE-RSA-CAMELLIA256-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 DHE-RSA-CAMELLIA256-GCM-SHA384 + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256 + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256 + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 CAMELLIA128-SHA256 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA + TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 CAMELLIA128-GCM-SHA256 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 CAMELLIA256-SHA256 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA + TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 CAMELLIA256-GCM-SHA384 + +=head2 SEED cipher suites for TLS v1.2 + + TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA + TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA + TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA + TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA + +=head2 GOST cipher suites for TLS v1.2 Note: these ciphers require an engine which including GOST cryptographic algorithms, such as the B engine, which isn't part of the OpenSSL distribution. - TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89 - TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 - TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94 - TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 - -=head2 GOST cipher suites, extending TLS v1.2 - -Note: these ciphers require an engine which including GOST cryptographic -algorithms, such as the B engine, which isn't part of the OpenSSL -distribution. - - TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912 - TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12 - -Note: GOST2012-GOST8912-GOST8912 is an alias for two ciphers ID -old LEGACY-GOST2012-GOST8912-GOST8912 and new IANA-GOST2012-GOST8912-GOST8912 - - -=head2 Additional Export 1024 and other cipher suites - -Note: these ciphers can also be used in SSL v3. - - TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA - -=head2 Elliptic curve cipher suites - - TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA - TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA - - TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA - - TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA - TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA - TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA - TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA - TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA - -=head2 TLS v1.2 cipher suites - - TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 - - TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 - - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH-RSA-AES128-SHA256 - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH-RSA-AES256-SHA256 - TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH-RSA-AES128-GCM-SHA256 - TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH-RSA-AES256-GCM-SHA384 - - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH-DSS-AES128-SHA256 - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH-DSS-AES256-SHA256 - TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH-DSS-AES128-GCM-SHA256 - TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH-DSS-AES256-GCM-SHA384 - - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384 - - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256 - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256 - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 - - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 - - TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256 - TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256 - TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256 - TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384 - - RSA_WITH_AES_128_CCM AES128-CCM - RSA_WITH_AES_256_CCM AES256-CCM - DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM - DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM - RSA_WITH_AES_128_CCM_8 AES128-CCM8 - RSA_WITH_AES_256_CCM_8 AES256-CCM8 - DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8 - DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8 - ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM - ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM - ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 - ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 + TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 + IANA-GOST2012-GOST8912-GOST8912 + LEGACY-GOST2012-GOST8912-GOST8912 + GOST2012-NULL-GOST12 + GOST2012-KUZNYECHIK-KUZNYECHIKOMAC + GOST2012-MAGMA-MAGMAOMAC =head2 ARIA cipher suites from RFC6209, extending TLS v1.2 Note: the CBC modes mentioned in this RFC are not supported. - TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256 - TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384 - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256 - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384 - TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256 - TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384 - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ARIA128-GCM-SHA256 - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ARIA256-GCM-SHA384 - TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 - TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 - TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 - TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 - -=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2 - - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 - TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 - TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 ADH-ARIA128-CBC-SHA256 + TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 ADH-ARIA128-GCM-SHA256 + TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 ADH-ARIA256-CBC-SHA384 + TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 ADH-ARIA256-GCM-SHA384 + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256 + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384 + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE-PSK-ARIA128-CBC-SHA256 + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE-PSK-ARIA256-CBC-SHA384 + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 + TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 DHE-RSA-ARIA128-CBC-SHA256 + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256 + TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 DHE-RSA-ARIA256-CBC-SHA384 + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-RSA-ARIA128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-RSA-ARIA256-GCM-SHA384 + TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK-ARIA128-CBC-SHA256 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 + TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 + TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA-PSK-ARIA128-CBC-SHA256 + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 + TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA-PSK-ARIA256-CBC-SHA384 + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 + TLS_RSA_WITH_ARIA_128_CBC_SHA256 ARIA128-CBC-SHA256 + TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256 + TLS_RSA_WITH_ARIA_256_CBC_SHA384 ARIA256-CBC-SHA384 + TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384 -=head2 Pre-shared keying (PSK) cipher suites +=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2 - PSK_WITH_NULL_SHA PSK-NULL-SHA - DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA - RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA - - PSK_WITH_RC4_128_SHA PSK-RC4-SHA - PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA - PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA - PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA - - DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA - DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA - DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA - DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA - - RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA - RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA - RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA - RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA - - PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 - PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 - DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 - DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 - RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 - RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 - - PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 - PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 - PSK_WITH_NULL_SHA256 PSK-NULL-SHA256 - PSK_WITH_NULL_SHA384 PSK-NULL-SHA384 - DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 - DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 - DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256 - DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384 - RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 - RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 - RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256 - RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384 - PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 - PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 - - ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA - ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA - ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA - ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA - ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 - ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 - ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA - ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256 - ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384 - - PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256 - PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384 - - DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256 - DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384 - - RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256 - RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384 - - ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 - ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 - - PSK_WITH_AES_128_CCM PSK-AES128-CCM - PSK_WITH_AES_256_CCM PSK-AES256-CCM - DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM - DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM - PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 - PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 - DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 - DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + +=head2 Elliptic curve cipher suites for TLS v.1.2 + + TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA + TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA + TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH-AES128-CCM8 + TLS_ECDH_anon_WITH_AES_128_CCM AECDH-AES128-CCM + TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA + TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH-AES256-CCM8 + TLS_ECDH_anon_WITH_AES_256_CCM AECDH-AES256-CCM + TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH-ECDSA-DES-CBC3-SHA + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256 + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384 + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256 + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384 + TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384 + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256 + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384 + TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH-RSA-RC4-SHA + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA + TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 ECDHE-ECDSA-SM4-CCM-SM3 + TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 ECDHE-ECDSA-SM4-GCM-SM3 + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA + TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE-RSA-AES128-CCM8 + TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE-RSA-AES128-CCM + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA + TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE-RSA-AES256-CCM8 + TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE-RSA-AES256-CCM + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-RSA-ARIA128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-RSA-ARIA256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 + TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA + TLS_ECDHE_RSA_WITH_SM4_CCM_SM3 ECDHE-RSA-SM4-CCM-SM3 + TLS_ECDHE_RSA_WITH_SM4_GCM_SM3 ECDHE-RSA-SM4-GCM-SM3 + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-DES-CBC3-SHA + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA + TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE-PSK-SM4-CCM-SM3 + TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE-PSK-SM4-GCM-SM3 -=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2 +=head2 Pre-shared keying (PSK) cipher suites - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305 - TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 - TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 - TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 - TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA + TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 + TLS_DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA + TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE-PSK-ARIA128-CBC-SHA256 + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE-PSK-ARIA256-CBC-SHA384 + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 + TLS_DHE_PSK_WITH_SM4_CCM_SM3 DHE-PSK-SM4-CCM-SM3 + TLS_DHE_PSK_WITH_SM4_GCM_SM3 DHE-PSK-SM4-GCM-SM3 + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-DES-CBC3-SHA + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA + TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE-PSK-SM4-CCM-SM3 + TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE-PSK-SM4-GCM-SM3 + TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 + TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA + TLS_PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 + TLS_PSK_WITH_AES_128_CCM PSK-AES128-CCM + TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 + TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + TLS_PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 + TLS_PSK_WITH_AES_256_CCM PSK-AES256-CCM + TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK-ARIA128-CBC-SHA256 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 + TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 + TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA-PSK-ARIA128-CBC-SHA256 + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 + TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA-PSK-ARIA256-CBC-SHA384 + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 + TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_SM4_CCM_SM3 RSA-PSK-SM4-CCM-SM3 + TLS_RSA_PSK_WITH_SM4_GCM_SM3 RSA-PSK-SM4-GCM-SM3 + +=head2 Other TLS v1.2 cipher suites + + TLS_RSA_WITH_NULL_MD5 NULL-MD5 + TLS_RSA_WITH_NULL_SHA NULL-SHA + TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 + TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 + TLS_RSA_WITH_RC4_128_SHA RC4-SHA + TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA + TLS_RSA_WITH_SM4_CCM_SM3 SM4-CCM-SM3 + TLS_RSA_WITH_SM4_GCM_SM3 SM4-GCM-SM3 + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA + TLS_DHE_RSA_WITH_SM4_CCM_SM3 DHE-RSA-SM4-CCM-SM3 + TLS_DHE_RSA_WITH_SM4_GCM_SM3 DHE-RSA-SM4-GCM-SM3 + TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 + TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA =head2 TLS v1.3 cipher suites @@ -731,12 +844,12 @@ TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 -=head2 Older names used by OpenSSL +=head2 "EDH-" aliases to "DHE-" names for backward compatibility The following names are accepted by older releases: - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA) - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA) + EDH-RSA-DES-CBC3-SHA - alias of DHE-RSA-DES-CBC3-SHA + EDH-DSS-DES-CBC3-SHA - alias of DHE-DSS-DES-CBC3-SHA =head1 NOTES @@ -759,13 +872,9 @@ openssl ciphers -v 'ALL:!aNULL' -Include only 3DES ciphers and then place RSA ciphers last: - - openssl ciphers -v '3DES:+RSA' - -Include all RC4 ciphers but leave out those without authentication: +Include only AES ciphers and then place RSA ciphers last: - openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' + openssl ciphers -v 'AES:+RSA' Include all ciphers with RSA authentication but leave out ciphers without encryption. @@ -794,7 +903,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man1/openssl-cmp.pod.in.orig +++ crypto/openssl/doc/man1/openssl-cmp.pod.in @@ -1086,7 +1086,7 @@ =item B<-accept_raverified> -Accept RAVERIFED as proof of possession (POPO). +Accept RAVERIFIED as proof of possession (POPO). =back --- crypto/openssl/doc/man1/openssl-cms.pod.in.orig +++ crypto/openssl/doc/man1/openssl-cms.pod.in @@ -410,7 +410,7 @@ algorithms. If not specified triple DES is used. Only used with B<-encrypt> and -B<-EncryptedData_create> commands. +B<-EncryptedData_encrypt> commands. =item B<-wrap> I @@ -437,7 +437,7 @@ =item B<-md> I Digest algorithm to use when signing or resigning. If not present then the -default digest algorithm for the signing key will be used (usually SHA1). +default digest algorithm for the signing key will be used (usually SHA-256). =item B<-signer> I @@ -764,7 +764,7 @@ The use of OAEP or non-RSA keys with B<-encrypt>. -Additionally the B<-EncryptedData_create> and B<-data_create> type cannot +Additionally the B<-EncryptedData_encrypt> and B<-data_create> type cannot be processed by the older L command. =head1 EXAMPLES @@ -861,7 +861,7 @@ Print CMS signed binary data in human-readable form: -openssl cms -in signed.cms -binary -inform DER -cmsout -print + openssl cms -in signed.cms -binary -inform DER -cmsout -print =head1 BUGS @@ -907,7 +907,7 @@ =head1 COPYRIGHT -Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man1/openssl-enc.pod.in.orig +++ crypto/openssl/doc/man1/openssl-enc.pod.in @@ -180,9 +180,12 @@ Print out the key and IV used then immediately exit: don't do any encryption or decryption. -=item B<-bufsize> I +=item B<-bufsize> I[B] Set the buffer size for I/O. +The maximum size that can be specified is B<2^31-1> (2147483647) bytes. +The B suffix can be specified to indicate that I is provided +in kibibytes (multiples of 1024 bytes). =item B<-nopad> @@ -251,7 +254,7 @@ implications if not used correctly. A beginner is advised to just use a strong block cipher, such as AES, in CBC mode. -All the block ciphers normally use PKCS#5 padding, also known as standard +All the block ciphers normally use PKCS#7 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. @@ -458,7 +461,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man1/openssl-format-options.pod.orig +++ crypto/openssl/doc/man1/openssl-format-options.pod @@ -75,7 +75,7 @@ A DER-encoded file containing a PKCS#12 object. It might be necessary to provide a decryption password to retrieve -the private key. +the private key or certificate. =item B @@ -135,7 +135,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man1/openssl-s_client.pod.in.orig +++ crypto/openssl/doc/man1/openssl-s_client.pod.in @@ -499,12 +499,12 @@ =item B<-ign_eof> Inhibit shutting down the connection when end of file is reached in the -input. +input. This implicitly turns on B<-nocommands> as well. =item B<-quiet> Inhibit printing of session and certificate information. This implicitly -turns on B<-ign_eof> as well. +turns on B<-ign_eof> and B<-nocommands> as well. =item B<-no_ign_eof> @@ -971,7 +971,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man1/openssl-verification-options.pod.orig +++ crypto/openssl/doc/man1/openssl-verification-options.pod @@ -142,6 +142,12 @@ The lookup first searches for issuer certificates in the trust store. If it does not find a match there it consults the list of untrusted ("intermediate" CA) certificates, if provided. +If one issuer certificate was found in the trust store, the list of +untrusted certificates will not be consulted anymore to find further +issuer certificates. Therefore, either only the root certificate or an +uninterrupted chain to the root certificate must be provided in the trust +store for a successful verification, if B +is not enabled. =head2 Certification Path Validation @@ -581,7 +587,7 @@ The extKeyUsage (EKU) extension places additional restrictions on certificate use. If this extension is present (whether critical or not) -in an end-entity certficiate, the key is allowed only for the uses specified, +in an end-entity certificate, the key is allowed only for the uses specified, while the special EKU B allows for all uses. Note that according to RFC 5280 section 4.2.1.12, @@ -639,7 +645,7 @@ =item B (C) In addition to what has been described for B, for a Netscape -SSL client to connect to an SSL server, its EE certficate must have the +SSL client to connect to an SSL server, its EE certificate must have the B bit set if the keyUsage extension is present. This isn't always valid because some cipher suites use the key for digital signing. Otherwise it is the same as a normal SSL server. @@ -660,19 +666,19 @@ =item B (C) -In addition to the common S/MIME checks, for target certficiates +In addition to the common S/MIME checks, for target certificates the key usage must allow for C and/or B. =item B (C) -In addition to the common S/MIME checks, for target certficiates +In addition to the common S/MIME checks, for target certificates the key usage must allow for C. =item B (C) For target certificates, the key usage must allow for C. -For all other certifcates the normal CA checks apply. +For all other certificates the normal CA checks apply. Except in this case the basicConstraints extension must be present. =item B (C) @@ -680,7 +686,7 @@ For target certificates, no checks are performed at this stage, but special checks apply; see L. -For all other certifcates the normal CA checks apply. +For all other certificates the normal CA checks apply. =item B (C) @@ -689,7 +695,7 @@ The EKU extension must be present and contain C only. Moreover, it must be marked as critical. -For all other certifcates the normal CA checks apply. +For all other certificates the normal CA checks apply. =back @@ -722,7 +728,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man1/openssl-verify.pod.in.orig +++ crypto/openssl/doc/man1/openssl-verify.pod.in @@ -104,6 +104,11 @@ =back +Note that the first parameter that does not begin with a B<-> ends the list +of options and starts the list of certificates. If you place any options +after a certificate filename, they will be interpreted not as options +but as certificates. + =head1 DIAGNOSTICS When a verify operation fails the output messages can be somewhat cryptic. The @@ -140,7 +145,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/ADMISSIONS.pod.orig +++ crypto/openssl/doc/man3/ADMISSIONS.pod @@ -98,7 +98,7 @@ The B, B, B, and B types are opaque structures representing the analogous types defined in the Common PKI Specification published -by L. +by L. Knowledge of those structures and their semantics is assumed. The conventional routines to convert between DER and the local format @@ -169,7 +169,7 @@ =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/BIO_get_data.pod.orig +++ crypto/openssl/doc/man3/BIO_get_data.pod @@ -18,7 +18,7 @@ =head1 DESCRIPTION -These functions are mainly useful when implementing a custom BIO. +These functions can be used when implementing a custom BIO. The BIO_set_data() function associates the custom data pointed to by B with the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). @@ -36,6 +36,13 @@ this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource is also closed when the BIO is freed. +=head1 WARNINGS + +Do not use BIO_set_data(), BIO_get_data(), BIO_set_init(), BIO_get_init(), outside +the implementation of a custom BIO. +Calling BIO_set_data() on an existing BIO implementation with data that it does +not expect will lead to unexpected results. + =head1 RETURN VALUES BIO_get_data() returns a pointer to the implementation specific custom data @@ -55,7 +62,7 @@ =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- /dev/null +++ crypto/openssl/doc/man3/BIO_set_flags.pod @@ -0,0 +1,194 @@ +=pod + +=head1 NAME + +BIO_set_flags, BIO_clear_flags, BIO_test_flags, BIO_get_flags, +BIO_set_retry_read, BIO_set_retry_write, BIO_set_retry_special, +BIO_clear_retry_flags, BIO_get_retry_flags +- manipulate and interpret BIO flags + +=head1 SYNOPSIS + + #include + + void BIO_set_flags(BIO *b, int flags); + void BIO_clear_flags(BIO *b, int flags); + int BIO_test_flags(const BIO *b, int flags); + int BIO_get_flags(const BIO *b); + + void BIO_set_retry_read(BIO *b); + void BIO_set_retry_write(BIO *b); + void BIO_set_retry_special(BIO *b); + void BIO_clear_retry_flags(BIO *b); + int BIO_get_retry_flags(BIO *b); + +=head1 DESCRIPTION + +A B has an internal set of bit flags that describe its state. These +functions and macros are used primarily by B implementations and by code +that builds B chains to manipulate those flags. + +BIO_set_flags() sets the bits given in I in the B I. Any bits +already set in the B's flag word remain set. + +BIO_clear_flags() clears the bits given in I from the B I. Any +other bits in the flag word are left unchanged. + +BIO_test_flags() tests the bits given in I in the B I and +returns a nonzero value if any of them are currently set and zero +otherwise. + +BIO_get_flags() returns the current flag word from the B I. This is +equivalent to testing for all bits and returning the result. + +The following convenience macros are built on top of these primitives and are +used to maintain the retry state of a BIO: + +BIO_set_retry_read() marks the B I as being in a retryable state +by setting the B flag. In addition, it sets the +B flag to indicate that the retry condition is +associated with a read operation. + +BIO_set_retry_write() marks the B I as being in a retryable state +by setting the B flag. In addition, it sets the +B flag to indicate that the retry condition is +associated with a write operation. + +BIO_set_retry_special() marks the B I as being in a retryable state +by setting the B flag. In addition, it sets the +B flag to indicate that the retry condition is +associated with a read operation some "special" condition. +The precise meaning of this condition depends on the B type. + +BIO_clear_retry_flags() clears all retry-related bits from I, i.e. +B, B, B, and +B. + +BIO_get_retry_flags() returns retry-related bits that are +currently set in I. The result is a subset of +B. + +The retry bits are interpreted by the higher level macros +BIO_should_read(), BIO_should_write(), BIO_should_io_special(), +BIO_retry_type() and BIO_should_retry(), as documented in +L. Application code will typically use those macros +rather than manipulate the underlying flags directly. + +The following flag bits are currently defined for use with BIO_set_flags(), +BIO_clear_flags() and BIO_test_flags(): + +=over 4 + +=item B + +The last I/O operation should be retried when the B becomes readable. +This flag is normally set by the B implementation via BIO_set_retry_read() +after a failed read operation. + +=item B + +The last I/O operation should be retried when the B becomes writable. +This flag is normally set by the B implementation via BIO_set_retry_write() +after a failed write operation. + +=item B + +The last I/O operation should be retried when some "special" condition +becomes true. The precise meaning of this condition depends on the B +type and is usually obtained via BIO_get_retry_BIO() and +BIO_get_retry_reason() as described in L. +This flag is normally set by the B implementation via +BIO_set_retry_special(). + +=item B + +The bitwise OR of B, B and +B. This mask is used when clearing or extracting +the retry-direction bits. + +=item B + +Set if the last I/O operation on the B should be retried at a later time. +If this bit is not set then the condition is treated as an error. +This flag is normally set by the B implementation. + +=item B + +When set on a base64 filter B this flag disables the generation of +newline characters in the encoded output and causes newlines to be ignored +in the input. See also L. +The flag has no effect on any other built-in B types. + +=item B + +When set on a memory B this flag indicates that the underlying buffer is +read only. Attempts to write to such a B will fail. +The flag has no effect on any other built-in B types. + +=item B + +On a memory B this flag modifies the behaviour of BIO_reset(). When it +is set, resetting the B does not clear the underlying buffer but only +resets the current read position. +The flag has no effect on any other built-in B types. + +=item B + +This flag may be used by a B implementation to indicate that the end +of the input stream has been reached. However, B types are not +required to use this flag to signal end-of-file conditions; they may rely +on other mechanisms such as system calls or by querying the next B in a +chain. Applications must therefore not test this flag directly to +determine whether EOF has been reached, and must use BIO_eof() instead. + +=back + +A range of additional flag values is reserved for internal use by OpenSSL +to track kernel TLS (KTLS) state. This range and the corresponding flag +macros are not part of the public API and must not be used by applications. + +=head1 RETURN VALUES + +BIO_get_flags() returns a bit mask of the flags currently set on the B. + +BIO_test_flags() returns a bit mask consisting of those flags from the +argument that are currently set in the B. Consequently, it returns a +nonzero value if and only if at least one of the requested flags is set. + +BIO_get_retry_flags() returns a bit mask consisting of those flags from +B, B, B, and +B that are currently set in the I. + +=head1 NOTES + +Ordinary application code will rarely need to call BIO_set_flags(), +BIO_clear_flags() or BIO_test_flags() directly. They are intended for B +implementations and for code that forwards retry state from one B in a +chain to another. +After a failed I/O operation, applications should normally use +BIO_should_retry() and related macros as described in +L instead of inspecting the flags directly. + +These functions and macros are not thread-safe. If a single B +is accessed from multiple threads, the caller must provide appropriate +external synchronisation. + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +The functions and macros described here have been available in OpenSSL since +at least 1.1.0 (B since 1.1.1). + +=head1 COPYRIGHT + +Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut --- crypto/openssl/doc/man3/BN_generate_prime.pod.orig +++ crypto/openssl/doc/man3/BN_generate_prime.pod @@ -130,7 +130,7 @@ If B

passes all these tests, it is considered a probable prime. The test performed on B

are trial division by a number of small primes -and rounds of the of the Miller-Rabin probabilistic primality test. +and rounds of the Miller-Rabin probabilistic primality test. The functions do at least 64 rounds of the Miller-Rabin test giving a maximum false positive rate of 2^-128. @@ -148,7 +148,7 @@ BN_is_prime_fasttest() and BN_is_prime() behave just like BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old -style call back. +style callback. B is a preallocated B (to save the overhead of allocating and freeing the structure in a loop), or B. @@ -246,7 +246,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/CMS_EncryptedData_decrypt.pod.orig +++ crypto/openssl/doc/man3/CMS_EncryptedData_decrypt.pod @@ -16,10 +16,10 @@ =head1 DESCRIPTION CMS_EncryptedData_decrypt() decrypts a I EncryptedData object using the -symmetric I of size I bytes. I is a BIO to write the content -to and I is an optional set of flags. -I is used in the rare case where the encrypted content is detached. It -will normally be set to NULL. +symmetric I of size I bytes. AEAD cipher algorithms are not +supported. I is a BIO to write the content to and I is an optional +set of flags. I is used in the rare case where the encrypted content is +detached. It will normally be set to NULL. The following flags can be passed in the I parameter. --- crypto/openssl/doc/man3/CMS_EncryptedData_encrypt.pod.orig +++ crypto/openssl/doc/man3/CMS_EncryptedData_encrypt.pod @@ -34,7 +34,7 @@ B is specified. The algorithm passed in the I parameter must support ASN1 encoding of -its parameters. +its parameters. AEAD cipher algorithms are not supported. The B structure can be freed using L. --- /dev/null +++ crypto/openssl/doc/man3/CMS_EncryptedData_set1_key.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +CMS_EncryptedData_set1_key - Sets the cipher and key for +CMS EncryptedData + +=head1 SYNOPSIS + + #include + + int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +=head1 DESCRIPTION + +CMS_EncryptedData_set1_key() takes in a I EncryptedData object and sets +the appropriate attributes to I, it makes a copy of the symmetric I +of size I. AEAD cipher algorithms are not supported. + +=head1 RETURN VALUES + +CMS_EncryptedData_set1_key() returns 0 if an error occurred otherwise +returns 1. + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut --- crypto/openssl/doc/man3/CMS_sign.pod.orig +++ crypto/openssl/doc/man3/CMS_sign.pod @@ -96,7 +96,7 @@ BIO_new_CMS(). If a signer is specified it will use the default digest for the signing -algorithm. This is B for both RSA and DSA keys. +algorithm. This is B for both RSA and DSA keys. If B and B are NULL then a certificates only CMS structure is output. @@ -132,7 +132,7 @@ =head1 COPYRIGHT -Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/DTLS_set_timer_cb.pod.orig +++ crypto/openssl/doc/man3/DTLS_set_timer_cb.pod @@ -20,6 +20,17 @@ timeout interval on the DTLS protocol. The callback function will be called by DTLS for every new DTLS packet that is sent. +The callback should return the timeout interval in micro seconds. + +The I parameter of the callback is the last set timeout +interval returned. On the first invocation of the callback, +this value will be 0. + +At the beginning of the connection, if no timeout callback has been +set via DTLS_set_timer_cb(), the default timeout value is 1 second. +For all subsequent timeouts, the default behavior is to double the +duration up to a maximum of 1 minute. + =head1 RETURN VALUES Returns void. @@ -30,7 +41,7 @@ =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- /dev/null +++ crypto/openssl/doc/man3/EVP_CIPHER_CTX_get_app_data.pod @@ -0,0 +1,38 @@ +=pod + +=head1 NAME + +EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data - Routines to +inspect and modify application data related to EVP_CIPHER_CTX + +=head1 SYNOPSIS + + #include + + void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); + void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); + +=head1 DESCRIPTION + +The functions EVP_CIPHER_CTX_set_app_data() and EVP_CIPHER_CTX_get_app_data() +associate an opaque, application-defined pointer with an EVP_CIPHER_CTX object. + +This pointer is not interpreted by the library and is reserved entirely for use +by the application. It may be used to store arbitrary context or state that +needs to be accessible wherever the corresponding EVP_CIPHER_CTX is available. + +=head1 RETURN VALUES + +The EVP_CIPHER_CTX_get_app_data() function returns a opaque pointer to the +current application data for the EVP_CIPHER_CTX. + +=head1 COPYRIGHT + +Copyright 2026 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut --- crypto/openssl/doc/man3/EVP_EncryptInit.pod.orig +++ crypto/openssl/doc/man3/EVP_EncryptInit.pod @@ -61,8 +61,6 @@ EVP_CIPHER_CTX_get_key_length, EVP_CIPHER_CTX_get_iv_length, EVP_CIPHER_CTX_get_tag_length, -EVP_CIPHER_CTX_get_app_data, -EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags, @@ -196,8 +194,6 @@ int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); - void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); - void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); @@ -744,7 +740,7 @@ =item "tag" (B) Gets or sets the AEAD tag for the associated cipher context I. -See L. +See L. =item "keybits" (B) @@ -1253,6 +1249,9 @@ EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. +EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() and +EVP_CIPHER_CTX_set_params() return 1 for success and 0 for failure. + =head1 CIPHER LISTING All algorithms have a fixed key length unless otherwise stated. @@ -1276,8 +1275,13 @@ To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output -parameter I set to B. In this case, on success, the parameter -I is set to the number of bytes authenticated. +parameter I set to NULL. In this case, on success, the parameter +I is set to the number of AAD bytes processed in that call +(that is, the value of I), and does not include any plaintext +or ciphertext bytes processed by other calls. + +If no AAD is used, this call can be omitted. See the mode-specific notes +below for any exceptions. When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() indicates whether the operation was successful. If it does not indicate success, @@ -1746,7 +1750,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod.orig +++ crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod @@ -49,8 +49,11 @@ for example during parameter generation or key generation for some algorithms. -EVP_PKEY_CTX_dup() duplicates the context I. It is not supported for a -keygen operation. +EVP_PKEY_CTX_dup() duplicates the context I. +It is not supported for a keygen operation. +It is however possible to duplicate a context freshly created via any of the +above C functions, provided L has not yet been +called on the source context, and then use the copy for key generation. EVP_PKEY_CTX_free() frees up the context I. If I is NULL, nothing is done. @@ -122,7 +125,7 @@ =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/EVP_PKEY_keygen.pod.orig +++ crypto/openssl/doc/man3/EVP_PKEY_keygen.pod @@ -86,10 +86,12 @@ error occurs. This might occur during a time consuming operation where a user clicks on a "cancel" button. -The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set -and retrieve an opaque pointer. This can be used to set some application -defined value which can be retrieved in the callback: for example a handle -which is used to update a "progress dialog". +The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() +associate an opaque, application-defined pointer with an EVP_PKEY_CTX object. + +This pointer is not interpreted by the library and is reserved entirely for use +by the application. It may be used to store arbitrary context or state that +needs to be accessible wherever the corresponding EVP_PKEY_CTX is available. EVP_PKEY_Q_keygen() abstracts from the explicit use of B while providing a 'quick' but limited way of generating a new asymmetric key pair. @@ -226,7 +228,7 @@ =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/EVP_PKEY_new.pod.orig +++ crypto/openssl/doc/man3/EVP_PKEY_new.pod @@ -168,7 +168,19 @@ The structure returned by EVP_PKEY_new() is empty. To add a private or public key to this empty structure use the appropriate functions described in L, L, L or -L. +L for legacy key types implemented in internal +OpenSSL providers. + +For fully provider-managed key types (see L), +possibly implemented in external providers, use functions such as +L or L +to populate key data. + +Generally caution is advised for using an B structure across +different library contexts: In order for an B to be shared by +multiple library contexts the providers associated with the library contexts +must have key managers that support the key type and implement the +OSSL_FUNC_keymgmt_import() and OSSL_FUNC_keymgmt_export() functions. =head1 RETURN VALUES @@ -210,7 +222,7 @@ =head1 COPYRIGHT -Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/EVP_RAND.pod.orig +++ crypto/openssl/doc/man3/EVP_RAND.pod @@ -151,11 +151,8 @@ from a live source will be sought. This call operates as per NIST SP 800-90A and SP 800-90C. -EVP_RAND_nonce() creates a nonce in I of maximum length I -bytes from the RAND I. The function returns the length of the generated -nonce. If I is NULL, the length is still returned but no generation -takes place. This allows a caller to dynamically allocate a buffer of the -appropriate size. +EVP_RAND_nonce() creates a nonce in I of length I +bytes from the RAND I. EVP_RAND_enable_locking() enables locking for the RAND I and all of its parents. After this I will operate in a thread safe manner, albeit @@ -376,7 +373,7 @@ EVP_RAND_CTX_free() does not return a value. -EVP_RAND_nonce() returns the length of the nonce. +EVP_RAND_nonce() returns 1 on success, 0 on error. EVP_RAND_get_strength() returns the strength of the random number generator in bits. @@ -406,7 +403,7 @@ =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/EVP_aes_128_gcm.pod.orig +++ crypto/openssl/doc/man3/EVP_aes_128_gcm.pod @@ -127,7 +127,7 @@ AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode (GCM) and OCB Mode respectively. These ciphers require additional control -operations to function correctly, see the L +operations to function correctly, see the L section for details. =item EVP_aes_128_wrap(), @@ -184,7 +184,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/EVP_aria_128_gcm.pod.orig +++ crypto/openssl/doc/man3/EVP_aria_128_gcm.pod @@ -88,7 +88,7 @@ ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter Mode (GCM). These ciphers require additional control operations to function -correctly, see the L section for details. +correctly, see the L section for details. =back @@ -113,7 +113,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/EVP_chacha20.pod.orig +++ crypto/openssl/doc/man3/EVP_chacha20.pod @@ -36,7 +36,7 @@ Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key is 256 bits and the IV is 96 bits. This supports additional authenticated data (AAD) and produces a 128-bit authentication tag. See the -L section for more information. +L section for more information. =back @@ -64,7 +64,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/OPENSSL_malloc.pod.orig +++ crypto/openssl/doc/man3/OPENSSL_malloc.pod @@ -99,10 +99,14 @@ OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used when the buffer at B holds sensitive information. The old buffer is filled with zero's by calling OPENSSL_cleanse() -before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is -NULL, nothing is done. +before ultimately calling OPENSSL_free(). If the argument to +OPENSSL_clear_free() is NULL, nothing is done. OPENSSL_cleanse() fills B of size B with a string of 0's. +It is useful in cases when it is needed to ensure that memory (that contains +sensitive information) is overwritten (for example, before it is reclaimed, +or when it is stored on stack), and such operation is not optimised out +by compiler optimisations such as dead store elimination (as memset(3) may be). Use OPENSSL_cleanse() with care if the memory is a mapping of a file. If the storage controller uses write compression, then it's possible that sensitive tail bytes will survive zeroization because the block of @@ -199,7 +203,7 @@ =head1 COPYRIGHT -Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod.orig +++ crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod @@ -45,7 +45,12 @@ information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your -threat model and concerns. +threat model and concerns. It should be noted that the secure heap +uses a single read/write lock, and therefore any operations +that involve allocation or freeing of secure heap memory are serialised, +blocking other threads. With that in mind, highly concurrent applications +should enable the secure heap with caution and be aware of the performance +implications for multi-threaded code. If a secure heap is used, then private key B values are stored there. This protects long-term storage of private keys, but will not necessarily @@ -135,7 +140,7 @@ =head1 COPYRIGHT -Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/OSSL_DECODER_CTX.pod.orig +++ crypto/openssl/doc/man3/OSSL_DECODER_CTX.pod @@ -167,6 +167,13 @@ creating an L array that it then passes to I, along with I. +Note that functions OSSL_DECODER_CTX_set_selection(), +OSSL_DECODER_CTX_set_output_type(), OSSL_DECODER_CTX_set_output_structure(), +OSSL_DECODER_CTX_add_encoder(), OSSL_DECODER_CTX_add_extra(), +OSSL_DECODER_CTX_set_construct(), OSSL_DECODER_CTX_set_construct_data(), and +OSSL_DECODER_CTX_set_cleanup() shouldn't be used after the context is finalised, +in particular after calling the function OSSL_DECODER_CTX_new_for_pkey(). + =head2 Constructor A B gets the following arguments: --- crypto/openssl/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod.orig +++ crypto/openssl/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod @@ -71,6 +71,10 @@ the B and missing encoder implementation, and allows it to act accordingly. +Note that OSSL_DECODER_CTX_new_for_pkey() finalises the OSSL_DECODER_CTX; +after that the OSSL_DECODER_CTX_set_* and OSSL_DECODER_CTX_add_* functions +described in L shouldn't be called. + OSSL_DECODER_CTX_set_passphrase() gives the implementation a pass phrase to use when decrypting the encoded private key. Alternatively, a pass phrase callback may be specified with the following functions. --- crypto/openssl/doc/man3/OSSL_ENCODER_CTX.pod.orig +++ crypto/openssl/doc/man3/OSSL_ENCODER_CTX.pod @@ -130,6 +130,13 @@ OSSL_ENCODER_CTX_set_cleanup() sets the constructor data I function. This is called by L. +Note that functions OSSL_ENCODER_CTX_set_selection(), +OSSL_ENCODER_CTX_set_output_type(), OSSL_ENCODER_CTX_set_output_structure(), +OSSL_ENCODER_CTX_add_encoder(), OSSL_ENCODER_CTX_add_extra(), +OSSL_ENCODER_CTX_set_construct(), OSSL_ENCODER_CTX_set_construct_data(), and +OSSL_ENCODER_CTX_set_cleanup() shouldn't be used after the context is finalised, +in particular after calling the function OSSL_ENCODER_CTX_new_for_pkey(). + =head2 Constructor A B gets the following arguments: @@ -202,6 +209,12 @@ OSSL_ENCODER_INSTANCE_get_output_structure() returns a string with the name of the output structure. +=head1 NOTES AND BUGS + +The chain mechanism in ENCODE is not yet completely implemented. +It affects functions such as OSSL_ENCODER_CTX_add_extra and the +inner processing loop. + =head1 SEE ALSO L, L --- crypto/openssl/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod.orig +++ crypto/openssl/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod @@ -60,6 +60,10 @@ the B and missing encoder implementation, and allows it to act accordingly. +Note that OSSL_ENCODER_CTX_new_for_pkey() finalises the OSSL_ENCODER_CTX; +after that the OSSL_ENCODER_CTX_set_* and OSSL_ENCODER_CTX_add_* functions +described in L shouldn't be called. + OSSL_ENCODER_CTX_set_cipher() tells the implementation what cipher should be used to encrypt encoded keys. The cipher is given by name I. The interpretation of that I is --- crypto/openssl/doc/man3/OSSL_PARAM.pod.orig +++ crypto/openssl/doc/man3/OSSL_PARAM.pod @@ -356,7 +356,7 @@ =head1 SEE ALSO -L, L, L +L, L, L, L =head1 HISTORY @@ -364,7 +364,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/OSSL_PARAM_int.pod.orig +++ crypto/openssl/doc/man3/OSSL_PARAM_int.pod @@ -393,6 +393,29 @@ if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL) OSSL_PARAM_set_utf8_ptr(p, "cookie value"); +=head2 Example 3 + +This example shows a special case where +I<-Wincompatible-pointer-types-discards-qualifiers> may be set during +compilation. The value for I cannot be a I type string. An +alternative in this case would be to use B macro abbreviated calls +rather than the specific callers which allows you to define the sha1 argument +as a standard character array (I). + +For example, this code: + + OSSL_PARAM params[2]; + params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0); + params[1] = OSSL_PARAM_construct_end(); + +Can be made compatible with the following version: + + char sha1[] = "SHA1"; /* sha1 is defined as char[] in this case */ + OSSL_PARAM params[2]; + + params[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0); + params[1] = OSSL_PARAM_construct_end(); + =head1 SEE ALSO L, L @@ -403,7 +426,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/OSSL_PROVIDER.pod.orig +++ crypto/openssl/doc/man3/OSSL_PROVIDER.pod @@ -152,7 +152,7 @@ will call the callback I and supply a set of Ls describing the capability. It will also pass back the argument I. For more details about capabilities and what they can be used for please see -L. +L. =head1 RETURN VALUES @@ -213,7 +213,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/OpenSSL_version.pod.orig +++ crypto/openssl/doc/man3/OpenSSL_version.pod @@ -238,9 +238,16 @@ The macros and functions described here were added in OpenSSL 3.0, except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num(). +=head1 BUGS + +There was a discrepancy between this manual and commentary + code +in F<< >>, where the latter suggested that the +four least significant bits of B could be +C<0x0f> in released OpenSSL versions. + =head1 COPYRIGHT -Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/PEM_read_CMS.pod.orig +++ crypto/openssl/doc/man3/PEM_read_CMS.pod @@ -84,9 +84,9 @@ =head1 DESCRIPTION -All of the functions described on this page are deprecated. -Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio() -instead. +To replace the deprecated functions listed above, applications should use the +B type and OSSL_DECODER_from_bio() and OSSL_ENCODER_to_bio() to +read and write PEM data containing key parameters or private and public keys. In the description below, B> is used as a placeholder for any of the OpenSSL datatypes, such as B. @@ -142,7 +142,7 @@ =head1 COPYRIGHT -Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/PKCS5_PBE_keyivgen.pod.orig +++ crypto/openssl/doc/man3/PKCS5_PBE_keyivgen.pod @@ -110,6 +110,13 @@ I is the message digest function used in the derivation. +I is the initialization vector (IV) to use for the encryption algorithm. +If I is NULL, then a random IV will be generated. + +I is the numeric identifier (NID) for the pseudo-random function to +use with PBKDF2. If I is not specified (for example, I is set to 0), +a default PRF is used, which is currently set to SHA-256 (NID_hmacWithSHA256). + Functions ending in _ex() take optional parameters I and I which are used to select appropriate algorithm implementations. @@ -118,7 +125,9 @@ PKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(), PKCS5_pbe2_set_iv_ex() and PKCS5_pbe2_set_scrypt() generate an B object which represents an AlgorithmIdentifier containing the algorithm OID and -associated parameters for the PBE algorithm. +associated parameters for the PBE algorithm. These functions encode the +key derivation parameters (such as salt and iteration count) and the +encryption parameters (such as the IV) into the ASN.1 structure. PKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() generate an B object which represents an AlgorithmIdentifier containing the algorithm OID and @@ -167,7 +176,7 @@ =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/PKCS7_sign.pod.orig +++ crypto/openssl/doc/man3/PKCS7_sign.pod @@ -80,7 +80,7 @@ BIO_new_PKCS7(). If a signer is specified it will use the default digest for the signing -algorithm. This is B for both RSA and DSA keys. +algorithm. This is B for both RSA and DSA keys. The I, I and I parameters can all be NULL if the B flag is set. One or more signers can be added @@ -122,7 +122,7 @@ =head1 COPYRIGHT -Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/RAND_load_file.pod.orig +++ crypto/openssl/doc/man3/RAND_load_file.pod @@ -19,7 +19,11 @@ RAND_load_file() reads a number of bytes from file B and adds them to the PRNG. If B is nonnegative, up to B are read; -if B is -1, the complete file is read. +if B is -1, the complete file is read (unless the file +is not a regular file, in that case a fixed number of bytes, +256 in the current implementation, is attempted to be read). +RAND_load_file() can read less than the complete file or the requested number +of bytes if it doesn't fit in the return value type. Do not load the same file multiple times unless its contents have been updated by RAND_write_file() between reads. Also, note that B should be adequately protected so that an @@ -77,7 +81,7 @@ =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/RSA_set_method.pod.orig +++ crypto/openssl/doc/man3/RSA_set_method.pod @@ -148,13 +148,7 @@ RSA_set_default_method() returns no value. -RSA_set_method() returns a pointer to the old RSA_METHOD implementation -that was replaced. However, this return value should probably be ignored -because if it was supplied by an ENGINE, the pointer could be invalidated -at any time if the ENGINE is unloaded (in fact it could be unloaded as a -result of the RSA_set_method() function releasing its handle to the -ENGINE). For this reason, the return type may be replaced with a B -declaration in a future release. +RSA_set_method() returns 1 for success. It always succeeds. RSA_new_method() returns NULL and sets an error code that can be obtained by L if the allocation fails. Otherwise @@ -185,7 +179,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod.orig +++ crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod @@ -37,7 +37,7 @@ int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); - uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); + uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); =head1 DESCRIPTION @@ -203,7 +203,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/SSL_CONF_cmd.pod.orig +++ crypto/openssl/doc/man3/SSL_CONF_cmd.pod @@ -71,7 +71,7 @@ =item B<-no_renegotiation> -Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +Disables all attempts at renegotiation in (D)TLSv1.2 and earlier, same as setting B. =item B<-no_resumption_on_reneg> @@ -735,7 +735,7 @@ =head1 COPYRIGHT -Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/SSL_CTX_set_cert_verify_callback.pod.orig +++ crypto/openssl/doc/man3/SSL_CTX_set_cert_verify_callback.pod @@ -63,6 +63,11 @@ Moreover, the calling application will be informed about the detailed result of the verification procedure and may elect to base further decisions on it. +I may call L to run the built-in verification +function. This may be useful if application wishes to dynamically reconfigure +I before verification, or postprocess the result. In this case, +L will set the B member as described above. + Within I, I has access to the I function set using L. --- crypto/openssl/doc/man3/SSL_CTX_set_client_hello_cb.pod.orig +++ crypto/openssl/doc/man3/SSL_CTX_set_client_hello_cb.pod @@ -67,6 +67,9 @@ in the ClientHello. B<*outlen> contains the number of elements in the array. In situations when the ClientHello has no extensions, the function will return success with B<*out> set to NULL and B<*outlen> set to 0. +Note that SSL_client_hello_get1_extensions_present() returns only recognised +extensions; therefore, unrecognised (including GREASE) extensions will not +appear in the output. =head1 NOTES @@ -85,8 +88,12 @@ occurs due to the relative order of processing between things like session resumption and the historical servername callback. -The SSL_client_hello_* family of functions may only be called from code executing -within a ClientHello callback. +The SSL_client_hello_* family of functions may only be called from code +executing within a ClientHello callback. + +The SSL_client_hello_get0_*() functions return raw ClientHello data, whereas +SSL_client_hello_get1_extensions_present() returns only recognized extensions +(so unknown/GREASE-extensions are not included). =head1 RETURN VALUES --- crypto/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod.orig +++ crypto/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod @@ -31,9 +31,10 @@ specific protocol versions. Use these functions instead of disabling specific protocol versions. -Setting the minimum or maximum version to 0, will enable protocol +Setting the minimum or maximum version to 0 (default), will enable protocol versions down to the lowest version, or up to the highest version -supported by the library, respectively. +supported by the library, respectively. The supported versions might be +controlled by system configuration. Getters return 0 in case B or B have been configured to automatically use the lowest or highest version supported by the library. @@ -64,7 +65,7 @@ =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/SSL_CTX_set_options.pod.orig +++ crypto/openssl/doc/man3/SSL_CTX_set_options.pod @@ -241,7 +241,7 @@ =item SSL_OP_NO_RENEGOTIATION -Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +Disable all renegotiation in (D)TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello. =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION @@ -456,7 +456,7 @@ =head1 COPYRIGHT -Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod.orig +++ crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -93,6 +93,14 @@ Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it should not be freed by the application. +Note that as described above, the callback may be called a second time during a +handshake. Since ownership of the SSL_SESSION is transferred to OpenSSL on each +call, if the callback wishes to return the same SSL_SESSION pointer on a +subsequent invocation, it must first call L to increment +the reference count. Failure to do so will result in a use-after-free error. +Alternatively, the callback may return a different SSL_SESSION object on each +call (e.g., by calling L). + It is also possible for the callback to succeed but not supply a PSK. In this case no PSK will be sent to the server but the handshake will continue. To do this the callback should return successfully and ensure that B<*sess> is @@ -169,7 +177,7 @@ =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod.orig +++ crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -58,9 +58,11 @@ Typically applications should use well known DH parameters that have built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto() configure OpenSSL to use the default built-in DH parameters for the B -and B objects respectively. Passing a value of 1 in the I parameter -switches the feature on, and passing a value of 0 switches it off. The default -setting is off. +and B objects respectively. Passing a value of 2 or 1 in the I +parameter switches it on. If the I parameter is set to 2, it will force +the DH key size to 1024 if the B or B security level +L is 0 or 1. Passing a value of 0 switches +it off. The default setting is off. If "auto" DH parameters are switched on then the parameters will be selected to be consistent with the size of the key associated with the server's certificate. @@ -112,7 +114,7 @@ =head1 COPYRIGHT -Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod.orig +++ crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod @@ -23,11 +23,10 @@ =head1 DESCRIPTION -SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the -client when the session was created if it was accepted by the server and TLSv1.2 -or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the -SNI hostname is negotiated with each handshake including resumption handshakes -and is therefore never associated with the session. +SSL_SESSION_get0_hostname() retrieves the Server Name Indication (SNI) value +that was sent by the client when the session was created if the server +acknowledged the client's SNI extension by including an empty SNI extension +in response. Otherwise NULL is returned. The value returned is a pointer to memory maintained within B and should not be free'd. @@ -46,8 +45,7 @@ =head1 RETURN VALUES -SSL_SESSION_get0_hostname() returns either a string or NULL based on if there -is the SNI value sent by client. +SSL_SESSION_get0_hostname() returns the SNI string if available, or NULL if not. SSL_SESSION_set1_hostname() returns 1 on success or 0 on error. @@ -67,7 +65,7 @@ =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/SSL_key_update.pod.orig +++ crypto/openssl/doc/man3/SSL_key_update.pod @@ -53,7 +53,9 @@ will be performed to confirm that it is a suitable time to start a renegotiation. If so, then it will be initiated immediately. OpenSSL will not attempt to resume any session associated with the connection in the new -handshake. +handshake. Note that some servers will respond to reneogitation attempts with +a "no_renegotiation" alert. An OpenSSL will immediately fail the connection in +this case. When called from the client side, SSL_renegotiate_abbreviated() works in the same was as SSL_renegotiate() except that OpenSSL will attempt to resume the @@ -101,7 +103,7 @@ =head1 COPYRIGHT -Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/X509_NAME_print_ex.pod.orig +++ crypto/openssl/doc/man3/X509_NAME_print_ex.pod @@ -32,9 +32,8 @@ Otherwise, at most I bytes will be written, including the ending '\0', and I is returned. -X509_NAME_print() prints out I to I indenting each line by I -characters. Multiple lines are used if the output (including indent) exceeds -80 characters. +X509_NAME_print() prints out I to I on a single line. +The I parameter is ignored and retained only for API compatibility. =head1 NOTES @@ -122,7 +121,7 @@ =head1 COPYRIGHT -Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/X509_STORE_CTX_new.pod.orig +++ crypto/openssl/doc/man3/X509_STORE_CTX_new.pod @@ -77,7 +77,7 @@ X509_STORE_CTX_init() sets up I for a subsequent verification operation. X509_STORE_CTX_init() initializes the internal state and resources of the -given I. Among others, it sets the verification parameters associcated +given I. Among others, it sets the verification parameters associated with the method name C, which includes the C purpose, and takes over callback function pointers from I (unless NULL). It must be called before each call to L or @@ -280,7 +280,7 @@ =head1 COPYRIGHT -Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/X509_STORE_get0_param.pod.orig +++ crypto/openssl/doc/man3/X509_STORE_get0_param.pod @@ -29,7 +29,8 @@ returned pointer must not be freed by the calling application. X509_STORE_get1_all_certs() returns a list of all certificates in the store. -The caller is responsible for freeing the returned list. +The caller is responsible for freeing the returned list +with sk_X509_pop_free(sk, X509_free). =head1 RETURN VALUES @@ -45,6 +46,7 @@ =head1 SEE ALSO +L, L =head1 HISTORY --- crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod.orig +++ crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -248,8 +248,8 @@ B enables CRL checking for the certificate chain leaf certificate. An error occurs if a suitable CRL cannot be found. -B enables CRL checking for the entire certificate -chain. +B expands CRL checking to the entire certificate +chain if B has also been enabled, and is otherwise ignored. B disables critical extension checking. By default any unhandled critical extensions in certificates or (if checked) CRLs result @@ -407,7 +407,7 @@ =head1 COPYRIGHT -Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man3/d2i_X509.pod.orig +++ crypto/openssl/doc/man3/d2i_X509.pod @@ -500,8 +500,9 @@ B>() returns the number of bytes successfully encoded or a negative value if an error occurs. -B_bio>() and B_fp>() return 1 for success and 0 if an -error occurs. +B_bio>() and B_fp>(), +as well as i2d_ASN1_bio_stream(), +return 1 for success and 0 if an error occurs. =head1 EXAMPLES @@ -617,7 +618,7 @@ =head1 COPYRIGHT -Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/EVP_PKEY-DSA.pod.orig +++ crypto/openssl/doc/man7/EVP_PKEY-DSA.pod @@ -104,7 +104,7 @@ =head1 SEE ALSO L, -L +L, L, L, L, @@ -113,7 +113,7 @@ =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/EVP_PKEY-FFC.pod.orig +++ crypto/openssl/doc/man7/EVP_PKEY-FFC.pod @@ -213,7 +213,7 @@ L, L, L, -L +L, L, L, L, @@ -222,7 +222,7 @@ =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod.orig +++ crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -421,6 +421,19 @@ release within the same major release series. This flexibility enables you to address bug fixes and CVEs that fall outside the FIPS boundary. +You can load the FIPS provider into multiple library contexts as any other +provider. However the following restriction applies. The FIPS provider cannot +be used by multiple copies of OpenSSL libcrypto in a single process. + +As the provider saves core callbacks to the libcrypto obtained in the +OSSL_provider_init() call to global data it will fail if subsequent +invocations of its OSSL_provider_init() function yield different addresses +of these callbacks than in the initial call. This happens when different +copies of libcrypto are present in the memory of the process and both try +to load the same FIPS provider. A workaround is to have a different copy +of the FIPS provider loaded for each of the libcrypto instances in the +process. + =head1 SEE ALSO L, @@ -439,7 +452,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/migration_guide.pod.orig +++ crypto/openssl/doc/man7/migration_guide.pod @@ -596,13 +596,13 @@ Support for TLSv1.3 has been added. This has a number of implications for SSL/TLS applications. See the -L for further details. +L for further details. =back More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0 can be found on the -L. +L. =head3 Upgrading from the OpenSSL 2.0 FIPS Object Module @@ -2484,7 +2484,7 @@ =head1 COPYRIGHT -Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/openssl-env.pod.orig +++ crypto/openssl/doc/man7/openssl-env.pod @@ -61,7 +61,7 @@ enable trace output of specific parts of OpenSSL libraries, by name. This output usually makes sense only if you know OpenSSL internals well. -The value of this environment varialble is a comma-separated list of names, +The value of this environment variable is a comma-separated list of names, with the following available: =over 4 @@ -184,7 +184,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/property.pod.orig +++ crypto/openssl/doc/man7/property.pod @@ -142,6 +142,38 @@ disallow any implementations with "fips=yes" rather than not caring about the setting. +=head1 PREDEFINED NAMES + +=for comment This list should correspond to the array 'predefined_names' in crypto/property/property_parse.c + +Currently known predefined names are: + +=over 4 + +=item C + +The conventional property value is the provider's name. This may be different from the name returned by L. + +It is a convention among OpenSSL provider implementations to define a property with this name. It is not mandatory to do this. + +=item C + +The conventional property value is the provider's version. + +OpenSSL provider implementations do not define a property with this name. + +=item C + +The conventional property value is boolean (C<"yes"> or C<"no">), indication whether the implementation conforms to FIPS standards or not. + +It is a convention among OpenSSL provider implementations to define a property with this name where applicable. It is not mandatory to do this, but is strongly recommended. + +=item C, C, C + +Properties with these names are used by encoders (see L) and decoders (see L). + +=back + =head1 SYNTAX The lexical syntax in EBNF is given by: @@ -167,7 +199,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/provider-base.pod.orig +++ crypto/openssl/doc/man7/provider-base.pod @@ -131,7 +131,8 @@ static ossl_inline OSSL_NAME_core_gettable_params_fn OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH *opf); -L arrays are indexed by numbers that are provided as +L array entries contain a I field that +identifies the function. The I numbers are provided as macros in L, as follows: For I (the L array passed from F to the @@ -809,7 +810,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/provider-cipher.pod.orig +++ crypto/openssl/doc/man7/provider-cipher.pod @@ -103,8 +103,8 @@ In order to be a consistent set of functions there must at least be a complete set of "encrypt" functions, or a complete set of "decrypt" functions, or a single "cipher" function. -In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be -present. +In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx +and OSSL_FUNC_cipher_freectx functions must be present. All other functions are optional. =head2 Context Management Functions @@ -241,7 +241,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/provider-decoder.pod.orig +++ crypto/openssl/doc/man7/provider-decoder.pod @@ -110,7 +110,9 @@ should be named "RSA". Likewise, an implementation that decodes DER data from PEM input should be named "DER". -Properties can be used to further specify details about an implementation: +Properties, as defined in the L array element of each +decoder implementation, can be used to further specify details about an +implementation: =over 4 @@ -302,7 +304,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/provider-encoder.pod.orig +++ crypto/openssl/doc/man7/provider-encoder.pod @@ -127,7 +127,9 @@ For example, an implementation that encodes an RSA key should be named "RSA". Likewise, an implementation that further encodes DER should be named "DER". -Properties can be used to further specify details about an implementation: +Properties, as defined in the L array element of each +decoder implementation, can be used to further specify details about an +implementation: =over 4 @@ -321,7 +323,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/provider-keymgmt.pod.orig +++ crypto/openssl/doc/man7/provider-keymgmt.pod @@ -29,7 +29,7 @@ void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx); /* Key loading by object reference, also a constructor */ - void *OSSL_FUNC_keymgmt_load(const void *reference, size_t *reference_sz); + void *OSSL_FUNC_keymgmt_load(const void *reference, size_t reference_sz); /* Key object information */ int OSSL_FUNC_keymgmt_get_params(void *keydata, OSSL_PARAM params[]); @@ -442,7 +442,7 @@ =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/doc/man7/provider-signature.pod.orig +++ crypto/openssl/doc/man7/provider-signature.pod @@ -284,7 +284,7 @@ the signature should be written to I<*siglen>. OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation -previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously +previously started through OSSL_FUNC_signature_digest_sign_init(). A previously initialised signature context is passed in the I parameter. The data to be signed is in I which should be I bytes long. Unless I is NULL, the signature should be written to the location pointed to by the I @@ -294,7 +294,7 @@ =head2 Digest Verify Functions -OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a +OSSL_FUNC_signature_digest_verify_init() initialises a context for verifying given a provider side verification context in the I parameter, and a pointer to a provider key object in the I parameter. The I, if not NULL, should be set on the context in a manner similar to @@ -318,7 +318,7 @@ verified is in I which is I bytes long. OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation -previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously +previously started through OSSL_FUNC_signature_digest_verify_init(). A previously initialised verification context is passed in the I parameter. The data to be verified is in I which should be I bytes long. The signature to be verified is in I which is I bytes long. @@ -360,8 +360,13 @@ =item "algorithm-id" (B) -Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of -signature algorithm and digest algorithm for the signature operation. +Gets the DER-encoded AlgorithmIdentifier for the signature operation. +This typically corresponds to the combination of a digest algorithm +with a purely asymmetric signature algorithm, such as SHA256WithECDSA. + +The L relies on this operation and is used by +many other functions signing ASN.1 structures such as X.509 certificates, +certificate requests, and CRLs, as well as OCSP, CMP, and CMS messages. =item "kat" (B) @@ -421,7 +426,8 @@ =head1 SEE ALSO -L +L, +L =head1 HISTORY @@ -429,7 +435,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy --- crypto/openssl/e_os.h.orig +++ crypto/openssl/e_os.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,272 +8,261 @@ */ #ifndef OSSL_E_OS_H -# define OSSL_E_OS_H +#define OSSL_E_OS_H -# include -# include +#include +#include -# include -# include -# include "internal/nelem.h" +#include +#include +#include "internal/nelem.h" /* * contains what we can justify to make visible to the * outside; this file e_os.h is not part of the exported interface. */ -# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) -# define NO_CHMOD -# define NO_SYSLOG -# endif +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) +#define NO_CHMOD +#define NO_SYSLOG +#endif -# define get_last_sys_error() errno -# define clear_sys_error() errno=0 -# define set_sys_error(e) errno=(e) +#define get_last_sys_error() errno +#define clear_sys_error() errno = 0 +#define set_sys_error(e) errno = (e) /******************************************************************** The Microsoft section ********************************************************************/ -# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) -# define WIN32 -# endif -# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) -# define WINDOWS -# endif -# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS) -# define MSDOS -# endif - -# ifdef WIN32 -# undef get_last_sys_error -# undef clear_sys_error -# undef set_sys_error -# define get_last_sys_error() GetLastError() -# define clear_sys_error() SetLastError(0) -# define set_sys_error(e) SetLastError(e) -# if !defined(WINNT) -# define WIN_CONSOLE_BUG -# endif -# else -# endif - -# if (defined(WINDOWS) || defined(MSDOS)) - -# ifdef __DJGPP__ -# include -# include -# define _setmode setmode -# define _O_TEXT O_TEXT -# define _O_BINARY O_BINARY -# undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */ -# undef DEVRANDOM -# define DEVRANDOM "/dev/urandom\x24" -# endif /* __DJGPP__ */ - -# ifndef S_IFDIR -# define S_IFDIR _S_IFDIR -# endif - -# ifndef S_IFMT -# define S_IFMT _S_IFMT -# endif - -# if !defined(WINNT) && !defined(__DJGPP__) -# define NO_SYSLOG -# endif - -# ifdef WINDOWS -# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) - /* - * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." - * Most notably we ought to check for availability of each specific - * routine that was introduced after denoted _WIN32_WINNT with - * GetProcAddress(). Normally newer functions are masked with higher - * _WIN32_WINNT in SDK headers. So that if you wish to use them in - * some module, you'd need to override _WIN32_WINNT definition in - * the target module in order to "reach for" prototypes, but replace - * calls to new functions with indirect calls. Alternatively it - * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs - * and check for current OS version instead. - */ -# define _WIN32_WINNT 0x0501 -# endif -# if defined(_WIN32_WINNT) || defined(_WIN32_WCE) - /* - * Just like defining _WIN32_WINNT including winsock2.h implies - * certain "discipline" for maintaining [broad] binary compatibility. - * As long as structures are invariant among Winsock versions, - * it's sufficient to check for specific Winsock2 API availability - * at run-time [DSO_global_lookup is recommended]... - */ -# include -# include - /* - * Clang-based C++Builder 10.3.3 toolchains cannot find C inline - * definitions at link-time. This header defines WspiapiLoad() as an - * __inline function. https://quality.embarcadero.com/browse/RSP-33806 - */ -# if !defined(__BORLANDC__) || !defined(__clang__) -# include -# endif - /* yes, they have to be #included prior to */ -# endif -# include -# include -# include -# include -# if defined(_WIN32_WCE) && !defined(EACCES) -# define EACCES 13 -# endif -# include -# ifdef _WIN64 -# define strlen(s) _strlen31(s) -/* cut strings to 2GB */ -static __inline unsigned int _strlen31(const char *str) -{ - unsigned int len = 0; - while (*str && len < 0x80000000U) - str++, len++; - return len & 0x7FFFFFFF; -} -# endif -# include -# if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) -# if _MSC_VER>=1300 && _MSC_VER<1600 -# undef stdin -# undef stdout -# undef stderr +#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) +#define WIN32 +#endif +#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) +#define WINDOWS +#endif +#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS) +#define MSDOS +#endif + +#ifdef WIN32 +#undef get_last_sys_error +#undef clear_sys_error +#undef set_sys_error +#define get_last_sys_error() GetLastError() +#define clear_sys_error() SetLastError(0) +#define set_sys_error(e) SetLastError(e) +#if !defined(WINNT) +#define WIN_CONSOLE_BUG +#endif +#else +#endif + +#if (defined(WINDOWS) || defined(MSDOS)) + +#ifdef __DJGPP__ +#include +#include +#define _setmode setmode +#define _O_TEXT O_TEXT +#define _O_BINARY O_BINARY +#undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */ +#undef DEVRANDOM +#define DEVRANDOM "/dev/urandom\x24" +#endif /* __DJGPP__ */ + +#ifndef S_IFDIR +#define S_IFDIR _S_IFDIR +#endif + +#ifndef S_IFMT +#define S_IFMT _S_IFMT +#endif + +#if !defined(WINNT) && !defined(__DJGPP__) +#define NO_SYSLOG +#endif + +#ifdef WINDOWS +#if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) +/* + * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." + * Most notably we ought to check for availability of each specific + * routine that was introduced after denoted _WIN32_WINNT with + * GetProcAddress(). Normally newer functions are masked with higher + * _WIN32_WINNT in SDK headers. So that if you wish to use them in + * some module, you'd need to override _WIN32_WINNT definition in + * the target module in order to "reach for" prototypes, but replace + * calls to new functions with indirect calls. Alternatively it + * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs + * and check for current OS version instead. + */ +#define _WIN32_WINNT 0x0501 +#endif +#if defined(_WIN32_WINNT) || defined(_WIN32_WCE) +/* + * Just like defining _WIN32_WINNT including winsock2.h implies + * certain "discipline" for maintaining [broad] binary compatibility. + * As long as structures are invariant among Winsock versions, + * it's sufficient to check for specific Winsock2 API availability + * at run-time [DSO_global_lookup is recommended]... + */ +#include +#include +/* + * Clang-based C++Builder 10.3.3 toolchains cannot find C inline + * definitions at link-time. This header defines WspiapiLoad() as an + * __inline function. https://quality.embarcadero.com/browse/RSP-33806 + */ +#if !defined(__BORLANDC__) || !defined(__clang__) +#include +#endif +/* yes, they have to be #included prior to */ +#endif +#include +#include +#include +#include +#if defined(_WIN32_WCE) && !defined(EACCES) +#define EACCES 13 +#endif +#include +#include +#if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) +#if _MSC_VER >= 1300 && _MSC_VER < 1600 +#undef stdin +#undef stdout +#undef stderr FILE *__iob_func(); -# define stdin (&__iob_func()[0]) -# define stdout (&__iob_func()[1]) -# define stderr (&__iob_func()[2]) -# endif -# endif -# endif -# include -# include - -# ifdef OPENSSL_SYS_WINCE -# define OPENSSL_NO_POSIX_IO -# endif - -# define EXIT(n) exit(n) -# define LIST_SEPARATOR_CHAR ';' -# ifndef W_OK -# define W_OK 2 -# endif -# ifndef R_OK -# define R_OK 4 -# endif -# ifdef OPENSSL_SYS_WINCE -# define DEFAULT_HOME "" -# else -# define DEFAULT_HOME "C:" -# endif +#define stdin (&__iob_func()[0]) +#define stdout (&__iob_func()[1]) +#define stderr (&__iob_func()[2]) +#endif +#endif +#endif +#include +#include + +#ifdef OPENSSL_SYS_WINCE +#define OPENSSL_NO_POSIX_IO +#endif + +#define EXIT(n) exit(n) +#define LIST_SEPARATOR_CHAR ';' +#ifndef W_OK +#define W_OK 2 +#endif +#ifndef R_OK +#define R_OK 4 +#endif +#ifdef OPENSSL_SYS_WINCE +#define DEFAULT_HOME "" +#else +#define DEFAULT_HOME "C:" +#endif /* Avoid Visual Studio 13 GetVersion deprecated problems */ -# if defined(_MSC_VER) && _MSC_VER>=1800 -# define check_winnt() (1) -# define check_win_minplat(x) (1) -# else -# define check_winnt() (GetVersion() < 0x80000000) -# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) -# endif - -# else /* The non-microsoft world */ - -# if defined(OPENSSL_SYS_VXWORKS) -# include -# else -# include -# endif - -# ifdef OPENSSL_SYS_VMS -# define VMS 1 - /* - * some programs don't include stdlib, so exit() and others give implicit - * function warnings - */ -# include -# if defined(__DECC) -# include -# else -# include -# endif -# define LIST_SEPARATOR_CHAR ',' - /* We don't have any well-defined random devices on VMS, yet... */ -# undef DEVRANDOM - /*- - We need to do this since VMS has the following coding on status codes: - - Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ... - The important thing to know is that odd numbers are considered - good, while even ones are considered errors. - Bits 3-15: actual status number - Bits 16-27: facility number. 0 is considered "unknown" - Bits 28-31: control bits. If bit 28 is set, the shell won't try to - output the message (which, for random codes, just looks ugly) - - So, what we do here is to change 0 to 1 to get the default success status, - and everything else is shifted up to fit into the status number field, and - the status is tagged as an error, which is what is wanted here. - - Finally, we add the VMS C facility code 0x35a000, because there are some - programs, such as Perl, that will reinterpret the code back to something - POSIX. 'man perlvms' explains it further. - - NOTE: the perlvms manual wants to turn all codes 2 to 255 into success - codes (status type = 1). I couldn't disagree more. Fortunately, the - status type doesn't seem to bother Perl. - -- Richard Levitte - */ -# define EXIT(n) exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1) - -# define DEFAULT_HOME "SYS$LOGIN:" - -# else - /* !defined VMS */ -# include -# include -# ifdef OPENSSL_SYS_WIN32_CYGWIN -# include -# include -# endif - -# define LIST_SEPARATOR_CHAR ':' -# define EXIT(n) exit(n) -# endif - -# endif +#if defined(_MSC_VER) && _MSC_VER >= 1800 +#define check_winnt() (1) +#define check_win_minplat(x) (1) +#else +#define check_winnt() (GetVersion() < 0x80000000) +#define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) +#endif + +#else /* The non-microsoft world */ + +#if defined(OPENSSL_SYS_VXWORKS) +#include +#else +#include +#endif + +#ifdef OPENSSL_SYS_VMS +#define VMS 1 +/* + * some programs don't include stdlib, so exit() and others give implicit + * function warnings + */ +#include +#if defined(__DECC) +#include +#else +#include +#endif +#define LIST_SEPARATOR_CHAR ',' +/* We don't have any well-defined random devices on VMS, yet... */ +#undef DEVRANDOM +/*- + We need to do this since VMS has the following coding on status codes: + + Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ... + The important thing to know is that odd numbers are considered + good, while even ones are considered errors. + Bits 3-15: actual status number + Bits 16-27: facility number. 0 is considered "unknown" + Bits 28-31: control bits. If bit 28 is set, the shell won't try to + output the message (which, for random codes, just looks ugly) + + So, what we do here is to change 0 to 1 to get the default success status, + and everything else is shifted up to fit into the status number field, and + the status is tagged as an error, which is what is wanted here. + + Finally, we add the VMS C facility code 0x35a000, because there are some + programs, such as Perl, that will reinterpret the code back to something + POSIX. 'man perlvms' explains it further. + + NOTE: the perlvms manual wants to turn all codes 2 to 255 into success + codes (status type = 1). I couldn't disagree more. Fortunately, the + status type doesn't seem to bother Perl. + -- Richard Levitte +*/ +#define EXIT(n) exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1) + +#define DEFAULT_HOME "SYS$LOGIN:" + +#else +/* !defined VMS */ +#include +#include +#ifdef OPENSSL_SYS_WIN32_CYGWIN +#include +#include +#endif + +#define LIST_SEPARATOR_CHAR ':' +#define EXIT(n) exit(n) +#endif + +#endif /***********************************************/ -# if defined(OPENSSL_SYS_WINDOWS) -# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) -# define open _open -# define fdopen _fdopen -# define close _close -# ifndef strdup -# define strdup _strdup -# endif -# define unlink _unlink -# define fileno _fileno -# endif -# else -# include -# endif +#if defined(OPENSSL_SYS_WINDOWS) +#if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) +#define open _open +#define fdopen _fdopen +#define close _close +#ifndef strdup +#define strdup _strdup +#endif +#define unlink _unlink +#define fileno _fileno +#endif +#else +#include +#endif /* vxworks */ -# if defined(OPENSSL_SYS_VXWORKS) -# include -# include -# include -# include -# include -# include +#if defined(OPENSSL_SYS_VXWORKS) +#include +#include +#include +#include +#include +#include -# define TTY_STRUCT int -# define sleep(a) taskDelay((a) * sysClkRateGet()) +#define TTY_STRUCT int +#define sleep(a) taskDelay((a) * sysClkRateGet()) /* * NOTE: these are implemented by helpers in database app! if the database is @@ -283,35 +272,35 @@ struct hostent *gethostbyaddr(const char *addr, int length, int type); struct servent *getservbyname(const char *name, const char *proto); -# endif +#endif /* end vxworks */ /* system-specific variants defining ossl_sleep() */ #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) -# include +#include static ossl_inline void ossl_sleep(unsigned long millis) { -# ifdef OPENSSL_SYS_VXWORKS +#ifdef OPENSSL_SYS_VXWORKS struct timespec ts; - ts.tv_sec = (long int) (millis / 1000); - ts.tv_nsec = (long int) (millis % 1000) * 1000000ul; + ts.tv_sec = (long int)(millis / 1000); + ts.tv_nsec = (long int)(millis % 1000) * 1000000ul; nanosleep(&ts, NULL); -# elif defined(__TANDEM) && !defined(_REENTRANT) -# include +#elif defined(__TANDEM) && !defined(_REENTRANT) +#include /* HPNS does not support usleep for non threaded apps */ PROCESS_DELAY_(millis * 1000); -# else +#else unsigned int s = (unsigned int)(millis / 1000); unsigned int us = (unsigned int)((millis % 1000) * 1000); if (s > 0) sleep(s); usleep(us); -# endif +#endif } #elif defined(_WIN32) -# include +#include static ossl_inline void ossl_sleep(unsigned long millis) { Sleep(millis); @@ -327,56 +316,57 @@ do { gettimeofday(&now, NULL); elapsedms = (((now.tv_sec - start.tv_sec) * 1000000) - + now.tv_usec - start.tv_usec) / 1000; + + now.tv_usec - start.tv_usec) + / 1000; } while (elapsedms < millis); } #endif /* defined OPENSSL_SYS_UNIX */ /* ----------------------------- HP NonStop -------------------------------- */ /* Required to support platform variant without getpid() and pid_t. */ -# if defined(__TANDEM) && defined(_GUARDIAN_TARGET) -# include -# include -# define getservbyname(name,proto) getservbyname((char*)name,proto) -# define gethostbyname(name) gethostbyname((char*)name) -# define ioctlsocket(a,b,c) ioctl(a,b,c) -# ifdef NO_GETPID +#if defined(__TANDEM) && defined(_GUARDIAN_TARGET) +#include +#include +#define getservbyname(name, proto) getservbyname((char *)name, proto) +#define gethostbyname(name) gethostbyname((char *)name) +#define ioctlsocket(a, b, c) ioctl(a, b, c) +#ifdef NO_GETPID inline int nssgetpid(); -# ifndef NSSGETPID_MACRO -# define NSSGETPID_MACRO -# include -# include - inline int nssgetpid() - { - short phandle[10]={0}; - union pseudo_pid { - struct { - short cpu; - short pin; - } cpu_pin ; - int ppid; - } ppid = { 0 }; - PROCESSHANDLE_GETMINE_(phandle); - PROCESSHANDLE_DECOMPOSE_(phandle, &ppid.cpu_pin.cpu, &ppid.cpu_pin.pin); - return ppid.ppid; - } -# define getpid(a) nssgetpid(a) -# endif /* NSSGETPID_MACRO */ -# endif /* NO_GETPID */ +#ifndef NSSGETPID_MACRO +#define NSSGETPID_MACRO +#include +#include +inline int nssgetpid() +{ + short phandle[10] = { 0 }; + union pseudo_pid { + struct { + short cpu; + short pin; + } cpu_pin; + int ppid; + } ppid = { 0 }; + PROCESSHANDLE_GETMINE_(phandle); + PROCESSHANDLE_DECOMPOSE_(phandle, &ppid.cpu_pin.cpu, &ppid.cpu_pin.pin); + return ppid.ppid; +} +#define getpid(a) nssgetpid(a) +#endif /* NSSGETPID_MACRO */ +#endif /* NO_GETPID */ /*# define setsockopt(a,b,c,d,f) setsockopt(a,b,c,(char*)d,f)*/ /*# define getsockopt(a,b,c,d,f) getsockopt(a,b,c,(char*)d,f)*/ /*# define connect(a,b,c) connect(a,(struct sockaddr *)b,c)*/ /*# define bind(a,b,c) bind(a,(struct sockaddr *)b,c)*/ /*# define sendto(a,b,c,d,e,f) sendto(a,(char*)b,c,d,(struct sockaddr *)e,f)*/ -# if defined(OPENSSL_THREADS) && !defined(_PUT_MODEL_) - /* - * HPNS SPT threads - */ -# define SPT_THREAD_SIGNAL 1 -# define SPT_THREAD_AWARE 1 -# include -# undef close -# define close spt_close +#if defined(OPENSSL_THREADS) && !defined(_PUT_MODEL_) +/* + * HPNS SPT threads + */ +#define SPT_THREAD_SIGNAL 1 +#define SPT_THREAD_AWARE 1 +#include +#undef close +#define close spt_close /* # define get_last_socket_error() errno # define clear_socket_error() errno=0 @@ -385,27 +375,27 @@ # define readsocket(s,b,n) read((s),(char*)(b),(n)) # define writesocket(s,b,n) write((s),(char*)(b),(n) */ -# define accept(a,b,c) accept(a,(struct sockaddr *)b,c) -# define recvfrom(a,b,c,d,e,f) recvfrom(a,b,(socklen_t)c,d,e,f) -# endif -# endif - -# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -# define CRYPTO_memcmp memcmp -# endif - -# ifndef OPENSSL_NO_SECURE_MEMORY - /* unistd.h defines _POSIX_VERSION */ -# if (defined(OPENSSL_SYS_UNIX) \ - && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ - || defined(__sun) || defined(__hpux) || defined(__sgi) \ - || defined(__osf__) )) \ - || defined(_WIN32) - /* secure memory is implemented */ -# else -# define OPENSSL_NO_SECURE_MEMORY -# endif -# endif +#define accept(a, b, c) accept(a, (struct sockaddr *)b, c) +#define recvfrom(a, b, c, d, e, f) recvfrom(a, b, (socklen_t)c, d, e, f) +#endif +#endif + +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +#define CRYPTO_memcmp memcmp +#endif + +#ifndef OPENSSL_NO_SECURE_MEMORY +/* unistd.h defines _POSIX_VERSION */ +#if (defined(OPENSSL_SYS_UNIX) \ + && ((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ + || defined(__sun) || defined(__hpux) || defined(__sgi) \ + || defined(__osf__))) \ + || defined(_WIN32) +/* secure memory is implemented */ +#else +#define OPENSSL_NO_SECURE_MEMORY +#endif +#endif /* * str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly @@ -413,18 +403,18 @@ * There are also equivalent functions on Windows. * There is no locale_t on NONSTOP. */ -# if defined(OPENSSL_SYS_WINDOWS) -# define locale_t _locale_t -# define freelocale _free_locale -# define strcasecmp_l _stricmp_l -# define strncasecmp_l _strnicmp_l -# define strcasecmp _stricmp -# define strncasecmp _strnicmp -# elif !defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE < 200809L \ - || defined(OPENSSL_SYS_TANDEM) -# ifndef OPENSSL_NO_LOCALE -# define OPENSSL_NO_LOCALE -# endif -# endif +#if defined(OPENSSL_SYS_WINDOWS) +#define locale_t _locale_t +#define freelocale _free_locale +#define strcasecmp_l _stricmp_l +#define strncasecmp_l _strnicmp_l +#define strcasecmp _stricmp +#define strncasecmp _strnicmp +#elif !defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE < 200809L \ + || defined(OPENSSL_SYS_TANDEM) +#ifndef OPENSSL_NO_LOCALE +#define OPENSSL_NO_LOCALE +#endif +#endif #endif --- crypto/openssl/engines/e_afalg.c.orig +++ crypto/openssl/engines/e_afalg.c @@ -12,7 +12,7 @@ /* Required for vmsplice */ #ifndef _GNU_SOURCE -# define _GNU_SOURCE +#define _GNU_SOURCE #endif #include #include @@ -25,68 +25,69 @@ #include #include -#define K_MAJ 4 -#define K_MIN1 1 -#define K_MIN2 0 -#if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || \ - !defined(AF_ALG) -# ifndef PEDANTIC -# warning "AFALG ENGINE requires Kernel Headers >= 4.1.0" -# warning "Skipping Compilation of AFALG engine" -# endif +#define K_MAJ 4 +#define K_MIN1 1 +#define K_MIN2 0 +#if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || !defined(AF_ALG) +#ifndef PEDANTIC +#warning "AFALG ENGINE requires Kernel Headers >= 4.1.0" +#warning "Skipping Compilation of AFALG engine" +#endif void engine_load_afalg_int(void); void engine_load_afalg_int(void) { } #else -# include -# include -# include +#include +#include +#include -# include -# include -# include +#include +#include +#include +/* clang-format off */ # include "e_afalg.h" # include "e_afalg_err.c" +/* clang-format on */ -# ifndef SOL_ALG -# define SOL_ALG 279 -# endif +#ifndef SOL_ALG +#define SOL_ALG 279 +#endif -# ifdef ALG_ZERO_COPY -# ifndef SPLICE_F_GIFT -# define SPLICE_F_GIFT (0x08) -# endif -# endif +#ifdef ALG_ZERO_COPY +#ifndef SPLICE_F_GIFT +#define SPLICE_F_GIFT (0x08) +#endif +#endif -# define ALG_AES_IV_LEN 16 -# define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len)) -# define ALG_OP_TYPE unsigned int -# define ALG_OP_LEN (sizeof(ALG_OP_TYPE)) +#define ALG_AES_IV_LEN 16 +#define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len)) +#define ALG_OP_TYPE unsigned int +#define ALG_OP_LEN (sizeof(ALG_OP_TYPE)) -# ifdef OPENSSL_NO_DYNAMIC_ENGINE +#ifdef OPENSSL_NO_DYNAMIC_ENGINE void engine_load_afalg_int(void); -# endif +#endif /* Local Linkage Functions */ static int afalg_init_aio(afalg_aio *aio); static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd, - unsigned char *buf, size_t len); + unsigned char *buf, size_t len); static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, - const char *ciphername); + const char *ciphername); static int afalg_destroy(ENGINE *e); static int afalg_init(ENGINE *e); static int afalg_finish(ENGINE *e); static const EVP_CIPHER *afalg_aes_cbc(int nid); static cbc_handles *get_cipher_handle(int nid); static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); + const int **nids, int nid); static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx); static int afalg_chk_platform(void); @@ -100,9 +101,9 @@ NID_aes_256_cbc, }; -static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL}, - {AES_KEY_SIZE_192, NULL}, - {AES_KEY_SIZE_256, NULL}}; +static cbc_handles cbc_handle[] = { { AES_KEY_SIZE_128, NULL }, + { AES_KEY_SIZE_192, NULL }, + { AES_KEY_SIZE_256, NULL } }; static ossl_inline int io_setup(unsigned n, aio_context_t *ctx) { @@ -125,21 +126,20 @@ } /* A version of 'struct timespec' with 32-bit time_t and nanoseconds. */ -struct __timespec32 -{ - __kernel_long_t tv_sec; - __kernel_long_t tv_nsec; +struct __timespec32 { + __kernel_long_t tv_sec; + __kernel_long_t tv_nsec; }; static ossl_inline int io_getevents(aio_context_t ctx, long min, long max, - struct io_event *events, - struct timespec *timeout) + struct io_event *events, + struct timespec *timeout) { #if defined(__NR_io_pgetevents_time64) /* Check if we are a 32-bit architecture with a 64-bit time_t */ if (sizeof(*timeout) != sizeof(struct __timespec32)) { int ret = syscall(__NR_io_pgetevents_time64, ctx, min, max, events, - timeout, NULL); + timeout, NULL); if (ret == 0 || errno != ENOSYS) return ret; } @@ -162,8 +162,8 @@ if (timeout && timeout->tv_sec == (long)timeout->tv_sec) { struct __timespec32 ts32; - ts32.tv_sec = (__kernel_long_t) timeout->tv_sec; - ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec; + ts32.tv_sec = (__kernel_long_t)timeout->tv_sec; + ts32.tv_nsec = (__kernel_long_t)timeout->tv_nsec; return syscall(__NR_io_getevents, ctx, min, max, events, &ts32); } else { @@ -177,7 +177,7 @@ } static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD waitfd, void *custom) + OSSL_ASYNC_FD waitfd, void *custom) { close(waitfd); } @@ -198,7 +198,7 @@ } /* Get waitfd from ASYNC_WAIT_CTX if it is already set */ ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id, - &aio->efd, &custom); + &aio->efd, &custom); if (ret == 0) { /* * waitfd is not set in ASYNC_WAIT_CTX, create a new one @@ -207,14 +207,14 @@ aio->efd = eventfd(0); if (aio->efd == -1) { ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, - __LINE__); + __LINE__); AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, - AFALG_R_EVENTFD_FAILED); + AFALG_R_EVENTFD_FAILED); return 0; } ret = ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id, - aio->efd, custom, - afalg_waitfd_cleanup); + aio->efd, custom, + afalg_waitfd_cleanup); if (ret == 0) { ALG_WARN("%s(%d): Failed to set wait fd", __FILE__, __LINE__); close(aio->efd); @@ -223,7 +223,7 @@ /* make fd non-blocking in async mode */ if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) { ALG_WARN("%s(%d): Failed to set event fd as NONBLOCKING", - __FILE__, __LINE__); + __FILE__, __LINE__); } } aio->mode = MODE_ASYNC; @@ -233,7 +233,7 @@ if (aio->efd == -1) { ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, - AFALG_R_EVENTFD_FAILED); + AFALG_R_EVENTFD_FAILED); return 0; } aio->mode = MODE_SYNC; @@ -262,7 +262,7 @@ } static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, - size_t len) + size_t len) { int r; int retry = 0; @@ -320,7 +320,7 @@ return 0; } else if (r == 0 || eval <= 0) { ALG_WARN("%s(%d): eventfd read %d bytes, eval = %lu\n", __FILE__, - __LINE__, r, eval); + __LINE__, r, eval); } if (eval > 0) { @@ -335,7 +335,7 @@ /* Get results of AIO read */ r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS, - events, &timeout); + events, &timeout); if (r > 0) { /* * events.res indicates the actual status of the operation. @@ -350,7 +350,7 @@ r = io_read(aio->aio_ctx, 1, &cb); if (r < 0) { ALG_PERR("%s(%d): retry %d for io_read failed : ", - __FILE__, __LINE__, retry); + __FILE__, __LINE__, retry); return 0; } continue; @@ -359,9 +359,8 @@ * Retries exceed for -EBUSY or unrecoverable error * condition for this instance of operation. */ - ALG_WARN - ("%s(%d): Crypto Operation failed with code %lld\n", - __FILE__, __LINE__, events[0].res); + ALG_WARN("%s(%d): Crypto Operation failed with code %lld\n", + __FILE__, __LINE__, events[0].res); return 0; } } @@ -372,7 +371,7 @@ return 0; } else { ALG_WARN("%s(%d): io_geteventd read 0 bytes\n", __FILE__, - __LINE__); + __LINE__); } } } while (!done); @@ -381,7 +380,7 @@ } static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg, - const ALG_OP_TYPE op) + const ALG_OP_TYPE op) { cmsg->cmsg_level = SOL_ALG; cmsg->cmsg_type = ALG_SET_OP; @@ -390,7 +389,7 @@ } static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv, - const unsigned int len) + const unsigned int len) { struct af_alg_iv *aiv; @@ -403,7 +402,7 @@ } static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key, - const int klen) + const int klen) { int ret; ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen); @@ -416,7 +415,7 @@ } static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, - const char *ciphername) + const char *ciphername) { struct sockaddr_alg sa; int r = -1; @@ -425,8 +424,8 @@ memset(&sa, 0, sizeof(sa)); sa.salg_family = AF_ALG; - OPENSSL_strlcpy((char *) sa.salg_type, ciphertype, sizeof(sa.salg_type)); - OPENSSL_strlcpy((char *) sa.salg_name, ciphername, sizeof(sa.salg_name)); + OPENSSL_strlcpy((char *)sa.salg_type, ciphertype, sizeof(sa.salg_type)); + OPENSSL_strlcpy((char *)sa.salg_name, ciphername, sizeof(sa.salg_name)); actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (actx->bfd == -1) { @@ -451,7 +450,7 @@ return 1; - err: +err: if (actx->bfd >= 0) close(actx->bfd); if (actx->sfd >= 0) @@ -461,16 +460,16 @@ } static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, - size_t inl, const unsigned char *iv, - unsigned int enc) + size_t inl, const unsigned char *iv, + unsigned int enc) { struct msghdr msg; struct cmsghdr *cmsg; struct iovec iov; ssize_t sbytes; -# ifdef ALG_ZERO_COPY +#ifdef ALG_ZERO_COPY int ret; -# endif +#endif char cbuf[CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + CMSG_SPACE(ALG_OP_LEN)]; memset(&msg, 0, sizeof(msg)); @@ -493,7 +492,7 @@ msg.msg_flags = MSG_MORE; -# ifdef ALG_ZERO_COPY +#ifdef ALG_ZERO_COPY /* * ZERO_COPY mode * Works best when buffer is 4k aligned @@ -508,7 +507,7 @@ sbytes = sendmsg(actx->sfd, &msg, 0); if (sbytes < 0) { ALG_PERR("%s(%d): sendmsg failed for zero copy cipher operation : ", - __FILE__, __LINE__); + __FILE__, __LINE__); return 0; } @@ -527,7 +526,7 @@ ALG_PERR("%s(%d): splice failed : ", __FILE__, __LINE__); return 0; } -# else +#else msg.msg_iovlen = 1; msg.msg_iov = &iov; @@ -535,22 +534,22 @@ sbytes = sendmsg(actx->sfd, &msg, 0); if (sbytes < 0) { ALG_PERR("%s(%d): sendmsg failed for cipher operation : ", __FILE__, - __LINE__); + __LINE__); return 0; } - if (sbytes != (ssize_t) inl) { + if (sbytes != (ssize_t)inl) { ALG_WARN("Cipher operation send bytes %zd != inlen %zd\n", sbytes, - inl); + inl); return 0; } -# endif +#endif return 1; } static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { int ciphertype; int ret, len; @@ -582,13 +581,13 @@ break; default: ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__, - ciphertype); + ciphertype); return 0; } if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_get_iv_length(ctx)) { ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__, - EVP_CIPHER_CTX_get_iv_length(ctx)); + EVP_CIPHER_CTX_get_iv_length(ctx)); return 0; } @@ -607,9 +606,9 @@ if (afalg_init_aio(&actx->aio) == 0) goto err; -# ifdef ALG_ZERO_COPY +#ifdef ALG_ZERO_COPY pipe(actx->zc_pipe); -# endif +#endif actx->init_done = MAGIC_INIT_NUM; @@ -622,7 +621,7 @@ } static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { afalg_ctx *actx; int ret; @@ -630,14 +629,14 @@ if (ctx == NULL || out == NULL || in == NULL) { ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__, - __LINE__); + __LINE__); return 0; } - actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); + actx = (afalg_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) { ALG_WARN("%s afalg ctx passed\n", - ctx == NULL ? "NULL" : "Uninitialised"); + ctx == NULL ? "NULL" : "Uninitialised"); return 0; } @@ -651,8 +650,8 @@ /* Send input data to kernel space */ ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl, - EVP_CIPHER_CTX_iv(ctx), - EVP_CIPHER_CTX_is_encrypting(ctx)); + EVP_CIPHER_CTX_iv(ctx), + EVP_CIPHER_CTX_is_encrypting(ctx)); if (ret < 1) { return 0; } @@ -664,7 +663,7 @@ if (EVP_CIPHER_CTX_is_encrypting(ctx)) { memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN), - ALG_AES_IV_LEN); + ALG_AES_IV_LEN); } else { memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), nxtiv, ALG_AES_IV_LEN); } @@ -678,20 +677,20 @@ if (ctx == NULL) { ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__, - __LINE__); + __LINE__); return 0; } - actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); + actx = (afalg_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) return 1; close(actx->sfd); close(actx->bfd); -# ifdef ALG_ZERO_COPY +#ifdef ALG_ZERO_COPY close(actx->zc_pipe[0]); close(actx->zc_pipe[1]); -# endif +#endif /* close efd in sync mode, async mode is closed in afalg_waitfd_cleanup() */ if (actx->aio.mode == MODE_SYNC) close(actx->aio.efd); @@ -719,33 +718,32 @@ cbc_handles *cipher_handle = get_cipher_handle(nid); if (cipher_handle == NULL) - return NULL; + return NULL; if (cipher_handle->_hidden == NULL - && ((cipher_handle->_hidden = - EVP_CIPHER_meth_new(nid, - AES_BLOCK_SIZE, - cipher_handle->key_size)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden, - AES_IV_LEN) - || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden, - EVP_CIPH_CBC_MODE | - EVP_CIPH_FLAG_DEFAULT_ASN1) - || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden, - afalg_cipher_init) - || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden, - afalg_do_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden, - afalg_cipher_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden, - sizeof(afalg_ctx)))) { + && ((cipher_handle->_hidden = EVP_CIPHER_meth_new(nid, + AES_BLOCK_SIZE, + cipher_handle->key_size)) + == NULL + || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden, + AES_IV_LEN) + || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1) + || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden, + afalg_cipher_init) + || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden, + afalg_do_cipher) + || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden, + afalg_cipher_cleanup) + || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden, + sizeof(afalg_ctx)))) { EVP_CIPHER_meth_free(cipher_handle->_hidden); - cipher_handle->_hidden= NULL; + cipher_handle->_hidden = NULL; } return cipher_handle->_hidden; } static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) + const int **nids, int nid) { int r = 1; @@ -787,7 +785,7 @@ * now, as bind_aflag can only be called by one thread at a * time. */ - for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) { + for (i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) { if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) { AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED); return 0; @@ -802,7 +800,7 @@ return 1; } -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +#ifndef OPENSSL_NO_DYNAMIC_ENGINE static int bind_helper(ENGINE *e, const char *id) { if (id && (strcmp(id, engine_afalg_id) != 0)) @@ -819,8 +817,8 @@ } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -# endif +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +#endif static int afalg_chk_platform(void) { @@ -834,7 +832,7 @@ ret = uname(&ut); if (ret != 0) { AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, - AFALG_R_FAILED_TO_GET_PLATFORM_INFO); + AFALG_R_FAILED_TO_GET_PLATFORM_INFO); return 0; } @@ -847,11 +845,11 @@ if (KERNEL_VERSION(kver[0], kver[1], kver[2]) < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) { ALG_ERR("ASYNC AFALG not supported this kernel(%d.%d.%d)\n", - kver[0], kver[1], kver[2]); + kver[0], kver[1], kver[2]); ALG_ERR("ASYNC AFALG requires kernel version %d.%d.%d or later\n", - K_MAJ, K_MIN1, K_MIN2); + K_MAJ, K_MIN1, K_MIN2); AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, - AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG); + AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG); return 0; } @@ -866,7 +864,7 @@ return 1; } -# ifdef OPENSSL_NO_DYNAMIC_ENGINE +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_afalg(void) { ENGINE *ret = ENGINE_new(); @@ -903,7 +901,7 @@ */ ERR_pop_to_mark(); } -# endif +#endif static int afalg_init(ENGINE *e) { @@ -918,7 +916,7 @@ static int free_cbc(void) { short unsigned int i; - for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) { + for (i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) { EVP_CIPHER_meth_free(cbc_handle[i]._hidden); cbc_handle[i]._hidden = NULL; } @@ -932,4 +930,4 @@ return 1; } -#endif /* KERNEL VERSION */ +#endif /* KERNEL VERSION */ --- crypto/openssl/engines/e_afalg.h.orig +++ crypto/openssl/engines/e_afalg.h @@ -8,44 +8,43 @@ */ #ifndef OSSL_ENGINES_E_AFALG_H -# define OSSL_ENGINES_E_AFALG_H +#define OSSL_ENGINES_E_AFALG_H -# if defined(__GNUC__) && __GNUC__ >= 4 && \ - (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) -# pragma GCC diagnostic ignored "-Wvariadic-macros" -# endif +#if defined(__GNUC__) && __GNUC__ >= 4 && (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) +#pragma GCC diagnostic ignored "-Wvariadic-macros" +#endif -# ifdef ALG_DEBUG -# define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__) -# define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__) -# define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__) -# else -# define ALG_DGB(x, ...) -# define ALG_INFO(x, ...) -# define ALG_WARN(x, ...) -# endif +#ifdef ALG_DEBUG +#define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__) +#define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__) +#define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__) +#else +#define ALG_DGB(x, ...) +#define ALG_INFO(x, ...) +#define ALG_WARN(x, ...) +#endif -# define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__) -# define ALG_PERR(x, ...) \ - do { \ - fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \ - perror(NULL); \ - } while(0) -# define ALG_PWARN(x, ...) \ - do { \ - fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \ - perror(NULL); \ - } while(0) +#define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__) +#define ALG_PERR(x, ...) \ + do { \ + fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \ + perror(NULL); \ + } while (0) +#define ALG_PWARN(x, ...) \ + do { \ + fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \ + perror(NULL); \ + } while (0) -# ifndef AES_BLOCK_SIZE -# define AES_BLOCK_SIZE 16 -# endif -# define AES_KEY_SIZE_128 16 -# define AES_KEY_SIZE_192 24 -# define AES_KEY_SIZE_256 32 -# define AES_IV_LEN 16 +#ifndef AES_BLOCK_SIZE +#define AES_BLOCK_SIZE 16 +#endif +#define AES_KEY_SIZE_128 16 +#define AES_KEY_SIZE_192 24 +#define AES_KEY_SIZE_256 32 +#define AES_IV_LEN 16 -# define MAX_INFLIGHTS 1 +#define MAX_INFLIGHTS 1 typedef enum { MODE_UNINIT = 0, @@ -79,15 +78,15 @@ * MAGIC Number to identify correct initialisation * of afalg_ctx. */ -# define MAGIC_INIT_NUM 0x1890671 +#define MAGIC_INIT_NUM 0x1890671 struct afalg_ctx_st { int init_done; int sfd; int bfd; -# ifdef ALG_ZERO_COPY +#ifdef ALG_ZERO_COPY int zc_pipe[2]; -# endif +#endif afalg_aio aio; }; --- crypto/openssl/engines/e_afalg_err.c.orig +++ crypto/openssl/engines/e_afalg_err.c @@ -14,23 +14,23 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA AFALG_str_reasons[] = { - {ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed"}, - {ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO), - "failed to get platform info"}, - {ERR_PACK(0, 0, AFALG_R_INIT_FAILED), "init failed"}, - {ERR_PACK(0, 0, AFALG_R_IO_SETUP_FAILED), "io setup failed"}, - {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG), - "kernel does not support afalg"}, - {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG), - "kernel does not support async afalg"}, - {ERR_PACK(0, 0, AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"}, - {ERR_PACK(0, 0, AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"}, - {ERR_PACK(0, 0, AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"}, - {ERR_PACK(0, 0, AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"}, - {ERR_PACK(0, 0, AFALG_R_SOCKET_OPERATION_FAILED), - "socket operation failed"}, - {ERR_PACK(0, 0, AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"}, - {0, NULL} + { ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed" }, + { ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO), + "failed to get platform info" }, + { ERR_PACK(0, 0, AFALG_R_INIT_FAILED), "init failed" }, + { ERR_PACK(0, 0, AFALG_R_IO_SETUP_FAILED), "io setup failed" }, + { ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG), + "kernel does not support afalg" }, + { ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG), + "kernel does not support async afalg" }, + { ERR_PACK(0, 0, AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed" }, + { ERR_PACK(0, 0, AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed" }, + { ERR_PACK(0, 0, AFALG_R_SOCKET_BIND_FAILED), "socket bind failed" }, + { ERR_PACK(0, 0, AFALG_R_SOCKET_CREATE_FAILED), "socket create failed" }, + { ERR_PACK(0, 0, AFALG_R_SOCKET_OPERATION_FAILED), + "socket operation failed" }, + { ERR_PACK(0, 0, AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed" }, + { 0, NULL } }; #endif --- crypto/openssl/engines/e_afalg_err.h.orig +++ crypto/openssl/engines/e_afalg_err.h @@ -9,30 +9,28 @@ */ #ifndef OSSL_E_AFALG_ERR_H -# define OSSL_E_AFALG_ERR_H -# pragma once +#define OSSL_E_AFALG_ERR_H +#pragma once -# include -# include - - -# define AFALGerr(f, r) ERR_AFALG_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) +#include +#include +#define AFALGerr(f, r) ERR_AFALG_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * AFALG reason codes. */ -# define AFALG_R_EVENTFD_FAILED 108 -# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO 111 -# define AFALG_R_INIT_FAILED 100 -# define AFALG_R_IO_SETUP_FAILED 105 -# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101 -# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107 -# define AFALG_R_MEM_ALLOC_FAILED 102 -# define AFALG_R_SOCKET_ACCEPT_FAILED 110 -# define AFALG_R_SOCKET_BIND_FAILED 103 -# define AFALG_R_SOCKET_CREATE_FAILED 109 -# define AFALG_R_SOCKET_OPERATION_FAILED 104 -# define AFALG_R_SOCKET_SET_KEY_FAILED 106 +#define AFALG_R_EVENTFD_FAILED 108 +#define AFALG_R_FAILED_TO_GET_PLATFORM_INFO 111 +#define AFALG_R_INIT_FAILED 100 +#define AFALG_R_IO_SETUP_FAILED 105 +#define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101 +#define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107 +#define AFALG_R_MEM_ALLOC_FAILED 102 +#define AFALG_R_SOCKET_ACCEPT_FAILED 110 +#define AFALG_R_SOCKET_BIND_FAILED 103 +#define AFALG_R_SOCKET_CREATE_FAILED 109 +#define AFALG_R_SOCKET_OPERATION_FAILED 104 +#define AFALG_R_SOCKET_SET_KEY_FAILED 106 #endif --- crypto/openssl/engines/e_capi.c.orig +++ crypto/openssl/engines/e_capi.c @@ -11,28 +11,28 @@ #define OPENSSL_SUPPRESS_DEPRECATED #ifdef _WIN32 -# ifndef _WIN32_WINNT -# define _WIN32_WINNT 0x0400 -# endif -# include -# include - -# include -# include -# include -# include -# ifndef alloca -# define alloca _alloca -# endif +#ifndef _WIN32_WINNT +#define _WIN32_WINNT 0x0400 +#endif +#include +#include + +#include +#include +#include +#include +#ifndef alloca +#define alloca _alloca +#endif -# include +#include -# ifndef OPENSSL_NO_CAPIENG +#ifndef OPENSSL_NO_CAPIENG -# include -# include -# include -# include +#include +#include +#include +#include /* * This module uses several "new" interfaces, among which is @@ -46,61 +46,61 @@ * Yes, it's rather "weak" test and if compilation fails, * then re-configure with -DOPENSSL_NO_CAPIENG. */ -# if defined(CERT_KEY_PROV_INFO_PROP_ID) && \ - defined(CERT_STORE_PROV_SYSTEM_A) && \ - defined(CERT_STORE_READONLY_FLAG) -# define __COMPILE_CAPIENG -# endif /* CERT_KEY_PROV_INFO_PROP_ID */ -# endif /* OPENSSL_NO_CAPIENG */ -#endif /* _WIN32 */ +#if defined(CERT_KEY_PROV_INFO_PROP_ID) && defined(CERT_STORE_PROV_SYSTEM_A) && defined(CERT_STORE_READONLY_FLAG) +#define __COMPILE_CAPIENG +#endif /* CERT_KEY_PROV_INFO_PROP_ID */ +#endif /* OPENSSL_NO_CAPIENG */ +#endif /* _WIN32 */ #ifdef __COMPILE_CAPIENG -# undef X509_EXTENSIONS +#undef X509_EXTENSIONS /* Definitions which may be missing from earlier version of headers */ -# ifndef CERT_STORE_OPEN_EXISTING_FLAG -# define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 -# endif - -# ifndef CERT_STORE_CREATE_NEW_FLAG -# define CERT_STORE_CREATE_NEW_FLAG 0x00002000 -# endif - -# ifndef CERT_SYSTEM_STORE_CURRENT_USER -# define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000 -# endif - -# ifndef ALG_SID_SHA_256 -# define ALG_SID_SHA_256 12 -# endif -# ifndef ALG_SID_SHA_384 -# define ALG_SID_SHA_384 13 -# endif -# ifndef ALG_SID_SHA_512 -# define ALG_SID_SHA_512 14 -# endif - -# ifndef CALG_SHA_256 -# define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256) -# endif -# ifndef CALG_SHA_384 -# define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384) -# endif -# ifndef CALG_SHA_512 -# define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512) -# endif - -# ifndef PROV_RSA_AES -# define PROV_RSA_AES 24 -# endif - -# include -# include -# include +#ifndef CERT_STORE_OPEN_EXISTING_FLAG +#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 +#endif + +#ifndef CERT_STORE_CREATE_NEW_FLAG +#define CERT_STORE_CREATE_NEW_FLAG 0x00002000 +#endif + +#ifndef CERT_SYSTEM_STORE_CURRENT_USER +#define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000 +#endif +#ifndef ALG_SID_SHA_256 +#define ALG_SID_SHA_256 12 +#endif +#ifndef ALG_SID_SHA_384 +#define ALG_SID_SHA_384 13 +#endif +#ifndef ALG_SID_SHA_512 +#define ALG_SID_SHA_512 14 +#endif + +#ifndef CALG_SHA_256 +#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256) +#endif +#ifndef CALG_SHA_384 +#define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384) +#endif +#ifndef CALG_SHA_512 +#define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512) +#endif + +#ifndef PROV_RSA_AES +#define PROV_RSA_AES 24 +#endif + +#include +#include +#include + +/* clang-format off */ # include "e_capi_err.h" # include "e_capi_err.c" +/* clang-format on */ static const char *engine_capi_id = "capi"; static const char *engine_capi_name = "CryptoAPI ENGINE"; @@ -119,42 +119,42 @@ void capi_free_key(CAPI_KEY *key); static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, - HCERTSTORE hstore); + HCERTSTORE hstore); CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id); static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); static int capi_rsa_sign(int dtype, const unsigned char *m, - unsigned int m_len, unsigned char *sigret, - unsigned int *siglen, const RSA *rsa); + unsigned int m_len, unsigned char *sigret, + unsigned int *siglen, const RSA *rsa); static int capi_rsa_priv_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + unsigned char *to, RSA *rsa, int padding); static int capi_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + unsigned char *to, RSA *rsa, int padding); static int capi_rsa_free(RSA *rsa); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, - DSA *dsa); + DSA *dsa); static int capi_dsa_free(DSA *dsa); -# endif +#endif static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, - EVP_PKEY **pkey, STACK_OF(X509) **pother, - UI_METHOD *ui_method, - void *callback_data); + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **pkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); -# ifdef OPENSSL_CAPIENG_DIALOG +#ifdef OPENSSL_CAPIENG_DIALOG static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); -# endif +#endif void engine_load_capi_int(void); typedef PCCERT_CONTEXT(WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR, - LPCWSTR, DWORD, DWORD, void *); + LPCWSTR, DWORD, DWORD, void *); typedef HWND(WINAPI *GETCONSWIN)(void); /* @@ -162,8 +162,8 @@ * global options and affects how other functions behave. */ -# define CAPI_DBG_TRACE 2 -# define CAPI_DBG_ERROR 1 +#define CAPI_DBG_TRACE 2 +#define CAPI_DBG_ERROR 1 struct CAPI_CTX_st { int debug_level; @@ -178,19 +178,19 @@ /* System store flags */ DWORD store_flags; /* Lookup string meanings in load_private_key */ -# define CAPI_LU_SUBSTR 1 /* Substring of subject: uses "storename" */ -# define CAPI_LU_FNAME 2 /* Friendly name: uses storename */ -# define CAPI_LU_CONTNAME 3 /* Container name: uses cspname, keytype */ +#define CAPI_LU_SUBSTR 1 /* Substring of subject: uses "storename" */ +#define CAPI_LU_FNAME 2 /* Friendly name: uses storename */ +#define CAPI_LU_CONTNAME 3 /* Container name: uses cspname, keytype */ int lookup_method; /* Info to dump with dumpcerts option */ -# define CAPI_DMP_SUMMARY 0x1 /* Issuer and serial name strings */ -# define CAPI_DMP_FNAME 0x2 /* Friendly name */ -# define CAPI_DMP_FULL 0x4 /* Full X509_print dump */ -# define CAPI_DMP_PEM 0x8 /* Dump PEM format certificate */ -# define CAPI_DMP_PSKEY 0x10 /* Dump pseudo key (if possible) */ -# define CAPI_DMP_PKEYINFO 0x20 /* Dump key info (if possible) */ +#define CAPI_DMP_SUMMARY 0x1 /* Issuer and serial name strings */ +#define CAPI_DMP_FNAME 0x2 /* Friendly name */ +#define CAPI_DMP_FULL 0x4 /* Full X509_print dump */ +#define CAPI_DMP_PEM 0x8 /* Dump PEM format certificate */ +#define CAPI_DMP_PSKEY 0x10 /* Dump pseudo key (if possible) */ +#define CAPI_DMP_PKEYINFO 0x20 /* Dump key info (if possible) */ DWORD dump_flags; - int (*client_cert_select) (ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); + int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); CERTDLG certselectdlg; GETCONSWIN getconswindow; }; @@ -198,84 +198,84 @@ static CAPI_CTX *capi_ctx_new(void); static void capi_ctx_free(CAPI_CTX *ctx); static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, - int check); + int check); static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx); -# define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE -# define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1) -# define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2) -# define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3) -# define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4) -# define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5) -# define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6) -# define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7) -# define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8) -# define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9) -# define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10) -# define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11) -# define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12) -# define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13) +#define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE +#define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1) +#define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2) +#define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3) +#define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4) +#define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5) +#define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6) +#define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7) +#define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8) +#define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9) +#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10) +#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11) +#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12) +#define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13) static const ENGINE_CMD_DEFN capi_cmd_defns[] = { - {CAPI_CMD_LIST_CERTS, - "list_certs", - "List all certificates in store", - ENGINE_CMD_FLAG_NO_INPUT}, - {CAPI_CMD_LOOKUP_CERT, - "lookup_cert", - "Lookup and output certificates", - ENGINE_CMD_FLAG_STRING}, - {CAPI_CMD_DEBUG_LEVEL, - "debug_level", - "debug level (1=errors, 2=trace)", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_DEBUG_FILE, - "debug_file", - "debugging filename)", - ENGINE_CMD_FLAG_STRING}, - {CAPI_CMD_KEYTYPE, - "key_type", - "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_LIST_CSPS, - "list_csps", - "List all CSPs", - ENGINE_CMD_FLAG_NO_INPUT}, - {CAPI_CMD_SET_CSP_IDX, - "csp_idx", - "Set CSP by index", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_SET_CSP_NAME, - "csp_name", - "Set CSP name, (default CSP used if not specified)", - ENGINE_CMD_FLAG_STRING}, - {CAPI_CMD_SET_CSP_TYPE, - "csp_type", - "Set CSP type, (default RSA_PROV_FULL)", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_LIST_CONTAINERS, - "list_containers", - "list container names", - ENGINE_CMD_FLAG_NO_INPUT}, - {CAPI_CMD_LIST_OPTIONS, - "list_options", - "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, " - "32=private key info)", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_LOOKUP_METHOD, - "lookup_method", - "Set key lookup method (1=substring, 2=friendlyname, 3=container name)", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_STORE_NAME, - "store_name", - "certificate store name, default \"MY\"", - ENGINE_CMD_FLAG_STRING}, - {CAPI_CMD_STORE_FLAGS, - "store_flags", - "Certificate store flags: 1 = system store", - ENGINE_CMD_FLAG_NUMERIC}, - - {0, NULL, NULL, 0} + { CAPI_CMD_LIST_CERTS, + "list_certs", + "List all certificates in store", + ENGINE_CMD_FLAG_NO_INPUT }, + { CAPI_CMD_LOOKUP_CERT, + "lookup_cert", + "Lookup and output certificates", + ENGINE_CMD_FLAG_STRING }, + { CAPI_CMD_DEBUG_LEVEL, + "debug_level", + "debug level (1=errors, 2=trace)", + ENGINE_CMD_FLAG_NUMERIC }, + { CAPI_CMD_DEBUG_FILE, + "debug_file", + "debugging filename)", + ENGINE_CMD_FLAG_STRING }, + { CAPI_CMD_KEYTYPE, + "key_type", + "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE", + ENGINE_CMD_FLAG_NUMERIC }, + { CAPI_CMD_LIST_CSPS, + "list_csps", + "List all CSPs", + ENGINE_CMD_FLAG_NO_INPUT }, + { CAPI_CMD_SET_CSP_IDX, + "csp_idx", + "Set CSP by index", + ENGINE_CMD_FLAG_NUMERIC }, + { CAPI_CMD_SET_CSP_NAME, + "csp_name", + "Set CSP name, (default CSP used if not specified)", + ENGINE_CMD_FLAG_STRING }, + { CAPI_CMD_SET_CSP_TYPE, + "csp_type", + "Set CSP type, (default RSA_PROV_FULL)", + ENGINE_CMD_FLAG_NUMERIC }, + { CAPI_CMD_LIST_CONTAINERS, + "list_containers", + "list container names", + ENGINE_CMD_FLAG_NO_INPUT }, + { CAPI_CMD_LIST_OPTIONS, + "list_options", + "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, " + "32=private key info)", + ENGINE_CMD_FLAG_NUMERIC }, + { CAPI_CMD_LOOKUP_METHOD, + "lookup_method", + "Set key lookup method (1=substring, 2=friendlyname, 3=container name)", + ENGINE_CMD_FLAG_NUMERIC }, + { CAPI_CMD_STORE_NAME, + "store_name", + "certificate store name, default \"MY\"", + ENGINE_CMD_FLAG_STRING }, + { CAPI_CMD_STORE_FLAGS, + "store_flags", + "Certificate store flags: 1 = system store", + ENGINE_CMD_FLAG_NUMERIC }, + + { 0, NULL, NULL, 0 } }; static int capi_idx = -1; @@ -283,7 +283,7 @@ static int dsa_capi_idx = -1; static int cert_capi_idx = -1; -static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int ret = 1; CAPI_CTX *ctx; @@ -392,27 +392,24 @@ BIO_free(out); return ret; - } static RSA_METHOD *capi_rsa_method = NULL; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA static DSA_METHOD *capi_dsa_method = NULL; -# endif +#endif static int use_aes_csp = 0; -static const WCHAR rsa_aes_cspname[] = - L"Microsoft Enhanced RSA and AES Cryptographic Provider"; -static const WCHAR rsa_enh_cspname[] = - L"Microsoft Enhanced Cryptographic Provider v1.0"; +static const WCHAR rsa_aes_cspname[] = L"Microsoft Enhanced RSA and AES Cryptographic Provider"; +static const WCHAR rsa_enh_cspname[] = L"Microsoft Enhanced Cryptographic Provider v1.0"; static int capi_init(ENGINE *e) { CAPI_CTX *ctx; const RSA_METHOD *ossl_rsa_meth; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA const DSA_METHOD *ossl_dsa_meth; -# endif +#endif HCRYPTPROV hprov; if (capi_idx < 0) { @@ -425,36 +422,36 @@ /* Setup RSA_METHOD */ rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); ossl_rsa_meth = RSA_PKCS1_OpenSSL(); - if ( !RSA_meth_set_pub_enc(capi_rsa_method, - RSA_meth_get_pub_enc(ossl_rsa_meth)) + if (!RSA_meth_set_pub_enc(capi_rsa_method, + RSA_meth_get_pub_enc(ossl_rsa_meth)) || !RSA_meth_set_pub_dec(capi_rsa_method, - RSA_meth_get_pub_dec(ossl_rsa_meth)) + RSA_meth_get_pub_dec(ossl_rsa_meth)) || !RSA_meth_set_priv_enc(capi_rsa_method, capi_rsa_priv_enc) || !RSA_meth_set_priv_dec(capi_rsa_method, capi_rsa_priv_dec) || !RSA_meth_set_mod_exp(capi_rsa_method, - RSA_meth_get_mod_exp(ossl_rsa_meth)) + RSA_meth_get_mod_exp(ossl_rsa_meth)) || !RSA_meth_set_bn_mod_exp(capi_rsa_method, - RSA_meth_get_bn_mod_exp(ossl_rsa_meth)) + RSA_meth_get_bn_mod_exp(ossl_rsa_meth)) || !RSA_meth_set_finish(capi_rsa_method, capi_rsa_free) || !RSA_meth_set_sign(capi_rsa_method, capi_rsa_sign)) { goto memerr; } -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA /* Setup DSA Method */ dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0); ossl_dsa_meth = DSA_OpenSSL(); - if ( !DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign) + if (!DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign) || !DSA_meth_set_verify(capi_dsa_method, - DSA_meth_get_verify(ossl_dsa_meth)) + DSA_meth_get_verify(ossl_dsa_meth)) || !DSA_meth_set_finish(capi_dsa_method, capi_dsa_free) || !DSA_meth_set_mod_exp(capi_dsa_method, - DSA_meth_get_mod_exp(ossl_dsa_meth)) + DSA_meth_get_mod_exp(ossl_dsa_meth)) || !DSA_meth_set_bn_mod_exp(capi_dsa_method, - DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) { + DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) { goto memerr; } -# endif +#endif } ctx = capi_ctx_new(); @@ -463,32 +460,30 @@ ENGINE_set_ex_data(e, capi_idx, ctx); -# ifdef OPENSSL_CAPIENG_DIALOG +#ifdef OPENSSL_CAPIENG_DIALOG { HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL")); HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL")); if (cryptui) - ctx->certselectdlg = - (CERTDLG) GetProcAddress(cryptui, - "CryptUIDlgSelectCertificateFromStore"); + ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, + "CryptUIDlgSelectCertificateFromStore"); if (kernel) - ctx->getconswindow = - (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow"); + ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow"); if (cryptui && !OPENSSL_isservice()) ctx->client_cert_select = cert_select_dialog; } -# endif +#endif /* See if there is RSA+AES CSP */ if (CryptAcquireContextW(&hprov, NULL, rsa_aes_cspname, PROV_RSA_AES, - CRYPT_VERIFYCONTEXT)) { + CRYPT_VERIFYCONTEXT)) { use_aes_csp = 1; CryptReleaseContext(hprov, 0); } return 1; - memerr: +memerr: CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE); return 0; @@ -499,10 +494,10 @@ { RSA_meth_free(capi_rsa_method); capi_rsa_method = NULL; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA DSA_meth_free(capi_dsa_method); capi_dsa_method = NULL; -# endif +#endif ERR_unload_CAPI_strings(); return 1; } @@ -535,11 +530,11 @@ capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0); if (capi_rsa_method == NULL) return 0; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0); if (capi_dsa_method == NULL) goto memerr; -# endif +#endif if (!ENGINE_set_id(e, engine_capi_id) || !ENGINE_set_name(e, engine_capi_name) || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) @@ -547,29 +542,29 @@ || !ENGINE_set_finish_function(e, capi_finish) || !ENGINE_set_destroy_function(e, capi_destroy) || !ENGINE_set_RSA(e, capi_rsa_method) -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, capi_dsa_method) -# endif +#endif || !ENGINE_set_load_privkey_function(e, capi_load_privkey) || !ENGINE_set_load_ssl_client_cert_function(e, - capi_load_ssl_client_cert) + capi_load_ssl_client_cert) || !ENGINE_set_cmd_defns(e, capi_cmd_defns) || !ENGINE_set_ctrl_function(e, capi_ctrl)) goto memerr; ERR_load_CAPI_strings(); return 1; - memerr: +memerr: RSA_meth_free(capi_rsa_method); capi_rsa_method = NULL; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA DSA_meth_free(capi_dsa_method); capi_dsa_method = NULL; -# endif +#endif return 0; } -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +#ifndef OPENSSL_NO_DYNAMIC_ENGINE static int bind_helper(ENGINE *e, const char *id) { if (id && (strcmp(id, engine_capi_id) != 0)) @@ -581,7 +576,7 @@ IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -# else +#else static ENGINE *engine_capi(void) { ENGINE *ret = ENGINE_new(); @@ -614,7 +609,7 @@ */ ERR_pop_to_mark(); } -# endif +#endif static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen) { @@ -663,7 +658,7 @@ goto err; } - bh = (BLOBHEADER *) pubkey; + bh = (BLOBHEADER *)pubkey; if (bh->bType != PUBLICKEYBLOB) { CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB); goto err; @@ -673,12 +668,12 @@ DWORD rsa_modlen; BIGNUM *e = NULL, *n = NULL; unsigned char *rsa_modulus; - rp = (RSAPUBKEY *) (bh + 1); + rp = (RSAPUBKEY *)(bh + 1); if (rp->magic != 0x31415352) { char magstr[10]; BIO_snprintf(magstr, 10, "%lx", rp->magic); CAPIerr(CAPI_F_CAPI_GET_PKEY, - CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); + CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); ERR_add_error_data(2, "magic=0x", magstr); goto err; } @@ -713,18 +708,18 @@ EVP_PKEY_assign_RSA(ret, rkey); rkey = NULL; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA } else if (bh->aiKeyAlg == CALG_DSS_SIGN) { DSSPUBKEY *dp; DWORD dsa_plen; unsigned char *btmp; BIGNUM *p, *q, *g, *pub_key; - dp = (DSSPUBKEY *) (bh + 1); + dp = (DSSPUBKEY *)(bh + 1); if (dp->magic != 0x31535344) { char magstr[10]; BIO_snprintf(magstr, 10, "%lx", dp->magic); CAPIerr(CAPI_F_CAPI_GET_PKEY, - CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); + CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); ERR_add_error_data(2, "magic=0x", magstr); goto err; } @@ -766,35 +761,34 @@ EVP_PKEY_assign_DSA(ret, dkey); dkey = NULL; -# endif +#endif } else { char algstr[10]; BIO_snprintf(algstr, 10, "%ux", bh->aiKeyAlg); CAPIerr(CAPI_F_CAPI_GET_PKEY, - CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM); + CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM); ERR_add_error_data(2, "aiKeyAlg=0x", algstr); goto err; } - err: +err: OPENSSL_free(pubkey); if (!ret) { RSA_free(rkey); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA DSA_free(dkey); -# endif +#endif } return ret; - memerr: +memerr: CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE); goto err; - } static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data) + UI_METHOD *ui_method, void *callback_data) { CAPI_CTX *ctx; CAPI_KEY *key; @@ -816,20 +810,19 @@ if (!ret) capi_free_key(key); return ret; - } /* CryptoAPI RSA operations */ int capi_rsa_priv_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) + unsigned char *to, RSA *rsa, int padding) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED); return -1; } int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) { ALG_ID alg; HCRYPTHASH hash; @@ -873,14 +866,13 @@ case NID_md5_sha1: alg = CALG_SSL3_SHAMD5; break; - default: - { - char algstr[10]; - BIO_snprintf(algstr, 10, "%x", dtype); - CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID); - ERR_add_error_data(2, "NID=0x", algstr); - return -1; - } + default: { + char algstr[10]; + BIO_snprintf(algstr, 10, "%x", dtype); + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID); + ERR_add_error_data(2, "NID=0x", algstr); + return -1; + } } /* Create the hash object */ @@ -917,14 +909,14 @@ /* Now cleanup */ - err: +err: CryptDestroyHash(hash); return ret; } int capi_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) + unsigned char *to, RSA *rsa, int padding) { int i; unsigned char *tmpbuf; @@ -955,14 +947,13 @@ flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK; break; #endif - default: - { - char errstr[10]; - BIO_snprintf(errstr, 10, "%d", padding); - CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); - ERR_add_error_data(2, "padding=", errstr); - return -1; - } + default: { + char errstr[10]; + BIO_snprintf(errstr, 10, "%d", padding); + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); + ERR_add_error_data(2, "padding=", errstr); + return -1; + } } /* Create temp reverse order version of input */ @@ -999,11 +990,11 @@ return 1; } -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA /* CryptoAPI DSA operations */ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, - DSA *dsa) + DSA *dsa) { HCRYPTHASH hash; DWORD slen; @@ -1064,7 +1055,7 @@ /* Now cleanup */ - err: +err: OPENSSL_cleanse(csigbuf, 40); CryptDestroyHash(hash); return ret; @@ -1078,10 +1069,10 @@ DSA_set_ex_data(dsa, dsa_capi_idx, 0); return 1; } -# endif +#endif static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, - va_list argptr) + va_list argptr) { BIO *out; @@ -1128,8 +1119,8 @@ len_1 = wcslen(wstr) + 1; if (len_1 > INT_MAX) { - CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_FUNCTION_NOT_SUPPORTED); - return NULL; + CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_FUNCTION_NOT_SUPPORTED); + return NULL; } len_0 = (int)len_1; /* WideCharToMultiByte expects int */ @@ -1152,7 +1143,7 @@ } static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, - DWORD idx) + DWORD idx) { DWORD len, err; LPTSTR name; @@ -1188,7 +1179,7 @@ *pname = (char *)name; } CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname, - *ptype); + *ptype); return 1; } @@ -1221,13 +1212,13 @@ LPWSTR cspname = NULL; CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, - ctx->csptype); + ctx->csptype); if (ctx->cspname != NULL) { if ((clen = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, - NULL, 0))) { + NULL, 0))) { cspname = alloca(clen * sizeof(WCHAR)); MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, (WCHAR *)cspname, - clen); + clen); } if (cspname == NULL) { CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE); @@ -1236,14 +1227,14 @@ } } if (!CryptAcquireContextW(&hprov, NULL, cspname, ctx->csptype, - CRYPT_VERIFYCONTEXT)) { + CRYPT_VERIFYCONTEXT)) { CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, - CAPI_R_CRYPTACQUIRECONTEXT_ERROR); + CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); return 0; } if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, - CRYPT_FIRST)) { + CRYPT_FIRST)) { CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR); capi_addlasterror(); CryptReleaseContext(hprov, 0); @@ -1267,7 +1258,7 @@ else flags = 0; if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, (BYTE *)cname, - &clen, flags)) { + &clen, flags)) { err = GetLastError(); if (err == ERROR_NO_MORE_ITEMS) goto done; @@ -1276,18 +1267,18 @@ goto err; } CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", - cname, clen, idx, flags); + cname, clen, idx, flags); if (!cname[0] && (clen == buflen)) { CAPI_trace(ctx, "Enumerate bug: using workaround\n"); goto done; } BIO_printf(out, "%lu. %s\n", idx, cname); } - err: +err: ret = 0; - done: +done: OPENSSL_free(cname); CryptReleaseContext(hprov, 0); @@ -1295,13 +1286,13 @@ } static CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, - PCCERT_CONTEXT cert) + PCCERT_CONTEXT cert) { DWORD len; CRYPT_KEY_PROV_INFO *pinfo; if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, - NULL, &len)) + NULL, &len)) return NULL; pinfo = OPENSSL_malloc(len); if (pinfo == NULL) { @@ -1309,9 +1300,9 @@ return NULL; } if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, - pinfo, &len)) { + pinfo, &len)) { CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, - CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO); + CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO); capi_addlasterror(); OPENSSL_free(pinfo); return NULL; @@ -1320,7 +1311,7 @@ } static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, - CRYPT_KEY_PROV_INFO *pinfo) + CRYPT_KEY_PROV_INFO *pinfo) { char *provname = NULL, *contname = NULL; @@ -1335,10 +1326,10 @@ BIO_printf(out, " Private Key Info:\n"); BIO_printf(out, " Provider Name: %s, Provider Type %lu\n", provname, - pinfo->dwProvType); + pinfo->dwProvType); BIO_printf(out, " Container Name: %s, Key Type %lu\n", contname, - pinfo->dwKeySpec); - err: + pinfo->dwKeySpec); +err: OPENSSL_free(provname); OPENSSL_free(contname); } @@ -1350,13 +1341,13 @@ CAPI_trace(ctx, "capi_cert_get_fname\n"); if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, - NULL, &dlen)) + NULL, &dlen)) return NULL; wfname = OPENSSL_malloc(dlen); if (wfname == NULL) return NULL; if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, - wfname, &dlen)) { + wfname, &dlen)) { char *fname = wide_to_asc(wfname); OPENSSL_free(wfname); return fname; @@ -1421,7 +1412,7 @@ CAPI_trace(ctx, "Opening certificate store %s\n", storename); hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0, - ctx->store_flags, storename); + ctx->store_flags, storename); if (!hstore) { CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE); capi_addlasterror(); @@ -1462,13 +1453,13 @@ capi_dump_cert(ctx, out, cert); } } - err: +err: CertCloseStore(hstore, 0); return ret; } static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, - HCERTSTORE hstore) + HCERTSTORE hstore) { PCCERT_CONTEXT cert = NULL; char *fname = NULL; @@ -1476,7 +1467,7 @@ switch (ctx->lookup_method) { case CAPI_LU_SUBSTR: return CertFindCertificateInStore(hstore, X509_ASN_ENCODING, 0, - CERT_FIND_SUBJECT_STR_A, id, NULL); + CERT_FIND_SUBJECT_STR_A, id, NULL); case CAPI_LU_FNAME: for (;;) { cert = CertEnumCertificatesInStore(hstore, cert); @@ -1499,8 +1490,8 @@ } static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const WCHAR *contname, - const WCHAR *provname, DWORD ptype, - DWORD keyspec) + const WCHAR *provname, DWORD ptype, + DWORD keyspec) { DWORD dwFlags = 0; CAPI_KEY *key = OPENSSL_malloc(sizeof(*key)); @@ -1508,8 +1499,7 @@ if (key == NULL) return NULL; /* If PROV_RSA_AES supported use it instead */ - if (ptype == PROV_RSA_FULL && use_aes_csp && - wcscmp(provname, rsa_enh_cspname) == 0) { + if (ptype == PROV_RSA_FULL && use_aes_csp && wcscmp(provname, rsa_enh_cspname) == 0) { provname = rsa_aes_cspname; ptype = PROV_RSA_AES; } @@ -1522,14 +1512,14 @@ char *_provname = wide_to_asc(provname); CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", - _contname, _provname, ptype); + _contname, _provname, ptype); OPENSSL_free(_provname); OPENSSL_free(_contname); } if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE) dwFlags = CRYPT_MACHINE_KEYSET; if (!CryptAcquireContextW(&key->hprov, contname, provname, ptype, - dwFlags)) { + dwFlags)) { CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); goto err; @@ -1544,7 +1534,7 @@ key->pcert = NULL; return key; - err: +err: OPENSSL_free(key); return NULL; } @@ -1558,7 +1548,7 @@ if (pinfo != NULL) key = capi_get_key(ctx, pinfo->pwszContainerName, pinfo->pwszProvName, - pinfo->dwProvType, pinfo->dwKeySpec); + pinfo->dwProvType, pinfo->dwKeySpec); OPENSSL_free(pinfo); return key; @@ -1584,23 +1574,14 @@ CertCloseStore(hstore, 0); break; - case CAPI_LU_CONTNAME: - { - WCHAR *contname, *provname; - DWORD len; - - if ((len = MultiByteToWideChar(CP_ACP, 0, id, -1, NULL, 0)) && - (contname = alloca(len * sizeof(WCHAR)), - MultiByteToWideChar(CP_ACP, 0, id, -1, contname, len)) && - (len = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, - NULL, 0)) && - (provname = alloca(len * sizeof(WCHAR)), - MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, - provname, len))) - key = capi_get_key(ctx, contname, provname, - ctx->csptype, ctx->keytype); - } - break; + case CAPI_LU_CONTNAME: { + WCHAR *contname, *provname; + DWORD len; + + if ((len = MultiByteToWideChar(CP_ACP, 0, id, -1, NULL, 0)) && (contname = alloca(len * sizeof(WCHAR)), MultiByteToWideChar(CP_ACP, 0, id, -1, contname, len)) && (len = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, NULL, 0)) && (provname = alloca(len * sizeof(WCHAR)), MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, provname, len))) + key = capi_get_key(ctx, contname, provname, + ctx->csptype, ctx->keytype); + } break; } return key; @@ -1630,8 +1611,7 @@ ctx->csptype = PROV_RSA_FULL; ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME; ctx->keytype = AT_KEYEXCHANGE; - ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG | - CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER; + ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER; ctx->lookup_method = CAPI_LU_SUBSTR; ctx->client_cert_select = cert_select_simple; return ctx; @@ -1650,7 +1630,7 @@ } static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, - int check) + int check) { LPSTR tmpcspname; @@ -1664,10 +1644,9 @@ name = alloca(len * sizeof(WCHAR)); MultiByteToWideChar(CP_ACP, 0, pname, -1, (WCHAR *)name, len); } - if (name == NULL || !CryptAcquireContextW(&hprov, NULL, name, type, - CRYPT_VERIFYCONTEXT)) { + if (name == NULL || !CryptAcquireContextW(&hprov, NULL, name, type, CRYPT_VERIFYCONTEXT)) { CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, - CAPI_R_CRYPTACQUIRECONTEXT_ERROR); + CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); return 0; } @@ -1712,10 +1691,10 @@ } static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, - EVP_PKEY **pkey, STACK_OF(X509) **pother, - UI_METHOD *ui_method, - void *callback_data) + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **pkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data) { STACK_OF(X509) *certs = NULL; X509 *x; @@ -1810,7 +1789,6 @@ X509_set_ex_data(*pcert, cert_capi_idx, NULL); return 1; - } /* Simple client cert selection function: always select first */ @@ -1820,7 +1798,7 @@ return 0; } -# ifdef OPENSSL_CAPIENG_DIALOG +#ifdef OPENSSL_CAPIENG_DIALOG /* * More complex cert selection function, using standard function @@ -1832,15 +1810,16 @@ * versions of headers. */ -# ifndef CRYPTUI_SELECT_LOCATION_COLUMN -# define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010 -# define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004 -# endif +#ifndef CRYPTUI_SELECT_LOCATION_COLUMN +#define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010 +#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004 +#endif -# define dlg_title L"OpenSSL Application SSL Client Certificate Selection" -# define dlg_prompt L"Select a certificate to use for authentication" -# define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \ - |CRYPTUI_SELECT_INTENDEDUSE_COLUMN +#define dlg_title L"OpenSSL Application SSL Client Certificate Selection" +#define dlg_prompt L"Select a certificate to use for authentication" +#define dlg_columns \ + CRYPTUI_SELECT_LOCATION_COLUMN \ + | CRYPTUI_SELECT_INTENDEDUSE_COLUMN static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs) { @@ -1856,7 +1835,7 @@ ctx = ENGINE_get_ex_data(e, capi_idx); /* Create an in memory store of certificates */ dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, - CERT_STORE_CREATE_NEW_FLAG, NULL); + CERT_STORE_CREATE_NEW_FLAG, NULL); if (!dstore) { CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE); capi_addlasterror(); @@ -1868,12 +1847,11 @@ key = X509_get_ex_data(x, cert_capi_idx); if (!CertAddCertificateContextToStore(dstore, key->pcert, - CERT_STORE_ADD_NEW, NULL)) { + CERT_STORE_ADD_NEW, NULL)) { CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT); capi_addlasterror(); goto err; } - } hwnd = GetForegroundWindow(); if (!hwnd) @@ -1882,46 +1860,44 @@ hwnd = ctx->getconswindow(); /* Call dialog to select one */ cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt, - dlg_columns, 0, NULL); + dlg_columns, 0, NULL); /* Find matching cert from list */ if (cert) { for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); key = X509_get_ex_data(x, cert_capi_idx); - if (CertCompareCertificate - (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, - key->pcert->pCertInfo)) { + if (CertCompareCertificate(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo, + key->pcert->pCertInfo)) { idx = i; break; } } } - err: +err: if (dstore) CertCloseStore(dstore, 0); return idx; - } -# endif +#endif -#else /* !__COMPILE_CAPIENG */ -# include -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +#else /* !__COMPILE_CAPIENG */ +#include +#ifndef OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_EXPORT - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); OPENSSL_EXPORT - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } IMPLEMENT_DYNAMIC_CHECK_FN() -# else +#else void engine_load_capi_int(void); void engine_load_capi_int(void) { } -# endif +#endif #endif --- crypto/openssl/engines/e_capi_err.c.orig +++ crypto/openssl/engines/e_capi_err.c @@ -14,46 +14,46 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA CAPI_str_reasons[] = { - {ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"}, - {ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"}, - {ERR_PACK(0, 0, CAPI_R_CANT_GET_KEY), "cant get key"}, - {ERR_PACK(0, 0, CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"}, - {ERR_PACK(0, 0, CAPI_R_CRYPTACQUIRECONTEXT_ERROR), - "cryptacquirecontext error"}, - {ERR_PACK(0, 0, CAPI_R_CRYPTENUMPROVIDERS_ERROR), - "cryptenumproviders error"}, - {ERR_PACK(0, 0, CAPI_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_PACK(0, 0, CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"}, - {ERR_PACK(0, 0, CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"}, - {ERR_PACK(0, 0, CAPI_R_ERROR_ADDING_CERT), "error adding cert"}, - {ERR_PACK(0, 0, CAPI_R_ERROR_CREATING_STORE), "error creating store"}, - {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_FRIENDLY_NAME), - "error getting friendly name"}, - {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO), - "error getting key provider info"}, - {ERR_PACK(0, 0, CAPI_R_ERROR_OPENING_STORE), "error opening store"}, - {ERR_PACK(0, 0, CAPI_R_ERROR_SIGNING_HASH), "error signing hash"}, - {ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open error"}, - {ERR_PACK(0, 0, CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"}, - {ERR_PACK(0, 0, CAPI_R_GETUSERKEY_ERROR), "getuserkey error"}, - {ERR_PACK(0, 0, CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, - {ERR_PACK(0, 0, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), - "invalid dsa public key blob magic number"}, - {ERR_PACK(0, 0, CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"}, - {ERR_PACK(0, 0, CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"}, - {ERR_PACK(0, 0, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), - "invalid rsa public key blob magic number"}, - {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"}, - {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR), - "pubkey export length error"}, - {ERR_PACK(0, 0, CAPI_R_UNKNOWN_COMMAND), "unknown command"}, - {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_ALGORITHM_NID), - "unsupported algorithm nid"}, - {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"}, - {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM), - "unsupported public key algorithm"}, - {ERR_PACK(0, 0, CAPI_R_WIN32_ERROR), "win32 error"}, - {0, NULL} + { ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object" }, + { ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context" }, + { ERR_PACK(0, 0, CAPI_R_CANT_GET_KEY), "cant get key" }, + { ERR_PACK(0, 0, CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value" }, + { ERR_PACK(0, 0, CAPI_R_CRYPTACQUIRECONTEXT_ERROR), + "cryptacquirecontext error" }, + { ERR_PACK(0, 0, CAPI_R_CRYPTENUMPROVIDERS_ERROR), + "cryptenumproviders error" }, + { ERR_PACK(0, 0, CAPI_R_DECRYPT_ERROR), "decrypt error" }, + { ERR_PACK(0, 0, CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized" }, + { ERR_PACK(0, 0, CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error" }, + { ERR_PACK(0, 0, CAPI_R_ERROR_ADDING_CERT), "error adding cert" }, + { ERR_PACK(0, 0, CAPI_R_ERROR_CREATING_STORE), "error creating store" }, + { ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_FRIENDLY_NAME), + "error getting friendly name" }, + { ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO), + "error getting key provider info" }, + { ERR_PACK(0, 0, CAPI_R_ERROR_OPENING_STORE), "error opening store" }, + { ERR_PACK(0, 0, CAPI_R_ERROR_SIGNING_HASH), "error signing hash" }, + { ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open error" }, + { ERR_PACK(0, 0, CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported" }, + { ERR_PACK(0, 0, CAPI_R_GETUSERKEY_ERROR), "getuserkey error" }, + { ERR_PACK(0, 0, CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length" }, + { ERR_PACK(0, 0, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), + "invalid dsa public key blob magic number" }, + { ERR_PACK(0, 0, CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method" }, + { ERR_PACK(0, 0, CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob" }, + { ERR_PACK(0, 0, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), + "invalid rsa public key blob magic number" }, + { ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error" }, + { ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR), + "pubkey export length error" }, + { ERR_PACK(0, 0, CAPI_R_UNKNOWN_COMMAND), "unknown command" }, + { ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_ALGORITHM_NID), + "unsupported algorithm nid" }, + { ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PADDING), "unsupported padding" }, + { ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM), + "unsupported public key algorithm" }, + { ERR_PACK(0, 0, CAPI_R_WIN32_ERROR), "win32 error" }, + { 0, NULL } }; #endif --- crypto/openssl/engines/e_capi_err.h.orig +++ crypto/openssl/engines/e_capi_err.h @@ -9,48 +9,46 @@ */ #ifndef OSSL_E_CAPI_ERR_H -# define OSSL_E_CAPI_ERR_H -# pragma once +#define OSSL_E_CAPI_ERR_H +#pragma once -# include -# include - - -# define CAPIerr(f, r) ERR_CAPI_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) +#include +#include +#define CAPIerr(f, r) ERR_CAPI_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * CAPI reason codes. */ -# define CAPI_R_CANT_CREATE_HASH_OBJECT 100 -# define CAPI_R_CANT_FIND_CAPI_CONTEXT 101 -# define CAPI_R_CANT_GET_KEY 102 -# define CAPI_R_CANT_SET_HASH_VALUE 103 -# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 104 -# define CAPI_R_CRYPTENUMPROVIDERS_ERROR 105 -# define CAPI_R_DECRYPT_ERROR 106 -# define CAPI_R_ENGINE_NOT_INITIALIZED 107 -# define CAPI_R_ENUMCONTAINERS_ERROR 108 -# define CAPI_R_ERROR_ADDING_CERT 109 -# define CAPI_R_ERROR_CREATING_STORE 110 -# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 111 -# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 112 -# define CAPI_R_ERROR_OPENING_STORE 113 -# define CAPI_R_ERROR_SIGNING_HASH 114 -# define CAPI_R_FILE_OPEN_ERROR 115 -# define CAPI_R_FUNCTION_NOT_SUPPORTED 116 -# define CAPI_R_GETUSERKEY_ERROR 117 -# define CAPI_R_INVALID_DIGEST_LENGTH 118 -# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 119 -# define CAPI_R_INVALID_LOOKUP_METHOD 120 -# define CAPI_R_INVALID_PUBLIC_KEY_BLOB 121 -# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122 -# define CAPI_R_PUBKEY_EXPORT_ERROR 123 -# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 124 -# define CAPI_R_UNKNOWN_COMMAND 125 -# define CAPI_R_UNSUPPORTED_ALGORITHM_NID 126 -# define CAPI_R_UNSUPPORTED_PADDING 127 -# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 128 -# define CAPI_R_WIN32_ERROR 129 +#define CAPI_R_CANT_CREATE_HASH_OBJECT 100 +#define CAPI_R_CANT_FIND_CAPI_CONTEXT 101 +#define CAPI_R_CANT_GET_KEY 102 +#define CAPI_R_CANT_SET_HASH_VALUE 103 +#define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 104 +#define CAPI_R_CRYPTENUMPROVIDERS_ERROR 105 +#define CAPI_R_DECRYPT_ERROR 106 +#define CAPI_R_ENGINE_NOT_INITIALIZED 107 +#define CAPI_R_ENUMCONTAINERS_ERROR 108 +#define CAPI_R_ERROR_ADDING_CERT 109 +#define CAPI_R_ERROR_CREATING_STORE 110 +#define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 111 +#define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 112 +#define CAPI_R_ERROR_OPENING_STORE 113 +#define CAPI_R_ERROR_SIGNING_HASH 114 +#define CAPI_R_FILE_OPEN_ERROR 115 +#define CAPI_R_FUNCTION_NOT_SUPPORTED 116 +#define CAPI_R_GETUSERKEY_ERROR 117 +#define CAPI_R_INVALID_DIGEST_LENGTH 118 +#define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 119 +#define CAPI_R_INVALID_LOOKUP_METHOD 120 +#define CAPI_R_INVALID_PUBLIC_KEY_BLOB 121 +#define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122 +#define CAPI_R_PUBKEY_EXPORT_ERROR 123 +#define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 124 +#define CAPI_R_UNKNOWN_COMMAND 125 +#define CAPI_R_UNSUPPORTED_ALGORITHM_NID 126 +#define CAPI_R_UNSUPPORTED_PADDING 127 +#define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 128 +#define CAPI_R_WIN32_ERROR 129 #endif --- crypto/openssl/engines/e_dasync.c.orig +++ crypto/openssl/engines/e_dasync.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,14 +13,14 @@ /* * SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. Note, that due to symbols not being exported, only the - * #defines and strucures can be accessed, in this case SHA_CBLOCK and + * #defines and structures can be accessed, in this case SHA_CBLOCK and * sizeof(SHA_CTX). */ #include "internal/deprecated.h" #include #if defined(_WIN32) -# include +#include #endif #include @@ -38,38 +38,38 @@ #include #if defined(OPENSSL_SYS_UNIX) && defined(OPENSSL_THREADS) -# undef ASYNC_POSIX -# define ASYNC_POSIX -# include +#undef ASYNC_POSIX +#define ASYNC_POSIX +#include #elif defined(_WIN32) -# undef ASYNC_WIN -# define ASYNC_WIN +#undef ASYNC_WIN +#define ASYNC_WIN #endif +/* clang-format off */ #include "e_dasync_err.c" +/* clang-format on */ /* Engine Id and Name */ static const char *engine_dasync_id = "dasync"; static const char *engine_dasync_name = "Dummy Async engine support"; - /* Engine Lifetime functions */ static int dasync_destroy(ENGINE *e); static int dasync_init(ENGINE *e); static int dasync_finish(ENGINE *e); void engine_load_dasync_int(void); - /* Set up digests. Just SHA1 for now */ static int dasync_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); + const int **nids, int nid); static void dummy_pause_job(void); /* SHA1 */ static int dasync_sha1_init(EVP_MD_CTX *ctx); static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, - size_t count); + size_t count); static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); /* @@ -106,7 +106,7 @@ /* RSA */ static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **pnids, int nid); + const int **pnids, int nid); static int dasync_rsa_init(EVP_PKEY_CTX *ctx); static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx); @@ -116,15 +116,15 @@ static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx); static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *in, - size_t inlen); + size_t *outlen, const unsigned char *in, + size_t inlen); static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx); static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *in, - size_t inlen); + size_t *outlen, const unsigned char *in, + size_t inlen); static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, - const char *value); + const char *value); static EVP_PKEY_METHOD *dasync_rsa; static const EVP_PKEY_METHOD *dasync_rsa_orig; @@ -132,31 +132,31 @@ /* AES */ static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr); + void *ptr); static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx); static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr); + void *ptr); static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx); static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - int arg, void *ptr); + int arg, void *ptr); static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc); + const unsigned char *key, + const unsigned char *iv, + int enc); static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl); + unsigned char *out, + const unsigned char *in, + size_t inl); static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx); struct dasync_pipeline_ctx { @@ -214,7 +214,7 @@ } static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); + const int **nids, int nid); static int dasync_cipher_nids[] = { NID_aes_128_cbc, @@ -229,20 +229,21 @@ ; if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL || (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, - EVP_PKEY_FLAG_AUTOARGLEN)) == NULL) + EVP_PKEY_FLAG_AUTOARGLEN)) + == NULL) return 0; EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init); EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup); EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init, - dasync_rsa_paramgen); + dasync_rsa_paramgen); EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init, - dasync_rsa_keygen); + dasync_rsa_keygen); EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init, - dasync_rsa_encrypt); + dasync_rsa_encrypt); EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init, - dasync_rsa_decrypt); + dasync_rsa_decrypt); EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl, - dasync_rsa_ctrl_str); + dasync_rsa_ctrl_str); /* Ensure the dasync error handling is set up */ ERR_load_DASYNC_strings(); @@ -268,7 +269,7 @@ || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH) || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK) || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md, - sizeof(EVP_MD *) + sizeof(SHA_CTX)) + sizeof(EVP_MD *) + sizeof(SHA_CTX)) || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT) || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init) || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update) @@ -278,75 +279,75 @@ } _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, - 16 /* block size */, - 16 /* key len */); + 16 /* block size */, + 16 /* key len */); if (_hidden_aes_128_cbc == NULL - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) - || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, - EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CBC_MODE - | EVP_CIPH_FLAG_PIPELINE - | EVP_CIPH_CUSTOM_COPY) - || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, - dasync_aes128_init_key) - || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, - dasync_aes128_cbc_cipher) - || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, - dasync_aes128_cbc_cleanup) - || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc, - dasync_aes128_cbc_ctrl) - || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, - sizeof(struct dasync_pipeline_ctx))) { + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, 16) + || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, + EVP_CIPH_FLAG_DEFAULT_ASN1 + | EVP_CIPH_CBC_MODE + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) + || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, + dasync_aes128_init_key) + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, + dasync_aes128_cbc_cipher) + || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, + dasync_aes128_cbc_cleanup) + || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc, + dasync_aes128_cbc_ctrl) + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, + sizeof(struct dasync_pipeline_ctx))) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc); _hidden_aes_128_cbc = NULL; } _hidden_aes_256_ctr = EVP_CIPHER_meth_new(NID_aes_256_ctr, - 1 /* block size */, - 32 /* key len */); + 1 /* block size */, + 32 /* key len */); if (_hidden_aes_256_ctr == NULL - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_256_ctr,16) - || !EVP_CIPHER_meth_set_flags(_hidden_aes_256_ctr, - EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CTR_MODE - | EVP_CIPH_FLAG_PIPELINE - | EVP_CIPH_CUSTOM_COPY) - || !EVP_CIPHER_meth_set_init(_hidden_aes_256_ctr, - dasync_aes256_init_key) - || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_256_ctr, - dasync_aes256_ctr_cipher) - || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_256_ctr, - dasync_aes256_ctr_cleanup) - || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_256_ctr, - dasync_aes256_ctr_ctrl) - || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_256_ctr, - sizeof(struct dasync_pipeline_ctx))) { + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_256_ctr, 16) + || !EVP_CIPHER_meth_set_flags(_hidden_aes_256_ctr, + EVP_CIPH_FLAG_DEFAULT_ASN1 + | EVP_CIPH_CTR_MODE + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) + || !EVP_CIPHER_meth_set_init(_hidden_aes_256_ctr, + dasync_aes256_init_key) + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_256_ctr, + dasync_aes256_ctr_cipher) + || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_256_ctr, + dasync_aes256_ctr_cleanup) + || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_256_ctr, + dasync_aes256_ctr_ctrl) + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_256_ctr, + sizeof(struct dasync_pipeline_ctx))) { EVP_CIPHER_meth_free(_hidden_aes_256_ctr); _hidden_aes_256_ctr = NULL; } _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new( - NID_aes_128_cbc_hmac_sha1, - 16 /* block size */, - 16 /* key len */); + NID_aes_128_cbc_hmac_sha1, + 16 /* block size */, + 16 /* key len */); if (_hidden_aes_128_cbc_hmac_sha1 == NULL - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) - || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, - EVP_CIPH_CBC_MODE - | EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_FLAG_AEAD_CIPHER - | EVP_CIPH_FLAG_PIPELINE - | EVP_CIPH_CUSTOM_COPY) - || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, - dasync_aes128_cbc_hmac_sha1_init_key) - || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, - dasync_aes128_cbc_hmac_sha1_cipher) - || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1, - dasync_aes128_cbc_hmac_sha1_cleanup) - || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, - dasync_aes128_cbc_hmac_sha1_ctrl) - || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, - sizeof(struct dasync_pipeline_ctx))) { + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1, 16) + || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, + EVP_CIPH_CBC_MODE + | EVP_CIPH_FLAG_DEFAULT_ASN1 + | EVP_CIPH_FLAG_AEAD_CIPHER + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) + || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, + dasync_aes128_cbc_hmac_sha1_init_key) + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, + dasync_aes128_cbc_hmac_sha1_cipher) + || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1, + dasync_aes128_cbc_hmac_sha1_cleanup) + || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, + dasync_aes128_cbc_hmac_sha1_ctrl) + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, + sizeof(struct dasync_pipeline_ctx))) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); _hidden_aes_128_cbc_hmac_sha1 = NULL; } @@ -364,7 +365,7 @@ dasync_rsa = NULL; } -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +#ifndef OPENSSL_NO_DYNAMIC_ENGINE static int bind_helper(ENGINE *e, const char *id) { if (id && (strcmp(id, engine_dasync_id) != 0)) @@ -375,8 +376,8 @@ } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -# endif +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +#endif static ENGINE *engine_dasync(void) { @@ -415,13 +416,11 @@ return 1; } - static int dasync_finish(ENGINE *e) { return 1; } - static int dasync_destroy(ENGINE *e) { destroy_digests(); @@ -432,7 +431,7 @@ } static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **pnids, int nid) + const int **pnids, int nid) { static const int rnid = EVP_PKEY_RSA; @@ -451,7 +450,7 @@ } static int dasync_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) + const int **nids, int nid) { int ok = 1; if (!digest) { @@ -472,14 +471,13 @@ } static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) + const int **nids, int nid) { int ok = 1; if (cipher == NULL) { /* We are returning a list of supported nids */ *nids = dasync_cipher_nids; - return (sizeof(dasync_cipher_nids) - - 1) / sizeof(dasync_cipher_nids[0]); + return (sizeof(dasync_cipher_nids) - 1) / sizeof(dasync_cipher_nids[0]); } /* We are being asked for a specific cipher */ switch (nid) { @@ -501,7 +499,7 @@ } static void wait_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD readfd, void *pvwritefd) + OSSL_ASYNC_FD readfd, void *pvwritefd) { OSSL_ASYNC_FD *pwritefd = (OSSL_ASYNC_FD *)pvwritefd; #if defined(ASYNC_WIN) @@ -516,12 +514,13 @@ #define DUMMY_CHAR 'X' -static void dummy_pause_job(void) { +static void dummy_pause_job(void) +{ ASYNC_JOB *job; ASYNC_WAIT_CTX *waitctx; ASYNC_callback_fn callback; - void * callback_arg; - OSSL_ASYNC_FD pipefds[2] = {0, 0}; + void *callback_arg; + OSSL_ASYNC_FD pipefds[2] = { 0, 0 }; OSSL_ASYNC_FD *writefd; #if defined(ASYNC_WIN) DWORD numwritten, numread; @@ -546,9 +545,8 @@ return; } - if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_dasync_id, &pipefds[0], - (void **)&writefd)) { + (void **)&writefd)) { pipefds[1] = *writefd; } else { writefd = OPENSSL_malloc(sizeof(*writefd)); @@ -568,7 +566,7 @@ *writefd = pipefds[1]; if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], - writefd, wait_cleanup)) { + writefd, wait_cleanup)) { wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd); return; } @@ -609,7 +607,7 @@ } static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, - size_t count) + size_t count) { dummy_pause_job(); @@ -626,107 +624,102 @@ /* Cipher helper functions */ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr, int aeadcapable, - const EVP_CIPHER *ciph) + void *ptr, int aeadcapable, + const EVP_CIPHER *ciph) { int ret; - struct dasync_pipeline_ctx *pipe_ctx = - (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct dasync_pipeline_ctx *pipe_ctx = (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); if (pipe_ctx == NULL) return 0; switch (type) { - case EVP_CTRL_COPY: - { - size_t sz = EVP_CIPHER_impl_ctx_size(ciph); - void *inner_cipher_data = OPENSSL_malloc(sz); - - if (inner_cipher_data == NULL) - return -1; - memcpy(inner_cipher_data, pipe_ctx->inner_cipher_data, sz); - pipe_ctx->inner_cipher_data = inner_cipher_data; - } - break; + case EVP_CTRL_COPY: { + size_t sz = EVP_CIPHER_impl_ctx_size(ciph); + void *inner_cipher_data = OPENSSL_malloc(sz); - case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: - pipe_ctx->numpipes = arg; - pipe_ctx->outbufs = (unsigned char **)ptr; - break; + if (inner_cipher_data == NULL) + return -1; + memcpy(inner_cipher_data, pipe_ctx->inner_cipher_data, sz); + pipe_ctx->inner_cipher_data = inner_cipher_data; + } break; - case EVP_CTRL_SET_PIPELINE_INPUT_BUFS: - pipe_ctx->numpipes = arg; - pipe_ctx->inbufs = (unsigned char **)ptr; - break; + case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: + pipe_ctx->numpipes = arg; + pipe_ctx->outbufs = (unsigned char **)ptr; + break; - case EVP_CTRL_SET_PIPELINE_INPUT_LENS: - pipe_ctx->numpipes = arg; - pipe_ctx->lens = (size_t *)ptr; - break; + case EVP_CTRL_SET_PIPELINE_INPUT_BUFS: + pipe_ctx->numpipes = arg; + pipe_ctx->inbufs = (unsigned char **)ptr; + break; - case EVP_CTRL_AEAD_SET_MAC_KEY: - if (!aeadcapable) - return -1; - EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); - ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1()) - (ctx, type, arg, ptr); - EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); - return ret; - - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; - - if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; + case EVP_CTRL_SET_PIPELINE_INPUT_LENS: + pipe_ctx->numpipes = arg; + pipe_ctx->lens = (size_t *)ptr; + break; - if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES) - return -1; + case EVP_CTRL_AEAD_SET_MAC_KEY: + if (!aeadcapable) + return -1; + EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); + ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_cbc_hmac_sha1())(ctx, type, arg, ptr); + EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx); + return ret; - memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr, - EVP_AEAD_TLS1_AAD_LEN); - pipe_ctx->aadctr++; + case EVP_CTRL_AEAD_TLS1_AAD: { + unsigned char *p = ptr; + unsigned int len; - len = p[arg - 2] << 8 | p[arg - 1]; + if (!aeadcapable || arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { - if (len < AES_BLOCK_SIZE) - return 0; - len -= AES_BLOCK_SIZE; - } + if (pipe_ctx->aadctr >= SSL_MAX_PIPELINES) + return -1; - return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) - & -AES_BLOCK_SIZE) - len; - } else { - return SHA_DIGEST_LENGTH; + memcpy(pipe_ctx->tlsaad[pipe_ctx->aadctr], ptr, + EVP_AEAD_TLS1_AAD_LEN); + pipe_ctx->aadctr++; + + len = p[arg - 2] << 8 | p[arg - 1]; + + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { + if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; + len -= AES_BLOCK_SIZE; } + + return ((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) + & -AES_BLOCK_SIZE) + - len; + } else { + return SHA_DIGEST_LENGTH; } + } - default: - return 0; + default: + return 0; } return 1; } static int dasync_cipher_init_key_helper(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc, - const EVP_CIPHER *cipher) + const unsigned char *key, + const unsigned char *iv, int enc, + const EVP_CIPHER *cipher) { int ret; - struct dasync_pipeline_ctx *pipe_ctx = - (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct dasync_pipeline_ctx *pipe_ctx = (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); if (pipe_ctx->inner_cipher_data == NULL - && EVP_CIPHER_impl_ctx_size(cipher) != 0) { + && EVP_CIPHER_impl_ctx_size(cipher) != 0) { pipe_ctx->inner_cipher_data = OPENSSL_zalloc( EVP_CIPHER_impl_ctx_size(cipher)); if (pipe_ctx->inner_cipher_data == NULL) { DASYNCerr(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); return 0; } } @@ -742,13 +735,12 @@ } static int dasync_cipher_helper(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl, - const EVP_CIPHER *cipher) + const unsigned char *in, size_t inl, + const EVP_CIPHER *cipher) { int ret = 1; unsigned int i, pipes; - struct dasync_pipeline_ctx *pipe_ctx = - (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct dasync_pipeline_ctx *pipe_ctx = (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); pipes = pipe_ctx->numpipes; EVP_CIPHER_CTX_set_cipher_data(ctx, pipe_ctx->inner_cipher_data); @@ -756,26 +748,21 @@ if (pipe_ctx->aadctr != 0) { if (pipe_ctx->aadctr != 1) return -1; - EVP_CIPHER_meth_get_ctrl(cipher) - (ctx, EVP_CTRL_AEAD_TLS1_AAD, - EVP_AEAD_TLS1_AAD_LEN, - pipe_ctx->tlsaad[0]); + EVP_CIPHER_meth_get_ctrl(cipher)(ctx, EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, + pipe_ctx->tlsaad[0]); } - ret = EVP_CIPHER_meth_get_do_cipher(cipher) - (ctx, out, in, inl); + ret = EVP_CIPHER_meth_get_do_cipher(cipher)(ctx, out, in, inl); } else { if (pipe_ctx->aadctr > 0 && pipe_ctx->aadctr != pipes) return -1; for (i = 0; i < pipes; i++) { if (pipe_ctx->aadctr > 0) { - EVP_CIPHER_meth_get_ctrl(cipher) - (ctx, EVP_CTRL_AEAD_TLS1_AAD, - EVP_AEAD_TLS1_AAD_LEN, - pipe_ctx->tlsaad[i]); + EVP_CIPHER_meth_get_ctrl(cipher)(ctx, EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, + pipe_ctx->tlsaad[i]); } - ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher) - (ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i], - pipe_ctx->lens[i]); + ret = ret && EVP_CIPHER_meth_get_do_cipher(cipher)(ctx, pipe_ctx->outbufs[i], pipe_ctx->inbufs[i], pipe_ctx->lens[i]); } pipe_ctx->numpipes = 0; } @@ -785,13 +772,12 @@ } static int dasync_cipher_cleanup_helper(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher) + const EVP_CIPHER *cipher) { - struct dasync_pipeline_ctx *pipe_ctx = - (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct dasync_pipeline_ctx *pipe_ctx = (struct dasync_pipeline_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); OPENSSL_clear_free(pipe_ctx->inner_cipher_data, - EVP_CIPHER_impl_ctx_size(cipher)); + EVP_CIPHER_impl_ctx_size(cipher)); return 1; } @@ -801,19 +787,19 @@ */ static int dasync_aes128_cbc_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) + void *ptr) { return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_128_cbc()); } static int dasync_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_128_cbc()); } static int dasync_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc()); } @@ -824,19 +810,19 @@ } static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) + void *ptr) { return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_256_ctr()); } static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_256_ctr()); } static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_256_ctr()); } @@ -846,34 +832,33 @@ return dasync_cipher_cleanup_helper(ctx, EVP_aes_256_ctr()); } - /* * AES128 CBC HMAC SHA1 Implementation */ static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - int arg, void *ptr) + int arg, void *ptr) { return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 1, EVP_aes_128_cbc_hmac_sha1()); } static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc) + const unsigned char *key, + const unsigned char *iv, + int enc) { /* * We can safely assume that EVP_aes_128_cbc_hmac_sha1() != NULL, * see comment before the definition of dasync_aes_128_cbc_hmac_sha1(). */ return dasync_cipher_init_key_helper(ctx, key, iv, enc, - EVP_aes_128_cbc_hmac_sha1()); + EVP_aes_128_cbc_hmac_sha1()); } static int dasync_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl) + unsigned char *out, + const unsigned char *in, + size_t inl) { return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_128_cbc_hmac_sha1()); } @@ -887,7 +872,6 @@ return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); } - /* * RSA implementation */ @@ -955,12 +939,12 @@ } static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *in, - size_t inlen) + size_t *outlen, const unsigned char *in, + size_t inlen) { static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *in, - size_t inlen); + size_t *outlen, const unsigned char *in, + size_t inlen); if (pencryptfn == NULL) EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn); @@ -977,12 +961,12 @@ } static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *in, - size_t inlen) + size_t *outlen, const unsigned char *in, + size_t inlen) { static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *in, - size_t inlen); + size_t *outlen, const unsigned char *in, + size_t inlen); if (pdecrypt == NULL) EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, NULL, &pdecrypt); @@ -999,10 +983,10 @@ } static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, - const char *value) + const char *value) { static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type, - const char *value); + const char *value); if (pctrl_str == NULL) EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str); --- crypto/openssl/engines/e_dasync_err.c.orig +++ crypto/openssl/engines/e_dasync_err.c @@ -14,8 +14,8 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA DASYNC_str_reasons[] = { - {ERR_PACK(0, 0, DASYNC_R_INIT_FAILED), "init failed"}, - {0, NULL} + { ERR_PACK(0, 0, DASYNC_R_INIT_FAILED), "init failed" }, + { 0, NULL } }; #endif --- crypto/openssl/engines/e_dasync_err.h.orig +++ crypto/openssl/engines/e_dasync_err.h @@ -9,19 +9,17 @@ */ #ifndef OSSL_E_DASYNC_ERR_H -# define OSSL_E_DASYNC_ERR_H -# pragma once +#define OSSL_E_DASYNC_ERR_H +#pragma once -# include -# include - - -# define DASYNCerr(f, r) ERR_DASYNC_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) +#include +#include +#define DASYNCerr(f, r) ERR_DASYNC_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * DASYNC reason codes. */ -# define DASYNC_R_INIT_FAILED 100 +#define DASYNC_R_INIT_FAILED 100 #endif --- crypto/openssl/engines/e_devcrypto.c.orig +++ crypto/openssl/engines/e_devcrypto.c @@ -29,7 +29,7 @@ /* #define ENGINE_DEVCRYPTO_DEBUG */ #if CRYPTO_ALGORITHM_MIN < CRYPTO_ALGORITHM_MAX -# define CHECK_BSD_STYLE_MACROS +#define CHECK_BSD_STYLE_MACROS #endif #define engine_devcrypto_id "devcrypto" @@ -51,8 +51,8 @@ */ static int cfd = -1; #define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of acceleration */ -#define DEVCRYPTO_USE_SOFTWARE 1 /* allow software drivers */ -#define DEVCRYPTO_REJECT_SOFTWARE 2 /* only disallow confirmed software drivers */ +#define DEVCRYPTO_USE_SOFTWARE 1 /* allow software drivers */ +#define DEVCRYPTO_REJECT_SOFTWARE 2 /* only disallow confirmed software drivers */ #define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS; @@ -63,17 +63,17 @@ */ struct driver_info_st { enum devcrypto_status_t { - DEVCRYPTO_STATUS_FAILURE = -3, /* unusable for other reason */ - DEVCRYPTO_STATUS_NO_CIOCCPHASH = -2, /* hash state copy not supported */ + DEVCRYPTO_STATUS_FAILURE = -3, /* unusable for other reason */ + DEVCRYPTO_STATUS_NO_CIOCCPHASH = -2, /* hash state copy not supported */ DEVCRYPTO_STATUS_NO_CIOCGSESSION = -1, /* session open failed */ - DEVCRYPTO_STATUS_UNKNOWN = 0, /* not tested yet */ - DEVCRYPTO_STATUS_USABLE = 1 /* algo can be used */ + DEVCRYPTO_STATUS_UNKNOWN = 0, /* not tested yet */ + DEVCRYPTO_STATUS_USABLE = 1 /* algo can be used */ } status; enum devcrypto_accelerated_t { - DEVCRYPTO_NOT_ACCELERATED = -1, /* software implemented */ - DEVCRYPTO_ACCELERATION_UNKNOWN = 0, /* acceleration support unknown */ - DEVCRYPTO_ACCELERATED = 1 /* hardware accelerated */ + DEVCRYPTO_NOT_ACCELERATED = -1, /* software implemented */ + DEVCRYPTO_ACCELERATION_UNKNOWN = 0, /* acceleration support unknown */ + DEVCRYPTO_ACCELERATED = 1 /* hardware accelerated */ } accelerated; char *driver_name; @@ -83,7 +83,8 @@ void engine_load_devcrypto_int(void); #endif -static int clean_devcrypto_session(session_op_t *sess) { +static int clean_devcrypto_session(session_op_t *sess) +{ if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); return 0; @@ -104,8 +105,8 @@ struct cipher_ctx { session_op_t sess; - int op; /* COP_ENCRYPT or COP_DECRYPT */ - unsigned long mode; /* EVP_CIPH_*_MODE */ + int op; /* COP_ENCRYPT or COP_DECRYPT */ + unsigned long mode; /* EVP_CIPH_*_MODE */ /* to handle ctr mode being a stream cipher */ unsigned char partial[EVP_MAX_BLOCK_LENGTH]; @@ -141,7 +142,7 @@ { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, #endif -#if 0 /* Not yet supported */ +#if 0 /* Not yet supported */ { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS }, { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS }, #endif @@ -150,18 +151,18 @@ { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, #endif -#if 0 /* Not yet supported */ +#if 0 /* Not yet supported */ { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, #endif #ifndef OPENSSL_NO_CAMELLIA { NID_camellia_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, - CRYPTO_CAMELLIA_CBC }, + CRYPTO_CAMELLIA_CBC }, { NID_camellia_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, - CRYPTO_CAMELLIA_CBC }, + CRYPTO_CAMELLIA_CBC }, { NID_camellia_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, - CRYPTO_CAMELLIA_CBC }, + CRYPTO_CAMELLIA_CBC }, #endif }; @@ -202,17 +203,14 @@ */ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { - struct cipher_ctx *cipher_ctx = - (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); - const struct cipher_data_st *cipher_d = - get_cipher_data(EVP_CIPHER_CTX_get_nid(ctx)); + struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + const struct cipher_data_st *cipher_d = get_cipher_data(EVP_CIPHER_CTX_get_nid(ctx)); int ret; /* cleanup a previous session */ - if (cipher_ctx->sess.ses != 0 && - clean_devcrypto_session(&cipher_ctx->sess) == 0) + if (cipher_ctx->sess.ses != 0 && clean_devcrypto_session(&cipher_ctx->sess) == 0) return 0; cipher_ctx->sess.cipher = cipher_d->devcryptoid; @@ -222,9 +220,7 @@ cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE; cipher_ctx->blocksize = cipher_d->blocksize; #ifdef CIOCGSESSION2 - cipher_ctx->sess.crid = (use_softdrivers == DEVCRYPTO_USE_SOFTWARE) ? - CRYPTO_FLAG_SOFTWARE | CRYPTO_FLAG_HARDWARE : - CRYPTO_FLAG_HARDWARE; + cipher_ctx->sess.crid = (use_softdrivers == DEVCRYPTO_USE_SOFTWARE) ? CRYPTO_FLAG_SOFTWARE | CRYPTO_FLAG_HARDWARE : CRYPTO_FLAG_HARDWARE; ret = ioctl(cfd, CIOCGSESSION2, &cipher_ctx->sess); #else ret = ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess); @@ -238,10 +234,9 @@ } static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { - struct cipher_ctx *cipher_ctx = - (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); struct crypt_op cryp; unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); #if !defined(COP_FLAG_WRITE_IV) @@ -301,11 +296,11 @@ case EVP_CIPH_CTR_MODE: nblocks = (inl + cipher_ctx->blocksize - 1) - / cipher_ctx->blocksize; + / cipher_ctx->blocksize; do { ivlen--; nblocks += iv[ivlen]; - iv[ivlen] = (uint8_t) nblocks; + iv[ivlen] = (uint8_t)nblocks; nblocks >>= 8; } while (ivlen); break; @@ -319,10 +314,9 @@ } static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { - struct cipher_ctx *cipher_ctx = - (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); size_t nblocks, len; /* initial partial block */ @@ -333,8 +327,8 @@ } /* full blocks */ - if (inl > (unsigned int) cipher_ctx->blocksize) { - nblocks = inl/cipher_ctx->blocksize; + if (inl > (unsigned int)cipher_ctx->blocksize) { + nblocks = inl / cipher_ctx->blocksize; len = nblocks * cipher_ctx->blocksize; if (cipher_do_cipher(ctx, out, in, len) < 1) return 0; @@ -347,11 +341,12 @@ if (inl) { memset(cipher_ctx->partial, 0, cipher_ctx->blocksize); if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial, - cipher_ctx->blocksize) < 1) + cipher_ctx->blocksize) + < 1) return 0; while (inl--) { out[cipher_ctx->num] = in[cipher_ctx->num] - ^ cipher_ctx->partial[cipher_ctx->num]; + ^ cipher_ctx->partial[cipher_ctx->num]; cipher_ctx->num++; } } @@ -359,10 +354,9 @@ return 1; } -static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) +static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void *p2) { - struct cipher_ctx *cipher_ctx = - (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2; struct cipher_ctx *to_cipher_ctx; @@ -372,11 +366,10 @@ if (cipher_ctx == NULL) return 1; /* when copying the context, a new session needs to be initialized */ - to_cipher_ctx = - (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx); + to_cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx); memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess)); return cipher_init(to_ctx, (void *)cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), - (cipher_ctx->op == COP_ENCRYPT)); + (cipher_ctx->op == COP_ENCRYPT)); case EVP_CTRL_INIT: memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); @@ -391,8 +384,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx) { - struct cipher_ctx *cipher_ctx = - (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); return clean_devcrypto_session(&cipher_ctx->sess); } @@ -405,21 +397,22 @@ */ static int known_cipher_nids[OSSL_NELEM(cipher_data)]; static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */ -static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, }; +static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { + NULL, +}; static int selected_ciphers[OSSL_NELEM(cipher_data)]; static struct driver_info_st cipher_driver_info[OSSL_NELEM(cipher_data)]; - static int devcrypto_test_cipher(size_t cipher_data_index) { return (cipher_driver_info[cipher_data_index].status == DEVCRYPTO_STATUS_USABLE - && selected_ciphers[cipher_data_index] == 1 - && (cipher_driver_info[cipher_data_index].accelerated - == DEVCRYPTO_ACCELERATED - || use_softdrivers == DEVCRYPTO_USE_SOFTWARE - || (cipher_driver_info[cipher_data_index].accelerated - != DEVCRYPTO_NOT_ACCELERATED - && use_softdrivers == DEVCRYPTO_REJECT_SOFTWARE))); + && selected_ciphers[cipher_data_index] == 1 + && (cipher_driver_info[cipher_data_index].accelerated + == DEVCRYPTO_ACCELERATED + || use_softdrivers == DEVCRYPTO_USE_SOFTWARE + || (cipher_driver_info[cipher_data_index].accelerated + != DEVCRYPTO_NOT_ACCELERATED + && use_softdrivers == DEVCRYPTO_REJECT_SOFTWARE))); } static void prepare_cipher_methods(void) @@ -440,7 +433,7 @@ sess.key = (void *)"01234567890123456789012345678901234567890123456789"; for (i = 0, known_cipher_nids_amount = 0; - i < OSSL_NELEM(cipher_data); i++) { + i < OSSL_NELEM(cipher_data); i++) { selected_ciphers[i] = 1; /* @@ -474,28 +467,25 @@ cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE; - if ((known_cipher_methods[i] = - EVP_CIPHER_meth_new(cipher_data[i].nid, - cipher_mode == EVP_CIPH_CTR_MODE ? 1 : - cipher_data[i].blocksize, - cipher_data[i].keylen)) == NULL + if ((known_cipher_methods[i] = EVP_CIPHER_meth_new(cipher_data[i].nid, + cipher_mode == EVP_CIPH_CTR_MODE ? 1 : cipher_data[i].blocksize, + cipher_data[i].keylen)) + == NULL || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i], - cipher_data[i].ivlen) + cipher_data[i].ivlen) || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i], - cipher_data[i].flags - | EVP_CIPH_CUSTOM_COPY - | EVP_CIPH_CTRL_INIT - | EVP_CIPH_FLAG_DEFAULT_ASN1) + cipher_data[i].flags + | EVP_CIPH_CUSTOM_COPY + | EVP_CIPH_CTRL_INIT + | EVP_CIPH_FLAG_DEFAULT_ASN1) || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init) || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i], - cipher_mode == EVP_CIPH_CTR_MODE ? - ctr_do_cipher : - cipher_do_cipher) + cipher_mode == EVP_CIPH_CTR_MODE ? ctr_do_cipher : cipher_do_cipher) || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl) || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i], - cipher_cleanup) + cipher_cleanup) || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i], - sizeof(struct cipher_ctx))) { + sizeof(struct cipher_ctx))) { cipher_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE; EVP_CIPHER_meth_free(known_cipher_methods[i]); known_cipher_methods[i] = NULL; @@ -505,17 +495,15 @@ cipher_driver_info[i].accelerated = accelerated; fop.crid = sess.crid; if (ioctl(cfd, CIOCFINDDEV, &fop) == 0) { - cipher_driver_info[i].driver_name = - OPENSSL_strndup(fop.name, sizeof(fop.name)); + cipher_driver_info[i].driver_name = OPENSSL_strndup(fop.name, sizeof(fop.name)); } #elif defined(CIOCGSESSINFO) siop.ses = sess.ses; if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) { cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATION_UNKNOWN; } else { - cipher_driver_info[i].driver_name = - OPENSSL_strndup(siop.cipher_info.cra_driver_name, - CRYPTODEV_MAX_ALG_NAME); + cipher_driver_info[i].driver_name = OPENSSL_strndup(siop.cipher_info.cra_driver_name, + CRYPTODEV_MAX_ALG_NAME); if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) cipher_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED; else @@ -525,8 +513,7 @@ } ioctl(cfd, CIOCFSESSION, &sess.ses); if (devcrypto_test_cipher(i)) { - known_cipher_nids[known_cipher_nids_amount++] = - cipher_data[i].nid; + known_cipher_nids[known_cipher_nids_amount++] = cipher_data[i].nid; } } } @@ -578,7 +565,7 @@ } static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) + const int **nids, int nid) { if (cipher == NULL) return get_cipher_nids(nids); @@ -623,22 +610,21 @@ size_t i; const char *name; - fprintf (stderr, "Information about ciphers supported by the /dev/crypto" - " engine:\n"); + fprintf(stderr, "Information about ciphers supported by the /dev/crypto" + " engine:\n"); #ifndef CIOCGSESSINFO fprintf(stderr, "CIOCGSESSINFO (session info call) unavailable\n"); #endif for (i = 0; i < OSSL_NELEM(cipher_data); i++) { name = OBJ_nid2sn(cipher_data[i].nid); - fprintf (stderr, "Cipher %s, NID=%d, /dev/crypto info: id=%d, ", - name ? name : "unknown", cipher_data[i].nid, - cipher_data[i].devcryptoid); - if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCGSESSION ) { - fprintf (stderr, "CIOCGSESSION (session open call) failed\n"); + fprintf(stderr, "Cipher %s, NID=%d, /dev/crypto info: id=%d, ", + name ? name : "unknown", cipher_data[i].nid, + cipher_data[i].devcryptoid); + if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCGSESSION) { + fprintf(stderr, "CIOCGSESSION (session open call) failed\n"); continue; } - fprintf (stderr, "driver=%s ", cipher_driver_info[i].driver_name ? - cipher_driver_info[i].driver_name : "unknown"); + fprintf(stderr, "driver=%s ", cipher_driver_info[i].driver_name ? cipher_driver_info[i].driver_name : "unknown"); if (cipher_driver_info[i].accelerated == DEVCRYPTO_ACCELERATED) fprintf(stderr, "(hw accelerated)"); else if (cipher_driver_info[i].accelerated == DEVCRYPTO_NOT_ACCELERATED) @@ -646,7 +632,7 @@ else fprintf(stderr, "(acceleration status unknown)"); if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_FAILURE) - fprintf (stderr, ". Cipher setup failed"); + fprintf(stderr, ". Cipher setup failed"); fprintf(stderr, "\n"); } fprintf(stderr, "\n"); @@ -689,9 +675,9 @@ #endif { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 }, #ifndef OPENSSL_NO_RMD160 -# if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160) +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160) { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 }, -# endif +#endif #endif #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224) { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 }, @@ -745,10 +731,8 @@ static int digest_init(EVP_MD_CTX *ctx) { - struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); - const struct digest_data_st *digest_d = - get_digest_data(EVP_MD_CTX_get_type(ctx)); + struct digest_ctx *digest_ctx = (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); + const struct digest_data_st *digest_d = get_digest_data(EVP_MD_CTX_get_type(ctx)); digest_ctx->init_called = 1; @@ -762,7 +746,7 @@ } static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen, - void *res, unsigned int flags) + void *res, unsigned int flags) { struct crypt_op cryp; @@ -778,8 +762,7 @@ static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); + struct digest_ctx *digest_ctx = (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); if (count == 0) return 1; @@ -800,8 +783,7 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) { - struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); + struct digest_ctx *digest_ctx = (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); if (md == NULL || digest_ctx == NULL) return 0; @@ -818,10 +800,8 @@ static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) { - struct digest_ctx *digest_from = - (struct digest_ctx *)EVP_MD_CTX_get0_md_data(from); - struct digest_ctx *digest_to = - (struct digest_ctx *)EVP_MD_CTX_get0_md_data(to); + struct digest_ctx *digest_from = (struct digest_ctx *)EVP_MD_CTX_get0_md_data(from); + struct digest_ctx *digest_to = (struct digest_ctx *)EVP_MD_CTX_get0_md_data(to); struct cphash_op cphash; if (digest_from == NULL || digest_from->init_called != 1) @@ -843,8 +823,7 @@ static int digest_cleanup(EVP_MD_CTX *ctx) { - struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); + struct digest_ctx *digest_ctx = (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); if (digest_ctx == NULL) return 1; @@ -860,20 +839,22 @@ */ static int known_digest_nids[OSSL_NELEM(digest_data)]; static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */ -static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, }; +static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { + NULL, +}; static int selected_digests[OSSL_NELEM(digest_data)]; static struct driver_info_st digest_driver_info[OSSL_NELEM(digest_data)]; static int devcrypto_test_digest(size_t digest_data_index) { return (digest_driver_info[digest_data_index].status == DEVCRYPTO_STATUS_USABLE - && selected_digests[digest_data_index] == 1 - && (digest_driver_info[digest_data_index].accelerated - == DEVCRYPTO_ACCELERATED - || use_softdrivers == DEVCRYPTO_USE_SOFTWARE - || (digest_driver_info[digest_data_index].accelerated - != DEVCRYPTO_NOT_ACCELERATED - && use_softdrivers == DEVCRYPTO_REJECT_SOFTWARE))); + && selected_digests[digest_data_index] == 1 + && (digest_driver_info[digest_data_index].accelerated + == DEVCRYPTO_ACCELERATED + || use_softdrivers == DEVCRYPTO_USE_SOFTWARE + || (digest_driver_info[digest_data_index].accelerated + != DEVCRYPTO_NOT_ACCELERATED + && use_softdrivers == DEVCRYPTO_REJECT_SOFTWARE))); } static void rebuild_known_digest_nids(ENGINE *e) @@ -903,7 +884,7 @@ memset(&sess2, 0, sizeof(sess2)); for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data); - i++) { + i++) { selected_digests[i] = 1; @@ -923,9 +904,8 @@ if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) { digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATION_UNKNOWN; } else { - digest_driver_info[i].driver_name = - OPENSSL_strndup(siop.hash_info.cra_driver_name, - CRYPTODEV_MAX_ALG_NAME); + digest_driver_info[i].driver_name = OPENSSL_strndup(siop.hash_info.cra_driver_name, + CRYPTODEV_MAX_ALG_NAME); if (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY) digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED; else @@ -946,25 +926,26 @@ goto finish; } if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid, - NID_undef)) == NULL + NID_undef)) + == NULL || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i], - digest_data[i].blocksize) + digest_data[i].blocksize) || !EVP_MD_meth_set_result_size(known_digest_methods[i], - digest_data[i].digestlen) + digest_data[i].digestlen) || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init) || !EVP_MD_meth_set_update(known_digest_methods[i], digest_update) || !EVP_MD_meth_set_final(known_digest_methods[i], digest_final) || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy) || !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup) || !EVP_MD_meth_set_app_datasize(known_digest_methods[i], - sizeof(struct digest_ctx))) { + sizeof(struct digest_ctx))) { digest_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE; EVP_MD_meth_free(known_digest_methods[i]); known_digest_methods[i] = NULL; goto finish; } digest_driver_info[i].status = DEVCRYPTO_STATUS_USABLE; -finish: + finish: ioctl(cfd, CIOCFSESSION, &sess1.ses); if (sess2.ses != 0) ioctl(cfd, CIOCFSESSION, &sess2.ses); @@ -1008,7 +989,7 @@ } static int devcrypto_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) + const int **nids, int nid) { if (digest == NULL) return get_digest_nids(nids); @@ -1053,20 +1034,20 @@ size_t i; const char *name; - fprintf (stderr, "Information about digests supported by the /dev/crypto" - " engine:\n"); + fprintf(stderr, "Information about digests supported by the /dev/crypto" + " engine:\n"); #ifndef CIOCGSESSINFO fprintf(stderr, "CIOCGSESSINFO (session info call) unavailable\n"); #endif for (i = 0; i < OSSL_NELEM(digest_data); i++) { name = OBJ_nid2sn(digest_data[i].nid); - fprintf (stderr, "Digest %s, NID=%d, /dev/crypto info: id=%d, driver=%s", - name ? name : "unknown", digest_data[i].nid, - digest_data[i].devcryptoid, - digest_driver_info[i].driver_name ? digest_driver_info[i].driver_name : "unknown"); + fprintf(stderr, "Digest %s, NID=%d, /dev/crypto info: id=%d, driver=%s", + name ? name : "unknown", digest_data[i].nid, + digest_data[i].devcryptoid, + digest_driver_info[i].driver_name ? digest_driver_info[i].driver_name : "unknown"); if (digest_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCGSESSION) { - fprintf (stderr, ". CIOCGSESSION (session open) failed\n"); + fprintf(stderr, ". CIOCGSESSION (session open) failed\n"); continue; } if (digest_driver_info[i].accelerated == DEVCRYPTO_ACCELERATED) @@ -1076,7 +1057,7 @@ else fprintf(stderr, " (acceleration status unknown)"); if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_FAILURE) - fprintf (stderr, ". Cipher setup failed\n"); + fprintf(stderr, ". Cipher setup failed\n"); else if (digest_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCCPHASH) fprintf(stderr, ", CIOCCPHASH failed\n"); else @@ -1100,38 +1081,33 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = { #if defined(CIOCGSESSINFO) || defined(CIOCGSESSION2) - {DEVCRYPTO_CMD_USE_SOFTDRIVERS, - "USE_SOFTDRIVERS", - "specifies whether to use software (not accelerated) drivers (" - OPENSSL_MSTR(DEVCRYPTO_REQUIRE_ACCELERATED) "=use only accelerated drivers, " - OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, " - OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE) - "=use if acceleration can't be determined) [default=" - OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS) "]", - ENGINE_CMD_FLAG_NUMERIC}, + { DEVCRYPTO_CMD_USE_SOFTDRIVERS, + "USE_SOFTDRIVERS", + "specifies whether to use software (not accelerated) drivers (" OPENSSL_MSTR(DEVCRYPTO_REQUIRE_ACCELERATED) "=use only accelerated drivers, " OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, " OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE) "=use if acceleration can't be determined) [default=" OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS) "]", + ENGINE_CMD_FLAG_NUMERIC }, #endif - {DEVCRYPTO_CMD_CIPHERS, - "CIPHERS", - "either ALL, NONE, or a comma-separated list of ciphers to enable [default=ALL]", - ENGINE_CMD_FLAG_STRING}, + { DEVCRYPTO_CMD_CIPHERS, + "CIPHERS", + "either ALL, NONE, or a comma-separated list of ciphers to enable [default=ALL]", + ENGINE_CMD_FLAG_STRING }, #ifdef IMPLEMENT_DIGEST - {DEVCRYPTO_CMD_DIGESTS, - "DIGESTS", - "either ALL, NONE, or a comma-separated list of digests to enable [default=ALL]", - ENGINE_CMD_FLAG_STRING}, + { DEVCRYPTO_CMD_DIGESTS, + "DIGESTS", + "either ALL, NONE, or a comma-separated list of digests to enable [default=ALL]", + ENGINE_CMD_FLAG_STRING }, #endif - {DEVCRYPTO_CMD_DUMP_INFO, - "DUMP_INFO", - "dump info about each algorithm to stderr; use 'openssl engine -pre DUMP_INFO devcrypto'", - ENGINE_CMD_FLAG_NO_INPUT}, + { DEVCRYPTO_CMD_DUMP_INFO, + "DUMP_INFO", + "dump info about each algorithm to stderr; use 'openssl engine -pre DUMP_INFO devcrypto'", + ENGINE_CMD_FLAG_NO_INPUT }, - {0, NULL, NULL, 0} + { 0, NULL, NULL, 0 } }; -static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int *new_list; switch (cmd) { @@ -1161,10 +1137,10 @@ return 1; if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { devcrypto_select_all_ciphers(selected_ciphers); - } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { + } else if (OPENSSL_strcasecmp((const char *)p, "NONE") == 0) { memset(selected_ciphers, 0, sizeof(selected_ciphers)); } else { - new_list=OPENSSL_zalloc(sizeof(selected_ciphers)); + new_list = OPENSSL_zalloc(sizeof(selected_ciphers)); if (!CONF_parse_list(p, ',', 1, cryptodev_select_cipher_cb, new_list)) { OPENSSL_free(new_list); return 0; @@ -1181,10 +1157,10 @@ return 1; if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { devcrypto_select_all_digests(selected_digests); - } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { + } else if (OPENSSL_strcasecmp((const char *)p, "NONE") == 0) { memset(selected_digests, 0, sizeof(selected_digests)); } else { - new_list=OPENSSL_zalloc(sizeof(selected_digests)); + new_list = OPENSSL_zalloc(sizeof(selected_digests)); if (!CONF_parse_list(p, ',', 1, cryptodev_select_digest_cb, new_list)) { OPENSSL_free(new_list); return 0; @@ -1275,7 +1251,8 @@ return 1; } -static int bind_devcrypto(ENGINE *e) { +static int bind_devcrypto(ENGINE *e) +{ if (!ENGINE_set_id(e, engine_devcrypto_id) || !ENGINE_set_name(e, "/dev/crypto engine") @@ -1315,17 +1292,17 @@ */ #if 0 && ENGINE_set_RSA(e, devcrypto_rsa) -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA && ENGINE_set_DSA(e, devcrypto_dsa) -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH && ENGINE_set_DH(e, devcrypto_dh) -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC && ENGINE_set_EC(e, devcrypto_ec) -# endif #endif - ); +#endif + ); } #ifdef OPENSSL_NO_DYNAMIC_ENGINE @@ -1353,7 +1330,7 @@ * If the "add" worked, it gets a structural reference. So either way, we * release our just-created reference. */ - ENGINE_free(e); /* Loose our local reference */ + ENGINE_free(e); /* Loose our local reference */ /* * If the "add" didn't work, it was probably a conflict because it was * already added (eg. someone calling ENGINE_load_blah then calling --- crypto/openssl/engines/e_loader_attic.c.orig +++ crypto/openssl/engines/e_loader_attic.c @@ -20,33 +20,35 @@ #include #include -#include /* For d2i_DSAPrivateKey */ +#include /* For d2i_DSAPrivateKey */ #include #include #include -#include /* For the PKCS8 stuff o.O */ -#include /* For d2i_RSAPrivateKey */ +#include /* For the PKCS8 stuff o.O */ +#include /* For d2i_RSAPrivateKey */ #include #include #include #include -#include /* For the PKCS8 stuff o.O */ -#include "internal/asn1.h" /* For asn1_d2i_read_bio */ +#include /* For the PKCS8 stuff o.O */ +#include "internal/asn1.h" /* For asn1_d2i_read_bio */ #include "internal/o_dir.h" #include "internal/cryptlib.h" -#include "crypto/ctype.h" /* For ossl_isdigit */ -#include "crypto/pem.h" /* For PVK and "blob" PEM headers */ +#include "crypto/ctype.h" /* For ossl_isdigit */ +#include "crypto/pem.h" /* For PVK and "blob" PEM headers */ +/* clang-format off */ #include "e_loader_attic_err.c" +/* clang-format on */ DEFINE_STACK_OF(OSSL_STORE_INFO) #ifdef _WIN32 -# define stat _stat +#define stat _stat #endif #ifndef S_ISDIR -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) #endif /*- @@ -55,8 +57,8 @@ */ static char *file_get_pass(const UI_METHOD *ui_method, char *pass, - size_t maxsize, const char *desc, const char *info, - void *data) + size_t maxsize, const char *desc, const char *info, + void *data) { UI *ui = UI_new(); char *prompt = NULL; @@ -74,7 +76,8 @@ ATTICerr(0, ERR_R_MALLOC_FAILURE); pass = NULL; } else if (UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, - pass, 0, maxsize - 1) <= 0) { + pass, 0, maxsize - 1) + <= 0) { ATTICerr(0, ERR_R_UI_LIB); pass = NULL; } else { @@ -105,8 +108,8 @@ }; static int file_fill_pem_pass_data(struct pem_pass_data *pass_data, - const char *desc, const char *info, - const UI_METHOD *ui_method, void *ui_data) + const char *desc, const char *info, + const UI_METHOD *ui_method, void *ui_data) { if (pass_data == NULL) return 0; @@ -122,8 +125,8 @@ { struct pem_pass_data *pass_data = data; char *pass = file_get_pass(pass_data->ui_method, buf, num, - pass_data->prompt_desc, pass_data->prompt_info, - pass_data->data); + pass_data->prompt_desc, pass_data->prompt_info, + pass_data->data); return pass == NULL ? 0 : strlen(pass); } @@ -161,7 +164,7 @@ * new PEM name. */ /* Negative numbers are never used for public OSSL_STORE_INFO types */ -#define STORE_INFO_EMBEDDED -1 +#define STORE_INFO_EMBEDDED -1 /* This is the embedded data */ struct embedded_st { @@ -188,7 +191,7 @@ } static OSSL_STORE_INFO *new_EMBEDDED(const char *new_pem_name, - BUF_MEM *embedded) + BUF_MEM *embedded) { OSSL_STORE_INFO *info = NULL; struct embedded_st *data = NULL; @@ -201,8 +204,7 @@ } data->blob = embedded; - data->pem_name = - new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name); + data->pem_name = new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name); if (new_pem_name != NULL && data->pem_name == NULL) { ATTICerr(0, ERR_R_MALLOC_FAILURE); @@ -257,14 +259,14 @@ * a OSSL_STORE_INFO */ typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, - const char *pem_header, - const unsigned char *blob, - size_t len, void **handler_ctx, - int *matchcount, - const UI_METHOD *ui_method, - void *ui_data, const char *uri, - OSSL_LIB_CTX *libctx, - const char *propq); + const char *pem_header, + const unsigned char *blob, + size_t len, void **handler_ctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data, const char *uri, + OSSL_LIB_CTX *libctx, + const char *propq); /* * The eof function should return 1 if there's no more data to be found * with the handler_ctx, otherwise 0. This is only used when the handler is @@ -294,14 +296,14 @@ * then serving them one piece at a time. */ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, - const char *pem_header, - const unsigned char *blob, - size_t len, void **pctx, - int *matchcount, - const UI_METHOD *ui_method, - void *ui_data, const char *uri, - OSSL_LIB_CTX *libctx, - const char *propq) + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data, const char *uri, + OSSL_LIB_CTX *libctx, + const char *propq) { OSSL_STORE_INFO *store_info = NULL; STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; @@ -329,8 +331,9 @@ pass = ""; } else { if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, - "PKCS12 import", uri, - ui_data)) == NULL) { + "PKCS12 import", uri, + ui_data)) + == NULL) { ATTICerr(0, ATTIC_R_PASSPHRASE_CALLBACK_ERROR); goto p12_end; } @@ -389,7 +392,7 @@ *pctx = ctx; } } - p12_end: + p12_end: PKCS12_free(p12); if (ctx == NULL) return NULL; @@ -429,15 +432,15 @@ * decoding process will then start over with the new blob. */ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, - const char *pem_header, - const unsigned char *blob, - size_t len, void **pctx, - int *matchcount, - const UI_METHOD *ui_method, - void *ui_data, - const char *uri, - OSSL_LIB_CTX *libctx, - const char *propq) + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data, + const char *uri, + OSSL_LIB_CTX *libctx, + const char *propq) { X509_SIG *p8 = NULL; char kbuf[PEM_BUFSIZE]; @@ -466,15 +469,16 @@ } if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE, - "PKCS8 decrypt pass phrase", uri, - ui_data)) == NULL) { + "PKCS8 decrypt pass phrase", uri, + ui_data)) + == NULL) { ATTICerr(0, ATTIC_R_BAD_PASSWORD_READ); goto nop8; } X509_SIG_get0(p8, &dalg, &doct); if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length, - &new_data, &new_data_len, 0)) + &new_data, &new_data_len, 0)) goto nop8; mem->data = (char *)new_data; @@ -489,7 +493,7 @@ } return store_info; - nop8: +nop8: X509_SIG_free(p8); BUF_MEM_free(mem); return NULL; @@ -506,14 +510,14 @@ * the PEM name). */ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, - const char *pem_header, - const unsigned char *blob, - size_t len, void **pctx, - int *matchcount, - const UI_METHOD *ui_method, - void *ui_data, const char *uri, - OSSL_LIB_CTX *libctx, - const char *propq) + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data, const char *uri, + OSSL_LIB_CTX *libctx, + const char *propq) { OSSL_STORE_INFO *store_info = NULL; EVP_PKEY *pkey = NULL; @@ -521,8 +525,7 @@ if (pem_name != NULL) { if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) { - PKCS8_PRIV_KEY_INFO *p8inf = - d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len); + PKCS8_PRIV_KEY_INFO *p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len); *matchcount = 1; if (p8inf != NULL) @@ -534,12 +537,13 @@ if ((slen = check_suffix(pem_name, "PRIVATE KEY")) > 0 && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, - slen)) != NULL + slen)) + != NULL && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, - ameth)) { + ameth)) { *matchcount = 1; pkey = d2i_PrivateKey_ex(pkey_id, NULL, &blob, len, - libctx, propq); + libctx, propq); } } } else { @@ -548,8 +552,7 @@ ENGINE *curengine = ENGINE_get_first(); while (curengine != NULL) { - ENGINE_PKEY_ASN1_METHS_PTR asn1meths = - ENGINE_get_pkey_asn1_meths(curengine); + ENGINE_PKEY_ASN1_METHS_PTR asn1meths = ENGINE_get_pkey_asn1_meths(curengine); if (asn1meths != NULL) { const int *nids = NULL; @@ -563,15 +566,15 @@ if (!asn1meths(curengine, &ameth2, NULL, nids[i]) || !EVP_PKEY_asn1_get0_info(&pkey_id, NULL, - &pkey_flags, NULL, NULL, - ameth2) + &pkey_flags, NULL, NULL, + ameth2) || (pkey_flags & ASN1_PKEY_ALIAS) != 0) continue; ERR_set_mark(); /* prevent flooding error queue */ tmp_pkey = d2i_PrivateKey_ex(pkey_id, NULL, - &tmp_blob, len, - libctx, propq); + &tmp_blob, len, + libctx, propq); if (tmp_pkey != NULL) { if (pkey != NULL) EVP_PKEY_free(tmp_pkey); @@ -593,13 +596,13 @@ ameth = EVP_PKEY_asn1_get0(i); if (!EVP_PKEY_asn1_get0_info(&pkey_id, NULL, &pkey_flags, NULL, - NULL, ameth) + NULL, ameth) || (pkey_flags & ASN1_PKEY_ALIAS) != 0) continue; ERR_set_mark(); /* prevent flooding error queue */ tmp_pkey = d2i_PrivateKey_ex(pkey_id, NULL, &tmp_blob, len, - libctx, propq); + libctx, propq); if (tmp_pkey != NULL) { if (pkey != NULL) EVP_PKEY_free(tmp_pkey); @@ -635,14 +638,14 @@ * Public key decoder. Only supports SubjectPublicKeyInfo formatted keys. */ static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, - const char *pem_header, - const unsigned char *blob, - size_t len, void **pctx, - int *matchcount, - const UI_METHOD *ui_method, - void *ui_data, const char *uri, - OSSL_LIB_CTX *libctx, - const char *propq) + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data, const char *uri, + OSSL_LIB_CTX *libctx, + const char *propq) { OSSL_STORE_INFO *store_info = NULL; EVP_PKEY *pkey = NULL; @@ -671,14 +674,14 @@ * Key parameter decoder. */ static OSSL_STORE_INFO *try_decode_params(const char *pem_name, - const char *pem_header, - const unsigned char *blob, - size_t len, void **pctx, - int *matchcount, - const UI_METHOD *ui_method, - void *ui_data, const char *uri, - OSSL_LIB_CTX *libctx, - const char *propq) + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data, const char *uri, + OSSL_LIB_CTX *libctx, + const char *propq) { OSSL_STORE_INFO *store_info = NULL; EVP_PKEY *pkey = NULL; @@ -691,7 +694,7 @@ if ((slen = check_suffix(pem_name, "PARAMETERS")) > 0 && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, slen)) != NULL && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, - ameth)) { + ameth)) { *matchcount = 1; pkey = d2i_KeyParams(pkey_id, NULL, &blob, len); } @@ -705,7 +708,7 @@ ameth = EVP_PKEY_asn1_get0(i); if (!EVP_PKEY_asn1_get0_info(&pkey_id, NULL, &pkey_flags, NULL, - NULL, ameth) + NULL, ameth) || (pkey_flags & ASN1_PKEY_ALIAS) != 0) continue; @@ -748,15 +751,15 @@ * X.509 certificate decoder. */ static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name, - const char *pem_header, - const unsigned char *blob, - size_t len, void **pctx, - int *matchcount, - const UI_METHOD *ui_method, - void *ui_data, - const char *uri, - OSSL_LIB_CTX *libctx, - const char *propq) + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data, + const char *uri, + OSSL_LIB_CTX *libctx, + const char *propq) { OSSL_STORE_INFO *store_info = NULL; X509 *cert = NULL; @@ -774,7 +777,7 @@ if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0) ignore_trusted = 0; else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0 - && strcmp(pem_name, PEM_STRING_X509) != 0) + && strcmp(pem_name, PEM_STRING_X509) != 0) /* No match */ return NULL; *matchcount = 1; @@ -805,14 +808,14 @@ * X.509 CRL decoder. */ static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name, - const char *pem_header, - const unsigned char *blob, - size_t len, void **pctx, - int *matchcount, - const UI_METHOD *ui_method, - void *ui_data, const char *uri, - OSSL_LIB_CTX *libctx, - const char *propq) + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data, const char *uri, + OSSL_LIB_CTX *libctx, + const char *propq) { OSSL_STORE_INFO *store_info = NULL; X509_CRL *crl = NULL; @@ -853,22 +856,21 @@ &PrivateKey_handler, }; - /*- * The loader itself * ----------------- */ struct ossl_store_loader_ctx_st { - char *uri; /* The URI we currently try to load */ + char *uri; /* The URI we currently try to load */ enum { is_raw = 0, is_pem, is_dir } type; int errcnt; -#define FILE_FLAG_SECMEM (1<<0) -#define FILE_FLAG_ATTACHED (1<<1) +#define FILE_FLAG_SECMEM (1 << 0) +#define FILE_FLAG_ATTACHED (1 << 1) unsigned int flags; union { struct { /* Used with is_raw and is_pem */ @@ -929,7 +931,9 @@ static int file_find_type(OSSL_STORE_LOADER_CTX *ctx) { BIO *buff = NULL; - char peekbuf[4096] = { 0, }; + char peekbuf[4096] = { + 0, + }; if ((buff = BIO_new(BIO_f_buffer())) == NULL) return 0; @@ -943,16 +947,15 @@ return 1; } -static OSSL_STORE_LOADER_CTX *file_open_ex - (const OSSL_STORE_LOADER *loader, const char *uri, - OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data) +static OSSL_STORE_LOADER_CTX *file_open_ex(const OSSL_STORE_LOADER *loader, const char *uri, + OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data) { OSSL_STORE_LOADER_CTX *ctx = NULL; struct stat st; struct { const char *path; - unsigned int check_absolute:1; + unsigned int check_absolute : 1; } path_data[2]; size_t path_data_n = 0, i; const char *path; @@ -973,7 +976,7 @@ const char *p = &uri[5]; if (strncmp(&uri[5], "//", 2) == 0) { - path_data_n--; /* Invalidate using the full URI */ + path_data_n--; /* Invalidate using the full URI */ if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { p = &uri[16]; } else if (uri[7] == '/') { @@ -1000,7 +1003,6 @@ path_data[path_data_n++].path = p; } - for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { /* * If the scheme "file" was an explicit part of the URI, the path must @@ -1014,8 +1016,8 @@ if (stat(path_data[i].path, &st) < 0) { ERR_raise_data(ERR_LIB_SYS, errno, - "calling stat(%s)", - path_data[i].path); + "calling stat(%s)", + path_data[i].path); } else { path = path_data[i].path; } @@ -1049,7 +1051,7 @@ ctx->_.dir.end_reached = 1; } } else if ((ctx->_.file.file = BIO_new_file(path, "rb")) == NULL - || !file_find_type(ctx)) { + || !file_find_type(ctx)) { BIO_free_all(ctx->_.file.file); goto err; } @@ -1063,22 +1065,20 @@ ctx->libctx = libctx; return ctx; - err: +err: OSSL_STORE_LOADER_CTX_free(ctx); return NULL; } -static OSSL_STORE_LOADER_CTX *file_open - (const OSSL_STORE_LOADER *loader, const char *uri, - const UI_METHOD *ui_method, void *ui_data) +static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, const char *uri, + const UI_METHOD *ui_method, void *ui_data) { return file_open_ex(loader, uri, NULL, NULL, ui_method, ui_data); } -static OSSL_STORE_LOADER_CTX *file_attach - (const OSSL_STORE_LOADER *loader, BIO *bp, - OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data) +static OSSL_STORE_LOADER_CTX *file_attach(const OSSL_STORE_LOADER *loader, BIO *bp, + OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data) { OSSL_STORE_LOADER_CTX *ctx = NULL; @@ -1107,24 +1107,22 @@ int ret = 1; switch (cmd) { - case OSSL_STORE_C_USE_SECMEM: - { - int on = *(va_arg(args, int *)); + case OSSL_STORE_C_USE_SECMEM: { + int on = *(va_arg(args, int *)); - switch (on) { - case 0: - ctx->flags &= ~FILE_FLAG_SECMEM; - break; - case 1: - ctx->flags |= FILE_FLAG_SECMEM; - break; - default: - ATTICerr(0, ERR_R_PASSED_INVALID_ARGUMENT); - ret = 0; - break; - } + switch (on) { + case 0: + ctx->flags &= ~FILE_FLAG_SECMEM; + break; + case 1: + ctx->flags |= FILE_FLAG_SECMEM; + break; + default: + ATTICerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + ret = 0; + break; } - break; + } break; default: break; } @@ -1139,7 +1137,7 @@ } static int file_find(OSSL_STORE_LOADER_CTX *ctx, - const OSSL_STORE_SEARCH *search) + const OSSL_STORE_SEARCH *search) { /* * If ctx == NULL, the library is looking to know if this loader supports @@ -1158,9 +1156,9 @@ } hash = X509_NAME_hash_ex(OSSL_STORE_SEARCH_get0_name(search), - NULL, NULL, NULL); + NULL, NULL, NULL); BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name), - "%08lx", hash); + "%08lx", hash); return 1; } @@ -1170,87 +1168,84 @@ } static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, - const char *pem_name, - const char *pem_header, - unsigned char *data, size_t len, - const UI_METHOD *ui_method, - void *ui_data, int *matchcount) + const char *pem_name, + const char *pem_header, + unsigned char *data, size_t len, + const UI_METHOD *ui_method, + void *ui_data, int *matchcount) { OSSL_STORE_INFO *result = NULL; BUF_MEM *new_mem = NULL; char *new_pem_name = NULL; int t = 0; - again: - { - size_t i = 0; - void *handler_ctx = NULL; - const FILE_HANDLER **matching_handlers = - OPENSSL_zalloc(sizeof(*matching_handlers) - * OSSL_NELEM(file_handlers)); +again: { + size_t i = 0; + void *handler_ctx = NULL; + const FILE_HANDLER **matching_handlers = OPENSSL_zalloc(sizeof(*matching_handlers) + * OSSL_NELEM(file_handlers)); - if (matching_handlers == NULL) { - ATTICerr(0, ERR_R_MALLOC_FAILURE); - goto err; - } + if (matching_handlers == NULL) { + ATTICerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } - *matchcount = 0; - for (i = 0; i < OSSL_NELEM(file_handlers); i++) { - const FILE_HANDLER *handler = file_handlers[i]; - int try_matchcount = 0; - void *tmp_handler_ctx = NULL; - OSSL_STORE_INFO *tmp_result; - unsigned long err; - - ERR_set_mark(); - tmp_result = - handler->try_decode(pem_name, pem_header, data, len, - &tmp_handler_ctx, &try_matchcount, - ui_method, ui_data, ctx->uri, - ctx->libctx, ctx->propq); - /* avoid flooding error queue with low-level ASN.1 parse errors */ - err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) == ERR_LIB_ASN1 - && ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR) - ERR_pop_to_mark(); - else - ERR_clear_last_mark(); - - if (try_matchcount > 0) { - - matching_handlers[*matchcount] = handler; - - if (handler_ctx) + *matchcount = 0; + for (i = 0; i < OSSL_NELEM(file_handlers); i++) { + const FILE_HANDLER *handler = file_handlers[i]; + int try_matchcount = 0; + void *tmp_handler_ctx = NULL; + OSSL_STORE_INFO *tmp_result; + unsigned long err; + + ERR_set_mark(); + tmp_result = handler->try_decode(pem_name, pem_header, data, len, + &tmp_handler_ctx, &try_matchcount, + ui_method, ui_data, ctx->uri, + ctx->libctx, ctx->propq); + /* avoid flooding error queue with low-level ASN.1 parse errors */ + err = ERR_peek_last_error(); + if (ERR_GET_LIB(err) == ERR_LIB_ASN1 + && ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR) + ERR_pop_to_mark(); + else + ERR_clear_last_mark(); + + if (try_matchcount > 0) { + + matching_handlers[*matchcount] = handler; + + if (handler_ctx) + handler->destroy_ctx(&handler_ctx); + handler_ctx = tmp_handler_ctx; + + if ((*matchcount += try_matchcount) > 1) { + /* more than one match => ambiguous, kill any result */ + store_info_free(result); + store_info_free(tmp_result); + if (handler->destroy_ctx != NULL) handler->destroy_ctx(&handler_ctx); - handler_ctx = tmp_handler_ctx; - - if ((*matchcount += try_matchcount) > 1) { - /* more than one match => ambiguous, kill any result */ - store_info_free(result); - store_info_free(tmp_result); - if (handler->destroy_ctx != NULL) - handler->destroy_ctx(&handler_ctx); - handler_ctx = NULL; - tmp_result = NULL; - result = NULL; - } - if (result == NULL) - result = tmp_result; - if (result == NULL) /* e.g., PKCS#12 file decryption error */ - break; + handler_ctx = NULL; + tmp_result = NULL; + result = NULL; } + if (result == NULL) + result = tmp_result; + if (result == NULL) /* e.g., PKCS#12 file decryption error */ + break; } + } - if (result != NULL - && *matchcount == 1 && matching_handlers[0]->repeatable) { - ctx->_.file.last_handler = matching_handlers[0]; - ctx->_.file.last_handler_ctx = handler_ctx; - } - - OPENSSL_free(matching_handlers); + if (result != NULL + && *matchcount == 1 && matching_handlers[0]->repeatable) { + ctx->_.file.last_handler = matching_handlers[0]; + ctx->_.file.last_handler_ctx = handler_ctx; } - err: + OPENSSL_free(matching_handlers); +} + +err: OPENSSL_free(new_pem_name); BUF_MEM_free(new_mem); @@ -1275,19 +1270,18 @@ } static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx, - const UI_METHOD *ui_method, - void *ui_data) + const UI_METHOD *ui_method, + void *ui_data) { OSSL_STORE_INFO *result = NULL; int try_matchcount = 0; if (ctx->_.file.last_handler != NULL) { - result = - ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0, - &ctx->_.file.last_handler_ctx, - &try_matchcount, - ui_method, ui_data, ctx->uri, - ctx->libctx, ctx->propq); + result = ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0, + &ctx->_.file.last_handler_ctx, + &try_matchcount, + ui_method, ui_data, ctx->uri, + ctx->libctx, ctx->propq); if (result == NULL) { ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); @@ -1306,13 +1300,13 @@ OPENSSL_free(pem_data); } static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, - unsigned char **data, long *len, - const UI_METHOD *ui_method, void *ui_data, - const char *uri, int secure) + unsigned char **data, long *len, + const UI_METHOD *ui_method, void *ui_data, + const char *uri, int secure) { int i = secure ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len, - PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE) + PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE) : PEM_read_bio(bp, pem_name, pem_header, data, len); if (i <= 0) @@ -1330,9 +1324,9 @@ if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher) || !file_fill_pem_pass_data(&pass_data, "PEM pass phrase", uri, - ui_method, ui_data) + ui_method, ui_data) || !PEM_do_header(&cipher, *data, len, file_get_pem_pass, - &pass_data)) { + &pass_data)) { return 0; } } @@ -1347,13 +1341,16 @@ { unsigned int magic = 0, bitlen = 0; int isdss = 0; - unsigned char peekbuf[16] = { 0, }; + unsigned char peekbuf[16] = { + 0, + }; const unsigned char *p = peekbuf; if (BIO_buffer_peek(bp, peekbuf, sizeof(peekbuf)) <= 0) return 0; if (ossl_do_blob_header(&p, sizeof(peekbuf), &magic, &bitlen, - &isdss, &ispub) <= 0) + &isdss, &ispub) + <= 0) return 0; } @@ -1375,14 +1372,16 @@ } static OSSL_STORE_INFO *file_try_read_PVK(BIO *bp, const UI_METHOD *ui_method, - void *ui_data, const char *uri, - int *matchcount) + void *ui_data, const char *uri, + int *matchcount) { OSSL_STORE_INFO *result = NULL; { unsigned int saltlen = 0, keylen = 0; - unsigned char peekbuf[24] = { 0, }; + unsigned char peekbuf[24] = { + 0, + }; const unsigned char *p = peekbuf; if (BIO_buffer_peek(bp, peekbuf, sizeof(peekbuf)) <= 0) @@ -1398,7 +1397,7 @@ struct pem_pass_data pass_data; if (!file_fill_pem_pass_data(&pass_data, "PVK pass phrase", uri, - ui_method, ui_data) + ui_method, ui_data) || (tmp = b2i_PVK_bio(bp, file_get_pem_pass, &pass_data)) == NULL || (result = OSSL_STORE_INFO_new_PKEY(tmp)) == NULL) { EVP_PKEY_free(tmp); @@ -1424,7 +1423,7 @@ } static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, - char **data) + char **data) { assert(name != NULL); assert(data != NULL); @@ -1511,8 +1510,8 @@ static int file_eof(OSSL_STORE_LOADER_CTX *ctx); static int file_error(OSSL_STORE_LOADER_CTX *ctx); static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, - const UI_METHOD *ui_method, - void *ui_data) + const UI_METHOD *ui_method, + void *ui_data) { OSSL_STORE_INFO *result = NULL; @@ -1557,7 +1556,7 @@ } else { int matchcount = -1; - again: + again: result = file_load_try_repeat(ctx, ui_method, ui_data); if (result != NULL) return result; @@ -1566,25 +1565,27 @@ return NULL; do { - char *pem_name = NULL; /* PEM record name */ - char *pem_header = NULL; /* PEM record header */ + char *pem_name = NULL; /* PEM record name */ + char *pem_header = NULL; /* PEM record header */ unsigned char *data = NULL; /* DER encoded data */ - long len = 0; /* DER encoded data length */ + long len = 0; /* DER encoded data length */ matchcount = -1; if (ctx->type == is_pem) { if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header, - &data, &len, ui_method, ui_data, ctx->uri, - (ctx->flags & FILE_FLAG_SECMEM) != 0)) { + &data, &len, ui_method, ui_data, ctx->uri, + (ctx->flags & FILE_FLAG_SECMEM) != 0)) { ctx->errcnt++; goto endloop; } } else { if ((result = file_try_read_msblob(ctx->_.file.file, - &matchcount)) != NULL + &matchcount)) + != NULL || (result = file_try_read_PVK(ctx->_.file.file, - ui_method, ui_data, ctx->uri, - &matchcount)) != NULL) + ui_method, ui_data, ctx->uri, + &matchcount)) + != NULL) goto endloop; if (!file_read_asn1(ctx->_.file.file, &data, &len)) { @@ -1594,7 +1595,7 @@ } result = file_load_try_decode(ctx, pem_name, pem_header, data, len, - ui_method, ui_data, &matchcount); + ui_method, ui_data, &matchcount); if (result != NULL) goto endloop; @@ -1624,7 +1625,7 @@ if (matchcount > 0) ctx->errcnt++; - endloop: + endloop: pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len); @@ -1702,13 +1703,11 @@ return 1; } - static int loader_attic_finish(ENGINE *e) { return 1; } - static int loader_attic_destroy(ENGINE *e) { OSSL_STORE_LOADER *loader = OSSL_STORE_unregister_loader("file"); @@ -1757,7 +1756,7 @@ } #ifdef OPENSSL_NO_DYNAMIC_ENGINE -# error "Only allowed as dynamically shared object" +#error "Only allowed as dynamically shared object" #endif static int bind_helper(ENGINE *e, const char *id) @@ -1770,4 +1769,4 @@ } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) --- crypto/openssl/engines/e_loader_attic_err.c.orig +++ crypto/openssl/engines/e_loader_attic_err.c @@ -14,25 +14,25 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA ATTIC_str_reasons[] = { - {ERR_PACK(0, 0, ATTIC_R_AMBIGUOUS_CONTENT_TYPE), "ambiguous content type"}, - {ERR_PACK(0, 0, ATTIC_R_BAD_PASSWORD_READ), "bad password read"}, - {ERR_PACK(0, 0, ATTIC_R_ERROR_VERIFYING_PKCS12_MAC), - "error verifying pkcs12 mac"}, - {ERR_PACK(0, 0, ATTIC_R_INIT_FAILED), "init failed"}, - {ERR_PACK(0, 0, ATTIC_R_PASSPHRASE_CALLBACK_ERROR), - "passphrase callback error"}, - {ERR_PACK(0, 0, ATTIC_R_PATH_MUST_BE_ABSOLUTE), "path must be absolute"}, - {ERR_PACK(0, 0, ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), - "search only supported for directories"}, - {ERR_PACK(0, 0, ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED), - "ui process interrupted or cancelled"}, - {ERR_PACK(0, 0, ATTIC_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, - {ERR_PACK(0, 0, ATTIC_R_UNSUPPORTED_SEARCH_TYPE), - "unsupported search type"}, - {ERR_PACK(0, 0, ATTIC_R_URI_AUTHORITY_UNSUPPORTED), - "uri authority unsupported"}, - {0, NULL} + { ERR_PACK(0, 0, ATTIC_R_AMBIGUOUS_CONTENT_TYPE), "ambiguous content type" }, + { ERR_PACK(0, 0, ATTIC_R_BAD_PASSWORD_READ), "bad password read" }, + { ERR_PACK(0, 0, ATTIC_R_ERROR_VERIFYING_PKCS12_MAC), + "error verifying pkcs12 mac" }, + { ERR_PACK(0, 0, ATTIC_R_INIT_FAILED), "init failed" }, + { ERR_PACK(0, 0, ATTIC_R_PASSPHRASE_CALLBACK_ERROR), + "passphrase callback error" }, + { ERR_PACK(0, 0, ATTIC_R_PATH_MUST_BE_ABSOLUTE), "path must be absolute" }, + { ERR_PACK(0, 0, ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), + "search only supported for directories" }, + { ERR_PACK(0, 0, ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED), + "ui process interrupted or cancelled" }, + { ERR_PACK(0, 0, ATTIC_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type" }, + { ERR_PACK(0, 0, ATTIC_R_UNSUPPORTED_SEARCH_TYPE), + "unsupported search type" }, + { ERR_PACK(0, 0, ATTIC_R_URI_AUTHORITY_UNSUPPORTED), + "uri authority unsupported" }, + { 0, NULL } }; #endif --- crypto/openssl/engines/e_loader_attic_err.h.orig +++ crypto/openssl/engines/e_loader_attic_err.h @@ -9,29 +9,27 @@ */ #ifndef OSSL_E_LOADER_ATTIC_ERR_H -# define OSSL_E_LOADER_ATTIC_ERR_H -# pragma once +#define OSSL_E_LOADER_ATTIC_ERR_H +#pragma once -# include -# include - - -# define ATTICerr(f, r) ERR_ATTIC_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) +#include +#include +#define ATTICerr(f, r) ERR_ATTIC_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * ATTIC reason codes. */ -# define ATTIC_R_AMBIGUOUS_CONTENT_TYPE 100 -# define ATTIC_R_BAD_PASSWORD_READ 101 -# define ATTIC_R_ERROR_VERIFYING_PKCS12_MAC 102 -# define ATTIC_R_INIT_FAILED 103 -# define ATTIC_R_PASSPHRASE_CALLBACK_ERROR 104 -# define ATTIC_R_PATH_MUST_BE_ABSOLUTE 105 -# define ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 106 -# define ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 107 -# define ATTIC_R_UNSUPPORTED_CONTENT_TYPE 108 -# define ATTIC_R_UNSUPPORTED_SEARCH_TYPE 109 -# define ATTIC_R_URI_AUTHORITY_UNSUPPORTED 110 +#define ATTIC_R_AMBIGUOUS_CONTENT_TYPE 100 +#define ATTIC_R_BAD_PASSWORD_READ 101 +#define ATTIC_R_ERROR_VERIFYING_PKCS12_MAC 102 +#define ATTIC_R_INIT_FAILED 103 +#define ATTIC_R_PASSPHRASE_CALLBACK_ERROR 104 +#define ATTIC_R_PATH_MUST_BE_ABSOLUTE 105 +#define ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 106 +#define ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 107 +#define ATTIC_R_UNSUPPORTED_CONTENT_TYPE 108 +#define ATTIC_R_UNSUPPORTED_SEARCH_TYPE 109 +#define ATTIC_R_URI_AUTHORITY_UNSUPPORTED 110 #endif --- crypto/openssl/engines/e_ossltest.c.orig +++ crypto/openssl/engines/e_ossltest.c @@ -40,29 +40,29 @@ #include #include +/* clang-format off */ #include "e_ossltest_err.c" +/* clang-format on */ /* Engine Id and Name */ static const char *engine_ossltest_id = "ossltest"; static const char *engine_ossltest_name = "OpenSSL Test engine support"; - /* Engine Lifetime functions */ static int ossltest_destroy(ENGINE *e); static int ossltest_init(ENGINE *e); static int ossltest_finish(ENGINE *e); void ENGINE_load_ossltest(void); - /* Set up digests */ static int ossltest_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); + const int **nids, int nid); static const RAND_METHOD *ossltest_rand_method(void); /* MD5 */ static int digest_md5_init(EVP_MD_CTX *ctx); static int digest_md5_update(EVP_MD_CTX *ctx, const void *data, - size_t count); + size_t count); static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md); static EVP_MD *_hidden_md5_md = NULL; @@ -75,7 +75,7 @@ || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH) || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK) || !EVP_MD_meth_set_app_datasize(md, - sizeof(EVP_MD *) + sizeof(MD5_CTX)) + sizeof(EVP_MD *) + sizeof(MD5_CTX)) || !EVP_MD_meth_set_flags(md, 0) || !EVP_MD_meth_set_init(md, digest_md5_init) || !EVP_MD_meth_set_update(md, digest_md5_update) @@ -91,7 +91,7 @@ /* SHA1 */ static int digest_sha1_init(EVP_MD_CTX *ctx); static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data, - size_t count); + size_t count); static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); static EVP_MD *_hidden_sha1_md = NULL; @@ -104,7 +104,7 @@ || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) || !EVP_MD_meth_set_app_datasize(md, - sizeof(EVP_MD *) + sizeof(SHA_CTX)) + sizeof(EVP_MD *) + sizeof(SHA_CTX)) || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) || !EVP_MD_meth_set_init(md, digest_sha1_init) || !EVP_MD_meth_set_update(md, digest_sha1_update) @@ -120,7 +120,7 @@ /* SHA256 */ static int digest_sha256_init(EVP_MD_CTX *ctx); static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data, - size_t count); + size_t count); static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md); static EVP_MD *_hidden_sha256_md = NULL; @@ -133,7 +133,7 @@ || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH) || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK) || !EVP_MD_meth_set_app_datasize(md, - sizeof(EVP_MD *) + sizeof(SHA256_CTX)) + sizeof(EVP_MD *) + sizeof(SHA256_CTX)) || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) || !EVP_MD_meth_set_init(md, digest_sha256_init) || !EVP_MD_meth_set_update(md, digest_sha256_update) @@ -149,12 +149,12 @@ /* SHA384/SHA512 */ static int digest_sha384_init(EVP_MD_CTX *ctx); static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data, - size_t count); + size_t count); static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md); static int digest_sha512_init(EVP_MD_CTX *ctx); static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, - size_t count); + size_t count); static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md); static EVP_MD *_hidden_sha384_md = NULL; @@ -167,7 +167,7 @@ || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH) || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) || !EVP_MD_meth_set_app_datasize(md, - sizeof(EVP_MD *) + sizeof(SHA512_CTX)) + sizeof(EVP_MD *) + sizeof(SHA512_CTX)) || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) || !EVP_MD_meth_set_init(md, digest_sha384_init) || !EVP_MD_meth_set_update(md, digest_sha384_update) @@ -189,7 +189,7 @@ || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH) || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) || !EVP_MD_meth_set_app_datasize(md, - sizeof(EVP_MD *) + sizeof(SHA512_CTX)) + sizeof(EVP_MD *) + sizeof(SHA512_CTX)) || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) || !EVP_MD_meth_set_init(md, digest_sha512_init) || !EVP_MD_meth_set_update(md, digest_sha512_update) @@ -241,7 +241,7 @@ /* Setup ciphers */ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **, - const int **, int); + const int **, int); static int ossltest_cipher_nids[] = { NID_aes_128_cbc, NID_aes_128_gcm, @@ -251,30 +251,30 @@ /* AES128 */ static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *key, + const unsigned char *iv, int enc); static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *key, + const unsigned char *iv, int enc); static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr); + void *ptr); static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc); + const unsigned char *key, + const unsigned char *iv, + int enc); static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl); + unsigned char *out, + const unsigned char *in, + size_t inl); static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - int arg, void *ptr); + int arg, void *ptr); typedef struct { - size_t payload_length; /* AAD length in decrypt case */ + size_t payload_length; /* AAD length in decrypt case */ unsigned int tls_ver; } EVP_AES_HMAC_SHA1; @@ -283,18 +283,19 @@ { if (_hidden_aes_128_cbc == NULL && ((_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, - 16 /* block size */, - 16 /* key len */)) == NULL - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) + 16 /* block size */, + 16 /* key len */)) + == NULL + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, 16) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, - EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CBC_MODE) + EVP_CIPH_FLAG_DEFAULT_ASN1 + | EVP_CIPH_CBC_MODE) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, - ossltest_aes128_init_key) + ossltest_aes128_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, - ossltest_aes128_cbc_cipher) + ossltest_aes128_cbc_cipher) || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, - EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) { + EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc); _hidden_aes_128_cbc = NULL; } @@ -303,28 +304,29 @@ static EVP_CIPHER *_hidden_aes_128_gcm = NULL; -#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \ - | EVP_CIPH_GCM_MODE) +#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \ + | EVP_CIPH_GCM_MODE) static const EVP_CIPHER *ossltest_aes_128_gcm(void) { if (_hidden_aes_128_gcm == NULL && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm, - 1 /* block size */, - 16 /* key len */)) == NULL - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12) + 1 /* block size */, + 16 /* key len */)) + == NULL + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm, 12) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm, - ossltest_aes128_gcm_init_key) + ossltest_aes128_gcm_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm, - ossltest_aes128_gcm_cipher) + ossltest_aes128_gcm_cipher) || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm, - ossltest_aes128_gcm_ctrl) + ossltest_aes128_gcm_ctrl) || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm, - EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { + EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { EVP_CIPHER_meth_free(_hidden_aes_128_gcm); _hidden_aes_128_gcm = NULL; } @@ -337,25 +339,25 @@ { if (_hidden_aes_128_cbc_hmac_sha1 == NULL && ((_hidden_aes_128_cbc_hmac_sha1 - = EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1, - 16 /* block size */, - 16 /* key len */)) == NULL - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) + = EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1, + 16 /* block size */, + 16 /* key len */)) + == NULL + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1, 16) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER) + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, - ossltest_aes128_cbc_hmac_sha1_init_key) + ossltest_aes128_cbc_hmac_sha1_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, - ossltest_aes128_cbc_hmac_sha1_cipher) + ossltest_aes128_cbc_hmac_sha1_cipher) || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, - ossltest_aes128_cbc_hmac_sha1_ctrl) + ossltest_aes128_cbc_hmac_sha1_ctrl) || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_128_cbc_hmac_sha1, - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv) + EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv) || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_128_cbc_hmac_sha1, - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv) + EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv) || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, - sizeof(EVP_AES_HMAC_SHA1)))) { + sizeof(EVP_AES_HMAC_SHA1)))) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); _hidden_aes_128_cbc_hmac_sha1 = NULL; } @@ -374,7 +376,7 @@ /* Key loading */ static EVP_PKEY *load_key(ENGINE *eng, const char *key_id, int pub, - UI_METHOD *ui_method, void *ui_data) + UI_METHOD *ui_method, void *ui_data) { BIO *in; EVP_PKEY *key; @@ -384,7 +386,7 @@ key_id += 3; fprintf(stderr, "[ossltest]Loading %s key %s\n", - pub ? "Public" : "Private", key_id); + pub ? "Public" : "Private", key_id); in = BIO_new_file(key_id, "r"); if (!in) return NULL; @@ -397,18 +399,17 @@ } static EVP_PKEY *ossltest_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *ui_data) + UI_METHOD *ui_method, void *ui_data) { return load_key(eng, key_id, 0, ui_method, ui_data); } static EVP_PKEY *ossltest_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *ui_data) + UI_METHOD *ui_method, void *ui_data) { return load_key(eng, key_id, 1, ui_method, ui_data); } - static int bind_ossltest(ENGINE *e) { /* Ensure the ossltest error handling is set up */ @@ -442,7 +443,7 @@ } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) #endif static ENGINE *engine_ossltest(void) @@ -468,19 +469,16 @@ ERR_clear_error(); } - static int ossltest_init(ENGINE *e) { return 1; } - static int ossltest_finish(ENGINE *e) { return 1; } - static int ossltest_destroy(ENGINE *e) { destroy_digests(); @@ -490,7 +488,7 @@ } static int ossltest_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) + const int **nids, int nid) { int ok = 1; if (!digest) { @@ -523,14 +521,14 @@ } static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) + const int **nids, int nid) { int ok = 1; if (!cipher) { /* We are returning a list of supported nids */ *nids = ossltest_cipher_nids; return (sizeof(ossltest_cipher_nids) - 1) - / sizeof(ossltest_cipher_nids[0]); + / sizeof(ossltest_cipher_nids[0]); } /* We are being asked for a specific cipher */ switch (nid) { @@ -555,7 +553,7 @@ { unsigned int i; - for (i=0; ipayload_length = NO_PAYLOAD_LENGTH; @@ -788,9 +786,9 @@ } static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t len) + unsigned char *out, + const unsigned char *in, + size_t len) { EVP_AES_HMAC_SHA1 *key = data(ctx); unsigned int l; @@ -804,14 +802,12 @@ if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; - else if (len != - ((plen + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) + else if (len != ((plen + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) return 0; memmove(out, in, plen); - if (plen != len) { /* "TLS" mode of operation */ + if (plen != len) { /* "TLS" mode of operation */ /* calculate HMAC and append it to payload */ fill_known_data(out + plen, SHA_DIGEST_LENGTH); @@ -853,7 +849,7 @@ } static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, - int arg, void *ptr) + int arg, void *ptr) { EVP_AES_HMAC_SHA1 *key = data(ctx); @@ -861,36 +857,34 @@ case EVP_CTRL_AEAD_SET_MAC_KEY: return 1; - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; - - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; - - len = p[arg - 2] << 8 | p[arg - 1]; - key->tls_ver = p[arg - 4] << 8 | p[arg - 3]; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - key->payload_length = len; - if (key->tls_ver >= TLS1_1_VERSION) { - if (len < AES_BLOCK_SIZE) - return 0; - len -= AES_BLOCK_SIZE; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - - return (int)(((len + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - - len); - } else { - key->payload_length = arg; - - return SHA_DIGEST_LENGTH; + case EVP_CTRL_AEAD_TLS1_AAD: { + unsigned char *p = ptr; + unsigned int len; + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; + key->tls_ver = p[arg - 4] << 8 | p[arg - 3]; + + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { + key->payload_length = len; + if (key->tls_ver >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; + len -= AES_BLOCK_SIZE; + p[arg - 2] = len >> 8; + p[arg - 1] = len; } + + return (int)(((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) + - len); + } else { + key->payload_length = arg; + + return SHA_DIGEST_LENGTH; } + } default: return -1; } --- crypto/openssl/engines/e_ossltest_err.c.orig +++ crypto/openssl/engines/e_ossltest_err.c @@ -14,8 +14,8 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA OSSLTEST_str_reasons[] = { - {ERR_PACK(0, 0, OSSLTEST_R_INIT_FAILED), "init failed"}, - {0, NULL} + { ERR_PACK(0, 0, OSSLTEST_R_INIT_FAILED), "init failed" }, + { 0, NULL } }; #endif --- crypto/openssl/engines/e_ossltest_err.h.orig +++ crypto/openssl/engines/e_ossltest_err.h @@ -9,19 +9,17 @@ */ #ifndef OSSL_E_OSSLTEST_ERR_H -# define OSSL_E_OSSLTEST_ERR_H -# pragma once +#define OSSL_E_OSSLTEST_ERR_H +#pragma once -# include -# include - - -# define OSSLTESTerr(f, r) ERR_OSSLTEST_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) +#include +#include +#define OSSLTESTerr(f, r) ERR_OSSLTEST_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) /* * OSSLTEST reason codes. */ -# define OSSLTEST_R_INIT_FAILED 100 +#define OSSLTEST_R_INIT_FAILED 100 #endif --- crypto/openssl/engines/e_padlock.c.orig +++ crypto/openssl/engines/e_padlock.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,20 +32,20 @@ * doesn't exist elsewhere, but it even can't be compiled on other platforms! */ -# undef COMPILE_PADLOCKENG -# if defined(PADLOCK_ASM) -# define COMPILE_PADLOCKENG -# ifdef OPENSSL_NO_DYNAMIC_ENGINE +#undef COMPILE_PADLOCKENG +#if defined(PADLOCK_ASM) +#define COMPILE_PADLOCKENG +#ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *ENGINE_padlock(void); -# endif -# endif +#endif +#endif -# ifdef OPENSSL_NO_DYNAMIC_ENGINE +#ifdef OPENSSL_NO_DYNAMIC_ENGINE void engine_load_padlock_int(void); void engine_load_padlock_int(void) { /* On non-x86 CPUs it just returns. */ -# ifdef COMPILE_PADLOCKENG +#ifdef COMPILE_PADLOCKENG ENGINE *toadd = ENGINE_padlock(); if (!toadd) return; @@ -62,12 +62,12 @@ * ENGINE_load_builtin_engines() perhaps). */ ERR_pop_to_mark(); -# endif +#endif } -# endif +#endif -# ifdef COMPILE_PADLOCKENG +#ifdef COMPILE_PADLOCKENG /* Function for ENGINE detection and control */ static int padlock_available(void); @@ -78,7 +78,7 @@ /* Cipher Stuff */ static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); + const int **nids, int nid); /* Engine names */ static const char *padlock_id = "padlock"; @@ -104,16 +104,12 @@ /* Generate a nice engine name with available features */ BIO_snprintf(padlock_name, sizeof(padlock_name), - "VIA PadLock (%s, %s)", - padlock_use_rng ? "RNG" : "no-RNG", - padlock_use_ace ? "ACE" : "no-ACE"); + "VIA PadLock (%s, %s)", + padlock_use_rng ? "RNG" : "no-RNG", + padlock_use_ace ? "ACE" : "no-ACE"); /* Register everything or return with an error */ - if (!ENGINE_set_id(e, padlock_id) || - !ENGINE_set_name(e, padlock_name) || - !ENGINE_set_init_function(e, padlock_init) || - (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || - (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { + if (!ENGINE_set_id(e, padlock_id) || !ENGINE_set_name(e, padlock_name) || !ENGINE_set_init_function(e, padlock_init) || (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { return 0; } @@ -121,7 +117,7 @@ return 1; } -# ifdef OPENSSL_NO_DYNAMIC_ENGINE +#ifdef OPENSSL_NO_DYNAMIC_ENGINE /* Constructor */ static ENGINE *ENGINE_padlock(void) { @@ -138,7 +134,7 @@ return eng; } -# endif +#endif /* Check availability of the engine */ static int padlock_init(ENGINE *e) @@ -146,24 +142,26 @@ return (padlock_use_rng || padlock_use_ace); } -# ifndef AES_ASM +#ifndef AES_ASM static int padlock_aes_set_encrypt_key(const unsigned char *userKey, - const int bits, - AES_KEY *key); + const int bits, + AES_KEY *key); static int padlock_aes_set_decrypt_key(const unsigned char *userKey, - const int bits, - AES_KEY *key); -# define AES_ASM -# define AES_set_encrypt_key padlock_aes_set_encrypt_key -# define AES_set_decrypt_key padlock_aes_set_decrypt_key + const int bits, + AES_KEY *key); +#define AES_ASM +#define AES_set_encrypt_key padlock_aes_set_encrypt_key +#define AES_set_decrypt_key padlock_aes_set_decrypt_key +/* clang-format off */ # include "../crypto/aes/aes_core.c" -# endif +/* clang-format on */ +#endif /* * This stuff is needed if this ENGINE is being compiled into a * self-contained shared-library. */ -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +#ifndef OPENSSL_NO_DYNAMIC_ENGINE static int padlock_bind_fn(ENGINE *e, const char *id) { if (id && (strcmp(id, padlock_id) != 0)) { @@ -179,38 +177,38 @@ IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn) -# endif /* !OPENSSL_NO_DYNAMIC_ENGINE */ +#endif /* !OPENSSL_NO_DYNAMIC_ENGINE */ /* ===== Here comes the "real" engine ===== */ /* Some AES-related constants */ -# define AES_BLOCK_SIZE 16 -# define AES_KEY_SIZE_128 16 -# define AES_KEY_SIZE_192 24 -# define AES_KEY_SIZE_256 32 - /* - * Here we store the status information relevant to the current context. - */ - /* - * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on - * the order of items in this structure. Don't blindly modify, reorder, - * etc! - */ +#define AES_BLOCK_SIZE 16 +#define AES_KEY_SIZE_128 16 +#define AES_KEY_SIZE_192 24 +#define AES_KEY_SIZE_256 32 +/* + * Here we store the status information relevant to the current context. + */ +/* + * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on + * the order of items in this structure. Don't blindly modify, reorder, + * etc! + */ struct padlock_cipher_data { unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */ union { unsigned int pad[4]; struct { - int rounds:4; - int dgst:1; /* n/a in C3 */ - int align:1; /* n/a in C3 */ - int ciphr:1; /* n/a in C3 */ - unsigned int keygen:1; - int interm:1; - unsigned int encdec:1; - int ksize:2; + int rounds : 4; + int dgst : 1; /* n/a in C3 */ + int align : 1; /* n/a in C3 */ + int ciphr : 1; /* n/a in C3 */ /* codespell:ignore */ + unsigned int keygen : 1; + int interm : 1; /* codespell:ignore */ + unsigned int encdec : 1; + int ksize : 2; } b; - } cword; /* Control word */ - AES_KEY ks; /* Encryption key */ + } cword; /* Control word */ + AES_KEY ks; /* Encryption key */ }; /* Interface to assembler module */ @@ -219,17 +217,17 @@ void padlock_verify_context(struct padlock_cipher_data *ctx); void padlock_reload_key(void); void padlock_aes_block(void *out, const void *inp, - struct padlock_cipher_data *ctx); + struct padlock_cipher_data *ctx); int padlock_ecb_encrypt(void *out, const void *inp, - struct padlock_cipher_data *ctx, size_t len); + struct padlock_cipher_data *ctx, size_t len); int padlock_cbc_encrypt(void *out, const void *inp, - struct padlock_cipher_data *ctx, size_t len); + struct padlock_cipher_data *ctx, size_t len); int padlock_cfb_encrypt(void *out, const void *inp, - struct padlock_cipher_data *ctx, size_t len); + struct padlock_cipher_data *ctx, size_t len); int padlock_ofb_encrypt(void *out, const void *inp, - struct padlock_cipher_data *ctx, size_t len); + struct padlock_cipher_data *ctx, size_t len); int padlock_ctr32_encrypt(void *out, const void *inp, - struct padlock_cipher_data *ctx, size_t len); + struct padlock_cipher_data *ctx, size_t len); int padlock_xstore(void *out, int edx); void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len); void padlock_sha1(void *ctx, const void *inp, size_t len); @@ -252,29 +250,29 @@ /* ===== AES encryption/decryption ===== */ -# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) -# define NID_aes_128_cfb NID_aes_128_cfb128 -# endif +#if defined(NID_aes_128_cfb128) && !defined(NID_aes_128_cfb) +#define NID_aes_128_cfb NID_aes_128_cfb128 +#endif -# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) -# define NID_aes_128_ofb NID_aes_128_ofb128 -# endif +#if defined(NID_aes_128_ofb128) && !defined(NID_aes_128_ofb) +#define NID_aes_128_ofb NID_aes_128_ofb128 +#endif -# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) -# define NID_aes_192_cfb NID_aes_192_cfb128 -# endif +#if defined(NID_aes_192_cfb128) && !defined(NID_aes_192_cfb) +#define NID_aes_192_cfb NID_aes_192_cfb128 +#endif -# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) -# define NID_aes_192_ofb NID_aes_192_ofb128 -# endif +#if defined(NID_aes_192_ofb128) && !defined(NID_aes_192_ofb) +#define NID_aes_192_ofb NID_aes_192_ofb128 +#endif -# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) -# define NID_aes_256_cfb NID_aes_256_cfb128 -# endif +#if defined(NID_aes_256_cfb128) && !defined(NID_aes_256_cfb) +#define NID_aes_256_cfb NID_aes_256_cfb128 +#endif -# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) -# define NID_aes_256_ofb NID_aes_256_ofb128 -# endif +#if defined(NID_aes_256_ofb128) && !defined(NID_aes_256_ofb) +#define NID_aes_256_ofb NID_aes_256_ofb128 +#endif /* List of supported ciphers. */ static const int padlock_cipher_nids[] = { @@ -297,29 +295,27 @@ NID_aes_256_ctr }; -static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) / - sizeof(padlock_cipher_nids[0])); +static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) / sizeof(padlock_cipher_nids[0])); /* Function prototypes ... */ static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); -# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ - ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) -# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ +#define NEAREST_ALIGNED(ptr) ((unsigned char *)(ptr) + ((0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F)) +#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *) \ NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx))) static int padlock_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - const unsigned char *in_arg, size_t nbytes) + const unsigned char *in_arg, size_t nbytes) { return padlock_ecb_encrypt(out_arg, in_arg, - ALIGNED_CIPHER_DATA(ctx), nbytes); + ALIGNED_CIPHER_DATA(ctx), nbytes); } static int padlock_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - const unsigned char *in_arg, size_t nbytes) + const unsigned char *in_arg, size_t nbytes) { struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx); int ret; @@ -332,22 +328,23 @@ static int padlock_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - const unsigned char *in_arg, size_t nbytes) + const unsigned char *in_arg, size_t nbytes) { struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx); size_t chunk; - if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */ + if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */ unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx); if (chunk >= AES_BLOCK_SIZE) - return 0; /* bogus value */ + return 0; /* bogus value */ if (EVP_CIPHER_CTX_is_encrypting(ctx)) while (chunk < AES_BLOCK_SIZE && nbytes != 0) { ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk]; chunk++, nbytes--; - } else + } + else while (chunk < AES_BLOCK_SIZE && nbytes != 0) { unsigned char c = *(in_arg++); *(out_arg++) = c ^ ivp[chunk]; @@ -403,7 +400,7 @@ static int padlock_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - const unsigned char *in_arg, size_t nbytes) + const unsigned char *in_arg, size_t nbytes) { struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx); size_t chunk; @@ -411,11 +408,11 @@ /* * ctx->num is maintained in byte-oriented modes, such as CFB and OFB... */ - if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */ + if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */ unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx); if (chunk >= AES_BLOCK_SIZE) - return 0; /* bogus value */ + return 0; /* bogus value */ while (chunk < AES_BLOCK_SIZE && nbytes != 0) { *(out_arg++) = *(in_arg++) ^ ivp[chunk]; @@ -442,9 +439,9 @@ out_arg += chunk; in_arg += chunk; EVP_CIPHER_CTX_set_num(ctx, nbytes); - padlock_reload_key(); /* empirically found */ + padlock_reload_key(); /* empirically found */ padlock_aes_block(ivp, ivp, cdata); - padlock_reload_key(); /* empirically found */ + padlock_reload_key(); /* empirically found */ while (nbytes) { *(out_arg++) = *(in_arg++) ^ *ivp; ivp++, nbytes--; @@ -457,9 +454,9 @@ } static void padlock_ctr32_encrypt_glue(const unsigned char *in, - unsigned char *out, size_t blocks, - struct padlock_cipher_data *ctx, - const unsigned char *ivec) + unsigned char *out, size_t blocks, + struct padlock_cipher_data *ctx, + const unsigned char *ivec) { memcpy(ctx->iv, ivec, AES_BLOCK_SIZE); padlock_ctr32_encrypt(out, in, ctx, AES_BLOCK_SIZE * blocks); @@ -467,7 +464,7 @@ static int padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - const unsigned char *in_arg, size_t nbytes) + const unsigned char *in_arg, size_t nbytes) { struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx); int n = EVP_CIPHER_CTX_get_num(ctx); @@ -478,52 +475,52 @@ num = (unsigned int)n; CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes, - cdata, EVP_CIPHER_CTX_iv_noconst(ctx), - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - (ctr128_f) padlock_ctr32_encrypt_glue); + cdata, EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + (ctr128_f)padlock_ctr32_encrypt_glue); EVP_CIPHER_CTX_set_num(ctx, (size_t)num); return 1; } -# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE -# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE -# define EVP_CIPHER_block_size_OFB 1 -# define EVP_CIPHER_block_size_CFB 1 -# define EVP_CIPHER_block_size_CTR 1 +#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_OFB 1 +#define EVP_CIPHER_block_size_CFB 1 +#define EVP_CIPHER_block_size_CTR 1 /* * Declaring so many ciphers by hand would be a pain. Instead introduce a bit * of preprocessor magic :-) */ -# define DECLARE_AES_EVP(ksize,lmode,umode) \ -static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \ -static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \ -{ \ - if (_hidden_aes_##ksize##_##lmode == NULL \ - && ((_hidden_aes_##ksize##_##lmode = \ - EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode, \ - EVP_CIPHER_block_size_##umode, \ - AES_KEY_SIZE_##ksize)) == NULL \ - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \ - AES_BLOCK_SIZE) \ - || !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \ - 0 | EVP_CIPH_##umode##_MODE) \ - || !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \ - padlock_aes_init_key) \ - || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \ - padlock_##lmode##_cipher) \ - || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \ - sizeof(struct padlock_cipher_data) + 16) \ - || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \ - EVP_CIPHER_set_asn1_iv) \ - || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \ - EVP_CIPHER_get_asn1_iv))) { \ - EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode); \ - _hidden_aes_##ksize##_##lmode = NULL; \ - } \ - return _hidden_aes_##ksize##_##lmode; \ -} +#define DECLARE_AES_EVP(ksize, lmode, umode) \ + static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \ + static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \ + { \ + if (_hidden_aes_##ksize##_##lmode == NULL \ + && ((_hidden_aes_##ksize##_##lmode = EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode, \ + EVP_CIPHER_block_size_##umode, \ + AES_KEY_SIZE_##ksize)) \ + == NULL \ + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \ + AES_BLOCK_SIZE) \ + || !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \ + 0 | EVP_CIPH_##umode##_MODE) \ + || !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \ + padlock_aes_init_key) \ + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \ + padlock_##lmode##_cipher) \ + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \ + sizeof(struct padlock_cipher_data) + 16) \ + || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \ + EVP_CIPHER_set_asn1_iv) \ + || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \ + EVP_CIPHER_get_asn1_iv))) { \ + EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode); \ + _hidden_aes_##ksize##_##lmode = NULL; \ + } \ + return _hidden_aes_##ksize##_##lmode; \ + } DECLARE_AES_EVP(128, ecb, ECB) DECLARE_AES_EVP(128, cbc, CBC) @@ -545,7 +542,7 @@ static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, - int nid) + int nid) { /* No specific cipher => return a list of supported nids ... */ if (!cipher) { @@ -615,14 +612,14 @@ /* Prepare the encryption key for PadLock usage */ static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { struct padlock_cipher_data *cdata; int key_len = EVP_CIPHER_CTX_get_key_length(ctx) * 8; unsigned long mode = EVP_CIPHER_CTX_get_mode(ctx); if (key == NULL) - return 0; /* ERROR */ + return 0; /* ERROR */ cdata = ALIGNED_CIPHER_DATA(ctx); memset(cdata, 0, sizeof(*cdata)); @@ -699,28 +696,28 @@ while (count >= 8) { eax = padlock_xstore(output, 0); if (!(eax & (1 << 6))) - return 0; /* RNG disabled */ + return 0; /* RNG disabled */ /* this ---vv--- covers DC bias, Raw Bits and String Filter */ if (eax & (0x1F << 10)) return 0; if ((eax & 0x1F) == 0) - continue; /* no data, retry... */ + continue; /* no data, retry... */ if ((eax & 0x1F) != 8) - return 0; /* fatal failure... */ + return 0; /* fatal failure... */ output += 8; count -= 8; } while (count > 0) { eax = padlock_xstore(&buf, 3); if (!(eax & (1 << 6))) - return 0; /* RNG disabled */ + return 0; /* RNG disabled */ /* this ---vv--- covers DC bias, Raw Bits and String Filter */ if (eax & (0x1F << 10)) return 0; if ((eax & 0x1F) == 0) - continue; /* no data, retry... */ + continue; /* no data, retry... */ if ((eax & 0x1F) != 1) - return 0; /* fatal failure... */ + return 0; /* fatal failure... */ *output++ = (unsigned char)buf; count--; } @@ -737,27 +734,27 @@ /* Prepare structure for registration */ static RAND_METHOD padlock_rand = { - NULL, /* seed */ - padlock_rand_bytes, /* bytes */ - NULL, /* cleanup */ - NULL, /* add */ - padlock_rand_bytes, /* pseudorand */ - padlock_rand_status, /* rand status */ + NULL, /* seed */ + padlock_rand_bytes, /* bytes */ + NULL, /* cleanup */ + NULL, /* add */ + padlock_rand_bytes, /* pseudorand */ + padlock_rand_status, /* rand status */ }; -# endif /* COMPILE_PADLOCKENG */ -#endif /* !OPENSSL_NO_PADLOCKENG */ +#endif /* COMPILE_PADLOCKENG */ +#endif /* !OPENSSL_NO_PADLOCKENG */ #if defined(OPENSSL_NO_PADLOCKENG) || !defined(COMPILE_PADLOCKENG) -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +#ifndef OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_EXPORT - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); OPENSSL_EXPORT - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } IMPLEMENT_DYNAMIC_CHECK_FN() -# endif +#endif #endif --- /dev/null +++ crypto/openssl/exporters/libcrypto.pc @@ -0,0 +1,13 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include +enginesdir=${libdir}/engines-3 +modulesdir=${libdir}/ossl-modules + +Name: OpenSSL-libcrypto +Description: OpenSSL cryptography library +Version: 3.5.1 +Libs: -L${libdir} -lcrypto +Libs.private: -pthread +Cflags: -I${includedir} --- /dev/null +++ crypto/openssl/exporters/libssl.pc @@ -0,0 +1,11 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL-libssl +Description: Secure Sockets Layer and cryptography libraries +Version: 3.5.1 +Requires.private: libcrypto +Libs: -L${libdir} -lssl +Cflags: -I${includedir} --- /dev/null +++ crypto/openssl/exporters/openssl.pc @@ -0,0 +1,9 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL +Description: Secure Sockets Layer and cryptography libraries and tools +Version: 3.5.1 +Requires: libssl libcrypto --- crypto/openssl/external/perl/Text-Template-1.56/lib/Text/Template.pm.orig +++ crypto/openssl/external/perl/Text-Template-1.56/lib/Text/Template.pm @@ -2337,8 +2337,8 @@ =head1 SOURCE -The development version is on github at L -and may be cloned from L +The development version is on github at L +and may be cloned from L =head1 BUGS --- crypto/openssl/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm.orig +++ crypto/openssl/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm @@ -122,8 +122,8 @@ =head1 SOURCE -The development version is on github at L -and may be cloned from L +The development version is on github at L +and may be cloned from L =head1 BUGS --- /dev/null +++ crypto/openssl/freebsd/include/crypto/bn_conf.h @@ -0,0 +1,27 @@ + +/** + * OpenSSL's Configure script generates these values automatically for the host + * architecture, but FreeBSD provides values which are universal for all + * supported target architectures. + */ + +#ifndef __FREEBSD_BN_CONF_H__ +#define __FREEBSD_BN_CONF_H__ + +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT + +# if __SIZEOF_LONG__ == 8 +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# elif __SIZEOF_LONG__ == 4 +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +# else +# error Unsupported size of long +# endif + +#endif /* __FREEBSD_BN_CONF_H__ */ --- /dev/null +++ crypto/openssl/freebsd/include/openssl/configuration.h @@ -0,0 +1,38 @@ + +/** + * OpenSSL's Configure script generates these values automatically for the host + * architecture, but FreeBSD provides values which are universal for all + * supported target architectures. + */ + +#ifndef __FREEBSD_CONFIGURATION_H__ +#define __FREEBSD_CONFIGURATION_H__ + +# undef OPENSSL_NO_EC_NISTP_64_GCC_128 +# if __SIZEOF_LONG__ == 4 || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# endif + +# undef BN_LLONG +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# if !defined(OPENSSL_SYS_UEFI) +# if __SIZEOF_LONG__ == 8 +# undef BN_LLONG +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# elif __SIZEOF_LONG__ == 4 +# define BN_LLONG +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +# else +# error Unsupported size of long +# endif +# endif + +#endif /* __FREEBSD_CONFIGURATION_H__ */ --- crypto/openssl/fuzz/asn1.c.orig +++ crypto/openssl/fuzz/asn1.c @@ -209,88 +209,87 @@ static ASN1_PCTX *pctx; -#define DO_TEST(TYPE, D2I, I2D, PRINT) { \ - const unsigned char *p = buf; \ - unsigned char *der = NULL; \ - TYPE *type = D2I(NULL, &p, len); \ - \ - if (type != NULL) { \ - int len2; \ - BIO *bio = BIO_new(BIO_s_null()); \ - \ - if (bio != NULL) { \ - PRINT(bio, type); \ - BIO_free(bio); \ - } \ - len2 = I2D(type, &der); \ - if (len2 != 0) {} \ - OPENSSL_free(der); \ - TYPE ## _free(type); \ - } \ -} - -#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \ - const unsigned char *p = buf; \ - unsigned char *der = NULL; \ - TYPE *type = D2I(NULL, &p, len); \ - \ - if (type != NULL) { \ - BIO *bio = BIO_new(BIO_s_null()); \ - \ - if (bio != NULL) { \ - PRINT(bio, type, 0); \ - BIO_free(bio); \ - } \ - I2D(type, &der); \ - OPENSSL_free(der); \ - TYPE ## _free(type); \ - } \ -} - -#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \ - const unsigned char *p = buf; \ - unsigned char *der = NULL; \ - TYPE *type = D2I(NULL, &p, len); \ - \ - if (type != NULL) { \ - BIO *bio = BIO_new(BIO_s_null()); \ - \ - if (bio != NULL) { \ - PRINT(bio, type, 0, pctx); \ - BIO_free(bio); \ - } \ - I2D(type, &der); \ - OPENSSL_free(der); \ - TYPE ## _free(type); \ - } \ -} +#define DO_TEST(TYPE, D2I, I2D, PRINT) \ + { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + int len2; \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + if (bio != NULL) { \ + PRINT(bio, type); \ + BIO_free(bio); \ + } \ + len2 = I2D(type, &der); \ + if (len2 != 0) { } \ + OPENSSL_free(der); \ + TYPE##_free(type); \ + } \ + } +#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) \ + { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + if (bio != NULL) { \ + PRINT(bio, type, 0); \ + BIO_free(bio); \ + } \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE##_free(type); \ + } \ + } -#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \ - const unsigned char *p = buf; \ - unsigned char *der = NULL; \ - TYPE *type = D2I(NULL, &p, len); \ - \ - if (type != NULL) { \ - BIO *bio = BIO_new(BIO_s_null()); \ - \ - BIO_free(bio); \ - I2D(type, &der); \ - OPENSSL_free(der); \ - TYPE ## _free(type); \ - } \ -} +#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) \ + { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + if (bio != NULL) { \ + PRINT(bio, type, 0, pctx); \ + BIO_free(bio); \ + } \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE##_free(type); \ + } \ + } +#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) \ + { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + BIO_free(bio); \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE##_free(type); \ + } \ + } int FuzzerInitialize(int *argc, char ***argv) { FuzzerSetRand(); pctx = ASN1_PCTX_new(); - ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT | - ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF | - ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME); - ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT | - ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL); + ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT | ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF | ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME); + ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL); OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); @@ -304,7 +303,6 @@ { int n; - for (n = 0; item_type[n] != NULL; ++n) { const uint8_t *b = buf; unsigned char *der = NULL; @@ -349,22 +347,22 @@ #endif #ifndef OPENSSL_NO_DSA DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 DO_TEST_NO_PRINT(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey); DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey); DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams); -# endif +#endif #endif #ifndef OPENSSL_NO_DEPRECATED_3_0 DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey); #endif #ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print); DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print); DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print); DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG); -# endif +#endif #endif DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private); DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print); --- crypto/openssl/fuzz/bignum.c.orig +++ crypto/openssl/fuzz/bignum.c @@ -18,7 +18,6 @@ #include #include "fuzzer.h" - int FuzzerInitialize(int *argc, char ***argv) { OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); @@ -92,7 +91,7 @@ putchar('\n'); } - done: +done: OPENSSL_assert(success); BN_free(b1); BN_free(b2); --- crypto/openssl/fuzz/bndiv.c.orig +++ crypto/openssl/fuzz/bndiv.c @@ -87,7 +87,7 @@ success = (BN_is_negative(b3) != BN_is_negative(b2) || BN_is_zero(b3)) && (BN_is_negative(b4) || BN_is_zero(b4)); else - success = (BN_is_negative(b3) == BN_is_negative(b2) || BN_is_zero(b3)) + success = (BN_is_negative(b3) == BN_is_negative(b2) || BN_is_zero(b3)) && (!BN_is_negative(b4) || BN_is_zero(b4)); OPENSSL_assert(BN_mul(b5, b3, b2, ctx)); OPENSSL_assert(BN_add(b5, b5, b4)); @@ -105,15 +105,15 @@ BN_print_fp(stdout, b5); putchar('\n'); printf("%d %d %d %d %d %d %d\n", BN_is_negative(b1), - BN_is_negative(b2), - BN_is_negative(b3), BN_is_negative(b4), BN_is_zero(b4), - BN_is_negative(b3) != BN_is_negative(b2) - && (BN_is_negative(b4) || BN_is_zero(b4)), - BN_cmp(b5, b1)); + BN_is_negative(b2), + BN_is_negative(b3), BN_is_negative(b4), BN_is_zero(b4), + BN_is_negative(b3) != BN_is_negative(b2) + && (BN_is_negative(b4) || BN_is_zero(b4)), + BN_cmp(b5, b1)); puts("----\n"); } - done: +done: OPENSSL_assert(success); ERR_clear_error(); --- crypto/openssl/fuzz/client.c.orig +++ crypto/openssl/fuzz/client.c @@ -23,7 +23,12 @@ #define FUZZTIME 1485898104 -#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; } +#define TIME_IMPL(t) \ + { \ + if (t != NULL) \ + *t = FUZZTIME; \ + return FUZZTIME; \ + } /* * This might not work in all cases (and definitely not on Windows @@ -36,7 +41,7 @@ time_t time(time_t *t) TIME_IMPL(t) #endif -int FuzzerInitialize(int *argc, char ***argv) + int FuzzerInitialize(int *argc, char ***argv) { STACK_OF(SSL_COMP) *comp_methods; @@ -94,7 +99,7 @@ } } } - end: +end: SSL_free(client); ERR_clear_error(); SSL_CTX_free(ctx); --- crypto/openssl/fuzz/cmp.c.orig +++ crypto/openssl/fuzz/cmp.c @@ -33,17 +33,17 @@ if (num_responses++ > 2) return NULL; /* prevent loops due to repeated pollRep */ return OSSL_CMP_MSG_dup((OSSL_CMP_MSG *) - OSSL_CMP_CTX_get_transfer_cb_arg(ctx)); + OSSL_CMP_CTX_get_transfer_cb_arg(ctx)); } static int print_noop(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) + OSSL_CMP_severity level, const char *msg) { return 1; } static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *rep, - int invalid_protection, int expected_type) + int invalid_protection, int expected_type) { return 1; } @@ -58,10 +58,10 @@ ctx->popoMethod = OSSL_CRMF_POPO_NONE; /* satisfy ossl_cmp_certReq_new() */ ctx->oldCert = X509_new(); /* satisfy crm_new() and ossl_cmp_rr_new() */ if (!OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)"", - 0) /* prevent too unspecific error */ - || ctx->oldCert == NULL - || name == NULL || !X509_set_issuer_name(ctx->oldCert, name) - || serial == NULL || !X509_set_serialNumber(ctx->oldCert, serial)) + 0) /* prevent too unspecific error */ + || ctx->oldCert == NULL + || name == NULL || !X509_set_issuer_name(ctx->oldCert, name) + || serial == NULL || !X509_set_serialNumber(ctx->oldCert, serial)) goto err; (void)OSSL_CMP_CTX_set_transfer_cb(ctx, transfer_cb); @@ -88,68 +88,68 @@ break; case OSSL_CMP_PKIBODY_GENP: sk_OSSL_CMP_ITAV_pop_free(OSSL_CMP_exec_GENM_ses(ctx), - OSSL_CMP_ITAV_free); + OSSL_CMP_ITAV_free); break; default: (void)ossl_cmp_msg_check_update(ctx, msg, allow_unprotected, 0); break; } - err: +err: X509_NAME_free(name); ASN1_INTEGER_free(serial); } static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *cert_req, - int certReqId, - const OSSL_CRMF_MSG *crm, - const X509_REQ *p10cr, - X509 **certOut, - STACK_OF(X509) **chainOut, - STACK_OF(X509) **caPubs) + const OSSL_CMP_MSG *cert_req, + int certReqId, + const OSSL_CRMF_MSG *crm, + const X509_REQ *p10cr, + X509 **certOut, + STACK_OF(X509) **chainOut, + STACK_OF(X509) **caPubs) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return NULL; } static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *rr, - const X509_NAME *issuer, - const ASN1_INTEGER *serial) + const OSSL_CMP_MSG *rr, + const X509_NAME *issuer, + const ASN1_INTEGER *serial) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return NULL; } static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *genm, - const STACK_OF(OSSL_CMP_ITAV) *in, - STACK_OF(OSSL_CMP_ITAV) **out) + const OSSL_CMP_MSG *genm, + const STACK_OF(OSSL_CMP_ITAV) *in, + STACK_OF(OSSL_CMP_ITAV) **out) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return 0; } static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error, - const OSSL_CMP_PKISI *statusInfo, - const ASN1_INTEGER *errorCode, - const OSSL_CMP_PKIFREETEXT *errorDetails) + const OSSL_CMP_PKISI *statusInfo, + const ASN1_INTEGER *errorCode, + const OSSL_CMP_PKIFREETEXT *errorDetails) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); } static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *certConf, int certReqId, - const ASN1_OCTET_STRING *certHash, - const OSSL_CMP_PKISI *si) + const OSSL_CMP_MSG *certConf, int certReqId, + const ASN1_OCTET_STRING *certHash, + const OSSL_CMP_PKISI *si) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return 0; } static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *pollReq, int certReqId, - OSSL_CMP_MSG **certReq, int64_t *check_after) + const OSSL_CMP_MSG *pollReq, int certReqId, + OSSL_CMP_MSG **certReq, int64_t *check_after) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return 0; @@ -173,17 +173,17 @@ i2d_OSSL_CMP_MSG_bio(out, msg); ASN1_item_print(out, (ASN1_VALUE *)msg, 4, - ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL); + ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL); BIO_free(out); if (client_ctx != NULL) cmp_client_process_response(client_ctx, msg); if (srv_ctx != NULL && OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx), - print_noop) + print_noop) && OSSL_CMP_SRV_CTX_init(srv_ctx, NULL, process_cert_request, - process_rr, process_genm, process_error, - process_certConf, process_pollReq)) + process_rr, process_genm, process_error, + process_certConf, process_pollReq)) OSSL_CMP_MSG_free(OSSL_CMP_SRV_process_request(srv_ctx, msg)); OSSL_CMP_CTX_free(client_ctx); --- crypto/openssl/fuzz/driver.c.orig +++ crypto/openssl/fuzz/driver.c @@ -32,7 +32,7 @@ #define BUF_SIZE 65536 -int main(int argc, char** argv) +int main(int argc, char **argv) { FuzzerInitialize(&argc, &argv); --- crypto/openssl/fuzz/fuzz_rand.c.orig +++ crypto/openssl/fuzz/fuzz_rand.c @@ -23,7 +23,7 @@ static OSSL_FUNC_rand_enable_locking_fn fuzz_rand_enable_locking; static void *fuzz_rand_newctx( - void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch) + void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch) { int *st = OPENSSL_malloc(sizeof(*st)); @@ -38,11 +38,11 @@ } static int fuzz_rand_instantiate(ossl_unused void *vrng, - ossl_unused unsigned int strength, - ossl_unused int prediction_resistance, - ossl_unused const unsigned char *pstr, - ossl_unused size_t pstr_len, - ossl_unused const OSSL_PARAM params[]) + ossl_unused unsigned int strength, + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *pstr, + ossl_unused size_t pstr_len, + ossl_unused const OSSL_PARAM params[]) { *(int *)vrng = EVP_RAND_STATE_READY; return 1; @@ -55,11 +55,11 @@ } static int fuzz_rand_generate(ossl_unused void *vdrbg, - unsigned char *out, size_t outlen, - ossl_unused unsigned int strength, - ossl_unused int prediction_resistance, - ossl_unused const unsigned char *adin, - ossl_unused size_t adinlen) + unsigned char *out, size_t outlen, + ossl_unused unsigned int strength, + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *adin, + ossl_unused size_t adinlen) { unsigned char val = 1; size_t i; @@ -93,7 +93,7 @@ } static const OSSL_PARAM *fuzz_rand_gettable_ctx_params(ossl_unused void *vrng, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), @@ -112,8 +112,8 @@ { OSSL_FUNC_RAND_GENERATE, (void (*)(void))fuzz_rand_generate }, { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))fuzz_rand_enable_locking }, { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, - (void(*)(void))fuzz_rand_gettable_ctx_params }, - { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))fuzz_rand_get_ctx_params }, + (void (*)(void))fuzz_rand_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void (*)(void))fuzz_rand_get_ctx_params }, { 0, NULL } }; @@ -123,8 +123,8 @@ }; static const OSSL_ALGORITHM *fuzz_rand_query(void *provctx, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { *no_cache = 0; switch (operation_id) { @@ -142,8 +142,8 @@ }; static int fuzz_rand_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, void **provctx) { *provctx = OSSL_LIB_CTX_new(); if (*provctx == NULL) --- crypto/openssl/fuzz/oids.txt.orig +++ crypto/openssl/fuzz/oids.txt @@ -1,7 +1,7 @@ # WARNING: do not edit! # Generated by fuzz/mkfuzzoids.pl # -# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy --- crypto/openssl/fuzz/server.c.orig +++ crypto/openssl/fuzz/server.c @@ -26,180 +26,1979 @@ #include "fuzzer.h" static const uint8_t kCertificateDER[] = { - 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb, - 0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, - 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, - 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31, - 0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a, - 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34, - 0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11, - 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6, - 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9, - 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71, - 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8, - 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57, - 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3, - 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20, - 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca, - 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a, - 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0, - 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40, - 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea, - 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7, - 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d, - 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09, - 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf, - 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9, - 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33, - 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb, - 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94, - 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, - 0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, - 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82, - 0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67, - 0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92, - 0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae, - 0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9, - 0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a, - 0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36, - 0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef, - 0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b, - 0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e, - 0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef, - 0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5, - 0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55, - 0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17, - 0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba, - 0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34, - 0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1, - 0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39, - 0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70, - 0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb, - 0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22, - 0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90, - 0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4, - 0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58, - 0x76, 0x8a, 0xbb, + 0x30, + 0x82, + 0x02, + 0xff, + 0x30, + 0x82, + 0x01, + 0xe7, + 0xa0, + 0x03, + 0x02, + 0x01, + 0x02, + 0x02, + 0x11, + 0x00, + 0xb1, + 0x84, + 0xee, + 0x34, + 0x99, + 0x98, + 0x76, + 0xfb, + 0x6f, + 0xb2, + 0x15, + 0xc8, + 0x47, + 0x79, + 0x05, + 0x9b, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x0b, + 0x05, + 0x00, + 0x30, + 0x12, + 0x31, + 0x10, + 0x30, + 0x0e, + 0x06, + 0x03, + 0x55, + 0x04, + 0x0a, + 0x13, + 0x07, + 0x41, + 0x63, + 0x6d, + 0x65, + 0x20, + 0x43, + 0x6f, + 0x30, + 0x1e, + 0x17, + 0x0d, + 0x31, + 0x35, + 0x31, + 0x31, + 0x30, + 0x37, + 0x30, + 0x30, + 0x32, + 0x34, + 0x35, + 0x36, + 0x5a, + 0x17, + 0x0d, + 0x31, + 0x36, + 0x31, + 0x31, + 0x30, + 0x36, + 0x30, + 0x30, + 0x32, + 0x34, + 0x35, + 0x36, + 0x5a, + 0x30, + 0x12, + 0x31, + 0x10, + 0x30, + 0x0e, + 0x06, + 0x03, + 0x55, + 0x04, + 0x0a, + 0x13, + 0x07, + 0x41, + 0x63, + 0x6d, + 0x65, + 0x20, + 0x43, + 0x6f, + 0x30, + 0x82, + 0x01, + 0x22, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x01, + 0x05, + 0x00, + 0x03, + 0x82, + 0x01, + 0x0f, + 0x00, + 0x30, + 0x82, + 0x01, + 0x0a, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0xce, + 0x47, + 0xcb, + 0x11, + 0xbb, + 0xd2, + 0x9d, + 0x8e, + 0x9e, + 0xd2, + 0x1e, + 0x14, + 0xaf, + 0xc7, + 0xea, + 0xb6, + 0xc9, + 0x38, + 0x2a, + 0x6f, + 0xb3, + 0x7e, + 0xfb, + 0xbc, + 0xfc, + 0x59, + 0x42, + 0xb9, + 0x56, + 0xf0, + 0x4c, + 0x3f, + 0xf7, + 0x31, + 0x84, + 0xbe, + 0xac, + 0x03, + 0x9e, + 0x71, + 0x91, + 0x85, + 0xd8, + 0x32, + 0xbd, + 0x00, + 0xea, + 0xac, + 0x65, + 0xf6, + 0x03, + 0xc8, + 0x0f, + 0x8b, + 0xfd, + 0x6e, + 0x58, + 0x88, + 0x04, + 0x41, + 0x92, + 0x74, + 0xa6, + 0x57, + 0x2e, + 0x8e, + 0x88, + 0xd5, + 0x3d, + 0xda, + 0x14, + 0x3e, + 0x63, + 0x88, + 0x22, + 0xe3, + 0x53, + 0xe9, + 0xba, + 0x39, + 0x09, + 0xac, + 0xfb, + 0xd0, + 0x4c, + 0xf2, + 0x3c, + 0x20, + 0xd6, + 0x97, + 0xe6, + 0xed, + 0xf1, + 0x62, + 0x1e, + 0xe5, + 0xc9, + 0x48, + 0xa0, + 0xca, + 0x2e, + 0x3c, + 0x14, + 0x5a, + 0x82, + 0xd4, + 0xed, + 0xb1, + 0xe3, + 0x43, + 0xc1, + 0x2a, + 0x59, + 0xa5, + 0xb9, + 0xc8, + 0x48, + 0xa7, + 0x39, + 0x23, + 0x74, + 0xa7, + 0x37, + 0xb0, + 0x6f, + 0xc3, + 0x64, + 0x99, + 0x6c, + 0xa2, + 0x82, + 0xc8, + 0xf6, + 0xdb, + 0x86, + 0x40, + 0xce, + 0xd1, + 0x85, + 0x9f, + 0xce, + 0x69, + 0xf4, + 0x15, + 0x2a, + 0x23, + 0xca, + 0xea, + 0xb7, + 0x7b, + 0xdf, + 0xfb, + 0x43, + 0x5f, + 0xff, + 0x7a, + 0x49, + 0x49, + 0x0e, + 0xe7, + 0x02, + 0x51, + 0x45, + 0x13, + 0xe8, + 0x90, + 0x64, + 0x21, + 0x0c, + 0x26, + 0x2b, + 0x5d, + 0xfc, + 0xe4, + 0xb5, + 0x86, + 0x89, + 0x43, + 0x22, + 0x4c, + 0xf3, + 0x3b, + 0xf3, + 0x09, + 0xc4, + 0xa4, + 0x10, + 0x80, + 0xf2, + 0x46, + 0xe2, + 0x46, + 0x8f, + 0x76, + 0x50, + 0xbf, + 0xaf, + 0x2b, + 0x90, + 0x1b, + 0x78, + 0xc7, + 0xcf, + 0xc1, + 0x77, + 0xd0, + 0xfb, + 0xa9, + 0xfb, + 0xc9, + 0x66, + 0x5a, + 0xc5, + 0x9b, + 0x31, + 0x41, + 0x67, + 0x01, + 0xbe, + 0x33, + 0x10, + 0xba, + 0x05, + 0x58, + 0xed, + 0x76, + 0x53, + 0xde, + 0x5d, + 0xc1, + 0xe8, + 0xbb, + 0x9f, + 0xf1, + 0xcd, + 0xfb, + 0xdf, + 0x64, + 0x7f, + 0xd7, + 0x18, + 0xab, + 0x0f, + 0x94, + 0x28, + 0x95, + 0x4a, + 0xcc, + 0x6a, + 0xa9, + 0x50, + 0xc7, + 0x05, + 0x47, + 0x10, + 0x41, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0xa3, + 0x50, + 0x30, + 0x4e, + 0x30, + 0x0e, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x0f, + 0x01, + 0x01, + 0xff, + 0x04, + 0x04, + 0x03, + 0x02, + 0x05, + 0xa0, + 0x30, + 0x13, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x25, + 0x04, + 0x0c, + 0x30, + 0x0a, + 0x06, + 0x08, + 0x2b, + 0x06, + 0x01, + 0x05, + 0x05, + 0x07, + 0x03, + 0x01, + 0x30, + 0x0c, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x13, + 0x01, + 0x01, + 0xff, + 0x04, + 0x02, + 0x30, + 0x00, + 0x30, + 0x19, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x11, + 0x04, + 0x12, + 0x30, + 0x10, + 0x82, + 0x0e, + 0x66, + 0x75, + 0x7a, + 0x7a, + 0x2e, + 0x62, + 0x6f, + 0x72, + 0x69, + 0x6e, + 0x67, + 0x73, + 0x73, + 0x6c, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x0b, + 0x05, + 0x00, + 0x03, + 0x82, + 0x01, + 0x01, + 0x00, + 0x92, + 0xde, + 0xef, + 0x96, + 0x06, + 0x7b, + 0xff, + 0x71, + 0x7d, + 0x4e, + 0xa0, + 0x7d, + 0xae, + 0xb8, + 0x22, + 0xb4, + 0x2c, + 0xf7, + 0x96, + 0x9c, + 0x37, + 0x1d, + 0x8f, + 0xe7, + 0xd9, + 0x47, + 0xff, + 0x3f, + 0xe9, + 0x35, + 0x95, + 0x0e, + 0xdd, + 0xdc, + 0x7f, + 0xc8, + 0x8a, + 0x1e, + 0x36, + 0x1d, + 0x38, + 0x47, + 0xfc, + 0x76, + 0xd2, + 0x1f, + 0x98, + 0xa1, + 0x36, + 0xac, + 0xc8, + 0x70, + 0x38, + 0x0a, + 0x3d, + 0x51, + 0x8d, + 0x0f, + 0x03, + 0x1b, + 0xef, + 0x62, + 0xa1, + 0xcb, + 0x2b, + 0x4a, + 0x8c, + 0x12, + 0x2b, + 0x54, + 0x50, + 0x9a, + 0x6b, + 0xfe, + 0xaf, + 0xd9, + 0xf6, + 0xbf, + 0x58, + 0x11, + 0x58, + 0x5e, + 0xe5, + 0x86, + 0x1e, + 0x3b, + 0x6b, + 0x30, + 0x7e, + 0x72, + 0x89, + 0xe8, + 0x6b, + 0x7b, + 0xb7, + 0xaf, + 0xef, + 0x8b, + 0xa9, + 0x3e, + 0xb0, + 0xcd, + 0x0b, + 0xef, + 0xb0, + 0x0c, + 0x96, + 0x2b, + 0xc5, + 0x3b, + 0xd5, + 0xf1, + 0xc2, + 0xae, + 0x3a, + 0x60, + 0xd9, + 0x0f, + 0x75, + 0x37, + 0x55, + 0x4d, + 0x62, + 0xd2, + 0xed, + 0x96, + 0xac, + 0x30, + 0x6b, + 0xda, + 0xa1, + 0x48, + 0x17, + 0x96, + 0x23, + 0x85, + 0x9a, + 0x57, + 0x77, + 0xe9, + 0x22, + 0xa2, + 0x37, + 0x03, + 0xba, + 0x49, + 0x77, + 0x40, + 0x3b, + 0x76, + 0x4b, + 0xda, + 0xc1, + 0x04, + 0x57, + 0x55, + 0x34, + 0x22, + 0x83, + 0x45, + 0x29, + 0xab, + 0x2e, + 0x11, + 0xff, + 0x0d, + 0xab, + 0x55, + 0xb1, + 0xa7, + 0x58, + 0x59, + 0x05, + 0x25, + 0xf9, + 0x1e, + 0x3d, + 0xb7, + 0xac, + 0x04, + 0x39, + 0x2c, + 0xf9, + 0xaf, + 0xb8, + 0x68, + 0xfb, + 0x8e, + 0x35, + 0x71, + 0x32, + 0xff, + 0x70, + 0xe9, + 0x46, + 0x6d, + 0x5c, + 0x06, + 0x90, + 0x88, + 0x23, + 0x48, + 0x0c, + 0x50, + 0xeb, + 0x0a, + 0xa9, + 0xae, + 0xe8, + 0xfc, + 0xbe, + 0xa5, + 0x76, + 0x94, + 0xd7, + 0x64, + 0x22, + 0x38, + 0x98, + 0x17, + 0xa4, + 0x3a, + 0xa7, + 0x59, + 0x9f, + 0x1d, + 0x3b, + 0x75, + 0x90, + 0x1a, + 0x81, + 0xef, + 0x19, + 0xfb, + 0x2b, + 0xb7, + 0xa7, + 0x64, + 0x61, + 0x22, + 0xa4, + 0x6f, + 0x7b, + 0xfa, + 0x58, + 0xbb, + 0x8c, + 0x4e, + 0x77, + 0x67, + 0xd0, + 0x5d, + 0x58, + 0x76, + 0x8a, + 0xbb, }; #ifndef OPENSSL_NO_DEPRECATED_3_0 static const uint8_t kRSAPrivateKeyDER[] = { - 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, - 0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, - 0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, - 0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, - 0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, - 0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, - 0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, - 0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, - 0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, - 0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, - 0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, - 0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, - 0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, - 0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, - 0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, - 0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, - 0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, - 0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, - 0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, - 0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, - 0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, - 0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef, - 0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08, - 0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72, - 0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81, - 0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28, - 0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce, - 0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d, - 0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf, - 0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4, - 0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c, - 0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d, - 0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51, - 0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05, - 0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16, - 0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35, - 0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17, - 0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2, - 0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd, - 0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02, - 0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6, - 0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75, - 0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46, - 0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00, - 0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b, - 0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20, - 0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c, - 0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c, - 0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72, - 0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb, - 0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26, - 0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31, - 0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78, - 0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f, - 0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d, - 0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2, - 0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3, - 0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7, - 0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80, - 0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed, - 0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4, - 0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6, - 0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b, - 0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d, - 0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c, - 0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d, - 0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05, - 0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6, - 0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0, - 0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc, - 0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b, - 0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3, - 0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9, - 0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53, - 0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e, - 0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88, - 0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85, - 0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6, - 0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b, - 0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98, - 0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f, - 0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16, - 0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a, - 0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9, - 0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7, - 0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc, - 0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7, - 0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c, - 0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05, - 0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94, - 0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81, - 0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55, - 0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a, - 0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42, - 0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c, - 0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90, - 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50, - 0x98, 0x46, 0x89, 0x82, 0x40, + 0x30, + 0x82, + 0x04, + 0xa5, + 0x02, + 0x01, + 0x00, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0xce, + 0x47, + 0xcb, + 0x11, + 0xbb, + 0xd2, + 0x9d, + 0x8e, + 0x9e, + 0xd2, + 0x1e, + 0x14, + 0xaf, + 0xc7, + 0xea, + 0xb6, + 0xc9, + 0x38, + 0x2a, + 0x6f, + 0xb3, + 0x7e, + 0xfb, + 0xbc, + 0xfc, + 0x59, + 0x42, + 0xb9, + 0x56, + 0xf0, + 0x4c, + 0x3f, + 0xf7, + 0x31, + 0x84, + 0xbe, + 0xac, + 0x03, + 0x9e, + 0x71, + 0x91, + 0x85, + 0xd8, + 0x32, + 0xbd, + 0x00, + 0xea, + 0xac, + 0x65, + 0xf6, + 0x03, + 0xc8, + 0x0f, + 0x8b, + 0xfd, + 0x6e, + 0x58, + 0x88, + 0x04, + 0x41, + 0x92, + 0x74, + 0xa6, + 0x57, + 0x2e, + 0x8e, + 0x88, + 0xd5, + 0x3d, + 0xda, + 0x14, + 0x3e, + 0x63, + 0x88, + 0x22, + 0xe3, + 0x53, + 0xe9, + 0xba, + 0x39, + 0x09, + 0xac, + 0xfb, + 0xd0, + 0x4c, + 0xf2, + 0x3c, + 0x20, + 0xd6, + 0x97, + 0xe6, + 0xed, + 0xf1, + 0x62, + 0x1e, + 0xe5, + 0xc9, + 0x48, + 0xa0, + 0xca, + 0x2e, + 0x3c, + 0x14, + 0x5a, + 0x82, + 0xd4, + 0xed, + 0xb1, + 0xe3, + 0x43, + 0xc1, + 0x2a, + 0x59, + 0xa5, + 0xb9, + 0xc8, + 0x48, + 0xa7, + 0x39, + 0x23, + 0x74, + 0xa7, + 0x37, + 0xb0, + 0x6f, + 0xc3, + 0x64, + 0x99, + 0x6c, + 0xa2, + 0x82, + 0xc8, + 0xf6, + 0xdb, + 0x86, + 0x40, + 0xce, + 0xd1, + 0x85, + 0x9f, + 0xce, + 0x69, + 0xf4, + 0x15, + 0x2a, + 0x23, + 0xca, + 0xea, + 0xb7, + 0x7b, + 0xdf, + 0xfb, + 0x43, + 0x5f, + 0xff, + 0x7a, + 0x49, + 0x49, + 0x0e, + 0xe7, + 0x02, + 0x51, + 0x45, + 0x13, + 0xe8, + 0x90, + 0x64, + 0x21, + 0x0c, + 0x26, + 0x2b, + 0x5d, + 0xfc, + 0xe4, + 0xb5, + 0x86, + 0x89, + 0x43, + 0x22, + 0x4c, + 0xf3, + 0x3b, + 0xf3, + 0x09, + 0xc4, + 0xa4, + 0x10, + 0x80, + 0xf2, + 0x46, + 0xe2, + 0x46, + 0x8f, + 0x76, + 0x50, + 0xbf, + 0xaf, + 0x2b, + 0x90, + 0x1b, + 0x78, + 0xc7, + 0xcf, + 0xc1, + 0x77, + 0xd0, + 0xfb, + 0xa9, + 0xfb, + 0xc9, + 0x66, + 0x5a, + 0xc5, + 0x9b, + 0x31, + 0x41, + 0x67, + 0x01, + 0xbe, + 0x33, + 0x10, + 0xba, + 0x05, + 0x58, + 0xed, + 0x76, + 0x53, + 0xde, + 0x5d, + 0xc1, + 0xe8, + 0xbb, + 0x9f, + 0xf1, + 0xcd, + 0xfb, + 0xdf, + 0x64, + 0x7f, + 0xd7, + 0x18, + 0xab, + 0x0f, + 0x94, + 0x28, + 0x95, + 0x4a, + 0xcc, + 0x6a, + 0xa9, + 0x50, + 0xc7, + 0x05, + 0x47, + 0x10, + 0x41, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0xa8, + 0x47, + 0xb9, + 0x4a, + 0x06, + 0x47, + 0x93, + 0x71, + 0x3d, + 0xef, + 0x7b, + 0xca, + 0xb4, + 0x7c, + 0x0a, + 0xe6, + 0x82, + 0xd0, + 0xe7, + 0x0d, + 0xa9, + 0x08, + 0xf6, + 0xa4, + 0xfd, + 0xd8, + 0x73, + 0xae, + 0x6f, + 0x56, + 0x29, + 0x5e, + 0x25, + 0x72, + 0xa8, + 0x30, + 0x44, + 0x73, + 0xcf, + 0x56, + 0x26, + 0xb9, + 0x61, + 0xde, + 0x42, + 0x81, + 0xf4, + 0xf0, + 0x1f, + 0x5d, + 0xcb, + 0x47, + 0xf2, + 0x26, + 0xe9, + 0xe0, + 0x93, + 0x28, + 0xa3, + 0x10, + 0x3b, + 0x42, + 0x1e, + 0x51, + 0x11, + 0x12, + 0x06, + 0x5e, + 0xaf, + 0xce, + 0xb0, + 0xa5, + 0x14, + 0xdd, + 0x82, + 0x58, + 0xa1, + 0xa4, + 0x12, + 0xdf, + 0x65, + 0x1d, + 0x51, + 0x70, + 0x64, + 0xd5, + 0x58, + 0x68, + 0x11, + 0xa8, + 0x6a, + 0x23, + 0xc2, + 0xbf, + 0xa1, + 0x25, + 0x24, + 0x47, + 0xb3, + 0xa4, + 0x3c, + 0x83, + 0x96, + 0xb7, + 0x1f, + 0xf4, + 0x44, + 0xd4, + 0xd1, + 0xe9, + 0xfc, + 0x33, + 0x68, + 0x5e, + 0xe2, + 0x68, + 0x99, + 0x9c, + 0x91, + 0xe8, + 0x72, + 0xc9, + 0xd7, + 0x8c, + 0x80, + 0x20, + 0x8e, + 0x77, + 0x83, + 0x4d, + 0xe4, + 0xab, + 0xf9, + 0x74, + 0xa1, + 0xdf, + 0xd3, + 0xc0, + 0x0d, + 0x5b, + 0x05, + 0x51, + 0xc2, + 0x6f, + 0xb2, + 0x91, + 0x02, + 0xec, + 0xc0, + 0x02, + 0x1a, + 0x5c, + 0x91, + 0x05, + 0xf1, + 0xe3, + 0xfa, + 0x65, + 0xc2, + 0xad, + 0x24, + 0xe6, + 0xe5, + 0x3c, + 0xb6, + 0x16, + 0xf1, + 0xa1, + 0x67, + 0x1a, + 0x9d, + 0x37, + 0x56, + 0xbf, + 0x01, + 0xd7, + 0x3b, + 0x35, + 0x30, + 0x57, + 0x73, + 0xf4, + 0xf0, + 0x5e, + 0xa7, + 0xe8, + 0x0a, + 0xc1, + 0x94, + 0x17, + 0xcf, + 0x0a, + 0xbd, + 0xf5, + 0x31, + 0xa7, + 0x2d, + 0xf7, + 0xf5, + 0xd9, + 0x8c, + 0xc2, + 0x01, + 0xbd, + 0xda, + 0x16, + 0x8e, + 0xb9, + 0x30, + 0x40, + 0xa6, + 0x6e, + 0xbd, + 0xcd, + 0x4d, + 0x84, + 0x67, + 0x4e, + 0x0b, + 0xce, + 0xd5, + 0xef, + 0xf8, + 0x08, + 0x63, + 0x02, + 0xc6, + 0xc7, + 0xf7, + 0x67, + 0x92, + 0xe2, + 0x23, + 0x9d, + 0x27, + 0x22, + 0x1d, + 0xc6, + 0x67, + 0x5e, + 0x66, + 0xbf, + 0x03, + 0xb8, + 0xa9, + 0x67, + 0xd4, + 0x39, + 0xd8, + 0x75, + 0xfa, + 0xe8, + 0xed, + 0x56, + 0xb8, + 0x81, + 0x02, + 0x81, + 0x81, + 0x00, + 0xf7, + 0x46, + 0x68, + 0xc6, + 0x13, + 0xf8, + 0xba, + 0x0f, + 0x83, + 0xdb, + 0x05, + 0xa8, + 0x25, + 0x00, + 0x70, + 0x9c, + 0x9e, + 0x8b, + 0x12, + 0x34, + 0x0d, + 0x96, + 0xcf, + 0x0d, + 0x98, + 0x9b, + 0x8d, + 0x9c, + 0x96, + 0x78, + 0xd1, + 0x3c, + 0x01, + 0x8c, + 0xb9, + 0x35, + 0x5c, + 0x20, + 0x42, + 0xb4, + 0x38, + 0xe3, + 0xd6, + 0x54, + 0xe7, + 0x55, + 0xd6, + 0x26, + 0x8a, + 0x0c, + 0xf6, + 0x1f, + 0xe0, + 0x04, + 0xc1, + 0x22, + 0x42, + 0x19, + 0x61, + 0xc4, + 0x94, + 0x7c, + 0x07, + 0x2e, + 0x80, + 0x52, + 0xfe, + 0x8d, + 0xe6, + 0x92, + 0x3a, + 0x91, + 0xfe, + 0x72, + 0x99, + 0xe1, + 0x2a, + 0x73, + 0x76, + 0xb1, + 0x24, + 0x20, + 0x67, + 0xde, + 0x28, + 0xcb, + 0x0e, + 0xe6, + 0x52, + 0xb5, + 0xfa, + 0xfb, + 0x8b, + 0x1e, + 0x6a, + 0x1d, + 0x09, + 0x26, + 0xb9, + 0xa7, + 0x61, + 0xba, + 0xf8, + 0x79, + 0xd2, + 0x66, + 0x57, + 0x28, + 0xd7, + 0x31, + 0xb5, + 0x0b, + 0x27, + 0x19, + 0x1e, + 0x6f, + 0x46, + 0xfc, + 0x54, + 0x95, + 0xeb, + 0x78, + 0x01, + 0xb6, + 0xd9, + 0x79, + 0x5a, + 0x4d, + 0x02, + 0x81, + 0x81, + 0x00, + 0xd5, + 0x8f, + 0x16, + 0x53, + 0x2f, + 0x57, + 0x93, + 0xbf, + 0x09, + 0x75, + 0xbf, + 0x63, + 0x40, + 0x3d, + 0x27, + 0xfd, + 0x23, + 0x21, + 0xde, + 0x9b, + 0xe9, + 0x73, + 0x3f, + 0x49, + 0x02, + 0xd2, + 0x38, + 0x96, + 0xcf, + 0xc3, + 0xba, + 0x92, + 0x07, + 0x87, + 0x52, + 0xa9, + 0x35, + 0xe3, + 0x0c, + 0xe4, + 0x2f, + 0x05, + 0x7b, + 0x37, + 0xa5, + 0x40, + 0x9c, + 0x3b, + 0x94, + 0xf7, + 0xad, + 0xa0, + 0xee, + 0x3a, + 0xa8, + 0xfb, + 0x1f, + 0x11, + 0x1f, + 0xd8, + 0x9a, + 0x80, + 0x42, + 0x3d, + 0x7f, + 0xa4, + 0xb8, + 0x9a, + 0xaa, + 0xea, + 0x72, + 0xc1, + 0xe3, + 0xed, + 0x06, + 0x60, + 0x92, + 0x37, + 0xf9, + 0xba, + 0xfb, + 0x9e, + 0xed, + 0x05, + 0xa6, + 0xd4, + 0x72, + 0x68, + 0x4f, + 0x63, + 0xfe, + 0xd6, + 0x10, + 0x0d, + 0x4f, + 0x0a, + 0x93, + 0xc6, + 0xb9, + 0xd7, + 0xaf, + 0xfd, + 0xd9, + 0x57, + 0x7d, + 0xcb, + 0x75, + 0xe8, + 0x93, + 0x2b, + 0xae, + 0x4f, + 0xea, + 0xd7, + 0x30, + 0x0b, + 0x58, + 0x44, + 0x82, + 0x0f, + 0x84, + 0x5d, + 0x62, + 0x11, + 0x78, + 0xea, + 0x5f, + 0xc5, + 0x02, + 0x81, + 0x81, + 0x00, + 0x82, + 0x0c, + 0xc1, + 0xe6, + 0x0b, + 0x72, + 0xf1, + 0x48, + 0x5f, + 0xac, + 0xbd, + 0x98, + 0xe5, + 0x7d, + 0x09, + 0xbd, + 0x15, + 0x95, + 0x47, + 0x09, + 0xa1, + 0x6c, + 0x03, + 0x91, + 0xbf, + 0x05, + 0x70, + 0xc1, + 0x3e, + 0x52, + 0x64, + 0x99, + 0x0e, + 0xa7, + 0x98, + 0x70, + 0xfb, + 0xf6, + 0xeb, + 0x9e, + 0x25, + 0x9d, + 0x8e, + 0x88, + 0x30, + 0xf2, + 0xf0, + 0x22, + 0x6c, + 0xd0, + 0xcc, + 0x51, + 0x8f, + 0x5c, + 0x70, + 0xc7, + 0x37, + 0xc4, + 0x69, + 0xab, + 0x1d, + 0xfc, + 0xed, + 0x3a, + 0x03, + 0xbb, + 0xa2, + 0xad, + 0xb6, + 0xea, + 0x89, + 0x6b, + 0x67, + 0x4b, + 0x96, + 0xaa, + 0xd9, + 0xcc, + 0xc8, + 0x4b, + 0xfa, + 0x18, + 0x21, + 0x08, + 0xb2, + 0xa3, + 0xb9, + 0x3e, + 0x61, + 0x99, + 0xdc, + 0x5a, + 0x97, + 0x9c, + 0x73, + 0x6a, + 0xb9, + 0xf9, + 0x68, + 0x03, + 0x24, + 0x5f, + 0x55, + 0x77, + 0x9c, + 0xb4, + 0xbe, + 0x7a, + 0x78, + 0x53, + 0x68, + 0x48, + 0x69, + 0x53, + 0xc8, + 0xb1, + 0xf5, + 0xbf, + 0x98, + 0x2d, + 0x11, + 0x1e, + 0x98, + 0xa8, + 0x36, + 0x50, + 0xa0, + 0xb1, + 0x02, + 0x81, + 0x81, + 0x00, + 0x90, + 0x88, + 0x30, + 0x71, + 0xc7, + 0xfe, + 0x9b, + 0x6d, + 0x95, + 0x37, + 0x6d, + 0x79, + 0xfc, + 0x85, + 0xe7, + 0x44, + 0x78, + 0xbc, + 0x79, + 0x6e, + 0x47, + 0x86, + 0xc9, + 0xf3, + 0xdd, + 0xc6, + 0xec, + 0xa9, + 0x94, + 0x9f, + 0x40, + 0xeb, + 0x87, + 0xd0, + 0xdb, + 0xee, + 0xcd, + 0x1b, + 0x87, + 0x23, + 0xff, + 0x76, + 0xd4, + 0x37, + 0x8a, + 0xcd, + 0xb9, + 0x6e, + 0xd1, + 0x98, + 0xf6, + 0x97, + 0x8d, + 0xe3, + 0x81, + 0x6d, + 0xc3, + 0x4e, + 0xd1, + 0xa0, + 0xc4, + 0x9f, + 0xbd, + 0x34, + 0xe5, + 0xe8, + 0x53, + 0x4f, + 0xca, + 0x10, + 0xb5, + 0xed, + 0xe7, + 0x16, + 0x09, + 0x54, + 0xde, + 0x60, + 0xa7, + 0xd1, + 0x16, + 0x6e, + 0x2e, + 0xb7, + 0xbe, + 0x7a, + 0xd5, + 0x9b, + 0x26, + 0xef, + 0xe4, + 0x0e, + 0x77, + 0xfa, + 0xa9, + 0xdd, + 0xdc, + 0xb9, + 0x88, + 0x19, + 0x23, + 0x70, + 0xc7, + 0xe1, + 0x60, + 0xaf, + 0x8c, + 0x73, + 0x04, + 0xf7, + 0x71, + 0x17, + 0x81, + 0x36, + 0x75, + 0xbb, + 0x97, + 0xd7, + 0x75, + 0xb6, + 0x8e, + 0xbc, + 0xac, + 0x9c, + 0x6a, + 0x9b, + 0x24, + 0x89, + 0x02, + 0x81, + 0x80, + 0x5a, + 0x2b, + 0xc7, + 0x6b, + 0x8c, + 0x65, + 0xdb, + 0x04, + 0x73, + 0xab, + 0x25, + 0xe1, + 0x5b, + 0xbc, + 0x3c, + 0xcf, + 0x5a, + 0x3c, + 0x04, + 0xae, + 0x97, + 0x2e, + 0xfd, + 0xa4, + 0x97, + 0x1f, + 0x05, + 0x17, + 0x27, + 0xac, + 0x7c, + 0x30, + 0x85, + 0xb4, + 0x82, + 0x3f, + 0x5b, + 0xb7, + 0x94, + 0x3b, + 0x7f, + 0x6c, + 0x0c, + 0xc7, + 0x16, + 0xc6, + 0xa0, + 0xbd, + 0x80, + 0xb0, + 0x81, + 0xde, + 0xa0, + 0x23, + 0xa6, + 0xf6, + 0x75, + 0x33, + 0x51, + 0x35, + 0xa2, + 0x75, + 0x55, + 0x70, + 0x4d, + 0x42, + 0xbb, + 0xcf, + 0x54, + 0xe4, + 0xdb, + 0x2d, + 0x88, + 0xa0, + 0x7a, + 0xf2, + 0x17, + 0xa7, + 0xdd, + 0x13, + 0x44, + 0x9f, + 0x5f, + 0x6b, + 0x2c, + 0x42, + 0x42, + 0x8b, + 0x13, + 0x4d, + 0xf9, + 0x5b, + 0xf8, + 0x33, + 0x42, + 0xd9, + 0x9e, + 0x50, + 0x1c, + 0x7c, + 0xbc, + 0xfa, + 0x62, + 0x85, + 0x0b, + 0xcf, + 0x99, + 0xda, + 0x9e, + 0x04, + 0x90, + 0xb2, + 0xc6, + 0xb2, + 0x0a, + 0x2a, + 0x7c, + 0x6d, + 0x6a, + 0x40, + 0xfc, + 0xf5, + 0x50, + 0x98, + 0x46, + 0x89, + 0x82, + 0x40, }; #endif #ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* * -----BEGIN EC PRIVATE KEY----- * MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49 @@ -228,7 +2027,7 @@ 0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a }; -# endif +#endif /* * -----BEGIN CERTIFICATE----- @@ -476,7 +2275,12 @@ #define FUZZTIME 1485898104 -#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; } +#define TIME_IMPL(t) \ + { \ + if (t != NULL) \ + *t = FUZZTIME; \ + return FUZZTIME; \ + } /* * This might not work in all cases (and definitely not on Windows @@ -489,7 +2293,7 @@ time_t time(time_t *t) TIME_IMPL(t) #endif -int FuzzerInitialize(int *argc, char ***argv) + int FuzzerInitialize(int *argc, char ***argv) { STACK_OF(SSL_COMP) *comp_methods; @@ -511,7 +2315,7 @@ SSL *server; BIO *in; BIO *out; -#if !defined(OPENSSL_NO_EC) \ +#if !defined(OPENSSL_NO_EC) \ || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) BIO *bio_buf; #endif @@ -526,9 +2330,9 @@ #endif X509 *cert; #ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC EC_KEY *ecdsakey = NULL; -# endif +#endif #endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) DSA *dsakey = NULL; @@ -566,7 +2370,7 @@ X509_free(cert); #ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* ECDSA */ bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM)); @@ -579,7 +2383,7 @@ ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); -# endif +#endif bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM)); cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); @@ -620,13 +2424,12 @@ SSL_set_bio(server, in, out); SSL_set_accept_state(server); - opt = (uint8_t)buf[len-1]; + opt = (uint8_t)buf[len - 1]; len--; OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); - if ((opt & 0x01) != 0) - { + if ((opt & 0x01) != 0) { do { char early_buf[16384]; size_t early_len; --- crypto/openssl/fuzz/test-corpus.c.orig +++ crypto/openssl/fuzz/test-corpus.c @@ -23,16 +23,16 @@ #include "internal/o_dir.h" #if defined(_WIN32) && defined(_MAX_PATH) && !defined(PATH_MAX) -# define PATH_MAX _MAX_PATH +#define PATH_MAX _MAX_PATH #endif #ifndef PATH_MAX -# define PATH_MAX 4096 +#define PATH_MAX 4096 #endif -# if !defined(S_ISREG) -# define S_ISREG(m) ((m) & S_IFREG) -# endif +#if !defined(S_ISREG) +#define S_ISREG(m) ((m) & S_IFREG) +#endif static void testfile(const char *pathname) { @@ -58,7 +58,8 @@ fclose(f); } -int main(int argc, char **argv) { +int main(int argc, char **argv) +{ int n; FuzzerInitialize(&argc, &argv); --- crypto/openssl/fuzz/x509.c.orig +++ crypto/openssl/fuzz/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,7 +19,8 @@ { FuzzerSetRand(); OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS - | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); + | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, + NULL); ERR_clear_error(); CRYPTO_free_ex_index(0, -1); return 1; @@ -78,9 +79,13 @@ resp = d2i_OCSP_RESPONSE(NULL, &p, len); store = X509_STORE_new(); + if (store == NULL) + goto err; X509_STORE_add_cert(store, x509_2); param = X509_VERIFY_PARAM_new(); + if (param == NULL) + goto err; X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); @@ -127,7 +132,7 @@ if (id == NULL) goto err; OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd, - &nextupd); + &nextupd); } err: --- crypto/openssl/include/crypto/aes_platform.h.orig +++ crypto/openssl/include/crypto/aes_platform.h @@ -8,250 +8,241 @@ */ #ifndef OSSL_AES_PLATFORM_H -# define OSSL_AES_PLATFORM_H -# pragma once +#define OSSL_AES_PLATFORM_H +#pragma once -# include +#include -# ifdef VPAES_ASM +#ifdef VPAES_ASM int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); void vpaes_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void vpaes_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void vpaes_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); -# endif /* VPAES_ASM */ + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); +#endif /* VPAES_ASM */ -# ifdef BSAES_ASM +#ifdef BSAES_ASM void ossl_bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[16], int enc); + size_t length, const AES_KEY *key, + unsigned char ivec[16], int enc); void ossl_bsaes_ctr32_encrypt_blocks(const unsigned char *in, - unsigned char *out, size_t len, - const AES_KEY *key, - const unsigned char ivec[16]); + unsigned char *out, size_t len, + const AES_KEY *key, + const unsigned char ivec[16]); void ossl_bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); void ossl_bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -# endif /* BSAES_ASM */ + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +#endif /* BSAES_ASM */ -# ifdef AES_CTR_ASM +#ifdef AES_CTR_ASM void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char ivec[AES_BLOCK_SIZE]); -# endif /* AES_CTR_ASM */ + size_t blocks, const AES_KEY *key, + const unsigned char ivec[AES_BLOCK_SIZE]); +#endif /* AES_CTR_ASM */ -# ifdef AES_XTS_ASM +#ifdef AES_XTS_ASM void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -# endif /* AES_XTS_ASM */ - -# if defined(OPENSSL_CPUID_OBJ) -# if (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) -# include "crypto/ppc_arch.h" -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) -# endif -# if !defined(OPENSSL_SYS_MACOSX) -# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) -# define HWAES_set_encrypt_key aes_p8_set_encrypt_key -# define HWAES_set_decrypt_key aes_p8_set_decrypt_key -# define HWAES_encrypt aes_p8_encrypt -# define HWAES_decrypt aes_p8_decrypt -# define HWAES_cbc_encrypt aes_p8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks -# define HWAES_xts_encrypt aes_p8_xts_encrypt -# define HWAES_xts_decrypt aes_p8_xts_decrypt -# endif /* OPENSSL_SYS_MACOSX */ -# endif /* PPC */ - -# if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -# include "arm_arch.h" -# if __ARM_MAX_ARCH__>=7 -# if defined(BSAES_ASM) -# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# if defined(VPAES_ASM) -# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) -# define HWAES_set_encrypt_key aes_v8_set_encrypt_key -# define HWAES_set_decrypt_key aes_v8_set_decrypt_key -# define HWAES_encrypt aes_v8_encrypt -# define HWAES_decrypt aes_v8_decrypt -# define HWAES_cbc_encrypt aes_v8_cbc_encrypt -# define HWAES_ecb_encrypt aes_v8_ecb_encrypt -# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) -# define HWAES_xts_encrypt aes_v8_xts_encrypt -# define HWAES_xts_decrypt aes_v8_xts_decrypt -# endif -# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks -# define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES)) -# define AES_GCM_ENC_BYTES 512 -# define AES_GCM_DEC_BYTES 512 -# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) -# define AES_gcm_encrypt armv8_aes_gcm_encrypt -# define AES_gcm_decrypt armv8_aes_gcm_decrypt -# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \ - (gctx)->gcm.ghash==gcm_ghash_v8) -size_t aes_gcm_enc_128_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, - uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_enc_192_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, - uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_enc_256_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, - uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_128_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, - uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_192_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, - uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_256_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, - uint64_t *Xi, unsigned char ivec[16], const void *key); + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +#endif /* AES_XTS_ASM */ + +#if defined(OPENSSL_CPUID_OBJ) +#if (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) +#include "crypto/ppc_arch.h" +#ifdef VPAES_ASM +#define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) +#endif +#if !defined(OPENSSL_SYS_MACOSX) +#define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) +#define HWAES_set_encrypt_key aes_p8_set_encrypt_key +#define HWAES_set_decrypt_key aes_p8_set_decrypt_key +#define HWAES_encrypt aes_p8_encrypt +#define HWAES_decrypt aes_p8_decrypt +#define HWAES_cbc_encrypt aes_p8_cbc_encrypt +#define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks +#define HWAES_xts_encrypt aes_p8_xts_encrypt +#define HWAES_xts_decrypt aes_p8_xts_decrypt +#endif /* OPENSSL_SYS_MACOSX */ +#endif /* PPC */ + +#if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +#include "arm_arch.h" +#if __ARM_MAX_ARCH__ >= 7 +#if defined(BSAES_ASM) +#define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +#endif +#if defined(VPAES_ASM) +#define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +#endif +#define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +#define HWAES_set_encrypt_key aes_v8_set_encrypt_key +#define HWAES_set_decrypt_key aes_v8_set_decrypt_key +#define HWAES_encrypt aes_v8_encrypt +#define HWAES_decrypt aes_v8_decrypt +#define HWAES_cbc_encrypt aes_v8_cbc_encrypt +#define HWAES_ecb_encrypt aes_v8_ecb_encrypt +#if __ARM_MAX_ARCH__ >= 8 && defined(__aarch64__) +#define HWAES_xts_encrypt aes_v8_xts_encrypt +#define HWAES_xts_decrypt aes_v8_xts_decrypt +#endif +#define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks +#define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES)) +#define AES_GCM_ENC_BYTES 512 +#define AES_GCM_DEC_BYTES 512 +#if __ARM_MAX_ARCH__ >= 8 && defined(__aarch64__) +#define AES_gcm_encrypt armv8_aes_gcm_encrypt +#define AES_gcm_decrypt armv8_aes_gcm_decrypt +#define AES_GCM_ASM(gctx) ((gctx)->ctr == aes_v8_ctr32_encrypt_blocks && (gctx)->gcm.ghash == gcm_ghash_v8) +size_t aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, - unsigned char ivec[16], u64 *Xi); + unsigned char ivec[16], u64 *Xi); size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, - unsigned char ivec[16], u64 *Xi); -void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); -# endif -# endif -# endif -# endif /* OPENSSL_CPUID_OBJ */ - -# if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) -# define AES_CBC_HMAC_SHA_CAPABLE 1 -# define AESNI_CBC_HMAC_SHA_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) -# endif - -# if defined(AES_ASM) && !defined(I386_ONLY) && ( \ - ((defined(__i386) || defined(__i386__) || \ - defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) + unsigned char ivec[16], u64 *Xi); +void gcm_ghash_v8(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len); +#endif +#endif +#endif +#endif /* OPENSSL_CPUID_OBJ */ + +#if defined(AES_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) +#define AES_CBC_HMAC_SHA_CAPABLE 1 +#define AESNI_CBC_HMAC_SHA_CAPABLE (OPENSSL_ia32cap_P[1] & (1 << (57 - 32))) +#endif + +#if defined(AES_ASM) && !defined(I386_ONLY) && (((defined(__i386) || defined(__i386__) || defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2)) || defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) /* AES-NI section */ -# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif -# ifdef BSAES_ASM -# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif +#define AESNI_CAPABLE (OPENSSL_ia32cap_P[1] & (1 << (57 - 32))) +#ifdef VPAES_ASM +#define VPAES_CAPABLE (OPENSSL_ia32cap_P[1] & (1 << (41 - 32))) +#endif +#ifdef BSAES_ASM +#define BSAES_CAPABLE (OPENSSL_ia32cap_P[1] & (1 << (41 - 32))) +#endif -# define AES_GCM_ENC_BYTES 32 -# define AES_GCM_DEC_BYTES 16 +#define AES_GCM_ENC_BYTES 32 +#define AES_GCM_DEC_BYTES 16 int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); void aesni_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void aesni_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void aesni_ecb_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, const AES_KEY *key, int enc); + unsigned char *out, + size_t length, const AES_KEY *key, int enc); void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); -# ifndef OPENSSL_NO_OCB + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); +#ifndef OPENSSL_NO_OCB void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -# endif /* OPENSSL_NO_OCB */ + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +#endif /* OPENSSL_NO_OCB */ void aesni_ctr32_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, const unsigned char *ivec); + unsigned char *out, + size_t blocks, + const void *key, const unsigned char *ivec); void aesni_xts_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); + unsigned char *out, + size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); void aesni_xts_decrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); + unsigned char *out, + size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); void aesni_ccm64_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, - const unsigned char ivec[16], - unsigned char cmac[16]); + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); void aesni_ccm64_decrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, - const unsigned char ivec[16], - unsigned char cmac[16]); + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); -# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +#if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], u64 *Xi); + const void *key, unsigned char ivec[16], u64 *Xi); size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], u64 *Xi); + const void *key, unsigned char ivec[16], u64 *Xi); void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len); -# define AES_gcm_encrypt aesni_gcm_encrypt -# define AES_gcm_decrypt aesni_gcm_decrypt -# define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && \ - ctx->gcm.ghash == gcm_ghash_avx) -# endif +#define AES_gcm_encrypt aesni_gcm_encrypt +#define AES_gcm_decrypt aesni_gcm_decrypt +#define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && ctx->gcm.ghash == gcm_ghash_avx) +#endif - -# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) +#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) /* Fujitsu SPARC64 X support */ -# include "crypto/sparc_arch.h" +#include "crypto/sparc_arch.h" -# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) -# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) -# define HWAES_set_encrypt_key aes_fx_set_encrypt_key -# define HWAES_set_decrypt_key aes_fx_set_decrypt_key -# define HWAES_encrypt aes_fx_encrypt -# define HWAES_decrypt aes_fx_decrypt -# define HWAES_cbc_encrypt aes_fx_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks +#define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) +#define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) +#define HWAES_set_encrypt_key aes_fx_set_encrypt_key +#define HWAES_set_decrypt_key aes_fx_set_decrypt_key +#define HWAES_encrypt aes_fx_encrypt +#define HWAES_decrypt aes_fx_decrypt +#define HWAES_cbc_encrypt aes_fx_cbc_encrypt +#define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); void aes_t4_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void aes_t4_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); /* * Key-length specific subroutines were chosen for following reason. * Each SPARC T4 core can execute up to 8 threads which share core's @@ -264,189 +255,158 @@ * by multiple key-length specific subroutines, so why fight? */ void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); + size_t blocks, const AES_KEY *key, + unsigned char *ivec); void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); + size_t blocks, const AES_KEY *key, + unsigned char *ivec); void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); + size_t blocks, const AES_KEY *key, + unsigned char *ivec); void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); -# elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) +#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) /* IBM S390X support */ -# include "s390x_arch.h" - +#include "s390x_arch.h" /* Convert key size to function code: [16,24,32] -> [18,19,20]. */ -# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) +#define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) /* Most modes of operation need km for partial block processing. */ -# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_256)) - -# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_cbc_CAPABLE 1 -# define S390X_aes_256_cbc_CAPABLE 1 - -# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE -# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE -# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE - -# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_256))) - -# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_256))) -# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_256)) -# define S390X_aes_128_cfb1_CAPABLE 0 -# define S390X_aes_192_cfb1_CAPABLE 0 -# define S390X_aes_256_cfb1_CAPABLE 0 - -# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_ctr_CAPABLE 1 -# define S390X_aes_256_ctr_CAPABLE 1 - -# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ -# define S390X_aes_256_xts_CAPABLE 1 - -# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_256))) - -# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_256))) -# define S390X_CCM_AAD_FLAG 0x40 - -# ifndef OPENSSL_NO_OCB -# define S390X_aes_128_ocb_CAPABLE 0 -# define S390X_aes_192_ocb_CAPABLE 0 -# define S390X_aes_256_ocb_CAPABLE 0 -# endif /* OPENSSL_NO_OCB */ - -# ifndef OPENSSL_NO_SIV -# define S390X_aes_128_siv_CAPABLE 0 -# define S390X_aes_192_siv_CAPABLE 0 -# define S390X_aes_256_siv_CAPABLE 0 -# endif /* OPENSSL_NO_SIV */ +#define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & S390X_CAPBIT(S390X_AES_128)) +#define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & S390X_CAPBIT(S390X_AES_192)) +#define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & S390X_CAPBIT(S390X_AES_256)) + +#define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ +#define S390X_aes_192_cbc_CAPABLE 1 +#define S390X_aes_256_cbc_CAPABLE 1 + +#define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE +#define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE +#define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE + +#define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && (OPENSSL_s390xcap_P.kmo[0] & S390X_CAPBIT(S390X_AES_128))) +#define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && (OPENSSL_s390xcap_P.kmo[0] & S390X_CAPBIT(S390X_AES_192))) +#define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && (OPENSSL_s390xcap_P.kmo[0] & S390X_CAPBIT(S390X_AES_256))) + +#define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_128))) +#define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_192))) +#define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_256))) +#define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_128)) +#define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_192)) +#define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_256)) +#define S390X_aes_128_cfb1_CAPABLE 0 +#define S390X_aes_192_cfb1_CAPABLE 0 +#define S390X_aes_256_cfb1_CAPABLE 0 + +#define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ +#define S390X_aes_192_ctr_CAPABLE 1 +#define S390X_aes_256_ctr_CAPABLE 1 + +#define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ +#define S390X_aes_256_xts_CAPABLE 1 + +#define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && (OPENSSL_s390xcap_P.kma[0] & S390X_CAPBIT(S390X_AES_128))) +#define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && (OPENSSL_s390xcap_P.kma[0] & S390X_CAPBIT(S390X_AES_192))) +#define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && (OPENSSL_s390xcap_P.kma[0] & S390X_CAPBIT(S390X_AES_256))) + +#define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && (OPENSSL_s390xcap_P.kmac[0] & S390X_CAPBIT(S390X_AES_128))) +#define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && (OPENSSL_s390xcap_P.kmac[0] & S390X_CAPBIT(S390X_AES_192))) +#define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && (OPENSSL_s390xcap_P.kmac[0] & S390X_CAPBIT(S390X_AES_256))) +#define S390X_CCM_AAD_FLAG 0x40 + +#ifndef OPENSSL_NO_OCB +#define S390X_aes_128_ocb_CAPABLE 0 +#define S390X_aes_192_ocb_CAPABLE 0 +#define S390X_aes_256_ocb_CAPABLE 0 +#endif /* OPENSSL_NO_OCB */ + +#ifndef OPENSSL_NO_SIV +#define S390X_aes_128_siv_CAPABLE 0 +#define S390X_aes_192_siv_CAPABLE 0 +#define S390X_aes_256_siv_CAPABLE 0 +#endif /* OPENSSL_NO_SIV */ /* Convert key size to function code: [16,24,32] -> [18,19,20]. */ -# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) -# endif +#define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) +#endif -# if defined(HWAES_CAPABLE) +#if defined(HWAES_CAPABLE) int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); void HWAES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void HWAES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); void HWAES_ecb_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - const int enc); + size_t length, const AES_KEY *key, + const int enc); void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - const unsigned char ivec[16]); + size_t len, const void *key, + const unsigned char ivec[16]); void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -# ifndef OPENSSL_NO_OCB -# ifdef HWAES_ocb_encrypt + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +#ifndef OPENSSL_NO_OCB +#ifdef HWAES_ocb_encrypt void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -# else -# define HWAES_ocb_encrypt ((ocb128_f)NULL) -# endif -# ifdef HWAES_ocb_decrypt + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +#else +#define HWAES_ocb_encrypt ((ocb128_f)NULL) +#endif +#ifdef HWAES_ocb_decrypt void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -# else -# define HWAES_ocb_decrypt ((ocb128_f)NULL) -# endif -# endif /* OPENSSL_NO_OCB */ - -# endif /* HWAES_CAPABLE */ + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +#else +#define HWAES_ocb_decrypt ((ocb128_f)NULL) +#endif +#endif /* OPENSSL_NO_OCB */ + +#endif /* HWAES_CAPABLE */ #endif /* OSSL_AES_PLATFORM_H */ --- crypto/openssl/include/crypto/aria.h.orig +++ crypto/openssl/include/crypto/aria.h @@ -8,23 +8,23 @@ * https://www.openssl.org/source/license.html */ - /* Copyright (c) 2017 National Security Research Institute. All rights reserved. */ +/* Copyright (c) 2017 National Security Research Institute. All rights reserved. */ #ifndef OSSL_CRYPTO_ARIA_H -# define OSSL_CRYPTO_ARIA_H -# pragma once +#define OSSL_CRYPTO_ARIA_H +#pragma once -# include +#include -# ifdef OPENSSL_NO_ARIA -# error ARIA is disabled. -# endif +#ifdef OPENSSL_NO_ARIA +#error ARIA is disabled. +#endif -# define ARIA_ENCRYPT 1 -# define ARIA_DECRYPT 0 +#define ARIA_ENCRYPT 1 +#define ARIA_DECRYPT 0 -# define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decryption block */ -# define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */ +#define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decryption block */ +#define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */ typedef union { unsigned char c[ARIA_BLOCK_SIZE]; @@ -39,13 +39,12 @@ }; typedef struct aria_key_st ARIA_KEY; - int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key); + ARIA_KEY *key); int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key); + ARIA_KEY *key); void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key); + const ARIA_KEY *key); #endif --- crypto/openssl/include/crypto/asn1.h.orig +++ crypto/openssl/include/crypto/asn1.h @@ -8,11 +8,11 @@ */ #ifndef OSSL_CRYPTO_ASN1_H -# define OSSL_CRYPTO_ASN1_H -# pragma once +#define OSSL_CRYPTO_ASN1_H +#pragma once -# include -# include /* OSSL_FUNC_keymgmt_import() */ +#include +#include /* OSSL_FUNC_keymgmt_import() */ /* Internal ASN1 structures and functions: not for application use */ @@ -26,67 +26,67 @@ unsigned long pkey_flags; char *pem_str; char *info; - int (*pub_decode) (EVP_PKEY *pk, const X509_PUBKEY *pub); - int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); - int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); - int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); - int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*pkey_size) (const EVP_PKEY *pk); - int (*pkey_bits) (const EVP_PKEY *pk); - int (*pkey_security_bits) (const EVP_PKEY *pk); - int (*param_decode) (EVP_PKEY *pkey, - const unsigned char **pder, int derlen); - int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); - int (*param_missing) (const EVP_PKEY *pk); - int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); - int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); - int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*sig_print) (BIO *out, - const X509_ALGOR *sigalg, const ASN1_STRING *sig, - int indent, ASN1_PCTX *pctx); - void (*pkey_free) (EVP_PKEY *pkey); - int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); + int (*pub_decode)(EVP_PKEY *pk, const X509_PUBKEY *pub); + int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk); + int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); + int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); + int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*pkey_size)(const EVP_PKEY *pk); + int (*pkey_bits)(const EVP_PKEY *pk); + int (*pkey_security_bits)(const EVP_PKEY *pk); + int (*param_decode)(EVP_PKEY *pkey, + const unsigned char **pder, int derlen); + int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder); + int (*param_missing)(const EVP_PKEY *pk); + int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); + int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); + int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*sig_print)(BIO *out, + const X509_ALGOR *sigalg, const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx); + void (*pkey_free)(EVP_PKEY *pkey); + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2); /* Legacy functions for old PEM */ - int (*old_priv_decode) (EVP_PKEY *pkey, - const unsigned char **pder, int derlen); - int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); + int (*old_priv_decode)(EVP_PKEY *pkey, + const unsigned char **pder, int derlen); + int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder); /* Custom ASN1 signature verification */ - int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data, - const X509_ALGOR *a, const ASN1_BIT_STRING *sig, - EVP_PKEY *pkey); - int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *sig); - int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig); + int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data, + const X509_ALGOR *a, const ASN1_BIT_STRING *sig, + EVP_PKEY *pkey); + int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *sig); + int (*siginf_set)(X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig); /* Check */ - int (*pkey_check) (const EVP_PKEY *pk); - int (*pkey_public_check) (const EVP_PKEY *pk); - int (*pkey_param_check) (const EVP_PKEY *pk); + int (*pkey_check)(const EVP_PKEY *pk); + int (*pkey_public_check)(const EVP_PKEY *pk); + int (*pkey_param_check)(const EVP_PKEY *pk); /* Get/set raw private/public key data */ - int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); - int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); - int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); - int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); + int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *priv, size_t len); + int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *pub, size_t len); + int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *priv, size_t *len); + int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *pub, size_t *len); /* Exports and imports to / from providers */ - size_t (*dirty_cnt) (const EVP_PKEY *pk); - int (*export_to) (const EVP_PKEY *pk, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq); + size_t (*dirty_cnt)(const EVP_PKEY *pk); + int (*export_to)(const EVP_PKEY *pk, void *to_keydata, + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq); OSSL_CALLBACK *import_from; - int (*copy) (EVP_PKEY *to, EVP_PKEY *from); + int (*copy)(EVP_PKEY *to, EVP_PKEY *from); - int (*priv_decode_ex) (EVP_PKEY *pk, - const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, - const char *propq); -} /* EVP_PKEY_ASN1_METHOD */ ; + int (*priv_decode_ex)(EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, + const char *propq); +} /* EVP_PKEY_ASN1_METHOD */; DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) @@ -107,16 +107,16 @@ * These are used internally in the ASN1_OBJECT to keep track of whether the * names and data need to be free()ed */ -# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ -# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ -# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ -# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ +#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ +#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ +#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ +#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ struct asn1_object_st { const char *sn, *ln; int nid; int length; - const unsigned char *data; /* data remains const after init */ - int flags; /* Should we free this one */ + const unsigned char *data; /* data remains const after init */ + int flags; /* Should we free this one */ }; /* ASN1 print context structure */ @@ -127,14 +127,14 @@ unsigned long cert_flags; unsigned long oid_flags; unsigned long str_flags; -} /* ASN1_PCTX */ ; +} /* ASN1_PCTX */; /* ASN1 type functions */ int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, - unsigned char *data, int len); + unsigned char *data, int len); int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len); + unsigned char *data, int max_len); int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md); const EVP_MD *ossl_x509_algor_get_md(X509_ALGOR *alg); @@ -142,8 +142,13 @@ int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md); int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags); -EVP_PKEY * ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, - const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq); +EVP_PKEY *ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, + const unsigned char **pp, long length, + OSSL_LIB_CTX *libctx, const char *propq); + +int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq); #endif /* ndef OSSL_CRYPTO_ASN1_H */ --- crypto/openssl/include/crypto/asn1_dsa.h.orig +++ crypto/openssl/include/crypto/asn1_dsa.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_CRYPTO_ASN1_DSA_H -# define OSSL_CRYPTO_ASN1_DSA_H -# pragma once +#define OSSL_CRYPTO_ASN1_DSA_H +#pragma once #include "internal/packet.h" @@ -19,6 +19,6 @@ int ossl_decode_der_length(PACKET *pkt, PACKET *subpkt); int ossl_decode_der_integer(PACKET *pkt, BIGNUM *n); size_t ossl_decode_der_dsa_sig(BIGNUM *r, BIGNUM *s, const unsigned char **ppin, - size_t len); + size_t len); #endif --- crypto/openssl/include/crypto/asn1err.h.orig +++ crypto/openssl/include/crypto/asn1err.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_ASN1ERR_H -# define OSSL_CRYPTO_ASN1ERR_H -# pragma once +#define OSSL_CRYPTO_ASN1ERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_ASN1_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/async.h.orig +++ crypto/openssl/include/crypto/async.h @@ -8,10 +8,10 @@ */ #ifndef OSSL_CRYPTO_ASYNC_H -# define OSSL_CRYPTO_ASYNC_H -# pragma once +#define OSSL_CRYPTO_ASYNC_H +#pragma once -# include +#include int async_init(void); void async_deinit(void); --- crypto/openssl/include/crypto/asyncerr.h.orig +++ crypto/openssl/include/crypto/asyncerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_ASYNCERR_H -# define OSSL_CRYPTO_ASYNCERR_H -# pragma once +#define OSSL_CRYPTO_ASYNCERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_ASYNC_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/bioerr.h.orig +++ crypto/openssl/include/crypto/bioerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_BIOERR_H -# define OSSL_CRYPTO_BIOERR_H -# pragma once +#define OSSL_CRYPTO_BIOERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_BIO_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/bn.h.orig +++ crypto/openssl/include/crypto/bn.h @@ -8,11 +8,11 @@ */ #ifndef OSSL_CRYPTO_BN_H -# define OSSL_CRYPTO_BN_H -# pragma once +#define OSSL_CRYPTO_BN_H +#pragma once -# include -# include +#include +#include BIGNUM *bn_wexpand(BIGNUM *a, int words); BIGNUM *bn_expand2(BIGNUM *a, int words); @@ -72,54 +72,54 @@ * code... */ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx); + BN_MONT_CTX *mont, BN_CTX *ctx); int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); + BN_CTX *ctx); int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); + BN_CTX *ctx); int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m); + const BIGNUM *m); int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m); + const BIGNUM *m); int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - const BIGNUM *d, BN_CTX *ctx); + const BIGNUM *d, BN_CTX *ctx); int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n); int ossl_bn_is_word_fixed_top(const BIGNUM *a, const BN_ULONG w); int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range, - unsigned int strength, BN_CTX *ctx); + unsigned int strength, BN_CTX *ctx); int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range, - const BIGNUM *priv, - const unsigned char *message, - size_t message_len, BN_CTX *ctx); + const BIGNUM *priv, + const unsigned char *message, + size_t message_len, BN_CTX *ctx); -#define BN_PRIMETEST_COMPOSITE 0 -#define BN_PRIMETEST_COMPOSITE_WITH_FACTOR 1 +#define BN_PRIMETEST_COMPOSITE 0 +#define BN_PRIMETEST_COMPOSITE_WITH_FACTOR 1 #define BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME 2 -#define BN_PRIMETEST_PROBABLY_PRIME 3 +#define BN_PRIMETEST_PROBABLY_PRIME 3 int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, - BN_GENCB *cb, int enhanced, int *status); + BN_GENCB *cb, int enhanced, int *status); const BIGNUM *ossl_bn_get0_small_factors(void); int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout, - BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, - const BIGNUM *Xp2, int nlen, - const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb); + BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, int nlen, + const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin, - const BIGNUM *r1, const BIGNUM *r2, - int nlen, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb); + const BIGNUM *r1, const BIGNUM *r2, + int nlen, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx); --- crypto/openssl/include/crypto/bn_conf.h.orig +++ crypto/openssl/include/crypto/bn_conf.h @@ -1,17 +1,19 @@ -/* $FreeBSD$ */ +/* clang-format off */ /* WARNING: do not edit! */ /* Generated by Makefile from include/crypto/bn_conf.h.in */ +/* clang-format on */ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #ifndef OSSL_CRYPTO_BN_CONF_H -# define OSSL_CRYPTO_BN_CONF_H +#define OSSL_CRYPTO_BN_CONF_H +#pragma once /* * The contents of this file are not used in the UEFI build, as @@ -22,6 +24,31 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ +/* clang-format off */ +#define SIXTY_FOUR_BIT_LONG + /* clang-format on */ + /* clang-format off */ +#undef SIXTY_FOUR_BIT + /* clang-format on */ + /* clang-format off */ +#undef THIRTY_TWO_BIT +/* clang-format on */ + +#endif + +/** + * OpenSSL's Configure script generates these values automatically for the host + * architecture, but FreeBSD provides values which are universal for all + * supported target architectures. + */ + +#ifndef __FREEBSD_BN_CONF_H__ +#define __FREEBSD_BN_CONF_H__ + +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT + # if __SIZEOF_LONG__ == 8 # define SIXTY_FOUR_BIT_LONG # undef SIXTY_FOUR_BIT @@ -34,4 +61,4 @@ # error Unsupported size of long # endif -#endif +#endif /* __FREEBSD_BN_CONF_H__ */ --- crypto/openssl/include/crypto/bn_conf.h.in.orig +++ crypto/openssl/include/crypto/bn_conf.h.in @@ -1,4 +1,6 @@ +/* clang-format off */ {- join("\n",map { "/* $_ */" } @autowarntext) -} +/* clang-format on */ /* * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * @@ -9,8 +11,8 @@ */ #ifndef OSSL_CRYPTO_BN_CONF_H -# define OSSL_CRYPTO_BN_CONF_H -# pragma once +#define OSSL_CRYPTO_BN_CONF_H +#pragma once /* * The contents of this file are not used in the UEFI build, as @@ -21,8 +23,14 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ +/* clang-format off */ {- $config{b64l} ? "#define" : "#undef" -} SIXTY_FOUR_BIT_LONG + /* clang-format on */ + /* clang-format off */ {- $config{b64} ? "#define" : "#undef" -} SIXTY_FOUR_BIT + /* clang-format on */ + /* clang-format off */ {- $config{b32} ? "#define" : "#undef" -} THIRTY_TWO_BIT +/* clang-format on */ #endif --- crypto/openssl/include/crypto/bn_dh.h.orig +++ crypto/openssl/include/crypto/bn_dh.h @@ -7,16 +7,16 @@ * https://www.openssl.org/source/license.html */ -#define declare_dh_bn(x) \ - extern const BIGNUM ossl_bignum_dh##x##_p; \ - extern const BIGNUM ossl_bignum_dh##x##_q; \ - extern const BIGNUM ossl_bignum_dh##x##_g; \ +#define declare_dh_bn(x) \ + extern const BIGNUM ossl_bignum_dh##x##_p; \ + extern const BIGNUM ossl_bignum_dh##x##_q; \ + extern const BIGNUM ossl_bignum_dh##x##_g; declare_dh_bn(1024_160) -declare_dh_bn(2048_224) -declare_dh_bn(2048_256) + declare_dh_bn(2048_224) + declare_dh_bn(2048_256) -extern const BIGNUM ossl_bignum_const_2; + extern const BIGNUM ossl_bignum_const_2; extern const BIGNUM ossl_bignum_ffdhe2048_p; extern const BIGNUM ossl_bignum_ffdhe3072_p; --- crypto/openssl/include/crypto/bnerr.h.orig +++ crypto/openssl/include/crypto/bnerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_BNERR_H -# define OSSL_CRYPTO_BNERR_H -# pragma once +#define OSSL_CRYPTO_BNERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_BN_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/buffererr.h.orig +++ crypto/openssl/include/crypto/buffererr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_BUFFERERR_H -# define OSSL_CRYPTO_BUFFERERR_H -# pragma once +#define OSSL_CRYPTO_BUFFERERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_BUF_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/chacha.h.orig +++ crypto/openssl/include/crypto/chacha.h @@ -9,7 +9,7 @@ #ifndef OSSL_CRYPTO_CHACHA_H #define OSSL_CRYPTO_CHACHA_H -# pragma once +#pragma once #include @@ -25,19 +25,18 @@ * efficiency in multi-call scenarios. */ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); + size_t len, const unsigned int key[8], + const unsigned int counter[4]); /* * You can notice that there is no key setup procedure. Because it's * as trivial as collecting bytes into 32-bit elements, it's reckoned * that below macro is sufficient. */ -#define CHACHA_U8TOU32(p) ( \ - ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \ - ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) ) +#define CHACHA_U8TOU32(p) ( \ + ((unsigned int)(p)[0]) | ((unsigned int)(p)[1] << 8) | ((unsigned int)(p)[2] << 16) | ((unsigned int)(p)[3] << 24)) -#define CHACHA_KEY_SIZE 32 -#define CHACHA_CTR_SIZE 16 -#define CHACHA_BLK_SIZE 64 +#define CHACHA_KEY_SIZE 32 +#define CHACHA_CTR_SIZE 16 +#define CHACHA_BLK_SIZE 64 #endif --- crypto/openssl/include/crypto/cmll_platform.h.orig +++ crypto/openssl/include/crypto/cmll_platform.h @@ -8,44 +8,44 @@ */ #ifndef OSSL_CMLL_PLATFORM_H -# define OSSL_CMLL_PLATFORM_H -# pragma once +#define OSSL_CMLL_PLATFORM_H +#pragma once -# if defined(CMLL_ASM) && (defined(__sparc) || defined(__sparc__)) +#if defined(CMLL_ASM) && (defined(__sparc) || defined(__sparc__)) /* Fujitsu SPARC64 X support */ -# include "crypto/sparc_arch.h" +#include "crypto/sparc_arch.h" -# ifndef OPENSSL_NO_CAMELLIA -# define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA) -# include +#ifndef OPENSSL_NO_CAMELLIA +#define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA) +#include void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks); void cmll_t4_encrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key); + const CAMELLIA_KEY *key); void cmll_t4_decrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key); + const CAMELLIA_KEY *key); void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, int /*unused*/); void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, int /*unused*/); void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, int /*unused*/); void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec, int /*unused*/); + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, int /*unused*/); void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const CAMELLIA_KEY *key, - unsigned char *ivec); + size_t blocks, const CAMELLIA_KEY *key, + unsigned char *ivec); void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const CAMELLIA_KEY *key, - unsigned char *ivec); -# endif /* OPENSSL_NO_CAMELLIA */ + size_t blocks, const CAMELLIA_KEY *key, + unsigned char *ivec); +#endif /* OPENSSL_NO_CAMELLIA */ -# endif /* CMLL_ASM && sparc */ +#endif /* CMLL_ASM && sparc */ #endif /* OSSL_CRYPTO_CIPHERMODE_PLATFORM_H */ --- crypto/openssl/include/crypto/cmperr.h.orig +++ crypto/openssl/include/crypto/cmperr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_CMPERR_H -# define OSSL_CRYPTO_CMPERR_H -# pragma once +#define OSSL_CRYPTO_CMPERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_CMP +#ifndef OPENSSL_NO_CMP int ossl_err_load_CMP_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/cmserr.h.orig +++ crypto/openssl/include/crypto/cmserr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_CMSERR_H -# define OSSL_CRYPTO_CMSERR_H -# pragma once +#define OSSL_CRYPTO_CMSERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_CMS +#ifndef OPENSSL_NO_CMS int ossl_err_load_CMS_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/comperr.h.orig +++ crypto/openssl/include/crypto/comperr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_COMPERR_H -# define OSSL_CRYPTO_COMPERR_H -# pragma once +#define OSSL_CRYPTO_COMPERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_COMP +#ifndef OPENSSL_NO_COMP int ossl_err_load_COMP_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/conferr.h.orig +++ crypto/openssl/include/crypto/conferr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_CONFERR_H -# define OSSL_CRYPTO_CONFERR_H -# pragma once +#define OSSL_CRYPTO_CONFERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_CONF_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/crmferr.h.orig +++ crypto/openssl/include/crypto/crmferr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_CRMFERR_H -# define OSSL_CRYPTO_CRMFERR_H -# pragma once +#define OSSL_CRYPTO_CRMFERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_CRMF +#ifndef OPENSSL_NO_CRMF int ossl_err_load_CRMF_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/cryptlib.h.orig +++ crypto/openssl/include/crypto/cryptlib.h @@ -8,16 +8,16 @@ */ #ifndef OSSL_CRYPTO_CRYPTLIB_H -# define OSSL_CRYPTO_CRYPTLIB_H -# pragma once +#define OSSL_CRYPTO_CRYPTLIB_H +#pragma once -# include -# include "internal/cryptlib.h" +#include +#include "internal/cryptlib.h" /* This file is not scanned by mkdef.pl, whereas cryptlib.h is */ int ossl_init_thread_start(const void *index, void *arg, - OSSL_thread_stop_handler_fn handfn); + OSSL_thread_stop_handler_fn handfn); int ossl_init_thread_deregister(void *index); int ossl_init_thread(void); void ossl_cleanup_thread(void); @@ -28,12 +28,12 @@ * are those omitted from crypto.h because they are "reserved for internal * use". */ -# define OPENSSL_INIT_BASE_ONLY 0x00040000L +#define OPENSSL_INIT_BASE_ONLY 0x00040000L void ossl_trace_cleanup(void); void ossl_malloc_setup_failures(void); int ossl_crypto_alloc_ex_data_intern(int class_index, void *obj, - CRYPTO_EX_DATA *ad, int idx); + CRYPTO_EX_DATA *ad, int idx); -#endif /* OSSL_CRYPTO_CRYPTLIB_H */ +#endif /* OSSL_CRYPTO_CRYPTLIB_H */ --- crypto/openssl/include/crypto/cryptoerr.h.orig +++ crypto/openssl/include/crypto/cryptoerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_CRYPTOERR_H -# define OSSL_CRYPTO_CRYPTOERR_H -# pragma once +#define OSSL_CRYPTO_CRYPTOERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_CRYPTO_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/cterr.h.orig +++ crypto/openssl/include/crypto/cterr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_CTERR_H -# define OSSL_CRYPTO_CTERR_H -# pragma once +#define OSSL_CRYPTO_CTERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT int ossl_err_load_CT_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/ctype.h.orig +++ crypto/openssl/include/crypto/ctype.h @@ -19,26 +19,26 @@ * details. */ #ifndef OSSL_CRYPTO_CTYPE_H -# define OSSL_CRYPTO_CTYPE_H -# pragma once +#define OSSL_CRYPTO_CTYPE_H +#pragma once -# include +#include -# define CTYPE_MASK_lower 0x1 -# define CTYPE_MASK_upper 0x2 -# define CTYPE_MASK_digit 0x4 -# define CTYPE_MASK_space 0x8 -# define CTYPE_MASK_xdigit 0x10 -# define CTYPE_MASK_blank 0x20 -# define CTYPE_MASK_cntrl 0x40 -# define CTYPE_MASK_graph 0x80 -# define CTYPE_MASK_print 0x100 -# define CTYPE_MASK_punct 0x200 -# define CTYPE_MASK_base64 0x400 -# define CTYPE_MASK_asn1print 0x800 +#define CTYPE_MASK_lower 0x1 +#define CTYPE_MASK_upper 0x2 +#define CTYPE_MASK_digit 0x4 +#define CTYPE_MASK_space 0x8 +#define CTYPE_MASK_xdigit 0x10 +#define CTYPE_MASK_blank 0x20 +#define CTYPE_MASK_cntrl 0x40 +#define CTYPE_MASK_graph 0x80 +#define CTYPE_MASK_print 0x100 +#define CTYPE_MASK_punct 0x200 +#define CTYPE_MASK_base64 0x400 +#define CTYPE_MASK_asn1print 0x800 -# define CTYPE_MASK_alpha (CTYPE_MASK_lower | CTYPE_MASK_upper) -# define CTYPE_MASK_alnum (CTYPE_MASK_alpha | CTYPE_MASK_digit) +#define CTYPE_MASK_alpha (CTYPE_MASK_lower | CTYPE_MASK_upper) +#define CTYPE_MASK_alnum (CTYPE_MASK_alpha | CTYPE_MASK_digit) /* * The ascii mask assumes that any other classification implies that @@ -47,15 +47,15 @@ * * This assumption holds at the moment, but it might not in the future. */ -# define CTYPE_MASK_ascii (~0) +#define CTYPE_MASK_ascii (~0) -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC int ossl_toascii(int c); int ossl_fromascii(int c); -# else -# define ossl_toascii(c) (c) -# define ossl_fromascii(c) (c) -# endif +#else +#define ossl_toascii(c) (c) +#define ossl_fromascii(c) (c) +#endif int ossl_ctype_check(int c, unsigned int mask); int ossl_tolower(int c); @@ -67,20 +67,20 @@ int ossl_ascii_isdigit(int c); -# define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum)) -# define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha)) -# ifdef CHARSET_EBCDIC -# define ossl_isascii(c) (ossl_ctype_check((c), CTYPE_MASK_ascii)) -# else -# define ossl_isascii(c) (((c) & ~127) == 0) -# endif -# define ossl_isblank(c) (ossl_ctype_check((c), CTYPE_MASK_blank)) -# define ossl_iscntrl(c) (ossl_ctype_check((c), CTYPE_MASK_cntrl)) -# define ossl_isgraph(c) (ossl_ctype_check((c), CTYPE_MASK_graph)) -# define ossl_isprint(c) (ossl_ctype_check((c), CTYPE_MASK_print)) -# define ossl_ispunct(c) (ossl_ctype_check((c), CTYPE_MASK_punct)) -# define ossl_isspace(c) (ossl_ctype_check((c), CTYPE_MASK_space)) -# define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit)) -# define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) -# define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) +#define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum)) +#define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha)) +#ifdef CHARSET_EBCDIC +#define ossl_isascii(c) (ossl_ctype_check((c), CTYPE_MASK_ascii)) +#else +#define ossl_isascii(c) (((c) & ~127) == 0) +#endif +#define ossl_isblank(c) (ossl_ctype_check((c), CTYPE_MASK_blank)) +#define ossl_iscntrl(c) (ossl_ctype_check((c), CTYPE_MASK_cntrl)) +#define ossl_isgraph(c) (ossl_ctype_check((c), CTYPE_MASK_graph)) +#define ossl_isprint(c) (ossl_ctype_check((c), CTYPE_MASK_print)) +#define ossl_ispunct(c) (ossl_ctype_check((c), CTYPE_MASK_punct)) +#define ossl_isspace(c) (ossl_ctype_check((c), CTYPE_MASK_space)) +#define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit)) +#define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) +#define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) #endif --- crypto/openssl/include/crypto/decoder.h.orig +++ crypto/openssl/include/crypto/decoder.h @@ -8,14 +8,14 @@ */ #ifndef OSSL_CRYPTO_DECODER_H -# define OSSL_CRYPTO_DECODER_H -# pragma once +#define OSSL_CRYPTO_DECODER_H +#pragma once -# include +#include OSSL_DECODER *ossl_decoder_fetch_by_number(OSSL_LIB_CTX *libctx, - int id, - const char *properties); + int id, + const char *properties); /* * These are specially made for the 'file:' provider-native loader, which @@ -24,18 +24,18 @@ * (provider-object(7)). */ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov); + OSSL_PROVIDER *prov); OSSL_DECODER_INSTANCE * ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx); void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst); int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_INSTANCE *di); + OSSL_DECODER_INSTANCE *di); int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, - EVP_PKEY **pkey, const char *keytype, - OSSL_LIB_CTX *libctx, - const char *propquery); + EVP_PKEY **pkey, const char *keytype, + OSSL_LIB_CTX *libctx, + const char *propquery); int ossl_decoder_get_number(const OSSL_DECODER *encoder); int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx); --- crypto/openssl/include/crypto/decodererr.h.orig +++ crypto/openssl/include/crypto/decodererr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_DECODERERR_H -# define OSSL_CRYPTO_DECODERERR_H -# pragma once +#define OSSL_CRYPTO_DECODERERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_OSSL_DECODER_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/des_platform.h.orig +++ crypto/openssl/include/crypto/des_platform.h @@ -8,28 +8,28 @@ */ #ifndef OSSL_DES_PLATFORM_H -# define OSSL_DES_PLATFORM_H -# pragma once +#define OSSL_DES_PLATFORM_H +#pragma once -# if defined(DES_ASM) && (defined(__sparc) || defined(__sparc__)) +#if defined(DES_ASM) && (defined(__sparc) || defined(__sparc__)) /* Fujitsu SPARC64 X support */ -# include "crypto/sparc_arch.h" +#include "crypto/sparc_arch.h" -# ifndef OPENSSL_NO_DES -# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) -# include +#ifndef OPENSSL_NO_DES +#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) +#include void des_t4_key_expand(const void *key, DES_key_schedule *ks); void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len, - const DES_key_schedule ks[3], unsigned char iv[8]); + const DES_key_schedule ks[3], unsigned char iv[8]); void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len, - const DES_key_schedule ks[3], unsigned char iv[8]); + const DES_key_schedule ks[3], unsigned char iv[8]); void des_t4_cbc_encrypt(const void *inp, void *out, size_t len, - const DES_key_schedule *ks, unsigned char iv[8]); + const DES_key_schedule *ks, unsigned char iv[8]); void des_t4_cbc_decrypt(const void *inp, void *out, size_t len, - const DES_key_schedule *ks, unsigned char iv[8]); -# endif /* OPENSSL_NO_DES */ + const DES_key_schedule *ks, unsigned char iv[8]); +#endif /* OPENSSL_NO_DES */ -# endif /* DES_ASM && sparc */ +#endif /* DES_ASM && sparc */ #endif /* OSSL_CRYPTO_CIPHERMODE_PLATFORM_H */ --- crypto/openssl/include/crypto/dh.h.orig +++ crypto/openssl/include/crypto/dh.h @@ -8,21 +8,21 @@ */ #ifndef OSSL_CRYPTO_DH_H -# define OSSL_CRYPTO_DH_H -# pragma once +#define OSSL_CRYPTO_DH_H +#pragma once -# include -# include -# include -# include "internal/ffc.h" +#include +#include +#include +#include "internal/ffc.h" DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid); DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx); void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx); int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, - BN_GENCB *cb); + BN_GENCB *cb); int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh, - const BIGNUM *priv_key, BIGNUM *pub_key); + const BIGNUM *priv_key, BIGNUM *pub_key); int ossl_dh_get_named_group_uid_from_size(int pbits); const char *ossl_dh_gen_type_id2name(int id); int ossl_dh_gen_type_name2id(const char *name, int type); @@ -35,9 +35,9 @@ int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[], int include_private); int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], - int include_private); + int include_private); DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret); @@ -48,15 +48,15 @@ int ossl_dh_buf2key(DH *key, const unsigned char *buf, size_t len); size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size, - int alloc); + int alloc); int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const char *cek_alg, - const unsigned char *ukm, size_t ukmlen, - const EVP_MD *md, - OSSL_LIB_CTX *libctx, const char *propq); + const unsigned char *Z, size_t Zlen, + const char *cek_alg, + const unsigned char *ukm, size_t ukmlen, + const EVP_MD *md, + OSSL_LIB_CTX *libctx, const char *propq); int ossl_dh_is_foreign(const DH *dh); DH *ossl_dh_dup(const DH *dh, int selection); -#endif /* OSSL_CRYPTO_DH_H */ +#endif /* OSSL_CRYPTO_DH_H */ --- crypto/openssl/include/crypto/dherr.h.orig +++ crypto/openssl/include/crypto/dherr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_DHERR_H -# define OSSL_CRYPTO_DHERR_H -# pragma once +#define OSSL_CRYPTO_DHERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH int ossl_err_load_DH_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/dsa.h.orig +++ crypto/openssl/include/crypto/dsa.h @@ -8,39 +8,39 @@ */ #ifndef OSSL_CRYPTO_DSA_H -# define OSSL_CRYPTO_DSA_H -# pragma once +#define OSSL_CRYPTO_DSA_H +#pragma once -# include -# include -# include "internal/ffc.h" +#include +#include +#include "internal/ffc.h" -#define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */ -#define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */ +#define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */ +#define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */ #define DSA_PARAMGEN_TYPE_FIPS_DEFAULT 2 DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx); void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx); int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, - BN_GENCB *cb); + BN_GENCB *cb); int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa); + unsigned char *sig, unsigned int *siglen, DSA *dsa); FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa); int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]); int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[], - int include_private); + int include_private); DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, - const BIGNUM *priv_key, BIGNUM *pub_key); + const BIGNUM *priv_key, BIGNUM *pub_key); int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret); int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret); int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, - int *ret); + int *ret); int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret); int ossl_dsa_check_pairwise(const DSA *dsa); int ossl_dsa_is_foreign(const DSA *dsa); --- crypto/openssl/include/crypto/dsaerr.h.orig +++ crypto/openssl/include/crypto/dsaerr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_DSAERR_H -# define OSSL_CRYPTO_DSAERR_H -# pragma once +#define OSSL_CRYPTO_DSAERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA int ossl_err_load_DSA_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/dso_conf.h.orig +++ crypto/openssl/include/crypto/dso_conf.h @@ -1,6 +1,7 @@ -/* $FreeBSD$ */ +/* clang-format off */ /* WARNING: do not edit! */ /* Generated by Makefile from include/crypto/dso_conf.h.in */ +/* clang-format on */ /* * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * @@ -11,10 +12,14 @@ */ #ifndef OSSL_CRYPTO_DSO_CONF_H -# define OSSL_CRYPTO_DSO_CONF_H -# pragma once +#define OSSL_CRYPTO_DSO_CONF_H +#pragma once +/* clang-format off */ # define DSO_DLFCN # define HAVE_DLFCN_H +/* clang-format on */ +/* clang-format off */ # define DSO_EXTENSION ".so" +/* clang-format on */ #endif --- crypto/openssl/include/crypto/dso_conf.h.in.orig +++ crypto/openssl/include/crypto/dso_conf.h.in @@ -1,4 +1,6 @@ +/* clang-format off */ {- join("\n",map { "/* $_ */" } @autowarntext) -} +/* clang-format on */ /* * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * @@ -9,9 +11,10 @@ */ #ifndef OSSL_CRYPTO_DSO_CONF_H -# define OSSL_CRYPTO_DSO_CONF_H -# pragma once +#define OSSL_CRYPTO_DSO_CONF_H +#pragma once +/* clang-format off */ {- # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform @@ -29,5 +32,8 @@ @macros = ( "DSO_DLFCN" ); } join("\n", map { "# define $_" } @macros); -} +/* clang-format on */ +/* clang-format off */ # define DSO_EXTENSION "{- platform->dsoext() -}" +/* clang-format on */ #endif --- crypto/openssl/include/crypto/ec.h.orig +++ crypto/openssl/include/crypto/ec.h @@ -10,21 +10,21 @@ /* Internal EC functions for other submodules: not for application use */ #ifndef OSSL_CRYPTO_EC_H -# define OSSL_CRYPTO_EC_H -# pragma once +#define OSSL_CRYPTO_EC_H +#pragma once -# include -# include +#include +#include int ossl_ec_curve_name2nid(const char *name); const char *ossl_ec_curve_nid2nist_int(int nid); int ossl_ec_curve_nist2nid_int(const char *name); int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc); -# ifndef OPENSSL_NO_EC -# include -# include -# include "crypto/types.h" +#ifndef OPENSSL_NO_EC +#include +#include +#include "crypto/types.h" /*- * Computes the multiplicative inverse of x in the range @@ -48,16 +48,16 @@ * implementations for better SCA properties on regular input values). */ __owur int ossl_ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, - const BIGNUM *x, BN_CTX *ctx); + const BIGNUM *x, BN_CTX *ctx); /*- * ECDH Key Derivation Function as defined in ANSI X9.63 */ int ossl_ecdh_kdf_X9_63(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md, OSSL_LIB_CTX *libctx, - const char *propq); + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md, OSSL_LIB_CTX *libctx, + const char *propq); int ossl_ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx); int ossl_ec_key_public_check_quick(const EC_KEY *eckey, BN_CTX *ctx); @@ -69,22 +69,22 @@ /* Backend support */ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[], OSSL_LIB_CTX *libctx, - const char *propq, - BN_CTX *bnctx, unsigned char **genbuf); + OSSL_PARAM params[], OSSL_LIB_CTX *libctx, + const char *propq, + BN_CTX *bnctx, unsigned char **genbuf); int ossl_ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]); int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]); int ossl_ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], - int include_private); + int include_private); int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]); int ossl_ec_key_is_foreign(const EC_KEY *ec); EC_KEY *ossl_ec_key_dup(const EC_KEY *key, int selection); int ossl_x509_algor_is_sm2(const X509_ALGOR *palg); EC_KEY *ossl_ec_key_param_from_x509_algor(const X509_ALGOR *palg, - OSSL_LIB_CTX *libctx, - const char *propq); + OSSL_LIB_CTX *libctx, + const char *propq); EC_KEY *ossl_ec_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int ossl_ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode); int ossl_ec_encoding_name2id(const char *name); @@ -96,5 +96,5 @@ char *ossl_ec_check_group_type_id2name(int flags); int ossl_ec_set_check_group_type_from_name(EC_KEY *ec, const char *name); -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ #endif --- crypto/openssl/include/crypto/ecerr.h.orig +++ crypto/openssl/include/crypto/ecerr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_ECERR_H -# define OSSL_CRYPTO_ECERR_H -# pragma once +#define OSSL_CRYPTO_ECERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC int ossl_err_load_EC_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/ecx.h.orig +++ crypto/openssl/include/crypto/ecx.h @@ -10,42 +10,41 @@ /* Internal EC functions for other submodules: not for application use */ #ifndef OSSL_CRYPTO_ECX_H -# define OSSL_CRYPTO_ECX_H -# pragma once +#define OSSL_CRYPTO_ECX_H +#pragma once -# include +#include -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC -# include -# include -# include -# include "internal/refcount.h" -# include "crypto/types.h" +#include +#include +#include +#include "internal/refcount.h" +#include "crypto/types.h" -# define X25519_KEYLEN 32 -# define X448_KEYLEN 56 -# define ED25519_KEYLEN 32 -# define ED448_KEYLEN 57 +#define X25519_KEYLEN 32 +#define X448_KEYLEN 56 +#define ED25519_KEYLEN 32 +#define ED448_KEYLEN 57 -# define MAX_KEYLEN ED448_KEYLEN +#define MAX_KEYLEN ED448_KEYLEN -# define X25519_BITS 253 -# define X25519_SECURITY_BITS 128 +#define X25519_BITS 253 +#define X25519_SECURITY_BITS 128 -# define X448_BITS 448 -# define X448_SECURITY_BITS 224 +#define X448_BITS 448 +#define X448_SECURITY_BITS 224 -# define ED25519_BITS 256 +#define ED25519_BITS 256 /* RFC8032 Section 8.5 */ -# define ED25519_SECURITY_BITS 128 -# define ED25519_SIGSIZE 64 +#define ED25519_SECURITY_BITS 128 +#define ED25519_SIGSIZE 64 -# define ED448_BITS 456 +#define ED448_BITS 456 /* RFC8032 Section 8.5 */ -# define ED448_SECURITY_BITS 224 -# define ED448_SIGSIZE 114 - +#define ED448_SECURITY_BITS 224 +#define ED448_SIGSIZE 114 typedef enum { ECX_KEY_TYPE_X25519, @@ -54,19 +53,19 @@ ECX_KEY_TYPE_ED448 } ECX_KEY_TYPE; -#define KEYTYPE2NID(type) \ - ((type) == ECX_KEY_TYPE_X25519 \ - ? EVP_PKEY_X25519 \ - : ((type) == ECX_KEY_TYPE_X448 \ - ? EVP_PKEY_X448 \ - : ((type) == ECX_KEY_TYPE_ED25519 \ - ? EVP_PKEY_ED25519 \ - : EVP_PKEY_ED448))) +#define KEYTYPE2NID(type) \ + ((type) == ECX_KEY_TYPE_X25519 \ + ? EVP_PKEY_X25519 \ + : ((type) == ECX_KEY_TYPE_X448 \ + ? EVP_PKEY_X448 \ + : ((type) == ECX_KEY_TYPE_ED25519 \ + ? EVP_PKEY_ED25519 \ + : EVP_PKEY_ED448))) struct ecx_key_st { OSSL_LIB_CTX *libctx; char *propq; - unsigned int haspubkey:1; + unsigned int haspubkey : 1; unsigned char pubkey[MAX_KEYLEN]; unsigned char *privkey; size_t keylen; @@ -77,7 +76,7 @@ size_t ossl_ecx_key_length(ECX_KEY_TYPE type); ECX_KEY *ossl_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, - int haspubkey, const char *propq); + int haspubkey, const char *propq); void ossl_ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx); unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key); void ossl_ecx_key_free(ECX_KEY *key); @@ -85,44 +84,35 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection); int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], - const uint8_t peer_public_value[32]); + const uint8_t peer_public_value[32]); void ossl_x25519_public_from_private(uint8_t out_public_value[32], - const uint8_t private_key[32]); - -int -ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], - const uint8_t private_key[32], - const char *propq); -int -ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[32], const uint8_t private_key[32], - OSSL_LIB_CTX *libctx, const char *propq); -int -ossl_ed25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[64], const uint8_t public_key[32], - OSSL_LIB_CTX *libctx, const char *propq); - -int -ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], - const uint8_t private_key[57], const char *propq); -int -ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, - size_t message_len, const uint8_t public_key[57], - const uint8_t private_key[57], const uint8_t *context, - size_t context_len, const char *propq); - -int -ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq); - -int -ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], - const uint8_t peer_public_value[56]); -void -ossl_x448_public_from_private(uint8_t out_public_value[56], - const uint8_t private_key[56]); - + const uint8_t private_key[32]); + +int ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], + const uint8_t private_key[32], + const char *propq); +int ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[32], const uint8_t private_key[32], + OSSL_LIB_CTX *libctx, const char *propq); +int ossl_ed25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[64], const uint8_t public_key[32], + OSSL_LIB_CTX *libctx, const char *propq); + +int ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], + const uint8_t private_key[57], const char *propq); +int ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, + size_t message_len, const uint8_t public_key[57], + const uint8_t private_key[57], const uint8_t *context, + size_t context_len, const char *propq); + +int ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, const char *propq); + +int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], + const uint8_t peer_public_value[56]); +void ossl_x448_public_from_private(uint8_t out_public_value[56], + const uint8_t private_key[56]); /* Backend support */ typedef enum { @@ -132,19 +122,19 @@ } ecx_key_op_t; ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg, - const unsigned char *p, int plen, - int pkey_id, ecx_key_op_t op, - OSSL_LIB_CTX *libctx, const char *propq); + const unsigned char *p, int plen, + int pkey_id, ecx_key_op_t op, + OSSL_LIB_CTX *libctx, const char *propq); int ossl_ecx_public_from_private(ECX_KEY *key); int ossl_ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], - int include_private); + int include_private); ECX_KEY *ossl_ecx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); ECX_KEY *ossl_evp_pkey_get1_X25519(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_X448(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_ED25519(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_ED448(EVP_PKEY *pkey); -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ #endif --- crypto/openssl/include/crypto/encoder.h.orig +++ crypto/openssl/include/crypto/encoder.h @@ -8,13 +8,13 @@ */ #ifndef OSSL_CRYPTO_ENCODER_H -# define OSSL_CRYPTO_ENCODER_H -# pragma once +#define OSSL_CRYPTO_ENCODER_H +#pragma once -# include +#include OSSL_ENCODER *ossl_encoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id, - const char *properties); + const char *properties); int ossl_encoder_get_number(const OSSL_ENCODER *encoder); int ossl_encoder_store_cache_flush(OSSL_LIB_CTX *libctx); int ossl_encoder_store_remove_all_provided(const OSSL_PROVIDER *prov); --- crypto/openssl/include/crypto/encodererr.h.orig +++ crypto/openssl/include/crypto/encodererr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_ENCODERERR_H -# define OSSL_CRYPTO_ENCODERERR_H -# pragma once +#define OSSL_CRYPTO_ENCODERERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_OSSL_ENCODER_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/engineerr.h.orig +++ crypto/openssl/include/crypto/engineerr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_ENGINEERR_H -# define OSSL_CRYPTO_ENGINEERR_H -# pragma once +#define OSSL_CRYPTO_ENGINEERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE int ossl_err_load_ENGINE_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/err.h.orig +++ crypto/openssl/include/crypto/err.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_CRYPTO_ERR_H -# define OSSL_CRYPTO_ERR_H -# pragma once +#define OSSL_CRYPTO_ERR_H +#pragma once int ossl_err_load_ERR_strings(void); int ossl_err_load_crypto_strings(void); --- crypto/openssl/include/crypto/ess.h.orig +++ crypto/openssl/include/crypto/ess.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_CRYPTO_ESS_H -# define OSSL_CRYPTO_ESS_H -# pragma once +#define OSSL_CRYPTO_ESS_H +#pragma once /*- * IssuerSerial ::= SEQUENCE { @@ -31,7 +31,7 @@ */ struct ESS_cert_id { - ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ ESS_ISSUER_SERIAL *issuer_serial; }; @@ -56,7 +56,7 @@ */ struct ESS_cert_id_v2_st { - X509_ALGOR *hash_alg; /* Default: SHA-256 */ + X509_ALGOR *hash_alg; /* Default: SHA-256 */ ASN1_OCTET_STRING *hash; ESS_ISSUER_SERIAL *issuer_serial; }; --- crypto/openssl/include/crypto/esserr.h.orig +++ crypto/openssl/include/crypto/esserr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_ESSERR_H -# define OSSL_CRYPTO_ESSERR_H -# pragma once +#define OSSL_CRYPTO_ESSERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_ESS_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/evp.h.orig +++ crypto/openssl/include/crypto/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,23 @@ */ #ifndef OSSL_CRYPTO_EVP_H -# define OSSL_CRYPTO_EVP_H -# pragma once +#define OSSL_CRYPTO_EVP_H +#pragma once -# include -# include -# include "internal/refcount.h" -# include "crypto/ecx.h" +#include +#include +#include "internal/refcount.h" +#include "crypto/ecx.h" /* * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag * values in evp.h */ -#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 +#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 -#define evp_pkey_ctx_is_legacy(ctx) \ +#define evp_pkey_ctx_is_legacy(ctx) \ ((ctx)->keymgmt == NULL) -#define evp_pkey_ctx_is_provided(ctx) \ +#define evp_pkey_ctx_is_provided(ctx) \ (!evp_pkey_ctx_is_legacy(ctx)) struct evp_pkey_ctx_st { @@ -90,7 +90,7 @@ struct { /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */ char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */ - void *dist_id; /* The distinguishing ID itself */ + void *dist_id; /* The distinguishing ID itself */ size_t dist_id_len; /* The length of the distinguishing ID */ /* Indicators of what has been set. Keep them together! */ @@ -120,7 +120,7 @@ /* Algorithm specific data */ void *data; /* Indicator if digest_custom needs to be called */ - unsigned int flag_call_digest_custom:1; + unsigned int flag_call_digest_custom : 1; /* * Used to support taking custody of memory in the case of a provider being * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This @@ -128,58 +128,58 @@ * when said deprecated API is excised completely. */ BIGNUM *rsa_pubexp; -} /* EVP_PKEY_CTX */ ; +} /* EVP_PKEY_CTX */; -#define EVP_PKEY_FLAG_DYNAMIC 1 +#define EVP_PKEY_FLAG_DYNAMIC 1 struct evp_pkey_method_st { int pkey_id; int flags; - int (*init) (EVP_PKEY_CTX *ctx); - int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); - void (*cleanup) (EVP_PKEY_CTX *ctx); - int (*paramgen_init) (EVP_PKEY_CTX *ctx); - int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*keygen_init) (EVP_PKEY_CTX *ctx); - int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*sign_init) (EVP_PKEY_CTX *ctx); - int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_init) (EVP_PKEY_CTX *ctx); - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_recover_init) (EVP_PKEY_CTX *ctx); - int (*verify_recover) (EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); - int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx); - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx); - int (*encrypt_init) (EVP_PKEY_CTX *ctx); - int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*decrypt_init) (EVP_PKEY_CTX *ctx); - int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*derive_init) (EVP_PKEY_CTX *ctx); - int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); - int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); - int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen); - int (*check) (EVP_PKEY *pkey); - int (*public_check) (EVP_PKEY *pkey); - int (*param_check) (EVP_PKEY *pkey); - - int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -} /* EVP_PKEY_METHOD */ ; + int (*init)(EVP_PKEY_CTX *ctx); + int (*copy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); + void (*cleanup)(EVP_PKEY_CTX *ctx); + int (*paramgen_init)(EVP_PKEY_CTX *ctx); + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + int (*keygen_init)(EVP_PKEY_CTX *ctx); + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + int (*sign_init)(EVP_PKEY_CTX *ctx); + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*verify_init)(EVP_PKEY_CTX *ctx); + int (*verify)(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + int (*verify_recover_init)(EVP_PKEY_CTX *ctx); + int (*verify_recover)(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx); + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx); + int (*encrypt_init)(EVP_PKEY_CTX *ctx); + int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + int (*decrypt_init)(EVP_PKEY_CTX *ctx); + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + int (*derive_init)(EVP_PKEY_CTX *ctx); + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value); + int (*digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*digestverify)(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + int (*check)(EVP_PKEY *pkey); + int (*public_check)(EVP_PKEY *pkey); + int (*param_check)(EVP_PKEY *pkey); + + int (*digest_custom)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +} /* EVP_PKEY_METHOD */; DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) @@ -240,9 +240,9 @@ OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params; }; -#define EVP_ORIG_DYNAMIC 0 -#define EVP_ORIG_GLOBAL 1 -#define EVP_ORIG_METH 2 +#define EVP_ORIG_DYNAMIC 0 +#define EVP_ORIG_GLOBAL 1 +#define EVP_ORIG_METH 2 struct evp_md_st { /* nid */ @@ -253,15 +253,15 @@ int md_size; unsigned long flags; int origin; - int (*init) (EVP_MD_CTX *ctx); - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); - int (*final) (EVP_MD_CTX *ctx, unsigned char *md); - int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); - int (*cleanup) (EVP_MD_CTX *ctx); + int (*init)(EVP_MD_CTX *ctx); + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); + int (*final)(EVP_MD_CTX *ctx, unsigned char *md); + int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); + int (*cleanup)(EVP_MD_CTX *ctx); int block_size; - int ctx_size; /* how big does the ctx->md_data need to be */ + int ctx_size; /* how big does the ctx->md_data need to be */ /* control function */ - int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); + int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); /* New structure members */ /* Above comment to be removed when legacy has gone */ @@ -285,7 +285,7 @@ OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params; OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params; -} /* EVP_MD */ ; +} /* EVP_MD */; struct evp_cipher_st { int nid; @@ -301,21 +301,21 @@ /* How the EVP_CIPHER was created. */ int origin; /* init key */ - int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); /* encrypt/decrypt data */ - int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); /* cleanup ctx */ - int (*cleanup) (EVP_CIPHER_CTX *); + int (*cleanup)(EVP_CIPHER_CTX *); /* how big ctx->cipher_data needs to be */ int ctx_size; /* Populate a ASN1_TYPE with parameters */ - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Miscellaneous operations */ - int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Application data */ void *app_data; @@ -341,150 +341,149 @@ OSSL_FUNC_cipher_gettable_params_fn *gettable_params; OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params; OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params; -} /* EVP_CIPHER */ ; +} /* EVP_CIPHER */; /* Macros to code block cipher wrappers */ /* Wrapper functions for each cipher mode */ #define EVP_C_DATA(kstruct, ctx) \ - ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) - -#define BLOCK_CIPHER_ecb_loop() \ - size_t i, bl; \ - bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \ - if (inl < bl) return 1;\ - inl -= bl; \ - for (i=0; i <= inl; i+=bl) - -#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - BLOCK_CIPHER_ecb_loop() \ - cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \ - return 1;\ -} + ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) + +#define BLOCK_CIPHER_ecb_loop() \ + size_t i, bl; \ + bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \ + if (inl < bl) \ + return 1; \ + inl -= bl; \ + for (i = 0; i <= inl; i += bl) + +#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ + static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ + { \ + BLOCK_CIPHER_ecb_loop() \ + cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \ + return 1; \ + } #define EVP_MAXCHUNK ((size_t)1 << 30) -#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ - static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK) {\ - int num = EVP_CIPHER_CTX_get_num(ctx);\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ - EVP_CIPHER_CTX_set_num(ctx, num);\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl) {\ - int num = EVP_CIPHER_CTX_get_num(ctx);\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ - EVP_CIPHER_CTX_set_num(ctx, num);\ - }\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK) \ - {\ - cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl)\ - cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - size_t chunk = EVP_MAXCHUNK;\ - if (cbits == 1) chunk >>= 3;\ - if (inl < chunk) chunk = inl;\ - while (inl && inl >= chunk)\ - {\ - int num = EVP_CIPHER_CTX_get_num(ctx);\ - cprefix##_cfb##cbits##_encrypt(in, out, (long) \ - ((cbits == 1) \ - && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ - ? chunk*8 : chunk), \ - &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ - &num, EVP_CIPHER_CTX_is_encrypting(ctx));\ - EVP_CIPHER_CTX_set_num(ctx, num);\ - inl -= chunk;\ - in += chunk;\ - out += chunk;\ - if (inl < chunk) chunk = inl;\ - }\ - return 1;\ -} +#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ + static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ + { \ + while (inl >= EVP_MAXCHUNK) { \ + int num = EVP_CIPHER_CTX_get_num(ctx); \ + cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, &num); \ + EVP_CIPHER_CTX_set_num(ctx, num); \ + inl -= EVP_MAXCHUNK; \ + in += EVP_MAXCHUNK; \ + out += EVP_MAXCHUNK; \ + } \ + if (inl) { \ + int num = EVP_CIPHER_CTX_get_num(ctx); \ + cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, &num); \ + EVP_CIPHER_CTX_set_num(ctx, num); \ + } \ + return 1; \ + } + +#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ + static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ + { \ + while (inl >= EVP_MAXCHUNK) { \ + cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx)); \ + inl -= EVP_MAXCHUNK; \ + in += EVP_MAXCHUNK; \ + out += EVP_MAXCHUNK; \ + } \ + if (inl) \ + cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx)); \ + return 1; \ + } + +#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ + static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ + { \ + size_t chunk = EVP_MAXCHUNK; \ + if (cbits == 1) \ + chunk >>= 3; \ + if (inl < chunk) \ + chunk = inl; \ + while (inl && inl >= chunk) { \ + int num = EVP_CIPHER_CTX_get_num(ctx); \ + cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits == 1) && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), \ + &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv, \ + &num, EVP_CIPHER_CTX_is_encrypting(ctx)); \ + EVP_CIPHER_CTX_set_num(ctx, num); \ + inl -= chunk; \ + in += chunk; \ + out += chunk; \ + if (inl < chunk) \ + chunk = inl; \ + } \ + return 1; \ + } #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ - BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ - BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) + BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ - key_len, iv_len, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -static const EVP_CIPHER cname##_##mode = { \ - nid##_##nmode, block_size, key_len, iv_len, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - init_key, \ - cname##_##mode##_cipher, \ - cleanup, \ - sizeof(kstruct), \ - set_asn1, get_asn1,\ - ctrl, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } - -#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) - -#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ - flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ - 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) - -#define BLOCK_CIPHER_defs(cname, kstruct, \ - nid, block_size, key_len, iv_len, cbits, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) + key_len, iv_len, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ + static const EVP_CIPHER cname##_##mode = { \ + nid##_##nmode, block_size, key_len, iv_len, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + init_key, \ + cname##_##mode##_cipher, \ + cleanup, \ + sizeof(kstruct), \ + set_asn1, get_asn1, \ + ctrl, \ + NULL \ + }; \ + const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } + +#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ + BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ + flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ + BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ + 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_defs(cname, kstruct, \ + nid, block_size, key_len, iv_len, cbits, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) /*- #define BLOCK_CIPHER_defs(cname, kstruct, \ @@ -548,21 +547,21 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } */ -#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ - block_size, key_len, iv_len, cbits, \ - flags, init_key, \ - cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ +#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ + block_size, key_len, iv_len, cbits, \ + flags, init_key, \ + cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ - cbits, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) + cbits, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ - BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ - BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ - NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ - cipher##_init_key, NULL, NULL, NULL, NULL) +#define IMPLEMENT_CFBR(cipher, cprefix, kstruct, ksched, keysize, cbits, iv_len, fl) \ + BLOCK_CIPHER_func_cfb(cipher##_##keysize, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_def_cfb(cipher##_##keysize, kstruct, \ + NID_##cipher##_##keysize, keysize / 8, iv_len, cbits, \ + (fl) | EVP_CIPH_FLAG_DEFAULT_ASN1, \ + cipher##_init_key, NULL, NULL, NULL, NULL) typedef struct { unsigned char iv[EVP_MAX_IV_LENGTH]; @@ -571,10 +570,10 @@ } evp_cipher_aead_asn1_params; int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *params); + evp_cipher_aead_asn1_params *params); int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *params); + evp_cipher_aead_asn1_params *params); /* * To support transparent execution of operation in backends other @@ -619,35 +618,35 @@ * * keymgmt != NULL */ -#define evp_pkey_is_blank(pk) \ +#define evp_pkey_is_blank(pk) \ ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL) -#define evp_pkey_is_typed(pk) \ +#define evp_pkey_is_typed(pk) \ ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL) #ifndef FIPS_MODULE -# define evp_pkey_is_assigned(pk) \ +#define evp_pkey_is_assigned(pk) \ ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL) #else -# define evp_pkey_is_assigned(pk) \ +#define evp_pkey_is_assigned(pk) \ ((pk)->keydata != NULL) #endif -#define evp_pkey_is_legacy(pk) \ +#define evp_pkey_is_legacy(pk) \ ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL) -#define evp_pkey_is_provided(pk) \ +#define evp_pkey_is_provided(pk) \ ((pk)->keymgmt != NULL) union legacy_pkey_st { void *ptr; - struct rsa_st *rsa; /* RSA */ -# ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -# endif -# ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -# endif -# ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ - ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ -# endif + struct rsa_st *rsa; /* RSA */ +#ifndef OPENSSL_NO_DSA + struct dsa_st *dsa; /* DSA */ +#endif +#ifndef OPENSSL_NO_DH + struct dh_st *dh; /* DH */ +#endif +#ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ + ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ +#endif }; struct evp_pkey_st { @@ -655,7 +654,7 @@ int type; int save_type; -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE /* * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD, * a pointer to a low level key and possibly a pointer to an engine. @@ -669,7 +668,7 @@ /* Union to store the reference to a non-origin legacy key */ union legacy_pkey_st legacy_cache_pkey; -# endif +#endif /* == Common attributes == */ CRYPTO_REF_COUNT references; @@ -677,7 +676,7 @@ #ifndef FIPS_MODULE STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ int save_parameters; - unsigned int foreign:1; /* the low-level key is using an engine or an app-method */ + unsigned int foreign : 1; /* the low-level key is using an engine or an app-method */ CRYPTO_EX_DATA ex_data; #endif @@ -717,46 +716,46 @@ int security_bits; int size; } cache; -} /* EVP_PKEY */ ; +} /* EVP_PKEY */; -#define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ - ((ctx)->operation == EVP_PKEY_OP_SIGN \ - || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \ - || (ctx)->operation == EVP_PKEY_OP_VERIFY \ - || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \ - || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER) +#define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_SIGN \ + || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \ + || (ctx)->operation == EVP_PKEY_OP_VERIFY \ + || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \ + || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER) #define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \ ((ctx)->operation == EVP_PKEY_OP_DERIVE) -#define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \ +#define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \ ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \ - || (ctx)->operation == EVP_PKEY_OP_DECRYPT) + || (ctx)->operation == EVP_PKEY_OP_DECRYPT) -#define EVP_PKEY_CTX_IS_GEN_OP(ctx) \ +#define EVP_PKEY_CTX_IS_GEN_OP(ctx) \ ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \ - || (ctx)->operation == EVP_PKEY_OP_KEYGEN) + || (ctx)->operation == EVP_PKEY_OP_KEYGEN) #define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \ ((ctx)->operation == EVP_PKEY_OP_FROMDATA) -#define EVP_PKEY_CTX_IS_KEM_OP(ctx) \ +#define EVP_PKEY_CTX_IS_KEM_OP(ctx) \ ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \ - || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE) + || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE) void openssl_add_all_ciphers_int(void); void openssl_add_all_digests_int(void); void evp_cleanup_int(void); void evp_app_cleanup_int(void); void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, - EVP_KEYMGMT **keymgmt, - const char *propquery); + EVP_KEYMGMT **keymgmt, + const char *propquery); #ifndef FIPS_MODULE int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); void *evp_pkey_get_legacy(EVP_PKEY *pk); void evp_pkey_free_legacy(EVP_PKEY *x); EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); #endif /* @@ -774,32 +773,32 @@ }; int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg); int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, - void *keydata); + void *keydata); EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, - OSSL_CALLBACK *export_cb, void *export_cbarg); + OSSL_CALLBACK *export_cb, void *export_cbarg); void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, - int selection); + int selection); OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt, - int selection); + EVP_KEYMGMT *keymgmt, + int selection); int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, - void *keydata, int selection); + void *keydata, int selection); void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, - int selection, const OSSL_PARAM params[]); + int selection, const OSSL_PARAM params[]); int evp_keymgmt_util_has(EVP_PKEY *pk, int selection); int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection); int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection); void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, - void *genctx, OSSL_CALLBACK *cb, void *cbarg); + void *genctx, OSSL_CALLBACK *cb, void *cbarg); int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, - void *keydata, - char *mdname, size_t mdname_sz); + void *keydata, + char *mdname, size_t mdname_sz); const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, - int op_id); + int op_id); /* * KEYMGMT provider interface functions @@ -807,71 +806,71 @@ void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt); void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, - void *keydata, OSSL_PARAM params[]); + void *keydata, OSSL_PARAM params[]); int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, - void *keydata, const OSSL_PARAM params[]); + void *keydata, const OSSL_PARAM params[]); void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, - const OSSL_PARAM params[]); + const OSSL_PARAM params[]); int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, - void *template); + void *template); int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, - const OSSL_PARAM params[]); + const OSSL_PARAM params[]); void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, - OSSL_CALLBACK *cb, void *cbarg); + OSSL_CALLBACK *cb, void *cbarg); void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt); void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, - const void *objref, size_t objref_sz); + const void *objref, size_t objref_sz); int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, int checktype); + int selection, int checktype); int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, - const void *keydata1, const void *keydata2, - int selection); + const void *keydata1, const void *keydata2, + int selection); int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, const OSSL_PARAM params[]); + int selection, const OSSL_PARAM params[]); const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, - int selection); + int selection); int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, OSSL_CALLBACK *param_cb, void *cbarg); + int selection, OSSL_CALLBACK *param_cb, void *cbarg); const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, - int selection); + int selection); void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, - const void *keydata_from, int selection); + const void *keydata_from, int selection); EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); + const char *name, + const char *properties); /* Pulling defines out of C source files */ -# define EVP_RC4_KEY_SIZE 16 -# ifndef TLS1_1_VERSION -# define TLS1_1_VERSION 0x0302 -# endif +#define EVP_RC4_KEY_SIZE 16 +#ifndef TLS1_1_VERSION +#define TLS1_1_VERSION 0x0302 +#endif void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); /* EVP_ENCODE_CTX flags */ /* Don't generate new lines when encoding */ -#define EVP_ENCODE_CTX_NO_NEWLINES 1 +#define EVP_ENCODE_CTX_NO_NEWLINES 1 /* Use the SRP base64 alphabet instead of the standard one */ -#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 +#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, - const char *name); + const char *name); const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, - const char *name); + const char *name); int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, int keylen, - unsigned char *out, - OSSL_LIB_CTX *libctx, const char *propq); + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, + unsigned char *out, + OSSL_LIB_CTX *libctx, const char *propq); -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE /* * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). * @@ -888,7 +887,7 @@ int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int evp_pkey_name2type(const char *name); const char *evp_pkey_type2name(int type); @@ -897,31 +896,31 @@ int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len); int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); -# endif /* !defined(FIPS_MODULE) */ +#endif /* !defined(FIPS_MODULE) */ int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx); int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov); int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, - int loadconfig); + int loadconfig); int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, - int loadconfig, int mirrored); + int loadconfig, int mirrored); char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest); /* Three possible states: */ -# define EVP_PKEY_STATE_UNKNOWN 0 -# define EVP_PKEY_STATE_LEGACY 1 -# define EVP_PKEY_STATE_PROVIDER 2 +#define EVP_PKEY_STATE_UNKNOWN 0 +#define EVP_PKEY_STATE_LEGACY 1 +#define EVP_PKEY_STATE_PROVIDER 2 int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx); /* These two must ONLY be called for provider side operations */ int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx, - int keytype, int optype, - int cmd, int p1, void *p2); + int keytype, int optype, + int cmd, int p1, void *p2); int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx, - const char *name, const char *value); + const char *name, const char *value); /* These two must ONLY be called for legacy operations */ int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); @@ -931,11 +930,11 @@ int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params); /* Same as the public get0 functions but are not const */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey); EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); -# endif +#endif /* Get internal identification number routines */ int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); --- crypto/openssl/include/crypto/evperr.h.orig +++ crypto/openssl/include/crypto/evperr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_EVPERR_H -# define OSSL_CRYPTO_EVPERR_H -# pragma once +#define OSSL_CRYPTO_EVPERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_EVP_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/httperr.h.orig +++ crypto/openssl/include/crypto/httperr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_HTTPERR_H -# define OSSL_CRYPTO_HTTPERR_H -# pragma once +#define OSSL_CRYPTO_HTTPERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_HTTP_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/lhash.h.orig +++ crypto/openssl/include/crypto/lhash.h @@ -8,9 +8,9 @@ */ #ifndef OSSL_CRYPTO_LHASH_H -# define OSSL_CRYPTO_LHASH_H -# pragma once +#define OSSL_CRYPTO_LHASH_H +#pragma once unsigned long ossl_lh_strcasehash(const char *); -#endif /* OSSL_CRYPTO_LHASH_H */ +#endif /* OSSL_CRYPTO_LHASH_H */ --- crypto/openssl/include/crypto/md32_common.h.orig +++ crypto/openssl/include/crypto/md32_common.h @@ -66,58 +66,58 @@ #include #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# error "DATA_ORDER must be defined!" +#error "DATA_ORDER must be defined!" #endif #ifndef HASH_CBLOCK -# error "HASH_CBLOCK must be defined!" +#error "HASH_CBLOCK must be defined!" #endif #ifndef HASH_LONG -# error "HASH_LONG must be defined!" +#error "HASH_LONG must be defined!" #endif #ifndef HASH_CTX -# error "HASH_CTX must be defined!" +#error "HASH_CTX must be defined!" #endif #ifndef HASH_UPDATE -# error "HASH_UPDATE must be defined!" +#error "HASH_UPDATE must be defined!" #endif #ifndef HASH_TRANSFORM -# error "HASH_TRANSFORM must be defined!" +#error "HASH_TRANSFORM must be defined!" #endif #ifndef HASH_FINAL -# error "HASH_FINAL must be defined!" +#error "HASH_FINAL must be defined!" #endif #ifndef HASH_BLOCK_DATA_ORDER -# error "HASH_BLOCK_DATA_ORDER must be defined!" +#error "HASH_BLOCK_DATA_ORDER must be defined!" #endif -#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +#define ROTATE(a, n) (((a) << (n)) | (((a) & 0xffffffff) >> (32 - (n)))) #if defined(DATA_ORDER_IS_BIG_ENDIAN) -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++))) ) ) -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff), \ - l) +#define HOST_c2l(c, l) (l = (((unsigned long)(*((c)++))) << 24), \ + l |= (((unsigned long)(*((c)++))) << 16), \ + l |= (((unsigned long)(*((c)++))) << 8), \ + l |= (((unsigned long)(*((c)++))))) +#define HOST_l2c(l, c) (*((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff), \ + l) #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24) ) -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - l) +#define HOST_c2l(c, l) (l = (((unsigned long)(*((c)++)))), \ + l |= (((unsigned long)(*((c)++))) << 8), \ + l |= (((unsigned long)(*((c)++))) << 16), \ + l |= (((unsigned long)(*((c)++))) << 24)) +#define HOST_l2c(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + l) #endif @@ -135,11 +135,11 @@ if (len == 0) return 1; - l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; - if (l < c->Nl) /* overflow */ + l = (c->Nl + (((HASH_LONG)len) << 3)) & 0xffffffffUL; + if (l < c->Nl) /* overflow */ c->Nh++; - c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on - * 16-bit */ + c->Nh += (HASH_LONG)(len >> 29); /* might cause compiler warning on + * 16-bit */ c->Nl = l; n = c->num; @@ -193,7 +193,7 @@ unsigned char *p = (unsigned char *)c->data; size_t n = c->num; - p[n] = 0x80; /* there is always room for one */ + p[n] = 0x80; /* there is always room for one */ n++; if (n > (HASH_CBLOCK - 8)) { @@ -204,7 +204,7 @@ memset(p + n, 0, HASH_CBLOCK - 8 - n); p += HASH_CBLOCK - 8; -#if defined(DATA_ORDER_IS_BIG_ENDIAN) +#if defined(DATA_ORDER_IS_BIG_ENDIAN) (void)HOST_l2c(c->Nh, p); (void)HOST_l2c(c->Nl, p); #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) @@ -217,7 +217,7 @@ OPENSSL_cleanse(p, HASH_CBLOCK); #ifndef HASH_MAKE_STRING -# error "HASH_MAKE_STRING must be defined!" +#error "HASH_MAKE_STRING must be defined!" #else HASH_MAKE_STRING(c, md); #endif @@ -226,8 +226,8 @@ } #ifndef MD32_REG_T -# if defined(__alpha) || defined(__sparcv9) || defined(__mips) -# define MD32_REG_T long +#if defined(__alpha) || defined(__sparcv9) || defined(__mips) +#define MD32_REG_T long /* * This comment was originally written for MD5, which is why it * discusses A-D. But it basically applies to all 32-bit digests, @@ -244,13 +244,13 @@ * Well, to be honest it should say that this *prevents* * performance degradation. */ -# else +#else /* * Above is not absolute and there are LP64 compilers that * generate better code if MD32_REG_T is defined int. The above * pre-processor condition reflects the circumstances under which * the conclusion was made and is subject to further extension. */ -# define MD32_REG_T int -# endif +#define MD32_REG_T int +#endif #endif --- crypto/openssl/include/crypto/modes.h.orig +++ crypto/openssl/include/crypto/modes.h @@ -13,15 +13,15 @@ #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) typedef __int64 i64; typedef unsigned __int64 u64; -# define U64(C) C##UI64 +#define U64(C) C##UI64 #elif defined(__arch64__) typedef long i64; typedef unsigned long u64; -# define U64(C) C##UL +#define U64(C) C##UL #else typedef long long i64; typedef unsigned long long u64; -# define U64(C) C##ULL +#define U64(C) C##ULL #endif typedef unsigned int u32; @@ -29,79 +29,74 @@ #define STRICT_ALIGNMENT 1 #ifndef PEDANTIC -# if defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__aarch64__) || \ - defined(__s390__) || defined(__s390x__) -# undef STRICT_ALIGNMENT -# endif +#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || defined(__aarch64__) || defined(__s390__) || defined(__s390x__) +#undef STRICT_ALIGNMENT +#endif #endif #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__GNUC__) && __GNUC__>=2 -# if defined(__x86_64) || defined(__x86_64__) -# define BSWAP8(x) ({ u64 ret_=(x); \ +#if defined(__GNUC__) && __GNUC__ >= 2 +#if defined(__x86_64) || defined(__x86_64__) +#define BSWAP8(x) ({ u64 ret_=(x); \ asm ("bswapq %0" \ - : "+r"(ret_)); ret_; }) -# define BSWAP4(x) ({ u32 ret_=(x); \ + : "+r"(ret_)); ret_; }) +#define BSWAP4(x) ({ u32 ret_=(x); \ asm ("bswapl %0" \ - : "+r"(ret_)); ret_; }) -# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) -# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ + : "+r"(ret_)); ret_; }) +#elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) +#define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ asm ("bswapl %0; bswapl %1" \ : "+r"(hi_),"+r"(lo_)); \ - (u64)hi_<<32|lo_; }) -# define BSWAP4(x) ({ u32 ret_=(x); \ + (u64)hi_<<32|lo_; }) +#define BSWAP4(x) ({ u32 ret_=(x); \ asm ("bswapl %0" \ - : "+r"(ret_)); ret_; }) -# elif defined(__aarch64__) -# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ - __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -# define BSWAP8(x) ({ u64 ret_; \ + : "+r"(ret_)); ret_; }) +#elif defined(__aarch64__) +#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define BSWAP8(x) ({ u64 ret_; \ asm ("rev %0,%1" \ - : "=r"(ret_) : "r"(x)); ret_; }) -# define BSWAP4(x) ({ u32 ret_; \ + : "=r"(ret_) : "r"(x)); ret_; }) +#define BSWAP4(x) ({ u32 ret_; \ asm ("rev %w0,%w1" \ - : "=r"(ret_) : "r"(x)); ret_; }) -# endif -# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) -# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ + : "=r"(ret_) : "r"(x)); ret_; }) +#endif +#elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) +#define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ asm ("rev %0,%0; rev %1,%1" \ : "+r"(hi_),"+r"(lo_)); \ - (u64)hi_<<32|lo_; }) -# define BSWAP4(x) ({ u32 ret_; \ + (u64)hi_<<32|lo_; }) +#define BSWAP4(x) ({ u32 ret_; \ asm ("rev %0,%1" \ : "=r"(ret_) : "r"((u32)(x))); \ - ret_; }) -# endif -# elif defined(_MSC_VER) -# if _MSC_VER>=1300 -# include -# pragma intrinsic(_byteswap_uint64,_byteswap_ulong) -# define BSWAP8(x) _byteswap_uint64((u64)(x)) -# define BSWAP4(x) _byteswap_ulong((u32)(x)) -# elif defined(_M_IX86) -__inline u32 _bswap4(u32 val) -{ -_asm mov eax, val _asm bswap eax} -# define BSWAP4(x) _bswap4(x) -# endif -# endif + ret_; }) +#endif +#elif defined(_MSC_VER) +#if _MSC_VER >= 1300 +#include +#pragma intrinsic(_byteswap_uint64, _byteswap_ulong) +#define BSWAP8(x) _byteswap_uint64((u64)(x)) +#define BSWAP4(x) _byteswap_ulong((u32)(x)) +#elif defined(_M_IX86) +__inline u32 _bswap4(u32 val) { + _asm mov eax, val _asm bswap eax +} +#define BSWAP4(x) _bswap4(x) +#endif +#endif #endif #if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +#define GETU32(p) BSWAP4(*(const u32 *)(p)) +#define PUTU32(p, v) *(u32 *)(p) = BSWAP4(v) #else -# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) -# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) +#define GETU32(p) ((u32)(p)[0] << 24 | (u32)(p)[1] << 16 | (u32)(p)[2] << 8 | (u32)(p)[3]) +#define PUTU32(p, v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) #endif /*- GCM definitions */ typedef struct { u64 hi, lo; } u128; -#ifdef TABLE_BITS -# undef TABLE_BITS +#ifdef TABLE_BITS +#undef TABLE_BITS #endif /* * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should @@ -121,13 +116,13 @@ * Relative position of Xi, H and pre-computed Htable is used in some * assembler modules, i.e. don't change the order! */ -#if TABLE_BITS==8 +#if TABLE_BITS == 8 u128 Htable[256]; #else u128 Htable[16]; - void (*gmult) (u64 Xi[2], const u128 Htable[16]); - void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); + void (*gmult)(u64 Xi[2], const u128 Htable[16]); + void (*ghash)(u64 Xi[2], const u128 Htable[16], const u8 *inp, + size_t len); #endif unsigned int mres, ares; block128_f block; @@ -141,7 +136,7 @@ * The maximum permitted number of cipher blocks per data unit in XTS mode. * Reference IEEE Std 1619-2018. */ -#define XTS_MAX_BLOCKS_PER_DATA_UNIT (1<<20) +#define XTS_MAX_BLOCKS_PER_DATA_UNIT (1 << 20) struct xts128_context { void *key1, *key2; @@ -164,15 +159,15 @@ u64 a[2]; unsigned char c[16]; } OCB_BLOCK; -# define ocb_block16_xor(in1,in2,out) \ - ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ - (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) -# if STRICT_ALIGNMENT -# define ocb_block16_xor_misaligned(in1,in2,out) \ - ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) -# else -# define ocb_block16_xor_misaligned ocb_block16_xor -# endif +#define ocb_block16_xor(in1, in2, out) \ + ((out)->a[0] = (in1)->a[0] ^ (in2)->a[0], \ + (out)->a[1] = (in1)->a[1] ^ (in2)->a[1]) +#if STRICT_ALIGNMENT +#define ocb_block16_xor_misaligned(in1, in2, out) \ + ocb_block_xor((in1)->c, (in2)->c, 16, (out)->c) +#else +#define ocb_block16_xor_misaligned ocb_block16_xor +#endif struct ocb128_context { /* Need both encrypt and decrypt key schedules for decryption */ @@ -180,7 +175,7 @@ block128_f decrypt; void *keyenc; void *keydec; - ocb128_f stream; /* direction dependent */ + ocb128_f stream; /* direction dependent */ /* Key dependent variables. Can be reused if key remains the same */ size_t l_index; size_t max_l_index; @@ -197,14 +192,14 @@ OCB_BLOCK checksum; } sess; }; -#endif /* OPENSSL_NO_OCB */ +#endif /* OPENSSL_NO_OCB */ #ifndef OPENSSL_NO_SIV #define SIV_LEN 16 typedef union siv_block_u { - uint64_t word[SIV_LEN/sizeof(uint64_t)]; + uint64_t word[SIV_LEN / sizeof(uint64_t)]; unsigned char byte[SIV_LEN]; } SIV_BLOCK; --- crypto/openssl/include/crypto/objectserr.h.orig +++ crypto/openssl/include/crypto/objectserr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_OBJECTSERR_H -# define OSSL_CRYPTO_OBJECTSERR_H -# pragma once +#define OSSL_CRYPTO_OBJECTSERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_OBJ_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/ocsperr.h.orig +++ crypto/openssl/include/crypto/ocsperr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_OCSPERR_H -# define OSSL_CRYPTO_OCSPERR_H -# pragma once +#define OSSL_CRYPTO_OCSPERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP int ossl_err_load_OCSP_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/pem.h.orig +++ crypto/openssl/include/crypto/pem.h @@ -8,44 +8,44 @@ */ #ifndef OSSL_INTERNAL_PEM_H -# define OSSL_INTERNAL_PEM_H -# pragma once +#define OSSL_INTERNAL_PEM_H +#pragma once -# include -# include "crypto/types.h" +#include +#include "crypto/types.h" /* Found in crypto/pem/pvkfmt.c */ /* Maximum length of a blob after header */ -# define BLOB_MAX_LENGTH 102400 +#define BLOB_MAX_LENGTH 102400 int ossl_do_blob_header(const unsigned char **in, unsigned int length, - unsigned int *pmagic, unsigned int *pbitlen, - int *pisdss, int *pispub); + unsigned int *pmagic, unsigned int *pbitlen, + int *pisdss, int *pispub); unsigned int ossl_blob_length(unsigned bitlen, int isdss, int ispub); int ossl_do_PVK_header(const unsigned char **in, unsigned int length, - int skip_magic, - unsigned int *psaltlen, unsigned int *pkeylen); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA + int skip_magic, + unsigned int *psaltlen, unsigned int *pkeylen); +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA DSA *ossl_b2i_DSA_after_header(const unsigned char **in, unsigned int bitlen, - int ispub); -# endif + int ispub); +#endif RSA *ossl_b2i_RSA_after_header(const unsigned char **in, unsigned int bitlen, - int ispub); -# endif + int ispub); +#endif EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int length, int *ispub); EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u); DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq); -# endif + OSSL_LIB_CTX *libctx, const char *propq); +#endif RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u); RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq); -# endif + OSSL_LIB_CTX *libctx, const char *propq); +#endif #endif --- crypto/openssl/include/crypto/pemerr.h.orig +++ crypto/openssl/include/crypto/pemerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_PEMERR_H -# define OSSL_CRYPTO_PEMERR_H -# pragma once +#define OSSL_CRYPTO_PEMERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_PEM_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/pkcs12err.h.orig +++ crypto/openssl/include/crypto/pkcs12err.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_PKCS12ERR_H -# define OSSL_CRYPTO_PKCS12ERR_H -# pragma once +#define OSSL_CRYPTO_PKCS12ERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_PKCS12_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/pkcs7.h.orig +++ crypto/openssl/include/crypto/pkcs7.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_CRYPTO_PKCS7_H -# define OSSL_CRYPTO_PKCS7_H -# pragma once +#define OSSL_CRYPTO_PKCS7_H +#pragma once void ossl_pkcs7_resolve_libctx(PKCS7 *p7); --- crypto/openssl/include/crypto/pkcs7err.h.orig +++ crypto/openssl/include/crypto/pkcs7err.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_PKCS7ERR_H -# define OSSL_CRYPTO_PKCS7ERR_H -# pragma once +#define OSSL_CRYPTO_PKCS7ERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_PKCS7_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/poly1305.h.orig +++ crypto/openssl/include/crypto/poly1305.h @@ -8,27 +8,27 @@ */ #ifndef OSSL_CRYPTO_POLY1305_H -# define OSSL_CRYPTO_POLY1305_H -# pragma once +#define OSSL_CRYPTO_POLY1305_H +#pragma once #include -#define POLY1305_BLOCK_SIZE 16 +#define POLY1305_BLOCK_SIZE 16 #define POLY1305_DIGEST_SIZE 16 -#define POLY1305_KEY_SIZE 32 +#define POLY1305_KEY_SIZE 32 typedef struct poly1305_context POLY1305; -typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp, - size_t len, unsigned int padbit); -typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); +typedef void (*poly1305_blocks_f)(void *ctx, const unsigned char *inp, + size_t len, unsigned int padbit); +typedef void (*poly1305_emit_f)(void *ctx, unsigned char mac[16], + const unsigned int nonce[4]); struct poly1305_context { - double opaque[24]; /* large enough to hold internal state, declared - * 'double' to ensure at least 64-bit invariant - * alignment across all platforms and - * configurations */ + double opaque[24]; /* large enough to hold internal state, declared + * 'double' to ensure at least 64-bit invariant + * alignment across all platforms and + * configurations */ unsigned int nonce[4]; unsigned char data[POLY1305_BLOCK_SIZE]; size_t num; --- crypto/openssl/include/crypto/ppc_arch.h.orig +++ crypto/openssl/include/crypto/ppc_arch.h @@ -8,7 +8,7 @@ */ #ifndef OSSL_CRYPTO_PPC_ARCH_H -# define OSSL_CRYPTO_PPC_ARCH_H +#define OSSL_CRYPTO_PPC_ARCH_H extern unsigned int OPENSSL_ppccap_P; @@ -17,12 +17,12 @@ * to reflect OpenSSL performance preferences than actual processor * capabilities. */ -# define PPC_FPU64 (1<<0) -# define PPC_ALTIVEC (1<<1) -# define PPC_CRYPTO207 (1<<2) -# define PPC_FPU (1<<3) -# define PPC_MADD300 (1<<4) -# define PPC_MFTB (1<<5) -# define PPC_MFSPR268 (1<<6) +#define PPC_FPU64 (1 << 0) +#define PPC_ALTIVEC (1 << 1) +#define PPC_CRYPTO207 (1 << 2) +#define PPC_FPU (1 << 3) +#define PPC_MADD300 (1 << 4) +#define PPC_MFTB (1 << 5) +#define PPC_MFSPR268 (1 << 6) #endif --- crypto/openssl/include/crypto/punycode.h.orig +++ crypto/openssl/include/crypto/punycode.h @@ -8,15 +8,14 @@ */ #ifndef OSSL_CRYPTO_PUNYCODE_H -# define OSSL_CRYPTO_PUNYCODE_H -# pragma once +#define OSSL_CRYPTO_PUNYCODE_H +#pragma once -int ossl_punycode_decode ( +int ossl_punycode_decode( const char *pEncoded, const size_t enc_len, unsigned int *pDecoded, - unsigned int *pout_length -); + unsigned int *pout_length); int ossl_a2ulabel(const char *in, char *out, size_t *outlen); --- crypto/openssl/include/crypto/rand.h.orig +++ crypto/openssl/include/crypto/rand.h @@ -16,21 +16,20 @@ */ #ifndef OSSL_CRYPTO_RAND_H -# define OSSL_CRYPTO_RAND_H -# pragma once +#define OSSL_CRYPTO_RAND_H +#pragma once -# include -# include "crypto/rand_pool.h" +#include +#include "crypto/rand_pool.h" -# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) -# include -# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \ - (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) -# define OPENSSL_APPLE_CRYPTO_RANDOM 1 -# include -# include -# endif -# endif +#if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) +#include +#if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) +#define OPENSSL_APPLE_CRYPTO_RANDOM 1 +#include +#include +#endif +#endif /* * Defines related to seed sources @@ -40,36 +39,36 @@ * set this to a comma-separated list of 'random' device files to try out. By * default, we will try to read at least one of these files */ -# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" -# if defined(__linux) && !defined(__ANDROID__) -# ifndef DEVRANDOM_WAIT -# define DEVRANDOM_WAIT "/dev/random" -# endif +#define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" +#if defined(__linux) && !defined(__ANDROID__) +#ifndef DEVRANDOM_WAIT +#define DEVRANDOM_WAIT "/dev/random" +#endif /* * Linux kernels 4.8 and later changes how their random device works and there * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2) * should be used instead. */ -# ifndef DEVRANDOM_SAFE_KERNEL -# define DEVRANDOM_SAFE_KERNEL 4, 8 -# endif +#ifndef DEVRANDOM_SAFE_KERNEL +#define DEVRANDOM_SAFE_KERNEL 4, 8 +#endif /* * Some operating systems do not permit select(2) on their random devices, * defining this to zero will force the use of read(2) to extract one byte * from /dev/random. */ -# ifndef DEVRANDM_WAIT_USE_SELECT -# define DEVRANDM_WAIT_USE_SELECT 1 -# endif +#ifndef DEVRANDM_WAIT_USE_SELECT +#define DEVRANDM_WAIT_USE_SELECT 1 +#endif /* * Define the shared memory identifier used to indicate if the operating * system has properly seeded the DEVRANDOM source. */ -# ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID -# define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114 -# endif +#ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID +#define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114 +#endif -# endif +#endif #endif #if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) @@ -78,7 +77,7 @@ * sockets will be tried in the order listed in case accessing the device * files listed in DEVRANDOM did not return enough randomness. */ -# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" +#define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" #endif void ossl_rand_cleanup_int(void); @@ -109,15 +108,15 @@ * Get and cleanup random seed material. */ size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, int entropy, - size_t min_len, size_t max_len); + unsigned char **pout, int entropy, + size_t min_len, size_t max_len); void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len); + unsigned char *buf, size_t len); size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, size_t min_len, size_t max_len, - const void *salt, size_t salt_len); + unsigned char **pout, size_t min_len, size_t max_len, + const void *salt, size_t salt_len); void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len); + unsigned char *buf, size_t len); /* * Get seeding material from the operating system sources. --- crypto/openssl/include/crypto/rand_pool.h.orig +++ crypto/openssl/include/crypto/rand_pool.h @@ -8,11 +8,11 @@ */ #ifndef OSSL_PROVIDER_RAND_POOL_H -# define OSSL_PROVIDER_RAND_POOL_H -# pragma once +#define OSSL_PROVIDER_RAND_POOL_H +#pragma once -# include -# include +#include +#include /* * Maximum allocation size for RANDOM_POOL buffers @@ -32,9 +32,8 @@ * The factor 1.5 below is the pessimistic estimate for the extra amount * of entropy required when no get_nonce() callback is defined. */ -# define RAND_POOL_FACTOR 256 -# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \ - 3 * (RAND_DRBG_STRENGTH / 16)) +#define RAND_POOL_FACTOR 256 +#define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * 3 * (RAND_DRBG_STRENGTH / 16)) /* * = (RAND_POOL_FACTOR * \ * 1.5 * (RAND_DRBG_STRENGTH / 8)) @@ -57,7 +56,7 @@ * with 40 bytes. The value of forty eight is comfortably above this which * allows some slack in the platform specific values used. */ -# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48) +#define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48) /* * The 'random pool' acts as a dumb container for collecting random @@ -69,11 +68,11 @@ * lifetime is intended to be restricted to a single stack frame. */ typedef struct rand_pool_st { - unsigned char *buffer; /* points to the beginning of the random pool */ + unsigned char *buffer; /* points to the beginning of the random pool */ size_t len; /* current number of random bytes contained in the pool */ - int attached; /* true pool was attached to existing buffer */ - int secure; /* 1: allocated on the secure heap, 0: otherwise */ + int attached; /* true pool was attached to existing buffer */ + int secure; /* 1: allocated on the secure heap, 0: otherwise */ size_t min_len; /* minimum number of random bytes requested */ size_t max_len; /* maximum number of random bytes (allocated buffer size) */ @@ -83,9 +82,9 @@ } RAND_POOL; RAND_POOL *ossl_rand_pool_new(int entropy_requested, int secure, - size_t min_len, size_t max_len); + size_t min_len, size_t max_len); RAND_POOL *ossl_rand_pool_attach(const unsigned char *buffer, size_t len, - size_t entropy); + size_t entropy); void ossl_rand_pool_free(RAND_POOL *pool); const unsigned char *ossl_rand_pool_buffer(RAND_POOL *pool); @@ -102,7 +101,7 @@ size_t ossl_rand_pool_bytes_remaining(RAND_POOL *pool); int ossl_rand_pool_add(RAND_POOL *pool, - const unsigned char *buffer, size_t len, size_t entropy); + const unsigned char *buffer, size_t len, size_t entropy); unsigned char *ossl_rand_pool_add_begin(RAND_POOL *pool, size_t len); int ossl_rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); --- crypto/openssl/include/crypto/randerr.h.orig +++ crypto/openssl/include/crypto/randerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_RANDERR_H -# define OSSL_CRYPTO_RANDERR_H -# pragma once +#define OSSL_CRYPTO_RANDERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_RAND_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/rsa.h.orig +++ crypto/openssl/include/crypto/rsa.h @@ -8,19 +8,19 @@ */ #ifndef OSSL_INTERNAL_RSA_H -# define OSSL_INTERNAL_RSA_H -# pragma once +#define OSSL_INTERNAL_RSA_H +#pragma once -# include -# include -# include "crypto/types.h" +#include +#include +#include "crypto/types.h" -#define RSA_MIN_MODULUS_BITS 512 +#define RSA_MIN_MODULUS_BITS 512 typedef struct rsa_pss_params_30_st { int hash_algorithm_nid; struct { - int algorithm_nid; /* Currently always NID_mgf1 */ + int algorithm_nid; /* Currently always NID_mgf1 */ int hash_algorithm_nid; } mask_gen; int salt_len; @@ -30,18 +30,18 @@ RSA_PSS_PARAMS_30 *ossl_rsa_get0_pss_params_30(RSA *r); int ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params); int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, - const RSA_PSS_PARAMS_30 *from); + const RSA_PSS_PARAMS_30 *from); int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params); int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int hashalg_nid); + int hashalg_nid); int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int maskgenalg_nid); + int maskgenalg_nid); int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int maskgenhashalg_nid); + int maskgenhashalg_nid); int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, - int saltlen); + int saltlen); int ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params, - int trailerfield); + int trailerfield); int ossl_rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); int ossl_rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); int ossl_rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); @@ -57,52 +57,52 @@ void ossl_rsa_set0_libctx(RSA *r, OSSL_LIB_CTX *libctx); int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, - const STACK_OF(BIGNUM) *exps, - const STACK_OF(BIGNUM) *coeffs); + const STACK_OF(BIGNUM) *exps, + const STACK_OF(BIGNUM) *coeffs); int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, - STACK_OF(BIGNUM_const) *exps, - STACK_OF(BIGNUM_const) *coeffs); + STACK_OF(BIGNUM_const) *exps, + STACK_OF(BIGNUM_const) *coeffs); int ossl_rsa_is_foreign(const RSA *rsa); RSA *ossl_rsa_dup(const RSA *rsa, int selection); int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], - int include_private); + int include_private); int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private); int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, - OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); + OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, - int *defaults_set, - const OSSL_PARAM params[], - OSSL_LIB_CTX *libctx); + int *defaults_set, + const OSSL_PARAM params[], + OSSL_LIB_CTX *libctx); int ossl_rsa_set0_pss_params(RSA *r, RSA_PSS_PARAMS *pss); int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss, - const EVP_MD **pmd, const EVP_MD **pmgf1md, - int *psaltlen, int *ptrailerField); + const EVP_MD **pmd, const EVP_MD **pmgf1md, + int *psaltlen, int *ptrailerField); RSA_PSS_PARAMS *ossl_rsa_pss_decode(const X509_ALGOR *alg); int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg); RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, - size_t tlen, - const unsigned char *from, - size_t flen, int client_version, - int alt_version); + size_t tlen, + const unsigned char *from, + size_t flen, int client_version, + int alt_version); int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, - unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, - int plen, const EVP_MD *md, - const EVP_MD *mgf1md); + unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); int ossl_rsa_validate_public(const RSA *key); int ossl_rsa_validate_private(const RSA *key); int ossl_rsa_validate_pairwise(const RSA *key); int ossl_rsa_verify(int dtype, const unsigned char *m, - unsigned int m_len, unsigned char *rm, - size_t *prm_len, const unsigned char *sigbuf, - size_t siglen, RSA *rsa); + unsigned int m_len, unsigned char *rm, + size_t *prm_len, const unsigned char *sigbuf, + size_t siglen, RSA *rsa); const unsigned char *ossl_rsa_digestinfo_encoding(int md_nid, size_t *len); @@ -112,9 +112,9 @@ ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx); int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, - const X509_ALGOR *sigalg, EVP_PKEY *pkey); + const X509_ALGOR *sigalg, EVP_PKEY *pkey); -# if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]); void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst); @@ -122,9 +122,9 @@ int ossl_rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]); typedef struct rsa_acvp_test_st RSA_ACVP_TEST; void ossl_rsa_acvp_test_free(RSA_ACVP_TEST *t); -# else -# define RSA_ACVP_TEST void -# endif +#else +#define RSA_ACVP_TEST void +#endif RSA *evp_pkey_get1_RSA_PSS(EVP_PKEY *pkey); #endif --- crypto/openssl/include/crypto/rsaerr.h.orig +++ crypto/openssl/include/crypto/rsaerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_RSAERR_H -# define OSSL_CRYPTO_RSAERR_H -# pragma once +#define OSSL_CRYPTO_RSAERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_RSA_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/security_bits.h.orig +++ crypto/openssl/include/crypto/security_bits.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_SECURITY_BITS_H -# define OSSL_SECURITY_BITS_H -# pragma once +#define OSSL_SECURITY_BITS_H +#pragma once uint16_t ossl_ifc_ffc_compute_security_bits(int n); --- crypto/openssl/include/crypto/sha.h.orig +++ crypto/openssl/include/crypto/sha.h @@ -9,10 +9,10 @@ */ #ifndef OSSL_CRYPTO_SHA_H -# define OSSL_CRYPTO_SHA_H -# pragma once +#define OSSL_CRYPTO_SHA_H +#pragma once -# include +#include int sha512_224_init(SHA512_CTX *); int sha512_256_init(SHA512_CTX *); --- crypto/openssl/include/crypto/siphash.h.orig +++ crypto/openssl/include/crypto/siphash.h @@ -8,15 +8,15 @@ */ #ifndef OSSL_CRYPTO_SIPHASH_H -# define OSSL_CRYPTO_SIPHASH_H -# pragma once +#define OSSL_CRYPTO_SIPHASH_H +#pragma once -# include +#include -# define SIPHASH_BLOCK_SIZE 8 -# define SIPHASH_KEY_SIZE 16 -# define SIPHASH_MIN_DIGEST_SIZE 8 -# define SIPHASH_MAX_DIGEST_SIZE 16 +#define SIPHASH_BLOCK_SIZE 8 +#define SIPHASH_KEY_SIZE 16 +#define SIPHASH_MIN_DIGEST_SIZE 8 +#define SIPHASH_MAX_DIGEST_SIZE 16 typedef struct siphash_st SIPHASH; @@ -24,7 +24,7 @@ size_t SipHash_hash_size(SIPHASH *ctx); int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size); int SipHash_Init(SIPHASH *ctx, const unsigned char *k, - int crounds, int drounds); + int crounds, int drounds); void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen); int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen); @@ -44,7 +44,7 @@ }; /* default: SipHash-2-4 */ -# define SIPHASH_C_ROUNDS 2 -# define SIPHASH_D_ROUNDS 4 +#define SIPHASH_C_ROUNDS 2 +#define SIPHASH_D_ROUNDS 4 #endif --- crypto/openssl/include/crypto/siv.h.orig +++ crypto/openssl/include/crypto/siv.h @@ -12,20 +12,20 @@ typedef struct siv128_context SIV128_CONTEXT; SIV128_CONTEXT *ossl_siv128_new(const unsigned char *key, int klen, - EVP_CIPHER *cbc, EVP_CIPHER *ctr, - OSSL_LIB_CTX *libctx, const char *propq); + EVP_CIPHER *cbc, EVP_CIPHER *ctr, + OSSL_LIB_CTX *libctx, const char *propq); int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, - const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, - OSSL_LIB_CTX *libctx, const char *propq); + const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, + OSSL_LIB_CTX *libctx, const char *propq); int ossl_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src); int ossl_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, size_t len); int ossl_siv128_encrypt(SIV128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, size_t len); + const unsigned char *in, unsigned char *out, size_t len); int ossl_siv128_decrypt(SIV128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, size_t len); + const unsigned char *in, unsigned char *out, size_t len); int ossl_siv128_finish(SIV128_CONTEXT *ctx); int ossl_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, - size_t len); + size_t len); int ossl_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len); int ossl_siv128_cleanup(SIV128_CONTEXT *ctx); int ossl_siv128_speed(SIV128_CONTEXT *ctx, int arg); --- crypto/openssl/include/crypto/sm2.h.orig +++ crypto/openssl/include/crypto/sm2.h @@ -10,77 +10,77 @@ */ #ifndef OSSL_CRYPTO_SM2_H -# define OSSL_CRYPTO_SM2_H -# pragma once +#define OSSL_CRYPTO_SM2_H +#pragma once -# include +#include -# if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) +#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) -# include -# include "crypto/types.h" +#include +#include "crypto/types.h" int ossl_sm2_key_private_check(const EC_KEY *eckey); /* The default user id as specified in GM/T 0009-2012 */ -# define SM2_DEFAULT_USERID "1234567812345678" +#define SM2_DEFAULT_USERID "1234567812345678" int ossl_sm2_compute_z_digest(uint8_t *out, - const EVP_MD *digest, - const uint8_t *id, - const size_t id_len, - const EC_KEY *key); + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const EC_KEY *key); /* * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2 */ ECDSA_SIG *ossl_sm2_do_sign(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len); + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len); int ossl_sm2_do_verify(const EC_KEY *key, - const EVP_MD *digest, - const ECDSA_SIG *signature, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len); + const EVP_MD *digest, + const ECDSA_SIG *signature, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len); /* * SM2 signature generation. */ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, - EC_KEY *eckey); + unsigned char *sig, unsigned int *siglen, + EC_KEY *eckey); /* * SM2 signature verification. */ int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int siglen, - EC_KEY *eckey); + const unsigned char *sig, int siglen, + EC_KEY *eckey); /* * SM2 encryption */ int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, - size_t msg_len, size_t *ct_size); + size_t msg_len, size_t *ct_size); int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, - size_t *pt_size); + size_t *pt_size); int ossl_sm2_encrypt(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *msg, size_t msg_len, - uint8_t *ciphertext_buf, size_t *ciphertext_len); + const EVP_MD *digest, + const uint8_t *msg, size_t msg_len, + uint8_t *ciphertext_buf, size_t *ciphertext_len); int ossl_sm2_decrypt(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *ciphertext, size_t ciphertext_len, - uint8_t *ptext_buf, size_t *ptext_len); + const EVP_MD *digest, + const uint8_t *ciphertext, size_t ciphertext_len, + uint8_t *ptext_buf, size_t *ptext_len); const unsigned char *ossl_sm2_algorithmidentifier_encoding(int md_nid, - size_t *len); -# endif /* OPENSSL_NO_SM2 */ + size_t *len); +#endif /* OPENSSL_NO_SM2 */ #endif --- crypto/openssl/include/crypto/sm2err.h.orig +++ crypto/openssl/include/crypto/sm2err.h @@ -9,41 +9,41 @@ */ #ifndef OSSL_CRYPTO_SM2ERR_H -# define OSSL_CRYPTO_SM2ERR_H -# pragma once +#define OSSL_CRYPTO_SM2ERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 int ossl_err_load_SM2_strings(void); /* * SM2 reason codes. */ -# define SM2_R_ASN1_ERROR 100 -# define SM2_R_BAD_SIGNATURE 101 -# define SM2_R_BUFFER_TOO_SMALL 107 -# define SM2_R_DIST_ID_TOO_LARGE 110 -# define SM2_R_ID_NOT_SET 112 -# define SM2_R_ID_TOO_LARGE 111 -# define SM2_R_INVALID_CURVE 108 -# define SM2_R_INVALID_DIGEST 102 -# define SM2_R_INVALID_DIGEST_TYPE 103 -# define SM2_R_INVALID_ENCODING 104 -# define SM2_R_INVALID_FIELD 105 -# define SM2_R_INVALID_PRIVATE_KEY 113 -# define SM2_R_NO_PARAMETERS_SET 109 -# define SM2_R_USER_ID_TOO_LARGE 106 - -# endif - -# ifdef __cplusplus +#define SM2_R_ASN1_ERROR 100 +#define SM2_R_BAD_SIGNATURE 101 +#define SM2_R_BUFFER_TOO_SMALL 107 +#define SM2_R_DIST_ID_TOO_LARGE 110 +#define SM2_R_ID_NOT_SET 112 +#define SM2_R_ID_TOO_LARGE 111 +#define SM2_R_INVALID_CURVE 108 +#define SM2_R_INVALID_DIGEST 102 +#define SM2_R_INVALID_DIGEST_TYPE 103 +#define SM2_R_INVALID_ENCODING 104 +#define SM2_R_INVALID_FIELD 105 +#define SM2_R_INVALID_PRIVATE_KEY 113 +#define SM2_R_NO_PARAMETERS_SET 109 +#define SM2_R_USER_ID_TOO_LARGE 106 + +#endif + +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/sm4.h.orig +++ crypto/openssl/include/crypto/sm4.h @@ -9,21 +9,21 @@ */ #ifndef OSSL_CRYPTO_SM4_H -# define OSSL_CRYPTO_SM4_H -# pragma once +#define OSSL_CRYPTO_SM4_H +#pragma once -# include -# include +#include +#include -# ifdef OPENSSL_NO_SM4 -# error SM4 is disabled. -# endif +#ifdef OPENSSL_NO_SM4 +#error SM4 is disabled. +#endif -# define SM4_ENCRYPT 1 -# define SM4_DECRYPT 0 +#define SM4_ENCRYPT 1 +#define SM4_DECRYPT 0 -# define SM4_BLOCK_SIZE 16 -# define SM4_KEY_SCHEDULE 32 +#define SM4_BLOCK_SIZE 16 +#define SM4_KEY_SCHEDULE 32 typedef struct SM4_KEY_st { uint32_t rk[SM4_KEY_SCHEDULE]; --- crypto/openssl/include/crypto/sparc_arch.h.orig +++ crypto/openssl/include/crypto/sparc_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,52 +8,53 @@ */ #ifndef OSSL_CRYPTO_SPARC_ARCH_H -# define OSSL_CRYPTO_SPARC_ARCH_H - -# define SPARCV9_TICK_PRIVILEGED (1<<0) -# define SPARCV9_PREFER_FPU (1<<1) -# define SPARCV9_VIS1 (1<<2) -# define SPARCV9_VIS2 (1<<3)/* reserved */ -# define SPARCV9_FMADD (1<<4) -# define SPARCV9_BLK (1<<5)/* VIS1 block copy */ -# define SPARCV9_VIS3 (1<<6) -# define SPARCV9_RANDOM (1<<7) -# define SPARCV9_64BIT_STACK (1<<8) -# define SPARCV9_FJAESX (1<<9)/* Fujitsu SPARC64 X AES */ -# define SPARCV9_FJDESX (1<<10)/* Fujitsu SPARC64 X DES, reserved */ -# define SPARCV9_FJHPCACE (1<<11)/* Fujitsu HPC-ACE, reserved */ -# define SPARCV9_IMA (1<<13)/* reserved */ -# define SPARCV9_VIS4 (1<<14)/* reserved */ +#define OSSL_CRYPTO_SPARC_ARCH_H + +#define SPARCV9_TICK_PRIVILEGED (1 << 0) +#define SPARCV9_PREFER_FPU (1 << 1) +#define SPARCV9_VIS1 (1 << 2) +#define SPARCV9_VIS2 (1 << 3) /* reserved */ +#define SPARCV9_FMADD (1 << 4) +#define SPARCV9_BLK (1 << 5) /* VIS1 block copy */ +#define SPARCV9_VIS3 (1 << 6) +#define SPARCV9_RANDOM (1 << 7) +#define SPARCV9_64BIT_STACK (1 << 8) +#define SPARCV9_FJAESX (1 << 9) /* Fujitsu SPARC64 X AES */ +#define SPARCV9_FJDESX (1 << 10) /* Fujitsu SPARC64 X DES, reserved */ +#define SPARCV9_FJHPCACE (1 << 11) /* Fujitsu HPC-ACE, reserved */ +#define SPARCV9_IMA (1 << 13) /* reserved */ +#define SPARCV9_VIS4 (1 << 14) /* reserved */ /* * OPENSSL_sparcv9cap_P[1] is copy of Compatibility Feature Register, * %asr26, SPARC-T4 and later. There is no SPARCV9_CFR bit in * OPENSSL_sparcv9cap_P[0], as %cfr copy is sufficient... */ -# define CFR_AES 0x00000001/* Supports AES opcodes */ -# define CFR_DES 0x00000002/* Supports DES opcodes */ -# define CFR_KASUMI 0x00000004/* Supports KASUMI opcodes */ -# define CFR_CAMELLIA 0x00000008/* Supports CAMELLIA opcodes */ -# define CFR_MD5 0x00000010/* Supports MD5 opcodes */ -# define CFR_SHA1 0x00000020/* Supports SHA1 opcodes */ -# define CFR_SHA256 0x00000040/* Supports SHA256 opcodes */ -# define CFR_SHA512 0x00000080/* Supports SHA512 opcodes */ -# define CFR_MPMUL 0x00000100/* Supports MPMUL opcodes */ -# define CFR_MONTMUL 0x00000200/* Supports MONTMUL opcodes */ -# define CFR_MONTSQR 0x00000400/* Supports MONTSQR opcodes */ -# define CFR_CRC32C 0x00000800/* Supports CRC32C opcodes */ -# define CFR_XMPMUL 0x00001000/* Supports XMPMUL opcodes */ -# define CFR_XMONTMUL 0x00002000/* Supports XMONTMUL opcodes */ -# define CFR_XMONTSQR 0x00004000/* Supports XMONTSQR opcodes */ - -# if defined(OPENSSL_PIC) && !defined(__PIC__) -# define __PIC__ -# endif - -# if defined(__SUNPRO_C) && defined(__sparcv9) && !defined(__arch64__) -# define __arch64__ -# endif - +#define CFR_AES 0x00000001 /* Supports AES opcodes */ +#define CFR_DES 0x00000002 /* Supports DES opcodes */ +#define CFR_KASUMI 0x00000004 /* Supports KASUMI opcodes */ +#define CFR_CAMELLIA 0x00000008 /* Supports CAMELLIA opcodes */ +#define CFR_MD5 0x00000010 /* Supports MD5 opcodes */ +#define CFR_SHA1 0x00000020 /* Supports SHA1 opcodes */ +#define CFR_SHA256 0x00000040 /* Supports SHA256 opcodes */ +#define CFR_SHA512 0x00000080 /* Supports SHA512 opcodes */ +#define CFR_MPMUL 0x00000100 /* Supports MPMUL opcodes */ +#define CFR_MONTMUL 0x00000200 /* Supports MONTMUL opcodes */ +#define CFR_MONTSQR 0x00000400 /* Supports MONTSQR opcodes */ +#define CFR_CRC32C 0x00000800 /* Supports CRC32C opcodes */ +#define CFR_XMPMUL 0x00001000 /* Supports XMPMUL opcodes */ +#define CFR_XMONTMUL 0x00002000 /* Supports XMONTMUL opcodes */ +#define CFR_XMONTSQR 0x00004000 /* Supports XMONTSQR opcodes */ + +#if defined(OPENSSL_PIC) && !defined(__PIC__) +#define __PIC__ +#endif + +#if defined(__SUNPRO_C) && defined(__sparcv9) && !defined(__arch64__) +#define __arch64__ +#endif + +/* clang-format off */ # define SPARC_PIC_THUNK(reg) \ .align 32; \ .Lpic_thunk: \ @@ -74,30 +75,38 @@ or reg,%lo(_GLOBAL_OFFSET_TABLE_+4), reg; \ add %o7, reg, reg # endif - -# if defined(__arch64__) - -# define SPARC_LOAD_ADDRESS(SYM, reg) \ - setx SYM, %o7, reg; -# define LDPTR ldx -# define SIZE_T_CC %xcc -# define STACK_FRAME 192 -# define STACK_BIAS 2047 -# define STACK_7thARG (STACK_BIAS+176) - -# else - -# define SPARC_LOAD_ADDRESS(SYM, reg) \ - set SYM, reg; -# define LDPTR ld -# define SIZE_T_CC %icc -# define STACK_FRAME 112 -# define STACK_BIAS 0 -# define STACK_7thARG 92 -# define SPARC_LOAD_ADDRESS_LEAF(SYM,reg,tmp) SPARC_LOAD_ADDRESS(SYM,reg) - -# endif - +/* clang-format on */ + +#if defined(__arch64__) + +/* clang-format off */ +#define SPARC_LOAD_ADDRESS(SYM, reg) \ + setx SYM, %o7, reg; +/* clang-format on */ +#define LDPTR ldx +/* clang-format off */ +#define SIZE_T_CC %xcc +/* clang-format on */ +#define STACK_FRAME 192 +#define STACK_BIAS 2047 +#define STACK_7thARG (STACK_BIAS + 176) + +#else + +#define SPARC_LOAD_ADDRESS(SYM, reg) \ + set SYM, reg; +#define LDPTR ld +/* clang-format off */ +#define SIZE_T_CC %icc +/* clang-format on */ +#define STACK_FRAME 112 +#define STACK_BIAS 0 +#define STACK_7thARG 92 +#define SPARC_LOAD_ADDRESS_LEAF(SYM, reg, tmp) SPARC_LOAD_ADDRESS(SYM, reg) + +#endif + +/* clang-format off */ # ifdef __PIC__ # undef SPARC_LOAD_ADDRESS # undef SPARC_LOAD_ADDRESS_LEAF @@ -114,9 +123,10 @@ SPARC_LOAD_ADDRESS(SYM, reg) \ mov tmp, %o7; # endif +/* clang-format on */ -# ifndef __ASSEMBLER__ +#ifndef __ASSEMBLER__ extern unsigned int OPENSSL_sparcv9cap_P[2]; -# endif +#endif -#endif /* OSSL_CRYPTO_SPARC_ARCH_H */ +#endif /* OSSL_CRYPTO_SPARC_ARCH_H */ --- crypto/openssl/include/crypto/sparse_array.h.orig +++ crypto/openssl/include/crypto/sparse_array.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -9,70 +9,68 @@ */ #ifndef OSSL_CRYPTO_SPARSE_ARRAY_H -# define OSSL_CRYPTO_SPARSE_ARRAY_H -# pragma once +#define OSSL_CRYPTO_SPARSE_ARRAY_H +#pragma once -# include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define SPARSE_ARRAY_OF(type) struct sparse_array_st_ ## type +#define SPARSE_ARRAY_OF(type) struct sparse_array_st_##type -# define DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, ctype) \ - SPARSE_ARRAY_OF(type); \ - static ossl_unused ossl_inline SPARSE_ARRAY_OF(type) * \ - ossl_sa_##type##_new(void) \ - { \ - return (SPARSE_ARRAY_OF(type) *)ossl_sa_new(); \ - } \ - static ossl_unused ossl_inline void \ - ossl_sa_##type##_free(SPARSE_ARRAY_OF(type) *sa) \ - { \ - ossl_sa_free((OPENSSL_SA *)sa); \ - } \ - static ossl_unused ossl_inline void \ - ossl_sa_##type##_free_leaves(SPARSE_ARRAY_OF(type) *sa) \ - { \ - ossl_sa_free_leaves((OPENSSL_SA *)sa); \ - } \ - static ossl_unused ossl_inline size_t \ - ossl_sa_##type##_num(const SPARSE_ARRAY_OF(type) *sa) \ - { \ - return ossl_sa_num((OPENSSL_SA *)sa); \ - } \ - static ossl_unused ossl_inline void \ - ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type) *sa, \ - void (*leaf)(ossl_uintmax_t, type *)) \ - { \ - ossl_sa_doall((OPENSSL_SA *)sa, \ - (void (*)(ossl_uintmax_t, void *))leaf); \ - } \ - static ossl_unused ossl_inline void \ - ossl_sa_##type##_doall_arg(const SPARSE_ARRAY_OF(type) *sa, \ - void (*leaf)(ossl_uintmax_t, type *, void *), \ - void *arg) \ - { \ - ossl_sa_doall_arg((OPENSSL_SA *)sa, \ - (void (*)(ossl_uintmax_t, void *, void *))leaf, arg); \ - } \ - static ossl_unused ossl_inline ctype \ - *ossl_sa_##type##_get(const SPARSE_ARRAY_OF(type) *sa, ossl_uintmax_t n) \ - { \ - return (type *)ossl_sa_get((OPENSSL_SA *)sa, n); \ - } \ - static ossl_unused ossl_inline int \ - ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) *sa, \ - ossl_uintmax_t n, ctype *val) \ - { \ - return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val); \ - } \ +#define DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, ctype) \ + SPARSE_ARRAY_OF(type); \ + static ossl_unused ossl_inline SPARSE_ARRAY_OF(type) * ossl_sa_##type##_new(void) \ + { \ + return (SPARSE_ARRAY_OF(type) *)ossl_sa_new(); \ + } \ + static ossl_unused ossl_inline void \ + ossl_sa_##type##_free(SPARSE_ARRAY_OF(type) * sa) \ + { \ + ossl_sa_free((OPENSSL_SA *)sa); \ + } \ + static ossl_unused ossl_inline void \ + ossl_sa_##type##_free_leaves(SPARSE_ARRAY_OF(type) * sa) \ + { \ + ossl_sa_free_leaves((OPENSSL_SA *)sa); \ + } \ + static ossl_unused ossl_inline size_t \ + ossl_sa_##type##_num(const SPARSE_ARRAY_OF(type) * sa) \ + { \ + return ossl_sa_num((OPENSSL_SA *)sa); \ + } \ + static ossl_unused ossl_inline void \ + ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type) * sa, \ + void (*leaf)(ossl_uintmax_t, type *)) \ + { \ + ossl_sa_doall((OPENSSL_SA *)sa, \ + (void (*)(ossl_uintmax_t, void *))leaf); \ + } \ + static ossl_unused ossl_inline void \ + ossl_sa_##type##_doall_arg(const SPARSE_ARRAY_OF(type) * sa, \ + void (*leaf)(ossl_uintmax_t, type *, void *), \ + void *arg) \ + { \ + ossl_sa_doall_arg((OPENSSL_SA *)sa, \ + (void (*)(ossl_uintmax_t, void *, void *))leaf, arg); \ + } \ + static ossl_unused ossl_inline ctype *ossl_sa_##type##_get(const SPARSE_ARRAY_OF(type) * sa, ossl_uintmax_t n) \ + { \ + return (type *)ossl_sa_get((OPENSSL_SA *)sa, n); \ + } \ + static ossl_unused ossl_inline int \ + ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) * sa, \ + ossl_uintmax_t n, ctype *val) \ + { \ + return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val); \ + } \ SPARSE_ARRAY_OF(type) -# define DEFINE_SPARSE_ARRAY_OF(type) \ +#define DEFINE_SPARSE_ARRAY_OF(type) \ DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, type) -# define DEFINE_SPARSE_ARRAY_OF_CONST(type) \ +#define DEFINE_SPARSE_ARRAY_OF_CONST(type) \ DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, const type) typedef struct sparse_array_st OPENSSL_SA; @@ -82,11 +80,11 @@ size_t ossl_sa_num(const OPENSSL_SA *sa); void ossl_sa_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t, void *)); void ossl_sa_doall_arg(const OPENSSL_SA *sa, - void (*leaf)(ossl_uintmax_t, void *, void *), void *); + void (*leaf)(ossl_uintmax_t, void *, void *), void *); void *ossl_sa_get(const OPENSSL_SA *sa, ossl_uintmax_t n); int ossl_sa_set(OPENSSL_SA *sa, ossl_uintmax_t n, void *val); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/store.h.orig +++ crypto/openssl/include/crypto/store.h @@ -8,12 +8,12 @@ */ #ifndef OSSL_CRYPTO_STORE_H -# define OSSL_CRYPTO_STORE_H -# pragma once +#define OSSL_CRYPTO_STORE_H +#pragma once -# include -# include -# include +#include +#include +#include void ossl_store_cleanup_int(void); int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader); --- crypto/openssl/include/crypto/storeerr.h.orig +++ crypto/openssl/include/crypto/storeerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_STOREERR_H -# define OSSL_CRYPTO_STOREERR_H -# pragma once +#define OSSL_CRYPTO_STOREERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_OSSL_STORE_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/tserr.h.orig +++ crypto/openssl/include/crypto/tserr.h @@ -9,22 +9,22 @@ */ #ifndef OSSL_CRYPTO_TSERR_H -# define OSSL_CRYPTO_TSERR_H -# pragma once +#define OSSL_CRYPTO_TSERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_TS +#ifndef OPENSSL_NO_TS int ossl_err_load_TS_strings(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/types.h.orig +++ crypto/openssl/include/crypto/types.h @@ -10,23 +10,23 @@ /* When removal is simulated, we still need the type internally */ #ifndef OSSL_CRYPTO_TYPES_H -# define OSSL_CRYPTO_TYPES_H -# pragma once +#define OSSL_CRYPTO_TYPES_H +#pragma once -# ifdef OPENSSL_NO_DEPRECATED_3_0 +#ifdef OPENSSL_NO_DEPRECATED_3_0 typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC typedef struct ec_key_st EC_KEY; typedef struct ec_key_method_st EC_KEY_METHOD; -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA typedef struct dsa_st DSA; -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC typedef struct ecx_key_st ECX_KEY; -# endif +#endif #endif --- crypto/openssl/include/crypto/uierr.h.orig +++ crypto/openssl/include/crypto/uierr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_UIERR_H -# define OSSL_CRYPTO_UIERR_H -# pragma once +#define OSSL_CRYPTO_UIERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_UI_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/x509.h.orig +++ crypto/openssl/include/crypto/x509.h @@ -8,14 +8,14 @@ */ #ifndef OSSL_CRYPTO_X509_H -# define OSSL_CRYPTO_X509_H -# pragma once +#define OSSL_CRYPTO_X509_H +#pragma once -# include "internal/refcount.h" -# include -# include -# include -# include "crypto/types.h" +#include "internal/refcount.h" +#include +#include +#include +#include "crypto/types.h" /* Internal X509 structures and functions: not for application use */ @@ -29,21 +29,21 @@ * in RFC5280 et al. */ struct X509_name_entry_st { - ASN1_OBJECT *object; /* AttributeType */ - ASN1_STRING *value; /* AttributeValue */ - int set; /* index of RDNSequence for this entry */ - int size; /* temp variable */ + ASN1_OBJECT *object; /* AttributeType */ + ASN1_STRING *value; /* AttributeValue */ + int set; /* index of RDNSequence for this entry */ + int size; /* temp variable */ }; /* Name from RFC 5280. */ struct X509_name_st { STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */ - int modified; /* true if 'bytes' needs to be built */ - BUF_MEM *bytes; /* cached encoding: cannot be NULL */ + int modified; /* true if 'bytes' needs to be built */ + BUF_MEM *bytes; /* cached encoding: cannot be NULL */ /* canonical encoding used for rapid Name comparison */ unsigned char *canon_enc; int canon_enclen; -} /* X509_NAME */ ; +} /* X509_NAME */; /* Signature info structure */ @@ -61,10 +61,10 @@ /* PKCS#10 certificate request */ struct X509_req_info_st { - ASN1_ENCODING enc; /* cached encoding of signed part */ - ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ - X509_NAME *subject; /* certificate request DN */ - X509_PUBKEY *pubkey; /* public key of request */ + ASN1_ENCODING enc; /* cached encoding of signed part */ + ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ + X509_NAME *subject; /* certificate request DN */ + X509_PUBKEY *pubkey; /* public key of request */ /* * Zero or more attributes. * NB: although attributes is a mandatory field some broken @@ -74,8 +74,8 @@ }; struct X509_req_st { - X509_REQ_INFO req_info; /* signed certificate request data */ - X509_ALGOR sig_alg; /* signature algorithm */ + X509_REQ_INFO req_info; /* signed certificate request data */ + X509_ALGOR sig_alg; /* signature algorithm */ ASN1_BIT_STRING *signature; /* signature */ CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; @@ -87,20 +87,20 @@ }; struct X509_crl_info_st { - ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ - X509_ALGOR sig_alg; /* signature algorithm */ - X509_NAME *issuer; /* CRL issuer name */ - ASN1_TIME *lastUpdate; /* lastUpdate field */ - ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ - STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ - STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ - ASN1_ENCODING enc; /* encoding of signed portion of CRL */ + ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ + X509_ALGOR sig_alg; /* signature algorithm */ + X509_NAME *issuer; /* CRL issuer name */ + ASN1_TIME *lastUpdate; /* lastUpdate field */ + ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ + STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ + STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ + ASN1_ENCODING enc; /* encoding of signed portion of CRL */ }; struct X509_crl_st { - X509_CRL_INFO crl; /* signed CRL data */ - X509_ALGOR sig_alg; /* CRL signature algorithm */ - ASN1_BIT_STRING signature; /* CRL signature */ + X509_CRL_INFO crl; /* signed CRL data */ + X509_ALGOR sig_alg; /* CRL signature algorithm */ + ASN1_BIT_STRING signature; /* CRL signature */ CRYPTO_REF_COUNT references; int flags; /* @@ -129,8 +129,8 @@ struct x509_revoked_st { ASN1_INTEGER serialNumber; /* revoked entry serial number */ - ASN1_TIME *revocationDate; /* revocation date */ - STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ + ASN1_TIME *revocationDate; /* revocation date */ + STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ /* decoded value of CRLissuer extension: set if indirect CRL */ STACK_OF(GENERAL_NAME) *issuer; /* revocation reason: set to CRL_REASON_NONE if reason extension absent */ @@ -152,13 +152,13 @@ struct x509_cert_aux_st { STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ + ASN1_UTF8STRING *alias; /* "friendly name" */ + ASN1_OCTET_STRING *keyid; /* key id of private key */ STACK_OF(X509_ALGOR) *other; /* other unspecified info */ }; struct x509_cinf_st { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ + ASN1_INTEGER *version; /* [ 0 ] default of v1 */ ASN1_INTEGER serialNumber; X509_ALGOR signature; X509_NAME *issuer; @@ -191,10 +191,10 @@ STACK_OF(DIST_POINT) *crldp; STACK_OF(GENERAL_NAME) *altname; NAME_CONSTRAINTS *nc; -# ifndef OPENSSL_NO_RFC3779 +#ifndef OPENSSL_NO_RFC3779 STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; -# endif +#endif unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; CRYPTO_RWLOCK *lock; @@ -205,14 +205,14 @@ OSSL_LIB_CTX *libctx; char *propq; -} /* X509 */ ; +} /* X509 */; /* * This is a used when verifying cert chains. Since the gathering of the * cert chain can take some time (and have to be 'retried', this needs to be * kept and passed around. */ -struct x509_store_ctx_st { /* X509_STORE_CTX */ +struct x509_store_ctx_st { /* X509_STORE_CTX */ X509_STORE *store; /* The following are set by the caller */ /* The cert to check */ @@ -226,29 +226,29 @@ void *other_ctx; /* Callbacks for various operations */ /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); + int (*verify)(X509_STORE_CTX *ctx); /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); + int (*verify_cb)(int ok, X509_STORE_CTX *ctx); /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); + int (*check_revocation)(X509_STORE_CTX *ctx); /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, - const X509_NAME *nm); + int (*check_policy)(X509_STORE_CTX *ctx); + STACK_OF(X509) *(*lookup_certs)(X509_STORE_CTX *ctx, + const X509_NAME *nm); /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */ - STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx, - const X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); + STACK_OF(X509_CRL) *(*lookup_crls)(const X509_STORE_CTX *ctx, + const X509_NAME *nm); + int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ /* if 0, rebuild chain */ int valid; @@ -316,72 +316,72 @@ int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq); int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); int ossl_x509_req_set0_libctx(X509_REQ *x, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type, - void *data, unsigned char *md, unsigned int *len, - OSSL_LIB_CTX *libctx, const char *propq); + void *data, unsigned char *md, unsigned int *len, + OSSL_LIB_CTX *libctx, const char *propq); int ossl_x509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags); int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs, - int flags); + int flags); STACK_OF(X509_ATTRIBUTE) *ossl_x509at_dup(const STACK_OF(X509_ATTRIBUTE) *x); int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq, - const X509_PUBKEY *key); + const X509_PUBKEY *key); /* Calculate default key identifier according to RFC 5280 section 4.2.1.2 (1) */ ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey); X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, - long len, OSSL_LIB_CTX *libctx); + long len, OSSL_LIB_CTX *libctx); void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub); RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length); int ossl_i2d_RSA_PSS_PUBKEY(const RSA *a, unsigned char **pp); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); -# endif /* OPENSSL_NO_DSA */ -# ifndef OPENSSL_NO_DH +#endif /* OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_DH DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length); int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp); DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length); int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp); -# endif /* OPENSSL_NO_DH */ -# ifndef OPENSSL_NO_EC +#endif /* OPENSSL_NO_DH */ +#ifndef OPENSSL_NO_EC ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length); + const unsigned char **pp, long length); int ossl_i2d_ED25519_PUBKEY(const ECX_KEY *a, unsigned char **pp); ECX_KEY *ossl_d2i_ED448_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length); + const unsigned char **pp, long length); int ossl_i2d_ED448_PUBKEY(const ECX_KEY *a, unsigned char **pp); ECX_KEY *ossl_d2i_X25519_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length); + const unsigned char **pp, long length); int ossl_i2d_X25519_PUBKEY(const ECX_KEY *a, unsigned char **pp); ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length); + const unsigned char **pp, long length); int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp); -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, - long length); + long length); int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, - size_t vallen, STACK_OF(CONF_VALUE) **extlist); + size_t vallen, STACK_OF(CONF_VALUE) **extlist); /* Attribute addition functions not checking for duplicate attributes */ STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr); + X509_ATTRIBUTE *attr); STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, - const ASN1_OBJECT *obj, - int type, - const unsigned char *bytes, - int len); + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, - int nid, int type, - const unsigned char *bytes, - int len); + int nid, int type, + const unsigned char *bytes, + int len); STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, - const char *attrname, - int type, - const unsigned char *bytes, - int len); -#endif /* OSSL_CRYPTO_X509_H */ + const char *attrname, + int type, + const unsigned char *bytes, + int len); +#endif /* OSSL_CRYPTO_X509_H */ --- crypto/openssl/include/crypto/x509err.h.orig +++ crypto/openssl/include/crypto/x509err.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_X509ERR_H -# define OSSL_CRYPTO_X509ERR_H -# pragma once +#define OSSL_CRYPTO_X509ERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_X509_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/crypto/x509v3err.h.orig +++ crypto/openssl/include/crypto/x509v3err.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_CRYPTO_X509V3ERR_H -# define OSSL_CRYPTO_X509V3ERR_H -# pragma once +#define OSSL_CRYPTO_X509V3ERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_X509V3_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/internal/asn1.h.orig +++ crypto/openssl/include/internal/asn1.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_INTERNAL_ASN1_H -# define OSSL_INTERNAL_ASN1_H -# pragma once +#define OSSL_INTERNAL_ASN1_H +#pragma once int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); --- crypto/openssl/include/internal/bio.h.orig +++ crypto/openssl/include/internal/bio.h @@ -8,39 +8,38 @@ */ #ifndef OSSL_INTERNAL_BIO_H -# define OSSL_INTERNAL_BIO_H -# pragma once +#define OSSL_INTERNAL_BIO_H +#pragma once -# include -# include +#include +#include struct bio_method_st { int type; char *name; - int (*bwrite) (BIO *, const char *, size_t, size_t *); - int (*bwrite_old) (BIO *, const char *, int); - int (*bread) (BIO *, char *, size_t, size_t *); - int (*bread_old) (BIO *, char *, int); - int (*bputs) (BIO *, const char *); - int (*bgets) (BIO *, char *, int); - long (*ctrl) (BIO *, int, long, void *); - int (*create) (BIO *); - int (*destroy) (BIO *); - long (*callback_ctrl) (BIO *, int, BIO_info_cb *); + int (*bwrite)(BIO *, const char *, size_t, size_t *); + int (*bwrite_old)(BIO *, const char *, int); + int (*bread)(BIO *, char *, size_t, size_t *); + int (*bread_old)(BIO *, char *, int); + int (*bputs)(BIO *, const char *); + int (*bgets)(BIO *, char *, int); + long (*ctrl)(BIO *, int, long, void *); + int (*create)(BIO *); + int (*destroy)(BIO *); + long (*callback_ctrl)(BIO *, int, BIO_info_cb *); }; void bio_free_ex_data(BIO *bio); void bio_cleanup(void); - /* Old style to new style BIO_METHOD conversion functions */ int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written); int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); /* Changes to these internal BIOs must also update include/openssl/bio.h */ -# define BIO_CTRL_SET_KTLS 72 -# define BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG 74 -# define BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG 75 +#define BIO_CTRL_SET_KTLS 72 +#define BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG 74 +#define BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG 75 /* * This is used with socket BIOs: @@ -48,37 +47,37 @@ * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next. * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving. */ -# define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000 -# define BIO_FLAGS_KTLS_RX 0x2000 -# define BIO_FLAGS_KTLS_TX 0x4000 +#define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000 +#define BIO_FLAGS_KTLS_RX 0x2000 +#define BIO_FLAGS_KTLS_TX 0x4000 /* KTLS related controls and flags */ -# define BIO_set_ktls_flag(b, is_tx) \ +#define BIO_set_ktls_flag(b, is_tx) \ BIO_set_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX) -# define BIO_should_ktls_flag(b, is_tx) \ +#define BIO_should_ktls_flag(b, is_tx) \ BIO_test_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX) -# define BIO_set_ktls_ctrl_msg_flag(b) \ +#define BIO_set_ktls_ctrl_msg_flag(b) \ BIO_set_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) -# define BIO_should_ktls_ctrl_msg_flag(b) \ +#define BIO_should_ktls_ctrl_msg_flag(b) \ BIO_test_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) -# define BIO_clear_ktls_ctrl_msg_flag(b) \ +#define BIO_clear_ktls_ctrl_msg_flag(b) \ BIO_clear_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) -# define BIO_set_ktls(b, keyblob, is_tx) \ - BIO_ctrl(b, BIO_CTRL_SET_KTLS, is_tx, keyblob) -# define BIO_set_ktls_ctrl_msg(b, record_type) \ - BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG, record_type, NULL) -# define BIO_clear_ktls_ctrl_msg(b) \ - BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL) +#define BIO_set_ktls(b, keyblob, is_tx) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS, is_tx, keyblob) +#define BIO_set_ktls_ctrl_msg(b, record_type) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG, record_type, NULL) +#define BIO_clear_ktls_ctrl_msg(b) \ + BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL) /* Functions to allow the core to offer the CORE_BIO type to providers */ OSSL_CORE_BIO *ossl_core_bio_new_from_bio(BIO *bio); OSSL_CORE_BIO *ossl_core_bio_new_file(const char *filename, const char *mode); OSSL_CORE_BIO *ossl_core_bio_new_mem_buf(const void *buf, int len); int ossl_core_bio_read_ex(OSSL_CORE_BIO *cb, void *data, size_t dlen, - size_t *readbytes); + size_t *readbytes); int ossl_core_bio_write_ex(OSSL_CORE_BIO *cb, const void *data, size_t dlen, - size_t *written); + size_t *written); int ossl_core_bio_gets(OSSL_CORE_BIO *cb, char *buf, int size); int ossl_core_bio_puts(OSSL_CORE_BIO *cb, const char *buf); long ossl_core_bio_ctrl(OSSL_CORE_BIO *cb, int cmd, long larg, void *parg); --- crypto/openssl/include/internal/conf.h.orig +++ crypto/openssl/include/internal/conf.h @@ -8,15 +8,13 @@ */ #ifndef OSSL_INTERNAL_CONF_H -# define OSSL_INTERNAL_CONF_H -# pragma once +#define OSSL_INTERNAL_CONF_H +#pragma once -# include +#include -# define DEFAULT_CONF_MFLAGS \ - (CONF_MFLAGS_DEFAULT_SECTION | \ - CONF_MFLAGS_IGNORE_MISSING_FILE | \ - CONF_MFLAGS_IGNORE_RETURN_CODES) +#define DEFAULT_CONF_MFLAGS \ + (CONF_MFLAGS_DEFAULT_SECTION | CONF_MFLAGS_IGNORE_MISSING_FILE | CONF_MFLAGS_IGNORE_RETURN_CODES) struct ossl_init_settings_st { char *filename; --- crypto/openssl/include/internal/constant_time.h.orig +++ crypto/openssl/include/internal/constant_time.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,12 +8,12 @@ */ #ifndef OSSL_INTERNAL_CONSTANT_TIME_H -# define OSSL_INTERNAL_CONSTANT_TIME_H -# pragma once +#define OSSL_INTERNAL_CONSTANT_TIME_H +#pragma once -# include -# include -# include /* For 'ossl_inline' */ +#include +#include +#include /* For 'ossl_inline' */ /*- * The boolean methods return a bitmask of all ones (0xff...f) for true @@ -38,19 +38,19 @@ /* Returns 0xff..f if a < b and 0 otherwise. */ static ossl_inline unsigned int constant_time_lt(unsigned int a, - unsigned int b); + unsigned int b); /* Convenience method for getting an 8-bit mask. */ static ossl_inline unsigned char constant_time_lt_8(unsigned int a, - unsigned int b); + unsigned int b); /* Convenience method for uint64_t. */ static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b); /* Returns 0xff..f if a >= b and 0 otherwise. */ static ossl_inline unsigned int constant_time_ge(unsigned int a, - unsigned int b); + unsigned int b); /* Convenience method for getting an 8-bit mask. */ static ossl_inline unsigned char constant_time_ge_8(unsigned int a, - unsigned int b); + unsigned int b); /* Returns 0xff..f if a == 0 and 0 otherwise. */ static ossl_inline unsigned int constant_time_is_zero(unsigned int a); @@ -61,10 +61,10 @@ /* Returns 0xff..f if a == b and 0 otherwise. */ static ossl_inline unsigned int constant_time_eq(unsigned int a, - unsigned int b); + unsigned int b); /* Convenience method for getting an 8-bit mask. */ static ossl_inline unsigned char constant_time_eq_8(unsigned int a, - unsigned int b); + unsigned int b); /* Signed integers. */ static ossl_inline unsigned int constant_time_eq_int(int a, int b); /* Convenience method for getting an 8-bit mask. */ @@ -78,31 +78,29 @@ * (if |mask| is zero). */ static ossl_inline unsigned int constant_time_select(unsigned int mask, - unsigned int a, - unsigned int b); + unsigned int a, + unsigned int b); /* Convenience method for unsigned chars. */ static ossl_inline unsigned char constant_time_select_8(unsigned char mask, - unsigned char a, - unsigned char b); + unsigned char a, + unsigned char b); /* Convenience method for uint32_t. */ static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, - uint32_t b); + uint32_t b); /* Convenience method for uint64_t. */ static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, - uint64_t b); + uint64_t b); /* Convenience method for signed integers. */ static ossl_inline int constant_time_select_int(unsigned int mask, int a, - int b); - + int b); static ossl_inline unsigned int constant_time_msb(unsigned int a) { return 0 - (a >> (sizeof(a) * 8 - 1)); } - static ossl_inline uint32_t constant_time_msb_32(uint32_t a) { return 0 - (a >> 31); @@ -119,7 +117,7 @@ } static ossl_inline unsigned int constant_time_lt(unsigned int a, - unsigned int b) + unsigned int b) { return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); } @@ -130,7 +128,7 @@ } static ossl_inline unsigned char constant_time_lt_8(unsigned int a, - unsigned int b) + unsigned int b) { return (unsigned char)constant_time_lt(a, b); } @@ -157,14 +155,14 @@ } static ossl_inline BN_ULONG constant_time_eq_bn(BN_ULONG a, - BN_ULONG b) + BN_ULONG b) { return constant_time_is_zero_bn(a ^ b); } #endif static ossl_inline unsigned int constant_time_ge(unsigned int a, - unsigned int b) + unsigned int b) { return ~constant_time_lt(a, b); } @@ -175,7 +173,7 @@ } static ossl_inline unsigned char constant_time_ge_8(unsigned int a, - unsigned int b) + unsigned int b) { return (unsigned char)constant_time_ge(a, b); } @@ -211,7 +209,7 @@ } static ossl_inline unsigned int constant_time_eq(unsigned int a, - unsigned int b) + unsigned int b) { return constant_time_is_zero(a ^ b); } @@ -222,7 +220,7 @@ } static ossl_inline unsigned char constant_time_eq_8(unsigned int a, - unsigned int b) + unsigned int b) { return (unsigned char)constant_time_eq(a, b); } @@ -296,29 +294,41 @@ return r; } +/* Convenience method for unsigned char. */ +static ossl_inline unsigned char value_barrier_8(unsigned char a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned char r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned char r = a; +#endif + return r; +} + static ossl_inline unsigned int constant_time_select(unsigned int mask, - unsigned int a, - unsigned int b) + unsigned int a, + unsigned int b) { return (value_barrier(mask) & a) | (value_barrier(~mask) & b); } static ossl_inline size_t constant_time_select_s(size_t mask, - size_t a, - size_t b) + size_t a, + size_t b) { return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b); } static ossl_inline unsigned char constant_time_select_8(unsigned char mask, - unsigned char a, - unsigned char b) + unsigned char a, + unsigned char b) { return (unsigned char)constant_time_select(mask, a, b); } static ossl_inline int constant_time_select_int(unsigned int mask, int a, - int b) + int b) { return (int)constant_time_select(mask, (unsigned)(a), (unsigned)(b)); } @@ -326,17 +336,17 @@ static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b) { return (int)constant_time_select((unsigned)mask, (unsigned)(a), - (unsigned)(b)); + (unsigned)(b)); } static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, - uint32_t b) + uint32_t b) { return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b); } static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, - uint64_t b) + uint64_t b) { return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b); } @@ -352,11 +362,11 @@ * } */ static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a, - uint32_t *b) + uint32_t *b) { uint32_t xor = *a ^ *b; - xor &= mask; + xor&= value_barrier_32(mask); *a ^= xor; *b ^= xor; } @@ -372,11 +382,11 @@ * } */ static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a, - uint64_t *b) + uint64_t *b) { uint64_t xor = *a ^ *b; - xor &= mask; + xor&= value_barrier_64(mask); *a ^= xor; *b ^= xor; } @@ -394,16 +404,16 @@ * } */ static ossl_inline void constant_time_cond_swap_buff(unsigned char mask, - unsigned char *a, - unsigned char *b, - size_t len) + unsigned char *a, + unsigned char *b, + size_t len) { size_t i; unsigned char tmp; for (i = 0; i < len; i++) { tmp = a[i] ^ b[i]; - tmp &= mask; + tmp &= value_barrier_8(mask); a[i] ^= tmp; b[i] ^= tmp; } @@ -415,10 +425,10 @@ * private. */ static ossl_inline void constant_time_lookup(void *out, - const void *table, - size_t rowsize, - size_t numrows, - size_t idx) + const void *table, + size_t rowsize, + size_t numrows, + size_t idx) { size_t i, j; const unsigned char *tablec = (const unsigned char *)table; @@ -441,4 +451,4 @@ */ void err_clear_last_constant_time(int clear); -#endif /* OSSL_INTERNAL_CONSTANT_TIME_H */ +#endif /* OSSL_INTERNAL_CONSTANT_TIME_H */ --- crypto/openssl/include/internal/core.h.orig +++ crypto/openssl/include/internal/core.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_INTERNAL_CORE_H -# define OSSL_INTERNAL_CORE_H -# pragma once +#define OSSL_INTERNAL_CORE_H +#pragma once /* * namespaces: @@ -38,30 +38,30 @@ void *(*get)(void *store, const OSSL_PROVIDER **prov, void *data); /* Store a method in a store */ int (*put)(void *store, void *method, const OSSL_PROVIDER *prov, - const char *name, const char *propdef, void *data); + const char *name, const char *propdef, void *data); /* Construct a new method */ void *(*construct)(const OSSL_ALGORITHM *algodef, OSSL_PROVIDER *prov, - void *data); + void *data); /* Destruct a method */ void (*destruct)(void *method, void *data); } OSSL_METHOD_CONSTRUCT_METHOD; void *ossl_method_construct(OSSL_LIB_CTX *ctx, int operation_id, - OSSL_PROVIDER **provider_rw, int force_cache, - OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data); + OSSL_PROVIDER **provider_rw, int force_cache, + OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data); void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, - OSSL_PROVIDER *provider, - int (*pre)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), - int (*reserve_store)(int no_store, void *data), - void (*fn)(OSSL_PROVIDER *provider, - const OSSL_ALGORITHM *algo, - int no_store, void *data), - int (*unreserve_store)(void *data), - int (*post)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), - void *data); + OSSL_PROVIDER *provider, + int (*pre)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), + int (*reserve_store)(int no_store, void *data), + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + int (*unreserve_store)(void *data), + int (*post)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), + void *data); char *ossl_algorithm_get1_first_name(const OSSL_ALGORITHM *algo); __owur int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx); --- crypto/openssl/include/internal/cryptlib.h.orig +++ crypto/openssl/include/internal/cryptlib.h @@ -8,31 +8,31 @@ */ #ifndef OSSL_INTERNAL_CRYPTLIB_H -# define OSSL_INTERNAL_CRYPTLIB_H -# pragma once - -# include -# include - -# ifdef OPENSSL_USE_APPLINK -# define BIO_FLAGS_UPLINK_INTERNAL 0x8000 -# include "ms/uplink.h" -# else -# define BIO_FLAGS_UPLINK_INTERNAL 0 -# endif - -# include -# include -# include -# include -# include -# include "internal/nelem.h" +#define OSSL_INTERNAL_CRYPTLIB_H +#pragma once + +#include +#include + +#ifdef OPENSSL_USE_APPLINK +#define BIO_FLAGS_UPLINK_INTERNAL 0x8000 +#include "ms/uplink.h" +#else +#define BIO_FLAGS_UPLINK_INTERNAL 0 +#endif + +#include +#include +#include +#include +#include +#include "internal/nelem.h" #ifdef NDEBUG -# define ossl_assert(x) ((x) != 0) +#define ossl_assert(x) ((x) != 0) #else __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, - const char *file, int line) + const char *file, int line) { if (!expr) OPENSSL_die(exprstr, file, line); @@ -40,8 +40,8 @@ return expr; } -# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \ - __FILE__, __LINE__) +#define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: " #x, \ + __FILE__, __LINE__) #endif @@ -50,9 +50,9 @@ * reasonable boundary for the platform. The most pessimistic alignment * of the listed types will be used by the compiler. */ -# define OSSL_UNION_ALIGN \ - double align; \ - ossl_uintmax_t align_int; \ +#define OSSL_UNION_ALIGN \ + double align; \ + ossl_uintmax_t align_int; \ void *align_ptr typedef struct ex_callback_st EX_CALLBACK; @@ -61,34 +61,32 @@ typedef struct mem_st MEM; DEFINE_LHASH_OF(MEM); -# define OPENSSL_CONF "openssl.cnf" - -# ifndef OPENSSL_SYS_VMS -# define X509_CERT_AREA OPENSSLDIR -# define X509_CERT_DIR OPENSSLDIR "/certs" -# define X509_CERT_FILE OPENSSLDIR "/cert.pem" -# define X509_PRIVATE_DIR OPENSSLDIR "/private" -# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" -# else -# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" -# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" -# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" -# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" -# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" -# endif - -# define X509_CERT_DIR_EVP "SSL_CERT_DIR" -# define X509_CERT_FILE_EVP "SSL_CERT_FILE" -# define CTLOG_FILE_EVP "CTLOG_FILE" +#define OPENSSL_CONF "openssl.cnf" + +#ifndef OPENSSL_SYS_VMS +#define X509_CERT_AREA OPENSSLDIR +#define X509_CERT_DIR OPENSSLDIR "/certs" +#define X509_CERT_FILE OPENSSLDIR "/cert.pem" +#define X509_PRIVATE_DIR OPENSSLDIR "/private" +#define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +#else +#define X509_CERT_AREA "OSSL$DATAROOT:[000000]" +#define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" +#define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" +#define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" +#define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" +#endif + +#define X509_CERT_DIR_EVP "SSL_CERT_DIR" +#define X509_CERT_FILE_EVP "SSL_CERT_FILE" +#define CTLOG_FILE_EVP "CTLOG_FILE" /* size of string representations */ -# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) -# define HEX_SIZE(type) (sizeof(type)*2) +#define DECIMAL_SIZE(type) ((sizeof(type) * 8 + 2) / 3 + 1) +#define HEX_SIZE(type) (sizeof(type) * 2) void OPENSSL_cpuid_setup(void); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) extern unsigned int OPENSSL_ia32cap_P[]; #endif void OPENSSL_showfatal(const char *fmta, ...); @@ -101,11 +99,11 @@ extern CRYPTO_RWLOCK *memdbg_lock; int openssl_strerror_r(int errnum, char *buf, size_t buflen); -# if !defined(OPENSSL_NO_STDIO) +#if !defined(OPENSSL_NO_STDIO) FILE *openssl_fopen(const char *filename, const char *mode); -# else +#else void *openssl_fopen(const char *filename, const char *mode); -# endif +#endif uint32_t OPENSSL_rdtsc(void); size_t OPENSSL_instrument_bus(unsigned int *, size_t); @@ -118,9 +116,9 @@ * exdata has a stack of callbacks for each instance. */ struct ex_callback_st { - long argl; /* Arbitrary long */ - void *argp; /* Arbitrary void * */ - int priority; /* Priority ordering for freeing */ + long argl; /* Arbitrary long */ + void *argp; /* Arbitrary void * */ + int priority; /* Priority ordering for freeing */ CRYPTO_EX_new *new_func; CRYPTO_EX_free *free_func; CRYPTO_EX_dup *dup_func; @@ -139,41 +137,40 @@ EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT]; } OSSL_EX_DATA_GLOBAL; - /* OSSL_LIB_CTX */ -# define OSSL_LIB_CTX_PROVIDER_STORE_RUN_ONCE_INDEX 0 -# define OSSL_LIB_CTX_DEFAULT_METHOD_STORE_RUN_ONCE_INDEX 1 -# define OSSL_LIB_CTX_METHOD_STORE_RUN_ONCE_INDEX 2 -# define OSSL_LIB_CTX_MAX_RUN_ONCE 3 - -# define OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX 0 -# define OSSL_LIB_CTX_PROVIDER_STORE_INDEX 1 -# define OSSL_LIB_CTX_PROPERTY_DEFN_INDEX 2 -# define OSSL_LIB_CTX_PROPERTY_STRING_INDEX 3 -# define OSSL_LIB_CTX_NAMEMAP_INDEX 4 -# define OSSL_LIB_CTX_DRBG_INDEX 5 -# define OSSL_LIB_CTX_DRBG_NONCE_INDEX 6 -# define OSSL_LIB_CTX_RAND_CRNGT_INDEX 7 -# ifdef FIPS_MODULE -# define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8 -# endif -# define OSSL_LIB_CTX_FIPS_PROV_INDEX 9 -# define OSSL_LIB_CTX_ENCODER_STORE_INDEX 10 -# define OSSL_LIB_CTX_DECODER_STORE_INDEX 11 -# define OSSL_LIB_CTX_SELF_TEST_CB_INDEX 12 -# define OSSL_LIB_CTX_BIO_PROV_INDEX 13 -# define OSSL_LIB_CTX_GLOBAL_PROPERTIES 14 -# define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX 15 -# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 -# define OSSL_LIB_CTX_BIO_CORE_INDEX 17 -# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 -# define OSSL_LIB_CTX_MAX_INDEXES 19 - -# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 -# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 -# define OSSL_LIB_CTX_METHOD_PRIORITY_1 1 -# define OSSL_LIB_CTX_METHOD_PRIORITY_2 2 +#define OSSL_LIB_CTX_PROVIDER_STORE_RUN_ONCE_INDEX 0 +#define OSSL_LIB_CTX_DEFAULT_METHOD_STORE_RUN_ONCE_INDEX 1 +#define OSSL_LIB_CTX_METHOD_STORE_RUN_ONCE_INDEX 2 +#define OSSL_LIB_CTX_MAX_RUN_ONCE 3 + +#define OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX 0 +#define OSSL_LIB_CTX_PROVIDER_STORE_INDEX 1 +#define OSSL_LIB_CTX_PROPERTY_DEFN_INDEX 2 +#define OSSL_LIB_CTX_PROPERTY_STRING_INDEX 3 +#define OSSL_LIB_CTX_NAMEMAP_INDEX 4 +#define OSSL_LIB_CTX_DRBG_INDEX 5 +#define OSSL_LIB_CTX_DRBG_NONCE_INDEX 6 +#define OSSL_LIB_CTX_RAND_CRNGT_INDEX 7 +#ifdef FIPS_MODULE +#define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8 +#endif +#define OSSL_LIB_CTX_FIPS_PROV_INDEX 9 +#define OSSL_LIB_CTX_ENCODER_STORE_INDEX 10 +#define OSSL_LIB_CTX_DECODER_STORE_INDEX 11 +#define OSSL_LIB_CTX_SELF_TEST_CB_INDEX 12 +#define OSSL_LIB_CTX_BIO_PROV_INDEX 13 +#define OSSL_LIB_CTX_GLOBAL_PROPERTIES 14 +#define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX 15 +#define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 +#define OSSL_LIB_CTX_BIO_CORE_INDEX 17 +#define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 +#define OSSL_LIB_CTX_MAX_INDEXES 19 + +#define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 +#define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 +#define OSSL_LIB_CTX_METHOD_PRIORITY_1 1 +#define OSSL_LIB_CTX_METHOD_PRIORITY_2 2 typedef struct ossl_lib_ctx_method { int priority; @@ -187,15 +184,15 @@ /* Functions to retrieve pointers to data by index */ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *, int /* index */, - const OSSL_LIB_CTX_METHOD * ctx); + const OSSL_LIB_CTX_METHOD *ctx); void ossl_lib_ctx_default_deinit(void); OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx); -typedef int (ossl_lib_ctx_run_once_fn)(OSSL_LIB_CTX *ctx); -typedef void (ossl_lib_ctx_onfree_fn)(OSSL_LIB_CTX *ctx); +typedef int(ossl_lib_ctx_run_once_fn)(OSSL_LIB_CTX *ctx); +typedef void(ossl_lib_ctx_onfree_fn)(OSSL_LIB_CTX *ctx); int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx, - ossl_lib_ctx_run_once_fn run_once_fn); + ossl_lib_ctx_run_once_fn run_once_fn); int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn); const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx); @@ -203,60 +200,60 @@ OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad); int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj, - CRYPTO_EX_DATA *ad); + CRYPTO_EX_DATA *ad); int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, - long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func, - int priority); + long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func, + int priority); int ossl_crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx); /* Function for simple binary search */ /* Flags */ -# define OSSL_BSEARCH_VALUE_ON_NOMATCH 0x01 -# define OSSL_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 +#define OSSL_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OSSL_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 const void *ossl_bsearch(const void *key, const void *base, int num, - int size, int (*cmp) (const void *, const void *), - int flags); + int size, int (*cmp)(const void *, const void *), + int flags); char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, - const char *sep, size_t max_len); + const char *sep, size_t max_len); char *ossl_ipaddr_to_asc(unsigned char *p, int len); char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep); unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen, - const char sep); + const char sep); static ossl_inline int ossl_ends_with_dirsep(const char *path) { if (*path != '\0') path += strlen(path) - 1; -# if defined __VMS +#if defined __VMS if (*path == ']' || *path == '>' || *path == ':') return 1; -# elif defined _WIN32 +#elif defined _WIN32 if (*path == '\\') return 1; -# endif +#endif return *path == '/'; } static ossl_inline int ossl_is_absolute_path(const char *path) { -# if defined __VMS +#if defined __VMS if (strchr(path, ':') != NULL || ((path[0] == '[' || path[0] == '<') && path[1] != '.' && path[1] != '-' && path[1] != ']' && path[1] != '>')) return 1; -# elif defined _WIN32 +#elif defined _WIN32 if (path[0] == '\\' || (path[0] != '\0' && path[1] == ':')) return 1; -# endif +#endif return path[0] == '/'; } --- crypto/openssl/include/internal/dane.h.orig +++ crypto/openssl/include/internal/dane.h @@ -9,36 +9,36 @@ #ifndef OSSL_INTERNAL_DANE_H #define OSSL_INTERNAL_DANE_H -# pragma once +#pragma once -# include +#include /*- * Certificate usages: * https://tools.ietf.org/html/rfc6698#section-2.1.1 */ -#define DANETLS_USAGE_PKIX_TA 0 -#define DANETLS_USAGE_PKIX_EE 1 -#define DANETLS_USAGE_DANE_TA 2 -#define DANETLS_USAGE_DANE_EE 3 -#define DANETLS_USAGE_LAST DANETLS_USAGE_DANE_EE +#define DANETLS_USAGE_PKIX_TA 0 +#define DANETLS_USAGE_PKIX_EE 1 +#define DANETLS_USAGE_DANE_TA 2 +#define DANETLS_USAGE_DANE_EE 3 +#define DANETLS_USAGE_LAST DANETLS_USAGE_DANE_EE /*- * Selectors: * https://tools.ietf.org/html/rfc6698#section-2.1.2 */ -#define DANETLS_SELECTOR_CERT 0 -#define DANETLS_SELECTOR_SPKI 1 -#define DANETLS_SELECTOR_LAST DANETLS_SELECTOR_SPKI +#define DANETLS_SELECTOR_CERT 0 +#define DANETLS_SELECTOR_SPKI 1 +#define DANETLS_SELECTOR_LAST DANETLS_SELECTOR_SPKI /*- * Matching types: * https://tools.ietf.org/html/rfc6698#section-2.1.3 */ -#define DANETLS_MATCHING_FULL 0 -#define DANETLS_MATCHING_2256 1 -#define DANETLS_MATCHING_2512 2 -#define DANETLS_MATCHING_LAST DANETLS_MATCHING_2512 +#define DANETLS_MATCHING_FULL 0 +#define DANETLS_MATCHING_2256 1 +#define DANETLS_MATCHING_2512 2 +#define DANETLS_MATCHING_LAST DANETLS_MATCHING_2512 typedef struct danetls_record_st { uint8_t usage; @@ -55,10 +55,10 @@ * Shared DANE context */ struct dane_ctx_st { - const EVP_MD **mdevp; /* mtype -> digest */ - uint8_t *mdord; /* mtype -> preference */ - uint8_t mdmax; /* highest supported mtype */ - unsigned long flags; /* feature bitmask */ + const EVP_MD **mdevp; /* mtype -> digest */ + uint8_t *mdord; /* mtype -> preference */ + uint8_t mdmax; /* highest supported mtype */ + unsigned long flags; /* feature bitmask */ }; /* @@ -67,19 +67,19 @@ struct ssl_dane_st { struct dane_ctx_st *dctx; STACK_OF(danetls_record) *trecs; - STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */ - danetls_record *mtlsa; /* Matching TLSA record */ - X509 *mcert; /* DANE matched cert */ - uint32_t umask; /* Usages present */ - int mdpth; /* Depth of matched cert */ - int pdpth; /* Depth of PKIX trust */ - unsigned long flags; /* feature bitmask */ + STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */ + danetls_record *mtlsa; /* Matching TLSA record */ + X509 *mcert; /* DANE matched cert */ + uint32_t umask; /* Usages present */ + int mdpth; /* Depth of matched cert */ + int pdpth; /* Depth of PKIX trust */ + unsigned long flags; /* feature bitmask */ }; -#define DANETLS_ENABLED(dane) \ +#define DANETLS_ENABLED(dane) \ ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0) -#define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u) +#define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u) #define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA)) #define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE)) @@ -93,12 +93,12 @@ #define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) #define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) -#define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) -#define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) +#define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) +#define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) -#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) -#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) -#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) -#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) +#define DANETLS_HAS_PKIX_TA(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_TA_MASK)) +#define DANETLS_HAS_PKIX_EE(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_EE_MASK)) +#define DANETLS_HAS_DANE_TA(dane) ((dane) && ((dane)->umask & DANETLS_DANE_TA_MASK)) +#define DANETLS_HAS_DANE_EE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_EE_MASK)) #endif /* OSSL_INTERNAL_DANE_H */ --- crypto/openssl/include/internal/deprecated.h.orig +++ crypto/openssl/include/internal/deprecated.h @@ -17,14 +17,14 @@ */ #ifndef OSSL_INTERNAL_DEPRECATED_H -# define OSSL_INTERNAL_DEPRECATED_H -# pragma once +#define OSSL_INTERNAL_DEPRECATED_H +#pragma once -# include +#include -# undef OPENSSL_NO_DEPRECATED -# define OPENSSL_SUPPRESS_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#define OPENSSL_SUPPRESS_DEPRECATED -# include +#include #endif --- crypto/openssl/include/internal/der.h.orig +++ crypto/openssl/include/internal/der.h @@ -22,42 +22,42 @@ * These are only valid for the UNIVERSAL class. With the other classes, * these bits have a different meaning. */ -#define DER_P_EOC 0 /* BER End Of Contents tag */ -#define DER_P_BOOLEAN 1 -#define DER_P_INTEGER 2 -#define DER_P_BIT_STRING 3 -#define DER_P_OCTET_STRING 4 -#define DER_P_NULL 5 -#define DER_P_OBJECT 6 -#define DER_P_OBJECT_DESCRIPTOR 7 -#define DER_P_EXTERNAL 8 -#define DER_P_REAL 9 -#define DER_P_ENUMERATED 10 -#define DER_P_UTF8STRING 12 -#define DER_P_SEQUENCE 16 -#define DER_P_SET 17 -#define DER_P_NUMERICSTRING 18 -#define DER_P_PRINTABLESTRING 19 -#define DER_P_T61STRING 20 -#define DER_P_VIDEOTEXSTRING 21 -#define DER_P_IA5STRING 22 -#define DER_P_UTCTIME 23 -#define DER_P_GENERALIZEDTIME 24 -#define DER_P_GRAPHICSTRING 25 -#define DER_P_ISO64STRING 26 -#define DER_P_GENERALSTRING 27 -#define DER_P_UNIVERSALSTRING 28 -#define DER_P_BMPSTRING 30 +#define DER_P_EOC 0 /* BER End Of Contents tag */ +#define DER_P_BOOLEAN 1 +#define DER_P_INTEGER 2 +#define DER_P_BIT_STRING 3 +#define DER_P_OCTET_STRING 4 +#define DER_P_NULL 5 +#define DER_P_OBJECT 6 +#define DER_P_OBJECT_DESCRIPTOR 7 +#define DER_P_EXTERNAL 8 +#define DER_P_REAL 9 +#define DER_P_ENUMERATED 10 +#define DER_P_UTF8STRING 12 +#define DER_P_SEQUENCE 16 +#define DER_P_SET 17 +#define DER_P_NUMERICSTRING 18 +#define DER_P_PRINTABLESTRING 19 +#define DER_P_T61STRING 20 +#define DER_P_VIDEOTEXSTRING 21 +#define DER_P_IA5STRING 22 +#define DER_P_UTCTIME 23 +#define DER_P_GENERALIZEDTIME 24 +#define DER_P_GRAPHICSTRING 25 +#define DER_P_ISO64STRING 26 +#define DER_P_GENERALSTRING 27 +#define DER_P_UNIVERSALSTRING 28 +#define DER_P_BMPSTRING 30 /* DER Flags, occupying bit 6 in the DER identifier byte */ -#define DER_F_PRIMITIVE 0x00 -#define DER_F_CONSTRUCTED 0x20 +#define DER_F_PRIMITIVE 0x00 +#define DER_F_CONSTRUCTED 0x20 /* DER classes tags, occupying bits 7-8 in the DER identifier byte */ -#define DER_C_UNIVERSAL 0x00 -#define DER_C_APPLICATION 0x40 -#define DER_C_CONTEXT 0x80 -#define DER_C_PRIVATE 0xC0 +#define DER_C_UNIVERSAL 0x00 +#define DER_C_APPLICATION 0x40 +#define DER_C_CONTEXT 0x80 +#define DER_C_PRIVATE 0xC0 /* * Run-time constructors. @@ -67,18 +67,18 @@ */ /* This can be used for all items that don't have a context */ -#define DER_NO_CONTEXT -1 +#define DER_NO_CONTEXT -1 int ossl_DER_w_precompiled(WPACKET *pkt, int tag, - const unsigned char *precompiled, - size_t precompiled_n); + const unsigned char *precompiled, + size_t precompiled_n); int ossl_DER_w_boolean(WPACKET *pkt, int tag, int b); int ossl_DER_w_uint32(WPACKET *pkt, int tag, uint32_t v); int ossl_DER_w_bn(WPACKET *pkt, int tag, const BIGNUM *v); int ossl_DER_w_null(WPACKET *pkt, int tag); int ossl_DER_w_octet_string(WPACKET *pkt, int tag, - const unsigned char *data, size_t data_n); + const unsigned char *data, size_t data_n); int ossl_DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value); /* --- crypto/openssl/include/internal/dso.h.orig +++ crypto/openssl/include/internal/dso.h @@ -8,16 +8,16 @@ */ #ifndef OSSL_INTERNAL_DSO_H -# define OSSL_INTERNAL_DSO_H -# pragma once +#define OSSL_INTERNAL_DSO_H +#pragma once -# include -# include "internal/dsoerr.h" +#include +#include "internal/dsoerr.h" /* These values are used as commands to DSO_ctrl() */ -# define DSO_CTRL_GET_FLAGS 1 -# define DSO_CTRL_SET_FLAGS 2 -# define DSO_CTRL_OR_FLAGS 3 +#define DSO_CTRL_GET_FLAGS 1 +#define DSO_CTRL_SET_FLAGS 2 +#define DSO_CTRL_OR_FLAGS 3 /* * By default, DSO_load() will translate the provided filename into a form @@ -30,7 +30,7 @@ * the caller has prompted the user for a path to a driver library so the * filename should be interpreted as-is. */ -# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 +#define DSO_FLAG_NO_NAME_TRANSLATION 0x01 /* * An extra flag to give if only the extension should be added as * translation. This is obviously only of importance on Unix and other @@ -38,21 +38,21 @@ * something, like 'lib', and ignored everywhere else. This flag is also * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. */ -# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 +#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 /* * Don't unload the DSO when we call DSO_free() */ -# define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 +#define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 /* * This flag loads the library with public symbols. Meaning: The exported * symbols of this library are public to all libraries loaded after this * library. At the moment only implemented in unix. */ -# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 +#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 -typedef void (*DSO_FUNC_TYPE) (void); +typedef void (*DSO_FUNC_TYPE)(void); typedef struct dso_st DSO; typedef struct dso_meth_st DSO_METHOD; --- crypto/openssl/include/internal/dsoerr.h.orig +++ crypto/openssl/include/internal/dsoerr.h @@ -9,40 +9,39 @@ */ #ifndef OSSL_INTERNAL_DSOERR_H -# define OSSL_INTERNAL_DSOERR_H -# pragma once +#define OSSL_INTERNAL_DSOERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_DSO_strings(void); /* * DSO reason codes. */ -# define DSO_R_CTRL_FAILED 100 -# define DSO_R_DSO_ALREADY_LOADED 110 -# define DSO_R_EMPTY_FILE_STRUCTURE 113 -# define DSO_R_FAILURE 114 -# define DSO_R_FILENAME_TOO_BIG 101 -# define DSO_R_FINISH_FAILED 102 -# define DSO_R_INCORRECT_FILE_SYNTAX 115 -# define DSO_R_LOAD_FAILED 103 -# define DSO_R_NAME_TRANSLATION_FAILED 109 -# define DSO_R_NO_FILENAME 111 -# define DSO_R_NULL_HANDLE 104 -# define DSO_R_SET_FILENAME_FAILED 112 -# define DSO_R_STACK_ERROR 105 -# define DSO_R_SYM_FAILURE 106 -# define DSO_R_UNLOAD_FAILED 107 -# define DSO_R_UNSUPPORTED 108 - +#define DSO_R_CTRL_FAILED 100 +#define DSO_R_DSO_ALREADY_LOADED 110 +#define DSO_R_EMPTY_FILE_STRUCTURE 113 +#define DSO_R_FAILURE 114 +#define DSO_R_FILENAME_TOO_BIG 101 +#define DSO_R_FINISH_FAILED 102 +#define DSO_R_INCORRECT_FILE_SYNTAX 115 +#define DSO_R_LOAD_FAILED 103 +#define DSO_R_NAME_TRANSLATION_FAILED 109 +#define DSO_R_NO_FILENAME 111 +#define DSO_R_NULL_HANDLE 104 +#define DSO_R_SET_FILENAME_FAILED 112 +#define DSO_R_STACK_ERROR 105 +#define DSO_R_SYM_FAILURE 106 +#define DSO_R_UNLOAD_FAILED 107 +#define DSO_R_UNSUPPORTED 108 -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/internal/endian.h.orig +++ crypto/openssl/include/internal/endian.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,11 +8,11 @@ */ #ifndef OSSL_INTERNAL_ENDIAN_H -# define OSSL_INTERNAL_ENDIAN_H -# pragma once +#define OSSL_INTERNAL_ENDIAN_H +#pragma once /* - * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endiannes + * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endianness * at compile time. To use it, DECLARE_IS_ENDIAN must be used to declare * a variable. * @@ -21,31 +21,31 @@ * set, it will fall back to code works with either endianness. */ -# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) -# define DECLARE_IS_ENDIAN const int ossl_is_little_endian = __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -# define IS_LITTLE_ENDIAN (ossl_is_little_endian) -# define IS_BIG_ENDIAN (!ossl_is_little_endian) -# if defined(L_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) -# error "L_ENDIAN defined on a big endian machine" -# endif -# if defined(B_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) -# error "B_ENDIAN defined on a little endian machine" -# endif -# if !defined(L_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) -# define L_ENDIAN -# endif -# if !defined(B_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) -# define B_ENDIAN -# endif -# else -# define DECLARE_IS_ENDIAN \ - const union { \ - long one; \ - char little; \ +#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) +#define DECLARE_IS_ENDIAN const int ossl_is_little_endian = __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define IS_LITTLE_ENDIAN (ossl_is_little_endian) +#define IS_BIG_ENDIAN (!ossl_is_little_endian) +#if defined(L_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) +#error "L_ENDIAN defined on a big endian machine" +#endif +#if defined(B_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) +#error "B_ENDIAN defined on a little endian machine" +#endif +#if !defined(L_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) +#define L_ENDIAN +#endif +#if !defined(B_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) +#define B_ENDIAN +#endif +#else +#define DECLARE_IS_ENDIAN \ + const union { \ + long one; \ + char little; \ } ossl_is_endian = { 1 } -# define IS_LITTLE_ENDIAN (ossl_is_endian.little != 0) -# define IS_BIG_ENDIAN (ossl_is_endian.little == 0) -# endif +#define IS_LITTLE_ENDIAN (ossl_is_endian.little != 0) +#define IS_BIG_ENDIAN (ossl_is_endian.little == 0) +#endif #endif --- crypto/openssl/include/internal/err.h.orig +++ crypto/openssl/include/internal/err.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_INTERNAL_ERR_H -# define OSSL_INTERNAL_ERR_H -# pragma once +#define OSSL_INTERNAL_ERR_H +#pragma once void err_free_strings_int(void); --- crypto/openssl/include/internal/ffc.h.orig +++ crypto/openssl/include/internal/ffc.h @@ -8,41 +8,41 @@ */ #ifndef OSSL_INTERNAL_FFC_H -# define OSSL_INTERNAL_FFC_H -# pragma once +#define OSSL_INTERNAL_FFC_H +#pragma once -# include -# include -# include -# include /* Uses Error codes from DH */ -# include -# include -# include "internal/sizes.h" +#include +#include +#include +#include /* Uses Error codes from DH */ +#include +#include +#include "internal/sizes.h" /* Default value for gindex when canonical generation of g is not used */ -# define FFC_UNVERIFIABLE_GINDEX -1 +#define FFC_UNVERIFIABLE_GINDEX -1 /* The different types of FFC keys */ -# define FFC_PARAM_TYPE_DSA 0 -# define FFC_PARAM_TYPE_DH 1 +#define FFC_PARAM_TYPE_DSA 0 +#define FFC_PARAM_TYPE_DH 1 /* * The mode used by functions that share code for both generation and * verification. See ossl_ffc_params_FIPS186_4_gen_verify(). */ -#define FFC_PARAM_MODE_VERIFY 0 +#define FFC_PARAM_MODE_VERIFY 0 #define FFC_PARAM_MODE_GENERATE 1 /* Return codes for generation and validation of FFC parameters */ -#define FFC_PARAM_RET_STATUS_FAILED 0 -#define FFC_PARAM_RET_STATUS_SUCCESS 1 +#define FFC_PARAM_RET_STATUS_FAILED 0 +#define FFC_PARAM_RET_STATUS_SUCCESS 1 /* Returned if validating and g is only partially verifiable */ #define FFC_PARAM_RET_STATUS_UNVERIFIABLE_G 2 /* Validation flags */ -# define FFC_PARAM_FLAG_VALIDATE_PQ 0x01 -# define FFC_PARAM_FLAG_VALIDATE_G 0x02 -# define FFC_PARAM_FLAG_VALIDATE_PQG \ +#define FFC_PARAM_FLAG_VALIDATE_PQ 0x01 +#define FFC_PARAM_FLAG_VALIDATE_G 0x02 +#define FFC_PARAM_FLAG_VALIDATE_PQG \ (FFC_PARAM_FLAG_VALIDATE_PQ | FFC_PARAM_FLAG_VALIDATE_G) #define FFC_PARAM_FLAG_VALIDATE_LEGACY 0x04 @@ -50,38 +50,38 @@ * NB: These values must align with the equivalently named macros in * openssl/dh.h. We cannot use those macros here in case DH has been disabled. */ -# define FFC_CHECK_P_NOT_PRIME 0x00001 -# define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002 -# define FFC_CHECK_UNKNOWN_GENERATOR 0x00004 -# define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008 -# define FFC_CHECK_Q_NOT_PRIME 0x00010 -# define FFC_CHECK_INVALID_Q_VALUE 0x00020 -# define FFC_CHECK_INVALID_J_VALUE 0x00040 +#define FFC_CHECK_P_NOT_PRIME 0x00001 +#define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002 +#define FFC_CHECK_UNKNOWN_GENERATOR 0x00004 +#define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008 +#define FFC_CHECK_Q_NOT_PRIME 0x00010 +#define FFC_CHECK_INVALID_Q_VALUE 0x00020 +#define FFC_CHECK_INVALID_J_VALUE 0x00040 /* * 0x80, 0x100 reserved by include/openssl/dh.h with check bits that are not * relevant for FFC. */ -# define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 -# define FFC_CHECK_INVALID_G 0x00400 -# define FFC_CHECK_INVALID_PQ 0x00800 -# define FFC_CHECK_INVALID_COUNTER 0x01000 -# define FFC_CHECK_P_MISMATCH 0x02000 -# define FFC_CHECK_Q_MISMATCH 0x04000 -# define FFC_CHECK_G_MISMATCH 0x08000 -# define FFC_CHECK_COUNTER_MISMATCH 0x10000 -# define FFC_CHECK_BAD_LN_PAIR 0x20000 -# define FFC_CHECK_INVALID_SEED_SIZE 0x40000 +#define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 +#define FFC_CHECK_INVALID_G 0x00400 +#define FFC_CHECK_INVALID_PQ 0x00800 +#define FFC_CHECK_INVALID_COUNTER 0x01000 +#define FFC_CHECK_P_MISMATCH 0x02000 +#define FFC_CHECK_Q_MISMATCH 0x04000 +#define FFC_CHECK_G_MISMATCH 0x08000 +#define FFC_CHECK_COUNTER_MISMATCH 0x10000 +#define FFC_CHECK_BAD_LN_PAIR 0x20000 +#define FFC_CHECK_INVALID_SEED_SIZE 0x40000 /* Validation Return codes */ -# define FFC_ERROR_PUBKEY_TOO_SMALL 0x01 -# define FFC_ERROR_PUBKEY_TOO_LARGE 0x02 -# define FFC_ERROR_PUBKEY_INVALID 0x04 -# define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08 -# define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10 -# define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20 -# define FFC_ERROR_PASSED_NULL_PARAM 0x40 +#define FFC_ERROR_PUBKEY_TOO_SMALL 0x01 +#define FFC_ERROR_PUBKEY_TOO_LARGE 0x02 +#define FFC_ERROR_PUBKEY_INVALID 0x04 +#define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08 +#define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10 +#define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20 +#define FFC_ERROR_PASSED_NULL_PARAM 0x40 /* * Finite field cryptography (FFC) domain parameters are used by DH and DSA. @@ -125,26 +125,26 @@ void ossl_ffc_params_init(FFC_PARAMS *params); void ossl_ffc_params_cleanup(FFC_PARAMS *params); void ossl_ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q, - BIGNUM *g); + BIGNUM *g); void ossl_ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p, - const BIGNUM **q, const BIGNUM **g); + const BIGNUM **q, const BIGNUM **g); void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j); int ossl_ffc_params_set_seed(FFC_PARAMS *params, - const unsigned char *seed, size_t seedlen); + const unsigned char *seed, size_t seedlen); void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index); void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index); void ossl_ffc_params_set_h(FFC_PARAMS *params, int index); void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags); void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, - int enable); + int enable); int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, - const unsigned char *seed, - size_t seedlen, int counter); + const unsigned char *seed, + size_t seedlen, int counter); void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params, - unsigned char **seed, size_t *seedlen, - int *pcounter); + unsigned char **seed, size_t *seedlen, + int *pcounter); int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src); int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q); @@ -153,53 +153,52 @@ int ossl_ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent); #endif /* FIPS_MODULE */ - int ossl_ffc_params_FIPS186_4_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - int *res, BN_GENCB *cb); + int type, size_t L, size_t N, + int *res, BN_GENCB *cb); int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - int *res, BN_GENCB *cb); + int type, size_t L, size_t N, + int *res, BN_GENCB *cb); int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, - FFC_PARAMS *params, int mode, int type, - size_t L, size_t N, int *res, - BN_GENCB *cb); + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb); int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, - FFC_PARAMS *params, int mode, int type, - size_t L, size_t N, int *res, - BN_GENCB *cb); + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb); int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, - const FFC_PARAMS *params, - int paramstype, int *res); + const FFC_PARAMS *params, + int paramstype, int *res); int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, - const FFC_PARAMS *params, - int paramstype, int *res); + const FFC_PARAMS *params, + int paramstype, int *res); int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx, - const FFC_PARAMS *params, - int type, int *res, BN_GENCB *cb); + const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb); int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx, - const FFC_PARAMS *params, - int type, int *res, BN_GENCB *cb); + const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb); int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, - int N, int s, BIGNUM *priv); + int N, int s, BIGNUM *priv); int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, - const BIGNUM *p, const BIGNUM *q, - const BIGNUM *g, BIGNUM *tmp, - int *ret); + const BIGNUM *p, const BIGNUM *q, + const BIGNUM *g, BIGNUM *tmp, + int *ret); int ossl_ffc_validate_public_key(const FFC_PARAMS *params, - const BIGNUM *pub_key, int *ret); + const BIGNUM *pub_key, int *ret); int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, - const BIGNUM *pub_key, int *ret); + const BIGNUM *pub_key, int *ret); int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key, - int *ret); + int *ret); int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[]); + OSSL_PARAM params[]); int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]); typedef struct dh_named_group_st DH_NAMED_GROUP; @@ -207,8 +206,8 @@ const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid); #ifndef OPENSSL_NO_DH const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p, - const BIGNUM *q, - const BIGNUM *g); + const BIGNUM *q, + const BIGNUM *g); #endif int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group); const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *); --- crypto/openssl/include/internal/ktls.h.orig +++ crypto/openssl/include/internal/ktls.h @@ -8,43 +8,38 @@ */ #if defined(OPENSSL_SYS_LINUX) -# ifndef OPENSSL_NO_KTLS -# include -# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) -# define OPENSSL_NO_KTLS -# ifndef PEDANTIC -# warning "KTLS requires Kernel Headers >= 4.13.0" -# warning "Skipping Compilation of KTLS" -# endif -# endif -# endif +#ifndef OPENSSL_NO_KTLS +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) +#define OPENSSL_NO_KTLS +#ifndef PEDANTIC +#warning "KTLS requires Kernel Headers >= 4.13.0" +#warning "Skipping Compilation of KTLS" +#endif +#endif +#endif #endif #ifndef HEADER_INTERNAL_KTLS -# define HEADER_INTERNAL_KTLS -# pragma once - -# ifndef OPENSSL_NO_KTLS - -# if defined(__FreeBSD__) -# include -# include -# include -# include -# include -# include - -# ifndef TCP_RXTLS_ENABLE -# define OPENSSL_NO_KTLS_RX -# endif -# define OPENSSL_KTLS_AES_GCM_128 -# define OPENSSL_KTLS_AES_GCM_256 -# define OPENSSL_KTLS_TLS13 -# ifdef TLS_CHACHA20_IV_LEN -# ifndef OPENSSL_NO_CHACHA -# define OPENSSL_KTLS_CHACHA20_POLY1305 -# endif -# endif +#define HEADER_INTERNAL_KTLS +#pragma once + +#ifndef OPENSSL_NO_KTLS + +#if defined(__FreeBSD__) +#include +#include +#include +#include +#include +#include + +#ifndef TCP_RXTLS_ENABLE +#define OPENSSL_NO_KTLS_RX +#endif +#define OPENSSL_KTLS_AES_GCM_128 +#define OPENSSL_KTLS_AES_GCM_256 +#define OPENSSL_KTLS_TLS13 typedef struct tls_enable ktls_crypto_info_t; @@ -71,13 +66,17 @@ { if (is_tx) return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE, - tls_en, sizeof(*tls_en)) ? 0 : 1; -# ifndef OPENSSL_NO_KTLS_RX + tls_en, sizeof(*tls_en)) + ? 0 + : 1; +#ifndef OPENSSL_NO_KTLS_RX return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, - sizeof(*tls_en)) ? 0 : 1; -# else + sizeof(*tls_en)) + ? 0 + : 1; +#else return 0; -# endif +#endif } /* @@ -88,13 +87,13 @@ * record using this control message. */ static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, - const void *data, size_t length) + const void *data, size_t length) { struct msghdr msg = { 0 }; int cmsg_len = sizeof(record_type); struct cmsghdr *cmsg; char buf[CMSG_SPACE(cmsg_len)]; - struct iovec msg_iov; /* Vector of data to send/receive into */ + struct iovec msg_iov; /* Vector of data to send/receive into */ msg.msg_control = buf; msg.msg_controllen = sizeof(buf); @@ -113,14 +112,14 @@ return sendmsg(fd, &msg, 0); } -# ifdef OPENSSL_NO_KTLS_RX +#ifdef OPENSSL_NO_KTLS_RX static ossl_inline int ktls_read_record(int fd, void *data, size_t length) { return -1; } -# else /* !defined(OPENSSL_NO_KTLS_RX) */ +#else /* !defined(OPENSSL_NO_KTLS_RX) */ /* * Receive a TLS record using the tls_en provided in ktls_start. The @@ -136,7 +135,7 @@ struct tls_get_record *tgr; struct cmsghdr *cmsg; char buf[CMSG_SPACE(cmsg_len)]; - struct iovec msg_iov; /* Vector of data to send/receive into */ + struct iovec msg_iov; /* Vector of data to send/receive into */ int ret; unsigned char *p = data; const size_t prepend_length = SSL3_RT_HEADER_LENGTH; @@ -179,19 +178,20 @@ p[0] = tgr->tls_type; p[1] = tgr->tls_vmajor; p[2] = tgr->tls_vminor; - *(uint16_t *)(p + 3) = htons(ret); + p[3] = (ret >> 8) & 0xff; + p[4] = ret & 0xff; return ret + prepend_length; } -# endif /* OPENSSL_NO_KTLS_RX */ +#endif /* OPENSSL_NO_KTLS_RX */ /* * KTLS enables the sendfile system call to send data from a file over * TLS. */ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, - size_t size, int flags) + size_t size, int flags) { off_t sbytes = 0; int ret; @@ -202,65 +202,65 @@ return sbytes; } -# endif /* __FreeBSD__ */ - -# if defined(OPENSSL_SYS_LINUX) - -# include -# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0) -# define OPENSSL_NO_KTLS_RX -# ifndef PEDANTIC -# warning "KTLS requires Kernel Headers >= 4.17.0 for receiving" -# warning "Skipping Compilation of KTLS receive data path" -# endif -# endif -# define OPENSSL_KTLS_AES_GCM_128 -# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) -# define OPENSSL_KTLS_AES_GCM_256 -# define OPENSSL_KTLS_TLS13 -# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) -# define OPENSSL_KTLS_AES_CCM_128 -# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0) -# ifndef OPENSSL_NO_CHACHA -# define OPENSSL_KTLS_CHACHA20_POLY1305 -# endif -# endif -# endif -# endif - -# include -# include -# include -# include -# include -# include - -# ifndef SOL_TLS -# define SOL_TLS 282 -# endif - -# ifndef TCP_ULP -# define TCP_ULP 31 -# endif - -# ifndef TLS_RX -# define TLS_RX 2 -# endif +#endif /* __FreeBSD__ */ + +#if defined(OPENSSL_SYS_LINUX) + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0) +#define OPENSSL_NO_KTLS_RX +#ifndef PEDANTIC +#warning "KTLS requires Kernel Headers >= 4.17.0 for receiving" +#warning "Skipping Compilation of KTLS receive data path" +#endif +#endif +#define OPENSSL_KTLS_AES_GCM_128 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) +#define OPENSSL_KTLS_AES_GCM_256 +#define OPENSSL_KTLS_TLS13 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) +#define OPENSSL_KTLS_AES_CCM_128 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0) +#ifndef OPENSSL_NO_CHACHA +#define OPENSSL_KTLS_CHACHA20_POLY1305 +#endif +#endif +#endif +#endif + +#include +#include +#include +#include +#include +#include + +#ifndef SOL_TLS +#define SOL_TLS 282 +#endif + +#ifndef TCP_ULP +#define TCP_ULP 31 +#endif + +#ifndef TLS_RX +#define TLS_RX 2 +#endif struct tls_crypto_info_all { union { -# ifdef OPENSSL_KTLS_AES_GCM_128 +#ifdef OPENSSL_KTLS_AES_GCM_128 struct tls12_crypto_info_aes_gcm_128 gcm128; -# endif -# ifdef OPENSSL_KTLS_AES_GCM_256 +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 struct tls12_crypto_info_aes_gcm_256 gcm256; -# endif -# ifdef OPENSSL_KTLS_AES_CCM_128 +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 struct tls12_crypto_info_aes_ccm_128 ccm128; -# endif -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 +#endif +#ifdef OPENSSL_KTLS_CHACHA20_POLY1305 struct tls12_crypto_info_chacha20_poly1305 chacha20poly1305; -# endif +#endif }; size_t tls_crypto_info_len; }; @@ -287,10 +287,18 @@ * authenticated and decapsulated using the crypto_info provided here. */ static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info, - int is_tx) + int is_tx) { + /* + * Socket must be in TCP established state to enable KTLS. + * Further calls to enable ktls will return EEXIST + */ + ktls_enable(fd); + return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX, - crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1; + crypto_info, crypto_info->tls_crypto_info_len) + ? 0 + : 1; } /* @@ -301,7 +309,7 @@ * record using this control message. */ static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, - const void *data, size_t length) + const void *data, size_t length) { struct msghdr msg; int cmsg_len = sizeof(record_type); @@ -310,7 +318,7 @@ struct cmsghdr hdr; char buf[CMSG_SPACE(sizeof(unsigned char))]; } cmsgbuf; - struct iovec msg_iov; /* Vector of data to send/receive into */ + struct iovec msg_iov; /* Vector of data to send/receive into */ memset(&msg, 0, sizeof(msg)); msg.msg_control = cmsgbuf.buf; @@ -339,15 +347,14 @@ return sendfile(s, fd, &off, size); } -# ifdef OPENSSL_NO_KTLS_RX - +#ifdef OPENSSL_NO_KTLS_RX static ossl_inline int ktls_read_record(int fd, void *data, size_t length) { return -1; } -# else /* !defined(OPENSSL_NO_KTLS_RX) */ +#else /* !defined(OPENSSL_NO_KTLS_RX) */ /* * Receive a TLS record using the crypto_info provided in ktls_start. @@ -402,8 +409,8 @@ return ret; } -# endif /* OPENSSL_NO_KTLS_RX */ +#endif /* OPENSSL_NO_KTLS_RX */ -# endif /* OPENSSL_SYS_LINUX */ -# endif /* OPENSSL_NO_KTLS */ +#endif /* OPENSSL_SYS_LINUX */ +#endif /* OPENSSL_NO_KTLS */ #endif /* HEADER_INTERNAL_KTLS */ --- crypto/openssl/include/internal/namemap.h.orig +++ crypto/openssl/include/internal/namemap.h @@ -19,7 +19,7 @@ int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name); int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, - const char *name, size_t name_len); + const char *name, size_t name_len); /* * The number<->name relationship is 1<->many @@ -28,16 +28,16 @@ */ int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, - const char *name, size_t name_len); + const char *name, size_t name_len); const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, - size_t idx); + size_t idx); int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); /* * A utility that handles several names in a string, divided by a given * separator. */ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, - const char *names, const char separator); + const char *names, const char separator); --- crypto/openssl/include/internal/nelem.h.orig +++ crypto/openssl/include/internal/nelem.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_INTERNAL_NELEM_H -# define OSSL_INTERNAL_NELEM_H -# pragma once +#define OSSL_INTERNAL_NELEM_H +#pragma once -# define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) +#define OSSL_NELEM(x) (sizeof(x) / sizeof((x)[0])) #endif --- crypto/openssl/include/internal/numbers.h.orig +++ crypto/openssl/include/internal/numbers.h @@ -8,78 +8,77 @@ */ #ifndef OSSL_INTERNAL_NUMBERS_H -# define OSSL_INTERNAL_NUMBERS_H -# pragma once +#define OSSL_INTERNAL_NUMBERS_H +#pragma once -# include +#include -# if (-1 & 3) == 0x03 /* Two's complement */ +#if (-1 & 3) == 0x03 /* Two's complement */ -# define __MAXUINT__(T) ((T) -1) -# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) -# define __MININT__(T) (-__MAXINT__(T) - 1) +#define __MAXUINT__(T) ((T) - 1) +#define __MAXINT__(T) ((T)((((T)1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +#define __MININT__(T) (-__MAXINT__(T) - 1) -# elif (-1 & 3) == 0x02 /* One's complement */ +#elif (-1 & 3) == 0x02 /* One's complement */ -# define __MAXUINT__(T) (((T) -1) + 1) -# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) -# define __MININT__(T) (-__MAXINT__(T)) +#define __MAXUINT__(T) (((T) - 1) + 1) +#define __MAXINT__(T) ((T)((((T)1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +#define __MININT__(T) (-__MAXINT__(T)) -# elif (-1 & 3) == 0x01 /* Sign/magnitude */ +#elif (-1 & 3) == 0x01 /* Sign/magnitude */ -# define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)))) -# define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)))) -# define __MININT__(T) (-__MAXINT__(T)) +#define __MAXINT__(T) ((T)(((((T)1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T)1) << ((sizeof(T) * CHAR_BIT) - 2)))) +#define __MAXUINT__(T) ((T)(__MAXINT__(T) | (((T)1) << ((sizeof(T) * CHAR_BIT) - 1)))) +#define __MININT__(T) (-__MAXINT__(T)) -# else +#else -# error "do not know the integer encoding on this architecture" +#error "do not know the integer encoding on this architecture" -# endif +#endif -# ifndef INT8_MAX -# define INT8_MIN __MININT__(int8_t) -# define INT8_MAX __MAXINT__(int8_t) -# define UINT8_MAX __MAXUINT__(uint8_t) -# endif +#ifndef INT8_MAX +#define INT8_MIN __MININT__(int8_t) +#define INT8_MAX __MAXINT__(int8_t) +#define UINT8_MAX __MAXUINT__(uint8_t) +#endif -# ifndef INT16_MAX -# define INT16_MIN __MININT__(int16_t) -# define INT16_MAX __MAXINT__(int16_t) -# define UINT16_MAX __MAXUINT__(uint16_t) -# endif +#ifndef INT16_MAX +#define INT16_MIN __MININT__(int16_t) +#define INT16_MAX __MAXINT__(int16_t) +#define UINT16_MAX __MAXUINT__(uint16_t) +#endif -# ifndef INT32_MAX -# define INT32_MIN __MININT__(int32_t) -# define INT32_MAX __MAXINT__(int32_t) -# define UINT32_MAX __MAXUINT__(uint32_t) -# endif +#ifndef INT32_MAX +#define INT32_MIN __MININT__(int32_t) +#define INT32_MAX __MAXINT__(int32_t) +#define UINT32_MAX __MAXUINT__(uint32_t) +#endif -# ifndef INT64_MAX -# define INT64_MIN __MININT__(int64_t) -# define INT64_MAX __MAXINT__(int64_t) -# define UINT64_MAX __MAXUINT__(uint64_t) -# endif +#ifndef INT64_MAX +#define INT64_MIN __MININT__(int64_t) +#define INT64_MAX __MAXINT__(int64_t) +#define UINT64_MAX __MAXUINT__(uint64_t) +#endif -# ifndef INT128_MAX -# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 +#ifndef INT128_MAX +#if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 typedef __int128_t int128_t; typedef __uint128_t uint128_t; -# define INT128_MIN __MININT__(int128_t) -# define INT128_MAX __MAXINT__(int128_t) -# define UINT128_MAX __MAXUINT__(uint128_t) -# endif -# endif - -# ifndef SIZE_MAX -# define SIZE_MAX __MAXUINT__(size_t) -# endif - -# ifndef OSSL_INTMAX_MAX -# define OSSL_INTMAX_MIN __MININT__(ossl_intmax_t) -# define OSSL_INTMAX_MAX __MAXINT__(ossl_intmax_t) -# define OSSL_UINTMAX_MAX __MAXUINT__(ossl_uintmax_t) -# endif +#define INT128_MIN __MININT__(int128_t) +#define INT128_MAX __MAXINT__(int128_t) +#define UINT128_MAX __MAXUINT__(uint128_t) +#endif +#endif +#ifndef SIZE_MAX +#define SIZE_MAX __MAXUINT__(size_t) #endif +#ifndef OSSL_INTMAX_MAX +#define OSSL_INTMAX_MIN __MININT__(ossl_intmax_t) +#define OSSL_INTMAX_MAX __MAXINT__(ossl_intmax_t) +#define OSSL_UINTMAX_MAX __MAXUINT__(ossl_uintmax_t) +#endif + +#endif --- crypto/openssl/include/internal/o_dir.h.orig +++ crypto/openssl/include/internal/o_dir.h @@ -37,8 +37,8 @@ */ #ifndef OSSL_INTERNAL_O_DIR_H -# define OSSL_INTERNAL_O_DIR_H -# pragma once +#define OSSL_INTERNAL_O_DIR_H +#pragma once typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; @@ -50,4 +50,4 @@ /* returns 1 on success, 0 on error */ int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); -#endif /* LPDIR_H */ +#endif /* LPDIR_H */ --- crypto/openssl/include/internal/packet.h.orig +++ crypto/openssl/include/internal/packet.h @@ -8,16 +8,16 @@ */ #ifndef OSSL_INTERNAL_PACKET_H -# define OSSL_INTERNAL_PACKET_H -# pragma once +#define OSSL_INTERNAL_PACKET_H +#pragma once -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include -# include "internal/numbers.h" +#include "internal/numbers.h" typedef struct { /* Pointer to where we are currently reading from */ @@ -67,8 +67,8 @@ * is being used. */ __owur static ossl_inline int PACKET_buf_init(PACKET *pkt, - const unsigned char *buf, - size_t len) + const unsigned char *buf, + size_t len) { /* Sanity check for negative values. */ if (len > (size_t)(SIZE_MAX / 2)) @@ -92,7 +92,7 @@ * If lengths are equal, performs the comparison in constant time. */ __owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr, - size_t num) + size_t num) { if (PACKET_remaining(pkt) != num) return 0; @@ -105,7 +105,7 @@ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. */ __owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt, - PACKET *subpkt, size_t len) + PACKET *subpkt, size_t len) { if (PACKET_remaining(pkt) < len) return 0; @@ -119,7 +119,7 @@ * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. */ __owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt, - PACKET *subpkt, size_t len) + PACKET *subpkt, size_t len) { if (!PACKET_peek_sub_packet(pkt, subpkt, len)) return 0; @@ -134,7 +134,7 @@ * |*data| */ __owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt, - unsigned int *data) + unsigned int *data) { if (PACKET_remaining(pkt) < 2) return 0; @@ -174,7 +174,7 @@ * |*data| */ __owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt, - unsigned long *data) + unsigned long *data) { if (PACKET_remaining(pkt) < 3) return 0; @@ -215,7 +215,7 @@ * |*data| */ __owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt, - unsigned long *data) + unsigned long *data) { if (PACKET_remaining(pkt) < 4) return 0; @@ -233,7 +233,7 @@ * |*data| */ __owur static ossl_inline int PACKET_peek_net_8(const PACKET *pkt, - uint64_t *data) + uint64_t *data) { if (PACKET_remaining(pkt) < 8) return 0; @@ -287,7 +287,7 @@ /* Peek ahead at 1 byte from |pkt| and store the value in |*data| */ __owur static ossl_inline int PACKET_peek_1(const PACKET *pkt, - unsigned int *data) + unsigned int *data) { if (!PACKET_remaining(pkt)) return 0; @@ -325,7 +325,7 @@ * in |*data| */ __owur static ossl_inline int PACKET_peek_4(const PACKET *pkt, - unsigned long *data) + unsigned long *data) { if (PACKET_remaining(pkt) < 4) return 0; @@ -360,8 +360,8 @@ * underlying buffer gets freed */ __owur static ossl_inline int PACKET_peek_bytes(const PACKET *pkt, - const unsigned char **data, - size_t len) + const unsigned char **data, + size_t len) { if (PACKET_remaining(pkt) < len) return 0; @@ -378,8 +378,8 @@ * freed */ __owur static ossl_inline int PACKET_get_bytes(PACKET *pkt, - const unsigned char **data, - size_t len) + const unsigned char **data, + size_t len) { if (!PACKET_peek_bytes(pkt, data, len)) return 0; @@ -391,8 +391,8 @@ /* Peek ahead at |len| bytes from |pkt| and copy them to |data| */ __owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt, - unsigned char *data, - size_t len) + unsigned char *data, + size_t len) { if (PACKET_remaining(pkt) < len) return 0; @@ -407,7 +407,7 @@ * The caller is responsible for ensuring that |data| can hold |len| bytes. */ __owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt, - unsigned char *data, size_t len) + unsigned char *data, size_t len) { if (!PACKET_peek_copy_bytes(pkt, data, len)) return 0; @@ -425,8 +425,8 @@ * done with a given PACKET). */ __owur static ossl_inline int PACKET_copy_all(const PACKET *pkt, - unsigned char *dest, - size_t dest_len, size_t *len) + unsigned char *dest, + size_t dest_len, size_t *len) { if (PACKET_remaining(pkt) > dest_len) { *len = 0; @@ -447,7 +447,7 @@ * done with a given PACKET). */ __owur static ossl_inline int PACKET_memdup(const PACKET *pkt, - unsigned char **data, size_t *len) + unsigned char **data, size_t *len) { size_t length; @@ -512,13 +512,12 @@ * Upon failure, the original |pkt| and |subpkt| are not modified. */ __owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt, - PACKET *subpkt) + PACKET *subpkt) { unsigned int length; const unsigned char *data; PACKET tmp = *pkt; - if (!PACKET_get_1(&tmp, &length) || - !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + if (!PACKET_get_1(&tmp, &length) || !PACKET_get_bytes(&tmp, &data, (size_t)length)) { return 0; } @@ -534,14 +533,12 @@ * leftover bytes in |pkt|. */ __owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt, - PACKET *subpkt) + PACKET *subpkt) { unsigned int length; const unsigned char *data; PACKET tmp = *pkt; - if (!PACKET_get_1(&tmp, &length) || - !PACKET_get_bytes(&tmp, &data, (size_t)length) || - PACKET_remaining(&tmp) != 0) { + if (!PACKET_get_1(&tmp, &length) || !PACKET_get_bytes(&tmp, &data, (size_t)length) || PACKET_remaining(&tmp) != 0) { return 0; } @@ -560,14 +557,13 @@ * Upon failure, the original |pkt| and |subpkt| are not modified. */ __owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt, - PACKET *subpkt) + PACKET *subpkt) { unsigned int length; const unsigned char *data; PACKET tmp = *pkt; - if (!PACKET_get_net_2(&tmp, &length) || - !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + if (!PACKET_get_net_2(&tmp, &length) || !PACKET_get_bytes(&tmp, &data, (size_t)length)) { return 0; } @@ -583,15 +579,13 @@ * leftover bytes in |pkt|. */ __owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt, - PACKET *subpkt) + PACKET *subpkt) { unsigned int length; const unsigned char *data; PACKET tmp = *pkt; - if (!PACKET_get_net_2(&tmp, &length) || - !PACKET_get_bytes(&tmp, &data, (size_t)length) || - PACKET_remaining(&tmp) != 0) { + if (!PACKET_get_net_2(&tmp, &length) || !PACKET_get_bytes(&tmp, &data, (size_t)length) || PACKET_remaining(&tmp) != 0) { return 0; } @@ -610,13 +604,12 @@ * Upon failure, the original |pkt| and |subpkt| are not modified. */ __owur static ossl_inline int PACKET_get_length_prefixed_3(PACKET *pkt, - PACKET *subpkt) + PACKET *subpkt) { unsigned long length; const unsigned char *data; PACKET tmp = *pkt; - if (!PACKET_get_net_3(&tmp, &length) || - !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + if (!PACKET_get_net_3(&tmp, &length) || !PACKET_get_bytes(&tmp, &data, (size_t)length)) { return 0; } @@ -680,17 +673,16 @@ /* Flags */ /* Default */ -#define WPACKET_FLAGS_NONE 0 +#define WPACKET_FLAGS_NONE 0 /* Error on WPACKET_close() if no data written to the WPACKET */ -#define WPACKET_FLAGS_NON_ZERO_LENGTH 1 +#define WPACKET_FLAGS_NON_ZERO_LENGTH 1 /* * Abandon all changes on WPACKET_close() if no data written to the WPACKET, * i.e. this does not write out a zero packet length */ -#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH 2 - +#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH 2 /* * Initialise a WPACKET with the buffer in |buf|. The buffer must exist @@ -725,7 +717,7 @@ * occur if you attempt to write beyond the end of the buffer */ int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len, - size_t lenbytes); + size_t lenbytes); /* * Same as WPACKET_init_static_len except lenbytes is always 0, and we set the @@ -797,7 +789,7 @@ * change its location. */ int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, - unsigned char **allocbytes); + unsigned char **allocbytes); /* * The same as WPACKET_allocate_bytes() except additionally a new sub-packet is @@ -806,7 +798,7 @@ * directly. Use the convenience macros below instead. */ int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, - unsigned char **allocbytes, size_t lenbytes); + unsigned char **allocbytes, size_t lenbytes); /* * Convenience macros for calling WPACKET_sub_allocate_bytes with different @@ -845,7 +837,7 @@ * The "reserve_bytes" equivalent of WPACKET_sub_allocate_bytes__() */ int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, - unsigned char **allocbytes, size_t lenbytes); + unsigned char **allocbytes, size_t lenbytes); /* * Convenience macros for WPACKET_sub_reserve_bytes with different lengths @@ -898,7 +890,7 @@ * directly. Use the convenience macros below instead. */ int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len, - size_t lenbytes); + size_t lenbytes); /* Convenience macros for calling WPACKET_sub_memcpy with different lengths */ #define WPACKET_sub_memcpy_u8(pkt, src, len) \ @@ -934,4 +926,4 @@ /* Release resources in a WPACKET if a failure has occurred. */ void WPACKET_cleanup(WPACKET *pkt); -#endif /* OSSL_INTERNAL_PACKET_H */ +#endif /* OSSL_INTERNAL_PACKET_H */ --- crypto/openssl/include/internal/param_build_set.h.orig +++ crypto/openssl/include/internal/param_build_set.h @@ -8,39 +8,39 @@ */ #ifndef OSSL_INTERNAL_PARAM_BUILD_SET_H -# define OSSL_INTERNAL_PARAM_BUILD_SET_H -# pragma once +#define OSSL_INTERNAL_PARAM_BUILD_SET_H +#pragma once -# include -# include -# include "internal/cryptlib.h" +#include +#include +#include "internal/cryptlib.h" typedef union { OSSL_UNION_ALIGN; } OSSL_PARAM_ALIGNED_BLOCK; -# define OSSL_PARAM_ALIGN_SIZE sizeof(OSSL_PARAM_ALIGNED_BLOCK) +#define OSSL_PARAM_ALIGN_SIZE sizeof(OSSL_PARAM_ALIGNED_BLOCK) size_t ossl_param_bytes_to_blocks(size_t bytes); void ossl_param_set_secure_block(OSSL_PARAM *last, void *secure_buffer, - size_t secure_buffer_sz); + size_t secure_buffer_sz); int ossl_param_build_set_int(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, int num); + const char *key, int num); int ossl_param_build_set_long(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, long num); + const char *key, long num); int ossl_param_build_set_utf8_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const char *buf); + const char *key, const char *buf); int ossl_param_build_set_octet_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, - const unsigned char *data, - size_t data_len); + const char *key, + const unsigned char *data, + size_t data_len); int ossl_param_build_set_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const BIGNUM *bn); + const char *key, const BIGNUM *bn); int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const BIGNUM *bn, size_t sz); + const char *key, const BIGNUM *bn, size_t sz); int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *names[], - STACK_OF(BIGNUM_const) *stk); + const char *names[], + STACK_OF(BIGNUM_const) *stk); -#endif /* OSSL_INTERNAL_PARAM_BUILD_SET_H */ +#endif /* OSSL_INTERNAL_PARAM_BUILD_SET_H */ --- crypto/openssl/include/internal/passphrase.h.orig +++ crypto/openssl/include/internal/passphrase.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_INTERNAL_PASSPHRASE_H -# define OSSL_INTERNAL_PASSPHRASE_H -# pragma once +#define OSSL_INTERNAL_PASSPHRASE_H +#pragma once /* * This is a passphrase reader bridge with bells and whistles. @@ -41,9 +41,9 @@ struct ossl_passphrase_data_st { enum { is_expl_passphrase = 1, /* Explicit passphrase given by user */ - is_pem_password, /* pem_password_cb given by user */ - is_ossl_passphrase, /* OSSL_PASSPHRASE_CALLBACK given by user */ - is_ui_method /* UI_METHOD given by user */ + is_pem_password, /* pem_password_cb given by user */ + is_ossl_passphrase, /* OSSL_PASSPHRASE_CALLBACK given by user */ + is_ui_method /* UI_METHOD given by user */ } type; union { struct { @@ -72,7 +72,7 @@ */ /* Set to indicate that caching should be done */ - unsigned int flag_cache_passphrase:1; + unsigned int flag_cache_passphrase : 1; /*- * Misc section: caches and other @@ -88,14 +88,14 @@ void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data); int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, - const unsigned char *passphrase, - size_t passphrase_len); + const unsigned char *passphrase, + size_t passphrase_len); int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data, - pem_password_cb *cb, void *cbarg); + pem_password_cb *cb, void *cbarg); int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg); + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg); int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data, - const UI_METHOD *ui_method, void *ui_data); + const UI_METHOD *ui_method, void *ui_data); int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data); int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data); @@ -103,8 +103,8 @@ /* Central function for direct calls */ int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len, - const OSSL_PARAM params[], int verify, - struct ossl_passphrase_data_st *data); + const OSSL_PARAM params[], int verify, + struct ossl_passphrase_data_st *data); /* Callback functions */ --- crypto/openssl/include/internal/property.h.orig +++ crypto/openssl/include/internal/property.h @@ -9,16 +9,17 @@ */ #ifndef OSSL_INTERNAL_PROPERTY_H -# define OSSL_INTERNAL_PROPERTY_H -# pragma once +#define OSSL_INTERNAL_PROPERTY_H +#pragma once -# include "internal/cryptlib.h" +#include "internal/cryptlib.h" typedef struct ossl_method_store_st OSSL_METHOD_STORE; typedef struct ossl_property_list_st OSSL_PROPERTY_LIST; typedef enum { - OSSL_PROPERTY_TYPE_STRING, OSSL_PROPERTY_TYPE_NUMBER, + OSSL_PROPERTY_TYPE_STRING, + OSSL_PROPERTY_TYPE_NUMBER, OSSL_PROPERTY_TYPE_VALUE_UNDEFINED } OSSL_PROPERTY_TYPE; typedef struct ossl_property_definition_st OSSL_PROPERTY_DEFINITION; @@ -30,25 +31,24 @@ OSSL_PROPERTY_LIST *ossl_parse_property(OSSL_LIB_CTX *ctx, const char *defn); /* Property query parser */ OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s, - int create_values); + int create_values); /* Property checker of query vs definition */ int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, - const OSSL_PROPERTY_LIST *defn); -int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, - const OSSL_PROPERTY_LIST *prop_list); + const OSSL_PROPERTY_LIST *defn); +int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, + const OSSL_PROPERTY_LIST *prop_list); /* Free a parsed property list */ void ossl_property_free(OSSL_PROPERTY_LIST *p); /* Get a property from a property list */ const OSSL_PROPERTY_DEFINITION * ossl_property_find_property(const OSSL_PROPERTY_LIST *list, - OSSL_LIB_CTX *libctx, const char *name); + OSSL_LIB_CTX *libctx, const char *name); OSSL_PROPERTY_TYPE ossl_property_get_type(const OSSL_PROPERTY_DEFINITION *prop); const char *ossl_property_get_string_value(OSSL_LIB_CTX *libctx, - const OSSL_PROPERTY_DEFINITION *prop); + const OSSL_PROPERTY_DEFINITION *prop); int64_t ossl_property_get_number_value(const OSSL_PROPERTY_DEFINITION *prop); - /* Implementation store functions */ OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx); void ossl_method_store_free(OSSL_METHOD_STORE *store); @@ -57,41 +57,41 @@ int ossl_method_unlock_store(OSSL_METHOD_STORE *store); int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, - int nid, const char *properties, void *method, - int (*method_up_ref)(void *), - void (*method_destruct)(void *)); + int nid, const char *properties, void *method, + int (*method_up_ref)(void *), + void (*method_destruct)(void *)); int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid, - const void *method); + const void *method); void ossl_method_store_do_all(OSSL_METHOD_STORE *store, - void (*fn)(int id, void *method, void *fnarg), - void *fnarg); + void (*fn)(int id, void *method, void *fnarg), + void *fnarg); int ossl_method_store_fetch(OSSL_METHOD_STORE *store, - int nid, const char *prop_query, - const OSSL_PROVIDER **prov, void **method); + int nid, const char *prop_query, + const OSSL_PROVIDER **prov, void **method); int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store, - const OSSL_PROVIDER *prov); + const OSSL_PROVIDER *prov); /* Get the global properties associate with the specified library context */ OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *ctx, - int loadconfig); + int loadconfig); /* property query cache functions */ int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, - int nid, const char *prop_query, void **result); + int nid, const char *prop_query, void **result); int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, - int nid, const char *prop_query, void *result, - int (*method_up_ref)(void *), - void (*method_destruct)(void *)); + int nid, const char *prop_query, void *result, + int (*method_up_ref)(void *), + void (*method_destruct)(void *)); __owur int ossl_method_store_cache_flush_all(OSSL_METHOD_STORE *store); /* Merge two property queries together */ OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, - const OSSL_PROPERTY_LIST *b); + const OSSL_PROPERTY_LIST *b); size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, - const OSSL_PROPERTY_LIST *list, char *buf, - size_t bufsize); + const OSSL_PROPERTY_LIST *list, char *buf, + size_t bufsize); int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx); void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx); --- crypto/openssl/include/internal/propertyerr.h.orig +++ crypto/openssl/include/internal/propertyerr.h @@ -9,35 +9,34 @@ */ #ifndef OSSL_INTERNAL_PROPERTYERR_H -# define OSSL_INTERNAL_PROPERTYERR_H -# pragma once +#define OSSL_INTERNAL_PROPERTYERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_PROP_strings(void); /* * PROP reason codes. */ -# define PROP_R_NAME_TOO_LONG 100 -# define PROP_R_NOT_AN_ASCII_CHARACTER 101 -# define PROP_R_NOT_AN_HEXADECIMAL_DIGIT 102 -# define PROP_R_NOT_AN_IDENTIFIER 103 -# define PROP_R_NOT_AN_OCTAL_DIGIT 104 -# define PROP_R_NOT_A_DECIMAL_DIGIT 105 -# define PROP_R_NO_MATCHING_STRING_DELIMITER 106 -# define PROP_R_NO_VALUE 107 -# define PROP_R_PARSE_FAILED 108 -# define PROP_R_STRING_TOO_LONG 109 -# define PROP_R_TRAILING_CHARACTERS 110 - +#define PROP_R_NAME_TOO_LONG 100 +#define PROP_R_NOT_AN_ASCII_CHARACTER 101 +#define PROP_R_NOT_AN_HEXADECIMAL_DIGIT 102 +#define PROP_R_NOT_AN_IDENTIFIER 103 +#define PROP_R_NOT_AN_OCTAL_DIGIT 104 +#define PROP_R_NOT_A_DECIMAL_DIGIT 105 +#define PROP_R_NO_MATCHING_STRING_DELIMITER 106 +#define PROP_R_NO_VALUE 107 +#define PROP_R_PARSE_FAILED 108 +#define PROP_R_STRING_TOO_LONG 109 +#define PROP_R_TRAILING_CHARACTERS 110 -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/internal/provider.h.orig +++ crypto/openssl/include/internal/provider.h @@ -8,17 +8,17 @@ */ #ifndef OSSL_INTERNAL_PROVIDER_H -# define OSSL_INTERNAL_PROVIDER_H -# pragma once +#define OSSL_INTERNAL_PROVIDER_H +#pragma once -# include -# include -# include "internal/dso.h" -# include "internal/symhacks.h" +#include +#include +#include "internal/dso.h" +#include "internal/symhacks.h" -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * namespaces: @@ -29,10 +29,10 @@ /* Provider Object finder, constructor and destructor */ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, - int noconfig); + int noconfig); OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, - OSSL_provider_init_fn *init_function, - int noconfig); + OSSL_provider_init_fn *init_function, + int noconfig); int ossl_provider_up_ref(OSSL_PROVIDER *prov); void ossl_provider_free(OSSL_PROVIDER *prov); @@ -40,7 +40,7 @@ int ossl_provider_set_fallback(OSSL_PROVIDER *prov); int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path); int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name, - const char *value); + const char *value); int ossl_provider_is_child(const OSSL_PROVIDER *prov); int ossl_provider_set_child(OSSL_PROVIDER *prov, const OSSL_CORE_HANDLE *handle); @@ -59,16 +59,16 @@ int ossl_provider_activate(OSSL_PROVIDER *prov, int upcalls, int aschild); int ossl_provider_deactivate(OSSL_PROVIDER *prov, int removechildren); int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, - int retain_fallbacks); + int retain_fallbacks); /* Return pointer to the provider's context */ void *ossl_provider_ctx(const OSSL_PROVIDER *prov); /* Iterate over all loaded providers */ int ossl_provider_doall_activated(OSSL_LIB_CTX *, - int (*cb)(OSSL_PROVIDER *provider, - void *cbdata), - void *cbdata); + int (*cb)(OSSL_PROVIDER *provider, + void *cbdata), + void *cbdata); /* Getters for other library functions */ const char *ossl_provider_name(const OSSL_PROVIDER *prov); @@ -84,16 +84,16 @@ const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov); int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, - const char *capability, - OSSL_CALLBACK *cb, - void *arg); + const char *capability, + OSSL_CALLBACK *cb, + void *arg); int ossl_provider_self_test(const OSSL_PROVIDER *prov); const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, - int operation_id, - int *no_cache); + int operation_id, + int *no_cache); void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, - int operation_id, - const OSSL_ALGORITHM *algs); + int operation_id, + const OSSL_ALGORITHM *algs); /* * Cache of bits to see if we already added methods for an operation in @@ -102,19 +102,19 @@ */ int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum); int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, - int *result); + int *result); /* Configuration */ void ossl_provider_add_conf_module(void); /* Child providers */ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, - const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in); + const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in); void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/internal/refcount.h.orig +++ crypto/openssl/include/internal/refcount.h @@ -7,28 +7,28 @@ * https://www.openssl.org/source/license.html */ #ifndef OSSL_INTERNAL_REFCOUNT_H -# define OSSL_INTERNAL_REFCOUNT_H -# pragma once +#define OSSL_INTERNAL_REFCOUNT_H +#pragma once -# include -# include +#include +#include -# if defined(OPENSSL_THREADS) && !defined(OPENSSL_DEV_NO_ATOMICS) -# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ - && !defined(__STDC_NO_ATOMICS__) -# include -# define HAVE_C11_ATOMICS -# endif +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_DEV_NO_ATOMICS) +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ + && !defined(__STDC_NO_ATOMICS__) +#include +#define HAVE_C11_ATOMICS +#endif -# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \ - && ATOMIC_INT_LOCK_FREE > 0 +#if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \ + && ATOMIC_INT_LOCK_FREE > 0 -# define HAVE_ATOMICS 1 +#define HAVE_ATOMICS 1 typedef _Atomic int CRYPTO_REF_COUNT; static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1; return 1; @@ -45,7 +45,7 @@ * otherwise imply an acquire fence. Hence conditional acquire fence... */ static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1; if (*ret == 0) @@ -53,9 +53,9 @@ return 1; } -# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 +#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 -# define HAVE_ATOMICS 1 +#define HAVE_ATOMICS 1 typedef int CRYPTO_REF_COUNT; @@ -66,113 +66,113 @@ } static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1; if (*ret == 0) __atomic_thread_fence(__ATOMIC_ACQUIRE); return 1; } -# elif defined(__ICL) && defined(_WIN32) -# define HAVE_ATOMICS 1 +#elif defined(__ICL) && defined(_WIN32) +#define HAVE_ATOMICS 1 typedef volatile int CRYPTO_REF_COUNT; static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd((void *)val, 1) + 1; return 1; } static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd((void *)val, -1) - 1; return 1; } -# elif defined(_MSC_VER) && _MSC_VER>=1200 +#elif defined(_MSC_VER) && _MSC_VER >= 1200 -# define HAVE_ATOMICS 1 +#define HAVE_ATOMICS 1 typedef volatile int CRYPTO_REF_COUNT; -# if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) -# include -# if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) -# define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH -# endif +#if (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) +#include +#if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) +#define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH +#endif static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd_nf(val, 1) + 1; return 1; } static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd_nf(val, -1) - 1; if (*ret == 0) __dmb(_ARM_BARRIER_ISH); return 1; } -# else -# if !defined(_WIN32_WCE) -# pragma intrinsic(_InterlockedExchangeAdd) -# else -# if _WIN32_WCE >= 0x600 - extern long __cdecl _InterlockedExchangeAdd(long volatile*, long); -# else - /* under Windows CE we still have old-style Interlocked* functions */ - extern long __cdecl InterlockedExchangeAdd(long volatile*, long); -# define _InterlockedExchangeAdd InterlockedExchangeAdd -# endif -# endif +#else +#if !defined(_WIN32_WCE) +#pragma intrinsic(_InterlockedExchangeAdd) +#else +#if _WIN32_WCE >= 0x600 +extern long __cdecl _InterlockedExchangeAdd(long volatile *, long); +#else +/* under Windows CE we still have old-style Interlocked* functions */ +extern long __cdecl InterlockedExchangeAdd(long volatile *, long); +#define _InterlockedExchangeAdd InterlockedExchangeAdd +#endif +#endif static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd((long volatile *)val, 1) + 1; return 1; } static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd((long volatile *)val, -1) - 1; return 1; } -# endif +#endif -# endif -# endif /* !OPENSSL_DEV_NO_ATOMICS */ +#endif +#endif /* !OPENSSL_DEV_NO_ATOMICS */ /* * All the refcounting implementations above define HAVE_ATOMICS, so if it's * still undefined here (such as when OPENSSL_DEV_NO_ATOMICS is defined), it * means we need to implement a fallback. This fallback uses locks. */ -# ifndef HAVE_ATOMICS +#ifndef HAVE_ATOMICS typedef int CRYPTO_REF_COUNT; -# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock) -# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock) +#define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock) +#define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock) -# endif +#endif -# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) -# define REF_ASSERT_ISNT(test) \ +#if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) +#define REF_ASSERT_ISNT(test) \ (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) -# else -# define REF_ASSERT_ISNT(i) -# endif +#else +#define REF_ASSERT_ISNT(i) +#endif -# define REF_PRINT_EX(text, count, object) \ +#define REF_PRINT_EX(text, count, object) \ OSSL_TRACE3(REF_COUNT, "%p:%4d:%s\n", (object), (count), (text)); -# define REF_PRINT_COUNT(text, object) \ +#define REF_PRINT_COUNT(text, object) \ REF_PRINT_EX(text, object->references, (void *)object) #endif --- crypto/openssl/include/internal/sha3.h.orig +++ crypto/openssl/include/internal/sha3.h @@ -9,33 +9,32 @@ /* This header can move into provider when legacy support is removed */ #ifndef OSSL_INTERNAL_SHA3_H -# define OSSL_INTERNAL_SHA3_H -# pragma once +#define OSSL_INTERNAL_SHA3_H +#pragma once -# include -# include +#include +#include -# define KECCAK1600_WIDTH 1600 -# define SHA3_MDSIZE(bitlen) (bitlen / 8) -# define KMAC_MDSIZE(bitlen) 2 * (bitlen / 8) -# define SHA3_BLOCKSIZE(bitlen) (KECCAK1600_WIDTH - bitlen * 2) / 8 +#define KECCAK1600_WIDTH 1600 +#define SHA3_MDSIZE(bitlen) (bitlen / 8) +#define KMAC_MDSIZE(bitlen) 2 * (bitlen / 8) +#define SHA3_BLOCKSIZE(bitlen) (KECCAK1600_WIDTH - bitlen * 2) / 8 typedef struct keccak_st KECCAK1600_CTX; -typedef size_t (sha3_absorb_fn)(void *vctx, const void *inp, size_t len); -typedef int (sha3_final_fn)(unsigned char *md, void *vctx); +typedef size_t(sha3_absorb_fn)(void *vctx, const void *inp, size_t len); +typedef int(sha3_final_fn)(unsigned char *md, void *vctx); -typedef struct prov_sha3_meth_st -{ +typedef struct prov_sha3_meth_st { sha3_absorb_fn *absorb; sha3_final_fn *final; } PROV_SHA3_METHOD; struct keccak_st { uint64_t A[5][5]; - size_t block_size; /* cached ctx->digest->block_size */ - size_t md_size; /* output length, variable in XOF */ - size_t bufsz; /* used bytes in below buffer */ + size_t block_size; /* cached ctx->digest->block_size */ + size_t md_size; /* output length, variable in XOF */ + size_t bufsz; /* used bytes in below buffer */ unsigned char buf[KECCAK1600_WIDTH / 8 - 32]; unsigned char pad; PROV_SHA3_METHOD meth; @@ -44,11 +43,11 @@ void ossl_sha3_reset(KECCAK1600_CTX *ctx); int ossl_sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen); int ossl_keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, - size_t bitlen); + size_t bitlen); int ossl_sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len); int ossl_sha3_final(unsigned char *md, KECCAK1600_CTX *ctx); size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, - size_t r); + size_t r); #endif /* OSSL_INTERNAL_SHA3_H */ --- crypto/openssl/include/internal/sizes.h.orig +++ crypto/openssl/include/internal/sizes.h @@ -8,15 +8,15 @@ */ #ifndef OSSL_INTERNAL_SIZES_H -# define OSSL_INTERNAL_SIZES_H -# pragma once +#define OSSL_INTERNAL_SIZES_H +#pragma once /* * Max sizes used to allocate buffers with a fixed sizes, for example for * stack allocations, structure fields, ... */ -# define OSSL_MAX_NAME_SIZE 50 /* Algorithm name */ -# define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ -# define OSSL_MAX_ALGORITHM_ID_SIZE 256 /* AlgorithmIdentifier DER */ +#define OSSL_MAX_NAME_SIZE 50 /* Algorithm name */ +#define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ +#define OSSL_MAX_ALGORITHM_ID_SIZE 256 /* AlgorithmIdentifier DER */ #endif --- crypto/openssl/include/internal/sm3.h.orig +++ crypto/openssl/include/internal/sm3.h @@ -10,26 +10,26 @@ /* This header can move into provider when legacy support is removed */ #ifndef OSSL_INTERNAL_SM3_H -# define OSSL_INTERNAL_SM3_H -# pragma once +#define OSSL_INTERNAL_SM3_H +#pragma once -# include +#include -# ifdef OPENSSL_NO_SM3 -# error SM3 is disabled. -# endif +#ifdef OPENSSL_NO_SM3 +#error SM3 is disabled. +#endif -# define SM3_DIGEST_LENGTH 32 -# define SM3_WORD unsigned int +#define SM3_DIGEST_LENGTH 32 +#define SM3_WORD unsigned int -# define SM3_CBLOCK 64 -# define SM3_LBLOCK (SM3_CBLOCK/4) +#define SM3_CBLOCK 64 +#define SM3_LBLOCK (SM3_CBLOCK / 4) typedef struct SM3state_st { - SM3_WORD A, B, C, D, E, F, G, H; - SM3_WORD Nl, Nh; - SM3_WORD data[SM3_LBLOCK]; - unsigned int num; + SM3_WORD A, B, C, D, E, F, G, H; + SM3_WORD Nl, Nh; + SM3_WORD data[SM3_LBLOCK]; + unsigned int num; } SM3_CTX; int ossl_sm3_init(SM3_CTX *c); --- crypto/openssl/include/internal/sockets.h.orig +++ crypto/openssl/include/internal/sockets.h @@ -8,48 +8,48 @@ */ #ifndef OSSL_INTERNAL_SOCKETS_H -# define OSSL_INTERNAL_SOCKETS_H -# pragma once - -# include - -# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) -# define NO_SYS_PARAM_H -# endif -# ifdef WIN32 -# define NO_SYS_UN_H -# endif -# ifdef OPENSSL_SYS_VMS -# define NO_SYS_PARAM_H -# define NO_SYS_UN_H -# endif - -# ifdef OPENSSL_NO_SOCK - -# elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) -# if defined(__DJGPP__) -# define WATT32 -# define WATT32_NO_OLDIES -# include -# include -# include -# include -# include -# include -# elif defined(_WIN32_WCE) && _WIN32_WCE<410 -# define getservbyname _masked_declaration_getservbyname -# endif -# if !defined(IPPROTO_IP) - /* winsock[2].h was included already? */ -# include -# endif -# ifdef getservbyname - /* this is used to be wcecompat/include/winsock_extras.h */ -# undef getservbyname +#define OSSL_INTERNAL_SOCKETS_H +#pragma once + +#include + +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) +#define NO_SYS_PARAM_H +#endif +#ifdef WIN32 +#define NO_SYS_UN_H +#endif +#ifdef OPENSSL_SYS_VMS +#define NO_SYS_PARAM_H +#define NO_SYS_UN_H +#endif + +#ifdef OPENSSL_NO_SOCK + +#elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(__DJGPP__) +#define WATT32 +#define WATT32_NO_OLDIES +#include +#include +#include +#include +#include +#include +#elif defined(_WIN32_WCE) && _WIN32_WCE < 410 +#define getservbyname _masked_declaration_getservbyname +#endif +#if !defined(IPPROTO_IP) +/* winsock[2].h was included already? */ +#include +#endif +#ifdef getservbyname +/* this is used to be wcecompat/include/winsock_extras.h */ +#undef getservbyname struct servent *PASCAL getservbyname(const char *, const char *); -# endif +#endif -# ifdef _WIN64 +#ifdef _WIN64 /* * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because * the value constitutes an index in per-process table of limited size @@ -57,121 +57,121 @@ * Windows run on happen to be two's-complement, which allows to * interchange INVALID_SOCKET and -1. */ -# define socket(d,t,p) ((int)socket(d,t,p)) -# define accept(s,f,l) ((int)accept(s,f,l)) -# endif - -# else - -# ifndef NO_SYS_PARAM_H -# include -# endif -# ifdef OPENSSL_SYS_VXWORKS -# include -# endif - -# include -# if defined(OPENSSL_SYS_VMS_NODECC) -# include -# include -# include -# else -# include -# ifndef NO_SYS_UN_H -# include -# ifndef UNIX_PATH_MAX -# define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) -# endif -# endif -# ifdef FILIO_H -# include /* FIONBIO in some SVR4, e.g. unixware, solaris */ -# endif -# include -# include -# include -# endif - -# ifdef OPENSSL_SYS_AIX -# include -# endif - -# ifndef VMS -# include -# else -# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) - /* ioctl is only in VMS > 7.0 and when socketshr is not used */ -# include -# endif -# include -# if defined(TCPIP_TYPE_SOCKETSHR) -# include -# endif -# endif - -# ifndef INVALID_SOCKET -# define INVALID_SOCKET (-1) -# endif -# endif +#define socket(d, t, p) ((int)socket(d, t, p)) +#define accept(s, f, l) ((int)accept(s, f, l)) +#endif + +#else + +#ifndef NO_SYS_PARAM_H +#include +#endif +#ifdef OPENSSL_SYS_VXWORKS +#include +#endif + +#include +#if defined(OPENSSL_SYS_VMS_NODECC) +#include +#include +#include +#else +#include +#ifndef NO_SYS_UN_H +#include +#ifndef UNIX_PATH_MAX +#define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) +#endif +#endif +#ifdef FILIO_H +#include /* FIONBIO in some SVR4, e.g. unixware, solaris */ +#endif +#include +#include +#include +#endif + +#ifdef OPENSSL_SYS_AIX +#include +#endif + +#ifndef VMS +#include +#else +#if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) +/* ioctl is only in VMS > 7.0 and when socketshr is not used */ +#include +#endif +#include +#if defined(TCPIP_TYPE_SOCKETSHR) +#include +#endif +#endif + +#ifndef INVALID_SOCKET +#define INVALID_SOCKET (-1) +#endif +#endif /* * Some IPv6 implementations are broken, you can disable them in known * bad versions. */ -# if !defined(OPENSSL_USE_IPV6) -# if defined(AF_INET6) -# define OPENSSL_USE_IPV6 1 -# else -# define OPENSSL_USE_IPV6 0 -# endif -# endif - -# define get_last_socket_error() errno -# define clear_socket_error() errno=0 - -# if defined(OPENSSL_SYS_WINDOWS) -# undef get_last_socket_error -# undef clear_socket_error -# define get_last_socket_error() WSAGetLastError() -# define clear_socket_error() WSASetLastError(0) -# define readsocket(s,b,n) recv((s),(b),(n),0) -# define writesocket(s,b,n) send((s),(b),(n),0) -# elif defined(__DJGPP__) -# define closesocket(s) close_s(s) -# define readsocket(s,b,n) read_s(s,b,n) -# define writesocket(s,b,n) send(s,b,n,0) -# elif defined(OPENSSL_SYS_VMS) -# define ioctlsocket(a,b,c) ioctl(a,b,c) -# define closesocket(s) close(s) -# define readsocket(s,b,n) recv((s),(b),(n),0) -# define writesocket(s,b,n) send((s),(b),(n),0) -# elif defined(OPENSSL_SYS_VXWORKS) -# define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) -# define closesocket(s) close(s) -# define readsocket(s,b,n) read((s),(b),(n)) -# define writesocket(s,b,n) write((s),(char *)(b),(n)) -# elif defined(OPENSSL_SYS_TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# define readsocket(s,b,n) floss_read((s),(b),(n)) -# define writesocket(s,b,n) floss_write((s),(b),(n)) -# else -# define readsocket(s,b,n) read((s),(b),(n)) -# define writesocket(s,b,n) write((s),(b),(n)) -# endif -# define ioctlsocket(a,b,c) ioctl(a,b,c) -# define closesocket(s) close(s) -# else -# define ioctlsocket(a,b,c) ioctl(a,b,c) -# define closesocket(s) close(s) -# define readsocket(s,b,n) read((s),(b),(n)) -# define writesocket(s,b,n) write((s),(b),(n)) -# endif +#if !defined(OPENSSL_USE_IPV6) +#if defined(AF_INET6) +#define OPENSSL_USE_IPV6 1 +#else +#define OPENSSL_USE_IPV6 0 +#endif +#endif + +#define get_last_socket_error() errno +#define clear_socket_error() errno = 0 + +#if defined(OPENSSL_SYS_WINDOWS) +#undef get_last_socket_error +#undef clear_socket_error +#define get_last_socket_error() WSAGetLastError() +#define clear_socket_error() WSASetLastError(0) +#define readsocket(s, b, n) recv((s), (b), (n), 0) +#define writesocket(s, b, n) send((s), (b), (n), 0) +#elif defined(__DJGPP__) +#define closesocket(s) close_s(s) +#define readsocket(s, b, n) read_s(s, b, n) +#define writesocket(s, b, n) send(s, b, n, 0) +#elif defined(OPENSSL_SYS_VMS) +#define ioctlsocket(a, b, c) ioctl(a, b, c) +#define closesocket(s) close(s) +#define readsocket(s, b, n) recv((s), (b), (n), 0) +#define writesocket(s, b, n) send((s), (b), (n), 0) +#elif defined(OPENSSL_SYS_VXWORKS) +#define ioctlsocket(a, b, c) ioctl((a), (b), (int)(c)) +#define closesocket(s) close(s) +#define readsocket(s, b, n) read((s), (b), (n)) +#define writesocket(s, b, n) write((s), (char *)(b), (n)) +#elif defined(OPENSSL_SYS_TANDEM) +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#define readsocket(s, b, n) floss_read((s), (b), (n)) +#define writesocket(s, b, n) floss_write((s), (b), (n)) +#else +#define readsocket(s, b, n) read((s), (b), (n)) +#define writesocket(s, b, n) write((s), (b), (n)) +#endif +#define ioctlsocket(a, b, c) ioctl(a, b, c) +#define closesocket(s) close(s) +#else +#define ioctlsocket(a, b, c) ioctl(a, b, c) +#define closesocket(s) close(s) +#define readsocket(s, b, n) read((s), (b), (n)) +#define writesocket(s, b, n) write((s), (b), (n)) +#endif /* also in apps/include/apps.h */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) -# define openssl_fdset(a, b) FD_SET((unsigned int)(a), b) -# else -# define openssl_fdset(a, b) FD_SET(a, b) -# endif +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) +#define openssl_fdset(a, b) FD_SET((unsigned int)(a), b) +#else +#define openssl_fdset(a, b) FD_SET(a, b) +#endif #endif --- crypto/openssl/include/internal/sslconf.h.orig +++ crypto/openssl/include/internal/sslconf.h @@ -8,14 +8,14 @@ */ #ifndef OSSL_INTERNAL_SSLCONF_H -# define OSSL_INTERNAL_SSLCONF_H -# pragma once +#define OSSL_INTERNAL_SSLCONF_H +#pragma once typedef struct ssl_conf_cmd_st SSL_CONF_CMD; const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt); int conf_ssl_name_find(const char *name, size_t *idx); void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, - char **arg); + char **arg); #endif --- crypto/openssl/include/internal/symhacks.h.orig +++ crypto/openssl/include/internal/symhacks.h @@ -8,20 +8,20 @@ */ #ifndef OSSL_INTERNAL_SYMHACKS_H -# define OSSL_INTERNAL_SYMHACKS_H -# pragma once +#define OSSL_INTERNAL_SYMHACKS_H +#pragma once -# include +#include -# if defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_VMS) /* ossl_provider_gettable_params vs OSSL_PROVIDER_gettable_params */ -# undef ossl_provider_gettable_params -# define ossl_provider_gettable_params ossl_int_prov_gettable_params +#undef ossl_provider_gettable_params +#define ossl_provider_gettable_params ossl_int_prov_gettable_params /* ossl_provider_get_params vs OSSL_PROVIDER_get_params */ -# undef ossl_provider_get_params -# define ossl_provider_get_params ossl_int_prov_get_params +#undef ossl_provider_get_params +#define ossl_provider_get_params ossl_int_prov_get_params -# endif +#endif -#endif /* ! defined HEADER_VMS_IDHACKS_H */ +#endif /* ! defined HEADER_VMS_IDHACKS_H */ --- crypto/openssl/include/internal/thread_once.h.orig +++ crypto/openssl/include/internal/thread_once.h @@ -8,10 +8,10 @@ */ #ifndef OSSL_INTERNAL_THREAD_ONCE_H -# define OSSL_INTERNAL_THREAD_ONCE_H -# pragma once +#define OSSL_INTERNAL_THREAD_ONCE_H +#pragma once -# include +#include /* * Initialisation of global data should never happen via "RUN_ONCE" inside the @@ -19,7 +19,7 @@ * OSSL_LIB_CTX object. In this way data will get cleaned up correctly when the * module gets unloaded. */ -# if !defined(FIPS_MODULE) || defined(ALLOW_RUN_ONCE_IN_FIPS) +#if !defined(FIPS_MODULE) || defined(ALLOW_RUN_ONCE_IN_FIPS) /* * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly * once. It takes no arguments and returns an int result (1 for success or @@ -34,21 +34,21 @@ * return 0; * } */ -# define DEFINE_RUN_ONCE(init) \ - static int init(void); \ - int init##_ossl_ret_ = 0; \ - void init##_ossl_(void) \ - { \ - init##_ossl_ret_ = init(); \ - } \ +#define DEFINE_RUN_ONCE(init) \ + static int init(void); \ + int init##_ossl_ret_ = 0; \ + void init##_ossl_(void) \ + { \ + init##_ossl_ret_ = init(); \ + } \ static int init(void) /* * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly * once that has been defined in another file via DEFINE_RUN_ONCE(). */ -# define DECLARE_RUN_ONCE(init) \ - extern int init##_ossl_ret_; \ +#define DECLARE_RUN_ONCE(init) \ + extern int init##_ossl_ret_; \ void init##_ossl_(void); /* @@ -66,13 +66,13 @@ * return 0; * } */ -# define DEFINE_RUN_ONCE_STATIC(init) \ - static int init(void); \ - static int init##_ossl_ret_ = 0; \ - static void init##_ossl_(void) \ - { \ - init##_ossl_ret_ = init(); \ - } \ +#define DEFINE_RUN_ONCE_STATIC(init) \ + static int init(void); \ + static int init##_ossl_ret_ = 0; \ + static void init##_ossl_(void) \ + { \ + init##_ossl_ret_ = init(); \ + } \ static int init(void) /* @@ -107,7 +107,7 @@ * return 0; * } */ -# define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ +#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ static int initalt(void); \ static void initalt##_ossl_(void) \ { \ @@ -126,7 +126,7 @@ * * (*) by convention, since the init function must return 1 on success. */ -# define RUN_ONCE(once, init) \ +#define RUN_ONCE(once, init) \ (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) /* @@ -144,8 +144,8 @@ * * (*) by convention, since the init function must return 1 on success. */ -# define RUN_ONCE_ALT(once, initalt, init) \ +#define RUN_ONCE_ALT(once, initalt, init) \ (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0) -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ #endif /* OSSL_INTERNAL_THREAD_ONCE_H */ --- crypto/openssl/include/internal/tlsgroups.h.orig +++ crypto/openssl/include/internal/tlsgroups.h @@ -8,43 +8,43 @@ */ #ifndef OSSL_INTERNAL_TLSGROUPS_H -# define OSSL_INTERNAL_TLSGROUPS_H -# pragma once +#define OSSL_INTERNAL_TLSGROUPS_H +#pragma once -# define OSSL_TLS_GROUP_ID_sect163k1 0x0001 -# define OSSL_TLS_GROUP_ID_sect163r1 0x0002 -# define OSSL_TLS_GROUP_ID_sect163r2 0x0003 -# define OSSL_TLS_GROUP_ID_sect193r1 0x0004 -# define OSSL_TLS_GROUP_ID_sect193r2 0x0005 -# define OSSL_TLS_GROUP_ID_sect233k1 0x0006 -# define OSSL_TLS_GROUP_ID_sect233r1 0x0007 -# define OSSL_TLS_GROUP_ID_sect239k1 0x0008 -# define OSSL_TLS_GROUP_ID_sect283k1 0x0009 -# define OSSL_TLS_GROUP_ID_sect283r1 0x000A -# define OSSL_TLS_GROUP_ID_sect409k1 0x000B -# define OSSL_TLS_GROUP_ID_sect409r1 0x000C -# define OSSL_TLS_GROUP_ID_sect571k1 0x000D -# define OSSL_TLS_GROUP_ID_sect571r1 0x000E -# define OSSL_TLS_GROUP_ID_secp160k1 0x000F -# define OSSL_TLS_GROUP_ID_secp160r1 0x0010 -# define OSSL_TLS_GROUP_ID_secp160r2 0x0011 -# define OSSL_TLS_GROUP_ID_secp192k1 0x0012 -# define OSSL_TLS_GROUP_ID_secp192r1 0x0013 -# define OSSL_TLS_GROUP_ID_secp224k1 0x0014 -# define OSSL_TLS_GROUP_ID_secp224r1 0x0015 -# define OSSL_TLS_GROUP_ID_secp256k1 0x0016 -# define OSSL_TLS_GROUP_ID_secp256r1 0x0017 -# define OSSL_TLS_GROUP_ID_secp384r1 0x0018 -# define OSSL_TLS_GROUP_ID_secp521r1 0x0019 -# define OSSL_TLS_GROUP_ID_brainpoolP256r1 0x001A -# define OSSL_TLS_GROUP_ID_brainpoolP384r1 0x001B -# define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C -# define OSSL_TLS_GROUP_ID_x25519 0x001D -# define OSSL_TLS_GROUP_ID_x448 0x001E -# define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 -# define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 -# define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 -# define OSSL_TLS_GROUP_ID_ffdhe6144 0x0103 -# define OSSL_TLS_GROUP_ID_ffdhe8192 0x0104 +#define OSSL_TLS_GROUP_ID_sect163k1 0x0001 +#define OSSL_TLS_GROUP_ID_sect163r1 0x0002 +#define OSSL_TLS_GROUP_ID_sect163r2 0x0003 +#define OSSL_TLS_GROUP_ID_sect193r1 0x0004 +#define OSSL_TLS_GROUP_ID_sect193r2 0x0005 +#define OSSL_TLS_GROUP_ID_sect233k1 0x0006 +#define OSSL_TLS_GROUP_ID_sect233r1 0x0007 +#define OSSL_TLS_GROUP_ID_sect239k1 0x0008 +#define OSSL_TLS_GROUP_ID_sect283k1 0x0009 +#define OSSL_TLS_GROUP_ID_sect283r1 0x000A +#define OSSL_TLS_GROUP_ID_sect409k1 0x000B +#define OSSL_TLS_GROUP_ID_sect409r1 0x000C +#define OSSL_TLS_GROUP_ID_sect571k1 0x000D +#define OSSL_TLS_GROUP_ID_sect571r1 0x000E +#define OSSL_TLS_GROUP_ID_secp160k1 0x000F +#define OSSL_TLS_GROUP_ID_secp160r1 0x0010 +#define OSSL_TLS_GROUP_ID_secp160r2 0x0011 +#define OSSL_TLS_GROUP_ID_secp192k1 0x0012 +#define OSSL_TLS_GROUP_ID_secp192r1 0x0013 +#define OSSL_TLS_GROUP_ID_secp224k1 0x0014 +#define OSSL_TLS_GROUP_ID_secp224r1 0x0015 +#define OSSL_TLS_GROUP_ID_secp256k1 0x0016 +#define OSSL_TLS_GROUP_ID_secp256r1 0x0017 +#define OSSL_TLS_GROUP_ID_secp384r1 0x0018 +#define OSSL_TLS_GROUP_ID_secp521r1 0x0019 +#define OSSL_TLS_GROUP_ID_brainpoolP256r1 0x001A +#define OSSL_TLS_GROUP_ID_brainpoolP384r1 0x001B +#define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C +#define OSSL_TLS_GROUP_ID_x25519 0x001D +#define OSSL_TLS_GROUP_ID_x448 0x001E +#define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 +#define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 +#define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 +#define OSSL_TLS_GROUP_ID_ffdhe6144 0x0103 +#define OSSL_TLS_GROUP_ID_ffdhe8192 0x0104 #endif --- crypto/openssl/include/internal/tsan_assist.h.orig +++ crypto/openssl/include/internal/tsan_assist.h @@ -49,35 +49,34 @@ #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ && !defined(__STDC_NO_ATOMICS__) -# include +#include -# if defined(ATOMIC_POINTER_LOCK_FREE) \ - && ATOMIC_POINTER_LOCK_FREE >= 2 -# define TSAN_QUALIFIER _Atomic -# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) -# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) -# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed) -# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed) -# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) -# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) -# endif +#if defined(ATOMIC_POINTER_LOCK_FREE) \ + && ATOMIC_POINTER_LOCK_FREE >= 2 +#define TSAN_QUALIFIER _Atomic +#define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) +#define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) +#define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed) +#define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed) +#define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) +#define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) +#endif #elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) -# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ - && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2 -# define TSAN_QUALIFIER volatile -# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) -# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) -# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED) -# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED) -# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) -# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) -# endif +#if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ + && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2 +#define TSAN_QUALIFIER volatile +#define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) +#define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) +#define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED) +#define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED) +#define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) +#define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) +#endif -#elif defined(_MSC_VER) && _MSC_VER>=1200 \ - && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE))) +#elif defined(_MSC_VER) && _MSC_VER >= 1200 \ + && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE))) /* * There is subtle dependency on /volatile: command-line option. * "ms" implies same semantic as memory_order_acquire for loads and @@ -89,58 +88,58 @@ * with additional instructions and penalties, it kind of makes sense to * default to "iso"... */ -# define TSAN_QUALIFIER volatile -# if defined(_M_ARM) || defined(_M_ARM64) -# define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf -# pragma intrinsic(_InterlockedExchangeAdd_nf) -# pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) -# ifdef _WIN64 -# define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf -# pragma intrinsic(_InterlockedExchangeAdd64_nf) -# pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) -# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ - : __iso_volatile_load32(ptr)) -# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ - : __iso_volatile_store32((ptr), (val))) -# else -# define tsan_load(ptr) __iso_volatile_load32(ptr) -# define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) -# endif -# else -# define tsan_load(ptr) (*(ptr)) -# define tsan_store(ptr, val) (*(ptr) = (val)) -# endif -# pragma intrinsic(_InterlockedExchangeAdd) -# ifdef _WIN64 -# pragma intrinsic(_InterlockedExchangeAdd64) -# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \ - : _InterlockedExchangeAdd((ptr), 1)) -# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \ - : _InterlockedExchangeAdd((ptr), -1)) -# else -# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1) -# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1) -# endif -# if !defined(_ISO_VOLATILE) -# define tsan_ld_acq(ptr) (*(ptr)) -# define tsan_st_rel(ptr, val) (*(ptr) = (val)) -# endif +#define TSAN_QUALIFIER volatile +#if defined(_M_ARM) || defined(_M_ARM64) +#define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf +#pragma intrinsic(_InterlockedExchangeAdd_nf) +#pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) +#ifdef _WIN64 +#define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf +#pragma intrinsic(_InterlockedExchangeAdd64_nf) +#pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) +#define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ + : __iso_volatile_load32(ptr)) +#define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ + : __iso_volatile_store32((ptr), (val))) +#else +#define tsan_load(ptr) __iso_volatile_load32(ptr) +#define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) +#endif +#else +#define tsan_load(ptr) (*(ptr)) +#define tsan_store(ptr, val) (*(ptr) = (val)) +#endif +#pragma intrinsic(_InterlockedExchangeAdd) +#ifdef _WIN64 +#pragma intrinsic(_InterlockedExchangeAdd64) +#define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \ + : _InterlockedExchangeAdd((ptr), 1)) +#define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \ + : _InterlockedExchangeAdd((ptr), -1)) +#else +#define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1) +#define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1) +#endif +#if !defined(_ISO_VOLATILE) +#define tsan_ld_acq(ptr) (*(ptr)) +#define tsan_st_rel(ptr, val) (*(ptr) = (val)) +#endif #endif #ifndef TSAN_QUALIFIER -# ifdef OPENSSL_THREADS -# define TSAN_QUALIFIER volatile -# define TSAN_REQUIRES_LOCKING -# else /* OPENSSL_THREADS */ -# define TSAN_QUALIFIER -# endif /* OPENSSL_THREADS */ +#ifdef OPENSSL_THREADS +#define TSAN_QUALIFIER volatile +#define TSAN_REQUIRES_LOCKING +#else /* OPENSSL_THREADS */ +#define TSAN_QUALIFIER +#endif /* OPENSSL_THREADS */ -# define tsan_load(ptr) (*(ptr)) -# define tsan_store(ptr, val) (*(ptr) = (val)) -# define tsan_counter(ptr) ((*(ptr))++) -# define tsan_decr(ptr) ((*(ptr))--) +#define tsan_load(ptr) (*(ptr)) +#define tsan_store(ptr, val) (*(ptr) = (val)) +#define tsan_counter(ptr) ((*(ptr))++) +#define tsan_decr(ptr) ((*(ptr))--) /* * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not * sophisticated enough to support them. Code that relies on them should be --- crypto/openssl/include/internal/unicode.h.orig +++ crypto/openssl/include/internal/unicode.h @@ -8,8 +8,8 @@ */ #ifndef OSSL_INTERNAL_UNICODE_H -# define OSSL_INTERNAL_UNICODE_H -# pragma once +#define OSSL_INTERNAL_UNICODE_H +#pragma once typedef enum { SURROGATE_MIN = 0xd800UL, --- crypto/openssl/include/openssl/aes.h.orig +++ crypto/openssl/include/openssl/aes.h @@ -8,104 +8,102 @@ */ #ifndef OPENSSL_AES_H -# define OPENSSL_AES_H -# pragma once +#define OPENSSL_AES_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_AES_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_AES_H +#endif -# include +#include -# include -# ifdef __cplusplus +#include +#ifdef __cplusplus extern "C" { -# endif - -# define AES_BLOCK_SIZE 16 +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#define AES_BLOCK_SIZE 16 -# define AES_ENCRYPT 1 -# define AES_DECRYPT 0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 -# define AES_MAXNR 14 +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 +#define AES_MAXNR 14 /* This should be a hidden type, but EVP requires that the size be known */ struct aes_key_st { -# ifdef AES_LONG +#ifdef AES_LONG unsigned long rd_key[4 * (AES_MAXNR + 1)]; -# else +#else unsigned int rd_key[4 * (AES_MAXNR + 1)]; -# endif +#endif int rounds; }; typedef struct aes_key_st AES_KEY; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const char *AES_options(void); OSSL_DEPRECATEDIN_3_0 int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); OSSL_DEPRECATEDIN_3_0 int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); OSSL_DEPRECATEDIN_3_0 void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); OSSL_DEPRECATEDIN_3_0 void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); OSSL_DEPRECATEDIN_3_0 void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc); + const AES_KEY *key, const int enc); OSSL_DEPRECATEDIN_3_0 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); OSSL_DEPRECATEDIN_3_0 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); OSSL_DEPRECATEDIN_3_0 void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); OSSL_DEPRECATEDIN_3_0 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); OSSL_DEPRECATEDIN_3_0 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num); + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); /* NB: the IV is _two_ blocks long */ OSSL_DEPRECATEDIN_3_0 void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc); + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); /* NB: the IV is _four_ blocks long */ OSSL_DEPRECATEDIN_3_0 void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, const AES_KEY *key2, - const unsigned char *ivec, const int enc); + size_t length, const AES_KEY *key, const AES_KEY *key2, + const unsigned char *ivec, const int enc); OSSL_DEPRECATEDIN_3_0 int AES_wrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, const unsigned char *in, - unsigned int inlen); + unsigned char *out, const unsigned char *in, + unsigned int inlen); OSSL_DEPRECATEDIN_3_0 int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, const unsigned char *in, - unsigned int inlen); -# endif - + unsigned char *out, const unsigned char *in, + unsigned int inlen); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/asn1.h.orig +++ crypto/openssl/include/openssl/asn1.h @@ -10,80 +10,82 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_ASN1_H -# define OPENSSL_ASN1_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ASN1_H -# endif - -# include -# include -# include -# include -# include -# include -# include - -# include -# include - -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif - -#ifdef __cplusplus +#define OPENSSL_ASN1_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ASN1_H +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +#undef OPENSSL_EXTERN +#define OPENSSL_EXTERN OPENSSL_EXPORT +#endif + +#ifdef __cplusplus extern "C" { #endif -# define V_ASN1_UNIVERSAL 0x00 -# define V_ASN1_APPLICATION 0x40 -# define V_ASN1_CONTEXT_SPECIFIC 0x80 -# define V_ASN1_PRIVATE 0xc0 +#define V_ASN1_UNIVERSAL 0x00 +#define V_ASN1_APPLICATION 0x40 +#define V_ASN1_CONTEXT_SPECIFIC 0x80 +#define V_ASN1_PRIVATE 0xc0 -# define V_ASN1_CONSTRUCTED 0x20 -# define V_ASN1_PRIMITIVE_TAG 0x1f -# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG +#define V_ASN1_CONSTRUCTED 0x20 +#define V_ASN1_PRIMITIVE_TAG 0x1f +#define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG -# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ -# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ -# define V_ASN1_ANY -4/* used in ASN1 template code */ +#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ +#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ +#define V_ASN1_ANY -4 /* used in ASN1 template code */ -# define V_ASN1_UNDEF -1 +#define V_ASN1_UNDEF -1 /* ASN.1 tag values */ -# define V_ASN1_EOC 0 -# define V_ASN1_BOOLEAN 1 /**/ -# define V_ASN1_INTEGER 2 -# define V_ASN1_BIT_STRING 3 -# define V_ASN1_OCTET_STRING 4 -# define V_ASN1_NULL 5 -# define V_ASN1_OBJECT 6 -# define V_ASN1_OBJECT_DESCRIPTOR 7 -# define V_ASN1_EXTERNAL 8 -# define V_ASN1_REAL 9 -# define V_ASN1_ENUMERATED 10 -# define V_ASN1_UTF8STRING 12 -# define V_ASN1_SEQUENCE 16 -# define V_ASN1_SET 17 -# define V_ASN1_NUMERICSTRING 18 /**/ -# define V_ASN1_PRINTABLESTRING 19 -# define V_ASN1_T61STRING 20 -# define V_ASN1_TELETEXSTRING 20/* alias */ -# define V_ASN1_VIDEOTEXSTRING 21 /**/ -# define V_ASN1_IA5STRING 22 -# define V_ASN1_UTCTIME 23 -# define V_ASN1_GENERALIZEDTIME 24 /**/ -# define V_ASN1_GRAPHICSTRING 25 /**/ -# define V_ASN1_ISO64STRING 26 /**/ -# define V_ASN1_VISIBLESTRING 26/* alias */ -# define V_ASN1_GENERALSTRING 27 /**/ -# define V_ASN1_UNIVERSALSTRING 28 /**/ -# define V_ASN1_BMPSTRING 30 +#define V_ASN1_EOC 0 +#define V_ASN1_BOOLEAN 1 /**/ +#define V_ASN1_INTEGER 2 +#define V_ASN1_BIT_STRING 3 +#define V_ASN1_OCTET_STRING 4 +#define V_ASN1_NULL 5 +#define V_ASN1_OBJECT 6 +#define V_ASN1_OBJECT_DESCRIPTOR 7 +#define V_ASN1_EXTERNAL 8 +#define V_ASN1_REAL 9 +#define V_ASN1_ENUMERATED 10 +#define V_ASN1_UTF8STRING 12 +#define V_ASN1_SEQUENCE 16 +#define V_ASN1_SET 17 +#define V_ASN1_NUMERICSTRING 18 /**/ +#define V_ASN1_PRINTABLESTRING 19 +#define V_ASN1_T61STRING 20 +#define V_ASN1_TELETEXSTRING 20 /* alias */ +#define V_ASN1_VIDEOTEXSTRING 21 /**/ +#define V_ASN1_IA5STRING 22 +#define V_ASN1_UTCTIME 23 +#define V_ASN1_GENERALIZEDTIME 24 /**/ +#define V_ASN1_GRAPHICSTRING 25 /**/ +#define V_ASN1_ISO64STRING 26 /**/ +#define V_ASN1_VISIBLESTRING 26 /* alias */ +#define V_ASN1_GENERALSTRING 27 /**/ +#define V_ASN1_UNIVERSALSTRING 28 /**/ +#define V_ASN1_BMPSTRING 30 /* * NB the constants below are used internally by ASN1_INTEGER @@ -91,41 +93,42 @@ * the wire tag values. */ -# define V_ASN1_NEG 0x100 -# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) -# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +#define V_ASN1_NEG 0x100 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) /* For use with d2i_ASN1_type_bytes() */ -# define B_ASN1_NUMERICSTRING 0x0001 -# define B_ASN1_PRINTABLESTRING 0x0002 -# define B_ASN1_T61STRING 0x0004 -# define B_ASN1_TELETEXSTRING 0x0004 -# define B_ASN1_VIDEOTEXSTRING 0x0008 -# define B_ASN1_IA5STRING 0x0010 -# define B_ASN1_GRAPHICSTRING 0x0020 -# define B_ASN1_ISO64STRING 0x0040 -# define B_ASN1_VISIBLESTRING 0x0040 -# define B_ASN1_GENERALSTRING 0x0080 -# define B_ASN1_UNIVERSALSTRING 0x0100 -# define B_ASN1_OCTET_STRING 0x0200 -# define B_ASN1_BIT_STRING 0x0400 -# define B_ASN1_BMPSTRING 0x0800 -# define B_ASN1_UNKNOWN 0x1000 -# define B_ASN1_UTF8STRING 0x2000 -# define B_ASN1_UTCTIME 0x4000 -# define B_ASN1_GENERALIZEDTIME 0x8000 -# define B_ASN1_SEQUENCE 0x10000 +#define B_ASN1_NUMERICSTRING 0x0001 +#define B_ASN1_PRINTABLESTRING 0x0002 +#define B_ASN1_T61STRING 0x0004 +#define B_ASN1_TELETEXSTRING 0x0004 +#define B_ASN1_VIDEOTEXSTRING 0x0008 +#define B_ASN1_IA5STRING 0x0010 +#define B_ASN1_GRAPHICSTRING 0x0020 +#define B_ASN1_ISO64STRING 0x0040 +#define B_ASN1_VISIBLESTRING 0x0040 +#define B_ASN1_GENERALSTRING 0x0080 +#define B_ASN1_UNIVERSALSTRING 0x0100 +#define B_ASN1_OCTET_STRING 0x0200 +#define B_ASN1_BIT_STRING 0x0400 +#define B_ASN1_BMPSTRING 0x0800 +#define B_ASN1_UNKNOWN 0x1000 +#define B_ASN1_UTF8STRING 0x2000 +#define B_ASN1_UTCTIME 0x4000 +#define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 /* For use with ASN1_mbstring_copy() */ -# define MBSTRING_FLAG 0x1000 -# define MBSTRING_UTF8 (MBSTRING_FLAG) -# define MBSTRING_ASC (MBSTRING_FLAG|1) -# define MBSTRING_BMP (MBSTRING_FLAG|2) -# define MBSTRING_UNIV (MBSTRING_FLAG|4) -# define SMIME_OLDMIME 0x400 -# define SMIME_CRLFEOL 0x800 -# define SMIME_STREAM 0x1000 +#define MBSTRING_FLAG 0x1000 +#define MBSTRING_UTF8 (MBSTRING_FLAG) +#define MBSTRING_ASC (MBSTRING_FLAG | 1) +#define MBSTRING_BMP (MBSTRING_FLAG | 2) +#define MBSTRING_UNIV (MBSTRING_FLAG | 4) +#define SMIME_OLDMIME 0x400 +#define SMIME_CRLFEOL 0x800 +#define SMIME_STREAM 0x1000 /* Stacks for types not otherwise defined in this header */ +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR) #define sk_X509_ALGOR_num(sk) OPENSSL_sk_num(ossl_check_const_X509_ALGOR_sk_type(sk)) #define sk_X509_ALGOR_value(sk, idx) ((X509_ALGOR *)OPENSSL_sk_value(ossl_check_const_X509_ALGOR_sk_type(sk), (idx))) @@ -153,15 +156,15 @@ #define sk_X509_ALGOR_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_ALGOR) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_copyfunc_type(copyfunc), ossl_check_X509_ALGOR_freefunc_type(freefunc))) #define sk_X509_ALGOR_set_cmp_func(sk, cmp) ((sk_X509_ALGOR_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_ALGOR_sk_type(sk), ossl_check_X509_ALGOR_compfunc_type(cmp))) +/* clang-format on */ - -# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ /* * This indicates that the ASN1_STRING is not a real value but just a place * holder for the location where indefinite length constructed data should be * inserted in the memory buffer */ -# define ASN1_STRING_FLAG_NDEF 0x010 +#define ASN1_STRING_FLAG_NDEF 0x010 /* * This flag is used by the CMS code to indicate that a string is not @@ -169,16 +172,16 @@ * The flag will be reset when content has been written to it. */ -# define ASN1_STRING_FLAG_CONT 0x020 +#define ASN1_STRING_FLAG_CONT 0x020 /* * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING * type. */ -# define ASN1_STRING_FLAG_MSTRING 0x040 +#define ASN1_STRING_FLAG_MSTRING 0x040 /* String is embedded and only content should be freed */ -# define ASN1_STRING_FLAG_EMBED 0x080 +#define ASN1_STRING_FLAG_EMBED 0x080 /* String should be parsed in RFC 5280's time format */ -# define ASN1_STRING_FLAG_X509_TIME 0x100 +#define ASN1_STRING_FLAG_X509_TIME 0x100 /* This is the base type that holds just about everything :-) */ struct asn1_string_st { int length; @@ -199,26 +202,26 @@ */ typedef struct ASN1_ENCODING_st { - unsigned char *enc; /* DER encoding */ - long len; /* Length of encoding */ - int modified; /* set to 1 if 'enc' is invalid */ + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ } ASN1_ENCODING; /* Used with ASN1 LONG type: if a long is set to this it is omitted */ -# define ASN1_LONG_UNDEF 0x7fffffffL +#define ASN1_LONG_UNDEF 0x7fffffffL -# define STABLE_FLAGS_MALLOC 0x01 +#define STABLE_FLAGS_MALLOC 0x01 /* * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias * STABLE_FLAGS_CLEAR to reflect this. */ -# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC -# define STABLE_NO_MASK 0x02 -# define DIRSTRING_TYPE \ - (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) -# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) +#define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +#define STABLE_NO_MASK 0x02 +#define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING) +#define PKCS9STRING_TYPE (DIRSTRING_TYPE | B_ASN1_IA5STRING) struct asn1_string_table_st { int nid; @@ -228,6 +231,7 @@ unsigned long flags; }; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASN1_STRING_TABLE, ASN1_STRING_TABLE, ASN1_STRING_TABLE) #define sk_ASN1_STRING_TABLE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk)) #define sk_ASN1_STRING_TABLE_value(sk, idx) ((ASN1_STRING_TABLE *)OPENSSL_sk_value(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), (idx))) @@ -255,17 +259,18 @@ #define sk_ASN1_STRING_TABLE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_STRING_TABLE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_copyfunc_type(copyfunc), ossl_check_ASN1_STRING_TABLE_freefunc_type(freefunc))) #define sk_ASN1_STRING_TABLE_set_cmp_func(sk, cmp) ((sk_ASN1_STRING_TABLE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_STRING_TABLE_sk_type(sk), ossl_check_ASN1_STRING_TABLE_compfunc_type(cmp))) +/* clang-format on */ /* size limits: this stuff is taken straight from RFC2459 */ -# define ub_name 32768 -# define ub_common_name 64 -# define ub_locality_name 128 -# define ub_state_name 128 -# define ub_organization_name 64 -# define ub_organization_unit_name 64 -# define ub_title 64 -# define ub_email_address 128 +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 /* * Declarations for template structures: for full definitions see asn1t.h @@ -283,88 +288,90 @@ * arguments in macro calls. */ -# define DECLARE_ASN1_FUNCTIONS_attr(attr, type) \ +#define DECLARE_ASN1_FUNCTIONS_attr(attr, type) \ DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, type) -# define DECLARE_ASN1_FUNCTIONS(type) \ +#define DECLARE_ASN1_FUNCTIONS(type) \ DECLARE_ASN1_FUNCTIONS_attr(extern, type) -# define DECLARE_ASN1_ALLOC_FUNCTIONS_attr(attr, type) \ +#define DECLARE_ASN1_ALLOC_FUNCTIONS_attr(attr, type) \ DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, type) -# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ +#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ DECLARE_ASN1_ALLOC_FUNCTIONS_attr(extern, type) -# define DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, name) \ - DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ +#define DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name) -# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ +#define DECLARE_ASN1_FUNCTIONS_name(type, name) \ DECLARE_ASN1_FUNCTIONS_name_attr(extern, type, name) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, itname, name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, itname, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ DECLARE_ASN1_ITEM_attr(attr, itname) -# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_attr(extern, type, itname, name) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, name, name) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(extern, type, name) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ - attr type *d2i_##name(type **a, const unsigned char **in, long len); \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ + attr type *d2i_##name(type **a, const unsigned char **in, long len); \ attr int i2d_##name(const type *a, unsigned char **out); -# define DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(extern, type, name) -# define DECLARE_ASN1_NDEF_FUNCTION_attr(attr, name) \ +#define DECLARE_ASN1_NDEF_FUNCTION_attr(attr, name) \ attr int i2d_##name##_NDEF(const name *a, unsigned char **out); -# define DECLARE_ASN1_NDEF_FUNCTION(name) \ +#define DECLARE_ASN1_NDEF_FUNCTION(name) \ DECLARE_ASN1_NDEF_FUNCTION_attr(extern, name) -# define DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ - attr type *name##_new(void); \ +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ + attr type *name##_new(void); \ attr void name##_free(type *a); -# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(extern, type, name) -# define DECLARE_ASN1_DUP_FUNCTION_attr(attr, type) \ +#define DECLARE_ASN1_DUP_FUNCTION_attr(attr, type) \ DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, type) -# define DECLARE_ASN1_DUP_FUNCTION(type) \ +#define DECLARE_ASN1_DUP_FUNCTION(type) \ DECLARE_ASN1_DUP_FUNCTION_attr(extern, type) -# define DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, name) \ +#define DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, name) \ attr type *name##_dup(const type *a); -# define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ +#define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ DECLARE_ASN1_DUP_FUNCTION_name_attr(extern, type, name) -# define DECLARE_ASN1_PRINT_FUNCTION_attr(attr, stname) \ +#define DECLARE_ASN1_PRINT_FUNCTION_attr(attr, stname) \ DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, stname) -# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ +#define DECLARE_ASN1_PRINT_FUNCTION(stname) \ DECLARE_ASN1_PRINT_FUNCTION_attr(extern, stname) -# define DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, fname) \ - attr int fname##_print_ctx(BIO *out, const stname *x, int indent, \ - const ASN1_PCTX *pctx); -# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ +#define DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, fname) \ + attr int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx); +#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ DECLARE_ASN1_PRINT_FUNCTION_fname_attr(extern, stname, fname) -# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) -# define I2D_OF(type) int (*)(const type *,unsigned char **) - -# define CHECKED_D2I_OF(type, d2i) \ - ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) -# define CHECKED_I2D_OF(type, i2d) \ - ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) -# define CHECKED_NEW_OF(type, xnew) \ - ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) -# define CHECKED_PTR_OF(type, p) \ - ((void*) (1 ? p : (type*)0)) -# define CHECKED_PPTR_OF(type, p) \ - ((void**) (1 ? p : (type**)0)) - -# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) -# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(const type *,unsigned char **) -# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) +#define D2I_OF(type) type *(*)(type **, const unsigned char **, long) +#define I2D_OF(type) int (*)(const type *, unsigned char **) + +#define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void *)(1 ? d2i : ((D2I_OF(type))0))) +#define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void *)(1 ? i2d : ((I2D_OF(type))0))) +#define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void))(1 ? xnew : ((type * (*)(void))0))) +#define CHECKED_PTR_OF(type, p) \ + ((void *)(1 ? p : (type *)0)) +#define CHECKED_PPTR_OF(type, p) \ + ((void **)(1 ? p : (type **)0)) + +#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **, const unsigned char **, long) +#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(const type *, unsigned char **) +#define TYPEDEF_D2I2D_OF(type) \ + TYPEDEF_D2I_OF(type); \ + TYPEDEF_I2D_OF(type) typedef void *d2i_of_void(void **, const unsigned char **, long); typedef int i2d_of_void(const void *, unsigned char **); @@ -405,26 +412,25 @@ * */ - /* * Platforms that can't easily handle shared global variables are declared as * functions returning ASN1_ITEM pointers. */ /* ASN1_ITEM pointer exported type */ -typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); +typedef const ASN1_ITEM *ASN1_ITEM_EXP(void); /* Macro to obtain ASN1_ITEM pointer from exported type */ -# define ASN1_ITEM_ptr(iptr) (iptr()) +#define ASN1_ITEM_ptr(iptr) (iptr()) /* Macro to include ASN1_ITEM pointer from base type */ -# define ASN1_ITEM_ref(iptr) (iptr##_it) +#define ASN1_ITEM_ref(iptr) (iptr##_it) -# define ASN1_ITEM_rptr(ref) (ref##_it()) +#define ASN1_ITEM_rptr(ref) (ref##_it()) -# define DECLARE_ASN1_ITEM_attr(attr, name) \ - attr const ASN1_ITEM * name##_it(void); -# define DECLARE_ASN1_ITEM(name) \ +#define DECLARE_ASN1_ITEM_attr(attr, name) \ + attr const ASN1_ITEM *name##_it(void); +#define DECLARE_ASN1_ITEM(name) \ DECLARE_ASN1_ITEM_attr(extern, name) /* Parameters used by ASN1_STRING_print_ex() */ @@ -434,30 +440,30 @@ * control characters and MSB set characters */ -# define ASN1_STRFLGS_ESC_2253 1 -# define ASN1_STRFLGS_ESC_CTRL 2 -# define ASN1_STRFLGS_ESC_MSB 4 +#define ASN1_STRFLGS_ESC_2253 1 +#define ASN1_STRFLGS_ESC_CTRL 2 +#define ASN1_STRFLGS_ESC_MSB 4 /* Lower 8 bits are reserved as an output type specifier */ -# define ASN1_DTFLGS_TYPE_MASK 0x0FUL -# define ASN1_DTFLGS_RFC822 0x00UL -# define ASN1_DTFLGS_ISO8601 0x01UL +#define ASN1_DTFLGS_TYPE_MASK 0x0FUL +#define ASN1_DTFLGS_RFC822 0x00UL +#define ASN1_DTFLGS_ISO8601 0x01UL /* * This flag determines how we do escaping: normally RC2253 backslash only, * set this to use backslash and quote. */ -# define ASN1_STRFLGS_ESC_QUOTE 8 +#define ASN1_STRFLGS_ESC_QUOTE 8 /* These three flags are internal use only. */ /* Character is a valid PrintableString character */ -# define CHARTYPE_PRINTABLESTRING 0x10 +#define CHARTYPE_PRINTABLESTRING 0x10 /* Character needs escaping if it is the first character */ -# define CHARTYPE_FIRST_ESC_2253 0x20 +#define CHARTYPE_FIRST_ESC_2253 0x20 /* Character needs escaping if it is the last character */ -# define CHARTYPE_LAST_ESC_2253 0x40 +#define CHARTYPE_LAST_ESC_2253 0x40 /* * NB the internal flags are safely reused below by flags handled at the top @@ -468,7 +474,7 @@ * If this is set we convert all character strings to UTF8 first */ -# define ASN1_STRFLGS_UTF8_CONVERT 0x10 +#define ASN1_STRFLGS_UTF8_CONVERT 0x10 /* * If this is set we don't attempt to interpret content: just assume all @@ -476,10 +482,10 @@ * looking output! */ -# define ASN1_STRFLGS_IGNORE_TYPE 0x20 +#define ASN1_STRFLGS_IGNORE_TYPE 0x20 /* If this is set we include the string type in the output */ -# define ASN1_STRFLGS_SHOW_TYPE 0x40 +#define ASN1_STRFLGS_SHOW_TYPE 0x40 /* * This determines which strings to display and which to 'dump' (hex dump of @@ -489,33 +495,27 @@ * options. */ -# define ASN1_STRFLGS_DUMP_ALL 0x80 -# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 +#define ASN1_STRFLGS_DUMP_ALL 0x80 +#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 /* * These determine what 'dumping' does, we can dump the content octets or the * DER encoding: both use the RFC2253 #XXXXX notation. */ -# define ASN1_STRFLGS_DUMP_DER 0x200 +#define ASN1_STRFLGS_DUMP_DER 0x200 /* * This flag specifies that RC2254 escaping shall be performed. */ -#define ASN1_STRFLGS_ESC_2254 0x400 +#define ASN1_STRFLGS_ESC_2254 0x400 /* * All the string flags consistent with RFC2253, escaping control characters * isn't essential in RFC2253 but it is advisable anyway. */ -# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB | \ - ASN1_STRFLGS_UTF8_CONVERT | \ - ASN1_STRFLGS_DUMP_UNKNOWN | \ - ASN1_STRFLGS_DUMP_DER) - +#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN | ASN1_STRFLGS_DUMP_DER) struct asn1_type_st { int type; @@ -548,6 +548,7 @@ } value; }; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASN1_TYPE, ASN1_TYPE, ASN1_TYPE) #define sk_ASN1_TYPE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_TYPE_sk_type(sk)) #define sk_ASN1_TYPE_value(sk, idx) ((ASN1_TYPE *)OPENSSL_sk_value(ossl_check_const_ASN1_TYPE_sk_type(sk), (idx))) @@ -575,6 +576,7 @@ #define sk_ASN1_TYPE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_TYPE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_copyfunc_type(copyfunc), ossl_check_ASN1_TYPE_freefunc_type(freefunc))) #define sk_ASN1_TYPE_set_cmp_func(sk, cmp) ((sk_ASN1_TYPE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_TYPE_sk_type(sk), ossl_check_ASN1_TYPE_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; @@ -588,34 +590,17 @@ const char *sname; } BIT_STRING_BITNAME; -# define B_ASN1_TIME \ - B_ASN1_UTCTIME | \ - B_ASN1_GENERALIZEDTIME - -# define B_ASN1_PRINTABLE \ - B_ASN1_NUMERICSTRING| \ - B_ASN1_PRINTABLESTRING| \ - B_ASN1_T61STRING| \ - B_ASN1_IA5STRING| \ - B_ASN1_BIT_STRING| \ - B_ASN1_UNIVERSALSTRING|\ - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING|\ - B_ASN1_SEQUENCE|\ - B_ASN1_UNKNOWN - -# define B_ASN1_DIRECTORYSTRING \ - B_ASN1_PRINTABLESTRING| \ - B_ASN1_TELETEXSTRING|\ - B_ASN1_BMPSTRING|\ - B_ASN1_UNIVERSALSTRING|\ - B_ASN1_UTF8STRING - -# define B_ASN1_DISPLAYTEXT \ - B_ASN1_IA5STRING| \ - B_ASN1_VISIBLESTRING| \ - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING +#define B_ASN1_TIME \ + B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME + +#define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING | B_ASN1_BIT_STRING | B_ASN1_UNIVERSALSTRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING | B_ASN1_SEQUENCE | B_ASN1_UNKNOWN + +#define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING | B_ASN1_TELETEXSTRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING + +#define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING DECLARE_ASN1_ALLOC_FUNCTIONS_name(ASN1_TYPE, ASN1_TYPE) DECLARE_ASN1_ENCODE_FUNCTIONS(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) @@ -628,6 +613,7 @@ ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASN1_OBJECT, ASN1_OBJECT, ASN1_OBJECT) #define sk_ASN1_OBJECT_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_OBJECT_sk_type(sk)) #define sk_ASN1_OBJECT_value(sk, idx) ((ASN1_OBJECT *)OPENSSL_sk_value(ossl_check_const_ASN1_OBJECT_sk_type(sk), (idx))) @@ -655,6 +641,7 @@ #define sk_ASN1_OBJECT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_OBJECT) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_copyfunc_type(copyfunc), ossl_check_ASN1_OBJECT_freefunc_type(freefunc))) #define sk_ASN1_OBJECT_set_cmp_func(sk, cmp) ((sk_ASN1_OBJECT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_OBJECT_sk_type(sk), ossl_check_ASN1_OBJECT_compfunc_type(cmp))) +/* clang-format on */ DECLARE_ASN1_FUNCTIONS(ASN1_OBJECT) @@ -665,20 +652,20 @@ DECLARE_ASN1_DUP_FUNCTION(ASN1_STRING) ASN1_STRING *ASN1_STRING_type_new(int type); int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); - /* - * Since this is used to store all sorts of things, via macros, for now, - * make its data void * - */ +/* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); int ASN1_STRING_length(const ASN1_STRING *x); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void ASN1_STRING_length_set(ASN1_STRING *x, int n); -# endif +#endif int ASN1_STRING_type(const ASN1_STRING *x); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x); -# endif +#endif const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) @@ -686,14 +673,15 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, - const unsigned char *flags, int flags_len); + const unsigned char *flags, int flags_len); int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent); + BIT_STRING_BITNAME *tbl, int indent); int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, - BIT_STRING_BITNAME *tbl); + BIT_STRING_BITNAME *tbl); +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASN1_INTEGER, ASN1_INTEGER, ASN1_INTEGER) #define sk_ASN1_INTEGER_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_INTEGER_sk_type(sk)) #define sk_ASN1_INTEGER_value(sk, idx) ((ASN1_INTEGER *)OPENSSL_sk_value(ossl_check_const_ASN1_INTEGER_sk_type(sk), (idx))) @@ -721,11 +709,11 @@ #define sk_ASN1_INTEGER_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_INTEGER) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_copyfunc_type(copyfunc), ossl_check_ASN1_INTEGER_freefunc_type(freefunc))) #define sk_ASN1_INTEGER_set_cmp_func(sk, cmp) ((sk_ASN1_INTEGER_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_INTEGER_sk_type(sk), ossl_check_ASN1_INTEGER_compfunc_type(cmp))) - +/* clang-format on */ DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); + long length); DECLARE_ASN1_DUP_FUNCTION(ASN1_INTEGER) int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); @@ -734,28 +722,29 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, - int offset_day, long offset_sec); + int offset_day, long offset_sec); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, - time_t t); + time_t t); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, - time_t t, int offset_day, - long offset_sec); + time_t t, int offset_day, + long offset_sec); int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); int ASN1_TIME_diff(int *pday, int *psec, - const ASN1_TIME *from, const ASN1_TIME *to); + const ASN1_TIME *from, const ASN1_TIME *to); DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) DECLARE_ASN1_DUP_FUNCTION(ASN1_OCTET_STRING) int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, - const ASN1_OCTET_STRING *b); + const ASN1_OCTET_STRING *b); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, - int len); + int len); +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASN1_UTF8STRING, ASN1_UTF8STRING, ASN1_UTF8STRING) #define sk_ASN1_UTF8STRING_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_UTF8STRING_sk_type(sk)) #define sk_ASN1_UTF8STRING_value(sk, idx) ((ASN1_UTF8STRING *)OPENSSL_sk_value(ossl_check_const_ASN1_UTF8STRING_sk_type(sk), (idx))) @@ -783,6 +772,7 @@ #define sk_ASN1_UTF8STRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_UTF8STRING) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_copyfunc_type(copyfunc), ossl_check_ASN1_UTF8STRING_freefunc_type(freefunc))) #define sk_ASN1_UTF8STRING_set_cmp_func(sk, cmp) ((sk_ASN1_UTF8STRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_UTF8STRING_sk_type(sk), ossl_check_ASN1_UTF8STRING_compfunc_type(cmp))) +/* clang-format on */ DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) @@ -793,6 +783,7 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val); int UTF8_putc(unsigned char *str, int len, unsigned long value); +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASN1_GENERALSTRING, ASN1_GENERALSTRING, ASN1_GENERALSTRING) #define sk_ASN1_GENERALSTRING_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk)) #define sk_ASN1_GENERALSTRING_value(sk, idx) ((ASN1_GENERALSTRING *)OPENSSL_sk_value(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk), (idx))) @@ -820,6 +811,7 @@ #define sk_ASN1_GENERALSTRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_GENERALSTRING) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_copyfunc_type(copyfunc), ossl_check_ASN1_GENERALSTRING_freefunc_type(freefunc))) #define sk_ASN1_GENERALSTRING_set_cmp_func(sk, cmp) ((sk_ASN1_GENERALSTRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_GENERALSTRING_sk_type(sk), ossl_check_ASN1_GENERALSTRING_compfunc_type(cmp))) +/* clang-format on */ DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) @@ -841,10 +833,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - int offset_day, long offset_sec); + int offset_day, long offset_sec); int ASN1_TIME_check(const ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, - ASN1_GENERALIZEDTIME **out); + ASN1_GENERALIZEDTIME **out); int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); @@ -863,7 +855,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, - const char *sn, const char *ln); + const char *sn, const char *ln); int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); @@ -878,7 +870,6 @@ int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); - int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); @@ -892,81 +883,81 @@ /* SPECIALS */ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, - int *pclass, long omax); + int *pclass, long omax); int ASN1_check_infinite_end(unsigned char **p, long len); int ASN1_const_check_infinite_end(const unsigned char **p, long len); void ASN1_put_object(unsigned char **pp, int constructed, int length, - int tag, int xclass); + int tag, int xclass); int ASN1_put_eoc(unsigned char **pp); int ASN1_object_size(int constructed, int length, int tag); /* Used to implement other functions */ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x); -# define ASN1_dup_of(type,i2d,d2i,x) \ - ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ - CHECKED_D2I_OF(type, d2i), \ - CHECKED_PTR_OF(const type, x))) +#define ASN1_dup_of(type, i2d, d2i, x) \ + ((type *)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) void *ASN1_item_dup(const ASN1_ITEM *it, const void *x); int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - const void *data, const ASN1_OCTET_STRING *id, - EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, - const char *propq); + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, const ASN1_OCTET_STRING *id, + EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, + const char *propq); int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, - OSSL_LIB_CTX *libctx, const char *propq); + const ASN1_BIT_STRING *signature, const void *data, + const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const char *propq); /* ASN1 alloc/free macros for when a type is only used internally */ -# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) -# define M_ASN1_free_of(x, type) \ - ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) +#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +#define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) -# ifndef OPENSSL_NO_STDIO -void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); +#ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); -# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ - ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ - CHECKED_D2I_OF(type, d2i), \ - in, \ - CHECKED_PPTR_OF(type, x))) +#define ASN1_d2i_fp_of(type, xnew, d2i, in, x) \ + ((type *)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x); -# define ASN1_i2d_fp_of(type,i2d,out,x) \ +#define ASN1_i2d_fp_of(type, i2d, out, x) \ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ - out, \ - CHECKED_PTR_OF(const type, x))) + out, \ + CHECKED_PTR_OF(const type, x))) int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, const void *x); int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); -# endif +#endif int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); -void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); +void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); -# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ - ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ - CHECKED_D2I_OF(type, d2i), \ - in, \ - CHECKED_PPTR_OF(type, x))) +#define ASN1_d2i_bio_of(type, xnew, d2i, in, x) \ + ((type *)ASN1_d2i_bio(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *pval, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *pval); int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x); -# define ASN1_i2d_bio_of(type,i2d,out,x) \ +#define ASN1_i2d_bio_of(type, i2d, out, x) \ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ - out, \ - CHECKED_PTR_OF(const type, x))) + out, \ + CHECKED_PTR_OF(const type, x))) int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x); BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val); @@ -978,10 +969,10 @@ int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, - unsigned char *buf, int off); + unsigned char *buf, int off); int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, - int dump); + int dump); const char *ASN1_tag2str(int tag); /* Used to load and write Netscape format cert */ @@ -991,27 +982,27 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, - unsigned char *data, int len); + unsigned char *data, int len); int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len); + unsigned char *data, int max_len); void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, - ASN1_OCTET_STRING **oct); + ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); int ASN1_STRING_set_default_mask_asc(const char *p); unsigned long ASN1_STRING_get_default_mask(void); int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask); + int inform, unsigned long mask); int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask, - long minsize, long maxsize); + int inform, unsigned long mask, + long minsize, long maxsize); ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, - const unsigned char *in, int inlen, - int inform, int nid); + const unsigned char *in, int inlen, + int inform, int nid); ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); void ASN1_STRING_TABLE_cleanup(void); @@ -1021,16 +1012,16 @@ /* Old API compatible functions */ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **val, const unsigned char **in, - long len, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq); + long len, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, - long len, const ASN1_ITEM *it); + long len, const ASN1_ITEM *it); int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it); + const ASN1_ITEM *it); void ASN1_add_oid_module(void); void ASN1_add_stable_module(void); @@ -1042,26 +1033,26 @@ /* ASN1 Print flags */ /* Indicate missing OPTIONAL fields */ -# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +#define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 /* Mark start and end of SEQUENCE */ -# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 /* Mark start and end of SEQUENCE/SET OF */ -# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +#define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 /* Show the ASN1 type of primitives */ -# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +#define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 /* Don't show ASN1 type of ANY */ -# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +#define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 /* Don't show ASN1 type of MSTRINGs */ -# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 /* Don't show field names in SEQUENCE */ -# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +#define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 /* Show structure names of each SEQUENCE field */ -# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 /* Don't show structure name even at top level */ -# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 +#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent, - const ASN1_ITEM *it, const ASN1_PCTX *pctx); + const ASN1_ITEM *it, const ASN1_PCTX *pctx); ASN1_PCTX *ASN1_PCTX_new(void); void ASN1_PCTX_free(ASN1_PCTX *p); unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); @@ -1075,7 +1066,7 @@ unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); -ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb)(ASN1_SCTX *ctx)); void ASN1_SCTX_free(ASN1_SCTX *p); const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); @@ -1089,21 +1080,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const ASN1_ITEM *it); + const ASN1_ITEM *it); int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const char *hdr, const ASN1_ITEM *it); + const char *hdr, const ASN1_ITEM *it); /* cannot constify val because of CMS_dataFinal() */ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq); + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, - const ASN1_ITEM *it, ASN1_VALUE **x, - OSSL_LIB_CTX *libctx, const char *propq); + const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq); int SMIME_crlf_copy(BIO *in, BIO *out, int flags); int SMIME_text(BIO *in, BIO *out); @@ -1111,18 +1102,18 @@ const ASN1_ITEM *ASN1_ITEM_get(size_t i); /* Legacy compatibility */ -# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ - DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) -# define DECLARE_ASN1_FUNCTIONS_const(type) DECLARE_ASN1_FUNCTIONS(type) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS(type, name) -# define I2D_OF_const(type) I2D_OF(type) -# define ASN1_dup_of_const(type,i2d,d2i,x) ASN1_dup_of(type,i2d,d2i,x) -# define ASN1_i2d_fp_of_const(type,i2d,out,x) ASN1_i2d_fp_of(type,i2d,out,x) -# define ASN1_i2d_bio_of_const(type,i2d,out,x) ASN1_i2d_bio_of(type,i2d,out,x) - -# ifdef __cplusplus +#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) +#define DECLARE_ASN1_FUNCTIONS_const(type) DECLARE_ASN1_FUNCTIONS(type) +#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name) +#define I2D_OF_const(type) I2D_OF(type) +#define ASN1_dup_of_const(type, i2d, d2i, x) ASN1_dup_of(type, i2d, d2i, x) +#define ASN1_i2d_fp_of_const(type, i2d, out, x) ASN1_i2d_fp_of(type, i2d, out, x) +#define ASN1_i2d_bio_of_const(type, i2d, out, x) ASN1_i2d_bio_of(type, i2d, out, x) + +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/asn1.h.in.orig +++ crypto/openssl/include/openssl/asn1.h.in @@ -9,82 +9,84 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_ASN1_H -# define OPENSSL_ASN1_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ASN1_H -# endif - -# include -# include -# include -# include -# include -# include -# include - -# include -# include - -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif - -#ifdef __cplusplus +#define OPENSSL_ASN1_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ASN1_H +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +#undef OPENSSL_EXTERN +#define OPENSSL_EXTERN OPENSSL_EXPORT +#endif + +#ifdef __cplusplus extern "C" { #endif -# define V_ASN1_UNIVERSAL 0x00 -# define V_ASN1_APPLICATION 0x40 -# define V_ASN1_CONTEXT_SPECIFIC 0x80 -# define V_ASN1_PRIVATE 0xc0 +#define V_ASN1_UNIVERSAL 0x00 +#define V_ASN1_APPLICATION 0x40 +#define V_ASN1_CONTEXT_SPECIFIC 0x80 +#define V_ASN1_PRIVATE 0xc0 -# define V_ASN1_CONSTRUCTED 0x20 -# define V_ASN1_PRIMITIVE_TAG 0x1f -# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG +#define V_ASN1_CONSTRUCTED 0x20 +#define V_ASN1_PRIMITIVE_TAG 0x1f +#define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG -# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ -# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ -# define V_ASN1_ANY -4/* used in ASN1 template code */ +#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ +#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ +#define V_ASN1_ANY -4 /* used in ASN1 template code */ -# define V_ASN1_UNDEF -1 +#define V_ASN1_UNDEF -1 /* ASN.1 tag values */ -# define V_ASN1_EOC 0 -# define V_ASN1_BOOLEAN 1 /**/ -# define V_ASN1_INTEGER 2 -# define V_ASN1_BIT_STRING 3 -# define V_ASN1_OCTET_STRING 4 -# define V_ASN1_NULL 5 -# define V_ASN1_OBJECT 6 -# define V_ASN1_OBJECT_DESCRIPTOR 7 -# define V_ASN1_EXTERNAL 8 -# define V_ASN1_REAL 9 -# define V_ASN1_ENUMERATED 10 -# define V_ASN1_UTF8STRING 12 -# define V_ASN1_SEQUENCE 16 -# define V_ASN1_SET 17 -# define V_ASN1_NUMERICSTRING 18 /**/ -# define V_ASN1_PRINTABLESTRING 19 -# define V_ASN1_T61STRING 20 -# define V_ASN1_TELETEXSTRING 20/* alias */ -# define V_ASN1_VIDEOTEXSTRING 21 /**/ -# define V_ASN1_IA5STRING 22 -# define V_ASN1_UTCTIME 23 -# define V_ASN1_GENERALIZEDTIME 24 /**/ -# define V_ASN1_GRAPHICSTRING 25 /**/ -# define V_ASN1_ISO64STRING 26 /**/ -# define V_ASN1_VISIBLESTRING 26/* alias */ -# define V_ASN1_GENERALSTRING 27 /**/ -# define V_ASN1_UNIVERSALSTRING 28 /**/ -# define V_ASN1_BMPSTRING 30 +#define V_ASN1_EOC 0 +#define V_ASN1_BOOLEAN 1 /**/ +#define V_ASN1_INTEGER 2 +#define V_ASN1_BIT_STRING 3 +#define V_ASN1_OCTET_STRING 4 +#define V_ASN1_NULL 5 +#define V_ASN1_OBJECT 6 +#define V_ASN1_OBJECT_DESCRIPTOR 7 +#define V_ASN1_EXTERNAL 8 +#define V_ASN1_REAL 9 +#define V_ASN1_ENUMERATED 10 +#define V_ASN1_UTF8STRING 12 +#define V_ASN1_SEQUENCE 16 +#define V_ASN1_SET 17 +#define V_ASN1_NUMERICSTRING 18 /**/ +#define V_ASN1_PRINTABLESTRING 19 +#define V_ASN1_T61STRING 20 +#define V_ASN1_TELETEXSTRING 20 /* alias */ +#define V_ASN1_VIDEOTEXSTRING 21 /**/ +#define V_ASN1_IA5STRING 22 +#define V_ASN1_UTCTIME 23 +#define V_ASN1_GENERALIZEDTIME 24 /**/ +#define V_ASN1_GRAPHICSTRING 25 /**/ +#define V_ASN1_ISO64STRING 26 /**/ +#define V_ASN1_VISIBLESTRING 26 /* alias */ +#define V_ASN1_GENERALSTRING 27 /**/ +#define V_ASN1_UNIVERSALSTRING 28 /**/ +#define V_ASN1_BMPSTRING 30 /* * NB the constants below are used internally by ASN1_INTEGER @@ -92,53 +94,54 @@ * the wire tag values. */ -# define V_ASN1_NEG 0x100 -# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) -# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +#define V_ASN1_NEG 0x100 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) /* For use with d2i_ASN1_type_bytes() */ -# define B_ASN1_NUMERICSTRING 0x0001 -# define B_ASN1_PRINTABLESTRING 0x0002 -# define B_ASN1_T61STRING 0x0004 -# define B_ASN1_TELETEXSTRING 0x0004 -# define B_ASN1_VIDEOTEXSTRING 0x0008 -# define B_ASN1_IA5STRING 0x0010 -# define B_ASN1_GRAPHICSTRING 0x0020 -# define B_ASN1_ISO64STRING 0x0040 -# define B_ASN1_VISIBLESTRING 0x0040 -# define B_ASN1_GENERALSTRING 0x0080 -# define B_ASN1_UNIVERSALSTRING 0x0100 -# define B_ASN1_OCTET_STRING 0x0200 -# define B_ASN1_BIT_STRING 0x0400 -# define B_ASN1_BMPSTRING 0x0800 -# define B_ASN1_UNKNOWN 0x1000 -# define B_ASN1_UTF8STRING 0x2000 -# define B_ASN1_UTCTIME 0x4000 -# define B_ASN1_GENERALIZEDTIME 0x8000 -# define B_ASN1_SEQUENCE 0x10000 +#define B_ASN1_NUMERICSTRING 0x0001 +#define B_ASN1_PRINTABLESTRING 0x0002 +#define B_ASN1_T61STRING 0x0004 +#define B_ASN1_TELETEXSTRING 0x0004 +#define B_ASN1_VIDEOTEXSTRING 0x0008 +#define B_ASN1_IA5STRING 0x0010 +#define B_ASN1_GRAPHICSTRING 0x0020 +#define B_ASN1_ISO64STRING 0x0040 +#define B_ASN1_VISIBLESTRING 0x0040 +#define B_ASN1_GENERALSTRING 0x0080 +#define B_ASN1_UNIVERSALSTRING 0x0100 +#define B_ASN1_OCTET_STRING 0x0200 +#define B_ASN1_BIT_STRING 0x0400 +#define B_ASN1_BMPSTRING 0x0800 +#define B_ASN1_UNKNOWN 0x1000 +#define B_ASN1_UTF8STRING 0x2000 +#define B_ASN1_UTCTIME 0x4000 +#define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 /* For use with ASN1_mbstring_copy() */ -# define MBSTRING_FLAG 0x1000 -# define MBSTRING_UTF8 (MBSTRING_FLAG) -# define MBSTRING_ASC (MBSTRING_FLAG|1) -# define MBSTRING_BMP (MBSTRING_FLAG|2) -# define MBSTRING_UNIV (MBSTRING_FLAG|4) -# define SMIME_OLDMIME 0x400 -# define SMIME_CRLFEOL 0x800 -# define SMIME_STREAM 0x1000 +#define MBSTRING_FLAG 0x1000 +#define MBSTRING_UTF8 (MBSTRING_FLAG) +#define MBSTRING_ASC (MBSTRING_FLAG | 1) +#define MBSTRING_BMP (MBSTRING_FLAG | 2) +#define MBSTRING_UNIV (MBSTRING_FLAG | 4) +#define SMIME_OLDMIME 0x400 +#define SMIME_CRLFEOL 0x800 +#define SMIME_STREAM 0x1000 /* Stacks for types not otherwise defined in this header */ +/* clang-format off */ {- generate_stack_macros("X509_ALGOR"); -} +/* clang-format on */ - -# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ /* * This indicates that the ASN1_STRING is not a real value but just a place * holder for the location where indefinite length constructed data should be * inserted in the memory buffer */ -# define ASN1_STRING_FLAG_NDEF 0x010 +#define ASN1_STRING_FLAG_NDEF 0x010 /* * This flag is used by the CMS code to indicate that a string is not @@ -146,16 +149,16 @@ * The flag will be reset when content has been written to it. */ -# define ASN1_STRING_FLAG_CONT 0x020 +#define ASN1_STRING_FLAG_CONT 0x020 /* * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING * type. */ -# define ASN1_STRING_FLAG_MSTRING 0x040 +#define ASN1_STRING_FLAG_MSTRING 0x040 /* String is embedded and only content should be freed */ -# define ASN1_STRING_FLAG_EMBED 0x080 +#define ASN1_STRING_FLAG_EMBED 0x080 /* String should be parsed in RFC 5280's time format */ -# define ASN1_STRING_FLAG_X509_TIME 0x100 +#define ASN1_STRING_FLAG_X509_TIME 0x100 /* This is the base type that holds just about everything :-) */ struct asn1_string_st { int length; @@ -176,26 +179,26 @@ */ typedef struct ASN1_ENCODING_st { - unsigned char *enc; /* DER encoding */ - long len; /* Length of encoding */ - int modified; /* set to 1 if 'enc' is invalid */ + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ } ASN1_ENCODING; /* Used with ASN1 LONG type: if a long is set to this it is omitted */ -# define ASN1_LONG_UNDEF 0x7fffffffL +#define ASN1_LONG_UNDEF 0x7fffffffL -# define STABLE_FLAGS_MALLOC 0x01 +#define STABLE_FLAGS_MALLOC 0x01 /* * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias * STABLE_FLAGS_CLEAR to reflect this. */ -# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC -# define STABLE_NO_MASK 0x02 -# define DIRSTRING_TYPE \ - (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) -# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) +#define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +#define STABLE_NO_MASK 0x02 +#define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING) +#define PKCS9STRING_TYPE (DIRSTRING_TYPE | B_ASN1_IA5STRING) struct asn1_string_table_st { int nid; @@ -205,20 +208,22 @@ unsigned long flags; }; +/* clang-format off */ {- generate_stack_macros("ASN1_STRING_TABLE"); -} +/* clang-format on */ /* size limits: this stuff is taken straight from RFC2459 */ -# define ub_name 32768 -# define ub_common_name 64 -# define ub_locality_name 128 -# define ub_state_name 128 -# define ub_organization_name 64 -# define ub_organization_unit_name 64 -# define ub_title 64 -# define ub_email_address 128 +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 /* * Declarations for template structures: for full definitions see asn1t.h @@ -236,88 +241,90 @@ * arguments in macro calls. */ -# define DECLARE_ASN1_FUNCTIONS_attr(attr, type) \ +#define DECLARE_ASN1_FUNCTIONS_attr(attr, type) \ DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, type) -# define DECLARE_ASN1_FUNCTIONS(type) \ +#define DECLARE_ASN1_FUNCTIONS(type) \ DECLARE_ASN1_FUNCTIONS_attr(extern, type) -# define DECLARE_ASN1_ALLOC_FUNCTIONS_attr(attr, type) \ +#define DECLARE_ASN1_ALLOC_FUNCTIONS_attr(attr, type) \ DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, type) -# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ +#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ DECLARE_ASN1_ALLOC_FUNCTIONS_attr(extern, type) -# define DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, name) \ - DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ +#define DECLARE_ASN1_FUNCTIONS_name_attr(attr, type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name) -# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ +#define DECLARE_ASN1_FUNCTIONS_name(type, name) \ DECLARE_ASN1_FUNCTIONS_name_attr(extern, type, name) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, itname, name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, itname, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ DECLARE_ASN1_ITEM_attr(attr, itname) -# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_attr(extern, type, itname, name) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(attr, type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_attr(attr, type, name, name) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(extern, type, name) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ - attr type *d2i_##name(type **a, const unsigned char **in, long len); \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(attr, type, name) \ + attr type *d2i_##name(type **a, const unsigned char **in, long len); \ attr int i2d_##name(const type *a, unsigned char **out); -# define DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ +#define DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(extern, type, name) -# define DECLARE_ASN1_NDEF_FUNCTION_attr(attr, name) \ +#define DECLARE_ASN1_NDEF_FUNCTION_attr(attr, name) \ attr int i2d_##name##_NDEF(const name *a, unsigned char **out); -# define DECLARE_ASN1_NDEF_FUNCTION(name) \ +#define DECLARE_ASN1_NDEF_FUNCTION(name) \ DECLARE_ASN1_NDEF_FUNCTION_attr(extern, name) -# define DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ - attr type *name##_new(void); \ +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(attr, type, name) \ + attr type *name##_new(void); \ attr void name##_free(type *a); -# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr(extern, type, name) -# define DECLARE_ASN1_DUP_FUNCTION_attr(attr, type) \ +#define DECLARE_ASN1_DUP_FUNCTION_attr(attr, type) \ DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, type) -# define DECLARE_ASN1_DUP_FUNCTION(type) \ +#define DECLARE_ASN1_DUP_FUNCTION(type) \ DECLARE_ASN1_DUP_FUNCTION_attr(extern, type) -# define DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, name) \ +#define DECLARE_ASN1_DUP_FUNCTION_name_attr(attr, type, name) \ attr type *name##_dup(const type *a); -# define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ +#define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ DECLARE_ASN1_DUP_FUNCTION_name_attr(extern, type, name) -# define DECLARE_ASN1_PRINT_FUNCTION_attr(attr, stname) \ +#define DECLARE_ASN1_PRINT_FUNCTION_attr(attr, stname) \ DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, stname) -# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ +#define DECLARE_ASN1_PRINT_FUNCTION(stname) \ DECLARE_ASN1_PRINT_FUNCTION_attr(extern, stname) -# define DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, fname) \ - attr int fname##_print_ctx(BIO *out, const stname *x, int indent, \ - const ASN1_PCTX *pctx); -# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ +#define DECLARE_ASN1_PRINT_FUNCTION_fname_attr(attr, stname, fname) \ + attr int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx); +#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ DECLARE_ASN1_PRINT_FUNCTION_fname_attr(extern, stname, fname) -# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) -# define I2D_OF(type) int (*)(const type *,unsigned char **) - -# define CHECKED_D2I_OF(type, d2i) \ - ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) -# define CHECKED_I2D_OF(type, i2d) \ - ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) -# define CHECKED_NEW_OF(type, xnew) \ - ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) -# define CHECKED_PTR_OF(type, p) \ - ((void*) (1 ? p : (type*)0)) -# define CHECKED_PPTR_OF(type, p) \ - ((void**) (1 ? p : (type**)0)) - -# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) -# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(const type *,unsigned char **) -# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) +#define D2I_OF(type) type *(*)(type **, const unsigned char **, long) +#define I2D_OF(type) int (*)(const type *, unsigned char **) + +#define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void *)(1 ? d2i : ((D2I_OF(type))0))) +#define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void *)(1 ? i2d : ((I2D_OF(type))0))) +#define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void))(1 ? xnew : ((type * (*)(void))0))) +#define CHECKED_PTR_OF(type, p) \ + ((void *)(1 ? p : (type *)0)) +#define CHECKED_PPTR_OF(type, p) \ + ((void **)(1 ? p : (type **)0)) + +#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **, const unsigned char **, long) +#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(const type *, unsigned char **) +#define TYPEDEF_D2I2D_OF(type) \ + TYPEDEF_D2I_OF(type); \ + TYPEDEF_I2D_OF(type) typedef void *d2i_of_void(void **, const unsigned char **, long); typedef int i2d_of_void(const void *, unsigned char **); @@ -358,26 +365,25 @@ * */ - /* * Platforms that can't easily handle shared global variables are declared as * functions returning ASN1_ITEM pointers. */ /* ASN1_ITEM pointer exported type */ -typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); +typedef const ASN1_ITEM *ASN1_ITEM_EXP(void); /* Macro to obtain ASN1_ITEM pointer from exported type */ -# define ASN1_ITEM_ptr(iptr) (iptr()) +#define ASN1_ITEM_ptr(iptr) (iptr()) /* Macro to include ASN1_ITEM pointer from base type */ -# define ASN1_ITEM_ref(iptr) (iptr##_it) +#define ASN1_ITEM_ref(iptr) (iptr##_it) -# define ASN1_ITEM_rptr(ref) (ref##_it()) +#define ASN1_ITEM_rptr(ref) (ref##_it()) -# define DECLARE_ASN1_ITEM_attr(attr, name) \ - attr const ASN1_ITEM * name##_it(void); -# define DECLARE_ASN1_ITEM(name) \ +#define DECLARE_ASN1_ITEM_attr(attr, name) \ + attr const ASN1_ITEM *name##_it(void); +#define DECLARE_ASN1_ITEM(name) \ DECLARE_ASN1_ITEM_attr(extern, name) /* Parameters used by ASN1_STRING_print_ex() */ @@ -387,30 +393,30 @@ * control characters and MSB set characters */ -# define ASN1_STRFLGS_ESC_2253 1 -# define ASN1_STRFLGS_ESC_CTRL 2 -# define ASN1_STRFLGS_ESC_MSB 4 +#define ASN1_STRFLGS_ESC_2253 1 +#define ASN1_STRFLGS_ESC_CTRL 2 +#define ASN1_STRFLGS_ESC_MSB 4 /* Lower 8 bits are reserved as an output type specifier */ -# define ASN1_DTFLGS_TYPE_MASK 0x0FUL -# define ASN1_DTFLGS_RFC822 0x00UL -# define ASN1_DTFLGS_ISO8601 0x01UL +#define ASN1_DTFLGS_TYPE_MASK 0x0FUL +#define ASN1_DTFLGS_RFC822 0x00UL +#define ASN1_DTFLGS_ISO8601 0x01UL /* * This flag determines how we do escaping: normally RC2253 backslash only, * set this to use backslash and quote. */ -# define ASN1_STRFLGS_ESC_QUOTE 8 +#define ASN1_STRFLGS_ESC_QUOTE 8 /* These three flags are internal use only. */ /* Character is a valid PrintableString character */ -# define CHARTYPE_PRINTABLESTRING 0x10 +#define CHARTYPE_PRINTABLESTRING 0x10 /* Character needs escaping if it is the first character */ -# define CHARTYPE_FIRST_ESC_2253 0x20 +#define CHARTYPE_FIRST_ESC_2253 0x20 /* Character needs escaping if it is the last character */ -# define CHARTYPE_LAST_ESC_2253 0x40 +#define CHARTYPE_LAST_ESC_2253 0x40 /* * NB the internal flags are safely reused below by flags handled at the top @@ -421,7 +427,7 @@ * If this is set we convert all character strings to UTF8 first */ -# define ASN1_STRFLGS_UTF8_CONVERT 0x10 +#define ASN1_STRFLGS_UTF8_CONVERT 0x10 /* * If this is set we don't attempt to interpret content: just assume all @@ -429,10 +435,10 @@ * looking output! */ -# define ASN1_STRFLGS_IGNORE_TYPE 0x20 +#define ASN1_STRFLGS_IGNORE_TYPE 0x20 /* If this is set we include the string type in the output */ -# define ASN1_STRFLGS_SHOW_TYPE 0x40 +#define ASN1_STRFLGS_SHOW_TYPE 0x40 /* * This determines which strings to display and which to 'dump' (hex dump of @@ -442,33 +448,27 @@ * options. */ -# define ASN1_STRFLGS_DUMP_ALL 0x80 -# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 +#define ASN1_STRFLGS_DUMP_ALL 0x80 +#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 /* * These determine what 'dumping' does, we can dump the content octets or the * DER encoding: both use the RFC2253 #XXXXX notation. */ -# define ASN1_STRFLGS_DUMP_DER 0x200 +#define ASN1_STRFLGS_DUMP_DER 0x200 /* * This flag specifies that RC2254 escaping shall be performed. */ -#define ASN1_STRFLGS_ESC_2254 0x400 +#define ASN1_STRFLGS_ESC_2254 0x400 /* * All the string flags consistent with RFC2253, escaping control characters * isn't essential in RFC2253 but it is advisable anyway. */ -# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB | \ - ASN1_STRFLGS_UTF8_CONVERT | \ - ASN1_STRFLGS_DUMP_UNKNOWN | \ - ASN1_STRFLGS_DUMP_DER) - +#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN | ASN1_STRFLGS_DUMP_DER) struct asn1_type_st { int type; @@ -501,9 +501,11 @@ } value; }; +/* clang-format off */ {- generate_stack_macros("ASN1_TYPE"); -} +/* clang-format on */ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; @@ -517,34 +519,17 @@ const char *sname; } BIT_STRING_BITNAME; -# define B_ASN1_TIME \ - B_ASN1_UTCTIME | \ - B_ASN1_GENERALIZEDTIME - -# define B_ASN1_PRINTABLE \ - B_ASN1_NUMERICSTRING| \ - B_ASN1_PRINTABLESTRING| \ - B_ASN1_T61STRING| \ - B_ASN1_IA5STRING| \ - B_ASN1_BIT_STRING| \ - B_ASN1_UNIVERSALSTRING|\ - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING|\ - B_ASN1_SEQUENCE|\ - B_ASN1_UNKNOWN - -# define B_ASN1_DIRECTORYSTRING \ - B_ASN1_PRINTABLESTRING| \ - B_ASN1_TELETEXSTRING|\ - B_ASN1_BMPSTRING|\ - B_ASN1_UNIVERSALSTRING|\ - B_ASN1_UTF8STRING - -# define B_ASN1_DISPLAYTEXT \ - B_ASN1_IA5STRING| \ - B_ASN1_VISIBLESTRING| \ - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING +#define B_ASN1_TIME \ + B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME + +#define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING | B_ASN1_BIT_STRING | B_ASN1_UNIVERSALSTRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING | B_ASN1_SEQUENCE | B_ASN1_UNKNOWN + +#define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING | B_ASN1_TELETEXSTRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING + +#define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING DECLARE_ASN1_ALLOC_FUNCTIONS_name(ASN1_TYPE, ASN1_TYPE) DECLARE_ASN1_ENCODE_FUNCTIONS(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) @@ -557,9 +542,11 @@ ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +/* clang-format off */ {- generate_stack_macros("ASN1_OBJECT"); -} +/* clang-format on */ DECLARE_ASN1_FUNCTIONS(ASN1_OBJECT) @@ -570,20 +557,20 @@ DECLARE_ASN1_DUP_FUNCTION(ASN1_STRING) ASN1_STRING *ASN1_STRING_type_new(int type); int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); - /* - * Since this is used to store all sorts of things, via macros, for now, - * make its data void * - */ +/* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); int ASN1_STRING_length(const ASN1_STRING *x); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void ASN1_STRING_length_set(ASN1_STRING *x, int n); -# endif +#endif int ASN1_STRING_type(const ASN1_STRING *x); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x); -# endif +#endif const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) @@ -591,22 +578,23 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, - const unsigned char *flags, int flags_len); + const unsigned char *flags, int flags_len); int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent); + BIT_STRING_BITNAME *tbl, int indent); int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, - BIT_STRING_BITNAME *tbl); + BIT_STRING_BITNAME *tbl); +/* clang-format off */ {- generate_stack_macros("ASN1_INTEGER"); -} - +/* clang-format on */ DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); + long length); DECLARE_ASN1_DUP_FUNCTION(ASN1_INTEGER) int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); @@ -615,31 +603,33 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, - int offset_day, long offset_sec); + int offset_day, long offset_sec); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, - time_t t); + time_t t); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, - time_t t, int offset_day, - long offset_sec); + time_t t, int offset_day, + long offset_sec); int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); int ASN1_TIME_diff(int *pday, int *psec, - const ASN1_TIME *from, const ASN1_TIME *to); + const ASN1_TIME *from, const ASN1_TIME *to); DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) DECLARE_ASN1_DUP_FUNCTION(ASN1_OCTET_STRING) int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, - const ASN1_OCTET_STRING *b); + const ASN1_OCTET_STRING *b); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, - int len); + int len); +/* clang-format off */ {- generate_stack_macros("ASN1_UTF8STRING"); -} +/* clang-format on */ DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) @@ -650,9 +640,11 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val); int UTF8_putc(unsigned char *str, int len, unsigned long value); +/* clang-format off */ {- generate_stack_macros("ASN1_GENERALSTRING"); -} +/* clang-format on */ DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) @@ -674,10 +666,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - int offset_day, long offset_sec); + int offset_day, long offset_sec); int ASN1_TIME_check(const ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, - ASN1_GENERALIZEDTIME **out); + ASN1_GENERALIZEDTIME **out); int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); @@ -696,7 +688,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, - const char *sn, const char *ln); + const char *sn, const char *ln); int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); @@ -711,7 +703,6 @@ int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); - int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); @@ -725,81 +716,81 @@ /* SPECIALS */ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, - int *pclass, long omax); + int *pclass, long omax); int ASN1_check_infinite_end(unsigned char **p, long len); int ASN1_const_check_infinite_end(const unsigned char **p, long len); void ASN1_put_object(unsigned char **pp, int constructed, int length, - int tag, int xclass); + int tag, int xclass); int ASN1_put_eoc(unsigned char **pp); int ASN1_object_size(int constructed, int length, int tag); /* Used to implement other functions */ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x); -# define ASN1_dup_of(type,i2d,d2i,x) \ - ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ - CHECKED_D2I_OF(type, d2i), \ - CHECKED_PTR_OF(const type, x))) +#define ASN1_dup_of(type, i2d, d2i, x) \ + ((type *)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) void *ASN1_item_dup(const ASN1_ITEM *it, const void *x); int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - const void *data, const ASN1_OCTET_STRING *id, - EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, - const char *propq); + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, const ASN1_OCTET_STRING *id, + EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, + const char *propq); int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, - OSSL_LIB_CTX *libctx, const char *propq); + const ASN1_BIT_STRING *signature, const void *data, + const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const char *propq); /* ASN1 alloc/free macros for when a type is only used internally */ -# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) -# define M_ASN1_free_of(x, type) \ - ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) +#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +#define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) -# ifndef OPENSSL_NO_STDIO -void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); +#ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); -# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ - ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ - CHECKED_D2I_OF(type, d2i), \ - in, \ - CHECKED_PPTR_OF(type, x))) +#define ASN1_d2i_fp_of(type, xnew, d2i, in, x) \ + ((type *)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x); -# define ASN1_i2d_fp_of(type,i2d,out,x) \ +#define ASN1_i2d_fp_of(type, i2d, out, x) \ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ - out, \ - CHECKED_PTR_OF(const type, x))) + out, \ + CHECKED_PTR_OF(const type, x))) int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, const void *x); int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); -# endif +#endif int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); -void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); +void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); -# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ - ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ - CHECKED_D2I_OF(type, d2i), \ - in, \ - CHECKED_PPTR_OF(type, x))) +#define ASN1_d2i_bio_of(type, xnew, d2i, in, x) \ + ((type *)ASN1_d2i_bio(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *pval, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *pval); int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x); -# define ASN1_i2d_bio_of(type,i2d,out,x) \ +#define ASN1_i2d_bio_of(type, i2d, out, x) \ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ - out, \ - CHECKED_PTR_OF(const type, x))) + out, \ + CHECKED_PTR_OF(const type, x))) int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x); BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val); @@ -811,10 +802,10 @@ int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, - unsigned char *buf, int off); + unsigned char *buf, int off); int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, - int dump); + int dump); const char *ASN1_tag2str(int tag); /* Used to load and write Netscape format cert */ @@ -824,27 +815,27 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, - unsigned char *data, int len); + unsigned char *data, int len); int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len); + unsigned char *data, int max_len); void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, - ASN1_OCTET_STRING **oct); + ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); int ASN1_STRING_set_default_mask_asc(const char *p); unsigned long ASN1_STRING_get_default_mask(void); int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask); + int inform, unsigned long mask); int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask, - long minsize, long maxsize); + int inform, unsigned long mask, + long minsize, long maxsize); ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, - const unsigned char *in, int inlen, - int inform, int nid); + const unsigned char *in, int inlen, + int inform, int nid); ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); void ASN1_STRING_TABLE_cleanup(void); @@ -854,16 +845,16 @@ /* Old API compatible functions */ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **val, const unsigned char **in, - long len, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq); + long len, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, - long len, const ASN1_ITEM *it); + long len, const ASN1_ITEM *it); int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it); + const ASN1_ITEM *it); void ASN1_add_oid_module(void); void ASN1_add_stable_module(void); @@ -875,26 +866,26 @@ /* ASN1 Print flags */ /* Indicate missing OPTIONAL fields */ -# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +#define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 /* Mark start and end of SEQUENCE */ -# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 /* Mark start and end of SEQUENCE/SET OF */ -# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +#define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 /* Show the ASN1 type of primitives */ -# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +#define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 /* Don't show ASN1 type of ANY */ -# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +#define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 /* Don't show ASN1 type of MSTRINGs */ -# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 /* Don't show field names in SEQUENCE */ -# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +#define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 /* Show structure names of each SEQUENCE field */ -# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 /* Don't show structure name even at top level */ -# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 +#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent, - const ASN1_ITEM *it, const ASN1_PCTX *pctx); + const ASN1_ITEM *it, const ASN1_PCTX *pctx); ASN1_PCTX *ASN1_PCTX_new(void); void ASN1_PCTX_free(ASN1_PCTX *p); unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); @@ -908,7 +899,7 @@ unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); -ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb)(ASN1_SCTX *ctx)); void ASN1_SCTX_free(ASN1_SCTX *p); const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); @@ -922,21 +913,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const ASN1_ITEM *it); + const ASN1_ITEM *it); int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const char *hdr, const ASN1_ITEM *it); + const char *hdr, const ASN1_ITEM *it); /* cannot constify val because of CMS_dataFinal() */ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq); + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, - const ASN1_ITEM *it, ASN1_VALUE **x, - OSSL_LIB_CTX *libctx, const char *propq); + const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq); int SMIME_crlf_copy(BIO *in, BIO *out, int flags); int SMIME_text(BIO *in, BIO *out); @@ -944,18 +935,18 @@ const ASN1_ITEM *ASN1_ITEM_get(size_t i); /* Legacy compatibility */ -# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ - DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) -# define DECLARE_ASN1_FUNCTIONS_const(type) DECLARE_ASN1_FUNCTIONS(type) -# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS(type, name) -# define I2D_OF_const(type) I2D_OF(type) -# define ASN1_dup_of_const(type,i2d,d2i,x) ASN1_dup_of(type,i2d,d2i,x) -# define ASN1_i2d_fp_of_const(type,i2d,out,x) ASN1_i2d_fp_of(type,i2d,out,x) -# define ASN1_i2d_bio_of_const(type,i2d,out,x) ASN1_i2d_bio_of(type,i2d,out,x) - -# ifdef __cplusplus +#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) +#define DECLARE_ASN1_FUNCTIONS_const(type) DECLARE_ASN1_FUNCTIONS(type) +#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name) +#define I2D_OF_const(type) I2D_OF(type) +#define ASN1_dup_of_const(type, i2d, d2i, x) ASN1_dup_of(type, i2d, d2i, x) +#define ASN1_i2d_fp_of_const(type, i2d, out, x) ASN1_i2d_fp_of(type, i2d, out, x) +#define ASN1_i2d_bio_of_const(type, i2d, out, x) ASN1_i2d_bio_of(type, i2d, out, x) + +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/asn1err.h.orig +++ crypto/openssl/include/openssl/asn1err.h @@ -9,132 +9,130 @@ */ #ifndef OPENSSL_ASN1ERR_H -# define OPENSSL_ASN1ERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_ASN1ERR_H +#pragma once +#include +#include +#include /* * ASN1 reason codes. */ -# define ASN1_R_ADDING_OBJECT 171 -# define ASN1_R_ASN1_PARSE_ERROR 203 -# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 -# define ASN1_R_AUX_ERROR 100 -# define ASN1_R_BAD_OBJECT_HEADER 102 -# define ASN1_R_BAD_TEMPLATE 230 -# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 -# define ASN1_R_BN_LIB 105 -# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 -# define ASN1_R_BUFFER_TOO_SMALL 107 -# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 -# define ASN1_R_CONTEXT_NOT_INITIALISED 217 -# define ASN1_R_DATA_IS_WRONG 109 -# define ASN1_R_DECODE_ERROR 110 -# define ASN1_R_DEPTH_EXCEEDED 174 -# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 -# define ASN1_R_ENCODE_ERROR 112 -# define ASN1_R_ERROR_GETTING_TIME 173 -# define ASN1_R_ERROR_LOADING_SECTION 172 -# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 -# define ASN1_R_EXPECTING_AN_INTEGER 115 -# define ASN1_R_EXPECTING_AN_OBJECT 116 -# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 -# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 -# define ASN1_R_FIELD_MISSING 121 -# define ASN1_R_FIRST_NUM_TOO_LARGE 122 -# define ASN1_R_HEADER_TOO_LONG 123 -# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 -# define ASN1_R_ILLEGAL_BOOLEAN 176 -# define ASN1_R_ILLEGAL_CHARACTERS 124 -# define ASN1_R_ILLEGAL_FORMAT 177 -# define ASN1_R_ILLEGAL_HEX 178 -# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 -# define ASN1_R_ILLEGAL_INTEGER 180 -# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 -# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 -# define ASN1_R_ILLEGAL_NULL 125 -# define ASN1_R_ILLEGAL_NULL_VALUE 182 -# define ASN1_R_ILLEGAL_OBJECT 183 -# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 -# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 -# define ASN1_R_ILLEGAL_PADDING 221 -# define ASN1_R_ILLEGAL_TAGGED_ANY 127 -# define ASN1_R_ILLEGAL_TIME_VALUE 184 -# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 -# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 -# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 -# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 -# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 -# define ASN1_R_INVALID_DIGIT 130 -# define ASN1_R_INVALID_MIME_TYPE 205 -# define ASN1_R_INVALID_MODIFIER 186 -# define ASN1_R_INVALID_NUMBER 187 -# define ASN1_R_INVALID_OBJECT_ENCODING 216 -# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 -# define ASN1_R_INVALID_SEPARATOR 131 -# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 -# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 -# define ASN1_R_INVALID_UTF8STRING 134 -# define ASN1_R_INVALID_VALUE 219 -# define ASN1_R_LENGTH_TOO_LONG 231 -# define ASN1_R_LIST_ERROR 188 -# define ASN1_R_MIME_NO_CONTENT_TYPE 206 -# define ASN1_R_MIME_PARSE_ERROR 207 -# define ASN1_R_MIME_SIG_PARSE_ERROR 208 -# define ASN1_R_MISSING_EOC 137 -# define ASN1_R_MISSING_SECOND_NUMBER 138 -# define ASN1_R_MISSING_VALUE 189 -# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 -# define ASN1_R_MSTRING_WRONG_TAG 140 -# define ASN1_R_NESTED_ASN1_STRING 197 -# define ASN1_R_NESTED_TOO_DEEP 201 -# define ASN1_R_NON_HEX_CHARACTERS 141 -# define ASN1_R_NOT_ASCII_FORMAT 190 -# define ASN1_R_NOT_ENOUGH_DATA 142 -# define ASN1_R_NO_CONTENT_TYPE 209 -# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 -# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 -# define ASN1_R_NO_MULTIPART_BOUNDARY 211 -# define ASN1_R_NO_SIG_CONTENT_TYPE 212 -# define ASN1_R_NULL_IS_WRONG_LENGTH 144 -# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 -# define ASN1_R_ODD_NUMBER_OF_CHARS 145 -# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 -# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 -# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 -# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 -# define ASN1_R_SHORT_LINE 150 -# define ASN1_R_SIG_INVALID_MIME_TYPE 213 -# define ASN1_R_STREAMING_NOT_SUPPORTED 202 -# define ASN1_R_STRING_TOO_LONG 151 -# define ASN1_R_STRING_TOO_SHORT 152 -# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 -# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 -# define ASN1_R_TOO_LARGE 223 -# define ASN1_R_TOO_LONG 155 -# define ASN1_R_TOO_SMALL 224 -# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 -# define ASN1_R_TYPE_NOT_PRIMITIVE 195 -# define ASN1_R_UNEXPECTED_EOC 159 -# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 -# define ASN1_R_UNKNOWN_DIGEST 229 -# define ASN1_R_UNKNOWN_FORMAT 160 -# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 -# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 -# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 -# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 -# define ASN1_R_UNKNOWN_TAG 194 -# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 -# define ASN1_R_UNSUPPORTED_CIPHER 228 -# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 -# define ASN1_R_UNSUPPORTED_TYPE 196 -# define ASN1_R_WRONG_INTEGER_TYPE 225 -# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 -# define ASN1_R_WRONG_TAG 168 +#define ASN1_R_ADDING_OBJECT 171 +#define ASN1_R_ASN1_PARSE_ERROR 203 +#define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +#define ASN1_R_AUX_ERROR 100 +#define ASN1_R_BAD_OBJECT_HEADER 102 +#define ASN1_R_BAD_TEMPLATE 230 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +#define ASN1_R_BN_LIB 105 +#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +#define ASN1_R_BUFFER_TOO_SMALL 107 +#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +#define ASN1_R_CONTEXT_NOT_INITIALISED 217 +#define ASN1_R_DATA_IS_WRONG 109 +#define ASN1_R_DECODE_ERROR 110 +#define ASN1_R_DEPTH_EXCEEDED 174 +#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +#define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 +#define ASN1_R_ERROR_LOADING_SECTION 172 +#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +#define ASN1_R_EXPECTING_AN_INTEGER 115 +#define ASN1_R_EXPECTING_AN_OBJECT 116 +#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +#define ASN1_R_FIELD_MISSING 121 +#define ASN1_R_FIRST_NUM_TOO_LARGE 122 +#define ASN1_R_HEADER_TOO_LONG 123 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +#define ASN1_R_ILLEGAL_BOOLEAN 176 +#define ASN1_R_ILLEGAL_CHARACTERS 124 +#define ASN1_R_ILLEGAL_FORMAT 177 +#define ASN1_R_ILLEGAL_HEX 178 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +#define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +#define ASN1_R_ILLEGAL_NULL 125 +#define ASN1_R_ILLEGAL_NULL_VALUE 182 +#define ASN1_R_ILLEGAL_OBJECT 183 +#define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +#define ASN1_R_ILLEGAL_PADDING 221 +#define ASN1_R_ILLEGAL_TAGGED_ANY 127 +#define ASN1_R_ILLEGAL_TIME_VALUE 184 +#define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +#define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +#define ASN1_R_INVALID_DIGIT 130 +#define ASN1_R_INVALID_MIME_TYPE 205 +#define ASN1_R_INVALID_MODIFIER 186 +#define ASN1_R_INVALID_NUMBER 187 +#define ASN1_R_INVALID_OBJECT_ENCODING 216 +#define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +#define ASN1_R_INVALID_SEPARATOR 131 +#define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +#define ASN1_R_INVALID_UTF8STRING 134 +#define ASN1_R_INVALID_VALUE 219 +#define ASN1_R_LENGTH_TOO_LONG 231 +#define ASN1_R_LIST_ERROR 188 +#define ASN1_R_MIME_NO_CONTENT_TYPE 206 +#define ASN1_R_MIME_PARSE_ERROR 207 +#define ASN1_R_MIME_SIG_PARSE_ERROR 208 +#define ASN1_R_MISSING_EOC 137 +#define ASN1_R_MISSING_SECOND_NUMBER 138 +#define ASN1_R_MISSING_VALUE 189 +#define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +#define ASN1_R_MSTRING_WRONG_TAG 140 +#define ASN1_R_NESTED_ASN1_STRING 197 +#define ASN1_R_NESTED_TOO_DEEP 201 +#define ASN1_R_NON_HEX_CHARACTERS 141 +#define ASN1_R_NOT_ASCII_FORMAT 190 +#define ASN1_R_NOT_ENOUGH_DATA 142 +#define ASN1_R_NO_CONTENT_TYPE 209 +#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +#define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +#define ASN1_R_NO_MULTIPART_BOUNDARY 211 +#define ASN1_R_NO_SIG_CONTENT_TYPE 212 +#define ASN1_R_NULL_IS_WRONG_LENGTH 144 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +#define ASN1_R_ODD_NUMBER_OF_CHARS 145 +#define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +#define ASN1_R_SHORT_LINE 150 +#define ASN1_R_SIG_INVALID_MIME_TYPE 213 +#define ASN1_R_STREAMING_NOT_SUPPORTED 202 +#define ASN1_R_STRING_TOO_LONG 151 +#define ASN1_R_STRING_TOO_SHORT 152 +#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +#define ASN1_R_TOO_LARGE 223 +#define ASN1_R_TOO_LONG 155 +#define ASN1_R_TOO_SMALL 224 +#define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 195 +#define ASN1_R_UNEXPECTED_EOC 159 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +#define ASN1_R_UNKNOWN_DIGEST 229 +#define ASN1_R_UNKNOWN_FORMAT 160 +#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +#define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +#define ASN1_R_UNKNOWN_TAG 194 +#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +#define ASN1_R_UNSUPPORTED_CIPHER 228 +#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +#define ASN1_R_UNSUPPORTED_TYPE 196 +#define ASN1_R_WRONG_INTEGER_TYPE 225 +#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +#define ASN1_R_WRONG_TAG 168 #endif --- crypto/openssl/include/openssl/asn1t.h.orig +++ crypto/openssl/include/openssl/asn1t.h @@ -10,29 +10,31 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_ASN1T_H -# define OPENSSL_ASN1T_H -# pragma once +#define OPENSSL_ASN1T_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ASN1T_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ASN1T_H +#endif -# include -# include -# include +#include +#include +#include -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +#undef OPENSSL_EXTERN +#define OPENSSL_EXTERN OPENSSL_EXPORT +#endif /* ASN1 template defines, structures and functions */ -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -77,59 +79,58 @@ * */ -# define ASN1_ITYPE_PRIMITIVE 0x0 -# define ASN1_ITYPE_SEQUENCE 0x1 -# define ASN1_ITYPE_CHOICE 0x2 +#define ASN1_ITYPE_PRIMITIVE 0x0 +#define ASN1_ITYPE_SEQUENCE 0x1 +#define ASN1_ITYPE_CHOICE 0x2 /* unused value 0x3 */ -# define ASN1_ITYPE_EXTERN 0x4 -# define ASN1_ITYPE_MSTRING 0x5 -# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 +#define ASN1_ITYPE_EXTERN 0x4 +#define ASN1_ITYPE_MSTRING 0x5 +#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ -# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) +#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) /* Macros for start and end of ASN1_ITEM definition */ -# define ASN1_ITEM_start(itname) \ - const ASN1_ITEM * itname##_it(void) \ - { \ - static const ASN1_ITEM local_it = { +#define ASN1_ITEM_start(itname) \ + const ASN1_ITEM *itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { -# define static_ASN1_ITEM_start(itname) \ - static ASN1_ITEM_start(itname) +#define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) -# define ASN1_ITEM_end(itname) \ - }; \ - return &local_it; \ - } +#define ASN1_ITEM_end(itname) \ + } \ + ; \ + return &local_it; \ + } /* Macros to aid ASN1 template writing */ -# define ASN1_ITEM_TEMPLATE(tname) \ - static const ASN1_TEMPLATE tname##_item_tt - -# define ASN1_ITEM_TEMPLATE_END(tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_PRIMITIVE,\ - -1,\ - &tname##_item_tt,\ - 0,\ - NULL,\ - 0,\ - #tname \ - ASN1_ITEM_end(tname) -# define static_ASN1_ITEM_TEMPLATE_END(tname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_PRIMITIVE,\ - -1,\ - &tname##_item_tt,\ - 0,\ - NULL,\ - 0,\ - #tname \ - ASN1_ITEM_end(tname) +#define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +#define ASN1_ITEM_TEMPLATE_END(tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE, \ + -1, \ + &tname##_item_tt, \ + 0, \ + NULL, \ + 0, \ + #tname ASN1_ITEM_end(tname) +#define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE, \ + -1, \ + &tname##_item_tt, \ + 0, \ + NULL, \ + 0, \ + #tname ASN1_ITEM_end(tname) /* This is a ASN1 type which just embeds a template */ @@ -154,128 +155,118 @@ * a structure called stname. */ -# define ASN1_SEQUENCE(tname) \ - static const ASN1_TEMPLATE tname##_seq_tt[] - -# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) - -# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) - -# define ASN1_SEQUENCE_END_name(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #tname \ - ASN1_ITEM_end(tname) - -# define static_ASN1_SEQUENCE_END_name(stname, tname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -# define ASN1_NDEF_SEQUENCE(tname) \ - ASN1_SEQUENCE(tname) - -# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ - ASN1_SEQUENCE_cb(tname, cb) - -# define ASN1_SEQUENCE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_SEQUENCE_const_cb(tname, const_cb) \ - static const ASN1_AUX tname##_aux = \ - {NULL, ASN1_AFLG_CONST_CB, 0, 0, NULL, 0, const_cb}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_SEQUENCE_cb_const_cb(tname, cb, const_cb) \ - static const ASN1_AUX tname##_aux = \ - {NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_SEQUENCE_ref(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_SEQUENCE_enc(tname, enc, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc), NULL}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_NDEF_SEQUENCE_END(tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_NDEF_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(tname),\ - #tname \ - ASN1_ITEM_end(tname) -# define static_ASN1_NDEF_SEQUENCE_END(tname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_NDEF_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(tname),\ - #tname \ - ASN1_ITEM_end(tname) - - -# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) - -# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) -# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) - -# define ASN1_SEQUENCE_END_ref(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #tname \ - ASN1_ITEM_end(tname) -# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_NDEF_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +#define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +#define ASN1_SEQUENCE_END_name(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(stname), \ + #tname ASN1_ITEM_end(tname) + +#define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) + +#define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +#define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = { NULL, 0, 0, 0, cb, 0, NULL }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_const_cb(tname, const_cb) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_CONST_CB, 0, 0, NULL, 0, const_cb }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_cb_const_cb(tname, cb, const_cb) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc), NULL }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_END(tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(tname), \ + #tname ASN1_ITEM_end(tname) +#define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(tname), \ + #tname ASN1_ITEM_end(tname) + +#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +#define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +#define ASN1_SEQUENCE_END_ref(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, \ + sizeof(stname), \ + #tname ASN1_ITEM_end(tname) +#define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) + +#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) /*- * This pair helps declare a CHOICE type. We can do: @@ -300,185 +291,183 @@ * ASN1_CHOICE_END_selector() version. */ -# define ASN1_CHOICE(tname) \ - static const ASN1_TEMPLATE tname##_ch_tt[] - -# define ASN1_CHOICE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ - ASN1_CHOICE(tname) - -# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) - -# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) - -# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) - -# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) - -# define ASN1_CHOICE_END_selector(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -# define ASN1_CHOICE_END_cb(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +#define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = { NULL, 0, 0, 0, cb, 0, NULL }; \ + ASN1_CHOICE(tname) + +#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +#define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +#define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +#define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE, \ + offsetof(stname, selname), \ + tname##_ch_tt, \ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) + +#define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE, \ + offsetof(stname, selname), \ + tname##_ch_tt, \ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) + +#define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE, \ + offsetof(stname, selname), \ + tname##_ch_tt, \ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) /* This helps with the template wrapper form of ASN1_ITEM */ -# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ - (flags), (tag), 0,\ - #name, ASN1_ITEM_ref(type) } +#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0, \ + #name, ASN1_ITEM_ref(type) \ +} /* These help with SEQUENCE or CHOICE components */ /* used to declare other types */ -# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ - (flags), (tag), offsetof(stname, field),\ - #field, ASN1_ITEM_ref(type) } +#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field), \ + #field, ASN1_ITEM_ref(type) \ +} /* implicit and explicit helper macros */ -# define ASN1_IMP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) +#define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) -# define ASN1_EXP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) +#define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) /* Any defined by macros: the field used is in the table itself */ -# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } -# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } /* Plain simple type */ -# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0, 0, stname, field, type) /* Embedded simple type */ -# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) +#define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED, 0, stname, field, type) /* OPTIONAL simple type */ -# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) -# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) +#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL | ASN1_TFLG_EMBED, 0, stname, field, type) /* IMPLICIT tagged simple type */ -# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) -# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +#define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) /* IMPLICIT tagged OPTIONAL simple type */ -# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) -# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) +#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +#define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL | ASN1_TFLG_EMBED) /* Same as above but EXPLICIT */ -# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) -# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) -# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) -# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) +#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +#define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +#define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL | ASN1_TFLG_EMBED) /* SEQUENCE OF type */ -# define ASN1_SEQUENCE_OF(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) +#define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) /* OPTIONAL SEQUENCE OF */ -# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, type) /* Same as above but for SET OF */ -# define ASN1_SET_OF(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) +#define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) -# define ASN1_SET_OF_OPT(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, type) /* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ -# define ASN1_IMP_SET_OF(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) +#define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) -# define ASN1_EXP_SET_OF(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) +#define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) -# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) +#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL) -# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) +#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL) -# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) +#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) -# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) +#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL) -# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) +#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) -# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) +#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL) /* EXPLICIT using indefinite length constructed form */ -# define ASN1_NDEF_EXP(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) +#define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) /* EXPLICIT OPTIONAL using indefinite length constructed form */ -# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) +#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF) /* Macros for the ASN1_ADB structure */ -# define ASN1_ADB(name) \ - static const ASN1_ADB_TABLE name##_adbtbl[] - -# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ - ;\ - static const ASN1_ITEM *name##_adb(void) \ - { \ - static const ASN1_ADB internal_adb = \ - {\ - flags,\ - offsetof(name, field),\ - adb_cb,\ - name##_adbtbl,\ - sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ - def,\ - none\ - }; \ - return (const ASN1_ITEM *) &internal_adb; \ - } \ - void dummy_function(void) - -# define ADB_ENTRY(val, template) {val, template} - -# define ASN1_ADB_TEMPLATE(name) \ - static const ASN1_TEMPLATE name##_tt +#define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +#define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ; \ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = { \ + flags, \ + offsetof(name, field), \ + adb_cb, \ + name##_adbtbl, \ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE), \ + def, \ + none \ + }; \ + return (const ASN1_ITEM *)&internal_adb; \ + } \ + void dummy_function(void) + +#define ADB_ENTRY(val, template) { val, template } + +#define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt /* * This is the ASN1 template structure that defines a wrapper round the @@ -487,56 +476,56 @@ */ struct ASN1_TEMPLATE_st { - unsigned long flags; /* Various flags */ - long tag; /* tag, not used if no tagging */ - unsigned long offset; /* Offset of this field in structure */ - const char *field_name; /* Field name */ - ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; /* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ -# define ASN1_TEMPLATE_item(t) (t->item_ptr) -# define ASN1_TEMPLATE_adb(t) (t->item_ptr) +#define ASN1_TEMPLATE_item(t) (t->item_ptr) +#define ASN1_TEMPLATE_adb(t) (t->item_ptr) typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; typedef struct ASN1_ADB_st ASN1_ADB; struct ASN1_ADB_st { - unsigned long flags; /* Various flags */ - unsigned long offset; /* Offset of selector field */ - int (*adb_cb)(long *psel); /* Application callback */ - const ASN1_ADB_TABLE *tbl; /* Table of possible types */ - long tblcount; /* Number of entries in tbl */ + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ }; struct ASN1_ADB_TABLE_st { - long value; /* NID for an object or value for an int */ - const ASN1_TEMPLATE tt; /* item for this value */ + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ }; /* template flags */ /* Field is optional */ -# define ASN1_TFLG_OPTIONAL (0x1) +#define ASN1_TFLG_OPTIONAL (0x1) /* Field is a SET OF */ -# define ASN1_TFLG_SET_OF (0x1 << 1) +#define ASN1_TFLG_SET_OF (0x1 << 1) /* Field is a SEQUENCE OF */ -# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) +#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) /* * Special case: this refers to a SET OF that will be sorted into DER order * when encoded *and* the corresponding STACK will be modified to match the * new order. */ -# define ASN1_TFLG_SET_ORDER (0x3 << 1) +#define ASN1_TFLG_SET_ORDER (0x3 << 1) /* Mask for SET OF or SEQUENCE OF */ -# define ASN1_TFLG_SK_MASK (0x3 << 1) +#define ASN1_TFLG_SK_MASK (0x3 << 1) /* * These flags mean the tag should be taken from the tag field. If EXPLICIT @@ -544,18 +533,18 @@ */ /* IMPLICIT tagging */ -# define ASN1_TFLG_IMPTAG (0x1 << 3) +#define ASN1_TFLG_IMPTAG (0x1 << 3) /* EXPLICIT tagging, inner tag from underlying type */ -# define ASN1_TFLG_EXPTAG (0x2 << 3) +#define ASN1_TFLG_EXPTAG (0x2 << 3) -# define ASN1_TFLG_TAG_MASK (0x3 << 3) +#define ASN1_TFLG_TAG_MASK (0x3 << 3) /* context specific IMPLICIT */ -# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) +#define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG | ASN1_TFLG_CONTEXT) /* context specific EXPLICIT */ -# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) +#define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG | ASN1_TFLG_CONTEXT) /* * If tagging is in force these determine the type of tag to use. Otherwise @@ -564,15 +553,15 @@ */ /* Universal tag */ -# define ASN1_TFLG_UNIVERSAL (0x0<<6) +#define ASN1_TFLG_UNIVERSAL (0x0 << 6) /* Application tag */ -# define ASN1_TFLG_APPLICATION (0x1<<6) +#define ASN1_TFLG_APPLICATION (0x1 << 6) /* Context specific tag */ -# define ASN1_TFLG_CONTEXT (0x2<<6) +#define ASN1_TFLG_CONTEXT (0x2 << 6) /* Private tag */ -# define ASN1_TFLG_PRIVATE (0x3<<6) +#define ASN1_TFLG_PRIVATE (0x3 << 6) -# define ASN1_TFLG_TAG_CLASS (0x3<<6) +#define ASN1_TFLG_TAG_CLASS (0x3 << 6) /* * These are for ANY DEFINED BY type. In this case the 'item' field points to @@ -580,35 +569,35 @@ * relevant type */ -# define ASN1_TFLG_ADB_MASK (0x3<<8) +#define ASN1_TFLG_ADB_MASK (0x3 << 8) -# define ASN1_TFLG_ADB_OID (0x1<<8) +#define ASN1_TFLG_ADB_OID (0x1 << 8) -# define ASN1_TFLG_ADB_INT (0x1<<9) +#define ASN1_TFLG_ADB_INT (0x1 << 9) /* * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes * indefinite length constructed encoding to be used if required. */ -# define ASN1_TFLG_NDEF (0x1<<11) +#define ASN1_TFLG_NDEF (0x1 << 11) /* Field is embedded and not a pointer */ -# define ASN1_TFLG_EMBED (0x1 << 12) +#define ASN1_TFLG_EMBED (0x1 << 12) /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { - char itype; /* The item type, primitive, SEQUENCE, CHOICE - * or extern */ - long utype; /* underlying type */ + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains * the contents */ - long tcount; /* Number of templates if SEQUENCE or CHOICE */ - const void *funcs; /* further data and type-specific functions */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* further data and type-specific functions */ /* funcs can be ASN1_PRIMITIVE_FUNCS*, ASN1_EXTERN_FUNCS*, or ASN1_AUX* */ - long size; /* Structure size (usually) */ - const char *sname; /* Structure name */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ }; /* @@ -617,42 +606,42 @@ */ struct ASN1_TLC_st { - char valid; /* Values below are valid */ - int ret; /* return value */ - long plen; /* length */ - int ptag; /* class value */ - int pclass; /* class value */ - int hdrlen; /* header length */ + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ }; /* Typedefs for ASN1 function pointers */ typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx); + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); typedef int ASN1_ex_d2i_ex(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, - const char *propq); + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq); typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); + const ASN1_ITEM *it, int tag, int aclass); typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef int ASN1_ex_new_ex_func(ASN1_VALUE **pval, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval, - int indent, const char *fname, - const ASN1_PCTX *pctx); + int indent, const char *fname, + const ASN1_PCTX *pctx); typedef int ASN1_primitive_i2c(const ASN1_VALUE **pval, unsigned char *cont, - int *putype, const ASN1_ITEM *it); + int *putype, const ASN1_ITEM *it); typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, - int len, int utype, char *free_cont, - const ASN1_ITEM *it); + int len, int utype, char *free_cont, + const ASN1_ITEM *it); typedef int ASN1_primitive_print(BIO *out, const ASN1_VALUE **pval, - const ASN1_ITEM *it, int indent, - const ASN1_PCTX *pctx); + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); typedef struct ASN1_EXTERN_FUNCS_st { void *app_data; @@ -695,17 +684,17 @@ */ typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, - void *exarg); + void *exarg); typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in, - const ASN1_ITEM *it, void *exarg); + const ASN1_ITEM *it, void *exarg); typedef struct ASN1_AUX_st { void *app_data; int flags; - int ref_offset; /* Offset of reference value */ - int ref_lock; /* Offset of lock value */ + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Offset of lock value */ ASN1_aux_cb *asn1_cb; - int enc_offset; /* Offset of ASN1_ENCODING structure */ + int enc_offset; /* Offset of ASN1_ENCODING structure */ ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */ } ASN1_AUX; @@ -729,143 +718,142 @@ /* Flags in ASN1_AUX */ /* Use a reference count */ -# define ASN1_AFLG_REFCOUNT 1 +#define ASN1_AFLG_REFCOUNT 1 /* Save the encoding of structure (useful for signatures) */ -# define ASN1_AFLG_ENCODING 2 +#define ASN1_AFLG_ENCODING 2 /* The Sequence length is invalid */ -# define ASN1_AFLG_BROKEN 4 +#define ASN1_AFLG_BROKEN 4 /* Use the new asn1_const_cb */ -# define ASN1_AFLG_CONST_CB 8 +#define ASN1_AFLG_CONST_CB 8 /* operation values for asn1_cb */ -# define ASN1_OP_NEW_PRE 0 -# define ASN1_OP_NEW_POST 1 -# define ASN1_OP_FREE_PRE 2 -# define ASN1_OP_FREE_POST 3 -# define ASN1_OP_D2I_PRE 4 -# define ASN1_OP_D2I_POST 5 -# define ASN1_OP_I2D_PRE 6 -# define ASN1_OP_I2D_POST 7 -# define ASN1_OP_PRINT_PRE 8 -# define ASN1_OP_PRINT_POST 9 -# define ASN1_OP_STREAM_PRE 10 -# define ASN1_OP_STREAM_POST 11 -# define ASN1_OP_DETACHED_PRE 12 -# define ASN1_OP_DETACHED_POST 13 -# define ASN1_OP_DUP_PRE 14 -# define ASN1_OP_DUP_POST 15 -# define ASN1_OP_GET0_LIBCTX 16 -# define ASN1_OP_GET0_PROPQ 17 +#define ASN1_OP_NEW_PRE 0 +#define ASN1_OP_NEW_POST 1 +#define ASN1_OP_FREE_PRE 2 +#define ASN1_OP_FREE_POST 3 +#define ASN1_OP_D2I_PRE 4 +#define ASN1_OP_D2I_POST 5 +#define ASN1_OP_I2D_PRE 6 +#define ASN1_OP_I2D_POST 7 +#define ASN1_OP_PRINT_PRE 8 +#define ASN1_OP_PRINT_POST 9 +#define ASN1_OP_STREAM_PRE 10 +#define ASN1_OP_STREAM_POST 11 +#define ASN1_OP_DETACHED_PRE 12 +#define ASN1_OP_DETACHED_POST 13 +#define ASN1_OP_DUP_PRE 14 +#define ASN1_OP_DUP_POST 15 +#define ASN1_OP_GET0_LIBCTX 16 +#define ASN1_OP_GET0_PROPQ 17 /* Macro to implement a primitive type */ -# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) -# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ - ASN1_ITEM_start(itname) \ - ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ - ASN1_ITEM_end(itname) +#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, \ + V_##vname, NULL, 0, NULL, ex, #itname ASN1_ITEM_end(itname) /* Macro to implement a multi string type */ -# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ - ASN1_ITEM_start(itname) \ - ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ - ASN1_ITEM_end(itname) - -# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ - ASN1_ITEM_start(sname) \ - ASN1_ITYPE_EXTERN, \ - tag, \ - NULL, \ - 0, \ - &fptrs, \ - 0, \ - #sname \ - ASN1_ITEM_end(sname) +#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, \ + mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname ASN1_ITEM_end(itname) + +#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname ASN1_ITEM_end(sname) /* Macro to implement standard functions in terms of ASN1_ITEM structures */ -# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) - -# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) - -# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ - IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) - -# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) - -# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) - -# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ - pre stname *fname##_new(void) \ - { \ - return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ - } \ - pre void fname##_free(stname *a) \ - { \ - ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ - } - -# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ - stname *fname##_new(void) \ - { \ - return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ - } \ - void fname##_free(stname *a) \ - { \ - ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ - } - -# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) - -# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ - } \ - int i2d_##fname(const stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } - -# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ - int i2d_##stname##_NDEF(const stname *a, unsigned char **out) \ - { \ - return ASN1_item_ndef_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ - } - -# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ - static stname *d2i_##stname(stname **a, \ - const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ - ASN1_ITEM_rptr(stname)); \ - } \ - static int i2d_##stname(const stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((const ASN1_VALUE *)a, out, \ - ASN1_ITEM_rptr(stname)); \ - } - -# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ - stname * stname##_dup(const stname *x) \ - { \ +#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname)); \ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname)); \ + } + +#define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname *stname##_dup(const stname *x) \ + { \ return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ - } + } -# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ - IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) +#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) -# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ - int fname##_print_ctx(BIO *out, const stname *x, int indent, \ - const ASN1_PCTX *pctx) \ - { \ - return ASN1_item_print(out, (const ASN1_VALUE *)x, indent, \ - ASN1_ITEM_rptr(itname), pctx); \ - } +#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (const ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } /* external definitions for primitive types */ @@ -884,7 +872,7 @@ DECLARE_ASN1_ITEM(UINT64) DECLARE_ASN1_ITEM(ZUINT64) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* * LONG and ZLONG are strongly discouraged for use as stored data, as the * underlying C type (long) differs in size depending on the architecture. @@ -892,8 +880,9 @@ */ DECLARE_ASN1_ITEM(LONG) DECLARE_ASN1_ITEM(ZLONG) -# endif +#endif +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASN1_VALUE, ASN1_VALUE, ASN1_VALUE) #define sk_ASN1_VALUE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_VALUE_sk_type(sk)) #define sk_ASN1_VALUE_value(sk, idx) ((ASN1_VALUE *)OPENSSL_sk_value(ossl_check_const_ASN1_VALUE_sk_type(sk), (idx))) @@ -921,7 +910,7 @@ #define sk_ASN1_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_copyfunc_type(copyfunc), ossl_check_ASN1_VALUE_freefunc_type(freefunc))) #define sk_ASN1_VALUE_set_cmp_func(sk, cmp) ((sk_ASN1_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_VALUE_sk_type(sk), ossl_check_ASN1_VALUE_compfunc_type(cmp))) - +/* clang-format on */ /* Functions used internally by the ASN1 code */ @@ -929,18 +918,18 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx); + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); + const ASN1_ITEM *it, int tag, int aclass); /* Legacy compatibility */ -# define IMPLEMENT_ASN1_FUNCTIONS_const(name) IMPLEMENT_ASN1_FUNCTIONS(name) -# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) +#define IMPLEMENT_ASN1_FUNCTIONS_const(name) IMPLEMENT_ASN1_FUNCTIONS(name) +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/asn1t.h.in.orig +++ crypto/openssl/include/openssl/asn1t.h.in @@ -9,31 +9,33 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_ASN1T_H -# define OPENSSL_ASN1T_H -# pragma once +#define OPENSSL_ASN1T_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ASN1T_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ASN1T_H +#endif -# include -# include -# include +#include +#include +#include -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +#undef OPENSSL_EXTERN +#define OPENSSL_EXTERN OPENSSL_EXPORT +#endif /* ASN1 template defines, structures and functions */ -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -78,59 +80,58 @@ * */ -# define ASN1_ITYPE_PRIMITIVE 0x0 -# define ASN1_ITYPE_SEQUENCE 0x1 -# define ASN1_ITYPE_CHOICE 0x2 +#define ASN1_ITYPE_PRIMITIVE 0x0 +#define ASN1_ITYPE_SEQUENCE 0x1 +#define ASN1_ITYPE_CHOICE 0x2 /* unused value 0x3 */ -# define ASN1_ITYPE_EXTERN 0x4 -# define ASN1_ITYPE_MSTRING 0x5 -# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 +#define ASN1_ITYPE_EXTERN 0x4 +#define ASN1_ITYPE_MSTRING 0x5 +#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ -# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) +#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) /* Macros for start and end of ASN1_ITEM definition */ -# define ASN1_ITEM_start(itname) \ - const ASN1_ITEM * itname##_it(void) \ - { \ - static const ASN1_ITEM local_it = { +#define ASN1_ITEM_start(itname) \ + const ASN1_ITEM *itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { -# define static_ASN1_ITEM_start(itname) \ - static ASN1_ITEM_start(itname) +#define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) -# define ASN1_ITEM_end(itname) \ - }; \ - return &local_it; \ - } +#define ASN1_ITEM_end(itname) \ + } \ + ; \ + return &local_it; \ + } /* Macros to aid ASN1 template writing */ -# define ASN1_ITEM_TEMPLATE(tname) \ - static const ASN1_TEMPLATE tname##_item_tt - -# define ASN1_ITEM_TEMPLATE_END(tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_PRIMITIVE,\ - -1,\ - &tname##_item_tt,\ - 0,\ - NULL,\ - 0,\ - #tname \ - ASN1_ITEM_end(tname) -# define static_ASN1_ITEM_TEMPLATE_END(tname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_PRIMITIVE,\ - -1,\ - &tname##_item_tt,\ - 0,\ - NULL,\ - 0,\ - #tname \ - ASN1_ITEM_end(tname) +#define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +#define ASN1_ITEM_TEMPLATE_END(tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE, \ + -1, \ + &tname##_item_tt, \ + 0, \ + NULL, \ + 0, \ + #tname ASN1_ITEM_end(tname) +#define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE, \ + -1, \ + &tname##_item_tt, \ + 0, \ + NULL, \ + 0, \ + #tname ASN1_ITEM_end(tname) /* This is a ASN1 type which just embeds a template */ @@ -155,128 +156,118 @@ * a structure called stname. */ -# define ASN1_SEQUENCE(tname) \ - static const ASN1_TEMPLATE tname##_seq_tt[] - -# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) - -# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) - -# define ASN1_SEQUENCE_END_name(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #tname \ - ASN1_ITEM_end(tname) - -# define static_ASN1_SEQUENCE_END_name(stname, tname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -# define ASN1_NDEF_SEQUENCE(tname) \ - ASN1_SEQUENCE(tname) - -# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ - ASN1_SEQUENCE_cb(tname, cb) - -# define ASN1_SEQUENCE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_SEQUENCE_const_cb(tname, const_cb) \ - static const ASN1_AUX tname##_aux = \ - {NULL, ASN1_AFLG_CONST_CB, 0, 0, NULL, 0, const_cb}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_SEQUENCE_cb_const_cb(tname, cb, const_cb) \ - static const ASN1_AUX tname##_aux = \ - {NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_SEQUENCE_ref(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_SEQUENCE_enc(tname, enc, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc), NULL}; \ - ASN1_SEQUENCE(tname) - -# define ASN1_NDEF_SEQUENCE_END(tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_NDEF_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(tname),\ - #tname \ - ASN1_ITEM_end(tname) -# define static_ASN1_NDEF_SEQUENCE_END(tname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_NDEF_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(tname),\ - #tname \ - ASN1_ITEM_end(tname) - - -# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) - -# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) -# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) - -# define ASN1_SEQUENCE_END_ref(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #tname \ - ASN1_ITEM_end(tname) -# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_NDEF_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +#define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +#define ASN1_SEQUENCE_END_name(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(stname), \ + #tname ASN1_ITEM_end(tname) + +#define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) + +#define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +#define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = { NULL, 0, 0, 0, cb, 0, NULL }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_const_cb(tname, const_cb) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_CONST_CB, 0, 0, NULL, 0, const_cb }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_cb_const_cb(tname, cb, const_cb) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = { NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc), NULL }; \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_END(tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(tname), \ + #tname ASN1_ITEM_end(tname) +#define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(tname), \ + #tname ASN1_ITEM_end(tname) + +#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +#define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +#define ASN1_SEQUENCE_END_ref(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, \ + sizeof(stname), \ + #tname ASN1_ITEM_end(tname) +#define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) + +#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE, \ + V_ASN1_SEQUENCE, \ + tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) /*- * This pair helps declare a CHOICE type. We can do: @@ -301,185 +292,183 @@ * ASN1_CHOICE_END_selector() version. */ -# define ASN1_CHOICE(tname) \ - static const ASN1_TEMPLATE tname##_ch_tt[] - -# define ASN1_CHOICE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ - ASN1_CHOICE(tname) - -# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) - -# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) - -# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) - -# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) - -# define ASN1_CHOICE_END_selector(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ - ;\ - static_ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -# define ASN1_CHOICE_END_cb(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +#define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = { NULL, 0, 0, 0, cb, 0, NULL }; \ + ASN1_CHOICE(tname) + +#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +#define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +#define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +#define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE, \ + offsetof(stname, selname), \ + tname##_ch_tt, \ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) + +#define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ; \ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE, \ + offsetof(stname, selname), \ + tname##_ch_tt, \ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \ + NULL, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) + +#define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ; \ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE, \ + offsetof(stname, selname), \ + tname##_ch_tt, \ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, \ + sizeof(stname), \ + #stname ASN1_ITEM_end(tname) /* This helps with the template wrapper form of ASN1_ITEM */ -# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ - (flags), (tag), 0,\ - #name, ASN1_ITEM_ref(type) } +#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0, \ + #name, ASN1_ITEM_ref(type) \ +} /* These help with SEQUENCE or CHOICE components */ /* used to declare other types */ -# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ - (flags), (tag), offsetof(stname, field),\ - #field, ASN1_ITEM_ref(type) } +#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field), \ + #field, ASN1_ITEM_ref(type) \ +} /* implicit and explicit helper macros */ -# define ASN1_IMP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) +#define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) -# define ASN1_EXP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) +#define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) /* Any defined by macros: the field used is in the table itself */ -# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } -# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } /* Plain simple type */ -# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0, 0, stname, field, type) /* Embedded simple type */ -# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) +#define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED, 0, stname, field, type) /* OPTIONAL simple type */ -# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) -# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) +#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL | ASN1_TFLG_EMBED, 0, stname, field, type) /* IMPLICIT tagged simple type */ -# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) -# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +#define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) /* IMPLICIT tagged OPTIONAL simple type */ -# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) -# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) +#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +#define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL | ASN1_TFLG_EMBED) /* Same as above but EXPLICIT */ -# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) -# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) -# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) -# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) +#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +#define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +#define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL | ASN1_TFLG_EMBED) /* SEQUENCE OF type */ -# define ASN1_SEQUENCE_OF(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) +#define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) /* OPTIONAL SEQUENCE OF */ -# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, type) /* Same as above but for SET OF */ -# define ASN1_SET_OF(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) +#define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) -# define ASN1_SET_OF_OPT(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, type) /* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ -# define ASN1_IMP_SET_OF(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) +#define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) -# define ASN1_EXP_SET_OF(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) +#define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) -# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) +#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL) -# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) +#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL) -# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) +#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) -# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) +#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL) -# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) +#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) -# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) +#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL) /* EXPLICIT using indefinite length constructed form */ -# define ASN1_NDEF_EXP(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) +#define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) /* EXPLICIT OPTIONAL using indefinite length constructed form */ -# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) +#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF) /* Macros for the ASN1_ADB structure */ -# define ASN1_ADB(name) \ - static const ASN1_ADB_TABLE name##_adbtbl[] - -# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ - ;\ - static const ASN1_ITEM *name##_adb(void) \ - { \ - static const ASN1_ADB internal_adb = \ - {\ - flags,\ - offsetof(name, field),\ - adb_cb,\ - name##_adbtbl,\ - sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ - def,\ - none\ - }; \ - return (const ASN1_ITEM *) &internal_adb; \ - } \ - void dummy_function(void) - -# define ADB_ENTRY(val, template) {val, template} - -# define ASN1_ADB_TEMPLATE(name) \ - static const ASN1_TEMPLATE name##_tt +#define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +#define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ; \ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = { \ + flags, \ + offsetof(name, field), \ + adb_cb, \ + name##_adbtbl, \ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE), \ + def, \ + none \ + }; \ + return (const ASN1_ITEM *)&internal_adb; \ + } \ + void dummy_function(void) + +#define ADB_ENTRY(val, template) { val, template } + +#define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt /* * This is the ASN1 template structure that defines a wrapper round the @@ -488,56 +477,56 @@ */ struct ASN1_TEMPLATE_st { - unsigned long flags; /* Various flags */ - long tag; /* tag, not used if no tagging */ - unsigned long offset; /* Offset of this field in structure */ - const char *field_name; /* Field name */ - ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; /* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ -# define ASN1_TEMPLATE_item(t) (t->item_ptr) -# define ASN1_TEMPLATE_adb(t) (t->item_ptr) +#define ASN1_TEMPLATE_item(t) (t->item_ptr) +#define ASN1_TEMPLATE_adb(t) (t->item_ptr) typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; typedef struct ASN1_ADB_st ASN1_ADB; struct ASN1_ADB_st { - unsigned long flags; /* Various flags */ - unsigned long offset; /* Offset of selector field */ - int (*adb_cb)(long *psel); /* Application callback */ - const ASN1_ADB_TABLE *tbl; /* Table of possible types */ - long tblcount; /* Number of entries in tbl */ + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ }; struct ASN1_ADB_TABLE_st { - long value; /* NID for an object or value for an int */ - const ASN1_TEMPLATE tt; /* item for this value */ + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ }; /* template flags */ /* Field is optional */ -# define ASN1_TFLG_OPTIONAL (0x1) +#define ASN1_TFLG_OPTIONAL (0x1) /* Field is a SET OF */ -# define ASN1_TFLG_SET_OF (0x1 << 1) +#define ASN1_TFLG_SET_OF (0x1 << 1) /* Field is a SEQUENCE OF */ -# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) +#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) /* * Special case: this refers to a SET OF that will be sorted into DER order * when encoded *and* the corresponding STACK will be modified to match the * new order. */ -# define ASN1_TFLG_SET_ORDER (0x3 << 1) +#define ASN1_TFLG_SET_ORDER (0x3 << 1) /* Mask for SET OF or SEQUENCE OF */ -# define ASN1_TFLG_SK_MASK (0x3 << 1) +#define ASN1_TFLG_SK_MASK (0x3 << 1) /* * These flags mean the tag should be taken from the tag field. If EXPLICIT @@ -545,18 +534,18 @@ */ /* IMPLICIT tagging */ -# define ASN1_TFLG_IMPTAG (0x1 << 3) +#define ASN1_TFLG_IMPTAG (0x1 << 3) /* EXPLICIT tagging, inner tag from underlying type */ -# define ASN1_TFLG_EXPTAG (0x2 << 3) +#define ASN1_TFLG_EXPTAG (0x2 << 3) -# define ASN1_TFLG_TAG_MASK (0x3 << 3) +#define ASN1_TFLG_TAG_MASK (0x3 << 3) /* context specific IMPLICIT */ -# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) +#define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG | ASN1_TFLG_CONTEXT) /* context specific EXPLICIT */ -# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) +#define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG | ASN1_TFLG_CONTEXT) /* * If tagging is in force these determine the type of tag to use. Otherwise @@ -565,15 +554,15 @@ */ /* Universal tag */ -# define ASN1_TFLG_UNIVERSAL (0x0<<6) +#define ASN1_TFLG_UNIVERSAL (0x0 << 6) /* Application tag */ -# define ASN1_TFLG_APPLICATION (0x1<<6) +#define ASN1_TFLG_APPLICATION (0x1 << 6) /* Context specific tag */ -# define ASN1_TFLG_CONTEXT (0x2<<6) +#define ASN1_TFLG_CONTEXT (0x2 << 6) /* Private tag */ -# define ASN1_TFLG_PRIVATE (0x3<<6) +#define ASN1_TFLG_PRIVATE (0x3 << 6) -# define ASN1_TFLG_TAG_CLASS (0x3<<6) +#define ASN1_TFLG_TAG_CLASS (0x3 << 6) /* * These are for ANY DEFINED BY type. In this case the 'item' field points to @@ -581,35 +570,35 @@ * relevant type */ -# define ASN1_TFLG_ADB_MASK (0x3<<8) +#define ASN1_TFLG_ADB_MASK (0x3 << 8) -# define ASN1_TFLG_ADB_OID (0x1<<8) +#define ASN1_TFLG_ADB_OID (0x1 << 8) -# define ASN1_TFLG_ADB_INT (0x1<<9) +#define ASN1_TFLG_ADB_INT (0x1 << 9) /* * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes * indefinite length constructed encoding to be used if required. */ -# define ASN1_TFLG_NDEF (0x1<<11) +#define ASN1_TFLG_NDEF (0x1 << 11) /* Field is embedded and not a pointer */ -# define ASN1_TFLG_EMBED (0x1 << 12) +#define ASN1_TFLG_EMBED (0x1 << 12) /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { - char itype; /* The item type, primitive, SEQUENCE, CHOICE - * or extern */ - long utype; /* underlying type */ + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains * the contents */ - long tcount; /* Number of templates if SEQUENCE or CHOICE */ - const void *funcs; /* further data and type-specific functions */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* further data and type-specific functions */ /* funcs can be ASN1_PRIMITIVE_FUNCS*, ASN1_EXTERN_FUNCS*, or ASN1_AUX* */ - long size; /* Structure size (usually) */ - const char *sname; /* Structure name */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ }; /* @@ -618,42 +607,42 @@ */ struct ASN1_TLC_st { - char valid; /* Values below are valid */ - int ret; /* return value */ - long plen; /* length */ - int ptag; /* class value */ - int pclass; /* class value */ - int hdrlen; /* header length */ + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ }; /* Typedefs for ASN1 function pointers */ typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx); + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); typedef int ASN1_ex_d2i_ex(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, - const char *propq); + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq); typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); + const ASN1_ITEM *it, int tag, int aclass); typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef int ASN1_ex_new_ex_func(ASN1_VALUE **pval, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval, - int indent, const char *fname, - const ASN1_PCTX *pctx); + int indent, const char *fname, + const ASN1_PCTX *pctx); typedef int ASN1_primitive_i2c(const ASN1_VALUE **pval, unsigned char *cont, - int *putype, const ASN1_ITEM *it); + int *putype, const ASN1_ITEM *it); typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, - int len, int utype, char *free_cont, - const ASN1_ITEM *it); + int len, int utype, char *free_cont, + const ASN1_ITEM *it); typedef int ASN1_primitive_print(BIO *out, const ASN1_VALUE **pval, - const ASN1_ITEM *it, int indent, - const ASN1_PCTX *pctx); + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); typedef struct ASN1_EXTERN_FUNCS_st { void *app_data; @@ -696,17 +685,17 @@ */ typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, - void *exarg); + void *exarg); typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in, - const ASN1_ITEM *it, void *exarg); + const ASN1_ITEM *it, void *exarg); typedef struct ASN1_AUX_st { void *app_data; int flags; - int ref_offset; /* Offset of reference value */ - int ref_lock; /* Offset of lock value */ + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Offset of lock value */ ASN1_aux_cb *asn1_cb; - int enc_offset; /* Offset of ASN1_ENCODING structure */ + int enc_offset; /* Offset of ASN1_ENCODING structure */ ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */ } ASN1_AUX; @@ -730,143 +719,142 @@ /* Flags in ASN1_AUX */ /* Use a reference count */ -# define ASN1_AFLG_REFCOUNT 1 +#define ASN1_AFLG_REFCOUNT 1 /* Save the encoding of structure (useful for signatures) */ -# define ASN1_AFLG_ENCODING 2 +#define ASN1_AFLG_ENCODING 2 /* The Sequence length is invalid */ -# define ASN1_AFLG_BROKEN 4 +#define ASN1_AFLG_BROKEN 4 /* Use the new asn1_const_cb */ -# define ASN1_AFLG_CONST_CB 8 +#define ASN1_AFLG_CONST_CB 8 /* operation values for asn1_cb */ -# define ASN1_OP_NEW_PRE 0 -# define ASN1_OP_NEW_POST 1 -# define ASN1_OP_FREE_PRE 2 -# define ASN1_OP_FREE_POST 3 -# define ASN1_OP_D2I_PRE 4 -# define ASN1_OP_D2I_POST 5 -# define ASN1_OP_I2D_PRE 6 -# define ASN1_OP_I2D_POST 7 -# define ASN1_OP_PRINT_PRE 8 -# define ASN1_OP_PRINT_POST 9 -# define ASN1_OP_STREAM_PRE 10 -# define ASN1_OP_STREAM_POST 11 -# define ASN1_OP_DETACHED_PRE 12 -# define ASN1_OP_DETACHED_POST 13 -# define ASN1_OP_DUP_PRE 14 -# define ASN1_OP_DUP_POST 15 -# define ASN1_OP_GET0_LIBCTX 16 -# define ASN1_OP_GET0_PROPQ 17 +#define ASN1_OP_NEW_PRE 0 +#define ASN1_OP_NEW_POST 1 +#define ASN1_OP_FREE_PRE 2 +#define ASN1_OP_FREE_POST 3 +#define ASN1_OP_D2I_PRE 4 +#define ASN1_OP_D2I_POST 5 +#define ASN1_OP_I2D_PRE 6 +#define ASN1_OP_I2D_POST 7 +#define ASN1_OP_PRINT_PRE 8 +#define ASN1_OP_PRINT_POST 9 +#define ASN1_OP_STREAM_PRE 10 +#define ASN1_OP_STREAM_POST 11 +#define ASN1_OP_DETACHED_PRE 12 +#define ASN1_OP_DETACHED_POST 13 +#define ASN1_OP_DUP_PRE 14 +#define ASN1_OP_DUP_POST 15 +#define ASN1_OP_GET0_LIBCTX 16 +#define ASN1_OP_GET0_PROPQ 17 /* Macro to implement a primitive type */ -# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) -# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ - ASN1_ITEM_start(itname) \ - ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ - ASN1_ITEM_end(itname) +#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, \ + V_##vname, NULL, 0, NULL, ex, #itname ASN1_ITEM_end(itname) /* Macro to implement a multi string type */ -# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ - ASN1_ITEM_start(itname) \ - ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ - ASN1_ITEM_end(itname) - -# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ - ASN1_ITEM_start(sname) \ - ASN1_ITYPE_EXTERN, \ - tag, \ - NULL, \ - 0, \ - &fptrs, \ - 0, \ - #sname \ - ASN1_ITEM_end(sname) +#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, \ + mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname ASN1_ITEM_end(itname) + +#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname ASN1_ITEM_end(sname) /* Macro to implement standard functions in terms of ASN1_ITEM structures */ -# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) - -# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) - -# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ - IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) - -# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) - -# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) - -# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ - pre stname *fname##_new(void) \ - { \ - return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ - } \ - pre void fname##_free(stname *a) \ - { \ - ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ - } - -# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ - stname *fname##_new(void) \ - { \ - return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ - } \ - void fname##_free(stname *a) \ - { \ - ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ - } - -# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) - -# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ - } \ - int i2d_##fname(const stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } - -# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ - int i2d_##stname##_NDEF(const stname *a, unsigned char **out) \ - { \ - return ASN1_item_ndef_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ - } - -# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ - static stname *d2i_##stname(stname **a, \ - const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ - ASN1_ITEM_rptr(stname)); \ - } \ - static int i2d_##stname(const stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((const ASN1_VALUE *)a, out, \ - ASN1_ITEM_rptr(stname)); \ - } - -# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ - stname * stname##_dup(const stname *x) \ - { \ +#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname)); \ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname)); \ + } + +#define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname *stname##_dup(const stname *x) \ + { \ return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ - } + } -# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ - IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) +#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) -# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ - int fname##_print_ctx(BIO *out, const stname *x, int indent, \ - const ASN1_PCTX *pctx) \ - { \ - return ASN1_item_print(out, (const ASN1_VALUE *)x, indent, \ - ASN1_ITEM_rptr(itname), pctx); \ - } +#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (const ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } /* external definitions for primitive types */ @@ -885,7 +873,7 @@ DECLARE_ASN1_ITEM(UINT64) DECLARE_ASN1_ITEM(ZUINT64) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* * LONG and ZLONG are strongly discouraged for use as stored data, as the * underlying C type (long) differs in size depending on the architecture. @@ -893,12 +881,13 @@ */ DECLARE_ASN1_ITEM(LONG) DECLARE_ASN1_ITEM(ZLONG) -# endif +#endif +/* clang-format off */ {- generate_stack_macros("ASN1_VALUE"); -} - +/* clang-format on */ /* Functions used internally by the ASN1 code */ @@ -906,18 +895,18 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx); + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); + const ASN1_ITEM *it, int tag, int aclass); /* Legacy compatibility */ -# define IMPLEMENT_ASN1_FUNCTIONS_const(name) IMPLEMENT_ASN1_FUNCTIONS(name) -# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) +#define IMPLEMENT_ASN1_FUNCTIONS_const(name) IMPLEMENT_ASN1_FUNCTIONS(name) +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/async.h.orig +++ crypto/openssl/include/openssl/async.h @@ -10,44 +10,43 @@ #include #ifndef OPENSSL_ASYNC_H -# define OPENSSL_ASYNC_H -# pragma once +#define OPENSSL_ASYNC_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ASYNC_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ASYNC_H +#endif #if defined(_WIN32) -# if defined(BASETYPES) || defined(_WINDEF_H) +#if defined(BASETYPES) || defined(_WINDEF_H) /* application has to include to use this */ -#define OSSL_ASYNC_FD HANDLE -#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE -# endif +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +#endif #else -#define OSSL_ASYNC_FD int -#define OSSL_BAD_ASYNC_FD -1 +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 #endif -# include - +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif typedef struct async_job_st ASYNC_JOB; typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; typedef int (*ASYNC_callback_fn)(void *arg); -#define ASYNC_ERR 0 -#define ASYNC_NO_JOBS 1 -#define ASYNC_PAUSE 2 -#define ASYNC_FINISH 3 +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 -#define ASYNC_STATUS_UNSUPPORTED 0 -#define ASYNC_STATUS_ERR 1 -#define ASYNC_STATUS_OK 2 -#define ASYNC_STATUS_EAGAIN 3 +#define ASYNC_STATUS_UNSUPPORTED 0 +#define ASYNC_STATUS_ERR 1 +#define ASYNC_STATUS_OK 2 +#define ASYNC_STATUS_EAGAIN 3 int ASYNC_init_thread(size_t max_size, size_t init_size); void ASYNC_cleanup_thread(void); @@ -56,32 +55,32 @@ ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD fd, - void *custom_data, - void (*cleanup)(ASYNC_WAIT_CTX *, const void *, - OSSL_ASYNC_FD, void *)); + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD *fd, void **custom_data); + OSSL_ASYNC_FD *fd, void **custom_data); int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, - size_t *numfds); + size_t *numfds); int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, - ASYNC_callback_fn *callback, - void **callback_arg); + ASYNC_callback_fn *callback, + void **callback_arg); int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, - ASYNC_callback_fn callback, - void *callback_arg); + ASYNC_callback_fn callback, + void *callback_arg); int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status); int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx); int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, - size_t *numaddfds, OSSL_ASYNC_FD *delfd, - size_t *numdelfds); + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); #endif int ASYNC_is_capable(void); int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, - int (*func)(void *), void *args, size_t size); + int (*func)(void *), void *args, size_t size); int ASYNC_pause_job(void); ASYNC_JOB *ASYNC_get_current_job(void); @@ -89,8 +88,7 @@ void ASYNC_block_pause(void); void ASYNC_unblock_pause(void); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/asyncerr.h.orig +++ crypto/openssl/include/openssl/asyncerr.h @@ -9,21 +9,19 @@ */ #ifndef OPENSSL_ASYNCERR_H -# define OPENSSL_ASYNCERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_ASYNCERR_H +#pragma once +#include +#include +#include /* * ASYNC reason codes. */ -# define ASYNC_R_FAILED_TO_SET_POOL 101 -# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 -# define ASYNC_R_INIT_FAILED 105 -# define ASYNC_R_INVALID_POOL_SIZE 103 +#define ASYNC_R_FAILED_TO_SET_POOL 101 +#define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +#define ASYNC_R_INIT_FAILED 105 +#define ASYNC_R_INVALID_POOL_SIZE 103 #endif --- crypto/openssl/include/openssl/bio.h.orig +++ crypto/openssl/include/openssl/bio.h @@ -9,149 +9,151 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_BIO_H -# define OPENSSL_BIO_H -# pragma once +#define OPENSSL_BIO_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_BIO_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_BIO_H +#endif -# include +#include -# ifndef OPENSSL_NO_STDIO -# include -# endif -# include +#ifndef OPENSSL_NO_STDIO +#include +#endif +#include -# include -# include -# include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif /* There are the classes of BIOs */ -# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ -# define BIO_TYPE_FILTER 0x0200 -# define BIO_TYPE_SOURCE_SINK 0x0400 +#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +#define BIO_TYPE_FILTER 0x0200 +#define BIO_TYPE_SOURCE_SINK 0x0400 /* These are the 'types' of BIOs */ -# define BIO_TYPE_NONE 0 -# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) -# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) - -# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) -# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) -# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) -# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) -# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) -# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) -# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) - -# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ -# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) -# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ -# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) -# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) -# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) -# ifndef OPENSSL_NO_SCTP -# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# endif -# define BIO_TYPE_CORE_TO_PROV (25|BIO_TYPE_SOURCE_SINK) - -#define BIO_TYPE_START 128 +#define BIO_TYPE_NONE 0 +#define BIO_TYPE_MEM (1 | BIO_TYPE_SOURCE_SINK) +#define BIO_TYPE_FILE (2 | BIO_TYPE_SOURCE_SINK) + +#define BIO_TYPE_FD (4 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#define BIO_TYPE_SOCKET (5 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#define BIO_TYPE_NULL (6 | BIO_TYPE_SOURCE_SINK) +#define BIO_TYPE_SSL (7 | BIO_TYPE_FILTER) +#define BIO_TYPE_MD (8 | BIO_TYPE_FILTER) +#define BIO_TYPE_BUFFER (9 | BIO_TYPE_FILTER) +#define BIO_TYPE_CIPHER (10 | BIO_TYPE_FILTER) +#define BIO_TYPE_BASE64 (11 | BIO_TYPE_FILTER) +#define BIO_TYPE_CONNECT (12 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#define BIO_TYPE_ACCEPT (13 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) + +#define BIO_TYPE_NBIO_TEST (16 | BIO_TYPE_FILTER) /* server proxy BIO */ +#define BIO_TYPE_NULL_FILTER (17 | BIO_TYPE_FILTER) +#define BIO_TYPE_BIO (19 | BIO_TYPE_SOURCE_SINK) /* half a BIO pair */ +#define BIO_TYPE_LINEBUFFER (20 | BIO_TYPE_FILTER) +#define BIO_TYPE_DGRAM (21 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#define BIO_TYPE_ASN1 (22 | BIO_TYPE_FILTER) +#define BIO_TYPE_COMP (23 | BIO_TYPE_FILTER) +#ifndef OPENSSL_NO_SCTP +#define BIO_TYPE_DGRAM_SCTP (24 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#endif +#define BIO_TYPE_CORE_TO_PROV (25 | BIO_TYPE_SOURCE_SINK) + +#define BIO_TYPE_START 128 /* * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. * BIO_set_fp(in,stdin,BIO_NOCLOSE); */ -# define BIO_NOCLOSE 0x00 -# define BIO_CLOSE 0x01 +#define BIO_NOCLOSE 0x00 +#define BIO_CLOSE 0x01 /* * These are used in the following macros and are passed to BIO_ctrl() */ -# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ -# define BIO_CTRL_EOF 2/* opt - are we at the eof */ -# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ -# define BIO_CTRL_SET 4/* man - set the 'IO' type */ -# define BIO_CTRL_GET 5/* man - get the 'IO' type */ -# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ -# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ -# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ -# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ -# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ -# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ -# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ -# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ -# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ -# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ - -# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ -# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ +#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */ +#define BIO_CTRL_EOF 2 /* opt - are we at the eof */ +#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ +#define BIO_CTRL_SET 4 /* man - set the 'IO' type */ +#define BIO_CTRL_GET 5 /* man - get the 'IO' type */ +#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ +#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ +#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ +#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ +#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ +#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */ +#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */ +#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */ +#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */ +#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */ + +#define BIO_CTRL_PEEK 29 /* BIO_f_buffer special */ +#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ /* dgram BIO stuff */ -# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ -# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected +#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally connected \ * socket to be passed in */ -# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ -# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ -# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ -# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ +#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ +#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ -# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ -# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation timed out */ +#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation timed out */ /* #ifdef IP_MTU_DISCOVER */ -# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ /* #endif */ -# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ -# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 -# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ -# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. - * want to use this if asking - * the kernel fails */ +#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ +#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ +#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for MTU. \ + * want to use this if asking \ + * the kernel fails */ -# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was - * exceed in the previous write - * operation */ +#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU was \ + * exceed in the previous write \ + * operation */ -# define BIO_CTRL_DGRAM_GET_PEER 46 -# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ +#define BIO_CTRL_DGRAM_GET_PEER 46 +#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ -# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout - * to adjust socket timeouts */ -# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 +#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout \ + * to adjust socket timeouts */ +#define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 -# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 +#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 /* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ -# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 -# ifndef OPENSSL_NO_SCTP +#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +#ifndef OPENSSL_NO_SCTP /* SCTP stuff */ -# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 -# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 -# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 -# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 -# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 -# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 -# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 -# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 -# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 -# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 -# endif - -# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 +#define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +#define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +#define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +#define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +#define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +#define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +#define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +#define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +#define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +#define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +#endif + +#define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 /* * internal BIO: @@ -160,53 +162,53 @@ * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 */ -# define BIO_CTRL_GET_KTLS_SEND 73 -# define BIO_CTRL_GET_KTLS_RECV 76 +#define BIO_CTRL_GET_KTLS_SEND 73 +#define BIO_CTRL_GET_KTLS_RECV 76 -# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 -# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 +#define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 +#define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 /* BIO_f_prefix controls */ -# define BIO_CTRL_SET_PREFIX 79 -# define BIO_CTRL_SET_INDENT 80 -# define BIO_CTRL_GET_INDENT 81 - -# ifndef OPENSSL_NO_KTLS -# define BIO_get_ktls_send(b) \ - (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) -# define BIO_get_ktls_recv(b) \ - (BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) > 0) -# else -# define BIO_get_ktls_send(b) (0) -# define BIO_get_ktls_recv(b) (0) -# endif +#define BIO_CTRL_SET_PREFIX 79 +#define BIO_CTRL_SET_INDENT 80 +#define BIO_CTRL_GET_INDENT 81 + +#ifndef OPENSSL_NO_KTLS +#define BIO_get_ktls_send(b) \ + (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) +#define BIO_get_ktls_recv(b) \ + (BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) > 0) +#else +#define BIO_get_ktls_send(b) (0) +#define BIO_get_ktls_recv(b) (0) +#endif /* modifiers */ -# define BIO_FP_READ 0x02 -# define BIO_FP_WRITE 0x04 -# define BIO_FP_APPEND 0x08 -# define BIO_FP_TEXT 0x10 - -# define BIO_FLAGS_READ 0x01 -# define BIO_FLAGS_WRITE 0x02 -# define BIO_FLAGS_IO_SPECIAL 0x04 -# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) -# define BIO_FLAGS_SHOULD_RETRY 0x08 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#define BIO_FP_READ 0x02 +#define BIO_FP_WRITE 0x04 +#define BIO_FP_APPEND 0x08 +#define BIO_FP_TEXT 0x10 + +#define BIO_FLAGS_READ 0x01 +#define BIO_FLAGS_WRITE 0x02 +#define BIO_FLAGS_IO_SPECIAL 0x04 +#define BIO_FLAGS_RWS (BIO_FLAGS_READ | BIO_FLAGS_WRITE | BIO_FLAGS_IO_SPECIAL) +#define BIO_FLAGS_SHOULD_RETRY 0x08 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* This #define was replaced by an internal constant and should not be used. */ -# define BIO_FLAGS_UPLINK 0 -# endif +#define BIO_FLAGS_UPLINK 0 +#endif -# define BIO_FLAGS_BASE64_NO_NL 0x100 +#define BIO_FLAGS_BASE64_NO_NL 0x100 /* * This is used with memory BIOs: * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. */ -# define BIO_FLAGS_MEM_RDONLY 0x200 -# define BIO_FLAGS_NONCLEAR_RST 0x400 -# define BIO_FLAGS_IN_EOF 0x800 +#define BIO_FLAGS_MEM_RDONLY 0x200 +#define BIO_FLAGS_NONCLEAR_RST 0x400 +#define BIO_FLAGS_IN_EOF 0x800 /* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */ @@ -218,26 +220,26 @@ int BIO_test_flags(const BIO *b, int flags); void BIO_clear_flags(BIO *b, int flags); -# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) -# define BIO_set_retry_special(b) \ - BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) -# define BIO_set_retry_read(b) \ - BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) -# define BIO_set_retry_write(b) \ - BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +#define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY)) +#define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY)) +#define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY)) /* These are normally used internally in BIOs */ -# define BIO_clear_retry_flags(b) \ - BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) -# define BIO_get_retry_flags(b) \ - BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS | BIO_FLAGS_SHOULD_RETRY)) +#define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS | BIO_FLAGS_SHOULD_RETRY)) /* These should be used by the application to tell why we should retry */ -# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) -# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) -# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) -# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) -# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) +#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) /* * The next three are used in conjunction with the BIO_should_io_special() @@ -249,46 +251,46 @@ /* * Returned from the SSL bio when the certificate retrieval code had an error */ -# define BIO_RR_SSL_X509_LOOKUP 0x01 +#define BIO_RR_SSL_X509_LOOKUP 0x01 /* Returned from the connect BIO when a connect would have blocked */ -# define BIO_RR_CONNECT 0x02 +#define BIO_RR_CONNECT 0x02 /* Returned from the accept BIO when an accept would have blocked */ -# define BIO_RR_ACCEPT 0x03 +#define BIO_RR_ACCEPT 0x03 /* These are passed by the BIO callback */ -# define BIO_CB_FREE 0x01 -# define BIO_CB_READ 0x02 -# define BIO_CB_WRITE 0x03 -# define BIO_CB_PUTS 0x04 -# define BIO_CB_GETS 0x05 -# define BIO_CB_CTRL 0x06 +#define BIO_CB_FREE 0x01 +#define BIO_CB_READ 0x02 +#define BIO_CB_WRITE 0x03 +#define BIO_CB_PUTS 0x04 +#define BIO_CB_GETS 0x05 +#define BIO_CB_CTRL 0x06 /* * The callback is called before and after the underling operation, The * BIO_CB_RETURN flag indicates if it is after the call */ -# define BIO_CB_RETURN 0x80 -# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) -# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) -# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) +#define BIO_CB_RETURN 0x80 +#define BIO_CB_return(a) ((a) | BIO_CB_RETURN) +#define BIO_cb_pre(a) (!((a) & BIO_CB_RETURN)) +#define BIO_cb_post(a) ((a) & BIO_CB_RETURN) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, - long argl, long ret); + long argl, long ret); OSSL_DEPRECATEDIN_3_0 BIO_callback_fn BIO_get_callback(const BIO *b); OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback); OSSL_DEPRECATEDIN_3_0 long BIO_debug_callback(BIO *bio, int cmd, - const char *argp, int argi, - long argl, long ret); -# endif + const char *argp, int argi, + long argl, long ret); +#endif typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, - size_t len, int argi, - long argl, int ret, size_t *processed); + size_t len, int argi, + long argl, int ret, size_t *processed); BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); long BIO_debug_callback_ex(BIO *bio, int oper, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed); + int argi, long argl, int ret, size_t *processed); char *BIO_get_callback_arg(const BIO *b); void BIO_set_callback_arg(BIO *b, char *arg); @@ -299,8 +301,9 @@ int BIO_method_type(const BIO *b); typedef int BIO_info_cb(BIO *, int, int); -typedef BIO_info_cb bio_info_cb; /* backward compatibility */ +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(BIO, BIO, BIO) #define sk_BIO_num(sk) OPENSSL_sk_num(ossl_check_const_BIO_sk_type(sk)) #define sk_BIO_value(sk, idx) ((BIO *)OPENSSL_sk_value(ossl_check_const_BIO_sk_type(sk), (idx))) @@ -328,16 +331,16 @@ #define sk_BIO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(BIO) *)OPENSSL_sk_deep_copy(ossl_check_const_BIO_sk_type(sk), ossl_check_BIO_copyfunc_type(copyfunc), ossl_check_BIO_freefunc_type(freefunc))) #define sk_BIO_set_cmp_func(sk, cmp) ((sk_BIO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_BIO_sk_type(sk), ossl_check_BIO_compfunc_type(cmp))) - +/* clang-format on */ /* Prefix and suffix callback in ASN1 BIO */ -typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, - void *parg); +typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, + void *parg); -typedef void (*BIO_dgram_sctp_notification_handler_fn) (BIO *b, - void *context, - void *buf); -# ifndef OPENSSL_NO_SCTP +typedef void (*BIO_dgram_sctp_notification_handler_fn)(BIO *b, + void *context, + void *buf); +#ifndef OPENSSL_NO_SCTP /* SCTP parameter structs */ struct bio_dgram_sctp_sndinfo { uint16_t snd_sid; @@ -360,161 +363,161 @@ uint16_t pr_policy; uint32_t pr_value; }; -# endif +#endif /* * #define BIO_CONN_get_param_hostname BIO_ctrl */ -# define BIO_C_SET_CONNECT 100 -# define BIO_C_DO_STATE_MACHINE 101 -# define BIO_C_SET_NBIO 102 +#define BIO_C_SET_CONNECT 100 +#define BIO_C_DO_STATE_MACHINE 101 +#define BIO_C_SET_NBIO 102 /* # define BIO_C_SET_PROXY_PARAM 103 */ -# define BIO_C_SET_FD 104 -# define BIO_C_GET_FD 105 -# define BIO_C_SET_FILE_PTR 106 -# define BIO_C_GET_FILE_PTR 107 -# define BIO_C_SET_FILENAME 108 -# define BIO_C_SET_SSL 109 -# define BIO_C_GET_SSL 110 -# define BIO_C_SET_MD 111 -# define BIO_C_GET_MD 112 -# define BIO_C_GET_CIPHER_STATUS 113 -# define BIO_C_SET_BUF_MEM 114 -# define BIO_C_GET_BUF_MEM_PTR 115 -# define BIO_C_GET_BUFF_NUM_LINES 116 -# define BIO_C_SET_BUFF_SIZE 117 -# define BIO_C_SET_ACCEPT 118 -# define BIO_C_SSL_MODE 119 -# define BIO_C_GET_MD_CTX 120 +#define BIO_C_SET_FD 104 +#define BIO_C_GET_FD 105 +#define BIO_C_SET_FILE_PTR 106 +#define BIO_C_GET_FILE_PTR 107 +#define BIO_C_SET_FILENAME 108 +#define BIO_C_SET_SSL 109 +#define BIO_C_GET_SSL 110 +#define BIO_C_SET_MD 111 +#define BIO_C_GET_MD 112 +#define BIO_C_GET_CIPHER_STATUS 113 +#define BIO_C_SET_BUF_MEM 114 +#define BIO_C_GET_BUF_MEM_PTR 115 +#define BIO_C_GET_BUFF_NUM_LINES 116 +#define BIO_C_SET_BUFF_SIZE 117 +#define BIO_C_SET_ACCEPT 118 +#define BIO_C_SSL_MODE 119 +#define BIO_C_GET_MD_CTX 120 /* # define BIO_C_GET_PROXY_PARAM 121 */ -# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ -# define BIO_C_GET_CONNECT 123 -# define BIO_C_GET_ACCEPT 124 -# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 -# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 -# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 -# define BIO_C_FILE_SEEK 128 -# define BIO_C_GET_CIPHER_CTX 129 -# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input - * value */ -# define BIO_C_SET_BIND_MODE 131 -# define BIO_C_GET_BIND_MODE 132 -# define BIO_C_FILE_TELL 133 -# define BIO_C_GET_SOCKS 134 -# define BIO_C_SET_SOCKS 135 - -# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ -# define BIO_C_GET_WRITE_BUF_SIZE 137 -# define BIO_C_MAKE_BIO_PAIR 138 -# define BIO_C_DESTROY_BIO_PAIR 139 -# define BIO_C_GET_WRITE_GUARANTEE 140 -# define BIO_C_GET_READ_REQUEST 141 -# define BIO_C_SHUTDOWN_WR 142 -# define BIO_C_NREAD0 143 -# define BIO_C_NREAD 144 -# define BIO_C_NWRITE0 145 -# define BIO_C_NWRITE 146 -# define BIO_C_RESET_READ_REQUEST 147 -# define BIO_C_SET_MD_CTX 148 - -# define BIO_C_SET_PREFIX 149 -# define BIO_C_GET_PREFIX 150 -# define BIO_C_SET_SUFFIX 151 -# define BIO_C_GET_SUFFIX 152 - -# define BIO_C_SET_EX_ARG 153 -# define BIO_C_GET_EX_ARG 154 - -# define BIO_C_SET_CONNECT_MODE 155 - -# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) -# define BIO_get_app_data(s) BIO_get_ex_data(s,0) - -# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) - -# ifndef OPENSSL_NO_SOCK +#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */ +#define BIO_C_GET_CONNECT 123 +#define BIO_C_GET_ACCEPT 124 +#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +#define BIO_C_FILE_SEEK 128 +#define BIO_C_GET_CIPHER_CTX 129 +#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 /* return end of input \ + * value */ +#define BIO_C_SET_BIND_MODE 131 +#define BIO_C_GET_BIND_MODE 132 +#define BIO_C_FILE_TELL 133 +#define BIO_C_GET_SOCKS 134 +#define BIO_C_SET_SOCKS 135 + +#define BIO_C_SET_WRITE_BUF_SIZE 136 /* for BIO_s_bio */ +#define BIO_C_GET_WRITE_BUF_SIZE 137 +#define BIO_C_MAKE_BIO_PAIR 138 +#define BIO_C_DESTROY_BIO_PAIR 139 +#define BIO_C_GET_WRITE_GUARANTEE 140 +#define BIO_C_GET_READ_REQUEST 141 +#define BIO_C_SHUTDOWN_WR 142 +#define BIO_C_NREAD0 143 +#define BIO_C_NREAD 144 +#define BIO_C_NWRITE0 145 +#define BIO_C_NWRITE 146 +#define BIO_C_RESET_READ_REQUEST 147 +#define BIO_C_SET_MD_CTX 148 + +#define BIO_C_SET_PREFIX 149 +#define BIO_C_GET_PREFIX 150 +#define BIO_C_SET_SUFFIX 151 +#define BIO_C_GET_SUFFIX 152 + +#define BIO_C_SET_EX_ARG 153 +#define BIO_C_GET_EX_ARG 154 + +#define BIO_C_SET_CONNECT_MODE 155 + +#define BIO_set_app_data(s, arg) BIO_set_ex_data(s, 0, arg) +#define BIO_get_app_data(s) BIO_get_ex_data(s, 0) + +#define BIO_set_nbio(b, n) BIO_ctrl(b, BIO_C_SET_NBIO, (n), NULL) + +#ifndef OPENSSL_NO_SOCK /* IP families we support, for BIO_s_connect() and BIO_s_accept() */ /* Note: the underlying operating system may not support some of them */ -# define BIO_FAMILY_IPV4 4 -# define BIO_FAMILY_IPV6 6 -# define BIO_FAMILY_IPANY 256 +#define BIO_FAMILY_IPV4 4 +#define BIO_FAMILY_IPV6 6 +#define BIO_FAMILY_IPANY 256 /* BIO_s_connect() */ -# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ - (char *)(name)) -# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ - (char *)(port)) -# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ - (char *)(addr)) -# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) -# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) -# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) -# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) -# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) -# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) +#define BIO_set_conn_hostname(b, name) BIO_ctrl(b, BIO_C_SET_CONNECT, 0, \ + (char *)(name)) +#define BIO_set_conn_port(b, port) BIO_ctrl(b, BIO_C_SET_CONNECT, 1, \ + (char *)(port)) +#define BIO_set_conn_address(b, addr) BIO_ctrl(b, BIO_C_SET_CONNECT, 2, \ + (char *)(addr)) +#define BIO_set_conn_ip_family(b, f) BIO_int_ctrl(b, BIO_C_SET_CONNECT, 3, f) +#define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_CONNECT, 0)) +#define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_CONNECT, 1)) +#define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b, BIO_C_GET_CONNECT, 2)) +#define BIO_get_conn_ip_family(b) BIO_ctrl(b, BIO_C_GET_CONNECT, 3, NULL) +#define BIO_set_conn_mode(b, n) BIO_ctrl(b, BIO_C_SET_CONNECT_MODE, (n), NULL) /* BIO_s_accept() */ -# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ - (char *)(name)) -# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ - (char *)(port)) -# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) -# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) -# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) -# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +#define BIO_set_accept_name(b, name) BIO_ctrl(b, BIO_C_SET_ACCEPT, 0, \ + (char *)(name)) +#define BIO_set_accept_port(b, port) BIO_ctrl(b, BIO_C_SET_ACCEPT, 1, \ + (char *)(port)) +#define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_ACCEPT, 0)) +#define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_ACCEPT, 1)) +#define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_ACCEPT, 2)) +#define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_ACCEPT, 3)) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ -# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) -# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ - (char *)(bio)) -# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) -# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +#define BIO_set_nbio_accept(b, n) BIO_ctrl(b, BIO_C_SET_ACCEPT, 2, (n) ? (void *)"a" : NULL) +#define BIO_set_accept_bios(b, bio) BIO_ctrl(b, BIO_C_SET_ACCEPT, 3, \ + (char *)(bio)) +#define BIO_set_accept_ip_family(b, f) BIO_int_ctrl(b, BIO_C_SET_ACCEPT, 4, f) +#define BIO_get_accept_ip_family(b) BIO_ctrl(b, BIO_C_GET_ACCEPT, 4, NULL) /* Aliases kept for backward compatibility */ -# define BIO_BIND_NORMAL 0 -# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR -# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR -# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) -# endif /* OPENSSL_NO_SOCK */ +#define BIO_BIND_NORMAL 0 +#define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +#define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +#define BIO_set_bind_mode(b, mode) BIO_ctrl(b, BIO_C_SET_BIND_MODE, mode, NULL) +#define BIO_get_bind_mode(b) BIO_ctrl(b, BIO_C_GET_BIND_MODE, 0, NULL) +#endif /* OPENSSL_NO_SOCK */ -# define BIO_do_connect(b) BIO_do_handshake(b) -# define BIO_do_accept(b) BIO_do_handshake(b) +#define BIO_do_connect(b) BIO_do_handshake(b) +#define BIO_do_accept(b) BIO_do_handshake(b) -# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) +#define BIO_do_handshake(b) BIO_ctrl(b, BIO_C_DO_STATE_MACHINE, 0, NULL) /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ -# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) -# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) +#define BIO_set_fd(b, fd, c) BIO_int_ctrl(b, BIO_C_SET_FD, c, fd) +#define BIO_get_fd(b, c) BIO_ctrl(b, BIO_C_GET_FD, 0, (char *)(c)) /* BIO_s_file() */ -# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) -# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) +#define BIO_set_fp(b, fp, c) BIO_ctrl(b, BIO_C_SET_FILE_PTR, c, (char *)(fp)) +#define BIO_get_fp(b, fpp) BIO_ctrl(b, BIO_C_GET_FILE_PTR, 0, (char *)(fpp)) /* BIO_s_fd() and BIO_s_file() */ -# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) -# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) +#define BIO_seek(b, ofs) (int)BIO_ctrl(b, BIO_C_FILE_SEEK, ofs, NULL) +#define BIO_tell(b) (int)BIO_ctrl(b, BIO_C_FILE_TELL, 0, NULL) /* * name is cast to lose const, but might be better to route through a * function so we can do it safely */ -# ifdef CONST_STRICT +#ifdef CONST_STRICT /* * If you are wondering why this isn't defined, its because CONST_STRICT is * purely a compile-time kludge to allow const to be checked. */ int BIO_read_filename(BIO *b, const char *name); -# else -# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ,(char *)(name)) -# endif -# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_WRITE,name) -# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_APPEND,name) -# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) +#else +#define BIO_read_filename(b, name) (int)BIO_ctrl(b, BIO_C_SET_FILENAME, \ + BIO_CLOSE | BIO_FP_READ, (char *)(name)) +#endif +#define BIO_write_filename(b, name) (int)BIO_ctrl(b, BIO_C_SET_FILENAME, \ + BIO_CLOSE | BIO_FP_WRITE, name) +#define BIO_append_filename(b, name) (int)BIO_ctrl(b, BIO_C_SET_FILENAME, \ + BIO_CLOSE | BIO_FP_APPEND, name) +#define BIO_rw_filename(b, name) (int)BIO_ctrl(b, BIO_C_SET_FILENAME, \ + BIO_CLOSE | BIO_FP_READ | BIO_FP_WRITE, name) /* * WARNING WARNING, this ups the reference count on the read bio of the SSL @@ -522,87 +525,87 @@ * next_bio field in the bio. So when you free the BIO, make sure you are * doing a BIO_free_all() to catch the underlying BIO. */ -# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) -# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) -# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) -# define BIO_set_ssl_renegotiate_bytes(b,num) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) -# define BIO_get_num_renegotiates(b) \ - BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) -# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) +#define BIO_set_ssl(b, ssl, c) BIO_ctrl(b, BIO_C_SET_SSL, c, (char *)(ssl)) +#define BIO_get_ssl(b, sslp) BIO_ctrl(b, BIO_C_GET_SSL, 0, (char *)(sslp)) +#define BIO_set_ssl_mode(b, client) BIO_ctrl(b, BIO_C_SSL_MODE, client, NULL) +#define BIO_set_ssl_renegotiate_bytes(b, num) \ + BIO_ctrl(b, BIO_C_SET_SSL_RENEGOTIATE_BYTES, num, NULL) +#define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b, BIO_C_GET_SSL_NUM_RENEGOTIATES, 0, NULL) +#define BIO_set_ssl_renegotiate_timeout(b, seconds) \ + BIO_ctrl(b, BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT, seconds, NULL) /* defined in evp.h */ /* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ -# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) -# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) -# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ - (char *)(pp)) -# define BIO_set_mem_eof_return(b,v) \ - BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) +#define BIO_get_mem_data(b, pp) BIO_ctrl(b, BIO_CTRL_INFO, 0, (char *)(pp)) +#define BIO_set_mem_buf(b, bm, c) BIO_ctrl(b, BIO_C_SET_BUF_MEM, c, (char *)(bm)) +#define BIO_get_mem_ptr(b, pp) BIO_ctrl(b, BIO_C_GET_BUF_MEM_PTR, 0, \ + (char *)(pp)) +#define BIO_set_mem_eof_return(b, v) \ + BIO_ctrl(b, BIO_C_SET_BUF_MEM_EOF_RETURN, v, NULL) /* For the BIO_f_buffer() type */ -# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) -# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) -# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) -# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) -# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) +#define BIO_get_buffer_num_lines(b) BIO_ctrl(b, BIO_C_GET_BUFF_NUM_LINES, 0, NULL) +#define BIO_set_buffer_size(b, size) BIO_ctrl(b, BIO_C_SET_BUFF_SIZE, size, NULL) +#define BIO_set_read_buffer_size(b, size) BIO_int_ctrl(b, BIO_C_SET_BUFF_SIZE, size, 0) +#define BIO_set_write_buffer_size(b, size) BIO_int_ctrl(b, BIO_C_SET_BUFF_SIZE, size, 1) +#define BIO_set_buffer_read_data(b, buf, num) BIO_ctrl(b, BIO_C_SET_BUFF_READ_DATA, num, buf) /* Don't use the next one unless you know what you are doing :-) */ -# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) - -# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) -# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) -# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) -# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) -# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) -# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +#define BIO_dup_state(b, ret) BIO_ctrl(b, BIO_CTRL_DUP, 0, (char *)(ret)) + +#define BIO_reset(b) (int)BIO_ctrl(b, BIO_CTRL_RESET, 0, NULL) +#define BIO_eof(b) (int)BIO_ctrl(b, BIO_CTRL_EOF, 0, NULL) +#define BIO_set_close(b, c) (int)BIO_ctrl(b, BIO_CTRL_SET_CLOSE, (c), NULL) +#define BIO_get_close(b) (int)BIO_ctrl(b, BIO_CTRL_GET_CLOSE, 0, NULL) +#define BIO_pending(b) (int)BIO_ctrl(b, BIO_CTRL_PENDING, 0, NULL) +#define BIO_wpending(b) (int)BIO_ctrl(b, BIO_CTRL_WPENDING, 0, NULL) /* ...pending macros have inappropriate return type */ size_t BIO_ctrl_pending(BIO *b); size_t BIO_ctrl_wpending(BIO *b); -# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) -# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ - cbp) -# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) +#define BIO_flush(b) (int)BIO_ctrl(b, BIO_CTRL_FLUSH, 0, NULL) +#define BIO_get_info_callback(b, cbp) (int)BIO_ctrl(b, BIO_CTRL_GET_CALLBACK, 0, \ + cbp) +#define BIO_set_info_callback(b, cb) (int)BIO_callback_ctrl(b, BIO_CTRL_SET_CALLBACK, cb) /* For the BIO_f_buffer() type */ -# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) -# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) +#define BIO_buffer_get_num_lines(b) BIO_ctrl(b, BIO_CTRL_GET, 0, NULL) +#define BIO_buffer_peek(b, s, l) BIO_ctrl(b, BIO_CTRL_PEEK, (l), (s)) /* For BIO_s_bio() */ -# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) -# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) -# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) -# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) -# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +#define BIO_set_write_buf_size(b, size) (int)BIO_ctrl(b, BIO_C_SET_WRITE_BUF_SIZE, size, NULL) +#define BIO_get_write_buf_size(b, size) (size_t)BIO_ctrl(b, BIO_C_GET_WRITE_BUF_SIZE, size, NULL) +#define BIO_make_bio_pair(b1, b2) (int)BIO_ctrl(b1, BIO_C_MAKE_BIO_PAIR, 0, b2) +#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b, BIO_C_DESTROY_BIO_PAIR, 0, NULL) +#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) /* macros with inappropriate type -- but ...pending macros use int too: */ -# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) -# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b, BIO_C_GET_WRITE_GUARANTEE, 0, NULL) +#define BIO_get_read_request(b) (int)BIO_ctrl(b, BIO_C_GET_READ_REQUEST, 0, NULL) size_t BIO_ctrl_get_write_guarantee(BIO *b); size_t BIO_ctrl_get_read_request(BIO *b); int BIO_ctrl_reset_read_request(BIO *b); /* ctrl macros for dgram */ -# define BIO_ctrl_dgram_connect(b,peer) \ - (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) -# define BIO_ctrl_set_connected(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) -# define BIO_dgram_recv_timedout(b) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) -# define BIO_dgram_send_timedout(b) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) -# define BIO_dgram_get_peer(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) -# define BIO_dgram_set_peer(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) -# define BIO_dgram_get_mtu_overhead(b) \ - (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) +#define BIO_ctrl_dgram_connect(b, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, (char *)(peer)) +#define BIO_ctrl_set_connected(b, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +#define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +#define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +#define BIO_dgram_get_peer(b, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +#define BIO_dgram_set_peer(b, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +#define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) /* ctrl macros for BIO_f_prefix */ -# define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) -# define BIO_set_indent(b,i) BIO_ctrl((b), BIO_CTRL_SET_INDENT, (i), NULL) -# define BIO_get_indent(b) BIO_ctrl((b), BIO_CTRL_GET_INDENT, 0, NULL) +#define BIO_set_prefix(b, p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) +#define BIO_set_indent(b, i) BIO_ctrl((b), BIO_CTRL_SET_INDENT, (i), NULL) +#define BIO_get_indent(b) BIO_ctrl((b), BIO_CTRL_GET_INDENT, 0, NULL) #define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) @@ -613,20 +616,20 @@ /* For BIO_f_asn1() */ int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, - asn1_ps_func *prefix_free); + asn1_ps_func *prefix_free); int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, - asn1_ps_func **pprefix_free); + asn1_ps_func **pprefix_free); int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, - asn1_ps_func *suffix_free); + asn1_ps_func *suffix_free); int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, - asn1_ps_func **psuffix_free); + asn1_ps_func **psuffix_free); const BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO BIO *BIO_new_fp(FILE *stream, int close_flag); -# endif +#endif BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method); BIO *BIO_new(const BIO_METHOD *type); int BIO_free(BIO *a); @@ -669,11 +672,11 @@ const BIO_METHOD *BIO_s_mem(void); const BIO_METHOD *BIO_s_secmem(void); BIO *BIO_new_mem_buf(const void *buf, int len); -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK const BIO_METHOD *BIO_s_socket(void); const BIO_METHOD *BIO_s_connect(void); const BIO_METHOD *BIO_s_accept(void); -# endif +#endif const BIO_METHOD *BIO_s_fd(void); const BIO_METHOD *BIO_s_log(void); const BIO_METHOD *BIO_s_bio(void); @@ -685,49 +688,49 @@ const BIO_METHOD *BIO_f_nbio_test(void); const BIO_METHOD *BIO_f_prefix(void); const BIO_METHOD *BIO_s_core(void); -# ifndef OPENSSL_NO_DGRAM +#ifndef OPENSSL_NO_DGRAM const BIO_METHOD *BIO_s_datagram(void); int BIO_dgram_non_fatal_error(int error); BIO *BIO_new_dgram(int fd, int close_flag); -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP const BIO_METHOD *BIO_s_datagram_sctp(void); BIO *BIO_new_dgram_sctp(int fd, int close_flag); int BIO_dgram_is_sctp(BIO *bio); int BIO_dgram_sctp_notification_cb(BIO *b, - BIO_dgram_sctp_notification_handler_fn handle_notifications, - void *context); + BIO_dgram_sctp_notification_handler_fn handle_notifications, + void *context); int BIO_dgram_sctp_wait_for_dry(BIO *b); int BIO_dgram_sctp_msg_waiting(BIO *b); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK int BIO_sock_should_retry(int i); int BIO_sock_non_fatal_error(int error); int BIO_socket_wait(int fd, int for_read, time_t max_time); -# endif +#endif int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds); int BIO_fd_should_retry(int i); int BIO_fd_non_fatal_error(int error); -int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const void *s, int len); -int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const void *s, int len, int indent); +int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const void *s, int len); +int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const void *s, int len, int indent); int BIO_dump(BIO *b, const void *bytes, int len); int BIO_dump_indent(BIO *b, const void *bytes, int len, int indent); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int BIO_dump_fp(FILE *fp, const void *s, int len); int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent); -# endif +#endif int BIO_hex_string(BIO *out, int indent, int width, const void *data, - int datalen); + int datalen); -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK BIO_ADDR *BIO_ADDR_new(void); int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, - const void *where, size_t wherelen, unsigned short port); + const void *where, size_t wherelen, unsigned short port); void BIO_ADDR_free(BIO_ADDR *); void BIO_ADDR_clear(BIO_ADDR *ap); int BIO_ADDR_family(const BIO_ADDR *ap); @@ -745,34 +748,38 @@ void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); enum BIO_hostserv_priorities { - BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV + BIO_PARSE_PRIO_HOST, + BIO_PARSE_PRIO_SERV }; int BIO_parse_hostserv(const char *hostserv, char **host, char **service, - enum BIO_hostserv_priorities hostserv_prio); + enum BIO_hostserv_priorities hostserv_prio); enum BIO_lookup_type { - BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER + BIO_LOOKUP_CLIENT, + BIO_LOOKUP_SERVER }; int BIO_lookup(const char *host, const char *service, - enum BIO_lookup_type lookup_type, - int family, int socktype, BIO_ADDRINFO **res); + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); int BIO_lookup_ex(const char *host, const char *service, - int lookup_type, int family, int socktype, int protocol, - BIO_ADDRINFO **res); + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); int BIO_sock_error(int sock); int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd, int mode); int BIO_sock_init(void); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define BIO_sock_cleanup() while(0) continue -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define BIO_sock_cleanup() \ + while (0) \ + continue +#endif int BIO_set_tcp_ndelay(int sock, int turn_on); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 struct hostent *BIO_gethostbyname(const char *name); OSSL_DEPRECATEDIN_1_1_0 int BIO_get_port(const char *str, unsigned short *port_ptr); OSSL_DEPRECATEDIN_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip); OSSL_DEPRECATEDIN_1_1_0 int BIO_get_accept_socket(char *host_port, int mode); OSSL_DEPRECATEDIN_1_1_0 int BIO_accept(int sock, char **ip_port); -# endif +#endif union BIO_sock_info_u { BIO_ADDR *addr; @@ -781,13 +788,13 @@ BIO_SOCK_INFO_ADDRESS }; int BIO_sock_info(int sock, - enum BIO_sock_info_type type, union BIO_sock_info_u *info); + enum BIO_sock_info_type type, union BIO_sock_info_u *info); -# define BIO_SOCK_REUSEADDR 0x01 -# define BIO_SOCK_V6_ONLY 0x02 -# define BIO_SOCK_KEEPALIVE 0x04 -# define BIO_SOCK_NONBLOCK 0x08 -# define BIO_SOCK_NODELAY 0x10 +#define BIO_SOCK_REUSEADDR 0x01 +#define BIO_SOCK_V6_ONLY 0x02 +#define BIO_SOCK_KEEPALIVE 0x04 +#define BIO_SOCK_NONBLOCK 0x08 +#define BIO_SOCK_NODELAY 0x10 int BIO_socket(int domain, int socktype, int protocol, int options); int BIO_connect(int sock, const BIO_ADDR *addr, int options); @@ -799,12 +806,12 @@ BIO *BIO_new_socket(int sock, int close_flag); BIO *BIO_new_connect(const char *host_port); BIO *BIO_new_accept(const char *host_port); -# endif /* OPENSSL_NO_SOCK*/ +#endif /* OPENSSL_NO_SOCK*/ BIO *BIO_new_fd(int fd, int close_flag); int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, - BIO **bio2, size_t writebuf2); + BIO **bio2, size_t writebuf2); /* * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default @@ -817,71 +824,69 @@ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); */ -# define ossl_bio__attr__(x) -# if defined(__GNUC__) && defined(__STDC_VERSION__) \ +#define ossl_bio__attr__(x) +#if defined(__GNUC__) && defined(__STDC_VERSION__) \ && !defined(__MINGW32__) && !defined(__MINGW64__) \ && !defined(__APPLE__) - /* - * Because we support the 'z' modifier, which made its appearance in C99, - * we can't use __attribute__ with pre C99 dialects. - */ -# if __STDC_VERSION__ >= 199901L -# undef ossl_bio__attr__ -# define ossl_bio__attr__ __attribute__ -# if __GNUC__*10 + __GNUC_MINOR__ >= 44 -# define ossl_bio__printf__ __gnu_printf__ -# else -# define ossl_bio__printf__ __printf__ -# endif -# endif -# endif +/* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +#if __STDC_VERSION__ >= 199901L +#undef ossl_bio__attr__ +#define ossl_bio__attr__ __attribute__ +#if __GNUC__ * 10 + __GNUC_MINOR__ >= 44 +#define ossl_bio__printf__ __gnu_printf__ +#else +#define ossl_bio__printf__ __printf__ +#endif +#endif +#endif int BIO_printf(BIO *bio, const char *format, ...) -ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); + ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); int BIO_vprintf(BIO *bio, const char *format, va_list args) -ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); + ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); int BIO_snprintf(char *buf, size_t n, const char *format, ...) -ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); + ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) -ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); -# undef ossl_bio__attr__ -# undef ossl_bio__printf__ - + ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +#undef ossl_bio__attr__ +#undef ossl_bio__printf__ BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); -int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); -int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, - size_t *); +int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, + size_t *); int BIO_meth_set_write(BIO_METHOD *biom, - int (*write) (BIO *, const char *, int)); + int (*write)(BIO *, const char *, int)); int BIO_meth_set_write_ex(BIO_METHOD *biom, - int (*bwrite) (BIO *, const char *, size_t, size_t *)); -int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); -int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); + int (*bwrite)(BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); int BIO_meth_set_read(BIO_METHOD *biom, - int (*read) (BIO *, char *, int)); + int (*read)(BIO *, char *, int)); int BIO_meth_set_read_ex(BIO_METHOD *biom, - int (*bread) (BIO *, char *, size_t, size_t *)); -int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); + int (*bread)(BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, - int (*puts) (BIO *, const char *)); -int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); + int (*puts)(BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, - int (*gets) (BIO *, char *, int)); -long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); + int (*ossl_gets)(BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, - long (*ctrl) (BIO *, int, long, void *)); -int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); -int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); -int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); -int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); -long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) - (BIO *, int, BIO_info_cb *); + long (*ctrl)(BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, - long (*callback_ctrl) (BIO *, int, - BIO_info_cb *)); + long (*callback_ctrl)(BIO *, int, + BIO_info_cb *)); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/bio.h.in.orig +++ crypto/openssl/include/openssl/bio.h.in @@ -8,151 +8,153 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_BIO_H -# define OPENSSL_BIO_H -# pragma once +#define OPENSSL_BIO_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_BIO_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_BIO_H +#endif -# include +#include -# ifndef OPENSSL_NO_STDIO -# include -# endif -# include +#ifndef OPENSSL_NO_STDIO +#include +#endif +#include -# include -# include -# include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif /* There are the classes of BIOs */ -# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ -# define BIO_TYPE_FILTER 0x0200 -# define BIO_TYPE_SOURCE_SINK 0x0400 +#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +#define BIO_TYPE_FILTER 0x0200 +#define BIO_TYPE_SOURCE_SINK 0x0400 /* These are the 'types' of BIOs */ -# define BIO_TYPE_NONE 0 -# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) -# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) - -# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) -# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) -# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) -# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) -# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) -# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) -# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) - -# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ -# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) -# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ -# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) -# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) -# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) -# ifndef OPENSSL_NO_SCTP -# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) -# endif -# define BIO_TYPE_CORE_TO_PROV (25|BIO_TYPE_SOURCE_SINK) - -#define BIO_TYPE_START 128 +#define BIO_TYPE_NONE 0 +#define BIO_TYPE_MEM (1 | BIO_TYPE_SOURCE_SINK) +#define BIO_TYPE_FILE (2 | BIO_TYPE_SOURCE_SINK) + +#define BIO_TYPE_FD (4 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#define BIO_TYPE_SOCKET (5 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#define BIO_TYPE_NULL (6 | BIO_TYPE_SOURCE_SINK) +#define BIO_TYPE_SSL (7 | BIO_TYPE_FILTER) +#define BIO_TYPE_MD (8 | BIO_TYPE_FILTER) +#define BIO_TYPE_BUFFER (9 | BIO_TYPE_FILTER) +#define BIO_TYPE_CIPHER (10 | BIO_TYPE_FILTER) +#define BIO_TYPE_BASE64 (11 | BIO_TYPE_FILTER) +#define BIO_TYPE_CONNECT (12 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#define BIO_TYPE_ACCEPT (13 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) + +#define BIO_TYPE_NBIO_TEST (16 | BIO_TYPE_FILTER) /* server proxy BIO */ +#define BIO_TYPE_NULL_FILTER (17 | BIO_TYPE_FILTER) +#define BIO_TYPE_BIO (19 | BIO_TYPE_SOURCE_SINK) /* half a BIO pair */ +#define BIO_TYPE_LINEBUFFER (20 | BIO_TYPE_FILTER) +#define BIO_TYPE_DGRAM (21 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#define BIO_TYPE_ASN1 (22 | BIO_TYPE_FILTER) +#define BIO_TYPE_COMP (23 | BIO_TYPE_FILTER) +#ifndef OPENSSL_NO_SCTP +#define BIO_TYPE_DGRAM_SCTP (24 | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR) +#endif +#define BIO_TYPE_CORE_TO_PROV (25 | BIO_TYPE_SOURCE_SINK) + +#define BIO_TYPE_START 128 /* * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. * BIO_set_fp(in,stdin,BIO_NOCLOSE); */ -# define BIO_NOCLOSE 0x00 -# define BIO_CLOSE 0x01 +#define BIO_NOCLOSE 0x00 +#define BIO_CLOSE 0x01 /* * These are used in the following macros and are passed to BIO_ctrl() */ -# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ -# define BIO_CTRL_EOF 2/* opt - are we at the eof */ -# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ -# define BIO_CTRL_SET 4/* man - set the 'IO' type */ -# define BIO_CTRL_GET 5/* man - get the 'IO' type */ -# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ -# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ -# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ -# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ -# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ -# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ -# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ -# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ -# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ -# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ - -# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ -# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ +#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */ +#define BIO_CTRL_EOF 2 /* opt - are we at the eof */ +#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ +#define BIO_CTRL_SET 4 /* man - set the 'IO' type */ +#define BIO_CTRL_GET 5 /* man - get the 'IO' type */ +#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ +#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ +#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ +#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ +#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ +#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */ +#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */ +#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */ +#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */ +#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */ + +#define BIO_CTRL_PEEK 29 /* BIO_f_buffer special */ +#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ /* dgram BIO stuff */ -# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ -# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected +#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally connected \ * socket to be passed in */ -# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ -# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ -# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ -# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ +#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ +#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ -# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ -# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation timed out */ +#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation timed out */ /* #ifdef IP_MTU_DISCOVER */ -# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ /* #endif */ -# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ -# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 -# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ -# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. - * want to use this if asking - * the kernel fails */ +#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ +#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ +#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for MTU. \ + * want to use this if asking \ + * the kernel fails */ -# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was - * exceed in the previous write - * operation */ +#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU was \ + * exceed in the previous write \ + * operation */ -# define BIO_CTRL_DGRAM_GET_PEER 46 -# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ +#define BIO_CTRL_DGRAM_GET_PEER 46 +#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ -# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout - * to adjust socket timeouts */ -# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 +#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout \ + * to adjust socket timeouts */ +#define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 -# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 +#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 /* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ -# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 -# ifndef OPENSSL_NO_SCTP +#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +#ifndef OPENSSL_NO_SCTP /* SCTP stuff */ -# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 -# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 -# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 -# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 -# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 -# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 -# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 -# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 -# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 -# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 -# endif - -# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 +#define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +#define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +#define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +#define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +#define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +#define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +#define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +#define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +#define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +#define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +#endif + +#define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 /* * internal BIO: @@ -161,53 +163,53 @@ * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 */ -# define BIO_CTRL_GET_KTLS_SEND 73 -# define BIO_CTRL_GET_KTLS_RECV 76 +#define BIO_CTRL_GET_KTLS_SEND 73 +#define BIO_CTRL_GET_KTLS_RECV 76 -# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 -# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 +#define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 +#define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 /* BIO_f_prefix controls */ -# define BIO_CTRL_SET_PREFIX 79 -# define BIO_CTRL_SET_INDENT 80 -# define BIO_CTRL_GET_INDENT 81 - -# ifndef OPENSSL_NO_KTLS -# define BIO_get_ktls_send(b) \ - (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) -# define BIO_get_ktls_recv(b) \ - (BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) > 0) -# else -# define BIO_get_ktls_send(b) (0) -# define BIO_get_ktls_recv(b) (0) -# endif +#define BIO_CTRL_SET_PREFIX 79 +#define BIO_CTRL_SET_INDENT 80 +#define BIO_CTRL_GET_INDENT 81 + +#ifndef OPENSSL_NO_KTLS +#define BIO_get_ktls_send(b) \ + (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) +#define BIO_get_ktls_recv(b) \ + (BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) > 0) +#else +#define BIO_get_ktls_send(b) (0) +#define BIO_get_ktls_recv(b) (0) +#endif /* modifiers */ -# define BIO_FP_READ 0x02 -# define BIO_FP_WRITE 0x04 -# define BIO_FP_APPEND 0x08 -# define BIO_FP_TEXT 0x10 - -# define BIO_FLAGS_READ 0x01 -# define BIO_FLAGS_WRITE 0x02 -# define BIO_FLAGS_IO_SPECIAL 0x04 -# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) -# define BIO_FLAGS_SHOULD_RETRY 0x08 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#define BIO_FP_READ 0x02 +#define BIO_FP_WRITE 0x04 +#define BIO_FP_APPEND 0x08 +#define BIO_FP_TEXT 0x10 + +#define BIO_FLAGS_READ 0x01 +#define BIO_FLAGS_WRITE 0x02 +#define BIO_FLAGS_IO_SPECIAL 0x04 +#define BIO_FLAGS_RWS (BIO_FLAGS_READ | BIO_FLAGS_WRITE | BIO_FLAGS_IO_SPECIAL) +#define BIO_FLAGS_SHOULD_RETRY 0x08 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* This #define was replaced by an internal constant and should not be used. */ -# define BIO_FLAGS_UPLINK 0 -# endif +#define BIO_FLAGS_UPLINK 0 +#endif -# define BIO_FLAGS_BASE64_NO_NL 0x100 +#define BIO_FLAGS_BASE64_NO_NL 0x100 /* * This is used with memory BIOs: * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. */ -# define BIO_FLAGS_MEM_RDONLY 0x200 -# define BIO_FLAGS_NONCLEAR_RST 0x400 -# define BIO_FLAGS_IN_EOF 0x800 +#define BIO_FLAGS_MEM_RDONLY 0x200 +#define BIO_FLAGS_NONCLEAR_RST 0x400 +#define BIO_FLAGS_IN_EOF 0x800 /* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */ @@ -219,26 +221,26 @@ int BIO_test_flags(const BIO *b, int flags); void BIO_clear_flags(BIO *b, int flags); -# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) -# define BIO_set_retry_special(b) \ - BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) -# define BIO_set_retry_read(b) \ - BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) -# define BIO_set_retry_write(b) \ - BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +#define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY)) +#define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY)) +#define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY)) /* These are normally used internally in BIOs */ -# define BIO_clear_retry_flags(b) \ - BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) -# define BIO_get_retry_flags(b) \ - BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS | BIO_FLAGS_SHOULD_RETRY)) +#define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS | BIO_FLAGS_SHOULD_RETRY)) /* These should be used by the application to tell why we should retry */ -# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) -# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) -# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) -# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) -# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) +#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) /* * The next three are used in conjunction with the BIO_should_io_special() @@ -250,46 +252,46 @@ /* * Returned from the SSL bio when the certificate retrieval code had an error */ -# define BIO_RR_SSL_X509_LOOKUP 0x01 +#define BIO_RR_SSL_X509_LOOKUP 0x01 /* Returned from the connect BIO when a connect would have blocked */ -# define BIO_RR_CONNECT 0x02 +#define BIO_RR_CONNECT 0x02 /* Returned from the accept BIO when an accept would have blocked */ -# define BIO_RR_ACCEPT 0x03 +#define BIO_RR_ACCEPT 0x03 /* These are passed by the BIO callback */ -# define BIO_CB_FREE 0x01 -# define BIO_CB_READ 0x02 -# define BIO_CB_WRITE 0x03 -# define BIO_CB_PUTS 0x04 -# define BIO_CB_GETS 0x05 -# define BIO_CB_CTRL 0x06 +#define BIO_CB_FREE 0x01 +#define BIO_CB_READ 0x02 +#define BIO_CB_WRITE 0x03 +#define BIO_CB_PUTS 0x04 +#define BIO_CB_GETS 0x05 +#define BIO_CB_CTRL 0x06 /* * The callback is called before and after the underling operation, The * BIO_CB_RETURN flag indicates if it is after the call */ -# define BIO_CB_RETURN 0x80 -# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) -# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) -# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) +#define BIO_CB_RETURN 0x80 +#define BIO_CB_return(a) ((a) | BIO_CB_RETURN) +#define BIO_cb_pre(a) (!((a) & BIO_CB_RETURN)) +#define BIO_cb_post(a) ((a) & BIO_CB_RETURN) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, - long argl, long ret); + long argl, long ret); OSSL_DEPRECATEDIN_3_0 BIO_callback_fn BIO_get_callback(const BIO *b); OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback); OSSL_DEPRECATEDIN_3_0 long BIO_debug_callback(BIO *bio, int cmd, - const char *argp, int argi, - long argl, long ret); -# endif + const char *argp, int argi, + long argl, long ret); +#endif typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, - size_t len, int argi, - long argl, int ret, size_t *processed); + size_t len, int argi, + long argl, int ret, size_t *processed); BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); long BIO_debug_callback_ex(BIO *bio, int oper, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed); + int argi, long argl, int ret, size_t *processed); char *BIO_get_callback_arg(const BIO *b); void BIO_set_callback_arg(BIO *b, char *arg); @@ -300,21 +302,22 @@ int BIO_method_type(const BIO *b); typedef int BIO_info_cb(BIO *, int, int); -typedef BIO_info_cb bio_info_cb; /* backward compatibility */ +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ +/* clang-format off */ {- generate_stack_macros("BIO"); -} - +/* clang-format on */ /* Prefix and suffix callback in ASN1 BIO */ -typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, - void *parg); +typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, + void *parg); -typedef void (*BIO_dgram_sctp_notification_handler_fn) (BIO *b, - void *context, - void *buf); -# ifndef OPENSSL_NO_SCTP +typedef void (*BIO_dgram_sctp_notification_handler_fn)(BIO *b, + void *context, + void *buf); +#ifndef OPENSSL_NO_SCTP /* SCTP parameter structs */ struct bio_dgram_sctp_sndinfo { uint16_t snd_sid; @@ -337,161 +340,161 @@ uint16_t pr_policy; uint32_t pr_value; }; -# endif +#endif /* * #define BIO_CONN_get_param_hostname BIO_ctrl */ -# define BIO_C_SET_CONNECT 100 -# define BIO_C_DO_STATE_MACHINE 101 -# define BIO_C_SET_NBIO 102 +#define BIO_C_SET_CONNECT 100 +#define BIO_C_DO_STATE_MACHINE 101 +#define BIO_C_SET_NBIO 102 /* # define BIO_C_SET_PROXY_PARAM 103 */ -# define BIO_C_SET_FD 104 -# define BIO_C_GET_FD 105 -# define BIO_C_SET_FILE_PTR 106 -# define BIO_C_GET_FILE_PTR 107 -# define BIO_C_SET_FILENAME 108 -# define BIO_C_SET_SSL 109 -# define BIO_C_GET_SSL 110 -# define BIO_C_SET_MD 111 -# define BIO_C_GET_MD 112 -# define BIO_C_GET_CIPHER_STATUS 113 -# define BIO_C_SET_BUF_MEM 114 -# define BIO_C_GET_BUF_MEM_PTR 115 -# define BIO_C_GET_BUFF_NUM_LINES 116 -# define BIO_C_SET_BUFF_SIZE 117 -# define BIO_C_SET_ACCEPT 118 -# define BIO_C_SSL_MODE 119 -# define BIO_C_GET_MD_CTX 120 +#define BIO_C_SET_FD 104 +#define BIO_C_GET_FD 105 +#define BIO_C_SET_FILE_PTR 106 +#define BIO_C_GET_FILE_PTR 107 +#define BIO_C_SET_FILENAME 108 +#define BIO_C_SET_SSL 109 +#define BIO_C_GET_SSL 110 +#define BIO_C_SET_MD 111 +#define BIO_C_GET_MD 112 +#define BIO_C_GET_CIPHER_STATUS 113 +#define BIO_C_SET_BUF_MEM 114 +#define BIO_C_GET_BUF_MEM_PTR 115 +#define BIO_C_GET_BUFF_NUM_LINES 116 +#define BIO_C_SET_BUFF_SIZE 117 +#define BIO_C_SET_ACCEPT 118 +#define BIO_C_SSL_MODE 119 +#define BIO_C_GET_MD_CTX 120 /* # define BIO_C_GET_PROXY_PARAM 121 */ -# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ -# define BIO_C_GET_CONNECT 123 -# define BIO_C_GET_ACCEPT 124 -# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 -# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 -# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 -# define BIO_C_FILE_SEEK 128 -# define BIO_C_GET_CIPHER_CTX 129 -# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input - * value */ -# define BIO_C_SET_BIND_MODE 131 -# define BIO_C_GET_BIND_MODE 132 -# define BIO_C_FILE_TELL 133 -# define BIO_C_GET_SOCKS 134 -# define BIO_C_SET_SOCKS 135 - -# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ -# define BIO_C_GET_WRITE_BUF_SIZE 137 -# define BIO_C_MAKE_BIO_PAIR 138 -# define BIO_C_DESTROY_BIO_PAIR 139 -# define BIO_C_GET_WRITE_GUARANTEE 140 -# define BIO_C_GET_READ_REQUEST 141 -# define BIO_C_SHUTDOWN_WR 142 -# define BIO_C_NREAD0 143 -# define BIO_C_NREAD 144 -# define BIO_C_NWRITE0 145 -# define BIO_C_NWRITE 146 -# define BIO_C_RESET_READ_REQUEST 147 -# define BIO_C_SET_MD_CTX 148 - -# define BIO_C_SET_PREFIX 149 -# define BIO_C_GET_PREFIX 150 -# define BIO_C_SET_SUFFIX 151 -# define BIO_C_GET_SUFFIX 152 - -# define BIO_C_SET_EX_ARG 153 -# define BIO_C_GET_EX_ARG 154 - -# define BIO_C_SET_CONNECT_MODE 155 - -# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) -# define BIO_get_app_data(s) BIO_get_ex_data(s,0) - -# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) - -# ifndef OPENSSL_NO_SOCK +#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */ +#define BIO_C_GET_CONNECT 123 +#define BIO_C_GET_ACCEPT 124 +#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +#define BIO_C_FILE_SEEK 128 +#define BIO_C_GET_CIPHER_CTX 129 +#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 /* return end of input \ + * value */ +#define BIO_C_SET_BIND_MODE 131 +#define BIO_C_GET_BIND_MODE 132 +#define BIO_C_FILE_TELL 133 +#define BIO_C_GET_SOCKS 134 +#define BIO_C_SET_SOCKS 135 + +#define BIO_C_SET_WRITE_BUF_SIZE 136 /* for BIO_s_bio */ +#define BIO_C_GET_WRITE_BUF_SIZE 137 +#define BIO_C_MAKE_BIO_PAIR 138 +#define BIO_C_DESTROY_BIO_PAIR 139 +#define BIO_C_GET_WRITE_GUARANTEE 140 +#define BIO_C_GET_READ_REQUEST 141 +#define BIO_C_SHUTDOWN_WR 142 +#define BIO_C_NREAD0 143 +#define BIO_C_NREAD 144 +#define BIO_C_NWRITE0 145 +#define BIO_C_NWRITE 146 +#define BIO_C_RESET_READ_REQUEST 147 +#define BIO_C_SET_MD_CTX 148 + +#define BIO_C_SET_PREFIX 149 +#define BIO_C_GET_PREFIX 150 +#define BIO_C_SET_SUFFIX 151 +#define BIO_C_GET_SUFFIX 152 + +#define BIO_C_SET_EX_ARG 153 +#define BIO_C_GET_EX_ARG 154 + +#define BIO_C_SET_CONNECT_MODE 155 + +#define BIO_set_app_data(s, arg) BIO_set_ex_data(s, 0, arg) +#define BIO_get_app_data(s) BIO_get_ex_data(s, 0) + +#define BIO_set_nbio(b, n) BIO_ctrl(b, BIO_C_SET_NBIO, (n), NULL) + +#ifndef OPENSSL_NO_SOCK /* IP families we support, for BIO_s_connect() and BIO_s_accept() */ /* Note: the underlying operating system may not support some of them */ -# define BIO_FAMILY_IPV4 4 -# define BIO_FAMILY_IPV6 6 -# define BIO_FAMILY_IPANY 256 +#define BIO_FAMILY_IPV4 4 +#define BIO_FAMILY_IPV6 6 +#define BIO_FAMILY_IPANY 256 /* BIO_s_connect() */ -# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ - (char *)(name)) -# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ - (char *)(port)) -# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ - (char *)(addr)) -# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) -# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) -# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) -# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) -# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) -# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) +#define BIO_set_conn_hostname(b, name) BIO_ctrl(b, BIO_C_SET_CONNECT, 0, \ + (char *)(name)) +#define BIO_set_conn_port(b, port) BIO_ctrl(b, BIO_C_SET_CONNECT, 1, \ + (char *)(port)) +#define BIO_set_conn_address(b, addr) BIO_ctrl(b, BIO_C_SET_CONNECT, 2, \ + (char *)(addr)) +#define BIO_set_conn_ip_family(b, f) BIO_int_ctrl(b, BIO_C_SET_CONNECT, 3, f) +#define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_CONNECT, 0)) +#define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_CONNECT, 1)) +#define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b, BIO_C_GET_CONNECT, 2)) +#define BIO_get_conn_ip_family(b) BIO_ctrl(b, BIO_C_GET_CONNECT, 3, NULL) +#define BIO_set_conn_mode(b, n) BIO_ctrl(b, BIO_C_SET_CONNECT_MODE, (n), NULL) /* BIO_s_accept() */ -# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ - (char *)(name)) -# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ - (char *)(port)) -# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) -# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) -# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) -# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +#define BIO_set_accept_name(b, name) BIO_ctrl(b, BIO_C_SET_ACCEPT, 0, \ + (char *)(name)) +#define BIO_set_accept_port(b, port) BIO_ctrl(b, BIO_C_SET_ACCEPT, 1, \ + (char *)(port)) +#define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_ACCEPT, 0)) +#define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_ACCEPT, 1)) +#define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_ACCEPT, 2)) +#define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b, BIO_C_GET_ACCEPT, 3)) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ -# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) -# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ - (char *)(bio)) -# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) -# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +#define BIO_set_nbio_accept(b, n) BIO_ctrl(b, BIO_C_SET_ACCEPT, 2, (n) ? (void *)"a" : NULL) +#define BIO_set_accept_bios(b, bio) BIO_ctrl(b, BIO_C_SET_ACCEPT, 3, \ + (char *)(bio)) +#define BIO_set_accept_ip_family(b, f) BIO_int_ctrl(b, BIO_C_SET_ACCEPT, 4, f) +#define BIO_get_accept_ip_family(b) BIO_ctrl(b, BIO_C_GET_ACCEPT, 4, NULL) /* Aliases kept for backward compatibility */ -# define BIO_BIND_NORMAL 0 -# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR -# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR -# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) -# endif /* OPENSSL_NO_SOCK */ +#define BIO_BIND_NORMAL 0 +#define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +#define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +#define BIO_set_bind_mode(b, mode) BIO_ctrl(b, BIO_C_SET_BIND_MODE, mode, NULL) +#define BIO_get_bind_mode(b) BIO_ctrl(b, BIO_C_GET_BIND_MODE, 0, NULL) +#endif /* OPENSSL_NO_SOCK */ -# define BIO_do_connect(b) BIO_do_handshake(b) -# define BIO_do_accept(b) BIO_do_handshake(b) +#define BIO_do_connect(b) BIO_do_handshake(b) +#define BIO_do_accept(b) BIO_do_handshake(b) -# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) +#define BIO_do_handshake(b) BIO_ctrl(b, BIO_C_DO_STATE_MACHINE, 0, NULL) /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ -# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) -# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) +#define BIO_set_fd(b, fd, c) BIO_int_ctrl(b, BIO_C_SET_FD, c, fd) +#define BIO_get_fd(b, c) BIO_ctrl(b, BIO_C_GET_FD, 0, (char *)(c)) /* BIO_s_file() */ -# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) -# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) +#define BIO_set_fp(b, fp, c) BIO_ctrl(b, BIO_C_SET_FILE_PTR, c, (char *)(fp)) +#define BIO_get_fp(b, fpp) BIO_ctrl(b, BIO_C_GET_FILE_PTR, 0, (char *)(fpp)) /* BIO_s_fd() and BIO_s_file() */ -# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) -# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) +#define BIO_seek(b, ofs) (int)BIO_ctrl(b, BIO_C_FILE_SEEK, ofs, NULL) +#define BIO_tell(b) (int)BIO_ctrl(b, BIO_C_FILE_TELL, 0, NULL) /* * name is cast to lose const, but might be better to route through a * function so we can do it safely */ -# ifdef CONST_STRICT +#ifdef CONST_STRICT /* * If you are wondering why this isn't defined, its because CONST_STRICT is * purely a compile-time kludge to allow const to be checked. */ int BIO_read_filename(BIO *b, const char *name); -# else -# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ,(char *)(name)) -# endif -# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_WRITE,name) -# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_APPEND,name) -# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) +#else +#define BIO_read_filename(b, name) (int)BIO_ctrl(b, BIO_C_SET_FILENAME, \ + BIO_CLOSE | BIO_FP_READ, (char *)(name)) +#endif +#define BIO_write_filename(b, name) (int)BIO_ctrl(b, BIO_C_SET_FILENAME, \ + BIO_CLOSE | BIO_FP_WRITE, name) +#define BIO_append_filename(b, name) (int)BIO_ctrl(b, BIO_C_SET_FILENAME, \ + BIO_CLOSE | BIO_FP_APPEND, name) +#define BIO_rw_filename(b, name) (int)BIO_ctrl(b, BIO_C_SET_FILENAME, \ + BIO_CLOSE | BIO_FP_READ | BIO_FP_WRITE, name) /* * WARNING WARNING, this ups the reference count on the read bio of the SSL @@ -499,87 +502,87 @@ * next_bio field in the bio. So when you free the BIO, make sure you are * doing a BIO_free_all() to catch the underlying BIO. */ -# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) -# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) -# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) -# define BIO_set_ssl_renegotiate_bytes(b,num) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) -# define BIO_get_num_renegotiates(b) \ - BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) -# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) +#define BIO_set_ssl(b, ssl, c) BIO_ctrl(b, BIO_C_SET_SSL, c, (char *)(ssl)) +#define BIO_get_ssl(b, sslp) BIO_ctrl(b, BIO_C_GET_SSL, 0, (char *)(sslp)) +#define BIO_set_ssl_mode(b, client) BIO_ctrl(b, BIO_C_SSL_MODE, client, NULL) +#define BIO_set_ssl_renegotiate_bytes(b, num) \ + BIO_ctrl(b, BIO_C_SET_SSL_RENEGOTIATE_BYTES, num, NULL) +#define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b, BIO_C_GET_SSL_NUM_RENEGOTIATES, 0, NULL) +#define BIO_set_ssl_renegotiate_timeout(b, seconds) \ + BIO_ctrl(b, BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT, seconds, NULL) /* defined in evp.h */ /* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ -# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) -# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) -# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ - (char *)(pp)) -# define BIO_set_mem_eof_return(b,v) \ - BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) +#define BIO_get_mem_data(b, pp) BIO_ctrl(b, BIO_CTRL_INFO, 0, (char *)(pp)) +#define BIO_set_mem_buf(b, bm, c) BIO_ctrl(b, BIO_C_SET_BUF_MEM, c, (char *)(bm)) +#define BIO_get_mem_ptr(b, pp) BIO_ctrl(b, BIO_C_GET_BUF_MEM_PTR, 0, \ + (char *)(pp)) +#define BIO_set_mem_eof_return(b, v) \ + BIO_ctrl(b, BIO_C_SET_BUF_MEM_EOF_RETURN, v, NULL) /* For the BIO_f_buffer() type */ -# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) -# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) -# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) -# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) -# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) +#define BIO_get_buffer_num_lines(b) BIO_ctrl(b, BIO_C_GET_BUFF_NUM_LINES, 0, NULL) +#define BIO_set_buffer_size(b, size) BIO_ctrl(b, BIO_C_SET_BUFF_SIZE, size, NULL) +#define BIO_set_read_buffer_size(b, size) BIO_int_ctrl(b, BIO_C_SET_BUFF_SIZE, size, 0) +#define BIO_set_write_buffer_size(b, size) BIO_int_ctrl(b, BIO_C_SET_BUFF_SIZE, size, 1) +#define BIO_set_buffer_read_data(b, buf, num) BIO_ctrl(b, BIO_C_SET_BUFF_READ_DATA, num, buf) /* Don't use the next one unless you know what you are doing :-) */ -# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) - -# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) -# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) -# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) -# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) -# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) -# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +#define BIO_dup_state(b, ret) BIO_ctrl(b, BIO_CTRL_DUP, 0, (char *)(ret)) + +#define BIO_reset(b) (int)BIO_ctrl(b, BIO_CTRL_RESET, 0, NULL) +#define BIO_eof(b) (int)BIO_ctrl(b, BIO_CTRL_EOF, 0, NULL) +#define BIO_set_close(b, c) (int)BIO_ctrl(b, BIO_CTRL_SET_CLOSE, (c), NULL) +#define BIO_get_close(b) (int)BIO_ctrl(b, BIO_CTRL_GET_CLOSE, 0, NULL) +#define BIO_pending(b) (int)BIO_ctrl(b, BIO_CTRL_PENDING, 0, NULL) +#define BIO_wpending(b) (int)BIO_ctrl(b, BIO_CTRL_WPENDING, 0, NULL) /* ...pending macros have inappropriate return type */ size_t BIO_ctrl_pending(BIO *b); size_t BIO_ctrl_wpending(BIO *b); -# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) -# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ - cbp) -# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) +#define BIO_flush(b) (int)BIO_ctrl(b, BIO_CTRL_FLUSH, 0, NULL) +#define BIO_get_info_callback(b, cbp) (int)BIO_ctrl(b, BIO_CTRL_GET_CALLBACK, 0, \ + cbp) +#define BIO_set_info_callback(b, cb) (int)BIO_callback_ctrl(b, BIO_CTRL_SET_CALLBACK, cb) /* For the BIO_f_buffer() type */ -# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) -# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) +#define BIO_buffer_get_num_lines(b) BIO_ctrl(b, BIO_CTRL_GET, 0, NULL) +#define BIO_buffer_peek(b, s, l) BIO_ctrl(b, BIO_CTRL_PEEK, (l), (s)) /* For BIO_s_bio() */ -# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) -# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) -# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) -# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) -# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +#define BIO_set_write_buf_size(b, size) (int)BIO_ctrl(b, BIO_C_SET_WRITE_BUF_SIZE, size, NULL) +#define BIO_get_write_buf_size(b, size) (size_t)BIO_ctrl(b, BIO_C_GET_WRITE_BUF_SIZE, size, NULL) +#define BIO_make_bio_pair(b1, b2) (int)BIO_ctrl(b1, BIO_C_MAKE_BIO_PAIR, 0, b2) +#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b, BIO_C_DESTROY_BIO_PAIR, 0, NULL) +#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) /* macros with inappropriate type -- but ...pending macros use int too: */ -# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) -# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b, BIO_C_GET_WRITE_GUARANTEE, 0, NULL) +#define BIO_get_read_request(b) (int)BIO_ctrl(b, BIO_C_GET_READ_REQUEST, 0, NULL) size_t BIO_ctrl_get_write_guarantee(BIO *b); size_t BIO_ctrl_get_read_request(BIO *b); int BIO_ctrl_reset_read_request(BIO *b); /* ctrl macros for dgram */ -# define BIO_ctrl_dgram_connect(b,peer) \ - (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) -# define BIO_ctrl_set_connected(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) -# define BIO_dgram_recv_timedout(b) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) -# define BIO_dgram_send_timedout(b) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) -# define BIO_dgram_get_peer(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) -# define BIO_dgram_set_peer(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) -# define BIO_dgram_get_mtu_overhead(b) \ - (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) +#define BIO_ctrl_dgram_connect(b, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, (char *)(peer)) +#define BIO_ctrl_set_connected(b, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +#define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +#define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +#define BIO_dgram_get_peer(b, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +#define BIO_dgram_set_peer(b, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +#define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) /* ctrl macros for BIO_f_prefix */ -# define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) -# define BIO_set_indent(b,i) BIO_ctrl((b), BIO_CTRL_SET_INDENT, (i), NULL) -# define BIO_get_indent(b) BIO_ctrl((b), BIO_CTRL_GET_INDENT, 0, NULL) +#define BIO_set_prefix(b, p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) +#define BIO_set_indent(b, i) BIO_ctrl((b), BIO_CTRL_SET_INDENT, (i), NULL) +#define BIO_get_indent(b) BIO_ctrl((b), BIO_CTRL_GET_INDENT, 0, NULL) #define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) @@ -590,20 +593,20 @@ /* For BIO_f_asn1() */ int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, - asn1_ps_func *prefix_free); + asn1_ps_func *prefix_free); int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, - asn1_ps_func **pprefix_free); + asn1_ps_func **pprefix_free); int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, - asn1_ps_func *suffix_free); + asn1_ps_func *suffix_free); int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, - asn1_ps_func **psuffix_free); + asn1_ps_func **psuffix_free); const BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO BIO *BIO_new_fp(FILE *stream, int close_flag); -# endif +#endif BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method); BIO *BIO_new(const BIO_METHOD *type); int BIO_free(BIO *a); @@ -646,11 +649,11 @@ const BIO_METHOD *BIO_s_mem(void); const BIO_METHOD *BIO_s_secmem(void); BIO *BIO_new_mem_buf(const void *buf, int len); -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK const BIO_METHOD *BIO_s_socket(void); const BIO_METHOD *BIO_s_connect(void); const BIO_METHOD *BIO_s_accept(void); -# endif +#endif const BIO_METHOD *BIO_s_fd(void); const BIO_METHOD *BIO_s_log(void); const BIO_METHOD *BIO_s_bio(void); @@ -662,49 +665,49 @@ const BIO_METHOD *BIO_f_nbio_test(void); const BIO_METHOD *BIO_f_prefix(void); const BIO_METHOD *BIO_s_core(void); -# ifndef OPENSSL_NO_DGRAM +#ifndef OPENSSL_NO_DGRAM const BIO_METHOD *BIO_s_datagram(void); int BIO_dgram_non_fatal_error(int error); BIO *BIO_new_dgram(int fd, int close_flag); -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP const BIO_METHOD *BIO_s_datagram_sctp(void); BIO *BIO_new_dgram_sctp(int fd, int close_flag); int BIO_dgram_is_sctp(BIO *bio); int BIO_dgram_sctp_notification_cb(BIO *b, - BIO_dgram_sctp_notification_handler_fn handle_notifications, - void *context); + BIO_dgram_sctp_notification_handler_fn handle_notifications, + void *context); int BIO_dgram_sctp_wait_for_dry(BIO *b); int BIO_dgram_sctp_msg_waiting(BIO *b); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK int BIO_sock_should_retry(int i); int BIO_sock_non_fatal_error(int error); int BIO_socket_wait(int fd, int for_read, time_t max_time); -# endif +#endif int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds); int BIO_fd_should_retry(int i); int BIO_fd_non_fatal_error(int error); -int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const void *s, int len); -int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const void *s, int len, int indent); +int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const void *s, int len); +int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const void *s, int len, int indent); int BIO_dump(BIO *b, const void *bytes, int len); int BIO_dump_indent(BIO *b, const void *bytes, int len, int indent); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int BIO_dump_fp(FILE *fp, const void *s, int len); int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent); -# endif +#endif int BIO_hex_string(BIO *out, int indent, int width, const void *data, - int datalen); + int datalen); -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK BIO_ADDR *BIO_ADDR_new(void); int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, - const void *where, size_t wherelen, unsigned short port); + const void *where, size_t wherelen, unsigned short port); void BIO_ADDR_free(BIO_ADDR *); void BIO_ADDR_clear(BIO_ADDR *ap); int BIO_ADDR_family(const BIO_ADDR *ap); @@ -722,34 +725,38 @@ void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); enum BIO_hostserv_priorities { - BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV + BIO_PARSE_PRIO_HOST, + BIO_PARSE_PRIO_SERV }; int BIO_parse_hostserv(const char *hostserv, char **host, char **service, - enum BIO_hostserv_priorities hostserv_prio); + enum BIO_hostserv_priorities hostserv_prio); enum BIO_lookup_type { - BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER + BIO_LOOKUP_CLIENT, + BIO_LOOKUP_SERVER }; int BIO_lookup(const char *host, const char *service, - enum BIO_lookup_type lookup_type, - int family, int socktype, BIO_ADDRINFO **res); + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); int BIO_lookup_ex(const char *host, const char *service, - int lookup_type, int family, int socktype, int protocol, - BIO_ADDRINFO **res); + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); int BIO_sock_error(int sock); int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd, int mode); int BIO_sock_init(void); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define BIO_sock_cleanup() while(0) continue -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define BIO_sock_cleanup() \ + while (0) \ + continue +#endif int BIO_set_tcp_ndelay(int sock, int turn_on); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 struct hostent *BIO_gethostbyname(const char *name); OSSL_DEPRECATEDIN_1_1_0 int BIO_get_port(const char *str, unsigned short *port_ptr); OSSL_DEPRECATEDIN_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip); OSSL_DEPRECATEDIN_1_1_0 int BIO_get_accept_socket(char *host_port, int mode); OSSL_DEPRECATEDIN_1_1_0 int BIO_accept(int sock, char **ip_port); -# endif +#endif union BIO_sock_info_u { BIO_ADDR *addr; @@ -758,13 +765,13 @@ BIO_SOCK_INFO_ADDRESS }; int BIO_sock_info(int sock, - enum BIO_sock_info_type type, union BIO_sock_info_u *info); + enum BIO_sock_info_type type, union BIO_sock_info_u *info); -# define BIO_SOCK_REUSEADDR 0x01 -# define BIO_SOCK_V6_ONLY 0x02 -# define BIO_SOCK_KEEPALIVE 0x04 -# define BIO_SOCK_NONBLOCK 0x08 -# define BIO_SOCK_NODELAY 0x10 +#define BIO_SOCK_REUSEADDR 0x01 +#define BIO_SOCK_V6_ONLY 0x02 +#define BIO_SOCK_KEEPALIVE 0x04 +#define BIO_SOCK_NONBLOCK 0x08 +#define BIO_SOCK_NODELAY 0x10 int BIO_socket(int domain, int socktype, int protocol, int options); int BIO_connect(int sock, const BIO_ADDR *addr, int options); @@ -776,12 +783,12 @@ BIO *BIO_new_socket(int sock, int close_flag); BIO *BIO_new_connect(const char *host_port); BIO *BIO_new_accept(const char *host_port); -# endif /* OPENSSL_NO_SOCK*/ +#endif /* OPENSSL_NO_SOCK*/ BIO *BIO_new_fd(int fd, int close_flag); int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, - BIO **bio2, size_t writebuf2); + BIO **bio2, size_t writebuf2); /* * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default @@ -794,71 +801,69 @@ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); */ -# define ossl_bio__attr__(x) -# if defined(__GNUC__) && defined(__STDC_VERSION__) \ +#define ossl_bio__attr__(x) +#if defined(__GNUC__) && defined(__STDC_VERSION__) \ && !defined(__MINGW32__) && !defined(__MINGW64__) \ && !defined(__APPLE__) - /* - * Because we support the 'z' modifier, which made its appearance in C99, - * we can't use __attribute__ with pre C99 dialects. - */ -# if __STDC_VERSION__ >= 199901L -# undef ossl_bio__attr__ -# define ossl_bio__attr__ __attribute__ -# if __GNUC__*10 + __GNUC_MINOR__ >= 44 -# define ossl_bio__printf__ __gnu_printf__ -# else -# define ossl_bio__printf__ __printf__ -# endif -# endif -# endif +/* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +#if __STDC_VERSION__ >= 199901L +#undef ossl_bio__attr__ +#define ossl_bio__attr__ __attribute__ +#if __GNUC__ * 10 + __GNUC_MINOR__ >= 44 +#define ossl_bio__printf__ __gnu_printf__ +#else +#define ossl_bio__printf__ __printf__ +#endif +#endif +#endif int BIO_printf(BIO *bio, const char *format, ...) -ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); + ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); int BIO_vprintf(BIO *bio, const char *format, va_list args) -ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); + ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); int BIO_snprintf(char *buf, size_t n, const char *format, ...) -ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); + ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) -ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); -# undef ossl_bio__attr__ -# undef ossl_bio__printf__ - + ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +#undef ossl_bio__attr__ +#undef ossl_bio__printf__ BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); -int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); -int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, - size_t *); +int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, + size_t *); int BIO_meth_set_write(BIO_METHOD *biom, - int (*write) (BIO *, const char *, int)); + int (*write)(BIO *, const char *, int)); int BIO_meth_set_write_ex(BIO_METHOD *biom, - int (*bwrite) (BIO *, const char *, size_t, size_t *)); -int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); -int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); + int (*bwrite)(BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); int BIO_meth_set_read(BIO_METHOD *biom, - int (*read) (BIO *, char *, int)); + int (*read)(BIO *, char *, int)); int BIO_meth_set_read_ex(BIO_METHOD *biom, - int (*bread) (BIO *, char *, size_t, size_t *)); -int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); + int (*bread)(BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, - int (*puts) (BIO *, const char *)); -int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); + int (*puts)(BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, - int (*ossl_gets) (BIO *, char *, int)); -long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); + int (*ossl_gets)(BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, - long (*ctrl) (BIO *, int, long, void *)); -int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); -int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); -int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); -int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); -long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) - (BIO *, int, BIO_info_cb *); + long (*ctrl)(BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, - long (*callback_ctrl) (BIO *, int, - BIO_info_cb *)); + long (*callback_ctrl)(BIO *, int, + BIO_info_cb *)); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/bioerr.h.orig +++ crypto/openssl/include/openssl/bioerr.h @@ -9,57 +9,55 @@ */ #ifndef OPENSSL_BIOERR_H -# define OPENSSL_BIOERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_BIOERR_H +#pragma once +#include +#include +#include /* * BIO reason codes. */ -# define BIO_R_ACCEPT_ERROR 100 -# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 -# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 -# define BIO_R_BAD_FOPEN_MODE 101 -# define BIO_R_BROKEN_PIPE 124 -# define BIO_R_CONNECT_ERROR 103 -# define BIO_R_CONNECT_TIMEOUT 147 -# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 -# define BIO_R_GETSOCKNAME_ERROR 132 -# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 -# define BIO_R_GETTING_SOCKTYPE 134 -# define BIO_R_INVALID_ARGUMENT 125 -# define BIO_R_INVALID_SOCKET 135 -# define BIO_R_IN_USE 123 -# define BIO_R_LENGTH_TOO_LONG 102 -# define BIO_R_LISTEN_V6_ONLY 136 -# define BIO_R_LOOKUP_RETURNED_NOTHING 142 -# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 -# define BIO_R_NBIO_CONNECT_ERROR 110 -# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 -# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 -# define BIO_R_NO_PORT_DEFINED 113 -# define BIO_R_NO_SUCH_FILE 128 -# define BIO_R_NULL_PARAMETER 115 /* unused */ -# define BIO_R_TRANSFER_ERROR 104 -# define BIO_R_TRANSFER_TIMEOUT 105 -# define BIO_R_UNABLE_TO_BIND_SOCKET 117 -# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 -# define BIO_R_UNABLE_TO_KEEPALIVE 137 -# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 -# define BIO_R_UNABLE_TO_NODELAY 138 -# define BIO_R_UNABLE_TO_REUSEADDR 139 -# define BIO_R_UNAVAILABLE_IP_FAMILY 145 -# define BIO_R_UNINITIALIZED 120 -# define BIO_R_UNKNOWN_INFO_TYPE 140 -# define BIO_R_UNSUPPORTED_IP_FAMILY 146 -# define BIO_R_UNSUPPORTED_METHOD 121 -# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 -# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 -# define BIO_R_WSASTARTUP 122 +#define BIO_R_ACCEPT_ERROR 100 +#define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +#define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +#define BIO_R_BAD_FOPEN_MODE 101 +#define BIO_R_BROKEN_PIPE 124 +#define BIO_R_CONNECT_ERROR 103 +#define BIO_R_CONNECT_TIMEOUT 147 +#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +#define BIO_R_GETSOCKNAME_ERROR 132 +#define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +#define BIO_R_GETTING_SOCKTYPE 134 +#define BIO_R_INVALID_ARGUMENT 125 +#define BIO_R_INVALID_SOCKET 135 +#define BIO_R_IN_USE 123 +#define BIO_R_LENGTH_TOO_LONG 102 +#define BIO_R_LISTEN_V6_ONLY 136 +#define BIO_R_LOOKUP_RETURNED_NOTHING 142 +#define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +#define BIO_R_NBIO_CONNECT_ERROR 110 +#define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +#define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +#define BIO_R_NO_PORT_DEFINED 113 +#define BIO_R_NO_SUCH_FILE 128 +#define BIO_R_NULL_PARAMETER 115 /* unused */ +#define BIO_R_TRANSFER_ERROR 104 +#define BIO_R_TRANSFER_TIMEOUT 105 +#define BIO_R_UNABLE_TO_BIND_SOCKET 117 +#define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +#define BIO_R_UNABLE_TO_KEEPALIVE 137 +#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +#define BIO_R_UNABLE_TO_NODELAY 138 +#define BIO_R_UNABLE_TO_REUSEADDR 139 +#define BIO_R_UNAVAILABLE_IP_FAMILY 145 +#define BIO_R_UNINITIALIZED 120 +#define BIO_R_UNKNOWN_INFO_TYPE 140 +#define BIO_R_UNSUPPORTED_IP_FAMILY 146 +#define BIO_R_UNSUPPORTED_METHOD 121 +#define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +#define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +#define BIO_R_WSASTARTUP 122 #endif --- crypto/openssl/include/openssl/blowfish.h.orig +++ crypto/openssl/include/openssl/blowfish.h @@ -8,71 +8,71 @@ */ #ifndef OPENSSL_BLOWFISH_H -# define OPENSSL_BLOWFISH_H -# pragma once +#define OPENSSL_BLOWFISH_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_BLOWFISH_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_BLOWFISH_H +#endif -# include +#include -# ifndef OPENSSL_NO_BF -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_BF +#include +#ifdef __cplusplus extern "C" { -# endif +#endif -# define BF_BLOCK 8 +#define BF_BLOCK 8 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 -# define BF_ENCRYPT 1 -# define BF_DECRYPT 0 +#define BF_ENCRYPT 1 +#define BF_DECRYPT 0 /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! BF_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define BF_LONG unsigned int +#define BF_LONG unsigned int -# define BF_ROUNDS 16 +#define BF_ROUNDS 16 typedef struct bf_key_st { BF_LONG P[BF_ROUNDS + 2]; BF_LONG S[4 * 256]; } BF_KEY; -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void BF_set_key(BF_KEY *key, int len, - const unsigned char *data); + const unsigned char *data); OSSL_DEPRECATEDIN_3_0 void BF_encrypt(BF_LONG *data, const BF_KEY *key); OSSL_DEPRECATEDIN_3_0 void BF_decrypt(BF_LONG *data, const BF_KEY *key); OSSL_DEPRECATEDIN_3_0 void BF_ecb_encrypt(const unsigned char *in, - unsigned char *out, const BF_KEY *key, - int enc); + unsigned char *out, const BF_KEY *key, + int enc); OSSL_DEPRECATEDIN_3_0 void BF_cbc_encrypt(const unsigned char *in, - unsigned char *out, long length, - const BF_KEY *schedule, - unsigned char *ivec, int enc); + unsigned char *out, long length, + const BF_KEY *schedule, + unsigned char *ivec, int enc); OSSL_DEPRECATEDIN_3_0 void BF_cfb64_encrypt(const unsigned char *in, - unsigned char *out, - long length, const BF_KEY *schedule, - unsigned char *ivec, int *num, - int enc); + unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, + int enc); OSSL_DEPRECATEDIN_3_0 void BF_ofb64_encrypt(const unsigned char *in, - unsigned char *out, - long length, const BF_KEY *schedule, - unsigned char *ivec, int *num); + unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num); OSSL_DEPRECATEDIN_3_0 const char *BF_options(void); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/bn.h.orig +++ crypto/openssl/include/openssl/bn.h @@ -9,54 +9,54 @@ */ #ifndef OPENSSL_BN_H -# define OPENSSL_BN_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_BN_H -# endif - -# include -# ifndef OPENSSL_NO_STDIO -# include -# endif -# include -# include -# include -# include - -#ifdef __cplusplus +#define OPENSSL_BN_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_BN_H +#endif + +#include +#ifndef OPENSSL_NO_STDIO +#include +#endif +#include +#include +#include +#include + +#ifdef __cplusplus extern "C" { #endif /* * 64-bit processor with LP64 ABI */ -# ifdef SIXTY_FOUR_BIT_LONG -# define BN_ULONG unsigned long -# define BN_BYTES 8 -# endif +#ifdef SIXTY_FOUR_BIT_LONG +#define BN_ULONG unsigned long +#define BN_BYTES 8 +#endif /* * 64-bit processor other than LP64 ABI */ -# ifdef SIXTY_FOUR_BIT -# define BN_ULONG unsigned long long -# define BN_BYTES 8 -# endif +#ifdef SIXTY_FOUR_BIT +#define BN_ULONG unsigned long long +#define BN_BYTES 8 +#endif -# ifdef THIRTY_TWO_BIT -# define BN_ULONG unsigned int -# define BN_BYTES 4 -# endif +#ifdef THIRTY_TWO_BIT +#define BN_ULONG unsigned int +#define BN_BYTES 4 +#endif -# define BN_BITS2 (BN_BYTES * 8) -# define BN_BITS (BN_BITS2 * 2) -# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) +#define BN_BITS2 (BN_BYTES * 8) +#define BN_BITS (BN_BITS2 * 2) +#define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) -# define BN_FLG_MALLOCED 0x01 -# define BN_FLG_STATIC_DATA 0x02 +#define BN_FLG_MALLOCED 0x01 +#define BN_FLG_STATIC_DATA 0x02 /* * avoid leaking exponent information through timing, @@ -64,26 +64,26 @@ * BN_div() will call BN_div_no_branch, * BN_mod_inverse() will call bn_mod_inverse_no_branch. */ -# define BN_FLG_CONSTTIME 0x04 -# define BN_FLG_SECURE 0x08 +#define BN_FLG_CONSTTIME 0x04 +#define BN_FLG_SECURE 0x08 -# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +#ifndef OPENSSL_NO_DEPRECATED_0_9_8 /* deprecated name for the flag */ -# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME -# define BN_FLG_FREE 0x8000 /* used for debugging */ -# endif +#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +#define BN_FLG_FREE 0x8000 /* used for debugging */ +#endif void BN_set_flags(BIGNUM *b, int n); int BN_get_flags(const BIGNUM *b, int n); /* Values for |top| in BN_rand() */ -#define BN_RAND_TOP_ANY -1 -#define BN_RAND_TOP_ONE 0 -#define BN_RAND_TOP_TWO 1 +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 /* Values for |bottom| in BN_rand() */ -#define BN_RAND_BOTTOM_ANY 0 -#define BN_RAND_BOTTOM_ODD 1 +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 /* * get a clone of a BIGNUM with changed flags, for *temporary* use only (the @@ -100,18 +100,18 @@ void BN_GENCB_free(BN_GENCB *cb); /* Populate a BN_GENCB structure with an "old"-style callback */ -void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), - void *cb_arg); +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), + void *cb_arg); /* Populate a BN_GENCB structure with a "new"-style callback */ -void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), - void *cb_arg); +void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), + void *cb_arg); void *BN_GENCB_get_arg(BN_GENCB *cb); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define BN_prime_checks 0 /* default: select number of iterations based - * on the size of the number */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define BN_prime_checks 0 /* default: select number of iterations based \ + * on the size of the number */ /* * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations @@ -176,17 +176,16 @@ * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ - (b) >= 1345 ? 4 : \ - (b) >= 476 ? 5 : \ - (b) >= 400 ? 6 : \ - (b) >= 347 ? 7 : \ - (b) >= 308 ? 8 : \ - (b) >= 55 ? 27 : \ - /* b >= 6 */ 34) -# endif +#define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : (b) >= 1345 ? 4 \ + : (b) >= 476 ? 5 \ + : (b) >= 400 ? 6 \ + : (b) >= 347 ? 7 \ + : (b) >= 308 ? 8 \ + : (b) >= 55 ? 27 \ + : /* b >= 6 */ 34) +#endif -# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) +#define BN_num_bytes(a) ((BN_num_bits(a) + 7) / 8) int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); int BN_is_zero(const BIGNUM *a); @@ -194,15 +193,15 @@ int BN_is_word(const BIGNUM *a, const BN_ULONG w); int BN_is_odd(const BIGNUM *a); -# define BN_one(a) (BN_set_word((a),1)) +#define BN_one(a) (BN_set_word((a), 1)) void BN_zero_ex(BIGNUM *a); -# if OPENSSL_API_LEVEL > 908 -# define BN_zero(a) BN_zero_ex(a) -# else -# define BN_zero(a) (BN_set_word((a),0)) -# endif +#if OPENSSL_API_LEVEL > 908 +#define BN_zero(a) BN_zero_ex(a) +#else +#define BN_zero(a) (BN_set_word((a), 0)) +#endif const BIGNUM *BN_value_one(void); char *BN_options(void); @@ -215,23 +214,23 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, - unsigned int strength, BN_CTX *ctx); + unsigned int strength, BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, - unsigned int strength, BN_CTX *ctx); + unsigned int strength, BN_CTX *ctx); int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength, - BN_CTX *ctx); + BN_CTX *ctx); int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, - unsigned int strength, BN_CTX *ctx); + unsigned int strength, BN_CTX *ctx); int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); OSSL_DEPRECATEDIN_3_0 int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); -# endif +#endif int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG l); int BN_security_bits(int L, int N); @@ -267,24 +266,24 @@ int BN_is_negative(const BIGNUM *b); int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx); -# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) + BN_CTX *ctx); +#define BN_mod(rem, m, d, ctx) BN_div(NULL, (rem), (m), (d), (ctx)) int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); + BN_CTX *ctx); int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m); + const BIGNUM *m); int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); + BN_CTX *ctx); int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m); + const BIGNUM *m); int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); + BN_CTX *ctx); int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, - BN_CTX *ctx); + BN_CTX *ctx); int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); @@ -303,29 +302,29 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx); int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx); + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx); int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *m1, BN_MONT_CTX *in_mont1, - BIGNUM *rr2, const BIGNUM *a2, const BIGNUM *p2, - const BIGNUM *m2, BN_MONT_CTX *in_mont2, - BN_CTX *ctx); + const BIGNUM *m1, BN_MONT_CTX *in_mont1, + BIGNUM *rr2, const BIGNUM *a2, const BIGNUM *p2, + const BIGNUM *m2, BN_MONT_CTX *in_mont2, + BN_CTX *ctx); int BN_mask_bits(BIGNUM *a, int n); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int BN_print_fp(FILE *fp, const BIGNUM *a); -# endif +#endif int BN_print(BIO *bio, const BIGNUM *a); int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); @@ -345,75 +344,75 @@ * -2 for * error */ BIGNUM *BN_mod_inverse(BIGNUM *ret, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); BIGNUM *BN_mod_sqrt(BIGNUM *ret, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); /* Deprecated versions */ -# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +#ifndef OPENSSL_NO_DEPRECATED_0_9_8 OSSL_DEPRECATEDIN_0_9_8 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback) (int, int, void *), - void *cb_arg); + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int, int, void *), + void *cb_arg); OSSL_DEPRECATEDIN_0_9_8 int BN_is_prime(const BIGNUM *p, int nchecks, - void (*callback) (int, int, void *), - BN_CTX *ctx, void *cb_arg); + void (*callback)(int, int, void *), + BN_CTX *ctx, void *cb_arg); OSSL_DEPRECATEDIN_0_9_8 int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, - void (*callback) (int, int, void *), - BN_CTX *ctx, void *cb_arg, - int do_trial_division); -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 + void (*callback)(int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division); +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb); -# endif + int do_trial_division, BN_GENCB *cb); +#endif /* Newer versions */ int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, - BN_CTX *ctx); + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx); int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, - const BIGNUM *rem, BN_GENCB *cb); + const BIGNUM *rem, BN_GENCB *cb); int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, - const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb); + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, - BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, - BN_CTX *ctx, BN_GENCB *cb); -# endif + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); +#endif BN_MONT_CTX *BN_MONT_CTX_new(void); int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx); + BN_MONT_CTX *mont, BN_CTX *ctx); int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); + BN_CTX *ctx); int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); + BN_CTX *ctx); void BN_MONT_CTX_free(BN_MONT_CTX *mont); int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, - const BIGNUM *mod, BN_CTX *ctx); + const BIGNUM *mod, BN_CTX *ctx); /* BN_BLINDING flags */ -# define BN_BLINDING_NO_UPDATE 0x00000001 -# define BN_BLINDING_NO_RECREATE 0x00000002 +#define BN_BLINDING_NO_UPDATE 0x00000001 +#define BN_BLINDING_NO_RECREATE 0x00000002 BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); void BN_BLINDING_free(BN_BLINDING *b); @@ -422,7 +421,7 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, - BN_CTX *); + BN_CTX *); int BN_BLINDING_is_current_thread(BN_BLINDING *b); void BN_BLINDING_set_current_thread(BN_BLINDING *b); @@ -432,32 +431,32 @@ unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, - int (*bn_mod_exp) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx); -# ifndef OPENSSL_NO_DEPRECATED_0_9_8 + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp)(BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); +#ifndef OPENSSL_NO_DEPRECATED_0_9_8 OSSL_DEPRECATEDIN_0_9_8 void BN_set_params(int mul, int high, int low, int mont); OSSL_DEPRECATEDIN_0_9_8 int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ -# endif +#endif BN_RECP_CTX *BN_RECP_CTX_new(void); void BN_RECP_CTX_free(BN_RECP_CTX *recp); int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, - BN_RECP_CTX *recp, BN_CTX *ctx); + BN_RECP_CTX *recp, BN_CTX *ctx); int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx); int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx); + BN_RECP_CTX *recp, BN_CTX *ctx); -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M /* * Functions for arithmetic over binary polynomials represented by BIGNUMs. @@ -470,31 +469,31 @@ * r = a + b */ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) /* * r=a mod p */ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /* r = (a * b) mod p */ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx); + const BIGNUM *p, BN_CTX *ctx); /* r = (a * a) mod p */ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); /* r = (1 / b) mod p */ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx); + const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx); + const BIGNUM *p, BN_CTX *ctx); /* r = sqrt(a) mod p */ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - BN_CTX *ctx); + BN_CTX *ctx); /* r^2 + r = a mod p */ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - BN_CTX *ctx); -# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) + BN_CTX *ctx); +#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) /*- * Some functions allow for representation of the irreducible polynomials * as an unsigned int[], say p. The irreducible f(t) is then of the form: @@ -505,29 +504,29 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); /* r = (a * b) mod p */ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); /* r = (a * a) mod p */ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], - BN_CTX *ctx); + BN_CTX *ctx); /* r = (1 / b) mod p */ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], - BN_CTX *ctx); + BN_CTX *ctx); /* r = (a / b) mod p */ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, - const int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, - const int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); int BN_GF2m_arr2poly(const int p[], BIGNUM *a); -# endif +#endif /* * faster mod functions for the 'NIST primes' 0 <= a < p^2 @@ -544,12 +543,12 @@ const BIGNUM *BN_get0_nist_prime_384(void); const BIGNUM *BN_get0_nist_prime_521(void); -int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, - const BIGNUM *field, BN_CTX *ctx); +int (*BN_nist_mod_func(const BIGNUM *p))(BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, - const BIGNUM *priv, const unsigned char *message, - size_t message_len, BN_CTX *ctx); + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); /* Primes from RFC 2409 */ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); @@ -563,21 +562,20 @@ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 -# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 -# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 -# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 -# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 -# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 -# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 -# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +#define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +#define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +#define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +#define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +#define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +#define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +#define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +#endif int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/bnerr.h.orig +++ crypto/openssl/include/openssl/bnerr.h @@ -9,39 +9,37 @@ */ #ifndef OPENSSL_BNERR_H -# define OPENSSL_BNERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_BNERR_H +#pragma once +#include +#include +#include /* * BN reason codes. */ -# define BN_R_ARG2_LT_ARG3 100 -# define BN_R_BAD_RECIPROCAL 101 -# define BN_R_BIGNUM_TOO_LONG 114 -# define BN_R_BITS_TOO_SMALL 118 -# define BN_R_CALLED_WITH_EVEN_MODULUS 102 -# define BN_R_DIV_BY_ZERO 103 -# define BN_R_ENCODING_ERROR 104 -# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 -# define BN_R_INPUT_NOT_REDUCED 110 -# define BN_R_INVALID_LENGTH 106 -# define BN_R_INVALID_RANGE 115 -# define BN_R_INVALID_SHIFT 119 -# define BN_R_NOT_A_SQUARE 111 -# define BN_R_NOT_INITIALIZED 107 -# define BN_R_NO_INVERSE 108 -# define BN_R_NO_PRIME_CANDIDATE 121 -# define BN_R_NO_SOLUTION 116 -# define BN_R_NO_SUITABLE_DIGEST 120 -# define BN_R_PRIVATE_KEY_TOO_LARGE 117 -# define BN_R_P_IS_NOT_PRIME 112 -# define BN_R_TOO_MANY_ITERATIONS 113 -# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 +#define BN_R_ARG2_LT_ARG3 100 +#define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 114 +#define BN_R_BITS_TOO_SMALL 118 +#define BN_R_CALLED_WITH_EVEN_MODULUS 102 +#define BN_R_DIV_BY_ZERO 103 +#define BN_R_ENCODING_ERROR 104 +#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +#define BN_R_INPUT_NOT_REDUCED 110 +#define BN_R_INVALID_LENGTH 106 +#define BN_R_INVALID_RANGE 115 +#define BN_R_INVALID_SHIFT 119 +#define BN_R_NOT_A_SQUARE 111 +#define BN_R_NOT_INITIALIZED 107 +#define BN_R_NO_INVERSE 108 +#define BN_R_NO_PRIME_CANDIDATE 121 +#define BN_R_NO_SOLUTION 116 +#define BN_R_NO_SUITABLE_DIGEST 120 +#define BN_R_PRIVATE_KEY_TOO_LARGE 117 +#define BN_R_P_IS_NOT_PRIME 112 +#define BN_R_TOO_MANY_ITERATIONS 113 +#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 #endif --- crypto/openssl/include/openssl/buffer.h.orig +++ crypto/openssl/include/openssl/buffer.h @@ -8,45 +8,44 @@ */ #ifndef OPENSSL_BUFFER_H -# define OPENSSL_BUFFER_H -# pragma once +#define OPENSSL_BUFFER_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_BUFFER_H -# endif - -# include -# ifndef OPENSSL_CRYPTO_H -# include -# endif -# include +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_BUFFER_H +#endif +#include +#ifndef OPENSSL_CRYPTO_H +#include +#endif +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# include -# include +#include +#include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define BUF_strdup(s) OPENSSL_strdup(s) -# define BUF_strndup(s, size) OPENSSL_strndup(s, size) -# define BUF_memdup(data, size) OPENSSL_memdup(data, size) -# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) -# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) -# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define BUF_strdup(s) OPENSSL_strdup(s) +#define BUF_strndup(s, size) OPENSSL_strndup(s, size) +#define BUF_memdup(data, size) OPENSSL_memdup(data, size) +#define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +#define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +#define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) +#endif struct buf_mem_st { - size_t length; /* current number of bytes */ + size_t length; /* current number of bytes */ char *data; - size_t max; /* size of buffer */ + size_t max; /* size of buffer */ unsigned long flags; }; -# define BUF_MEM_FLAG_SECURE 0x01 +#define BUF_MEM_FLAG_SECURE 0x01 BUF_MEM *BUF_MEM_new(void); BUF_MEM *BUF_MEM_new_ex(unsigned long flags); @@ -55,8 +54,7 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/buffererr.h.orig +++ crypto/openssl/include/openssl/buffererr.h @@ -9,14 +9,12 @@ */ #ifndef OPENSSL_BUFFERERR_H -# define OPENSSL_BUFFERERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_BUFFERERR_H +#pragma once +#include +#include +#include /* * BUF reason codes. --- crypto/openssl/include/openssl/camellia.h.orig +++ crypto/openssl/include/openssl/camellia.h @@ -8,28 +8,28 @@ */ #ifndef OPENSSL_CAMELLIA_H -# define OPENSSL_CAMELLIA_H -# pragma once +#define OPENSSL_CAMELLIA_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CAMELLIA_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CAMELLIA_H +#endif -# include +#include -# ifndef OPENSSL_NO_CAMELLIA -# include -#ifdef __cplusplus +#ifndef OPENSSL_NO_CAMELLIA +#include +#ifdef __cplusplus extern "C" { #endif -# define CAMELLIA_BLOCK_SIZE 16 +#define CAMELLIA_BLOCK_SIZE 16 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 -# define CAMELLIA_ENCRYPT 1 -# define CAMELLIA_DECRYPT 0 +#define CAMELLIA_ENCRYPT 1 +#define CAMELLIA_DECRYPT 0 /* * Because array size can't be a const in C, the following two are macros. @@ -38,80 +38,80 @@ /* This should be a hidden type, but EVP requires that the size be known */ -# define CAMELLIA_TABLE_BYTE_LEN 272 -# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) +#define CAMELLIA_TABLE_BYTE_LEN 272 +#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match * with WORD */ struct camellia_key_st { union { - double d; /* ensures 64-bit align */ + double d; /* ensures 64-bit align */ KEY_TABLE_TYPE rd_key; } u; int grand_rounds; }; typedef struct camellia_key_st CAMELLIA_KEY; -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int Camellia_set_key(const unsigned char *userKey, - const int bits, - CAMELLIA_KEY *key); + const int bits, + CAMELLIA_KEY *key); OSSL_DEPRECATEDIN_3_0 void Camellia_encrypt(const unsigned char *in, - unsigned char *out, - const CAMELLIA_KEY *key); + unsigned char *out, + const CAMELLIA_KEY *key); OSSL_DEPRECATEDIN_3_0 void Camellia_decrypt(const unsigned char *in, - unsigned char *out, - const CAMELLIA_KEY *key); + unsigned char *out, + const CAMELLIA_KEY *key); OSSL_DEPRECATEDIN_3_0 void Camellia_ecb_encrypt(const unsigned char *in, - unsigned char *out, - const CAMELLIA_KEY *key, - const int enc); + unsigned char *out, + const CAMELLIA_KEY *key, + const int enc); OSSL_DEPRECATEDIN_3_0 void Camellia_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const CAMELLIA_KEY *key, - unsigned char *ivec, - const int enc); + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + const int enc); OSSL_DEPRECATEDIN_3_0 void Camellia_cfb128_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const CAMELLIA_KEY *key, - unsigned char *ivec, - int *num, - const int enc); + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc); OSSL_DEPRECATEDIN_3_0 void Camellia_cfb1_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const CAMELLIA_KEY *key, - unsigned char *ivec, - int *num, - const int enc); + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc); OSSL_DEPRECATEDIN_3_0 void Camellia_cfb8_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const CAMELLIA_KEY *key, - unsigned char *ivec, - int *num, - const int enc); + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc); OSSL_DEPRECATEDIN_3_0 void Camellia_ofb128_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const CAMELLIA_KEY *key, - unsigned char *ivec, - int *num); + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num); OSSL_DEPRECATEDIN_3_0 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char ivec[CAMELLIA_BLOCK_SIZE], - unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], - unsigned int *num); -# endif + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/cast.h.orig +++ crypto/openssl/include/openssl/cast.h @@ -8,64 +8,64 @@ */ #ifndef OPENSSL_CAST_H -# define OPENSSL_CAST_H -# pragma once +#define OPENSSL_CAST_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CAST_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CAST_H +#endif -# include +#include -# ifndef OPENSSL_NO_CAST -# ifdef __cplusplus +#ifndef OPENSSL_NO_CAST +#ifdef __cplusplus extern "C" { -# endif +#endif -# define CAST_BLOCK 8 -# define CAST_KEY_LENGTH 16 +#define CAST_BLOCK 8 +#define CAST_KEY_LENGTH 16 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 -# define CAST_ENCRYPT 1 -# define CAST_DECRYPT 0 +#define CAST_ENCRYPT 1 +#define CAST_DECRYPT 0 -# define CAST_LONG unsigned int +#define CAST_LONG unsigned int typedef struct cast_key_st { CAST_LONG data[32]; - int short_key; /* Use reduced rounds for short key */ + int short_key; /* Use reduced rounds for short key */ } CAST_KEY; -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); OSSL_DEPRECATEDIN_3_0 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - const CAST_KEY *key, int enc); + const CAST_KEY *key, int enc); OSSL_DEPRECATEDIN_3_0 void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); OSSL_DEPRECATEDIN_3_0 void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); OSSL_DEPRECATEDIN_3_0 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *ks, unsigned char *iv, - int enc); + long length, const CAST_KEY *ks, unsigned char *iv, + int enc); OSSL_DEPRECATEDIN_3_0 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, - unsigned char *ivec, int *num, int enc); + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc); OSSL_DEPRECATEDIN_3_0 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, - unsigned char *ivec, int *num); -# endif + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/cmac.h.orig +++ crypto/openssl/include/openssl/cmac.h @@ -8,45 +8,45 @@ */ #ifndef OPENSSL_CMAC_H -# define OPENSSL_CMAC_H -# pragma once +#define OPENSSL_CMAC_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CMAC_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CMAC_H +#endif -# ifndef OPENSSL_NO_CMAC +#ifndef OPENSSL_NO_CMAC -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# include +#include -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Opaque */ typedef struct CMAC_CTX_st CMAC_CTX; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 CMAC_CTX *CMAC_CTX_new(void); OSSL_DEPRECATEDIN_3_0 void CMAC_CTX_cleanup(CMAC_CTX *ctx); OSSL_DEPRECATEDIN_3_0 void CMAC_CTX_free(CMAC_CTX *ctx); OSSL_DEPRECATEDIN_3_0 EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); OSSL_DEPRECATEDIN_3_0 int CMAC_Init(CMAC_CTX *ctx, - const void *key, size_t keylen, - const EVP_CIPHER *cipher, ENGINE *impl); + const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); OSSL_DEPRECATEDIN_3_0 int CMAC_Update(CMAC_CTX *ctx, - const void *data, size_t dlen); + const void *data, size_t dlen); OSSL_DEPRECATEDIN_3_0 int CMAC_Final(CMAC_CTX *ctx, - unsigned char *out, size_t *poutlen); + unsigned char *out, size_t *poutlen); OSSL_DEPRECATEDIN_3_0 int CMAC_resume(CMAC_CTX *ctx); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif -# endif +#endif #endif --- crypto/openssl/include/openssl/cmp.h.orig +++ crypto/openssl/include/openssl/cmp.h @@ -12,30 +12,32 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_CMP_H -# define OPENSSL_CMP_H +#define OPENSSL_CMP_H -# include -# ifndef OPENSSL_NO_CMP +#include +#ifndef OPENSSL_NO_CMP -# include -# include -# include -# include +#include +#include +#include +#include /* explicit #includes not strictly needed since implied by the above: */ -# include -# include -# include -# include +#include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define OSSL_CMP_PVNO 2 +#define OSSL_CMP_PVNO 2 /*- * PKIFailureInfo ::= BIT STRING { @@ -104,69 +106,69 @@ * -- certificate already exists * } */ -# define OSSL_CMP_PKIFAILUREINFO_badAlg 0 -# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 -# define OSSL_CMP_PKIFAILUREINFO_badRequest 2 -# define OSSL_CMP_PKIFAILUREINFO_badTime 3 -# define OSSL_CMP_PKIFAILUREINFO_badCertId 4 -# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 -# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 -# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 -# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 -# define OSSL_CMP_PKIFAILUREINFO_badPOP 9 -# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 -# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 -# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 -# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 -# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 -# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 -# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 -# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 -# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 -# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 -# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 -# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 -# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 -# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 -# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 -# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 -# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 -# define OSSL_CMP_PKIFAILUREINFO_MAX 26 -# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ +#define OSSL_CMP_PKIFAILUREINFO_badAlg 0 +#define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 +#define OSSL_CMP_PKIFAILUREINFO_badRequest 2 +#define OSSL_CMP_PKIFAILUREINFO_badTime 3 +#define OSSL_CMP_PKIFAILUREINFO_badCertId 4 +#define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 +#define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 +#define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 +#define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 +#define OSSL_CMP_PKIFAILUREINFO_badPOP 9 +#define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 +#define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 +#define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 +#define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 +#define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 +#define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 +#define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 +#define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 +#define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 +#define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 +#define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 +#define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 +#define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 +#define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 +#define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 +#define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 +#define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 +#define OSSL_CMP_PKIFAILUREINFO_MAX 26 +#define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) -# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX -# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int -# endif +#if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX +#error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int +#endif typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; -# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) -# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) -# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) -# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) -# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) -# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) -# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) -# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) -# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) -# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) -# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) -# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) -# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) -# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) -# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) -# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) -# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) -# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) -# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) -# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) -# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) -# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) -# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) -# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) -# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) -# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) -# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) +#define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) +#define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) +#define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) +#define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) +#define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) +#define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) +#define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) +#define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) +#define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) +#define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) +#define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) +#define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) +#define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) +#define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) +#define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) +#define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) +#define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) +#define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) +#define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) +#define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) +#define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) +#define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) +#define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) +#define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) +#define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) +#define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) +#define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) /*- * PKIStatus ::= INTEGER { @@ -193,22 +195,22 @@ * -- CertReqMsg * } */ -# define OSSL_CMP_PKISTATUS_request -3 -# define OSSL_CMP_PKISTATUS_trans -2 -# define OSSL_CMP_PKISTATUS_unspecified -1 -# define OSSL_CMP_PKISTATUS_accepted 0 -# define OSSL_CMP_PKISTATUS_grantedWithMods 1 -# define OSSL_CMP_PKISTATUS_rejection 2 -# define OSSL_CMP_PKISTATUS_waiting 3 -# define OSSL_CMP_PKISTATUS_revocationWarning 4 -# define OSSL_CMP_PKISTATUS_revocationNotification 5 -# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 +#define OSSL_CMP_PKISTATUS_request -3 +#define OSSL_CMP_PKISTATUS_trans -2 +#define OSSL_CMP_PKISTATUS_unspecified -1 +#define OSSL_CMP_PKISTATUS_accepted 0 +#define OSSL_CMP_PKISTATUS_grantedWithMods 1 +#define OSSL_CMP_PKISTATUS_rejection 2 +#define OSSL_CMP_PKISTATUS_waiting 3 +#define OSSL_CMP_PKISTATUS_revocationWarning 4 +#define OSSL_CMP_PKISTATUS_revocationNotification 5 +#define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) -# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 -# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 +#define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 +#define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 /* data type declarations */ typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; @@ -218,6 +220,7 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTSTATUS, OSSL_CMP_CERTSTATUS, OSSL_CMP_CERTSTATUS) #define sk_OSSL_CMP_CERTSTATUS_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk)) #define sk_OSSL_CMP_CERTSTATUS_value(sk, idx) ((OSSL_CMP_CERTSTATUS *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk), (idx))) @@ -245,8 +248,10 @@ #define sk_OSSL_CMP_CERTSTATUS_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTSTATUS) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTSTATUS_freefunc_type(freefunc))) #define sk_OSSL_CMP_CERTSTATUS_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTSTATUS_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTSTATUS_sk_type(sk), ossl_check_OSSL_CMP_CERTSTATUS_compfunc_type(cmp))) +/* clang-format on */ typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_ITAV, OSSL_CMP_ITAV, OSSL_CMP_ITAV) #define sk_OSSL_CMP_ITAV_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk)) #define sk_OSSL_CMP_ITAV_value(sk, idx) ((OSSL_CMP_ITAV *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk), (idx))) @@ -274,10 +279,12 @@ #define sk_OSSL_CMP_ITAV_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_ITAV) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_ITAV_freefunc_type(freefunc))) #define sk_OSSL_CMP_ITAV_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_ITAV_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_ITAV_sk_type(sk), ossl_check_OSSL_CMP_ITAV_compfunc_type(cmp))) +/* clang-format on */ typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_PKISI, OSSL_CMP_PKISI, OSSL_CMP_PKISI) #define sk_OSSL_CMP_PKISI_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk)) #define sk_OSSL_CMP_PKISI_value(sk, idx) ((OSSL_CMP_PKISI *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk), (idx))) @@ -305,7 +312,9 @@ #define sk_OSSL_CMP_PKISI_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_PKISI) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_PKISI_freefunc_type(freefunc))) #define sk_OSSL_CMP_PKISI_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_PKISI_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_PKISI_sk_type(sk), ossl_check_OSSL_CMP_PKISI_compfunc_type(cmp))) +/* clang-format on */ typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTREPMESSAGE, OSSL_CMP_CERTREPMESSAGE, OSSL_CMP_CERTREPMESSAGE) #define sk_OSSL_CMP_CERTREPMESSAGE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk)) #define sk_OSSL_CMP_CERTREPMESSAGE_value(sk, idx) ((OSSL_CMP_CERTREPMESSAGE *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), (idx))) @@ -333,9 +342,11 @@ #define sk_OSSL_CMP_CERTREPMESSAGE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTREPMESSAGE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTREPMESSAGE_freefunc_type(freefunc))) #define sk_OSSL_CMP_CERTREPMESSAGE_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTREPMESSAGE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTREPMESSAGE_sk_type(sk), ossl_check_OSSL_CMP_CERTREPMESSAGE_compfunc_type(cmp))) +/* clang-format on */ typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CMP_CERTRESPONSE, OSSL_CMP_CERTRESPONSE, OSSL_CMP_CERTRESPONSE) #define sk_OSSL_CMP_CERTRESPONSE_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk)) #define sk_OSSL_CMP_CERTRESPONSE_value(sk, idx) ((OSSL_CMP_CERTRESPONSE *)OPENSSL_sk_value(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk), (idx))) @@ -363,6 +374,7 @@ #define sk_OSSL_CMP_CERTRESPONSE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CMP_CERTRESPONSE) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_copyfunc_type(copyfunc), ossl_check_OSSL_CMP_CERTRESPONSE_freefunc_type(freefunc))) #define sk_OSSL_CMP_CERTRESPONSE_set_cmp_func(sk, cmp) ((sk_OSSL_CMP_CERTRESPONSE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CMP_CERTRESPONSE_sk_type(sk), ossl_check_OSSL_CMP_CERTRESPONSE_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; /* @@ -372,11 +384,11 @@ /* from cmp_asn.c */ OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, - ASN1_TYPE *value); + ASN1_TYPE *value); ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, - OSSL_CMP_ITAV *itav); + OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); @@ -385,33 +397,33 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); /* CMP general options: */ -# define OSSL_CMP_OPT_LOG_VERBOSITY 0 +#define OSSL_CMP_OPT_LOG_VERBOSITY 0 /* CMP transfer options: */ -# define OSSL_CMP_OPT_KEEP_ALIVE 10 -# define OSSL_CMP_OPT_MSG_TIMEOUT 11 -# define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 +#define OSSL_CMP_OPT_KEEP_ALIVE 10 +#define OSSL_CMP_OPT_MSG_TIMEOUT 11 +#define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 /* CMP request options: */ -# define OSSL_CMP_OPT_VALIDITY_DAYS 20 -# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 -# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22 -# define OSSL_CMP_OPT_POLICIES_CRITICAL 23 -# define OSSL_CMP_OPT_POPO_METHOD 24 -# define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25 -# define OSSL_CMP_OPT_DISABLE_CONFIRM 26 -# define OSSL_CMP_OPT_REVOCATION_REASON 27 +#define OSSL_CMP_OPT_VALIDITY_DAYS 20 +#define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 +#define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22 +#define OSSL_CMP_OPT_POLICIES_CRITICAL 23 +#define OSSL_CMP_OPT_POPO_METHOD 24 +#define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25 +#define OSSL_CMP_OPT_DISABLE_CONFIRM 26 +#define OSSL_CMP_OPT_REVOCATION_REASON 27 /* CMP protection options: */ -# define OSSL_CMP_OPT_UNPROTECTED_SEND 30 -# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31 -# define OSSL_CMP_OPT_OWF_ALGNID 32 -# define OSSL_CMP_OPT_MAC_ALGNID 33 -# define OSSL_CMP_OPT_DIGEST_ALGNID 34 -# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 -# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 +#define OSSL_CMP_OPT_UNPROTECTED_SEND 30 +#define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31 +#define OSSL_CMP_OPT_OWF_ALGNID 32 +#define OSSL_CMP_OPT_MAC_ALGNID 33 +#define OSSL_CMP_OPT_DIGEST_ALGNID 34 +#define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 +#define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); /* CMP-specific callback for logging and outputting the error queue: */ int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); -# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ +#define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); /* message transfer: */ @@ -423,8 +435,8 @@ int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); -typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req); +typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t)(OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req); int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); @@ -438,25 +450,25 @@ /* client authentication: */ int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, - STACK_OF(X509) *candidates); + STACK_OF(X509) *candidates); int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, - const unsigned char *ref, int len); + const unsigned char *ref, int len); int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, - const unsigned char *sec, int len); + const unsigned char *sec, int len); /* CMP message header and extra certificates: */ int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsOut); + STACK_OF(X509) *extraCertsOut); /* certificate template: */ int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, - const GENERAL_NAME *name); + const GENERAL_NAME *name); int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); @@ -465,10 +477,10 @@ /* misc body contents: */ int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); /* certificate confirmation: */ -typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, - int fail_info, const char **txt); +typedef int (*OSSL_CMP_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert, + int fail_info, const char **txt); int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, - const char **text); + const char **text); int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); @@ -476,27 +488,26 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); -# define OSSL_CMP_PKISI_BUFLEN 1024 +#define OSSL_CMP_PKISI_BUFLEN 1024 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *id); + const ASN1_OCTET_STRING *id); int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce); + const ASN1_OCTET_STRING *nonce); /* from cmp_status.c */ char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, - size_t bufsize); + size_t bufsize); char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, - char *buf, size_t bufsize); + char *buf, size_t bufsize); OSSL_CMP_PKISI * OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); /* from cmp_hdr.c */ -ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const - OSSL_CMP_PKIHEADER *hdr); +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr); ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ @@ -506,7 +517,7 @@ int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); @@ -514,84 +525,83 @@ /* from cmp_vfy.c */ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, - X509_STORE *trusted_store, X509 *cert); + X509_STORE *trusted_store, X509 *cert); /* from cmp_http.c */ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req); + const OSSL_CMP_MSG *req); /* from cmp_server.c */ typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req); -OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, - const OSSL_CMP_MSG *req); + const OSSL_CMP_MSG *req); +OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, + const OSSL_CMP_MSG *req); OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); -typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t) - (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, - const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, - X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); +typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, + const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, + X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, - const X509_NAME *issuer, - const ASN1_INTEGER *serial); + const OSSL_CMP_MSG *req, + const X509_NAME *issuer, + const ASN1_INTEGER *serial); typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, - const STACK_OF(OSSL_CMP_ITAV) *in, - STACK_OF(OSSL_CMP_ITAV) **out); + const OSSL_CMP_MSG *req, + const STACK_OF(OSSL_CMP_ITAV) *in, + STACK_OF(OSSL_CMP_ITAV) **out); typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, - const OSSL_CMP_PKISI *statusInfo, - const ASN1_INTEGER *errorCode, - const OSSL_CMP_PKIFREETEXT *errDetails); + const OSSL_CMP_MSG *req, + const OSSL_CMP_PKISI *statusInfo, + const ASN1_INTEGER *errorCode, + const OSSL_CMP_PKIFREETEXT *errDetails); typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, - int certReqId, - const ASN1_OCTET_STRING *certHash, - const OSSL_CMP_PKISI *si); + const OSSL_CMP_MSG *req, + int certReqId, + const ASN1_OCTET_STRING *certHash, + const OSSL_CMP_PKISI *si); typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, int certReqId, - OSSL_CMP_MSG **certReq, - int64_t *check_after); + const OSSL_CMP_MSG *req, int certReqId, + OSSL_CMP_MSG **certReq, + int64_t *check_after); int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, - OSSL_CMP_SRV_cert_request_cb_t process_cert_request, - OSSL_CMP_SRV_rr_cb_t process_rr, - OSSL_CMP_SRV_genm_cb_t process_genm, - OSSL_CMP_SRV_error_cb_t process_error, - OSSL_CMP_SRV_certConf_cb_t process_certConf, - OSSL_CMP_SRV_pollReq_cb_t process_pollReq); + OSSL_CMP_SRV_cert_request_cb_t process_cert_request, + OSSL_CMP_SRV_rr_cb_t process_rr, + OSSL_CMP_SRV_genm_cb_t process_genm, + OSSL_CMP_SRV_error_cb_t process_error, + OSSL_CMP_SRV_certConf_cb_t process_certConf, + OSSL_CMP_SRV_pollReq_cb_t process_pollReq); OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, - int val); + int val); int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val); int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val); int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, - int val); + int val); /* from cmp_client.c */ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, - const OSSL_CRMF_MSG *crm); -# define OSSL_CMP_IR 0 -# define OSSL_CMP_CR 2 -# define OSSL_CMP_P10CR 4 -# define OSSL_CMP_KUR 7 -# define OSSL_CMP_exec_IR_ses(ctx) \ + const OSSL_CRMF_MSG *crm); +#define OSSL_CMP_IR 0 +#define OSSL_CMP_CR 2 +#define OSSL_CMP_P10CR 4 +#define OSSL_CMP_KUR 7 +#define OSSL_CMP_exec_IR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) -# define OSSL_CMP_exec_CR_ses(ctx) \ +#define OSSL_CMP_exec_CR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL) -# define OSSL_CMP_exec_P10CR_ses(ctx) \ +#define OSSL_CMP_exec_P10CR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL) -# define OSSL_CMP_exec_KUR_ses(ctx) \ +#define OSSL_CMP_exec_KUR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, - const OSSL_CRMF_MSG *crm, int *checkAfter); + const OSSL_CRMF_MSG *crm, int *checkAfter); int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif /* !defined(OPENSSL_NO_CMP) */ +#endif +#endif /* !defined(OPENSSL_NO_CMP) */ #endif /* !defined(OPENSSL_CMP_H) */ --- crypto/openssl/include/openssl/cmp.h.in.orig +++ crypto/openssl/include/openssl/cmp.h.in @@ -11,32 +11,34 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_CMP_H -# define OPENSSL_CMP_H +#define OPENSSL_CMP_H -# include -# ifndef OPENSSL_NO_CMP +#include +#ifndef OPENSSL_NO_CMP -# include -# include -# include -# include +#include +#include +#include +#include /* explicit #includes not strictly needed since implied by the above: */ -# include -# include -# include -# include +#include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define OSSL_CMP_PVNO 2 +#define OSSL_CMP_PVNO 2 /*- * PKIFailureInfo ::= BIT STRING { @@ -105,69 +107,69 @@ * -- certificate already exists * } */ -# define OSSL_CMP_PKIFAILUREINFO_badAlg 0 -# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 -# define OSSL_CMP_PKIFAILUREINFO_badRequest 2 -# define OSSL_CMP_PKIFAILUREINFO_badTime 3 -# define OSSL_CMP_PKIFAILUREINFO_badCertId 4 -# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 -# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 -# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 -# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 -# define OSSL_CMP_PKIFAILUREINFO_badPOP 9 -# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 -# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 -# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 -# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 -# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 -# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 -# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 -# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 -# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 -# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 -# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 -# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 -# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 -# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 -# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 -# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 -# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 -# define OSSL_CMP_PKIFAILUREINFO_MAX 26 -# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ +#define OSSL_CMP_PKIFAILUREINFO_badAlg 0 +#define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 +#define OSSL_CMP_PKIFAILUREINFO_badRequest 2 +#define OSSL_CMP_PKIFAILUREINFO_badTime 3 +#define OSSL_CMP_PKIFAILUREINFO_badCertId 4 +#define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 +#define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 +#define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 +#define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 +#define OSSL_CMP_PKIFAILUREINFO_badPOP 9 +#define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 +#define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 +#define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 +#define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 +#define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 +#define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 +#define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 +#define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 +#define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 +#define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 +#define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 +#define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 +#define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 +#define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 +#define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 +#define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 +#define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 +#define OSSL_CMP_PKIFAILUREINFO_MAX 26 +#define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) -# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX -# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int -# endif +#if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX +#error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int +#endif typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; -# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) -# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) -# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) -# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) -# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) -# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) -# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) -# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) -# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) -# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) -# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) -# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) -# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) -# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) -# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) -# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) -# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) -# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) -# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) -# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) -# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) -# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) -# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) -# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) -# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) -# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) -# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) +#define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) +#define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) +#define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) +#define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) +#define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) +#define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) +#define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) +#define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) +#define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) +#define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) +#define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) +#define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) +#define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) +#define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) +#define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) +#define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) +#define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) +#define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) +#define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) +#define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) +#define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) +#define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) +#define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) +#define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) +#define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) +#define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) +#define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) /*- * PKIStatus ::= INTEGER { @@ -194,22 +196,22 @@ * -- CertReqMsg * } */ -# define OSSL_CMP_PKISTATUS_request -3 -# define OSSL_CMP_PKISTATUS_trans -2 -# define OSSL_CMP_PKISTATUS_unspecified -1 -# define OSSL_CMP_PKISTATUS_accepted 0 -# define OSSL_CMP_PKISTATUS_grantedWithMods 1 -# define OSSL_CMP_PKISTATUS_rejection 2 -# define OSSL_CMP_PKISTATUS_waiting 3 -# define OSSL_CMP_PKISTATUS_revocationWarning 4 -# define OSSL_CMP_PKISTATUS_revocationNotification 5 -# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 +#define OSSL_CMP_PKISTATUS_request -3 +#define OSSL_CMP_PKISTATUS_trans -2 +#define OSSL_CMP_PKISTATUS_unspecified -1 +#define OSSL_CMP_PKISTATUS_accepted 0 +#define OSSL_CMP_PKISTATUS_grantedWithMods 1 +#define OSSL_CMP_PKISTATUS_rejection 2 +#define OSSL_CMP_PKISTATUS_waiting 3 +#define OSSL_CMP_PKISTATUS_revocationWarning 4 +#define OSSL_CMP_PKISTATUS_revocationNotification 5 +#define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) -# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 -# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 +#define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 +#define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 /* data type declarations */ typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; @@ -219,31 +221,41 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; +/* clang-format off */ {- generate_stack_macros("OSSL_CMP_CERTSTATUS"); -} +/* clang-format on */ typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) +/* clang-format off */ {- generate_stack_macros("OSSL_CMP_ITAV"); -} +/* clang-format on */ typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) +/* clang-format off */ {- generate_stack_macros("OSSL_CMP_PKISI"); -} +/* clang-format on */ typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; +/* clang-format off */ {- generate_stack_macros("OSSL_CMP_CERTREPMESSAGE"); -} +/* clang-format on */ typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; +/* clang-format off */ {- generate_stack_macros("OSSL_CMP_CERTRESPONSE"); -} +/* clang-format on */ typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; /* @@ -253,11 +265,11 @@ /* from cmp_asn.c */ OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, - ASN1_TYPE *value); + ASN1_TYPE *value); ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, - OSSL_CMP_ITAV *itav); + OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); @@ -266,33 +278,33 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); /* CMP general options: */ -# define OSSL_CMP_OPT_LOG_VERBOSITY 0 +#define OSSL_CMP_OPT_LOG_VERBOSITY 0 /* CMP transfer options: */ -# define OSSL_CMP_OPT_KEEP_ALIVE 10 -# define OSSL_CMP_OPT_MSG_TIMEOUT 11 -# define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 +#define OSSL_CMP_OPT_KEEP_ALIVE 10 +#define OSSL_CMP_OPT_MSG_TIMEOUT 11 +#define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 /* CMP request options: */ -# define OSSL_CMP_OPT_VALIDITY_DAYS 20 -# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 -# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22 -# define OSSL_CMP_OPT_POLICIES_CRITICAL 23 -# define OSSL_CMP_OPT_POPO_METHOD 24 -# define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25 -# define OSSL_CMP_OPT_DISABLE_CONFIRM 26 -# define OSSL_CMP_OPT_REVOCATION_REASON 27 +#define OSSL_CMP_OPT_VALIDITY_DAYS 20 +#define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 +#define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22 +#define OSSL_CMP_OPT_POLICIES_CRITICAL 23 +#define OSSL_CMP_OPT_POPO_METHOD 24 +#define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25 +#define OSSL_CMP_OPT_DISABLE_CONFIRM 26 +#define OSSL_CMP_OPT_REVOCATION_REASON 27 /* CMP protection options: */ -# define OSSL_CMP_OPT_UNPROTECTED_SEND 30 -# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31 -# define OSSL_CMP_OPT_OWF_ALGNID 32 -# define OSSL_CMP_OPT_MAC_ALGNID 33 -# define OSSL_CMP_OPT_DIGEST_ALGNID 34 -# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 -# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 +#define OSSL_CMP_OPT_UNPROTECTED_SEND 30 +#define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31 +#define OSSL_CMP_OPT_OWF_ALGNID 32 +#define OSSL_CMP_OPT_MAC_ALGNID 33 +#define OSSL_CMP_OPT_DIGEST_ALGNID 34 +#define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 +#define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); /* CMP-specific callback for logging and outputting the error queue: */ int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); -# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ +#define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); /* message transfer: */ @@ -304,8 +316,8 @@ int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); -typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req); +typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t)(OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req); int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); @@ -319,25 +331,25 @@ /* client authentication: */ int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, - STACK_OF(X509) *candidates); + STACK_OF(X509) *candidates); int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, - const unsigned char *ref, int len); + const unsigned char *ref, int len); int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, - const unsigned char *sec, int len); + const unsigned char *sec, int len); /* CMP message header and extra certificates: */ int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsOut); + STACK_OF(X509) *extraCertsOut); /* certificate template: */ int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, - const GENERAL_NAME *name); + const GENERAL_NAME *name); int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); @@ -346,10 +358,10 @@ /* misc body contents: */ int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); /* certificate confirmation: */ -typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, - int fail_info, const char **txt); +typedef int (*OSSL_CMP_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert, + int fail_info, const char **txt); int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, - const char **text); + const char **text); int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); @@ -357,27 +369,26 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); -# define OSSL_CMP_PKISI_BUFLEN 1024 +#define OSSL_CMP_PKISI_BUFLEN 1024 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *id); + const ASN1_OCTET_STRING *id); int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce); + const ASN1_OCTET_STRING *nonce); /* from cmp_status.c */ char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, - size_t bufsize); + size_t bufsize); char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, - char *buf, size_t bufsize); + char *buf, size_t bufsize); OSSL_CMP_PKISI * OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); /* from cmp_hdr.c */ -ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const - OSSL_CMP_PKIHEADER *hdr); +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr); ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ @@ -387,7 +398,7 @@ int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); @@ -395,84 +406,83 @@ /* from cmp_vfy.c */ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, - X509_STORE *trusted_store, X509 *cert); + X509_STORE *trusted_store, X509 *cert); /* from cmp_http.c */ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req); + const OSSL_CMP_MSG *req); /* from cmp_server.c */ typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req); -OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, - const OSSL_CMP_MSG *req); + const OSSL_CMP_MSG *req); +OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, + const OSSL_CMP_MSG *req); OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); -typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t) - (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, - const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, - X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); +typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, + const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, + X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, - const X509_NAME *issuer, - const ASN1_INTEGER *serial); + const OSSL_CMP_MSG *req, + const X509_NAME *issuer, + const ASN1_INTEGER *serial); typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, - const STACK_OF(OSSL_CMP_ITAV) *in, - STACK_OF(OSSL_CMP_ITAV) **out); + const OSSL_CMP_MSG *req, + const STACK_OF(OSSL_CMP_ITAV) *in, + STACK_OF(OSSL_CMP_ITAV) **out); typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, - const OSSL_CMP_PKISI *statusInfo, - const ASN1_INTEGER *errorCode, - const OSSL_CMP_PKIFREETEXT *errDetails); + const OSSL_CMP_MSG *req, + const OSSL_CMP_PKISI *statusInfo, + const ASN1_INTEGER *errorCode, + const OSSL_CMP_PKIFREETEXT *errDetails); typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, - int certReqId, - const ASN1_OCTET_STRING *certHash, - const OSSL_CMP_PKISI *si); + const OSSL_CMP_MSG *req, + int certReqId, + const ASN1_OCTET_STRING *certHash, + const OSSL_CMP_PKISI *si); typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req, int certReqId, - OSSL_CMP_MSG **certReq, - int64_t *check_after); + const OSSL_CMP_MSG *req, int certReqId, + OSSL_CMP_MSG **certReq, + int64_t *check_after); int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, - OSSL_CMP_SRV_cert_request_cb_t process_cert_request, - OSSL_CMP_SRV_rr_cb_t process_rr, - OSSL_CMP_SRV_genm_cb_t process_genm, - OSSL_CMP_SRV_error_cb_t process_error, - OSSL_CMP_SRV_certConf_cb_t process_certConf, - OSSL_CMP_SRV_pollReq_cb_t process_pollReq); + OSSL_CMP_SRV_cert_request_cb_t process_cert_request, + OSSL_CMP_SRV_rr_cb_t process_rr, + OSSL_CMP_SRV_genm_cb_t process_genm, + OSSL_CMP_SRV_error_cb_t process_error, + OSSL_CMP_SRV_certConf_cb_t process_certConf, + OSSL_CMP_SRV_pollReq_cb_t process_pollReq); OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, - int val); + int val); int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val); int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val); int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, - int val); + int val); /* from cmp_client.c */ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, - const OSSL_CRMF_MSG *crm); -# define OSSL_CMP_IR 0 -# define OSSL_CMP_CR 2 -# define OSSL_CMP_P10CR 4 -# define OSSL_CMP_KUR 7 -# define OSSL_CMP_exec_IR_ses(ctx) \ + const OSSL_CRMF_MSG *crm); +#define OSSL_CMP_IR 0 +#define OSSL_CMP_CR 2 +#define OSSL_CMP_P10CR 4 +#define OSSL_CMP_KUR 7 +#define OSSL_CMP_exec_IR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) -# define OSSL_CMP_exec_CR_ses(ctx) \ +#define OSSL_CMP_exec_CR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL) -# define OSSL_CMP_exec_P10CR_ses(ctx) \ +#define OSSL_CMP_exec_P10CR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL) -# define OSSL_CMP_exec_KUR_ses(ctx) \ +#define OSSL_CMP_exec_KUR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, - const OSSL_CRMF_MSG *crm, int *checkAfter); + const OSSL_CRMF_MSG *crm, int *checkAfter); int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif /* !defined(OPENSSL_NO_CMP) */ +#endif +#endif /* !defined(OPENSSL_NO_CMP) */ #endif /* !defined(OPENSSL_CMP_H) */ --- crypto/openssl/include/openssl/cmp_util.h.orig +++ crypto/openssl/include/openssl/cmp_util.h @@ -10,47 +10,47 @@ */ #ifndef OPENSSL_CMP_UTIL_H -# define OPENSSL_CMP_UTIL_H -# pragma once +#define OPENSSL_CMP_UTIL_H +#pragma once -# include -# ifndef OPENSSL_NO_CMP +#include +#ifndef OPENSSL_NO_CMP -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -int OSSL_CMP_log_open(void); +int OSSL_CMP_log_open(void); void OSSL_CMP_log_close(void); -# define OSSL_CMP_LOG_PREFIX "CMP " +#define OSSL_CMP_LOG_PREFIX "CMP " /* * generalized logging/error callback mirroring the severity levels of syslog.h */ typedef int OSSL_CMP_severity; -# define OSSL_CMP_LOG_EMERG 0 -# define OSSL_CMP_LOG_ALERT 1 -# define OSSL_CMP_LOG_CRIT 2 -# define OSSL_CMP_LOG_ERR 3 -# define OSSL_CMP_LOG_WARNING 4 -# define OSSL_CMP_LOG_NOTICE 5 -# define OSSL_CMP_LOG_INFO 6 -# define OSSL_CMP_LOG_DEBUG 7 -# define OSSL_CMP_LOG_TRACE 8 -# define OSSL_CMP_LOG_MAX OSSL_CMP_LOG_TRACE +#define OSSL_CMP_LOG_EMERG 0 +#define OSSL_CMP_LOG_ALERT 1 +#define OSSL_CMP_LOG_CRIT 2 +#define OSSL_CMP_LOG_ERR 3 +#define OSSL_CMP_LOG_WARNING 4 +#define OSSL_CMP_LOG_NOTICE 5 +#define OSSL_CMP_LOG_INFO 6 +#define OSSL_CMP_LOG_DEBUG 7 +#define OSSL_CMP_LOG_TRACE 8 +#define OSSL_CMP_LOG_MAX OSSL_CMP_LOG_TRACE typedef int (*OSSL_CMP_log_cb_t)(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg); + OSSL_CMP_severity level, const char *msg); int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, - int line, OSSL_CMP_severity level, const char *msg); + int line, OSSL_CMP_severity level, const char *msg); /* use of the logging callback for outputting error queue */ void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif /* !defined(OPENSSL_NO_CMP) */ +#endif +#endif /* !defined(OPENSSL_NO_CMP) */ #endif /* !defined(OPENSSL_CMP_UTIL_H) */ --- crypto/openssl/include/openssl/cmperr.h.orig +++ crypto/openssl/include/openssl/cmperr.h @@ -9,108 +9,106 @@ */ #ifndef OPENSSL_CMPERR_H -# define OPENSSL_CMPERR_H -# pragma once +#define OPENSSL_CMPERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_CMP +#include +#include +#include +#ifndef OPENSSL_NO_CMP /* * CMP reason codes. */ -# define CMP_R_ALGORITHM_NOT_SUPPORTED 139 -# define CMP_R_BAD_CHECKAFTER_IN_POLLREP 167 -# define CMP_R_BAD_REQUEST_ID 108 -# define CMP_R_CERTHASH_UNMATCHED 156 -# define CMP_R_CERTID_NOT_FOUND 109 -# define CMP_R_CERTIFICATE_NOT_ACCEPTED 169 -# define CMP_R_CERTIFICATE_NOT_FOUND 112 -# define CMP_R_CERTREQMSG_NOT_FOUND 157 -# define CMP_R_CERTRESPONSE_NOT_FOUND 113 -# define CMP_R_CERT_AND_KEY_DO_NOT_MATCH 114 -# define CMP_R_CHECKAFTER_OUT_OF_RANGE 181 -# define CMP_R_ENCOUNTERED_KEYUPDATEWARNING 176 -# define CMP_R_ENCOUNTERED_WAITING 162 -# define CMP_R_ERROR_CALCULATING_PROTECTION 115 -# define CMP_R_ERROR_CREATING_CERTCONF 116 -# define CMP_R_ERROR_CREATING_CERTREP 117 -# define CMP_R_ERROR_CREATING_CERTREQ 163 -# define CMP_R_ERROR_CREATING_ERROR 118 -# define CMP_R_ERROR_CREATING_GENM 119 -# define CMP_R_ERROR_CREATING_GENP 120 -# define CMP_R_ERROR_CREATING_PKICONF 122 -# define CMP_R_ERROR_CREATING_POLLREP 123 -# define CMP_R_ERROR_CREATING_POLLREQ 124 -# define CMP_R_ERROR_CREATING_RP 125 -# define CMP_R_ERROR_CREATING_RR 126 -# define CMP_R_ERROR_PARSING_PKISTATUS 107 -# define CMP_R_ERROR_PROCESSING_MESSAGE 158 -# define CMP_R_ERROR_PROTECTING_MESSAGE 127 -# define CMP_R_ERROR_SETTING_CERTHASH 128 -# define CMP_R_ERROR_UNEXPECTED_CERTCONF 160 -# define CMP_R_ERROR_VALIDATING_PROTECTION 140 -# define CMP_R_ERROR_VALIDATING_SIGNATURE 171 -# define CMP_R_FAILED_BUILDING_OWN_CHAIN 164 -# define CMP_R_FAILED_EXTRACTING_PUBKEY 141 -# define CMP_R_FAILURE_OBTAINING_RANDOM 110 -# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 -# define CMP_R_INVALID_ARGS 100 -# define CMP_R_INVALID_OPTION 174 -# define CMP_R_MISSING_CERTID 165 -# define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 -# define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 -# define CMP_R_MISSING_P10CSR 121 -# define CMP_R_MISSING_PBM_SECRET 166 -# define CMP_R_MISSING_PRIVATE_KEY 131 -# define CMP_R_MISSING_PRIVATE_KEY_FOR_POPO 190 -# define CMP_R_MISSING_PROTECTION 143 -# define CMP_R_MISSING_PUBLIC_KEY 183 -# define CMP_R_MISSING_REFERENCE_CERT 168 -# define CMP_R_MISSING_SECRET 178 -# define CMP_R_MISSING_SENDER_IDENTIFICATION 111 -# define CMP_R_MISSING_TRUST_ANCHOR 179 -# define CMP_R_MISSING_TRUST_STORE 144 -# define CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED 161 -# define CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED 170 -# define CMP_R_MULTIPLE_SAN_SOURCES 102 -# define CMP_R_NO_STDIO 194 -# define CMP_R_NO_SUITABLE_SENDER_CERT 145 -# define CMP_R_NULL_ARGUMENT 103 -# define CMP_R_PKIBODY_ERROR 146 -# define CMP_R_PKISTATUSINFO_NOT_FOUND 132 -# define CMP_R_POLLING_FAILED 172 -# define CMP_R_POTENTIALLY_INVALID_CERTIFICATE 147 -# define CMP_R_RECEIVED_ERROR 180 -# define CMP_R_RECIPNONCE_UNMATCHED 148 -# define CMP_R_REQUEST_NOT_ACCEPTED 149 -# define CMP_R_REQUEST_REJECTED_BY_SERVER 182 -# define CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED 150 -# define CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG 151 -# define CMP_R_TOTAL_TIMEOUT 184 -# define CMP_R_TRANSACTIONID_UNMATCHED 152 -# define CMP_R_TRANSFER_ERROR 159 -# define CMP_R_UNEXPECTED_PKIBODY 133 -# define CMP_R_UNEXPECTED_PKISTATUS 185 -# define CMP_R_UNEXPECTED_PVNO 153 -# define CMP_R_UNKNOWN_ALGORITHM_ID 134 -# define CMP_R_UNKNOWN_CERT_TYPE 135 -# define CMP_R_UNKNOWN_PKISTATUS 186 -# define CMP_R_UNSUPPORTED_ALGORITHM 136 -# define CMP_R_UNSUPPORTED_KEY_TYPE 137 -# define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC 154 -# define CMP_R_VALUE_TOO_LARGE 175 -# define CMP_R_VALUE_TOO_SMALL 177 -# define CMP_R_WRONG_ALGORITHM_OID 138 -# define CMP_R_WRONG_CERTID 189 -# define CMP_R_WRONG_CERTID_IN_RP 187 -# define CMP_R_WRONG_PBM_VALUE 155 -# define CMP_R_WRONG_RP_COMPONENT_COUNT 188 -# define CMP_R_WRONG_SERIAL_IN_RP 173 +#define CMP_R_ALGORITHM_NOT_SUPPORTED 139 +#define CMP_R_BAD_CHECKAFTER_IN_POLLREP 167 +#define CMP_R_BAD_REQUEST_ID 108 +#define CMP_R_CERTHASH_UNMATCHED 156 +#define CMP_R_CERTID_NOT_FOUND 109 +#define CMP_R_CERTIFICATE_NOT_ACCEPTED 169 +#define CMP_R_CERTIFICATE_NOT_FOUND 112 +#define CMP_R_CERTREQMSG_NOT_FOUND 157 +#define CMP_R_CERTRESPONSE_NOT_FOUND 113 +#define CMP_R_CERT_AND_KEY_DO_NOT_MATCH 114 +#define CMP_R_CHECKAFTER_OUT_OF_RANGE 181 +#define CMP_R_ENCOUNTERED_KEYUPDATEWARNING 176 +#define CMP_R_ENCOUNTERED_WAITING 162 +#define CMP_R_ERROR_CALCULATING_PROTECTION 115 +#define CMP_R_ERROR_CREATING_CERTCONF 116 +#define CMP_R_ERROR_CREATING_CERTREP 117 +#define CMP_R_ERROR_CREATING_CERTREQ 163 +#define CMP_R_ERROR_CREATING_ERROR 118 +#define CMP_R_ERROR_CREATING_GENM 119 +#define CMP_R_ERROR_CREATING_GENP 120 +#define CMP_R_ERROR_CREATING_PKICONF 122 +#define CMP_R_ERROR_CREATING_POLLREP 123 +#define CMP_R_ERROR_CREATING_POLLREQ 124 +#define CMP_R_ERROR_CREATING_RP 125 +#define CMP_R_ERROR_CREATING_RR 126 +#define CMP_R_ERROR_PARSING_PKISTATUS 107 +#define CMP_R_ERROR_PROCESSING_MESSAGE 158 +#define CMP_R_ERROR_PROTECTING_MESSAGE 127 +#define CMP_R_ERROR_SETTING_CERTHASH 128 +#define CMP_R_ERROR_UNEXPECTED_CERTCONF 160 +#define CMP_R_ERROR_VALIDATING_PROTECTION 140 +#define CMP_R_ERROR_VALIDATING_SIGNATURE 171 +#define CMP_R_FAILED_BUILDING_OWN_CHAIN 164 +#define CMP_R_FAILED_EXTRACTING_PUBKEY 141 +#define CMP_R_FAILURE_OBTAINING_RANDOM 110 +#define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 +#define CMP_R_INVALID_ARGS 100 +#define CMP_R_INVALID_OPTION 174 +#define CMP_R_MISSING_CERTID 165 +#define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 +#define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 +#define CMP_R_MISSING_P10CSR 121 +#define CMP_R_MISSING_PBM_SECRET 166 +#define CMP_R_MISSING_PRIVATE_KEY 131 +#define CMP_R_MISSING_PRIVATE_KEY_FOR_POPO 190 +#define CMP_R_MISSING_PROTECTION 143 +#define CMP_R_MISSING_PUBLIC_KEY 183 +#define CMP_R_MISSING_REFERENCE_CERT 168 +#define CMP_R_MISSING_SECRET 178 +#define CMP_R_MISSING_SENDER_IDENTIFICATION 111 +#define CMP_R_MISSING_TRUST_ANCHOR 179 +#define CMP_R_MISSING_TRUST_STORE 144 +#define CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED 161 +#define CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED 170 +#define CMP_R_MULTIPLE_SAN_SOURCES 102 +#define CMP_R_NO_STDIO 194 +#define CMP_R_NO_SUITABLE_SENDER_CERT 145 +#define CMP_R_NULL_ARGUMENT 103 +#define CMP_R_PKIBODY_ERROR 146 +#define CMP_R_PKISTATUSINFO_NOT_FOUND 132 +#define CMP_R_POLLING_FAILED 172 +#define CMP_R_POTENTIALLY_INVALID_CERTIFICATE 147 +#define CMP_R_RECEIVED_ERROR 180 +#define CMP_R_RECIPNONCE_UNMATCHED 148 +#define CMP_R_REQUEST_NOT_ACCEPTED 149 +#define CMP_R_REQUEST_REJECTED_BY_SERVER 182 +#define CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED 150 +#define CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG 151 +#define CMP_R_TOTAL_TIMEOUT 184 +#define CMP_R_TRANSACTIONID_UNMATCHED 152 +#define CMP_R_TRANSFER_ERROR 159 +#define CMP_R_UNEXPECTED_PKIBODY 133 +#define CMP_R_UNEXPECTED_PKISTATUS 185 +#define CMP_R_UNEXPECTED_PVNO 153 +#define CMP_R_UNKNOWN_ALGORITHM_ID 134 +#define CMP_R_UNKNOWN_CERT_TYPE 135 +#define CMP_R_UNKNOWN_PKISTATUS 186 +#define CMP_R_UNSUPPORTED_ALGORITHM 136 +#define CMP_R_UNSUPPORTED_KEY_TYPE 137 +#define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC 154 +#define CMP_R_VALUE_TOO_LARGE 175 +#define CMP_R_VALUE_TOO_SMALL 177 +#define CMP_R_WRONG_ALGORITHM_OID 138 +#define CMP_R_WRONG_CERTID 189 +#define CMP_R_WRONG_CERTID_IN_RP 187 +#define CMP_R_WRONG_PBM_VALUE 155 +#define CMP_R_WRONG_RP_COMPONENT_COUNT 188 +#define CMP_R_WRONG_SERIAL_IN_RP 173 -# endif +#endif #endif --- crypto/openssl/include/openssl/cms.h.orig +++ crypto/openssl/include/openssl/cms.h @@ -10,26 +10,28 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_CMS_H -# define OPENSSL_CMS_H -# pragma once +#define OPENSSL_CMS_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CMS_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CMS_H +#endif -# include +#include -# ifndef OPENSSL_NO_CMS -# include -# include -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_CMS +#include +#include +#include +#ifdef __cplusplus extern "C" { -# endif +#endif typedef struct CMS_ContentInfo_st CMS_ContentInfo; typedef struct CMS_SignerInfo_st CMS_SignerInfo; @@ -41,6 +43,7 @@ typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(CMS_SignerInfo, CMS_SignerInfo, CMS_SignerInfo) #define sk_CMS_SignerInfo_num(sk) OPENSSL_sk_num(ossl_check_const_CMS_SignerInfo_sk_type(sk)) #define sk_CMS_SignerInfo_value(sk, idx) ((CMS_SignerInfo *)OPENSSL_sk_value(ossl_check_const_CMS_SignerInfo_sk_type(sk), (idx))) @@ -146,6 +149,7 @@ #define sk_CMS_RevocationInfoChoice_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CMS_RevocationInfoChoice) *)OPENSSL_sk_deep_copy(ossl_check_const_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_copyfunc_type(copyfunc), ossl_check_CMS_RevocationInfoChoice_freefunc_type(freefunc))) #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp))) +/* clang-format on */ DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) @@ -153,43 +157,43 @@ CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq); -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 -# define CMS_RECIPINFO_NONE -1 -# define CMS_RECIPINFO_TRANS 0 -# define CMS_RECIPINFO_AGREE 1 -# define CMS_RECIPINFO_KEK 2 -# define CMS_RECIPINFO_PASS 3 -# define CMS_RECIPINFO_OTHER 4 +#define CMS_RECIPINFO_NONE -1 +#define CMS_RECIPINFO_TRANS 0 +#define CMS_RECIPINFO_AGREE 1 +#define CMS_RECIPINFO_KEK 2 +#define CMS_RECIPINFO_PASS 3 +#define CMS_RECIPINFO_OTHER 4 /* S/MIME related flags */ -# define CMS_TEXT 0x1 -# define CMS_NOCERTS 0x2 -# define CMS_NO_CONTENT_VERIFY 0x4 -# define CMS_NO_ATTR_VERIFY 0x8 -# define CMS_NOSIGS \ - (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) -# define CMS_NOINTERN 0x10 -# define CMS_NO_SIGNER_CERT_VERIFY 0x20 -# define CMS_NOVERIFY 0x20 -# define CMS_DETACHED 0x40 -# define CMS_BINARY 0x80 -# define CMS_NOATTR 0x100 -# define CMS_NOSMIMECAP 0x200 -# define CMS_NOOLDMIMETYPE 0x400 -# define CMS_CRLFEOL 0x800 -# define CMS_STREAM 0x1000 -# define CMS_NOCRL 0x2000 -# define CMS_PARTIAL 0x4000 -# define CMS_REUSE_DIGEST 0x8000 -# define CMS_USE_KEYID 0x10000 -# define CMS_DEBUG_DECRYPT 0x20000 -# define CMS_KEY_PARAM 0x40000 -# define CMS_ASCIICRLF 0x80000 -# define CMS_CADES 0x100000 -# define CMS_USE_ORIGINATOR_KEYID 0x200000 +#define CMS_TEXT 0x1 +#define CMS_NOCERTS 0x2 +#define CMS_NO_CONTENT_VERIFY 0x4 +#define CMS_NO_ATTR_VERIFY 0x8 +#define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY | CMS_NO_ATTR_VERIFY) +#define CMS_NOINTERN 0x10 +#define CMS_NO_SIGNER_CERT_VERIFY 0x20 +#define CMS_NOVERIFY 0x20 +#define CMS_DETACHED 0x40 +#define CMS_BINARY 0x80 +#define CMS_NOATTR 0x100 +#define CMS_NOSMIMECAP 0x200 +#define CMS_NOOLDMIMETYPE 0x400 +#define CMS_CRLFEOL 0x800 +#define CMS_STREAM 0x1000 +#define CMS_NOCRL 0x2000 +#define CMS_PARTIAL 0x4000 +#define CMS_REUSE_DIGEST 0x8000 +#define CMS_USE_KEYID 0x10000 +#define CMS_DEBUG_DECRYPT 0x20000 +#define CMS_KEY_PARAM 0x40000 +#define CMS_ASCIICRLF 0x80000 +#define CMS_CADES 0x100000 +#define CMS_USE_ORIGINATOR_KEYID 0x200000 const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); @@ -200,9 +204,9 @@ int CMS_is_detached(CMS_ContentInfo *cms); int CMS_set_detached(CMS_ContentInfo *cms, int detached); -# ifdef OPENSSL_PEM_H +#ifdef OPENSSL_PEM_H DECLARE_PEM_rw(CMS, CMS_ContentInfo) -# endif +#endif int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); @@ -210,81 +214,81 @@ BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, - int flags); + int flags); CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **ci); int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, BIO *data, - unsigned int flags); + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, BIO *data, - unsigned int flags, OSSL_LIB_CTX *ctx, - const char *propq); + STACK_OF(X509) *certs, BIO *data, + unsigned int flags, OSSL_LIB_CTX *ctx, + const char *propq); CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, - X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, unsigned int flags); + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *ctx, const char *propq); int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, - unsigned int flags, OSSL_LIB_CTX *ctx, - const char *propq); + unsigned int flags, OSSL_LIB_CTX *ctx, + const char *propq); int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, - const unsigned char *key, size_t keylen, - BIO *dcont, BIO *out, unsigned int flags); + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags); + const unsigned char *key, + size_t keylen, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags, - OSSL_LIB_CTX *ctx, - const char *propq); + const unsigned char *key, + size_t keylen, unsigned int flags, + OSSL_LIB_CTX *ctx, + const char *propq); int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, - const unsigned char *key, size_t keylen); + const unsigned char *key, size_t keylen); int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, - STACK_OF(X509) *certs, - X509_STORE *store, unsigned int flags); + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, unsigned int flags); + const EVP_CIPHER *cipher, unsigned int flags); CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + const EVP_CIPHER *cipher, unsigned int flags, + OSSL_LIB_CTX *ctx, const char *propq); int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, - BIO *dcont, BIO *out, unsigned int flags); + BIO *dcont, BIO *out, unsigned int flags); int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, - X509 *cert, X509 *peer); + X509 *cert, X509 *peer); int CMS_decrypt_set1_key(CMS_ContentInfo *cms, - unsigned char *key, size_t keylen, - const unsigned char *id, size_t idlen); + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); int CMS_decrypt_set1_password(CMS_ContentInfo *cms, - unsigned char *pass, ossl_ssize_t passlen); + unsigned char *pass, ossl_ssize_t passlen); STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); @@ -292,62 +296,62 @@ CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo * CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx, - const char *propq); + const char *propq); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, - OSSL_LIB_CTX *ctx, - const char *propq); + OSSL_LIB_CTX *ctx, + const char *propq); CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, - X509 *recip, unsigned int flags); + X509 *recip, unsigned int flags); CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, - EVP_PKEY *originatorPrivKey, X509 * originator, unsigned int flags); + EVP_PKEY *originatorPrivKey, X509 *originator, unsigned int flags); int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, - EVP_PKEY **pk, X509 **recip, - X509_ALGOR **palg); + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen, - ASN1_GENERALIZEDTIME *date, - ASN1_OBJECT *otherTypeId, - ASN1_TYPE *otherType); + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pid, - ASN1_GENERALIZEDTIME **pdate, - ASN1_OBJECT **potherid, - ASN1_TYPE **pothertype); + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, - unsigned char *key, size_t keylen); + unsigned char *key, size_t keylen); int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, - const unsigned char *id, size_t idlen); + const unsigned char *id, size_t idlen); int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, - unsigned char *pass, - ossl_ssize_t passlen); + unsigned char *pass, + ossl_ssize_t passlen); CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, - int iter, int wrap_nid, - int pbe_nid, - unsigned char *pass, - ossl_ssize_t passlen, - const EVP_CIPHER *kekciph); + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri); int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); @@ -365,22 +369,22 @@ int CMS_SignedData_init(CMS_ContentInfo *cms); CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, - X509 *signer, EVP_PKEY *pk, const EVP_MD *md, - unsigned int flags); + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - unsigned int flags); + unsigned int flags); void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, - X509 **signer, X509_ALGOR **pdig, - X509_ALGOR **psig); + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); int CMS_SignerInfo_sign(CMS_SignerInfo *si); int CMS_SignerInfo_verify(CMS_SignerInfo *si); @@ -388,49 +392,49 @@ int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, - int algnid, int keysize); + int algnid, int keysize); int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); int CMS_signed_get_attr_count(const CMS_SignerInfo *si); int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); + int lastpos); int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len); + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len); + int nid, int type, + const void *bytes, int len); int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); + const char *attrname, int type, + const void *bytes, int len); void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, - const ASN1_OBJECT *oid, - int lastpos, int type); + const ASN1_OBJECT *oid, + int lastpos, int type); int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); + int lastpos); int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int lastpos); + const ASN1_OBJECT *obj, int lastpos); X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len); + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len); + int nid, int type, + const void *bytes, int len); int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); + const char *attrname, int type, + const void *bytes, int len); void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type); + int lastpos, int type); int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); CMS_ReceiptRequest *CMS_ReceiptRequest_create0( @@ -445,49 +449,49 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, - ASN1_STRING **pcid, - int *pallorfirst, - STACK_OF(GENERAL_NAMES) **plist, - STACK_OF(GENERAL_NAMES) **prto); + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pukm); + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); STACK_OF(CMS_RecipientEncryptedKey) *CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, - X509_ALGOR **pubalg, - ASN1_BIT_STRING **pubkey, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, - ASN1_OCTET_STRING **keyid, - ASN1_GENERALIZEDTIME **tm, - CMS_OtherKeyAttribute **other, - X509_NAME **issuer, ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, - X509 *cert); + X509 *cert); int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, EVP_PKEY *pk, X509 *peer); EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, - CMS_RecipientEncryptedKey *rek); + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, - ASN1_OCTET_STRING *ukm, int keylen); + ASN1_OCTET_STRING *ukm, int keylen); /* Backward compatibility for spelling errors. */ -# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM -# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ +#define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/cms.h.in.orig +++ crypto/openssl/include/openssl/cms.h.in @@ -9,28 +9,30 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_CMS_H -# define OPENSSL_CMS_H -# pragma once +#define OPENSSL_CMS_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CMS_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CMS_H +#endif -# include +#include -# ifndef OPENSSL_NO_CMS -# include -# include -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_CMS +#include +#include +#include +#ifdef __cplusplus extern "C" { -# endif +#endif typedef struct CMS_ContentInfo_st CMS_ContentInfo; typedef struct CMS_SignerInfo_st CMS_SignerInfo; @@ -42,12 +44,14 @@ typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; +/* clang-format off */ {- generate_stack_macros("CMS_SignerInfo") .generate_stack_macros("CMS_RecipientEncryptedKey") .generate_stack_macros("CMS_RecipientInfo") .generate_stack_macros("CMS_RevocationInfoChoice"); -} +/* clang-format on */ DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) @@ -55,43 +59,43 @@ CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq); -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 -# define CMS_RECIPINFO_NONE -1 -# define CMS_RECIPINFO_TRANS 0 -# define CMS_RECIPINFO_AGREE 1 -# define CMS_RECIPINFO_KEK 2 -# define CMS_RECIPINFO_PASS 3 -# define CMS_RECIPINFO_OTHER 4 +#define CMS_RECIPINFO_NONE -1 +#define CMS_RECIPINFO_TRANS 0 +#define CMS_RECIPINFO_AGREE 1 +#define CMS_RECIPINFO_KEK 2 +#define CMS_RECIPINFO_PASS 3 +#define CMS_RECIPINFO_OTHER 4 /* S/MIME related flags */ -# define CMS_TEXT 0x1 -# define CMS_NOCERTS 0x2 -# define CMS_NO_CONTENT_VERIFY 0x4 -# define CMS_NO_ATTR_VERIFY 0x8 -# define CMS_NOSIGS \ - (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) -# define CMS_NOINTERN 0x10 -# define CMS_NO_SIGNER_CERT_VERIFY 0x20 -# define CMS_NOVERIFY 0x20 -# define CMS_DETACHED 0x40 -# define CMS_BINARY 0x80 -# define CMS_NOATTR 0x100 -# define CMS_NOSMIMECAP 0x200 -# define CMS_NOOLDMIMETYPE 0x400 -# define CMS_CRLFEOL 0x800 -# define CMS_STREAM 0x1000 -# define CMS_NOCRL 0x2000 -# define CMS_PARTIAL 0x4000 -# define CMS_REUSE_DIGEST 0x8000 -# define CMS_USE_KEYID 0x10000 -# define CMS_DEBUG_DECRYPT 0x20000 -# define CMS_KEY_PARAM 0x40000 -# define CMS_ASCIICRLF 0x80000 -# define CMS_CADES 0x100000 -# define CMS_USE_ORIGINATOR_KEYID 0x200000 +#define CMS_TEXT 0x1 +#define CMS_NOCERTS 0x2 +#define CMS_NO_CONTENT_VERIFY 0x4 +#define CMS_NO_ATTR_VERIFY 0x8 +#define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY | CMS_NO_ATTR_VERIFY) +#define CMS_NOINTERN 0x10 +#define CMS_NO_SIGNER_CERT_VERIFY 0x20 +#define CMS_NOVERIFY 0x20 +#define CMS_DETACHED 0x40 +#define CMS_BINARY 0x80 +#define CMS_NOATTR 0x100 +#define CMS_NOSMIMECAP 0x200 +#define CMS_NOOLDMIMETYPE 0x400 +#define CMS_CRLFEOL 0x800 +#define CMS_STREAM 0x1000 +#define CMS_NOCRL 0x2000 +#define CMS_PARTIAL 0x4000 +#define CMS_REUSE_DIGEST 0x8000 +#define CMS_USE_KEYID 0x10000 +#define CMS_DEBUG_DECRYPT 0x20000 +#define CMS_KEY_PARAM 0x40000 +#define CMS_ASCIICRLF 0x80000 +#define CMS_CADES 0x100000 +#define CMS_USE_ORIGINATOR_KEYID 0x200000 const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); @@ -102,9 +106,9 @@ int CMS_is_detached(CMS_ContentInfo *cms); int CMS_set_detached(CMS_ContentInfo *cms, int detached); -# ifdef OPENSSL_PEM_H +#ifdef OPENSSL_PEM_H DECLARE_PEM_rw(CMS, CMS_ContentInfo) -# endif +#endif int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); @@ -112,81 +116,81 @@ BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, - int flags); + int flags); CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **ci); int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, BIO *data, - unsigned int flags); + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, BIO *data, - unsigned int flags, OSSL_LIB_CTX *ctx, - const char *propq); + STACK_OF(X509) *certs, BIO *data, + unsigned int flags, OSSL_LIB_CTX *ctx, + const char *propq); CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, - X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, unsigned int flags); + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *ctx, const char *propq); int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, - unsigned int flags, OSSL_LIB_CTX *ctx, - const char *propq); + unsigned int flags, OSSL_LIB_CTX *ctx, + const char *propq); int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, - const unsigned char *key, size_t keylen, - BIO *dcont, BIO *out, unsigned int flags); + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags); + const unsigned char *key, + size_t keylen, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags, - OSSL_LIB_CTX *ctx, - const char *propq); + const unsigned char *key, + size_t keylen, unsigned int flags, + OSSL_LIB_CTX *ctx, + const char *propq); int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, - const unsigned char *key, size_t keylen); + const unsigned char *key, size_t keylen); int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, - STACK_OF(X509) *certs, - X509_STORE *store, unsigned int flags); + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, unsigned int flags); + const EVP_CIPHER *cipher, unsigned int flags); CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + const EVP_CIPHER *cipher, unsigned int flags, + OSSL_LIB_CTX *ctx, const char *propq); int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, - BIO *dcont, BIO *out, unsigned int flags); + BIO *dcont, BIO *out, unsigned int flags); int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, - X509 *cert, X509 *peer); + X509 *cert, X509 *peer); int CMS_decrypt_set1_key(CMS_ContentInfo *cms, - unsigned char *key, size_t keylen, - const unsigned char *id, size_t idlen); + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); int CMS_decrypt_set1_password(CMS_ContentInfo *cms, - unsigned char *pass, ossl_ssize_t passlen); + unsigned char *pass, ossl_ssize_t passlen); STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); @@ -194,62 +198,62 @@ CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo * CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx, - const char *propq); + const char *propq); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, - OSSL_LIB_CTX *ctx, - const char *propq); + OSSL_LIB_CTX *ctx, + const char *propq); CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, - X509 *recip, unsigned int flags); + X509 *recip, unsigned int flags); CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, - EVP_PKEY *originatorPrivKey, X509 * originator, unsigned int flags); + EVP_PKEY *originatorPrivKey, X509 *originator, unsigned int flags); int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, - EVP_PKEY **pk, X509 **recip, - X509_ALGOR **palg); + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen, - ASN1_GENERALIZEDTIME *date, - ASN1_OBJECT *otherTypeId, - ASN1_TYPE *otherType); + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pid, - ASN1_GENERALIZEDTIME **pdate, - ASN1_OBJECT **potherid, - ASN1_TYPE **pothertype); + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, - unsigned char *key, size_t keylen); + unsigned char *key, size_t keylen); int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, - const unsigned char *id, size_t idlen); + const unsigned char *id, size_t idlen); int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, - unsigned char *pass, - ossl_ssize_t passlen); + unsigned char *pass, + ossl_ssize_t passlen); CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, - int iter, int wrap_nid, - int pbe_nid, - unsigned char *pass, - ossl_ssize_t passlen, - const EVP_CIPHER *kekciph); + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri); int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); @@ -267,22 +271,22 @@ int CMS_SignedData_init(CMS_ContentInfo *cms); CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, - X509 *signer, EVP_PKEY *pk, const EVP_MD *md, - unsigned int flags); + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - unsigned int flags); + unsigned int flags); void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, - X509 **signer, X509_ALGOR **pdig, - X509_ALGOR **psig); + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); int CMS_SignerInfo_sign(CMS_SignerInfo *si); int CMS_SignerInfo_verify(CMS_SignerInfo *si); @@ -290,49 +294,49 @@ int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, - int algnid, int keysize); + int algnid, int keysize); int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); int CMS_signed_get_attr_count(const CMS_SignerInfo *si); int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); + int lastpos); int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len); + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len); + int nid, int type, + const void *bytes, int len); int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); + const char *attrname, int type, + const void *bytes, int len); void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, - const ASN1_OBJECT *oid, - int lastpos, int type); + const ASN1_OBJECT *oid, + int lastpos, int type); int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); + int lastpos); int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int lastpos); + const ASN1_OBJECT *obj, int lastpos); X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len); + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len); + int nid, int type, + const void *bytes, int len); int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); + const char *attrname, int type, + const void *bytes, int len); void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type); + int lastpos, int type); int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); CMS_ReceiptRequest *CMS_ReceiptRequest_create0( @@ -347,49 +351,49 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, - ASN1_STRING **pcid, - int *pallorfirst, - STACK_OF(GENERAL_NAMES) **plist, - STACK_OF(GENERAL_NAMES) **prto); + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pukm); + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); STACK_OF(CMS_RecipientEncryptedKey) *CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, - X509_ALGOR **pubalg, - ASN1_BIT_STRING **pubkey, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, - ASN1_OCTET_STRING **keyid, - ASN1_GENERALIZEDTIME **tm, - CMS_OtherKeyAttribute **other, - X509_NAME **issuer, ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, - X509 *cert); + X509 *cert); int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, EVP_PKEY *pk, X509 *peer); EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, - CMS_RecipientEncryptedKey *rek); + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, - ASN1_OCTET_STRING *ukm, int keylen); + ASN1_OCTET_STRING *ukm, int keylen); /* Backward compatibility for spelling errors. */ -# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM -# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ +#define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/cmserr.h.orig +++ crypto/openssl/include/openssl/cmserr.h @@ -9,117 +9,115 @@ */ #ifndef OPENSSL_CMSERR_H -# define OPENSSL_CMSERR_H -# pragma once +#define OPENSSL_CMSERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_CMS +#include +#include +#include +#ifndef OPENSSL_NO_CMS /* * CMS reason codes. */ -# define CMS_R_ADD_SIGNER_ERROR 99 -# define CMS_R_ATTRIBUTE_ERROR 161 -# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 -# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 -# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 -# define CMS_R_CIPHER_AEAD_SET_TAG_ERROR 184 -# define CMS_R_CIPHER_GET_TAG 185 -# define CMS_R_CIPHER_INITIALISATION_ERROR 101 -# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 -# define CMS_R_CMS_DATAFINAL_ERROR 103 -# define CMS_R_CMS_LIB 104 -# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 -# define CMS_R_CONTENT_NOT_FOUND 105 -# define CMS_R_CONTENT_TYPE_MISMATCH 171 -# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 -# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 -# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 -# define CMS_R_CONTENT_VERIFY_ERROR 109 -# define CMS_R_CTRL_ERROR 110 -# define CMS_R_CTRL_FAILURE 111 -# define CMS_R_DECODE_ERROR 187 -# define CMS_R_DECRYPT_ERROR 112 -# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 -# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 -# define CMS_R_ERROR_SETTING_KEY 115 -# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 -# define CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT 196 -# define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR 183 -# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 -# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 -# define CMS_R_INVALID_KEY_LENGTH 118 -# define CMS_R_INVALID_LABEL 190 -# define CMS_R_INVALID_OAEP_PARAMETERS 191 -# define CMS_R_KDF_PARAMETER_ERROR 186 -# define CMS_R_MD_BIO_INIT_ERROR 119 -# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 -# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 -# define CMS_R_MSGSIGDIGEST_ERROR 172 -# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 -# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 -# define CMS_R_NEED_ONE_SIGNER 164 -# define CMS_R_NOT_A_SIGNED_RECEIPT 165 -# define CMS_R_NOT_ENCRYPTED_DATA 122 -# define CMS_R_NOT_KEK 123 -# define CMS_R_NOT_KEY_AGREEMENT 181 -# define CMS_R_NOT_KEY_TRANSPORT 124 -# define CMS_R_NOT_PWRI 177 -# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 -# define CMS_R_NO_CIPHER 126 -# define CMS_R_NO_CONTENT 127 -# define CMS_R_NO_CONTENT_TYPE 173 -# define CMS_R_NO_DEFAULT_DIGEST 128 -# define CMS_R_NO_DIGEST_SET 129 -# define CMS_R_NO_KEY 130 -# define CMS_R_NO_KEY_OR_CERT 174 -# define CMS_R_NO_MATCHING_DIGEST 131 -# define CMS_R_NO_MATCHING_RECIPIENT 132 -# define CMS_R_NO_MATCHING_SIGNATURE 166 -# define CMS_R_NO_MSGSIGDIGEST 167 -# define CMS_R_NO_PASSWORD 178 -# define CMS_R_NO_PRIVATE_KEY 133 -# define CMS_R_NO_PUBLIC_KEY 134 -# define CMS_R_NO_RECEIPT_REQUEST 168 -# define CMS_R_NO_SIGNERS 135 -# define CMS_R_PEER_KEY_ERROR 188 -# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 -# define CMS_R_RECEIPT_DECODE_ERROR 169 -# define CMS_R_RECIPIENT_ERROR 137 -# define CMS_R_SHARED_INFO_ERROR 189 -# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 -# define CMS_R_SIGNFINAL_ERROR 139 -# define CMS_R_SMIME_TEXT_ERROR 140 -# define CMS_R_STORE_INIT_ERROR 141 -# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 -# define CMS_R_TYPE_NOT_DATA 143 -# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 -# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 -# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 -# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 -# define CMS_R_UNKNOWN_CIPHER 148 -# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 -# define CMS_R_UNKNOWN_ID 150 -# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 -# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194 -# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 -# define CMS_R_UNSUPPORTED_ENCRYPTION_TYPE 192 -# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 -# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 -# define CMS_R_UNSUPPORTED_LABEL_SOURCE 193 -# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 -# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 -# define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195 -# define CMS_R_UNSUPPORTED_TYPE 156 -# define CMS_R_UNWRAP_ERROR 157 -# define CMS_R_UNWRAP_FAILURE 180 -# define CMS_R_VERIFICATION_FAILURE 158 -# define CMS_R_WRAP_ERROR 159 +#define CMS_R_ADD_SIGNER_ERROR 99 +#define CMS_R_ATTRIBUTE_ERROR 161 +#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +#define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +#define CMS_R_CIPHER_AEAD_SET_TAG_ERROR 184 +#define CMS_R_CIPHER_GET_TAG 185 +#define CMS_R_CIPHER_INITIALISATION_ERROR 101 +#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +#define CMS_R_CMS_DATAFINAL_ERROR 103 +#define CMS_R_CMS_LIB 104 +#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +#define CMS_R_CONTENT_NOT_FOUND 105 +#define CMS_R_CONTENT_TYPE_MISMATCH 171 +#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +#define CMS_R_CONTENT_VERIFY_ERROR 109 +#define CMS_R_CTRL_ERROR 110 +#define CMS_R_CTRL_FAILURE 111 +#define CMS_R_DECODE_ERROR 187 +#define CMS_R_DECRYPT_ERROR 112 +#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +#define CMS_R_ERROR_SETTING_KEY 115 +#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +#define CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT 196 +#define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR 183 +#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +#define CMS_R_INVALID_KEY_LENGTH 118 +#define CMS_R_INVALID_LABEL 190 +#define CMS_R_INVALID_OAEP_PARAMETERS 191 +#define CMS_R_KDF_PARAMETER_ERROR 186 +#define CMS_R_MD_BIO_INIT_ERROR 119 +#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +#define CMS_R_MSGSIGDIGEST_ERROR 172 +#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +#define CMS_R_NEED_ONE_SIGNER 164 +#define CMS_R_NOT_A_SIGNED_RECEIPT 165 +#define CMS_R_NOT_ENCRYPTED_DATA 122 +#define CMS_R_NOT_KEK 123 +#define CMS_R_NOT_KEY_AGREEMENT 181 +#define CMS_R_NOT_KEY_TRANSPORT 124 +#define CMS_R_NOT_PWRI 177 +#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +#define CMS_R_NO_CIPHER 126 +#define CMS_R_NO_CONTENT 127 +#define CMS_R_NO_CONTENT_TYPE 173 +#define CMS_R_NO_DEFAULT_DIGEST 128 +#define CMS_R_NO_DIGEST_SET 129 +#define CMS_R_NO_KEY 130 +#define CMS_R_NO_KEY_OR_CERT 174 +#define CMS_R_NO_MATCHING_DIGEST 131 +#define CMS_R_NO_MATCHING_RECIPIENT 132 +#define CMS_R_NO_MATCHING_SIGNATURE 166 +#define CMS_R_NO_MSGSIGDIGEST 167 +#define CMS_R_NO_PASSWORD 178 +#define CMS_R_NO_PRIVATE_KEY 133 +#define CMS_R_NO_PUBLIC_KEY 134 +#define CMS_R_NO_RECEIPT_REQUEST 168 +#define CMS_R_NO_SIGNERS 135 +#define CMS_R_PEER_KEY_ERROR 188 +#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +#define CMS_R_RECEIPT_DECODE_ERROR 169 +#define CMS_R_RECIPIENT_ERROR 137 +#define CMS_R_SHARED_INFO_ERROR 189 +#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +#define CMS_R_SIGNFINAL_ERROR 139 +#define CMS_R_SMIME_TEXT_ERROR 140 +#define CMS_R_STORE_INIT_ERROR 141 +#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +#define CMS_R_TYPE_NOT_DATA 143 +#define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +#define CMS_R_UNKNOWN_CIPHER 148 +#define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +#define CMS_R_UNKNOWN_ID 150 +#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +#define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194 +#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +#define CMS_R_UNSUPPORTED_ENCRYPTION_TYPE 192 +#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +#define CMS_R_UNSUPPORTED_LABEL_SOURCE 193 +#define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +#define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195 +#define CMS_R_UNSUPPORTED_TYPE 156 +#define CMS_R_UNWRAP_ERROR 157 +#define CMS_R_UNWRAP_FAILURE 180 +#define CMS_R_VERIFICATION_FAILURE 158 +#define CMS_R_WRAP_ERROR 159 -# endif +#endif #endif --- crypto/openssl/include/openssl/comp.h.orig +++ crypto/openssl/include/openssl/comp.h @@ -8,52 +8,51 @@ */ #ifndef OPENSSL_COMP_H -# define OPENSSL_COMP_H -# pragma once +#define OPENSSL_COMP_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_COMP_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_COMP_H +#endif -# include +#include -# ifndef OPENSSL_NO_COMP -# include -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_COMP +#include +#include +#ifdef __cplusplus extern "C" { -# endif - - +#endif COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); -int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_CTX_get_type(const COMP_CTX *comp); int COMP_get_type(const COMP_METHOD *meth); const char *COMP_get_name(const COMP_METHOD *meth); void COMP_CTX_free(COMP_CTX *ctx); int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen); + unsigned char *in, int ilen); int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen); + unsigned char *in, int ilen); COMP_METHOD *COMP_zlib(void); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define COMP_zlib_cleanup() while(0) continue +#define COMP_zlib_cleanup() \ + while (0) \ + continue #endif -# ifdef OPENSSL_BIO_H -# ifdef ZLIB +#ifdef OPENSSL_BIO_H +#ifdef ZLIB const BIO_METHOD *BIO_f_zlib(void); -# endif -# endif - +#endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/comperr.h.orig +++ crypto/openssl/include/openssl/comperr.h @@ -9,23 +9,21 @@ */ #ifndef OPENSSL_COMPERR_H -# define OPENSSL_COMPERR_H -# pragma once +#define OPENSSL_COMPERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_COMP +#include +#include +#include +#ifndef OPENSSL_NO_COMP /* * COMP reason codes. */ -# define COMP_R_ZLIB_DEFLATE_ERROR 99 -# define COMP_R_ZLIB_INFLATE_ERROR 100 -# define COMP_R_ZLIB_NOT_SUPPORTED 101 +#define COMP_R_ZLIB_DEFLATE_ERROR 99 +#define COMP_R_ZLIB_INFLATE_ERROR 100 +#define COMP_R_ZLIB_NOT_SUPPORTED 101 -# endif +#endif #endif --- crypto/openssl/include/openssl/conf.h.orig +++ crypto/openssl/include/openssl/conf.h @@ -10,25 +10,27 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ -#ifndef OPENSSL_CONF_H -# define OPENSSL_CONF_H -# pragma once +#ifndef OPENSSL_CONF_H +#define OPENSSL_CONF_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CONF_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CONF_H +#endif -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -38,6 +40,7 @@ char *value; } CONF_VALUE; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(CONF_VALUE, CONF_VALUE, CONF_VALUE) #define sk_CONF_VALUE_num(sk) OPENSSL_sk_num(ossl_check_const_CONF_VALUE_sk_type(sk)) #define sk_CONF_VALUE_value(sk, idx) ((CONF_VALUE *)OPENSSL_sk_value(ossl_check_const_CONF_VALUE_sk_type(sk), (idx))) @@ -80,14 +83,15 @@ #define lh_CONF_VALUE_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_CONF_VALUE_lh_type(lh), dl) #define lh_CONF_VALUE_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_CONF_VALUE_lh_doallfunc_type(dfn)) +/* clang-format on */ struct conf_st; struct conf_method_st; typedef struct conf_method_st CONF_METHOD; -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# include -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#include +#endif /* Module definitions */ typedef struct conf_imodule_st CONF_IMODULE; @@ -97,32 +101,32 @@ STACK_OF(CONF_IMODULE); /* DSO module function typedefs */ -typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); -typedef void conf_finish_func (CONF_IMODULE *md); +typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func(CONF_IMODULE *md); -# define CONF_MFLAGS_IGNORE_ERRORS 0x1 -# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 -# define CONF_MFLAGS_SILENT 0x4 -# define CONF_MFLAGS_NO_DSO 0x8 -# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 -# define CONF_MFLAGS_DEFAULT_SECTION 0x20 +#define CONF_MFLAGS_IGNORE_ERRORS 0x1 +#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +#define CONF_MFLAGS_SILENT 0x4 +#define CONF_MFLAGS_NO_DSO 0x8 +#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +#define CONF_MFLAGS_DEFAULT_SECTION 0x20 int CONF_set_default_method(CONF_METHOD *meth); void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - long *eline); -# ifndef OPENSSL_NO_STDIO + long *eline); +#ifndef OPENSSL_NO_STDIO LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, - long *eline); -# endif + long *eline); +#endif LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, - long *eline); + long *eline); STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, - const char *section); + const char *section); char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name); + const char *name); long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name); + const char *name); void CONF_free(LHASH_OF(CONF_VALUE) *conf); #ifndef OPENSSL_NO_STDIO int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); @@ -133,7 +137,7 @@ #endif #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define OPENSSL_no_config() \ +#define OPENSSL_no_config() \ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) #endif @@ -153,38 +157,40 @@ void NCONF_free_data(CONF *conf); int NCONF_load(CONF *conf, const char *file, long *eline); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); -# endif +#endif int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf); STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, - const char *section); + const char *section); char *NCONF_get_string(const CONF *conf, const char *group, const char *name); int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, - long *result); + long *result); #ifndef OPENSSL_NO_STDIO int NCONF_dump_fp(const CONF *conf, FILE *out); #endif int NCONF_dump_bio(const CONF *conf, BIO *out); -#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) +#define NCONF_get_number(c, g, n, r) NCONF_get_number_e(c, g, n, r) /* Module functions */ int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags); + unsigned long flags); int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, - const char *appname, unsigned long flags); + const char *appname, unsigned long flags); int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags); + unsigned long flags); void CONF_modules_unload(int all); void CONF_modules_finish(void); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define CONF_modules_free() while(0) continue +#define CONF_modules_free() \ + while (0) \ + continue #endif int CONF_module_add(const char *name, conf_init_func *ifunc, - conf_finish_func *ffunc); + conf_finish_func *ffunc); const char *CONF_imodule_get_name(const CONF_IMODULE *md); const char *CONF_imodule_get_value(const CONF_IMODULE *md); @@ -199,13 +205,12 @@ char *CONF_get1_default_config_file(void); int CONF_parse_list(const char *list, int sep, int nospc, - int (*list_cb) (const char *elem, int len, void *usr), - void *arg); + int (*list_cb)(const char *elem, int len, void *usr), + void *arg); void OPENSSL_load_builtin_modules(void); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/conf.h.in.orig +++ crypto/openssl/include/openssl/conf.h.in @@ -9,27 +9,29 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros generate_lhash_macros); -} +/* clang-format on */ -#ifndef OPENSSL_CONF_H -# define OPENSSL_CONF_H -# pragma once +#ifndef OPENSSL_CONF_H +#define OPENSSL_CONF_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CONF_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CONF_H +#endif -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -39,18 +41,20 @@ char *value; } CONF_VALUE; +/* clang-format off */ {- generate_stack_macros("CONF_VALUE") .generate_lhash_macros("CONF_VALUE"); -} +/* clang-format on */ struct conf_st; struct conf_method_st; typedef struct conf_method_st CONF_METHOD; -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# include -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#include +#endif /* Module definitions */ typedef struct conf_imodule_st CONF_IMODULE; @@ -60,32 +64,32 @@ STACK_OF(CONF_IMODULE); /* DSO module function typedefs */ -typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); -typedef void conf_finish_func (CONF_IMODULE *md); +typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func(CONF_IMODULE *md); -# define CONF_MFLAGS_IGNORE_ERRORS 0x1 -# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 -# define CONF_MFLAGS_SILENT 0x4 -# define CONF_MFLAGS_NO_DSO 0x8 -# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 -# define CONF_MFLAGS_DEFAULT_SECTION 0x20 +#define CONF_MFLAGS_IGNORE_ERRORS 0x1 +#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +#define CONF_MFLAGS_SILENT 0x4 +#define CONF_MFLAGS_NO_DSO 0x8 +#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +#define CONF_MFLAGS_DEFAULT_SECTION 0x20 int CONF_set_default_method(CONF_METHOD *meth); void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - long *eline); -# ifndef OPENSSL_NO_STDIO + long *eline); +#ifndef OPENSSL_NO_STDIO LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, - long *eline); -# endif + long *eline); +#endif LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, - long *eline); + long *eline); STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, - const char *section); + const char *section); char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name); + const char *name); long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name); + const char *name); void CONF_free(LHASH_OF(CONF_VALUE) *conf); #ifndef OPENSSL_NO_STDIO int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); @@ -96,7 +100,7 @@ #endif #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define OPENSSL_no_config() \ +#define OPENSSL_no_config() \ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) #endif @@ -116,38 +120,40 @@ void NCONF_free_data(CONF *conf); int NCONF_load(CONF *conf, const char *file, long *eline); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); -# endif +#endif int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf); STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, - const char *section); + const char *section); char *NCONF_get_string(const CONF *conf, const char *group, const char *name); int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, - long *result); + long *result); #ifndef OPENSSL_NO_STDIO int NCONF_dump_fp(const CONF *conf, FILE *out); #endif int NCONF_dump_bio(const CONF *conf, BIO *out); -#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) +#define NCONF_get_number(c, g, n, r) NCONF_get_number_e(c, g, n, r) /* Module functions */ int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags); + unsigned long flags); int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, - const char *appname, unsigned long flags); + const char *appname, unsigned long flags); int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags); + unsigned long flags); void CONF_modules_unload(int all); void CONF_modules_finish(void); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define CONF_modules_free() while(0) continue +#define CONF_modules_free() \ + while (0) \ + continue #endif int CONF_module_add(const char *name, conf_init_func *ifunc, - conf_finish_func *ffunc); + conf_finish_func *ffunc); const char *CONF_imodule_get_name(const CONF_IMODULE *md); const char *CONF_imodule_get_value(const CONF_IMODULE *md); @@ -162,13 +168,12 @@ char *CONF_get1_default_config_file(void); int CONF_parse_list(const char *list, int sep, int nospc, - int (*list_cb) (const char *elem, int len, void *usr), - void *arg); + int (*list_cb)(const char *elem, int len, void *usr), + void *arg); void OPENSSL_load_builtin_modules(void); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/conf_api.h.orig +++ crypto/openssl/include/openssl/conf_api.h @@ -7,19 +7,19 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_CONF_API_H -# define OPENSSL_CONF_API_H -# pragma once +#ifndef OPENSSL_CONF_API_H +#define OPENSSL_CONF_API_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CONF_API_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CONF_API_H +#endif -# include -# include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -29,18 +29,18 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, - const char *section); + const char *section); int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); char *_CONF_get_string(const CONF *conf, const char *section, - const char *name); + const char *name); long _CONF_get_number(const CONF *conf, const char *section, - const char *name); + const char *name); int _CONF_new_data(CONF *conf); void _CONF_free_data(CONF *conf); -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/conferr.h.orig +++ crypto/openssl/include/openssl/conferr.h @@ -9,44 +9,42 @@ */ #ifndef OPENSSL_CONFERR_H -# define OPENSSL_CONFERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_CONFERR_H +#pragma once +#include +#include +#include /* * CONF reason codes. */ -# define CONF_R_ERROR_LOADING_DSO 110 -# define CONF_R_INVALID_PRAGMA 122 -# define CONF_R_LIST_CANNOT_BE_NULL 115 -# define CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION 123 -# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 -# define CONF_R_MISSING_EQUAL_SIGN 101 -# define CONF_R_MISSING_INIT_FUNCTION 112 -# define CONF_R_MODULE_INITIALIZATION_ERROR 109 -# define CONF_R_NO_CLOSE_BRACE 102 -# define CONF_R_NO_CONF 105 -# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 -# define CONF_R_NO_SECTION 107 -# define CONF_R_NO_SUCH_FILE 114 -# define CONF_R_NO_VALUE 108 -# define CONF_R_NUMBER_TOO_LARGE 121 -# define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION 124 -# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 -# define CONF_R_RECURSIVE_SECTION_REFERENCE 126 -# define CONF_R_RELATIVE_PATH 125 -# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 -# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 -# define CONF_R_SSL_SECTION_EMPTY 119 -# define CONF_R_SSL_SECTION_NOT_FOUND 120 -# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 -# define CONF_R_UNKNOWN_MODULE_NAME 113 -# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 -# define CONF_R_VARIABLE_HAS_NO_VALUE 104 +#define CONF_R_ERROR_LOADING_DSO 110 +#define CONF_R_INVALID_PRAGMA 122 +#define CONF_R_LIST_CANNOT_BE_NULL 115 +#define CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION 123 +#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +#define CONF_R_MISSING_EQUAL_SIGN 101 +#define CONF_R_MISSING_INIT_FUNCTION 112 +#define CONF_R_MODULE_INITIALIZATION_ERROR 109 +#define CONF_R_NO_CLOSE_BRACE 102 +#define CONF_R_NO_CONF 105 +#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +#define CONF_R_NO_SECTION 107 +#define CONF_R_NO_SUCH_FILE 114 +#define CONF_R_NO_VALUE 108 +#define CONF_R_NUMBER_TOO_LARGE 121 +#define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION 124 +#define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +#define CONF_R_RECURSIVE_SECTION_REFERENCE 126 +#define CONF_R_RELATIVE_PATH 125 +#define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +#define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +#define CONF_R_SSL_SECTION_EMPTY 119 +#define CONF_R_SSL_SECTION_NOT_FOUND 120 +#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +#define CONF_R_UNKNOWN_MODULE_NAME 113 +#define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +#define CONF_R_VARIABLE_HAS_NO_VALUE 104 #endif --- crypto/openssl/include/openssl/configuration.h.orig +++ crypto/openssl/include/openssl/configuration.h @@ -12,21 +12,22 @@ */ #ifndef OPENSSL_CONFIGURATION_H -# define OPENSSL_CONFIGURATION_H -# pragma once +#define OPENSSL_CONFIGURATION_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifdef OPENSSL_ALGORITHM_DEFINES -# error OPENSSL_ALGORITHM_DEFINES no longer supported -# endif +#ifdef OPENSSL_ALGORITHM_DEFINES +#error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif /* * OpenSSL was configured with the following options: */ +/* clang-format off */ # define OPENSSL_CONFIGURED_API 30000 # ifndef OPENSSL_RAND_SEED_OS # define OPENSSL_RAND_SEED_OS @@ -34,6 +35,9 @@ # ifndef OPENSSL_THREADS # define OPENSSL_THREADS # endif +# ifndef OPENSSL_NO_ACVP_TESTS +# define OPENSSL_NO_ACVP_TESTS +# endif # ifndef OPENSSL_NO_AFALGENG # define OPENSSL_NO_AFALGENG # endif @@ -49,17 +53,15 @@ # ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # endif -# if !defined(__LP64__) || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# define OPENSSL_NO_EC_NISTP_64_GCC_128 -# endif -# endif # ifndef OPENSSL_NO_EGD # define OPENSSL_NO_EGD # endif # ifndef OPENSSL_NO_EXTERNAL_TESTS # define OPENSSL_NO_EXTERNAL_TESTS # endif +# ifndef OPENSSL_NO_FIPS_SECURITYCHECKS +# define OPENSSL_NO_FIPS_SECURITYCHECKS +# endif # ifndef OPENSSL_NO_FUZZ_AFL # define OPENSSL_NO_FUZZ_AFL # endif @@ -115,23 +117,70 @@ # define OPENSSL_NO_STATIC_ENGINE # endif +/* clang-format on */ /* Generate 80386 code? */ +/* clang-format off */ # undef I386_ONLY +/* clang-format on */ /* * The following are cipher-specific, but are part of the public API. */ +#if !defined(OPENSSL_SYS_UEFI) + /* clang-format off */ +# undef BN_LLONG + /* clang-format on */ + /* Only one for the following should be defined */ + /* clang-format off */ +# define SIXTY_FOUR_BIT_LONG + /* clang-format on */ + /* clang-format off */ +# undef SIXTY_FOUR_BIT + /* clang-format on */ + /* clang-format off */ +# undef THIRTY_TWO_BIT +/* clang-format on */ +#endif + +/* clang-format off */ +# define RC4_INT unsigned int +/* clang-format on */ + +#ifdef __cplusplus +} +#endif + +#endif /* OPENSSL_CONFIGURATION_H */ + +/** + * OpenSSL's Configure script generates these values automatically for the host + * architecture, but FreeBSD provides values which are universal for all + * supported target architectures. + */ + +#ifndef __FREEBSD_CONFIGURATION_H__ +#define __FREEBSD_CONFIGURATION_H__ + +# undef OPENSSL_NO_EC_NISTP_64_GCC_128 +# if __SIZEOF_LONG__ == 4 || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# endif + +# undef BN_LLONG +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT # if !defined(OPENSSL_SYS_UEFI) # if __SIZEOF_LONG__ == 8 # undef BN_LLONG -/* Only one for the following should be defined */ # define SIXTY_FOUR_BIT_LONG # undef SIXTY_FOUR_BIT # undef THIRTY_TWO_BIT # elif __SIZEOF_LONG__ == 4 # define BN_LLONG -/* Only one for the following should be defined */ # undef SIXTY_FOUR_BIT_LONG # undef SIXTY_FOUR_BIT # define THIRTY_TWO_BIT @@ -140,10 +189,4 @@ # endif # endif -# define RC4_INT unsigned int - -# ifdef __cplusplus -} -# endif - -#endif /* OPENSSL_CONFIGURATION_H */ +#endif /* __FREEBSD_CONFIGURATION_H__ */ --- crypto/openssl/include/openssl/configuration.h.in.orig +++ crypto/openssl/include/openssl/configuration.h.in @@ -10,21 +10,22 @@ */ #ifndef OPENSSL_CONFIGURATION_H -# define OPENSSL_CONFIGURATION_H -# pragma once +#define OPENSSL_CONFIGURATION_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifdef OPENSSL_ALGORITHM_DEFINES -# error OPENSSL_ALGORITHM_DEFINES no longer supported -# endif +#ifdef OPENSSL_ALGORITHM_DEFINES +#error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif /* * OpenSSL was configured with the following options: */ +/* clang-format off */ {- if (@{$config{openssl_sys_defines}}) { foreach (@{$config{openssl_sys_defines}}) { $OUT .= "# ifndef $_\n"; @@ -45,25 +46,38 @@ } ""; -} +/* clang-format on */ /* Generate 80386 code? */ +/* clang-format off */ {- $config{processor} eq "386" ? "# define" : "# undef" -} I386_ONLY +/* clang-format on */ /* * The following are cipher-specific, but are part of the public API. */ -# if !defined(OPENSSL_SYS_UEFI) +#if !defined(OPENSSL_SYS_UEFI) + /* clang-format off */ {- $config{bn_ll} ? "# define" : "# undef" -} BN_LLONG -/* Only one for the following should be defined */ + /* clang-format on */ + /* Only one for the following should be defined */ + /* clang-format off */ {- $config{b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG + /* clang-format on */ + /* clang-format off */ {- $config{b64} ? "# define" : "# undef" -} SIXTY_FOUR_BIT + /* clang-format on */ + /* clang-format off */ {- $config{b32} ? "# define" : "# undef" -} THIRTY_TWO_BIT -# endif +/* clang-format on */ +#endif +/* clang-format off */ # define RC4_INT {- $config{rc4_int} -} +/* clang-format on */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif -#endif /* OPENSSL_CONFIGURATION_H */ +#endif /* OPENSSL_CONFIGURATION_H */ --- crypto/openssl/include/openssl/conftypes.h.orig +++ crypto/openssl/include/openssl/conftypes.h @@ -7,12 +7,12 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_CONFTYPES_H -# define OPENSSL_CONFTYPES_H -# pragma once +#ifndef OPENSSL_CONFTYPES_H +#define OPENSSL_CONFTYPES_H +#pragma once -#ifndef OPENSSL_CONF_H -# include +#ifndef OPENSSL_CONF_H +#include #endif /* @@ -20,15 +20,15 @@ */ struct conf_method_st { const char *name; - CONF *(*create) (CONF_METHOD *meth); - int (*init) (CONF *conf); - int (*destroy) (CONF *conf); - int (*destroy_data) (CONF *conf); - int (*load_bio) (CONF *conf, BIO *bp, long *eline); - int (*dump) (const CONF *conf, BIO *bp); - int (*is_number) (const CONF *conf, char c); - int (*to_int) (const CONF *conf, char c); - int (*load) (CONF *conf, const char *name, long *eline); + CONF *(*create)(CONF_METHOD *meth); + int (*init)(CONF *conf); + int (*destroy)(CONF *conf); + int (*destroy_data)(CONF *conf); + int (*load_bio)(CONF *conf, BIO *bp, long *eline); + int (*dump)(const CONF *conf, BIO *bp); + int (*is_number)(const CONF *conf, char c); + int (*to_int)(const CONF *conf, char c); + int (*load)(CONF *conf, const char *name, long *eline); }; struct conf_st { --- crypto/openssl/include/openssl/core.h.orig +++ crypto/openssl/include/openssl/core.h @@ -8,15 +8,15 @@ */ #ifndef OPENSSL_CORE_H -# define OPENSSL_CORE_H -# pragma once +#define OPENSSL_CORE_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /*- * Base types @@ -67,7 +67,7 @@ * An array of these is always terminated by algorithm_names == NULL */ struct ossl_algorithm_st { - const char *algorithm_names; /* key */ + const char *algorithm_names; /* key */ const char *property_definition; /* key */ const OSSL_DISPATCH *implementation; const char *algorithm_description; @@ -80,11 +80,11 @@ * An array of these is always terminated by key == NULL */ struct ossl_param_st { - const char *key; /* the name of the parameter */ - unsigned int data_type; /* declare what kind of content is in buffer */ - void *data; /* value being passed in or out */ - size_t data_size; /* data size */ - size_t return_size; /* returned content size */ + const char *key; /* the name of the parameter */ + unsigned int data_type; /* declare what kind of content is in buffer */ + void *data; /* value being passed in or out */ + size_t data_size; /* data size */ + size_t return_size; /* returned content size */ }; /* Currently supported OSSL_PARAM data types */ @@ -100,24 +100,24 @@ * buffer size is correct and the buffer itself is properly aligned (for * example by having the buffer field point at a C integer). */ -# define OSSL_PARAM_INTEGER 1 -# define OSSL_PARAM_UNSIGNED_INTEGER 2 +#define OSSL_PARAM_INTEGER 1 +#define OSSL_PARAM_UNSIGNED_INTEGER 2 /*- * OSSL_PARAM_REAL * is a C binary floating point values in native form and alignment. */ -# define OSSL_PARAM_REAL 3 +#define OSSL_PARAM_REAL 3 /*- * OSSL_PARAM_UTF8_STRING * is a printable string. It is expected to be printed as it is. */ -# define OSSL_PARAM_UTF8_STRING 4 +#define OSSL_PARAM_UTF8_STRING 4 /*- * OSSL_PARAM_OCTET_STRING * is a string of bytes with no further specification. It is expected to be * printed as a hexdump. */ -# define OSSL_PARAM_OCTET_STRING 5 +#define OSSL_PARAM_OCTET_STRING 5 /*- * OSSL_PARAM_UTF8_PTR * is a pointer to a printable string. It is expected to be printed as it is. @@ -135,7 +135,7 @@ * EXTRA WARNING! If you are not completely sure you most likely want * to use the OSSL_PARAM_UTF8_STRING type. */ -# define OSSL_PARAM_UTF8_PTR 6 +#define OSSL_PARAM_UTF8_PTR 6 /*- * OSSL_PARAM_OCTET_PTR * is a pointer to a string of bytes with no further specification. It is @@ -154,7 +154,7 @@ * EXTRA WARNING! If you are not completely sure you most likely want * to use the OSSL_PARAM_OCTET_STRING type. */ -# define OSSL_PARAM_OCTET_PTR 7 +#define OSSL_PARAM_OCTET_PTR 7 /* * Typedef for the thread stop handling callback. Used both internally and by @@ -168,7 +168,6 @@ */ typedef void (*OSSL_thread_stop_handler_fn)(void *arg); - /*- * Provider entry point * -------------------- @@ -187,18 +186,18 @@ * provider needs it. This value is passed to other provider * functions, notably other context constructors. */ -typedef int (OSSL_provider_init_fn)(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx); -# ifdef __VMS -# pragma names save -# pragma names uppercase,truncated -# endif +typedef int(OSSL_provider_init_fn)(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); +#ifdef __VMS +#pragma names save +#pragma names uppercase, truncated +#endif OPENSSL_EXPORT OSSL_provider_init_fn OSSL_provider_init; -# ifdef __VMS -# pragma names restore -# endif +#ifdef __VMS +#pragma names restore +#endif /* * Generic callback function signature. @@ -213,21 +212,21 @@ * libcrypto may use the OSSL_PARAM array to create arguments for an * application callback it knows about. */ -typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); -typedef int (OSSL_INOUT_CALLBACK)(const OSSL_PARAM in_params[], - OSSL_PARAM out_params[], void *arg); +typedef int(OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); +typedef int(OSSL_INOUT_CALLBACK)(const OSSL_PARAM in_params[], + OSSL_PARAM out_params[], void *arg); /* * Passphrase callback function signature * * This is similar to the generic callback function above, but adds a * result parameter. */ -typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, - size_t *pass_len, - const OSSL_PARAM params[], void *arg); +typedef int(OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, + size_t *pass_len, + const OSSL_PARAM params[], void *arg); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/core_dispatch.h.orig +++ crypto/openssl/include/openssl/core_dispatch.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,15 +8,15 @@ */ #ifndef OPENSSL_CORE_NUMBERS_H -# define OPENSSL_CORE_NUMBERS_H -# pragma once +#define OPENSSL_CORE_NUMBERS_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /*- * Identities @@ -44,12 +44,13 @@ * Note: This is considered a "reserved" internal macro. Applications should * not use this or assume its existence. */ -#define OSSL_CORE_MAKE_FUNC(type,name,args) \ - typedef type (OSSL_FUNC_##name##_fn)args; \ - static ossl_unused ossl_inline \ - OSSL_FUNC_##name##_fn *OSSL_FUNC_##name(const OSSL_DISPATCH *opf) \ - { \ - return (OSSL_FUNC_##name##_fn *)opf->function; \ +#define OSSL_CORE_MAKE_FUNC(type, name, args) \ + typedef type(OSSL_FUNC_##name##_fn) args; \ + static ossl_unused ossl_inline \ + OSSL_FUNC_##name##_fn * \ + OSSL_FUNC_##name(const OSSL_DISPATCH *opf) \ + { \ + return (OSSL_FUNC_##name##_fn *)opf->function; \ } /* @@ -60,448 +61,412 @@ * therefore NEVER be used as a function identity. */ /* Functions provided by the Core to the provider, reserved numbers 1-1023 */ -# define OSSL_FUNC_CORE_GETTABLE_PARAMS 1 +#define OSSL_FUNC_CORE_GETTABLE_PARAMS 1 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, - core_gettable_params,(const OSSL_CORE_HANDLE *prov)) -# define OSSL_FUNC_CORE_GET_PARAMS 2 -OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_CORE_HANDLE *prov, - OSSL_PARAM params[])) -# define OSSL_FUNC_CORE_THREAD_START 3 -OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_CORE_HANDLE *prov, - OSSL_thread_stop_handler_fn handfn, - void *arg)) -# define OSSL_FUNC_CORE_GET_LIBCTX 4 -OSSL_CORE_MAKE_FUNC(OPENSSL_CORE_CTX *,core_get_libctx, - (const OSSL_CORE_HANDLE *prov)) -# define OSSL_FUNC_CORE_NEW_ERROR 5 -OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_CORE_HANDLE *prov)) -# define OSSL_FUNC_CORE_SET_ERROR_DEBUG 6 -OSSL_CORE_MAKE_FUNC(void,core_set_error_debug, - (const OSSL_CORE_HANDLE *prov, - const char *file, int line, const char *func)) -# define OSSL_FUNC_CORE_VSET_ERROR 7 -OSSL_CORE_MAKE_FUNC(void,core_vset_error, - (const OSSL_CORE_HANDLE *prov, - uint32_t reason, const char *fmt, va_list args)) -# define OSSL_FUNC_CORE_SET_ERROR_MARK 8 + core_gettable_params, (const OSSL_CORE_HANDLE *prov)) +#define OSSL_FUNC_CORE_GET_PARAMS 2 +OSSL_CORE_MAKE_FUNC(int, core_get_params, (const OSSL_CORE_HANDLE *prov, OSSL_PARAM params[])) +#define OSSL_FUNC_CORE_THREAD_START 3 +OSSL_CORE_MAKE_FUNC(int, core_thread_start, (const OSSL_CORE_HANDLE *prov, OSSL_thread_stop_handler_fn handfn, void *arg)) +#define OSSL_FUNC_CORE_GET_LIBCTX 4 +OSSL_CORE_MAKE_FUNC(OPENSSL_CORE_CTX *, core_get_libctx, + (const OSSL_CORE_HANDLE *prov)) +#define OSSL_FUNC_CORE_NEW_ERROR 5 +OSSL_CORE_MAKE_FUNC(void, core_new_error, (const OSSL_CORE_HANDLE *prov)) +#define OSSL_FUNC_CORE_SET_ERROR_DEBUG 6 +OSSL_CORE_MAKE_FUNC(void, core_set_error_debug, + (const OSSL_CORE_HANDLE *prov, + const char *file, int line, const char *func)) +#define OSSL_FUNC_CORE_VSET_ERROR 7 +OSSL_CORE_MAKE_FUNC(void, core_vset_error, + (const OSSL_CORE_HANDLE *prov, + uint32_t reason, const char *fmt, va_list args)) +#define OSSL_FUNC_CORE_SET_ERROR_MARK 8 OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_CORE_HANDLE *prov)) -# define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK 9 +#define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK 9 OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark, - (const OSSL_CORE_HANDLE *prov)) -# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 + (const OSSL_CORE_HANDLE *prov)) +#define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_CORE_HANDLE *prov)) - /* Functions to access the OBJ database */ -#define OSSL_FUNC_CORE_OBJ_ADD_SIGID 11 -#define OSSL_FUNC_CORE_OBJ_CREATE 12 +#define OSSL_FUNC_CORE_OBJ_ADD_SIGID 11 +#define OSSL_FUNC_CORE_OBJ_CREATE 12 OSSL_CORE_MAKE_FUNC(int, core_obj_add_sigid, - (const OSSL_CORE_HANDLE *prov, const char *sign_name, - const char *digest_name, const char *pkey_name)) + (const OSSL_CORE_HANDLE *prov, const char *sign_name, + const char *digest_name, const char *pkey_name)) OSSL_CORE_MAKE_FUNC(int, core_obj_create, - (const OSSL_CORE_HANDLE *prov, const char *oid, - const char *sn, const char *ln)) + (const OSSL_CORE_HANDLE *prov, const char *oid, + const char *sn, const char *ln)) /* Memory allocation, freeing, clearing. */ -#define OSSL_FUNC_CRYPTO_MALLOC 20 +#define OSSL_FUNC_CRYPTO_MALLOC 20 OSSL_CORE_MAKE_FUNC(void *, - CRYPTO_malloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_ZALLOC 21 + CRYPTO_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_ZALLOC 21 OSSL_CORE_MAKE_FUNC(void *, - CRYPTO_zalloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_FREE 22 + CRYPTO_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_FREE 22 OSSL_CORE_MAKE_FUNC(void, - CRYPTO_free, (void *ptr, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_CLEAR_FREE 23 + CRYPTO_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_FREE 23 OSSL_CORE_MAKE_FUNC(void, - CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_REALLOC 24 + CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_REALLOC 24 OSSL_CORE_MAKE_FUNC(void *, - CRYPTO_realloc, (void *addr, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 25 + CRYPTO_realloc, (void *addr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 25 OSSL_CORE_MAKE_FUNC(void *, - CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num, - const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 26 + CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 26 OSSL_CORE_MAKE_FUNC(void *, - CRYPTO_secure_malloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 27 + CRYPTO_secure_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 27 OSSL_CORE_MAKE_FUNC(void *, - CRYPTO_secure_zalloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_FREE 28 + CRYPTO_secure_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_FREE 28 OSSL_CORE_MAKE_FUNC(void, - CRYPTO_secure_free, (void *ptr, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 29 + CRYPTO_secure_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 29 OSSL_CORE_MAKE_FUNC(void, - CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file, - int line)) -#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 30 + CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 30 OSSL_CORE_MAKE_FUNC(int, - CRYPTO_secure_allocated, (const void *ptr)) -#define OSSL_FUNC_OPENSSL_CLEANSE 31 + CRYPTO_secure_allocated, (const void *ptr)) +#define OSSL_FUNC_OPENSSL_CLEANSE 31 OSSL_CORE_MAKE_FUNC(void, - OPENSSL_cleanse, (void *ptr, size_t len)) + OPENSSL_cleanse, (void *ptr, size_t len)) /* Bio functions provided by the core */ -#define OSSL_FUNC_BIO_NEW_FILE 40 -#define OSSL_FUNC_BIO_NEW_MEMBUF 41 -#define OSSL_FUNC_BIO_READ_EX 42 -#define OSSL_FUNC_BIO_WRITE_EX 43 -#define OSSL_FUNC_BIO_UP_REF 44 -#define OSSL_FUNC_BIO_FREE 45 -#define OSSL_FUNC_BIO_VPRINTF 46 -#define OSSL_FUNC_BIO_VSNPRINTF 47 -#define OSSL_FUNC_BIO_PUTS 48 -#define OSSL_FUNC_BIO_GETS 49 -#define OSSL_FUNC_BIO_CTRL 50 - - -OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, - const char *mode)) +#define OSSL_FUNC_BIO_NEW_FILE 40 +#define OSSL_FUNC_BIO_NEW_MEMBUF 41 +#define OSSL_FUNC_BIO_READ_EX 42 +#define OSSL_FUNC_BIO_WRITE_EX 43 +#define OSSL_FUNC_BIO_UP_REF 44 +#define OSSL_FUNC_BIO_FREE 45 +#define OSSL_FUNC_BIO_VPRINTF 46 +#define OSSL_FUNC_BIO_VSNPRINTF 47 +#define OSSL_FUNC_BIO_PUTS 48 +#define OSSL_FUNC_BIO_GETS 49 +#define OSSL_FUNC_BIO_CTRL 50 + +OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, const char *mode)) OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len)) -OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, - size_t data_len, size_t *bytes_read)) -OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, - size_t data_len, size_t *written)) +OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read)) +OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, size_t data_len, size_t *written)) OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size)) OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str)) OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO *bio)) OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio)) -OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, - va_list args)) +OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args)) OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf, - (char *buf, size_t n, const char *fmt, va_list args)) -OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, - int cmd, long num, void *ptr)) + (char *buf, size_t n, const char *fmt, va_list args)) +OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, int cmd, long num, void *ptr)) -#define OSSL_FUNC_SELF_TEST_CB 100 -OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, - void **cbarg)) +#define OSSL_FUNC_SELF_TEST_CB 100 +OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg)) /* Functions to get seed material from the operating system */ -#define OSSL_FUNC_GET_ENTROPY 101 -#define OSSL_FUNC_CLEANUP_ENTROPY 102 -#define OSSL_FUNC_GET_NONCE 103 -#define OSSL_FUNC_CLEANUP_NONCE 104 -OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle, - unsigned char **pout, int entropy, - size_t min_len, size_t max_len)) -OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len)) -OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle, - unsigned char **pout, size_t min_len, - size_t max_len, const void *salt, - size_t salt_len)) -OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len)) +#define OSSL_FUNC_GET_ENTROPY 101 +#define OSSL_FUNC_CLEANUP_ENTROPY 102 +#define OSSL_FUNC_GET_NONCE 103 +#define OSSL_FUNC_CLEANUP_NONCE 104 +OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle, unsigned char **pout, int entropy, size_t min_len, size_t max_len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len)) +OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle, unsigned char **pout, size_t min_len, size_t max_len, const void *salt, size_t salt_len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len)) /* Functions to access the core's providers */ -#define OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB 105 +#define OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB 105 #define OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB 106 -#define OSSL_FUNC_PROVIDER_NAME 107 -#define OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX 108 -#define OSSL_FUNC_PROVIDER_GET0_DISPATCH 109 -#define OSSL_FUNC_PROVIDER_UP_REF 110 -#define OSSL_FUNC_PROVIDER_FREE 111 +#define OSSL_FUNC_PROVIDER_NAME 107 +#define OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX 108 +#define OSSL_FUNC_PROVIDER_GET0_DISPATCH 109 +#define OSSL_FUNC_PROVIDER_UP_REF 110 +#define OSSL_FUNC_PROVIDER_FREE 111 OSSL_CORE_MAKE_FUNC(int, provider_register_child_cb, - (const OSSL_CORE_HANDLE *handle, - int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata), - int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata), - int (*global_props_cb)(const char *props, void *cbdata), - void *cbdata)) + (const OSSL_CORE_HANDLE *handle, + int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata), + int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata), + int (*global_props_cb)(const char *props, void *cbdata), + void *cbdata)) OSSL_CORE_MAKE_FUNC(void, provider_deregister_child_cb, - (const OSSL_CORE_HANDLE *handle)) + (const OSSL_CORE_HANDLE *handle)) OSSL_CORE_MAKE_FUNC(const char *, provider_name, - (const OSSL_CORE_HANDLE *prov)) + (const OSSL_CORE_HANDLE *prov)) OSSL_CORE_MAKE_FUNC(void *, provider_get0_provider_ctx, - (const OSSL_CORE_HANDLE *prov)) + (const OSSL_CORE_HANDLE *prov)) OSSL_CORE_MAKE_FUNC(const OSSL_DISPATCH *, provider_get0_dispatch, - (const OSSL_CORE_HANDLE *prov)) + (const OSSL_CORE_HANDLE *prov)) OSSL_CORE_MAKE_FUNC(int, provider_up_ref, - (const OSSL_CORE_HANDLE *prov, int activate)) + (const OSSL_CORE_HANDLE *prov, int activate)) OSSL_CORE_MAKE_FUNC(int, provider_free, - (const OSSL_CORE_HANDLE *prov, int deactivate)) + (const OSSL_CORE_HANDLE *prov, int deactivate)) /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ -# define OSSL_FUNC_PROVIDER_TEARDOWN 1024 -OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) -# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS 1025 +#define OSSL_FUNC_PROVIDER_TEARDOWN 1024 +OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx)) +#define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS 1025 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, - provider_gettable_params,(void *provctx)) -# define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 -OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, - OSSL_PARAM params[])) -# define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 -OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, - (void *provctx, int operation_id, int *no_store)) -# define OSSL_FUNC_PROVIDER_UNQUERY_OPERATION 1028 + provider_gettable_params, (void *provctx)) +#define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 +OSSL_CORE_MAKE_FUNC(int, provider_get_params, (void *provctx, OSSL_PARAM params[])) +#define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 +OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *, provider_query_operation, + (void *provctx, int operation_id, int *no_store)) +#define OSSL_FUNC_PROVIDER_UNQUERY_OPERATION 1028 OSSL_CORE_MAKE_FUNC(void, provider_unquery_operation, - (void *provctx, int operation_id, const OSSL_ALGORITHM *)) -# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1029 -OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, - (void *provctx)) -# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES 1030 -OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx, - const char *capability, OSSL_CALLBACK *cb, void *arg)) -# define OSSL_FUNC_PROVIDER_SELF_TEST 1031 + (void *provctx, int operation_id, const OSSL_ALGORITHM *)) +#define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1029 +OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *, provider_get_reason_strings, + (void *provctx)) +#define OSSL_FUNC_PROVIDER_GET_CAPABILITIES 1030 +OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx, const char *capability, OSSL_CALLBACK *cb, void *arg)) +#define OSSL_FUNC_PROVIDER_SELF_TEST 1031 OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx)) /* Operations */ -# define OSSL_OP_DIGEST 1 -# define OSSL_OP_CIPHER 2 /* Symmetric Ciphers */ -# define OSSL_OP_MAC 3 -# define OSSL_OP_KDF 4 -# define OSSL_OP_RAND 5 -# define OSSL_OP_KEYMGMT 10 -# define OSSL_OP_KEYEXCH 11 -# define OSSL_OP_SIGNATURE 12 -# define OSSL_OP_ASYM_CIPHER 13 -# define OSSL_OP_KEM 14 +#define OSSL_OP_DIGEST 1 +#define OSSL_OP_CIPHER 2 /* Symmetric Ciphers */ +#define OSSL_OP_MAC 3 +#define OSSL_OP_KDF 4 +#define OSSL_OP_RAND 5 +#define OSSL_OP_KEYMGMT 10 +#define OSSL_OP_KEYEXCH 11 +#define OSSL_OP_SIGNATURE 12 +#define OSSL_OP_ASYM_CIPHER 13 +#define OSSL_OP_KEM 14 /* New section for non-EVP operations */ -# define OSSL_OP_ENCODER 20 -# define OSSL_OP_DECODER 21 -# define OSSL_OP_STORE 22 +#define OSSL_OP_ENCODER 20 +#define OSSL_OP_DECODER 21 +#define OSSL_OP_STORE 22 /* Highest known operation number */ -# define OSSL_OP__HIGHEST 22 +#define OSSL_OP__HIGHEST 22 /* Digests */ -# define OSSL_FUNC_DIGEST_NEWCTX 1 -# define OSSL_FUNC_DIGEST_INIT 2 -# define OSSL_FUNC_DIGEST_UPDATE 3 -# define OSSL_FUNC_DIGEST_FINAL 4 -# define OSSL_FUNC_DIGEST_DIGEST 5 -# define OSSL_FUNC_DIGEST_FREECTX 6 -# define OSSL_FUNC_DIGEST_DUPCTX 7 -# define OSSL_FUNC_DIGEST_GET_PARAMS 8 -# define OSSL_FUNC_DIGEST_SET_CTX_PARAMS 9 -# define OSSL_FUNC_DIGEST_GET_CTX_PARAMS 10 -# define OSSL_FUNC_DIGEST_GETTABLE_PARAMS 11 -# define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS 12 -# define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13 +#define OSSL_FUNC_DIGEST_NEWCTX 1 +#define OSSL_FUNC_DIGEST_INIT 2 +#define OSSL_FUNC_DIGEST_UPDATE 3 +#define OSSL_FUNC_DIGEST_FINAL 4 +#define OSSL_FUNC_DIGEST_DIGEST 5 +#define OSSL_FUNC_DIGEST_FREECTX 6 +#define OSSL_FUNC_DIGEST_DUPCTX 7 +#define OSSL_FUNC_DIGEST_GET_PARAMS 8 +#define OSSL_FUNC_DIGEST_SET_CTX_PARAMS 9 +#define OSSL_FUNC_DIGEST_GET_CTX_PARAMS 10 +#define OSSL_FUNC_DIGEST_GETTABLE_PARAMS 11 +#define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS 12 +#define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13 OSSL_CORE_MAKE_FUNC(void *, digest_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, digest_init, (void *dctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, digest_update, - (void *dctx, const unsigned char *in, size_t inl)) + (void *dctx, const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(int, digest_final, - (void *dctx, - unsigned char *out, size_t *outl, size_t outsz)) + (void *dctx, + unsigned char *out, size_t *outl, size_t outsz)) OSSL_CORE_MAKE_FUNC(int, digest_digest, - (void *provctx, const unsigned char *in, size_t inl, - unsigned char *out, size_t *outl, size_t outsz)) + (void *provctx, const unsigned char *in, size_t inl, + unsigned char *out, size_t *outl, size_t outsz)) OSSL_CORE_MAKE_FUNC(void, digest_freectx, (void *dctx)) OSSL_CORE_MAKE_FUNC(void *, digest_dupctx, (void *dctx)) OSSL_CORE_MAKE_FUNC(int, digest_get_params, (OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, digest_set_ctx_params, - (void *vctx, const OSSL_PARAM params[])) + (void *vctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, digest_get_ctx_params, - (void *vctx, OSSL_PARAM params[])) + (void *vctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_gettable_params, - (void *provctx)) + (void *provctx)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_settable_ctx_params, - (void *dctx, void *provctx)) + (void *dctx, void *provctx)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_gettable_ctx_params, - (void *dctx, void *provctx)) + (void *dctx, void *provctx)) /* Symmetric Ciphers */ -# define OSSL_FUNC_CIPHER_NEWCTX 1 -# define OSSL_FUNC_CIPHER_ENCRYPT_INIT 2 -# define OSSL_FUNC_CIPHER_DECRYPT_INIT 3 -# define OSSL_FUNC_CIPHER_UPDATE 4 -# define OSSL_FUNC_CIPHER_FINAL 5 -# define OSSL_FUNC_CIPHER_CIPHER 6 -# define OSSL_FUNC_CIPHER_FREECTX 7 -# define OSSL_FUNC_CIPHER_DUPCTX 8 -# define OSSL_FUNC_CIPHER_GET_PARAMS 9 -# define OSSL_FUNC_CIPHER_GET_CTX_PARAMS 10 -# define OSSL_FUNC_CIPHER_SET_CTX_PARAMS 11 -# define OSSL_FUNC_CIPHER_GETTABLE_PARAMS 12 -# define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS 13 -# define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS 14 +#define OSSL_FUNC_CIPHER_NEWCTX 1 +#define OSSL_FUNC_CIPHER_ENCRYPT_INIT 2 +#define OSSL_FUNC_CIPHER_DECRYPT_INIT 3 +#define OSSL_FUNC_CIPHER_UPDATE 4 +#define OSSL_FUNC_CIPHER_FINAL 5 +#define OSSL_FUNC_CIPHER_CIPHER 6 +#define OSSL_FUNC_CIPHER_FREECTX 7 +#define OSSL_FUNC_CIPHER_DUPCTX 8 +#define OSSL_FUNC_CIPHER_GET_PARAMS 9 +#define OSSL_FUNC_CIPHER_GET_CTX_PARAMS 10 +#define OSSL_FUNC_CIPHER_SET_CTX_PARAMS 11 +#define OSSL_FUNC_CIPHER_GETTABLE_PARAMS 12 +#define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS 13 +#define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS 14 OSSL_CORE_MAKE_FUNC(void *, cipher_newctx, (void *provctx)) -OSSL_CORE_MAKE_FUNC(int, cipher_encrypt_init, (void *cctx, - const unsigned char *key, - size_t keylen, - const unsigned char *iv, - size_t ivlen, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, cipher_decrypt_init, (void *cctx, - const unsigned char *key, - size_t keylen, - const unsigned char *iv, - size_t ivlen, - const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, cipher_encrypt_init, (void *cctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, cipher_decrypt_init, (void *cctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, cipher_update, - (void *cctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl)) + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(int, cipher_final, - (void *cctx, - unsigned char *out, size_t *outl, size_t outsize)) + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize)) OSSL_CORE_MAKE_FUNC(int, cipher_cipher, - (void *cctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl)) + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(void, cipher_freectx, (void *cctx)) OSSL_CORE_MAKE_FUNC(void *, cipher_dupctx, (void *cctx)) OSSL_CORE_MAKE_FUNC(int, cipher_get_params, (OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, cipher_get_ctx_params, (void *cctx, - OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, cipher_set_ctx_params, (void *cctx, - const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, cipher_get_ctx_params, (void *cctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, cipher_set_ctx_params, (void *cctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_gettable_params, - (void *provctx)) + (void *provctx)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_settable_ctx_params, - (void *cctx, void *provctx)) + (void *cctx, void *provctx)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_gettable_ctx_params, - (void *cctx, void *provctx)) + (void *cctx, void *provctx)) /* MACs */ -# define OSSL_FUNC_MAC_NEWCTX 1 -# define OSSL_FUNC_MAC_DUPCTX 2 -# define OSSL_FUNC_MAC_FREECTX 3 -# define OSSL_FUNC_MAC_INIT 4 -# define OSSL_FUNC_MAC_UPDATE 5 -# define OSSL_FUNC_MAC_FINAL 6 -# define OSSL_FUNC_MAC_GET_PARAMS 7 -# define OSSL_FUNC_MAC_GET_CTX_PARAMS 8 -# define OSSL_FUNC_MAC_SET_CTX_PARAMS 9 -# define OSSL_FUNC_MAC_GETTABLE_PARAMS 10 -# define OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS 11 -# define OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS 12 +#define OSSL_FUNC_MAC_NEWCTX 1 +#define OSSL_FUNC_MAC_DUPCTX 2 +#define OSSL_FUNC_MAC_FREECTX 3 +#define OSSL_FUNC_MAC_INIT 4 +#define OSSL_FUNC_MAC_UPDATE 5 +#define OSSL_FUNC_MAC_FINAL 6 +#define OSSL_FUNC_MAC_GET_PARAMS 7 +#define OSSL_FUNC_MAC_GET_CTX_PARAMS 8 +#define OSSL_FUNC_MAC_SET_CTX_PARAMS 9 +#define OSSL_FUNC_MAC_GETTABLE_PARAMS 10 +#define OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS 11 +#define OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS 12 OSSL_CORE_MAKE_FUNC(void *, mac_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(void *, mac_dupctx, (void *src)) OSSL_CORE_MAKE_FUNC(void, mac_freectx, (void *mctx)) -OSSL_CORE_MAKE_FUNC(int, mac_init, (void *mctx, const unsigned char *key, - size_t keylen, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, mac_init, (void *mctx, const unsigned char *key, size_t keylen, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, mac_update, - (void *mctx, const unsigned char *in, size_t inl)) + (void *mctx, const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(int, mac_final, - (void *mctx, - unsigned char *out, size_t *outl, size_t outsize)) + (void *mctx, + unsigned char *out, size_t *outl, size_t outsize)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_gettable_params, (void *provctx)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_gettable_ctx_params, - (void *mctx, void *provctx)) + (void *mctx, void *provctx)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_settable_ctx_params, - (void *mctx, void *provctx)) + (void *mctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, mac_get_params, (OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, mac_get_ctx_params, - (void *mctx, OSSL_PARAM params[])) + (void *mctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, mac_set_ctx_params, - (void *mctx, const OSSL_PARAM params[])) + (void *mctx, const OSSL_PARAM params[])) /* KDFs and PRFs */ -# define OSSL_FUNC_KDF_NEWCTX 1 -# define OSSL_FUNC_KDF_DUPCTX 2 -# define OSSL_FUNC_KDF_FREECTX 3 -# define OSSL_FUNC_KDF_RESET 4 -# define OSSL_FUNC_KDF_DERIVE 5 -# define OSSL_FUNC_KDF_GETTABLE_PARAMS 6 -# define OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS 7 -# define OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS 8 -# define OSSL_FUNC_KDF_GET_PARAMS 9 -# define OSSL_FUNC_KDF_GET_CTX_PARAMS 10 -# define OSSL_FUNC_KDF_SET_CTX_PARAMS 11 +#define OSSL_FUNC_KDF_NEWCTX 1 +#define OSSL_FUNC_KDF_DUPCTX 2 +#define OSSL_FUNC_KDF_FREECTX 3 +#define OSSL_FUNC_KDF_RESET 4 +#define OSSL_FUNC_KDF_DERIVE 5 +#define OSSL_FUNC_KDF_GETTABLE_PARAMS 6 +#define OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS 7 +#define OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS 8 +#define OSSL_FUNC_KDF_GET_PARAMS 9 +#define OSSL_FUNC_KDF_GET_CTX_PARAMS 10 +#define OSSL_FUNC_KDF_SET_CTX_PARAMS 11 OSSL_CORE_MAKE_FUNC(void *, kdf_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(void *, kdf_dupctx, (void *src)) OSSL_CORE_MAKE_FUNC(void, kdf_freectx, (void *kctx)) OSSL_CORE_MAKE_FUNC(void, kdf_reset, (void *kctx)) -OSSL_CORE_MAKE_FUNC(int, kdf_derive, (void *kctx, unsigned char *key, - size_t keylen, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kdf_derive, (void *kctx, unsigned char *key, size_t keylen, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_gettable_params, (void *provctx)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_gettable_ctx_params, - (void *kctx, void *provctx)) + (void *kctx, void *provctx)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_settable_ctx_params, - (void *kctx, void *provctx)) + (void *kctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, kdf_get_params, (OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, kdf_get_ctx_params, - (void *kctx, OSSL_PARAM params[])) + (void *kctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, kdf_set_ctx_params, - (void *kctx, const OSSL_PARAM params[])) + (void *kctx, const OSSL_PARAM params[])) /* RAND */ -# define OSSL_FUNC_RAND_NEWCTX 1 -# define OSSL_FUNC_RAND_FREECTX 2 -# define OSSL_FUNC_RAND_INSTANTIATE 3 -# define OSSL_FUNC_RAND_UNINSTANTIATE 4 -# define OSSL_FUNC_RAND_GENERATE 5 -# define OSSL_FUNC_RAND_RESEED 6 -# define OSSL_FUNC_RAND_NONCE 7 -# define OSSL_FUNC_RAND_ENABLE_LOCKING 8 -# define OSSL_FUNC_RAND_LOCK 9 -# define OSSL_FUNC_RAND_UNLOCK 10 -# define OSSL_FUNC_RAND_GETTABLE_PARAMS 11 -# define OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS 12 -# define OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS 13 -# define OSSL_FUNC_RAND_GET_PARAMS 14 -# define OSSL_FUNC_RAND_GET_CTX_PARAMS 15 -# define OSSL_FUNC_RAND_SET_CTX_PARAMS 16 -# define OSSL_FUNC_RAND_VERIFY_ZEROIZATION 17 -# define OSSL_FUNC_RAND_GET_SEED 18 -# define OSSL_FUNC_RAND_CLEAR_SEED 19 - -OSSL_CORE_MAKE_FUNC(void *,rand_newctx, - (void *provctx, void *parent, - const OSSL_DISPATCH *parent_calls)) -OSSL_CORE_MAKE_FUNC(void,rand_freectx, (void *vctx)) -OSSL_CORE_MAKE_FUNC(int,rand_instantiate, - (void *vdrbg, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int,rand_uninstantiate, (void *vdrbg)) -OSSL_CORE_MAKE_FUNC(int,rand_generate, - (void *vctx, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *addin, size_t addin_len)) -OSSL_CORE_MAKE_FUNC(int,rand_reseed, - (void *vctx, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *addin, size_t addin_len)) -OSSL_CORE_MAKE_FUNC(size_t,rand_nonce, - (void *vctx, unsigned char *out, unsigned int strength, - size_t min_noncelen, size_t max_noncelen)) -OSSL_CORE_MAKE_FUNC(int,rand_enable_locking, (void *vctx)) -OSSL_CORE_MAKE_FUNC(int,rand_lock, (void *vctx)) -OSSL_CORE_MAKE_FUNC(void,rand_unlock, (void *vctx)) -OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_gettable_params, (void *provctx)) -OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_gettable_ctx_params, - (void *vctx, void *provctx)) -OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_settable_ctx_params, - (void *vctx, void *provctx)) -OSSL_CORE_MAKE_FUNC(int,rand_get_params, (OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int,rand_get_ctx_params, - (void *vctx, OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int,rand_set_ctx_params, - (void *vctx, const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(void,rand_set_callbacks, - (void *vctx, OSSL_INOUT_CALLBACK *get_entropy, - OSSL_CALLBACK *cleanup_entropy, - OSSL_INOUT_CALLBACK *get_nonce, - OSSL_CALLBACK *cleanup_nonce, void *arg)) -OSSL_CORE_MAKE_FUNC(int,rand_verify_zeroization, - (void *vctx)) -OSSL_CORE_MAKE_FUNC(size_t,rand_get_seed, - (void *vctx, unsigned char **buffer, - int entropy, size_t min_len, size_t max_len, - int prediction_resistance, - const unsigned char *adin, size_t adin_len)) -OSSL_CORE_MAKE_FUNC(void,rand_clear_seed, - (void *vctx, unsigned char *buffer, size_t b_len)) +#define OSSL_FUNC_RAND_NEWCTX 1 +#define OSSL_FUNC_RAND_FREECTX 2 +#define OSSL_FUNC_RAND_INSTANTIATE 3 +#define OSSL_FUNC_RAND_UNINSTANTIATE 4 +#define OSSL_FUNC_RAND_GENERATE 5 +#define OSSL_FUNC_RAND_RESEED 6 +#define OSSL_FUNC_RAND_NONCE 7 +#define OSSL_FUNC_RAND_ENABLE_LOCKING 8 +#define OSSL_FUNC_RAND_LOCK 9 +#define OSSL_FUNC_RAND_UNLOCK 10 +#define OSSL_FUNC_RAND_GETTABLE_PARAMS 11 +#define OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS 12 +#define OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS 13 +#define OSSL_FUNC_RAND_GET_PARAMS 14 +#define OSSL_FUNC_RAND_GET_CTX_PARAMS 15 +#define OSSL_FUNC_RAND_SET_CTX_PARAMS 16 +#define OSSL_FUNC_RAND_VERIFY_ZEROIZATION 17 +#define OSSL_FUNC_RAND_GET_SEED 18 +#define OSSL_FUNC_RAND_CLEAR_SEED 19 + +OSSL_CORE_MAKE_FUNC(void *, rand_newctx, + (void *provctx, void *parent, + const OSSL_DISPATCH *parent_calls)) +OSSL_CORE_MAKE_FUNC(void, rand_freectx, (void *vctx)) +OSSL_CORE_MAKE_FUNC(int, rand_instantiate, + (void *vdrbg, unsigned int strength, + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, rand_uninstantiate, (void *vdrbg)) +OSSL_CORE_MAKE_FUNC(int, rand_generate, + (void *vctx, unsigned char *out, size_t outlen, + unsigned int strength, int prediction_resistance, + const unsigned char *addin, size_t addin_len)) +OSSL_CORE_MAKE_FUNC(int, rand_reseed, + (void *vctx, int prediction_resistance, + const unsigned char *ent, size_t ent_len, + const unsigned char *addin, size_t addin_len)) +OSSL_CORE_MAKE_FUNC(size_t, rand_nonce, + (void *vctx, unsigned char *out, unsigned int strength, + size_t min_noncelen, size_t max_noncelen)) +OSSL_CORE_MAKE_FUNC(int, rand_enable_locking, (void *vctx)) +OSSL_CORE_MAKE_FUNC(int, rand_lock, (void *vctx)) +OSSL_CORE_MAKE_FUNC(void, rand_unlock, (void *vctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, rand_gettable_params, (void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, rand_gettable_ctx_params, + (void *vctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, rand_settable_ctx_params, + (void *vctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, rand_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, rand_get_ctx_params, + (void *vctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, rand_set_ctx_params, + (void *vctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(void, rand_set_callbacks, + (void *vctx, OSSL_INOUT_CALLBACK *get_entropy, + OSSL_CALLBACK *cleanup_entropy, + OSSL_INOUT_CALLBACK *get_nonce, + OSSL_CALLBACK *cleanup_nonce, void *arg)) +OSSL_CORE_MAKE_FUNC(int, rand_verify_zeroization, + (void *vctx)) +OSSL_CORE_MAKE_FUNC(size_t, rand_get_seed, + (void *vctx, unsigned char **buffer, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance, + const unsigned char *adin, size_t adin_len)) +OSSL_CORE_MAKE_FUNC(void, rand_clear_seed, + (void *vctx, unsigned char *buffer, size_t b_len)) /*- * Key management @@ -511,7 +476,7 @@ * and key material, etc, essentially everything that manipulates the keys * themselves and their parameters. * - * The key objects are commonly refered to as |keydata|, and it MUST be able + * The key objects are commonly referred to as |keydata|, and it MUST be able * to contain parameters if the key has any, the public key and the private * key. All parts are optional, but their presence determines what can be * done with the key object in terms of encryption, signature, and so on. @@ -539,366 +504,333 @@ */ /* Key data subset selection - individual bits */ -# define OSSL_KEYMGMT_SELECT_PRIVATE_KEY 0x01 -# define OSSL_KEYMGMT_SELECT_PUBLIC_KEY 0x02 -# define OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS 0x04 -# define OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS 0x80 +#define OSSL_KEYMGMT_SELECT_PRIVATE_KEY 0x01 +#define OSSL_KEYMGMT_SELECT_PUBLIC_KEY 0x02 +#define OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS 0x04 +#define OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS 0x80 /* Key data subset selection - combinations */ -# define OSSL_KEYMGMT_SELECT_ALL_PARAMETERS \ - ( OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS \ - | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) -# define OSSL_KEYMGMT_SELECT_KEYPAIR \ - ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) -# define OSSL_KEYMGMT_SELECT_ALL \ - ( OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) +#define OSSL_KEYMGMT_SELECT_ALL_PARAMETERS \ + (OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS \ + | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) +#define OSSL_KEYMGMT_SELECT_KEYPAIR \ + (OSSL_KEYMGMT_SELECT_PRIVATE_KEY | OSSL_KEYMGMT_SELECT_PUBLIC_KEY) +#define OSSL_KEYMGMT_SELECT_ALL \ + (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) -# define OSSL_KEYMGMT_VALIDATE_FULL_CHECK 0 -# define OSSL_KEYMGMT_VALIDATE_QUICK_CHECK 1 +#define OSSL_KEYMGMT_VALIDATE_FULL_CHECK 0 +#define OSSL_KEYMGMT_VALIDATE_QUICK_CHECK 1 /* Basic key object creation */ -# define OSSL_FUNC_KEYMGMT_NEW 1 +#define OSSL_FUNC_KEYMGMT_NEW 1 OSSL_CORE_MAKE_FUNC(void *, keymgmt_new, (void *provctx)) /* Generation, a more complex constructor */ -# define OSSL_FUNC_KEYMGMT_GEN_INIT 2 -# define OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE 3 -# define OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS 4 -# define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5 -# define OSSL_FUNC_KEYMGMT_GEN 6 -# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7 +#define OSSL_FUNC_KEYMGMT_GEN_INIT 2 +#define OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE 3 +#define OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS 4 +#define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5 +#define OSSL_FUNC_KEYMGMT_GEN 6 +#define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7 OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen_init, - (void *provctx, int selection, const OSSL_PARAM params[])) + (void *provctx, int selection, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_template, - (void *genctx, void *templ)) + (void *genctx, void *templ)) OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params, - (void *genctx, const OSSL_PARAM params[])) + (void *genctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, - keymgmt_gen_settable_params, - (void *genctx, void *provctx)) + keymgmt_gen_settable_params, + (void *genctx, void *provctx)) OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen, - (void *genctx, OSSL_CALLBACK *cb, void *cbarg)) + (void *genctx, OSSL_CALLBACK *cb, void *cbarg)) OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx)) /* Key loading by object reference */ -# define OSSL_FUNC_KEYMGMT_LOAD 8 +#define OSSL_FUNC_KEYMGMT_LOAD 8 OSSL_CORE_MAKE_FUNC(void *, keymgmt_load, - (const void *reference, size_t reference_sz)) + (const void *reference, size_t reference_sz)) /* Basic key object destruction */ -# define OSSL_FUNC_KEYMGMT_FREE 10 +#define OSSL_FUNC_KEYMGMT_FREE 10 OSSL_CORE_MAKE_FUNC(void, keymgmt_free, (void *keydata)) /* Key object information, with discovery */ -#define OSSL_FUNC_KEYMGMT_GET_PARAMS 11 -#define OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS 12 +#define OSSL_FUNC_KEYMGMT_GET_PARAMS 11 +#define OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS 12 OSSL_CORE_MAKE_FUNC(int, keymgmt_get_params, - (void *keydata, OSSL_PARAM params[])) + (void *keydata, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gettable_params, - (void *provctx)) + (void *provctx)) -#define OSSL_FUNC_KEYMGMT_SET_PARAMS 13 -#define OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS 14 +#define OSSL_FUNC_KEYMGMT_SET_PARAMS 13 +#define OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS 14 OSSL_CORE_MAKE_FUNC(int, keymgmt_set_params, - (void *keydata, const OSSL_PARAM params[])) + (void *keydata, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_settable_params, - (void *provctx)) + (void *provctx)) /* Key checks - discovery of supported operations */ -# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20 +#define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20 OSSL_CORE_MAKE_FUNC(const char *, keymgmt_query_operation_name, - (int operation_id)) + (int operation_id)) /* Key checks - key data content checks */ -# define OSSL_FUNC_KEYMGMT_HAS 21 +#define OSSL_FUNC_KEYMGMT_HAS 21 OSSL_CORE_MAKE_FUNC(int, keymgmt_has, (const void *keydata, int selection)) /* Key checks - validation */ -# define OSSL_FUNC_KEYMGMT_VALIDATE 22 -OSSL_CORE_MAKE_FUNC(int, keymgmt_validate, (const void *keydata, int selection, - int checktype)) +#define OSSL_FUNC_KEYMGMT_VALIDATE 22 +OSSL_CORE_MAKE_FUNC(int, keymgmt_validate, (const void *keydata, int selection, int checktype)) /* Key checks - matching */ -# define OSSL_FUNC_KEYMGMT_MATCH 23 +#define OSSL_FUNC_KEYMGMT_MATCH 23 OSSL_CORE_MAKE_FUNC(int, keymgmt_match, - (const void *keydata1, const void *keydata2, - int selection)) + (const void *keydata1, const void *keydata2, + int selection)) /* Import and export functions, with discovery */ -# define OSSL_FUNC_KEYMGMT_IMPORT 40 -# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES 41 -# define OSSL_FUNC_KEYMGMT_EXPORT 42 -# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES 43 +#define OSSL_FUNC_KEYMGMT_IMPORT 40 +#define OSSL_FUNC_KEYMGMT_IMPORT_TYPES 41 +#define OSSL_FUNC_KEYMGMT_EXPORT 42 +#define OSSL_FUNC_KEYMGMT_EXPORT_TYPES 43 OSSL_CORE_MAKE_FUNC(int, keymgmt_import, - (void *keydata, int selection, const OSSL_PARAM params[])) + (void *keydata, int selection, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types, - (int selection)) + (int selection)) OSSL_CORE_MAKE_FUNC(int, keymgmt_export, - (void *keydata, int selection, - OSSL_CALLBACK *param_cb, void *cbarg)) + (void *keydata, int selection, + OSSL_CALLBACK *param_cb, void *cbarg)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types, - (int selection)) + (int selection)) /* Dup function, constructor */ -# define OSSL_FUNC_KEYMGMT_DUP 44 +#define OSSL_FUNC_KEYMGMT_DUP 44 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup, - (const void *keydata_from, int selection)) + (const void *keydata_from, int selection)) /* Key Exchange */ -# define OSSL_FUNC_KEYEXCH_NEWCTX 1 -# define OSSL_FUNC_KEYEXCH_INIT 2 -# define OSSL_FUNC_KEYEXCH_DERIVE 3 -# define OSSL_FUNC_KEYEXCH_SET_PEER 4 -# define OSSL_FUNC_KEYEXCH_FREECTX 5 -# define OSSL_FUNC_KEYEXCH_DUPCTX 6 -# define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 7 -# define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 8 -# define OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS 9 -# define OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS 10 +#define OSSL_FUNC_KEYEXCH_NEWCTX 1 +#define OSSL_FUNC_KEYEXCH_INIT 2 +#define OSSL_FUNC_KEYEXCH_DERIVE 3 +#define OSSL_FUNC_KEYEXCH_SET_PEER 4 +#define OSSL_FUNC_KEYEXCH_FREECTX 5 +#define OSSL_FUNC_KEYEXCH_DUPCTX 6 +#define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 7 +#define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 8 +#define OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS 9 +#define OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS 10 OSSL_CORE_MAKE_FUNC(void *, keyexch_newctx, (void *provctx)) -OSSL_CORE_MAKE_FUNC(int, keyexch_init, (void *ctx, void *provkey, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, keyexch_derive, (void *ctx, unsigned char *secret, - size_t *secretlen, size_t outlen)) +OSSL_CORE_MAKE_FUNC(int, keyexch_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, keyexch_derive, (void *ctx, unsigned char *secret, size_t *secretlen, size_t outlen)) OSSL_CORE_MAKE_FUNC(int, keyexch_set_peer, (void *ctx, void *provkey)) OSSL_CORE_MAKE_FUNC(void, keyexch_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(void *, keyexch_dupctx, (void *ctx)) -OSSL_CORE_MAKE_FUNC(int, keyexch_set_ctx_params, (void *ctx, - const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, keyexch_set_ctx_params, (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_settable_ctx_params, - (void *ctx, void *provctx)) -OSSL_CORE_MAKE_FUNC(int, keyexch_get_ctx_params, (void *ctx, - OSSL_PARAM params[])) + (void *ctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, keyexch_get_ctx_params, (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_gettable_ctx_params, - (void *ctx, void *provctx)) + (void *ctx, void *provctx)) /* Signature */ -# define OSSL_FUNC_SIGNATURE_NEWCTX 1 -# define OSSL_FUNC_SIGNATURE_SIGN_INIT 2 -# define OSSL_FUNC_SIGNATURE_SIGN 3 -# define OSSL_FUNC_SIGNATURE_VERIFY_INIT 4 -# define OSSL_FUNC_SIGNATURE_VERIFY 5 -# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT 6 -# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER 7 -# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT 8 -# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE 9 -# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL 10 -# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN 11 -# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT 12 -# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE 13 -# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL 14 -# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY 15 -# define OSSL_FUNC_SIGNATURE_FREECTX 16 -# define OSSL_FUNC_SIGNATURE_DUPCTX 17 -# define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS 18 -# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS 19 -# define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS 20 -# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS 21 -# define OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS 22 -# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 23 -# define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 24 -# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 25 - -OSSL_CORE_MAKE_FUNC(void *, signature_newctx, (void *provctx, - const char *propq)) -OSSL_CORE_MAKE_FUNC(int, signature_sign_init, (void *ctx, void *provkey, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, signature_sign, (void *ctx, unsigned char *sig, - size_t *siglen, size_t sigsize, - const unsigned char *tbs, - size_t tbslen)) -OSSL_CORE_MAKE_FUNC(int, signature_verify_init, (void *ctx, void *provkey, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, signature_verify, (void *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)) +#define OSSL_FUNC_SIGNATURE_NEWCTX 1 +#define OSSL_FUNC_SIGNATURE_SIGN_INIT 2 +#define OSSL_FUNC_SIGNATURE_SIGN 3 +#define OSSL_FUNC_SIGNATURE_VERIFY_INIT 4 +#define OSSL_FUNC_SIGNATURE_VERIFY 5 +#define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT 6 +#define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER 7 +#define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT 8 +#define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE 9 +#define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL 10 +#define OSSL_FUNC_SIGNATURE_DIGEST_SIGN 11 +#define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT 12 +#define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE 13 +#define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL 14 +#define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY 15 +#define OSSL_FUNC_SIGNATURE_FREECTX 16 +#define OSSL_FUNC_SIGNATURE_DUPCTX 17 +#define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS 18 +#define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS 19 +#define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS 20 +#define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS 21 +#define OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS 22 +#define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 23 +#define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 24 +#define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 25 + +OSSL_CORE_MAKE_FUNC(void *, signature_newctx, (void *provctx, const char *propq)) +OSSL_CORE_MAKE_FUNC(int, signature_sign_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_sign, (void *ctx, unsigned char *sig, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, signature_verify_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_verify, (void *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen)) OSSL_CORE_MAKE_FUNC(int, signature_verify_recover_init, - (void *ctx, void *provkey, const OSSL_PARAM params[])) + (void *ctx, void *provkey, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, signature_verify_recover, - (void *ctx, unsigned char *rout, size_t *routlen, - size_t routsize, const unsigned char *sig, size_t siglen)) + (void *ctx, unsigned char *rout, size_t *routlen, + size_t routsize, const unsigned char *sig, size_t siglen)) OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_init, - (void *ctx, const char *mdname, void *provkey, - const OSSL_PARAM params[])) + (void *ctx, const char *mdname, void *provkey, + const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_update, - (void *ctx, const unsigned char *data, size_t datalen)) + (void *ctx, const unsigned char *data, size_t datalen)) OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_final, - (void *ctx, unsigned char *sig, size_t *siglen, - size_t sigsize)) + (void *ctx, unsigned char *sig, size_t *siglen, + size_t sigsize)) OSSL_CORE_MAKE_FUNC(int, signature_digest_sign, - (void *ctx, unsigned char *sigret, size_t *siglen, - size_t sigsize, const unsigned char *tbs, size_t tbslen)) + (void *ctx, unsigned char *sigret, size_t *siglen, + size_t sigsize, const unsigned char *tbs, size_t tbslen)) OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_init, - (void *ctx, const char *mdname, void *provkey, - const OSSL_PARAM params[])) + (void *ctx, const char *mdname, void *provkey, + const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_update, - (void *ctx, const unsigned char *data, size_t datalen)) + (void *ctx, const unsigned char *data, size_t datalen)) OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_final, - (void *ctx, const unsigned char *sig, size_t siglen)) + (void *ctx, const unsigned char *sig, size_t siglen)) OSSL_CORE_MAKE_FUNC(int, signature_digest_verify, - (void *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen)) + (void *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)) OSSL_CORE_MAKE_FUNC(void, signature_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(void *, signature_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, signature_get_ctx_params, - (void *ctx, OSSL_PARAM params[])) + (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_gettable_ctx_params, - (void *ctx, void *provctx)) + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_params, - (void *ctx, const OSSL_PARAM params[])) + (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_params, - (void *ctx, void *provctx)) + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, signature_get_ctx_md_params, - (void *ctx, OSSL_PARAM params[])) + (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_gettable_ctx_md_params, - (void *ctx)) + (void *ctx)) OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_md_params, - (void *ctx, const OSSL_PARAM params[])) + (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_md_params, - (void *ctx)) - + (void *ctx)) /* Asymmetric Ciphers */ -# define OSSL_FUNC_ASYM_CIPHER_NEWCTX 1 -# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT 2 -# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT 3 -# define OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT 4 -# define OSSL_FUNC_ASYM_CIPHER_DECRYPT 5 -# define OSSL_FUNC_ASYM_CIPHER_FREECTX 6 -# define OSSL_FUNC_ASYM_CIPHER_DUPCTX 7 -# define OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS 8 -# define OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS 9 -# define OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS 10 -# define OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS 11 +#define OSSL_FUNC_ASYM_CIPHER_NEWCTX 1 +#define OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT 2 +#define OSSL_FUNC_ASYM_CIPHER_ENCRYPT 3 +#define OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT 4 +#define OSSL_FUNC_ASYM_CIPHER_DECRYPT 5 +#define OSSL_FUNC_ASYM_CIPHER_FREECTX 6 +#define OSSL_FUNC_ASYM_CIPHER_DUPCTX 7 +#define OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS 8 +#define OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS 9 +#define OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS 10 +#define OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS 11 OSSL_CORE_MAKE_FUNC(void *, asym_cipher_newctx, (void *provctx)) -OSSL_CORE_MAKE_FUNC(int, asym_cipher_encrypt_init, (void *ctx, void *provkey, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, asym_cipher_encrypt, (void *ctx, unsigned char *out, - size_t *outlen, - size_t outsize, - const unsigned char *in, - size_t inlen)) -OSSL_CORE_MAKE_FUNC(int, asym_cipher_decrypt_init, (void *ctx, void *provkey, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, asym_cipher_decrypt, (void *ctx, unsigned char *out, - size_t *outlen, - size_t outsize, - const unsigned char *in, - size_t inlen)) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_encrypt_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_encrypt, (void *ctx, unsigned char *out, size_t *outlen, size_t outsize, const unsigned char *in, size_t inlen)) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_decrypt_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_decrypt, (void *ctx, unsigned char *out, size_t *outlen, size_t outsize, const unsigned char *in, size_t inlen)) OSSL_CORE_MAKE_FUNC(void, asym_cipher_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(void *, asym_cipher_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, asym_cipher_get_ctx_params, - (void *ctx, OSSL_PARAM params[])) + (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_gettable_ctx_params, - (void *ctx, void *provctx)) + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, asym_cipher_set_ctx_params, - (void *ctx, const OSSL_PARAM params[])) + (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params, - (void *ctx, void *provctx)) + (void *ctx, void *provctx)) /* Asymmetric Key encapsulation */ -# define OSSL_FUNC_KEM_NEWCTX 1 -# define OSSL_FUNC_KEM_ENCAPSULATE_INIT 2 -# define OSSL_FUNC_KEM_ENCAPSULATE 3 -# define OSSL_FUNC_KEM_DECAPSULATE_INIT 4 -# define OSSL_FUNC_KEM_DECAPSULATE 5 -# define OSSL_FUNC_KEM_FREECTX 6 -# define OSSL_FUNC_KEM_DUPCTX 7 -# define OSSL_FUNC_KEM_GET_CTX_PARAMS 8 -# define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS 9 -# define OSSL_FUNC_KEM_SET_CTX_PARAMS 10 -# define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS 11 +#define OSSL_FUNC_KEM_NEWCTX 1 +#define OSSL_FUNC_KEM_ENCAPSULATE_INIT 2 +#define OSSL_FUNC_KEM_ENCAPSULATE 3 +#define OSSL_FUNC_KEM_DECAPSULATE_INIT 4 +#define OSSL_FUNC_KEM_DECAPSULATE 5 +#define OSSL_FUNC_KEM_FREECTX 6 +#define OSSL_FUNC_KEM_DUPCTX 7 +#define OSSL_FUNC_KEM_GET_CTX_PARAMS 8 +#define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS 9 +#define OSSL_FUNC_KEM_SET_CTX_PARAMS 10 +#define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS 11 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx)) -OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx, - unsigned char *out, size_t *outlen, - unsigned char *secret, - size_t *secretlen)) -OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey, - const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)) +OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx, unsigned char *out, size_t *outlen, unsigned char *secret, size_t *secretlen)) +OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen)) OSSL_CORE_MAKE_FUNC(void, kem_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(void *, kem_dupctx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, kem_get_ctx_params, (void *ctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_gettable_ctx_params, - (void *ctx, void *provctx)) + (void *ctx, void *provctx)) OSSL_CORE_MAKE_FUNC(int, kem_set_ctx_params, - (void *ctx, const OSSL_PARAM params[])) + (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_settable_ctx_params, - (void *ctx, void *provctx)) + (void *ctx, void *provctx)) /* Encoders and decoders */ -# define OSSL_FUNC_ENCODER_NEWCTX 1 -# define OSSL_FUNC_ENCODER_FREECTX 2 -# define OSSL_FUNC_ENCODER_GET_PARAMS 3 -# define OSSL_FUNC_ENCODER_GETTABLE_PARAMS 4 -# define OSSL_FUNC_ENCODER_SET_CTX_PARAMS 5 -# define OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS 6 -# define OSSL_FUNC_ENCODER_DOES_SELECTION 10 -# define OSSL_FUNC_ENCODER_ENCODE 11 -# define OSSL_FUNC_ENCODER_IMPORT_OBJECT 20 -# define OSSL_FUNC_ENCODER_FREE_OBJECT 21 +#define OSSL_FUNC_ENCODER_NEWCTX 1 +#define OSSL_FUNC_ENCODER_FREECTX 2 +#define OSSL_FUNC_ENCODER_GET_PARAMS 3 +#define OSSL_FUNC_ENCODER_GETTABLE_PARAMS 4 +#define OSSL_FUNC_ENCODER_SET_CTX_PARAMS 5 +#define OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS 6 +#define OSSL_FUNC_ENCODER_DOES_SELECTION 10 +#define OSSL_FUNC_ENCODER_ENCODE 11 +#define OSSL_FUNC_ENCODER_IMPORT_OBJECT 20 +#define OSSL_FUNC_ENCODER_FREE_OBJECT 21 OSSL_CORE_MAKE_FUNC(void *, encoder_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(void, encoder_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, encoder_get_params, (OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, encoder_gettable_params, - (void *provctx)) + (void *provctx)) OSSL_CORE_MAKE_FUNC(int, encoder_set_ctx_params, - (void *ctx, const OSSL_PARAM params[])) + (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, encoder_settable_ctx_params, - (void *provctx)) + (void *provctx)) OSSL_CORE_MAKE_FUNC(int, encoder_does_selection, - (void *provctx, int selection)) + (void *provctx, int selection)) OSSL_CORE_MAKE_FUNC(int, encoder_encode, - (void *ctx, OSSL_CORE_BIO *out, - const void *obj_raw, const OSSL_PARAM obj_abstract[], - int selection, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) + (void *ctx, OSSL_CORE_BIO *out, + const void *obj_raw, const OSSL_PARAM obj_abstract[], + int selection, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) OSSL_CORE_MAKE_FUNC(void *, encoder_import_object, - (void *ctx, int selection, const OSSL_PARAM params[])) + (void *ctx, int selection, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(void, encoder_free_object, (void *obj)) -# define OSSL_FUNC_DECODER_NEWCTX 1 -# define OSSL_FUNC_DECODER_FREECTX 2 -# define OSSL_FUNC_DECODER_GET_PARAMS 3 -# define OSSL_FUNC_DECODER_GETTABLE_PARAMS 4 -# define OSSL_FUNC_DECODER_SET_CTX_PARAMS 5 -# define OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS 6 -# define OSSL_FUNC_DECODER_DOES_SELECTION 10 -# define OSSL_FUNC_DECODER_DECODE 11 -# define OSSL_FUNC_DECODER_EXPORT_OBJECT 20 +#define OSSL_FUNC_DECODER_NEWCTX 1 +#define OSSL_FUNC_DECODER_FREECTX 2 +#define OSSL_FUNC_DECODER_GET_PARAMS 3 +#define OSSL_FUNC_DECODER_GETTABLE_PARAMS 4 +#define OSSL_FUNC_DECODER_SET_CTX_PARAMS 5 +#define OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS 6 +#define OSSL_FUNC_DECODER_DOES_SELECTION 10 +#define OSSL_FUNC_DECODER_DECODE 11 +#define OSSL_FUNC_DECODER_EXPORT_OBJECT 20 OSSL_CORE_MAKE_FUNC(void *, decoder_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(void, decoder_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, decoder_get_params, (OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, decoder_gettable_params, - (void *provctx)) + (void *provctx)) OSSL_CORE_MAKE_FUNC(int, decoder_set_ctx_params, - (void *ctx, const OSSL_PARAM params[])) + (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, decoder_settable_ctx_params, - (void *provctx)) + (void *provctx)) OSSL_CORE_MAKE_FUNC(int, decoder_does_selection, - (void *provctx, int selection)) + (void *provctx, int selection)) OSSL_CORE_MAKE_FUNC(int, decoder_decode, - (void *ctx, OSSL_CORE_BIO *in, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) + (void *ctx, OSSL_CORE_BIO *in, int selection, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) OSSL_CORE_MAKE_FUNC(int, decoder_export_object, - (void *ctx, const void *objref, size_t objref_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg)) + (void *ctx, const void *objref, size_t objref_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg)) /*- * Store @@ -912,32 +844,32 @@ * deal with. */ -#define OSSL_FUNC_STORE_OPEN 1 -#define OSSL_FUNC_STORE_ATTACH 2 -#define OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS 3 -#define OSSL_FUNC_STORE_SET_CTX_PARAMS 4 -#define OSSL_FUNC_STORE_LOAD 5 -#define OSSL_FUNC_STORE_EOF 6 -#define OSSL_FUNC_STORE_CLOSE 7 -#define OSSL_FUNC_STORE_EXPORT_OBJECT 8 +#define OSSL_FUNC_STORE_OPEN 1 +#define OSSL_FUNC_STORE_ATTACH 2 +#define OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS 3 +#define OSSL_FUNC_STORE_SET_CTX_PARAMS 4 +#define OSSL_FUNC_STORE_LOAD 5 +#define OSSL_FUNC_STORE_EOF 6 +#define OSSL_FUNC_STORE_CLOSE 7 +#define OSSL_FUNC_STORE_EXPORT_OBJECT 8 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri)) OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params, - (void *provctx)) + (void *provctx)) OSSL_CORE_MAKE_FUNC(int, store_set_ctx_params, - (void *loaderctx, const OSSL_PARAM params[])) + (void *loaderctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, store_load, - (void *loaderctx, - OSSL_CALLBACK *object_cb, void *object_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) + (void *loaderctx, + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) OSSL_CORE_MAKE_FUNC(int, store_eof, (void *loaderctx)) OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx)) OSSL_CORE_MAKE_FUNC(int, store_export_object, - (void *loaderctx, const void *objref, size_t objref_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg)) + (void *loaderctx, const void *objref, size_t objref_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg)) -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/core_names.h.orig +++ crypto/openssl/include/openssl/core_names.h @@ -8,29 +8,29 @@ */ #ifndef OPENSSL_CORE_NAMES_H -# define OPENSSL_CORE_NAMES_H -# pragma once +#define OPENSSL_CORE_NAMES_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* Well known parameter names that core passes to providers */ -#define OSSL_PROV_PARAM_CORE_VERSION "openssl-version" /* utf8_ptr */ -#define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name" /* utf8_ptr */ +#define OSSL_PROV_PARAM_CORE_VERSION "openssl-version" /* utf8_ptr */ +#define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name" /* utf8_ptr */ #define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */ /* Well known parameter names that Providers can define */ -#define OSSL_PROV_PARAM_NAME "name" /* utf8_ptr */ -#define OSSL_PROV_PARAM_VERSION "version" /* utf8_ptr */ -#define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_ptr */ -#define OSSL_PROV_PARAM_STATUS "status" /* uint */ -#define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" /* uint */ +#define OSSL_PROV_PARAM_NAME "name" /* utf8_ptr */ +#define OSSL_PROV_PARAM_VERSION "version" /* utf8_ptr */ +#define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_ptr */ +#define OSSL_PROV_PARAM_STATUS "status" /* uint */ +#define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" /* uint */ /* Self test callback parameters */ -#define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */ -#define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" /* utf8_string */ -#define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" /* utf8_string */ +#define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */ +#define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" /* utf8_string */ +#define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" /* utf8_string */ /*- * Provider-native object abstractions @@ -43,12 +43,12 @@ * This set of parameter names is explained in detail in provider-object(7) * (doc/man7/provider-object.pod) */ -#define OSSL_OBJECT_PARAM_TYPE "type" /* INTEGER */ -#define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" /* UTF8_STRING */ -#define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure" /* UTF8_STRING */ -#define OSSL_OBJECT_PARAM_REFERENCE "reference" /* OCTET_STRING */ -#define OSSL_OBJECT_PARAM_DATA "data" /* OCTET_STRING or UTF8_STRING */ -#define OSSL_OBJECT_PARAM_DESC "desc" /* UTF8_STRING */ +#define OSSL_OBJECT_PARAM_TYPE "type" /* INTEGER */ +#define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" /* UTF8_STRING */ +#define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure" /* UTF8_STRING */ +#define OSSL_OBJECT_PARAM_REFERENCE "reference" /* OCTET_STRING */ +#define OSSL_OBJECT_PARAM_DATA "data" /* OCTET_STRING or UTF8_STRING */ +#define OSSL_OBJECT_PARAM_DESC "desc" /* UTF8_STRING */ /* * Algorithm parameters @@ -57,63 +57,63 @@ * Note these are common names that are shared by many types (such as kdf, mac, * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below. */ -#define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */ -#define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */ -#define OSSL_ALG_PARAM_ENGINE "engine" /* utf8_string */ -#define OSSL_ALG_PARAM_MAC "mac" /* utf8_string */ -#define OSSL_ALG_PARAM_PROPERTIES "properties"/* utf8_string */ +#define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */ +#define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */ +#define OSSL_ALG_PARAM_ENGINE "engine" /* utf8_string */ +#define OSSL_ALG_PARAM_MAC "mac" /* utf8_string */ +#define OSSL_ALG_PARAM_PROPERTIES "properties" /* utf8_string */ /* cipher parameters */ -#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ -#define OSSL_CIPHER_PARAM_USE_BITS "use-bits" /* uint */ -#define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" /* uint */ -#define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" /* octet_ptr */ -#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" /* size_t */ -#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ -#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD "aead" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_CTS "cts" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ -#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ -#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ -#define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv" /* octet_string OR octet_ptr */ -#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ -#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */ -#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN -#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" /* octet_string */ -#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ -#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ -#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ -#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */ +#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ +#define OSSL_CIPHER_PARAM_USE_BITS "use-bits" /* uint */ +#define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" /* uint */ +#define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" /* octet_ptr */ +#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" /* size_t */ +#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ +#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD "aead" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_CTS "cts" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ +#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ +#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ +#define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv" /* octet_string OR octet_ptr */ +#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ +#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */ +#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN +#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" /* octet_string */ +#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ +#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ +#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ +#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */ /* For passing the AlgorithmIdentifier parameter in DER form */ -#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */ +#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \ "tls1multi_maxsndfrag" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE \ - "tls1multi_maxbufsz" /* size_t */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE \ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE \ + "tls1multi_maxbufsz" /* size_t */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE \ "tls1multi_interleave" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD \ - "tls1multi_aad" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN \ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD \ + "tls1multi_aad" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN \ "tls1multi_aadpacklen" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC \ - "tls1multi_enc" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN \ - "tls1multi_encin" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN \ - "tls1multi_enclen" /* size_t */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC \ + "tls1multi_enc" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN \ + "tls1multi_encin" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN \ + "tls1multi_enclen" /* size_t */ /* OSSL_CIPHER_PARAM_CTS_MODE Values */ #define OSSL_CIPHER_CTS_MODE_CS1 "CS1" @@ -121,214 +121,214 @@ #define OSSL_CIPHER_CTS_MODE_CS3 "CS3" /* digest parameters */ -#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ -#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ -#define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" /* uint */ -#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ -#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ -#define OSSL_DIGEST_PARAM_XOF "xof" /* int, 0 or 1 */ -#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" /* int, 0 or 1 */ +#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ +#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ +#define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" /* uint */ +#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ +#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ +#define OSSL_DIGEST_PARAM_XOF "xof" /* int, 0 or 1 */ +#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" /* int, 0 or 1 */ /* Known DIGEST names (not a complete list) */ -#define OSSL_DIGEST_NAME_MD5 "MD5" -#define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" -#define OSSL_DIGEST_NAME_SHA1 "SHA1" -#define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" -#define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" -#define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" -#define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" -#define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" -#define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" -#define OSSL_DIGEST_NAME_MD2 "MD2" -#define OSSL_DIGEST_NAME_MD4 "MD4" -#define OSSL_DIGEST_NAME_MDC2 "MDC2" -#define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" -#define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" -#define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" -#define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" -#define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +#define OSSL_DIGEST_NAME_MD5 "MD5" +#define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +#define OSSL_DIGEST_NAME_SHA1 "SHA1" +#define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +#define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +#define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +#define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +#define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +#define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" +#define OSSL_DIGEST_NAME_MD2 "MD2" +#define OSSL_DIGEST_NAME_MD4 "MD4" +#define OSSL_DIGEST_NAME_MDC2 "MDC2" +#define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +#define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +#define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +#define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +#define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" #define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" #define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" -#define OSSL_DIGEST_NAME_SM3 "SM3" +#define OSSL_DIGEST_NAME_SM3 "SM3" /* MAC parameters */ -#define OSSL_MAC_PARAM_KEY "key" /* octet string */ -#define OSSL_MAC_PARAM_IV "iv" /* octet string */ -#define OSSL_MAC_PARAM_CUSTOM "custom" /* utf8 string */ -#define OSSL_MAC_PARAM_SALT "salt" /* octet string */ -#define OSSL_MAC_PARAM_XOF "xof" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit" /* int, 0 or 1 */ +#define OSSL_MAC_PARAM_KEY "key" /* octet string */ +#define OSSL_MAC_PARAM_IV "iv" /* octet string */ +#define OSSL_MAC_PARAM_CUSTOM "custom" /* utf8 string */ +#define OSSL_MAC_PARAM_SALT "salt" /* octet string */ +#define OSSL_MAC_PARAM_XOF "xof" /* int, 0 or 1 */ +#define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit" /* int, 0 or 1 */ #define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_C_ROUNDS "c-rounds" /* unsigned int */ -#define OSSL_MAC_PARAM_D_ROUNDS "d-rounds" /* unsigned int */ +#define OSSL_MAC_PARAM_C_ROUNDS "c-rounds" /* unsigned int */ +#define OSSL_MAC_PARAM_D_ROUNDS "d-rounds" /* unsigned int */ /* * If "engine" or "properties" are specified, they should always be paired * with "cipher" or "digest". */ -#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ -#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ -#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ -#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */ -#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */ +#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ +#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ +#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ +#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */ +#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */ /* Known MAC names */ -#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" -#define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" -#define OSSL_MAC_NAME_CMAC "CMAC" -#define OSSL_MAC_NAME_GMAC "GMAC" -#define OSSL_MAC_NAME_HMAC "HMAC" -#define OSSL_MAC_NAME_KMAC128 "KMAC128" -#define OSSL_MAC_NAME_KMAC256 "KMAC256" -#define OSSL_MAC_NAME_POLY1305 "POLY1305" -#define OSSL_MAC_NAME_SIPHASH "SIPHASH" +#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +#define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" +#define OSSL_MAC_NAME_CMAC "CMAC" +#define OSSL_MAC_NAME_GMAC "GMAC" +#define OSSL_MAC_NAME_HMAC "HMAC" +#define OSSL_MAC_NAME_KMAC128 "KMAC128" +#define OSSL_MAC_NAME_KMAC256 "KMAC256" +#define OSSL_MAC_NAME_POLY1305 "POLY1305" +#define OSSL_MAC_NAME_SIPHASH "SIPHASH" /* KDF / PRF parameters */ -#define OSSL_KDF_PARAM_SECRET "secret" /* octet string */ -#define OSSL_KDF_PARAM_KEY "key" /* octet string */ -#define OSSL_KDF_PARAM_SALT "salt" /* octet string */ -#define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ -#define OSSL_KDF_PARAM_PREFIX "prefix" /* octet string */ -#define OSSL_KDF_PARAM_LABEL "label" /* octet string */ -#define OSSL_KDF_PARAM_DATA "data" /* octet string */ -#define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ -#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */ -#define OSSL_KDF_PARAM_MAC_SIZE "maclen" /* size_t */ -#define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ -#define OSSL_KDF_PARAM_ITER "iter" /* unsigned int */ -#define OSSL_KDF_PARAM_MODE "mode" /* utf8 string or int */ -#define OSSL_KDF_PARAM_PKCS5 "pkcs5" /* int */ -#define OSSL_KDF_PARAM_UKM "ukm" /* octet string */ -#define OSSL_KDF_PARAM_CEK_ALG "cekalg" /* utf8 string */ -#define OSSL_KDF_PARAM_SCRYPT_N "n" /* uint64_t */ -#define OSSL_KDF_PARAM_SCRYPT_R "r" /* uint32_t */ -#define OSSL_KDF_PARAM_SCRYPT_P "p" /* uint32_t */ +#define OSSL_KDF_PARAM_SECRET "secret" /* octet string */ +#define OSSL_KDF_PARAM_KEY "key" /* octet string */ +#define OSSL_KDF_PARAM_SALT "salt" /* octet string */ +#define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ +#define OSSL_KDF_PARAM_PREFIX "prefix" /* octet string */ +#define OSSL_KDF_PARAM_LABEL "label" /* octet string */ +#define OSSL_KDF_PARAM_DATA "data" /* octet string */ +#define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ +#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */ +#define OSSL_KDF_PARAM_MAC_SIZE "maclen" /* size_t */ +#define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ +#define OSSL_KDF_PARAM_ITER "iter" /* unsigned int */ +#define OSSL_KDF_PARAM_MODE "mode" /* utf8 string or int */ +#define OSSL_KDF_PARAM_PKCS5 "pkcs5" /* int */ +#define OSSL_KDF_PARAM_UKM "ukm" /* octet string */ +#define OSSL_KDF_PARAM_CEK_ALG "cekalg" /* utf8 string */ +#define OSSL_KDF_PARAM_SCRYPT_N "n" /* uint64_t */ +#define OSSL_KDF_PARAM_SCRYPT_R "r" /* uint32_t */ +#define OSSL_KDF_PARAM_SCRYPT_P "p" /* uint32_t */ #define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */ -#define OSSL_KDF_PARAM_INFO "info" /* octet string */ -#define OSSL_KDF_PARAM_SEED "seed" /* octet string */ +#define OSSL_KDF_PARAM_INFO "info" /* octet string */ +#define OSSL_KDF_PARAM_SEED "seed" /* octet string */ #define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */ #define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */ -#define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */ -#define OSSL_KDF_PARAM_SIZE "size" /* size_t */ -#define OSSL_KDF_PARAM_CONSTANT "constant" /* octet string */ -#define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ -#define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ -#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */ -#define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" -#define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" -#define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" -#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" -#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" -#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" +#define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */ +#define OSSL_KDF_PARAM_SIZE "size" /* size_t */ +#define OSSL_KDF_PARAM_CONSTANT "constant" /* octet string */ +#define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ +#define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ +#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */ +#define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" +#define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" +#define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" +#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" +#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" +#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" /* Known KDF names */ -#define OSSL_KDF_NAME_HKDF "HKDF" -#define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" -#define OSSL_KDF_NAME_PBKDF1 "PBKDF1" -#define OSSL_KDF_NAME_PBKDF2 "PBKDF2" -#define OSSL_KDF_NAME_SCRYPT "SCRYPT" -#define OSSL_KDF_NAME_SSHKDF "SSHKDF" -#define OSSL_KDF_NAME_SSKDF "SSKDF" -#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" -#define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" +#define OSSL_KDF_NAME_HKDF "HKDF" +#define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" +#define OSSL_KDF_NAME_PBKDF1 "PBKDF1" +#define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +#define OSSL_KDF_NAME_SCRYPT "SCRYPT" +#define OSSL_KDF_NAME_SSHKDF "SSHKDF" +#define OSSL_KDF_NAME_SSKDF "SSKDF" +#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +#define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" #define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" -#define OSSL_KDF_NAME_X963KDF "X963KDF" -#define OSSL_KDF_NAME_KBKDF "KBKDF" -#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" +#define OSSL_KDF_NAME_X963KDF "X963KDF" +#define OSSL_KDF_NAME_KBKDF "KBKDF" +#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" /* Known RAND names */ -#define OSSL_RAND_PARAM_STATE "state" -#define OSSL_RAND_PARAM_STRENGTH "strength" -#define OSSL_RAND_PARAM_MAX_REQUEST "max_request" -#define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" -#define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" +#define OSSL_RAND_PARAM_STATE "state" +#define OSSL_RAND_PARAM_STRENGTH "strength" +#define OSSL_RAND_PARAM_MAX_REQUEST "max_request" +#define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" +#define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" /* RAND/DRBG names */ -#define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" -#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" -#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen" -#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen" -#define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen" -#define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen" -#define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen" -#define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen" -#define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter" -#define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time" -#define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -#define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER -#define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC -#define OSSL_DRBG_PARAM_USE_DF "use_derivation_function" +#define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" +#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" +#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen" +#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen" +#define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen" +#define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen" +#define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen" +#define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen" +#define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter" +#define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time" +#define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +#define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC +#define OSSL_DRBG_PARAM_USE_DF "use_derivation_function" /* DRBG call back parameters */ -#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required" -#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance" -#define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length" -#define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length" -#define OSSL_DRBG_PARAM_RANDOM_DATA "random_data" -#define OSSL_DRBG_PARAM_SIZE "size" +#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required" +#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance" +#define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length" +#define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length" +#define OSSL_DRBG_PARAM_RANDOM_DATA "random_data" +#define OSSL_DRBG_PARAM_SIZE "size" /* PKEY parameters */ /* Common PKEY parameters */ -#define OSSL_PKEY_PARAM_BITS "bits" /* integer */ -#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */ -#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */ -#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE /* utf8 string */ -#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */ -#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */ -#define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" -#define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" -#define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" -#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" -#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" -#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key" -#define OSSL_PKEY_PARAM_GROUP_NAME "group" -#define OSSL_PKEY_PARAM_DIST_ID "distid" -#define OSSL_PKEY_PARAM_PUB_KEY "pub" -#define OSSL_PKEY_PARAM_PRIV_KEY "priv" +#define OSSL_PKEY_PARAM_BITS "bits" /* integer */ +#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */ +#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */ +#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE /* utf8 string */ +#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */ +#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */ +#define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" +#define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" +#define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" +#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" +#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" +#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key" +#define OSSL_PKEY_PARAM_GROUP_NAME "group" +#define OSSL_PKEY_PARAM_DIST_ID "distid" +#define OSSL_PKEY_PARAM_PUB_KEY "pub" +#define OSSL_PKEY_PARAM_PRIV_KEY "priv" /* Diffie-Hellman/DSA Parameters */ -#define OSSL_PKEY_PARAM_FFC_P "p" -#define OSSL_PKEY_PARAM_FFC_G "g" -#define OSSL_PKEY_PARAM_FFC_Q "q" -#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" -#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" -#define OSSL_PKEY_PARAM_FFC_SEED "seed" -#define OSSL_PKEY_PARAM_FFC_COFACTOR "j" -#define OSSL_PKEY_PARAM_FFC_H "hindex" -#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq" -#define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g" +#define OSSL_PKEY_PARAM_FFC_P "p" +#define OSSL_PKEY_PARAM_FFC_G "g" +#define OSSL_PKEY_PARAM_FFC_Q "q" +#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" +#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" +#define OSSL_PKEY_PARAM_FFC_SEED "seed" +#define OSSL_PKEY_PARAM_FFC_COFACTOR "j" +#define OSSL_PKEY_PARAM_FFC_H "hindex" +#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq" +#define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g" #define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy" /* Diffie-Hellman params */ -#define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" -#define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" +#define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" +#define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" /* Elliptic Curve Domain Parameters */ -#define OSSL_PKEY_PARAM_EC_PUB_X "qx" -#define OSSL_PKEY_PARAM_EC_PUB_Y "qy" +#define OSSL_PKEY_PARAM_EC_PUB_X "qx" +#define OSSL_PKEY_PARAM_EC_PUB_Y "qy" /* Elliptic Curve Explicit Domain Parameters */ -#define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type" -#define OSSL_PKEY_PARAM_EC_P "p" -#define OSSL_PKEY_PARAM_EC_A "a" -#define OSSL_PKEY_PARAM_EC_B "b" -#define OSSL_PKEY_PARAM_EC_GENERATOR "generator" -#define OSSL_PKEY_PARAM_EC_ORDER "order" -#define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor" -#define OSSL_PKEY_PARAM_EC_SEED "seed" -#define OSSL_PKEY_PARAM_EC_CHAR2_M "m" -#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type" -#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3" +#define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type" +#define OSSL_PKEY_PARAM_EC_P "p" +#define OSSL_PKEY_PARAM_EC_A "a" +#define OSSL_PKEY_PARAM_EC_B "b" +#define OSSL_PKEY_PARAM_EC_GENERATOR "generator" +#define OSSL_PKEY_PARAM_EC_ORDER "order" +#define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor" +#define OSSL_PKEY_PARAM_EC_SEED "seed" +#define OSSL_PKEY_PARAM_EC_CHAR2_M "m" +#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type" +#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp" +#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1" +#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2" +#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3" #define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit" /* Elliptic Curve Key Parameters */ @@ -350,174 +350,174 @@ * (the base i for the coefficients is 2, not 1, at least as implied by * RFC 8017) */ -#define OSSL_PKEY_PARAM_RSA_N "n" -#define OSSL_PKEY_PARAM_RSA_E "e" -#define OSSL_PKEY_PARAM_RSA_D "d" -#define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" -#define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" +#define OSSL_PKEY_PARAM_RSA_N "n" +#define OSSL_PKEY_PARAM_RSA_E "e" +#define OSSL_PKEY_PARAM_RSA_D "d" +#define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" +#define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" #define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" -#define OSSL_PKEY_PARAM_RSA_FACTOR1 OSSL_PKEY_PARAM_RSA_FACTOR"1" -#define OSSL_PKEY_PARAM_RSA_FACTOR2 OSSL_PKEY_PARAM_RSA_FACTOR"2" -#define OSSL_PKEY_PARAM_RSA_FACTOR3 OSSL_PKEY_PARAM_RSA_FACTOR"3" -#define OSSL_PKEY_PARAM_RSA_FACTOR4 OSSL_PKEY_PARAM_RSA_FACTOR"4" -#define OSSL_PKEY_PARAM_RSA_FACTOR5 OSSL_PKEY_PARAM_RSA_FACTOR"5" -#define OSSL_PKEY_PARAM_RSA_FACTOR6 OSSL_PKEY_PARAM_RSA_FACTOR"6" -#define OSSL_PKEY_PARAM_RSA_FACTOR7 OSSL_PKEY_PARAM_RSA_FACTOR"7" -#define OSSL_PKEY_PARAM_RSA_FACTOR8 OSSL_PKEY_PARAM_RSA_FACTOR"8" -#define OSSL_PKEY_PARAM_RSA_FACTOR9 OSSL_PKEY_PARAM_RSA_FACTOR"9" -#define OSSL_PKEY_PARAM_RSA_FACTOR10 OSSL_PKEY_PARAM_RSA_FACTOR"10" -#define OSSL_PKEY_PARAM_RSA_EXPONENT1 OSSL_PKEY_PARAM_RSA_EXPONENT"1" -#define OSSL_PKEY_PARAM_RSA_EXPONENT2 OSSL_PKEY_PARAM_RSA_EXPONENT"2" -#define OSSL_PKEY_PARAM_RSA_EXPONENT3 OSSL_PKEY_PARAM_RSA_EXPONENT"3" -#define OSSL_PKEY_PARAM_RSA_EXPONENT4 OSSL_PKEY_PARAM_RSA_EXPONENT"4" -#define OSSL_PKEY_PARAM_RSA_EXPONENT5 OSSL_PKEY_PARAM_RSA_EXPONENT"5" -#define OSSL_PKEY_PARAM_RSA_EXPONENT6 OSSL_PKEY_PARAM_RSA_EXPONENT"6" -#define OSSL_PKEY_PARAM_RSA_EXPONENT7 OSSL_PKEY_PARAM_RSA_EXPONENT"7" -#define OSSL_PKEY_PARAM_RSA_EXPONENT8 OSSL_PKEY_PARAM_RSA_EXPONENT"8" -#define OSSL_PKEY_PARAM_RSA_EXPONENT9 OSSL_PKEY_PARAM_RSA_EXPONENT"9" -#define OSSL_PKEY_PARAM_RSA_EXPONENT10 OSSL_PKEY_PARAM_RSA_EXPONENT"10" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9" +#define OSSL_PKEY_PARAM_RSA_FACTOR1 OSSL_PKEY_PARAM_RSA_FACTOR "1" +#define OSSL_PKEY_PARAM_RSA_FACTOR2 OSSL_PKEY_PARAM_RSA_FACTOR "2" +#define OSSL_PKEY_PARAM_RSA_FACTOR3 OSSL_PKEY_PARAM_RSA_FACTOR "3" +#define OSSL_PKEY_PARAM_RSA_FACTOR4 OSSL_PKEY_PARAM_RSA_FACTOR "4" +#define OSSL_PKEY_PARAM_RSA_FACTOR5 OSSL_PKEY_PARAM_RSA_FACTOR "5" +#define OSSL_PKEY_PARAM_RSA_FACTOR6 OSSL_PKEY_PARAM_RSA_FACTOR "6" +#define OSSL_PKEY_PARAM_RSA_FACTOR7 OSSL_PKEY_PARAM_RSA_FACTOR "7" +#define OSSL_PKEY_PARAM_RSA_FACTOR8 OSSL_PKEY_PARAM_RSA_FACTOR "8" +#define OSSL_PKEY_PARAM_RSA_FACTOR9 OSSL_PKEY_PARAM_RSA_FACTOR "9" +#define OSSL_PKEY_PARAM_RSA_FACTOR10 OSSL_PKEY_PARAM_RSA_FACTOR "10" +#define OSSL_PKEY_PARAM_RSA_EXPONENT1 OSSL_PKEY_PARAM_RSA_EXPONENT "1" +#define OSSL_PKEY_PARAM_RSA_EXPONENT2 OSSL_PKEY_PARAM_RSA_EXPONENT "2" +#define OSSL_PKEY_PARAM_RSA_EXPONENT3 OSSL_PKEY_PARAM_RSA_EXPONENT "3" +#define OSSL_PKEY_PARAM_RSA_EXPONENT4 OSSL_PKEY_PARAM_RSA_EXPONENT "4" +#define OSSL_PKEY_PARAM_RSA_EXPONENT5 OSSL_PKEY_PARAM_RSA_EXPONENT "5" +#define OSSL_PKEY_PARAM_RSA_EXPONENT6 OSSL_PKEY_PARAM_RSA_EXPONENT "6" +#define OSSL_PKEY_PARAM_RSA_EXPONENT7 OSSL_PKEY_PARAM_RSA_EXPONENT "7" +#define OSSL_PKEY_PARAM_RSA_EXPONENT8 OSSL_PKEY_PARAM_RSA_EXPONENT "8" +#define OSSL_PKEY_PARAM_RSA_EXPONENT9 OSSL_PKEY_PARAM_RSA_EXPONENT "9" +#define OSSL_PKEY_PARAM_RSA_EXPONENT10 OSSL_PKEY_PARAM_RSA_EXPONENT "10" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT "1" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT "2" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT "3" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT "4" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT "5" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT "6" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT "7" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT "8" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT "9" /* RSA padding modes */ -#define OSSL_PKEY_RSA_PAD_MODE_NONE "none" +#define OSSL_PKEY_RSA_PAD_MODE_NONE "none" #define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" -#define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" -#define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" -#define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" +#define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" +#define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" +#define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" /* RSA pss padding salt length */ #define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" -#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" -#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" +#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" +#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" /* Key generation parameters */ -#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS -#define OSSL_PKEY_PARAM_RSA_PRIMES "primes" -#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC -#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen" +#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS +#define OSSL_PKEY_PARAM_RSA_PRIMES "primes" +#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST +#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES +#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC +#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen" /* Key generation parameters */ -#define OSSL_PKEY_PARAM_FFC_TYPE "type" -#define OSSL_PKEY_PARAM_FFC_PBITS "pbits" -#define OSSL_PKEY_PARAM_FFC_QBITS "qbits" -#define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST +#define OSSL_PKEY_PARAM_FFC_TYPE "type" +#define OSSL_PKEY_PARAM_FFC_PBITS "pbits" +#define OSSL_PKEY_PARAM_FFC_QBITS "qbits" +#define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST #define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */ +#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */ #define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format" -#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check" -#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public" +#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check" +#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public" /* OSSL_PKEY_PARAM_EC_ENCODING values */ -#define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" -#define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" +#define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" +#define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" #define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" -#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" -#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" +#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" +#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" -#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" -#define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" -#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" +#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" +#define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" +#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" /* Key Exchange parameters */ -#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ +#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ #define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */ -#define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" /* size_t */ +#define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" /* size_t */ /* The following parameter is an octet_string on set and an octet_ptr on get */ -#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" +#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" /* Signature parameters */ -#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" -#define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE -#define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen" -#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ +#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" +#define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +#define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +#define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen" +#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ OSSL_PKEY_PARAM_MGF1_PROPERTIES -#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE +#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE /* Asym cipher parameters */ -#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE -#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE -#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST \ +#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +#define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE +#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST \ OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS \ +#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS \ OSSL_PKEY_PARAM_MGF1_PROPERTIES -#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" +#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" /* The following parameter is an octet_string on set and an octet_ptr on get */ -#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" -#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" -#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" +#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" +#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" +#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" /* * Encoder / decoder parameters */ -#define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER -#define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +#define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* Currently PVK only, but reusable for others as needed */ -#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level" -#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" /* integer */ +#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level" +#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" /* integer */ -#define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* Passphrase callback parameters */ -#define OSSL_PASSPHRASE_PARAM_INFO "info" +#define OSSL_PASSPHRASE_PARAM_INFO "info" /* Keygen callback parameters, from provider to libcrypto */ -#define OSSL_GEN_PARAM_POTENTIAL "potential" /* integer */ -#define OSSL_GEN_PARAM_ITERATION "iteration" /* integer */ +#define OSSL_GEN_PARAM_POTENTIAL "potential" /* integer */ +#define OSSL_GEN_PARAM_ITERATION "iteration" /* integer */ /* ACVP Test parameters : These should not be used normally */ #define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1" #define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2" -#define OSSL_PKEY_PARAM_RSA_TEST_XP "xp" +#define OSSL_PKEY_PARAM_RSA_TEST_XP "xp" #define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1" #define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2" -#define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq" -#define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1" -#define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2" -#define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1" -#define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" +#define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq" +#define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1" +#define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2" +#define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1" +#define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" #define OSSL_SIGNATURE_PARAM_KAT "kat" /* KEM parameters */ -#define OSSL_KEM_PARAM_OPERATION "operation" +#define OSSL_KEM_PARAM_OPERATION "operation" /* OSSL_KEM_PARAM_OPERATION values */ -#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" +#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" /* Capabilities */ /* TLS-GROUP Capability */ -#define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name" -#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal" -#define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" -#define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" -#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" -#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem" -#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" -#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" -#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" -#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls" +#define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name" +#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal" +#define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" +#define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" +#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" +#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem" +#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" +#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" +#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" +#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls" /*- * storemgmt parameters @@ -536,21 +536,21 @@ * are used as search criteria. * (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT) */ -#define OSSL_STORE_PARAM_EXPECT "expect" /* INTEGER */ -#define OSSL_STORE_PARAM_SUBJECT "subject" /* DER blob => OCTET_STRING */ -#define OSSL_STORE_PARAM_ISSUER "name" /* DER blob => OCTET_STRING */ -#define OSSL_STORE_PARAM_SERIAL "serial" /* INTEGER */ -#define OSSL_STORE_PARAM_DIGEST "digest" /* UTF8_STRING */ +#define OSSL_STORE_PARAM_EXPECT "expect" /* INTEGER */ +#define OSSL_STORE_PARAM_SUBJECT "subject" /* DER blob => OCTET_STRING */ +#define OSSL_STORE_PARAM_ISSUER "name" /* DER blob => OCTET_STRING */ +#define OSSL_STORE_PARAM_SERIAL "serial" /* INTEGER */ +#define OSSL_STORE_PARAM_DIGEST "digest" /* UTF8_STRING */ #define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */ -#define OSSL_STORE_PARAM_ALIAS "alias" /* UTF8_STRING */ +#define OSSL_STORE_PARAM_ALIAS "alias" /* UTF8_STRING */ /* You may want to pass properties for the provider implementation to use */ -#define OSSL_STORE_PARAM_PROPERTIES "properties" /* utf8_string */ +#define OSSL_STORE_PARAM_PROPERTIES "properties" /* utf8_string */ /* OSSL_DECODER input type if a decoder is used by the store */ -#define OSSL_STORE_PARAM_INPUT_TYPE "input-type" /* UTF8_STRING */ +#define OSSL_STORE_PARAM_INPUT_TYPE "input-type" /* UTF8_STRING */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/core_object.h.orig +++ crypto/openssl/include/openssl/core_object.h @@ -8,12 +8,12 @@ */ #ifndef OPENSSL_CORE_OBJECT_H -# define OPENSSL_CORE_OBJECT_H -# pragma once +#define OPENSSL_CORE_OBJECT_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /*- * Known object types @@ -24,18 +24,18 @@ * For most of these types, there's a corresponding libcrypto object type. * The corresponding type is indicated with a comment after the number. */ -# define OSSL_OBJECT_UNKNOWN 0 -# define OSSL_OBJECT_NAME 1 /* char * */ -# define OSSL_OBJECT_PKEY 2 /* EVP_PKEY * */ -# define OSSL_OBJECT_CERT 3 /* X509 * */ -# define OSSL_OBJECT_CRL 4 /* X509_CRL * */ +#define OSSL_OBJECT_UNKNOWN 0 +#define OSSL_OBJECT_NAME 1 /* char * */ +#define OSSL_OBJECT_PKEY 2 /* EVP_PKEY * */ +#define OSSL_OBJECT_CERT 3 /* X509 * */ +#define OSSL_OBJECT_CRL 4 /* X509_CRL * */ /* * The rest of the associated OSSL_PARAM elements is described in core_names.h */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/crmf.h.orig +++ crypto/openssl/include/openssl/crmf.h @@ -14,41 +14,44 @@ * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb. */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_CRMF_H -# define OPENSSL_CRMF_H +#define OPENSSL_CRMF_H -# include +#include -# ifndef OPENSSL_NO_CRMF -# include -# include -# include -# include /* for GENERAL_NAME etc. */ +#ifndef OPENSSL_NO_CRMF +#include +#include +#include +#include /* for GENERAL_NAME etc. */ /* explicit #includes not strictly needed since implied by the above: */ -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0 -# define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 -# define OSSL_CRMF_POPOPRIVKEY_DHMAC 2 -# define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3 -# define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 +#define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0 +#define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 +#define OSSL_CRMF_POPOPRIVKEY_DHMAC 2 +#define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3 +#define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 -# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 -# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 +#define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 +#define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CRMF_MSG, OSSL_CRMF_MSG, OSSL_CRMF_MSG) #define sk_OSSL_CRMF_MSG_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk)) #define sk_OSSL_CRMF_MSG_value(sk, idx) ((OSSL_CRMF_MSG *)OPENSSL_sk_value(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk), (idx))) @@ -76,6 +79,7 @@ #define sk_OSSL_CRMF_MSG_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CRMF_MSG) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_copyfunc_type(copyfunc), ossl_check_OSSL_CRMF_MSG_freefunc_type(freefunc))) #define sk_OSSL_CRMF_MSG_set_cmp_func(sk, cmp) ((sk_OSSL_CRMF_MSG_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CRMF_MSG_sk_type(sk), ossl_check_OSSL_CRMF_MSG_compfunc_type(cmp))) +/* clang-format on */ typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE; typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) @@ -84,6 +88,7 @@ typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OSSL_CRMF_CERTID, OSSL_CRMF_CERTID, OSSL_CRMF_CERTID) #define sk_OSSL_CRMF_CERTID_num(sk) OPENSSL_sk_num(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk)) #define sk_OSSL_CRMF_CERTID_value(sk, idx) ((OSSL_CRMF_CERTID *)OPENSSL_sk_value(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk), (idx))) @@ -111,6 +116,7 @@ #define sk_OSSL_CRMF_CERTID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OSSL_CRMF_CERTID) *)OPENSSL_sk_deep_copy(ossl_check_const_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_copyfunc_type(copyfunc), ossl_check_OSSL_CRMF_CERTID_freefunc_type(freefunc))) #define sk_OSSL_CRMF_CERTID_set_cmp_func(sk, cmp) ((sk_OSSL_CRMF_CERTID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OSSL_CRMF_CERTID_sk_type(sk), ossl_check_OSSL_CRMF_CERTID_compfunc_type(cmp))) +/* clang-format on */ typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) @@ -125,103 +131,96 @@ /* crmf_pbm.c */ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, - int owfnid, size_t itercnt, - int macnid); + int owfnid, size_t itercnt, + int macnid); int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, - const OSSL_CRMF_PBMPARAMETER *pbmp, - const unsigned char *msg, size_t msglen, - const unsigned char *sec, size_t seclen, - unsigned char **mac, size_t *maclen); + const OSSL_CRMF_PBMPARAMETER *pbmp, + const unsigned char *msg, size_t msglen, + const unsigned char *sec, size_t seclen, + unsigned char **mac, size_t *maclen); /* crmf_lib.c */ int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, - const ASN1_UTF8STRING *tok); + const ASN1_UTF8STRING *tok); ASN1_UTF8STRING *OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, - const ASN1_UTF8STRING *auth); + const ASN1_UTF8STRING *auth); ASN1_UTF8STRING *OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); -int -OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, - OSSL_CRMF_SINGLEPUBINFO *spi); -# define OSSL_CRMF_PUB_METHOD_DONTCARE 0 -# define OSSL_CRMF_PUB_METHOD_X500 1 -# define OSSL_CRMF_PUB_METHOD_WEB 2 -# define OSSL_CRMF_PUB_METHOD_LDAP 3 +int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + OSSL_CRMF_SINGLEPUBINFO *spi); +#define OSSL_CRMF_PUB_METHOD_DONTCARE 0 +#define OSSL_CRMF_PUB_METHOD_X500 1 +#define OSSL_CRMF_PUB_METHOD_WEB 2 +#define OSSL_CRMF_PUB_METHOD_LDAP 3 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, - int method, GENERAL_NAME *nm); -# define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 -# define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 + int method, GENERAL_NAME *nm); +#define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 +#define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, - int action); + int action); int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, - const OSSL_CRMF_PKIPUBLICATIONINFO *pi); + const OSSL_CRMF_PKIPUBLICATIONINFO *pi); OSSL_CRMF_PKIPUBLICATIONINFO *OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, - const X509_PUBKEY *pubkey); + const X509_PUBKEY *pubkey); X509_PUBKEY *OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, - const OSSL_CRMF_CERTID *cid); + const OSSL_CRMF_CERTID *cid); OSSL_CRMF_CERTID *OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, - const ASN1_INTEGER *serial); + const ASN1_INTEGER *serial); int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, - const ASN1_UTF8STRING *utf8pairs); + const ASN1_UTF8STRING *utf8pairs); ASN1_UTF8STRING *OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, - const OSSL_CRMF_CERTREQUEST *cr); + const OSSL_CRMF_CERTREQUEST *cr); OSSL_CRMF_CERTREQUEST *OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, - ASN1_TIME *notBefore, ASN1_TIME *notAfter); + ASN1_TIME *notBefore, ASN1_TIME *notAfter); int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm); int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); -# define OSSL_CRMF_POPO_NONE -1 -# define OSSL_CRMF_POPO_RAVERIFIED 0 -# define OSSL_CRMF_POPO_SIGNATURE 1 -# define OSSL_CRMF_POPO_KEYENC 2 -# define OSSL_CRMF_POPO_KEYAGREE 3 +#define OSSL_CRMF_POPO_NONE -1 +#define OSSL_CRMF_POPO_RAVERIFIED 0 +#define OSSL_CRMF_POPO_SIGNATURE 1 +#define OSSL_CRMF_POPO_KEYENC 2 +#define OSSL_CRMF_POPO_KEYAGREE 3 int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, - EVP_PKEY *pkey, const EVP_MD *digest, - OSSL_LIB_CTX *libctx, const char *propq); + EVP_PKEY *pkey, const EVP_MD *digest, + OSSL_LIB_CTX *libctx, const char *propq); int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, - int rid, int acceptRAVerified, - OSSL_LIB_CTX *libctx, const char *propq); + int rid, int acceptRAVerified, + OSSL_LIB_CTX *libctx, const char *propq); OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); -const ASN1_INTEGER -*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); -const X509_NAME -*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); -const X509_NAME -*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); X509_EXTENSIONS *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); -const X509_NAME -*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); -const ASN1_INTEGER -*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); +const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, - EVP_PKEY *pubkey, - const X509_NAME *subject, - const X509_NAME *issuer, - const ASN1_INTEGER *serial); -X509 -*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, - OSSL_LIB_CTX *libctx, const char *propq, - EVP_PKEY *pkey); - -# ifdef __cplusplus + EVP_PKEY *pubkey, + const X509_NAME *subject, + const X509_NAME *issuer, + const ASN1_INTEGER *serial); +X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, + OSSL_LIB_CTX *libctx, const char *propq, + EVP_PKEY *pkey); + +#ifdef __cplusplus } -# endif -# endif /* !defined(OPENSSL_NO_CRMF) */ +#endif +#endif /* !defined(OPENSSL_NO_CRMF) */ #endif /* !defined(OPENSSL_CRMF_H) */ --- crypto/openssl/include/openssl/crmf.h.in.orig +++ crypto/openssl/include/openssl/crmf.h.in @@ -13,46 +13,50 @@ * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb. */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_CRMF_H -# define OPENSSL_CRMF_H +#define OPENSSL_CRMF_H -# include +#include -# ifndef OPENSSL_NO_CRMF -# include -# include -# include -# include /* for GENERAL_NAME etc. */ +#ifndef OPENSSL_NO_CRMF +#include +#include +#include +#include /* for GENERAL_NAME etc. */ /* explicit #includes not strictly needed since implied by the above: */ -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0 -# define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 -# define OSSL_CRMF_POPOPRIVKEY_DHMAC 2 -# define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3 -# define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 +#define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0 +#define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 +#define OSSL_CRMF_POPOPRIVKEY_DHMAC 2 +#define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3 +#define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 -# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 -# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 +#define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 +#define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) +/* clang-format off */ {- generate_stack_macros("OSSL_CRMF_MSG"); -} +/* clang-format on */ typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE; typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) @@ -61,9 +65,11 @@ typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) +/* clang-format off */ {- generate_stack_macros("OSSL_CRMF_CERTID"); -} +/* clang-format on */ typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) @@ -78,103 +84,96 @@ /* crmf_pbm.c */ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, - int owfnid, size_t itercnt, - int macnid); + int owfnid, size_t itercnt, + int macnid); int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, - const OSSL_CRMF_PBMPARAMETER *pbmp, - const unsigned char *msg, size_t msglen, - const unsigned char *sec, size_t seclen, - unsigned char **mac, size_t *maclen); + const OSSL_CRMF_PBMPARAMETER *pbmp, + const unsigned char *msg, size_t msglen, + const unsigned char *sec, size_t seclen, + unsigned char **mac, size_t *maclen); /* crmf_lib.c */ int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, - const ASN1_UTF8STRING *tok); + const ASN1_UTF8STRING *tok); ASN1_UTF8STRING *OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, - const ASN1_UTF8STRING *auth); + const ASN1_UTF8STRING *auth); ASN1_UTF8STRING *OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); -int -OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, - OSSL_CRMF_SINGLEPUBINFO *spi); -# define OSSL_CRMF_PUB_METHOD_DONTCARE 0 -# define OSSL_CRMF_PUB_METHOD_X500 1 -# define OSSL_CRMF_PUB_METHOD_WEB 2 -# define OSSL_CRMF_PUB_METHOD_LDAP 3 +int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + OSSL_CRMF_SINGLEPUBINFO *spi); +#define OSSL_CRMF_PUB_METHOD_DONTCARE 0 +#define OSSL_CRMF_PUB_METHOD_X500 1 +#define OSSL_CRMF_PUB_METHOD_WEB 2 +#define OSSL_CRMF_PUB_METHOD_LDAP 3 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, - int method, GENERAL_NAME *nm); -# define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 -# define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 + int method, GENERAL_NAME *nm); +#define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 +#define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, - int action); + int action); int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, - const OSSL_CRMF_PKIPUBLICATIONINFO *pi); + const OSSL_CRMF_PKIPUBLICATIONINFO *pi); OSSL_CRMF_PKIPUBLICATIONINFO *OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, - const X509_PUBKEY *pubkey); + const X509_PUBKEY *pubkey); X509_PUBKEY *OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, - const OSSL_CRMF_CERTID *cid); + const OSSL_CRMF_CERTID *cid); OSSL_CRMF_CERTID *OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, - const ASN1_INTEGER *serial); + const ASN1_INTEGER *serial); int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, - const ASN1_UTF8STRING *utf8pairs); + const ASN1_UTF8STRING *utf8pairs); ASN1_UTF8STRING *OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, - const OSSL_CRMF_CERTREQUEST *cr); + const OSSL_CRMF_CERTREQUEST *cr); OSSL_CRMF_CERTREQUEST *OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, - ASN1_TIME *notBefore, ASN1_TIME *notAfter); + ASN1_TIME *notBefore, ASN1_TIME *notAfter); int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm); int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); -# define OSSL_CRMF_POPO_NONE -1 -# define OSSL_CRMF_POPO_RAVERIFIED 0 -# define OSSL_CRMF_POPO_SIGNATURE 1 -# define OSSL_CRMF_POPO_KEYENC 2 -# define OSSL_CRMF_POPO_KEYAGREE 3 +#define OSSL_CRMF_POPO_NONE -1 +#define OSSL_CRMF_POPO_RAVERIFIED 0 +#define OSSL_CRMF_POPO_SIGNATURE 1 +#define OSSL_CRMF_POPO_KEYENC 2 +#define OSSL_CRMF_POPO_KEYAGREE 3 int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, - EVP_PKEY *pkey, const EVP_MD *digest, - OSSL_LIB_CTX *libctx, const char *propq); + EVP_PKEY *pkey, const EVP_MD *digest, + OSSL_LIB_CTX *libctx, const char *propq); int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, - int rid, int acceptRAVerified, - OSSL_LIB_CTX *libctx, const char *propq); + int rid, int acceptRAVerified, + OSSL_LIB_CTX *libctx, const char *propq); OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); -const ASN1_INTEGER -*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); -const X509_NAME -*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); -const X509_NAME -*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); X509_EXTENSIONS *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); -const X509_NAME -*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); -const ASN1_INTEGER -*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); +const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, - EVP_PKEY *pubkey, - const X509_NAME *subject, - const X509_NAME *issuer, - const ASN1_INTEGER *serial); -X509 -*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, - OSSL_LIB_CTX *libctx, const char *propq, - EVP_PKEY *pkey); - -# ifdef __cplusplus + EVP_PKEY *pubkey, + const X509_NAME *subject, + const X509_NAME *issuer, + const ASN1_INTEGER *serial); +X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, + OSSL_LIB_CTX *libctx, const char *propq, + EVP_PKEY *pkey); + +#ifdef __cplusplus } -# endif -# endif /* !defined(OPENSSL_NO_CRMF) */ +#endif +#endif /* !defined(OPENSSL_NO_CRMF) */ #endif /* !defined(OPENSSL_CRMF_H) */ --- crypto/openssl/include/openssl/crmferr.h.orig +++ crypto/openssl/include/openssl/crmferr.h @@ -9,42 +9,40 @@ */ #ifndef OPENSSL_CRMFERR_H -# define OPENSSL_CRMFERR_H -# pragma once +#define OPENSSL_CRMFERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_CRMF +#include +#include +#include +#ifndef OPENSSL_NO_CRMF /* * CRMF reason codes. */ -# define CRMF_R_BAD_PBM_ITERATIONCOUNT 100 -# define CRMF_R_CRMFERROR 102 -# define CRMF_R_ERROR 103 -# define CRMF_R_ERROR_DECODING_CERTIFICATE 104 -# define CRMF_R_ERROR_DECRYPTING_CERTIFICATE 105 -# define CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY 106 -# define CRMF_R_FAILURE_OBTAINING_RANDOM 107 -# define CRMF_R_ITERATIONCOUNT_BELOW_100 108 -# define CRMF_R_MALFORMED_IV 101 -# define CRMF_R_NULL_ARGUMENT 109 -# define CRMF_R_POPOSKINPUT_NOT_SUPPORTED 113 -# define CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY 117 -# define CRMF_R_POPO_MISSING 121 -# define CRMF_R_POPO_MISSING_PUBLIC_KEY 118 -# define CRMF_R_POPO_MISSING_SUBJECT 119 -# define CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED 120 -# define CRMF_R_SETTING_MAC_ALGOR_FAILURE 110 -# define CRMF_R_SETTING_OWF_ALGOR_FAILURE 111 -# define CRMF_R_UNSUPPORTED_ALGORITHM 112 -# define CRMF_R_UNSUPPORTED_CIPHER 114 -# define CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO 115 -# define CRMF_R_UNSUPPORTED_POPO_METHOD 116 +#define CRMF_R_BAD_PBM_ITERATIONCOUNT 100 +#define CRMF_R_CRMFERROR 102 +#define CRMF_R_ERROR 103 +#define CRMF_R_ERROR_DECODING_CERTIFICATE 104 +#define CRMF_R_ERROR_DECRYPTING_CERTIFICATE 105 +#define CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY 106 +#define CRMF_R_FAILURE_OBTAINING_RANDOM 107 +#define CRMF_R_ITERATIONCOUNT_BELOW_100 108 +#define CRMF_R_MALFORMED_IV 101 +#define CRMF_R_NULL_ARGUMENT 109 +#define CRMF_R_POPOSKINPUT_NOT_SUPPORTED 113 +#define CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY 117 +#define CRMF_R_POPO_MISSING 121 +#define CRMF_R_POPO_MISSING_PUBLIC_KEY 118 +#define CRMF_R_POPO_MISSING_SUBJECT 119 +#define CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED 120 +#define CRMF_R_SETTING_MAC_ALGOR_FAILURE 110 +#define CRMF_R_SETTING_OWF_ALGOR_FAILURE 111 +#define CRMF_R_UNSUPPORTED_ALGORITHM 112 +#define CRMF_R_UNSUPPORTED_CIPHER 114 +#define CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO 115 +#define CRMF_R_UNSUPPORTED_POPO_METHOD 116 -# endif +#endif #endif --- crypto/openssl/include/openssl/crypto.h.orig +++ crypto/openssl/include/openssl/crypto.h @@ -11,60 +11,62 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_CRYPTO_H -# define OPENSSL_CRYPTO_H -# pragma once +#define OPENSSL_CRYPTO_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CRYPTO_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CRYPTO_H +#endif -# include -# include +#include +#include -# include +#include -# ifndef OPENSSL_NO_STDIO -# include -# endif +#ifndef OPENSSL_NO_STDIO +#include +#endif -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include +#include -# ifdef CHARSET_EBCDIC -# include -# endif +#ifdef CHARSET_EBCDIC +#include +#endif /* * Resolve problems on some operating systems with symbol names that clash * one way or another */ -# include +#include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#endif -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSLeay OpenSSL_version_num -# define SSLeay_version OpenSSL_version -# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -# define SSLEAY_VERSION OPENSSL_VERSION -# define SSLEAY_CFLAGS OPENSSL_CFLAGS -# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON -# define SSLEAY_PLATFORM OPENSSL_PLATFORM -# define SSLEAY_DIR OPENSSL_DIR +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSLeay OpenSSL_version_num +#define SSLeay_version OpenSSL_version +#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +#define SSLEAY_VERSION OPENSSL_VERSION +#define SSLEAY_CFLAGS OPENSSL_CFLAGS +#define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +#define SSLEAY_PLATFORM OPENSSL_PLATFORM +#define SSLEAY_DIR OPENSSL_DIR /* * Old type for allocating dynamic locks. No longer used. Use the new thread @@ -74,7 +76,7 @@ int dummy; } CRYPTO_dynlock; -# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ +#endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ typedef void CRYPTO_RWLOCK; @@ -86,56 +88,58 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock); + CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ -#define OPENSSL_malloc_init() while(0) continue - -# define OPENSSL_malloc(num) \ - CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_zalloc(num) \ - CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_realloc(addr, num) \ - CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_clear_realloc(addr, old_num, num) \ - CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_clear_free(addr, num) \ - CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_free(addr) \ - CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_memdup(str, s) \ - CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_strdup(str) \ - CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_strndup(str, n) \ - CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_malloc(num) \ - CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_zalloc(num) \ - CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_free(addr) \ - CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_clear_free(addr, num) \ - CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_actual_size(ptr) \ - CRYPTO_secure_actual_size(ptr) +#define OPENSSL_malloc_init() \ + while (0) \ + continue + +#define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); size_t OPENSSL_strnlen(const char *str, size_t maxlen); int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, - const unsigned char *buf, size_t buflen, - const char sep); + const unsigned char *buf, size_t buflen, + const char sep); char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str, const char sep); + const char *str, const char sep); unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); int OPENSSL_hexchar2int(unsigned char c); int OPENSSL_strcasecmp(const char *s1, const char *s2); int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); -# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) +#define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U << (sizeof(int) * 8 - 1)) - 1) / sizeof(type)) /* * These functions return the values of OPENSSL_VERSION_MAJOR, @@ -150,30 +154,30 @@ unsigned long OpenSSL_version_num(void); const char *OpenSSL_version(int type); -# define OPENSSL_VERSION 0 -# define OPENSSL_CFLAGS 1 -# define OPENSSL_BUILT_ON 2 -# define OPENSSL_PLATFORM 3 -# define OPENSSL_DIR 4 -# define OPENSSL_ENGINES_DIR 5 -# define OPENSSL_VERSION_STRING 6 -# define OPENSSL_FULL_VERSION_STRING 7 -# define OPENSSL_MODULES_DIR 8 -# define OPENSSL_CPU_INFO 9 +#define OPENSSL_VERSION 0 +#define OPENSSL_CFLAGS 1 +#define OPENSSL_BUILT_ON 2 +#define OPENSSL_PLATFORM 3 +#define OPENSSL_DIR 4 +#define OPENSSL_ENGINES_DIR 5 +#define OPENSSL_VERSION_STRING 6 +#define OPENSSL_FULL_VERSION_STRING 7 +#define OPENSSL_MODULES_DIR 8 +#define OPENSSL_CPU_INFO 9 const char *OPENSSL_info(int type); /* * The series starts at 1001 to avoid confusion with the OpenSSL_version * types. */ -# define OPENSSL_INFO_CONFIG_DIR 1001 -# define OPENSSL_INFO_ENGINES_DIR 1002 -# define OPENSSL_INFO_MODULES_DIR 1003 -# define OPENSSL_INFO_DSO_EXTENSION 1004 -# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 -# define OPENSSL_INFO_LIST_SEPARATOR 1006 -# define OPENSSL_INFO_SEED_SOURCE 1007 -# define OPENSSL_INFO_CPU_SETTINGS 1008 +#define OPENSSL_INFO_CONFIG_DIR 1001 +#define OPENSSL_INFO_ENGINES_DIR 1002 +#define OPENSSL_INFO_MODULES_DIR 1003 +#define OPENSSL_INFO_DSO_EXTENSION 1004 +#define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 +#define OPENSSL_INFO_LIST_SEPARATOR 1006 +#define OPENSSL_INFO_SEED_SOURCE 1007 +#define OPENSSL_INFO_CPU_SETTINGS 1008 int OPENSSL_issetugid(void); @@ -182,6 +186,7 @@ STACK_OF(void) *sk; }; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(void, void, void) #define sk_void_num(sk) OPENSSL_sk_num(ossl_check_const_void_sk_type(sk)) #define sk_void_value(sk, idx) ((void *)OPENSSL_sk_value(ossl_check_const_void_sk_type(sk), (idx))) @@ -209,42 +214,42 @@ #define sk_void_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(void) *)OPENSSL_sk_deep_copy(ossl_check_const_void_sk_type(sk), ossl_check_void_copyfunc_type(copyfunc), ossl_check_void_freefunc_type(freefunc))) #define sk_void_set_cmp_func(sk, cmp) ((sk_void_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_void_sk_type(sk), ossl_check_void_compfunc_type(cmp))) - +/* clang-format on */ /* * Per class, we have a STACK of function pointers. */ -# define CRYPTO_EX_INDEX_SSL 0 -# define CRYPTO_EX_INDEX_SSL_CTX 1 -# define CRYPTO_EX_INDEX_SSL_SESSION 2 -# define CRYPTO_EX_INDEX_X509 3 -# define CRYPTO_EX_INDEX_X509_STORE 4 -# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -# define CRYPTO_EX_INDEX_DH 6 -# define CRYPTO_EX_INDEX_DSA 7 -# define CRYPTO_EX_INDEX_EC_KEY 8 -# define CRYPTO_EX_INDEX_RSA 9 -# define CRYPTO_EX_INDEX_ENGINE 10 -# define CRYPTO_EX_INDEX_UI 11 -# define CRYPTO_EX_INDEX_BIO 12 -# define CRYPTO_EX_INDEX_APP 13 -# define CRYPTO_EX_INDEX_UI_METHOD 14 -# define CRYPTO_EX_INDEX_RAND_DRBG 15 -# define CRYPTO_EX_INDEX_DRBG CRYPTO_EX_INDEX_RAND_DRBG -# define CRYPTO_EX_INDEX_OSSL_LIB_CTX 16 -# define CRYPTO_EX_INDEX_EVP_PKEY 17 -# define CRYPTO_EX_INDEX__COUNT 18 - -typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **from_d, int idx, long argl, void *argp); +#define CRYPTO_EX_INDEX_SSL 0 +#define CRYPTO_EX_INDEX_SSL_CTX 1 +#define CRYPTO_EX_INDEX_SSL_SESSION 2 +#define CRYPTO_EX_INDEX_X509 3 +#define CRYPTO_EX_INDEX_X509_STORE 4 +#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +#define CRYPTO_EX_INDEX_DH 6 +#define CRYPTO_EX_INDEX_DSA 7 +#define CRYPTO_EX_INDEX_EC_KEY 8 +#define CRYPTO_EX_INDEX_RSA 9 +#define CRYPTO_EX_INDEX_ENGINE 10 +#define CRYPTO_EX_INDEX_UI 11 +#define CRYPTO_EX_INDEX_BIO 12 +#define CRYPTO_EX_INDEX_APP 13 +#define CRYPTO_EX_INDEX_UI_METHOD 14 +#define CRYPTO_EX_INDEX_RAND_DRBG 15 +#define CRYPTO_EX_INDEX_DRBG CRYPTO_EX_INDEX_RAND_DRBG +#define CRYPTO_EX_INDEX_OSSL_LIB_CTX 16 +#define CRYPTO_EX_INDEX_EVP_PKEY 17 +#define CRYPTO_EX_INDEX__COUNT 18 + +typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void **from_d, int idx, long argl, void *argp); __owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); /* No longer use an index. */ int CRYPTO_free_ex_index(int class_index, int idx); @@ -254,13 +259,13 @@ */ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - const CRYPTO_EX_DATA *from); + const CRYPTO_EX_DATA *from); void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); /* Allocate a single item in the CRYPTO_EX_DATA variable */ int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, - int idx); + int idx); /* * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular @@ -269,12 +274,14 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* * This function cleans up all "ex_data" state. It mustn't be called under * potential race-conditions. */ -# define CRYPTO_cleanup_all_ex_data() while(0) continue +#define CRYPTO_cleanup_all_ex_data() \ + while (0) \ + continue /* * The old locking functions have been removed completely without compatibility @@ -286,60 +293,60 @@ * On the other hand, the locking callbacks are no longer used. Consequently, * the callback management functions can be safely replaced with no-op macros. */ -# define CRYPTO_num_locks() (1) -# define CRYPTO_set_locking_callback(func) -# define CRYPTO_get_locking_callback() (NULL) -# define CRYPTO_set_add_lock_callback(func) -# define CRYPTO_get_add_lock_callback() (NULL) +#define CRYPTO_num_locks() (1) +#define CRYPTO_set_locking_callback(func) +#define CRYPTO_get_locking_callback() (NULL) +#define CRYPTO_set_add_lock_callback(func) +#define CRYPTO_get_add_lock_callback() (NULL) /* * These defines where used in combination with the old locking callbacks, * they are not called anymore, but old code that's not called might still * use them. */ -# define CRYPTO_LOCK 1 -# define CRYPTO_UNLOCK 2 -# define CRYPTO_READ 4 -# define CRYPTO_WRITE 8 +#define CRYPTO_LOCK 1 +#define CRYPTO_UNLOCK 2 +#define CRYPTO_READ 4 +#define CRYPTO_WRITE 8 /* This structure is no longer used */ typedef struct crypto_threadid_st { int dummy; } CRYPTO_THREADID; /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ -# define CRYPTO_THREADID_set_numeric(id, val) -# define CRYPTO_THREADID_set_pointer(id, ptr) -# define CRYPTO_THREADID_set_callback(threadid_func) (0) -# define CRYPTO_THREADID_get_callback() (NULL) -# define CRYPTO_THREADID_current(id) -# define CRYPTO_THREADID_cmp(a, b) (-1) -# define CRYPTO_THREADID_cpy(dest, src) -# define CRYPTO_THREADID_hash(id) (0UL) - -# ifndef OPENSSL_NO_DEPRECATED_1_0_0 -# define CRYPTO_set_id_callback(func) -# define CRYPTO_get_id_callback() (NULL) -# define CRYPTO_thread_id() (0UL) -# endif /* OPENSSL_NO_DEPRECATED_1_0_0 */ - -# define CRYPTO_set_dynlock_create_callback(dyn_create_function) -# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) -# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) -# define CRYPTO_get_dynlock_create_callback() (NULL) -# define CRYPTO_get_dynlock_lock_callback() (NULL) -# define CRYPTO_get_dynlock_destroy_callback() (NULL) -# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ +#define CRYPTO_THREADID_set_numeric(id, val) +#define CRYPTO_THREADID_set_pointer(id, ptr) +#define CRYPTO_THREADID_set_callback(threadid_func) (0) +#define CRYPTO_THREADID_get_callback() (NULL) +#define CRYPTO_THREADID_current(id) +#define CRYPTO_THREADID_cmp(a, b) (-1) +#define CRYPTO_THREADID_cpy(dest, src) +#define CRYPTO_THREADID_hash(id) (0UL) + +#ifndef OPENSSL_NO_DEPRECATED_1_0_0 +#define CRYPTO_set_id_callback(func) +#define CRYPTO_get_id_callback() (NULL) +#define CRYPTO_thread_id() (0UL) +#endif /* OPENSSL_NO_DEPRECATED_1_0_0 */ + +#define CRYPTO_set_dynlock_create_callback(dyn_create_function) +#define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +#define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +#define CRYPTO_get_dynlock_create_callback() (NULL) +#define CRYPTO_get_dynlock_lock_callback() (NULL) +#define CRYPTO_get_dynlock_destroy_callback() (NULL) +#endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, - int line); + int line); typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line); int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, - CRYPTO_realloc_fn realloc_fn, - CRYPTO_free_fn free_fn); + CRYPTO_realloc_fn realloc_fn, + CRYPTO_free_fn free_fn); void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, - CRYPTO_realloc_fn *realloc_fn, - CRYPTO_free_fn *free_fn); + CRYPTO_realloc_fn *realloc_fn, + CRYPTO_free_fn *free_fn); void *CRYPTO_malloc(size_t num, const char *file, int line); void *CRYPTO_zalloc(size_t num, const char *file, int line); @@ -350,7 +357,7 @@ void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, - const char *file, int line); + const char *file, int line); int CRYPTO_secure_malloc_init(size_t sz, size_t minsize); int CRYPTO_secure_malloc_done(void); @@ -358,7 +365,7 @@ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); void CRYPTO_secure_free(void *ptr, const char *file, int line); void CRYPTO_secure_clear_free(void *ptr, size_t num, - const char *file, int line); + const char *file, int line); int CRYPTO_secure_allocated(const void *ptr); int CRYPTO_secure_malloc_initialized(void); size_t CRYPTO_secure_actual_size(void *ptr); @@ -366,74 +373,74 @@ void OPENSSL_cleanse(void *ptr, size_t len); -# ifndef OPENSSL_NO_CRYPTO_MDEBUG +#ifndef OPENSSL_NO_CRYPTO_MDEBUG /* * The following can be used to detect memory leaks in the library. If * used, it turns on malloc checking */ -# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ -# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ -# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ -# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ +#define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +#define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define OPENSSL_mem_debug_push(info) \ - CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_mem_debug_pop() \ - CRYPTO_mem_debug_pop() -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int CRYPTO_set_mem_debug(int flag); OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_ctrl(int mode); OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_debug_push(const char *info, - const char *file, int line); + const char *file, int line); OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_debug_pop(void); OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_malloc(void *addr, size_t num, - int flag, - const char *file, int line); + int flag, + const char *file, int line); OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, - size_t num, int flag, - const char *file, int line); + size_t num, int flag, + const char *file, int line); OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_free(void *addr, int flag, - const char *file, int line); + const char *file, int line); OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), - void *u); -# endif -# ifndef OPENSSL_NO_STDIO -# ifndef OPENSSL_NO_DEPRECATED_3_0 + void *u); +#endif +#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks_fp(FILE *); -# endif -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks(BIO *bio); -# endif -# endif /* OPENSSL_NO_CRYPTO_MDEBUG */ +#endif +#endif /* OPENSSL_NO_CRYPTO_MDEBUG */ /* die if we have to */ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) -# endif -# define OPENSSL_assert(e) \ +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define OpenSSLDie(f, l, a) OPENSSL_die((a), (f), (l)) +#endif +#define OPENSSL_assert(e) \ (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) int OPENSSL_isservice(void); void OPENSSL_init(void); -# ifdef OPENSSL_SYS_UNIX -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifdef OPENSSL_SYS_UNIX +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_prepare(void); OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_parent(void); OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_child(void); -# endif -# endif +#endif +#endif struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); int OPENSSL_gmtime_diff(int *pday, int *psec, - const struct tm *from, const struct tm *to); + const struct tm *from, const struct tm *to); /* * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. @@ -442,29 +449,29 @@ * into a defined order as the return value when a != b is undefined, other * than to be non-zero. */ -int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); +int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len); /* Standard initialisation options */ -# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L -# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L -# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L -# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L -# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L -# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L -# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L -# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L -# define OPENSSL_INIT_ASYNC 0x00000100L -# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L -# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L -# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L -# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L -# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L -# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L -# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +#define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +#define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +#define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +#define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +#define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +#define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +#define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +#define OPENSSL_INIT_ASYNC 0x00000100L +#define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +#define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +#define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +#define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +#define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +#define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +#define OPENSSL_INIT_ENGINE_AFALG 0x00008000L /* FREE: 0x00010000L */ -# define OPENSSL_INIT_ATFORK 0x00020000L +#define OPENSSL_INIT_ATFORK 0x00020000L /* OPENSSL_INIT_BASE_ONLY 0x00040000L */ -# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +#define OPENSSL_INIT_NO_ATEXIT 0x00080000L /* OPENSSL_INIT flag range 0x03f00000 reserved for OPENSSL_init_ssl() */ /* FREE: 0x04000000L */ /* FREE: 0x08000000L */ @@ -475,10 +482,9 @@ /* Max OPENSSL_INIT flag value is 0x80000000 */ /* openssl and dasync not counted as builtin */ -# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ +#define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ - | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ - OPENSSL_INIT_ENGINE_PADLOCK) + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | OPENSSL_INIT_ENGINE_PADLOCK) /* Library initialisation functions */ void OPENSSL_cleanup(void); @@ -489,48 +495,48 @@ /* Low-level control of initialization */ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, - const char *config_filename); + const char *config_filename); void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, - unsigned long flags); + unsigned long flags); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, - const char *config_appname); -# endif + const char *config_appname); +#endif void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); -# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) -# if defined(_WIN32) -# if defined(BASETYPES) || defined(_WINDEF_H) +#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +#if defined(_WIN32) +#if defined(BASETYPES) || defined(_WINDEF_H) /* application has to include in order to use this */ typedef DWORD CRYPTO_THREAD_LOCAL; typedef DWORD CRYPTO_THREAD_ID; typedef LONG CRYPTO_ONCE; -# define CRYPTO_ONCE_STATIC_INIT 0 -# endif -# else -# if defined(__TANDEM) && defined(_SPT_MODEL_) -# define SPT_THREAD_SIGNAL 1 -# define SPT_THREAD_AWARE 1 -# include -# else -# include -# endif +#define CRYPTO_ONCE_STATIC_INIT 0 +#endif +#else +#if defined(__TANDEM) && defined(_SPT_MODEL_) +#define SPT_THREAD_SIGNAL 1 +#define SPT_THREAD_AWARE 1 +#include +#else +#include +#endif typedef pthread_once_t CRYPTO_ONCE; typedef pthread_key_t CRYPTO_THREAD_LOCAL; typedef pthread_t CRYPTO_THREAD_ID; -# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT -# endif -# endif +#define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +#endif +#endif -# if !defined(CRYPTO_ONCE_STATIC_INIT) +#if !defined(CRYPTO_ONCE_STATIC_INIT) typedef unsigned int CRYPTO_ONCE; typedef unsigned int CRYPTO_THREAD_LOCAL; typedef unsigned int CRYPTO_THREAD_ID; -# define CRYPTO_ONCE_STATIC_INIT 0 -# endif +#define CRYPTO_ONCE_STATIC_INIT 0 +#endif int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); @@ -544,15 +550,15 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_new(void); OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in); + const OSSL_DISPATCH *in); OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in); + const OSSL_DISPATCH *in); int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file); void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/crypto.h.in.orig +++ crypto/openssl/include/openssl/crypto.h.in @@ -10,62 +10,64 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_CRYPTO_H -# define OPENSSL_CRYPTO_H -# pragma once +#define OPENSSL_CRYPTO_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CRYPTO_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CRYPTO_H +#endif -# include -# include +#include +#include -# include +#include -# ifndef OPENSSL_NO_STDIO -# include -# endif +#ifndef OPENSSL_NO_STDIO +#include +#endif -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include +#include -# ifdef CHARSET_EBCDIC -# include -# endif +#ifdef CHARSET_EBCDIC +#include +#endif /* * Resolve problems on some operating systems with symbol names that clash * one way or another */ -# include +#include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#endif -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSLeay OpenSSL_version_num -# define SSLeay_version OpenSSL_version -# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -# define SSLEAY_VERSION OPENSSL_VERSION -# define SSLEAY_CFLAGS OPENSSL_CFLAGS -# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON -# define SSLEAY_PLATFORM OPENSSL_PLATFORM -# define SSLEAY_DIR OPENSSL_DIR +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSLeay OpenSSL_version_num +#define SSLeay_version OpenSSL_version +#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +#define SSLEAY_VERSION OPENSSL_VERSION +#define SSLEAY_CFLAGS OPENSSL_CFLAGS +#define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +#define SSLEAY_PLATFORM OPENSSL_PLATFORM +#define SSLEAY_DIR OPENSSL_DIR /* * Old type for allocating dynamic locks. No longer used. Use the new thread @@ -75,7 +77,7 @@ int dummy; } CRYPTO_dynlock; -# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ +#endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ typedef void CRYPTO_RWLOCK; @@ -87,56 +89,58 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock); + CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ -#define OPENSSL_malloc_init() while(0) continue - -# define OPENSSL_malloc(num) \ - CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_zalloc(num) \ - CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_realloc(addr, num) \ - CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_clear_realloc(addr, old_num, num) \ - CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_clear_free(addr, num) \ - CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_free(addr) \ - CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_memdup(str, s) \ - CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_strdup(str) \ - CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_strndup(str, n) \ - CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_malloc(num) \ - CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_zalloc(num) \ - CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_free(addr) \ - CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_clear_free(addr, num) \ - CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_secure_actual_size(ptr) \ - CRYPTO_secure_actual_size(ptr) +#define OPENSSL_malloc_init() \ + while (0) \ + continue + +#define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); size_t OPENSSL_strnlen(const char *str, size_t maxlen); int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, - const unsigned char *buf, size_t buflen, - const char sep); + const unsigned char *buf, size_t buflen, + const char sep); char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str, const char sep); + const char *str, const char sep); unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); int OPENSSL_hexchar2int(unsigned char c); int OPENSSL_strcasecmp(const char *s1, const char *s2); int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); -# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) +#define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U << (sizeof(int) * 8 - 1)) - 1) / sizeof(type)) /* * These functions return the values of OPENSSL_VERSION_MAJOR, @@ -151,30 +155,30 @@ unsigned long OpenSSL_version_num(void); const char *OpenSSL_version(int type); -# define OPENSSL_VERSION 0 -# define OPENSSL_CFLAGS 1 -# define OPENSSL_BUILT_ON 2 -# define OPENSSL_PLATFORM 3 -# define OPENSSL_DIR 4 -# define OPENSSL_ENGINES_DIR 5 -# define OPENSSL_VERSION_STRING 6 -# define OPENSSL_FULL_VERSION_STRING 7 -# define OPENSSL_MODULES_DIR 8 -# define OPENSSL_CPU_INFO 9 +#define OPENSSL_VERSION 0 +#define OPENSSL_CFLAGS 1 +#define OPENSSL_BUILT_ON 2 +#define OPENSSL_PLATFORM 3 +#define OPENSSL_DIR 4 +#define OPENSSL_ENGINES_DIR 5 +#define OPENSSL_VERSION_STRING 6 +#define OPENSSL_FULL_VERSION_STRING 7 +#define OPENSSL_MODULES_DIR 8 +#define OPENSSL_CPU_INFO 9 const char *OPENSSL_info(int type); /* * The series starts at 1001 to avoid confusion with the OpenSSL_version * types. */ -# define OPENSSL_INFO_CONFIG_DIR 1001 -# define OPENSSL_INFO_ENGINES_DIR 1002 -# define OPENSSL_INFO_MODULES_DIR 1003 -# define OPENSSL_INFO_DSO_EXTENSION 1004 -# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 -# define OPENSSL_INFO_LIST_SEPARATOR 1006 -# define OPENSSL_INFO_SEED_SOURCE 1007 -# define OPENSSL_INFO_CPU_SETTINGS 1008 +#define OPENSSL_INFO_CONFIG_DIR 1001 +#define OPENSSL_INFO_ENGINES_DIR 1002 +#define OPENSSL_INFO_MODULES_DIR 1003 +#define OPENSSL_INFO_DSO_EXTENSION 1004 +#define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 +#define OPENSSL_INFO_LIST_SEPARATOR 1006 +#define OPENSSL_INFO_SEED_SOURCE 1007 +#define OPENSSL_INFO_CPU_SETTINGS 1008 int OPENSSL_issetugid(void); @@ -183,45 +187,46 @@ STACK_OF(void) *sk; }; +/* clang-format off */ {- generate_stack_macros("void"); -} - +/* clang-format on */ /* * Per class, we have a STACK of function pointers. */ -# define CRYPTO_EX_INDEX_SSL 0 -# define CRYPTO_EX_INDEX_SSL_CTX 1 -# define CRYPTO_EX_INDEX_SSL_SESSION 2 -# define CRYPTO_EX_INDEX_X509 3 -# define CRYPTO_EX_INDEX_X509_STORE 4 -# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -# define CRYPTO_EX_INDEX_DH 6 -# define CRYPTO_EX_INDEX_DSA 7 -# define CRYPTO_EX_INDEX_EC_KEY 8 -# define CRYPTO_EX_INDEX_RSA 9 -# define CRYPTO_EX_INDEX_ENGINE 10 -# define CRYPTO_EX_INDEX_UI 11 -# define CRYPTO_EX_INDEX_BIO 12 -# define CRYPTO_EX_INDEX_APP 13 -# define CRYPTO_EX_INDEX_UI_METHOD 14 -# define CRYPTO_EX_INDEX_RAND_DRBG 15 -# define CRYPTO_EX_INDEX_DRBG CRYPTO_EX_INDEX_RAND_DRBG -# define CRYPTO_EX_INDEX_OSSL_LIB_CTX 16 -# define CRYPTO_EX_INDEX_EVP_PKEY 17 -# define CRYPTO_EX_INDEX__COUNT 18 - -typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **from_d, int idx, long argl, void *argp); +#define CRYPTO_EX_INDEX_SSL 0 +#define CRYPTO_EX_INDEX_SSL_CTX 1 +#define CRYPTO_EX_INDEX_SSL_SESSION 2 +#define CRYPTO_EX_INDEX_X509 3 +#define CRYPTO_EX_INDEX_X509_STORE 4 +#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +#define CRYPTO_EX_INDEX_DH 6 +#define CRYPTO_EX_INDEX_DSA 7 +#define CRYPTO_EX_INDEX_EC_KEY 8 +#define CRYPTO_EX_INDEX_RSA 9 +#define CRYPTO_EX_INDEX_ENGINE 10 +#define CRYPTO_EX_INDEX_UI 11 +#define CRYPTO_EX_INDEX_BIO 12 +#define CRYPTO_EX_INDEX_APP 13 +#define CRYPTO_EX_INDEX_UI_METHOD 14 +#define CRYPTO_EX_INDEX_RAND_DRBG 15 +#define CRYPTO_EX_INDEX_DRBG CRYPTO_EX_INDEX_RAND_DRBG +#define CRYPTO_EX_INDEX_OSSL_LIB_CTX 16 +#define CRYPTO_EX_INDEX_EVP_PKEY 17 +#define CRYPTO_EX_INDEX__COUNT 18 + +typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void **from_d, int idx, long argl, void *argp); __owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); /* No longer use an index. */ int CRYPTO_free_ex_index(int class_index, int idx); @@ -231,13 +236,13 @@ */ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - const CRYPTO_EX_DATA *from); + const CRYPTO_EX_DATA *from); void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); /* Allocate a single item in the CRYPTO_EX_DATA variable */ int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, - int idx); + int idx); /* * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular @@ -246,12 +251,14 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* * This function cleans up all "ex_data" state. It mustn't be called under * potential race-conditions. */ -# define CRYPTO_cleanup_all_ex_data() while(0) continue +#define CRYPTO_cleanup_all_ex_data() \ + while (0) \ + continue /* * The old locking functions have been removed completely without compatibility @@ -263,60 +270,60 @@ * On the other hand, the locking callbacks are no longer used. Consequently, * the callback management functions can be safely replaced with no-op macros. */ -# define CRYPTO_num_locks() (1) -# define CRYPTO_set_locking_callback(func) -# define CRYPTO_get_locking_callback() (NULL) -# define CRYPTO_set_add_lock_callback(func) -# define CRYPTO_get_add_lock_callback() (NULL) +#define CRYPTO_num_locks() (1) +#define CRYPTO_set_locking_callback(func) +#define CRYPTO_get_locking_callback() (NULL) +#define CRYPTO_set_add_lock_callback(func) +#define CRYPTO_get_add_lock_callback() (NULL) /* * These defines where used in combination with the old locking callbacks, * they are not called anymore, but old code that's not called might still * use them. */ -# define CRYPTO_LOCK 1 -# define CRYPTO_UNLOCK 2 -# define CRYPTO_READ 4 -# define CRYPTO_WRITE 8 +#define CRYPTO_LOCK 1 +#define CRYPTO_UNLOCK 2 +#define CRYPTO_READ 4 +#define CRYPTO_WRITE 8 /* This structure is no longer used */ typedef struct crypto_threadid_st { int dummy; } CRYPTO_THREADID; /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ -# define CRYPTO_THREADID_set_numeric(id, val) -# define CRYPTO_THREADID_set_pointer(id, ptr) -# define CRYPTO_THREADID_set_callback(threadid_func) (0) -# define CRYPTO_THREADID_get_callback() (NULL) -# define CRYPTO_THREADID_current(id) -# define CRYPTO_THREADID_cmp(a, b) (-1) -# define CRYPTO_THREADID_cpy(dest, src) -# define CRYPTO_THREADID_hash(id) (0UL) - -# ifndef OPENSSL_NO_DEPRECATED_1_0_0 -# define CRYPTO_set_id_callback(func) -# define CRYPTO_get_id_callback() (NULL) -# define CRYPTO_thread_id() (0UL) -# endif /* OPENSSL_NO_DEPRECATED_1_0_0 */ - -# define CRYPTO_set_dynlock_create_callback(dyn_create_function) -# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) -# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) -# define CRYPTO_get_dynlock_create_callback() (NULL) -# define CRYPTO_get_dynlock_lock_callback() (NULL) -# define CRYPTO_get_dynlock_destroy_callback() (NULL) -# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ +#define CRYPTO_THREADID_set_numeric(id, val) +#define CRYPTO_THREADID_set_pointer(id, ptr) +#define CRYPTO_THREADID_set_callback(threadid_func) (0) +#define CRYPTO_THREADID_get_callback() (NULL) +#define CRYPTO_THREADID_current(id) +#define CRYPTO_THREADID_cmp(a, b) (-1) +#define CRYPTO_THREADID_cpy(dest, src) +#define CRYPTO_THREADID_hash(id) (0UL) + +#ifndef OPENSSL_NO_DEPRECATED_1_0_0 +#define CRYPTO_set_id_callback(func) +#define CRYPTO_get_id_callback() (NULL) +#define CRYPTO_thread_id() (0UL) +#endif /* OPENSSL_NO_DEPRECATED_1_0_0 */ + +#define CRYPTO_set_dynlock_create_callback(dyn_create_function) +#define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +#define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +#define CRYPTO_get_dynlock_create_callback() (NULL) +#define CRYPTO_get_dynlock_lock_callback() (NULL) +#define CRYPTO_get_dynlock_destroy_callback() (NULL) +#endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, - int line); + int line); typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line); int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, - CRYPTO_realloc_fn realloc_fn, - CRYPTO_free_fn free_fn); + CRYPTO_realloc_fn realloc_fn, + CRYPTO_free_fn free_fn); void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, - CRYPTO_realloc_fn *realloc_fn, - CRYPTO_free_fn *free_fn); + CRYPTO_realloc_fn *realloc_fn, + CRYPTO_free_fn *free_fn); void *CRYPTO_malloc(size_t num, const char *file, int line); void *CRYPTO_zalloc(size_t num, const char *file, int line); @@ -327,7 +334,7 @@ void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, - const char *file, int line); + const char *file, int line); int CRYPTO_secure_malloc_init(size_t sz, size_t minsize); int CRYPTO_secure_malloc_done(void); @@ -335,7 +342,7 @@ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); void CRYPTO_secure_free(void *ptr, const char *file, int line); void CRYPTO_secure_clear_free(void *ptr, size_t num, - const char *file, int line); + const char *file, int line); int CRYPTO_secure_allocated(const void *ptr); int CRYPTO_secure_malloc_initialized(void); size_t CRYPTO_secure_actual_size(void *ptr); @@ -343,74 +350,74 @@ void OPENSSL_cleanse(void *ptr, size_t len); -# ifndef OPENSSL_NO_CRYPTO_MDEBUG +#ifndef OPENSSL_NO_CRYPTO_MDEBUG /* * The following can be used to detect memory leaks in the library. If * used, it turns on malloc checking */ -# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ -# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ -# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ -# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ +#define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +#define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define OPENSSL_mem_debug_push(info) \ - CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_mem_debug_pop() \ - CRYPTO_mem_debug_pop() -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +#define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int CRYPTO_set_mem_debug(int flag); OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_ctrl(int mode); OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_debug_push(const char *info, - const char *file, int line); + const char *file, int line); OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_debug_pop(void); OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_malloc(void *addr, size_t num, - int flag, - const char *file, int line); + int flag, + const char *file, int line); OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, - size_t num, int flag, - const char *file, int line); + size_t num, int flag, + const char *file, int line); OSSL_DEPRECATEDIN_3_0 void CRYPTO_mem_debug_free(void *addr, int flag, - const char *file, int line); + const char *file, int line); OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), - void *u); -# endif -# ifndef OPENSSL_NO_STDIO -# ifndef OPENSSL_NO_DEPRECATED_3_0 + void *u); +#endif +#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks_fp(FILE *); -# endif -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int CRYPTO_mem_leaks(BIO *bio); -# endif -# endif /* OPENSSL_NO_CRYPTO_MDEBUG */ +#endif +#endif /* OPENSSL_NO_CRYPTO_MDEBUG */ /* die if we have to */ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) -# endif -# define OPENSSL_assert(e) \ +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define OpenSSLDie(f, l, a) OPENSSL_die((a), (f), (l)) +#endif +#define OPENSSL_assert(e) \ (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) int OPENSSL_isservice(void); void OPENSSL_init(void); -# ifdef OPENSSL_SYS_UNIX -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifdef OPENSSL_SYS_UNIX +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_prepare(void); OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_parent(void); OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_child(void); -# endif -# endif +#endif +#endif struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); int OPENSSL_gmtime_diff(int *pday, int *psec, - const struct tm *from, const struct tm *to); + const struct tm *from, const struct tm *to); /* * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. @@ -419,29 +426,29 @@ * into a defined order as the return value when a != b is undefined, other * than to be non-zero. */ -int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); +int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len); /* Standard initialisation options */ -# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L -# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L -# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L -# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L -# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L -# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L -# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L -# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L -# define OPENSSL_INIT_ASYNC 0x00000100L -# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L -# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L -# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L -# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L -# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L -# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L -# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +#define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +#define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +#define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +#define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +#define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +#define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +#define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +#define OPENSSL_INIT_ASYNC 0x00000100L +#define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +#define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +#define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +#define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +#define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +#define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +#define OPENSSL_INIT_ENGINE_AFALG 0x00008000L /* FREE: 0x00010000L */ -# define OPENSSL_INIT_ATFORK 0x00020000L +#define OPENSSL_INIT_ATFORK 0x00020000L /* OPENSSL_INIT_BASE_ONLY 0x00040000L */ -# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +#define OPENSSL_INIT_NO_ATEXIT 0x00080000L /* OPENSSL_INIT flag range 0x03f00000 reserved for OPENSSL_init_ssl() */ /* FREE: 0x04000000L */ /* FREE: 0x08000000L */ @@ -452,10 +459,9 @@ /* Max OPENSSL_INIT flag value is 0x80000000 */ /* openssl and dasync not counted as builtin */ -# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ +#define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ - | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ - OPENSSL_INIT_ENGINE_PADLOCK) + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | OPENSSL_INIT_ENGINE_PADLOCK) /* Library initialisation functions */ void OPENSSL_cleanup(void); @@ -466,48 +472,48 @@ /* Low-level control of initialization */ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, - const char *config_filename); + const char *config_filename); void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, - unsigned long flags); + unsigned long flags); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, - const char *config_appname); -# endif + const char *config_appname); +#endif void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); -# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) -# if defined(_WIN32) -# if defined(BASETYPES) || defined(_WINDEF_H) +#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +#if defined(_WIN32) +#if defined(BASETYPES) || defined(_WINDEF_H) /* application has to include in order to use this */ typedef DWORD CRYPTO_THREAD_LOCAL; typedef DWORD CRYPTO_THREAD_ID; typedef LONG CRYPTO_ONCE; -# define CRYPTO_ONCE_STATIC_INIT 0 -# endif -# else -# if defined(__TANDEM) && defined(_SPT_MODEL_) -# define SPT_THREAD_SIGNAL 1 -# define SPT_THREAD_AWARE 1 -# include -# else -# include -# endif +#define CRYPTO_ONCE_STATIC_INIT 0 +#endif +#else +#if defined(__TANDEM) && defined(_SPT_MODEL_) +#define SPT_THREAD_SIGNAL 1 +#define SPT_THREAD_AWARE 1 +#include +#else +#include +#endif typedef pthread_once_t CRYPTO_ONCE; typedef pthread_key_t CRYPTO_THREAD_LOCAL; typedef pthread_t CRYPTO_THREAD_ID; -# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT -# endif -# endif +#define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +#endif +#endif -# if !defined(CRYPTO_ONCE_STATIC_INIT) +#if !defined(CRYPTO_ONCE_STATIC_INIT) typedef unsigned int CRYPTO_ONCE; typedef unsigned int CRYPTO_THREAD_LOCAL; typedef unsigned int CRYPTO_THREAD_ID; -# define CRYPTO_ONCE_STATIC_INIT 0 -# endif +#define CRYPTO_ONCE_STATIC_INIT 0 +#endif int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); @@ -521,15 +527,15 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_new(void); OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in); + const OSSL_DISPATCH *in); OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in); + const OSSL_DISPATCH *in); int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file); void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/cryptoerr.h.orig +++ crypto/openssl/include/openssl/cryptoerr.h @@ -9,38 +9,36 @@ */ #ifndef OPENSSL_CRYPTOERR_H -# define OPENSSL_CRYPTOERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_CRYPTOERR_H +#pragma once +#include +#include +#include /* * CRYPTO reason codes. */ -# define CRYPTO_R_BAD_ALGORITHM_NAME 117 -# define CRYPTO_R_CONFLICTING_NAMES 118 -# define CRYPTO_R_HEX_STRING_TOO_SHORT 121 -# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 -# define CRYPTO_R_INSUFFICIENT_DATA_SPACE 106 -# define CRYPTO_R_INSUFFICIENT_PARAM_SIZE 107 -# define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE 108 -# define CRYPTO_R_INVALID_NEGATIVE_VALUE 122 -# define CRYPTO_R_INVALID_NULL_ARGUMENT 109 -# define CRYPTO_R_INVALID_OSSL_PARAM_TYPE 110 -# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 -# define CRYPTO_R_PROVIDER_ALREADY_EXISTS 104 -# define CRYPTO_R_PROVIDER_SECTION_ERROR 105 -# define CRYPTO_R_RANDOM_SECTION_ERROR 119 -# define CRYPTO_R_SECURE_MALLOC_FAILURE 111 -# define CRYPTO_R_STRING_TOO_LONG 112 -# define CRYPTO_R_TOO_MANY_BYTES 113 -# define CRYPTO_R_TOO_MANY_RECORDS 114 -# define CRYPTO_R_TOO_SMALL_BUFFER 116 -# define CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION 120 -# define CRYPTO_R_ZERO_LENGTH_NUMBER 115 +#define CRYPTO_R_BAD_ALGORITHM_NAME 117 +#define CRYPTO_R_CONFLICTING_NAMES 118 +#define CRYPTO_R_HEX_STRING_TOO_SHORT 121 +#define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +#define CRYPTO_R_INSUFFICIENT_DATA_SPACE 106 +#define CRYPTO_R_INSUFFICIENT_PARAM_SIZE 107 +#define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE 108 +#define CRYPTO_R_INVALID_NEGATIVE_VALUE 122 +#define CRYPTO_R_INVALID_NULL_ARGUMENT 109 +#define CRYPTO_R_INVALID_OSSL_PARAM_TYPE 110 +#define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 +#define CRYPTO_R_PROVIDER_ALREADY_EXISTS 104 +#define CRYPTO_R_PROVIDER_SECTION_ERROR 105 +#define CRYPTO_R_RANDOM_SECTION_ERROR 119 +#define CRYPTO_R_SECURE_MALLOC_FAILURE 111 +#define CRYPTO_R_STRING_TOO_LONG 112 +#define CRYPTO_R_TOO_MANY_BYTES 113 +#define CRYPTO_R_TOO_MANY_RECORDS 114 +#define CRYPTO_R_TOO_SMALL_BUFFER 116 +#define CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION 120 +#define CRYPTO_R_ZERO_LENGTH_NUMBER 115 #endif --- crypto/openssl/include/openssl/cryptoerr_legacy.h.orig +++ crypto/openssl/include/openssl/cryptoerr_legacy.h @@ -15,61 +15,61 @@ */ #ifndef OPENSSL_CRYPTOERR_LEGACY_H -# define OPENSSL_CRYPTOERR_LEGACY_H -# pragma once +#define OPENSSL_CRYPTOERR_LEGACY_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ERR_load_ASN1_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_ASYNC_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_BIO_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_BN_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_BUF_strings(void); -# ifndef OPENSSL_NO_CMS +#ifndef OPENSSL_NO_CMS OSSL_DEPRECATEDIN_3_0 int ERR_load_CMS_strings(void); -# endif -# ifndef OPENSSL_NO_COMP +#endif +#ifndef OPENSSL_NO_COMP OSSL_DEPRECATEDIN_3_0 int ERR_load_COMP_strings(void); -# endif +#endif OSSL_DEPRECATEDIN_3_0 int ERR_load_CONF_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_CRYPTO_strings(void); -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT OSSL_DEPRECATEDIN_3_0 int ERR_load_CT_strings(void); -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH OSSL_DEPRECATEDIN_3_0 int ERR_load_DH_strings(void); -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA OSSL_DEPRECATEDIN_3_0 int ERR_load_DSA_strings(void); -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC OSSL_DEPRECATEDIN_3_0 int ERR_load_EC_strings(void); -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE OSSL_DEPRECATEDIN_3_0 int ERR_load_ENGINE_strings(void); -# endif +#endif OSSL_DEPRECATEDIN_3_0 int ERR_load_ERR_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_EVP_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_KDF_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_OBJ_strings(void); -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP OSSL_DEPRECATEDIN_3_0 int ERR_load_OCSP_strings(void); -# endif +#endif OSSL_DEPRECATEDIN_3_0 int ERR_load_PEM_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_PKCS12_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_PKCS7_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_RAND_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_RSA_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_OSSL_STORE_strings(void); -# ifndef OPENSSL_NO_TS +#ifndef OPENSSL_NO_TS OSSL_DEPRECATEDIN_3_0 int ERR_load_TS_strings(void); -# endif +#endif OSSL_DEPRECATEDIN_3_0 int ERR_load_UI_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_X509_strings(void); OSSL_DEPRECATEDIN_3_0 int ERR_load_X509V3_strings(void); @@ -79,1388 +79,1388 @@ /* * ASN1 function codes. */ -# define ASN1_F_A2D_ASN1_OBJECT 0 -# define ASN1_F_A2I_ASN1_INTEGER 0 -# define ASN1_F_A2I_ASN1_STRING 0 -# define ASN1_F_APPEND_EXP 0 -# define ASN1_F_ASN1_BIO_INIT 0 -# define ASN1_F_ASN1_BIT_STRING_SET_BIT 0 -# define ASN1_F_ASN1_CB 0 -# define ASN1_F_ASN1_CHECK_TLEN 0 -# define ASN1_F_ASN1_COLLECT 0 -# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 0 -# define ASN1_F_ASN1_D2I_FP 0 -# define ASN1_F_ASN1_D2I_READ_BIO 0 -# define ASN1_F_ASN1_DIGEST 0 -# define ASN1_F_ASN1_DO_ADB 0 -# define ASN1_F_ASN1_DO_LOCK 0 -# define ASN1_F_ASN1_DUP 0 -# define ASN1_F_ASN1_ENC_SAVE 0 -# define ASN1_F_ASN1_EX_C2I 0 -# define ASN1_F_ASN1_FIND_END 0 -# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 0 -# define ASN1_F_ASN1_GENERATE_V3 0 -# define ASN1_F_ASN1_GET_INT64 0 -# define ASN1_F_ASN1_GET_OBJECT 0 -# define ASN1_F_ASN1_GET_UINT64 0 -# define ASN1_F_ASN1_I2D_BIO 0 -# define ASN1_F_ASN1_I2D_FP 0 -# define ASN1_F_ASN1_ITEM_D2I_FP 0 -# define ASN1_F_ASN1_ITEM_DUP 0 -# define ASN1_F_ASN1_ITEM_EMBED_D2I 0 -# define ASN1_F_ASN1_ITEM_EMBED_NEW 0 -# define ASN1_F_ASN1_ITEM_FLAGS_I2D 0 -# define ASN1_F_ASN1_ITEM_I2D_BIO 0 -# define ASN1_F_ASN1_ITEM_I2D_FP 0 -# define ASN1_F_ASN1_ITEM_PACK 0 -# define ASN1_F_ASN1_ITEM_SIGN 0 -# define ASN1_F_ASN1_ITEM_SIGN_CTX 0 -# define ASN1_F_ASN1_ITEM_UNPACK 0 -# define ASN1_F_ASN1_ITEM_VERIFY 0 -# define ASN1_F_ASN1_MBSTRING_NCOPY 0 -# define ASN1_F_ASN1_OBJECT_NEW 0 -# define ASN1_F_ASN1_OUTPUT_DATA 0 -# define ASN1_F_ASN1_PCTX_NEW 0 -# define ASN1_F_ASN1_PRIMITIVE_NEW 0 -# define ASN1_F_ASN1_SCTX_NEW 0 -# define ASN1_F_ASN1_SIGN 0 -# define ASN1_F_ASN1_STR2TYPE 0 -# define ASN1_F_ASN1_STRING_GET_INT64 0 -# define ASN1_F_ASN1_STRING_GET_UINT64 0 -# define ASN1_F_ASN1_STRING_SET 0 -# define ASN1_F_ASN1_STRING_TABLE_ADD 0 -# define ASN1_F_ASN1_STRING_TO_BN 0 -# define ASN1_F_ASN1_STRING_TYPE_NEW 0 -# define ASN1_F_ASN1_TEMPLATE_EX_D2I 0 -# define ASN1_F_ASN1_TEMPLATE_NEW 0 -# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 0 -# define ASN1_F_ASN1_TIME_ADJ 0 -# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 0 -# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 0 -# define ASN1_F_ASN1_UTCTIME_ADJ 0 -# define ASN1_F_ASN1_VERIFY 0 -# define ASN1_F_B64_READ_ASN1 0 -# define ASN1_F_B64_WRITE_ASN1 0 -# define ASN1_F_BIO_NEW_NDEF 0 -# define ASN1_F_BITSTR_CB 0 -# define ASN1_F_BN_TO_ASN1_STRING 0 -# define ASN1_F_C2I_ASN1_BIT_STRING 0 -# define ASN1_F_C2I_ASN1_INTEGER 0 -# define ASN1_F_C2I_ASN1_OBJECT 0 -# define ASN1_F_C2I_IBUF 0 -# define ASN1_F_C2I_UINT64_INT 0 -# define ASN1_F_COLLECT_DATA 0 -# define ASN1_F_D2I_ASN1_OBJECT 0 -# define ASN1_F_D2I_ASN1_UINTEGER 0 -# define ASN1_F_D2I_AUTOPRIVATEKEY 0 -# define ASN1_F_D2I_PRIVATEKEY 0 -# define ASN1_F_D2I_PUBLICKEY 0 -# define ASN1_F_DO_BUF 0 -# define ASN1_F_DO_CREATE 0 -# define ASN1_F_DO_DUMP 0 -# define ASN1_F_DO_TCREATE 0 -# define ASN1_F_I2A_ASN1_OBJECT 0 -# define ASN1_F_I2D_ASN1_BIO_STREAM 0 -# define ASN1_F_I2D_ASN1_OBJECT 0 -# define ASN1_F_I2D_DSA_PUBKEY 0 -# define ASN1_F_I2D_EC_PUBKEY 0 -# define ASN1_F_I2D_PRIVATEKEY 0 -# define ASN1_F_I2D_PUBLICKEY 0 -# define ASN1_F_I2D_RSA_PUBKEY 0 -# define ASN1_F_LONG_C2I 0 -# define ASN1_F_NDEF_PREFIX 0 -# define ASN1_F_NDEF_SUFFIX 0 -# define ASN1_F_OID_MODULE_INIT 0 -# define ASN1_F_PARSE_TAGGING 0 -# define ASN1_F_PKCS5_PBE2_SET_IV 0 -# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 0 -# define ASN1_F_PKCS5_PBE_SET 0 -# define ASN1_F_PKCS5_PBE_SET0_ALGOR 0 -# define ASN1_F_PKCS5_PBKDF2_SET 0 -# define ASN1_F_PKCS5_SCRYPT_SET 0 -# define ASN1_F_SMIME_READ_ASN1 0 -# define ASN1_F_SMIME_TEXT 0 -# define ASN1_F_STABLE_GET 0 -# define ASN1_F_STBL_MODULE_INIT 0 -# define ASN1_F_UINT32_C2I 0 -# define ASN1_F_UINT32_NEW 0 -# define ASN1_F_UINT64_C2I 0 -# define ASN1_F_UINT64_NEW 0 -# define ASN1_F_X509_CRL_ADD0_REVOKED 0 -# define ASN1_F_X509_INFO_NEW 0 -# define ASN1_F_X509_NAME_ENCODE 0 -# define ASN1_F_X509_NAME_EX_D2I 0 -# define ASN1_F_X509_NAME_EX_NEW 0 -# define ASN1_F_X509_PKEY_NEW 0 +#define ASN1_F_A2D_ASN1_OBJECT 0 +#define ASN1_F_A2I_ASN1_INTEGER 0 +#define ASN1_F_A2I_ASN1_STRING 0 +#define ASN1_F_APPEND_EXP 0 +#define ASN1_F_ASN1_BIO_INIT 0 +#define ASN1_F_ASN1_BIT_STRING_SET_BIT 0 +#define ASN1_F_ASN1_CB 0 +#define ASN1_F_ASN1_CHECK_TLEN 0 +#define ASN1_F_ASN1_COLLECT 0 +#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 0 +#define ASN1_F_ASN1_D2I_FP 0 +#define ASN1_F_ASN1_D2I_READ_BIO 0 +#define ASN1_F_ASN1_DIGEST 0 +#define ASN1_F_ASN1_DO_ADB 0 +#define ASN1_F_ASN1_DO_LOCK 0 +#define ASN1_F_ASN1_DUP 0 +#define ASN1_F_ASN1_ENC_SAVE 0 +#define ASN1_F_ASN1_EX_C2I 0 +#define ASN1_F_ASN1_FIND_END 0 +#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 0 +#define ASN1_F_ASN1_GENERATE_V3 0 +#define ASN1_F_ASN1_GET_INT64 0 +#define ASN1_F_ASN1_GET_OBJECT 0 +#define ASN1_F_ASN1_GET_UINT64 0 +#define ASN1_F_ASN1_I2D_BIO 0 +#define ASN1_F_ASN1_I2D_FP 0 +#define ASN1_F_ASN1_ITEM_D2I_FP 0 +#define ASN1_F_ASN1_ITEM_DUP 0 +#define ASN1_F_ASN1_ITEM_EMBED_D2I 0 +#define ASN1_F_ASN1_ITEM_EMBED_NEW 0 +#define ASN1_F_ASN1_ITEM_FLAGS_I2D 0 +#define ASN1_F_ASN1_ITEM_I2D_BIO 0 +#define ASN1_F_ASN1_ITEM_I2D_FP 0 +#define ASN1_F_ASN1_ITEM_PACK 0 +#define ASN1_F_ASN1_ITEM_SIGN 0 +#define ASN1_F_ASN1_ITEM_SIGN_CTX 0 +#define ASN1_F_ASN1_ITEM_UNPACK 0 +#define ASN1_F_ASN1_ITEM_VERIFY 0 +#define ASN1_F_ASN1_MBSTRING_NCOPY 0 +#define ASN1_F_ASN1_OBJECT_NEW 0 +#define ASN1_F_ASN1_OUTPUT_DATA 0 +#define ASN1_F_ASN1_PCTX_NEW 0 +#define ASN1_F_ASN1_PRIMITIVE_NEW 0 +#define ASN1_F_ASN1_SCTX_NEW 0 +#define ASN1_F_ASN1_SIGN 0 +#define ASN1_F_ASN1_STR2TYPE 0 +#define ASN1_F_ASN1_STRING_GET_INT64 0 +#define ASN1_F_ASN1_STRING_GET_UINT64 0 +#define ASN1_F_ASN1_STRING_SET 0 +#define ASN1_F_ASN1_STRING_TABLE_ADD 0 +#define ASN1_F_ASN1_STRING_TO_BN 0 +#define ASN1_F_ASN1_STRING_TYPE_NEW 0 +#define ASN1_F_ASN1_TEMPLATE_EX_D2I 0 +#define ASN1_F_ASN1_TEMPLATE_NEW 0 +#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 0 +#define ASN1_F_ASN1_TIME_ADJ 0 +#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 0 +#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 0 +#define ASN1_F_ASN1_UTCTIME_ADJ 0 +#define ASN1_F_ASN1_VERIFY 0 +#define ASN1_F_B64_READ_ASN1 0 +#define ASN1_F_B64_WRITE_ASN1 0 +#define ASN1_F_BIO_NEW_NDEF 0 +#define ASN1_F_BITSTR_CB 0 +#define ASN1_F_BN_TO_ASN1_STRING 0 +#define ASN1_F_C2I_ASN1_BIT_STRING 0 +#define ASN1_F_C2I_ASN1_INTEGER 0 +#define ASN1_F_C2I_ASN1_OBJECT 0 +#define ASN1_F_C2I_IBUF 0 +#define ASN1_F_C2I_UINT64_INT 0 +#define ASN1_F_COLLECT_DATA 0 +#define ASN1_F_D2I_ASN1_OBJECT 0 +#define ASN1_F_D2I_ASN1_UINTEGER 0 +#define ASN1_F_D2I_AUTOPRIVATEKEY 0 +#define ASN1_F_D2I_PRIVATEKEY 0 +#define ASN1_F_D2I_PUBLICKEY 0 +#define ASN1_F_DO_BUF 0 +#define ASN1_F_DO_CREATE 0 +#define ASN1_F_DO_DUMP 0 +#define ASN1_F_DO_TCREATE 0 +#define ASN1_F_I2A_ASN1_OBJECT 0 +#define ASN1_F_I2D_ASN1_BIO_STREAM 0 +#define ASN1_F_I2D_ASN1_OBJECT 0 +#define ASN1_F_I2D_DSA_PUBKEY 0 +#define ASN1_F_I2D_EC_PUBKEY 0 +#define ASN1_F_I2D_PRIVATEKEY 0 +#define ASN1_F_I2D_PUBLICKEY 0 +#define ASN1_F_I2D_RSA_PUBKEY 0 +#define ASN1_F_LONG_C2I 0 +#define ASN1_F_NDEF_PREFIX 0 +#define ASN1_F_NDEF_SUFFIX 0 +#define ASN1_F_OID_MODULE_INIT 0 +#define ASN1_F_PARSE_TAGGING 0 +#define ASN1_F_PKCS5_PBE2_SET_IV 0 +#define ASN1_F_PKCS5_PBE2_SET_SCRYPT 0 +#define ASN1_F_PKCS5_PBE_SET 0 +#define ASN1_F_PKCS5_PBE_SET0_ALGOR 0 +#define ASN1_F_PKCS5_PBKDF2_SET 0 +#define ASN1_F_PKCS5_SCRYPT_SET 0 +#define ASN1_F_SMIME_READ_ASN1 0 +#define ASN1_F_SMIME_TEXT 0 +#define ASN1_F_STABLE_GET 0 +#define ASN1_F_STBL_MODULE_INIT 0 +#define ASN1_F_UINT32_C2I 0 +#define ASN1_F_UINT32_NEW 0 +#define ASN1_F_UINT64_C2I 0 +#define ASN1_F_UINT64_NEW 0 +#define ASN1_F_X509_CRL_ADD0_REVOKED 0 +#define ASN1_F_X509_INFO_NEW 0 +#define ASN1_F_X509_NAME_ENCODE 0 +#define ASN1_F_X509_NAME_EX_D2I 0 +#define ASN1_F_X509_NAME_EX_NEW 0 +#define ASN1_F_X509_PKEY_NEW 0 /* * ASYNC function codes. */ -# define ASYNC_F_ASYNC_CTX_NEW 0 -# define ASYNC_F_ASYNC_INIT_THREAD 0 -# define ASYNC_F_ASYNC_JOB_NEW 0 -# define ASYNC_F_ASYNC_PAUSE_JOB 0 -# define ASYNC_F_ASYNC_START_FUNC 0 -# define ASYNC_F_ASYNC_START_JOB 0 -# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 0 +#define ASYNC_F_ASYNC_CTX_NEW 0 +#define ASYNC_F_ASYNC_INIT_THREAD 0 +#define ASYNC_F_ASYNC_JOB_NEW 0 +#define ASYNC_F_ASYNC_PAUSE_JOB 0 +#define ASYNC_F_ASYNC_START_FUNC 0 +#define ASYNC_F_ASYNC_START_JOB 0 +#define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 0 /* * BIO function codes. */ -# define BIO_F_ACPT_STATE 0 -# define BIO_F_ADDRINFO_WRAP 0 -# define BIO_F_ADDR_STRINGS 0 -# define BIO_F_BIO_ACCEPT 0 -# define BIO_F_BIO_ACCEPT_EX 0 -# define BIO_F_BIO_ACCEPT_NEW 0 -# define BIO_F_BIO_ADDR_NEW 0 -# define BIO_F_BIO_BIND 0 -# define BIO_F_BIO_CALLBACK_CTRL 0 -# define BIO_F_BIO_CONNECT 0 -# define BIO_F_BIO_CONNECT_NEW 0 -# define BIO_F_BIO_CTRL 0 -# define BIO_F_BIO_GETS 0 -# define BIO_F_BIO_GET_HOST_IP 0 -# define BIO_F_BIO_GET_NEW_INDEX 0 -# define BIO_F_BIO_GET_PORT 0 -# define BIO_F_BIO_LISTEN 0 -# define BIO_F_BIO_LOOKUP 0 -# define BIO_F_BIO_LOOKUP_EX 0 -# define BIO_F_BIO_MAKE_PAIR 0 -# define BIO_F_BIO_METH_NEW 0 -# define BIO_F_BIO_NEW 0 -# define BIO_F_BIO_NEW_DGRAM_SCTP 0 -# define BIO_F_BIO_NEW_FILE 0 -# define BIO_F_BIO_NEW_MEM_BUF 0 -# define BIO_F_BIO_NREAD 0 -# define BIO_F_BIO_NREAD0 0 -# define BIO_F_BIO_NWRITE 0 -# define BIO_F_BIO_NWRITE0 0 -# define BIO_F_BIO_PARSE_HOSTSERV 0 -# define BIO_F_BIO_PUTS 0 -# define BIO_F_BIO_READ 0 -# define BIO_F_BIO_READ_EX 0 -# define BIO_F_BIO_READ_INTERN 0 -# define BIO_F_BIO_SOCKET 0 -# define BIO_F_BIO_SOCKET_NBIO 0 -# define BIO_F_BIO_SOCK_INFO 0 -# define BIO_F_BIO_SOCK_INIT 0 -# define BIO_F_BIO_WRITE 0 -# define BIO_F_BIO_WRITE_EX 0 -# define BIO_F_BIO_WRITE_INTERN 0 -# define BIO_F_BUFFER_CTRL 0 -# define BIO_F_CONN_CTRL 0 -# define BIO_F_CONN_STATE 0 -# define BIO_F_DGRAM_SCTP_NEW 0 -# define BIO_F_DGRAM_SCTP_READ 0 -# define BIO_F_DGRAM_SCTP_WRITE 0 -# define BIO_F_DOAPR_OUTCH 0 -# define BIO_F_FILE_CTRL 0 -# define BIO_F_FILE_READ 0 -# define BIO_F_LINEBUFFER_CTRL 0 -# define BIO_F_LINEBUFFER_NEW 0 -# define BIO_F_MEM_WRITE 0 -# define BIO_F_NBIOF_NEW 0 -# define BIO_F_SLG_WRITE 0 -# define BIO_F_SSL_NEW 0 +#define BIO_F_ACPT_STATE 0 +#define BIO_F_ADDRINFO_WRAP 0 +#define BIO_F_ADDR_STRINGS 0 +#define BIO_F_BIO_ACCEPT 0 +#define BIO_F_BIO_ACCEPT_EX 0 +#define BIO_F_BIO_ACCEPT_NEW 0 +#define BIO_F_BIO_ADDR_NEW 0 +#define BIO_F_BIO_BIND 0 +#define BIO_F_BIO_CALLBACK_CTRL 0 +#define BIO_F_BIO_CONNECT 0 +#define BIO_F_BIO_CONNECT_NEW 0 +#define BIO_F_BIO_CTRL 0 +#define BIO_F_BIO_GETS 0 +#define BIO_F_BIO_GET_HOST_IP 0 +#define BIO_F_BIO_GET_NEW_INDEX 0 +#define BIO_F_BIO_GET_PORT 0 +#define BIO_F_BIO_LISTEN 0 +#define BIO_F_BIO_LOOKUP 0 +#define BIO_F_BIO_LOOKUP_EX 0 +#define BIO_F_BIO_MAKE_PAIR 0 +#define BIO_F_BIO_METH_NEW 0 +#define BIO_F_BIO_NEW 0 +#define BIO_F_BIO_NEW_DGRAM_SCTP 0 +#define BIO_F_BIO_NEW_FILE 0 +#define BIO_F_BIO_NEW_MEM_BUF 0 +#define BIO_F_BIO_NREAD 0 +#define BIO_F_BIO_NREAD0 0 +#define BIO_F_BIO_NWRITE 0 +#define BIO_F_BIO_NWRITE0 0 +#define BIO_F_BIO_PARSE_HOSTSERV 0 +#define BIO_F_BIO_PUTS 0 +#define BIO_F_BIO_READ 0 +#define BIO_F_BIO_READ_EX 0 +#define BIO_F_BIO_READ_INTERN 0 +#define BIO_F_BIO_SOCKET 0 +#define BIO_F_BIO_SOCKET_NBIO 0 +#define BIO_F_BIO_SOCK_INFO 0 +#define BIO_F_BIO_SOCK_INIT 0 +#define BIO_F_BIO_WRITE 0 +#define BIO_F_BIO_WRITE_EX 0 +#define BIO_F_BIO_WRITE_INTERN 0 +#define BIO_F_BUFFER_CTRL 0 +#define BIO_F_CONN_CTRL 0 +#define BIO_F_CONN_STATE 0 +#define BIO_F_DGRAM_SCTP_NEW 0 +#define BIO_F_DGRAM_SCTP_READ 0 +#define BIO_F_DGRAM_SCTP_WRITE 0 +#define BIO_F_DOAPR_OUTCH 0 +#define BIO_F_FILE_CTRL 0 +#define BIO_F_FILE_READ 0 +#define BIO_F_LINEBUFFER_CTRL 0 +#define BIO_F_LINEBUFFER_NEW 0 +#define BIO_F_MEM_WRITE 0 +#define BIO_F_NBIOF_NEW 0 +#define BIO_F_SLG_WRITE 0 +#define BIO_F_SSL_NEW 0 /* * BN function codes. */ -# define BN_F_BNRAND 0 -# define BN_F_BNRAND_RANGE 0 -# define BN_F_BN_BLINDING_CONVERT_EX 0 -# define BN_F_BN_BLINDING_CREATE_PARAM 0 -# define BN_F_BN_BLINDING_INVERT_EX 0 -# define BN_F_BN_BLINDING_NEW 0 -# define BN_F_BN_BLINDING_UPDATE 0 -# define BN_F_BN_BN2DEC 0 -# define BN_F_BN_BN2HEX 0 -# define BN_F_BN_COMPUTE_WNAF 0 -# define BN_F_BN_CTX_GET 0 -# define BN_F_BN_CTX_NEW 0 -# define BN_F_BN_CTX_START 0 -# define BN_F_BN_DIV 0 -# define BN_F_BN_DIV_RECP 0 -# define BN_F_BN_EXP 0 -# define BN_F_BN_EXPAND_INTERNAL 0 -# define BN_F_BN_GENCB_NEW 0 -# define BN_F_BN_GENERATE_DSA_NONCE 0 -# define BN_F_BN_GENERATE_PRIME_EX 0 -# define BN_F_BN_GF2M_MOD 0 -# define BN_F_BN_GF2M_MOD_EXP 0 -# define BN_F_BN_GF2M_MOD_MUL 0 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 0 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 0 -# define BN_F_BN_GF2M_MOD_SQR 0 -# define BN_F_BN_GF2M_MOD_SQRT 0 -# define BN_F_BN_LSHIFT 0 -# define BN_F_BN_MOD_EXP2_MONT 0 -# define BN_F_BN_MOD_EXP_MONT 0 -# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 0 -# define BN_F_BN_MOD_EXP_MONT_WORD 0 -# define BN_F_BN_MOD_EXP_RECP 0 -# define BN_F_BN_MOD_EXP_SIMPLE 0 -# define BN_F_BN_MOD_INVERSE 0 -# define BN_F_BN_MOD_INVERSE_NO_BRANCH 0 -# define BN_F_BN_MOD_LSHIFT_QUICK 0 -# define BN_F_BN_MOD_SQRT 0 -# define BN_F_BN_MONT_CTX_NEW 0 -# define BN_F_BN_MPI2BN 0 -# define BN_F_BN_NEW 0 -# define BN_F_BN_POOL_GET 0 -# define BN_F_BN_RAND 0 -# define BN_F_BN_RAND_RANGE 0 -# define BN_F_BN_RECP_CTX_NEW 0 -# define BN_F_BN_RSHIFT 0 -# define BN_F_BN_SET_WORDS 0 -# define BN_F_BN_STACK_PUSH 0 -# define BN_F_BN_USUB 0 +#define BN_F_BNRAND 0 +#define BN_F_BNRAND_RANGE 0 +#define BN_F_BN_BLINDING_CONVERT_EX 0 +#define BN_F_BN_BLINDING_CREATE_PARAM 0 +#define BN_F_BN_BLINDING_INVERT_EX 0 +#define BN_F_BN_BLINDING_NEW 0 +#define BN_F_BN_BLINDING_UPDATE 0 +#define BN_F_BN_BN2DEC 0 +#define BN_F_BN_BN2HEX 0 +#define BN_F_BN_COMPUTE_WNAF 0 +#define BN_F_BN_CTX_GET 0 +#define BN_F_BN_CTX_NEW 0 +#define BN_F_BN_CTX_START 0 +#define BN_F_BN_DIV 0 +#define BN_F_BN_DIV_RECP 0 +#define BN_F_BN_EXP 0 +#define BN_F_BN_EXPAND_INTERNAL 0 +#define BN_F_BN_GENCB_NEW 0 +#define BN_F_BN_GENERATE_DSA_NONCE 0 +#define BN_F_BN_GENERATE_PRIME_EX 0 +#define BN_F_BN_GF2M_MOD 0 +#define BN_F_BN_GF2M_MOD_EXP 0 +#define BN_F_BN_GF2M_MOD_MUL 0 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 0 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 0 +#define BN_F_BN_GF2M_MOD_SQR 0 +#define BN_F_BN_GF2M_MOD_SQRT 0 +#define BN_F_BN_LSHIFT 0 +#define BN_F_BN_MOD_EXP2_MONT 0 +#define BN_F_BN_MOD_EXP_MONT 0 +#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 0 +#define BN_F_BN_MOD_EXP_MONT_WORD 0 +#define BN_F_BN_MOD_EXP_RECP 0 +#define BN_F_BN_MOD_EXP_SIMPLE 0 +#define BN_F_BN_MOD_INVERSE 0 +#define BN_F_BN_MOD_INVERSE_NO_BRANCH 0 +#define BN_F_BN_MOD_LSHIFT_QUICK 0 +#define BN_F_BN_MOD_SQRT 0 +#define BN_F_BN_MONT_CTX_NEW 0 +#define BN_F_BN_MPI2BN 0 +#define BN_F_BN_NEW 0 +#define BN_F_BN_POOL_GET 0 +#define BN_F_BN_RAND 0 +#define BN_F_BN_RAND_RANGE 0 +#define BN_F_BN_RECP_CTX_NEW 0 +#define BN_F_BN_RSHIFT 0 +#define BN_F_BN_SET_WORDS 0 +#define BN_F_BN_STACK_PUSH 0 +#define BN_F_BN_USUB 0 /* * BUF function codes. */ -# define BUF_F_BUF_MEM_GROW 0 -# define BUF_F_BUF_MEM_GROW_CLEAN 0 -# define BUF_F_BUF_MEM_NEW 0 +#define BUF_F_BUF_MEM_GROW 0 +#define BUF_F_BUF_MEM_GROW_CLEAN 0 +#define BUF_F_BUF_MEM_NEW 0 -# ifndef OPENSSL_NO_CMS +#ifndef OPENSSL_NO_CMS /* * CMS function codes. */ -# define CMS_F_CHECK_CONTENT 0 -# define CMS_F_CMS_ADD0_CERT 0 -# define CMS_F_CMS_ADD0_RECIPIENT_KEY 0 -# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 0 -# define CMS_F_CMS_ADD1_RECEIPTREQUEST 0 -# define CMS_F_CMS_ADD1_RECIPIENT_CERT 0 -# define CMS_F_CMS_ADD1_SIGNER 0 -# define CMS_F_CMS_ADD1_SIGNINGTIME 0 -# define CMS_F_CMS_COMPRESS 0 -# define CMS_F_CMS_COMPRESSEDDATA_CREATE 0 -# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 0 -# define CMS_F_CMS_COPY_CONTENT 0 -# define CMS_F_CMS_COPY_MESSAGEDIGEST 0 -# define CMS_F_CMS_DATA 0 -# define CMS_F_CMS_DATAFINAL 0 -# define CMS_F_CMS_DATAINIT 0 -# define CMS_F_CMS_DECRYPT 0 -# define CMS_F_CMS_DECRYPT_SET1_KEY 0 -# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 0 -# define CMS_F_CMS_DECRYPT_SET1_PKEY 0 -# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 0 -# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 0 -# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 0 -# define CMS_F_CMS_DIGEST_VERIFY 0 -# define CMS_F_CMS_ENCODE_RECEIPT 0 -# define CMS_F_CMS_ENCRYPT 0 -# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 0 -# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 0 -# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 0 -# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 0 -# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 0 -# define CMS_F_CMS_ENVELOPEDDATA_CREATE 0 -# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 0 -# define CMS_F_CMS_ENVELOPED_DATA_INIT 0 -# define CMS_F_CMS_ENV_ASN1_CTRL 0 -# define CMS_F_CMS_FINAL 0 -# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 0 -# define CMS_F_CMS_GET0_CONTENT 0 -# define CMS_F_CMS_GET0_ECONTENT_TYPE 0 -# define CMS_F_CMS_GET0_ENVELOPED 0 -# define CMS_F_CMS_GET0_REVOCATION_CHOICES 0 -# define CMS_F_CMS_GET0_SIGNED 0 -# define CMS_F_CMS_MSGSIGDIGEST_ADD1 0 -# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 0 -# define CMS_F_CMS_RECEIPT_VERIFY 0 -# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 0 -# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 0 -# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 0 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 0 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 0 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 0 -# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 0 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 0 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 0 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 0 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 0 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 0 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 0 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 0 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 0 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 0 -# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 0 -# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 0 -# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 0 -# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 0 -# define CMS_F_CMS_SD_ASN1_CTRL 0 -# define CMS_F_CMS_SET1_IAS 0 -# define CMS_F_CMS_SET1_KEYID 0 -# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 0 -# define CMS_F_CMS_SET_DETACHED 0 -# define CMS_F_CMS_SIGN 0 -# define CMS_F_CMS_SIGNED_DATA_INIT 0 -# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 0 -# define CMS_F_CMS_SIGNERINFO_SIGN 0 -# define CMS_F_CMS_SIGNERINFO_VERIFY 0 -# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 0 -# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 0 -# define CMS_F_CMS_SIGN_RECEIPT 0 -# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 0 -# define CMS_F_CMS_STREAM 0 -# define CMS_F_CMS_UNCOMPRESS 0 -# define CMS_F_CMS_VERIFY 0 -# define CMS_F_KEK_UNWRAP_KEY 0 -# endif +#define CMS_F_CHECK_CONTENT 0 +#define CMS_F_CMS_ADD0_CERT 0 +#define CMS_F_CMS_ADD0_RECIPIENT_KEY 0 +#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 0 +#define CMS_F_CMS_ADD1_RECEIPTREQUEST 0 +#define CMS_F_CMS_ADD1_RECIPIENT_CERT 0 +#define CMS_F_CMS_ADD1_SIGNER 0 +#define CMS_F_CMS_ADD1_SIGNINGTIME 0 +#define CMS_F_CMS_COMPRESS 0 +#define CMS_F_CMS_COMPRESSEDDATA_CREATE 0 +#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 0 +#define CMS_F_CMS_COPY_CONTENT 0 +#define CMS_F_CMS_COPY_MESSAGEDIGEST 0 +#define CMS_F_CMS_DATA 0 +#define CMS_F_CMS_DATAFINAL 0 +#define CMS_F_CMS_DATAINIT 0 +#define CMS_F_CMS_DECRYPT 0 +#define CMS_F_CMS_DECRYPT_SET1_KEY 0 +#define CMS_F_CMS_DECRYPT_SET1_PASSWORD 0 +#define CMS_F_CMS_DECRYPT_SET1_PKEY 0 +#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 0 +#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 0 +#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 0 +#define CMS_F_CMS_DIGEST_VERIFY 0 +#define CMS_F_CMS_ENCODE_RECEIPT 0 +#define CMS_F_CMS_ENCRYPT 0 +#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 0 +#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 0 +#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 0 +#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 0 +#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 0 +#define CMS_F_CMS_ENVELOPEDDATA_CREATE 0 +#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 0 +#define CMS_F_CMS_ENVELOPED_DATA_INIT 0 +#define CMS_F_CMS_ENV_ASN1_CTRL 0 +#define CMS_F_CMS_FINAL 0 +#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 0 +#define CMS_F_CMS_GET0_CONTENT 0 +#define CMS_F_CMS_GET0_ECONTENT_TYPE 0 +#define CMS_F_CMS_GET0_ENVELOPED 0 +#define CMS_F_CMS_GET0_REVOCATION_CHOICES 0 +#define CMS_F_CMS_GET0_SIGNED 0 +#define CMS_F_CMS_MSGSIGDIGEST_ADD1 0 +#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 0 +#define CMS_F_CMS_RECEIPT_VERIFY 0 +#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 0 +#define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 0 +#define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 0 +#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 0 +#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 0 +#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 0 +#define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 0 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 0 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 0 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 0 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 0 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 0 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 0 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 0 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 0 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 0 +#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 0 +#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 0 +#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 0 +#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 0 +#define CMS_F_CMS_SD_ASN1_CTRL 0 +#define CMS_F_CMS_SET1_IAS 0 +#define CMS_F_CMS_SET1_KEYID 0 +#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 0 +#define CMS_F_CMS_SET_DETACHED 0 +#define CMS_F_CMS_SIGN 0 +#define CMS_F_CMS_SIGNED_DATA_INIT 0 +#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 0 +#define CMS_F_CMS_SIGNERINFO_SIGN 0 +#define CMS_F_CMS_SIGNERINFO_VERIFY 0 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 0 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 0 +#define CMS_F_CMS_SIGN_RECEIPT 0 +#define CMS_F_CMS_SI_CHECK_ATTRIBUTES 0 +#define CMS_F_CMS_STREAM 0 +#define CMS_F_CMS_UNCOMPRESS 0 +#define CMS_F_CMS_VERIFY 0 +#define CMS_F_KEK_UNWRAP_KEY 0 +#endif -# ifndef OPENSSL_NO_COMP +#ifndef OPENSSL_NO_COMP /* * COMP function codes. */ -# define COMP_F_BIO_ZLIB_FLUSH 0 -# define COMP_F_BIO_ZLIB_NEW 0 -# define COMP_F_BIO_ZLIB_READ 0 -# define COMP_F_BIO_ZLIB_WRITE 0 -# define COMP_F_COMP_CTX_NEW 0 -# endif +#define COMP_F_BIO_ZLIB_FLUSH 0 +#define COMP_F_BIO_ZLIB_NEW 0 +#define COMP_F_BIO_ZLIB_READ 0 +#define COMP_F_BIO_ZLIB_WRITE 0 +#define COMP_F_COMP_CTX_NEW 0 +#endif /* * CONF function codes. */ -# define CONF_F_CONF_DUMP_FP 0 -# define CONF_F_CONF_LOAD 0 -# define CONF_F_CONF_LOAD_FP 0 -# define CONF_F_CONF_PARSE_LIST 0 -# define CONF_F_DEF_LOAD 0 -# define CONF_F_DEF_LOAD_BIO 0 -# define CONF_F_GET_NEXT_FILE 0 -# define CONF_F_MODULE_ADD 0 -# define CONF_F_MODULE_INIT 0 -# define CONF_F_MODULE_LOAD_DSO 0 -# define CONF_F_MODULE_RUN 0 -# define CONF_F_NCONF_DUMP_BIO 0 -# define CONF_F_NCONF_DUMP_FP 0 -# define CONF_F_NCONF_GET_NUMBER_E 0 -# define CONF_F_NCONF_GET_SECTION 0 -# define CONF_F_NCONF_GET_STRING 0 -# define CONF_F_NCONF_LOAD 0 -# define CONF_F_NCONF_LOAD_BIO 0 -# define CONF_F_NCONF_LOAD_FP 0 -# define CONF_F_NCONF_NEW 0 -# define CONF_F_PROCESS_INCLUDE 0 -# define CONF_F_SSL_MODULE_INIT 0 -# define CONF_F_STR_COPY 0 +#define CONF_F_CONF_DUMP_FP 0 +#define CONF_F_CONF_LOAD 0 +#define CONF_F_CONF_LOAD_FP 0 +#define CONF_F_CONF_PARSE_LIST 0 +#define CONF_F_DEF_LOAD 0 +#define CONF_F_DEF_LOAD_BIO 0 +#define CONF_F_GET_NEXT_FILE 0 +#define CONF_F_MODULE_ADD 0 +#define CONF_F_MODULE_INIT 0 +#define CONF_F_MODULE_LOAD_DSO 0 +#define CONF_F_MODULE_RUN 0 +#define CONF_F_NCONF_DUMP_BIO 0 +#define CONF_F_NCONF_DUMP_FP 0 +#define CONF_F_NCONF_GET_NUMBER_E 0 +#define CONF_F_NCONF_GET_SECTION 0 +#define CONF_F_NCONF_GET_STRING 0 +#define CONF_F_NCONF_LOAD 0 +#define CONF_F_NCONF_LOAD_BIO 0 +#define CONF_F_NCONF_LOAD_FP 0 +#define CONF_F_NCONF_NEW 0 +#define CONF_F_PROCESS_INCLUDE 0 +#define CONF_F_SSL_MODULE_INIT 0 +#define CONF_F_STR_COPY 0 /* * CRYPTO function codes. */ -# define CRYPTO_F_CMAC_CTX_NEW 0 -# define CRYPTO_F_CRYPTO_DUP_EX_DATA 0 -# define CRYPTO_F_CRYPTO_FREE_EX_DATA 0 -# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 0 -# define CRYPTO_F_CRYPTO_MEMDUP 0 -# define CRYPTO_F_CRYPTO_NEW_EX_DATA 0 -# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 0 -# define CRYPTO_F_CRYPTO_OCB128_INIT 0 -# define CRYPTO_F_CRYPTO_SET_EX_DATA 0 -# define CRYPTO_F_GET_AND_LOCK 0 -# define CRYPTO_F_OPENSSL_ATEXIT 0 -# define CRYPTO_F_OPENSSL_BUF2HEXSTR 0 -# define CRYPTO_F_OPENSSL_FOPEN 0 -# define CRYPTO_F_OPENSSL_HEXSTR2BUF 0 -# define CRYPTO_F_OPENSSL_INIT_CRYPTO 0 -# define CRYPTO_F_OPENSSL_LH_NEW 0 -# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 0 -# define CRYPTO_F_OPENSSL_SK_DUP 0 -# define CRYPTO_F_PKEY_HMAC_INIT 0 -# define CRYPTO_F_PKEY_POLY1305_INIT 0 -# define CRYPTO_F_PKEY_SIPHASH_INIT 0 -# define CRYPTO_F_SK_RESERVE 0 +#define CRYPTO_F_CMAC_CTX_NEW 0 +#define CRYPTO_F_CRYPTO_DUP_EX_DATA 0 +#define CRYPTO_F_CRYPTO_FREE_EX_DATA 0 +#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 0 +#define CRYPTO_F_CRYPTO_MEMDUP 0 +#define CRYPTO_F_CRYPTO_NEW_EX_DATA 0 +#define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 0 +#define CRYPTO_F_CRYPTO_OCB128_INIT 0 +#define CRYPTO_F_CRYPTO_SET_EX_DATA 0 +#define CRYPTO_F_GET_AND_LOCK 0 +#define CRYPTO_F_OPENSSL_ATEXIT 0 +#define CRYPTO_F_OPENSSL_BUF2HEXSTR 0 +#define CRYPTO_F_OPENSSL_FOPEN 0 +#define CRYPTO_F_OPENSSL_HEXSTR2BUF 0 +#define CRYPTO_F_OPENSSL_INIT_CRYPTO 0 +#define CRYPTO_F_OPENSSL_LH_NEW 0 +#define CRYPTO_F_OPENSSL_SK_DEEP_COPY 0 +#define CRYPTO_F_OPENSSL_SK_DUP 0 +#define CRYPTO_F_PKEY_HMAC_INIT 0 +#define CRYPTO_F_PKEY_POLY1305_INIT 0 +#define CRYPTO_F_PKEY_SIPHASH_INIT 0 +#define CRYPTO_F_SK_RESERVE 0 -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT /* * CT function codes. */ -# define CT_F_CTLOG_NEW 0 -# define CT_F_CTLOG_NEW_FROM_BASE64 0 -# define CT_F_CTLOG_NEW_FROM_CONF 0 -# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 0 -# define CT_F_CTLOG_STORE_LOAD_FILE 0 -# define CT_F_CTLOG_STORE_LOAD_LOG 0 -# define CT_F_CTLOG_STORE_NEW 0 -# define CT_F_CT_BASE64_DECODE 0 -# define CT_F_CT_POLICY_EVAL_CTX_NEW 0 -# define CT_F_CT_V1_LOG_ID_FROM_PKEY 0 -# define CT_F_I2O_SCT 0 -# define CT_F_I2O_SCT_LIST 0 -# define CT_F_I2O_SCT_SIGNATURE 0 -# define CT_F_O2I_SCT 0 -# define CT_F_O2I_SCT_LIST 0 -# define CT_F_O2I_SCT_SIGNATURE 0 -# define CT_F_SCT_CTX_NEW 0 -# define CT_F_SCT_CTX_VERIFY 0 -# define CT_F_SCT_NEW 0 -# define CT_F_SCT_NEW_FROM_BASE64 0 -# define CT_F_SCT_SET0_LOG_ID 0 -# define CT_F_SCT_SET1_EXTENSIONS 0 -# define CT_F_SCT_SET1_LOG_ID 0 -# define CT_F_SCT_SET1_SIGNATURE 0 -# define CT_F_SCT_SET_LOG_ENTRY_TYPE 0 -# define CT_F_SCT_SET_SIGNATURE_NID 0 -# define CT_F_SCT_SET_VERSION 0 -# endif +#define CT_F_CTLOG_NEW 0 +#define CT_F_CTLOG_NEW_FROM_BASE64 0 +#define CT_F_CTLOG_NEW_FROM_CONF 0 +#define CT_F_CTLOG_STORE_LOAD_CTX_NEW 0 +#define CT_F_CTLOG_STORE_LOAD_FILE 0 +#define CT_F_CTLOG_STORE_LOAD_LOG 0 +#define CT_F_CTLOG_STORE_NEW 0 +#define CT_F_CT_BASE64_DECODE 0 +#define CT_F_CT_POLICY_EVAL_CTX_NEW 0 +#define CT_F_CT_V1_LOG_ID_FROM_PKEY 0 +#define CT_F_I2O_SCT 0 +#define CT_F_I2O_SCT_LIST 0 +#define CT_F_I2O_SCT_SIGNATURE 0 +#define CT_F_O2I_SCT 0 +#define CT_F_O2I_SCT_LIST 0 +#define CT_F_O2I_SCT_SIGNATURE 0 +#define CT_F_SCT_CTX_NEW 0 +#define CT_F_SCT_CTX_VERIFY 0 +#define CT_F_SCT_NEW 0 +#define CT_F_SCT_NEW_FROM_BASE64 0 +#define CT_F_SCT_SET0_LOG_ID 0 +#define CT_F_SCT_SET1_EXTENSIONS 0 +#define CT_F_SCT_SET1_LOG_ID 0 +#define CT_F_SCT_SET1_SIGNATURE 0 +#define CT_F_SCT_SET_LOG_ENTRY_TYPE 0 +#define CT_F_SCT_SET_SIGNATURE_NID 0 +#define CT_F_SCT_SET_VERSION 0 +#endif -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH /* * DH function codes. */ -# define DH_F_COMPUTE_KEY 0 -# define DH_F_DHPARAMS_PRINT_FP 0 -# define DH_F_DH_BUILTIN_GENPARAMS 0 -# define DH_F_DH_CHECK_EX 0 -# define DH_F_DH_CHECK_PARAMS_EX 0 -# define DH_F_DH_CHECK_PUB_KEY_EX 0 -# define DH_F_DH_CMS_DECRYPT 0 -# define DH_F_DH_CMS_SET_PEERKEY 0 -# define DH_F_DH_CMS_SET_SHARED_INFO 0 -# define DH_F_DH_METH_DUP 0 -# define DH_F_DH_METH_NEW 0 -# define DH_F_DH_METH_SET1_NAME 0 -# define DH_F_DH_NEW_BY_NID 0 -# define DH_F_DH_NEW_METHOD 0 -# define DH_F_DH_PARAM_DECODE 0 -# define DH_F_DH_PKEY_PUBLIC_CHECK 0 -# define DH_F_DH_PRIV_DECODE 0 -# define DH_F_DH_PRIV_ENCODE 0 -# define DH_F_DH_PUB_DECODE 0 -# define DH_F_DH_PUB_ENCODE 0 -# define DH_F_DO_DH_PRINT 0 -# define DH_F_GENERATE_KEY 0 -# define DH_F_PKEY_DH_CTRL_STR 0 -# define DH_F_PKEY_DH_DERIVE 0 -# define DH_F_PKEY_DH_INIT 0 -# define DH_F_PKEY_DH_KEYGEN 0 -# endif +#define DH_F_COMPUTE_KEY 0 +#define DH_F_DHPARAMS_PRINT_FP 0 +#define DH_F_DH_BUILTIN_GENPARAMS 0 +#define DH_F_DH_CHECK_EX 0 +#define DH_F_DH_CHECK_PARAMS_EX 0 +#define DH_F_DH_CHECK_PUB_KEY_EX 0 +#define DH_F_DH_CMS_DECRYPT 0 +#define DH_F_DH_CMS_SET_PEERKEY 0 +#define DH_F_DH_CMS_SET_SHARED_INFO 0 +#define DH_F_DH_METH_DUP 0 +#define DH_F_DH_METH_NEW 0 +#define DH_F_DH_METH_SET1_NAME 0 +#define DH_F_DH_NEW_BY_NID 0 +#define DH_F_DH_NEW_METHOD 0 +#define DH_F_DH_PARAM_DECODE 0 +#define DH_F_DH_PKEY_PUBLIC_CHECK 0 +#define DH_F_DH_PRIV_DECODE 0 +#define DH_F_DH_PRIV_ENCODE 0 +#define DH_F_DH_PUB_DECODE 0 +#define DH_F_DH_PUB_ENCODE 0 +#define DH_F_DO_DH_PRINT 0 +#define DH_F_GENERATE_KEY 0 +#define DH_F_PKEY_DH_CTRL_STR 0 +#define DH_F_PKEY_DH_DERIVE 0 +#define DH_F_PKEY_DH_INIT 0 +#define DH_F_PKEY_DH_KEYGEN 0 +#endif -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA /* * DSA function codes. */ -# define DSA_F_DSAPARAMS_PRINT 0 -# define DSA_F_DSAPARAMS_PRINT_FP 0 -# define DSA_F_DSA_BUILTIN_PARAMGEN 0 -# define DSA_F_DSA_BUILTIN_PARAMGEN2 0 -# define DSA_F_DSA_DO_SIGN 0 -# define DSA_F_DSA_DO_VERIFY 0 -# define DSA_F_DSA_METH_DUP 0 -# define DSA_F_DSA_METH_NEW 0 -# define DSA_F_DSA_METH_SET1_NAME 0 -# define DSA_F_DSA_NEW_METHOD 0 -# define DSA_F_DSA_PARAM_DECODE 0 -# define DSA_F_DSA_PRINT_FP 0 -# define DSA_F_DSA_PRIV_DECODE 0 -# define DSA_F_DSA_PRIV_ENCODE 0 -# define DSA_F_DSA_PUB_DECODE 0 -# define DSA_F_DSA_PUB_ENCODE 0 -# define DSA_F_DSA_SIGN 0 -# define DSA_F_DSA_SIGN_SETUP 0 -# define DSA_F_DSA_SIG_NEW 0 -# define DSA_F_OLD_DSA_PRIV_DECODE 0 -# define DSA_F_PKEY_DSA_CTRL 0 -# define DSA_F_PKEY_DSA_CTRL_STR 0 -# define DSA_F_PKEY_DSA_KEYGEN 0 -# endif +#define DSA_F_DSAPARAMS_PRINT 0 +#define DSA_F_DSAPARAMS_PRINT_FP 0 +#define DSA_F_DSA_BUILTIN_PARAMGEN 0 +#define DSA_F_DSA_BUILTIN_PARAMGEN2 0 +#define DSA_F_DSA_DO_SIGN 0 +#define DSA_F_DSA_DO_VERIFY 0 +#define DSA_F_DSA_METH_DUP 0 +#define DSA_F_DSA_METH_NEW 0 +#define DSA_F_DSA_METH_SET1_NAME 0 +#define DSA_F_DSA_NEW_METHOD 0 +#define DSA_F_DSA_PARAM_DECODE 0 +#define DSA_F_DSA_PRINT_FP 0 +#define DSA_F_DSA_PRIV_DECODE 0 +#define DSA_F_DSA_PRIV_ENCODE 0 +#define DSA_F_DSA_PUB_DECODE 0 +#define DSA_F_DSA_PUB_ENCODE 0 +#define DSA_F_DSA_SIGN 0 +#define DSA_F_DSA_SIGN_SETUP 0 +#define DSA_F_DSA_SIG_NEW 0 +#define DSA_F_OLD_DSA_PRIV_DECODE 0 +#define DSA_F_PKEY_DSA_CTRL 0 +#define DSA_F_PKEY_DSA_CTRL_STR 0 +#define DSA_F_PKEY_DSA_KEYGEN 0 +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC /* * EC function codes. */ -# define EC_F_BN_TO_FELEM 0 -# define EC_F_D2I_ECPARAMETERS 0 -# define EC_F_D2I_ECPKPARAMETERS 0 -# define EC_F_D2I_ECPRIVATEKEY 0 -# define EC_F_DO_EC_KEY_PRINT 0 -# define EC_F_ECDH_CMS_DECRYPT 0 -# define EC_F_ECDH_CMS_SET_SHARED_INFO 0 -# define EC_F_ECDH_COMPUTE_KEY 0 -# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 0 -# define EC_F_ECDSA_DO_SIGN_EX 0 -# define EC_F_ECDSA_DO_VERIFY 0 -# define EC_F_ECDSA_SIGN_EX 0 -# define EC_F_ECDSA_SIGN_SETUP 0 -# define EC_F_ECDSA_SIG_NEW 0 -# define EC_F_ECDSA_VERIFY 0 -# define EC_F_ECD_ITEM_VERIFY 0 -# define EC_F_ECKEY_PARAM2TYPE 0 -# define EC_F_ECKEY_PARAM_DECODE 0 -# define EC_F_ECKEY_PRIV_DECODE 0 -# define EC_F_ECKEY_PRIV_ENCODE 0 -# define EC_F_ECKEY_PUB_DECODE 0 -# define EC_F_ECKEY_PUB_ENCODE 0 -# define EC_F_ECKEY_TYPE2PARAM 0 -# define EC_F_ECPARAMETERS_PRINT 0 -# define EC_F_ECPARAMETERS_PRINT_FP 0 -# define EC_F_ECPKPARAMETERS_PRINT 0 -# define EC_F_ECPKPARAMETERS_PRINT_FP 0 -# define EC_F_ECP_NISTZ256_GET_AFFINE 0 -# define EC_F_ECP_NISTZ256_INV_MOD_ORD 0 -# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 0 -# define EC_F_ECP_NISTZ256_POINTS_MUL 0 -# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 0 -# define EC_F_ECP_NISTZ256_WINDOWED_MUL 0 -# define EC_F_ECX_KEY_OP 0 -# define EC_F_ECX_PRIV_ENCODE 0 -# define EC_F_ECX_PUB_ENCODE 0 -# define EC_F_EC_ASN1_GROUP2CURVE 0 -# define EC_F_EC_ASN1_GROUP2FIELDID 0 -# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 0 -# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 0 -# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 -# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 0 -# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 0 -# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 0 -# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 0 -# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 0 -# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 0 -# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 -# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 -# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 0 -# define EC_F_EC_GFP_MONT_FIELD_DECODE 0 -# define EC_F_EC_GFP_MONT_FIELD_ENCODE 0 -# define EC_F_EC_GFP_MONT_FIELD_INV 0 -# define EC_F_EC_GFP_MONT_FIELD_MUL 0 -# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 0 -# define EC_F_EC_GFP_MONT_FIELD_SQR 0 -# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 0 -# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 0 -# define EC_F_EC_GFP_NISTP224_POINTS_MUL 0 -# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 0 -# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 0 -# define EC_F_EC_GFP_NISTP256_POINTS_MUL 0 -# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 0 -# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 0 -# define EC_F_EC_GFP_NISTP521_POINTS_MUL 0 -# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 0 -# define EC_F_EC_GFP_NIST_FIELD_MUL 0 -# define EC_F_EC_GFP_NIST_FIELD_SQR 0 -# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 0 -# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 0 -# define EC_F_EC_GFP_SIMPLE_FIELD_INV 0 -# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 -# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 0 -# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 0 -# define EC_F_EC_GFP_SIMPLE_OCT2POINT 0 -# define EC_F_EC_GFP_SIMPLE_POINT2OCT 0 -# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 0 -# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 -# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 -# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 0 -# define EC_F_EC_GROUP_CHECK 0 -# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 0 -# define EC_F_EC_GROUP_COPY 0 -# define EC_F_EC_GROUP_GET_CURVE 0 -# define EC_F_EC_GROUP_GET_CURVE_GF2M 0 -# define EC_F_EC_GROUP_GET_CURVE_GFP 0 -# define EC_F_EC_GROUP_GET_DEGREE 0 -# define EC_F_EC_GROUP_GET_ECPARAMETERS 0 -# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 0 -# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 0 -# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 0 -# define EC_F_EC_GROUP_NEW 0 -# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 0 -# define EC_F_EC_GROUP_NEW_FROM_DATA 0 -# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 0 -# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 0 -# define EC_F_EC_GROUP_SET_CURVE 0 -# define EC_F_EC_GROUP_SET_CURVE_GF2M 0 -# define EC_F_EC_GROUP_SET_CURVE_GFP 0 -# define EC_F_EC_GROUP_SET_GENERATOR 0 -# define EC_F_EC_GROUP_SET_SEED 0 -# define EC_F_EC_KEY_CHECK_KEY 0 -# define EC_F_EC_KEY_COPY 0 -# define EC_F_EC_KEY_GENERATE_KEY 0 -# define EC_F_EC_KEY_NEW 0 -# define EC_F_EC_KEY_NEW_METHOD 0 -# define EC_F_EC_KEY_OCT2PRIV 0 -# define EC_F_EC_KEY_PRINT 0 -# define EC_F_EC_KEY_PRINT_FP 0 -# define EC_F_EC_KEY_PRIV2BUF 0 -# define EC_F_EC_KEY_PRIV2OCT 0 -# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 0 -# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 0 -# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 0 -# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 0 -# define EC_F_EC_PKEY_CHECK 0 -# define EC_F_EC_PKEY_PARAM_CHECK 0 -# define EC_F_EC_POINTS_MAKE_AFFINE 0 -# define EC_F_EC_POINTS_MUL 0 -# define EC_F_EC_POINT_ADD 0 -# define EC_F_EC_POINT_BN2POINT 0 -# define EC_F_EC_POINT_CMP 0 -# define EC_F_EC_POINT_COPY 0 -# define EC_F_EC_POINT_DBL 0 -# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 0 -# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 0 -# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 0 -# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 0 -# define EC_F_EC_POINT_INVERT 0 -# define EC_F_EC_POINT_IS_AT_INFINITY 0 -# define EC_F_EC_POINT_IS_ON_CURVE 0 -# define EC_F_EC_POINT_MAKE_AFFINE 0 -# define EC_F_EC_POINT_NEW 0 -# define EC_F_EC_POINT_OCT2POINT 0 -# define EC_F_EC_POINT_POINT2BUF 0 -# define EC_F_EC_POINT_POINT2OCT 0 -# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 0 -# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 0 -# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 0 -# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 0 -# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 0 -# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 0 -# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 0 -# define EC_F_EC_POINT_SET_TO_INFINITY 0 -# define EC_F_EC_PRE_COMP_NEW 0 -# define EC_F_EC_SCALAR_MUL_LADDER 0 -# define EC_F_EC_WNAF_MUL 0 -# define EC_F_EC_WNAF_PRECOMPUTE_MULT 0 -# define EC_F_I2D_ECPARAMETERS 0 -# define EC_F_I2D_ECPKPARAMETERS 0 -# define EC_F_I2D_ECPRIVATEKEY 0 -# define EC_F_I2O_ECPUBLICKEY 0 -# define EC_F_NISTP224_PRE_COMP_NEW 0 -# define EC_F_NISTP256_PRE_COMP_NEW 0 -# define EC_F_NISTP521_PRE_COMP_NEW 0 -# define EC_F_O2I_ECPUBLICKEY 0 -# define EC_F_OLD_EC_PRIV_DECODE 0 -# define EC_F_OSSL_ECDH_COMPUTE_KEY 0 -# define EC_F_OSSL_ECDSA_SIGN_SIG 0 -# define EC_F_OSSL_ECDSA_VERIFY_SIG 0 -# define EC_F_PKEY_ECD_CTRL 0 -# define EC_F_PKEY_ECD_DIGESTSIGN 0 -# define EC_F_PKEY_ECD_DIGESTSIGN25519 0 -# define EC_F_PKEY_ECD_DIGESTSIGN448 0 -# define EC_F_PKEY_ECX_DERIVE 0 -# define EC_F_PKEY_EC_CTRL 0 -# define EC_F_PKEY_EC_CTRL_STR 0 -# define EC_F_PKEY_EC_DERIVE 0 -# define EC_F_PKEY_EC_INIT 0 -# define EC_F_PKEY_EC_KDF_DERIVE 0 -# define EC_F_PKEY_EC_KEYGEN 0 -# define EC_F_PKEY_EC_PARAMGEN 0 -# define EC_F_PKEY_EC_SIGN 0 -# define EC_F_VALIDATE_ECX_DERIVE 0 -# endif +#define EC_F_BN_TO_FELEM 0 +#define EC_F_D2I_ECPARAMETERS 0 +#define EC_F_D2I_ECPKPARAMETERS 0 +#define EC_F_D2I_ECPRIVATEKEY 0 +#define EC_F_DO_EC_KEY_PRINT 0 +#define EC_F_ECDH_CMS_DECRYPT 0 +#define EC_F_ECDH_CMS_SET_SHARED_INFO 0 +#define EC_F_ECDH_COMPUTE_KEY 0 +#define EC_F_ECDH_SIMPLE_COMPUTE_KEY 0 +#define EC_F_ECDSA_DO_SIGN_EX 0 +#define EC_F_ECDSA_DO_VERIFY 0 +#define EC_F_ECDSA_SIGN_EX 0 +#define EC_F_ECDSA_SIGN_SETUP 0 +#define EC_F_ECDSA_SIG_NEW 0 +#define EC_F_ECDSA_VERIFY 0 +#define EC_F_ECD_ITEM_VERIFY 0 +#define EC_F_ECKEY_PARAM2TYPE 0 +#define EC_F_ECKEY_PARAM_DECODE 0 +#define EC_F_ECKEY_PRIV_DECODE 0 +#define EC_F_ECKEY_PRIV_ENCODE 0 +#define EC_F_ECKEY_PUB_DECODE 0 +#define EC_F_ECKEY_PUB_ENCODE 0 +#define EC_F_ECKEY_TYPE2PARAM 0 +#define EC_F_ECPARAMETERS_PRINT 0 +#define EC_F_ECPARAMETERS_PRINT_FP 0 +#define EC_F_ECPKPARAMETERS_PRINT 0 +#define EC_F_ECPKPARAMETERS_PRINT_FP 0 +#define EC_F_ECP_NISTZ256_GET_AFFINE 0 +#define EC_F_ECP_NISTZ256_INV_MOD_ORD 0 +#define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 0 +#define EC_F_ECP_NISTZ256_POINTS_MUL 0 +#define EC_F_ECP_NISTZ256_PRE_COMP_NEW 0 +#define EC_F_ECP_NISTZ256_WINDOWED_MUL 0 +#define EC_F_ECX_KEY_OP 0 +#define EC_F_ECX_PRIV_ENCODE 0 +#define EC_F_ECX_PUB_ENCODE 0 +#define EC_F_EC_ASN1_GROUP2CURVE 0 +#define EC_F_EC_ASN1_GROUP2FIELDID 0 +#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 0 +#define EC_F_EC_GF2M_SIMPLE_FIELD_INV 0 +#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 0 +#define EC_F_EC_GF2M_SIMPLE_LADDER_POST 0 +#define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 0 +#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 0 +#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 0 +#define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 0 +#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 0 +#define EC_F_EC_GFP_MONT_FIELD_DECODE 0 +#define EC_F_EC_GFP_MONT_FIELD_ENCODE 0 +#define EC_F_EC_GFP_MONT_FIELD_INV 0 +#define EC_F_EC_GFP_MONT_FIELD_MUL 0 +#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 0 +#define EC_F_EC_GFP_MONT_FIELD_SQR 0 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 0 +#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 0 +#define EC_F_EC_GFP_NISTP224_POINTS_MUL 0 +#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 0 +#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 0 +#define EC_F_EC_GFP_NISTP256_POINTS_MUL 0 +#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 0 +#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 0 +#define EC_F_EC_GFP_NISTP521_POINTS_MUL 0 +#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 0 +#define EC_F_EC_GFP_NIST_FIELD_MUL 0 +#define EC_F_EC_GFP_NIST_FIELD_SQR 0 +#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 0 +#define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 0 +#define EC_F_EC_GFP_SIMPLE_FIELD_INV 0 +#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 0 +#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 0 +#define EC_F_EC_GFP_SIMPLE_OCT2POINT 0 +#define EC_F_EC_GFP_SIMPLE_POINT2OCT 0 +#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 0 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 0 +#define EC_F_EC_GROUP_CHECK 0 +#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 0 +#define EC_F_EC_GROUP_COPY 0 +#define EC_F_EC_GROUP_GET_CURVE 0 +#define EC_F_EC_GROUP_GET_CURVE_GF2M 0 +#define EC_F_EC_GROUP_GET_CURVE_GFP 0 +#define EC_F_EC_GROUP_GET_DEGREE 0 +#define EC_F_EC_GROUP_GET_ECPARAMETERS 0 +#define EC_F_EC_GROUP_GET_ECPKPARAMETERS 0 +#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 0 +#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 0 +#define EC_F_EC_GROUP_NEW 0 +#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 0 +#define EC_F_EC_GROUP_NEW_FROM_DATA 0 +#define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 0 +#define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 0 +#define EC_F_EC_GROUP_SET_CURVE 0 +#define EC_F_EC_GROUP_SET_CURVE_GF2M 0 +#define EC_F_EC_GROUP_SET_CURVE_GFP 0 +#define EC_F_EC_GROUP_SET_GENERATOR 0 +#define EC_F_EC_GROUP_SET_SEED 0 +#define EC_F_EC_KEY_CHECK_KEY 0 +#define EC_F_EC_KEY_COPY 0 +#define EC_F_EC_KEY_GENERATE_KEY 0 +#define EC_F_EC_KEY_NEW 0 +#define EC_F_EC_KEY_NEW_METHOD 0 +#define EC_F_EC_KEY_OCT2PRIV 0 +#define EC_F_EC_KEY_PRINT 0 +#define EC_F_EC_KEY_PRINT_FP 0 +#define EC_F_EC_KEY_PRIV2BUF 0 +#define EC_F_EC_KEY_PRIV2OCT 0 +#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 0 +#define EC_F_EC_KEY_SIMPLE_CHECK_KEY 0 +#define EC_F_EC_KEY_SIMPLE_OCT2PRIV 0 +#define EC_F_EC_KEY_SIMPLE_PRIV2OCT 0 +#define EC_F_EC_PKEY_CHECK 0 +#define EC_F_EC_PKEY_PARAM_CHECK 0 +#define EC_F_EC_POINTS_MAKE_AFFINE 0 +#define EC_F_EC_POINTS_MUL 0 +#define EC_F_EC_POINT_ADD 0 +#define EC_F_EC_POINT_BN2POINT 0 +#define EC_F_EC_POINT_CMP 0 +#define EC_F_EC_POINT_COPY 0 +#define EC_F_EC_POINT_DBL 0 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES 0 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 0 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 0 +#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 0 +#define EC_F_EC_POINT_INVERT 0 +#define EC_F_EC_POINT_IS_AT_INFINITY 0 +#define EC_F_EC_POINT_IS_ON_CURVE 0 +#define EC_F_EC_POINT_MAKE_AFFINE 0 +#define EC_F_EC_POINT_NEW 0 +#define EC_F_EC_POINT_OCT2POINT 0 +#define EC_F_EC_POINT_POINT2BUF 0 +#define EC_F_EC_POINT_POINT2OCT 0 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES 0 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 0 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 0 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 0 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 0 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 0 +#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 0 +#define EC_F_EC_POINT_SET_TO_INFINITY 0 +#define EC_F_EC_PRE_COMP_NEW 0 +#define EC_F_EC_SCALAR_MUL_LADDER 0 +#define EC_F_EC_WNAF_MUL 0 +#define EC_F_EC_WNAF_PRECOMPUTE_MULT 0 +#define EC_F_I2D_ECPARAMETERS 0 +#define EC_F_I2D_ECPKPARAMETERS 0 +#define EC_F_I2D_ECPRIVATEKEY 0 +#define EC_F_I2O_ECPUBLICKEY 0 +#define EC_F_NISTP224_PRE_COMP_NEW 0 +#define EC_F_NISTP256_PRE_COMP_NEW 0 +#define EC_F_NISTP521_PRE_COMP_NEW 0 +#define EC_F_O2I_ECPUBLICKEY 0 +#define EC_F_OLD_EC_PRIV_DECODE 0 +#define EC_F_OSSL_ECDH_COMPUTE_KEY 0 +#define EC_F_OSSL_ECDSA_SIGN_SIG 0 +#define EC_F_OSSL_ECDSA_VERIFY_SIG 0 +#define EC_F_PKEY_ECD_CTRL 0 +#define EC_F_PKEY_ECD_DIGESTSIGN 0 +#define EC_F_PKEY_ECD_DIGESTSIGN25519 0 +#define EC_F_PKEY_ECD_DIGESTSIGN448 0 +#define EC_F_PKEY_ECX_DERIVE 0 +#define EC_F_PKEY_EC_CTRL 0 +#define EC_F_PKEY_EC_CTRL_STR 0 +#define EC_F_PKEY_EC_DERIVE 0 +#define EC_F_PKEY_EC_INIT 0 +#define EC_F_PKEY_EC_KDF_DERIVE 0 +#define EC_F_PKEY_EC_KEYGEN 0 +#define EC_F_PKEY_EC_PARAMGEN 0 +#define EC_F_PKEY_EC_SIGN 0 +#define EC_F_VALIDATE_ECX_DERIVE 0 +#endif -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE /* * ENGINE function codes. */ -# define ENGINE_F_DIGEST_UPDATE 0 -# define ENGINE_F_DYNAMIC_CTRL 0 -# define ENGINE_F_DYNAMIC_GET_DATA_CTX 0 -# define ENGINE_F_DYNAMIC_LOAD 0 -# define ENGINE_F_DYNAMIC_SET_DATA_CTX 0 -# define ENGINE_F_ENGINE_ADD 0 -# define ENGINE_F_ENGINE_BY_ID 0 -# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 0 -# define ENGINE_F_ENGINE_CTRL 0 -# define ENGINE_F_ENGINE_CTRL_CMD 0 -# define ENGINE_F_ENGINE_CTRL_CMD_STRING 0 -# define ENGINE_F_ENGINE_FINISH 0 -# define ENGINE_F_ENGINE_GET_CIPHER 0 -# define ENGINE_F_ENGINE_GET_DIGEST 0 -# define ENGINE_F_ENGINE_GET_FIRST 0 -# define ENGINE_F_ENGINE_GET_LAST 0 -# define ENGINE_F_ENGINE_GET_NEXT 0 -# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 0 -# define ENGINE_F_ENGINE_GET_PKEY_METH 0 -# define ENGINE_F_ENGINE_GET_PREV 0 -# define ENGINE_F_ENGINE_INIT 0 -# define ENGINE_F_ENGINE_LIST_ADD 0 -# define ENGINE_F_ENGINE_LIST_REMOVE 0 -# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 0 -# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 0 -# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 0 -# define ENGINE_F_ENGINE_NEW 0 -# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 0 -# define ENGINE_F_ENGINE_REMOVE 0 -# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 0 -# define ENGINE_F_ENGINE_SET_ID 0 -# define ENGINE_F_ENGINE_SET_NAME 0 -# define ENGINE_F_ENGINE_TABLE_REGISTER 0 -# define ENGINE_F_ENGINE_UNLOCKED_FINISH 0 -# define ENGINE_F_ENGINE_UP_REF 0 -# define ENGINE_F_INT_CLEANUP_ITEM 0 -# define ENGINE_F_INT_CTRL_HELPER 0 -# define ENGINE_F_INT_ENGINE_CONFIGURE 0 -# define ENGINE_F_INT_ENGINE_MODULE_INIT 0 -# define ENGINE_F_OSSL_HMAC_INIT 0 -# endif +#define ENGINE_F_DIGEST_UPDATE 0 +#define ENGINE_F_DYNAMIC_CTRL 0 +#define ENGINE_F_DYNAMIC_GET_DATA_CTX 0 +#define ENGINE_F_DYNAMIC_LOAD 0 +#define ENGINE_F_DYNAMIC_SET_DATA_CTX 0 +#define ENGINE_F_ENGINE_ADD 0 +#define ENGINE_F_ENGINE_BY_ID 0 +#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 0 +#define ENGINE_F_ENGINE_CTRL 0 +#define ENGINE_F_ENGINE_CTRL_CMD 0 +#define ENGINE_F_ENGINE_CTRL_CMD_STRING 0 +#define ENGINE_F_ENGINE_FINISH 0 +#define ENGINE_F_ENGINE_GET_CIPHER 0 +#define ENGINE_F_ENGINE_GET_DIGEST 0 +#define ENGINE_F_ENGINE_GET_FIRST 0 +#define ENGINE_F_ENGINE_GET_LAST 0 +#define ENGINE_F_ENGINE_GET_NEXT 0 +#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 0 +#define ENGINE_F_ENGINE_GET_PKEY_METH 0 +#define ENGINE_F_ENGINE_GET_PREV 0 +#define ENGINE_F_ENGINE_INIT 0 +#define ENGINE_F_ENGINE_LIST_ADD 0 +#define ENGINE_F_ENGINE_LIST_REMOVE 0 +#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 0 +#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 0 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 0 +#define ENGINE_F_ENGINE_NEW 0 +#define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 0 +#define ENGINE_F_ENGINE_REMOVE 0 +#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 0 +#define ENGINE_F_ENGINE_SET_ID 0 +#define ENGINE_F_ENGINE_SET_NAME 0 +#define ENGINE_F_ENGINE_TABLE_REGISTER 0 +#define ENGINE_F_ENGINE_UNLOCKED_FINISH 0 +#define ENGINE_F_ENGINE_UP_REF 0 +#define ENGINE_F_INT_CLEANUP_ITEM 0 +#define ENGINE_F_INT_CTRL_HELPER 0 +#define ENGINE_F_INT_ENGINE_CONFIGURE 0 +#define ENGINE_F_INT_ENGINE_MODULE_INIT 0 +#define ENGINE_F_OSSL_HMAC_INIT 0 +#endif /* * EVP function codes. */ -# define EVP_F_AESNI_INIT_KEY 0 -# define EVP_F_AESNI_XTS_INIT_KEY 0 -# define EVP_F_AES_GCM_CTRL 0 -# define EVP_F_AES_INIT_KEY 0 -# define EVP_F_AES_OCB_CIPHER 0 -# define EVP_F_AES_T4_INIT_KEY 0 -# define EVP_F_AES_T4_XTS_INIT_KEY 0 -# define EVP_F_AES_WRAP_CIPHER 0 -# define EVP_F_AES_XTS_INIT_KEY 0 -# define EVP_F_ALG_MODULE_INIT 0 -# define EVP_F_ARIA_CCM_INIT_KEY 0 -# define EVP_F_ARIA_GCM_CTRL 0 -# define EVP_F_ARIA_GCM_INIT_KEY 0 -# define EVP_F_ARIA_INIT_KEY 0 -# define EVP_F_B64_NEW 0 -# define EVP_F_CAMELLIA_INIT_KEY 0 -# define EVP_F_CHACHA20_POLY1305_CTRL 0 -# define EVP_F_CMLL_T4_INIT_KEY 0 -# define EVP_F_DES_EDE3_WRAP_CIPHER 0 -# define EVP_F_DO_SIGVER_INIT 0 -# define EVP_F_ENC_NEW 0 -# define EVP_F_EVP_CIPHERINIT_EX 0 -# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 0 -# define EVP_F_EVP_CIPHER_CTX_COPY 0 -# define EVP_F_EVP_CIPHER_CTX_CTRL 0 -# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 0 -# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 0 -# define EVP_F_EVP_DECRYPTFINAL_EX 0 -# define EVP_F_EVP_DECRYPTUPDATE 0 -# define EVP_F_EVP_DIGESTFINALXOF 0 -# define EVP_F_EVP_DIGESTINIT_EX 0 -# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 0 -# define EVP_F_EVP_ENCRYPTFINAL_EX 0 -# define EVP_F_EVP_ENCRYPTUPDATE 0 -# define EVP_F_EVP_MD_CTX_COPY_EX 0 -# define EVP_F_EVP_MD_SIZE 0 -# define EVP_F_EVP_OPENINIT 0 -# define EVP_F_EVP_PBE_ALG_ADD 0 -# define EVP_F_EVP_PBE_ALG_ADD_TYPE 0 -# define EVP_F_EVP_PBE_CIPHERINIT 0 -# define EVP_F_EVP_PBE_SCRYPT 0 -# define EVP_F_EVP_PKCS82PKEY 0 -# define EVP_F_EVP_PKEY2PKCS8 0 -# define EVP_F_EVP_PKEY_ASN1_ADD0 0 -# define EVP_F_EVP_PKEY_CHECK 0 -# define EVP_F_EVP_PKEY_COPY_PARAMETERS 0 -# define EVP_F_EVP_PKEY_CTX_CTRL 0 -# define EVP_F_EVP_PKEY_CTX_CTRL_STR 0 -# define EVP_F_EVP_PKEY_CTX_DUP 0 -# define EVP_F_EVP_PKEY_CTX_MD 0 -# define EVP_F_EVP_PKEY_DECRYPT 0 -# define EVP_F_EVP_PKEY_DECRYPT_INIT 0 -# define EVP_F_EVP_PKEY_DECRYPT_OLD 0 -# define EVP_F_EVP_PKEY_DERIVE 0 -# define EVP_F_EVP_PKEY_DERIVE_INIT 0 -# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 0 -# define EVP_F_EVP_PKEY_ENCRYPT 0 -# define EVP_F_EVP_PKEY_ENCRYPT_INIT 0 -# define EVP_F_EVP_PKEY_ENCRYPT_OLD 0 -# define EVP_F_EVP_PKEY_GET0_DH 0 -# define EVP_F_EVP_PKEY_GET0_DSA 0 -# define EVP_F_EVP_PKEY_GET0_EC_KEY 0 -# define EVP_F_EVP_PKEY_GET0_HMAC 0 -# define EVP_F_EVP_PKEY_GET0_POLY1305 0 -# define EVP_F_EVP_PKEY_GET0_RSA 0 -# define EVP_F_EVP_PKEY_GET0_SIPHASH 0 -# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 0 -# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 0 -# define EVP_F_EVP_PKEY_KEYGEN 0 -# define EVP_F_EVP_PKEY_KEYGEN_INIT 0 -# define EVP_F_EVP_PKEY_METH_ADD0 0 -# define EVP_F_EVP_PKEY_METH_NEW 0 -# define EVP_F_EVP_PKEY_NEW 0 -# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 0 -# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 0 -# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 0 -# define EVP_F_EVP_PKEY_PARAMGEN 0 -# define EVP_F_EVP_PKEY_PARAMGEN_INIT 0 -# define EVP_F_EVP_PKEY_PARAM_CHECK 0 -# define EVP_F_EVP_PKEY_PUBLIC_CHECK 0 -# define EVP_F_EVP_PKEY_SET1_ENGINE 0 -# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 0 -# define EVP_F_EVP_PKEY_SIGN 0 -# define EVP_F_EVP_PKEY_SIGN_INIT 0 -# define EVP_F_EVP_PKEY_VERIFY 0 -# define EVP_F_EVP_PKEY_VERIFY_INIT 0 -# define EVP_F_EVP_PKEY_VERIFY_RECOVER 0 -# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 0 -# define EVP_F_EVP_SIGNFINAL 0 -# define EVP_F_EVP_VERIFYFINAL 0 -# define EVP_F_INT_CTX_NEW 0 -# define EVP_F_OK_NEW 0 -# define EVP_F_PKCS5_PBE_KEYIVGEN 0 -# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 0 -# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 0 -# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 0 -# define EVP_F_PKEY_SET_TYPE 0 -# define EVP_F_RC2_MAGIC_TO_METH 0 -# define EVP_F_RC5_CTRL 0 -# define EVP_F_R_32_12_16_INIT_KEY 0 -# define EVP_F_S390X_AES_GCM_CTRL 0 -# define EVP_F_UPDATE 0 +#define EVP_F_AESNI_INIT_KEY 0 +#define EVP_F_AESNI_XTS_INIT_KEY 0 +#define EVP_F_AES_GCM_CTRL 0 +#define EVP_F_AES_INIT_KEY 0 +#define EVP_F_AES_OCB_CIPHER 0 +#define EVP_F_AES_T4_INIT_KEY 0 +#define EVP_F_AES_T4_XTS_INIT_KEY 0 +#define EVP_F_AES_WRAP_CIPHER 0 +#define EVP_F_AES_XTS_INIT_KEY 0 +#define EVP_F_ALG_MODULE_INIT 0 +#define EVP_F_ARIA_CCM_INIT_KEY 0 +#define EVP_F_ARIA_GCM_CTRL 0 +#define EVP_F_ARIA_GCM_INIT_KEY 0 +#define EVP_F_ARIA_INIT_KEY 0 +#define EVP_F_B64_NEW 0 +#define EVP_F_CAMELLIA_INIT_KEY 0 +#define EVP_F_CHACHA20_POLY1305_CTRL 0 +#define EVP_F_CMLL_T4_INIT_KEY 0 +#define EVP_F_DES_EDE3_WRAP_CIPHER 0 +#define EVP_F_DO_SIGVER_INIT 0 +#define EVP_F_ENC_NEW 0 +#define EVP_F_EVP_CIPHERINIT_EX 0 +#define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 0 +#define EVP_F_EVP_CIPHER_CTX_COPY 0 +#define EVP_F_EVP_CIPHER_CTX_CTRL 0 +#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 0 +#define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 0 +#define EVP_F_EVP_DECRYPTFINAL_EX 0 +#define EVP_F_EVP_DECRYPTUPDATE 0 +#define EVP_F_EVP_DIGESTFINALXOF 0 +#define EVP_F_EVP_DIGESTINIT_EX 0 +#define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 0 +#define EVP_F_EVP_ENCRYPTFINAL_EX 0 +#define EVP_F_EVP_ENCRYPTUPDATE 0 +#define EVP_F_EVP_MD_CTX_COPY_EX 0 +#define EVP_F_EVP_MD_SIZE 0 +#define EVP_F_EVP_OPENINIT 0 +#define EVP_F_EVP_PBE_ALG_ADD 0 +#define EVP_F_EVP_PBE_ALG_ADD_TYPE 0 +#define EVP_F_EVP_PBE_CIPHERINIT 0 +#define EVP_F_EVP_PBE_SCRYPT 0 +#define EVP_F_EVP_PKCS82PKEY 0 +#define EVP_F_EVP_PKEY2PKCS8 0 +#define EVP_F_EVP_PKEY_ASN1_ADD0 0 +#define EVP_F_EVP_PKEY_CHECK 0 +#define EVP_F_EVP_PKEY_COPY_PARAMETERS 0 +#define EVP_F_EVP_PKEY_CTX_CTRL 0 +#define EVP_F_EVP_PKEY_CTX_CTRL_STR 0 +#define EVP_F_EVP_PKEY_CTX_DUP 0 +#define EVP_F_EVP_PKEY_CTX_MD 0 +#define EVP_F_EVP_PKEY_DECRYPT 0 +#define EVP_F_EVP_PKEY_DECRYPT_INIT 0 +#define EVP_F_EVP_PKEY_DECRYPT_OLD 0 +#define EVP_F_EVP_PKEY_DERIVE 0 +#define EVP_F_EVP_PKEY_DERIVE_INIT 0 +#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 0 +#define EVP_F_EVP_PKEY_ENCRYPT 0 +#define EVP_F_EVP_PKEY_ENCRYPT_INIT 0 +#define EVP_F_EVP_PKEY_ENCRYPT_OLD 0 +#define EVP_F_EVP_PKEY_GET0_DH 0 +#define EVP_F_EVP_PKEY_GET0_DSA 0 +#define EVP_F_EVP_PKEY_GET0_EC_KEY 0 +#define EVP_F_EVP_PKEY_GET0_HMAC 0 +#define EVP_F_EVP_PKEY_GET0_POLY1305 0 +#define EVP_F_EVP_PKEY_GET0_RSA 0 +#define EVP_F_EVP_PKEY_GET0_SIPHASH 0 +#define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 0 +#define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 0 +#define EVP_F_EVP_PKEY_KEYGEN 0 +#define EVP_F_EVP_PKEY_KEYGEN_INIT 0 +#define EVP_F_EVP_PKEY_METH_ADD0 0 +#define EVP_F_EVP_PKEY_METH_NEW 0 +#define EVP_F_EVP_PKEY_NEW 0 +#define EVP_F_EVP_PKEY_NEW_CMAC_KEY 0 +#define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 0 +#define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 0 +#define EVP_F_EVP_PKEY_PARAMGEN 0 +#define EVP_F_EVP_PKEY_PARAMGEN_INIT 0 +#define EVP_F_EVP_PKEY_PARAM_CHECK 0 +#define EVP_F_EVP_PKEY_PUBLIC_CHECK 0 +#define EVP_F_EVP_PKEY_SET1_ENGINE 0 +#define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 0 +#define EVP_F_EVP_PKEY_SIGN 0 +#define EVP_F_EVP_PKEY_SIGN_INIT 0 +#define EVP_F_EVP_PKEY_VERIFY 0 +#define EVP_F_EVP_PKEY_VERIFY_INIT 0 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER 0 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 0 +#define EVP_F_EVP_SIGNFINAL 0 +#define EVP_F_EVP_VERIFYFINAL 0 +#define EVP_F_INT_CTX_NEW 0 +#define EVP_F_OK_NEW 0 +#define EVP_F_PKCS5_PBE_KEYIVGEN 0 +#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 0 +#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 0 +#define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 0 +#define EVP_F_PKEY_SET_TYPE 0 +#define EVP_F_RC2_MAGIC_TO_METH 0 +#define EVP_F_RC5_CTRL 0 +#define EVP_F_R_32_12_16_INIT_KEY 0 +#define EVP_F_S390X_AES_GCM_CTRL 0 +#define EVP_F_UPDATE 0 /* * KDF function codes. */ -# define KDF_F_PKEY_HKDF_CTRL_STR 0 -# define KDF_F_PKEY_HKDF_DERIVE 0 -# define KDF_F_PKEY_HKDF_INIT 0 -# define KDF_F_PKEY_SCRYPT_CTRL_STR 0 -# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0 -# define KDF_F_PKEY_SCRYPT_DERIVE 0 -# define KDF_F_PKEY_SCRYPT_INIT 0 -# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0 -# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0 -# define KDF_F_PKEY_TLS1_PRF_DERIVE 0 -# define KDF_F_PKEY_TLS1_PRF_INIT 0 -# define KDF_F_TLS1_PRF_ALG 0 +#define KDF_F_PKEY_HKDF_CTRL_STR 0 +#define KDF_F_PKEY_HKDF_DERIVE 0 +#define KDF_F_PKEY_HKDF_INIT 0 +#define KDF_F_PKEY_SCRYPT_CTRL_STR 0 +#define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0 +#define KDF_F_PKEY_SCRYPT_DERIVE 0 +#define KDF_F_PKEY_SCRYPT_INIT 0 +#define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0 +#define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0 +#define KDF_F_PKEY_TLS1_PRF_DERIVE 0 +#define KDF_F_PKEY_TLS1_PRF_INIT 0 +#define KDF_F_TLS1_PRF_ALG 0 /* * KDF reason codes. */ -# define KDF_R_INVALID_DIGEST 0 -# define KDF_R_MISSING_ITERATION_COUNT 0 -# define KDF_R_MISSING_KEY 0 -# define KDF_R_MISSING_MESSAGE_DIGEST 0 -# define KDF_R_MISSING_PARAMETER 0 -# define KDF_R_MISSING_PASS 0 -# define KDF_R_MISSING_SALT 0 -# define KDF_R_MISSING_SECRET 0 -# define KDF_R_MISSING_SEED 0 -# define KDF_R_UNKNOWN_PARAMETER_TYPE 0 -# define KDF_R_VALUE_ERROR 0 -# define KDF_R_VALUE_MISSING 0 +#define KDF_R_INVALID_DIGEST 0 +#define KDF_R_MISSING_ITERATION_COUNT 0 +#define KDF_R_MISSING_KEY 0 +#define KDF_R_MISSING_MESSAGE_DIGEST 0 +#define KDF_R_MISSING_PARAMETER 0 +#define KDF_R_MISSING_PASS 0 +#define KDF_R_MISSING_SALT 0 +#define KDF_R_MISSING_SECRET 0 +#define KDF_R_MISSING_SEED 0 +#define KDF_R_UNKNOWN_PARAMETER_TYPE 0 +#define KDF_R_VALUE_ERROR 0 +#define KDF_R_VALUE_MISSING 0 /* * OBJ function codes. */ -# define OBJ_F_OBJ_ADD_OBJECT 0 -# define OBJ_F_OBJ_ADD_SIGID 0 -# define OBJ_F_OBJ_CREATE 0 -# define OBJ_F_OBJ_DUP 0 -# define OBJ_F_OBJ_NAME_NEW_INDEX 0 -# define OBJ_F_OBJ_NID2LN 0 -# define OBJ_F_OBJ_NID2OBJ 0 -# define OBJ_F_OBJ_NID2SN 0 -# define OBJ_F_OBJ_TXT2OBJ 0 +#define OBJ_F_OBJ_ADD_OBJECT 0 +#define OBJ_F_OBJ_ADD_SIGID 0 +#define OBJ_F_OBJ_CREATE 0 +#define OBJ_F_OBJ_DUP 0 +#define OBJ_F_OBJ_NAME_NEW_INDEX 0 +#define OBJ_F_OBJ_NID2LN 0 +#define OBJ_F_OBJ_NID2OBJ 0 +#define OBJ_F_OBJ_NID2SN 0 +#define OBJ_F_OBJ_TXT2OBJ 0 -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP /* * OCSP function codes. */ -# define OCSP_F_D2I_OCSP_NONCE 0 -# define OCSP_F_OCSP_BASIC_ADD1_STATUS 0 -# define OCSP_F_OCSP_BASIC_SIGN 0 -# define OCSP_F_OCSP_BASIC_SIGN_CTX 0 -# define OCSP_F_OCSP_BASIC_VERIFY 0 -# define OCSP_F_OCSP_CERT_ID_NEW 0 -# define OCSP_F_OCSP_CHECK_DELEGATED 0 -# define OCSP_F_OCSP_CHECK_IDS 0 -# define OCSP_F_OCSP_CHECK_ISSUER 0 -# define OCSP_F_OCSP_CHECK_VALIDITY 0 -# define OCSP_F_OCSP_MATCH_ISSUERID 0 -# define OCSP_F_OCSP_PARSE_URL 0 -# define OCSP_F_OCSP_REQUEST_SIGN 0 -# define OCSP_F_OCSP_REQUEST_VERIFY 0 -# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 0 -# define OCSP_F_PARSE_HTTP_LINE1 0 -# endif +#define OCSP_F_D2I_OCSP_NONCE 0 +#define OCSP_F_OCSP_BASIC_ADD1_STATUS 0 +#define OCSP_F_OCSP_BASIC_SIGN 0 +#define OCSP_F_OCSP_BASIC_SIGN_CTX 0 +#define OCSP_F_OCSP_BASIC_VERIFY 0 +#define OCSP_F_OCSP_CERT_ID_NEW 0 +#define OCSP_F_OCSP_CHECK_DELEGATED 0 +#define OCSP_F_OCSP_CHECK_IDS 0 +#define OCSP_F_OCSP_CHECK_ISSUER 0 +#define OCSP_F_OCSP_CHECK_VALIDITY 0 +#define OCSP_F_OCSP_MATCH_ISSUERID 0 +#define OCSP_F_OCSP_PARSE_URL 0 +#define OCSP_F_OCSP_REQUEST_SIGN 0 +#define OCSP_F_OCSP_REQUEST_VERIFY 0 +#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 0 +#define OCSP_F_PARSE_HTTP_LINE1 0 +#endif /* * PEM function codes. */ -# define PEM_F_B2I_DSS 0 -# define PEM_F_B2I_PVK_BIO 0 -# define PEM_F_B2I_RSA 0 -# define PEM_F_CHECK_BITLEN_DSA 0 -# define PEM_F_CHECK_BITLEN_RSA 0 -# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 0 -# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 0 -# define PEM_F_DO_B2I 0 -# define PEM_F_DO_B2I_BIO 0 -# define PEM_F_DO_BLOB_HEADER 0 -# define PEM_F_DO_I2B 0 -# define PEM_F_DO_PK8PKEY 0 -# define PEM_F_DO_PK8PKEY_FP 0 -# define PEM_F_DO_PVK_BODY 0 -# define PEM_F_DO_PVK_HEADER 0 -# define PEM_F_GET_HEADER_AND_DATA 0 -# define PEM_F_GET_NAME 0 -# define PEM_F_I2B_PVK 0 -# define PEM_F_I2B_PVK_BIO 0 -# define PEM_F_LOAD_IV 0 -# define PEM_F_PEM_ASN1_READ 0 -# define PEM_F_PEM_ASN1_READ_BIO 0 -# define PEM_F_PEM_ASN1_WRITE 0 -# define PEM_F_PEM_ASN1_WRITE_BIO 0 -# define PEM_F_PEM_DEF_CALLBACK 0 -# define PEM_F_PEM_DO_HEADER 0 -# define PEM_F_PEM_GET_EVP_CIPHER_INFO 0 -# define PEM_F_PEM_READ 0 -# define PEM_F_PEM_READ_BIO 0 -# define PEM_F_PEM_READ_BIO_DHPARAMS 0 -# define PEM_F_PEM_READ_BIO_EX 0 -# define PEM_F_PEM_READ_BIO_PARAMETERS 0 -# define PEM_F_PEM_READ_BIO_PRIVATEKEY 0 -# define PEM_F_PEM_READ_DHPARAMS 0 -# define PEM_F_PEM_READ_PRIVATEKEY 0 -# define PEM_F_PEM_SIGNFINAL 0 -# define PEM_F_PEM_WRITE 0 -# define PEM_F_PEM_WRITE_BIO 0 -# define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL 0 -# define PEM_F_PEM_WRITE_PRIVATEKEY 0 -# define PEM_F_PEM_X509_INFO_READ 0 -# define PEM_F_PEM_X509_INFO_READ_BIO 0 -# define PEM_F_PEM_X509_INFO_WRITE_BIO 0 +#define PEM_F_B2I_DSS 0 +#define PEM_F_B2I_PVK_BIO 0 +#define PEM_F_B2I_RSA 0 +#define PEM_F_CHECK_BITLEN_DSA 0 +#define PEM_F_CHECK_BITLEN_RSA 0 +#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 0 +#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 0 +#define PEM_F_DO_B2I 0 +#define PEM_F_DO_B2I_BIO 0 +#define PEM_F_DO_BLOB_HEADER 0 +#define PEM_F_DO_I2B 0 +#define PEM_F_DO_PK8PKEY 0 +#define PEM_F_DO_PK8PKEY_FP 0 +#define PEM_F_DO_PVK_BODY 0 +#define PEM_F_DO_PVK_HEADER 0 +#define PEM_F_GET_HEADER_AND_DATA 0 +#define PEM_F_GET_NAME 0 +#define PEM_F_I2B_PVK 0 +#define PEM_F_I2B_PVK_BIO 0 +#define PEM_F_LOAD_IV 0 +#define PEM_F_PEM_ASN1_READ 0 +#define PEM_F_PEM_ASN1_READ_BIO 0 +#define PEM_F_PEM_ASN1_WRITE 0 +#define PEM_F_PEM_ASN1_WRITE_BIO 0 +#define PEM_F_PEM_DEF_CALLBACK 0 +#define PEM_F_PEM_DO_HEADER 0 +#define PEM_F_PEM_GET_EVP_CIPHER_INFO 0 +#define PEM_F_PEM_READ 0 +#define PEM_F_PEM_READ_BIO 0 +#define PEM_F_PEM_READ_BIO_DHPARAMS 0 +#define PEM_F_PEM_READ_BIO_EX 0 +#define PEM_F_PEM_READ_BIO_PARAMETERS 0 +#define PEM_F_PEM_READ_BIO_PRIVATEKEY 0 +#define PEM_F_PEM_READ_DHPARAMS 0 +#define PEM_F_PEM_READ_PRIVATEKEY 0 +#define PEM_F_PEM_SIGNFINAL 0 +#define PEM_F_PEM_WRITE 0 +#define PEM_F_PEM_WRITE_BIO 0 +#define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL 0 +#define PEM_F_PEM_WRITE_PRIVATEKEY 0 +#define PEM_F_PEM_X509_INFO_READ 0 +#define PEM_F_PEM_X509_INFO_READ_BIO 0 +#define PEM_F_PEM_X509_INFO_WRITE_BIO 0 /* * PKCS12 function codes. */ -# define PKCS12_F_OPENSSL_ASC2UNI 0 -# define PKCS12_F_OPENSSL_UNI2ASC 0 -# define PKCS12_F_OPENSSL_UNI2UTF8 0 -# define PKCS12_F_OPENSSL_UTF82UNI 0 -# define PKCS12_F_PKCS12_CREATE 0 -# define PKCS12_F_PKCS12_GEN_MAC 0 -# define PKCS12_F_PKCS12_INIT 0 -# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 0 -# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 0 -# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 0 -# define PKCS12_F_PKCS12_KEY_GEN_ASC 0 -# define PKCS12_F_PKCS12_KEY_GEN_UNI 0 -# define PKCS12_F_PKCS12_KEY_GEN_UTF8 0 -# define PKCS12_F_PKCS12_NEWPASS 0 -# define PKCS12_F_PKCS12_PACK_P7DATA 0 -# define PKCS12_F_PKCS12_PACK_P7ENCDATA 0 -# define PKCS12_F_PKCS12_PARSE 0 -# define PKCS12_F_PKCS12_PBE_CRYPT 0 -# define PKCS12_F_PKCS12_PBE_KEYIVGEN 0 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 0 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 0 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 0 -# define PKCS12_F_PKCS12_SETUP_MAC 0 -# define PKCS12_F_PKCS12_SET_MAC 0 -# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 0 -# define PKCS12_F_PKCS12_UNPACK_P7DATA 0 -# define PKCS12_F_PKCS12_VERIFY_MAC 0 -# define PKCS12_F_PKCS8_ENCRYPT 0 -# define PKCS12_F_PKCS8_SET0_PBE 0 +#define PKCS12_F_OPENSSL_ASC2UNI 0 +#define PKCS12_F_OPENSSL_UNI2ASC 0 +#define PKCS12_F_OPENSSL_UNI2UTF8 0 +#define PKCS12_F_OPENSSL_UTF82UNI 0 +#define PKCS12_F_PKCS12_CREATE 0 +#define PKCS12_F_PKCS12_GEN_MAC 0 +#define PKCS12_F_PKCS12_INIT 0 +#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 0 +#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 0 +#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 0 +#define PKCS12_F_PKCS12_KEY_GEN_ASC 0 +#define PKCS12_F_PKCS12_KEY_GEN_UNI 0 +#define PKCS12_F_PKCS12_KEY_GEN_UTF8 0 +#define PKCS12_F_PKCS12_NEWPASS 0 +#define PKCS12_F_PKCS12_PACK_P7DATA 0 +#define PKCS12_F_PKCS12_PACK_P7ENCDATA 0 +#define PKCS12_F_PKCS12_PARSE 0 +#define PKCS12_F_PKCS12_PBE_CRYPT 0 +#define PKCS12_F_PKCS12_PBE_KEYIVGEN 0 +#define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 0 +#define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 0 +#define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 0 +#define PKCS12_F_PKCS12_SETUP_MAC 0 +#define PKCS12_F_PKCS12_SET_MAC 0 +#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 0 +#define PKCS12_F_PKCS12_UNPACK_P7DATA 0 +#define PKCS12_F_PKCS12_VERIFY_MAC 0 +#define PKCS12_F_PKCS8_ENCRYPT 0 +#define PKCS12_F_PKCS8_SET0_PBE 0 /* * PKCS7 function codes. */ -# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 0 -# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 0 -# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 0 -# define PKCS7_F_PKCS7_ADD_CERTIFICATE 0 -# define PKCS7_F_PKCS7_ADD_CRL 0 -# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 0 -# define PKCS7_F_PKCS7_ADD_SIGNATURE 0 -# define PKCS7_F_PKCS7_ADD_SIGNER 0 -# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 0 -# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 0 -# define PKCS7_F_PKCS7_CTRL 0 -# define PKCS7_F_PKCS7_DATADECODE 0 -# define PKCS7_F_PKCS7_DATAFINAL 0 -# define PKCS7_F_PKCS7_DATAINIT 0 -# define PKCS7_F_PKCS7_DATAVERIFY 0 -# define PKCS7_F_PKCS7_DECRYPT 0 -# define PKCS7_F_PKCS7_DECRYPT_RINFO 0 -# define PKCS7_F_PKCS7_ENCODE_RINFO 0 -# define PKCS7_F_PKCS7_ENCRYPT 0 -# define PKCS7_F_PKCS7_FINAL 0 -# define PKCS7_F_PKCS7_FIND_DIGEST 0 -# define PKCS7_F_PKCS7_GET0_SIGNERS 0 -# define PKCS7_F_PKCS7_RECIP_INFO_SET 0 -# define PKCS7_F_PKCS7_SET_CIPHER 0 -# define PKCS7_F_PKCS7_SET_CONTENT 0 -# define PKCS7_F_PKCS7_SET_DIGEST 0 -# define PKCS7_F_PKCS7_SET_TYPE 0 -# define PKCS7_F_PKCS7_SIGN 0 -# define PKCS7_F_PKCS7_SIGNATUREVERIFY 0 -# define PKCS7_F_PKCS7_SIGNER_INFO_SET 0 -# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 0 -# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 0 -# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 0 -# define PKCS7_F_PKCS7_VERIFY 0 +#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 0 +#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 0 +#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 0 +#define PKCS7_F_PKCS7_ADD_CERTIFICATE 0 +#define PKCS7_F_PKCS7_ADD_CRL 0 +#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 0 +#define PKCS7_F_PKCS7_ADD_SIGNATURE 0 +#define PKCS7_F_PKCS7_ADD_SIGNER 0 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 0 +#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 0 +#define PKCS7_F_PKCS7_CTRL 0 +#define PKCS7_F_PKCS7_DATADECODE 0 +#define PKCS7_F_PKCS7_DATAFINAL 0 +#define PKCS7_F_PKCS7_DATAINIT 0 +#define PKCS7_F_PKCS7_DATAVERIFY 0 +#define PKCS7_F_PKCS7_DECRYPT 0 +#define PKCS7_F_PKCS7_DECRYPT_RINFO 0 +#define PKCS7_F_PKCS7_ENCODE_RINFO 0 +#define PKCS7_F_PKCS7_ENCRYPT 0 +#define PKCS7_F_PKCS7_FINAL 0 +#define PKCS7_F_PKCS7_FIND_DIGEST 0 +#define PKCS7_F_PKCS7_GET0_SIGNERS 0 +#define PKCS7_F_PKCS7_RECIP_INFO_SET 0 +#define PKCS7_F_PKCS7_SET_CIPHER 0 +#define PKCS7_F_PKCS7_SET_CONTENT 0 +#define PKCS7_F_PKCS7_SET_DIGEST 0 +#define PKCS7_F_PKCS7_SET_TYPE 0 +#define PKCS7_F_PKCS7_SIGN 0 +#define PKCS7_F_PKCS7_SIGNATUREVERIFY 0 +#define PKCS7_F_PKCS7_SIGNER_INFO_SET 0 +#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 0 +#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 0 +#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 0 +#define PKCS7_F_PKCS7_VERIFY 0 /* * RAND function codes. */ -# define RAND_F_DATA_COLLECT_METHOD 0 -# define RAND_F_DRBG_BYTES 0 -# define RAND_F_DRBG_GET_ENTROPY 0 -# define RAND_F_DRBG_SETUP 0 -# define RAND_F_GET_ENTROPY 0 -# define RAND_F_RAND_BYTES 0 -# define RAND_F_RAND_DRBG_ENABLE_LOCKING 0 -# define RAND_F_RAND_DRBG_GENERATE 0 -# define RAND_F_RAND_DRBG_GET_ENTROPY 0 -# define RAND_F_RAND_DRBG_GET_NONCE 0 -# define RAND_F_RAND_DRBG_INSTANTIATE 0 -# define RAND_F_RAND_DRBG_NEW 0 -# define RAND_F_RAND_DRBG_RESEED 0 -# define RAND_F_RAND_DRBG_RESTART 0 -# define RAND_F_RAND_DRBG_SET 0 -# define RAND_F_RAND_DRBG_SET_DEFAULTS 0 -# define RAND_F_RAND_DRBG_UNINSTANTIATE 0 -# define RAND_F_RAND_LOAD_FILE 0 -# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 0 -# define RAND_F_RAND_POOL_ADD 0 -# define RAND_F_RAND_POOL_ADD_BEGIN 0 -# define RAND_F_RAND_POOL_ADD_END 0 -# define RAND_F_RAND_POOL_ATTACH 0 -# define RAND_F_RAND_POOL_BYTES_NEEDED 0 -# define RAND_F_RAND_POOL_GROW 0 -# define RAND_F_RAND_POOL_NEW 0 -# define RAND_F_RAND_PSEUDO_BYTES 0 -# define RAND_F_RAND_WRITE_FILE 0 +#define RAND_F_DATA_COLLECT_METHOD 0 +#define RAND_F_DRBG_BYTES 0 +#define RAND_F_DRBG_GET_ENTROPY 0 +#define RAND_F_DRBG_SETUP 0 +#define RAND_F_GET_ENTROPY 0 +#define RAND_F_RAND_BYTES 0 +#define RAND_F_RAND_DRBG_ENABLE_LOCKING 0 +#define RAND_F_RAND_DRBG_GENERATE 0 +#define RAND_F_RAND_DRBG_GET_ENTROPY 0 +#define RAND_F_RAND_DRBG_GET_NONCE 0 +#define RAND_F_RAND_DRBG_INSTANTIATE 0 +#define RAND_F_RAND_DRBG_NEW 0 +#define RAND_F_RAND_DRBG_RESEED 0 +#define RAND_F_RAND_DRBG_RESTART 0 +#define RAND_F_RAND_DRBG_SET 0 +#define RAND_F_RAND_DRBG_SET_DEFAULTS 0 +#define RAND_F_RAND_DRBG_UNINSTANTIATE 0 +#define RAND_F_RAND_LOAD_FILE 0 +#define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 0 +#define RAND_F_RAND_POOL_ADD 0 +#define RAND_F_RAND_POOL_ADD_BEGIN 0 +#define RAND_F_RAND_POOL_ADD_END 0 +#define RAND_F_RAND_POOL_ATTACH 0 +#define RAND_F_RAND_POOL_BYTES_NEEDED 0 +#define RAND_F_RAND_POOL_GROW 0 +#define RAND_F_RAND_POOL_NEW 0 +#define RAND_F_RAND_PSEUDO_BYTES 0 +#define RAND_F_RAND_WRITE_FILE 0 /* * RSA function codes. */ -# define RSA_F_CHECK_PADDING_MD 0 -# define RSA_F_ENCODE_PKCS1 0 -# define RSA_F_INT_RSA_VERIFY 0 -# define RSA_F_OLD_RSA_PRIV_DECODE 0 -# define RSA_F_PKEY_PSS_INIT 0 -# define RSA_F_PKEY_RSA_CTRL 0 -# define RSA_F_PKEY_RSA_CTRL_STR 0 -# define RSA_F_PKEY_RSA_SIGN 0 -# define RSA_F_PKEY_RSA_VERIFY 0 -# define RSA_F_PKEY_RSA_VERIFYRECOVER 0 -# define RSA_F_RSA_ALGOR_TO_MD 0 -# define RSA_F_RSA_BUILTIN_KEYGEN 0 -# define RSA_F_RSA_CHECK_KEY 0 -# define RSA_F_RSA_CHECK_KEY_EX 0 -# define RSA_F_RSA_CMS_DECRYPT 0 -# define RSA_F_RSA_CMS_VERIFY 0 -# define RSA_F_RSA_ITEM_VERIFY 0 -# define RSA_F_RSA_METH_DUP 0 -# define RSA_F_RSA_METH_NEW 0 -# define RSA_F_RSA_METH_SET1_NAME 0 -# define RSA_F_RSA_MGF1_TO_MD 0 -# define RSA_F_RSA_MULTIP_INFO_NEW 0 -# define RSA_F_RSA_NEW_METHOD 0 -# define RSA_F_RSA_NULL 0 -# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 0 -# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 0 -# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 0 -# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 0 -# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 0 -# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 0 -# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 0 -# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 0 -# define RSA_F_RSA_PADDING_ADD_NONE 0 -# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 0 -# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 0 -# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 0 -# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 0 -# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 0 -# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 0 -# define RSA_F_RSA_PADDING_ADD_SSLV23 0 -# define RSA_F_RSA_PADDING_ADD_X931 0 -# define RSA_F_RSA_PADDING_CHECK_NONE 0 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 0 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 0 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 0 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 0 -# define RSA_F_RSA_PADDING_CHECK_SSLV23 0 -# define RSA_F_RSA_PADDING_CHECK_X931 0 -# define RSA_F_RSA_PARAM_DECODE 0 -# define RSA_F_RSA_PRINT 0 -# define RSA_F_RSA_PRINT_FP 0 -# define RSA_F_RSA_PRIV_DECODE 0 -# define RSA_F_RSA_PRIV_ENCODE 0 -# define RSA_F_RSA_PSS_GET_PARAM 0 -# define RSA_F_RSA_PSS_TO_CTX 0 -# define RSA_F_RSA_PUB_DECODE 0 -# define RSA_F_RSA_SETUP_BLINDING 0 -# define RSA_F_RSA_SIGN 0 -# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 0 -# define RSA_F_RSA_VERIFY 0 -# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 0 -# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 0 -# define RSA_F_SETUP_TBUF 0 +#define RSA_F_CHECK_PADDING_MD 0 +#define RSA_F_ENCODE_PKCS1 0 +#define RSA_F_INT_RSA_VERIFY 0 +#define RSA_F_OLD_RSA_PRIV_DECODE 0 +#define RSA_F_PKEY_PSS_INIT 0 +#define RSA_F_PKEY_RSA_CTRL 0 +#define RSA_F_PKEY_RSA_CTRL_STR 0 +#define RSA_F_PKEY_RSA_SIGN 0 +#define RSA_F_PKEY_RSA_VERIFY 0 +#define RSA_F_PKEY_RSA_VERIFYRECOVER 0 +#define RSA_F_RSA_ALGOR_TO_MD 0 +#define RSA_F_RSA_BUILTIN_KEYGEN 0 +#define RSA_F_RSA_CHECK_KEY 0 +#define RSA_F_RSA_CHECK_KEY_EX 0 +#define RSA_F_RSA_CMS_DECRYPT 0 +#define RSA_F_RSA_CMS_VERIFY 0 +#define RSA_F_RSA_ITEM_VERIFY 0 +#define RSA_F_RSA_METH_DUP 0 +#define RSA_F_RSA_METH_NEW 0 +#define RSA_F_RSA_METH_SET1_NAME 0 +#define RSA_F_RSA_MGF1_TO_MD 0 +#define RSA_F_RSA_MULTIP_INFO_NEW 0 +#define RSA_F_RSA_NEW_METHOD 0 +#define RSA_F_RSA_NULL 0 +#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 0 +#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 0 +#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 0 +#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 0 +#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 0 +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 0 +#define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 0 +#define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 0 +#define RSA_F_RSA_PADDING_ADD_NONE 0 +#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 0 +#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 0 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 0 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 0 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 0 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 0 +#define RSA_F_RSA_PADDING_ADD_SSLV23 0 +#define RSA_F_RSA_PADDING_ADD_X931 0 +#define RSA_F_RSA_PADDING_CHECK_NONE 0 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 0 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 0 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 0 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 0 +#define RSA_F_RSA_PADDING_CHECK_SSLV23 0 +#define RSA_F_RSA_PADDING_CHECK_X931 0 +#define RSA_F_RSA_PARAM_DECODE 0 +#define RSA_F_RSA_PRINT 0 +#define RSA_F_RSA_PRINT_FP 0 +#define RSA_F_RSA_PRIV_DECODE 0 +#define RSA_F_RSA_PRIV_ENCODE 0 +#define RSA_F_RSA_PSS_GET_PARAM 0 +#define RSA_F_RSA_PSS_TO_CTX 0 +#define RSA_F_RSA_PUB_DECODE 0 +#define RSA_F_RSA_SETUP_BLINDING 0 +#define RSA_F_RSA_SIGN 0 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 0 +#define RSA_F_RSA_VERIFY 0 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 0 +#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 0 +#define RSA_F_SETUP_TBUF 0 /* * OSSL_STORE function codes. */ -# define OSSL_STORE_F_FILE_CTRL 0 -# define OSSL_STORE_F_FILE_FIND 0 -# define OSSL_STORE_F_FILE_GET_PASS 0 -# define OSSL_STORE_F_FILE_LOAD 0 -# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 0 -# define OSSL_STORE_F_FILE_NAME_TO_URI 0 -# define OSSL_STORE_F_FILE_OPEN 0 -# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 0 -# define OSSL_STORE_F_OSSL_STORE_EXPECT 0 -# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 0 -# define OSSL_STORE_F_OSSL_STORE_FIND 0 -# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 0 -# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 0 -# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 0 -# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 0 -# define OSSL_STORE_F_OSSL_STORE_OPEN 0 -# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 0 -# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 0 -# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 0 -# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 0 -# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 0 -# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 0 -# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 0 -# define OSSL_STORE_F_TRY_DECODE_PARAMS 0 -# define OSSL_STORE_F_TRY_DECODE_PKCS12 0 -# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 0 +#define OSSL_STORE_F_FILE_CTRL 0 +#define OSSL_STORE_F_FILE_FIND 0 +#define OSSL_STORE_F_FILE_GET_PASS 0 +#define OSSL_STORE_F_FILE_LOAD 0 +#define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 0 +#define OSSL_STORE_F_FILE_NAME_TO_URI 0 +#define OSSL_STORE_F_FILE_OPEN 0 +#define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 0 +#define OSSL_STORE_F_OSSL_STORE_EXPECT 0 +#define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 0 +#define OSSL_STORE_F_OSSL_STORE_FIND 0 +#define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 0 +#define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 0 +#define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 0 +#define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 0 +#define OSSL_STORE_F_OSSL_STORE_OPEN 0 +#define OSSL_STORE_F_OSSL_STORE_OPEN_INT 0 +#define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 0 +#define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 0 +#define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 0 +#define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 0 +#define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 0 +#define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 0 +#define OSSL_STORE_F_TRY_DECODE_PARAMS 0 +#define OSSL_STORE_F_TRY_DECODE_PKCS12 0 +#define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 0 -# ifndef OPENSSL_NO_TS +#ifndef OPENSSL_NO_TS /* * TS function codes. */ -# define TS_F_DEF_SERIAL_CB 0 -# define TS_F_DEF_TIME_CB 0 -# define TS_F_ESS_ADD_SIGNING_CERT 0 -# define TS_F_ESS_ADD_SIGNING_CERT_V2 0 -# define TS_F_ESS_CERT_ID_NEW_INIT 0 -# define TS_F_ESS_CERT_ID_V2_NEW_INIT 0 -# define TS_F_ESS_SIGNING_CERT_NEW_INIT 0 -# define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 0 -# define TS_F_INT_TS_RESP_VERIFY_TOKEN 0 -# define TS_F_PKCS7_TO_TS_TST_INFO 0 -# define TS_F_TS_ACCURACY_SET_MICROS 0 -# define TS_F_TS_ACCURACY_SET_MILLIS 0 -# define TS_F_TS_ACCURACY_SET_SECONDS 0 -# define TS_F_TS_CHECK_IMPRINTS 0 -# define TS_F_TS_CHECK_NONCES 0 -# define TS_F_TS_CHECK_POLICY 0 -# define TS_F_TS_CHECK_SIGNING_CERTS 0 -# define TS_F_TS_CHECK_STATUS_INFO 0 -# define TS_F_TS_COMPUTE_IMPRINT 0 -# define TS_F_TS_CONF_INVALID 0 -# define TS_F_TS_CONF_LOAD_CERT 0 -# define TS_F_TS_CONF_LOAD_CERTS 0 -# define TS_F_TS_CONF_LOAD_KEY 0 -# define TS_F_TS_CONF_LOOKUP_FAIL 0 -# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 0 -# define TS_F_TS_GET_STATUS_TEXT 0 -# define TS_F_TS_MSG_IMPRINT_SET_ALGO 0 -# define TS_F_TS_REQ_SET_MSG_IMPRINT 0 -# define TS_F_TS_REQ_SET_NONCE 0 -# define TS_F_TS_REQ_SET_POLICY_ID 0 -# define TS_F_TS_RESP_CREATE_RESPONSE 0 -# define TS_F_TS_RESP_CREATE_TST_INFO 0 -# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 0 -# define TS_F_TS_RESP_CTX_ADD_MD 0 -# define TS_F_TS_RESP_CTX_ADD_POLICY 0 -# define TS_F_TS_RESP_CTX_NEW 0 -# define TS_F_TS_RESP_CTX_SET_ACCURACY 0 -# define TS_F_TS_RESP_CTX_SET_CERTS 0 -# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 0 -# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 0 -# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 0 -# define TS_F_TS_RESP_GET_POLICY 0 -# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 0 -# define TS_F_TS_RESP_SET_STATUS_INFO 0 -# define TS_F_TS_RESP_SET_TST_INFO 0 -# define TS_F_TS_RESP_SIGN 0 -# define TS_F_TS_RESP_VERIFY_SIGNATURE 0 -# define TS_F_TS_TST_INFO_SET_ACCURACY 0 -# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 0 -# define TS_F_TS_TST_INFO_SET_NONCE 0 -# define TS_F_TS_TST_INFO_SET_POLICY_ID 0 -# define TS_F_TS_TST_INFO_SET_SERIAL 0 -# define TS_F_TS_TST_INFO_SET_TIME 0 -# define TS_F_TS_TST_INFO_SET_TSA 0 -# define TS_F_TS_VERIFY 0 -# define TS_F_TS_VERIFY_CERT 0 -# define TS_F_TS_VERIFY_CTX_NEW 0 -# endif +#define TS_F_DEF_SERIAL_CB 0 +#define TS_F_DEF_TIME_CB 0 +#define TS_F_ESS_ADD_SIGNING_CERT 0 +#define TS_F_ESS_ADD_SIGNING_CERT_V2 0 +#define TS_F_ESS_CERT_ID_NEW_INIT 0 +#define TS_F_ESS_CERT_ID_V2_NEW_INIT 0 +#define TS_F_ESS_SIGNING_CERT_NEW_INIT 0 +#define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 0 +#define TS_F_INT_TS_RESP_VERIFY_TOKEN 0 +#define TS_F_PKCS7_TO_TS_TST_INFO 0 +#define TS_F_TS_ACCURACY_SET_MICROS 0 +#define TS_F_TS_ACCURACY_SET_MILLIS 0 +#define TS_F_TS_ACCURACY_SET_SECONDS 0 +#define TS_F_TS_CHECK_IMPRINTS 0 +#define TS_F_TS_CHECK_NONCES 0 +#define TS_F_TS_CHECK_POLICY 0 +#define TS_F_TS_CHECK_SIGNING_CERTS 0 +#define TS_F_TS_CHECK_STATUS_INFO 0 +#define TS_F_TS_COMPUTE_IMPRINT 0 +#define TS_F_TS_CONF_INVALID 0 +#define TS_F_TS_CONF_LOAD_CERT 0 +#define TS_F_TS_CONF_LOAD_CERTS 0 +#define TS_F_TS_CONF_LOAD_KEY 0 +#define TS_F_TS_CONF_LOOKUP_FAIL 0 +#define TS_F_TS_CONF_SET_DEFAULT_ENGINE 0 +#define TS_F_TS_GET_STATUS_TEXT 0 +#define TS_F_TS_MSG_IMPRINT_SET_ALGO 0 +#define TS_F_TS_REQ_SET_MSG_IMPRINT 0 +#define TS_F_TS_REQ_SET_NONCE 0 +#define TS_F_TS_REQ_SET_POLICY_ID 0 +#define TS_F_TS_RESP_CREATE_RESPONSE 0 +#define TS_F_TS_RESP_CREATE_TST_INFO 0 +#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 0 +#define TS_F_TS_RESP_CTX_ADD_MD 0 +#define TS_F_TS_RESP_CTX_ADD_POLICY 0 +#define TS_F_TS_RESP_CTX_NEW 0 +#define TS_F_TS_RESP_CTX_SET_ACCURACY 0 +#define TS_F_TS_RESP_CTX_SET_CERTS 0 +#define TS_F_TS_RESP_CTX_SET_DEF_POLICY 0 +#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 0 +#define TS_F_TS_RESP_CTX_SET_STATUS_INFO 0 +#define TS_F_TS_RESP_GET_POLICY 0 +#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 0 +#define TS_F_TS_RESP_SET_STATUS_INFO 0 +#define TS_F_TS_RESP_SET_TST_INFO 0 +#define TS_F_TS_RESP_SIGN 0 +#define TS_F_TS_RESP_VERIFY_SIGNATURE 0 +#define TS_F_TS_TST_INFO_SET_ACCURACY 0 +#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 0 +#define TS_F_TS_TST_INFO_SET_NONCE 0 +#define TS_F_TS_TST_INFO_SET_POLICY_ID 0 +#define TS_F_TS_TST_INFO_SET_SERIAL 0 +#define TS_F_TS_TST_INFO_SET_TIME 0 +#define TS_F_TS_TST_INFO_SET_TSA 0 +#define TS_F_TS_VERIFY 0 +#define TS_F_TS_VERIFY_CERT 0 +#define TS_F_TS_VERIFY_CTX_NEW 0 +#endif /* * UI function codes. */ -# define UI_F_CLOSE_CONSOLE 0 -# define UI_F_ECHO_CONSOLE 0 -# define UI_F_GENERAL_ALLOCATE_BOOLEAN 0 -# define UI_F_GENERAL_ALLOCATE_PROMPT 0 -# define UI_F_NOECHO_CONSOLE 0 -# define UI_F_OPEN_CONSOLE 0 -# define UI_F_UI_CONSTRUCT_PROMPT 0 -# define UI_F_UI_CREATE_METHOD 0 -# define UI_F_UI_CTRL 0 -# define UI_F_UI_DUP_ERROR_STRING 0 -# define UI_F_UI_DUP_INFO_STRING 0 -# define UI_F_UI_DUP_INPUT_BOOLEAN 0 -# define UI_F_UI_DUP_INPUT_STRING 0 -# define UI_F_UI_DUP_USER_DATA 0 -# define UI_F_UI_DUP_VERIFY_STRING 0 -# define UI_F_UI_GET0_RESULT 0 -# define UI_F_UI_GET_RESULT_LENGTH 0 -# define UI_F_UI_NEW_METHOD 0 -# define UI_F_UI_PROCESS 0 -# define UI_F_UI_SET_RESULT 0 -# define UI_F_UI_SET_RESULT_EX 0 +#define UI_F_CLOSE_CONSOLE 0 +#define UI_F_ECHO_CONSOLE 0 +#define UI_F_GENERAL_ALLOCATE_BOOLEAN 0 +#define UI_F_GENERAL_ALLOCATE_PROMPT 0 +#define UI_F_NOECHO_CONSOLE 0 +#define UI_F_OPEN_CONSOLE 0 +#define UI_F_UI_CONSTRUCT_PROMPT 0 +#define UI_F_UI_CREATE_METHOD 0 +#define UI_F_UI_CTRL 0 +#define UI_F_UI_DUP_ERROR_STRING 0 +#define UI_F_UI_DUP_INFO_STRING 0 +#define UI_F_UI_DUP_INPUT_BOOLEAN 0 +#define UI_F_UI_DUP_INPUT_STRING 0 +#define UI_F_UI_DUP_USER_DATA 0 +#define UI_F_UI_DUP_VERIFY_STRING 0 +#define UI_F_UI_GET0_RESULT 0 +#define UI_F_UI_GET_RESULT_LENGTH 0 +#define UI_F_UI_NEW_METHOD 0 +#define UI_F_UI_PROCESS 0 +#define UI_F_UI_SET_RESULT 0 +#define UI_F_UI_SET_RESULT_EX 0 /* * X509 function codes. */ -# define X509_F_ADD_CERT_DIR 0 -# define X509_F_BUILD_CHAIN 0 -# define X509_F_BY_FILE_CTRL 0 -# define X509_F_CHECK_NAME_CONSTRAINTS 0 -# define X509_F_CHECK_POLICY 0 -# define X509_F_DANE_I2D 0 -# define X509_F_DIR_CTRL 0 -# define X509_F_GET_CERT_BY_SUBJECT 0 -# define X509_F_I2D_X509_AUX 0 -# define X509_F_LOOKUP_CERTS_SK 0 -# define X509_F_NETSCAPE_SPKI_B64_DECODE 0 -# define X509_F_NETSCAPE_SPKI_B64_ENCODE 0 -# define X509_F_NEW_DIR 0 -# define X509_F_X509AT_ADD1_ATTR 0 -# define X509_F_X509V3_ADD_EXT 0 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 0 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 0 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 0 -# define X509_F_X509_ATTRIBUTE_GET0_DATA 0 -# define X509_F_X509_ATTRIBUTE_SET1_DATA 0 -# define X509_F_X509_CHECK_PRIVATE_KEY 0 -# define X509_F_X509_CRL_DIFF 0 -# define X509_F_X509_CRL_METHOD_NEW 0 -# define X509_F_X509_CRL_PRINT_FP 0 -# define X509_F_X509_EXTENSION_CREATE_BY_NID 0 -# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 0 -# define X509_F_X509_GET_PUBKEY_PARAMETERS 0 -# define X509_F_X509_LOAD_CERT_CRL_FILE 0 -# define X509_F_X509_LOAD_CERT_FILE 0 -# define X509_F_X509_LOAD_CRL_FILE 0 -# define X509_F_X509_LOOKUP_METH_NEW 0 -# define X509_F_X509_LOOKUP_NEW 0 -# define X509_F_X509_NAME_ADD_ENTRY 0 -# define X509_F_X509_NAME_CANON 0 -# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 0 -# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 0 -# define X509_F_X509_NAME_ENTRY_SET_OBJECT 0 -# define X509_F_X509_NAME_ONELINE 0 -# define X509_F_X509_NAME_PRINT 0 -# define X509_F_X509_OBJECT_NEW 0 -# define X509_F_X509_PRINT_EX_FP 0 -# define X509_F_X509_PUBKEY_DECODE 0 -# define X509_F_X509_PUBKEY_GET 0 -# define X509_F_X509_PUBKEY_GET0 0 -# define X509_F_X509_PUBKEY_SET 0 -# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 0 -# define X509_F_X509_REQ_PRINT_EX 0 -# define X509_F_X509_REQ_PRINT_FP 0 -# define X509_F_X509_REQ_TO_X509 0 -# define X509_F_X509_STORE_ADD_CERT 0 -# define X509_F_X509_STORE_ADD_CRL 0 -# define X509_F_X509_STORE_ADD_LOOKUP 0 -# define X509_F_X509_STORE_CTX_GET1_ISSUER 0 -# define X509_F_X509_STORE_CTX_INIT 0 -# define X509_F_X509_STORE_CTX_NEW 0 -# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 0 -# define X509_F_X509_STORE_NEW 0 -# define X509_F_X509_TO_X509_REQ 0 -# define X509_F_X509_TRUST_ADD 0 -# define X509_F_X509_TRUST_SET 0 -# define X509_F_X509_VERIFY_CERT 0 -# define X509_F_X509_VERIFY_PARAM_NEW 0 +#define X509_F_ADD_CERT_DIR 0 +#define X509_F_BUILD_CHAIN 0 +#define X509_F_BY_FILE_CTRL 0 +#define X509_F_CHECK_NAME_CONSTRAINTS 0 +#define X509_F_CHECK_POLICY 0 +#define X509_F_DANE_I2D 0 +#define X509_F_DIR_CTRL 0 +#define X509_F_GET_CERT_BY_SUBJECT 0 +#define X509_F_I2D_X509_AUX 0 +#define X509_F_LOOKUP_CERTS_SK 0 +#define X509_F_NETSCAPE_SPKI_B64_DECODE 0 +#define X509_F_NETSCAPE_SPKI_B64_ENCODE 0 +#define X509_F_NEW_DIR 0 +#define X509_F_X509AT_ADD1_ATTR 0 +#define X509_F_X509V3_ADD_EXT 0 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 0 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 0 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 0 +#define X509_F_X509_ATTRIBUTE_GET0_DATA 0 +#define X509_F_X509_ATTRIBUTE_SET1_DATA 0 +#define X509_F_X509_CHECK_PRIVATE_KEY 0 +#define X509_F_X509_CRL_DIFF 0 +#define X509_F_X509_CRL_METHOD_NEW 0 +#define X509_F_X509_CRL_PRINT_FP 0 +#define X509_F_X509_EXTENSION_CREATE_BY_NID 0 +#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 0 +#define X509_F_X509_GET_PUBKEY_PARAMETERS 0 +#define X509_F_X509_LOAD_CERT_CRL_FILE 0 +#define X509_F_X509_LOAD_CERT_FILE 0 +#define X509_F_X509_LOAD_CRL_FILE 0 +#define X509_F_X509_LOOKUP_METH_NEW 0 +#define X509_F_X509_LOOKUP_NEW 0 +#define X509_F_X509_NAME_ADD_ENTRY 0 +#define X509_F_X509_NAME_CANON 0 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 0 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 0 +#define X509_F_X509_NAME_ENTRY_SET_OBJECT 0 +#define X509_F_X509_NAME_ONELINE 0 +#define X509_F_X509_NAME_PRINT 0 +#define X509_F_X509_OBJECT_NEW 0 +#define X509_F_X509_PRINT_EX_FP 0 +#define X509_F_X509_PUBKEY_DECODE 0 +#define X509_F_X509_PUBKEY_GET 0 +#define X509_F_X509_PUBKEY_GET0 0 +#define X509_F_X509_PUBKEY_SET 0 +#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 0 +#define X509_F_X509_REQ_PRINT_EX 0 +#define X509_F_X509_REQ_PRINT_FP 0 +#define X509_F_X509_REQ_TO_X509 0 +#define X509_F_X509_STORE_ADD_CERT 0 +#define X509_F_X509_STORE_ADD_CRL 0 +#define X509_F_X509_STORE_ADD_LOOKUP 0 +#define X509_F_X509_STORE_CTX_GET1_ISSUER 0 +#define X509_F_X509_STORE_CTX_INIT 0 +#define X509_F_X509_STORE_CTX_NEW 0 +#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 0 +#define X509_F_X509_STORE_NEW 0 +#define X509_F_X509_TO_X509_REQ 0 +#define X509_F_X509_TRUST_ADD 0 +#define X509_F_X509_TRUST_SET 0 +#define X509_F_X509_VERIFY_CERT 0 +#define X509_F_X509_VERIFY_PARAM_NEW 0 /* * X509V3 function codes. */ -# define X509V3_F_A2I_GENERAL_NAME 0 -# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 0 -# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 0 -# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 0 -# define X509V3_F_BIGNUM_TO_STRING 0 -# define X509V3_F_COPY_EMAIL 0 -# define X509V3_F_COPY_ISSUER 0 -# define X509V3_F_DO_DIRNAME 0 -# define X509V3_F_DO_EXT_I2D 0 -# define X509V3_F_DO_EXT_NCONF 0 -# define X509V3_F_GNAMES_FROM_SECTNAME 0 -# define X509V3_F_I2S_ASN1_ENUMERATED 0 -# define X509V3_F_I2S_ASN1_IA5STRING 0 -# define X509V3_F_I2S_ASN1_INTEGER 0 -# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 0 -# define X509V3_F_LEVEL_ADD_NODE 0 -# define X509V3_F_NOTICE_SECTION 0 -# define X509V3_F_NREF_NOS 0 -# define X509V3_F_POLICY_CACHE_CREATE 0 -# define X509V3_F_POLICY_CACHE_NEW 0 -# define X509V3_F_POLICY_DATA_NEW 0 -# define X509V3_F_POLICY_SECTION 0 -# define X509V3_F_PROCESS_PCI_VALUE 0 -# define X509V3_F_R2I_CERTPOL 0 -# define X509V3_F_R2I_PCI 0 -# define X509V3_F_S2I_ASN1_IA5STRING 0 -# define X509V3_F_S2I_ASN1_INTEGER 0 -# define X509V3_F_S2I_ASN1_OCTET_STRING 0 -# define X509V3_F_S2I_SKEY_ID 0 -# define X509V3_F_SET_DIST_POINT_NAME 0 -# define X509V3_F_SXNET_ADD_ID_ASC 0 -# define X509V3_F_SXNET_ADD_ID_INTEGER 0 -# define X509V3_F_SXNET_ADD_ID_ULONG 0 -# define X509V3_F_SXNET_GET_ID_ASC 0 -# define X509V3_F_SXNET_GET_ID_ULONG 0 -# define X509V3_F_TREE_INIT 0 -# define X509V3_F_V2I_ASIDENTIFIERS 0 -# define X509V3_F_V2I_ASN1_BIT_STRING 0 -# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 0 -# define X509V3_F_V2I_AUTHORITY_KEYID 0 -# define X509V3_F_V2I_BASIC_CONSTRAINTS 0 -# define X509V3_F_V2I_CRLD 0 -# define X509V3_F_V2I_EXTENDED_KEY_USAGE 0 -# define X509V3_F_V2I_GENERAL_NAMES 0 -# define X509V3_F_V2I_GENERAL_NAME_EX 0 -# define X509V3_F_V2I_IDP 0 -# define X509V3_F_V2I_IPADDRBLOCKS 0 -# define X509V3_F_V2I_ISSUER_ALT 0 -# define X509V3_F_V2I_NAME_CONSTRAINTS 0 -# define X509V3_F_V2I_POLICY_CONSTRAINTS 0 -# define X509V3_F_V2I_POLICY_MAPPINGS 0 -# define X509V3_F_V2I_SUBJECT_ALT 0 -# define X509V3_F_V2I_TLS_FEATURE 0 -# define X509V3_F_V3_GENERIC_EXTENSION 0 -# define X509V3_F_X509V3_ADD1_I2D 0 -# define X509V3_F_X509V3_ADD_VALUE 0 -# define X509V3_F_X509V3_EXT_ADD 0 -# define X509V3_F_X509V3_EXT_ADD_ALIAS 0 -# define X509V3_F_X509V3_EXT_I2D 0 -# define X509V3_F_X509V3_EXT_NCONF 0 -# define X509V3_F_X509V3_GET_SECTION 0 -# define X509V3_F_X509V3_GET_STRING 0 -# define X509V3_F_X509V3_GET_VALUE_BOOL 0 -# define X509V3_F_X509V3_PARSE_LIST 0 -# define X509V3_F_X509_PURPOSE_ADD 0 -# define X509V3_F_X509_PURPOSE_SET 0 +#define X509V3_F_A2I_GENERAL_NAME 0 +#define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 0 +#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 0 +#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 0 +#define X509V3_F_BIGNUM_TO_STRING 0 +#define X509V3_F_COPY_EMAIL 0 +#define X509V3_F_COPY_ISSUER 0 +#define X509V3_F_DO_DIRNAME 0 +#define X509V3_F_DO_EXT_I2D 0 +#define X509V3_F_DO_EXT_NCONF 0 +#define X509V3_F_GNAMES_FROM_SECTNAME 0 +#define X509V3_F_I2S_ASN1_ENUMERATED 0 +#define X509V3_F_I2S_ASN1_IA5STRING 0 +#define X509V3_F_I2S_ASN1_INTEGER 0 +#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 0 +#define X509V3_F_LEVEL_ADD_NODE 0 +#define X509V3_F_NOTICE_SECTION 0 +#define X509V3_F_NREF_NOS 0 +#define X509V3_F_POLICY_CACHE_CREATE 0 +#define X509V3_F_POLICY_CACHE_NEW 0 +#define X509V3_F_POLICY_DATA_NEW 0 +#define X509V3_F_POLICY_SECTION 0 +#define X509V3_F_PROCESS_PCI_VALUE 0 +#define X509V3_F_R2I_CERTPOL 0 +#define X509V3_F_R2I_PCI 0 +#define X509V3_F_S2I_ASN1_IA5STRING 0 +#define X509V3_F_S2I_ASN1_INTEGER 0 +#define X509V3_F_S2I_ASN1_OCTET_STRING 0 +#define X509V3_F_S2I_SKEY_ID 0 +#define X509V3_F_SET_DIST_POINT_NAME 0 +#define X509V3_F_SXNET_ADD_ID_ASC 0 +#define X509V3_F_SXNET_ADD_ID_INTEGER 0 +#define X509V3_F_SXNET_ADD_ID_ULONG 0 +#define X509V3_F_SXNET_GET_ID_ASC 0 +#define X509V3_F_SXNET_GET_ID_ULONG 0 +#define X509V3_F_TREE_INIT 0 +#define X509V3_F_V2I_ASIDENTIFIERS 0 +#define X509V3_F_V2I_ASN1_BIT_STRING 0 +#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 0 +#define X509V3_F_V2I_AUTHORITY_KEYID 0 +#define X509V3_F_V2I_BASIC_CONSTRAINTS 0 +#define X509V3_F_V2I_CRLD 0 +#define X509V3_F_V2I_EXTENDED_KEY_USAGE 0 +#define X509V3_F_V2I_GENERAL_NAMES 0 +#define X509V3_F_V2I_GENERAL_NAME_EX 0 +#define X509V3_F_V2I_IDP 0 +#define X509V3_F_V2I_IPADDRBLOCKS 0 +#define X509V3_F_V2I_ISSUER_ALT 0 +#define X509V3_F_V2I_NAME_CONSTRAINTS 0 +#define X509V3_F_V2I_POLICY_CONSTRAINTS 0 +#define X509V3_F_V2I_POLICY_MAPPINGS 0 +#define X509V3_F_V2I_SUBJECT_ALT 0 +#define X509V3_F_V2I_TLS_FEATURE 0 +#define X509V3_F_V3_GENERIC_EXTENSION 0 +#define X509V3_F_X509V3_ADD1_I2D 0 +#define X509V3_F_X509V3_ADD_VALUE 0 +#define X509V3_F_X509V3_EXT_ADD 0 +#define X509V3_F_X509V3_EXT_ADD_ALIAS 0 +#define X509V3_F_X509V3_EXT_I2D 0 +#define X509V3_F_X509V3_EXT_NCONF 0 +#define X509V3_F_X509V3_GET_SECTION 0 +#define X509V3_F_X509V3_GET_STRING 0 +#define X509V3_F_X509V3_GET_VALUE_BOOL 0 +#define X509V3_F_X509V3_PARSE_LIST 0 +#define X509V3_F_X509_PURPOSE_ADD 0 +#define X509V3_F_X509_PURPOSE_SET 0 /* * Compatibility defines. */ -# define EVP_R_OPERATON_NOT_INITIALIZED EVP_R_OPERATION_NOT_INITIALIZED +#define EVP_R_OPERATON_NOT_INITIALIZED EVP_R_OPERATION_NOT_INITIALIZED -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/ct.h.orig +++ crypto/openssl/include/openssl/ct.h @@ -10,35 +10,37 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_CT_H -# define OPENSSL_CT_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CT_H -# endif - -# include - -# ifndef OPENSSL_NO_CT -# include -# include -# include -# include -# ifdef __cplusplus -extern "C" { -# endif +#define OPENSSL_CT_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CT_H +#endif +#include + +#ifndef OPENSSL_NO_CT +#include +#include +#include +#include +#ifdef __cplusplus +extern "C" { +#endif /* Minimum RSA key size, from RFC6962 */ -# define SCT_MIN_RSA_BITS 2048 +#define SCT_MIN_RSA_BITS 2048 /* All hashes are SHA256 in v1 of Certificate Transparency */ -# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH +#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(SCT, SCT, SCT) #define sk_SCT_num(sk) OPENSSL_sk_num(ossl_check_const_SCT_sk_type(sk)) #define sk_SCT_value(sk, idx) ((SCT *)OPENSSL_sk_value(ossl_check_const_SCT_sk_type(sk), (idx))) @@ -92,7 +94,7 @@ #define sk_CTLOG_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CTLOG) *)OPENSSL_sk_deep_copy(ossl_check_const_CTLOG_sk_type(sk), ossl_check_CTLOG_copyfunc_type(copyfunc), ossl_check_CTLOG_freefunc_type(freefunc))) #define sk_CTLOG_set_cmp_func(sk, cmp) ((sk_CTLOG_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CTLOG_sk_type(sk), ossl_check_CTLOG_compfunc_type(cmp))) - +/* clang-format on */ typedef enum { CT_LOG_ENTRY_TYPE_NOT_SET = -1, @@ -132,8 +134,8 @@ * with the CT_POLICY_EVAL_CTX. */ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, - const char *propq); - + const char *propq); + /* * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library * context and property query string is used. @@ -144,7 +146,7 @@ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); /* Gets the peer certificate that the SCTs are for */ -X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); +X509 *CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); /* * Sets the certificate associated with the received SCTs. @@ -154,7 +156,7 @@ int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); /* Gets the issuer of the aforementioned certificate */ -X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); +X509 *CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); /* * Sets the issuer of the certificate associated with the received SCTs. @@ -168,7 +170,7 @@ /* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, - CTLOG_STORE *log_store); + CTLOG_STORE *log_store); /* * Gets the time, in milliseconds since the Unix epoch, that will be used as the @@ -200,11 +202,11 @@ * The caller is responsible for calling SCT_free when finished with the SCT. */ SCT *SCT_new_from_base64(unsigned char version, - const char *logid_base64, - ct_log_entry_type_t entry_type, - uint64_t timestamp, - const char *extensions_base64, - const char *signature_base64); + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); /* * Frees the SCT and the underlying data structures. @@ -259,7 +261,7 @@ * Returns 1 on success, 0 otherwise. */ __owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, - size_t log_id_len); + size_t log_id_len); /* * Returns the timestamp for the SCT (epoch time in milliseconds). @@ -305,7 +307,7 @@ * Returns 1 on success, 0 otherwise. */ __owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, - size_t ext_len); + size_t ext_len); /* * Set *sig to point to the signature for the SCT. sig must not be NULL. @@ -325,7 +327,7 @@ * Returns 1 on success, 0 otherwise. */ __owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, - size_t sig_len); + size_t sig_len); /* * The origin of this SCT, e.g. TLS extension, OCSP response, etc. @@ -359,7 +361,7 @@ * came from, so that the log names can be printed. */ void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, - const char *separator, const CTLOG_STORE *logs); + const char *separator, const CTLOG_STORE *logs); /* * Gets the last result of validating this SCT. @@ -384,8 +386,7 @@ * Returns a negative integer if an error occurs. */ __owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, - CT_POLICY_EVAL_CTX *ctx); - + CT_POLICY_EVAL_CTX *ctx); /********************************* * SCT parsing and serialization * @@ -416,7 +417,7 @@ * not defined. */ STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - size_t len); + size_t len); /* * Serialize (to DER format) a stack of SCTs and return the length. @@ -443,7 +444,7 @@ * not defined. */ STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - long len); + long len); /* * Serialize (to TLS format) an |sct| and write it to |out|. @@ -482,7 +483,7 @@ * Should be deleted by the caller using CTLOG_free when no longer needed. */ CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); /* * The same as CTLOG_new_ex except that the default library context and @@ -499,16 +500,16 @@ * Should be deleted by the caller using CTLOG_free when no longer needed. */ int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64, - const char *name, OSSL_LIB_CTX *libctx, - const char *propq); + const char *name, OSSL_LIB_CTX *libctx, + const char *propq); /* * The same as CTLOG_new_from_base64_ex() except that the default * library context and property query string are used. * Returns 1 on success, 0 on failure. */ -int CTLOG_new_from_base64(CTLOG ** ct_log, - const char *pkey_base64, const char *name); +int CTLOG_new_from_base64(CTLOG **ct_log, + const char *pkey_base64, const char *name); /* * Deletes a CT log instance and its fields. @@ -519,7 +520,7 @@ const char *CTLOG_get0_name(const CTLOG *log); /* Gets the ID of the CT log */ void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, - size_t *log_id_len); + size_t *log_id_len); /* Gets the public key of the CT log */ EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); @@ -551,8 +552,8 @@ * Returns the CT log, or NULL if no match is found. */ const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, - const uint8_t *log_id, - size_t log_id_len); + const uint8_t *log_id, + size_t log_id_len); /* * Loads a CT log list into a |store| from a |file|. @@ -566,8 +567,8 @@ */ __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/ct.h.in.orig +++ crypto/openssl/include/openssl/ct.h.in @@ -9,42 +9,44 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_CT_H -# define OPENSSL_CT_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_CT_H -# endif - -# include - -# ifndef OPENSSL_NO_CT -# include -# include -# include -# include -# ifdef __cplusplus -extern "C" { -# endif +#define OPENSSL_CT_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_CT_H +#endif +#include + +#ifndef OPENSSL_NO_CT +#include +#include +#include +#include +#ifdef __cplusplus +extern "C" { +#endif /* Minimum RSA key size, from RFC6962 */ -# define SCT_MIN_RSA_BITS 2048 +#define SCT_MIN_RSA_BITS 2048 /* All hashes are SHA256 in v1 of Certificate Transparency */ -# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH +#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH +/* clang-format off */ {- generate_stack_macros("SCT") .generate_stack_macros("CTLOG"); -} - +/* clang-format on */ typedef enum { CT_LOG_ENTRY_TYPE_NOT_SET = -1, @@ -84,8 +86,8 @@ * with the CT_POLICY_EVAL_CTX. */ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, - const char *propq); - + const char *propq); + /* * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library * context and property query string is used. @@ -96,7 +98,7 @@ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); /* Gets the peer certificate that the SCTs are for */ -X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); +X509 *CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); /* * Sets the certificate associated with the received SCTs. @@ -106,7 +108,7 @@ int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); /* Gets the issuer of the aforementioned certificate */ -X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); +X509 *CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); /* * Sets the issuer of the certificate associated with the received SCTs. @@ -120,7 +122,7 @@ /* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, - CTLOG_STORE *log_store); + CTLOG_STORE *log_store); /* * Gets the time, in milliseconds since the Unix epoch, that will be used as the @@ -152,11 +154,11 @@ * The caller is responsible for calling SCT_free when finished with the SCT. */ SCT *SCT_new_from_base64(unsigned char version, - const char *logid_base64, - ct_log_entry_type_t entry_type, - uint64_t timestamp, - const char *extensions_base64, - const char *signature_base64); + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); /* * Frees the SCT and the underlying data structures. @@ -211,7 +213,7 @@ * Returns 1 on success, 0 otherwise. */ __owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, - size_t log_id_len); + size_t log_id_len); /* * Returns the timestamp for the SCT (epoch time in milliseconds). @@ -257,7 +259,7 @@ * Returns 1 on success, 0 otherwise. */ __owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, - size_t ext_len); + size_t ext_len); /* * Set *sig to point to the signature for the SCT. sig must not be NULL. @@ -277,7 +279,7 @@ * Returns 1 on success, 0 otherwise. */ __owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, - size_t sig_len); + size_t sig_len); /* * The origin of this SCT, e.g. TLS extension, OCSP response, etc. @@ -311,7 +313,7 @@ * came from, so that the log names can be printed. */ void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, - const char *separator, const CTLOG_STORE *logs); + const char *separator, const CTLOG_STORE *logs); /* * Gets the last result of validating this SCT. @@ -336,8 +338,7 @@ * Returns a negative integer if an error occurs. */ __owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, - CT_POLICY_EVAL_CTX *ctx); - + CT_POLICY_EVAL_CTX *ctx); /********************************* * SCT parsing and serialization * @@ -368,7 +369,7 @@ * not defined. */ STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - size_t len); + size_t len); /* * Serialize (to DER format) a stack of SCTs and return the length. @@ -395,7 +396,7 @@ * not defined. */ STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - long len); + long len); /* * Serialize (to TLS format) an |sct| and write it to |out|. @@ -434,7 +435,7 @@ * Should be deleted by the caller using CTLOG_free when no longer needed. */ CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); /* * The same as CTLOG_new_ex except that the default library context and @@ -451,16 +452,16 @@ * Should be deleted by the caller using CTLOG_free when no longer needed. */ int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64, - const char *name, OSSL_LIB_CTX *libctx, - const char *propq); + const char *name, OSSL_LIB_CTX *libctx, + const char *propq); /* * The same as CTLOG_new_from_base64_ex() except that the default * library context and property query string are used. * Returns 1 on success, 0 on failure. */ -int CTLOG_new_from_base64(CTLOG ** ct_log, - const char *pkey_base64, const char *name); +int CTLOG_new_from_base64(CTLOG **ct_log, + const char *pkey_base64, const char *name); /* * Deletes a CT log instance and its fields. @@ -471,7 +472,7 @@ const char *CTLOG_get0_name(const CTLOG *log); /* Gets the ID of the CT log */ void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, - size_t *log_id_len); + size_t *log_id_len); /* Gets the public key of the CT log */ EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); @@ -503,8 +504,8 @@ * Returns the CT log, or NULL if no match is found. */ const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, - const uint8_t *log_id, - size_t log_id_len); + const uint8_t *log_id, + size_t log_id_len); /* * Loads a CT log list into a |store| from a |file|. @@ -518,8 +519,8 @@ */ __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/cterr.h.orig +++ crypto/openssl/include/openssl/cterr.h @@ -9,37 +9,35 @@ */ #ifndef OPENSSL_CTERR_H -# define OPENSSL_CTERR_H -# pragma once +#define OPENSSL_CTERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_CT +#include +#include +#include +#ifndef OPENSSL_NO_CT /* * CT reason codes. */ -# define CT_R_BASE64_DECODE_ERROR 108 -# define CT_R_INVALID_LOG_ID_LENGTH 100 -# define CT_R_LOG_CONF_INVALID 109 -# define CT_R_LOG_CONF_INVALID_KEY 110 -# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 -# define CT_R_LOG_CONF_MISSING_KEY 112 -# define CT_R_LOG_KEY_INVALID 113 -# define CT_R_SCT_FUTURE_TIMESTAMP 116 -# define CT_R_SCT_INVALID 104 -# define CT_R_SCT_INVALID_SIGNATURE 107 -# define CT_R_SCT_LIST_INVALID 105 -# define CT_R_SCT_LOG_ID_MISMATCH 114 -# define CT_R_SCT_NOT_SET 106 -# define CT_R_SCT_UNSUPPORTED_VERSION 115 -# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 -# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 -# define CT_R_UNSUPPORTED_VERSION 103 +#define CT_R_BASE64_DECODE_ERROR 108 +#define CT_R_INVALID_LOG_ID_LENGTH 100 +#define CT_R_LOG_CONF_INVALID 109 +#define CT_R_LOG_CONF_INVALID_KEY 110 +#define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +#define CT_R_LOG_CONF_MISSING_KEY 112 +#define CT_R_LOG_KEY_INVALID 113 +#define CT_R_SCT_FUTURE_TIMESTAMP 116 +#define CT_R_SCT_INVALID 104 +#define CT_R_SCT_INVALID_SIGNATURE 107 +#define CT_R_SCT_LIST_INVALID 105 +#define CT_R_SCT_LOG_ID_MISMATCH 114 +#define CT_R_SCT_NOT_SET 106 +#define CT_R_SCT_UNSUPPORTED_VERSION 115 +#define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +#define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +#define CT_R_UNSUPPORTED_VERSION 103 -# endif +#endif #endif --- crypto/openssl/include/openssl/decoder.h.orig +++ crypto/openssl/include/openssl/decoder.h @@ -8,26 +8,26 @@ */ #ifndef OPENSSL_DECODER_H -# define OPENSSL_DECODER_H -# pragma once +#define OPENSSL_DECODER_H +#pragma once -# include +#include -# ifndef OPENSSL_NO_STDIO -# include -# endif -# include -# include -# include -# include -# include +#ifndef OPENSSL_NO_STDIO +#include +#endif +#include +#include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif OSSL_DECODER *OSSL_DECODER_fetch(OSSL_LIB_CTX *libctx, const char *name, - const char *properties); + const char *properties); int OSSL_DECODER_up_ref(OSSL_DECODER *encoder); void OSSL_DECODER_free(OSSL_DECODER *encoder); @@ -38,31 +38,31 @@ int OSSL_DECODER_is_a(const OSSL_DECODER *encoder, const char *name); void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(OSSL_DECODER *encoder, void *arg), - void *arg); + void (*fn)(OSSL_DECODER *encoder, void *arg), + void *arg); int OSSL_DECODER_names_do_all(const OSSL_DECODER *encoder, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *OSSL_DECODER_gettable_params(OSSL_DECODER *decoder); int OSSL_DECODER_get_params(OSSL_DECODER *decoder, OSSL_PARAM params[]); const OSSL_PARAM *OSSL_DECODER_settable_ctx_params(OSSL_DECODER *encoder); OSSL_DECODER_CTX *OSSL_DECODER_CTX_new(void); int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx, - const OSSL_PARAM params[]); + const OSSL_PARAM params[]); void OSSL_DECODER_CTX_free(OSSL_DECODER_CTX *ctx); /* Utilities that help set specific parameters */ int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, - const unsigned char *kstr, size_t klen); + const unsigned char *kstr, size_t klen); int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx, - pem_password_cb *cb, void *cbarg); + pem_password_cb *cb, void *cbarg); int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, - void *cbarg); + OSSL_PASSPHRASE_CALLBACK *cb, + void *cbarg); int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx, - const UI_METHOD *ui_method, - void *ui_data); + const UI_METHOD *ui_method, + void *ui_data); /* * Utilities to read the object to decode, with the result sent to cb. @@ -71,12 +71,12 @@ int OSSL_DECODER_CTX_set_selection(OSSL_DECODER_CTX *ctx, int selection); int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx, - const char *input_type); + const char *input_type); int OSSL_DECODER_CTX_set_input_structure(OSSL_DECODER_CTX *ctx, - const char *input_structure); + const char *input_structure); int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder); int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int OSSL_DECODER_CTX_get_num_decoders(OSSL_DECODER_CTX *ctx); typedef struct ossl_decoder_instance_st OSSL_DECODER_INSTANCE; @@ -88,33 +88,33 @@ OSSL_DECODER_INSTANCE_get_input_type(OSSL_DECODER_INSTANCE *decoder_inst); const char * OSSL_DECODER_INSTANCE_get_input_structure(OSSL_DECODER_INSTANCE *decoder_inst, - int *was_set); + int *was_set); typedef int OSSL_DECODER_CONSTRUCT(OSSL_DECODER_INSTANCE *decoder_inst, - const OSSL_PARAM *params, - void *construct_data); + const OSSL_PARAM *params, + void *construct_data); typedef void OSSL_DECODER_CLEANUP(void *construct_data); int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_CONSTRUCT *construct); + OSSL_DECODER_CONSTRUCT *construct); int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx, - void *construct_data); + void *construct_data); int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_CLEANUP *cleanup); + OSSL_DECODER_CLEANUP *cleanup); OSSL_DECODER_CONSTRUCT *OSSL_DECODER_CTX_get_construct(OSSL_DECODER_CTX *ctx); void *OSSL_DECODER_CTX_get_construct_data(OSSL_DECODER_CTX *ctx); OSSL_DECODER_CLEANUP *OSSL_DECODER_CTX_get_cleanup(OSSL_DECODER_CTX *ctx); int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst, - void *reference, size_t reference_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg); + void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg); int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in); #ifndef OPENSSL_NO_STDIO int OSSL_DECODER_from_fp(OSSL_DECODER_CTX *ctx, FILE *in); #endif int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata, - size_t *pdata_len); + size_t *pdata_len); /* * Create the OSSL_DECODER_CTX with an associated type. This will perform @@ -122,12 +122,12 @@ */ OSSL_DECODER_CTX * OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey, - const char *input_type, - const char *input_struct, - const char *keytype, int selection, - OSSL_LIB_CTX *libctx, const char *propquery); + const char *input_type, + const char *input_struct, + const char *keytype, int selection, + OSSL_LIB_CTX *libctx, const char *propquery); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/decodererr.h.orig +++ crypto/openssl/include/openssl/decodererr.h @@ -9,20 +9,18 @@ */ #ifndef OPENSSL_DECODERERR_H -# define OPENSSL_DECODERERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_DECODERERR_H +#pragma once +#include +#include +#include /* * OSSL_DECODER reason codes. */ -# define OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT 101 -# define OSSL_DECODER_R_DECODER_NOT_FOUND 102 -# define OSSL_DECODER_R_MISSING_GET_PARAMS 100 +#define OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT 101 +#define OSSL_DECODER_R_DECODER_NOT_FOUND 102 +#define OSSL_DECODER_R_MISSING_GET_PARAMS 100 #endif --- crypto/openssl/include/openssl/des.h.orig +++ crypto/openssl/include/openssl/des.h @@ -8,29 +8,29 @@ */ #ifndef OPENSSL_DES_H -# define OPENSSL_DES_H -# pragma once +#define OPENSSL_DES_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_DES_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_DES_H +#endif -# include +#include -# ifndef OPENSSL_NO_DES -# ifdef __cplusplus +#ifndef OPENSSL_NO_DES +#ifdef __cplusplus extern "C" { -# endif -# include +#endif +#include -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef unsigned int DES_LONG; -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +#undef OPENSSL_EXTERN +#define OPENSSL_EXTERN OPENSSL_EXPORT +#endif typedef unsigned char DES_cblock[8]; typedef /* const */ unsigned char const_DES_cblock[8]; @@ -49,62 +49,62 @@ } ks[16]; } DES_key_schedule; -# define DES_KEY_SZ (sizeof(DES_cblock)) -# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) +#define DES_KEY_SZ (sizeof(DES_cblock)) +#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) -# define DES_ENCRYPT 1 -# define DES_DECRYPT 0 +#define DES_ENCRYPT 1 +#define DES_DECRYPT 0 -# define DES_CBC_MODE 0 -# define DES_PCBC_MODE 1 +#define DES_CBC_MODE 0 +#define DES_PCBC_MODE 1 -# define DES_ecb2_encrypt(i,o,k1,k2,e) \ - DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) +#define DES_ecb2_encrypt(i, o, k1, k2, e) \ + DES_ecb3_encrypt((i), (o), (k1), (k2), (k1), (e)) -# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) +#define DES_ede2_cbc_encrypt(i, o, l, k1, k2, iv, e) \ + DES_ede3_cbc_encrypt((i), (o), (l), (k1), (k2), (k1), (iv), (e)) -# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) +#define DES_ede2_cfb64_encrypt(i, o, l, k1, k2, iv, n, e) \ + DES_ede3_cfb64_encrypt((i), (o), (l), (k1), (k2), (k1), (iv), (n), (e)) -# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) +#define DES_ede2_ofb64_encrypt(i, o, l, k1, k2, iv, n) \ + DES_ede3_ofb64_encrypt((i), (o), (l), (k1), (k2), (k1), (iv), (n)) -# define DES_fixup_key_parity DES_set_odd_parity -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DES_fixup_key_parity DES_set_odd_parity +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const char *DES_options(void); OSSL_DEPRECATEDIN_3_0 void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, int enc); + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); OSSL_DEPRECATEDIN_3_0 DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, - long length, DES_key_schedule *schedule, - const_DES_cblock *ivec); -# endif + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +#endif /* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *schedule, DES_cblock *ivec, - int enc); + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); OSSL_DEPRECATEDIN_3_0 void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *schedule, DES_cblock *ivec, - int enc); + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); OSSL_DEPRECATEDIN_3_0 void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *schedule, DES_cblock *ivec, - const_DES_cblock *inw, const_DES_cblock *outw, int enc); + long length, DES_key_schedule *schedule, DES_cblock *ivec, + const_DES_cblock *inw, const_DES_cblock *outw, int enc); OSSL_DEPRECATEDIN_3_0 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, DES_cblock *ivec, - int enc); + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); OSSL_DEPRECATEDIN_3_0 void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks, int enc); -# endif + DES_key_schedule *ks, int enc); +#endif /* * This is the DES encryption function that gets called by just about every @@ -116,10 +116,10 @@ * long's and ks is the DES_key_schedule to use. enc, is non zero specifies * encryption, zero if decryption. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); -# endif +#endif /* * This functions is the same as DES_encrypt1() except that the DES initial @@ -129,59 +129,59 @@ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() * DES_encrypt1() DES_encrypt1() except faster :-). */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); OSSL_DEPRECATEDIN_3_0 void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3); + DES_key_schedule *ks3); OSSL_DEPRECATEDIN_3_0 void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3); + DES_key_schedule *ks3); OSSL_DEPRECATEDIN_3_0 void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int enc); + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); OSSL_DEPRECATEDIN_3_0 void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int *num, int enc); + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); OSSL_DEPRECATEDIN_3_0 void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, - int numbits, long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int enc); + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); OSSL_DEPRECATEDIN_3_0 void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int *num); + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); OSSL_DEPRECATEDIN_3_0 char *DES_fcrypt(const char *buf, const char *salt, char *ret); OSSL_DEPRECATEDIN_3_0 char *DES_crypt(const char *buf, const char *salt); OSSL_DEPRECATEDIN_3_0 void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, DES_cblock *ivec); + long length, DES_key_schedule *schedule, DES_cblock *ivec); OSSL_DEPRECATEDIN_3_0 void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int enc); + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); OSSL_DEPRECATEDIN_3_0 DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], - long length, int out_count, DES_cblock *seed); + long length, int out_count, DES_cblock *seed); OSSL_DEPRECATEDIN_3_0 int DES_random_key(DES_cblock *ret); OSSL_DEPRECATEDIN_3_0 void DES_set_odd_parity(DES_cblock *key); OSSL_DEPRECATEDIN_3_0 int DES_check_key_parity(const_DES_cblock *key); OSSL_DEPRECATEDIN_3_0 int DES_is_weak_key(const_DES_cblock *key); -# endif +#endif /* * DES_set_key (= set_key = DES_key_sched = key_sched) calls * DES_set_key_checked */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); OSSL_DEPRECATEDIN_3_0 @@ -195,17 +195,17 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); OSSL_DEPRECATEDIN_3_0 void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int *num, int enc); + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc); OSSL_DEPRECATEDIN_3_0 void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int *num); -# endif + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/dh.h.orig +++ crypto/openssl/include/openssl/dh.h @@ -8,34 +8,34 @@ */ #ifndef OPENSSL_DH_H -# define OPENSSL_DH_H -# pragma once +#define OPENSSL_DH_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_DH_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_DH_H +#endif -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif #include /* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */ -# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a safe prime generator */ -# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use FIPS186-2 standard */ -# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */ -# define DH_PARAMGEN_TYPE_GROUP 3 /* Use a named safe prime group */ +#define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a safe prime generator */ +#define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use FIPS186-2 standard */ +#define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */ +#define DH_PARAMGEN_TYPE_GROUP 3 /* Use a named safe prime group */ int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ); int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex); int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, - size_t seedlen); + const unsigned char *seed, + size_t seedlen); int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits); int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qlen); int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); @@ -53,65 +53,65 @@ int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); #endif -# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) -# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) -# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) -# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) -# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) -# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) -# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) -# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) -# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) -# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) -# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) -# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) -# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) -# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) -# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) -# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) +#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +#define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +#define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +#define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +#define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +#define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +#define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +#define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +#define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +#define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) /* KDF types */ -# define EVP_PKEY_DH_KDF_NONE 1 -# define EVP_PKEY_DH_KDF_X9_42 2 - -# ifndef OPENSSL_NO_DH -# include -# include -# include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# endif -# include +#define EVP_PKEY_DH_KDF_NONE 1 +#define EVP_PKEY_DH_KDF_X9_42 2 + +#ifndef OPENSSL_NO_DH +#include +#include +#include +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#endif +#include -# ifndef OPENSSL_DH_MAX_MODULUS_BITS -# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -# endif +#ifndef OPENSSL_DH_MAX_MODULUS_BITS +#define OPENSSL_DH_MAX_MODULUS_BITS 10000 +#endif -# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS -# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 -# endif +#ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS +#define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 +#endif -# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 +#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -# define DH_FLAG_CACHE_MONT_P 0x01 +#define DH_FLAG_CACHE_MONT_P 0x01 -# define DH_FLAG_TYPE_MASK 0xF000 -# define DH_FLAG_TYPE_DH 0x0000 -# define DH_FLAG_TYPE_DHX 0x1000 +#define DH_FLAG_TYPE_MASK 0xF000 +#define DH_FLAG_TYPE_DH 0x0000 +#define DH_FLAG_TYPE_DHX 0x1000 -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ -# define DH_FLAG_NO_EXP_CONSTTIME 0x00 -# endif +#define DH_FLAG_NO_EXP_CONSTTIME 0x00 +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* * If this flag is set the DH method is FIPS compliant and can be used in * FIPS mode. This is set in the validated module method. If an application @@ -119,7 +119,7 @@ * result is compliant. */ -# define DH_FLAG_FIPS_METHOD 0x0400 +#define DH_FLAG_FIPS_METHOD 0x0400 /* * If this flag is set the operations normally disabled in FIPS mode are @@ -127,8 +127,8 @@ * usage is compliant. */ -# define DH_FLAG_NON_FIPS_ALLOW 0x0400 -# endif +#define DH_FLAG_NON_FIPS_ALLOW 0x0400 +#endif /* Already defined in ossl_typ.h */ /* typedef struct dh_st DH; */ @@ -136,60 +136,60 @@ DECLARE_ASN1_ITEM(DHparams) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DH_GENERATOR_2 2 -# define DH_GENERATOR_3 3 -# define DH_GENERATOR_5 5 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DH_GENERATOR_2 2 +#define DH_GENERATOR_3 3 +#define DH_GENERATOR_5 5 /* DH_check error codes, some of them shared with DH_check_pub_key */ /* * NB: These values must align with the equivalently named macros in * internal/ffc.h. */ -# define DH_CHECK_P_NOT_PRIME 0x01 -# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 -# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 -# define DH_NOT_SUITABLE_GENERATOR 0x08 -# define DH_CHECK_Q_NOT_PRIME 0x10 -# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ -# define DH_CHECK_INVALID_J_VALUE 0x40 -# define DH_MODULUS_TOO_SMALL 0x80 -# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ +#define DH_CHECK_P_NOT_PRIME 0x01 +#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +#define DH_NOT_SUITABLE_GENERATOR 0x08 +#define DH_CHECK_Q_NOT_PRIME 0x10 +#define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ +#define DH_CHECK_INVALID_J_VALUE 0x40 +#define DH_MODULUS_TOO_SMALL 0x80 +#define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ /* DH_check_pub_key error codes */ -# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 -# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 -# define DH_CHECK_PUBKEY_INVALID 0x04 +#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +#define DH_CHECK_PUBKEY_INVALID 0x04 /* * primes p where (p-1)/2 is prime too are called "safe"; we define this for * backward compatibility: */ -# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME - -# define d2i_DHparams_fp(fp, x) \ - (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams, \ - (fp), \ - (unsigned char **)(x)) -# define i2d_DHparams_fp(fp, x) \ - ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) -# define d2i_DHparams_bio(bp, x) \ - ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) -# define i2d_DHparams_bio(bp, x) \ - ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x) - -# define d2i_DHxparams_fp(fp,x) \ - (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHxparams, \ - (fp), \ - (unsigned char **)(x)) -# define i2d_DHxparams_fp(fp, x) \ - ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) -# define d2i_DHxparams_bio(bp, x) \ - ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) -# define i2d_DHxparams_bio(bp, x) \ - ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x) +#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +#define d2i_DHparams_fp(fp, x) \ + (DH *)ASN1_d2i_fp((void *(*)(void))DH_new, \ + (d2i_of_void *)d2i_DHparams, \ + (fp), \ + (void **)(x)) +#define i2d_DHparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DHparams, (fp), (unsigned char *)(x)) +#define d2i_DHparams_bio(bp, x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +#define i2d_DHparams_bio(bp, x) \ + ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x) + +#define d2i_DHxparams_fp(fp, x) \ + (DH *)ASN1_d2i_fp((void *(*)(void))DH_new, \ + (d2i_of_void *)d2i_DHxparams, \ + (fp), \ + (void **)(x)) +#define i2d_DHxparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DHxparams, (fp), (unsigned char *)(x)) +#define d2i_DHxparams_bio(bp, x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +#define i2d_DHxparams_bio(bp, x) \ + ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x) DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams) @@ -207,15 +207,15 @@ OSSL_DEPRECATEDIN_3_0 int DH_size(const DH *dh); OSSL_DEPRECATEDIN_3_0 int DH_security_bits(const DH *dh); -# define DH_get_ex_new_index(l, p, newf, dupf, freef) \ - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) +#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) OSSL_DEPRECATEDIN_3_0 int DH_set_ex_data(DH *d, int idx, void *arg); OSSL_DEPRECATEDIN_3_0 void *DH_get_ex_data(const DH *d, int idx); OSSL_DEPRECATEDIN_3_0 int DH_generate_parameters_ex(DH *dh, int prime_len, - int generator, - BN_GENCB *cb); + int generator, + BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int DH_check_params_ex(const DH *dh); OSSL_DEPRECATEDIN_3_0 int DH_check_ex(const DH *dh); @@ -223,19 +223,19 @@ OSSL_DEPRECATEDIN_3_0 int DH_check_params(const DH *dh, int *ret); OSSL_DEPRECATEDIN_3_0 int DH_check(const DH *dh, int *codes); OSSL_DEPRECATEDIN_3_0 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, - int *codes); + int *codes); OSSL_DEPRECATEDIN_3_0 int DH_generate_key(DH *dh); OSSL_DEPRECATEDIN_3_0 int DH_compute_key(unsigned char *key, - const BIGNUM *pub_key, DH *dh); + const BIGNUM *pub_key, DH *dh); OSSL_DEPRECATEDIN_3_0 int DH_compute_key_padded(unsigned char *key, - const BIGNUM *pub_key, DH *dh); + const BIGNUM *pub_key, DH *dh); DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams) DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DH, DHxparams) -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO OSSL_DEPRECATEDIN_3_0 int DHparams_print_fp(FILE *fp, const DH *x); -# endif +#endif OSSL_DEPRECATEDIN_3_0 int DHparams_print(BIO *bp, const DH *x); /* RFC 5114 parameters */ @@ -249,16 +249,16 @@ /* RFC2631 KDF */ OSSL_DEPRECATEDIN_3_0 int DH_KDF_X9_42(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - ASN1_OBJECT *key_oid, - const unsigned char *ukm, - size_t ukmlen, const EVP_MD *md); + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, + size_t ukmlen, const EVP_MD *md); OSSL_DEPRECATEDIN_3_0 void DH_get0_pqg(const DH *dh, const BIGNUM **p, - const BIGNUM **q, const BIGNUM **g); + const BIGNUM **q, const BIGNUM **g); OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); OSSL_DEPRECATEDIN_3_0 void DH_get0_key(const DH *dh, const BIGNUM **pub_key, - const BIGNUM **priv_key); + const BIGNUM **priv_key); OSSL_DEPRECATEDIN_3_0 int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_p(const DH *dh); OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_q(const DH *dh); @@ -281,52 +281,46 @@ OSSL_DEPRECATEDIN_3_0 int DH_meth_set_flags(DH_METHOD *dhm, int flags); OSSL_DEPRECATEDIN_3_0 void *DH_meth_get0_app_data(const DH_METHOD *dhm); OSSL_DEPRECATEDIN_3_0 int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); -OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); OSSL_DEPRECATEDIN_3_0 int DH_meth_set_generate_key(DH_METHOD *dhm, - int (*generate_key) (DH *)); -OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) - (unsigned char *key, - const BIGNUM *pub_key, - DH *dh); + int (*generate_key)(DH *)); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_compute_key(const DH_METHOD *dhm))(unsigned char *key, + const BIGNUM *pub_key, + DH *dh); OSSL_DEPRECATEDIN_3_0 int DH_meth_set_compute_key(DH_METHOD *dhm, - int (*compute_key) - (unsigned char *key, - const BIGNUM *pub_key, - DH *dh)); -OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) - (const DH *, BIGNUM *, - const BIGNUM *, - const BIGNUM *, - const BIGNUM *, BN_CTX *, - BN_MONT_CTX *); + int (*compute_key)(unsigned char *key, + const BIGNUM *pub_key, + DH *dh)); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))(const DH *, BIGNUM *, + const BIGNUM *, + const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); OSSL_DEPRECATEDIN_3_0 int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, - int (*bn_mod_exp) - (const DH *, BIGNUM *, - const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, - BN_MONT_CTX *)); + int (*bn_mod_exp)(const DH *, BIGNUM *, + const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); OSSL_DEPRECATEDIN_3_0 int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); -OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); -OSSL_DEPRECATEDIN_3_0 int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); -OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) - (DH *, int, int, - BN_GENCB *); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_params(const DH_METHOD *dhm))(DH *, int, int, + BN_GENCB *); OSSL_DEPRECATEDIN_3_0 int DH_meth_set_generate_params(DH_METHOD *dhm, - int (*generate_params) - (DH *, int, int, - BN_GENCB *)); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + int (*generate_params)(DH *, int, int, + BN_GENCB *)); +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ -# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +#ifndef OPENSSL_NO_DEPRECATED_0_9_8 OSSL_DEPRECATEDIN_0_9_8 DH *DH_generate_parameters(int prime_len, int generator, - void (*callback) (int, int, - void *), - void *cb_arg); -# endif + void (*callback)(int, int, + void *), + void *cb_arg); +#endif -# endif -# ifdef __cplusplus +#endif +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/dherr.h.orig +++ crypto/openssl/include/openssl/dherr.h @@ -9,50 +9,48 @@ */ #ifndef OPENSSL_DHERR_H -# define OPENSSL_DHERR_H -# pragma once +#define OPENSSL_DHERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_DH +#include +#include +#include +#ifndef OPENSSL_NO_DH /* * DH reason codes. */ -# define DH_R_BAD_FFC_PARAMETERS 127 -# define DH_R_BAD_GENERATOR 101 -# define DH_R_BN_DECODE_ERROR 109 -# define DH_R_BN_ERROR 106 -# define DH_R_CHECK_INVALID_J_VALUE 115 -# define DH_R_CHECK_INVALID_Q_VALUE 116 -# define DH_R_CHECK_PUBKEY_INVALID 122 -# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 -# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 -# define DH_R_CHECK_P_NOT_PRIME 117 -# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 -# define DH_R_CHECK_Q_NOT_PRIME 119 -# define DH_R_DECODE_ERROR 104 -# define DH_R_INVALID_PARAMETER_NAME 110 -# define DH_R_INVALID_PARAMETER_NID 114 -# define DH_R_INVALID_PUBKEY 102 -# define DH_R_INVALID_SECRET 128 -# define DH_R_KDF_PARAMETER_ERROR 112 -# define DH_R_KEYS_NOT_SET 108 -# define DH_R_MISSING_PUBKEY 125 -# define DH_R_MODULUS_TOO_LARGE 103 -# define DH_R_MODULUS_TOO_SMALL 126 -# define DH_R_NOT_SUITABLE_GENERATOR 120 -# define DH_R_NO_PARAMETERS_SET 107 -# define DH_R_NO_PRIVATE_VALUE 100 -# define DH_R_PARAMETER_ENCODING_ERROR 105 -# define DH_R_PEER_KEY_ERROR 111 -# define DH_R_Q_TOO_LARGE 130 -# define DH_R_SHARED_INFO_ERROR 113 -# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 +#define DH_R_BAD_FFC_PARAMETERS 127 +#define DH_R_BAD_GENERATOR 101 +#define DH_R_BN_DECODE_ERROR 109 +#define DH_R_BN_ERROR 106 +#define DH_R_CHECK_INVALID_J_VALUE 115 +#define DH_R_CHECK_INVALID_Q_VALUE 116 +#define DH_R_CHECK_PUBKEY_INVALID 122 +#define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +#define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +#define DH_R_CHECK_P_NOT_PRIME 117 +#define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +#define DH_R_CHECK_Q_NOT_PRIME 119 +#define DH_R_DECODE_ERROR 104 +#define DH_R_INVALID_PARAMETER_NAME 110 +#define DH_R_INVALID_PARAMETER_NID 114 +#define DH_R_INVALID_PUBKEY 102 +#define DH_R_INVALID_SECRET 128 +#define DH_R_KDF_PARAMETER_ERROR 112 +#define DH_R_KEYS_NOT_SET 108 +#define DH_R_MISSING_PUBKEY 125 +#define DH_R_MODULUS_TOO_LARGE 103 +#define DH_R_MODULUS_TOO_SMALL 126 +#define DH_R_NOT_SUITABLE_GENERATOR 120 +#define DH_R_NO_PARAMETERS_SET 107 +#define DH_R_NO_PRIVATE_VALUE 100 +#define DH_R_PARAMETER_ENCODING_ERROR 105 +#define DH_R_PEER_KEY_ERROR 111 +#define DH_R_Q_TOO_LARGE 130 +#define DH_R_SHARED_INFO_ERROR 113 +#define DH_R_UNABLE_TO_CHECK_GENERATOR 121 -# endif +#endif #endif --- crypto/openssl/include/openssl/dsa.h.orig +++ crypto/openssl/include/openssl/dsa.h @@ -8,55 +8,55 @@ */ #ifndef OPENSSL_DSA_H -# define OPENSSL_DSA_H -# pragma once +#define OPENSSL_DSA_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_DSA_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_DSA_H +#endif -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# include +#include int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx, - const char *md_name, - const char *md_properties); + const char *md_name, + const char *md_properties); int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex); int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name); int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, - size_t seedlen); + const unsigned char *seed, + size_t seedlen); int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); -# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) -# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) -# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) - -# ifndef OPENSSL_NO_DSA -# include -# include -# include -# include -# include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# endif -# include +#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +#ifndef OPENSSL_NO_DSA +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#endif +#include -# ifndef OPENSSL_DSA_MAX_MODULUS_BITS -# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 -# endif +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +#define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif -# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 +#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 typedef struct DSA_SIG_st DSA_SIG; DSA_SIG *DSA_SIG_new(void); @@ -65,16 +65,15 @@ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ -# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 -# endif +#define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DSA_FLAG_CACHE_MONT_P 0x01 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DSA_FLAG_CACHE_MONT_P 0x01 /* * If this flag is set the DSA method is FIPS compliant and can be used in @@ -83,7 +82,7 @@ * result is compliant. */ -# define DSA_FLAG_FIPS_METHOD 0x0400 +#define DSA_FLAG_FIPS_METHOD 0x0400 /* * If this flag is set the operations normally disabled in FIPS mode are @@ -91,29 +90,29 @@ * usage is compliant. */ -# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 -# define DSA_FLAG_FIPS_CHECKED 0x0800 +#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +#define DSA_FLAG_FIPS_CHECKED 0x0800 /* Already defined in ossl_typ.h */ /* typedef struct dsa_st DSA; */ /* typedef struct dsa_method DSA_METHOD; */ -# define d2i_DSAparams_fp(fp, x) \ - (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ - (char *(*)())d2i_DSAparams, (fp), \ - (unsigned char **)(x)) -# define i2d_DSAparams_fp(fp, x) \ - ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x)) -# define d2i_DSAparams_bio(bp, x) \ - ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x) -# define i2d_DSAparams_bio(bp, x) \ - ASN1_i2d_bio_of(DSA, i2d_DSAparams, bp, x) +#define d2i_DSAparams_fp(fp, x) \ + (DSA *)ASN1_d2i_fp((void *(*)(void))DSA_new, \ + (d2i_of_void *)d2i_DSAparams, (fp), \ + (void **)(x)) +#define i2d_DSAparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x)) +#define d2i_DSAparams_bio(bp, x) \ + ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x) +#define i2d_DSAparams_bio(bp, x) \ + ASN1_i2d_bio_of(DSA, i2d_DSAparams, bp, x) DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, DSA, DSAparams) OSSL_DEPRECATEDIN_3_0 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, - DSA *dsa); + DSA *dsa); OSSL_DEPRECATEDIN_3_0 int DSA_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); + DSA_SIG *sig, DSA *dsa); OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *DSA_OpenSSL(void); @@ -130,81 +129,81 @@ OSSL_DEPRECATEDIN_3_0 int DSA_size(const DSA *); OSSL_DEPRECATEDIN_3_0 int DSA_bits(const DSA *d); OSSL_DEPRECATEDIN_3_0 int DSA_security_bits(const DSA *d); - /* next 4 return -1 on error */ +/* next 4 return -1 on error */ OSSL_DEPRECATEDIN_3_0 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp); + BIGNUM **kinvp, BIGNUM **rp); OSSL_DEPRECATEDIN_3_0 int DSA_sign(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa); + int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa); OSSL_DEPRECATEDIN_3_0 int DSA_verify(int type, const unsigned char *dgst, - int dgst_len, const unsigned char *sigbuf, - int siglen, DSA *dsa); + int dgst_len, const unsigned char *sigbuf, + int siglen, DSA *dsa); -# define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) OSSL_DEPRECATEDIN_3_0 int DSA_set_ex_data(DSA *d, int idx, void *arg); OSSL_DEPRECATEDIN_3_0 void *DSA_get_ex_data(const DSA *d, int idx); DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, - DSA, DSAPublicKey) + DSA, DSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, - DSA, DSAPrivateKey) + DSA, DSAPrivateKey) DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, - DSA, DSAparams) -# endif + DSA, DSAparams) +#endif -# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +#ifndef OPENSSL_NO_DEPRECATED_0_9_8 /* Deprecated version */ OSSL_DEPRECATEDIN_0_9_8 DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback) (int, int, void *), - void *cb_arg); -# endif + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), + void *cb_arg); +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* New version */ OSSL_DEPRECATEDIN_3_0 int DSA_generate_parameters_ex(DSA *dsa, int bits, - const unsigned char *seed, - int seed_len, - int *counter_ret, - unsigned long *h_ret, - BN_GENCB *cb); + const unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, + BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int DSA_generate_key(DSA *a); OSSL_DEPRECATEDIN_3_0 int DSAparams_print(BIO *bp, const DSA *x); OSSL_DEPRECATEDIN_3_0 int DSA_print(BIO *bp, const DSA *x, int off); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO OSSL_DEPRECATEDIN_3_0 int DSAparams_print_fp(FILE *fp, const DSA *x); OSSL_DEPRECATEDIN_3_0 int DSA_print_fp(FILE *bp, const DSA *x, int off); -# endif +#endif -# define DSS_prime_checks 64 +#define DSS_prime_checks 64 /* * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only * have one value here we set the number of checks to 64 which is the 128 bit * security level that is the highest level and valid for creating a 3072 bit * DSA key. */ -# define DSA_is_prime(n, callback, cb_arg) \ - BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) +#define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH /* * Convert DSA structure (key or just parameters) into DH structure (be * careful to avoid small subgroup attacks when using this!) */ OSSL_DEPRECATEDIN_3_0 DH *DSA_dup_DH(const DSA *r); -# endif +#endif OSSL_DEPRECATEDIN_3_0 void DSA_get0_pqg(const DSA *d, const BIGNUM **p, - const BIGNUM **q, const BIGNUM **g); + const BIGNUM **q, const BIGNUM **g); OSSL_DEPRECATEDIN_3_0 int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); OSSL_DEPRECATEDIN_3_0 void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, - const BIGNUM **priv_key); + const BIGNUM **priv_key); OSSL_DEPRECATEDIN_3_0 int DSA_set0_key(DSA *d, BIGNUM *pub_key, - BIGNUM *priv_key); + BIGNUM *priv_key); OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_p(const DSA *d); OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_q(const DSA *d); OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_g(const DSA *d); @@ -220,56 +219,50 @@ OSSL_DEPRECATEDIN_3_0 DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); OSSL_DEPRECATEDIN_3_0 const char *DSA_meth_get0_name(const DSA_METHOD *dsam); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set1_name(DSA_METHOD *dsam, - const char *name); + const char *name); OSSL_DEPRECATEDIN_3_0 int DSA_meth_get_flags(const DSA_METHOD *dsam); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); OSSL_DEPRECATEDIN_3_0 void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set0_app_data(DSA_METHOD *dsam, - void *app_data); -OSSL_DEPRECATEDIN_3_0 DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA *); + void *app_data); +OSSL_DEPRECATEDIN_3_0 DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, int, DSA *); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_sign(DSA_METHOD *dsam, - DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); -OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) - (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); + DSA_SIG *(*sign)(const unsigned char *, int, DSA *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *, BIGNUM **, BIGNUM **); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_sign_setup(DSA_METHOD *dsam, - int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); -OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA_SIG *, DSA *); + int (*sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, int, DSA_SIG *, DSA *); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_verify(DSA_METHOD *dsam, - int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); -OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); + int (*verify)(const unsigned char *, int, DSA_SIG *, DSA *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_mod_exp(DSA_METHOD *dsam, - int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *)); -OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *, BN_MONT_CTX *); + int (*mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, - int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); + int (*bn_mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_init(DSA_METHOD *dsam, - int (*init)(DSA *)); + int (*init)(DSA *)); OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_finish(DSA_METHOD *dsam, - int (*finish)(DSA *)); -OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) - (DSA *, int, const unsigned char *, int, int *, unsigned long *, - BN_GENCB *); + int (*finish)(DSA *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_paramgen(DSA_METHOD *dsam, - int (*paramgen) (DSA *, int, const unsigned char *, int, int *, - unsigned long *, BN_GENCB *)); + int (*paramgen)(DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)); OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_keygen(DSA_METHOD *dsam, - int (*keygen) (DSA *)); + int (*keygen)(DSA *)); -# endif -# endif -# ifdef __cplusplus +#endif +#endif +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/dsaerr.h.orig +++ crypto/openssl/include/openssl/dsaerr.h @@ -9,36 +9,34 @@ */ #ifndef OPENSSL_DSAERR_H -# define OPENSSL_DSAERR_H -# pragma once +#define OPENSSL_DSAERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_DSA +#include +#include +#include +#ifndef OPENSSL_NO_DSA /* * DSA reason codes. */ -# define DSA_R_BAD_FFC_PARAMETERS 114 -# define DSA_R_BAD_Q_VALUE 102 -# define DSA_R_BN_DECODE_ERROR 108 -# define DSA_R_BN_ERROR 109 -# define DSA_R_DECODE_ERROR 104 -# define DSA_R_INVALID_DIGEST_TYPE 106 -# define DSA_R_INVALID_PARAMETERS 112 -# define DSA_R_MISSING_PARAMETERS 101 -# define DSA_R_MISSING_PRIVATE_KEY 111 -# define DSA_R_MODULUS_TOO_LARGE 103 -# define DSA_R_NO_PARAMETERS_SET 107 -# define DSA_R_PARAMETER_ENCODING_ERROR 105 -# define DSA_R_P_NOT_PRIME 115 -# define DSA_R_Q_NOT_PRIME 113 -# define DSA_R_SEED_LEN_SMALL 110 -# define DSA_R_TOO_MANY_RETRIES 116 +#define DSA_R_BAD_FFC_PARAMETERS 114 +#define DSA_R_BAD_Q_VALUE 102 +#define DSA_R_BN_DECODE_ERROR 108 +#define DSA_R_BN_ERROR 109 +#define DSA_R_DECODE_ERROR 104 +#define DSA_R_INVALID_DIGEST_TYPE 106 +#define DSA_R_INVALID_PARAMETERS 112 +#define DSA_R_MISSING_PARAMETERS 101 +#define DSA_R_MISSING_PRIVATE_KEY 111 +#define DSA_R_MODULUS_TOO_LARGE 103 +#define DSA_R_NO_PARAMETERS_SET 107 +#define DSA_R_PARAMETER_ENCODING_ERROR 105 +#define DSA_R_P_NOT_PRIME 115 +#define DSA_R_Q_NOT_PRIME 113 +#define DSA_R_SEED_LEN_SMALL 110 +#define DSA_R_TOO_MANY_RETRIES 116 -# endif +#endif #endif --- crypto/openssl/include/openssl/dtls1.h.orig +++ crypto/openssl/include/openssl/dtls1.h @@ -8,50 +8,50 @@ */ #ifndef OPENSSL_DTLS1_H -# define OPENSSL_DTLS1_H -# pragma once +#define OPENSSL_DTLS1_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_DTLS1_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_DTLS1_H +#endif -# include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif #include /* DTLS*_VERSION constants are defined in prov_ssl.h */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DTLS_MIN_VERSION DTLS1_VERSION -# define DTLS_MAX_VERSION DTLS1_2_VERSION -# endif -# define DTLS1_VERSION_MAJOR 0xFE +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DTLS_MIN_VERSION DTLS1_VERSION +#define DTLS_MAX_VERSION DTLS1_2_VERSION +#endif +#define DTLS1_VERSION_MAJOR 0xFE /* Special value for method supporting multiple versions */ -# define DTLS_ANY_VERSION 0x1FFFF +#define DTLS_ANY_VERSION 0x1FFFF /* lengths of messages */ -# define DTLS1_COOKIE_LENGTH 255 +#define DTLS1_COOKIE_LENGTH 255 -# define DTLS1_RT_HEADER_LENGTH 13 +#define DTLS1_RT_HEADER_LENGTH 13 -# define DTLS1_HM_HEADER_LENGTH 12 +#define DTLS1_HM_HEADER_LENGTH 12 -# define DTLS1_HM_BAD_FRAGMENT -2 -# define DTLS1_HM_FRAGMENT_RETRY -3 +#define DTLS1_HM_BAD_FRAGMENT -2 +#define DTLS1_HM_FRAGMENT_RETRY -3 -# define DTLS1_CCS_HEADER_LENGTH 1 +#define DTLS1_CCS_HEADER_LENGTH 1 -# define DTLS1_AL_HEADER_LENGTH 2 +#define DTLS1_AL_HEADER_LENGTH 2 -# define DTLS1_TMO_ALERT_COUNT 12 +#define DTLS1_TMO_ALERT_COUNT 12 -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/e_os2.h.orig +++ crypto/openssl/include/openssl/e_os2.h @@ -8,17 +8,17 @@ */ #ifndef OPENSSL_E_OS2_H -# define OPENSSL_E_OS2_H -# pragma once +#define OPENSSL_E_OS2_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_E_OS2_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_E_OS2_H +#endif -# include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -28,7 +28,7 @@ * However, if none is defined, Unix is assumed. **/ -# define OPENSSL_SYS_UNIX +#define OPENSSL_SYS_UNIX /* --------------------- Microsoft operating systems ---------------------- */ @@ -36,9 +36,9 @@ * Note that MSDOS actually denotes 32-bit environments running on top of * MS-DOS, such as DJGPP one. */ -# if defined(OPENSSL_SYS_MSDOS) -# undef OPENSSL_SYS_UNIX -# endif +#if defined(OPENSSL_SYS_MSDOS) +#undef OPENSSL_SYS_UNIX +#endif /* * For 32 bit environment, there seems to be the CygWin environment and then @@ -48,110 +48,110 @@ * UEFI lives here because it might be built with a Microsoft toolchain and * we need to avoid the false positive match on Windows. */ -# if defined(OPENSSL_SYS_UEFI) -# undef OPENSSL_SYS_UNIX -# elif defined(OPENSSL_SYS_UWIN) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WIN32_UWIN -# else -# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) -# define OPENSSL_SYS_WIN32_CYGWIN -# else -# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) -# undef OPENSSL_SYS_UNIX -# if !defined(OPENSSL_SYS_WIN32) -# define OPENSSL_SYS_WIN32 -# endif -# endif -# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) -# undef OPENSSL_SYS_UNIX -# if !defined(OPENSSL_SYS_WIN64) -# define OPENSSL_SYS_WIN64 -# endif -# endif -# if defined(OPENSSL_SYS_WINNT) -# undef OPENSSL_SYS_UNIX -# endif -# if defined(OPENSSL_SYS_WINCE) -# undef OPENSSL_SYS_UNIX -# endif -# endif -# endif +#if defined(OPENSSL_SYS_UEFI) +#undef OPENSSL_SYS_UNIX +#elif defined(OPENSSL_SYS_UWIN) +#undef OPENSSL_SYS_UNIX +#define OPENSSL_SYS_WIN32_UWIN +#else +#if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +#define OPENSSL_SYS_WIN32_CYGWIN +#else +#if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +#undef OPENSSL_SYS_UNIX +#if !defined(OPENSSL_SYS_WIN32) +#define OPENSSL_SYS_WIN32 +#endif +#endif +#if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +#undef OPENSSL_SYS_UNIX +#if !defined(OPENSSL_SYS_WIN64) +#define OPENSSL_SYS_WIN64 +#endif +#endif +#if defined(OPENSSL_SYS_WINNT) +#undef OPENSSL_SYS_UNIX +#endif +#if defined(OPENSSL_SYS_WINCE) +#undef OPENSSL_SYS_UNIX +#endif +#endif +#endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WINDOWS -# ifndef OPENSSL_SYS_MSDOS -# define OPENSSL_SYS_MSDOS -# endif -# endif +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +#undef OPENSSL_SYS_UNIX +#define OPENSSL_SYS_WINDOWS +#ifndef OPENSSL_SYS_MSDOS +#define OPENSSL_SYS_MSDOS +#endif +#endif /* * DLL settings. This part is a bit tough, because it's up to the * application implementor how he or she will link the application, so it * requires some macro to be used. */ -# ifdef OPENSSL_SYS_WINDOWS -# ifndef OPENSSL_OPT_WINDLL -# if defined(_WINDLL) /* This is used when building OpenSSL to - * indicate that DLL linkage should be used */ -# define OPENSSL_OPT_WINDLL -# endif -# endif -# endif +#ifdef OPENSSL_SYS_WINDOWS +#ifndef OPENSSL_OPT_WINDLL +#if defined(_WINDLL) /* This is used when building OpenSSL to \ + * indicate that DLL linkage should be used */ +#define OPENSSL_OPT_WINDLL +#endif +#endif +#endif /* ------------------------------- OpenVMS -------------------------------- */ -# if defined(__VMS) || defined(VMS) -# if !defined(OPENSSL_SYS_VMS) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_VMS -# endif -# if defined(__DECC) -# define OPENSSL_SYS_VMS_DECC -# elif defined(__DECCXX) -# define OPENSSL_SYS_VMS_DECC -# define OPENSSL_SYS_VMS_DECCXX -# else -# define OPENSSL_SYS_VMS_NODECC -# endif -# endif +#if defined(__VMS) || defined(VMS) +#if !defined(OPENSSL_SYS_VMS) +#undef OPENSSL_SYS_UNIX +#define OPENSSL_SYS_VMS +#endif +#if defined(__DECC) +#define OPENSSL_SYS_VMS_DECC +#elif defined(__DECCXX) +#define OPENSSL_SYS_VMS_DECC +#define OPENSSL_SYS_VMS_DECCXX +#else +#define OPENSSL_SYS_VMS_NODECC +#endif +#endif /* -------------------------------- Unix ---------------------------------- */ -# ifdef OPENSSL_SYS_UNIX -# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) -# define OPENSSL_SYS_LINUX -# endif -# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) -# define OPENSSL_SYS_AIX -# endif -# endif +#ifdef OPENSSL_SYS_UNIX +#if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +#define OPENSSL_SYS_LINUX +#endif +#if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +#define OPENSSL_SYS_AIX +#endif +#endif /* -------------------------------- VOS ----------------------------------- */ -# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) -# define OPENSSL_SYS_VOS -# ifdef __HPPA__ -# define OPENSSL_SYS_VOS_HPPA -# endif -# ifdef __IA32__ -# define OPENSSL_SYS_VOS_IA32 -# endif -# endif +#if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +#define OPENSSL_SYS_VOS +#ifdef __HPPA__ +#define OPENSSL_SYS_VOS_HPPA +#endif +#ifdef __IA32__ +#define OPENSSL_SYS_VOS_IA32 +#endif +#endif /* ---------------------------- HP NonStop -------------------------------- */ -# ifdef __TANDEM -# ifdef _STRING -# include -# endif -# define OPENSSL_USE_BUILD_DATE -# if defined(OPENSSL_THREADS) && defined(_SPT_MODEL_) -# define SPT_THREAD_SIGNAL 1 -# define SPT_THREAD_AWARE 1 -# include -# elif defined(OPENSSL_THREADS) && defined(_PUT_MODEL_) -# include -# endif -# endif +#ifdef __TANDEM +#ifdef _STRING +#include +#endif +#define OPENSSL_USE_BUILD_DATE +#if defined(OPENSSL_THREADS) && defined(_SPT_MODEL_) +#define SPT_THREAD_SIGNAL 1 +#define SPT_THREAD_AWARE 1 +#include +#elif defined(OPENSSL_THREADS) && defined(_PUT_MODEL_) +#include +#endif +#endif /** * That's it for OS-specific stuff @@ -176,50 +176,50 @@ * have some generally sensible values. */ -# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) -# define OPENSSL_EXPORT extern __declspec(dllexport) -# define OPENSSL_EXTERN extern __declspec(dllimport) -# else -# define OPENSSL_EXPORT extern -# define OPENSSL_EXTERN extern -# endif +#if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +#define OPENSSL_EXPORT extern __declspec(dllexport) +#define OPENSSL_EXTERN extern __declspec(dllimport) +#else +#define OPENSSL_EXPORT extern +#define OPENSSL_EXTERN extern +#endif -# ifdef _WIN32 -# ifdef _WIN64 -# define ossl_ssize_t __int64 -# define OSSL_SSIZE_MAX _I64_MAX -# else -# define ossl_ssize_t int -# define OSSL_SSIZE_MAX INT_MAX -# endif -# endif +#ifdef _WIN32 +#ifdef _WIN64 +#define ossl_ssize_t __int64 +#define OSSL_SSIZE_MAX _I64_MAX +#else +#define ossl_ssize_t int +#define OSSL_SSIZE_MAX INT_MAX +#endif +#endif -# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) -# define ossl_ssize_t INTN -# define OSSL_SSIZE_MAX MAX_INTN -# endif +#if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +#define ossl_ssize_t INTN +#define OSSL_SSIZE_MAX MAX_INTN +#endif -# ifndef ossl_ssize_t -# define ossl_ssize_t ssize_t -# if defined(SSIZE_MAX) -# define OSSL_SSIZE_MAX SSIZE_MAX -# elif defined(_POSIX_SSIZE_MAX) -# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX -# else -# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) -# endif -# endif +#ifndef ossl_ssize_t +#define ossl_ssize_t ssize_t +#if defined(SSIZE_MAX) +#define OSSL_SSIZE_MAX SSIZE_MAX +#elif defined(_POSIX_SSIZE_MAX) +#define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +#else +#define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX >> 1)) +#endif +#endif -# if defined(UNUSEDRESULT_DEBUG) -# define __owur __attribute__((__warn_unused_result__)) -# else -# define __owur -# endif +#if defined(UNUSEDRESULT_DEBUG) +#define __owur __attribute__((__warn_unused_result__)) +#else +#define __owur +#endif /* Standard integer types */ -# define OPENSSL_NO_INTTYPES_H -# define OPENSSL_NO_STDINT_H -# if defined(OPENSSL_SYS_UEFI) +#define OPENSSL_NO_INTTYPES_H +#define OPENSSL_NO_STDINT_H +#if defined(OPENSSL_SYS_UEFI) typedef INT8 int8_t; typedef UINT8 uint8_t; typedef INT16 int16_t; @@ -228,14 +228,12 @@ typedef UINT32 uint32_t; typedef INT64 int64_t; typedef UINT64 uint64_t; -# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ - defined(__osf__) || defined(__sgi) || defined(__hpux) || \ - defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) -# include -# undef OPENSSL_NO_INTTYPES_H +#elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || defined(__osf__) || defined(__sgi) || defined(__hpux) || defined(OPENSSL_SYS_VMS) || defined(__OpenBSD__) +#include +#undef OPENSSL_NO_INTTYPES_H /* Because the specs say that inttypes.h includes stdint.h if present */ -# undef OPENSSL_NO_STDINT_H -# elif defined(_MSC_VER) && _MSC_VER<1600 +#undef OPENSSL_NO_STDINT_H +#elif defined(_MSC_VER) && _MSC_VER < 1600 /* * minimally required typdefs for systems not supporting inttypes.h or * stdint.h: currently just older VC++ @@ -248,58 +246,56 @@ typedef unsigned int uint32_t; typedef __int64 int64_t; typedef unsigned __int64 uint64_t; -# else -# include -# undef OPENSSL_NO_STDINT_H -# endif -# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ - defined(INTMAX_MAX) && defined(UINTMAX_MAX) +#else +#include +#undef OPENSSL_NO_STDINT_H +#endif +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && defined(INTMAX_MAX) && defined(UINTMAX_MAX) typedef intmax_t ossl_intmax_t; typedef uintmax_t ossl_uintmax_t; -# else +#else /* Fall back to the largest we know we require and can handle */ typedef int64_t ossl_intmax_t; typedef uint64_t ossl_uintmax_t; -# endif +#endif /* ossl_inline: portable inline definition usable in public headers */ -# if !defined(inline) && !defined(__cplusplus) -# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L - /* just use inline */ -# define ossl_inline inline -# elif defined(__GNUC__) && __GNUC__>=2 -# define ossl_inline __inline__ -# elif defined(_MSC_VER) - /* - * Visual Studio: inline is available in C++ only, however - * __inline is available for C, see - * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx - */ -# define ossl_inline __inline -# else -# define ossl_inline -# endif -# else -# define ossl_inline inline -# endif +#if !defined(inline) && !defined(__cplusplus) +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L +/* just use inline */ +#define ossl_inline inline +#elif defined(__GNUC__) && __GNUC__ >= 2 +#define ossl_inline __inline__ +#elif defined(_MSC_VER) +/* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +#define ossl_inline __inline +#else +#define ossl_inline +#endif +#else +#define ossl_inline inline +#endif -# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \ - !defined(__cplusplus) -# define ossl_noreturn _Noreturn -# elif defined(__GNUC__) && __GNUC__ >= 2 -# define ossl_noreturn __attribute__((noreturn)) -# else -# define ossl_noreturn -# endif +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && !defined(__cplusplus) +#define ossl_noreturn _Noreturn +#elif defined(__GNUC__) && __GNUC__ >= 2 +#define ossl_noreturn __attribute__((noreturn)) +#else +#define ossl_noreturn +#endif /* ossl_unused: portable unused attribute for use in public headers */ -# if defined(__GNUC__) -# define ossl_unused __attribute__((unused)) -# else -# define ossl_unused -# endif +#if defined(__GNUC__) +#define ossl_unused __attribute__((unused)) +#else +#define ossl_unused +#endif -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/ebcdic.h.orig +++ crypto/openssl/include/openssl/ebcdic.h @@ -8,32 +8,32 @@ */ #ifndef OPENSSL_EBCDIC_H -# define OPENSSL_EBCDIC_H -# pragma once +#define OPENSSL_EBCDIC_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_EBCDIC_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_EBCDIC_H +#endif -# include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif /* Avoid name clashes with other applications */ -# define os_toascii _openssl_os_toascii -# define os_toebcdic _openssl_os_toebcdic -# define ebcdic2ascii _openssl_ebcdic2ascii -# define ascii2ebcdic _openssl_ascii2ebcdic +#define os_toascii _openssl_os_toascii +#define os_toebcdic _openssl_os_toebcdic +#define ebcdic2ascii _openssl_ebcdic2ascii +#define ascii2ebcdic _openssl_ascii2ebcdic extern const unsigned char os_toascii[256]; extern const unsigned char os_toebcdic[256]; void *ebcdic2ascii(void *dest, const void *srce, size_t count); void *ascii2ebcdic(void *dest, const void *srce, size_t count); -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/ec.h.orig +++ crypto/openssl/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -9,26 +9,26 @@ */ #ifndef OPENSSL_EC_H -# define OPENSSL_EC_H -# pragma once +#define OPENSSL_EC_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_EC_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_EC_H +#endif -# include -# include +#include +#include -# include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* Values for EVP_PKEY_CTX_set_ec_param_enc() */ -# define OPENSSL_EC_EXPLICIT_CURVE 0x000 -# define OPENSSL_EC_NAMED_CURVE 0x001 +#define OPENSSL_EC_EXPLICIT_CURVE 0x000 +#define OPENSSL_EC_NAMED_CURVE 0x001 int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); @@ -45,65 +45,65 @@ int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, - int len); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + int len); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); -# endif - -# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) -# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) -# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) -# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) -# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) -# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) -# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) -# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) -# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) -# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +#endif + +#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +#define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +#define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +#define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) /* KDF types */ -# define EVP_PKEY_ECDH_KDF_NONE 1 -# define EVP_PKEY_ECDH_KDF_X9_63 2 +#define EVP_PKEY_ECDH_KDF_NONE 1 +#define EVP_PKEY_ECDH_KDF_X9_63 2 /* * The old name for EVP_PKEY_ECDH_KDF_X9_63 * The ECDH KDF specification has been mistakenly attributed to ANSI X9.62, * it is actually specified in ANSI X9.63. * This identifier is retained for backwards compatibility */ -# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 +#define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 /** Enum for the point conversion form as defined in X9.62 (ECDSA) * for the encoding of a elliptic curve point (x,y) */ typedef enum { - /** the point is encoded as z||x, where the octet z specifies - * which solution of the quadratic equation y is */ + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ POINT_CONVERSION_COMPRESSED = 2, - /** the point is encoded as z||x||y, where z is the octet 0x04 */ + /** the point is encoded as z||x||y, where z is the octet 0x04 */ POINT_CONVERSION_UNCOMPRESSED = 4, - /** the point is encoded as z||x||y, where the octet z specifies - * which solution of the quadratic equation y is */ + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ POINT_CONVERSION_HYBRID = 6 } point_conversion_form_t; const char *OSSL_EC_curve_nid2name(int nid); -# ifndef OPENSSL_NO_EC -# include -# include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# endif -# include +#ifndef OPENSSL_NO_EC +#include +#include +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#endif +#include -# ifndef OPENSSL_ECC_MAX_FIELD_BITS -# define OPENSSL_ECC_MAX_FIELD_BITS 661 -# endif +#ifndef OPENSSL_ECC_MAX_FIELD_BITS +#define OPENSSL_ECC_MAX_FIELD_BITS 661 +#endif -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct ec_method_st EC_METHOD; -# endif +#endif typedef struct ec_group_st EC_GROUP; typedef struct ec_point_st EC_POINT; typedef struct ecpk_parameters_st ECPKPARAMETERS; @@ -113,7 +113,7 @@ /* EC_METHODs for curves over GF(p) */ /********************************************************************/ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** Returns the basic GFp ec methods which provides the basis for the * optimized methods. * \return EC_METHOD object @@ -130,7 +130,7 @@ */ OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nist_method(void); -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /** Returns 64-bit optimized methods for nistp224 * \return EC_METHOD object */ @@ -145,9 +145,9 @@ * \return EC_METHOD object */ OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp521_method(void); -# endif /* OPENSSL_NO_EC_NISTP_64_GCC_128 */ +#endif /* OPENSSL_NO_EC_NISTP_64_GCC_128 */ -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M /********************************************************************/ /* EC_METHOD for curves over GF(2^m) */ /********************************************************************/ @@ -157,7 +157,7 @@ */ OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GF2m_simple_method(void); -# endif +#endif /********************************************************************/ /* EC_GROUP functions */ @@ -186,7 +186,7 @@ * \return NID of the underlying field type OID. */ OSSL_DEPRECATEDIN_3_0 int EC_METHOD_get_field_type(const EC_METHOD *meth); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Frees a EC_GROUP object * \param group EC_GROUP object to be freed. @@ -216,7 +216,7 @@ * \return 1 on success and 0 if an error occurred */ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor); + const BIGNUM *order, const BIGNUM *cofactor); /** Returns the generator of a EC_GROUP object. * \param group EC_GROUP object @@ -227,7 +227,7 @@ /** Returns the montgomery data for order(Generator) * \param group EC_GROUP object * \return the currently used montgomery data (possibly NULL). -*/ + */ BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); /** Gets the order of a EC_GROUP @@ -257,7 +257,7 @@ * \return 1 on success and 0 if an error occurred */ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, - BN_CTX *ctx); + BN_CTX *ctx); /** Gets the cofactor of an EC_GROUP * \param group EC_GROUP object @@ -293,7 +293,7 @@ int EC_GROUP_get_asn1_flag(const EC_GROUP *group); void EC_GROUP_set_point_conversion_form(EC_GROUP *group, - point_conversion_form_t form); + point_conversion_form_t form); point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); @@ -311,7 +311,7 @@ * \return 1 on success and 0 if an error occurred */ int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); + const BIGNUM *b, BN_CTX *ctx); /** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) @@ -324,9 +324,9 @@ * \return 1 on success and 0 if an error occurred */ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, - BN_CTX *ctx); + BN_CTX *ctx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve * \param group EC_GROUP object * \param p BIGNUM with the prime number (GFp) or the polynomial @@ -337,10 +337,10 @@ * \return 1 on success and 0 if an error occurred */ OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GFp(EC_GROUP *group, - const BIGNUM *p, - const BIGNUM *a, - const BIGNUM *b, - BN_CTX *ctx); + const BIGNUM *p, + const BIGNUM *a, + const BIGNUM *b, + BN_CTX *ctx); /** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve * \param group EC_GROUP object @@ -352,11 +352,11 @@ * \return 1 on success and 0 if an error occurred */ OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, - BIGNUM *p, - BIGNUM *a, BIGNUM *b, - BN_CTX *ctx); + BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M /** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve * \param group EC_GROUP object * \param p BIGNUM with the prime number (GFp) or the polynomial @@ -367,10 +367,10 @@ * \return 1 on success and 0 if an error occurred */ OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, - const BIGNUM *p, - const BIGNUM *a, - const BIGNUM *b, - BN_CTX *ctx); + const BIGNUM *p, + const BIGNUM *a, + const BIGNUM *b, + BN_CTX *ctx); /** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve * \param group EC_GROUP object @@ -382,11 +382,11 @@ * \return 1 on success and 0 if an error occurred */ OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, - BIGNUM *p, - BIGNUM *a, BIGNUM *b, - BN_CTX *ctx); -# endif /* OPENSSL_NO_EC2M */ -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); +#endif /* OPENSSL_NO_EC2M */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Returns the number of bits needed to represent a field element * \param group EC_GROUP object @@ -430,8 +430,8 @@ * \return newly created EC_GROUP object with the specified parameters */ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); -# ifndef OPENSSL_NO_EC2M + const BIGNUM *b, BN_CTX *ctx); +#ifndef OPENSSL_NO_EC2M /** Creates a new EC_GROUP object with the specified parameters defined * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) * \param p BIGNUM with the polynomial defining the underlying field @@ -441,8 +441,8 @@ * \return newly created EC_GROUP object with the specified parameters */ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); -# endif + const BIGNUM *b, BN_CTX *ctx); +#endif /** * Creates a EC_GROUP object with a curve specified by parameters. @@ -455,7 +455,7 @@ * if an error occurred */ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); /** * Creates a EC_GROUP object with a curve specified by a NID @@ -467,7 +467,7 @@ * if an error occurred */ EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, - int nid); + int nid); /** * Creates a EC_GROUP object with a curve specified by a NID. Same as @@ -493,7 +493,7 @@ * if an error occurred. */ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, - ECPARAMETERS *params); + ECPARAMETERS *params); /** Creates a new EC_GROUP object from an ECPKPARAMETERS object * \param params pointer to an existing ECPKPARAMETERS object, or NULL @@ -509,7 +509,7 @@ * if an error occurred. */ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, - ECPKPARAMETERS *params); + ECPKPARAMETERS *params); /********************************************************************/ /* handling of internal curves */ @@ -531,7 +531,7 @@ const char *EC_curve_nid2nist(int nid); int EC_curve_nist2nid(const char *name); int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, - BN_CTX *ctx); + BN_CTX *ctx); /********************************************************************/ /* EC_POINT functions */ @@ -575,7 +575,7 @@ */ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** Returns the EC_METHOD used in EC_POINT object * \param point EC_POINT object * \return the EC_METHOD used @@ -591,10 +591,9 @@ * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_Jprojective_coordinates_GFp - (const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, - BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); /** Gets the jacobian projective coordinates of a EC_POINT over GFp * \param group underlying EC_GROUP object @@ -605,10 +604,9 @@ * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_Jprojective_coordinates_GFp - (const EC_GROUP *group, const EC_POINT *p, - BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Sets the affine coordinates of an EC_POINT * \param group underlying EC_GROUP object @@ -619,8 +617,8 @@ * \return 1 on success and 0 if an error occurred */ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *ctx); + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); /** Gets the affine coordinates of an EC_POINT. * \param group underlying EC_GROUP object @@ -631,9 +629,9 @@ * \return 1 on success and 0 if an error occurred */ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** Sets the affine coordinates of an EC_POINT. A synonym of * EC_POINT_set_affine_coordinates * \param group underlying EC_GROUP object @@ -643,9 +641,8 @@ * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GFp - (const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); /** Gets the affine coordinates of an EC_POINT. A synonym of * EC_POINT_get_affine_coordinates @@ -656,10 +653,9 @@ * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GFp - (const EC_GROUP *group, const EC_POINT *p, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Sets the x9.62 compressed coordinates of a EC_POINT * \param group underlying EC_GROUP object @@ -670,10 +666,10 @@ * \return 1 on success and 0 if an error occurred */ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, int y_bit, - BN_CTX *ctx); + const BIGNUM *x, int y_bit, + BN_CTX *ctx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of * EC_POINT_set_compressed_coordinates * \param group underlying EC_GROUP object @@ -683,10 +679,9 @@ * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GFp - (const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, int y_bit, BN_CTX *ctx); -# ifndef OPENSSL_NO_EC2M +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +#ifndef OPENSSL_NO_EC2M /** Sets the affine coordinates of an EC_POINT. A synonym of * EC_POINT_set_affine_coordinates * \param group underlying EC_GROUP object @@ -696,9 +691,8 @@ * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GF2m - (const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); /** Gets the affine coordinates of an EC_POINT. A synonym of * EC_POINT_get_affine_coordinates @@ -709,9 +703,8 @@ * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GF2m - (const EC_GROUP *group, const EC_POINT *p, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); /** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of * EC_POINT_set_compressed_coordinates @@ -722,11 +715,10 @@ * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GF2m - (const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, int y_bit, BN_CTX *ctx); -# endif -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +#endif +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Encodes a EC_POINT object to a octet string * \param group underlying EC_GROUP object @@ -739,8 +731,8 @@ * \return the length of the encoded octet string or 0 if an error occurred */ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *ctx); + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); /** Decodes a EC_POINT from a octet string * \param group underlying EC_GROUP object @@ -751,7 +743,7 @@ * \return 1 on success and 0 if an error occurred */ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, - const unsigned char *buf, size_t len, BN_CTX *ctx); + const unsigned char *buf, size_t len, BN_CTX *ctx); /** Encodes an EC_POINT object to an allocated octet string * \param group underlying EC_GROUP object @@ -762,24 +754,24 @@ * \return the length of the encoded octet string or 0 if an error occurred */ size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, - point_conversion_form_t form, - unsigned char **pbuf, BN_CTX *ctx); + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); /* other interfaces to point2oct/oct2point: */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 BIGNUM *EC_POINT_point2bn(const EC_GROUP *, - const EC_POINT *, - point_conversion_form_t form, - BIGNUM *, BN_CTX *); + const EC_POINT *, + point_conversion_form_t form, + BIGNUM *, BN_CTX *); OSSL_DEPRECATEDIN_3_0 EC_POINT *EC_POINT_bn2point(const EC_GROUP *, - const BIGNUM *, - EC_POINT *, BN_CTX *); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + const BIGNUM *, + EC_POINT *, BN_CTX *); +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, BN_CTX *); + point_conversion_form_t form, BN_CTX *); EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, - EC_POINT *, BN_CTX *); + EC_POINT *, BN_CTX *); /********************************************************************/ /* functions for doing EC_POINT arithmetic */ @@ -794,7 +786,7 @@ * \return 1 on success and 0 if an error occurred */ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx); + const EC_POINT *b, BN_CTX *ctx); /** Computes the double of a EC_POINT * \param group underlying EC_GROUP object @@ -804,7 +796,7 @@ * \return 1 on success and 0 if an error occurred */ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - BN_CTX *ctx); + BN_CTX *ctx); /** Computes the inverse of a EC_POINT * \param group underlying EC_GROUP object @@ -828,7 +820,7 @@ * \return 1 if the point is on the curve, 0 if not, or -1 on error */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - BN_CTX *ctx); + BN_CTX *ctx); /** Compares two EC_POINTs * \param group underlying EC_GROUP object @@ -838,13 +830,13 @@ * \return 1 if the points are not equal, 0 if they are, or -1 on error */ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, - BN_CTX *ctx); + BN_CTX *ctx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EC_POINT_make_affine(const EC_GROUP *group, - EC_POINT *point, BN_CTX *ctx); + EC_POINT *point, BN_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx); + EC_POINT *points[], BN_CTX *ctx); /** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] * \param group underlying EC_GROUP object @@ -857,10 +849,10 @@ * \return 1 on success and 0 if an error occurred */ OSSL_DEPRECATEDIN_3_0 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *n, size_t num, - const EC_POINT *p[], const BIGNUM *m[], - BN_CTX *ctx); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + const BIGNUM *n, size_t num, + const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Computes r = generator * n + q * m * \param group underlying EC_GROUP object @@ -872,9 +864,9 @@ * \return 1 on success and 0 if an error occurred */ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, - const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** Stores multiples of generator for faster point multiplication * \param group EC_GROUP object * \param ctx BN_CTX object (optional) @@ -887,7 +879,7 @@ * \return 1 if a pre-computation has been done and 0 otherwise */ OSSL_DEPRECATEDIN_3_0 int EC_GROUP_have_precompute_mult(const EC_GROUP *group); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /********************************************************************/ /* ASN1 stuff */ @@ -903,55 +895,55 @@ * represent the field elements */ int EC_GROUP_get_basis_type(const EC_GROUP *); -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, - unsigned int *k2, unsigned int *k3); -# endif + unsigned int *k2, unsigned int *k3); +#endif EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); -# define d2i_ECPKParameters_bio(bp,x) \ +#define d2i_ECPKParameters_bio(bp, x) \ ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) -# define i2d_ECPKParameters_bio(bp,x) \ +#define i2d_ECPKParameters_bio(bp, x) \ ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x) -# define d2i_ECPKParameters_fp(fp,x) \ +#define d2i_ECPKParameters_fp(fp, x) \ (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ - (void **)(x)) -# define i2d_ECPKParameters_fp(fp,x) \ + (void **)(x)) +#define i2d_ECPKParameters_fp(fp, x) \ ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, - int off); -# ifndef OPENSSL_NO_STDIO + int off); +#ifndef OPENSSL_NO_STDIO OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, - int off); -# endif -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + int off); +#endif +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /********************************************************************/ /* EC_KEY functions */ /********************************************************************/ /* some values for the encoding_flag */ -# define EC_PKEY_NO_PARAMETERS 0x001 -# define EC_PKEY_NO_PUBKEY 0x002 +#define EC_PKEY_NO_PARAMETERS 0x001 +#define EC_PKEY_NO_PUBKEY 0x002 /* some values for the flags field */ -# define EC_FLAG_SM2_RANGE 0x0004 -# define EC_FLAG_COFACTOR_ECDH 0x1000 -# define EC_FLAG_CHECK_NAMED_GROUP 0x2000 -# define EC_FLAG_CHECK_NAMED_GROUP_NIST 0x4000 -# define EC_FLAG_CHECK_NAMED_GROUP_MASK \ +#define EC_FLAG_SM2_RANGE 0x0004 +#define EC_FLAG_COFACTOR_ECDH 0x1000 +#define EC_FLAG_CHECK_NAMED_GROUP 0x2000 +#define EC_FLAG_CHECK_NAMED_GROUP_NIST 0x4000 +#define EC_FLAG_CHECK_NAMED_GROUP_MASK \ (EC_FLAG_CHECK_NAMED_GROUP | EC_FLAG_CHECK_NAMED_GROUP_NIST) /* Deprecated flags - it was using 0x01..0x02 */ -# define EC_FLAG_NON_FIPS_ALLOW 0x0000 -# define EC_FLAG_FIPS_CHECKED 0x0000 +#define EC_FLAG_NON_FIPS_ALLOW 0x0000 +#define EC_FLAG_FIPS_CHECKED 0x0000 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** * Creates a new EC_KEY object. * \param ctx The library context for to use for this EC_KEY. May be NULL in @@ -985,8 +977,8 @@ * \return EC_KEY object or NULL if an error occurred. */ OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, - const char *propq, - int nid); + const char *propq, + int nid); /** * Creates a new EC_KEY object using a named curve as underlying @@ -1073,13 +1065,13 @@ OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); OSSL_DEPRECATEDIN_3_0 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_conv_form(EC_KEY *eckey, - point_conversion_form_t cform); -# endif /*OPENSSL_NO_DEPRECATED_3_0 */ + point_conversion_form_t cform); +#endif /*OPENSSL_NO_DEPRECATED_3_0 */ -# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); OSSL_DEPRECATEDIN_3_0 void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); @@ -1120,8 +1112,8 @@ * \return 1 on success and 0 otherwise. */ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, - BIGNUM *x, - BIGNUM *y); + BIGNUM *x, + BIGNUM *y); /** Encodes an EC_KEY public key to an allocated octet string * \param key key to encode @@ -1131,8 +1123,8 @@ * \return the length of the encoded octet string or 0 if an error occurred */ OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_key2buf(const EC_KEY *key, - point_conversion_form_t form, - unsigned char **pbuf, BN_CTX *ctx); + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); /** Decodes a EC_KEY public key from a octet string * \param key key to decode @@ -1143,7 +1135,7 @@ */ OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, - size_t len, BN_CTX *ctx); + size_t len, BN_CTX *ctx); /** Decodes an EC_KEY private key from an octet string * \param key key to decode @@ -1153,7 +1145,7 @@ */ OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, - size_t len); + size_t len); /** Encodes a EC_KEY private key to an octet string * \param key key to encode @@ -1164,7 +1156,7 @@ */ OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2oct(const EC_KEY *key, - unsigned char *buf, size_t len); + unsigned char *buf, size_t len); /** Encodes an EC_KEY private key to an allocated octet string * \param eckey key to encode @@ -1172,7 +1164,7 @@ * \return the length of the encoded octet string or 0 if an error occurred */ OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2buf(const EC_KEY *eckey, - unsigned char **pbuf); + unsigned char **pbuf); /********************************************************************/ /* de- and encoding functions for SEC1 ECPrivateKey */ @@ -1185,8 +1177,8 @@ * \return the decoded private key or NULL if an error occurred. */ OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey(EC_KEY **key, - const unsigned char **in, - long len); + const unsigned char **in, + long len); /** Encodes a private key object and stores the result in a buffer. * \param key the EC_KEY object to encode @@ -1195,7 +1187,7 @@ * \return 1 on success and 0 if an error occurred. */ OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey(const EC_KEY *key, - unsigned char **out); + unsigned char **out); /********************************************************************/ /* de- and encoding functions for EC parameters */ @@ -1209,8 +1201,8 @@ * occurred. */ OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECParameters(EC_KEY **key, - const unsigned char **in, - long len); + const unsigned char **in, + long len); /** Encodes ec parameter and stores the result in a buffer. * \param key the EC_KEY object with ec parameters to encode @@ -1219,7 +1211,7 @@ * \return 1 on success and 0 if an error occurred. */ OSSL_DEPRECATEDIN_3_0 int i2d_ECParameters(const EC_KEY *key, - unsigned char **out); + unsigned char **out); /********************************************************************/ /* de- and encoding functions for EC public key */ @@ -1234,7 +1226,7 @@ * occurred. */ OSSL_DEPRECATEDIN_3_0 EC_KEY *o2i_ECPublicKey(EC_KEY **key, - const unsigned char **in, long len); + const unsigned char **in, long len); /** Encodes an ec public key in an octet string. * \param key the EC_KEY object with the public key @@ -1259,7 +1251,7 @@ */ OSSL_DEPRECATEDIN_3_0 int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO /** Prints out the ec parameters on human readable form. * \param fp file descriptor to which the information is printed * \param key EC_KEY object @@ -1274,7 +1266,7 @@ * \return 1 on success and 0 if an error occurred */ OSSL_DEPRECATEDIN_3_0 int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); -# endif /* OPENSSL_NO_STDIO */ +#endif /* OPENSSL_NO_STDIO */ OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_OpenSSL(void); OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_default_method(void); @@ -1284,22 +1276,22 @@ OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine); /** The old name for ecdh_KDF_X9_63 - * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * The ECDH KDF specification has been mistakenly attributed to ANSI X9.62, * it is actually specified in ANSI X9.63. * This identifier is retained for backwards compatibility */ OSSL_DEPRECATEDIN_3_0 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, - size_t sinfolen, const EVP_MD *md); + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, + size_t sinfolen, const EVP_MD *md); OSSL_DEPRECATEDIN_3_0 int ECDH_compute_key(void *out, size_t outlen, - const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF)(const void *in, - size_t inlen, void *out, - size_t *outlen)); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF)(const void *in, + size_t inlen, void *out, + size_t *outlen)); +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ typedef struct ECDSA_SIG_st ECDSA_SIG; @@ -1354,7 +1346,7 @@ */ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /** Computes the ECDSA signature of the given hash value using * the supplied private key and returns the created signature. * \param dgst pointer to the hash value @@ -1363,7 +1355,7 @@ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, - int dgst_len, EC_KEY *eckey); + int dgst_len, EC_KEY *eckey); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). @@ -1376,8 +1368,8 @@ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, - int dgstlen, const BIGNUM *kinv, - const BIGNUM *rp, EC_KEY *eckey); + int dgstlen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); /** Verifies that the supplied signature is a valid ECDSA * signature of the supplied hash value using the supplied public key. @@ -1389,7 +1381,7 @@ * and -1 on error */ OSSL_DEPRECATEDIN_3_0 int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); + const ECDSA_SIG *sig, EC_KEY *eckey); /** Precompute parts of the signing operation * \param eckey EC_KEY object containing a private EC key @@ -1399,7 +1391,7 @@ * \return 1 on success and 0 otherwise */ OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, - BIGNUM **kinv, BIGNUM **rp); + BIGNUM **kinv, BIGNUM **rp); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). @@ -1412,8 +1404,8 @@ * \return 1 on success and 0 otherwise */ OSSL_DEPRECATEDIN_3_0 int ECDSA_sign(int type, const unsigned char *dgst, - int dgstlen, unsigned char *sig, - unsigned int *siglen, EC_KEY *eckey); + int dgstlen, unsigned char *sig, + unsigned int *siglen, EC_KEY *eckey); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). @@ -1429,9 +1421,9 @@ * \return 1 on success and 0 otherwise */ OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_ex(int type, const unsigned char *dgst, - int dgstlen, unsigned char *sig, - unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *rp, EC_KEY *eckey); + int dgstlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); /** Verifies that the given signature is valid ECDSA signature * of the supplied hash value using the specified public key. @@ -1445,8 +1437,8 @@ * and -1 on error */ OSSL_DEPRECATEDIN_3_0 int ECDSA_verify(int type, const unsigned char *dgst, - int dgstlen, const unsigned char *sig, - int siglen, EC_KEY *eckey); + int dgstlen, const unsigned char *sig, + int siglen, EC_KEY *eckey); /** Returns the maximum length of the DER encoded signature * \param eckey EC_KEY object @@ -1460,110 +1452,99 @@ OSSL_DEPRECATEDIN_3_0 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_init - (EC_KEY_METHOD *meth, - int (*init)(EC_KEY *key), - void (*finish)(EC_KEY *key), - int (*copy)(EC_KEY *dest, const EC_KEY *src), - int (*set_group)(EC_KEY *key, const EC_GROUP *grp), - int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), - int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)); OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, - int (*keygen)(EC_KEY *key)); - -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_compute_key - (EC_KEY_METHOD *meth, - int (*ckey)(unsigned char **psec, size_t *pseclen, - const EC_POINT *pub_key, const EC_KEY *ecdh)); - -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_sign - (EC_KEY_METHOD *meth, - int (*sign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey), - int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, - int dgst_len, - const BIGNUM *in_kinv, - const BIGNUM *in_r, - EC_KEY *eckey)); - -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_verify - (EC_KEY_METHOD *meth, - int (*verify)(int type, const unsigned - char *dgst, int dgst_len, - const unsigned char *sigbuf, - int sig_len, EC_KEY *eckey), - int (*verify_sig)(const unsigned char *dgst, - int dgst_len, const ECDSA_SIG *sig, - EC_KEY *eckey)); - -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_init - (const EC_KEY_METHOD *meth, - int (**pinit)(EC_KEY *key), - void (**pfinish)(EC_KEY *key), - int (**pcopy)(EC_KEY *dest, const EC_KEY *src), - int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), - int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), - int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); - -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_keygen - (const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key)); - -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_compute_key - (const EC_KEY_METHOD *meth, - int (**pck)(unsigned char **psec, - size_t *pseclen, - const EC_POINT *pub_key, - const EC_KEY *ecdh)); - -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_sign - (const EC_KEY_METHOD *meth, - int (**psign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey), - int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, - int dgst_len, - const BIGNUM *in_kinv, - const BIGNUM *in_r, - EC_KEY *eckey)); - -OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify - (const EC_KEY_METHOD *meth, - int (**pverify)(int type, const unsigned - char *dgst, int dgst_len, - const unsigned char *sigbuf, - int sig_len, EC_KEY *eckey), - int (**pverify_sig)(const unsigned char *dgst, - int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey)); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ - -# define EVP_EC_gen(curve) \ + int (*keygen)(EC_KEY *key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, size_t *pseclen, + const EC_POINT *pub_key, const EC_KEY *ecdh)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, const ECDSA_SIG *sig, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +#define EVP_EC_gen(curve) \ EVP_PKEY_Q_keygen(NULL, NULL, "EC", (char *)(strstr(curve, ""))) - /* strstr is used to enable type checking for the variadic string arg */ -# define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \ - d2i_ECParameters, x) - -# ifndef __cplusplus -# if defined(__SUNPRO_C) -# if __SUNPRO_C >= 0x520 -# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -# endif -# endif -# endif - -# endif -# ifdef __cplusplus +/* strstr is used to enable type checking for the variadic string arg */ +#define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \ + d2i_ECParameters, x) + +#ifndef __cplusplus +#if defined(__SUNPRO_C) +#if __SUNPRO_C >= 0x520 +#pragma error_messages(default, E_ARRAY_OF_INCOMPLETE_NONAME, E_ARRAY_OF_INCOMPLETE) +#endif +#endif +#endif + +#endif +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/ecerr.h.orig +++ crypto/openssl/include/openssl/ecerr.h @@ -9,96 +9,94 @@ */ #ifndef OPENSSL_ECERR_H -# define OPENSSL_ECERR_H -# pragma once +#define OPENSSL_ECERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_EC +#include +#include +#include +#ifndef OPENSSL_NO_EC /* * EC reason codes. */ -# define EC_R_ASN1_ERROR 115 -# define EC_R_BAD_SIGNATURE 156 -# define EC_R_BIGNUM_OUT_OF_RANGE 144 -# define EC_R_BUFFER_TOO_SMALL 100 -# define EC_R_CANNOT_INVERT 165 -# define EC_R_COORDINATES_OUT_OF_RANGE 146 -# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 -# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170 -# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 -# define EC_R_DECODE_ERROR 142 -# define EC_R_DISCRIMINANT_IS_ZERO 118 -# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 -# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127 -# define EC_R_FAILED_MAKING_PUBLIC_KEY 166 -# define EC_R_FIELD_TOO_LARGE 143 -# define EC_R_GF2M_NOT_SUPPORTED 147 -# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 -# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 -# define EC_R_INCOMPATIBLE_OBJECTS 101 -# define EC_R_INVALID_A 168 -# define EC_R_INVALID_ARGUMENT 112 -# define EC_R_INVALID_B 169 -# define EC_R_INVALID_COFACTOR 171 -# define EC_R_INVALID_COMPRESSED_POINT 110 -# define EC_R_INVALID_COMPRESSION_BIT 109 -# define EC_R_INVALID_CURVE 141 -# define EC_R_INVALID_DIGEST 151 -# define EC_R_INVALID_DIGEST_TYPE 138 -# define EC_R_INVALID_ENCODING 102 -# define EC_R_INVALID_FIELD 103 -# define EC_R_INVALID_FORM 104 -# define EC_R_INVALID_GENERATOR 173 -# define EC_R_INVALID_GROUP_ORDER 122 -# define EC_R_INVALID_KEY 116 -# define EC_R_INVALID_LENGTH 117 -# define EC_R_INVALID_NAMED_GROUP_CONVERSION 174 -# define EC_R_INVALID_OUTPUT_LENGTH 161 -# define EC_R_INVALID_P 172 -# define EC_R_INVALID_PEER_KEY 133 -# define EC_R_INVALID_PENTANOMIAL_BASIS 132 -# define EC_R_INVALID_PRIVATE_KEY 123 -# define EC_R_INVALID_SEED 175 -# define EC_R_INVALID_TRINOMIAL_BASIS 137 -# define EC_R_KDF_PARAMETER_ERROR 148 -# define EC_R_KEYS_NOT_SET 140 -# define EC_R_LADDER_POST_FAILURE 136 -# define EC_R_LADDER_PRE_FAILURE 153 -# define EC_R_LADDER_STEP_FAILURE 162 -# define EC_R_MISSING_OID 167 -# define EC_R_MISSING_PARAMETERS 124 -# define EC_R_MISSING_PRIVATE_KEY 125 -# define EC_R_NEED_NEW_SETUP_VALUES 157 -# define EC_R_NOT_A_NIST_PRIME 135 -# define EC_R_NOT_IMPLEMENTED 126 -# define EC_R_NOT_INITIALIZED 111 -# define EC_R_NO_PARAMETERS_SET 139 -# define EC_R_NO_PRIVATE_VALUE 154 -# define EC_R_OPERATION_NOT_SUPPORTED 152 -# define EC_R_PASSED_NULL_PARAMETER 134 -# define EC_R_PEER_KEY_ERROR 149 -# define EC_R_POINT_ARITHMETIC_FAILURE 155 -# define EC_R_POINT_AT_INFINITY 106 -# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 -# define EC_R_POINT_IS_NOT_ON_CURVE 107 -# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 -# define EC_R_SHARED_INFO_ERROR 150 -# define EC_R_SLOT_FULL 108 -# define EC_R_TOO_MANY_RETRIES 176 -# define EC_R_UNDEFINED_GENERATOR 113 -# define EC_R_UNDEFINED_ORDER 128 -# define EC_R_UNKNOWN_COFACTOR 164 -# define EC_R_UNKNOWN_GROUP 129 -# define EC_R_UNKNOWN_ORDER 114 -# define EC_R_UNSUPPORTED_FIELD 131 -# define EC_R_WRONG_CURVE_PARAMETERS 145 -# define EC_R_WRONG_ORDER 130 +#define EC_R_ASN1_ERROR 115 +#define EC_R_BAD_SIGNATURE 156 +#define EC_R_BIGNUM_OUT_OF_RANGE 144 +#define EC_R_BUFFER_TOO_SMALL 100 +#define EC_R_CANNOT_INVERT 165 +#define EC_R_COORDINATES_OUT_OF_RANGE 146 +#define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +#define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170 +#define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +#define EC_R_DECODE_ERROR 142 +#define EC_R_DISCRIMINANT_IS_ZERO 118 +#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +#define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127 +#define EC_R_FAILED_MAKING_PUBLIC_KEY 166 +#define EC_R_FIELD_TOO_LARGE 143 +#define EC_R_GF2M_NOT_SUPPORTED 147 +#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +#define EC_R_INCOMPATIBLE_OBJECTS 101 +#define EC_R_INVALID_A 168 +#define EC_R_INVALID_ARGUMENT 112 +#define EC_R_INVALID_B 169 +#define EC_R_INVALID_COFACTOR 171 +#define EC_R_INVALID_COMPRESSED_POINT 110 +#define EC_R_INVALID_COMPRESSION_BIT 109 +#define EC_R_INVALID_CURVE 141 +#define EC_R_INVALID_DIGEST 151 +#define EC_R_INVALID_DIGEST_TYPE 138 +#define EC_R_INVALID_ENCODING 102 +#define EC_R_INVALID_FIELD 103 +#define EC_R_INVALID_FORM 104 +#define EC_R_INVALID_GENERATOR 173 +#define EC_R_INVALID_GROUP_ORDER 122 +#define EC_R_INVALID_KEY 116 +#define EC_R_INVALID_LENGTH 117 +#define EC_R_INVALID_NAMED_GROUP_CONVERSION 174 +#define EC_R_INVALID_OUTPUT_LENGTH 161 +#define EC_R_INVALID_P 172 +#define EC_R_INVALID_PEER_KEY 133 +#define EC_R_INVALID_PENTANOMIAL_BASIS 132 +#define EC_R_INVALID_PRIVATE_KEY 123 +#define EC_R_INVALID_SEED 175 +#define EC_R_INVALID_TRINOMIAL_BASIS 137 +#define EC_R_KDF_PARAMETER_ERROR 148 +#define EC_R_KEYS_NOT_SET 140 +#define EC_R_LADDER_POST_FAILURE 136 +#define EC_R_LADDER_PRE_FAILURE 153 +#define EC_R_LADDER_STEP_FAILURE 162 +#define EC_R_MISSING_OID 167 +#define EC_R_MISSING_PARAMETERS 124 +#define EC_R_MISSING_PRIVATE_KEY 125 +#define EC_R_NEED_NEW_SETUP_VALUES 157 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_IMPLEMENTED 126 +#define EC_R_NOT_INITIALIZED 111 +#define EC_R_NO_PARAMETERS_SET 139 +#define EC_R_NO_PRIVATE_VALUE 154 +#define EC_R_OPERATION_NOT_SUPPORTED 152 +#define EC_R_PASSED_NULL_PARAMETER 134 +#define EC_R_PEER_KEY_ERROR 149 +#define EC_R_POINT_ARITHMETIC_FAILURE 155 +#define EC_R_POINT_AT_INFINITY 106 +#define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +#define EC_R_POINT_IS_NOT_ON_CURVE 107 +#define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +#define EC_R_SHARED_INFO_ERROR 150 +#define EC_R_SLOT_FULL 108 +#define EC_R_TOO_MANY_RETRIES 176 +#define EC_R_UNDEFINED_GENERATOR 113 +#define EC_R_UNDEFINED_ORDER 128 +#define EC_R_UNKNOWN_COFACTOR 164 +#define EC_R_UNKNOWN_GROUP 129 +#define EC_R_UNKNOWN_ORDER 114 +#define EC_R_UNSUPPORTED_FIELD 131 +#define EC_R_WRONG_CURVE_PARAMETERS 145 +#define EC_R_WRONG_ORDER 130 -# endif +#endif #endif --- crypto/openssl/include/openssl/encoder.h.orig +++ crypto/openssl/include/openssl/encoder.h @@ -8,26 +8,26 @@ */ #ifndef OPENSSL_ENCODER_H -# define OPENSSL_ENCODER_H -# pragma once +#define OPENSSL_ENCODER_H +#pragma once -# include +#include -# ifndef OPENSSL_NO_STDIO -# include -# endif -# include -# include -# include -# include -# include +#ifndef OPENSSL_NO_STDIO +#include +#endif +#include +#include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif OSSL_ENCODER *OSSL_ENCODER_fetch(OSSL_LIB_CTX *libctx, const char *name, - const char *properties); + const char *properties); int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder); void OSSL_ENCODER_free(OSSL_ENCODER *encoder); @@ -38,44 +38,44 @@ int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name); void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(OSSL_ENCODER *encoder, void *arg), - void *arg); + void (*fn)(OSSL_ENCODER *encoder, void *arg), + void *arg); int OSSL_ENCODER_names_do_all(const OSSL_ENCODER *encoder, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder); int OSSL_ENCODER_get_params(OSSL_ENCODER *encoder, OSSL_PARAM params[]); const OSSL_PARAM *OSSL_ENCODER_settable_ctx_params(OSSL_ENCODER *encoder); OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new(void); int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx, - const OSSL_PARAM params[]); + const OSSL_PARAM params[]); void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx); /* Utilities that help set specific parameters */ int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx, - const unsigned char *kstr, size_t klen); + const unsigned char *kstr, size_t klen); int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx, - pem_password_cb *cb, void *cbarg); + pem_password_cb *cb, void *cbarg); int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, - void *cbarg); + OSSL_PASSPHRASE_CALLBACK *cb, + void *cbarg); int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx, - const UI_METHOD *ui_method, - void *ui_data); + const UI_METHOD *ui_method, + void *ui_data); int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx, - const char *cipher_name, - const char *propquery); + const char *cipher_name, + const char *propquery); int OSSL_ENCODER_CTX_set_selection(OSSL_ENCODER_CTX *ctx, int selection); int OSSL_ENCODER_CTX_set_output_type(OSSL_ENCODER_CTX *ctx, - const char *output_type); + const char *output_type); int OSSL_ENCODER_CTX_set_output_structure(OSSL_ENCODER_CTX *ctx, - const char *output_structure); + const char *output_structure); /* Utilities to add encoders */ int OSSL_ENCODER_CTX_add_encoder(OSSL_ENCODER_CTX *ctx, OSSL_ENCODER *encoder); int OSSL_ENCODER_CTX_add_extra(OSSL_ENCODER_CTX *ctx, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int OSSL_ENCODER_CTX_get_num_encoders(OSSL_ENCODER_CTX *ctx); typedef struct ossl_encoder_instance_st OSSL_ENCODER_INSTANCE; @@ -89,15 +89,15 @@ OSSL_ENCODER_INSTANCE_get_output_structure(OSSL_ENCODER_INSTANCE *encoder_inst); typedef const void *OSSL_ENCODER_CONSTRUCT(OSSL_ENCODER_INSTANCE *encoder_inst, - void *construct_data); + void *construct_data); typedef void OSSL_ENCODER_CLEANUP(void *construct_data); int OSSL_ENCODER_CTX_set_construct(OSSL_ENCODER_CTX *ctx, - OSSL_ENCODER_CONSTRUCT *construct); + OSSL_ENCODER_CONSTRUCT *construct); int OSSL_ENCODER_CTX_set_construct_data(OSSL_ENCODER_CTX *ctx, - void *construct_data); + void *construct_data); int OSSL_ENCODER_CTX_set_cleanup(OSSL_ENCODER_CTX *ctx, - OSSL_ENCODER_CLEANUP *cleanup); + OSSL_ENCODER_CLEANUP *cleanup); /* Utilities to output the object to encode */ int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out); @@ -105,7 +105,7 @@ int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp); #endif int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata, - size_t *pdata_len); + size_t *pdata_len); /* * Create the OSSL_ENCODER_CTX with an associated type. This will perform @@ -113,12 +113,12 @@ * This is more useful than calling OSSL_ENCODER_CTX_new(). */ OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey, - int selection, - const char *output_type, - const char *output_struct, - const char *propquery); + int selection, + const char *output_type, + const char *output_struct, + const char *propquery); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/encodererr.h.orig +++ crypto/openssl/include/openssl/encodererr.h @@ -9,20 +9,18 @@ */ #ifndef OPENSSL_ENCODERERR_H -# define OPENSSL_ENCODERERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_ENCODERERR_H +#pragma once +#include +#include +#include /* * OSSL_ENCODER reason codes. */ -# define OSSL_ENCODER_R_ENCODER_NOT_FOUND 101 -# define OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY 100 -# define OSSL_ENCODER_R_MISSING_GET_PARAMS 102 +#define OSSL_ENCODER_R_ENCODER_NOT_FOUND 101 +#define OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY 100 +#define OSSL_ENCODER_R_MISSING_GET_PARAMS 102 #endif --- crypto/openssl/include/openssl/engine.h.orig +++ crypto/openssl/include/openssl/engine.h @@ -9,51 +9,51 @@ */ #ifndef OPENSSL_ENGINE_H -# define OPENSSL_ENGINE_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ENGINE_H -# endif - -# include - -# ifndef OPENSSL_NO_ENGINE -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# include -# include -# include -# include -# include -# include -# include -# endif -# include -# include -# include -# include -# ifdef __cplusplus +#define OPENSSL_ENGINE_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ENGINE_H +#endif + +#include + +#ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#include +#include +#include +#include +#include +#include +#include +#endif +#include +#include +#include +#include +#ifdef __cplusplus extern "C" { -# endif +#endif /* * These flags are used to control combinations of algorithm (methods) by * bitwise "OR"ing. */ -# define ENGINE_METHOD_RSA (unsigned int)0x0001 -# define ENGINE_METHOD_DSA (unsigned int)0x0002 -# define ENGINE_METHOD_DH (unsigned int)0x0004 -# define ENGINE_METHOD_RAND (unsigned int)0x0008 -# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 -# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 -# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 -# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 -# define ENGINE_METHOD_EC (unsigned int)0x0800 +#define ENGINE_METHOD_RSA (unsigned int)0x0001 +#define ENGINE_METHOD_DSA (unsigned int)0x0002 +#define ENGINE_METHOD_DH (unsigned int)0x0004 +#define ENGINE_METHOD_RAND (unsigned int)0x0008 +#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +#define ENGINE_METHOD_EC (unsigned int)0x0800 /* Obvious all-or-nothing cases. */ -# define ENGINE_METHOD_ALL (unsigned int)0xFFFF -# define ENGINE_METHOD_NONE (unsigned int)0x0000 +#define ENGINE_METHOD_ALL (unsigned int)0xFFFF +#define ENGINE_METHOD_NONE (unsigned int)0x0000 /* * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used @@ -61,7 +61,7 @@ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to * initialise registered ENGINEs if they are not already initialised. */ -# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 +#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 /* ENGINE flags that can be set by ENGINE_set_flags(). */ /* Not used */ @@ -73,7 +73,7 @@ * these control commands on behalf of the ENGINE using their "cmd_defns" * data. */ -# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 +#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 /* * This flag is for ENGINEs who return new duplicate structures when found @@ -85,7 +85,7 @@ * ENGINE_by_id() just increments the existing ENGINE's structural reference * count. */ -# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 +#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 /* * This flag if for an ENGINE that does not want its methods registered as @@ -93,7 +93,7 @@ * usable as default methods. */ -# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 +#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 /* * ENGINEs can support their own command types, and these flags are used in @@ -108,23 +108,23 @@ */ /* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ -# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 /* * accepts string input (cast from 'void*' to 'const char *', 4th parameter * to ENGINE_ctrl) */ -# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 /* * Indicates that the control command takes *no* input. Ie. the control * command is unparameterised. */ -# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 /* * Indicates that the control command is internal. This control command won't * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() * function. */ -# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 +#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 /* * NB: These 3 control commands are deprecated and should not be used. @@ -143,23 +143,23 @@ * sense to some engines. In such a case, they do nothing but return the * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ -# define ENGINE_CTRL_SET_LOGSTREAM 1 -# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 -# define ENGINE_CTRL_HUP 3/* Close and reinitialise - * any handles/connections - * etc. */ -# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ -# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used - * when calling the password - * callback and the user - * interface */ -# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, - * given a string that - * represents a file name - * or so */ -# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given - * section in the already - * loaded configuration */ +#define ENGINE_CTRL_SET_LOGSTREAM 1 +#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +#define ENGINE_CTRL_HUP 3 /* Close and reinitialise \ + * any handles/connections \ + * etc. */ +#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ +#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used \ + * when calling the password \ + * callback and the user \ + * interface */ +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, \ + * given a string that \ + * represents a file name \ + * or so */ +#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given \ + * section in the already \ + * loaded configuration */ /* * These control commands allow an application to deal with an arbitrary @@ -181,22 +181,22 @@ * worth checking this first if the caller is trying to "discover" the * engine's capabilities and doesn't want errors generated unnecessarily. */ -# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 /* * Returns a positive command number for the first command supported by the * engine. Returns zero if no ctrl commands are supported. */ -# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 /* * The 'long' argument specifies a command implemented by the engine, and the * return value is the next command supported, or zero if there are no more. */ -# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 /* * The 'void*' argument is a command name (cast from 'const char *'), and the * return value is the command that corresponds to it. */ -# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +#define ENGINE_CTRL_GET_CMD_FROM_NAME 13 /* * The next two allow a command to be converted into its corresponding string * form. In each case, the 'long' argument supplies the command. In the @@ -205,23 +205,23 @@ * string buffer large enough, and it will be populated with the name of the * command (WITH a trailing EOL). */ -# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 -# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +#define ENGINE_CTRL_GET_NAME_FROM_CMD 15 /* The next two are similar but give a "short description" of a command. */ -# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 -# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +#define ENGINE_CTRL_GET_DESC_FROM_CMD 17 /* * With this command, the return value is the OR'd combination of * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given * engine-specific ctrl command expects. */ -# define ENGINE_CTRL_GET_CMD_FLAGS 18 +#define ENGINE_CTRL_GET_CMD_FLAGS 18 /* * ENGINE implementations should start the numbering of their own control * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ -# define ENGINE_CMD_BASE 200 +#define ENGINE_CMD_BASE 200 /* * NB: These 2 nCipher "chil" control commands are deprecated, and their @@ -232,17 +232,17 @@ */ /* Flags specific to the nCipher "chil" engine */ -# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 - /* - * Depending on the value of the (long)i argument, this sets or - * unsets the SimpleForkCheck flag in the CHIL API to enable or - * disable checking and workarounds for applications that fork(). - */ -# define ENGINE_CTRL_CHIL_NO_LOCKING 101 - /* - * This prevents the initialisation function from providing mutex - * callbacks to the nCipher library. - */ +#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 +/* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +#define ENGINE_CTRL_CHIL_NO_LOCKING 101 +/* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ /* * If an ENGINE supports its own specific control commands and wishes the @@ -255,29 +255,29 @@ * has cmd_num set to zero and/or cmd_name set to NULL. */ typedef struct ENGINE_CMD_DEFN_st { - unsigned int cmd_num; /* The command number */ - const char *cmd_name; /* The command name itself */ - const char *cmd_desc; /* A short description of the command */ - unsigned int cmd_flags; /* The input the command expects */ + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ } ENGINE_CMD_DEFN; /* Generic function pointer */ -typedef int (*ENGINE_GEN_FUNC_PTR) (void); +typedef int (*ENGINE_GEN_FUNC_PTR)(void); /* Generic function pointer taking no arguments */ -typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); /* Specific control function pointer */ -typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, - void (*f) (void)); +typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, + void (*f)(void)); /* Generic load_key function pointer */ typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, - UI_METHOD *ui_method, - void *callback_data); -typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, - STACK_OF(X509_NAME) *ca_dn, - X509 **pcert, EVP_PKEY **pkey, - STACK_OF(X509) **pother, - UI_METHOD *ui_method, - void *callback_data); + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); /*- * These callback types are for an ENGINE's handler for cipher and digest logic. * These handlers have these prototypes; @@ -293,14 +293,14 @@ * Returns to a pointer to the array of supported cipher 'nid's. If the * second parameter is non-NULL it is set to the size of the returned array. */ -typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, - const int **, int); -typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, - int); -typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, - const int **, int); -typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, - const int **, int); +typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); /* * STRUCTURE functions ... all of these functions deal with pointers to * ENGINE structures where the pointers have a "structural reference". This @@ -314,58 +314,58 @@ */ /* Get the first/last "ENGINE" type available. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_first(void); OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_last(void); -# endif +#endif /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_next(ENGINE *e); OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_prev(ENGINE *e); -# endif +#endif /* Add another "ENGINE" type into the array. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_add(ENGINE *e); -# endif +#endif /* Remove an existing "ENGINE" type from the array. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_remove(ENGINE *e); -# endif +#endif /* Retrieve an engine from the list by its unique "id" value. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id); -# endif - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define ENGINE_load_openssl() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) -# define ENGINE_load_dynamic() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) -# ifndef OPENSSL_NO_STATIC_ENGINE -# define ENGINE_load_padlock() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) -# define ENGINE_load_capi() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) -# define ENGINE_load_afalg() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) -# endif -# define ENGINE_load_cryptodev() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) -# define ENGINE_load_rdrand() \ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +#define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +#ifndef OPENSSL_NO_STATIC_ENGINE +#define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +#define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +#define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +#endif +#define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +#define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void ENGINE_load_builtin_engines(void); -# endif +#endif /* * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 unsigned int ENGINE_get_table_flags(void); OSSL_DEPRECATEDIN_3_0 void ENGINE_set_table_flags(unsigned int flags); -# endif +#endif /*- Manage registration of ENGINEs per "table". For each type, there are 3 * functions; @@ -374,7 +374,7 @@ * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list * Cleanup is automatically registered from each table when required. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_register_RSA(ENGINE *e); OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_RSA(ENGINE *e); OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_RSA(void); @@ -402,7 +402,7 @@ OSSL_DEPRECATEDIN_3_0 int ENGINE_register_pkey_asn1_meths(ENGINE *e); OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_pkey_asn1_meths(void); -# endif +#endif /* * These functions register all support from the above categories. Note, use @@ -410,10 +410,10 @@ * may not need. If you only need a subset of functionality, consider using * more selective initialisation. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_register_complete(ENGINE *e); OSSL_DEPRECATEDIN_3_0 int ENGINE_register_all_complete(void); -# endif +#endif /* * Send parameterised control commands to the engine. The possibilities to @@ -425,10 +425,10 @@ * commands that require an operational ENGINE, and only use functional * references in such situations. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); -# endif + void (*f)(void)); +#endif /* * This function tests if an ENGINE-specific command is usable as a @@ -436,9 +436,9 @@ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_cmd_is_executable(ENGINE *e, int cmd); -# endif +#endif /* * This function works like ENGINE_ctrl() with the exception of taking a @@ -446,11 +446,11 @@ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation * on how to use the cmd_name and cmd_optional. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f) (void), - int cmd_optional); -# endif + long i, void *p, void (*f)(void), + int cmd_optional); +#endif /* * This function passes a command-name and argument to an ENGINE. The @@ -474,11 +474,11 @@ * applications can work consistently with the same configuration for the * same ENGINE-enabled devices, across applications. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional); -# endif + int cmd_optional); +#endif /* * These functions are useful for manufacturing new ENGINE structures. They @@ -488,7 +488,7 @@ * These are also here so that the ENGINE structure doesn't have to be * exposed and break binary compatibility! */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_new(void); OSSL_DEPRECATEDIN_3_0 int ENGINE_free(ENGINE *e); OSSL_DEPRECATEDIN_3_0 int ENGINE_up_ref(ENGINE *e); @@ -500,7 +500,7 @@ OSSL_DEPRECATEDIN_3_0 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); OSSL_DEPRECATEDIN_3_0 -int ENGINE_set_destroy_function(ENGINE *e,ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); OSSL_DEPRECATEDIN_3_0 @@ -513,7 +513,7 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, - ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); OSSL_DEPRECATEDIN_3_0 @@ -524,23 +524,25 @@ int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_flags(ENGINE *e, int flags); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_cmd_defns(ENGINE *e, - const ENGINE_CMD_DEFN *defns); -# endif + const ENGINE_CMD_DEFN *defns); +#endif /* These functions allow control over any per-structure ENGINE data. */ -# define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); OSSL_DEPRECATEDIN_3_0 void *ENGINE_get_ex_data(const ENGINE *e, int idx); -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* * This function previously cleaned up anything that needs it. Auto-deinit will * now take care of it so it is no longer required to call this function. */ -# define ENGINE_cleanup() while(0) continue -# endif +#define ENGINE_cleanup() \ + while (0) \ + continue +#endif /* * These return values from within the ENGINE structure. These can be useful @@ -548,7 +550,7 @@ * which you obtained. Using the result for functional purposes if you only * obtained a structural reference may be problematic! */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const char *ENGINE_get_id(const ENGINE *e); OSSL_DEPRECATEDIN_3_0 const char *ENGINE_get_name(const ENGINE *e); OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); @@ -588,15 +590,15 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - const char *str, - int len); + const char *str, + int len); OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, - const char *str, int len); + const char *str, int len); OSSL_DEPRECATEDIN_3_0 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); OSSL_DEPRECATEDIN_3_0 int ENGINE_get_flags(const ENGINE *e); -# endif +#endif /* * FUNCTIONAL functions. These functions deal with ENGINE structures that @@ -616,36 +618,36 @@ * already in use). This will fail if the engine is not currently operational * and cannot initialise. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_init(ENGINE *e); -# endif +#endif /* * Free a functional reference to a engine type. This does not require a * corresponding call to ENGINE_free as it also releases a structural * reference. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_finish(ENGINE *e); -# endif +#endif /* * The following functions handle keys that are stored in some secondary * location, handled by the engine. The storage may be on a card or * whatever. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); OSSL_DEPRECATEDIN_3_0 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); OSSL_DEPRECATEDIN_3_0 int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn, - X509 **pcert, EVP_PKEY **ppkey, - STACK_OF(X509) **pother, - UI_METHOD *ui_method, void *callback_data); -# endif + X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); +#endif /* * This returns a pointer for the current ENGINE structure that is (by @@ -653,26 +655,26 @@ * incremented reference, so it should be free'd (ENGINE_finish) before it is * discarded. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_RSA(void); -# endif +#endif /* Same for the other "methods" */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_DSA(void); OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_EC(void); OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_DH(void); OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_RAND(void); -# endif +#endif /* * These functions can be used to get a functional reference to perform * ciphering or digesting corresponding to "nid". */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_cipher_engine(int nid); OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_digest_engine(int nid); OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_pkey_meth_engine(int nid); OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); -# endif +#endif /* * This sets a new default ENGINE structure for performing RSA operations. If @@ -680,13 +682,13 @@ * its reference count up'd so the caller should still free their own * reference 'e'. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_RSA(ENGINE *e); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_string(ENGINE *e, - const char *def_list); -# endif + const char *def_list); +#endif /* Same for the other "methods" */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_DSA(ENGINE *e); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_EC(ENGINE *e); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_DH(ENGINE *e); @@ -695,7 +697,7 @@ OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_digests(ENGINE *e); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_pkey_meths(ENGINE *e); OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); -# endif +#endif /* * The combination "set" - the flags are bitwise "OR"d from the @@ -704,10 +706,10 @@ * application requires only specific functionality, consider using more * selective functions. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default(ENGINE *e, unsigned int flags); OSSL_DEPRECATEDIN_3_0 void ENGINE_add_conf_module(void); -# endif +#endif /* Deprecated functions ... */ /* int ENGINE_clear_defaults(void); */ @@ -717,12 +719,12 @@ /**************************/ /* Binary/behaviour compatibility levels */ -# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 /* * Binary versions older than this are too old for us (whether we're a loader * or a loadee) */ -# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 /* * When compiling an ENGINE entirely as an external shared library, loadable @@ -735,9 +737,9 @@ * same static data as the calling application (or library), and thus whether * these callbacks need to be set or not. */ -typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); -typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); -typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef void *(*dyn_MEM_malloc_fn)(size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn)(void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn)(void *, const char *, int); typedef struct st_dynamic_MEM_fns { dyn_MEM_malloc_fn malloc_fn; dyn_MEM_realloc_fn realloc_fn; @@ -765,12 +767,15 @@ * implementation can be fully instantiated with * IMPLEMENT_DYNAMIC_CHECK_FN(). */ -typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); -# define IMPLEMENT_DYNAMIC_CHECK_FN() \ - OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ - OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ - if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ - return 0; } +typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); +#define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) \ + { \ + if (v >= OSSL_DYNAMIC_OLDEST) \ + return OSSL_DYNAMIC_VERSION; \ + return 0; \ + } /* * This function is passed the ENGINE structure to initialise with its own @@ -790,21 +795,25 @@ * returns an int value (zero for failure). 'fn' should have prototype; * [static] int fn(ENGINE *e, const char *id); */ -typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, - const dynamic_fns *fns); -# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ - OPENSSL_EXPORT \ - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ - OPENSSL_EXPORT \ - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ - if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ - CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ - fns->mem_fns.realloc_fn, \ - fns->mem_fns.free_fn); \ - OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ - skip_cbs: \ - if (!fn(e, id)) return 0; \ - return 1; } +typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, + const dynamic_fns *fns); +#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) \ + { \ + if (ENGINE_get_static_state() == fns->static_state) \ + goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ + skip_cbs: \ + if (!fn(e, id)) \ + return 0; \ + return 1; \ + } /* * If the loading application (or library) and the loaded ENGINE library @@ -819,15 +828,14 @@ */ void *ENGINE_get_static_state(void); -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 void ENGINE_setup_bsd_cryptodev(void); -# endif -# endif - +#endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif /* OPENSSL_NO_ENGINE */ -#endif /* OPENSSL_ENGINE_H */ +#endif +#endif /* OPENSSL_NO_ENGINE */ +#endif /* OPENSSL_ENGINE_H */ --- crypto/openssl/include/openssl/engineerr.h.orig +++ crypto/openssl/include/openssl/engineerr.h @@ -9,55 +9,53 @@ */ #ifndef OPENSSL_ENGINEERR_H -# define OPENSSL_ENGINEERR_H -# pragma once +#define OPENSSL_ENGINEERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_ENGINE +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE /* * ENGINE reason codes. */ -# define ENGINE_R_ALREADY_LOADED 100 -# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 -# define ENGINE_R_CMD_NOT_EXECUTABLE 134 -# define ENGINE_R_COMMAND_TAKES_INPUT 135 -# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 -# define ENGINE_R_CONFLICTING_ENGINE_ID 103 -# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 -# define ENGINE_R_DSO_FAILURE 104 -# define ENGINE_R_DSO_NOT_FOUND 132 -# define ENGINE_R_ENGINES_SECTION_ERROR 148 -# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 -# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 -# define ENGINE_R_ENGINE_SECTION_ERROR 149 -# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 -# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 -# define ENGINE_R_FINISH_FAILED 106 -# define ENGINE_R_ID_OR_NAME_MISSING 108 -# define ENGINE_R_INIT_FAILED 109 -# define ENGINE_R_INTERNAL_LIST_ERROR 110 -# define ENGINE_R_INVALID_ARGUMENT 143 -# define ENGINE_R_INVALID_CMD_NAME 137 -# define ENGINE_R_INVALID_CMD_NUMBER 138 -# define ENGINE_R_INVALID_INIT_VALUE 151 -# define ENGINE_R_INVALID_STRING 150 -# define ENGINE_R_NOT_INITIALISED 117 -# define ENGINE_R_NOT_LOADED 112 -# define ENGINE_R_NO_CONTROL_FUNCTION 120 -# define ENGINE_R_NO_INDEX 144 -# define ENGINE_R_NO_LOAD_FUNCTION 125 -# define ENGINE_R_NO_REFERENCE 130 -# define ENGINE_R_NO_SUCH_ENGINE 116 -# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 -# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 -# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 -# define ENGINE_R_VERSION_INCOMPATIBILITY 145 +#define ENGINE_R_ALREADY_LOADED 100 +#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +#define ENGINE_R_CMD_NOT_EXECUTABLE 134 +#define ENGINE_R_COMMAND_TAKES_INPUT 135 +#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +#define ENGINE_R_CONFLICTING_ENGINE_ID 103 +#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +#define ENGINE_R_DSO_FAILURE 104 +#define ENGINE_R_DSO_NOT_FOUND 132 +#define ENGINE_R_ENGINES_SECTION_ERROR 148 +#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +#define ENGINE_R_ENGINE_SECTION_ERROR 149 +#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +#define ENGINE_R_FINISH_FAILED 106 +#define ENGINE_R_ID_OR_NAME_MISSING 108 +#define ENGINE_R_INIT_FAILED 109 +#define ENGINE_R_INTERNAL_LIST_ERROR 110 +#define ENGINE_R_INVALID_ARGUMENT 143 +#define ENGINE_R_INVALID_CMD_NAME 137 +#define ENGINE_R_INVALID_CMD_NUMBER 138 +#define ENGINE_R_INVALID_INIT_VALUE 151 +#define ENGINE_R_INVALID_STRING 150 +#define ENGINE_R_NOT_INITIALISED 117 +#define ENGINE_R_NOT_LOADED 112 +#define ENGINE_R_NO_CONTROL_FUNCTION 120 +#define ENGINE_R_NO_INDEX 144 +#define ENGINE_R_NO_LOAD_FUNCTION 125 +#define ENGINE_R_NO_REFERENCE 130 +#define ENGINE_R_NO_SUCH_ENGINE 116 +#define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +#define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +#define ENGINE_R_VERSION_INCOMPATIBILITY 145 -# endif +#endif #endif --- crypto/openssl/include/openssl/err.h.orig +++ crypto/openssl/include/openssl/err.h @@ -7,52 +7,54 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_ERR_H -# define OPENSSL_ERR_H -# pragma once +#define OPENSSL_ERR_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ERR_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ERR_H +#endif -# include +#include -# ifndef OPENSSL_NO_STDIO -# include -# include -# endif +#ifndef OPENSSL_NO_STDIO +#include +#include +#endif -# include -# include -# include -# include +#include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_FILENAMES -# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,fn,ln) -# else -# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,NULL,0) -# endif -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_FILENAMES +#define ERR_PUT_error(l, f, r, fn, ln) ERR_put_error(l, f, r, fn, ln) +#else +#define ERR_PUT_error(l, f, r, fn, ln) ERR_put_error(l, f, r, NULL, 0) +#endif +#endif -# include -# include +#include +#include -# define ERR_TXT_MALLOCED 0x01 -# define ERR_TXT_STRING 0x02 +#define ERR_TXT_MALLOCED 0x01 +#define ERR_TXT_STRING 0x02 -# if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE) -# define ERR_FLAG_MARK 0x01 -# define ERR_FLAG_CLEAR 0x02 +#if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE) +#define ERR_FLAG_MARK 0x01 +#define ERR_FLAG_CLEAR 0x02 -# define ERR_NUM_ERRORS 16 +#define ERR_NUM_ERRORS 16 struct err_state_st { int err_flags[ERR_NUM_ERRORS]; int err_marks[ERR_NUM_ERRORS]; @@ -65,109 +67,109 @@ char *err_func[ERR_NUM_ERRORS]; int top, bottom; }; -# endif +#endif /* library */ -# define ERR_LIB_NONE 1 -# define ERR_LIB_SYS 2 -# define ERR_LIB_BN 3 -# define ERR_LIB_RSA 4 -# define ERR_LIB_DH 5 -# define ERR_LIB_EVP 6 -# define ERR_LIB_BUF 7 -# define ERR_LIB_OBJ 8 -# define ERR_LIB_PEM 9 -# define ERR_LIB_DSA 10 -# define ERR_LIB_X509 11 +#define ERR_LIB_NONE 1 +#define ERR_LIB_SYS 2 +#define ERR_LIB_BN 3 +#define ERR_LIB_RSA 4 +#define ERR_LIB_DH 5 +#define ERR_LIB_EVP 6 +#define ERR_LIB_BUF 7 +#define ERR_LIB_OBJ 8 +#define ERR_LIB_PEM 9 +#define ERR_LIB_DSA 10 +#define ERR_LIB_X509 11 /* #define ERR_LIB_METH 12 */ -# define ERR_LIB_ASN1 13 -# define ERR_LIB_CONF 14 -# define ERR_LIB_CRYPTO 15 -# define ERR_LIB_EC 16 -# define ERR_LIB_SSL 20 +#define ERR_LIB_ASN1 13 +#define ERR_LIB_CONF 14 +#define ERR_LIB_CRYPTO 15 +#define ERR_LIB_EC 16 +#define ERR_LIB_SSL 20 /* #define ERR_LIB_SSL23 21 */ /* #define ERR_LIB_SSL2 22 */ /* #define ERR_LIB_SSL3 23 */ /* #define ERR_LIB_RSAREF 30 */ /* #define ERR_LIB_PROXY 31 */ -# define ERR_LIB_BIO 32 -# define ERR_LIB_PKCS7 33 -# define ERR_LIB_X509V3 34 -# define ERR_LIB_PKCS12 35 -# define ERR_LIB_RAND 36 -# define ERR_LIB_DSO 37 -# define ERR_LIB_ENGINE 38 -# define ERR_LIB_OCSP 39 -# define ERR_LIB_UI 40 -# define ERR_LIB_COMP 41 -# define ERR_LIB_ECDSA 42 -# define ERR_LIB_ECDH 43 -# define ERR_LIB_OSSL_STORE 44 -# define ERR_LIB_FIPS 45 -# define ERR_LIB_CMS 46 -# define ERR_LIB_TS 47 -# define ERR_LIB_HMAC 48 +#define ERR_LIB_BIO 32 +#define ERR_LIB_PKCS7 33 +#define ERR_LIB_X509V3 34 +#define ERR_LIB_PKCS12 35 +#define ERR_LIB_RAND 36 +#define ERR_LIB_DSO 37 +#define ERR_LIB_ENGINE 38 +#define ERR_LIB_OCSP 39 +#define ERR_LIB_UI 40 +#define ERR_LIB_COMP 41 +#define ERR_LIB_ECDSA 42 +#define ERR_LIB_ECDH 43 +#define ERR_LIB_OSSL_STORE 44 +#define ERR_LIB_FIPS 45 +#define ERR_LIB_CMS 46 +#define ERR_LIB_TS 47 +#define ERR_LIB_HMAC 48 /* # define ERR_LIB_JPAKE 49 */ -# define ERR_LIB_CT 50 -# define ERR_LIB_ASYNC 51 -# define ERR_LIB_KDF 52 -# define ERR_LIB_SM2 53 -# define ERR_LIB_ESS 54 -# define ERR_LIB_PROP 55 -# define ERR_LIB_CRMF 56 -# define ERR_LIB_PROV 57 -# define ERR_LIB_CMP 58 -# define ERR_LIB_OSSL_ENCODER 59 -# define ERR_LIB_OSSL_DECODER 60 -# define ERR_LIB_HTTP 61 - -# define ERR_LIB_USER 128 - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define ASN1err(f, r) ERR_raise_data(ERR_LIB_ASN1, (r), NULL) -# define ASYNCerr(f, r) ERR_raise_data(ERR_LIB_ASYNC, (r), NULL) -# define BIOerr(f, r) ERR_raise_data(ERR_LIB_BIO, (r), NULL) -# define BNerr(f, r) ERR_raise_data(ERR_LIB_BN, (r), NULL) -# define BUFerr(f, r) ERR_raise_data(ERR_LIB_BUF, (r), NULL) -# define CMPerr(f, r) ERR_raise_data(ERR_LIB_CMP, (r), NULL) -# define CMSerr(f, r) ERR_raise_data(ERR_LIB_CMS, (r), NULL) -# define COMPerr(f, r) ERR_raise_data(ERR_LIB_COMP, (r), NULL) -# define CONFerr(f, r) ERR_raise_data(ERR_LIB_CONF, (r), NULL) -# define CRMFerr(f, r) ERR_raise_data(ERR_LIB_CRMF, (r), NULL) -# define CRYPTOerr(f, r) ERR_raise_data(ERR_LIB_CRYPTO, (r), NULL) -# define CTerr(f, r) ERR_raise_data(ERR_LIB_CT, (r), NULL) -# define DHerr(f, r) ERR_raise_data(ERR_LIB_DH, (r), NULL) -# define DSAerr(f, r) ERR_raise_data(ERR_LIB_DSA, (r), NULL) -# define DSOerr(f, r) ERR_raise_data(ERR_LIB_DSO, (r), NULL) -# define ECDHerr(f, r) ERR_raise_data(ERR_LIB_ECDH, (r), NULL) -# define ECDSAerr(f, r) ERR_raise_data(ERR_LIB_ECDSA, (r), NULL) -# define ECerr(f, r) ERR_raise_data(ERR_LIB_EC, (r), NULL) -# define ENGINEerr(f, r) ERR_raise_data(ERR_LIB_ENGINE, (r), NULL) -# define ESSerr(f, r) ERR_raise_data(ERR_LIB_ESS, (r), NULL) -# define EVPerr(f, r) ERR_raise_data(ERR_LIB_EVP, (r), NULL) -# define FIPSerr(f, r) ERR_raise_data(ERR_LIB_FIPS, (r), NULL) -# define HMACerr(f, r) ERR_raise_data(ERR_LIB_HMAC, (r), NULL) -# define HTTPerr(f, r) ERR_raise_data(ERR_LIB_HTTP, (r), NULL) -# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) -# define OBJerr(f, r) ERR_raise_data(ERR_LIB_OBJ, (r), NULL) -# define OCSPerr(f, r) ERR_raise_data(ERR_LIB_OCSP, (r), NULL) -# define OSSL_STOREerr(f, r) ERR_raise_data(ERR_LIB_OSSL_STORE, (r), NULL) -# define PEMerr(f, r) ERR_raise_data(ERR_LIB_PEM, (r), NULL) -# define PKCS12err(f, r) ERR_raise_data(ERR_LIB_PKCS12, (r), NULL) -# define PKCS7err(f, r) ERR_raise_data(ERR_LIB_PKCS7, (r), NULL) -# define PROPerr(f, r) ERR_raise_data(ERR_LIB_PROP, (r), NULL) -# define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL) -# define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL) -# define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL) -# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) -# define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL) -# define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL) -# define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL) -# define TSerr(f, r) ERR_raise_data(ERR_LIB_TS, (r), NULL) -# define UIerr(f, r) ERR_raise_data(ERR_LIB_UI, (r), NULL) -# define X509V3err(f, r) ERR_raise_data(ERR_LIB_X509V3, (r), NULL) -# define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL) -# endif +#define ERR_LIB_CT 50 +#define ERR_LIB_ASYNC 51 +#define ERR_LIB_KDF 52 +#define ERR_LIB_SM2 53 +#define ERR_LIB_ESS 54 +#define ERR_LIB_PROP 55 +#define ERR_LIB_CRMF 56 +#define ERR_LIB_PROV 57 +#define ERR_LIB_CMP 58 +#define ERR_LIB_OSSL_ENCODER 59 +#define ERR_LIB_OSSL_DECODER 60 +#define ERR_LIB_HTTP 61 + +#define ERR_LIB_USER 128 + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define ASN1err(f, r) ERR_raise_data(ERR_LIB_ASN1, (r), NULL) +#define ASYNCerr(f, r) ERR_raise_data(ERR_LIB_ASYNC, (r), NULL) +#define BIOerr(f, r) ERR_raise_data(ERR_LIB_BIO, (r), NULL) +#define BNerr(f, r) ERR_raise_data(ERR_LIB_BN, (r), NULL) +#define BUFerr(f, r) ERR_raise_data(ERR_LIB_BUF, (r), NULL) +#define CMPerr(f, r) ERR_raise_data(ERR_LIB_CMP, (r), NULL) +#define CMSerr(f, r) ERR_raise_data(ERR_LIB_CMS, (r), NULL) +#define COMPerr(f, r) ERR_raise_data(ERR_LIB_COMP, (r), NULL) +#define CONFerr(f, r) ERR_raise_data(ERR_LIB_CONF, (r), NULL) +#define CRMFerr(f, r) ERR_raise_data(ERR_LIB_CRMF, (r), NULL) +#define CRYPTOerr(f, r) ERR_raise_data(ERR_LIB_CRYPTO, (r), NULL) +#define CTerr(f, r) ERR_raise_data(ERR_LIB_CT, (r), NULL) +#define DHerr(f, r) ERR_raise_data(ERR_LIB_DH, (r), NULL) +#define DSAerr(f, r) ERR_raise_data(ERR_LIB_DSA, (r), NULL) +#define DSOerr(f, r) ERR_raise_data(ERR_LIB_DSO, (r), NULL) +#define ECDHerr(f, r) ERR_raise_data(ERR_LIB_ECDH, (r), NULL) +#define ECDSAerr(f, r) ERR_raise_data(ERR_LIB_ECDSA, (r), NULL) +#define ECerr(f, r) ERR_raise_data(ERR_LIB_EC, (r), NULL) +#define ENGINEerr(f, r) ERR_raise_data(ERR_LIB_ENGINE, (r), NULL) +#define ESSerr(f, r) ERR_raise_data(ERR_LIB_ESS, (r), NULL) +#define EVPerr(f, r) ERR_raise_data(ERR_LIB_EVP, (r), NULL) +#define FIPSerr(f, r) ERR_raise_data(ERR_LIB_FIPS, (r), NULL) +#define HMACerr(f, r) ERR_raise_data(ERR_LIB_HMAC, (r), NULL) +#define HTTPerr(f, r) ERR_raise_data(ERR_LIB_HTTP, (r), NULL) +#define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +#define OBJerr(f, r) ERR_raise_data(ERR_LIB_OBJ, (r), NULL) +#define OCSPerr(f, r) ERR_raise_data(ERR_LIB_OCSP, (r), NULL) +#define OSSL_STOREerr(f, r) ERR_raise_data(ERR_LIB_OSSL_STORE, (r), NULL) +#define PEMerr(f, r) ERR_raise_data(ERR_LIB_PEM, (r), NULL) +#define PKCS12err(f, r) ERR_raise_data(ERR_LIB_PKCS12, (r), NULL) +#define PKCS7err(f, r) ERR_raise_data(ERR_LIB_PKCS7, (r), NULL) +#define PROPerr(f, r) ERR_raise_data(ERR_LIB_PROP, (r), NULL) +#define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL) +#define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL) +#define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL) +#define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +#define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL) +#define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL) +#define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL) +#define TSerr(f, r) ERR_raise_data(ERR_LIB_TS, (r), NULL) +#define UIerr(f, r) ERR_raise_data(ERR_LIB_UI, (r), NULL) +#define X509V3err(f, r) ERR_raise_data(ERR_LIB_X509V3, (r), NULL) +#define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL) +#endif /*- * The error code packs differently depending on if it records a system @@ -215,28 +217,28 @@ */ /* Macros to help decode recorded system errors */ -# define ERR_SYSTEM_FLAG ((unsigned int)INT_MAX + 1) -# define ERR_SYSTEM_MASK ((unsigned int)INT_MAX) +#define ERR_SYSTEM_FLAG ((unsigned int)INT_MAX + 1) +#define ERR_SYSTEM_MASK ((unsigned int)INT_MAX) /* * Macros to help decode recorded OpenSSL errors * As expressed above, RFLAGS and REASON overlap by one bit to allow * ERR_R_FATAL to use ERR_RFLAG_FATAL as its reason code. */ -# define ERR_LIB_OFFSET 23L -# define ERR_LIB_MASK 0xFF -# define ERR_RFLAGS_OFFSET 18L -# define ERR_RFLAGS_MASK 0x1F -# define ERR_REASON_MASK 0X7FFFFF +#define ERR_LIB_OFFSET 23L +#define ERR_LIB_MASK 0xFF +#define ERR_RFLAGS_OFFSET 18L +#define ERR_RFLAGS_MASK 0x1F +#define ERR_REASON_MASK 0X7FFFFF /* * Reason flags are defined pre-shifted to easily combine with the reason * number. */ -# define ERR_RFLAG_FATAL (0x1 << ERR_RFLAGS_OFFSET) -# define ERR_RFLAG_COMMON (0x2 << ERR_RFLAGS_OFFSET) +#define ERR_RFLAG_FATAL (0x1 << ERR_RFLAGS_OFFSET) +#define ERR_RFLAG_COMMON (0x2 << ERR_RFLAGS_OFFSET) -# define ERR_SYSTEM_ERROR(errcode) (((errcode) & ERR_SYSTEM_FLAG) != 0) +#define ERR_SYSTEM_ERROR(errcode) (((errcode) & ERR_SYSTEM_FLAG) != 0) static ossl_unused ossl_inline int ERR_GET_LIB(unsigned long errcode) { @@ -275,102 +277,102 @@ * ERR_PACK takes reason flags and reason code combined in |reason|. * ERR_PACK ignores |func|, that parameter is just legacy from pre-3.0 OpenSSL. */ -# define ERR_PACK(lib,func,reason) \ - ( (((unsigned long)(lib) & ERR_LIB_MASK ) << ERR_LIB_OFFSET) | \ - (((unsigned long)(reason) & ERR_REASON_MASK)) ) - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SYS_F_FOPEN 0 -# define SYS_F_CONNECT 0 -# define SYS_F_GETSERVBYNAME 0 -# define SYS_F_SOCKET 0 -# define SYS_F_IOCTLSOCKET 0 -# define SYS_F_BIND 0 -# define SYS_F_LISTEN 0 -# define SYS_F_ACCEPT 0 -# define SYS_F_WSASTARTUP 0 -# define SYS_F_OPENDIR 0 -# define SYS_F_FREAD 0 -# define SYS_F_GETADDRINFO 0 -# define SYS_F_GETNAMEINFO 0 -# define SYS_F_SETSOCKOPT 0 -# define SYS_F_GETSOCKOPT 0 -# define SYS_F_GETSOCKNAME 0 -# define SYS_F_GETHOSTBYNAME 0 -# define SYS_F_FFLUSH 0 -# define SYS_F_OPEN 0 -# define SYS_F_CLOSE 0 -# define SYS_F_IOCTL 0 -# define SYS_F_STAT 0 -# define SYS_F_FCNTL 0 -# define SYS_F_FSTAT 0 -# define SYS_F_SENDFILE 0 -# endif +#define ERR_PACK(lib, func, reason) \ + ((((unsigned long)(lib) & ERR_LIB_MASK) << ERR_LIB_OFFSET) | (((unsigned long)(reason) & ERR_REASON_MASK))) + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SYS_F_FOPEN 0 +#define SYS_F_CONNECT 0 +#define SYS_F_GETSERVBYNAME 0 +#define SYS_F_SOCKET 0 +#define SYS_F_IOCTLSOCKET 0 +#define SYS_F_BIND 0 +#define SYS_F_LISTEN 0 +#define SYS_F_ACCEPT 0 +#define SYS_F_WSASTARTUP 0 +#define SYS_F_OPENDIR 0 +#define SYS_F_FREAD 0 +#define SYS_F_GETADDRINFO 0 +#define SYS_F_GETNAMEINFO 0 +#define SYS_F_SETSOCKOPT 0 +#define SYS_F_GETSOCKOPT 0 +#define SYS_F_GETSOCKNAME 0 +#define SYS_F_GETHOSTBYNAME 0 +#define SYS_F_FFLUSH 0 +#define SYS_F_OPEN 0 +#define SYS_F_CLOSE 0 +#define SYS_F_IOCTL 0 +#define SYS_F_STAT 0 +#define SYS_F_FCNTL 0 +#define SYS_F_FSTAT 0 +#define SYS_F_SENDFILE 0 +#endif /* * All ERR_R_ codes must be combined with ERR_RFLAG_COMMON. */ /* "we came from here" global reason codes, range 1..255 */ -# define ERR_R_SYS_LIB (ERR_LIB_SYS/* 2 */ | ERR_RFLAG_COMMON) -# define ERR_R_BN_LIB (ERR_LIB_BN/* 3 */ | ERR_RFLAG_COMMON) -# define ERR_R_RSA_LIB (ERR_LIB_RSA/* 4 */ | ERR_RFLAG_COMMON) -# define ERR_R_DH_LIB (ERR_LIB_DH/* 5 */ | ERR_RFLAG_COMMON) -# define ERR_R_EVP_LIB (ERR_LIB_EVP/* 6 */ | ERR_RFLAG_COMMON) -# define ERR_R_BUF_LIB (ERR_LIB_BUF/* 7 */ | ERR_RFLAG_COMMON) -# define ERR_R_OBJ_LIB (ERR_LIB_OBJ/* 8 */ | ERR_RFLAG_COMMON) -# define ERR_R_PEM_LIB (ERR_LIB_PEM/* 9 */ | ERR_RFLAG_COMMON) -# define ERR_R_DSA_LIB (ERR_LIB_DSA/* 10 */ | ERR_RFLAG_COMMON) -# define ERR_R_X509_LIB (ERR_LIB_X509/* 11 */ | ERR_RFLAG_COMMON) -# define ERR_R_ASN1_LIB (ERR_LIB_ASN1/* 13 */ | ERR_RFLAG_COMMON) -# define ERR_R_CONF_LIB (ERR_LIB_CONF/* 14 */ | ERR_RFLAG_COMMON) -# define ERR_R_CRYPTO_LIB (ERR_LIB_CRYPTO/* 15 */ | ERR_RFLAG_COMMON) -# define ERR_R_EC_LIB (ERR_LIB_EC/* 16 */ | ERR_RFLAG_COMMON) -# define ERR_R_SSL_LIB (ERR_LIB_SSL/* 20 */ | ERR_RFLAG_COMMON) -# define ERR_R_BIO_LIB (ERR_LIB_BIO/* 32 */ | ERR_RFLAG_COMMON) -# define ERR_R_PKCS7_LIB (ERR_LIB_PKCS7/* 33 */ | ERR_RFLAG_COMMON) -# define ERR_R_X509V3_LIB (ERR_LIB_X509V3/* 34 */ | ERR_RFLAG_COMMON) -# define ERR_R_PKCS12_LIB (ERR_LIB_PKCS12/* 35 */ | ERR_RFLAG_COMMON) -# define ERR_R_RAND_LIB (ERR_LIB_RAND/* 36 */ | ERR_RFLAG_COMMON) -# define ERR_R_DSO_LIB (ERR_LIB_DSO/* 37 */ | ERR_RFLAG_COMMON) -# define ERR_R_ENGINE_LIB (ERR_LIB_ENGINE/* 38 */ | ERR_RFLAG_COMMON) -# define ERR_R_UI_LIB (ERR_LIB_UI/* 40 */ | ERR_RFLAG_COMMON) -# define ERR_R_ECDSA_LIB (ERR_LIB_ECDSA/* 42 */ | ERR_RFLAG_COMMON) -# define ERR_R_OSSL_STORE_LIB (ERR_LIB_OSSL_STORE/* 44 */ | ERR_RFLAG_COMMON) -# define ERR_R_CMS_LIB (ERR_LIB_CMS/* 46 */ | ERR_RFLAG_COMMON) -# define ERR_R_TS_LIB (ERR_LIB_TS/* 47 */ | ERR_RFLAG_COMMON) -# define ERR_R_CT_LIB (ERR_LIB_CT/* 50 */ | ERR_RFLAG_COMMON) -# define ERR_R_PROV_LIB (ERR_LIB_PROV/* 57 */ | ERR_RFLAG_COMMON) -# define ERR_R_ESS_LIB (ERR_LIB_ESS/* 54 */ | ERR_RFLAG_COMMON) -# define ERR_R_CMP_LIB (ERR_LIB_CMP/* 58 */ | ERR_RFLAG_COMMON) -# define ERR_R_OSSL_ENCODER_LIB (ERR_LIB_OSSL_ENCODER/* 59 */ | ERR_RFLAG_COMMON) -# define ERR_R_OSSL_DECODER_LIB (ERR_LIB_OSSL_DECODER/* 60 */ | ERR_RFLAG_COMMON) +#define ERR_R_SYS_LIB (ERR_LIB_SYS /* 2 */ | ERR_RFLAG_COMMON) +#define ERR_R_BN_LIB (ERR_LIB_BN /* 3 */ | ERR_RFLAG_COMMON) +#define ERR_R_RSA_LIB (ERR_LIB_RSA /* 4 */ | ERR_RFLAG_COMMON) +#define ERR_R_DH_LIB (ERR_LIB_DH /* 5 */ | ERR_RFLAG_COMMON) +#define ERR_R_EVP_LIB (ERR_LIB_EVP /* 6 */ | ERR_RFLAG_COMMON) +#define ERR_R_BUF_LIB (ERR_LIB_BUF /* 7 */ | ERR_RFLAG_COMMON) +#define ERR_R_OBJ_LIB (ERR_LIB_OBJ /* 8 */ | ERR_RFLAG_COMMON) +#define ERR_R_PEM_LIB (ERR_LIB_PEM /* 9 */ | ERR_RFLAG_COMMON) +#define ERR_R_DSA_LIB (ERR_LIB_DSA /* 10 */ | ERR_RFLAG_COMMON) +#define ERR_R_X509_LIB (ERR_LIB_X509 /* 11 */ | ERR_RFLAG_COMMON) +#define ERR_R_ASN1_LIB (ERR_LIB_ASN1 /* 13 */ | ERR_RFLAG_COMMON) +#define ERR_R_CONF_LIB (ERR_LIB_CONF /* 14 */ | ERR_RFLAG_COMMON) +#define ERR_R_CRYPTO_LIB (ERR_LIB_CRYPTO /* 15 */ | ERR_RFLAG_COMMON) +#define ERR_R_EC_LIB (ERR_LIB_EC /* 16 */ | ERR_RFLAG_COMMON) +#define ERR_R_SSL_LIB (ERR_LIB_SSL /* 20 */ | ERR_RFLAG_COMMON) +#define ERR_R_BIO_LIB (ERR_LIB_BIO /* 32 */ | ERR_RFLAG_COMMON) +#define ERR_R_PKCS7_LIB (ERR_LIB_PKCS7 /* 33 */ | ERR_RFLAG_COMMON) +#define ERR_R_X509V3_LIB (ERR_LIB_X509V3 /* 34 */ | ERR_RFLAG_COMMON) +#define ERR_R_PKCS12_LIB (ERR_LIB_PKCS12 /* 35 */ | ERR_RFLAG_COMMON) +#define ERR_R_RAND_LIB (ERR_LIB_RAND /* 36 */ | ERR_RFLAG_COMMON) +#define ERR_R_DSO_LIB (ERR_LIB_DSO /* 37 */ | ERR_RFLAG_COMMON) +#define ERR_R_ENGINE_LIB (ERR_LIB_ENGINE /* 38 */ | ERR_RFLAG_COMMON) +#define ERR_R_UI_LIB (ERR_LIB_UI /* 40 */ | ERR_RFLAG_COMMON) +#define ERR_R_ECDSA_LIB (ERR_LIB_ECDSA /* 42 */ | ERR_RFLAG_COMMON) +#define ERR_R_OSSL_STORE_LIB (ERR_LIB_OSSL_STORE /* 44 */ | ERR_RFLAG_COMMON) +#define ERR_R_CMS_LIB (ERR_LIB_CMS /* 46 */ | ERR_RFLAG_COMMON) +#define ERR_R_TS_LIB (ERR_LIB_TS /* 47 */ | ERR_RFLAG_COMMON) +#define ERR_R_CT_LIB (ERR_LIB_CT /* 50 */ | ERR_RFLAG_COMMON) +#define ERR_R_PROV_LIB (ERR_LIB_PROV /* 57 */ | ERR_RFLAG_COMMON) +#define ERR_R_ESS_LIB (ERR_LIB_ESS /* 54 */ | ERR_RFLAG_COMMON) +#define ERR_R_CMP_LIB (ERR_LIB_CMP /* 58 */ | ERR_RFLAG_COMMON) +#define ERR_R_OSSL_ENCODER_LIB (ERR_LIB_OSSL_ENCODER /* 59 */ | ERR_RFLAG_COMMON) +#define ERR_R_OSSL_DECODER_LIB (ERR_LIB_OSSL_DECODER /* 60 */ | ERR_RFLAG_COMMON) /* Other common error codes, range 256..2^ERR_RFLAGS_OFFSET-1 */ -# define ERR_R_FATAL (ERR_RFLAG_FATAL|ERR_RFLAG_COMMON) -# define ERR_R_MALLOC_FAILURE (256|ERR_R_FATAL) -# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (257|ERR_R_FATAL) -# define ERR_R_PASSED_NULL_PARAMETER (258|ERR_R_FATAL) -# define ERR_R_INTERNAL_ERROR (259|ERR_R_FATAL) -# define ERR_R_DISABLED (260|ERR_R_FATAL) -# define ERR_R_INIT_FAIL (261|ERR_R_FATAL) -# define ERR_R_PASSED_INVALID_ARGUMENT (262|ERR_RFLAG_COMMON) -# define ERR_R_OPERATION_FAIL (263|ERR_R_FATAL) -# define ERR_R_INVALID_PROVIDER_FUNCTIONS (264|ERR_R_FATAL) -# define ERR_R_INTERRUPTED_OR_CANCELLED (265|ERR_RFLAG_COMMON) -# define ERR_R_NESTED_ASN1_ERROR (266|ERR_RFLAG_COMMON) -# define ERR_R_MISSING_ASN1_EOS (267|ERR_RFLAG_COMMON) -# define ERR_R_UNSUPPORTED (268|ERR_RFLAG_COMMON) -# define ERR_R_FETCH_FAILED (269|ERR_RFLAG_COMMON) -# define ERR_R_INVALID_PROPERTY_DEFINITION (270|ERR_RFLAG_COMMON) -# define ERR_R_UNABLE_TO_GET_READ_LOCK (271|ERR_R_FATAL) -# define ERR_R_UNABLE_TO_GET_WRITE_LOCK (272|ERR_R_FATAL) +#define ERR_R_FATAL (ERR_RFLAG_FATAL | ERR_RFLAG_COMMON) +#define ERR_R_MALLOC_FAILURE (256 | ERR_R_FATAL) +#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (257 | ERR_R_FATAL) +#define ERR_R_PASSED_NULL_PARAMETER (258 | ERR_R_FATAL) +#define ERR_R_INTERNAL_ERROR (259 | ERR_R_FATAL) +#define ERR_R_DISABLED (260 | ERR_R_FATAL) +#define ERR_R_INIT_FAIL (261 | ERR_R_FATAL) +#define ERR_R_PASSED_INVALID_ARGUMENT (262 | ERR_RFLAG_COMMON) +#define ERR_R_OPERATION_FAIL (263 | ERR_R_FATAL) +#define ERR_R_INVALID_PROVIDER_FUNCTIONS (264 | ERR_R_FATAL) +#define ERR_R_INTERRUPTED_OR_CANCELLED (265 | ERR_RFLAG_COMMON) +#define ERR_R_NESTED_ASN1_ERROR (266 | ERR_RFLAG_COMMON) +#define ERR_R_MISSING_ASN1_EOS (267 | ERR_RFLAG_COMMON) +#define ERR_R_UNSUPPORTED (268 | ERR_RFLAG_COMMON) +#define ERR_R_FETCH_FAILED (269 | ERR_RFLAG_COMMON) +#define ERR_R_INVALID_PROPERTY_DEFINITION (270 | ERR_RFLAG_COMMON) +#define ERR_R_UNABLE_TO_GET_READ_LOCK (271 | ERR_R_FATAL) +#define ERR_R_UNABLE_TO_GET_WRITE_LOCK (272 | ERR_R_FATAL) typedef struct ERR_string_data_st { unsigned long error; const char *string; } ERR_STRING_DATA; +/* clang-format off */ DEFINE_LHASH_OF_INTERNAL(ERR_STRING_DATA); #define lh_ERR_STRING_DATA_new(hfn, cmp) ((LHASH_OF(ERR_STRING_DATA) *)OPENSSL_LH_new(ossl_check_ERR_STRING_DATA_lh_hashfunc_type(hfn), ossl_check_ERR_STRING_DATA_lh_compfunc_type(cmp))) #define lh_ERR_STRING_DATA_free(lh) OPENSSL_LH_free(ossl_check_ERR_STRING_DATA_lh_type(lh)) @@ -387,9 +389,10 @@ #define lh_ERR_STRING_DATA_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_ERR_STRING_DATA_lh_type(lh), dl) #define lh_ERR_STRING_DATA_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_ERR_STRING_DATA_lh_doallfunc_type(dfn)) +/* clang-format on */ /* 12 lines and some on an 80 column terminal */ -#define ERR_MAX_DATA_SIZE 1024 +#define ERR_MAX_DATA_SIZE 1024 /* Building blocks */ void ERR_new(void); @@ -398,73 +401,73 @@ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); /* Main error raising functions */ -# define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL) -# define ERR_raise_data \ - (ERR_new(), \ - ERR_set_debug(OPENSSL_FILE,OPENSSL_LINE,OPENSSL_FUNC), \ - ERR_set_error) +#define ERR_raise(lib, reason) ERR_raise_data((lib), (reason), NULL) +#define ERR_raise_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ + ERR_set_error) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Backward compatibility */ -# define ERR_put_error(lib, func, reason, file, line) \ - (ERR_new(), \ - ERR_set_debug((file), (line), OPENSSL_FUNC), \ - ERR_set_error((lib), (reason), NULL)) -# endif +#define ERR_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug((file), (line), OPENSSL_FUNC), \ + ERR_set_error((lib), (reason), NULL)) +#endif void ERR_set_error_data(char *data, int flags); unsigned long ERR_get_error(void); unsigned long ERR_get_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + const char **func, + const char **data, int *flags); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 unsigned long ERR_get_error_line(const char **file, int *line); OSSL_DEPRECATEDIN_3_0 unsigned long ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags); + const char **data, int *flags); #endif unsigned long ERR_peek_error(void); unsigned long ERR_peek_error_line(const char **file, int *line); unsigned long ERR_peek_error_func(const char **func); unsigned long ERR_peek_error_data(const char **data, int *flags); unsigned long ERR_peek_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + const char **func, + const char **data, int *flags); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 unsigned long ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags); -# endif + const char **data, int *flags); +#endif unsigned long ERR_peek_last_error(void); unsigned long ERR_peek_last_error_line(const char **file, int *line); unsigned long ERR_peek_last_error_func(const char **func); unsigned long ERR_peek_last_error_data(const char **data, int *flags); unsigned long ERR_peek_last_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + const char **func, + const char **data, int *flags); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 unsigned long ERR_peek_last_error_line_data(const char **file, int *line, - const char **data, int *flags); -# endif + const char **data, int *flags); +#endif void ERR_clear_error(void); char *ERR_error_string(unsigned long e, char *buf); void ERR_error_string_n(unsigned long e, char *buf, size_t len); const char *ERR_lib_error_string(unsigned long e); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const char *ERR_func_error_string(unsigned long e); -# endif +#endif const char *ERR_reason_error_string(unsigned long e); -void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), - void *u); -# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), + void *u); +#ifndef OPENSSL_NO_STDIO void ERR_print_errors_fp(FILE *fp); -# endif +#endif void ERR_print_errors(BIO *bp); void ERR_add_error_data(int num, ...); @@ -477,9 +480,11 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define ERR_load_crypto_strings() \ +#define ERR_load_crypto_strings() \ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) -# define ERR_free_strings() while(0) continue +#define ERR_free_strings() \ + while (0) \ + continue #endif #ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 void ERR_remove_thread_state(void *); @@ -497,7 +502,7 @@ int ERR_pop_to_mark(void); int ERR_clear_last_mark(void); -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/err.h.in.orig +++ crypto/openssl/include/openssl/err.h.in @@ -7,54 +7,56 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_lhash_macros); -} +/* clang-format on */ #ifndef OPENSSL_ERR_H -# define OPENSSL_ERR_H -# pragma once +#define OPENSSL_ERR_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ERR_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ERR_H +#endif -# include +#include -# ifndef OPENSSL_NO_STDIO -# include -# include -# endif +#ifndef OPENSSL_NO_STDIO +#include +#include +#endif -# include -# include -# include -# include +#include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_FILENAMES -# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,fn,ln) -# else -# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,NULL,0) -# endif -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_FILENAMES +#define ERR_PUT_error(l, f, r, fn, ln) ERR_put_error(l, f, r, fn, ln) +#else +#define ERR_PUT_error(l, f, r, fn, ln) ERR_put_error(l, f, r, NULL, 0) +#endif +#endif -# include -# include +#include +#include -# define ERR_TXT_MALLOCED 0x01 -# define ERR_TXT_STRING 0x02 +#define ERR_TXT_MALLOCED 0x01 +#define ERR_TXT_STRING 0x02 -# if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE) -# define ERR_FLAG_MARK 0x01 -# define ERR_FLAG_CLEAR 0x02 +#if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE) +#define ERR_FLAG_MARK 0x01 +#define ERR_FLAG_CLEAR 0x02 -# define ERR_NUM_ERRORS 16 +#define ERR_NUM_ERRORS 16 struct err_state_st { int err_flags[ERR_NUM_ERRORS]; int err_marks[ERR_NUM_ERRORS]; @@ -67,109 +69,109 @@ char *err_func[ERR_NUM_ERRORS]; int top, bottom; }; -# endif +#endif /* library */ -# define ERR_LIB_NONE 1 -# define ERR_LIB_SYS 2 -# define ERR_LIB_BN 3 -# define ERR_LIB_RSA 4 -# define ERR_LIB_DH 5 -# define ERR_LIB_EVP 6 -# define ERR_LIB_BUF 7 -# define ERR_LIB_OBJ 8 -# define ERR_LIB_PEM 9 -# define ERR_LIB_DSA 10 -# define ERR_LIB_X509 11 +#define ERR_LIB_NONE 1 +#define ERR_LIB_SYS 2 +#define ERR_LIB_BN 3 +#define ERR_LIB_RSA 4 +#define ERR_LIB_DH 5 +#define ERR_LIB_EVP 6 +#define ERR_LIB_BUF 7 +#define ERR_LIB_OBJ 8 +#define ERR_LIB_PEM 9 +#define ERR_LIB_DSA 10 +#define ERR_LIB_X509 11 /* #define ERR_LIB_METH 12 */ -# define ERR_LIB_ASN1 13 -# define ERR_LIB_CONF 14 -# define ERR_LIB_CRYPTO 15 -# define ERR_LIB_EC 16 -# define ERR_LIB_SSL 20 +#define ERR_LIB_ASN1 13 +#define ERR_LIB_CONF 14 +#define ERR_LIB_CRYPTO 15 +#define ERR_LIB_EC 16 +#define ERR_LIB_SSL 20 /* #define ERR_LIB_SSL23 21 */ /* #define ERR_LIB_SSL2 22 */ /* #define ERR_LIB_SSL3 23 */ /* #define ERR_LIB_RSAREF 30 */ /* #define ERR_LIB_PROXY 31 */ -# define ERR_LIB_BIO 32 -# define ERR_LIB_PKCS7 33 -# define ERR_LIB_X509V3 34 -# define ERR_LIB_PKCS12 35 -# define ERR_LIB_RAND 36 -# define ERR_LIB_DSO 37 -# define ERR_LIB_ENGINE 38 -# define ERR_LIB_OCSP 39 -# define ERR_LIB_UI 40 -# define ERR_LIB_COMP 41 -# define ERR_LIB_ECDSA 42 -# define ERR_LIB_ECDH 43 -# define ERR_LIB_OSSL_STORE 44 -# define ERR_LIB_FIPS 45 -# define ERR_LIB_CMS 46 -# define ERR_LIB_TS 47 -# define ERR_LIB_HMAC 48 +#define ERR_LIB_BIO 32 +#define ERR_LIB_PKCS7 33 +#define ERR_LIB_X509V3 34 +#define ERR_LIB_PKCS12 35 +#define ERR_LIB_RAND 36 +#define ERR_LIB_DSO 37 +#define ERR_LIB_ENGINE 38 +#define ERR_LIB_OCSP 39 +#define ERR_LIB_UI 40 +#define ERR_LIB_COMP 41 +#define ERR_LIB_ECDSA 42 +#define ERR_LIB_ECDH 43 +#define ERR_LIB_OSSL_STORE 44 +#define ERR_LIB_FIPS 45 +#define ERR_LIB_CMS 46 +#define ERR_LIB_TS 47 +#define ERR_LIB_HMAC 48 /* # define ERR_LIB_JPAKE 49 */ -# define ERR_LIB_CT 50 -# define ERR_LIB_ASYNC 51 -# define ERR_LIB_KDF 52 -# define ERR_LIB_SM2 53 -# define ERR_LIB_ESS 54 -# define ERR_LIB_PROP 55 -# define ERR_LIB_CRMF 56 -# define ERR_LIB_PROV 57 -# define ERR_LIB_CMP 58 -# define ERR_LIB_OSSL_ENCODER 59 -# define ERR_LIB_OSSL_DECODER 60 -# define ERR_LIB_HTTP 61 - -# define ERR_LIB_USER 128 - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define ASN1err(f, r) ERR_raise_data(ERR_LIB_ASN1, (r), NULL) -# define ASYNCerr(f, r) ERR_raise_data(ERR_LIB_ASYNC, (r), NULL) -# define BIOerr(f, r) ERR_raise_data(ERR_LIB_BIO, (r), NULL) -# define BNerr(f, r) ERR_raise_data(ERR_LIB_BN, (r), NULL) -# define BUFerr(f, r) ERR_raise_data(ERR_LIB_BUF, (r), NULL) -# define CMPerr(f, r) ERR_raise_data(ERR_LIB_CMP, (r), NULL) -# define CMSerr(f, r) ERR_raise_data(ERR_LIB_CMS, (r), NULL) -# define COMPerr(f, r) ERR_raise_data(ERR_LIB_COMP, (r), NULL) -# define CONFerr(f, r) ERR_raise_data(ERR_LIB_CONF, (r), NULL) -# define CRMFerr(f, r) ERR_raise_data(ERR_LIB_CRMF, (r), NULL) -# define CRYPTOerr(f, r) ERR_raise_data(ERR_LIB_CRYPTO, (r), NULL) -# define CTerr(f, r) ERR_raise_data(ERR_LIB_CT, (r), NULL) -# define DHerr(f, r) ERR_raise_data(ERR_LIB_DH, (r), NULL) -# define DSAerr(f, r) ERR_raise_data(ERR_LIB_DSA, (r), NULL) -# define DSOerr(f, r) ERR_raise_data(ERR_LIB_DSO, (r), NULL) -# define ECDHerr(f, r) ERR_raise_data(ERR_LIB_ECDH, (r), NULL) -# define ECDSAerr(f, r) ERR_raise_data(ERR_LIB_ECDSA, (r), NULL) -# define ECerr(f, r) ERR_raise_data(ERR_LIB_EC, (r), NULL) -# define ENGINEerr(f, r) ERR_raise_data(ERR_LIB_ENGINE, (r), NULL) -# define ESSerr(f, r) ERR_raise_data(ERR_LIB_ESS, (r), NULL) -# define EVPerr(f, r) ERR_raise_data(ERR_LIB_EVP, (r), NULL) -# define FIPSerr(f, r) ERR_raise_data(ERR_LIB_FIPS, (r), NULL) -# define HMACerr(f, r) ERR_raise_data(ERR_LIB_HMAC, (r), NULL) -# define HTTPerr(f, r) ERR_raise_data(ERR_LIB_HTTP, (r), NULL) -# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) -# define OBJerr(f, r) ERR_raise_data(ERR_LIB_OBJ, (r), NULL) -# define OCSPerr(f, r) ERR_raise_data(ERR_LIB_OCSP, (r), NULL) -# define OSSL_STOREerr(f, r) ERR_raise_data(ERR_LIB_OSSL_STORE, (r), NULL) -# define PEMerr(f, r) ERR_raise_data(ERR_LIB_PEM, (r), NULL) -# define PKCS12err(f, r) ERR_raise_data(ERR_LIB_PKCS12, (r), NULL) -# define PKCS7err(f, r) ERR_raise_data(ERR_LIB_PKCS7, (r), NULL) -# define PROPerr(f, r) ERR_raise_data(ERR_LIB_PROP, (r), NULL) -# define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL) -# define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL) -# define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL) -# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) -# define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL) -# define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL) -# define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL) -# define TSerr(f, r) ERR_raise_data(ERR_LIB_TS, (r), NULL) -# define UIerr(f, r) ERR_raise_data(ERR_LIB_UI, (r), NULL) -# define X509V3err(f, r) ERR_raise_data(ERR_LIB_X509V3, (r), NULL) -# define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL) -# endif +#define ERR_LIB_CT 50 +#define ERR_LIB_ASYNC 51 +#define ERR_LIB_KDF 52 +#define ERR_LIB_SM2 53 +#define ERR_LIB_ESS 54 +#define ERR_LIB_PROP 55 +#define ERR_LIB_CRMF 56 +#define ERR_LIB_PROV 57 +#define ERR_LIB_CMP 58 +#define ERR_LIB_OSSL_ENCODER 59 +#define ERR_LIB_OSSL_DECODER 60 +#define ERR_LIB_HTTP 61 + +#define ERR_LIB_USER 128 + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define ASN1err(f, r) ERR_raise_data(ERR_LIB_ASN1, (r), NULL) +#define ASYNCerr(f, r) ERR_raise_data(ERR_LIB_ASYNC, (r), NULL) +#define BIOerr(f, r) ERR_raise_data(ERR_LIB_BIO, (r), NULL) +#define BNerr(f, r) ERR_raise_data(ERR_LIB_BN, (r), NULL) +#define BUFerr(f, r) ERR_raise_data(ERR_LIB_BUF, (r), NULL) +#define CMPerr(f, r) ERR_raise_data(ERR_LIB_CMP, (r), NULL) +#define CMSerr(f, r) ERR_raise_data(ERR_LIB_CMS, (r), NULL) +#define COMPerr(f, r) ERR_raise_data(ERR_LIB_COMP, (r), NULL) +#define CONFerr(f, r) ERR_raise_data(ERR_LIB_CONF, (r), NULL) +#define CRMFerr(f, r) ERR_raise_data(ERR_LIB_CRMF, (r), NULL) +#define CRYPTOerr(f, r) ERR_raise_data(ERR_LIB_CRYPTO, (r), NULL) +#define CTerr(f, r) ERR_raise_data(ERR_LIB_CT, (r), NULL) +#define DHerr(f, r) ERR_raise_data(ERR_LIB_DH, (r), NULL) +#define DSAerr(f, r) ERR_raise_data(ERR_LIB_DSA, (r), NULL) +#define DSOerr(f, r) ERR_raise_data(ERR_LIB_DSO, (r), NULL) +#define ECDHerr(f, r) ERR_raise_data(ERR_LIB_ECDH, (r), NULL) +#define ECDSAerr(f, r) ERR_raise_data(ERR_LIB_ECDSA, (r), NULL) +#define ECerr(f, r) ERR_raise_data(ERR_LIB_EC, (r), NULL) +#define ENGINEerr(f, r) ERR_raise_data(ERR_LIB_ENGINE, (r), NULL) +#define ESSerr(f, r) ERR_raise_data(ERR_LIB_ESS, (r), NULL) +#define EVPerr(f, r) ERR_raise_data(ERR_LIB_EVP, (r), NULL) +#define FIPSerr(f, r) ERR_raise_data(ERR_LIB_FIPS, (r), NULL) +#define HMACerr(f, r) ERR_raise_data(ERR_LIB_HMAC, (r), NULL) +#define HTTPerr(f, r) ERR_raise_data(ERR_LIB_HTTP, (r), NULL) +#define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +#define OBJerr(f, r) ERR_raise_data(ERR_LIB_OBJ, (r), NULL) +#define OCSPerr(f, r) ERR_raise_data(ERR_LIB_OCSP, (r), NULL) +#define OSSL_STOREerr(f, r) ERR_raise_data(ERR_LIB_OSSL_STORE, (r), NULL) +#define PEMerr(f, r) ERR_raise_data(ERR_LIB_PEM, (r), NULL) +#define PKCS12err(f, r) ERR_raise_data(ERR_LIB_PKCS12, (r), NULL) +#define PKCS7err(f, r) ERR_raise_data(ERR_LIB_PKCS7, (r), NULL) +#define PROPerr(f, r) ERR_raise_data(ERR_LIB_PROP, (r), NULL) +#define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL) +#define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL) +#define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL) +#define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +#define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL) +#define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL) +#define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL) +#define TSerr(f, r) ERR_raise_data(ERR_LIB_TS, (r), NULL) +#define UIerr(f, r) ERR_raise_data(ERR_LIB_UI, (r), NULL) +#define X509V3err(f, r) ERR_raise_data(ERR_LIB_X509V3, (r), NULL) +#define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL) +#endif /*- * The error code packs differently depending on if it records a system @@ -217,28 +219,28 @@ */ /* Macros to help decode recorded system errors */ -# define ERR_SYSTEM_FLAG ((unsigned int)INT_MAX + 1) -# define ERR_SYSTEM_MASK ((unsigned int)INT_MAX) +#define ERR_SYSTEM_FLAG ((unsigned int)INT_MAX + 1) +#define ERR_SYSTEM_MASK ((unsigned int)INT_MAX) /* * Macros to help decode recorded OpenSSL errors * As expressed above, RFLAGS and REASON overlap by one bit to allow * ERR_R_FATAL to use ERR_RFLAG_FATAL as its reason code. */ -# define ERR_LIB_OFFSET 23L -# define ERR_LIB_MASK 0xFF -# define ERR_RFLAGS_OFFSET 18L -# define ERR_RFLAGS_MASK 0x1F -# define ERR_REASON_MASK 0X7FFFFF +#define ERR_LIB_OFFSET 23L +#define ERR_LIB_MASK 0xFF +#define ERR_RFLAGS_OFFSET 18L +#define ERR_RFLAGS_MASK 0x1F +#define ERR_REASON_MASK 0X7FFFFF /* * Reason flags are defined pre-shifted to easily combine with the reason * number. */ -# define ERR_RFLAG_FATAL (0x1 << ERR_RFLAGS_OFFSET) -# define ERR_RFLAG_COMMON (0x2 << ERR_RFLAGS_OFFSET) +#define ERR_RFLAG_FATAL (0x1 << ERR_RFLAGS_OFFSET) +#define ERR_RFLAG_COMMON (0x2 << ERR_RFLAGS_OFFSET) -# define ERR_SYSTEM_ERROR(errcode) (((errcode) & ERR_SYSTEM_FLAG) != 0) +#define ERR_SYSTEM_ERROR(errcode) (((errcode) & ERR_SYSTEM_FLAG) != 0) static ossl_unused ossl_inline int ERR_GET_LIB(unsigned long errcode) { @@ -277,108 +279,109 @@ * ERR_PACK takes reason flags and reason code combined in |reason|. * ERR_PACK ignores |func|, that parameter is just legacy from pre-3.0 OpenSSL. */ -# define ERR_PACK(lib,func,reason) \ - ( (((unsigned long)(lib) & ERR_LIB_MASK ) << ERR_LIB_OFFSET) | \ - (((unsigned long)(reason) & ERR_REASON_MASK)) ) - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SYS_F_FOPEN 0 -# define SYS_F_CONNECT 0 -# define SYS_F_GETSERVBYNAME 0 -# define SYS_F_SOCKET 0 -# define SYS_F_IOCTLSOCKET 0 -# define SYS_F_BIND 0 -# define SYS_F_LISTEN 0 -# define SYS_F_ACCEPT 0 -# define SYS_F_WSASTARTUP 0 -# define SYS_F_OPENDIR 0 -# define SYS_F_FREAD 0 -# define SYS_F_GETADDRINFO 0 -# define SYS_F_GETNAMEINFO 0 -# define SYS_F_SETSOCKOPT 0 -# define SYS_F_GETSOCKOPT 0 -# define SYS_F_GETSOCKNAME 0 -# define SYS_F_GETHOSTBYNAME 0 -# define SYS_F_FFLUSH 0 -# define SYS_F_OPEN 0 -# define SYS_F_CLOSE 0 -# define SYS_F_IOCTL 0 -# define SYS_F_STAT 0 -# define SYS_F_FCNTL 0 -# define SYS_F_FSTAT 0 -# define SYS_F_SENDFILE 0 -# endif +#define ERR_PACK(lib, func, reason) \ + ((((unsigned long)(lib) & ERR_LIB_MASK) << ERR_LIB_OFFSET) | (((unsigned long)(reason) & ERR_REASON_MASK))) + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SYS_F_FOPEN 0 +#define SYS_F_CONNECT 0 +#define SYS_F_GETSERVBYNAME 0 +#define SYS_F_SOCKET 0 +#define SYS_F_IOCTLSOCKET 0 +#define SYS_F_BIND 0 +#define SYS_F_LISTEN 0 +#define SYS_F_ACCEPT 0 +#define SYS_F_WSASTARTUP 0 +#define SYS_F_OPENDIR 0 +#define SYS_F_FREAD 0 +#define SYS_F_GETADDRINFO 0 +#define SYS_F_GETNAMEINFO 0 +#define SYS_F_SETSOCKOPT 0 +#define SYS_F_GETSOCKOPT 0 +#define SYS_F_GETSOCKNAME 0 +#define SYS_F_GETHOSTBYNAME 0 +#define SYS_F_FFLUSH 0 +#define SYS_F_OPEN 0 +#define SYS_F_CLOSE 0 +#define SYS_F_IOCTL 0 +#define SYS_F_STAT 0 +#define SYS_F_FCNTL 0 +#define SYS_F_FSTAT 0 +#define SYS_F_SENDFILE 0 +#endif /* * All ERR_R_ codes must be combined with ERR_RFLAG_COMMON. */ /* "we came from here" global reason codes, range 1..255 */ -# define ERR_R_SYS_LIB (ERR_LIB_SYS/* 2 */ | ERR_RFLAG_COMMON) -# define ERR_R_BN_LIB (ERR_LIB_BN/* 3 */ | ERR_RFLAG_COMMON) -# define ERR_R_RSA_LIB (ERR_LIB_RSA/* 4 */ | ERR_RFLAG_COMMON) -# define ERR_R_DH_LIB (ERR_LIB_DH/* 5 */ | ERR_RFLAG_COMMON) -# define ERR_R_EVP_LIB (ERR_LIB_EVP/* 6 */ | ERR_RFLAG_COMMON) -# define ERR_R_BUF_LIB (ERR_LIB_BUF/* 7 */ | ERR_RFLAG_COMMON) -# define ERR_R_OBJ_LIB (ERR_LIB_OBJ/* 8 */ | ERR_RFLAG_COMMON) -# define ERR_R_PEM_LIB (ERR_LIB_PEM/* 9 */ | ERR_RFLAG_COMMON) -# define ERR_R_DSA_LIB (ERR_LIB_DSA/* 10 */ | ERR_RFLAG_COMMON) -# define ERR_R_X509_LIB (ERR_LIB_X509/* 11 */ | ERR_RFLAG_COMMON) -# define ERR_R_ASN1_LIB (ERR_LIB_ASN1/* 13 */ | ERR_RFLAG_COMMON) -# define ERR_R_CONF_LIB (ERR_LIB_CONF/* 14 */ | ERR_RFLAG_COMMON) -# define ERR_R_CRYPTO_LIB (ERR_LIB_CRYPTO/* 15 */ | ERR_RFLAG_COMMON) -# define ERR_R_EC_LIB (ERR_LIB_EC/* 16 */ | ERR_RFLAG_COMMON) -# define ERR_R_SSL_LIB (ERR_LIB_SSL/* 20 */ | ERR_RFLAG_COMMON) -# define ERR_R_BIO_LIB (ERR_LIB_BIO/* 32 */ | ERR_RFLAG_COMMON) -# define ERR_R_PKCS7_LIB (ERR_LIB_PKCS7/* 33 */ | ERR_RFLAG_COMMON) -# define ERR_R_X509V3_LIB (ERR_LIB_X509V3/* 34 */ | ERR_RFLAG_COMMON) -# define ERR_R_PKCS12_LIB (ERR_LIB_PKCS12/* 35 */ | ERR_RFLAG_COMMON) -# define ERR_R_RAND_LIB (ERR_LIB_RAND/* 36 */ | ERR_RFLAG_COMMON) -# define ERR_R_DSO_LIB (ERR_LIB_DSO/* 37 */ | ERR_RFLAG_COMMON) -# define ERR_R_ENGINE_LIB (ERR_LIB_ENGINE/* 38 */ | ERR_RFLAG_COMMON) -# define ERR_R_UI_LIB (ERR_LIB_UI/* 40 */ | ERR_RFLAG_COMMON) -# define ERR_R_ECDSA_LIB (ERR_LIB_ECDSA/* 42 */ | ERR_RFLAG_COMMON) -# define ERR_R_OSSL_STORE_LIB (ERR_LIB_OSSL_STORE/* 44 */ | ERR_RFLAG_COMMON) -# define ERR_R_CMS_LIB (ERR_LIB_CMS/* 46 */ | ERR_RFLAG_COMMON) -# define ERR_R_TS_LIB (ERR_LIB_TS/* 47 */ | ERR_RFLAG_COMMON) -# define ERR_R_CT_LIB (ERR_LIB_CT/* 50 */ | ERR_RFLAG_COMMON) -# define ERR_R_PROV_LIB (ERR_LIB_PROV/* 57 */ | ERR_RFLAG_COMMON) -# define ERR_R_ESS_LIB (ERR_LIB_ESS/* 54 */ | ERR_RFLAG_COMMON) -# define ERR_R_CMP_LIB (ERR_LIB_CMP/* 58 */ | ERR_RFLAG_COMMON) -# define ERR_R_OSSL_ENCODER_LIB (ERR_LIB_OSSL_ENCODER/* 59 */ | ERR_RFLAG_COMMON) -# define ERR_R_OSSL_DECODER_LIB (ERR_LIB_OSSL_DECODER/* 60 */ | ERR_RFLAG_COMMON) +#define ERR_R_SYS_LIB (ERR_LIB_SYS /* 2 */ | ERR_RFLAG_COMMON) +#define ERR_R_BN_LIB (ERR_LIB_BN /* 3 */ | ERR_RFLAG_COMMON) +#define ERR_R_RSA_LIB (ERR_LIB_RSA /* 4 */ | ERR_RFLAG_COMMON) +#define ERR_R_DH_LIB (ERR_LIB_DH /* 5 */ | ERR_RFLAG_COMMON) +#define ERR_R_EVP_LIB (ERR_LIB_EVP /* 6 */ | ERR_RFLAG_COMMON) +#define ERR_R_BUF_LIB (ERR_LIB_BUF /* 7 */ | ERR_RFLAG_COMMON) +#define ERR_R_OBJ_LIB (ERR_LIB_OBJ /* 8 */ | ERR_RFLAG_COMMON) +#define ERR_R_PEM_LIB (ERR_LIB_PEM /* 9 */ | ERR_RFLAG_COMMON) +#define ERR_R_DSA_LIB (ERR_LIB_DSA /* 10 */ | ERR_RFLAG_COMMON) +#define ERR_R_X509_LIB (ERR_LIB_X509 /* 11 */ | ERR_RFLAG_COMMON) +#define ERR_R_ASN1_LIB (ERR_LIB_ASN1 /* 13 */ | ERR_RFLAG_COMMON) +#define ERR_R_CONF_LIB (ERR_LIB_CONF /* 14 */ | ERR_RFLAG_COMMON) +#define ERR_R_CRYPTO_LIB (ERR_LIB_CRYPTO /* 15 */ | ERR_RFLAG_COMMON) +#define ERR_R_EC_LIB (ERR_LIB_EC /* 16 */ | ERR_RFLAG_COMMON) +#define ERR_R_SSL_LIB (ERR_LIB_SSL /* 20 */ | ERR_RFLAG_COMMON) +#define ERR_R_BIO_LIB (ERR_LIB_BIO /* 32 */ | ERR_RFLAG_COMMON) +#define ERR_R_PKCS7_LIB (ERR_LIB_PKCS7 /* 33 */ | ERR_RFLAG_COMMON) +#define ERR_R_X509V3_LIB (ERR_LIB_X509V3 /* 34 */ | ERR_RFLAG_COMMON) +#define ERR_R_PKCS12_LIB (ERR_LIB_PKCS12 /* 35 */ | ERR_RFLAG_COMMON) +#define ERR_R_RAND_LIB (ERR_LIB_RAND /* 36 */ | ERR_RFLAG_COMMON) +#define ERR_R_DSO_LIB (ERR_LIB_DSO /* 37 */ | ERR_RFLAG_COMMON) +#define ERR_R_ENGINE_LIB (ERR_LIB_ENGINE /* 38 */ | ERR_RFLAG_COMMON) +#define ERR_R_UI_LIB (ERR_LIB_UI /* 40 */ | ERR_RFLAG_COMMON) +#define ERR_R_ECDSA_LIB (ERR_LIB_ECDSA /* 42 */ | ERR_RFLAG_COMMON) +#define ERR_R_OSSL_STORE_LIB (ERR_LIB_OSSL_STORE /* 44 */ | ERR_RFLAG_COMMON) +#define ERR_R_CMS_LIB (ERR_LIB_CMS /* 46 */ | ERR_RFLAG_COMMON) +#define ERR_R_TS_LIB (ERR_LIB_TS /* 47 */ | ERR_RFLAG_COMMON) +#define ERR_R_CT_LIB (ERR_LIB_CT /* 50 */ | ERR_RFLAG_COMMON) +#define ERR_R_PROV_LIB (ERR_LIB_PROV /* 57 */ | ERR_RFLAG_COMMON) +#define ERR_R_ESS_LIB (ERR_LIB_ESS /* 54 */ | ERR_RFLAG_COMMON) +#define ERR_R_CMP_LIB (ERR_LIB_CMP /* 58 */ | ERR_RFLAG_COMMON) +#define ERR_R_OSSL_ENCODER_LIB (ERR_LIB_OSSL_ENCODER /* 59 */ | ERR_RFLAG_COMMON) +#define ERR_R_OSSL_DECODER_LIB (ERR_LIB_OSSL_DECODER /* 60 */ | ERR_RFLAG_COMMON) /* Other common error codes, range 256..2^ERR_RFLAGS_OFFSET-1 */ -# define ERR_R_FATAL (ERR_RFLAG_FATAL|ERR_RFLAG_COMMON) -# define ERR_R_MALLOC_FAILURE (256|ERR_R_FATAL) -# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (257|ERR_R_FATAL) -# define ERR_R_PASSED_NULL_PARAMETER (258|ERR_R_FATAL) -# define ERR_R_INTERNAL_ERROR (259|ERR_R_FATAL) -# define ERR_R_DISABLED (260|ERR_R_FATAL) -# define ERR_R_INIT_FAIL (261|ERR_R_FATAL) -# define ERR_R_PASSED_INVALID_ARGUMENT (262|ERR_RFLAG_COMMON) -# define ERR_R_OPERATION_FAIL (263|ERR_R_FATAL) -# define ERR_R_INVALID_PROVIDER_FUNCTIONS (264|ERR_R_FATAL) -# define ERR_R_INTERRUPTED_OR_CANCELLED (265|ERR_RFLAG_COMMON) -# define ERR_R_NESTED_ASN1_ERROR (266|ERR_RFLAG_COMMON) -# define ERR_R_MISSING_ASN1_EOS (267|ERR_RFLAG_COMMON) -# define ERR_R_UNSUPPORTED (268|ERR_RFLAG_COMMON) -# define ERR_R_FETCH_FAILED (269|ERR_RFLAG_COMMON) -# define ERR_R_INVALID_PROPERTY_DEFINITION (270|ERR_RFLAG_COMMON) -# define ERR_R_UNABLE_TO_GET_READ_LOCK (271|ERR_R_FATAL) -# define ERR_R_UNABLE_TO_GET_WRITE_LOCK (272|ERR_R_FATAL) +#define ERR_R_FATAL (ERR_RFLAG_FATAL | ERR_RFLAG_COMMON) +#define ERR_R_MALLOC_FAILURE (256 | ERR_R_FATAL) +#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (257 | ERR_R_FATAL) +#define ERR_R_PASSED_NULL_PARAMETER (258 | ERR_R_FATAL) +#define ERR_R_INTERNAL_ERROR (259 | ERR_R_FATAL) +#define ERR_R_DISABLED (260 | ERR_R_FATAL) +#define ERR_R_INIT_FAIL (261 | ERR_R_FATAL) +#define ERR_R_PASSED_INVALID_ARGUMENT (262 | ERR_RFLAG_COMMON) +#define ERR_R_OPERATION_FAIL (263 | ERR_R_FATAL) +#define ERR_R_INVALID_PROVIDER_FUNCTIONS (264 | ERR_R_FATAL) +#define ERR_R_INTERRUPTED_OR_CANCELLED (265 | ERR_RFLAG_COMMON) +#define ERR_R_NESTED_ASN1_ERROR (266 | ERR_RFLAG_COMMON) +#define ERR_R_MISSING_ASN1_EOS (267 | ERR_RFLAG_COMMON) +#define ERR_R_UNSUPPORTED (268 | ERR_RFLAG_COMMON) +#define ERR_R_FETCH_FAILED (269 | ERR_RFLAG_COMMON) +#define ERR_R_INVALID_PROPERTY_DEFINITION (270 | ERR_RFLAG_COMMON) +#define ERR_R_UNABLE_TO_GET_READ_LOCK (271 | ERR_R_FATAL) +#define ERR_R_UNABLE_TO_GET_WRITE_LOCK (272 | ERR_R_FATAL) typedef struct ERR_string_data_st { unsigned long error; const char *string; } ERR_STRING_DATA; +/* clang-format off */ {- generate_lhash_macros("ERR_STRING_DATA"); -} +/* clang-format on */ /* 12 lines and some on an 80 column terminal */ -#define ERR_MAX_DATA_SIZE 1024 +#define ERR_MAX_DATA_SIZE 1024 /* Building blocks */ void ERR_new(void); @@ -387,73 +390,73 @@ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); /* Main error raising functions */ -# define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL) -# define ERR_raise_data \ - (ERR_new(), \ - ERR_set_debug(OPENSSL_FILE,OPENSSL_LINE,OPENSSL_FUNC), \ - ERR_set_error) +#define ERR_raise(lib, reason) ERR_raise_data((lib), (reason), NULL) +#define ERR_raise_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ + ERR_set_error) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Backward compatibility */ -# define ERR_put_error(lib, func, reason, file, line) \ - (ERR_new(), \ - ERR_set_debug((file), (line), OPENSSL_FUNC), \ - ERR_set_error((lib), (reason), NULL)) -# endif +#define ERR_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug((file), (line), OPENSSL_FUNC), \ + ERR_set_error((lib), (reason), NULL)) +#endif void ERR_set_error_data(char *data, int flags); unsigned long ERR_get_error(void); unsigned long ERR_get_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + const char **func, + const char **data, int *flags); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 unsigned long ERR_get_error_line(const char **file, int *line); OSSL_DEPRECATEDIN_3_0 unsigned long ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags); + const char **data, int *flags); #endif unsigned long ERR_peek_error(void); unsigned long ERR_peek_error_line(const char **file, int *line); unsigned long ERR_peek_error_func(const char **func); unsigned long ERR_peek_error_data(const char **data, int *flags); unsigned long ERR_peek_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + const char **func, + const char **data, int *flags); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 unsigned long ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags); -# endif + const char **data, int *flags); +#endif unsigned long ERR_peek_last_error(void); unsigned long ERR_peek_last_error_line(const char **file, int *line); unsigned long ERR_peek_last_error_func(const char **func); unsigned long ERR_peek_last_error_data(const char **data, int *flags); unsigned long ERR_peek_last_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + const char **func, + const char **data, int *flags); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 unsigned long ERR_peek_last_error_line_data(const char **file, int *line, - const char **data, int *flags); -# endif + const char **data, int *flags); +#endif void ERR_clear_error(void); char *ERR_error_string(unsigned long e, char *buf); void ERR_error_string_n(unsigned long e, char *buf, size_t len); const char *ERR_lib_error_string(unsigned long e); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const char *ERR_func_error_string(unsigned long e); -# endif +#endif const char *ERR_reason_error_string(unsigned long e); -void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), - void *u); -# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), + void *u); +#ifndef OPENSSL_NO_STDIO void ERR_print_errors_fp(FILE *fp); -# endif +#endif void ERR_print_errors(BIO *bp); void ERR_add_error_data(int num, ...); @@ -466,9 +469,11 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define ERR_load_crypto_strings() \ +#define ERR_load_crypto_strings() \ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) -# define ERR_free_strings() while(0) continue +#define ERR_free_strings() \ + while (0) \ + continue #endif #ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 void ERR_remove_thread_state(void *); @@ -486,7 +491,7 @@ int ERR_pop_to_mark(void); int ERR_clear_last_mark(void); -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/ess.h.orig +++ crypto/openssl/include/openssl/ess.h @@ -10,27 +10,29 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_ESS_H -# define OPENSSL_ESS_H -# pragma once +#define OPENSSL_ESS_H +#pragma once -# include +#include -# include -# include -# include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif - +#endif typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; typedef struct ESS_cert_id ESS_CERT_ID; typedef struct ESS_signing_cert ESS_SIGNING_CERT; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ESS_CERT_ID, ESS_CERT_ID, ESS_CERT_ID) #define sk_ESS_CERT_ID_num(sk) OPENSSL_sk_num(ossl_check_const_ESS_CERT_ID_sk_type(sk)) #define sk_ESS_CERT_ID_value(sk, idx) ((ESS_CERT_ID *)OPENSSL_sk_value(ossl_check_const_ESS_CERT_ID_sk_type(sk), (idx))) @@ -58,11 +60,12 @@ #define sk_ESS_CERT_ID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ESS_CERT_ID) *)OPENSSL_sk_deep_copy(ossl_check_const_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_copyfunc_type(copyfunc), ossl_check_ESS_CERT_ID_freefunc_type(freefunc))) #define sk_ESS_CERT_ID_set_cmp_func(sk, cmp) ((sk_ESS_CERT_ID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ESS_CERT_ID_sk_type(sk), ossl_check_ESS_CERT_ID_compfunc_type(cmp))) - +/* clang-format on */ typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ESS_CERT_ID_V2, ESS_CERT_ID_V2, ESS_CERT_ID_V2) #define sk_ESS_CERT_ID_V2_num(sk) OPENSSL_sk_num(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk)) #define sk_ESS_CERT_ID_V2_value(sk, idx) ((ESS_CERT_ID_V2 *)OPENSSL_sk_value(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk), (idx))) @@ -90,6 +93,7 @@ #define sk_ESS_CERT_ID_V2_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ESS_CERT_ID_V2) *)OPENSSL_sk_deep_copy(ossl_check_const_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_copyfunc_type(copyfunc), ossl_check_ESS_CERT_ID_V2_freefunc_type(freefunc))) #define sk_ESS_CERT_ID_V2_set_cmp_func(sk, cmp) ((sk_ESS_CERT_ID_V2_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ESS_CERT_ID_V2_sk_type(sk), ossl_check_ESS_CERT_ID_V2_compfunc_type(cmp))) +/* clang-format on */ DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL) @@ -110,19 +114,18 @@ DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) ESS_SIGNING_CERT *OSSL_ESS_signing_cert_new_init(const X509 *signcert, - const STACK_OF(X509) *certs, - int set_issuer_serial); + const STACK_OF(X509) *certs, + int set_issuer_serial); ESS_SIGNING_CERT_V2 *OSSL_ESS_signing_cert_v2_new_init(const EVP_MD *hash_alg, - const X509 *signcert, - const - STACK_OF(X509) *certs, - int set_issuer_serial); + const X509 *signcert, + const STACK_OF(X509) *certs, + int set_issuer_serial); int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss, - const ESS_SIGNING_CERT_V2 *ssv2, - const STACK_OF(X509) *chain, - int require_signing_cert); + const ESS_SIGNING_CERT_V2 *ssv2, + const STACK_OF(X509) *chain, + int require_signing_cert); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/ess.h.in.orig +++ crypto/openssl/include/openssl/ess.h.in @@ -9,40 +9,44 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_ESS_H -# define OPENSSL_ESS_H -# pragma once +#define OPENSSL_ESS_H +#pragma once -# include +#include -# include -# include -# include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif - +#endif typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; typedef struct ESS_cert_id ESS_CERT_ID; typedef struct ESS_signing_cert ESS_SIGNING_CERT; +/* clang-format off */ {- generate_stack_macros("ESS_CERT_ID"); -} - +/* clang-format on */ typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; +/* clang-format off */ {- generate_stack_macros("ESS_CERT_ID_V2"); -} +/* clang-format on */ DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL) @@ -63,19 +67,18 @@ DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) ESS_SIGNING_CERT *OSSL_ESS_signing_cert_new_init(const X509 *signcert, - const STACK_OF(X509) *certs, - int set_issuer_serial); + const STACK_OF(X509) *certs, + int set_issuer_serial); ESS_SIGNING_CERT_V2 *OSSL_ESS_signing_cert_v2_new_init(const EVP_MD *hash_alg, - const X509 *signcert, - const - STACK_OF(X509) *certs, - int set_issuer_serial); + const X509 *signcert, + const STACK_OF(X509) *certs, + int set_issuer_serial); int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss, - const ESS_SIGNING_CERT_V2 *ssv2, - const STACK_OF(X509) *chain, - int require_signing_cert); + const ESS_SIGNING_CERT_V2 *ssv2, + const STACK_OF(X509) *chain, + int require_signing_cert); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/esserr.h.orig +++ crypto/openssl/include/openssl/esserr.h @@ -9,24 +9,24 @@ */ #ifndef OPENSSL_ESSERR_H -# define OPENSSL_ESSERR_H -# pragma once +#define OPENSSL_ESSERR_H +#pragma once -# include -# include -# include +#include +#include +#include /* * ESS reason codes. */ -# define ESS_R_EMPTY_ESS_CERT_ID_LIST 107 -# define ESS_R_ESS_CERT_DIGEST_ERROR 103 -# define ESS_R_ESS_CERT_ID_NOT_FOUND 104 -# define ESS_R_ESS_CERT_ID_WRONG_ORDER 105 -# define ESS_R_ESS_DIGEST_ALG_UNKNOWN 106 -# define ESS_R_ESS_SIGNING_CERTIFICATE_ERROR 102 -# define ESS_R_ESS_SIGNING_CERT_ADD_ERROR 100 -# define ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR 101 -# define ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE 108 +#define ESS_R_EMPTY_ESS_CERT_ID_LIST 107 +#define ESS_R_ESS_CERT_DIGEST_ERROR 103 +#define ESS_R_ESS_CERT_ID_NOT_FOUND 104 +#define ESS_R_ESS_CERT_ID_WRONG_ORDER 105 +#define ESS_R_ESS_DIGEST_ALG_UNKNOWN 106 +#define ESS_R_ESS_SIGNING_CERTIFICATE_ERROR 102 +#define ESS_R_ESS_SIGNING_CERT_ADD_ERROR 100 +#define ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR 101 +#define ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE 108 #endif --- crypto/openssl/include/openssl/evp.h.orig +++ crypto/openssl/include/openssl/evp.h @@ -8,91 +8,91 @@ */ #ifndef OPENSSL_EVP_H -# define OPENSSL_EVP_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_ENVELOPE_H -# endif - -# include - -# ifndef OPENSSL_NO_STDIO -# include -# endif - -# include -# include -# include -# include -# include -# include -# include -# include - -# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ -# define EVP_MAX_KEY_LENGTH 64 -# define EVP_MAX_IV_LENGTH 16 -# define EVP_MAX_BLOCK_LENGTH 32 - -# define PKCS5_SALT_LEN 8 +#define OPENSSL_EVP_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_ENVELOPE_H +#endif + +#include + +#ifndef OPENSSL_NO_STDIO +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + +#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ +#define EVP_MAX_KEY_LENGTH 64 +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 + +#define PKCS5_SALT_LEN 8 /* Default PKCS#5 iteration count */ -# define PKCS5_DEFAULT_ITER 2048 - -# include - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define EVP_PK_RSA 0x0001 -# define EVP_PK_DSA 0x0002 -# define EVP_PK_DH 0x0004 -# define EVP_PK_EC 0x0008 -# define EVP_PKT_SIGN 0x0010 -# define EVP_PKT_ENC 0x0020 -# define EVP_PKT_EXCH 0x0040 -# define EVP_PKS_RSA 0x0100 -# define EVP_PKS_DSA 0x0200 -# define EVP_PKS_EC 0x0400 -# endif - -# define EVP_PKEY_NONE NID_undef -# define EVP_PKEY_RSA NID_rsaEncryption -# define EVP_PKEY_RSA2 NID_rsa -# define EVP_PKEY_RSA_PSS NID_rsassaPss -# define EVP_PKEY_DSA NID_dsa -# define EVP_PKEY_DSA1 NID_dsa_2 -# define EVP_PKEY_DSA2 NID_dsaWithSHA -# define EVP_PKEY_DSA3 NID_dsaWithSHA1 -# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 -# define EVP_PKEY_DH NID_dhKeyAgreement -# define EVP_PKEY_DHX NID_dhpublicnumber -# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey -# define EVP_PKEY_SM2 NID_sm2 -# define EVP_PKEY_HMAC NID_hmac -# define EVP_PKEY_CMAC NID_cmac -# define EVP_PKEY_SCRYPT NID_id_scrypt -# define EVP_PKEY_TLS1_PRF NID_tls1_prf -# define EVP_PKEY_HKDF NID_hkdf -# define EVP_PKEY_POLY1305 NID_poly1305 -# define EVP_PKEY_SIPHASH NID_siphash -# define EVP_PKEY_X25519 NID_X25519 -# define EVP_PKEY_ED25519 NID_ED25519 -# define EVP_PKEY_X448 NID_X448 -# define EVP_PKEY_ED448 NID_ED448 +#define PKCS5_DEFAULT_ITER 2048 + +#include + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define EVP_PK_RSA 0x0001 +#define EVP_PK_DSA 0x0002 +#define EVP_PK_DH 0x0004 +#define EVP_PK_EC 0x0008 +#define EVP_PKT_SIGN 0x0010 +#define EVP_PKT_ENC 0x0020 +#define EVP_PKT_EXCH 0x0040 +#define EVP_PKS_RSA 0x0100 +#define EVP_PKS_DSA 0x0200 +#define EVP_PKS_EC 0x0400 +#endif + +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA NID_rsaEncryption +#define EVP_PKEY_RSA2 NID_rsa +#define EVP_PKEY_RSA_PSS NID_rsassaPss +#define EVP_PKEY_DSA NID_dsa +#define EVP_PKEY_DSA1 NID_dsa_2 +#define EVP_PKEY_DSA2 NID_dsaWithSHA +#define EVP_PKEY_DSA3 NID_dsaWithSHA1 +#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +#define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_DHX NID_dhpublicnumber +#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +#define EVP_PKEY_SM2 NID_sm2 +#define EVP_PKEY_HMAC NID_hmac +#define EVP_PKEY_CMAC NID_cmac +#define EVP_PKEY_SCRYPT NID_id_scrypt +#define EVP_PKEY_TLS1_PRF NID_tls1_prf +#define EVP_PKEY_HKDF NID_hkdf +#define EVP_PKEY_POLY1305 NID_poly1305 +#define EVP_PKEY_SIPHASH NID_siphash +#define EVP_PKEY_X25519 NID_X25519 +#define EVP_PKEY_ED25519 NID_ED25519 +#define EVP_PKEY_X448 NID_X448 +#define EVP_PKEY_ED448 NID_ED448 /* Special indicator that the object is uniquely provider side */ -# define EVP_PKEY_KEYMGMT -1 +#define EVP_PKEY_KEYMGMT -1 /* Easy to use macros for EVP_PKEY related selections */ -# define EVP_PKEY_KEY_PARAMETERS \ - ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) -# define EVP_PKEY_PRIVATE_KEY \ - ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) -# define EVP_PKEY_PUBLIC_KEY \ - ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) -# define EVP_PKEY_KEYPAIR \ - ( EVP_PKEY_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) - -#ifdef __cplusplus +#define EVP_PKEY_KEY_PARAMETERS \ + (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) +#define EVP_PKEY_PRIVATE_KEY \ + (EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY) +#define EVP_PKEY_PUBLIC_KEY \ + (EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY) +#define EVP_PKEY_KEYPAIR \ + (EVP_PKEY_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_PRIVATE_KEY) + +#ifdef __cplusplus extern "C" { #endif @@ -100,13 +100,13 @@ int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *libctx); int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable); -# define EVP_PKEY_MO_SIGN 0x0001 -# define EVP_PKEY_MO_VERIFY 0x0002 -# define EVP_PKEY_MO_ENCRYPT 0x0004 -# define EVP_PKEY_MO_DECRYPT 0x0008 +#define EVP_PKEY_MO_SIGN 0x0001 +#define EVP_PKEY_MO_VERIFY 0x0002 +#define EVP_PKEY_MO_ENCRYPT 0x0004 +#define EVP_PKEY_MO_DECRYPT 0x0008 -# ifndef EVP_MD -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef EVP_MD +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); OSSL_DEPRECATEDIN_3_0 EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); OSSL_DEPRECATEDIN_3_0 void EVP_MD_meth_free(EVP_MD *md); @@ -121,20 +121,15 @@ OSSL_DEPRECATEDIN_3_0 int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); OSSL_DEPRECATEDIN_3_0 -int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, - const void *data, - size_t count)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)); OSSL_DEPRECATEDIN_3_0 -int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, - unsigned char *md)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, unsigned char *md)); OSSL_DEPRECATEDIN_3_0 -int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, - const EVP_MD_CTX *from)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)); OSSL_DEPRECATEDIN_3_0 int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); OSSL_DEPRECATEDIN_3_0 -int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, - int p1, void *p2)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)); OSSL_DEPRECATEDIN_3_0 int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); OSSL_DEPRECATEDIN_3_0 int EVP_MD_meth_get_result_size(const EVP_MD *md); OSSL_DEPRECATEDIN_3_0 int EVP_MD_meth_get_app_datasize(const EVP_MD *md); @@ -143,93 +138,93 @@ int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, - const void *data, size_t count); + const void *data, size_t count); OSSL_DEPRECATEDIN_3_0 int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, - unsigned char *md); + unsigned char *md); OSSL_DEPRECATEDIN_3_0 int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, - const EVP_MD_CTX *from); + const EVP_MD_CTX *from); OSSL_DEPRECATEDIN_3_0 int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, - int p1, void *p2); -# endif + int p1, void *p2); +#endif /* digest can only handle a single block */ -# define EVP_MD_FLAG_ONESHOT 0x0001 +#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest is extensible-output function, XOF */ -# define EVP_MD_FLAG_XOF 0x0002 +#define EVP_MD_FLAG_XOF 0x0002 /* DigestAlgorithmIdentifier flags... */ -# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 +#define EVP_MD_FLAG_DIGALGID_MASK 0x0018 /* NULL or absent parameter accepted. Use NULL */ -# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 +#define EVP_MD_FLAG_DIGALGID_NULL 0x0000 /* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ -# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 +#define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 /* Custom handling via ctrl */ -# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 +#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 /* Note if suitable for use in FIPS mode */ -# define EVP_MD_FLAG_FIPS 0x0400 +#define EVP_MD_FLAG_FIPS 0x0400 /* Digest ctrls */ -# define EVP_MD_CTRL_DIGALGID 0x1 -# define EVP_MD_CTRL_MICALG 0x2 -# define EVP_MD_CTRL_XOF_LEN 0x3 -# define EVP_MD_CTRL_TLSTREE 0x4 +#define EVP_MD_CTRL_DIGALGID 0x1 +#define EVP_MD_CTRL_MICALG 0x2 +#define EVP_MD_CTRL_XOF_LEN 0x3 +#define EVP_MD_CTRL_TLSTREE 0x4 /* Minimum Algorithm specific ctrl value */ -# define EVP_MD_CTRL_ALG_CTRL 0x1000 +#define EVP_MD_CTRL_ALG_CTRL 0x1000 -# endif /* !EVP_MD */ +#endif /* !EVP_MD */ /* values for EVP_MD_CTX flags */ -# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be - * called once only */ -# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been - * cleaned */ -# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data - * in EVP_MD_CTX_reset */ +#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be \ + * called once only */ +#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been \ + * cleaned */ +#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data \ + * in EVP_MD_CTX_reset */ /* * FIPS and pad options are ignored in 1.0.0, definitions are here so we * don't accidentally reuse the values for other purposes. */ /* This flag has no effect from openssl-3.0 onwards */ -# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 +#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* * The following PAD options are also currently ignored in 1.0.0, digest * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() * instead. */ -# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ -# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ -# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ -# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ +#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ +#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ +#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ +#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ -# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ /* * Some functions such as EVP_DigestSign only finalise copies of internal * contexts so additional data can be included after the finalisation call. * This is inefficient if this functionality is not required: it is disabled * if the following flag is set. */ -# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +#define EVP_MD_CTX_FLAG_FINALISE 0x0200 /* NOTE: 0x0400 is reserved for internal usage */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); OSSL_DEPRECATEDIN_3_0 @@ -244,208 +239,202 @@ int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); OSSL_DEPRECATEDIN_3_0 int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, - int (*init) (EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc)); + int (*init)(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); OSSL_DEPRECATEDIN_3_0 int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, - int (*do_cipher) (EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)); + int (*do_cipher)(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); OSSL_DEPRECATEDIN_3_0 int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, - int (*cleanup) (EVP_CIPHER_CTX *)); + int (*cleanup)(EVP_CIPHER_CTX *)); OSSL_DEPRECATEDIN_3_0 int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)); + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, + ASN1_TYPE *)); OSSL_DEPRECATEDIN_3_0 int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)); + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, + ASN1_TYPE *)); OSSL_DEPRECATEDIN_3_0 int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, - int (*ctrl) (EVP_CIPHER_CTX *, int type, - int arg, void *ptr)); -OSSL_DEPRECATEDIN_3_0 int -(*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc); -OSSL_DEPRECATEDIN_3_0 int -(*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl); -OSSL_DEPRECATEDIN_3_0 int -(*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); -OSSL_DEPRECATEDIN_3_0 int -(*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *); -OSSL_DEPRECATEDIN_3_0 int -(*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *); -OSSL_DEPRECATEDIN_3_0 int -(*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, int type, - int arg, void *ptr); -# endif + int (*ctrl)(EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); +OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, int type, + int arg, void *ptr); +#endif /* Values for cipher flags */ /* Modes for ciphers */ -# define EVP_CIPH_STREAM_CIPHER 0x0 -# define EVP_CIPH_ECB_MODE 0x1 -# define EVP_CIPH_CBC_MODE 0x2 -# define EVP_CIPH_CFB_MODE 0x3 -# define EVP_CIPH_OFB_MODE 0x4 -# define EVP_CIPH_CTR_MODE 0x5 -# define EVP_CIPH_GCM_MODE 0x6 -# define EVP_CIPH_CCM_MODE 0x7 -# define EVP_CIPH_XTS_MODE 0x10001 -# define EVP_CIPH_WRAP_MODE 0x10002 -# define EVP_CIPH_OCB_MODE 0x10003 -# define EVP_CIPH_SIV_MODE 0x10004 -# define EVP_CIPH_MODE 0xF0007 +#define EVP_CIPH_STREAM_CIPHER 0x0 +#define EVP_CIPH_ECB_MODE 0x1 +#define EVP_CIPH_CBC_MODE 0x2 +#define EVP_CIPH_CFB_MODE 0x3 +#define EVP_CIPH_OFB_MODE 0x4 +#define EVP_CIPH_CTR_MODE 0x5 +#define EVP_CIPH_GCM_MODE 0x6 +#define EVP_CIPH_CCM_MODE 0x7 +#define EVP_CIPH_XTS_MODE 0x10001 +#define EVP_CIPH_WRAP_MODE 0x10002 +#define EVP_CIPH_OCB_MODE 0x10003 +#define EVP_CIPH_SIV_MODE 0x10004 +#define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ -# define EVP_CIPH_VARIABLE_LENGTH 0x8 +#define EVP_CIPH_VARIABLE_LENGTH 0x8 /* Set if the iv handling should be done by the cipher itself */ -# define EVP_CIPH_CUSTOM_IV 0x10 +#define EVP_CIPH_CUSTOM_IV 0x10 /* Set if the cipher's init() function should be called if key is NULL */ -# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 /* Call ctrl() to init cipher parameters */ -# define EVP_CIPH_CTRL_INIT 0x40 +#define EVP_CIPH_CTRL_INIT 0x40 /* Don't use standard key length function */ -# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ -# define EVP_CIPH_NO_PADDING 0x100 +#define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ -# define EVP_CIPH_RAND_KEY 0x200 +#define EVP_CIPH_RAND_KEY 0x200 /* cipher has its own additional copying logic */ -# define EVP_CIPH_CUSTOM_COPY 0x400 +#define EVP_CIPH_CUSTOM_COPY 0x400 /* Don't use standard iv length function */ -# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +#define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 /* Legacy and no longer relevant: Allow use default ASN1 get/set iv */ -# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 +#define EVP_CIPH_FLAG_DEFAULT_ASN1 0 /* Free: 0x1000 */ /* Buffer length in bits not bytes: CFB1 mode only */ -# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 /* Deprecated FIPS flag: was 0x4000 */ -# define EVP_CIPH_FLAG_FIPS 0 +#define EVP_CIPH_FLAG_FIPS 0 /* Deprecated FIPS flag: was 0x8000 */ -# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0 +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0 /* * Cipher handles any and all padding logic as well as finalisation. */ -# define EVP_CIPH_FLAG_CTS 0x4000 -# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 -# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +#define EVP_CIPH_FLAG_CTS 0x4000 +#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +#define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 /* Cipher can handle pipeline operations */ -# define EVP_CIPH_FLAG_PIPELINE 0X800000 +#define EVP_CIPH_FLAG_PIPELINE 0X800000 /* For provider implementations that handle ASN1 get/set param themselves */ -# define EVP_CIPH_FLAG_CUSTOM_ASN1 0x1000000 +#define EVP_CIPH_FLAG_CUSTOM_ASN1 0x1000000 /* For ciphers generating unprotected CMS attributes */ -# define EVP_CIPH_FLAG_CIPHER_WITH_MAC 0x2000000 +#define EVP_CIPH_FLAG_CIPHER_WITH_MAC 0x2000000 /* For supplementary wrap cipher support */ -# define EVP_CIPH_FLAG_GET_WRAP_CIPHER 0x4000000 -# define EVP_CIPH_FLAG_INVERSE_CIPHER 0x8000000 +#define EVP_CIPH_FLAG_GET_WRAP_CIPHER 0x4000000 +#define EVP_CIPH_FLAG_INVERSE_CIPHER 0x8000000 /* * Cipher context flag to indicate we can handle wrap mode: if allowed in * older applications it could overflow buffers. */ -# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 +#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 /* ctrl() values */ -# define EVP_CTRL_INIT 0x0 -# define EVP_CTRL_SET_KEY_LENGTH 0x1 -# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 -# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 -# define EVP_CTRL_GET_RC5_ROUNDS 0x4 -# define EVP_CTRL_SET_RC5_ROUNDS 0x5 -# define EVP_CTRL_RAND_KEY 0x6 -# define EVP_CTRL_PBE_PRF_NID 0x7 -# define EVP_CTRL_COPY 0x8 -# define EVP_CTRL_AEAD_SET_IVLEN 0x9 -# define EVP_CTRL_AEAD_GET_TAG 0x10 -# define EVP_CTRL_AEAD_SET_TAG 0x11 -# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 -# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN -# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG -# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG -# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED -# define EVP_CTRL_GCM_IV_GEN 0x13 -# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN -# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG -# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG -# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED -# define EVP_CTRL_CCM_SET_L 0x14 -# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +#define EVP_CTRL_INIT 0x0 +#define EVP_CTRL_SET_KEY_LENGTH 0x1 +#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +#define EVP_CTRL_GET_RC5_ROUNDS 0x4 +#define EVP_CTRL_SET_RC5_ROUNDS 0x5 +#define EVP_CTRL_RAND_KEY 0x6 +#define EVP_CTRL_PBE_PRF_NID 0x7 +#define EVP_CTRL_COPY 0x8 +#define EVP_CTRL_AEAD_SET_IVLEN 0x9 +#define EVP_CTRL_AEAD_GET_TAG 0x10 +#define EVP_CTRL_AEAD_SET_TAG 0x11 +#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +#define EVP_CTRL_GCM_IV_GEN 0x13 +#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +#define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +#define EVP_CTRL_CCM_SET_L 0x14 +#define EVP_CTRL_CCM_SET_MSGLEN 0x15 /* * AEAD cipher deduces payload length and returns number of bytes required to * store MAC and eventual padding. Subsequent call to EVP_Cipher even * appends/verifies MAC. */ -# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +#define EVP_CTRL_AEAD_TLS1_AAD 0x16 /* Used by composite AEAD ciphers, no-op in GCM, CCM... */ -# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 /* Set the GCM invocation field, decrypt only */ -# define EVP_CTRL_GCM_SET_IV_INV 0x18 +#define EVP_CTRL_GCM_SET_IV_INV 0x18 -# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 -# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a -# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b -# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c +#define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +#define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +#define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +#define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c -# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d +#define EVP_CTRL_SSL3_MASTER_SECRET 0x1d /* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ -# define EVP_CTRL_SET_SBOX 0x1e +#define EVP_CTRL_SET_SBOX 0x1e /* * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a * pre-allocated buffer with specified size */ -# define EVP_CTRL_SBOX_USED 0x1f +#define EVP_CTRL_SBOX_USED 0x1f /* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, * 0 switches meshing off */ -# define EVP_CTRL_KEY_MESH 0x20 +#define EVP_CTRL_KEY_MESH 0x20 /* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ -# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 +#define EVP_CTRL_BLOCK_PADDING_MODE 0x21 /* Set the output buffers to use for a pipelined operation */ -# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +#define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 /* Set the input buffers to use for a pipelined operation */ -# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +#define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 /* Set the input buffer lengths to use for a pipelined operation */ -# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 +#define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 /* Get the IV length used by the cipher */ -# define EVP_CTRL_GET_IVLEN 0x25 +#define EVP_CTRL_GET_IVLEN 0x25 /* 0x26 is unused */ /* Tell the cipher it's doing a speed test (SIV disallows multiple ops) */ -# define EVP_CTRL_SET_SPEED 0x27 +#define EVP_CTRL_SET_SPEED 0x27 /* Get the unprotectedAttrs from cipher ctx */ -# define EVP_CTRL_PROCESS_UNPROTECTED 0x28 +#define EVP_CTRL_PROCESS_UNPROTECTED 0x28 /* Get the supplementary wrap cipher */ -#define EVP_CTRL_GET_WRAP_CIPHER 0x29 +#define EVP_CTRL_GET_WRAP_CIPHER 0x29 /* TLSTREE key diversification */ -#define EVP_CTRL_TLSTREE 0x2A +#define EVP_CTRL_TLSTREE 0x2A /* Padding modes */ -#define EVP_PADDING_PKCS7 1 -#define EVP_PADDING_ISO7816_4 2 -#define EVP_PADDING_ANSI923 3 -#define EVP_PADDING_ISO10126 4 -#define EVP_PADDING_ZERO 5 +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 /* RFC 5246 defines additional data to be 13 bytes in length */ -# define EVP_AEAD_TLS1_AAD_LEN 13 +#define EVP_AEAD_TLS1_AAD_LEN 13 typedef struct { unsigned char *out; @@ -456,235 +445,234 @@ /* GCM TLS constants */ /* Length of fixed part of IV derived from PRF */ -# define EVP_GCM_TLS_FIXED_IV_LEN 4 +#define EVP_GCM_TLS_FIXED_IV_LEN 4 /* Length of explicit part of IV part of TLS records */ -# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 /* Length of tag for TLS */ -# define EVP_GCM_TLS_TAG_LEN 16 +#define EVP_GCM_TLS_TAG_LEN 16 /* CCM TLS constants */ /* Length of fixed part of IV derived from PRF */ -# define EVP_CCM_TLS_FIXED_IV_LEN 4 +#define EVP_CCM_TLS_FIXED_IV_LEN 4 /* Length of explicit part of IV part of TLS records */ -# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +#define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 /* Total length of CCM IV length for TLS */ -# define EVP_CCM_TLS_IV_LEN 12 +#define EVP_CCM_TLS_IV_LEN 12 /* Length of tag for TLS */ -# define EVP_CCM_TLS_TAG_LEN 16 +#define EVP_CCM_TLS_TAG_LEN 16 /* Length of CCM8 tag for TLS */ -# define EVP_CCM8_TLS_TAG_LEN 8 +#define EVP_CCM8_TLS_TAG_LEN 8 /* Length of tag for TLS */ -# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 +#define EVP_CHACHAPOLY_TLS_TAG_LEN 16 typedef struct evp_cipher_info_st { const EVP_CIPHER *cipher; unsigned char iv[EVP_MAX_IV_LENGTH]; } EVP_CIPHER_INFO; - /* Password based encryption function */ -typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *cipher, const EVP_MD *md, - int en_de); - -typedef int (EVP_PBE_KEYGEN_EX) (EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *cipher, const EVP_MD *md, - int en_de, OSSL_LIB_CTX *libctx, const char *propq); - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ - (rsa)) -# endif - -# ifndef OPENSSL_NO_DSA -# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ - (dsa)) -# endif - -# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) -# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh)) -# endif - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC -# define EVP_PKEY_assign_EC_KEY(pkey,eckey) \ - EVP_PKEY_assign((pkey), EVP_PKEY_EC, (eckey)) -# endif -# endif -# ifndef OPENSSL_NO_SIPHASH -# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\ - EVP_PKEY_SIPHASH,(shkey)) -# endif - -# ifndef OPENSSL_NO_POLY1305 -# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),\ - EVP_PKEY_POLY1305,(polykey)) -# endif +typedef int(EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +typedef int(EVP_PBE_KEYGEN_EX)(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de, OSSL_LIB_CTX *libctx, const char *propq); + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define EVP_PKEY_assign_RSA(pkey, rsa) EVP_PKEY_assign((pkey), EVP_PKEY_RSA, \ + (rsa)) +#endif + +#ifndef OPENSSL_NO_DSA +#define EVP_PKEY_assign_DSA(pkey, dsa) EVP_PKEY_assign((pkey), EVP_PKEY_DSA, \ + (dsa)) +#endif + +#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) +#define EVP_PKEY_assign_DH(pkey, dh) EVP_PKEY_assign((pkey), EVP_PKEY_DH, (dh)) +#endif + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_EC +#define EVP_PKEY_assign_EC_KEY(pkey, eckey) \ + EVP_PKEY_assign((pkey), EVP_PKEY_EC, (eckey)) +#endif +#endif +#ifndef OPENSSL_NO_SIPHASH +#define EVP_PKEY_assign_SIPHASH(pkey, shkey) EVP_PKEY_assign((pkey), \ + EVP_PKEY_SIPHASH, (shkey)) +#endif + +#ifndef OPENSSL_NO_POLY1305 +#define EVP_PKEY_assign_POLY1305(pkey, polykey) EVP_PKEY_assign((pkey), \ + EVP_PKEY_POLY1305, (polykey)) +#endif /* Add some extra combinations */ -# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) -# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) -# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) -# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) +#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) int EVP_MD_get_type(const EVP_MD *md); -# define EVP_MD_type EVP_MD_get_type -# define EVP_MD_nid EVP_MD_get_type +#define EVP_MD_type EVP_MD_get_type +#define EVP_MD_nid EVP_MD_get_type const char *EVP_MD_get0_name(const EVP_MD *md); -# define EVP_MD_name EVP_MD_get0_name +#define EVP_MD_name EVP_MD_get0_name const char *EVP_MD_get0_description(const EVP_MD *md); int EVP_MD_is_a(const EVP_MD *md, const char *name); int EVP_MD_names_do_all(const EVP_MD *md, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md); int EVP_MD_get_pkey_type(const EVP_MD *md); -# define EVP_MD_pkey_type EVP_MD_get_pkey_type +#define EVP_MD_pkey_type EVP_MD_get_pkey_type int EVP_MD_get_size(const EVP_MD *md); -# define EVP_MD_size EVP_MD_get_size +#define EVP_MD_size EVP_MD_get_size int EVP_MD_get_block_size(const EVP_MD *md); -# define EVP_MD_block_size EVP_MD_get_block_size +#define EVP_MD_block_size EVP_MD_get_block_size unsigned long EVP_MD_get_flags(const EVP_MD *md); -# define EVP_MD_flags EVP_MD_get_flags +#define EVP_MD_flags EVP_MD_get_flags const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, - const void *data, size_t count); + const void *data, size_t count); OSSL_DEPRECATEDIN_3_0 void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, - int (*update) (EVP_MD_CTX *ctx, - const void *data, size_t count)); -# endif -# define EVP_MD_CTX_get0_name(e) EVP_MD_get0_name(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_get_size(e) EVP_MD_get_size(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_size EVP_MD_CTX_get_size -# define EVP_MD_CTX_get_block_size(e) EVP_MD_get_block_size(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size -# define EVP_MD_CTX_get_type(e) EVP_MD_get_type(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_type EVP_MD_CTX_get_type + int (*update)(EVP_MD_CTX *ctx, + const void *data, size_t count)); +#endif +#define EVP_MD_CTX_get0_name(e) EVP_MD_get0_name(EVP_MD_CTX_get0_md(e)) +#define EVP_MD_CTX_get_size(e) EVP_MD_get_size(EVP_MD_CTX_get0_md(e)) +#define EVP_MD_CTX_size EVP_MD_CTX_get_size +#define EVP_MD_CTX_get_block_size(e) EVP_MD_get_block_size(EVP_MD_CTX_get0_md(e)) +#define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size +#define EVP_MD_CTX_get_type(e) EVP_MD_get_type(EVP_MD_CTX_get0_md(e)) +#define EVP_MD_CTX_type EVP_MD_CTX_get_type EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); -# define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx +#define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); -# define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data +#define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher); -# define EVP_CIPHER_nid EVP_CIPHER_get_nid +#define EVP_CIPHER_nid EVP_CIPHER_get_nid const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); -# define EVP_CIPHER_name EVP_CIPHER_get0_name +#define EVP_CIPHER_name EVP_CIPHER_get0_name const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher); -# define EVP_CIPHER_block_size EVP_CIPHER_get_block_size -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#define EVP_CIPHER_block_size EVP_CIPHER_get_block_size +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); -# endif +#endif int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher); -# define EVP_CIPHER_key_length EVP_CIPHER_get_key_length +#define EVP_CIPHER_key_length EVP_CIPHER_get_key_length int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher); -# define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length +#define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher); -# define EVP_CIPHER_flags EVP_CIPHER_get_flags +#define EVP_CIPHER_flags EVP_CIPHER_get_flags int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher); -# define EVP_CIPHER_mode EVP_CIPHER_get_mode +#define EVP_CIPHER_mode EVP_CIPHER_get_mode int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); -# define EVP_CIPHER_type EVP_CIPHER_get_type +#define EVP_CIPHER_type EVP_CIPHER_get_type EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); void EVP_CIPHER_free(EVP_CIPHER *cipher); const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting +#define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid +#define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size +#define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length +#define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length +#define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length +#ifndef OPENSSL_NO_DEPRECATED_3_0 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); OSSL_DEPRECATEDIN_3_0 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); -# endif +#endif int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); -# endif +#endif int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num +#define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); -# define EVP_CIPHER_CTX_get0_name(c) EVP_CIPHER_get0_name(EVP_CIPHER_CTX_get0_cipher(c)) -# define EVP_CIPHER_CTX_get_type(c) EVP_CIPHER_get_type(EVP_CIPHER_CTX_get0_cipher(c)) -# define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(c)) -# endif -# define EVP_CIPHER_CTX_get_mode(c) EVP_CIPHER_get_mode(EVP_CIPHER_CTX_get0_cipher(c)) -# define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode - -# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) -# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) - -# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) -# define EVP_SignInit(a,b) EVP_DigestInit(a,b) -# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) -# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) -# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) -# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) - -# ifdef CONST_STRICT +#define EVP_CIPHER_CTX_get0_name(c) EVP_CIPHER_get0_name(EVP_CIPHER_CTX_get0_cipher(c)) +#define EVP_CIPHER_CTX_get_type(c) EVP_CIPHER_get_type(EVP_CIPHER_CTX_get0_cipher(c)) +#define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(c)) +#endif +#define EVP_CIPHER_CTX_get_mode(c) EVP_CIPHER_get_mode(EVP_CIPHER_CTX_get0_cipher(c)) +#define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode + +#define EVP_ENCODE_LENGTH(l) ((((l) + 2) / 3 * 4) + ((l) / 48 + 1) * 2 + 80) +#define EVP_DECODE_LENGTH(l) (((l) + 3) / 4 * 3 + 80) + +#define EVP_SignInit_ex(a, b, c) EVP_DigestInit_ex(a, b, c) +#define EVP_SignInit(a, b) EVP_DigestInit(a, b) +#define EVP_SignUpdate(a, b, c) EVP_DigestUpdate(a, b, c) +#define EVP_VerifyInit_ex(a, b, c) EVP_DigestInit_ex(a, b, c) +#define EVP_VerifyInit(a, b) EVP_DigestInit(a, b) +#define EVP_VerifyUpdate(a, b, c) EVP_DigestUpdate(a, b, c) +#define EVP_OpenUpdate(a, b, c, d, e) EVP_DecryptUpdate(a, b, c, d, e) +#define EVP_SealUpdate(a, b, c, d, e) EVP_EncryptUpdate(a, b, c, d, e) + +#ifdef CONST_STRICT void BIO_set_md(BIO *, const EVP_MD *md); -# else -# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(void *)(md)) -# endif -# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(mdp)) -# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(mdcp)) -# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(mdcp)) -# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) -# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp)) +#else +#define BIO_set_md(b, md) BIO_ctrl(b, BIO_C_SET_MD, 0, (void *)(md)) +#endif +#define BIO_get_md(b, mdp) BIO_ctrl(b, BIO_C_GET_MD, 0, (mdp)) +#define BIO_get_md_ctx(b, mdcp) BIO_ctrl(b, BIO_C_GET_MD_CTX, 0, (mdcp)) +#define BIO_set_md_ctx(b, mdcp) BIO_ctrl(b, BIO_C_SET_MD_CTX, 0, (mdcp)) +#define BIO_get_cipher_status(b) BIO_ctrl(b, BIO_C_GET_CIPHER_STATUS, 0, NULL) +#define BIO_get_cipher_ctx(b, c_pp) BIO_ctrl(b, BIO_C_GET_CIPHER_CTX, 0, (c_pp)) /*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, - unsigned char *out, - const unsigned char *in, unsigned int inl); - -# define EVP_add_cipher_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) -# define EVP_add_digest_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) -# define EVP_delete_cipher_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); -# define EVP_delete_digest_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + unsigned char *out, + const unsigned char *in, unsigned int inl); + +#define EVP_add_cipher_alias(n, alias) \ + OBJ_NAME_add((alias), OBJ_NAME_TYPE_CIPHER_METH | OBJ_NAME_ALIAS, (n)) +#define EVP_add_digest_alias(n, alias) \ + OBJ_NAME_add((alias), OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, (n)) +#define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias, OBJ_NAME_TYPE_CIPHER_METH | OBJ_NAME_ALIAS); +#define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias, OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS); int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); @@ -698,157 +686,157 @@ EVP_MD_CTX *EVP_MD_CTX_new(void); int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); -# define EVP_MD_CTX_create() EVP_MD_CTX_new() -# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) -# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +#define EVP_MD_CTX_create() EVP_MD_CTX_new() +#define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +#define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) __owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); __owur int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, - const OSSL_PARAM params[]); + const OSSL_PARAM params[]); __owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, - ENGINE *impl); + ENGINE *impl); __owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, - size_t cnt); + size_t cnt); __owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, - unsigned int *s); + unsigned int *s); __owur int EVP_Digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, - const EVP_MD *type, ENGINE *impl); + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); __owur int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, - const char *propq, const void *data, size_t datalen, - unsigned char *md, size_t *mdlen); + const char *propq, const void *data, size_t datalen, + unsigned char *md, size_t *mdlen); __owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); __owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); __owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, - unsigned int *s); + unsigned int *s); __owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, - size_t len); + size_t len); __owur EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_MD_up_ref(EVP_MD *md); void EVP_MD_free(EVP_MD *md); int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, - const char *prompt, int verify); + const char *prompt, int verify); void EVP_set_pw_prompt(const char *prompt); char *EVP_get_pw_prompt(void); __owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, - const unsigned char *data, int datal, int count, - unsigned char *key, unsigned char *iv); + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); + const unsigned char *key, const unsigned char *iv); /*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, - const unsigned char *iv); + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, - const unsigned char *iv, - const OSSL_PARAM params[]); + const unsigned char *key, + const unsigned char *iv, + const OSSL_PARAM params[]); /*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); /*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); + int *outl); /*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); + int *outl); __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); + const unsigned char *key, const unsigned char *iv); /*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, - const unsigned char *iv); + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, - const unsigned char *iv, - const OSSL_PARAM params[]); + const unsigned char *key, + const unsigned char *iv, + const OSSL_PARAM params[]); /*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + int *outl); /*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + int *outl); __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - int enc); + const unsigned char *key, const unsigned char *iv, + int enc); /*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, - const unsigned char *iv, int enc); + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); __owur int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - int enc, const OSSL_PARAM params[]); + const unsigned char *key, const unsigned char *iv, + int enc, const OSSL_PARAM params[]); __owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + int *outl); __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + int *outl); __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, - EVP_PKEY *pkey); + EVP_PKEY *pkey); __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, - EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, - const char *propq); + EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, + const char *propq); __owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen, const unsigned char *tbs, - size_t tbslen); + size_t *siglen, const unsigned char *tbs, + size_t tbslen); __owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey); + unsigned int siglen, EVP_PKEY *pkey); __owur int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey, - OSSL_LIB_CTX *libctx, const char *propq); + unsigned int siglen, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const char *propq); __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, - size_t siglen, const unsigned char *tbs, - size_t tbslen); + size_t siglen, const unsigned char *tbs, + size_t tbslen); int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const char *mdname, OSSL_LIB_CTX *libctx, - const char *props, EVP_PKEY *pkey, - const OSSL_PARAM params[]); + const char *mdname, OSSL_LIB_CTX *libctx, + const char *props, EVP_PKEY *pkey, + const OSSL_PARAM params[]); /*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, - EVP_PKEY *pkey); + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen); + size_t *siglen); int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const char *mdname, OSSL_LIB_CTX *libctx, - const char *props, EVP_PKEY *pkey, - const OSSL_PARAM params[]); + const char *mdname, OSSL_LIB_CTX *libctx, + const char *props, EVP_PKEY *pkey, + const OSSL_PARAM params[]); __owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, - EVP_PKEY *pkey); + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); __owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen); + size_t siglen); __owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *ek, int ekl, - const unsigned char *iv, EVP_PKEY *priv); + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); __owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); __owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char **ek, int *ekl, unsigned char *iv, - EVP_PKEY **pubk, int npubk); + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); __owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); @@ -857,21 +845,20 @@ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); + const unsigned char *in, int inl); void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned - char *out, int *outl); + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) -# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +#define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +#endif EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); @@ -893,23 +880,23 @@ const BIO_METHOD *BIO_f_cipher(void); const BIO_METHOD *BIO_f_reliable(void); __owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, - const unsigned char *i, int enc); + const unsigned char *i, int enc); const EVP_MD *EVP_md_null(void); -# ifndef OPENSSL_NO_MD2 +#ifndef OPENSSL_NO_MD2 const EVP_MD *EVP_md2(void); -# endif -# ifndef OPENSSL_NO_MD4 +#endif +#ifndef OPENSSL_NO_MD4 const EVP_MD *EVP_md4(void); -# endif -# ifndef OPENSSL_NO_MD5 +#endif +#ifndef OPENSSL_NO_MD5 const EVP_MD *EVP_md5(void); const EVP_MD *EVP_md5_sha1(void); -# endif -# ifndef OPENSSL_NO_BLAKE2 +#endif +#ifndef OPENSSL_NO_BLAKE2 const EVP_MD *EVP_blake2b512(void); const EVP_MD *EVP_blake2s256(void); -# endif +#endif const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); @@ -924,33 +911,33 @@ const EVP_MD *EVP_shake128(void); const EVP_MD *EVP_shake256(void); -# ifndef OPENSSL_NO_MDC2 +#ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); -# endif -# ifndef OPENSSL_NO_RMD160 +#endif +#ifndef OPENSSL_NO_RMD160 const EVP_MD *EVP_ripemd160(void); -# endif -# ifndef OPENSSL_NO_WHIRLPOOL +#endif +#ifndef OPENSSL_NO_WHIRLPOOL const EVP_MD *EVP_whirlpool(void); -# endif -# ifndef OPENSSL_NO_SM3 +#endif +#ifndef OPENSSL_NO_SM3 const EVP_MD *EVP_sm3(void); -# endif +#endif const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ -# ifndef OPENSSL_NO_DES +#ifndef OPENSSL_NO_DES const EVP_CIPHER *EVP_des_ecb(void); const EVP_CIPHER *EVP_des_ede(void); const EVP_CIPHER *EVP_des_ede3(void); const EVP_CIPHER *EVP_des_ede_ecb(void); const EVP_CIPHER *EVP_des_ede3_ecb(void); const EVP_CIPHER *EVP_des_cfb64(void); -# define EVP_des_cfb EVP_des_cfb64 +#define EVP_des_cfb EVP_des_cfb64 const EVP_CIPHER *EVP_des_cfb1(void); const EVP_CIPHER *EVP_des_cfb8(void); const EVP_CIPHER *EVP_des_ede_cfb64(void); -# define EVP_des_ede_cfb EVP_des_ede_cfb64 +#define EVP_des_ede_cfb EVP_des_ede_cfb64 const EVP_CIPHER *EVP_des_ede3_cfb64(void); -# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +#define EVP_des_ede3_cfb EVP_des_ede3_cfb64 const EVP_CIPHER *EVP_des_ede3_cfb1(void); const EVP_CIPHER *EVP_des_ede3_cfb8(void); const EVP_CIPHER *EVP_des_ofb(void); @@ -966,57 +953,57 @@ * are rc4 and md5 declarations made here inside a "NO_DES" precompiler * branch? */ -# endif -# ifndef OPENSSL_NO_RC4 +#endif +#ifndef OPENSSL_NO_RC4 const EVP_CIPHER *EVP_rc4(void); const EVP_CIPHER *EVP_rc4_40(void); -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 const EVP_CIPHER *EVP_rc4_hmac_md5(void); -# endif -# endif -# ifndef OPENSSL_NO_IDEA +#endif +#endif +#ifndef OPENSSL_NO_IDEA const EVP_CIPHER *EVP_idea_ecb(void); const EVP_CIPHER *EVP_idea_cfb64(void); -# define EVP_idea_cfb EVP_idea_cfb64 +#define EVP_idea_cfb EVP_idea_cfb64 const EVP_CIPHER *EVP_idea_ofb(void); const EVP_CIPHER *EVP_idea_cbc(void); -# endif -# ifndef OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC2 const EVP_CIPHER *EVP_rc2_ecb(void); const EVP_CIPHER *EVP_rc2_cbc(void); const EVP_CIPHER *EVP_rc2_40_cbc(void); const EVP_CIPHER *EVP_rc2_64_cbc(void); const EVP_CIPHER *EVP_rc2_cfb64(void); -# define EVP_rc2_cfb EVP_rc2_cfb64 +#define EVP_rc2_cfb EVP_rc2_cfb64 const EVP_CIPHER *EVP_rc2_ofb(void); -# endif -# ifndef OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BF const EVP_CIPHER *EVP_bf_ecb(void); const EVP_CIPHER *EVP_bf_cbc(void); const EVP_CIPHER *EVP_bf_cfb64(void); -# define EVP_bf_cfb EVP_bf_cfb64 +#define EVP_bf_cfb EVP_bf_cfb64 const EVP_CIPHER *EVP_bf_ofb(void); -# endif -# ifndef OPENSSL_NO_CAST +#endif +#ifndef OPENSSL_NO_CAST const EVP_CIPHER *EVP_cast5_ecb(void); const EVP_CIPHER *EVP_cast5_cbc(void); const EVP_CIPHER *EVP_cast5_cfb64(void); -# define EVP_cast5_cfb EVP_cast5_cfb64 +#define EVP_cast5_cfb EVP_cast5_cfb64 const EVP_CIPHER *EVP_cast5_ofb(void); -# endif -# ifndef OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RC5 const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); -# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +#define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); -# endif +#endif const EVP_CIPHER *EVP_aes_128_ecb(void); const EVP_CIPHER *EVP_aes_128_cbc(void); const EVP_CIPHER *EVP_aes_128_cfb1(void); const EVP_CIPHER *EVP_aes_128_cfb8(void); const EVP_CIPHER *EVP_aes_128_cfb128(void); -# define EVP_aes_128_cfb EVP_aes_128_cfb128 +#define EVP_aes_128_cfb EVP_aes_128_cfb128 const EVP_CIPHER *EVP_aes_128_ofb(void); const EVP_CIPHER *EVP_aes_128_ctr(void); const EVP_CIPHER *EVP_aes_128_ccm(void); @@ -1024,30 +1011,30 @@ const EVP_CIPHER *EVP_aes_128_xts(void); const EVP_CIPHER *EVP_aes_128_wrap(void); const EVP_CIPHER *EVP_aes_128_wrap_pad(void); -# ifndef OPENSSL_NO_OCB +#ifndef OPENSSL_NO_OCB const EVP_CIPHER *EVP_aes_128_ocb(void); -# endif +#endif const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); const EVP_CIPHER *EVP_aes_192_cfb1(void); const EVP_CIPHER *EVP_aes_192_cfb8(void); const EVP_CIPHER *EVP_aes_192_cfb128(void); -# define EVP_aes_192_cfb EVP_aes_192_cfb128 +#define EVP_aes_192_cfb EVP_aes_192_cfb128 const EVP_CIPHER *EVP_aes_192_ofb(void); const EVP_CIPHER *EVP_aes_192_ctr(void); const EVP_CIPHER *EVP_aes_192_ccm(void); const EVP_CIPHER *EVP_aes_192_gcm(void); const EVP_CIPHER *EVP_aes_192_wrap(void); const EVP_CIPHER *EVP_aes_192_wrap_pad(void); -# ifndef OPENSSL_NO_OCB +#ifndef OPENSSL_NO_OCB const EVP_CIPHER *EVP_aes_192_ocb(void); -# endif +#endif const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); const EVP_CIPHER *EVP_aes_256_cfb1(void); const EVP_CIPHER *EVP_aes_256_cfb8(void); const EVP_CIPHER *EVP_aes_256_cfb128(void); -# define EVP_aes_256_cfb EVP_aes_256_cfb128 +#define EVP_aes_256_cfb EVP_aes_256_cfb128 const EVP_CIPHER *EVP_aes_256_ofb(void); const EVP_CIPHER *EVP_aes_256_ctr(void); const EVP_CIPHER *EVP_aes_256_ccm(void); @@ -1055,20 +1042,20 @@ const EVP_CIPHER *EVP_aes_256_xts(void); const EVP_CIPHER *EVP_aes_256_wrap(void); const EVP_CIPHER *EVP_aes_256_wrap_pad(void); -# ifndef OPENSSL_NO_OCB +#ifndef OPENSSL_NO_OCB const EVP_CIPHER *EVP_aes_256_ocb(void); -# endif +#endif const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); -# ifndef OPENSSL_NO_ARIA +#ifndef OPENSSL_NO_ARIA const EVP_CIPHER *EVP_aria_128_ecb(void); const EVP_CIPHER *EVP_aria_128_cbc(void); const EVP_CIPHER *EVP_aria_128_cfb1(void); const EVP_CIPHER *EVP_aria_128_cfb8(void); const EVP_CIPHER *EVP_aria_128_cfb128(void); -# define EVP_aria_128_cfb EVP_aria_128_cfb128 +#define EVP_aria_128_cfb EVP_aria_128_cfb128 const EVP_CIPHER *EVP_aria_128_ctr(void); const EVP_CIPHER *EVP_aria_128_ofb(void); const EVP_CIPHER *EVP_aria_128_gcm(void); @@ -1078,7 +1065,7 @@ const EVP_CIPHER *EVP_aria_192_cfb1(void); const EVP_CIPHER *EVP_aria_192_cfb8(void); const EVP_CIPHER *EVP_aria_192_cfb128(void); -# define EVP_aria_192_cfb EVP_aria_192_cfb128 +#define EVP_aria_192_cfb EVP_aria_192_cfb128 const EVP_CIPHER *EVP_aria_192_ctr(void); const EVP_CIPHER *EVP_aria_192_ofb(void); const EVP_CIPHER *EVP_aria_192_gcm(void); @@ -1088,19 +1075,19 @@ const EVP_CIPHER *EVP_aria_256_cfb1(void); const EVP_CIPHER *EVP_aria_256_cfb8(void); const EVP_CIPHER *EVP_aria_256_cfb128(void); -# define EVP_aria_256_cfb EVP_aria_256_cfb128 +#define EVP_aria_256_cfb EVP_aria_256_cfb128 const EVP_CIPHER *EVP_aria_256_ctr(void); const EVP_CIPHER *EVP_aria_256_ofb(void); const EVP_CIPHER *EVP_aria_256_gcm(void); const EVP_CIPHER *EVP_aria_256_ccm(void); -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA const EVP_CIPHER *EVP_camellia_128_ecb(void); const EVP_CIPHER *EVP_camellia_128_cbc(void); const EVP_CIPHER *EVP_camellia_128_cfb1(void); const EVP_CIPHER *EVP_camellia_128_cfb8(void); const EVP_CIPHER *EVP_camellia_128_cfb128(void); -# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +#define EVP_camellia_128_cfb EVP_camellia_128_cfb128 const EVP_CIPHER *EVP_camellia_128_ofb(void); const EVP_CIPHER *EVP_camellia_128_ctr(void); const EVP_CIPHER *EVP_camellia_192_ecb(void); @@ -1108,7 +1095,7 @@ const EVP_CIPHER *EVP_camellia_192_cfb1(void); const EVP_CIPHER *EVP_camellia_192_cfb8(void); const EVP_CIPHER *EVP_camellia_192_cfb128(void); -# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +#define EVP_camellia_192_cfb EVP_camellia_192_cfb128 const EVP_CIPHER *EVP_camellia_192_ofb(void); const EVP_CIPHER *EVP_camellia_192_ctr(void); const EVP_CIPHER *EVP_camellia_256_ecb(void); @@ -1116,56 +1103,60 @@ const EVP_CIPHER *EVP_camellia_256_cfb1(void); const EVP_CIPHER *EVP_camellia_256_cfb8(void); const EVP_CIPHER *EVP_camellia_256_cfb128(void); -# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +#define EVP_camellia_256_cfb EVP_camellia_256_cfb128 const EVP_CIPHER *EVP_camellia_256_ofb(void); const EVP_CIPHER *EVP_camellia_256_ctr(void); -# endif -# ifndef OPENSSL_NO_CHACHA +#endif +#ifndef OPENSSL_NO_CHACHA const EVP_CIPHER *EVP_chacha20(void); -# ifndef OPENSSL_NO_POLY1305 +#ifndef OPENSSL_NO_POLY1305 const EVP_CIPHER *EVP_chacha20_poly1305(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_SEED +#ifndef OPENSSL_NO_SEED const EVP_CIPHER *EVP_seed_ecb(void); const EVP_CIPHER *EVP_seed_cbc(void); const EVP_CIPHER *EVP_seed_cfb128(void); -# define EVP_seed_cfb EVP_seed_cfb128 +#define EVP_seed_cfb EVP_seed_cfb128 const EVP_CIPHER *EVP_seed_ofb(void); -# endif +#endif -# ifndef OPENSSL_NO_SM4 +#ifndef OPENSSL_NO_SM4 const EVP_CIPHER *EVP_sm4_ecb(void); const EVP_CIPHER *EVP_sm4_cbc(void); const EVP_CIPHER *EVP_sm4_cfb128(void); -# define EVP_sm4_cfb EVP_sm4_cfb128 +#define EVP_sm4_cfb EVP_sm4_cfb128 const EVP_CIPHER *EVP_sm4_ofb(void); const EVP_CIPHER *EVP_sm4_ctr(void); -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define OPENSSL_add_all_algorithms_conf() \ +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define OPENSSL_add_all_algorithms_conf() \ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ - | OPENSSL_INIT_ADD_ALL_DIGESTS \ - | OPENSSL_INIT_LOAD_CONFIG, NULL) -# define OPENSSL_add_all_algorithms_noconf() \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, \ + NULL) +#define OPENSSL_add_all_algorithms_noconf() \ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ - | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + | OPENSSL_INIT_ADD_ALL_DIGESTS, \ + NULL) -# ifdef OPENSSL_LOAD_CONF -# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() -# else -# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() -# endif +#ifdef OPENSSL_LOAD_CONF +#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +#else +#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +#endif -# define OpenSSL_add_all_ciphers() \ +#define OpenSSL_add_all_ciphers() \ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) -# define OpenSSL_add_all_digests() \ +#define OpenSSL_add_all_digests() \ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) -# define EVP_cleanup() while(0) continue -# endif +#define EVP_cleanup() \ + while (0) \ + continue +#endif int EVP_add_cipher(const EVP_CIPHER *cipher); int EVP_add_digest(const EVP_MD *digest); @@ -1173,30 +1164,30 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); -void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, void *x), - void *arg); -void EVP_CIPHER_do_all_sorted(void (*fn) - (const EVP_CIPHER *ciph, const char *from, - const char *to, void *x), void *arg); +void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), + void *arg); void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_CIPHER *cipher, void *arg), - void *arg); - -void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, - const char *from, const char *to, void *x), - void *arg); -void EVP_MD_do_all_sorted(void (*fn) - (const EVP_MD *ciph, const char *from, - const char *to, void *x), void *arg); + void (*fn)(EVP_CIPHER *cipher, void *arg), + void *arg); + +void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph, const char *from, + const char *to, void *x), + void *arg); void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_MD *md, void *arg), - void *arg); + void (*fn)(EVP_MD *md, void *arg), + void *arg); /* MAC stuff */ EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_MAC_up_ref(EVP_MAC *mac); void EVP_MAC_free(EVP_MAC *mac); const char *EVP_MAC_get0_name(const EVP_MAC *mac); @@ -1215,15 +1206,15 @@ size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx); size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx); unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq, - const char *subalg, const OSSL_PARAM *params, - const void *key, size_t keylen, - const unsigned char *data, size_t datalen, - unsigned char *out, size_t outsize, size_t *outlen); + const char *subalg, const OSSL_PARAM *params, + const void *key, size_t keylen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outsize, size_t *outlen); int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen, - const OSSL_PARAM params[]); + const OSSL_PARAM params[]); int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); int EVP_MAC_final(EVP_MAC_CTX *ctx, - unsigned char *out, size_t *outl, size_t outsize); + unsigned char *out, size_t *outl, size_t outsize); int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize); const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); @@ -1232,15 +1223,15 @@ const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx); void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_MAC *mac, void *arg), - void *arg); + void (*fn)(EVP_MAC *mac, void *arg), + void *arg); int EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); /* RAND stuff */ EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_RAND_up_ref(EVP_RAND *rand); void EVP_RAND_free(EVP_RAND *rand); const char *EVP_RAND_get0_name(const EVP_RAND *rand); @@ -1261,24 +1252,24 @@ const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx); void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_RAND *rand, void *arg), - void *arg); + void (*fn)(EVP_RAND *rand, void *arg), + void *arg); int EVP_RAND_names_do_all(const EVP_RAND *rand, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); __owur int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, - const OSSL_PARAM params[]); + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]); int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx); __owur int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, - size_t outlen, unsigned int strength, - int prediction_resistance, - const unsigned char *addin, size_t addin_len); + size_t outlen, unsigned int strength, + int prediction_resistance, + const unsigned char *addin, size_t addin_len); int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *addin, size_t addin_len); + const unsigned char *ent, size_t ent_len, + const unsigned char *addin, size_t addin_len); __owur int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen); __owur int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx); @@ -1286,60 +1277,60 @@ unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx); int EVP_RAND_get_state(EVP_RAND_CTX *ctx); -# define EVP_RAND_STATE_UNINITIALISED 0 -# define EVP_RAND_STATE_READY 1 -# define EVP_RAND_STATE_ERROR 2 +#define EVP_RAND_STATE_UNINITIALISED 0 +#define EVP_RAND_STATE_READY 1 +#define EVP_RAND_STATE_ERROR 2 /* PKEY stuff */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_decrypt_old(unsigned char *dec_key, - const unsigned char *enc_key, - int enc_key_len, - EVP_PKEY *private_key); + const unsigned char *enc_key, + int enc_key_len, + EVP_PKEY *private_key); OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_encrypt_old(unsigned char *enc_key, - const unsigned char *key, - int key_len, EVP_PKEY *pub_key); -# endif + const unsigned char *key, + int key_len, EVP_PKEY *pub_key); +#endif int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name); int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); int EVP_PKEY_type(int type); int EVP_PKEY_get_id(const EVP_PKEY *pkey); -# define EVP_PKEY_id EVP_PKEY_get_id +#define EVP_PKEY_id EVP_PKEY_get_id int EVP_PKEY_get_base_id(const EVP_PKEY *pkey); -# define EVP_PKEY_base_id EVP_PKEY_get_base_id +#define EVP_PKEY_base_id EVP_PKEY_get_base_id int EVP_PKEY_get_bits(const EVP_PKEY *pkey); -# define EVP_PKEY_bits EVP_PKEY_get_bits +#define EVP_PKEY_bits EVP_PKEY_get_bits int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey); -# define EVP_PKEY_security_bits EVP_PKEY_get_security_bits +#define EVP_PKEY_security_bits EVP_PKEY_get_security_bits int EVP_PKEY_get_size(const EVP_PKEY *pkey); -# define EVP_PKEY_size EVP_PKEY_get_size +#define EVP_PKEY_size EVP_PKEY_get_size int EVP_PKEY_can_sign(const EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_ENGINE OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); OSSL_DEPRECATEDIN_3_0 ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); -# endif +#endif OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); OSSL_DEPRECATEDIN_3_0 void *EVP_PKEY_get0(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); -# ifndef OPENSSL_NO_POLY1305 +#ifndef OPENSSL_NO_POLY1305 OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); -# endif -# ifndef OPENSSL_NO_SIPHASH +#endif +#ifndef OPENSSL_NO_SIPHASH OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); -# endif +#endif struct rsa_st; OSSL_DEPRECATEDIN_3_0 @@ -1349,7 +1340,7 @@ OSSL_DEPRECATEDIN_3_0 struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA struct dsa_st; OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); @@ -1357,16 +1348,16 @@ const struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); -# endif +#endif -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH struct dh_st; OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); OSSL_DEPRECATEDIN_3_0 const struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); -# endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC struct ec_key_st; OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); @@ -1374,8 +1365,8 @@ const struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); -# endif -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ EVP_PKEY *EVP_PKEY_new(void); int EVP_PKEY_up_ref(EVP_PKEY *pkey); @@ -1385,25 +1376,24 @@ const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key); EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length); + long length); int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp); - EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, - const char *propq); + long length, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length); + long length); EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, - const char *propq); + long length, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, - long length); + long length); int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp); int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp); EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, - long length); + long length); int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey); EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); @@ -1413,54 +1403,54 @@ int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); -# endif +#endif int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); + int indent, ASN1_PCTX *pctx); int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); + int indent, ASN1_PCTX *pctx); int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); -# ifndef OPENSSL_NO_STDIO + int indent, ASN1_PCTX *pctx); +#ifndef OPENSSL_NO_STDIO int EVP_PKEY_print_public_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); + int indent, ASN1_PCTX *pctx); int EVP_PKEY_print_private_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); + int indent, ASN1_PCTX *pctx); int EVP_PKEY_print_params_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); -# endif + int indent, ASN1_PCTX *pctx); +#endif int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, - char *mdname, size_t mdname_sz); + char *mdname, size_t mdname_sz); int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, - const char *name, const char *propq); + const char *name, const char *propq); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* * For backwards compatibility. Use EVP_PKEY_set1_encoded_public_key in * preference */ -# define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ - EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) -# endif +#define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ + EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) +#endif int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, - const unsigned char *pub, size_t publen); + const unsigned char *pub, size_t publen); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* * For backwards compatibility. Use EVP_PKEY_get1_encoded_public_key in * preference */ -# define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ - EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) -# endif +#define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ + EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) +#endif size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); @@ -1474,201 +1464,201 @@ /* PKCS5 password based encryption */ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx, - const char *propq); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx, + const char *propq); int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - int keylen, unsigned char *out); + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, int keylen, unsigned char *out); + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); #ifndef OPENSSL_NO_SCRYPT int EVP_PBE_scrypt(const char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen); + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); int EVP_PBE_scrypt_ex(const char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen, - OSSL_LIB_CTX *ctx, const char *propq); + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen, + OSSL_LIB_CTX *ctx, const char *propq); int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de); + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq); + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); #endif void PKCS5_PBE_add(void); int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de, - OSSL_LIB_CTX *libctx, const char *propq); + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); /* PBE type */ /* Can appear as the outermost AlgorithmIdentifier */ -# define EVP_PBE_TYPE_OUTER 0x0 +#define EVP_PBE_TYPE_OUTER 0x0 /* Is an PRF type OID */ -# define EVP_PBE_TYPE_PRF 0x1 +#define EVP_PBE_TYPE_PRF 0x1 /* Is a PKCS#5 v2.0 KDF */ -# define EVP_PBE_TYPE_KDF 0x2 +#define EVP_PBE_TYPE_KDF 0x2 int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, - int md_nid, EVP_PBE_KEYGEN *keygen); + int md_nid, EVP_PBE_KEYGEN *keygen); int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen); + EVP_PBE_KEYGEN *keygen); int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen); + EVP_PBE_KEYGEN **pkeygen); int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **pkeygen_ex); + EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **pkeygen_ex); void EVP_PBE_cleanup(void); int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); -# define ASN1_PKEY_ALIAS 0x1 -# define ASN1_PKEY_DYNAMIC 0x2 -# define ASN1_PKEY_SIGPARAM_NULL 0x4 +#define ASN1_PKEY_ALIAS 0x1 +#define ASN1_PKEY_DYNAMIC 0x2 +#define ASN1_PKEY_SIGPARAM_NULL 0x4 -# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 -# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 -# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 -# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 -# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 -# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 +#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +#define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +#define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 -# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 -# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa -# define ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED 0xb +#define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +#define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa +#define ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED 0xb int EVP_PKEY_asn1_get_count(void); const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - const char *str, int len); + const char *str, int len); int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); int EVP_PKEY_asn1_add_alias(int to, int from); int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, - int *ppkey_flags, const char **pinfo, - const char **ppem_str, - const EVP_PKEY_ASN1_METHOD *ameth); + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, - const char *pem_str, - const char *info); + const char *pem_str, + const char *info); void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, - const EVP_PKEY_ASN1_METHOD *src); + const EVP_PKEY_ASN1_METHOD *src); void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - int (*pub_decode) (EVP_PKEY *pk, - const X509_PUBKEY *pub), - int (*pub_encode) (X509_PUBKEY *pub, - const EVP_PKEY *pk), - int (*pub_cmp) (const EVP_PKEY *a, - const EVP_PKEY *b), - int (*pub_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx), - int (*pkey_size) (const EVP_PKEY *pk), - int (*pkey_bits) (const EVP_PKEY *pk)); + int (*pub_decode)(EVP_PKEY *pk, + const X509_PUBKEY *pub), + int (*pub_encode)(X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp)(const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print)(BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size)(const EVP_PKEY *pk), + int (*pkey_bits)(const EVP_PKEY *pk)); void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode) (EVP_PKEY *pk, - const PKCS8_PRIV_KEY_INFO - *p8inf), - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, - const EVP_PKEY *pk), - int (*priv_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, - ASN1_PCTX *pctx)); + int (*priv_decode)(EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print)(BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, - int (*param_decode) (EVP_PKEY *pkey, - const unsigned char **pder, - int derlen), - int (*param_encode) (const EVP_PKEY *pkey, - unsigned char **pder), - int (*param_missing) (const EVP_PKEY *pk), - int (*param_copy) (EVP_PKEY *to, - const EVP_PKEY *from), - int (*param_cmp) (const EVP_PKEY *a, - const EVP_PKEY *b), - int (*param_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, - ASN1_PCTX *pctx)); + int (*param_decode)(EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode)(const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing)(const EVP_PKEY *pk), + int (*param_copy)(EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp)(const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print)(BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, - void (*pkey_free) (EVP_PKEY *pkey)); + void (*pkey_free)(EVP_PKEY *pkey)); void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_ctrl) (EVP_PKEY *pkey, int op, - long arg1, void *arg2)); + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, + long arg1, void *arg2)); void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, - int (*item_verify) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - const void *data, - const X509_ALGOR *a, - const ASN1_BIT_STRING *sig, - EVP_PKEY *pkey), - int (*item_sign) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - const void *data, - X509_ALGOR *alg1, - X509_ALGOR *alg2, - ASN1_BIT_STRING *sig)); + int (*item_verify)(EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + const void *data, + const X509_ALGOR *a, + const ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign)(EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + const void *data, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, - int (*siginf_set) (X509_SIG_INFO *siginf, - const X509_ALGOR *alg, - const ASN1_STRING *sig)); + int (*siginf_set)(X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_check) (const EVP_PKEY *pk)); + int (*pkey_check)(const EVP_PKEY *pk)); void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_pub_check) (const EVP_PKEY *pk)); + int (*pkey_pub_check)(const EVP_PKEY *pk)); void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_param_check) (const EVP_PKEY *pk)); + int (*pkey_param_check)(const EVP_PKEY *pk)); void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*set_priv_key) (EVP_PKEY *pk, - const unsigned char - *priv, - size_t len)); + int (*set_priv_key)(EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*set_pub_key) (EVP_PKEY *pk, - const unsigned char *pub, - size_t len)); + int (*set_pub_key)(EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*get_priv_key) (const EVP_PKEY *pk, - unsigned char *priv, - size_t *len)); + int (*get_priv_key)(const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*get_pub_key) (const EVP_PKEY *pk, - unsigned char *pub, - size_t *len)); + int (*get_pub_key)(const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_security_bits) (const EVP_PKEY - *pk)); + int (*pkey_security_bits)(const EVP_PKEY + *pk)); int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); @@ -1681,82 +1671,81 @@ const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key); -# define EVP_PKEY_OP_UNDEFINED 0 -# define EVP_PKEY_OP_PARAMGEN (1<<1) -# define EVP_PKEY_OP_KEYGEN (1<<2) -# define EVP_PKEY_OP_FROMDATA (1<<3) -# define EVP_PKEY_OP_SIGN (1<<4) -# define EVP_PKEY_OP_VERIFY (1<<5) -# define EVP_PKEY_OP_VERIFYRECOVER (1<<6) -# define EVP_PKEY_OP_SIGNCTX (1<<7) -# define EVP_PKEY_OP_VERIFYCTX (1<<8) -# define EVP_PKEY_OP_ENCRYPT (1<<9) -# define EVP_PKEY_OP_DECRYPT (1<<10) -# define EVP_PKEY_OP_DERIVE (1<<11) -# define EVP_PKEY_OP_ENCAPSULATE (1<<12) -# define EVP_PKEY_OP_DECAPSULATE (1<<13) - -# define EVP_PKEY_OP_TYPE_SIG \ - (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ - | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) - -# define EVP_PKEY_OP_TYPE_CRYPT \ - (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) - -# define EVP_PKEY_OP_TYPE_NOGEN \ - (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) - -# define EVP_PKEY_OP_TYPE_GEN \ - (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) - +#define EVP_PKEY_OP_UNDEFINED 0 +#define EVP_PKEY_OP_PARAMGEN (1 << 1) +#define EVP_PKEY_OP_KEYGEN (1 << 2) +#define EVP_PKEY_OP_FROMDATA (1 << 3) +#define EVP_PKEY_OP_SIGN (1 << 4) +#define EVP_PKEY_OP_VERIFY (1 << 5) +#define EVP_PKEY_OP_VERIFYRECOVER (1 << 6) +#define EVP_PKEY_OP_SIGNCTX (1 << 7) +#define EVP_PKEY_OP_VERIFYCTX (1 << 8) +#define EVP_PKEY_OP_ENCRYPT (1 << 9) +#define EVP_PKEY_OP_DECRYPT (1 << 10) +#define EVP_PKEY_OP_DERIVE (1 << 11) +#define EVP_PKEY_OP_ENCAPSULATE (1 << 12) +#define EVP_PKEY_OP_DECAPSULATE (1 << 13) + +#define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +#define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +#define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +#define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, - int keylen); + int keylen); -# define EVP_PKEY_CTRL_MD 1 -# define EVP_PKEY_CTRL_PEER_KEY 2 -# define EVP_PKEY_CTRL_SET_MAC_KEY 6 -# define EVP_PKEY_CTRL_DIGESTINIT 7 +#define EVP_PKEY_CTRL_MD 1 +#define EVP_PKEY_CTRL_PEER_KEY 2 +#define EVP_PKEY_CTRL_SET_MAC_KEY 6 +#define EVP_PKEY_CTRL_DIGESTINIT 7 /* Used by GOST key encryption in TLS */ -# define EVP_PKEY_CTRL_SET_IV 8 -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 -# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 -# define EVP_PKEY_CTRL_PKCS7_SIGN 5 -# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 -# define EVP_PKEY_CTRL_CMS_DECRYPT 10 -# define EVP_PKEY_CTRL_CMS_SIGN 11 -# endif -# define EVP_PKEY_CTRL_CIPHER 12 -# define EVP_PKEY_CTRL_GET_MD 13 -# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 -# define EVP_PKEY_CTRL_SET1_ID 15 -# define EVP_PKEY_CTRL_GET1_ID 16 -# define EVP_PKEY_CTRL_GET1_ID_LEN 17 - -# define EVP_PKEY_ALG_CTRL 0x1000 - -# define EVP_PKEY_FLAG_AUTOARGLEN 2 +#define EVP_PKEY_CTRL_SET_IV 8 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 +#define EVP_PKEY_CTRL_PKCS7_SIGN 5 +#define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +#define EVP_PKEY_CTRL_CMS_DECRYPT 10 +#define EVP_PKEY_CTRL_CMS_SIGN 11 +#endif +#define EVP_PKEY_CTRL_CIPHER 12 +#define EVP_PKEY_CTRL_GET_MD 13 +#define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 +#define EVP_PKEY_CTRL_SET1_ID 15 +#define EVP_PKEY_CTRL_GET1_ID 16 +#define EVP_PKEY_CTRL_GET1_ID_LEN 17 + +#define EVP_PKEY_ALG_CTRL 0x1000 + +#define EVP_PKEY_FLAG_AUTOARGLEN 2 /* * Method handles all operations: don't assume any digest related defaults. */ -# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); OSSL_DEPRECATEDIN_3_0 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, - const EVP_PKEY_METHOD *meth); + const EVP_PKEY_METHOD *meth); OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, - const EVP_PKEY_METHOD *src); + const EVP_PKEY_METHOD *src); OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); -# endif +#endif EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt); @@ -1764,11 +1753,11 @@ const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt); int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), - void *arg); + void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), + void *arg); int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt); const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt); const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt); @@ -1776,10 +1765,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx, - const char *name, - const char *propquery); + const char *name, + const char *propquery); EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, - EVP_PKEY *pkey, const char *propquery); + EVP_PKEY *pkey, const char *propquery); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype); @@ -1789,11 +1778,11 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2); + int cmd, int p1, void *p2); int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, - const char *value); + const char *value); int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, uint64_t value); + int cmd, uint64_t value); int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); @@ -1804,30 +1793,30 @@ void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, - const unsigned char *key, int keylen); + const unsigned char *key, int keylen); EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, - const char *keytype, - const char *propq, - const unsigned char *priv, size_t len); + const char *keytype, + const char *propq, + const unsigned char *priv, size_t len); EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, - const unsigned char *priv, - size_t len); + const unsigned char *priv, + size_t len); EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OSSL_LIB_CTX *libctx, - const char *keytype, const char *propq, - const unsigned char *pub, size_t len); + const char *keytype, const char *propq, + const unsigned char *pub, size_t len); EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, - const unsigned char *pub, - size_t len); + const unsigned char *pub, + size_t len); int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, - size_t *len); + size_t *len); int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, - size_t *len); + size_t *len); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, - size_t len, const EVP_CIPHER *cipher); -# endif + size_t len, const EVP_CIPHER *cipher); +#endif void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX *ctx); @@ -1842,17 +1831,17 @@ int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature); void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_SIGNATURE *signature, - void *data), - void *data); + void (*fn)(EVP_SIGNATURE *signature, + void *data), + void *data); int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig); const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig); @@ -1860,17 +1849,17 @@ int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher); EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher); const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher); void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_ASYM_CIPHER *cipher, - void *arg), - void *arg); + void (*fn)(EVP_ASYM_CIPHER *cipher, + void *arg), + void *arg); int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *ciph); const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *ciph); @@ -1878,101 +1867,101 @@ int EVP_KEM_up_ref(EVP_KEM *wrap); OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *wrap); EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_KEM_is_a(const EVP_KEM *wrap, const char *name); const char *EVP_KEM_get0_name(const EVP_KEM *wrap); const char *EVP_KEM_get0_description(const EVP_KEM *wrap); void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEM *wrap, void *arg), void *arg); + void (*fn)(EVP_KEM *wrap, void *arg), void *arg); int EVP_KEM_names_do_all(const EVP_KEM *wrap, - void (*fn)(const char *name, void *data), void *data); + void (*fn)(const char *name, void *data), void *data); const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem); const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem); int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, - const OSSL_PARAM params[]); + const OSSL_PARAM params[]); int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_encrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer, - int validate_peer); + int validate_peer); int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, - unsigned char *wrappedkey, size_t *wrappedkeylen, - unsigned char *genkey, size_t *genkeylen); + unsigned char *wrappedkey, size_t *wrappedkeylen, + unsigned char *genkey, size_t *genkeylen); int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, - unsigned char *unwrapped, size_t *unwrappedlen, - const unsigned char *wrapped, size_t wrappedlen); + unsigned char *unwrapped, size_t *unwrappedlen, + const unsigned char *wrapped, size_t wrappedlen); typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, - OSSL_PARAM param[]); + OSSL_PARAM param[]); const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection); int EVP_PKEY_todata(const EVP_PKEY *pkey, int selection, OSSL_PARAM **params); int EVP_PKEY_export(const EVP_PKEY *pkey, int selection, - OSSL_CALLBACK *export_cb, void *export_cbarg); + OSSL_CALLBACK *export_cb, void *export_cbarg); const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey); int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]); int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name, - int *out); + int *out); int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name, - size_t *out); + size_t *out); int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name, - BIGNUM **bn); + BIGNUM **bn); int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, - char *str, size_t max_buf_sz, size_t *out_sz); + char *str, size_t max_buf_sz, size_t *out_sz); int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, - unsigned char *buf, size_t max_buf_sz, - size_t *out_sz); + unsigned char *buf, size_t max_buf_sz, + size_t *out_sz); const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey); int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]); int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in); int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in); int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, - const BIGNUM *bn); + const BIGNUM *bn); int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name, - const char *str); + const char *str); int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name, - const unsigned char *buf, size_t bsize); + const unsigned char *buf, size_t bsize); int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey); int EVP_PKEY_get_field_type(const EVP_PKEY *pkey); EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, - const char *type, ...); + const char *type, ...); int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); @@ -1986,7 +1975,7 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx); int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx); -# define EVP_PKEY_get_ex_new_index(l, p, newf, dupf, freef) \ +#define EVP_PKEY_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EVP_PKEY, l, p, newf, dupf, freef) int EVP_PKEY_set_ex_data(EVP_PKEY *key, int idx, void *arg); void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx); @@ -1995,163 +1984,118 @@ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init) (EVP_PKEY_CTX *ctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_copy - (EVP_PKEY_METHOD *pmeth, int (*copy) (EVP_PKEY_CTX *dst, - const EVP_PKEY_CTX *src)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_cleanup - (EVP_PKEY_METHOD *pmeth, void (*cleanup) (EVP_PKEY_CTX *ctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_paramgen - (EVP_PKEY_METHOD *pmeth, int (*paramgen_init) (EVP_PKEY_CTX *ctx), - int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_keygen - (EVP_PKEY_METHOD *pmeth, int (*keygen_init) (EVP_PKEY_CTX *ctx), - int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_sign - (EVP_PKEY_METHOD *pmeth, int (*sign_init) (EVP_PKEY_CTX *ctx), - int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verify - (EVP_PKEY_METHOD *pmeth, int (*verify_init) (EVP_PKEY_CTX *ctx), - int (*verify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verify_recover - (EVP_PKEY_METHOD *pmeth, int (*verify_recover_init) (EVP_PKEY_CTX *ctx), - int (*verify_recover) (EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_signctx - (EVP_PKEY_METHOD *pmeth, int (*signctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verifyctx - (EVP_PKEY_METHOD *pmeth, int (*verifyctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_encrypt - (EVP_PKEY_METHOD *pmeth, int (*encrypt_init) (EVP_PKEY_CTX *ctx), - int (*encryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_decrypt - (EVP_PKEY_METHOD *pmeth, int (*decrypt_init) (EVP_PKEY_CTX *ctx), - int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_derive - (EVP_PKEY_METHOD *pmeth, int (*derive_init) (EVP_PKEY_CTX *ctx), - int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_ctrl - (EVP_PKEY_METHOD *pmeth, int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, - void *p2), - int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digestsign - (EVP_PKEY_METHOD *pmeth, - int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digestverify - (EVP_PKEY_METHOD *pmeth, - int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_check - (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_public_check - (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_param_check - (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digest_custom - (EVP_PKEY_METHOD *pmeth, int (*digest_custom) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_init - (const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_copy - (const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, - const EVP_PKEY_CTX *src)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_cleanup - (const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_paramgen - (const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), - int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_keygen - (const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), - int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_sign - (const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), - int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verify - (const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), - int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verify_recover - (const EVP_PKEY_METHOD *pmeth, - int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), - int (**pverify_recover) (EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_signctx - (const EVP_PKEY_METHOD *pmeth, - int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (**psignctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verifyctx - (const EVP_PKEY_METHOD *pmeth, - int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (**pverifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, - int siglen, EVP_MD_CTX *mctx)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_encrypt - (const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), - int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_decrypt - (const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), - int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_derive - (const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), - int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_ctrl - (const EVP_PKEY_METHOD *pmeth, - int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), - int (**pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, - const char *value)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestsign - (const EVP_PKEY_METHOD *pmeth, - int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestverify - (const EVP_PKEY_METHOD *pmeth, - int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_check - (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_public_check - (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_param_check - (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); -OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digest_custom - (const EVP_PKEY_METHOD *pmeth, - int (**pdigest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)); -# endif + int (*init)(EVP_PKEY_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, int (*copy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, void (*cleanup)(EVP_PKEY_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, int (*paramgen_init)(EVP_PKEY_CTX *ctx), + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, int (*keygen_init)(EVP_PKEY_CTX *ctx), + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, int (*sign_init)(EVP_PKEY_CTX *ctx), + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, int (*verify_init)(EVP_PKEY_CTX *ctx), + int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, int (*verify_recover_init)(EVP_PKEY_CTX *ctx), + int (*verify_recover)(EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, int (*encrypt_init)(EVP_PKEY_CTX *ctx), + int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, int (*decrypt_init)(EVP_PKEY_CTX *ctx), + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, int (*derive_init)(EVP_PKEY_CTX *ctx), + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify)(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, int (*digest_custom)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit)(EVP_PKEY_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, int (**pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, void (**pcleanup)(EVP_PKEY_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init)(EVP_PKEY_CTX *ctx), + int (**pparamgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init)(EVP_PKEY_CTX *ctx), + int (**pkeygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, int (**psign_init)(EVP_PKEY_CTX *ctx), + int (**psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, int (**pverify_init)(EVP_PKEY_CTX *ctx), + int (**pverify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init)(EVP_PKEY_CTX *ctx), + int (**pverify_recover)(EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (**psignctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (**pverifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, + int siglen, EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init)(EVP_PKEY_CTX *ctx), + int (**pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init)(EVP_PKEY_CTX *ctx), + int (**pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, int (**pderive_init)(EVP_PKEY_CTX *ctx), + int (**pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (**pctrl_str)(EVP_PKEY_CTX *ctx, const char *type, + const char *value)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth, + int (**digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth, + int (**digestverify)(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck)(EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck)(EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck)(EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)); +#endif void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); + const char *properties); OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange); int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name); const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch); const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch); void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEYEXCH *keyexch, void *data), - void *data); + void (*fn)(EVP_KEYEXCH *keyexch, void *data), + void *data); int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch); const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch); @@ -2160,13 +2104,13 @@ int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name); int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen); int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char *name, size_t name_sz, - size_t *gname_len); + size_t *gname_len); OSSL_LIB_CTX *EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX *ctx); const char *EVP_PKEY_CTX_get0_propq(const EVP_PKEY_CTX *ctx); const OSSL_PROVIDER *EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX *ctx); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/evperr.h.orig +++ crypto/openssl/include/openssl/evperr.h @@ -9,126 +9,124 @@ */ #ifndef OPENSSL_EVPERR_H -# define OPENSSL_EVPERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_EVPERR_H +#pragma once +#include +#include +#include /* * EVP reason codes. */ -# define EVP_R_AES_KEY_SETUP_FAILED 143 -# define EVP_R_ARIA_KEY_SETUP_FAILED 176 -# define EVP_R_BAD_ALGORITHM_NAME 200 -# define EVP_R_BAD_DECRYPT 100 -# define EVP_R_BAD_KEY_LENGTH 195 -# define EVP_R_BUFFER_TOO_SMALL 155 -# define EVP_R_CACHE_CONSTANTS_FAILED 225 -# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 -# define EVP_R_CANNOT_GET_PARAMETERS 197 -# define EVP_R_CANNOT_SET_PARAMETERS 198 -# define EVP_R_CIPHER_NOT_GCM_MODE 184 -# define EVP_R_CIPHER_PARAMETER_ERROR 122 -# define EVP_R_COMMAND_NOT_SUPPORTED 147 -# define EVP_R_CONFLICTING_ALGORITHM_NAME 201 -# define EVP_R_COPY_ERROR 173 -# define EVP_R_CTRL_NOT_IMPLEMENTED 132 -# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 -# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 -# define EVP_R_DECODE_ERROR 114 -# define EVP_R_DEFAULT_QUERY_PARSE_ERROR 210 -# define EVP_R_DIFFERENT_KEY_TYPES 101 -# define EVP_R_DIFFERENT_PARAMETERS 153 -# define EVP_R_ERROR_LOADING_SECTION 165 -# define EVP_R_EXPECTING_AN_HMAC_KEY 174 -# define EVP_R_EXPECTING_AN_RSA_KEY 127 -# define EVP_R_EXPECTING_A_DH_KEY 128 -# define EVP_R_EXPECTING_A_DSA_KEY 129 -# define EVP_R_EXPECTING_A_ECX_KEY 219 -# define EVP_R_EXPECTING_A_EC_KEY 142 -# define EVP_R_EXPECTING_A_POLY1305_KEY 164 -# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 -# define EVP_R_FINAL_ERROR 188 -# define EVP_R_GENERATE_ERROR 214 -# define EVP_R_GET_RAW_KEY_FAILED 182 -# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 -# define EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS 204 -# define EVP_R_INACCESSIBLE_KEY 203 -# define EVP_R_INITIALIZATION_ERROR 134 -# define EVP_R_INPUT_NOT_INITIALIZED 111 -# define EVP_R_INVALID_CUSTOM_LENGTH 185 -# define EVP_R_INVALID_DIGEST 152 -# define EVP_R_INVALID_IV_LENGTH 194 -# define EVP_R_INVALID_KEY 163 -# define EVP_R_INVALID_KEY_LENGTH 130 -# define EVP_R_INVALID_LENGTH 221 -# define EVP_R_INVALID_NULL_ALGORITHM 218 -# define EVP_R_INVALID_OPERATION 148 -# define EVP_R_INVALID_PROVIDER_FUNCTIONS 193 -# define EVP_R_INVALID_SALT_LENGTH 186 -# define EVP_R_INVALID_SECRET_LENGTH 223 -# define EVP_R_INVALID_SEED_LENGTH 220 -# define EVP_R_INVALID_VALUE 222 -# define EVP_R_KEYMGMT_EXPORT_FAILURE 205 -# define EVP_R_KEY_SETUP_FAILED 180 -# define EVP_R_LOCKING_NOT_SUPPORTED 213 -# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 -# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 -# define EVP_R_METHOD_NOT_SUPPORTED 144 -# define EVP_R_MISSING_PARAMETERS 103 -# define EVP_R_NOT_ABLE_TO_COPY_CTX 190 -# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 -# define EVP_R_NO_CIPHER_SET 131 -# define EVP_R_NO_DEFAULT_DIGEST 158 -# define EVP_R_NO_DIGEST_SET 139 -# define EVP_R_NO_IMPORT_FUNCTION 206 -# define EVP_R_NO_KEYMGMT_AVAILABLE 199 -# define EVP_R_NO_KEYMGMT_PRESENT 196 -# define EVP_R_NO_KEY_SET 154 -# define EVP_R_NO_OPERATION_SET 149 -# define EVP_R_NULL_MAC_PKEY_CTX 208 -# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 -# define EVP_R_OPERATION_NOT_INITIALIZED 151 -# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 -# define EVP_R_OUTPUT_WOULD_OVERFLOW 202 -# define EVP_R_PARAMETER_TOO_LARGE 187 -# define EVP_R_PARTIALLY_OVERLAPPING 162 -# define EVP_R_PBKDF2_ERROR 181 -# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 -# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 -# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 -# define EVP_R_PUBLIC_KEY_NOT_RSA 106 -# define EVP_R_SETTING_XOF_FAILED 227 -# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209 -# define EVP_R_TOO_MANY_RECORDS 183 -# define EVP_R_UNABLE_TO_ENABLE_LOCKING 212 -# define EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE 215 -# define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH 216 -# define EVP_R_UNABLE_TO_LOCK_CONTEXT 211 -# define EVP_R_UNABLE_TO_SET_CALLBACKS 217 -# define EVP_R_UNKNOWN_CIPHER 160 -# define EVP_R_UNKNOWN_DIGEST 161 -# define EVP_R_UNKNOWN_KEY_TYPE 207 -# define EVP_R_UNKNOWN_OPTION 169 -# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 -# define EVP_R_UNSUPPORTED_ALGORITHM 156 -# define EVP_R_UNSUPPORTED_CIPHER 107 -# define EVP_R_UNSUPPORTED_KEYLENGTH 123 -# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 -# define EVP_R_UNSUPPORTED_KEY_SIZE 108 -# define EVP_R_UNSUPPORTED_KEY_TYPE 224 -# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 -# define EVP_R_UNSUPPORTED_PRF 125 -# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 -# define EVP_R_UNSUPPORTED_SALT_TYPE 126 -# define EVP_R_UPDATE_ERROR 189 -# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 -# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 -# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 -# define EVP_R_XTS_DUPLICATED_KEYS 192 +#define EVP_R_AES_KEY_SETUP_FAILED 143 +#define EVP_R_ARIA_KEY_SETUP_FAILED 176 +#define EVP_R_BAD_ALGORITHM_NAME 200 +#define EVP_R_BAD_DECRYPT 100 +#define EVP_R_BAD_KEY_LENGTH 195 +#define EVP_R_BUFFER_TOO_SMALL 155 +#define EVP_R_CACHE_CONSTANTS_FAILED 225 +#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +#define EVP_R_CANNOT_GET_PARAMETERS 197 +#define EVP_R_CANNOT_SET_PARAMETERS 198 +#define EVP_R_CIPHER_NOT_GCM_MODE 184 +#define EVP_R_CIPHER_PARAMETER_ERROR 122 +#define EVP_R_COMMAND_NOT_SUPPORTED 147 +#define EVP_R_CONFLICTING_ALGORITHM_NAME 201 +#define EVP_R_COPY_ERROR 173 +#define EVP_R_CTRL_NOT_IMPLEMENTED 132 +#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +#define EVP_R_DECODE_ERROR 114 +#define EVP_R_DEFAULT_QUERY_PARSE_ERROR 210 +#define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_DIFFERENT_PARAMETERS 153 +#define EVP_R_ERROR_LOADING_SECTION 165 +#define EVP_R_EXPECTING_AN_HMAC_KEY 174 +#define EVP_R_EXPECTING_AN_RSA_KEY 127 +#define EVP_R_EXPECTING_A_DH_KEY 128 +#define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_EXPECTING_A_ECX_KEY 219 +#define EVP_R_EXPECTING_A_EC_KEY 142 +#define EVP_R_EXPECTING_A_POLY1305_KEY 164 +#define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +#define EVP_R_FINAL_ERROR 188 +#define EVP_R_GENERATE_ERROR 214 +#define EVP_R_GET_RAW_KEY_FAILED 182 +#define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +#define EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS 204 +#define EVP_R_INACCESSIBLE_KEY 203 +#define EVP_R_INITIALIZATION_ERROR 134 +#define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_CUSTOM_LENGTH 185 +#define EVP_R_INVALID_DIGEST 152 +#define EVP_R_INVALID_IV_LENGTH 194 +#define EVP_R_INVALID_KEY 163 +#define EVP_R_INVALID_KEY_LENGTH 130 +#define EVP_R_INVALID_LENGTH 221 +#define EVP_R_INVALID_NULL_ALGORITHM 218 +#define EVP_R_INVALID_OPERATION 148 +#define EVP_R_INVALID_PROVIDER_FUNCTIONS 193 +#define EVP_R_INVALID_SALT_LENGTH 186 +#define EVP_R_INVALID_SECRET_LENGTH 223 +#define EVP_R_INVALID_SEED_LENGTH 220 +#define EVP_R_INVALID_VALUE 222 +#define EVP_R_KEYMGMT_EXPORT_FAILURE 205 +#define EVP_R_KEY_SETUP_FAILED 180 +#define EVP_R_LOCKING_NOT_SUPPORTED 213 +#define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +#define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +#define EVP_R_METHOD_NOT_SUPPORTED 144 +#define EVP_R_MISSING_PARAMETERS 103 +#define EVP_R_NOT_ABLE_TO_COPY_CTX 190 +#define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +#define EVP_R_NO_CIPHER_SET 131 +#define EVP_R_NO_DEFAULT_DIGEST 158 +#define EVP_R_NO_DIGEST_SET 139 +#define EVP_R_NO_IMPORT_FUNCTION 206 +#define EVP_R_NO_KEYMGMT_AVAILABLE 199 +#define EVP_R_NO_KEYMGMT_PRESENT 196 +#define EVP_R_NO_KEY_SET 154 +#define EVP_R_NO_OPERATION_SET 149 +#define EVP_R_NULL_MAC_PKEY_CTX 208 +#define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +#define EVP_R_OPERATION_NOT_INITIALIZED 151 +#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +#define EVP_R_OUTPUT_WOULD_OVERFLOW 202 +#define EVP_R_PARAMETER_TOO_LARGE 187 +#define EVP_R_PARTIALLY_OVERLAPPING 162 +#define EVP_R_PBKDF2_ERROR 181 +#define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +#define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_SETTING_XOF_FAILED 227 +#define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209 +#define EVP_R_TOO_MANY_RECORDS 183 +#define EVP_R_UNABLE_TO_ENABLE_LOCKING 212 +#define EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE 215 +#define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH 216 +#define EVP_R_UNABLE_TO_LOCK_CONTEXT 211 +#define EVP_R_UNABLE_TO_SET_CALLBACKS 217 +#define EVP_R_UNKNOWN_CIPHER 160 +#define EVP_R_UNKNOWN_DIGEST 161 +#define EVP_R_UNKNOWN_KEY_TYPE 207 +#define EVP_R_UNKNOWN_OPTION 169 +#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +#define EVP_R_UNSUPPORTED_ALGORITHM 156 +#define EVP_R_UNSUPPORTED_CIPHER 107 +#define EVP_R_UNSUPPORTED_KEYLENGTH 123 +#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +#define EVP_R_UNSUPPORTED_KEY_SIZE 108 +#define EVP_R_UNSUPPORTED_KEY_TYPE 224 +#define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +#define EVP_R_UNSUPPORTED_PRF 125 +#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +#define EVP_R_UNSUPPORTED_SALT_TYPE 126 +#define EVP_R_UPDATE_ERROR 189 +#define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +#define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 +#define EVP_R_XTS_DUPLICATED_KEYS 192 #endif --- crypto/openssl/include/openssl/fips_names.h.orig +++ crypto/openssl/include/openssl/fips_names.h @@ -8,12 +8,12 @@ */ #ifndef OPENSSL_FIPS_NAMES_H -# define OPENSSL_FIPS_NAMES_H -# pragma once +#define OPENSSL_FIPS_NAMES_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * Parameter names that the FIPS Provider defines @@ -23,38 +23,38 @@ * The calculated MAC of the module file (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac" +#define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac" /* * A version number for the fips install process (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version" +#define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version" /* * The calculated MAC of the install status indicator (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac" +#define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac" /* * The install status indicator (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status" +#define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status" /* * A boolean that determines if the FIPS conditional test errors result in * the module entering an error state. * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors" +#define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors" /* * A boolean that determines if the runtime FIPS security checks are performed. * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks" +#define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks" -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif /* OPENSSL_FIPS_NAMES_H */ --- crypto/openssl/include/openssl/fipskey.h.orig +++ crypto/openssl/include/openssl/fipskey.h @@ -11,26 +11,30 @@ */ #ifndef OPENSSL_FIPSKEY_H -# define OPENSSL_FIPSKEY_H -# pragma once +#define OPENSSL_FIPSKEY_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * The FIPS validation HMAC key, usable as an array initializer. */ +/* clang-format off */ #define FIPS_KEY_ELEMENTS \ 0xf4, 0x55, 0x66, 0x50, 0xac, 0x31, 0xd3, 0x54, 0x61, 0x61, 0x0b, 0xac, 0x4e, 0xd8, 0x1b, 0x1a, 0x18, 0x1b, 0x2d, 0x8a, 0x43, 0xea, 0x28, 0x54, 0xcb, 0xae, 0x22, 0xca, 0x74, 0x56, 0x08, 0x13 +/* clang-format on */ /* * The FIPS validation key, as a string. */ +/* clang-format off */ #define FIPS_KEY_STRING "f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" +/* clang-format on */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/fipskey.h.in.orig +++ crypto/openssl/include/openssl/fipskey.h.in @@ -10,26 +10,30 @@ */ #ifndef OPENSSL_FIPSKEY_H -# define OPENSSL_FIPSKEY_H -# pragma once +#define OPENSSL_FIPSKEY_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * The FIPS validation HMAC key, usable as an array initializer. */ +/* clang-format off */ #define FIPS_KEY_ELEMENTS \ {- join(', ', map { "0x$_" } unpack("(A2)*", $config{FIPSKEY})) -} +/* clang-format on */ /* * The FIPS validation key, as a string. */ +/* clang-format off */ #define FIPS_KEY_STRING "{- $config{FIPSKEY} -}" +/* clang-format on */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/hmac.h.orig +++ crypto/openssl/include/openssl/hmac.h @@ -8,55 +8,55 @@ */ #ifndef OPENSSL_HMAC_H -# define OPENSSL_HMAC_H -# pragma once +#define OPENSSL_HMAC_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_HMAC_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_HMAC_H +#endif -# include +#include -# include +#include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HMAC_MAX_MD_CBLOCK 200 /* Deprecated */ -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HMAC_MAX_MD_CBLOCK 200 /* Deprecated */ +#endif -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 size_t HMAC_size(const HMAC_CTX *e); OSSL_DEPRECATEDIN_3_0 HMAC_CTX *HMAC_CTX_new(void); OSSL_DEPRECATEDIN_3_0 int HMAC_CTX_reset(HMAC_CTX *ctx); OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_free(HMAC_CTX *ctx); -# endif -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur int HMAC_Init(HMAC_CTX *ctx, - const void *key, int len, - const EVP_MD *md); -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 + const void *key, int len, + const EVP_MD *md); +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl); + const EVP_MD *md, ENGINE *impl); OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, - size_t len); + size_t len); OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, - unsigned int *len); + unsigned int *len); OSSL_DEPRECATEDIN_3_0 __owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); OSSL_DEPRECATEDIN_3_0 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); -# endif +#endif unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *data, size_t data_len, - unsigned char *md, unsigned int *md_len); + const unsigned char *data, size_t data_len, + unsigned char *md, unsigned int *md_len); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/http.h.orig +++ crypto/openssl/include/openssl/http.h @@ -9,102 +9,101 @@ */ #ifndef OPENSSL_HTTP_H -# define OPENSSL_HTTP_H -# pragma once +#define OPENSSL_HTTP_H +#pragma once -# include +#include -# include -# include -# include +#include +#include +#include - -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define OSSL_HTTP_NAME "http" -# define OSSL_HTTPS_NAME "https" -# define OSSL_HTTP_PREFIX OSSL_HTTP_NAME"://" -# define OSSL_HTTPS_PREFIX OSSL_HTTPS_NAME"://" -# define OSSL_HTTP_PORT "80" -# define OSSL_HTTPS_PORT "443" -# define OPENSSL_NO_PROXY "NO_PROXY" -# define OPENSSL_HTTP_PROXY "HTTP_PROXY" -# define OPENSSL_HTTPS_PROXY "HTTPS_PROXY" +#define OSSL_HTTP_NAME "http" +#define OSSL_HTTPS_NAME "https" +#define OSSL_HTTP_PREFIX OSSL_HTTP_NAME "://" +#define OSSL_HTTPS_PREFIX OSSL_HTTPS_NAME "://" +#define OSSL_HTTP_PORT "80" +#define OSSL_HTTPS_PORT "443" +#define OPENSSL_NO_PROXY "NO_PROXY" +#define OPENSSL_HTTP_PROXY "HTTP_PROXY" +#define OPENSSL_HTTPS_PROXY "HTTPS_PROXY" -# define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) -# define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) -# define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024) +#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) +#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) +#define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024) /* Low-level HTTP API */ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size); void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx); int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, - const char *server, const char *port, - const char *path); + const char *server, const char *port, + const char *path); int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx, - const char *name, const char *value); + const char *name, const char *value); int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx, - const char *content_type, int asn1, - int timeout, int keep_alive); + const char *content_type, int asn1, + int timeout, int keep_alive); int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, - const ASN1_ITEM *it, const ASN1_VALUE *req); + const ASN1_ITEM *it, const ASN1_VALUE *req); int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx); int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx, - ASN1_VALUE **pval, const ASN1_ITEM *it); + ASN1_VALUE **pval, const ASN1_ITEM *it); BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx); BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx); size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx); void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, - unsigned long len); + unsigned long len); int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx); /* High-level HTTP API */ typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail); OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port, - const char *proxy, const char *no_proxy, - int use_ssl, BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, int overall_timeout); + const char *proxy, const char *no_proxy, + int use_ssl, BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, int overall_timeout); int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, - const char *proxyuser, const char *proxypass, - int timeout, BIO *bio_err, const char *prog); + const char *proxyuser, const char *proxypass, + int timeout, BIO *bio_err, const char *prog); int OSSL_HTTP_set1_request(OSSL_HTTP_REQ_CTX *rctx, const char *path, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, BIO *req, - const char *expected_content_type, int expect_asn1, - size_t max_resp_len, int timeout, int keep_alive); + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, BIO *req, + const char *expected_content_type, int expect_asn1, + size_t max_resp_len, int timeout, int keep_alive); BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url); BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, - BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, const STACK_OF(CONF_VALUE) *headers, - const char *expected_content_type, int expect_asn1, - size_t max_resp_len, int timeout); + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, const STACK_OF(CONF_VALUE) *headers, + const char *expected_content_type, int expect_asn1, + size_t max_resp_len, int timeout); BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx, - const char *server, const char *port, - const char *path, int use_ssl, - const char *proxy, const char *no_proxy, - BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, const STACK_OF(CONF_VALUE) *headers, - const char *content_type, BIO *req, - const char *expected_content_type, int expect_asn1, - size_t max_resp_len, int timeout, int keep_alive); + const char *server, const char *port, + const char *path, int use_ssl, + const char *proxy, const char *no_proxy, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, const STACK_OF(CONF_VALUE) *headers, + const char *content_type, BIO *req, + const char *expected_content_type, int expect_asn1, + size_t max_resp_len, int timeout, int keep_alive); int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok); /* Auxiliary functions */ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, - char **pport, int *pport_num, - char **ppath, char **pquery, char **pfrag); + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag); int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, - char **pport, int *pport_num, - char **ppath, char **pquery, char **pfrag); + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag); const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, - const char *server, int use_ssl); + const char *server, int use_ssl); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif /* !defined(OPENSSL_HTTP_H) */ --- crypto/openssl/include/openssl/httperr.h.orig +++ crypto/openssl/include/openssl/httperr.h @@ -9,47 +9,45 @@ */ #ifndef OPENSSL_HTTPERR_H -# define OPENSSL_HTTPERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_HTTPERR_H +#pragma once +#include +#include +#include /* * HTTP reason codes. */ -# define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN 108 -# define HTTP_R_CONNECT_FAILURE 100 -# define HTTP_R_ERROR_PARSING_ASN1_LENGTH 109 -# define HTTP_R_ERROR_PARSING_CONTENT_LENGTH 119 -# define HTTP_R_ERROR_PARSING_URL 101 -# define HTTP_R_ERROR_RECEIVING 103 -# define HTTP_R_ERROR_SENDING 102 -# define HTTP_R_FAILED_READING_DATA 128 -# define HTTP_R_HEADER_PARSE_ERROR 126 -# define HTTP_R_INCONSISTENT_CONTENT_LENGTH 120 -# define HTTP_R_INVALID_PORT_NUMBER 123 -# define HTTP_R_INVALID_URL_PATH 125 -# define HTTP_R_INVALID_URL_SCHEME 124 -# define HTTP_R_MAX_RESP_LEN_EXCEEDED 117 -# define HTTP_R_MISSING_ASN1_ENCODING 110 -# define HTTP_R_MISSING_CONTENT_TYPE 121 -# define HTTP_R_MISSING_REDIRECT_LOCATION 111 -# define HTTP_R_RECEIVED_ERROR 105 -# define HTTP_R_RECEIVED_WRONG_HTTP_VERSION 106 -# define HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP 112 -# define HTTP_R_REDIRECTION_NOT_ENABLED 116 -# define HTTP_R_RESPONSE_LINE_TOO_LONG 113 -# define HTTP_R_RESPONSE_PARSE_ERROR 104 -# define HTTP_R_RETRY_TIMEOUT 129 -# define HTTP_R_SERVER_CANCELED_CONNECTION 127 -# define HTTP_R_SOCK_NOT_SUPPORTED 122 -# define HTTP_R_STATUS_CODE_UNSUPPORTED 114 -# define HTTP_R_TLS_NOT_ENABLED 107 -# define HTTP_R_TOO_MANY_REDIRECTIONS 115 -# define HTTP_R_UNEXPECTED_CONTENT_TYPE 118 +#define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN 108 +#define HTTP_R_CONNECT_FAILURE 100 +#define HTTP_R_ERROR_PARSING_ASN1_LENGTH 109 +#define HTTP_R_ERROR_PARSING_CONTENT_LENGTH 119 +#define HTTP_R_ERROR_PARSING_URL 101 +#define HTTP_R_ERROR_RECEIVING 103 +#define HTTP_R_ERROR_SENDING 102 +#define HTTP_R_FAILED_READING_DATA 128 +#define HTTP_R_HEADER_PARSE_ERROR 126 +#define HTTP_R_INCONSISTENT_CONTENT_LENGTH 120 +#define HTTP_R_INVALID_PORT_NUMBER 123 +#define HTTP_R_INVALID_URL_PATH 125 +#define HTTP_R_INVALID_URL_SCHEME 124 +#define HTTP_R_MAX_RESP_LEN_EXCEEDED 117 +#define HTTP_R_MISSING_ASN1_ENCODING 110 +#define HTTP_R_MISSING_CONTENT_TYPE 121 +#define HTTP_R_MISSING_REDIRECT_LOCATION 111 +#define HTTP_R_RECEIVED_ERROR 105 +#define HTTP_R_RECEIVED_WRONG_HTTP_VERSION 106 +#define HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP 112 +#define HTTP_R_REDIRECTION_NOT_ENABLED 116 +#define HTTP_R_RESPONSE_LINE_TOO_LONG 113 +#define HTTP_R_RESPONSE_PARSE_ERROR 104 +#define HTTP_R_RETRY_TIMEOUT 129 +#define HTTP_R_SERVER_CANCELED_CONNECTION 127 +#define HTTP_R_SOCK_NOT_SUPPORTED 122 +#define HTTP_R_STATUS_CODE_UNSUPPORTED 114 +#define HTTP_R_TLS_NOT_ENABLED 107 +#define HTTP_R_TOO_MANY_REDIRECTIONS 115 +#define HTTP_R_UNEXPECTED_CONTENT_TYPE 118 #endif --- crypto/openssl/include/openssl/idea.h.orig +++ crypto/openssl/include/openssl/idea.h @@ -8,30 +8,30 @@ */ #ifndef OPENSSL_IDEA_H -# define OPENSSL_IDEA_H -# pragma once +#define OPENSSL_IDEA_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_IDEA_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_IDEA_H +#endif -# include +#include -# ifndef OPENSSL_NO_IDEA -# ifdef __cplusplus +#ifndef OPENSSL_NO_IDEA +#ifdef __cplusplus extern "C" { -# endif +#endif -# define IDEA_BLOCK 8 -# define IDEA_KEY_LENGTH 16 +#define IDEA_BLOCK 8 +#define IDEA_KEY_LENGTH 16 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef unsigned int IDEA_INT; -# define IDEA_ENCRYPT 1 -# define IDEA_DECRYPT 0 +#define IDEA_ENCRYPT 1 +#define IDEA_DECRYPT 0 typedef struct idea_key_st { IDEA_INT data[9][6]; @@ -40,43 +40,43 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const char *IDEA_options(void); OSSL_DEPRECATEDIN_3_0 void IDEA_ecb_encrypt(const unsigned char *in, - unsigned char *out, - IDEA_KEY_SCHEDULE *ks); + unsigned char *out, + IDEA_KEY_SCHEDULE *ks); OSSL_DEPRECATEDIN_3_0 void IDEA_set_encrypt_key(const unsigned char *key, - IDEA_KEY_SCHEDULE *ks); + IDEA_KEY_SCHEDULE *ks); OSSL_DEPRECATEDIN_3_0 void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, - IDEA_KEY_SCHEDULE *dk); + IDEA_KEY_SCHEDULE *dk); OSSL_DEPRECATEDIN_3_0 void IDEA_cbc_encrypt(const unsigned char *in, - unsigned char *out, long length, - IDEA_KEY_SCHEDULE *ks, - unsigned char *iv, int enc); + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int enc); OSSL_DEPRECATEDIN_3_0 void IDEA_cfb64_encrypt(const unsigned char *in, - unsigned char *out, long length, - IDEA_KEY_SCHEDULE *ks, - unsigned char *iv, int *num, - int enc); + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int *num, + int enc); OSSL_DEPRECATEDIN_3_0 void IDEA_ofb64_encrypt(const unsigned char *in, - unsigned char *out, long length, - IDEA_KEY_SCHEDULE *ks, - unsigned char *iv, int *num); + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int *num); OSSL_DEPRECATEDIN_3_0 void IDEA_encrypt(unsigned long *in, - IDEA_KEY_SCHEDULE *ks); + IDEA_KEY_SCHEDULE *ks); #endif -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define idea_options IDEA_options -# define idea_ecb_encrypt IDEA_ecb_encrypt -# define idea_set_encrypt_key IDEA_set_encrypt_key -# define idea_set_decrypt_key IDEA_set_decrypt_key -# define idea_cbc_encrypt IDEA_cbc_encrypt -# define idea_cfb64_encrypt IDEA_cfb64_encrypt -# define idea_ofb64_encrypt IDEA_ofb64_encrypt -# define idea_encrypt IDEA_encrypt -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define idea_options IDEA_options +#define idea_ecb_encrypt IDEA_ecb_encrypt +#define idea_set_encrypt_key IDEA_set_encrypt_key +#define idea_set_decrypt_key IDEA_set_decrypt_key +#define idea_cbc_encrypt IDEA_cbc_encrypt +#define idea_cfb64_encrypt IDEA_cfb64_encrypt +#define idea_ofb64_encrypt IDEA_ofb64_encrypt +#define idea_encrypt IDEA_encrypt +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/kdf.h.orig +++ crypto/openssl/include/openssl/kdf.h @@ -8,27 +8,27 @@ */ #ifndef OPENSSL_KDF_H -# define OPENSSL_KDF_H -# pragma once +#define OPENSSL_KDF_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_KDF_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_KDF_H +#endif -# include -# include -# include -# include +#include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int EVP_KDF_up_ref(EVP_KDF *kdf); void EVP_KDF_free(EVP_KDF *kdf); EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties); + const char *properties); EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); @@ -42,7 +42,7 @@ void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx); size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx); int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]); + const OSSL_PARAM params[]); int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); @@ -53,74 +53,74 @@ const OSSL_PARAM *EVP_KDF_CTX_settable_params(EVP_KDF_CTX *ctx); void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KDF *kdf, void *arg), - void *arg); + void (*fn)(EVP_KDF *kdf, void *arg), + void *arg); int EVP_KDF_names_do_all(const EVP_KDF *kdf, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); -# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 -# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 -# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 +#define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 +#define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 +#define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 -#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 -#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68 -#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 -#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 /**** The legacy PKEY-based KDF API follows. ****/ -# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) -# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) -# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) -# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) -# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) -# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) -# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) -# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) -# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) -# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) -# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) -# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) -# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) -# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) - -# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \ - EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND -# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY \ - EVP_KDF_HKDF_MODE_EXTRACT_ONLY -# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY \ - EVP_KDF_HKDF_MODE_EXPAND_ONLY +#define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +#define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +#define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +#define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +#define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +#define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +#define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +#define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \ + EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND +#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY \ + EVP_KDF_HKDF_MODE_EXTRACT_ONLY +#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY \ + EVP_KDF_HKDF_MODE_EXPAND_ONLY int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, - const unsigned char *sec, int seclen); + const unsigned char *sec, int seclen); int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, - const unsigned char *seed, int seedlen); + const unsigned char *seed, int seedlen); int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx, - const unsigned char *salt, int saltlen); + const unsigned char *salt, int saltlen); int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, - const unsigned char *key, int keylen); + const unsigned char *key, int keylen); int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, - const unsigned char *info, int infolen); + const unsigned char *info, int infolen); int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode); -# define EVP_PKEY_CTX_hkdf_mode EVP_PKEY_CTX_set_hkdf_mode +#define EVP_PKEY_CTX_hkdf_mode EVP_PKEY_CTX_set_hkdf_mode int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass, - int passlen); + int passlen); int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx, - const unsigned char *salt, int saltlen); + const unsigned char *salt, int saltlen); int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n); @@ -129,10 +129,9 @@ int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p); int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx, - uint64_t maxmem_bytes); + uint64_t maxmem_bytes); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/kdferr.h.orig +++ crypto/openssl/include/openssl/kdferr.h @@ -8,8 +8,8 @@ */ #ifndef OPENSSL_KDFERR_H -# define OPENSSL_KDFERR_H -# pragma once +#define OPENSSL_KDFERR_H +#pragma once #include --- crypto/openssl/include/openssl/lhash.h.orig +++ crypto/openssl/include/openssl/lhash.h @@ -7,33 +7,35 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ /* * Header for dynamic hash table routines Author - Eric Young */ #ifndef OPENSSL_LHASH_H -# define OPENSSL_LHASH_H -# pragma once +#define OPENSSL_LHASH_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_LHASH_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_LHASH_H +#endif -# include -# include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif typedef struct lhash_node_st OPENSSL_LH_NODE; -typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); -typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); -typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); -typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC)(void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG)(void *, void *); typedef struct lhash_st OPENSSL_LHASH; /* @@ -46,36 +48,41 @@ */ /* First: "hash" functions */ -# define DECLARE_LHASH_HASH_FN(name, o_type) \ - unsigned long name##_LHASH_HASH(const void *); -# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ - unsigned long name##_LHASH_HASH(const void *arg) { \ - const o_type *a = arg; \ - return name##_hash(a); } -# define LHASH_HASH_FN(name) name##_LHASH_HASH +#define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) \ + { \ + const o_type *a = arg; \ + return name##_hash(a); \ + } +#define LHASH_HASH_FN(name) name##_LHASH_HASH /* Second: "compare" functions */ -# define DECLARE_LHASH_COMP_FN(name, o_type) \ - int name##_LHASH_COMP(const void *, const void *); -# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ - int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ - const o_type *a = arg1; \ - const o_type *b = arg2; \ - return name##_cmp(a,b); } -# define LHASH_COMP_FN(name) name##_LHASH_COMP +#define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) \ + { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a, b); \ + } +#define LHASH_COMP_FN(name) name##_LHASH_COMP /* Fourth: "doall_arg" functions */ -# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ - void name##_LHASH_DOALL_ARG(void *, void *); -# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ - void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ - o_type *a = arg1; \ - a_type *b = arg2; \ - name##_doall_arg(a, b); } -# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG - +#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) \ + { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); \ + } +#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG -# define LH_LOAD_MULT 256 +#define LH_LOAD_MULT 256 int OPENSSL_LH_error(OPENSSL_LHASH *lh); OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); @@ -91,146 +98,160 @@ unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); -# endif +#endif void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define _LHASH OPENSSL_LHASH -# define LHASH_NODE OPENSSL_LH_NODE -# define lh_error OPENSSL_LH_error -# define lh_new OPENSSL_LH_new -# define lh_free OPENSSL_LH_free -# define lh_insert OPENSSL_LH_insert -# define lh_delete OPENSSL_LH_delete -# define lh_retrieve OPENSSL_LH_retrieve -# define lh_doall OPENSSL_LH_doall -# define lh_doall_arg OPENSSL_LH_doall_arg -# define lh_strhash OPENSSL_LH_strhash -# define lh_num_items OPENSSL_LH_num_items -# ifndef OPENSSL_NO_STDIO -# define lh_stats OPENSSL_LH_stats -# define lh_node_stats OPENSSL_LH_node_stats -# define lh_node_usage_stats OPENSSL_LH_node_usage_stats -# endif -# define lh_stats_bio OPENSSL_LH_stats_bio -# define lh_node_stats_bio OPENSSL_LH_node_stats_bio -# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define _LHASH OPENSSL_LHASH +#define LHASH_NODE OPENSSL_LH_NODE +#define lh_error OPENSSL_LH_error +#define lh_new OPENSSL_LH_new +#define lh_free OPENSSL_LH_free +#define lh_insert OPENSSL_LH_insert +#define lh_delete OPENSSL_LH_delete +#define lh_retrieve OPENSSL_LH_retrieve +#define lh_doall OPENSSL_LH_doall +#define lh_doall_arg OPENSSL_LH_doall_arg +#define lh_strhash OPENSSL_LH_strhash +#define lh_num_items OPENSSL_LH_num_items +#ifndef OPENSSL_NO_STDIO +#define lh_stats OPENSSL_LH_stats +#define lh_node_stats OPENSSL_LH_node_stats +#define lh_node_usage_stats OPENSSL_LH_node_usage_stats +#endif +#define lh_stats_bio OPENSSL_LH_stats_bio +#define lh_node_stats_bio OPENSSL_LH_node_stats_bio +#define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +#endif /* Type checking... */ -# define LHASH_OF(type) struct lhash_st_##type +#define LHASH_OF(type) struct lhash_st_##type /* Helper macro for internal use */ -# define DEFINE_LHASH_OF_INTERNAL(type) \ - LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ - typedef int (*lh_##type##_compfunc)(const type *a, const type *b); \ - typedef unsigned long (*lh_##type##_hashfunc)(const type *a); \ - typedef void (*lh_##type##_doallfunc)(type *a); \ - static ossl_unused ossl_inline type *ossl_check_##type##_lh_plain_type(type *ptr) \ - { \ - return ptr; \ - } \ - static ossl_unused ossl_inline const type *ossl_check_const_##type##_lh_plain_type(const type *ptr) \ - { \ - return ptr; \ - } \ - static ossl_unused ossl_inline const OPENSSL_LHASH *ossl_check_const_##type##_lh_type(const LHASH_OF(type) *lh) \ - { \ - return (const OPENSSL_LHASH *)lh; \ - } \ - static ossl_unused ossl_inline OPENSSL_LHASH *ossl_check_##type##_lh_type(LHASH_OF(type) *lh) \ - { \ - return (OPENSSL_LHASH *)lh; \ - } \ - static ossl_unused ossl_inline OPENSSL_LH_COMPFUNC ossl_check_##type##_lh_compfunc_type(lh_##type##_compfunc cmp) \ - { \ - return (OPENSSL_LH_COMPFUNC)cmp; \ - } \ - static ossl_unused ossl_inline OPENSSL_LH_HASHFUNC ossl_check_##type##_lh_hashfunc_type(lh_##type##_hashfunc hfn) \ - { \ - return (OPENSSL_LH_HASHFUNC)hfn; \ - } \ +#define DEFINE_LHASH_OF_INTERNAL(type) \ + LHASH_OF(type) \ + { \ + union lh_##type##_dummy { \ + void *d1; \ + unsigned long d2; \ + int d3; \ + } dummy; \ + }; \ + typedef int (*lh_##type##_compfunc)(const type *a, const type *b); \ + typedef unsigned long (*lh_##type##_hashfunc)(const type *a); \ + typedef void (*lh_##type##_doallfunc)(type * a); \ + static ossl_unused ossl_inline type *ossl_check_##type##_lh_plain_type(type *ptr) \ + { \ + return ptr; \ + } \ + static ossl_unused ossl_inline const type *ossl_check_const_##type##_lh_plain_type(const type *ptr) \ + { \ + return ptr; \ + } \ + static ossl_unused ossl_inline const OPENSSL_LHASH *ossl_check_const_##type##_lh_type(const LHASH_OF(type) *lh) \ + { \ + return (const OPENSSL_LHASH *)lh; \ + } \ + static ossl_unused ossl_inline OPENSSL_LHASH *ossl_check_##type##_lh_type(LHASH_OF(type) *lh) \ + { \ + return (OPENSSL_LHASH *)lh; \ + } \ + static ossl_unused ossl_inline OPENSSL_LH_COMPFUNC ossl_check_##type##_lh_compfunc_type(lh_##type##_compfunc cmp) \ + { \ + return (OPENSSL_LH_COMPFUNC)cmp; \ + } \ + static ossl_unused ossl_inline OPENSSL_LH_HASHFUNC ossl_check_##type##_lh_hashfunc_type(lh_##type##_hashfunc hfn) \ + { \ + return (OPENSSL_LH_HASHFUNC)hfn; \ + } \ static ossl_unused ossl_inline OPENSSL_LH_DOALL_FUNC ossl_check_##type##_lh_doallfunc_type(lh_##type##_doallfunc dfn) \ - { \ - return (OPENSSL_LH_DOALL_FUNC)dfn; \ - } \ + { \ + return (OPENSSL_LH_DOALL_FUNC)dfn; \ + } \ LHASH_OF(type) -# define DEFINE_LHASH_OF(type) \ - LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ - static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ - int (*cfn)(const type *, const type *)) \ - { \ - return (LHASH_OF(type) *) \ - OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ - } \ - static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ - { \ - OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline void lh_##type##_flush(LHASH_OF(type) *lh) \ - { \ - OPENSSL_LH_flush((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ - { \ - return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ - } \ - static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ - { \ - return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ - } \ - static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ - { \ - return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ - } \ - static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ - { \ - return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ - { \ - return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ - { \ - OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ - } \ +#define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) \ + { \ + union lh_##type##_dummy { \ + void *d1; \ + unsigned long d2; \ + int d3; \ + } dummy; \ + }; \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_flush(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_flush((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ - { \ - OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ - } \ - static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ - { \ - OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ - } \ - static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ - { \ - return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ - { \ - OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ - } \ - static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ - void (*doall)(type *)) \ - { \ - OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ - } \ - static ossl_unused ossl_inline void lh_##type##_doall_arg(LHASH_OF(type) *lh, \ - void (*doallarg)(type *, void *), \ - void *arg) \ - { \ - OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \ - (OPENSSL_LH_DOALL_FUNCARG)doallarg, arg); \ - } \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall_arg(LHASH_OF(type) *lh, \ + void (*doallarg)(type *, void *), \ + void *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \ + (OPENSSL_LH_DOALL_FUNCARG)doallarg, arg); \ + } \ LHASH_OF(type) #define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ @@ -239,16 +260,17 @@ #define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ int_implement_lhash_doall(type, argtype, type) -#define int_implement_lhash_doall(type, argtype, cbargtype) \ - static ossl_unused ossl_inline void \ - lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ - void (*fn)(cbargtype *, argtype *), \ - argtype *arg) \ - { \ +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ - } \ + } \ LHASH_OF(type) +/* clang-format off */ DEFINE_LHASH_OF_INTERNAL(OPENSSL_STRING); #define lh_OPENSSL_STRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(ossl_check_OPENSSL_STRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_STRING_lh_compfunc_type(cmp))) #define lh_OPENSSL_STRING_free(lh) OPENSSL_LH_free(ossl_check_OPENSSL_STRING_lh_type(lh)) @@ -280,8 +302,9 @@ #define lh_OPENSSL_CSTRING_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_OPENSSL_CSTRING_lh_type(lh), dl) #define lh_OPENSSL_CSTRING_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_OPENSSL_CSTRING_lh_doallfunc_type(dfn)) +/* clang-format on */ -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/lhash.h.in.orig +++ crypto/openssl/include/openssl/lhash.h.in @@ -7,35 +7,37 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_lhash_macros); -} +/* clang-format on */ /* * Header for dynamic hash table routines Author - Eric Young */ #ifndef OPENSSL_LHASH_H -# define OPENSSL_LHASH_H -# pragma once +#define OPENSSL_LHASH_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_LHASH_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_LHASH_H +#endif -# include -# include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif typedef struct lhash_node_st OPENSSL_LH_NODE; -typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); -typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); -typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); -typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC)(void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG)(void *, void *); typedef struct lhash_st OPENSSL_LHASH; /* @@ -48,36 +50,41 @@ */ /* First: "hash" functions */ -# define DECLARE_LHASH_HASH_FN(name, o_type) \ - unsigned long name##_LHASH_HASH(const void *); -# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ - unsigned long name##_LHASH_HASH(const void *arg) { \ - const o_type *a = arg; \ - return name##_hash(a); } -# define LHASH_HASH_FN(name) name##_LHASH_HASH +#define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) \ + { \ + const o_type *a = arg; \ + return name##_hash(a); \ + } +#define LHASH_HASH_FN(name) name##_LHASH_HASH /* Second: "compare" functions */ -# define DECLARE_LHASH_COMP_FN(name, o_type) \ - int name##_LHASH_COMP(const void *, const void *); -# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ - int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ - const o_type *a = arg1; \ - const o_type *b = arg2; \ - return name##_cmp(a,b); } -# define LHASH_COMP_FN(name) name##_LHASH_COMP +#define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) \ + { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a, b); \ + } +#define LHASH_COMP_FN(name) name##_LHASH_COMP /* Fourth: "doall_arg" functions */ -# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ - void name##_LHASH_DOALL_ARG(void *, void *); -# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ - void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ - o_type *a = arg1; \ - a_type *b = arg2; \ - name##_doall_arg(a, b); } -# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG - +#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) \ + { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); \ + } +#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG -# define LH_LOAD_MULT 256 +#define LH_LOAD_MULT 256 int OPENSSL_LH_error(OPENSSL_LHASH *lh); OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); @@ -93,146 +100,160 @@ unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); -# endif +#endif void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define _LHASH OPENSSL_LHASH -# define LHASH_NODE OPENSSL_LH_NODE -# define lh_error OPENSSL_LH_error -# define lh_new OPENSSL_LH_new -# define lh_free OPENSSL_LH_free -# define lh_insert OPENSSL_LH_insert -# define lh_delete OPENSSL_LH_delete -# define lh_retrieve OPENSSL_LH_retrieve -# define lh_doall OPENSSL_LH_doall -# define lh_doall_arg OPENSSL_LH_doall_arg -# define lh_strhash OPENSSL_LH_strhash -# define lh_num_items OPENSSL_LH_num_items -# ifndef OPENSSL_NO_STDIO -# define lh_stats OPENSSL_LH_stats -# define lh_node_stats OPENSSL_LH_node_stats -# define lh_node_usage_stats OPENSSL_LH_node_usage_stats -# endif -# define lh_stats_bio OPENSSL_LH_stats_bio -# define lh_node_stats_bio OPENSSL_LH_node_stats_bio -# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define _LHASH OPENSSL_LHASH +#define LHASH_NODE OPENSSL_LH_NODE +#define lh_error OPENSSL_LH_error +#define lh_new OPENSSL_LH_new +#define lh_free OPENSSL_LH_free +#define lh_insert OPENSSL_LH_insert +#define lh_delete OPENSSL_LH_delete +#define lh_retrieve OPENSSL_LH_retrieve +#define lh_doall OPENSSL_LH_doall +#define lh_doall_arg OPENSSL_LH_doall_arg +#define lh_strhash OPENSSL_LH_strhash +#define lh_num_items OPENSSL_LH_num_items +#ifndef OPENSSL_NO_STDIO +#define lh_stats OPENSSL_LH_stats +#define lh_node_stats OPENSSL_LH_node_stats +#define lh_node_usage_stats OPENSSL_LH_node_usage_stats +#endif +#define lh_stats_bio OPENSSL_LH_stats_bio +#define lh_node_stats_bio OPENSSL_LH_node_stats_bio +#define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +#endif /* Type checking... */ -# define LHASH_OF(type) struct lhash_st_##type +#define LHASH_OF(type) struct lhash_st_##type /* Helper macro for internal use */ -# define DEFINE_LHASH_OF_INTERNAL(type) \ - LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ - typedef int (*lh_##type##_compfunc)(const type *a, const type *b); \ - typedef unsigned long (*lh_##type##_hashfunc)(const type *a); \ - typedef void (*lh_##type##_doallfunc)(type *a); \ - static ossl_unused ossl_inline type *ossl_check_##type##_lh_plain_type(type *ptr) \ - { \ - return ptr; \ - } \ - static ossl_unused ossl_inline const type *ossl_check_const_##type##_lh_plain_type(const type *ptr) \ - { \ - return ptr; \ - } \ - static ossl_unused ossl_inline const OPENSSL_LHASH *ossl_check_const_##type##_lh_type(const LHASH_OF(type) *lh) \ - { \ - return (const OPENSSL_LHASH *)lh; \ - } \ - static ossl_unused ossl_inline OPENSSL_LHASH *ossl_check_##type##_lh_type(LHASH_OF(type) *lh) \ - { \ - return (OPENSSL_LHASH *)lh; \ - } \ - static ossl_unused ossl_inline OPENSSL_LH_COMPFUNC ossl_check_##type##_lh_compfunc_type(lh_##type##_compfunc cmp) \ - { \ - return (OPENSSL_LH_COMPFUNC)cmp; \ - } \ - static ossl_unused ossl_inline OPENSSL_LH_HASHFUNC ossl_check_##type##_lh_hashfunc_type(lh_##type##_hashfunc hfn) \ - { \ - return (OPENSSL_LH_HASHFUNC)hfn; \ - } \ +#define DEFINE_LHASH_OF_INTERNAL(type) \ + LHASH_OF(type) \ + { \ + union lh_##type##_dummy { \ + void *d1; \ + unsigned long d2; \ + int d3; \ + } dummy; \ + }; \ + typedef int (*lh_##type##_compfunc)(const type *a, const type *b); \ + typedef unsigned long (*lh_##type##_hashfunc)(const type *a); \ + typedef void (*lh_##type##_doallfunc)(type * a); \ + static ossl_unused ossl_inline type *ossl_check_##type##_lh_plain_type(type *ptr) \ + { \ + return ptr; \ + } \ + static ossl_unused ossl_inline const type *ossl_check_const_##type##_lh_plain_type(const type *ptr) \ + { \ + return ptr; \ + } \ + static ossl_unused ossl_inline const OPENSSL_LHASH *ossl_check_const_##type##_lh_type(const LHASH_OF(type) *lh) \ + { \ + return (const OPENSSL_LHASH *)lh; \ + } \ + static ossl_unused ossl_inline OPENSSL_LHASH *ossl_check_##type##_lh_type(LHASH_OF(type) *lh) \ + { \ + return (OPENSSL_LHASH *)lh; \ + } \ + static ossl_unused ossl_inline OPENSSL_LH_COMPFUNC ossl_check_##type##_lh_compfunc_type(lh_##type##_compfunc cmp) \ + { \ + return (OPENSSL_LH_COMPFUNC)cmp; \ + } \ + static ossl_unused ossl_inline OPENSSL_LH_HASHFUNC ossl_check_##type##_lh_hashfunc_type(lh_##type##_hashfunc hfn) \ + { \ + return (OPENSSL_LH_HASHFUNC)hfn; \ + } \ static ossl_unused ossl_inline OPENSSL_LH_DOALL_FUNC ossl_check_##type##_lh_doallfunc_type(lh_##type##_doallfunc dfn) \ - { \ - return (OPENSSL_LH_DOALL_FUNC)dfn; \ - } \ + { \ + return (OPENSSL_LH_DOALL_FUNC)dfn; \ + } \ LHASH_OF(type) -# define DEFINE_LHASH_OF(type) \ - LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ - static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ - int (*cfn)(const type *, const type *)) \ - { \ - return (LHASH_OF(type) *) \ - OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ - } \ - static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ - { \ - OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline void lh_##type##_flush(LHASH_OF(type) *lh) \ - { \ - OPENSSL_LH_flush((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ - { \ - return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ - } \ - static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ - { \ - return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ - } \ - static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ - { \ - return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ - } \ - static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ - { \ - return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ - { \ - return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ - { \ - OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ - } \ +#define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) \ + { \ + union lh_##type##_dummy { \ + void *d1; \ + unsigned long d2; \ + int d3; \ + } dummy; \ + }; \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_flush(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_flush((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ - { \ - OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ - } \ - static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ - { \ - OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ - } \ - static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ - { \ - return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ - } \ - static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ - { \ - OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ - } \ - static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ - void (*doall)(type *)) \ - { \ - OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ - } \ - static ossl_unused ossl_inline void lh_##type##_doall_arg(LHASH_OF(type) *lh, \ - void (*doallarg)(type *, void *), \ - void *arg) \ - { \ - OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \ - (OPENSSL_LH_DOALL_FUNCARG)doallarg, arg); \ - } \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall_arg(LHASH_OF(type) *lh, \ + void (*doallarg)(type *, void *), \ + void *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \ + (OPENSSL_LH_DOALL_FUNCARG)doallarg, arg); \ + } \ LHASH_OF(type) #define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ @@ -241,22 +262,24 @@ #define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ int_implement_lhash_doall(type, argtype, type) -#define int_implement_lhash_doall(type, argtype, cbargtype) \ - static ossl_unused ossl_inline void \ - lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ - void (*fn)(cbargtype *, argtype *), \ - argtype *arg) \ - { \ +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ - } \ + } \ LHASH_OF(type) +/* clang-format off */ {- generate_lhash_macros("OPENSSL_STRING") .generate_lhash_macros("OPENSSL_CSTRING"); -} +/* clang-format on */ -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/macros.h.orig +++ crypto/openssl/include/openssl/macros.h @@ -8,22 +8,21 @@ */ #ifndef OPENSSL_MACROS_H -# define OPENSSL_MACROS_H -# pragma once +#define OPENSSL_MACROS_H +#pragma once #include #include - /* Helper macros for CPP string composition */ -# define OPENSSL_MSTR_HELPER(x) #x -# define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) +#define OPENSSL_MSTR_HELPER(x) #x +#define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) /* * Sometimes OPENSSL_NO_xxx ends up with an empty file and some compilers * don't like that. This will hopefully silence them. */ -# define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; /* * Generic deprecation macro @@ -31,54 +30,54 @@ * If OPENSSL_SUPPRESS_DEPRECATED is defined, then OSSL_DEPRECATED and * OSSL_DEPRECATED_FOR become no-ops */ -# ifndef OSSL_DEPRECATED -# undef OSSL_DEPRECATED_FOR -# ifndef OPENSSL_SUPPRESS_DEPRECATED -# if defined(_MSC_VER) - /* - * MSVC supports __declspec(deprecated) since MSVC 2003 (13.10), - * and __declspec(deprecated(message)) since MSVC 2005 (14.00) - */ -# if _MSC_VER >= 1400 -# define OSSL_DEPRECATED(since) \ - __declspec(deprecated("Since OpenSSL " # since)) -# define OSSL_DEPRECATED_FOR(since, message) \ - __declspec(deprecated("Since OpenSSL " # since ";" message)) -# elif _MSC_VER >= 1310 -# define OSSL_DEPRECATED(since) __declspec(deprecated) -# define OSSL_DEPRECATED_FOR(since, message) __declspec(deprecated) -# endif -# elif defined(__GNUC__) - /* - * According to GCC documentation, deprecations with message appeared in - * GCC 4.5.0 - */ -# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) -# define OSSL_DEPRECATED(since) \ - __attribute__((deprecated("Since OpenSSL " # since))) -# define OSSL_DEPRECATED_FOR(since, message) \ - __attribute__((deprecated("Since OpenSSL " # since ";" message))) -# elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# define OSSL_DEPRECATED(since) __attribute__((deprecated)) -# define OSSL_DEPRECATED_FOR(since, message) __attribute__((deprecated)) -# endif -# elif defined(__SUNPRO_C) -# if (__SUNPRO_C >= 0x5130) -# define OSSL_DEPRECATED(since) __attribute__ ((deprecated)) -# define OSSL_DEPRECATED_FOR(since, message) __attribute__ ((deprecated)) -# endif -# endif -# endif -# endif +#ifndef OSSL_DEPRECATED +#undef OSSL_DEPRECATED_FOR +#ifndef OPENSSL_SUPPRESS_DEPRECATED +#if defined(_MSC_VER) +/* + * MSVC supports __declspec(deprecated) since MSVC 2003 (13.10), + * and __declspec(deprecated(message)) since MSVC 2005 (14.00) + */ +#if _MSC_VER >= 1400 +#define OSSL_DEPRECATED(since) \ + __declspec(deprecated("Since OpenSSL " #since)) +#define OSSL_DEPRECATED_FOR(since, message) \ + __declspec(deprecated("Since OpenSSL " #since ";" message)) +#elif _MSC_VER >= 1310 +#define OSSL_DEPRECATED(since) __declspec(deprecated) +#define OSSL_DEPRECATED_FOR(since, message) __declspec(deprecated) +#endif +#elif defined(__GNUC__) +/* + * According to GCC documentation, deprecations with message appeared in + * GCC 4.5.0 + */ +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +#define OSSL_DEPRECATED(since) \ + __attribute__((deprecated("Since OpenSSL " #since))) +#define OSSL_DEPRECATED_FOR(since, message) \ + __attribute__((deprecated("Since OpenSSL " #since ";" message))) +#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +#define OSSL_DEPRECATED(since) __attribute__((deprecated)) +#define OSSL_DEPRECATED_FOR(since, message) __attribute__((deprecated)) +#endif +#elif defined(__SUNPRO_C) +#if (__SUNPRO_C >= 0x5130) +#define OSSL_DEPRECATED(since) __attribute__((deprecated)) +#define OSSL_DEPRECATED_FOR(since, message) __attribute__((deprecated)) +#endif +#endif +#endif +#endif /* * Still not defined? Then define no-op macros. This means these macros * are unsuitable for use in a typedef. */ -# ifndef OSSL_DEPRECATED -# define OSSL_DEPRECATED(since) extern -# define OSSL_DEPRECATED_FOR(since, message) extern -# endif +#ifndef OSSL_DEPRECATED +#define OSSL_DEPRECATED(since) extern +#define OSSL_DEPRECATED_FOR(since, message) extern +#endif /* * Applications should use -DOPENSSL_API_COMPAT= to suppress the @@ -101,9 +100,9 @@ * macros are used to enable or disable features at that API version boundary. */ -# ifdef OPENSSL_API_LEVEL -# error "OPENSSL_API_LEVEL must not be defined by application" -# endif +#ifdef OPENSSL_API_LEVEL +#error "OPENSSL_API_LEVEL must not be defined by application" +#endif /* * We figure out what API level was intended by simple numeric comparison. @@ -111,49 +110,49 @@ * safety margin and assume that anything below 0x00900000L is a new style * number. This allows new versions up to and including v943.71.83. */ -# ifdef OPENSSL_API_COMPAT -# if OPENSSL_API_COMPAT < 0x900000L -# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) -# else -# define OPENSSL_API_LEVEL \ - (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ - + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ - + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) -# endif -# endif +#ifdef OPENSSL_API_COMPAT +#if OPENSSL_API_COMPAT < 0x900000L +#define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +#else +#define OPENSSL_API_LEVEL \ + (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ + + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ + + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +#endif +#endif /* * If OPENSSL_API_COMPAT wasn't given, we use default numbers to set * the API compatibility level. */ -# ifndef OPENSSL_API_LEVEL -# if OPENSSL_CONFIGURED_API > 0 -# define OPENSSL_API_LEVEL (OPENSSL_CONFIGURED_API) -# else -# define OPENSSL_API_LEVEL \ - (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) -# endif -# endif +#ifndef OPENSSL_API_LEVEL +#if OPENSSL_CONFIGURED_API > 0 +#define OPENSSL_API_LEVEL (OPENSSL_CONFIGURED_API) +#else +#define OPENSSL_API_LEVEL \ + (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) +#endif +#endif -# if OPENSSL_API_LEVEL > OPENSSL_CONFIGURED_API -# error "The requested API level higher than the configured API compatibility level" -# endif +#if OPENSSL_API_LEVEL > OPENSSL_CONFIGURED_API +#error "The requested API level higher than the configured API compatibility level" +#endif /* * Check of sane values. */ /* Can't go higher than the current version. */ -# if OPENSSL_API_LEVEL > (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) -# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" -# endif +#if OPENSSL_API_LEVEL > (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) +#error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +#endif /* OpenSSL will have no version 2.y.z */ -# if OPENSSL_API_LEVEL < 30000 && OPENSSL_API_LEVEL >= 20000 -# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" -# endif +#if OPENSSL_API_LEVEL < 30000 && OPENSSL_API_LEVEL >= 20000 +#error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +#endif /* Below 0.9.8 is unacceptably low */ -# if OPENSSL_API_LEVEL < 908 -# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" -# endif +#if OPENSSL_API_LEVEL < 908 +#error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +#endif /* * Define macros for deprecation and simulated removal purposes. @@ -169,105 +168,105 @@ * 'no-deprecated'. */ -# undef OPENSSL_NO_DEPRECATED_3_0 -# undef OPENSSL_NO_DEPRECATED_1_1_1 -# undef OPENSSL_NO_DEPRECATED_1_1_0 -# undef OPENSSL_NO_DEPRECATED_1_0_2 -# undef OPENSSL_NO_DEPRECATED_1_0_1 -# undef OPENSSL_NO_DEPRECATED_1_0_0 -# undef OPENSSL_NO_DEPRECATED_0_9_8 +#undef OPENSSL_NO_DEPRECATED_3_0 +#undef OPENSSL_NO_DEPRECATED_1_1_1 +#undef OPENSSL_NO_DEPRECATED_1_1_0 +#undef OPENSSL_NO_DEPRECATED_1_0_2 +#undef OPENSSL_NO_DEPRECATED_1_0_1 +#undef OPENSSL_NO_DEPRECATED_1_0_0 +#undef OPENSSL_NO_DEPRECATED_0_9_8 -# if OPENSSL_API_LEVEL >= 30000 -# ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0) -# define OSSL_DEPRECATEDIN_3_0_FOR(msg) OSSL_DEPRECATED_FOR(3.0, msg) -# else -# define OPENSSL_NO_DEPRECATED_3_0 -# endif -# else -# define OSSL_DEPRECATEDIN_3_0 -# define OSSL_DEPRECATEDIN_3_0_FOR(msg) -# endif -# if OPENSSL_API_LEVEL >= 10101 -# ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_1_1_1 OSSL_DEPRECATED(1.1.1) -# define OSSL_DEPRECATEDIN_1_1_1_FOR(msg) OSSL_DEPRECATED_FOR(1.1.1, msg) -# else -# define OPENSSL_NO_DEPRECATED_1_1_1 -# endif -# else -# define OSSL_DEPRECATEDIN_1_1_1 -# define OSSL_DEPRECATEDIN_1_1_1_FOR(msg) -# endif -# if OPENSSL_API_LEVEL >= 10100 -# ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_1_1_0 OSSL_DEPRECATED(1.1.0) -# define OSSL_DEPRECATEDIN_1_1_0_FOR(msg) OSSL_DEPRECATED_FOR(1.1.0, msg) -# else -# define OPENSSL_NO_DEPRECATED_1_1_0 -# endif -# else -# define OSSL_DEPRECATEDIN_1_1_0 -# define OSSL_DEPRECATEDIN_1_1_0_FOR(msg) -# endif -# if OPENSSL_API_LEVEL >= 10002 -# ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_1_0_2 OSSL_DEPRECATED(1.0.2) -# define OSSL_DEPRECATEDIN_1_0_2_FOR(msg) OSSL_DEPRECATED_FOR(1.0.2, msg) -# else -# define OPENSSL_NO_DEPRECATED_1_0_2 -# endif -# else -# define OSSL_DEPRECATEDIN_1_0_2 -# define OSSL_DEPRECATEDIN_1_0_2_FOR(msg) -# endif -# if OPENSSL_API_LEVEL >= 10001 -# ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_1_0_1 OSSL_DEPRECATED(1.0.1) -# define OSSL_DEPRECATEDIN_1_0_1_FOR(msg) OSSL_DEPRECATED_FOR(1.0.1, msg) -# else -# define OPENSSL_NO_DEPRECATED_1_0_1 -# endif -# else -# define OSSL_DEPRECATEDIN_1_0_1 -# define OSSL_DEPRECATEDIN_1_0_1_FOR(msg) -# endif -# if OPENSSL_API_LEVEL >= 10000 -# ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_1_0_0 OSSL_DEPRECATED(1.0.0) -# define OSSL_DEPRECATEDIN_1_0_0_FOR(msg) OSSL_DEPRECATED_FOR(1.0.0, msg) -# else -# define OPENSSL_NO_DEPRECATED_1_0_0 -# endif -# else -# define OSSL_DEPRECATEDIN_1_0_0 -# define OSSL_DEPRECATEDIN_1_0_0_FOR(msg) -# endif -# if OPENSSL_API_LEVEL >= 908 -# ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_0_9_8 OSSL_DEPRECATED(0.9.8) -# define OSSL_DEPRECATEDIN_0_9_8_FOR(msg) OSSL_DEPRECATED_FOR(0.9.8, msg) -# else -# define OPENSSL_NO_DEPRECATED_0_9_8 -# endif -# else -# define OSSL_DEPRECATEDIN_0_9_8 -# define OSSL_DEPRECATEDIN_0_9_8_FOR(msg) -# endif +#if OPENSSL_API_LEVEL >= 30000 +#ifndef OPENSSL_NO_DEPRECATED +#define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0) +#define OSSL_DEPRECATEDIN_3_0_FOR(msg) OSSL_DEPRECATED_FOR(3.0, msg) +#else +#define OPENSSL_NO_DEPRECATED_3_0 +#endif +#else +#define OSSL_DEPRECATEDIN_3_0 +#define OSSL_DEPRECATEDIN_3_0_FOR(msg) +#endif +#if OPENSSL_API_LEVEL >= 10101 +#ifndef OPENSSL_NO_DEPRECATED +#define OSSL_DEPRECATEDIN_1_1_1 OSSL_DEPRECATED(1.1.1) +#define OSSL_DEPRECATEDIN_1_1_1_FOR(msg) OSSL_DEPRECATED_FOR(1.1.1, msg) +#else +#define OPENSSL_NO_DEPRECATED_1_1_1 +#endif +#else +#define OSSL_DEPRECATEDIN_1_1_1 +#define OSSL_DEPRECATEDIN_1_1_1_FOR(msg) +#endif +#if OPENSSL_API_LEVEL >= 10100 +#ifndef OPENSSL_NO_DEPRECATED +#define OSSL_DEPRECATEDIN_1_1_0 OSSL_DEPRECATED(1.1.0) +#define OSSL_DEPRECATEDIN_1_1_0_FOR(msg) OSSL_DEPRECATED_FOR(1.1.0, msg) +#else +#define OPENSSL_NO_DEPRECATED_1_1_0 +#endif +#else +#define OSSL_DEPRECATEDIN_1_1_0 +#define OSSL_DEPRECATEDIN_1_1_0_FOR(msg) +#endif +#if OPENSSL_API_LEVEL >= 10002 +#ifndef OPENSSL_NO_DEPRECATED +#define OSSL_DEPRECATEDIN_1_0_2 OSSL_DEPRECATED(1.0.2) +#define OSSL_DEPRECATEDIN_1_0_2_FOR(msg) OSSL_DEPRECATED_FOR(1.0.2, msg) +#else +#define OPENSSL_NO_DEPRECATED_1_0_2 +#endif +#else +#define OSSL_DEPRECATEDIN_1_0_2 +#define OSSL_DEPRECATEDIN_1_0_2_FOR(msg) +#endif +#if OPENSSL_API_LEVEL >= 10001 +#ifndef OPENSSL_NO_DEPRECATED +#define OSSL_DEPRECATEDIN_1_0_1 OSSL_DEPRECATED(1.0.1) +#define OSSL_DEPRECATEDIN_1_0_1_FOR(msg) OSSL_DEPRECATED_FOR(1.0.1, msg) +#else +#define OPENSSL_NO_DEPRECATED_1_0_1 +#endif +#else +#define OSSL_DEPRECATEDIN_1_0_1 +#define OSSL_DEPRECATEDIN_1_0_1_FOR(msg) +#endif +#if OPENSSL_API_LEVEL >= 10000 +#ifndef OPENSSL_NO_DEPRECATED +#define OSSL_DEPRECATEDIN_1_0_0 OSSL_DEPRECATED(1.0.0) +#define OSSL_DEPRECATEDIN_1_0_0_FOR(msg) OSSL_DEPRECATED_FOR(1.0.0, msg) +#else +#define OPENSSL_NO_DEPRECATED_1_0_0 +#endif +#else +#define OSSL_DEPRECATEDIN_1_0_0 +#define OSSL_DEPRECATEDIN_1_0_0_FOR(msg) +#endif +#if OPENSSL_API_LEVEL >= 908 +#ifndef OPENSSL_NO_DEPRECATED +#define OSSL_DEPRECATEDIN_0_9_8 OSSL_DEPRECATED(0.9.8) +#define OSSL_DEPRECATEDIN_0_9_8_FOR(msg) OSSL_DEPRECATED_FOR(0.9.8, msg) +#else +#define OPENSSL_NO_DEPRECATED_0_9_8 +#endif +#else +#define OSSL_DEPRECATEDIN_0_9_8 +#define OSSL_DEPRECATEDIN_0_9_8_FOR(msg) +#endif /* * Make our own variants of __FILE__ and __LINE__, depending on configuration */ -# ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -# endif +#ifndef OPENSSL_FILE +#ifdef OPENSSL_NO_FILENAMES +#define OPENSSL_FILE "" +#define OPENSSL_LINE 0 +#else +#define OPENSSL_FILE __FILE__ +#define OPENSSL_LINE __LINE__ +#endif +#endif /* * __func__ was standardized in C99, so for any compiler that claims @@ -282,23 +281,23 @@ * If none of the above applies, we check if the compiler is MSVC, * and use __FUNCTION__ if that's the case. */ -# ifndef OPENSSL_FUNC -# if defined(__STDC_VERSION__) -# if __STDC_VERSION__ >= 199901L -# define OPENSSL_FUNC __func__ -# elif defined(__GNUC__) && __GNUC__ >= 2 -# define OPENSSL_FUNC __FUNCTION__ -# endif -# elif defined(_MSC_VER) -# define OPENSSL_FUNC __FUNCTION__ -# endif +#ifndef OPENSSL_FUNC +#if defined(__STDC_VERSION__) +#if __STDC_VERSION__ >= 199901L +#define OPENSSL_FUNC __func__ +#elif defined(__GNUC__) && __GNUC__ >= 2 +#define OPENSSL_FUNC __FUNCTION__ +#endif +#elif defined(_MSC_VER) +#define OPENSSL_FUNC __FUNCTION__ +#endif /* * If all these possibilities are exhausted, we give up and use a * static string. */ -# ifndef OPENSSL_FUNC -# define OPENSSL_FUNC "(unknown function)" -# endif -# endif +#ifndef OPENSSL_FUNC +#define OPENSSL_FUNC "(unknown function)" +#endif +#endif -#endif /* OPENSSL_MACROS_H */ +#endif /* OPENSSL_MACROS_H */ --- crypto/openssl/include/openssl/md2.h.orig +++ crypto/openssl/include/openssl/md2.h @@ -8,29 +8,29 @@ */ #ifndef OPENSSL_MD2_H -# define OPENSSL_MD2_H -# pragma once +#define OPENSSL_MD2_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_MD2_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_MD2_H +#endif -# include +#include -# ifndef OPENSSL_NO_MD2 -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_MD2 +#include +#ifdef __cplusplus extern "C" { -# endif +#endif -# define MD2_DIGEST_LENGTH 16 +#define MD2_DIGEST_LENGTH 16 -# if !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) typedef unsigned char MD2_INT; -# define MD2_BLOCK 16 +#define MD2_BLOCK 16 typedef struct MD2state_st { unsigned int num; @@ -38,19 +38,19 @@ MD2_INT cksm[MD2_BLOCK]; MD2_INT state[MD2_BLOCK]; } MD2_CTX; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const char *MD2_options(void); OSSL_DEPRECATEDIN_3_0 int MD2_Init(MD2_CTX *c); OSSL_DEPRECATEDIN_3_0 int MD2_Update(MD2_CTX *c, const unsigned char *data, - size_t len); + size_t len); OSSL_DEPRECATEDIN_3_0 int MD2_Final(unsigned char *md, MD2_CTX *c); OSSL_DEPRECATEDIN_3_0 unsigned char *MD2(const unsigned char *d, size_t n, - unsigned char *md); -# endif + unsigned char *md); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/md4.h.orig +++ crypto/openssl/include/openssl/md4.h @@ -8,36 +8,36 @@ */ #ifndef OPENSSL_MD4_H -# define OPENSSL_MD4_H -# pragma once +#define OPENSSL_MD4_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_MD4_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_MD4_H +#endif -# include +#include -# ifndef OPENSSL_NO_MD4 -# include -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_MD4 +#include +#include +#ifdef __cplusplus extern "C" { -# endif +#endif -# define MD4_DIGEST_LENGTH 16 +#define MD4_DIGEST_LENGTH 16 -# if !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! MD4_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define MD4_LONG unsigned int +#define MD4_LONG unsigned int -# define MD4_CBLOCK 64 -# define MD4_LBLOCK (MD4_CBLOCK/4) +#define MD4_CBLOCK 64 +#define MD4_LBLOCK (MD4_CBLOCK / 4) typedef struct MD4state_st { MD4_LONG A, B, C, D; @@ -45,19 +45,19 @@ MD4_LONG data[MD4_LBLOCK]; unsigned int num; } MD4_CTX; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int MD4_Init(MD4_CTX *c); OSSL_DEPRECATEDIN_3_0 int MD4_Update(MD4_CTX *c, const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int MD4_Final(unsigned char *md, MD4_CTX *c); OSSL_DEPRECATEDIN_3_0 unsigned char *MD4(const unsigned char *d, size_t n, - unsigned char *md); + unsigned char *md); OSSL_DEPRECATEDIN_3_0 void MD4_Transform(MD4_CTX *c, const unsigned char *b); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/md5.h.orig +++ crypto/openssl/include/openssl/md5.h @@ -8,35 +8,35 @@ */ #ifndef OPENSSL_MD5_H -# define OPENSSL_MD5_H -# pragma once +#define OPENSSL_MD5_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_MD5_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_MD5_H +#endif -# include +#include -# ifndef OPENSSL_NO_MD5 -# include -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_MD5 +#include +#include +#ifdef __cplusplus extern "C" { -# endif +#endif -# define MD5_DIGEST_LENGTH 16 +#define MD5_DIGEST_LENGTH 16 -# if !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! MD5_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define MD5_LONG unsigned int +#define MD5_LONG unsigned int -# define MD5_CBLOCK 64 -# define MD5_LBLOCK (MD5_CBLOCK/4) +#define MD5_CBLOCK 64 +#define MD5_LBLOCK (MD5_CBLOCK / 4) typedef struct MD5state_st { MD5_LONG A, B, C, D; @@ -44,19 +44,19 @@ MD5_LONG data[MD5_LBLOCK]; unsigned int num; } MD5_CTX; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c); OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c); OSSL_DEPRECATEDIN_3_0 unsigned char *MD5(const unsigned char *d, size_t n, - unsigned char *md); + unsigned char *md); OSSL_DEPRECATEDIN_3_0 void MD5_Transform(MD5_CTX *c, const unsigned char *b); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/mdc2.h.orig +++ crypto/openssl/include/openssl/mdc2.h @@ -8,48 +8,48 @@ */ #ifndef OPENSSL_MDC2_H -# define OPENSSL_MDC2_H -# pragma once +#define OPENSSL_MDC2_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_MDC2_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_MDC2_H +#endif -# include +#include -# ifndef OPENSSL_NO_MDC2 -# include -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_MDC2 +#include +#include +#ifdef __cplusplus extern "C" { -# endif +#endif -# define MDC2_DIGEST_LENGTH 16 +#define MDC2_DIGEST_LENGTH 16 -# if !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) -# define MDC2_BLOCK 8 +#define MDC2_BLOCK 8 typedef struct mdc2_ctx_st { unsigned int num; unsigned char data[MDC2_BLOCK]; DES_cblock h, hh; - unsigned int pad_type; /* either 1 or 2, default 1 */ + unsigned int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int MDC2_Init(MDC2_CTX *c); OSSL_DEPRECATEDIN_3_0 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, - size_t len); + size_t len); OSSL_DEPRECATEDIN_3_0 int MDC2_Final(unsigned char *md, MDC2_CTX *c); OSSL_DEPRECATEDIN_3_0 unsigned char *MDC2(const unsigned char *d, size_t n, - unsigned char *md); -# endif + unsigned char *md); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/modes.h.orig +++ crypto/openssl/include/openssl/modes.h @@ -8,212 +8,212 @@ */ #ifndef OPENSSL_MODES_H -# define OPENSSL_MODES_H -# pragma once +#define OPENSSL_MODES_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_MODES_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_MODES_H +#endif -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif -typedef void (*block128_f) (const unsigned char in[16], - unsigned char out[16], const void *key); +#endif +typedef void (*block128_f)(const unsigned char in[16], + unsigned char out[16], const void *key); -typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], int enc); +typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); -typedef void (*ecb128_f) (const unsigned char *in, unsigned char *out, - size_t len, const void *key, - int enc); +typedef void (*ecb128_f)(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + int enc); -typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - const unsigned char ivec[16]); +typedef void (*ctr128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); -typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - const unsigned char ivec[16], - unsigned char cmac[16]); +typedef void (*ccm128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block); + size_t len, const void *key, + unsigned char ivec[16], block128_f block); void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block); + size_t len, const void *key, + unsigned char ivec[16], block128_f block); void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], - unsigned char ecount_buf[16], unsigned int *num, - block128_f block); + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], - unsigned char ecount_buf[16], - unsigned int *num, ctr128_f ctr); + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], int *num, - block128_f block); + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block); + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block); + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, - size_t bits, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block); + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], - block128_f block); + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc); + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], - block128_f block); + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc); + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, - unsigned char ivec[16], - block128_f block); + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc); + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, - unsigned char ivec[16], - block128_f block); + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc); + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); typedef struct gcm128_context GCM128_CONTEXT; GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, - size_t len); + size_t len); int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, - size_t len); + size_t len); int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len); + const unsigned char *in, unsigned char *out, + size_t len); int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len); + const unsigned char *in, unsigned char *out, + size_t len); int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len, ctr128_f stream); + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len, ctr128_f stream); + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, - size_t len); + size_t len); void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); typedef struct ccm128_context CCM128_CONTEXT; void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, - unsigned int M, unsigned int L, void *key, - block128_f block); + unsigned int M, unsigned int L, void *key, + block128_f block); int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, - size_t nlen, size_t mlen); + size_t nlen, size_t mlen); void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, - size_t alen); + size_t alen); int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, - unsigned char *out, size_t len); + unsigned char *out, size_t len); int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, - unsigned char *out, size_t len); + unsigned char *out, size_t len); int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, - unsigned char *out, size_t len, - ccm128_f stream); + unsigned char *out, size_t len, + ccm128_f stream); int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, - unsigned char *out, size_t len, - ccm128_f stream); + unsigned char *out, size_t len, + ccm128_f stream); size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); typedef struct xts128_context XTS128_CONTEXT; int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, - const unsigned char iv[16], - const unsigned char *inp, unsigned char *out, - size_t len, int enc); + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block); + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block); + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, - unsigned char *out, const unsigned char *in, - size_t inlen, block128_f block); + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, - unsigned char *out, const unsigned char *in, - size_t inlen, block128_f block); + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); -# ifndef OPENSSL_NO_OCB +#ifndef OPENSSL_NO_OCB typedef struct ocb128_context OCB128_CONTEXT; -typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); +typedef void (*ocb128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, - block128_f encrypt, block128_f decrypt, - ocb128_f stream); + block128_f encrypt, block128_f decrypt, + ocb128_f stream); int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, - block128_f encrypt, block128_f decrypt, - ocb128_f stream); + block128_f encrypt, block128_f decrypt, + ocb128_f stream); int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, - void *keyenc, void *keydec); + void *keyenc, void *keydec); int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, - size_t len, size_t taglen); + size_t len, size_t taglen); int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, - size_t len); + size_t len); int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, - unsigned char *out, size_t len); + unsigned char *out, size_t len); int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, - unsigned char *out, size_t len); + unsigned char *out, size_t len); int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, - size_t len); + size_t len); int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); -# endif /* OPENSSL_NO_OCB */ +#endif /* OPENSSL_NO_OCB */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/obj_mac.h.orig +++ crypto/openssl/include/openssl/obj_mac.h @@ -5436,46 +5436,46 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 -#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm SN_magma_ctr_acpkm -#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm NID_magma_ctr_acpkm -#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_magma_ctr_acpkm +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm SN_magma_ctr_acpkm +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm NID_magma_ctr_acpkm +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_magma_ctr_acpkm -#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac SN_magma_ctr_acpkm_omac -#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac NID_magma_ctr_acpkm_omac -#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_magma_ctr_acpkm_omac +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac SN_magma_ctr_acpkm_omac +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac NID_magma_ctr_acpkm_omac +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_magma_ctr_acpkm_omac -#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm SN_kuznyechik_ctr_acpkm -#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm NID_kuznyechik_ctr_acpkm -#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_kuznyechik_ctr_acpkm +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm SN_kuznyechik_ctr_acpkm +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm NID_kuznyechik_ctr_acpkm +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_kuznyechik_ctr_acpkm -#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac SN_kuznyechik_ctr_acpkm_omac -#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac NID_kuznyechik_ctr_acpkm_omac -#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_kuznyechik_ctr_acpkm_omac +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac SN_kuznyechik_ctr_acpkm_omac +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac NID_kuznyechik_ctr_acpkm_omac +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_kuznyechik_ctr_acpkm_omac -#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 SN_magma_kexp15 -#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 NID_magma_kexp15 -#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_magma_kexp15 +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 SN_magma_kexp15 +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 NID_magma_kexp15 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_magma_kexp15 -#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 SN_kuznyechik_kexp15 -#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 NID_kuznyechik_kexp15 -#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_kuznyechik_kexp15 +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 SN_kuznyechik_kexp15 +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 NID_kuznyechik_kexp15 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_kuznyechik_kexp15 -#define SN_grasshopper_ecb SN_kuznyechik_ecb -#define NID_grasshopper_ecb NID_kuznyechik_ecb +#define SN_grasshopper_ecb SN_kuznyechik_ecb +#define NID_grasshopper_ecb NID_kuznyechik_ecb -#define SN_grasshopper_ctr SN_kuznyechik_ctr -#define NID_grasshopper_ctr NID_kuznyechik_ctr +#define SN_grasshopper_ctr SN_kuznyechik_ctr +#define NID_grasshopper_ctr NID_kuznyechik_ctr -#define SN_grasshopper_ofb SN_kuznyechik_ofb -#define NID_grasshopper_ofb NID_kuznyechik_ofb +#define SN_grasshopper_ofb SN_kuznyechik_ofb +#define NID_grasshopper_ofb NID_kuznyechik_ofb -#define SN_grasshopper_cbc SN_kuznyechik_cbc -#define NID_grasshopper_cbc NID_kuznyechik_cbc +#define SN_grasshopper_cbc SN_kuznyechik_cbc +#define NID_grasshopper_cbc NID_kuznyechik_cbc -#define SN_grasshopper_cfb SN_kuznyechik_cfb -#define NID_grasshopper_cfb NID_kuznyechik_cfb +#define SN_grasshopper_cfb SN_kuznyechik_cfb +#define NID_grasshopper_cfb NID_kuznyechik_cfb -#define SN_grasshopper_mac SN_kuznyechik_mac -#define NID_grasshopper_mac NID_kuznyechik_mac +#define SN_grasshopper_mac SN_kuznyechik_mac +#define NID_grasshopper_mac NID_kuznyechik_mac -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ --- crypto/openssl/include/openssl/objects.h.orig +++ crypto/openssl/include/openssl/objects.h @@ -8,35 +8,34 @@ */ #ifndef OPENSSL_OBJECTS_H -# define OPENSSL_OBJECTS_H -# pragma once +#define OPENSSL_OBJECTS_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_OBJECTS_H -# endif - -# include -# include -# include -# include +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_OBJECTS_H +#endif -# define OBJ_NAME_TYPE_UNDEF 0x00 -# define OBJ_NAME_TYPE_MD_METH 0x01 -# define OBJ_NAME_TYPE_CIPHER_METH 0x02 -# define OBJ_NAME_TYPE_PKEY_METH 0x03 -# define OBJ_NAME_TYPE_COMP_METH 0x04 -# define OBJ_NAME_TYPE_MAC_METH 0x05 -# define OBJ_NAME_TYPE_KDF_METH 0x06 -# define OBJ_NAME_TYPE_NUM 0x07 +#include +#include +#include +#include -# define OBJ_NAME_ALIAS 0x8000 +#define OBJ_NAME_TYPE_UNDEF 0x00 +#define OBJ_NAME_TYPE_MD_METH 0x01 +#define OBJ_NAME_TYPE_CIPHER_METH 0x02 +#define OBJ_NAME_TYPE_PKEY_METH 0x03 +#define OBJ_NAME_TYPE_COMP_METH 0x04 +#define OBJ_NAME_TYPE_MAC_METH 0x05 +#define OBJ_NAME_TYPE_KDF_METH 0x06 +#define OBJ_NAME_TYPE_NUM 0x07 -# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 -# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 +#define OBJ_NAME_ALIAS 0x8000 +#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -47,21 +46,21 @@ const char *data; } OBJ_NAME; -# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) +#define OBJ_create_and_add_object(a, b, c) OBJ_create(a, b, c) int OBJ_NAME_init(void); -int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), - int (*cmp_func) (const char *, const char *), - void (*free_func) (const char *, int, const char *)); +int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), + int (*cmp_func)(const char *, const char *), + void (*free_func)(const char *, int, const char *)); const char *OBJ_NAME_get(const char *name, int type); int OBJ_NAME_add(const char *name, int type, const char *data); int OBJ_NAME_remove(const char *name, int type); void OBJ_NAME_cleanup(int type); /* -1 for everything */ -void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), - void *arg); +void OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *arg), + void *arg); void OBJ_NAME_do_all_sorted(int type, - void (*fn) (const OBJ_NAME *, void *arg), - void *arg); + void (*fn)(const OBJ_NAME *, void *arg), + void *arg); DECLARE_ASN1_DUP_FUNCTION_name(ASN1_OBJECT, OBJ) ASN1_OBJECT *OBJ_nid2obj(int n); @@ -75,21 +74,21 @@ int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, - int (*cmp) (const void *, const void *)); + int (*cmp)(const void *, const void *)); const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, - int size, - int (*cmp) (const void *, const void *), - int flags); + int size, + int (*cmp)(const void *, const void *), + int flags); -# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ - static int nm##_cmp(type1 const *, type2 const *); \ - scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) +#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) -# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ - _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) -# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ - type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) +#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) /*- * Unsolved problem: if a type is actually a pointer type, like @@ -118,53 +117,56 @@ * comparison routines do always not touch their arguments. */ -# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ - { \ - type1 const *a = a_; \ - type2 const *b = b_; \ - return nm##_cmp(a,b); \ - } \ - static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ - { \ - return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ - nm##_cmp_BSEARCH_CMP_FN); \ - } \ - extern void dummy_prototype(void) - -# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ - { \ - type1 const *a = a_; \ - type2 const *b = b_; \ - return nm##_cmp(a,b); \ - } \ - type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ - { \ - return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ - nm##_cmp_BSEARCH_CMP_FN); \ - } \ - extern void dummy_prototype(void) - -# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ - ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ - num,sizeof(type2), \ - ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ - (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ - cmp##_BSEARCH_CMP_FN))) - -# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ - ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ - num,sizeof(type2), \ - ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ - (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ - cmp##_BSEARCH_CMP_FN)),flags) +#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a, b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a, b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +#define OBJ_bsearch(type1, key, type2, base, num, cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1, key), CHECKED_PTR_OF(type2, base), \ + num, sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1, cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2, cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +#define OBJ_bsearch_ex(type1, key, type2, base, num, cmp, flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1, key), CHECKED_PTR_OF(type2, base), \ + num, sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1, cmp##_type_1), \ + (void)type_2 = CHECKED_PTR_OF(type2, cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)), \ + flags) int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); int OBJ_create(const char *oid, const char *sn, const char *ln); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define OBJ_cleanup() while(0) continue +#define OBJ_cleanup() \ + while (0) \ + continue #endif int OBJ_create_objects(BIO *in); @@ -176,8 +178,7 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id); void OBJ_sigid_free(void); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/objectserr.h.orig +++ crypto/openssl/include/openssl/objectserr.h @@ -9,20 +9,18 @@ */ #ifndef OPENSSL_OBJECTSERR_H -# define OPENSSL_OBJECTSERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_OBJECTSERR_H +#pragma once +#include +#include +#include /* * OBJ reason codes. */ -# define OBJ_R_OID_EXISTS 102 -# define OBJ_R_UNKNOWN_NID 101 -# define OBJ_R_UNKNOWN_OBJECT_NAME 103 +#define OBJ_R_OID_EXISTS 102 +#define OBJ_R_UNKNOWN_NID 101 +#define OBJ_R_UNKNOWN_OBJECT_NAME 103 #endif --- crypto/openssl/include/openssl/ocsp.h.orig +++ crypto/openssl/include/openssl/ocsp.h @@ -10,20 +10,22 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_OCSP_H -# define OPENSSL_OCSP_H -# pragma once +#define OPENSSL_OCSP_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_OCSP_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_OCSP_H +#endif -# include -# include -# include +#include +#include +#include /* * These definitions are outside the OPENSSL_NO_OCSP guard because although for @@ -44,47 +46,46 @@ * privilegeWithdrawn (9), * aACompromise (10) } */ -# define OCSP_REVOKED_STATUS_NOSTATUS -1 -# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 -# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 -# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 -# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 -# define OCSP_REVOKED_STATUS_SUPERSEDED 4 -# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 -# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 -# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -# define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9 -# define OCSP_REVOKED_STATUS_AACOMPROMISE 10 - - -# ifndef OPENSSL_NO_OCSP - -# include -# include -# include -# include - -# ifdef __cplusplus +#define OCSP_REVOKED_STATUS_NOSTATUS -1 +#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +#define OCSP_REVOKED_STATUS_SUPERSEDED 4 +#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +#define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9 +#define OCSP_REVOKED_STATUS_AACOMPROMISE 10 + +#ifndef OPENSSL_NO_OCSP + +#include +#include +#include +#include + +#ifdef __cplusplus extern "C" { -# endif +#endif /* Various flags and values */ -# define OCSP_DEFAULT_NONCE_LENGTH 16 - -# define OCSP_NOCERTS 0x1 -# define OCSP_NOINTERN 0x2 -# define OCSP_NOSIGS 0x4 -# define OCSP_NOCHAIN 0x8 -# define OCSP_NOVERIFY 0x10 -# define OCSP_NOEXPLICIT 0x20 -# define OCSP_NOCASIGN 0x40 -# define OCSP_NODELEGATED 0x80 -# define OCSP_NOCHECKS 0x100 -# define OCSP_TRUSTOTHER 0x200 -# define OCSP_RESPID_KEY 0x400 -# define OCSP_NOTIME 0x800 -# define OCSP_PARTIAL_CHAIN 0x1000 +#define OCSP_DEFAULT_NONCE_LENGTH 16 + +#define OCSP_NOCERTS 0x1 +#define OCSP_NOINTERN 0x2 +#define OCSP_NOSIGS 0x4 +#define OCSP_NOCHAIN 0x8 +#define OCSP_NOVERIFY 0x10 +#define OCSP_NOEXPLICIT 0x20 +#define OCSP_NOCASIGN 0x40 +#define OCSP_NODELEGATED 0x80 +#define OCSP_NOCHECKS 0x100 +#define OCSP_TRUSTOTHER 0x200 +#define OCSP_RESPID_KEY 0x400 +#define OCSP_NOTIME 0x800 +#define OCSP_PARTIAL_CHAIN 0x1000 typedef struct ocsp_cert_id_st OCSP_CERTID; typedef struct ocsp_one_request_st OCSP_ONEREQ; @@ -92,6 +93,7 @@ typedef struct ocsp_signature_st OCSP_SIGNATURE; typedef struct ocsp_request_st OCSP_REQUEST; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OCSP_CERTID, OCSP_CERTID, OCSP_CERTID) #define sk_OCSP_CERTID_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_CERTID_sk_type(sk)) #define sk_OCSP_CERTID_value(sk, idx) ((OCSP_CERTID *)OPENSSL_sk_value(ossl_check_const_OCSP_CERTID_sk_type(sk), (idx))) @@ -145,19 +147,21 @@ #define sk_OCSP_ONEREQ_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_ONEREQ) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_copyfunc_type(copyfunc), ossl_check_OCSP_ONEREQ_freefunc_type(freefunc))) #define sk_OCSP_ONEREQ_set_cmp_func(sk, cmp) ((sk_OCSP_ONEREQ_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_ONEREQ_sk_type(sk), ossl_check_OCSP_ONEREQ_compfunc_type(cmp))) +/* clang-format on */ -# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 -# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 -# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 -# define OCSP_RESPONSE_STATUS_TRYLATER 3 -# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 -# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 +#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +#define OCSP_RESPONSE_STATUS_TRYLATER 3 +#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; -# define V_OCSP_RESPID_NAME 0 -# define V_OCSP_RESPID_KEY 1 +#define V_OCSP_RESPID_NAME 0 +#define V_OCSP_RESPID_KEY 1 +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OCSP_RESPID, OCSP_RESPID, OCSP_RESPID) #define sk_OCSP_RESPID_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_RESPID_sk_type(sk)) #define sk_OCSP_RESPID_value(sk, idx) ((OCSP_RESPID *)OPENSSL_sk_value(ossl_check_const_OCSP_RESPID_sk_type(sk), (idx))) @@ -185,16 +189,18 @@ #define sk_OCSP_RESPID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_RESPID) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_copyfunc_type(copyfunc), ossl_check_OCSP_RESPID_freefunc_type(freefunc))) #define sk_OCSP_RESPID_set_cmp_func(sk, cmp) ((sk_OCSP_RESPID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_RESPID_sk_type(sk), ossl_check_OCSP_RESPID_compfunc_type(cmp))) +/* clang-format on */ typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; -# define V_OCSP_CERTSTATUS_GOOD 0 -# define V_OCSP_CERTSTATUS_REVOKED 1 -# define V_OCSP_CERTSTATUS_UNKNOWN 2 +#define V_OCSP_CERTSTATUS_GOOD 0 +#define V_OCSP_CERTSTATUS_REVOKED 1 +#define V_OCSP_CERTSTATUS_UNKNOWN 2 typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; typedef struct ocsp_single_response_st OCSP_SINGLERESP; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OCSP_SINGLERESP, OCSP_SINGLERESP, OCSP_SINGLERESP) #define sk_OCSP_SINGLERESP_num(sk) OPENSSL_sk_num(ossl_check_const_OCSP_SINGLERESP_sk_type(sk)) #define sk_OCSP_SINGLERESP_value(sk, idx) ((OCSP_SINGLERESP *)OPENSSL_sk_value(ossl_check_const_OCSP_SINGLERESP_sk_type(sk), (idx))) @@ -222,6 +228,7 @@ #define sk_OCSP_SINGLERESP_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OCSP_SINGLERESP) *)OPENSSL_sk_deep_copy(ossl_check_const_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_copyfunc_type(copyfunc), ossl_check_OCSP_SINGLERESP_freefunc_type(freefunc))) #define sk_OCSP_SINGLERESP_set_cmp_func(sk, cmp) ((sk_OCSP_SINGLERESP_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OCSP_SINGLERESP_sk_type(sk), ossl_check_OCSP_SINGLERESP_compfunc_type(cmp))) +/* clang-format on */ typedef struct ocsp_response_data_st OCSP_RESPDATA; @@ -230,76 +237,74 @@ typedef struct ocsp_crl_id_st OCSP_CRLID; typedef struct ocsp_service_locator_st OCSP_SERVICELOC; -# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" -# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" +#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" -# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) +#define d2i_OCSP_REQUEST_bio(bp, p) ASN1_d2i_bio_of(OCSP_REQUEST, OCSP_REQUEST_new, d2i_OCSP_REQUEST, bp, p) -# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) +#define d2i_OCSP_RESPONSE_bio(bp, p) ASN1_d2i_bio_of(OCSP_RESPONSE, OCSP_RESPONSE_new, d2i_OCSP_RESPONSE, bp, p) -# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ - bp,(char **)(x),cb,NULL) +#define PEM_read_bio_OCSP_REQUEST(bp, x, cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (d2i_of_void *)d2i_OCSP_REQUEST, PEM_STRING_OCSP_REQUEST, \ + bp, (char **)(x), cb, NULL) -# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ - (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ - bp,(char **)(x),cb,NULL) +#define PEM_read_bio_OCSP_RESPONSE(bp, x, cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio( \ + (d2i_of_void *)d2i_OCSP_RESPONSE, PEM_STRING_OCSP_RESPONSE, \ + bp, (char **)(x), cb, NULL) -# define PEM_write_bio_OCSP_REQUEST(bp,o) \ - PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ - bp,(char *)(o), NULL,NULL,0,NULL,NULL) +#define PEM_write_bio_OCSP_REQUEST(bp, o) \ + PEM_ASN1_write_bio((i2d_of_void *)i2d_OCSP_REQUEST, PEM_STRING_OCSP_REQUEST, \ + bp, (char *)(o), NULL, NULL, 0, NULL, NULL) -# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ - PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ - bp,(char *)(o), NULL,NULL,0,NULL,NULL) +#define PEM_write_bio_OCSP_RESPONSE(bp, o) \ + PEM_ASN1_write_bio((i2d_of_void *)i2d_OCSP_RESPONSE, PEM_STRING_OCSP_RESPONSE, \ + bp, (char *)(o), NULL, NULL, 0, NULL, NULL) -# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) +#define i2d_OCSP_RESPONSE_bio(bp, o) ASN1_i2d_bio_of(OCSP_RESPONSE, i2d_OCSP_RESPONSE, bp, o) -# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) +#define i2d_OCSP_REQUEST_bio(bp, o) ASN1_i2d_bio_of(OCSP_REQUEST, i2d_OCSP_REQUEST, bp, o) -# define ASN1_BIT_STRING_digest(data,type,md,len) \ - ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) +#define ASN1_BIT_STRING_digest(data, type, md, len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING), type, data, md, len) -# define OCSP_CERTSTATUS_dup(cs)\ - (OCSP_CERTSTATUS*)ASN1_dup((i2d_of_void *)i2d_OCSP_CERTSTATUS,\ - (d2i_of_void *)d2i_OCSP_CERTSTATUS,(char *)(cs)) +#define OCSP_CERTSTATUS_dup(cs) \ + (OCSP_CERTSTATUS *)ASN1_dup((i2d_of_void *)i2d_OCSP_CERTSTATUS, \ + (d2i_of_void *)d2i_OCSP_CERTSTATUS, (char *)(cs)) DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID) OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, - const OCSP_REQUEST *req, int buf_size); + const OCSP_REQUEST *req, int buf_size); OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; -# define OCSP_REQ_CTX_new(io, buf_size) \ - OSSL_HTTP_REQ_CTX_new(io, io, buf_size) -# define OCSP_REQ_CTX_free OSSL_HTTP_REQ_CTX_free -# define OCSP_REQ_CTX_http(rctx, op, path) \ - (OSSL_HTTP_REQ_CTX_set_expected(rctx, NULL, 1 /* asn1 */, 0, 0) && \ - OSSL_HTTP_REQ_CTX_set_request_line(rctx, strcmp(op, "POST") == 0, \ - NULL, NULL, path)) -# define OCSP_REQ_CTX_add1_header OSSL_HTTP_REQ_CTX_add1_header -# define OCSP_REQ_CTX_i2d(r, it, req) \ - OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req) -# define OCSP_REQ_CTX_set1_req(r, req) \ - OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) -# define OCSP_REQ_CTX_nbio OSSL_HTTP_REQ_CTX_nbio -# define OCSP_REQ_CTX_nbio_d2i OSSL_HTTP_REQ_CTX_nbio_d2i -# define OCSP_sendreq_nbio(p, r) \ - OSSL_HTTP_REQ_CTX_nbio_d2i(r, (ASN1_VALUE **)(p), \ - ASN1_ITEM_rptr(OCSP_RESPONSE)) -# define OCSP_REQ_CTX_get0_mem_bio OSSL_HTTP_REQ_CTX_get0_mem_bio -# define OCSP_set_max_response_length OSSL_HTTP_REQ_CTX_set_max_response_length -# endif +#define OCSP_REQ_CTX_new(io, buf_size) \ + OSSL_HTTP_REQ_CTX_new(io, io, buf_size) +#define OCSP_REQ_CTX_free OSSL_HTTP_REQ_CTX_free +#define OCSP_REQ_CTX_http(rctx, op, path) \ + (OSSL_HTTP_REQ_CTX_set_expected(rctx, NULL, 1 /* asn1 */, 0, 0) && OSSL_HTTP_REQ_CTX_set_request_line(rctx, strcmp(op, "POST") == 0, NULL, NULL, path)) +#define OCSP_REQ_CTX_add1_header OSSL_HTTP_REQ_CTX_add1_header +#define OCSP_REQ_CTX_i2d(r, it, req) \ + OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req) +#define OCSP_REQ_CTX_set1_req(r, req) \ + OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) +#define OCSP_REQ_CTX_nbio OSSL_HTTP_REQ_CTX_nbio +#define OCSP_REQ_CTX_nbio_d2i OSSL_HTTP_REQ_CTX_nbio_d2i +#define OCSP_sendreq_nbio(p, r) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(r, (ASN1_VALUE **)(p), \ + ASN1_ITEM_rptr(OCSP_RESPONSE)) +#define OCSP_REQ_CTX_get0_mem_bio OSSL_HTTP_REQ_CTX_get0_mem_bio +#define OCSP_set_max_response_length OSSL_HTTP_REQ_CTX_set_max_response_length +#endif OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, - const X509 *issuer); + const X509 *issuer); OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, - const X509_NAME *issuerName, - const ASN1_BIT_STRING *issuerKey, - const ASN1_INTEGER *serialNumber); + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); @@ -312,10 +317,10 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); int OCSP_request_sign(OCSP_REQUEST *req, - X509 *signer, - EVP_PKEY *key, - const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags); + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); @@ -324,36 +329,36 @@ const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, - STACK_OF(X509) *extra_certs); + STACK_OF(X509) *extra_certs); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); -const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs); const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, - const ASN1_OCTET_STRING **pid, - const X509_NAME **pname); + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, - ASN1_OCTET_STRING **pid, - X509_NAME **pname); + ASN1_OCTET_STRING **pid, + X509_NAME **pname); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd); + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, - int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd); + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, - ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, - X509_STORE *store, unsigned long flags); + X509_STORE *store, unsigned long flags); -# define OCSP_parse_url(url, host, port, path, ssl) \ +#define OCSP_parse_url(url, host, port, path, ssl) \ OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL) int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); @@ -363,29 +368,29 @@ OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, - ASN1_OCTET_STRING **pikeyHash, - ASN1_INTEGER **pserial, OCSP_CERTID *cid); + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); int OCSP_request_is_signed(OCSP_REQUEST *req); OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - OCSP_CERTID *cid, - int status, int reason, - ASN1_TIME *revtime, - ASN1_TIME *thisupd, - ASN1_TIME *nextupd); + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); int OCSP_basic_sign(OCSP_BASICRESP *brsp, - X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags); + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, - X509 *signer, EVP_MD_CTX *ctx, - STACK_OF(X509) *certs, unsigned long flags); + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); @@ -399,14 +404,14 @@ int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, - int *idx); + int *idx); int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); @@ -417,35 +422,35 @@ X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, - int lastpos); + int lastpos); X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, - int *idx); + int *idx); int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, - int crit, unsigned long flags); + int crit, unsigned long flags); int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, - int lastpos); + int lastpos); X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, - int *idx); + int *idx); int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, - int crit, unsigned long flags); + int crit, unsigned long flags); int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); @@ -473,11 +478,10 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags); + X509_STORE *st, unsigned long flags); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif /* !defined(OPENSSL_NO_OCSP) */ +#endif +#endif /* !defined(OPENSSL_NO_OCSP) */ #endif --- crypto/openssl/include/openssl/ocsp.h.in.orig +++ crypto/openssl/include/openssl/ocsp.h.in @@ -9,22 +9,24 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_OCSP_H -# define OPENSSL_OCSP_H -# pragma once +#define OPENSSL_OCSP_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_OCSP_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_OCSP_H +#endif -# include -# include -# include +#include +#include +#include /* * These definitions are outside the OPENSSL_NO_OCSP guard because although for @@ -45,47 +47,46 @@ * privilegeWithdrawn (9), * aACompromise (10) } */ -# define OCSP_REVOKED_STATUS_NOSTATUS -1 -# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 -# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 -# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 -# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 -# define OCSP_REVOKED_STATUS_SUPERSEDED 4 -# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 -# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 -# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -# define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9 -# define OCSP_REVOKED_STATUS_AACOMPROMISE 10 - - -# ifndef OPENSSL_NO_OCSP - -# include -# include -# include -# include - -# ifdef __cplusplus +#define OCSP_REVOKED_STATUS_NOSTATUS -1 +#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +#define OCSP_REVOKED_STATUS_SUPERSEDED 4 +#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +#define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9 +#define OCSP_REVOKED_STATUS_AACOMPROMISE 10 + +#ifndef OPENSSL_NO_OCSP + +#include +#include +#include +#include + +#ifdef __cplusplus extern "C" { -# endif +#endif /* Various flags and values */ -# define OCSP_DEFAULT_NONCE_LENGTH 16 - -# define OCSP_NOCERTS 0x1 -# define OCSP_NOINTERN 0x2 -# define OCSP_NOSIGS 0x4 -# define OCSP_NOCHAIN 0x8 -# define OCSP_NOVERIFY 0x10 -# define OCSP_NOEXPLICIT 0x20 -# define OCSP_NOCASIGN 0x40 -# define OCSP_NODELEGATED 0x80 -# define OCSP_NOCHECKS 0x100 -# define OCSP_TRUSTOTHER 0x200 -# define OCSP_RESPID_KEY 0x400 -# define OCSP_NOTIME 0x800 -# define OCSP_PARTIAL_CHAIN 0x1000 +#define OCSP_DEFAULT_NONCE_LENGTH 16 + +#define OCSP_NOCERTS 0x1 +#define OCSP_NOINTERN 0x2 +#define OCSP_NOSIGS 0x4 +#define OCSP_NOCHAIN 0x8 +#define OCSP_NOVERIFY 0x10 +#define OCSP_NOEXPLICIT 0x20 +#define OCSP_NOCASIGN 0x40 +#define OCSP_NODELEGATED 0x80 +#define OCSP_NOCHECKS 0x100 +#define OCSP_TRUSTOTHER 0x200 +#define OCSP_RESPID_KEY 0x400 +#define OCSP_NOTIME 0x800 +#define OCSP_PARTIAL_CHAIN 0x1000 typedef struct ocsp_cert_id_st OCSP_CERTID; typedef struct ocsp_one_request_st OCSP_ONEREQ; @@ -93,39 +94,45 @@ typedef struct ocsp_signature_st OCSP_SIGNATURE; typedef struct ocsp_request_st OCSP_REQUEST; +/* clang-format off */ {- generate_stack_macros("OCSP_CERTID") .generate_stack_macros("OCSP_ONEREQ"); -} +/* clang-format on */ -# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 -# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 -# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 -# define OCSP_RESPONSE_STATUS_TRYLATER 3 -# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 -# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 +#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +#define OCSP_RESPONSE_STATUS_TRYLATER 3 +#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; -# define V_OCSP_RESPID_NAME 0 -# define V_OCSP_RESPID_KEY 1 +#define V_OCSP_RESPID_NAME 0 +#define V_OCSP_RESPID_KEY 1 +/* clang-format off */ {- generate_stack_macros("OCSP_RESPID"); -} +/* clang-format on */ typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; -# define V_OCSP_CERTSTATUS_GOOD 0 -# define V_OCSP_CERTSTATUS_REVOKED 1 -# define V_OCSP_CERTSTATUS_UNKNOWN 2 +#define V_OCSP_CERTSTATUS_GOOD 0 +#define V_OCSP_CERTSTATUS_REVOKED 1 +#define V_OCSP_CERTSTATUS_UNKNOWN 2 typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; typedef struct ocsp_single_response_st OCSP_SINGLERESP; +/* clang-format off */ {- generate_stack_macros("OCSP_SINGLERESP"); -} +/* clang-format on */ typedef struct ocsp_response_data_st OCSP_RESPDATA; @@ -134,76 +141,74 @@ typedef struct ocsp_crl_id_st OCSP_CRLID; typedef struct ocsp_service_locator_st OCSP_SERVICELOC; -# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" -# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" +#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" -# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) +#define d2i_OCSP_REQUEST_bio(bp, p) ASN1_d2i_bio_of(OCSP_REQUEST, OCSP_REQUEST_new, d2i_OCSP_REQUEST, bp, p) -# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) +#define d2i_OCSP_RESPONSE_bio(bp, p) ASN1_d2i_bio_of(OCSP_RESPONSE, OCSP_RESPONSE_new, d2i_OCSP_RESPONSE, bp, p) -# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ - bp,(char **)(x),cb,NULL) +#define PEM_read_bio_OCSP_REQUEST(bp, x, cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (d2i_of_void *)d2i_OCSP_REQUEST, PEM_STRING_OCSP_REQUEST, \ + bp, (char **)(x), cb, NULL) -# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ - (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ - bp,(char **)(x),cb,NULL) +#define PEM_read_bio_OCSP_RESPONSE(bp, x, cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio( \ + (d2i_of_void *)d2i_OCSP_RESPONSE, PEM_STRING_OCSP_RESPONSE, \ + bp, (char **)(x), cb, NULL) -# define PEM_write_bio_OCSP_REQUEST(bp,o) \ - PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ - bp,(char *)(o), NULL,NULL,0,NULL,NULL) +#define PEM_write_bio_OCSP_REQUEST(bp, o) \ + PEM_ASN1_write_bio((i2d_of_void *)i2d_OCSP_REQUEST, PEM_STRING_OCSP_REQUEST, \ + bp, (char *)(o), NULL, NULL, 0, NULL, NULL) -# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ - PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ - bp,(char *)(o), NULL,NULL,0,NULL,NULL) +#define PEM_write_bio_OCSP_RESPONSE(bp, o) \ + PEM_ASN1_write_bio((i2d_of_void *)i2d_OCSP_RESPONSE, PEM_STRING_OCSP_RESPONSE, \ + bp, (char *)(o), NULL, NULL, 0, NULL, NULL) -# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) +#define i2d_OCSP_RESPONSE_bio(bp, o) ASN1_i2d_bio_of(OCSP_RESPONSE, i2d_OCSP_RESPONSE, bp, o) -# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) +#define i2d_OCSP_REQUEST_bio(bp, o) ASN1_i2d_bio_of(OCSP_REQUEST, i2d_OCSP_REQUEST, bp, o) -# define ASN1_BIT_STRING_digest(data,type,md,len) \ - ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) +#define ASN1_BIT_STRING_digest(data, type, md, len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING), type, data, md, len) -# define OCSP_CERTSTATUS_dup(cs)\ - (OCSP_CERTSTATUS*)ASN1_dup((i2d_of_void *)i2d_OCSP_CERTSTATUS,\ - (d2i_of_void *)d2i_OCSP_CERTSTATUS,(char *)(cs)) +#define OCSP_CERTSTATUS_dup(cs) \ + (OCSP_CERTSTATUS *)ASN1_dup((i2d_of_void *)i2d_OCSP_CERTSTATUS, \ + (d2i_of_void *)d2i_OCSP_CERTSTATUS, (char *)(cs)) DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID) OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, - const OCSP_REQUEST *req, int buf_size); + const OCSP_REQUEST *req, int buf_size); OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; -# define OCSP_REQ_CTX_new(io, buf_size) \ - OSSL_HTTP_REQ_CTX_new(io, io, buf_size) -# define OCSP_REQ_CTX_free OSSL_HTTP_REQ_CTX_free -# define OCSP_REQ_CTX_http(rctx, op, path) \ - (OSSL_HTTP_REQ_CTX_set_expected(rctx, NULL, 1 /* asn1 */, 0, 0) && \ - OSSL_HTTP_REQ_CTX_set_request_line(rctx, strcmp(op, "POST") == 0, \ - NULL, NULL, path)) -# define OCSP_REQ_CTX_add1_header OSSL_HTTP_REQ_CTX_add1_header -# define OCSP_REQ_CTX_i2d(r, it, req) \ - OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req) -# define OCSP_REQ_CTX_set1_req(r, req) \ - OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) -# define OCSP_REQ_CTX_nbio OSSL_HTTP_REQ_CTX_nbio -# define OCSP_REQ_CTX_nbio_d2i OSSL_HTTP_REQ_CTX_nbio_d2i -# define OCSP_sendreq_nbio(p, r) \ - OSSL_HTTP_REQ_CTX_nbio_d2i(r, (ASN1_VALUE **)(p), \ - ASN1_ITEM_rptr(OCSP_RESPONSE)) -# define OCSP_REQ_CTX_get0_mem_bio OSSL_HTTP_REQ_CTX_get0_mem_bio -# define OCSP_set_max_response_length OSSL_HTTP_REQ_CTX_set_max_response_length -# endif +#define OCSP_REQ_CTX_new(io, buf_size) \ + OSSL_HTTP_REQ_CTX_new(io, io, buf_size) +#define OCSP_REQ_CTX_free OSSL_HTTP_REQ_CTX_free +#define OCSP_REQ_CTX_http(rctx, op, path) \ + (OSSL_HTTP_REQ_CTX_set_expected(rctx, NULL, 1 /* asn1 */, 0, 0) && OSSL_HTTP_REQ_CTX_set_request_line(rctx, strcmp(op, "POST") == 0, NULL, NULL, path)) +#define OCSP_REQ_CTX_add1_header OSSL_HTTP_REQ_CTX_add1_header +#define OCSP_REQ_CTX_i2d(r, it, req) \ + OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req) +#define OCSP_REQ_CTX_set1_req(r, req) \ + OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) +#define OCSP_REQ_CTX_nbio OSSL_HTTP_REQ_CTX_nbio +#define OCSP_REQ_CTX_nbio_d2i OSSL_HTTP_REQ_CTX_nbio_d2i +#define OCSP_sendreq_nbio(p, r) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(r, (ASN1_VALUE **)(p), \ + ASN1_ITEM_rptr(OCSP_RESPONSE)) +#define OCSP_REQ_CTX_get0_mem_bio OSSL_HTTP_REQ_CTX_get0_mem_bio +#define OCSP_set_max_response_length OSSL_HTTP_REQ_CTX_set_max_response_length +#endif OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, - const X509 *issuer); + const X509 *issuer); OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, - const X509_NAME *issuerName, - const ASN1_BIT_STRING *issuerKey, - const ASN1_INTEGER *serialNumber); + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); @@ -216,10 +221,10 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); int OCSP_request_sign(OCSP_REQUEST *req, - X509 *signer, - EVP_PKEY *key, - const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags); + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); @@ -228,36 +233,36 @@ const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, - STACK_OF(X509) *extra_certs); + STACK_OF(X509) *extra_certs); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); -const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs); const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, - const ASN1_OCTET_STRING **pid, - const X509_NAME **pname); + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, - ASN1_OCTET_STRING **pid, - X509_NAME **pname); + ASN1_OCTET_STRING **pid, + X509_NAME **pname); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd); + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, - int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd); + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, - ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, - X509_STORE *store, unsigned long flags); + X509_STORE *store, unsigned long flags); -# define OCSP_parse_url(url, host, port, path, ssl) \ +#define OCSP_parse_url(url, host, port, path, ssl) \ OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL) int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); @@ -267,29 +272,29 @@ OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, - ASN1_OCTET_STRING **pikeyHash, - ASN1_INTEGER **pserial, OCSP_CERTID *cid); + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); int OCSP_request_is_signed(OCSP_REQUEST *req); OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - OCSP_CERTID *cid, - int status, int reason, - ASN1_TIME *revtime, - ASN1_TIME *thisupd, - ASN1_TIME *nextupd); + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); int OCSP_basic_sign(OCSP_BASICRESP *brsp, - X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags); + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, - X509 *signer, EVP_MD_CTX *ctx, - STACK_OF(X509) *certs, unsigned long flags); + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); @@ -303,14 +308,14 @@ int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, - int *idx); + int *idx); int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); @@ -321,35 +326,35 @@ X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, - int lastpos); + int lastpos); X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, - int *idx); + int *idx); int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, - int crit, unsigned long flags); + int crit, unsigned long flags); int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, - int lastpos); + int lastpos); X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, - int *idx); + int *idx); int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, - int crit, unsigned long flags); + int crit, unsigned long flags); int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); @@ -377,11 +382,10 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags); + X509_STORE *st, unsigned long flags); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif /* !defined(OPENSSL_NO_OCSP) */ +#endif +#endif /* !defined(OPENSSL_NO_OCSP) */ #endif --- crypto/openssl/include/openssl/ocsperr.h.orig +++ crypto/openssl/include/openssl/ocsperr.h @@ -9,45 +9,43 @@ */ #ifndef OPENSSL_OCSPERR_H -# define OPENSSL_OCSPERR_H -# pragma once +#define OPENSSL_OCSPERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_OCSP +#include +#include +#include +#ifndef OPENSSL_NO_OCSP /* * OCSP reason codes. */ -# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 -# define OCSP_R_DIGEST_ERR 102 -# define OCSP_R_DIGEST_NAME_ERR 106 -# define OCSP_R_DIGEST_SIZE_ERR 107 -# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 -# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 -# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 -# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 -# define OCSP_R_NOT_BASIC_RESPONSE 104 -# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 -# define OCSP_R_NO_RESPONSE_DATA 108 -# define OCSP_R_NO_REVOKED_TIME 109 -# define OCSP_R_NO_SIGNER_KEY 130 -# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 -# define OCSP_R_REQUEST_NOT_SIGNED 128 -# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 -# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 -# define OCSP_R_SIGNATURE_FAILURE 117 -# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 -# define OCSP_R_STATUS_EXPIRED 125 -# define OCSP_R_STATUS_NOT_YET_VALID 126 -# define OCSP_R_STATUS_TOO_OLD 127 -# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 -# define OCSP_R_UNKNOWN_NID 120 -# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 +#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +#define OCSP_R_DIGEST_ERR 102 +#define OCSP_R_DIGEST_NAME_ERR 106 +#define OCSP_R_DIGEST_SIZE_ERR 107 +#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +#define OCSP_R_NOT_BASIC_RESPONSE 104 +#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +#define OCSP_R_NO_RESPONSE_DATA 108 +#define OCSP_R_NO_REVOKED_TIME 109 +#define OCSP_R_NO_SIGNER_KEY 130 +#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +#define OCSP_R_REQUEST_NOT_SIGNED 128 +#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +#define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +#define OCSP_R_SIGNATURE_FAILURE 117 +#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +#define OCSP_R_STATUS_EXPIRED 125 +#define OCSP_R_STATUS_NOT_YET_VALID 126 +#define OCSP_R_STATUS_TOO_OLD 127 +#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +#define OCSP_R_UNKNOWN_NID 120 +#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 -# endif +#endif #endif --- crypto/openssl/include/openssl/opensslconf.h.orig +++ crypto/openssl/include/openssl/opensslconf.h @@ -8,10 +8,10 @@ */ #ifndef OPENSSL_OPENSSLCONF_H -# define OPENSSL_OPENSSLCONF_H -# pragma once +#define OPENSSL_OPENSSLCONF_H +#pragma once -# include -# include +#include +#include -#endif /* OPENSSL_OPENSSLCONF_H */ +#endif /* OPENSSL_OPENSSLCONF_H */ --- crypto/openssl/include/openssl/opensslv.h.orig +++ crypto/openssl/include/openssl/opensslv.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/opensslv.h.in * - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,12 +11,12 @@ */ #ifndef OPENSSL_OPENSSLV_H -# define OPENSSL_OPENSSLV_H -# pragma once +#define OPENSSL_OPENSSLV_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * SECTION 1: VERSION DATA. These will change for each release @@ -27,9 +27,15 @@ * * These macros express version number MAJOR.MINOR.PATCH exactly */ +/* clang-format off */ # define OPENSSL_VERSION_MAJOR 3 +/* clang-format on */ +/* clang-format off */ # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 16 +/* clang-format on */ +/* clang-format off */ +# define OPENSSL_VERSION_PATCH 20 +/* clang-format on */ /* * Additional version information @@ -39,10 +45,14 @@ */ /* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */ +/* clang-format off */ # define OPENSSL_VERSION_PRE_RELEASE "" +/* clang-format on */ /* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */ /* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */ +/* clang-format off */ # define OPENSSL_VERSION_BUILD_METADATA "" +/* clang-format on */ /* * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA @@ -57,14 +67,16 @@ * be related to the API version expressed with the macros above. * This is defined in free form. */ +/* clang-format off */ # define OPENSSL_SHLIB_VERSION 3 +/* clang-format on */ /* * SECTION 2: USEFUL MACROS */ /* For checking general API compatibility when preprocessing */ -# define OPENSSL_VERSION_PREREQ(maj,min) \ +#define OPENSSL_VERSION_PREREQ(maj, min) \ ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min)) /* @@ -74,41 +86,46 @@ * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.16" -# define OPENSSL_FULL_VERSION_STR "3.0.16" +/* clang-format off */ +# define OPENSSL_VERSION_STR "3.0.20" +/* clang-format on */ +/* clang-format off */ +# define OPENSSL_FULL_VERSION_STR "3.0.20" +/* clang-format on */ /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "11 Feb 2025" +/* clang-format off */ +# define OPENSSL_RELEASE_DATE "7 Apr 2026" +/* clang-format on */ /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.16 11 Feb 2025" +/* clang-format off */ +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.20 7 Apr 2026" +/* clang-format on */ -/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ -# ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0L -# else -# define _OPENSSL_VERSION_PRE_RELEASE 0xfL -# endif +/* clang-format off */ +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PP0L */ # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ |(OPENSSL_VERSION_MINOR<<20) \ |(OPENSSL_VERSION_PATCH<<4) \ - |_OPENSSL_VERSION_PRE_RELEASE ) + |0x0L ) +/* clang-format on */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_OPENSSLV_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_OPENSSLV_H +#endif -#endif /* OPENSSL_OPENSSLV_H */ +#endif /* OPENSSL_OPENSSLV_H */ --- crypto/openssl/include/openssl/opensslv.h.in.orig +++ crypto/openssl/include/openssl/opensslv.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,12 @@ */ #ifndef OPENSSL_OPENSSLV_H -# define OPENSSL_OPENSSLV_H -# pragma once +#define OPENSSL_OPENSSLV_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * SECTION 1: VERSION DATA. These will change for each release @@ -26,9 +26,15 @@ * * These macros express version number MAJOR.MINOR.PATCH exactly */ +/* clang-format off */ # define OPENSSL_VERSION_MAJOR {- $config{major} -} +/* clang-format on */ +/* clang-format off */ # define OPENSSL_VERSION_MINOR {- $config{minor} -} +/* clang-format on */ +/* clang-format off */ # define OPENSSL_VERSION_PATCH {- $config{patch} -} +/* clang-format on */ /* * Additional version information @@ -38,10 +44,14 @@ */ /* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */ +/* clang-format off */ # define OPENSSL_VERSION_PRE_RELEASE "{- $config{prerelease} -}" +/* clang-format on */ /* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */ /* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */ +/* clang-format off */ # define OPENSSL_VERSION_BUILD_METADATA "{- $config{build_metadata} -}" +/* clang-format on */ /* * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA @@ -56,14 +66,16 @@ * be related to the API version expressed with the macros above. * This is defined in free form. */ +/* clang-format off */ # define OPENSSL_SHLIB_VERSION {- $config{shlib_version} -} +/* clang-format on */ /* * SECTION 2: USEFUL MACROS */ /* For checking general API compatibility when preprocessing */ -# define OPENSSL_VERSION_PREREQ(maj,min) \ +#define OPENSSL_VERSION_PREREQ(maj, min) \ ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min)) /* @@ -73,41 +85,46 @@ * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ +/* clang-format off */ # define OPENSSL_VERSION_STR "{- $config{version} -}" +/* clang-format on */ +/* clang-format off */ # define OPENSSL_FULL_VERSION_STR "{- $config{full_version} -}" +/* clang-format on */ /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ +/* clang-format off */ # define OPENSSL_RELEASE_DATE "{- $config{release_date} -}" +/* clang-format on */ /* * SECTION 4: BACKWARD COMPATIBILITY */ +/* clang-format off */ # define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}" +/* clang-format on */ -/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ -# ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0L -# else -# define _OPENSSL_VERSION_PRE_RELEASE 0xfL -# endif +/* clang-format off */ +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PP0L */ # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ |(OPENSSL_VERSION_MINOR<<20) \ |(OPENSSL_VERSION_PATCH<<4) \ - |_OPENSSL_VERSION_PRE_RELEASE ) + |0x0L ) +/* clang-format on */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_OPENSSLV_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_OPENSSLV_H +#endif -#endif /* OPENSSL_OPENSSLV_H */ +#endif /* OPENSSL_OPENSSLV_H */ --- crypto/openssl/include/openssl/ossl_typ.h.orig +++ crypto/openssl/include/openssl/ossl_typ.h @@ -13,4 +13,4 @@ * This header file only exists for compatibility reasons with older * applications which #include . */ -# include +#include --- crypto/openssl/include/openssl/param_build.h.orig +++ crypto/openssl/include/openssl/param_build.h @@ -9,15 +9,15 @@ */ #ifndef OPENSSL_PARAM_BUILD_H -# define OPENSSL_PARAM_BUILD_H -# pragma once +#define OPENSSL_PARAM_BUILD_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void); OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld); @@ -25,39 +25,39 @@ int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int val); int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, - unsigned int val); + unsigned int val); int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key, - long int val); + long int val); int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, - unsigned long int val); + unsigned long int val); int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key, - int32_t val); + int32_t val); int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, - uint32_t val); + uint32_t val); int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key, - int64_t val); + int64_t val); int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, - uint64_t val); + uint64_t val); int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, - size_t val); + size_t val); int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key, - time_t val); + time_t val); int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key, - double val); + double val); int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, - const BIGNUM *bn); + const BIGNUM *bn); int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, - const BIGNUM *bn, size_t sz); + const BIGNUM *bn, size_t sz); int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, - const char *buf, size_t bsize); + const char *buf, size_t bsize); int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, - char *buf, size_t bsize); + char *buf, size_t bsize); int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, - const void *buf, size_t bsize); + const void *buf, size_t bsize); int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, - void *buf, size_t bsize); + void *buf, size_t bsize); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -#endif /* OPENSSL_PARAM_BUILD_H */ +#endif +#endif /* OPENSSL_PARAM_BUILD_H */ --- crypto/openssl/include/openssl/params.h.orig +++ crypto/openssl/include/openssl/params.h @@ -9,62 +9,62 @@ */ #ifndef OPENSSL_PARAMS_H -# define OPENSSL_PARAMS_H -# pragma once +#define OPENSSL_PARAMS_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define OSSL_PARAM_UNMODIFIED ((size_t)-1) +#define OSSL_PARAM_UNMODIFIED ((size_t)-1) -# define OSSL_PARAM_END \ +#define OSSL_PARAM_END \ { NULL, 0, NULL, 0, 0 } -# define OSSL_PARAM_DEFN(key, type, addr, sz) \ +#define OSSL_PARAM_DEFN(key, type, addr, sz) \ { (key), (type), (addr), (sz), OSSL_PARAM_UNMODIFIED } /* Basic parameter types without return sizes */ -# define OSSL_PARAM_int(key, addr) \ +#define OSSL_PARAM_int(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int)) -# define OSSL_PARAM_uint(key, addr) \ +#define OSSL_PARAM_uint(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ - sizeof(unsigned int)) -# define OSSL_PARAM_long(key, addr) \ + sizeof(unsigned int)) +#define OSSL_PARAM_long(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(long int)) -# define OSSL_PARAM_ulong(key, addr) \ +#define OSSL_PARAM_ulong(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ - sizeof(unsigned long int)) -# define OSSL_PARAM_int32(key, addr) \ + sizeof(unsigned long int)) +#define OSSL_PARAM_int32(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int32_t)) -# define OSSL_PARAM_uint32(key, addr) \ +#define OSSL_PARAM_uint32(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ - sizeof(uint32_t)) -# define OSSL_PARAM_int64(key, addr) \ + sizeof(uint32_t)) +#define OSSL_PARAM_int64(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int64_t)) -# define OSSL_PARAM_uint64(key, addr) \ +#define OSSL_PARAM_uint64(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ - sizeof(uint64_t)) -# define OSSL_PARAM_size_t(key, addr) \ + sizeof(uint64_t)) +#define OSSL_PARAM_size_t(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), sizeof(size_t)) -# define OSSL_PARAM_time_t(key, addr) \ +#define OSSL_PARAM_time_t(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(time_t)) -# define OSSL_PARAM_double(key, addr) \ +#define OSSL_PARAM_double(key, addr) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_REAL, (addr), sizeof(double)) -# define OSSL_PARAM_BN(key, bn, sz) \ +#define OSSL_PARAM_BN(key, bn, sz) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (bn), (sz)) -# define OSSL_PARAM_utf8_string(key, addr, sz) \ +#define OSSL_PARAM_utf8_string(key, addr, sz) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_UTF8_STRING, (addr), sz) -# define OSSL_PARAM_octet_string(key, addr, sz) \ +#define OSSL_PARAM_octet_string(key, addr, sz) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_OCTET_STRING, (addr), sz) -# define OSSL_PARAM_utf8_ptr(key, addr, sz) \ +#define OSSL_PARAM_utf8_ptr(key, addr, sz) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_UTF8_PTR, (addr), sz) -# define OSSL_PARAM_octet_ptr(key, addr, sz) \ +#define OSSL_PARAM_octet_ptr(key, addr, sz) \ OSSL_PARAM_DEFN((key), OSSL_PARAM_OCTET_PTR, (addr), sz) /* Search an OSSL_PARAM array for a matching name */ @@ -83,22 +83,22 @@ OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf); OSSL_PARAM OSSL_PARAM_construct_time_t(const char *key, time_t *buf); OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, - size_t bsize); + size_t bsize); OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf); OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, - size_t bsize); + size_t bsize); OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, - size_t bsize); + size_t bsize); OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, - size_t bsize); + size_t bsize); OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, - size_t bsize); + size_t bsize); OSSL_PARAM OSSL_PARAM_construct_end(void); int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, - const OSSL_PARAM *paramdefs, - const char *key, const char *value, - size_t value_n, int *found); + const OSSL_PARAM *paramdefs, + const char *key, const char *value, + size_t value_n, int *found); int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val); int OSSL_PARAM_get_uint(const OSSL_PARAM *p, unsigned int *val); @@ -132,20 +132,20 @@ int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val); int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, size_t max_len, - size_t *used_len); + size_t *used_len); int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len); int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val); int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val); int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, - size_t *used_len); + size_t *used_len); int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, - size_t used_len); + size_t used_len); int OSSL_PARAM_get_utf8_string_ptr(const OSSL_PARAM *p, const char **val); int OSSL_PARAM_get_octet_string_ptr(const OSSL_PARAM *p, const void **val, - size_t *used_len); + size_t *used_len); int OSSL_PARAM_modified(const OSSL_PARAM *p); void OSSL_PARAM_set_all_unmodified(OSSL_PARAM *p); @@ -154,7 +154,7 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2); void OSSL_PARAM_free(OSSL_PARAM *p); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/pem.h.orig +++ crypto/openssl/include/openssl/pem.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,57 +8,59 @@ */ #ifndef OPENSSL_PEM_H -# define OPENSSL_PEM_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_PEM_H -# endif - -# include -# include -# include -# include -# include -# include - -#ifdef __cplusplus +#define OPENSSL_PEM_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_PEM_H +#endif + +#include +#include +#include +#include +#include +#include + +#ifdef __cplusplus extern "C" { #endif -# define PEM_BUFSIZE 1024 - -# define PEM_STRING_X509_OLD "X509 CERTIFICATE" -# define PEM_STRING_X509 "CERTIFICATE" -# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" -# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" -# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" -# define PEM_STRING_X509_CRL "X509 CRL" -# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" -# define PEM_STRING_PUBLIC "PUBLIC KEY" -# define PEM_STRING_RSA "RSA PRIVATE KEY" -# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" -# define PEM_STRING_DSA "DSA PRIVATE KEY" -# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" -# define PEM_STRING_PKCS7 "PKCS7" -# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" -# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" -# define PEM_STRING_PKCS8INF "PRIVATE KEY" -# define PEM_STRING_DHPARAMS "DH PARAMETERS" -# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" -# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" -# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" -# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" -# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" -# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" -# define PEM_STRING_PARAMETERS "PARAMETERS" -# define PEM_STRING_CMS "CMS" - -# define PEM_TYPE_ENCRYPTED 10 -# define PEM_TYPE_MIC_ONLY 20 -# define PEM_TYPE_MIC_CLEAR 30 -# define PEM_TYPE_CLEAR 40 +#define PEM_BUFSIZE 1024 + +#define PEM_STRING_X509_OLD "X509 CERTIFICATE" +#define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +#define PEM_STRING_X509_CRL "X509 CRL" +#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +#define PEM_STRING_PUBLIC "PUBLIC KEY" +#define PEM_STRING_RSA "RSA PRIVATE KEY" +#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +#define PEM_STRING_DSA "DSA PRIVATE KEY" +#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +#define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +#define PEM_STRING_PKCS8INF "PRIVATE KEY" +#define PEM_STRING_DHPARAMS "DH PARAMETERS" +#define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_PARAMETERS "PARAMETERS" +#define PEM_STRING_CMS "CMS" +#define PEM_STRING_SM2PRIVATEKEY "SM2 PRIVATE KEY" +#define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" + +#define PEM_TYPE_ENCRYPTED 10 +#define PEM_TYPE_MIC_ONLY 20 +#define PEM_TYPE_MIC_CLEAR 30 +#define PEM_TYPE_CLEAR 40 /* * These macros make the PEM_read/PEM_write functions easier to maintain and @@ -66,148 +68,148 @@ * IMPLEMENT_PEM_rw_cb(...) */ -# define PEM_read_cb_fnsig(name, type, INTYPE, readname) \ - type *PEM_##readname##_##name(INTYPE *out, type **x, \ - pem_password_cb *cb, void *u) -# define PEM_read_cb_ex_fnsig(name, type, INTYPE, readname) \ - type *PEM_##readname##_##name##_ex(INTYPE *out, type **x, \ - pem_password_cb *cb, void *u, \ - OSSL_LIB_CTX *libctx, \ - const char *propq) +#define PEM_read_cb_fnsig(name, type, INTYPE, readname) \ + type *PEM_##readname##_##name(INTYPE *out, type **x, \ + pem_password_cb *cb, void *u) +#define PEM_read_cb_ex_fnsig(name, type, INTYPE, readname) \ + type *PEM_##readname##_##name##_ex(INTYPE *out, type **x, \ + pem_password_cb *cb, void *u, \ + OSSL_LIB_CTX *libctx, \ + const char *propq) -# define PEM_write_fnsig(name, type, OUTTYPE, writename) \ +#define PEM_write_fnsig(name, type, OUTTYPE, writename) \ int PEM_##writename##_##name(OUTTYPE *out, const type *x) -# define PEM_write_cb_fnsig(name, type, OUTTYPE, writename) \ - int PEM_##writename##_##name(OUTTYPE *out, const type *x, \ - const EVP_CIPHER *enc, \ - const unsigned char *kstr, int klen, \ - pem_password_cb *cb, void *u) -# define PEM_write_ex_fnsig(name, type, OUTTYPE, writename) \ - int PEM_##writename##_##name##_ex(OUTTYPE *out, const type *x, \ - OSSL_LIB_CTX *libctx, \ - const char *propq) -# define PEM_write_cb_ex_fnsig(name, type, OUTTYPE, writename) \ - int PEM_##writename##_##name##_ex(OUTTYPE *out, const type *x, \ - const EVP_CIPHER *enc, \ - const unsigned char *kstr, int klen, \ - pem_password_cb *cb, void *u, \ - OSSL_LIB_CTX *libctx, \ - const char *propq) - -# ifdef OPENSSL_NO_STDIO - -# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ -# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ -# endif -# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ -# endif -# else - -# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +#define PEM_write_cb_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name(OUTTYPE *out, const type *x, \ + const EVP_CIPHER *enc, \ + const unsigned char *kstr, int klen, \ + pem_password_cb *cb, void *u) +#define PEM_write_ex_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name##_ex(OUTTYPE *out, const type *x, \ + OSSL_LIB_CTX *libctx, \ + const char *propq) +#define PEM_write_cb_ex_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name##_ex(OUTTYPE *out, const type *x, \ + const EVP_CIPHER *enc, \ + const unsigned char *kstr, int klen, \ + pem_password_cb *cb, void *u, \ + OSSL_LIB_CTX *libctx, \ + const char *propq) + +#ifdef OPENSSL_NO_STDIO + +#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +#endif +#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +#endif +#else + +#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u) \ - { \ - return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str, fp, \ - (void **)x, cb, u); \ + { \ + return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str, fp, \ + (void **)x, cb, u); \ } -# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ - PEM_write_fnsig(name, type, FILE, write) \ - { \ - return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ - x, NULL, NULL, 0, NULL, NULL); \ +#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ + PEM_write_fnsig(name, type, FILE, write) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL, NULL, 0, NULL, NULL); \ } -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ IMPLEMENT_PEM_write_fp(name, type, str, asn1) -# endif +#endif -# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ - PEM_write_cb_fnsig(name, type, FILE, write) \ - { \ - return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ - x, enc, kstr, klen, cb, u); \ +#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ + PEM_write_cb_fnsig(name, type, FILE, write) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u); \ } -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) -# endif -# endif - -# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ - type *PEM_read_bio_##name(BIO *bp, type **x, \ - pem_password_cb *cb, void *u) \ - { \ - return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str, bp, \ - (void **)x, cb, u); \ +#endif +#endif + +#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + type *PEM_read_bio_##name(BIO *bp, type **x, \ + pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str, bp, \ + (void **)x, cb, u); \ } -# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ - PEM_write_fnsig(name, type, BIO, write_bio) \ - { \ - return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ - x, NULL,NULL,0,NULL,NULL); \ +#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + PEM_write_fnsig(name, type, BIO, write_bio) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL, NULL, 0, NULL, NULL); \ } -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ IMPLEMENT_PEM_write_bio(name, type, str, asn1) -# endif +#endif -# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ - PEM_write_cb_fnsig(name, type, BIO, write_bio) \ - { \ - return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ - x, enc, kstr, klen, cb, u); \ +#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + PEM_write_cb_fnsig(name, type, BIO, write_bio) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u); \ } -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) -# endif - -# define IMPLEMENT_PEM_write(name, type, str, asn1) \ - IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_write_fp(name, type, str, asn1) - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ - IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ - IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) -# endif - -# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) -# endif - -# define IMPLEMENT_PEM_read(name, type, str, asn1) \ - IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_read_fp(name, type, str, asn1) - -# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ - IMPLEMENT_PEM_read(name, type, str, asn1) \ - IMPLEMENT_PEM_write(name, type, str, asn1) - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ - IMPLEMENT_PEM_read(name, type, str, asn1) \ - IMPLEMENT_PEM_write_const(name, type, str, asn1) -# endif - -# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ - IMPLEMENT_PEM_read(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb(name, type, str, asn1) +#endif + +#define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) +#endif + +#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) +#endif + +#define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) +#endif + +#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) /* These are the same except they are for the declarations */ @@ -216,222 +218,222 @@ * and is there to quiet pre-C99 compilers that may complain about empty * arguments in macro calls. */ -# if defined(OPENSSL_NO_STDIO) - -# define DECLARE_PEM_read_fp_attr(attr, name, type) /**/ -# define DECLARE_PEM_read_fp_ex_attr(attr, name, type) /**/ -# define DECLARE_PEM_write_fp_attr(attr, name, type) /**/ -# define DECLARE_PEM_write_fp_ex_attr(attr, name, type) /**/ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DECLARE_PEM_write_fp_const_attr(attr, name, type) /**/ -# endif -# define DECLARE_PEM_write_cb_fp_attr(attr, name, type) /**/ -# define DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) /**/ +#if defined(OPENSSL_NO_STDIO) + +#define DECLARE_PEM_read_fp_attr(attr, name, type) /**/ +#define DECLARE_PEM_read_fp_ex_attr(attr, name, type) /**/ +#define DECLARE_PEM_write_fp_attr(attr, name, type) /**/ +#define DECLARE_PEM_write_fp_ex_attr(attr, name, type) /**/ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DECLARE_PEM_write_fp_const_attr(attr, name, type) /**/ +#endif +#define DECLARE_PEM_write_cb_fp_attr(attr, name, type) /**/ +#define DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) /**/ -# else +#else -# define DECLARE_PEM_read_fp_attr(attr, name, type) \ +#define DECLARE_PEM_read_fp_attr(attr, name, type) \ attr PEM_read_cb_fnsig(name, type, FILE, read); -# define DECLARE_PEM_read_fp_ex_attr(attr, name, type) \ - attr PEM_read_cb_fnsig(name, type, FILE, read); \ +#define DECLARE_PEM_read_fp_ex_attr(attr, name, type) \ + attr PEM_read_cb_fnsig(name, type, FILE, read); \ attr PEM_read_cb_ex_fnsig(name, type, FILE, read); -# define DECLARE_PEM_write_fp_attr(attr, name, type) \ +#define DECLARE_PEM_write_fp_attr(attr, name, type) \ attr PEM_write_fnsig(name, type, FILE, write); -# define DECLARE_PEM_write_fp_ex_attr(attr, name, type) \ - attr PEM_write_fnsig(name, type, FILE, write); \ +#define DECLARE_PEM_write_fp_ex_attr(attr, name, type) \ + attr PEM_write_fnsig(name, type, FILE, write); \ attr PEM_write_ex_fnsig(name, type, FILE, write); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DECLARE_PEM_write_fp_const_attr(attr, name, type) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DECLARE_PEM_write_fp_const_attr(attr, name, type) \ attr PEM_write_fnsig(name, type, FILE, write); -# endif -# define DECLARE_PEM_write_cb_fp_attr(attr, name, type) \ +#endif +#define DECLARE_PEM_write_cb_fp_attr(attr, name, type) \ attr PEM_write_cb_fnsig(name, type, FILE, write); -# define DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) \ - attr PEM_write_cb_fnsig(name, type, FILE, write); \ +#define DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) \ + attr PEM_write_cb_fnsig(name, type, FILE, write); \ attr PEM_write_cb_ex_fnsig(name, type, FILE, write); -# endif +#endif -# define DECLARE_PEM_read_fp(name, type) \ +#define DECLARE_PEM_read_fp(name, type) \ DECLARE_PEM_read_fp_attr(extern, name, type) -# define DECLARE_PEM_write_fp(name, type) \ +#define DECLARE_PEM_write_fp(name, type) \ DECLARE_PEM_write_fp_attr(extern, name, type) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DECLARE_PEM_write_fp_const(name, type) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DECLARE_PEM_write_fp_const(name, type) \ DECLARE_PEM_write_fp_const_attr(extern, name, type) -# endif -# define DECLARE_PEM_write_cb_fp(name, type) \ +#endif +#define DECLARE_PEM_write_cb_fp(name, type) \ DECLARE_PEM_write_cb_fp_attr(extern, name, type) -# define DECLARE_PEM_read_bio_attr(attr, name, type) \ +#define DECLARE_PEM_read_bio_attr(attr, name, type) \ attr PEM_read_cb_fnsig(name, type, BIO, read_bio); -# define DECLARE_PEM_read_bio_ex_attr(attr, name, type) \ - attr PEM_read_cb_fnsig(name, type, BIO, read_bio); \ +#define DECLARE_PEM_read_bio_ex_attr(attr, name, type) \ + attr PEM_read_cb_fnsig(name, type, BIO, read_bio); \ attr PEM_read_cb_ex_fnsig(name, type, BIO, read_bio); -# define DECLARE_PEM_read_bio(name, type) \ +#define DECLARE_PEM_read_bio(name, type) \ DECLARE_PEM_read_bio_attr(extern, name, type) -# define DECLARE_PEM_read_bio_ex(name, type) \ +#define DECLARE_PEM_read_bio_ex(name, type) \ DECLARE_PEM_read_bio_ex_attr(extern, name, type) -# define DECLARE_PEM_write_bio_attr(attr, name, type) \ +#define DECLARE_PEM_write_bio_attr(attr, name, type) \ attr PEM_write_fnsig(name, type, BIO, write_bio); -# define DECLARE_PEM_write_bio_ex_attr(attr, name, type) \ - attr PEM_write_fnsig(name, type, BIO, write_bio); \ +#define DECLARE_PEM_write_bio_ex_attr(attr, name, type) \ + attr PEM_write_fnsig(name, type, BIO, write_bio); \ attr PEM_write_ex_fnsig(name, type, BIO, write_bio); -# define DECLARE_PEM_write_bio(name, type) \ +#define DECLARE_PEM_write_bio(name, type) \ DECLARE_PEM_write_bio_attr(extern, name, type) -# define DECLARE_PEM_write_bio_ex(name, type) \ +#define DECLARE_PEM_write_bio_ex(name, type) \ DECLARE_PEM_write_bio_ex_attr(extern, name, type) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DECLARE_PEM_write_bio_const_attr(attr, name, type) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DECLARE_PEM_write_bio_const_attr(attr, name, type) \ attr PEM_write_fnsig(name, type, BIO, write_bio); -# define DECLARE_PEM_write_bio_const(name, type) \ +#define DECLARE_PEM_write_bio_const(name, type) \ DECLARE_PEM_write_bio_const_attr(extern, name, type) -# endif +#endif -# define DECLARE_PEM_write_cb_bio_attr(attr, name, type) \ +#define DECLARE_PEM_write_cb_bio_attr(attr, name, type) \ attr PEM_write_cb_fnsig(name, type, BIO, write_bio); -# define DECLARE_PEM_write_cb_bio_ex_attr(attr, name, type) \ - attr PEM_write_cb_fnsig(name, type, BIO, write_bio); \ +#define DECLARE_PEM_write_cb_bio_ex_attr(attr, name, type) \ + attr PEM_write_cb_fnsig(name, type, BIO, write_bio); \ attr PEM_write_cb_ex_fnsig(name, type, BIO, write_bio); -# define DECLARE_PEM_write_cb_bio(name, type) \ +#define DECLARE_PEM_write_cb_bio(name, type) \ DECLARE_PEM_write_cb_bio_attr(extern, name, type) -# define DECLARE_PEM_write_cb_ex_bio(name, type) \ +#define DECLARE_PEM_write_cb_ex_bio(name, type) \ DECLARE_PEM_write_cb_bio_ex_attr(extern, name, type) -# define DECLARE_PEM_write_attr(attr, name, type) \ - DECLARE_PEM_write_bio_attr(attr, name, type) \ +#define DECLARE_PEM_write_attr(attr, name, type) \ + DECLARE_PEM_write_bio_attr(attr, name, type) \ DECLARE_PEM_write_fp_attr(attr, name, type) -# define DECLARE_PEM_write_ex_attr(attr, name, type) \ - DECLARE_PEM_write_bio_ex_attr(attr, name, type) \ +#define DECLARE_PEM_write_ex_attr(attr, name, type) \ + DECLARE_PEM_write_bio_ex_attr(attr, name, type) \ DECLARE_PEM_write_fp_ex_attr(attr, name, type) -# define DECLARE_PEM_write(name, type) \ +#define DECLARE_PEM_write(name, type) \ DECLARE_PEM_write_attr(extern, name, type) -# define DECLARE_PEM_write_ex(name, type) \ +#define DECLARE_PEM_write_ex(name, type) \ DECLARE_PEM_write_ex_attr(extern, name, type) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DECLARE_PEM_write_const_attr(attr, name, type) \ - DECLARE_PEM_write_bio_const_attr(attr, name, type) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DECLARE_PEM_write_const_attr(attr, name, type) \ + DECLARE_PEM_write_bio_const_attr(attr, name, type) \ DECLARE_PEM_write_fp_const_attr(attr, name, type) -# define DECLARE_PEM_write_const(name, type) \ +#define DECLARE_PEM_write_const(name, type) \ DECLARE_PEM_write_const_attr(extern, name, type) -# endif -# define DECLARE_PEM_write_cb_attr(attr, name, type) \ - DECLARE_PEM_write_cb_bio_attr(attr, name, type) \ +#endif +#define DECLARE_PEM_write_cb_attr(attr, name, type) \ + DECLARE_PEM_write_cb_bio_attr(attr, name, type) \ DECLARE_PEM_write_cb_fp_attr(attr, name, type) -# define DECLARE_PEM_write_cb_ex_attr(attr, name, type) \ - DECLARE_PEM_write_cb_bio_ex_attr(attr, name, type) \ +#define DECLARE_PEM_write_cb_ex_attr(attr, name, type) \ + DECLARE_PEM_write_cb_bio_ex_attr(attr, name, type) \ DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) -# define DECLARE_PEM_write_cb(name, type) \ +#define DECLARE_PEM_write_cb(name, type) \ DECLARE_PEM_write_cb_attr(extern, name, type) -# define DECLARE_PEM_write_cb_ex(name, type) \ +#define DECLARE_PEM_write_cb_ex(name, type) \ DECLARE_PEM_write_cb_ex_attr(extern, name, type) -# define DECLARE_PEM_read_attr(attr, name, type) \ - DECLARE_PEM_read_bio_attr(attr, name, type) \ +#define DECLARE_PEM_read_attr(attr, name, type) \ + DECLARE_PEM_read_bio_attr(attr, name, type) \ DECLARE_PEM_read_fp_attr(attr, name, type) -# define DECLARE_PEM_read_ex_attr(attr, name, type) \ - DECLARE_PEM_read_bio_ex_attr(attr, name, type) \ +#define DECLARE_PEM_read_ex_attr(attr, name, type) \ + DECLARE_PEM_read_bio_ex_attr(attr, name, type) \ DECLARE_PEM_read_fp_ex_attr(attr, name, type) -# define DECLARE_PEM_read(name, type) \ +#define DECLARE_PEM_read(name, type) \ DECLARE_PEM_read_attr(extern, name, type) -# define DECLARE_PEM_read_ex(name, type) \ +#define DECLARE_PEM_read_ex(name, type) \ DECLARE_PEM_read_ex_attr(extern, name, type) -# define DECLARE_PEM_rw_attr(attr, name, type) \ - DECLARE_PEM_read_attr(attr, name, type) \ +#define DECLARE_PEM_rw_attr(attr, name, type) \ + DECLARE_PEM_read_attr(attr, name, type) \ DECLARE_PEM_write_attr(attr, name, type) -# define DECLARE_PEM_rw_ex_attr(attr, name, type) \ - DECLARE_PEM_read_ex_attr(attr, name, type) \ +#define DECLARE_PEM_rw_ex_attr(attr, name, type) \ + DECLARE_PEM_read_ex_attr(attr, name, type) \ DECLARE_PEM_write_ex_attr(attr, name, type) -# define DECLARE_PEM_rw(name, type) \ +#define DECLARE_PEM_rw(name, type) \ DECLARE_PEM_rw_attr(extern, name, type) -# define DECLARE_PEM_rw_ex(name, type) \ +#define DECLARE_PEM_rw_ex(name, type) \ DECLARE_PEM_rw_ex_attr(extern, name, type) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define DECLARE_PEM_rw_const_attr(attr, name, type) \ - DECLARE_PEM_read_attr(attr, name, type) \ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define DECLARE_PEM_rw_const_attr(attr, name, type) \ + DECLARE_PEM_read_attr(attr, name, type) \ DECLARE_PEM_write_const_attr(attr, name, type) -# define DECLARE_PEM_rw_const(name, type) \ +#define DECLARE_PEM_rw_const(name, type) \ DECLARE_PEM_rw_const_attr(extern, name, type) -# endif -# define DECLARE_PEM_rw_cb_attr(attr, name, type) \ - DECLARE_PEM_read_attr(attr, name, type) \ +#endif +#define DECLARE_PEM_rw_cb_attr(attr, name, type) \ + DECLARE_PEM_read_attr(attr, name, type) \ DECLARE_PEM_write_cb_attr(attr, name, type) -# define DECLARE_PEM_rw_cb_ex_attr(attr, name, type) \ - DECLARE_PEM_read_ex_attr(attr, name, type) \ +#define DECLARE_PEM_rw_cb_ex_attr(attr, name, type) \ + DECLARE_PEM_read_ex_attr(attr, name, type) \ DECLARE_PEM_write_cb_ex_attr(attr, name, type) -# define DECLARE_PEM_rw_cb(name, type) \ +#define DECLARE_PEM_rw_cb(name, type) \ DECLARE_PEM_rw_cb_attr(extern, name, type) -# define DECLARE_PEM_rw_cb_ex(name, type) \ +#define DECLARE_PEM_rw_cb_ex(name, type) \ DECLARE_PEM_rw_cb_ex_attr(extern, name, type) int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, - pem_password_cb *callback, void *u); + pem_password_cb *callback, void *u); int PEM_read_bio(BIO *bp, char **name, char **header, - unsigned char **data, long *len); -# define PEM_FLAG_SECURE 0x1 -# define PEM_FLAG_EAY_COMPATIBLE 0x2 -# define PEM_FLAG_ONLY_B64 0x4 + unsigned char **data, long *len); +#define PEM_FLAG_SECURE 0x1 +#define PEM_FLAG_EAY_COMPATIBLE 0x2 +#define PEM_FLAG_ONLY_B64 0x4 int PEM_read_bio_ex(BIO *bp, char **name, char **header, - unsigned char **data, long *len, unsigned int flags); + unsigned char **data, long *len, unsigned int flags); int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, - const char *name, BIO *bp, pem_password_cb *cb, - void *u); + const char *name, BIO *bp, pem_password_cb *cb, + void *u); int PEM_write_bio(BIO *bp, const char *name, const char *hdr, - const unsigned char *data, long len); + const unsigned char *data, long len); int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, - const char *name, BIO *bp, pem_password_cb *cb, - void *u); + const char *name, BIO *bp, pem_password_cb *cb, + void *u); void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, - pem_password_cb *cb, void *u); + pem_password_cb *cb, void *u); int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - const void *x, const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *cb, void *u); + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u); + pem_password_cb *cb, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, - const char *propq); + pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, + const char *propq); int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *cd, void *u); + const unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); #ifndef OPENSSL_NO_STDIO int PEM_read(FILE *fp, char **name, char **header, - unsigned char **data, long *len); + unsigned char **data, long *len); int PEM_write(FILE *fp, const char *name, const char *hdr, - const unsigned char *data, long len); + const unsigned char *data, long len); void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, - pem_password_cb *cb, void *u); + pem_password_cb *cb, void *u); int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, - const void *x, const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *callback, void *u); + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *callback, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u); + pem_password_cb *cb, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, - void *u, OSSL_LIB_CTX *libctx, const char *propq); + void *u, OSSL_LIB_CTX *libctx, const char *propq); #endif int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); int PEM_SignUpdate(EVP_MD_CTX *ctx, const unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey); + unsigned int *siglen, EVP_PKEY *pkey); /* The default pem_password_cb that's used internally */ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, const char *str); -# include +#include DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) @@ -443,77 +445,77 @@ DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA) DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA) DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA) -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, DSAPrivateKey, DSA) DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSA_PUBKEY, DSA) DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSAparams, DSA) -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_EC DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, ECPKParameters, EC_GROUP) DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, ECPrivateKey, EC_KEY) DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY) -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_DH -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DEPRECATED_3_0 DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH) DECLARE_PEM_write_attr(OSSL_DEPRECATEDIN_3_0, DHxparams, DH) -# endif -# endif +#endif +#endif DECLARE_PEM_rw_cb_ex(PrivateKey, EVP_PKEY) DECLARE_PEM_rw_ex(PUBKEY, EVP_PKEY) int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, - const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *cb, void *u); + const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); /* Why do these take a signed char *kstr? */ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u); + const char *kstr, int klen, + pem_password_cb *cb, void *u); int PEM_write_bio_PKCS8PrivateKey(BIO *, const EVP_PKEY *, const EVP_CIPHER *, - const char *kstr, int klen, - pem_password_cb *cb, void *u); + const char *kstr, int klen, + pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u); + const char *kstr, int klen, + pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u); + const char *kstr, int klen, + pem_password_cb *cb, void *u); EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u); + void *u); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u); + const char *kstr, int klen, + pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u); + const char *kstr, int klen, + pem_password_cb *cb, void *u); int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u); + const char *kstr, int klen, + pem_password_cb *cb, void *u); EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u); + void *u); int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cd, void *u); -# endif + const char *kstr, int klen, + pem_password_cb *cd, void *u); +#endif EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); @@ -525,14 +527,14 @@ int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk); EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u); + pem_password_cb *cb, void *u); int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq); + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/pem2.h.orig +++ crypto/openssl/include/openssl/pem2.h @@ -8,12 +8,12 @@ */ #ifndef OPENSSL_PEM2_H -# define OPENSSL_PEM2_H -# pragma once +#define OPENSSL_PEM2_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_PEM2_H -# endif -# include +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_PEM2_H +#endif +#include #endif --- crypto/openssl/include/openssl/pemerr.h.orig +++ crypto/openssl/include/openssl/pemerr.h @@ -9,50 +9,48 @@ */ #ifndef OPENSSL_PEMERR_H -# define OPENSSL_PEMERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_PEMERR_H +#pragma once +#include +#include +#include /* * PEM reason codes. */ -# define PEM_R_BAD_BASE64_DECODE 100 -# define PEM_R_BAD_DECRYPT 101 -# define PEM_R_BAD_END_LINE 102 -# define PEM_R_BAD_IV_CHARS 103 -# define PEM_R_BAD_MAGIC_NUMBER 116 -# define PEM_R_BAD_PASSWORD_READ 104 -# define PEM_R_BAD_VERSION_NUMBER 117 -# define PEM_R_BIO_WRITE_FAILURE 118 -# define PEM_R_CIPHER_IS_NULL 127 -# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 -# define PEM_R_EXPECTING_DSS_KEY_BLOB 131 -# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 -# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 -# define PEM_R_EXPECTING_RSA_KEY_BLOB 132 -# define PEM_R_HEADER_TOO_LONG 128 -# define PEM_R_INCONSISTENT_HEADER 121 -# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 -# define PEM_R_KEYBLOB_TOO_SHORT 123 -# define PEM_R_MISSING_DEK_IV 129 -# define PEM_R_NOT_DEK_INFO 105 -# define PEM_R_NOT_ENCRYPTED 106 -# define PEM_R_NOT_PROC_TYPE 107 -# define PEM_R_NO_START_LINE 108 -# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 -# define PEM_R_PVK_DATA_TOO_SHORT 124 -# define PEM_R_PVK_TOO_SHORT 125 -# define PEM_R_READ_KEY 111 -# define PEM_R_SHORT_HEADER 112 -# define PEM_R_UNEXPECTED_DEK_IV 130 -# define PEM_R_UNSUPPORTED_CIPHER 113 -# define PEM_R_UNSUPPORTED_ENCRYPTION 114 -# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 -# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE 110 +#define PEM_R_BAD_BASE64_DECODE 100 +#define PEM_R_BAD_DECRYPT 101 +#define PEM_R_BAD_END_LINE 102 +#define PEM_R_BAD_IV_CHARS 103 +#define PEM_R_BAD_MAGIC_NUMBER 116 +#define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_BAD_VERSION_NUMBER 117 +#define PEM_R_BIO_WRITE_FAILURE 118 +#define PEM_R_CIPHER_IS_NULL 127 +#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +#define PEM_R_EXPECTING_DSS_KEY_BLOB 131 +#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +#define PEM_R_EXPECTING_RSA_KEY_BLOB 132 +#define PEM_R_HEADER_TOO_LONG 128 +#define PEM_R_INCONSISTENT_HEADER 121 +#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +#define PEM_R_KEYBLOB_TOO_SHORT 123 +#define PEM_R_MISSING_DEK_IV 129 +#define PEM_R_NOT_DEK_INFO 105 +#define PEM_R_NOT_ENCRYPTED 106 +#define PEM_R_NOT_PROC_TYPE 107 +#define PEM_R_NO_START_LINE 108 +#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +#define PEM_R_PVK_DATA_TOO_SHORT 124 +#define PEM_R_PVK_TOO_SHORT 125 +#define PEM_R_READ_KEY 111 +#define PEM_R_SHORT_HEADER 112 +#define PEM_R_UNEXPECTED_DEK_IV 130 +#define PEM_R_UNSUPPORTED_CIPHER 113 +#define PEM_R_UNSUPPORTED_ENCRYPTION 114 +#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 +#define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE 110 #endif --- crypto/openssl/include/openssl/pkcs12.h.orig +++ crypto/openssl/include/openssl/pkcs12.h @@ -10,47 +10,49 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_PKCS12_H -# define OPENSSL_PKCS12_H -# pragma once +#define OPENSSL_PKCS12_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_PKCS12_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_PKCS12_H +#endif -# include -# include -# include -# include +#include +#include +#include +#include #ifdef __cplusplus extern "C" { #endif -# define PKCS12_KEY_ID 1 -# define PKCS12_IV_ID 2 -# define PKCS12_MAC_ID 3 +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 +#define PKCS12_MAC_ID 3 /* Default iteration count */ -# ifndef PKCS12_DEFAULT_ITER -# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER -# endif +#ifndef PKCS12_DEFAULT_ITER +#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +#endif -# define PKCS12_MAC_KEY_LENGTH 20 +#define PKCS12_MAC_KEY_LENGTH 20 -# define PKCS12_SALT_LEN 8 +#define PKCS12_SALT_LEN 8 /* It's not clear if these are actually needed... */ -# define PKCS12_key_gen PKCS12_key_gen_utf8 -# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 +#define PKCS12_key_gen PKCS12_key_gen_utf8 +#define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 /* MS key usage constants */ -# define KEY_EX 0x10 -# define KEY_SIG 0x80 +#define KEY_EX 0x10 +#define KEY_SIG 0x80 typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; @@ -58,6 +60,7 @@ typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(PKCS12_SAFEBAG, PKCS12_SAFEBAG, PKCS12_SAFEBAG) #define sk_PKCS12_SAFEBAG_num(sk) OPENSSL_sk_num(ossl_check_const_PKCS12_SAFEBAG_sk_type(sk)) #define sk_PKCS12_SAFEBAG_value(sk, idx) ((PKCS12_SAFEBAG *)OPENSSL_sk_value(ossl_check_const_PKCS12_SAFEBAG_sk_type(sk), (idx))) @@ -85,45 +88,46 @@ #define sk_PKCS12_SAFEBAG_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PKCS12_SAFEBAG) *)OPENSSL_sk_deep_copy(ossl_check_const_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_copyfunc_type(copyfunc), ossl_check_PKCS12_SAFEBAG_freefunc_type(freefunc))) #define sk_PKCS12_SAFEBAG_set_cmp_func(sk, cmp) ((sk_PKCS12_SAFEBAG_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PKCS12_SAFEBAG_sk_type(sk), ossl_check_PKCS12_SAFEBAG_compfunc_type(cmp))) +/* clang-format on */ typedef struct pkcs12_bag_st PKCS12_BAGS; -# define PKCS12_ERROR 0 -# define PKCS12_OK 1 +#define PKCS12_ERROR 0 +#define PKCS12_OK 1 /* Compatibility macros */ #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define M_PKCS12_bag_type PKCS12_bag_type -# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type -# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type +#define M_PKCS12_bag_type PKCS12_bag_type +#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type -# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert -# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl -# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid -# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid -# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert -# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl -# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf -# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt +#define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +#define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +#define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +#define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +#define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +#define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +#define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt #endif #ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, - int attr_nid); + int attr_nid); #endif ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); int PKCS12_mac_present(const PKCS12 *p12); void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, - const X509_ALGOR **pmacalg, - const ASN1_OCTET_STRING **psalt, - const ASN1_INTEGER **piter, - const PKCS12 *p12); + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, - int attr_nid); + int attr_nid); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); @@ -143,155 +147,155 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, - const char *pass, - int passlen, - unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf); + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, - const char *pass, - int passlen, - unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *ctx, - const char *propq); + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *ctx, + const char *propq); PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - int nid1, int nid2); + int nid1, int nid2); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, - int passlen); + int passlen); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, - int passlen, OSSL_LIB_CTX *ctx, - const char *propq); + int passlen, OSSL_LIB_CTX *ctx, + const char *propq); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, - const char *pass, int passlen); + const char *pass, int passlen); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey_ex(const PKCS12_SAFEBAG *bag, - const char *pass, int passlen, - OSSL_LIB_CTX *ctx, - const char *propq); + const char *pass, int passlen, + OSSL_LIB_CTX *ctx, + const char *propq); X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, unsigned char *salt, - int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, unsigned char *salt, - int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, - OSSL_LIB_CTX *ctx, const char *propq); + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, + OSSL_LIB_CTX *ctx, const char *propq); X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, - PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, - PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, - OSSL_LIB_CTX *ctx, const char *propq); + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, + OSSL_LIB_CTX *ctx, const char *propq); PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags); + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags, - OSSL_LIB_CTX *ctx, const char *propq); + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags, + OSSL_LIB_CTX *ctx, const char *propq); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, - int passlen); + int passlen); int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen); + int namelen); int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); + int namelen); int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, - int namelen); + int namelen); int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); + int namelen); int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, - const unsigned char *name, int namelen); + const unsigned char *name, int namelen); int PKCS12_add1_attr_by_NID(PKCS12_SAFEBAG *bag, int nid, int type, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, - int attr_nid); + int attr_nid); char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); const STACK_OF(X509_ATTRIBUTE) * PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, - const char *pass, int passlen, - const unsigned char *in, int inlen, - unsigned char **data, int *datalen, - int en_de); + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, - const char *pass, int passlen, - const unsigned char *in, int inlen, - unsigned char **data, int *datalen, - int en_de, OSSL_LIB_CTX *libctx, - const char *propq); + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de, OSSL_LIB_CTX *libctx, + const char *propq); void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - const ASN1_OCTET_STRING *oct, int zbuf); + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - const ASN1_OCTET_STRING *oct, int zbuf, - OSSL_LIB_CTX *libctx, - const char *propq); + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf, + OSSL_LIB_CTX *libctx, + const char *propq); ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf); + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf, - OSSL_LIB_CTX *ctx, - const char *propq); + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf, + OSSL_LIB_CTX *ctx, + const char *propq); PKCS12 *PKCS12_init(int mode); PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq); int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); int PKCS12_key_gen_asc_ex(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); int PKCS12_key_gen_utf8_ex(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md_type, int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md_type, int en_de, - OSSL_LIB_CTX *libctx, const char *propq); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen); + unsigned char *mac, unsigned int *maclen); int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - const EVP_MD *md_type); + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, const EVP_MD *md_type); + int saltlen, const EVP_MD *md_type); unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, - unsigned char **uni, int *unilen); + unsigned char **uni, int *unilen); char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, - unsigned char **uni, int *unilen); + unsigned char **uni, int *unilen); char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); DECLARE_ASN1_FUNCTIONS(PKCS12) @@ -304,47 +308,47 @@ void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca); + STACK_OF(X509) **ca); PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, - X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, - int iter, int mac_iter, int keytype); + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, - X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, - int iter, int mac_iter, int keytype, - OSSL_LIB_CTX *ctx, const char *propq); + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq); PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, - int key_nid, const char *pass); + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, - int key_nid, const char *pass, - OSSL_LIB_CTX *ctx, const char *propq); + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass, + OSSL_LIB_CTX *ctx, const char *propq); PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, - int nid_type, const unsigned char *value, int len); + int nid_type, const unsigned char *value, int len); int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int safe_nid, int iter, const char *pass); + int safe_nid, int iter, const char *pass); int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int safe_nid, int iter, const char *pass, - OSSL_LIB_CTX *ctx, const char *propq); + int safe_nid, int iter, const char *pass, + OSSL_LIB_CTX *ctx, const char *propq); PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int p7_nid, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *ctx, const char *propq); int i2d_PKCS12_bio(BIO *bp, const PKCS12 *p12); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); -# endif +#endif PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); -# endif +#endif int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/pkcs12.h.in.orig +++ crypto/openssl/include/openssl/pkcs12.h.in @@ -9,49 +9,51 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_PKCS12_H -# define OPENSSL_PKCS12_H -# pragma once +#define OPENSSL_PKCS12_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_PKCS12_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_PKCS12_H +#endif -# include -# include -# include -# include +#include +#include +#include +#include #ifdef __cplusplus extern "C" { #endif -# define PKCS12_KEY_ID 1 -# define PKCS12_IV_ID 2 -# define PKCS12_MAC_ID 3 +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 +#define PKCS12_MAC_ID 3 /* Default iteration count */ -# ifndef PKCS12_DEFAULT_ITER -# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER -# endif +#ifndef PKCS12_DEFAULT_ITER +#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +#endif -# define PKCS12_MAC_KEY_LENGTH 20 +#define PKCS12_MAC_KEY_LENGTH 20 -# define PKCS12_SALT_LEN 8 +#define PKCS12_SALT_LEN 8 /* It's not clear if these are actually needed... */ -# define PKCS12_key_gen PKCS12_key_gen_utf8 -# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 +#define PKCS12_key_gen PKCS12_key_gen_utf8 +#define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 /* MS key usage constants */ -# define KEY_EX 0x10 -# define KEY_SIG 0x80 +#define KEY_EX 0x10 +#define KEY_SIG 0x80 typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; @@ -59,48 +61,50 @@ typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; +/* clang-format off */ {- generate_stack_macros("PKCS12_SAFEBAG"); -} +/* clang-format on */ typedef struct pkcs12_bag_st PKCS12_BAGS; -# define PKCS12_ERROR 0 -# define PKCS12_OK 1 +#define PKCS12_ERROR 0 +#define PKCS12_OK 1 /* Compatibility macros */ #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define M_PKCS12_bag_type PKCS12_bag_type -# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type -# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type +#define M_PKCS12_bag_type PKCS12_bag_type +#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type -# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert -# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl -# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid -# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid -# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert -# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl -# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf -# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt +#define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +#define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +#define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +#define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +#define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +#define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +#define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt #endif #ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, - int attr_nid); + int attr_nid); #endif ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); int PKCS12_mac_present(const PKCS12 *p12); void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, - const X509_ALGOR **pmacalg, - const ASN1_OCTET_STRING **psalt, - const ASN1_INTEGER **piter, - const PKCS12 *p12); + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, - int attr_nid); + int attr_nid); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); @@ -120,155 +124,155 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, - const char *pass, - int passlen, - unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf); + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, - const char *pass, - int passlen, - unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *ctx, - const char *propq); + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *ctx, + const char *propq); PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - int nid1, int nid2); + int nid1, int nid2); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, - int passlen); + int passlen); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, - int passlen, OSSL_LIB_CTX *ctx, - const char *propq); + int passlen, OSSL_LIB_CTX *ctx, + const char *propq); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, - const char *pass, int passlen); + const char *pass, int passlen); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey_ex(const PKCS12_SAFEBAG *bag, - const char *pass, int passlen, - OSSL_LIB_CTX *ctx, - const char *propq); + const char *pass, int passlen, + OSSL_LIB_CTX *ctx, + const char *propq); X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, unsigned char *salt, - int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, unsigned char *salt, - int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, - OSSL_LIB_CTX *ctx, const char *propq); + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, + OSSL_LIB_CTX *ctx, const char *propq); X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, - PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, - PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, - OSSL_LIB_CTX *ctx, const char *propq); + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, + OSSL_LIB_CTX *ctx, const char *propq); PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags); + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags, - OSSL_LIB_CTX *ctx, const char *propq); + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags, + OSSL_LIB_CTX *ctx, const char *propq); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, - int passlen); + int passlen); int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen); + int namelen); int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); + int namelen); int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, - int namelen); + int namelen); int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); + int namelen); int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, - const unsigned char *name, int namelen); + const unsigned char *name, int namelen); int PKCS12_add1_attr_by_NID(PKCS12_SAFEBAG *bag, int nid, int type, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, - int attr_nid); + int attr_nid); char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); const STACK_OF(X509_ATTRIBUTE) * PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, - const char *pass, int passlen, - const unsigned char *in, int inlen, - unsigned char **data, int *datalen, - int en_de); + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, - const char *pass, int passlen, - const unsigned char *in, int inlen, - unsigned char **data, int *datalen, - int en_de, OSSL_LIB_CTX *libctx, - const char *propq); + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de, OSSL_LIB_CTX *libctx, + const char *propq); void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - const ASN1_OCTET_STRING *oct, int zbuf); + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - const ASN1_OCTET_STRING *oct, int zbuf, - OSSL_LIB_CTX *libctx, - const char *propq); + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf, + OSSL_LIB_CTX *libctx, + const char *propq); ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf); + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf, - OSSL_LIB_CTX *ctx, - const char *propq); + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf, + OSSL_LIB_CTX *ctx, + const char *propq); PKCS12 *PKCS12_init(int mode); PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq); int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); int PKCS12_key_gen_asc_ex(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); int PKCS12_key_gen_utf8_ex(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq); + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type, + OSSL_LIB_CTX *ctx, const char *propq); int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md_type, int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md_type, int en_de, - OSSL_LIB_CTX *libctx, const char *propq); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen); + unsigned char *mac, unsigned int *maclen); int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - const EVP_MD *md_type); + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, const EVP_MD *md_type); + int saltlen, const EVP_MD *md_type); unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, - unsigned char **uni, int *unilen); + unsigned char **uni, int *unilen); char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, - unsigned char **uni, int *unilen); + unsigned char **uni, int *unilen); char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); DECLARE_ASN1_FUNCTIONS(PKCS12) @@ -281,47 +285,47 @@ void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca); + STACK_OF(X509) **ca); PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, - X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, - int iter, int mac_iter, int keytype); + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, - X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, - int iter, int mac_iter, int keytype, - OSSL_LIB_CTX *ctx, const char *propq); + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq); PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, - int key_nid, const char *pass); + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, - int key_nid, const char *pass, - OSSL_LIB_CTX *ctx, const char *propq); + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass, + OSSL_LIB_CTX *ctx, const char *propq); PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, - int nid_type, const unsigned char *value, int len); + int nid_type, const unsigned char *value, int len); int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int safe_nid, int iter, const char *pass); + int safe_nid, int iter, const char *pass); int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int safe_nid, int iter, const char *pass, - OSSL_LIB_CTX *ctx, const char *propq); + int safe_nid, int iter, const char *pass, + OSSL_LIB_CTX *ctx, const char *propq); PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int p7_nid, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *ctx, const char *propq); int i2d_PKCS12_bio(BIO *bp, const PKCS12 *p12); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); -# endif +#endif PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); -# endif +#endif int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/pkcs12err.h.orig +++ crypto/openssl/include/openssl/pkcs12err.h @@ -9,37 +9,35 @@ */ #ifndef OPENSSL_PKCS12ERR_H -# define OPENSSL_PKCS12ERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_PKCS12ERR_H +#pragma once +#include +#include +#include /* * PKCS12 reason codes. */ -# define PKCS12_R_CANT_PACK_STRUCTURE 100 -# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 -# define PKCS12_R_DECODE_ERROR 101 -# define PKCS12_R_ENCODE_ERROR 102 -# define PKCS12_R_ENCRYPT_ERROR 103 -# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 -# define PKCS12_R_INVALID_NULL_ARGUMENT 104 -# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 -# define PKCS12_R_INVALID_TYPE 112 -# define PKCS12_R_IV_GEN_ERROR 106 -# define PKCS12_R_KEY_GEN_ERROR 107 -# define PKCS12_R_MAC_ABSENT 108 -# define PKCS12_R_MAC_GENERATION_ERROR 109 -# define PKCS12_R_MAC_SETUP_ERROR 110 -# define PKCS12_R_MAC_STRING_SET_ERROR 111 -# define PKCS12_R_MAC_VERIFY_FAILURE 113 -# define PKCS12_R_PARSE_ERROR 114 -# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 -# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 -# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 +#define PKCS12_R_CANT_PACK_STRUCTURE 100 +#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +#define PKCS12_R_DECODE_ERROR 101 +#define PKCS12_R_ENCODE_ERROR 102 +#define PKCS12_R_ENCRYPT_ERROR 103 +#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +#define PKCS12_R_INVALID_NULL_ARGUMENT 104 +#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +#define PKCS12_R_INVALID_TYPE 112 +#define PKCS12_R_IV_GEN_ERROR 106 +#define PKCS12_R_KEY_GEN_ERROR 107 +#define PKCS12_R_MAC_ABSENT 108 +#define PKCS12_R_MAC_GENERATION_ERROR 109 +#define PKCS12_R_MAC_SETUP_ERROR 110 +#define PKCS12_R_MAC_STRING_SET_ERROR 111 +#define PKCS12_R_MAC_VERIFY_FAILURE 113 +#define PKCS12_R_PARSE_ERROR 114 +#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 #endif --- crypto/openssl/include/openssl/pkcs7.h.orig +++ crypto/openssl/include/openssl/pkcs7.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/pkcs7.h.in * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,30 +10,31 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_PKCS7_H -# define OPENSSL_PKCS7_H -# pragma once +#define OPENSSL_PKCS7_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_PKCS7_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_PKCS7_H +#endif -# include -# include -# include +#include +#include +#include -# include -# include -# include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif - /*- Encryption_ID DES-CBC Digest_ID MD5 @@ -52,17 +53,18 @@ } PKCS7_ISSUER_AND_SERIAL; typedef struct pkcs7_signer_info_st { - ASN1_INTEGER *version; /* version 1 */ + ASN1_INTEGER *version; /* version 1 */ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *digest_alg; STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ - X509_ALGOR *digest_enc_alg; - ASN1_OCTET_STRING *enc_digest; + X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */ + ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */ STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ /* The private key to sign with */ EVP_PKEY *pkey; const PKCS7_CTX *ctx; } PKCS7_SIGNER_INFO; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) #define sk_PKCS7_SIGNER_INFO_num(sk) OPENSSL_sk_num(ossl_check_const_PKCS7_SIGNER_INFO_sk_type(sk)) #define sk_PKCS7_SIGNER_INFO_value(sk, idx) ((PKCS7_SIGNER_INFO *)OPENSSL_sk_value(ossl_check_const_PKCS7_SIGNER_INFO_sk_type(sk), (idx))) @@ -90,15 +92,17 @@ #define sk_PKCS7_SIGNER_INFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PKCS7_SIGNER_INFO) *)OPENSSL_sk_deep_copy(ossl_check_const_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_copyfunc_type(copyfunc), ossl_check_PKCS7_SIGNER_INFO_freefunc_type(freefunc))) #define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, cmp) ((sk_PKCS7_SIGNER_INFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PKCS7_SIGNER_INFO_sk_type(sk), ossl_check_PKCS7_SIGNER_INFO_compfunc_type(cmp))) +/* clang-format on */ typedef struct pkcs7_recip_info_st { - ASN1_INTEGER *version; /* version 0 */ + ASN1_INTEGER *version; /* version 0 */ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *key_enc_algor; ASN1_OCTET_STRING *enc_key; - X509 *cert; /* get the pub-key from this */ + X509 *cert; /* get the pub-key from this */ const PKCS7_CTX *ctx; } PKCS7_RECIP_INFO; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) #define sk_PKCS7_RECIP_INFO_num(sk) OPENSSL_sk_num(ossl_check_const_PKCS7_RECIP_INFO_sk_type(sk)) #define sk_PKCS7_RECIP_INFO_value(sk, idx) ((PKCS7_RECIP_INFO *)OPENSSL_sk_value(ossl_check_const_PKCS7_RECIP_INFO_sk_type(sk), (idx))) @@ -126,13 +130,13 @@ #define sk_PKCS7_RECIP_INFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PKCS7_RECIP_INFO) *)OPENSSL_sk_deep_copy(ossl_check_const_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_copyfunc_type(copyfunc), ossl_check_PKCS7_RECIP_INFO_freefunc_type(freefunc))) #define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, cmp) ((sk_PKCS7_RECIP_INFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PKCS7_RECIP_INFO_sk_type(sk), ossl_check_PKCS7_RECIP_INFO_compfunc_type(cmp))) - +/* clang-format on */ typedef struct pkcs7_signed_st { - ASN1_INTEGER *version; /* version 1 */ + ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; struct pkcs7_st *contents; } PKCS7_SIGNED; @@ -150,30 +154,30 @@ } PKCS7_ENC_CONTENT; typedef struct pkcs7_enveloped_st { - ASN1_INTEGER *version; /* version 0 */ + ASN1_INTEGER *version; /* version 0 */ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; PKCS7_ENC_CONTENT *enc_data; } PKCS7_ENVELOPE; typedef struct pkcs7_signedandenveloped_st { - ASN1_INTEGER *version; /* version 1 */ + ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_ENC_CONTENT *enc_data; STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; } PKCS7_SIGN_ENVELOPE; typedef struct pkcs7_digest_st { - ASN1_INTEGER *version; /* version 0 */ - X509_ALGOR *md; /* md used */ + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ struct pkcs7_st *contents; ASN1_OCTET_STRING *digest; } PKCS7_DIGEST; typedef struct pkcs7_encrypted_st { - ASN1_INTEGER *version; /* version 0 */ + ASN1_INTEGER *version; /* version 0 */ PKCS7_ENC_CONTENT *enc_data; } PKCS7_ENCRYPT; @@ -184,10 +188,10 @@ */ unsigned char *asn1; long length; -# define PKCS7_S_HEADER 0 -# define PKCS7_S_BODY 1 -# define PKCS7_S_TAIL 2 - int state; /* used during processing */ +#define PKCS7_S_HEADER 0 +#define PKCS7_S_BODY 1 +#define PKCS7_S_TAIL 2 + int state; /* used during processing */ int detached; ASN1_OBJECT *type; /* content as defined by the type */ @@ -214,6 +218,7 @@ } d; PKCS7_CTX ctx; } PKCS7; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7, PKCS7, PKCS7) #define sk_PKCS7_num(sk) OPENSSL_sk_num(ossl_check_const_PKCS7_sk_type(sk)) #define sk_PKCS7_value(sk, idx) ((PKCS7 *)OPENSSL_sk_value(ossl_check_const_PKCS7_sk_type(sk), (idx))) @@ -241,73 +246,73 @@ #define sk_PKCS7_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(PKCS7) *)OPENSSL_sk_deep_copy(ossl_check_const_PKCS7_sk_type(sk), ossl_check_PKCS7_copyfunc_type(copyfunc), ossl_check_PKCS7_freefunc_type(freefunc))) #define sk_PKCS7_set_cmp_func(sk, cmp) ((sk_PKCS7_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_PKCS7_sk_type(sk), ossl_check_PKCS7_compfunc_type(cmp))) +/* clang-format on */ +#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 -# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 -# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 +#define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +#define PKCS7_get_attributes(si) ((si)->unauth_attr) -# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) -# define PKCS7_get_attributes(si) ((si)->unauth_attr) +#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +#define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) -# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) -# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) -# define PKCS7_type_is_signedAndEnveloped(a) \ - (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) -# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) -# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) +#define PKCS7_set_detached(p, v) \ + PKCS7_ctrl(p, PKCS7_OP_SET_DETACHED_SIGNATURE, v, NULL) +#define PKCS7_get_detached(p) \ + PKCS7_ctrl(p, PKCS7_OP_GET_DETACHED_SIGNATURE, 0, NULL) -# define PKCS7_set_detached(p,v) \ - PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) -# define PKCS7_get_detached(p) \ - PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) - -# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) +#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) /* S/MIME related flags */ -# define PKCS7_TEXT 0x1 -# define PKCS7_NOCERTS 0x2 -# define PKCS7_NOSIGS 0x4 -# define PKCS7_NOCHAIN 0x8 -# define PKCS7_NOINTERN 0x10 -# define PKCS7_NOVERIFY 0x20 -# define PKCS7_DETACHED 0x40 -# define PKCS7_BINARY 0x80 -# define PKCS7_NOATTR 0x100 -# define PKCS7_NOSMIMECAP 0x200 -# define PKCS7_NOOLDMIMETYPE 0x400 -# define PKCS7_CRLFEOL 0x800 -# define PKCS7_STREAM 0x1000 -# define PKCS7_NOCRL 0x2000 -# define PKCS7_PARTIAL 0x4000 -# define PKCS7_REUSE_DIGEST 0x8000 -# define PKCS7_NO_DUAL_CONTENT 0x10000 +#define PKCS7_TEXT 0x1 +#define PKCS7_NOCERTS 0x2 +#define PKCS7_NOSIGS 0x4 +#define PKCS7_NOCHAIN 0x8 +#define PKCS7_NOINTERN 0x10 +#define PKCS7_NOVERIFY 0x20 +#define PKCS7_DETACHED 0x40 +#define PKCS7_BINARY 0x80 +#define PKCS7_NOATTR 0x100 +#define PKCS7_NOSMIMECAP 0x200 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 +#define PKCS7_NOCRL 0x2000 +#define PKCS7_PARTIAL 0x4000 +#define PKCS7_REUSE_DIGEST 0x8000 +#define PKCS7_NO_DUAL_CONTENT 0x10000 /* Flags: for compatibility with older code */ -# define SMIME_TEXT PKCS7_TEXT -# define SMIME_NOCERTS PKCS7_NOCERTS -# define SMIME_NOSIGS PKCS7_NOSIGS -# define SMIME_NOCHAIN PKCS7_NOCHAIN -# define SMIME_NOINTERN PKCS7_NOINTERN -# define SMIME_NOVERIFY PKCS7_NOVERIFY -# define SMIME_DETACHED PKCS7_DETACHED -# define SMIME_BINARY PKCS7_BINARY -# define SMIME_NOATTR PKCS7_NOATTR +#define SMIME_TEXT PKCS7_TEXT +#define SMIME_NOCERTS PKCS7_NOCERTS +#define SMIME_NOSIGS PKCS7_NOSIGS +#define SMIME_NOCHAIN PKCS7_NOCHAIN +#define SMIME_NOINTERN PKCS7_NOINTERN +#define SMIME_NOVERIFY PKCS7_NOVERIFY +#define SMIME_DETACHED PKCS7_DETACHED +#define SMIME_BINARY PKCS7_BINARY +#define SMIME_NOATTR PKCS7_NOATTR /* CRLF ASCII canonicalisation */ -# define SMIME_ASCIICRLF 0x80000 +#define SMIME_ASCIICRLF 0x80000 DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, - const EVP_MD *type, unsigned char *md, - unsigned int *len); -# ifndef OPENSSL_NO_STDIO + const EVP_MD *type, unsigned char *md, + unsigned int *len); +#ifndef OPENSSL_NO_STDIO PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7); -# endif +#endif DECLARE_ASN1_DUP_FUNCTION(PKCS7) PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7); @@ -338,30 +343,30 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst); + const EVP_MD *dgst); int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); int PKCS7_content_new(PKCS7 *p7, int nid); int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, - BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); + X509 *x509); BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, - EVP_PKEY *pkey, const EVP_MD *dgst); + EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, - X509_ALGOR **pdig, X509_ALGOR **psig); + X509_ALGOR **pdig, X509_ALGOR **psig); void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); @@ -372,48 +377,48 @@ ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, - void *data); + void *data); int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value); + void *value); ASN1_TYPE *PKCS7_get_attribute(const PKCS7_SIGNER_INFO *si, int nid); ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid); int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk); + STACK_OF(X509_ATTRIBUTE) *sk); int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk); + STACK_OF(X509_ATTRIBUTE) *sk); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags); + BIO *data, int flags); PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags, OSSL_LIB_CTX *libctx, - const char *propq); + BIO *data, int flags, OSSL_LIB_CTX *libctx, + const char *propq); PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, - X509 *signcert, EVP_PKEY *pkey, - const EVP_MD *md, int flags); + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); int PKCS7_final(PKCS7 *p7, BIO *data, int flags); int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags); + BIO *indata, BIO *out, int flags); STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, - int flags); + int flags); PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags); + int flags); PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, int flags, - OSSL_LIB_CTX *libctx, const char *propq); + const EVP_CIPHER *cipher, int flags, + OSSL_LIB_CTX *libctx, const char *propq); int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, - int flags); + int flags); int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, - STACK_OF(X509_ALGOR) *cap); + STACK_OF(X509_ALGOR) *cap); STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, - const unsigned char *md, int mdlen); + const unsigned char *md, int mdlen); int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7); @@ -421,7 +426,7 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/pkcs7.h.in.orig +++ crypto/openssl/include/openssl/pkcs7.h.in @@ -9,32 +9,33 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_PKCS7_H -# define OPENSSL_PKCS7_H -# pragma once +#define OPENSSL_PKCS7_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_PKCS7_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_PKCS7_H +#endif -# include -# include -# include +#include +#include +#include -# include -# include -# include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif - /*- Encryption_ID DES-CBC Digest_ID MD5 @@ -53,7 +54,7 @@ } PKCS7_ISSUER_AND_SERIAL; typedef struct pkcs7_signer_info_st { - ASN1_INTEGER *version; /* version 1 */ + ASN1_INTEGER *version; /* version 1 */ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *digest_alg; STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ @@ -64,28 +65,31 @@ EVP_PKEY *pkey; const PKCS7_CTX *ctx; } PKCS7_SIGNER_INFO; +/* clang-format off */ {- generate_stack_macros("PKCS7_SIGNER_INFO"); -} +/* clang-format on */ typedef struct pkcs7_recip_info_st { - ASN1_INTEGER *version; /* version 0 */ + ASN1_INTEGER *version; /* version 0 */ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *key_enc_algor; ASN1_OCTET_STRING *enc_key; - X509 *cert; /* get the pub-key from this */ + X509 *cert; /* get the pub-key from this */ const PKCS7_CTX *ctx; } PKCS7_RECIP_INFO; +/* clang-format off */ {- generate_stack_macros("PKCS7_RECIP_INFO"); -} - +/* clang-format on */ typedef struct pkcs7_signed_st { - ASN1_INTEGER *version; /* version 1 */ + ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; struct pkcs7_st *contents; } PKCS7_SIGNED; @@ -103,30 +107,30 @@ } PKCS7_ENC_CONTENT; typedef struct pkcs7_enveloped_st { - ASN1_INTEGER *version; /* version 0 */ + ASN1_INTEGER *version; /* version 0 */ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; PKCS7_ENC_CONTENT *enc_data; } PKCS7_ENVELOPE; typedef struct pkcs7_signedandenveloped_st { - ASN1_INTEGER *version; /* version 1 */ + ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_ENC_CONTENT *enc_data; STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; } PKCS7_SIGN_ENVELOPE; typedef struct pkcs7_digest_st { - ASN1_INTEGER *version; /* version 0 */ - X509_ALGOR *md; /* md used */ + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ struct pkcs7_st *contents; ASN1_OCTET_STRING *digest; } PKCS7_DIGEST; typedef struct pkcs7_encrypted_st { - ASN1_INTEGER *version; /* version 0 */ + ASN1_INTEGER *version; /* version 0 */ PKCS7_ENC_CONTENT *enc_data; } PKCS7_ENCRYPT; @@ -137,10 +141,10 @@ */ unsigned char *asn1; long length; -# define PKCS7_S_HEADER 0 -# define PKCS7_S_BODY 1 -# define PKCS7_S_TAIL 2 - int state; /* used during processing */ +#define PKCS7_S_HEADER 0 +#define PKCS7_S_BODY 1 +#define PKCS7_S_TAIL 2 + int state; /* used during processing */ int detached; ASN1_OBJECT *type; /* content as defined by the type */ @@ -167,76 +171,77 @@ } d; PKCS7_CTX ctx; } PKCS7; +/* clang-format off */ {- generate_stack_macros("PKCS7"); -} +/* clang-format on */ +#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 -# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 -# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 +#define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +#define PKCS7_get_attributes(si) ((si)->unauth_attr) -# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) -# define PKCS7_get_attributes(si) ((si)->unauth_attr) +#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +#define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) -# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) -# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) -# define PKCS7_type_is_signedAndEnveloped(a) \ - (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) -# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) -# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) +#define PKCS7_set_detached(p, v) \ + PKCS7_ctrl(p, PKCS7_OP_SET_DETACHED_SIGNATURE, v, NULL) +#define PKCS7_get_detached(p) \ + PKCS7_ctrl(p, PKCS7_OP_GET_DETACHED_SIGNATURE, 0, NULL) -# define PKCS7_set_detached(p,v) \ - PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) -# define PKCS7_get_detached(p) \ - PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) - -# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) +#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) /* S/MIME related flags */ -# define PKCS7_TEXT 0x1 -# define PKCS7_NOCERTS 0x2 -# define PKCS7_NOSIGS 0x4 -# define PKCS7_NOCHAIN 0x8 -# define PKCS7_NOINTERN 0x10 -# define PKCS7_NOVERIFY 0x20 -# define PKCS7_DETACHED 0x40 -# define PKCS7_BINARY 0x80 -# define PKCS7_NOATTR 0x100 -# define PKCS7_NOSMIMECAP 0x200 -# define PKCS7_NOOLDMIMETYPE 0x400 -# define PKCS7_CRLFEOL 0x800 -# define PKCS7_STREAM 0x1000 -# define PKCS7_NOCRL 0x2000 -# define PKCS7_PARTIAL 0x4000 -# define PKCS7_REUSE_DIGEST 0x8000 -# define PKCS7_NO_DUAL_CONTENT 0x10000 +#define PKCS7_TEXT 0x1 +#define PKCS7_NOCERTS 0x2 +#define PKCS7_NOSIGS 0x4 +#define PKCS7_NOCHAIN 0x8 +#define PKCS7_NOINTERN 0x10 +#define PKCS7_NOVERIFY 0x20 +#define PKCS7_DETACHED 0x40 +#define PKCS7_BINARY 0x80 +#define PKCS7_NOATTR 0x100 +#define PKCS7_NOSMIMECAP 0x200 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 +#define PKCS7_NOCRL 0x2000 +#define PKCS7_PARTIAL 0x4000 +#define PKCS7_REUSE_DIGEST 0x8000 +#define PKCS7_NO_DUAL_CONTENT 0x10000 /* Flags: for compatibility with older code */ -# define SMIME_TEXT PKCS7_TEXT -# define SMIME_NOCERTS PKCS7_NOCERTS -# define SMIME_NOSIGS PKCS7_NOSIGS -# define SMIME_NOCHAIN PKCS7_NOCHAIN -# define SMIME_NOINTERN PKCS7_NOINTERN -# define SMIME_NOVERIFY PKCS7_NOVERIFY -# define SMIME_DETACHED PKCS7_DETACHED -# define SMIME_BINARY PKCS7_BINARY -# define SMIME_NOATTR PKCS7_NOATTR +#define SMIME_TEXT PKCS7_TEXT +#define SMIME_NOCERTS PKCS7_NOCERTS +#define SMIME_NOSIGS PKCS7_NOSIGS +#define SMIME_NOCHAIN PKCS7_NOCHAIN +#define SMIME_NOINTERN PKCS7_NOINTERN +#define SMIME_NOVERIFY PKCS7_NOVERIFY +#define SMIME_DETACHED PKCS7_DETACHED +#define SMIME_BINARY PKCS7_BINARY +#define SMIME_NOATTR PKCS7_NOATTR /* CRLF ASCII canonicalisation */ -# define SMIME_ASCIICRLF 0x80000 +#define SMIME_ASCIICRLF 0x80000 DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, - const EVP_MD *type, unsigned char *md, - unsigned int *len); -# ifndef OPENSSL_NO_STDIO + const EVP_MD *type, unsigned char *md, + unsigned int *len); +#ifndef OPENSSL_NO_STDIO PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7); -# endif +#endif DECLARE_ASN1_DUP_FUNCTION(PKCS7) PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7); @@ -267,30 +272,30 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst); + const EVP_MD *dgst); int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); int PKCS7_content_new(PKCS7 *p7, int nid); int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, - BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); + X509 *x509); BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, - EVP_PKEY *pkey, const EVP_MD *dgst); + EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, - X509_ALGOR **pdig, X509_ALGOR **psig); + X509_ALGOR **pdig, X509_ALGOR **psig); void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); @@ -301,48 +306,48 @@ ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, - void *data); + void *data); int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value); + void *value); ASN1_TYPE *PKCS7_get_attribute(const PKCS7_SIGNER_INFO *si, int nid); ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid); int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk); + STACK_OF(X509_ATTRIBUTE) *sk); int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk); + STACK_OF(X509_ATTRIBUTE) *sk); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags); + BIO *data, int flags); PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags, OSSL_LIB_CTX *libctx, - const char *propq); + BIO *data, int flags, OSSL_LIB_CTX *libctx, + const char *propq); PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, - X509 *signcert, EVP_PKEY *pkey, - const EVP_MD *md, int flags); + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); int PKCS7_final(PKCS7 *p7, BIO *data, int flags); int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags); + BIO *indata, BIO *out, int flags); STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, - int flags); + int flags); PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags); + int flags); PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, int flags, - OSSL_LIB_CTX *libctx, const char *propq); + const EVP_CIPHER *cipher, int flags, + OSSL_LIB_CTX *libctx, const char *propq); int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, - int flags); + int flags); int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, - STACK_OF(X509_ALGOR) *cap); + STACK_OF(X509_ALGOR) *cap); STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, - const unsigned char *md, int mdlen); + const unsigned char *md, int mdlen); int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7); @@ -350,7 +355,7 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/pkcs7err.h.orig +++ crypto/openssl/include/openssl/pkcs7err.h @@ -9,55 +9,53 @@ */ #ifndef OPENSSL_PKCS7ERR_H -# define OPENSSL_PKCS7ERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_PKCS7ERR_H +#pragma once +#include +#include +#include /* * PKCS7 reason codes. */ -# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 -# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 -# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 -# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 -# define PKCS7_R_CTRL_ERROR 152 -# define PKCS7_R_DECRYPT_ERROR 119 -# define PKCS7_R_DIGEST_FAILURE 101 -# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 -# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 -# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 -# define PKCS7_R_ERROR_SETTING_CIPHER 121 -# define PKCS7_R_INVALID_NULL_POINTER 143 -# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 -# define PKCS7_R_NO_CONTENT 122 -# define PKCS7_R_NO_DEFAULT_DIGEST 151 -# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 -# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 -# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 -# define PKCS7_R_NO_SIGNERS 142 -# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 -# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 -# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 -# define PKCS7_R_PKCS7_DATASIGN 145 -# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 -# define PKCS7_R_SIGNATURE_FAILURE 105 -# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 -# define PKCS7_R_SIGNING_CTRL_FAILURE 147 -# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 -# define PKCS7_R_SMIME_TEXT_ERROR 129 -# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 -# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 -# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 -# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 -# define PKCS7_R_UNKNOWN_OPERATION 110 -# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 -# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 -# define PKCS7_R_WRONG_CONTENT_TYPE 113 -# define PKCS7_R_WRONG_PKCS7_TYPE 114 +#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +#define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +#define PKCS7_R_CTRL_ERROR 152 +#define PKCS7_R_DECRYPT_ERROR 119 +#define PKCS7_R_DIGEST_FAILURE 101 +#define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +#define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +#define PKCS7_R_ERROR_SETTING_CIPHER 121 +#define PKCS7_R_INVALID_NULL_POINTER 143 +#define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +#define PKCS7_R_NO_CONTENT 122 +#define PKCS7_R_NO_DEFAULT_DIGEST 151 +#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +#define PKCS7_R_NO_SIGNERS 142 +#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +#define PKCS7_R_PKCS7_DATASIGN 145 +#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +#define PKCS7_R_SIGNATURE_FAILURE 105 +#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +#define PKCS7_R_SIGNING_CTRL_FAILURE 147 +#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +#define PKCS7_R_SMIME_TEXT_ERROR 129 +#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +#define PKCS7_R_UNKNOWN_OPERATION 110 +#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +#define PKCS7_R_WRONG_CONTENT_TYPE 113 +#define PKCS7_R_WRONG_PKCS7_TYPE 114 #endif --- crypto/openssl/include/openssl/prov_ssl.h.orig +++ crypto/openssl/include/openssl/prov_ssl.h @@ -8,27 +8,27 @@ */ #ifndef OPENSSL_PROV_SSL_H -# define OPENSSL_PROV_SSL_H -# pragma once +#define OPENSSL_PROV_SSL_H +#pragma once -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* SSL/TLS related defines useful to providers */ -# define SSL_MAX_MASTER_KEY_LENGTH 48 +#define SSL_MAX_MASTER_KEY_LENGTH 48 -# define SSL3_VERSION 0x0300 -# define TLS1_VERSION 0x0301 -# define TLS1_1_VERSION 0x0302 -# define TLS1_2_VERSION 0x0303 -# define TLS1_3_VERSION 0x0304 -# define DTLS1_VERSION 0xFEFF -# define DTLS1_2_VERSION 0xFEFD -# define DTLS1_BAD_VER 0x0100 +#define SSL3_VERSION 0x0300 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 +#define TLS1_2_VERSION 0x0303 +#define TLS1_3_VERSION 0x0304 +#define DTLS1_VERSION 0xFEFF +#define DTLS1_2_VERSION 0xFEFD +#define DTLS1_BAD_VER 0x0100 -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif /* OPENSSL_PROV_SSL_H */ --- crypto/openssl/include/openssl/proverr.h.orig +++ crypto/openssl/include/openssl/proverr.h @@ -9,140 +9,138 @@ */ #ifndef OPENSSL_PROVERR_H -# define OPENSSL_PROVERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_PROVERR_H +#pragma once +#include +#include +#include /* * PROV reason codes. */ -# define PROV_R_ADDITIONAL_INPUT_TOO_LONG 184 -# define PROV_R_ALGORITHM_MISMATCH 173 -# define PROV_R_ALREADY_INSTANTIATED 185 -# define PROV_R_BAD_DECRYPT 100 -# define PROV_R_BAD_ENCODING 141 -# define PROV_R_BAD_LENGTH 142 -# define PROV_R_BAD_TLS_CLIENT_VERSION 161 -# define PROV_R_BN_ERROR 160 -# define PROV_R_CIPHER_OPERATION_FAILED 102 -# define PROV_R_DERIVATION_FUNCTION_INIT_FAILED 205 -# define PROV_R_DIGEST_NOT_ALLOWED 174 -# define PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK 186 -# define PROV_R_ERROR_INSTANTIATING_DRBG 188 -# define PROV_R_ERROR_RETRIEVING_ENTROPY 189 -# define PROV_R_ERROR_RETRIEVING_NONCE 190 -# define PROV_R_FAILED_DURING_DERIVATION 164 -# define PROV_R_FAILED_TO_CREATE_LOCK 180 -# define PROV_R_FAILED_TO_DECRYPT 162 -# define PROV_R_FAILED_TO_GENERATE_KEY 121 -# define PROV_R_FAILED_TO_GET_PARAMETER 103 -# define PROV_R_FAILED_TO_SET_PARAMETER 104 -# define PROV_R_FAILED_TO_SIGN 175 -# define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227 -# define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224 -# define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225 -# define PROV_R_GENERATE_ERROR 191 -# define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 -# define PROV_R_INDICATOR_INTEGRITY_FAILURE 210 -# define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181 -# define PROV_R_INVALID_AAD 108 -# define PROV_R_INVALID_CONFIG_DATA 211 -# define PROV_R_INVALID_CONSTANT_LENGTH 157 -# define PROV_R_INVALID_CURVE 176 -# define PROV_R_INVALID_CUSTOM_LENGTH 111 -# define PROV_R_INVALID_DATA 115 -# define PROV_R_INVALID_DIGEST 122 -# define PROV_R_INVALID_DIGEST_LENGTH 166 -# define PROV_R_INVALID_DIGEST_SIZE 218 -# define PROV_R_INVALID_INPUT_LENGTH 230 -# define PROV_R_INVALID_ITERATION_COUNT 123 -# define PROV_R_INVALID_IV_LENGTH 109 -# define PROV_R_INVALID_KEY 158 -# define PROV_R_INVALID_KEY_LENGTH 105 -# define PROV_R_INVALID_MAC 151 -# define PROV_R_INVALID_MGF1_MD 167 -# define PROV_R_INVALID_MODE 125 -# define PROV_R_INVALID_OUTPUT_LENGTH 217 -# define PROV_R_INVALID_PADDING_MODE 168 -# define PROV_R_INVALID_PUBINFO 198 -# define PROV_R_INVALID_SALT_LENGTH 112 -# define PROV_R_INVALID_SEED_LENGTH 154 -# define PROV_R_INVALID_SIGNATURE_SIZE 179 -# define PROV_R_INVALID_STATE 212 -# define PROV_R_INVALID_TAG 110 -# define PROV_R_INVALID_TAG_LENGTH 118 -# define PROV_R_INVALID_UKM_LENGTH 200 -# define PROV_R_INVALID_X931_DIGEST 170 -# define PROV_R_IN_ERROR_STATE 192 -# define PROV_R_KEY_SETUP_FAILED 101 -# define PROV_R_KEY_SIZE_TOO_SMALL 171 -# define PROV_R_LENGTH_TOO_LARGE 202 -# define PROV_R_MISMATCHING_DOMAIN_PARAMETERS 203 -# define PROV_R_MISSING_CEK_ALG 144 -# define PROV_R_MISSING_CIPHER 155 -# define PROV_R_MISSING_CONFIG_DATA 213 -# define PROV_R_MISSING_CONSTANT 156 -# define PROV_R_MISSING_KEY 128 -# define PROV_R_MISSING_MAC 150 -# define PROV_R_MISSING_MESSAGE_DIGEST 129 -# define PROV_R_MISSING_OID 209 -# define PROV_R_MISSING_PASS 130 -# define PROV_R_MISSING_SALT 131 -# define PROV_R_MISSING_SECRET 132 -# define PROV_R_MISSING_SEED 140 -# define PROV_R_MISSING_SESSION_ID 133 -# define PROV_R_MISSING_TYPE 134 -# define PROV_R_MISSING_XCGHASH 135 -# define PROV_R_MODULE_INTEGRITY_FAILURE 214 -# define PROV_R_NOT_A_PRIVATE_KEY 221 -# define PROV_R_NOT_A_PUBLIC_KEY 220 -# define PROV_R_NOT_INSTANTIATED 193 -# define PROV_R_NOT_PARAMETERS 226 -# define PROV_R_NOT_SUPPORTED 136 -# define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 -# define PROV_R_NO_KEY_SET 114 -# define PROV_R_NO_PARAMETERS_SET 177 -# define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 178 -# define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 -# define PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS 228 -# define PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED 187 -# define PROV_R_PARENT_LOCKING_NOT_ENABLED 182 -# define PROV_R_PARENT_STRENGTH_TOO_WEAK 194 -# define PROV_R_PATH_MUST_BE_ABSOLUTE 219 -# define PROV_R_PERSONALISATION_STRING_TOO_LONG 195 -# define PROV_R_PSS_SALTLEN_TOO_SMALL 172 -# define PROV_R_REQUEST_TOO_LARGE_FOR_DRBG 196 -# define PROV_R_REQUIRE_CTR_MODE_CIPHER 206 -# define PROV_R_RESEED_ERROR 197 -# define PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 222 -# define PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT 229 -# define PROV_R_SELF_TEST_KAT_FAILURE 215 -# define PROV_R_SELF_TEST_POST_FAILURE 216 -# define PROV_R_TAG_NOT_NEEDED 120 -# define PROV_R_TAG_NOT_SET 119 -# define PROV_R_TOO_MANY_RECORDS 126 -# define PROV_R_UNABLE_TO_FIND_CIPHERS 207 -# define PROV_R_UNABLE_TO_GET_PARENT_STRENGTH 199 -# define PROV_R_UNABLE_TO_GET_PASSPHRASE 159 -# define PROV_R_UNABLE_TO_INITIALISE_CIPHERS 208 -# define PROV_R_UNABLE_TO_LOAD_SHA256 147 -# define PROV_R_UNABLE_TO_LOCK_PARENT 201 -# define PROV_R_UNABLE_TO_RESEED 204 -# define PROV_R_UNSUPPORTED_CEK_ALG 145 -# define PROV_R_UNSUPPORTED_KEY_SIZE 153 -# define PROV_R_UNSUPPORTED_MAC_TYPE 137 -# define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152 -# define PROV_R_URI_AUTHORITY_UNSUPPORTED 223 -# define PROV_R_VALUE_ERROR 138 -# define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 -# define PROV_R_WRONG_OUTPUT_BUFFER_SIZE 139 -# define PROV_R_XOF_DIGESTS_NOT_ALLOWED 183 -# define PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE 148 -# define PROV_R_XTS_DUPLICATED_KEYS 149 +#define PROV_R_ADDITIONAL_INPUT_TOO_LONG 184 +#define PROV_R_ALGORITHM_MISMATCH 173 +#define PROV_R_ALREADY_INSTANTIATED 185 +#define PROV_R_BAD_DECRYPT 100 +#define PROV_R_BAD_ENCODING 141 +#define PROV_R_BAD_LENGTH 142 +#define PROV_R_BAD_TLS_CLIENT_VERSION 161 +#define PROV_R_BN_ERROR 160 +#define PROV_R_CIPHER_OPERATION_FAILED 102 +#define PROV_R_DERIVATION_FUNCTION_INIT_FAILED 205 +#define PROV_R_DIGEST_NOT_ALLOWED 174 +#define PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK 186 +#define PROV_R_ERROR_INSTANTIATING_DRBG 188 +#define PROV_R_ERROR_RETRIEVING_ENTROPY 189 +#define PROV_R_ERROR_RETRIEVING_NONCE 190 +#define PROV_R_FAILED_DURING_DERIVATION 164 +#define PROV_R_FAILED_TO_CREATE_LOCK 180 +#define PROV_R_FAILED_TO_DECRYPT 162 +#define PROV_R_FAILED_TO_GENERATE_KEY 121 +#define PROV_R_FAILED_TO_GET_PARAMETER 103 +#define PROV_R_FAILED_TO_SET_PARAMETER 104 +#define PROV_R_FAILED_TO_SIGN 175 +#define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227 +#define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224 +#define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225 +#define PROV_R_GENERATE_ERROR 191 +#define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 +#define PROV_R_INDICATOR_INTEGRITY_FAILURE 210 +#define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181 +#define PROV_R_INVALID_AAD 108 +#define PROV_R_INVALID_CONFIG_DATA 211 +#define PROV_R_INVALID_CONSTANT_LENGTH 157 +#define PROV_R_INVALID_CURVE 176 +#define PROV_R_INVALID_CUSTOM_LENGTH 111 +#define PROV_R_INVALID_DATA 115 +#define PROV_R_INVALID_DIGEST 122 +#define PROV_R_INVALID_DIGEST_LENGTH 166 +#define PROV_R_INVALID_DIGEST_SIZE 218 +#define PROV_R_INVALID_INPUT_LENGTH 230 +#define PROV_R_INVALID_ITERATION_COUNT 123 +#define PROV_R_INVALID_IV_LENGTH 109 +#define PROV_R_INVALID_KEY 158 +#define PROV_R_INVALID_KEY_LENGTH 105 +#define PROV_R_INVALID_MAC 151 +#define PROV_R_INVALID_MGF1_MD 167 +#define PROV_R_INVALID_MODE 125 +#define PROV_R_INVALID_OUTPUT_LENGTH 217 +#define PROV_R_INVALID_PADDING_MODE 168 +#define PROV_R_INVALID_PUBINFO 198 +#define PROV_R_INVALID_SALT_LENGTH 112 +#define PROV_R_INVALID_SEED_LENGTH 154 +#define PROV_R_INVALID_SIGNATURE_SIZE 179 +#define PROV_R_INVALID_STATE 212 +#define PROV_R_INVALID_TAG 110 +#define PROV_R_INVALID_TAG_LENGTH 118 +#define PROV_R_INVALID_UKM_LENGTH 200 +#define PROV_R_INVALID_X931_DIGEST 170 +#define PROV_R_IN_ERROR_STATE 192 +#define PROV_R_KEY_SETUP_FAILED 101 +#define PROV_R_KEY_SIZE_TOO_SMALL 171 +#define PROV_R_LENGTH_TOO_LARGE 202 +#define PROV_R_MISMATCHING_DOMAIN_PARAMETERS 203 +#define PROV_R_MISSING_CEK_ALG 144 +#define PROV_R_MISSING_CIPHER 155 +#define PROV_R_MISSING_CONFIG_DATA 213 +#define PROV_R_MISSING_CONSTANT 156 +#define PROV_R_MISSING_KEY 128 +#define PROV_R_MISSING_MAC 150 +#define PROV_R_MISSING_MESSAGE_DIGEST 129 +#define PROV_R_MISSING_OID 209 +#define PROV_R_MISSING_PASS 130 +#define PROV_R_MISSING_SALT 131 +#define PROV_R_MISSING_SECRET 132 +#define PROV_R_MISSING_SEED 140 +#define PROV_R_MISSING_SESSION_ID 133 +#define PROV_R_MISSING_TYPE 134 +#define PROV_R_MISSING_XCGHASH 135 +#define PROV_R_MODULE_INTEGRITY_FAILURE 214 +#define PROV_R_NOT_A_PRIVATE_KEY 221 +#define PROV_R_NOT_A_PUBLIC_KEY 220 +#define PROV_R_NOT_INSTANTIATED 193 +#define PROV_R_NOT_PARAMETERS 226 +#define PROV_R_NOT_SUPPORTED 136 +#define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 +#define PROV_R_NO_KEY_SET 114 +#define PROV_R_NO_PARAMETERS_SET 177 +#define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 178 +#define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 +#define PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS 228 +#define PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED 187 +#define PROV_R_PARENT_LOCKING_NOT_ENABLED 182 +#define PROV_R_PARENT_STRENGTH_TOO_WEAK 194 +#define PROV_R_PATH_MUST_BE_ABSOLUTE 219 +#define PROV_R_PERSONALISATION_STRING_TOO_LONG 195 +#define PROV_R_PSS_SALTLEN_TOO_SMALL 172 +#define PROV_R_REQUEST_TOO_LARGE_FOR_DRBG 196 +#define PROV_R_REQUIRE_CTR_MODE_CIPHER 206 +#define PROV_R_RESEED_ERROR 197 +#define PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 222 +#define PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT 229 +#define PROV_R_SELF_TEST_KAT_FAILURE 215 +#define PROV_R_SELF_TEST_POST_FAILURE 216 +#define PROV_R_TAG_NOT_NEEDED 120 +#define PROV_R_TAG_NOT_SET 119 +#define PROV_R_TOO_MANY_RECORDS 126 +#define PROV_R_UNABLE_TO_FIND_CIPHERS 207 +#define PROV_R_UNABLE_TO_GET_PARENT_STRENGTH 199 +#define PROV_R_UNABLE_TO_GET_PASSPHRASE 159 +#define PROV_R_UNABLE_TO_INITIALISE_CIPHERS 208 +#define PROV_R_UNABLE_TO_LOAD_SHA256 147 +#define PROV_R_UNABLE_TO_LOCK_PARENT 201 +#define PROV_R_UNABLE_TO_RESEED 204 +#define PROV_R_UNSUPPORTED_CEK_ALG 145 +#define PROV_R_UNSUPPORTED_KEY_SIZE 153 +#define PROV_R_UNSUPPORTED_MAC_TYPE 137 +#define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152 +#define PROV_R_URI_AUTHORITY_UNSUPPORTED 223 +#define PROV_R_VALUE_ERROR 138 +#define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 +#define PROV_R_WRONG_OUTPUT_BUFFER_SIZE 139 +#define PROV_R_XOF_DIGESTS_NOT_ALLOWED 183 +#define PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE 148 +#define PROV_R_XTS_DUPLICATED_KEYS 149 #endif --- crypto/openssl/include/openssl/provider.h.orig +++ crypto/openssl/include/openssl/provider.h @@ -8,14 +8,14 @@ */ #ifndef OPENSSL_PROVIDER_H -# define OPENSSL_PROVIDER_H -# pragma once +#define OPENSSL_PROVIDER_H +#pragma once -# include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* Set the default provider search path */ int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path); @@ -23,38 +23,38 @@ /* Load and unload a provider */ OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name); OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name, - int retain_fallbacks); + int retain_fallbacks); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name); int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx, - int (*cb)(OSSL_PROVIDER *provider, void *cbdata), - void *cbdata); + int (*cb)(OSSL_PROVIDER *provider, void *cbdata), + void *cbdata); const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, - const char *capability, - OSSL_CALLBACK *cb, - void *arg); + const char *capability, + OSSL_CALLBACK *cb, + void *arg); const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, - int operation_id, - int *no_cache); + int operation_id, + int *no_cache); void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov, - int operation_id, const OSSL_ALGORITHM *algs); + int operation_id, const OSSL_ALGORITHM *algs); void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov); const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov); /* Add a built in providers */ int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *, const char *name, - OSSL_provider_init_fn *init_fn); + OSSL_provider_init_fn *init_fn); /* Information */ const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/rand.h.orig +++ crypto/openssl/include/openssl/rand.h @@ -8,21 +8,21 @@ */ #ifndef OPENSSL_RAND_H -# define OPENSSL_RAND_H -# pragma once +#define OPENSSL_RAND_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_RAND_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_RAND_H +#endif -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -34,30 +34,32 @@ * does not take RAND_DRBG_STRENGTH into account and sets the strength of the * DRBG to that of the cipher. */ -# define RAND_DRBG_STRENGTH 256 +#define RAND_DRBG_STRENGTH 256 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 struct rand_meth_st { - int (*seed) (const void *buf, int num); - int (*bytes) (unsigned char *buf, int num); - void (*cleanup) (void); - int (*add) (const void *buf, int num, double randomness); - int (*pseudorand) (unsigned char *buf, int num); - int (*status) (void); + int (*seed)(const void *buf, int num); + int (*bytes)(unsigned char *buf, int num); + void (*cleanup)(void); + int (*add)(const void *buf, int num, double randomness); + int (*pseudorand)(unsigned char *buf, int num); + int (*status)(void); }; OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth); OSSL_DEPRECATEDIN_3_0 const RAND_METHOD *RAND_get_rand_method(void); -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_engine(ENGINE *engine); -# endif +#endif OSSL_DEPRECATEDIN_3_0 RAND_METHOD *RAND_OpenSSL(void); -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define RAND_cleanup() while(0) continue -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define RAND_cleanup() \ + while (0) \ + continue +#endif int RAND_bytes(unsigned char *buf, int num); int RAND_priv_bytes(unsigned char *buf, int num); @@ -66,57 +68,57 @@ * a strength. */ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, - unsigned int strength); + unsigned int strength); /* * Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX and * a strength. */ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, - unsigned int strength); + unsigned int strength); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num); -# endif +#endif EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx); EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx); EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx); int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq, - const char *cipher, const char *digest); + const char *cipher, const char *digest); int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed, - const char *propq); + const char *propq); void RAND_seed(const void *buf, int num); void RAND_keep_random_devices_open(int keep); -# if defined(__ANDROID__) && defined(__NDK_FPABI__) -__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ -# endif -void RAND_add(const void *buf, int num, double randomness); +#if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +#endif + void RAND_add(const void *buf, int num, double randomness); int RAND_load_file(const char *file, long max_bytes); int RAND_write_file(const char *file); const char *RAND_file_name(char *file, size_t num); int RAND_status(void); -# ifndef OPENSSL_NO_EGD +#ifndef OPENSSL_NO_EGD int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path, int bytes); -# endif +#endif int RAND_poll(void); -# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) /* application has to include in order to use these */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 void RAND_screen(void); OSSL_DEPRECATEDIN_1_1_0 int RAND_event(UINT, WPARAM, LPARAM); -# endif -# endif +#endif +#endif -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/randerr.h.orig +++ crypto/openssl/include/openssl/randerr.h @@ -9,60 +9,58 @@ */ #ifndef OPENSSL_RANDERR_H -# define OPENSSL_RANDERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_RANDERR_H +#pragma once +#include +#include +#include /* * RAND reason codes. */ -# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 -# define RAND_R_ALREADY_INSTANTIATED 103 -# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 -# define RAND_R_CANNOT_OPEN_FILE 121 -# define RAND_R_DRBG_ALREADY_INITIALIZED 129 -# define RAND_R_DRBG_NOT_INITIALISED 104 -# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 -# define RAND_R_ENTROPY_OUT_OF_RANGE 124 -# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 -# define RAND_R_ERROR_INITIALISING_DRBG 107 -# define RAND_R_ERROR_INSTANTIATING_DRBG 108 -# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 -# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 -# define RAND_R_ERROR_RETRIEVING_NONCE 111 -# define RAND_R_FAILED_TO_CREATE_LOCK 126 -# define RAND_R_FUNC_NOT_IMPLEMENTED 101 -# define RAND_R_FWRITE_ERROR 123 -# define RAND_R_GENERATE_ERROR 112 -# define RAND_R_INSUFFICIENT_DRBG_STRENGTH 139 -# define RAND_R_INTERNAL_ERROR 113 -# define RAND_R_IN_ERROR_STATE 114 -# define RAND_R_NOT_A_REGULAR_FILE 122 -# define RAND_R_NOT_INSTANTIATED 115 -# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 -# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 -# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 -# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 -# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 -# define RAND_R_PRNG_NOT_SEEDED 100 -# define RAND_R_RANDOM_POOL_OVERFLOW 125 -# define RAND_R_RANDOM_POOL_UNDERFLOW 134 -# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 -# define RAND_R_RESEED_ERROR 118 -# define RAND_R_SELFTEST_FAILURE 119 -# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 -# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 -# define RAND_R_UNABLE_TO_CREATE_DRBG 143 -# define RAND_R_UNABLE_TO_FETCH_DRBG 144 -# define RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER 141 -# define RAND_R_UNABLE_TO_GET_PARENT_STRENGTH 138 -# define RAND_R_UNABLE_TO_LOCK_PARENT 140 -# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 -# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 +#define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +#define RAND_R_ALREADY_INSTANTIATED 103 +#define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +#define RAND_R_CANNOT_OPEN_FILE 121 +#define RAND_R_DRBG_ALREADY_INITIALIZED 129 +#define RAND_R_DRBG_NOT_INITIALISED 104 +#define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +#define RAND_R_ENTROPY_OUT_OF_RANGE 124 +#define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +#define RAND_R_ERROR_INITIALISING_DRBG 107 +#define RAND_R_ERROR_INSTANTIATING_DRBG 108 +#define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +#define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +#define RAND_R_ERROR_RETRIEVING_NONCE 111 +#define RAND_R_FAILED_TO_CREATE_LOCK 126 +#define RAND_R_FUNC_NOT_IMPLEMENTED 101 +#define RAND_R_FWRITE_ERROR 123 +#define RAND_R_GENERATE_ERROR 112 +#define RAND_R_INSUFFICIENT_DRBG_STRENGTH 139 +#define RAND_R_INTERNAL_ERROR 113 +#define RAND_R_IN_ERROR_STATE 114 +#define RAND_R_NOT_A_REGULAR_FILE 122 +#define RAND_R_NOT_INSTANTIATED 115 +#define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +#define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +#define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +#define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +#define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +#define RAND_R_PRNG_NOT_SEEDED 100 +#define RAND_R_RANDOM_POOL_OVERFLOW 125 +#define RAND_R_RANDOM_POOL_UNDERFLOW 134 +#define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +#define RAND_R_RESEED_ERROR 118 +#define RAND_R_SELFTEST_FAILURE 119 +#define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +#define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +#define RAND_R_UNABLE_TO_CREATE_DRBG 143 +#define RAND_R_UNABLE_TO_FETCH_DRBG 144 +#define RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER 141 +#define RAND_R_UNABLE_TO_GET_PARENT_STRENGTH 138 +#define RAND_R_UNABLE_TO_LOCK_PARENT 140 +#define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +#define RAND_R_UNSUPPORTED_DRBG_TYPE 120 #endif --- crypto/openssl/include/openssl/rc2.h.orig +++ crypto/openssl/include/openssl/rc2.h @@ -8,61 +8,61 @@ */ #ifndef OPENSSL_RC2_H -# define OPENSSL_RC2_H -# pragma once +#define OPENSSL_RC2_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_RC2_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_RC2_H +#endif -# include +#include -# ifndef OPENSSL_NO_RC2 -# ifdef __cplusplus +#ifndef OPENSSL_NO_RC2 +#ifdef __cplusplus extern "C" { -# endif +#endif -# define RC2_BLOCK 8 -# define RC2_KEY_LENGTH 16 +#define RC2_BLOCK 8 +#define RC2_KEY_LENGTH 16 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef unsigned int RC2_INT; -# define RC2_ENCRYPT 1 -# define RC2_DECRYPT 0 +#define RC2_ENCRYPT 1 +#define RC2_DECRYPT 0 typedef struct rc2_key_st { RC2_INT data[64]; } RC2_KEY; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void RC2_set_key(RC2_KEY *key, int len, - const unsigned char *data, int bits); + const unsigned char *data, int bits); OSSL_DEPRECATEDIN_3_0 void RC2_ecb_encrypt(const unsigned char *in, - unsigned char *out, RC2_KEY *key, - int enc); + unsigned char *out, RC2_KEY *key, + int enc); OSSL_DEPRECATEDIN_3_0 void RC2_encrypt(unsigned long *data, RC2_KEY *key); OSSL_DEPRECATEDIN_3_0 void RC2_decrypt(unsigned long *data, RC2_KEY *key); OSSL_DEPRECATEDIN_3_0 void RC2_cbc_encrypt(const unsigned char *in, - unsigned char *out, long length, - RC2_KEY *ks, unsigned char *iv, - int enc); + unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, + int enc); OSSL_DEPRECATEDIN_3_0 void RC2_cfb64_encrypt(const unsigned char *in, - unsigned char *out, long length, - RC2_KEY *schedule, - unsigned char *ivec, - int *num, int enc); + unsigned char *out, long length, + RC2_KEY *schedule, + unsigned char *ivec, + int *num, int enc); OSSL_DEPRECATEDIN_3_0 void RC2_ofb64_encrypt(const unsigned char *in, - unsigned char *out, long length, - RC2_KEY *schedule, - unsigned char *ivec, - int *num); -# endif + unsigned char *out, long length, + RC2_KEY *schedule, + unsigned char *ivec, + int *num); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/rc4.h.orig +++ crypto/openssl/include/openssl/rc4.h @@ -8,40 +8,40 @@ */ #ifndef OPENSSL_RC4_H -# define OPENSSL_RC4_H -# pragma once +#define OPENSSL_RC4_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_RC4_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_RC4_H +#endif -# include +#include -# ifndef OPENSSL_NO_RC4 -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_RC4 +#include +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct rc4_key_st { RC4_INT x, y; RC4_INT data[256]; } RC4_KEY; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const char *RC4_options(void); OSSL_DEPRECATEDIN_3_0 void RC4_set_key(RC4_KEY *key, int len, - const unsigned char *data); + const unsigned char *data); OSSL_DEPRECATEDIN_3_0 void RC4(RC4_KEY *key, size_t len, - const unsigned char *indata, - unsigned char *outdata); -# endif + const unsigned char *indata, + unsigned char *outdata); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/rc5.h.orig +++ crypto/openssl/include/openssl/rc5.h @@ -8,72 +8,72 @@ */ #ifndef OPENSSL_RC5_H -# define OPENSSL_RC5_H -# pragma once +#define OPENSSL_RC5_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_RC5_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_RC5_H +#endif -# include +#include -# ifndef OPENSSL_NO_RC5 -# ifdef __cplusplus +#ifndef OPENSSL_NO_RC5 +#ifdef __cplusplus extern "C" { -# endif +#endif -# define RC5_32_BLOCK 8 -# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ +#define RC5_32_BLOCK 8 +#define RC5_32_KEY_LENGTH 16 /* This is a default, max is 255 */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define RC5_ENCRYPT 1 -# define RC5_DECRYPT 0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define RC5_ENCRYPT 1 +#define RC5_DECRYPT 0 -# define RC5_32_INT unsigned int +#define RC5_32_INT unsigned int /* * This are the only values supported. Tweak the code if you want more The * most supported modes will be RC5-32/12/16 RC5-32/16/8 */ -# define RC5_8_ROUNDS 8 -# define RC5_12_ROUNDS 12 -# define RC5_16_ROUNDS 16 +#define RC5_8_ROUNDS 8 +#define RC5_12_ROUNDS 12 +#define RC5_16_ROUNDS 16 typedef struct rc5_key_st { /* Number of rounds */ int rounds; RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; } RC5_32_KEY; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int RC5_32_set_key(RC5_32_KEY *key, int len, - const unsigned char *data, - int rounds); + const unsigned char *data, + int rounds); OSSL_DEPRECATEDIN_3_0 void RC5_32_ecb_encrypt(const unsigned char *in, - unsigned char *out, - RC5_32_KEY *key, - int enc); + unsigned char *out, + RC5_32_KEY *key, + int enc); OSSL_DEPRECATEDIN_3_0 void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); OSSL_DEPRECATEDIN_3_0 void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); OSSL_DEPRECATEDIN_3_0 void RC5_32_cbc_encrypt(const unsigned char *in, - unsigned char *out, long length, - RC5_32_KEY *ks, unsigned char *iv, - int enc); + unsigned char *out, long length, + RC5_32_KEY *ks, unsigned char *iv, + int enc); OSSL_DEPRECATEDIN_3_0 void RC5_32_cfb64_encrypt(const unsigned char *in, - unsigned char *out, long length, - RC5_32_KEY *schedule, - unsigned char *ivec, int *num, - int enc); + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num, + int enc); OSSL_DEPRECATEDIN_3_0 void RC5_32_ofb64_encrypt(const unsigned char *in, - unsigned char *out, long length, - RC5_32_KEY *schedule, - unsigned char *ivec, int *num); -# endif + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/ripemd.h.orig +++ crypto/openssl/include/openssl/ripemd.h @@ -8,31 +8,31 @@ */ #ifndef OPENSSL_RIPEMD_H -# define OPENSSL_RIPEMD_H -# pragma once +#define OPENSSL_RIPEMD_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_RIPEMD_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_RIPEMD_H +#endif -# include +#include -# ifndef OPENSSL_NO_RMD160 -# include -# include +#ifndef OPENSSL_NO_RMD160 +#include +#include -# define RIPEMD160_DIGEST_LENGTH 20 +#define RIPEMD160_DIGEST_LENGTH 20 -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif -# if !defined(OPENSSL_NO_DEPRECATED_3_0) +#endif +#if !defined(OPENSSL_NO_DEPRECATED_3_0) -# define RIPEMD160_LONG unsigned int +#define RIPEMD160_LONG unsigned int -# define RIPEMD160_CBLOCK 64 -# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +#define RIPEMD160_CBLOCK 64 +#define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK / 4) typedef struct RIPEMD160state_st { RIPEMD160_LONG A, B, C, D, E; @@ -40,20 +40,20 @@ RIPEMD160_LONG data[RIPEMD160_LBLOCK]; unsigned int num; } RIPEMD160_CTX; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int RIPEMD160_Init(RIPEMD160_CTX *c); OSSL_DEPRECATEDIN_3_0 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, - size_t len); + size_t len); OSSL_DEPRECATEDIN_3_0 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); OSSL_DEPRECATEDIN_3_0 unsigned char *RIPEMD160(const unsigned char *d, size_t n, - unsigned char *md); + unsigned char *md); OSSL_DEPRECATEDIN_3_0 void RIPEMD160_Transform(RIPEMD160_CTX *c, - const unsigned char *b); -# endif + const unsigned char *b); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/rsa.h.orig +++ crypto/openssl/include/openssl/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,68 +8,68 @@ */ #ifndef OPENSSL_RSA_H -# define OPENSSL_RSA_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_RSA_H -# endif - -# include - -# include -# include -# include -# include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# endif -# include -# include - -# ifdef __cplusplus +#define OPENSSL_RSA_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_RSA_H +#endif + +#include + +#include +#include +#include +#include +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#endif +#include +#include + +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_RSA_MAX_MODULUS_BITS -# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 -# endif +#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +#define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +#endif -# define RSA_3 0x3L -# define RSA_F4 0x10001L +#define RSA_3 0x3L +#define RSA_F4 0x10001L -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* The types RSA and RSA_METHOD are defined in ossl_typ.h */ -# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048 +#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048 -# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS -# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 -# endif +#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +#define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +#endif /* exponent limit enforced for "large" modulus only */ -# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS -# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 -# endif +#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +#define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +#endif /* based on RFC 8017 appendix A.1.2 */ -# define RSA_ASN1_VERSION_DEFAULT 0 -# define RSA_ASN1_VERSION_MULTI 1 +#define RSA_ASN1_VERSION_DEFAULT 0 +#define RSA_ASN1_VERSION_MULTI 1 -# define RSA_DEFAULT_PRIME_NUM 2 +#define RSA_DEFAULT_PRIME_NUM 2 -# define RSA_METHOD_FLAG_NO_CHECK 0x0001 -# define RSA_FLAG_CACHE_PUBLIC 0x0002 -# define RSA_FLAG_CACHE_PRIVATE 0x0004 -# define RSA_FLAG_BLINDING 0x0008 -# define RSA_FLAG_THREAD_SAFE 0x0010 +#define RSA_METHOD_FLAG_NO_CHECK 0x0001 +#define RSA_FLAG_CACHE_PUBLIC 0x0002 +#define RSA_FLAG_CACHE_PRIVATE 0x0004 +#define RSA_FLAG_BLINDING 0x0008 +#define RSA_FLAG_THREAD_SAFE 0x0010 /* * This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: * for example a key stored in external hardware. Without this flag * bn_mod_exp gets called when private key components are absent. */ -# define RSA_FLAG_EXT_PKEY 0x0020 +#define RSA_FLAG_EXT_PKEY 0x0020 /* * new with 0.9.6j and 0.9.7b; the built-in @@ -77,14 +77,14 @@ * default (ignoring RSA_FLAG_BLINDING), * but other engines might not need it */ -# define RSA_FLAG_NO_BLINDING 0x0080 -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#define RSA_FLAG_NO_BLINDING 0x0080 +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /* * Does nothing. Previously this switched off constant time behaviour. */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define RSA_FLAG_NO_CONSTTIME 0x0000 -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define RSA_FLAG_NO_CONSTTIME 0x0000 +#endif /* deprecated name for the flag*/ /* * new with 0.9.7h; the built-in RSA @@ -94,9 +94,9 @@ * faster variable sliding window method to * be used for all exponents. */ -# ifndef OPENSSL_NO_DEPRECATED_0_9_8 -# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME -# endif +#ifndef OPENSSL_NO_DEPRECATED_0_9_8 +#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +#endif /*- * New with 3.0: use part of the flags to denote exact type of RSA key, @@ -111,10 +111,10 @@ * * 4 bits allow for 16 types */ -# define RSA_FLAG_TYPE_MASK 0xF000 -# define RSA_FLAG_TYPE_RSA 0x0000 -# define RSA_FLAG_TYPE_RSASSAPSS 0x1000 -# define RSA_FLAG_TYPE_RSAESOAEP 0x2000 +#define RSA_FLAG_TYPE_MASK 0xF000 +#define RSA_FLAG_TYPE_RSA 0x0000 +#define RSA_FLAG_TYPE_RSASSAPSS 0x1000 +#define RSA_FLAG_TYPE_RSAESOAEP 0x2000 int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode); int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode); @@ -126,78 +126,78 @@ int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); -# endif +#endif /* Salt length matches digest */ -# define RSA_PSS_SALTLEN_DIGEST -1 +#define RSA_PSS_SALTLEN_DIGEST -1 /* Verify only: auto detect salt length */ -# define RSA_PSS_SALTLEN_AUTO -2 +#define RSA_PSS_SALTLEN_AUTO -2 /* Set salt length to maximum possible */ -# define RSA_PSS_SALTLEN_MAX -3 +#define RSA_PSS_SALTLEN_MAX -3 /* Old compatible max salt length for sign only */ -# define RSA_PSS_SALTLEN_MAX_SIGN -2 +#define RSA_PSS_SALTLEN_MAX_SIGN -2 int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, - const char *mdprops); + const char *mdprops); int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, - size_t namelen); + size_t namelen); int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx, - const char *mdname); + const char *mdname); int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx, - const char *mdname, - const char *mdprops); + const char *mdname, + const char *mdprops); int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, - const char *mdprops); + const char *mdprops); int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, - size_t namelen); + size_t namelen); int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen); int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); -# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) -# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) -# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) -# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) -# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) +#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) -# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) -# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) -# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) +#define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) -# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) -# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) +#define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +#define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) -# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) -# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) +#define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +#define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) -# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) +#define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) -# define RSA_PKCS1_PADDING 1 -# define RSA_NO_PADDING 3 -# define RSA_PKCS1_OAEP_PADDING 4 -# define RSA_X931_PADDING 5 +#define RSA_PKCS1_PADDING 1 +#define RSA_NO_PADDING 3 +#define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_X931_PADDING 5 /* EVP_PKEY_ only */ -# define RSA_PKCS1_PSS_PADDING 6 -# define RSA_PKCS1_WITH_TLS_PADDING 7 +#define RSA_PKCS1_PSS_PADDING 6 +#define RSA_PKCS1_WITH_TLS_PADDING 7 -# define RSA_PKCS1_PADDING_SIZE 11 +#define RSA_PKCS1_PADDING_SIZE 11 -# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) -# define RSA_get_app_data(s) RSA_get_ex_data(s,0) +#define RSA_set_app_data(s, arg) RSA_set_ex_data(s, 0, arg) +#define RSA_get_app_data(s) RSA_get_ex_data(s, 0) -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void); OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine); OSSL_DEPRECATEDIN_3_0 int RSA_bits(const RSA *rsa); @@ -207,28 +207,28 @@ OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); OSSL_DEPRECATEDIN_3_0 int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); OSSL_DEPRECATEDIN_3_0 int RSA_set0_crt_params(RSA *r, - BIGNUM *dmp1, BIGNUM *dmq1, - BIGNUM *iqmp); + BIGNUM *dmp1, BIGNUM *dmq1, + BIGNUM *iqmp); OSSL_DEPRECATEDIN_3_0 int RSA_set0_multi_prime_params(RSA *r, - BIGNUM *primes[], - BIGNUM *exps[], - BIGNUM *coeffs[], - int pnum); + BIGNUM *primes[], + BIGNUM *exps[], + BIGNUM *coeffs[], + int pnum); OSSL_DEPRECATEDIN_3_0 void RSA_get0_key(const RSA *r, - const BIGNUM **n, const BIGNUM **e, - const BIGNUM **d); + const BIGNUM **n, const BIGNUM **e, + const BIGNUM **d); OSSL_DEPRECATEDIN_3_0 void RSA_get0_factors(const RSA *r, - const BIGNUM **p, const BIGNUM **q); + const BIGNUM **p, const BIGNUM **q); OSSL_DEPRECATEDIN_3_0 int RSA_get_multi_prime_extra_count(const RSA *r); OSSL_DEPRECATEDIN_3_0 int RSA_get0_multi_prime_factors(const RSA *r, - const BIGNUM *primes[]); + const BIGNUM *primes[]); OSSL_DEPRECATEDIN_3_0 void RSA_get0_crt_params(const RSA *r, - const BIGNUM **dmp1, - const BIGNUM **dmq1, - const BIGNUM **iqmp); + const BIGNUM **dmp1, + const BIGNUM **dmq1, + const BIGNUM **iqmp); OSSL_DEPRECATEDIN_3_0 int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], - const BIGNUM *coeffs[]); + const BIGNUM *coeffs[]); OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_n(const RSA *d); OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_e(const RSA *d); OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_d(const RSA *d); @@ -243,53 +243,52 @@ OSSL_DEPRECATEDIN_3_0 void RSA_set_flags(RSA *r, int flags); OSSL_DEPRECATEDIN_3_0 int RSA_get_version(RSA *r); OSSL_DEPRECATEDIN_3_0 ENGINE *RSA_get0_engine(const RSA *r); -# endif /* !OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ -# define EVP_RSA_gen(bits) \ +#define EVP_RSA_gen(bits) \ EVP_PKEY_Q_keygen(NULL, NULL, "RSA", (size_t)(0 + (bits))) /* Deprecated version */ -# ifndef OPENSSL_NO_DEPRECATED_0_9_8 -OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void - (*callback) (int, int, void *), - void *cb_arg); -# endif +#ifndef OPENSSL_NO_DEPRECATED_0_9_8 +OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void (*callback)(int, int, void *), + void *cb_arg); +#endif /* New version */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, - BN_GENCB *cb); + BN_GENCB *cb); /* Multi-prime version */ OSSL_DEPRECATEDIN_3_0 int RSA_generate_multi_prime_key(RSA *rsa, int bits, - int primes, BIGNUM *e, - BN_GENCB *cb); + int primes, BIGNUM *e, + BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, - BIGNUM *q1, BIGNUM *q2, - const BIGNUM *Xp1, const BIGNUM *Xp2, - const BIGNUM *Xp, const BIGNUM *Xq1, - const BIGNUM *Xq2, const BIGNUM *Xq, - const BIGNUM *e, BN_GENCB *cb); + BIGNUM *q1, BIGNUM *q2, + const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, + const BIGNUM *Xq2, const BIGNUM *Xq, + const BIGNUM *e, BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int RSA_X931_generate_key_ex(RSA *rsa, int bits, - const BIGNUM *e, - BN_GENCB *cb); + const BIGNUM *e, + BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *); OSSL_DEPRECATEDIN_3_0 int RSA_check_key_ex(const RSA *, BN_GENCB *cb); - /* next 4 return -1 on error */ +/* next 4 return -1 on error */ OSSL_DEPRECATEDIN_3_0 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding); + RSA *rsa, int padding); OSSL_DEPRECATEDIN_3_0 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding); + RSA *rsa, int padding); OSSL_DEPRECATEDIN_3_0 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding); + RSA *rsa, int padding); OSSL_DEPRECATEDIN_3_0 int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding); + RSA *rsa, int padding); OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r); /* "up" the RSA object's reference count */ OSSL_DEPRECATEDIN_3_0 int RSA_up_ref(RSA *r); @@ -305,10 +304,10 @@ OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_PKCS1_OpenSSL(void); DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0, - RSA, RSAPublicKey) + RSA, RSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0, - RSA, RSAPrivateKey) -# endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + RSA, RSAPrivateKey) +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); @@ -324,20 +323,20 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) DECLARE_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS) -typedef struct rsa_oaep_params_st { +struct rsa_oaep_params_st { X509_ALGOR *hashFunc; X509_ALGOR *maskGenFunc; X509_ALGOR *pSourceFunc; /* Decoded hash algorithm from maskGenFunc */ X509_ALGOR *maskHash; -} RSA_OAEP_PARAMS; +}; DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_STDIO OSSL_DEPRECATEDIN_3_0 int RSA_print_fp(FILE *fp, const RSA *r, int offset); -# endif +#endif OSSL_DEPRECATEDIN_3_0 int RSA_print(BIO *bp, const RSA *r, int offset); @@ -346,12 +345,12 @@ * PKCS#1 padded RSA encryption */ OSSL_DEPRECATEDIN_3_0 int RSA_sign(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigret, - unsigned int *siglen, RSA *rsa); + unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, RSA *rsa); OSSL_DEPRECATEDIN_3_0 int RSA_verify(int type, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, RSA *rsa); + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); /* * The following 2 function sign and verify a ASN1_OCTET_STRING object inside @@ -359,14 +358,14 @@ */ OSSL_DEPRECATEDIN_3_0 int RSA_sign_ASN1_OCTET_STRING(int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - RSA *rsa); + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); OSSL_DEPRECATEDIN_3_0 int RSA_verify_ASN1_OCTET_STRING(int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, - RSA *rsa); + const unsigned char *m, unsigned int m_length, + unsigned char *sigbuf, unsigned int siglen, + RSA *rsa); OSSL_DEPRECATEDIN_3_0 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); OSSL_DEPRECATEDIN_3_0 void RSA_blinding_off(RSA *rsa); @@ -374,73 +373,73 @@ OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *f, int fl); + const unsigned char *f, int fl); OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len); + const unsigned char *f, int fl, + int rsa_len); OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *f, int fl); + const unsigned char *f, int fl); OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len); + const unsigned char *f, int fl, + int rsa_len); OSSL_DEPRECATEDIN_3_0 int PKCS1_MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen, - const EVP_MD *dgst); + const unsigned char *seed, long seedlen, + const EVP_MD *dgst); OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *f, int fl, - const unsigned char *p, int pl); + const unsigned char *f, int fl, + const unsigned char *p, int pl); OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *f, int fl, int rsa_len, - const unsigned char *p, int pl); + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen, - const EVP_MD *md, const EVP_MD *mgf1md); + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - int num, - const unsigned char *param, int plen, - const EVP_MD *md, const EVP_MD *mgf1md); + const unsigned char *from, int flen, + int num, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_none(unsigned char *to, int tlen, - const unsigned char *f, int fl); + const unsigned char *f, int fl); OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_none(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len); + const unsigned char *f, int fl, + int rsa_len); OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_X931(unsigned char *to, int tlen, - const unsigned char *f, int fl); + const unsigned char *f, int fl); OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_X931(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len); + const unsigned char *f, int fl, + int rsa_len); OSSL_DEPRECATEDIN_3_0 int RSA_X931_hash_id(int nid); OSSL_DEPRECATEDIN_3_0 int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, const unsigned char *EM, - int sLen); + const EVP_MD *Hash, const unsigned char *EM, + int sLen); OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, const EVP_MD *Hash, - int sLen); + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); OSSL_DEPRECATEDIN_3_0 int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - const unsigned char *EM, int sLen); + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - int sLen); + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); -# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ +#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) OSSL_DEPRECATEDIN_3_0 int RSA_set_ex_data(RSA *r, int idx, void *arg); OSSL_DEPRECATEDIN_3_0 void *RSA_get_ex_data(const RSA *r, int idx); @@ -455,7 +454,7 @@ * result is compliant. */ -# define RSA_FLAG_FIPS_METHOD 0x0400 +#define RSA_FLAG_FIPS_METHOD 0x0400 /* * If this flag is set the operations normally disabled in FIPS mode are @@ -463,142 +462,142 @@ * usage is compliant. */ -# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 /* * Application has decided PRNG is good enough to generate a key: don't * check. */ -# define RSA_FLAG_CHECKED 0x0800 +#define RSA_FLAG_CHECKED 0x0800 OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_new(const char *name, int flags); OSSL_DEPRECATEDIN_3_0 void RSA_meth_free(RSA_METHOD *meth); OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); OSSL_DEPRECATEDIN_3_0 const char *RSA_meth_get0_name(const RSA_METHOD *meth); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set1_name(RSA_METHOD *meth, - const char *name); + const char *name); OSSL_DEPRECATEDIN_3_0 int RSA_meth_get_flags(const RSA_METHOD *meth); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_flags(RSA_METHOD *meth, int flags); OSSL_DEPRECATEDIN_3_0 void *RSA_meth_get0_app_data(const RSA_METHOD *meth); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set0_app_data(RSA_METHOD *meth, - void *app_data); + void *app_data); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) (int flen, - const unsigned char *from, - unsigned char *to, - RSA *rsa, int padding); +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_pub_enc(RSA_METHOD *rsa, - int (*pub_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)); + int (*pub_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) (int flen, - const unsigned char *from, - unsigned char *to, - RSA *rsa, int padding); +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_pub_dec(RSA_METHOD *rsa, - int (*pub_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)); + int (*pub_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) (int flen, - const unsigned char *from, - unsigned char *to, - RSA *rsa, int padding); +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_priv_enc(RSA_METHOD *rsa, - int (*priv_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)); + int (*priv_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) (int flen, - const unsigned char *from, - unsigned char *to, - RSA *rsa, int padding); +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_priv_dec(RSA_METHOD *rsa, - int (*priv_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)); + int (*priv_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r0, - const BIGNUM *i, - RSA *rsa, BN_CTX *ctx); +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, + const BIGNUM *i, + RSA *rsa, BN_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_mod_exp(RSA_METHOD *rsa, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, - BN_CTX *ctx)); + int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx); +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, - int (*bn_mod_exp) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx)); + int (*bn_mod_exp)(BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +int (*RSA_meth_get_init(const RSA_METHOD *meth))(RSA *rsa); OSSL_DEPRECATEDIN_3_0 -int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +int RSA_meth_set_init(RSA_METHOD *rsa, int (*init)(RSA *rsa)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); OSSL_DEPRECATEDIN_3_0 -int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_sign(const RSA_METHOD *meth)) (int type, - const unsigned char *m, - unsigned int m_length, - unsigned char *sigret, - unsigned int *siglen, - const RSA *rsa); +int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, + unsigned int *siglen, + const RSA *rsa); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_sign(RSA_METHOD *rsa, - int (*sign) (int type, const unsigned char *m, - unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa)); -OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_verify(const RSA_METHOD *meth)) (int dtype, - const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, - const RSA *rsa); + int (*sign)(int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, + const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, + const RSA *rsa); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_verify(RSA_METHOD *rsa, - int (*verify) (int dtype, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa)); + int (*verify)(int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) (RSA *rsa, int bits, - BIGNUM *e, BN_GENCB *cb); +int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, + BIGNUM *e, BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_keygen(RSA_METHOD *rsa, - int (*keygen) (RSA *rsa, int bits, BIGNUM *e, - BN_GENCB *cb)); + int (*keygen)(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)); OSSL_DEPRECATEDIN_3_0 -int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) (RSA *rsa, - int bits, - int primes, - BIGNUM *e, - BN_GENCB *cb); +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, + int bits, + int primes, + BIGNUM *e, + BN_GENCB *cb); OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, - int (*keygen) (RSA *rsa, int bits, - int primes, BIGNUM *e, - BN_GENCB *cb)); -#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + int (*keygen)(RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/rsaerr.h.orig +++ crypto/openssl/include/openssl/rsaerr.h @@ -9,99 +9,97 @@ */ #ifndef OPENSSL_RSAERR_H -# define OPENSSL_RSAERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_RSAERR_H +#pragma once +#include +#include +#include /* * RSA reason codes. */ -# define RSA_R_ALGORITHM_MISMATCH 100 -# define RSA_R_BAD_E_VALUE 101 -# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 -# define RSA_R_BAD_PAD_BYTE_COUNT 103 -# define RSA_R_BAD_SIGNATURE 104 -# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 -# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 -# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 -# define RSA_R_DATA_TOO_LARGE 109 -# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 -# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 -# define RSA_R_DATA_TOO_SMALL 111 -# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 -# define RSA_R_DIGEST_DOES_NOT_MATCH 158 -# define RSA_R_DIGEST_NOT_ALLOWED 145 -# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 -# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 -# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 -# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 -# define RSA_R_FIRST_OCTET_INVALID 133 -# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 -# define RSA_R_INVALID_DIGEST 157 -# define RSA_R_INVALID_DIGEST_LENGTH 143 -# define RSA_R_INVALID_HEADER 137 -# define RSA_R_INVALID_KEYPAIR 171 -# define RSA_R_INVALID_KEY_LENGTH 173 -# define RSA_R_INVALID_LABEL 160 -# define RSA_R_INVALID_LENGTH 181 -# define RSA_R_INVALID_MESSAGE_LENGTH 131 -# define RSA_R_INVALID_MGF1_MD 156 -# define RSA_R_INVALID_MODULUS 174 -# define RSA_R_INVALID_MULTI_PRIME_KEY 167 -# define RSA_R_INVALID_OAEP_PARAMETERS 161 -# define RSA_R_INVALID_PADDING 138 -# define RSA_R_INVALID_PADDING_MODE 141 -# define RSA_R_INVALID_PSS_PARAMETERS 149 -# define RSA_R_INVALID_PSS_SALTLEN 146 -# define RSA_R_INVALID_REQUEST 175 -# define RSA_R_INVALID_SALT_LENGTH 150 -# define RSA_R_INVALID_STRENGTH 176 -# define RSA_R_INVALID_TRAILER 139 -# define RSA_R_INVALID_X931_DIGEST 142 -# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 -# define RSA_R_KEY_PRIME_NUM_INVALID 165 -# define RSA_R_KEY_SIZE_TOO_SMALL 120 -# define RSA_R_LAST_OCTET_INVALID 134 -# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 -# define RSA_R_MISSING_PRIVATE_KEY 179 -# define RSA_R_MODULUS_TOO_LARGE 105 -# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 -# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 -# define RSA_R_MP_R_NOT_PRIME 170 -# define RSA_R_NO_PUBLIC_EXPONENT 140 -# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 -# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 -# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 -# define RSA_R_OAEP_DECODING_ERROR 121 -# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 -# define RSA_R_PADDING_CHECK_FAILED 114 -# define RSA_R_PAIRWISE_TEST_FAILURE 177 -# define RSA_R_PKCS_DECODING_ERROR 159 -# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 -# define RSA_R_PUB_EXPONENT_OUT_OF_RANGE 178 -# define RSA_R_P_NOT_PRIME 128 -# define RSA_R_Q_NOT_PRIME 129 -# define RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT 180 -# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 -# define RSA_R_SLEN_CHECK_FAILED 136 -# define RSA_R_SLEN_RECOVERY_FAILED 135 -# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 -# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 -# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 -# define RSA_R_UNKNOWN_DIGEST 166 -# define RSA_R_UNKNOWN_MASK_DIGEST 151 -# define RSA_R_UNKNOWN_PADDING_TYPE 118 -# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 -# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 -# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 -# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 -# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 -# define RSA_R_VALUE_MISSING 147 -# define RSA_R_WRONG_SIGNATURE_LENGTH 119 +#define RSA_R_ALGORITHM_MISMATCH 100 +#define RSA_R_BAD_E_VALUE 101 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +#define RSA_R_BAD_PAD_BYTE_COUNT 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +#define RSA_R_DATA_TOO_LARGE 109 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +#define RSA_R_DATA_TOO_SMALL 111 +#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +#define RSA_R_DIGEST_DOES_NOT_MATCH 158 +#define RSA_R_DIGEST_NOT_ALLOWED 145 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +#define RSA_R_FIRST_OCTET_INVALID 133 +#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +#define RSA_R_INVALID_DIGEST 157 +#define RSA_R_INVALID_DIGEST_LENGTH 143 +#define RSA_R_INVALID_HEADER 137 +#define RSA_R_INVALID_KEYPAIR 171 +#define RSA_R_INVALID_KEY_LENGTH 173 +#define RSA_R_INVALID_LABEL 160 +#define RSA_R_INVALID_LENGTH 181 +#define RSA_R_INVALID_MESSAGE_LENGTH 131 +#define RSA_R_INVALID_MGF1_MD 156 +#define RSA_R_INVALID_MODULUS 174 +#define RSA_R_INVALID_MULTI_PRIME_KEY 167 +#define RSA_R_INVALID_OAEP_PARAMETERS 161 +#define RSA_R_INVALID_PADDING 138 +#define RSA_R_INVALID_PADDING_MODE 141 +#define RSA_R_INVALID_PSS_PARAMETERS 149 +#define RSA_R_INVALID_PSS_SALTLEN 146 +#define RSA_R_INVALID_REQUEST 175 +#define RSA_R_INVALID_SALT_LENGTH 150 +#define RSA_R_INVALID_STRENGTH 176 +#define RSA_R_INVALID_TRAILER 139 +#define RSA_R_INVALID_X931_DIGEST 142 +#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +#define RSA_R_KEY_PRIME_NUM_INVALID 165 +#define RSA_R_KEY_SIZE_TOO_SMALL 120 +#define RSA_R_LAST_OCTET_INVALID 134 +#define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +#define RSA_R_MISSING_PRIVATE_KEY 179 +#define RSA_R_MODULUS_TOO_LARGE 105 +#define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +#define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +#define RSA_R_MP_R_NOT_PRIME 170 +#define RSA_R_NO_PUBLIC_EXPONENT 140 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +#define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +#define RSA_R_OAEP_DECODING_ERROR 121 +#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +#define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_PAIRWISE_TEST_FAILURE 177 +#define RSA_R_PKCS_DECODING_ERROR 159 +#define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +#define RSA_R_PUB_EXPONENT_OUT_OF_RANGE 178 +#define RSA_R_P_NOT_PRIME 128 +#define RSA_R_Q_NOT_PRIME 129 +#define RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT 180 +#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +#define RSA_R_SLEN_CHECK_FAILED 136 +#define RSA_R_SLEN_RECOVERY_FAILED 135 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +#define RSA_R_UNKNOWN_DIGEST 166 +#define RSA_R_UNKNOWN_MASK_DIGEST 151 +#define RSA_R_UNKNOWN_PADDING_TYPE 118 +#define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +#define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +#define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +#define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +#define RSA_R_VALUE_MISSING 147 +#define RSA_R_WRONG_SIGNATURE_LENGTH 119 #endif --- crypto/openssl/include/openssl/safestack.h.orig +++ crypto/openssl/include/openssl/safestack.h @@ -10,173 +10,175 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_SAFESTACK_H -# define OPENSSL_SAFESTACK_H -# pragma once +#define OPENSSL_SAFESTACK_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SAFESTACK_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SAFESTACK_H +#endif -# include -# include +#include +#include #ifdef __cplusplus extern "C" { #endif -# define STACK_OF(type) struct stack_st_##type +#define STACK_OF(type) struct stack_st_##type /* Helper macro for internal use */ -# define SKM_DEFINE_STACK_OF_INTERNAL(t1, t2, t3) \ - STACK_OF(t1); \ - typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ - typedef void (*sk_##t1##_freefunc)(t3 *a); \ - typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ - static ossl_unused ossl_inline t2 *ossl_check_##t1##_type(t2 *ptr) \ - { \ - return ptr; \ - } \ +#define SKM_DEFINE_STACK_OF_INTERNAL(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 *const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 * a); \ + typedef t3 *(*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline t2 *ossl_check_##t1##_type(t2 *ptr) \ + { \ + return ptr; \ + } \ static ossl_unused ossl_inline const OPENSSL_STACK *ossl_check_const_##t1##_sk_type(const STACK_OF(t1) *sk) \ - { \ - return (const OPENSSL_STACK *)sk; \ - } \ - static ossl_unused ossl_inline OPENSSL_STACK *ossl_check_##t1##_sk_type(STACK_OF(t1) *sk) \ - { \ - return (OPENSSL_STACK *)sk; \ - } \ - static ossl_unused ossl_inline OPENSSL_sk_compfunc ossl_check_##t1##_compfunc_type(sk_##t1##_compfunc cmp) \ - { \ - return (OPENSSL_sk_compfunc)cmp; \ - } \ - static ossl_unused ossl_inline OPENSSL_sk_copyfunc ossl_check_##t1##_copyfunc_type(sk_##t1##_copyfunc cpy) \ - { \ - return (OPENSSL_sk_copyfunc)cpy; \ - } \ - static ossl_unused ossl_inline OPENSSL_sk_freefunc ossl_check_##t1##_freefunc_type(sk_##t1##_freefunc fr) \ - { \ - return (OPENSSL_sk_freefunc)fr; \ + { \ + return (const OPENSSL_STACK *)sk; \ + } \ + static ossl_unused ossl_inline OPENSSL_STACK *ossl_check_##t1##_sk_type(STACK_OF(t1) *sk) \ + { \ + return (OPENSSL_STACK *)sk; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_compfunc ossl_check_##t1##_compfunc_type(sk_##t1##_compfunc cmp) \ + { \ + return (OPENSSL_sk_compfunc)cmp; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_copyfunc ossl_check_##t1##_copyfunc_type(sk_##t1##_copyfunc cpy) \ + { \ + return (OPENSSL_sk_copyfunc)cpy; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_freefunc ossl_check_##t1##_freefunc_type(sk_##t1##_freefunc fr) \ + { \ + return (OPENSSL_sk_freefunc)fr; \ } -# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ - STACK_OF(t1); \ - typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ - typedef void (*sk_##t1##_freefunc)(t3 *a); \ - typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ - static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ - { \ - return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ - { \ - return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ - { \ - return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ - } \ - static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ - { \ - OPENSSL_sk_free((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ - { \ - OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ - { \ - return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ - (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ - { \ - return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ - { \ - return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ - { \ - OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ - { \ - return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ - { \ - return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_find_all(STACK_OF(t1) *sk, t2 *ptr, int *pnum) \ - { \ - return OPENSSL_sk_find_all((OPENSSL_STACK *)sk, (const void *)ptr, pnum); \ - } \ - static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ - { \ - OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ - { \ - return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ - sk_##t1##_copyfunc copyfunc, \ - sk_##t1##_freefunc freefunc) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ - (OPENSSL_sk_copyfunc)copyfunc, \ - (OPENSSL_sk_freefunc)freefunc); \ - } \ +#define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 *const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 * a); \ + typedef t3 *(*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_all(STACK_OF(t1) *sk, t2 *ptr, int *pnum) \ + { \ + return OPENSSL_sk_find_all((OPENSSL_STACK *)sk, (const void *)ptr, pnum); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ - { \ - return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ } -# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) -# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) -# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) -# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ - SKM_DEFINE_STACK_OF(t1, const t2, t2) +#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +#define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) +#define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +#define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) /*- * Strings are special: normally an lhash entry will point to a single @@ -202,6 +204,7 @@ * chars. So, we have to implement STRING specially for STACK_OF. This is * dealt with in the autogenerated macros below. */ +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OPENSSL_STRING, char, char) #define sk_OPENSSL_STRING_num(sk) OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(sk)) #define sk_OPENSSL_STRING_value(sk, idx) ((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type(sk), (idx))) @@ -255,6 +258,7 @@ #define sk_OPENSSL_CSTRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OPENSSL_CSTRING) *)OPENSSL_sk_deep_copy(ossl_check_const_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_copyfunc_type(copyfunc), ossl_check_OPENSSL_CSTRING_freefunc_type(freefunc))) #define sk_OPENSSL_CSTRING_set_cmp_func(sk, cmp) ((sk_OPENSSL_CSTRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OPENSSL_CSTRING_sk_type(sk), ossl_check_OPENSSL_CSTRING_compfunc_type(cmp))) +/* clang-format on */ #if !defined(OPENSSL_NO_DEPRECATED_3_0) /* @@ -262,6 +266,7 @@ * These should also be distinguished from "normal" stacks. */ typedef void *OPENSSL_BLOCK; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(OPENSSL_BLOCK, void, void) #define sk_OPENSSL_BLOCK_num(sk) OPENSSL_sk_num(ossl_check_const_OPENSSL_BLOCK_sk_type(sk)) #define sk_OPENSSL_BLOCK_value(sk, idx) ((void *)OPENSSL_sk_value(ossl_check_const_OPENSSL_BLOCK_sk_type(sk), (idx))) @@ -289,9 +294,10 @@ #define sk_OPENSSL_BLOCK_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(OPENSSL_BLOCK) *)OPENSSL_sk_deep_copy(ossl_check_const_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_copyfunc_type(copyfunc), ossl_check_OPENSSL_BLOCK_freefunc_type(freefunc))) #define sk_OPENSSL_BLOCK_set_cmp_func(sk, cmp) ((sk_OPENSSL_BLOCK_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_OPENSSL_BLOCK_sk_type(sk), ossl_check_OPENSSL_BLOCK_compfunc_type(cmp))) +/* clang-format on */ #endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/safestack.h.in.orig +++ crypto/openssl/include/openssl/safestack.h.in @@ -9,177 +9,179 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_string_macros generate_stack_const_string_macros generate_stack_block_macros); -} +/* clang-format on */ #ifndef OPENSSL_SAFESTACK_H -# define OPENSSL_SAFESTACK_H -# pragma once +#define OPENSSL_SAFESTACK_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SAFESTACK_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SAFESTACK_H +#endif -# include -# include +#include +#include #ifdef __cplusplus extern "C" { #endif -# define STACK_OF(type) struct stack_st_##type +#define STACK_OF(type) struct stack_st_##type /* Helper macro for internal use */ -# define SKM_DEFINE_STACK_OF_INTERNAL(t1, t2, t3) \ - STACK_OF(t1); \ - typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ - typedef void (*sk_##t1##_freefunc)(t3 *a); \ - typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ - static ossl_unused ossl_inline t2 *ossl_check_##t1##_type(t2 *ptr) \ - { \ - return ptr; \ - } \ +#define SKM_DEFINE_STACK_OF_INTERNAL(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 *const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 * a); \ + typedef t3 *(*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline t2 *ossl_check_##t1##_type(t2 *ptr) \ + { \ + return ptr; \ + } \ static ossl_unused ossl_inline const OPENSSL_STACK *ossl_check_const_##t1##_sk_type(const STACK_OF(t1) *sk) \ - { \ - return (const OPENSSL_STACK *)sk; \ - } \ - static ossl_unused ossl_inline OPENSSL_STACK *ossl_check_##t1##_sk_type(STACK_OF(t1) *sk) \ - { \ - return (OPENSSL_STACK *)sk; \ - } \ - static ossl_unused ossl_inline OPENSSL_sk_compfunc ossl_check_##t1##_compfunc_type(sk_##t1##_compfunc cmp) \ - { \ - return (OPENSSL_sk_compfunc)cmp; \ - } \ - static ossl_unused ossl_inline OPENSSL_sk_copyfunc ossl_check_##t1##_copyfunc_type(sk_##t1##_copyfunc cpy) \ - { \ - return (OPENSSL_sk_copyfunc)cpy; \ - } \ - static ossl_unused ossl_inline OPENSSL_sk_freefunc ossl_check_##t1##_freefunc_type(sk_##t1##_freefunc fr) \ - { \ - return (OPENSSL_sk_freefunc)fr; \ + { \ + return (const OPENSSL_STACK *)sk; \ + } \ + static ossl_unused ossl_inline OPENSSL_STACK *ossl_check_##t1##_sk_type(STACK_OF(t1) *sk) \ + { \ + return (OPENSSL_STACK *)sk; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_compfunc ossl_check_##t1##_compfunc_type(sk_##t1##_compfunc cmp) \ + { \ + return (OPENSSL_sk_compfunc)cmp; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_copyfunc ossl_check_##t1##_copyfunc_type(sk_##t1##_copyfunc cpy) \ + { \ + return (OPENSSL_sk_copyfunc)cpy; \ + } \ + static ossl_unused ossl_inline OPENSSL_sk_freefunc ossl_check_##t1##_freefunc_type(sk_##t1##_freefunc fr) \ + { \ + return (OPENSSL_sk_freefunc)fr; \ } -# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ - STACK_OF(t1); \ - typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ - typedef void (*sk_##t1##_freefunc)(t3 *a); \ - typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ - static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ - { \ - return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ - { \ - return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ - { \ - return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ - } \ - static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ - { \ - OPENSSL_sk_free((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ - { \ - OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ - { \ - return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ - (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ - { \ - return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ - { \ - return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ - { \ - OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ - { \ - return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ - } \ - static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ - { \ - return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ - { \ - return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_find_all(STACK_OF(t1) *sk, t2 *ptr, int *pnum) \ - { \ - return OPENSSL_sk_find_all((OPENSSL_STACK *)sk, (const void *)ptr, pnum); \ - } \ - static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ - { \ - OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ - { \ - return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ - } \ - static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ - sk_##t1##_copyfunc copyfunc, \ - sk_##t1##_freefunc freefunc) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ - (OPENSSL_sk_copyfunc)copyfunc, \ - (OPENSSL_sk_freefunc)freefunc); \ - } \ +#define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 *const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 * a); \ + typedef t3 *(*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_all(STACK_OF(t1) *sk, t2 *ptr, int *pnum) \ + { \ + return OPENSSL_sk_find_all((OPENSSL_STACK *)sk, (const void *)ptr, pnum); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ - { \ - return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ } -# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) -# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) -# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) -# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ - SKM_DEFINE_STACK_OF(t1, const t2, t2) +#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +#define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) +#define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +#define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) /*- * Strings are special: normally an lhash entry will point to a single @@ -205,10 +207,12 @@ * chars. So, we have to implement STRING specially for STACK_OF. This is * dealt with in the autogenerated macros below. */ +/* clang-format off */ {- generate_stack_string_macros() .generate_stack_const_string_macros(); -} +/* clang-format on */ #if !defined(OPENSSL_NO_DEPRECATED_3_0) /* @@ -216,12 +220,14 @@ * These should also be distinguished from "normal" stacks. */ typedef void *OPENSSL_BLOCK; +/* clang-format off */ {- generate_stack_block_macros(); -} +/* clang-format on */ #endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/seed.h.orig +++ crypto/openssl/include/openssl/seed.h @@ -33,81 +33,80 @@ */ #ifndef OPENSSL_SEED_H -# define OPENSSL_SEED_H -# pragma once +#define OPENSSL_SEED_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SEED_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SEED_H +#endif -# include +#include -# ifndef OPENSSL_NO_SEED -# include -# include -# include +#ifndef OPENSSL_NO_SEED +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define SEED_BLOCK_SIZE 16 -# define SEED_KEY_LENGTH 16 +#define SEED_BLOCK_SIZE 16 +#define SEED_KEY_LENGTH 16 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* look whether we need 'long' to get 32 bits */ -# ifdef AES_LONG -# ifndef SEED_LONG -# define SEED_LONG 1 -# endif -# endif - +#ifdef AES_LONG +#ifndef SEED_LONG +#define SEED_LONG 1 +#endif +#endif typedef struct seed_key_st { -# ifdef SEED_LONG +#ifdef SEED_LONG unsigned long data[32]; -# else +#else unsigned int data[32]; -# endif +#endif } SEED_KEY_SCHEDULE; -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], - SEED_KEY_SCHEDULE *ks); + SEED_KEY_SCHEDULE *ks); OSSL_DEPRECATEDIN_3_0 void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], - unsigned char d[SEED_BLOCK_SIZE], - const SEED_KEY_SCHEDULE *ks); + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); OSSL_DEPRECATEDIN_3_0 void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], - unsigned char d[SEED_BLOCK_SIZE], - const SEED_KEY_SCHEDULE *ks); + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); OSSL_DEPRECATEDIN_3_0 void SEED_ecb_encrypt(const unsigned char *in, - unsigned char *out, - const SEED_KEY_SCHEDULE *ks, int enc); + unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); OSSL_DEPRECATEDIN_3_0 void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, - const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], - int enc); + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int enc); OSSL_DEPRECATEDIN_3_0 void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], - int *num, int enc); + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int *num, int enc); OSSL_DEPRECATEDIN_3_0 void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], - int *num); -# endif + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int *num); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/self_test.h.orig +++ crypto/openssl/include/openssl/self_test.h @@ -8,85 +8,85 @@ */ #ifndef OPENSSL_SELF_TEST_H -# define OPENSSL_SELF_TEST_H -# pragma once +#define OPENSSL_SELF_TEST_H +#pragma once -# include /* OSSL_CALLBACK */ +#include /* OSSL_CALLBACK */ -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* The test event phases */ -# define OSSL_SELF_TEST_PHASE_NONE "None" -# define OSSL_SELF_TEST_PHASE_START "Start" -# define OSSL_SELF_TEST_PHASE_CORRUPT "Corrupt" -# define OSSL_SELF_TEST_PHASE_PASS "Pass" -# define OSSL_SELF_TEST_PHASE_FAIL "Fail" +#define OSSL_SELF_TEST_PHASE_NONE "None" +#define OSSL_SELF_TEST_PHASE_START "Start" +#define OSSL_SELF_TEST_PHASE_CORRUPT "Corrupt" +#define OSSL_SELF_TEST_PHASE_PASS "Pass" +#define OSSL_SELF_TEST_PHASE_FAIL "Fail" /* Test event categories */ -# define OSSL_SELF_TEST_TYPE_NONE "None" -# define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity" -# define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity" -# define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" -# define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" -# define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" -# define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" -# define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest" -# define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature" -# define OSSL_SELF_TEST_TYPE_PCT_SIGNATURE "PCT_Signature" -# define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF" -# define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA" -# define OSSL_SELF_TEST_TYPE_DRBG "DRBG" +#define OSSL_SELF_TEST_TYPE_NONE "None" +#define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity" +#define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity" +#define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" +#define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" +#define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" +#define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" +#define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest" +#define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature" +#define OSSL_SELF_TEST_TYPE_PCT_SIGNATURE "PCT_Signature" +#define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF" +#define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA" +#define OSSL_SELF_TEST_TYPE_DRBG "DRBG" /* Test event sub categories */ -# define OSSL_SELF_TEST_DESC_NONE "None" -# define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC" -# define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" -# define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" -# define OSSL_SELF_TEST_DESC_PCT_DSA "DSA" -# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM" -# define OSSL_SELF_TEST_DESC_CIPHER_AES_ECB "AES_ECB_Decrypt" -# define OSSL_SELF_TEST_DESC_CIPHER_TDES "TDES" -# define OSSL_SELF_TEST_DESC_ASYM_RSA_ENC "RSA_Encrypt" -# define OSSL_SELF_TEST_DESC_ASYM_RSA_DEC "RSA_Decrypt" -# define OSSL_SELF_TEST_DESC_MD_SHA1 "SHA1" -# define OSSL_SELF_TEST_DESC_MD_SHA2 "SHA2" -# define OSSL_SELF_TEST_DESC_MD_SHA3 "SHA3" -# define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA" -# define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA" -# define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA" -# define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR" -# define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH" -# define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC" -# define OSSL_SELF_TEST_DESC_KA_DH "DH" -# define OSSL_SELF_TEST_DESC_KA_ECDH "ECDH" -# define OSSL_SELF_TEST_DESC_KDF_HKDF "HKDF" -# define OSSL_SELF_TEST_DESC_KDF_SSKDF "SSKDF" -# define OSSL_SELF_TEST_DESC_KDF_X963KDF "X963KDF" -# define OSSL_SELF_TEST_DESC_KDF_X942KDF "X942KDF" -# define OSSL_SELF_TEST_DESC_KDF_PBKDF2 "PBKDF2" -# define OSSL_SELF_TEST_DESC_KDF_SSHKDF "SSHKDF" -# define OSSL_SELF_TEST_DESC_KDF_TLS12_PRF "TLS12_PRF" -# define OSSL_SELF_TEST_DESC_KDF_KBKDF "KBKDF" -# define OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT "TLS13_KDF_EXTRACT" -# define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND "TLS13_KDF_EXPAND" -# define OSSL_SELF_TEST_DESC_RNG "RNG" +#define OSSL_SELF_TEST_DESC_NONE "None" +#define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC" +#define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" +#define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" +#define OSSL_SELF_TEST_DESC_PCT_DSA "DSA" +#define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM" +#define OSSL_SELF_TEST_DESC_CIPHER_AES_ECB "AES_ECB_Decrypt" +#define OSSL_SELF_TEST_DESC_CIPHER_TDES "TDES" +#define OSSL_SELF_TEST_DESC_ASYM_RSA_ENC "RSA_Encrypt" +#define OSSL_SELF_TEST_DESC_ASYM_RSA_DEC "RSA_Decrypt" +#define OSSL_SELF_TEST_DESC_MD_SHA1 "SHA1" +#define OSSL_SELF_TEST_DESC_MD_SHA2 "SHA2" +#define OSSL_SELF_TEST_DESC_MD_SHA3 "SHA3" +#define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA" +#define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA" +#define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA" +#define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR" +#define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH" +#define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC" +#define OSSL_SELF_TEST_DESC_KA_DH "DH" +#define OSSL_SELF_TEST_DESC_KA_ECDH "ECDH" +#define OSSL_SELF_TEST_DESC_KDF_HKDF "HKDF" +#define OSSL_SELF_TEST_DESC_KDF_SSKDF "SSKDF" +#define OSSL_SELF_TEST_DESC_KDF_X963KDF "X963KDF" +#define OSSL_SELF_TEST_DESC_KDF_X942KDF "X942KDF" +#define OSSL_SELF_TEST_DESC_KDF_PBKDF2 "PBKDF2" +#define OSSL_SELF_TEST_DESC_KDF_SSHKDF "SSHKDF" +#define OSSL_SELF_TEST_DESC_KDF_TLS12_PRF "TLS12_PRF" +#define OSSL_SELF_TEST_DESC_KDF_KBKDF "KBKDF" +#define OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT "TLS13_KDF_EXTRACT" +#define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND "TLS13_KDF_EXPAND" +#define OSSL_SELF_TEST_DESC_RNG "RNG" void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK *cb, - void *cbarg); + void *cbarg); void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, - void **cbarg); + void **cbarg); OSSL_SELF_TEST *OSSL_SELF_TEST_new(OSSL_CALLBACK *cb, void *cbarg); void OSSL_SELF_TEST_free(OSSL_SELF_TEST *st); void OSSL_SELF_TEST_onbegin(OSSL_SELF_TEST *st, const char *type, - const char *desc); + const char *desc); int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes); void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif /* OPENSSL_SELF_TEST_H */ --- crypto/openssl/include/openssl/sha.h.orig +++ crypto/openssl/include/openssl/sha.h @@ -8,36 +8,36 @@ */ #ifndef OPENSSL_SHA_H -# define OPENSSL_SHA_H -# pragma once +#define OPENSSL_SHA_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SHA_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SHA_H +#endif -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# define SHA_DIGEST_LENGTH 20 +#define SHA_DIGEST_LENGTH 20 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! SHA_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define SHA_LONG unsigned int +#define SHA_LONG unsigned int -# define SHA_LBLOCK 16 -# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a - * contiguous array of 32 bit wide - * big-endian values. */ -# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +#define SHA_LBLOCK 16 +#define SHA_CBLOCK (SHA_LBLOCK * 4) /* SHA treats input data as a \ + * contiguous array of 32 bit wide \ + * big-endian values. */ +#define SHA_LAST_BLOCK (SHA_CBLOCK - 8) typedef struct SHAstate_st { SHA_LONG h0, h1, h2, h3, h4; @@ -50,13 +50,13 @@ OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c); OSSL_DEPRECATEDIN_3_0 void SHA1_Transform(SHA_CTX *c, const unsigned char *data); -# endif +#endif unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a - * contiguous array of 32 bit wide +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SHA256_CBLOCK (SHA_LBLOCK * 4) /* SHA-256 treats input data as a \ + * contiguous array of 32 bit wide \ * big-endian values. */ typedef struct SHA256state_st { @@ -68,25 +68,25 @@ OSSL_DEPRECATEDIN_3_0 int SHA224_Init(SHA256_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA224_Update(SHA256_CTX *c, - const void *data, size_t len); + const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA224_Final(unsigned char *md, SHA256_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c, - const void *data, size_t len); + const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c); OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c, - const unsigned char *data); -# endif + const unsigned char *data); +#endif unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); -# define SHA224_DIGEST_LENGTH 28 -# define SHA256_DIGEST_LENGTH 32 -# define SHA384_DIGEST_LENGTH 48 -# define SHA512_DIGEST_LENGTH 64 +#define SHA224_DIGEST_LENGTH 28 +#define SHA256_DIGEST_LENGTH 32 +#define SHA384_DIGEST_LENGTH 48 +#define SHA512_DIGEST_LENGTH 64 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 * being exactly 64-bit wide. See Implementation Notes in sha512.c @@ -97,14 +97,14 @@ * contiguous array of 64 bit * wide big-endian values. */ -# define SHA512_CBLOCK (SHA_LBLOCK*8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define SHA_LONG64 unsigned __int64 -# elif defined(__arch64__) -# define SHA_LONG64 unsigned long -# else -# define SHA_LONG64 unsigned long long -# endif +#define SHA512_CBLOCK (SHA_LBLOCK * 8) +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +#define SHA_LONG64 unsigned __int64 +#elif defined(__arch64__) +#define SHA_LONG64 unsigned long +#else +#define SHA_LONG64 unsigned long long +#endif typedef struct SHA512state_st { SHA_LONG64 h[8]; @@ -118,21 +118,21 @@ OSSL_DEPRECATEDIN_3_0 int SHA384_Init(SHA512_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA384_Update(SHA512_CTX *c, - const void *data, size_t len); + const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA384_Final(unsigned char *md, SHA512_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA512_Init(SHA512_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA512_Update(SHA512_CTX *c, - const void *data, size_t len); + const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA512_Final(unsigned char *md, SHA512_CTX *c); OSSL_DEPRECATEDIN_3_0 void SHA512_Transform(SHA512_CTX *c, - const unsigned char *data); -# endif + const unsigned char *data); +#endif unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/srp.h.orig +++ crypto/openssl/include/openssl/srp.h @@ -14,36 +14,39 @@ * for the EdelKey project. */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_SRP_H -# define OPENSSL_SRP_H -# pragma once +#define OPENSSL_SRP_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SRP_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SRP_H +#endif #include #ifndef OPENSSL_NO_SRP -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct SRP_gN_cache_st { char *b64_bn; BIGNUM *bn; } SRP_gN_cache; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(SRP_gN_cache, SRP_gN_cache, SRP_gN_cache) #define sk_SRP_gN_cache_num(sk) OPENSSL_sk_num(ossl_check_const_SRP_gN_cache_sk_type(sk)) #define sk_SRP_gN_cache_value(sk, idx) ((SRP_gN_cache *)OPENSSL_sk_value(ossl_check_const_SRP_gN_cache_sk_type(sk), (idx))) @@ -71,7 +74,7 @@ #define sk_SRP_gN_cache_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRP_gN_cache) *)OPENSSL_sk_deep_copy(ossl_check_const_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_copyfunc_type(copyfunc), ossl_check_SRP_gN_cache_freefunc_type(freefunc))) #define sk_SRP_gN_cache_set_cmp_func(sk, cmp) ((sk_SRP_gN_cache_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRP_gN_cache_sk_type(sk), ossl_check_SRP_gN_cache_compfunc_type(cmp))) - +/* clang-format on */ typedef struct SRP_user_pwd_st { /* Owned by us. */ @@ -84,6 +87,7 @@ /* Owned by us. */ char *info; } SRP_user_pwd; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(SRP_user_pwd, SRP_user_pwd, SRP_user_pwd) #define sk_SRP_user_pwd_num(sk) OPENSSL_sk_num(ossl_check_const_SRP_user_pwd_sk_type(sk)) #define sk_SRP_user_pwd_value(sk, idx) ((SRP_user_pwd *)OPENSSL_sk_value(ossl_check_const_SRP_user_pwd_sk_type(sk), (idx))) @@ -111,6 +115,7 @@ #define sk_SRP_user_pwd_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRP_user_pwd) *)OPENSSL_sk_deep_copy(ossl_check_const_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_copyfunc_type(copyfunc), ossl_check_SRP_user_pwd_freefunc_type(freefunc))) #define sk_SRP_user_pwd_set_cmp_func(sk, cmp) ((sk_SRP_user_pwd_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRP_user_pwd_sk_type(sk), ossl_check_SRP_user_pwd_compfunc_type(cmp))) +/* clang-format on */ OSSL_DEPRECATEDIN_3_0 SRP_user_pwd *SRP_user_pwd_new(void); @@ -119,17 +124,17 @@ OSSL_DEPRECATEDIN_3_0 void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, - const BIGNUM *N); + const BIGNUM *N); OSSL_DEPRECATEDIN_3_0 int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, - const char *info); + const char *info); OSSL_DEPRECATEDIN_3_0 int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); typedef struct SRP_VBASE_st { STACK_OF(SRP_user_pwd) *users_pwd; STACK_OF(SRP_gN_cache) *gN_cache; -/* to simulate a user */ + /* to simulate a user */ char *seed_key; const BIGNUM *default_g; const BIGNUM *default_N; @@ -143,6 +148,7 @@ const BIGNUM *g; const BIGNUM *N; } SRP_gN; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(SRP_gN, SRP_gN, SRP_gN) #define sk_SRP_gN_num(sk) OPENSSL_sk_num(ossl_check_const_SRP_gN_sk_type(sk)) #define sk_SRP_gN_value(sk, idx) ((SRP_gN *)OPENSSL_sk_value(ossl_check_const_SRP_gN_sk_type(sk), (idx))) @@ -170,7 +176,7 @@ #define sk_SRP_gN_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRP_gN) *)OPENSSL_sk_deep_copy(ossl_check_const_SRP_gN_sk_type(sk), ossl_check_SRP_gN_copyfunc_type(copyfunc), ossl_check_SRP_gN_freefunc_type(freefunc))) #define sk_SRP_gN_set_cmp_func(sk, cmp) ((sk_SRP_gN_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRP_gN_sk_type(sk), ossl_check_SRP_gN_compfunc_type(cmp))) - +/* clang-format on */ OSSL_DEPRECATEDIN_3_0 SRP_VBASE *SRP_VBASE_new(char *seed_key); @@ -188,40 +194,40 @@ OSSL_DEPRECATEDIN_3_0 char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g, - OSSL_LIB_CTX *libctx, const char *propq); + char **verifier, const char *N, const char *g, + OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 char *SRP_create_verifier(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g); + char **verifier, const char *N, const char *g); OSSL_DEPRECATEDIN_3_0 int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g, OSSL_LIB_CTX *libctx, - const char *propq); + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g, OSSL_LIB_CTX *libctx, + const char *propq); OSSL_DEPRECATEDIN_3_0 int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g); - -# define SRP_NO_ERROR 0 -# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 -# define SRP_ERR_VBASE_BN_LIB 2 -# define SRP_ERR_OPEN_FILE 3 -# define SRP_ERR_MEMORY 4 - -# define DB_srptype 0 -# define DB_srpverifier 1 -# define DB_srpsalt 2 -# define DB_srpid 3 -# define DB_srpgN 4 -# define DB_srpinfo 5 -# undef DB_NUMBER -# define DB_NUMBER 6 - -# define DB_SRP_INDEX 'I' -# define DB_SRP_VALID 'V' -# define DB_SRP_REVOKED 'R' -# define DB_SRP_MODIF 'v' + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +#define SRP_NO_ERROR 0 +#define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +#define SRP_ERR_VBASE_BN_LIB 2 +#define SRP_ERR_OPEN_FILE 3 +#define SRP_ERR_MEMORY 4 + +#define DB_srptype 0 +#define DB_srpverifier 1 +#define DB_srpsalt 2 +#define DB_srpid 3 +#define DB_srpgN 4 +#define DB_srpinfo 5 +#undef DB_NUMBER +#define DB_NUMBER 6 + +#define DB_SRP_INDEX 'I' +#define DB_SRP_VALID 'V' +#define DB_SRP_REVOKED 'R' +#define DB_SRP_MODIF 'v' /* see srp.c */ OSSL_DEPRECATEDIN_3_0 @@ -232,19 +238,19 @@ /* server side .... */ OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, - const BIGNUM *b, const BIGNUM *N); + const BIGNUM *b, const BIGNUM *N); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq); + const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v); + const BIGNUM *v); OSSL_DEPRECATEDIN_3_0 int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); @@ -252,34 +258,34 @@ OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, - OSSL_LIB_CTX *libctx, const char *propq); + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, + OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); OSSL_DEPRECATEDIN_3_0 int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); -# define SRP_MINIMAL_N 1024 +#define SRP_MINIMAL_N 1024 -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /* This method ignores the configured seed and fails for an unknown user. */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/srp.h.in.orig +++ crypto/openssl/include/openssl/srp.h.in @@ -13,42 +13,45 @@ * for the EdelKey project. */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_SRP_H -# define OPENSSL_SRP_H -# pragma once +#define OPENSSL_SRP_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SRP_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SRP_H +#endif #include #ifndef OPENSSL_NO_SRP -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct SRP_gN_cache_st { char *b64_bn; BIGNUM *bn; } SRP_gN_cache; +/* clang-format off */ {- generate_stack_macros("SRP_gN_cache"); -} - +/* clang-format on */ typedef struct SRP_user_pwd_st { /* Owned by us. */ @@ -61,9 +64,11 @@ /* Owned by us. */ char *info; } SRP_user_pwd; +/* clang-format off */ {- generate_stack_macros("SRP_user_pwd"); -} +/* clang-format on */ OSSL_DEPRECATEDIN_3_0 SRP_user_pwd *SRP_user_pwd_new(void); @@ -72,17 +77,17 @@ OSSL_DEPRECATEDIN_3_0 void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, - const BIGNUM *N); + const BIGNUM *N); OSSL_DEPRECATEDIN_3_0 int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, - const char *info); + const char *info); OSSL_DEPRECATEDIN_3_0 int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); typedef struct SRP_VBASE_st { STACK_OF(SRP_user_pwd) *users_pwd; STACK_OF(SRP_gN_cache) *gN_cache; -/* to simulate a user */ + /* to simulate a user */ char *seed_key; const BIGNUM *default_g; const BIGNUM *default_N; @@ -96,10 +101,11 @@ const BIGNUM *g; const BIGNUM *N; } SRP_gN; +/* clang-format off */ {- generate_stack_macros("SRP_gN"); -} - +/* clang-format on */ OSSL_DEPRECATEDIN_3_0 SRP_VBASE *SRP_VBASE_new(char *seed_key); @@ -117,40 +123,40 @@ OSSL_DEPRECATEDIN_3_0 char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g, - OSSL_LIB_CTX *libctx, const char *propq); + char **verifier, const char *N, const char *g, + OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 char *SRP_create_verifier(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g); + char **verifier, const char *N, const char *g); OSSL_DEPRECATEDIN_3_0 int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g, OSSL_LIB_CTX *libctx, - const char *propq); + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g, OSSL_LIB_CTX *libctx, + const char *propq); OSSL_DEPRECATEDIN_3_0 int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g); - -# define SRP_NO_ERROR 0 -# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 -# define SRP_ERR_VBASE_BN_LIB 2 -# define SRP_ERR_OPEN_FILE 3 -# define SRP_ERR_MEMORY 4 - -# define DB_srptype 0 -# define DB_srpverifier 1 -# define DB_srpsalt 2 -# define DB_srpid 3 -# define DB_srpgN 4 -# define DB_srpinfo 5 -# undef DB_NUMBER -# define DB_NUMBER 6 - -# define DB_SRP_INDEX 'I' -# define DB_SRP_VALID 'V' -# define DB_SRP_REVOKED 'R' -# define DB_SRP_MODIF 'v' + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +#define SRP_NO_ERROR 0 +#define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +#define SRP_ERR_VBASE_BN_LIB 2 +#define SRP_ERR_OPEN_FILE 3 +#define SRP_ERR_MEMORY 4 + +#define DB_srptype 0 +#define DB_srpverifier 1 +#define DB_srpsalt 2 +#define DB_srpid 3 +#define DB_srpgN 4 +#define DB_srpinfo 5 +#undef DB_NUMBER +#define DB_NUMBER 6 + +#define DB_SRP_INDEX 'I' +#define DB_SRP_VALID 'V' +#define DB_SRP_REVOKED 'R' +#define DB_SRP_MODIF 'v' /* see srp.c */ OSSL_DEPRECATEDIN_3_0 @@ -161,19 +167,19 @@ /* server side .... */ OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, - const BIGNUM *b, const BIGNUM *N); + const BIGNUM *b, const BIGNUM *N); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq); + const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v); + const BIGNUM *v); OSSL_DEPRECATEDIN_3_0 int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); @@ -181,34 +187,34 @@ OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, - OSSL_LIB_CTX *libctx, const char *propq); + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, + OSSL_LIB_CTX *libctx, const char *propq); OSSL_DEPRECATEDIN_3_0 BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); OSSL_DEPRECATEDIN_3_0 int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); -# define SRP_MINIMAL_N 1024 +#define SRP_MINIMAL_N 1024 -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ /* This method ignores the configured seed and fails for an unknown user. */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); -# endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/srtp.h.orig +++ crypto/openssl/include/openssl/srtp.h @@ -14,32 +14,32 @@ */ #ifndef OPENSSL_SRTP_H -# define OPENSSL_SRTP_H -# pragma once +#define OPENSSL_SRTP_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_D1_SRTP_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_D1_SRTP_H +#endif -# include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# define SRTP_AES128_CM_SHA1_80 0x0001 -# define SRTP_AES128_CM_SHA1_32 0x0002 -# define SRTP_AES128_F8_SHA1_80 0x0003 -# define SRTP_AES128_F8_SHA1_32 0x0004 -# define SRTP_NULL_SHA1_80 0x0005 -# define SRTP_NULL_SHA1_32 0x0006 +#define SRTP_AES128_CM_SHA1_80 0x0001 +#define SRTP_AES128_CM_SHA1_32 0x0002 +#define SRTP_AES128_F8_SHA1_80 0x0003 +#define SRTP_AES128_F8_SHA1_32 0x0004 +#define SRTP_NULL_SHA1_80 0x0005 +#define SRTP_NULL_SHA1_32 0x0006 /* AEAD SRTP protection profiles from RFC 7714 */ -# define SRTP_AEAD_AES_128_GCM 0x0007 -# define SRTP_AEAD_AES_256_GCM 0x0008 +#define SRTP_AEAD_AES_128_GCM 0x0007 +#define SRTP_AEAD_AES_256_GCM 0x0008 -# ifndef OPENSSL_NO_SRTP +#ifndef OPENSSL_NO_SRTP __owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); __owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); @@ -47,9 +47,9 @@ __owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); __owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); -# endif +#endif -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/ssl.h.orig +++ crypto/openssl/include/openssl/ssl.h @@ -12,38 +12,40 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_SSL_H -# define OPENSSL_SSL_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SSL_H -# endif - -# include -# include -# include -# include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# include -# include -# endif -# include -# include -# include -# include - -# include -# include -# include -# include -# include - -#ifdef __cplusplus +#define OPENSSL_SSL_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SSL_H +#endif + +#include +#include +#include +#include +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#include +#include +#endif +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#ifdef __cplusplus extern "C" { #endif @@ -52,116 +54,116 @@ * Version 0 - initial version * Version 1 - added the optional peer certificate */ -# define SSL_SESSION_ASN1_VERSION 0x0001 +#define SSL_SESSION_ASN1_VERSION 0x0001 -# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 -# define SSL_MAX_SID_CTX_LENGTH 32 +#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +#define SSL_MAX_SID_CTX_LENGTH 32 -# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) -# define SSL_MAX_KEY_ARG_LENGTH 8 +#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512 / 8) +#define SSL_MAX_KEY_ARG_LENGTH 8 /* SSL_MAX_MASTER_KEY_LENGTH is defined in prov_ssl.h */ /* The maximum number of encrypt/decrypt pipelines we can support */ -# define SSL_MAX_PIPELINES 32 +#define SSL_MAX_PIPELINES 32 /* text strings for the ciphers */ /* These are used to specify which ciphers to use and not to use */ -# define SSL_TXT_LOW "LOW" -# define SSL_TXT_MEDIUM "MEDIUM" -# define SSL_TXT_HIGH "HIGH" -# define SSL_TXT_FIPS "FIPS" - -# define SSL_TXT_aNULL "aNULL" -# define SSL_TXT_eNULL "eNULL" -# define SSL_TXT_NULL "NULL" - -# define SSL_TXT_kRSA "kRSA" -# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ -# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ -# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ -# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ -# define SSL_TXT_kDHE "kDHE" -# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ -# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ -# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ -# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ -# define SSL_TXT_kECDHE "kECDHE" -# define SSL_TXT_kPSK "kPSK" -# define SSL_TXT_kRSAPSK "kRSAPSK" -# define SSL_TXT_kECDHEPSK "kECDHEPSK" -# define SSL_TXT_kDHEPSK "kDHEPSK" -# define SSL_TXT_kGOST "kGOST" -# define SSL_TXT_kGOST18 "kGOST18" -# define SSL_TXT_kSRP "kSRP" - -# define SSL_TXT_aRSA "aRSA" -# define SSL_TXT_aDSS "aDSS" -# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ -# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ -# define SSL_TXT_aECDSA "aECDSA" -# define SSL_TXT_aPSK "aPSK" -# define SSL_TXT_aGOST94 "aGOST94" -# define SSL_TXT_aGOST01 "aGOST01" -# define SSL_TXT_aGOST12 "aGOST12" -# define SSL_TXT_aGOST "aGOST" -# define SSL_TXT_aSRP "aSRP" - -# define SSL_TXT_DSS "DSS" -# define SSL_TXT_DH "DH" -# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ -# define SSL_TXT_EDH "EDH"/* alias for DHE */ -# define SSL_TXT_ADH "ADH" -# define SSL_TXT_RSA "RSA" -# define SSL_TXT_ECDH "ECDH" -# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ -# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ -# define SSL_TXT_AECDH "AECDH" -# define SSL_TXT_ECDSA "ECDSA" -# define SSL_TXT_PSK "PSK" -# define SSL_TXT_SRP "SRP" - -# define SSL_TXT_DES "DES" -# define SSL_TXT_3DES "3DES" -# define SSL_TXT_RC4 "RC4" -# define SSL_TXT_RC2 "RC2" -# define SSL_TXT_IDEA "IDEA" -# define SSL_TXT_SEED "SEED" -# define SSL_TXT_AES128 "AES128" -# define SSL_TXT_AES256 "AES256" -# define SSL_TXT_AES "AES" -# define SSL_TXT_AES_GCM "AESGCM" -# define SSL_TXT_AES_CCM "AESCCM" -# define SSL_TXT_AES_CCM_8 "AESCCM8" -# define SSL_TXT_CAMELLIA128 "CAMELLIA128" -# define SSL_TXT_CAMELLIA256 "CAMELLIA256" -# define SSL_TXT_CAMELLIA "CAMELLIA" -# define SSL_TXT_CHACHA20 "CHACHA20" -# define SSL_TXT_GOST "GOST89" -# define SSL_TXT_ARIA "ARIA" -# define SSL_TXT_ARIA_GCM "ARIAGCM" -# define SSL_TXT_ARIA128 "ARIA128" -# define SSL_TXT_ARIA256 "ARIA256" -# define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912" -# define SSL_TXT_CBC "CBC" - -# define SSL_TXT_MD5 "MD5" -# define SSL_TXT_SHA1 "SHA1" -# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ -# define SSL_TXT_GOST94 "GOST94" -# define SSL_TXT_GOST89MAC "GOST89MAC" -# define SSL_TXT_GOST12 "GOST12" -# define SSL_TXT_GOST89MAC12 "GOST89MAC12" -# define SSL_TXT_SHA256 "SHA256" -# define SSL_TXT_SHA384 "SHA384" - -# define SSL_TXT_SSLV3 "SSLv3" -# define SSL_TXT_TLSV1 "TLSv1" -# define SSL_TXT_TLSV1_1 "TLSv1.1" -# define SSL_TXT_TLSV1_2 "TLSv1.2" - -# define SSL_TXT_ALL "ALL" +#define SSL_TXT_LOW "LOW" +#define SSL_TXT_MEDIUM "MEDIUM" +#define SSL_TXT_HIGH "HIGH" +#define SSL_TXT_FIPS "FIPS" + +#define SSL_TXT_aNULL "aNULL" +#define SSL_TXT_eNULL "eNULL" +#define SSL_TXT_NULL "NULL" + +#define SSL_TXT_kRSA "kRSA" +#define SSL_TXT_kDHr "kDHr" /* this cipher class has been removed */ +#define SSL_TXT_kDHd "kDHd" /* this cipher class has been removed */ +#define SSL_TXT_kDH "kDH" /* this cipher class has been removed */ +#define SSL_TXT_kEDH "kEDH" /* alias for kDHE */ +#define SSL_TXT_kDHE "kDHE" +#define SSL_TXT_kECDHr "kECDHr" /* this cipher class has been removed */ +#define SSL_TXT_kECDHe "kECDHe" /* this cipher class has been removed */ +#define SSL_TXT_kECDH "kECDH" /* this cipher class has been removed */ +#define SSL_TXT_kEECDH "kEECDH" /* alias for kECDHE */ +#define SSL_TXT_kECDHE "kECDHE" +#define SSL_TXT_kPSK "kPSK" +#define SSL_TXT_kRSAPSK "kRSAPSK" +#define SSL_TXT_kECDHEPSK "kECDHEPSK" +#define SSL_TXT_kDHEPSK "kDHEPSK" +#define SSL_TXT_kGOST "kGOST" +#define SSL_TXT_kGOST18 "kGOST18" +#define SSL_TXT_kSRP "kSRP" + +#define SSL_TXT_aRSA "aRSA" +#define SSL_TXT_aDSS "aDSS" +#define SSL_TXT_aDH "aDH" /* this cipher class has been removed */ +#define SSL_TXT_aECDH "aECDH" /* this cipher class has been removed */ +#define SSL_TXT_aECDSA "aECDSA" +#define SSL_TXT_aPSK "aPSK" +#define SSL_TXT_aGOST94 "aGOST94" +#define SSL_TXT_aGOST01 "aGOST01" +#define SSL_TXT_aGOST12 "aGOST12" +#define SSL_TXT_aGOST "aGOST" +#define SSL_TXT_aSRP "aSRP" + +#define SSL_TXT_DSS "DSS" +#define SSL_TXT_DH "DH" +#define SSL_TXT_DHE "DHE" /* same as "kDHE:-ADH" */ +#define SSL_TXT_EDH "EDH" /* alias for DHE */ +#define SSL_TXT_ADH "ADH" +#define SSL_TXT_RSA "RSA" +#define SSL_TXT_ECDH "ECDH" +#define SSL_TXT_EECDH "EECDH" /* alias for ECDHE" */ +#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */ +#define SSL_TXT_AECDH "AECDH" +#define SSL_TXT_ECDSA "ECDSA" +#define SSL_TXT_PSK "PSK" +#define SSL_TXT_SRP "SRP" + +#define SSL_TXT_DES "DES" +#define SSL_TXT_3DES "3DES" +#define SSL_TXT_RC4 "RC4" +#define SSL_TXT_RC2 "RC2" +#define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_SEED "SEED" +#define SSL_TXT_AES128 "AES128" +#define SSL_TXT_AES256 "AES256" +#define SSL_TXT_AES "AES" +#define SSL_TXT_AES_GCM "AESGCM" +#define SSL_TXT_AES_CCM "AESCCM" +#define SSL_TXT_AES_CCM_8 "AESCCM8" +#define SSL_TXT_CAMELLIA128 "CAMELLIA128" +#define SSL_TXT_CAMELLIA256 "CAMELLIA256" +#define SSL_TXT_CAMELLIA "CAMELLIA" +#define SSL_TXT_CHACHA20 "CHACHA20" +#define SSL_TXT_GOST "GOST89" +#define SSL_TXT_ARIA "ARIA" +#define SSL_TXT_ARIA_GCM "ARIAGCM" +#define SSL_TXT_ARIA128 "ARIA128" +#define SSL_TXT_ARIA256 "ARIA256" +#define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912" +#define SSL_TXT_CBC "CBC" + +#define SSL_TXT_MD5 "MD5" +#define SSL_TXT_SHA1 "SHA1" +#define SSL_TXT_SHA "SHA" /* same as "SHA1" */ +#define SSL_TXT_GOST94 "GOST94" +#define SSL_TXT_GOST89MAC "GOST89MAC" +#define SSL_TXT_GOST12 "GOST12" +#define SSL_TXT_GOST89MAC12 "GOST89MAC12" +#define SSL_TXT_SHA256 "SHA256" +#define SSL_TXT_SHA384 "SHA384" + +#define SSL_TXT_SSLV3 "SSLv3" +#define SSL_TXT_TLSV1 "TLSv1" +#define SSL_TXT_TLSV1_1 "TLSv1.1" +#define SSL_TXT_TLSV1_2 "TLSv1.2" + +#define SSL_TXT_ALL "ALL" /*- * COMPLEMENTOF* definitions. These identifiers are used to (de-select) @@ -177,8 +179,8 @@ * DEFAULT gets, as only selection is being done and no sorting as needed * for DEFAULT. */ -# define SSL_TXT_CMPALL "COMPLEMENTOFALL" -# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" +#define SSL_TXT_CMPALL "COMPLEMENTOFALL" +#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" /* * The following cipher list is used by default. It also is substituted when @@ -187,17 +189,17 @@ * DEPRECATED IN 3.0.0, in favor of OSSL_default_cipher_list() * Update both macro and function simultaneously */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" /* * This is the default set of TLSv1.3 ciphersuites * DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites() * Update both macro and function simultaneously */ -# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ - "TLS_CHACHA20_POLY1305_SHA256:" \ - "TLS_AES_128_GCM_SHA256" -# endif +#define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +#endif /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is @@ -206,19 +208,19 @@ */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ -# define SSL_SENT_SHUTDOWN 1 -# define SSL_RECEIVED_SHUTDOWN 2 +#define SSL_SENT_SHUTDOWN 1 +#define SSL_RECEIVED_SHUTDOWN 2 #ifdef __cplusplus } #endif -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 -# define SSL_FILETYPE_PEM X509_FILETYPE_PEM +#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +#define SSL_FILETYPE_PEM X509_FILETYPE_PEM /* * This is needed to stop compilers complaining about the 'struct ssl_st *' @@ -241,6 +243,7 @@ const char *name; unsigned long id; } SRTP_PROTECTION_PROFILE; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(SRTP_PROTECTION_PROFILE, SRTP_PROTECTION_PROFILE, SRTP_PROTECTION_PROFILE) #define sk_SRTP_PROTECTION_PROFILE_num(sk) OPENSSL_sk_num(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk)) #define sk_SRTP_PROTECTION_PROFILE_value(sk, idx) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_value(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk), (idx))) @@ -268,71 +271,70 @@ #define sk_SRTP_PROTECTION_PROFILE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_deep_copy(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_copyfunc_type(copyfunc), ossl_check_SRTP_PROTECTION_PROFILE_freefunc_type(freefunc))) #define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, cmp) ((sk_SRTP_PROTECTION_PROFILE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_compfunc_type(cmp))) - +/* clang-format on */ typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, - int len, void *arg); + int len, void *arg); typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, - const SSL_CIPHER **cipher, void *arg); + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); /* Extension context codes */ /* This extension is only allowed in TLS */ -#define SSL_EXT_TLS_ONLY 0x0001 +#define SSL_EXT_TLS_ONLY 0x0001 /* This extension is only allowed in DTLS */ -#define SSL_EXT_DTLS_ONLY 0x0002 +#define SSL_EXT_DTLS_ONLY 0x0002 /* Some extensions may be allowed in DTLS but we don't implement them for it */ -#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ -#define SSL_EXT_SSL3_ALLOWED 0x0008 +#define SSL_EXT_SSL3_ALLOWED 0x0008 /* Extension is only defined for TLS1.2 and below */ -#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 /* Extension is only defined for TLS1.3 and above */ -#define SSL_EXT_TLS1_3_ONLY 0x0020 +#define SSL_EXT_TLS1_3_ONLY 0x0020 /* Ignore this extension during parsing if we are resuming */ -#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 -#define SSL_EXT_CLIENT_HELLO 0x0080 +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 /* Really means TLS1.2 or below */ -#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 -#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 -#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 -#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 -#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 -#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 -#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 /* Typedefs for handling custom extensions */ typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, - const unsigned char **out, size_t *outlen, - int *al, void *add_arg); + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, - const unsigned char *out, void *add_arg); + const unsigned char *out, void *add_arg); typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, - const unsigned char *in, size_t inlen, - int *al, void *parse_arg); - + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char **out, - size_t *outlen, X509 *x, - size_t chainidx, - int *al, void *add_arg); + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *out, - void *add_arg); + unsigned int context, + const unsigned char *out, + void *add_arg); typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *in, - size_t inlen, X509 *x, - size_t chainidx, - int *al, void *parse_arg); + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); /* Typedef for verification callback */ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); @@ -340,163 +342,163 @@ /* Typedef for SSL async callback */ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); -#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n) +#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n) /* * SSL/TLS connection options. */ - /* Disable Extended master secret */ -# define SSL_OP_NO_EXTENDED_MASTER_SECRET SSL_OP_BIT(0) - /* Cleanse plaintext copies of data delivered to the application */ -# define SSL_OP_CLEANSE_PLAINTEXT SSL_OP_BIT(1) - /* Allow initial connection to servers that don't support RI */ -# define SSL_OP_LEGACY_SERVER_CONNECT SSL_OP_BIT(2) - /* Enable support for Kernel TLS */ -# define SSL_OP_ENABLE_KTLS SSL_OP_BIT(3) -# define SSL_OP_TLSEXT_PADDING SSL_OP_BIT(4) -# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG SSL_OP_BIT(6) -# define SSL_OP_IGNORE_UNEXPECTED_EOF SSL_OP_BIT(7) -# define SSL_OP_ALLOW_CLIENT_RENEGOTIATION SSL_OP_BIT(8) -# define SSL_OP_DISABLE_TLSEXT_CA_NAMES SSL_OP_BIT(9) - /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ -# define SSL_OP_ALLOW_NO_DHE_KEX SSL_OP_BIT(10) - /* - * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added - * in OpenSSL 0.9.6d. Usually (depending on the application protocol) - * the workaround is not needed. Unfortunately some broken SSL/TLS - * implementations cannot handle it at all, which is why we include it - * in SSL_OP_ALL. Added in 0.9.6e - */ -# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_BIT(11) - /* DTLS options */ -# define SSL_OP_NO_QUERY_MTU SSL_OP_BIT(12) - /* Turn on Cookie Exchange (on relevant for servers) */ -# define SSL_OP_COOKIE_EXCHANGE SSL_OP_BIT(13) - /* Don't use RFC4507 ticket extension */ -# define SSL_OP_NO_TICKET SSL_OP_BIT(14) -# ifndef OPENSSL_NO_DTLS1_METHOD - /* - * Use Cisco's version identifier of DTLS_BAD_VER - * (only with deprecated DTLSv1_client_method()) - */ -# define SSL_OP_CISCO_ANYCONNECT SSL_OP_BIT(15) -# endif - /* As server, disallow session resumption on renegotiation */ -# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_BIT(16) - /* Don't use compression even if supported */ -# define SSL_OP_NO_COMPRESSION SSL_OP_BIT(17) - /* Permit unsafe legacy renegotiation */ -# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_BIT(18) - /* Disable encrypt-then-mac */ -# define SSL_OP_NO_ENCRYPT_THEN_MAC SSL_OP_BIT(19) - /* - * Enable TLSv1.3 Compatibility mode. This is on by default. A future - * version of OpenSSL may have this disabled by default. - */ -# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT SSL_OP_BIT(20) - /* - * Prioritize Chacha20Poly1305 when client does. - * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE - */ -# define SSL_OP_PRIORITIZE_CHACHA SSL_OP_BIT(21) - /* - * Set on servers to choose the cipher according to server's preferences. - */ -# define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_BIT(22) - /* - * If set, a server will allow a client to issue a SSLv3.0 version - * number as latest version supported in the premaster secret, even when - * TLSv1.0 (version 3.1) was announced in the client hello. Normally - * this is forbidden to prevent version rollback attacks. - */ -# define SSL_OP_TLS_ROLLBACK_BUG SSL_OP_BIT(23) - /* - * Switches off automatic TLSv1.3 anti-replay protection for early data. - * This is a server-side option only (no effect on the client). - */ -# define SSL_OP_NO_ANTI_REPLAY SSL_OP_BIT(24) -# define SSL_OP_NO_SSLv3 SSL_OP_BIT(25) -# define SSL_OP_NO_TLSv1 SSL_OP_BIT(26) -# define SSL_OP_NO_TLSv1_2 SSL_OP_BIT(27) -# define SSL_OP_NO_TLSv1_1 SSL_OP_BIT(28) -# define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29) -# define SSL_OP_NO_DTLSv1 SSL_OP_BIT(26) -# define SSL_OP_NO_DTLSv1_2 SSL_OP_BIT(27) - /* Disallow all renegotiation */ -# define SSL_OP_NO_RENEGOTIATION SSL_OP_BIT(30) - /* - * Make server add server-hello extension from early version of - * cryptopro draft, when GOST ciphersuite is negotiated. Required for - * interoperability with CryptoPro CSP 3.x - */ -# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) +/* Disable Extended master secret */ +#define SSL_OP_NO_EXTENDED_MASTER_SECRET SSL_OP_BIT(0) +/* Cleanse plaintext copies of data delivered to the application */ +#define SSL_OP_CLEANSE_PLAINTEXT SSL_OP_BIT(1) +/* Allow initial connection to servers that don't support RI */ +#define SSL_OP_LEGACY_SERVER_CONNECT SSL_OP_BIT(2) +/* Enable support for Kernel TLS */ +#define SSL_OP_ENABLE_KTLS SSL_OP_BIT(3) +#define SSL_OP_TLSEXT_PADDING SSL_OP_BIT(4) +#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG SSL_OP_BIT(6) +#define SSL_OP_IGNORE_UNEXPECTED_EOF SSL_OP_BIT(7) +#define SSL_OP_ALLOW_CLIENT_RENEGOTIATION SSL_OP_BIT(8) +#define SSL_OP_DISABLE_TLSEXT_CA_NAMES SSL_OP_BIT(9) +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +#define SSL_OP_ALLOW_NO_DHE_KEX SSL_OP_BIT(10) +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it + * in SSL_OP_ALL. Added in 0.9.6e + */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_BIT(11) +/* DTLS options */ +#define SSL_OP_NO_QUERY_MTU SSL_OP_BIT(12) +/* Turn on Cookie Exchange (on relevant for servers) */ +#define SSL_OP_COOKIE_EXCHANGE SSL_OP_BIT(13) +/* Don't use RFC4507 ticket extension */ +#define SSL_OP_NO_TICKET SSL_OP_BIT(14) +#ifndef OPENSSL_NO_DTLS1_METHOD +/* + * Use Cisco's version identifier of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) + */ +#define SSL_OP_CISCO_ANYCONNECT SSL_OP_BIT(15) +#endif +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_BIT(16) +/* Don't use compression even if supported */ +#define SSL_OP_NO_COMPRESSION SSL_OP_BIT(17) +/* Permit unsafe legacy renegotiation */ +#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_BIT(18) +/* Disable encrypt-then-mac */ +#define SSL_OP_NO_ENCRYPT_THEN_MAC SSL_OP_BIT(19) +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future + * version of OpenSSL may have this disabled by default. + */ +#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT SSL_OP_BIT(20) +/* + * Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE + */ +#define SSL_OP_PRIORITIZE_CHACHA SSL_OP_BIT(21) +/* + * Set on servers to choose the cipher according to server's preferences. + */ +#define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_BIT(22) +/* + * If set, a server will allow a client to issue a SSLv3.0 version + * number as latest version supported in the premaster secret, even when + * TLSv1.0 (version 3.1) was announced in the client hello. Normally + * this is forbidden to prevent version rollback attacks. + */ +#define SSL_OP_TLS_ROLLBACK_BUG SSL_OP_BIT(23) +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. + * This is a server-side option only (no effect on the client). + */ +#define SSL_OP_NO_ANTI_REPLAY SSL_OP_BIT(24) +#define SSL_OP_NO_SSLv3 SSL_OP_BIT(25) +#define SSL_OP_NO_TLSv1 SSL_OP_BIT(26) +#define SSL_OP_NO_TLSv1_2 SSL_OP_BIT(27) +#define SSL_OP_NO_TLSv1_1 SSL_OP_BIT(28) +#define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29) +#define SSL_OP_NO_DTLSv1 SSL_OP_BIT(26) +#define SSL_OP_NO_DTLSv1_2 SSL_OP_BIT(27) +/* Disallow all renegotiation */ +#define SSL_OP_NO_RENEGOTIATION SSL_OP_BIT(30) +/* + * Make server add server-hello extension from early version of + * cryptopro draft, when GOST ciphersuite is negotiated. Required for + * interoperability with CryptoPro CSP 3.x + */ +#define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) /* * Option "collections." */ -# define SSL_OP_NO_SSL_MASK \ - ( SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 \ - | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3 ) -# define SSL_OP_NO_DTLS_MASK \ - ( SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 ) +#define SSL_OP_NO_SSL_MASK \ + (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 \ + | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3) +#define SSL_OP_NO_DTLS_MASK \ + (SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2) /* Various bug workarounds that should be rather harmless. */ -# define SSL_OP_ALL \ - ( SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS \ - | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG ) +#define SSL_OP_ALL \ + (SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS \ + | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG) /* * OBSOLETE OPTIONS retained for compatibility */ -# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 -# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 -# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 -# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 -# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 -# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 -# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 -# define SSL_OP_TLS_D5_BUG 0x0 -# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 -# define SSL_OP_SINGLE_ECDH_USE 0x0 -# define SSL_OP_SINGLE_DH_USE 0x0 -# define SSL_OP_EPHEMERAL_RSA 0x0 -# define SSL_OP_NO_SSLv2 0x0 -# define SSL_OP_PKCS1_CHECK_1 0x0 -# define SSL_OP_PKCS1_CHECK_2 0x0 -# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 -# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 +#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +#define SSL_OP_TLS_D5_BUG 0x0 +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +#define SSL_OP_SINGLE_ECDH_USE 0x0 +#define SSL_OP_SINGLE_DH_USE 0x0 +#define SSL_OP_EPHEMERAL_RSA 0x0 +#define SSL_OP_NO_SSLv2 0x0 +#define SSL_OP_PKCS1_CHECK_1 0x0 +#define SSL_OP_PKCS1_CHECK_2 0x0 +#define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 /* * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ -# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U /* * Make it possible to retry SSL_write() with changed buffer location (buffer * contents must stay the same!); this is not the default to avoid the * misconception that non-blocking SSL_write() behaves like non-blocking * write(): */ -# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U /* * Never bother the application with retries if the transport is blocking: */ -# define SSL_MODE_AUTO_RETRY 0x00000004U +#define SSL_MODE_AUTO_RETRY 0x00000004U /* Don't attempt to automatically build certificate chain */ -# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008U /* * Save RAM by releasing read and write buffers when they're empty. (SSL3 and * TLS only.) Released buffers are freed. */ -# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +#define SSL_MODE_RELEASE_BUFFERS 0x00000010U /* * Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations * that require it. */ -# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U -# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U /* * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications * that reconnect with a downgraded protocol version; see @@ -505,11 +507,11 @@ * fallback retries, following the guidance in * draft-ietf-tls-downgrade-scsv-00. */ -# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U /* * Support Asynchronous operation */ -# define SSL_MODE_ASYNC 0x00000100U +#define SSL_MODE_ASYNC 0x00000100U /* * When using DTLS/SCTP, include the terminating zero in the label @@ -522,76 +524,76 @@ * - OpenSSL 1.1.0 series * - OpenSSL 1.1.1 and 1.1.1a */ -# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U +#define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U /* Cert related flags */ /* * Many implementations ignore some aspects of the TLS standards such as * enforcing certificate chain algorithms. When this is set we enforce them. */ -# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U +#define SSL_CERT_FLAG_TLS_STRICT 0x00000001U /* Suite B modes, takes same values as certificate verify flags */ -# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +#define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 /* Suite B 192 bit only mode */ -# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +#define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 /* Suite B 128 bit mode allowing 192 bit algorithms */ -# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 +#define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 /* Perform all sorts of protocol violations for testing purposes */ -# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 +#define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 /* Flags for building certificate chains */ /* Treat any existing certificates as untrusted CAs */ -# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 /* Don't include root CA in chain */ -# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +#define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 /* Just check certificates already there */ -# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +#define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 /* Ignore verification errors */ -# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 /* Clear verification errors from queue */ -# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 +#define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 /* Flags returned by SSL_check_chain */ /* Certificate can be used with this session */ -# define CERT_PKEY_VALID 0x1 +#define CERT_PKEY_VALID 0x1 /* Certificate can also be used for signing */ -# define CERT_PKEY_SIGN 0x2 +#define CERT_PKEY_SIGN 0x2 /* EE certificate signing algorithm OK */ -# define CERT_PKEY_EE_SIGNATURE 0x10 +#define CERT_PKEY_EE_SIGNATURE 0x10 /* CA signature algorithms OK */ -# define CERT_PKEY_CA_SIGNATURE 0x20 +#define CERT_PKEY_CA_SIGNATURE 0x20 /* EE certificate parameters OK */ -# define CERT_PKEY_EE_PARAM 0x40 +#define CERT_PKEY_EE_PARAM 0x40 /* CA certificate parameters OK */ -# define CERT_PKEY_CA_PARAM 0x80 +#define CERT_PKEY_CA_PARAM 0x80 /* Signing explicitly allowed as opposed to SHA1 fallback */ -# define CERT_PKEY_EXPLICIT_SIGN 0x100 +#define CERT_PKEY_EXPLICIT_SIGN 0x100 /* Client CA issuer names match (always set for server cert) */ -# define CERT_PKEY_ISSUER_NAME 0x200 +#define CERT_PKEY_ISSUER_NAME 0x200 /* Cert type matches client types (always set for server cert) */ -# define CERT_PKEY_CERT_TYPE 0x400 +#define CERT_PKEY_CERT_TYPE 0x400 /* Cert chain suitable to Suite B */ -# define CERT_PKEY_SUITEB 0x800 - -# define SSL_CONF_FLAG_CMDLINE 0x1 -# define SSL_CONF_FLAG_FILE 0x2 -# define SSL_CONF_FLAG_CLIENT 0x4 -# define SSL_CONF_FLAG_SERVER 0x8 -# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 -# define SSL_CONF_FLAG_CERTIFICATE 0x20 -# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +#define CERT_PKEY_SUITEB 0x800 + +#define SSL_CONF_FLAG_CMDLINE 0x1 +#define SSL_CONF_FLAG_FILE 0x2 +#define SSL_CONF_FLAG_CLIENT 0x4 +#define SSL_CONF_FLAG_SERVER 0x8 +#define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +#define SSL_CONF_FLAG_CERTIFICATE 0x20 +#define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 /* Configuration value types */ -# define SSL_CONF_TYPE_UNKNOWN 0x0 -# define SSL_CONF_TYPE_STRING 0x1 -# define SSL_CONF_TYPE_FILE 0x2 -# define SSL_CONF_TYPE_DIR 0x3 -# define SSL_CONF_TYPE_NONE 0x4 -# define SSL_CONF_TYPE_STORE 0x5 +#define SSL_CONF_TYPE_UNKNOWN 0x0 +#define SSL_CONF_TYPE_STRING 0x1 +#define SSL_CONF_TYPE_FILE 0x2 +#define SSL_CONF_TYPE_DIR 0x3 +#define SSL_CONF_TYPE_NONE 0x4 +#define SSL_CONF_TYPE_STORE 0x5 /* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ -# define SSL_COOKIE_LENGTH 4096 +#define SSL_COOKIE_LENGTH 4096 /* * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they @@ -605,68 +607,68 @@ uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op); uint64_t SSL_set_options(SSL *s, uint64_t op); -# define SSL_CTX_set_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) -# define SSL_CTX_clear_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) -# define SSL_CTX_get_mode(ctx) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) -# define SSL_clear_mode(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) -# define SSL_set_mode(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) -# define SSL_get_mode(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) -# define SSL_set_mtu(ssl, mtu) \ - SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) -# define DTLS_set_link_mtu(ssl, mtu) \ - SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) -# define DTLS_get_link_min_mtu(ssl) \ - SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) - -# define SSL_get_secure_renegotiation_support(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) - -# define SSL_CTX_set_cert_flags(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) -# define SSL_set_cert_flags(s,op) \ - SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) -# define SSL_CTX_clear_cert_flags(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) -# define SSL_clear_cert_flags(s,op) \ - SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +#define SSL_CTX_set_mode(ctx, op) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, (op), NULL) +#define SSL_CTX_clear_mode(ctx, op) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_MODE, (op), NULL) +#define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, 0, NULL) +#define SSL_clear_mode(ssl, op) \ + SSL_ctrl((ssl), SSL_CTRL_CLEAR_MODE, (op), NULL) +#define SSL_set_mode(ssl, op) \ + SSL_ctrl((ssl), SSL_CTRL_MODE, (op), NULL) +#define SSL_get_mode(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_MODE, 0, NULL) +#define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl), SSL_CTRL_SET_MTU, (mtu), NULL) +#define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl), DTLS_CTRL_SET_LINK_MTU, (mtu), NULL) +#define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl), DTLS_CTRL_GET_LINK_MIN_MTU, 0, NULL) + +#define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +#define SSL_CTX_set_cert_flags(ctx, op) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_CERT_FLAGS, (op), NULL) +#define SSL_set_cert_flags(s, op) \ + SSL_ctrl((s), SSL_CTRL_CERT_FLAGS, (op), NULL) +#define SSL_CTX_clear_cert_flags(ctx, op) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL) +#define SSL_clear_cert_flags(s, op) \ + SSL_ctrl((s), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL) void SSL_CTX_set_msg_callback(SSL_CTX *ctx, - void (*cb) (int write_p, int version, - int content_type, const void *buf, - size_t len, SSL *ssl, void *arg)); + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); void SSL_set_msg_callback(SSL *ssl, - void (*cb) (int write_p, int version, - int content_type, const void *buf, - size_t len, SSL *ssl, void *arg)); -# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -# define SSL_get_extms_support(s) \ - SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) +#define SSL_get_extms_support(s) \ + SSL_ctrl((s), SSL_CTRL_GET_EXTMS_SUPPORT, 0, NULL) -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP /* see tls_srp.c */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_SRP_CTX_init(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int SSL_SRP_CTX_free(SSL *ctx); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); OSSL_DEPRECATEDIN_3_0 __owur int SSL_srp_server_param_with_username(SSL *s, - int *ad); + int *ad); OSSL_DEPRECATEDIN_3_0 __owur int SRP_Calc_A_param(SSL *s); -# endif -# endif +#endif +#endif /* 100k max cert list */ -# define SSL_MAX_CERT_LIST_DEFAULT (1024*100) +#define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100) -# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) +#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024 * 20) /* * This callback type is used inside SSL_CTX, SSL, and in the functions that @@ -680,174 +682,174 @@ * bytes. The callback can alter this length to be less if desired. It is * also an error for the callback to set the size to zero. */ -typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, - unsigned int *id_len); - -# define SSL_SESS_CACHE_OFF 0x0000 -# define SSL_SESS_CACHE_CLIENT 0x0001 -# define SSL_SESS_CACHE_SERVER 0x0002 -# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) -# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, + unsigned int *id_len); + +#define SSL_SESS_CACHE_OFF 0x0000 +#define SSL_SESS_CACHE_CLIENT 0x0001 +#define SSL_SESS_CACHE_SERVER 0x0002 +#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER) +#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ -# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 -# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 -# define SSL_SESS_CACHE_NO_INTERNAL \ - (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) -# define SSL_SESS_CACHE_UPDATE_TIME 0x0400 +#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE) +#define SSL_SESS_CACHE_UPDATE_TIME 0x0400 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); -# define SSL_CTX_sess_number(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) -# define SSL_CTX_sess_connect(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) -# define SSL_CTX_sess_connect_good(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) -# define SSL_CTX_sess_connect_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) -# define SSL_CTX_sess_accept(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) -# define SSL_CTX_sess_accept_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) -# define SSL_CTX_sess_accept_good(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) -# define SSL_CTX_sess_hits(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) -# define SSL_CTX_sess_cb_hits(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) -# define SSL_CTX_sess_misses(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) -# define SSL_CTX_sess_timeouts(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) -# define SSL_CTX_sess_cache_full(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) +#define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_NUMBER, 0, NULL) +#define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT, 0, NULL) +#define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_GOOD, 0, NULL) +#define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_RENEGOTIATE, 0, NULL) +#define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT, 0, NULL) +#define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_RENEGOTIATE, 0, NULL) +#define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_GOOD, 0, NULL) +#define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_HIT, 0, NULL) +#define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CB_HIT, 0, NULL) +#define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_MISSES, 0, NULL) +#define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_TIMEOUTS, 0, NULL) +#define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CACHE_FULL, 0, NULL) void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*new_session_cb) (struct ssl_st *ssl, - SSL_SESSION *sess)); -int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, - SSL_SESSION *sess); + int (*new_session_cb)(struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + SSL_SESSION *sess); void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*remove_session_cb) (struct ssl_ctx_st - *ctx, - SSL_SESSION *sess)); -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, - SSL_SESSION *sess); + void (*remove_session_cb)(struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, + SSL_SESSION *sess); void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*get_session_cb) (struct ssl_st - *ssl, - const unsigned char - *data, int len, - int *copy)); -SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, - const unsigned char *data, - int len, int *copy); + SSL_SESSION *(*get_session_cb)(struct ssl_st + *ssl, + const unsigned char + *data, + int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb) (const SSL *ssl, int type, int val)); -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, - int val); + void (*cb)(const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, + int val); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*client_cert_cb) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey)); -int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey); -# ifndef OPENSSL_NO_ENGINE + int (*client_cert_cb)(SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +#ifndef OPENSSL_NO_ENGINE __owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); -# endif +#endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*app_gen_cookie_cb) (SSL *ssl, - unsigned char - *cookie, - unsigned int - *cookie_len)); + int (*app_gen_cookie_cb)(SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*app_verify_cookie_cb) (SSL *ssl, - const unsigned - char *cookie, - unsigned int - cookie_len)); + int (*app_verify_cookie_cb)(SSL *ssl, + const unsigned char *cookie, + unsigned int + cookie_len)); void SSL_CTX_set_stateless_cookie_generate_cb( SSL_CTX *ctx, - int (*gen_stateless_cookie_cb) (SSL *ssl, - unsigned char *cookie, - size_t *cookie_len)); + int (*gen_stateless_cookie_cb)(SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); void SSL_CTX_set_stateless_cookie_verify_cb( SSL_CTX *ctx, - int (*verify_stateless_cookie_cb) (SSL *ssl, - const unsigned char *cookie, - size_t cookie_len)); -# ifndef OPENSSL_NO_NEXTPROTONEG + int (*verify_stateless_cookie_cb)(SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +#ifndef OPENSSL_NO_NEXTPROTONEG typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, - const unsigned char **out, - unsigned int *outlen, - void *arg); + const unsigned char **out, + unsigned int *outlen, + void *arg); void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, - SSL_CTX_npn_advertised_cb_func cb, - void *arg); -# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +#define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg); + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, - SSL_CTX_npn_select_cb_func cb, - void *arg); -# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + SSL_CTX_npn_select_cb_func cb, + void *arg); +#define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned *len); -# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated -# endif + unsigned *len); +#define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +#endif __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, - unsigned int client_len); + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); -# define OPENSSL_NPN_UNSUPPORTED 0 -# define OPENSSL_NPN_NEGOTIATED 1 -# define OPENSSL_NPN_NO_OVERLAP 2 +#define OPENSSL_NPN_UNSUPPORTED 0 +#define OPENSSL_NPN_NEGOTIATED 1 +#define OPENSSL_NPN_NO_OVERLAP 2 __owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, - unsigned int protos_len); + unsigned int protos_len); __owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, - unsigned int protos_len); + unsigned int protos_len); typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg); + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - SSL_CTX_alpn_select_cb_func cb, - void *arg); + SSL_CTX_alpn_select_cb_func cb, + void *arg); void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len); + unsigned int *len); -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK /* * the maximum length of the buffer given to callbacks containing the * resulting identity/psk */ -# define PSK_MAX_IDENTITY_LEN 256 -# define PSK_MAX_PSK_LEN 512 +#define PSK_MAX_IDENTITY_LEN 256 +#define PSK_MAX_PSK_LEN 512 typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, - const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, - const char *identity, - unsigned char *psk, - unsigned int max_psk_len); + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); @@ -855,78 +857,78 @@ __owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); const char *SSL_get_psk_identity_hint(const SSL *s); const char *SSL_get_psk_identity(const SSL *s); -# endif +#endif typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, - const unsigned char *identity, - size_t identity_len, - SSL_SESSION **sess); + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, - const unsigned char **id, - size_t *idlen, - SSL_SESSION **sess); + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, - SSL_psk_find_session_cb_func cb); + SSL_psk_find_session_cb_func cb); void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, - SSL_psk_use_session_cb_func cb); + SSL_psk_use_session_cb_func cb); /* Register callbacks to handle custom TLS Extensions for client or server. */ __owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, - unsigned int ext_type); + unsigned int ext_type); __owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, - unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, - unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); __owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, - void *parse_arg); + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); __owur int SSL_extension_supported(unsigned int ext_type); -# define SSL_NOTHING 1 -# define SSL_WRITING 2 -# define SSL_READING 3 -# define SSL_X509_LOOKUP 4 -# define SSL_ASYNC_PAUSED 5 -# define SSL_ASYNC_NO_JOBS 6 -# define SSL_CLIENT_HELLO_CB 7 -# define SSL_RETRY_VERIFY 8 +#define SSL_NOTHING 1 +#define SSL_WRITING 2 +#define SSL_READING 3 +#define SSL_X509_LOOKUP 4 +#define SSL_ASYNC_PAUSED 5 +#define SSL_ASYNC_NO_JOBS 6 +#define SSL_CLIENT_HELLO_CB 7 +#define SSL_RETRY_VERIFY 8 /* These will only be used when doing non-blocking IO */ -# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) -# define SSL_want_read(s) (SSL_want(s) == SSL_READING) -# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) -# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) -# define SSL_want_retry_verify(s) (SSL_want(s) == SSL_RETRY_VERIFY) -# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) -# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) -# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) - -# define SSL_MAC_FLAG_READ_MAC_STREAM 1 -# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 -# define SSL_MAC_FLAG_READ_MAC_TLSTREE 4 -# define SSL_MAC_FLAG_WRITE_MAC_TLSTREE 8 +#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +#define SSL_want_read(s) (SSL_want(s) == SSL_READING) +#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +#define SSL_want_retry_verify(s) (SSL_want(s) == SSL_RETRY_VERIFY) +#define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +#define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +#define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +#define SSL_MAC_FLAG_READ_MAC_STREAM 1 +#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 +#define SSL_MAC_FLAG_READ_MAC_TLSTREE 4 +#define SSL_MAC_FLAG_WRITE_MAC_TLSTREE 8 /* * A callback for logging out TLS key material. This callback should log out @@ -960,13 +962,13 @@ } #endif -# include -# include -# include /* This is mostly sslv3 with a few tweaks */ -# include /* Datagram TLS */ -# include /* Support for the use_srtp extension */ +#include +#include +#include /* This is mostly sslv3 with a few tweaks */ +#include /* Datagram TLS */ +#include /* Support for the use_srtp extension */ -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -974,6 +976,7 @@ * These need to be after the above set of includes due to a compiler bug * in VisualStudio 2015 */ +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(SSL_CIPHER, const SSL_CIPHER, SSL_CIPHER) #define sk_SSL_CIPHER_num(sk) OPENSSL_sk_num(ossl_check_const_SSL_CIPHER_sk_type(sk)) #define sk_SSL_CIPHER_value(sk, idx) ((const SSL_CIPHER *)OPENSSL_sk_value(ossl_check_const_SSL_CIPHER_sk_type(sk), (idx))) @@ -1027,26 +1030,27 @@ #define sk_SSL_COMP_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SSL_COMP) *)OPENSSL_sk_deep_copy(ossl_check_const_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_copyfunc_type(copyfunc), ossl_check_SSL_COMP_freefunc_type(freefunc))) #define sk_SSL_COMP_set_cmp_func(sk, cmp) ((sk_SSL_COMP_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SSL_COMP_sk_type(sk), ossl_check_SSL_COMP_compfunc_type(cmp))) +/* clang-format on */ /* compatibility */ -# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) -# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) -# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ - (char *)(a))) -# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) -# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) -# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ - (char *)(arg))) -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)(arg))) +#define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) +#define SSL_SESSION_set_app_data(s, a) (SSL_SESSION_set_ex_data(s, 0, \ + (char *)(a))) +#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s, 0)) +#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx, 0)) +#define SSL_CTX_set_app_data(ctx, arg) (SSL_CTX_set_ex_data(ctx, 0, \ + (char *)(arg))) +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 void SSL_set_debug(SSL *s, int debug); -# endif +#endif /* TLSv1.3 KeyUpdate message types */ /* -1 used so that this is an invalid value for the on-the-wire protocol */ -#define SSL_KEY_UPDATE_NONE -1 +#define SSL_KEY_UPDATE_NONE -1 /* Values as defined for the on-the-wire protocol */ -#define SSL_KEY_UPDATE_NOT_REQUESTED 0 -#define SSL_KEY_UPDATE_REQUESTED 1 +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 /* * The valid handshake states (one for each type message sent and one for each @@ -1121,28 +1125,28 @@ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. */ -# define SSL_ST_CONNECT 0x1000 -# define SSL_ST_ACCEPT 0x2000 - -# define SSL_ST_MASK 0x0FFF - -# define SSL_CB_LOOP 0x01 -# define SSL_CB_EXIT 0x02 -# define SSL_CB_READ 0x04 -# define SSL_CB_WRITE 0x08 -# define SSL_CB_ALERT 0x4000/* used in callback */ -# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) -# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) -# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) -# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) -# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) -# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) -# define SSL_CB_HANDSHAKE_START 0x10 -# define SSL_CB_HANDSHAKE_DONE 0x20 +#define SSL_ST_CONNECT 0x1000 +#define SSL_ST_ACCEPT 0x2000 + +#define SSL_ST_MASK 0x0FFF + +#define SSL_CB_LOOP 0x01 +#define SSL_CB_EXIT 0x02 +#define SSL_CB_READ 0x04 +#define SSL_CB_WRITE 0x08 +#define SSL_CB_ALERT 0x4000 /* used in callback */ +#define SSL_CB_READ_ALERT (SSL_CB_ALERT | SSL_CB_READ) +#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT | SSL_CB_WRITE) +#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT | SSL_CB_LOOP) +#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT | SSL_CB_EXIT) +#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT | SSL_CB_LOOP) +#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT | SSL_CB_EXIT) +#define SSL_CB_HANDSHAKE_START 0x10 +#define SSL_CB_HANDSHAKE_DONE 0x20 /* Is the SSL_connection established? */ -# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) -# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +#define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +#define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) int SSL_in_init(const SSL *s); int SSL_in_before(const SSL *s); int SSL_is_init_finished(const SSL *s); @@ -1151,9 +1155,9 @@ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you * should not need these */ -# define SSL_ST_READ_HEADER 0xF0 -# define SSL_ST_READ_BODY 0xF1 -# define SSL_ST_READ_DONE 0xF2 +#define SSL_ST_READ_HEADER 0xF0 +#define SSL_ST_READ_BODY 0xF1 +#define SSL_ST_READ_DONE 0xF2 /*- * Obtain latest Finished message @@ -1168,394 +1172,394 @@ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are * 'ored' with SSL_VERIFY_PEER if they are desired */ -# define SSL_VERIFY_NONE 0x00 -# define SSL_VERIFY_PEER 0x01 -# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -# define SSL_VERIFY_CLIENT_ONCE 0x04 -# define SSL_VERIFY_POST_HANDSHAKE 0x08 - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define OpenSSL_add_ssl_algorithms() SSL_library_init() -# define SSLeay_add_ssl_algorithms() SSL_library_init() -# endif +#define SSL_VERIFY_NONE 0x00 +#define SSL_VERIFY_PEER 0x01 +#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +#define SSL_VERIFY_CLIENT_ONCE 0x04 +#define SSL_VERIFY_POST_HANDSHAKE 0x08 + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define OpenSSL_add_ssl_algorithms() SSL_library_init() +#define SSLeay_add_ssl_algorithms() SSL_library_init() +#endif /* More backward compatibility */ -# define SSL_get_cipher(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -# define SSL_get_cipher_bits(s,np) \ - SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -# define SSL_get_cipher_version(s) \ - SSL_CIPHER_get_version(SSL_get_current_cipher(s)) -# define SSL_get_cipher_name(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -# define SSL_get_time(a) SSL_SESSION_get_time(a) -# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) -# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) -# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) - -# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) -# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) +#define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_cipher_bits(s, np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s), np) +#define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +#define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_time(a) SSL_SESSION_get_time(a) +#define SSL_set_time(a, b) SSL_SESSION_set_time((a), (b)) +#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +#define SSL_set_timeout(a, b) SSL_SESSION_set_timeout((a), (b)) + +#define d2i_SSL_SESSION_bio(bp, s_id) ASN1_d2i_bio_of(SSL_SESSION, SSL_SESSION_new, d2i_SSL_SESSION, bp, s_id) +#define i2d_SSL_SESSION_bio(bp, s_id) ASN1_i2d_bio_of(SSL_SESSION, i2d_SSL_SESSION, bp, s_id) DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) -# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value - * from SSL_AD_... */ +#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value \ + * from SSL_AD_... */ /* These alert types are for SSLv3 and TLSv1 */ -# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY /* fatal */ -# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC -# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED -# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW /* fatal */ -# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE /* fatal */ -# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE /* Not for TLS */ -# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE -# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE -# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE -# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED -# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED -# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN /* fatal */ -# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR -# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR /* fatal */ -# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION /* fatal */ -# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY /* fatal */ -# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR -# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED -# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION -# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION -# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED -# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION -# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE -# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME -# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE -# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +#define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +#define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE /* fatal */ -# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK -# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL -# define SSL_ERROR_NONE 0 -# define SSL_ERROR_SSL 1 -# define SSL_ERROR_WANT_READ 2 -# define SSL_ERROR_WANT_WRITE 3 -# define SSL_ERROR_WANT_X509_LOOKUP 4 -# define SSL_ERROR_SYSCALL 5/* look at error stack/return - * value/errno */ -# define SSL_ERROR_ZERO_RETURN 6 -# define SSL_ERROR_WANT_CONNECT 7 -# define SSL_ERROR_WANT_ACCEPT 8 -# define SSL_ERROR_WANT_ASYNC 9 -# define SSL_ERROR_WANT_ASYNC_JOB 10 -# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 -# define SSL_ERROR_WANT_RETRY_VERIFY 12 - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTRL_SET_TMP_DH 3 -# define SSL_CTRL_SET_TMP_ECDH 4 -# define SSL_CTRL_SET_TMP_DH_CB 6 -# endif - -# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 -# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 -# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 -# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 -# define SSL_CTRL_GET_FLAGS 13 -# define SSL_CTRL_EXTRA_CHAIN_CERT 14 -# define SSL_CTRL_SET_MSG_CALLBACK 15 -# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +#define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +#define SSL_ERROR_NONE 0 +#define SSL_ERROR_SSL 1 +#define SSL_ERROR_WANT_READ 2 +#define SSL_ERROR_WANT_WRITE 3 +#define SSL_ERROR_WANT_X509_LOOKUP 4 +#define SSL_ERROR_SYSCALL 5 /* look at error stack/return \ + * value/errno */ +#define SSL_ERROR_ZERO_RETURN 6 +#define SSL_ERROR_WANT_CONNECT 7 +#define SSL_ERROR_WANT_ACCEPT 8 +#define SSL_ERROR_WANT_ASYNC 9 +#define SSL_ERROR_WANT_ASYNC_JOB 10 +#define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +#define SSL_ERROR_WANT_RETRY_VERIFY 12 + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TMP_ECDH 4 +#define SSL_CTRL_SET_TMP_DH_CB 6 +#endif + +#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +#define SSL_CTRL_GET_FLAGS 13 +#define SSL_CTRL_EXTRA_CHAIN_CERT 14 +#define SSL_CTRL_SET_MSG_CALLBACK 15 +#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 /* only applies to datagram connections */ -# define SSL_CTRL_SET_MTU 17 +#define SSL_CTRL_SET_MTU 17 /* Stats */ -# define SSL_CTRL_SESS_NUMBER 20 -# define SSL_CTRL_SESS_CONNECT 21 -# define SSL_CTRL_SESS_CONNECT_GOOD 22 -# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 -# define SSL_CTRL_SESS_ACCEPT 24 -# define SSL_CTRL_SESS_ACCEPT_GOOD 25 -# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 -# define SSL_CTRL_SESS_HIT 27 -# define SSL_CTRL_SESS_CB_HIT 28 -# define SSL_CTRL_SESS_MISSES 29 -# define SSL_CTRL_SESS_TIMEOUTS 30 -# define SSL_CTRL_SESS_CACHE_FULL 31 -# define SSL_CTRL_MODE 33 -# define SSL_CTRL_GET_READ_AHEAD 40 -# define SSL_CTRL_SET_READ_AHEAD 41 -# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 -# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 -# define SSL_CTRL_SET_SESS_CACHE_MODE 44 -# define SSL_CTRL_GET_SESS_CACHE_MODE 45 -# define SSL_CTRL_GET_MAX_CERT_LIST 50 -# define SSL_CTRL_SET_MAX_CERT_LIST 51 -# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +#define SSL_CTRL_SESS_NUMBER 20 +#define SSL_CTRL_SESS_CONNECT 21 +#define SSL_CTRL_SESS_CONNECT_GOOD 22 +#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +#define SSL_CTRL_SESS_ACCEPT 24 +#define SSL_CTRL_SESS_ACCEPT_GOOD 25 +#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +#define SSL_CTRL_SESS_HIT 27 +#define SSL_CTRL_SESS_CB_HIT 28 +#define SSL_CTRL_SESS_MISSES 29 +#define SSL_CTRL_SESS_TIMEOUTS 30 +#define SSL_CTRL_SESS_CACHE_FULL 31 +#define SSL_CTRL_MODE 33 +#define SSL_CTRL_GET_READ_AHEAD 40 +#define SSL_CTRL_SET_READ_AHEAD 41 +#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +#define SSL_CTRL_SET_SESS_CACHE_MODE 44 +#define SSL_CTRL_GET_SESS_CACHE_MODE 45 +#define SSL_CTRL_GET_MAX_CERT_LIST 50 +#define SSL_CTRL_SET_MAX_CERT_LIST 51 +#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 /* see tls1.h for macros based on these */ -# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 -# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 -# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 -# endif -# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 -# define SSL_CTRL_SET_SRP_ARG 78 -# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 -# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 -# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -# define DTLS_CTRL_GET_TIMEOUT 73 -# define DTLS_CTRL_HANDLE_TIMEOUT 74 -# define SSL_CTRL_GET_RI_SUPPORT 76 -# define SSL_CTRL_CLEAR_MODE 78 -# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 -# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 -# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 -# define SSL_CTRL_CHAIN 88 -# define SSL_CTRL_CHAIN_CERT 89 -# define SSL_CTRL_GET_GROUPS 90 -# define SSL_CTRL_SET_GROUPS 91 -# define SSL_CTRL_SET_GROUPS_LIST 92 -# define SSL_CTRL_GET_SHARED_GROUP 93 -# define SSL_CTRL_SET_SIGALGS 97 -# define SSL_CTRL_SET_SIGALGS_LIST 98 -# define SSL_CTRL_CERT_FLAGS 99 -# define SSL_CTRL_CLEAR_CERT_FLAGS 100 -# define SSL_CTRL_SET_CLIENT_SIGALGS 101 -# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 -# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 -# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 -# define SSL_CTRL_BUILD_CERT_CHAIN 105 -# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 -# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 -# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 -# define SSL_CTRL_GET_PEER_TMP_KEY 109 -# define SSL_CTRL_GET_RAW_CIPHERLIST 110 -# define SSL_CTRL_GET_EC_POINT_FORMATS 111 -# define SSL_CTRL_GET_CHAIN_CERTS 115 -# define SSL_CTRL_SELECT_CURRENT_CERT 116 -# define SSL_CTRL_SET_CURRENT_CERT 117 -# define SSL_CTRL_SET_DH_AUTO 118 -# define DTLS_CTRL_SET_LINK_MTU 120 -# define DTLS_CTRL_GET_LINK_MIN_MTU 121 -# define SSL_CTRL_GET_EXTMS_SUPPORT 122 -# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 -# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 -# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 -# define SSL_CTRL_SET_MAX_PIPELINES 126 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 -# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 -# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 -# define SSL_CTRL_GET_SIGNATURE_NID 132 -# define SSL_CTRL_GET_TMP_KEY 133 -# define SSL_CTRL_GET_NEGOTIATED_GROUP 134 -# define SSL_CTRL_SET_RETRY_VERIFY 136 -# define SSL_CTRL_GET_VERIFY_CERT_STORE 137 -# define SSL_CTRL_GET_CHAIN_CERT_STORE 138 -# define SSL_CERT_SET_FIRST 1 -# define SSL_CERT_SET_NEXT 2 -# define SSL_CERT_SET_SERVER 3 -# define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) -# define DTLSv1_handle_timeout(ssl) \ - SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) -# define SSL_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) -# define SSL_clear_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) -# define SSL_total_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTX_set_tmp_dh(ctx,dh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# endif -# define SSL_CTX_set_dh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -# define SSL_set_dh_auto(s, onoff) \ - SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_set_tmp_dh(ssl,dh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) -# define SSL_set_tmp_ecdh(ssl,ecdh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) -# endif -# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) -# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) -# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) -# define SSL_CTX_clear_extra_chain_certs(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) -# define SSL_CTX_set0_chain(ctx,sk) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) -# define SSL_CTX_set1_chain(ctx,sk) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) -# define SSL_CTX_add0_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) -# define SSL_CTX_add1_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) -# define SSL_CTX_get0_chain_certs(ctx,px509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) -# define SSL_CTX_clear_chain_certs(ctx) \ - SSL_CTX_set0_chain(ctx,NULL) -# define SSL_CTX_build_cert_chain(ctx, flags) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) -# define SSL_CTX_select_current_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) -# define SSL_CTX_set_current_cert(ctx, op) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) -# define SSL_CTX_set0_verify_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) -# define SSL_CTX_set1_verify_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) -# define SSL_CTX_get0_verify_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) -# define SSL_CTX_set0_chain_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) -# define SSL_CTX_set1_chain_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) -# define SSL_CTX_get0_chain_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) -# define SSL_set0_chain(s,sk) \ - SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) -# define SSL_set1_chain(s,sk) \ - SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) -# define SSL_add0_chain_cert(s,x509) \ - SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) -# define SSL_add1_chain_cert(s,x509) \ - SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) -# define SSL_get0_chain_certs(s,px509) \ - SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) -# define SSL_clear_chain_certs(s) \ - SSL_set0_chain(s,NULL) -# define SSL_build_cert_chain(s, flags) \ - SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) -# define SSL_select_current_cert(s,x509) \ - SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) -# define SSL_set_current_cert(s,op) \ - SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) -# define SSL_set0_verify_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) -# define SSL_set1_verify_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) -#define SSL_get0_verify_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) -# define SSL_set0_chain_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) -# define SSL_set1_chain_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) -#define SSL_get0_chain_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) - -# define SSL_get1_groups(s, glist) \ - SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) -# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) -# define SSL_CTX_set1_groups_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) -# define SSL_set1_groups(s, glist, glistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) -# define SSL_set1_groups_list(s, str) \ - SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) -# define SSL_get_shared_group(s, n) \ - SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) -# define SSL_get_negotiated_group(s) \ - SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL) -# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) -# define SSL_CTX_set1_sigalgs_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) -# define SSL_set1_sigalgs(s, slist, slistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) -# define SSL_set1_sigalgs_list(s, str) \ - SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) -# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) -# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) -# define SSL_set1_client_sigalgs(s, slist, slistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) -# define SSL_set1_client_sigalgs_list(s, str) \ - SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) -# define SSL_get0_certificate_types(s, clist) \ - SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) -# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ - (char *)(clist)) -# define SSL_set1_client_certificate_types(s, clist, clistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) -# define SSL_get_signature_nid(s, pn) \ - SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) -# define SSL_get_peer_signature_nid(s, pn) \ - SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) -# define SSL_get_peer_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) -# define SSL_get_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) -# define SSL_get0_raw_cipherlist(s, plst) \ - SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) -# define SSL_get0_ec_point_formats(s, plst) \ - SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) -# define SSL_CTX_set_min_proto_version(ctx, version) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) -# define SSL_CTX_set_max_proto_version(ctx, version) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -# define SSL_CTX_get_min_proto_version(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) -# define SSL_CTX_get_max_proto_version(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) -# define SSL_set_min_proto_version(s, version) \ - SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) -# define SSL_set_max_proto_version(s, version) \ - SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -# define SSL_get_min_proto_version(s) \ - SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) -# define SSL_get_max_proto_version(s) \ - SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +#endif +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +#define SSL_CTRL_SET_SRP_ARG 78 +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +#define DTLS_CTRL_GET_TIMEOUT 73 +#define DTLS_CTRL_HANDLE_TIMEOUT 74 +#define SSL_CTRL_GET_RI_SUPPORT 76 +#define SSL_CTRL_CLEAR_MODE 78 +#define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_CHAIN 88 +#define SSL_CTRL_CHAIN_CERT 89 +#define SSL_CTRL_GET_GROUPS 90 +#define SSL_CTRL_SET_GROUPS 91 +#define SSL_CTRL_SET_GROUPS_LIST 92 +#define SSL_CTRL_GET_SHARED_GROUP 93 +#define SSL_CTRL_SET_SIGALGS 97 +#define SSL_CTRL_SET_SIGALGS_LIST 98 +#define SSL_CTRL_CERT_FLAGS 99 +#define SSL_CTRL_CLEAR_CERT_FLAGS 100 +#define SSL_CTRL_SET_CLIENT_SIGALGS 101 +#define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +#define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +#define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +#define SSL_CTRL_BUILD_CERT_CHAIN 105 +#define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +#define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +#define SSL_CTRL_GET_PEER_TMP_KEY 109 +#define SSL_CTRL_GET_RAW_CIPHERLIST 110 +#define SSL_CTRL_GET_EC_POINT_FORMATS 111 +#define SSL_CTRL_GET_CHAIN_CERTS 115 +#define SSL_CTRL_SELECT_CURRENT_CERT 116 +#define SSL_CTRL_SET_CURRENT_CERT 117 +#define SSL_CTRL_SET_DH_AUTO 118 +#define DTLS_CTRL_SET_LINK_MTU 120 +#define DTLS_CTRL_GET_LINK_MIN_MTU 121 +#define SSL_CTRL_GET_EXTMS_SUPPORT 122 +#define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +#define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +#define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +#define SSL_CTRL_SET_MAX_PIPELINES 126 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +#define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +#define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +#define SSL_CTRL_GET_SIGNATURE_NID 132 +#define SSL_CTRL_GET_TMP_KEY 133 +#define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +#define SSL_CTRL_SET_RETRY_VERIFY 136 +#define SSL_CTRL_GET_VERIFY_CERT_STORE 137 +#define SSL_CTRL_GET_CHAIN_CERT_STORE 138 +#define SSL_CERT_SET_FIRST 1 +#define SSL_CERT_SET_NEXT 2 +#define SSL_CERT_SET_SERVER 3 +#define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, (void *)(arg)) +#define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, NULL) +#define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_NUM_RENEGOTIATIONS, 0, NULL) +#define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS, 0, NULL) +#define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_TOTAL_RENEGOTIATIONS, 0, NULL) +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTX_set_tmp_dh(ctx, dh) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, (char *)(dh)) +#endif +#define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_DH_AUTO, onoff, NULL) +#define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s, SSL_CTRL_SET_DH_AUTO, onoff, NULL) +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_set_tmp_dh(ssl, dh) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, (char *)(dh)) +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTX_set_tmp_ecdh(ctx, ecdh) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, (char *)(ecdh)) +#define SSL_set_tmp_ecdh(ssl, ecdh) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, (char *)(ecdh)) +#endif +#define SSL_CTX_add_extra_chain_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)(x509)) +#define SSL_CTX_get_extra_chain_certs(ctx, px509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509) +#define SSL_CTX_get_extra_chain_certs_only(ctx, px509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 1, px509) +#define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL) +#define SSL_CTX_set0_chain(ctx, sk) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CHAIN, 0, (char *)(sk)) +#define SSL_CTX_set1_chain(ctx, sk) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CHAIN, 1, (char *)(sk)) +#define SSL_CTX_add0_chain_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CHAIN_CERT, 0, (char *)(x509)) +#define SSL_CTX_add1_chain_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CHAIN_CERT, 1, (char *)(x509)) +#define SSL_CTX_get0_chain_certs(ctx, px509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_CHAIN_CERTS, 0, px509) +#define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx, NULL) +#define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +#define SSL_CTX_select_current_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SELECT_CURRENT_CERT, 0, (char *)(x509)) +#define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CURRENT_CERT, op, NULL) +#define SSL_CTX_set0_verify_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, (char *)(st)) +#define SSL_CTX_set1_verify_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 1, (char *)(st)) +#define SSL_CTX_get0_verify_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_VERIFY_CERT_STORE, 0, (char *)(st)) +#define SSL_CTX_set0_chain_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CHAIN_CERT_STORE, 0, (char *)(st)) +#define SSL_CTX_set1_chain_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CHAIN_CERT_STORE, 1, (char *)(st)) +#define SSL_CTX_get0_chain_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_CHAIN_CERT_STORE, 0, (char *)(st)) +#define SSL_set0_chain(s, sk) \ + SSL_ctrl(s, SSL_CTRL_CHAIN, 0, (char *)(sk)) +#define SSL_set1_chain(s, sk) \ + SSL_ctrl(s, SSL_CTRL_CHAIN, 1, (char *)(sk)) +#define SSL_add0_chain_cert(s, x509) \ + SSL_ctrl(s, SSL_CTRL_CHAIN_CERT, 0, (char *)(x509)) +#define SSL_add1_chain_cert(s, x509) \ + SSL_ctrl(s, SSL_CTRL_CHAIN_CERT, 1, (char *)(x509)) +#define SSL_get0_chain_certs(s, px509) \ + SSL_ctrl(s, SSL_CTRL_GET_CHAIN_CERTS, 0, px509) +#define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s, NULL) +#define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s, SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +#define SSL_select_current_cert(s, x509) \ + SSL_ctrl(s, SSL_CTRL_SELECT_CURRENT_CERT, 0, (char *)(x509)) +#define SSL_set_current_cert(s, op) \ + SSL_ctrl(s, SSL_CTRL_SET_CURRENT_CERT, op, NULL) +#define SSL_set0_verify_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, (char *)(st)) +#define SSL_set1_verify_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_SET_VERIFY_CERT_STORE, 1, (char *)(st)) +#define SSL_get0_verify_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_GET_VERIFY_CERT_STORE, 0, (char *)(st)) +#define SSL_set0_chain_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_SET_CHAIN_CERT_STORE, 0, (char *)(st)) +#define SSL_set1_chain_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_SET_CHAIN_CERT_STORE, 1, (char *)(st)) +#define SSL_get0_chain_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_GET_CHAIN_CERT_STORE, 0, (char *)(st)) + +#define SSL_get1_groups(s, glist) \ + SSL_ctrl(s, SSL_CTRL_GET_GROUPS, 0, (int *)(glist)) +#define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_GROUPS, glistlen, (int *)(glist)) +#define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_GROUPS_LIST, 0, (char *)(s)) +#define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s, SSL_CTRL_SET_GROUPS, glistlen, (char *)(glist)) +#define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s, SSL_CTRL_SET_GROUPS_LIST, 0, (char *)(str)) +#define SSL_get_shared_group(s, n) \ + SSL_ctrl(s, SSL_CTRL_GET_SHARED_GROUP, n, NULL) +#define SSL_get_negotiated_group(s) \ + SSL_ctrl(s, SSL_CTRL_GET_NEGOTIATED_GROUP, 0, NULL) +#define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SIGALGS, slistlen, (int *)(slist)) +#define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SIGALGS_LIST, 0, (char *)(s)) +#define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s, SSL_CTRL_SET_SIGALGS, slistlen, (int *)(slist)) +#define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s, SSL_CTRL_SET_SIGALGS_LIST, 0, (char *)(str)) +#define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CLIENT_SIGALGS, slistlen, (int *)(slist)) +#define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CLIENT_SIGALGS_LIST, 0, (char *)(s)) +#define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s, SSL_CTRL_SET_CLIENT_SIGALGS, slistlen, (int *)(slist)) +#define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s, SSL_CTRL_SET_CLIENT_SIGALGS_LIST, 0, (char *)(str)) +#define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +#define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CLIENT_CERT_TYPES, clistlen, \ + (char *)(clist)) +#define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s, SSL_CTRL_SET_CLIENT_CERT_TYPES, clistlen, (char *)(clist)) +#define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn) +#define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn) +#define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk) +#define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s, SSL_CTRL_GET_TMP_KEY, 0, pk) +#define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s, SSL_CTRL_GET_RAW_CIPHERLIST, 0, plst) +#define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s, SSL_CTRL_GET_EC_POINT_FORMATS, 0, plst) +#define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +#define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +#define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +#define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +#define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +#define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) const char *SSL_group_to_name(SSL *s, int id); /* Backwards compatibility, original 1.1.0 names */ -# define SSL_CTRL_GET_SERVER_TMP_KEY \ - SSL_CTRL_GET_PEER_TMP_KEY -# define SSL_get_server_tmp_key(s, pk) \ - SSL_get_peer_tmp_key(s, pk) +#define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +#define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey); int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey); @@ -1564,34 +1568,37 @@ * The following symbol names are old and obsolete. They are kept * for compatibility reasons only and should not be used anymore. */ -# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS -# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS -# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST -# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP - -# define SSL_get1_curves SSL_get1_groups -# define SSL_CTX_set1_curves SSL_CTX_set1_groups -# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list -# define SSL_set1_curves SSL_set1_groups -# define SSL_set1_curves_list SSL_set1_groups_list -# define SSL_get_shared_curve SSL_get_shared_group - - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +#define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +#define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +#define SSL_get1_curves SSL_get1_groups +#define SSL_CTX_set1_curves SSL_CTX_set1_groups +#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +#define SSL_set1_curves SSL_set1_groups +#define SSL_set1_curves_list SSL_set1_groups_list +#define SSL_get_shared_curve SSL_get_shared_group + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* Provide some compatibility macros for removed functionality. */ -# define SSL_CTX_need_tmp_RSA(ctx) 0 -# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 -# define SSL_need_tmp_RSA(ssl) 0 -# define SSL_set_tmp_rsa(ssl,rsa) 1 -# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) -# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +#define SSL_CTX_need_tmp_RSA(ctx) 0 +#define SSL_CTX_set_tmp_rsa(ctx, rsa) 1 +#define SSL_need_tmp_RSA(ssl) 0 +#define SSL_set_tmp_rsa(ssl, rsa) 1 +#define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +#define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) /* * We "pretend" to call the callback to avoid warnings about unused static * functions. */ -# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) -# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) -# endif +#define SSL_CTX_set_tmp_rsa_callback(ctx, cb) \ + while (0) \ + (cb)(NULL, 0, 0) +#define SSL_set_tmp_rsa_callback(ssl, cb) \ + while (0) \ + (cb)(NULL, 0, 0) +#endif __owur const BIO_METHOD *BIO_f_ssl(void); __owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); __owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); @@ -1602,7 +1609,7 @@ __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); __owur SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, - const SSL_METHOD *meth); + const SSL_METHOD *meth); int SSL_CTX_up_ref(SSL_CTX *ctx); void SSL_CTX_free(SSL_CTX *); __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); @@ -1637,11 +1644,11 @@ __owur int SSL_get_read_ahead(const SSL *s); __owur int SSL_pending(const SSL *s); __owur int SSL_has_pending(const SSL *s); -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK __owur int SSL_set_fd(SSL *s, int fd); __owur int SSL_set_rfd(SSL *s, int fd); __owur int SSL_set_wfd(SSL *s, int fd); -# endif +#endif void SSL_set0_rbio(SSL *s, BIO *rbio); void SSL_set0_wbio(SSL *s, BIO *wbio); void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); @@ -1656,32 +1663,31 @@ __owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); void SSL_set_verify_depth(SSL *s, int depth); -void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, - const unsigned char *d, long len); -# endif + const unsigned char *d, long len); +#endif __owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, - long len); + long len); __owur int SSL_use_certificate(SSL *ssl, X509 *x); __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); __owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override); - + STACK_OF(X509) *chain, int override); /* serverinfo file format versions */ -# define SSL_SERVERINFOV1 1 -# define SSL_SERVERINFOV2 2 +#define SSL_SERVERINFOV1 1 +#define SSL_SERVERINFOV2 2 /* Set serverinfo data for the current active cert. */ __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, - size_t serverinfo_length); + size_t serverinfo_length); __owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, - const unsigned char *serverinfo, - size_t serverinfo_length); + const unsigned char *serverinfo, + size_t serverinfo_length); __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -1695,31 +1701,31 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, - int type); + int type); #endif __owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, - int type); + int type); __owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, - int type); + int type); /* PEM type */ __owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); __owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); __owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -__owur STACK_OF(X509_NAME) -*SSL_load_client_CA_file_ex(const char *file, OSSL_LIB_CTX *libctx, - const char *propq); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, OSSL_LIB_CTX *libctx, + const char *propq); __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *file); + const char *file); int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *dir); + const char *dir); int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *uri); + const char *uri); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSL_load_error_strings() \ +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_load_error_strings() \ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) -# endif + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, \ + NULL) +#endif __owur const char *SSL_state_string(const SSL *s); __owur const char *SSL_rstate_string(const SSL *s); @@ -1735,39 +1741,39 @@ __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); __owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, - const unsigned char **alpn, - size_t *len); + const unsigned char **alpn, + size_t *len); __owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, - const unsigned char *alpn, - size_t len); + const unsigned char *alpn, + size_t len); __owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); __owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, - size_t *len); + size_t *len); __owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); __owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, - uint32_t max_early_data); + uint32_t max_early_data); __owur int SSL_copy_session_id(SSL *to, const SSL *from); __owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); __owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, - const unsigned char *sid_ctx, - unsigned int sid_ctx_len); + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, - unsigned int sid_len); + unsigned int sid_len); __owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); __owur SSL_SESSION *SSL_SESSION_new(void); __owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, - unsigned int *len); + unsigned int *len); const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, - unsigned int *len); + unsigned int *len); __owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); -# endif +#endif int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); int SSL_SESSION_up_ref(SSL_SESSION *ses); @@ -1779,19 +1785,19 @@ __owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); __owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); __owur int SSL_has_matching_session_id(const SSL *s, - const unsigned char *id, - unsigned int id_len); + const unsigned char *id, + unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length); + long length); -# ifdef OPENSSL_X509_H +#ifdef OPENSSL_X509_H __owur X509 *SSL_get0_peer_certificate(const SSL *s); __owur X509 *SSL_get1_peer_certificate(const SSL *s); /* Deprecated in 3.0.0 */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_get_peer_certificate SSL_get1_peer_certificate -# endif -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_get_peer_certificate SSL_get1_peer_certificate +#endif +#endif __owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); @@ -1801,25 +1807,25 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, - int (*cb) (X509_STORE_CTX *, void *), - void *arg); -void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), - void *arg); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + int (*cb)(X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), + void *arg); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, - long len); -# endif + long len); +#endif __owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); __owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, - const unsigned char *d, long len); + const unsigned char *d, long len); __owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d); + const unsigned char *d); __owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override); + STACK_OF(X509) *chain, int override); void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); @@ -1834,14 +1840,14 @@ __owur int SSL_check_private_key(const SSL *ctx); __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, - const unsigned char *sid_ctx, - unsigned int sid_ctx_len); + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, - unsigned int sid_ctx_len); + unsigned int sid_ctx_len); __owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); __owur int SSL_set_purpose(SSL *ssl, int purpose); @@ -1855,14 +1861,14 @@ __owur int SSL_CTX_dane_enable(SSL_CTX *ctx); __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, - uint8_t mtype, uint8_t ord); + uint8_t mtype, uint8_t ord); __owur int SSL_dane_enable(SSL *s, const char *basedomain); __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, const unsigned char *data, size_t dlen); + uint8_t mtype, const unsigned char *data, size_t dlen); __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, - uint8_t *mtype, const unsigned char **data, - size_t *dlen); + uint8_t *mtype, const unsigned char **data, + size_t *dlen); /* * Bridge opacity barrier between libcrypt and libssl, also needed to support * offline testing in test/danetest.c @@ -1882,105 +1888,105 @@ __owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); __owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); -# ifndef OPENSSL_NO_SRP -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, - char *(*cb) (SSL *, void *)); + char *(*cb)(SSL *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, - int (*cb) (SSL *, void *)); + int (*cb)(SSL *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, - int (*cb) (SSL *, int *, void *)); + int (*cb)(SSL *, int *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); OSSL_DEPRECATEDIN_3_0 int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, - BIGNUM *sa, BIGNUM *v, char *info); + BIGNUM *sa, BIGNUM *v, char *info); OSSL_DEPRECATEDIN_3_0 int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, - const char *grp); + const char *grp); OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_g(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_N(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_username(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s); -# endif -# endif +#endif +#endif /* * ClientHello callback and helpers. */ -# define SSL_CLIENT_HELLO_SUCCESS 1 -# define SSL_CLIENT_HELLO_ERROR 0 -# define SSL_CLIENT_HELLO_RETRY (-1) +#define SSL_CLIENT_HELLO_SUCCESS 1 +#define SSL_CLIENT_HELLO_ERROR 0 +#define SSL_CLIENT_HELLO_RETRY (-1) -typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, - void *arg); + void *arg); int SSL_client_hello_isv2(SSL *s); unsigned int SSL_client_hello_get0_legacy_version(SSL *s); size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_compression_methods(SSL *s, - const unsigned char **out); + const unsigned char **out); int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, - const unsigned char **out, size_t *outlen); + const unsigned char **out, size_t *outlen); void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); -# ifdef OSSL_ASYNC_FD +#ifdef OSSL_ASYNC_FD /* * Windows application developer has to include windows.h to use these. */ __owur int SSL_waiting_for_async(SSL *s); __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, - size_t *numaddfds, OSSL_ASYNC_FD *delfd, - size_t *numdelfds); + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); __owur int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); __owur int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); __owur int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); __owur int SSL_set_async_callback_arg(SSL *s, void *arg); __owur int SSL_get_async_status(SSL *s, int *status); -# endif +#endif __owur int SSL_accept(SSL *ssl); __owur int SSL_stateless(SSL *s); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); -# define SSL_READ_EARLY_DATA_ERROR 0 -# define SSL_READ_EARLY_DATA_SUCCESS 1 -# define SSL_READ_EARLY_DATA_FINISH 2 +#define SSL_READ_EARLY_DATA_ERROR 0 +#define SSL_READ_EARLY_DATA_SUCCESS 1 +#define SSL_READ_EARLY_DATA_FINISH 2 __owur int SSL_read_early_data(SSL *s, void *buf, size_t num, - size_t *readbytes); + size_t *readbytes); __owur int SSL_peek(SSL *ssl, void *buf, int num); __owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); __owur ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, - int flags); + int flags); __owur int SSL_write(SSL *ssl, const void *buf, int num); __owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); __owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, - size_t *written); + size_t *written); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); -# define SSL_EARLY_DATA_NOT_SENT 0 -# define SSL_EARLY_DATA_REJECTED 1 -# define SSL_EARLY_DATA_ACCEPTED 2 +#define SSL_EARLY_DATA_NOT_SENT 0 +#define SSL_EARLY_DATA_REJECTED 1 +#define SSL_EARLY_DATA_ACCEPTED 2 __owur int SSL_get_early_data_status(const SSL *s); @@ -1988,68 +1994,68 @@ __owur const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); -# endif +#endif -# ifndef OPENSSL_NO_SSL3_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_SSL3_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_client_method(void); -# endif -# endif +#endif +#endif -#define SSLv23_method TLS_method -#define SSLv23_server_method TLS_server_method -#define SSLv23_client_method TLS_client_method +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method /* Negotiate highest available SSL/TLS version */ __owur const SSL_METHOD *TLS_method(void); __owur const SSL_METHOD *TLS_server_method(void); __owur const SSL_METHOD *TLS_client_method(void); -# ifndef OPENSSL_NO_TLS1_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_TLS1_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_client_method(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_TLS1_1_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_TLS1_1_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_client_method(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_TLS1_2_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_TLS1_2_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_client_method(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_DTLS1_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DTLS1_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_client_method(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_DTLS1_2_METHOD +#ifndef OPENSSL_NO_DTLS1_2_METHOD /* DTLSv1.2 */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_client_method(void); -# endif -# endif +#endif +#endif __owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ @@ -2102,9 +2108,9 @@ __owur long SSL_get_default_timeout(const SSL *s); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSL_library_init() OPENSSL_init_ssl(0, NULL) -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_library_init() OPENSSL_init_ssl(0, NULL) +#endif __owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); __owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); @@ -2136,17 +2142,17 @@ __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, - const char *CAfile, - const char *CApath); -# define SSL_get0_session SSL_get_session/* just peek at pointer */ + const char *CAfile, + const char *CApath); +#define SSL_get0_session SSL_get_session /* just peek at pointer */ __owur SSL_SESSION *SSL_get_session(const SSL *ssl); __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ __owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); void SSL_set_info_callback(SSL *ssl, - void (*cb) (const SSL *ssl, int type, int val)); -void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, - int val); + void (*cb)(const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, + int val); __owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl, long v); @@ -2154,13 +2160,13 @@ __owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); __owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, - size_t outlen); + size_t outlen); __owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, - size_t outlen); + size_t outlen); __owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, - unsigned char *out, size_t outlen); + unsigned char *out, size_t outlen); __owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); #define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ @@ -2178,61 +2184,61 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); -# define SSL_CTX_sess_set_cache_size(ctx,t) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) -# define SSL_CTX_sess_get_cache_size(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) -# define SSL_CTX_set_session_cache_mode(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) -# define SSL_CTX_get_session_cache_mode(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) - -# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) -# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) -# define SSL_CTX_get_read_ahead(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) -# define SSL_CTX_set_read_ahead(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) -# define SSL_CTX_get_max_cert_list(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -# define SSL_CTX_set_max_cert_list(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) -# define SSL_get_max_cert_list(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -# define SSL_set_max_cert_list(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) - -# define SSL_CTX_set_max_send_fragment(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) -# define SSL_set_max_send_fragment(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) -# define SSL_CTX_set_split_send_fragment(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) -# define SSL_set_split_send_fragment(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) -# define SSL_CTX_set_max_pipelines(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) -# define SSL_set_max_pipelines(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) -# define SSL_set_retry_verify(ssl) \ - (SSL_ctrl(ssl,SSL_CTRL_SET_RETRY_VERIFY,0,NULL) > 0) +#define SSL_CTX_sess_set_cache_size(ctx, t) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, NULL) +#define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, NULL) +#define SSL_CTX_set_session_cache_mode(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, NULL) +#define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_MODE, 0, NULL) + +#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +#define SSL_CTX_set_default_read_ahead(ctx, m) SSL_CTX_set_read_ahead(ctx, m) +#define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_READ_AHEAD, 0, NULL) +#define SSL_CTX_set_read_ahead(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, NULL) +#define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL) +#define SSL_CTX_set_max_cert_list(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL) +#define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL) +#define SSL_set_max_cert_list(ssl, m) \ + SSL_ctrl(ssl, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL) + +#define SSL_CTX_set_max_send_fragment(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) +#define SSL_set_max_send_fragment(ssl, m) \ + SSL_ctrl(ssl, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) +#define SSL_CTX_set_split_send_fragment(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SPLIT_SEND_FRAGMENT, m, NULL) +#define SSL_set_split_send_fragment(ssl, m) \ + SSL_ctrl(ssl, SSL_CTRL_SET_SPLIT_SEND_FRAGMENT, m, NULL) +#define SSL_CTX_set_max_pipelines(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PIPELINES, m, NULL) +#define SSL_set_max_pipelines(ssl, m) \ + SSL_ctrl(ssl, SSL_CTRL_SET_MAX_PIPELINES, m, NULL) +#define SSL_set_retry_verify(ssl) \ + (SSL_ctrl(ssl, SSL_CTRL_SET_RETRY_VERIFY, 0, NULL) > 0) void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); void SSL_set_default_read_buffer_len(SSL *s, size_t len); -# ifndef OPENSSL_NO_DH -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* NB: the |keylength| is only applicable when is_export is true */ OSSL_DEPRECATEDIN_3_0 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)); + DH *(*dh)(SSL *ssl, int is_export, + int keylength)); OSSL_DEPRECATEDIN_3_0 void SSL_set_tmp_dh_callback(SSL *ssl, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)); -# endif -# endif + DH *(*dh)(SSL *ssl, int is_export, + int keylength)); +#endif +#endif __owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); __owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); @@ -2241,50 +2247,52 @@ __owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) - *meths); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSL_COMP_free_compression_methods() while(0) continue -# endif + *meths); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_COMP_free_compression_methods() \ + while (0) \ + continue +#endif __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, - int isv2format, STACK_OF(SSL_CIPHER) **sk, - STACK_OF(SSL_CIPHER) **scsvs); + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); /* TLS extensions functions */ __owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); __owur int SSL_set_session_ticket_ext_cb(SSL *s, - tls_session_ticket_ext_cb_fn cb, - void *arg); + tls_session_ticket_ext_cb_fn cb, + void *arg); /* Pre-shared secret session resumption functions */ __owur int SSL_set_session_secret_cb(SSL *s, - tls_session_secret_cb_fn session_secret_cb, - void *arg); + tls_session_secret_cb_fn session_secret_cb, + void *arg); void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - int - is_forward_secure)); + int (*cb)(SSL *ssl, + int + is_forward_secure)); void SSL_set_not_resumable_session_callback(SSL *ssl, - int (*cb) (SSL *ssl, - int is_forward_secure)); + int (*cb)(SSL *ssl, + int is_forward_secure)); void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, - size_t (*cb) (SSL *ssl, int type, - size_t len, void *arg)); + size_t (*cb)(SSL *ssl, int type, + size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); int SSL_set_record_padding_callback(SSL *ssl, - size_t (*cb) (SSL *ssl, int type, - size_t len, void *arg)); + size_t (*cb)(SSL *ssl, int type, + size_t len, void *arg)); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_set_block_padding(SSL *ssl, size_t block_size); @@ -2294,9 +2302,9 @@ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSL_cache_hit(s) SSL_session_reused(s) -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_cache_hit(s) SSL_session_reused(s) +#endif __owur int SSL_session_reused(const SSL *s); __owur int SSL_is_server(const SSL *s); @@ -2306,7 +2314,7 @@ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); __owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, - unsigned int flags); + unsigned int flags); __owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); @@ -2320,16 +2328,16 @@ int SSL_config(SSL *s, const char *name); int SSL_CTX_config(SSL_CTX *ctx, const char *name); -# ifndef OPENSSL_NO_SSL_TRACE +#ifndef OPENSSL_NO_SSL_TRACE void SSL_trace(int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); -# endif + const void *buf, size_t len, SSL *ssl, void *arg); +#endif -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client); -# endif +#endif -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT /* * A callback for verifying that the received SCTs are sufficient. @@ -2338,7 +2346,7 @@ * A connection should be aborted if the SCTs are deemed insufficient. */ typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, - const STACK_OF(SCT) *scts, void *arg); + const STACK_OF(SCT) *scts, void *arg); /* * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate @@ -2353,14 +2361,14 @@ * will be requested. */ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, - void *arg); + void *arg); int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, - ssl_ct_validation_cb callback, - void *arg); + ssl_ct_validation_cb callback, + void *arg); #define SSL_disable_ct(s) \ - ((void) SSL_set_validation_callback((s), NULL, NULL)) + ((void)SSL_set_validation_callback((s), NULL, NULL)) #define SSL_CTX_disable_ct(ctx) \ - ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + ((void)SSL_CTX_set_validation_callback((ctx), NULL, NULL)) /* * The validation type enumerates the available behaviours of the built-in SSL @@ -2425,106 +2433,106 @@ */ const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); -# endif /* OPENSSL_NO_CT */ +#endif /* OPENSSL_NO_CT */ /* What the "other" parameter contains in security callback */ /* Mask for type */ -# define SSL_SECOP_OTHER_TYPE 0xffff0000 -# define SSL_SECOP_OTHER_NONE 0 -# define SSL_SECOP_OTHER_CIPHER (1 << 16) -# define SSL_SECOP_OTHER_CURVE (2 << 16) -# define SSL_SECOP_OTHER_DH (3 << 16) -# define SSL_SECOP_OTHER_PKEY (4 << 16) -# define SSL_SECOP_OTHER_SIGALG (5 << 16) -# define SSL_SECOP_OTHER_CERT (6 << 16) +#define SSL_SECOP_OTHER_TYPE 0xffff0000 +#define SSL_SECOP_OTHER_NONE 0 +#define SSL_SECOP_OTHER_CIPHER (1 << 16) +#define SSL_SECOP_OTHER_CURVE (2 << 16) +#define SSL_SECOP_OTHER_DH (3 << 16) +#define SSL_SECOP_OTHER_PKEY (4 << 16) +#define SSL_SECOP_OTHER_SIGALG (5 << 16) +#define SSL_SECOP_OTHER_CERT (6 << 16) /* Indicated operation refers to peer key or certificate */ -# define SSL_SECOP_PEER 0x1000 +#define SSL_SECOP_PEER 0x1000 /* Values for "op" parameter in security callback */ /* Called to filter ciphers */ /* Ciphers client supports */ -# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +#define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) /* Cipher shared by client/server */ -# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +#define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) /* Sanity check of cipher server selects */ -# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +#define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) /* Curves supported by client */ -# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +#define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) /* Curves shared by client/server */ -# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +#define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) /* Sanity check of curve server selects */ -# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +#define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) /* Temporary DH key */ -# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +#define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) /* SSL/TLS version */ -# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +#define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) /* Session tickets */ -# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +#define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) /* Supported signature algorithms sent to peer */ -# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +#define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) /* Shared signature algorithm */ -# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +#define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) /* Sanity check signature algorithm allowed */ -# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +#define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) /* Used to get mask of supported public key signature algorithms */ -# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +#define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) /* Use to see if compression is allowed */ -# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +#define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) /* EE key in certificate */ -# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +#define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) /* CA key in certificate */ -# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +#define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) /* CA digest algorithm in certificate */ -# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +#define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) /* Peer EE key in certificate */ -# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +#define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) /* Peer CA key in certificate */ -# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +#define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) /* Peer CA digest algorithm in certificate */ -# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) +#define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) void SSL_set_security_level(SSL *s, int level); __owur int SSL_get_security_level(const SSL *s); void SSL_set_security_callback(SSL *s, - int (*cb) (const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex)); -int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, - const SSL_CTX *ctx, int op, - int bits, int nid, void *other, - void *ex); + int (*cb)(const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s))(const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); void SSL_set0_security_ex_data(SSL *s, void *ex); __owur void *SSL_get0_security_ex_data(const SSL *s); void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); __owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); void SSL_CTX_set_security_callback(SSL_CTX *ctx, - int (*cb) (const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex)); -int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, - const SSL_CTX *ctx, - int op, int bits, - int nid, - void *other, - void *ex); + int (*cb)(const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); __owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); /* OPENSSL_INIT flag 0x010000 reserved for internal use */ -# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L -# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L +#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L -# define OPENSSL_INIT_SSL_DEFAULT \ - (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) +#define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); -# ifndef OPENSSL_NO_UNIT_TEST +#ifndef OPENSSL_NO_UNIT_TEST __owur const struct openssl_ssl_test_functions *SSL_test_functions(void); -# endif +#endif __owur int SSL_free_buffers(SSL *ssl); __owur int SSL_alloc_buffers(SSL *ssl); @@ -2535,44 +2543,44 @@ /* Support for ticket appdata */ /* fatal error, malloc failure */ -# define SSL_TICKET_FATAL_ERR_MALLOC 0 +#define SSL_TICKET_FATAL_ERR_MALLOC 0 /* fatal error, either from parsing or decrypting the ticket */ -# define SSL_TICKET_FATAL_ERR_OTHER 1 +#define SSL_TICKET_FATAL_ERR_OTHER 1 /* No ticket present */ -# define SSL_TICKET_NONE 2 +#define SSL_TICKET_NONE 2 /* Empty ticket present */ -# define SSL_TICKET_EMPTY 3 +#define SSL_TICKET_EMPTY 3 /* the ticket couldn't be decrypted */ -# define SSL_TICKET_NO_DECRYPT 4 +#define SSL_TICKET_NO_DECRYPT 4 /* a ticket was successfully decrypted */ -# define SSL_TICKET_SUCCESS 5 +#define SSL_TICKET_SUCCESS 5 /* same as above but the ticket needs to be renewed */ -# define SSL_TICKET_SUCCESS_RENEW 6 +#define SSL_TICKET_SUCCESS_RENEW 6 /* Return codes for the decrypt session ticket callback */ typedef int SSL_TICKET_RETURN; /* An error occurred */ -#define SSL_TICKET_RETURN_ABORT 0 +#define SSL_TICKET_RETURN_ABORT 0 /* Do not use the ticket, do not send a renewed ticket to the client */ -#define SSL_TICKET_RETURN_IGNORE 1 +#define SSL_TICKET_RETURN_IGNORE 1 /* Do not use the ticket, send a renewed ticket to the client */ -#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 /* Use the ticket, do not send a renewed ticket to the client */ -#define SSL_TICKET_RETURN_USE 3 +#define SSL_TICKET_RETURN_USE 3 /* Use the ticket, send a renewed ticket to the client */ -#define SSL_TICKET_RETURN_USE_RENEW 4 +#define SSL_TICKET_RETURN_USE_RENEW 4 typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, - const unsigned char *keyname, - size_t keyname_length, - SSL_TICKET_STATUS status, - void *arg); + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, - SSL_CTX_generate_session_ticket_fn gen_cb, - SSL_CTX_decrypt_session_ticket_fn dec_cb, - void *arg); + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); @@ -2580,20 +2588,19 @@ void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); - typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, - SSL_allow_early_data_cb_fn cb, - void *arg); + SSL_allow_early_data_cb_fn cb, + void *arg); void SSL_set_allow_early_data_cb(SSL *s, - SSL_allow_early_data_cb_fn cb, - void *arg); + SSL_allow_early_data_cb_fn cb, + void *arg); /* store the default cipher strings inside the library */ const char *OSSL_default_cipher_list(void); const char *OSSL_default_ciphersuites(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/ssl.h.in.orig +++ crypto/openssl/include/openssl/ssl.h.in @@ -11,40 +11,42 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_SSL_H -# define OPENSSL_SSL_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SSL_H -# endif - -# include -# include -# include -# include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# include -# include -# endif -# include -# include -# include -# include - -# include -# include -# include -# include -# include - -#ifdef __cplusplus +#define OPENSSL_SSL_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SSL_H +#endif + +#include +#include +#include +#include +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#include +#include +#endif +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#ifdef __cplusplus extern "C" { #endif @@ -53,116 +55,116 @@ * Version 0 - initial version * Version 1 - added the optional peer certificate */ -# define SSL_SESSION_ASN1_VERSION 0x0001 +#define SSL_SESSION_ASN1_VERSION 0x0001 -# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 -# define SSL_MAX_SID_CTX_LENGTH 32 +#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +#define SSL_MAX_SID_CTX_LENGTH 32 -# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) -# define SSL_MAX_KEY_ARG_LENGTH 8 +#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512 / 8) +#define SSL_MAX_KEY_ARG_LENGTH 8 /* SSL_MAX_MASTER_KEY_LENGTH is defined in prov_ssl.h */ /* The maximum number of encrypt/decrypt pipelines we can support */ -# define SSL_MAX_PIPELINES 32 +#define SSL_MAX_PIPELINES 32 /* text strings for the ciphers */ /* These are used to specify which ciphers to use and not to use */ -# define SSL_TXT_LOW "LOW" -# define SSL_TXT_MEDIUM "MEDIUM" -# define SSL_TXT_HIGH "HIGH" -# define SSL_TXT_FIPS "FIPS" - -# define SSL_TXT_aNULL "aNULL" -# define SSL_TXT_eNULL "eNULL" -# define SSL_TXT_NULL "NULL" - -# define SSL_TXT_kRSA "kRSA" -# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ -# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ -# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ -# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ -# define SSL_TXT_kDHE "kDHE" -# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ -# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ -# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ -# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ -# define SSL_TXT_kECDHE "kECDHE" -# define SSL_TXT_kPSK "kPSK" -# define SSL_TXT_kRSAPSK "kRSAPSK" -# define SSL_TXT_kECDHEPSK "kECDHEPSK" -# define SSL_TXT_kDHEPSK "kDHEPSK" -# define SSL_TXT_kGOST "kGOST" -# define SSL_TXT_kGOST18 "kGOST18" -# define SSL_TXT_kSRP "kSRP" - -# define SSL_TXT_aRSA "aRSA" -# define SSL_TXT_aDSS "aDSS" -# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ -# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ -# define SSL_TXT_aECDSA "aECDSA" -# define SSL_TXT_aPSK "aPSK" -# define SSL_TXT_aGOST94 "aGOST94" -# define SSL_TXT_aGOST01 "aGOST01" -# define SSL_TXT_aGOST12 "aGOST12" -# define SSL_TXT_aGOST "aGOST" -# define SSL_TXT_aSRP "aSRP" - -# define SSL_TXT_DSS "DSS" -# define SSL_TXT_DH "DH" -# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ -# define SSL_TXT_EDH "EDH"/* alias for DHE */ -# define SSL_TXT_ADH "ADH" -# define SSL_TXT_RSA "RSA" -# define SSL_TXT_ECDH "ECDH" -# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ -# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ -# define SSL_TXT_AECDH "AECDH" -# define SSL_TXT_ECDSA "ECDSA" -# define SSL_TXT_PSK "PSK" -# define SSL_TXT_SRP "SRP" - -# define SSL_TXT_DES "DES" -# define SSL_TXT_3DES "3DES" -# define SSL_TXT_RC4 "RC4" -# define SSL_TXT_RC2 "RC2" -# define SSL_TXT_IDEA "IDEA" -# define SSL_TXT_SEED "SEED" -# define SSL_TXT_AES128 "AES128" -# define SSL_TXT_AES256 "AES256" -# define SSL_TXT_AES "AES" -# define SSL_TXT_AES_GCM "AESGCM" -# define SSL_TXT_AES_CCM "AESCCM" -# define SSL_TXT_AES_CCM_8 "AESCCM8" -# define SSL_TXT_CAMELLIA128 "CAMELLIA128" -# define SSL_TXT_CAMELLIA256 "CAMELLIA256" -# define SSL_TXT_CAMELLIA "CAMELLIA" -# define SSL_TXT_CHACHA20 "CHACHA20" -# define SSL_TXT_GOST "GOST89" -# define SSL_TXT_ARIA "ARIA" -# define SSL_TXT_ARIA_GCM "ARIAGCM" -# define SSL_TXT_ARIA128 "ARIA128" -# define SSL_TXT_ARIA256 "ARIA256" -# define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912" -# define SSL_TXT_CBC "CBC" - -# define SSL_TXT_MD5 "MD5" -# define SSL_TXT_SHA1 "SHA1" -# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ -# define SSL_TXT_GOST94 "GOST94" -# define SSL_TXT_GOST89MAC "GOST89MAC" -# define SSL_TXT_GOST12 "GOST12" -# define SSL_TXT_GOST89MAC12 "GOST89MAC12" -# define SSL_TXT_SHA256 "SHA256" -# define SSL_TXT_SHA384 "SHA384" - -# define SSL_TXT_SSLV3 "SSLv3" -# define SSL_TXT_TLSV1 "TLSv1" -# define SSL_TXT_TLSV1_1 "TLSv1.1" -# define SSL_TXT_TLSV1_2 "TLSv1.2" - -# define SSL_TXT_ALL "ALL" +#define SSL_TXT_LOW "LOW" +#define SSL_TXT_MEDIUM "MEDIUM" +#define SSL_TXT_HIGH "HIGH" +#define SSL_TXT_FIPS "FIPS" + +#define SSL_TXT_aNULL "aNULL" +#define SSL_TXT_eNULL "eNULL" +#define SSL_TXT_NULL "NULL" + +#define SSL_TXT_kRSA "kRSA" +#define SSL_TXT_kDHr "kDHr" /* this cipher class has been removed */ +#define SSL_TXT_kDHd "kDHd" /* this cipher class has been removed */ +#define SSL_TXT_kDH "kDH" /* this cipher class has been removed */ +#define SSL_TXT_kEDH "kEDH" /* alias for kDHE */ +#define SSL_TXT_kDHE "kDHE" +#define SSL_TXT_kECDHr "kECDHr" /* this cipher class has been removed */ +#define SSL_TXT_kECDHe "kECDHe" /* this cipher class has been removed */ +#define SSL_TXT_kECDH "kECDH" /* this cipher class has been removed */ +#define SSL_TXT_kEECDH "kEECDH" /* alias for kECDHE */ +#define SSL_TXT_kECDHE "kECDHE" +#define SSL_TXT_kPSK "kPSK" +#define SSL_TXT_kRSAPSK "kRSAPSK" +#define SSL_TXT_kECDHEPSK "kECDHEPSK" +#define SSL_TXT_kDHEPSK "kDHEPSK" +#define SSL_TXT_kGOST "kGOST" +#define SSL_TXT_kGOST18 "kGOST18" +#define SSL_TXT_kSRP "kSRP" + +#define SSL_TXT_aRSA "aRSA" +#define SSL_TXT_aDSS "aDSS" +#define SSL_TXT_aDH "aDH" /* this cipher class has been removed */ +#define SSL_TXT_aECDH "aECDH" /* this cipher class has been removed */ +#define SSL_TXT_aECDSA "aECDSA" +#define SSL_TXT_aPSK "aPSK" +#define SSL_TXT_aGOST94 "aGOST94" +#define SSL_TXT_aGOST01 "aGOST01" +#define SSL_TXT_aGOST12 "aGOST12" +#define SSL_TXT_aGOST "aGOST" +#define SSL_TXT_aSRP "aSRP" + +#define SSL_TXT_DSS "DSS" +#define SSL_TXT_DH "DH" +#define SSL_TXT_DHE "DHE" /* same as "kDHE:-ADH" */ +#define SSL_TXT_EDH "EDH" /* alias for DHE */ +#define SSL_TXT_ADH "ADH" +#define SSL_TXT_RSA "RSA" +#define SSL_TXT_ECDH "ECDH" +#define SSL_TXT_EECDH "EECDH" /* alias for ECDHE" */ +#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */ +#define SSL_TXT_AECDH "AECDH" +#define SSL_TXT_ECDSA "ECDSA" +#define SSL_TXT_PSK "PSK" +#define SSL_TXT_SRP "SRP" + +#define SSL_TXT_DES "DES" +#define SSL_TXT_3DES "3DES" +#define SSL_TXT_RC4 "RC4" +#define SSL_TXT_RC2 "RC2" +#define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_SEED "SEED" +#define SSL_TXT_AES128 "AES128" +#define SSL_TXT_AES256 "AES256" +#define SSL_TXT_AES "AES" +#define SSL_TXT_AES_GCM "AESGCM" +#define SSL_TXT_AES_CCM "AESCCM" +#define SSL_TXT_AES_CCM_8 "AESCCM8" +#define SSL_TXT_CAMELLIA128 "CAMELLIA128" +#define SSL_TXT_CAMELLIA256 "CAMELLIA256" +#define SSL_TXT_CAMELLIA "CAMELLIA" +#define SSL_TXT_CHACHA20 "CHACHA20" +#define SSL_TXT_GOST "GOST89" +#define SSL_TXT_ARIA "ARIA" +#define SSL_TXT_ARIA_GCM "ARIAGCM" +#define SSL_TXT_ARIA128 "ARIA128" +#define SSL_TXT_ARIA256 "ARIA256" +#define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912" +#define SSL_TXT_CBC "CBC" + +#define SSL_TXT_MD5 "MD5" +#define SSL_TXT_SHA1 "SHA1" +#define SSL_TXT_SHA "SHA" /* same as "SHA1" */ +#define SSL_TXT_GOST94 "GOST94" +#define SSL_TXT_GOST89MAC "GOST89MAC" +#define SSL_TXT_GOST12 "GOST12" +#define SSL_TXT_GOST89MAC12 "GOST89MAC12" +#define SSL_TXT_SHA256 "SHA256" +#define SSL_TXT_SHA384 "SHA384" + +#define SSL_TXT_SSLV3 "SSLv3" +#define SSL_TXT_TLSV1 "TLSv1" +#define SSL_TXT_TLSV1_1 "TLSv1.1" +#define SSL_TXT_TLSV1_2 "TLSv1.2" + +#define SSL_TXT_ALL "ALL" /*- * COMPLEMENTOF* definitions. These identifiers are used to (de-select) @@ -178,8 +180,8 @@ * DEFAULT gets, as only selection is being done and no sorting as needed * for DEFAULT. */ -# define SSL_TXT_CMPALL "COMPLEMENTOFALL" -# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" +#define SSL_TXT_CMPALL "COMPLEMENTOFALL" +#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" /* * The following cipher list is used by default. It also is substituted when @@ -188,17 +190,17 @@ * DEPRECATED IN 3.0.0, in favor of OSSL_default_cipher_list() * Update both macro and function simultaneously */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" /* * This is the default set of TLSv1.3 ciphersuites * DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites() * Update both macro and function simultaneously */ -# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ - "TLS_CHACHA20_POLY1305_SHA256:" \ - "TLS_AES_128_GCM_SHA256" -# endif +#define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +#endif /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is @@ -207,19 +209,19 @@ */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ -# define SSL_SENT_SHUTDOWN 1 -# define SSL_RECEIVED_SHUTDOWN 2 +#define SSL_SENT_SHUTDOWN 1 +#define SSL_RECEIVED_SHUTDOWN 2 #ifdef __cplusplus } #endif -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 -# define SSL_FILETYPE_PEM X509_FILETYPE_PEM +#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +#define SSL_FILETYPE_PEM X509_FILETYPE_PEM /* * This is needed to stop compilers complaining about the 'struct ssl_st *' @@ -242,74 +244,74 @@ const char *name; unsigned long id; } SRTP_PROTECTION_PROFILE; +/* clang-format off */ {- generate_stack_macros("SRTP_PROTECTION_PROFILE"); -} - +/* clang-format on */ typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, - int len, void *arg); + int len, void *arg); typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, - const SSL_CIPHER **cipher, void *arg); + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); /* Extension context codes */ /* This extension is only allowed in TLS */ -#define SSL_EXT_TLS_ONLY 0x0001 +#define SSL_EXT_TLS_ONLY 0x0001 /* This extension is only allowed in DTLS */ -#define SSL_EXT_DTLS_ONLY 0x0002 +#define SSL_EXT_DTLS_ONLY 0x0002 /* Some extensions may be allowed in DTLS but we don't implement them for it */ -#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ -#define SSL_EXT_SSL3_ALLOWED 0x0008 +#define SSL_EXT_SSL3_ALLOWED 0x0008 /* Extension is only defined for TLS1.2 and below */ -#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 /* Extension is only defined for TLS1.3 and above */ -#define SSL_EXT_TLS1_3_ONLY 0x0020 +#define SSL_EXT_TLS1_3_ONLY 0x0020 /* Ignore this extension during parsing if we are resuming */ -#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 -#define SSL_EXT_CLIENT_HELLO 0x0080 +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 /* Really means TLS1.2 or below */ -#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 -#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 -#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 -#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 -#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 -#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 -#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 /* Typedefs for handling custom extensions */ typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, - const unsigned char **out, size_t *outlen, - int *al, void *add_arg); + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, - const unsigned char *out, void *add_arg); + const unsigned char *out, void *add_arg); typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, - const unsigned char *in, size_t inlen, - int *al, void *parse_arg); - + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char **out, - size_t *outlen, X509 *x, - size_t chainidx, - int *al, void *add_arg); + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *out, - void *add_arg); + unsigned int context, + const unsigned char *out, + void *add_arg); typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *in, - size_t inlen, X509 *x, - size_t chainidx, - int *al, void *parse_arg); + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); /* Typedef for verification callback */ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); @@ -317,163 +319,163 @@ /* Typedef for SSL async callback */ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); -#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n) +#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n) /* * SSL/TLS connection options. */ - /* Disable Extended master secret */ -# define SSL_OP_NO_EXTENDED_MASTER_SECRET SSL_OP_BIT(0) - /* Cleanse plaintext copies of data delivered to the application */ -# define SSL_OP_CLEANSE_PLAINTEXT SSL_OP_BIT(1) - /* Allow initial connection to servers that don't support RI */ -# define SSL_OP_LEGACY_SERVER_CONNECT SSL_OP_BIT(2) - /* Enable support for Kernel TLS */ -# define SSL_OP_ENABLE_KTLS SSL_OP_BIT(3) -# define SSL_OP_TLSEXT_PADDING SSL_OP_BIT(4) -# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG SSL_OP_BIT(6) -# define SSL_OP_IGNORE_UNEXPECTED_EOF SSL_OP_BIT(7) -# define SSL_OP_ALLOW_CLIENT_RENEGOTIATION SSL_OP_BIT(8) -# define SSL_OP_DISABLE_TLSEXT_CA_NAMES SSL_OP_BIT(9) - /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ -# define SSL_OP_ALLOW_NO_DHE_KEX SSL_OP_BIT(10) - /* - * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added - * in OpenSSL 0.9.6d. Usually (depending on the application protocol) - * the workaround is not needed. Unfortunately some broken SSL/TLS - * implementations cannot handle it at all, which is why we include it - * in SSL_OP_ALL. Added in 0.9.6e - */ -# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_BIT(11) - /* DTLS options */ -# define SSL_OP_NO_QUERY_MTU SSL_OP_BIT(12) - /* Turn on Cookie Exchange (on relevant for servers) */ -# define SSL_OP_COOKIE_EXCHANGE SSL_OP_BIT(13) - /* Don't use RFC4507 ticket extension */ -# define SSL_OP_NO_TICKET SSL_OP_BIT(14) -# ifndef OPENSSL_NO_DTLS1_METHOD - /* - * Use Cisco's version identifier of DTLS_BAD_VER - * (only with deprecated DTLSv1_client_method()) - */ -# define SSL_OP_CISCO_ANYCONNECT SSL_OP_BIT(15) -# endif - /* As server, disallow session resumption on renegotiation */ -# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_BIT(16) - /* Don't use compression even if supported */ -# define SSL_OP_NO_COMPRESSION SSL_OP_BIT(17) - /* Permit unsafe legacy renegotiation */ -# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_BIT(18) - /* Disable encrypt-then-mac */ -# define SSL_OP_NO_ENCRYPT_THEN_MAC SSL_OP_BIT(19) - /* - * Enable TLSv1.3 Compatibility mode. This is on by default. A future - * version of OpenSSL may have this disabled by default. - */ -# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT SSL_OP_BIT(20) - /* - * Prioritize Chacha20Poly1305 when client does. - * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE - */ -# define SSL_OP_PRIORITIZE_CHACHA SSL_OP_BIT(21) - /* - * Set on servers to choose the cipher according to server's preferences. - */ -# define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_BIT(22) - /* - * If set, a server will allow a client to issue a SSLv3.0 version - * number as latest version supported in the premaster secret, even when - * TLSv1.0 (version 3.1) was announced in the client hello. Normally - * this is forbidden to prevent version rollback attacks. - */ -# define SSL_OP_TLS_ROLLBACK_BUG SSL_OP_BIT(23) - /* - * Switches off automatic TLSv1.3 anti-replay protection for early data. - * This is a server-side option only (no effect on the client). - */ -# define SSL_OP_NO_ANTI_REPLAY SSL_OP_BIT(24) -# define SSL_OP_NO_SSLv3 SSL_OP_BIT(25) -# define SSL_OP_NO_TLSv1 SSL_OP_BIT(26) -# define SSL_OP_NO_TLSv1_2 SSL_OP_BIT(27) -# define SSL_OP_NO_TLSv1_1 SSL_OP_BIT(28) -# define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29) -# define SSL_OP_NO_DTLSv1 SSL_OP_BIT(26) -# define SSL_OP_NO_DTLSv1_2 SSL_OP_BIT(27) - /* Disallow all renegotiation */ -# define SSL_OP_NO_RENEGOTIATION SSL_OP_BIT(30) - /* - * Make server add server-hello extension from early version of - * cryptopro draft, when GOST ciphersuite is negotiated. Required for - * interoperability with CryptoPro CSP 3.x - */ -# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) +/* Disable Extended master secret */ +#define SSL_OP_NO_EXTENDED_MASTER_SECRET SSL_OP_BIT(0) +/* Cleanse plaintext copies of data delivered to the application */ +#define SSL_OP_CLEANSE_PLAINTEXT SSL_OP_BIT(1) +/* Allow initial connection to servers that don't support RI */ +#define SSL_OP_LEGACY_SERVER_CONNECT SSL_OP_BIT(2) +/* Enable support for Kernel TLS */ +#define SSL_OP_ENABLE_KTLS SSL_OP_BIT(3) +#define SSL_OP_TLSEXT_PADDING SSL_OP_BIT(4) +#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG SSL_OP_BIT(6) +#define SSL_OP_IGNORE_UNEXPECTED_EOF SSL_OP_BIT(7) +#define SSL_OP_ALLOW_CLIENT_RENEGOTIATION SSL_OP_BIT(8) +#define SSL_OP_DISABLE_TLSEXT_CA_NAMES SSL_OP_BIT(9) +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +#define SSL_OP_ALLOW_NO_DHE_KEX SSL_OP_BIT(10) +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it + * in SSL_OP_ALL. Added in 0.9.6e + */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_BIT(11) +/* DTLS options */ +#define SSL_OP_NO_QUERY_MTU SSL_OP_BIT(12) +/* Turn on Cookie Exchange (on relevant for servers) */ +#define SSL_OP_COOKIE_EXCHANGE SSL_OP_BIT(13) +/* Don't use RFC4507 ticket extension */ +#define SSL_OP_NO_TICKET SSL_OP_BIT(14) +#ifndef OPENSSL_NO_DTLS1_METHOD +/* + * Use Cisco's version identifier of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) + */ +#define SSL_OP_CISCO_ANYCONNECT SSL_OP_BIT(15) +#endif +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_BIT(16) +/* Don't use compression even if supported */ +#define SSL_OP_NO_COMPRESSION SSL_OP_BIT(17) +/* Permit unsafe legacy renegotiation */ +#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_BIT(18) +/* Disable encrypt-then-mac */ +#define SSL_OP_NO_ENCRYPT_THEN_MAC SSL_OP_BIT(19) +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future + * version of OpenSSL may have this disabled by default. + */ +#define SSL_OP_ENABLE_MIDDLEBOX_COMPAT SSL_OP_BIT(20) +/* + * Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE + */ +#define SSL_OP_PRIORITIZE_CHACHA SSL_OP_BIT(21) +/* + * Set on servers to choose the cipher according to server's preferences. + */ +#define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_BIT(22) +/* + * If set, a server will allow a client to issue a SSLv3.0 version + * number as latest version supported in the premaster secret, even when + * TLSv1.0 (version 3.1) was announced in the client hello. Normally + * this is forbidden to prevent version rollback attacks. + */ +#define SSL_OP_TLS_ROLLBACK_BUG SSL_OP_BIT(23) +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. + * This is a server-side option only (no effect on the client). + */ +#define SSL_OP_NO_ANTI_REPLAY SSL_OP_BIT(24) +#define SSL_OP_NO_SSLv3 SSL_OP_BIT(25) +#define SSL_OP_NO_TLSv1 SSL_OP_BIT(26) +#define SSL_OP_NO_TLSv1_2 SSL_OP_BIT(27) +#define SSL_OP_NO_TLSv1_1 SSL_OP_BIT(28) +#define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29) +#define SSL_OP_NO_DTLSv1 SSL_OP_BIT(26) +#define SSL_OP_NO_DTLSv1_2 SSL_OP_BIT(27) +/* Disallow all renegotiation */ +#define SSL_OP_NO_RENEGOTIATION SSL_OP_BIT(30) +/* + * Make server add server-hello extension from early version of + * cryptopro draft, when GOST ciphersuite is negotiated. Required for + * interoperability with CryptoPro CSP 3.x + */ +#define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) /* * Option "collections." */ -# define SSL_OP_NO_SSL_MASK \ - ( SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 \ - | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3 ) -# define SSL_OP_NO_DTLS_MASK \ - ( SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 ) +#define SSL_OP_NO_SSL_MASK \ + (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 \ + | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3) +#define SSL_OP_NO_DTLS_MASK \ + (SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2) /* Various bug workarounds that should be rather harmless. */ -# define SSL_OP_ALL \ - ( SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS \ - | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG ) +#define SSL_OP_ALL \ + (SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS \ + | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG) /* * OBSOLETE OPTIONS retained for compatibility */ -# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 -# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 -# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 -# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 -# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 -# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 -# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 -# define SSL_OP_TLS_D5_BUG 0x0 -# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 -# define SSL_OP_SINGLE_ECDH_USE 0x0 -# define SSL_OP_SINGLE_DH_USE 0x0 -# define SSL_OP_EPHEMERAL_RSA 0x0 -# define SSL_OP_NO_SSLv2 0x0 -# define SSL_OP_PKCS1_CHECK_1 0x0 -# define SSL_OP_PKCS1_CHECK_2 0x0 -# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 -# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 +#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +#define SSL_OP_TLS_D5_BUG 0x0 +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +#define SSL_OP_SINGLE_ECDH_USE 0x0 +#define SSL_OP_SINGLE_DH_USE 0x0 +#define SSL_OP_EPHEMERAL_RSA 0x0 +#define SSL_OP_NO_SSLv2 0x0 +#define SSL_OP_PKCS1_CHECK_1 0x0 +#define SSL_OP_PKCS1_CHECK_2 0x0 +#define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 /* * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ -# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U /* * Make it possible to retry SSL_write() with changed buffer location (buffer * contents must stay the same!); this is not the default to avoid the * misconception that non-blocking SSL_write() behaves like non-blocking * write(): */ -# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U /* * Never bother the application with retries if the transport is blocking: */ -# define SSL_MODE_AUTO_RETRY 0x00000004U +#define SSL_MODE_AUTO_RETRY 0x00000004U /* Don't attempt to automatically build certificate chain */ -# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008U /* * Save RAM by releasing read and write buffers when they're empty. (SSL3 and * TLS only.) Released buffers are freed. */ -# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +#define SSL_MODE_RELEASE_BUFFERS 0x00000010U /* * Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations * that require it. */ -# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U -# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U /* * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications * that reconnect with a downgraded protocol version; see @@ -482,11 +484,11 @@ * fallback retries, following the guidance in * draft-ietf-tls-downgrade-scsv-00. */ -# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U /* * Support Asynchronous operation */ -# define SSL_MODE_ASYNC 0x00000100U +#define SSL_MODE_ASYNC 0x00000100U /* * When using DTLS/SCTP, include the terminating zero in the label @@ -499,76 +501,76 @@ * - OpenSSL 1.1.0 series * - OpenSSL 1.1.1 and 1.1.1a */ -# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U +#define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U /* Cert related flags */ /* * Many implementations ignore some aspects of the TLS standards such as * enforcing certificate chain algorithms. When this is set we enforce them. */ -# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U +#define SSL_CERT_FLAG_TLS_STRICT 0x00000001U /* Suite B modes, takes same values as certificate verify flags */ -# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +#define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 /* Suite B 192 bit only mode */ -# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +#define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 /* Suite B 128 bit mode allowing 192 bit algorithms */ -# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 +#define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 /* Perform all sorts of protocol violations for testing purposes */ -# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 +#define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 /* Flags for building certificate chains */ /* Treat any existing certificates as untrusted CAs */ -# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 /* Don't include root CA in chain */ -# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +#define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 /* Just check certificates already there */ -# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +#define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 /* Ignore verification errors */ -# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 /* Clear verification errors from queue */ -# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 +#define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 /* Flags returned by SSL_check_chain */ /* Certificate can be used with this session */ -# define CERT_PKEY_VALID 0x1 +#define CERT_PKEY_VALID 0x1 /* Certificate can also be used for signing */ -# define CERT_PKEY_SIGN 0x2 +#define CERT_PKEY_SIGN 0x2 /* EE certificate signing algorithm OK */ -# define CERT_PKEY_EE_SIGNATURE 0x10 +#define CERT_PKEY_EE_SIGNATURE 0x10 /* CA signature algorithms OK */ -# define CERT_PKEY_CA_SIGNATURE 0x20 +#define CERT_PKEY_CA_SIGNATURE 0x20 /* EE certificate parameters OK */ -# define CERT_PKEY_EE_PARAM 0x40 +#define CERT_PKEY_EE_PARAM 0x40 /* CA certificate parameters OK */ -# define CERT_PKEY_CA_PARAM 0x80 +#define CERT_PKEY_CA_PARAM 0x80 /* Signing explicitly allowed as opposed to SHA1 fallback */ -# define CERT_PKEY_EXPLICIT_SIGN 0x100 +#define CERT_PKEY_EXPLICIT_SIGN 0x100 /* Client CA issuer names match (always set for server cert) */ -# define CERT_PKEY_ISSUER_NAME 0x200 +#define CERT_PKEY_ISSUER_NAME 0x200 /* Cert type matches client types (always set for server cert) */ -# define CERT_PKEY_CERT_TYPE 0x400 +#define CERT_PKEY_CERT_TYPE 0x400 /* Cert chain suitable to Suite B */ -# define CERT_PKEY_SUITEB 0x800 - -# define SSL_CONF_FLAG_CMDLINE 0x1 -# define SSL_CONF_FLAG_FILE 0x2 -# define SSL_CONF_FLAG_CLIENT 0x4 -# define SSL_CONF_FLAG_SERVER 0x8 -# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 -# define SSL_CONF_FLAG_CERTIFICATE 0x20 -# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +#define CERT_PKEY_SUITEB 0x800 + +#define SSL_CONF_FLAG_CMDLINE 0x1 +#define SSL_CONF_FLAG_FILE 0x2 +#define SSL_CONF_FLAG_CLIENT 0x4 +#define SSL_CONF_FLAG_SERVER 0x8 +#define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +#define SSL_CONF_FLAG_CERTIFICATE 0x20 +#define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 /* Configuration value types */ -# define SSL_CONF_TYPE_UNKNOWN 0x0 -# define SSL_CONF_TYPE_STRING 0x1 -# define SSL_CONF_TYPE_FILE 0x2 -# define SSL_CONF_TYPE_DIR 0x3 -# define SSL_CONF_TYPE_NONE 0x4 -# define SSL_CONF_TYPE_STORE 0x5 +#define SSL_CONF_TYPE_UNKNOWN 0x0 +#define SSL_CONF_TYPE_STRING 0x1 +#define SSL_CONF_TYPE_FILE 0x2 +#define SSL_CONF_TYPE_DIR 0x3 +#define SSL_CONF_TYPE_NONE 0x4 +#define SSL_CONF_TYPE_STORE 0x5 /* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ -# define SSL_COOKIE_LENGTH 4096 +#define SSL_COOKIE_LENGTH 4096 /* * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they @@ -582,68 +584,68 @@ uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op); uint64_t SSL_set_options(SSL *s, uint64_t op); -# define SSL_CTX_set_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) -# define SSL_CTX_clear_mode(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) -# define SSL_CTX_get_mode(ctx) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) -# define SSL_clear_mode(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) -# define SSL_set_mode(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) -# define SSL_get_mode(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) -# define SSL_set_mtu(ssl, mtu) \ - SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) -# define DTLS_set_link_mtu(ssl, mtu) \ - SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) -# define DTLS_get_link_min_mtu(ssl) \ - SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) - -# define SSL_get_secure_renegotiation_support(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) - -# define SSL_CTX_set_cert_flags(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) -# define SSL_set_cert_flags(s,op) \ - SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) -# define SSL_CTX_clear_cert_flags(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) -# define SSL_clear_cert_flags(s,op) \ - SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +#define SSL_CTX_set_mode(ctx, op) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, (op), NULL) +#define SSL_CTX_clear_mode(ctx, op) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_MODE, (op), NULL) +#define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, 0, NULL) +#define SSL_clear_mode(ssl, op) \ + SSL_ctrl((ssl), SSL_CTRL_CLEAR_MODE, (op), NULL) +#define SSL_set_mode(ssl, op) \ + SSL_ctrl((ssl), SSL_CTRL_MODE, (op), NULL) +#define SSL_get_mode(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_MODE, 0, NULL) +#define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl), SSL_CTRL_SET_MTU, (mtu), NULL) +#define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl), DTLS_CTRL_SET_LINK_MTU, (mtu), NULL) +#define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl), DTLS_CTRL_GET_LINK_MIN_MTU, 0, NULL) + +#define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +#define SSL_CTX_set_cert_flags(ctx, op) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_CERT_FLAGS, (op), NULL) +#define SSL_set_cert_flags(s, op) \ + SSL_ctrl((s), SSL_CTRL_CERT_FLAGS, (op), NULL) +#define SSL_CTX_clear_cert_flags(ctx, op) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL) +#define SSL_clear_cert_flags(s, op) \ + SSL_ctrl((s), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL) void SSL_CTX_set_msg_callback(SSL_CTX *ctx, - void (*cb) (int write_p, int version, - int content_type, const void *buf, - size_t len, SSL *ssl, void *arg)); + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); void SSL_set_msg_callback(SSL *ssl, - void (*cb) (int write_p, int version, - int content_type, const void *buf, - size_t len, SSL *ssl, void *arg)); -# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -# define SSL_get_extms_support(s) \ - SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) +#define SSL_get_extms_support(s) \ + SSL_ctrl((s), SSL_CTRL_GET_EXTMS_SUPPORT, 0, NULL) -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP /* see tls_srp.c */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_SRP_CTX_init(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int SSL_SRP_CTX_free(SSL *ctx); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); OSSL_DEPRECATEDIN_3_0 __owur int SSL_srp_server_param_with_username(SSL *s, - int *ad); + int *ad); OSSL_DEPRECATEDIN_3_0 __owur int SRP_Calc_A_param(SSL *s); -# endif -# endif +#endif +#endif /* 100k max cert list */ -# define SSL_MAX_CERT_LIST_DEFAULT (1024*100) +#define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100) -# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) +#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024 * 20) /* * This callback type is used inside SSL_CTX, SSL, and in the functions that @@ -657,174 +659,174 @@ * bytes. The callback can alter this length to be less if desired. It is * also an error for the callback to set the size to zero. */ -typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, - unsigned int *id_len); - -# define SSL_SESS_CACHE_OFF 0x0000 -# define SSL_SESS_CACHE_CLIENT 0x0001 -# define SSL_SESS_CACHE_SERVER 0x0002 -# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) -# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, + unsigned int *id_len); + +#define SSL_SESS_CACHE_OFF 0x0000 +#define SSL_SESS_CACHE_CLIENT 0x0001 +#define SSL_SESS_CACHE_SERVER 0x0002 +#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER) +#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ -# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 -# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 -# define SSL_SESS_CACHE_NO_INTERNAL \ - (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) -# define SSL_SESS_CACHE_UPDATE_TIME 0x0400 +#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE) +#define SSL_SESS_CACHE_UPDATE_TIME 0x0400 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); -# define SSL_CTX_sess_number(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) -# define SSL_CTX_sess_connect(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) -# define SSL_CTX_sess_connect_good(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) -# define SSL_CTX_sess_connect_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) -# define SSL_CTX_sess_accept(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) -# define SSL_CTX_sess_accept_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) -# define SSL_CTX_sess_accept_good(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) -# define SSL_CTX_sess_hits(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) -# define SSL_CTX_sess_cb_hits(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) -# define SSL_CTX_sess_misses(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) -# define SSL_CTX_sess_timeouts(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) -# define SSL_CTX_sess_cache_full(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) +#define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_NUMBER, 0, NULL) +#define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT, 0, NULL) +#define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_GOOD, 0, NULL) +#define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_RENEGOTIATE, 0, NULL) +#define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT, 0, NULL) +#define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_RENEGOTIATE, 0, NULL) +#define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_GOOD, 0, NULL) +#define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_HIT, 0, NULL) +#define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CB_HIT, 0, NULL) +#define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_MISSES, 0, NULL) +#define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_TIMEOUTS, 0, NULL) +#define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CACHE_FULL, 0, NULL) void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*new_session_cb) (struct ssl_st *ssl, - SSL_SESSION *sess)); -int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, - SSL_SESSION *sess); + int (*new_session_cb)(struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + SSL_SESSION *sess); void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*remove_session_cb) (struct ssl_ctx_st - *ctx, - SSL_SESSION *sess)); -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, - SSL_SESSION *sess); + void (*remove_session_cb)(struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, + SSL_SESSION *sess); void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*get_session_cb) (struct ssl_st - *ssl, - const unsigned char - *data, int len, - int *copy)); -SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, - const unsigned char *data, - int len, int *copy); + SSL_SESSION *(*get_session_cb)(struct ssl_st + *ssl, + const unsigned char + *data, + int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb) (const SSL *ssl, int type, int val)); -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, - int val); + void (*cb)(const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, + int val); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*client_cert_cb) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey)); -int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey); -# ifndef OPENSSL_NO_ENGINE + int (*client_cert_cb)(SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +#ifndef OPENSSL_NO_ENGINE __owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); -# endif +#endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*app_gen_cookie_cb) (SSL *ssl, - unsigned char - *cookie, - unsigned int - *cookie_len)); + int (*app_gen_cookie_cb)(SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*app_verify_cookie_cb) (SSL *ssl, - const unsigned - char *cookie, - unsigned int - cookie_len)); + int (*app_verify_cookie_cb)(SSL *ssl, + const unsigned char *cookie, + unsigned int + cookie_len)); void SSL_CTX_set_stateless_cookie_generate_cb( SSL_CTX *ctx, - int (*gen_stateless_cookie_cb) (SSL *ssl, - unsigned char *cookie, - size_t *cookie_len)); + int (*gen_stateless_cookie_cb)(SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); void SSL_CTX_set_stateless_cookie_verify_cb( SSL_CTX *ctx, - int (*verify_stateless_cookie_cb) (SSL *ssl, - const unsigned char *cookie, - size_t cookie_len)); -# ifndef OPENSSL_NO_NEXTPROTONEG + int (*verify_stateless_cookie_cb)(SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +#ifndef OPENSSL_NO_NEXTPROTONEG typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, - const unsigned char **out, - unsigned int *outlen, - void *arg); + const unsigned char **out, + unsigned int *outlen, + void *arg); void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, - SSL_CTX_npn_advertised_cb_func cb, - void *arg); -# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +#define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg); + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, - SSL_CTX_npn_select_cb_func cb, - void *arg); -# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + SSL_CTX_npn_select_cb_func cb, + void *arg); +#define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned *len); -# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated -# endif + unsigned *len); +#define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +#endif __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, - unsigned int client_len); + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); -# define OPENSSL_NPN_UNSUPPORTED 0 -# define OPENSSL_NPN_NEGOTIATED 1 -# define OPENSSL_NPN_NO_OVERLAP 2 +#define OPENSSL_NPN_UNSUPPORTED 0 +#define OPENSSL_NPN_NEGOTIATED 1 +#define OPENSSL_NPN_NO_OVERLAP 2 __owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, - unsigned int protos_len); + unsigned int protos_len); __owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, - unsigned int protos_len); + unsigned int protos_len); typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg); + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - SSL_CTX_alpn_select_cb_func cb, - void *arg); + SSL_CTX_alpn_select_cb_func cb, + void *arg); void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len); + unsigned int *len); -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK /* * the maximum length of the buffer given to callbacks containing the * resulting identity/psk */ -# define PSK_MAX_IDENTITY_LEN 256 -# define PSK_MAX_PSK_LEN 512 +#define PSK_MAX_IDENTITY_LEN 256 +#define PSK_MAX_PSK_LEN 512 typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, - const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, - const char *identity, - unsigned char *psk, - unsigned int max_psk_len); + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); @@ -832,78 +834,78 @@ __owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); const char *SSL_get_psk_identity_hint(const SSL *s); const char *SSL_get_psk_identity(const SSL *s); -# endif +#endif typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, - const unsigned char *identity, - size_t identity_len, - SSL_SESSION **sess); + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, - const unsigned char **id, - size_t *idlen, - SSL_SESSION **sess); + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, - SSL_psk_find_session_cb_func cb); + SSL_psk_find_session_cb_func cb); void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, - SSL_psk_use_session_cb_func cb); + SSL_psk_use_session_cb_func cb); /* Register callbacks to handle custom TLS Extensions for client or server. */ __owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, - unsigned int ext_type); + unsigned int ext_type); __owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, - unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, - unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); __owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, - void *parse_arg); + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); __owur int SSL_extension_supported(unsigned int ext_type); -# define SSL_NOTHING 1 -# define SSL_WRITING 2 -# define SSL_READING 3 -# define SSL_X509_LOOKUP 4 -# define SSL_ASYNC_PAUSED 5 -# define SSL_ASYNC_NO_JOBS 6 -# define SSL_CLIENT_HELLO_CB 7 -# define SSL_RETRY_VERIFY 8 +#define SSL_NOTHING 1 +#define SSL_WRITING 2 +#define SSL_READING 3 +#define SSL_X509_LOOKUP 4 +#define SSL_ASYNC_PAUSED 5 +#define SSL_ASYNC_NO_JOBS 6 +#define SSL_CLIENT_HELLO_CB 7 +#define SSL_RETRY_VERIFY 8 /* These will only be used when doing non-blocking IO */ -# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) -# define SSL_want_read(s) (SSL_want(s) == SSL_READING) -# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) -# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) -# define SSL_want_retry_verify(s) (SSL_want(s) == SSL_RETRY_VERIFY) -# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) -# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) -# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) - -# define SSL_MAC_FLAG_READ_MAC_STREAM 1 -# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 -# define SSL_MAC_FLAG_READ_MAC_TLSTREE 4 -# define SSL_MAC_FLAG_WRITE_MAC_TLSTREE 8 +#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +#define SSL_want_read(s) (SSL_want(s) == SSL_READING) +#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +#define SSL_want_retry_verify(s) (SSL_want(s) == SSL_RETRY_VERIFY) +#define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +#define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +#define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +#define SSL_MAC_FLAG_READ_MAC_STREAM 1 +#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 +#define SSL_MAC_FLAG_READ_MAC_TLSTREE 4 +#define SSL_MAC_FLAG_WRITE_MAC_TLSTREE 8 /* * A callback for logging out TLS key material. This callback should log out @@ -937,13 +939,13 @@ } #endif -# include -# include -# include /* This is mostly sslv3 with a few tweaks */ -# include /* Datagram TLS */ -# include /* Support for the use_srtp extension */ +#include +#include +#include /* This is mostly sslv3 with a few tweaks */ +#include /* Datagram TLS */ +#include /* Support for the use_srtp extension */ -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -951,30 +953,32 @@ * These need to be after the above set of includes due to a compiler bug * in VisualStudio 2015 */ +/* clang-format off */ {- generate_const_stack_macros("SSL_CIPHER") .generate_stack_macros("SSL_COMP"); -} +/* clang-format on */ /* compatibility */ -# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) -# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) -# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ - (char *)(a))) -# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) -# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) -# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ - (char *)(arg))) -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)(arg))) +#define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) +#define SSL_SESSION_set_app_data(s, a) (SSL_SESSION_set_ex_data(s, 0, \ + (char *)(a))) +#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s, 0)) +#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx, 0)) +#define SSL_CTX_set_app_data(ctx, arg) (SSL_CTX_set_ex_data(ctx, 0, \ + (char *)(arg))) +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 void SSL_set_debug(SSL *s, int debug); -# endif +#endif /* TLSv1.3 KeyUpdate message types */ /* -1 used so that this is an invalid value for the on-the-wire protocol */ -#define SSL_KEY_UPDATE_NONE -1 +#define SSL_KEY_UPDATE_NONE -1 /* Values as defined for the on-the-wire protocol */ -#define SSL_KEY_UPDATE_NOT_REQUESTED 0 -#define SSL_KEY_UPDATE_REQUESTED 1 +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 /* * The valid handshake states (one for each type message sent and one for each @@ -1049,28 +1053,28 @@ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. */ -# define SSL_ST_CONNECT 0x1000 -# define SSL_ST_ACCEPT 0x2000 - -# define SSL_ST_MASK 0x0FFF - -# define SSL_CB_LOOP 0x01 -# define SSL_CB_EXIT 0x02 -# define SSL_CB_READ 0x04 -# define SSL_CB_WRITE 0x08 -# define SSL_CB_ALERT 0x4000/* used in callback */ -# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) -# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) -# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) -# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) -# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) -# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) -# define SSL_CB_HANDSHAKE_START 0x10 -# define SSL_CB_HANDSHAKE_DONE 0x20 +#define SSL_ST_CONNECT 0x1000 +#define SSL_ST_ACCEPT 0x2000 + +#define SSL_ST_MASK 0x0FFF + +#define SSL_CB_LOOP 0x01 +#define SSL_CB_EXIT 0x02 +#define SSL_CB_READ 0x04 +#define SSL_CB_WRITE 0x08 +#define SSL_CB_ALERT 0x4000 /* used in callback */ +#define SSL_CB_READ_ALERT (SSL_CB_ALERT | SSL_CB_READ) +#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT | SSL_CB_WRITE) +#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT | SSL_CB_LOOP) +#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT | SSL_CB_EXIT) +#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT | SSL_CB_LOOP) +#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT | SSL_CB_EXIT) +#define SSL_CB_HANDSHAKE_START 0x10 +#define SSL_CB_HANDSHAKE_DONE 0x20 /* Is the SSL_connection established? */ -# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) -# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +#define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +#define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) int SSL_in_init(const SSL *s); int SSL_in_before(const SSL *s); int SSL_is_init_finished(const SSL *s); @@ -1079,9 +1083,9 @@ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you * should not need these */ -# define SSL_ST_READ_HEADER 0xF0 -# define SSL_ST_READ_BODY 0xF1 -# define SSL_ST_READ_DONE 0xF2 +#define SSL_ST_READ_HEADER 0xF0 +#define SSL_ST_READ_BODY 0xF1 +#define SSL_ST_READ_DONE 0xF2 /*- * Obtain latest Finished message @@ -1096,394 +1100,394 @@ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are * 'ored' with SSL_VERIFY_PEER if they are desired */ -# define SSL_VERIFY_NONE 0x00 -# define SSL_VERIFY_PEER 0x01 -# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -# define SSL_VERIFY_CLIENT_ONCE 0x04 -# define SSL_VERIFY_POST_HANDSHAKE 0x08 - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define OpenSSL_add_ssl_algorithms() SSL_library_init() -# define SSLeay_add_ssl_algorithms() SSL_library_init() -# endif +#define SSL_VERIFY_NONE 0x00 +#define SSL_VERIFY_PEER 0x01 +#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +#define SSL_VERIFY_CLIENT_ONCE 0x04 +#define SSL_VERIFY_POST_HANDSHAKE 0x08 + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define OpenSSL_add_ssl_algorithms() SSL_library_init() +#define SSLeay_add_ssl_algorithms() SSL_library_init() +#endif /* More backward compatibility */ -# define SSL_get_cipher(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -# define SSL_get_cipher_bits(s,np) \ - SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -# define SSL_get_cipher_version(s) \ - SSL_CIPHER_get_version(SSL_get_current_cipher(s)) -# define SSL_get_cipher_name(s) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -# define SSL_get_time(a) SSL_SESSION_get_time(a) -# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) -# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) -# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) - -# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) -# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) +#define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_cipher_bits(s, np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s), np) +#define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +#define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_time(a) SSL_SESSION_get_time(a) +#define SSL_set_time(a, b) SSL_SESSION_set_time((a), (b)) +#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +#define SSL_set_timeout(a, b) SSL_SESSION_set_timeout((a), (b)) + +#define d2i_SSL_SESSION_bio(bp, s_id) ASN1_d2i_bio_of(SSL_SESSION, SSL_SESSION_new, d2i_SSL_SESSION, bp, s_id) +#define i2d_SSL_SESSION_bio(bp, s_id) ASN1_i2d_bio_of(SSL_SESSION, i2d_SSL_SESSION, bp, s_id) DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) -# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value - * from SSL_AD_... */ +#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value \ + * from SSL_AD_... */ /* These alert types are for SSLv3 and TLSv1 */ -# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY /* fatal */ -# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC -# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED -# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW /* fatal */ -# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE /* fatal */ -# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE /* Not for TLS */ -# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE -# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE -# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE -# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED -# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED -# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN /* fatal */ -# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR -# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR /* fatal */ -# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION /* fatal */ -# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY /* fatal */ -# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR -# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED -# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION -# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION -# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED -# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION -# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE -# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME -# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE -# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +#define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +#define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE /* fatal */ -# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK -# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL -# define SSL_ERROR_NONE 0 -# define SSL_ERROR_SSL 1 -# define SSL_ERROR_WANT_READ 2 -# define SSL_ERROR_WANT_WRITE 3 -# define SSL_ERROR_WANT_X509_LOOKUP 4 -# define SSL_ERROR_SYSCALL 5/* look at error stack/return - * value/errno */ -# define SSL_ERROR_ZERO_RETURN 6 -# define SSL_ERROR_WANT_CONNECT 7 -# define SSL_ERROR_WANT_ACCEPT 8 -# define SSL_ERROR_WANT_ASYNC 9 -# define SSL_ERROR_WANT_ASYNC_JOB 10 -# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 -# define SSL_ERROR_WANT_RETRY_VERIFY 12 - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTRL_SET_TMP_DH 3 -# define SSL_CTRL_SET_TMP_ECDH 4 -# define SSL_CTRL_SET_TMP_DH_CB 6 -# endif - -# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 -# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 -# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 -# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 -# define SSL_CTRL_GET_FLAGS 13 -# define SSL_CTRL_EXTRA_CHAIN_CERT 14 -# define SSL_CTRL_SET_MSG_CALLBACK 15 -# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +#define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +#define SSL_ERROR_NONE 0 +#define SSL_ERROR_SSL 1 +#define SSL_ERROR_WANT_READ 2 +#define SSL_ERROR_WANT_WRITE 3 +#define SSL_ERROR_WANT_X509_LOOKUP 4 +#define SSL_ERROR_SYSCALL 5 /* look at error stack/return \ + * value/errno */ +#define SSL_ERROR_ZERO_RETURN 6 +#define SSL_ERROR_WANT_CONNECT 7 +#define SSL_ERROR_WANT_ACCEPT 8 +#define SSL_ERROR_WANT_ASYNC 9 +#define SSL_ERROR_WANT_ASYNC_JOB 10 +#define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +#define SSL_ERROR_WANT_RETRY_VERIFY 12 + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TMP_ECDH 4 +#define SSL_CTRL_SET_TMP_DH_CB 6 +#endif + +#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +#define SSL_CTRL_GET_FLAGS 13 +#define SSL_CTRL_EXTRA_CHAIN_CERT 14 +#define SSL_CTRL_SET_MSG_CALLBACK 15 +#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 /* only applies to datagram connections */ -# define SSL_CTRL_SET_MTU 17 +#define SSL_CTRL_SET_MTU 17 /* Stats */ -# define SSL_CTRL_SESS_NUMBER 20 -# define SSL_CTRL_SESS_CONNECT 21 -# define SSL_CTRL_SESS_CONNECT_GOOD 22 -# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 -# define SSL_CTRL_SESS_ACCEPT 24 -# define SSL_CTRL_SESS_ACCEPT_GOOD 25 -# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 -# define SSL_CTRL_SESS_HIT 27 -# define SSL_CTRL_SESS_CB_HIT 28 -# define SSL_CTRL_SESS_MISSES 29 -# define SSL_CTRL_SESS_TIMEOUTS 30 -# define SSL_CTRL_SESS_CACHE_FULL 31 -# define SSL_CTRL_MODE 33 -# define SSL_CTRL_GET_READ_AHEAD 40 -# define SSL_CTRL_SET_READ_AHEAD 41 -# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 -# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 -# define SSL_CTRL_SET_SESS_CACHE_MODE 44 -# define SSL_CTRL_GET_SESS_CACHE_MODE 45 -# define SSL_CTRL_GET_MAX_CERT_LIST 50 -# define SSL_CTRL_SET_MAX_CERT_LIST 51 -# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +#define SSL_CTRL_SESS_NUMBER 20 +#define SSL_CTRL_SESS_CONNECT 21 +#define SSL_CTRL_SESS_CONNECT_GOOD 22 +#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +#define SSL_CTRL_SESS_ACCEPT 24 +#define SSL_CTRL_SESS_ACCEPT_GOOD 25 +#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +#define SSL_CTRL_SESS_HIT 27 +#define SSL_CTRL_SESS_CB_HIT 28 +#define SSL_CTRL_SESS_MISSES 29 +#define SSL_CTRL_SESS_TIMEOUTS 30 +#define SSL_CTRL_SESS_CACHE_FULL 31 +#define SSL_CTRL_MODE 33 +#define SSL_CTRL_GET_READ_AHEAD 40 +#define SSL_CTRL_SET_READ_AHEAD 41 +#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +#define SSL_CTRL_SET_SESS_CACHE_MODE 44 +#define SSL_CTRL_GET_SESS_CACHE_MODE 45 +#define SSL_CTRL_GET_MAX_CERT_LIST 50 +#define SSL_CTRL_SET_MAX_CERT_LIST 51 +#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 /* see tls1.h for macros based on these */ -# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 -# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 -# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 -# endif -# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 -# define SSL_CTRL_SET_SRP_ARG 78 -# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 -# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 -# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -# define DTLS_CTRL_GET_TIMEOUT 73 -# define DTLS_CTRL_HANDLE_TIMEOUT 74 -# define SSL_CTRL_GET_RI_SUPPORT 76 -# define SSL_CTRL_CLEAR_MODE 78 -# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 -# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 -# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 -# define SSL_CTRL_CHAIN 88 -# define SSL_CTRL_CHAIN_CERT 89 -# define SSL_CTRL_GET_GROUPS 90 -# define SSL_CTRL_SET_GROUPS 91 -# define SSL_CTRL_SET_GROUPS_LIST 92 -# define SSL_CTRL_GET_SHARED_GROUP 93 -# define SSL_CTRL_SET_SIGALGS 97 -# define SSL_CTRL_SET_SIGALGS_LIST 98 -# define SSL_CTRL_CERT_FLAGS 99 -# define SSL_CTRL_CLEAR_CERT_FLAGS 100 -# define SSL_CTRL_SET_CLIENT_SIGALGS 101 -# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 -# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 -# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 -# define SSL_CTRL_BUILD_CERT_CHAIN 105 -# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 -# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 -# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 -# define SSL_CTRL_GET_PEER_TMP_KEY 109 -# define SSL_CTRL_GET_RAW_CIPHERLIST 110 -# define SSL_CTRL_GET_EC_POINT_FORMATS 111 -# define SSL_CTRL_GET_CHAIN_CERTS 115 -# define SSL_CTRL_SELECT_CURRENT_CERT 116 -# define SSL_CTRL_SET_CURRENT_CERT 117 -# define SSL_CTRL_SET_DH_AUTO 118 -# define DTLS_CTRL_SET_LINK_MTU 120 -# define DTLS_CTRL_GET_LINK_MIN_MTU 121 -# define SSL_CTRL_GET_EXTMS_SUPPORT 122 -# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 -# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 -# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 -# define SSL_CTRL_SET_MAX_PIPELINES 126 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 -# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 -# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 -# define SSL_CTRL_GET_SIGNATURE_NID 132 -# define SSL_CTRL_GET_TMP_KEY 133 -# define SSL_CTRL_GET_NEGOTIATED_GROUP 134 -# define SSL_CTRL_SET_RETRY_VERIFY 136 -# define SSL_CTRL_GET_VERIFY_CERT_STORE 137 -# define SSL_CTRL_GET_CHAIN_CERT_STORE 138 -# define SSL_CERT_SET_FIRST 1 -# define SSL_CERT_SET_NEXT 2 -# define SSL_CERT_SET_SERVER 3 -# define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) -# define DTLSv1_handle_timeout(ssl) \ - SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) -# define SSL_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) -# define SSL_clear_num_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) -# define SSL_total_renegotiations(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTX_set_tmp_dh(ctx,dh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# endif -# define SSL_CTX_set_dh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -# define SSL_set_dh_auto(s, onoff) \ - SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_set_tmp_dh(ssl,dh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) -# define SSL_set_tmp_ecdh(ssl,ecdh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) -# endif -# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) -# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) -# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) -# define SSL_CTX_clear_extra_chain_certs(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) -# define SSL_CTX_set0_chain(ctx,sk) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) -# define SSL_CTX_set1_chain(ctx,sk) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) -# define SSL_CTX_add0_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) -# define SSL_CTX_add1_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) -# define SSL_CTX_get0_chain_certs(ctx,px509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) -# define SSL_CTX_clear_chain_certs(ctx) \ - SSL_CTX_set0_chain(ctx,NULL) -# define SSL_CTX_build_cert_chain(ctx, flags) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) -# define SSL_CTX_select_current_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) -# define SSL_CTX_set_current_cert(ctx, op) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) -# define SSL_CTX_set0_verify_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) -# define SSL_CTX_set1_verify_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) -# define SSL_CTX_get0_verify_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) -# define SSL_CTX_set0_chain_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) -# define SSL_CTX_set1_chain_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) -# define SSL_CTX_get0_chain_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) -# define SSL_set0_chain(s,sk) \ - SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) -# define SSL_set1_chain(s,sk) \ - SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) -# define SSL_add0_chain_cert(s,x509) \ - SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) -# define SSL_add1_chain_cert(s,x509) \ - SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) -# define SSL_get0_chain_certs(s,px509) \ - SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) -# define SSL_clear_chain_certs(s) \ - SSL_set0_chain(s,NULL) -# define SSL_build_cert_chain(s, flags) \ - SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) -# define SSL_select_current_cert(s,x509) \ - SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) -# define SSL_set_current_cert(s,op) \ - SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) -# define SSL_set0_verify_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) -# define SSL_set1_verify_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) -#define SSL_get0_verify_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) -# define SSL_set0_chain_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) -# define SSL_set1_chain_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) -#define SSL_get0_chain_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) - -# define SSL_get1_groups(s, glist) \ - SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) -# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) -# define SSL_CTX_set1_groups_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) -# define SSL_set1_groups(s, glist, glistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) -# define SSL_set1_groups_list(s, str) \ - SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) -# define SSL_get_shared_group(s, n) \ - SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) -# define SSL_get_negotiated_group(s) \ - SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL) -# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) -# define SSL_CTX_set1_sigalgs_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) -# define SSL_set1_sigalgs(s, slist, slistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) -# define SSL_set1_sigalgs_list(s, str) \ - SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) -# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) -# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) -# define SSL_set1_client_sigalgs(s, slist, slistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) -# define SSL_set1_client_sigalgs_list(s, str) \ - SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) -# define SSL_get0_certificate_types(s, clist) \ - SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) -# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ - (char *)(clist)) -# define SSL_set1_client_certificate_types(s, clist, clistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) -# define SSL_get_signature_nid(s, pn) \ - SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) -# define SSL_get_peer_signature_nid(s, pn) \ - SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) -# define SSL_get_peer_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) -# define SSL_get_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) -# define SSL_get0_raw_cipherlist(s, plst) \ - SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) -# define SSL_get0_ec_point_formats(s, plst) \ - SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) -# define SSL_CTX_set_min_proto_version(ctx, version) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) -# define SSL_CTX_set_max_proto_version(ctx, version) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -# define SSL_CTX_get_min_proto_version(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) -# define SSL_CTX_get_max_proto_version(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) -# define SSL_set_min_proto_version(s, version) \ - SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) -# define SSL_set_max_proto_version(s, version) \ - SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -# define SSL_get_min_proto_version(s) \ - SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) -# define SSL_get_max_proto_version(s) \ - SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +#endif +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +#define SSL_CTRL_SET_SRP_ARG 78 +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +#define DTLS_CTRL_GET_TIMEOUT 73 +#define DTLS_CTRL_HANDLE_TIMEOUT 74 +#define SSL_CTRL_GET_RI_SUPPORT 76 +#define SSL_CTRL_CLEAR_MODE 78 +#define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_CHAIN 88 +#define SSL_CTRL_CHAIN_CERT 89 +#define SSL_CTRL_GET_GROUPS 90 +#define SSL_CTRL_SET_GROUPS 91 +#define SSL_CTRL_SET_GROUPS_LIST 92 +#define SSL_CTRL_GET_SHARED_GROUP 93 +#define SSL_CTRL_SET_SIGALGS 97 +#define SSL_CTRL_SET_SIGALGS_LIST 98 +#define SSL_CTRL_CERT_FLAGS 99 +#define SSL_CTRL_CLEAR_CERT_FLAGS 100 +#define SSL_CTRL_SET_CLIENT_SIGALGS 101 +#define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +#define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +#define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +#define SSL_CTRL_BUILD_CERT_CHAIN 105 +#define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +#define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +#define SSL_CTRL_GET_PEER_TMP_KEY 109 +#define SSL_CTRL_GET_RAW_CIPHERLIST 110 +#define SSL_CTRL_GET_EC_POINT_FORMATS 111 +#define SSL_CTRL_GET_CHAIN_CERTS 115 +#define SSL_CTRL_SELECT_CURRENT_CERT 116 +#define SSL_CTRL_SET_CURRENT_CERT 117 +#define SSL_CTRL_SET_DH_AUTO 118 +#define DTLS_CTRL_SET_LINK_MTU 120 +#define DTLS_CTRL_GET_LINK_MIN_MTU 121 +#define SSL_CTRL_GET_EXTMS_SUPPORT 122 +#define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +#define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +#define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +#define SSL_CTRL_SET_MAX_PIPELINES 126 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +#define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +#define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +#define SSL_CTRL_GET_SIGNATURE_NID 132 +#define SSL_CTRL_GET_TMP_KEY 133 +#define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +#define SSL_CTRL_SET_RETRY_VERIFY 136 +#define SSL_CTRL_GET_VERIFY_CERT_STORE 137 +#define SSL_CTRL_GET_CHAIN_CERT_STORE 138 +#define SSL_CERT_SET_FIRST 1 +#define SSL_CERT_SET_NEXT 2 +#define SSL_CERT_SET_SERVER 3 +#define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, (void *)(arg)) +#define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, NULL) +#define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_NUM_RENEGOTIATIONS, 0, NULL) +#define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS, 0, NULL) +#define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_TOTAL_RENEGOTIATIONS, 0, NULL) +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTX_set_tmp_dh(ctx, dh) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, (char *)(dh)) +#endif +#define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_DH_AUTO, onoff, NULL) +#define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s, SSL_CTRL_SET_DH_AUTO, onoff, NULL) +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_set_tmp_dh(ssl, dh) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, (char *)(dh)) +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTX_set_tmp_ecdh(ctx, ecdh) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, (char *)(ecdh)) +#define SSL_set_tmp_ecdh(ssl, ecdh) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, (char *)(ecdh)) +#endif +#define SSL_CTX_add_extra_chain_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)(x509)) +#define SSL_CTX_get_extra_chain_certs(ctx, px509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509) +#define SSL_CTX_get_extra_chain_certs_only(ctx, px509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 1, px509) +#define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL) +#define SSL_CTX_set0_chain(ctx, sk) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CHAIN, 0, (char *)(sk)) +#define SSL_CTX_set1_chain(ctx, sk) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CHAIN, 1, (char *)(sk)) +#define SSL_CTX_add0_chain_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CHAIN_CERT, 0, (char *)(x509)) +#define SSL_CTX_add1_chain_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CHAIN_CERT, 1, (char *)(x509)) +#define SSL_CTX_get0_chain_certs(ctx, px509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_CHAIN_CERTS, 0, px509) +#define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx, NULL) +#define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +#define SSL_CTX_select_current_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SELECT_CURRENT_CERT, 0, (char *)(x509)) +#define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CURRENT_CERT, op, NULL) +#define SSL_CTX_set0_verify_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, (char *)(st)) +#define SSL_CTX_set1_verify_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 1, (char *)(st)) +#define SSL_CTX_get0_verify_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_VERIFY_CERT_STORE, 0, (char *)(st)) +#define SSL_CTX_set0_chain_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CHAIN_CERT_STORE, 0, (char *)(st)) +#define SSL_CTX_set1_chain_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CHAIN_CERT_STORE, 1, (char *)(st)) +#define SSL_CTX_get0_chain_cert_store(ctx, st) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_CHAIN_CERT_STORE, 0, (char *)(st)) +#define SSL_set0_chain(s, sk) \ + SSL_ctrl(s, SSL_CTRL_CHAIN, 0, (char *)(sk)) +#define SSL_set1_chain(s, sk) \ + SSL_ctrl(s, SSL_CTRL_CHAIN, 1, (char *)(sk)) +#define SSL_add0_chain_cert(s, x509) \ + SSL_ctrl(s, SSL_CTRL_CHAIN_CERT, 0, (char *)(x509)) +#define SSL_add1_chain_cert(s, x509) \ + SSL_ctrl(s, SSL_CTRL_CHAIN_CERT, 1, (char *)(x509)) +#define SSL_get0_chain_certs(s, px509) \ + SSL_ctrl(s, SSL_CTRL_GET_CHAIN_CERTS, 0, px509) +#define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s, NULL) +#define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s, SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +#define SSL_select_current_cert(s, x509) \ + SSL_ctrl(s, SSL_CTRL_SELECT_CURRENT_CERT, 0, (char *)(x509)) +#define SSL_set_current_cert(s, op) \ + SSL_ctrl(s, SSL_CTRL_SET_CURRENT_CERT, op, NULL) +#define SSL_set0_verify_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, (char *)(st)) +#define SSL_set1_verify_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_SET_VERIFY_CERT_STORE, 1, (char *)(st)) +#define SSL_get0_verify_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_GET_VERIFY_CERT_STORE, 0, (char *)(st)) +#define SSL_set0_chain_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_SET_CHAIN_CERT_STORE, 0, (char *)(st)) +#define SSL_set1_chain_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_SET_CHAIN_CERT_STORE, 1, (char *)(st)) +#define SSL_get0_chain_cert_store(s, st) \ + SSL_ctrl(s, SSL_CTRL_GET_CHAIN_CERT_STORE, 0, (char *)(st)) + +#define SSL_get1_groups(s, glist) \ + SSL_ctrl(s, SSL_CTRL_GET_GROUPS, 0, (int *)(glist)) +#define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_GROUPS, glistlen, (int *)(glist)) +#define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_GROUPS_LIST, 0, (char *)(s)) +#define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s, SSL_CTRL_SET_GROUPS, glistlen, (char *)(glist)) +#define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s, SSL_CTRL_SET_GROUPS_LIST, 0, (char *)(str)) +#define SSL_get_shared_group(s, n) \ + SSL_ctrl(s, SSL_CTRL_GET_SHARED_GROUP, n, NULL) +#define SSL_get_negotiated_group(s) \ + SSL_ctrl(s, SSL_CTRL_GET_NEGOTIATED_GROUP, 0, NULL) +#define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SIGALGS, slistlen, (int *)(slist)) +#define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SIGALGS_LIST, 0, (char *)(s)) +#define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s, SSL_CTRL_SET_SIGALGS, slistlen, (int *)(slist)) +#define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s, SSL_CTRL_SET_SIGALGS_LIST, 0, (char *)(str)) +#define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CLIENT_SIGALGS, slistlen, (int *)(slist)) +#define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CLIENT_SIGALGS_LIST, 0, (char *)(s)) +#define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s, SSL_CTRL_SET_CLIENT_SIGALGS, slistlen, (int *)(slist)) +#define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s, SSL_CTRL_SET_CLIENT_SIGALGS_LIST, 0, (char *)(str)) +#define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +#define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CLIENT_CERT_TYPES, clistlen, \ + (char *)(clist)) +#define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s, SSL_CTRL_SET_CLIENT_CERT_TYPES, clistlen, (char *)(clist)) +#define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn) +#define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn) +#define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk) +#define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s, SSL_CTRL_GET_TMP_KEY, 0, pk) +#define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s, SSL_CTRL_GET_RAW_CIPHERLIST, 0, plst) +#define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s, SSL_CTRL_GET_EC_POINT_FORMATS, 0, plst) +#define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +#define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +#define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +#define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +#define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +#define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) const char *SSL_group_to_name(SSL *s, int id); /* Backwards compatibility, original 1.1.0 names */ -# define SSL_CTRL_GET_SERVER_TMP_KEY \ - SSL_CTRL_GET_PEER_TMP_KEY -# define SSL_get_server_tmp_key(s, pk) \ - SSL_get_peer_tmp_key(s, pk) +#define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +#define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey); int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey); @@ -1492,34 +1496,37 @@ * The following symbol names are old and obsolete. They are kept * for compatibility reasons only and should not be used anymore. */ -# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS -# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS -# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST -# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP - -# define SSL_get1_curves SSL_get1_groups -# define SSL_CTX_set1_curves SSL_CTX_set1_groups -# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list -# define SSL_set1_curves SSL_set1_groups -# define SSL_set1_curves_list SSL_set1_groups_list -# define SSL_get_shared_curve SSL_get_shared_group - - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +#define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +#define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +#define SSL_get1_curves SSL_get1_groups +#define SSL_CTX_set1_curves SSL_CTX_set1_groups +#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +#define SSL_set1_curves SSL_set1_groups +#define SSL_set1_curves_list SSL_set1_groups_list +#define SSL_get_shared_curve SSL_get_shared_group + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* Provide some compatibility macros for removed functionality. */ -# define SSL_CTX_need_tmp_RSA(ctx) 0 -# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 -# define SSL_need_tmp_RSA(ssl) 0 -# define SSL_set_tmp_rsa(ssl,rsa) 1 -# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) -# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +#define SSL_CTX_need_tmp_RSA(ctx) 0 +#define SSL_CTX_set_tmp_rsa(ctx, rsa) 1 +#define SSL_need_tmp_RSA(ssl) 0 +#define SSL_set_tmp_rsa(ssl, rsa) 1 +#define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +#define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) /* * We "pretend" to call the callback to avoid warnings about unused static * functions. */ -# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) -# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) -# endif +#define SSL_CTX_set_tmp_rsa_callback(ctx, cb) \ + while (0) \ + (cb)(NULL, 0, 0) +#define SSL_set_tmp_rsa_callback(ssl, cb) \ + while (0) \ + (cb)(NULL, 0, 0) +#endif __owur const BIO_METHOD *BIO_f_ssl(void); __owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); __owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); @@ -1530,7 +1537,7 @@ __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); __owur SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, - const SSL_METHOD *meth); + const SSL_METHOD *meth); int SSL_CTX_up_ref(SSL_CTX *ctx); void SSL_CTX_free(SSL_CTX *); __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); @@ -1565,11 +1572,11 @@ __owur int SSL_get_read_ahead(const SSL *s); __owur int SSL_pending(const SSL *s); __owur int SSL_has_pending(const SSL *s); -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK __owur int SSL_set_fd(SSL *s, int fd); __owur int SSL_set_rfd(SSL *s, int fd); __owur int SSL_set_wfd(SSL *s, int fd); -# endif +#endif void SSL_set0_rbio(SSL *s, BIO *rbio); void SSL_set0_wbio(SSL *s, BIO *wbio); void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); @@ -1584,32 +1591,31 @@ __owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); void SSL_set_verify_depth(SSL *s, int depth); -void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, - const unsigned char *d, long len); -# endif + const unsigned char *d, long len); +#endif __owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, - long len); + long len); __owur int SSL_use_certificate(SSL *ssl, X509 *x); __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); __owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override); - + STACK_OF(X509) *chain, int override); /* serverinfo file format versions */ -# define SSL_SERVERINFOV1 1 -# define SSL_SERVERINFOV2 2 +#define SSL_SERVERINFOV1 1 +#define SSL_SERVERINFOV2 2 /* Set serverinfo data for the current active cert. */ __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, - size_t serverinfo_length); + size_t serverinfo_length); __owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, - const unsigned char *serverinfo, - size_t serverinfo_length); + const unsigned char *serverinfo, + size_t serverinfo_length); __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -1623,31 +1629,31 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, - int type); + int type); #endif __owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, - int type); + int type); __owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, - int type); + int type); /* PEM type */ __owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); __owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); __owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -__owur STACK_OF(X509_NAME) -*SSL_load_client_CA_file_ex(const char *file, OSSL_LIB_CTX *libctx, - const char *propq); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, OSSL_LIB_CTX *libctx, + const char *propq); __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *file); + const char *file); int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *dir); + const char *dir); int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *uri); + const char *uri); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSL_load_error_strings() \ +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_load_error_strings() \ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) -# endif + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, \ + NULL) +#endif __owur const char *SSL_state_string(const SSL *s); __owur const char *SSL_rstate_string(const SSL *s); @@ -1663,39 +1669,39 @@ __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); __owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, - const unsigned char **alpn, - size_t *len); + const unsigned char **alpn, + size_t *len); __owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, - const unsigned char *alpn, - size_t len); + const unsigned char *alpn, + size_t len); __owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); __owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, - size_t *len); + size_t *len); __owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); __owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, - uint32_t max_early_data); + uint32_t max_early_data); __owur int SSL_copy_session_id(SSL *to, const SSL *from); __owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); __owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, - const unsigned char *sid_ctx, - unsigned int sid_ctx_len); + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, - unsigned int sid_len); + unsigned int sid_len); __owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); __owur SSL_SESSION *SSL_SESSION_new(void); __owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, - unsigned int *len); + unsigned int *len); const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, - unsigned int *len); + unsigned int *len); __owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); -# endif +#endif int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); int SSL_SESSION_up_ref(SSL_SESSION *ses); @@ -1707,19 +1713,19 @@ __owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); __owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); __owur int SSL_has_matching_session_id(const SSL *s, - const unsigned char *id, - unsigned int id_len); + const unsigned char *id, + unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length); + long length); -# ifdef OPENSSL_X509_H +#ifdef OPENSSL_X509_H __owur X509 *SSL_get0_peer_certificate(const SSL *s); __owur X509 *SSL_get1_peer_certificate(const SSL *s); /* Deprecated in 3.0.0 */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_get_peer_certificate SSL_get1_peer_certificate -# endif -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_get_peer_certificate SSL_get1_peer_certificate +#endif +#endif __owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); @@ -1729,25 +1735,25 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, - int (*cb) (X509_STORE_CTX *, void *), - void *arg); -void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), - void *arg); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + int (*cb)(X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), + void *arg); +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, - long len); -# endif + long len); +#endif __owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); __owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, - const unsigned char *d, long len); + const unsigned char *d, long len); __owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d); + const unsigned char *d); __owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override); + STACK_OF(X509) *chain, int override); void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); @@ -1762,14 +1768,14 @@ __owur int SSL_check_private_key(const SSL *ctx); __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, - const unsigned char *sid_ctx, - unsigned int sid_ctx_len); + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, - unsigned int sid_ctx_len); + unsigned int sid_ctx_len); __owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); __owur int SSL_set_purpose(SSL *ssl, int purpose); @@ -1783,14 +1789,14 @@ __owur int SSL_CTX_dane_enable(SSL_CTX *ctx); __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, - uint8_t mtype, uint8_t ord); + uint8_t mtype, uint8_t ord); __owur int SSL_dane_enable(SSL *s, const char *basedomain); __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, const unsigned char *data, size_t dlen); + uint8_t mtype, const unsigned char *data, size_t dlen); __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, - uint8_t *mtype, const unsigned char **data, - size_t *dlen); + uint8_t *mtype, const unsigned char **data, + size_t *dlen); /* * Bridge opacity barrier between libcrypt and libssl, also needed to support * offline testing in test/danetest.c @@ -1810,105 +1816,105 @@ __owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); __owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); -# ifndef OPENSSL_NO_SRP -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, - char *(*cb) (SSL *, void *)); + char *(*cb)(SSL *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, - int (*cb) (SSL *, void *)); + int (*cb)(SSL *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, - int (*cb) (SSL *, int *, void *)); + int (*cb)(SSL *, int *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); OSSL_DEPRECATEDIN_3_0 int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, - BIGNUM *sa, BIGNUM *v, char *info); + BIGNUM *sa, BIGNUM *v, char *info); OSSL_DEPRECATEDIN_3_0 int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, - const char *grp); + const char *grp); OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_g(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_N(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_username(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s); -# endif -# endif +#endif +#endif /* * ClientHello callback and helpers. */ -# define SSL_CLIENT_HELLO_SUCCESS 1 -# define SSL_CLIENT_HELLO_ERROR 0 -# define SSL_CLIENT_HELLO_RETRY (-1) +#define SSL_CLIENT_HELLO_SUCCESS 1 +#define SSL_CLIENT_HELLO_ERROR 0 +#define SSL_CLIENT_HELLO_RETRY (-1) -typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, - void *arg); + void *arg); int SSL_client_hello_isv2(SSL *s); unsigned int SSL_client_hello_get0_legacy_version(SSL *s); size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_compression_methods(SSL *s, - const unsigned char **out); + const unsigned char **out); int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, - const unsigned char **out, size_t *outlen); + const unsigned char **out, size_t *outlen); void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); -# ifdef OSSL_ASYNC_FD +#ifdef OSSL_ASYNC_FD /* * Windows application developer has to include windows.h to use these. */ __owur int SSL_waiting_for_async(SSL *s); __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, - size_t *numaddfds, OSSL_ASYNC_FD *delfd, - size_t *numdelfds); + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); __owur int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); __owur int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); __owur int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); __owur int SSL_set_async_callback_arg(SSL *s, void *arg); __owur int SSL_get_async_status(SSL *s, int *status); -# endif +#endif __owur int SSL_accept(SSL *ssl); __owur int SSL_stateless(SSL *s); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); -# define SSL_READ_EARLY_DATA_ERROR 0 -# define SSL_READ_EARLY_DATA_SUCCESS 1 -# define SSL_READ_EARLY_DATA_FINISH 2 +#define SSL_READ_EARLY_DATA_ERROR 0 +#define SSL_READ_EARLY_DATA_SUCCESS 1 +#define SSL_READ_EARLY_DATA_FINISH 2 __owur int SSL_read_early_data(SSL *s, void *buf, size_t num, - size_t *readbytes); + size_t *readbytes); __owur int SSL_peek(SSL *ssl, void *buf, int num); __owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); __owur ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, - int flags); + int flags); __owur int SSL_write(SSL *ssl, const void *buf, int num); __owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); __owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, - size_t *written); + size_t *written); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); -# define SSL_EARLY_DATA_NOT_SENT 0 -# define SSL_EARLY_DATA_REJECTED 1 -# define SSL_EARLY_DATA_ACCEPTED 2 +#define SSL_EARLY_DATA_NOT_SENT 0 +#define SSL_EARLY_DATA_REJECTED 1 +#define SSL_EARLY_DATA_ACCEPTED 2 __owur int SSL_get_early_data_status(const SSL *s); @@ -1916,68 +1922,68 @@ __owur const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); -# endif +#endif -# ifndef OPENSSL_NO_SSL3_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_SSL3_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_client_method(void); -# endif -# endif +#endif +#endif -#define SSLv23_method TLS_method -#define SSLv23_server_method TLS_server_method -#define SSLv23_client_method TLS_client_method +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method /* Negotiate highest available SSL/TLS version */ __owur const SSL_METHOD *TLS_method(void); __owur const SSL_METHOD *TLS_server_method(void); __owur const SSL_METHOD *TLS_client_method(void); -# ifndef OPENSSL_NO_TLS1_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_TLS1_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_client_method(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_TLS1_1_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_TLS1_1_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_client_method(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_TLS1_2_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_TLS1_2_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_client_method(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_DTLS1_METHOD -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DTLS1_METHOD +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_client_method(void); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_DTLS1_2_METHOD +#ifndef OPENSSL_NO_DTLS1_2_METHOD /* DTLSv1.2 */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_client_method(void); -# endif -# endif +#endif +#endif __owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ @@ -2030,9 +2036,9 @@ __owur long SSL_get_default_timeout(const SSL *s); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSL_library_init() OPENSSL_init_ssl(0, NULL) -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_library_init() OPENSSL_init_ssl(0, NULL) +#endif __owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); __owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); @@ -2064,17 +2070,17 @@ __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, - const char *CAfile, - const char *CApath); -# define SSL_get0_session SSL_get_session/* just peek at pointer */ + const char *CAfile, + const char *CApath); +#define SSL_get0_session SSL_get_session /* just peek at pointer */ __owur SSL_SESSION *SSL_get_session(const SSL *ssl); __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ __owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); void SSL_set_info_callback(SSL *ssl, - void (*cb) (const SSL *ssl, int type, int val)); -void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, - int val); + void (*cb)(const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, + int val); __owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl, long v); @@ -2082,13 +2088,13 @@ __owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); __owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, - size_t outlen); + size_t outlen); __owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, - size_t outlen); + size_t outlen); __owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, - unsigned char *out, size_t outlen); + unsigned char *out, size_t outlen); __owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); #define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ @@ -2106,61 +2112,61 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); -# define SSL_CTX_sess_set_cache_size(ctx,t) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) -# define SSL_CTX_sess_get_cache_size(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) -# define SSL_CTX_set_session_cache_mode(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) -# define SSL_CTX_get_session_cache_mode(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) - -# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) -# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) -# define SSL_CTX_get_read_ahead(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) -# define SSL_CTX_set_read_ahead(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) -# define SSL_CTX_get_max_cert_list(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -# define SSL_CTX_set_max_cert_list(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) -# define SSL_get_max_cert_list(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) -# define SSL_set_max_cert_list(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) - -# define SSL_CTX_set_max_send_fragment(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) -# define SSL_set_max_send_fragment(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) -# define SSL_CTX_set_split_send_fragment(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) -# define SSL_set_split_send_fragment(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) -# define SSL_CTX_set_max_pipelines(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) -# define SSL_set_max_pipelines(ssl,m) \ - SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) -# define SSL_set_retry_verify(ssl) \ - (SSL_ctrl(ssl,SSL_CTRL_SET_RETRY_VERIFY,0,NULL) > 0) +#define SSL_CTX_sess_set_cache_size(ctx, t) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, NULL) +#define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, NULL) +#define SSL_CTX_set_session_cache_mode(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, NULL) +#define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_MODE, 0, NULL) + +#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +#define SSL_CTX_set_default_read_ahead(ctx, m) SSL_CTX_set_read_ahead(ctx, m) +#define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_READ_AHEAD, 0, NULL) +#define SSL_CTX_set_read_ahead(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, NULL) +#define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL) +#define SSL_CTX_set_max_cert_list(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL) +#define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL) +#define SSL_set_max_cert_list(ssl, m) \ + SSL_ctrl(ssl, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL) + +#define SSL_CTX_set_max_send_fragment(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) +#define SSL_set_max_send_fragment(ssl, m) \ + SSL_ctrl(ssl, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) +#define SSL_CTX_set_split_send_fragment(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SPLIT_SEND_FRAGMENT, m, NULL) +#define SSL_set_split_send_fragment(ssl, m) \ + SSL_ctrl(ssl, SSL_CTRL_SET_SPLIT_SEND_FRAGMENT, m, NULL) +#define SSL_CTX_set_max_pipelines(ctx, m) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PIPELINES, m, NULL) +#define SSL_set_max_pipelines(ssl, m) \ + SSL_ctrl(ssl, SSL_CTRL_SET_MAX_PIPELINES, m, NULL) +#define SSL_set_retry_verify(ssl) \ + (SSL_ctrl(ssl, SSL_CTRL_SET_RETRY_VERIFY, 0, NULL) > 0) void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); void SSL_set_default_read_buffer_len(SSL *s, size_t len); -# ifndef OPENSSL_NO_DH -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* NB: the |keylength| is only applicable when is_export is true */ OSSL_DEPRECATEDIN_3_0 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)); + DH *(*dh)(SSL *ssl, int is_export, + int keylength)); OSSL_DEPRECATEDIN_3_0 void SSL_set_tmp_dh_callback(SSL *ssl, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)); -# endif -# endif + DH *(*dh)(SSL *ssl, int is_export, + int keylength)); +#endif +#endif __owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); __owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); @@ -2169,50 +2175,52 @@ __owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) - *meths); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSL_COMP_free_compression_methods() while(0) continue -# endif + *meths); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_COMP_free_compression_methods() \ + while (0) \ + continue +#endif __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, - int isv2format, STACK_OF(SSL_CIPHER) **sk, - STACK_OF(SSL_CIPHER) **scsvs); + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); /* TLS extensions functions */ __owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); __owur int SSL_set_session_ticket_ext_cb(SSL *s, - tls_session_ticket_ext_cb_fn cb, - void *arg); + tls_session_ticket_ext_cb_fn cb, + void *arg); /* Pre-shared secret session resumption functions */ __owur int SSL_set_session_secret_cb(SSL *s, - tls_session_secret_cb_fn session_secret_cb, - void *arg); + tls_session_secret_cb_fn session_secret_cb, + void *arg); void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - int - is_forward_secure)); + int (*cb)(SSL *ssl, + int + is_forward_secure)); void SSL_set_not_resumable_session_callback(SSL *ssl, - int (*cb) (SSL *ssl, - int is_forward_secure)); + int (*cb)(SSL *ssl, + int is_forward_secure)); void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, - size_t (*cb) (SSL *ssl, int type, - size_t len, void *arg)); + size_t (*cb)(SSL *ssl, int type, + size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); int SSL_set_record_padding_callback(SSL *ssl, - size_t (*cb) (SSL *ssl, int type, - size_t len, void *arg)); + size_t (*cb)(SSL *ssl, int type, + size_t len, void *arg)); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_set_block_padding(SSL *ssl, size_t block_size); @@ -2222,9 +2230,9 @@ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define SSL_cache_hit(s) SSL_session_reused(s) -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define SSL_cache_hit(s) SSL_session_reused(s) +#endif __owur int SSL_session_reused(const SSL *s); __owur int SSL_is_server(const SSL *s); @@ -2234,7 +2242,7 @@ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); __owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, - unsigned int flags); + unsigned int flags); __owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); @@ -2248,16 +2256,16 @@ int SSL_config(SSL *s, const char *name); int SSL_CTX_config(SSL_CTX *ctx, const char *name); -# ifndef OPENSSL_NO_SSL_TRACE +#ifndef OPENSSL_NO_SSL_TRACE void SSL_trace(int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); -# endif + const void *buf, size_t len, SSL *ssl, void *arg); +#endif -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client); -# endif +#endif -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT /* * A callback for verifying that the received SCTs are sufficient. @@ -2266,7 +2274,7 @@ * A connection should be aborted if the SCTs are deemed insufficient. */ typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, - const STACK_OF(SCT) *scts, void *arg); + const STACK_OF(SCT) *scts, void *arg); /* * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate @@ -2281,14 +2289,14 @@ * will be requested. */ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, - void *arg); + void *arg); int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, - ssl_ct_validation_cb callback, - void *arg); + ssl_ct_validation_cb callback, + void *arg); #define SSL_disable_ct(s) \ - ((void) SSL_set_validation_callback((s), NULL, NULL)) + ((void)SSL_set_validation_callback((s), NULL, NULL)) #define SSL_CTX_disable_ct(ctx) \ - ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + ((void)SSL_CTX_set_validation_callback((ctx), NULL, NULL)) /* * The validation type enumerates the available behaviours of the built-in SSL @@ -2353,106 +2361,106 @@ */ const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); -# endif /* OPENSSL_NO_CT */ +#endif /* OPENSSL_NO_CT */ /* What the "other" parameter contains in security callback */ /* Mask for type */ -# define SSL_SECOP_OTHER_TYPE 0xffff0000 -# define SSL_SECOP_OTHER_NONE 0 -# define SSL_SECOP_OTHER_CIPHER (1 << 16) -# define SSL_SECOP_OTHER_CURVE (2 << 16) -# define SSL_SECOP_OTHER_DH (3 << 16) -# define SSL_SECOP_OTHER_PKEY (4 << 16) -# define SSL_SECOP_OTHER_SIGALG (5 << 16) -# define SSL_SECOP_OTHER_CERT (6 << 16) +#define SSL_SECOP_OTHER_TYPE 0xffff0000 +#define SSL_SECOP_OTHER_NONE 0 +#define SSL_SECOP_OTHER_CIPHER (1 << 16) +#define SSL_SECOP_OTHER_CURVE (2 << 16) +#define SSL_SECOP_OTHER_DH (3 << 16) +#define SSL_SECOP_OTHER_PKEY (4 << 16) +#define SSL_SECOP_OTHER_SIGALG (5 << 16) +#define SSL_SECOP_OTHER_CERT (6 << 16) /* Indicated operation refers to peer key or certificate */ -# define SSL_SECOP_PEER 0x1000 +#define SSL_SECOP_PEER 0x1000 /* Values for "op" parameter in security callback */ /* Called to filter ciphers */ /* Ciphers client supports */ -# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +#define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) /* Cipher shared by client/server */ -# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +#define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) /* Sanity check of cipher server selects */ -# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +#define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) /* Curves supported by client */ -# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +#define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) /* Curves shared by client/server */ -# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +#define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) /* Sanity check of curve server selects */ -# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +#define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) /* Temporary DH key */ -# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +#define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) /* SSL/TLS version */ -# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +#define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) /* Session tickets */ -# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +#define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) /* Supported signature algorithms sent to peer */ -# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +#define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) /* Shared signature algorithm */ -# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +#define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) /* Sanity check signature algorithm allowed */ -# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +#define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) /* Used to get mask of supported public key signature algorithms */ -# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +#define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) /* Use to see if compression is allowed */ -# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +#define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) /* EE key in certificate */ -# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +#define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) /* CA key in certificate */ -# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +#define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) /* CA digest algorithm in certificate */ -# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +#define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) /* Peer EE key in certificate */ -# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +#define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) /* Peer CA key in certificate */ -# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +#define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) /* Peer CA digest algorithm in certificate */ -# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) +#define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) void SSL_set_security_level(SSL *s, int level); __owur int SSL_get_security_level(const SSL *s); void SSL_set_security_callback(SSL *s, - int (*cb) (const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex)); -int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, - const SSL_CTX *ctx, int op, - int bits, int nid, void *other, - void *ex); + int (*cb)(const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s))(const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); void SSL_set0_security_ex_data(SSL *s, void *ex); __owur void *SSL_get0_security_ex_data(const SSL *s); void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); __owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); void SSL_CTX_set_security_callback(SSL_CTX *ctx, - int (*cb) (const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex)); -int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, - const SSL_CTX *ctx, - int op, int bits, - int nid, - void *other, - void *ex); + int (*cb)(const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); __owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); /* OPENSSL_INIT flag 0x010000 reserved for internal use */ -# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L -# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L +#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L -# define OPENSSL_INIT_SSL_DEFAULT \ - (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) +#define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); -# ifndef OPENSSL_NO_UNIT_TEST +#ifndef OPENSSL_NO_UNIT_TEST __owur const struct openssl_ssl_test_functions *SSL_test_functions(void); -# endif +#endif __owur int SSL_free_buffers(SSL *ssl); __owur int SSL_alloc_buffers(SSL *ssl); @@ -2463,44 +2471,44 @@ /* Support for ticket appdata */ /* fatal error, malloc failure */ -# define SSL_TICKET_FATAL_ERR_MALLOC 0 +#define SSL_TICKET_FATAL_ERR_MALLOC 0 /* fatal error, either from parsing or decrypting the ticket */ -# define SSL_TICKET_FATAL_ERR_OTHER 1 +#define SSL_TICKET_FATAL_ERR_OTHER 1 /* No ticket present */ -# define SSL_TICKET_NONE 2 +#define SSL_TICKET_NONE 2 /* Empty ticket present */ -# define SSL_TICKET_EMPTY 3 +#define SSL_TICKET_EMPTY 3 /* the ticket couldn't be decrypted */ -# define SSL_TICKET_NO_DECRYPT 4 +#define SSL_TICKET_NO_DECRYPT 4 /* a ticket was successfully decrypted */ -# define SSL_TICKET_SUCCESS 5 +#define SSL_TICKET_SUCCESS 5 /* same as above but the ticket needs to be renewed */ -# define SSL_TICKET_SUCCESS_RENEW 6 +#define SSL_TICKET_SUCCESS_RENEW 6 /* Return codes for the decrypt session ticket callback */ typedef int SSL_TICKET_RETURN; /* An error occurred */ -#define SSL_TICKET_RETURN_ABORT 0 +#define SSL_TICKET_RETURN_ABORT 0 /* Do not use the ticket, do not send a renewed ticket to the client */ -#define SSL_TICKET_RETURN_IGNORE 1 +#define SSL_TICKET_RETURN_IGNORE 1 /* Do not use the ticket, send a renewed ticket to the client */ -#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 /* Use the ticket, do not send a renewed ticket to the client */ -#define SSL_TICKET_RETURN_USE 3 +#define SSL_TICKET_RETURN_USE 3 /* Use the ticket, send a renewed ticket to the client */ -#define SSL_TICKET_RETURN_USE_RENEW 4 +#define SSL_TICKET_RETURN_USE_RENEW 4 typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, - const unsigned char *keyname, - size_t keyname_length, - SSL_TICKET_STATUS status, - void *arg); + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, - SSL_CTX_generate_session_ticket_fn gen_cb, - SSL_CTX_decrypt_session_ticket_fn dec_cb, - void *arg); + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); @@ -2508,20 +2516,19 @@ void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); - typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, - SSL_allow_early_data_cb_fn cb, - void *arg); + SSL_allow_early_data_cb_fn cb, + void *arg); void SSL_set_allow_early_data_cb(SSL *s, - SSL_allow_early_data_cb_fn cb, - void *arg); + SSL_allow_early_data_cb_fn cb, + void *arg); /* store the default cipher strings inside the library */ const char *OSSL_default_cipher_list(void); const char *OSSL_default_ciphersuites(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/ssl2.h.orig +++ crypto/openssl/include/openssl/ssl2.h @@ -8,23 +8,23 @@ */ #ifndef OPENSSL_SSL2_H -# define OPENSSL_SSL2_H -# pragma once +#define OPENSSL_SSL2_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SSL2_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SSL2_H +#endif -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# define SSL2_VERSION 0x0002 +#define SSL2_VERSION 0x0002 -# define SSL2_MT_CLIENT_HELLO 1 +#define SSL2_MT_CLIENT_HELLO 1 -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/ssl3.h.orig +++ crypto/openssl/include/openssl/ssl3.h @@ -9,20 +9,20 @@ */ #ifndef OPENSSL_SSL3_H -# define OPENSSL_SSL3_H -# pragma once +#define OPENSSL_SSL3_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SSL3_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SSL3_H +#endif -# include -# include -# include -# include +#include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -30,132 +30,132 @@ * Signalling cipher suite value from RFC 5746 * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ -# define SSL3_CK_SCSV 0x030000FF +#define SSL3_CK_SCSV 0x030000FF /* * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 * (TLS_FALLBACK_SCSV) */ -# define SSL3_CK_FALLBACK_SCSV 0x03005600 - -# define SSL3_CK_RSA_NULL_MD5 0x03000001 -# define SSL3_CK_RSA_NULL_SHA 0x03000002 -# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 -# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 -# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 -# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 -# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 -# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 -# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 -# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A - -# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B -# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C -# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D -# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E -# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F -# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 - -# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 -# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA -# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 -# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA -# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 -# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA -# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 -# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA -# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 -# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA -# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 -# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA - -# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 -# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 -# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 -# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A -# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + +#define SSL3_CK_RSA_NULL_MD5 0x03000001 +#define SSL3_CK_RSA_NULL_SHA 0x03000002 +#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +#define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +#define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +#define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +#define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +#define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +#define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B /* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ -# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" -# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" -# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" -# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" -# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" -# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" -# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" -# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" -# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" -# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" - -# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" -# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" -# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" -# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" -# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" -# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" -# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" -# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" -# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" -# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" - -# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" -# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" -# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" -# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" -# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" -# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" - -# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" -# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" -# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" -# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" -# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" -# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" +#define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +#define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +#define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +#define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +#define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +#define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +#define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +#define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +#define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +#define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +#define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +#define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +#define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +#define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +#define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" /* * This next block of six "EDH" labels is for backward compatibility with * older versions of OpenSSL. New code should use the six "DHE" labels above * instead: */ -# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" -# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" -# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" -# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" -# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" -# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" - -# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" -# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" -# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" -# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" -# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" - -# define SSL3_SSL_SESSION_ID_LENGTH 32 -# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 - -# define SSL3_MASTER_SECRET_SIZE 48 -# define SSL3_RANDOM_SIZE 32 -# define SSL3_SESSION_ID_SIZE 32 -# define SSL3_RT_HEADER_LENGTH 5 - -# define SSL3_HM_HEADER_LENGTH 4 - -# ifndef SSL3_ALIGN_PAYLOAD - /* - * Some will argue that this increases memory footprint, but it's not - * actually true. Point is that malloc has to return at least 64-bit aligned - * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. - * Suggested pre-gaping simply moves these wasted bytes from the end of - * allocated region to its front, but makes data payload aligned, which - * improves performance:-) - */ -# define SSL3_ALIGN_PAYLOAD 8 -# else -# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 -# error "insane SSL3_ALIGN_PAYLOAD" -# undef SSL3_ALIGN_PAYLOAD -# endif -# endif +#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +#define SSL3_SSL_SESSION_ID_LENGTH 32 +#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +#define SSL3_MASTER_SECRET_SIZE 48 +#define SSL3_RANDOM_SIZE 32 +#define SSL3_SESSION_ID_SIZE 32 +#define SSL3_RT_HEADER_LENGTH 5 + +#define SSL3_HM_HEADER_LENGTH 4 + +#ifndef SSL3_ALIGN_PAYLOAD +/* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +#define SSL3_ALIGN_PAYLOAD 8 +#else +#if (SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) != 0 +#error "insane SSL3_ALIGN_PAYLOAD" +#undef SSL3_ALIGN_PAYLOAD +#endif +#endif /* * This is the maximum MAC (digest) size used by the SSL library. Currently @@ -163,185 +163,184 @@ * 512-bit hashes. */ -# define SSL3_RT_MAX_MD_SIZE 64 +#define SSL3_RT_MAX_MD_SIZE 64 /* * Maximum block size used in all ciphersuites. Currently 16 for AES. */ -# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 +#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 -# define SSL3_RT_MAX_EXTRA (16384) +#define SSL3_RT_MAX_EXTRA (16384) /* Maximum plaintext length: defined by SSL/TLS standards */ -# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +#define SSL3_RT_MAX_PLAIN_LENGTH 16384 /* Maximum compression overhead: defined by SSL/TLS standards */ -# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 +#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 /* * The standards give a maximum encryption overhead of 1024 bytes. In * practice the value is lower than this. The overhead is the maximum number * of padding bytes (256) plus the mac size. */ -# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) -# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 +#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +#define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 /* * OpenSSL currently only uses a padding length of at most one block so the * send overhead is smaller. */ -# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ - (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) +#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) /* If compression isn't used don't include the compression overhead */ -# ifdef OPENSSL_NO_COMP -# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH -# else -# define SSL3_RT_MAX_COMPRESSED_LENGTH \ - (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) -# endif -# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ - (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) -# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ - (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) -# define SSL3_RT_MAX_PACKET_SIZE \ - (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) - -# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" -# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" +#ifdef OPENSSL_NO_COMP +#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +#else +#define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_COMPRESSED_OVERHEAD) +#endif +#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH) +#define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +#define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH + SSL3_RT_HEADER_LENGTH) + +#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" /* SSL3_VERSION is defined in prov_ssl.h */ -# define SSL3_VERSION_MAJOR 0x03 -# define SSL3_VERSION_MINOR 0x00 +#define SSL3_VERSION_MAJOR 0x03 +#define SSL3_VERSION_MINOR 0x00 -# define SSL3_RT_CHANGE_CIPHER_SPEC 20 -# define SSL3_RT_ALERT 21 -# define SSL3_RT_HANDSHAKE 22 -# define SSL3_RT_APPLICATION_DATA 23 +#define SSL3_RT_CHANGE_CIPHER_SPEC 20 +#define SSL3_RT_ALERT 21 +#define SSL3_RT_HANDSHAKE 22 +#define SSL3_RT_APPLICATION_DATA 23 /* Pseudo content types to indicate additional parameters */ -# define TLS1_RT_CRYPTO 0x1000 -# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) -# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) -# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) -# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) - -# define TLS1_RT_CRYPTO_READ 0x0000 -# define TLS1_RT_CRYPTO_WRITE 0x0100 -# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) -# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) -# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) -# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) +#define TLS1_RT_CRYPTO 0x1000 +#define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +#define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +#define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +#define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +#define TLS1_RT_CRYPTO_READ 0x0000 +#define TLS1_RT_CRYPTO_WRITE 0x0100 +#define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +#define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +#define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +#define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) /* Pseudo content types for SSL/TLS header info */ -# define SSL3_RT_HEADER 0x100 -# define SSL3_RT_INNER_CONTENT_TYPE 0x101 - -# define SSL3_AL_WARNING 1 -# define SSL3_AL_FATAL 2 - -# define SSL3_AD_CLOSE_NOTIFY 0 -# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ -# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ -# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ -# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ -# define SSL3_AD_NO_CERTIFICATE 41 -# define SSL3_AD_BAD_CERTIFICATE 42 -# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 -# define SSL3_AD_CERTIFICATE_REVOKED 44 -# define SSL3_AD_CERTIFICATE_EXPIRED 45 -# define SSL3_AD_CERTIFICATE_UNKNOWN 46 -# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ - -# define TLS1_HB_REQUEST 1 -# define TLS1_HB_RESPONSE 2 - - -# define SSL3_CT_RSA_SIGN 1 -# define SSL3_CT_DSS_SIGN 2 -# define SSL3_CT_RSA_FIXED_DH 3 -# define SSL3_CT_DSS_FIXED_DH 4 -# define SSL3_CT_RSA_EPHEMERAL_DH 5 -# define SSL3_CT_DSS_EPHEMERAL_DH 6 -# define SSL3_CT_FORTEZZA_DMS 20 +#define SSL3_RT_HEADER 0x100 +#define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +#define SSL3_AL_WARNING 1 +#define SSL3_AL_FATAL 2 + +#define SSL3_AD_CLOSE_NOTIFY 0 +#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ +#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ +#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ +#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ +#define SSL3_AD_NO_CERTIFICATE 41 +#define SSL3_AD_BAD_CERTIFICATE 42 +#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +#define SSL3_AD_CERTIFICATE_REVOKED 44 +#define SSL3_AD_CERTIFICATE_EXPIRED 45 +#define SSL3_AD_CERTIFICATE_UNKNOWN 46 +#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ + +#define TLS1_HB_REQUEST 1 +#define TLS1_HB_RESPONSE 2 + +#define SSL3_CT_RSA_SIGN 1 +#define SSL3_CT_DSS_SIGN 2 +#define SSL3_CT_RSA_FIXED_DH 3 +#define SSL3_CT_DSS_FIXED_DH 4 +#define SSL3_CT_RSA_EPHEMERAL_DH 5 +#define SSL3_CT_DSS_EPHEMERAL_DH 6 +#define SSL3_CT_FORTEZZA_DMS 20 /* * SSL3_CT_NUMBER is used to size arrays and it must be large enough to * contain all of the cert types defined for *either* SSLv3 and TLSv1. */ -# define SSL3_CT_NUMBER 12 +#define SSL3_CT_NUMBER 12 -# if defined(TLS_CT_NUMBER) -# if TLS_CT_NUMBER != SSL3_CT_NUMBER -# error "SSL/TLS CT_NUMBER values do not match" -# endif -# endif +#if defined(TLS_CT_NUMBER) +#if TLS_CT_NUMBER != SSL3_CT_NUMBER +#error "SSL/TLS CT_NUMBER values do not match" +#endif +#endif /* No longer used as of OpenSSL 1.1.1 */ -# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 /* Removed from OpenSSL 1.1.0 */ -# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 +#define TLS1_FLAGS_TLS_PADDING_BUG 0x0 -# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 +#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 /* Set if we encrypt then mac instead of usual mac then encrypt */ -# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 -# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ +#define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +#define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ /* Set if extended master secret extension received from peer */ -# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 +#define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 -# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 +#define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 -# define TLS1_FLAGS_STATELESS 0x0800 +#define TLS1_FLAGS_STATELESS 0x0800 /* Set if extended master secret extension required on renegotiation */ -# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 - -# define SSL3_MT_HELLO_REQUEST 0 -# define SSL3_MT_CLIENT_HELLO 1 -# define SSL3_MT_SERVER_HELLO 2 -# define SSL3_MT_NEWSESSION_TICKET 4 -# define SSL3_MT_END_OF_EARLY_DATA 5 -# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 -# define SSL3_MT_CERTIFICATE 11 -# define SSL3_MT_SERVER_KEY_EXCHANGE 12 -# define SSL3_MT_CERTIFICATE_REQUEST 13 -# define SSL3_MT_SERVER_DONE 14 -# define SSL3_MT_CERTIFICATE_VERIFY 15 -# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 -# define SSL3_MT_FINISHED 20 -# define SSL3_MT_CERTIFICATE_URL 21 -# define SSL3_MT_CERTIFICATE_STATUS 22 -# define SSL3_MT_SUPPLEMENTAL_DATA 23 -# define SSL3_MT_KEY_UPDATE 24 -# ifndef OPENSSL_NO_NEXTPROTONEG -# define SSL3_MT_NEXT_PROTO 67 -# endif -# define SSL3_MT_MESSAGE_HASH 254 -# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 +#define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + +#define SSL3_MT_HELLO_REQUEST 0 +#define SSL3_MT_CLIENT_HELLO 1 +#define SSL3_MT_SERVER_HELLO 2 +#define SSL3_MT_NEWSESSION_TICKET 4 +#define SSL3_MT_END_OF_EARLY_DATA 5 +#define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +#define SSL3_MT_CERTIFICATE 11 +#define SSL3_MT_SERVER_KEY_EXCHANGE 12 +#define SSL3_MT_CERTIFICATE_REQUEST 13 +#define SSL3_MT_SERVER_DONE 14 +#define SSL3_MT_CERTIFICATE_VERIFY 15 +#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +#define SSL3_MT_FINISHED 20 +#define SSL3_MT_CERTIFICATE_URL 21 +#define SSL3_MT_CERTIFICATE_STATUS 22 +#define SSL3_MT_SUPPLEMENTAL_DATA 23 +#define SSL3_MT_KEY_UPDATE 24 +#ifndef OPENSSL_NO_NEXTPROTONEG +#define SSL3_MT_NEXT_PROTO 67 +#endif +#define SSL3_MT_MESSAGE_HASH 254 +#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 /* Dummy message type for handling CCS like a normal handshake message */ -# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 +#define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 -# define SSL3_MT_CCS 1 +#define SSL3_MT_CCS 1 /* These are used when changing over to a new cipher */ -# define SSL3_CC_READ 0x001 -# define SSL3_CC_WRITE 0x002 -# define SSL3_CC_CLIENT 0x010 -# define SSL3_CC_SERVER 0x020 -# define SSL3_CC_EARLY 0x040 -# define SSL3_CC_HANDSHAKE 0x080 -# define SSL3_CC_APPLICATION 0x100 -# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) -# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) -# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) -# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) - -#ifdef __cplusplus +#define SSL3_CC_READ 0x001 +#define SSL3_CC_WRITE 0x002 +#define SSL3_CC_CLIENT 0x010 +#define SSL3_CC_SERVER 0x020 +#define SSL3_CC_EARLY 0x040 +#define SSL3_CC_HANDSHAKE 0x080 +#define SSL3_CC_APPLICATION 0x100 +#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT | SSL3_CC_WRITE) +#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER | SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT | SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER | SSL3_CC_WRITE) + +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/sslerr.h.orig +++ crypto/openssl/include/openssl/sslerr.h @@ -9,338 +9,336 @@ */ #ifndef OPENSSL_SSLERR_H -# define OPENSSL_SSLERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_SSLERR_H +#pragma once +#include +#include +#include /* * SSL reason codes. */ -# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 -# define SSL_R_APP_DATA_IN_HANDSHAKE 100 -# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 -# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 -# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 -# define SSL_R_BAD_CIPHER 186 -# define SSL_R_BAD_DATA 390 -# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 -# define SSL_R_BAD_DECOMPRESSION 107 -# define SSL_R_BAD_DH_VALUE 102 -# define SSL_R_BAD_DIGEST_LENGTH 111 -# define SSL_R_BAD_EARLY_DATA 233 -# define SSL_R_BAD_ECC_CERT 304 -# define SSL_R_BAD_ECPOINT 306 -# define SSL_R_BAD_EXTENSION 110 -# define SSL_R_BAD_HANDSHAKE_LENGTH 332 -# define SSL_R_BAD_HANDSHAKE_STATE 236 -# define SSL_R_BAD_HELLO_REQUEST 105 -# define SSL_R_BAD_HRR_VERSION 263 -# define SSL_R_BAD_KEY_SHARE 108 -# define SSL_R_BAD_KEY_UPDATE 122 -# define SSL_R_BAD_LEGACY_VERSION 292 -# define SSL_R_BAD_LENGTH 271 -# define SSL_R_BAD_PACKET 240 -# define SSL_R_BAD_PACKET_LENGTH 115 -# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 -# define SSL_R_BAD_PSK 219 -# define SSL_R_BAD_PSK_IDENTITY 114 -# define SSL_R_BAD_RECORD_TYPE 443 -# define SSL_R_BAD_RSA_ENCRYPT 119 -# define SSL_R_BAD_SIGNATURE 123 -# define SSL_R_BAD_SRP_A_LENGTH 347 -# define SSL_R_BAD_SRP_PARAMETERS 371 -# define SSL_R_BAD_SRTP_MKI_VALUE 352 -# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 -# define SSL_R_BAD_SSL_FILETYPE 124 -# define SSL_R_BAD_VALUE 384 -# define SSL_R_BAD_WRITE_RETRY 127 -# define SSL_R_BINDER_DOES_NOT_VERIFY 253 -# define SSL_R_BIO_NOT_SET 128 -# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 -# define SSL_R_BN_LIB 130 -# define SSL_R_CALLBACK_FAILED 234 -# define SSL_R_CANNOT_CHANGE_CIPHER 109 -# define SSL_R_CANNOT_GET_GROUP_NAME 299 -# define SSL_R_CA_DN_LENGTH_MISMATCH 131 -# define SSL_R_CA_KEY_TOO_SMALL 397 -# define SSL_R_CA_MD_TOO_WEAK 398 -# define SSL_R_CCS_RECEIVED_EARLY 133 -# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 -# define SSL_R_CERT_CB_ERROR 377 -# define SSL_R_CERT_LENGTH_MISMATCH 135 -# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 -# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 -# define SSL_R_CLIENTHELLO_TLSEXT 226 -# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 -# define SSL_R_COMPRESSION_DISABLED 343 -# define SSL_R_COMPRESSION_FAILURE 141 -# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 -# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 -# define SSL_R_CONNECTION_TYPE_NOT_SET 144 -# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 -# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 -# define SSL_R_COOKIE_MISMATCH 308 -# define SSL_R_COPY_PARAMETERS_FAILED 296 -# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 -# define SSL_R_DANE_ALREADY_ENABLED 172 -# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 -# define SSL_R_DANE_NOT_ENABLED 175 -# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 -# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 -# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 -# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 -# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 -# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 -# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 -# define SSL_R_DANE_TLSA_NULL_DATA 203 -# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 -# define SSL_R_DATA_LENGTH_TOO_LONG 146 -# define SSL_R_DECRYPTION_FAILED 147 -# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 -# define SSL_R_DH_KEY_TOO_SMALL 394 -# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 -# define SSL_R_DIGEST_CHECK_FAILED 149 -# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 -# define SSL_R_DUPLICATE_COMPRESSION_ID 309 -# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 -# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 -# define SSL_R_EE_KEY_TOO_SMALL 399 -# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 -# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 -# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 -# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 -# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 -# define SSL_R_EXTENSION_NOT_RECEIVED 279 -# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 -# define SSL_R_EXT_LENGTH_MISMATCH 163 -# define SSL_R_FAILED_TO_INIT_ASYNC 405 -# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 -# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 -# define SSL_R_HTTPS_PROXY_REQUEST 155 -# define SSL_R_HTTP_REQUEST 156 -# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 -# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 -# define SSL_R_INAPPROPRIATE_FALLBACK 373 -# define SSL_R_INCONSISTENT_COMPRESSION 340 -# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 -# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 -# define SSL_R_INCONSISTENT_EXTMS 104 -# define SSL_R_INSUFFICIENT_SECURITY 241 -# define SSL_R_INVALID_ALERT 205 -# define SSL_R_INVALID_CCS_MESSAGE 260 -# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 -# define SSL_R_INVALID_COMMAND 280 -# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 -# define SSL_R_INVALID_CONFIG 283 -# define SSL_R_INVALID_CONFIGURATION_NAME 113 -# define SSL_R_INVALID_CONTEXT 282 -# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 -# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 -# define SSL_R_INVALID_MAX_EARLY_DATA 174 -# define SSL_R_INVALID_NULL_CMD_NAME 385 -# define SSL_R_INVALID_SEQUENCE_NUMBER 402 -# define SSL_R_INVALID_SERVERINFO_DATA 388 -# define SSL_R_INVALID_SESSION_ID 999 -# define SSL_R_INVALID_SRP_USERNAME 357 -# define SSL_R_INVALID_STATUS_RESPONSE 328 -# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 -# define SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED 333 -# define SSL_R_LENGTH_MISMATCH 159 -# define SSL_R_LENGTH_TOO_LONG 404 -# define SSL_R_LENGTH_TOO_SHORT 160 -# define SSL_R_LIBRARY_BUG 274 -# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -# define SSL_R_MISSING_DSA_SIGNING_CERT 165 -# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 -# define SSL_R_MISSING_FATAL 256 -# define SSL_R_MISSING_PARAMETERS 290 -# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310 -# define SSL_R_MISSING_RSA_CERTIFICATE 168 -# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 -# define SSL_R_MISSING_RSA_SIGNING_CERT 170 -# define SSL_R_MISSING_SIGALGS_EXTENSION 112 -# define SSL_R_MISSING_SIGNING_CERT 221 -# define SSL_R_MISSING_SRP_PARAM 358 -# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 -# define SSL_R_MISSING_TMP_DH_KEY 171 -# define SSL_R_MISSING_TMP_ECDH_KEY 311 -# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 -# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 -# define SSL_R_NOT_REPLACING_CERTIFICATE 289 -# define SSL_R_NOT_SERVER 284 -# define SSL_R_NO_APPLICATION_PROTOCOL 235 -# define SSL_R_NO_CERTIFICATES_RETURNED 176 -# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 -# define SSL_R_NO_CERTIFICATE_SET 179 -# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 -# define SSL_R_NO_CIPHERS_AVAILABLE 181 -# define SSL_R_NO_CIPHERS_SPECIFIED 183 -# define SSL_R_NO_CIPHER_MATCH 185 -# define SSL_R_NO_CLIENT_CERT_METHOD 331 -# define SSL_R_NO_COMPRESSION_SPECIFIED 187 -# define SSL_R_NO_COOKIE_CALLBACK_SET 287 -# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 -# define SSL_R_NO_METHOD_SPECIFIED 188 -# define SSL_R_NO_PEM_EXTENSIONS 389 -# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 -# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 -# define SSL_R_NO_RENEGOTIATION 339 -# define SSL_R_NO_REQUIRED_DIGEST 324 -# define SSL_R_NO_SHARED_CIPHER 193 -# define SSL_R_NO_SHARED_GROUPS 410 -# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 -# define SSL_R_NO_SRTP_PROFILES 359 -# define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM 297 -# define SSL_R_NO_SUITABLE_GROUPS 295 -# define SSL_R_NO_SUITABLE_KEY_SHARE 101 -# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 -# define SSL_R_NO_VALID_SCTS 216 -# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 -# define SSL_R_NULL_SSL_CTX 195 -# define SSL_R_NULL_SSL_METHOD_PASSED 196 -# define SSL_R_OCSP_CALLBACK_FAILURE 305 -# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 -# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 -# define SSL_R_OVERFLOW_ERROR 237 -# define SSL_R_PACKET_LENGTH_TOO_LONG 198 -# define SSL_R_PARSE_TLSEXT 227 -# define SSL_R_PATH_TOO_LONG 270 -# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 -# define SSL_R_PEM_NAME_BAD_PREFIX 391 -# define SSL_R_PEM_NAME_TOO_SHORT 392 -# define SSL_R_PIPELINE_FAILURE 406 -# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 -# define SSL_R_PRIVATE_KEY_MISMATCH 288 -# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 -# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 -# define SSL_R_PSK_NO_CLIENT_CB 224 -# define SSL_R_PSK_NO_SERVER_CB 225 -# define SSL_R_READ_BIO_NOT_SET 211 -# define SSL_R_READ_TIMEOUT_EXPIRED 312 -# define SSL_R_RECORD_LENGTH_MISMATCH 213 -# define SSL_R_RECORD_TOO_SMALL 298 -# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 -# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 -# define SSL_R_RENEGOTIATION_MISMATCH 337 -# define SSL_R_REQUEST_PENDING 285 -# define SSL_R_REQUEST_SENT 286 -# define SSL_R_REQUIRED_CIPHER_MISSING 215 -# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 -# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 -# define SSL_R_SCT_VERIFICATION_FAILED 208 -# define SSL_R_SERVERHELLO_TLSEXT 275 -# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 -# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 -# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 -# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 -# define SSL_R_SRP_A_CALC 361 -# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 -# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 -# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 -# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 -# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 -# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 -# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 -# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 -# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 -# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 -# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 -# define SSL_R_SSL_HANDSHAKE_FAILURE 229 -# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 -# define SSL_R_SSL_NEGATIVE_LENGTH 372 -# define SSL_R_SSL_SECTION_EMPTY 126 -# define SSL_R_SSL_SECTION_NOT_FOUND 136 -# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 -# define SSL_R_SSL_SESSION_ID_CONFLICT 302 -# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 -# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 -# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 -# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 -# define SSL_R_STILL_IN_INIT 121 -# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 -# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 -# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 -# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 -# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 -# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 -# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 -# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 -# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 -# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 -# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 -# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 -# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 -# define SSL_R_TOO_MANY_KEY_UPDATES 132 -# define SSL_R_TOO_MANY_WARN_ALERTS 409 -# define SSL_R_TOO_MUCH_EARLY_DATA 164 -# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 -# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 -# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 -# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 -# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 -# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 -# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 -# define SSL_R_UNEXPECTED_MESSAGE 244 -# define SSL_R_UNEXPECTED_RECORD 245 -# define SSL_R_UNINITIALIZED 276 -# define SSL_R_UNKNOWN_ALERT_TYPE 246 -# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 -# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 -# define SSL_R_UNKNOWN_CIPHER_TYPE 249 -# define SSL_R_UNKNOWN_CMD_NAME 386 -# define SSL_R_UNKNOWN_COMMAND 139 -# define SSL_R_UNKNOWN_DIGEST 368 -# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 -# define SSL_R_UNKNOWN_PKEY_TYPE 251 -# define SSL_R_UNKNOWN_PROTOCOL 252 -# define SSL_R_UNKNOWN_SSL_VERSION 254 -# define SSL_R_UNKNOWN_STATE 255 -# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 -# define SSL_R_UNSOLICITED_EXTENSION 217 -# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 -# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 -# define SSL_R_UNSUPPORTED_PROTOCOL 258 -# define SSL_R_UNSUPPORTED_SSL_VERSION 259 -# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 -# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 -# define SSL_R_VERSION_TOO_HIGH 166 -# define SSL_R_VERSION_TOO_LOW 396 -# define SSL_R_WRONG_CERTIFICATE_TYPE 383 -# define SSL_R_WRONG_CIPHER_RETURNED 261 -# define SSL_R_WRONG_CURVE 378 -# define SSL_R_WRONG_SIGNATURE_LENGTH 264 -# define SSL_R_WRONG_SIGNATURE_SIZE 265 -# define SSL_R_WRONG_SIGNATURE_TYPE 370 -# define SSL_R_WRONG_SSL_VERSION 266 -# define SSL_R_WRONG_VERSION_NUMBER 267 -# define SSL_R_X509_LIB 268 -# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 +#define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +#define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +#define SSL_R_BAD_CIPHER 186 +#define SSL_R_BAD_DATA 390 +#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +#define SSL_R_BAD_DECOMPRESSION 107 +#define SSL_R_BAD_DH_VALUE 102 +#define SSL_R_BAD_DIGEST_LENGTH 111 +#define SSL_R_BAD_EARLY_DATA 233 +#define SSL_R_BAD_ECC_CERT 304 +#define SSL_R_BAD_ECPOINT 306 +#define SSL_R_BAD_EXTENSION 110 +#define SSL_R_BAD_HANDSHAKE_LENGTH 332 +#define SSL_R_BAD_HANDSHAKE_STATE 236 +#define SSL_R_BAD_HELLO_REQUEST 105 +#define SSL_R_BAD_HRR_VERSION 263 +#define SSL_R_BAD_KEY_SHARE 108 +#define SSL_R_BAD_KEY_UPDATE 122 +#define SSL_R_BAD_LEGACY_VERSION 292 +#define SSL_R_BAD_LENGTH 271 +#define SSL_R_BAD_PACKET 240 +#define SSL_R_BAD_PACKET_LENGTH 115 +#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +#define SSL_R_BAD_PSK 219 +#define SSL_R_BAD_PSK_IDENTITY 114 +#define SSL_R_BAD_RECORD_TYPE 443 +#define SSL_R_BAD_RSA_ENCRYPT 119 +#define SSL_R_BAD_SIGNATURE 123 +#define SSL_R_BAD_SRP_A_LENGTH 347 +#define SSL_R_BAD_SRP_PARAMETERS 371 +#define SSL_R_BAD_SRTP_MKI_VALUE 352 +#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +#define SSL_R_BAD_SSL_FILETYPE 124 +#define SSL_R_BAD_VALUE 384 +#define SSL_R_BAD_WRITE_RETRY 127 +#define SSL_R_BINDER_DOES_NOT_VERIFY 253 +#define SSL_R_BIO_NOT_SET 128 +#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +#define SSL_R_BN_LIB 130 +#define SSL_R_CALLBACK_FAILED 234 +#define SSL_R_CANNOT_CHANGE_CIPHER 109 +#define SSL_R_CANNOT_GET_GROUP_NAME 299 +#define SSL_R_CA_DN_LENGTH_MISMATCH 131 +#define SSL_R_CA_KEY_TOO_SMALL 397 +#define SSL_R_CA_MD_TOO_WEAK 398 +#define SSL_R_CCS_RECEIVED_EARLY 133 +#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +#define SSL_R_CERT_CB_ERROR 377 +#define SSL_R_CERT_LENGTH_MISMATCH 135 +#define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +#define SSL_R_CLIENTHELLO_TLSEXT 226 +#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +#define SSL_R_COMPRESSION_DISABLED 343 +#define SSL_R_COMPRESSION_FAILURE 141 +#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +#define SSL_R_CONNECTION_TYPE_NOT_SET 144 +#define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +#define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +#define SSL_R_COOKIE_MISMATCH 308 +#define SSL_R_COPY_PARAMETERS_FAILED 296 +#define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +#define SSL_R_DANE_ALREADY_ENABLED 172 +#define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +#define SSL_R_DANE_NOT_ENABLED 175 +#define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +#define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +#define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +#define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +#define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +#define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +#define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +#define SSL_R_DANE_TLSA_NULL_DATA 203 +#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +#define SSL_R_DATA_LENGTH_TOO_LONG 146 +#define SSL_R_DECRYPTION_FAILED 147 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +#define SSL_R_DH_KEY_TOO_SMALL 394 +#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +#define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +#define SSL_R_DUPLICATE_COMPRESSION_ID 309 +#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +#define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +#define SSL_R_EE_KEY_TOO_SMALL 399 +#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +#define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +#define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +#define SSL_R_EXTENSION_NOT_RECEIVED 279 +#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +#define SSL_R_EXT_LENGTH_MISMATCH 163 +#define SSL_R_FAILED_TO_INIT_ASYNC 405 +#define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +#define SSL_R_HTTPS_PROXY_REQUEST 155 +#define SSL_R_HTTP_REQUEST 156 +#define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +#define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 +#define SSL_R_INCONSISTENT_COMPRESSION 340 +#define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +#define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +#define SSL_R_INCONSISTENT_EXTMS 104 +#define SSL_R_INSUFFICIENT_SECURITY 241 +#define SSL_R_INVALID_ALERT 205 +#define SSL_R_INVALID_CCS_MESSAGE 260 +#define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +#define SSL_R_INVALID_COMMAND 280 +#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +#define SSL_R_INVALID_CONFIG 283 +#define SSL_R_INVALID_CONFIGURATION_NAME 113 +#define SSL_R_INVALID_CONTEXT 282 +#define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +#define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +#define SSL_R_INVALID_MAX_EARLY_DATA 174 +#define SSL_R_INVALID_NULL_CMD_NAME 385 +#define SSL_R_INVALID_SEQUENCE_NUMBER 402 +#define SSL_R_INVALID_SERVERINFO_DATA 388 +#define SSL_R_INVALID_SESSION_ID 999 +#define SSL_R_INVALID_SRP_USERNAME 357 +#define SSL_R_INVALID_STATUS_RESPONSE 328 +#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +#define SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED 333 +#define SSL_R_LENGTH_MISMATCH 159 +#define SSL_R_LENGTH_TOO_LONG 404 +#define SSL_R_LENGTH_TOO_SHORT 160 +#define SSL_R_LIBRARY_BUG 274 +#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +#define SSL_R_MISSING_DSA_SIGNING_CERT 165 +#define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +#define SSL_R_MISSING_FATAL 256 +#define SSL_R_MISSING_PARAMETERS 290 +#define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310 +#define SSL_R_MISSING_RSA_CERTIFICATE 168 +#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +#define SSL_R_MISSING_RSA_SIGNING_CERT 170 +#define SSL_R_MISSING_SIGALGS_EXTENSION 112 +#define SSL_R_MISSING_SIGNING_CERT 221 +#define SSL_R_MISSING_SRP_PARAM 358 +#define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +#define SSL_R_MISSING_TMP_DH_KEY 171 +#define SSL_R_MISSING_TMP_ECDH_KEY 311 +#define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +#define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +#define SSL_R_NOT_REPLACING_CERTIFICATE 289 +#define SSL_R_NOT_SERVER 284 +#define SSL_R_NO_APPLICATION_PROTOCOL 235 +#define SSL_R_NO_CERTIFICATES_RETURNED 176 +#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +#define SSL_R_NO_CERTIFICATE_SET 179 +#define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +#define SSL_R_NO_CIPHERS_AVAILABLE 181 +#define SSL_R_NO_CIPHERS_SPECIFIED 183 +#define SSL_R_NO_CIPHER_MATCH 185 +#define SSL_R_NO_CLIENT_CERT_METHOD 331 +#define SSL_R_NO_COMPRESSION_SPECIFIED 187 +#define SSL_R_NO_COOKIE_CALLBACK_SET 287 +#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +#define SSL_R_NO_METHOD_SPECIFIED 188 +#define SSL_R_NO_PEM_EXTENSIONS 389 +#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +#define SSL_R_NO_RENEGOTIATION 339 +#define SSL_R_NO_REQUIRED_DIGEST 324 +#define SSL_R_NO_SHARED_CIPHER 193 +#define SSL_R_NO_SHARED_GROUPS 410 +#define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +#define SSL_R_NO_SRTP_PROFILES 359 +#define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM 297 +#define SSL_R_NO_SUITABLE_GROUPS 295 +#define SSL_R_NO_SUITABLE_KEY_SHARE 101 +#define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +#define SSL_R_NO_VALID_SCTS 216 +#define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +#define SSL_R_NULL_SSL_CTX 195 +#define SSL_R_NULL_SSL_METHOD_PASSED 196 +#define SSL_R_OCSP_CALLBACK_FAILURE 305 +#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +#define SSL_R_OVERFLOW_ERROR 237 +#define SSL_R_PACKET_LENGTH_TOO_LONG 198 +#define SSL_R_PARSE_TLSEXT 227 +#define SSL_R_PATH_TOO_LONG 270 +#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +#define SSL_R_PEM_NAME_BAD_PREFIX 391 +#define SSL_R_PEM_NAME_TOO_SHORT 392 +#define SSL_R_PIPELINE_FAILURE 406 +#define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +#define SSL_R_PRIVATE_KEY_MISMATCH 288 +#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +#define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +#define SSL_R_PSK_NO_CLIENT_CB 224 +#define SSL_R_PSK_NO_SERVER_CB 225 +#define SSL_R_READ_BIO_NOT_SET 211 +#define SSL_R_READ_TIMEOUT_EXPIRED 312 +#define SSL_R_RECORD_LENGTH_MISMATCH 213 +#define SSL_R_RECORD_TOO_SMALL 298 +#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +#define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +#define SSL_R_RENEGOTIATION_MISMATCH 337 +#define SSL_R_REQUEST_PENDING 285 +#define SSL_R_REQUEST_SENT 286 +#define SSL_R_REQUIRED_CIPHER_MISSING 215 +#define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +#define SSL_R_SCT_VERIFICATION_FAILED 208 +#define SSL_R_SERVERHELLO_TLSEXT 275 +#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +#define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +#define SSL_R_SRP_A_CALC 361 +#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +#define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +#define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +#define SSL_R_SSL_HANDSHAKE_FAILURE 229 +#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +#define SSL_R_SSL_NEGATIVE_LENGTH 372 +#define SSL_R_SSL_SECTION_EMPTY 126 +#define SSL_R_SSL_SECTION_NOT_FOUND 136 +#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +#define SSL_R_SSL_SESSION_ID_CONFLICT 302 +#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +#define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +#define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +#define SSL_R_STILL_IN_INIT 121 +#define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +#define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +#define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 +#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +#define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 +#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +#define SSL_R_TOO_MANY_KEY_UPDATES 132 +#define SSL_R_TOO_MANY_WARN_ALERTS 409 +#define SSL_R_TOO_MUCH_EARLY_DATA 164 +#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +#define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +#define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +#define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 +#define SSL_R_UNEXPECTED_MESSAGE 244 +#define SSL_R_UNEXPECTED_RECORD 245 +#define SSL_R_UNINITIALIZED 276 +#define SSL_R_UNKNOWN_ALERT_TYPE 246 +#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +#define SSL_R_UNKNOWN_CIPHER_TYPE 249 +#define SSL_R_UNKNOWN_CMD_NAME 386 +#define SSL_R_UNKNOWN_COMMAND 139 +#define SSL_R_UNKNOWN_DIGEST 368 +#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +#define SSL_R_UNKNOWN_PKEY_TYPE 251 +#define SSL_R_UNKNOWN_PROTOCOL 252 +#define SSL_R_UNKNOWN_SSL_VERSION 254 +#define SSL_R_UNKNOWN_STATE 255 +#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +#define SSL_R_UNSOLICITED_EXTENSION 217 +#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +#define SSL_R_UNSUPPORTED_PROTOCOL 258 +#define SSL_R_UNSUPPORTED_SSL_VERSION 259 +#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +#define SSL_R_VERSION_TOO_HIGH 166 +#define SSL_R_VERSION_TOO_LOW 396 +#define SSL_R_WRONG_CERTIFICATE_TYPE 383 +#define SSL_R_WRONG_CIPHER_RETURNED 261 +#define SSL_R_WRONG_CURVE 378 +#define SSL_R_WRONG_SIGNATURE_LENGTH 264 +#define SSL_R_WRONG_SIGNATURE_SIZE 265 +#define SSL_R_WRONG_SIGNATURE_TYPE 370 +#define SSL_R_WRONG_SSL_VERSION 266 +#define SSL_R_WRONG_VERSION_NUMBER 267 +#define SSL_R_X509_LIB 268 +#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 #endif --- crypto/openssl/include/openssl/sslerr_legacy.h.orig +++ crypto/openssl/include/openssl/sslerr_legacy.h @@ -15,17 +15,17 @@ */ #ifndef OPENSSL_SSLERR_LEGACY_H -# define OPENSSL_SSLERR_LEGACY_H -# pragma once +#define OPENSSL_SSLERR_LEGACY_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ERR_load_SSL_strings(void); /* Collected _F_ macros from OpenSSL 1.1.1 */ @@ -33,436 +33,436 @@ /* * SSL function codes. */ -# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 0 -# define SSL_F_ADD_KEY_SHARE 0 -# define SSL_F_BYTES_TO_CIPHER_LIST 0 -# define SSL_F_CHECK_SUITEB_CIPHER_LIST 0 -# define SSL_F_CIPHERSUITE_CB 0 -# define SSL_F_CONSTRUCT_CA_NAMES 0 -# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 0 -# define SSL_F_CONSTRUCT_STATEFUL_TICKET 0 -# define SSL_F_CONSTRUCT_STATELESS_TICKET 0 -# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 0 -# define SSL_F_CREATE_TICKET_PREQUEL 0 -# define SSL_F_CT_MOVE_SCTS 0 -# define SSL_F_CT_STRICT 0 -# define SSL_F_CUSTOM_EXT_ADD 0 -# define SSL_F_CUSTOM_EXT_PARSE 0 -# define SSL_F_D2I_SSL_SESSION 0 -# define SSL_F_DANE_CTX_ENABLE 0 -# define SSL_F_DANE_MTYPE_SET 0 -# define SSL_F_DANE_TLSA_ADD 0 -# define SSL_F_DERIVE_SECRET_KEY_AND_IV 0 -# define SSL_F_DO_DTLS1_WRITE 0 -# define SSL_F_DO_SSL3_WRITE 0 -# define SSL_F_DTLS1_BUFFER_RECORD 0 -# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 0 -# define SSL_F_DTLS1_HEARTBEAT 0 -# define SSL_F_DTLS1_HM_FRAGMENT_NEW 0 -# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 0 -# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 0 -# define SSL_F_DTLS1_PROCESS_RECORD 0 -# define SSL_F_DTLS1_READ_BYTES 0 -# define SSL_F_DTLS1_READ_FAILED 0 -# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 0 -# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 0 -# define SSL_F_DTLS1_WRITE_BYTES 0 -# define SSL_F_DTLSV1_LISTEN 0 -# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 -# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 0 -# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 0 -# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 0 -# define SSL_F_DTLS_RECORD_LAYER_NEW 0 -# define SSL_F_DTLS_WAIT_FOR_DRY 0 -# define SSL_F_EARLY_DATA_COUNT_OK 0 -# define SSL_F_FINAL_EARLY_DATA 0 -# define SSL_F_FINAL_EC_PT_FORMATS 0 -# define SSL_F_FINAL_EMS 0 -# define SSL_F_FINAL_KEY_SHARE 0 -# define SSL_F_FINAL_MAXFRAGMENTLEN 0 -# define SSL_F_FINAL_RENEGOTIATE 0 -# define SSL_F_FINAL_SERVER_NAME 0 -# define SSL_F_FINAL_SIG_ALGS 0 -# define SSL_F_GET_CERT_VERIFY_TBS_DATA 0 -# define SSL_F_NSS_KEYLOG_INT 0 -# define SSL_F_OPENSSL_INIT_SSL 0 -# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 0 -# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 0 -# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 0 -# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 0 -# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 0 -# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 0 -# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 0 -# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 0 -# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 0 -# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 0 -# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 0 -# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 0 -# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 0 -# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 0 -# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 0 -# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 0 -# define SSL_F_PARSE_CA_NAMES 0 -# define SSL_F_PITEM_NEW 0 -# define SSL_F_PQUEUE_NEW 0 -# define SSL_F_PROCESS_KEY_SHARE_EXT 0 -# define SSL_F_READ_STATE_MACHINE 0 -# define SSL_F_SET_CLIENT_CIPHERSUITE 0 -# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 0 -# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 0 -# define SSL_F_SRP_VERIFY_SERVER_PARAM 0 -# define SSL_F_SSL3_CHANGE_CIPHER_STATE 0 -# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 0 -# define SSL_F_SSL3_CTRL 0 -# define SSL_F_SSL3_CTX_CTRL 0 -# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 0 -# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 0 -# define SSL_F_SSL3_ENC 0 -# define SSL_F_SSL3_FINAL_FINISH_MAC 0 -# define SSL_F_SSL3_FINISH_MAC 0 -# define SSL_F_SSL3_GENERATE_KEY_BLOCK 0 -# define SSL_F_SSL3_GENERATE_MASTER_SECRET 0 -# define SSL_F_SSL3_GET_RECORD 0 -# define SSL_F_SSL3_INIT_FINISHED_MAC 0 -# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 0 -# define SSL_F_SSL3_READ_BYTES 0 -# define SSL_F_SSL3_READ_N 0 -# define SSL_F_SSL3_SETUP_KEY_BLOCK 0 -# define SSL_F_SSL3_SETUP_READ_BUFFER 0 -# define SSL_F_SSL3_SETUP_WRITE_BUFFER 0 -# define SSL_F_SSL3_WRITE_BYTES 0 -# define SSL_F_SSL3_WRITE_PENDING 0 -# define SSL_F_SSL_ADD_CERT_CHAIN 0 -# define SSL_F_SSL_ADD_CERT_TO_BUF 0 -# define SSL_F_SSL_ADD_CERT_TO_WPACKET 0 -# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 0 -# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 0 -# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 0 -# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 0 -# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 0 -# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 0 -# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 0 -# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 0 -# define SSL_F_SSL_BAD_METHOD 0 -# define SSL_F_SSL_BUILD_CERT_CHAIN 0 -# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 0 -# define SSL_F_SSL_CACHE_CIPHERLIST 0 -# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 0 -# define SSL_F_SSL_CERT_DUP 0 -# define SSL_F_SSL_CERT_NEW 0 -# define SSL_F_SSL_CERT_SET0_CHAIN 0 -# define SSL_F_SSL_CHECK_PRIVATE_KEY 0 -# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 0 -# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 0 -# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 0 -# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 0 -# define SSL_F_SSL_CIPHER_DESCRIPTION 0 -# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 0 -# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 0 -# define SSL_F_SSL_CIPHER_STRENGTH_SORT 0 -# define SSL_F_SSL_CLEAR 0 -# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 0 -# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 0 -# define SSL_F_SSL_CONF_CMD 0 -# define SSL_F_SSL_CREATE_CIPHER_LIST 0 -# define SSL_F_SSL_CTRL 0 -# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 0 -# define SSL_F_SSL_CTX_ENABLE_CT 0 -# define SSL_F_SSL_CTX_MAKE_PROFILES 0 -# define SSL_F_SSL_CTX_NEW 0 -# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 0 -# define SSL_F_SSL_CTX_SET_CIPHER_LIST 0 -# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 0 -# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 0 -# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 0 -# define SSL_F_SSL_CTX_SET_SSL_VERSION 0 -# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 -# define SSL_F_SSL_CTX_USE_CERTIFICATE 0 -# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 0 -# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 0 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY 0 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 0 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 0 -# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 0 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 0 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 0 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 0 -# define SSL_F_SSL_CTX_USE_SERVERINFO 0 -# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 0 -# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 0 -# define SSL_F_SSL_DANE_DUP 0 -# define SSL_F_SSL_DANE_ENABLE 0 -# define SSL_F_SSL_DERIVE 0 -# define SSL_F_SSL_DO_CONFIG 0 -# define SSL_F_SSL_DO_HANDSHAKE 0 -# define SSL_F_SSL_DUP_CA_LIST 0 -# define SSL_F_SSL_ENABLE_CT 0 -# define SSL_F_SSL_GENERATE_PKEY_GROUP 0 -# define SSL_F_SSL_GENERATE_SESSION_ID 0 -# define SSL_F_SSL_GET_NEW_SESSION 0 -# define SSL_F_SSL_GET_PREV_SESSION 0 -# define SSL_F_SSL_GET_SERVER_CERT_INDEX 0 -# define SSL_F_SSL_GET_SIGN_PKEY 0 -# define SSL_F_SSL_HANDSHAKE_HASH 0 -# define SSL_F_SSL_INIT_WBIO_BUFFER 0 -# define SSL_F_SSL_KEY_UPDATE 0 -# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 0 -# define SSL_F_SSL_LOG_MASTER_SECRET 0 -# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 0 -# define SSL_F_SSL_MODULE_INIT 0 -# define SSL_F_SSL_NEW 0 -# define SSL_F_SSL_NEXT_PROTO_VALIDATE 0 -# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 0 -# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 0 -# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 0 -# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 0 -# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 0 -# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 0 -# define SSL_F_SSL_PEEK 0 -# define SSL_F_SSL_PEEK_EX 0 -# define SSL_F_SSL_PEEK_INTERNAL 0 -# define SSL_F_SSL_READ 0 -# define SSL_F_SSL_READ_EARLY_DATA 0 -# define SSL_F_SSL_READ_EX 0 -# define SSL_F_SSL_READ_INTERNAL 0 -# define SSL_F_SSL_RENEGOTIATE 0 -# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 0 -# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 0 -# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 0 -# define SSL_F_SSL_SESSION_DUP 0 -# define SSL_F_SSL_SESSION_NEW 0 -# define SSL_F_SSL_SESSION_PRINT_FP 0 -# define SSL_F_SSL_SESSION_SET1_ID 0 -# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 0 -# define SSL_F_SSL_SET_ALPN_PROTOS 0 -# define SSL_F_SSL_SET_CERT 0 -# define SSL_F_SSL_SET_CERT_AND_KEY 0 -# define SSL_F_SSL_SET_CIPHER_LIST 0 -# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 0 -# define SSL_F_SSL_SET_FD 0 -# define SSL_F_SSL_SET_PKEY 0 -# define SSL_F_SSL_SET_RFD 0 -# define SSL_F_SSL_SET_SESSION 0 -# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 0 -# define SSL_F_SSL_SET_SESSION_TICKET_EXT 0 -# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 -# define SSL_F_SSL_SET_WFD 0 -# define SSL_F_SSL_SHUTDOWN 0 -# define SSL_F_SSL_SRP_CTX_INIT 0 -# define SSL_F_SSL_START_ASYNC_JOB 0 -# define SSL_F_SSL_UNDEFINED_FUNCTION 0 -# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 0 -# define SSL_F_SSL_USE_CERTIFICATE 0 -# define SSL_F_SSL_USE_CERTIFICATE_ASN1 0 -# define SSL_F_SSL_USE_CERTIFICATE_FILE 0 -# define SSL_F_SSL_USE_PRIVATEKEY 0 -# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 0 -# define SSL_F_SSL_USE_PRIVATEKEY_FILE 0 -# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 0 -# define SSL_F_SSL_USE_RSAPRIVATEKEY 0 -# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 0 -# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 0 -# define SSL_F_SSL_VALIDATE_CT 0 -# define SSL_F_SSL_VERIFY_CERT_CHAIN 0 -# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 0 -# define SSL_F_SSL_WRITE 0 -# define SSL_F_SSL_WRITE_EARLY_DATA 0 -# define SSL_F_SSL_WRITE_EARLY_FINISH 0 -# define SSL_F_SSL_WRITE_EX 0 -# define SSL_F_SSL_WRITE_INTERNAL 0 -# define SSL_F_STATE_MACHINE 0 -# define SSL_F_TLS12_CHECK_PEER_SIGALG 0 -# define SSL_F_TLS12_COPY_SIGALGS 0 -# define SSL_F_TLS13_CHANGE_CIPHER_STATE 0 -# define SSL_F_TLS13_ENC 0 -# define SSL_F_TLS13_FINAL_FINISH_MAC 0 -# define SSL_F_TLS13_GENERATE_SECRET 0 -# define SSL_F_TLS13_HKDF_EXPAND 0 -# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 0 -# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 0 -# define SSL_F_TLS13_SETUP_KEY_BLOCK 0 -# define SSL_F_TLS1_CHANGE_CIPHER_STATE 0 -# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 0 -# define SSL_F_TLS1_ENC 0 -# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 0 -# define SSL_F_TLS1_GET_CURVELIST 0 -# define SSL_F_TLS1_PRF 0 -# define SSL_F_TLS1_SAVE_U16 0 -# define SSL_F_TLS1_SETUP_KEY_BLOCK 0 -# define SSL_F_TLS1_SET_GROUPS 0 -# define SSL_F_TLS1_SET_RAW_SIGALGS 0 -# define SSL_F_TLS1_SET_SERVER_SIGALGS 0 -# define SSL_F_TLS1_SET_SHARED_SIGALGS 0 -# define SSL_F_TLS1_SET_SIGALGS 0 -# define SSL_F_TLS_CHOOSE_SIGALG 0 -# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 0 -# define SSL_F_TLS_COLLECT_EXTENSIONS 0 -# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 0 -# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 0 -# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 0 -# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 0 -# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 0 -# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 -# define SSL_F_TLS_CONSTRUCT_CKE_DHE 0 -# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 0 -# define SSL_F_TLS_CONSTRUCT_CKE_GOST 0 -# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 0 -# define SSL_F_TLS_CONSTRUCT_CKE_RSA 0 -# define SSL_F_TLS_CONSTRUCT_CKE_SRP 0 -# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 0 -# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 0 -# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 0 -# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 0 -# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 0 -# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 0 -# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 0 -# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 0 -# define SSL_F_TLS_CONSTRUCT_FINISHED 0 -# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 0 -# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 0 -# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 0 -# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 0 -# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 0 -# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 0 -# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 0 -# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 0 -# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 0 -# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 0 -# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 0 -# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 0 -# define SSL_F_TLS_CONSTRUCT_STOC_DONE 0 -# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 0 -# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 0 -# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 0 -# define SSL_F_TLS_CONSTRUCT_STOC_EMS 0 -# define SSL_F_TLS_CONSTRUCT_STOC_ETM 0 -# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 0 -# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 0 -# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 0 -# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 0 -# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 0 -# define SSL_F_TLS_CONSTRUCT_STOC_PSK 0 -# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 0 -# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 0 -# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 0 -# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 0 -# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 0 -# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 0 -# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 0 -# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 0 -# define SSL_F_TLS_FINISH_HANDSHAKE 0 -# define SSL_F_TLS_GET_MESSAGE_BODY 0 -# define SSL_F_TLS_GET_MESSAGE_HEADER 0 -# define SSL_F_TLS_HANDLE_ALPN 0 -# define SSL_F_TLS_HANDLE_STATUS_REQUEST 0 -# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 0 -# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 0 -# define SSL_F_TLS_PARSE_CTOS_ALPN 0 -# define SSL_F_TLS_PARSE_CTOS_COOKIE 0 -# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 0 -# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 0 -# define SSL_F_TLS_PARSE_CTOS_EMS 0 -# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 0 -# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 0 -# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 0 -# define SSL_F_TLS_PARSE_CTOS_PSK 0 -# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 0 -# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 0 -# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 0 -# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 0 -# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 0 -# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 0 -# define SSL_F_TLS_PARSE_CTOS_SRP 0 -# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 0 -# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 0 -# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 0 -# define SSL_F_TLS_PARSE_STOC_ALPN 0 -# define SSL_F_TLS_PARSE_STOC_COOKIE 0 -# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 0 -# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 0 -# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 0 -# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 0 -# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 0 -# define SSL_F_TLS_PARSE_STOC_NPN 0 -# define SSL_F_TLS_PARSE_STOC_PSK 0 -# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 0 -# define SSL_F_TLS_PARSE_STOC_SCT 0 -# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 0 -# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 0 -# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 0 -# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 0 -# define SSL_F_TLS_PARSE_STOC_USE_SRTP 0 -# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 0 -# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 0 -# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 0 -# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 0 -# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 0 -# define SSL_F_TLS_PROCESS_CERT_STATUS 0 -# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 0 -# define SSL_F_TLS_PROCESS_CERT_VERIFY 0 -# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 0 -# define SSL_F_TLS_PROCESS_CKE_DHE 0 -# define SSL_F_TLS_PROCESS_CKE_ECDHE 0 -# define SSL_F_TLS_PROCESS_CKE_GOST 0 -# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 0 -# define SSL_F_TLS_PROCESS_CKE_RSA 0 -# define SSL_F_TLS_PROCESS_CKE_SRP 0 -# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 0 -# define SSL_F_TLS_PROCESS_CLIENT_HELLO 0 -# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 0 -# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 0 -# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 0 -# define SSL_F_TLS_PROCESS_FINISHED 0 -# define SSL_F_TLS_PROCESS_HELLO_REQ 0 -# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 0 -# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 0 -# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 0 -# define SSL_F_TLS_PROCESS_KEY_UPDATE 0 -# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 0 -# define SSL_F_TLS_PROCESS_NEXT_PROTO 0 -# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 0 -# define SSL_F_TLS_PROCESS_SERVER_DONE 0 -# define SSL_F_TLS_PROCESS_SERVER_HELLO 0 -# define SSL_F_TLS_PROCESS_SKE_DHE 0 -# define SSL_F_TLS_PROCESS_SKE_ECDHE 0 -# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 0 -# define SSL_F_TLS_PROCESS_SKE_SRP 0 -# define SSL_F_TLS_PSK_DO_BINDER 0 -# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 0 -# define SSL_F_TLS_SETUP_HANDSHAKE 0 -# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 0 -# define SSL_F_WPACKET_INTERN_INIT_LEN 0 -# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 0 -# define SSL_F_WRITE_STATE_MACHINE 0 -# endif +#define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 0 +#define SSL_F_ADD_KEY_SHARE 0 +#define SSL_F_BYTES_TO_CIPHER_LIST 0 +#define SSL_F_CHECK_SUITEB_CIPHER_LIST 0 +#define SSL_F_CIPHERSUITE_CB 0 +#define SSL_F_CONSTRUCT_CA_NAMES 0 +#define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 0 +#define SSL_F_CONSTRUCT_STATEFUL_TICKET 0 +#define SSL_F_CONSTRUCT_STATELESS_TICKET 0 +#define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 0 +#define SSL_F_CREATE_TICKET_PREQUEL 0 +#define SSL_F_CT_MOVE_SCTS 0 +#define SSL_F_CT_STRICT 0 +#define SSL_F_CUSTOM_EXT_ADD 0 +#define SSL_F_CUSTOM_EXT_PARSE 0 +#define SSL_F_D2I_SSL_SESSION 0 +#define SSL_F_DANE_CTX_ENABLE 0 +#define SSL_F_DANE_MTYPE_SET 0 +#define SSL_F_DANE_TLSA_ADD 0 +#define SSL_F_DERIVE_SECRET_KEY_AND_IV 0 +#define SSL_F_DO_DTLS1_WRITE 0 +#define SSL_F_DO_SSL3_WRITE 0 +#define SSL_F_DTLS1_BUFFER_RECORD 0 +#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 0 +#define SSL_F_DTLS1_HEARTBEAT 0 +#define SSL_F_DTLS1_HM_FRAGMENT_NEW 0 +#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 0 +#define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 0 +#define SSL_F_DTLS1_PROCESS_RECORD 0 +#define SSL_F_DTLS1_READ_BYTES 0 +#define SSL_F_DTLS1_READ_FAILED 0 +#define SSL_F_DTLS1_RETRANSMIT_MESSAGE 0 +#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 0 +#define SSL_F_DTLS1_WRITE_BYTES 0 +#define SSL_F_DTLSV1_LISTEN 0 +#define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +#define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 0 +#define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 0 +#define SSL_F_DTLS_PROCESS_HELLO_VERIFY 0 +#define SSL_F_DTLS_RECORD_LAYER_NEW 0 +#define SSL_F_DTLS_WAIT_FOR_DRY 0 +#define SSL_F_EARLY_DATA_COUNT_OK 0 +#define SSL_F_FINAL_EARLY_DATA 0 +#define SSL_F_FINAL_EC_PT_FORMATS 0 +#define SSL_F_FINAL_EMS 0 +#define SSL_F_FINAL_KEY_SHARE 0 +#define SSL_F_FINAL_MAXFRAGMENTLEN 0 +#define SSL_F_FINAL_RENEGOTIATE 0 +#define SSL_F_FINAL_SERVER_NAME 0 +#define SSL_F_FINAL_SIG_ALGS 0 +#define SSL_F_GET_CERT_VERIFY_TBS_DATA 0 +#define SSL_F_NSS_KEYLOG_INT 0 +#define SSL_F_OPENSSL_INIT_SSL 0 +#define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 0 +#define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 0 +#define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 0 +#define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 0 +#define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 0 +#define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 0 +#define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 0 +#define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 0 +#define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 0 +#define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 0 +#define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 0 +#define SSL_F_OSSL_STATEM_SERVER_POST_WORK 0 +#define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 0 +#define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 0 +#define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 0 +#define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 0 +#define SSL_F_PARSE_CA_NAMES 0 +#define SSL_F_PITEM_NEW 0 +#define SSL_F_PQUEUE_NEW 0 +#define SSL_F_PROCESS_KEY_SHARE_EXT 0 +#define SSL_F_READ_STATE_MACHINE 0 +#define SSL_F_SET_CLIENT_CIPHERSUITE 0 +#define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 0 +#define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 0 +#define SSL_F_SRP_VERIFY_SERVER_PARAM 0 +#define SSL_F_SSL3_CHANGE_CIPHER_STATE 0 +#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 0 +#define SSL_F_SSL3_CTRL 0 +#define SSL_F_SSL3_CTX_CTRL 0 +#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 0 +#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 0 +#define SSL_F_SSL3_ENC 0 +#define SSL_F_SSL3_FINAL_FINISH_MAC 0 +#define SSL_F_SSL3_FINISH_MAC 0 +#define SSL_F_SSL3_GENERATE_KEY_BLOCK 0 +#define SSL_F_SSL3_GENERATE_MASTER_SECRET 0 +#define SSL_F_SSL3_GET_RECORD 0 +#define SSL_F_SSL3_INIT_FINISHED_MAC 0 +#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 0 +#define SSL_F_SSL3_READ_BYTES 0 +#define SSL_F_SSL3_READ_N 0 +#define SSL_F_SSL3_SETUP_KEY_BLOCK 0 +#define SSL_F_SSL3_SETUP_READ_BUFFER 0 +#define SSL_F_SSL3_SETUP_WRITE_BUFFER 0 +#define SSL_F_SSL3_WRITE_BYTES 0 +#define SSL_F_SSL3_WRITE_PENDING 0 +#define SSL_F_SSL_ADD_CERT_CHAIN 0 +#define SSL_F_SSL_ADD_CERT_TO_BUF 0 +#define SSL_F_SSL_ADD_CERT_TO_WPACKET 0 +#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 0 +#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 0 +#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 0 +#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 0 +#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 0 +#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 0 +#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 0 +#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 0 +#define SSL_F_SSL_BAD_METHOD 0 +#define SSL_F_SSL_BUILD_CERT_CHAIN 0 +#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 0 +#define SSL_F_SSL_CACHE_CIPHERLIST 0 +#define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 0 +#define SSL_F_SSL_CERT_DUP 0 +#define SSL_F_SSL_CERT_NEW 0 +#define SSL_F_SSL_CERT_SET0_CHAIN 0 +#define SSL_F_SSL_CHECK_PRIVATE_KEY 0 +#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 0 +#define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 0 +#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 0 +#define SSL_F_SSL_CHOOSE_CLIENT_VERSION 0 +#define SSL_F_SSL_CIPHER_DESCRIPTION 0 +#define SSL_F_SSL_CIPHER_LIST_TO_BYTES 0 +#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 0 +#define SSL_F_SSL_CIPHER_STRENGTH_SORT 0 +#define SSL_F_SSL_CLEAR 0 +#define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 0 +#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 0 +#define SSL_F_SSL_CONF_CMD 0 +#define SSL_F_SSL_CREATE_CIPHER_LIST 0 +#define SSL_F_SSL_CTRL 0 +#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 0 +#define SSL_F_SSL_CTX_ENABLE_CT 0 +#define SSL_F_SSL_CTX_MAKE_PROFILES 0 +#define SSL_F_SSL_CTX_NEW 0 +#define SSL_F_SSL_CTX_SET_ALPN_PROTOS 0 +#define SSL_F_SSL_CTX_SET_CIPHER_LIST 0 +#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 0 +#define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 0 +#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 0 +#define SSL_F_SSL_CTX_SET_SSL_VERSION 0 +#define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +#define SSL_F_SSL_CTX_USE_CERTIFICATE 0 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 0 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 0 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY 0 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 0 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 0 +#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 0 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 0 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 0 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 0 +#define SSL_F_SSL_CTX_USE_SERVERINFO 0 +#define SSL_F_SSL_CTX_USE_SERVERINFO_EX 0 +#define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 0 +#define SSL_F_SSL_DANE_DUP 0 +#define SSL_F_SSL_DANE_ENABLE 0 +#define SSL_F_SSL_DERIVE 0 +#define SSL_F_SSL_DO_CONFIG 0 +#define SSL_F_SSL_DO_HANDSHAKE 0 +#define SSL_F_SSL_DUP_CA_LIST 0 +#define SSL_F_SSL_ENABLE_CT 0 +#define SSL_F_SSL_GENERATE_PKEY_GROUP 0 +#define SSL_F_SSL_GENERATE_SESSION_ID 0 +#define SSL_F_SSL_GET_NEW_SESSION 0 +#define SSL_F_SSL_GET_PREV_SESSION 0 +#define SSL_F_SSL_GET_SERVER_CERT_INDEX 0 +#define SSL_F_SSL_GET_SIGN_PKEY 0 +#define SSL_F_SSL_HANDSHAKE_HASH 0 +#define SSL_F_SSL_INIT_WBIO_BUFFER 0 +#define SSL_F_SSL_KEY_UPDATE 0 +#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 0 +#define SSL_F_SSL_LOG_MASTER_SECRET 0 +#define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 0 +#define SSL_F_SSL_MODULE_INIT 0 +#define SSL_F_SSL_NEW 0 +#define SSL_F_SSL_NEXT_PROTO_VALIDATE 0 +#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 0 +#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 0 +#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 0 +#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 0 +#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 0 +#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 0 +#define SSL_F_SSL_PEEK 0 +#define SSL_F_SSL_PEEK_EX 0 +#define SSL_F_SSL_PEEK_INTERNAL 0 +#define SSL_F_SSL_READ 0 +#define SSL_F_SSL_READ_EARLY_DATA 0 +#define SSL_F_SSL_READ_EX 0 +#define SSL_F_SSL_READ_INTERNAL 0 +#define SSL_F_SSL_RENEGOTIATE 0 +#define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 0 +#define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 0 +#define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 0 +#define SSL_F_SSL_SESSION_DUP 0 +#define SSL_F_SSL_SESSION_NEW 0 +#define SSL_F_SSL_SESSION_PRINT_FP 0 +#define SSL_F_SSL_SESSION_SET1_ID 0 +#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 0 +#define SSL_F_SSL_SET_ALPN_PROTOS 0 +#define SSL_F_SSL_SET_CERT 0 +#define SSL_F_SSL_SET_CERT_AND_KEY 0 +#define SSL_F_SSL_SET_CIPHER_LIST 0 +#define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 0 +#define SSL_F_SSL_SET_FD 0 +#define SSL_F_SSL_SET_PKEY 0 +#define SSL_F_SSL_SET_RFD 0 +#define SSL_F_SSL_SET_SESSION 0 +#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 0 +#define SSL_F_SSL_SET_SESSION_TICKET_EXT 0 +#define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +#define SSL_F_SSL_SET_WFD 0 +#define SSL_F_SSL_SHUTDOWN 0 +#define SSL_F_SSL_SRP_CTX_INIT 0 +#define SSL_F_SSL_START_ASYNC_JOB 0 +#define SSL_F_SSL_UNDEFINED_FUNCTION 0 +#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 0 +#define SSL_F_SSL_USE_CERTIFICATE 0 +#define SSL_F_SSL_USE_CERTIFICATE_ASN1 0 +#define SSL_F_SSL_USE_CERTIFICATE_FILE 0 +#define SSL_F_SSL_USE_PRIVATEKEY 0 +#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 0 +#define SSL_F_SSL_USE_PRIVATEKEY_FILE 0 +#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 0 +#define SSL_F_SSL_USE_RSAPRIVATEKEY 0 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 0 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 0 +#define SSL_F_SSL_VALIDATE_CT 0 +#define SSL_F_SSL_VERIFY_CERT_CHAIN 0 +#define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 0 +#define SSL_F_SSL_WRITE 0 +#define SSL_F_SSL_WRITE_EARLY_DATA 0 +#define SSL_F_SSL_WRITE_EARLY_FINISH 0 +#define SSL_F_SSL_WRITE_EX 0 +#define SSL_F_SSL_WRITE_INTERNAL 0 +#define SSL_F_STATE_MACHINE 0 +#define SSL_F_TLS12_CHECK_PEER_SIGALG 0 +#define SSL_F_TLS12_COPY_SIGALGS 0 +#define SSL_F_TLS13_CHANGE_CIPHER_STATE 0 +#define SSL_F_TLS13_ENC 0 +#define SSL_F_TLS13_FINAL_FINISH_MAC 0 +#define SSL_F_TLS13_GENERATE_SECRET 0 +#define SSL_F_TLS13_HKDF_EXPAND 0 +#define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 0 +#define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 0 +#define SSL_F_TLS13_SETUP_KEY_BLOCK 0 +#define SSL_F_TLS1_CHANGE_CIPHER_STATE 0 +#define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 0 +#define SSL_F_TLS1_ENC 0 +#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 0 +#define SSL_F_TLS1_GET_CURVELIST 0 +#define SSL_F_TLS1_PRF 0 +#define SSL_F_TLS1_SAVE_U16 0 +#define SSL_F_TLS1_SETUP_KEY_BLOCK 0 +#define SSL_F_TLS1_SET_GROUPS 0 +#define SSL_F_TLS1_SET_RAW_SIGALGS 0 +#define SSL_F_TLS1_SET_SERVER_SIGALGS 0 +#define SSL_F_TLS1_SET_SHARED_SIGALGS 0 +#define SSL_F_TLS1_SET_SIGALGS 0 +#define SSL_F_TLS_CHOOSE_SIGALG 0 +#define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 0 +#define SSL_F_TLS_COLLECT_EXTENSIONS 0 +#define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 0 +#define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 0 +#define SSL_F_TLS_CONSTRUCT_CERT_STATUS 0 +#define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 0 +#define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 0 +#define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +#define SSL_F_TLS_CONSTRUCT_CKE_DHE 0 +#define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 0 +#define SSL_F_TLS_CONSTRUCT_CKE_GOST 0 +#define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 0 +#define SSL_F_TLS_CONSTRUCT_CKE_RSA 0 +#define SSL_F_TLS_CONSTRUCT_CKE_SRP 0 +#define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 0 +#define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 0 +#define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 0 +#define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_EMS 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_ETM 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_NPN 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_PSK 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_SCT 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_SRP 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 0 +#define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 0 +#define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 0 +#define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 0 +#define SSL_F_TLS_CONSTRUCT_EXTENSIONS 0 +#define SSL_F_TLS_CONSTRUCT_FINISHED 0 +#define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 0 +#define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 0 +#define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 0 +#define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 0 +#define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 0 +#define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 0 +#define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 0 +#define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 0 +#define SSL_F_TLS_CONSTRUCT_STOC_ALPN 0 +#define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 0 +#define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 0 +#define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 0 +#define SSL_F_TLS_CONSTRUCT_STOC_DONE 0 +#define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 0 +#define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 0 +#define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 0 +#define SSL_F_TLS_CONSTRUCT_STOC_EMS 0 +#define SSL_F_TLS_CONSTRUCT_STOC_ETM 0 +#define SSL_F_TLS_CONSTRUCT_STOC_HELLO 0 +#define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 0 +#define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 0 +#define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 0 +#define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 0 +#define SSL_F_TLS_CONSTRUCT_STOC_PSK 0 +#define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 0 +#define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 0 +#define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 0 +#define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 0 +#define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 0 +#define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 0 +#define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 0 +#define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 0 +#define SSL_F_TLS_FINISH_HANDSHAKE 0 +#define SSL_F_TLS_GET_MESSAGE_BODY 0 +#define SSL_F_TLS_GET_MESSAGE_HEADER 0 +#define SSL_F_TLS_HANDLE_ALPN 0 +#define SSL_F_TLS_HANDLE_STATUS_REQUEST 0 +#define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 0 +#define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 0 +#define SSL_F_TLS_PARSE_CTOS_ALPN 0 +#define SSL_F_TLS_PARSE_CTOS_COOKIE 0 +#define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 0 +#define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 0 +#define SSL_F_TLS_PARSE_CTOS_EMS 0 +#define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 0 +#define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 0 +#define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 0 +#define SSL_F_TLS_PARSE_CTOS_PSK 0 +#define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 0 +#define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 0 +#define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 0 +#define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 0 +#define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 0 +#define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 0 +#define SSL_F_TLS_PARSE_CTOS_SRP 0 +#define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 0 +#define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 0 +#define SSL_F_TLS_PARSE_CTOS_USE_SRTP 0 +#define SSL_F_TLS_PARSE_STOC_ALPN 0 +#define SSL_F_TLS_PARSE_STOC_COOKIE 0 +#define SSL_F_TLS_PARSE_STOC_EARLY_DATA 0 +#define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 0 +#define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 0 +#define SSL_F_TLS_PARSE_STOC_KEY_SHARE 0 +#define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 0 +#define SSL_F_TLS_PARSE_STOC_NPN 0 +#define SSL_F_TLS_PARSE_STOC_PSK 0 +#define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 0 +#define SSL_F_TLS_PARSE_STOC_SCT 0 +#define SSL_F_TLS_PARSE_STOC_SERVER_NAME 0 +#define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 0 +#define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 0 +#define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 0 +#define SSL_F_TLS_PARSE_STOC_USE_SRTP 0 +#define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 0 +#define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 0 +#define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 0 +#define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 0 +#define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 0 +#define SSL_F_TLS_PROCESS_CERT_STATUS 0 +#define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 0 +#define SSL_F_TLS_PROCESS_CERT_VERIFY 0 +#define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 0 +#define SSL_F_TLS_PROCESS_CKE_DHE 0 +#define SSL_F_TLS_PROCESS_CKE_ECDHE 0 +#define SSL_F_TLS_PROCESS_CKE_GOST 0 +#define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 0 +#define SSL_F_TLS_PROCESS_CKE_RSA 0 +#define SSL_F_TLS_PROCESS_CKE_SRP 0 +#define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 0 +#define SSL_F_TLS_PROCESS_CLIENT_HELLO 0 +#define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 0 +#define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 0 +#define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 0 +#define SSL_F_TLS_PROCESS_FINISHED 0 +#define SSL_F_TLS_PROCESS_HELLO_REQ 0 +#define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 0 +#define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 0 +#define SSL_F_TLS_PROCESS_KEY_EXCHANGE 0 +#define SSL_F_TLS_PROCESS_KEY_UPDATE 0 +#define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 0 +#define SSL_F_TLS_PROCESS_NEXT_PROTO 0 +#define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 0 +#define SSL_F_TLS_PROCESS_SERVER_DONE 0 +#define SSL_F_TLS_PROCESS_SERVER_HELLO 0 +#define SSL_F_TLS_PROCESS_SKE_DHE 0 +#define SSL_F_TLS_PROCESS_SKE_ECDHE 0 +#define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 0 +#define SSL_F_TLS_PROCESS_SKE_SRP 0 +#define SSL_F_TLS_PSK_DO_BINDER 0 +#define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 0 +#define SSL_F_TLS_SETUP_HANDSHAKE 0 +#define SSL_F_USE_CERTIFICATE_CHAIN_FILE 0 +#define SSL_F_WPACKET_INTERN_INIT_LEN 0 +#define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 0 +#define SSL_F_WRITE_STATE_MACHINE 0 +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/stack.h.orig +++ crypto/openssl/include/openssl/stack.h @@ -8,15 +8,15 @@ */ #ifndef OPENSSL_STACK_H -# define OPENSSL_STACK_H -# pragma once +#define OPENSSL_STACK_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_STACK_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_STACK_H +#endif -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -36,10 +36,10 @@ OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); void OPENSSL_sk_free(OPENSSL_STACK *); -void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func)(void *)); OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, - OPENSSL_sk_copyfunc c, - OPENSSL_sk_freefunc f); + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); @@ -52,38 +52,38 @@ void *OPENSSL_sk_pop(OPENSSL_STACK *st); void OPENSSL_sk_zero(OPENSSL_STACK *st); OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, - OPENSSL_sk_compfunc cmp); + OPENSSL_sk_compfunc cmp); OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); void OPENSSL_sk_sort(OPENSSL_STACK *st); int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define _STACK OPENSSL_STACK -# define sk_num OPENSSL_sk_num -# define sk_value OPENSSL_sk_value -# define sk_set OPENSSL_sk_set -# define sk_new OPENSSL_sk_new -# define sk_new_null OPENSSL_sk_new_null -# define sk_free OPENSSL_sk_free -# define sk_pop_free OPENSSL_sk_pop_free -# define sk_deep_copy OPENSSL_sk_deep_copy -# define sk_insert OPENSSL_sk_insert -# define sk_delete OPENSSL_sk_delete -# define sk_delete_ptr OPENSSL_sk_delete_ptr -# define sk_find OPENSSL_sk_find -# define sk_find_ex OPENSSL_sk_find_ex -# define sk_push OPENSSL_sk_push -# define sk_unshift OPENSSL_sk_unshift -# define sk_shift OPENSSL_sk_shift -# define sk_pop OPENSSL_sk_pop -# define sk_zero OPENSSL_sk_zero -# define sk_set_cmp_func OPENSSL_sk_set_cmp_func -# define sk_dup OPENSSL_sk_dup -# define sk_sort OPENSSL_sk_sort -# define sk_is_sorted OPENSSL_sk_is_sorted -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define _STACK OPENSSL_STACK +#define sk_num OPENSSL_sk_num +#define sk_value OPENSSL_sk_value +#define sk_set OPENSSL_sk_set +#define sk_new OPENSSL_sk_new +#define sk_new_null OPENSSL_sk_new_null +#define sk_free OPENSSL_sk_free +#define sk_pop_free OPENSSL_sk_pop_free +#define sk_deep_copy OPENSSL_sk_deep_copy +#define sk_insert OPENSSL_sk_insert +#define sk_delete OPENSSL_sk_delete +#define sk_delete_ptr OPENSSL_sk_delete_ptr +#define sk_find OPENSSL_sk_find +#define sk_find_ex OPENSSL_sk_find_ex +#define sk_push OPENSSL_sk_push +#define sk_unshift OPENSSL_sk_unshift +#define sk_shift OPENSSL_sk_shift +#define sk_pop OPENSSL_sk_pop +#define sk_zero OPENSSL_sk_zero +#define sk_set_cmp_func OPENSSL_sk_set_cmp_func +#define sk_dup OPENSSL_sk_dup +#define sk_sort OPENSSL_sk_sort +#define sk_is_sorted OPENSSL_sk_is_sorted +#endif -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/store.h.orig +++ crypto/openssl/include/openssl/store.h @@ -8,22 +8,22 @@ */ #ifndef OPENSSL_STORE_H -# define OPENSSL_STORE_H -# pragma once +#define OPENSSL_STORE_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_OSSL_STORE_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_OSSL_STORE_H +#endif -# include -# include -# include -# include +#include +#include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /*- * The main OSSL_STORE functions. @@ -42,7 +42,7 @@ * NULL). */ typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, - void *); + void *); /* * Open a channel given a URI. The given UI method will be used any time the @@ -54,14 +54,14 @@ */ OSSL_STORE_CTX * OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, void *ui_data, - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data); + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); OSSL_STORE_CTX * OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data, - const OSSL_PARAM params[], - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data); + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[], + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); /* * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be @@ -69,24 +69,24 @@ * determine which loader is used), except for common commands (see below). * Each command takes different arguments. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, - ... /* args */); + ... /* args */); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, - va_list args); -# endif + va_list args); +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* * Common ctrl commands that different loaders may choose to support. */ /* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ -# define OSSL_STORE_C_USE_SECMEM 1 +#define OSSL_STORE_C_USE_SECMEM 1 /* Where custom commands start */ -# define OSSL_STORE_C_CUSTOM_START 100 +#define OSSL_STORE_C_CUSTOM_START 100 -# endif +#endif /* * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE @@ -130,11 +130,11 @@ * BIO actually reads. */ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme, - OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data, - const OSSL_PARAM params[], - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data); + OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[], + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); /*- * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs @@ -146,12 +146,12 @@ * OSSL_STORE_INFO_NAME is typically found when getting a listing of * available "files" / "tokens" / what have you. */ -# define OSSL_STORE_INFO_NAME 1 /* char * */ -# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ -# define OSSL_STORE_INFO_PUBKEY 3 /* EVP_PKEY * */ -# define OSSL_STORE_INFO_PKEY 4 /* EVP_PKEY * */ -# define OSSL_STORE_INFO_CERT 5 /* X509 * */ -# define OSSL_STORE_INFO_CRL 6 /* X509_CRL * */ +#define OSSL_STORE_INFO_NAME 1 /* char * */ +#define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +#define OSSL_STORE_INFO_PUBKEY 3 /* EVP_PKEY * */ +#define OSSL_STORE_INFO_PKEY 4 /* EVP_PKEY * */ +#define OSSL_STORE_INFO_CERT 5 /* X509 * */ +#define OSSL_STORE_INFO_CRL 6 /* X509_CRL * */ /* * Functions to generate OSSL_STORE_INFOs, one function for each type we @@ -196,17 +196,16 @@ */ void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); - /*- * Functions to construct a search URI from a base URI and search criteria * ----------------------------------------------------------------------- */ /* OSSL_STORE search types */ -# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ -# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 -# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 -# define OSSL_STORE_SEARCH_BY_ALIAS 4 +#define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +#define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +#define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +#define OSSL_STORE_SEARCH_BY_ALIAS 4 /* To check what search types the scheme handler supports */ int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); @@ -218,11 +217,12 @@ */ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, - const ASN1_INTEGER - *serial); + const ASN1_INTEGER + *serial); OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, - const unsigned char - *bytes, size_t len); + const unsigned char + *bytes, + size_t len); OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); /* Search term destructor */ @@ -232,9 +232,10 @@ int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion); const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH - *criterion); + *criterion); const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH - *criterion, size_t *length); + *criterion, + size_t *length); const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); @@ -245,7 +246,6 @@ int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search); - /*- * Function to fetch a loader and extract data from it * --------------------------------------------------- @@ -254,23 +254,23 @@ typedef struct ossl_store_loader_st OSSL_STORE_LOADER; OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx, - const char *scheme, - const char *properties); + const char *scheme, + const char *properties); int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader); void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * - loader); + loader); const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader); const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader); int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, - const char *scheme); + const char *scheme); void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(OSSL_STORE_LOADER *loader, - void *arg), - void *arg); + void (*fn)(OSSL_STORE_LOADER *loader, + void *arg), + void *arg); int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, - void (*fn)(const char *name, void *data), - void *data); + void (*fn)(const char *name, void *data), + void *data); /*- * Function to register a loader for the given URI scheme. @@ -280,90 +280,83 @@ * scheme. */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* struct ossl_store_loader_ctx_st is defined differently by each loader */ typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; -typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn) - (const OSSL_STORE_LOADER *loader, const char *uri, - const UI_METHOD *ui_method, void *ui_data); -typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_ex_fn) - (const OSSL_STORE_LOADER *loader, - const char *uri, OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data); - -typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn) - (const OSSL_STORE_LOADER *loader, BIO *bio, - OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data); -typedef int (*OSSL_STORE_ctrl_fn) - (OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args); -typedef int (*OSSL_STORE_expect_fn) - (OSSL_STORE_LOADER_CTX *ctx, int expected); -typedef int (*OSSL_STORE_find_fn) - (OSSL_STORE_LOADER_CTX *ctx, const OSSL_STORE_SEARCH *criteria); -typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn) - (OSSL_STORE_LOADER_CTX *ctx, const UI_METHOD *ui_method, void *ui_data); +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER *loader, const char *uri, + const UI_METHOD *ui_method, void *ui_data); +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_ex_fn)(const OSSL_STORE_LOADER *loader, + const char *uri, OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data); + +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn)(const OSSL_STORE_LOADER *loader, BIO *bio, + OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, const OSSL_STORE_SEARCH *criteria); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, const UI_METHOD *ui_method, void *ui_data); typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, - OSSL_STORE_open_fn open_function); + OSSL_STORE_open_fn open_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_open_ex(OSSL_STORE_LOADER *loader, - OSSL_STORE_open_ex_fn open_ex_function); + OSSL_STORE_open_ex_fn open_ex_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, - OSSL_STORE_attach_fn attach_function); + OSSL_STORE_attach_fn attach_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, - OSSL_STORE_ctrl_fn ctrl_function); + OSSL_STORE_ctrl_fn ctrl_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, - OSSL_STORE_expect_fn expect_function); + OSSL_STORE_expect_fn expect_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, - OSSL_STORE_find_fn find_function); + OSSL_STORE_find_fn find_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, - OSSL_STORE_load_fn load_function); + OSSL_STORE_load_fn load_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, - OSSL_STORE_eof_fn eof_function); + OSSL_STORE_eof_fn eof_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, - OSSL_STORE_error_fn error_function); + OSSL_STORE_error_fn error_function); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, - OSSL_STORE_close_fn close_function); + OSSL_STORE_close_fn close_function); OSSL_DEPRECATEDIN_3_0 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 -const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); -# endif +#endif /*- * Functions to list STORE loaders * ------------------------------- */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_do_all_loaders(void (*do_function)(const OSSL_STORE_LOADER *loader, - void *do_arg), - void *do_arg); -# endif + void *do_arg), + void *do_arg); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/storeerr.h.orig +++ crypto/openssl/include/openssl/storeerr.h @@ -9,41 +9,39 @@ */ #ifndef OPENSSL_STOREERR_H -# define OPENSSL_STOREERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_STOREERR_H +#pragma once +#include +#include +#include /* * OSSL_STORE reason codes. */ -# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 -# define OSSL_STORE_R_BAD_PASSWORD_READ 115 -# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 -# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 -# define OSSL_STORE_R_INVALID_SCHEME 106 -# define OSSL_STORE_R_IS_NOT_A 112 -# define OSSL_STORE_R_LOADER_INCOMPLETE 116 -# define OSSL_STORE_R_LOADING_STARTED 117 -# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 -# define OSSL_STORE_R_NOT_A_CRL 101 -# define OSSL_STORE_R_NOT_A_NAME 103 -# define OSSL_STORE_R_NOT_A_PRIVATE_KEY 102 -# define OSSL_STORE_R_NOT_A_PUBLIC_KEY 122 -# define OSSL_STORE_R_NOT_PARAMETERS 104 -# define OSSL_STORE_R_NO_LOADERS_FOUND 123 -# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 -# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 -# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 -# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 -# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 -# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 -# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 -# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 -# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 +#define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +#define OSSL_STORE_R_BAD_PASSWORD_READ 115 +#define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +#define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +#define OSSL_STORE_R_INVALID_SCHEME 106 +#define OSSL_STORE_R_IS_NOT_A 112 +#define OSSL_STORE_R_LOADER_INCOMPLETE 116 +#define OSSL_STORE_R_LOADING_STARTED 117 +#define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +#define OSSL_STORE_R_NOT_A_CRL 101 +#define OSSL_STORE_R_NOT_A_NAME 103 +#define OSSL_STORE_R_NOT_A_PRIVATE_KEY 102 +#define OSSL_STORE_R_NOT_A_PUBLIC_KEY 122 +#define OSSL_STORE_R_NOT_PARAMETERS 104 +#define OSSL_STORE_R_NO_LOADERS_FOUND 123 +#define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +#define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +#define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +#define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +#define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +#define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +#define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +#define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +#define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 #endif --- crypto/openssl/include/openssl/symhacks.h.orig +++ crypto/openssl/include/openssl/symhacks.h @@ -8,32 +8,32 @@ */ #ifndef OPENSSL_SYMHACKS_H -# define OPENSSL_SYMHACKS_H -# pragma once +#define OPENSSL_SYMHACKS_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_SYMHACKS_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_SYMHACKS_H +#endif -# include +#include /* Case insensitive linking causes problems.... */ -# if defined(OPENSSL_SYS_VMS) -# undef ERR_load_CRYPTO_strings -# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings -# undef OCSP_crlID_new -# define OCSP_crlID_new OCSP_crlID2_new +#if defined(OPENSSL_SYS_VMS) +#undef ERR_load_CRYPTO_strings +#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +#undef OCSP_crlID_new +#define OCSP_crlID_new OCSP_crlID2_new -# undef d2i_ECPARAMETERS -# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS -# undef i2d_ECPARAMETERS -# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS -# undef d2i_ECPKPARAMETERS -# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS -# undef i2d_ECPKPARAMETERS -# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS +#undef d2i_ECPARAMETERS +#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +#undef i2d_ECPARAMETERS +#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +#undef d2i_ECPKPARAMETERS +#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +#undef i2d_ECPKPARAMETERS +#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS -# endif +#endif -#endif /* ! defined HEADER_VMS_IDHACKS_H */ +#endif /* ! defined HEADER_VMS_IDHACKS_H */ --- crypto/openssl/include/openssl/tls1.h.orig +++ crypto/openssl/include/openssl/tls1.h @@ -10,213 +10,212 @@ */ #ifndef OPENSSL_TLS1_H -# define OPENSSL_TLS1_H -# pragma once +#define OPENSSL_TLS1_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_TLS1_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_TLS1_H +#endif -# include -# include -# include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif /* Default security level if not overridden at config time */ -# ifndef OPENSSL_TLS_SECURITY_LEVEL -# define OPENSSL_TLS_SECURITY_LEVEL 1 -# endif +#ifndef OPENSSL_TLS_SECURITY_LEVEL +#define OPENSSL_TLS_SECURITY_LEVEL 1 +#endif /* TLS*_VERSION constants are defined in prov_ssl.h */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define TLS_MAX_VERSION TLS1_3_VERSION -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define TLS_MAX_VERSION TLS1_3_VERSION +#endif /* Special value for method supporting multiple versions */ -# define TLS_ANY_VERSION 0x10000 - -# define TLS1_VERSION_MAJOR 0x03 -# define TLS1_VERSION_MINOR 0x01 - -# define TLS1_1_VERSION_MAJOR 0x03 -# define TLS1_1_VERSION_MINOR 0x02 - -# define TLS1_2_VERSION_MAJOR 0x03 -# define TLS1_2_VERSION_MINOR 0x03 - -# define TLS1_get_version(s) \ - ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) - -# define TLS1_get_client_version(s) \ - ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) - -# define TLS1_AD_DECRYPTION_FAILED 21 -# define TLS1_AD_RECORD_OVERFLOW 22 -# define TLS1_AD_UNKNOWN_CA 48/* fatal */ -# define TLS1_AD_ACCESS_DENIED 49/* fatal */ -# define TLS1_AD_DECODE_ERROR 50/* fatal */ -# define TLS1_AD_DECRYPT_ERROR 51 -# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ -# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ -# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ -# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ -# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ -# define TLS1_AD_USER_CANCELLED 90 -# define TLS1_AD_NO_RENEGOTIATION 100 +#define TLS_ANY_VERSION 0x10000 + +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 + +#define TLS1_1_VERSION_MAJOR 0x03 +#define TLS1_1_VERSION_MINOR 0x02 + +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 + +#define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +#define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +#define TLS1_AD_DECRYPTION_FAILED 21 +#define TLS1_AD_RECORD_OVERFLOW 22 +#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ +#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ +#define TLS1_AD_DECODE_ERROR 50 /* fatal */ +#define TLS1_AD_DECRYPT_ERROR 51 +#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ +#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ +#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ +#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ +#define TLS1_AD_USER_CANCELLED 90 +#define TLS1_AD_NO_RENEGOTIATION 100 /* TLSv1.3 alerts */ -# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ -# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +#define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +#define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ /* codes 110-114 are from RFC3546 */ -# define TLS1_AD_UNSUPPORTED_EXTENSION 110 -# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 -# define TLS1_AD_UNRECOGNIZED_NAME 112 -# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 -# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 -# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ -# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ +#define TLS1_AD_UNSUPPORTED_EXTENSION 110 +#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +#define TLS1_AD_UNRECOGNIZED_NAME 112 +#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ +#define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ -# define TLSEXT_TYPE_server_name 0 -# define TLSEXT_TYPE_max_fragment_length 1 -# define TLSEXT_TYPE_client_certificate_url 2 -# define TLSEXT_TYPE_trusted_ca_keys 3 -# define TLSEXT_TYPE_truncated_hmac 4 -# define TLSEXT_TYPE_status_request 5 +#define TLSEXT_TYPE_server_name 0 +#define TLSEXT_TYPE_max_fragment_length 1 +#define TLSEXT_TYPE_client_certificate_url 2 +#define TLSEXT_TYPE_trusted_ca_keys 3 +#define TLSEXT_TYPE_truncated_hmac 4 +#define TLSEXT_TYPE_status_request 5 /* ExtensionType values from RFC4681 */ -# define TLSEXT_TYPE_user_mapping 6 +#define TLSEXT_TYPE_user_mapping 6 /* ExtensionType values from RFC5878 */ -# define TLSEXT_TYPE_client_authz 7 -# define TLSEXT_TYPE_server_authz 8 +#define TLSEXT_TYPE_client_authz 7 +#define TLSEXT_TYPE_server_authz 8 /* ExtensionType values from RFC6091 */ -# define TLSEXT_TYPE_cert_type 9 +#define TLSEXT_TYPE_cert_type 9 /* ExtensionType values from RFC4492 */ /* * Prior to TLSv1.3 the supported_groups extension was known as * elliptic_curves */ -# define TLSEXT_TYPE_supported_groups 10 -# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups -# define TLSEXT_TYPE_ec_point_formats 11 - +#define TLSEXT_TYPE_supported_groups 10 +#define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +#define TLSEXT_TYPE_ec_point_formats 11 /* ExtensionType value from RFC5054 */ -# define TLSEXT_TYPE_srp 12 +#define TLSEXT_TYPE_srp 12 /* ExtensionType values from RFC5246 */ -# define TLSEXT_TYPE_signature_algorithms 13 +#define TLSEXT_TYPE_signature_algorithms 13 /* ExtensionType value from RFC5764 */ -# define TLSEXT_TYPE_use_srtp 14 +#define TLSEXT_TYPE_use_srtp 14 /* ExtensionType value from RFC7301 */ -# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 +#define TLSEXT_TYPE_application_layer_protocol_negotiation 16 /* * Extension type for Certificate Transparency * https://tools.ietf.org/html/rfc6962#section-3.3.1 */ -# define TLSEXT_TYPE_signed_certificate_timestamp 18 +#define TLSEXT_TYPE_signed_certificate_timestamp 18 /* * ExtensionType value for TLS padding extension. * http://tools.ietf.org/html/draft-agl-tls-padding */ -# define TLSEXT_TYPE_padding 21 +#define TLSEXT_TYPE_padding 21 /* ExtensionType value from RFC7366 */ -# define TLSEXT_TYPE_encrypt_then_mac 22 +#define TLSEXT_TYPE_encrypt_then_mac 22 /* ExtensionType value from RFC7627 */ -# define TLSEXT_TYPE_extended_master_secret 23 +#define TLSEXT_TYPE_extended_master_secret 23 /* ExtensionType value from RFC4507 */ -# define TLSEXT_TYPE_session_ticket 35 +#define TLSEXT_TYPE_session_ticket 35 /* As defined for TLS1.3 */ -# define TLSEXT_TYPE_psk 41 -# define TLSEXT_TYPE_early_data 42 -# define TLSEXT_TYPE_supported_versions 43 -# define TLSEXT_TYPE_cookie 44 -# define TLSEXT_TYPE_psk_kex_modes 45 -# define TLSEXT_TYPE_certificate_authorities 47 -# define TLSEXT_TYPE_post_handshake_auth 49 -# define TLSEXT_TYPE_signature_algorithms_cert 50 -# define TLSEXT_TYPE_key_share 51 +#define TLSEXT_TYPE_psk 41 +#define TLSEXT_TYPE_early_data 42 +#define TLSEXT_TYPE_supported_versions 43 +#define TLSEXT_TYPE_cookie 44 +#define TLSEXT_TYPE_psk_kex_modes 45 +#define TLSEXT_TYPE_certificate_authorities 47 +#define TLSEXT_TYPE_post_handshake_auth 49 +#define TLSEXT_TYPE_signature_algorithms_cert 50 +#define TLSEXT_TYPE_key_share 51 /* Temporary extension type */ -# define TLSEXT_TYPE_renegotiate 0xff01 +#define TLSEXT_TYPE_renegotiate 0xff01 -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* This is not an IANA defined extension number */ -# define TLSEXT_TYPE_next_proto_neg 13172 -# endif +#define TLSEXT_TYPE_next_proto_neg 13172 +#endif /* NameType value from RFC3546 */ -# define TLSEXT_NAMETYPE_host_name 0 +#define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC3546 */ -# define TLSEXT_STATUSTYPE_ocsp 1 +#define TLSEXT_STATUSTYPE_ocsp 1 /* ECPointFormat values from RFC4492 */ -# define TLSEXT_ECPOINTFORMAT_first 0 -# define TLSEXT_ECPOINTFORMAT_uncompressed 0 -# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 -# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 -# define TLSEXT_ECPOINTFORMAT_last 2 +#define TLSEXT_ECPOINTFORMAT_first 0 +#define TLSEXT_ECPOINTFORMAT_uncompressed 0 +#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +#define TLSEXT_ECPOINTFORMAT_last 2 /* Signature and hash algorithms from RFC5246 */ -# define TLSEXT_signature_anonymous 0 -# define TLSEXT_signature_rsa 1 -# define TLSEXT_signature_dsa 2 -# define TLSEXT_signature_ecdsa 3 -# define TLSEXT_signature_gostr34102001 237 -# define TLSEXT_signature_gostr34102012_256 238 -# define TLSEXT_signature_gostr34102012_512 239 +#define TLSEXT_signature_anonymous 0 +#define TLSEXT_signature_rsa 1 +#define TLSEXT_signature_dsa 2 +#define TLSEXT_signature_ecdsa 3 +#define TLSEXT_signature_gostr34102001 237 +#define TLSEXT_signature_gostr34102012_256 238 +#define TLSEXT_signature_gostr34102012_512 239 /* Total number of different signature algorithms */ -# define TLSEXT_signature_num 7 - -# define TLSEXT_hash_none 0 -# define TLSEXT_hash_md5 1 -# define TLSEXT_hash_sha1 2 -# define TLSEXT_hash_sha224 3 -# define TLSEXT_hash_sha256 4 -# define TLSEXT_hash_sha384 5 -# define TLSEXT_hash_sha512 6 -# define TLSEXT_hash_gostr3411 237 -# define TLSEXT_hash_gostr34112012_256 238 -# define TLSEXT_hash_gostr34112012_512 239 +#define TLSEXT_signature_num 7 + +#define TLSEXT_hash_none 0 +#define TLSEXT_hash_md5 1 +#define TLSEXT_hash_sha1 2 +#define TLSEXT_hash_sha224 3 +#define TLSEXT_hash_sha256 4 +#define TLSEXT_hash_sha384 5 +#define TLSEXT_hash_sha512 6 +#define TLSEXT_hash_gostr3411 237 +#define TLSEXT_hash_gostr34112012_256 238 +#define TLSEXT_hash_gostr34112012_512 239 /* Total number of different digest algorithms */ -# define TLSEXT_hash_num 10 +#define TLSEXT_hash_num 10 /* Flag set for unrecognised algorithms */ -# define TLSEXT_nid_unknown 0x1000000 +#define TLSEXT_nid_unknown 0x1000000 /* ECC curves */ -# define TLSEXT_curve_P_256 23 -# define TLSEXT_curve_P_384 24 +#define TLSEXT_curve_P_256 23 +#define TLSEXT_curve_P_384 24 /* OpenSSL value to disable maximum fragment length extension */ -# define TLSEXT_max_fragment_length_DISABLED 0 +#define TLSEXT_max_fragment_length_DISABLED 0 /* Allowed values for max fragment length extension */ -# define TLSEXT_max_fragment_length_512 1 -# define TLSEXT_max_fragment_length_1024 2 -# define TLSEXT_max_fragment_length_2048 3 -# define TLSEXT_max_fragment_length_4096 4 +#define TLSEXT_max_fragment_length_512 1 +#define TLSEXT_max_fragment_length_1024 2 +#define TLSEXT_max_fragment_length_2048 3 +#define TLSEXT_max_fragment_length_4096 4 /* OpenSSL value for unset maximum fragment length extension */ -# define TLSEXT_max_fragment_length_UNSPECIFIED 255 +#define TLSEXT_max_fragment_length_UNSPECIFIED 255 int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); -# define TLSEXT_MAXLEN_host_name 255 +#define TLSEXT_MAXLEN_host_name 255 __owur const char *SSL_get_servername(const SSL *s, const int type); __owur int SSL_get_servername_type(const SSL *s); @@ -228,9 +227,9 @@ * 0 or -1 otherwise. */ __owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen, int use_context); + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); /* * SSL_export_keying_material_early exports a value derived from the @@ -240,579 +239,576 @@ * returns 1 on success and 0 otherwise. */ __owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, - size_t olen, const char *label, - size_t llen, - const unsigned char *context, - size_t contextlen); + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); int SSL_get_signature_type_nid(const SSL *s, int *pnid); int SSL_get_sigalgs(SSL *s, int idx, - int *psign, int *phash, int *psignandhash, - unsigned char *rsig, unsigned char *rhash); + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); int SSL_get_shared_sigalgs(SSL *s, int idx, - int *psign, int *phash, int *psignandhash, - unsigned char *rsig, unsigned char *rhash); + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); -# define SSL_set_tlsext_host_name(s,name) \ - SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ - (void *)name) +#define SSL_set_tlsext_host_name(s, name) \ + SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \ + (void *)name) -# define SSL_set_tlsext_debug_callback(ssl, cb) \ - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ - (void (*)(void))cb) +#define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_CB, \ + (void (*)(void))cb) -# define SSL_set_tlsext_debug_arg(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) +#define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_ARG, 0, arg) -# define SSL_get_tlsext_status_type(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) +#define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) -# define SSL_set_tlsext_status_type(ssl, type) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) +#define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) -# define SSL_get_tlsext_status_exts(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) +#define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS, 0, arg) -# define SSL_set_tlsext_status_exts(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) +#define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS, 0, arg) -# define SSL_get_tlsext_status_ids(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) +#define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS, 0, arg) -# define SSL_set_tlsext_status_ids(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) +#define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS, 0, arg) -# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ - SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) +#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP, 0, arg) -# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) +#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP, arglen, arg) -# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ - (void (*)(void))cb) +#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, \ + (void (*)(void))cb) -# define SSL_TLSEXT_ERR_OK 0 -# define SSL_TLSEXT_ERR_ALERT_WARNING 1 -# define SSL_TLSEXT_ERR_ALERT_FATAL 2 -# define SSL_TLSEXT_ERR_NOACK 3 +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_WARNING 1 +#define SSL_TLSEXT_ERR_ALERT_FATAL 2 +#define SSL_TLSEXT_ERR_NOACK 3 -# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) +#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg) -# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) -# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) +#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_TICKET_KEYS, keylen, keys) +#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_TICKET_KEYS, keylen, keys) -# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) -# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ - (void (*)(void))cb) +#define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB, 0, (void *)cb) +#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, \ + (void (*)(void))cb) -# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) -# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +#define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg) +#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg) -# define SSL_CTX_set_tlsext_status_type(ssl, type) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) +#define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) -# define SSL_CTX_get_tlsext_status_type(ssl) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) +#define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ - (void (*)(void))cb) -# endif -int SSL_CTX_set_tlsext_ticket_key_evp_cb - (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, - EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)); +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \ + (void (*)(void))cb) +#endif +int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)); /* PSK ciphersuites from 4279 */ -# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A -# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B -# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C -# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D -# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E -# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F -# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 -# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 -# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 -# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 -# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 -# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 +#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +#define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +#define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +#define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +#define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +#define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +#define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +#define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +#define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 /* PSK ciphersuites from 5487 */ -# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 -# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 -# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA -# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB -# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC -# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD -# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE -# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF -# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 -# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 -# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 -# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 -# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 -# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 -# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 -# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 -# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 -# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 +#define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +#define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +#define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +#define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +#define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +#define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +#define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +#define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +#define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +#define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +#define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +#define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +#define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +#define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +#define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +#define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 /* NULL PSK ciphersuites from RFC4785 */ -# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C -# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D -# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E +#define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +#define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +#define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E /* AES ciphersuites from RFC3268 */ -# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F -# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 -# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 -# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 -# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 -# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 -# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 -# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 -# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 -# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 -# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 -# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A +#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A /* TLS v1.2 ciphersuites */ -# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B -# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C -# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D -# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E -# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F -# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 +#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 /* Camellia ciphersuites from RFC4132 */ -# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 -# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 -# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 -# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 -# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 -# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 /* TLS v1.2 ciphersuites */ -# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 -# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 -# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 -# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A -# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B -# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C -# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D +#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D /* Camellia ciphersuites from RFC4132 */ -# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 -# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 -# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 -# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 -# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 -# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 /* SEED ciphersuites from RFC4162 */ -# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 -# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 -# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 -# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 -# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A -# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B +#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B /* TLS v1.2 GCM ciphersuites from RFC5288 */ -# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C -# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D -# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E -# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F -# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 -# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 -# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 -# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 -# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 -# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 -# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 -# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 +#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 /* CCM ciphersuites from RFC6655 */ -# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C -# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D -# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E -# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F -# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 -# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 -# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 -# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 -# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 -# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 -# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 -# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 -# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 -# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 -# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA -# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB +#define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +#define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +#define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +#define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +#define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +#define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +#define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +#define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +#define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +#define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +#define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +#define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +#define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +#define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +#define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +#define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB /* CCM ciphersuites from RFC7251 */ -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ -# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA -# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB -# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC -# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD -# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE -# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF - -# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 -# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 -# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 -# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 -# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 -# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 /* ECC ciphersuites from RFC4492 */ -# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 -# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 -# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 -# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 -# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 - -# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 -# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 -# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A - -# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B -# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C -# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D -# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E -# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F - -# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 -# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 -# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 -# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 -# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 - -# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 -# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 -# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 -# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 -# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 +#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 /* SRP ciphersuites from RFC 5054 */ -# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A -# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B -# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C -# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D -# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E -# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F -# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 -# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 -# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 +#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 /* ECDH HMAC based ciphersuites from RFC5289 */ -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 -# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 -# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 -# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 -# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 -# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 -# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A /* ECDH GCM based ciphersuites from RFC5289 */ -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B -# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C -# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D -# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E -# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F -# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 -# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 -# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 /* ECDHE PSK ciphersuites from RFC5489 */ -# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 -# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 -# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 -# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 +#define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +#define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 -# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 -# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 +#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 /* NULL PSK ciphersuites from RFC4785 */ -# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 -# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A -# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B +#define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +#define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +#define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B /* Camellia-CBC ciphersuites from RFC6367 */ -# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 -# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 -# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 -# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 -# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 -# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 -# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 -# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 - -# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 -# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 -# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 -# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 -# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 -# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 -# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A -# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B +#define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +#define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +#define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +#define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +#define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +#define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +#define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +#define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +#define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +#define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +#define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +#define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +#define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +#define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +#define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +#define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B /* draft-ietf-tls-chacha20-poly1305-03 */ -# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 -# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 -# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA -# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB -# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC -# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD -# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE +#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +#define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +#define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +#define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +#define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE /* TLS v1.3 ciphersuites */ -# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 -# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 -# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 -# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 -# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 +#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 /* Aria ciphersuites from RFC6209 */ -# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 -# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 -# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 -# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 -# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 -# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 -# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 -# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 -# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 -# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 -# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A -# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B -# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C -# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D -# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E -# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F -# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 -# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 -# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 -# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 -# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A -# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B -# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C -# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D -# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E -# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F +#define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +#define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +#define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +#define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +#define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +#define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +#define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +#define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +#define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +#define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +#define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +#define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +#define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +#define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +#define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +#define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +#define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +#define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +#define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +#define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +#define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +#define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +#define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +#define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +#define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +#define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F /* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ -# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" -# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" -# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" -# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" -# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" -# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" -# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" -# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" -# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" -# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" -# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" -# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" -# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" -# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" -# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" -# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" -# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" -# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" -# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" -# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" -# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" -# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" -# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" -# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" -# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" -# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" -# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" -# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" -# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" -# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" -# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" -# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" -# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" -# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" -# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" -# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" -# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" -# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" -# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" -# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" -# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" -# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" -# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" -# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" -# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" -# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" -# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" -# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" -# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" -# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" -# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" -# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" -# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" -# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" -# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" -# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" -# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" -# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" -# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" -# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" -# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" -# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" -# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" -# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" -# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" -# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" -# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" -# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" -# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" -# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" -# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" -# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" -# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" -# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" -# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" -# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" -# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" -# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" -# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" -# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" -# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" -# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" -# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" -# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" -# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" -# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" -# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" -# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" -# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" -# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" -# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" -# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - +#define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +#define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +#define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +#define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +#define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +#define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +#define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +#define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +#define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +#define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +#define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +#define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +#define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +#define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +#define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +#define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +#define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +#define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +#define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +#define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +#define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +#define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +#define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +#define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +#define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +#define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +#define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +#define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +#define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +#define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +#define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +#define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +#define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +#define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +#define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +#define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +#define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +#define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +#define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +#define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +#define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +#define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +#define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +#define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +#define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +#define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +#define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +#define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +#define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +#define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +#define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +#define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +#define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +#define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +#define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +#define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +#define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +#define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +#define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +#define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +#define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +#define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +#define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +#define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +#define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +#define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +#define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +#define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +#define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +#define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +#define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +#define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +#define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +#define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +#define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +#define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +#define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +#define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +#define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +#define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +#define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +#define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +#define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +#define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +#define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +#define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +#define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +#define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +#define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE @@ -820,398 +816,398 @@ * using DHE everywhere, though we may indefinitely maintain aliases for * users or configurations that used "EDH" */ -# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" +#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" -# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" -# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" -# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" +#define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +#define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +#define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" /* AES ciphersuites from RFC3268 */ -# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" -# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" -# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" -# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" -# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" -# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" - -# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" -# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" -# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" -# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" -# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" -# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" +#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" /* ECC ciphersuites from RFC4492 */ -# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" -# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" -# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" -# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" -# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" - -# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" -# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" -# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" - -# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" -# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" -# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" -# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" -# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" - -# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" -# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" -# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" -# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" -# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" - -# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" -# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" -# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" -# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" -# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" /* PSK ciphersuites from RFC 4279 */ -# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" -# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" -# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" -# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" - -# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" -# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" -# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" -# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" -# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" -# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" -# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" -# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" +#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +#define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +#define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +#define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +#define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +#define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +#define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +#define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +#define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" /* PSK ciphersuites from RFC 5487 */ -# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" -# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" -# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" -# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" -# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" -# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" - -# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" -# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" -# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" -# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" - -# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" -# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" -# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" -# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" - -# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" -# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" -# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" -# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" +#define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +#define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +#define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +#define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +#define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +#define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +#define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +#define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +#define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +#define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +#define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +#define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +#define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +#define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +#define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +#define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" /* SRP ciphersuite from RFC 5054 */ -# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" -# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" -# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" -# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" -# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" -# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" -# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" -# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" -# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" +#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" /* Camellia ciphersuites from RFC4132 */ -# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" -# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" -# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" -# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" -# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" -# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" - -# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" -# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" -# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" -# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" -# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" -# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ -# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" -# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" -# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" -# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" -# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" -# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" - -# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" -# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" -# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" -# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" -# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" -# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" - -# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" -# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" -# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" -# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" -# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" -# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" -# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" -# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +#define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +#define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +#define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +#define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +#define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +#define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +#define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +#define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" /* SEED ciphersuites from RFC4162 */ -# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" -# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" -# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" -# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" -# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" -# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" +#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" /* TLS v1.2 ciphersuites */ -# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" -# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" -# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" -# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" -# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" -# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" -# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" -# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" -# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" -# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" -# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" -# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" -# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" +#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" /* TLS v1.2 GCM ciphersuites from RFC5288 */ -# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" -# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" -# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" -# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" -# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" -# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" -# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" -# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" -# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" -# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" -# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" -# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" +#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" /* CCM ciphersuites from RFC6655 */ -# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" -# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" -# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" -# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" - -# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" -# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" -# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" -# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" - -# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" -# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" -# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" -# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" - -# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" -# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" -# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" -# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" +#define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +#define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +#define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +#define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +#define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +#define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +#define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +#define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +#define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +#define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +#define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +#define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" /* CCM ciphersuites from RFC7251 */ -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" /* ECDH HMAC based ciphersuites from RFC5289 */ -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" -# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" -# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" -# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" -# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" -# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" -# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" /* ECDH GCM based ciphersuites from RFC5289 */ -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" -# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" -# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" -# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" -# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" -# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" -# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" -# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" /* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ -# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" -# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +#define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +#define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" /* ECDHE PSK ciphersuites from RFC 5489 */ -# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" -# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" -# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" -# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" +#define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +#define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" -# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" -# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" +#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" -# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" -# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" -# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" +#define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +#define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +#define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" /* Camellia-CBC ciphersuites from RFC6367 */ -# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" -# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" -# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" -# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" -# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" -# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" -# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" -# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" +#define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +#define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +#define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +#define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +#define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +#define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +#define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +#define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" /* draft-ietf-tls-chacha20-poly1305-03 */ -# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" -# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" -# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" -# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" -# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" -# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" -# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" +#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +#define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +#define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +#define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +#define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" /* Aria ciphersuites from RFC6209 */ -# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" -# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" -# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" -# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" -# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" -# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" -# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" -# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" -# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" -# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" -# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" -# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" -# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" -# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" -# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" -# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" -# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" -# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" -# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" -# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" -# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" -# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" -# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" -# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" -# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" -# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" - -# define TLS_CT_RSA_SIGN 1 -# define TLS_CT_DSS_SIGN 2 -# define TLS_CT_RSA_FIXED_DH 3 -# define TLS_CT_DSS_FIXED_DH 4 -# define TLS_CT_ECDSA_SIGN 64 -# define TLS_CT_RSA_FIXED_ECDH 65 -# define TLS_CT_ECDSA_FIXED_ECDH 66 -# define TLS_CT_GOST01_SIGN 22 -# define TLS_CT_GOST12_IANA_SIGN 67 -# define TLS_CT_GOST12_IANA_512_SIGN 68 -# define TLS_CT_GOST12_LEGACY_SIGN 238 -# define TLS_CT_GOST12_LEGACY_512_SIGN 239 - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define TLS_CT_GOST12_SIGN TLS_CT_GOST12_LEGACY_SIGN -# define TLS_CT_GOST12_512_SIGN TLS_CT_GOST12_LEGACY_512_SIGN -# endif +#define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +#define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +#define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +#define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +#define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +#define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +#define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +#define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +#define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +#define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +#define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +#define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +#define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +#define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +#define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +#define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +#define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +#define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +#define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +#define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +#define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +#define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +#define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +#define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +#define TLS_CT_RSA_SIGN 1 +#define TLS_CT_DSS_SIGN 2 +#define TLS_CT_RSA_FIXED_DH 3 +#define TLS_CT_DSS_FIXED_DH 4 +#define TLS_CT_ECDSA_SIGN 64 +#define TLS_CT_RSA_FIXED_ECDH 65 +#define TLS_CT_ECDSA_FIXED_ECDH 66 +#define TLS_CT_GOST01_SIGN 22 +#define TLS_CT_GOST12_IANA_SIGN 67 +#define TLS_CT_GOST12_IANA_512_SIGN 68 +#define TLS_CT_GOST12_LEGACY_SIGN 238 +#define TLS_CT_GOST12_LEGACY_512_SIGN 239 + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define TLS_CT_GOST12_SIGN TLS_CT_GOST12_LEGACY_SIGN +#define TLS_CT_GOST12_512_SIGN TLS_CT_GOST12_LEGACY_512_SIGN +#endif /* * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ -# define TLS_CT_NUMBER 12 - -# if defined(SSL3_CT_NUMBER) -# if TLS_CT_NUMBER != SSL3_CT_NUMBER -# error "SSL/TLS CT_NUMBER values do not match" -# endif -# endif - -# define TLS1_FINISH_MAC_LENGTH 12 - -# define TLS_MD_MAX_CONST_SIZE 22 -# define TLS_MD_CLIENT_FINISH_CONST "client finished" -# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 -# define TLS_MD_SERVER_FINISH_CONST "server finished" -# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 -# define TLS_MD_KEY_EXPANSION_CONST "key expansion" -# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 -# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" -# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 -# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" -# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 -# define TLS_MD_IV_BLOCK_CONST "IV block" -# define TLS_MD_IV_BLOCK_CONST_SIZE 8 -# define TLS_MD_MASTER_SECRET_CONST "master secret" -# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 -# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" -# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 - -# ifdef CHARSET_EBCDIC -# undef TLS_MD_CLIENT_FINISH_CONST +#define TLS_CT_NUMBER 12 + +#if defined(SSL3_CT_NUMBER) +#if TLS_CT_NUMBER != SSL3_CT_NUMBER +#error "SSL/TLS CT_NUMBER values do not match" +#endif +#endif + +#define TLS1_FINISH_MAC_LENGTH 12 + +#define TLS_MD_MAX_CONST_SIZE 22 +#define TLS_MD_CLIENT_FINISH_CONST "client finished" +#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +#define TLS_MD_SERVER_FINISH_CONST "server finished" +#define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +#define TLS_MD_KEY_EXPANSION_CONST "key expansion" +#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_IV_BLOCK_CONST "IV block" +#define TLS_MD_IV_BLOCK_CONST_SIZE 8 +#define TLS_MD_MASTER_SECRET_CONST "master secret" +#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +#define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +#define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +#ifdef CHARSET_EBCDIC +#undef TLS_MD_CLIENT_FINISH_CONST /* * client finished */ -# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" +#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" -# undef TLS_MD_SERVER_FINISH_CONST +#undef TLS_MD_SERVER_FINISH_CONST /* * server finished */ -# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" +#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" -# undef TLS_MD_SERVER_WRITE_KEY_CONST +#undef TLS_MD_SERVER_WRITE_KEY_CONST /* * server write key */ -# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" +#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" -# undef TLS_MD_KEY_EXPANSION_CONST +#undef TLS_MD_KEY_EXPANSION_CONST /* * key expansion */ -# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" +#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" -# undef TLS_MD_CLIENT_WRITE_KEY_CONST +#undef TLS_MD_CLIENT_WRITE_KEY_CONST /* * client write key */ -# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" +#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" -# undef TLS_MD_SERVER_WRITE_KEY_CONST +#undef TLS_MD_SERVER_WRITE_KEY_CONST /* * server write key */ -# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" +#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" -# undef TLS_MD_IV_BLOCK_CONST +#undef TLS_MD_IV_BLOCK_CONST /* * IV block */ -# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" +#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" -# undef TLS_MD_MASTER_SECRET_CONST +#undef TLS_MD_MASTER_SECRET_CONST /* * master secret */ -# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" -# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +#undef TLS_MD_EXTENDED_MASTER_SECRET_CONST /* * extended master secret */ -# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" -# endif +#define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +#endif /* TLS Session Ticket extension struct */ struct tls_session_ticket_ext_st { @@ -1219,7 +1215,7 @@ void *data; }; -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/trace.h.orig +++ crypto/openssl/include/openssl/trace.h @@ -8,16 +8,16 @@ */ #ifndef OPENSSL_TRACE_H -# define OPENSSL_TRACE_H -# pragma once +#define OPENSSL_TRACE_H +#pragma once -# include +#include -# include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * TRACE CATEGORIES @@ -37,26 +37,26 @@ * it is better to register channels for all categories separately. * (This is how the openssl application does it.) */ -# define OSSL_TRACE_CATEGORY_ALL 0 /* The fallback */ -# define OSSL_TRACE_CATEGORY_TRACE 1 -# define OSSL_TRACE_CATEGORY_INIT 2 -# define OSSL_TRACE_CATEGORY_TLS 3 -# define OSSL_TRACE_CATEGORY_TLS_CIPHER 4 -# define OSSL_TRACE_CATEGORY_CONF 5 -# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 -# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 -# define OSSL_TRACE_CATEGORY_PKCS5V2 8 -# define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 9 -# define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 -# define OSSL_TRACE_CATEGORY_X509V3_POLICY 11 -# define OSSL_TRACE_CATEGORY_BN_CTX 12 -# define OSSL_TRACE_CATEGORY_CMP 13 -# define OSSL_TRACE_CATEGORY_STORE 14 -# define OSSL_TRACE_CATEGORY_DECODER 15 -# define OSSL_TRACE_CATEGORY_ENCODER 16 -# define OSSL_TRACE_CATEGORY_REF_COUNT 17 +#define OSSL_TRACE_CATEGORY_ALL 0 /* The fallback */ +#define OSSL_TRACE_CATEGORY_TRACE 1 +#define OSSL_TRACE_CATEGORY_INIT 2 +#define OSSL_TRACE_CATEGORY_TLS 3 +#define OSSL_TRACE_CATEGORY_TLS_CIPHER 4 +#define OSSL_TRACE_CATEGORY_CONF 5 +#define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 +#define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 +#define OSSL_TRACE_CATEGORY_PKCS5V2 8 +#define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 9 +#define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 +#define OSSL_TRACE_CATEGORY_X509V3_POLICY 11 +#define OSSL_TRACE_CATEGORY_BN_CTX 12 +#define OSSL_TRACE_CATEGORY_CMP 13 +#define OSSL_TRACE_CATEGORY_STORE 14 +#define OSSL_TRACE_CATEGORY_DECODER 15 +#define OSSL_TRACE_CATEGORY_ENCODER 16 +#define OSSL_TRACE_CATEGORY_REF_COUNT 17 /* Count of available categories. */ -# define OSSL_TRACE_CATEGORY_NUM 18 +#define OSSL_TRACE_CATEGORY_NUM 18 /* Returns the trace category number for the given |name| */ int OSSL_trace_get_category_num(const char *name); @@ -75,7 +75,7 @@ * * Returns 1 on success and 0 on failure */ -int OSSL_trace_set_channel(int category, BIO* channel); +int OSSL_trace_set_channel(int category, BIO *channel); /* * Attach a prefix and a suffix to the given |category|, to be printed at the @@ -101,13 +101,13 @@ * The |category| number is given, as well as a |cmd| number, described below. */ typedef size_t (*OSSL_trace_cb)(const char *buffer, size_t count, - int category, int cmd, void *data); + int category, int cmd, void *data); /* * Possible |cmd| numbers. */ -# define OSSL_TRACE_CTRL_BEGIN 0 -# define OSSL_TRACE_CTRL_WRITE 1 -# define OSSL_TRACE_CTRL_END 2 +#define OSSL_TRACE_CTRL_BEGIN 0 +#define OSSL_TRACE_CTRL_WRITE 1 +#define OSSL_TRACE_CTRL_END 2 /* * Enables tracing for the given |category| by creating an internal @@ -196,35 +196,37 @@ * call OSSL_TRACE_CANCEL(category). */ -# if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE +#if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE -# define OSSL_TRACE_BEGIN(category) \ - do { \ +#define OSSL_TRACE_BEGIN(category) \ + do { \ BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_##category); \ - \ + \ if (trc_out != NULL) -# define OSSL_TRACE_END(category) \ - OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out); \ - } while (0) +#define OSSL_TRACE_END(category) \ + OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out); \ + } \ + while (0) -# define OSSL_TRACE_CANCEL(category) \ - OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out) \ +#define OSSL_TRACE_CANCEL(category) \ + OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out) -# else +#else -# define OSSL_TRACE_BEGIN(category) \ - do { \ - BIO *trc_out = NULL; \ +#define OSSL_TRACE_BEGIN(category) \ + do { \ + BIO *trc_out = NULL; \ if (0) -# define OSSL_TRACE_END(category) \ - } while(0) +#define OSSL_TRACE_END(category) \ + } \ + while (0) -# define OSSL_TRACE_CANCEL(category) \ +#define OSSL_TRACE_CANCEL(category) \ ((void)0) -# endif +#endif /* * OSSL_TRACE_ENABLED() - Check whether tracing is enabled for |category| @@ -235,16 +237,16 @@ * ... * } */ -# if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE +#if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE -# define OSSL_TRACE_ENABLED(category) \ +#define OSSL_TRACE_ENABLED(category) \ OSSL_trace_enabled(OSSL_TRACE_CATEGORY_##category) -# else +#else -# define OSSL_TRACE_ENABLED(category) (0) +#define OSSL_TRACE_ENABLED(category) (0) -# endif +#endif /* * OSSL_TRACE*() - OneShot Trace Macros @@ -268,43 +270,43 @@ * 42, "What do you get when you multiply six by nine?"); */ -# if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE +#if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE -# define OSSL_TRACEV(category, args) \ - OSSL_TRACE_BEGIN(category) \ - BIO_printf args; \ +#define OSSL_TRACEV(category, args) \ + OSSL_TRACE_BEGIN(category) \ + BIO_printf args; \ OSSL_TRACE_END(category) -# else +#else -# define OSSL_TRACEV(category, args) ((void)0) +#define OSSL_TRACEV(category, args) ((void)0) -# endif +#endif -# define OSSL_TRACE(category, text) \ +#define OSSL_TRACE(category, text) \ OSSL_TRACEV(category, (trc_out, "%s", text)) -# define OSSL_TRACE1(category, format, arg1) \ +#define OSSL_TRACE1(category, format, arg1) \ OSSL_TRACEV(category, (trc_out, format, arg1)) -# define OSSL_TRACE2(category, format, arg1, arg2) \ +#define OSSL_TRACE2(category, format, arg1, arg2) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2)) -# define OSSL_TRACE3(category, format, arg1, arg2, arg3) \ +#define OSSL_TRACE3(category, format, arg1, arg2, arg3) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3)) -# define OSSL_TRACE4(category, format, arg1, arg2, arg3, arg4) \ +#define OSSL_TRACE4(category, format, arg1, arg2, arg3, arg4) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4)) -# define OSSL_TRACE5(category, format, arg1, arg2, arg3, arg4, arg5) \ +#define OSSL_TRACE5(category, format, arg1, arg2, arg3, arg4, arg5) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5)) -# define OSSL_TRACE6(category, format, arg1, arg2, arg3, arg4, arg5, arg6) \ +#define OSSL_TRACE6(category, format, arg1, arg2, arg3, arg4, arg5, arg6) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6)) -# define OSSL_TRACE7(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7) \ +#define OSSL_TRACE7(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7)) -# define OSSL_TRACE8(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) \ +#define OSSL_TRACE8(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8)) -# define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \ +#define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9)) -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/ts.h.orig +++ crypto/openssl/include/openssl/ts.h @@ -8,34 +8,34 @@ */ #ifndef OPENSSL_TS_H -# define OPENSSL_TS_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_TS_H -# endif - -# include - -# ifndef OPENSSL_NO_TS -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include -# ifdef __cplusplus +#define OPENSSL_TS_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_TS_H +#endif + +#include + +#ifndef OPENSSL_NO_TS +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef __cplusplus extern "C" { -# endif +#endif -# include -# include +#include +#include typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; typedef struct TS_req_st TS_REQ; @@ -43,23 +43,22 @@ typedef struct TS_tst_info_st TS_TST_INFO; /* Possible values for status. */ -# define TS_STATUS_GRANTED 0 -# define TS_STATUS_GRANTED_WITH_MODS 1 -# define TS_STATUS_REJECTION 2 -# define TS_STATUS_WAITING 3 -# define TS_STATUS_REVOCATION_WARNING 4 -# define TS_STATUS_REVOCATION_NOTIFICATION 5 +#define TS_STATUS_GRANTED 0 +#define TS_STATUS_GRANTED_WITH_MODS 1 +#define TS_STATUS_REJECTION 2 +#define TS_STATUS_WAITING 3 +#define TS_STATUS_REVOCATION_WARNING 4 +#define TS_STATUS_REVOCATION_NOTIFICATION 5 /* Possible values for failure_info. */ -# define TS_INFO_BAD_ALG 0 -# define TS_INFO_BAD_REQUEST 2 -# define TS_INFO_BAD_DATA_FORMAT 5 -# define TS_INFO_TIME_NOT_AVAILABLE 14 -# define TS_INFO_UNACCEPTED_POLICY 15 -# define TS_INFO_UNACCEPTED_EXTENSION 16 -# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 -# define TS_INFO_SYSTEM_FAILURE 25 - +#define TS_INFO_BAD_ALG 0 +#define TS_INFO_BAD_REQUEST 2 +#define TS_INFO_BAD_DATA_FORMAT 5 +#define TS_INFO_TIME_NOT_AVAILABLE 14 +#define TS_INFO_UNACCEPTED_POLICY 15 +#define TS_INFO_UNACCEPTED_EXTENSION 16 +#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +#define TS_INFO_SYSTEM_FAILURE 25 typedef struct TS_status_info_st TS_STATUS_INFO; @@ -214,7 +213,7 @@ int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); @@ -228,39 +227,39 @@ /* Optional flags for response generation. */ /* Don't include the TSA name in response. */ -# define TS_TSA_NAME 0x01 +#define TS_TSA_NAME 0x01 /* Set ordering to true in response. */ -# define TS_ORDERING 0x02 +#define TS_ORDERING 0x02 /* * Include the signer certificate and the other specified certificates in * the ESS signing certificate attribute beside the PKCS7 signed data. * Only the signer certificates is included by default. */ -# define TS_ESS_CERT_ID_CHAIN 0x04 +#define TS_ESS_CERT_ID_CHAIN 0x04 /* Forward declaration. */ struct TS_resp_ctx; /* This must return a unique number less than 160 bits long. */ -typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); +typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); /* * This must return the seconds and microseconds since Jan 1, 1970 in the sec * and usec variables allocated by the caller. Return non-zero for success * and zero for failure. */ -typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, - long *usec); +typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, + long *usec); /* * This must process the given extension. It can modify the TS_TST_INFO * object of the context. Return values: !0 (processed), 0 (error, it must * set the status info/failure info of the response). */ -typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, - void *); +typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, + void *); typedef struct TS_resp_ctx TS_RESP_CTX; @@ -276,7 +275,7 @@ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, - const EVP_MD *signer_digest); + const EVP_MD *signer_digest); int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); /* This parameter must be set. */ @@ -299,19 +298,19 @@ /* Accuracy is not included by default. */ int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, - int secs, int millis, int micros); + int secs, int millis, int micros); /* * Clock precision digits, i.e. the number of decimal digits: '0' means sec, * '3' msec, '6' usec, and so on. Default is 0. */ int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, - unsigned clock_precision_digits); + unsigned clock_precision_digits); /* At most we accept usec precision. */ -# define TS_MAX_CLOCK_PRECISION_DIGITS 6 +#define TS_MAX_CLOCK_PRECISION_DIGITS 6 /* Maximum status message length */ -# define TS_MAX_STATUS_LENGTH (1024 * 1024) +#define TS_MAX_STATUS_LENGTH (1024 * 1024) /* No flags are set by default. */ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); @@ -328,15 +327,15 @@ */ /* FIXME: extension handling is not tested yet. */ void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, - TS_extension_cb cb, void *data); + TS_extension_cb cb, void *data); /* The following methods can be used in the callbacks. */ int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, - int status, const char *text); + int status, const char *text); /* Sets the status info only if it is still TS_STATUS_GRANTED. */ int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, - int status, const char *text); + int status, const char *text); int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); @@ -358,49 +357,49 @@ */ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, - X509_STORE *store, X509 **signer_out); + X509_STORE *store, X509 **signer_out); /* Context structure for the generic verify method. */ /* Verify the signer's certificate and the signature of the response. */ -# define TS_VFY_SIGNATURE (1u << 0) +#define TS_VFY_SIGNATURE (1u << 0) /* Verify the version number of the response. */ -# define TS_VFY_VERSION (1u << 1) +#define TS_VFY_VERSION (1u << 1) /* Verify if the policy supplied by the user matches the policy of the TSA. */ -# define TS_VFY_POLICY (1u << 2) +#define TS_VFY_POLICY (1u << 2) /* * Verify the message imprint provided by the user. This flag should not be * specified with TS_VFY_DATA. */ -# define TS_VFY_IMPRINT (1u << 3) +#define TS_VFY_IMPRINT (1u << 3) /* * Verify the message imprint computed by the verify method from the user * provided data and the MD algorithm of the response. This flag should not * be specified with TS_VFY_IMPRINT. */ -# define TS_VFY_DATA (1u << 4) +#define TS_VFY_DATA (1u << 4) /* Verify the nonce value. */ -# define TS_VFY_NONCE (1u << 5) +#define TS_VFY_NONCE (1u << 5) /* Verify if the TSA name field matches the signer certificate. */ -# define TS_VFY_SIGNER (1u << 6) +#define TS_VFY_SIGNER (1u << 6) /* Verify if the TSA name field equals to the user provided name. */ -# define TS_VFY_TSA_NAME (1u << 7) +#define TS_VFY_TSA_NAME (1u << 7) /* You can use the following convenience constants. */ -# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ - | TS_VFY_VERSION \ - | TS_VFY_POLICY \ - | TS_VFY_IMPRINT \ - | TS_VFY_NONCE \ - | TS_VFY_SIGNER \ - | TS_VFY_TSA_NAME) -# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ - | TS_VFY_VERSION \ - | TS_VFY_POLICY \ - | TS_VFY_DATA \ - | TS_VFY_NONCE \ - | TS_VFY_SIGNER \ - | TS_VFY_TSA_NAME) +#define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +#define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) typedef struct TS_verify_ctx TS_VERIFY_CTX; @@ -418,11 +417,11 @@ int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, - unsigned char *hexstr, long len); + unsigned char *hexstr, long len); X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert) -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx, cert) +#endif STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); /*- @@ -467,37 +466,37 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, - TS_RESP_CTX *ctx); + TS_RESP_CTX *ctx); #ifndef OPENSSL_NO_ENGINE int TS_CONF_set_crypto_device(CONF *conf, const char *section, - const char *device); + const char *device); int TS_CONF_set_default_engine(const char *name); #endif int TS_CONF_set_signer_cert(CONF *conf, const char *section, - const char *cert, TS_RESP_CTX *ctx); + const char *cert, TS_RESP_CTX *ctx); int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, - TS_RESP_CTX *ctx); + TS_RESP_CTX *ctx); int TS_CONF_set_signer_key(CONF *conf, const char *section, - const char *key, const char *pass, - TS_RESP_CTX *ctx); + const char *key, const char *pass, + TS_RESP_CTX *ctx); int TS_CONF_set_signer_digest(CONF *conf, const char *section, - const char *md, TS_RESP_CTX *ctx); + const char *md, TS_RESP_CTX *ctx); int TS_CONF_set_def_policy(CONF *conf, const char *section, - const char *policy, TS_RESP_CTX *ctx); + const char *policy, TS_RESP_CTX *ctx); int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section, - TS_RESP_CTX *ctx); + TS_RESP_CTX *ctx); int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, - TS_RESP_CTX *ctx); + TS_RESP_CTX *ctx); int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, - TS_RESP_CTX *ctx); + TS_RESP_CTX *ctx); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/tserr.h.orig +++ crypto/openssl/include/openssl/tserr.h @@ -9,59 +9,57 @@ */ #ifndef OPENSSL_TSERR_H -# define OPENSSL_TSERR_H -# pragma once +#define OPENSSL_TSERR_H +#pragma once -# include -# include -# include - - -# ifndef OPENSSL_NO_TS +#include +#include +#include +#ifndef OPENSSL_NO_TS /* * TS reason codes. */ -# define TS_R_BAD_PKCS7_TYPE 132 -# define TS_R_BAD_TYPE 133 -# define TS_R_CANNOT_LOAD_CERT 137 -# define TS_R_CANNOT_LOAD_KEY 138 -# define TS_R_CERTIFICATE_VERIFY_ERROR 100 -# define TS_R_COULD_NOT_SET_ENGINE 127 -# define TS_R_COULD_NOT_SET_TIME 115 -# define TS_R_DETACHED_CONTENT 134 -# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 -# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 -# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 -# define TS_R_INVALID_NULL_POINTER 102 -# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 -# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 -# define TS_R_NONCE_MISMATCH 104 -# define TS_R_NONCE_NOT_RETURNED 105 -# define TS_R_NO_CONTENT 106 -# define TS_R_NO_TIME_STAMP_TOKEN 107 -# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 -# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 -# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 -# define TS_R_POLICY_MISMATCH 108 -# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 -# define TS_R_RESPONSE_SETUP_ERROR 121 -# define TS_R_SIGNATURE_FAILURE 109 -# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 -# define TS_R_TIME_SYSCALL_ERROR 122 -# define TS_R_TOKEN_NOT_PRESENT 130 -# define TS_R_TOKEN_PRESENT 131 -# define TS_R_TSA_NAME_MISMATCH 111 -# define TS_R_TSA_UNTRUSTED 112 -# define TS_R_TST_INFO_SETUP_ERROR 123 -# define TS_R_TS_DATASIGN 124 -# define TS_R_UNACCEPTABLE_POLICY 125 -# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 -# define TS_R_UNSUPPORTED_VERSION 113 -# define TS_R_VAR_BAD_VALUE 135 -# define TS_R_VAR_LOOKUP_FAILURE 136 -# define TS_R_WRONG_CONTENT_TYPE 114 +#define TS_R_BAD_PKCS7_TYPE 132 +#define TS_R_BAD_TYPE 133 +#define TS_R_CANNOT_LOAD_CERT 137 +#define TS_R_CANNOT_LOAD_KEY 138 +#define TS_R_CERTIFICATE_VERIFY_ERROR 100 +#define TS_R_COULD_NOT_SET_ENGINE 127 +#define TS_R_COULD_NOT_SET_TIME 115 +#define TS_R_DETACHED_CONTENT 134 +#define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +#define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +#define TS_R_INVALID_NULL_POINTER 102 +#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +#define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +#define TS_R_NONCE_MISMATCH 104 +#define TS_R_NONCE_NOT_RETURNED 105 +#define TS_R_NO_CONTENT 106 +#define TS_R_NO_TIME_STAMP_TOKEN 107 +#define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +#define TS_R_POLICY_MISMATCH 108 +#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +#define TS_R_RESPONSE_SETUP_ERROR 121 +#define TS_R_SIGNATURE_FAILURE 109 +#define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +#define TS_R_TIME_SYSCALL_ERROR 122 +#define TS_R_TOKEN_NOT_PRESENT 130 +#define TS_R_TOKEN_PRESENT 131 +#define TS_R_TSA_NAME_MISMATCH 111 +#define TS_R_TSA_UNTRUSTED 112 +#define TS_R_TST_INFO_SETUP_ERROR 123 +#define TS_R_TS_DATASIGN 124 +#define TS_R_UNACCEPTABLE_POLICY 125 +#define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +#define TS_R_UNSUPPORTED_VERSION 113 +#define TS_R_VAR_BAD_VALUE 135 +#define TS_R_VAR_LOOKUP_FAILURE 136 +#define TS_R_WRONG_CONTENT_TYPE 114 -# endif +#endif #endif --- crypto/openssl/include/openssl/txt_db.h.orig +++ crypto/openssl/include/openssl/txt_db.h @@ -8,28 +8,28 @@ */ #ifndef OPENSSL_TXT_DB_H -# define OPENSSL_TXT_DB_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_TXT_DB_H -# endif - -# include -# include -# include -# include - -# define DB_ERROR_OK 0 -# define DB_ERROR_MALLOC 1 -# define DB_ERROR_INDEX_CLASH 2 -# define DB_ERROR_INDEX_OUT_OF_RANGE 3 -# define DB_ERROR_NO_INDEX 4 -# define DB_ERROR_INSERT_INDEX_CLASH 5 -# define DB_ERROR_WRONG_NUM_FIELDS 6 - -#ifdef __cplusplus +#define OPENSSL_TXT_DB_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_TXT_DB_H +#endif + +#include +#include +#include +#include + +#define DB_ERROR_OK 0 +#define DB_ERROR_MALLOC 1 +#define DB_ERROR_INDEX_CLASH 2 +#define DB_ERROR_INDEX_OUT_OF_RANGE 3 +#define DB_ERROR_NO_INDEX 4 +#define DB_ERROR_INSERT_INDEX_CLASH 5 +#define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus extern "C" { #endif @@ -40,7 +40,7 @@ int num_fields; STACK_OF(OPENSSL_PSTRING) *data; LHASH_OF(OPENSSL_STRING) **index; - int (**qual) (OPENSSL_STRING *); + int (**qual)(OPENSSL_STRING *); long error; long arg1; long arg2; @@ -49,14 +49,14 @@ TXT_DB *TXT_DB_read(BIO *in, int num); long TXT_DB_write(BIO *out, TXT_DB *db); -int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), - OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); void TXT_DB_free(TXT_DB *db); OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, - OPENSSL_STRING *value); + OPENSSL_STRING *value); int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/types.h.orig +++ crypto/openssl/include/openssl/types.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,40 +8,40 @@ */ #ifndef OPENSSL_TYPES_H -# define OPENSSL_TYPES_H -# pragma once +#define OPENSSL_TYPES_H +#pragma once -# include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -# include -# include -# include +#include +#include +#include typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */ -# ifdef NO_ASN1_TYPEDEFS -# define ASN1_INTEGER ASN1_STRING -# define ASN1_ENUMERATED ASN1_STRING -# define ASN1_BIT_STRING ASN1_STRING -# define ASN1_OCTET_STRING ASN1_STRING -# define ASN1_PRINTABLESTRING ASN1_STRING -# define ASN1_T61STRING ASN1_STRING -# define ASN1_IA5STRING ASN1_STRING -# define ASN1_UTCTIME ASN1_STRING -# define ASN1_GENERALIZEDTIME ASN1_STRING -# define ASN1_TIME ASN1_STRING -# define ASN1_GENERALSTRING ASN1_STRING -# define ASN1_UNIVERSALSTRING ASN1_STRING -# define ASN1_BMPSTRING ASN1_STRING -# define ASN1_VISIBLESTRING ASN1_STRING -# define ASN1_UTF8STRING ASN1_STRING -# define ASN1_BOOLEAN int -# define ASN1_NULL int -# else +#ifdef NO_ASN1_TYPEDEFS +#define ASN1_INTEGER ASN1_STRING +#define ASN1_ENUMERATED ASN1_STRING +#define ASN1_BIT_STRING ASN1_STRING +#define ASN1_OCTET_STRING ASN1_STRING +#define ASN1_PRINTABLESTRING ASN1_STRING +#define ASN1_T61STRING ASN1_STRING +#define ASN1_IA5STRING ASN1_STRING +#define ASN1_UTCTIME ASN1_STRING +#define ASN1_GENERALIZEDTIME ASN1_STRING +#define ASN1_TIME ASN1_STRING +#define ASN1_GENERALSTRING ASN1_STRING +#define ASN1_UNIVERSALSTRING ASN1_STRING +#define ASN1_BMPSTRING ASN1_STRING +#define ASN1_VISIBLESTRING ASN1_STRING +#define ASN1_UTF8STRING ASN1_STRING +#define ASN1_BOOLEAN int +#define ASN1_NULL int +#else typedef struct asn1_string_st ASN1_INTEGER; typedef struct asn1_string_st ASN1_ENUMERATED; typedef struct asn1_string_st ASN1_BIT_STRING; @@ -60,7 +60,7 @@ typedef struct asn1_string_st ASN1_STRING; typedef int ASN1_BOOLEAN; typedef int ASN1_NULL; -# endif +#endif typedef struct asn1_type_st ASN1_TYPE; typedef struct asn1_object_st ASN1_OBJECT; @@ -70,18 +70,18 @@ typedef struct asn1_pctx_st ASN1_PCTX; typedef struct asn1_sctx_st ASN1_SCTX; -# ifdef _WIN32 -# undef X509_NAME -# undef X509_EXTENSIONS -# undef PKCS7_ISSUER_AND_SERIAL -# undef PKCS7_SIGNER_INFO -# undef OCSP_REQUEST -# undef OCSP_RESPONSE -# endif +#ifdef _WIN32 +#undef X509_NAME +#undef X509_EXTENSIONS +#undef PKCS7_ISSUER_AND_SERIAL +#undef PKCS7_SIGNER_INFO +#undef OCSP_REQUEST +#undef OCSP_RESPONSE +#endif -# ifdef BIGNUM -# undef BIGNUM -# endif +#ifdef BIGNUM +#undef BIGNUM +#endif typedef struct bio_st BIO; typedef struct bignum_st BIGNUM; @@ -134,21 +134,23 @@ typedef struct dh_st DH; typedef struct dh_method DH_METHOD; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct dsa_st DSA; typedef struct dsa_method DSA_METHOD; -# endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; -# endif +#endif + typedef struct rsa_pss_params_st RSA_PSS_PARAMS; +typedef struct rsa_oaep_params_st RSA_OAEP_PARAMS; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct ec_key_st EC_KEY; typedef struct ec_key_method_st EC_KEY_METHOD; -# endif +#endif typedef struct rand_meth_st RAND_METHOD; typedef struct rand_drbg_st RAND_DRBG; @@ -220,7 +222,7 @@ typedef struct ossl_param_st OSSL_PARAM; typedef struct ossl_param_bld_st OSSL_PARAM_BLD; -typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); +typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); typedef struct ossl_encoder_st OSSL_ENCODER; typedef struct ossl_encoder_ctx_st OSSL_ENCODER_CTX; @@ -229,7 +231,7 @@ typedef struct ossl_self_test_st OSSL_SELF_TEST; -#ifdef __cplusplus +#ifdef __cplusplus } #endif --- crypto/openssl/include/openssl/ui.h.orig +++ crypto/openssl/include/openssl/ui.h @@ -10,37 +10,39 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_UI_H -# define OPENSSL_UI_H -# pragma once +#define OPENSSL_UI_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_UI_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_UI_H +#endif -# include +#include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# endif -# include -# include -# include -# include +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#endif +#include +#include +#include +#include /* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifdef OPENSSL_NO_UI_CONSOLE -# define OPENSSL_NO_UI -# endif -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifdef OPENSSL_NO_UI_CONSOLE +#define OPENSSL_NO_UI +#endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * All the following functions return -1 or NULL on error and in some cases @@ -98,21 +100,21 @@ On success, the all return an index of the added information. That index is useful when retrieving results with UI_get0_result(). */ int UI_add_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize); + char *result_buf, int minsize, int maxsize); int UI_dup_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize); + char *result_buf, int minsize, int maxsize); int UI_add_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf); + char *result_buf, int minsize, int maxsize, + const char *test_buf); int UI_dup_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf); + char *result_buf, int minsize, int maxsize, + const char *test_buf); int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf); + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf); + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); int UI_add_info_string(UI *ui, const char *text); int UI_dup_info_string(UI *ui, const char *text); int UI_add_error_string(UI *ui, const char *text); @@ -120,7 +122,7 @@ /* These are the possible flags. They can be or'ed together. */ /* Use to have echoing of input */ -# define UI_INPUT_FLAG_ECHO 0x01 +#define UI_INPUT_FLAG_ECHO 0x01 /* * Use a default password. Where that password is found is completely up to * the application, it might for example be in the user data set with @@ -128,7 +130,7 @@ * each UI being marked with this flag, or the application might get * confused. */ -# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 +#define UI_INPUT_FLAG_DEFAULT_PWD 0x02 /*- * The user of these routines may want to define flags of their own. The core @@ -139,8 +141,8 @@ * * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) * -*/ -# define UI_INPUT_FLAG_USER_BASE 16 + */ +#define UI_INPUT_FLAG_USER_BASE 16 /*- * The following function helps construct a prompt. @@ -160,9 +162,9 @@ * the value "foo.key", the resulting string is: * * "Enter pass phrase for foo.key:" -*/ + */ char *UI_construct_prompt(UI *ui_method, - const char *phrase_desc, const char *object_name); + const char *phrase_desc, const char *object_name); /* * The following function is used to store a pointer to user-specific data. @@ -197,7 +199,7 @@ * send down an integer, a data pointer or a function pointer, as well as be * used to get information from a UI. */ -int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); /* The commands */ /* @@ -205,19 +207,19 @@ * OpenSSL error stack before printing any info or added error messages and * before any prompting. */ -# define UI_CTRL_PRINT_ERRORS 1 +#define UI_CTRL_PRINT_ERRORS 1 /* * Check if a UI_process() is possible to do again with the same instance of * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 * if not. */ -# define UI_CTRL_IS_REDOABLE 2 +#define UI_CTRL_IS_REDOABLE 2 /* Some methods may use extra data */ -# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) -# define UI_get_app_data(s) UI_get_ex_data(s,0) +#define UI_set_app_data(s, arg) UI_set_ex_data(s, 0, arg) +#define UI_get_app_data(s) UI_get_ex_data(s, 0) -# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ +#define UI_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) int UI_set_ex_data(UI *r, int idx, void *arg); void *UI_get_ex_data(const UI *r, int idx); @@ -228,12 +230,12 @@ const UI_METHOD *UI_get_method(UI *ui); const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); -# ifndef OPENSSL_NO_UI_CONSOLE +#ifndef OPENSSL_NO_UI_CONSOLE /* The method with all the built-in thingies */ UI_METHOD *UI_OpenSSL(void); -# endif +#endif /* * NULL method. Literally does nothing, but may serve as a placeholder @@ -290,6 +292,7 @@ */ typedef struct ui_string_st UI_STRING; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(UI_STRING, UI_STRING, UI_STRING) #define sk_UI_STRING_num(sk) OPENSSL_sk_num(ossl_check_const_UI_STRING_sk_type(sk)) #define sk_UI_STRING_value(sk, idx) ((UI_STRING *)OPENSSL_sk_value(ossl_check_const_UI_STRING_sk_type(sk), (idx))) @@ -317,6 +320,7 @@ #define sk_UI_STRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(UI_STRING) *)OPENSSL_sk_deep_copy(ossl_check_const_UI_STRING_sk_type(sk), ossl_check_UI_STRING_copyfunc_type(copyfunc), ossl_check_UI_STRING_freefunc_type(freefunc))) #define sk_UI_STRING_set_cmp_func(sk, cmp) ((sk_UI_STRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_UI_STRING_sk_type(sk), ossl_check_UI_STRING_compfunc_type(cmp))) +/* clang-format on */ /* * The different types of strings that are currently supported. This is only @@ -324,42 +328,41 @@ */ enum UI_string_types { UIT_NONE = 0, - UIT_PROMPT, /* Prompt for a string */ - UIT_VERIFY, /* Prompt for a string and verify */ - UIT_BOOLEAN, /* Prompt for a yes/no response */ - UIT_INFO, /* Send info to the user */ - UIT_ERROR /* Send an error message to the user */ + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ }; /* Create and manipulate methods */ UI_METHOD *UI_create_method(const char *name); void UI_destroy_method(UI_METHOD *ui_method); -int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)); int UI_method_set_writer(UI_METHOD *method, - int (*writer) (UI *ui, UI_STRING *uis)); -int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); + int (*writer)(UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)); int UI_method_set_reader(UI_METHOD *method, - int (*reader) (UI *ui, UI_STRING *uis)); -int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); + int (*reader)(UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)); int UI_method_set_data_duplicator(UI_METHOD *method, - void *(*duplicator) (UI *ui, void *ui_data), - void (*destructor)(UI *ui, void *ui_data)); + void *(*duplicator)(UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); int UI_method_set_prompt_constructor(UI_METHOD *method, - char *(*prompt_constructor) (UI *ui, - const char - *phrase_desc, - const char - *object_name)); + char *(*prompt_constructor)(UI *ui, + const char + *phrase_desc, + const char + *object_name)); int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); -int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); -int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); -int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); -int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); -int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); -char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) - (UI *, const char *, const char *); -void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); -void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +int (*UI_method_get_opener(const UI_METHOD *method))(UI *); +int (*UI_method_get_writer(const UI_METHOD *method))(UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method))(UI *); +int (*UI_method_get_reader(const UI_METHOD *method))(UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method))(UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))(UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method))(UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method))(UI *, void *); const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); /* @@ -395,13 +398,12 @@ /* A couple of popular utility functions */ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, - int verify); + int verify); int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify); + int verify); UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/ui.h.in.orig +++ crypto/openssl/include/openssl/ui.h.in @@ -9,39 +9,41 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_UI_H -# define OPENSSL_UI_H -# pragma once +#define OPENSSL_UI_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_UI_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_UI_H +#endif -# include +#include -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# endif -# include -# include -# include -# include +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#endif +#include +#include +#include +#include /* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifdef OPENSSL_NO_UI_CONSOLE -# define OPENSSL_NO_UI -# endif -# endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifdef OPENSSL_NO_UI_CONSOLE +#define OPENSSL_NO_UI +#endif +#endif -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif /* * All the following functions return -1 or NULL on error and in some cases @@ -99,21 +101,21 @@ On success, the all return an index of the added information. That index is useful when retrieving results with UI_get0_result(). */ int UI_add_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize); + char *result_buf, int minsize, int maxsize); int UI_dup_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize); + char *result_buf, int minsize, int maxsize); int UI_add_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf); + char *result_buf, int minsize, int maxsize, + const char *test_buf); int UI_dup_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf); + char *result_buf, int minsize, int maxsize, + const char *test_buf); int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf); + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf); + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); int UI_add_info_string(UI *ui, const char *text); int UI_dup_info_string(UI *ui, const char *text); int UI_add_error_string(UI *ui, const char *text); @@ -121,7 +123,7 @@ /* These are the possible flags. They can be or'ed together. */ /* Use to have echoing of input */ -# define UI_INPUT_FLAG_ECHO 0x01 +#define UI_INPUT_FLAG_ECHO 0x01 /* * Use a default password. Where that password is found is completely up to * the application, it might for example be in the user data set with @@ -129,7 +131,7 @@ * each UI being marked with this flag, or the application might get * confused. */ -# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 +#define UI_INPUT_FLAG_DEFAULT_PWD 0x02 /*- * The user of these routines may want to define flags of their own. The core @@ -140,8 +142,8 @@ * * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) * -*/ -# define UI_INPUT_FLAG_USER_BASE 16 + */ +#define UI_INPUT_FLAG_USER_BASE 16 /*- * The following function helps construct a prompt. @@ -161,9 +163,9 @@ * the value "foo.key", the resulting string is: * * "Enter pass phrase for foo.key:" -*/ + */ char *UI_construct_prompt(UI *ui_method, - const char *phrase_desc, const char *object_name); + const char *phrase_desc, const char *object_name); /* * The following function is used to store a pointer to user-specific data. @@ -198,7 +200,7 @@ * send down an integer, a data pointer or a function pointer, as well as be * used to get information from a UI. */ -int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); /* The commands */ /* @@ -206,19 +208,19 @@ * OpenSSL error stack before printing any info or added error messages and * before any prompting. */ -# define UI_CTRL_PRINT_ERRORS 1 +#define UI_CTRL_PRINT_ERRORS 1 /* * Check if a UI_process() is possible to do again with the same instance of * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 * if not. */ -# define UI_CTRL_IS_REDOABLE 2 +#define UI_CTRL_IS_REDOABLE 2 /* Some methods may use extra data */ -# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) -# define UI_get_app_data(s) UI_get_ex_data(s,0) +#define UI_set_app_data(s, arg) UI_set_ex_data(s, 0, arg) +#define UI_get_app_data(s) UI_get_ex_data(s, 0) -# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ +#define UI_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) int UI_set_ex_data(UI *r, int idx, void *arg); void *UI_get_ex_data(const UI *r, int idx); @@ -229,12 +231,12 @@ const UI_METHOD *UI_get_method(UI *ui); const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); -# ifndef OPENSSL_NO_UI_CONSOLE +#ifndef OPENSSL_NO_UI_CONSOLE /* The method with all the built-in thingies */ UI_METHOD *UI_OpenSSL(void); -# endif +#endif /* * NULL method. Literally does nothing, but may serve as a placeholder @@ -291,9 +293,11 @@ */ typedef struct ui_string_st UI_STRING; +/* clang-format off */ {- generate_stack_macros("UI_STRING"); -} +/* clang-format on */ /* * The different types of strings that are currently supported. This is only @@ -301,42 +305,41 @@ */ enum UI_string_types { UIT_NONE = 0, - UIT_PROMPT, /* Prompt for a string */ - UIT_VERIFY, /* Prompt for a string and verify */ - UIT_BOOLEAN, /* Prompt for a yes/no response */ - UIT_INFO, /* Send info to the user */ - UIT_ERROR /* Send an error message to the user */ + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ }; /* Create and manipulate methods */ UI_METHOD *UI_create_method(const char *name); void UI_destroy_method(UI_METHOD *ui_method); -int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)); int UI_method_set_writer(UI_METHOD *method, - int (*writer) (UI *ui, UI_STRING *uis)); -int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); + int (*writer)(UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)); int UI_method_set_reader(UI_METHOD *method, - int (*reader) (UI *ui, UI_STRING *uis)); -int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); + int (*reader)(UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)); int UI_method_set_data_duplicator(UI_METHOD *method, - void *(*duplicator) (UI *ui, void *ui_data), - void (*destructor)(UI *ui, void *ui_data)); + void *(*duplicator)(UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); int UI_method_set_prompt_constructor(UI_METHOD *method, - char *(*prompt_constructor) (UI *ui, - const char - *phrase_desc, - const char - *object_name)); + char *(*prompt_constructor)(UI *ui, + const char + *phrase_desc, + const char + *object_name)); int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); -int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); -int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); -int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); -int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); -int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); -char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) - (UI *, const char *, const char *); -void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); -void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +int (*UI_method_get_opener(const UI_METHOD *method))(UI *); +int (*UI_method_get_writer(const UI_METHOD *method))(UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method))(UI *); +int (*UI_method_get_reader(const UI_METHOD *method))(UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method))(UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))(UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method))(UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method))(UI *, void *); const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); /* @@ -372,13 +375,12 @@ /* A couple of popular utility functions */ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, - int verify); + int verify); int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify); + int verify); UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); - -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/uierr.h.orig +++ crypto/openssl/include/openssl/uierr.h @@ -9,30 +9,28 @@ */ #ifndef OPENSSL_UIERR_H -# define OPENSSL_UIERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_UIERR_H +#pragma once +#include +#include +#include /* * UI reason codes. */ -# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 -# define UI_R_INDEX_TOO_LARGE 102 -# define UI_R_INDEX_TOO_SMALL 103 -# define UI_R_NO_RESULT_BUFFER 105 -# define UI_R_PROCESSING_ERROR 107 -# define UI_R_RESULT_TOO_LARGE 100 -# define UI_R_RESULT_TOO_SMALL 101 -# define UI_R_SYSASSIGN_ERROR 109 -# define UI_R_SYSDASSGN_ERROR 110 -# define UI_R_SYSQIOW_ERROR 111 -# define UI_R_UNKNOWN_CONTROL_COMMAND 106 -# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 -# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 +#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +#define UI_R_INDEX_TOO_LARGE 102 +#define UI_R_INDEX_TOO_SMALL 103 +#define UI_R_NO_RESULT_BUFFER 105 +#define UI_R_PROCESSING_ERROR 107 +#define UI_R_RESULT_TOO_LARGE 100 +#define UI_R_RESULT_TOO_SMALL 101 +#define UI_R_SYSASSIGN_ERROR 109 +#define UI_R_SYSDASSGN_ERROR 110 +#define UI_R_SYSQIOW_ERROR 111 +#define UI_R_UNKNOWN_CONTROL_COMMAND 106 +#define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +#define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 #endif --- crypto/openssl/include/openssl/whrlpool.h.orig +++ crypto/openssl/include/openssl/whrlpool.h @@ -8,29 +8,29 @@ */ #ifndef OPENSSL_WHRLPOOL_H -# define OPENSSL_WHRLPOOL_H -# pragma once +#define OPENSSL_WHRLPOOL_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_WHRLPOOL_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_WHRLPOOL_H +#endif -# include +#include -# ifndef OPENSSL_NO_WHIRLPOOL -# include -# include -# ifdef __cplusplus +#ifndef OPENSSL_NO_WHIRLPOOL +#include +#include +#ifdef __cplusplus extern "C" { -# endif +#endif -# define WHIRLPOOL_DIGEST_LENGTH (512/8) +#define WHIRLPOOL_DIGEST_LENGTH (512 / 8) -# if !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) -# define WHIRLPOOL_BBLOCK 512 -# define WHIRLPOOL_COUNTER (256/8) +#define WHIRLPOOL_BBLOCK 512 +#define WHIRLPOOL_COUNTER (256 / 8) typedef struct { union { @@ -42,21 +42,21 @@ unsigned int bitoff; size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; } WHIRLPOOL_CTX; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); OSSL_DEPRECATEDIN_3_0 int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, - const void *inp, size_t bytes); + const void *inp, size_t bytes); OSSL_DEPRECATEDIN_3_0 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, - const void *inp, size_t bits); + const void *inp, size_t bits); OSSL_DEPRECATEDIN_3_0 int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); OSSL_DEPRECATEDIN_3_0 unsigned char *WHIRLPOOL(const void *inp, size_t bytes, - unsigned char *md); -# endif + unsigned char *md); +#endif -# ifdef __cplusplus +#ifdef __cplusplus } -# endif -# endif +#endif +#endif #endif --- crypto/openssl/include/openssl/x509.h.orig +++ crypto/openssl/include/openssl/x509.h @@ -11,41 +11,44 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_X509_H -# define OPENSSL_X509_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_X509_H -# endif - -# include -# include -# include -# include -# include -# include -# include -# include -# include - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# include -# include -# endif - -# include -# include - -#ifdef __cplusplus +#define OPENSSL_X509_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_X509_H +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#include +#include +#endif + +#include +#include + +#ifdef __cplusplus extern "C" { #endif /* Needed stacks for types defined in other headers */ +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_NAME, X509_NAME, X509_NAME) #define sk_X509_NAME_num(sk) OPENSSL_sk_num(ossl_check_const_X509_NAME_sk_type(sk)) #define sk_X509_NAME_value(sk, idx) ((X509_NAME *)OPENSSL_sk_value(ossl_check_const_X509_NAME_sk_type(sk), (idx))) @@ -151,32 +154,33 @@ #define sk_X509_CRL_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_CRL) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_CRL_sk_type(sk), ossl_check_X509_CRL_copyfunc_type(copyfunc), ossl_check_X509_CRL_freefunc_type(freefunc))) #define sk_X509_CRL_set_cmp_func(sk, cmp) ((sk_X509_CRL_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_CRL_sk_type(sk), ossl_check_X509_CRL_compfunc_type(cmp))) +/* clang-format on */ /* Flags for X509_get_signature_info() */ /* Signature info is valid */ -# define X509_SIG_INFO_VALID 0x1 +#define X509_SIG_INFO_VALID 0x1 /* Signature is suitable for TLS use */ -# define X509_SIG_INFO_TLS 0x2 - -# define X509_FILETYPE_PEM 1 -# define X509_FILETYPE_ASN1 2 -# define X509_FILETYPE_DEFAULT 3 - -# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 -# define X509v3_KU_NON_REPUDIATION 0x0040 -# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 -# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 -# define X509v3_KU_KEY_AGREEMENT 0x0008 -# define X509v3_KU_KEY_CERT_SIGN 0x0004 -# define X509v3_KU_CRL_SIGN 0x0002 -# define X509v3_KU_ENCIPHER_ONLY 0x0001 -# define X509v3_KU_DECIPHER_ONLY 0x8000 -# define X509v3_KU_UNDEF 0xffff +#define X509_SIG_INFO_TLS 0x2 + +#define X509_FILETYPE_PEM 1 +#define X509_FILETYPE_ASN1 2 +#define X509_FILETYPE_DEFAULT 3 + +#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +#define X509v3_KU_NON_REPUDIATION 0x0040 +#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +#define X509v3_KU_KEY_AGREEMENT 0x0008 +#define X509v3_KU_KEY_CERT_SIGN 0x0004 +#define X509v3_KU_CRL_SIGN 0x0002 +#define X509v3_KU_ENCIPHER_ONLY 0x0001 +#define X509v3_KU_DECIPHER_ONLY 0x8000 +#define X509v3_KU_UNDEF 0xffff struct X509_algor_st { ASN1_OBJECT *algorithm; ASN1_TYPE *parameter; -} /* X509_ALGOR */ ; +} /* X509_ALGOR */; typedef STACK_OF(X509_ALGOR) X509_ALGORS; @@ -189,6 +193,7 @@ typedef struct X509_name_entry_st X509_NAME_ENTRY; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_NAME_ENTRY, X509_NAME_ENTRY, X509_NAME_ENTRY) #define sk_X509_NAME_ENTRY_num(sk) OPENSSL_sk_num(ossl_check_const_X509_NAME_ENTRY_sk_type(sk)) #define sk_X509_NAME_ENTRY_value(sk, idx) ((X509_NAME_ENTRY *)OPENSSL_sk_value(ossl_check_const_X509_NAME_ENTRY_sk_type(sk), (idx))) @@ -216,10 +221,12 @@ #define sk_X509_NAME_ENTRY_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_NAME_ENTRY) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_copyfunc_type(copyfunc), ossl_check_X509_NAME_ENTRY_freefunc_type(freefunc))) #define sk_X509_NAME_ENTRY_set_cmp_func(sk, cmp) ((sk_X509_NAME_ENTRY_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_NAME_ENTRY_sk_type(sk), ossl_check_X509_NAME_ENTRY_compfunc_type(cmp))) +/* clang-format on */ -# define X509_EX_V_NETSCAPE_HACK 0x8000 -# define X509_EX_V_INIT 0x0001 +#define X509_EX_V_NETSCAPE_HACK 0x8000 +#define X509_EX_V_INIT 0x0001 typedef struct X509_extension_st X509_EXTENSION; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_EXTENSION, X509_EXTENSION, X509_EXTENSION) #define sk_X509_EXTENSION_num(sk) OPENSSL_sk_num(ossl_check_const_X509_EXTENSION_sk_type(sk)) #define sk_X509_EXTENSION_value(sk, idx) ((X509_EXTENSION *)OPENSSL_sk_value(ossl_check_const_X509_EXTENSION_sk_type(sk), (idx))) @@ -247,8 +254,10 @@ #define sk_X509_EXTENSION_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_EXTENSION) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_copyfunc_type(copyfunc), ossl_check_X509_EXTENSION_freefunc_type(freefunc))) #define sk_X509_EXTENSION_set_cmp_func(sk, cmp) ((sk_X509_EXTENSION_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_EXTENSION_sk_type(sk), ossl_check_X509_EXTENSION_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; typedef struct x509_attributes_st X509_ATTRIBUTE; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_ATTRIBUTE, X509_ATTRIBUTE, X509_ATTRIBUTE) #define sk_X509_ATTRIBUTE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_ATTRIBUTE_sk_type(sk)) #define sk_X509_ATTRIBUTE_value(sk, idx) ((X509_ATTRIBUTE *)OPENSSL_sk_value(ossl_check_const_X509_ATTRIBUTE_sk_type(sk), (idx))) @@ -276,6 +285,7 @@ #define sk_X509_ATTRIBUTE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_ATTRIBUTE) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_copyfunc_type(copyfunc), ossl_check_X509_ATTRIBUTE_freefunc_type(freefunc))) #define sk_X509_ATTRIBUTE_set_cmp_func(sk, cmp) ((sk_X509_ATTRIBUTE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_ATTRIBUTE_sk_type(sk), ossl_check_X509_ATTRIBUTE_compfunc_type(cmp))) +/* clang-format on */ typedef struct X509_req_info_st X509_REQ_INFO; typedef struct X509_req_st X509_REQ; typedef struct x509_cert_aux_st X509_CERT_AUX; @@ -283,81 +293,68 @@ /* Flags for X509_print_ex() */ -# define X509_FLAG_COMPAT 0 -# define X509_FLAG_NO_HEADER 1L -# define X509_FLAG_NO_VERSION (1L << 1) -# define X509_FLAG_NO_SERIAL (1L << 2) -# define X509_FLAG_NO_SIGNAME (1L << 3) -# define X509_FLAG_NO_ISSUER (1L << 4) -# define X509_FLAG_NO_VALIDITY (1L << 5) -# define X509_FLAG_NO_SUBJECT (1L << 6) -# define X509_FLAG_NO_PUBKEY (1L << 7) -# define X509_FLAG_NO_EXTENSIONS (1L << 8) -# define X509_FLAG_NO_SIGDUMP (1L << 9) -# define X509_FLAG_NO_AUX (1L << 10) -# define X509_FLAG_NO_ATTRIBUTES (1L << 11) -# define X509_FLAG_NO_IDS (1L << 12) -# define X509_FLAG_EXTENSIONS_ONLY_KID (1L << 13) +#define X509_FLAG_COMPAT 0 +#define X509_FLAG_NO_HEADER 1L +#define X509_FLAG_NO_VERSION (1L << 1) +#define X509_FLAG_NO_SERIAL (1L << 2) +#define X509_FLAG_NO_SIGNAME (1L << 3) +#define X509_FLAG_NO_ISSUER (1L << 4) +#define X509_FLAG_NO_VALIDITY (1L << 5) +#define X509_FLAG_NO_SUBJECT (1L << 6) +#define X509_FLAG_NO_PUBKEY (1L << 7) +#define X509_FLAG_NO_EXTENSIONS (1L << 8) +#define X509_FLAG_NO_SIGDUMP (1L << 9) +#define X509_FLAG_NO_AUX (1L << 10) +#define X509_FLAG_NO_ATTRIBUTES (1L << 11) +#define X509_FLAG_NO_IDS (1L << 12) +#define X509_FLAG_EXTENSIONS_ONLY_KID (1L << 13) /* Flags specific to X509_NAME_print_ex() */ /* The field separator information */ -# define XN_FLAG_SEP_MASK (0xf << 16) +#define XN_FLAG_SEP_MASK (0xf << 16) -# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ -# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ -# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ -# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ -# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ +#define XN_FLAG_COMPAT 0 /* Traditional; use old X509_NAME_print */ +#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ +#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ +#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ +#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ -# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ +#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ /* How the field name is shown */ -# define XN_FLAG_FN_MASK (0x3 << 21) +#define XN_FLAG_FN_MASK (0x3 << 21) -# define XN_FLAG_FN_SN 0/* Object short name */ -# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ -# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ -# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ +#define XN_FLAG_FN_SN 0 /* Object short name */ +#define XN_FLAG_FN_LN (1 << 21) /* Object long name */ +#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ +#define XN_FLAG_FN_NONE (3 << 21) /* No field names */ -# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ +#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ /* * This determines if we dump fields we don't recognise: RFC2253 requires * this. */ -# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) +#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) -# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 - * characters */ +#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 \ + * characters */ /* Complete set of RFC2253 flags */ -# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ - XN_FLAG_SEP_COMMA_PLUS | \ - XN_FLAG_DN_REV | \ - XN_FLAG_FN_SN | \ - XN_FLAG_DUMP_UNKNOWN_FIELDS) +#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS) /* readable oneline form */ -# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - XN_FLAG_SEP_CPLUS_SPC | \ - XN_FLAG_SPC_EQ | \ - XN_FLAG_FN_SN) +#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN) /* readable multiline form */ -# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB | \ - XN_FLAG_SEP_MULTILINE | \ - XN_FLAG_SPC_EQ | \ - XN_FLAG_FN_LN | \ - XN_FLAG_FN_ALIGN) +#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN) typedef struct X509_crl_info_st X509_CRL_INFO; @@ -371,7 +368,7 @@ /* used to encrypt and decrypt */ int key_length; char *key_data; - int key_free; /* true if we should auto free key_data */ + int key_free; /* true if we should auto free key_data */ /* expanded version of 'enc_algor' */ EVP_CIPHER_INFO cipher; } X509_PKEY; @@ -384,6 +381,7 @@ int enc_len; char *enc_data; } X509_INFO; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_INFO, X509_INFO, X509_INFO) #define sk_X509_INFO_num(sk) OPENSSL_sk_num(ossl_check_const_X509_INFO_sk_type(sk)) #define sk_X509_INFO_value(sk, idx) ((X509_INFO *)OPENSSL_sk_value(ossl_check_const_X509_INFO_sk_type(sk), (idx))) @@ -411,6 +409,7 @@ #define sk_X509_INFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_INFO) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_INFO_sk_type(sk), ossl_check_X509_INFO_copyfunc_type(copyfunc), ossl_check_X509_INFO_freefunc_type(freefunc))) #define sk_X509_INFO_set_cmp_func(sk, cmp) ((sk_X509_INFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_INFO_sk_type(sk), ossl_check_X509_INFO_compfunc_type(cmp))) +/* clang-format on */ /* * The next 2 structures and their 8 routines are used to manipulate Netscape's @@ -418,11 +417,11 @@ */ typedef struct Netscape_spkac_st { X509_PUBKEY *pubkey; - ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ } NETSCAPE_SPKAC; typedef struct Netscape_spki_st { - NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ X509_ALGOR sig_algor; ASN1_BIT_STRING *signature; } NETSCAPE_SPKI; @@ -455,7 +454,7 @@ } PBE2PARAM; typedef struct PBKDF2PARAM_st { -/* Usually OCTET STRING but could be anything */ + /* Usually OCTET STRING but could be anything */ ASN1_TYPE *salt; ASN1_INTEGER *iter; ASN1_INTEGER *keylength; @@ -472,35 +471,33 @@ } SCRYPT_PARAMS; #endif -#ifdef __cplusplus +#ifdef __cplusplus } #endif -# include -# include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# define X509_EXT_PACK_UNKNOWN 1 -# define X509_EXT_PACK_STRING 2 +#define X509_EXT_PACK_UNKNOWN 1 +#define X509_EXT_PACK_STRING 2 -# define X509_extract_key(x) X509_get_pubkey(x)/*****/ -# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) -# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) +#define X509_extract_key(x) X509_get_pubkey(x) /*****/ +#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +#define X509_name_cmp(a, b) X509_NAME_cmp((a), (b)) void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); -X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), - int (*crl_free) (X509_CRL *crl), - int (*crl_lookup) (X509_CRL *crl, - X509_REVOKED **ret, - const - ASN1_INTEGER *serial, - const - X509_NAME *issuer), - int (*crl_verify) (X509_CRL *crl, - EVP_PKEY *pk)); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl), + int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, + X509_REVOKED **ret, + const ASN1_INTEGER *serial, + const X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, + EVP_PKEY *pk)); void X509_CRL_METHOD_free(X509_CRL_METHOD *m); void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); @@ -512,7 +509,7 @@ int X509_self_signed(X509 *cert, int verify_signature); int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); @@ -526,7 +523,7 @@ int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); int X509_signature_print(BIO *bp, const X509_ALGOR *alg, - const ASN1_STRING *sig); + const ASN1_STRING *sig); int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); @@ -537,74 +534,74 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_pubkey_digest(const X509 *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); int X509_digest(const X509 *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, - EVP_MD **md_used, int *md_is_fallback); + EVP_MD **md_used, int *md_is_fallback); int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# include /* OSSL_HTTP_REQ_CTX_nbio_d2i */ -# define X509_http_nbio(rctx, pcert) \ - OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) -# define X509_CRL_http_nbio(rctx, pcrl) \ - OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) -# endif - -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#include /* OSSL_HTTP_REQ_CTX_nbio_d2i */ +#define X509_http_nbio(rctx, pcert) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) +#define X509_CRL_http_nbio(rctx, pcrl) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) +#endif + +#ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509); int i2d_X509_fp(FILE *fp, const X509 *x509); X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl); X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa); OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa); -# endif -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC +#endif +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_EC OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); -# endif /* OPENSSL_NO_EC */ -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8); X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk); int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, - PKCS8_PRIV_KEY_INFO **p8inf); + PKCS8_PRIV_KEY_INFO **p8inf); int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf); int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key); int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); -# endif +#endif X509 *d2i_X509_bio(BIO *bp, X509 **x509); int i2d_X509_bio(BIO *bp, const X509 *x509); @@ -612,43 +609,43 @@ int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl); X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa); OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_EC OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); -# endif /* OPENSSL_NO_EC */ -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8); X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk); int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, - PKCS8_PRIV_KEY_INFO **p8inf); + PKCS8_PRIV_KEY_INFO **p8inf); int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf); int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key); int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); @@ -662,9 +659,9 @@ DECLARE_ASN1_DUP_FUNCTION(X509_REQ) DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, - void *pval); + void *pval); void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, - const void **ppval, const X509_ALGOR *algor); + const void **ppval, const X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); @@ -675,10 +672,10 @@ int X509_cmp_time(const ASN1_TIME *s, time_t *t); int X509_cmp_current_time(const ASN1_TIME *s); int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, - const ASN1_TIME *start, const ASN1_TIME *end); + const ASN1_TIME *start, const ASN1_TIME *end); ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, - int offset_day, long offset_sec, time_t *t); + int offset_day, long offset_sec, time_t *t); ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); const char *X509_get_default_cert_area(void); @@ -705,26 +702,26 @@ long X509_get_pathlen(X509 *x); DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY) -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA -DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY) -# endif -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC + OSSL_LIB_CTX *libctx, const char *propq); +#ifndef OPENSSL_NO_DEPRECATED_3_0 +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSA_PUBKEY) +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DSA, DSA_PUBKEY) +#endif +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_EC DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY) -# endif -# endif +#endif +#endif DECLARE_ASN1_FUNCTIONS(X509_SIG) void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, - const ASN1_OCTET_STRING **pdigest); + const ASN1_OCTET_STRING **pdigest); void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, - ASN1_OCTET_STRING **pdigest); + ASN1_OCTET_STRING **pdigest); DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) DECLARE_ASN1_FUNCTIONS(X509_REQ) @@ -751,20 +748,20 @@ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(const X509 *r, int idx); -DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509, X509_AUX) int i2d_re_X509_tbs(X509 *x, unsigned char **pp); int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, - int *secbits, uint32_t *flags); + int *secbits, uint32_t *flags); void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, - int secbits, uint32_t flags); + int secbits, uint32_t flags); int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, - uint32_t *flags); + uint32_t *flags); void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x); + const X509_ALGOR **palg, const X509 *x); int X509_get_signature_nid(const X509 *x); void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id); @@ -784,7 +781,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, const ASN1_INTEGER *serial); + X509_REVOKED **ret, const ASN1_INTEGER *serial); int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); X509_PKEY *X509_PKEY_new(void); @@ -801,29 +798,29 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); OSSL_DEPRECATEDIN_3_0 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, - const EVP_MD *type); + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, + const EVP_MD *type); #endif int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - EVP_PKEY *pkey); + const ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey); int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - EVP_MD_CTX *ctx); + const ASN1_BIT_STRING *signature, const void *data, + EVP_MD_CTX *ctx); int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, const void *data, - EVP_PKEY *pkey, const EVP_MD *md); + ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey, const EVP_MD *md); int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - const void *data, EVP_MD_CTX *ctx); + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, EVP_MD_CTX *ctx); #define X509_VERSION_1 0 #define X509_VERSION_2 1 @@ -838,7 +835,7 @@ X509_NAME *X509_get_issuer_name(const X509 *a); int X509_set_subject_name(X509 *x, const X509_NAME *name); X509_NAME *X509_get_subject_name(const X509 *a); -const ASN1_TIME * X509_get0_notBefore(const X509 *x); +const ASN1_TIME *X509_get0_notBefore(const X509 *x); ASN1_TIME *X509_getm_notBefore(const X509 *x); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); const ASN1_TIME *X509_get0_notAfter(const X509 *x); @@ -848,14 +845,13 @@ int X509_up_ref(X509 *x); int X509_get_signature_type(const X509 *x); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define X509_get_notBefore X509_getm_notBefore -# define X509_get_notAfter X509_getm_notAfter -# define X509_set_notBefore X509_set1_notBefore -# define X509_set_notAfter X509_set1_notAfter +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_get_notBefore X509_getm_notBefore +#define X509_get_notAfter X509_getm_notAfter +#define X509_set_notBefore X509_set1_notBefore +#define X509_set_notAfter X509_set1_notAfter #endif - /* * This one is only used so that a binary form can output, as in * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) @@ -863,7 +859,7 @@ X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, - const ASN1_BIT_STRING **psuid); + const ASN1_BIT_STRING **psuid); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); EVP_PKEY *X509_get0_pubkey(const X509 *x); @@ -877,7 +873,7 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg); + const X509_ALGOR **palg); void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_REQ_get_signature_nid(const X509_REQ *req); @@ -891,24 +887,24 @@ void X509_REQ_set_extension_nids(int *nids); STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); int X509_REQ_add_extensions_nid(X509_REQ *req, - const STACK_OF(X509_EXTENSION) *exts, int nid); + const STACK_OF(X509_EXTENSION) *exts, int nid); int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext); int X509_REQ_get_attr_count(const X509_REQ *req); int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len); + int nid, int type, + const unsigned char *bytes, int len); int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len); + const char *attrname, int type, + const unsigned char *bytes, int len); #define X509_CRL_VERSION_1 0 #define X509_CRL_VERSION_2 1 @@ -920,9 +916,9 @@ int X509_CRL_sort(X509_CRL *crl); int X509_CRL_up_ref(X509_CRL *crl); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate -# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate #endif long X509_CRL_get_version(const X509_CRL *crl); @@ -936,7 +932,7 @@ const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg); + const X509_ALGOR **palg); int X509_CRL_get_signature_nid(const X509_CRL *crl); int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); @@ -948,14 +944,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, - EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); int X509_chain_check_suiteb(int *perror_depth, - X509 *x, STACK_OF(X509) *chain, - unsigned long flags); + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); @@ -968,61 +964,61 @@ int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 unsigned long X509_issuer_name_hash_old(X509 *a); unsigned long X509_subject_name_hash_old(X509 *x); -# endif +#endif -# define X509_ADD_FLAG_DEFAULT 0 -# define X509_ADD_FLAG_UP_REF 0x1 -# define X509_ADD_FLAG_PREPEND 0x2 -# define X509_ADD_FLAG_NO_DUP 0x4 -# define X509_ADD_FLAG_NO_SS 0x8 +#define X509_ADD_FLAG_DEFAULT 0 +#define X509_ADD_FLAG_UP_REF 0x1 +#define X509_ADD_FLAG_PREPEND 0x2 +#define X509_ADD_FLAG_NO_DUP 0x4 +#define X509_ADD_FLAG_NO_SS 0x8 int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags); int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags); int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); #ifndef OPENSSL_NO_DEPRECATED_3_0 -# define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) +#define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x, - const EVP_PKEY *pubkey); + const EVP_PKEY *pubkey); #endif unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, - const char *propq, int *ok); + const char *propq, int *ok); unsigned long X509_NAME_hash_old(const X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); int X509_aux_print(BIO *out, X509 *x, int indent); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, - unsigned long cflag); + unsigned long cflag); int X509_print_fp(FILE *bp, X509 *x); int X509_CRL_print_fp(FILE *bp, X509_CRL *x); int X509_REQ_print_fp(FILE *bp, X509_REQ *req); int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, - unsigned long flags); -# endif + unsigned long flags); +#endif int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, - unsigned long flags); + unsigned long flags); int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, - unsigned long cflag); + unsigned long cflag); int X509_print(BIO *bp, X509 *x); int X509_ocspid_print(BIO *bp, X509 *x); int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); int X509_CRL_print(BIO *bp, X509_CRL *x); int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, - unsigned long cflag); + unsigned long cflag); int X509_REQ_print(BIO *bp, X509_REQ *req); int X509_NAME_entry_count(const X509_NAME *name); int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, - char *buf, int len); + char *buf, int len); int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, - char *buf, int len); + char *buf, int len); /* * NOTE: you should be passing -1, not 0 as lastpos. The functions that use @@ -1030,53 +1026,53 @@ */ int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, - int loc, int set); + int loc, int set); int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len, int loc, - int set); + const unsigned char *bytes, int len, int loc, + int set); int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, - const unsigned char *bytes, int len, int loc, - int set); + const unsigned char *bytes, int len, int loc, + int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - const char *field, int type, - const unsigned char *bytes, - int len); + const char *field, int type, + const unsigned char *bytes, + int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type, - const unsigned char *bytes, - int len); + int type, + const unsigned char *bytes, + int len); int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, - const unsigned char *bytes, int len, int loc, - int set); + const unsigned char *bytes, int len, int loc, + int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, - int len); + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); -ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, - size_t *pderlen); + size_t *pderlen); int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, - int nid, int lastpos); + int nid, int lastpos); int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, - const ASN1_OBJECT *obj, int lastpos); + const ASN1_OBJECT *obj, int lastpos); int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, - int crit, int lastpos); + int crit, int lastpos); X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc); + X509_EXTENSION *ex, int loc); int X509_get_ext_count(const X509 *x); int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); @@ -1087,40 +1083,40 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); int X509_CRL_get_ext_count(const X509_CRL *x); int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); int X509_REVOKED_get_ext_count(const X509_REVOKED *x); int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, - int lastpos); + int lastpos); X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, - int *idx); + int *idx); int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, - int nid, int crit, - ASN1_OCTET_STRING *data); + int nid, int crit, + ASN1_OCTET_STRING *data); X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - const ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data); + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); @@ -1130,45 +1126,48 @@ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos); + int lastpos); int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, - const ASN1_OBJECT *obj, int lastpos); + const ASN1_OBJECT *obj, int lastpos); X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr); + X509_ATTRIBUTE *attr); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) - **x, const ASN1_OBJECT *obj, - int type, - const unsigned char *bytes, - int len); + **x, + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) - **x, int nid, int type, - const unsigned char *bytes, - int len); + **x, + int nid, int type, + const unsigned char *bytes, + int len); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) - **x, const char *attrname, - int type, - const unsigned char *bytes, - int len); + **x, + const char *attrname, + int type, + const unsigned char *bytes, + int len); void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, - const ASN1_OBJECT *obj, int lastpos, int type); + const ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, - int atrtype, const void *data, - int len); + int atrtype, const void *data, + int len); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, - const ASN1_OBJECT *obj, - int atrtype, const void *data, - int len); + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, - const char *atrname, int type, - const unsigned char *bytes, - int len); + const char *atrname, int type, + const unsigned char *bytes, + int len); int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - const void *data, int len); + const void *data, int len); void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, - void *data); + void *data); int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); @@ -1176,23 +1175,23 @@ int EVP_PKEY_get_attr_count(const EVP_PKEY *key); int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, - int nid, int type, - const unsigned char *bytes, int len); + int nid, int type, + const unsigned char *bytes, int len); int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, - const char *attrname, int type, - const unsigned char *bytes, int len); + const char *attrname, int type, + const unsigned char *bytes, int len); /* lookup a cert from a X509 STACK */ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, - const ASN1_INTEGER *serial); + const ASN1_INTEGER *serial); X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); DECLARE_ASN1_FUNCTIONS(PBEPARAM) @@ -1203,39 +1202,39 @@ #endif int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen); + const unsigned char *salt, int saltlen); int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen, - OSSL_LIB_CTX *libctx); + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *libctx); X509_ALGOR *PKCS5_pbe_set(int alg, int iter, - const unsigned char *salt, int saltlen); + const unsigned char *salt, int saltlen); X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, - const unsigned char *salt, int saltlen, - OSSL_LIB_CTX *libctx); + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *libctx); X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen); + unsigned char *salt, int saltlen); X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid); + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid, - OSSL_LIB_CTX *libctx); + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid, + OSSL_LIB_CTX *libctx); #ifndef OPENSSL_NO_SCRYPT X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, - const unsigned char *salt, int saltlen, - unsigned char *aiv, uint64_t N, uint64_t r, - uint64_t p); + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); #endif X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen); + int prf_nid, int keylen); X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen, - OSSL_LIB_CTX *libctx); + int prf_nid, int keylen, + OSSL_LIB_CTX *libctx); /* PKCS#8 utilities */ @@ -1243,34 +1242,33 @@ EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, - int version, int ptype, void *pval, - unsigned char *penc, int penclen); + int version, int ptype, void *pval, + unsigned char *penc, int penclen); int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); const STACK_OF(X509_ATTRIBUTE) * PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, - int type, const unsigned char *bytes, int len); - + int type, const unsigned char *bytes, int len); int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, - int ptype, void *pval, - unsigned char *penc, int penclen); + int ptype, void *pval, + unsigned char *penc, int penclen); int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, const X509_PUBKEY *pub); + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, const X509_PUBKEY *pub); int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/x509.h.in.orig +++ crypto/openssl/include/openssl/x509.h.in @@ -10,75 +10,79 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_X509_H -# define OPENSSL_X509_H -# pragma once - -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_X509_H -# endif - -# include -# include -# include -# include -# include -# include -# include -# include -# include - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# include -# include -# include -# endif - -# include -# include - -#ifdef __cplusplus +#define OPENSSL_X509_H +#pragma once + +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_X509_H +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#include +#include +#include +#endif + +#include +#include + +#ifdef __cplusplus extern "C" { #endif /* Needed stacks for types defined in other headers */ +/* clang-format off */ {- generate_stack_macros("X509_NAME") .generate_stack_macros("X509") .generate_stack_macros("X509_REVOKED") .generate_stack_macros("X509_CRL"); -} +/* clang-format on */ /* Flags for X509_get_signature_info() */ /* Signature info is valid */ -# define X509_SIG_INFO_VALID 0x1 +#define X509_SIG_INFO_VALID 0x1 /* Signature is suitable for TLS use */ -# define X509_SIG_INFO_TLS 0x2 - -# define X509_FILETYPE_PEM 1 -# define X509_FILETYPE_ASN1 2 -# define X509_FILETYPE_DEFAULT 3 - -# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 -# define X509v3_KU_NON_REPUDIATION 0x0040 -# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 -# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 -# define X509v3_KU_KEY_AGREEMENT 0x0008 -# define X509v3_KU_KEY_CERT_SIGN 0x0004 -# define X509v3_KU_CRL_SIGN 0x0002 -# define X509v3_KU_ENCIPHER_ONLY 0x0001 -# define X509v3_KU_DECIPHER_ONLY 0x8000 -# define X509v3_KU_UNDEF 0xffff +#define X509_SIG_INFO_TLS 0x2 + +#define X509_FILETYPE_PEM 1 +#define X509_FILETYPE_ASN1 2 +#define X509_FILETYPE_DEFAULT 3 + +#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +#define X509v3_KU_NON_REPUDIATION 0x0040 +#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +#define X509v3_KU_KEY_AGREEMENT 0x0008 +#define X509v3_KU_KEY_CERT_SIGN 0x0004 +#define X509v3_KU_CRL_SIGN 0x0002 +#define X509v3_KU_ENCIPHER_ONLY 0x0001 +#define X509v3_KU_DECIPHER_ONLY 0x8000 +#define X509v3_KU_UNDEF 0xffff struct X509_algor_st { ASN1_OBJECT *algorithm; ASN1_TYPE *parameter; -} /* X509_ALGOR */ ; +} /* X509_ALGOR */; typedef STACK_OF(X509_ALGOR) X509_ALGORS; @@ -91,21 +95,27 @@ typedef struct X509_name_entry_st X509_NAME_ENTRY; +/* clang-format off */ {- generate_stack_macros("X509_NAME_ENTRY"); -} +/* clang-format on */ -# define X509_EX_V_NETSCAPE_HACK 0x8000 -# define X509_EX_V_INIT 0x0001 +#define X509_EX_V_NETSCAPE_HACK 0x8000 +#define X509_EX_V_INIT 0x0001 typedef struct X509_extension_st X509_EXTENSION; +/* clang-format off */ {- generate_stack_macros("X509_EXTENSION"); -} +/* clang-format on */ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; typedef struct x509_attributes_st X509_ATTRIBUTE; +/* clang-format off */ {- generate_stack_macros("X509_ATTRIBUTE"); -} +/* clang-format on */ typedef struct X509_req_info_st X509_REQ_INFO; typedef struct X509_req_st X509_REQ; typedef struct x509_cert_aux_st X509_CERT_AUX; @@ -113,81 +123,68 @@ /* Flags for X509_print_ex() */ -# define X509_FLAG_COMPAT 0 -# define X509_FLAG_NO_HEADER 1L -# define X509_FLAG_NO_VERSION (1L << 1) -# define X509_FLAG_NO_SERIAL (1L << 2) -# define X509_FLAG_NO_SIGNAME (1L << 3) -# define X509_FLAG_NO_ISSUER (1L << 4) -# define X509_FLAG_NO_VALIDITY (1L << 5) -# define X509_FLAG_NO_SUBJECT (1L << 6) -# define X509_FLAG_NO_PUBKEY (1L << 7) -# define X509_FLAG_NO_EXTENSIONS (1L << 8) -# define X509_FLAG_NO_SIGDUMP (1L << 9) -# define X509_FLAG_NO_AUX (1L << 10) -# define X509_FLAG_NO_ATTRIBUTES (1L << 11) -# define X509_FLAG_NO_IDS (1L << 12) -# define X509_FLAG_EXTENSIONS_ONLY_KID (1L << 13) +#define X509_FLAG_COMPAT 0 +#define X509_FLAG_NO_HEADER 1L +#define X509_FLAG_NO_VERSION (1L << 1) +#define X509_FLAG_NO_SERIAL (1L << 2) +#define X509_FLAG_NO_SIGNAME (1L << 3) +#define X509_FLAG_NO_ISSUER (1L << 4) +#define X509_FLAG_NO_VALIDITY (1L << 5) +#define X509_FLAG_NO_SUBJECT (1L << 6) +#define X509_FLAG_NO_PUBKEY (1L << 7) +#define X509_FLAG_NO_EXTENSIONS (1L << 8) +#define X509_FLAG_NO_SIGDUMP (1L << 9) +#define X509_FLAG_NO_AUX (1L << 10) +#define X509_FLAG_NO_ATTRIBUTES (1L << 11) +#define X509_FLAG_NO_IDS (1L << 12) +#define X509_FLAG_EXTENSIONS_ONLY_KID (1L << 13) /* Flags specific to X509_NAME_print_ex() */ /* The field separator information */ -# define XN_FLAG_SEP_MASK (0xf << 16) +#define XN_FLAG_SEP_MASK (0xf << 16) -# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ -# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ -# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ -# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ -# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ +#define XN_FLAG_COMPAT 0 /* Traditional; use old X509_NAME_print */ +#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ +#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ +#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ +#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ -# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ +#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ /* How the field name is shown */ -# define XN_FLAG_FN_MASK (0x3 << 21) +#define XN_FLAG_FN_MASK (0x3 << 21) -# define XN_FLAG_FN_SN 0/* Object short name */ -# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ -# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ -# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ +#define XN_FLAG_FN_SN 0 /* Object short name */ +#define XN_FLAG_FN_LN (1 << 21) /* Object long name */ +#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ +#define XN_FLAG_FN_NONE (3 << 21) /* No field names */ -# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ +#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ /* * This determines if we dump fields we don't recognise: RFC2253 requires * this. */ -# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) +#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) -# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 - * characters */ +#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 \ + * characters */ /* Complete set of RFC2253 flags */ -# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ - XN_FLAG_SEP_COMMA_PLUS | \ - XN_FLAG_DN_REV | \ - XN_FLAG_FN_SN | \ - XN_FLAG_DUMP_UNKNOWN_FIELDS) +#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS) /* readable oneline form */ -# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - XN_FLAG_SEP_CPLUS_SPC | \ - XN_FLAG_SPC_EQ | \ - XN_FLAG_FN_SN) +#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN) /* readable multiline form */ -# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB | \ - XN_FLAG_SEP_MULTILINE | \ - XN_FLAG_SPC_EQ | \ - XN_FLAG_FN_LN | \ - XN_FLAG_FN_ALIGN) +#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN) typedef struct X509_crl_info_st X509_CRL_INFO; @@ -201,7 +198,7 @@ /* used to encrypt and decrypt */ int key_length; char *key_data; - int key_free; /* true if we should auto free key_data */ + int key_free; /* true if we should auto free key_data */ /* expanded version of 'enc_algor' */ EVP_CIPHER_INFO cipher; } X509_PKEY; @@ -214,9 +211,11 @@ int enc_len; char *enc_data; } X509_INFO; +/* clang-format off */ {- generate_stack_macros("X509_INFO"); -} +/* clang-format on */ /* * The next 2 structures and their 8 routines are used to manipulate Netscape's @@ -224,11 +223,11 @@ */ typedef struct Netscape_spkac_st { X509_PUBKEY *pubkey; - ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ } NETSCAPE_SPKAC; typedef struct Netscape_spki_st { - NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ X509_ALGOR sig_algor; ASN1_BIT_STRING *signature; } NETSCAPE_SPKI; @@ -261,7 +260,7 @@ } PBE2PARAM; typedef struct PBKDF2PARAM_st { -/* Usually OCTET STRING but could be anything */ + /* Usually OCTET STRING but could be anything */ ASN1_TYPE *salt; ASN1_INTEGER *iter; ASN1_INTEGER *keylength; @@ -278,35 +277,33 @@ } SCRYPT_PARAMS; #endif -#ifdef __cplusplus +#ifdef __cplusplus } #endif -# include -# include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -# define X509_EXT_PACK_UNKNOWN 1 -# define X509_EXT_PACK_STRING 2 +#define X509_EXT_PACK_UNKNOWN 1 +#define X509_EXT_PACK_STRING 2 -# define X509_extract_key(x) X509_get_pubkey(x)/*****/ -# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) -# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) +#define X509_extract_key(x) X509_get_pubkey(x) /*****/ +#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +#define X509_name_cmp(a, b) X509_NAME_cmp((a), (b)) void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); -X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), - int (*crl_free) (X509_CRL *crl), - int (*crl_lookup) (X509_CRL *crl, - X509_REVOKED **ret, - const - ASN1_INTEGER *serial, - const - X509_NAME *issuer), - int (*crl_verify) (X509_CRL *crl, - EVP_PKEY *pk)); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl), + int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, + X509_REVOKED **ret, + const ASN1_INTEGER *serial, + const X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, + EVP_PKEY *pk)); void X509_CRL_METHOD_free(X509_CRL_METHOD *m); void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); @@ -318,7 +315,7 @@ int X509_self_signed(X509 *cert, int verify_signature); int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); @@ -332,7 +329,7 @@ int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); int X509_signature_print(BIO *bp, const X509_ALGOR *alg, - const ASN1_STRING *sig); + const ASN1_STRING *sig); int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); @@ -343,74 +340,74 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_pubkey_digest(const X509 *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); int X509_digest(const X509 *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, - EVP_MD **md_used, int *md_is_fallback); + EVP_MD **md_used, int *md_is_fallback); int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# include /* OSSL_HTTP_REQ_CTX_nbio_d2i */ -# define X509_http_nbio(rctx, pcert) \ - OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) -# define X509_CRL_http_nbio(rctx, pcrl) \ - OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) -# endif - -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#include /* OSSL_HTTP_REQ_CTX_nbio_d2i */ +#define X509_http_nbio(rctx, pcert) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) +#define X509_CRL_http_nbio(rctx, pcrl) \ + OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) +#endif + +#ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509); int i2d_X509_fp(FILE *fp, const X509 *x509); X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl); X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa); OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa); -# endif -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC +#endif +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_EC OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); -# endif /* OPENSSL_NO_EC */ -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8); X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk); int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, - PKCS8_PRIV_KEY_INFO **p8inf); + PKCS8_PRIV_KEY_INFO **p8inf); int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf); int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key); int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); -# endif +#endif X509 *d2i_X509_bio(BIO *bp, X509 **x509); int i2d_X509_bio(BIO *bp, const X509 *x509); @@ -418,43 +415,43 @@ int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl); X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa); OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa); -# endif -# endif +#endif +#endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_EC OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); -# endif /* OPENSSL_NO_EC */ -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8); X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk); int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, - PKCS8_PRIV_KEY_INFO **p8inf); + PKCS8_PRIV_KEY_INFO **p8inf); int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf); int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key); int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); @@ -468,9 +465,9 @@ DECLARE_ASN1_DUP_FUNCTION(X509_REQ) DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, - void *pval); + void *pval); void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, - const void **ppval, const X509_ALGOR *algor); + const void **ppval, const X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); @@ -481,10 +478,10 @@ int X509_cmp_time(const ASN1_TIME *s, time_t *t); int X509_cmp_current_time(const ASN1_TIME *s); int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, - const ASN1_TIME *start, const ASN1_TIME *end); + const ASN1_TIME *start, const ASN1_TIME *end); ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, - int offset_day, long offset_sec, time_t *t); + int offset_day, long offset_sec, time_t *t); ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); const char *X509_get_default_cert_area(void); @@ -511,26 +508,26 @@ long X509_get_pathlen(X509 *x); DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq); -# ifndef OPENSSL_NO_DEPRECATED_3_0 -DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY) -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DSA -DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY) -# endif -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC + OSSL_LIB_CTX *libctx, const char *propq); +#ifndef OPENSSL_NO_DEPRECATED_3_0 +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSA_PUBKEY) +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DSA +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DSA, DSA_PUBKEY) +#endif +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_EC DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY) -# endif -# endif +#endif +#endif DECLARE_ASN1_FUNCTIONS(X509_SIG) void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, - const ASN1_OCTET_STRING **pdigest); + const ASN1_OCTET_STRING **pdigest); void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, - ASN1_OCTET_STRING **pdigest); + ASN1_OCTET_STRING **pdigest); DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) DECLARE_ASN1_FUNCTIONS(X509_REQ) @@ -557,20 +554,20 @@ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(const X509 *r, int idx); -DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509, X509_AUX) int i2d_re_X509_tbs(X509 *x, unsigned char **pp); int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, - int *secbits, uint32_t *flags); + int *secbits, uint32_t *flags); void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, - int secbits, uint32_t flags); + int secbits, uint32_t flags); int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, - uint32_t *flags); + uint32_t *flags); void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x); + const X509_ALGOR **palg, const X509 *x); int X509_get_signature_nid(const X509 *x); void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id); @@ -590,7 +587,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, const ASN1_INTEGER *serial); + X509_REVOKED **ret, const ASN1_INTEGER *serial); int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); X509_PKEY *X509_PKEY_new(void); @@ -607,29 +604,29 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); OSSL_DEPRECATEDIN_3_0 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, - const EVP_MD *type); + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, + const EVP_MD *type); #endif int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, - unsigned char *md, unsigned int *len); + unsigned char *md, unsigned int *len); int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - EVP_PKEY *pkey); + const ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey); int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - EVP_MD_CTX *ctx); + const ASN1_BIT_STRING *signature, const void *data, + EVP_MD_CTX *ctx); int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, const void *data, - EVP_PKEY *pkey, const EVP_MD *md); + ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey, const EVP_MD *md); int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - const void *data, EVP_MD_CTX *ctx); + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, EVP_MD_CTX *ctx); #define X509_VERSION_1 0 #define X509_VERSION_2 1 @@ -644,7 +641,7 @@ X509_NAME *X509_get_issuer_name(const X509 *a); int X509_set_subject_name(X509 *x, const X509_NAME *name); X509_NAME *X509_get_subject_name(const X509 *a); -const ASN1_TIME * X509_get0_notBefore(const X509 *x); +const ASN1_TIME *X509_get0_notBefore(const X509 *x); ASN1_TIME *X509_getm_notBefore(const X509 *x); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); const ASN1_TIME *X509_get0_notAfter(const X509 *x); @@ -654,14 +651,13 @@ int X509_up_ref(X509 *x); int X509_get_signature_type(const X509 *x); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define X509_get_notBefore X509_getm_notBefore -# define X509_get_notAfter X509_getm_notAfter -# define X509_set_notBefore X509_set1_notBefore -# define X509_set_notAfter X509_set1_notAfter +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_get_notBefore X509_getm_notBefore +#define X509_get_notAfter X509_getm_notAfter +#define X509_set_notBefore X509_set1_notBefore +#define X509_set_notAfter X509_set1_notAfter #endif - /* * This one is only used so that a binary form can output, as in * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) @@ -669,7 +665,7 @@ X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, - const ASN1_BIT_STRING **psuid); + const ASN1_BIT_STRING **psuid); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); EVP_PKEY *X509_get0_pubkey(const X509 *x); @@ -683,7 +679,7 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg); + const X509_ALGOR **palg); void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_REQ_get_signature_nid(const X509_REQ *req); @@ -697,24 +693,24 @@ void X509_REQ_set_extension_nids(int *nids); STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); int X509_REQ_add_extensions_nid(X509_REQ *req, - const STACK_OF(X509_EXTENSION) *exts, int nid); + const STACK_OF(X509_EXTENSION) *exts, int nid); int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext); int X509_REQ_get_attr_count(const X509_REQ *req); int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len); + int nid, int type, + const unsigned char *bytes, int len); int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len); + const char *attrname, int type, + const unsigned char *bytes, int len); #define X509_CRL_VERSION_1 0 #define X509_CRL_VERSION_2 1 @@ -726,9 +722,9 @@ int X509_CRL_sort(X509_CRL *crl); int X509_CRL_up_ref(X509_CRL *crl); -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate -# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate #endif long X509_CRL_get_version(const X509_CRL *crl); @@ -742,7 +738,7 @@ const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg); + const X509_ALGOR **palg); int X509_CRL_get_signature_nid(const X509_CRL *crl); int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); @@ -754,14 +750,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, - EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); int X509_chain_check_suiteb(int *perror_depth, - X509 *x, STACK_OF(X509) *chain, - unsigned long flags); + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); @@ -774,61 +770,61 @@ int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 unsigned long X509_issuer_name_hash_old(X509 *a); unsigned long X509_subject_name_hash_old(X509 *x); -# endif +#endif -# define X509_ADD_FLAG_DEFAULT 0 -# define X509_ADD_FLAG_UP_REF 0x1 -# define X509_ADD_FLAG_PREPEND 0x2 -# define X509_ADD_FLAG_NO_DUP 0x4 -# define X509_ADD_FLAG_NO_SS 0x8 +#define X509_ADD_FLAG_DEFAULT 0 +#define X509_ADD_FLAG_UP_REF 0x1 +#define X509_ADD_FLAG_PREPEND 0x2 +#define X509_ADD_FLAG_NO_DUP 0x4 +#define X509_ADD_FLAG_NO_SS 0x8 int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags); int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags); int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); #ifndef OPENSSL_NO_DEPRECATED_3_0 -# define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) +#define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x, - const EVP_PKEY *pubkey); + const EVP_PKEY *pubkey); #endif unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, - const char *propq, int *ok); + const char *propq, int *ok); unsigned long X509_NAME_hash_old(const X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); int X509_aux_print(BIO *out, X509 *x, int indent); -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, - unsigned long cflag); + unsigned long cflag); int X509_print_fp(FILE *bp, X509 *x); int X509_CRL_print_fp(FILE *bp, X509_CRL *x); int X509_REQ_print_fp(FILE *bp, X509_REQ *req); int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, - unsigned long flags); -# endif + unsigned long flags); +#endif int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, - unsigned long flags); + unsigned long flags); int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, - unsigned long cflag); + unsigned long cflag); int X509_print(BIO *bp, X509 *x); int X509_ocspid_print(BIO *bp, X509 *x); int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); int X509_CRL_print(BIO *bp, X509_CRL *x); int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, - unsigned long cflag); + unsigned long cflag); int X509_REQ_print(BIO *bp, X509_REQ *req); int X509_NAME_entry_count(const X509_NAME *name); int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, - char *buf, int len); + char *buf, int len); int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, - char *buf, int len); + char *buf, int len); /* * NOTE: you should be passing -1, not 0 as lastpos. The functions that use @@ -836,53 +832,53 @@ */ int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, - int loc, int set); + int loc, int set); int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len, int loc, - int set); + const unsigned char *bytes, int len, int loc, + int set); int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, - const unsigned char *bytes, int len, int loc, - int set); + const unsigned char *bytes, int len, int loc, + int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - const char *field, int type, - const unsigned char *bytes, - int len); + const char *field, int type, + const unsigned char *bytes, + int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type, - const unsigned char *bytes, - int len); + int type, + const unsigned char *bytes, + int len); int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, - const unsigned char *bytes, int len, int loc, - int set); + const unsigned char *bytes, int len, int loc, + int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, - int len); + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); -ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, - size_t *pderlen); + size_t *pderlen); int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, - int nid, int lastpos); + int nid, int lastpos); int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, - const ASN1_OBJECT *obj, int lastpos); + const ASN1_OBJECT *obj, int lastpos); int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, - int crit, int lastpos); + int crit, int lastpos); X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc); + X509_EXTENSION *ex, int loc); int X509_get_ext_count(const X509 *x); int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); @@ -893,40 +889,40 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); int X509_CRL_get_ext_count(const X509_CRL *x); int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); int X509_REVOKED_get_ext_count(const X509_REVOKED *x); int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, - int lastpos); + int lastpos); X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, - int *idx); + int *idx); int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags); + unsigned long flags); X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, - int nid, int crit, - ASN1_OCTET_STRING *data); + int nid, int crit, + ASN1_OCTET_STRING *data); X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - const ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data); + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); @@ -936,45 +932,48 @@ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos); + int lastpos); int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, - const ASN1_OBJECT *obj, int lastpos); + const ASN1_OBJECT *obj, int lastpos); X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr); + X509_ATTRIBUTE *attr); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) - **x, const ASN1_OBJECT *obj, - int type, - const unsigned char *bytes, - int len); + **x, + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) - **x, int nid, int type, - const unsigned char *bytes, - int len); + **x, + int nid, int type, + const unsigned char *bytes, + int len); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) - **x, const char *attrname, - int type, - const unsigned char *bytes, - int len); + **x, + const char *attrname, + int type, + const unsigned char *bytes, + int len); void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, - const ASN1_OBJECT *obj, int lastpos, int type); + const ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, - int atrtype, const void *data, - int len); + int atrtype, const void *data, + int len); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, - const ASN1_OBJECT *obj, - int atrtype, const void *data, - int len); + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, - const char *atrname, int type, - const unsigned char *bytes, - int len); + const char *atrname, int type, + const unsigned char *bytes, + int len); int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - const void *data, int len); + const void *data, int len); void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, - void *data); + void *data); int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); @@ -982,23 +981,23 @@ int EVP_PKEY_get_attr_count(const EVP_PKEY *key); int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, - int nid, int type, - const unsigned char *bytes, int len); + int nid, int type, + const unsigned char *bytes, int len); int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, - const char *attrname, int type, - const unsigned char *bytes, int len); + const char *attrname, int type, + const unsigned char *bytes, int len); /* lookup a cert from a X509 STACK */ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, - const ASN1_INTEGER *serial); + const ASN1_INTEGER *serial); X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); DECLARE_ASN1_FUNCTIONS(PBEPARAM) @@ -1009,39 +1008,39 @@ #endif int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen); + const unsigned char *salt, int saltlen); int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen, - OSSL_LIB_CTX *libctx); + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *libctx); X509_ALGOR *PKCS5_pbe_set(int alg, int iter, - const unsigned char *salt, int saltlen); + const unsigned char *salt, int saltlen); X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, - const unsigned char *salt, int saltlen, - OSSL_LIB_CTX *libctx); + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *libctx); X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen); + unsigned char *salt, int saltlen); X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid); + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid, - OSSL_LIB_CTX *libctx); + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid, + OSSL_LIB_CTX *libctx); #ifndef OPENSSL_NO_SCRYPT X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, - const unsigned char *salt, int saltlen, - unsigned char *aiv, uint64_t N, uint64_t r, - uint64_t p); + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); #endif X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen); + int prf_nid, int keylen); X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen, - OSSL_LIB_CTX *libctx); + int prf_nid, int keylen, + OSSL_LIB_CTX *libctx); /* PKCS#8 utilities */ @@ -1049,34 +1048,33 @@ EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, - int version, int ptype, void *pval, - unsigned char *penc, int penclen); + int version, int ptype, void *pval, + unsigned char *penc, int penclen); int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); const STACK_OF(X509_ATTRIBUTE) * PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, - const unsigned char *bytes, int len); + const unsigned char *bytes, int len); int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, - int type, const unsigned char *bytes, int len); - + int type, const unsigned char *bytes, int len); int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, - int ptype, void *pval, - unsigned char *penc, int penclen); + int ptype, void *pval, + unsigned char *penc, int penclen); int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, const X509_PUBKEY *pub); + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, const X509_PUBKEY *pub); int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/x509_vfy.h.orig +++ crypto/openssl/include/openssl/x509_vfy.h @@ -10,31 +10,33 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_X509_VFY_H -# define OPENSSL_X509_VFY_H -# pragma once +#define OPENSSL_X509_VFY_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_X509_VFY_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_X509_VFY_H +#endif /* * Protect against recursion, x509.h and x509_vfy.h each include the other. */ -# ifndef OPENSSL_X509_H -# include -# endif +#ifndef OPENSSL_X509_H +#include +#endif -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -57,14 +59,16 @@ typedef enum { X509_LU_NONE = 0, - X509_LU_X509, X509_LU_CRL + X509_LU_X509, + X509_LU_CRL } X509_LOOKUP_TYPE; #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -#define X509_LU_RETRY -1 -#define X509_LU_FAIL 0 +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 #endif +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_LOOKUP, X509_LOOKUP, X509_LOOKUP) #define sk_X509_LOOKUP_num(sk) OPENSSL_sk_num(ossl_check_const_X509_LOOKUP_sk_type(sk)) #define sk_X509_LOOKUP_value(sk, idx) ((X509_LOOKUP *)OPENSSL_sk_value(ossl_check_const_X509_LOOKUP_sk_type(sk), (idx))) @@ -144,16 +148,18 @@ #define sk_X509_VERIFY_PARAM_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_VERIFY_PARAM) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_copyfunc_type(copyfunc), ossl_check_X509_VERIFY_PARAM_freefunc_type(freefunc))) #define sk_X509_VERIFY_PARAM_set_cmp_func(sk, cmp) ((sk_X509_VERIFY_PARAM_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_VERIFY_PARAM_sk_type(sk), ossl_check_X509_VERIFY_PARAM_compfunc_type(cmp))) +/* clang-format on */ /* This is used for a table of trust checking functions */ typedef struct x509_trust_st { int trust; int flags; - int (*check_trust) (struct x509_trust_st *, X509 *, int); + int (*check_trust)(struct x509_trust_st *, X509 *, int); char *name; int arg1; void *arg2; } X509_TRUST; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_TRUST, X509_TRUST, X509_TRUST) #define sk_X509_TRUST_num(sk) OPENSSL_sk_num(ossl_check_const_X509_TRUST_sk_type(sk)) #define sk_X509_TRUST_value(sk, idx) ((X509_TRUST *)OPENSSL_sk_value(ossl_check_const_X509_TRUST_sk_type(sk), (idx))) @@ -181,42 +187,43 @@ #define sk_X509_TRUST_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_TRUST) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_copyfunc_type(copyfunc), ossl_check_X509_TRUST_freefunc_type(freefunc))) #define sk_X509_TRUST_set_cmp_func(sk, cmp) ((sk_X509_TRUST_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_TRUST_sk_type(sk), ossl_check_X509_TRUST_compfunc_type(cmp))) +/* clang-format on */ /* standard trust ids */ -# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ -# define X509_TRUST_COMPAT 1 -# define X509_TRUST_SSL_CLIENT 2 -# define X509_TRUST_SSL_SERVER 3 -# define X509_TRUST_EMAIL 4 -# define X509_TRUST_OBJECT_SIGN 5 -# define X509_TRUST_OCSP_SIGN 6 -# define X509_TRUST_OCSP_REQUEST 7 -# define X509_TRUST_TSA 8 +#define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ +#define X509_TRUST_COMPAT 1 +#define X509_TRUST_SSL_CLIENT 2 +#define X509_TRUST_SSL_SERVER 3 +#define X509_TRUST_EMAIL 4 +#define X509_TRUST_OBJECT_SIGN 5 +#define X509_TRUST_OCSP_SIGN 6 +#define X509_TRUST_OCSP_REQUEST 7 +#define X509_TRUST_TSA 8 /* Keep these up to date! */ -# define X509_TRUST_MIN 1 -# define X509_TRUST_MAX 8 +#define X509_TRUST_MIN 1 +#define X509_TRUST_MAX 8 /* trust_flags values */ -# define X509_TRUST_DYNAMIC (1U << 0) -# define X509_TRUST_DYNAMIC_NAME (1U << 1) +#define X509_TRUST_DYNAMIC (1U << 0) +#define X509_TRUST_DYNAMIC_NAME (1U << 1) /* No compat trust if self-signed, preempts "DO_SS" */ -# define X509_TRUST_NO_SS_COMPAT (1U << 2) +#define X509_TRUST_NO_SS_COMPAT (1U << 2) /* Compat trust if no explicit accepted trust EKUs */ -# define X509_TRUST_DO_SS_COMPAT (1U << 3) +#define X509_TRUST_DO_SS_COMPAT (1U << 3) /* Accept "anyEKU" as a wildcard rejection OID and as a wildcard trust OID */ -# define X509_TRUST_OK_ANY_EKU (1U << 4) +#define X509_TRUST_OK_ANY_EKU (1U << 4) /* check_trust return codes */ -# define X509_TRUST_TRUSTED 1 -# define X509_TRUST_REJECTED 2 -# define X509_TRUST_UNTRUSTED 3 +#define X509_TRUST_TRUSTED 1 +#define X509_TRUST_REJECTED 2 +#define X509_TRUST_UNTRUSTED 3 int X509_TRUST_set(int *t, int trust); int X509_TRUST_get_count(void); X509_TRUST *X509_TRUST_get0(int idx); int X509_TRUST_get_by_id(int id); -int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), - const char *name, int arg1, void *arg2); +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); void X509_TRUST_cleanup(void); int X509_TRUST_get_flags(const X509_TRUST *xp); char *X509_TRUST_get0_name(const X509_TRUST *xp); @@ -230,15 +237,15 @@ STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); -int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, - int); +int (*X509_TRUST_set_default(int (*trust)(int, X509 *, int)))(int, X509 *, + int); int X509_check_trust(X509 *x, int id, int flags); int X509_verify_cert(X509_STORE_CTX *ctx); int X509_STORE_CTX_verify(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_build_chain(X509 *target, STACK_OF(X509) *certs, - X509_STORE *store, int with_self_signed, - OSSL_LIB_CTX *libctx, const char *propq); + X509_STORE *store, int with_self_signed, + OSSL_LIB_CTX *libctx, const char *propq); int X509_STORE_set_depth(X509_STORE *store, int depth); @@ -246,242 +253,242 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, - X509_STORE_CTX *ctx, X509 *x); + X509_STORE_CTX *ctx, X509 *x); typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, - X509 *x, X509 *issuer); + X509 *x, X509 *issuer); typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, - X509_CRL **crl, X509 *x); + X509_CRL **crl, X509 *x); typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, - X509_CRL *crl, X509 *x); + X509_CRL *crl, X509 *x); typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, - const X509_NAME *nm); + const X509_NAME *nm); typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(const X509_STORE_CTX *ctx, - const X509_NAME *nm); + const X509_NAME *nm); typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); -# define X509_STORE_CTX_set_app_data(ctx,data) \ - X509_STORE_CTX_set_ex_data(ctx,0,data) -# define X509_STORE_CTX_get_app_data(ctx) \ - X509_STORE_CTX_get_ex_data(ctx,0) - -# define X509_L_FILE_LOAD 1 -# define X509_L_ADD_DIR 2 -# define X509_L_ADD_STORE 3 -# define X509_L_LOAD_STORE 4 - -# define X509_LOOKUP_load_file(x,name,type) \ - X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) - -# define X509_LOOKUP_add_dir(x,name,type) \ - X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) - -# define X509_LOOKUP_add_store(x,name) \ - X509_LOOKUP_ctrl((x),X509_L_ADD_STORE,(name),0,NULL) - -# define X509_LOOKUP_load_store(x,name) \ - X509_LOOKUP_ctrl((x),X509_L_LOAD_STORE,(name),0,NULL) - -# define X509_LOOKUP_load_file_ex(x, name, type, libctx, propq) \ -X509_LOOKUP_ctrl_ex((x), X509_L_FILE_LOAD, (name), (long)(type), NULL,\ - (libctx), (propq)) - -# define X509_LOOKUP_load_store_ex(x, name, libctx, propq) \ -X509_LOOKUP_ctrl_ex((x), X509_L_LOAD_STORE, (name), 0, NULL, \ - (libctx), (propq)) - -# define X509_LOOKUP_add_store_ex(x, name, libctx, propq) \ -X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ - (libctx), (propq)) - -# define X509_V_OK 0 -# define X509_V_ERR_UNSPECIFIED 1 -# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -# define X509_V_ERR_UNABLE_TO_GET_CRL 3 -# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -# define X509_V_ERR_CERT_NOT_YET_VALID 9 -# define X509_V_ERR_CERT_HAS_EXPIRED 10 -# define X509_V_ERR_CRL_NOT_YET_VALID 11 -# define X509_V_ERR_CRL_HAS_EXPIRED 12 -# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -# define X509_V_ERR_OUT_OF_MEM 17 -# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -# define X509_V_ERR_CERT_REVOKED 23 -# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 -# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -# define X509_V_ERR_INVALID_PURPOSE 26 -# define X509_V_ERR_CERT_UNTRUSTED 27 -# define X509_V_ERR_CERT_REJECTED 28 +#define X509_STORE_CTX_set_app_data(ctx, data) \ + X509_STORE_CTX_set_ex_data(ctx, 0, data) +#define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx, 0) + +#define X509_L_FILE_LOAD 1 +#define X509_L_ADD_DIR 2 +#define X509_L_ADD_STORE 3 +#define X509_L_LOAD_STORE 4 + +#define X509_LOOKUP_load_file(x, name, type) \ + X509_LOOKUP_ctrl((x), X509_L_FILE_LOAD, (name), (long)(type), NULL) + +#define X509_LOOKUP_add_dir(x, name, type) \ + X509_LOOKUP_ctrl((x), X509_L_ADD_DIR, (name), (long)(type), NULL) + +#define X509_LOOKUP_add_store(x, name) \ + X509_LOOKUP_ctrl((x), X509_L_ADD_STORE, (name), 0, NULL) + +#define X509_LOOKUP_load_store(x, name) \ + X509_LOOKUP_ctrl((x), X509_L_LOAD_STORE, (name), 0, NULL) + +#define X509_LOOKUP_load_file_ex(x, name, type, libctx, propq) \ + X509_LOOKUP_ctrl_ex((x), X509_L_FILE_LOAD, (name), (long)(type), NULL, \ + (libctx), (propq)) + +#define X509_LOOKUP_load_store_ex(x, name, libctx, propq) \ + X509_LOOKUP_ctrl_ex((x), X509_L_LOAD_STORE, (name), 0, NULL, \ + (libctx), (propq)) + +#define X509_LOOKUP_add_store_ex(x, name, libctx, propq) \ + X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ + (libctx), (propq)) + +#define X509_V_OK 0 +#define X509_V_ERR_UNSPECIFIED 1 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +#define X509_V_ERR_UNABLE_TO_GET_CRL 3 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_HAS_EXPIRED 10 +#define X509_V_ERR_CRL_NOT_YET_VALID 11 +#define X509_V_ERR_CRL_HAS_EXPIRED 12 +#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +#define X509_V_ERR_OUT_OF_MEM 17 +#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +#define X509_V_ERR_CERT_REVOKED 23 +#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 +#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +#define X509_V_ERR_INVALID_PURPOSE 26 +#define X509_V_ERR_CERT_UNTRUSTED 27 +#define X509_V_ERR_CERT_REJECTED 28 /* These are 'informational' when looking for issuer cert */ -# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 -# define X509_V_ERR_AKID_SKID_MISMATCH 30 -# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 -# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 -# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 -# define X509_V_ERR_INVALID_NON_CA 37 -# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 -# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -# define X509_V_ERR_INVALID_EXTENSION 41 -# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 -# define X509_V_ERR_NO_EXPLICIT_POLICY 43 -# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 -# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 -# define X509_V_ERR_UNNESTED_RESOURCE 46 -# define X509_V_ERR_PERMITTED_VIOLATION 47 -# define X509_V_ERR_EXCLUDED_VIOLATION 48 -# define X509_V_ERR_SUBTREE_MINMAX 49 +#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +#define X509_V_ERR_AKID_SKID_MISMATCH 30 +#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +#define X509_V_ERR_UNNESTED_RESOURCE 46 +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 /* The application is not happy */ -# define X509_V_ERR_APPLICATION_VERIFICATION 50 -# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 -# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 -# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 -# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +#define X509_V_ERR_APPLICATION_VERIFICATION 50 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 /* Another issuer check debug option */ -# define X509_V_ERR_PATH_LOOP 55 +#define X509_V_ERR_PATH_LOOP 55 /* Suite B mode algorithm violation */ -# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 -# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 -# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 -# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 -# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 -# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 /* Host, email and IP check errors */ -# define X509_V_ERR_HOSTNAME_MISMATCH 62 -# define X509_V_ERR_EMAIL_MISMATCH 63 -# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +#define X509_V_ERR_HOSTNAME_MISMATCH 62 +#define X509_V_ERR_EMAIL_MISMATCH 63 +#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 /* DANE TLSA errors */ -# define X509_V_ERR_DANE_NO_MATCH 65 +#define X509_V_ERR_DANE_NO_MATCH 65 /* security level errors */ -# define X509_V_ERR_EE_KEY_TOO_SMALL 66 -# define X509_V_ERR_CA_KEY_TOO_SMALL 67 -# define X509_V_ERR_CA_MD_TOO_WEAK 68 +#define X509_V_ERR_EE_KEY_TOO_SMALL 66 +#define X509_V_ERR_CA_KEY_TOO_SMALL 67 +#define X509_V_ERR_CA_MD_TOO_WEAK 68 /* Caller error */ -# define X509_V_ERR_INVALID_CALL 69 +#define X509_V_ERR_INVALID_CALL 69 /* Issuer lookup error */ -# define X509_V_ERR_STORE_LOOKUP 70 +#define X509_V_ERR_STORE_LOOKUP 70 /* Certificate transparency */ -# define X509_V_ERR_NO_VALID_SCTS 71 +#define X509_V_ERR_NO_VALID_SCTS 71 -# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 /* OCSP status errors */ -# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ -# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ -# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ +#define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +#define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +#define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ -# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 -# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 +#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 +#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 /* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */ -# define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 -# define X509_V_ERR_INVALID_CA 79 -# define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 -# define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 -# define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 -# define X509_V_ERR_ISSUER_NAME_EMPTY 83 -# define X509_V_ERR_SUBJECT_NAME_EMPTY 84 -# define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 -# define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 -# define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 -# define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 -# define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 -# define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 -# define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 -# define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 -# define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 -# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 +#define X509_V_ERR_INVALID_CA 79 +#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 +#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 +#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 +#define X509_V_ERR_ISSUER_NAME_EMPTY 83 +#define X509_V_ERR_SUBJECT_NAME_EMPTY 84 +#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 +#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 +#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 +#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 +#define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 +#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 +#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 +#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 +#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 +#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 /* Certificate verify flags */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +#endif /* Use check time instead of current time */ -# define X509_V_FLAG_USE_CHECK_TIME 0x2 +#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Lookup CRLs */ -# define X509_V_FLAG_CRL_CHECK 0x4 +#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs for whole chain */ -# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Ignore unhandled critical extensions */ -# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Disable workarounds for broken certificates */ -# define X509_V_FLAG_X509_STRICT 0x20 +#define X509_V_FLAG_X509_STRICT 0x20 /* Enable proxy certificate validation */ -# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 /* Enable policy checking */ -# define X509_V_FLAG_POLICY_CHECK 0x80 +#define X509_V_FLAG_POLICY_CHECK 0x80 /* Policy variable require-explicit-policy */ -# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +#define X509_V_FLAG_EXPLICIT_POLICY 0x100 /* Policy variable inhibit-any-policy */ -# define X509_V_FLAG_INHIBIT_ANY 0x200 +#define X509_V_FLAG_INHIBIT_ANY 0x200 /* Policy variable inhibit-policy-mapping */ -# define X509_V_FLAG_INHIBIT_MAP 0x400 +#define X509_V_FLAG_INHIBIT_MAP 0x400 /* Notify callback that policy is OK */ -# define X509_V_FLAG_NOTIFY_POLICY 0x800 +#define X509_V_FLAG_NOTIFY_POLICY 0x800 /* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ -# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 /* Delta CRL support */ -# define X509_V_FLAG_USE_DELTAS 0x2000 +#define X509_V_FLAG_USE_DELTAS 0x2000 /* Check self-signed CA signature */ -# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 /* Use trusted store first */ -# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +#define X509_V_FLAG_TRUSTED_FIRST 0x8000 /* Suite B 128 bit only mode: not normally used */ -# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +#define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 /* Suite B 192 bit only mode */ -# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +#define X509_V_FLAG_SUITEB_192_LOS 0x20000 /* Suite B 128 bit mode allowing 192 bit algorithms */ -# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +#define X509_V_FLAG_SUITEB_128_LOS 0x30000 /* Allow partial chains if at least one certificate is in trusted store */ -# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 /* * If the initial chain is not trusted, do not attempt to build an alternative * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag * will force the behaviour to match that of previous versions. */ -# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +#define X509_V_FLAG_NO_ALT_CHAINS 0x100000 /* Do not check certificate/CRL validity against current time */ -# define X509_V_FLAG_NO_CHECK_TIME 0x200000 +#define X509_V_FLAG_NO_CHECK_TIME 0x200000 -# define X509_VP_FLAG_DEFAULT 0x1 -# define X509_VP_FLAG_OVERWRITE 0x2 -# define X509_VP_FLAG_RESET_FLAGS 0x4 -# define X509_VP_FLAG_LOCKED 0x8 -# define X509_VP_FLAG_ONCE 0x10 +#define X509_VP_FLAG_DEFAULT 0x1 +#define X509_VP_FLAG_OVERWRITE 0x2 +#define X509_VP_FLAG_RESET_FLAGS 0x4 +#define X509_VP_FLAG_LOCKED 0x8 +#define X509_VP_FLAG_ONCE 0x10 /* Internal use: mask of policy related options */ -# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ - | X509_V_FLAG_EXPLICIT_POLICY \ - | X509_V_FLAG_INHIBIT_ANY \ - | X509_V_FLAG_INHIBIT_MAP) +#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - const X509_NAME *name); + const X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, - X509_LOOKUP_TYPE type, - const X509_NAME *name); + X509_LOOKUP_TYPE type, + const X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, - X509_OBJECT *x); + X509_OBJECT *x); int X509_OBJECT_up_ref_count(X509_OBJECT *a); X509_OBJECT *X509_OBJECT_new(void); void X509_OBJECT_free(X509_OBJECT *a); @@ -498,9 +505,9 @@ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v); STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, - const X509_NAME *nm); + const X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, - const X509_NAME *nm); + const X509_NAME *nm); int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); @@ -509,47 +516,47 @@ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); #define X509_STORE_set_verify_func(ctx, func) \ - X509_STORE_set_verify((ctx),(func)) + X509_STORE_set_verify((ctx), (func)) void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, - X509_STORE_CTX_verify_fn verify); + X509_STORE_CTX_verify_fn verify); X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx); void X509_STORE_set_verify_cb(X509_STORE *ctx, - X509_STORE_CTX_verify_cb verify_cb); -# define X509_STORE_set_verify_cb_func(ctx,func) \ - X509_STORE_set_verify_cb((ctx),(func)) + X509_STORE_CTX_verify_cb verify_cb); +#define X509_STORE_set_verify_cb_func(ctx, func) \ + X509_STORE_set_verify_cb((ctx), (func)) X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx); void X509_STORE_set_get_issuer(X509_STORE *ctx, - X509_STORE_CTX_get_issuer_fn get_issuer); + X509_STORE_CTX_get_issuer_fn get_issuer); X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx); void X509_STORE_set_check_issued(X509_STORE *ctx, - X509_STORE_CTX_check_issued_fn check_issued); + X509_STORE_CTX_check_issued_fn check_issued); X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx); void X509_STORE_set_check_revocation(X509_STORE *ctx, - X509_STORE_CTX_check_revocation_fn check_revocation); + X509_STORE_CTX_check_revocation_fn check_revocation); X509_STORE_CTX_check_revocation_fn - X509_STORE_get_check_revocation(const X509_STORE *ctx); +X509_STORE_get_check_revocation(const X509_STORE *ctx); void X509_STORE_set_get_crl(X509_STORE *ctx, - X509_STORE_CTX_get_crl_fn get_crl); + X509_STORE_CTX_get_crl_fn get_crl); X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx); void X509_STORE_set_check_crl(X509_STORE *ctx, - X509_STORE_CTX_check_crl_fn check_crl); + X509_STORE_CTX_check_crl_fn check_crl); X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx); void X509_STORE_set_cert_crl(X509_STORE *ctx, - X509_STORE_CTX_cert_crl_fn cert_crl); + X509_STORE_CTX_cert_crl_fn cert_crl); X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx); void X509_STORE_set_check_policy(X509_STORE *ctx, - X509_STORE_CTX_check_policy_fn check_policy); + X509_STORE_CTX_check_policy_fn check_policy); X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx); void X509_STORE_set_lookup_certs(X509_STORE *ctx, - X509_STORE_CTX_lookup_certs_fn lookup_certs); + X509_STORE_CTX_lookup_certs_fn lookup_certs); X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx); void X509_STORE_set_lookup_crls(X509_STORE *ctx, - X509_STORE_CTX_lookup_crls_fn lookup_crls); + X509_STORE_CTX_lookup_crls_fn lookup_crls); #define X509_STORE_set_lookup_crls_cb(ctx, func) \ X509_STORE_set_lookup_crls((ctx), (func)) X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx); void X509_STORE_set_cleanup(X509_STORE *ctx, - X509_STORE_CTX_cleanup_fn cleanup); + X509_STORE_CTX_cleanup_fn cleanup); X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ @@ -564,16 +571,16 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, - X509 *target, STACK_OF(X509) *untrusted); + X509 *target, STACK_OF(X509) *untrusted); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); -STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, - X509_STORE_CTX_verify_cb verify); + X509_STORE_CTX_verify_cb verify); X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(const X509_STORE_CTX *ctx); X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); @@ -588,16 +595,16 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain -# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted -# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack -# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject -# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs -# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +#define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +#define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +#define X509_STORE_get1_crls X509_STORE_CTX_get1_crls /* the following macro is misspelled; use X509_STORE_get1_certs instead */ -# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +#define X509_STORE_get1_cert X509_STORE_CTX_get1_certs /* the following macro is misspelled; use X509_STORE_get1_crls instead */ -# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#define X509_STORE_get1_crl X509_STORE_CTX_get1_crls #endif X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); @@ -606,66 +613,62 @@ X509_LOOKUP_METHOD *X509_LOOKUP_store(void); typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); + long argl, char **ret); typedef int (*X509_LOOKUP_ctrl_ex_fn)( X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret, OSSL_LIB_CTX *libctx, const char *propq); typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const X509_NAME *name, - X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_subject_ex_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const X509_NAME *name, - X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, - const char *propq); + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, + const char *propq); typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const X509_NAME *name, - const ASN1_INTEGER *serial, - X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const X509_NAME *name, + const ASN1_INTEGER *serial, + X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const unsigned char* bytes, - int len, - X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const unsigned char *bytes, + int len, + X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const char *str, - int len, - X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, - int (*new_item) (X509_LOOKUP *ctx)); -int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx); + int (*new_item)(X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx); int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, - void (*free_fn) (X509_LOOKUP *ctx)); -void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx); + void (*free_fn)(X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx); int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, - int (*init) (X509_LOOKUP *ctx)); -int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx); + int (*init)(X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx); int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, - int (*shutdown) (X509_LOOKUP *ctx)); -int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx); + int (*shutdown)(X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx); int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, - X509_LOOKUP_ctrl_fn ctrl_fn); + X509_LOOKUP_ctrl_fn ctrl_fn); X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_subject_fn fn); + X509_LOOKUP_get_by_subject_fn fn); X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( const X509_LOOKUP_METHOD *method); @@ -680,51 +683,50 @@ const X509_LOOKUP_METHOD *method); int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_alias_fn fn); + X509_LOOKUP_get_by_alias_fn fn); X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( const X509_LOOKUP_METHOD *method); - int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, - X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret); X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, - X509_LOOKUP_TYPE type, - const X509_NAME *name); + X509_LOOKUP_TYPE type, + const X509_NAME *name); int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); + long argl, char **ret); int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret, OSSL_LIB_CTX *libctx, const char *propq); + char **ret, OSSL_LIB_CTX *libctx, const char *propq); int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); int X509_LOOKUP_init(X509_LOOKUP *ctx); int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq); + const X509_NAME *name, X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, const char *propq); int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, - const ASN1_INTEGER *serial, - X509_OBJECT *ret); + const X509_NAME *name, + const ASN1_INTEGER *serial, + X509_OBJECT *ret); int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret); + const unsigned char *bytes, int len, + X509_OBJECT *ret); int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret); + const char *str, int len, X509_OBJECT *ret); int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); @@ -734,19 +736,19 @@ int X509_STORE_load_path(X509_STORE *ctx, const char *path); int X509_STORE_load_store(X509_STORE *ctx, const char *store); int X509_STORE_load_locations(X509_STORE *ctx, - const char *file, - const char *dir); + const char *file, + const char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, - const char *dir, OSSL_LIB_CTX *libctx, - const char *propq); + const char *dir, OSSL_LIB_CTX *libctx, + const char *propq); int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) @@ -769,10 +771,10 @@ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust); + int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, - time_t t); + time_t t); X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); @@ -794,14 +796,14 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, - const X509_VERIFY_PARAM *from); + const X509_VERIFY_PARAM *from); int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, - const X509_VERIFY_PARAM *from); + const X509_VERIFY_PARAM *from); int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, - unsigned long flags); + unsigned long flags); int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, - unsigned long flags); + unsigned long flags); unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); @@ -810,32 +812,32 @@ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, - ASN1_OBJECT *policy); + ASN1_OBJECT *policy); int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, - STACK_OF(ASN1_OBJECT) *policies); + STACK_OF(ASN1_OBJECT) *policies); int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, - uint32_t flags); + uint32_t flags); uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen); + const char *name, size_t namelen); int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen); + const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned int flags); + unsigned int flags); unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const char *email, size_t emaillen); + const char *email, size_t emaillen); char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, - const unsigned char *ip, size_t iplen); + const unsigned char *ip, size_t iplen); int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, - const char *ipasc); + const char *ipasc); int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); @@ -848,47 +850,46 @@ void X509_VERIFY_PARAM_table_cleanup(void); /* Non positive return values are errors */ -#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ -#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ -#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ /* * Positive return values form a bit mask, all but the first are internal to * the library and don't appear in results from X509_policy_check(). */ -#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ -#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ -#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, - STACK_OF(X509) *certs, - STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); void X509_policy_tree_free(X509_POLICY_TREE *tree); int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, - int i); + int i); STACK_OF(X509_POLICY_NODE) - *X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); +*X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); STACK_OF(X509_POLICY_NODE) - *X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); +*X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); int X509_policy_level_node_count(X509_POLICY_LEVEL *level); X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level, - int i); + int i); const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); STACK_OF(POLICYQUALINFO) - *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); -const X509_POLICY_NODE - *X509_policy_node_get0_parent(const X509_POLICY_NODE *node); +*X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE *node); -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/x509_vfy.h.in.orig +++ crypto/openssl/include/openssl/x509_vfy.h.in @@ -9,33 +9,35 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_X509_VFY_H -# define OPENSSL_X509_VFY_H -# pragma once +#define OPENSSL_X509_VFY_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_X509_VFY_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_X509_VFY_H +#endif /* * Protect against recursion, x509.h and x509_vfy.h each include the other. */ -# ifndef OPENSSL_X509_H -# include -# endif +#ifndef OPENSSL_X509_H +#include +#endif -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif @@ -58,68 +60,73 @@ typedef enum { X509_LU_NONE = 0, - X509_LU_X509, X509_LU_CRL + X509_LU_X509, + X509_LU_CRL } X509_LOOKUP_TYPE; #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -#define X509_LU_RETRY -1 -#define X509_LU_FAIL 0 +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 #endif +/* clang-format off */ {- generate_stack_macros("X509_LOOKUP") .generate_stack_macros("X509_OBJECT") .generate_stack_macros("X509_VERIFY_PARAM"); -} +/* clang-format on */ /* This is used for a table of trust checking functions */ typedef struct x509_trust_st { int trust; int flags; - int (*check_trust) (struct x509_trust_st *, X509 *, int); + int (*check_trust)(struct x509_trust_st *, X509 *, int); char *name; int arg1; void *arg2; } X509_TRUST; +/* clang-format off */ {- generate_stack_macros("X509_TRUST"); -} +/* clang-format on */ /* standard trust ids */ -# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ -# define X509_TRUST_COMPAT 1 -# define X509_TRUST_SSL_CLIENT 2 -# define X509_TRUST_SSL_SERVER 3 -# define X509_TRUST_EMAIL 4 -# define X509_TRUST_OBJECT_SIGN 5 -# define X509_TRUST_OCSP_SIGN 6 -# define X509_TRUST_OCSP_REQUEST 7 -# define X509_TRUST_TSA 8 +#define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ +#define X509_TRUST_COMPAT 1 +#define X509_TRUST_SSL_CLIENT 2 +#define X509_TRUST_SSL_SERVER 3 +#define X509_TRUST_EMAIL 4 +#define X509_TRUST_OBJECT_SIGN 5 +#define X509_TRUST_OCSP_SIGN 6 +#define X509_TRUST_OCSP_REQUEST 7 +#define X509_TRUST_TSA 8 /* Keep these up to date! */ -# define X509_TRUST_MIN 1 -# define X509_TRUST_MAX 8 +#define X509_TRUST_MIN 1 +#define X509_TRUST_MAX 8 /* trust_flags values */ -# define X509_TRUST_DYNAMIC (1U << 0) -# define X509_TRUST_DYNAMIC_NAME (1U << 1) +#define X509_TRUST_DYNAMIC (1U << 0) +#define X509_TRUST_DYNAMIC_NAME (1U << 1) /* No compat trust if self-signed, preempts "DO_SS" */ -# define X509_TRUST_NO_SS_COMPAT (1U << 2) +#define X509_TRUST_NO_SS_COMPAT (1U << 2) /* Compat trust if no explicit accepted trust EKUs */ -# define X509_TRUST_DO_SS_COMPAT (1U << 3) +#define X509_TRUST_DO_SS_COMPAT (1U << 3) /* Accept "anyEKU" as a wildcard rejection OID and as a wildcard trust OID */ -# define X509_TRUST_OK_ANY_EKU (1U << 4) +#define X509_TRUST_OK_ANY_EKU (1U << 4) /* check_trust return codes */ -# define X509_TRUST_TRUSTED 1 -# define X509_TRUST_REJECTED 2 -# define X509_TRUST_UNTRUSTED 3 +#define X509_TRUST_TRUSTED 1 +#define X509_TRUST_REJECTED 2 +#define X509_TRUST_UNTRUSTED 3 int X509_TRUST_set(int *t, int trust); int X509_TRUST_get_count(void); X509_TRUST *X509_TRUST_get0(int idx); int X509_TRUST_get_by_id(int id); -int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), - const char *name, int arg1, void *arg2); +int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); void X509_TRUST_cleanup(void); int X509_TRUST_get_flags(const X509_TRUST *xp); char *X509_TRUST_get0_name(const X509_TRUST *xp); @@ -133,15 +140,15 @@ STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); -int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, - int); +int (*X509_TRUST_set_default(int (*trust)(int, X509 *, int)))(int, X509 *, + int); int X509_check_trust(X509 *x, int id, int flags); int X509_verify_cert(X509_STORE_CTX *ctx); int X509_STORE_CTX_verify(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_build_chain(X509 *target, STACK_OF(X509) *certs, - X509_STORE *store, int with_self_signed, - OSSL_LIB_CTX *libctx, const char *propq); + X509_STORE *store, int with_self_signed, + OSSL_LIB_CTX *libctx, const char *propq); int X509_STORE_set_depth(X509_STORE *store, int depth); @@ -149,242 +156,242 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, - X509_STORE_CTX *ctx, X509 *x); + X509_STORE_CTX *ctx, X509 *x); typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, - X509 *x, X509 *issuer); + X509 *x, X509 *issuer); typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, - X509_CRL **crl, X509 *x); + X509_CRL **crl, X509 *x); typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, - X509_CRL *crl, X509 *x); + X509_CRL *crl, X509 *x); typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, - const X509_NAME *nm); + const X509_NAME *nm); typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(const X509_STORE_CTX *ctx, - const X509_NAME *nm); + const X509_NAME *nm); typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); -# define X509_STORE_CTX_set_app_data(ctx,data) \ - X509_STORE_CTX_set_ex_data(ctx,0,data) -# define X509_STORE_CTX_get_app_data(ctx) \ - X509_STORE_CTX_get_ex_data(ctx,0) - -# define X509_L_FILE_LOAD 1 -# define X509_L_ADD_DIR 2 -# define X509_L_ADD_STORE 3 -# define X509_L_LOAD_STORE 4 - -# define X509_LOOKUP_load_file(x,name,type) \ - X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) - -# define X509_LOOKUP_add_dir(x,name,type) \ - X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) - -# define X509_LOOKUP_add_store(x,name) \ - X509_LOOKUP_ctrl((x),X509_L_ADD_STORE,(name),0,NULL) - -# define X509_LOOKUP_load_store(x,name) \ - X509_LOOKUP_ctrl((x),X509_L_LOAD_STORE,(name),0,NULL) - -# define X509_LOOKUP_load_file_ex(x, name, type, libctx, propq) \ -X509_LOOKUP_ctrl_ex((x), X509_L_FILE_LOAD, (name), (long)(type), NULL,\ - (libctx), (propq)) - -# define X509_LOOKUP_load_store_ex(x, name, libctx, propq) \ -X509_LOOKUP_ctrl_ex((x), X509_L_LOAD_STORE, (name), 0, NULL, \ - (libctx), (propq)) - -# define X509_LOOKUP_add_store_ex(x, name, libctx, propq) \ -X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ - (libctx), (propq)) - -# define X509_V_OK 0 -# define X509_V_ERR_UNSPECIFIED 1 -# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -# define X509_V_ERR_UNABLE_TO_GET_CRL 3 -# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -# define X509_V_ERR_CERT_NOT_YET_VALID 9 -# define X509_V_ERR_CERT_HAS_EXPIRED 10 -# define X509_V_ERR_CRL_NOT_YET_VALID 11 -# define X509_V_ERR_CRL_HAS_EXPIRED 12 -# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -# define X509_V_ERR_OUT_OF_MEM 17 -# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -# define X509_V_ERR_CERT_REVOKED 23 -# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 -# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -# define X509_V_ERR_INVALID_PURPOSE 26 -# define X509_V_ERR_CERT_UNTRUSTED 27 -# define X509_V_ERR_CERT_REJECTED 28 +#define X509_STORE_CTX_set_app_data(ctx, data) \ + X509_STORE_CTX_set_ex_data(ctx, 0, data) +#define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx, 0) + +#define X509_L_FILE_LOAD 1 +#define X509_L_ADD_DIR 2 +#define X509_L_ADD_STORE 3 +#define X509_L_LOAD_STORE 4 + +#define X509_LOOKUP_load_file(x, name, type) \ + X509_LOOKUP_ctrl((x), X509_L_FILE_LOAD, (name), (long)(type), NULL) + +#define X509_LOOKUP_add_dir(x, name, type) \ + X509_LOOKUP_ctrl((x), X509_L_ADD_DIR, (name), (long)(type), NULL) + +#define X509_LOOKUP_add_store(x, name) \ + X509_LOOKUP_ctrl((x), X509_L_ADD_STORE, (name), 0, NULL) + +#define X509_LOOKUP_load_store(x, name) \ + X509_LOOKUP_ctrl((x), X509_L_LOAD_STORE, (name), 0, NULL) + +#define X509_LOOKUP_load_file_ex(x, name, type, libctx, propq) \ + X509_LOOKUP_ctrl_ex((x), X509_L_FILE_LOAD, (name), (long)(type), NULL, \ + (libctx), (propq)) + +#define X509_LOOKUP_load_store_ex(x, name, libctx, propq) \ + X509_LOOKUP_ctrl_ex((x), X509_L_LOAD_STORE, (name), 0, NULL, \ + (libctx), (propq)) + +#define X509_LOOKUP_add_store_ex(x, name, libctx, propq) \ + X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ + (libctx), (propq)) + +#define X509_V_OK 0 +#define X509_V_ERR_UNSPECIFIED 1 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +#define X509_V_ERR_UNABLE_TO_GET_CRL 3 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_HAS_EXPIRED 10 +#define X509_V_ERR_CRL_NOT_YET_VALID 11 +#define X509_V_ERR_CRL_HAS_EXPIRED 12 +#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +#define X509_V_ERR_OUT_OF_MEM 17 +#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +#define X509_V_ERR_CERT_REVOKED 23 +#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 +#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +#define X509_V_ERR_INVALID_PURPOSE 26 +#define X509_V_ERR_CERT_UNTRUSTED 27 +#define X509_V_ERR_CERT_REJECTED 28 /* These are 'informational' when looking for issuer cert */ -# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 -# define X509_V_ERR_AKID_SKID_MISMATCH 30 -# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 -# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 -# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 -# define X509_V_ERR_INVALID_NON_CA 37 -# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 -# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -# define X509_V_ERR_INVALID_EXTENSION 41 -# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 -# define X509_V_ERR_NO_EXPLICIT_POLICY 43 -# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 -# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 -# define X509_V_ERR_UNNESTED_RESOURCE 46 -# define X509_V_ERR_PERMITTED_VIOLATION 47 -# define X509_V_ERR_EXCLUDED_VIOLATION 48 -# define X509_V_ERR_SUBTREE_MINMAX 49 +#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +#define X509_V_ERR_AKID_SKID_MISMATCH 30 +#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +#define X509_V_ERR_UNNESTED_RESOURCE 46 +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 /* The application is not happy */ -# define X509_V_ERR_APPLICATION_VERIFICATION 50 -# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 -# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 -# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 -# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +#define X509_V_ERR_APPLICATION_VERIFICATION 50 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 /* Another issuer check debug option */ -# define X509_V_ERR_PATH_LOOP 55 +#define X509_V_ERR_PATH_LOOP 55 /* Suite B mode algorithm violation */ -# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 -# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 -# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 -# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 -# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 -# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 /* Host, email and IP check errors */ -# define X509_V_ERR_HOSTNAME_MISMATCH 62 -# define X509_V_ERR_EMAIL_MISMATCH 63 -# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +#define X509_V_ERR_HOSTNAME_MISMATCH 62 +#define X509_V_ERR_EMAIL_MISMATCH 63 +#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 /* DANE TLSA errors */ -# define X509_V_ERR_DANE_NO_MATCH 65 +#define X509_V_ERR_DANE_NO_MATCH 65 /* security level errors */ -# define X509_V_ERR_EE_KEY_TOO_SMALL 66 -# define X509_V_ERR_CA_KEY_TOO_SMALL 67 -# define X509_V_ERR_CA_MD_TOO_WEAK 68 +#define X509_V_ERR_EE_KEY_TOO_SMALL 66 +#define X509_V_ERR_CA_KEY_TOO_SMALL 67 +#define X509_V_ERR_CA_MD_TOO_WEAK 68 /* Caller error */ -# define X509_V_ERR_INVALID_CALL 69 +#define X509_V_ERR_INVALID_CALL 69 /* Issuer lookup error */ -# define X509_V_ERR_STORE_LOOKUP 70 +#define X509_V_ERR_STORE_LOOKUP 70 /* Certificate transparency */ -# define X509_V_ERR_NO_VALID_SCTS 71 +#define X509_V_ERR_NO_VALID_SCTS 71 -# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 /* OCSP status errors */ -# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ -# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ -# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ +#define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +#define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +#define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ -# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 -# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 +#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 +#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 /* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */ -# define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 -# define X509_V_ERR_INVALID_CA 79 -# define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 -# define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 -# define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 -# define X509_V_ERR_ISSUER_NAME_EMPTY 83 -# define X509_V_ERR_SUBJECT_NAME_EMPTY 84 -# define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 -# define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 -# define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 -# define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 -# define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 -# define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 -# define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 -# define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 -# define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 -# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 +#define X509_V_ERR_INVALID_CA 79 +#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 +#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 +#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 +#define X509_V_ERR_ISSUER_NAME_EMPTY 83 +#define X509_V_ERR_SUBJECT_NAME_EMPTY 84 +#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 +#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 +#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 +#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 +#define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 +#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 +#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 +#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 +#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 +#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 /* Certificate verify flags */ -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ -# endif +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +#endif /* Use check time instead of current time */ -# define X509_V_FLAG_USE_CHECK_TIME 0x2 +#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Lookup CRLs */ -# define X509_V_FLAG_CRL_CHECK 0x4 +#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs for whole chain */ -# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Ignore unhandled critical extensions */ -# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Disable workarounds for broken certificates */ -# define X509_V_FLAG_X509_STRICT 0x20 +#define X509_V_FLAG_X509_STRICT 0x20 /* Enable proxy certificate validation */ -# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 /* Enable policy checking */ -# define X509_V_FLAG_POLICY_CHECK 0x80 +#define X509_V_FLAG_POLICY_CHECK 0x80 /* Policy variable require-explicit-policy */ -# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +#define X509_V_FLAG_EXPLICIT_POLICY 0x100 /* Policy variable inhibit-any-policy */ -# define X509_V_FLAG_INHIBIT_ANY 0x200 +#define X509_V_FLAG_INHIBIT_ANY 0x200 /* Policy variable inhibit-policy-mapping */ -# define X509_V_FLAG_INHIBIT_MAP 0x400 +#define X509_V_FLAG_INHIBIT_MAP 0x400 /* Notify callback that policy is OK */ -# define X509_V_FLAG_NOTIFY_POLICY 0x800 +#define X509_V_FLAG_NOTIFY_POLICY 0x800 /* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ -# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 /* Delta CRL support */ -# define X509_V_FLAG_USE_DELTAS 0x2000 +#define X509_V_FLAG_USE_DELTAS 0x2000 /* Check self-signed CA signature */ -# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 /* Use trusted store first */ -# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +#define X509_V_FLAG_TRUSTED_FIRST 0x8000 /* Suite B 128 bit only mode: not normally used */ -# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +#define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 /* Suite B 192 bit only mode */ -# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +#define X509_V_FLAG_SUITEB_192_LOS 0x20000 /* Suite B 128 bit mode allowing 192 bit algorithms */ -# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +#define X509_V_FLAG_SUITEB_128_LOS 0x30000 /* Allow partial chains if at least one certificate is in trusted store */ -# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 /* * If the initial chain is not trusted, do not attempt to build an alternative * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag * will force the behaviour to match that of previous versions. */ -# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +#define X509_V_FLAG_NO_ALT_CHAINS 0x100000 /* Do not check certificate/CRL validity against current time */ -# define X509_V_FLAG_NO_CHECK_TIME 0x200000 +#define X509_V_FLAG_NO_CHECK_TIME 0x200000 -# define X509_VP_FLAG_DEFAULT 0x1 -# define X509_VP_FLAG_OVERWRITE 0x2 -# define X509_VP_FLAG_RESET_FLAGS 0x4 -# define X509_VP_FLAG_LOCKED 0x8 -# define X509_VP_FLAG_ONCE 0x10 +#define X509_VP_FLAG_DEFAULT 0x1 +#define X509_VP_FLAG_OVERWRITE 0x2 +#define X509_VP_FLAG_RESET_FLAGS 0x4 +#define X509_VP_FLAG_LOCKED 0x8 +#define X509_VP_FLAG_ONCE 0x10 /* Internal use: mask of policy related options */ -# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ - | X509_V_FLAG_EXPLICIT_POLICY \ - | X509_V_FLAG_INHIBIT_ANY \ - | X509_V_FLAG_INHIBIT_MAP) +#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - const X509_NAME *name); + const X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, - X509_LOOKUP_TYPE type, - const X509_NAME *name); + X509_LOOKUP_TYPE type, + const X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, - X509_OBJECT *x); + X509_OBJECT *x); int X509_OBJECT_up_ref_count(X509_OBJECT *a); X509_OBJECT *X509_OBJECT_new(void); void X509_OBJECT_free(X509_OBJECT *a); @@ -401,9 +408,9 @@ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v); STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, - const X509_NAME *nm); + const X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, - const X509_NAME *nm); + const X509_NAME *nm); int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); @@ -412,47 +419,47 @@ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); #define X509_STORE_set_verify_func(ctx, func) \ - X509_STORE_set_verify((ctx),(func)) + X509_STORE_set_verify((ctx), (func)) void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, - X509_STORE_CTX_verify_fn verify); + X509_STORE_CTX_verify_fn verify); X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx); void X509_STORE_set_verify_cb(X509_STORE *ctx, - X509_STORE_CTX_verify_cb verify_cb); -# define X509_STORE_set_verify_cb_func(ctx,func) \ - X509_STORE_set_verify_cb((ctx),(func)) + X509_STORE_CTX_verify_cb verify_cb); +#define X509_STORE_set_verify_cb_func(ctx, func) \ + X509_STORE_set_verify_cb((ctx), (func)) X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx); void X509_STORE_set_get_issuer(X509_STORE *ctx, - X509_STORE_CTX_get_issuer_fn get_issuer); + X509_STORE_CTX_get_issuer_fn get_issuer); X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx); void X509_STORE_set_check_issued(X509_STORE *ctx, - X509_STORE_CTX_check_issued_fn check_issued); + X509_STORE_CTX_check_issued_fn check_issued); X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx); void X509_STORE_set_check_revocation(X509_STORE *ctx, - X509_STORE_CTX_check_revocation_fn check_revocation); + X509_STORE_CTX_check_revocation_fn check_revocation); X509_STORE_CTX_check_revocation_fn - X509_STORE_get_check_revocation(const X509_STORE *ctx); +X509_STORE_get_check_revocation(const X509_STORE *ctx); void X509_STORE_set_get_crl(X509_STORE *ctx, - X509_STORE_CTX_get_crl_fn get_crl); + X509_STORE_CTX_get_crl_fn get_crl); X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx); void X509_STORE_set_check_crl(X509_STORE *ctx, - X509_STORE_CTX_check_crl_fn check_crl); + X509_STORE_CTX_check_crl_fn check_crl); X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx); void X509_STORE_set_cert_crl(X509_STORE *ctx, - X509_STORE_CTX_cert_crl_fn cert_crl); + X509_STORE_CTX_cert_crl_fn cert_crl); X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx); void X509_STORE_set_check_policy(X509_STORE *ctx, - X509_STORE_CTX_check_policy_fn check_policy); + X509_STORE_CTX_check_policy_fn check_policy); X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx); void X509_STORE_set_lookup_certs(X509_STORE *ctx, - X509_STORE_CTX_lookup_certs_fn lookup_certs); + X509_STORE_CTX_lookup_certs_fn lookup_certs); X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx); void X509_STORE_set_lookup_crls(X509_STORE *ctx, - X509_STORE_CTX_lookup_crls_fn lookup_crls); + X509_STORE_CTX_lookup_crls_fn lookup_crls); #define X509_STORE_set_lookup_crls_cb(ctx, func) \ X509_STORE_set_lookup_crls((ctx), (func)) X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx); void X509_STORE_set_cleanup(X509_STORE *ctx, - X509_STORE_CTX_cleanup_fn cleanup); + X509_STORE_CTX_cleanup_fn cleanup); X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ @@ -467,16 +474,16 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, - X509 *target, STACK_OF(X509) *untrusted); + X509 *target, STACK_OF(X509) *untrusted); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); -STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, - X509_STORE_CTX_verify_cb verify); + X509_STORE_CTX_verify_cb verify); X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(const X509_STORE_CTX *ctx); X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); @@ -491,16 +498,16 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain -# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted -# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack -# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject -# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs -# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +#define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +#define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +#define X509_STORE_get1_crls X509_STORE_CTX_get1_crls /* the following macro is misspelled; use X509_STORE_get1_certs instead */ -# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +#define X509_STORE_get1_cert X509_STORE_CTX_get1_certs /* the following macro is misspelled; use X509_STORE_get1_crls instead */ -# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#define X509_STORE_get1_crl X509_STORE_CTX_get1_crls #endif X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); @@ -509,66 +516,62 @@ X509_LOOKUP_METHOD *X509_LOOKUP_store(void); typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); + long argl, char **ret); typedef int (*X509_LOOKUP_ctrl_ex_fn)( X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret, OSSL_LIB_CTX *libctx, const char *propq); typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const X509_NAME *name, - X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_subject_ex_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const X509_NAME *name, - X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, - const char *propq); + X509_LOOKUP_TYPE type, + const X509_NAME *name, + X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, + const char *propq); typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const X509_NAME *name, - const ASN1_INTEGER *serial, - X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const X509_NAME *name, + const ASN1_INTEGER *serial, + X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const unsigned char* bytes, - int len, - X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const unsigned char *bytes, + int len, + X509_OBJECT *ret); typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, - X509_LOOKUP_TYPE type, - const char *str, - int len, - X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, - int (*new_item) (X509_LOOKUP *ctx)); -int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx); + int (*new_item)(X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx); int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, - void (*free_fn) (X509_LOOKUP *ctx)); -void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx); + void (*free_fn)(X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx); int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, - int (*init) (X509_LOOKUP *ctx)); -int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx); + int (*init)(X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx); int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, - int (*shutdown) (X509_LOOKUP *ctx)); -int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx); + int (*shutdown)(X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD *method))(X509_LOOKUP *ctx); int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, - X509_LOOKUP_ctrl_fn ctrl_fn); + X509_LOOKUP_ctrl_fn ctrl_fn); X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_subject_fn fn); + X509_LOOKUP_get_by_subject_fn fn); X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( const X509_LOOKUP_METHOD *method); @@ -583,51 +586,50 @@ const X509_LOOKUP_METHOD *method); int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_alias_fn fn); + X509_LOOKUP_get_by_alias_fn fn); X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( const X509_LOOKUP_METHOD *method); - int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, - X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret); + X509_LOOKUP_TYPE type, + const X509_NAME *name, X509_OBJECT *ret); X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, - X509_LOOKUP_TYPE type, - const X509_NAME *name); + X509_LOOKUP_TYPE type, + const X509_NAME *name); int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); + long argl, char **ret); int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret, OSSL_LIB_CTX *libctx, const char *propq); + char **ret, OSSL_LIB_CTX *libctx, const char *propq); int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); int X509_LOOKUP_init(X509_LOOKUP *ctx); int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret); + const X509_NAME *name, X509_OBJECT *ret); int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq); + const X509_NAME *name, X509_OBJECT *ret, + OSSL_LIB_CTX *libctx, const char *propq); int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, - const ASN1_INTEGER *serial, - X509_OBJECT *ret); + const X509_NAME *name, + const ASN1_INTEGER *serial, + X509_OBJECT *ret); int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret); + const unsigned char *bytes, int len, + X509_OBJECT *ret); int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret); + const char *str, int len, X509_OBJECT *ret); int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); @@ -637,19 +639,19 @@ int X509_STORE_load_path(X509_STORE *ctx, const char *path); int X509_STORE_load_store(X509_STORE *ctx, const char *store); int X509_STORE_load_locations(X509_STORE *ctx, - const char *file, - const char *dir); + const char *file, + const char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, - const char *dir, OSSL_LIB_CTX *libctx, - const char *propq); + const char *dir, OSSL_LIB_CTX *libctx, + const char *propq); int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, - const char *propq); + const char *propq); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) @@ -672,10 +674,10 @@ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust); + int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, - time_t t); + time_t t); X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); @@ -697,14 +699,14 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, - const X509_VERIFY_PARAM *from); + const X509_VERIFY_PARAM *from); int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, - const X509_VERIFY_PARAM *from); + const X509_VERIFY_PARAM *from); int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, - unsigned long flags); + unsigned long flags); int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, - unsigned long flags); + unsigned long flags); unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); @@ -713,32 +715,32 @@ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, - ASN1_OBJECT *policy); + ASN1_OBJECT *policy); int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, - STACK_OF(ASN1_OBJECT) *policies); + STACK_OF(ASN1_OBJECT) *policies); int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, - uint32_t flags); + uint32_t flags); uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen); + const char *name, size_t namelen); int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen); + const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned int flags); + unsigned int flags); unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const char *email, size_t emaillen); + const char *email, size_t emaillen); char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, - const unsigned char *ip, size_t iplen); + const unsigned char *ip, size_t iplen); int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, - const char *ipasc); + const char *ipasc); int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); @@ -751,47 +753,46 @@ void X509_VERIFY_PARAM_table_cleanup(void); /* Non positive return values are errors */ -#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ -#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ -#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ /* * Positive return values form a bit mask, all but the first are internal to * the library and don't appear in results from X509_policy_check(). */ -#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ -#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ -#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, - STACK_OF(X509) *certs, - STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); void X509_policy_tree_free(X509_POLICY_TREE *tree); int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, - int i); + int i); STACK_OF(X509_POLICY_NODE) - *X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); +*X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); STACK_OF(X509_POLICY_NODE) - *X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); +*X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); int X509_policy_level_node_count(X509_POLICY_LEVEL *level); X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level, - int i); + int i); const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); STACK_OF(POLICYQUALINFO) - *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); -const X509_POLICY_NODE - *X509_policy_node_get0_parent(const X509_POLICY_NODE *node); +*X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE *node); -#ifdef __cplusplus +#ifdef __cplusplus } #endif #endif --- crypto/openssl/include/openssl/x509err.h.orig +++ crypto/openssl/include/openssl/x509err.h @@ -9,61 +9,59 @@ */ #ifndef OPENSSL_X509ERR_H -# define OPENSSL_X509ERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_X509ERR_H +#pragma once +#include +#include +#include /* * X509 reason codes. */ -# define X509_R_AKID_MISMATCH 110 -# define X509_R_BAD_SELECTOR 133 -# define X509_R_BAD_X509_FILETYPE 100 -# define X509_R_BASE64_DECODE_ERROR 118 -# define X509_R_CANT_CHECK_DH_KEY 114 -# define X509_R_CERTIFICATE_VERIFICATION_FAILED 139 -# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 -# define X509_R_CRL_ALREADY_DELTA 127 -# define X509_R_CRL_VERIFY_FAILURE 131 -# define X509_R_DUPLICATE_ATTRIBUTE 140 -# define X509_R_ERROR_GETTING_MD_BY_NID 141 -# define X509_R_ERROR_USING_SIGINF_SET 142 -# define X509_R_IDP_MISMATCH 128 -# define X509_R_INVALID_ATTRIBUTES 138 -# define X509_R_INVALID_DIRECTORY 113 -# define X509_R_INVALID_DISTPOINT 143 -# define X509_R_INVALID_FIELD_NAME 119 -# define X509_R_INVALID_TRUST 123 -# define X509_R_ISSUER_MISMATCH 129 -# define X509_R_KEY_TYPE_MISMATCH 115 -# define X509_R_KEY_VALUES_MISMATCH 116 -# define X509_R_LOADING_CERT_DIR 103 -# define X509_R_LOADING_DEFAULTS 104 -# define X509_R_METHOD_NOT_SUPPORTED 124 -# define X509_R_NAME_TOO_LONG 134 -# define X509_R_NEWER_CRL_NOT_NEWER 132 -# define X509_R_NO_CERTIFICATE_FOUND 135 -# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 -# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 -# define X509_R_NO_CRL_FOUND 137 -# define X509_R_NO_CRL_NUMBER 130 -# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 -# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 -# define X509_R_SHOULD_RETRY 106 -# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 -# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 -# define X509_R_UNKNOWN_KEY_TYPE 117 -# define X509_R_UNKNOWN_NID 109 -# define X509_R_UNKNOWN_PURPOSE_ID 121 -# define X509_R_UNKNOWN_SIGID_ALGS 144 -# define X509_R_UNKNOWN_TRUST_ID 120 -# define X509_R_UNSUPPORTED_ALGORITHM 111 -# define X509_R_WRONG_LOOKUP_TYPE 112 -# define X509_R_WRONG_TYPE 122 +#define X509_R_AKID_MISMATCH 110 +#define X509_R_BAD_SELECTOR 133 +#define X509_R_BAD_X509_FILETYPE 100 +#define X509_R_BASE64_DECODE_ERROR 118 +#define X509_R_CANT_CHECK_DH_KEY 114 +#define X509_R_CERTIFICATE_VERIFICATION_FAILED 139 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_R_CRL_ALREADY_DELTA 127 +#define X509_R_CRL_VERIFY_FAILURE 131 +#define X509_R_DUPLICATE_ATTRIBUTE 140 +#define X509_R_ERROR_GETTING_MD_BY_NID 141 +#define X509_R_ERROR_USING_SIGINF_SET 142 +#define X509_R_IDP_MISMATCH 128 +#define X509_R_INVALID_ATTRIBUTES 138 +#define X509_R_INVALID_DIRECTORY 113 +#define X509_R_INVALID_DISTPOINT 143 +#define X509_R_INVALID_FIELD_NAME 119 +#define X509_R_INVALID_TRUST 123 +#define X509_R_ISSUER_MISMATCH 129 +#define X509_R_KEY_TYPE_MISMATCH 115 +#define X509_R_KEY_VALUES_MISMATCH 116 +#define X509_R_LOADING_CERT_DIR 103 +#define X509_R_LOADING_DEFAULTS 104 +#define X509_R_METHOD_NOT_SUPPORTED 124 +#define X509_R_NAME_TOO_LONG 134 +#define X509_R_NEWER_CRL_NOT_NEWER 132 +#define X509_R_NO_CERTIFICATE_FOUND 135 +#define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +#define X509_R_NO_CRL_FOUND 137 +#define X509_R_NO_CRL_NUMBER 130 +#define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +#define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +#define X509_R_SHOULD_RETRY 106 +#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +#define X509_R_UNKNOWN_KEY_TYPE 117 +#define X509_R_UNKNOWN_NID 109 +#define X509_R_UNKNOWN_PURPOSE_ID 121 +#define X509_R_UNKNOWN_SIGID_ALGS 144 +#define X509_R_UNKNOWN_TRUST_ID 120 +#define X509_R_UNSUPPORTED_ALGORITHM 111 +#define X509_R_WRONG_LOOKUP_TYPE 112 +#define X509_R_WRONG_TYPE 122 #endif --- crypto/openssl/include/openssl/x509v3.h.orig +++ crypto/openssl/include/openssl/x509v3.h @@ -10,21 +10,23 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ +/* clang-format on */ #ifndef OPENSSL_X509V3_H -# define OPENSSL_X509V3_H -# pragma once +#define OPENSSL_X509V3_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_X509V3_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_X509V3_H +#endif -# include -# include -# include -# include +#include +#include +#include +#include #ifdef __cplusplus extern "C" { @@ -37,62 +39,61 @@ /* Useful typedefs */ typedef void *(*X509V3_EXT_NEW)(void); -typedef void (*X509V3_EXT_FREE) (void *); +typedef void (*X509V3_EXT_FREE)(void *); typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); -typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) * - (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, - STACK_OF(CONF_VALUE) *extlist); +typedef int (*X509V3_EXT_I2D)(const void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values); + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, - void *ext); + void *ext); typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, const char *str); -typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, - BIO *out, int indent); + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext, + BIO *out, int indent); typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, const char *str); + struct v3_ext_ctx *ctx, const char *str); /* V3 extension structure */ struct v3_ext_method { int ext_nid; int ext_flags; -/* If this is set the following four fields are ignored */ + /* If this is set the following four fields are ignored */ ASN1_ITEM_EXP *it; -/* Old style ASN1 calls */ + /* Old style ASN1 calls */ X509V3_EXT_NEW ext_new; X509V3_EXT_FREE ext_free; X509V3_EXT_D2I d2i; X509V3_EXT_I2D i2d; -/* The following pair is used for string extensions */ + /* The following pair is used for string extensions */ X509V3_EXT_I2S i2s; X509V3_EXT_S2I s2i; -/* The following pair is used for multi-valued extensions */ + /* The following pair is used for multi-valued extensions */ X509V3_EXT_I2V i2v; X509V3_EXT_V2I v2i; -/* The following are used for raw extensions */ + /* The following are used for raw extensions */ X509V3_EXT_I2R i2r; X509V3_EXT_R2I r2i; - void *usr_data; /* Any extension specific data */ + void *usr_data; /* Any extension specific data */ }; typedef struct X509V3_CONF_METHOD_st { - char *(*get_string) (void *db, const char *section, const char *value); - STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); - void (*free_string) (void *db, char *string); - void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); + char *(*get_string)(void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section); + void (*free_string)(void *db, char *string); + void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); } X509V3_CONF_METHOD; /* Context specific info for producing X509 v3 extensions*/ struct v3_ext_ctx { -# define X509V3_CTX_TEST 0x1 -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define CTX_TEST X509V3_CTX_TEST -# endif -# define X509V3_CTX_REPLACE 0x2 +#define X509V3_CTX_TEST 0x1 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define CTX_TEST X509V3_CTX_TEST +#endif +#define X509V3_CTX_REPLACE 0x2 int flags; X509 *issuer_cert; X509 *subject_cert; @@ -101,11 +102,12 @@ X509V3_CONF_METHOD *db_meth; void *db; EVP_PKEY *issuer_pkey; -/* Maybe more here */ + /* Maybe more here */ }; typedef struct v3_ext_method X509V3_EXT_METHOD; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509V3_EXT_METHOD, X509V3_EXT_METHOD, X509V3_EXT_METHOD) #define sk_X509V3_EXT_METHOD_num(sk) OPENSSL_sk_num(ossl_check_const_X509V3_EXT_METHOD_sk_type(sk)) #define sk_X509V3_EXT_METHOD_value(sk, idx) ((X509V3_EXT_METHOD *)OPENSSL_sk_value(ossl_check_const_X509V3_EXT_METHOD_sk_type(sk), (idx))) @@ -133,11 +135,12 @@ #define sk_X509V3_EXT_METHOD_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509V3_EXT_METHOD) *)OPENSSL_sk_deep_copy(ossl_check_const_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_copyfunc_type(copyfunc), ossl_check_X509V3_EXT_METHOD_freefunc_type(freefunc))) #define sk_X509V3_EXT_METHOD_set_cmp_func(sk, cmp) ((sk_X509V3_EXT_METHOD_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509V3_EXT_METHOD_sk_type(sk), ossl_check_X509V3_EXT_METHOD_compfunc_type(cmp))) +/* clang-format on */ /* ext_flags values */ -# define X509V3_EXT_DYNAMIC 0x1 -# define X509V3_EXT_CTX_DEP 0x2 -# define X509V3_EXT_MULTILINE 0x4 +#define X509V3_EXT_DYNAMIC 0x1 +#define X509V3_EXT_CTX_DEP 0x2 +#define X509V3_EXT_MULTILINE 0x4 typedef BIT_STRING_BITNAME ENUMERATED_NAMES; @@ -162,19 +165,19 @@ } EDIPARTYNAME; typedef struct GENERAL_NAME_st { -# define GEN_OTHERNAME 0 -# define GEN_EMAIL 1 -# define GEN_DNS 2 -# define GEN_X400 3 -# define GEN_DIRNAME 4 -# define GEN_EDIPARTY 5 -# define GEN_URI 6 -# define GEN_IPADD 7 -# define GEN_RID 8 +#define GEN_OTHERNAME 0 +#define GEN_EMAIL 1 +#define GEN_DNS 2 +#define GEN_X400 3 +#define GEN_DIRNAME 4 +#define GEN_EDIPARTY 5 +#define GEN_URI 6 +#define GEN_IPADD 7 +#define GEN_RID 8 int type; union { char *ptr; - OTHERNAME *otherName; /* otherName */ + OTHERNAME *otherName; /* otherName */ ASN1_IA5STRING *rfc822Name; ASN1_IA5STRING *dNSName; ASN1_STRING *x400Address; @@ -184,12 +187,12 @@ ASN1_OCTET_STRING *iPAddress; ASN1_OBJECT *registeredID; /* Old names */ - ASN1_OCTET_STRING *ip; /* iPAddress */ - X509_NAME *dirn; /* dirn */ - ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, - * uniformResourceIdentifier */ - ASN1_OBJECT *rid; /* registeredID */ - ASN1_TYPE *other; /* x400Address */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ } d; } GENERAL_NAME; @@ -198,6 +201,7 @@ GENERAL_NAME *location; } ACCESS_DESCRIPTION; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION, ACCESS_DESCRIPTION) #define sk_ACCESS_DESCRIPTION_num(sk) OPENSSL_sk_num(ossl_check_const_ACCESS_DESCRIPTION_sk_type(sk)) #define sk_ACCESS_DESCRIPTION_value(sk, idx) ((ACCESS_DESCRIPTION *)OPENSSL_sk_value(ossl_check_const_ACCESS_DESCRIPTION_sk_type(sk), (idx))) @@ -251,12 +255,14 @@ #define sk_GENERAL_NAME_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(GENERAL_NAME) *)OPENSSL_sk_deep_copy(ossl_check_const_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_copyfunc_type(copyfunc), ossl_check_GENERAL_NAME_freefunc_type(freefunc))) #define sk_GENERAL_NAME_set_cmp_func(sk, cmp) ((sk_GENERAL_NAME_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_GENERAL_NAME_sk_type(sk), ossl_check_GENERAL_NAME_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(GENERAL_NAMES, GENERAL_NAMES, GENERAL_NAMES) #define sk_GENERAL_NAMES_num(sk) OPENSSL_sk_num(ossl_check_const_GENERAL_NAMES_sk_type(sk)) #define sk_GENERAL_NAMES_value(sk, idx) ((GENERAL_NAMES *)OPENSSL_sk_value(ossl_check_const_GENERAL_NAMES_sk_type(sk), (idx))) @@ -284,6 +290,7 @@ #define sk_GENERAL_NAMES_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(GENERAL_NAMES) *)OPENSSL_sk_deep_copy(ossl_check_const_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_copyfunc_type(copyfunc), ossl_check_GENERAL_NAMES_freefunc_type(freefunc))) #define sk_GENERAL_NAMES_set_cmp_func(sk, cmp) ((sk_GENERAL_NAMES_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_GENERAL_NAMES_sk_type(sk), ossl_check_GENERAL_NAMES_compfunc_type(cmp))) +/* clang-format on */ typedef struct DIST_POINT_NAME_st { int type; @@ -291,23 +298,23 @@ GENERAL_NAMES *fullname; STACK_OF(X509_NAME_ENTRY) *relativename; } name; -/* If relativename then this contains the full distribution point name */ + /* If relativename then this contains the full distribution point name */ X509_NAME *dpname; } DIST_POINT_NAME; /* All existing reasons */ -# define CRLDP_ALL_REASONS 0x807f - -# define CRL_REASON_NONE -1 -# define CRL_REASON_UNSPECIFIED 0 -# define CRL_REASON_KEY_COMPROMISE 1 -# define CRL_REASON_CA_COMPROMISE 2 -# define CRL_REASON_AFFILIATION_CHANGED 3 -# define CRL_REASON_SUPERSEDED 4 -# define CRL_REASON_CESSATION_OF_OPERATION 5 -# define CRL_REASON_CERTIFICATE_HOLD 6 -# define CRL_REASON_REMOVE_FROM_CRL 8 -# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 -# define CRL_REASON_AA_COMPROMISE 10 +#define CRLDP_ALL_REASONS 0x807f + +#define CRL_REASON_NONE -1 +#define CRL_REASON_UNSPECIFIED 0 +#define CRL_REASON_KEY_COMPROMISE 1 +#define CRL_REASON_CA_COMPROMISE 2 +#define CRL_REASON_AFFILIATION_CHANGED 3 +#define CRL_REASON_SUPERSEDED 4 +#define CRL_REASON_CESSATION_OF_OPERATION 5 +#define CRL_REASON_CERTIFICATE_HOLD 6 +#define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 struct DIST_POINT_st { DIST_POINT_NAME *distpoint; @@ -316,6 +323,7 @@ int dp_reasons; }; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(DIST_POINT, DIST_POINT, DIST_POINT) #define sk_DIST_POINT_num(sk) OPENSSL_sk_num(ossl_check_const_DIST_POINT_sk_type(sk)) #define sk_DIST_POINT_value(sk, idx) ((DIST_POINT *)OPENSSL_sk_value(ossl_check_const_DIST_POINT_sk_type(sk), (idx))) @@ -343,6 +351,7 @@ #define sk_DIST_POINT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(DIST_POINT) *)OPENSSL_sk_deep_copy(ossl_check_const_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_copyfunc_type(copyfunc), ossl_check_DIST_POINT_freefunc_type(freefunc))) #define sk_DIST_POINT_set_cmp_func(sk, cmp) ((sk_DIST_POINT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_DIST_POINT_sk_type(sk), ossl_check_DIST_POINT_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; @@ -359,6 +368,7 @@ ASN1_OCTET_STRING *user; } SXNETID; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(SXNETID, SXNETID, SXNETID) #define sk_SXNETID_num(sk) OPENSSL_sk_num(ossl_check_const_SXNETID_sk_type(sk)) #define sk_SXNETID_value(sk, idx) ((SXNETID *)OPENSSL_sk_value(ossl_check_const_SXNETID_sk_type(sk), (idx))) @@ -386,7 +396,7 @@ #define sk_SXNETID_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SXNETID) *)OPENSSL_sk_deep_copy(ossl_check_const_SXNETID_sk_type(sk), ossl_check_SXNETID_copyfunc_type(copyfunc), ossl_check_SXNETID_freefunc_type(freefunc))) #define sk_SXNETID_set_cmp_func(sk, cmp) ((sk_SXNETID_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SXNETID_sk_type(sk), ossl_check_SXNETID_compfunc_type(cmp))) - +/* clang-format on */ typedef struct SXNET_st { ASN1_INTEGER *version; @@ -419,6 +429,7 @@ } d; } POLICYQUALINFO; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(POLICYQUALINFO, POLICYQUALINFO, POLICYQUALINFO) #define sk_POLICYQUALINFO_num(sk) OPENSSL_sk_num(ossl_check_const_POLICYQUALINFO_sk_type(sk)) #define sk_POLICYQUALINFO_value(sk, idx) ((POLICYQUALINFO *)OPENSSL_sk_value(ossl_check_const_POLICYQUALINFO_sk_type(sk), (idx))) @@ -446,13 +457,14 @@ #define sk_POLICYQUALINFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(POLICYQUALINFO) *)OPENSSL_sk_deep_copy(ossl_check_const_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_copyfunc_type(copyfunc), ossl_check_POLICYQUALINFO_freefunc_type(freefunc))) #define sk_POLICYQUALINFO_set_cmp_func(sk, cmp) ((sk_POLICYQUALINFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_POLICYQUALINFO_sk_type(sk), ossl_check_POLICYQUALINFO_compfunc_type(cmp))) - +/* clang-format on */ typedef struct POLICYINFO_st { ASN1_OBJECT *policyid; STACK_OF(POLICYQUALINFO) *qualifiers; } POLICYINFO; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(POLICYINFO, POLICYINFO, POLICYINFO) #define sk_POLICYINFO_num(sk) OPENSSL_sk_num(ossl_check_const_POLICYINFO_sk_type(sk)) #define sk_POLICYINFO_value(sk, idx) ((POLICYINFO *)OPENSSL_sk_value(ossl_check_const_POLICYINFO_sk_type(sk), (idx))) @@ -480,6 +492,7 @@ #define sk_POLICYINFO_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(POLICYINFO) *)OPENSSL_sk_deep_copy(ossl_check_const_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_copyfunc_type(copyfunc), ossl_check_POLICYINFO_freefunc_type(freefunc))) #define sk_POLICYINFO_set_cmp_func(sk, cmp) ((sk_POLICYINFO_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_POLICYINFO_sk_type(sk), ossl_check_POLICYINFO_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; @@ -488,6 +501,7 @@ ASN1_OBJECT *subjectDomainPolicy; } POLICY_MAPPING; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(POLICY_MAPPING, POLICY_MAPPING, POLICY_MAPPING) #define sk_POLICY_MAPPING_num(sk) OPENSSL_sk_num(ossl_check_const_POLICY_MAPPING_sk_type(sk)) #define sk_POLICY_MAPPING_value(sk, idx) ((POLICY_MAPPING *)OPENSSL_sk_value(ossl_check_const_POLICY_MAPPING_sk_type(sk), (idx))) @@ -515,6 +529,7 @@ #define sk_POLICY_MAPPING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(POLICY_MAPPING) *)OPENSSL_sk_deep_copy(ossl_check_const_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_copyfunc_type(copyfunc), ossl_check_POLICY_MAPPING_freefunc_type(freefunc))) #define sk_POLICY_MAPPING_set_cmp_func(sk, cmp) ((sk_POLICY_MAPPING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_POLICY_MAPPING_sk_type(sk), ossl_check_POLICY_MAPPING_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; @@ -524,6 +539,7 @@ ASN1_INTEGER *maximum; } GENERAL_SUBTREE; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(GENERAL_SUBTREE, GENERAL_SUBTREE, GENERAL_SUBTREE) #define sk_GENERAL_SUBTREE_num(sk) OPENSSL_sk_num(ossl_check_const_GENERAL_SUBTREE_sk_type(sk)) #define sk_GENERAL_SUBTREE_value(sk, idx) ((GENERAL_SUBTREE *)OPENSSL_sk_value(ossl_check_const_GENERAL_SUBTREE_sk_type(sk), (idx))) @@ -551,6 +567,7 @@ #define sk_GENERAL_SUBTREE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(GENERAL_SUBTREE) *)OPENSSL_sk_deep_copy(ossl_check_const_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_copyfunc_type(copyfunc), ossl_check_GENERAL_SUBTREE_freefunc_type(freefunc))) #define sk_GENERAL_SUBTREE_set_cmp_func(sk, cmp) ((sk_GENERAL_SUBTREE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_GENERAL_SUBTREE_sk_type(sk), ossl_check_GENERAL_SUBTREE_compfunc_type(cmp))) +/* clang-format on */ struct NAME_CONSTRAINTS_st { STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; @@ -587,120 +604,123 @@ /* Values in idp_flags field */ /* IDP present */ -# define IDP_PRESENT 0x1 +#define IDP_PRESENT 0x1 /* IDP values inconsistent */ -# define IDP_INVALID 0x2 +#define IDP_INVALID 0x2 /* onlyuser true */ -# define IDP_ONLYUSER 0x4 +#define IDP_ONLYUSER 0x4 /* onlyCA true */ -# define IDP_ONLYCA 0x8 +#define IDP_ONLYCA 0x8 /* onlyattr true */ -# define IDP_ONLYATTR 0x10 +#define IDP_ONLYATTR 0x10 /* indirectCRL true */ -# define IDP_INDIRECT 0x20 +#define IDP_INDIRECT 0x20 /* onlysomereasons present */ -# define IDP_REASONS 0x40 +#define IDP_REASONS 0x40 -# define X509V3_conf_err(val) ERR_add_error_data(6, \ - "section:", (val)->section, \ - ",name:", (val)->name, ",value:", (val)->value) +#define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) -# define X509V3_set_ctx_test(ctx) \ +#define X509V3_set_ctx_test(ctx) \ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST) -# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; - -# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ - 0,0,0,0, \ - 0,0, \ - (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ - (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ - NULL, NULL, \ - table} - -# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ - 0,0,0,0, \ - (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ - (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ - 0,0,0,0, \ - NULL} +#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0, 0, 0, 0, \ + 0, 0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table } + +#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0, 0, 0, 0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0, 0, 0, 0, \ + NULL } #define EXT_UTF8STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_UTF8STRING), \ - 0,0,0,0, \ - (X509V3_EXT_I2S)i2s_ASN1_UTF8STRING, \ - (X509V3_EXT_S2I)s2i_ASN1_UTF8STRING, \ - 0,0,0,0, \ - NULL} + 0, 0, 0, 0, \ + (X509V3_EXT_I2S)i2s_ASN1_UTF8STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_UTF8STRING, \ + 0, 0, 0, 0, \ + NULL } +/* clang-format off */ # define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} +/* clang-format on */ /* X509_PURPOSE stuff */ -# define EXFLAG_BCONS 0x1 -# define EXFLAG_KUSAGE 0x2 -# define EXFLAG_XKUSAGE 0x4 -# define EXFLAG_NSCERT 0x8 +#define EXFLAG_BCONS 0x1 +#define EXFLAG_KUSAGE 0x2 +#define EXFLAG_XKUSAGE 0x4 +#define EXFLAG_NSCERT 0x8 -# define EXFLAG_CA 0x10 -# define EXFLAG_SI 0x20 /* self-issued, maybe not self-signed */ -# define EXFLAG_V1 0x40 -# define EXFLAG_INVALID 0x80 +#define EXFLAG_CA 0x10 +#define EXFLAG_SI 0x20 /* self-issued, maybe not self-signed */ +#define EXFLAG_V1 0x40 +#define EXFLAG_INVALID 0x80 /* EXFLAG_SET is set to indicate that some values have been precomputed */ -# define EXFLAG_SET 0x100 -# define EXFLAG_CRITICAL 0x200 -# define EXFLAG_PROXY 0x400 - -# define EXFLAG_INVALID_POLICY 0x800 -# define EXFLAG_FRESHEST 0x1000 -# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ - -# define EXFLAG_BCONS_CRITICAL 0x10000 -# define EXFLAG_AKID_CRITICAL 0x20000 -# define EXFLAG_SKID_CRITICAL 0x40000 -# define EXFLAG_SAN_CRITICAL 0x80000 -# define EXFLAG_NO_FINGERPRINT 0x100000 - -# define KU_DIGITAL_SIGNATURE 0x0080 -# define KU_NON_REPUDIATION 0x0040 -# define KU_KEY_ENCIPHERMENT 0x0020 -# define KU_DATA_ENCIPHERMENT 0x0010 -# define KU_KEY_AGREEMENT 0x0008 -# define KU_KEY_CERT_SIGN 0x0004 -# define KU_CRL_SIGN 0x0002 -# define KU_ENCIPHER_ONLY 0x0001 -# define KU_DECIPHER_ONLY 0x8000 - -# define NS_SSL_CLIENT 0x80 -# define NS_SSL_SERVER 0x40 -# define NS_SMIME 0x20 -# define NS_OBJSIGN 0x10 -# define NS_SSL_CA 0x04 -# define NS_SMIME_CA 0x02 -# define NS_OBJSIGN_CA 0x01 -# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) - -# define XKU_SSL_SERVER 0x1 -# define XKU_SSL_CLIENT 0x2 -# define XKU_SMIME 0x4 -# define XKU_CODE_SIGN 0x8 -# define XKU_SGC 0x10 /* Netscape or MS Server-Gated Crypto */ -# define XKU_OCSP_SIGN 0x20 -# define XKU_TIMESTAMP 0x40 -# define XKU_DVCS 0x80 -# define XKU_ANYEKU 0x100 - -# define X509_PURPOSE_DYNAMIC 0x1 -# define X509_PURPOSE_DYNAMIC_NAME 0x2 +#define EXFLAG_SET 0x100 +#define EXFLAG_CRITICAL 0x200 +#define EXFLAG_PROXY 0x400 + +#define EXFLAG_INVALID_POLICY 0x800 +#define EXFLAG_FRESHEST 0x1000 +#define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ + +#define EXFLAG_BCONS_CRITICAL 0x10000 +#define EXFLAG_AKID_CRITICAL 0x20000 +#define EXFLAG_SKID_CRITICAL 0x40000 +#define EXFLAG_SAN_CRITICAL 0x80000 +#define EXFLAG_NO_FINGERPRINT 0x100000 + +#define KU_DIGITAL_SIGNATURE 0x0080 +#define KU_NON_REPUDIATION 0x0040 +#define KU_KEY_ENCIPHERMENT 0x0020 +#define KU_DATA_ENCIPHERMENT 0x0010 +#define KU_KEY_AGREEMENT 0x0008 +#define KU_KEY_CERT_SIGN 0x0004 +#define KU_CRL_SIGN 0x0002 +#define KU_ENCIPHER_ONLY 0x0001 +#define KU_DECIPHER_ONLY 0x8000 + +#define NS_SSL_CLIENT 0x80 +#define NS_SSL_SERVER 0x40 +#define NS_SMIME 0x20 +#define NS_OBJSIGN 0x10 +#define NS_SSL_CA 0x04 +#define NS_SMIME_CA 0x02 +#define NS_OBJSIGN_CA 0x01 +#define NS_ANY_CA (NS_SSL_CA | NS_SMIME_CA | NS_OBJSIGN_CA) + +#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_CLIENT 0x2 +#define XKU_SMIME 0x4 +#define XKU_CODE_SIGN 0x8 +#define XKU_SGC 0x10 /* Netscape or MS Server-Gated Crypto */ +#define XKU_OCSP_SIGN 0x20 +#define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 +#define XKU_ANYEKU 0x100 + +#define X509_PURPOSE_DYNAMIC 0x1 +#define X509_PURPOSE_DYNAMIC_NAME 0x2 typedef struct x509_purpose_st { int purpose; - int trust; /* Default trust ID */ + int trust; /* Default trust ID */ int flags; - int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + int (*check_purpose)(const struct x509_purpose_st *, const X509 *, int); char *name; char *sname; void *usr_data; } X509_PURPOSE; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE) #define sk_X509_PURPOSE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_PURPOSE_sk_type(sk)) #define sk_X509_PURPOSE_value(sk, idx) ((X509_PURPOSE *)OPENSSL_sk_value(ossl_check_const_X509_PURPOSE_sk_type(sk), (idx))) @@ -728,43 +748,43 @@ #define sk_X509_PURPOSE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_PURPOSE) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_copyfunc_type(copyfunc), ossl_check_X509_PURPOSE_freefunc_type(freefunc))) #define sk_X509_PURPOSE_set_cmp_func(sk, cmp) ((sk_X509_PURPOSE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_PURPOSE_sk_type(sk), ossl_check_X509_PURPOSE_compfunc_type(cmp))) +/* clang-format on */ +#define X509_PURPOSE_SSL_CLIENT 1 +#define X509_PURPOSE_SSL_SERVER 2 +#define X509_PURPOSE_NS_SSL_SERVER 3 +#define X509_PURPOSE_SMIME_SIGN 4 +#define X509_PURPOSE_SMIME_ENCRYPT 5 +#define X509_PURPOSE_CRL_SIGN 6 +#define X509_PURPOSE_ANY 7 +#define X509_PURPOSE_OCSP_HELPER 8 +#define X509_PURPOSE_TIMESTAMP_SIGN 9 -# define X509_PURPOSE_SSL_CLIENT 1 -# define X509_PURPOSE_SSL_SERVER 2 -# define X509_PURPOSE_NS_SSL_SERVER 3 -# define X509_PURPOSE_SMIME_SIGN 4 -# define X509_PURPOSE_SMIME_ENCRYPT 5 -# define X509_PURPOSE_CRL_SIGN 6 -# define X509_PURPOSE_ANY 7 -# define X509_PURPOSE_OCSP_HELPER 8 -# define X509_PURPOSE_TIMESTAMP_SIGN 9 - -# define X509_PURPOSE_MIN 1 -# define X509_PURPOSE_MAX 9 +#define X509_PURPOSE_MIN 1 +#define X509_PURPOSE_MAX 9 /* Flags for X509V3_EXT_print() */ -# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) /* Return error for unknown extensions */ -# define X509V3_EXT_DEFAULT 0 +#define X509V3_EXT_DEFAULT 0 /* Print error for unknown extensions */ -# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) /* ASN1 parse unknown extensions */ -# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) /* BIO_dump unknown extensions */ -# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) /* Flags for X509V3_add1_i2d */ -# define X509V3_ADD_OP_MASK 0xfL -# define X509V3_ADD_DEFAULT 0L -# define X509V3_ADD_APPEND 1L -# define X509V3_ADD_REPLACE 2L -# define X509V3_ADD_REPLACE_EXISTING 3L -# define X509V3_ADD_KEEP_EXISTING 4L -# define X509V3_ADD_DELETE 5L -# define X509V3_ADD_SILENT 0x10 +#define X509V3_ADD_OP_MASK 0xfL +#define X509V3_ADD_DEFAULT 0L +#define X509V3_ADD_APPEND 1L +#define X509V3_ADD_REPLACE 2L +#define X509V3_ADD_REPLACE_EXISTING 3L +#define X509V3_ADD_KEEP_EXISTING 4L +#define X509V3_ADD_DELETE 5L +#define X509V3_ADD_SILENT 0x10 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) @@ -775,9 +795,9 @@ int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, - int userlen); + int userlen); int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, - int userlen); + int userlen); ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); @@ -792,30 +812,30 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *extlist); + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); + X509V3_CTX *ctx, const char *str); char *i2s_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, ASN1_UTF8STRING *utf8); ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); + X509V3_CTX *ctx, const char *str); STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, - GENERAL_NAME *gen, - STACK_OF(CONF_VALUE) *ret); + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - GENERAL_NAMES *gen, - STACK_OF(CONF_VALUE) *extlist); + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) @@ -823,14 +843,14 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, - ASN1_OBJECT *oid, ASN1_TYPE *value); + ASN1_OBJECT *oid, ASN1_TYPE *value); int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, - ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - const ASN1_OCTET_STRING *ia5); + const ASN1_OCTET_STRING *ia5); ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); + X509V3_CTX *ctx, const char *str); DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); @@ -870,75 +890,75 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, - const char *value, int is_nc); + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); -# ifdef OPENSSL_CONF_H +#ifdef OPENSSL_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf); + X509V3_CTX *ctx, CONF_VALUE *cnf); GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf, - int is_nc); + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - const char *value); + const char *value); X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, - const char *value); + const char *value); int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, - STACK_OF(X509_EXTENSION) **sk); + STACK_OF(X509_EXTENSION) **sk); int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509 *cert); + X509 *cert); int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509_REQ *req); + X509_REQ *req); int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509_CRL *crl); + X509_CRL *crl); X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, - const char *value); + X509V3_CTX *ctx, int ext_nid, + const char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *name, const char *value); + const char *name, const char *value); int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert); + const char *section, X509 *cert); int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req); + const char *section, X509_REQ *req); int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl); + const char *section, X509_CRL *crl); int X509V3_add_value_bool_nf(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); -# endif +#endif char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); void X509V3_string_free(X509V3_CTX *ctx, char *str); void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, - X509_REQ *req, X509_CRL *crl, int flags); + X509_REQ *req, X509_CRL *crl, int flags); /* For API backward compatibility, this is separate from X509V3_set_ctx(): */ int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, - const ASN1_ENUMERATED *aint); + const ASN1_ENUMERATED *aint); int X509V3_EXT_add(X509V3_EXT_METHOD *ext); int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); int X509V3_EXT_add_alias(int nid_to, int nid_from); @@ -950,28 +970,28 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, - int *idx); + int *idx); X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - int crit, unsigned long flags); + int crit, unsigned long flags); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* The new declarations are in crypto.h, but the old ones were here. */ -# define hex_to_string OPENSSL_buf2hexstr -# define string_to_hex OPENSSL_hexstr2buf +#define hex_to_string OPENSSL_buf2hexstr +#define string_to_hex OPENSSL_hexstr2buf #endif void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, - int ml); + int ml); int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - int indent); + int indent); #ifndef OPENSSL_NO_STDIO int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #endif int X509V3_extensions_print(BIO *out, const char *title, - const STACK_OF(X509_EXTENSION) *exts, - unsigned long flag, int indent); + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); int X509_check_ca(X509 *x); int X509_check_purpose(X509 *x, int id, int ca); @@ -996,8 +1016,8 @@ int X509_PURPOSE_get_by_sname(const char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck) (const X509_PURPOSE *, const X509 *, int), - const char *name, const char *sname, void *arg); + int (*ck)(const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); @@ -1013,38 +1033,39 @@ /* * Always check subject name for host match even if subject alt names present */ -# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 /* Disable wildcard matching for dnsName fields and common name. */ -# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +#define X509_CHECK_FLAG_NO_WILDCARDS 0x2 /* Wildcards must not match a partial label. */ -# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 /* Allow (non-partial) wildcards to match multiple labels. */ -# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 /* Constraint verifier subdomain patterns to match a single labels. */ -# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 /* Never check the subject CN */ -# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +#define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 /* * Match reference identifiers starting with "." to any sub-domain. * This is a non-public flag, turned on implicitly when the subject * reference identity is a DNS name. */ -# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 +#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 int X509_check_host(X509 *x, const char *chk, size_t chklen, - unsigned int flags, char **peername); + unsigned int flags, char **peername); int X509_check_email(X509 *x, const char *chk, size_t chklen, - unsigned int flags); + unsigned int flags); int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags); + unsigned int flags); int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, - unsigned long chtype); + unsigned long chtype); void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(X509_POLICY_NODE, X509_POLICY_NODE, X509_POLICY_NODE) #define sk_X509_POLICY_NODE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_POLICY_NODE_sk_type(sk)) #define sk_X509_POLICY_NODE_value(sk, idx) ((X509_POLICY_NODE *)OPENSSL_sk_value(ossl_check_const_X509_POLICY_NODE_sk_type(sk), (idx))) @@ -1072,15 +1093,15 @@ #define sk_X509_POLICY_NODE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_POLICY_NODE) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_copyfunc_type(copyfunc), ossl_check_X509_POLICY_NODE_freefunc_type(freefunc))) #define sk_X509_POLICY_NODE_set_cmp_func(sk, cmp) ((sk_X509_POLICY_NODE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_POLICY_NODE_sk_type(sk), ossl_check_X509_POLICY_NODE_compfunc_type(cmp))) - +/* clang-format on */ #ifndef OPENSSL_NO_RFC3779 typedef struct ASRange_st { ASN1_INTEGER *min, *max; } ASRange; -# define ASIdOrRange_id 0 -# define ASIdOrRange_range 1 +#define ASIdOrRange_id 0 +#define ASIdOrRange_range 1 typedef struct ASIdOrRange_st { int type; @@ -1090,6 +1111,7 @@ } u; } ASIdOrRange; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASIdOrRange, ASIdOrRange, ASIdOrRange) #define sk_ASIdOrRange_num(sk) OPENSSL_sk_num(ossl_check_const_ASIdOrRange_sk_type(sk)) #define sk_ASIdOrRange_value(sk, idx) ((ASIdOrRange *)OPENSSL_sk_value(ossl_check_const_ASIdOrRange_sk_type(sk), (idx))) @@ -1117,11 +1139,12 @@ #define sk_ASIdOrRange_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASIdOrRange) *)OPENSSL_sk_deep_copy(ossl_check_const_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_copyfunc_type(copyfunc), ossl_check_ASIdOrRange_freefunc_type(freefunc))) #define sk_ASIdOrRange_set_cmp_func(sk, cmp) ((sk_ASIdOrRange_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASIdOrRange_sk_type(sk), ossl_check_ASIdOrRange_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(ASIdOrRange) ASIdOrRanges; -# define ASIdentifierChoice_inherit 0 -# define ASIdentifierChoice_asIdsOrRanges 1 +#define ASIdentifierChoice_inherit 0 +#define ASIdentifierChoice_asIdsOrRanges 1 typedef struct ASIdentifierChoice_st { int type; @@ -1144,8 +1167,8 @@ ASN1_BIT_STRING *min, *max; } IPAddressRange; -# define IPAddressOrRange_addressPrefix 0 -# define IPAddressOrRange_addressRange 1 +#define IPAddressOrRange_addressPrefix 0 +#define IPAddressOrRange_addressRange 1 typedef struct IPAddressOrRange_st { int type; @@ -1155,6 +1178,7 @@ } u; } IPAddressOrRange; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(IPAddressOrRange, IPAddressOrRange, IPAddressOrRange) #define sk_IPAddressOrRange_num(sk) OPENSSL_sk_num(ossl_check_const_IPAddressOrRange_sk_type(sk)) #define sk_IPAddressOrRange_value(sk, idx) ((IPAddressOrRange *)OPENSSL_sk_value(ossl_check_const_IPAddressOrRange_sk_type(sk), (idx))) @@ -1182,11 +1206,12 @@ #define sk_IPAddressOrRange_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(IPAddressOrRange) *)OPENSSL_sk_deep_copy(ossl_check_const_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_copyfunc_type(copyfunc), ossl_check_IPAddressOrRange_freefunc_type(freefunc))) #define sk_IPAddressOrRange_set_cmp_func(sk, cmp) ((sk_IPAddressOrRange_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_IPAddressOrRange_sk_type(sk), ossl_check_IPAddressOrRange_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; -# define IPAddressChoice_inherit 0 -# define IPAddressChoice_addressesOrRanges 1 +#define IPAddressChoice_inherit 0 +#define IPAddressChoice_addressesOrRanges 1 typedef struct IPAddressChoice_st { int type; @@ -1201,6 +1226,7 @@ IPAddressChoice *ipAddressChoice; } IPAddressFamily; +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(IPAddressFamily, IPAddressFamily, IPAddressFamily) #define sk_IPAddressFamily_num(sk) OPENSSL_sk_num(ossl_check_const_IPAddressFamily_sk_type(sk)) #define sk_IPAddressFamily_value(sk, idx) ((IPAddressFamily *)OPENSSL_sk_value(ossl_check_const_IPAddressFamily_sk_type(sk), (idx))) @@ -1228,7 +1254,7 @@ #define sk_IPAddressFamily_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(IPAddressFamily) *)OPENSSL_sk_deep_copy(ossl_check_const_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_copyfunc_type(copyfunc), ossl_check_IPAddressFamily_freefunc_type(freefunc))) #define sk_IPAddressFamily_set_cmp_func(sk, cmp) ((sk_IPAddressFamily_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_IPAddressFamily_sk_type(sk), ossl_check_IPAddressFamily_compfunc_type(cmp))) - +/* clang-format on */ typedef STACK_OF(IPAddressFamily) IPAddrBlocks; @@ -1240,8 +1266,8 @@ /* * API tag for elements of the ASIdentifer SEQUENCE. */ -# define V3_ASID_ASNUM 0 -# define V3_ASID_RDI 1 +#define V3_ASID_ASNUM 0 +#define V3_ASID_RDI 1 /* * AFI values, assigned by IANA. It'd be nice to make the AFI @@ -1249,8 +1275,8 @@ * that would need to be defined for other address families for it to * be worth the trouble. */ -# define IANA_AFI_IPV4 1 -# define IANA_AFI_IPV6 2 +#define IANA_AFI_IPV4 1 +#define IANA_AFI_IPV6 2 /* * Utilities to construct and extract values from RFC3779 extensions, @@ -1259,19 +1285,19 @@ */ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, - ASN1_INTEGER *min, ASN1_INTEGER *max); + ASN1_INTEGER *min, ASN1_INTEGER *max); int X509v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi); + const unsigned afi, const unsigned *safi); int X509v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi, - unsigned char *a, const int prefixlen); + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); int X509v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi, - unsigned char *min, unsigned char *max); + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); unsigned X509v3_addr_get_afi(const IPAddressFamily *f); int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, - unsigned char *min, unsigned char *max, - const int length); + unsigned char *min, unsigned char *max, + const int length); /* * Canonical forms. @@ -1295,13 +1321,14 @@ int X509v3_asid_validate_path(X509_STORE_CTX *); int X509v3_addr_validate_path(X509_STORE_CTX *); int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, - int allow_inheritance); + ASIdentifiers *ext, + int allow_inheritance); int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, - IPAddrBlocks *ext, int allow_inheritance); + IPAddrBlocks *ext, int allow_inheritance); -#endif /* OPENSSL_NO_RFC3779 */ +#endif /* OPENSSL_NO_RFC3779 */ +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(ASN1_STRING, ASN1_STRING, ASN1_STRING) #define sk_ASN1_STRING_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_STRING_sk_type(sk)) #define sk_ASN1_STRING_value(sk, idx) ((ASN1_STRING *)OPENSSL_sk_value(ossl_check_const_ASN1_STRING_sk_type(sk), (idx))) @@ -1329,6 +1356,7 @@ #define sk_ASN1_STRING_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ASN1_STRING) *)OPENSSL_sk_deep_copy(ossl_check_const_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_copyfunc_type(copyfunc), ossl_check_ASN1_STRING_freefunc_type(freefunc))) #define sk_ASN1_STRING_set_cmp_func(sk, cmp) ((sk_ASN1_STRING_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ASN1_STRING_sk_type(sk), ossl_check_ASN1_STRING_compfunc_type(cmp))) +/* clang-format on */ /* * Admission Syntax @@ -1341,6 +1369,7 @@ DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) DECLARE_ASN1_FUNCTIONS(ADMISSIONS) DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +/* clang-format off */ SKM_DEFINE_STACK_OF_INTERNAL(PROFESSION_INFO, PROFESSION_INFO, PROFESSION_INFO) #define sk_PROFESSION_INFO_num(sk) OPENSSL_sk_num(ossl_check_const_PROFESSION_INFO_sk_type(sk)) #define sk_PROFESSION_INFO_value(sk, idx) ((PROFESSION_INFO *)OPENSSL_sk_value(ossl_check_const_PROFESSION_INFO_sk_type(sk), (idx))) @@ -1394,6 +1423,7 @@ #define sk_ADMISSIONS_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(ADMISSIONS) *)OPENSSL_sk_deep_copy(ossl_check_const_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_copyfunc_type(copyfunc), ossl_check_ADMISSIONS_freefunc_type(freefunc))) #define sk_ADMISSIONS_set_cmp_func(sk, cmp) ((sk_ADMISSIONS_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_ADMISSIONS_sk_type(sk), ossl_check_ADMISSIONS_compfunc_type(cmp))) +/* clang-format on */ typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( @@ -1403,11 +1433,11 @@ const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( const NAMING_AUTHORITY *n); void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, - ASN1_OBJECT* namingAuthorityId); + ASN1_OBJECT *namingAuthorityId); void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, - ASN1_IA5STRING* namingAuthorityUrl); + ASN1_IA5STRING *namingAuthorityUrl); void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, - ASN1_STRING* namingAuthorityText); + ASN1_STRING *namingAuthorityText); const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( const ADMISSION_SYNTAX *as); @@ -1444,7 +1474,7 @@ void PROFESSION_INFO_set0_registrationNumber( PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/x509v3.h.in.orig +++ crypto/openssl/include/openssl/x509v3.h.in @@ -9,23 +9,25 @@ * https://www.openssl.org/source/license.html */ +/* clang-format off */ {- use OpenSSL::stackhash qw(generate_stack_macros); -} +/* clang-format on */ #ifndef OPENSSL_X509V3_H -# define OPENSSL_X509V3_H -# pragma once +#define OPENSSL_X509V3_H +#pragma once -# include -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HEADER_X509V3_H -# endif +#include +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define HEADER_X509V3_H +#endif -# include -# include -# include -# include +#include +#include +#include +#include #ifdef __cplusplus extern "C" { @@ -38,62 +40,61 @@ /* Useful typedefs */ typedef void *(*X509V3_EXT_NEW)(void); -typedef void (*X509V3_EXT_FREE) (void *); +typedef void (*X509V3_EXT_FREE)(void *); typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); -typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) * - (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, - STACK_OF(CONF_VALUE) *extlist); +typedef int (*X509V3_EXT_I2D)(const void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values); + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, - void *ext); + void *ext); typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, const char *str); -typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, - BIO *out, int indent); + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext, + BIO *out, int indent); typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, const char *str); + struct v3_ext_ctx *ctx, const char *str); /* V3 extension structure */ struct v3_ext_method { int ext_nid; int ext_flags; -/* If this is set the following four fields are ignored */ + /* If this is set the following four fields are ignored */ ASN1_ITEM_EXP *it; -/* Old style ASN1 calls */ + /* Old style ASN1 calls */ X509V3_EXT_NEW ext_new; X509V3_EXT_FREE ext_free; X509V3_EXT_D2I d2i; X509V3_EXT_I2D i2d; -/* The following pair is used for string extensions */ + /* The following pair is used for string extensions */ X509V3_EXT_I2S i2s; X509V3_EXT_S2I s2i; -/* The following pair is used for multi-valued extensions */ + /* The following pair is used for multi-valued extensions */ X509V3_EXT_I2V i2v; X509V3_EXT_V2I v2i; -/* The following are used for raw extensions */ + /* The following are used for raw extensions */ X509V3_EXT_I2R i2r; X509V3_EXT_R2I r2i; - void *usr_data; /* Any extension specific data */ + void *usr_data; /* Any extension specific data */ }; typedef struct X509V3_CONF_METHOD_st { - char *(*get_string) (void *db, const char *section, const char *value); - STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); - void (*free_string) (void *db, char *string); - void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); + char *(*get_string)(void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section); + void (*free_string)(void *db, char *string); + void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); } X509V3_CONF_METHOD; /* Context specific info for producing X509 v3 extensions*/ struct v3_ext_ctx { -# define X509V3_CTX_TEST 0x1 -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define CTX_TEST X509V3_CTX_TEST -# endif -# define X509V3_CTX_REPLACE 0x2 +#define X509V3_CTX_TEST 0x1 +#ifndef OPENSSL_NO_DEPRECATED_3_0 +#define CTX_TEST X509V3_CTX_TEST +#endif +#define X509V3_CTX_REPLACE 0x2 int flags; X509 *issuer_cert; X509 *subject_cert; @@ -102,19 +103,21 @@ X509V3_CONF_METHOD *db_meth; void *db; EVP_PKEY *issuer_pkey; -/* Maybe more here */ + /* Maybe more here */ }; typedef struct v3_ext_method X509V3_EXT_METHOD; +/* clang-format off */ {- generate_stack_macros("X509V3_EXT_METHOD"); -} +/* clang-format on */ /* ext_flags values */ -# define X509V3_EXT_DYNAMIC 0x1 -# define X509V3_EXT_CTX_DEP 0x2 -# define X509V3_EXT_MULTILINE 0x4 +#define X509V3_EXT_DYNAMIC 0x1 +#define X509V3_EXT_CTX_DEP 0x2 +#define X509V3_EXT_MULTILINE 0x4 typedef BIT_STRING_BITNAME ENUMERATED_NAMES; @@ -139,19 +142,19 @@ } EDIPARTYNAME; typedef struct GENERAL_NAME_st { -# define GEN_OTHERNAME 0 -# define GEN_EMAIL 1 -# define GEN_DNS 2 -# define GEN_X400 3 -# define GEN_DIRNAME 4 -# define GEN_EDIPARTY 5 -# define GEN_URI 6 -# define GEN_IPADD 7 -# define GEN_RID 8 +#define GEN_OTHERNAME 0 +#define GEN_EMAIL 1 +#define GEN_DNS 2 +#define GEN_X400 3 +#define GEN_DIRNAME 4 +#define GEN_EDIPARTY 5 +#define GEN_URI 6 +#define GEN_IPADD 7 +#define GEN_RID 8 int type; union { char *ptr; - OTHERNAME *otherName; /* otherName */ + OTHERNAME *otherName; /* otherName */ ASN1_IA5STRING *rfc822Name; ASN1_IA5STRING *dNSName; ASN1_STRING *x400Address; @@ -161,12 +164,12 @@ ASN1_OCTET_STRING *iPAddress; ASN1_OBJECT *registeredID; /* Old names */ - ASN1_OCTET_STRING *ip; /* iPAddress */ - X509_NAME *dirn; /* dirn */ - ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, - * uniformResourceIdentifier */ - ASN1_OBJECT *rid; /* registeredID */ - ASN1_TYPE *other; /* x400Address */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ } d; } GENERAL_NAME; @@ -175,19 +178,23 @@ GENERAL_NAME *location; } ACCESS_DESCRIPTION; +/* clang-format off */ {- generate_stack_macros("ACCESS_DESCRIPTION") .generate_stack_macros("GENERAL_NAME"); -} +/* clang-format on */ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +/* clang-format off */ {- generate_stack_macros("GENERAL_NAMES"); -} +/* clang-format on */ typedef struct DIST_POINT_NAME_st { int type; @@ -195,23 +202,23 @@ GENERAL_NAMES *fullname; STACK_OF(X509_NAME_ENTRY) *relativename; } name; -/* If relativename then this contains the full distribution point name */ + /* If relativename then this contains the full distribution point name */ X509_NAME *dpname; } DIST_POINT_NAME; /* All existing reasons */ -# define CRLDP_ALL_REASONS 0x807f - -# define CRL_REASON_NONE -1 -# define CRL_REASON_UNSPECIFIED 0 -# define CRL_REASON_KEY_COMPROMISE 1 -# define CRL_REASON_CA_COMPROMISE 2 -# define CRL_REASON_AFFILIATION_CHANGED 3 -# define CRL_REASON_SUPERSEDED 4 -# define CRL_REASON_CESSATION_OF_OPERATION 5 -# define CRL_REASON_CERTIFICATE_HOLD 6 -# define CRL_REASON_REMOVE_FROM_CRL 8 -# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 -# define CRL_REASON_AA_COMPROMISE 10 +#define CRLDP_ALL_REASONS 0x807f + +#define CRL_REASON_NONE -1 +#define CRL_REASON_UNSPECIFIED 0 +#define CRL_REASON_KEY_COMPROMISE 1 +#define CRL_REASON_CA_COMPROMISE 2 +#define CRL_REASON_AFFILIATION_CHANGED 3 +#define CRL_REASON_SUPERSEDED 4 +#define CRL_REASON_CESSATION_OF_OPERATION 5 +#define CRL_REASON_CERTIFICATE_HOLD 6 +#define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 struct DIST_POINT_st { DIST_POINT_NAME *distpoint; @@ -220,9 +227,11 @@ int dp_reasons; }; +/* clang-format off */ {- generate_stack_macros("DIST_POINT"); -} +/* clang-format on */ typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; @@ -239,10 +248,11 @@ ASN1_OCTET_STRING *user; } SXNETID; +/* clang-format off */ {- generate_stack_macros("SXNETID"); -} - +/* clang-format on */ typedef struct SXNET_st { ASN1_INTEGER *version; @@ -275,19 +285,22 @@ } d; } POLICYQUALINFO; +/* clang-format off */ {- generate_stack_macros("POLICYQUALINFO"); -} - +/* clang-format on */ typedef struct POLICYINFO_st { ASN1_OBJECT *policyid; STACK_OF(POLICYQUALINFO) *qualifiers; } POLICYINFO; +/* clang-format off */ {- generate_stack_macros("POLICYINFO"); -} +/* clang-format on */ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; @@ -296,9 +309,11 @@ ASN1_OBJECT *subjectDomainPolicy; } POLICY_MAPPING; +/* clang-format off */ {- generate_stack_macros("POLICY_MAPPING"); -} +/* clang-format on */ typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; @@ -308,9 +323,11 @@ ASN1_INTEGER *maximum; } GENERAL_SUBTREE; +/* clang-format off */ {- generate_stack_macros("GENERAL_SUBTREE"); -} +/* clang-format on */ struct NAME_CONSTRAINTS_st { STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; @@ -347,160 +364,163 @@ /* Values in idp_flags field */ /* IDP present */ -# define IDP_PRESENT 0x1 +#define IDP_PRESENT 0x1 /* IDP values inconsistent */ -# define IDP_INVALID 0x2 +#define IDP_INVALID 0x2 /* onlyuser true */ -# define IDP_ONLYUSER 0x4 +#define IDP_ONLYUSER 0x4 /* onlyCA true */ -# define IDP_ONLYCA 0x8 +#define IDP_ONLYCA 0x8 /* onlyattr true */ -# define IDP_ONLYATTR 0x10 +#define IDP_ONLYATTR 0x10 /* indirectCRL true */ -# define IDP_INDIRECT 0x20 +#define IDP_INDIRECT 0x20 /* onlysomereasons present */ -# define IDP_REASONS 0x40 +#define IDP_REASONS 0x40 -# define X509V3_conf_err(val) ERR_add_error_data(6, \ - "section:", (val)->section, \ - ",name:", (val)->name, ",value:", (val)->value) +#define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) -# define X509V3_set_ctx_test(ctx) \ +#define X509V3_set_ctx_test(ctx) \ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST) -# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; - -# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ - 0,0,0,0, \ - 0,0, \ - (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ - (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ - NULL, NULL, \ - table} - -# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ - 0,0,0,0, \ - (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ - (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ - 0,0,0,0, \ - NULL} +#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0, 0, 0, 0, \ + 0, 0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table } + +#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0, 0, 0, 0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0, 0, 0, 0, \ + NULL } #define EXT_UTF8STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_UTF8STRING), \ - 0,0,0,0, \ - (X509V3_EXT_I2S)i2s_ASN1_UTF8STRING, \ - (X509V3_EXT_S2I)s2i_ASN1_UTF8STRING, \ - 0,0,0,0, \ - NULL} + 0, 0, 0, 0, \ + (X509V3_EXT_I2S)i2s_ASN1_UTF8STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_UTF8STRING, \ + 0, 0, 0, 0, \ + NULL } +/* clang-format off */ # define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} +/* clang-format on */ /* X509_PURPOSE stuff */ -# define EXFLAG_BCONS 0x1 -# define EXFLAG_KUSAGE 0x2 -# define EXFLAG_XKUSAGE 0x4 -# define EXFLAG_NSCERT 0x8 +#define EXFLAG_BCONS 0x1 +#define EXFLAG_KUSAGE 0x2 +#define EXFLAG_XKUSAGE 0x4 +#define EXFLAG_NSCERT 0x8 -# define EXFLAG_CA 0x10 -# define EXFLAG_SI 0x20 /* self-issued, maybe not self-signed */ -# define EXFLAG_V1 0x40 -# define EXFLAG_INVALID 0x80 +#define EXFLAG_CA 0x10 +#define EXFLAG_SI 0x20 /* self-issued, maybe not self-signed */ +#define EXFLAG_V1 0x40 +#define EXFLAG_INVALID 0x80 /* EXFLAG_SET is set to indicate that some values have been precomputed */ -# define EXFLAG_SET 0x100 -# define EXFLAG_CRITICAL 0x200 -# define EXFLAG_PROXY 0x400 - -# define EXFLAG_INVALID_POLICY 0x800 -# define EXFLAG_FRESHEST 0x1000 -# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ - -# define EXFLAG_BCONS_CRITICAL 0x10000 -# define EXFLAG_AKID_CRITICAL 0x20000 -# define EXFLAG_SKID_CRITICAL 0x40000 -# define EXFLAG_SAN_CRITICAL 0x80000 -# define EXFLAG_NO_FINGERPRINT 0x100000 - -# define KU_DIGITAL_SIGNATURE 0x0080 -# define KU_NON_REPUDIATION 0x0040 -# define KU_KEY_ENCIPHERMENT 0x0020 -# define KU_DATA_ENCIPHERMENT 0x0010 -# define KU_KEY_AGREEMENT 0x0008 -# define KU_KEY_CERT_SIGN 0x0004 -# define KU_CRL_SIGN 0x0002 -# define KU_ENCIPHER_ONLY 0x0001 -# define KU_DECIPHER_ONLY 0x8000 - -# define NS_SSL_CLIENT 0x80 -# define NS_SSL_SERVER 0x40 -# define NS_SMIME 0x20 -# define NS_OBJSIGN 0x10 -# define NS_SSL_CA 0x04 -# define NS_SMIME_CA 0x02 -# define NS_OBJSIGN_CA 0x01 -# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) - -# define XKU_SSL_SERVER 0x1 -# define XKU_SSL_CLIENT 0x2 -# define XKU_SMIME 0x4 -# define XKU_CODE_SIGN 0x8 -# define XKU_SGC 0x10 /* Netscape or MS Server-Gated Crypto */ -# define XKU_OCSP_SIGN 0x20 -# define XKU_TIMESTAMP 0x40 -# define XKU_DVCS 0x80 -# define XKU_ANYEKU 0x100 - -# define X509_PURPOSE_DYNAMIC 0x1 -# define X509_PURPOSE_DYNAMIC_NAME 0x2 +#define EXFLAG_SET 0x100 +#define EXFLAG_CRITICAL 0x200 +#define EXFLAG_PROXY 0x400 + +#define EXFLAG_INVALID_POLICY 0x800 +#define EXFLAG_FRESHEST 0x1000 +#define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ + +#define EXFLAG_BCONS_CRITICAL 0x10000 +#define EXFLAG_AKID_CRITICAL 0x20000 +#define EXFLAG_SKID_CRITICAL 0x40000 +#define EXFLAG_SAN_CRITICAL 0x80000 +#define EXFLAG_NO_FINGERPRINT 0x100000 + +#define KU_DIGITAL_SIGNATURE 0x0080 +#define KU_NON_REPUDIATION 0x0040 +#define KU_KEY_ENCIPHERMENT 0x0020 +#define KU_DATA_ENCIPHERMENT 0x0010 +#define KU_KEY_AGREEMENT 0x0008 +#define KU_KEY_CERT_SIGN 0x0004 +#define KU_CRL_SIGN 0x0002 +#define KU_ENCIPHER_ONLY 0x0001 +#define KU_DECIPHER_ONLY 0x8000 + +#define NS_SSL_CLIENT 0x80 +#define NS_SSL_SERVER 0x40 +#define NS_SMIME 0x20 +#define NS_OBJSIGN 0x10 +#define NS_SSL_CA 0x04 +#define NS_SMIME_CA 0x02 +#define NS_OBJSIGN_CA 0x01 +#define NS_ANY_CA (NS_SSL_CA | NS_SMIME_CA | NS_OBJSIGN_CA) + +#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_CLIENT 0x2 +#define XKU_SMIME 0x4 +#define XKU_CODE_SIGN 0x8 +#define XKU_SGC 0x10 /* Netscape or MS Server-Gated Crypto */ +#define XKU_OCSP_SIGN 0x20 +#define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 +#define XKU_ANYEKU 0x100 + +#define X509_PURPOSE_DYNAMIC 0x1 +#define X509_PURPOSE_DYNAMIC_NAME 0x2 typedef struct x509_purpose_st { int purpose; - int trust; /* Default trust ID */ + int trust; /* Default trust ID */ int flags; - int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + int (*check_purpose)(const struct x509_purpose_st *, const X509 *, int); char *name; char *sname; void *usr_data; } X509_PURPOSE; +/* clang-format off */ {- generate_stack_macros("X509_PURPOSE"); -} +/* clang-format on */ +#define X509_PURPOSE_SSL_CLIENT 1 +#define X509_PURPOSE_SSL_SERVER 2 +#define X509_PURPOSE_NS_SSL_SERVER 3 +#define X509_PURPOSE_SMIME_SIGN 4 +#define X509_PURPOSE_SMIME_ENCRYPT 5 +#define X509_PURPOSE_CRL_SIGN 6 +#define X509_PURPOSE_ANY 7 +#define X509_PURPOSE_OCSP_HELPER 8 +#define X509_PURPOSE_TIMESTAMP_SIGN 9 -# define X509_PURPOSE_SSL_CLIENT 1 -# define X509_PURPOSE_SSL_SERVER 2 -# define X509_PURPOSE_NS_SSL_SERVER 3 -# define X509_PURPOSE_SMIME_SIGN 4 -# define X509_PURPOSE_SMIME_ENCRYPT 5 -# define X509_PURPOSE_CRL_SIGN 6 -# define X509_PURPOSE_ANY 7 -# define X509_PURPOSE_OCSP_HELPER 8 -# define X509_PURPOSE_TIMESTAMP_SIGN 9 - -# define X509_PURPOSE_MIN 1 -# define X509_PURPOSE_MAX 9 +#define X509_PURPOSE_MIN 1 +#define X509_PURPOSE_MAX 9 /* Flags for X509V3_EXT_print() */ -# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) /* Return error for unknown extensions */ -# define X509V3_EXT_DEFAULT 0 +#define X509V3_EXT_DEFAULT 0 /* Print error for unknown extensions */ -# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) /* ASN1 parse unknown extensions */ -# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) /* BIO_dump unknown extensions */ -# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) /* Flags for X509V3_add1_i2d */ -# define X509V3_ADD_OP_MASK 0xfL -# define X509V3_ADD_DEFAULT 0L -# define X509V3_ADD_APPEND 1L -# define X509V3_ADD_REPLACE 2L -# define X509V3_ADD_REPLACE_EXISTING 3L -# define X509V3_ADD_KEEP_EXISTING 4L -# define X509V3_ADD_DELETE 5L -# define X509V3_ADD_SILENT 0x10 +#define X509V3_ADD_OP_MASK 0xfL +#define X509V3_ADD_DEFAULT 0L +#define X509V3_ADD_APPEND 1L +#define X509V3_ADD_REPLACE 2L +#define X509V3_ADD_REPLACE_EXISTING 3L +#define X509V3_ADD_KEEP_EXISTING 4L +#define X509V3_ADD_DELETE 5L +#define X509V3_ADD_SILENT 0x10 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) @@ -511,9 +531,9 @@ int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, - int userlen); + int userlen); int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, - int userlen); + int userlen); ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); @@ -528,30 +548,30 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *extlist); + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); + X509V3_CTX *ctx, const char *str); char *i2s_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, ASN1_UTF8STRING *utf8); ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); + X509V3_CTX *ctx, const char *str); STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, - GENERAL_NAME *gen, - STACK_OF(CONF_VALUE) *ret); + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - GENERAL_NAMES *gen, - STACK_OF(CONF_VALUE) *extlist); + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) @@ -559,14 +579,14 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, - ASN1_OBJECT *oid, ASN1_TYPE *value); + ASN1_OBJECT *oid, ASN1_TYPE *value); int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, - ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - const ASN1_OCTET_STRING *ia5); + const ASN1_OCTET_STRING *ia5); ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); + X509V3_CTX *ctx, const char *str); DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); @@ -606,75 +626,75 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, - const char *value, int is_nc); + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); -# ifdef OPENSSL_CONF_H +#ifdef OPENSSL_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf); + X509V3_CTX *ctx, CONF_VALUE *cnf); GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf, - int is_nc); + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - const char *value); + const char *value); X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, - const char *value); + const char *value); int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, - STACK_OF(X509_EXTENSION) **sk); + STACK_OF(X509_EXTENSION) **sk); int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509 *cert); + X509 *cert); int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509_REQ *req); + X509_REQ *req); int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509_CRL *crl); + X509_CRL *crl); X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, - const char *value); + X509V3_CTX *ctx, int ext_nid, + const char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *name, const char *value); + const char *name, const char *value); int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert); + const char *section, X509 *cert); int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req); + const char *section, X509_REQ *req); int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl); + const char *section, X509_CRL *crl); int X509V3_add_value_bool_nf(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); -# endif +#endif char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); void X509V3_string_free(X509V3_CTX *ctx, char *str); void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, - X509_REQ *req, X509_CRL *crl, int flags); + X509_REQ *req, X509_CRL *crl, int flags); /* For API backward compatibility, this is separate from X509V3_set_ctx(): */ int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, - const ASN1_ENUMERATED *aint); + const ASN1_ENUMERATED *aint); int X509V3_EXT_add(X509V3_EXT_METHOD *ext); int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); int X509V3_EXT_add_alias(int nid_to, int nid_from); @@ -686,28 +706,28 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, - int *idx); + int *idx); X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - int crit, unsigned long flags); + int crit, unsigned long flags); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 /* The new declarations are in crypto.h, but the old ones were here. */ -# define hex_to_string OPENSSL_buf2hexstr -# define string_to_hex OPENSSL_hexstr2buf +#define hex_to_string OPENSSL_buf2hexstr +#define string_to_hex OPENSSL_hexstr2buf #endif void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, - int ml); + int ml); int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - int indent); + int indent); #ifndef OPENSSL_NO_STDIO int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #endif int X509V3_extensions_print(BIO *out, const char *title, - const STACK_OF(X509_EXTENSION) *exts, - unsigned long flag, int indent); + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); int X509_check_ca(X509 *x); int X509_check_purpose(X509 *x, int id, int ca); @@ -732,8 +752,8 @@ int X509_PURPOSE_get_by_sname(const char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck) (const X509_PURPOSE *, const X509 *, int), - const char *name, const char *sname, void *arg); + int (*ck)(const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); @@ -749,50 +769,51 @@ /* * Always check subject name for host match even if subject alt names present */ -# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 /* Disable wildcard matching for dnsName fields and common name. */ -# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +#define X509_CHECK_FLAG_NO_WILDCARDS 0x2 /* Wildcards must not match a partial label. */ -# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 /* Allow (non-partial) wildcards to match multiple labels. */ -# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 /* Constraint verifier subdomain patterns to match a single labels. */ -# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 /* Never check the subject CN */ -# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +#define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 /* * Match reference identifiers starting with "." to any sub-domain. * This is a non-public flag, turned on implicitly when the subject * reference identity is a DNS name. */ -# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 +#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 int X509_check_host(X509 *x, const char *chk, size_t chklen, - unsigned int flags, char **peername); + unsigned int flags, char **peername); int X509_check_email(X509 *x, const char *chk, size_t chklen, - unsigned int flags); + unsigned int flags); int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags); + unsigned int flags); int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, - unsigned long chtype); + unsigned long chtype); void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +/* clang-format off */ {- generate_stack_macros("X509_POLICY_NODE"); -} - +/* clang-format on */ #ifndef OPENSSL_NO_RFC3779 typedef struct ASRange_st { ASN1_INTEGER *min, *max; } ASRange; -# define ASIdOrRange_id 0 -# define ASIdOrRange_range 1 +#define ASIdOrRange_id 0 +#define ASIdOrRange_range 1 typedef struct ASIdOrRange_st { int type; @@ -802,14 +823,16 @@ } u; } ASIdOrRange; +/* clang-format off */ {- generate_stack_macros("ASIdOrRange"); -} +/* clang-format on */ typedef STACK_OF(ASIdOrRange) ASIdOrRanges; -# define ASIdentifierChoice_inherit 0 -# define ASIdentifierChoice_asIdsOrRanges 1 +#define ASIdentifierChoice_inherit 0 +#define ASIdentifierChoice_asIdsOrRanges 1 typedef struct ASIdentifierChoice_st { int type; @@ -832,8 +855,8 @@ ASN1_BIT_STRING *min, *max; } IPAddressRange; -# define IPAddressOrRange_addressPrefix 0 -# define IPAddressOrRange_addressRange 1 +#define IPAddressOrRange_addressPrefix 0 +#define IPAddressOrRange_addressRange 1 typedef struct IPAddressOrRange_st { int type; @@ -843,14 +866,16 @@ } u; } IPAddressOrRange; +/* clang-format off */ {- generate_stack_macros("IPAddressOrRange"); -} +/* clang-format on */ typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; -# define IPAddressChoice_inherit 0 -# define IPAddressChoice_addressesOrRanges 1 +#define IPAddressChoice_inherit 0 +#define IPAddressChoice_addressesOrRanges 1 typedef struct IPAddressChoice_st { int type; @@ -865,10 +890,11 @@ IPAddressChoice *ipAddressChoice; } IPAddressFamily; +/* clang-format off */ {- generate_stack_macros("IPAddressFamily"); -} - +/* clang-format on */ typedef STACK_OF(IPAddressFamily) IPAddrBlocks; @@ -880,8 +906,8 @@ /* * API tag for elements of the ASIdentifer SEQUENCE. */ -# define V3_ASID_ASNUM 0 -# define V3_ASID_RDI 1 +#define V3_ASID_ASNUM 0 +#define V3_ASID_RDI 1 /* * AFI values, assigned by IANA. It'd be nice to make the AFI @@ -889,8 +915,8 @@ * that would need to be defined for other address families for it to * be worth the trouble. */ -# define IANA_AFI_IPV4 1 -# define IANA_AFI_IPV6 2 +#define IANA_AFI_IPV4 1 +#define IANA_AFI_IPV6 2 /* * Utilities to construct and extract values from RFC3779 extensions, @@ -899,19 +925,19 @@ */ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, - ASN1_INTEGER *min, ASN1_INTEGER *max); + ASN1_INTEGER *min, ASN1_INTEGER *max); int X509v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi); + const unsigned afi, const unsigned *safi); int X509v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi, - unsigned char *a, const int prefixlen); + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); int X509v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi, - unsigned char *min, unsigned char *max); + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); unsigned X509v3_addr_get_afi(const IPAddressFamily *f); int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, - unsigned char *min, unsigned char *max, - const int length); + unsigned char *min, unsigned char *max, + const int length); /* * Canonical forms. @@ -935,16 +961,18 @@ int X509v3_asid_validate_path(X509_STORE_CTX *); int X509v3_addr_validate_path(X509_STORE_CTX *); int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, - int allow_inheritance); + ASIdentifiers *ext, + int allow_inheritance); int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, - IPAddrBlocks *ext, int allow_inheritance); + IPAddrBlocks *ext, int allow_inheritance); -#endif /* OPENSSL_NO_RFC3779 */ +#endif /* OPENSSL_NO_RFC3779 */ +/* clang-format off */ {- generate_stack_macros("ASN1_STRING"); -} +/* clang-format on */ /* * Admission Syntax @@ -957,10 +985,12 @@ DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) DECLARE_ASN1_FUNCTIONS(ADMISSIONS) DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +/* clang-format off */ {- generate_stack_macros("PROFESSION_INFO") .generate_stack_macros("ADMISSIONS"); -} +/* clang-format on */ typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( @@ -970,11 +1000,11 @@ const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( const NAMING_AUTHORITY *n); void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, - ASN1_OBJECT* namingAuthorityId); + ASN1_OBJECT *namingAuthorityId); void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, - ASN1_IA5STRING* namingAuthorityUrl); + ASN1_IA5STRING *namingAuthorityUrl); void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, - ASN1_STRING* namingAuthorityText); + ASN1_STRING *namingAuthorityText); const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( const ADMISSION_SYNTAX *as); @@ -1011,7 +1041,7 @@ void PROFESSION_INFO_set0_registrationNumber( PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/include/openssl/x509v3err.h.orig +++ crypto/openssl/include/openssl/x509v3err.h @@ -9,85 +9,83 @@ */ #ifndef OPENSSL_X509V3ERR_H -# define OPENSSL_X509V3ERR_H -# pragma once - -# include -# include -# include - +#define OPENSSL_X509V3ERR_H +#pragma once +#include +#include +#include /* * X509V3 reason codes. */ -# define X509V3_R_BAD_IP_ADDRESS 118 -# define X509V3_R_BAD_OBJECT 119 -# define X509V3_R_BN_DEC2BN_ERROR 100 -# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 -# define X509V3_R_DIRNAME_ERROR 149 -# define X509V3_R_DISTPOINT_ALREADY_SET 160 -# define X509V3_R_DUPLICATE_ZONE_ID 133 -# define X509V3_R_EMPTY_KEY_USAGE 169 -# define X509V3_R_ERROR_CONVERTING_ZONE 131 -# define X509V3_R_ERROR_CREATING_EXTENSION 144 -# define X509V3_R_ERROR_IN_EXTENSION 128 -# define X509V3_R_EXPECTED_A_SECTION_NAME 137 -# define X509V3_R_EXTENSION_EXISTS 145 -# define X509V3_R_EXTENSION_NAME_ERROR 115 -# define X509V3_R_EXTENSION_NOT_FOUND 102 -# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 -# define X509V3_R_EXTENSION_VALUE_ERROR 116 -# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 -# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 -# define X509V3_R_INVALID_ASNUMBER 162 -# define X509V3_R_INVALID_ASRANGE 163 -# define X509V3_R_INVALID_BOOLEAN_STRING 104 -# define X509V3_R_INVALID_CERTIFICATE 158 -# define X509V3_R_INVALID_EMPTY_NAME 108 -# define X509V3_R_INVALID_EXTENSION_STRING 105 -# define X509V3_R_INVALID_INHERITANCE 165 -# define X509V3_R_INVALID_IPADDRESS 166 -# define X509V3_R_INVALID_MULTIPLE_RDNS 161 -# define X509V3_R_INVALID_NAME 106 -# define X509V3_R_INVALID_NULL_ARGUMENT 107 -# define X509V3_R_INVALID_NULL_VALUE 109 -# define X509V3_R_INVALID_NUMBER 140 -# define X509V3_R_INVALID_NUMBERS 141 -# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 -# define X509V3_R_INVALID_OPTION 138 -# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 -# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 -# define X509V3_R_INVALID_PURPOSE 146 -# define X509V3_R_INVALID_SAFI 164 -# define X509V3_R_INVALID_SECTION 135 -# define X509V3_R_INVALID_SYNTAX 143 -# define X509V3_R_ISSUER_DECODE_ERROR 126 -# define X509V3_R_MISSING_VALUE 124 -# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 -# define X509V3_R_NEGATIVE_PATHLEN 168 -# define X509V3_R_NO_CONFIG_DATABASE 136 -# define X509V3_R_NO_ISSUER_CERTIFICATE 121 -# define X509V3_R_NO_ISSUER_DETAILS 127 -# define X509V3_R_NO_POLICY_IDENTIFIER 139 -# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 -# define X509V3_R_NO_PUBLIC_KEY 114 -# define X509V3_R_NO_SUBJECT_DETAILS 125 -# define X509V3_R_OPERATION_NOT_DEFINED 148 -# define X509V3_R_OTHERNAME_ERROR 147 -# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 -# define X509V3_R_POLICY_PATH_LENGTH 156 -# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 -# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 -# define X509V3_R_SECTION_NOT_FOUND 150 -# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 -# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 -# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 -# define X509V3_R_UNKNOWN_EXTENSION 129 -# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 -# define X509V3_R_UNKNOWN_OPTION 120 -# define X509V3_R_UNSUPPORTED_OPTION 117 -# define X509V3_R_UNSUPPORTED_TYPE 167 -# define X509V3_R_USER_TOO_LONG 132 +#define X509V3_R_BAD_IP_ADDRESS 118 +#define X509V3_R_BAD_OBJECT 119 +#define X509V3_R_BN_DEC2BN_ERROR 100 +#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +#define X509V3_R_DIRNAME_ERROR 149 +#define X509V3_R_DISTPOINT_ALREADY_SET 160 +#define X509V3_R_DUPLICATE_ZONE_ID 133 +#define X509V3_R_EMPTY_KEY_USAGE 169 +#define X509V3_R_ERROR_CONVERTING_ZONE 131 +#define X509V3_R_ERROR_CREATING_EXTENSION 144 +#define X509V3_R_ERROR_IN_EXTENSION 128 +#define X509V3_R_EXPECTED_A_SECTION_NAME 137 +#define X509V3_R_EXTENSION_EXISTS 145 +#define X509V3_R_EXTENSION_NAME_ERROR 115 +#define X509V3_R_EXTENSION_NOT_FOUND 102 +#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +#define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +#define X509V3_R_INVALID_ASNUMBER 162 +#define X509V3_R_INVALID_ASRANGE 163 +#define X509V3_R_INVALID_BOOLEAN_STRING 104 +#define X509V3_R_INVALID_CERTIFICATE 158 +#define X509V3_R_INVALID_EMPTY_NAME 108 +#define X509V3_R_INVALID_EXTENSION_STRING 105 +#define X509V3_R_INVALID_INHERITANCE 165 +#define X509V3_R_INVALID_IPADDRESS 166 +#define X509V3_R_INVALID_MULTIPLE_RDNS 161 +#define X509V3_R_INVALID_NAME 106 +#define X509V3_R_INVALID_NULL_ARGUMENT 107 +#define X509V3_R_INVALID_NULL_VALUE 109 +#define X509V3_R_INVALID_NUMBER 140 +#define X509V3_R_INVALID_NUMBERS 141 +#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +#define X509V3_R_INVALID_OPTION 138 +#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +#define X509V3_R_INVALID_PURPOSE 146 +#define X509V3_R_INVALID_SAFI 164 +#define X509V3_R_INVALID_SECTION 135 +#define X509V3_R_INVALID_SYNTAX 143 +#define X509V3_R_ISSUER_DECODE_ERROR 126 +#define X509V3_R_MISSING_VALUE 124 +#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +#define X509V3_R_NEGATIVE_PATHLEN 168 +#define X509V3_R_NO_CONFIG_DATABASE 136 +#define X509V3_R_NO_ISSUER_CERTIFICATE 121 +#define X509V3_R_NO_ISSUER_DETAILS 127 +#define X509V3_R_NO_POLICY_IDENTIFIER 139 +#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +#define X509V3_R_NO_PUBLIC_KEY 114 +#define X509V3_R_NO_SUBJECT_DETAILS 125 +#define X509V3_R_OPERATION_NOT_DEFINED 148 +#define X509V3_R_OTHERNAME_ERROR 147 +#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +#define X509V3_R_POLICY_PATH_LENGTH 156 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +#define X509V3_R_SECTION_NOT_FOUND 150 +#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +#define X509V3_R_UNKNOWN_EXTENSION 129 +#define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +#define X509V3_R_UNKNOWN_OPTION 120 +#define X509V3_R_UNSUPPORTED_OPTION 117 +#define X509V3_R_UNSUPPORTED_TYPE 167 +#define X509V3_R_USER_TOO_LONG 132 #endif --- crypto/openssl/ms/applink.c.orig +++ crypto/openssl/ms/applink.c @@ -7,42 +7,42 @@ * https://www.openssl.org/source/license.html */ -#define APPLINK_STDIN 1 -#define APPLINK_STDOUT 2 -#define APPLINK_STDERR 3 +#define APPLINK_STDIN 1 +#define APPLINK_STDOUT 2 +#define APPLINK_STDERR 3 #define APPLINK_FPRINTF 4 -#define APPLINK_FGETS 5 -#define APPLINK_FREAD 6 -#define APPLINK_FWRITE 7 +#define APPLINK_FGETS 5 +#define APPLINK_FREAD 6 +#define APPLINK_FWRITE 7 #define APPLINK_FSETMOD 8 -#define APPLINK_FEOF 9 -#define APPLINK_FCLOSE 10 /* should not be used */ - -#define APPLINK_FOPEN 11 /* solely for completeness */ -#define APPLINK_FSEEK 12 -#define APPLINK_FTELL 13 -#define APPLINK_FFLUSH 14 -#define APPLINK_FERROR 15 +#define APPLINK_FEOF 9 +#define APPLINK_FCLOSE 10 /* should not be used */ + +#define APPLINK_FOPEN 11 /* solely for completeness */ +#define APPLINK_FSEEK 12 +#define APPLINK_FTELL 13 +#define APPLINK_FFLUSH 14 +#define APPLINK_FERROR 15 #define APPLINK_CLEARERR 16 -#define APPLINK_FILENO 17 /* to be used with below */ +#define APPLINK_FILENO 17 /* to be used with below */ -#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ -#define APPLINK_READ 19 -#define APPLINK_WRITE 20 -#define APPLINK_LSEEK 21 -#define APPLINK_CLOSE 22 -#define APPLINK_MAX 22 /* always same as last macro */ +#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ +#define APPLINK_READ 19 +#define APPLINK_WRITE 20 +#define APPLINK_LSEEK 21 +#define APPLINK_CLOSE 22 +#define APPLINK_MAX 22 /* always same as last macro */ #ifndef APPMACROS_ONLY -# include -# include -# include - -# ifdef __BORLANDC__ - /* _lseek in is a function-like macro so we can't take its address */ -# undef _lseek -# define _lseek lseek -# endif +#include +#include +#include + +#ifdef __BORLANDC__ +/* _lseek in is a function-like macro so we can't take its address */ +#undef _lseek +#define _lseek lseek +#endif static void *app_stdin(void) { @@ -88,23 +88,21 @@ extern "C" { #endif -__declspec(dllexport) -void ** -# if defined(__BORLANDC__) -/* - * __stdcall appears to be the only way to get the name - * decoration right with Borland C. Otherwise it works - * purely incidentally, as we pass no parameters. - */ -__stdcall -# else -__cdecl -# endif -OPENSSL_Applink(void) +__declspec(dllexport) void ** +#if defined(__BORLANDC__) + /* + * __stdcall appears to be the only way to get the name + * decoration right with Borland C. Otherwise it works + * purely incidentally, as we pass no parameters. + */ + __stdcall +#else + __cdecl +#endif + OPENSSL_Applink(void) { static int once = 1; - static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] = - { (void *)APPLINK_MAX }; + static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] = { (void *)APPLINK_MAX }; if (once) { OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin; --- crypto/openssl/ms/uplink.c.orig +++ crypto/openssl/ms/uplink.c @@ -8,13 +8,13 @@ */ #if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE) -# define UNICODE +#define UNICODE #endif #if defined(UNICODE) && !defined(_UNICODE) -# define _UNICODE +#define _UNICODE #endif #if defined(_UNICODE) && !defined(UNICODE) -# define UNICODE +#define UNICODE #endif #include @@ -36,7 +36,7 @@ static HMODULE volatile apphandle = NULL; static void **volatile applinktable = NULL; int len; - void (*func) (void) = unimplemented; + void (*func)(void) = unimplemented; HANDLE h; void **p; @@ -56,32 +56,32 @@ */ do { len = _sntprintf(msg, sizeof(msg) / sizeof(TCHAR), - _T("OPENSSL_Uplink(%p,%02X): "), table, index); + _T("OPENSSL_Uplink(%p,%02X): "), table, index); _tcscpy(msg + len, _T("unimplemented function")); if ((h = apphandle) == NULL) { if ((h = GetModuleHandle(NULL)) == NULL) { - apphandle = (HMODULE) - 1; + apphandle = (HMODULE)-1; _tcscpy(msg + len, _T("no host application")); break; } apphandle = h; } - if ((h = apphandle) == (HMODULE) - 1) /* revalidate */ + if ((h = apphandle) == (HMODULE)-1) /* revalidate */ break; if (applinktable == NULL) { - void **(*applink) (); + void **(*applink)(); applink = (void **(*)())GetProcAddress(h, "OPENSSL_Applink"); if (applink == NULL) { - apphandle = (HMODULE) - 1; + apphandle = (HMODULE)-1; _tcscpy(msg + len, _T("no OPENSSL_Applink")); break; } - p = (*applink) (); + p = (*applink)(); if (p == NULL) { - apphandle = (HMODULE) - 1; + apphandle = (HMODULE)-1; _tcscpy(msg + len, _T("no ApplinkTable")); break; } @@ -100,45 +100,85 @@ } #if (defined(_MSC_VER) || defined(__BORLANDC__)) && defined(_M_IX86) -# if defined(_MSC_VER) -# define LAZY(i) \ -__declspec(naked) static void lazy##i (void) { \ - _asm push i \ - _asm push OFFSET OPENSSL_UplinkTable \ - _asm call OPENSSL_Uplink \ - _asm add esp,8 \ - _asm jmp OPENSSL_UplinkTable+4*i } -# elif defined(__BORLANDC__) && defined(__clang__) +#if defined(_MSC_VER) +#define LAZY(i) \ + __declspec(naked) static void lazy##i(void) \ + { \ + _asm push i _asm push OFFSET OPENSSL_UplinkTable _asm call OPENSSL_Uplink _asm add esp, 8 _asm jmp OPENSSL_UplinkTable + 4 * i \ + } +#elif defined(__BORLANDC__) && defined(__clang__) void *OPENSSL_UplinkTable[26]; /* C++Builder requires declaration before use */ -# define LAZY(i) \ -__declspec(naked) static void lazy##i (void) { \ - __asm__("pushl $" #i "; " \ - "pushl %0; " \ - "call %P1; " \ - "addl $8, %%esp; " \ - "jmp *%2 " \ - : /* no outputs */ \ - : "i" (OPENSSL_UplinkTable), \ - "i" (OPENSSL_Uplink), \ - "m" (OPENSSL_UplinkTable[i])); } -# endif +#define LAZY(i) \ + __declspec(naked) static void lazy##i(void) \ + { \ + __asm__("pushl $" #i "; " \ + "pushl %0; " \ + "call %P1; " \ + "addl $8, %%esp; " \ + "jmp *%2 " \ + : /* no outputs */ \ + : "i"(OPENSSL_UplinkTable), \ + "i"(OPENSSL_Uplink), \ + "m"(OPENSSL_UplinkTable[i])); \ + } +#endif -# if APPLINK_MAX>25 -# error "Add more stubs..." -# endif +#if APPLINK_MAX > 25 +#error "Add more stubs..." +#endif /* make some in advance... */ -LAZY(1) LAZY(2) LAZY(3) LAZY(4) LAZY(5) - LAZY(6) LAZY(7) LAZY(8) LAZY(9) LAZY(10) - LAZY(11) LAZY(12) LAZY(13) LAZY(14) LAZY(15) - LAZY(16) LAZY(17) LAZY(18) LAZY(19) LAZY(20) - LAZY(21) LAZY(22) LAZY(23) LAZY(24) LAZY(25) +LAZY(1) +LAZY(2) +LAZY(3) +LAZY(4) +LAZY(5) +LAZY(6) +LAZY(7) +LAZY(8) +LAZY(9) +LAZY(10) +LAZY(11) +LAZY(12) +LAZY(13) +LAZY(14) +LAZY(15) +LAZY(16) +LAZY(17) +LAZY(18) +LAZY(19) +LAZY(20) +LAZY(21) +LAZY(22) +LAZY(23) +LAZY(24) +LAZY(25) void *OPENSSL_UplinkTable[] = { (void *)APPLINK_MAX, - lazy1, lazy2, lazy3, lazy4, lazy5, - lazy6, lazy7, lazy8, lazy9, lazy10, - lazy11, lazy12, lazy13, lazy14, lazy15, - lazy16, lazy17, lazy18, lazy19, lazy20, - lazy21, lazy22, lazy23, lazy24, lazy25, + lazy1, + lazy2, + lazy3, + lazy4, + lazy5, + lazy6, + lazy7, + lazy8, + lazy9, + lazy10, + lazy11, + lazy12, + lazy13, + lazy14, + lazy15, + lazy16, + lazy17, + lazy18, + lazy19, + lazy20, + lazy21, + lazy22, + lazy23, + lazy24, + lazy25, }; #endif --- crypto/openssl/ms/uplink.h.orig +++ crypto/openssl/ms/uplink.h @@ -12,27 +12,27 @@ extern void *OPENSSL_UplinkTable[]; -#define UP_stdin (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDIN])() +#define UP_stdin (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDIN])() #define UP_stdout (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDOUT])() #define UP_stderr (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDERR])() -#define UP_fprintf (*(int (*)(void *,const char *,...))OPENSSL_UplinkTable[APPLINK_FPRINTF]) -#define UP_fgets (*(char *(*)(char *,int,void *))OPENSSL_UplinkTable[APPLINK_FGETS]) -#define UP_fread (*(size_t (*)(void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FREAD]) -#define UP_fwrite (*(size_t (*)(const void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FWRITE]) -#define UP_fsetmod (*(int (*)(void *,char))OPENSSL_UplinkTable[APPLINK_FSETMOD]) -#define UP_feof (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FEOF]) +#define UP_fprintf (*(int (*)(void *, const char *, ...))OPENSSL_UplinkTable[APPLINK_FPRINTF]) +#define UP_fgets (*(char *(*)(char *, int, void *))OPENSSL_UplinkTable[APPLINK_FGETS]) +#define UP_fread (*(size_t (*)(void *, size_t, size_t, void *))OPENSSL_UplinkTable[APPLINK_FREAD]) +#define UP_fwrite (*(size_t (*)(const void *, size_t, size_t, void *))OPENSSL_UplinkTable[APPLINK_FWRITE]) +#define UP_fsetmod (*(int (*)(void *, char))OPENSSL_UplinkTable[APPLINK_FSETMOD]) +#define UP_feof (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FEOF]) #define UP_fclose (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FCLOSE]) -#define UP_fopen (*(void *(*)(const char *,const char *))OPENSSL_UplinkTable[APPLINK_FOPEN]) -#define UP_fseek (*(int (*)(void *,long,int))OPENSSL_UplinkTable[APPLINK_FSEEK]) -#define UP_ftell (*(long (*)(void *))OPENSSL_UplinkTable[APPLINK_FTELL]) +#define UP_fopen (*(void *(*)(const char *, const char *))OPENSSL_UplinkTable[APPLINK_FOPEN]) +#define UP_fseek (*(int (*)(void *, long, int))OPENSSL_UplinkTable[APPLINK_FSEEK]) +#define UP_ftell (*(long (*)(void *))OPENSSL_UplinkTable[APPLINK_FTELL]) #define UP_fflush (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FFLUSH]) #define UP_ferror (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FERROR]) #define UP_clearerr (*(void (*)(void *))OPENSSL_UplinkTable[APPLINK_CLEARERR]) #define UP_fileno (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FILENO]) -#define UP_open (*(int (*)(const char *,int,...))OPENSSL_UplinkTable[APPLINK_OPEN]) -#define UP_read (*(ossl_ssize_t (*)(int,void *,size_t))OPENSSL_UplinkTable[APPLINK_READ]) -#define UP_write (*(ossl_ssize_t (*)(int,const void *,size_t))OPENSSL_UplinkTable[APPLINK_WRITE]) -#define UP_lseek (*(long (*)(int,long,int))OPENSSL_UplinkTable[APPLINK_LSEEK]) -#define UP_close (*(int (*)(int))OPENSSL_UplinkTable[APPLINK_CLOSE]) +#define UP_open (*(int (*)(const char *, int, ...))OPENSSL_UplinkTable[APPLINK_OPEN]) +#define UP_read (*(ossl_ssize_t (*)(int, void *, size_t))OPENSSL_UplinkTable[APPLINK_READ]) +#define UP_write (*(ossl_ssize_t (*)(int, const void *, size_t))OPENSSL_UplinkTable[APPLINK_WRITE]) +#define UP_lseek (*(long (*)(int, long, int))OPENSSL_UplinkTable[APPLINK_LSEEK]) +#define UP_close (*(int (*)(int))OPENSSL_UplinkTable[APPLINK_CLOSE]) --- crypto/openssl/providers/baseprov.c.orig +++ crypto/openssl/providers/baseprov.c @@ -53,7 +53,7 @@ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); if (p != NULL - && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Base Provider")) + && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Base Provider")) return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) @@ -83,7 +83,7 @@ }; static const OSSL_ALGORITHM base_store[] = { -#define STORE(name, _fips, func_table) \ +#define STORE(name, _fips, func_table) \ { name, "provider=base,fips=" _fips, (func_table) }, #include "stores.inc" @@ -92,7 +92,7 @@ }; static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id, - int *no_cache) + int *no_cache) { *no_cache = 0; switch (operation_id) { @@ -116,7 +116,7 @@ static const OSSL_DISPATCH base_dispatch_table[] = { { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))base_teardown }, { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, - (void (*)(void))base_gettable_params }, + (void (*)(void))base_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))base_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))base_query }, { 0, NULL } @@ -125,8 +125,8 @@ OSSL_provider_init_fn ossl_base_provider_init; int ossl_base_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, + void **provctx) { OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; BIO_METHOD *corebiometh; @@ -162,13 +162,13 @@ * create their own library context. */ if ((*provctx = ossl_prov_ctx_new()) == NULL - || (corebiometh = ossl_bio_prov_init_bio_method()) == NULL) { + || (corebiometh = ossl_bio_prov_init_bio_method()) == NULL) { ossl_prov_ctx_free(*provctx); *provctx = NULL; return 0; } ossl_prov_ctx_set0_libctx(*provctx, - (OSSL_LIB_CTX *)c_get_libctx(handle)); + (OSSL_LIB_CTX *)c_get_libctx(handle)); ossl_prov_ctx_set0_handle(*provctx, handle); ossl_prov_ctx_set0_core_bio_method(*provctx, corebiometh); --- crypto/openssl/providers/common/bio_prov.c.orig +++ crypto/openssl/providers/common/bio_prov.c @@ -88,7 +88,7 @@ } int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, - size_t *bytes_read) + size_t *bytes_read) { if (c_bio_read_ex == NULL) return 0; @@ -96,7 +96,7 @@ } int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, - size_t *written) + size_t *written) { if (c_bio_write_ex == NULL) return 0; @@ -162,13 +162,13 @@ /* No direct BIO support in the FIPS module */ static int bio_core_read_ex(BIO *bio, char *data, size_t data_len, - size_t *bytes_read) + size_t *bytes_read) { return ossl_prov_bio_read_ex(BIO_get_data(bio), data, data_len, bytes_read); } static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len, - size_t *written) + size_t *written) { return ossl_prov_bio_write_ex(BIO_get_data(bio), data, data_len, written); } @@ -209,13 +209,13 @@ corebiometh = BIO_meth_new(BIO_TYPE_CORE_TO_PROV, "BIO to Core filter"); if (corebiometh == NULL - || !BIO_meth_set_write_ex(corebiometh, bio_core_write_ex) - || !BIO_meth_set_read_ex(corebiometh, bio_core_read_ex) - || !BIO_meth_set_puts(corebiometh, bio_core_puts) - || !BIO_meth_set_gets(corebiometh, bio_core_gets) - || !BIO_meth_set_ctrl(corebiometh, bio_core_ctrl) - || !BIO_meth_set_create(corebiometh, bio_core_new) - || !BIO_meth_set_destroy(corebiometh, bio_core_free)) { + || !BIO_meth_set_write_ex(corebiometh, bio_core_write_ex) + || !BIO_meth_set_read_ex(corebiometh, bio_core_read_ex) + || !BIO_meth_set_puts(corebiometh, bio_core_puts) + || !BIO_meth_set_gets(corebiometh, bio_core_gets) + || !BIO_meth_set_ctrl(corebiometh, bio_core_ctrl) + || !BIO_meth_set_create(corebiometh, bio_core_new) + || !BIO_meth_set_destroy(corebiometh, bio_core_free)) { BIO_meth_free(corebiometh); return NULL; } --- crypto/openssl/providers/common/capabilities.c.orig +++ crypto/openssl/providers/common/capabilities.c @@ -22,68 +22,68 @@ /* If neither ec or dh is available then we have no TLS-GROUP capabilities */ #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) typedef struct tls_group_constants_st { - unsigned int group_id; /* Group ID */ - unsigned int secbits; /* Bits of security */ - int mintls; /* Minimum TLS version, -1 unsupported */ - int maxtls; /* Maximum TLS version (or 0 for undefined) */ - int mindtls; /* Minimum DTLS version, -1 unsupported */ - int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ + unsigned int group_id; /* Group ID */ + unsigned int secbits; /* Bits of security */ + int mintls; /* Minimum TLS version, -1 unsupported */ + int maxtls; /* Maximum TLS version (or 0 for undefined) */ + int mindtls; /* Minimum DTLS version, -1 unsupported */ + int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ } TLS_GROUP_CONSTANTS; static const TLS_GROUP_CONSTANTS group_list[35] = { { OSSL_TLS_GROUP_ID_sect163k1, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect163r1, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect163r2, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect193r1, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect193r2, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect233k1, 112, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect233r1, 112, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect239k1, 112, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect283k1, 128, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect283r1, 128, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect409k1, 192, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect409r1, 192, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect571k1, 256, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_sect571r1, 256, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp160k1, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp160r1, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp160r2, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp192k1, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp192r1, 80, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp224k1, 112, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp224r1, 112, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp256k1, 128, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_secp256r1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, { OSSL_TLS_GROUP_ID_secp384r1, 192, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, { OSSL_TLS_GROUP_ID_secp521r1, 256, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, { OSSL_TLS_GROUP_ID_brainpoolP256r1, 128, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_brainpoolP384r1, 192, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_brainpoolP512r1, 256, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION }, + DTLS1_VERSION, DTLS1_2_VERSION }, { OSSL_TLS_GROUP_ID_x25519, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, { OSSL_TLS_GROUP_ID_x448, 224, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, /* Security bit values as given by BN_security_bits() */ @@ -94,59 +94,59 @@ { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_3_VERSION, 0, -1, -1 }, }; -#define TLS_GROUP_ENTRY(tlsname, realname, algorithm, idx) \ - { \ - OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, \ - tlsname, \ - sizeof(tlsname)), \ +#define TLS_GROUP_ENTRY(tlsname, realname, algorithm, idx) \ + { \ + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, \ + tlsname, \ + sizeof(tlsname)), \ OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, \ - realname, \ - sizeof(realname)), \ - OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, \ - algorithm, \ - sizeof(algorithm)), \ - OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, \ - (unsigned int *)&group_list[idx].group_id), \ - OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, \ - (unsigned int *)&group_list[idx].secbits), \ - OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, \ - (unsigned int *)&group_list[idx].mintls), \ - OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, \ - (unsigned int *)&group_list[idx].maxtls), \ - OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, \ - (unsigned int *)&group_list[idx].mindtls), \ - OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, \ - (unsigned int *)&group_list[idx].maxdtls), \ - OSSL_PARAM_END \ + realname, \ + sizeof(realname)), \ + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, \ + algorithm, \ + sizeof(algorithm)), \ + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, \ + (unsigned int *)&group_list[idx].group_id), \ + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, \ + (unsigned int *)&group_list[idx].secbits), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, \ + (unsigned int *)&group_list[idx].mintls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, \ + (unsigned int *)&group_list[idx].maxtls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, \ + (unsigned int *)&group_list[idx].mindtls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, \ + (unsigned int *)&group_list[idx].maxdtls), \ + OSSL_PARAM_END \ } static const OSSL_PARAM param_group_list[][10] = { -# ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect163k1", "sect163k1", "EC", 0), TLS_GROUP_ENTRY("K-163", "sect163k1", "EC", 0), /* Alias of above */ -# endif -# ifndef FIPS_MODULE +#endif +#ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect163r1", "sect163r1", "EC", 1), -# endif -# ifndef OPENSSL_NO_EC2M +#endif +#ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect163r2", "sect163r2", "EC", 2), TLS_GROUP_ENTRY("B-163", "sect163r2", "EC", 2), /* Alias of above */ -# endif -# ifndef FIPS_MODULE +#endif +#ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect193r1", "sect193r1", "EC", 3), TLS_GROUP_ENTRY("sect193r2", "sect193r2", "EC", 4), -# endif -# ifndef OPENSSL_NO_EC2M +#endif +#ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect233k1", "sect233k1", "EC", 5), TLS_GROUP_ENTRY("K-233", "sect233k1", "EC", 5), /* Alias of above */ TLS_GROUP_ENTRY("sect233r1", "sect233r1", "EC", 6), TLS_GROUP_ENTRY("B-233", "sect233r1", "EC", 6), /* Alias of above */ -# endif -# ifndef FIPS_MODULE +#endif +#ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect239k1", "sect239k1", "EC", 7), -# endif -# ifndef OPENSSL_NO_EC2M +#endif +#ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect283k1", "sect283k1", "EC", 8), TLS_GROUP_ENTRY("K-283", "sect283k1", "EC", 8), /* Alias of above */ TLS_GROUP_ENTRY("sect283r1", "sect283r1", "EC", 9), @@ -159,45 +159,45 @@ TLS_GROUP_ENTRY("K-571", "sect571k1", "EC", 12), /* Alias of above */ TLS_GROUP_ENTRY("sect571r1", "sect571r1", "EC", 13), TLS_GROUP_ENTRY("B-571", "sect571r1", "EC", 13), /* Alias of above */ -# endif -# ifndef FIPS_MODULE +#endif +#ifndef FIPS_MODULE TLS_GROUP_ENTRY("secp160k1", "secp160k1", "EC", 14), TLS_GROUP_ENTRY("secp160r1", "secp160r1", "EC", 15), TLS_GROUP_ENTRY("secp160r2", "secp160r2", "EC", 16), TLS_GROUP_ENTRY("secp192k1", "secp192k1", "EC", 17), -# endif +#endif TLS_GROUP_ENTRY("secp192r1", "prime192v1", "EC", 18), TLS_GROUP_ENTRY("P-192", "prime192v1", "EC", 18), /* Alias of above */ -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE TLS_GROUP_ENTRY("secp224k1", "secp224k1", "EC", 19), -# endif +#endif TLS_GROUP_ENTRY("secp224r1", "secp224r1", "EC", 20), TLS_GROUP_ENTRY("P-224", "secp224r1", "EC", 20), /* Alias of above */ -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE TLS_GROUP_ENTRY("secp256k1", "secp256k1", "EC", 21), -# endif +#endif TLS_GROUP_ENTRY("secp256r1", "prime256v1", "EC", 22), TLS_GROUP_ENTRY("P-256", "prime256v1", "EC", 22), /* Alias of above */ TLS_GROUP_ENTRY("secp384r1", "secp384r1", "EC", 23), TLS_GROUP_ENTRY("P-384", "secp384r1", "EC", 23), /* Alias of above */ TLS_GROUP_ENTRY("secp521r1", "secp521r1", "EC", 24), TLS_GROUP_ENTRY("P-521", "secp521r1", "EC", 24), /* Alias of above */ -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), -# endif +#endif TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), TLS_GROUP_ENTRY("x448", "X448", "X448", 29), -# endif /* OPENSSL_NO_EC */ -# ifndef OPENSSL_NO_DH +#endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_DH /* Security bit values for FFDHE groups are as per RFC 7919 */ TLS_GROUP_ENTRY("ffdhe2048", "ffdhe2048", "DH", 30), TLS_GROUP_ENTRY("ffdhe3072", "ffdhe3072", "DH", 31), TLS_GROUP_ENTRY("ffdhe4096", "ffdhe4096", "DH", 32), TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 33), TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 34), -# endif +#endif }; #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ @@ -215,7 +215,7 @@ } int ossl_prov_get_capabilities(void *provctx, const char *capability, - OSSL_CALLBACK *cb, void *arg) + OSSL_CALLBACK *cb, void *arg) { if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0) return tls_group_capability(cb, arg); --- crypto/openssl/providers/common/der/der_digests_gen.c.orig +++ crypto/openssl/providers/common/der/der_digests_gen.c @@ -13,6 +13,7 @@ #include "prov/der_digests.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 } @@ -158,3 +159,4 @@ DER_OID_V_id_KMACWithSHAKE256 }; +/* clang-format on */ --- crypto/openssl/providers/common/der/der_digests_gen.c.in.orig +++ crypto/openssl/providers/common/der/der_digests_gen.c.in @@ -12,9 +12,11 @@ #include "prov/der_digests.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', 'providers/common/der/DIGESTS.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* clang-format on */ --- crypto/openssl/providers/common/der/der_dsa_gen.c.orig +++ crypto/openssl/providers/common/der/der_dsa_gen.c @@ -19,6 +19,7 @@ #include "prov/der_dsa.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * id-dsa OBJECT IDENTIFIER ::= { @@ -92,3 +93,4 @@ DER_OID_V_id_dsa_with_sha3_512 }; +/* clang-format on */ --- crypto/openssl/providers/common/der/der_dsa_gen.c.in.orig +++ crypto/openssl/providers/common/der/der_dsa_gen.c.in @@ -18,8 +18,10 @@ #include "prov/der_dsa.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* clang-format on */ --- crypto/openssl/providers/common/der/der_dsa_key.c.orig +++ crypto/openssl/providers/common/der/der_dsa_key.c @@ -22,6 +22,6 @@ return ossl_DER_w_begin_sequence(pkt, tag) /* No parameters (yet?) */ && ossl_DER_w_precompiled(pkt, -1, ossl_der_oid_id_dsa, - sizeof(ossl_der_oid_id_dsa)) + sizeof(ossl_der_oid_id_dsa)) && ossl_DER_w_end_sequence(pkt, tag); } --- crypto/openssl/providers/common/der/der_dsa_sig.c.orig +++ crypto/openssl/providers/common/der/der_dsa_sig.c @@ -17,14 +17,14 @@ #include "internal/packet.h" #include "prov/der_dsa.h" -#define MD_CASE(name) \ - case NID_##name: \ - precompiled = ossl_der_oid_id_dsa_with_##name; \ - precompiled_sz = sizeof(ossl_der_oid_id_dsa_with_##name); \ +#define MD_CASE(name) \ + case NID_##name: \ + precompiled = ossl_der_oid_id_dsa_with_##name; \ + precompiled_sz = sizeof(ossl_der_oid_id_dsa_with_##name); \ break; int ossl_DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, - DSA *dsa, int mdnid) + DSA *dsa, int mdnid) { const unsigned char *precompiled = NULL; size_t precompiled_sz = 0; --- crypto/openssl/providers/common/der/der_ec_gen.c.orig +++ crypto/openssl/providers/common/der/der_ec_gen.c @@ -13,6 +13,7 @@ #include "prov/der_ec.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 } @@ -277,3 +278,4 @@ DER_OID_V_id_ecdsa_with_sha3_512 }; +/* clang-format on */ --- crypto/openssl/providers/common/der/der_ec_gen.c.in.orig +++ crypto/openssl/providers/common/der/der_ec_gen.c.in @@ -12,8 +12,10 @@ #include "prov/der_ec.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* clang-format on */ --- crypto/openssl/providers/common/der/der_ec_key.c.orig +++ crypto/openssl/providers/common/der/der_ec_key.c @@ -16,6 +16,6 @@ return ossl_DER_w_begin_sequence(pkt, cont) /* No parameters (yet?) */ && ossl_DER_w_precompiled(pkt, -1, ossl_der_oid_id_ecPublicKey, - sizeof(ossl_der_oid_id_ecPublicKey)) + sizeof(ossl_der_oid_id_ecPublicKey)) && ossl_DER_w_end_sequence(pkt, cont); } --- crypto/openssl/providers/common/der/der_ec_sig.c.orig +++ crypto/openssl/providers/common/der/der_ec_sig.c @@ -12,20 +12,20 @@ #include "prov/der_ec.h" /* Aliases so we can have a uniform MD_CASE */ -#define ossl_der_oid_id_ecdsa_with_sha1 ossl_der_oid_ecdsa_with_SHA1 +#define ossl_der_oid_id_ecdsa_with_sha1 ossl_der_oid_ecdsa_with_SHA1 #define ossl_der_oid_id_ecdsa_with_sha224 ossl_der_oid_ecdsa_with_SHA224 #define ossl_der_oid_id_ecdsa_with_sha256 ossl_der_oid_ecdsa_with_SHA256 #define ossl_der_oid_id_ecdsa_with_sha384 ossl_der_oid_ecdsa_with_SHA384 #define ossl_der_oid_id_ecdsa_with_sha512 ossl_der_oid_ecdsa_with_SHA512 -#define MD_CASE(name) \ - case NID_##name: \ - precompiled = ossl_der_oid_id_ecdsa_with_##name; \ - precompiled_sz = sizeof(ossl_der_oid_id_ecdsa_with_##name); \ +#define MD_CASE(name) \ + case NID_##name: \ + precompiled = ossl_der_oid_id_ecdsa_with_##name; \ + precompiled_sz = sizeof(ossl_der_oid_id_ecdsa_with_##name); \ break; int ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid) + EC_KEY *ec, int mdnid) { const unsigned char *precompiled = NULL; size_t precompiled_sz = 0; --- crypto/openssl/providers/common/der/der_ecx_gen.c.orig +++ crypto/openssl/providers/common/der/der_ecx_gen.c @@ -13,6 +13,7 @@ #include "prov/der_ecx.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 } @@ -42,3 +43,4 @@ DER_OID_V_id_Ed448 }; +/* clang-format on */ --- crypto/openssl/providers/common/der/der_ecx_gen.c.in.orig +++ crypto/openssl/providers/common/der/der_ecx_gen.c.in @@ -12,8 +12,10 @@ #include "prov/der_ecx.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/ECX.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* clang-format on */ --- crypto/openssl/providers/common/der/der_ecx_key.c.orig +++ crypto/openssl/providers/common/der/der_ecx_key.c @@ -16,7 +16,7 @@ return ossl_DER_w_begin_sequence(pkt, cont) /* No parameters (yet?) */ && ossl_DER_w_precompiled(pkt, -1, ossl_der_oid_id_X25519, - sizeof(ossl_der_oid_id_X25519)) + sizeof(ossl_der_oid_id_X25519)) && ossl_DER_w_end_sequence(pkt, cont); } @@ -25,7 +25,7 @@ return ossl_DER_w_begin_sequence(pkt, cont) /* No parameters (yet?) */ && ossl_DER_w_precompiled(pkt, -1, ossl_der_oid_id_X448, - sizeof(ossl_der_oid_id_X448)) + sizeof(ossl_der_oid_id_X448)) && ossl_DER_w_end_sequence(pkt, cont); } @@ -34,7 +34,7 @@ return ossl_DER_w_begin_sequence(pkt, cont) /* No parameters (yet?) */ && ossl_DER_w_precompiled(pkt, -1, ossl_der_oid_id_Ed25519, - sizeof(ossl_der_oid_id_Ed25519)) + sizeof(ossl_der_oid_id_Ed25519)) && ossl_DER_w_end_sequence(pkt, cont); } @@ -43,6 +43,6 @@ return ossl_DER_w_begin_sequence(pkt, cont) /* No parameters (yet?) */ && ossl_DER_w_precompiled(pkt, -1, ossl_der_oid_id_Ed448, - sizeof(ossl_der_oid_id_Ed448)) + sizeof(ossl_der_oid_id_Ed448)) && ossl_DER_w_end_sequence(pkt, cont); } --- crypto/openssl/providers/common/der/der_rsa_gen.c.orig +++ crypto/openssl/providers/common/der/der_rsa_gen.c @@ -13,6 +13,7 @@ #include "prov/der_rsa.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 } @@ -172,3 +173,4 @@ DER_OID_V_mdc2WithRSASignature }; +/* clang-format on */ --- crypto/openssl/providers/common/der/der_rsa_gen.c.in.orig +++ crypto/openssl/providers/common/der/der_rsa_gen.c.in @@ -12,9 +12,11 @@ #include "prov/der_rsa.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* clang-format on */ --- crypto/openssl/providers/common/der/der_rsa_key.c.orig +++ crypto/openssl/providers/common/der/der_rsa_key.c @@ -53,10 +53,10 @@ * around that, we make them non-static, and declare them an extra time to * avoid compilers complaining about definitions without declarations. */ -#define DER_AID_V_sha1Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha1 + DER_SZ_NULL, \ - DER_OID_V_id_sha1, \ +#define DER_AID_V_sha1Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha1 + DER_SZ_NULL, \ + DER_OID_V_id_sha1, \ DER_V_NULL extern const unsigned char ossl_der_aid_sha1Identifier[]; const unsigned char ossl_der_aid_sha1Identifier[] = { @@ -64,10 +64,10 @@ }; #define DER_AID_SZ_sha1Identifier sizeof(ossl_der_aid_sha1Identifier) -#define DER_AID_V_sha224Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha224 + DER_SZ_NULL, \ - DER_OID_V_id_sha224, \ +#define DER_AID_V_sha224Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha224 + DER_SZ_NULL, \ + DER_OID_V_id_sha224, \ DER_V_NULL extern const unsigned char ossl_der_aid_sha224Identifier[]; const unsigned char ossl_der_aid_sha224Identifier[] = { @@ -75,10 +75,10 @@ }; #define DER_AID_SZ_sha224Identifier sizeof(ossl_der_aid_sha224Identifier) -#define DER_AID_V_sha256Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha256 + DER_SZ_NULL, \ - DER_OID_V_id_sha256, \ +#define DER_AID_V_sha256Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha256 + DER_SZ_NULL, \ + DER_OID_V_id_sha256, \ DER_V_NULL extern const unsigned char ossl_der_aid_sha256Identifier[]; const unsigned char ossl_der_aid_sha256Identifier[] = { @@ -86,10 +86,10 @@ }; #define DER_AID_SZ_sha256Identifier sizeof(ossl_der_aid_sha256Identifier) -#define DER_AID_V_sha384Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha384 + DER_SZ_NULL, \ - DER_OID_V_id_sha384, \ +#define DER_AID_V_sha384Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha384 + DER_SZ_NULL, \ + DER_OID_V_id_sha384, \ DER_V_NULL extern const unsigned char ossl_der_aid_sha384Identifier[]; const unsigned char ossl_der_aid_sha384Identifier[] = { @@ -97,10 +97,10 @@ }; #define DER_AID_SZ_sha384Identifier sizeof(ossl_der_aid_sha384Identifier) -#define DER_AID_V_sha512Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha512 + DER_SZ_NULL, \ - DER_OID_V_id_sha512, \ +#define DER_AID_V_sha512Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512 + DER_SZ_NULL, \ + DER_OID_V_id_sha512, \ DER_V_NULL extern const unsigned char ossl_der_aid_sha512Identifier[]; const unsigned char ossl_der_aid_sha512Identifier[] = { @@ -108,10 +108,10 @@ }; #define DER_AID_SZ_sha512Identifier sizeof(ossl_der_aid_sha512Identifier) -#define DER_AID_V_sha512_224Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha512_224 + DER_SZ_NULL, \ - DER_OID_V_id_sha512_224, \ +#define DER_AID_V_sha512_224Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512_224 + DER_SZ_NULL, \ + DER_OID_V_id_sha512_224, \ DER_V_NULL extern const unsigned char ossl_der_aid_sha512_224Identifier[]; const unsigned char ossl_der_aid_sha512_224Identifier[] = { @@ -119,10 +119,10 @@ }; #define DER_AID_SZ_sha512_224Identifier sizeof(ossl_der_aid_sha512_224Identifier) -#define DER_AID_V_sha512_256Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha512_256 + DER_SZ_NULL, \ - DER_OID_V_id_sha512_256, \ +#define DER_AID_V_sha512_256Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512_256 + DER_SZ_NULL, \ + DER_OID_V_id_sha512_256, \ DER_V_NULL extern const unsigned char ossl_der_aid_sha512_256Identifier[]; const unsigned char ossl_der_aid_sha512_256Identifier[] = { @@ -160,11 +160,11 @@ * mgf1SHA512Identifier AlgorithmIdentifier ::= * { id-mgf1, sha512Identifier } */ -#if 0 /* Currently unused */ -#define DER_AID_V_mgf1SHA1Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier, \ - DER_OID_V_id_mgf1, \ +#if 0 /* Currently unused */ +#define DER_AID_V_mgf1SHA1Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier, \ + DER_OID_V_id_mgf1, \ DER_AID_V_sha1Identifier static const unsigned char der_aid_mgf1SHA1Identifier[] = { DER_AID_V_mgf1SHA1Identifier @@ -172,71 +172,70 @@ #define DER_AID_SZ_mgf1SHA1Identifier sizeof(der_aid_mgf1SHA1Identifier) #endif -#define DER_AID_V_mgf1SHA224Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier, \ - DER_OID_V_id_mgf1, \ +#define DER_AID_V_mgf1SHA224Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier, \ + DER_OID_V_id_mgf1, \ DER_AID_V_sha224Identifier static const unsigned char der_aid_mgf1SHA224Identifier[] = { DER_AID_V_mgf1SHA224Identifier }; #define DER_AID_SZ_mgf1SHA224Identifier sizeof(der_aid_mgf1SHA224Identifier) -#define DER_AID_V_mgf1SHA256Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier, \ - DER_OID_V_id_mgf1, \ +#define DER_AID_V_mgf1SHA256Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier, \ + DER_OID_V_id_mgf1, \ DER_AID_V_sha256Identifier static const unsigned char der_aid_mgf1SHA256Identifier[] = { DER_AID_V_mgf1SHA256Identifier }; #define DER_AID_SZ_mgf1SHA256Identifier sizeof(der_aid_mgf1SHA256Identifier) -#define DER_AID_V_mgf1SHA384Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier, \ - DER_OID_V_id_mgf1, \ +#define DER_AID_V_mgf1SHA384Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier, \ + DER_OID_V_id_mgf1, \ DER_AID_V_sha384Identifier static const unsigned char der_aid_mgf1SHA384Identifier[] = { DER_AID_V_mgf1SHA384Identifier }; #define DER_AID_SZ_mgf1SHA384Identifier sizeof(der_aid_mgf1SHA384Identifier) -#define DER_AID_V_mgf1SHA512Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier, \ - DER_OID_V_id_mgf1, \ +#define DER_AID_V_mgf1SHA512Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier, \ + DER_OID_V_id_mgf1, \ DER_AID_V_sha512Identifier static const unsigned char der_aid_mgf1SHA512Identifier[] = { DER_AID_V_mgf1SHA512Identifier }; #define DER_AID_SZ_mgf1SHA512Identifier sizeof(der_aid_mgf1SHA512Identifier) -#define DER_AID_V_mgf1SHA512_224Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier, \ - DER_OID_V_id_mgf1, \ +#define DER_AID_V_mgf1SHA512_224Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier, \ + DER_OID_V_id_mgf1, \ DER_AID_V_sha512_224Identifier static const unsigned char der_aid_mgf1SHA512_224Identifier[] = { DER_AID_V_mgf1SHA512_224Identifier }; #define DER_AID_SZ_mgf1SHA512_224Identifier sizeof(der_aid_mgf1SHA512_224Identifier) -#define DER_AID_V_mgf1SHA512_256Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier, \ - DER_OID_V_id_mgf1, \ +#define DER_AID_V_mgf1SHA512_256Identifier \ + DER_P_SEQUENCE | DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier, \ + DER_OID_V_id_mgf1, \ DER_AID_V_sha512_256Identifier static const unsigned char der_aid_mgf1SHA512_256Identifier[] = { DER_AID_V_mgf1SHA512_256Identifier }; #define DER_AID_SZ_mgf1SHA512_256Identifier sizeof(der_aid_mgf1SHA512_256Identifier) - -#define MGF1_SHA_CASE(bits, var) \ - case NID_sha##bits: \ - var = der_aid_mgf1SHA##bits##Identifier; \ - var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier); \ +#define MGF1_SHA_CASE(bits, var) \ + case NID_sha##bits: \ + var = der_aid_mgf1SHA##bits##Identifier; \ + var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier); \ break; /*- @@ -245,7 +244,7 @@ * MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} } */ static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag, - const RSA_PSS_PARAMS_30 *pss) + const RSA_PSS_PARAMS_30 *pss) { if (pss != NULL && ossl_rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) { int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss); @@ -274,14 +273,14 @@ return 0; } -#define OAEP_PSS_MD_CASE(name, var) \ - case NID_##name: \ - var = ossl_der_aid_##name##Identifier; \ - var##_sz = sizeof(ossl_der_aid_##name##Identifier); \ +#define OAEP_PSS_MD_CASE(name, var) \ + case NID_##name: \ + var = ossl_der_aid_##name##Identifier; \ + var##_sz = sizeof(ossl_der_aid_##name##Identifier); \ break; int ossl_DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, - const RSA_PSS_PARAMS_30 *pss) + const RSA_PSS_PARAMS_30 *pss) { int hashalg_nid, default_hashalg_nid; int saltlen, default_saltlen; @@ -298,7 +297,7 @@ * that the key is restricted. */ if (!ossl_assert(pss != NULL - && !ossl_rsa_pss_params_30_is_unrestricted(pss))) + && !ossl_rsa_pss_params_30_is_unrestricted(pss))) return 0; hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss); @@ -358,15 +357,15 @@ /* Aliases so we can have a uniform RSA_CASE */ #define ossl_der_oid_rsassaPss ossl_der_oid_id_RSASSA_PSS -#define RSA_CASE(name, var) \ - var##_nid = NID_##name; \ - var##_oid = ossl_der_oid_##name; \ - var##_oid_sz = sizeof(ossl_der_oid_##name); \ +#define RSA_CASE(name, var) \ + var##_nid = NID_##name; \ + var##_oid = ossl_der_oid_##name; \ + var##_oid_sz = sizeof(ossl_der_oid_##name); \ break; int ossl_DER_w_algorithmIdentifier_RSA_PSS(WPACKET *pkt, int tag, - int rsa_type, - const RSA_PSS_PARAMS_30 *pss) + int rsa_type, + const RSA_PSS_PARAMS_30 *pss) { int rsa_nid = NID_undef; const unsigned char *rsa_oid = NULL; @@ -396,5 +395,5 @@ RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); return ossl_DER_w_algorithmIdentifier_RSA_PSS(pkt, tag, rsa_type, - pss_params); + pss_params); } --- crypto/openssl/providers/common/der/der_rsa_sig.c.orig +++ crypto/openssl/providers/common/der/der_rsa_sig.c @@ -24,14 +24,14 @@ #define ossl_der_oid_mdc2WithRSAEncryption \ ossl_der_oid_mdc2WithRSASignature -#define MD_with_RSA_CASE(name, var) \ - case NID_##name: \ - var = ossl_der_oid_##name##WithRSAEncryption; \ - var##_sz = sizeof(ossl_der_oid_##name##WithRSAEncryption); \ +#define MD_with_RSA_CASE(name, var) \ + case NID_##name: \ + var = ossl_der_oid_##name##WithRSAEncryption; \ + var##_sz = sizeof(ossl_der_oid_##name##WithRSAEncryption); \ break; int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, - int mdnid) + int mdnid) { const unsigned char *precompiled = NULL; size_t precompiled_sz = 0; --- crypto/openssl/providers/common/der/der_sm2_gen.c.in.orig +++ crypto/openssl/providers/common/der/der_sm2_gen.c.in @@ -12,8 +12,10 @@ #include "prov/der_sm2.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/SM2.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* clang-format on */ --- crypto/openssl/providers/common/der/der_sm2_key.c.orig +++ crypto/openssl/providers/common/der/der_sm2_key.c @@ -18,6 +18,6 @@ /* No parameters (yet?) */ /* It seems SM2 identifier is the same as id_ecPublidKey */ && ossl_DER_w_precompiled(pkt, -1, ossl_der_oid_id_ecPublicKey, - sizeof(ossl_der_oid_id_ecPublicKey)) + sizeof(ossl_der_oid_id_ecPublicKey)) && ossl_DER_w_end_sequence(pkt, cont); } --- crypto/openssl/providers/common/der/der_sm2_sig.c.orig +++ crypto/openssl/providers/common/der/der_sm2_sig.c @@ -12,16 +12,16 @@ #include "prov/der_sm2.h" /* Aliases so we can have a uniform MD_CASE */ -#define ossl_der_oid_id_sm2_with_sm3 ossl_der_oid_sm2_with_SM3 +#define ossl_der_oid_id_sm2_with_sm3 ossl_der_oid_sm2_with_SM3 -#define MD_CASE(name) \ - case NID_##name: \ - precompiled = ossl_der_oid_id_sm2_with_##name; \ - precompiled_sz = sizeof(ossl_der_oid_id_sm2_with_##name); \ +#define MD_CASE(name) \ + case NID_##name: \ + precompiled = ossl_der_oid_id_sm2_with_##name; \ + precompiled_sz = sizeof(ossl_der_oid_id_sm2_with_##name); \ break; int ossl_DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid) + EC_KEY *ec, int mdnid) { const unsigned char *precompiled = NULL; size_t precompiled_sz = 0; --- crypto/openssl/providers/common/der/der_wrap_gen.c.orig +++ crypto/openssl/providers/common/der/der_wrap_gen.c @@ -13,6 +13,7 @@ #include "prov/der_wrap.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { @@ -44,3 +45,4 @@ DER_OID_V_id_aes256_wrap }; +/* clang-format on */ --- crypto/openssl/providers/common/der/der_wrap_gen.c.in.orig +++ crypto/openssl/providers/common/der/der_wrap_gen.c.in @@ -12,8 +12,10 @@ #include "prov/der_wrap.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/wrap.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* clang-format on */ --- crypto/openssl/providers/common/digest_to_nid.c.orig +++ crypto/openssl/providers/common/digest_to_nid.c @@ -40,17 +40,17 @@ int ossl_digest_get_approved_nid(const EVP_MD *md) { static const OSSL_ITEM name_to_nid[] = { - { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, - { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, - { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, - { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, - { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, + { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, + { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, + { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, + { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, + { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 }, { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 }, - { NID_sha3_224, OSSL_DIGEST_NAME_SHA3_224 }, - { NID_sha3_256, OSSL_DIGEST_NAME_SHA3_256 }, - { NID_sha3_384, OSSL_DIGEST_NAME_SHA3_384 }, - { NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512 }, + { NID_sha3_224, OSSL_DIGEST_NAME_SHA3_224 }, + { NID_sha3_256, OSSL_DIGEST_NAME_SHA3_256 }, + { NID_sha3_384, OSSL_DIGEST_NAME_SHA3_384 }, + { NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512 }, }; return ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); --- crypto/openssl/providers/common/include/prov/bio.h.orig +++ crypto/openssl/providers/common/include/prov/bio.h @@ -17,9 +17,9 @@ OSSL_CORE_BIO *ossl_prov_bio_new_file(const char *filename, const char *mode); OSSL_CORE_BIO *ossl_prov_bio_new_membuf(const char *filename, int len); int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, - size_t *bytes_read); + size_t *bytes_read); int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, - size_t *written); + size_t *written); int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size); int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str); int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr); --- crypto/openssl/providers/common/include/prov/der_digests.h.orig +++ crypto/openssl/providers/common/include/prov/der_digests.h @@ -13,6 +13,7 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 } @@ -158,3 +159,4 @@ #define DER_OID_SZ_id_KMACWithSHAKE256 11 extern const unsigned char ossl_der_oid_id_KMACWithSHAKE256[DER_OID_SZ_id_KMACWithSHAKE256]; +/* clang-format on */ --- crypto/openssl/providers/common/include/prov/der_digests.h.in.orig +++ crypto/openssl/providers/common/include/prov/der_digests.h.in @@ -12,9 +12,11 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', 'providers/common/der/DIGESTS.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* clang-format on */ --- crypto/openssl/providers/common/include/prov/der_dsa.h.orig +++ crypto/openssl/providers/common/include/prov/der_dsa.h @@ -13,6 +13,7 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * id-dsa OBJECT IDENTIFIER ::= { @@ -86,9 +87,10 @@ #define DER_OID_SZ_id_dsa_with_sha3_512 11 extern const unsigned char ossl_der_oid_id_dsa_with_sha3_512[DER_OID_SZ_id_dsa_with_sha3_512]; +/* clang-format on */ /* Subject Public Key Info */ int ossl_DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa); /* Signature */ int ossl_DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, - DSA *dsa, int mdnid); + DSA *dsa, int mdnid); --- crypto/openssl/providers/common/include/prov/der_dsa.h.in.orig +++ crypto/openssl/providers/common/include/prov/der_dsa.h.in @@ -12,14 +12,16 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* clang-format on */ /* Subject Public Key Info */ int ossl_DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa); /* Signature */ int ossl_DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, - DSA *dsa, int mdnid); + DSA *dsa, int mdnid); --- crypto/openssl/providers/common/include/prov/der_ec.h.orig +++ crypto/openssl/providers/common/include/prov/der_ec.h @@ -14,6 +14,7 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 } @@ -278,9 +279,10 @@ #define DER_OID_SZ_id_ecdsa_with_sha3_512 11 extern const unsigned char ossl_der_oid_id_ecdsa_with_sha3_512[DER_OID_SZ_id_ecdsa_with_sha3_512]; +/* clang-format on */ /* Subject Public Key Info */ int ossl_DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec); /* Signature */ int ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid); + EC_KEY *ec, int mdnid); --- crypto/openssl/providers/common/include/prov/der_ec.h.in.orig +++ crypto/openssl/providers/common/include/prov/der_ec.h.in @@ -13,14 +13,16 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* clang-format on */ /* Subject Public Key Info */ int ossl_DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec); /* Signature */ int ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid); + EC_KEY *ec, int mdnid); --- crypto/openssl/providers/common/include/prov/der_ecx.h.orig +++ crypto/openssl/providers/common/include/prov/der_ecx.h @@ -14,6 +14,7 @@ #include "crypto/ecx.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 } @@ -43,6 +44,7 @@ #define DER_OID_SZ_id_Ed448 5 extern const unsigned char ossl_der_oid_id_Ed448[DER_OID_SZ_id_Ed448]; +/* clang-format on */ int ossl_DER_w_algorithmIdentifier_ED25519(WPACKET *pkt, int cont, ECX_KEY *ec); int ossl_DER_w_algorithmIdentifier_ED448(WPACKET *pkt, int cont, ECX_KEY *ec); --- crypto/openssl/providers/common/include/prov/der_ecx.h.in.orig +++ crypto/openssl/providers/common/include/prov/der_ecx.h.in @@ -13,11 +13,13 @@ #include "crypto/ecx.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/ECX.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* clang-format on */ int ossl_DER_w_algorithmIdentifier_ED25519(WPACKET *pkt, int cont, ECX_KEY *ec); int ossl_DER_w_algorithmIdentifier_ED448(WPACKET *pkt, int cont, ECX_KEY *ec); --- crypto/openssl/providers/common/include/prov/der_rsa.h.orig +++ crypto/openssl/providers/common/include/prov/der_rsa.h @@ -14,6 +14,7 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 } @@ -173,15 +174,16 @@ #define DER_OID_SZ_mdc2WithRSASignature 7 extern const unsigned char ossl_der_oid_mdc2WithRSASignature[DER_OID_SZ_mdc2WithRSASignature]; +/* clang-format on */ /* PSS parameters */ int ossl_DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, - const RSA_PSS_PARAMS_30 *pss); + const RSA_PSS_PARAMS_30 *pss); /* Subject Public Key Info */ int ossl_DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); int ossl_DER_w_algorithmIdentifier_RSA_PSS(WPACKET *pkt, int tag, - int rsa_type, - const RSA_PSS_PARAMS_30 *pss); + int rsa_type, + const RSA_PSS_PARAMS_30 *pss); /* Signature */ int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, - int mdnid); + int mdnid); --- crypto/openssl/providers/common/include/prov/der_rsa.h.in.orig +++ crypto/openssl/providers/common/include/prov/der_rsa.h.in @@ -13,21 +13,23 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* clang-format on */ /* PSS parameters */ int ossl_DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, - const RSA_PSS_PARAMS_30 *pss); + const RSA_PSS_PARAMS_30 *pss); /* Subject Public Key Info */ int ossl_DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); int ossl_DER_w_algorithmIdentifier_RSA_PSS(WPACKET *pkt, int tag, - int rsa_type, - const RSA_PSS_PARAMS_30 *pss); + int rsa_type, + const RSA_PSS_PARAMS_30 *pss); /* Signature */ int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, - int mdnid); + int mdnid); --- crypto/openssl/providers/common/include/prov/der_sm2.h.in.orig +++ crypto/openssl/providers/common/include/prov/der_sm2.h.in @@ -13,14 +13,16 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/SM2.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* clang-format on */ /* Subject Public Key Info */ int ossl_DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec); /* Signature */ int ossl_DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid); + EC_KEY *ec, int mdnid); --- crypto/openssl/providers/common/include/prov/der_wrap.h.orig +++ crypto/openssl/providers/common/include/prov/der_wrap.h @@ -13,6 +13,7 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ /* * id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { @@ -44,3 +45,4 @@ #define DER_OID_SZ_id_aes256_wrap 11 extern const unsigned char ossl_der_oid_id_aes256_wrap[DER_OID_SZ_id_aes256_wrap]; +/* clang-format on */ --- crypto/openssl/providers/common/include/prov/der_wrap.h.in.orig +++ crypto/openssl/providers/common/include/prov/der_wrap.h.in @@ -12,8 +12,10 @@ #include "internal/der.h" /* Well known OIDs precompiled */ +/* clang-format off */ {- $OUT = oids_to_c::process_leaves('providers/common/der/wrap.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* clang-format on */ --- crypto/openssl/providers/common/include/prov/proverr.h.orig +++ crypto/openssl/providers/common/include/prov/proverr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_PROVERR_H -# define OSSL_PROVERR_H -# pragma once +#define OSSL_PROVERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_PROV_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/providers/common/include/prov/provider_ctx.h.orig +++ crypto/openssl/providers/common/include/prov/provider_ctx.h @@ -8,16 +8,16 @@ */ #ifndef OSSL_PROV_PROVIDER_CTX_H -# define OSSL_PROV_PROVIDER_CTX_H +#define OSSL_PROV_PROVIDER_CTX_H -# include -# include -# include -# include +#include +#include +#include +#include typedef struct prov_ctx_st { const OSSL_CORE_HANDLE *handle; - OSSL_LIB_CTX *libctx; /* For all provider modules */ + OSSL_LIB_CTX *libctx; /* For all provider modules */ BIO_METHOD *corebiometh; } PROV_CTX; @@ -25,7 +25,7 @@ * To be used anywhere the library context needs to be passed, such as to * fetching functions. */ -# define PROV_LIBCTX_OF(provctx) \ +#define PROV_LIBCTX_OF(provctx) \ ossl_prov_ctx_get0_libctx((provctx)) PROV_CTX *ossl_prov_ctx_new(void); --- crypto/openssl/providers/common/include/prov/provider_util.h.orig +++ crypto/openssl/providers/common/include/prov/provider_util.h @@ -16,11 +16,11 @@ * the cipher, always. |alloc_cipher| only holds a reference to an * explicitly fetched cipher. */ - const EVP_CIPHER *cipher; /* cipher */ - EVP_CIPHER *alloc_cipher; /* fetched cipher */ + const EVP_CIPHER *cipher; /* cipher */ + EVP_CIPHER *alloc_cipher; /* fetched cipher */ /* Conditions for legacy EVP_CIPHER uses */ - ENGINE *engine; /* cipher engine */ + ENGINE *engine; /* cipher engine */ } PROV_CIPHER; typedef struct { @@ -29,11 +29,11 @@ * the digest, always. |alloc_md| only holds a reference to an explicitly * fetched digest. */ - const EVP_MD *md; /* digest */ - EVP_MD *alloc_md; /* fetched digest */ + const EVP_MD *md; /* digest */ + EVP_MD *alloc_md; /* fetched digest */ /* Conditions for legacy EVP_MD uses */ - ENGINE *engine; /* digest engine */ + ENGINE *engine; /* digest engine */ } PROV_DIGEST; /* Cipher functions */ @@ -44,8 +44,8 @@ * non-provider based implementations. */ int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc, - const OSSL_PARAM params[], - OSSL_LIB_CTX *ctx); + const OSSL_PARAM params[], + OSSL_LIB_CTX *ctx); /* Reset the PROV_CIPHER fields and free any allocated cipher reference */ void ossl_prov_cipher_reset(PROV_CIPHER *pc); @@ -64,7 +64,7 @@ * propquery. Store the result in the PROV_DIGEST and return the fetched md. */ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx, - const char *mdname, const char *propquery); + const char *mdname, const char *propquery); /* * Load a digest from the specified parameters with the specified context. @@ -73,8 +73,8 @@ * non-provider based implementations. */ int ossl_prov_digest_load_from_params(PROV_DIGEST *pd, - const OSSL_PARAM params[], - OSSL_LIB_CTX *ctx); + const OSSL_PARAM params[], + OSSL_LIB_CTX *ctx); /* Reset the PROV_DIGEST fields and free any allocated digest reference */ void ossl_prov_digest_reset(PROV_DIGEST *pd); @@ -86,20 +86,19 @@ const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd); ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd); - /* * Set the various parameters on an EVP_MAC_CTX from the supplied arguments. * If any of the supplied ciphername/mdname etc are NULL then the values * from the supplied params (if non NULL) are used instead. */ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx, - const OSSL_PARAM params[], - const char *ciphername, - const char *mdname, - const char *engine, - const char *properties, - const unsigned char *key, - size_t keylen); + const OSSL_PARAM params[], + const char *ciphername, + const char *mdname, + const char *engine, + const char *properties, + const unsigned char *key, + size_t keylen); /* MAC functions */ /* @@ -119,11 +118,11 @@ * ignored. */ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, - const OSSL_PARAM params[], - const char *macname, - const char *ciphername, - const char *mdname, - OSSL_LIB_CTX *ctx); + const OSSL_PARAM params[], + const char *macname, + const char *ciphername, + const char *mdname, + OSSL_LIB_CTX *ctx); typedef struct ag_capable_st { OSSL_ALGORITHM alg; @@ -135,4 +134,4 @@ * If this method is NULL or the method returns 1 then the algorithm is added. */ void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in, - OSSL_ALGORITHM *out); + OSSL_ALGORITHM *out); --- crypto/openssl/providers/common/include/prov/securitycheck.h.orig +++ crypto/openssl/providers/common/include/prov/securitycheck.h @@ -18,7 +18,7 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md); /* With security check enabled it can return -1 to indicate disallowed md */ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed); + int sha1_allowed); /* Functions that are common */ int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len); @@ -26,5 +26,5 @@ /* Functions that have different implementations for the FIPS_MODULE */ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed); + int sha1_allowed); int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx); --- crypto/openssl/providers/common/provider_err.c.orig +++ crypto/openssl/providers/common/provider_err.c @@ -15,206 +15,206 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA PROV_str_reasons[] = { - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ADDITIONAL_INPUT_TOO_LONG), - "additional input too long"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ALGORITHM_MISMATCH), - "algorithm mismatch"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ALREADY_INSTANTIATED), - "already instantiated"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT), "bad decrypt"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_ENCODING), "bad encoding"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_LENGTH), "bad length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_TLS_CLIENT_VERSION), - "bad tls client version"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BN_ERROR), "bn error"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED), - "cipher operation failed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DERIVATION_FUNCTION_INIT_FAILED), - "derivation function init failed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DIGEST_NOT_ALLOWED), - "digest not allowed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK), - "entropy source strength too weak"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ERROR_INSTANTIATING_DRBG), - "error instantiating drbg"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ERROR_RETRIEVING_ENTROPY), - "error retrieving entropy"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ERROR_RETRIEVING_NONCE), - "error retrieving nonce"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_DURING_DERIVATION), - "failed during derivation"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_CREATE_LOCK), - "failed to create lock"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_DECRYPT), "failed to decrypt"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GENERATE_KEY), - "failed to generate key"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GET_PARAMETER), - "failed to get parameter"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), - "failed to set parameter"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SIGN), "failed to sign"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR), - "fips module conditional error"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE), - "fips module entering error state"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_IN_ERROR_STATE), - "fips module in error state"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_GENERATE_ERROR), "generate error"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), - "illegal or unsupported padding mode"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INDICATOR_INTEGRITY_FAILURE), - "indicator integrity failure"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INSUFFICIENT_DRBG_STRENGTH), - "insufficient drbg strength"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONFIG_DATA), - "invalid config data"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONSTANT_LENGTH), - "invalid constant length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CURVE), "invalid curve"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CUSTOM_LENGTH), - "invalid custom length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DATA), "invalid data"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_LENGTH), - "invalid digest length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_SIZE), - "invalid digest size"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH), - "invalid input length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT), - "invalid iteration count"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY), "invalid key"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY_LENGTH), - "invalid key length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MAC), "invalid mac"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MGF1_MD), "invalid mgf1 md"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE), "invalid mode"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_OUTPUT_LENGTH), - "invalid output length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PADDING_MODE), - "invalid padding mode"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PUBINFO), "invalid pubinfo"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH), - "invalid salt length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SEED_LENGTH), - "invalid seed length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SIGNATURE_SIZE), - "invalid signature size"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_STATE), "invalid state"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG_LENGTH), - "invalid tag length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_UKM_LENGTH), - "invalid ukm length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST), - "invalid x931 digest"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_IN_ERROR_STATE), "in error state"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_KEY_SETUP_FAILED), "key setup failed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_KEY_SIZE_TOO_SMALL), - "key size too small"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_LENGTH_TOO_LARGE), "length too large"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISMATCHING_DOMAIN_PARAMETERS), - "mismatching domain parameters"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CEK_ALG), "missing cek alg"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CIPHER), "missing cipher"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONFIG_DATA), - "missing config data"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONSTANT), "missing constant"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_KEY), "missing key"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MAC), "missing mac"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MESSAGE_DIGEST), - "missing message digest"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_OID), "missing OID"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_PASS), "missing pass"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SALT), "missing salt"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SECRET), "missing secret"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SEED), "missing seed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SESSION_ID), - "missing session id"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_TYPE), "missing type"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_XCGHASH), "missing xcghash"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MODULE_INTEGRITY_FAILURE), - "module integrity failure"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_A_PRIVATE_KEY), "not a private key"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_A_PUBLIC_KEY), "not a public key"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_INSTANTIATED), "not instantiated"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_PARAMETERS), "not parameters"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_SUPPORTED), "not supported"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_XOF_OR_INVALID_LENGTH), - "not xof or invalid length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_KEY_SET), "no key set"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL), - "output buffer too small"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS), - "parent cannot generate random numbers"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED), - "parent cannot supply entropy seed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_LOCKING_NOT_ENABLED), - "parent locking not enabled"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_STRENGTH_TOO_WEAK), - "parent strength too weak"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PATH_MUST_BE_ABSOLUTE), - "path must be absolute"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PERSONALISATION_STRING_TOO_LONG), - "personalisation string too long"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PSS_SALTLEN_TOO_SMALL), - "pss saltlen too small"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUEST_TOO_LARGE_FOR_DRBG), - "request too large for drbg"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUIRE_CTR_MODE_CIPHER), - "require ctr mode cipher"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_RESEED_ERROR), "reseed error"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), - "search only supported for directories"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT), - "seed sources must not have a parent"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_KAT_FAILURE), - "self test kat failure"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_POST_FAILURE), - "self test post failure"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_NEEDED), "tag not needed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_SET), "tag not set"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TOO_MANY_RECORDS), "too many records"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_FIND_CIPHERS), - "unable to find ciphers"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH), - "unable to get parent strength"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PASSPHRASE), - "unable to get passphrase"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_INITIALISE_CIPHERS), - "unable to initialise ciphers"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOAD_SHA256), - "unable to load sha256"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOCK_PARENT), - "unable to lock parent"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_RESEED), "unable to reseed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_CEK_ALG), - "unsupported cek alg"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_KEY_SIZE), - "unsupported key size"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_MAC_TYPE), - "unsupported mac type"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS), - "unsupported number of rounds"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_URI_AUTHORITY_UNSUPPORTED), - "uri authority unsupported"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_VALUE_ERROR), "value error"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH), - "wrong final block length"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_OUTPUT_BUFFER_SIZE), - "wrong output buffer size"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_XOF_DIGESTS_NOT_ALLOWED), - "xof digests not allowed"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE), - "xts data unit is too large"}, - {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_XTS_DUPLICATED_KEYS), - "xts duplicated keys"}, - {0, NULL} + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ADDITIONAL_INPUT_TOO_LONG), + "additional input too long" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ALGORITHM_MISMATCH), + "algorithm mismatch" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ALREADY_INSTANTIATED), + "already instantiated" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT), "bad decrypt" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_ENCODING), "bad encoding" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_LENGTH), "bad length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_TLS_CLIENT_VERSION), + "bad tls client version" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BN_ERROR), "bn error" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED), + "cipher operation failed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DERIVATION_FUNCTION_INIT_FAILED), + "derivation function init failed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DIGEST_NOT_ALLOWED), + "digest not allowed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK), + "entropy source strength too weak" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ERROR_INSTANTIATING_DRBG), + "error instantiating drbg" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ERROR_RETRIEVING_ENTROPY), + "error retrieving entropy" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ERROR_RETRIEVING_NONCE), + "error retrieving nonce" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_DURING_DERIVATION), + "failed during derivation" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_CREATE_LOCK), + "failed to create lock" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_DECRYPT), "failed to decrypt" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GENERATE_KEY), + "failed to generate key" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GET_PARAMETER), + "failed to get parameter" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), + "failed to set parameter" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SIGN), "failed to sign" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR), + "fips module conditional error" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE), + "fips module entering error state" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_IN_ERROR_STATE), + "fips module in error state" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_GENERATE_ERROR), "generate error" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), + "illegal or unsupported padding mode" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INDICATOR_INTEGRITY_FAILURE), + "indicator integrity failure" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INSUFFICIENT_DRBG_STRENGTH), + "insufficient drbg strength" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONFIG_DATA), + "invalid config data" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONSTANT_LENGTH), + "invalid constant length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CURVE), "invalid curve" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CUSTOM_LENGTH), + "invalid custom length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DATA), "invalid data" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST), "invalid digest" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_LENGTH), + "invalid digest length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_SIZE), + "invalid digest size" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH), + "invalid input length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT), + "invalid iteration count" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY), "invalid key" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY_LENGTH), + "invalid key length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MAC), "invalid mac" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MGF1_MD), "invalid mgf1 md" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE), "invalid mode" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_OUTPUT_LENGTH), + "invalid output length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PADDING_MODE), + "invalid padding mode" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PUBINFO), "invalid pubinfo" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH), + "invalid salt length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SEED_LENGTH), + "invalid seed length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SIGNATURE_SIZE), + "invalid signature size" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_STATE), "invalid state" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG_LENGTH), + "invalid tag length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_UKM_LENGTH), + "invalid ukm length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST), + "invalid x931 digest" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_IN_ERROR_STATE), "in error state" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_KEY_SETUP_FAILED), "key setup failed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_KEY_SIZE_TOO_SMALL), + "key size too small" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_LENGTH_TOO_LARGE), "length too large" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISMATCHING_DOMAIN_PARAMETERS), + "mismatching domain parameters" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CEK_ALG), "missing cek alg" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CIPHER), "missing cipher" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONFIG_DATA), + "missing config data" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONSTANT), "missing constant" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_KEY), "missing key" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MAC), "missing mac" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MESSAGE_DIGEST), + "missing message digest" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_OID), "missing OID" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_PASS), "missing pass" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SALT), "missing salt" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SECRET), "missing secret" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SEED), "missing seed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SESSION_ID), + "missing session id" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_TYPE), "missing type" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_XCGHASH), "missing xcghash" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MODULE_INTEGRITY_FAILURE), + "module integrity failure" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_A_PRIVATE_KEY), "not a private key" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_A_PUBLIC_KEY), "not a public key" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_INSTANTIATED), "not instantiated" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_PARAMETERS), "not parameters" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_SUPPORTED), "not supported" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_XOF_OR_INVALID_LENGTH), + "not xof or invalid length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_KEY_SET), "no key set" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_PARAMETERS_SET), "no parameters set" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL), + "output buffer too small" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS), + "parent cannot generate random numbers" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED), + "parent cannot supply entropy seed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_LOCKING_NOT_ENABLED), + "parent locking not enabled" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_STRENGTH_TOO_WEAK), + "parent strength too weak" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PATH_MUST_BE_ABSOLUTE), + "path must be absolute" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PERSONALISATION_STRING_TOO_LONG), + "personalisation string too long" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PSS_SALTLEN_TOO_SMALL), + "pss saltlen too small" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUEST_TOO_LARGE_FOR_DRBG), + "request too large for drbg" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUIRE_CTR_MODE_CIPHER), + "require ctr mode cipher" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_RESEED_ERROR), "reseed error" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), + "search only supported for directories" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT), + "seed sources must not have a parent" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_KAT_FAILURE), + "self test kat failure" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_POST_FAILURE), + "self test post failure" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_NEEDED), "tag not needed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_SET), "tag not set" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TOO_MANY_RECORDS), "too many records" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_FIND_CIPHERS), + "unable to find ciphers" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH), + "unable to get parent strength" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PASSPHRASE), + "unable to get passphrase" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_INITIALISE_CIPHERS), + "unable to initialise ciphers" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOAD_SHA256), + "unable to load sha256" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOCK_PARENT), + "unable to lock parent" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_RESEED), "unable to reseed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_CEK_ALG), + "unsupported cek alg" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_KEY_SIZE), + "unsupported key size" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_MAC_TYPE), + "unsupported mac type" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS), + "unsupported number of rounds" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_URI_AUTHORITY_UNSUPPORTED), + "uri authority unsupported" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_VALUE_ERROR), "value error" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH), + "wrong final block length" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_OUTPUT_BUFFER_SIZE), + "wrong output buffer size" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_XOF_DIGESTS_NOT_ALLOWED), + "xof digests not allowed" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE), + "xts data unit is too large" }, + { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_XTS_DUPLICATED_KEYS), + "xts duplicated keys" }, + { 0, NULL } }; #endif --- crypto/openssl/providers/common/provider_seeding.c.orig +++ crypto/openssl/providers/common/provider_seeding.c @@ -23,8 +23,13 @@ * multiple versions of libcrypto (e.g. one static and one dynamic), but * sharing a single fips.so. We do a simple sanity check here. */ -#define set_func(c, f) \ - do { if (c == NULL) c = f; else if (c != f) return 0; } while (0) +#define set_func(c, f) \ + do { \ + if (c == NULL) \ + c = f; \ + else if (c != f) \ + return 0; \ + } while (0) switch (fns->function_id) { case OSSL_FUNC_GET_ENTROPY: set_func(c_get_entropy, OSSL_FUNC_get_entropy(fns)); @@ -45,29 +50,29 @@ } size_t ossl_prov_get_entropy(PROV_CTX *prov_ctx, unsigned char **pout, - int entropy, size_t min_len, size_t max_len) + int entropy, size_t min_len, size_t max_len) { if (c_get_entropy == NULL) return 0; return c_get_entropy(ossl_prov_ctx_get0_handle(prov_ctx), - pout, entropy, min_len, max_len); + pout, entropy, min_len, max_len); } void ossl_prov_cleanup_entropy(PROV_CTX *prov_ctx, unsigned char *buf, - size_t len) + size_t len) { if (c_cleanup_entropy != NULL) c_cleanup_entropy(ossl_prov_ctx_get0_handle(prov_ctx), buf, len); } size_t ossl_prov_get_nonce(PROV_CTX *prov_ctx, unsigned char **pout, - size_t min_len, size_t max_len, - const void *salt,size_t salt_len) + size_t min_len, size_t max_len, + const void *salt, size_t salt_len) { if (c_get_nonce == NULL) return 0; return c_get_nonce(ossl_prov_ctx_get0_handle(prov_ctx), pout, - min_len, max_len, salt, salt_len); + min_len, max_len, salt, salt_len); } void ossl_prov_cleanup_nonce(PROV_CTX *prov_ctx, unsigned char *buf, size_t len) --- crypto/openssl/providers/common/provider_util.c.orig +++ crypto/openssl/providers/common/provider_util.c @@ -15,8 +15,8 @@ #include #include #ifndef FIPS_MODULE -# include -# include "crypto/evp.h" +#include +#include "crypto/evp.h" #endif #include "prov/provider_util.h" #include "internal/nelem.h" @@ -49,7 +49,7 @@ } static int load_common(const OSSL_PARAM params[], const char **propquery, - ENGINE **engine) + ENGINE **engine) { const OSSL_PARAM *p; @@ -89,8 +89,8 @@ } int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc, - const OSSL_PARAM params[], - OSSL_LIB_CTX *ctx) + const OSSL_PARAM params[], + OSSL_LIB_CTX *ctx) { const OSSL_PARAM *p; const char *propquery; @@ -165,7 +165,7 @@ } const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx, - const char *mdname, const char *propquery) + const char *mdname, const char *propquery) { EVP_MD_free(pd->alloc_md); pd->md = pd->alloc_md = EVP_MD_fetch(libctx, mdname, propquery); @@ -174,8 +174,8 @@ } int ossl_prov_digest_load_from_params(PROV_DIGEST *pd, - const OSSL_PARAM params[], - OSSL_LIB_CTX *ctx) + const OSSL_PARAM params[], + OSSL_LIB_CTX *ctx) { const OSSL_PARAM *p; const char *propquery; @@ -222,13 +222,13 @@ } int ossl_prov_set_macctx(EVP_MAC_CTX *macctx, - const OSSL_PARAM params[], - const char *ciphername, - const char *mdname, - const char *engine, - const char *properties, - const unsigned char *key, - size_t keylen) + const OSSL_PARAM params[], + const char *ciphername, + const char *mdname, + const char *engine, + const char *properties, + const unsigned char *key, + size_t keylen) { const OSSL_PARAM *p; OSSL_PARAM mac_params[6], *mp = mac_params; @@ -236,7 +236,8 @@ if (params != NULL) { if (mdname == NULL) { if ((p = OSSL_PARAM_locate_const(params, - OSSL_ALG_PARAM_DIGEST)) != NULL) { + OSSL_ALG_PARAM_DIGEST)) + != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; mdname = p->data; @@ -244,7 +245,8 @@ } if (ciphername == NULL) { if ((p = OSSL_PARAM_locate_const(params, - OSSL_ALG_PARAM_CIPHER)) != NULL) { + OSSL_ALG_PARAM_CIPHER)) + != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; ciphername = p->data; @@ -252,7 +254,7 @@ } if (engine == NULL) { if ((p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE)) - != NULL) { + != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; engine = p->data; @@ -262,37 +264,36 @@ if (mdname != NULL) *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); if (ciphername != NULL) *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - (char *)ciphername, 0); + (char *)ciphername, 0); if (properties != NULL) *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES, - (char *)properties, 0); + (char *)properties, 0); #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if (engine != NULL) *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_ENGINE, - (char *) engine, 0); + (char *)engine, 0); #endif if (key != NULL) *mp++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - (unsigned char *)key, - keylen); + (unsigned char *)key, + keylen); *mp = OSSL_PARAM_construct_end(); return EVP_MAC_CTX_set_params(macctx, mac_params); - } int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, - const OSSL_PARAM params[], - const char *macname, - const char *ciphername, - const char *mdname, - OSSL_LIB_CTX *libctx) + const OSSL_PARAM params[], + const char *macname, + const char *ciphername, + const char *mdname, + OSSL_LIB_CTX *libctx) { const OSSL_PARAM *p; const char *properties = NULL; @@ -304,7 +305,8 @@ macname = p->data; } if ((p = OSSL_PARAM_locate_const(params, - OSSL_ALG_PARAM_PROPERTIES)) != NULL) { + OSSL_ALG_PARAM_PROPERTIES)) + != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; properties = p->data; @@ -330,7 +332,7 @@ return 1; if (ossl_prov_set_macctx(*macctx, params, ciphername, mdname, NULL, - properties, NULL, 0)) + properties, NULL, 0)) return 1; EVP_MAC_CTX_free(*macctx); @@ -339,7 +341,7 @@ } void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in, - OSSL_ALGORITHM *out) + OSSL_ALGORITHM *out) { int i, j; --- crypto/openssl/providers/common/securitycheck.c.orig +++ crypto/openssl/providers/common/securitycheck.c @@ -31,30 +31,31 @@ int protect = 0; switch (operation) { - case EVP_PKEY_OP_SIGN: - protect = 1; - /* fallthrough */ - case EVP_PKEY_OP_VERIFY: - break; - case EVP_PKEY_OP_ENCAPSULATE: - case EVP_PKEY_OP_ENCRYPT: - protect = 1; - /* fallthrough */ - case EVP_PKEY_OP_VERIFYRECOVER: - case EVP_PKEY_OP_DECAPSULATE: - case EVP_PKEY_OP_DECRYPT: - if (RSA_test_flags(rsa, - RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSASSAPSS) { - ERR_raise_data(ERR_LIB_PROV, - PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE, - "operation: %d", operation); - return 0; - } - break; - default: - ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, - "invalid operation: %d", operation); + case EVP_PKEY_OP_SIGN: + protect = 1; + /* fallthrough */ + case EVP_PKEY_OP_VERIFY: + break; + case EVP_PKEY_OP_ENCAPSULATE: + case EVP_PKEY_OP_ENCRYPT: + protect = 1; + /* fallthrough */ + case EVP_PKEY_OP_VERIFYRECOVER: + case EVP_PKEY_OP_DECAPSULATE: + case EVP_PKEY_OP_DECRYPT: + if (RSA_test_flags(rsa, + RSA_FLAG_TYPE_MASK) + == RSA_FLAG_TYPE_RSASSAPSS) { + ERR_raise_data(ERR_LIB_PROV, + PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE, + "operation: %d", operation); return 0; + } + break; + default: + ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, + "invalid operation: %d", operation); + return 0; } #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) @@ -63,7 +64,7 @@ if (protect ? (sz < 2048) : (sz < 1024)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, - "operation: %d", operation); + "operation: %d", operation); return 0; } } @@ -91,7 +92,7 @@ */ int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) { -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) +#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (ossl_securitycheck_enabled(ctx)) { int nid, strength; const char *curve_name; @@ -104,14 +105,14 @@ nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, - "Explicit curves are not allowed in fips mode"); + "Explicit curves are not allowed in fips mode"); return 0; } curve_name = EC_curve_nid2nist(nid); if (curve_name == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, - "Curve %s is not approved in FIPS mode", curve_name); + "Curve %s is not approved in FIPS mode", curve_name); return 0; } @@ -132,11 +133,11 @@ */ if (protect && strength < 112) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, - "Curve %s cannot be used for signing", curve_name); + "Curve %s cannot be used for signing", curve_name); return 0; } } -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ +#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return 1; } #endif /* OPENSSL_NO_EC */ @@ -149,7 +150,7 @@ */ int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign) { -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) +#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (ossl_securitycheck_enabled(ctx)) { size_t L, N; const BIGNUM *p, *q; @@ -182,12 +183,12 @@ return 1; } - /* Valid sizes for both sign and verify */ - if (L == 2048 && (N == 224 || N == 256)) /* 112 bits */ + /* Valid sizes for both sign and verify */ + if (L == 2048 && (N == 224 || N == 256)) /* 112 bits */ return 1; - return (L == 3072 && N == 256); /* 128 bits */ + return (L == 3072 && N == 256); /* 128 bits */ } -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ +#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return 1; } #endif /* OPENSSL_NO_DSA */ @@ -201,7 +202,7 @@ */ int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh) { -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) +#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (ossl_securitycheck_enabled(ctx)) { size_t L, N; const BIGNUM *p, *q; @@ -227,30 +228,30 @@ return (L == 2048 && (N == 224 || N == 256)); } -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ +#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return 1; } #endif /* OPENSSL_NO_DH */ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed) + int sha1_allowed) { int mdnid = ossl_digest_get_approved_nid(md); -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) +#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (ossl_securitycheck_enabled(ctx)) { if (mdnid == NID_undef || (mdnid == NID_sha1 && !sha1_allowed)) mdnid = -1; /* disallowed by security checks */ } -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ +#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return mdnid; } int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) { -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) +#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (ossl_securitycheck_enabled(ctx)) return ossl_digest_get_approved_nid(md) != NID_undef; -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ +#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return 1; } --- crypto/openssl/providers/common/securitycheck_default.c.orig +++ crypto/openssl/providers/common/securitycheck_default.c @@ -23,16 +23,16 @@ } int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - ossl_unused int sha1_allowed) + ossl_unused int sha1_allowed) { int mdnid; static const OSSL_ITEM name_to_nid[] = { - { NID_md5, OSSL_DIGEST_NAME_MD5 }, - { NID_md5_sha1, OSSL_DIGEST_NAME_MD5_SHA1 }, - { NID_md2, OSSL_DIGEST_NAME_MD2 }, - { NID_md4, OSSL_DIGEST_NAME_MD4 }, - { NID_mdc2, OSSL_DIGEST_NAME_MDC2 }, + { NID_md5, OSSL_DIGEST_NAME_MD5 }, + { NID_md5_sha1, OSSL_DIGEST_NAME_MD5_SHA1 }, + { NID_md2, OSSL_DIGEST_NAME_MD2 }, + { NID_md4, OSSL_DIGEST_NAME_MD4 }, + { NID_mdc2, OSSL_DIGEST_NAME_MDC2 }, { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, }; --- crypto/openssl/providers/common/securitycheck_fips.c.orig +++ crypto/openssl/providers/common/securitycheck_fips.c @@ -31,7 +31,7 @@ } int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed) + int sha1_allowed) { #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (ossl_securitycheck_enabled(ctx)) --- crypto/openssl/providers/decoders.inc.orig +++ crypto/openssl/providers/decoders.inc @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,6 +69,7 @@ # ifndef OPENSSL_NO_SM2 DECODER_w_structure("SM2", der, PrivateKeyInfo, sm2, no), DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, no), +DECODER_w_structure("SM2", der, type_specific_no_pub, sm2, no), # endif #endif DECODER_w_structure("RSA", der, PrivateKeyInfo, rsa, yes), --- crypto/openssl/providers/defltprov.c.orig +++ crypto/openssl/providers/defltprov.c @@ -119,9 +119,9 @@ * the KMAC-128 and KMAC-256. */ { PROV_NAMES_KECCAK_KMAC_128, "provider=default", - ossl_keccak_kmac_128_functions }, + ossl_keccak_kmac_128_functions }, { PROV_NAMES_KECCAK_KMAC_256, "provider=default", - ossl_keccak_kmac_256_functions }, + ossl_keccak_kmac_256_functions }, /* Our primary name:NIST name */ { PROV_NAMES_SHAKE_128, "provider=default", ossl_shake_128_functions }, @@ -213,13 +213,13 @@ ALG(PROV_NAMES_AES_192_WRAP_PAD_INV, ossl_aes192wrappadinv_functions), ALG(PROV_NAMES_AES_128_WRAP_PAD_INV, ossl_aes128wrappadinv_functions), ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA1, ossl_aes128cbc_hmac_sha1_functions, - ossl_cipher_capable_aes_cbc_hmac_sha1), + ossl_cipher_capable_aes_cbc_hmac_sha1), ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA1, ossl_aes256cbc_hmac_sha1_functions, - ossl_cipher_capable_aes_cbc_hmac_sha1), + ossl_cipher_capable_aes_cbc_hmac_sha1), ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA256, ossl_aes128cbc_hmac_sha256_functions, ossl_cipher_capable_aes_cbc_hmac_sha256), ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, - ossl_cipher_capable_aes_cbc_hmac_sha256), + ossl_cipher_capable_aes_cbc_hmac_sha256), #ifndef OPENSSL_NO_ARIA ALG(PROV_NAMES_ARIA_256_GCM, ossl_aria256gcm_functions), ALG(PROV_NAMES_ARIA_192_GCM, ossl_aria192gcm_functions), @@ -297,9 +297,9 @@ #endif /* OPENSSL_NO_SM4 */ #ifndef OPENSSL_NO_CHACHA ALG(PROV_NAMES_ChaCha20, ossl_chacha20_functions), -# ifndef OPENSSL_NO_POLY1305 +#ifndef OPENSSL_NO_POLY1305 ALG(PROV_NAMES_ChaCha20_Poly1305, ossl_chacha20_ossl_poly1305_functions), -# endif /* OPENSSL_NO_POLY1305 */ +#endif /* OPENSSL_NO_POLY1305 */ #endif /* OPENSSL_NO_CHACHA */ { { NULL, NULL, NULL }, NULL } }; @@ -329,7 +329,7 @@ static const OSSL_ALGORITHM deflt_kdfs[] = { { PROV_NAMES_HKDF, "provider=default", ossl_kdf_hkdf_functions }, { PROV_NAMES_TLS1_3_KDF, "provider=default", - ossl_kdf_tls1_3_kdf_functions }, + ossl_kdf_tls1_3_kdf_functions }, { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions }, { PROV_NAMES_PBKDF2, "provider=default", ossl_kdf_pbkdf2_functions }, { PROV_NAMES_PKCS12KDF, "provider=default", ossl_kdf_pkcs12_functions }, @@ -357,7 +357,7 @@ { PROV_NAMES_TLS1_PRF, "provider=default", ossl_kdf_tls1_prf_keyexch_functions }, { PROV_NAMES_HKDF, "provider=default", ossl_kdf_hkdf_keyexch_functions }, { PROV_NAMES_SCRYPT, "provider=default", - ossl_kdf_scrypt_keyexch_functions }, + ossl_kdf_scrypt_keyexch_functions }, { NULL, NULL, NULL } }; @@ -379,16 +379,16 @@ { PROV_NAMES_ED25519, "provider=default", ossl_ed25519_signature_functions }, { PROV_NAMES_ED448, "provider=default", ossl_ed448_signature_functions }, { PROV_NAMES_ECDSA, "provider=default", ossl_ecdsa_signature_functions }, -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 { PROV_NAMES_SM2, "provider=default", ossl_sm2_signature_functions }, -# endif +#endif #endif { PROV_NAMES_HMAC, "provider=default", ossl_mac_legacy_hmac_signature_functions }, { PROV_NAMES_SIPHASH, "provider=default", - ossl_mac_legacy_siphash_signature_functions }, + ossl_mac_legacy_siphash_signature_functions }, #ifndef OPENSSL_NO_POLY1305 { PROV_NAMES_POLY1305, "provider=default", - ossl_mac_legacy_poly1305_signature_functions }, + ossl_mac_legacy_poly1305_signature_functions }, #endif #ifndef OPENSSL_NO_CMAC { PROV_NAMES_CMAC, "provider=default", ossl_mac_legacy_cmac_signature_functions }, @@ -412,51 +412,51 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { #ifndef OPENSSL_NO_DH { PROV_NAMES_DH, "provider=default", ossl_dh_keymgmt_functions, - PROV_DESCS_DH }, + PROV_DESCS_DH }, { PROV_NAMES_DHX, "provider=default", ossl_dhx_keymgmt_functions, - PROV_DESCS_DHX }, + PROV_DESCS_DHX }, #endif #ifndef OPENSSL_NO_DSA { PROV_NAMES_DSA, "provider=default", ossl_dsa_keymgmt_functions, - PROV_DESCS_DSA}, + PROV_DESCS_DSA }, #endif { PROV_NAMES_RSA, "provider=default", ossl_rsa_keymgmt_functions, - PROV_DESCS_RSA }, + PROV_DESCS_RSA }, { PROV_NAMES_RSA_PSS, "provider=default", ossl_rsapss_keymgmt_functions, - PROV_DESCS_RSA_PSS }, + PROV_DESCS_RSA_PSS }, #ifndef OPENSSL_NO_EC { PROV_NAMES_EC, "provider=default", ossl_ec_keymgmt_functions, - PROV_DESCS_EC }, + PROV_DESCS_EC }, { PROV_NAMES_X25519, "provider=default", ossl_x25519_keymgmt_functions, - PROV_DESCS_X25519 }, + PROV_DESCS_X25519 }, { PROV_NAMES_X448, "provider=default", ossl_x448_keymgmt_functions, - PROV_DESCS_X448 }, + PROV_DESCS_X448 }, { PROV_NAMES_ED25519, "provider=default", ossl_ed25519_keymgmt_functions, - PROV_DESCS_ED25519 }, + PROV_DESCS_ED25519 }, { PROV_NAMES_ED448, "provider=default", ossl_ed448_keymgmt_functions, - PROV_DESCS_ED448 }, + PROV_DESCS_ED448 }, #endif { PROV_NAMES_TLS1_PRF, "provider=default", ossl_kdf_keymgmt_functions, - PROV_DESCS_TLS1_PRF_SIGN }, + PROV_DESCS_TLS1_PRF_SIGN }, { PROV_NAMES_HKDF, "provider=default", ossl_kdf_keymgmt_functions, - PROV_DESCS_HKDF_SIGN }, + PROV_DESCS_HKDF_SIGN }, { PROV_NAMES_SCRYPT, "provider=default", ossl_kdf_keymgmt_functions, - PROV_DESCS_SCRYPT_SIGN }, + PROV_DESCS_SCRYPT_SIGN }, { PROV_NAMES_HMAC, "provider=default", ossl_mac_legacy_keymgmt_functions, - PROV_DESCS_HMAC_SIGN }, + PROV_DESCS_HMAC_SIGN }, { PROV_NAMES_SIPHASH, "provider=default", ossl_mac_legacy_keymgmt_functions, - PROV_DESCS_SIPHASH_SIGN }, + PROV_DESCS_SIPHASH_SIGN }, #ifndef OPENSSL_NO_POLY1305 { PROV_NAMES_POLY1305, "provider=default", ossl_mac_legacy_keymgmt_functions, - PROV_DESCS_POLY1305_SIGN }, + PROV_DESCS_POLY1305_SIGN }, #endif #ifndef OPENSSL_NO_CMAC { PROV_NAMES_CMAC, "provider=default", ossl_cmac_legacy_keymgmt_functions, - PROV_DESCS_CMAC_SIGN }, + PROV_DESCS_CMAC_SIGN }, #endif #ifndef OPENSSL_NO_SM2 { PROV_NAMES_SM2, "provider=default", ossl_sm2_keymgmt_functions, - PROV_DESCS_SM2 }, + PROV_DESCS_SM2 }, #endif { NULL, NULL, NULL } }; @@ -476,7 +476,7 @@ }; static const OSSL_ALGORITHM deflt_store[] = { -#define STORE(name, _fips, func_table) \ +#define STORE(name, _fips, func_table) \ { name, "provider=default,fips=" _fips, (func_table) }, #include "stores.inc" @@ -485,7 +485,7 @@ }; static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, - int *no_cache) + int *no_cache) { *no_cache = 0; switch (operation_id) { @@ -519,7 +519,6 @@ return NULL; } - static void deflt_teardown(void *provctx) { BIO_meth_free(ossl_prov_ctx_get0_core_bio_method(provctx)); @@ -533,22 +532,22 @@ { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))deflt_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))deflt_query }, { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, - (void (*)(void))ossl_prov_get_capabilities }, + (void (*)(void))ossl_prov_get_capabilities }, { 0, NULL } }; OSSL_provider_init_fn ossl_default_provider_init; int ossl_default_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; BIO_METHOD *corebiometh; if (!ossl_prov_bio_from_dispatch(in) - || !ossl_prov_seeding_from_dispatch(in)) + || !ossl_prov_seeding_from_dispatch(in)) return 0; for (; in->function_id != 0; in++) { switch (in->function_id) { @@ -579,13 +578,13 @@ * create their own library context. */ if ((*provctx = ossl_prov_ctx_new()) == NULL - || (corebiometh = ossl_bio_prov_init_bio_method()) == NULL) { + || (corebiometh = ossl_bio_prov_init_bio_method()) == NULL) { ossl_prov_ctx_free(*provctx); *provctx = NULL; return 0; } ossl_prov_ctx_set0_libctx(*provctx, - (OSSL_LIB_CTX *)c_get_libctx(handle)); + (OSSL_LIB_CTX *)c_get_libctx(handle)); ossl_prov_ctx_set0_handle(*provctx, handle); ossl_prov_ctx_set0_core_bio_method(*provctx, corebiometh); --- crypto/openssl/providers/fips-sources.checksums.orig +++ crypto/openssl/providers/fips-sources.checksums @@ -1,8 +1,8 @@ -0e22ea0cf34ef3871e30df0bc302dc29352d38001d1622ddb78a27a374b6aee8 crypto/aes/aes_cbc.c -c049a936d74100fcced225f575d46662792a6a0039777d2d4df0cf61eff90a68 crypto/aes/aes_core.c +1adbe13eff4750e389446101753e40402977dacf1493eb7ba053654bb37bd0e8 crypto/aes/aes_cbc.c +a328908d0d04366e7160884001170c494751a2555e935b7ba3feab88a0b977f8 crypto/aes/aes_core.c 3fac41ce96acb9189eac2d5571425c3ff33a34c884ae7e275e1fd3068b5fc662 crypto/aes/aes_ecb.c -c1e674d08683a25bc053f6233f73a0d0b3a90aafe591ff57b702c7da1582e4a5 crypto/aes/aes_local.h -a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd crypto/aes/aes_misc.c +da4942231014063d9e4fe1db91b6eb1b8f233904d169f3f1b8be7c6a59728d2e crypto/aes/aes_local.h +7414fa4526ba20ee966125e8f7e428e4c75cd9021a79f1151a4bacb28d2f10da crypto/aes/aes_misc.c 6979c133f76f4623e62e6e970deae70fa025e713a72b71aead5a048d49e47f6f crypto/aes/asm/aes-586.pl 92be9ff608331a432e95247a8f4fb9e46897d0cb76f2b6db809b61d44287964a crypto/aes/asm/aes-armv4.pl 953897f86e2de9fa27ef411155ab3aed133af94885f1507e76449c142da78656 crypto/aes/asm/aes-c64xplus.pl @@ -10,7 +10,7 @@ 88b6f8396cd9d86004743d5c3b0f72b7b8c3d5a2b00b0bbb761ba91ae5a7cdc8 crypto/aes/asm/aes-mips.pl 7ff9c96ef3d591d45d776fa4b244601ea0d9328e289aeab1e1b92436ce7d02ad crypto/aes/asm/aes-parisc.pl f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b crypto/aes/asm/aes-ppc.pl -ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f crypto/aes/asm/aes-s390x.pl +290ae2a09826d24e83763415a021e328d41a163f41cff8c9e3b882e973677f33 crypto/aes/asm/aes-s390x.pl ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl 2b3b9ac56bf54334d053857a24bdb08592151e8a7a60b89b8195846b7f8ee7b5 crypto/aes/asm/aes-x86_64.pl c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm/aesfx-sparcv9.pl @@ -21,7 +21,7 @@ c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl 0489a10fbb1a8ca3652848d5c1e14e519501e189bad3e5827a573c26df359691 crypto/aes/asm/aesp8-ppc.pl e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl -e3955352a92d56905d63e68937e4758f13190a14a10a3dcb1e5c641c49913c0c crypto/aes/asm/aesv8-armx.pl +19bc931e0afa1fc54788fc2b66fa3ed2bf485ef1c8f74938a0e260e92338d613 crypto/aes/asm/aesv8-armx.pl 5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl 1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl @@ -30,9 +30,9 @@ 060bb6620f50af9afecdf97df051b45b9a50be9daf343dfec1cbb29693ce00a4 crypto/aes/asm/vpaes-x86_64.pl 2bc67270155e2d6c7da87d9070e005ee79cea18311004907edfd6a078003532a crypto/alphacpuid.pl 0255a480b78bdcc71f76676f496962a9828eb900f53b7be13be96ae3f67fe6db crypto/arm64cpuid.pl -e0daf54f72dd8fd1bc537d93f34e2a6a887a9ed6027bb33e15a327ef5ff37a42 crypto/armcap.c +1699aff6b09399742f57348b398cd253c1799fda1ecf68bea2bf4fbe323dce55 crypto/armcap.c a43f2c1eef16146943745f684f2add7d186924932a47abf7fb0760cba02804e6 crypto/armv4cpuid.pl -16739d54200fb81ca7835b5814f965022a2ab41589c7787e2697e3ea72d4fafa crypto/asn1_dsa.c +e886d814c34492504cc9a2451c67fd8c0b4e83e8618f931632400cfe522b6e4d crypto/asn1_dsa.c 819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a crypto/bn/asm/alpha-mont.pl 0070595128b250b9ebdebe48ce53d2d27ca16ec4f7c6c8bd169ab2e4a913b2d1 crypto/bn/asm/armv4-gf2m.pl 8c1c53a725b8a4f92b8a353bfeeb393be94198df41c912e3270f9e654417b250 crypto/bn/asm/armv4-mont.pl @@ -59,83 +59,83 @@ ca21a9ccbc54e19fb7c2e6cdf286ce7cb08b0fba960c777c6edce5c57ccc2101 crypto/bn/asm/sparcv8.S fbc93c8dbbecefe66086f58fe9719ed87b13b2cdc61454a10e841228296fecef crypto/bn/asm/sparcv8plus.S 127832c1e3d298aad805236776488f5f8836b6a0fdbce3f6b42678163df3909f crypto/bn/asm/sparcv9-gf2m.pl -1622f04a8918724ac0e8804baf285fdafa0eeaaecc36c7facd459d0ff13a8cac crypto/bn/asm/sparcv9-mont.pl +0ad54f0cdf6a52ee0b0aab03800cb2b6beb39b138378b93e151cfd6b1aa2f2d6 crypto/bn/asm/sparcv9-mont.pl b69083f78b4b4f7097de4462d16649532fb82c453a82cdd9cc1393122661d6e2 crypto/bn/asm/sparcv9a-mont.pl d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb crypto/bn/asm/via-mont.pl d24f3e97239c8eed5efc721521b025b7256c15e67a54ea6b5c4cf8f7cd0f89ea crypto/bn/asm/vis3-mont.pl 89278854f44d95be916516609ce6f79dcd346bab52574b9b6336a9952aa94bee crypto/bn/asm/x86-gf2m.pl 90d4ae234c08267adce9ed38d56e0edc223f7480cb9605f5d7399d0b3914c6be crypto/bn/asm/x86-mont.pl -d444ca73875e97e0ea88b20e4c02f2fcf3850e8b9311e3b67a2d04fe2796d543 crypto/bn/asm/x86_64-gcc.c +0e3e572cd864bcb9222cdad7ca4e8dae4250f6f76c2b66e1f0e46df1cc0cf371 crypto/bn/asm/x86_64-gcc.c 709ddee92e9222ee0ed27bfb90db556e85e2d302e4a9131afa25fdc14c4d858f crypto/bn/asm/x86_64-gf2m.pl da7f7780d27eed164797e5334cd45b35d9c113e86afaca051463aef9a8fd787c crypto/bn/asm/x86_64-mont.pl 259fb8d7f40c0dba46920b1f169d5b37de03b0fda645463d19e3ae2b56de851d crypto/bn/asm/x86_64-mont5.pl 0ea8185a037a2951bb3d1e590bbbdeac305176d5e618f3e43a04c09733a9de34 crypto/bn/bn_add.c -759c2b9df808b3562fe8b0c7778dbadbf35f261e14fc2d5090d18c35b4181760 crypto/bn/bn_asm.c -14bd5a35c05fcf454854b92fb30b356d7ac618c1eb699dd798f6ad2936d1f5ee crypto/bn/bn_blind.c -7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6 crypto/bn/bn_const.c +099f332d813ce01a501b6c833ec9c84079c73e6d31542df1c7947113d687cbf2 crypto/bn/bn_asm.c +2a5bb3fcdd1ad7ec74d48497e099f90222cc5d50ce4be340372c0f4fb6632c92 crypto/bn/bn_blind.c +d3b5f02a17ba1c71261f6dad0d4785846567c8a03368d41fc1a6ee7c45aaff78 crypto/bn/bn_const.c 58b587e20404efa408b31a88ba9c357059ced709bea78c07deb91df7b687db81 crypto/bn/bn_conv.c -2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c -d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c -74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c -46357d2d30109ae59482332adf604a5ef1bd64c7de08cc808db028c45190ba93 crypto/bn/bn_exp.c -ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c -baba7c8ae95af6aa36bc9f4be3a2eed33d500451e568ca4bfc6bc7cb48d4f7ea crypto/bn/bn_gcd.c -99325cf50bf72b5d77048c20d7fa4f80a179dc6357023745f9a58c8e914ae136 crypto/bn/bn_gf2m.c +184370000a8bb695f798b7b42887b8e418e4317cc65b3b32915a836fd1a4086d crypto/bn/bn_ctx.c +b1b1c5fb8a45fde5755dfd5da62b68100b94f8c492c950719c108c384ea7f3c4 crypto/bn/bn_dh.c +4824f271f0ddc487b5991fbd92f7f7695aeeac234e076078f37da027999cdd88 crypto/bn/bn_div.c +3a720f1fd8fbfb77f5f0114bed061111602d1e36f6cc53711db5a42d1507bbc5 crypto/bn/bn_exp.c +ce5219203bf869561297978d6d416357a441864cd801865503dfd455c481960c crypto/bn/bn_exp2.c +4b047151f32f29fa2374ade46fd2193273ede805432cb54a1b8e67f5b862e88e crypto/bn/bn_gcd.c +6c652722a67f76ffc2edac6a7f7ac6646fb2a05e86ce06d576e371499af4ff62 crypto/bn/bn_gf2m.c 081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c -602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c -81a4afc27dd1e90c4bfa81c8d385214ce8a2b5884537752944a71ebebd91f4b0 crypto/bn/bn_lib.c -d5beb9fbac2ff5dc3ccbdfa4d1aabca7225c778cff4e3b05b6d6c63e182637f5 crypto/bn/bn_local.h -96f98cdf50087c5b567c31bf2581728623206d79b3f97f5a0c5fdaa0009e6e3c crypto/bn/bn_mod.c -f60f3d49b183b04bcdf9b82f7c961b8c1bcb00e68a2c1166fe9edd95a783356e crypto/bn/bn_mont.c -2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60 crypto/bn/bn_mpi.c -76982b18b0803d59b33168b260677e7412970757d3b9513de5c80025290f211d crypto/bn/bn_mul.c -b3677b73ac29aab660c9a549f7af154ca14347fac5cffd43b153a75211f1373f crypto/bn/bn_nist.c -c6760a724d696b7209f0a71f8483fabcf4f081f7e93e2628284c32ef78f69365 crypto/bn/bn_prime.c +ff147e5e032cc7c772b73a91fc6e24d8d9516e642d29354445d1f82d64b1d924 crypto/bn/bn_kron.c +db803f7cc1ace380f9aeac10f316ec23c10d1e3f20f01fc6bd34d2c37a2b8d71 crypto/bn/bn_lib.c +cd7bade0f2e223fe34f6e2f8cc87098ac8f0af96ec62ada5e67f6a2344d48ef0 crypto/bn/bn_local.h +a2788054137fd9c4495a8bfba97e8e5f901e96f84ea5b2719c326a9f9ec0eda9 crypto/bn/bn_mod.c +1e221a2dae6cf79b176f4edbf57cec219696c383f51fd6e9f512a0a9fb833386 crypto/bn/bn_mont.c +c2a5230efbda6844b7b2eb10447b054496ae5029130d332536de6c3b12dc58a3 crypto/bn/bn_mpi.c +488dde761d25fb2eabd8acbea5b3b83520db7733480fab6499f60b8bf680b1ed crypto/bn/bn_mul.c +843a6dc2fd3ed53c363cb066989fae80d617706d2b974f43c26d893430af3320 crypto/bn/bn_nist.c +3bb750195f38b998175ab45b5f0f7f720c5394aada2e55206fd3c8789a39f7fa crypto/bn/bn_prime.c c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h -71186d5bd40d467a919e6449d8aa23d13df88e0c85765d1a165f3eeec6bd33a7 crypto/bn/bn_rand.c +21aa616cfd417b10565e1aa5c10ecab9c68e9b82d507474d0e94d320c699236a crypto/bn/bn_rand.c 4df8f204c8a06de2b4395be613ca0b9943613c523586e2005876d5c7bb891c75 crypto/bn/bn_recp.c -a5c5c9f99961a5a7f22a3dcdce964c8a330f822be17f08652223a20fed747d0a crypto/bn/bn_rsa_fips186_4.c +5eba9c104488b1dc301aa3a626c14ba420c3161cd353cc9689b4ff2e41e81757 crypto/bn/bn_rsa_fips186_4.c 6889866bca4673bccb8adf870859a867757ccd3c8ad4652675615afff710add3 crypto/bn/bn_shift.c -622e90766b29e0d25f46474429aebda8eba2246835b9e85dc26da7cdbd49334f crypto/bn/bn_sqr.c -42c8ce944c889abcfcf089d0ad2744b7587696d8d7785efa91b3f7ec53dc062a crypto/bn/bn_sqrt.c -24e62baa56e02f2db6454e10168b7c7fa7638db9221b9acda1803d43f38f36e0 crypto/bn/bn_word.c -be27115efd36f0077a3ec26b1ff1f586b0b8969ba05d8ffa34b2ff4badf227bf crypto/bn/rsaz_exp.c -c4d64da1cdc732ea918fccd6a7bb2746b03365dd26f7ba1e74e08c307ca4c58e crypto/bn/rsaz_exp.h -9bc3bf8965f98915f9019d2f516345e73c435c5bd8ad94bb4b7057809a7d1383 crypto/bn/rsaz_exp_x2.c -834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c +97559e9e071a06b8cffa37b7df27af638de84c51d5da190a879752f39e2b6368 crypto/bn/bn_sqr.c +c748baddfec6734bb50facbadf151a1f22f8a885c677acfb08b4f814e96f0d52 crypto/bn/bn_sqrt.c +f42996cdd94f18fe0858552be7123e75cb3ced0ebd7dcb90a0c73740090dcac9 crypto/bn/bn_word.c +d3b274c197fbbe7631392e303a878d935fd470905d8967e033fd915e34de521b crypto/bn/rsaz_exp.c +544b0e5c28b388d998a5c58e7213c67b5113cd295a39d8bb745431a3e283e829 crypto/bn/rsaz_exp.h +6bd99f2ece6d4dfb79b757af58a1a01b8f7b1aa274a26dc86e7cf63a7648514a crypto/bn/rsaz_exp_x2.c +f6c72754667c90e3466243f9d21ce6a799db8e58c8b78b2707129dcc540adc3c crypto/bsearch.c c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c 5f43844b5d8665de9ab895f93599150a327d73ec2674bbf7d7c512d30163022d crypto/c64xpluscpuid.pl 0e1a41a2d81b5765bca3df448f60bf1fad91e485fe89dd65a7300ffc419e316d crypto/cmac/cmac.c -5113d8d12d884f845cad3d35d92f0a1ee20ebafd7a169273642f4e8178711de9 crypto/context.c -c309d81ea991ddf5be4337afad2fd132169f7443c76f863349d3f3c82f3374e4 crypto/core_algorithm.c +1c074d8d1198c2f4682f2c6253bbe5df15726e9bd97d321c964307203aa43afb crypto/context.c +a1023709ba1260808f091fb77441a950d92e80e9861eca2cef0cadf48436e260 crypto/core_algorithm.c 65ba41169f8fec7cb8466c3458721e3150057fb587db087a70752e5e08201381 crypto/core_fetch.c -799c84d224639c6760c5c28e0e287500a973ca6d0c3d7c1bdcd61b0da4018b3c crypto/core_namemap.c -469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c -71f0fff881eb4c5505fb17662f0ea4bbff24c6858c045a013ad8f786b07da5c4 crypto/cryptlib.c +5af30e9b0265770e7866176e92b73694ae83e9e21c8552cc449a1fd037321066 crypto/core_namemap.c +d8ebece7bd583928192ab1d4a632dc98cb5ee21d137d226880165fde94cf0731 crypto/cpuid.c +dfeee2fc1223f85ed8dcb68972a6d6846bdce50bec2ae14e6dfc64481b90ca63 crypto/cryptlib.c 66dbfc58916709d5a6913777346083247942a8d9458ee9b2bf443f0ea4988d64 crypto/ctype.c -51e56541daea6d4a26d5bae2ea458414063bf08b045bab8df370f6695903e0a5 crypto/der_writer.c -fea3ba4225df97aee90690adf387625b746d8edfdc5af2357ee65151a3d236ac crypto/des/des_enc.c -4971cdc016ee262d81e31f96c1617a33a63c0d90139e440c2ff32a368ee07bbd crypto/des/des_local.h +b9fabcf8480b8c9c7847a0c9af0fcc13b6c4b4a4558d5e445e6409221e6f8113 crypto/der_writer.c +135ef65f7602432f8c87ad18fdd90b867f1c46b1c631522d56181fbed2106b05 crypto/des/des_enc.c +1344fdb4243d1a2361d138e115b4bcfe9cc73d23d941fa7d05290b5ad5b61207 crypto/des/des_local.h eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb3_enc.c -04d4cc355200b57f1e7d265a2cebdf094df1eb6e96621b533adddc3d60d31fbe crypto/des/fcrypt_b.c +c1e015556147b40c854bf0ab275c54235f99001d04c6d49f158fba6865eb5439 crypto/des/fcrypt_b.c 499513b3ad386fe694c4e04b3c8a9fd4c4e18fc44bb6c4f94d6bf2d9362a3a5a crypto/des/ncbc_enc.c -61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c -8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h -816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c +5b53b6f066b43234c8730e0f5ad90f4740ec53cf51be49b20f265547ffc67c68 crypto/des/set_key.c +41b7fc5e67814311b878684e3f29cff60e228f1516f670d81bf43130f2668ae8 crypto/des/spr.h +cf6c6b9de68120caad0e384e6d8257baf809da56514d9e993305fb8499ba56eb crypto/dh/dh_backend.c 24cf9462da6632c52b726041271f8a43dfb3f74414abe460d9cc9c7fd2fd2d7d crypto/dh/dh_check.c 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c -6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c +1149e214ed664540434912e284730a3c87385172e4c6d1c944ea56659e2dd762 crypto/dh/dh_group_params.c a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c -b0c248efc7dad48eaceb939a18cb2592cbfe5b02dd406592e5e590645488b153 crypto/dh/dh_key.c +89bdfd7f753e296cc23ac908d955535479edbc5f5987bb994df992aaaa9a452a crypto/dh/dh_key.c 92345c259ea2a8c09e6d6b069d0942bd6ca4642231580f3e8148ae7a832a1115 crypto/dh/dh_lib.c -8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h -bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c +a9166c3cc60f4281e9d471c64145e0a78fc9dc43b8bc9e5de96d91eb7d277da3 crypto/dh/dh_local.h +40065939139ac28aa52838aa54d257da82fce73504557f7a9ad34d13824e0cb9 crypto/dsa/dsa_backend.c 786d6c65ced7ee4e25f5dd7c3150259ec95b6aa321a7590d905757b8139f8230 crypto/dsa/dsa_check.c ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c -b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c +cad198fe8ab5f7b4fd02d18b64b1acddc1994b8014fea448e12eeb870fa2f1a9 crypto/dsa/dsa_key.c 9f4837c5abe53613a2dc1c5db81d073d4f42bd28b6a2d1e93a2b350d8e25d52a crypto/dsa/dsa_lib.c -f4d52d3897219786c6046bf76abb2f174655c584caa50272bf5d281720df5022 crypto/dsa/dsa_local.h -196dc024873e413d92672c3a9b6c062ed6269250b0da6d41c0da1c03cfec9ef8 crypto/dsa/dsa_ossl.c +1557844970459c39254edbd84936ad419c864d2d14a7e2aec87d8e8734071cd6 crypto/dsa/dsa_local.h +7d72541318b94ab4dde84841a96c2980e2a2641ff4933d1940debac14f826b38 crypto/dsa/dsa_ossl.c 9f501a59c09fc3cb3caafaff25abd44397a94d1062950a4d62e855d2c8986b5a crypto/dsa/dsa_sign.c 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl @@ -147,85 +147,85 @@ ac327475c7ec828d11aa05628b4e3b81ec3b1400f30fe7bec01daf3cf71f2dc9 crypto/ec/asm/ecp_nistz256-x86_64.pl cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368 crypto/ec/asm/x25519-ppc64.pl ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732 crypto/ec/asm/x25519-x86_64.pl -340336e01aa04fcde9bfd56536f90c9bc0ad56a002b6cfa321a1e421f1e93ceb crypto/ec/curve25519.c -9a95ec8366154bb20aeb24f4767a8cbb9953ca0380708eb2f39caca6078cd59e crypto/ec/curve448/arch_32/f_impl32.c -063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1 crypto/ec/curve448/arch_64/arch_intrinsics.h -43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4 crypto/ec/curve448/arch_64/f_impl.h -012d4a9c8aed4a66cd3a3eef17d4b4d8f3c6f384449cd057bd292b98e072a283 crypto/ec/curve448/arch_64/f_impl64.c -9b408ec0d43f3b6d714ef5963147e2c2abaddc88633db7dd759193d3c56ed727 crypto/ec/curve448/curve448.c -3c12d90e3fdd59b5d32d63186f1a6f15c75eb73f5035b844a2054356a9459780 crypto/ec/curve448/curve448_local.h -178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306 crypto/ec/curve448/curve448_tables.c -f30e13bba5a136ab9ba5225c98b9b94c2cd73fb3aef60f9dcde3cd471cfa1ca4 crypto/ec/curve448/curve448utils.h -4a45e7828831fbe9f282f933cda54b12cd393ec9bffe5c0ace8e4d1c4d5d6358 crypto/ec/curve448/ed448.h -a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f crypto/ec/curve448/eddsa.c -450946e1cccb81e45e5601b6154e2311666b06e294aab926369995af06d1a328 crypto/ec/curve448/f_generic.c -f6447921a0031fa5beddedd298e82096fb3fdb189b712fab328b61f6beae0c23 crypto/ec/curve448/field.h -2ad8331e893b5db33198e27603891587686c0dfdab29706dc52a7097c5d6f219 crypto/ec/curve448/point_448.h -1ff6e467d72530c71d21c310180d04a24f0a9cb41168fba94b43309ecdda3888 crypto/ec/curve448/scalar.c -3052a044afae2e91b677542fc8b34b3ec9d033e0c6562b0d43098cfb34ab3c9d crypto/ec/curve448/word.h -ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d crypto/ec/ec2_oct.c -6bbbf570ce31f5b579f7e03ec9f8a774663c7c1eb5e475bd31f8fee94a021ffc crypto/ec/ec2_smpl.c +bf8c2276a0c49b0bbf6fbc1a66369b49919b51d182ed26b2ee30938eb685942f crypto/ec/curve25519.c +4ce5803cbcfe09427ec46216ce23ba9e05a07e4ffa3ed9587d66bba19778259b crypto/ec/curve448/arch_32/f_impl32.c +8e75602d4d492316d318bac147eaa09d87b0eeda0d450e18683d935673ab61b0 crypto/ec/curve448/arch_64/arch_intrinsics.h +4cccf81b42c6b8caff7a641280b2b01400c5ca94f8124eeca774569c19e155e3 crypto/ec/curve448/arch_64/f_impl.h +4affaf6e1ff2ddd0f2183da06628631c0fc21141a82647edf1239f163d75d336 crypto/ec/curve448/arch_64/f_impl64.c +06dd675f5ee342e4fe2e9a4b69f84731f30255df29d8a7bf0468e14506b16b8f crypto/ec/curve448/curve448.c +94f1febf1c8ba30ee6f55bae8cc52e9d6c9f2647e6feb408fbc4172484258740 crypto/ec/curve448/curve448_local.h +6bc188cae67754cfdc9e4420ca2a208292f34c0c3aa5a25930146b92111e9640 crypto/ec/curve448/curve448_tables.c +8d6546f15baec96755625593a9bc7f781092fa4dde846ba6b488a31585b47a8e crypto/ec/curve448/curve448utils.h +490496e1c06d1f3ba9474ddd98e07fe11cac2838dd3937f35541f69ae798e67a crypto/ec/curve448/ed448.h +0ce320059bbac198ddd877d448a9da8a74935dc40b6dd3eafaf16f5392f58d8e crypto/ec/curve448/eddsa.c +fba03776ab7d48874bfa00c575b3a8387b890f609873bd757c933d488803e71b crypto/ec/curve448/f_generic.c +caadd1155b6d9384a7857b8b0f60fff2bd35826ec41b2c579f568a1734d45d71 crypto/ec/curve448/field.h +77bc6dd8c7d14a21760eb5e0dbf336eecc78835faa2f6f846824798303109d41 crypto/ec/curve448/point_448.h +6d007474cb42b16f98059f6eea6c09ef23552049207558fe46d071a613c8a314 crypto/ec/curve448/scalar.c +c0b5e93f120c7a5e0c0aba9877a445d0f5db85440491853b182266ee5f323361 crypto/ec/curve448/word.h +f4490c0b575b79e63a897b1e85a87ede2645a2c521e67db461b3192884450d9d crypto/ec/ec2_oct.c +bf80690d9f51b953e0de3f598d4dc470a692e3df7d3d4932ffd6cbd2efedfff0 crypto/ec/ec2_smpl.c 2a71bd8dbe4f427c117d990581709a4ddce07fa8e530794b5a9574fef7c48a0c crypto/ec/ec_asn1.c -e959960fe9a78ea67346048c9c02428203819d5b443d18fe7bb26cd1ca28fcdc crypto/ec/ec_backend.c -86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a crypto/ec/ec_check.c -265f911b9d4aada326a2d52cd8a589b556935c8b641598dcd36c6f85d29ce655 crypto/ec/ec_curve.c +2457e1f14be55cc63bf37c0cadcdc35c261d2501df39b592894f10a88f8673de crypto/ec/ec_backend.c +f4f7e06bdabf604fc05148c686201a5c74ec168a2126e36b7b55ef7127bf1371 crypto/ec/ec_check.c +72dd6b1286953a1086dcf109027d7905d63fddf8f76164f4ca81472534ddef9a crypto/ec/ec_curve.c 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c -95ce53663ab8a1d05bd6f4999f30113e1edce771fb6d218a772fe02de7bdaf4d crypto/ec/ec_key.c -7e40fc646863e0675bbb90f075b809f61bdf0600d8095c8366858d9533ab7700 crypto/ec/ec_kmeth.c -fea5cd863cd94b4e543b72942ed8c23175359cfab99ca65203af4ebecb001a15 crypto/ec/ec_lib.c -a8a4690e42b4af60aad822aa8b16196df337906af53ea4db926707f7b596ff27 crypto/ec/ec_local.h -fa901b996eb0e460359cd470843bdb03af7a77a2f1136c5e1d30daef70f3e4d2 crypto/ec/ec_mult.c -205b17b41e6678f40ec2a92e7856e87904e57121e7dc3120d14a4c4eeafb15b0 crypto/ec/ec_oct.c +e4fc98a2d9df71b00aac3df13f80f3ffb787fd2e6c38ab476949e3993f5889fe crypto/ec/ec_key.c +583a0e617548d703c3e12674be44a44fa7aa14bb6c94b0eb4d058063ea60421d crypto/ec/ec_kmeth.c +c998a93977afc236ece22d953a50d300d0824fe15dac030f577d01af9ad7c334 crypto/ec/ec_lib.c +edc863250b0d31a798e91954199f53eb41235baba89f1aedba413a34f5dddcc2 crypto/ec/ec_local.h +c31f7d92d3ae050c60e09a547690f532318cc09e23a4bf6653b11f74b4a33efb crypto/ec/ec_mult.c +17d68db872f23e5e2a8e6abd457a740f352f1e1cbd6571b59a0b1d193aec48f7 crypto/ec/ec_oct.c c7fba2f2c33f67dafa23caef8c3abd12f5336274a9a07d412b83be0366969ee6 crypto/ec/ecdh_kdf.c -b2cf8f052a5716137da7b0e857ed7a5df5fb513b6d14534199a05e32f2b5a866 crypto/ec/ecdh_ossl.c -2e00c2e0e6f6d58b81fc23fe500f59e98793dc828ca87d64eba10cc0fddd0dc1 crypto/ec/ecdsa_ossl.c -b6baa42b16e8df69a12e0ab101033100cddc808ec2682ba1574373e6ec86ae93 crypto/ec/ecdsa_sign.c +82cd12e671f49efb78217b3f410500f41d5d2e26164b077ba56977799943c46b crypto/ec/ecdh_ossl.c +0f754f24147b72c83206ff58fa2b264e54c2c855e7d41492d7dc157c8e89a56d crypto/ec/ecdsa_ossl.c +927661d7d67d93209ce21691d4604c25a3f643eef924e8bf1c03d29f196bef22 crypto/ec/ecdsa_sign.c f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35 crypto/ec/ecdsa_vrf.c 141cfc1459214555b623517a054a9e8d5e4065a11301237b7247be2c6f397a0a crypto/ec/ecp_mont.c 13b30f34aeeb0c98747239bfe91b5f0f14e91b2c1f11db62ebb5950c7219daa0 crypto/ec/ecp_nist.c -f288c23b6f83740956886b2303c64d5a3098c98b530859c3bb4b698c01c1643b crypto/ec/ecp_nistz256.c -51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a crypto/ec/ecp_oct.c -b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_smpl.c -e2705097cfab64e8d7eb2feba37c3f12b18aec74b135ad0c7f073efccf336d4c crypto/ec/ecx_backend.c +f11c38173d527105b3e61f662c78372988afd507de0fa6604aa4a45091f24b5a crypto/ec/ecp_nistz256.c +f38971ee893608f00d1ddd77d889aac9558509bda62d2e1b3eecd9bfa0c29095 crypto/ec/ecp_oct.c +cf7e76a6560fc171c867afa1f7c6d9c85f69c95933880c985845edd2522c4adc crypto/ec/ecp_smpl.c +3e60074534e99c25707e4e20fa13dff28db1e07379db473c8509f71c6a62468f crypto/ec/ecx_backend.c 5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c -28abc295dad8888b5482eb61d31cd78dd80545ecb67dc6f9446a36deb8c40a5e crypto/evp/asymcipher.c -0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c -8f9e9da65ab1d0fb3feae5abd6b5c3649d3a4d03e936bb7624a431080de181ae crypto/evp/digest.c -838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c -61df3942752307b7006f09d7628348a0cc9e5555469a3a8862349067a52824b7 crypto/evp/evp_enc.c -62c994fd91dc4a5a1a81dfa9391d6eadae62d3549b2e1b22acb2e7c4cd278f27 crypto/evp/evp_fetch.c -ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c -78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h -117e679d49d2ae87e49d3c942ff0ce768959e8b9713f84a99025cabba462ccd5 crypto/evp/evp_rand.c -2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c -ca8c6cfd30efd53f2e5d1f19bcf09a3a3d0dff6d8947c3943d07a3f4b354aa86 crypto/evp/exchange.c +93d74fd094289450d89ab9b538761e6cb5f31eb704543ef38681a9e24b296ca9 crypto/evp/asymcipher.c +1f64d4752074f954af4f290788e4332e3874ba3282bd03d3e1d1f5ce4b0888bc crypto/evp/dh_support.c +d90e5f6637abcbaa5afd5e59af2aaec5572351f087907ba0fb2e2db7ce93869b crypto/evp/digest.c +4ffc3fc5ee5f0dcadf1516f1cc29338f0f4d85c59881c06d5a777cf4e47a6d5f crypto/evp/ec_support.c +39378dddcc7cdd139694caadff7775b97e1e6cff1b6b26c2adf31251380a292a crypto/evp/evp_enc.c +3fd5f81de0b9547349825e1b6305c1acd9290d6ed80d240d570f42f3a081a376 crypto/evp/evp_fetch.c +d2960666aef9c626b40f0be825df235c84d283f2e073179bcaecbd9e01aa3ab0 crypto/evp/evp_lib.c +bd82993eb938cfd55a2af22aa7c2fa2a2c9ca8ac3c01aaa06de3b9599817e51d crypto/evp/evp_local.h +60b3fe3b2d5aa78d403d0bddd6b7135f6a385fc891211568a3e9cc284f6e7494 crypto/evp/evp_rand.c +0bdae4714221662282dccd5b1f2485370d24e463c11bdbb71a310f34616954fe crypto/evp/evp_utils.c +f2c0f869d96f45687d22ff330b5b44cd15684cb8fbd4d133d58b051e7d0d6ee6 crypto/evp/exchange.c 9e25042581b73e295c059c6217f3ecf809134d518eb79b1b67f34e3ca9145677 crypto/evp/kdf_lib.c -1d72f5506984df1df8606e8c7045f041cf517223e2e1b50c4da8ba8bf1c6c186 crypto/evp/kdf_meth.c -5179624b8e03615dc9caedc9ec16d094fa081495613dd552d71c2c39475bcd83 crypto/evp/kem.c -5cf3e490bf917bd37ae70313d126ae4720432fbec518e4a45e8fa886d5e1689a crypto/evp/keymgmt_lib.c -46ffdc73f8a7fc314dc8988f2751a6e9f9784719f4f162dc4be2450b65b55261 crypto/evp/keymgmt_meth.c +0803a9b1a243445f384274964c85d8887e4cdc0131bf8dfdbfa083ad2825cd6c crypto/evp/kdf_meth.c +c9e79c249d4f95f962c20a5cc63bdfa0aca322a3c404f704ebdd37571cbda6e5 crypto/evp/kem.c +e29825a02439b09f59569d3cdcf4564d9c85c8e7b7d63ae63fe33d5683203b61 crypto/evp/keymgmt_lib.c +a898b29f88be205625abd7585becdd0f7e1876f348ba4cdd0845e36ba30a3469 crypto/evp/keymgmt_meth.c e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c -4290c95f63b43688a8da57690d122add5161a6811f9753da1444d28f46739961 crypto/evp/mac_lib.c -e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c -546d83abecf8973e2d872102a03bde5a46552909fa9e7d1402e1464a27453801 crypto/evp/p_lib.c -3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c -1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c -76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c -53058617c153a7676e7ca18c98c23df867a93087d67935907076f3c5bd65c15e crypto/evp/signature.c +03d2a2c8f5de54e49eaf9b3ad40b24699399dbfbfc488d676b0c0fffaf16ea71 crypto/evp/mac_lib.c +904243d7b709f878ee51f9022bcae300e5a5db26e6a392b026bae8b2833df959 crypto/evp/mac_meth.c +bbfed1b065c03367ca252ddccf9286d0c6af4af6b096749c8a03d7577f495807 crypto/evp/p_lib.c +02d6b04f2237ceb8e81da8287c06a8e60315a812e719b5a0603455feb1ae4628 crypto/evp/pmeth_check.c +e17ece0839bd2b05be7688a1351a92069b62d25a28e4fa324da75d8709d73152 crypto/evp/pmeth_gn.c +ecb6853572293c4ce505c1ce2ebfb598a64164a6309ce4d3b108b5c16f80c8d7 crypto/evp/pmeth_lib.c +725870405eb6ee7296a380525adb1c178dd2363fe9e561971d1f1ae071d9f5a8 crypto/evp/signature.c f2acfb82aac20251d05a9c252cc6c282bd44e43feac4ac2e0faf68b9a38aef57 crypto/ex_data.c 1c8389c5d49616d491978f0f2b2a54ba82d805ec41c8f75c67853216953cf46a crypto/ffc/ffc_backend.c -a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c +f4f84cade98907fa9905334b6c3c046b430b12b1460edac0617d82ca763620ab crypto/ffc/ffc_dh.c 854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c 4e973d956d4ec2087994de8e963be1a512da1441f22e6e7b9cd7ee536e3ff834 crypto/ffc/ffc_key_validate.c 8b72d5a7452b2c15aec6d20027053a83f7df89d49a3b6cfedd77e2b1a29e9fc1 crypto/ffc/ffc_params.c -1a1d227f9a0f427d2ec93bc646c726c9cd49a84a343b4aff0c9c744fa6df05a9 crypto/ffc/ffc_params_generate.c -73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c +c135c4b10a136a9401754f581e51e0536e475fbec64d4f2bd1e14e3e96a58797 crypto/ffc/ffc_params_generate.c +e9a500ddbe96cb5b302fd2db74fac0924a6ac45732df5ee1c09e82b19d06ccfd crypto/ffc/ffc_params_validate.c 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c -0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h +d627a21b4a3d33d244453e9773265a7fe5b526cae27173137c8686935814c6cc crypto/hmac/hmac_local.h 0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c -7290d8d7ec31a98b17618f218d4f27b393501c7606c814a43db8af1975ad1d10 crypto/lhash/lhash.c +d34c9786dc49a3fb1a5fbaea671bea511b0e711d14b9f738f8e3db4defe061b7 crypto/lhash/lhash.c 5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c e14f48d4112c0efe3826b4aa390cc24045a85298cc551ec7f3f36ac4236d7d81 crypto/modes/asm/aes-gcm-armv8_64.pl @@ -241,55 +241,55 @@ 72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8 crypto/modes/asm/ghash-x86_64.pl a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl 69a13f423ca74c22543900c14aef4a848e3bc75504b65d2f51c6903aebcc17a7 crypto/modes/asm/ghashv8-armx.pl -65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c -1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c -d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c -af1c034152d82b29cb7c938c8516cfd136b62bac0908c1d40eb50790d23b288c crypto/modes/ctr128.c -2413852b46ee90bcbb711c0d4fb79fc6b0cac1f837b4df4896a0003935d4211a crypto/modes/gcm128.c -bdf25257b15eca206be4d950d2dd807ca5f058f91f54edbd7a0d312ed83eef8e crypto/modes/ofb128.c -e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/wrap128.c -608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c -abba788a11469f5c01c766fdac64eccd4fb598b2d4d9a12efb086ae87009acb8 crypto/o_str.c -8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c -c698d5166d091d6bb6e9df3c211fe1cc916fd43a26ec844f28f547cd708f9c55 crypto/param_build.c +ca4be187fc1805d498f2adb823509f0519e214644029c18d331b5b01a0891a9d crypto/modes/cbc128.c +979ec7af2df2bd6cad5218ba1dac44316e04447c0a1420bf849ad2ee3402a373 crypto/modes/ccm128.c +00d68c071ecc99c471ec0af7e393f5b5ad38bd89483227291cf4cab08ad74964 crypto/modes/cfb128.c +2a0ab07286b70ce4aa0caf3b5b4be2c00eed3a6d855e9542ae94d0e1f586b1e3 crypto/modes/ctr128.c +7666ce59cb6240830d1f0707053bd2831969b06af7a6d8f8e6546daeb26a09bb crypto/modes/gcm128.c +b431ff38c3a85943f71be0d76b063dbe2930967629b8721465b8152ab7867296 crypto/modes/ofb128.c +02e7659d8776f5885ebbc25b930ddec046262f92c9e8fa7e093f2a6a8d973a3b crypto/modes/wrap128.c +0a10e0cae6f4ac164afe97a64df09c8412145c8a25f387ff3a53ff7495572cbc crypto/modes/xts128.c +a6067746bf89ca164f648055a84c37f6d93dee29df83d629e6395f4d623ceb02 crypto/o_str.c +a1d61a3aeb8d9397ea9ae74becd48eb1a60602820c2d614c4c7b7e677279aa55 crypto/packet.c +154108b648c91e74ed5c021c1386a53c59833f77314eb6e855dbddf4c7b71f20 crypto/param_build.c 2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c -0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c -4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c +d404f0a7e7e892079a417ddd627f4d92113af08c0ce8a8e0281f82f992eb972d crypto/params.c +30ed7566e985b36558acde822f854a225f016bc86105c7d4a86e8261a74bd2c0 crypto/params_dup.c b6cbfc8791b31587f32a3f9e4c117549793528ebddc34a361bad1ad8cf8d4c42 crypto/params_from_text.c -97cb7414dc2f165d5849ee3b46cdfff0afb067729435d9c01a747e0ca41e230c crypto/ppccap.c +76dd1fc45d3ee349bc38a643e1a620c77251ae1f0bb6fc474d59276c8b87c933 crypto/ppccap.c 3ca43596a7528dec8ff9d1a3cd0d68b62640f84b1d6a8b5e4842cfd0be1133ad crypto/ppccpuid.pl -b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c -c3709986fd2ab18f3c6136d8dd7705a4538986aa789ceafe770c3a376db3c569 crypto/property/property.c -66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h -b0b382ce829192d2537561cfb0fb5c7afb04305f321f7b3c91441b4ba99b9c92 crypto/property/property_parse.c -a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c -065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c -dcc44eba5d01dc248c37ec7b394d48660627c0fa4933d2b93993e1f2ac4b71da crypto/provider_core.c -d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h +e7112d7d413c8c55a8b7c26919eef469794d5c7a3e258183d4a1ae510db8405b crypto/property/defn_cache.c +80672c60cf31985fb2f484f525dc4c83ad078020e1e0a19ec16a0ff2d76be874 crypto/property/property.c +7f936270992015923e5f6e81b1afad0148b9034693d3cf4665465f839a28c81f crypto/property/property_local.h +022e20853318a2b96bbf79a3a05eae4903d00a76aeee0b7aebe30cd6c2d202f6 crypto/property/property_parse.c +237079e82943c40d4df9cb6214cf9bc9a84905e4f799eee19a5e0ee4c2d4be4c crypto/property/property_query.c +8b035b8e9e267f04e365b5cbdb6afb1b01ac60a573d9e947e5e855bb06f8f41d crypto/property/property_string.c +d5bad7c9a58a2f12693d88a0fcc02e3934225596cb7cd14c8aec61149b7f64d1 crypto/provider_core.c +aa58d7800d3ccf2989b0de3c2e2710dfac36c88dc51659129897b0dfd2162527 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c -a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c -fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h +e8c9d94ef2954486ddb91bb9cbc816386e663fb24226da772ab0a89e517637ab crypto/rand/rand_lib.c +9e162caba63741e3df4d0f1c49a7555263ebc120cfb643546ea7e34d3f5eb862 crypto/rand/rand_local.h f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c -5834d7c518ad53ea0dd3db811c0e51568c81cc6c117012030101d29003d0725c crypto/rsa/rsa_backend.c +f7b662a0b4d433048bb5d106e72c1af24e3ab8f1a07bee5830be2eaf502ae506 crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c -e995da1c2e5007bd7f5907f369fe45ed15f4e657143a85078c755bd5e6863d0b crypto/rsa/rsa_gen.c +1d6587e2e2c9ef58f0baf8b1f23884a42aba45cd9ceb926a224da88abc287afa crypto/rsa/rsa_gen.c f2222f270e57559537d3da8abbeb1390bc5376b73dae59d536af6e73eb48bba0 crypto/rsa/rsa_lib.c -a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b crypto/rsa/rsa_local.h +092677ba91890ee68bca9064b588866f632883e0f334175300081fdda712af3d crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c f733d03a7f633514bfb33862cd0fa46ac952a86f84000f109c0d37937bac9a1e crypto/rsa/rsa_oaep.c -e05fcad237b7e4e7842ad6e142789fe25d060247283c337c78703be6ecc31ed9 crypto/rsa/rsa_ossl.c -be3f39c1fcb777d6c0122061f9ef735d10a6bee95d67fcc1ca6ae2a664022d2b crypto/rsa/rsa_pk1.c -174a42e156be48927fe6d6bf0d95575619b8e643a99761275bff933bc3449722 crypto/rsa/rsa_pss.c +a665cdd9bf7fa7a8a924a2ab18d40f579fdc41e6f99ca41a3e24042c9fc3470b crypto/rsa/rsa_ossl.c +cf80406c33792e346c937d6fd3818d4b29341524d708d02cf59e487532a6fbee crypto/rsa/rsa_pk1.c +7d674f73f9de9c4461348e3672f2f242df965c86b2c7dc46270cc3206732b152 crypto/rsa/rsa_pss.c bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170 crypto/rsa/rsa_schemes.c f01af62704dbf9457e2669c3e7c1d4d740f0388faa49df93611b987a8aa2bf11 crypto/rsa/rsa_sign.c -42d821612b0b0d62f587beb8a0cab8b8d876fedccd6913fec6d2044f8ac52b63 crypto/rsa/rsa_sp800_56b_check.c -3aba73dacebb046faf8d09dc279149b52c629004b524ec33e6d81c8ad0bc31a8 crypto/rsa/rsa_sp800_56b_gen.c +e3bfd40c4771dd85657a1a72a4202132fa68c45b1b2686e069ef80e912d58c58 crypto/rsa/rsa_sp800_56b_check.c +8eee673d98a640e30a245556ea046080d4272d20832f0c29157ec9a23cc43d3a crypto/rsa/rsa_sp800_56b_gen.c 1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc crypto/rsa/rsa_x931.c -0acbebed48f6242d595c21e3c1ad69da0daa960d62062e8970209deda144f337 crypto/s390xcap.c -22205848cfb55116ebf999dced8331b575886a609ce29e6886e6267b2310c337 crypto/s390xcpuid.pl -5fa59240ca885cbc0c1cd026934b226d44fc9c3fdf0c2e7e3a7bd7f4963ca2e5 crypto/self_test_core.c +2353b2c0974ed90f84ad02f30a83711492687648204234d128a847934de5fef6 crypto/s390xcap.c +4980166a377e4c3c344c681777b0c76fd12650f64e0824d2206d374b267f2a25 crypto/s390xcpuid.pl +5f42bb81b83c01b14988d6908ce43e0360dde52f33501a0a16bbff2fee468bbc crypto/self_test_core.c 05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31 crypto/sha/asm/keccak1600-armv4.pl ca3b2b654f9a8c4bc2fa2538c1f19d17acd4a6b9e0df6a4b81df04efa697e67e crypto/sha/asm/keccak1600-armv8.pl 12b7acce2fba0bc0e1ca07842ec84be6a022f141c86e077abb42c864af1d8d9c crypto/sha/asm/keccak1600-avx2.pl @@ -298,7 +298,7 @@ 33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034 crypto/sha/asm/keccak1600-c64x.pl 09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a crypto/sha/asm/keccak1600-mmx.pl ce4a58129e5ee3ac4c9dfec5ecc010440570ebf7bf869e3e9977f2121a64b27a crypto/sha/asm/keccak1600-ppc64.pl -a859fc8cb073b2d0012a93f3155a75fb6eb677441462b0de4f8cf8df1445e970 crypto/sha/asm/keccak1600-s390x.pl +b0f0298a5a592591c9b9502bed57b5758f4582379452e0f8ba1834a54e788bbb crypto/sha/asm/keccak1600-s390x.pl 618dcd4891b4064d3b8aa6dcd74bea7ef55f4962a64957b05a05448f6e3e0f17 crypto/sha/asm/keccak1600-x86_64.pl 831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d crypto/sha/asm/keccak1600p8-ppc.pl 75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007 crypto/sha/asm/sha1-586.pl @@ -332,136 +332,136 @@ 0611845c52091b0208dd41f22ddef9dd1e68d3d92fa4c4360738b840a6314de6 crypto/sha/asm/sha512-sparcv9.pl f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699 crypto/sha/asm/sha512-x86_64.pl 8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl -57f6cf54b1b5d2cac7a8f622b7b6bd1878f360fff3fa0f02352061c24162ebbb crypto/sha/keccak1600.c +48bdccdc38f8082e625c720d1217ab1fc0569c986024c69d056dec5f95f90e23 crypto/sha/keccak1600.c 306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c -4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b crypto/sha/sha256.c +1d66673bdbe5faf999465c11908c5c19125c80e26e21160d8e4b84597dda7aa2 crypto/sha/sha256.c 3d972a11be18bfbfcd45790028635d63548bfe0a2e45d2fc56b6051b759d22f0 crypto/sha/sha3.c -8038a5a97f826f519424db634be5b082b3f7eca3ccb89875ca40fa6bd7dfdcfd crypto/sha/sha512.c -6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea crypto/sha/sha_local.h +731e80969679aed7b741054fa2f526ac784b864c2ead10eba43084bcd6b76ccc crypto/sha/sha512.c +61ab6d7d7da9e65120ec59cfa9f5ede785502ae371696c3e4e04e039743ca111 crypto/sha/sha_local.h 9ef5a01caccc2eb15f72e367d0424737040ac8018479bbbbce3d216c655765c2 crypto/sparccpuid.S -5056b14a55665ffa342a9a1bb32c1c36886add5d0819869193427f33cee028f7 crypto/sparcv9cap.c -c50c584c55e56347bb43aca4b796b5344d70daece3061f586b79c871c21f5d1a crypto/sparse_array.c -8da78169fa8c09dc3c29c9bf1602b22e88c5eac4815e274ba1864c166e31584b crypto/stack/stack.c +b462d1efe0acd798e1ec5f37fd1c824a587e1773e6a6f984d5a332581573ecbc crypto/sparcv9cap.c +9e16e8641ac5ec2cb2fcc8e4796af5b698d6fa4ce85e374bd8f5b4edb51e6428 crypto/sparse_array.c +cd7d4cf452b97e344084425c35fb79cbaba30dcba408ccd394a5080942543f15 crypto/stack/stack.c 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c -a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c -3729e2bd36f945808b578e0d89fac0fcb3114e4fc9381614bcbd8a9869991716 crypto/threads_pthread.c -f82715745b668297d71b66d05e6bfc3c817bf80bd967c0f33ca7ffbb6e347645 crypto/threads_win.c +ac58697a0dfcf509b79a267c48bdb1647238a42a4f807c5edc687413da63ab6c crypto/threads_none.c +1399282ece536504bbad12d0a60e52b071b872e67292a7b0988c69fb7de99299 crypto/threads_pthread.c +b82d119cec155258e6ce6e32c2530f101afc417abfa12a7b78fa1e9f442e8038 crypto/threads_win.c fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16 crypto/x86cpuid.pl -acbb841170d4d3eb91d969be1c0e4973b1babfd5fcd76440b0628f509f82fd76 e_os.h -249a0e58e9692920eddc1ada2ac772a0cfd749cfbf618f2f5da08280df545d8f include/crypto/aes_platform.h -8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h -3bded0eaa7ccdebd0b4217b7fdb82676d5c0762a88aca462dbceaef851fafa99 include/crypto/bn.h -1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in +9300fe7f9a80304c32f482625727691bdddc60d552d338a24d31ddca6f5fe26a e_os.h +4551d1773538835b4a6aa35c0e42cbee16337ee6cd4f1cc23931eddf1d90f01e include/crypto/aes_platform.h +9acd69adc80fbf9fa88fed4bcc7b3c0ba87e2add98d7ba311d8b092a2d5a0d2c include/crypto/asn1_dsa.h +73d095a8f427bcc2439b4eac8336d87340e7816d74f273b8072843a5aced895d include/crypto/bn.h +ef5ff8ad445370d0c8ef519bb791265bc09eead2ed0a086e1ec06bb7ed846b38 include/crypto/bn_conf.h.in 7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6 include/crypto/bn_dh.h -e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto/cryptlib.h -6c72cfa9e59d276c1debcfd36a0aff277539b43d2272267147fad4165d72747c include/crypto/ctype.h -89693e0a7528a9574e1d2f80644b29e3b895d3684111dd07c18cc5bed28b45b7 include/crypto/des_platform.h -daf508bb7ed5783f1c8c622f0c230e179244dd3f584e1223a19ab95930fbcb4f include/crypto/dh.h -20d99c9a740e4d7d67e23fa4ae4c6a39d114e486c66ad41b65d91a8244cd1dea include/crypto/dsa.h -2ea47c059e84ce9d14cc31f4faf45f64d631de9e2937aa1d7a83de5571c63574 include/crypto/ec.h -edbfae8720502a4708983b60eac72aa04f031059f197ada31627cb5e72812858 include/crypto/ecx.h -9dab9af8b0a657fe5de46375b71aefcad7e98af272b69ed69c7c104e9e057414 include/crypto/evp.h -bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h -162812058c69f65a824906193057cd3edeabc22f51a4220aea7cb9064379a9b6 include/crypto/md32_common.h -f12bfc145290444bcc7bf408874bded348e742443c145b8b5bc70ae558d96c31 include/crypto/modes.h -f326212c978576c5346c89ae0336c2428594494b54054f6045b1f1038bfbc004 include/crypto/rand.h -90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h -306abf9d327a9e63fff2cdef730275abc4d2781254a032b1f370f3428eb5a2ef include/crypto/rsa.h -32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h -0f743762f646656b5480648c05632575fe8acc7506460c63e0fcdf42cf20c08a include/crypto/sha.h -7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h -7ad02c7de77304c3b298deeb038ab2550cf8b2bce03021994477c6c43dbcf86e include/crypto/types.h -782a83d4e489fd865e2768a20bfa31e78c2071fd0ceeb9eb077276ae2bcc6590 include/internal/bio.h -8e984890c7c62cdd6356963f034831831f7167c65096cb4d23bc765d84d2c598 include/internal/constant_time.h -c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8 include/internal/core.h -0b572801dfb8a41cc239e3439f8097a0ad11bbdf5d54811d10ceba3175cf2f17 include/internal/cryptlib.h -9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h +273da25316489e04e5dd0675a5e8baf2f9e51080de06bfcd85b29ebbbd7c063d include/crypto/cryptlib.h +8a55e7d62cd241e1f37e48ebc0deee22ed793ccfe094c46138a41d856f26e015 include/crypto/ctype.h +96632debc11dad16535e48708a3d89df7c2c0cef9843e4bee271071bcd3d15d9 include/crypto/des_platform.h +a636e62f9d13a38384bf2491a63aa213d3669aa84f2043ba3e16a16fa7eaa0d2 include/crypto/dh.h +d9c325d9fa26ddd0b298612cd2fd9419996140995d66679166ada51f7ca60fef include/crypto/dsa.h +5d1fe65fe65e9704f6515e3ca0b32f3db2a4d1c5f88a0060a84a657b4336dca5 include/crypto/ec.h +fda73414776d4de897f24576f9186170461d12c413a12e63ded2148eb48de887 include/crypto/ecx.h +9d75e59ede36cfef74968ebef3a71de6e40cfb77f38af6eb043f4beece84b60e include/crypto/evp.h +fc22d8a6d80875c8c45c51a449069b936eadb9621aa9c0bcc8c5d493eed1e52c include/crypto/lhash.h +ad9871cf9cdebf0ebb2c588f1f54e6b090093852e8a849973f7c17b96cbbccb7 include/crypto/md32_common.h +0acb42246b77daca3f62d40c80ad2d96d7c814a3808c3a0bf802626fe955d61b include/crypto/modes.h +de76e60f69093de7ac5d91237c4baa84938fedb5816c53a4621fc782dbf6b76c include/crypto/rand.h +eca06c0a1edc17961b602b4b307226ab3dbba6032198fe3f36ae1a071e3b4eaa include/crypto/rand_pool.h +ac6971268f0bbac629c7ca4778b7f30040d0c371a0130fd9316444a98916f81f include/crypto/rsa.h +3f28391ed526d791a578e76a40961592e15ae2bf62b81d5924525e1f21684659 include/crypto/security_bits.h +283c1c5ca4b79eecfb5c4c51011e6039a8454db58be30c7142f033260b35e5aa include/crypto/sha.h +df915f569207111cdb011e85ee0f40bcd169ac0a413cc858ccee0b5001cefbb5 include/crypto/sparse_array.h +c292c06068cf47705f6a5f1f2d07f801f011d38f1213f6a634887bd6b38e32f5 include/crypto/types.h +ad00ca5e33a97c8b4394b385fb95e1b98c372f45febc6870e4f52d752cb44640 include/internal/bio.h +123900a69e2481bc9338f96ceb4db10d1f0a6e67d2fdc2a56406f0dabdfcd8d9 include/internal/constant_time.h +5170643b2ca16e894d94c9e9fcf8bd80843de0b6539b31b14bf0e4dcaff3f2a9 include/internal/core.h +252cfdf6645264c921da9acd8accd9d59f0498c44564eaa28e69d63e18f4aa05 include/internal/cryptlib.h +cd215e01800987b008be87ccf85823fc98be0c578262a7720cbb6e9ac3dd81fa include/internal/deprecated.h 3325b895d15c0a6341f456a8d866a0f83e80fc8a31a01c34fcfd717715b33075 include/internal/der.h -fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b include/internal/dso.h -f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7 include/internal/dsoerr.h -70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef include/internal/endian.h -7854b5c1cd786dc01d052204c5b3ea946dc9929590f47ec4c27697387c5b7ce5 include/internal/ffc.h +984b04ad2f0a2036fa157099c3b1ed5300c079a665c8d26d3451eefd06fc1e25 include/internal/dso.h +e5fcc33def2500935c7706ab8dc1b5d44a4a4135ec8135b9bde55f4d8a4c191a include/internal/dsoerr.h +b41a5d9a7bdf60df169e327b41f16489830b82393dd663d1f89f81da4483eaa7 include/internal/endian.h +5c12af235e3175164ec6b6187aa5a751d1ef00a3fbec51080df69e6f7defcbe4 include/internal/ffc.h 100053a1bad1a85a98c5b919cf81ace0ee147b2164732963e40474d7b5fbbb99 include/internal/namemap.h -b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d include/internal/nelem.h -ae41a2fb41bf592bbb47e4855cf4efd9ef85fc11f910a7e195ceef78fb4321dc include/internal/numbers.h -b89cca3b727d4526b459246de11e768a20333555bf3a9ed9a9b8beb2b565dc7f include/internal/packet.h -dd7ddecf30bef3002313e6b776ce34d660931e783b2f6edacf64c7c6e729e688 include/internal/param_build_set.h -d4ac19b28ea61f03383364cfad1e941cac44fc36787d80882c5b76ecc9d34e29 include/internal/property.h -727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635 include/internal/propertyerr.h -6a899ef3e360c7144d84d3c3dbbd14aa457f5d38b83b13c0be7ec7f372076595 include/internal/provider.h -34432d71c49dc8ee9926218ba78bdcd03c46cee4e966ee20d100e4519d85b064 include/internal/refcount.h -11ee9893f7774c83fcfdee6e0ca593af3d28b779107883553facdbfdae3a68f5 include/internal/sha3.h -494ab5c802716bf38032986674fb094dde927a21752fe395d82e6044d81801d1 include/internal/sizes.h -24f41a1985fa305833c3f58030c494d2563d15fc922cdf3eeb6a7ea8c135a880 include/internal/symhacks.h -640cc6a2aae208073a7f495c08b4c5006a69e8ac1c2d9aaaafd56b0e74d5f859 include/internal/thread_once.h -415b725d7f949a6191ab7bb30b48931bafc01c7aa93607e529fabbc853a4ddc5 include/internal/tlsgroups.h -fc0f9199487ef278b9fd317d1572db3e3fb95e182055f0e49c4d8faf78ed7dd2 include/internal/tsan_assist.h -2b38fb6e65d549aca3b2c76907daf67124f395251c0261dec26faa54da8d6d73 include/openssl/aes.h -98aa2fc5eae9ef2a36d3d0053212696d58893baa083fa1fcf720660fb4bc0a9f include/openssl/asn1.h.in -d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h -1550474ee05423896ec4abfb6346f1bc44c7be22329efac9ea25de10e81d549c include/openssl/asn1t.h.in -dbd1501acb0804eec0f2aa7bbac4dbc483cf2b4691c6eb1436461b5ed4685b42 include/openssl/bio.h.in -0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0 include/openssl/bioerr.h -7d1f9880976a926ba6e0cad08e8de6f326aae48d8350b499aa79127f63d4d108 include/openssl/bn.h -9ad8b04764797f5138f01f549ba18b44cf698ffc7fe795fef42c1822d84a6ff4 include/openssl/bnerr.h -93954e6c450716e158948d67f64736a451ea9473d02f3a908f3bc8a96cf049a5 include/openssl/buffer.h -9d48e6cab2ee98ae94d7113e4c65f000d97e125fdb3445642865ace3f34d06ac include/openssl/buffererr.h -8e772c24b051e59d2f65339f54584e3e44165a3eaf997d497faea764990130f5 include/openssl/cmac.h -55aa91482d327d1784484922389e8277bdcdff7a7df27e84200d5c908bd40454 include/openssl/conf.h.in -bb45de4eafdd89c14096e9af9b0aee12b09adcee43b9313a3a373294dec99142 include/openssl/conferr.h -02a1baff7b71a298419c6c5dcb43eaa9cc13e9beeb88c03fb14854b4e84e8862 include/openssl/configuration.h.in -6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h -df5e60af861665675e4a00d40d15e36884f940e3379c7b45c9f717eaf1942697 include/openssl/core.h -00110e80b9b4f621c604ea99f05e7a75d3db4721fc2779224e6fa7e52f06e345 include/openssl/core_dispatch.h -cbd9d7855ca3ba4240207fc025c22bbfef7411116446ff63511e336a0559bed0 include/openssl/core_names.h -194f96a30bdc4dab3f65693c09326ef53c54ebfd613c2513d8258a0aa35a6996 include/openssl/crypto.h.in -1d1697bd3e35920ff9eaec23c29472d727a7fc4d108150957f41f6f5ecf80f1a include/openssl/cryptoerr.h -bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h -fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h -75fba45d6fc66e3aaef216959327157613f08070935aae4a5260e740184f031f include/openssl/dh.h -ab7ba5d7eb18d2ea8abc6862ae2ceaa1fa116a702c2bff617c5ae1651d97b6bc include/openssl/dherr.h -92ae2c907fd56859e3ae28a085071611be5c9245879305cdf8bad027219e64b6 include/openssl/dsa.h -276d1f6e111ba933bc708e6a0670047cbe0d0b67aabe31807abbbc231de4d8cf include/openssl/dsaerr.h -41bf49e64e1c341a8c17778147ddeba35e88dfd7ff131db6210e801ef25a8fd5 include/openssl/e_os2.h -bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h -33b6321d1c6b7b1621198346946401bb81472054aa236b03c6f22f247248d2ad include/openssl/ec.h -7aa8c5bee779af59d4733f6a50f7f6be39f1eb43409e5b3357440f9a7d0ca115 include/openssl/ecerr.h -61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h -69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h -c6ee8f17d7252bdd0807a124dc6d50a95c32c04e17688b7c2e061998570b7028 include/openssl/err.h.in -b23bf3e2d0a60fe4d768afbe7aab48b47791e1274ae42b28895255119ae7f61d include/openssl/evp.h -5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h -5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h -b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in -47a088c98ad536ea99f2c6a9333e372507cb61b9bdffb930c586ed52f8f261eb include/openssl/hmac.h -faab8accc9520269dd874126ae164a43526d5784e6280521c7ab3772c02b0a0c include/openssl/kdf.h -c6db6926e90c9efd530a7bdb018be8c62f2c2b3c2f7b90228e9f73b8437dd785 include/openssl/lhash.h.in -fd5c049ac6c3498750fa8f8dcbf88b2a31c02fa62dfe43a33d7b490fb86f61c8 include/openssl/macros.h -9184207c562fd1fa7bd3a4f1fadcb984130561279818f0cdfcf3e9c55be8a7d1 include/openssl/modes.h +c367e6120d26a2b629f4db7e179973e33fb095e1102d5c7a69c744b88ebe4469 include/internal/nelem.h +6d80360172ce2f686591ad574c9e9964628bc3a26f5dfe501dbe6a931b53eb53 include/internal/numbers.h +f48221864a734c51ecb276c2e3c84be0260e41c97c79bc0e419584f95fd7db60 include/internal/packet.h +ee40828a01b0cfa2743b3950882807f765e754a9cc43a7ea6cb1ca348394232e include/internal/param_build_set.h +ee75ecd35b3ae90c51ace957ab7ce06de3c7d5064b97a878241ff65cc943a6db include/internal/property.h +7aeac9a78efb9ea5147f639cd474e6c2538acc1b9d255ba19dc661fe22bcd94d include/internal/propertyerr.h +86a534fd155190768e363908a4ef95410879cb102e8f531a993144804cea5924 include/internal/provider.h +5c230e52860a8d20b6f6f8284b3daa49e420efb09d226c3eb00a3c684415f8a1 include/internal/refcount.h +3de712e48c1d98cd16ec1245ce14a1057e18b915ea96674aa6302c38aa903144 include/internal/sha3.h +ed4ad15771cfb40e1f73c3e2b341cef3ee52f1f2b94e645ee3f9a8ad197982eb include/internal/sizes.h +780bf5e9a5852e8776a3b9984993a91f27f3f7b1501e1b2185f5a8f448b0d848 include/internal/symhacks.h +1cc86957e734ce34acd949b9e9e9d588a6c82afb68a09c787fb69f5e4cb20b1a include/internal/thread_once.h +24dc4efac5ae5db70898fb359b74d0d853460431ba006ae4936f35037b946a1f include/internal/tlsgroups.h +06d4eccd78df0dcce0c681cfaba4b95996aa18f512519fe992bf962ff39be1f1 include/internal/tsan_assist.h +0eea6c204f1b202ee75407a1f5fb2a13715169ec3c0fc675d9e2ea64d13f25dc include/openssl/aes.h +4366aab6540e6fdd21e3f53f527ea516d7d90e2a92bab720322ae5057eb6ac06 include/openssl/asn1.h.in +10661afb719c6cfafe37e16ac9b4b8a43e72430cc1394e786fb7fe585d1a7311 include/openssl/asn1err.h +77a9f9595cee6448c6217a8388127593a34a0d0a585197a5f8100fcb792f76ec include/openssl/asn1t.h.in +a76f149afafe048f81e9e0c783a6b1ea8c98603fdaf3a049f163aae89e4a62b0 include/openssl/bio.h.in +833acadaf245d95acb0078561fbd789297f617a8950f2939d67e4b03155f492e include/openssl/bioerr.h +a94b28cddc5c033e5cfe1e43934929a4831ddd14e5faa2d6e487454849c89592 include/openssl/bn.h +c506c9bfbac7368335fb2a8a627755ce2b8547a251d885242a89c9f8ff3bf079 include/openssl/bnerr.h +c70499c9109b083beb69d1b17807266b041d0ff28694d5bc1ab7cf2a59331c39 include/openssl/buffer.h +5bce6559638266f060eaa16b3b90738bbd5292d62230b6b3b1e22b88836a5030 include/openssl/buffererr.h +3c38e3f1d500263b971b851b1c92b69a29252b44991e8afaaf3c36ceda1dd700 include/openssl/cmac.h +d6a1b0a47ea92e18e90eed611aec85db89eab928bb8e21a170c12011647c1d59 include/openssl/conf.h.in +3517c480b3211d384d4b36fa48d8dce8923fcccd99fefae68635b3f82eb0acb6 include/openssl/conferr.h +9d12603a5d7649457a0850c699d3254f5469dbcfe09bf9a432a1ece06172ff75 include/openssl/configuration.h.in +f76830b31c947d86c2e6a302ab8df6b83076f8d29120bce9a58195551eb48e1a include/openssl/conftypes.h +3e2d23252a53e5c5137198514f688205dd59530c447d7facfaf08a39d7446dc6 include/openssl/core.h +bb16fa4f77db5cdf5a1ff162e1fd8d0e4d8f4e98c99981de3c6c6c023532cb8f include/openssl/core_dispatch.h +e0c6c338a77b8285666766db13e1617a1df0a0c269e432d5ce3b6b60daec388f include/openssl/core_names.h +f47c3c7fd18d0df54b0601ab22928190f2c29c2e732cfdaa0b03e400f82c375f include/openssl/crypto.h.in +ff98ae7f59abd88cc4a19196ff5fd9353719f7d1a163264f6ed89be4e4a82a02 include/openssl/cryptoerr.h +9a636172a3453f4e23b48198effdd92dee425c9359996b498e388a3d21d16dc5 include/openssl/cryptoerr_legacy.h +402c76d3a33378f6dad64778503581e4f80e2ec46ac24c84646234a06acac5dc include/openssl/des.h +e9f498d61c60068604886d2fb129f12c25cd212aa6d26fa40e3edd3750bbbc80 include/openssl/dh.h +2c16f19d2af9f67f34989f0cf0e20cea2636a0f456b5abd7302ded6e218842a7 include/openssl/dherr.h +5893917cb8e76e2a12a559910fe5beea58c5cd23bfcf63a4f7e98a41f1d84a65 include/openssl/dsa.h +d526f8def9e4bb31ff85dbc9494e6b3fe1ab15f424a8e53b3b8fff9dcc40c803 include/openssl/dsaerr.h +2267ff3c0c406bcee5ed10ac64e6d53060006c95500789db10bd41c7424dd42a include/openssl/e_os2.h +fcb8e2174725eef1279ba8ed046e56c99805796a13eb789ff78aadf7a73e6c76 include/openssl/ebcdic.h +c77f7a9d1408670ecb964b54b5ef396449da2f961e5ccf08d31a6eba0ce24038 include/openssl/ec.h +9c56b594bfde630c9b8df2fe0c691c74cf79fffb1c1b5e2034ade844e6e3c7d3 include/openssl/ecerr.h +a2f2fccf0c06e6bb81eed9cb396d61b530fe306e40cb63a94b09067e22077b22 include/openssl/encoder.h +28c28e8ab2b5ee05f96f2fb0800bbbbcffa63309dbec140dca7866ba1265d225 include/openssl/encodererr.h +3fb074f4817edf18c64eb7acf67bad2e6324a76fee73879d5460b63367af8d8a include/openssl/err.h.in +4d8e041d26b4832c8215e391c8ae334ec6e11940c5eca8518a793414816293c6 include/openssl/evp.h +50f82cdc766d911a93568af06924d1284af230c8ce2e4b9e8567ca6fa368b8a4 include/openssl/evperr.h +7e7eee2b3f931a3d8c3f7584c8ab6a430a48cc3cc610bcd8ce5ecc581cc99619 include/openssl/fips_names.h +970d8e0571a684a6fa3ec19aba4b1e14835999ebeaece718c7ea3fa23fdb7040 include/openssl/fipskey.h.in +e7b4468f152d139d17354eec68771432729d10757e7b3232f48699c250681e42 include/openssl/hmac.h +36b0013002d44397aa41b021ec13433230221aa9722ce5fc31648f08d27ac448 include/openssl/kdf.h +9cbe8c4d1feb155032c27f7d3be8d8da7907c604939d95432654f658305f139a include/openssl/lhash.h.in +5d8d173f0928b41916e3baaff010d05c27b45ebdf98411fe362d13f103e1e7d1 include/openssl/macros.h +06f0d4621c344401f280a4e69e48ba987a0600b7f52ee16b25c4620277b081f9 include/openssl/modes.h 7c71200e35f4cc1b4011a4bc14e521e4dc037b9b2d640a74bc30ef334b813de3 include/openssl/obj_mac.h -157797b450215f973eb10be96a04e58048ab9c131ad29427e80d0e37e230ed98 include/openssl/objects.h -d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad include/openssl/objectserr.h -fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970 include/openssl/opensslconf.h -1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0 include/openssl/opensslv.h.in -767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20 include/openssl/param_build.h -30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984 include/openssl/params.h -097615b849375e2903967521f76c570512e5be47b8159fdbcd31e433f8a4cca7 include/openssl/prov_ssl.h -bdadffba7b7b8294c9f7450ce2563ae31145ca0f196f5ce7b8c2f19ed7fba816 include/openssl/proverr.h -b97e8ad49b38683817387596aefec0abd5f4d572643beef48be4f7acba26768d include/openssl/provider.h -7c9b5f479d9b22cfc8db0976dddfc2a1ee6e757b436e01a2b4d2744bcb6d81a5 include/openssl/rand.h -108966f56c82fedff53df76a4aa7861c82be4db1fd1ddafb59dc086ea155831c include/openssl/randerr.h -c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323 include/openssl/rsa.h -2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h -6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in -af5cc56fb31161ccd87cf925f3d3f22119dfbca78bc39a2e2d65d78bfcf0f0c6 include/openssl/self_test.h -2964274ab32b1ba8578a06b06663db2eda4317ae806369271d889176bb5a7d04 include/openssl/sha.h -c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h -22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h -5e452bf61d802fdf7b6a65d1c8a1e3f72a7885e4bf2f521eca6443cea69f4ce5 include/openssl/trace.h -873d2ec2054ec24c52df4abe830cb2b9666fe4e75cc62b4de0f50ef9d20c5812 include/openssl/types.h +39ddc3467f115e1847b548c1352e821c4336e2483c14674162313296e3419007 include/openssl/objects.h +884f19dffa0b6e0f03fb565cc61cf800993eafe7fc9df0ca2feef67e3b199963 include/openssl/objectserr.h +429571177fe9a2ce5fffce21697ecf197bd9b645bdbc578a146418ce8286e9eb include/openssl/opensslconf.h +76386f806a801eba4c0172c52dc0e04e2deb192aa867f9d3e9d98a4d5a932d4a include/openssl/opensslv.h.in +4c4640740b5de9debbc82bcb5b3e02282c145e440e40dea478a804b8c3498065 include/openssl/param_build.h +91808b4649c0a39b41554ee432917dfe82ccca2b84971ed1183e757c0f89eb1a include/openssl/params.h +27d3171fc2caf0809e5d3d0216d74a372264c6d207ac50d9f2907a795fce62e0 include/openssl/prov_ssl.h +fb2fab5b76c0763c083f75e4ee84c871b3ff5d92f1bb6d38d415b24cd25012d4 include/openssl/proverr.h +47c6d4e0921ed1e8dcc27076a645c7427fa1d7fb6d8b7306f6ee2a9e10448154 include/openssl/provider.h +abe0dbc7158d2464af25fb476e21e2edbfb7f2d7cc575782724b6ad325541950 include/openssl/rand.h +19492ed0d3dc0c1809d3e8dfeba95426b79b4ed23defc6185a4ba39163a83002 include/openssl/randerr.h +423ede997674895cc4f0b15356a13d46187cd0f775f3ddc5bd0ed72c0ce00261 include/openssl/rsa.h +6f79765285a8244f6c1858b86db8e390e4bc6c7905a7e4576973316612f7b015 include/openssl/rsaerr.h +546e4277a9897ed5c01b9ab30168e82f4acf9a6a20da430ebf7dd698d5f888fc include/openssl/safestack.h.in +f8d9f4282013fdeb93a04877d8b4600e0e009c191830a80731bfe4eacbcdb18f include/openssl/self_test.h +280d1d5c9754dfdb1aaab8a02ca0af7849fec8f34706862f7d66fe4b9f8d8224 include/openssl/sha.h +07f25b18b5acfb8733db85a258c6f3aac0c8f436f0a3095c8d885a741f6287f4 include/openssl/stack.h +d381d0b4113f0fa18b3e421eae303fc84daf84eacb1236cb6e9976409a2d33a9 include/openssl/symhacks.h +38f32380d8670dccec94301bc16938fc615a1e764789a3035847b7a442fbf6dd include/openssl/trace.h +1db525803021f55b85ff2c3fcc5076fa9e1a37767a8589227c7293007af9f35a include/openssl/types.h c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13 providers/common/bio_prov.c -4546387d6642603c81ec4cd8d5fc4af8ba60ac7359eb6f31e7d24827031e68ad providers/common/capabilities.c +ecf36d9b12080498db07b9c264df32554c5829b7c813acaead773da5aa7c810f providers/common/capabilities.c f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8 providers/common/der/der_digests_gen.c.in 424d7b2ece984a0904b80c73e541400c6e2d50a285c397dd323b440a4f2a8d8e providers/common/der/der_dsa_gen.c.in 27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae providers/common/der/der_dsa_key.c @@ -472,7 +472,7 @@ 03a5620654438c58a8f971398e68922a3f33a519e2c92edb141d13ef4cbc4651 providers/common/der/der_ecx_gen.c.in f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1 providers/common/der/der_ecx_key.c 5b3b0ae8da0fad1f7ba8b5fba2206210884728bf69a8aa00644036eb51953467 providers/common/der/der_rsa_gen.c.in -029aec80a45b477f7c8bd8d24d48e36de92f8056b421e9f128c336dc246dbc4e providers/common/der/der_rsa_key.c +6faa11a45867a626a8d9b63fc737867625cb1d15010bfe05ae6ae167be491e63 providers/common/der/der_rsa_key.c 7e8d579986f53eaf1875d677e5cf4adfd4ccf79db0275368f6cac580ab6007ca providers/common/der/der_rsa_sig.c 0b18bc007f296e16f6210956f5b6ab612b77d8a95170f12ae32764125901db6d providers/common/der/der_wrap_gen.c.in d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9 providers/common/digest_to_nid.c @@ -483,113 +483,113 @@ 5b6b7d8d12011c48195b7db8f65bc4bc4a48fb753763a3ce5006dc227b5139d7 providers/common/include/prov/der_ecx.h.in ce605f32413b09d33ce5795de9498a08183895c3347f33344f9ae5d31c29ccac providers/common/include/prov/der_rsa.h.in 6c1fa3f229c6f049c3ac152c4c265f3eb056d94221b82df95a15400649690e93 providers/common/include/prov/der_wrap.h.in -76087f04f4de6414c240f88807659fb2a04af914108f0c5f2515a4cb5482f655 providers/common/include/prov/proverr.h -83a57505d88a6a9cc4f7781c9f7f4af07668e7923502dfd6c5960bb492c1d24e providers/common/include/prov/provider_ctx.h +e5c7da25b919ac4d2d84f21c9d552f29c2b06ba4445401bd4e361be45f4f8d30 providers/common/include/prov/proverr.h +e1b6d1d6beda92a8d0021cc7087c7b3a0a5c16e901fc03dbefbe66159fc4195f providers/common/include/prov/provider_ctx.h 03fcfea9ed6e23d1df7ffd230af15f0f9b91a6aa635f77b9cbe52d5112168d09 providers/common/include/prov/provider_util.h e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc providers/common/include/prov/providercommon.h 73d0e15963759fcb7c5c434bb214b50bc32f6066e90ac07fb53dad11c2fd1939 providers/common/include/prov/securitycheck.h 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143 providers/common/provider_ctx.c -a8b73b10ab0100942dd2bc45f2fc9c9238b70bec0e49708ba113bc7479c8b92a providers/common/provider_err.c -9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c -eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c -5b94312727ca33e4f5c038f4caaae8417bf584cfde22df83d91f3c55c30c81ee providers/common/securitycheck.c +2ce0471e31fc953d32f9bee93e91a2d25767673d94da218fc95c7ecba2edeccb providers/common/provider_err.c +2f334bf2292bc394778eacaec57e7419e62d0918c166098cc65a09e8c3f5171e providers/common/provider_seeding.c +5565bb9dac98a274c12e2c40384582ccf91728ab4022eb9738a9b35e5e93a4fb providers/common/provider_util.c +c4552ae5ab297e228b996b622767292292226749b588dba5617ff54e6b5b3589 providers/common/securitycheck.c 527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c -4a5ed1059ea6c5ef8d4b2a074b3da332443468852f58c18555f67f5d6d98606a providers/fips/fipsprov.c -5d24ba30f9cc7ca48546fb85dc285bd68590f3a604a0bd471bcb0c2a61169591 providers/fips/self_test.c +811d13df93e57743e06751016710dfdbaf68252adc2084d5d7c8770730d2d0e1 providers/fips/fipsprov.c +3669168f7dd7855c34eff3c2e8caa473a9e09c1ea940ad2d552af4be0e6067f0 providers/fips/self_test.c f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h d3c95c9c6cc4e3b1a5e4b2bfb2ae735a4109d763bcda7b1e9b8f9eb253f79820 providers/fips/self_test_data.inc -629f619ad055723e42624230c08430a3ef53e17ab405dc0fd35499e9ca4e389c providers/fips/self_test_kats.c -99baeec10374301e90352ab637056104a8ea28a6880804f44c640d0c9ee16eba providers/implementations/asymciphers/rsa_enc.c +9dbcc245545ade66ebcc0da5c76e1afdb5243028310efdda0b16d0985c4d73ce providers/fips/self_test_kats.c +995fbc6c5f2de1c903b28f9f20968aec365af1beecbe7e93235ef715aece0f8f providers/implementations/asymciphers/rsa_enc.c 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c 6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6 providers/implementations/ciphers/cipher_aes.h -aef500281e7cd5a25a806a9bd45ec00a5b73984673202527dac5896fbcc9fa9c providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c -7668e5c1cac474ad7b0f28aa78ca885edf44815fe4a606a6cd328b3c02fac25a providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h -26e0f28523b416ba4067e471061f5a11fd76f5dc8bfe57ce37a137cf5667630b providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c -6d2ab2e059ef38fad342d4c65eebd533c08a2092bb174ff3566c6604e175c5a4 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +ce12349d866066ffaa605c782279a3d6cf4d3455d2a12758e100fc1e44b40a76 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +1b4f19be0c2bbea99e5fce0f93189c687a03cac634f0e37a51466ee7e3510735 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h +a579a933e7756b502510a42679e06dca2737bda9e53edda578e28eae56b98577 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +4e5e5c6478cf72f6840aa5d9edc50fe27aaa3ea39a428f602056172b0f00d541 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c f37c3cf9e2e6fcfcbed941f3670b790fe09990349db72eb065bef51705d46e96 providers/implementations/ciphers/cipher_aes_ccm.c 00f36bf48e522dbb5ec71df0ec13e387955fa3672e6ff90e8a412ae95c4a642f providers/implementations/ciphers/cipher_aes_ccm.h -6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7 providers/implementations/ciphers/cipher_aes_ccm_hw.c +f811e3116aabb8f6c60f2fa362dbf66705326a18768f8c44b309e25bcb3e93b3 providers/implementations/ciphers/cipher_aes_ccm_hw.c 302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55 providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc a8eaca99a71521ff8ac4ffcf08315e59220f7e0b7f505ecddad04fadd021ec14 providers/implementations/ciphers/cipher_aes_cts.inc 7e886ecc088b5903aa082eac72a4c46f9064392bdf5723a592368ecebfeb71c0 providers/implementations/ciphers/cipher_aes_gcm.c 79f5a732820d2512a7f4fc2a99ece7e6e2523a51e62561eb67a4b70d5538b0c4 providers/implementations/ciphers/cipher_aes_gcm.h -ab298c5f89f3165fa11093fad8063b7bcbff0924b43fb3107148ae66d54adcb5 providers/implementations/ciphers/cipher_aes_gcm_hw.c +2617ef43d652e1bd248ab7f55babc2cc4edec628141eb4db564bdcefc9296a7c providers/implementations/ciphers/cipher_aes_gcm_hw.c 8ed4a100e4756c31c56147b4b0fab76a4c6e5292aa2f079045f37b5502fd41b9 providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc -4c6f3a2818754a5aa7b6db36dae53e248504f9e82cc5af2ed68c723903d4f9d5 providers/implementations/ciphers/cipher_aes_hw.c +77024a608e7be3100d97709b9a65c2158c4a4102e70c4e3ba6de27a4bf0741a8 providers/implementations/ciphers/cipher_aes_hw.c 89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68 providers/implementations/ciphers/cipher_aes_hw_aesni.inc -0d77239f0cc1a9e1ecdeb45b6fae12cac2637771d29842199be08699e59f87fc providers/implementations/ciphers/cipher_aes_ocb.c +1655955223756645e1b1516eae6c0fae59f35bd843709faa4a930ac7eba8f627 providers/implementations/ciphers/cipher_aes_ocb.c 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h -855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70 providers/implementations/ciphers/cipher_aes_ocb_hw.c +d33fef74353e50bf541457456c54261314d4318d39456d8e5f26f3eda4525139 providers/implementations/ciphers/cipher_aes_ocb_hw.c 6a8782c728575d69c86b735c9f47acda5c0daa04e17f1e0faef2c963f23fab20 providers/implementations/ciphers/cipher_aes_wrp.c 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931 providers/implementations/ciphers/cipher_aes_xts.c c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c -f358c4121a8a223e2c6cf009fd28b8a195520279016462890214e8858880f632 providers/implementations/ciphers/cipher_aes_xts_hw.c -46ba8271917b53fd8fdf77aee19cc326a219c950b94e043d6d118dcac25ad7ad providers/implementations/ciphers/cipher_cts.c -74640ce402acc704af72e055fb7f27e6aa8efd417babc56f710478e571d8631c providers/implementations/ciphers/cipher_cts.h -fcc3bb0637864252402aaa9d543209909df9a39611127f777b168bc888498dc0 providers/implementations/ciphers/cipher_tdes.c -77709f7fc3f7c08986cd4f0ebf2ef6e44bacb975c1483ef444b3cf5e5071f9d6 providers/implementations/ciphers/cipher_tdes.h +5436aeb7c6e6dee6f3b47b5416c95e28dea890e87f9c4d15cdc860c137cf4fde providers/implementations/ciphers/cipher_aes_xts_hw.c +dc4626becaabc3990549483d9ef5f05c7dd9a9c2cf9be96ade3ba6a6e203f7f5 providers/implementations/ciphers/cipher_cts.c +94459018a2a333bbf0b66cadf7378f9805cbc63ead72d5df6088da2fd3745609 providers/implementations/ciphers/cipher_cts.h +1fce446497c98a84043257700ff02bb8ba04cdbb8ac92b15ca09404490e48016 providers/implementations/ciphers/cipher_tdes.c +98061b6499a05e63b19452b6217ec98f681243730470795a9d3bc0645aac7959 providers/implementations/ciphers/cipher_tdes.h f6b81faf6abf3baa926be7c054cda1ff2be109b0a2143b34b2f2d266b6cb2c52 providers/implementations/ciphers/cipher_tdes_common.c -50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25 providers/implementations/ciphers/cipher_tdes_hw.c -1f44963b1ac450cb77d75df9fbf956b04742e38d236d316c7eb8021bdf0573a4 providers/implementations/ciphers/ciphercommon.c -dd72ea861edf70b94197821ceb00e07165d550934a2e851d62afa5034b79f468 providers/implementations/ciphers/ciphercommon_block.c +cca34f1c7baf3a98964f7ce19a59e06d1eaf2ada121a0d4a438f4078a072b325 providers/implementations/ciphers/cipher_tdes_hw.c +ce1de026ca8d6d2c332f1667051f3f5862362d2ffe37734f701a6d60d15263f7 providers/implementations/ciphers/ciphercommon.c +f31bd0b27bb72d574bbc52595e34ab4aca0b0cdcfc0c51c7f8851bd84541f498 providers/implementations/ciphers/ciphercommon_block.c 8af515e63a0c16ff35dcedcc43c7b4735a10943f1e937eeeb73eb1af3dc92782 providers/implementations/ciphers/ciphercommon_ccm.c -8b6828f188c2590c7d9c6cac13fa0eb6d38a522b0f2859e7c8a766580fa9b66e providers/implementations/ciphers/ciphercommon_ccm_hw.c -142785a128a0d694e2457e7d79da545791b73ae388dcf700b538763099f91f65 providers/implementations/ciphers/ciphercommon_gcm.c +6632a555d5bcd5af67d0355ce46c2906bb3a0dcdf1651595b29189c40a5ca675 providers/implementations/ciphers/ciphercommon_ccm_hw.c +721c2850f66f4813eeaa802644b8e3bd596bfbbebeac2bcc440e0f5fc86d08e9 providers/implementations/ciphers/ciphercommon_gcm.c bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b providers/implementations/ciphers/ciphercommon_gcm_hw.c -23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693 providers/implementations/ciphers/ciphercommon_hw.c +8bf2b4bef8167740ae3fffc9f0cf73327a1b4ee361e63da22c257cca0e1e2971 providers/implementations/ciphers/ciphercommon_hw.c c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666 providers/implementations/ciphers/ciphercommon_local.h 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c -80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057 providers/implementations/digests/sha2_prov.c -de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173 providers/implementations/digests/sha3_prov.c -b5f94d597df72ca58486c59b2a70b4057d13f09528f861ed41a84b7125b54a82 providers/implementations/exchange/dh_exch.c -9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c -9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c +b8c99501d0dfb55c650bc8a4f2fcd76d2006b551d86b799fb09dc19430c1966a providers/implementations/digests/sha2_prov.c +8ca3e52519d2b549785df59274120a334bb5053d1cbfb8aa79357ea426532117 providers/implementations/digests/sha3_prov.c +4fa2bd4db0de4b538aa29b961ca09a4572e90ecd3daa5356645794029d3667ae providers/implementations/exchange/dh_exch.c +4acf0e0ea66b64f85562f74457cd3cf2042e5028d947afef526ef75c6acf2831 providers/implementations/exchange/ecdh_exch.c +d266749072cf76ba2aa229e4a28b5f550e21cfa33c8b5a1ccf38210902515021 providers/implementations/exchange/ecx_exch.c 4692ea3852bf5763db576359bd793fc1ec3bcd0ca42fc906991d7ec4cced7b2a providers/implementations/exchange/kdf_exch.c -996f1397f61b9eab1e31b5d06bccd9ac958dbd5982fd41fdb263ee889b84275c providers/implementations/include/prov/ciphercommon.h -a9f5de1623221f327245957ec1dfd66a1914bff25adf4bcb81213c7955d19382 providers/implementations/include/prov/ciphercommon_aead.h +df4eaf14b35dee7bbe2204870f14c685563b63f810fb3e619b02262b15076a4b providers/implementations/include/prov/ciphercommon.h +b374a4c1ee592b81027081fe7e28dba401658abb2045731af590352f03065e5b providers/implementations/include/prov/ciphercommon_aead.h dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5 providers/implementations/include/prov/ciphercommon_ccm.h -0c1e99d70155402a790e4de65923228c8df8ad970741caccfe8b513837457d7f providers/implementations/include/prov/ciphercommon_gcm.h -b9a61ce951c1904d8315b1bb26c0ab0aaadb47e71d4ead5df0a891608c728c4b providers/implementations/include/prov/digestcommon.h -3e2558c36298cdb4fdaebe5a0cfa1dbbc78e0f60a9012f3a34e711cafb09c7b5 providers/implementations/include/prov/implementations.h +b3dda97a263ee474ea3be5d753790a94420dc79b461b98102bee6eab217fb07e providers/implementations/include/prov/ciphercommon_gcm.h +199f261261b1cc6fe4fb7d49e09e0de9d9cc3e96d990fe800a42683b03bfe060 providers/implementations/include/prov/digestcommon.h +b4697ebc8a2c3ec57b88498740c89efb4b448040b3aa91f4b5c12f1abc0d3b9a providers/implementations/include/prov/implementations.h 5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8 providers/implementations/include/prov/kdfexchange.h c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h 29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h 2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h -6091dd22e716fbe6c7c94524cdee6ad4432a572f2d3c4d360dcafafa3902d692 providers/implementations/kdfs/hkdf.c -a62e3af09f5af84dcf36f951ba4ac90ca1694adaf3747126186020b155f94186 providers/implementations/kdfs/kbkdf.c -e0644e727aacfea4da3cf2c4d2602d7ef0626ebb760b6467432ffd54d5fbb24d providers/implementations/kdfs/pbkdf2.c +f1a173ee4a2cf7c0f017cfc5e6c802bbafa92778e8bb86d2ed2b889a974275b0 providers/implementations/kdfs/hkdf.c +9edb192205b9c60ff2fbd75be8538b7ac579a20db147d6ac5acfea7ac4067eeb providers/implementations/kdfs/kbkdf.c +8161cdde15ed5ada88a98e97c53e59b1ac3611735fab9965fd7db5754d0fffac providers/implementations/kdfs/pbkdf2.c c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/implementations/kdfs/pbkdf2_fips.c -9cc42a4b0a8089e6d1be64637dbb9e41bd21ae5e3386022a27a8f29308ad25c9 providers/implementations/kdfs/sshkdf.c -8571556d77d10e8edc98212473a38f09632e3f19e9995dde89ee6c95f2e84ccf providers/implementations/kdfs/sskdf.c -589f6133799da80760e8bc3ab0191a341ab6d4d2706e92e6eb4a24b0250fefa6 providers/implementations/kdfs/tls1_prf.c -4d4a6d9a562d2dcfec941d3f113a544663b5ac2fbe4accd89ec70c1cc11751d0 providers/implementations/kdfs/x942kdf.c -58acb0ff36bf7e463ba714b347b714eccab9fda77c4ca6bacc3a55e6d2ce5ad9 providers/implementations/kem/rsa_kem.c -11a0d0fb88ed88e965f10b3a0ef6c880f60341df995128f57ad943053aaf15b2 providers/implementations/keymgmt/dh_kmgmt.c -9316fc619e8d8a1d841aa0936fc62c28eb2b4c60cc6c9b2d64b72f8641f28abb providers/implementations/keymgmt/dsa_kmgmt.c -9bc88451d3ae110c7a108ee73d3b3b6bda801ec3494d2dfb9c9970b85c2d34fe providers/implementations/keymgmt/ec_kmgmt.c +07d80353c9acb9d25006984a79fe019f5fb88e87ebcf6ecea360b0c95337b90c providers/implementations/kdfs/sshkdf.c +f54ff5f873d0663b65352cac8c04d34a2d10d4bddf89e83abb4c815389714608 providers/implementations/kdfs/sskdf.c +33f82c53f3fed4a1187430190f1e886e711f98bc4a713fe96cc7ba03cb02467e providers/implementations/kdfs/tls1_prf.c +b91aa5114af88787f44f3deba461ffb8e156c9e13983bb06bf968ccebab71d5a providers/implementations/kdfs/x942kdf.c +97b26708be2bd1daaf323d4689fc800617b5cceb45ab97ae85c70102f689262d providers/implementations/kem/rsa_kem.c +54a23a53169c64c0127dfb3146755bc0b73a056f427a93c30f8d980acace3a46 providers/implementations/keymgmt/dh_kmgmt.c +c5f4ae7de440fc309f9b51ce54471c007c87b2c08bc72e79c3db646251a2a963 providers/implementations/keymgmt/dsa_kmgmt.c +551cb6f06400242d12e09438a15eea42d4744a35e9747470ba64b3275b96e1b5 providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -d0c67b7fbddd51dcfebd96bf99794ca3bc437d50974ebcd56968fb8dd3627b0f providers/implementations/keymgmt/ecx_kmgmt.c +81f2bf61dc12ced700888773a0d748e56f14ccdeb472e29eea86c1538b09bd21 providers/implementations/keymgmt/ecx_kmgmt.c 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c -37e2f9f904eeabf94b1e4152b67ac236f872aa78dd7e47bf0de1b8f50ac19b6c providers/implementations/keymgmt/mac_legacy_kmgmt.c -19f22fc70a6321441e56d5bd4aab3d01d52d17069d4e4b5cefce0f411ecece75 providers/implementations/keymgmt/rsa_kmgmt.c +9908c22971fd33e2156acf80974a2b5ae4f7670d89a4071bf9d618b0201f3c04 providers/implementations/keymgmt/mac_legacy_kmgmt.c +f01915adfe9c9d37ad3c50d40b120907a75d7d413f632dcb399aae172a0f0dc4 providers/implementations/keymgmt/rsa_kmgmt.c 5eb96ea2df635cf79c5aeccae270fbe896b5e6384a5b3e4b187ce8c10fe8dfc7 providers/implementations/macs/cmac_prov.c -e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c -895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c +e30eddd8e2dc89ba28dd02cbbba868003f63c06b2a7bb5bdea533716ea18e3ab providers/implementations/macs/gmac_prov.c +aa107bfd076b37d42196832a263d4c4163b284cbfd081f6f39e0410edff99178 providers/implementations/macs/hmac_prov.c 8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c -f9457255fc57ef5739aa2584e535195e38cc947e31fd044d28d64c28c8a946ce providers/implementations/rands/drbg.c -7e8fa6333845778474ed1313a66867512512372c9397f699a8f68fa6d5fc05fa providers/implementations/rands/drbg_ctr.c -8337994f4bc95e421d6d2833bb4481ad9d84deb3913d0faec6e1791ea372a793 providers/implementations/rands/drbg_hash.c -1f040090f596f88cb64d6eb89109a8b75e66caee113708fb59335ad2547027fc providers/implementations/rands/drbg_hmac.c -7a1b8516f891f25f3dc07ffe0455200f20d3a1f0345a917f00c7d9afe900bb0a providers/implementations/rands/drbg_local.h -04339b66c10017229ef368cb48077f58a252ebfda9ab12b9f919e4149b1036ed providers/implementations/rands/test_rng.c -cafb9e6f54ad15889fcebddac6df61336bff7d78936f7de3bb5aab8aee5728d2 providers/implementations/signature/dsa_sig.c -a30dc6308de0ca33406e7ce909f3bcf7580fb84d863b0976b275839f866258df providers/implementations/signature/ecdsa_sig.c -09647b736980ac3c762f1e7c10cbfee78e2c6ab327ac62e5039968cea034ff3b providers/implementations/signature/eddsa_sig.c +e49f5ca446860d7b104f2e95fb28eb40e9640ab94a6c65343546c4318ba2d789 providers/implementations/rands/drbg.c +7e288a66f00f7fef7b681293cdc347c3532e8253d1376ccb9a4fe13e72d682d4 providers/implementations/rands/drbg_ctr.c +6330889670c53dbbaa47c2d52ad8cd8de5d55e7464bdbdb86be9ca6b35123405 providers/implementations/rands/drbg_hash.c +9034528858d20e55a1dffd4ffeccbeaa4876d0d935a74176a1b3fb897b39a927 providers/implementations/rands/drbg_hmac.c +f3c6bd6d33a8c887eace04d1ff202cb25c53b76cd48b9c69f28cc4aa5b0d8a21 providers/implementations/rands/drbg_local.h +455478b3d51846c59312247c42b6ad2282b321ce7f618e949572ca5517647e89 providers/implementations/rands/test_rng.c +2cd07d8828d2123f79b348b5397e81145e8e7930da48e6271c2933e17abce888 providers/implementations/signature/dsa_sig.c +bf5dc51fc2184d651fc8949142a5df1b2852dfee7f7f6326078aa8193c7bf040 providers/implementations/signature/ecdsa_sig.c +1df0e51b3c53faff441c20c581b054936400b7f61cdad9534d0e3e8ab2c81ad8 providers/implementations/signature/eddsa_sig.c 3bb0f342b4cc1b4594ed0986adc47791c0a7b5c1ae7b1888c1fb5edb268a78d9 providers/implementations/signature/mac_legacy_sig.c -166d7e3a049b28ae2c6f94415070720d176a82e46af1613511c4b073ea705476 providers/implementations/signature/rsa_sig.c +5d3ee35b4ce6231d10b4e647eb201c7cf4d0cc321ba6dfe65e3e26c8e4008c02 providers/implementations/signature/rsa_sig.c a14e901b02fe095713624db4080b3aa3ca685d43f9ebec03041f992240973346 ssl/record/tls_pad.c -3f2e01a98d9e3fda6cc5cb4b44dd43f6cae4ec34994e8f734d11b1e643e58636 ssl/s3_cbc.c +fa2faea7f85207991ff76f2fd67b594d2493e4636ab0c74995df5d055cb6b035 ssl/s3_cbc.c --- crypto/openssl/providers/fips.checksum.orig +++ crypto/openssl/providers/fips.checksum @@ -1 +1 @@ -01b31117f96429fe4c8efbf7f4f10ef32efa2b11c69851fd227e4194db116b6f providers/fips-sources.checksums +d72e6325927c7df21b30f3116f583165ed1911e3499808d3f634c996b16181b8 providers/fips-sources.checksums --- crypto/openssl/providers/fips/fips_entry.c.orig +++ crypto/openssl/providers/fips/fips_entry.c @@ -11,9 +11,9 @@ OSSL_provider_init_fn OSSL_provider_init_int; int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { return OSSL_provider_init_int(handle, in, out, provctx); } --- crypto/openssl/providers/fips/fipsprov.c.orig +++ crypto/openssl/providers/fips/fipsprov.c @@ -102,7 +102,6 @@ fips_prov_ossl_ctx_free, }; - /* Parameters we provide to the core */ static const OSSL_PARAM fips_param_types[] = { OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), @@ -116,42 +115,42 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) { /* - * Parameters to retrieve from the core provider - required for self testing. - * NOTE: inside core_get_params() these will be loaded from config items - * stored inside prov->parameters (except for - * OSSL_PROV_PARAM_CORE_MODULE_FILENAME). - * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS is not a self test parameter. - */ + * Parameters to retrieve from the core provider - required for self testing. + * NOTE: inside core_get_params() these will be loaded from config items + * stored inside prov->parameters (except for + * OSSL_PROV_PARAM_CORE_MODULE_FILENAME). + * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS is not a self test parameter. + */ OSSL_PARAM core_params[8], *p = core_params; *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_PARAM_CORE_MODULE_FILENAME, - (char **)&fgbl->selftest_params.module_filename, - sizeof(fgbl->selftest_params.module_filename)); + OSSL_PROV_PARAM_CORE_MODULE_FILENAME, + (char **)&fgbl->selftest_params.module_filename, + sizeof(fgbl->selftest_params.module_filename)); *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_MODULE_MAC, - (char **)&fgbl->selftest_params.module_checksum_data, - sizeof(fgbl->selftest_params.module_checksum_data)); + OSSL_PROV_FIPS_PARAM_MODULE_MAC, + (char **)&fgbl->selftest_params.module_checksum_data, + sizeof(fgbl->selftest_params.module_checksum_data)); *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_INSTALL_MAC, - (char **)&fgbl->selftest_params.indicator_checksum_data, - sizeof(fgbl->selftest_params.indicator_checksum_data)); + OSSL_PROV_FIPS_PARAM_INSTALL_MAC, + (char **)&fgbl->selftest_params.indicator_checksum_data, + sizeof(fgbl->selftest_params.indicator_checksum_data)); *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, - (char **)&fgbl->selftest_params.indicator_data, - sizeof(fgbl->selftest_params.indicator_data)); + OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, + (char **)&fgbl->selftest_params.indicator_data, + sizeof(fgbl->selftest_params.indicator_data)); *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, - (char **)&fgbl->selftest_params.indicator_version, - sizeof(fgbl->selftest_params.indicator_version)); + OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, + (char **)&fgbl->selftest_params.indicator_version, + sizeof(fgbl->selftest_params.indicator_version)); *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS, - (char **)&fgbl->selftest_params.conditional_error_check, - sizeof(fgbl->selftest_params.conditional_error_check)); + OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS, + (char **)&fgbl->selftest_params.conditional_error_check, + sizeof(fgbl->selftest_params.conditional_error_check)); *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, - (char **)&fgbl->fips_security_check_option, - sizeof(fgbl->fips_security_check_option)); + OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, + (char **)&fgbl->fips_security_check_option, + sizeof(fgbl->fips_security_check_option)); *p = OSSL_PARAM_construct_end(); if (!c_get_params(fgbl->handle, core_params)) { @@ -171,8 +170,8 @@ { OSSL_PARAM *p; FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX, + &fips_prov_ossl_ctx_method); p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) @@ -194,12 +193,11 @@ static void set_self_test_cb(FIPS_GLOBAL *fgbl) { - const OSSL_CORE_HANDLE *handle = - FIPS_get_core_handle(fgbl->selftest_params.libctx); + const OSSL_CORE_HANDLE *handle = FIPS_get_core_handle(fgbl->selftest_params.libctx); if (c_stcbfn != NULL && c_get_libctx != NULL) { c_stcbfn(c_get_libctx(handle), &fgbl->selftest_params.cb, - &fgbl->selftest_params.cb_arg); + &fgbl->selftest_params.cb_arg); } else { fgbl->selftest_params.cb = NULL; fgbl->selftest_params.cb_arg = NULL; @@ -209,8 +207,8 @@ static int fips_self_test(void *provctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX, + &fips_prov_ossl_ctx_method); set_self_test_cb(fgbl); return SELF_TEST_post(&fgbl->selftest_params, 1) ? 1 : 0; @@ -248,9 +246,9 @@ { PROV_NAMES_SHA2_384, FIPS_DEFAULT_PROPERTIES, ossl_sha384_functions }, { PROV_NAMES_SHA2_512, FIPS_DEFAULT_PROPERTIES, ossl_sha512_functions }, { PROV_NAMES_SHA2_512_224, FIPS_DEFAULT_PROPERTIES, - ossl_sha512_224_functions }, + ossl_sha512_224_functions }, { PROV_NAMES_SHA2_512_256, FIPS_DEFAULT_PROPERTIES, - ossl_sha512_256_functions }, + ossl_sha512_256_functions }, /* We agree with NIST here, so one name only */ { PROV_NAMES_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_sha3_224_functions }, @@ -266,9 +264,9 @@ * KMAC128 and KMAC256. */ { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, - ossl_keccak_kmac_128_functions }, + ossl_keccak_kmac_128_functions }, { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, - ossl_keccak_kmac_256_functions }, + ossl_keccak_kmac_256_functions }, { NULL, NULL, NULL } }; @@ -319,17 +317,17 @@ ALG(PROV_NAMES_AES_192_WRAP_PAD_INV, ossl_aes192wrappadinv_functions), ALG(PROV_NAMES_AES_128_WRAP_PAD_INV, ossl_aes128wrappadinv_functions), ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA1, ossl_aes128cbc_hmac_sha1_functions, - ossl_cipher_capable_aes_cbc_hmac_sha1), + ossl_cipher_capable_aes_cbc_hmac_sha1), ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA1, ossl_aes256cbc_hmac_sha1_functions, - ossl_cipher_capable_aes_cbc_hmac_sha1), + ossl_cipher_capable_aes_cbc_hmac_sha1), ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA256, ossl_aes128cbc_hmac_sha256_functions, - ossl_cipher_capable_aes_cbc_hmac_sha256), + ossl_cipher_capable_aes_cbc_hmac_sha256), ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, - ossl_cipher_capable_aes_cbc_hmac_sha256), + ossl_cipher_capable_aes_cbc_hmac_sha256), #ifndef OPENSSL_NO_DES ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), -#endif /* OPENSSL_NO_DES */ +#endif /* OPENSSL_NO_DES */ { { NULL, NULL, NULL }, NULL } }; static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; @@ -348,16 +346,16 @@ static const OSSL_ALGORITHM fips_kdfs[] = { { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, - ossl_kdf_tls1_3_kdf_functions }, + ossl_kdf_tls1_3_kdf_functions }, { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, - ossl_kdf_x963_kdf_functions }, + ossl_kdf_x963_kdf_functions }, { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, - ossl_kdf_x942_kdf_functions }, + ossl_kdf_x942_kdf_functions }, { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, - ossl_kdf_tls1_prf_functions }, + ossl_kdf_tls1_prf_functions }, { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, { NULL, NULL, NULL } }; @@ -380,7 +378,7 @@ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, - ossl_kdf_tls1_prf_keyexch_functions }, + ossl_kdf_tls1_prf_keyexch_functions }, { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_keyexch_functions }, { NULL, NULL, NULL } }; @@ -396,10 +394,10 @@ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, #endif { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, - ossl_mac_legacy_hmac_signature_functions }, + ossl_mac_legacy_hmac_signature_functions }, #ifndef OPENSSL_NO_CMAC { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, - ossl_mac_legacy_cmac_signature_functions }, + ossl_mac_legacy_cmac_signature_functions }, #endif { NULL, NULL, NULL } }; @@ -417,45 +415,45 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { #ifndef OPENSSL_NO_DH { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keymgmt_functions, - PROV_DESCS_DH }, + PROV_DESCS_DH }, { PROV_NAMES_DHX, FIPS_DEFAULT_PROPERTIES, ossl_dhx_keymgmt_functions, - PROV_DESCS_DHX }, + PROV_DESCS_DHX }, #endif #ifndef OPENSSL_NO_DSA { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, - PROV_DESCS_DSA }, + PROV_DESCS_DSA }, #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, - PROV_DESCS_RSA }, + PROV_DESCS_RSA }, { PROV_NAMES_RSA_PSS, FIPS_DEFAULT_PROPERTIES, - ossl_rsapss_keymgmt_functions, PROV_DESCS_RSA_PSS }, + ossl_rsapss_keymgmt_functions, PROV_DESCS_RSA_PSS }, #ifndef OPENSSL_NO_EC { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, - PROV_DESCS_EC }, + PROV_DESCS_EC }, { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, - PROV_DESCS_X25519 }, + PROV_DESCS_X25519 }, { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, - PROV_DESCS_X448 }, + PROV_DESCS_X448 }, { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, - PROV_DESCS_ED25519 }, + PROV_DESCS_ED25519 }, { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, - PROV_DESCS_ED448 }, + PROV_DESCS_ED448 }, #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, - PROV_DESCS_TLS1_PRF_SIGN }, + PROV_DESCS_TLS1_PRF_SIGN }, { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, - PROV_DESCS_HKDF_SIGN }, + PROV_DESCS_HKDF_SIGN }, { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_mac_legacy_keymgmt_functions, - PROV_DESCS_HMAC_SIGN }, + PROV_DESCS_HMAC_SIGN }, #ifndef OPENSSL_NO_CMAC { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, - ossl_cmac_legacy_keymgmt_functions, PROV_DESCS_CMAC_SIGN }, + ossl_cmac_legacy_keymgmt_functions, PROV_DESCS_CMAC_SIGN }, #endif { NULL, NULL, NULL } }; static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, - int *no_cache) + int *no_cache) { *no_cache = 0; @@ -509,7 +507,7 @@ { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, - (void (*)(void))ossl_prov_get_capabilities }, + (void (*)(void))ossl_prov_get_capabilities }, { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test }, { 0, NULL } }; @@ -530,17 +528,17 @@ * we must switch back to this default explicitly here. */ #ifdef __VMS -# pragma names save -# pragma names uppercase,truncated +#pragma names save +#pragma names uppercase, truncated #endif OSSL_provider_init_fn OSSL_provider_init_int; #ifdef __VMS -# pragma names restore +#pragma names restore #endif int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { FIPS_GLOBAL *fgbl; OSSL_LIB_CTX *libctx = NULL; @@ -556,7 +554,11 @@ * multiple versions of libcrypto (e.g. one static and one dynamic), but * sharing a single fips.so. We do a simple sanity check here. */ -#define set_func(c, f) if (c == NULL) c = f; else if (c != f) return 0; +#define set_func(c, f) \ + if (c == NULL) \ + c = f; \ + else if (c != f) \ + return 0; switch (in->function_id) { case OSSL_FUNC_CORE_GET_LIBCTX: set_func(c_get_libctx, OSSL_FUNC_core_get_libctx(in)); @@ -584,7 +586,7 @@ break; case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: set_func(c_clear_last_error_mark, - OSSL_FUNC_core_clear_last_error_mark(in)); + OSSL_FUNC_core_clear_last_error_mark(in)); break; case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in)); @@ -606,39 +608,39 @@ break; case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: set_func(c_CRYPTO_clear_realloc, - OSSL_FUNC_CRYPTO_clear_realloc(in)); + OSSL_FUNC_CRYPTO_clear_realloc(in)); break; case OSSL_FUNC_CRYPTO_SECURE_MALLOC: set_func(c_CRYPTO_secure_malloc, - OSSL_FUNC_CRYPTO_secure_malloc(in)); + OSSL_FUNC_CRYPTO_secure_malloc(in)); break; case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: set_func(c_CRYPTO_secure_zalloc, - OSSL_FUNC_CRYPTO_secure_zalloc(in)); + OSSL_FUNC_CRYPTO_secure_zalloc(in)); break; case OSSL_FUNC_CRYPTO_SECURE_FREE: set_func(c_CRYPTO_secure_free, - OSSL_FUNC_CRYPTO_secure_free(in)); + OSSL_FUNC_CRYPTO_secure_free(in)); break; case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: set_func(c_CRYPTO_secure_clear_free, - OSSL_FUNC_CRYPTO_secure_clear_free(in)); + OSSL_FUNC_CRYPTO_secure_clear_free(in)); break; case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: set_func(c_CRYPTO_secure_allocated, - OSSL_FUNC_CRYPTO_secure_allocated(in)); + OSSL_FUNC_CRYPTO_secure_allocated(in)); break; case OSSL_FUNC_BIO_NEW_FILE: set_func(selftest_params.bio_new_file_cb, - OSSL_FUNC_BIO_new_file(in)); + OSSL_FUNC_BIO_new_file(in)); break; case OSSL_FUNC_BIO_NEW_MEMBUF: set_func(selftest_params.bio_new_buffer_cb, - OSSL_FUNC_BIO_new_membuf(in)); + OSSL_FUNC_BIO_new_membuf(in)); break; case OSSL_FUNC_BIO_READ_EX: set_func(selftest_params.bio_read_ex_cb, - OSSL_FUNC_BIO_read_ex(in)); + OSSL_FUNC_BIO_read_ex(in)); break; case OSSL_FUNC_BIO_FREE: set_func(selftest_params.bio_free_cb, OSSL_FUNC_BIO_free(in)); @@ -670,7 +672,8 @@ } if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method)) == NULL) + &fips_prov_ossl_ctx_method)) + == NULL) goto err; fgbl->handle = handle; @@ -715,7 +718,7 @@ *out = fips_dispatch_table; return 1; - err: +err: fips_teardown(*provctx); OSSL_LIB_CTX_free(libctx); *provctx = NULL; @@ -731,9 +734,9 @@ */ OSSL_provider_init_fn ossl_fips_intern_provider_init; int ossl_fips_intern_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { OSSL_FUNC_core_get_libctx_fn *c_internal_get_libctx = NULL; @@ -759,7 +762,7 @@ * able to do. */ ossl_prov_ctx_set0_libctx(*provctx, - (OSSL_LIB_CTX *)c_internal_get_libctx(handle)); + (OSSL_LIB_CTX *)c_internal_get_libctx(handle)); ossl_prov_ctx_set0_handle(*provctx, handle); *out = intern_dispatch_table; @@ -815,8 +818,8 @@ const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *libctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX, + &fips_prov_ossl_ctx_method); if (fgbl == NULL) return NULL; @@ -850,7 +853,7 @@ } void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, - const char *file, int line) + const char *file, int line) { return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); } @@ -894,14 +897,14 @@ int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX, + &fips_prov_ossl_ctx_method); return fgbl->fips_security_checks; } void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, - void **cbarg) + void **cbarg) { assert(libctx != NULL); --- crypto/openssl/providers/fips/self_test.c.orig +++ crypto/openssl/providers/fips/self_test.c @@ -29,21 +29,21 @@ #include "internal/thread_once.h" #include "self_test.h" -#define FIPS_STATE_INIT 0 +#define FIPS_STATE_INIT 0 #define FIPS_STATE_SELFTEST 1 -#define FIPS_STATE_RUNNING 2 -#define FIPS_STATE_ERROR 3 +#define FIPS_STATE_RUNNING 2 +#define FIPS_STATE_ERROR 3 /* * The number of times the module will report it is in the error state * before going quiet. */ -#define FIPS_ERROR_REPORTING_RATE_LIMIT 10 +#define FIPS_ERROR_REPORTING_RATE_LIMIT 10 /* The size of a temp buffer used to read in data */ #define INTEGRITY_BUF_SIZE (4096) #define MAX_MD_SIZE 64 -#define MAC_NAME "HMAC" +#define MAC_NAME "HMAC" #define DIGEST_NAME "SHA256" static int FIPS_conditional_error_check = 1; @@ -66,9 +66,9 @@ * Declarations for the DEP entry/exit points. * Ones not required or incorrect need to be undefined or redefined respectively. */ -#define DEP_INITIAL_STATE FIPS_STATE_INIT -#define DEP_INIT_ATTRIBUTE static -#define DEP_FINI_ATTRIBUTE static +#define DEP_INITIAL_STATE FIPS_STATE_INIT +#define DEP_INIT_ATTRIBUTE static +#define DEP_FINI_ATTRIBUTE static static void init(void); static void cleanup(void); @@ -78,14 +78,14 @@ * See FIPS 140-2 IG 9.10 */ #if defined(_WIN32) || defined(__CYGWIN__) -# ifdef __CYGWIN__ +#ifdef __CYGWIN__ /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ -# include +#include /* * this has side-effect of _WIN32 getting defined, which otherwise is * mutually exclusive with __CYGWIN__... */ -# endif +#endif BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved); BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) @@ -104,20 +104,20 @@ } #elif defined(__GNUC__) && !defined(_AIX) -# undef DEP_INIT_ATTRIBUTE -# undef DEP_FINI_ATTRIBUTE -# define DEP_INIT_ATTRIBUTE static __attribute__((constructor)) -# define DEP_FINI_ATTRIBUTE static __attribute__((destructor)) +#undef DEP_INIT_ATTRIBUTE +#undef DEP_FINI_ATTRIBUTE +#define DEP_INIT_ATTRIBUTE static __attribute__((constructor)) +#define DEP_FINI_ATTRIBUTE static __attribute__((destructor)) #elif defined(__sun) -# pragma init(init) -# pragma fini(cleanup) +#pragma init(init) +#pragma fini(cleanup) #elif defined(_AIX) && !defined(__GNUC__) void _init(void); void _cleanup(void); -# pragma init(_init) -# pragma fini(_cleanup) +#pragma init(_init) +#pragma fini(_cleanup) void _init(void) { init(); @@ -128,17 +128,19 @@ } #elif defined(__hpux) -# pragma init "init" -# pragma fini "cleanup" +#pragma init "init" +#pragma fini "cleanup" #elif defined(__TANDEM) /* Method automatically called by the NonStop OS when the DLL loads */ -void __INIT__init(void) { +void __INIT__init(void) +{ init(); } /* Method automatically called by the NonStop OS prior to unloading the DLL */ -void __TERM__cleanup(void) { +void __TERM__cleanup(void) +{ cleanup(); } @@ -148,10 +150,10 @@ * We force the self-tests to run as part of the FIPS provider initialisation * rather than being triggered by the DEP. */ -# undef DEP_INIT_ATTRIBUTE -# undef DEP_FINI_ATTRIBUTE -# undef DEP_INITIAL_STATE -# define DEP_INITIAL_STATE FIPS_STATE_SELFTEST +#undef DEP_INIT_ATTRIBUTE +#undef DEP_FINI_ATTRIBUTE +#undef DEP_INITIAL_STATE +#define DEP_INITIAL_STATE FIPS_STATE_SELFTEST #endif static TSAN_QUALIFIER int FIPS_state = DEP_INITIAL_STATE; @@ -176,9 +178,9 @@ * Return 1 if verified, or 0 if it fails. */ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, - unsigned char *expected, size_t expected_len, - OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, - const char *event_type) + unsigned char *expected, size_t expected_len, + OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, + const char *event_type) { int ret = 0, status; unsigned char out[MAX_MD_SIZE]; @@ -215,7 +217,7 @@ OSSL_SELF_TEST_oncorrupt_byte(ev, out); if (expected_len != out_len - || memcmp(expected, out, out_len) != 0) + || memcmp(expected, out, out_len) != 0) goto err; ret = 1; err: @@ -271,7 +273,7 @@ } if (st == NULL - || st->module_checksum_data == NULL) { + || st->module_checksum_data == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); goto end; } @@ -281,7 +283,7 @@ goto end; module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, - &checksum_len); + &checksum_len); if (module_checksum == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; @@ -290,9 +292,9 @@ /* Always check the integrity of the fips module */ if (bio_module == NULL - || !verify_integrity(bio_module, st->bio_read_ex_cb, - module_checksum, checksum_len, st->libctx, - ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { + || !verify_integrity(bio_module, st->bio_read_ex_cb, + module_checksum, checksum_len, st->libctx, + ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); goto end; } @@ -308,20 +310,19 @@ goto end; } indicator_checksum = OPENSSL_hexstr2buf(st->indicator_checksum_data, - &checksum_len); + &checksum_len); if (indicator_checksum == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; } - bio_indicator = - (*st->bio_new_buffer_cb)(st->indicator_data, - strlen(st->indicator_data)); + bio_indicator = (*st->bio_new_buffer_cb)(st->indicator_data, + strlen(st->indicator_data)); if (bio_indicator == NULL - || !verify_integrity(bio_indicator, st->bio_read_ex_cb, - indicator_checksum, checksum_len, - st->libctx, ev, - OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)) { + || !verify_integrity(bio_indicator, st->bio_read_ex_cb, + indicator_checksum, checksum_len, + st->libctx, ev, + OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)) { ERR_raise(ERR_LIB_PROV, PROV_R_INDICATOR_INTEGRITY_FAILURE); goto end; } else { --- crypto/openssl/providers/fips/self_test.h.orig +++ crypto/openssl/providers/fips/self_test.h @@ -13,13 +13,13 @@ typedef struct self_test_post_params_st { /* FIPS module integrity check parameters */ - const char *module_filename; /* Module file to perform MAC on */ - const char *module_checksum_data; /* Expected module MAC integrity */ + const char *module_filename; /* Module file to perform MAC on */ + const char *module_checksum_data; /* Expected module MAC integrity */ /* Used for KAT install indicator integrity check */ - const char *indicator_version; /* version - for future proofing */ - const char *indicator_data; /* data to perform MAC on */ - const char *indicator_checksum_data; /* Expected MAC integrity value */ + const char *indicator_version; /* version - for future proofing */ + const char *indicator_data; /* data to perform MAC on */ + const char *indicator_checksum_data; /* Expected MAC integrity value */ /* Used for continuous tests */ const char *conditional_error_check; --- crypto/openssl/providers/fips/self_test_kats.c.orig +++ crypto/openssl/providers/fips/self_test_kats.c @@ -18,7 +18,7 @@ #include "self_test_data.inc" static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, - OSSL_LIB_CTX *libctx) + OSSL_LIB_CTX *libctx) { int ok = 0; unsigned char out[EVP_MAX_MD_SIZE]; @@ -29,17 +29,17 @@ OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc); if (ctx == NULL - || md == NULL - || !EVP_DigestInit_ex(ctx, md, NULL) - || !EVP_DigestUpdate(ctx, t->pt, t->pt_len) - || !EVP_DigestFinal(ctx, out, &out_len)) + || md == NULL + || !EVP_DigestInit_ex(ctx, md, NULL) + || !EVP_DigestUpdate(ctx, t->pt, t->pt_len) + || !EVP_DigestFinal(ctx, out, &out_len)) goto err; /* Optional corruption */ OSSL_SELF_TEST_oncorrupt_byte(st, out); if (out_len != t->expected_len - || memcmp(out, t->expected, out_len) != 0) + || memcmp(out, t->expected, out_len) != 0) goto err; ok = 1; err: @@ -54,7 +54,7 @@ * Used to hide the complexity of Authenticated ciphers. */ static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const ST_KAT_CIPHER *t, int enc) + const ST_KAT_CIPHER *t, int enc) { unsigned char *in_tag = NULL; int pad = 0, tmp; @@ -64,7 +64,7 @@ if (t->tag == NULL) { /* Use a normal cipher init */ return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc) - && EVP_CIPHER_CTX_set_padding(ctx, pad); + && EVP_CIPHER_CTX_set_padding(ctx, pad); } /* The authenticated cipher init */ @@ -72,18 +72,19 @@ in_tag = (unsigned char *)t->tag; return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) - && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0) - && (in_tag == NULL - || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len, - in_tag) > 0) - && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc) - && EVP_CIPHER_CTX_set_padding(ctx, pad) - && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len); + && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0) + && (in_tag == NULL + || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len, + in_tag) + > 0) + && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc) + && EVP_CIPHER_CTX_set_padding(ctx, pad) + && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len); } /* Test a single KAT for encrypt/decrypt */ static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st, - OSSL_LIB_CTX *libctx) + OSSL_LIB_CTX *libctx) { int ret = 0, encrypt = 1, len = 0, ct_len = 0, pt_len = 0; EVP_CIPHER_CTX *ctx = NULL; @@ -103,9 +104,9 @@ /* Encrypt plain text message */ if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) { if (!cipher_init(ctx, cipher, t, encrypt) - || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt, - t->base.pt_len) - || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len)) + || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt, + t->base.pt_len) + || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len)) goto err; OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf); @@ -118,7 +119,8 @@ unsigned char tag[16] = { 0 }; if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, - tag) <= 0 + tag) + <= 0 || memcmp(tag, t->tag, t->tag_len) != 0) goto err; } @@ -127,14 +129,14 @@ /* Decrypt cipher text */ if ((t->mode & CIPHER_MODE_DECRYPT) != 0) { if (!(cipher_init(ctx, cipher, t, !encrypt) - && EVP_CipherUpdate(ctx, pt_buf, &len, - t->base.expected, t->base.expected_len) - && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len))) + && EVP_CipherUpdate(ctx, pt_buf, &len, + t->base.expected, t->base.expected_len) + && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len))) goto err; OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf); pt_len += len; if (pt_len != (int)t->base.pt_len - || memcmp(pt_buf, t->base.pt, pt_len) != 0) + || memcmp(pt_buf, t->base.pt, pt_len) != 0) goto err; } @@ -147,15 +149,14 @@ } static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params, - BN_CTX *ctx) + BN_CTX *ctx) { int ret = 0; const ST_KAT_PARAM *p; if (params == NULL) return 1; - for (p = params; p->data != NULL; ++p) - { + for (p = params; p->data != NULL; ++p) { switch (p->type) { case OSSL_PARAM_UNSIGNED_INTEGER: { BIGNUM *bn = BN_CTX_get(ctx); @@ -168,13 +169,13 @@ } case OSSL_PARAM_UTF8_STRING: { if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, - p->data_len)) + p->data_len)) goto err; break; } case OSSL_PARAM_OCTET_STRING: { if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data, - p->data_len)) + p->data_len)) goto err; break; } @@ -193,14 +194,14 @@ } static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, - OSSL_LIB_CTX *libctx) + OSSL_LIB_CTX *libctx) { int ret = 0; unsigned char out[128]; EVP_KDF *kdf = NULL; EVP_KDF_CTX *ctx = NULL; BN_CTX *bnctx = NULL; - OSSL_PARAM *params = NULL; + OSSL_PARAM *params = NULL; OSSL_PARAM_BLD *bld = NULL; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc); @@ -233,7 +234,7 @@ OSSL_SELF_TEST_oncorrupt_byte(st, out); - if (memcmp(out, t->expected, t->expected_len) != 0) + if (memcmp(out, t->expected, t->expected_len) != 0) goto err; ret = 1; @@ -248,7 +249,7 @@ } static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st, - OSSL_LIB_CTX *libctx) + OSSL_LIB_CTX *libctx) { int ret = 0; unsigned char out[256]; @@ -272,7 +273,7 @@ goto err; drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, - &strength); + &strength); if (!EVP_RAND_CTX_set_params(test, drbg_params)) goto err; @@ -288,42 +289,37 @@ strength = EVP_RAND_get_strength(drbg); drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name, - t->param_value, 0); + t->param_value, 0); /* This is only used by HMAC-DRBG but it is ignored by the others */ - drbg_params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0); + drbg_params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0); if (!EVP_RAND_CTX_set_params(drbg, drbg_params)) goto err; - drbg_params[0] = - OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, - (void *)t->entropyin, - t->entropyinlen); - drbg_params[1] = - OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, - (void *)t->nonce, t->noncelen); + drbg_params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, + (void *)t->entropyin, + t->entropyinlen); + drbg_params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, + (void *)t->nonce, t->noncelen); if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params)) goto err; if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen, - NULL)) + NULL)) goto err; - drbg_params[0] = - OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, - (void *)t->entropyinpr1, - t->entropyinpr1len); + drbg_params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, + (void *)t->entropyinpr1, + t->entropyinpr1len); if (!EVP_RAND_CTX_set_params(test, drbg_params)) goto err; if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength, - prediction_resistance, - t->entropyaddin1, t->entropyaddin1len)) + prediction_resistance, + t->entropyaddin1, t->entropyaddin1len)) goto err; - drbg_params[0] = - OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, - (void *)t->entropyinpr2, - t->entropyinpr2len); + drbg_params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, + (void *)t->entropyinpr2, + t->entropyinpr2len); if (!EVP_RAND_CTX_set_params(test, drbg_params)) goto err; @@ -332,8 +328,8 @@ * prediction_resistance = 1 */ if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength, - prediction_resistance, - t->entropyaddin2, t->entropyaddin2len)) + prediction_resistance, + t->entropyaddin2, t->entropyaddin2len)) goto err; OSSL_SELF_TEST_oncorrupt_byte(st, out); @@ -360,7 +356,7 @@ #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) static int self_test_ka(const ST_KAT_KAS *t, - OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) { int ret = 0; EVP_PKEY_CTX *kactx = NULL, *dctx = NULL; @@ -437,7 +433,7 @@ #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ static int self_test_sign(const ST_KAT_SIGN *t, - OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) { int ret = 0; OSSL_PARAM *params = NULL, *params_sig = NULL; @@ -487,8 +483,8 @@ /* set signature parameters */ if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, - t->mdalgorithm, - strlen(t->mdalgorithm) + 1)) + t->mdalgorithm, + strlen(t->mdalgorithm) + 1)) goto err; params_sig = OSSL_PARAM_BLD_to_param(bld); if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) @@ -531,7 +527,7 @@ * and decrypt.. */ static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st, - OSSL_LIB_CTX *libctx) + OSSL_LIB_CTX *libctx) { int ret = 0; OSSL_PARAM *keyparams = NULL, *initparams = NULL; @@ -584,11 +580,13 @@ if (t->encrypt) { if (EVP_PKEY_encrypt(encctx, out, &outlen, - t->in, t->in_len) <= 0) + t->in, t->in_len) + <= 0) goto err; } else { if (EVP_PKEY_decrypt(encctx, out, &outlen, - t->in, t->in_len) <= 0) + t->in, t->in_len) + <= 0) goto err; } /* Check the KAT */ --- crypto/openssl/providers/implementations/asymciphers/rsa_enc.c.orig +++ crypto/openssl/providers/implementations/asymciphers/rsa_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -46,12 +46,12 @@ static OSSL_FUNC_asym_cipher_settable_ctx_params_fn rsa_settable_ctx_params; static OSSL_ITEM padding_item[] = { - { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, - { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, - { RSA_PKCS1_OAEP_PADDING, OSSL_PKEY_RSA_PAD_MODE_OAEP }, /* Correct spelling first */ - { RSA_PKCS1_OAEP_PADDING, "oeap" }, - { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, - { 0, NULL } + { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, + { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, + { RSA_PKCS1_OAEP_PADDING, OSSL_PKEY_RSA_PAD_MODE_OAEP }, /* Correct spelling first */ + { RSA_PKCS1_OAEP_PADDING, "oeap" }, + { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, + { 0, NULL } }; /* @@ -92,7 +92,7 @@ } static int rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[], - int operation) + int operation) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -121,37 +121,42 @@ } static int rsa_encrypt_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_ENCRYPT); } static int rsa_decrypt_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); } static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, - size_t outsize, const unsigned char *in, size_t inlen) + size_t outsize, const unsigned char *in, size_t inlen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t len = RSA_size(prsactx->rsa); int ret; if (!ossl_prov_is_running()) return 0; - if (out == NULL) { - size_t len = RSA_size(prsactx->rsa); + if (len == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } - if (len == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); - return 0; - } + if (out == NULL) { *outlen = len; return 1; } + if (outsize < len) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) { int rsasize = RSA_size(prsactx->rsa); unsigned char *tbuf; @@ -168,24 +173,23 @@ return 0; } } - ret = - ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, - rsasize, in, inlen, - prsactx->oaep_label, - prsactx->oaep_labellen, - prsactx->oaep_md, - prsactx->mgf1_md); + ret = ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, + rsasize, in, inlen, + prsactx->oaep_label, + prsactx->oaep_labellen, + prsactx->oaep_md, + prsactx->mgf1_md); if (!ret) { OPENSSL_free(tbuf); return 0; } ret = RSA_public_encrypt(rsasize, tbuf, out, prsactx->rsa, - RSA_NO_PADDING); + RSA_NO_PADDING); OPENSSL_free(tbuf); } else { ret = RSA_public_encrypt(inlen, in, out, prsactx->rsa, - prsactx->pad_mode); + prsactx->pad_mode); } /* A ret value of 0 is not an error */ if (ret < 0) @@ -195,7 +199,7 @@ } static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, - size_t outsize, const unsigned char *in, size_t inlen) + size_t outsize, const unsigned char *in, size_t inlen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -230,7 +234,7 @@ } if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING - || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { + || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { unsigned char *tbuf; if ((tbuf = OPENSSL_malloc(len)) == NULL) { @@ -238,7 +242,7 @@ return 0; } ret = RSA_private_decrypt(inlen, in, tbuf, prsactx->rsa, - RSA_NO_PADDING); + RSA_NO_PADDING); /* * With no padding then, on success ret should be len, otherwise an * error occurred (non-constant time) @@ -258,11 +262,11 @@ } } ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, outsize, tbuf, - len, len, - prsactx->oaep_label, - prsactx->oaep_labellen, - prsactx->oaep_md, - prsactx->mgf1_md); + len, len, + prsactx->oaep_label, + prsactx->oaep_labellen, + prsactx->oaep_md, + prsactx->mgf1_md); } else { /* RSA_PKCS1_WITH_TLS_PADDING */ if (prsactx->client_version <= 0) { @@ -271,13 +275,13 @@ return 0; } ret = ossl_rsa_padding_check_PKCS1_type_2_TLS( - prsactx->libctx, out, outsize, tbuf, len, - prsactx->client_version, prsactx->alt_version); + prsactx->libctx, out, outsize, tbuf, len, + prsactx->client_version, prsactx->alt_version); } OPENSSL_free(tbuf); } else { ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, - prsactx->pad_mode); + prsactx->pad_mode); } *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); ret = constant_time_select_int(constant_time_msb(ret), 0, 1); @@ -328,6 +332,12 @@ return NULL; } + if (dstctx->oaep_label != NULL + && (dstctx->oaep_label = OPENSSL_memdup(dstctx->oaep_label, dstctx->oaep_labellen)) == NULL) { + rsa_freectx(dstctx); + return NULL; + } + return dstctx; } @@ -346,34 +356,30 @@ if (!OSSL_PARAM_set_int(p, prsactx->pad_mode)) return 0; break; - case OSSL_PARAM_UTF8_STRING: - { - int i; - const char *word = NULL; - - for (i = 0; padding_item[i].id != 0; i++) { - if (prsactx->pad_mode == (int)padding_item[i].id) { - word = padding_item[i].ptr; - break; - } + case OSSL_PARAM_UTF8_STRING: { + int i; + const char *word = NULL; + + for (i = 0; padding_item[i].id != 0; i++) { + if (prsactx->pad_mode == (int)padding_item[i].id) { + word = padding_item[i].ptr; + break; } + } - if (word != NULL) { - if (!OSSL_PARAM_set_utf8_string(p, word)) - return 0; - } else { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); - } + if (word != NULL) { + if (!OSSL_PARAM_set_utf8_string(p, word)) + return 0; + } else { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); } - break; + } break; default: return 0; } p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->oaep_md == NULL - ? "" - : EVP_MD_get0_name(prsactx->oaep_md))) + if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->oaep_md == NULL ? "" : EVP_MD_get0_name(prsactx->oaep_md))) return 0; p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); @@ -381,16 +387,12 @@ EVP_MD *mgf1_md = prsactx->mgf1_md == NULL ? prsactx->oaep_md : prsactx->mgf1_md; - if (!OSSL_PARAM_set_utf8_string(p, mgf1_md == NULL - ? "" - : EVP_MD_get0_name(mgf1_md))) - return 0; + if (!OSSL_PARAM_set_utf8_string(p, mgf1_md == NULL ? "" : EVP_MD_get0_name(mgf1_md))) + return 0; } p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL); - if (p != NULL && - !OSSL_PARAM_set_octet_ptr(p, prsactx->oaep_label, - prsactx->oaep_labellen)) + if (p != NULL && !OSSL_PARAM_set_octet_ptr(p, prsactx->oaep_label, prsactx->oaep_labellen)) return 0; p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); @@ -409,14 +411,14 @@ OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), OSSL_PARAM_DEFN(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, - NULL, 0), + NULL, 0), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), OSSL_PARAM_END }; static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -441,7 +443,7 @@ return 0; p = OSSL_PARAM_locate_const(params, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS); + OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS); if (p != NULL) { str = mdprops; if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) @@ -464,21 +466,19 @@ if (!OSSL_PARAM_get_int(p, &pad_mode)) return 0; break; - case OSSL_PARAM_UTF8_STRING: - { - int i; + case OSSL_PARAM_UTF8_STRING: { + int i; - if (p->data == NULL) - return 0; + if (p->data == NULL) + return 0; - for (i = 0; padding_item[i].id != 0; i++) { - if (strcmp(p->data, padding_item[i].ptr) == 0) { - pad_mode = padding_item[i].id; - break; - } + for (i = 0; padding_item[i].id != 0; i++) { + if (strcmp(p->data, padding_item[i].ptr) == 0) { + pad_mode = padding_item[i].id; + break; } } - break; + } break; default: return 0; } @@ -504,7 +504,7 @@ return 0; p = OSSL_PARAM_locate_const(params, - OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS); + OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS); if (p != NULL) { str = mdprops; if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) @@ -566,7 +566,7 @@ }; static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *vprsactx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -580,12 +580,12 @@ { OSSL_FUNC_ASYM_CIPHER_FREECTX, (void (*)(void))rsa_freectx }, { OSSL_FUNC_ASYM_CIPHER_DUPCTX, (void (*)(void))rsa_dupctx }, { OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS, - (void (*)(void))rsa_get_ctx_params }, + (void (*)(void))rsa_get_ctx_params }, { OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS, - (void (*)(void))rsa_gettable_ctx_params }, + (void (*)(void))rsa_gettable_ctx_params }, { OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS, - (void (*)(void))rsa_set_ctx_params }, + (void (*)(void))rsa_set_ctx_params }, { OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS, - (void (*)(void))rsa_settable_ctx_params }, + (void (*)(void))rsa_settable_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/asymciphers/sm2_enc.c.orig +++ crypto/openssl/providers/implementations/asymciphers/sm2_enc.c @@ -47,7 +47,7 @@ static void *sm2_newctx(void *provctx) { - PROV_SM2_CTX *psm2ctx = OPENSSL_zalloc(sizeof(PROV_SM2_CTX)); + PROV_SM2_CTX *psm2ctx = OPENSSL_zalloc(sizeof(PROV_SM2_CTX)); if (psm2ctx == NULL) return NULL; @@ -79,8 +79,8 @@ } static int sm2_asym_encrypt(void *vpsm2ctx, unsigned char *out, size_t *outlen, - size_t outsize, const unsigned char *in, - size_t inlen) + size_t outsize, const unsigned char *in, + size_t inlen) { PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; const EVP_MD *md = sm2_get_md(psm2ctx); @@ -100,8 +100,8 @@ } static int sm2_asym_decrypt(void *vpsm2ctx, unsigned char *out, size_t *outlen, - size_t outsize, const unsigned char *in, - size_t inlen) + size_t outsize, const unsigned char *in, + size_t inlen) { PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; const EVP_MD *md = sm2_get_md(psm2ctx); @@ -165,8 +165,7 @@ if (p != NULL) { const EVP_MD *md = ossl_prov_digest_md(&psm2ctx->md); - if (!OSSL_PARAM_set_utf8_string(p, md == NULL ? "" - : EVP_MD_get0_name(md))) + if (!OSSL_PARAM_set_utf8_string(p, md == NULL ? "" : EVP_MD_get0_name(md))) return 0; } @@ -179,7 +178,7 @@ }; static const OSSL_PARAM *sm2_gettable_ctx_params(ossl_unused void *vpsm2ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -194,7 +193,7 @@ return 1; if (!ossl_prov_digest_load_from_params(&psm2ctx->md, params, - psm2ctx->libctx)) + psm2ctx->libctx)) return 0; return 1; @@ -208,7 +207,7 @@ }; static const OSSL_PARAM *sm2_settable_ctx_params(ossl_unused void *vpsm2ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -222,12 +221,12 @@ { OSSL_FUNC_ASYM_CIPHER_FREECTX, (void (*)(void))sm2_freectx }, { OSSL_FUNC_ASYM_CIPHER_DUPCTX, (void (*)(void))sm2_dupctx }, { OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS, - (void (*)(void))sm2_get_ctx_params }, + (void (*)(void))sm2_get_ctx_params }, { OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS, - (void (*)(void))sm2_gettable_ctx_params }, + (void (*)(void))sm2_gettable_ctx_params }, { OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS, - (void (*)(void))sm2_set_ctx_params }, + (void (*)(void))sm2_set_ctx_params }, { OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS, - (void (*)(void))sm2_settable_ctx_params }, + (void (*)(void))sm2_settable_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/ciphers/cipher_aes.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes.c @@ -28,7 +28,7 @@ PROV_AES_CTX *ctx = (PROV_AES_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *aes_dupctx(void *ctx) @@ -68,11 +68,11 @@ /* ossl_aes128ofb_functions */ IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 128, 8, 128, stream) /* ossl_aes256cfb_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 256, 8, 128, stream) /* ossl_aes192cfb_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 192, 8, 128, stream) /* ossl_aes128cfb_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 128, 8, 128, stream) /* ossl_aes256cfb1_functions */ IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 256, 8, 128, stream) /* ossl_aes192cfb1_functions */ --- crypto/openssl/providers/implementations/ciphers/cipher_aes.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes.h @@ -12,7 +12,7 @@ #include "crypto/aes_platform.h" typedef struct prov_aes_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; AES_KEY ks; --- crypto/openssl/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -24,14 +24,14 @@ #include "prov/providercommon.h" #ifndef AES_CBC_HMAC_SHA_CAPABLE -# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ -const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ - { 0, NULL } \ -}; +#define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ + const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ + { 0, NULL } \ + }; #else -# define AES_CBC_HMAC_SHA_FLAGS (PROV_CIPHER_FLAG_AEAD \ - | PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) +#define AES_CBC_HMAC_SHA_FLAGS (PROV_CIPHER_FLAG_AEAD \ + | PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) static OSSL_FUNC_cipher_encrypt_init_fn aes_einit; static OSSL_FUNC_cipher_decrypt_init_fn aes_dinit; @@ -41,14 +41,14 @@ static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_gettable_ctx_params; static OSSL_FUNC_cipher_set_ctx_params_fn aes_set_ctx_params; static OSSL_FUNC_cipher_settable_ctx_params_fn aes_settable_ctx_params; -# define aes_gettable_params ossl_cipher_generic_gettable_params -# define aes_update ossl_cipher_generic_stream_update -# define aes_final ossl_cipher_generic_stream_final -# define aes_cipher ossl_cipher_generic_cipher +#define aes_gettable_params ossl_cipher_generic_gettable_params +#define aes_update ossl_cipher_generic_stream_update +#define aes_final ossl_cipher_generic_stream_final +#define aes_cipher ossl_cipher_generic_cipher static int aes_einit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -56,8 +56,8 @@ } static int aes_dinit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -67,18 +67,18 @@ static const OSSL_PARAM cipher_aes_known_settable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_MAC_KEY, NULL, 0), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0), -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, NULL), OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, NULL, 0), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, NULL, 0), -# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ +#endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_END }; const OSSL_PARAM *aes_settable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return cipher_aes_known_settable_ctx_params; } @@ -86,13 +86,12 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; - PROV_CIPHER_HW_AES_HMAC_SHA *hw = - (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw; + PROV_CIPHER_HW_AES_HMAC_SHA *hw = (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw; const OSSL_PARAM *p; int ret = 1; -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; -# endif +#endif if (params == NULL) return 1; @@ -106,11 +105,11 @@ hw->init_mac_key(ctx, p->data, p->data_size); } -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) p = OSSL_PARAM_locate_const(params, - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT); if (p != NULL - && !OSSL_PARAM_get_size_t(p, &ctx->multiblock_max_send_fragment)) { + && !OSSL_PARAM_get_size_t(p, &ctx->multiblock_max_send_fragment)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } @@ -126,7 +125,7 @@ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD); if (p != NULL) { const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params, - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE); if (p->data_type != OSSL_PARAM_OCTET_STRING || p1 == NULL || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) { @@ -151,9 +150,9 @@ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC); if (p != NULL) { const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params, - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE); const OSSL_PARAM *pin = OSSL_PARAM_locate_const(params, - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN); + OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN); if (p->data_type != OSSL_PARAM_OCTET_STRING || pin == NULL @@ -169,7 +168,7 @@ if (hw->tls1_multiblock_encrypt(vctx, &mb_param) <= 0) return 0; } -# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ +#endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); if (p != NULL) { @@ -202,7 +201,7 @@ return 0; } if (ctx->base.tlsversion == SSL3_VERSION - || ctx->base.tlsversion == TLS1_VERSION) { + || ctx->base.tlsversion == TLS1_VERSION) { if (!ossl_assert(ctx->base.removetlsfixed >= AES_BLOCK_SIZE)) { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); return 0; @@ -222,11 +221,10 @@ PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; OSSL_PARAM *p; -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE); if (p != NULL) { - PROV_CIPHER_HW_AES_HMAC_SHA *hw = - (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw; + PROV_CIPHER_HW_AES_HMAC_SHA *hw = (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw; size_t len = hw->tls1_multiblock_max_bufsize(ctx); if (!OSSL_PARAM_set_size_t(p, len)) { @@ -252,7 +250,7 @@ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } -# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ +#endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad)) { @@ -287,12 +285,12 @@ } static const OSSL_PARAM cipher_aes_known_gettable_ctx_params[] = { -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, NULL), OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, NULL), OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, NULL), -# endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ +#endif /* !defined(OPENSSL_NO_MULTIBLOCK) */ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), @@ -301,25 +299,25 @@ OSSL_PARAM_END }; const OSSL_PARAM *aes_gettable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return cipher_aes_known_gettable_ctx_params; } static void base_init(void *provctx, PROV_AES_HMAC_SHA_CTX *ctx, - const PROV_CIPHER_HW_AES_HMAC_SHA *meths, - size_t kbits, size_t blkbits, size_t ivbits, - uint64_t flags) + const PROV_CIPHER_HW_AES_HMAC_SHA *meths, + size_t kbits, size_t blkbits, size_t ivbits, + uint64_t flags) { ossl_cipher_generic_initkey(&ctx->base, kbits, blkbits, ivbits, - EVP_CIPH_CBC_MODE, flags, - &meths->base, provctx); + EVP_CIPH_CBC_MODE, flags, + &meths->base, provctx); ctx->hw = (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->base.hw; } static void *aes_cbc_hmac_sha1_newctx(void *provctx, size_t kbits, - size_t blkbits, size_t ivbits, - uint64_t flags) + size_t blkbits, size_t ivbits, + uint64_t flags) { PROV_AES_HMAC_SHA1_CTX *ctx; @@ -329,8 +327,8 @@ ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) base_init(provctx, &ctx->base_ctx, - ossl_prov_cipher_hw_aes_cbc_hmac_sha1(), kbits, blkbits, - ivbits, flags); + ossl_prov_cipher_hw_aes_cbc_hmac_sha1(), kbits, blkbits, + ivbits, flags); return ctx; } @@ -355,8 +353,8 @@ } static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits, - size_t blkbits, size_t ivbits, - uint64_t flags) + size_t blkbits, size_t ivbits, + uint64_t flags) { PROV_AES_HMAC_SHA256_CTX *ctx; @@ -366,8 +364,8 @@ ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) base_init(provctx, &ctx->base_ctx, - ossl_prov_cipher_hw_aes_cbc_hmac_sha256(), kbits, blkbits, - ivbits, flags); + ossl_prov_cipher_hw_aes_cbc_hmac_sha256(), kbits, blkbits, + ivbits, flags); return ctx; } @@ -388,41 +386,41 @@ } } -# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ -static OSSL_FUNC_cipher_newctx_fn nm##_##kbits##_##sub##_newctx; \ -static void *nm##_##kbits##_##sub##_newctx(void *provctx) \ -{ \ - return nm##_##sub##_newctx(provctx, kbits, blkbits, ivbits, flags); \ -} \ -static OSSL_FUNC_cipher_get_params_fn nm##_##kbits##_##sub##_get_params; \ -static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_CBC_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))nm##_##sub##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))nm##_##sub##_dupctx}, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))nm##_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))nm##_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))nm##_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))nm##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))nm##_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void))nm##_##kbits##_##sub##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))nm##_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))nm##_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))nm##_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))nm##_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))nm##_settable_ctx_params }, \ - { 0, NULL } \ -}; +#define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ + static OSSL_FUNC_cipher_newctx_fn nm##_##kbits##_##sub##_newctx; \ + static void *nm##_##kbits##_##sub##_newctx(void *provctx) \ + { \ + return nm##_##sub##_newctx(provctx, kbits, blkbits, ivbits, flags); \ + } \ + static OSSL_FUNC_cipher_get_params_fn nm##_##kbits##_##sub##_get_params; \ + static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_CBC_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))nm##_##sub##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))nm##_##sub##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))nm##_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))nm##_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))nm##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))nm##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))nm##_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))nm##_##kbits##_##sub##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))nm##_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))nm##_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))nm##_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))nm##_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))nm##_settable_ctx_params }, \ + { 0, NULL } \ + }; #endif /* AES_CBC_HMAC_SHA_CAPABLE */ --- crypto/openssl/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h @@ -17,26 +17,26 @@ PROV_CIPHER_HW base; /* must be first */ void (*init_mac_key)(void *ctx, const unsigned char *inkey, size_t inlen); int (*set_tls1_aad)(void *ctx, unsigned char *aad_rec, int aad_len); -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) int (*tls1_multiblock_max_bufsize)(void *ctx); int (*tls1_multiblock_aad)( void *vctx, EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param); int (*tls1_multiblock_encrypt)( void *ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param); -# endif /* OPENSSL_NO_MULTIBLOCK) */ +#endif /* OPENSSL_NO_MULTIBLOCK) */ } PROV_CIPHER_HW_AES_HMAC_SHA; const PROV_CIPHER_HW_AES_HMAC_SHA *ossl_prov_cipher_hw_aes_cbc_hmac_sha1(void); const PROV_CIPHER_HW_AES_HMAC_SHA *ossl_prov_cipher_hw_aes_cbc_hmac_sha256(void); #ifdef AES_CBC_HMAC_SHA_CAPABLE -# include -# include +#include +#include typedef struct prov_aes_hmac_sha_ctx_st { PROV_CIPHER_CTX base; AES_KEY ks; - size_t payload_length; /* AAD length in decrypt case */ + size_t payload_length; /* AAD length in decrypt case */ union { unsigned int tls_ver; unsigned char tls_aad[16]; /* 13 used */ @@ -60,6 +60,6 @@ SHA256_CTX head, tail, md; } PROV_AES_HMAC_SHA256_CTX; -# define NO_PAYLOAD_LENGTH ((size_t)-1) +#define NO_PAYLOAD_LENGTH ((size_t)-1) #endif /* AES_CBC_HMAC_SHA_CAPABLE */ --- crypto/openssl/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c @@ -28,14 +28,14 @@ } #else -# include -# include "crypto/evp.h" -# include "internal/constant_time.h" +#include +#include "crypto/evp.h" +#include "internal/constant_time.h" void sha1_block_data_order(void *c, const void *p, size_t len); void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA_CTX *ctx, const void *in0); + const AES_KEY *key, unsigned char iv[16], + SHA_CTX *ctx, const void *in0); int ossl_cipher_capable_aes_cbc_hmac_sha1(void) { @@ -43,7 +43,7 @@ } static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { int ret; PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; @@ -54,7 +54,7 @@ else ret = aesni_set_decrypt_key(key, keylen * 8, &ctx->ks); - SHA1_Init(&sctx->head); /* handy when benchmarking */ + SHA1_Init(&sctx->head); /* handy when benchmarking */ sctx->tail = sctx->head; sctx->md = sctx->head; @@ -97,7 +97,7 @@ SHA1_Update(c, ptr, res); } -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) typedef struct { unsigned int A[8], B[8], C[8], D[8], E[8]; @@ -119,10 +119,10 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); static size_t tls1_multi_block_encrypt(void *vctx, - unsigned char *out, - const unsigned char *inp, - size_t inp_len, int n4x) -{ /* n4x is 1 or 2 */ + unsigned char *out, + const unsigned char *inp, + size_t inp_len, int n4x) +{ /* n4x is 1 or 2 */ PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; PROV_AES_HMAC_SHA1_CTX *sctx = (PROV_AES_HMAC_SHA1_CTX *)vctx; HASH_DESC hash_d[8], edges[8]; @@ -138,15 +138,15 @@ unsigned int x4 = 4 * n4x, minblocks, processed = 0; size_t ret = 0; u8 *IVs; -# if defined(BSWAP8) +#if defined(BSWAP8) u64 seqnum; -# endif +#endif /* ask for IVs in bulk */ if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0) return 0; - mctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */ + mctx = (SHA1_MB_CTX *)(storage + 32 - ((size_t)storage % 32)); /* align */ frag = (unsigned int)inp_len >> (1 + n4x); last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); @@ -174,15 +174,15 @@ IVs += 16; } -# if defined(BSWAP8) +#if defined(BSWAP8) memcpy(blocks[0].c, sctx->md.data, 8); seqnum = BSWAP8(blocks[0].q[0]); -# endif +#endif for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag); -# if !defined(BSWAP8) +#if !defined(BSWAP8) unsigned int carry, j; -# endif +#endif mctx->A[i] = sctx->md.h0; mctx->B[i] = sctx->md.h1; @@ -191,14 +191,14 @@ mctx->E[i] = sctx->md.h4; /* fix seqnum */ -# if defined(BSWAP8) +#if defined(BSWAP8) blocks[i].q[0] = BSWAP8(seqnum + i); -# else +#else for (carry = i, j = 8; j--;) { blocks[i].c[j] = ((u8 *)sctx->md.data)[j] + carry; carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); } -# endif +#endif blocks[i].c[8] = ((u8 *)sctx->md.data)[8]; blocks[i].c[9] = ((u8 *)sctx->md.data)[9]; blocks[i].c[10] = ((u8 *)sctx->md.data)[10]; @@ -217,10 +217,10 @@ /* hash 13-byte headers and first 64-13 bytes of inputs */ sha1_multi_block(mctx, edges, n4x); /* hash bulk inputs */ -# define MAXCHUNKSIZE 2048 -# if MAXCHUNKSIZE%64 -# error "MAXCHUNKSIZE is not divisible by 64" -# elif MAXCHUNKSIZE +#define MAXCHUNKSIZE 2048 +#if MAXCHUNKSIZE % 64 +#error "MAXCHUNKSIZE is not divisible by 64" +#elif MAXCHUNKSIZE /* * goal is to minimize pressure on L1 cache by moving in shorter steps, * so that hashed data is still in the cache by the time we encrypt it @@ -249,34 +249,34 @@ minblocks -= MAXCHUNKSIZE / 64; } while (minblocks > MAXCHUNKSIZE / 64); } -# endif -# undef MAXCHUNKSIZE +#endif +#undef MAXCHUNKSIZE sha1_multi_block(mctx, hash_d, n4x); memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag), - off = hash_d[i].blocks * 64; + off = hash_d[i].blocks * 64; const unsigned char *ptr = hash_d[i].ptr + off; off = (len - processed) - (64 - 13) - off; /* remainder actually */ memcpy(blocks[i].c, ptr, off); blocks[i].c[off] = 0x80; - len += 64 + 13; /* 64 is HMAC header */ - len *= 8; /* convert to bits */ + len += 64 + 13; /* 64 is HMAC header */ + len *= 8; /* convert to bits */ if (off < (64 - 8)) { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[15] = BSWAP4(len); -# else +#else PUTU32(blocks[i].c + 60, len); -# endif +#endif edges[i].blocks = 1; } else { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[31] = BSWAP4(len); -# else +#else PUTU32(blocks[i].c + 124, len); -# endif +#endif edges[i].blocks = 2; } edges[i].ptr = blocks[i].c; @@ -287,7 +287,7 @@ memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[0] = BSWAP4(mctx->A[i]); mctx->A[i] = sctx->tail.h0; blocks[i].d[1] = BSWAP4(mctx->B[i]); @@ -300,7 +300,7 @@ mctx->E[i] = sctx->tail.h4; blocks[i].c[20] = 0x80; blocks[i].d[15] = BSWAP4((64 + 20) * 8); -# else +#else PUTU32(blocks[i].c + 0, mctx->A[i]); mctx->A[i] = sctx->tail.h0; PUTU32(blocks[i].c + 4, mctx->B[i]); @@ -313,7 +313,7 @@ mctx->E[i] = sctx->tail.h4; blocks[i].c[20] = 0x80; PUTU32(blocks[i].c + 60, (64 + 20) * 8); -# endif /* BSWAP */ +#endif /* BSWAP */ edges[i].ptr = blocks[i].c; edges[i].blocks = 1; } @@ -346,7 +346,7 @@ len += pad + 1; ciph_d[i].blocks = (len - processed) / 16; - len += 16; /* account for explicit iv */ + len += 16; /* account for explicit iv */ /* arrange header */ out0[0] = ((u8 *)sctx->md.data)[8]; @@ -367,11 +367,11 @@ ctx->multiblock_encrypt_len = ret; return ret; } -# endif /* OPENSSL_NO_MULTIBLOCK */ +#endif /* OPENSSL_NO_MULTIBLOCK */ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx, - unsigned char *out, - const unsigned char *in, size_t len) + unsigned char *out, + const unsigned char *in, size_t len) { PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; PROV_AES_HMAC_SHA1_CTX *sctx = (PROV_AES_HMAC_SHA1_CTX *)vctx; @@ -389,19 +389,17 @@ if (ctx->base.enc) { if (plen == NO_PAYLOAD_LENGTH) plen = len; - else if (len != - ((plen + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) + else if (len != ((plen + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) return 0; else if (ctx->aux.tls_ver >= TLS1_1_VERSION) iv = AES_BLOCK_SIZE; if (plen > (sha_off + iv) - && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { + && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { sha1_update(&sctx->md, in + iv, sha_off); aesni_cbc_sha1_enc(in, out, blocks, &ctx->ks, ctx->base.iv, - &sctx->md, in + iv + sha_off); + &sctx->md, in + iv + sha_off); blocks *= SHA_CBLOCK; aes_off += blocks; sha_off += blocks; @@ -415,7 +413,7 @@ sha_off += iv; sha1_update(&sctx->md, in + sha_off, plen - sha_off); - if (plen != len) { /* "TLS" mode of operation */ + if (plen != len) { /* "TLS" mode of operation */ if (in != out) memcpy(out + aes_off, in + aes_off, plen - aes_off); @@ -431,10 +429,10 @@ out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &ctx->ks, ctx->base.iv, 1); + &ctx->ks, ctx->base.iv, 1); } else { aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &ctx->ks, ctx->base.iv, 1); + &ctx->ks, ctx->base.iv, 1); } } else { union { @@ -509,15 +507,15 @@ /* but pretend as if we hashed padded payload */ bitlen = sctx->md.Nl + (inp_len << 3); /* at most 18 bits */ -# ifdef BSWAP4 +#ifdef BSWAP4 bitlen = BSWAP4(bitlen); -# else +#else mac.c[0] = 0; mac.c[1] = (unsigned char)(bitlen >> 16); mac.c[2] = (unsigned char)(bitlen >> 8); mac.c[3] = (unsigned char)bitlen; bitlen = mac.u[0]; -# endif /* BSWAP */ +#endif /* BSWAP */ pmac->u[0] = 0; pmac->u[1] = 0; @@ -574,13 +572,13 @@ pmac->u[3] |= sctx->md.h3 & mask; pmac->u[4] |= sctx->md.h4 & mask; -# ifdef BSWAP4 +#ifdef BSWAP4 pmac->u[0] = BSWAP4(pmac->u[0]); pmac->u[1] = BSWAP4(pmac->u[1]); pmac->u[2] = BSWAP4(pmac->u[2]); pmac->u[3] = BSWAP4(pmac->u[3]); pmac->u[4] = BSWAP4(pmac->u[4]); -# else +#else for (i = 0; i < 5; i++) { res = pmac->u[i]; pmac->c[4 * i + 0] = (unsigned char)(res >> 24); @@ -588,7 +586,7 @@ pmac->c[4 * i + 2] = (unsigned char)(res >> 8); pmac->c[4 * i + 3] = (unsigned char)res; } -# endif /* BSWAP4 */ +#endif /* BSWAP4 */ len += SHA_DIGEST_LENGTH; sctx->md = sctx->tail; sha1_update(&sctx->md, pmac->c, SHA_DIGEST_LENGTH); @@ -605,9 +603,7 @@ for (res = 0, i = 0, j = 0; j < maxpad + SHA_DIGEST_LENGTH; j++) { c = p[j]; - cmask = - ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) * - 8 - 1); + cmask = ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) * 8 - 1); res |= (c ^ pad) & ~cmask; /* ... and padding */ cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); res |= (c ^ pmac->c[i]) & cmask; @@ -630,7 +626,7 @@ /* EVP_CTRL_AEAD_SET_MAC_KEY */ static void aesni_cbc_hmac_sha1_set_mac_key(void *vctx, - const unsigned char *mac, size_t len) + const unsigned char *mac, size_t len) { PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx; unsigned int i; @@ -661,7 +657,7 @@ /* EVP_CTRL_AEAD_TLS1_AAD */ static int aesni_cbc_hmac_sha1_set_tls1_aad(void *vctx, - unsigned char *aad_rec, int aad_len) + unsigned char *aad_rec, int aad_len) { PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; PROV_AES_HMAC_SHA1_CTX *sctx = (PROV_AES_HMAC_SHA1_CTX *)vctx; @@ -675,8 +671,7 @@ if (ctx->base.enc) { ctx->payload_length = len; - if ((ctx->aux.tls_ver = - p[aad_len - 4] << 8 | p[aad_len - 3]) >= TLS1_1_VERSION) { + if ((ctx->aux.tls_ver = p[aad_len - 4] << 8 | p[aad_len - 3]) >= TLS1_1_VERSION) { if (len < AES_BLOCK_SIZE) return 0; len -= AES_BLOCK_SIZE; @@ -685,9 +680,8 @@ } sctx->md = sctx->head; sha1_update(&sctx->md, p, aad_len); - ctx->tls_aad_pad = (int)(((len + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - - len); + ctx->tls_aad_pad = (int)(((len + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) + - len); return 1; } else { memcpy(ctx->aux.tls_aad, aad_rec, aad_len); @@ -697,7 +691,7 @@ } } -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) /* EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE */ static int aesni_cbc_hmac_sha1_tls1_multiblock_max_bufsize(void *vctx) @@ -706,7 +700,7 @@ OPENSSL_assert(ctx->multiblock_max_send_fragment != 0); return (int)(5 + 16 - + (((int)ctx->multiblock_max_send_fragment + 20 + 16) & -16)); + + (((int)ctx->multiblock_max_send_fragment + 20 + 16) & -16)); } /* EVP_CTRL_TLS1_1_MULTIBLOCK_AAD */ @@ -759,7 +753,7 @@ ctx->multiblock_aad_packlen = packlen; return 1; } - return -1; /* not yet */ + return -1; /* not yet */ } /* EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT */ @@ -767,24 +761,22 @@ void *ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param) { return (int)tls1_multi_block_encrypt(ctx, param->out, - param->inp, param->len, - param->interleave / 4); + param->inp, param->len, + param->interleave / 4); } -# endif /* OPENSSL_NO_MULTIBLOCK */ +#endif /* OPENSSL_NO_MULTIBLOCK */ static const PROV_CIPHER_HW_AES_HMAC_SHA cipher_hw_aes_hmac_sha1 = { - { - aesni_cbc_hmac_sha1_init_key, - aesni_cbc_hmac_sha1_cipher - }, + { aesni_cbc_hmac_sha1_init_key, + aesni_cbc_hmac_sha1_cipher }, aesni_cbc_hmac_sha1_set_mac_key, aesni_cbc_hmac_sha1_set_tls1_aad, -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) aesni_cbc_hmac_sha1_tls1_multiblock_max_bufsize, aesni_cbc_hmac_sha1_tls1_multiblock_aad, aesni_cbc_hmac_sha1_tls1_multiblock_encrypt -# endif +#endif }; const PROV_CIPHER_HW_AES_HMAC_SHA *ossl_prov_cipher_hw_aes_cbc_hmac_sha1(void) --- crypto/openssl/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c @@ -28,24 +28,24 @@ } #else -# include -# include "crypto/evp.h" -# include "internal/constant_time.h" +#include +#include "crypto/evp.h" +#include "internal/constant_time.h" void sha256_block_data_order(void *c, const void *p, size_t len); int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA256_CTX *ctx, const void *in0); + const AES_KEY *key, unsigned char iv[16], + SHA256_CTX *ctx, const void *in0); int ossl_cipher_capable_aes_cbc_hmac_sha256(void) { return AESNI_CBC_HMAC_SHA_CAPABLE - && aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL); + && aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL); } static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx, - const unsigned char *key, - size_t keylen) + const unsigned char *key, + size_t keylen) { int ret; PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; @@ -56,7 +56,7 @@ else ret = aesni_set_decrypt_key(key, ctx->base.keylen * 8, &ctx->ks); - SHA256_Init(&sctx->head); /* handy when benchmarking */ + SHA256_Init(&sctx->head); /* handy when benchmarking */ sctx->tail = sctx->head; sctx->md = sctx->head; @@ -101,7 +101,7 @@ SHA256_Update(c, ptr, res); } -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) typedef struct { unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8]; @@ -123,10 +123,10 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); static size_t tls1_multi_block_encrypt(void *vctx, - unsigned char *out, - const unsigned char *inp, - size_t inp_len, int n4x) -{ /* n4x is 1 or 2 */ + unsigned char *out, + const unsigned char *inp, + size_t inp_len, int n4x) +{ /* n4x is 1 or 2 */ PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; PROV_AES_HMAC_SHA256_CTX *sctx = (PROV_AES_HMAC_SHA256_CTX *)vctx; HASH_DESC hash_d[8], edges[8]; @@ -142,15 +142,15 @@ unsigned int x4 = 4 * n4x, minblocks, processed = 0; size_t ret = 0; u8 *IVs; -# if defined(BSWAP8) +#if defined(BSWAP8) u64 seqnum; -# endif +#endif /* ask for IVs in bulk */ if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0) return 0; - mctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */ + mctx = (SHA256_MB_CTX *)(storage + 32 - ((size_t)storage % 32)); /* align */ frag = (unsigned int)inp_len >> (1 + n4x); last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); @@ -178,16 +178,16 @@ IVs += 16; } -# if defined(BSWAP8) +#if defined(BSWAP8) memcpy(blocks[0].c, sctx->md.data, 8); seqnum = BSWAP8(blocks[0].q[0]); -# endif +#endif for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag); -# if !defined(BSWAP8) +#if !defined(BSWAP8) unsigned int carry, j; -# endif +#endif mctx->A[i] = sctx->md.h[0]; mctx->B[i] = sctx->md.h[1]; @@ -199,14 +199,14 @@ mctx->H[i] = sctx->md.h[7]; /* fix seqnum */ -# if defined(BSWAP8) +#if defined(BSWAP8) blocks[i].q[0] = BSWAP8(seqnum + i); -# else +#else for (carry = i, j = 8; j--;) { blocks[i].c[j] = ((u8 *)sctx->md.data)[j] + carry; carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); } -# endif +#endif blocks[i].c[8] = ((u8 *)sctx->md.data)[8]; blocks[i].c[9] = ((u8 *)sctx->md.data)[9]; blocks[i].c[10] = ((u8 *)sctx->md.data)[10]; @@ -225,10 +225,10 @@ /* hash 13-byte headers and first 64-13 bytes of inputs */ sha256_multi_block(mctx, edges, n4x); /* hash bulk inputs */ -# define MAXCHUNKSIZE 2048 -# if MAXCHUNKSIZE%64 -# error "MAXCHUNKSIZE is not divisible by 64" -# elif MAXCHUNKSIZE +#define MAXCHUNKSIZE 2048 +#if MAXCHUNKSIZE % 64 +#error "MAXCHUNKSIZE is not divisible by 64" +#elif MAXCHUNKSIZE /* * goal is to minimize pressure on L1 cache by moving in shorter steps, * so that hashed data is still in the cache by the time we encrypt it @@ -257,34 +257,34 @@ minblocks -= MAXCHUNKSIZE / 64; } while (minblocks > MAXCHUNKSIZE / 64); } -# endif -# undef MAXCHUNKSIZE +#endif +#undef MAXCHUNKSIZE sha256_multi_block(mctx, hash_d, n4x); memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { unsigned int len = (i == (x4 - 1) ? last : frag), - off = hash_d[i].blocks * 64; + off = hash_d[i].blocks * 64; const unsigned char *ptr = hash_d[i].ptr + off; off = (len - processed) - (64 - 13) - off; /* remainder actually */ memcpy(blocks[i].c, ptr, off); blocks[i].c[off] = 0x80; - len += 64 + 13; /* 64 is HMAC header */ - len *= 8; /* convert to bits */ + len += 64 + 13; /* 64 is HMAC header */ + len *= 8; /* convert to bits */ if (off < (64 - 8)) { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[15] = BSWAP4(len); -# else +#else PUTU32(blocks[i].c + 60, len); -# endif +#endif edges[i].blocks = 1; } else { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[31] = BSWAP4(len); -# else +#else PUTU32(blocks[i].c + 124, len); -# endif +#endif edges[i].blocks = 2; } edges[i].ptr = blocks[i].c; @@ -295,7 +295,7 @@ memset(blocks, 0, sizeof(blocks)); for (i = 0; i < x4; i++) { -# ifdef BSWAP4 +#ifdef BSWAP4 blocks[i].d[0] = BSWAP4(mctx->A[i]); mctx->A[i] = sctx->tail.h[0]; blocks[i].d[1] = BSWAP4(mctx->B[i]); @@ -314,7 +314,7 @@ mctx->H[i] = sctx->tail.h[7]; blocks[i].c[32] = 0x80; blocks[i].d[15] = BSWAP4((64 + 32) * 8); -# else +#else PUTU32(blocks[i].c + 0, mctx->A[i]); mctx->A[i] = sctx->tail.h[0]; PUTU32(blocks[i].c + 4, mctx->B[i]); @@ -333,7 +333,7 @@ mctx->H[i] = sctx->tail.h[7]; blocks[i].c[32] = 0x80; PUTU32(blocks[i].c + 60, (64 + 32) * 8); -# endif /* BSWAP */ +#endif /* BSWAP */ edges[i].ptr = blocks[i].c; edges[i].blocks = 1; } @@ -369,7 +369,7 @@ len += pad + 1; ciph_d[i].blocks = (len - processed) / 16; - len += 16; /* account for explicit iv */ + len += 16; /* account for explicit iv */ /* arrange header */ out0[0] = ((u8 *)sctx->md.data)[8]; @@ -390,11 +390,11 @@ ctx->multiblock_encrypt_len = ret; return ret; } -# endif /* !OPENSSL_NO_MULTIBLOCK */ +#endif /* !OPENSSL_NO_MULTIBLOCK */ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx, - unsigned char *out, - const unsigned char *in, size_t len) + unsigned char *out, + const unsigned char *in, size_t len) { PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; PROV_AES_HMAC_SHA256_CTX *sctx = (PROV_AES_HMAC_SHA256_CTX *)vctx; @@ -412,9 +412,7 @@ if (ctx->base.enc) { if (plen == NO_PAYLOAD_LENGTH) plen = len; - else if (len != - ((plen + SHA256_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) + else if (len != ((plen + SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) return 0; else if (ctx->aux.tls_ver >= TLS1_1_VERSION) iv = AES_BLOCK_SIZE; @@ -429,17 +427,17 @@ * either even XOP-capable Bulldozer-based or GenuineIntel one. * But SHAEXT-capable go ahead... */ - if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */ - ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */ - ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ - | (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */ - plen > (sha_off + iv) && - (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { + if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */ + ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */ + ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ + | (OPENSSL_ia32cap_P[0] & (1 << 30))))) + && /* "Intel CPU"? */ + plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { sha256_update(&sctx->md, in + iv, sha_off); (void)aesni_cbc_sha256_enc(in, out, blocks, &ctx->ks, - ctx->base.iv, - &sctx->md, in + iv + sha_off); + ctx->base.iv, + &sctx->md, in + iv + sha_off); blocks *= SHA256_CBLOCK; aes_off += blocks; sha_off += blocks; @@ -453,7 +451,7 @@ sha_off += iv; sha256_update(&sctx->md, in + sha_off, plen - sha_off); - if (plen != len) { /* "TLS" mode of operation */ + if (plen != len) { /* "TLS" mode of operation */ if (in != out) memcpy(out + aes_off, in + aes_off, plen - aes_off); @@ -469,10 +467,10 @@ out[plen] = l; /* encrypt HMAC|padding at once */ aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &ctx->ks, ctx->base.iv, 1); + &ctx->ks, ctx->base.iv, 1); } else { aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &ctx->ks, ctx->base.iv, 1); + &ctx->ks, ctx->base.iv, 1); } } else { union { @@ -485,7 +483,7 @@ /* decrypt HMAC|padding at once */ aesni_cbc_encrypt(in, out, len, &ctx->ks, - ctx->base.iv, 0); + ctx->base.iv, 0); if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ size_t inp_len, mask, j, i; @@ -545,15 +543,15 @@ /* but pretend as if we hashed padded payload */ bitlen = sctx->md.Nl + (inp_len << 3); /* at most 18 bits */ -# ifdef BSWAP4 +#ifdef BSWAP4 bitlen = BSWAP4(bitlen); -# else +#else mac.c[0] = 0; mac.c[1] = (unsigned char)(bitlen >> 16); mac.c[2] = (unsigned char)(bitlen >> 8); mac.c[3] = (unsigned char)bitlen; bitlen = mac.u[0]; -# endif /* BSWAP */ +#endif /* BSWAP */ pmac->u[0] = 0; pmac->u[1] = 0; @@ -622,7 +620,7 @@ pmac->u[6] |= sctx->md.h[6] & mask; pmac->u[7] |= sctx->md.h[7] & mask; -# ifdef BSWAP4 +#ifdef BSWAP4 pmac->u[0] = BSWAP4(pmac->u[0]); pmac->u[1] = BSWAP4(pmac->u[1]); pmac->u[2] = BSWAP4(pmac->u[2]); @@ -631,7 +629,7 @@ pmac->u[5] = BSWAP4(pmac->u[5]); pmac->u[6] = BSWAP4(pmac->u[6]); pmac->u[7] = BSWAP4(pmac->u[7]); -# else +#else for (i = 0; i < 8; i++) { res = pmac->u[i]; pmac->c[4 * i + 0] = (unsigned char)(res >> 24); @@ -639,7 +637,7 @@ pmac->c[4 * i + 2] = (unsigned char)(res >> 8); pmac->c[4 * i + 3] = (unsigned char)res; } -# endif /* BSWAP */ +#endif /* BSWAP */ len += SHA256_DIGEST_LENGTH; sctx->md = sctx->tail; sha256_update(&sctx->md, pmac->c, SHA256_DIGEST_LENGTH); @@ -650,18 +648,15 @@ len -= inp_len; /* code containing lucky-13 fix */ { - unsigned char *p = - out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; + unsigned char *p = out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; size_t off = out - p; unsigned int c, cmask; for (res = 0, i = 0, j = 0; - j < maxpad + SHA256_DIGEST_LENGTH; - j++) { + j < maxpad + SHA256_DIGEST_LENGTH; + j++) { c = p[j]; - cmask = - ((int)(j - off - SHA256_DIGEST_LENGTH)) >> - (sizeof(int) * 8 - 1); + cmask = ((int)(j - off - SHA256_DIGEST_LENGTH)) >> (sizeof(int) * 8 - 1); res |= (c ^ pad) & ~cmask; /* ... and padding */ cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); res |= (c ^ pmac->c[i]) & cmask; @@ -682,8 +677,8 @@ /* EVP_CTRL_AEAD_SET_MAC_KEY */ static void aesni_cbc_hmac_sha256_set_mac_key(void *vctx, - const unsigned char *mackey, - size_t len) + const unsigned char *mackey, + size_t len) { PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx; unsigned int i; @@ -714,7 +709,7 @@ /* EVP_CTRL_AEAD_TLS1_AAD */ static int aesni_cbc_hmac_sha256_set_tls1_aad(void *vctx, - unsigned char *aad_rec, int aad_len) + unsigned char *aad_rec, int aad_len) { PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx; PROV_AES_HMAC_SHA256_CTX *sctx = (PROV_AES_HMAC_SHA256_CTX *)vctx; @@ -728,8 +723,7 @@ if (ctx->base.enc) { ctx->payload_length = len; - if ((ctx->aux.tls_ver = - p[aad_len - 4] << 8 | p[aad_len - 3]) >= TLS1_1_VERSION) { + if ((ctx->aux.tls_ver = p[aad_len - 4] << 8 | p[aad_len - 3]) >= TLS1_1_VERSION) { if (len < AES_BLOCK_SIZE) return 0; len -= AES_BLOCK_SIZE; @@ -738,9 +732,8 @@ } sctx->md = sctx->head; sha256_update(&sctx->md, p, aad_len); - ctx->tls_aad_pad = (int)(((len + SHA256_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - - len); + ctx->tls_aad_pad = (int)(((len + SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) + - len); return 1; } else { memcpy(ctx->aux.tls_aad, p, aad_len); @@ -750,7 +743,7 @@ } } -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) /* EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE */ static int aesni_cbc_hmac_sha256_tls1_multiblock_max_bufsize( void *vctx) @@ -759,7 +752,7 @@ OPENSSL_assert(ctx->multiblock_max_send_fragment != 0); return (int)(5 + 16 - + (((int)ctx->multiblock_max_send_fragment + 32 + 16) & -16)); + + (((int)ctx->multiblock_max_send_fragment + 32 + 16) & -16)); } /* EVP_CTRL_TLS1_1_MULTIBLOCK_AAD */ @@ -811,7 +804,7 @@ ctx->multiblock_aad_packlen = packlen; return 1; } - return -1; /* not yet */ + return -1; /* not yet */ } /* EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT */ @@ -819,23 +812,21 @@ void *ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param) { return (int)tls1_multi_block_encrypt(ctx, param->out, - param->inp, param->len, - param->interleave / 4); + param->inp, param->len, + param->interleave / 4); } -# endif +#endif static const PROV_CIPHER_HW_AES_HMAC_SHA cipher_hw_aes_hmac_sha256 = { - { - aesni_cbc_hmac_sha256_init_key, - aesni_cbc_hmac_sha256_cipher - }, + { aesni_cbc_hmac_sha256_init_key, + aesni_cbc_hmac_sha256_cipher }, aesni_cbc_hmac_sha256_set_mac_key, aesni_cbc_hmac_sha256_set_tls1_aad, -# if !defined(OPENSSL_NO_MULTIBLOCK) +#if !defined(OPENSSL_NO_MULTIBLOCK) aesni_cbc_hmac_sha256_tls1_multiblock_max_bufsize, aesni_cbc_hmac_sha256_tls1_multiblock_aad, aesni_cbc_hmac_sha256_tls1_multiblock_encrypt -# endif +#endif }; const PROV_CIPHER_HW_AES_HMAC_SHA *ossl_prov_cipher_hw_aes_cbc_hmac_sha256(void) --- crypto/openssl/providers/implementations/ciphers/cipher_aes_ccm.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_ccm.c @@ -58,7 +58,7 @@ { PROV_AES_CCM_CTX *ctx = (PROV_AES_CCM_CTX *)vctx; - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } /* ossl_aes128ccm_functions */ --- crypto/openssl/providers/implementations/ciphers/cipher_aes_ccm.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_ccm.h @@ -13,7 +13,7 @@ #include "crypto/aes_platform.h" typedef struct prov_aes_ccm_ctx_st { - PROV_CCM_CTX base; /* Must be first */ + PROV_CCM_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; /*- @@ -39,7 +39,7 @@ unsigned char b[AES_BLOCK_SIZE]; } buf; unsigned char dummy_pad[168]; - unsigned int fc; /* fc has same offset as ks.ks.rounds */ + unsigned int fc; /* fc has same offset as ks.ks.rounds */ } s390x; #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */ } ccm; --- crypto/openssl/providers/implementations/ciphers/cipher_aes_ccm_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_ccm_hw.c @@ -17,15 +17,15 @@ #include "cipher_aes_ccm.h" -#define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ - fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \ - CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks, \ - (block128_f)fn_blk); \ - ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \ +#define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ + fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \ + CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ccm.ks.ks, \ + (block128_f)fn_blk); \ + ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \ ctx->key_set = 1; static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, - size_t keylen) + size_t keylen) { PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; @@ -36,7 +36,7 @@ #endif /* HWAES_CAPABLE */ #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { AES_HW_CCM_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_encrypt, NULL, NULL); } else #endif @@ -56,11 +56,11 @@ }; #if defined(S390X_aes_128_CAPABLE) -# include "cipher_aes_ccm_hw_s390x.inc" +#include "cipher_aes_ccm_hw_s390x.inc" #elif defined(AESNI_CAPABLE) -# include "cipher_aes_ccm_hw_aesni.inc" +#include "cipher_aes_ccm_hw_aesni.inc" #elif defined(SPARC_AES_CAPABLE) -# include "cipher_aes_ccm_hw_t4.inc" +#include "cipher_aes_ccm_hw_t4.inc" #else const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keybits) { --- crypto/openssl/providers/implementations/ciphers/cipher_aes_gcm.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_gcm.c @@ -30,7 +30,7 @@ ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ossl_gcm_initctx(provctx, &ctx->base, keybits, - ossl_prov_aes_hw_gcm(keybits)); + ossl_prov_aes_hw_gcm(keybits)); return ctx; } @@ -54,7 +54,7 @@ { PROV_AES_GCM_CTX *ctx = (PROV_AES_GCM_CTX *)vctx; - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } /* ossl_aes128gcm_functions */ --- crypto/openssl/providers/implementations/ciphers/cipher_aes_gcm.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_gcm.h @@ -13,11 +13,11 @@ #include "crypto/aes_platform.h" typedef struct prov_aes_gcm_ctx_st { - PROV_GCM_CTX base; /* must be first entry in struct */ + PROV_GCM_CTX base; /* must be first entry in struct */ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ks; /* AES key schedule to use */ + } ks; /* AES key schedule to use */ /* Platform specific data */ union { @@ -29,7 +29,7 @@ S390X_KMA_PARAMS kma; } param; unsigned int fc; - unsigned int hsflag; /* hash subkey set flag */ + unsigned int hsflag; /* hash subkey set flag */ unsigned char ares[16]; unsigned char mres[16]; unsigned char kres[16]; --- crypto/openssl/providers/implementations/ciphers/cipher_aes_gcm_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_gcm_hw.c @@ -18,49 +18,49 @@ #include "cipher_aes_gcm.h" static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, - size_t keylen) + size_t keylen) { PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; AES_KEY *ks = &actx->ks.ks; -# ifdef HWAES_CAPABLE +#ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { -# ifdef HWAES_ctr32_encrypt_blocks +#ifdef HWAES_ctr32_encrypt_blocks GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, - HWAES_ctr32_encrypt_blocks); -# else + HWAES_ctr32_encrypt_blocks); +#else GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL); -# endif /* HWAES_ctr32_encrypt_blocks */ +#endif /* HWAES_ctr32_encrypt_blocks */ } else -# endif /* HWAES_CAPABLE */ +#endif /* HWAES_CAPABLE */ -# ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) { +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) { GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, - ossl_bsaes_ctr32_encrypt_blocks); + ossl_bsaes_ctr32_encrypt_blocks); } else -# endif /* BSAES_CAPABLE */ +#endif /* BSAES_CAPABLE */ -# ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL); } else -# endif /* VPAES_CAPABLE */ +#endif /* VPAES_CAPABLE */ { -# ifdef AES_CTR_ASM +#ifdef AES_CTR_ASM GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, - AES_ctr32_encrypt); -# else + AES_ctr32_encrypt); +#else GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL); -# endif /* AES_CTR_ASM */ +#endif /* AES_CTR_ASM */ } ctx->key_set = 1; return 1; } static int generic_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, - size_t len, unsigned char *out) + size_t len, unsigned char *out) { if (ctx->enc) { if (ctx->ctr != NULL) { @@ -74,14 +74,14 @@ return 0; bulk = AES_gcm_encrypt(in + res, out + res, len - res, - ctx->gcm.key, - ctx->gcm.Yi.c, ctx->gcm.Xi.u); + ctx->gcm.key, + ctx->gcm.Yi.c, ctx->gcm.Xi.u); ctx->gcm.len.u[1] += bulk; bulk += res; } if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, - len - bulk, ctx->ctr)) + len - bulk, ctx->ctr)) return 0; #else if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr)) @@ -103,14 +103,14 @@ return -1; bulk = AES_gcm_decrypt(in + res, out + res, len - res, - ctx->gcm.key, - ctx->gcm.Yi.c, ctx->gcm.Xi.u); + ctx->gcm.key, + ctx->gcm.Yi.c, ctx->gcm.Xi.u); ctx->gcm.len.u[1] += bulk; bulk += res; } if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, - len - bulk, ctx->ctr)) + len - bulk, ctx->ctr)) return 0; #else if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr)) @@ -134,17 +134,16 @@ }; #if defined(S390X_aes_128_CAPABLE) -# include "cipher_aes_gcm_hw_s390x.inc" +#include "cipher_aes_gcm_hw_s390x.inc" #elif defined(AESNI_CAPABLE) -# include "cipher_aes_gcm_hw_aesni.inc" +#include "cipher_aes_gcm_hw_aesni.inc" #elif defined(SPARC_AES_CAPABLE) -# include "cipher_aes_gcm_hw_t4.inc" +#include "cipher_aes_gcm_hw_t4.inc" #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM) -# include "cipher_aes_gcm_hw_armv8.inc" +#include "cipher_aes_gcm_hw_armv8.inc" #else const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) { return &aes_gcm; } #endif - --- crypto/openssl/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,17 +8,15 @@ */ /* - * Crypto extention support for AES GCM. + * Crypto extension support for AES GCM. * This file is included by cipher_aes_gcm_hw.c */ size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], u64 *Xi) { - size_t align_bytes = 0; - align_bytes = len - len % 16; - AES_KEY *aes_key = (AES_KEY *)key; + size_t align_bytes = len - len % 16; switch(aes_key->rounds) { case 10: @@ -37,10 +35,8 @@ size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], u64 *Xi) { - size_t align_bytes = 0; - align_bytes = len - len % 16; - AES_KEY *aes_key = (AES_KEY *)key; + size_t align_bytes = len - len % 16; switch(aes_key->rounds) { case 10: --- crypto/openssl/providers/implementations/ciphers/cipher_aes_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_hw.c @@ -17,7 +17,7 @@ #include "cipher_aes.h" static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { int ret; PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; @@ -32,81 +32,85 @@ ret = HWAES_set_decrypt_key(key, keylen * 8, ks); dat->block = (block128_f)HWAES_decrypt; dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt +#ifdef HWAES_cbc_encrypt if (dat->mode == EVP_CIPH_CBC_MODE) dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; -# endif -# ifdef HWAES_ecb_encrypt +#endif +#ifdef HWAES_ecb_encrypt if (dat->mode == EVP_CIPH_ECB_MODE) dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt; -# endif +#endif } else #endif #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) { + if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) { ret = AES_set_decrypt_key(key, keylen * 8, ks); dat->block = (block128_f)AES_decrypt; dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt; } else #endif #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { ret = vpaes_set_decrypt_key(key, keylen * 8, ks); dat->block = (block128_f)vpaes_decrypt; dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) - ?(cbc128_f)vpaes_cbc_encrypt : NULL; + ? (cbc128_f)vpaes_cbc_encrypt + : NULL; } else #endif { ret = AES_set_decrypt_key(key, keylen * 8, ks); dat->block = (block128_f)AES_decrypt; dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) - ? (cbc128_f)AES_cbc_encrypt : NULL; + ? (cbc128_f)AES_cbc_encrypt + : NULL; } } else #ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { + if (HWAES_CAPABLE) { ret = HWAES_set_encrypt_key(key, keylen * 8, ks); dat->block = (block128_f)HWAES_encrypt; dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt +#ifdef HWAES_cbc_encrypt if (dat->mode == EVP_CIPH_CBC_MODE) dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; else -# endif -# ifdef HWAES_ecb_encrypt - if (dat->mode == EVP_CIPH_ECB_MODE) +#endif +#ifdef HWAES_ecb_encrypt + if (dat->mode == EVP_CIPH_ECB_MODE) dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt; else -# endif -# ifdef HWAES_ctr32_encrypt_blocks - if (dat->mode == EVP_CIPH_CTR_MODE) +#endif +#ifdef HWAES_ctr32_encrypt_blocks + if (dat->mode == EVP_CIPH_CTR_MODE) dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; else -# endif - (void)0; /* terminate potentially open 'else' */ +#endif + (void)0; /* terminate potentially open 'else' */ } else #endif #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) { + if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) { ret = AES_set_encrypt_key(key, keylen * 8, ks); dat->block = (block128_f)AES_encrypt; dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks; } else #endif #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { ret = vpaes_set_encrypt_key(key, keylen * 8, ks); dat->block = (block128_f)vpaes_encrypt; dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) - ? (cbc128_f)vpaes_cbc_encrypt : NULL; + ? (cbc128_f)vpaes_cbc_encrypt + : NULL; } else #endif { ret = AES_set_encrypt_key(key, keylen * 8, ks); dat->block = (block128_f)AES_encrypt; dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) - ? (cbc128_f)AES_cbc_encrypt : NULL; + ? (cbc128_f)AES_cbc_encrypt + : NULL; #ifdef AES_CTR_ASM if (dat->mode == EVP_CIPH_CTR_MODE) dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; @@ -123,35 +127,35 @@ IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aes_copyctx, PROV_AES_CTX) -#define PROV_CIPHER_HW_aes_mode(mode) \ -static const PROV_CIPHER_HW aes_##mode = { \ - cipher_hw_aes_initkey, \ - ossl_cipher_hw_generic_##mode, \ - cipher_hw_aes_copyctx \ -}; \ -PROV_CIPHER_HW_declare(mode) \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits) \ -{ \ - PROV_CIPHER_HW_select(mode) \ - return &aes_##mode; \ -} +#define PROV_CIPHER_HW_aes_mode(mode) \ + static const PROV_CIPHER_HW aes_##mode = { \ + cipher_hw_aes_initkey, \ + ossl_cipher_hw_generic_##mode, \ + cipher_hw_aes_copyctx \ + }; \ + PROV_CIPHER_HW_declare(mode) \ + const PROV_CIPHER_HW * \ + ossl_prov_cipher_hw_aes_##mode(size_t keybits) \ + { \ + PROV_CIPHER_HW_select(mode) return &aes_##mode; \ + } #if defined(AESNI_CAPABLE) -# include "cipher_aes_hw_aesni.inc" +#include "cipher_aes_hw_aesni.inc" #elif defined(SPARC_AES_CAPABLE) -# include "cipher_aes_hw_t4.inc" +#include "cipher_aes_hw_t4.inc" #elif defined(S390X_aes_128_CAPABLE) -# include "cipher_aes_hw_s390x.inc" +#include "cipher_aes_hw_s390x.inc" #else /* The generic case */ -# define PROV_CIPHER_HW_declare(mode) -# define PROV_CIPHER_HW_select(mode) +#define PROV_CIPHER_HW_declare(mode) +#define PROV_CIPHER_HW_select(mode) #endif PROV_CIPHER_HW_aes_mode(cbc) -PROV_CIPHER_HW_aes_mode(ecb) -PROV_CIPHER_HW_aes_mode(ofb128) -PROV_CIPHER_HW_aes_mode(cfb128) -PROV_CIPHER_HW_aes_mode(cfb1) -PROV_CIPHER_HW_aes_mode(cfb8) -PROV_CIPHER_HW_aes_mode(ctr) + PROV_CIPHER_HW_aes_mode(ecb) + PROV_CIPHER_HW_aes_mode(ofb128) + PROV_CIPHER_HW_aes_mode(cfb128) + PROV_CIPHER_HW_aes_mode(cfb1) + PROV_CIPHER_HW_aes_mode(cfb8) + PROV_CIPHER_HW_aes_mode(ctr) --- crypto/openssl/providers/implementations/ciphers/cipher_aes_ocb.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_ocb.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,13 +23,11 @@ #define AES_OCB_FLAGS AEAD_FLAGS #define OCB_DEFAULT_TAG_LEN 16 -#define OCB_DEFAULT_IV_LEN 12 -#define OCB_MIN_IV_LEN 1 -#define OCB_MAX_IV_LEN 15 +#define OCB_DEFAULT_IV_LEN 12 +#define OCB_MIN_IV_LEN 1 +#define OCB_MAX_IV_LEN 15 -PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, - const unsigned char *in, unsigned char *out, - size_t nextblock)); +PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, const unsigned char *in, unsigned char *out, size_t nextblock)); /* forward declarations */ static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit; static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit; @@ -48,21 +46,21 @@ * multiple hardware implementations are ever needed. */ static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx, - const unsigned char *iv, - size_t ivlen, size_t taglen) + const unsigned char *iv, + size_t ivlen, size_t taglen) { return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1); } static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx, - const unsigned char *aad, - size_t alen) + const unsigned char *aad, + size_t alen) { return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1; } static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx, - unsigned char *tag, size_t tlen) + unsigned char *tag, size_t tlen) { return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0; } @@ -78,8 +76,8 @@ } static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx, - const unsigned char *in, - unsigned char *out, size_t len) + const unsigned char *in, + unsigned char *out, size_t len) { if (ctx->base.enc) { if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len)) @@ -92,18 +90,18 @@ } static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst, - PROV_AES_OCB_CTX *src) + PROV_AES_OCB_CTX *src) { return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb, - &dst->ksenc.ks, &dst->ksdec.ks); + &dst->ksenc.ks, &dst->ksdec.ks); } /*- * Provider dispatch functions */ static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[], int enc) { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; @@ -139,15 +137,15 @@ } static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1); } static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0); } @@ -157,10 +155,10 @@ * same way. Only the last block can be a partial block. */ static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx, - unsigned char *buf, size_t *bufsz, - unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl, OSSL_ocb_cipher_fn ciph) + unsigned char *buf, size_t *bufsz, + unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, + size_t inl, OSSL_ocb_cipher_fn ciph) { size_t nextblocks; size_t outlint = 0; @@ -168,7 +166,7 @@ if (*bufsz != 0) nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl); else - nextblocks = inl & ~(AES_BLOCK_SIZE-1); + nextblocks = inl & ~(AES_BLOCK_SIZE - 1); if (*bufsz == AES_BLOCK_SIZE) { if (outsize < AES_BLOCK_SIZE) { @@ -209,7 +207,7 @@ /* A wrapper function that has the same signature as cipher */ static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { return aes_generic_ocb_setaad(ctx, in, len); } @@ -221,7 +219,7 @@ return 0; if (ctx->iv_state == IV_STATE_BUFFERED) { if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen, - ctx->taglen)) + ctx->taglen)) return 0; ctx->iv_state = IV_STATE_COPIED; } @@ -229,8 +227,8 @@ } static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) + size_t outsize, const unsigned char *in, + size_t inl) { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; unsigned char *buf; @@ -256,11 +254,11 @@ fn = aes_generic_ocb_cipher; } return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize, - in, inl, fn); + in, inl, fn); } static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; @@ -304,7 +302,7 @@ } static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits, - size_t ivbits, unsigned int mode, uint64_t flags) + size_t ivbits, unsigned int mode, uint64_t flags) { PROV_AES_OCB_CTX *ctx; @@ -314,7 +312,7 @@ ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, - ossl_prov_cipher_hw_aes_ocb(kbits), NULL); + ossl_prov_cipher_hw_aes_ocb(kbits), NULL); ctx->taglen = OCB_DEFAULT_TAG_LEN; } return ctx; @@ -327,7 +325,7 @@ if (ctx != NULL) { aes_generic_ocb_cleanup(ctx); ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } } @@ -385,7 +383,7 @@ } memcpy(ctx->tag, p->data, p->data_size); } - } + } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); if (p != NULL) { if (!OSSL_PARAM_get_size_t(p, &sz)) { @@ -488,7 +486,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { return cipher_ocb_known_gettable_ctx_params; } @@ -500,13 +498,13 @@ OSSL_PARAM_END }; static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { return cipher_ocb_known_settable_ctx_params; } static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, size_t inl) + size_t outsize, const unsigned char *in, size_t inl) { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; @@ -527,43 +525,43 @@ return 1; } -#define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \ -static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \ -static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \ -static void *aes_##kbits##_##mode##_newctx(void *provctx) \ -{ \ - return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits, \ - EVP_CIPH_##UCMODE##_MODE, flags); \ -} \ -const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void))aes_##kbits##_##mode##_newctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void))aes_##kbits##_##mode##_get_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))aes_##mode##_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))aes_##mode##_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))cipher_ocb_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))cipher_ocb_settable_ctx_params }, \ - { 0, NULL } \ -} +#define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \ + static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \ + static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \ + static void *aes_##kbits##_##mode##_newctx(void *provctx) \ + { \ + return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits, \ + EVP_CIPH_##UCMODE##_MODE, flags); \ + } \ + const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))aes_##kbits##_##mode##_newctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))aes_##kbits##_##mode##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))aes_##mode##_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))aes_##mode##_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))cipher_ocb_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))cipher_ocb_settable_ctx_params }, \ + { 0, NULL } \ + } IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8); IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8); --- crypto/openssl/providers/implementations/ciphers/cipher_aes_ocb.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_ocb.h @@ -11,29 +11,29 @@ #include "prov/ciphercommon.h" #include "crypto/aes_platform.h" -#define OCB_MAX_TAG_LEN AES_BLOCK_SIZE -#define OCB_MAX_DATA_LEN AES_BLOCK_SIZE -#define OCB_MAX_AAD_LEN AES_BLOCK_SIZE +#define OCB_MAX_TAG_LEN AES_BLOCK_SIZE +#define OCB_MAX_DATA_LEN AES_BLOCK_SIZE +#define OCB_MAX_AAD_LEN AES_BLOCK_SIZE typedef struct prov_aes_ocb_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ksenc; /* AES key schedule to use for encryption/aad */ + } ksenc; /* AES key schedule to use for encryption/aad */ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ksdec; /* AES key schedule to use for decryption */ + } ksdec; /* AES key schedule to use for decryption */ OCB128_CONTEXT ocb; - unsigned int iv_state; /* set to one of IV_STATE_XXX */ + unsigned int iv_state; /* set to one of IV_STATE_XXX */ unsigned int key_set : 1; size_t taglen; size_t data_buf_len; size_t aad_buf_len; unsigned char tag[OCB_MAX_TAG_LEN]; unsigned char data_buf[OCB_MAX_DATA_LEN]; /* Store partial data blocks */ - unsigned char aad_buf[OCB_MAX_AAD_LEN]; /* Store partial AAD blocks */ + unsigned char aad_buf[OCB_MAX_AAD_LEN]; /* Store partial AAD blocks */ } PROV_AES_OCB_CTX; const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_ocb(size_t keybits); --- crypto/openssl/providers/implementations/ciphers/cipher_aes_ocb_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_ocb_hw.c @@ -15,23 +15,21 @@ #include "cipher_aes_ocb.h" -#define OCB_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ - fn_block_enc, fn_block_dec, \ - fn_stream_enc, fn_stream_dec) \ -CRYPTO_ocb128_cleanup(&ctx->ocb); \ -fn_set_enc_key(key, keylen * 8, &ctx->ksenc.ks); \ -fn_set_dec_key(key, keylen * 8, &ctx->ksdec.ks); \ -if (!CRYPTO_ocb128_init(&ctx->ocb, &ctx->ksenc.ks, &ctx->ksdec.ks, \ - (block128_f)fn_block_enc, (block128_f)fn_block_dec, \ - ctx->base.enc ? (ocb128_f)fn_stream_enc : \ - (ocb128_f)fn_stream_dec)) \ - return 0; \ -ctx->key_set = 1 - +#define OCB_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ + fn_block_enc, fn_block_dec, \ + fn_stream_enc, fn_stream_dec) \ + CRYPTO_ocb128_cleanup(&ctx->ocb); \ + fn_set_enc_key(key, keylen * 8, &ctx->ksenc.ks); \ + fn_set_dec_key(key, keylen * 8, &ctx->ksdec.ks); \ + if (!CRYPTO_ocb128_init(&ctx->ocb, &ctx->ksenc.ks, &ctx->ksdec.ks, \ + (block128_f)fn_block_enc, (block128_f)fn_block_dec, \ + ctx->base.enc ? (ocb128_f)fn_stream_enc : (ocb128_f)fn_stream_dec)) \ + return 0; \ + ctx->key_set = 1 static int cipher_hw_aes_ocb_generic_initkey(PROV_CIPHER_CTX *vctx, - const unsigned char *key, - size_t keylen) + const unsigned char *key, + size_t keylen) { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; @@ -39,84 +37,81 @@ * We set both the encrypt and decrypt key here because decrypt * needs both. (i.e- AAD uses encrypt). */ -# ifdef HWAES_CAPABLE +#ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { OCB_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key, - HWAES_encrypt, HWAES_decrypt, - HWAES_ocb_encrypt, HWAES_ocb_decrypt); + HWAES_encrypt, HWAES_decrypt, + HWAES_ocb_encrypt, HWAES_ocb_decrypt); } else -# endif -# ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { OCB_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key, - vpaes_encrypt, vpaes_decrypt, NULL, NULL); + vpaes_encrypt, vpaes_decrypt, NULL, NULL); } else -# endif +#endif { OCB_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key, - AES_encrypt, AES_decrypt, NULL, NULL); + AES_encrypt, AES_decrypt, NULL, NULL); } return 1; } -# if defined(AESNI_CAPABLE) +#if defined(AESNI_CAPABLE) static int cipher_hw_aes_ocb_aesni_initkey(PROV_CIPHER_CTX *vctx, - const unsigned char *key, - size_t keylen) + const unsigned char *key, + size_t keylen) { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; OCB_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key, - aesni_encrypt, aesni_decrypt, - aesni_ocb_encrypt, aesni_ocb_decrypt); + aesni_encrypt, aesni_decrypt, + aesni_ocb_encrypt, aesni_ocb_decrypt); return 1; } -# define PROV_CIPHER_HW_declare() \ -static const PROV_CIPHER_HW aesni_ocb = { \ - cipher_hw_aes_ocb_aesni_initkey, \ - NULL \ -}; -# define PROV_CIPHER_HW_select() \ - if (AESNI_CAPABLE) \ +#define PROV_CIPHER_HW_declare() \ + static const PROV_CIPHER_HW aesni_ocb = { \ + cipher_hw_aes_ocb_aesni_initkey, \ + NULL \ + }; +#define PROV_CIPHER_HW_select() \ + if (AESNI_CAPABLE) \ return &aesni_ocb; #elif defined(SPARC_AES_CAPABLE) static int cipher_hw_aes_ocb_t4_initkey(PROV_CIPHER_CTX *vctx, - const unsigned char *key, - size_t keylen) + const unsigned char *key, + size_t keylen) { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; OCB_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key, - aes_t4_encrypt, aes_t4_decrypt, NULL, NULL); + aes_t4_encrypt, aes_t4_decrypt, NULL, NULL); return 1; } -# define PROV_CIPHER_HW_declare() \ -static const PROV_CIPHER_HW aes_t4_ocb = { \ - cipher_hw_aes_ocb_t4_initkey, \ - NULL \ -}; -# define PROV_CIPHER_HW_select() \ - if (SPARC_AES_CAPABLE) \ +#define PROV_CIPHER_HW_declare() \ + static const PROV_CIPHER_HW aes_t4_ocb = { \ + cipher_hw_aes_ocb_t4_initkey, \ + NULL \ + }; +#define PROV_CIPHER_HW_select() \ + if (SPARC_AES_CAPABLE) \ return &aes_t4_ocb; #else -# define PROV_CIPHER_HW_declare() -# define PROV_CIPHER_HW_select() -# endif +#define PROV_CIPHER_HW_declare() +#define PROV_CIPHER_HW_select() +#endif static const PROV_CIPHER_HW aes_generic_ocb = { cipher_hw_aes_ocb_generic_initkey, NULL }; PROV_CIPHER_HW_declare() -const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_ocb(size_t keybits) + const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_ocb(size_t keybits) { - PROV_CIPHER_HW_select() - return &aes_generic_ocb; + PROV_CIPHER_HW_select() return &aes_generic_ocb; } - - --- crypto/openssl/providers/implementations/ciphers/cipher_aes_siv.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_siv.c @@ -28,7 +28,7 @@ static OSSL_FUNC_cipher_set_ctx_params_fn aes_siv_set_ctx_params; static void *aes_siv_newctx(void *provctx, size_t keybits, unsigned int mode, - uint64_t flags) + uint64_t flags) { PROV_AES_SIV_CTX *ctx; @@ -52,7 +52,7 @@ if (ctx != NULL) { ctx->hw->cleanup(ctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } } @@ -77,8 +77,8 @@ } static int siv_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[], int enc) { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; @@ -99,21 +99,21 @@ } static int siv_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return siv_init(vctx, key, keylen, iv, ivlen, params, 1); } static int siv_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return siv_init(vctx, key, keylen, iv, ivlen, params, 0); } static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, size_t inl) + size_t outsize, const unsigned char *in, size_t inl) { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; @@ -143,7 +143,7 @@ } static int siv_stream_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; @@ -193,7 +193,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *aes_siv_gettable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return aes_siv_known_gettable_ctx_params; } @@ -247,60 +247,60 @@ OSSL_PARAM_END }; static const OSSL_PARAM *aes_siv_settable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return aes_siv_known_settable_ctx_params; } -#define IMPLEMENT_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ -static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx; \ -static OSSL_FUNC_cipher_freectx_fn alg##_##lc##_freectx; \ -static OSSL_FUNC_cipher_dupctx_fn lc##_dupctx; \ -static OSSL_FUNC_cipher_encrypt_init_fn lc##_einit; \ -static OSSL_FUNC_cipher_decrypt_init_fn lc##_dinit; \ -static OSSL_FUNC_cipher_update_fn lc##_stream_update; \ -static OSSL_FUNC_cipher_final_fn lc##_stream_final; \ -static OSSL_FUNC_cipher_cipher_fn lc##_cipher; \ -static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ -static OSSL_FUNC_cipher_get_ctx_params_fn alg##_##lc##_get_ctx_params; \ -static OSSL_FUNC_cipher_gettable_ctx_params_fn \ - alg##_##lc##_gettable_ctx_params; \ -static OSSL_FUNC_cipher_set_ctx_params_fn alg##_##lc##_set_ctx_params; \ -static OSSL_FUNC_cipher_settable_ctx_params_fn \ - alg##_##lc##_settable_ctx_params; \ -static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, 2*kbits, blkbits, ivbits); \ -} \ -static void * alg##kbits##lc##_newctx(void *provctx) \ -{ \ - return alg##_##lc##_newctx(provctx, 2*kbits, EVP_CIPH_##UCMODE##_MODE, \ - flags); \ -} \ -const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) lc##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void)) lc##_stream_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void)) lc##_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_##kbits##_##lc##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void)) alg##_##lc##_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void)) alg##_##lc##_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void)) alg##_##lc##_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void)) alg##_##lc##_settable_ctx_params }, \ - { 0, NULL } \ -}; +#define IMPLEMENT_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ + static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx; \ + static OSSL_FUNC_cipher_freectx_fn alg##_##lc##_freectx; \ + static OSSL_FUNC_cipher_dupctx_fn lc##_dupctx; \ + static OSSL_FUNC_cipher_encrypt_init_fn lc##_einit; \ + static OSSL_FUNC_cipher_decrypt_init_fn lc##_dinit; \ + static OSSL_FUNC_cipher_update_fn lc##_stream_update; \ + static OSSL_FUNC_cipher_final_fn lc##_stream_final; \ + static OSSL_FUNC_cipher_cipher_fn lc##_cipher; \ + static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ + static OSSL_FUNC_cipher_get_ctx_params_fn alg##_##lc##_get_ctx_params; \ + static OSSL_FUNC_cipher_gettable_ctx_params_fn \ + alg##_##lc##_gettable_ctx_params; \ + static OSSL_FUNC_cipher_set_ctx_params_fn alg##_##lc##_set_ctx_params; \ + static OSSL_FUNC_cipher_settable_ctx_params_fn \ + alg##_##lc##_settable_ctx_params; \ + static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, 2 * kbits, blkbits, ivbits); \ + } \ + static void *alg##kbits##lc##_newctx(void *provctx) \ + { \ + return alg##_##lc##_newctx(provctx, 2 * kbits, EVP_CIPH_##UCMODE##_MODE, \ + flags); \ + } \ + const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))lc##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))lc##_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))lc##_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))lc##_stream_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))lc##_stream_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))lc##_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))alg##_##kbits##_##lc##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))alg##_##lc##_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))alg##_##lc##_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))alg##_##lc##_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))alg##_##lc##_settable_ctx_params }, \ + { 0, NULL } \ + }; IMPLEMENT_cipher(aes, siv, SIV, SIV_FLAGS, 128, 8, 0) IMPLEMENT_cipher(aes, siv, SIV, SIV_FLAGS, 192, 8, 0) --- crypto/openssl/providers/implementations/ciphers/cipher_aes_siv.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_siv.h @@ -14,7 +14,7 @@ typedef struct prov_cipher_hw_aes_siv_st { int (*initkey)(void *ctx, const uint8_t *key, size_t keylen); int (*cipher)(void *ctx, unsigned char *out, const unsigned char *in, - size_t len); + size_t len); void (*setspeed)(void *ctx, int speed); int (*settag)(void *ctx, const unsigned char *tag, size_t tagl); void (*cleanup)(void *ctx); @@ -22,12 +22,12 @@ } PROV_CIPHER_HW_AES_SIV; typedef struct prov_siv_ctx_st { - unsigned int mode; /* The mode that we are using */ - unsigned int enc : 1; /* Set to 1 if we are encrypting or 0 otherwise */ - size_t keylen; /* The input keylength (twice the alg key length) */ - size_t taglen; /* the taglen is the same as the sivlen */ + unsigned int mode; /* The mode that we are using */ + unsigned int enc : 1; /* Set to 1 if we are encrypting or 0 otherwise */ + size_t keylen; /* The input keylength (twice the alg key length) */ + size_t taglen; /* the taglen is the same as the sivlen */ SIV128_CONTEXT siv; - EVP_CIPHER *ctr; /* These are fetched - so we need to free them */ + EVP_CIPHER *ctr; /* These are fetched - so we need to free them */ EVP_CIPHER *cbc; const PROV_CIPHER_HW_AES_SIV *hw; OSSL_LIB_CTX *libctx; --- crypto/openssl/providers/implementations/ciphers/cipher_aes_siv_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_siv_hw.c @@ -21,7 +21,7 @@ { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; SIV128_CONTEXT *sctx = &ctx->siv; - size_t klen = keylen / 2; + size_t klen = keylen / 2; OSSL_LIB_CTX *libctx = ctx->libctx; const char *propq = NULL; @@ -53,7 +53,7 @@ * which should be twice as long */ return ossl_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr, libctx, - propq); + propq); } static int aes_siv_dupctx(void *in_vctx, void *out_vctx) @@ -101,7 +101,7 @@ } static int aes_siv_cipher(void *vctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; SIV128_CONTEXT *sctx = &ctx->siv; @@ -120,8 +120,7 @@ return ossl_siv128_decrypt(sctx, in, out, len) > 0; } -static const PROV_CIPHER_HW_AES_SIV aes_siv_hw = -{ +static const PROV_CIPHER_HW_AES_SIV aes_siv_hw = { aes_siv_initkey, aes_siv_cipher, aes_siv_setspeed, --- crypto/openssl/providers/implementations/ciphers/cipher_aes_wrp.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_wrp.c @@ -19,15 +19,15 @@ #include "prov/implementations.h" /* AES wrap with padding has IV length of 4, without padding 8 */ -#define AES_WRAP_PAD_IVLEN 4 +#define AES_WRAP_PAD_IVLEN 4 #define AES_WRAP_NOPAD_IVLEN 8 #define WRAP_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV) #define WRAP_FLAGS_INV (WRAP_FLAGS | PROV_CIPHER_FLAG_INVERSE_CIPHER) typedef size_t (*aeswrap_fn)(void *key, const unsigned char *iv, - unsigned char *out, const unsigned char *in, - size_t inlen, block128_f block); + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); static OSSL_FUNC_cipher_encrypt_init_fn aes_wrap_einit; static OSSL_FUNC_cipher_decrypt_init_fn aes_wrap_dinit; @@ -46,9 +46,8 @@ } PROV_AES_WRAP_CTX; - static void *aes_wrap_newctx(size_t kbits, size_t blkbits, - size_t ivbits, unsigned int mode, uint64_t flags) + size_t ivbits, unsigned int mode, uint64_t flags) { PROV_AES_WRAP_CTX *wctx; PROV_CIPHER_CTX *ctx; @@ -60,7 +59,7 @@ ctx = (PROV_CIPHER_CTX *)wctx; if (ctx != NULL) { ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, - NULL, NULL); + NULL, NULL); ctx->pad = (ctx->ivlen == AES_WRAP_PAD_IVLEN); } return wctx; @@ -77,7 +76,7 @@ if (dctx != NULL && dctx->base.tlsmac != NULL && dctx->base.alloced) { dctx->base.tlsmac = OPENSSL_memdup(dctx->base.tlsmac, - dctx->base.tlsmacsize); + dctx->base.tlsmacsize); if (dctx->base.tlsmac == NULL) { OPENSSL_free(dctx); dctx = NULL; @@ -91,12 +90,12 @@ PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(wctx, sizeof(*wctx)); + OPENSSL_clear_free(wctx, sizeof(*wctx)); } static int aes_wrap_init(void *vctx, const unsigned char *key, - size_t keylen, const unsigned char *iv, - size_t ivlen, const OSSL_PARAM params[], int enc) + size_t keylen, const unsigned char *iv, + size_t ivlen, const OSSL_PARAM params[], int enc) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx; @@ -118,8 +117,8 @@ int use_forward_transform; if (keylen != ctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; } /* * See SP800-38F : Section 5.1 @@ -146,21 +145,21 @@ } static int aes_wrap_einit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return aes_wrap_init(ctx, key, keylen, iv, ivlen, params, 1); } static int aes_wrap_dinit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return aes_wrap_init(ctx, key, keylen, iv, ivlen, params, 0); } static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, - const unsigned char *in, size_t inlen) + const unsigned char *in, size_t inlen) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx; @@ -207,7 +206,7 @@ } rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in, - inlen, ctx->block); + inlen, ctx->block); if (!rv) { ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); return -1; @@ -220,7 +219,7 @@ } static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { if (!ossl_prov_is_running()) return 0; @@ -230,8 +229,8 @@ } static int aes_wrap_cipher(void *vctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_AES_WRAP_CTX *ctx = (PROV_AES_WRAP_CTX *)vctx; size_t len; @@ -280,41 +279,41 @@ return 1; } -#define IMPLEMENT_cipher(mode, fname, UCMODE, flags, kbits, blkbits, ivbits) \ - static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##fname##_get_params; \ - static int aes_##kbits##_##fname##_get_params(OSSL_PARAM params[]) \ - { \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE,\ - flags, kbits, blkbits, ivbits); \ - } \ - static OSSL_FUNC_cipher_newctx_fn aes_##kbits##fname##_newctx; \ - static void *aes_##kbits##fname##_newctx(void *provctx) \ - { \ - return aes_##mode##_newctx(kbits, blkbits, ivbits, \ - EVP_CIPH_##UCMODE##_MODE, flags); \ - } \ - const OSSL_DISPATCH ossl_##aes##kbits##fname##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void))aes_##kbits##fname##_newctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_cipher }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_final }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void))aes_##kbits##_##fname##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))aes_wrap_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ - { 0, NULL } \ +#define IMPLEMENT_cipher(mode, fname, UCMODE, flags, kbits, blkbits, ivbits) \ + static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##fname##_get_params; \ + static int aes_##kbits##_##fname##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + static OSSL_FUNC_cipher_newctx_fn aes_##kbits##fname##_newctx; \ + static void *aes_##kbits##fname##_newctx(void *provctx) \ + { \ + return aes_##mode##_newctx(kbits, blkbits, ivbits, \ + EVP_CIPH_##UCMODE##_MODE, flags); \ + } \ + const OSSL_DISPATCH ossl_##aes##kbits##fname##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))aes_##kbits##fname##_newctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_cipher }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_final }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))aes_##kbits##_##fname##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))aes_wrap_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ + { 0, NULL } \ } IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 256, 64, AES_WRAP_NOPAD_IVLEN * 8); --- crypto/openssl/providers/implementations/ciphers/cipher_aes_xts.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_xts.c @@ -52,10 +52,10 @@ * data with them." */ static int aes_xts_check_keys_differ(const unsigned char *key, size_t bytes, - int enc) + int enc) { if ((!ossl_aes_xts_allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_XTS_DUPLICATED_KEYS); return 0; } @@ -66,8 +66,8 @@ * Provider dispatch functions */ static int aes_xts_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[], int enc) { PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)vctx; PROV_CIPHER_CTX *ctx = &xctx->base; @@ -95,28 +95,28 @@ } static int aes_xts_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return aes_xts_init(vctx, key, keylen, iv, ivlen, params, 1); } static int aes_xts_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return aes_xts_init(vctx, key, keylen, iv, ivlen, params, 0); } static void *aes_xts_newctx(void *provctx, unsigned int mode, uint64_t flags, - size_t kbits, size_t blkbits, size_t ivbits) + size_t kbits, size_t blkbits, size_t ivbits) { PROV_AES_XTS_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { ossl_cipher_generic_initkey(&ctx->base, kbits, blkbits, ivbits, mode, - flags, ossl_prov_cipher_hw_aes_xts(kbits), - NULL); + flags, ossl_prov_cipher_hw_aes_xts(kbits), + NULL); } return ctx; } @@ -126,7 +126,7 @@ PROV_AES_XTS_CTX *ctx = (PROV_AES_XTS_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *aes_xts_dupctx(void *vctx) @@ -155,17 +155,17 @@ } static int aes_xts_cipher(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, size_t inl) + size_t outsize, const unsigned char *in, size_t inl) { PROV_AES_XTS_CTX *ctx = (PROV_AES_XTS_CTX *)vctx; if (!ossl_prov_is_running() - || ctx->xts.key1 == NULL - || ctx->xts.key2 == NULL - || !ctx->base.iv_set - || out == NULL - || in == NULL - || inl < AES_BLOCK_SIZE) + || ctx->xts.key1 == NULL + || ctx->xts.key2 == NULL + || !ctx->base.iv_set + || out == NULL + || in == NULL + || inl < AES_BLOCK_SIZE) return 0; /* @@ -182,7 +182,7 @@ if (ctx->stream != NULL) (*ctx->stream)(in, out, inl, ctx->xts.key1, ctx->xts.key2, ctx->base.iv); else if (CRYPTO_xts128_encrypt(&ctx->xts, ctx->base.iv, in, out, inl, - ctx->base.enc)) + ctx->base.enc)) return 0; *outl = inl; @@ -190,8 +190,8 @@ } static int aes_xts_stream_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) + size_t outsize, const unsigned char *in, + size_t inl) { PROV_AES_XTS_CTX *ctx = (PROV_AES_XTS_CTX *)vctx; @@ -209,7 +209,7 @@ } static int aes_xts_stream_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { if (!ossl_prov_is_running()) return 0; @@ -223,7 +223,7 @@ }; static const OSSL_PARAM *aes_xts_settable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return aes_xts_known_settable_ctx_params; } @@ -252,43 +252,43 @@ return 1; } -#define IMPLEMENT_cipher(lcmode, UCMODE, kbits, flags) \ -static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \ -static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, 2 * kbits, AES_XTS_BLOCK_BITS, \ - AES_XTS_IV_BITS); \ -} \ -static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_xts_newctx; \ -static void *aes_##kbits##_xts_newctx(void *provctx) \ -{ \ - return aes_xts_newctx(provctx, EVP_CIPH_##UCMODE##_MODE, flags, 2 * kbits, \ - AES_XTS_BLOCK_BITS, AES_XTS_IV_BITS); \ -} \ -const OSSL_DISPATCH ossl_aes##kbits##xts_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_xts_newctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_xts_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_xts_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_xts_stream_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_xts_stream_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_xts_cipher }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_xts_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_xts_dupctx }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void))aes_##kbits##_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))aes_xts_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))aes_xts_settable_ctx_params }, \ - { 0, NULL } \ -} +#define IMPLEMENT_cipher(lcmode, UCMODE, kbits, flags) \ + static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \ + static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, 2 * kbits, AES_XTS_BLOCK_BITS, \ + AES_XTS_IV_BITS); \ + } \ + static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_xts_newctx; \ + static void *aes_##kbits##_xts_newctx(void *provctx) \ + { \ + return aes_xts_newctx(provctx, EVP_CIPH_##UCMODE##_MODE, flags, 2 * kbits, \ + AES_XTS_BLOCK_BITS, AES_XTS_IV_BITS); \ + } \ + const OSSL_DISPATCH ossl_aes##kbits##xts_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_xts_newctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_xts_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_xts_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_xts_stream_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_xts_stream_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_xts_cipher }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_xts_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_xts_dupctx }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))aes_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))aes_xts_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))aes_xts_settable_ctx_params }, \ + { 0, NULL } \ + } IMPLEMENT_cipher(xts, XTS, 256, AES_XTS_FLAGS); IMPLEMENT_cipher(xts, XTS, 128, AES_XTS_FLAGS); --- crypto/openssl/providers/implementations/ciphers/cipher_aes_xts.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_xts.h @@ -18,16 +18,16 @@ extern const int ossl_aes_xts_allow_insecure_decrypt; PROV_CIPHER_FUNC(void, xts_stream, - (const unsigned char *in, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16])); + (const unsigned char *in, unsigned char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16])); typedef struct prov_aes_xts_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; AES_KEY ks; - } ks1, ks2; /* AES key schedules to use */ + } ks1, ks2; /* AES key schedules to use */ XTS128_CONTEXT xts; OSSL_xts_stream_fn stream; } PROV_AES_XTS_CTX; --- crypto/openssl/providers/implementations/ciphers/cipher_aes_xts_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aes_xts_hw.c @@ -15,29 +15,30 @@ #include "cipher_aes_xts.h" -#define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ - fn_block_enc, fn_block_dec, \ - fn_stream_enc, fn_stream_dec) { \ - size_t bytes = keylen / 2; \ - size_t bits = bytes * 8; \ - \ - if (ctx->enc) { \ - fn_set_enc_key(key, bits, &xctx->ks1.ks); \ - xctx->xts.block1 = (block128_f)fn_block_enc; \ - } else { \ - fn_set_dec_key(key, bits, &xctx->ks1.ks); \ - xctx->xts.block1 = (block128_f)fn_block_dec; \ - } \ - fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks); \ - xctx->xts.block2 = (block128_f)fn_block_enc; \ - xctx->xts.key1 = &xctx->ks1; \ - xctx->xts.key2 = &xctx->ks2; \ - xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \ -} +#define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ + fn_block_enc, fn_block_dec, \ + fn_stream_enc, fn_stream_dec) \ + { \ + size_t bytes = keylen / 2; \ + size_t bits = bytes * 8; \ + \ + if (ctx->enc) { \ + fn_set_enc_key(key, bits, &xctx->ks1.ks); \ + xctx->xts.block1 = (block128_f)fn_block_enc; \ + } else { \ + fn_set_dec_key(key, bits, &xctx->ks1.ks); \ + xctx->xts.block1 = (block128_f)fn_block_dec; \ + } \ + fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks); \ + xctx->xts.block2 = (block128_f)fn_block_enc; \ + xctx->xts.key1 = &xctx->ks1; \ + xctx->xts.key2 = &xctx->ks2; \ + xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \ + } static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, - size_t keylen) + const unsigned char *key, + size_t keylen) { PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; OSSL_xts_stream_fn stream_enc = NULL; @@ -50,29 +51,29 @@ #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { -# ifdef HWAES_xts_encrypt +#ifdef HWAES_xts_encrypt stream_enc = HWAES_xts_encrypt; -# endif /* HWAES_xts_encrypt */ -# ifdef HWAES_xts_decrypt +#endif /* HWAES_xts_encrypt */ +#ifdef HWAES_xts_decrypt stream_dec = HWAES_xts_decrypt; -# endif /* HWAES_xts_decrypt */ +#endif /* HWAES_xts_decrypt */ XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key, - HWAES_encrypt, HWAES_decrypt, - stream_enc, stream_dec); + HWAES_encrypt, HWAES_decrypt, + stream_enc, stream_dec); return 1; } else #endif /* HWAES_CAPABLE */ #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) { + if (BSAES_CAPABLE) { stream_enc = ossl_bsaes_xts_encrypt; stream_dec = ossl_bsaes_xts_decrypt; } else #endif /* BSAES_CAPABLE */ #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { + if (VPAES_CAPABLE) { XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key, - vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec); + vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec); return 1; } else #endif /* VPAES_CAPABLE */ @@ -81,13 +82,13 @@ } { XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key, - AES_encrypt, AES_decrypt, stream_enc, stream_dec); + AES_encrypt, AES_decrypt, stream_enc, stream_dec); } return 1; } static void cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX *dst, - const PROV_CIPHER_CTX *src) + const PROV_CIPHER_CTX *src) { PROV_AES_XTS_CTX *sctx = (PROV_AES_XTS_CTX *)src; PROV_AES_XTS_CTX *dctx = (PROV_AES_XTS_CTX *)dst; @@ -100,30 +101,30 @@ #if defined(AESNI_CAPABLE) static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; XTS_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key, - aesni_encrypt, aesni_decrypt, - aesni_xts_encrypt, aesni_xts_decrypt); + aesni_encrypt, aesni_decrypt, + aesni_xts_encrypt, aesni_xts_decrypt); return 1; } -# define PROV_CIPHER_HW_declare_xts() \ -static const PROV_CIPHER_HW aesni_xts = { \ - cipher_hw_aesni_xts_initkey, \ - NULL, \ - cipher_hw_aes_xts_copyctx \ -}; -# define PROV_CIPHER_HW_select_xts() \ -if (AESNI_CAPABLE) \ - return &aesni_xts; +#define PROV_CIPHER_HW_declare_xts() \ + static const PROV_CIPHER_HW aesni_xts = { \ + cipher_hw_aesni_xts_initkey, \ + NULL, \ + cipher_hw_aes_xts_copyctx \ + }; +#define PROV_CIPHER_HW_select_xts() \ + if (AESNI_CAPABLE) \ + return &aesni_xts; -# elif defined(SPARC_AES_CAPABLE) +#elif defined(SPARC_AES_CAPABLE) static int cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; OSSL_xts_stream_fn stream_enc = NULL; @@ -144,24 +145,24 @@ } XTS_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key, - aes_t4_encrypt, aes_t4_decrypt, - stream_enc, stream_dec); + aes_t4_encrypt, aes_t4_decrypt, + stream_enc, stream_dec); return 1; } -# define PROV_CIPHER_HW_declare_xts() \ -static const PROV_CIPHER_HW aes_xts_t4 = { \ - cipher_hw_aes_xts_t4_initkey, \ - NULL, \ - cipher_hw_aes_xts_copyctx \ -}; -# define PROV_CIPHER_HW_select_xts() \ -if (SPARC_AES_CAPABLE) \ - return &aes_xts_t4; -# else +#define PROV_CIPHER_HW_declare_xts() \ + static const PROV_CIPHER_HW aes_xts_t4 = { \ + cipher_hw_aes_xts_t4_initkey, \ + NULL, \ + cipher_hw_aes_xts_copyctx \ + }; +#define PROV_CIPHER_HW_select_xts() \ + if (SPARC_AES_CAPABLE) \ + return &aes_xts_t4; +#else /* The generic case */ -# define PROV_CIPHER_HW_declare_xts() -# define PROV_CIPHER_HW_select_xts() +#define PROV_CIPHER_HW_declare_xts() +#define PROV_CIPHER_HW_select_xts() #endif static const PROV_CIPHER_HW aes_generic_xts = { @@ -170,8 +171,7 @@ cipher_hw_aes_xts_copyctx }; PROV_CIPHER_HW_declare_xts() -const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts(size_t keybits) + const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts(size_t keybits) { - PROV_CIPHER_HW_select_xts() - return &aes_generic_xts; + PROV_CIPHER_HW_select_xts() return &aes_generic_xts; } --- crypto/openssl/providers/implementations/ciphers/cipher_aria.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria.c @@ -21,7 +21,7 @@ PROV_ARIA_CTX *ctx = (PROV_ARIA_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *aria_dupctx(void *ctx) @@ -61,11 +61,11 @@ /* ossl_aria128ofb_functions */ IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 128, 8, 128, stream) /* ossl_aria256cfb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 256, 8, 128, stream) /* ossl_aria192cfb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 192, 8, 128, stream) /* ossl_aria128cfb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 128, 8, 128, stream) /* ossl_aria256cfb1_functions */ IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 256, 8, 128, stream) /* ossl_aria192cfb1_functions */ --- crypto/openssl/providers/implementations/ciphers/cipher_aria.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria.h @@ -11,14 +11,13 @@ #include "prov/ciphercommon.h" typedef struct prov_aria_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; ARIA_KEY ks; } ks; } PROV_ARIA_CTX; - #define ossl_prov_cipher_hw_aria_ofb ossl_prov_cipher_hw_aria_ofb128 #define ossl_prov_cipher_hw_aria_cfb ossl_prov_cipher_hw_aria_cfb128 const PROV_CIPHER_HW *ossl_prov_cipher_hw_aria_ecb(size_t keybits); --- crypto/openssl/providers/implementations/ciphers/cipher_aria_ccm.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria_ccm.c @@ -47,7 +47,7 @@ { PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx; - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } /* aria128ccm functions */ @@ -56,4 +56,3 @@ IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 192, 8, 96); /* aria256ccm functions */ IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 256, 8, 96); - --- crypto/openssl/providers/implementations/ciphers/cipher_aria_ccm.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria_ccm.h @@ -16,7 +16,7 @@ union { OSSL_UNION_ALIGN; ARIA_KEY ks; - } ks; /* ARIA key schedule to use */ + } ks; /* ARIA key schedule to use */ } PROV_ARIA_CCM_CTX; const PROV_CCM_HW *ossl_prov_aria_hw_ccm(size_t keylen); --- crypto/openssl/providers/implementations/ciphers/cipher_aria_ccm_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria_ccm_hw.c @@ -14,13 +14,13 @@ #include "cipher_aria_ccm.h" static int ccm_aria_initkey(PROV_CCM_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx; ossl_aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks); CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks, - (block128_f)ossl_aria_encrypt); + (block128_f)ossl_aria_encrypt); ctx->str = NULL; ctx->key_set = 1; return 1; --- crypto/openssl/providers/implementations/ciphers/cipher_aria_gcm.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria_gcm.c @@ -23,7 +23,7 @@ ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ossl_gcm_initctx(provctx, &ctx->base, keybits, - ossl_prov_aria_hw_gcm(keybits)); + ossl_prov_aria_hw_gcm(keybits)); return ctx; } @@ -35,7 +35,7 @@ if (ctx == NULL) return NULL; - dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); if (dctx != NULL && dctx->base.gcm.key != NULL) dctx->base.gcm.key = &dctx->ks.ks; @@ -47,7 +47,7 @@ { PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx; - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } /* ossl_aria128gcm_functions */ @@ -56,4 +56,3 @@ IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 192, 8, 96); /* ossl_aria256gcm_functions */ IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 256, 8, 96); - --- crypto/openssl/providers/implementations/ciphers/cipher_aria_gcm.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria_gcm.h @@ -12,7 +12,7 @@ #include "prov/ciphercommon_gcm.h" typedef struct prov_aria_gcm_ctx_st { - PROV_GCM_CTX base; /* must be first entry in struct */ + PROV_GCM_CTX base; /* must be first entry in struct */ union { OSSL_UNION_ALIGN; ARIA_KEY ks; --- crypto/openssl/providers/implementations/ciphers/cipher_aria_gcm_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria_gcm_hw.c @@ -14,7 +14,7 @@ #include "cipher_aria_gcm.h" static int aria_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, - size_t keylen) + size_t keylen) { PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx; ARIA_KEY *ks = &actx->ks.ks; --- crypto/openssl/providers/implementations/ciphers/cipher_aria_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_aria_hw.c @@ -11,7 +11,7 @@ #include "cipher_aria.h" static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { int ret, mode = dat->mode; PROV_ARIA_CTX *adat = (PROV_ARIA_CTX *)dat; @@ -32,21 +32,21 @@ IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aria_copyctx, PROV_ARIA_CTX) -# define PROV_CIPHER_HW_aria_mode(mode) \ -static const PROV_CIPHER_HW aria_##mode = { \ - cipher_hw_aria_initkey, \ - ossl_cipher_hw_chunked_##mode, \ - cipher_hw_aria_copyctx \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_aria_##mode(size_t keybits) \ -{ \ - return &aria_##mode; \ -} +#define PROV_CIPHER_HW_aria_mode(mode) \ + static const PROV_CIPHER_HW aria_##mode = { \ + cipher_hw_aria_initkey, \ + ossl_cipher_hw_chunked_##mode, \ + cipher_hw_aria_copyctx \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_aria_##mode(size_t keybits) \ + { \ + return &aria_##mode; \ + } PROV_CIPHER_HW_aria_mode(cbc) -PROV_CIPHER_HW_aria_mode(ecb) -PROV_CIPHER_HW_aria_mode(ofb128) -PROV_CIPHER_HW_aria_mode(cfb128) -PROV_CIPHER_HW_aria_mode(cfb1) -PROV_CIPHER_HW_aria_mode(cfb8) -PROV_CIPHER_HW_aria_mode(ctr) + PROV_CIPHER_HW_aria_mode(ecb) + PROV_CIPHER_HW_aria_mode(ofb128) + PROV_CIPHER_HW_aria_mode(cfb128) + PROV_CIPHER_HW_aria_mode(cfb1) + PROV_CIPHER_HW_aria_mode(cfb8) + PROV_CIPHER_HW_aria_mode(ctr) --- crypto/openssl/providers/implementations/ciphers/cipher_blowfish.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_blowfish.c @@ -29,7 +29,7 @@ PROV_BLOWFISH_CTX *ctx = (PROV_BLOWFISH_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *blowfish_dupctx(void *ctx) @@ -57,4 +57,4 @@ /* bf_ofb_functions */ IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, ofb64, OFB, BF_FLAGS, 128, 8, 64, stream) /* bf_cfb_functions */ -IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, cfb64, CFB, BF_FLAGS, 128, 8, 64, stream) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, cfb64, CFB, BF_FLAGS, 128, 8, 64, stream) --- crypto/openssl/providers/implementations/ciphers/cipher_blowfish.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_blowfish.h @@ -11,7 +11,7 @@ #include "prov/ciphercommon.h" typedef struct prov_blowfish_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; BF_KEY ks; --- crypto/openssl/providers/implementations/ciphers/cipher_blowfish_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_blowfish_hw.c @@ -16,27 +16,27 @@ #include "cipher_blowfish.h" static int cipher_hw_blowfish_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { - PROV_BLOWFISH_CTX *bctx = (PROV_BLOWFISH_CTX *)ctx; + PROV_BLOWFISH_CTX *bctx = (PROV_BLOWFISH_CTX *)ctx; BF_set_key(&bctx->ks.ks, keylen, key); return 1; } -# define PROV_CIPHER_HW_blowfish_mode(mode, UCMODE) \ -IMPLEMENT_CIPHER_HW_##UCMODE(mode, blowfish, PROV_BLOWFISH_CTX, BF_KEY, \ - BF_##mode) \ -static const PROV_CIPHER_HW bf_##mode = { \ - cipher_hw_blowfish_initkey, \ - cipher_hw_blowfish_##mode##_cipher \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_blowfish_##mode(size_t keybits) \ -{ \ - return &bf_##mode; \ -} +#define PROV_CIPHER_HW_blowfish_mode(mode, UCMODE) \ + IMPLEMENT_CIPHER_HW_##UCMODE(mode, blowfish, PROV_BLOWFISH_CTX, BF_KEY, \ + BF_##mode) static const PROV_CIPHER_HW bf_##mode \ + = { \ + cipher_hw_blowfish_initkey, \ + cipher_hw_blowfish_##mode##_cipher \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_blowfish_##mode(size_t keybits) \ + { \ + return &bf_##mode; \ + } PROV_CIPHER_HW_blowfish_mode(cbc, CBC) -PROV_CIPHER_HW_blowfish_mode(ecb, ECB) -PROV_CIPHER_HW_blowfish_mode(ofb64, OFB) -PROV_CIPHER_HW_blowfish_mode(cfb64, CFB) + PROV_CIPHER_HW_blowfish_mode(ecb, ECB) + PROV_CIPHER_HW_blowfish_mode(ofb64, OFB) + PROV_CIPHER_HW_blowfish_mode(cfb64, CFB) --- crypto/openssl/providers/implementations/ciphers/cipher_camellia.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_camellia.c @@ -27,7 +27,7 @@ PROV_CAMELLIA_CTX *ctx = (PROV_CAMELLIA_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *camellia_dupctx(void *ctx) @@ -67,11 +67,11 @@ /* ossl_camellia128ofb_functions */ IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 128, 8, 128, stream) /* ossl_camellia256cfb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 256, 8, 128, stream) /* ossl_camellia192cfb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 192, 8, 128, stream) /* ossl_camellia128cfb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 128, 8, 128, stream) /* ossl_camellia256cfb1_functions */ IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 256, 8, 128, stream) /* ossl_camellia192cfb1_functions */ --- crypto/openssl/providers/implementations/ciphers/cipher_camellia.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_camellia.h @@ -12,7 +12,7 @@ #include "crypto/cmll_platform.h" typedef struct prov_camellia_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; CAMELLIA_KEY ks; --- crypto/openssl/providers/implementations/ciphers/cipher_camellia_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_camellia_hw.c @@ -18,7 +18,7 @@ #include "cipher_camellia.h" static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { int ret, mode = dat->mode; PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat; @@ -31,44 +31,42 @@ return 0; } if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) { - dat->block = (block128_f) Camellia_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) Camellia_cbc_encrypt : NULL; + dat->block = (block128_f)Camellia_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)Camellia_cbc_encrypt : NULL; } else { - dat->block = (block128_f) Camellia_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) Camellia_cbc_encrypt : NULL; + dat->block = (block128_f)Camellia_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f)Camellia_cbc_encrypt : NULL; } return 1; } IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_camellia_copyctx, PROV_CAMELLIA_CTX) -# if defined(SPARC_CMLL_CAPABLE) -# include "cipher_camellia_hw_t4.inc" -# else +#if defined(SPARC_CMLL_CAPABLE) +#include "cipher_camellia_hw_t4.inc" +#else /* The generic case */ -# define PROV_CIPHER_HW_declare(mode) -# define PROV_CIPHER_HW_select(mode) -# endif /* SPARC_CMLL_CAPABLE */ +#define PROV_CIPHER_HW_declare(mode) +#define PROV_CIPHER_HW_select(mode) +#endif /* SPARC_CMLL_CAPABLE */ -#define PROV_CIPHER_HW_camellia_mode(mode) \ -static const PROV_CIPHER_HW camellia_##mode = { \ - cipher_hw_camellia_initkey, \ - ossl_cipher_hw_generic_##mode, \ - cipher_hw_camellia_copyctx \ -}; \ -PROV_CIPHER_HW_declare(mode) \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_camellia_##mode(size_t keybits) \ -{ \ - PROV_CIPHER_HW_select(mode) \ - return &camellia_##mode; \ -} +#define PROV_CIPHER_HW_camellia_mode(mode) \ + static const PROV_CIPHER_HW camellia_##mode = { \ + cipher_hw_camellia_initkey, \ + ossl_cipher_hw_generic_##mode, \ + cipher_hw_camellia_copyctx \ + }; \ + PROV_CIPHER_HW_declare(mode) \ + const PROV_CIPHER_HW * \ + ossl_prov_cipher_hw_camellia_##mode(size_t keybits) \ + { \ + PROV_CIPHER_HW_select(mode) return &camellia_##mode; \ + } PROV_CIPHER_HW_camellia_mode(cbc) -PROV_CIPHER_HW_camellia_mode(ecb) -PROV_CIPHER_HW_camellia_mode(ofb128) -PROV_CIPHER_HW_camellia_mode(cfb128) -PROV_CIPHER_HW_camellia_mode(cfb1) -PROV_CIPHER_HW_camellia_mode(cfb8) -PROV_CIPHER_HW_camellia_mode(ctr) + PROV_CIPHER_HW_camellia_mode(ecb) + PROV_CIPHER_HW_camellia_mode(ofb128) + PROV_CIPHER_HW_camellia_mode(cfb128) + PROV_CIPHER_HW_camellia_mode(cfb1) + PROV_CIPHER_HW_camellia_mode(cfb8) + PROV_CIPHER_HW_camellia_mode(ctr) --- crypto/openssl/providers/implementations/ciphers/cipher_cast.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_cast.h @@ -11,7 +11,7 @@ #include "prov/ciphercommon.h" typedef struct prov_cast_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; CAST_KEY ks; --- crypto/openssl/providers/implementations/ciphers/cipher_cast5.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_cast5.c @@ -30,7 +30,7 @@ PROV_CAST_CTX *ctx = (PROV_CAST_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *cast5_dupctx(void *ctx) @@ -58,4 +58,4 @@ /* ossl_cast5128ofb64_functions */ IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 128, 8, 64, stream) /* ossl_cast5128cfb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 128, 8, 64, stream) +IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 128, 8, 64, stream) --- crypto/openssl/providers/implementations/ciphers/cipher_cast5_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_cast5_hw.c @@ -16,27 +16,27 @@ #include "cipher_cast.h" static int cipher_hw_cast5_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { - PROV_CAST_CTX *bctx = (PROV_CAST_CTX *)ctx; + PROV_CAST_CTX *bctx = (PROV_CAST_CTX *)ctx; CAST_set_key(&(bctx->ks.ks), keylen, key); return 1; } -# define PROV_CIPHER_HW_cast_mode(mode, UCMODE) \ -IMPLEMENT_CIPHER_HW_##UCMODE(mode, cast5, PROV_CAST_CTX, CAST_KEY, \ - CAST_##mode) \ -static const PROV_CIPHER_HW cast5_##mode = { \ - cipher_hw_cast5_initkey, \ - cipher_hw_cast5_##mode##_cipher \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_cast5_##mode(size_t keybits) \ -{ \ - return &cast5_##mode; \ -} +#define PROV_CIPHER_HW_cast_mode(mode, UCMODE) \ + IMPLEMENT_CIPHER_HW_##UCMODE(mode, cast5, PROV_CAST_CTX, CAST_KEY, \ + CAST_##mode) static const PROV_CIPHER_HW cast5_##mode \ + = { \ + cipher_hw_cast5_initkey, \ + cipher_hw_cast5_##mode##_cipher \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_cast5_##mode(size_t keybits) \ + { \ + return &cast5_##mode; \ + } PROV_CIPHER_HW_cast_mode(cbc, CBC) -PROV_CIPHER_HW_cast_mode(ecb, ECB) -PROV_CIPHER_HW_cast_mode(ofb64, OFB) -PROV_CIPHER_HW_cast_mode(cfb64, CFB) + PROV_CIPHER_HW_cast_mode(ecb, ECB) + PROV_CIPHER_HW_cast_mode(ofb64, OFB) + PROV_CIPHER_HW_cast_mode(cfb64, CFB) --- crypto/openssl/providers/implementations/ciphers/cipher_chacha20.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_chacha20.c @@ -35,11 +35,11 @@ void ossl_chacha20_initctx(PROV_CHACHA20_CTX *ctx) { ossl_cipher_generic_initkey(ctx, CHACHA20_KEYLEN * 8, - CHACHA20_BLKLEN * 8, - CHACHA20_IVLEN * 8, - 0, CHACHA20_FLAGS, - ossl_prov_cipher_hw_chacha20(CHACHA20_KEYLEN * 8), - NULL); + CHACHA20_BLKLEN * 8, + CHACHA20_IVLEN * 8, + 0, CHACHA20_FLAGS, + ossl_prov_cipher_hw_chacha20(CHACHA20_KEYLEN * 8), + NULL); } static void *chacha20_newctx(void *provctx) @@ -74,7 +74,7 @@ dupctx = OPENSSL_memdup(ctx, sizeof(*dupctx)); if (dupctx != NULL && dupctx->base.tlsmac != NULL && dupctx->base.alloced) { dupctx->base.tlsmac = OPENSSL_memdup(dupctx->base.tlsmac, - dupctx->base.tlsmacsize); + dupctx->base.tlsmacsize); if (dupctx->base.tlsmac == NULL) { OPENSSL_free(dupctx); dupctx = NULL; @@ -87,9 +87,9 @@ static int chacha20_get_params(OSSL_PARAM params[]) { return ossl_cipher_generic_get_params(params, 0, CHACHA20_FLAGS, - CHACHA20_KEYLEN * 8, - CHACHA20_BLKLEN * 8, - CHACHA20_IVLEN * 8); + CHACHA20_KEYLEN * 8, + CHACHA20_BLKLEN * 8, + CHACHA20_IVLEN * 8); } static int chacha20_get_ctx_params(void *vctx, OSSL_PARAM params[]) @@ -116,7 +116,7 @@ OSSL_PARAM_END }; const OSSL_PARAM *chacha20_gettable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return chacha20_known_gettable_ctx_params; } @@ -160,14 +160,14 @@ OSSL_PARAM_END }; const OSSL_PARAM *chacha20_settable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return chacha20_known_settable_ctx_params; } int ossl_chacha20_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { int ret; @@ -185,8 +185,8 @@ } int ossl_chacha20_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { int ret; @@ -212,9 +212,9 @@ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_chacha20_dinit }, { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))chacha20_update }, { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))chacha20_final }, - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))chacha20_cipher}, + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))chacha20_cipher }, { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))chacha20_get_params }, - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,(void (*)(void))chacha20_gettable_params }, + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, (void (*)(void))chacha20_gettable_params }, { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))chacha20_get_ctx_params }, { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, (void (*)(void))chacha20_gettable_ctx_params }, @@ -223,4 +223,3 @@ (void (*)(void))chacha20_settable_ctx_params }, { 0, NULL } }; - --- crypto/openssl/providers/implementations/ciphers/cipher_chacha20.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_chacha20.h @@ -11,14 +11,14 @@ #include "prov/ciphercommon.h" typedef struct { - PROV_CIPHER_CTX base; /* must be first */ + PROV_CIPHER_CTX base; /* must be first */ union { OSSL_UNION_ALIGN; unsigned int d[CHACHA_KEY_SIZE / 4]; } key; - unsigned int counter[CHACHA_CTR_SIZE / 4]; + unsigned int counter[CHACHA_CTR_SIZE / 4]; unsigned char buf[CHACHA_BLK_SIZE]; - unsigned int partial_len; + unsigned int partial_len; } PROV_CHACHA20_CTX; typedef struct prov_cipher_hw_chacha20_st { --- crypto/openssl/providers/implementations/ciphers/cipher_chacha20_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_chacha20_hw.c @@ -12,7 +12,7 @@ #include "cipher_chacha20.h" static int chacha20_initkey(PROV_CIPHER_CTX *bctx, const uint8_t *key, - size_t keylen) + size_t keylen) { PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx; unsigned int i; @@ -39,7 +39,7 @@ } static int chacha20_cipher(PROV_CIPHER_CTX *bctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)bctx; unsigned int n, rem, ctr32; @@ -95,13 +95,14 @@ out += blocks; ctx->counter[0] = ctr32; - if (ctr32 == 0) ctx->counter[1]++; + if (ctr32 == 0) + ctx->counter[1]++; } if (rem > 0) { memset(ctx->buf, 0, sizeof(ctx->buf)); ChaCha20_ctr32(ctx->buf, ctx->buf, CHACHA_BLK_SIZE, - ctx->key.d, ctx->counter); + ctx->key.d, ctx->counter); for (n = 0; n < rem; n++) out[n] = in[n] ^ ctx->buf[n]; ctx->partial_len = rem; @@ -119,4 +120,3 @@ { return (PROV_CIPHER_HW *)&chacha20_hw; } - --- crypto/openssl/providers/implementations/ciphers/cipher_chacha20_poly1305.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_chacha20_poly1305.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,8 +18,8 @@ #define CHACHA20_POLY1305_BLKLEN 1 #define CHACHA20_POLY1305_MAX_IVLEN 12 #define CHACHA20_POLY1305_MODE 0 -#define CHACHA20_POLY1305_FLAGS (PROV_CIPHER_FLAG_AEAD \ - | PROV_CIPHER_FLAG_CUSTOM_IV) +#define CHACHA20_POLY1305_FLAGS (PROV_CIPHER_FLAG_AEAD \ + | PROV_CIPHER_FLAG_CUSTOM_IV) static OSSL_FUNC_cipher_newctx_fn chacha20_poly1305_newctx; static OSSL_FUNC_cipher_freectx_fn chacha20_poly1305_freectx; @@ -32,7 +32,7 @@ static OSSL_FUNC_cipher_cipher_fn chacha20_poly1305_cipher; static OSSL_FUNC_cipher_final_fn chacha20_poly1305_final; static OSSL_FUNC_cipher_gettable_ctx_params_fn chacha20_poly1305_gettable_ctx_params; -#define chacha20_poly1305_settable_ctx_params ossl_cipher_aead_settable_ctx_params +static OSSL_FUNC_cipher_settable_ctx_params_fn chacha20_poly1305_settable_ctx_params; #define chacha20_poly1305_gettable_params ossl_cipher_generic_gettable_params #define chacha20_poly1305_update chacha20_poly1305_cipher @@ -46,13 +46,13 @@ ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { ossl_cipher_generic_initkey(&ctx->base, CHACHA20_POLY1305_KEYLEN * 8, - CHACHA20_POLY1305_BLKLEN * 8, - CHACHA20_POLY1305_IVLEN * 8, - CHACHA20_POLY1305_MODE, - CHACHA20_POLY1305_FLAGS, - ossl_prov_cipher_hw_chacha20_poly1305( - CHACHA20_POLY1305_KEYLEN * 8), - NULL); + CHACHA20_POLY1305_BLKLEN * 8, + CHACHA20_POLY1305_IVLEN * 8, + CHACHA20_POLY1305_MODE, + CHACHA20_POLY1305_FLAGS, + ossl_prov_cipher_hw_chacha20_poly1305( + CHACHA20_POLY1305_KEYLEN * 8), + NULL); ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; ossl_chacha20_initctx(&ctx->chacha); } @@ -69,7 +69,7 @@ dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); if (dctx != NULL && dctx->base.tlsmac != NULL && dctx->base.alloced) { dctx->base.tlsmac = OPENSSL_memdup(dctx->base.tlsmac, - dctx->base.tlsmacsize); + dctx->base.tlsmacsize); if (dctx->base.tlsmac == NULL) { OPENSSL_free(dctx); dctx = NULL; @@ -91,9 +91,9 @@ static int chacha20_poly1305_get_params(OSSL_PARAM params[]) { return ossl_cipher_generic_get_params(params, 0, CHACHA20_POLY1305_FLAGS, - CHACHA20_POLY1305_KEYLEN * 8, - CHACHA20_POLY1305_BLKLEN * 8, - CHACHA20_POLY1305_IVLEN * 8); + CHACHA20_POLY1305_KEYLEN * 8, + CHACHA20_POLY1305_BLKLEN * 8, + CHACHA20_POLY1305_IVLEN * 8); } static int chacha20_poly1305_get_ctx_params(void *vctx, OSSL_PARAM params[]) @@ -152,20 +152,32 @@ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), OSSL_PARAM_END }; -static const OSSL_PARAM *chacha20_poly1305_gettable_ctx_params - (ossl_unused void *cctx, ossl_unused void *provctx) +static const OSSL_PARAM *chacha20_poly1305_gettable_ctx_params(ossl_unused void *cctx, ossl_unused void *provctx) { return chacha20_poly1305_known_gettable_ctx_params; } +static const OSSL_PARAM chacha20_poly1305_known_settable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0), + OSSL_PARAM_END +}; +static const OSSL_PARAM *chacha20_poly1305_settable_ctx_params( + ossl_unused void *cctx, ossl_unused void *provctx) +{ + return chacha20_poly1305_known_settable_ctx_params; +} + static int chacha20_poly1305_set_ctx_params(void *vctx, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { const OSSL_PARAM *p; size_t len; PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx; - PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = - (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->base.hw; + PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->base.hw; if (params == NULL) return 1; @@ -238,13 +250,12 @@ return 0; } } - /* ignore OSSL_CIPHER_PARAM_AEAD_MAC_KEY */ return 1; } static int chacha20_poly1305_einit(void *vctx, const unsigned char *key, - size_t keylen, const unsigned char *iv, - size_t ivlen, const OSSL_PARAM params[]) + size_t keylen, const unsigned char *iv, + size_t ivlen, const OSSL_PARAM params[]) { int ret; @@ -252,8 +263,7 @@ ret = ossl_cipher_generic_einit(vctx, key, keylen, iv, ivlen, NULL); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; - PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = - (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; + PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; hw->initiv(ctx); } @@ -263,8 +273,8 @@ } static int chacha20_poly1305_dinit(void *vctx, const unsigned char *key, - size_t keylen, const unsigned char *iv, - size_t ivlen, const OSSL_PARAM params[]) + size_t keylen, const unsigned char *iv, + size_t ivlen, const OSSL_PARAM params[]) { int ret; @@ -272,8 +282,7 @@ ret = ossl_cipher_generic_dinit(vctx, key, keylen, iv, ivlen, NULL); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; - PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = - (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; + PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; hw->initiv(ctx); } @@ -283,12 +292,11 @@ } static int chacha20_poly1305_cipher(void *vctx, unsigned char *out, - size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) + size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; - PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = - (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; + PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; if (!ossl_prov_is_running()) return 0; @@ -310,11 +318,10 @@ } static int chacha20_poly1305_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; - PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = - (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; + PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; if (!ossl_prov_is_running()) return 0; @@ -341,7 +348,7 @@ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, (void (*)(void))chacha20_poly1305_gettable_params }, { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, - (void (*)(void))chacha20_poly1305_get_ctx_params }, + (void (*)(void))chacha20_poly1305_get_ctx_params }, { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, (void (*)(void))chacha20_poly1305_gettable_ctx_params }, { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, @@ -350,4 +357,3 @@ (void (*)(void))chacha20_poly1305_settable_ctx_params }, { 0, NULL } }; - --- crypto/openssl/providers/implementations/ciphers/cipher_chacha20_poly1305.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_chacha20_poly1305.h @@ -16,13 +16,15 @@ #define CHACHA20_POLY1305_IVLEN 12 typedef struct { - PROV_CIPHER_CTX base; /* must be first */ + PROV_CIPHER_CTX base; /* must be first */ PROV_CHACHA20_CTX chacha; POLY1305 poly1305; unsigned int nonce[12 / 4]; unsigned char tag[POLY1305_BLOCK_SIZE]; unsigned char tls_aad[POLY1305_BLOCK_SIZE]; - struct { uint64_t aad, text; } len; + struct { + uint64_t aad, text; + } len; unsigned int aad : 1; unsigned int mac_inited : 1; size_t tag_len; @@ -33,11 +35,11 @@ typedef struct prov_cipher_hw_chacha_aead_st { PROV_CIPHER_HW base; /* must be first */ int (*aead_cipher)(PROV_CIPHER_CTX *dat, unsigned char *out, size_t *outl, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); int (*initiv)(PROV_CIPHER_CTX *ctx); int (*tls_init)(PROV_CIPHER_CTX *ctx, unsigned char *aad, size_t alen); int (*tls_iv_set_fixed)(PROV_CIPHER_CTX *ctx, unsigned char *fixed, - size_t flen); + size_t flen); } PROV_CIPHER_HW_CHACHA20_POLY1305; const PROV_CIPHER_HW *ossl_prov_cipher_hw_chacha20_poly1305(size_t keybits); --- crypto/openssl/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c @@ -13,7 +13,7 @@ #include "cipher_chacha20_poly1305.h" static int chacha_poly1305_tls_init(PROV_CIPHER_CTX *bctx, - unsigned char *aad, size_t alen) + unsigned char *aad, size_t alen) { unsigned int len; PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; @@ -36,14 +36,14 @@ /* merge record sequence number as per RFC7905 */ ctx->chacha.counter[1] = ctx->nonce[0]; ctx->chacha.counter[2] = ctx->nonce[1] ^ CHACHA_U8TOU32(aad); - ctx->chacha.counter[3] = ctx->nonce[2] ^ CHACHA_U8TOU32(aad+4); + ctx->chacha.counter[3] = ctx->nonce[2] ^ CHACHA_U8TOU32(aad + 4); ctx->mac_inited = 0; - return POLY1305_BLOCK_SIZE; /* tag length */ + return POLY1305_BLOCK_SIZE; /* tag length */ } static int chacha_poly1305_tls_iv_set_fixed(PROV_CIPHER_CTX *bctx, - unsigned char *fixed, size_t flen) + unsigned char *fixed, size_t flen) { PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; @@ -56,7 +56,7 @@ } static int chacha20_poly1305_initkey(PROV_CIPHER_CTX *bctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; @@ -87,14 +87,14 @@ /* pad on the left */ memcpy(tempiv + CHACHA_CTR_SIZE - noncelen, bctx->oiv, - noncelen); + noncelen); if (bctx->enc) ret = ossl_chacha20_einit(&ctx->chacha, NULL, 0, - tempiv, sizeof(tempiv), NULL); + tempiv, sizeof(tempiv), NULL); else ret = ossl_chacha20_dinit(&ctx->chacha, NULL, 0, - tempiv, sizeof(tempiv), NULL); + tempiv, sizeof(tempiv), NULL); ctx->nonce[0] = ctx->chacha.counter[1]; ctx->nonce[1] = ctx->chacha.counter[2]; ctx->nonce[2] = ctx->chacha.counter[3]; @@ -104,20 +104,19 @@ #if !defined(OPENSSL_SMALL_FOOTPRINT) -# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) \ - || defined(_M_AMD64) || defined(_M_X64)) -# define XOR128_HELPERS +#if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) +#define XOR128_HELPERS void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len); void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len); static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 }; -# else +#else static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 }; -# endif +#endif static int chacha20_poly1305_tls_cipher(PROV_CIPHER_CTX *bctx, - unsigned char *out, - size_t *out_padlen, - const unsigned char *in, size_t len) + unsigned char *out, + size_t *out_padlen, + const unsigned char *in, size_t len) { PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; POLY1305 *poly = &ctx->poly1305; @@ -126,11 +125,11 @@ DECLARE_IS_ENDIAN; - buf = storage + ((0 - (size_t)storage) & 15); /* align */ + buf = storage + ((0 - (size_t)storage) & 15); /* align */ ctr = buf + CHACHA_BLK_SIZE; tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE; -# ifdef XOR128_HELPERS +#ifdef XOR128_HELPERS if (plen <= 3 * CHACHA_BLK_SIZE) { ctx->chacha.counter[0] = 0; buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE); @@ -153,13 +152,13 @@ tohash_len = (size_t)(ctr - tohash); } } -# else +#else if (plen <= CHACHA_BLK_SIZE) { size_t i; ctx->chacha.counter[0] = 0; ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE), - ctx->chacha.key.d, ctx->chacha.counter); + ctx->chacha.key.d, ctx->chacha.counter); Poly1305_Init(poly, buf); ctx->chacha.partial_len = 0; memcpy(tohash, ctx->tls_aad, POLY1305_BLOCK_SIZE); @@ -187,11 +186,11 @@ ctr += i + tail; tohash_len += i + tail; } -# endif +#endif else { ctx->chacha.counter[0] = 0; ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE), - ctx->chacha.key.d, ctx->chacha.counter); + ctx->chacha.key.d, ctx->chacha.counter); Poly1305_Init(poly, buf); ctx->chacha.counter[0] = 1; ctx->chacha.partial_len = 0; @@ -218,23 +217,23 @@ if (IS_LITTLE_ENDIAN) { memcpy(ctr, (unsigned char *)&ctx->len, POLY1305_BLOCK_SIZE); } else { - ctr[0] = (unsigned char)(ctx->len.aad); - ctr[1] = (unsigned char)(ctx->len.aad>>8); - ctr[2] = (unsigned char)(ctx->len.aad>>16); - ctr[3] = (unsigned char)(ctx->len.aad>>24); - ctr[4] = (unsigned char)(ctx->len.aad>>32); - ctr[5] = (unsigned char)(ctx->len.aad>>40); - ctr[6] = (unsigned char)(ctx->len.aad>>48); - ctr[7] = (unsigned char)(ctx->len.aad>>56); - - ctr[8] = (unsigned char)(ctx->len.text); - ctr[9] = (unsigned char)(ctx->len.text>>8); - ctr[10] = (unsigned char)(ctx->len.text>>16); - ctr[11] = (unsigned char)(ctx->len.text>>24); - ctr[12] = (unsigned char)(ctx->len.text>>32); - ctr[13] = (unsigned char)(ctx->len.text>>40); - ctr[14] = (unsigned char)(ctx->len.text>>48); - ctr[15] = (unsigned char)(ctx->len.text>>56); + ctr[0] = (unsigned char)(ctx->len.aad); + ctr[1] = (unsigned char)(ctx->len.aad >> 8); + ctr[2] = (unsigned char)(ctx->len.aad >> 16); + ctr[3] = (unsigned char)(ctx->len.aad >> 24); + ctr[4] = (unsigned char)(ctx->len.aad >> 32); + ctr[5] = (unsigned char)(ctx->len.aad >> 40); + ctr[6] = (unsigned char)(ctx->len.aad >> 48); + ctr[7] = (unsigned char)(ctx->len.aad >> 56); + + ctr[8] = (unsigned char)(ctx->len.text); + ctr[9] = (unsigned char)(ctx->len.text >> 8); + ctr[10] = (unsigned char)(ctx->len.text >> 16); + ctr[11] = (unsigned char)(ctx->len.text >> 24); + ctr[12] = (unsigned char)(ctx->len.text >> 32); + ctr[13] = (unsigned char)(ctx->len.text >> 40); + ctr[14] = (unsigned char)(ctx->len.text >> 48); + ctr[15] = (unsigned char)(ctx->len.text >> 56); } tohash_len += POLY1305_BLOCK_SIZE; @@ -250,7 +249,7 @@ if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) { if (len > POLY1305_BLOCK_SIZE) memset(out - (len - POLY1305_BLOCK_SIZE), 0, - len - POLY1305_BLOCK_SIZE); + len - POLY1305_BLOCK_SIZE); return 0; } /* Strip the tag */ @@ -265,8 +264,8 @@ #endif /* OPENSSL_SMALL_FOOTPRINT */ static int chacha20_poly1305_aead_cipher(PROV_CIPHER_CTX *bctx, - unsigned char *out, size_t *outl, - const unsigned char *in, size_t inl) + unsigned char *out, size_t *outl, + const unsigned char *in, size_t inl) { PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; POLY1305 *poly = &ctx->poly1305; @@ -287,7 +286,7 @@ ctx->chacha.counter[0] = 0; ChaCha20_ctr32(ctx->chacha.buf, zero, CHACHA_BLK_SIZE, - ctx->chacha.key.d, ctx->chacha.counter); + ctx->chacha.key.d, ctx->chacha.counter); Poly1305_Init(poly, ctx->chacha.buf); ctx->chacha.counter[0] = 1; ctx->chacha.partial_len = 0; @@ -339,7 +338,7 @@ unsigned char temp[POLY1305_BLOCK_SIZE]; - if (ctx->aad) { /* wrap up aad */ + if (ctx->aad) { /* wrap up aad */ if ((rem = (size_t)ctx->len.aad % POLY1305_BLOCK_SIZE)) Poly1305_Update(poly, zero, POLY1305_BLOCK_SIZE - rem); ctx->aad = 0; @@ -350,24 +349,24 @@ if (IS_LITTLE_ENDIAN) { Poly1305_Update(poly, (unsigned char *)&ctx->len, - POLY1305_BLOCK_SIZE); + POLY1305_BLOCK_SIZE); } else { - temp[0] = (unsigned char)(ctx->len.aad); - temp[1] = (unsigned char)(ctx->len.aad>>8); - temp[2] = (unsigned char)(ctx->len.aad>>16); - temp[3] = (unsigned char)(ctx->len.aad>>24); - temp[4] = (unsigned char)(ctx->len.aad>>32); - temp[5] = (unsigned char)(ctx->len.aad>>40); - temp[6] = (unsigned char)(ctx->len.aad>>48); - temp[7] = (unsigned char)(ctx->len.aad>>56); - temp[8] = (unsigned char)(ctx->len.text); - temp[9] = (unsigned char)(ctx->len.text>>8); - temp[10] = (unsigned char)(ctx->len.text>>16); - temp[11] = (unsigned char)(ctx->len.text>>24); - temp[12] = (unsigned char)(ctx->len.text>>32); - temp[13] = (unsigned char)(ctx->len.text>>40); - temp[14] = (unsigned char)(ctx->len.text>>48); - temp[15] = (unsigned char)(ctx->len.text>>56); + temp[0] = (unsigned char)(ctx->len.aad); + temp[1] = (unsigned char)(ctx->len.aad >> 8); + temp[2] = (unsigned char)(ctx->len.aad >> 16); + temp[3] = (unsigned char)(ctx->len.aad >> 24); + temp[4] = (unsigned char)(ctx->len.aad >> 32); + temp[5] = (unsigned char)(ctx->len.aad >> 40); + temp[6] = (unsigned char)(ctx->len.aad >> 48); + temp[7] = (unsigned char)(ctx->len.aad >> 56); + temp[8] = (unsigned char)(ctx->len.text); + temp[9] = (unsigned char)(ctx->len.text >> 8); + temp[10] = (unsigned char)(ctx->len.text >> 16); + temp[11] = (unsigned char)(ctx->len.text >> 24); + temp[12] = (unsigned char)(ctx->len.text >> 32); + temp[13] = (unsigned char)(ctx->len.text >> 40); + temp[14] = (unsigned char)(ctx->len.text >> 48); + temp[15] = (unsigned char)(ctx->len.text >> 56); Poly1305_Update(poly, temp, POLY1305_BLOCK_SIZE); } Poly1305_Final(poly, bctx->enc ? ctx->tag : temp); @@ -384,8 +383,7 @@ /* Strip the tag */ inl -= POLY1305_BLOCK_SIZE; } - } - else if (!bctx->enc) { + } else if (!bctx->enc) { if (CRYPTO_memcmp(temp, ctx->tag, ctx->tag_len)) goto err; } @@ -398,8 +396,7 @@ return rv; } -static const PROV_CIPHER_HW_CHACHA20_POLY1305 chacha20poly1305_hw = -{ +static const PROV_CIPHER_HW_CHACHA20_POLY1305 chacha20poly1305_hw = { { chacha20_poly1305_initkey, NULL }, chacha20_poly1305_aead_cipher, chacha20_poly1305_initiv, --- crypto/openssl/providers/implementations/ciphers/cipher_cts.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_cts.c @@ -68,8 +68,7 @@ const char *name; } CTS_MODE_NAME2ID; -static CTS_MODE_NAME2ID cts_modes[] = -{ +static CTS_MODE_NAME2ID cts_modes[] = { { CTS_CS1, OSSL_CIPHER_CTS_MODE_CS1 }, { CTS_CS2, OSSL_CIPHER_CTS_MODE_CS2 }, { CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 }, @@ -98,7 +97,7 @@ } static size_t cts128_cs1_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { aligned_16bytes tmp_in; size_t residue; @@ -117,13 +116,13 @@ memset(tmp_in.c, 0, sizeof(tmp_in)); memcpy(tmp_in.c, in, residue); if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE + residue, tmp_in.c, - CTS_BLOCK_SIZE)) + CTS_BLOCK_SIZE)) return 0; return len + residue; } static void do_xor(const unsigned char *in1, const unsigned char *in2, - size_t len, unsigned char *out) + size_t len, unsigned char *out) { size_t i; @@ -132,7 +131,7 @@ } static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { aligned_16bytes mid_iv, ct_mid, cn, pt_last; size_t residue; @@ -194,12 +193,12 @@ } static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { aligned_16bytes tmp_in; size_t residue; - if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */ + if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */ return 0; /* If we only have one block then just process the aligned block */ @@ -234,7 +233,7 @@ * the last two decoded ciphertext blocks. */ static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { aligned_16bytes mid_iv, ct_mid, cn, pt_last; size_t residue; @@ -300,7 +299,7 @@ } static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { if (len % CTS_BLOCK_SIZE == 0) { /* If there are no partial blocks then it is the same as CBC mode */ @@ -313,7 +312,7 @@ } static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { if (len % CTS_BLOCK_SIZE == 0) { /* If there are no partial blocks then it is the same as CBC mode */ @@ -326,8 +325,8 @@ } int ossl_cipher_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) + size_t outsize, const unsigned char *in, + size_t inl) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; size_t sz = 0; @@ -371,7 +370,7 @@ } int ossl_cipher_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { *outl = 0; return 1; --- crypto/openssl/providers/implementations/ciphers/cipher_cts.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_cts.h @@ -10,40 +10,40 @@ #include "crypto/evp.h" /* NOTE: The underlying block cipher is CBC so we reuse most of the code */ -#define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ -static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ -static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) alg##_cbc_cts_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) alg##_cbc_cts_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, \ - (void (*)(void)) ossl_cipher_cbc_cts_block_update }, \ - { OSSL_FUNC_CIPHER_FINAL, \ - (void (*)(void)) ossl_cipher_cbc_cts_block_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void)) alg##_cbc_cts_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void)) alg##_cbc_cts_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void)) alg##_cbc_cts_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void)) alg##_cbc_cts_settable_ctx_params }, \ - { 0, NULL } \ -}; +#define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ + static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ + static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))alg##_##kbits##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))alg##_cbc_cts_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))alg##_cbc_cts_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, \ + (void (*)(void))ossl_cipher_cbc_cts_block_update }, \ + { OSSL_FUNC_CIPHER_FINAL, \ + (void (*)(void))ossl_cipher_cbc_cts_block_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))alg##_cts_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))alg##_cbc_cts_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))alg##_cbc_cts_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))alg##_cbc_cts_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))alg##_cbc_cts_settable_ctx_params }, \ + { 0, NULL } \ + }; OSSL_FUNC_cipher_update_fn ossl_cipher_cbc_cts_block_update; OSSL_FUNC_cipher_final_fn ossl_cipher_cbc_cts_block_final; --- crypto/openssl/providers/implementations/ciphers/cipher_des.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_des.c @@ -29,8 +29,8 @@ static OSSL_FUNC_cipher_gettable_ctx_params_fn des_gettable_ctx_params; static void *des_newctx(void *provctx, size_t kbits, size_t blkbits, - size_t ivbits, unsigned int mode, uint64_t flags, - const PROV_CIPHER_HW *hw) + size_t ivbits, unsigned int mode, uint64_t flags, + const PROV_CIPHER_HW *hw) { PROV_DES_CTX *ctx; @@ -40,7 +40,7 @@ ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, - hw, provctx); + hw, provctx); return ctx; } @@ -67,12 +67,12 @@ PROV_DES_CTX *ctx = (PROV_DES_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static int des_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[], int enc) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -104,15 +104,15 @@ } static int des_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return des_init(vctx, key, keylen, iv, ivlen, params, 1); } static int des_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return des_init(vctx, key, keylen, iv, ivlen, params, 0); } @@ -130,12 +130,12 @@ } CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(des) - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0), -CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(des) +OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0), + CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(des) -static int des_get_ctx_params(void *vctx, OSSL_PARAM params[]) + static int des_get_ctx_params(void *vctx, OSSL_PARAM params[]) { - PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; OSSL_PARAM *p; if (!ossl_cipher_generic_get_ctx_params(vctx, params)) @@ -149,45 +149,45 @@ return 1; } -#define IMPLEMENT_des_cipher(type, lcmode, UCMODE, flags, \ - kbits, blkbits, ivbits, block) \ -static OSSL_FUNC_cipher_newctx_fn type##_##lcmode##_newctx; \ -static void *des_##lcmode##_newctx(void *provctx) \ -{ \ - return des_newctx(provctx, kbits, blkbits, ivbits, \ - EVP_CIPH_##UCMODE##_MODE, flags, \ - ossl_prov_cipher_hw_des_##lcmode()); \ -} \ -static OSSL_FUNC_cipher_get_params_fn des_##lcmode##_get_params; \ -static int des_##lcmode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -const OSSL_DISPATCH ossl_##des_##lcmode##_functions[] = { \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))des_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))des_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, \ - (void (*)(void))ossl_cipher_generic_##block##_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##block##_final },\ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void))des_##lcmode##_newctx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))des_dupctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))des_freectx }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void))des_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))des_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))des_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ - { 0, NULL } \ -} +#define IMPLEMENT_des_cipher(type, lcmode, UCMODE, flags, \ + kbits, blkbits, ivbits, block) \ + static OSSL_FUNC_cipher_newctx_fn type##_##lcmode##_newctx; \ + static void *des_##lcmode##_newctx(void *provctx) \ + { \ + return des_newctx(provctx, kbits, blkbits, ivbits, \ + EVP_CIPH_##UCMODE##_MODE, flags, \ + ossl_prov_cipher_hw_des_##lcmode()); \ + } \ + static OSSL_FUNC_cipher_get_params_fn des_##lcmode##_get_params; \ + static int des_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + const OSSL_DISPATCH ossl_##des_##lcmode##_functions[] = { \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))des_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))des_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, \ + (void (*)(void))ossl_cipher_generic_##block##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##block##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))des_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))des_dupctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))des_freectx }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))des_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))des_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))des_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ + { 0, NULL } \ + } /* ossl_des_ecb_functions */ IMPLEMENT_des_cipher(des, ecb, ECB, DES_FLAGS, 64, 64, 0, block); --- crypto/openssl/providers/implementations/ciphers/cipher_des.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_des.h @@ -13,14 +13,14 @@ #define TDES_FLAGS 0 typedef struct prov_des_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; DES_key_schedule ks; } dks; union { - void (*cbc) (const void *, void *, size_t, - const DES_key_schedule *, unsigned char *); + void (*cbc)(const void *, void *, size_t, + const DES_key_schedule *, unsigned char *); } dstream; } PROV_DES_CTX; --- crypto/openssl/providers/implementations/ciphers/cipher_des_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_des_hw.c @@ -17,7 +17,7 @@ #include "cipher_des.h" static int cipher_hw_des_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { PROV_DES_CTX *dctx = (PROV_DES_CTX *)ctx; DES_cblock *deskey = (DES_cblock *)key; @@ -28,8 +28,7 @@ if (SPARC_DES_CAPABLE) { if (ctx->mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], ks); - dctx->dstream.cbc = ctx->enc ? des_t4_cbc_encrypt : - des_t4_cbc_decrypt; + dctx->dstream.cbc = ctx->enc ? des_t4_cbc_encrypt : des_t4_cbc_decrypt; return 1; } } @@ -39,7 +38,7 @@ } static void cipher_hw_des_copyctx(PROV_CIPHER_CTX *dst, - const PROV_CIPHER_CTX *src) + const PROV_CIPHER_CTX *src) { PROV_DES_CTX *sctx = (PROV_DES_CTX *)src; PROV_DES_CTX *dctx = (PROV_DES_CTX *)dst; @@ -49,7 +48,7 @@ } static int cipher_hw_des_ecb_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { size_t i, bl = ctx->blocksize; DES_key_schedule *key = &(((PROV_DES_CTX *)ctx)->dks.ks); @@ -58,36 +57,36 @@ return 1; for (i = 0, len -= bl; i <= len; i += bl) DES_ecb_encrypt((const_DES_cblock *)(in + i), - (const_DES_cblock *)(out + i), key, ctx->enc); + (const_DES_cblock *)(out + i), key, ctx->enc); return 1; } static int cipher_hw_des_cbc_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { PROV_DES_CTX *dctx = (PROV_DES_CTX *)ctx; DES_key_schedule *key = &(dctx->dks.ks); if (dctx->dstream.cbc != NULL) { - (*dctx->dstream.cbc) (in, out, len, key, ctx->iv); + (*dctx->dstream.cbc)(in, out, len, key, ctx->iv); return 1; } while (len >= MAXCHUNK) { DES_ncbc_encrypt(in, out, MAXCHUNK, key, (DES_cblock *)ctx->iv, - ctx->enc); + ctx->enc); len -= MAXCHUNK; in += MAXCHUNK; out += MAXCHUNK; } if (len > 0) DES_ncbc_encrypt(in, out, (long)len, key, (DES_cblock *)ctx->iv, - ctx->enc); + ctx->enc); return 1; } static int cipher_hw_des_ofb64_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int num = ctx->num; DES_key_schedule *key = &(((PROV_DES_CTX *)ctx)->dks.ks); @@ -106,7 +105,7 @@ } static int cipher_hw_des_cfb64_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { size_t chunk = MAXCHUNK; DES_key_schedule *key = &(((PROV_DES_CTX *)ctx)->dks.ks); @@ -116,7 +115,7 @@ chunk = len; while (len > 0 && len >= chunk) { DES_cfb64_encrypt(in, out, (long)chunk, key, (DES_cblock *)ctx->iv, - &num, ctx->enc); + &num, ctx->enc); len -= chunk; in += chunk; out += chunk; @@ -132,7 +131,7 @@ * way, so wrap it here */ static int cipher_hw_des_cfb1_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { size_t n, chunk = MAXCHUNK / 8; DES_key_schedule *key = &(((PROV_DES_CTX *)ctx)->dks.ks); @@ -145,9 +144,7 @@ for (n = 0; n < chunk * 8; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_cfb_encrypt(c, d, 1, 1, key, (DES_cblock *)ctx->iv, ctx->enc); - out[n / 8] = - (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | - ((d[0] & 0x80) >> (unsigned int)(n % 8)); + out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); } inl -= chunk; in += chunk; @@ -160,37 +157,37 @@ } static int cipher_hw_des_cfb8_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { DES_key_schedule *key = &(((PROV_DES_CTX *)ctx)->dks.ks); while (inl >= MAXCHUNK) { DES_cfb_encrypt(in, out, 8, (long)MAXCHUNK, key, - (DES_cblock *)ctx->iv, ctx->enc); + (DES_cblock *)ctx->iv, ctx->enc); inl -= MAXCHUNK; in += MAXCHUNK; out += MAXCHUNK; } if (inl > 0) DES_cfb_encrypt(in, out, 8, (long)inl, key, - (DES_cblock *)ctx->iv, ctx->enc); + (DES_cblock *)ctx->iv, ctx->enc); return 1; } -#define PROV_CIPHER_HW_des_mode(mode) \ -static const PROV_CIPHER_HW des_##mode = { \ - cipher_hw_des_initkey, \ - cipher_hw_des_##mode##_cipher, \ - cipher_hw_des_copyctx \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_des_##mode(void) \ -{ \ - return &des_##mode; \ -} +#define PROV_CIPHER_HW_des_mode(mode) \ + static const PROV_CIPHER_HW des_##mode = { \ + cipher_hw_des_initkey, \ + cipher_hw_des_##mode##_cipher, \ + cipher_hw_des_copyctx \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_des_##mode(void) \ + { \ + return &des_##mode; \ + } PROV_CIPHER_HW_des_mode(ecb) -PROV_CIPHER_HW_des_mode(cbc) -PROV_CIPHER_HW_des_mode(ofb64) -PROV_CIPHER_HW_des_mode(cfb64) -PROV_CIPHER_HW_des_mode(cfb1) -PROV_CIPHER_HW_des_mode(cfb8) + PROV_CIPHER_HW_des_mode(cbc) + PROV_CIPHER_HW_des_mode(ofb64) + PROV_CIPHER_HW_des_mode(cfb64) + PROV_CIPHER_HW_des_mode(cfb1) + PROV_CIPHER_HW_des_mode(cfb8) --- crypto/openssl/providers/implementations/ciphers/cipher_desx.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_desx.c @@ -17,5 +17,4 @@ #include "prov/implementations.h" /* desx_cbc_functions */ -IMPLEMENT_tdes_cipher(desx, DESX, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block); - +IMPLEMENT_tdes_cipher(desx, DESX, cbc, CBC, TDES_FLAGS, 64 * 3, 64, 64, block); --- crypto/openssl/providers/implementations/ciphers/cipher_desx_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_desx_hw.c @@ -25,7 +25,7 @@ #define ks3 tks.ks[2].ks[0].cblock static int cipher_hw_desx_cbc_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; DES_cblock *deskey = (DES_cblock *)key; @@ -38,7 +38,7 @@ } static void cipher_hw_desx_copyctx(PROV_CIPHER_CTX *dst, - const PROV_CIPHER_CTX *src) + const PROV_CIPHER_CTX *src) { PROV_TDES_CTX *sctx = (PROV_TDES_CTX *)src; PROV_TDES_CTX *dctx = (PROV_TDES_CTX *)dst; @@ -48,27 +48,26 @@ } static int cipher_hw_desx_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; while (inl >= MAXCHUNK) { DES_xcbc_encrypt(in, out, (long)MAXCHUNK, &tctx->ks1, - (DES_cblock *)ctx->iv, &tctx->ks2, &tctx->ks3, - ctx->enc); + (DES_cblock *)ctx->iv, &tctx->ks2, &tctx->ks3, + ctx->enc); inl -= MAXCHUNK; in += MAXCHUNK; out += MAXCHUNK; } if (inl > 0) DES_xcbc_encrypt(in, out, (long)inl, &tctx->ks1, - (DES_cblock *)ctx->iv, &tctx->ks2, &tctx->ks3, - ctx->enc); + (DES_cblock *)ctx->iv, &tctx->ks2, &tctx->ks3, + ctx->enc); return 1; } -static const PROV_CIPHER_HW desx_cbc = -{ +static const PROV_CIPHER_HW desx_cbc = { cipher_hw_desx_cbc_initkey, cipher_hw_desx_cbc, cipher_hw_desx_copyctx --- crypto/openssl/providers/implementations/ciphers/cipher_idea.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_idea.c @@ -28,7 +28,7 @@ PROV_IDEA_CTX *ctx = (PROV_IDEA_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *idea_dupctx(void *ctx) @@ -56,4 +56,4 @@ /* ossl_idea128ofb64_functions */ IMPLEMENT_generic_cipher(idea, IDEA, ofb64, OFB, 0, 128, 8, 64, stream) /* ossl_idea128cfb64_functions */ -IMPLEMENT_generic_cipher(idea, IDEA, cfb64, CFB, 0, 128, 8, 64, stream) +IMPLEMENT_generic_cipher(idea, IDEA, cfb64, CFB, 0, 128, 8, 64, stream) --- crypto/openssl/providers/implementations/ciphers/cipher_idea.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_idea.h @@ -11,7 +11,7 @@ #include "prov/ciphercommon.h" typedef struct prov_idea_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; IDEA_KEY_SCHEDULE ks; --- crypto/openssl/providers/implementations/ciphers/cipher_idea_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_idea_hw.c @@ -17,14 +17,14 @@ #include "cipher_idea.h" static int cipher_hw_idea_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { - PROV_IDEA_CTX *ictx = (PROV_IDEA_CTX *)ctx; + PROV_IDEA_CTX *ictx = (PROV_IDEA_CTX *)ctx; IDEA_KEY_SCHEDULE *ks = &(ictx->ks.ks); if (ctx->enc - || ctx->mode == EVP_CIPH_OFB_MODE - || ctx->mode == EVP_CIPH_CFB_MODE) { + || ctx->mode == EVP_CIPH_OFB_MODE + || ctx->mode == EVP_CIPH_CFB_MODE) { IDEA_set_encrypt_key(key, ks); } else { IDEA_KEY_SCHEDULE tmp; @@ -36,28 +36,28 @@ return 1; } -# define PROV_CIPHER_HW_idea_mode_ex(mode, UCMODE, fname) \ -IMPLEMENT_CIPHER_HW_##UCMODE(mode, idea, PROV_IDEA_CTX, IDEA_KEY_SCHEDULE, \ - fname) \ -static const PROV_CIPHER_HW idea_##mode = { \ - cipher_hw_idea_initkey, \ - cipher_hw_idea_##mode##_cipher \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_idea_##mode(size_t keybits) \ -{ \ - return &idea_##mode; \ -} +#define PROV_CIPHER_HW_idea_mode_ex(mode, UCMODE, fname) \ + IMPLEMENT_CIPHER_HW_##UCMODE(mode, idea, PROV_IDEA_CTX, IDEA_KEY_SCHEDULE, \ + fname) static const PROV_CIPHER_HW idea_##mode \ + = { \ + cipher_hw_idea_initkey, \ + cipher_hw_idea_##mode##_cipher \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_idea_##mode(size_t keybits) \ + { \ + return &idea_##mode; \ + } -# define PROV_CIPHER_HW_idea_mode(mode, UCMODE) \ +#define PROV_CIPHER_HW_idea_mode(mode, UCMODE) \ PROV_CIPHER_HW_idea_mode_ex(mode, UCMODE, IDEA_##mode) PROV_CIPHER_HW_idea_mode(cbc, CBC) -PROV_CIPHER_HW_idea_mode(ofb64, OFB) -PROV_CIPHER_HW_idea_mode(cfb64, CFB) + PROV_CIPHER_HW_idea_mode(ofb64, OFB) + PROV_CIPHER_HW_idea_mode(cfb64, CFB) /* * IDEA_ecb_encrypt() does not have a enc parameter - so we create a macro * that ignores this parameter when IMPLEMENT_CIPHER_HW_ecb() is called. */ #define IDEA2_ecb_encrypt(in, out, ks, enc) IDEA_ecb_encrypt(in, out, ks) -PROV_CIPHER_HW_idea_mode_ex(ecb, ECB, IDEA2_ecb) + PROV_CIPHER_HW_idea_mode_ex(ecb, ECB, IDEA2_ecb) --- crypto/openssl/providers/implementations/ciphers/cipher_null.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_null.c @@ -38,8 +38,8 @@ static OSSL_FUNC_cipher_encrypt_init_fn null_einit; static int null_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; @@ -52,8 +52,8 @@ static OSSL_FUNC_cipher_decrypt_init_fn null_dinit; static int null_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; @@ -63,7 +63,7 @@ static OSSL_FUNC_cipher_cipher_fn null_cipher; static int null_cipher(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, size_t inl) + size_t outsize, const unsigned char *in, size_t inl) { PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; @@ -90,7 +90,7 @@ static OSSL_FUNC_cipher_final_fn null_final; static int null_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { if (!ossl_prov_is_running()) return 0; @@ -114,7 +114,7 @@ static OSSL_FUNC_cipher_gettable_ctx_params_fn null_gettable_ctx_params; static const OSSL_PARAM *null_gettable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return null_known_gettable_ctx_params; } @@ -151,12 +151,11 @@ static OSSL_FUNC_cipher_settable_ctx_params_fn null_settable_ctx_params; static const OSSL_PARAM *null_settable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return null_known_settable_ctx_params; } - static OSSL_FUNC_cipher_set_ctx_params_fn null_set_ctx_params; static int null_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { @@ -176,22 +175,22 @@ const OSSL_DISPATCH ossl_null_functions[] = { { OSSL_FUNC_CIPHER_NEWCTX, - (void (*)(void)) null_newctx }, - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) null_freectx }, - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) null_newctx }, + (void (*)(void))null_newctx }, + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))null_freectx }, + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))null_newctx }, { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_einit }, { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_dinit }, { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))null_cipher }, { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))null_final }, { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))null_cipher }, - { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void)) null_get_params }, + { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))null_get_params }, { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, (void (*)(void))ossl_cipher_generic_gettable_params }, { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))null_get_ctx_params }, { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, - (void (*)(void))null_gettable_ctx_params }, + (void (*)(void))null_gettable_ctx_params }, { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (void (*)(void))null_set_ctx_params }, { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, - (void (*)(void))null_settable_ctx_params }, + (void (*)(void))null_settable_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/ciphers/cipher_rc2.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc2.c @@ -20,10 +20,10 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define RC2_40_MAGIC 0xa0 -#define RC2_64_MAGIC 0x78 -#define RC2_128_MAGIC 0x3a -#define RC2_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH +#define RC2_40_MAGIC 0xa0 +#define RC2_64_MAGIC 0x78 +#define RC2_128_MAGIC 0x3a +#define RC2_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH static OSSL_FUNC_cipher_encrypt_init_fn rc2_einit; static OSSL_FUNC_cipher_decrypt_init_fn rc2_dinit; @@ -38,7 +38,7 @@ PROV_RC2_CTX *ctx = (PROV_RC2_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *rc2_dupctx(void *ctx) @@ -88,8 +88,8 @@ } static int rc2_einit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -97,8 +97,8 @@ } static int rc2_dinit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -137,7 +137,7 @@ /* Is this the original IV or the running IV? */ num = rc2_keybits_to_magic(ctx->key_bits); if (!ASN1_TYPE_set_int_octetstring(type, num, - ctx->base.iv, ctx->base.ivlen)) { + ctx->base.iv, ctx->base.ivlen)) { ASN1_TYPE_free(type); ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; @@ -171,7 +171,7 @@ return 0; p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_RC2_KEYBITS); if (p != NULL) { - if (!OSSL_PARAM_get_size_t(p, &ctx->key_bits)) { + if (!OSSL_PARAM_get_size_t(p, &ctx->key_bits)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } @@ -188,7 +188,7 @@ || ctx->base.ivlen > sizeof(iv) || (type = d2i_ASN1_TYPE(NULL, &d, p->data_size)) == NULL || ((size_t)ASN1_TYPE_get_int_octetstring(type, &num, iv, - ctx->base.ivlen) + ctx->base.ivlen) != ctx->base.ivlen) || !ossl_cipher_generic_initiv(&ctx->base, iv, ctx->base.ivlen) || (ctx->key_bits = rc2_magic_to_keybits(num)) == 0) { @@ -210,66 +210,66 @@ CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(rc2) OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL), -OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, NULL, 0), -CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(rc2) + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, NULL, 0), + CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(rc2) -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(rc2) -OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), -OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL), -OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, NULL, 0), -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(rc2) + CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(rc2) + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, NULL, 0), + CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(rc2) -#define IMPLEMENT_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, blkbits, \ - ivbits, typ) \ -static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ -static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ -static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ -{ \ - PROV_##UCALG##_CTX *ctx; \ - if (!ossl_prov_is_running()) \ - return NULL; \ - ctx = OPENSSL_zalloc(sizeof(*ctx)); \ - if (ctx != NULL) { \ - ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ - EVP_CIPH_##UCMODE##_MODE, flags, \ - ossl_prov_cipher_hw_##alg##_##lcmode(kbits), \ - NULL); \ - ctx->key_bits = kbits; \ - } \ - return ctx; \ -} \ -const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))rc2_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))rc2_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update },\ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))rc2_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))rc2_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))rc2_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))rc2_settable_ctx_params }, \ - { 0, NULL } \ -}; +#define IMPLEMENT_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, blkbits, \ + ivbits, typ) \ + static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ + static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ + static void *alg##_##kbits##_##lcmode##_newctx(void *provctx) \ + { \ + PROV_##UCALG##_CTX *ctx; \ + if (!ossl_prov_is_running()) \ + return NULL; \ + ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + if (ctx != NULL) { \ + ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ + EVP_CIPH_##UCMODE##_MODE, flags, \ + ossl_prov_cipher_hw_##alg##_##lcmode(kbits), \ + NULL); \ + ctx->key_bits = kbits; \ + } \ + return ctx; \ + } \ + const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))alg##_##kbits##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))rc2_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))rc2_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))alg##_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))rc2_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))rc2_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))rc2_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))rc2_settable_ctx_params }, \ + { 0, NULL } \ + }; -/* ossl_rc2128ecb_functions */ -IMPLEMENT_cipher(rc2, RC2, ecb, ECB, RC2_FLAGS, 128, 64, 0, block) + /* ossl_rc2128ecb_functions */ + IMPLEMENT_cipher(rc2, RC2, ecb, ECB, RC2_FLAGS, 128, 64, 0, block) /* ossl_rc2128cbc_functions */ IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 128, 64, 64, block) /* ossl_rc240cbc_functions */ --- crypto/openssl/providers/implementations/ciphers/cipher_rc2.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc2.h @@ -11,7 +11,7 @@ #include "prov/ciphercommon.h" typedef struct prov_rc2_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; RC2_KEY ks; --- crypto/openssl/providers/implementations/ciphers/cipher_rc2_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc2_hw.c @@ -16,28 +16,28 @@ #include "cipher_rc2.h" static int cipher_hw_rc2_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { - PROV_RC2_CTX *rctx = (PROV_RC2_CTX *)ctx; + PROV_RC2_CTX *rctx = (PROV_RC2_CTX *)ctx; RC2_KEY *ks = &(rctx->ks.ks); RC2_set_key(ks, (int)ctx->keylen, key, (int)rctx->key_bits); return 1; } -# define PROV_CIPHER_HW_rc2_mode(mode, UCMODE) \ -IMPLEMENT_CIPHER_HW_##UCMODE(mode, rc2, PROV_RC2_CTX, RC2_KEY, \ - RC2_##mode) \ -static const PROV_CIPHER_HW rc2_##mode = { \ - cipher_hw_rc2_initkey, \ - cipher_hw_rc2_##mode##_cipher \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc2_##mode(size_t keybits) \ -{ \ - return &rc2_##mode; \ -} +#define PROV_CIPHER_HW_rc2_mode(mode, UCMODE) \ + IMPLEMENT_CIPHER_HW_##UCMODE(mode, rc2, PROV_RC2_CTX, RC2_KEY, \ + RC2_##mode) static const PROV_CIPHER_HW rc2_##mode \ + = { \ + cipher_hw_rc2_initkey, \ + cipher_hw_rc2_##mode##_cipher \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc2_##mode(size_t keybits) \ + { \ + return &rc2_##mode; \ + } PROV_CIPHER_HW_rc2_mode(cbc, CBC) -PROV_CIPHER_HW_rc2_mode(ecb, ECB) -PROV_CIPHER_HW_rc2_mode(ofb64, OFB) -PROV_CIPHER_HW_rc2_mode(cfb64, CFB) + PROV_CIPHER_HW_rc2_mode(ecb, ECB) + PROV_CIPHER_HW_rc2_mode(ofb64, OFB) + PROV_CIPHER_HW_rc2_mode(cfb64, CFB) --- crypto/openssl/providers/implementations/ciphers/cipher_rc4.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc4.c @@ -31,7 +31,7 @@ PROV_RC4_CTX *ctx = (PROV_RC4_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *rc4_dupctx(void *ctx) @@ -53,8 +53,8 @@ } static int rc4_einit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -62,58 +62,58 @@ } static int rc4_dinit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL)) return 0; return ossl_cipher_var_keylen_set_ctx_params(ctx, params); } -#define IMPLEMENT_cipher(alg, UCALG, flags, kbits, blkbits, ivbits, typ) \ -static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_get_params; \ -static int alg##_##kbits##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, 0, flags, \ - kbits, blkbits, ivbits); \ -} \ -static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_newctx; \ -static void * alg##_##kbits##_newctx(void *provctx) \ -{ \ - PROV_##UCALG##_CTX *ctx; \ - if (!ossl_prov_is_running()) \ - return NULL; \ - ctx = OPENSSL_zalloc(sizeof(*ctx)); \ - if (ctx != NULL) { \ - ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, 0, flags, \ - ossl_prov_cipher_hw_##alg(kbits), NULL); \ - } \ - return ctx; \ -} \ -const OSSL_DISPATCH ossl_##alg##kbits##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void)) alg##_##kbits##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))rc4_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))rc4_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update },\ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_##kbits##_get_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_var_keylen_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_var_keylen_settable_ctx_params }, \ - { 0, NULL } \ -}; +#define IMPLEMENT_cipher(alg, UCALG, flags, kbits, blkbits, ivbits, typ) \ + static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_get_params; \ + static int alg##_##kbits##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, 0, flags, \ + kbits, blkbits, ivbits); \ + } \ + static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_newctx; \ + static void *alg##_##kbits##_newctx(void *provctx) \ + { \ + PROV_##UCALG##_CTX *ctx; \ + if (!ossl_prov_is_running()) \ + return NULL; \ + ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + if (ctx != NULL) { \ + ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, 0, flags, \ + ossl_prov_cipher_hw_##alg(kbits), NULL); \ + } \ + return ctx; \ + } \ + const OSSL_DISPATCH ossl_##alg##kbits##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))alg##_##kbits##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))rc4_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))rc4_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))alg##_##kbits##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_var_keylen_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_var_keylen_settable_ctx_params }, \ + { 0, NULL } \ + }; /* ossl_rc440_functions */ IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 40, 8, 0, stream) --- crypto/openssl/providers/implementations/ciphers/cipher_rc4.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc4.h @@ -11,7 +11,7 @@ #include "prov/ciphercommon.h" typedef struct prov_rc4_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; RC4_KEY ks; --- crypto/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -20,8 +20,8 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define RC4_HMAC_MD5_FLAGS (PROV_CIPHER_FLAG_VARIABLE_LENGTH \ - | PROV_CIPHER_FLAG_AEAD) +#define RC4_HMAC_MD5_FLAGS (PROV_CIPHER_FLAG_VARIABLE_LENGTH \ + | PROV_CIPHER_FLAG_AEAD) #define RC4_HMAC_MD5_KEY_BITS (16 * 8) #define RC4_HMAC_MD5_BLOCK_BITS (1 * 8) @@ -55,13 +55,13 @@ ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ossl_cipher_generic_initkey(ctx, RC4_HMAC_MD5_KEY_BITS, - RC4_HMAC_MD5_BLOCK_BITS, - RC4_HMAC_MD5_IV_BITS, - RC4_HMAC_MD5_MODE, RC4_HMAC_MD5_FLAGS, - ossl_prov_cipher_hw_rc4_hmac_md5( - RC4_HMAC_MD5_KEY_BITS - ), NULL); - return ctx; + RC4_HMAC_MD5_BLOCK_BITS, + RC4_HMAC_MD5_IV_BITS, + RC4_HMAC_MD5_MODE, RC4_HMAC_MD5_FLAGS, + ossl_prov_cipher_hw_rc4_hmac_md5( + RC4_HMAC_MD5_KEY_BITS), + NULL); + return ctx; } static void rc4_hmac_md5_freectx(void *vctx) @@ -69,7 +69,7 @@ PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *rc4_hmac_md5_dupctx(void *vctx) @@ -82,8 +82,8 @@ } static int rc4_hmac_md5_einit(void *ctx, const unsigned char *key, - size_t keylen, const unsigned char *iv, - size_t ivlen, const OSSL_PARAM params[]) + size_t keylen, const unsigned char *iv, + size_t ivlen, const OSSL_PARAM params[]) { if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -91,8 +91,8 @@ } static int rc4_hmac_md5_dinit(void *ctx, const unsigned char *key, - size_t keylen, const unsigned char *iv, - size_t ivlen, const OSSL_PARAM params[]) + size_t keylen, const unsigned char *iv, + size_t ivlen, const OSSL_PARAM params[]) { if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -106,7 +106,7 @@ OSSL_PARAM_END }; const OSSL_PARAM *rc4_hmac_md5_gettable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return rc4_hmac_md5_known_gettable_ctx_params; } @@ -142,7 +142,7 @@ OSSL_PARAM_END }; const OSSL_PARAM *rc4_hmac_md5_settable_ctx_params(ossl_unused void *cctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return rc4_hmac_md5_known_settable_ctx_params; } @@ -215,10 +215,10 @@ static int rc4_hmac_md5_get_params(OSSL_PARAM params[]) { return ossl_cipher_generic_get_params(params, RC4_HMAC_MD5_MODE, - RC4_HMAC_MD5_FLAGS, - RC4_HMAC_MD5_KEY_BITS, - RC4_HMAC_MD5_BLOCK_BITS, - RC4_HMAC_MD5_IV_BITS); + RC4_HMAC_MD5_FLAGS, + RC4_HMAC_MD5_KEY_BITS, + RC4_HMAC_MD5_BLOCK_BITS, + RC4_HMAC_MD5_IV_BITS); } const OSSL_DISPATCH ossl_rc4_hmac_ossl_md5_functions[] = { --- crypto/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.h @@ -12,7 +12,7 @@ #include "prov/ciphercommon.h" typedef struct prov_rc4_hmac_md5_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; RC4_KEY ks; @@ -26,11 +26,11 @@ PROV_CIPHER_HW base; /* Must be first */ int (*tls_init)(PROV_CIPHER_CTX *ctx, unsigned char *aad, size_t aad_len); void (*init_mackey)(PROV_CIPHER_CTX *ctx, const unsigned char *key, - size_t len); + size_t len); } PROV_CIPHER_HW_RC4_HMAC_MD5; const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc4_hmac_md5(size_t keybits); void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, - MD5_CTX *ctx, const void *inp, size_t blocks); + MD5_CTX *ctx, const void *inp, size_t blocks); --- crypto/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c @@ -19,26 +19,26 @@ #define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(RC4_ASM) \ - && defined(MD5_ASM) \ - && (defined(__x86_64) \ - || defined(__x86_64__) \ - || defined(_M_AMD64) \ +#if defined(RC4_ASM) \ + && defined(MD5_ASM) \ + && (defined(__x86_64) \ + || defined(__x86_64__) \ + || defined(_M_AMD64) \ || defined(_M_X64)) -# define STITCHED_CALL -# define MOD 32 /* 32 is $MOD from rc4_md5-x86_64.pl */ +#define STITCHED_CALL +#define MOD 32 /* 32 is $MOD from rc4_md5-x86_64.pl */ #else -# define rc4_off 0 -# define md5_off 0 +#define rc4_off 0 +#define md5_off 0 #endif static int cipher_hw_rc4_hmac_md5_initkey(PROV_CIPHER_CTX *bctx, - const uint8_t *key, size_t keylen) + const uint8_t *key, size_t keylen) { PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx; RC4_set_key(&ctx->ks.ks, keylen, key); - MD5_Init(&ctx->head); /* handy when benchmarking */ + MD5_Init(&ctx->head); /* handy when benchmarking */ ctx->tail = ctx->head; ctx->md = ctx->head; ctx->payload_length = NO_PAYLOAD_LENGTH; @@ -47,8 +47,8 @@ } static int cipher_hw_rc4_hmac_md5_cipher(PROV_CIPHER_CTX *bctx, - unsigned char *out, - const unsigned char *in, size_t len) + unsigned char *out, + const unsigned char *in, size_t len) { PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx; RC4_KEY *ks = &ctx->ks.ks; @@ -72,13 +72,13 @@ md5_off += MD5_CBLOCK; if (plen > md5_off - && (blocks = (plen - md5_off) / MD5_CBLOCK) - && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { + && (blocks = (plen - md5_off) / MD5_CBLOCK) + && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { MD5_Update(&ctx->md, in, md5_off); RC4(ks, rc4_off, in, out); rc4_md5_enc(ks, in + rc4_off, out + rc4_off, - &ctx->md, in + md5_off, blocks); + &ctx->md, in + md5_off, blocks); blocks *= MD5_CBLOCK; rc4_off += blocks; md5_off += blocks; @@ -93,7 +93,7 @@ #endif MD5_Update(&ctx->md, in + md5_off, plen - md5_off); - if (plen != len) { /* "TLS" mode of operation */ + if (plen != len) { /* "TLS" mode of operation */ if (in != out) memcpy(out + rc4_off, in + rc4_off, plen - rc4_off); @@ -118,13 +118,13 @@ rc4_off += MD5_CBLOCK; if (len > rc4_off - && (blocks = (len - rc4_off) / MD5_CBLOCK) - && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { + && (blocks = (len - rc4_off) / MD5_CBLOCK) + && (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { RC4(ks, rc4_off, in, out); MD5_Update(&ctx->md, out, md5_off); rc4_md5_enc(ks, in + rc4_off, out + rc4_off, - &ctx->md, out + md5_off, blocks); + &ctx->md, out + md5_off, blocks); blocks *= MD5_CBLOCK; rc4_off += blocks; md5_off += blocks; @@ -163,7 +163,7 @@ } static int cipher_hw_rc4_hmac_md5_tls_init(PROV_CIPHER_CTX *bctx, - unsigned char *aad, size_t aad_len) + unsigned char *aad, size_t aad_len) { PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx; unsigned int len; @@ -188,8 +188,8 @@ } static void cipher_hw_rc4_hmac_md5_init_mackey(PROV_CIPHER_CTX *bctx, - const unsigned char *key, - size_t len) + const unsigned char *key, + size_t len) { PROV_RC4_HMAC_MD5_CTX *ctx = (PROV_RC4_HMAC_MD5_CTX *)bctx; unsigned int i; @@ -219,10 +219,8 @@ } static const PROV_CIPHER_HW_RC4_HMAC_MD5 rc4_hmac_md5_hw = { - { - cipher_hw_rc4_hmac_md5_initkey, - cipher_hw_rc4_hmac_md5_cipher - }, + { cipher_hw_rc4_hmac_md5_initkey, + cipher_hw_rc4_hmac_md5_cipher }, cipher_hw_rc4_hmac_md5_tls_init, cipher_hw_rc4_hmac_md5_init_mackey }; --- crypto/openssl/providers/implementations/ciphers/cipher_rc4_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc4_hw.c @@ -16,18 +16,18 @@ #include "cipher_rc4.h" static int cipher_hw_rc4_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { - PROV_RC4_CTX *rctx = (PROV_RC4_CTX *)ctx; + PROV_RC4_CTX *rctx = (PROV_RC4_CTX *)ctx; RC4_set_key(&rctx->ks.ks, keylen, key); return 1; } static int cipher_hw_rc4_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { - PROV_RC4_CTX *rctx = (PROV_RC4_CTX *)ctx; + PROV_RC4_CTX *rctx = (PROV_RC4_CTX *)ctx; RC4(&rctx->ks.ks, len, in, out); return 1; @@ -41,4 +41,3 @@ { return &rc4_hw; } - --- crypto/openssl/providers/implementations/ciphers/cipher_rc5.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc5.c @@ -35,7 +35,7 @@ PROV_RC5_CTX *ctx = (PROV_RC5_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *rc5_dupctx(void *ctx) @@ -57,8 +57,8 @@ } static int rc5_einit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -66,8 +66,8 @@ } static int rc5_dinit(void *ctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL)) return 0; @@ -105,16 +105,15 @@ } CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(rc5) - OSSL_PARAM_uint(OSSL_CIPHER_PARAM_ROUNDS, NULL), -CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(rc5) +OSSL_PARAM_uint(OSSL_CIPHER_PARAM_ROUNDS, NULL), + CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(rc5) -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(rc5) - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), + CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(rc5) + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_uint(OSSL_CIPHER_PARAM_ROUNDS, NULL), -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(rc5) - + CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(rc5) -static int rc5_get_ctx_params(void *vctx, OSSL_PARAM params[]) + static int rc5_get_ctx_params(void *vctx, OSSL_PARAM params[]) { PROV_RC5_CTX *ctx = (PROV_RC5_CTX *)vctx; OSSL_PARAM *p; @@ -129,54 +128,54 @@ return 1; } -#define IMPLEMENT_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ -static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ -static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ -static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ -{ \ - PROV_##UCALG##_CTX *ctx; \ - if (!ossl_prov_is_running()) \ - return NULL; \ - ctx = OPENSSL_zalloc(sizeof(*ctx)); \ - if (ctx != NULL) { \ - ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ - EVP_CIPH_##UCMODE##_MODE, flags, \ - ossl_prov_cipher_hw_##alg##_##lcmode(kbits),\ - NULL); \ - ctx->rounds = RC5_12_ROUNDS; \ - } \ - return ctx; \ -} \ -const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))rc5_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))rc5_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update },\ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))rc5_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))rc5_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))rc5_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))rc5_settable_ctx_params }, \ - { 0, NULL } \ -}; +#define IMPLEMENT_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ + static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ + static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ + static void *alg##_##kbits##_##lcmode##_newctx(void *provctx) \ + { \ + PROV_##UCALG##_CTX *ctx; \ + if (!ossl_prov_is_running()) \ + return NULL; \ + ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + if (ctx != NULL) { \ + ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ + EVP_CIPH_##UCMODE##_MODE, flags, \ + ossl_prov_cipher_hw_##alg##_##lcmode(kbits), \ + NULL); \ + ctx->rounds = RC5_12_ROUNDS; \ + } \ + return ctx; \ + } \ + const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))alg##_##kbits##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))rc5_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))rc5_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))alg##_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))rc5_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))rc5_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))rc5_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))rc5_settable_ctx_params }, \ + { 0, NULL } \ + }; /* ossl_rc5128ecb_functions */ IMPLEMENT_cipher(rc5, RC5, ecb, ECB, RC5_FLAGS, 128, 64, 0, block) @@ -185,4 +184,4 @@ /* ossl_rc5128ofb64_functions */ IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, RC5_FLAGS, 128, 8, 64, stream) /* ossl_rc5128cfb64_functions */ -IMPLEMENT_cipher(rc5, RC5, cfb64, CFB, RC5_FLAGS, 128, 8, 64, stream) +IMPLEMENT_cipher(rc5, RC5, cfb64, CFB, RC5_FLAGS, 128, 8, 64, stream) --- crypto/openssl/providers/implementations/ciphers/cipher_rc5.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc5.h @@ -11,12 +11,12 @@ #include "prov/ciphercommon.h" typedef struct prov_blowfish_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; - RC5_32_KEY ks; /* key schedule */ + RC5_32_KEY ks; /* key schedule */ } ks; - unsigned int rounds; /* number of rounds */ + unsigned int rounds; /* number of rounds */ } PROV_RC5_CTX; const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc5_cbc(size_t keybits); --- crypto/openssl/providers/implementations/ciphers/cipher_rc5_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_rc5_hw.c @@ -16,26 +16,26 @@ #include "cipher_rc5.h" static int cipher_hw_rc5_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { PROV_RC5_CTX *rctx = (PROV_RC5_CTX *)ctx; return RC5_32_set_key(&rctx->ks.ks, keylen, key, rctx->rounds); } -# define PROV_CIPHER_HW_rc5_mode(mode, UCMODE) \ -IMPLEMENT_CIPHER_HW_##UCMODE(mode, rc5, PROV_RC5_CTX, RC5_32_KEY, \ - RC5_32_##mode) \ -static const PROV_CIPHER_HW rc5_##mode = { \ - cipher_hw_rc5_initkey, \ - cipher_hw_rc5_##mode##_cipher \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc5_##mode(size_t keybits) \ -{ \ - return &rc5_##mode; \ -} +#define PROV_CIPHER_HW_rc5_mode(mode, UCMODE) \ + IMPLEMENT_CIPHER_HW_##UCMODE(mode, rc5, PROV_RC5_CTX, RC5_32_KEY, \ + RC5_32_##mode) static const PROV_CIPHER_HW rc5_##mode \ + = { \ + cipher_hw_rc5_initkey, \ + cipher_hw_rc5_##mode##_cipher \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc5_##mode(size_t keybits) \ + { \ + return &rc5_##mode; \ + } PROV_CIPHER_HW_rc5_mode(cbc, CBC) -PROV_CIPHER_HW_rc5_mode(ecb, ECB) -PROV_CIPHER_HW_rc5_mode(ofb64, OFB) -PROV_CIPHER_HW_rc5_mode(cfb64, CFB) + PROV_CIPHER_HW_rc5_mode(ecb, ECB) + PROV_CIPHER_HW_rc5_mode(ofb64, OFB) + PROV_CIPHER_HW_rc5_mode(cfb64, CFB) --- crypto/openssl/providers/implementations/ciphers/cipher_seed.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_seed.c @@ -27,7 +27,7 @@ PROV_SEED_CTX *ctx = (PROV_SEED_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *seed_dupctx(void *ctx) @@ -55,4 +55,4 @@ /* ossl_seed128ofb128_functions */ IMPLEMENT_generic_cipher(seed, SEED, ofb128, OFB, 0, 128, 8, 128, stream) /* ossl_seed128cfb128_functions */ -IMPLEMENT_generic_cipher(seed, SEED, cfb128, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(seed, SEED, cfb128, CFB, 0, 128, 8, 128, stream) --- crypto/openssl/providers/implementations/ciphers/cipher_seed.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_seed.h @@ -11,7 +11,7 @@ #include "prov/ciphercommon.h" typedef struct prov_seed_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; SEED_KEY_SCHEDULE ks; --- crypto/openssl/providers/implementations/ciphers/cipher_seed_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_seed_hw.c @@ -16,27 +16,27 @@ #include "cipher_seed.h" static int cipher_hw_seed_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { - PROV_SEED_CTX *sctx = (PROV_SEED_CTX *)ctx; + PROV_SEED_CTX *sctx = (PROV_SEED_CTX *)ctx; SEED_set_key(key, &(sctx->ks.ks)); return 1; } -# define PROV_CIPHER_HW_seed_mode(mode, UCMODE) \ -IMPLEMENT_CIPHER_HW_##UCMODE(mode, seed, PROV_SEED_CTX, SEED_KEY_SCHEDULE, \ - SEED_##mode) \ -static const PROV_CIPHER_HW seed_##mode = { \ - cipher_hw_seed_initkey, \ - cipher_hw_seed_##mode##_cipher \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_seed_##mode(size_t keybits) \ -{ \ - return &seed_##mode; \ -} +#define PROV_CIPHER_HW_seed_mode(mode, UCMODE) \ + IMPLEMENT_CIPHER_HW_##UCMODE(mode, seed, PROV_SEED_CTX, SEED_KEY_SCHEDULE, \ + SEED_##mode) static const PROV_CIPHER_HW seed_##mode \ + = { \ + cipher_hw_seed_initkey, \ + cipher_hw_seed_##mode##_cipher \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_seed_##mode(size_t keybits) \ + { \ + return &seed_##mode; \ + } PROV_CIPHER_HW_seed_mode(cbc, CBC) -PROV_CIPHER_HW_seed_mode(ecb, ECB) -PROV_CIPHER_HW_seed_mode(ofb128, OFB) -PROV_CIPHER_HW_seed_mode(cfb128, CFB) + PROV_CIPHER_HW_seed_mode(ecb, ECB) + PROV_CIPHER_HW_seed_mode(ofb128, OFB) + PROV_CIPHER_HW_seed_mode(cfb128, CFB) --- crypto/openssl/providers/implementations/ciphers/cipher_sm4.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_sm4.c @@ -21,7 +21,7 @@ PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *sm4_dupctx(void *ctx) @@ -51,4 +51,4 @@ /* ossl_sm4128ofb128_functions */ IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, 0, 128, 8, 128, stream) /* ossl_sm4128cfb128_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, cfb128, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(sm4, SM4, cfb128, CFB, 0, 128, 8, 128, stream) --- crypto/openssl/providers/implementations/ciphers/cipher_sm4.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_sm4.h @@ -11,7 +11,7 @@ #include "crypto/sm4.h" typedef struct prov_cast_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; SM4_KEY ks; --- crypto/openssl/providers/implementations/ciphers/cipher_sm4_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_sm4_hw.c @@ -10,16 +10,16 @@ #include "cipher_sm4.h" static int cipher_hw_sm4_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { - PROV_SM4_CTX *sctx = (PROV_SM4_CTX *)ctx; + PROV_SM4_CTX *sctx = (PROV_SM4_CTX *)ctx; SM4_KEY *ks = &sctx->ks.ks; ossl_sm4_set_key(key, ks); ctx->ks = ks; if (ctx->enc - || (ctx->mode != EVP_CIPH_ECB_MODE - && ctx->mode != EVP_CIPH_CBC_MODE)) + || (ctx->mode != EVP_CIPH_ECB_MODE + && ctx->mode != EVP_CIPH_CBC_MODE)) ctx->block = (block128_f)ossl_sm4_encrypt; else ctx->block = (block128_f)ossl_sm4_decrypt; @@ -28,19 +28,19 @@ IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_sm4_copyctx, PROV_SM4_CTX) -# define PROV_CIPHER_HW_sm4_mode(mode) \ -static const PROV_CIPHER_HW sm4_##mode = { \ - cipher_hw_sm4_initkey, \ - ossl_cipher_hw_chunked_##mode, \ - cipher_hw_sm4_copyctx \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_##mode(size_t keybits) \ -{ \ - return &sm4_##mode; \ -} +#define PROV_CIPHER_HW_sm4_mode(mode) \ + static const PROV_CIPHER_HW sm4_##mode = { \ + cipher_hw_sm4_initkey, \ + ossl_cipher_hw_chunked_##mode, \ + cipher_hw_sm4_copyctx \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_##mode(size_t keybits) \ + { \ + return &sm4_##mode; \ + } PROV_CIPHER_HW_sm4_mode(cbc) -PROV_CIPHER_HW_sm4_mode(ecb) -PROV_CIPHER_HW_sm4_mode(ofb128) -PROV_CIPHER_HW_sm4_mode(cfb128) -PROV_CIPHER_HW_sm4_mode(ctr) + PROV_CIPHER_HW_sm4_mode(ecb) + PROV_CIPHER_HW_sm4_mode(ofb128) + PROV_CIPHER_HW_sm4_mode(cfb128) + PROV_CIPHER_HW_sm4_mode(ctr) --- crypto/openssl/providers/implementations/ciphers/cipher_tdes.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_tdes.c @@ -20,6 +20,6 @@ #include "prov/implementations.h" /* ossl_tdes_ede3_ecb_functions */ -IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 0, block); +IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64 * 3, 64, 0, block); /* ossl_tdes_ede3_cbc_functions */ -IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block); +IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64 * 3, 64, 64, block); --- crypto/openssl/providers/implementations/ciphers/cipher_tdes.h.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_tdes.h @@ -16,62 +16,62 @@ #define TDES_FLAGS PROV_CIPHER_FLAG_RAND_KEY typedef struct prov_tdes_ctx_st { - PROV_CIPHER_CTX base; /* Must be first */ + PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; DES_key_schedule ks[3]; } tks; union { - void (*cbc) (const void *, void *, size_t, - const DES_key_schedule *, unsigned char *); + void (*cbc)(const void *, void *, size_t, + const DES_key_schedule *, unsigned char *); } tstream; } PROV_TDES_CTX; -#define IMPLEMENT_tdes_cipher(type, UCTYPE, lcmode, UCMODE, flags, \ - kbits, blkbits, ivbits, block) \ -static OSSL_FUNC_cipher_newctx_fn tdes_##type##_##lcmode##_newctx; \ -static void *tdes_##type##_##lcmode##_newctx(void *provctx) \ -{ \ - return ossl_tdes_newctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, blkbits, \ - ivbits, flags, \ - ossl_prov_cipher_hw_tdes_##type##_##lcmode()); \ -} \ -static OSSL_FUNC_cipher_get_params_fn tdes_##type##_##lcmode##_get_params; \ -static int tdes_##type##_##lcmode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -const OSSL_DISPATCH ossl_tdes_##type##_##lcmode##_functions[] = { \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_tdes_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_tdes_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, \ - (void (*)(void))ossl_cipher_generic_##block##_update }, \ - { OSSL_FUNC_CIPHER_FINAL, \ - (void (*)(void))ossl_cipher_generic_##block##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void))tdes_##type##_##lcmode##_newctx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))ossl_tdes_dupctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))ossl_tdes_freectx }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void))tdes_##type##_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))ossl_tdes_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_tdes_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ - { 0, NULL } \ -} +#define IMPLEMENT_tdes_cipher(type, UCTYPE, lcmode, UCMODE, flags, \ + kbits, blkbits, ivbits, block) \ + static OSSL_FUNC_cipher_newctx_fn tdes_##type##_##lcmode##_newctx; \ + static void *tdes_##type##_##lcmode##_newctx(void *provctx) \ + { \ + return ossl_tdes_newctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, blkbits, \ + ivbits, flags, \ + ossl_prov_cipher_hw_tdes_##type##_##lcmode()); \ + } \ + static OSSL_FUNC_cipher_get_params_fn tdes_##type##_##lcmode##_get_params; \ + static int tdes_##type##_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + const OSSL_DISPATCH ossl_tdes_##type##_##lcmode##_functions[] = { \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_tdes_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_tdes_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, \ + (void (*)(void))ossl_cipher_generic_##block##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, \ + (void (*)(void))ossl_cipher_generic_##block##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))tdes_##type##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))ossl_tdes_dupctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))ossl_tdes_freectx }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))tdes_##type##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))ossl_tdes_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_tdes_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ + { 0, NULL } \ + } void *ossl_tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits, - size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw); + size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw); OSSL_FUNC_cipher_dupctx_fn ossl_tdes_dupctx; OSSL_FUNC_cipher_freectx_fn ossl_tdes_freectx; OSSL_FUNC_cipher_encrypt_init_fn ossl_tdes_einit; @@ -79,25 +79,25 @@ OSSL_FUNC_cipher_get_ctx_params_fn ossl_tdes_get_ctx_params; OSSL_FUNC_cipher_gettable_ctx_params_fn ossl_tdes_gettable_ctx_params; -#define PROV_CIPHER_HW_tdes_mode(type, mode) \ -static const PROV_CIPHER_HW type##_##mode = { \ - ossl_cipher_hw_tdes_##type##_initkey, \ - ossl_cipher_hw_tdes_##mode, \ - ossl_cipher_hw_tdes_copyctx \ -}; \ -const PROV_CIPHER_HW *ossl_prov_cipher_hw_tdes_##type##_##mode(void) \ -{ \ - return &type##_##mode; \ -} +#define PROV_CIPHER_HW_tdes_mode(type, mode) \ + static const PROV_CIPHER_HW type##_##mode = { \ + ossl_cipher_hw_tdes_##type##_initkey, \ + ossl_cipher_hw_tdes_##mode, \ + ossl_cipher_hw_tdes_copyctx \ + }; \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_tdes_##type##_##mode(void) \ + { \ + return &type##_##mode; \ + } int ossl_cipher_hw_tdes_ede3_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen); + const unsigned char *key, size_t keylen); void ossl_cipher_hw_tdes_copyctx(PROV_CIPHER_CTX *dst, - const PROV_CIPHER_CTX *src); + const PROV_CIPHER_CTX *src); int ossl_cipher_hw_tdes_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); + const unsigned char *in, size_t inl); int ossl_cipher_hw_tdes_ecb(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); const PROV_CIPHER_HW *ossl_prov_cipher_hw_tdes_ede3_cbc(void); const PROV_CIPHER_HW *ossl_prov_cipher_hw_tdes_ede3_ecb(void); --- crypto/openssl/providers/implementations/ciphers/cipher_tdes_common.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_tdes_common.c @@ -21,7 +21,7 @@ #include "prov/providercommon.h" void *ossl_tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits, - size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw) + size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw) { PROV_TDES_CTX *tctx; @@ -31,7 +31,7 @@ tctx = OPENSSL_zalloc(sizeof(*tctx)); if (tctx != NULL) ossl_cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, flags, - hw, provctx); + hw, provctx); return tctx; } @@ -58,12 +58,12 @@ PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx; ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static int tdes_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[], int enc) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -78,9 +78,9 @@ if (!ossl_cipher_generic_initiv(ctx, iv, ivlen)) return 0; } else if (ctx->iv_set - && (ctx->mode == EVP_CIPH_CBC_MODE - || ctx->mode == EVP_CIPH_CFB_MODE - || ctx->mode == EVP_CIPH_OFB_MODE)) { + && (ctx->mode == EVP_CIPH_CBC_MODE + || ctx->mode == EVP_CIPH_CFB_MODE + || ctx->mode == EVP_CIPH_OFB_MODE)) { /* reset IV to keep compatibility with 1.1.1 */ memcpy(ctx->iv, ctx->oiv, ctx->ivlen); } @@ -98,24 +98,24 @@ } int ossl_tdes_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return tdes_init(vctx, key, keylen, iv, ivlen, params, 1); } int ossl_tdes_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return tdes_init(vctx, key, keylen, iv, ivlen, params, 0); } CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_tdes) - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0), -CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_tdes) +OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0), + CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_tdes) -static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr) + static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr) { DES_cblock *deskey = ptr; @@ -134,7 +134,7 @@ int ossl_tdes_get_ctx_params(void *vctx, OSSL_PARAM params[]) { - PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; OSSL_PARAM *p; if (!ossl_cipher_generic_get_ctx_params(vctx, params)) --- crypto/openssl/providers/implementations/ciphers/cipher_tdes_default.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_tdes_default.c @@ -17,19 +17,19 @@ #include "prov/implementations.h" /* ossl_tdes_ede3_ofb_functions */ -IMPLEMENT_tdes_cipher(ede3, EDE3, ofb, OFB, TDES_FLAGS, 64*3, 8, 64, stream); +IMPLEMENT_tdes_cipher(ede3, EDE3, ofb, OFB, TDES_FLAGS, 64 * 3, 8, 64, stream); /* ossl_tdes_ede3_cfb_functions */ -IMPLEMENT_tdes_cipher(ede3, EDE3, cfb, CFB, TDES_FLAGS, 64*3, 8, 64, stream); +IMPLEMENT_tdes_cipher(ede3, EDE3, cfb, CFB, TDES_FLAGS, 64 * 3, 8, 64, stream); /* ossl_tdes_ede3_cfb1_functions */ -IMPLEMENT_tdes_cipher(ede3, EDE3, cfb1, CFB, TDES_FLAGS, 64*3, 8, 64, stream); +IMPLEMENT_tdes_cipher(ede3, EDE3, cfb1, CFB, TDES_FLAGS, 64 * 3, 8, 64, stream); /* ossl_tdes_ede3_cfb8_functions */ -IMPLEMENT_tdes_cipher(ede3, EDE3, cfb8, CFB, TDES_FLAGS, 64*3, 8, 64, stream); +IMPLEMENT_tdes_cipher(ede3, EDE3, cfb8, CFB, TDES_FLAGS, 64 * 3, 8, 64, stream); /* ossl_tdes_ede2_ecb_functions */ -IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 0, block); +IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64 * 2, 64, 0, block); /* ossl_tdes_ede2_cbc_functions */ -IMPLEMENT_tdes_cipher(ede2, EDE2, cbc, CBC, TDES_FLAGS, 64*2, 64, 64, block); +IMPLEMENT_tdes_cipher(ede2, EDE2, cbc, CBC, TDES_FLAGS, 64 * 2, 64, 64, block); /* ossl_tdes_ede2_ofb_functions */ -IMPLEMENT_tdes_cipher(ede2, EDE2, ofb, OFB, TDES_FLAGS, 64*2, 8, 64, stream); +IMPLEMENT_tdes_cipher(ede2, EDE2, ofb, OFB, TDES_FLAGS, 64 * 2, 8, 64, stream); /* ossl_tdes_ede2_cfb_functions */ -IMPLEMENT_tdes_cipher(ede2, EDE2, cfb, CFB, TDES_FLAGS, 64*2, 8, 64, stream); +IMPLEMENT_tdes_cipher(ede2, EDE2, cfb, CFB, TDES_FLAGS, 64 * 2, 8, 64, stream); --- crypto/openssl/providers/implementations/ciphers/cipher_tdes_default_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_tdes_default_hw.c @@ -20,25 +20,24 @@ #define ks3 tks.ks[2] static int ossl_cipher_hw_tdes_ede2_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, - size_t keylen) + const unsigned char *key, + size_t keylen) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; DES_cblock *deskey = (DES_cblock *)key; tctx->tstream.cbc = NULL; -# if defined(SPARC_DES_CAPABLE) +#if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { if (ctx->mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], &tctx->ks1); des_t4_key_expand(&deskey[1], &tctx->ks2); memcpy(&tctx->ks3, &tctx->ks1, sizeof(tctx->ks1)); - tctx->tstream.cbc = ctx->enc ? des_t4_ede3_cbc_encrypt : - des_t4_ede3_cbc_decrypt; + tctx->tstream.cbc = ctx->enc ? des_t4_ede3_cbc_encrypt : des_t4_ede3_cbc_decrypt; return 1; } } -# endif +#endif DES_set_key_unchecked(&deskey[0], &tctx->ks1); DES_set_key_unchecked(&deskey[1], &tctx->ks2); memcpy(&tctx->ks3, &tctx->ks1, sizeof(tctx->ks1)); @@ -46,28 +45,28 @@ } static int ossl_cipher_hw_tdes_ofb(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; int num = ctx->num; while (inl >= MAXCHUNK) { DES_ede3_ofb64_encrypt(in, out, (long)MAXCHUNK, &tctx->ks1, &tctx->ks2, - &tctx->ks3, (DES_cblock *)ctx->iv, &num); + &tctx->ks3, (DES_cblock *)ctx->iv, &num); inl -= MAXCHUNK; in += MAXCHUNK; out += MAXCHUNK; } if (inl > 0) { DES_ede3_ofb64_encrypt(in, out, (long)inl, &tctx->ks1, &tctx->ks2, - &tctx->ks3, (DES_cblock *)ctx->iv, &num); + &tctx->ks3, (DES_cblock *)ctx->iv, &num); } ctx->num = num; return 1; } static int ossl_cipher_hw_tdes_cfb(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; int num = ctx->num; @@ -75,16 +74,16 @@ while (inl >= MAXCHUNK) { DES_ede3_cfb64_encrypt(in, out, (long)MAXCHUNK, - &tctx->ks1, &tctx->ks2, &tctx->ks3, - (DES_cblock *)ctx->iv, &num, ctx->enc); + &tctx->ks1, &tctx->ks2, &tctx->ks3, + (DES_cblock *)ctx->iv, &num, ctx->enc); inl -= MAXCHUNK; in += MAXCHUNK; out += MAXCHUNK; } if (inl > 0) { DES_ede3_cfb64_encrypt(in, out, (long)inl, - &tctx->ks1, &tctx->ks2, &tctx->ks3, - (DES_cblock *)ctx->iv, &num, ctx->enc); + &tctx->ks1, &tctx->ks2, &tctx->ks3, + (DES_cblock *)ctx->iv, &num, ctx->enc); } ctx->num = num; return 1; @@ -95,7 +94,7 @@ * right way, so wrap it here */ static int ossl_cipher_hw_tdes_cfb1(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; size_t n; @@ -106,8 +105,8 @@ for (n = 0; n < inl; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_ede3_cfb_encrypt(c, d, 1, 1, - &tctx->ks1, &tctx->ks2, &tctx->ks3, - (DES_cblock *)ctx->iv, ctx->enc); + &tctx->ks1, &tctx->ks2, &tctx->ks3, + (DES_cblock *)ctx->iv, ctx->enc); out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); } @@ -116,32 +115,31 @@ } static int ossl_cipher_hw_tdes_cfb8(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; while (inl >= MAXCHUNK) { DES_ede3_cfb_encrypt(in, out, 8, (long)MAXCHUNK, - &tctx->ks1, &tctx->ks2, &tctx->ks3, - (DES_cblock *)ctx->iv, ctx->enc); + &tctx->ks1, &tctx->ks2, &tctx->ks3, + (DES_cblock *)ctx->iv, ctx->enc); inl -= MAXCHUNK; in += MAXCHUNK; out += MAXCHUNK; } if (inl > 0) DES_ede3_cfb_encrypt(in, out, 8, (long)inl, - &tctx->ks1, &tctx->ks2, &tctx->ks3, - (DES_cblock *)ctx->iv, ctx->enc); + &tctx->ks1, &tctx->ks2, &tctx->ks3, + (DES_cblock *)ctx->iv, ctx->enc); return 1; } PROV_CIPHER_HW_tdes_mode(ede3, ofb) -PROV_CIPHER_HW_tdes_mode(ede3, cfb) -PROV_CIPHER_HW_tdes_mode(ede3, cfb1) -PROV_CIPHER_HW_tdes_mode(ede3, cfb8) - -PROV_CIPHER_HW_tdes_mode(ede2, ecb) -PROV_CIPHER_HW_tdes_mode(ede2, cbc) -PROV_CIPHER_HW_tdes_mode(ede2, ofb) -PROV_CIPHER_HW_tdes_mode(ede2, cfb) - + PROV_CIPHER_HW_tdes_mode(ede3, cfb) + PROV_CIPHER_HW_tdes_mode(ede3, cfb1) + PROV_CIPHER_HW_tdes_mode(ede3, cfb8) + + PROV_CIPHER_HW_tdes_mode(ede2, ecb) + PROV_CIPHER_HW_tdes_mode(ede2, cbc) + PROV_CIPHER_HW_tdes_mode(ede2, ofb) + PROV_CIPHER_HW_tdes_mode(ede2, cfb) --- crypto/openssl/providers/implementations/ciphers/cipher_tdes_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_tdes_hw.c @@ -21,24 +21,23 @@ #define ks3 tks.ks[2] int ossl_cipher_hw_tdes_ede3_initkey(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; DES_cblock *deskey = (DES_cblock *)key; tctx->tstream.cbc = NULL; -# if defined(SPARC_DES_CAPABLE) +#if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { if (ctx->mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], &tctx->ks1); des_t4_key_expand(&deskey[1], &tctx->ks2); des_t4_key_expand(&deskey[2], &tctx->ks3); - tctx->tstream.cbc = ctx->enc ? des_t4_ede3_cbc_encrypt : - des_t4_ede3_cbc_decrypt; + tctx->tstream.cbc = ctx->enc ? des_t4_ede3_cbc_encrypt : des_t4_ede3_cbc_decrypt; return 1; } } -# endif +#endif DES_set_key_unchecked(&deskey[0], &tctx->ks1); DES_set_key_unchecked(&deskey[1], &tctx->ks2); DES_set_key_unchecked(&deskey[2], &tctx->ks3); @@ -46,7 +45,7 @@ } void ossl_cipher_hw_tdes_copyctx(PROV_CIPHER_CTX *dst, - const PROV_CIPHER_CTX *src) + const PROV_CIPHER_CTX *src) { PROV_TDES_CTX *sctx = (PROV_TDES_CTX *)src; PROV_TDES_CTX *dctx = (PROV_TDES_CTX *)dst; @@ -56,30 +55,30 @@ } int ossl_cipher_hw_tdes_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; if (tctx->tstream.cbc != NULL) { - (*tctx->tstream.cbc) (in, out, inl, tctx->tks.ks, ctx->iv); + (*tctx->tstream.cbc)(in, out, inl, tctx->tks.ks, ctx->iv); return 1; } while (inl >= MAXCHUNK) { DES_ede3_cbc_encrypt(in, out, (long)MAXCHUNK, &tctx->ks1, &tctx->ks2, - &tctx->ks3, (DES_cblock *)ctx->iv, ctx->enc); + &tctx->ks3, (DES_cblock *)ctx->iv, ctx->enc); inl -= MAXCHUNK; in += MAXCHUNK; out += MAXCHUNK; } if (inl > 0) DES_ede3_cbc_encrypt(in, out, (long)inl, &tctx->ks1, &tctx->ks2, - &tctx->ks3, (DES_cblock *)ctx->iv, ctx->enc); + &tctx->ks3, (DES_cblock *)ctx->iv, ctx->enc); return 1; } int ossl_cipher_hw_tdes_ecb(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { size_t i; PROV_TDES_CTX *tctx = (PROV_TDES_CTX *)ctx; @@ -89,10 +88,10 @@ for (i = 0, len -= DES_BLOCK_SIZE; i <= len; i += DES_BLOCK_SIZE) { DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), - &tctx->ks1, &tctx->ks2, &tctx->ks3, ctx->enc); + &tctx->ks1, &tctx->ks2, &tctx->ks3, ctx->enc); } return 1; } PROV_CIPHER_HW_tdes_mode(ede3, ecb) -PROV_CIPHER_HW_tdes_mode(ede3, cbc) + PROV_CIPHER_HW_tdes_mode(ede3, cbc) --- crypto/openssl/providers/implementations/ciphers/cipher_tdes_wrap.c.orig +++ crypto/openssl/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -27,13 +27,12 @@ static OSSL_FUNC_cipher_update_fn tdes_wrap_update; static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher; -static const unsigned char wrap_iv[8] = -{ +static const unsigned char wrap_iv[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { unsigned char icv[8], iv[TDES_IVLEN], sha1tmp[SHA_DIGEST_LENGTH]; int rv = -1; @@ -66,7 +65,7 @@ ctx->hw->cipher(ctx, out, out, inl - 16); ctx->hw->cipher(ctx, icv, icv, 8); if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ - && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) + && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) rv = inl - 16; OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); @@ -79,7 +78,7 @@ } static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { unsigned char sha1tmp[SHA_DIGEST_LENGTH]; size_t ivlen = TDES_IVLEN; @@ -109,7 +108,7 @@ } static int tdes_wrap_cipher_internal(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { /* * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK @@ -125,8 +124,8 @@ } static int tdes_wrap_cipher(void *vctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; int ret; @@ -149,8 +148,8 @@ } static int tdes_wrap_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) + size_t outsize, const unsigned char *in, + size_t inl) { *outl = 0; if (inl == 0) @@ -167,44 +166,42 @@ return 1; } - -# define IMPLEMENT_WRAP_CIPHER(flags, kbits, blkbits, ivbits) \ -static OSSL_FUNC_cipher_newctx_fn tdes_wrap_newctx; \ -static void *tdes_wrap_newctx(void *provctx) \ -{ \ - return ossl_tdes_newctx(provctx, EVP_CIPH_WRAP_MODE, kbits, blkbits, \ - ivbits, flags, \ - ossl_prov_cipher_hw_tdes_wrap_cbc()); \ -} \ -static OSSL_FUNC_cipher_get_params_fn tdes_wrap_get_params; \ -static int tdes_wrap_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags, \ - kbits, blkbits, ivbits); \ -} \ -const OSSL_DISPATCH ossl_tdes_wrap_cbc_functions[] = \ -{ \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) ossl_tdes_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) ossl_tdes_dinit }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))tdes_wrap_cipher }, \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))tdes_wrap_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))ossl_tdes_freectx }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))tdes_wrap_update }, \ - { OSSL_FUNC_CIPHER_FINAL, \ - (void (*)(void))ossl_cipher_generic_stream_final }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))tdes_wrap_get_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))ossl_tdes_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_tdes_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ - { 0, NULL } \ -} +#define IMPLEMENT_WRAP_CIPHER(flags, kbits, blkbits, ivbits) \ + static OSSL_FUNC_cipher_newctx_fn tdes_wrap_newctx; \ + static void *tdes_wrap_newctx(void *provctx) \ + { \ + return ossl_tdes_newctx(provctx, EVP_CIPH_WRAP_MODE, kbits, blkbits, \ + ivbits, flags, \ + ossl_prov_cipher_hw_tdes_wrap_cbc()); \ + } \ + static OSSL_FUNC_cipher_get_params_fn tdes_wrap_get_params; \ + static int tdes_wrap_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags, \ + kbits, blkbits, ivbits); \ + } \ + const OSSL_DISPATCH ossl_tdes_wrap_cbc_functions[] = { \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_tdes_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_tdes_dinit }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))tdes_wrap_cipher }, \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))tdes_wrap_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))ossl_tdes_freectx }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))tdes_wrap_update }, \ + { OSSL_FUNC_CIPHER_FINAL, \ + (void (*)(void))ossl_cipher_generic_stream_final }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))tdes_wrap_get_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))ossl_tdes_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_tdes_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ + { 0, NULL } \ + } /* ossl_tdes_wrap_cbc_functions */ -IMPLEMENT_WRAP_CIPHER(TDES_WRAP_FLAGS, 64*3, 64, 0); +IMPLEMENT_WRAP_CIPHER(TDES_WRAP_FLAGS, 64 * 3, 64, 0); --- crypto/openssl/providers/implementations/ciphers/ciphercommon.c.orig +++ crypto/openssl/providers/implementations/ciphers/ciphercommon.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,8 +39,8 @@ } int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, - uint64_t flags, - size_t kbits, size_t blkbits, size_t ivbits) + uint64_t flags, + size_t kbits, size_t blkbits, size_t ivbits) { OSSL_PARAM *p; @@ -97,20 +97,19 @@ return 1; } -CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic) -{ OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED }, -CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic) +CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic) { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED }, + CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic) -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic) -OSSL_PARAM_uint(OSSL_CIPHER_PARAM_USE_BITS, NULL), -OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL), -OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL), -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic) + CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic) + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_USE_BITS, NULL), + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL), + CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic) -/* - * Variable key length cipher functions for OSSL_PARAM settables - */ -int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + /* + * Variable key length cipher functions for OSSL_PARAM settables + */ + int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; const OSSL_PARAM *p; @@ -138,25 +137,25 @@ CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_var_keylen) OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), -CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen) + CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen) -/*- - * AEAD cipher functions for OSSL_PARAM gettables and settables - */ -static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0), - OSSL_PARAM_END -}; + /*- + * AEAD cipher functions for OSSL_PARAM gettables and settables + */ + static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] + = { + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0), + OSSL_PARAM_END + }; const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params( - ossl_unused void *cctx, ossl_unused void *provctx - ) + ossl_unused void *cctx, ossl_unused void *provctx) { return cipher_aead_known_gettable_ctx_params; } @@ -170,8 +169,7 @@ OSSL_PARAM_END }; const OSSL_PARAM *ossl_cipher_aead_settable_ctx_params( - ossl_unused void *cctx, ossl_unused void *provctx - ) + ossl_unused void *cctx, ossl_unused void *provctx) { return cipher_aead_known_settable_ctx_params; } @@ -186,9 +184,9 @@ } static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, - const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) + const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[], int enc) { ctx->num = 0; ctx->bufsz = 0; @@ -226,27 +224,27 @@ } int ossl_cipher_generic_einit(void *vctx, const unsigned char *key, - size_t keylen, const unsigned char *iv, - size_t ivlen, const OSSL_PARAM params[]) + size_t keylen, const unsigned char *iv, + size_t ivlen, const OSSL_PARAM params[]) { return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen, - iv, ivlen, params, 1); + iv, ivlen, params, 1); } int ossl_cipher_generic_dinit(void *vctx, const unsigned char *key, - size_t keylen, const unsigned char *iv, - size_t ivlen, const OSSL_PARAM params[]) + size_t keylen, const unsigned char *iv, + size_t ivlen, const OSSL_PARAM params[]) { return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen, - iv, ivlen, params, 0); + iv, ivlen, params, 0); } /* Max padding including padding length byte */ #define MAX_PADDING 256 int ossl_cipher_generic_block_update(void *vctx, unsigned char *out, - size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) + size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { size_t outlint = 0; PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -266,9 +264,9 @@ /* Sanity check inputs */ if (in == NULL - || in != out - || outsize < inl - || !ctx->pad) { + || in != out + || outsize < inl + || !ctx->pad) { ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); return 0; } @@ -308,7 +306,6 @@ return 0; } - /* Shouldn't normally fail */ if (!ctx->hw->cipher(ctx, out, in, inl)) { ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); @@ -325,9 +322,9 @@ *outl = inl; if (!ctx->enc && !ossl_cipher_tlsunpadblock(ctx->libctx, ctx->tlsversion, - out, outl, - blksz, &ctx->tlsmac, &ctx->alloced, - ctx->tlsmacsize, 0)) { + out, outl, + blksz, &ctx->tlsmac, &ctx->alloced, + ctx->tlsmacsize, 0)) { ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); return 0; } @@ -336,9 +333,9 @@ if (ctx->bufsz != 0) nextblocks = ossl_cipher_fillblock(ctx->buf, &ctx->bufsz, blksz, - &in, &inl); + &in, &inl); else - nextblocks = inl & ~(blksz-1); + nextblocks = inl & ~(blksz - 1); /* * If we're decrypting and we end an update on a block boundary we hold @@ -391,7 +388,7 @@ } int ossl_cipher_generic_block_final(void *vctx, unsigned char *out, - size_t *outl, size_t outsize) + size_t *outl, size_t outsize) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; size_t blksz = ctx->blocksize; @@ -465,8 +462,8 @@ } int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out, - size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) + size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -493,9 +490,9 @@ *outl = inl; if (!ctx->enc && ctx->tlsversion > 0) { /* - * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and - * cipher_aes_cbc_hmac_sha256_hw.c - */ + * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and + * cipher_aes_cbc_hmac_sha256_hw.c + */ if (ctx->removetlspad) { /* * We should have already failed in the cipher() call above if this @@ -527,7 +524,7 @@ return 1; } int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out, - size_t *outl, size_t outsize) + size_t *outl, size_t outsize) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -544,8 +541,8 @@ } int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) + size_t outsize, const unsigned char *in, + size_t inl) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -669,13 +666,17 @@ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } + if (ctx->blocksize > 0 && num >= (unsigned int)ctx->blocksize) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } ctx->num = num; } return 1; } int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv, - size_t ivlen) + size_t ivlen) { if (ivlen != ctx->ivlen || ivlen > sizeof(ctx->iv)) { @@ -689,9 +690,9 @@ } void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits, - size_t ivbits, unsigned int mode, - uint64_t flags, const PROV_CIPHER_HW *hw, - void *provctx) + size_t ivbits, unsigned int mode, + uint64_t flags, const PROV_CIPHER_HW *hw, + void *provctx) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; --- crypto/openssl/providers/implementations/ciphers/ciphercommon_block.c.orig +++ crypto/openssl/providers/implementations/ciphers/ciphercommon_block.c @@ -17,21 +17,21 @@ /* Functions defined in ssl/tls_pad.c */ int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx); int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx); /* * Fills a single block of buffered data from the input, and returns the amount @@ -54,8 +54,8 @@ * which is a multiple of the blocksize. */ size_t ossl_cipher_fillblock(unsigned char *buf, size_t *buflen, - size_t blocksize, - const unsigned char **in, size_t *inlen) + size_t blocksize, + const unsigned char **in, size_t *inlen) { size_t blockmask = ~(blocksize - 1); size_t bufremain = blocksize - *buflen; @@ -78,7 +78,7 @@ * fit into a full block. */ int ossl_cipher_trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize, - const unsigned char **in, size_t *inlen) + const unsigned char **in, size_t *inlen) { if (*inlen == 0) return 1; @@ -110,7 +110,7 @@ size_t pad, i; size_t len = *buflen; - if(len != blocksize) { + if (len != blocksize) { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); return 0; } @@ -156,18 +156,18 @@ * the mac is random */ int ossl_cipher_tlsunpadblock(OSSL_LIB_CTX *libctx, unsigned int tlsversion, - unsigned char *buf, size_t *buflen, - size_t blocksize, - unsigned char **mac, int *alloced, size_t macsize, - int aead) + unsigned char *buf, size_t *buflen, + size_t blocksize, + unsigned char **mac, int *alloced, size_t macsize, + int aead) { int ret; switch (tlsversion) { case SSL3_VERSION: return ssl3_cbc_remove_padding_and_mac(buflen, *buflen, buf, mac, - alloced, blocksize, macsize, - libctx); + alloced, blocksize, macsize, + libctx); case TLS1_2_VERSION: case DTLS1_2_VERSION: @@ -180,8 +180,8 @@ /* Fall through */ case TLS1_VERSION: ret = tls1_cbc_remove_padding_and_mac(buflen, *buflen, buf, mac, - alloced, blocksize, macsize, - aead, libctx); + alloced, blocksize, macsize, + aead, libctx); return ret; default: --- crypto/openssl/providers/implementations/ciphers/ciphercommon_ccm.c.orig +++ crypto/openssl/providers/implementations/ciphers/ciphercommon_ccm.c @@ -15,8 +15,8 @@ #include "prov/providercommon.h" static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, - size_t *padlen, const unsigned char *in, - size_t len); + size_t *padlen, const unsigned char *in, + size_t len); static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen) { @@ -50,7 +50,7 @@ } static int ccm_tls_iv_set_fixed(PROV_CCM_CTX *ctx, unsigned char *fixed, - size_t flen) + size_t flen) { if (flen != EVP_CCM_TLS_FIXED_IV_LEN) return 0; @@ -223,8 +223,8 @@ } static int ccm_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[], int enc) { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; @@ -253,22 +253,22 @@ } int ossl_ccm_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return ccm_init(vctx, key, keylen, iv, ivlen, params, 1); } int ossl_ccm_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return ccm_init(vctx, key, keylen, iv, ivlen, params, 0); } int ossl_ccm_stream_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) + size_t outsize, const unsigned char *in, + size_t inl) { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; @@ -285,7 +285,7 @@ } int ossl_ccm_stream_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; int i; @@ -302,7 +302,7 @@ } int ossl_ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; @@ -333,8 +333,8 @@ } static int ccm_tls_cipher(PROV_CCM_CTX *ctx, - unsigned char *out, size_t *padlen, - const unsigned char *in, size_t len) + unsigned char *out, size_t *padlen, + const unsigned char *in, size_t len) { int rv = 0; size_t olen = 0; @@ -364,12 +364,12 @@ in += EVP_CCM_TLS_EXPLICIT_IV_LEN; out += EVP_CCM_TLS_EXPLICIT_IV_LEN; if (ctx->enc) { - if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m)) + if (!ctx->hw->auth_encrypt(ctx, in, out, len, out + len, ctx->m)) goto err; olen = len + EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m; } else { if (!ctx->hw->auth_decrypt(ctx, in, out, len, - (unsigned char *)in + len, ctx->m)) + (unsigned char *)in + len, ctx->m)) goto err; olen = len; } @@ -380,8 +380,8 @@ } static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, - size_t *padlen, const unsigned char *in, - size_t len) + size_t *padlen, const unsigned char *in, + size_t len) { int rv = 0; size_t olen = 0; --- crypto/openssl/providers/implementations/ciphers/ciphercommon_ccm_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/ciphercommon_ccm_hw.c @@ -11,13 +11,13 @@ #include "prov/ciphercommon_ccm.h" int ossl_ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce, - size_t nlen, size_t mlen) + size_t nlen, size_t mlen) { return CRYPTO_ccm128_setiv(&ctx->ccm_ctx, nonce, nlen, mlen) == 0; } int ossl_ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, - size_t alen) + size_t alen) { CRYPTO_ccm128_aad(&ctx->ccm_ctx, aad, alen); return 1; @@ -29,14 +29,15 @@ } int ossl_ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, - unsigned char *tag, size_t taglen) + unsigned char *out, size_t len, + unsigned char *tag, size_t taglen) { int rv; if (ctx->str != NULL) rv = CRYPTO_ccm128_encrypt_ccm64(&ctx->ccm_ctx, in, - out, len, ctx->str) == 0; + out, len, ctx->str) + == 0; else rv = CRYPTO_ccm128_encrypt(&ctx->ccm_ctx, in, out, len) == 0; @@ -46,14 +47,15 @@ } int ossl_ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, - unsigned char *expected_tag, size_t taglen) + unsigned char *out, size_t len, + unsigned char *expected_tag, size_t taglen) { int rv = 0; if (ctx->str != NULL) rv = CRYPTO_ccm128_decrypt_ccm64(&ctx->ccm_ctx, in, out, len, - ctx->str) == 0; + ctx->str) + == 0; else rv = CRYPTO_ccm128_decrypt(&ctx->ccm_ctx, in, out, len) == 0; if (rv) { --- crypto/openssl/providers/implementations/ciphers/ciphercommon_gcm.c.orig +++ crypto/openssl/providers/implementations/ciphers/ciphercommon_gcm.c @@ -18,19 +18,19 @@ static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len); static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv, - size_t len); + size_t len); static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len); static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out, - size_t *padlen, const unsigned char *in, - size_t len); + size_t *padlen, const unsigned char *in, + size_t len); /* * Called from EVP_CipherInit when there is currently no context via * the new_ctx() function */ void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, - const PROV_GCM_HW *hw) + const PROV_GCM_HW *hw) { ctx->pad = 1; ctx->mode = EVP_CIPH_GCM_MODE; @@ -46,8 +46,8 @@ * Called by EVP_CipherInit via the _einit and _dinit functions */ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[], int enc) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; @@ -79,15 +79,15 @@ } int ossl_gcm_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return gcm_init(vctx, key, keylen, iv, ivlen, params, 1); } int ossl_gcm_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[]) + const unsigned char *iv, size_t ivlen, + const OSSL_PARAM params[]) { return gcm_init(vctx, key, keylen, iv, ivlen, params, 0); } @@ -158,8 +158,7 @@ } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); if (p != NULL) { - size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen : - GCM_TAG_MAX_SIZE; + size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen : GCM_TAG_MAX_SIZE; if (!OSSL_PARAM_set_size_t(p, taglen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); @@ -302,12 +301,11 @@ return 0; } - return 1; } int ossl_gcm_stream_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, size_t inl) + size_t outsize, const unsigned char *in, size_t inl) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; @@ -329,7 +327,7 @@ } int ossl_gcm_stream_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; int i; @@ -346,8 +344,8 @@ } int ossl_gcm_cipher(void *vctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; @@ -391,8 +389,8 @@ } static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out, - size_t *padlen, const unsigned char *in, - size_t len) + size_t *padlen, const unsigned char *in, + size_t len) { size_t olen = 0; int rv = 0; @@ -454,7 +452,7 @@ size_t len; if (!ossl_prov_is_running() || aad_len != EVP_AEAD_TLS1_AAD_LEN) - return 0; + return 0; /* Save the aad for later use. */ buf = dat->buf; @@ -480,7 +478,7 @@ } static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv, - size_t len) + size_t len) { /* Special case: -1 length restores whole IV */ if (len == (size_t)-1) { @@ -492,12 +490,12 @@ /* Fixed field must be at least 4 bytes and invocation field at least 8 */ if ((len < EVP_GCM_TLS_FIXED_IV_LEN) || (ctx->ivlen - (int)len) < EVP_GCM_TLS_EXPLICIT_IV_LEN) - return 0; + return 0; if (len > 0) memcpy(ctx->iv, iv, len); if (ctx->enc && RAND_bytes_ex(ctx->libctx, ctx->iv + len, ctx->ivlen - len, 0) <= 0) - return 0; + return 0; ctx->iv_gen = 1; ctx->iv_state = IV_STATE_BUFFERED; return 1; @@ -510,7 +508,7 @@ * and verify tag. */ static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int rv = 0; size_t arg = EVP_GCM_TLS_EXPLICIT_IV_LEN; @@ -554,13 +552,13 @@ tag = ctx->enc ? out + len : (unsigned char *)in + len; if (!ctx->hw->oneshot(ctx, ctx->buf, ctx->tls_aad_len, in, len, out, tag, - EVP_GCM_TLS_TAG_LEN)) { + EVP_GCM_TLS_TAG_LEN)) { if (!ctx->enc) OPENSSL_cleanse(out, len); goto err; } if (ctx->enc) - plen = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + plen = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; else plen = len; --- crypto/openssl/providers/implementations/ciphers/ciphercommon_gcm_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/ciphercommon_gcm_hw.c @@ -10,7 +10,6 @@ #include "prov/ciphercommon.h" #include "prov/ciphercommon_gcm.h" - int ossl_gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen) { CRYPTO_gcm128_setiv(&ctx->gcm, iv, ivlen); @@ -18,13 +17,13 @@ } int ossl_gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad, - size_t aad_len) + size_t aad_len) { return CRYPTO_gcm128_aad(&ctx->gcm, aad, aad_len) == 0; } int ossl_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, - size_t len, unsigned char *out) + size_t len, unsigned char *out) { if (ctx->enc) { if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len)) @@ -49,8 +48,8 @@ } int ossl_gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, - const unsigned char *in, size_t in_len, - unsigned char *out, unsigned char *tag, size_t tag_len) + const unsigned char *in, size_t in_len, + unsigned char *out, unsigned char *tag, size_t tag_len) { int ret = 0; --- crypto/openssl/providers/implementations/ciphers/ciphercommon_hw.c.orig +++ crypto/openssl/providers/implementations/ciphers/ciphercommon_hw.c @@ -14,10 +14,10 @@ * Used if there is no special hardware implementations. */ int ossl_cipher_hw_generic_cbc(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { if (dat->stream.cbc) - (*dat->stream.cbc) (in, out, len, dat->ks, dat->iv, dat->enc); + (*dat->stream.cbc)(in, out, len, dat->ks, dat->iv, dat->enc); else if (dat->enc) CRYPTO_cbc128_encrypt(in, out, len, dat->ks, dat->iv, dat->block); else @@ -27,7 +27,7 @@ } int ossl_cipher_hw_generic_ecb(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { size_t i, bl = dat->blocksize; @@ -35,18 +35,17 @@ return 1; if (dat->stream.ecb) { - (*dat->stream.ecb) (in, out, len, dat->ks, dat->enc); - } - else { + (*dat->stream.ecb)(in, out, len, dat->ks, dat->enc); + } else { for (i = 0, len -= bl; i <= len; i += bl) - (*dat->block) (in + i, out + i, dat->ks); + (*dat->block)(in + i, out + i, dat->ks); } return 1; } int ossl_cipher_hw_generic_ofb128(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int num = dat->num; @@ -57,51 +56,51 @@ } int ossl_cipher_hw_generic_cfb128(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int num = dat->num; CRYPTO_cfb128_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->enc, - dat->block); + dat->block); dat->num = num; return 1; } int ossl_cipher_hw_generic_cfb8(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int num = dat->num; CRYPTO_cfb128_8_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->enc, - dat->block); + dat->block); dat->num = num; return 1; } int ossl_cipher_hw_generic_cfb1(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int num = dat->num; if (dat->use_bits) { CRYPTO_cfb128_1_encrypt(in, out, len, dat->ks, dat->iv, &num, - dat->enc, dat->block); + dat->enc, dat->block); dat->num = num; return 1; } while (len >= MAXBITCHUNK) { CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, dat->ks, - dat->iv, &num, dat->enc, dat->block); + dat->iv, &num, dat->enc, dat->block); len -= MAXBITCHUNK; out += MAXBITCHUNK; - in += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in, out, len * 8, dat->ks, dat->iv, &num, - dat->enc, dat->block); + dat->enc, dat->block); dat->num = num; @@ -109,16 +108,16 @@ } int ossl_cipher_hw_generic_ctr(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { unsigned int num = dat->num; if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in, out, len, dat->ks, dat->iv, dat->buf, - &num, dat->stream.ctr); + &num, dat->stream.ctr); else CRYPTO_ctr128_encrypt(in, out, len, dat->ks, dat->iv, dat->buf, - &num, dat->block); + &num, dat->block); dat->num = num; return 1; @@ -130,12 +129,12 @@ */ int ossl_cipher_hw_chunked_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= MAXCHUNK) { ossl_cipher_hw_generic_cbc(ctx, out, in, MAXCHUNK); inl -= MAXCHUNK; - in += MAXCHUNK; + in += MAXCHUNK; out += MAXCHUNK; } if (inl > 0) @@ -144,7 +143,7 @@ } int ossl_cipher_hw_chunked_cfb8(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { size_t chunk = MAXCHUNK; @@ -162,7 +161,7 @@ } int ossl_cipher_hw_chunked_cfb128(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { size_t chunk = MAXCHUNK; @@ -180,12 +179,12 @@ } int ossl_cipher_hw_chunked_ofb128(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= MAXCHUNK) { ossl_cipher_hw_generic_ofb128(ctx, out, in, MAXCHUNK); inl -= MAXCHUNK; - in += MAXCHUNK; + in += MAXCHUNK; out += MAXCHUNK; } if (inl > 0) --- crypto/openssl/providers/implementations/ciphers/ciphercommon_local.h.orig +++ crypto/openssl/providers/implementations/ciphers/ciphercommon_local.h @@ -12,5 +12,5 @@ void ossl_cipher_padblock(unsigned char *buf, size_t *buflen, size_t blocksize); int ossl_cipher_unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize); int ossl_cipher_tlsunpadblock(OSSL_LIB_CTX *libctx, unsigned int tlsversion, - unsigned char *buf, size_t *buflen, size_t blocksize, - unsigned char **mac, int *alloced, size_t macsize, int aead); + unsigned char *buf, size_t *buflen, size_t blocksize, + unsigned char **mac, int *alloced, size_t macsize, int aead); --- crypto/openssl/providers/implementations/digests/blake2_impl.h.orig +++ crypto/openssl/providers/implementations/digests/blake2_impl.h @@ -27,9 +27,9 @@ return w; } else { uint32_t w = ((uint32_t)src[0]) - | ((uint32_t)src[1] << 8) - | ((uint32_t)src[2] << 16) - | ((uint32_t)src[3] << 24); + | ((uint32_t)src[1] << 8) + | ((uint32_t)src[2] << 16) + | ((uint32_t)src[3] << 24); return w; } } @@ -44,13 +44,13 @@ return w; } else { uint64_t w = ((uint64_t)src[0]) - | ((uint64_t)src[1] << 8) - | ((uint64_t)src[2] << 16) - | ((uint64_t)src[3] << 24) - | ((uint64_t)src[4] << 32) - | ((uint64_t)src[5] << 40) - | ((uint64_t)src[6] << 48) - | ((uint64_t)src[7] << 56); + | ((uint64_t)src[1] << 8) + | ((uint64_t)src[2] << 16) + | ((uint64_t)src[3] << 24) + | ((uint64_t)src[4] << 32) + | ((uint64_t)src[5] << 40) + | ((uint64_t)src[6] << 48) + | ((uint64_t)src[7] << 56); return w; } } @@ -88,11 +88,11 @@ static ossl_inline uint64_t load48(const uint8_t *src) { uint64_t w = ((uint64_t)src[0]) - | ((uint64_t)src[1] << 8) - | ((uint64_t)src[2] << 16) - | ((uint64_t)src[3] << 24) - | ((uint64_t)src[4] << 32) - | ((uint64_t)src[5] << 40); + | ((uint64_t)src[1] << 8) + | ((uint64_t)src[2] << 16) + | ((uint64_t)src[3] << 24) + | ((uint64_t)src[4] << 32) + | ((uint64_t)src[5] << 40); return w; } @@ -100,11 +100,11 @@ { uint8_t *p = (uint8_t *)dst; p[0] = (uint8_t)w; - p[1] = (uint8_t)(w>>8); - p[2] = (uint8_t)(w>>16); - p[3] = (uint8_t)(w>>24); - p[4] = (uint8_t)(w>>32); - p[5] = (uint8_t)(w>>40); + p[1] = (uint8_t)(w >> 8); + p[2] = (uint8_t)(w >> 16); + p[3] = (uint8_t)(w >> 24); + p[4] = (uint8_t)(w >> 32); + p[5] = (uint8_t)(w >> 40); } static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned int c) --- crypto/openssl/providers/implementations/digests/blake2_prov.c.orig +++ crypto/openssl/providers/implementations/digests/blake2_prov.c @@ -30,12 +30,12 @@ /* ossl_blake2s256_functions */ IMPLEMENT_digest_functions(blake2s256, BLAKE2S_CTX, - BLAKE2S_BLOCKBYTES, BLAKE2S_DIGEST_LENGTH, 0, - ossl_blake2s256_init, ossl_blake2s_update, - ossl_blake2s_final) + BLAKE2S_BLOCKBYTES, BLAKE2S_DIGEST_LENGTH, 0, + ossl_blake2s256_init, ossl_blake2s_update, + ossl_blake2s_final) /* ossl_blake2b512_functions */ IMPLEMENT_digest_functions(blake2b512, BLAKE2B_CTX, - BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH, 0, - ossl_blake2b512_init, ossl_blake2b_update, - ossl_blake2b_final) + BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH, 0, + ossl_blake2b512_init, ossl_blake2b_update, + ossl_blake2b_final) --- crypto/openssl/providers/implementations/digests/blake2b_prov.c.orig +++ crypto/openssl/providers/implementations/digests/blake2b_prov.c @@ -20,28 +20,26 @@ #include "blake2_impl.h" #include "prov/blake2.h" -static const uint64_t blake2b_IV[8] = -{ +static const uint64_t blake2b_IV[8] = { 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; -static const uint8_t blake2b_sigma[12][16] = -{ - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } +static const uint8_t blake2b_sigma[12][16] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } }; /* Set that it's the last block we'll compress */ @@ -83,15 +81,15 @@ void ossl_blake2b_param_init(BLAKE2B_PARAM *P) { P->digest_length = BLAKE2B_DIGEST_LENGTH; - P->key_length = 0; - P->fanout = 1; - P->depth = 1; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; store32(P->leaf_length, 0); store64(P->node_offset, 0); - P->node_depth = 0; - P->inner_length = 0; + P->node_depth = 0; + P->inner_length = 0; memset(P->reserved, 0, sizeof(P->reserved)); - memset(P->salt, 0, sizeof(P->salt)); + memset(P->salt, 0, sizeof(P->salt)); memset(P->personal, 0, sizeof(P->personal)); } @@ -106,14 +104,14 @@ } void ossl_blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, - size_t len) + size_t len) { memcpy(P->personal, personal, len); memset(P->personal + len, 0, BLAKE2B_PERSONALBYTES - len); } void ossl_blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, - size_t len) + size_t len) { memcpy(P->salt, salt, len); memset(P->salt + len, 0, BLAKE2B_SALTBYTES - len); @@ -134,13 +132,13 @@ * Always returns 1. */ int ossl_blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, - const void *key) + const void *key) { blake2b_init_param(c, P); /* Pad the key to form first data block */ { - uint8_t block[BLAKE2B_BLOCKBYTES] = {0}; + uint8_t block[BLAKE2B_BLOCKBYTES] = { 0 }; memcpy(block, key, P->key_length); ossl_blake2b_update(c, block, BLAKE2B_BLOCKBYTES); @@ -152,8 +150,8 @@ /* Permute the state while xoring in the block of data. */ static void blake2b_compress(BLAKE2B_CTX *S, - const uint8_t *blocks, - size_t len) + const uint8_t *blocks, + size_t len) { uint64_t m[16]; uint64_t v[16]; @@ -194,36 +192,36 @@ S->t[0] += increment; S->t[1] += (S->t[0] < increment); - v[8] = blake2b_IV[0]; - v[9] = blake2b_IV[1]; + v[8] = blake2b_IV[0]; + v[9] = blake2b_IV[1]; v[10] = blake2b_IV[2]; v[11] = blake2b_IV[3]; v[12] = S->t[0] ^ blake2b_IV[4]; v[13] = S->t[1] ^ blake2b_IV[5]; v[14] = S->f[0] ^ blake2b_IV[6]; v[15] = S->f[1] ^ blake2b_IV[7]; -#define G(r,i,a,b,c,d) \ - do { \ - a = a + b + m[blake2b_sigma[r][2*i+0]]; \ - d = rotr64(d ^ a, 32); \ - c = c + d; \ - b = rotr64(b ^ c, 24); \ - a = a + b + m[blake2b_sigma[r][2*i+1]]; \ - d = rotr64(d ^ a, 16); \ - c = c + d; \ - b = rotr64(b ^ c, 63); \ - } while (0) -#define ROUND(r) \ - do { \ - G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ - G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ - G(r,2,v[ 2],v[ 6],v[10],v[14]); \ - G(r,3,v[ 3],v[ 7],v[11],v[15]); \ - G(r,4,v[ 0],v[ 5],v[10],v[15]); \ - G(r,5,v[ 1],v[ 6],v[11],v[12]); \ - G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ - G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ - } while (0) +#define G(r, i, a, b, c, d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while (0) +#define ROUND(r) \ + do { \ + G(r, 0, v[0], v[4], v[8], v[12]); \ + G(r, 1, v[1], v[5], v[9], v[13]); \ + G(r, 2, v[2], v[6], v[10], v[14]); \ + G(r, 3, v[3], v[7], v[11], v[15]); \ + G(r, 4, v[0], v[5], v[10], v[15]); \ + G(r, 5, v[1], v[6], v[11], v[12]); \ + G(r, 6, v[2], v[7], v[8], v[13]); \ + G(r, 7, v[3], v[4], v[9], v[14]); \ + } while (0) #if defined(OPENSSL_SMALL_FOOTPRINT) /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */ for (i = 0; i < 12; i++) { @@ -305,7 +303,7 @@ */ int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c) { - uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0}; + uint8_t outbuffer[BLAKE2B_OUTBYTES] = { 0 }; uint8_t *target = outbuffer; int iter = (c->outlen + 7) / 8; int i; --- crypto/openssl/providers/implementations/digests/blake2s_prov.c.orig +++ crypto/openssl/providers/implementations/digests/blake2s_prov.c @@ -20,24 +20,22 @@ #include "blake2_impl.h" #include "prov/blake2.h" -static const uint32_t blake2s_IV[8] = -{ +static const uint32_t blake2s_IV[8] = { 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU, 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U }; -static const uint8_t blake2s_sigma[10][16] = -{ - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , +static const uint8_t blake2s_sigma[10][16] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, }; /* Set that it's the last block we'll compress */ @@ -71,21 +69,21 @@ assert(sizeof(BLAKE2S_PARAM) == 32); /* IV XOR ParamBlock */ for (i = 0; i < 8; ++i) { - S->h[i] ^= load32(&p[i*4]); + S->h[i] ^= load32(&p[i * 4]); } } void ossl_blake2s_param_init(BLAKE2S_PARAM *P) { P->digest_length = BLAKE2S_DIGEST_LENGTH; - P->key_length = 0; - P->fanout = 1; - P->depth = 1; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; store32(P->leaf_length, 0); store48(P->node_offset, 0); - P->node_depth = 0; - P->inner_length = 0; - memset(P->salt, 0, sizeof(P->salt)); + P->node_depth = 0; + P->inner_length = 0; + memset(P->salt, 0, sizeof(P->salt)); memset(P->personal, 0, sizeof(P->personal)); } @@ -100,17 +98,18 @@ } void ossl_blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, - size_t len) + size_t len) { memcpy(P->personal, personal, len); memset(P->personal + len, 0, BLAKE2S_PERSONALBYTES - len); } void ossl_blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, - size_t len) + size_t len) { memcpy(P->salt, salt, len); - memset(P->salt + len, 0, BLAKE2S_SALTBYTES - len);} + memset(P->salt + len, 0, BLAKE2S_SALTBYTES - len); +} /* * Initialize the hashing context with the given parameter block. @@ -127,13 +126,13 @@ * Always returns 1. */ int ossl_blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, - const void *key) + const void *key) { blake2s_init_param(c, P); /* Pad the key to form first data block */ { - uint8_t block[BLAKE2S_BLOCKBYTES] = {0}; + uint8_t block[BLAKE2S_BLOCKBYTES] = { 0 }; memcpy(block, key, P->key_length); ossl_blake2s_update(c, block, BLAKE2S_BLOCKBYTES); @@ -145,8 +144,8 @@ /* Permute the state while xoring in the block of data. */ static void blake2s_compress(BLAKE2S_CTX *S, - const uint8_t *blocks, - size_t len) + const uint8_t *blocks, + size_t len) { uint32_t m[16]; uint32_t v[16]; @@ -187,36 +186,36 @@ S->t[0] += increment; S->t[1] += (S->t[0] < increment); - v[ 8] = blake2s_IV[0]; - v[ 9] = blake2s_IV[1]; + v[8] = blake2s_IV[0]; + v[9] = blake2s_IV[1]; v[10] = blake2s_IV[2]; v[11] = blake2s_IV[3]; v[12] = S->t[0] ^ blake2s_IV[4]; v[13] = S->t[1] ^ blake2s_IV[5]; v[14] = S->f[0] ^ blake2s_IV[6]; v[15] = S->f[1] ^ blake2s_IV[7]; -#define G(r,i,a,b,c,d) \ - do { \ - a = a + b + m[blake2s_sigma[r][2*i+0]]; \ - d = rotr32(d ^ a, 16); \ - c = c + d; \ - b = rotr32(b ^ c, 12); \ - a = a + b + m[blake2s_sigma[r][2*i+1]]; \ - d = rotr32(d ^ a, 8); \ - c = c + d; \ - b = rotr32(b ^ c, 7); \ - } while (0) -#define ROUND(r) \ - do { \ - G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ - G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ - G(r,2,v[ 2],v[ 6],v[10],v[14]); \ - G(r,3,v[ 3],v[ 7],v[11],v[15]); \ - G(r,4,v[ 0],v[ 5],v[10],v[15]); \ - G(r,5,v[ 1],v[ 6],v[11],v[12]); \ - G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ - G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ - } while (0) +#define G(r, i, a, b, c, d) \ + do { \ + a = a + b + m[blake2s_sigma[r][2 * i + 0]]; \ + d = rotr32(d ^ a, 16); \ + c = c + d; \ + b = rotr32(b ^ c, 12); \ + a = a + b + m[blake2s_sigma[r][2 * i + 1]]; \ + d = rotr32(d ^ a, 8); \ + c = c + d; \ + b = rotr32(b ^ c, 7); \ + } while (0) +#define ROUND(r) \ + do { \ + G(r, 0, v[0], v[4], v[8], v[12]); \ + G(r, 1, v[1], v[5], v[9], v[13]); \ + G(r, 2, v[2], v[6], v[10], v[14]); \ + G(r, 3, v[3], v[7], v[11], v[15]); \ + G(r, 4, v[0], v[5], v[10], v[15]); \ + G(r, 5, v[1], v[6], v[11], v[12]); \ + G(r, 6, v[2], v[7], v[8], v[13]); \ + G(r, 7, v[3], v[4], v[9], v[14]); \ + } while (0) #if defined(OPENSSL_SMALL_FOOTPRINT) /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */ for (i = 0; i < 10; i++) { @@ -296,7 +295,7 @@ */ int ossl_blake2s_final(unsigned char *md, BLAKE2S_CTX *c) { - uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0}; + uint8_t outbuffer[BLAKE2S_OUTBYTES] = { 0 }; uint8_t *target = outbuffer; int iter = (c->outlen + 3) / 4; int i; --- crypto/openssl/providers/implementations/digests/digestcommon.c.orig +++ crypto/openssl/providers/implementations/digests/digestcommon.c @@ -12,7 +12,7 @@ #include "prov/digestcommon.h" int ossl_digest_default_get_params(OSSL_PARAM params[], size_t blksz, - size_t paramsz, unsigned long flags) + size_t paramsz, unsigned long flags) { OSSL_PARAM *p = NULL; --- crypto/openssl/providers/implementations/digests/md2_prov.c.orig +++ crypto/openssl/providers/implementations/digests/md2_prov.c @@ -20,5 +20,5 @@ /* ossl_md2_functions */ IMPLEMENT_digest_functions(md2, MD2_CTX, - MD2_BLOCK, MD2_DIGEST_LENGTH, 0, - MD2_Init, MD2_Update, MD2_Final) + MD2_BLOCK, MD2_DIGEST_LENGTH, 0, + MD2_Init, MD2_Update, MD2_Final) --- crypto/openssl/providers/implementations/digests/md4_prov.c.orig +++ crypto/openssl/providers/implementations/digests/md4_prov.c @@ -20,5 +20,5 @@ /* ossl_md4_functions */ IMPLEMENT_digest_functions(md4, MD4_CTX, - MD4_CBLOCK, MD4_DIGEST_LENGTH, 0, - MD4_Init, MD4_Update, MD4_Final) + MD4_CBLOCK, MD4_DIGEST_LENGTH, 0, + MD4_Init, MD4_Update, MD4_Final) --- crypto/openssl/providers/implementations/digests/md5_prov.c.orig +++ crypto/openssl/providers/implementations/digests/md5_prov.c @@ -20,5 +20,5 @@ /* ossl_md5_functions */ IMPLEMENT_digest_functions(md5, MD5_CTX, - MD5_CBLOCK, MD5_DIGEST_LENGTH, 0, - MD5_Init, MD5_Update, MD5_Final) + MD5_CBLOCK, MD5_DIGEST_LENGTH, 0, + MD5_Init, MD5_Update, MD5_Final) --- crypto/openssl/providers/implementations/digests/md5_sha1_prov.c.orig +++ crypto/openssl/providers/implementations/digests/md5_sha1_prov.c @@ -26,12 +26,12 @@ static OSSL_FUNC_digest_settable_ctx_params_fn md5_sha1_settable_ctx_params; static const OSSL_PARAM known_md5_sha1_settable_ctx_params[] = { - {OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0}, + { OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0 }, OSSL_PARAM_END }; static const OSSL_PARAM *md5_sha1_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_md5_sha1_settable_ctx_params; } @@ -50,7 +50,7 @@ p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SSL3_MS); if (p != NULL && p->data_type == OSSL_PARAM_OCTET_STRING) return ossl_md5_sha1_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - p->data_size, p->data); + p->data_size, p->data); return 1; } --- crypto/openssl/providers/implementations/digests/mdc2_prov.c.orig +++ crypto/openssl/providers/implementations/digests/mdc2_prov.c @@ -31,7 +31,7 @@ }; static const OSSL_PARAM *mdc2_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_mdc2_settable_ctx_params; } --- crypto/openssl/providers/implementations/digests/null_prov.c.orig +++ crypto/openssl/providers/implementations/digests/null_prov.c @@ -35,18 +35,18 @@ * and that would cause compilation warnings with the default implementation. */ #undef PROV_FUNC_DIGEST_FINAL -#define PROV_FUNC_DIGEST_FINAL(name, dgstsize, fin) \ -static OSSL_FUNC_digest_final_fn name##_internal_final; \ -static int name##_internal_final(void *ctx, unsigned char *out, size_t *outl, \ - size_t outsz) \ -{ \ - if (ossl_prov_is_running() && fin(out, ctx)) { \ - *outl = dgstsize; \ - return 1; \ - } \ - return 0; \ -} +#define PROV_FUNC_DIGEST_FINAL(name, dgstsize, fin) \ + static OSSL_FUNC_digest_final_fn name##_internal_final; \ + static int name##_internal_final(void *ctx, unsigned char *out, size_t *outl, \ + size_t outsz) \ + { \ + if (ossl_prov_is_running() && fin(out, ctx)) { \ + *outl = dgstsize; \ + return 1; \ + } \ + return 0; \ + } IMPLEMENT_digest_functions(nullmd, NULLMD_CTX, - 0, 0, 0, - null_init, null_update, null_final) + 0, 0, 0, + null_init, null_update, null_final) --- crypto/openssl/providers/implementations/digests/ripemd_prov.c.orig +++ crypto/openssl/providers/implementations/digests/ripemd_prov.c @@ -20,5 +20,5 @@ /* ossl_ripemd160_functions */ IMPLEMENT_digest_functions(ripemd160, RIPEMD160_CTX, - RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH, 0, - RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final) + RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH, 0, + RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final) --- crypto/openssl/providers/implementations/digests/sha2_prov.c.orig +++ crypto/openssl/providers/implementations/digests/sha2_prov.c @@ -30,11 +30,11 @@ static OSSL_FUNC_digest_settable_ctx_params_fn sha1_settable_ctx_params; static const OSSL_PARAM known_sha1_settable_ctx_params[] = { - {OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0}, + { OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0 }, OSSL_PARAM_END }; static const OSSL_PARAM *sha1_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_sha1_settable_ctx_params; } @@ -53,7 +53,7 @@ p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SSL3_MS); if (p != NULL && p->data_type == OSSL_PARAM_OCTET_STRING) return ossl_sha1_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - p->data_size, p->data); + p->data_size, p->data); return 1; } @@ -65,31 +65,30 @@ /* ossl_sha224_functions */ IMPLEMENT_digest_functions(sha224, SHA256_CTX, - SHA256_CBLOCK, SHA224_DIGEST_LENGTH, SHA2_FLAGS, - SHA224_Init, SHA224_Update, SHA224_Final) + SHA256_CBLOCK, SHA224_DIGEST_LENGTH, SHA2_FLAGS, + SHA224_Init, SHA224_Update, SHA224_Final) /* ossl_sha256_functions */ IMPLEMENT_digest_functions(sha256, SHA256_CTX, - SHA256_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS, - SHA256_Init, SHA256_Update, SHA256_Final) + SHA256_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS, + SHA256_Init, SHA256_Update, SHA256_Final) /* ossl_sha384_functions */ IMPLEMENT_digest_functions(sha384, SHA512_CTX, - SHA512_CBLOCK, SHA384_DIGEST_LENGTH, SHA2_FLAGS, - SHA384_Init, SHA384_Update, SHA384_Final) + SHA512_CBLOCK, SHA384_DIGEST_LENGTH, SHA2_FLAGS, + SHA384_Init, SHA384_Update, SHA384_Final) /* ossl_sha512_functions */ IMPLEMENT_digest_functions(sha512, SHA512_CTX, - SHA512_CBLOCK, SHA512_DIGEST_LENGTH, SHA2_FLAGS, - SHA512_Init, SHA512_Update, SHA512_Final) + SHA512_CBLOCK, SHA512_DIGEST_LENGTH, SHA2_FLAGS, + SHA512_Init, SHA512_Update, SHA512_Final) /* ossl_sha512_224_functions */ IMPLEMENT_digest_functions(sha512_224, SHA512_CTX, - SHA512_CBLOCK, SHA224_DIGEST_LENGTH, SHA2_FLAGS, - sha512_224_init, SHA512_Update, SHA512_Final) + SHA512_CBLOCK, SHA224_DIGEST_LENGTH, SHA2_FLAGS, + sha512_224_init, SHA512_Update, SHA512_Final) /* ossl_sha512_256_functions */ IMPLEMENT_digest_functions(sha512_256, SHA512_CTX, - SHA512_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS, - sha512_256_init, SHA512_Update, SHA512_Final) - + SHA512_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS, + sha512_256_init, SHA512_Update, SHA512_Final) --- crypto/openssl/providers/implementations/digests/sha3_prov.c.orig +++ crypto/openssl/providers/implementations/digests/sha3_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ #include "prov/implementations.h" #define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT -#define SHAKE_FLAGS PROV_DIGEST_FLAG_XOF +#define SHAKE_FLAGS (PROV_DIGEST_FLAG_XOF | PROV_DIGEST_FLAG_ALGID_ABSENT) #define KMAC_FLAGS PROV_DIGEST_FLAG_XOF /* @@ -42,11 +42,10 @@ /* * IBM S390X support */ -# include "s390x_arch.h" -# define S390_SHA3 1 -# define S390_SHA3_CAPABLE(name) \ - ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \ - (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) +#include "s390x_arch.h" +#define S390_SHA3 1 +#define S390_SHA3_CAPABLE(name) \ + ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) #endif @@ -62,7 +61,7 @@ static int keccak_init_params(void *vctx, const OSSL_PARAM params[]) { return keccak_init(vctx, NULL) - && shake_set_ctx_params(vctx, params); + && shake_set_ctx_params(vctx, params); } static int keccak_update(void *vctx, const unsigned char *inp, size_t len) @@ -103,7 +102,7 @@ } static int keccak_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsz) + size_t outsz) { int ret = 1; KECCAK1600_CTX *ctx = vctx; @@ -132,8 +131,7 @@ return ossl_sha3_final(md, (KECCAK1600_CTX *)vctx); } -static PROV_SHA3_METHOD sha3_generic_md = -{ +static PROV_SHA3_METHOD sha3_generic_md = { generic_sha3_absorb, generic_sha3_final }; @@ -177,92 +175,90 @@ return 1; } -static PROV_SHA3_METHOD sha3_s390x_md = -{ +static PROV_SHA3_METHOD sha3_s390x_md = { s390x_sha3_absorb, s390x_sha3_final }; -static PROV_SHA3_METHOD shake_s390x_md = -{ +static PROV_SHA3_METHOD shake_s390x_md = { s390x_sha3_absorb, s390x_shake_final }; -# define SHA3_SET_MD(uname, typ) \ - if (S390_SHA3_CAPABLE(uname)) { \ - ctx->pad = S390X_##uname; \ - ctx->meth = typ##_s390x_md; \ - } else { \ - ctx->meth = sha3_generic_md; \ +#define SHA3_SET_MD(uname, typ) \ + if (S390_SHA3_CAPABLE(uname)) { \ + ctx->pad = S390X_##uname; \ + ctx->meth = typ##_s390x_md; \ + } else { \ + ctx->meth = sha3_generic_md; \ } #else -# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; +#define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; #endif /* S390_SHA3 */ -#define SHA3_newctx(typ, uname, name, bitlen, pad) \ -static OSSL_FUNC_digest_newctx_fn name##_newctx; \ -static void *name##_newctx(void *provctx) \ -{ \ - KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \ - : NULL; \ - \ - if (ctx == NULL) \ - return NULL; \ - ossl_sha3_init(ctx, pad, bitlen); \ - SHA3_SET_MD(uname, typ) \ - return ctx; \ -} +#define SHA3_newctx(typ, uname, name, bitlen, pad) \ + static OSSL_FUNC_digest_newctx_fn name##_newctx; \ + static void *name##_newctx(void *provctx) \ + { \ + KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \ + : NULL; \ + \ + if (ctx == NULL) \ + return NULL; \ + ossl_sha3_init(ctx, pad, bitlen); \ + SHA3_SET_MD(uname, typ) \ + return ctx; \ + } -#define KMAC_newctx(uname, bitlen, pad) \ -static OSSL_FUNC_digest_newctx_fn uname##_newctx; \ -static void *uname##_newctx(void *provctx) \ -{ \ - KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \ - : NULL; \ - \ - if (ctx == NULL) \ - return NULL; \ - ossl_keccak_kmac_init(ctx, pad, bitlen); \ - ctx->meth = sha3_generic_md; \ - return ctx; \ -} +#define KMAC_newctx(uname, bitlen, pad) \ + static OSSL_FUNC_digest_newctx_fn uname##_newctx; \ + static void *uname##_newctx(void *provctx) \ + { \ + KECCAK1600_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \ + : NULL; \ + \ + if (ctx == NULL) \ + return NULL; \ + ossl_keccak_kmac_init(ctx, pad, bitlen); \ + ctx->meth = sha3_generic_md; \ + return ctx; \ + } -#define PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags) \ -PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ -const OSSL_DISPATCH ossl_##name##_functions[] = { \ - { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ - { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ - { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ - { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ - { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ - PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) - -#define PROV_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags) \ - PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ - { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ - PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END - -#define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, flags) \ - PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ - { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init_params }, \ - { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))shake_set_ctx_params }, \ - { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \ - (void (*)(void))shake_settable_ctx_params }, \ - PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END +#define PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags) \ + PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ + const OSSL_DISPATCH ossl_##name##_functions[] = { \ + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ + PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) + +#define PROV_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags) \ + PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ + PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END + +#define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, flags) \ + PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init_params }, \ + { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))shake_set_ctx_params }, \ + { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \ + (void (*)(void))shake_settable_ctx_params }, \ + PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END static void keccak_freectx(void *vctx) { KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; - OPENSSL_clear_free(ctx, sizeof(*ctx)); + OPENSSL_clear_free(ctx, sizeof(*ctx)); } static void *keccak_dupctx(void *ctx) { KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx; KECCAK1600_CTX *ret = ossl_prov_is_running() ? OPENSSL_malloc(sizeof(*ret)) - : NULL; + : NULL; if (ret != NULL) *ret = *in; @@ -270,11 +266,11 @@ } static const OSSL_PARAM known_shake_settable_ctx_params[] = { - {OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0}, + { OSSL_DIGEST_PARAM_XOFLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0 }, OSSL_PARAM_END }; static const OSSL_PARAM *shake_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_shake_settable_ctx_params; } @@ -297,22 +293,22 @@ return 1; } -#define IMPLEMENT_SHA3_functions(bitlen) \ - SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ - PROV_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \ - SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ - SHA3_FLAGS) - -#define IMPLEMENT_SHAKE_functions(bitlen) \ - SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ - PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen, \ - SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ - SHAKE_FLAGS) -#define IMPLEMENT_KMAC_functions(bitlen) \ - KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ - PROV_FUNC_SHAKE_DIGEST(keccak_kmac_##bitlen, bitlen, \ - SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \ - KMAC_FLAGS) +#define IMPLEMENT_SHA3_functions(bitlen) \ + SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ + PROV_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \ + SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ + SHA3_FLAGS) + +#define IMPLEMENT_SHAKE_functions(bitlen) \ + SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ + PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen, \ + SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ + SHAKE_FLAGS) +#define IMPLEMENT_KMAC_functions(bitlen) \ + KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ + PROV_FUNC_SHAKE_DIGEST(keccak_kmac_##bitlen, bitlen, \ + SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \ + KMAC_FLAGS) /* ossl_sha3_224_functions */ IMPLEMENT_SHA3_functions(224) --- crypto/openssl/providers/implementations/digests/sm3_prov.c.orig +++ crypto/openssl/providers/implementations/digests/sm3_prov.c @@ -14,5 +14,5 @@ /* ossl_sm3_functions */ IMPLEMENT_digest_functions(sm3, SM3_CTX, - SM3_CBLOCK, SM3_DIGEST_LENGTH, 0, - ossl_sm3_init, ossl_sm3_update, ossl_sm3_final) + SM3_CBLOCK, SM3_DIGEST_LENGTH, 0, + ossl_sm3_init, ossl_sm3_update, ossl_sm3_final) --- crypto/openssl/providers/implementations/digests/wp_prov.c.orig +++ crypto/openssl/providers/implementations/digests/wp_prov.c @@ -20,5 +20,5 @@ /* ossl_wp_functions */ IMPLEMENT_digest_functions(wp, WHIRLPOOL_CTX, - WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH, 0, - WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final) + WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH, 0, + WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final) --- crypto/openssl/providers/implementations/encode_decode/decode_der2key.c.orig +++ crypto/openssl/providers/implementations/encode_decode/decode_der2key.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,11 +19,11 @@ #include #include #include -#include /* PEM_BUFSIZE and public PEM functions */ +#include /* PEM_BUFSIZE and public PEM functions */ #include #include #include -#include "internal/cryptlib.h" /* ossl_assert() */ +#include "internal/cryptlib.h" /* ossl_assert() */ #include "internal/asn1.h" #include "crypto/dh.h" #include "crypto/dsa.h" @@ -37,12 +37,12 @@ #include "prov/implementations.h" #include "endecoder_local.h" -struct der2key_ctx_st; /* Forward declaration */ +struct der2key_ctx_st; /* Forward declaration */ typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); typedef void free_key_fn(void *); typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, - struct der2key_ctx_st *); + struct der2key_ctx_st *); struct keytype_desc_st { const char *keytype_name; const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ @@ -63,10 +63,10 @@ /* For type specific decoders, we use the corresponding d2i */ d2i_of_void *d2i_private_key; /* From type-specific DER */ - d2i_of_void *d2i_public_key; /* From type-specific DER */ - d2i_of_void *d2i_key_params; /* From type-specific DER */ - d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ - d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ + d2i_of_void *d2i_public_key; /* From type-specific DER */ + d2i_of_void *d2i_key_params; /* From type-specific DER */ + d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ + d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ /* * For any key, we may need to check that the key meets expectations. @@ -97,10 +97,10 @@ }; typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); static void *der2key_decode_p8(const unsigned char **input_der, - long input_der_len, struct der2key_ctx_st *ctx, - key_from_pkcs8_t *key_from_pkcs8) + long input_der_len, struct der2key_ctx_st *ctx, + key_from_pkcs8_t *key_from_pkcs8) { PKCS8_PRIV_KEY_INFO *p8inf = NULL; const X509_ALGOR *alg = NULL; @@ -144,7 +144,7 @@ } static int der2key_check_selection(int selection, - const struct keytype_desc_st *desc) + const struct keytype_desc_st *desc) { /* * The selections are kinda sorta "levels", i.e. each selection given @@ -178,8 +178,8 @@ } static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct der2key_ctx_st *ctx = vctx; unsigned char *der = NULL; @@ -269,7 +269,7 @@ if (key != NULL && ctx->desc->adjust_key != NULL) ctx->desc->adjust_key(key, ctx); - next: +next: /* * Indicated that we successfully decoded something, or not at all. * Ending up "empty handed" is not an error. @@ -288,31 +288,27 @@ OSSL_PARAM params[4]; int object_type = OSSL_OBJECT_PKEY; - params[0] = - OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); #ifndef OPENSSL_NO_SM2 if (strcmp(ctx->desc->keytype_name, "EC") == 0 && (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0) - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - "SM2", 0); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + "SM2", 0); else #endif - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - (char *)ctx->desc->keytype_name, - 0); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)ctx->desc->keytype_name, + 0); /* The address of the key becomes the octet string */ - params[2] = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, - &key, sizeof(key)); + params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, + &key, sizeof(key)); params[3] = OSSL_PARAM_construct_end(); ok = data_cb(params, data_cbarg); } - end: +end: ctx->desc->free_key(key); OPENSSL_free(der); @@ -320,12 +316,11 @@ } static int der2key_export_object(void *vctx, - const void *reference, size_t reference_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg) + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) { struct der2key_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_export_fn *export = - ossl_prov_get_keymgmt_export(ctx->desc->fns); + OSSL_FUNC_keymgmt_export_fn *export = ossl_prov_get_keymgmt_export(ctx->desc->fns); void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { @@ -344,56 +339,56 @@ /* ---------------------------------------------------------------------- */ #ifndef OPENSSL_NO_DH -# define dh_evp_type EVP_PKEY_DH -# define dh_d2i_private_key NULL -# define dh_d2i_public_key NULL -# define dh_d2i_key_params (d2i_of_void *)d2i_DHparams +#define dh_evp_type EVP_PKEY_DH +#define dh_d2i_private_key NULL +#define dh_d2i_public_key NULL +#define dh_d2i_key_params (d2i_of_void *)d2i_DHparams static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx) + struct der2key_ctx_st *ctx) { return der2key_decode_p8(der, der_len, ctx, - (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8); + (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8); } -# define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY -# define dh_free (free_key_fn *)DH_free -# define dh_check NULL +#define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY +#define dh_free (free_key_fn *)DH_free +#define dh_check NULL static void dh_adjust(void *key, struct der2key_ctx_st *ctx) { ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); } -# define dhx_evp_type EVP_PKEY_DHX -# define dhx_d2i_private_key NULL -# define dhx_d2i_public_key NULL -# define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams -# define dhx_d2i_PKCS8 dh_d2i_PKCS8 -# define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY -# define dhx_free (free_key_fn *)DH_free -# define dhx_check NULL -# define dhx_adjust dh_adjust +#define dhx_evp_type EVP_PKEY_DHX +#define dhx_d2i_private_key NULL +#define dhx_d2i_public_key NULL +#define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams +#define dhx_d2i_PKCS8 dh_d2i_PKCS8 +#define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY +#define dhx_free (free_key_fn *)DH_free +#define dhx_check NULL +#define dhx_adjust dh_adjust #endif /* ---------------------------------------------------------------------- */ #ifndef OPENSSL_NO_DSA -# define dsa_evp_type EVP_PKEY_DSA -# define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey -# define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey -# define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams +#define dsa_evp_type EVP_PKEY_DSA +#define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey +#define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey +#define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx) + struct der2key_ctx_st *ctx) { return der2key_decode_p8(der, der_len, ctx, - (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8); + (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8); } -# define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY -# define dsa_free (free_key_fn *)DSA_free -# define dsa_check NULL +#define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY +#define dsa_free (free_key_fn *)DSA_free +#define dsa_check NULL static void dsa_adjust(void *key, struct der2key_ctx_st *ctx) { @@ -404,20 +399,20 @@ /* ---------------------------------------------------------------------- */ #ifndef OPENSSL_NO_EC -# define ec_evp_type EVP_PKEY_EC -# define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey -# define ec_d2i_public_key NULL -# define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters +#define ec_evp_type EVP_PKEY_EC +#define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey +#define ec_d2i_public_key NULL +#define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx) + struct der2key_ctx_st *ctx) { return der2key_decode_p8(der, der_len, ctx, - (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); + (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); } -# define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY -# define ec_free (free_key_fn *)EC_KEY_free +#define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY +#define ec_free (free_key_fn *)EC_KEY_free static int ec_check(void *key, struct der2key_ctx_st *ctx) { @@ -445,10 +440,10 @@ */ static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx) + struct der2key_ctx_st *ctx) { return der2key_decode_p8(der, der_len, ctx, - (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8); + (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8); } static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx) @@ -456,82 +451,82 @@ ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); } -# define ed25519_evp_type EVP_PKEY_ED25519 -# define ed25519_d2i_private_key NULL -# define ed25519_d2i_public_key NULL -# define ed25519_d2i_key_params NULL -# define ed25519_d2i_PKCS8 ecx_d2i_PKCS8 -# define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY -# define ed25519_free (free_key_fn *)ossl_ecx_key_free -# define ed25519_check NULL -# define ed25519_adjust ecx_key_adjust - -# define ed448_evp_type EVP_PKEY_ED448 -# define ed448_d2i_private_key NULL -# define ed448_d2i_public_key NULL -# define ed448_d2i_key_params NULL -# define ed448_d2i_PKCS8 ecx_d2i_PKCS8 -# define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY -# define ed448_free (free_key_fn *)ossl_ecx_key_free -# define ed448_check NULL -# define ed448_adjust ecx_key_adjust - -# define x25519_evp_type EVP_PKEY_X25519 -# define x25519_d2i_private_key NULL -# define x25519_d2i_public_key NULL -# define x25519_d2i_key_params NULL -# define x25519_d2i_PKCS8 ecx_d2i_PKCS8 -# define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY -# define x25519_free (free_key_fn *)ossl_ecx_key_free -# define x25519_check NULL -# define x25519_adjust ecx_key_adjust - -# define x448_evp_type EVP_PKEY_X448 -# define x448_d2i_private_key NULL -# define x448_d2i_public_key NULL -# define x448_d2i_key_params NULL -# define x448_d2i_PKCS8 ecx_d2i_PKCS8 -# define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY -# define x448_free (free_key_fn *)ossl_ecx_key_free -# define x448_check NULL -# define x448_adjust ecx_key_adjust - -# ifndef OPENSSL_NO_SM2 -# define sm2_evp_type EVP_PKEY_SM2 -# define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey -# define sm2_d2i_public_key NULL -# define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters +#define ed25519_evp_type EVP_PKEY_ED25519 +#define ed25519_d2i_private_key NULL +#define ed25519_d2i_public_key NULL +#define ed25519_d2i_key_params NULL +#define ed25519_d2i_PKCS8 ecx_d2i_PKCS8 +#define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY +#define ed25519_free (free_key_fn *)ossl_ecx_key_free +#define ed25519_check NULL +#define ed25519_adjust ecx_key_adjust + +#define ed448_evp_type EVP_PKEY_ED448 +#define ed448_d2i_private_key NULL +#define ed448_d2i_public_key NULL +#define ed448_d2i_key_params NULL +#define ed448_d2i_PKCS8 ecx_d2i_PKCS8 +#define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY +#define ed448_free (free_key_fn *)ossl_ecx_key_free +#define ed448_check NULL +#define ed448_adjust ecx_key_adjust + +#define x25519_evp_type EVP_PKEY_X25519 +#define x25519_d2i_private_key NULL +#define x25519_d2i_public_key NULL +#define x25519_d2i_key_params NULL +#define x25519_d2i_PKCS8 ecx_d2i_PKCS8 +#define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY +#define x25519_free (free_key_fn *)ossl_ecx_key_free +#define x25519_check NULL +#define x25519_adjust ecx_key_adjust + +#define x448_evp_type EVP_PKEY_X448 +#define x448_d2i_private_key NULL +#define x448_d2i_public_key NULL +#define x448_d2i_key_params NULL +#define x448_d2i_PKCS8 ecx_d2i_PKCS8 +#define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY +#define x448_free (free_key_fn *)ossl_ecx_key_free +#define x448_check NULL +#define x448_adjust ecx_key_adjust + +#ifndef OPENSSL_NO_SM2 +#define sm2_evp_type EVP_PKEY_SM2 +#define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey +#define sm2_d2i_public_key NULL +#define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx) + struct der2key_ctx_st *ctx) { return der2key_decode_p8(der, der_len, ctx, - (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); + (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); } -# define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY -# define sm2_free (free_key_fn *)EC_KEY_free -# define sm2_check ec_check -# define sm2_adjust ec_adjust -# endif +#define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY +#define sm2_free (free_key_fn *)EC_KEY_free +#define sm2_check ec_check +#define sm2_adjust ec_adjust +#endif #endif /* ---------------------------------------------------------------------- */ -#define rsa_evp_type EVP_PKEY_RSA -#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey -#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey -#define rsa_d2i_key_params NULL +#define rsa_evp_type EVP_PKEY_RSA +#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey +#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey +#define rsa_d2i_key_params NULL static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx) + struct der2key_ctx_st *ctx) { return der2key_decode_p8(der, der_len, ctx, - (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8); + (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8); } -#define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY -#define rsa_free (free_key_fn *)RSA_free +#define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY +#define rsa_free (free_key_fn *)RSA_free static int rsa_check(void *key, struct der2key_ctx_st *ctx) { @@ -551,15 +546,15 @@ ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); } -#define rsapss_evp_type EVP_PKEY_RSA_PSS -#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey -#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey -#define rsapss_d2i_key_params NULL -#define rsapss_d2i_PKCS8 rsa_d2i_PKCS8 -#define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY -#define rsapss_free (free_key_fn *)RSA_free -#define rsapss_check rsa_check -#define rsapss_adjust rsa_adjust +#define rsapss_evp_type EVP_PKEY_RSA_PSS +#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey +#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey +#define rsapss_d2i_key_params NULL +#define rsapss_d2i_PKCS8 rsa_d2i_PKCS8 +#define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY +#define rsapss_free (free_key_fn *)RSA_free +#define rsapss_check rsa_check +#define rsapss_adjust rsa_adjust /* ---------------------------------------------------------------------- */ @@ -567,162 +562,162 @@ * The DO_ macros help define the selection mask and the method functions * for each kind of object we want to decode. */ -#define DO_type_specific_keypair(keytype) \ - "type-specific", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \ - keytype##_d2i_private_key, \ - keytype##_d2i_public_key, \ - NULL, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_type_specific_keypair(keytype) \ + "type-specific", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_KEYPAIR), \ + keytype##_d2i_private_key, \ + keytype##_d2i_public_key, \ + NULL, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_type_specific_pub(keytype) \ - "type-specific", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ - NULL, \ - keytype##_d2i_public_key, \ - NULL, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_type_specific_pub(keytype) \ + "type-specific", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PUBLIC_KEY), \ + NULL, \ + keytype##_d2i_public_key, \ + NULL, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_type_specific_priv(keytype) \ - "type-specific", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ - keytype##_d2i_private_key, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_type_specific_priv(keytype) \ + "type-specific", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PRIVATE_KEY), \ + keytype##_d2i_private_key, \ + NULL, \ + NULL, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_type_specific_params(keytype) \ - "type-specific", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ - NULL, \ - NULL, \ - keytype##_d2i_key_params, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_type_specific_params(keytype) \ + "type-specific", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \ + NULL, \ + NULL, \ + keytype##_d2i_key_params, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_type_specific(keytype) \ - "type-specific", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_ALL ), \ - keytype##_d2i_private_key, \ - keytype##_d2i_public_key, \ - keytype##_d2i_key_params, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_type_specific(keytype) \ + "type-specific", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_ALL), \ + keytype##_d2i_private_key, \ + keytype##_d2i_public_key, \ + keytype##_d2i_key_params, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_type_specific_no_pub(keytype) \ - "type-specific", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ - keytype##_d2i_private_key, \ - NULL, \ - keytype##_d2i_key_params, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_type_specific_no_pub(keytype) \ + "type-specific", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \ + keytype##_d2i_private_key, \ + NULL, \ + keytype##_d2i_key_params, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_PrivateKeyInfo(keytype) \ - "PrivateKeyInfo", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ - NULL, \ - NULL, \ - NULL, \ - keytype##_d2i_PKCS8, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_PrivateKeyInfo(keytype) \ + "PrivateKeyInfo", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PRIVATE_KEY), \ + NULL, \ + NULL, \ + NULL, \ + keytype##_d2i_PKCS8, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_SubjectPublicKeyInfo(keytype) \ - "SubjectPublicKeyInfo", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - keytype##_d2i_PUBKEY, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_SubjectPublicKeyInfo(keytype) \ + "SubjectPublicKeyInfo", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PUBLIC_KEY), \ + NULL, \ + NULL, \ + NULL, \ + NULL, \ + keytype##_d2i_PUBKEY, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_DH(keytype) \ - "DH", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ - NULL, \ - NULL, \ - keytype##_d2i_key_params, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_DH(keytype) \ + "DH", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \ + NULL, \ + NULL, \ + keytype##_d2i_key_params, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_DHX(keytype) \ - "DHX", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ - NULL, \ - NULL, \ - keytype##_d2i_key_params, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_DHX(keytype) \ + "DHX", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \ + NULL, \ + NULL, \ + keytype##_d2i_key_params, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_DSA(keytype) \ - "DSA", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_ALL ), \ - keytype##_d2i_private_key, \ - keytype##_d2i_public_key, \ - keytype##_d2i_key_params, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_DSA(keytype) \ + "DSA", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_ALL), \ + keytype##_d2i_private_key, \ + keytype##_d2i_public_key, \ + keytype##_d2i_key_params, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_EC(keytype) \ - "EC", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ - keytype##_d2i_private_key, \ - NULL, \ - keytype##_d2i_key_params, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_EC(keytype) \ + "EC", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \ + keytype##_d2i_private_key, \ + NULL, \ + keytype##_d2i_key_params, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free -#define DO_RSA(keytype) \ - "RSA", keytype##_evp_type, \ - ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \ - keytype##_d2i_private_key, \ - keytype##_d2i_public_key, \ - NULL, \ - NULL, \ - NULL, \ - keytype##_check, \ - keytype##_adjust, \ +#define DO_RSA(keytype) \ + "RSA", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_KEYPAIR), \ + keytype##_d2i_private_key, \ + keytype##_d2i_public_key, \ + NULL, \ + NULL, \ + NULL, \ + keytype##_check, \ + keytype##_adjust, \ keytype##_free /* @@ -742,37 +737,37 @@ * the DO_##kind macros above, to populate the keytype_desc_st * structure. */ -#define MAKE_DECODER(keytype_name, keytype, type, kind) \ - static const struct keytype_desc_st kind##_##keytype##_desc = \ - { keytype_name, ossl_##keytype##_keymgmt_functions, \ - DO_##kind(keytype) }; \ - \ - static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ - \ - static void *kind##_der2##keytype##_newctx(void *provctx) \ - { \ - return der2key_newctx(provctx, &kind##_##keytype##_desc); \ - } \ - static int kind##_der2##keytype##_does_selection(void *provctx, \ - int selection) \ - { \ - return der2key_check_selection(selection, \ - &kind##_##keytype##_desc); \ - } \ - const OSSL_DISPATCH \ - ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \ - { OSSL_FUNC_DECODER_NEWCTX, \ - (void (*)(void))kind##_der2##keytype##_newctx }, \ - { OSSL_FUNC_DECODER_FREECTX, \ - (void (*)(void))der2key_freectx }, \ - { OSSL_FUNC_DECODER_DOES_SELECTION, \ - (void (*)(void))kind##_der2##keytype##_does_selection }, \ - { OSSL_FUNC_DECODER_DECODE, \ - (void (*)(void))der2key_decode }, \ - { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ - (void (*)(void))der2key_export_object }, \ - { 0, NULL } \ - } +#define MAKE_DECODER(keytype_name, keytype, type, kind) \ + static const struct keytype_desc_st kind##_##keytype##_desc = { keytype_name, ossl_##keytype##_keymgmt_functions, \ + DO_##kind(keytype) }; \ + \ + static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ + \ + static void *kind##_der2##keytype##_newctx(void *provctx) \ + { \ + return der2key_newctx(provctx, &kind##_##keytype##_desc); \ + } \ + static int kind##_der2##keytype##_does_selection(void *provctx, \ + int selection) \ + { \ + return der2key_check_selection(selection, \ + &kind##_##keytype##_desc); \ + } \ + const OSSL_DISPATCH \ + ossl_##kind##_der_to_##keytype##_decoder_functions[] \ + = { \ + { OSSL_FUNC_DECODER_NEWCTX, \ + (void (*)(void))kind##_der2##keytype##_newctx }, \ + { OSSL_FUNC_DECODER_FREECTX, \ + (void (*)(void))der2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))kind##_der2##keytype##_does_selection }, \ + { OSSL_FUNC_DECODER_DECODE, \ + (void (*)(void))der2key_decode }, \ + { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ + (void (*)(void))der2key_export_object }, \ + { 0, NULL } \ + } #ifndef OPENSSL_NO_DH MAKE_DECODER("DH", dh, dh, PrivateKeyInfo); @@ -803,10 +798,11 @@ MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo); MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo); MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo); MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo); -# endif +MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub); +#endif #endif MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); --- crypto/openssl/providers/implementations/encode_decode/decode_epki2pki.c.orig +++ crypto/openssl/providers/implementations/encode_decode/decode_epki2pki.c @@ -56,8 +56,8 @@ * PrivateKeyInfo. */ static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct epki2pki_ctx_st *ctx = vctx; BUF_MEM *mem = NULL; @@ -84,7 +84,7 @@ der_len = (long)mem->length; OPENSSL_free(mem); - ok = 1; /* Assume good */ + ok = 1; /* Assume good */ ERR_set_mark(); if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) { char pbuf[1024]; @@ -102,9 +102,9 @@ X509_SIG_get0(p8, &alg, &oct); if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen, - oct->data, oct->length, - &new_der, &new_der_len, 0, - PROV_LIBCTX_OF(ctx->provctx), NULL)) { + oct->data, oct->length, + &new_der, &new_der_len, 0, + PROV_LIBCTX_OF(ctx->provctx), NULL)) { ok = 0; } else { OPENSSL_free(der); @@ -135,11 +135,11 @@ OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - keytype, 0); + keytype, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, - "PrivateKeyInfo", 0); + "PrivateKeyInfo", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, - der, der_len); + der, der_len); *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); *p = OSSL_PARAM_construct_end(); --- crypto/openssl/providers/implementations/encode_decode/decode_msblob2key.c.orig +++ crypto/openssl/providers/implementations/encode_decode/decode_msblob2key.c @@ -20,24 +20,24 @@ #include #include #include -#include /* For public PVK functions */ +#include /* For public PVK functions */ #include #include #include "internal/passphrase.h" -#include "crypto/pem.h" /* For internal PVK and "blob" headers */ +#include "crypto/pem.h" /* For internal PVK and "blob" headers */ #include "crypto/rsa.h" #include "prov/bio.h" #include "prov/implementations.h" #include "endecoder_local.h" -struct msblob2key_ctx_st; /* Forward declaration */ +struct msblob2key_ctx_st; /* Forward declaration */ typedef void *b2i_of_void_fn(const unsigned char **in, unsigned int bitlen, - int ispub); + int ispub); typedef void adjust_key_fn(void *, struct msblob2key_ctx_st *ctx); typedef void free_key_fn(void *); struct keytype_desc_st { - int type; /* EVP key type */ - const char *name; /* Keytype */ + int type; /* EVP key type */ + const char *name; /* Keytype */ const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ b2i_of_void_fn *read_private_key; @@ -84,16 +84,15 @@ if (selection == 0) return 1; - if ((selection & (OSSL_KEYMGMT_SELECT_PRIVATE_KEY - | OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != 0) + if ((selection & (OSSL_KEYMGMT_SELECT_PRIVATE_KEY | OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != 0) return 1; return 0; } static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct msblob2key_ctx_st *ctx = vctx; BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); @@ -120,7 +119,7 @@ goto next; ctx->selection = selection; - ok = 0; /* Assume that we fail */ + ok = 0; /* Assume that we fail */ if ((isdss && ctx->desc->type != EVP_PKEY_DSA) || (!isdss && ctx->desc->type != EVP_PKEY_RSA)) @@ -143,7 +142,7 @@ } if ((selection == 0 - || (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + || (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) && !ispub && ctx->desc->read_private_key != NULL) { struct ossl_passphrase_data_st pwdata; @@ -156,8 +155,7 @@ if (selection != 0 && key == NULL) goto next; } - if (key == NULL && (selection == 0 - || (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + if (key == NULL && (selection == 0 || (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) && ispub && ctx->desc->read_public_key != NULL) { p = buf; @@ -169,7 +167,7 @@ if (key != NULL && ctx->desc->adjust_key != NULL) ctx->desc->adjust_key(key, ctx); - next: +next: /* * Indicated that we successfully decoded something, or not at all. * Ending up "empty handed" is not an error. @@ -190,21 +188,18 @@ OSSL_PARAM params[4]; int object_type = OSSL_OBJECT_PKEY; - params[0] = - OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - (char *)ctx->desc->name, 0); + params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)ctx->desc->name, 0); /* The address of the key becomes the octet string */ - params[2] = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, - &key, sizeof(key)); + params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, + &key, sizeof(key)); params[3] = OSSL_PARAM_construct_end(); ok = data_cb(params, data_cbarg); } - end: +end: BIO_free(in); OPENSSL_free(buf); ctx->desc->free_key(key); @@ -214,12 +209,11 @@ static int msblob2key_export_object(void *vctx, - const void *reference, size_t reference_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg) + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) { struct msblob2key_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_export_fn *export = - ossl_prov_get_keymgmt_export(ctx->desc->fns); + OSSL_FUNC_keymgmt_export_fn *export = ossl_prov_get_keymgmt_export(ctx->desc->fns); void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { @@ -237,53 +231,54 @@ /* ---------------------------------------------------------------------- */ -#define dsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header -#define dsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header -#define dsa_adjust NULL -#define dsa_free (void (*)(void *))DSA_free +#define dsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header +#define dsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_DSA_after_header +#define dsa_adjust NULL +#define dsa_free (void (*)(void *)) DSA_free /* ---------------------------------------------------------------------- */ -#define rsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header -#define rsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header +#define rsa_decode_private_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header +#define rsa_decode_public_key (b2i_of_void_fn *)ossl_b2i_RSA_after_header static void rsa_adjust(void *key, struct msblob2key_ctx_st *ctx) { ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); } -#define rsa_free (void (*)(void *))RSA_free +#define rsa_free (void (*)(void *)) RSA_free /* ---------------------------------------------------------------------- */ -#define IMPLEMENT_MSBLOB(KEYTYPE, keytype) \ - static const struct keytype_desc_st mstype##2##keytype##_desc = { \ - EVP_PKEY_##KEYTYPE, #KEYTYPE, \ - ossl_##keytype##_keymgmt_functions, \ - keytype##_decode_private_key, \ - keytype##_decode_public_key, \ - keytype##_adjust, \ - keytype##_free \ - }; \ - static OSSL_FUNC_decoder_newctx_fn msblob2##keytype##_newctx; \ - static void *msblob2##keytype##_newctx(void *provctx) \ - { \ - return msblob2key_newctx(provctx, &mstype##2##keytype##_desc); \ - } \ - const OSSL_DISPATCH \ - ossl_msblob_to_##keytype##_decoder_functions[] = { \ - { OSSL_FUNC_DECODER_NEWCTX, \ - (void (*)(void))msblob2##keytype##_newctx }, \ - { OSSL_FUNC_DECODER_FREECTX, \ - (void (*)(void))msblob2key_freectx }, \ - { OSSL_FUNC_DECODER_DOES_SELECTION, \ - (void (*)(void))msblob2key_does_selection }, \ - { OSSL_FUNC_DECODER_DECODE, \ - (void (*)(void))msblob2key_decode }, \ - { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ - (void (*)(void))msblob2key_export_object }, \ - { 0, NULL } \ - } +#define IMPLEMENT_MSBLOB(KEYTYPE, keytype) \ + static const struct keytype_desc_st mstype##2##keytype##_desc = { \ + EVP_PKEY_##KEYTYPE, #KEYTYPE, \ + ossl_##keytype##_keymgmt_functions, \ + keytype##_decode_private_key, \ + keytype##_decode_public_key, \ + keytype##_adjust, \ + keytype##_free \ + }; \ + static OSSL_FUNC_decoder_newctx_fn msblob2##keytype##_newctx; \ + static void *msblob2##keytype##_newctx(void *provctx) \ + { \ + return msblob2key_newctx(provctx, &mstype##2##keytype##_desc); \ + } \ + const OSSL_DISPATCH \ + ossl_msblob_to_##keytype##_decoder_functions[] \ + = { \ + { OSSL_FUNC_DECODER_NEWCTX, \ + (void (*)(void))msblob2##keytype##_newctx }, \ + { OSSL_FUNC_DECODER_FREECTX, \ + (void (*)(void))msblob2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))msblob2key_does_selection }, \ + { OSSL_FUNC_DECODER_DECODE, \ + (void (*)(void))msblob2key_decode }, \ + { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ + (void (*)(void))msblob2key_export_object }, \ + { 0, NULL } \ + } #ifndef OPENSSL_NO_DSA IMPLEMENT_MSBLOB(DSA, dsa); --- crypto/openssl/providers/implementations/encode_decode/decode_pem2der.c.orig +++ crypto/openssl/providers/implementations/encode_decode/decode_pem2der.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,8 +29,8 @@ #include "endecoder_local.h" static int read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin, - char **pem_name, char **pem_header, - unsigned char **data, long *len) + char **pem_name, char **pem_header, + unsigned char **data, long *len) { BIO *in = ossl_bio_new_from_core_bio(provctx, cin); int ok; @@ -93,8 +93,8 @@ * because it's not relevant just to decode PEM to DER. */ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { /* * PEM names we recognise. Other PEM names should be recognised by @@ -119,6 +119,8 @@ { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" }, { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" }, { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" }, + { PEM_STRING_SM2PRIVATEKEY, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, + { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, @@ -141,7 +143,8 @@ int objtype = OSSL_OBJECT_UNKNOWN; ok = read_pem(ctx->provctx, cin, &pem_name, &pem_header, - &der, &der_len) > 0; + &der, &der_len) + > 0; /* We return "empty handed". This is not an error. */ if (!ok) return 1; @@ -156,12 +159,12 @@ EVP_CIPHER_INFO cipher; struct pem2der_pass_data_st pass_data; - ok = 0; /* Assume that we fail */ + ok = 0; /* Assume that we fail */ pass_data.cb = pw_cb; pass_data.cbarg = pw_cbarg; if (!PEM_get_EVP_CIPHER_INFO(pem_header, &cipher) || !PEM_do_header(&cipher, der, &der_len, - pem2der_pass_helper, &pass_data)) + pem2der_pass_helper, &pass_data)) goto end; } @@ -184,27 +187,23 @@ objtype = pem_name_map[i].object_type; if (data_type != NULL) - *p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - data_type, 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + data_type, 0); /* We expect this to be read only so casting away the const is ok */ if (data_structure != NULL) - *p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, - data_structure, 0); - *p++ = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, - der, der_len); - *p++ = - OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, + data_structure, 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, + der, der_len); + *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); *p = OSSL_PARAM_construct_end(); ok = data_cb(params, data_cbarg); } - end: +end: OPENSSL_free(pem_name); OPENSSL_free(pem_header); OPENSSL_free(der); --- crypto/openssl/providers/implementations/encode_decode/decode_pvk2key.c.orig +++ crypto/openssl/providers/implementations/encode_decode/decode_pvk2key.c @@ -21,24 +21,24 @@ #include #include #include -#include /* For public PVK functions */ +#include /* For public PVK functions */ #include #include "internal/passphrase.h" -#include "crypto/pem.h" /* For internal PVK and "blob" headers */ +#include "crypto/pem.h" /* For internal PVK and "blob" headers */ #include "crypto/rsa.h" #include "prov/bio.h" #include "prov/implementations.h" #include "endecoder_local.h" -struct pvk2key_ctx_st; /* Forward declaration */ +struct pvk2key_ctx_st; /* Forward declaration */ typedef int check_key_fn(void *, struct pvk2key_ctx_st *ctx); typedef void adjust_key_fn(void *, struct pvk2key_ctx_st *ctx); typedef void *b2i_PVK_of_bio_pw_fn(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); typedef void free_key_fn(void *); struct keytype_desc_st { - int type; /* EVP key type */ - const char *name; /* Keytype */ + int type; /* EVP key type */ + const char *name; /* Keytype */ const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ b2i_PVK_of_bio_pw_fn *read_private_key; @@ -84,15 +84,15 @@ if (selection == 0) return 1; - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) return 1; return 0; } static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct pvk2key_ctx_st *ctx = vctx; BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); @@ -105,7 +105,7 @@ ctx->selection = selection; if ((selection == 0 - || (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + || (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) && ctx->desc->read_private_key != NULL) { struct ossl_passphrase_data_st pwdata; int err, lib, reason; @@ -115,7 +115,7 @@ goto end; key = ctx->desc->read_private_key(in, ossl_pw_pvk_password, &pwdata, - PROV_LIBCTX_OF(ctx->provctx), NULL); + PROV_LIBCTX_OF(ctx->provctx), NULL); /* * Because the PVK API doesn't have a separate decrypt call, we need @@ -140,7 +140,7 @@ if (key != NULL && ctx->desc->adjust_key != NULL) ctx->desc->adjust_key(key, ctx); - next: +next: /* * Indicated that we successfully decoded something, or not at all. * Ending up "empty handed" is not an error. @@ -159,21 +159,18 @@ OSSL_PARAM params[4]; int object_type = OSSL_OBJECT_PKEY; - params[0] = - OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - (char *)ctx->desc->name, 0); + params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)ctx->desc->name, 0); /* The address of the key becomes the octet string */ - params[2] = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, - &key, sizeof(key)); + params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, + &key, sizeof(key)); params[3] = OSSL_PARAM_construct_end(); ok = data_cb(params, data_cbarg); } - end: +end: BIO_free(in); ctx->desc->free_key(key); @@ -181,12 +178,11 @@ } static int pvk2key_export_object(void *vctx, - const void *reference, size_t reference_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg) + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) { struct pvk2key_ctx_st *ctx = vctx; - OSSL_FUNC_keymgmt_export_fn *export = - ossl_prov_get_keymgmt_export(ctx->desc->fns); + OSSL_FUNC_keymgmt_export_fn *export = ossl_prov_get_keymgmt_export(ctx->desc->fns); void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { @@ -204,51 +200,53 @@ /* ---------------------------------------------------------------------- */ -#define dsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_DSA_PVK_bio_ex -#define dsa_adjust NULL -#define dsa_free (void (*)(void *))DSA_free +#define dsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_DSA_PVK_bio_ex +#define dsa_adjust NULL +#define dsa_free (void (*)(void *)) DSA_free /* ---------------------------------------------------------------------- */ -#define rsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_RSA_PVK_bio_ex +#define rsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_RSA_PVK_bio_ex static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx) { ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); } -#define rsa_free (void (*)(void *))RSA_free +#define rsa_free (void (*)(void *)) RSA_free /* ---------------------------------------------------------------------- */ -#define IMPLEMENT_MS(KEYTYPE, keytype) \ - static const struct keytype_desc_st \ - pvk2##keytype##_desc = { \ - EVP_PKEY_##KEYTYPE, #KEYTYPE, \ - ossl_##keytype##_keymgmt_functions, \ - keytype##_private_key_bio, \ - keytype##_adjust, \ - keytype##_free \ - }; \ - static OSSL_FUNC_decoder_newctx_fn pvk2##keytype##_newctx; \ - static void *pvk2##keytype##_newctx(void *provctx) \ - { \ - return pvk2key_newctx(provctx, &pvk2##keytype##_desc); \ - } \ - const OSSL_DISPATCH \ - ossl_##pvk_to_##keytype##_decoder_functions[] = { \ - { OSSL_FUNC_DECODER_NEWCTX, \ - (void (*)(void))pvk2##keytype##_newctx }, \ - { OSSL_FUNC_DECODER_FREECTX, \ - (void (*)(void))pvk2key_freectx }, \ - { OSSL_FUNC_DECODER_DOES_SELECTION, \ - (void (*)(void))pvk2key_does_selection }, \ - { OSSL_FUNC_DECODER_DECODE, \ - (void (*)(void))pvk2key_decode }, \ - { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ - (void (*)(void))pvk2key_export_object }, \ - { 0, NULL } \ - } +#define IMPLEMENT_MS(KEYTYPE, keytype) \ + static const struct keytype_desc_st \ + pvk2##keytype##_desc \ + = { \ + EVP_PKEY_##KEYTYPE, #KEYTYPE, \ + ossl_##keytype##_keymgmt_functions, \ + keytype##_private_key_bio, \ + keytype##_adjust, \ + keytype##_free \ + }; \ + static OSSL_FUNC_decoder_newctx_fn pvk2##keytype##_newctx; \ + static void *pvk2##keytype##_newctx(void *provctx) \ + { \ + return pvk2key_newctx(provctx, &pvk2##keytype##_desc); \ + } \ + const OSSL_DISPATCH \ + ossl_##pvk_to_##keytype##_decoder_functions[] \ + = { \ + { OSSL_FUNC_DECODER_NEWCTX, \ + (void (*)(void))pvk2##keytype##_newctx }, \ + { OSSL_FUNC_DECODER_FREECTX, \ + (void (*)(void))pvk2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))pvk2key_does_selection }, \ + { OSSL_FUNC_DECODER_DECODE, \ + (void (*)(void))pvk2key_decode }, \ + { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ + (void (*)(void))pvk2key_export_object }, \ + { 0, NULL } \ + } #ifndef OPENSSL_NO_DSA IMPLEMENT_MS(DSA, dsa); --- crypto/openssl/providers/implementations/encode_decode/decode_spki2typespki.c.orig +++ crypto/openssl/providers/implementations/encode_decode/decode_spki2typespki.c @@ -49,8 +49,8 @@ } static int spki2typespki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct spki2typespki_ctx_st *ctx = vctx; unsigned char *der, *derp; @@ -67,8 +67,7 @@ return 1; derp = der; xpub = ossl_d2i_X509_PUBKEY_INTERNAL((const unsigned char **)&derp, len, - PROV_LIBCTX_OF(ctx->provctx)); - + PROV_LIBCTX_OF(ctx->provctx)); if (xpub == NULL) { /* We return "empty handed". This is not an error. */ @@ -83,34 +82,30 @@ #ifndef OPENSSL_NO_EC /* SM2 abuses the EC oid, so this could actually be SM2 */ if (OBJ_obj2nid(oid) == NID_X9_62_id_ecPublicKey - && ossl_x509_algor_is_sm2(algor)) + && ossl_x509_algor_is_sm2(algor)) strcpy(dataname, "SM2"); else #endif - if (OBJ_obj2txt(dataname, sizeof(dataname), oid, 0) <= 0) + if (OBJ_obj2txt(dataname, sizeof(dataname), oid, 0) <= 0) goto end; ossl_X509_PUBKEY_INTERNAL_free(xpub); xpub = NULL; - *p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - dataname, 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + dataname, 0); - *p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, - "SubjectPublicKeyInfo", - 0); - *p++ = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, der, len); - *p++ = - OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, + "SubjectPublicKeyInfo", + 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, der, len); + *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); *p = OSSL_PARAM_construct_end(); ok = data_cb(params, data_cbarg); - end: +end: ossl_X509_PUBKEY_INTERNAL_free(xpub); OPENSSL_free(der); return ok; --- crypto/openssl/providers/implementations/encode_decode/encode_key2any.c.orig +++ crypto/openssl/providers/implementations/encode_decode/encode_key2any.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,7 +21,7 @@ #include #include #include -#include /* PKCS8_encrypt() */ +#include /* PKCS8_encrypt() */ #include #include #include @@ -37,7 +37,7 @@ #include "endecoder_local.h" #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) -# define OPENSSL_NO_KEYPARAMS +#define OPENSSL_NO_KEYPARAMS #endif struct key2any_ctx_st { @@ -56,18 +56,17 @@ typedef int check_key_type_fn(const void *key, int nid); typedef int key_to_paramstring_fn(const void *key, int nid, int save, - void **str, int *strtype); + void **str, int *strtype); typedef int key_to_der_fn(BIO *out, const void *key, - int key_nid, const char *pemname, - key_to_paramstring_fn *p2s, i2d_of_void *k2d, - struct key2any_ctx_st *ctx); + int key_nid, const char *pemname, + key_to_paramstring_fn *p2s, i2d_of_void *k2d, + struct key2any_ctx_st *ctx); typedef int write_bio_of_void_fn(BIO *bp, const void *x); - /* Free the blob allocated during key_to_paramstring_fn */ static void free_asn1_data(int type, void *data) { - switch(type) { + switch (type) { case V_ASN1_OBJECT: ASN1_OBJECT_free(data); break; @@ -78,8 +77,8 @@ } static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, - void *params, int params_type, - i2d_of_void *k2d) + void *params, int params_type, + i2d_of_void *k2d) { /* der, derlen store the key DER output and its length */ unsigned char *der = NULL; @@ -90,7 +89,7 @@ if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL || (derlen = k2d(key, &der)) <= 0 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, - params_type, params, der, derlen)) { + params_type, params, der, derlen)) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free(p8info); OPENSSL_free(der); @@ -101,7 +100,7 @@ } static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, - struct key2any_ctx_st *ctx) + struct key2any_ctx_st *ctx) { X509_SIG *p8 = NULL; char kstr[PEM_BUFSIZE]; @@ -112,7 +111,7 @@ return NULL; if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1, - &ctx->pwdata)) { + &ctx->pwdata)) { ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); return NULL; } @@ -123,11 +122,10 @@ } static X509_SIG *key_to_encp8(const void *key, int key_nid, - void *params, int params_type, - i2d_of_void *k2d, struct key2any_ctx_st *ctx) + void *params, int params_type, + i2d_of_void *k2d, struct key2any_ctx_st *ctx) { - PKCS8_PRIV_KEY_INFO *p8info = - key_to_p8info(key, key_nid, params, params_type, k2d); + PKCS8_PRIV_KEY_INFO *p8info = key_to_p8info(key, key_nid, params, params_type, k2d); X509_SIG *p8 = NULL; if (p8info == NULL) { @@ -140,8 +138,8 @@ } static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid, - void *params, int params_type, - i2d_of_void k2d) + void *params, int params_type, + i2d_of_void k2d) { /* der, derlen store the key DER output and its length */ unsigned char *der = NULL; @@ -149,11 +147,10 @@ /* The final X509_PUBKEY */ X509_PUBKEY *xpk = NULL; - if ((xpk = X509_PUBKEY_new()) == NULL || (derlen = k2d(key, &der)) <= 0 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), - params_type, params, der, derlen)) { + params_type, params, der, derlen)) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); X509_PUBKEY_free(xpk); OPENSSL_free(der); @@ -168,7 +165,7 @@ * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require * that there's an intent to encrypt, anything else is an error. * - * key_to_pki_* primarly produce encoded output with the private key data + * key_to_pki_* primarily produce encoded output with the private key data * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if * there is an intent to encrypt the data, the corresponding key_to_epki_* * function is used instead. @@ -183,11 +180,11 @@ */ static int key_to_epki_der_priv_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { int ret = 0; void *str = NULL; @@ -197,8 +194,7 @@ if (!ctx->cipher_intent) return 0; - if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, - &str, &strtype)) + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); @@ -211,11 +207,11 @@ } static int key_to_epki_pem_priv_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { int ret = 0; void *str = NULL; @@ -225,8 +221,7 @@ if (!ctx->cipher_intent) return 0; - if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, - &str, &strtype)) + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); @@ -239,11 +234,11 @@ } static int key_to_pki_der_priv_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { int ret = 0; void *str = NULL; @@ -252,10 +247,9 @@ if (ctx->cipher_intent) return key_to_epki_der_priv_bio(out, key, key_nid, pemname, - p2s, k2d, ctx); + p2s, k2d, ctx); - if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, - &str, &strtype)) + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; p8info = key_to_p8info(key, key_nid, str, strtype, k2d); @@ -271,11 +265,11 @@ } static int key_to_pki_pem_priv_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { int ret = 0; void *str = NULL; @@ -284,10 +278,9 @@ if (ctx->cipher_intent) return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, - p2s, k2d, ctx); + p2s, k2d, ctx); - if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, - &str, &strtype)) + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; p8info = key_to_p8info(key, key_nid, str, strtype, k2d); @@ -303,19 +296,18 @@ } static int key_to_spki_der_pub_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; X509_PUBKEY *xpk = NULL; - if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, - &str, &strtype)) + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); @@ -329,19 +321,18 @@ } static int key_to_spki_pem_pub_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; X509_PUBKEY *xpk = NULL; - if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, - &str, &strtype)) + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); @@ -369,11 +360,11 @@ * on k2d to do the complete work. */ static int key_to_type_specific_der_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { unsigned char *der = NULL; int derlen; @@ -393,47 +384,47 @@ #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key, - int key_nid, const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx, - pem_password_cb *cb, void *cbarg) + int key_nid, const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx, + pem_password_cb *cb, void *cbarg) { - return - PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher, - NULL, 0, cb, cbarg) > 0; + return PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher, + NULL, 0, cb, cbarg) + > 0; } static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key, - int key_nid, const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, - p2s, k2d, ctx, - ossl_pw_pem_password, &ctx->pwdata); + p2s, k2d, ctx, + ossl_pw_pem_password, &ctx->pwdata); } static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key, - int key_nid, const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, - p2s, k2d, ctx, NULL, NULL); + p2s, k2d, ctx, NULL, NULL); } #ifndef OPENSSL_NO_KEYPARAMS static int key_to_type_specific_pem_param_bio(BIO *out, const void *key, - int key_nid, const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + int key_nid, const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, - p2s, k2d, ctx, NULL, NULL); + p2s, k2d, ctx, NULL, NULL); } #endif @@ -441,7 +432,7 @@ #ifndef OPENSSL_NO_DH static int prepare_dh_params(const void *dh, int nid, int save, - void **pstr, int *pstrtype) + void **pstr, int *pstrtype) { ASN1_STRING *params = ASN1_STRING_new(); @@ -509,7 +500,7 @@ return ret; } -# define dh_epki_priv_to_der dh_pki_priv_to_der +#define dh_epki_priv_to_der dh_pki_priv_to_der static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder) { @@ -522,30 +513,29 @@ * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make * corresponding functions here. */ -# define dh_type_specific_priv_to_der NULL -# define dh_type_specific_pub_to_der NULL +#define dh_type_specific_priv_to_der NULL +#define dh_type_specific_pub_to_der NULL static int dh_check_key_type(const void *dh, int expected_type) { - int type = - DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; + int type = DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; return type == expected_type; } -# define dh_evp_type EVP_PKEY_DH -# define dhx_evp_type EVP_PKEY_DHX -# define dh_input_type "DH" -# define dhx_input_type "DHX" -# define dh_pem_type "DH" -# define dhx_pem_type "X9.42 DH" +#define dh_evp_type EVP_PKEY_DH +#define dhx_evp_type EVP_PKEY_DHX +#define dh_input_type "DH" +#define dhx_input_type "DHX" +#define dh_pem_type "DH" +#define dhx_pem_type "X9.42 DH" #endif /* ---------------------------------------------------------------------- */ #ifndef OPENSSL_NO_DSA static int encode_dsa_params(const void *dsa, int nid, - void **pstr, int *pstrtype) + void **pstr, int *pstrtype) { ASN1_STRING *params = ASN1_STRING_new(); @@ -568,7 +558,7 @@ } static int prepare_dsa_params(const void *dsa, int nid, int save, - void **pstr, int *pstrtype) + void **pstr, int *pstrtype) { const BIGNUM *p = DSA_get0_p(dsa); const BIGNUM *q = DSA_get0_q(dsa); @@ -624,23 +614,23 @@ return ret; } -# define dsa_epki_priv_to_der dsa_pki_priv_to_der +#define dsa_epki_priv_to_der dsa_pki_priv_to_der -# define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey -# define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey -# define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams +#define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey +#define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey +#define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams -# define dsa_check_key_type NULL -# define dsa_evp_type EVP_PKEY_DSA -# define dsa_input_type "DSA" -# define dsa_pem_type "DSA" +#define dsa_check_key_type NULL +#define dsa_evp_type EVP_PKEY_DSA +#define dsa_input_type "DSA" +#define dsa_pem_type "DSA" #endif /* ---------------------------------------------------------------------- */ #ifndef OPENSSL_NO_EC static int prepare_ec_explicit_params(const void *eckey, - void **pstr, int *pstrtype) + void **pstr, int *pstrtype) { ASN1_STRING *params = ASN1_STRING_new(); @@ -666,7 +656,7 @@ * is a curve name (curve nid) to be found or not. See RFC 3279 for details. */ static int prepare_ec_params(const void *eckey, int nid, int save, - void **pstr, int *pstrtype) + void **pstr, int *pstrtype) { int curve_nid; const EC_GROUP *group = EC_KEY_get0_group(eckey); @@ -728,18 +718,18 @@ return ret; /* return the length of the der encoded data */ } -# define ec_epki_priv_to_der ec_pki_priv_to_der +#define ec_epki_priv_to_der ec_pki_priv_to_der -# define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters +#define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters /* No ec_type_specific_pub_to_der, there simply is no such thing */ -# define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey +#define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey -# define ec_check_key_type NULL -# define ec_evp_type EVP_PKEY_EC -# define ec_input_type "EC" -# define ec_pem_type "EC" +#define ec_check_key_type NULL +#define ec_evp_type EVP_PKEY_EC +#define ec_input_type "EC" +#define ec_pem_type "EC" -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 /* * Albeit SM2 is a slightly different algorithm than ECDSA, the key type * encoding (in all places where an AlgorithmIdentifier is produced, such @@ -748,16 +738,16 @@ * This leaves the distinction of SM2 keys to the EC group (which is found * in AlgorithmIdentified.params). */ -# define sm2_evp_type ec_evp_type -# define sm2_input_type "SM2" -# define sm2_pem_type "SM2" -# endif +#define sm2_evp_type ec_evp_type +#define sm2_input_type "SM2" +#define sm2_pem_type "SM2" +#endif #endif /* ---------------------------------------------------------------------- */ #ifndef OPENSSL_NO_EC -# define prepare_ecx_params NULL +#define prepare_ecx_params NULL static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) { @@ -803,27 +793,27 @@ return keybloblen; } -# define ecx_epki_priv_to_der ecx_pki_priv_to_der +#define ecx_epki_priv_to_der ecx_pki_priv_to_der /* * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der. */ -# define ecx_check_key_type NULL - -# define ed25519_evp_type EVP_PKEY_ED25519 -# define ed448_evp_type EVP_PKEY_ED448 -# define x25519_evp_type EVP_PKEY_X25519 -# define x448_evp_type EVP_PKEY_X448 -# define ed25519_input_type "ED25519" -# define ed448_input_type "ED448" -# define x25519_input_type "X25519" -# define x448_input_type "X448" -# define ed25519_pem_type "ED25519" -# define ed448_pem_type "ED448" -# define x25519_pem_type "X25519" -# define x448_pem_type "X448" +#define ecx_check_key_type NULL + +#define ed25519_evp_type EVP_PKEY_ED25519 +#define ed448_evp_type EVP_PKEY_ED448 +#define x25519_evp_type EVP_PKEY_X25519 +#define x448_evp_type EVP_PKEY_X448 +#define ed25519_input_type "ED25519" +#define ed448_input_type "ED448" +#define x25519_input_type "X25519" +#define x448_input_type "X448" +#define ed25519_pem_type "ED25519" +#define ed448_pem_type "ED448" +#define x25519_pem_type "X25519" +#define x448_pem_type "X448" #endif /* ---------------------------------------------------------------------- */ @@ -835,7 +825,7 @@ */ static int prepare_rsa_params(const void *rsa, int nid, int save, - void **pstr, int *pstrtype) + void **pstr, int *pstrtype) { const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa); @@ -896,7 +886,7 @@ *pstr = astr; return 1; - err: + err: OPENSSL_free(str); return 0; } @@ -910,11 +900,11 @@ * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey| * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field. */ -#define rsa_pki_priv_to_der rsa_type_specific_priv_to_der -#define rsa_epki_priv_to_der rsa_type_specific_priv_to_der -#define rsa_spki_pub_to_der rsa_type_specific_pub_to_der -#define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey -#define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey +#define rsa_pki_priv_to_der rsa_type_specific_priv_to_der +#define rsa_epki_priv_to_der rsa_type_specific_priv_to_der +#define rsa_spki_pub_to_der rsa_type_specific_pub_to_der +#define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey +#define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey #define rsa_type_specific_params_to_der NULL static int rsa_check_key_type(const void *rsa, int expected_type) @@ -930,12 +920,12 @@ return EVP_PKEY_NONE; } -#define rsa_evp_type EVP_PKEY_RSA -#define rsapss_evp_type EVP_PKEY_RSA_PSS -#define rsa_input_type "RSA" -#define rsapss_input_type "RSA-PSS" -#define rsa_pem_type "RSA" -#define rsapss_pem_type "RSA-PSS" +#define rsa_evp_type EVP_PKEY_RSA +#define rsapss_evp_type EVP_PKEY_RSA_PSS +#define rsa_input_type "RSA" +#define rsapss_input_type "RSA-PSS" +#define rsa_pem_type "RSA" +#define rsapss_pem_type "RSA-PSS" /* ---------------------------------------------------------------------- */ @@ -978,12 +968,9 @@ { struct key2any_ctx_st *ctx = vctx; OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx); - const OSSL_PARAM *cipherp = - OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); - const OSSL_PARAM *save_paramsp = - OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); + const OSSL_PARAM *cipherp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); + const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); + const OSSL_PARAM *save_paramsp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); if (cipherp != NULL) { const char *ciphername = NULL; @@ -998,8 +985,7 @@ ctx->cipher = NULL; ctx->cipher_intent = ciphername != NULL; if (ciphername != NULL - && ((ctx->cipher = - EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) + && ((ctx->cipher = EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) return 0; } @@ -1044,26 +1030,25 @@ } static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, - const void *key, int type, const char *pemname, - check_key_type_fn *checker, - key_to_der_fn *writer, - OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, - key_to_paramstring_fn *key2paramstring, - i2d_of_void *key2der) + const void *key, int type, const char *pemname, + check_key_type_fn *checker, + key_to_der_fn *writer, + OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, + key_to_paramstring_fn *key2paramstring, + i2d_of_void *key2der) { int ret = 0; if (key == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); } else if (writer != NULL - && (checker == NULL || checker(key, type))) { + && (checker == NULL || checker(key, type))) { BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout); if (out != NULL && (pwcb == NULL || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg))) - ret = - writer(out, key, type, pemname, key2paramstring, key2der, ctx); + ret = writer(out, key, type, pemname, key2paramstring, key2der, ctx); BIO_free(out); } else { @@ -1073,34 +1058,34 @@ } #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY -#define DO_PRIVATE_KEY(impl, type, kind, output) \ - if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \ - return key2any_encode(ctx, cout, key, impl##_evp_type, \ - impl##_pem_type " PRIVATE KEY", \ - type##_check_key_type, \ - key_to_##kind##_##output##_priv_bio, \ - cb, cbarg, prepare_##type##_params, \ - type##_##kind##_priv_to_der); +#define DO_PRIVATE_KEY(impl, type, kind, output) \ + if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \ + return key2any_encode(ctx, cout, key, impl##_evp_type, \ + impl##_pem_type " PRIVATE KEY", \ + type##_check_key_type, \ + key_to_##kind##_##output##_priv_bio, \ + cb, cbarg, prepare_##type##_params, \ + type##_##kind##_priv_to_der); #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY -#define DO_PUBLIC_KEY(impl, type, kind, output) \ - if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \ - return key2any_encode(ctx, cout, key, impl##_evp_type, \ - impl##_pem_type " PUBLIC KEY", \ - type##_check_key_type, \ - key_to_##kind##_##output##_pub_bio, \ - cb, cbarg, prepare_##type##_params, \ - type##_##kind##_pub_to_der); +#define DO_PUBLIC_KEY(impl, type, kind, output) \ + if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \ + return key2any_encode(ctx, cout, key, impl##_evp_type, \ + impl##_pem_type " PUBLIC KEY", \ + type##_check_key_type, \ + key_to_##kind##_##output##_pub_bio, \ + cb, cbarg, prepare_##type##_params, \ + type##_##kind##_pub_to_der); #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS -#define DO_PARAMETERS(impl, type, kind, output) \ - if ((selection & DO_PARAMETERS_selection_mask) != 0) \ - return key2any_encode(ctx, cout, key, impl##_evp_type, \ - impl##_pem_type " PARAMETERS", \ - type##_check_key_type, \ - key_to_##kind##_##output##_param_bio, \ - NULL, NULL, NULL, \ - type##_##kind##_params_to_der); +#define DO_PARAMETERS(impl, type, kind, output) \ + if ((selection & DO_PARAMETERS_selection_mask) != 0) \ + return key2any_encode(ctx, cout, key, impl##_evp_type, \ + impl##_pem_type " PARAMETERS", \ + type##_check_key_type, \ + key_to_##kind##_##output##_param_bio, \ + NULL, NULL, NULL, \ + type##_##kind##_params_to_der); /*- * Implement the kinds of output structure that can be produced. They are @@ -1136,16 +1121,16 @@ * passphrase callback has been passed to them. */ #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask -#define DO_PrivateKeyInfo(impl, type, output) \ +#define DO_PrivateKeyInfo(impl, type, output) \ DO_PRIVATE_KEY(impl, type, pki, output) #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask -#define DO_EncryptedPrivateKeyInfo(impl, type, output) \ +#define DO_EncryptedPrivateKeyInfo(impl, type, output) \ DO_PRIVATE_KEY(impl, type, epki, output) /* SubjectPublicKeyInfo is a structure for public keys only */ #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask -#define DO_SubjectPublicKeyInfo(impl, type, output) \ +#define DO_SubjectPublicKeyInfo(impl, type, output) \ DO_PUBLIC_KEY(impl, type, spki, output) /* @@ -1164,23 +1149,23 @@ * except public key */ #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask -#define DO_type_specific_params(impl, type, output) \ +#define DO_type_specific_params(impl, type, output) \ DO_PARAMETERS(impl, type, type_specific, output) -#define DO_type_specific_keypair_selection_mask \ - ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask ) -#define DO_type_specific_keypair(impl, type, output) \ - DO_PRIVATE_KEY(impl, type, type_specific, output) \ +#define DO_type_specific_keypair_selection_mask \ + (DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask) +#define DO_type_specific_keypair(impl, type, output) \ + DO_PRIVATE_KEY(impl, type, type_specific, output) \ DO_PUBLIC_KEY(impl, type, type_specific, output) -#define DO_type_specific_selection_mask \ - ( DO_type_specific_keypair_selection_mask \ - | DO_type_specific_params_selection_mask ) -#define DO_type_specific(impl, type, output) \ - DO_type_specific_keypair(impl, type, output) \ - DO_type_specific_params(impl, type, output) +#define DO_type_specific_selection_mask \ + (DO_type_specific_keypair_selection_mask \ + | DO_type_specific_params_selection_mask) +#define DO_type_specific(impl, type, output) \ + DO_type_specific_keypair(impl, type, output) \ + DO_type_specific_params(impl, type, output) #define DO_type_specific_no_pub_selection_mask \ - ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask) -#define DO_type_specific_no_pub(impl, type, output) \ - DO_PRIVATE_KEY(impl, type, type_specific, output) \ + (DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask) +#define DO_type_specific_no_pub(impl, type, output) \ + DO_PRIVATE_KEY(impl, type, type_specific, output) \ DO_type_specific_params(impl, type, output) /* @@ -1243,71 +1228,72 @@ * * ossl_##impl##_to_##kind##_##output##_encoder_functions */ -#define MAKE_ENCODER(impl, type, evp_type, kind, output) \ - static OSSL_FUNC_encoder_import_object_fn \ - impl##_to_##kind##_##output##_import_object; \ - static OSSL_FUNC_encoder_free_object_fn \ - impl##_to_##kind##_##output##_free_object; \ - static OSSL_FUNC_encoder_encode_fn \ - impl##_to_##kind##_##output##_encode; \ - \ - static void * \ - impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ - const OSSL_PARAM params[]) \ - { \ - struct key2any_ctx_st *ctx = vctx; \ - \ - return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ - ctx->provctx, selection, params); \ - } \ - static void impl##_to_##kind##_##output##_free_object(void *key) \ - { \ - ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ - } \ - static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ - int selection) \ - { \ - return key2any_check_selection(selection, \ - DO_##kind##_selection_mask); \ - } \ - static int \ - impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ - const void *key, \ - const OSSL_PARAM key_abstract[], \ - int selection, \ - OSSL_PASSPHRASE_CALLBACK *cb, \ - void *cbarg) \ - { \ - /* We don't deal with abstract objects */ \ - if (key_abstract != NULL) { \ - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ - return 0; \ - } \ - DO_##kind(impl, type, output) \ - \ - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ - return 0; \ - } \ - const OSSL_DISPATCH \ - ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \ - { OSSL_FUNC_ENCODER_NEWCTX, \ - (void (*)(void))key2any_newctx }, \ - { OSSL_FUNC_ENCODER_FREECTX, \ - (void (*)(void))key2any_freectx }, \ - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))key2any_settable_ctx_params }, \ - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ - (void (*)(void))key2any_set_ctx_params }, \ - { OSSL_FUNC_ENCODER_DOES_SELECTION, \ - (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ - { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ - (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ - { OSSL_FUNC_ENCODER_FREE_OBJECT, \ - (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ - { OSSL_FUNC_ENCODER_ENCODE, \ - (void (*)(void))impl##_to_##kind##_##output##_encode }, \ - { 0, NULL } \ - } +#define MAKE_ENCODER(impl, type, evp_type, kind, output) \ + static OSSL_FUNC_encoder_import_object_fn \ + impl##_to_##kind##_##output##_import_object; \ + static OSSL_FUNC_encoder_free_object_fn \ + impl##_to_##kind##_##output##_free_object; \ + static OSSL_FUNC_encoder_encode_fn \ + impl##_to_##kind##_##output##_encode; \ + \ + static void * \ + impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ + const OSSL_PARAM params[]) \ + { \ + struct key2any_ctx_st *ctx = vctx; \ + \ + return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ + ctx->provctx, selection, params); \ + } \ + static void impl##_to_##kind##_##output##_free_object(void *key) \ + { \ + ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ + } \ + static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ + int selection) \ + { \ + return key2any_check_selection(selection, \ + DO_##kind##_selection_mask); \ + } \ + static int \ + impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ + const void *key, \ + const OSSL_PARAM key_abstract[], \ + int selection, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + /* We don't deal with abstract objects */ \ + if (key_abstract != NULL) { \ + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ + return 0; \ + } \ + DO_##kind(impl, type, output) \ + \ + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ + return 0; \ + } \ + const OSSL_DISPATCH \ + ossl_##impl##_to_##kind##_##output##_encoder_functions[] \ + = { \ + { OSSL_FUNC_ENCODER_NEWCTX, \ + (void (*)(void))key2any_newctx }, \ + { OSSL_FUNC_ENCODER_FREECTX, \ + (void (*)(void))key2any_freectx }, \ + { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))key2any_settable_ctx_params }, \ + { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ + (void (*)(void))key2any_set_ctx_params }, \ + { OSSL_FUNC_ENCODER_DOES_SELECTION, \ + (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ + { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ + (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ + { OSSL_FUNC_ENCODER_FREE_OBJECT, \ + (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ + { OSSL_FUNC_ENCODER_ENCODE, \ + (void (*)(void))impl##_to_##kind##_##output##_encode }, \ + { 0, NULL } \ + } /* * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, @@ -1323,9 +1309,9 @@ #endif #ifndef OPENSSL_NO_EC MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der); -# endif +#endif #endif /* @@ -1342,9 +1328,9 @@ #endif #ifndef OPENSSL_NO_EC MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem); -# endif +#endif #endif /* @@ -1396,14 +1382,14 @@ MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der); MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); -# endif +#endif MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der); @@ -1453,10 +1439,10 @@ #ifndef OPENSSL_NO_EC MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der); MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der); MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem); -# endif +#endif #endif /* Convenience structure names */ --- crypto/openssl/providers/implementations/encode_decode/encode_key2blob.c.orig +++ crypto/openssl/providers/implementations/encode_decode/encode_key2blob.c @@ -27,7 +27,7 @@ #include "endecoder_local.h" static int write_blob(void *provctx, OSSL_CORE_BIO *cout, - void *data, int len) + void *data, int len) { BIO *out = ossl_bio_new_from_core_bio(provctx, cout); int ret; @@ -86,7 +86,7 @@ } static int key2blob_encode(void *vctx, const void *key, int selection, - OSSL_CORE_BIO *cout) + OSSL_CORE_BIO *cout) { int pubkey_len = 0, ok = 0; unsigned char *pubkey = NULL; @@ -118,62 +118,62 @@ * EVP_PKEY_##selection_name are convenience macros that combine "typical" * OSSL_KEYMGMT_SELECT_ macros for a certain type of EVP_PKEY content. */ -#define MAKE_BLOB_ENCODER(impl, type, selection_name) \ - static OSSL_FUNC_encoder_import_object_fn \ - impl##2blob_import_object; \ - static OSSL_FUNC_encoder_free_object_fn impl##2blob_free_object; \ - static OSSL_FUNC_encoder_does_selection_fn \ - impl##2blob_does_selection; \ - static OSSL_FUNC_encoder_encode_fn impl##2blob_encode; \ - \ - static void *impl##2blob_import_object(void *ctx, int selection, \ - const OSSL_PARAM params[]) \ - { \ - return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ - ctx, selection, params); \ - } \ - static void impl##2blob_free_object(void *key) \ - { \ - ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ - } \ - static int impl##2blob_does_selection(void *ctx, int selection) \ - { \ - return key2blob_check_selection(selection, \ - EVP_PKEY_##selection_name); \ - } \ - static int impl##2blob_encode(void *vctx, OSSL_CORE_BIO *cout, \ - const void *key, \ - const OSSL_PARAM key_abstract[], \ - int selection, \ - OSSL_PASSPHRASE_CALLBACK *cb, \ - void *cbarg) \ - { \ - /* We don't deal with abstract objects */ \ - if (key_abstract != NULL) { \ - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ - return 0; \ - } \ - return key2blob_encode(vctx, key, selection, cout); \ - } \ - const OSSL_DISPATCH ossl_##impl##_to_blob_encoder_functions[] = { \ - { OSSL_FUNC_ENCODER_NEWCTX, \ - (void (*)(void))key2blob_newctx }, \ - { OSSL_FUNC_ENCODER_FREECTX, \ - (void (*)(void))key2blob_freectx }, \ - { OSSL_FUNC_ENCODER_DOES_SELECTION, \ - (void (*)(void))impl##2blob_does_selection }, \ - { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ - (void (*)(void))impl##2blob_import_object }, \ - { OSSL_FUNC_ENCODER_FREE_OBJECT, \ - (void (*)(void))impl##2blob_free_object }, \ - { OSSL_FUNC_ENCODER_ENCODE, \ - (void (*)(void))impl##2blob_encode }, \ - { 0, NULL } \ +#define MAKE_BLOB_ENCODER(impl, type, selection_name) \ + static OSSL_FUNC_encoder_import_object_fn \ + impl##2blob_import_object; \ + static OSSL_FUNC_encoder_free_object_fn impl##2blob_free_object; \ + static OSSL_FUNC_encoder_does_selection_fn \ + impl##2blob_does_selection; \ + static OSSL_FUNC_encoder_encode_fn impl##2blob_encode; \ + \ + static void *impl##2blob_import_object(void *ctx, int selection, \ + const OSSL_PARAM params[]) \ + { \ + return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ + ctx, selection, params); \ + } \ + static void impl##2blob_free_object(void *key) \ + { \ + ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ + } \ + static int impl##2blob_does_selection(void *ctx, int selection) \ + { \ + return key2blob_check_selection(selection, \ + EVP_PKEY_##selection_name); \ + } \ + static int impl##2blob_encode(void *vctx, OSSL_CORE_BIO *cout, \ + const void *key, \ + const OSSL_PARAM key_abstract[], \ + int selection, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + /* We don't deal with abstract objects */ \ + if (key_abstract != NULL) { \ + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ + return 0; \ + } \ + return key2blob_encode(vctx, key, selection, cout); \ + } \ + const OSSL_DISPATCH ossl_##impl##_to_blob_encoder_functions[] = { \ + { OSSL_FUNC_ENCODER_NEWCTX, \ + (void (*)(void))key2blob_newctx }, \ + { OSSL_FUNC_ENCODER_FREECTX, \ + (void (*)(void))key2blob_freectx }, \ + { OSSL_FUNC_ENCODER_DOES_SELECTION, \ + (void (*)(void))impl##2blob_does_selection }, \ + { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ + (void (*)(void))impl##2blob_import_object }, \ + { OSSL_FUNC_ENCODER_FREE_OBJECT, \ + (void (*)(void))impl##2blob_free_object }, \ + { OSSL_FUNC_ENCODER_ENCODE, \ + (void (*)(void))impl##2blob_encode }, \ + { 0, NULL } \ } #ifndef OPENSSL_NO_EC MAKE_BLOB_ENCODER(ec, ec, PUBLIC_KEY); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 MAKE_BLOB_ENCODER(sm2, ec, PUBLIC_KEY); -# endif +#endif #endif --- crypto/openssl/providers/implementations/encode_decode/encode_key2ms.c.orig +++ crypto/openssl/providers/implementations/encode_decode/encode_key2ms.c @@ -18,7 +18,7 @@ #include #include #include -#include /* Functions for writing MSBLOB and PVK */ +#include /* Functions for writing MSBLOB and PVK */ #include #include "internal/passphrase.h" #include "crypto/rsa.h" @@ -36,7 +36,7 @@ }; static int write_msblob(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout, - EVP_PKEY *pkey, int ispub) + EVP_PKEY *pkey, int ispub) { BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout); int ret; @@ -50,7 +50,7 @@ } static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout, - EVP_PKEY *pkey) + EVP_PKEY *pkey) { BIO *out = NULL; int ret; @@ -60,7 +60,7 @@ if (out == NULL) return 0; ret = i2b_PVK_bio_ex(out, pkey, ctx->pvk_encr_level, - ossl_pw_pvk_password, &ctx->pwdata, libctx, NULL); + ossl_pw_pvk_password, &ctx->pwdata, libctx, NULL); BIO_free(out); return ret; } @@ -126,8 +126,8 @@ typedef int evp_pkey_set1_fn(EVP_PKEY *, const void *key); static int key2msblob_encode(void *vctx, const void *key, int selection, - OSSL_CORE_BIO *cout, evp_pkey_set1_fn *set1_key, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CORE_BIO *cout, evp_pkey_set1_fn *set1_key, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct key2ms_ctx_st *ctx = vctx; int ispub = -1; @@ -139,7 +139,7 @@ else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ispub = 1; else - return 0; /* Error */ + return 0; /* Error */ if ((pkey = EVP_PKEY_new()) != NULL && set1_key(pkey, key)) ok = write_msblob(ctx, cout, pkey, ispub); @@ -148,15 +148,15 @@ } static int key2pvk_encode(void *vctx, const void *key, int selection, - OSSL_CORE_BIO *cout, evp_pkey_set1_fn *set1_key, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CORE_BIO *cout, evp_pkey_set1_fn *set1_key, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct key2ms_ctx_st *ctx = vctx; EVP_PKEY *pkey = NULL; int ok = 0; if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) - return 0; /* Error */ + return 0; /* Error */ if ((pkey = EVP_PKEY_new()) != NULL && set1_key(pkey, key) && (pw_cb == NULL @@ -166,39 +166,39 @@ return ok; } -#define dsa_set1 (evp_pkey_set1_fn *)EVP_PKEY_set1_DSA -#define rsa_set1 (evp_pkey_set1_fn *)EVP_PKEY_set1_RSA +#define dsa_set1 (evp_pkey_set1_fn *)EVP_PKEY_set1_DSA +#define rsa_set1 (evp_pkey_set1_fn *)EVP_PKEY_set1_RSA #define msblob_set_params -#define pvk_set_params \ - { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))key2pvk_settable_ctx_params }, \ - { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ - (void (*)(void))key2pvk_set_ctx_params }, +#define pvk_set_params \ + { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))key2pvk_settable_ctx_params }, \ + { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ + (void (*)(void))key2pvk_set_ctx_params }, #define MAKE_MS_ENCODER(impl, output, type) \ static OSSL_FUNC_encoder_import_object_fn \ - impl##2##output##_import_object; \ + impl##2##output##_import_object; \ static OSSL_FUNC_encoder_free_object_fn impl##2##output##_free_object; \ static OSSL_FUNC_encoder_encode_fn impl##2##output##_encode; \ \ static void * \ - impl##2##output##_import_object(void *ctx, int selection, \ - const OSSL_PARAM params[]) \ + impl##2##output##_import_object(void *ctx, int selection, \ + const OSSL_PARAM params[]) \ { \ return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ - ctx, selection, params); \ + ctx, selection, params); \ } \ static void impl##2##output##_free_object(void *key) \ { \ ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ } \ static int impl##2##output##_encode(void *vctx, OSSL_CORE_BIO *cout, \ - const void *key, \ - const OSSL_PARAM key_abstract[], \ - int selection, \ - OSSL_PASSPHRASE_CALLBACK *cb, \ - void *cbarg) \ + const void *key, \ + const OSSL_PARAM key_abstract[], \ + int selection, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ { \ /* We don't deal with abstract objects */ \ if (key_abstract != NULL) { \ @@ -206,22 +206,21 @@ return 0; \ } \ return key2##output##_encode(vctx, key, selection, cout, type##_set1, \ - cb, cbarg); \ + cb, cbarg); \ } \ const OSSL_DISPATCH ossl_##impl##_to_##output##_encoder_functions[] = { \ { OSSL_FUNC_ENCODER_NEWCTX, \ - (void (*)(void))key2ms_newctx }, \ + (void (*)(void))key2ms_newctx }, \ { OSSL_FUNC_ENCODER_FREECTX, \ - (void (*)(void))key2ms_freectx }, \ - output##_set_params \ - { OSSL_FUNC_ENCODER_DOES_SELECTION, \ - (void (*)(void))key2ms_does_selection }, \ + (void (*)(void))key2ms_freectx }, \ + output##_set_params { OSSL_FUNC_ENCODER_DOES_SELECTION, \ + (void (*)(void))key2ms_does_selection }, \ { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ - (void (*)(void))impl##2##output##_import_object }, \ + (void (*)(void))impl##2##output##_import_object }, \ { OSSL_FUNC_ENCODER_FREE_OBJECT, \ - (void (*)(void))impl##2##output##_free_object }, \ + (void (*)(void))impl##2##output##_free_object }, \ { OSSL_FUNC_ENCODER_ENCODE, \ - (void (*)(void))impl##2##output##_encode }, \ + (void (*)(void))impl##2##output##_encode }, \ { 0, NULL } \ } --- crypto/openssl/providers/implementations/encode_decode/encode_key2text.c.orig +++ crypto/openssl/providers/implementations/encode_decode/encode_key2text.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,32 +22,32 @@ #include #include #include "internal/ffc.h" -#include "crypto/bn.h" /* bn_get_words() */ -#include "crypto/dh.h" /* ossl_dh_get0_params() */ -#include "crypto/dsa.h" /* ossl_dsa_get0_params() */ -#include "crypto/ec.h" /* ossl_ec_key_get_libctx */ -#include "crypto/ecx.h" /* ECX_KEY, etc... */ -#include "crypto/rsa.h" /* RSA_PSS_PARAMS_30, etc... */ +#include "crypto/bn.h" /* bn_get_words() */ +#include "crypto/dh.h" /* ossl_dh_get0_params() */ +#include "crypto/dsa.h" /* ossl_dsa_get0_params() */ +#include "crypto/ec.h" /* ossl_ec_key_get_libctx */ +#include "crypto/ecx.h" /* ECX_KEY, etc... */ +#include "crypto/rsa.h" /* RSA_PSS_PARAMS_30, etc... */ #include "prov/bio.h" #include "prov/implementations.h" #include "endecoder_local.h" DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) -# ifdef SIXTY_FOUR_BIT_LONG -# define BN_FMTu "%lu" -# define BN_FMTx "%lx" -# endif +#ifdef SIXTY_FOUR_BIT_LONG +#define BN_FMTu "%lu" +#define BN_FMTx "%lx" +#endif -# ifdef SIXTY_FOUR_BIT -# define BN_FMTu "%llu" -# define BN_FMTx "%llx" -# endif +#ifdef SIXTY_FOUR_BIT +#define BN_FMTu "%llu" +#define BN_FMTx "%llx" +#endif -# ifdef THIRTY_TWO_BIT -# define BN_FMTu "%u" -# define BN_FMTx "%x" -# endif +#ifdef THIRTY_TWO_BIT +#define BN_FMTu "%u" +#define BN_FMTx "%x" +#endif static int print_labeled_bignum(BIO *out, const char *label, const BIGNUM *bn) { @@ -76,7 +76,7 @@ neg = "-"; return BIO_printf(out, "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n", - label, post_label_spc, neg, words[0], neg, words[0]); + label, post_label_spc, neg, words[0], neg, words[0]); } hex_str = BN_bn2hex(bn); @@ -109,11 +109,12 @@ if ((bytes % 15) == 0 && bytes > 0) { if (BIO_printf(out, ":\n%s", spaces) <= 0) goto err; - use_sep = 0; /* The first byte on the next line doesnt have a : */ + use_sep = 0; /* The first byte on the next line doesn't have a : */ } if (BIO_printf(out, "%s%c%c", use_sep ? ":" : "", - tolower((unsigned char)p[0]), - tolower((unsigned char)p[1])) <= 0) + tolower((unsigned char)p[0]), + tolower((unsigned char)p[1])) + <= 0) goto err; ++bytes; p += 2; @@ -128,11 +129,11 @@ } /* Number of octets per line */ -#define LABELED_BUF_PRINT_WIDTH 15 +#define LABELED_BUF_PRINT_WIDTH 15 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) static int print_labeled_buf(BIO *out, const char *label, - const unsigned char *buf, size_t buflen) + const unsigned char *buf, size_t buflen) { size_t i; @@ -148,7 +149,8 @@ } if (BIO_printf(out, "%02x%s", buf[i], - (i == buflen - 1) ? "" : ":") <= 0) + (i == buflen - 1) ? "" : ":") + <= 0) return 0; } if (BIO_printf(out, "\n") <= 0) @@ -277,14 +279,15 @@ length = DH_get_length(dh); if (length > 0 && BIO_printf(out, "recommended-private-length: %ld bits\n", - length) <= 0) + length) + <= 0) return 0; return 1; } -# define dh_input_type "DH" -# define dhx_input_type "DHX" +#define dh_input_type "DH" +#define dhx_input_type "DHX" #endif /* ---------------------------------------------------------------------- */ @@ -353,14 +356,14 @@ return 1; } -# define dsa_input_type "DSA" +#define dsa_input_type "DSA" #endif /* ---------------------------------------------------------------------- */ #ifndef OPENSSL_NO_EC static int ec_param_explicit_curve_to_text(BIO *out, const EC_GROUP *group, - BN_CTX *ctx) + BN_CTX *ctx) { const char *plabel = "Prime:"; BIGNUM *p = NULL, *a = NULL, *b = NULL; @@ -387,7 +390,7 @@ } static int ec_param_explicit_gen_to_text(BIO *out, const EC_GROUP *group, - BN_CTX *ctx) + BN_CTX *ctx) { int ret; size_t buflen; @@ -404,8 +407,8 @@ switch (form) { case POINT_CONVERSION_COMPRESSED: - glabel = "Generator (compressed):"; - break; + glabel = "Generator (compressed):"; + break; case POINT_CONVERSION_UNCOMPRESSED: glabel = "Generator (uncompressed):"; break; @@ -427,7 +430,7 @@ /* Print explicit parameters */ static int ec_param_explicit_to_text(BIO *out, const EC_GROUP *group, - OSSL_LIB_CTX *libctx) + OSSL_LIB_CTX *libctx) { int ret = 0, tmp_nid; BN_CTX *ctx = NULL; @@ -468,7 +471,7 @@ } static int ec_param_to_text(BIO *out, const EC_GROUP *group, - OSSL_LIB_CTX *libctx) + OSSL_LIB_CTX *libctx) { if (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE) { const char *curve_name; @@ -483,7 +486,7 @@ curve_name = EC_curve_nid2nist(curve_nid); return (curve_name == NULL - || BIO_printf(out, "%s: %s\n", "NIST CURVE", curve_name) > 0); + || BIO_printf(out, "%s: %s\n", "NIST CURVE", curve_name) > 0); } else { return ec_param_explicit_to_text(out, group, libctx); } @@ -513,7 +516,8 @@ else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) type_label = "Public-Key"; else if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - type_label = "EC-Parameters"; + if (EC_GROUP_get_curve_name(group) != NID_sm2) + type_label = "EC-Parameters"; if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { const BIGNUM *priv_key = EC_KEY_get0_private_key(ec); @@ -539,8 +543,10 @@ goto err; } - if (BIO_printf(out, "%s: (%d bit)\n", type_label, - EC_GROUP_order_bits(group)) <= 0) + if (type_label != NULL + && BIO_printf(out, "%s: (%d bit)\n", type_label, + EC_GROUP_order_bits(group)) + <= 0) goto err; if (priv != NULL && !print_labeled_buf(out, "priv:", priv, priv_len)) @@ -556,11 +562,11 @@ return ret; } -# define ec_input_type "EC" +#define ec_input_type "EC" -# ifndef OPENSSL_NO_SM2 -# define sm2_input_type "SM2" -# endif +#ifndef OPENSSL_NO_SM2 +#define sm2_input_type "SM2" +#endif #endif /* ---------------------------------------------------------------------- */ @@ -618,10 +624,10 @@ return 1; } -# define ed25519_input_type "ED25519" -# define ed448_input_type "ED448" -# define x25519_input_type "X25519" -# define x448_input_type "X448" +#define ed25519_input_type "ED25519" +#define ed448_input_type "ED448" +#define x25519_input_type "X25519" +#define x448_input_type "X448" #endif /* ---------------------------------------------------------------------- */ @@ -670,11 +676,13 @@ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (BIO_printf(out, "%s: (%d bit, %d primes)\n", - type_label, BN_num_bits(rsa_n), primes) <= 0) + type_label, BN_num_bits(rsa_n), primes) + <= 0) goto err; } else { if (BIO_printf(out, "%s: (%d bit)\n", - type_label, BN_num_bits(rsa_n)) <= 0) + type_label, BN_num_bits(rsa_n)) + <= 0) goto err; } @@ -688,35 +696,35 @@ if (!print_labeled_bignum(out, "privateExponent:", rsa_d)) goto err; if (!print_labeled_bignum(out, "prime1:", - sk_BIGNUM_const_value(factors, 0))) + sk_BIGNUM_const_value(factors, 0))) goto err; if (!print_labeled_bignum(out, "prime2:", - sk_BIGNUM_const_value(factors, 1))) + sk_BIGNUM_const_value(factors, 1))) goto err; if (!print_labeled_bignum(out, "exponent1:", - sk_BIGNUM_const_value(exps, 0))) + sk_BIGNUM_const_value(exps, 0))) goto err; if (!print_labeled_bignum(out, "exponent2:", - sk_BIGNUM_const_value(exps, 1))) + sk_BIGNUM_const_value(exps, 1))) goto err; if (!print_labeled_bignum(out, "coefficient:", - sk_BIGNUM_const_value(coeffs, 0))) + sk_BIGNUM_const_value(coeffs, 0))) goto err; for (i = 2; i < sk_BIGNUM_const_num(factors); i++) { if (BIO_printf(out, "prime%d:", i + 1) <= 0) goto err; if (!print_labeled_bignum(out, NULL, - sk_BIGNUM_const_value(factors, i))) + sk_BIGNUM_const_value(factors, i))) goto err; if (BIO_printf(out, "exponent%d:", i + 1) <= 0) goto err; if (!print_labeled_bignum(out, NULL, - sk_BIGNUM_const_value(exps, i))) + sk_BIGNUM_const_value(exps, i))) goto err; if (BIO_printf(out, "coefficient%d:", i + 1) <= 0) goto err; if (!print_labeled_bignum(out, NULL, - sk_BIGNUM_const_value(coeffs, i - 1))) + sk_BIGNUM_const_value(coeffs, i - 1))) goto err; } } @@ -735,35 +743,38 @@ goto err; } else { int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss_params); - int maskgenalg_nid = - ossl_rsa_pss_params_30_maskgenalg(pss_params); - int maskgenhashalg_nid = - ossl_rsa_pss_params_30_maskgenhashalg(pss_params); + int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss_params); + int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss_params); int saltlen = ossl_rsa_pss_params_30_saltlen(pss_params); - int trailerfield = - ossl_rsa_pss_params_30_trailerfield(pss_params); + int trailerfield = ossl_rsa_pss_params_30_trailerfield(pss_params); if (BIO_printf(out, "PSS parameter restrictions:\n") <= 0) goto err; if (BIO_printf(out, " Hash Algorithm: %s%s\n", - ossl_rsa_oaeppss_nid2name(hashalg_nid), - (hashalg_nid == NID_sha1 - ? " (default)" : "")) <= 0) + ossl_rsa_oaeppss_nid2name(hashalg_nid), + (hashalg_nid == NID_sha1 + ? " (default)" + : "")) + <= 0) goto err; if (BIO_printf(out, " Mask Algorithm: %s with %s%s\n", - ossl_rsa_mgf_nid2name(maskgenalg_nid), - ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid), - (maskgenalg_nid == NID_mgf1 - && maskgenhashalg_nid == NID_sha1 - ? " (default)" : "")) <= 0) + ossl_rsa_mgf_nid2name(maskgenalg_nid), + ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid), + (maskgenalg_nid == NID_mgf1 + && maskgenhashalg_nid == NID_sha1 + ? " (default)" + : "")) + <= 0) goto err; if (BIO_printf(out, " Minimum Salt Length: %d%s\n", - saltlen, - (saltlen == 20 ? " (default)" : "")) <= 0) + saltlen, + (saltlen == 20 ? " (default)" : "")) + <= 0) goto err; if (BIO_printf(out, " Trailer Field: 0x%x%s\n", - trailerfield, - (trailerfield == 1 ? " (default)" : "")) <= 0) + trailerfield, + (trailerfield == 1 ? " (default)" : "")) + <= 0) goto err; } break; @@ -771,15 +782,15 @@ } ret = 1; - err: +err: sk_BIGNUM_const_free(factors); sk_BIGNUM_const_free(exps); sk_BIGNUM_const_free(coeffs); return ret; } -#define rsa_input_type "RSA" -#define rsapss_input_type "RSA-PSS" +#define rsa_input_type "RSA" +#define rsapss_input_type "RSA-PSS" /* ---------------------------------------------------------------------- */ @@ -793,10 +804,10 @@ } static int key2text_encode(void *vctx, const void *key, int selection, - OSSL_CORE_BIO *cout, - int (*key2text)(BIO *out, const void *key, - int selection), - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) + OSSL_CORE_BIO *cout, + int (*key2text)(BIO *out, const void *key, + int selection), + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { BIO *out = ossl_bio_new_from_core_bio(vctx, cout); int ret; @@ -810,50 +821,50 @@ return ret; } -#define MAKE_TEXT_ENCODER(impl, type) \ - static OSSL_FUNC_encoder_import_object_fn \ - impl##2text_import_object; \ - static OSSL_FUNC_encoder_free_object_fn \ - impl##2text_free_object; \ - static OSSL_FUNC_encoder_encode_fn impl##2text_encode; \ - \ - static void *impl##2text_import_object(void *ctx, int selection, \ - const OSSL_PARAM params[]) \ - { \ - return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ - ctx, selection, params); \ - } \ - static void impl##2text_free_object(void *key) \ - { \ - ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ - } \ - static int impl##2text_encode(void *vctx, OSSL_CORE_BIO *cout, \ - const void *key, \ - const OSSL_PARAM key_abstract[], \ - int selection, \ - OSSL_PASSPHRASE_CALLBACK *cb, \ - void *cbarg) \ - { \ - /* We don't deal with abstract objects */ \ - if (key_abstract != NULL) { \ - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ - return 0; \ - } \ - return key2text_encode(vctx, key, selection, cout, \ - type##_to_text, cb, cbarg); \ - } \ - const OSSL_DISPATCH ossl_##impl##_to_text_encoder_functions[] = { \ - { OSSL_FUNC_ENCODER_NEWCTX, \ - (void (*)(void))key2text_newctx }, \ - { OSSL_FUNC_ENCODER_FREECTX, \ - (void (*)(void))key2text_freectx }, \ - { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ - (void (*)(void))impl##2text_import_object }, \ - { OSSL_FUNC_ENCODER_FREE_OBJECT, \ - (void (*)(void))impl##2text_free_object }, \ - { OSSL_FUNC_ENCODER_ENCODE, \ - (void (*)(void))impl##2text_encode }, \ - { 0, NULL } \ +#define MAKE_TEXT_ENCODER(impl, type) \ + static OSSL_FUNC_encoder_import_object_fn \ + impl##2text_import_object; \ + static OSSL_FUNC_encoder_free_object_fn \ + impl##2text_free_object; \ + static OSSL_FUNC_encoder_encode_fn impl##2text_encode; \ + \ + static void *impl##2text_import_object(void *ctx, int selection, \ + const OSSL_PARAM params[]) \ + { \ + return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ + ctx, selection, params); \ + } \ + static void impl##2text_free_object(void *key) \ + { \ + ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ + } \ + static int impl##2text_encode(void *vctx, OSSL_CORE_BIO *cout, \ + const void *key, \ + const OSSL_PARAM key_abstract[], \ + int selection, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + /* We don't deal with abstract objects */ \ + if (key_abstract != NULL) { \ + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ + return 0; \ + } \ + return key2text_encode(vctx, key, selection, cout, \ + type##_to_text, cb, cbarg); \ + } \ + const OSSL_DISPATCH ossl_##impl##_to_text_encoder_functions[] = { \ + { OSSL_FUNC_ENCODER_NEWCTX, \ + (void (*)(void))key2text_newctx }, \ + { OSSL_FUNC_ENCODER_FREECTX, \ + (void (*)(void))key2text_freectx }, \ + { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ + (void (*)(void))impl##2text_import_object }, \ + { OSSL_FUNC_ENCODER_FREE_OBJECT, \ + (void (*)(void))impl##2text_free_object }, \ + { OSSL_FUNC_ENCODER_ENCODE, \ + (void (*)(void))impl##2text_encode }, \ + { 0, NULL } \ } #ifndef OPENSSL_NO_DH @@ -865,9 +876,9 @@ #endif #ifndef OPENSSL_NO_EC MAKE_TEXT_ENCODER(ec, ec); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 MAKE_TEXT_ENCODER(sm2, ec); -# endif +#endif MAKE_TEXT_ENCODER(ed25519, ecx); MAKE_TEXT_ENCODER(ed448, ecx); MAKE_TEXT_ENCODER(x25519, ecx); --- crypto/openssl/providers/implementations/encode_decode/endecoder_common.c.orig +++ crypto/openssl/providers/implementations/encode_decode/endecoder_common.c @@ -58,12 +58,11 @@ } void *ossl_prov_import_key(const OSSL_DISPATCH *fns, void *provctx, - int selection, const OSSL_PARAM params[]) + int selection, const OSSL_PARAM params[]) { OSSL_FUNC_keymgmt_new_fn *kmgmt_new = ossl_prov_get_keymgmt_new(fns); OSSL_FUNC_keymgmt_free_fn *kmgmt_free = ossl_prov_get_keymgmt_free(fns); - OSSL_FUNC_keymgmt_import_fn *kmgmt_import = - ossl_prov_get_keymgmt_import(fns); + OSSL_FUNC_keymgmt_import_fn *kmgmt_import = ossl_prov_get_keymgmt_import(fns); void *key = NULL; if (kmgmt_new != NULL && kmgmt_import != NULL && kmgmt_free != NULL) { @@ -84,8 +83,8 @@ kmgmt_free(key); } -int ossl_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, unsigned char **data, - long *len) +int ossl_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, unsigned char **data, + long *len) { BUF_MEM *mem = NULL; BIO *in = ossl_bio_new_from_core_bio(provctx, cin); --- crypto/openssl/providers/implementations/encode_decode/endecoder_local.h.orig +++ crypto/openssl/providers/implementations/encode_decode/endecoder_local.h @@ -18,11 +18,11 @@ OSSL_FUNC_keymgmt_export_fn *ossl_prov_get_keymgmt_export(const OSSL_DISPATCH *fns); int ossl_prov_der_from_p8(unsigned char **new_der, long *new_der_len, - unsigned char *input_der, long input_der_len, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg); + unsigned char *input_der, long input_der_len, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg); void *ossl_prov_import_key(const OSSL_DISPATCH *fns, void *provctx, - int selection, const OSSL_PARAM params[]); + int selection, const OSSL_PARAM params[]); void ossl_prov_free_key(const OSSL_DISPATCH *fns, void *key); -int ossl_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, unsigned char **data, - long *len); +int ossl_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin, unsigned char **data, + long *len); --- crypto/openssl/providers/implementations/exchange/dh_exch.c.orig +++ crypto/openssl/providers/implementations/exchange/dh_exch.c @@ -98,15 +98,15 @@ PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; if (!ossl_prov_is_running() - || pdhctx == NULL - || vdh == NULL - || !DH_up_ref(vdh)) + || pdhctx == NULL + || vdh == NULL + || !DH_up_ref(vdh)) return 0; DH_free(pdhctx->dh); pdhctx->dh = vdh; pdhctx->kdf_type = PROV_DH_KDF_NONE; return dh_set_ctx_params(pdhctx, params) - && ossl_dh_check_key(pdhctx->libctx, vdh); + && ossl_dh_check_key(pdhctx->libctx, vdh); } /* The 2 parties must share the same domain parameters */ @@ -117,8 +117,8 @@ FFC_PARAMS *dhparams_peer = ossl_dh_get0_params(peer); ret = dhparams_priv != NULL - && dhparams_peer != NULL - && ossl_ffc_params_cmp(dhparams_priv, dhparams_peer, 1); + && dhparams_peer != NULL + && ossl_ffc_params_cmp(dhparams_priv, dhparams_peer, 1); if (!ret) ERR_raise(ERR_LIB_PROV, PROV_R_MISMATCHING_DOMAIN_PARAMETERS); return ret; @@ -129,10 +129,10 @@ PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; if (!ossl_prov_is_running() - || pdhctx == NULL - || vdh == NULL - || !dh_match_params(vdh, pdhctx->dh) - || !DH_up_ref(vdh)) + || pdhctx == NULL + || vdh == NULL + || !dh_match_params(vdh, pdhctx->dh) + || !DH_up_ref(vdh)) return 0; DH_free(pdhctx->dhpeer); pdhctx->dhpeer = vdh; @@ -140,8 +140,8 @@ } static int dh_plain_derive(void *vpdhctx, - unsigned char *secret, size_t *secretlen, - size_t outlen, unsigned int pad) + unsigned char *secret, size_t *secretlen, + size_t outlen, unsigned int pad) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; int ret; @@ -176,7 +176,7 @@ } static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret, - size_t *secretlen, size_t outlen) + size_t *secretlen, size_t outlen) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; unsigned char *stmp = NULL; @@ -204,12 +204,12 @@ /* Do KDF stuff */ if (pdhctx->kdf_type == PROV_DH_KDF_X9_42_ASN1) { if (!ossl_dh_kdf_X9_42_asn1(secret, pdhctx->kdf_outlen, - stmp, stmplen, - pdhctx->kdf_cekalg, - pdhctx->kdf_ukm, - pdhctx->kdf_ukmlen, - pdhctx->kdf_md, - pdhctx->libctx, NULL)) + stmp, stmplen, + pdhctx->kdf_cekalg, + pdhctx->kdf_ukm, + pdhctx->kdf_ukmlen, + pdhctx->kdf_md, + pdhctx->libctx, NULL)) goto err; } *secretlen = pdhctx->kdf_outlen; @@ -220,7 +220,7 @@ } static int dh_derive(void *vpdhctx, unsigned char *secret, - size_t *psecretlen, size_t outlen) + size_t *psecretlen, size_t outlen) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; @@ -228,13 +228,13 @@ return 0; switch (pdhctx->kdf_type) { - case PROV_DH_KDF_NONE: - return dh_plain_derive(pdhctx, secret, psecretlen, outlen, - pdhctx->pad); - case PROV_DH_KDF_X9_42_ASN1: - return dh_X9_42_kdf_derive(pdhctx, secret, psecretlen, outlen); - default: - break; + case PROV_DH_KDF_NONE: + return dh_plain_derive(pdhctx, secret, psecretlen, outlen, + pdhctx->pad); + case PROV_DH_KDF_X9_42_ASN1: + return dh_X9_42_kdf_derive(pdhctx, secret, psecretlen, outlen); + default: + break; } return 0; } @@ -289,7 +289,7 @@ /* Duplicate UKM data if present */ if (srcctx->kdf_ukm != NULL && srcctx->kdf_ukmlen > 0) { dstctx->kdf_ukm = OPENSSL_memdup(srcctx->kdf_ukm, - srcctx->kdf_ukmlen); + srcctx->kdf_ukmlen); if (dstctx->kdf_ukm == NULL) goto err; } @@ -342,7 +342,7 @@ str = mdprops; p = OSSL_PARAM_locate_const(params, - OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS); + OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS); if (p != NULL) { if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) @@ -421,7 +421,7 @@ }; static const OSSL_PARAM *dh_settable_ctx_params(ossl_unused void *vpdhctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -431,13 +431,13 @@ OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0), OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL), OSSL_PARAM_DEFN(OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, - NULL, 0), + NULL, 0), OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CEK_ALG, NULL, 0), OSSL_PARAM_END }; static const OSSL_PARAM *dh_gettable_ctx_params(ossl_unused void *vpdhctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -455,14 +455,14 @@ const char *kdf_type = NULL; switch (pdhctx->kdf_type) { - case PROV_DH_KDF_NONE: - kdf_type = ""; - break; - case PROV_DH_KDF_X9_42_ASN1: - kdf_type = OSSL_KDF_NAME_X942KDF_ASN1; - break; - default: - return 0; + case PROV_DH_KDF_NONE: + kdf_type = ""; + break; + case PROV_DH_KDF_X9_42_ASN1: + kdf_type = OSSL_KDF_NAME_X942KDF_ASN1; + break; + default: + return 0; } if (!OSSL_PARAM_set_utf8_string(p, kdf_type)) @@ -471,9 +471,7 @@ p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST); if (p != NULL - && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_md == NULL - ? "" - : EVP_MD_get0_name(pdhctx->kdf_md))){ + && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_md == NULL ? "" : EVP_MD_get0_name(pdhctx->kdf_md))) { return 0; } @@ -488,8 +486,7 @@ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_CEK_ALG); if (p != NULL - && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_cekalg == NULL - ? "" : pdhctx->kdf_cekalg)) + && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_cekalg == NULL ? "" : pdhctx->kdf_cekalg)) return 0; return 1; @@ -504,9 +501,9 @@ { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))dh_dupctx }, { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))dh_set_ctx_params }, { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, - (void (*)(void))dh_settable_ctx_params }, + (void (*)(void))dh_settable_ctx_params }, { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))dh_get_ctx_params }, { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, - (void (*)(void))dh_gettable_ctx_params }, + (void (*)(void))dh_gettable_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/exchange/ecdh_exch.c.orig +++ crypto/openssl/providers/implementations/exchange/ecdh_exch.c @@ -79,8 +79,7 @@ size_t kdf_outlen; } PROV_ECDH_CTX; -static -void *ecdh_newctx(void *provctx) +static void *ecdh_newctx(void *provctx) { PROV_ECDH_CTX *pectx; @@ -98,26 +97,24 @@ return (void *)pectx; } -static -int ecdh_init(void *vpecdhctx, void *vecdh, const OSSL_PARAM params[]) +static int ecdh_init(void *vpecdhctx, void *vecdh, const OSSL_PARAM params[]) { PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; if (!ossl_prov_is_running() - || pecdhctx == NULL - || vecdh == NULL - || !EC_KEY_up_ref(vecdh)) + || pecdhctx == NULL + || vecdh == NULL + || !EC_KEY_up_ref(vecdh)) return 0; EC_KEY_free(pecdhctx->k); pecdhctx->k = vecdh; pecdhctx->cofactor_mode = -1; pecdhctx->kdf_type = PROV_ECDH_KDF_NONE; return ecdh_set_ctx_params(pecdhctx, params) - && ossl_ec_check_key(pecdhctx->libctx, vecdh, 1); + && ossl_ec_check_key(pecdhctx->libctx, vecdh, 1); } -static -int ecdh_match_params(const EC_KEY *priv, const EC_KEY *peer) +static int ecdh_match_params(const EC_KEY *priv, const EC_KEY *peer) { int ret; BN_CTX *ctx = NULL; @@ -130,25 +127,24 @@ return 0; } ret = group_priv != NULL - && group_peer != NULL - && EC_GROUP_cmp(group_priv, group_peer, ctx) == 0; + && group_peer != NULL + && EC_GROUP_cmp(group_priv, group_peer, ctx) == 0; if (!ret) ERR_raise(ERR_LIB_PROV, PROV_R_MISMATCHING_DOMAIN_PARAMETERS); BN_CTX_free(ctx); return ret; } -static -int ecdh_set_peer(void *vpecdhctx, void *vecdh) +static int ecdh_set_peer(void *vpecdhctx, void *vecdh) { PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; if (!ossl_prov_is_running() - || pecdhctx == NULL - || vecdh == NULL - || !ecdh_match_params(pecdhctx->k, vecdh) - || !ossl_ec_check_key(pecdhctx->libctx, vecdh, 1) - || !EC_KEY_up_ref(vecdh)) + || pecdhctx == NULL + || vecdh == NULL + || !ecdh_match_params(pecdhctx->k, vecdh) + || !ossl_ec_check_key(pecdhctx->libctx, vecdh, 1) + || !EC_KEY_up_ref(vecdh)) return 0; EC_KEY_free(pecdhctx->peerk); @@ -156,8 +152,7 @@ return 1; } -static -void ecdh_freectx(void *vpecdhctx) +static void ecdh_freectx(void *vpecdhctx) { PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; @@ -170,8 +165,7 @@ OPENSSL_free(pecdhctx); } -static -void *ecdh_dupctx(void *vpecdhctx) +static void *ecdh_dupctx(void *vpecdhctx) { PROV_ECDH_CTX *srcctx = (PROV_ECDH_CTX *)vpecdhctx; PROV_ECDH_CTX *dstctx; @@ -187,7 +181,7 @@ /* clear all pointers */ - dstctx->k= NULL; + dstctx->k = NULL; dstctx->peerk = NULL; dstctx->kdf_md = NULL; dstctx->kdf_ukm = NULL; @@ -212,20 +206,19 @@ /* Duplicate UKM data if present */ if (srcctx->kdf_ukm != NULL && srcctx->kdf_ukmlen > 0) { dstctx->kdf_ukm = OPENSSL_memdup(srcctx->kdf_ukm, - srcctx->kdf_ukmlen); + srcctx->kdf_ukmlen); if (dstctx->kdf_ukm == NULL) goto err; } return dstctx; - err: +err: ecdh_freectx(dstctx); return NULL; } -static -int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) +static int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) { char name[80] = { '\0' }; /* should be big enough */ char *str = NULL; @@ -274,7 +267,7 @@ str = mdprops; p = OSSL_PARAM_locate_const(params, - OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS); + OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS); if (p != NULL) { if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) @@ -325,15 +318,13 @@ OSSL_PARAM_END }; -static -const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *vpecdhctx, - ossl_unused void *provctx) +static const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *vpecdhctx, + ossl_unused void *provctx) { return known_settable_ctx_params; } -static -int ecdh_get_ctx_params(void *vpecdhctx, OSSL_PARAM params[]) +static int ecdh_get_ctx_params(void *vpecdhctx, OSSL_PARAM params[]) { PROV_ECDH_CTX *pectx = (PROV_ECDH_CTX *)vpecdhctx; OSSL_PARAM *p; @@ -359,14 +350,14 @@ const char *kdf_type = NULL; switch (pectx->kdf_type) { - case PROV_ECDH_KDF_NONE: - kdf_type = ""; - break; - case PROV_ECDH_KDF_X9_63: - kdf_type = OSSL_KDF_NAME_X963KDF; - break; - default: - return 0; + case PROV_ECDH_KDF_NONE: + kdf_type = ""; + break; + case PROV_ECDH_KDF_X9_63: + kdf_type = OSSL_KDF_NAME_X963KDF; + break; + default: + return 0; } if (!OSSL_PARAM_set_utf8_string(p, kdf_type)) @@ -375,9 +366,7 @@ p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST); if (p != NULL - && !OSSL_PARAM_set_utf8_string(p, pectx->kdf_md == NULL - ? "" - : EVP_MD_get0_name(pectx->kdf_md))){ + && !OSSL_PARAM_set_utf8_string(p, pectx->kdf_md == NULL ? "" : EVP_MD_get0_name(pectx->kdf_md))) { return 0; } @@ -386,8 +375,7 @@ return 0; p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM); - if (p != NULL && - !OSSL_PARAM_set_octet_ptr(p, pectx->kdf_ukm, pectx->kdf_ukmlen)) + if (p != NULL && !OSSL_PARAM_set_octet_ptr(p, pectx->kdf_ukm, pectx->kdf_ukmlen)) return 0; return 1; @@ -399,25 +387,25 @@ OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0), OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL), OSSL_PARAM_DEFN(OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, - NULL, 0), + NULL, 0), OSSL_PARAM_END }; -static -const OSSL_PARAM *ecdh_gettable_ctx_params(ossl_unused void *vpecdhctx, - ossl_unused void *provctx) +static const OSSL_PARAM *ecdh_gettable_ctx_params(ossl_unused void *vpecdhctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } static ossl_inline -size_t ecdh_size(const EC_KEY *k) + size_t + ecdh_size(const EC_KEY *k) { size_t degree = 0; const EC_GROUP *group; if (k == NULL - || (group = EC_KEY_get0_group(k)) == NULL) + || (group = EC_KEY_get0_group(k)) == NULL) return 0; degree = EC_GROUP_get_degree(group); @@ -425,9 +413,8 @@ return (degree + 7) / 8; } -static ossl_inline -int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, - size_t *psecretlen, size_t outlen) +static ossl_inline int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, + size_t *psecretlen, size_t outlen) { PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; int retlen, ret = 0; @@ -450,7 +437,7 @@ } if ((group = EC_KEY_get0_group(pecdhctx->k)) == NULL - || (cofactor = EC_GROUP_get0_cofactor(group)) == NULL ) + || (cofactor = EC_GROUP_get0_cofactor(group)) == NULL) return 0; /* @@ -471,11 +458,10 @@ * - if ctx->k->cofactor != 1, use a duplicate of ctx->k with the flag * set to ctx->cofactor_mode */ - key_cofactor_mode = - (EC_KEY_get_flags(pecdhctx->k) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; + key_cofactor_mode = (EC_KEY_get_flags(pecdhctx->k) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; if (pecdhctx->cofactor_mode != -1 - && pecdhctx->cofactor_mode != key_cofactor_mode - && !BN_is_one(cofactor)) { + && pecdhctx->cofactor_mode != key_cofactor_mode + && !BN_is_one(cofactor)) { if ((privk = EC_KEY_dup(pecdhctx->k)) == NULL) return 0; @@ -497,15 +483,14 @@ *psecretlen = retlen; ret = 1; - end: +end: if (privk != pecdhctx->k) EC_KEY_free(privk); return ret; } -static ossl_inline -int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, - size_t *psecretlen, size_t outlen) +static ossl_inline int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, + size_t *psecretlen, size_t outlen) { PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; unsigned char *stmp = NULL; @@ -532,33 +517,32 @@ /* Do KDF stuff */ if (!ossl_ecdh_kdf_X9_63(secret, pecdhctx->kdf_outlen, - stmp, stmplen, - pecdhctx->kdf_ukm, - pecdhctx->kdf_ukmlen, - pecdhctx->kdf_md, - pecdhctx->libctx, NULL)) + stmp, stmplen, + pecdhctx->kdf_ukm, + pecdhctx->kdf_ukmlen, + pecdhctx->kdf_md, + pecdhctx->libctx, NULL)) goto err; *psecretlen = pecdhctx->kdf_outlen; ret = 1; - err: +err: OPENSSL_secure_clear_free(stmp, stmplen); return ret; } -static -int ecdh_derive(void *vpecdhctx, unsigned char *secret, - size_t *psecretlen, size_t outlen) +static int ecdh_derive(void *vpecdhctx, unsigned char *secret, + size_t *psecretlen, size_t outlen) { PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; switch (pecdhctx->kdf_type) { - case PROV_ECDH_KDF_NONE: - return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen); - case PROV_ECDH_KDF_X9_63: - return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen); - default: - break; + case PROV_ECDH_KDF_NONE: + return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen); + case PROV_ECDH_KDF_X9_63: + return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen); + default: + break; } return 0; } @@ -572,9 +556,9 @@ { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecdh_dupctx }, { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))ecdh_set_ctx_params }, { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, - (void (*)(void))ecdh_settable_ctx_params }, + (void (*)(void))ecdh_settable_ctx_params }, { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))ecdh_get_ctx_params }, { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, - (void (*)(void))ecdh_gettable_ctx_params }, + (void (*)(void))ecdh_gettable_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/exchange/ecx_exch.c.orig +++ crypto/openssl/providers/implementations/exchange/ecx_exch.c @@ -18,7 +18,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" #ifdef S390X_EC_ASM -# include "s390x_arch.h" +#include "s390x_arch.h" #endif static OSSL_FUNC_keyexch_newctx_fn x25519_newctx; @@ -70,7 +70,7 @@ } static int ecx_init(void *vecxctx, void *vkey, - ossl_unused const OSSL_PARAM params[]) + ossl_unused const OSSL_PARAM params[]) { PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx; ECX_KEY *key = vkey; @@ -79,9 +79,9 @@ return 0; if (ecxctx == NULL - || key == NULL - || key->keylen != ecxctx->keylen - || !ossl_ecx_key_up_ref(key)) { + || key == NULL + || key->keylen != ecxctx->keylen + || !ossl_ecx_key_up_ref(key)) { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); return 0; } @@ -101,9 +101,9 @@ return 0; if (ecxctx == NULL - || key == NULL - || key->keylen != ecxctx->keylen - || !ossl_ecx_key_up_ref(key)) { + || key == NULL + || key->keylen != ecxctx->keylen + || !ossl_ecx_key_up_ref(key)) { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); return 0; } @@ -114,7 +114,7 @@ } static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, - size_t outlen) + size_t outlen) { PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx; @@ -122,8 +122,8 @@ return 0; if (ecxctx->key == NULL - || ecxctx->key->privkey == NULL - || ecxctx->peerkey == NULL) { + || ecxctx->key->privkey == NULL + || ecxctx->peerkey == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; } @@ -146,32 +146,36 @@ if (ecxctx->keylen == X25519_KEYLEN) { #ifdef S390X_EC_ASM if (OPENSSL_s390xcap_P.pcc[1] - & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)) { + & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)) { if (s390x_x25519_mul(secret, ecxctx->peerkey->pubkey, - ecxctx->key->privkey) == 0) { + ecxctx->key->privkey) + == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION); return 0; } } else #endif - if (ossl_x25519(secret, ecxctx->key->privkey, - ecxctx->peerkey->pubkey) == 0) { + if (ossl_x25519(secret, ecxctx->key->privkey, + ecxctx->peerkey->pubkey) + == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION); return 0; } } else { #ifdef S390X_EC_ASM if (OPENSSL_s390xcap_P.pcc[1] - & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)) { + & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)) { if (s390x_x448_mul(secret, ecxctx->peerkey->pubkey, - ecxctx->key->privkey) == 0) { + ecxctx->key->privkey) + == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION); return 0; } } else #endif - if (ossl_x448(secret, ecxctx->key->privkey, - ecxctx->peerkey->pubkey) == 0) { + if (ossl_x448(secret, ecxctx->key->privkey, + ecxctx->peerkey->pubkey) + == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION); return 0; } --- crypto/openssl/providers/implementations/exchange/kdf_exch.c.orig +++ crypto/openssl/providers/implementations/exchange/kdf_exch.c @@ -71,10 +71,10 @@ return NULL; } -#define KDF_NEWCTX(funcname, kdfname) \ +#define KDF_NEWCTX(funcname, kdfname) \ static void *kdf_##funcname##_newctx(void *provctx) \ - { \ - return kdf_newctx(kdfname, provctx); \ + { \ + return kdf_newctx(kdfname, provctx); \ } KDF_NEWCTX(tls1_prf, "TLS1-PRF") @@ -86,9 +86,9 @@ PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; if (!ossl_prov_is_running() - || pkdfctx == NULL - || vkdf == NULL - || !ossl_kdf_data_up_ref(vkdf)) + || pkdfctx == NULL + || vkdf == NULL + || !ossl_kdf_data_up_ref(vkdf)) return 0; pkdfctx->kdfdata = vkdf; @@ -96,7 +96,7 @@ } static int kdf_derive(void *vpkdfctx, unsigned char *secret, size_t *secretlen, - size_t outlen) + size_t outlen) { PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; size_t kdfsize; @@ -181,11 +181,11 @@ } static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx, - void *provctx, - const char *kdfname) + void *provctx, + const char *kdfname) { EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, - NULL); + NULL); const OSSL_PARAM *params; if (kdf == NULL) @@ -197,11 +197,11 @@ return params; } -#define KDF_SETTABLE_CTX_PARAMS(funcname, kdfname) \ +#define KDF_SETTABLE_CTX_PARAMS(funcname, kdfname) \ static const OSSL_PARAM *kdf_##funcname##_settable_ctx_params(void *vpkdfctx, \ - void *provctx) \ - { \ - return kdf_settable_ctx_params(vpkdfctx, provctx, kdfname); \ + void *provctx) \ + { \ + return kdf_settable_ctx_params(vpkdfctx, provctx, kdfname); \ } KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") @@ -209,11 +209,11 @@ KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") static const OSSL_PARAM *kdf_gettable_ctx_params(ossl_unused void *vpkdfctx, - void *provctx, - const char *kdfname) + void *provctx, + const char *kdfname) { EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, - NULL); + NULL); const OSSL_PARAM *params; if (kdf == NULL) @@ -225,31 +225,31 @@ return params; } -#define KDF_GETTABLE_CTX_PARAMS(funcname, kdfname) \ +#define KDF_GETTABLE_CTX_PARAMS(funcname, kdfname) \ static const OSSL_PARAM *kdf_##funcname##_gettable_ctx_params(void *vpkdfctx, \ - void *provctx) \ - { \ - return kdf_gettable_ctx_params(vpkdfctx, provctx, kdfname); \ + void *provctx) \ + { \ + return kdf_gettable_ctx_params(vpkdfctx, provctx, kdfname); \ } KDF_GETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") KDF_GETTABLE_CTX_PARAMS(hkdf, "HKDF") KDF_GETTABLE_CTX_PARAMS(scrypt, "SCRYPT") -#define KDF_KEYEXCH_FUNCTIONS(funcname) \ - const OSSL_DISPATCH ossl_kdf_##funcname##_keyexch_functions[] = { \ - { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))kdf_##funcname##_newctx }, \ - { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))kdf_init }, \ - { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))kdf_derive }, \ - { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))kdf_freectx }, \ - { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))kdf_dupctx }, \ +#define KDF_KEYEXCH_FUNCTIONS(funcname) \ + const OSSL_DISPATCH ossl_kdf_##funcname##_keyexch_functions[] = { \ + { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))kdf_##funcname##_newctx }, \ + { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))kdf_init }, \ + { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))kdf_derive }, \ + { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))kdf_freectx }, \ + { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))kdf_dupctx }, \ { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))kdf_set_ctx_params }, \ { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))kdf_get_ctx_params }, \ - { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, \ - (void (*)(void))kdf_##funcname##_settable_ctx_params }, \ - { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, \ - (void (*)(void))kdf_##funcname##_gettable_ctx_params }, \ - { 0, NULL } \ + { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, \ + (void (*)(void))kdf_##funcname##_settable_ctx_params }, \ + { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, \ + (void (*)(void))kdf_##funcname##_gettable_ctx_params }, \ + { 0, NULL } \ }; KDF_KEYEXCH_FUNCTIONS(tls1_prf) --- crypto/openssl/providers/implementations/include/prov/blake2.h.orig +++ crypto/openssl/providers/implementations/include/prov/blake2.h @@ -8,36 +8,36 @@ */ #ifndef OSSL_PROV_BLAKE2_H -# define OSSL_PROV_BLAKE2_H +#define OSSL_PROV_BLAKE2_H -# include +#include -# include -# include +#include +#include -# define BLAKE2S_BLOCKBYTES 64 -# define BLAKE2S_OUTBYTES 32 -# define BLAKE2S_KEYBYTES 32 -# define BLAKE2S_SALTBYTES 8 -# define BLAKE2S_PERSONALBYTES 8 +#define BLAKE2S_BLOCKBYTES 64 +#define BLAKE2S_OUTBYTES 32 +#define BLAKE2S_KEYBYTES 32 +#define BLAKE2S_SALTBYTES 8 +#define BLAKE2S_PERSONALBYTES 8 -# define BLAKE2B_BLOCKBYTES 128 -# define BLAKE2B_OUTBYTES 64 -# define BLAKE2B_KEYBYTES 64 -# define BLAKE2B_SALTBYTES 16 -# define BLAKE2B_PERSONALBYTES 16 +#define BLAKE2B_BLOCKBYTES 128 +#define BLAKE2B_OUTBYTES 64 +#define BLAKE2B_KEYBYTES 64 +#define BLAKE2B_SALTBYTES 16 +#define BLAKE2B_PERSONALBYTES 16 struct blake2s_param_st { - uint8_t digest_length; /* 1 */ - uint8_t key_length; /* 2 */ - uint8_t fanout; /* 3 */ - uint8_t depth; /* 4 */ - uint8_t leaf_length[4];/* 8 */ - uint8_t node_offset[6];/* 14 */ - uint8_t node_depth; /* 15 */ - uint8_t inner_length; /* 16 */ - uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */ - uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */ + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint8_t leaf_length[4]; /* 8 */ + uint8_t node_offset[6]; /* 14 */ + uint8_t node_depth; /* 15 */ + uint8_t inner_length; /* 16 */ + uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */ + uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */ }; typedef struct blake2s_param_st BLAKE2S_PARAM; @@ -46,23 +46,23 @@ uint32_t h[8]; uint32_t t[2]; uint32_t f[2]; - uint8_t buf[BLAKE2S_BLOCKBYTES]; - size_t buflen; - size_t outlen; + uint8_t buf[BLAKE2S_BLOCKBYTES]; + size_t buflen; + size_t outlen; }; struct blake2b_param_st { - uint8_t digest_length; /* 1 */ - uint8_t key_length; /* 2 */ - uint8_t fanout; /* 3 */ - uint8_t depth; /* 4 */ - uint8_t leaf_length[4];/* 8 */ - uint8_t node_offset[8];/* 16 */ - uint8_t node_depth; /* 17 */ - uint8_t inner_length; /* 18 */ - uint8_t reserved[14]; /* 32 */ - uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ - uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint8_t leaf_length[4]; /* 8 */ + uint8_t node_offset[8]; /* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ }; typedef struct blake2b_param_st BLAKE2B_PARAM; @@ -71,9 +71,9 @@ uint64_t h[8]; uint64_t t[2]; uint64_t f[2]; - uint8_t buf[BLAKE2B_BLOCKBYTES]; - size_t buflen; - size_t outlen; + uint8_t buf[BLAKE2B_BLOCKBYTES]; + size_t buflen; + size_t outlen; }; #define BLAKE2B_DIGEST_LENGTH 64 @@ -87,7 +87,7 @@ int ossl_blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P); int ossl_blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, - const void *key); + const void *key); int ossl_blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen); int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c); @@ -100,12 +100,12 @@ void ossl_blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen); void ossl_blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen); void ossl_blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, - size_t length); + size_t length); void ossl_blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, - size_t length); + size_t length); int ossl_blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P); int ossl_blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, - const void *key); + const void *key); int ossl_blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen); int ossl_blake2s_final(unsigned char *md, BLAKE2S_CTX *c); @@ -113,8 +113,8 @@ void ossl_blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen); void ossl_blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen); void ossl_blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, - size_t length); + size_t length); void ossl_blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, - size_t length); + size_t length); #endif /* OSSL_PROV_BLAKE2_H */ --- crypto/openssl/providers/implementations/include/prov/ciphercommon.h.orig +++ crypto/openssl/providers/implementations/include/prov/ciphercommon.h @@ -14,32 +14,32 @@ #include "internal/cryptlib.h" #include "crypto/modes.h" -# define MAXCHUNK ((size_t)1 << 30) -# define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) +#define MAXCHUNK ((size_t)1 << 30) +#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) #define GENERIC_BLOCK_SIZE 16 -#define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */ -#define IV_STATE_BUFFERED 1 /* iv has been copied to the iv buffer */ -#define IV_STATE_COPIED 2 /* iv has been copied from the iv buffer */ -#define IV_STATE_FINISHED 3 /* the iv has been used - so don't reuse it */ +#define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */ +#define IV_STATE_BUFFERED 1 /* iv has been copied to the iv buffer */ +#define IV_STATE_COPIED 2 /* iv has been copied from the iv buffer */ +#define IV_STATE_FINISHED 3 /* the iv has been used - so don't reuse it */ -#define PROV_CIPHER_FUNC(type, name, args) typedef type (* OSSL_##name##_fn)args +#define PROV_CIPHER_FUNC(type, name, args) typedef type(*OSSL_##name##_fn) args typedef struct prov_cipher_hw_st PROV_CIPHER_HW; typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX; -typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len); +typedef int(PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len); /* Internal flags that can be queried */ -#define PROV_CIPHER_FLAG_AEAD 0x0001 -#define PROV_CIPHER_FLAG_CUSTOM_IV 0x0002 -#define PROV_CIPHER_FLAG_CTS 0x0004 -#define PROV_CIPHER_FLAG_TLS1_MULTIBLOCK 0x0008 -#define PROV_CIPHER_FLAG_RAND_KEY 0x0010 +#define PROV_CIPHER_FLAG_AEAD 0x0001 +#define PROV_CIPHER_FLAG_CUSTOM_IV 0x0002 +#define PROV_CIPHER_FLAG_CTS 0x0004 +#define PROV_CIPHER_FLAG_TLS1_MULTIBLOCK 0x0008 +#define PROV_CIPHER_FLAG_RAND_KEY 0x0010 /* Internal flags that are only used within the provider */ -#define PROV_CIPHER_FLAG_VARIABLE_LENGTH 0x0100 -#define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0200 +#define PROV_CIPHER_FLAG_VARIABLE_LENGTH 0x0100 +#define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0200 struct prov_cipher_ctx_st { /* place buffer at the beginning for memory alignment */ @@ -57,13 +57,13 @@ } stream; unsigned int mode; - size_t keylen; /* key size (in bytes) */ + size_t keylen; /* key size (in bytes) */ size_t ivlen; size_t blocksize; - size_t bufsz; /* Number of bytes in buf */ - unsigned int cts_mode; /* Use to set the type for CTS modes */ - unsigned int pad : 1; /* Whether padding should be used or not */ - unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */ + size_t bufsz; /* Number of bytes in buf */ + unsigned int cts_mode; /* Use to set the type for CTS modes */ + unsigned int pad : 1; /* Whether padding should be used or not */ + unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */ unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */ unsigned int key_set : 1; /* Set when key is set on the context */ unsigned int updated : 1; /* Set to 1 during update for one shot ciphers */ @@ -72,18 +72,18 @@ unsigned int use_bits : 1; /* Set to 0 for cfb1 to use bits instead of bytes */ unsigned int tlsversion; /* If TLS padding is in use the TLS version number */ - unsigned char *tlsmac; /* tls MAC extracted from the last record */ - int alloced; /* - * Whether the tlsmac data has been allocated or - * points into the user buffer. - */ - size_t tlsmacsize; /* Size of the TLS MAC */ - int removetlspad; /* Whether TLS padding should be removed or not */ - size_t removetlsfixed; /* - * Length of the fixed size data to remove when - * processing TLS data (equals mac size plus - * IV size if applicable) - */ + unsigned char *tlsmac; /* tls MAC extracted from the last record */ + int alloced; /* + * Whether the tlsmac data has been allocated or + * points into the user buffer. + */ + size_t tlsmacsize; /* Size of the TLS MAC */ + int removetlspad; /* Whether TLS padding should be removed or not */ + size_t removetlsfixed; /* + * Length of the fixed size data to remove when + * processing TLS data (equals mac size plus + * IV size if applicable) + */ /* * num contains the number of bytes of |iv| which are valid for modes that @@ -111,7 +111,7 @@ OSSL_FUNC_cipher_cipher_fn ossl_cipher_generic_cipher; OSSL_FUNC_cipher_get_ctx_params_fn ossl_cipher_generic_get_ctx_params; OSSL_FUNC_cipher_set_ctx_params_fn ossl_cipher_generic_set_ctx_params; -OSSL_FUNC_cipher_gettable_params_fn ossl_cipher_generic_gettable_params; +OSSL_FUNC_cipher_gettable_params_fn ossl_cipher_generic_gettable_params; OSSL_FUNC_cipher_gettable_ctx_params_fn ossl_cipher_generic_gettable_ctx_params; OSSL_FUNC_cipher_settable_ctx_params_fn ossl_cipher_generic_settable_ctx_params; OSSL_FUNC_cipher_set_ctx_params_fn ossl_cipher_var_keylen_set_ctx_params; @@ -120,103 +120,102 @@ OSSL_FUNC_cipher_settable_ctx_params_fn ossl_cipher_aead_settable_ctx_params; int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, - uint64_t flags, - size_t kbits, size_t blkbits, size_t ivbits); + uint64_t flags, + size_t kbits, size_t blkbits, size_t ivbits); void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits, - size_t ivbits, unsigned int mode, - uint64_t flags, - const PROV_CIPHER_HW *hw, void *provctx); - -#define IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits,\ - blkbits, ivbits, typ) \ -const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_cipher_generic_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_cipher_generic_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update },\ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ - { 0, NULL } \ -}; - -#define IMPLEMENT_var_keylen_cipher_func(alg, UCALG, lcmode, UCMODE, flags, \ - kbits, blkbits, ivbits, typ) \ -const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_cipher_generic_einit },\ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_cipher_generic_dinit },\ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update },\ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_var_keylen_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_var_keylen_settable_ctx_params }, \ - { 0, NULL } \ -}; - - -#define IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, \ - kbits, blkbits, ivbits, typ) \ -static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ -static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ -static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ -{ \ - PROV_##UCALG##_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx))\ - : NULL; \ - if (ctx != NULL) { \ - ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ - EVP_CIPH_##UCMODE##_MODE, flags, \ - ossl_prov_cipher_hw_##alg##_##lcmode(kbits),\ - provctx); \ - } \ - return ctx; \ -} \ - -#define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ -IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ -IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) + size_t ivbits, unsigned int mode, + uint64_t flags, + const PROV_CIPHER_HW *hw, void *provctx); + +#define IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ + const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))alg##_##kbits##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_cipher_generic_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_cipher_generic_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))alg##_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_settable_ctx_params }, \ + { 0, NULL } \ + }; + +#define IMPLEMENT_var_keylen_cipher_func(alg, UCALG, lcmode, UCMODE, flags, \ + kbits, blkbits, ivbits, typ) \ + const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void))alg##_##kbits##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_cipher_generic_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_cipher_generic_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_cipher_generic_##typ##_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_cipher_generic_##typ##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))alg##_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_var_keylen_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_var_keylen_settable_ctx_params }, \ + { 0, NULL } \ + }; + +#define IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, \ + kbits, blkbits, ivbits, typ) \ + static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ + static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ + static void *alg##_##kbits##_##lcmode##_newctx(void *provctx) \ + { \ + PROV_##UCALG##_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) \ + : NULL; \ + if (ctx != NULL) { \ + ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ + EVP_CIPH_##UCMODE##_MODE, flags, \ + ossl_prov_cipher_hw_##alg##_##lcmode(kbits), \ + provctx); \ + } \ + return ctx; \ + } + +#define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ + IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ + IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) #define IMPLEMENT_var_keylen_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ -IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ -IMPLEMENT_var_keylen_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) + blkbits, ivbits, typ) \ + IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ + IMPLEMENT_var_keylen_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) PROV_CIPHER_HW_FN ossl_cipher_hw_generic_cbc; PROV_CIPHER_HW_FN ossl_cipher_hw_generic_ecb; @@ -229,135 +228,137 @@ PROV_CIPHER_HW_FN ossl_cipher_hw_chunked_cfb8; PROV_CIPHER_HW_FN ossl_cipher_hw_chunked_cfb128; PROV_CIPHER_HW_FN ossl_cipher_hw_chunked_ofb128; -#define ossl_cipher_hw_chunked_ecb ossl_cipher_hw_generic_ecb -#define ossl_cipher_hw_chunked_ctr ossl_cipher_hw_generic_ctr +#define ossl_cipher_hw_chunked_ecb ossl_cipher_hw_generic_ecb +#define ossl_cipher_hw_chunked_ctr ossl_cipher_hw_generic_ctr #define ossl_cipher_hw_chunked_cfb1 ossl_cipher_hw_generic_cfb1 -#define IMPLEMENT_CIPHER_HW_OFB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ -static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ - unsigned char *out, \ - const unsigned char *in, size_t len) \ -{ \ - int num = ctx->num; \ - KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ - \ - while (len >= MAXCHUNK) { \ - FUNC_PREFIX##_encrypt(in, out, MAXCHUNK, key, ctx->iv, &num); \ - len -= MAXCHUNK; \ - in += MAXCHUNK; \ - out += MAXCHUNK; \ - } \ - if (len > 0) { \ - FUNC_PREFIX##_encrypt(in, out, (long)len, key, ctx->iv, &num); \ - } \ - ctx->num = num; \ - return 1; \ -} - -#define IMPLEMENT_CIPHER_HW_ECB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ -static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ - unsigned char *out, \ - const unsigned char *in, size_t len) \ -{ \ - size_t i, bl = ctx->blocksize; \ - KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ - \ - if (len < bl) \ - return 1; \ - for (i = 0, len -= bl; i <= len; i += bl) \ - FUNC_PREFIX##_encrypt(in + i, out + i, key, ctx->enc); \ - return 1; \ -} +#define IMPLEMENT_CIPHER_HW_OFB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ + static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ + unsigned char *out, \ + const unsigned char *in, size_t len) \ + { \ + int num = ctx->num; \ + KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ + \ + while (len >= MAXCHUNK) { \ + FUNC_PREFIX##_encrypt(in, out, MAXCHUNK, key, ctx->iv, &num); \ + len -= MAXCHUNK; \ + in += MAXCHUNK; \ + out += MAXCHUNK; \ + } \ + if (len > 0) { \ + FUNC_PREFIX##_encrypt(in, out, (long)len, key, ctx->iv, &num); \ + } \ + ctx->num = num; \ + return 1; \ + } + +#define IMPLEMENT_CIPHER_HW_ECB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ + static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ + unsigned char *out, \ + const unsigned char *in, size_t len) \ + { \ + size_t i, bl = ctx->blocksize; \ + KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ + \ + if (len < bl) \ + return 1; \ + for (i = 0, len -= bl; i <= len; i += bl) \ + FUNC_PREFIX##_encrypt(in + i, out + i, key, ctx->enc); \ + return 1; \ + } #define IMPLEMENT_CIPHER_HW_CBC(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ -static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ - unsigned char *out, \ - const unsigned char *in, size_t len) \ -{ \ - KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ - \ - while (len >= MAXCHUNK) { \ - FUNC_PREFIX##_encrypt(in, out, MAXCHUNK, key, ctx->iv, ctx->enc); \ - len -= MAXCHUNK; \ - in += MAXCHUNK; \ - out += MAXCHUNK; \ - } \ - if (len > 0) \ - FUNC_PREFIX##_encrypt(in, out, (long)len, key, ctx->iv, ctx->enc); \ - return 1; \ -} - -#define IMPLEMENT_CIPHER_HW_CFB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ -static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ - unsigned char *out, \ - const unsigned char *in, size_t len) \ -{ \ - size_t chunk = MAXCHUNK; \ - KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ - int num = ctx->num; \ - \ - if (len < chunk) \ - chunk = len; \ - while (len > 0 && len >= chunk) { \ - FUNC_PREFIX##_encrypt(in, out, (long)chunk, key, ctx->iv, &num, \ - ctx->enc); \ - len -= chunk; \ - in += chunk; \ - out += chunk; \ - if (len < chunk) \ - chunk = len; \ - } \ - ctx->num = num; \ - return 1; \ -} - -#define IMPLEMENT_CIPHER_HW_COPYCTX(name, CTX_TYPE) \ -static void name(PROV_CIPHER_CTX *dst, const PROV_CIPHER_CTX *src) \ -{ \ - CTX_TYPE *sctx = (CTX_TYPE *)src; \ - CTX_TYPE *dctx = (CTX_TYPE *)dst; \ + static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ + unsigned char *out, \ + const unsigned char *in, size_t len) \ + { \ + KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ \ - *dctx = *sctx; \ - dst->ks = &dctx->ks.ks; \ -} - -#define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(name) \ -static const OSSL_PARAM name##_known_gettable_ctx_params[] = { \ - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), \ - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), \ - OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), \ - OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), \ - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), \ - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0), - -#define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(name) \ - OSSL_PARAM_END \ -}; \ -const OSSL_PARAM * name##_gettable_ctx_params(ossl_unused void *cctx, \ - ossl_unused void *provctx) \ -{ \ - return name##_known_gettable_ctx_params; \ -} - -#define CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(name) \ -static const OSSL_PARAM name##_known_settable_ctx_params[] = { \ - OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), \ - OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), -#define CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(name) \ - OSSL_PARAM_END \ -}; \ -const OSSL_PARAM * name##_settable_ctx_params(ossl_unused void *cctx, \ - ossl_unused void *provctx) \ -{ \ - return name##_known_settable_ctx_params; \ -} + while (len >= MAXCHUNK) { \ + FUNC_PREFIX##_encrypt(in, out, MAXCHUNK, key, ctx->iv, ctx->enc); \ + len -= MAXCHUNK; \ + in += MAXCHUNK; \ + out += MAXCHUNK; \ + } \ + if (len > 0) \ + FUNC_PREFIX##_encrypt(in, out, (long)len, key, ctx->iv, ctx->enc); \ + return 1; \ + } + +#define IMPLEMENT_CIPHER_HW_CFB(MODE, NAME, CTX_NAME, KEY_NAME, FUNC_PREFIX) \ + static int cipher_hw_##NAME##_##MODE##_cipher(PROV_CIPHER_CTX *ctx, \ + unsigned char *out, \ + const unsigned char *in, size_t len) \ + { \ + size_t chunk = MAXCHUNK; \ + KEY_NAME *key = &(((CTX_NAME *)ctx)->ks.ks); \ + int num = ctx->num; \ + \ + if (len < chunk) \ + chunk = len; \ + while (len > 0 && len >= chunk) { \ + FUNC_PREFIX##_encrypt(in, out, (long)chunk, key, ctx->iv, &num, \ + ctx->enc); \ + len -= chunk; \ + in += chunk; \ + out += chunk; \ + if (len < chunk) \ + chunk = len; \ + } \ + ctx->num = num; \ + return 1; \ + } + +#define IMPLEMENT_CIPHER_HW_COPYCTX(name, CTX_TYPE) \ + static void name(PROV_CIPHER_CTX *dst, const PROV_CIPHER_CTX *src) \ + { \ + CTX_TYPE *sctx = (CTX_TYPE *)src; \ + CTX_TYPE *dctx = (CTX_TYPE *)dst; \ + \ + *dctx = *sctx; \ + dst->ks = &dctx->ks.ks; \ + } + +#define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(name) \ + static const OSSL_PARAM name##_known_gettable_ctx_params[] = { \ + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), \ + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), \ + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), \ + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), \ + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), \ + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0), + +#define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(name) \ + OSSL_PARAM_END \ + } \ + ; \ + const OSSL_PARAM *name##_gettable_ctx_params(ossl_unused void *cctx, \ + ossl_unused void *provctx) \ + { \ + return name##_known_gettable_ctx_params; \ + } + +#define CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(name) \ + static const OSSL_PARAM name##_known_settable_ctx_params[] = { \ + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), \ + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), +#define CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(name) \ + OSSL_PARAM_END \ + } \ + ; \ + const OSSL_PARAM *name##_settable_ctx_params(ossl_unused void *cctx, \ + ossl_unused void *provctx) \ + { \ + return name##_known_settable_ctx_params; \ + } int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv, - size_t ivlen); + size_t ivlen); size_t ossl_cipher_fillblock(unsigned char *buf, size_t *buflen, - size_t blocksize, - const unsigned char **in, size_t *inlen); + size_t blocksize, + const unsigned char **in, size_t *inlen); int ossl_cipher_trailingdata(unsigned char *buf, size_t *buflen, - size_t blocksize, - const unsigned char **in, size_t *inlen); + size_t blocksize, + const unsigned char **in, size_t *inlen); --- crypto/openssl/providers/implementations/include/prov/ciphercommon_aead.h.orig +++ crypto/openssl/providers/implementations/include/prov/ciphercommon_aead.h @@ -11,42 +11,42 @@ #define AEAD_FLAGS (PROV_CIPHER_FLAG_AEAD | PROV_CIPHER_FLAG_CUSTOM_IV) -#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ -static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ -static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ -} \ -static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx; \ -static void * alg##kbits##lc##_newctx(void *provctx) \ -{ \ - return alg##_##lc##_newctx(provctx, kbits); \ -} \ -static void * alg##kbits##lc##_dupctx(void *src) \ -{ \ - return alg##_##lc##_dupctx(src); \ -} \ -const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##kbits##lc##_dupctx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_##lc##_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_##lc##_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_##lc##_stream_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_##lc##_stream_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_##lc##_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_##kbits##_##lc##_get_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void)) ossl_##lc##_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void)) ossl_##lc##_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))ossl_cipher_generic_gettable_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_aead_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))ossl_cipher_aead_settable_ctx_params }, \ - { 0, NULL } \ -} +#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ + static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ + static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ + } \ + static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx; \ + static void *alg##kbits##lc##_newctx(void *provctx) \ + { \ + return alg##_##lc##_newctx(provctx, kbits); \ + } \ + static void *alg##kbits##lc##_dupctx(void *src) \ + { \ + return alg##_##lc##_dupctx(src); \ + } \ + const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##kbits##lc##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_##lc##_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_##lc##_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_##lc##_stream_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))ossl_##lc##_stream_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_##lc##_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void))alg##_##kbits##_##lc##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))ossl_##lc##_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))ossl_##lc##_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))ossl_cipher_generic_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_aead_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))ossl_cipher_aead_settable_ctx_params }, \ + { 0, NULL } \ + } --- crypto/openssl/providers/implementations/include/prov/ciphercommon_ccm.h.orig +++ crypto/openssl/providers/implementations/include/prov/ciphercommon_ccm.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,41 +29,28 @@ /* Base structure that is shared by AES & ARIA for CCM MODE */ typedef struct prov_ccm_st { unsigned int enc : 1; - unsigned int key_set : 1; /* Set if key initialised */ - unsigned int iv_set : 1; /* Set if an iv is set */ - unsigned int tag_set : 1; /* Set if tag is valid */ - unsigned int len_set : 1; /* Set if message length set */ - size_t l, m; /* L and M parameters from RFC3610 */ + unsigned int key_set : 1; /* Set if key initialised */ + unsigned int iv_set : 1; /* Set if an iv is set */ + unsigned int tag_set : 1; /* Set if tag is valid */ + unsigned int len_set : 1; /* Set if message length set */ + size_t l, m; /* L and M parameters from RFC3610 */ size_t keylen; - size_t tls_aad_len; /* TLS AAD length */ + size_t tls_aad_len; /* TLS AAD length */ size_t tls_aad_pad_sz; unsigned char iv[GENERIC_BLOCK_SIZE]; unsigned char buf[GENERIC_BLOCK_SIZE]; CCM128_CONTEXT ccm_ctx; ccm128_f str; - const PROV_CCM_HW *hw; /* hardware specific methods */ + const PROV_CCM_HW *hw; /* hardware specific methods */ } PROV_CCM_CTX; -PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, \ - size_t *padlen, const unsigned char *in, \ - size_t len)); -PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, \ - const unsigned char *key, size_t keylen)); -PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, \ - const unsigned char *iv, size_t ivlen, \ - size_t mlen)); -PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, \ - const unsigned char *aad, size_t aadlen)); -PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, \ - const unsigned char *in, \ - unsigned char *out, size_t len, \ - unsigned char *tag, size_t taglen)); -PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, \ - const unsigned char *in, \ - unsigned char *out, size_t len, \ - unsigned char *tag, size_t taglen)); -PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, \ - unsigned char *tag, size_t taglen)); +PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len)); +PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, const unsigned char *key, size_t keylen)); +PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, const unsigned char *iv, size_t ivlen, size_t mlen)); +PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, const unsigned char *aad, size_t aadlen)); +PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen)); +PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen)); +PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, unsigned char *tag, size_t taglen)); /* * CCM Mode internal method table used to handle hardware specific differences, @@ -88,13 +75,13 @@ void ossl_ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw); int ossl_ccm_generic_setiv(PROV_CCM_CTX *ctx, const unsigned char *nonce, - size_t nlen, size_t mlen); + size_t nlen, size_t mlen); int ossl_ccm_generic_setaad(PROV_CCM_CTX *ctx, const unsigned char *aad, - size_t alen); + size_t alen); int ossl_ccm_generic_gettag(PROV_CCM_CTX *ctx, unsigned char *tag, size_t tlen); int ossl_ccm_generic_auth_encrypt(PROV_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, - unsigned char *tag, size_t taglen); + unsigned char *out, size_t len, + unsigned char *tag, size_t taglen); int ossl_ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, - unsigned char *expected_tag, size_t taglen); + unsigned char *out, size_t len, + unsigned char *expected_tag, size_t taglen); --- crypto/openssl/providers/implementations/include/prov/ciphercommon_gcm.h.orig +++ crypto/openssl/providers/implementations/include/prov/ciphercommon_gcm.h @@ -1,6 +1,6 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,8 +14,8 @@ typedef struct prov_gcm_hw_st PROV_GCM_HW; #define GCM_IV_DEFAULT_SIZE 12 /* IV's for AES_GCM should normally be 12 bytes */ -#define GCM_IV_MAX_SIZE (1024 / 8) -#define GCM_TAG_MAX_SIZE 16 +#define GCM_IV_MAX_SIZE (1024 / 8) +#define GCM_TAG_MAX_SIZE 16 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) /*- @@ -38,67 +38,59 @@ union { unsigned long long g[2]; unsigned int w[4]; - } j0; /* initial counter value */ - unsigned char k[32]; /* key */ + } j0; /* initial counter value */ + unsigned char k[32]; /* key */ } S390X_KMA_PARAMS; #endif typedef struct prov_gcm_ctx_st { - unsigned int mode; /* The mode that we are using */ + unsigned int mode; /* The mode that we are using */ size_t keylen; size_t ivlen; size_t taglen; size_t tls_aad_pad_sz; - size_t tls_aad_len; /* TLS AAD length */ - uint64_t tls_enc_records; /* Number of TLS records encrypted */ + size_t tls_aad_len; /* TLS AAD length */ + uint64_t tls_enc_records; /* Number of TLS records encrypted */ /* * num contains the number of bytes of |iv| which are valid for modes that * manage partial blocks themselves. */ size_t num; - size_t bufsz; /* Number of bytes in buf */ + size_t bufsz; /* Number of bytes in buf */ uint64_t flags; - unsigned int iv_state; /* set to one of IV_STATE_XXX */ - unsigned int enc:1; /* Set to 1 if we are encrypting or 0 otherwise */ - unsigned int pad:1; /* Whether padding should be used or not */ - unsigned int key_set:1; /* Set if key initialised */ - unsigned int iv_gen_rand:1; /* No IV was specified, so generate a rand IV */ - unsigned int iv_gen:1; /* It is OK to generate IVs */ + unsigned int iv_state; /* set to one of IV_STATE_XXX */ + unsigned int enc : 1; /* Set to 1 if we are encrypting or 0 otherwise */ + unsigned int pad : 1; /* Whether padding should be used or not */ + unsigned int key_set : 1; /* Set if key initialised */ + unsigned int iv_gen_rand : 1; /* No IV was specified, so generate a rand IV */ + unsigned int iv_gen : 1; /* It is OK to generate IVs */ unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */ unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */ - OSSL_LIB_CTX *libctx; /* needed for rand calls */ - const PROV_GCM_HW *hw; /* hardware specific methods */ + OSSL_LIB_CTX *libctx; /* needed for rand calls */ + const PROV_GCM_HW *hw; /* hardware specific methods */ GCM128_CONTEXT gcm; ctr128_f ctr; const void *ks; } PROV_GCM_CTX; -PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key, - size_t keylen)); -PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv, - size_t ivlen)); -PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx, - const unsigned char *aad, size_t aadlen)); -PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx, - const unsigned char *in, size_t len, - unsigned char *out)); +PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key, size_t keylen)); +PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv, size_t ivlen)); +PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx, const unsigned char *aad, size_t aadlen)); +PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx, const unsigned char *in, size_t len, unsigned char *out)); PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag)); -PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad, - size_t aad_len, const unsigned char *in, - size_t in_len, unsigned char *out, - unsigned char *tag, size_t taglen)); +PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen)); struct prov_gcm_hw_st { - OSSL_GCM_setkey_fn setkey; - OSSL_GCM_setiv_fn setiv; - OSSL_GCM_aadupdate_fn aadupdate; - OSSL_GCM_cipherupdate_fn cipherupdate; - OSSL_GCM_cipherfinal_fn cipherfinal; - OSSL_GCM_oneshot_fn oneshot; + OSSL_GCM_setkey_fn setkey; + OSSL_GCM_setiv_fn setiv; + OSSL_GCM_aadupdate_fn aadupdate; + OSSL_GCM_cipherupdate_fn cipherupdate; + OSSL_GCM_cipherfinal_fn cipherfinal; + OSSL_GCM_oneshot_fn oneshot; }; OSSL_FUNC_cipher_encrypt_init_fn ossl_gcm_einit; @@ -109,21 +101,21 @@ OSSL_FUNC_cipher_update_fn ossl_gcm_stream_update; OSSL_FUNC_cipher_final_fn ossl_gcm_stream_final; void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, - const PROV_GCM_HW *hw); + const PROV_GCM_HW *hw); int ossl_gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen); int ossl_gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad, - size_t aad_len); + size_t aad_len); int ossl_gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag); int ossl_gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, - const unsigned char *in, size_t in_len, - unsigned char *out, unsigned char *tag, size_t tag_len); + const unsigned char *in, size_t in_len, + unsigned char *out, unsigned char *tag, size_t tag_len); int ossl_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, - size_t len, unsigned char *out); + size_t len, unsigned char *out); -#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \ - ctx->ks = ks; \ - fn_set_enc_key(key, keylen * 8, ks); \ - CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \ - ctx->ctr = (ctr128_f)fn_ctr; \ +#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \ + ctx->ks = ks; \ + fn_set_enc_key(key, keylen * 8, ks); \ + CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \ + ctx->ctr = (ctr128_f)fn_ctr; \ ctx->key_set = 1; --- crypto/openssl/providers/implementations/include/prov/digestcommon.h.orig +++ crypto/openssl/providers/implementations/include/prov/digestcommon.h @@ -8,119 +8,123 @@ */ #ifndef OSSL_PROVIDERS_DIGESTCOMMON_H -# define OSSL_PROVIDERS_DIGESTCOMMON_H +#define OSSL_PROVIDERS_DIGESTCOMMON_H -# include -# include -# include -# include "prov/providercommon.h" +#include +#include +#include +#include "prov/providercommon.h" /* Internal flags that can be queried */ -#define PROV_DIGEST_FLAG_XOF 0x0001 -#define PROV_DIGEST_FLAG_ALGID_ABSENT 0x0002 +#define PROV_DIGEST_FLAG_XOF 0x0001 +#define PROV_DIGEST_FLAG_ALGID_ABSENT 0x0002 -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif -#define PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ -static OSSL_FUNC_digest_get_params_fn name##_get_params; \ -static int name##_get_params(OSSL_PARAM params[]) \ -{ \ - return ossl_digest_default_get_params(params, blksize, dgstsize, flags); \ -} - -#define PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) \ -{ OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))name##_get_params }, \ -{ OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \ - (void (*)(void))ossl_digest_default_gettable_params } +#define PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ + static OSSL_FUNC_digest_get_params_fn name##_get_params; \ + static int name##_get_params(OSSL_PARAM params[]) \ + { \ + return ossl_digest_default_get_params(params, blksize, dgstsize, flags); \ + } -# define PROV_FUNC_DIGEST_FINAL(name, dgstsize, fin) \ -static OSSL_FUNC_digest_final_fn name##_internal_final; \ -static int name##_internal_final(void *ctx, unsigned char *out, size_t *outl, \ - size_t outsz) \ -{ \ - if (ossl_prov_is_running() && outsz >= dgstsize && fin(out, ctx)) { \ - *outl = dgstsize; \ - return 1; \ - } \ - return 0; \ -} +#define PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) \ + { OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))name##_get_params }, \ + { \ + OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \ + (void (*)(void))ossl_digest_default_gettable_params \ + } -# define PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START( \ - name, CTX, blksize, dgstsize, flags, upd, fin) \ -static OSSL_FUNC_digest_newctx_fn name##_newctx; \ -static OSSL_FUNC_digest_freectx_fn name##_freectx; \ -static OSSL_FUNC_digest_dupctx_fn name##_dupctx; \ -static void *name##_newctx(void *prov_ctx) \ -{ \ - CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) : NULL; \ - return ctx; \ -} \ -static void name##_freectx(void *vctx) \ -{ \ - CTX *ctx = (CTX *)vctx; \ - OPENSSL_clear_free(ctx, sizeof(*ctx)); \ -} \ -static void *name##_dupctx(void *ctx) \ -{ \ - CTX *in = (CTX *)ctx; \ - CTX *ret = ossl_prov_is_running() ? OPENSSL_malloc(sizeof(*ret)) : NULL; \ - if (ret != NULL) \ - *ret = *in; \ - return ret; \ -} \ -PROV_FUNC_DIGEST_FINAL(name, dgstsize, fin) \ -PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ -const OSSL_DISPATCH ossl_##name##_functions[] = { \ - { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ - { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))upd }, \ - { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))name##_internal_final }, \ - { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))name##_freectx }, \ - { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))name##_dupctx }, \ - PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) +#define PROV_FUNC_DIGEST_FINAL(name, dgstsize, fin) \ + static OSSL_FUNC_digest_final_fn name##_internal_final; \ + static int name##_internal_final(void *ctx, unsigned char *out, size_t *outl, \ + size_t outsz) \ + { \ + if (ossl_prov_is_running() && outsz >= dgstsize && fin(out, ctx)) { \ + *outl = dgstsize; \ + return 1; \ + } \ + return 0; \ + } -# define PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END \ - { 0, NULL } \ -}; +#define PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START( \ + name, CTX, blksize, dgstsize, flags, upd, fin) \ + static OSSL_FUNC_digest_newctx_fn name##_newctx; \ + static OSSL_FUNC_digest_freectx_fn name##_freectx; \ + static OSSL_FUNC_digest_dupctx_fn name##_dupctx; \ + static void *name##_newctx(void *prov_ctx) \ + { \ + CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx)) : NULL; \ + return ctx; \ + } \ + static void name##_freectx(void *vctx) \ + { \ + CTX *ctx = (CTX *)vctx; \ + OPENSSL_clear_free(ctx, sizeof(*ctx)); \ + } \ + static void *name##_dupctx(void *ctx) \ + { \ + CTX *in = (CTX *)ctx; \ + CTX *ret = ossl_prov_is_running() ? OPENSSL_malloc(sizeof(*ret)) : NULL; \ + if (ret != NULL) \ + *ret = *in; \ + return ret; \ + } \ + PROV_FUNC_DIGEST_FINAL(name, dgstsize, fin) \ + PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ + const OSSL_DISPATCH ossl_##name##_functions[] = { \ + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))upd }, \ + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))name##_internal_final }, \ + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))name##_freectx }, \ + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))name##_dupctx }, \ + PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) -# define IMPLEMENT_digest_functions( \ - name, CTX, blksize, dgstsize, flags, init, upd, fin) \ -static OSSL_FUNC_digest_init_fn name##_internal_init; \ -static int name##_internal_init(void *ctx, \ - ossl_unused const OSSL_PARAM params[]) \ -{ \ - return ossl_prov_is_running() && init(ctx); \ -} \ -PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, flags, \ - upd, fin), \ - { OSSL_FUNC_DIGEST_INIT, (void (*)(void))name##_internal_init }, \ -PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END +#define PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END \ + { \ + 0, NULL \ + } \ + } \ + ; -# define IMPLEMENT_digest_functions_with_settable_ctx( \ - name, CTX, blksize, dgstsize, flags, init, upd, fin, \ - settable_ctx_params, set_ctx_params) \ -static OSSL_FUNC_digest_init_fn name##_internal_init; \ -static int name##_internal_init(void *ctx, const OSSL_PARAM params[]) \ -{ \ - return ossl_prov_is_running() \ - && init(ctx) \ - && set_ctx_params(ctx, params); \ -} \ -PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, flags, \ - upd, fin), \ - { OSSL_FUNC_DIGEST_INIT, (void (*)(void))name##_internal_init }, \ - { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, (void (*)(void))settable_ctx_params }, \ - { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))set_ctx_params }, \ -PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END +#define IMPLEMENT_digest_functions( \ + name, CTX, blksize, dgstsize, flags, init, upd, fin) \ + static OSSL_FUNC_digest_init_fn name##_internal_init; \ + static int name##_internal_init(void *ctx, \ + ossl_unused const OSSL_PARAM params[]) \ + { \ + return ossl_prov_is_running() && init(ctx); \ + } \ + PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, flags, \ + upd, fin), \ + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))name##_internal_init }, \ + PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END +#define IMPLEMENT_digest_functions_with_settable_ctx( \ + name, CTX, blksize, dgstsize, flags, init, upd, fin, \ + settable_ctx_params, set_ctx_params) \ + static OSSL_FUNC_digest_init_fn name##_internal_init; \ + static int name##_internal_init(void *ctx, const OSSL_PARAM params[]) \ + { \ + return ossl_prov_is_running() \ + && init(ctx) \ + && set_ctx_params(ctx, params); \ + } \ + PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, flags, \ + upd, fin), \ + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))name##_internal_init }, \ + { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, (void (*)(void))settable_ctx_params }, \ + { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))set_ctx_params }, \ + PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END const OSSL_PARAM *ossl_digest_default_gettable_params(void *provctx); int ossl_digest_default_get_params(OSSL_PARAM params[], size_t blksz, - size_t paramsz, unsigned long flags); + size_t paramsz, unsigned long flags); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif /* OSSL_PROVIDERS_DIGESTCOMMON_H */ --- crypto/openssl/providers/implementations/include/prov/implementations.h.orig +++ crypto/openssl/providers/implementations/include/prov/implementations.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -197,7 +197,7 @@ #ifndef OPENSSL_NO_DES extern const OSSL_DISPATCH ossl_tdes_ede3_ecb_functions[]; extern const OSSL_DISPATCH ossl_tdes_ede3_cbc_functions[]; -# ifndef FIPS_MODULE +#ifndef FIPS_MODULE extern const OSSL_DISPATCH ossl_tdes_ede3_ofb_functions[]; extern const OSSL_DISPATCH ossl_tdes_ede3_cfb_functions[]; extern const OSSL_DISPATCH ossl_tdes_ede3_cfb8_functions[]; @@ -217,24 +217,23 @@ extern const OSSL_DISPATCH ossl_des_cfb64_functions[]; extern const OSSL_DISPATCH ossl_des_cfb1_functions[]; extern const OSSL_DISPATCH ossl_des_cfb8_functions[]; -# endif /* FIPS_MODULE */ +#endif /* FIPS_MODULE */ #endif /* OPENSSL_NO_DES */ #ifndef OPENSSL_NO_RC4 extern const OSSL_DISPATCH ossl_rc440_functions[]; extern const OSSL_DISPATCH ossl_rc4128_functions[]; -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 extern const OSSL_DISPATCH ossl_rc4_hmac_ossl_md5_functions[]; -# endif /* OPENSSL_NO_MD5 */ +#endif /* OPENSSL_NO_MD5 */ #endif /* OPENSSL_NO_RC4 */ #ifndef OPENSSL_NO_CHACHA extern const OSSL_DISPATCH ossl_chacha20_functions[]; -# ifndef OPENSSL_NO_POLY1305 +#ifndef OPENSSL_NO_POLY1305 extern const OSSL_DISPATCH ossl_chacha20_ossl_poly1305_functions[]; -# endif /* OPENSSL_NO_POLY1305 */ +#endif /* OPENSSL_NO_POLY1305 */ #endif /* OPENSSL_NO_CHACHA */ - #ifndef OPENSSL_NO_SIV extern const OSSL_DISPATCH ossl_aes128siv_functions[]; extern const OSSL_DISPATCH ossl_aes192siv_functions[]; @@ -498,6 +497,7 @@ #ifndef OPENSSL_NO_SM2 extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_sm2_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_sm2_decoder_functions[]; +extern const OSSL_DISPATCH ossl_type_specific_no_pub_der_to_sm2_decoder_functions[]; #endif extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_rsa_decoder_functions[]; --- crypto/openssl/providers/implementations/include/prov/md5_sha1.h.orig +++ crypto/openssl/providers/implementations/include/prov/md5_sha1.h @@ -8,18 +8,18 @@ */ #ifndef OSSL_PROV_MD5_SHA1_H -# define OSSL_PROV_MD5_SHA1_H +#define OSSL_PROV_MD5_SHA1_H -# include +#include -# ifndef OPENSSL_NO_MD5 -# include -# include -# include -# include +#ifndef OPENSSL_NO_MD5 +#include +#include +#include +#include -# define MD5_SHA1_DIGEST_LENGTH (MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH) -# define MD5_SHA1_CBLOCK MD5_CBLOCK +#define MD5_SHA1_DIGEST_LENGTH (MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH) +#define MD5_SHA1_CBLOCK MD5_CBLOCK typedef struct md5_sha1_st { MD5_CTX md5; @@ -31,6 +31,6 @@ int ossl_md5_sha1_final(unsigned char *md, MD5_SHA1_CTX *mctx); int ossl_md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms); -# endif /* OPENSSL_NO_MD5 */ +#endif /* OPENSSL_NO_MD5 */ #endif /* OSSL_PROV_MD5_SHA1_H */ --- crypto/openssl/providers/implementations/include/prov/names.h.orig +++ crypto/openssl/providers/implementations/include/prov/names.h @@ -223,7 +223,7 @@ #define PROV_NAMES_SHAKE_256 "SHAKE-256:SHAKE256:2.16.840.1.101.3.4.2.12" /* - * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for + * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for * KMAC128 and KMAC256. */ #define PROV_NAMES_KECCAK_KMAC_128 "KECCAK-KMAC-128:KECCAK-KMAC128" --- crypto/openssl/providers/implementations/include/prov/seeding.h.orig +++ crypto/openssl/providers/implementations/include/prov/seeding.h @@ -31,11 +31,11 @@ int ossl_prov_seeding_from_dispatch(const OSSL_DISPATCH *fns); size_t ossl_prov_get_entropy(PROV_CTX *prov_ctx, unsigned char **pout, - int entropy, size_t min_len, size_t max_len); + int entropy, size_t min_len, size_t max_len); void ossl_prov_cleanup_entropy(PROV_CTX *prov_ctx, unsigned char *buf, - size_t len); + size_t len); size_t ossl_prov_get_nonce(PROV_CTX *prov_ctx, unsigned char **pout, - size_t min_len, size_t max_len, - const void *salt, size_t salt_len); + size_t min_len, size_t max_len, + const void *salt, size_t salt_len); void ossl_prov_cleanup_nonce(PROV_CTX *prov_ctx, unsigned char *buf, - size_t len); + size_t len); --- crypto/openssl/providers/implementations/kdfs/hkdf.c.orig +++ crypto/openssl/providers/implementations/kdfs/hkdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ #include "e_os.h" #define HKDF_MAXBUF 2048 -#define HKDF_MAXINFO (32*1024) +#define HKDF_MAXINFO (32 * 1024) static OSSL_FUNC_kdf_newctx_fn kdf_hkdf_new; static OSSL_FUNC_kdf_freectx_fn kdf_hkdf_free; @@ -47,26 +47,26 @@ static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params; static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *key, size_t key_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len); + const unsigned char *salt, size_t salt_len, + const unsigned char *key, size_t key_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len); static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk, size_t prk_len); + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *prk, size_t prk_len); static int HKDF_Expand(const EVP_MD *evp_md, - const unsigned char *prk, size_t prk_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len); + const unsigned char *prk, size_t prk_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len); /* Settable context parameters that are common across HKDF and the TLS KDF */ -#define HKDF_COMMON_SETTABLES \ - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), \ - OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL), \ - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), \ - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), \ - OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), \ +#define HKDF_COMMON_SETTABLES \ + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), \ + OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL), \ + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), \ + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), \ OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0) typedef struct { @@ -147,7 +147,7 @@ } static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); @@ -174,15 +174,15 @@ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: default: return HKDF(libctx, md, ctx->salt, ctx->salt_len, - ctx->key, ctx->key_len, ctx->info, ctx->info_len, key, keylen); + ctx->key, ctx->key_len, ctx->info, ctx->info_len, key, keylen); case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: return HKDF_Extract(libctx, md, ctx->salt, ctx->salt_len, - ctx->key, ctx->key_len, key, keylen); + ctx->key, ctx->key_len, key, keylen); case EVP_KDF_HKDF_MODE_EXPAND_ONLY: return HKDF_Expand(md, ctx->key, ctx->key_len, ctx->info, - ctx->info_len, key, keylen); + ctx->info_len, key, keylen); } } @@ -228,18 +228,16 @@ OPENSSL_clear_free(ctx->key, ctx->key_len); ctx->key = NULL; if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->key, 0, - &ctx->key_len)) + &ctx->key_len)) return 0; } if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { - if (p->data_size != 0 && p->data != NULL) { - OPENSSL_free(ctx->salt); - ctx->salt = NULL; - if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->salt, 0, - &ctx->salt_len)) - return 0; - } + OPENSSL_free(ctx->salt); + ctx->salt = NULL; + if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->salt, 0, + &ctx->salt_len)) + return 0; } return 1; @@ -267,12 +265,12 @@ if (p->data_type != OSSL_PARAM_OCTET_STRING) goto err; if (p->data != NULL - && p->data_size != 0 - && !WPACKET_memcpy(&pkt, p->data, p->data_size)) + && p->data_size != 0 + && !WPACKET_memcpy(&pkt, p->data, p->data_size)) goto err; } if (!WPACKET_get_total_written(&pkt, outlen) - || !WPACKET_finish(&pkt)) + || !WPACKET_finish(&pkt)) goto err; ret = 1; err: @@ -318,7 +316,7 @@ } static const OSSL_PARAM *kdf_hkdf_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { HKDF_COMMON_SETTABLES, @@ -351,7 +349,7 @@ } static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -362,16 +360,16 @@ } const OSSL_DISPATCH ossl_kdf_hkdf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_hkdf_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kdf_hkdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kdf_hkdf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kdf_hkdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kdf_hkdf_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kdf_hkdf_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_hkdf_set_ctx_params }, + (void (*)(void))kdf_hkdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))kdf_hkdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kdf_hkdf_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_hkdf_get_ctx_params }, + (void (*)(void))kdf_hkdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))kdf_hkdf_get_ctx_params }, { 0, NULL } }; @@ -401,10 +399,10 @@ * HKDF-Expand(PRK, info, L) -> OKM */ static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len) + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len) { unsigned char prk[EVP_MAX_MD_SIZE]; int ret, sz; @@ -417,7 +415,7 @@ /* Step 1: HKDF-Extract(salt, IKM) -> PRK */ if (!HKDF_Extract(libctx, evp_md, - salt, salt_len, ikm, ikm_len, prk, prk_len)) + salt, salt_len, ikm, ikm_len, prk, prk_len)) return 0; /* Step 2: HKDF-Expand(PRK, info, L) -> OKM */ @@ -452,9 +450,9 @@ * PRK = HMAC-Hash(salt, IKM) */ static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk, size_t prk_len) + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *prk, size_t prk_len) { int sz = EVP_MD_get_size(evp_md); @@ -465,9 +463,8 @@ return 0; } /* calc: PRK = HMAC-Hash(salt, IKM) */ - return - EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt, - salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL) + return EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt, + salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL) != NULL; } @@ -511,9 +508,9 @@ * single octet.) */ static int HKDF_Expand(const EVP_MD *evp_md, - const unsigned char *prk, size_t prk_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len) + const unsigned char *prk, size_t prk_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len) { HMAC_CTX *hmac; int ret = 0, sz; @@ -562,9 +559,7 @@ if (!HMAC_Final(hmac, prev, NULL)) goto err; - copy_len = (dig_len > okm_len - done_len) ? - okm_len - done_len : - dig_len; + copy_len = (dig_len > okm_len - done_len) ? okm_len - done_len : dig_len; memcpy(okm + done_len, prev, copy_len); @@ -572,7 +567,7 @@ } ret = 1; - err: +err: OPENSSL_cleanse(prev, sizeof(prev)); HMAC_CTX_free(hmac); return ret; @@ -591,11 +586,11 @@ * The |data| value may be zero length. Returns 1 on success and 0 on failure. */ static int prov_tls13_hkdf_expand(const EVP_MD *md, - const unsigned char *key, size_t keylen, - const unsigned char *prefix, size_t prefixlen, - const unsigned char *label, size_t labellen, - const unsigned char *data, size_t datalen, - unsigned char *out, size_t outlen) + const unsigned char *key, size_t keylen, + const unsigned char *prefix, size_t prefixlen, + const unsigned char *label, size_t labellen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outlen) { size_t hkdflabellen; unsigned char hkdflabel[HKDF_MAXBUF]; @@ -608,33 +603,33 @@ * which should always be sufficient. */ if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0) - || !WPACKET_put_bytes_u16(&pkt, outlen) - || !WPACKET_start_sub_packet_u8(&pkt) - || !WPACKET_memcpy(&pkt, prefix, prefixlen) - || !WPACKET_memcpy(&pkt, label, labellen) - || !WPACKET_close(&pkt) - || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) - || !WPACKET_get_total_written(&pkt, &hkdflabellen) - || !WPACKET_finish(&pkt)) { + || !WPACKET_put_bytes_u16(&pkt, outlen) + || !WPACKET_start_sub_packet_u8(&pkt) + || !WPACKET_memcpy(&pkt, prefix, prefixlen) + || !WPACKET_memcpy(&pkt, label, labellen) + || !WPACKET_close(&pkt) + || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) + || !WPACKET_get_total_written(&pkt, &hkdflabellen) + || !WPACKET_finish(&pkt)) { WPACKET_cleanup(&pkt); return 0; } return HKDF_Expand(md, key, keylen, hkdflabel, hkdflabellen, - out, outlen); + out, outlen); } static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, - const EVP_MD *md, - const unsigned char *prevsecret, - size_t prevsecretlen, - const unsigned char *insecret, - size_t insecretlen, - const unsigned char *prefix, - size_t prefixlen, - const unsigned char *label, - size_t labellen, - unsigned char *out, size_t outlen) + const EVP_MD *md, + const unsigned char *prevsecret, + size_t prevsecretlen, + const unsigned char *insecret, + size_t insecretlen, + const unsigned char *prefix, + size_t prefixlen, + const unsigned char *label, + size_t labellen, + unsigned char *out, size_t outlen) { size_t mdlen; int ret; @@ -661,8 +656,8 @@ /* The pre-extract derive step uses a hash of no messages */ if (mctx == NULL - || EVP_DigestInit_ex(mctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + || EVP_DigestInit_ex(mctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { EVP_MD_CTX_free(mctx); return 0; } @@ -670,15 +665,15 @@ /* Generate the pre-extract secret */ if (!prov_tls13_hkdf_expand(md, prevsecret, prevsecretlen, - prefix, prefixlen, label, labellen, - hash, mdlen, preextractsec, mdlen)) + prefix, prefixlen, label, labellen, + hash, mdlen, preextractsec, mdlen)) return 0; prevsecret = preextractsec; prevsecretlen = mdlen; } ret = HKDF_Extract(libctx, md, prevsecret, prevsecretlen, - insecret, insecretlen, out, outlen); + insecret, insecretlen, out, outlen); if (prevsecret == preextractsec) OPENSSL_cleanse(preextractsec, mdlen); @@ -686,7 +681,7 @@ } static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; const EVP_MD *md; @@ -706,19 +701,19 @@ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: return prov_tls13_hkdf_generate_secret(PROV_LIBCTX_OF(ctx->provctx), - md, - ctx->salt, ctx->salt_len, - ctx->key, ctx->key_len, - ctx->prefix, ctx->prefix_len, - ctx->label, ctx->label_len, - key, keylen); + md, + ctx->salt, ctx->salt_len, + ctx->key, ctx->key_len, + ctx->prefix, ctx->prefix_len, + ctx->label, ctx->label_len, + key, keylen); case EVP_KDF_HKDF_MODE_EXPAND_ONLY: return prov_tls13_hkdf_expand(md, ctx->key, ctx->key_len, - ctx->prefix, ctx->prefix_len, - ctx->label, ctx->label_len, - ctx->data, ctx->data_len, - key, keylen); + ctx->prefix, ctx->prefix_len, + ctx->label, ctx->label_len, + ctx->data, ctx->data_len, + key, keylen); } } @@ -742,7 +737,7 @@ OPENSSL_free(ctx->prefix); ctx->prefix = NULL; if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->prefix, 0, - &ctx->prefix_len)) + &ctx->prefix_len)) return 0; } @@ -750,21 +745,21 @@ OPENSSL_free(ctx->label); ctx->label = NULL; if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->label, 0, - &ctx->label_len)) + &ctx->label_len)) return 0; } OPENSSL_clear_free(ctx->data, ctx->data_len); ctx->data = NULL; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DATA)) != NULL - && !OSSL_PARAM_get_octet_string(p, (void **)&ctx->data, 0, - &ctx->data_len)) + && !OSSL_PARAM_get_octet_string(p, (void **)&ctx->data, 0, + &ctx->data_len)) return 0; return 1; } static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { HKDF_COMMON_SETTABLES, @@ -777,15 +772,15 @@ } const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_tls1_3_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kdf_hkdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kdf_hkdf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kdf_hkdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kdf_tls1_3_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kdf_tls1_3_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_tls1_3_set_ctx_params }, + (void (*)(void))kdf_tls1_3_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))kdf_tls1_3_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kdf_hkdf_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_hkdf_get_ctx_params }, + (void (*)(void))kdf_hkdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))kdf_hkdf_get_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/kdfs/kbkdf.c.orig +++ crypto/openssl/providers/implementations/kdfs/kbkdf.c @@ -149,10 +149,10 @@ /* SP800-108 section 5.1 or section 5.2 depending on mode. */ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, - size_t iv_len, unsigned char *label, size_t label_len, - unsigned char *context, size_t context_len, - unsigned char *k_i, size_t h, uint32_t l, int has_separator, - unsigned char *ko, size_t ko_len) + size_t iv_len, unsigned char *label, size_t label_len, + unsigned char *context, size_t context_len, + unsigned char *k_i, size_t h, uint32_t l, int has_separator, + unsigned char *ko, size_t ko_len) { int ret = 0; EVP_MAC_CTX *ctx = NULL; @@ -210,7 +210,7 @@ } static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KBKDF *ctx = (KBKDF *)vctx; int ret = 0; @@ -256,8 +256,8 @@ goto done; ret = derive(ctx->ctx_init, ctx->mode, ctx->iv, ctx->iv_len, ctx->label, - ctx->label_len, ctx->context, ctx->context_len, k_i, h, l, - ctx->use_separator, key, keylen); + ctx->label_len, ctx->context, ctx->context_len, k_i, h, l, + ctx->use_separator, key, keylen); done: if (ret != 1) OPENSSL_cleanse(key, keylen); @@ -266,7 +266,7 @@ } static int kbkdf_set_buffer(unsigned char **out, size_t *out_len, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { if (p->data == NULL || p->data_size == 0) return 1; @@ -286,13 +286,13 @@ return 1; if (!ossl_prov_macctx_load_from_params(&ctx->ctx_init, params, NULL, - NULL, NULL, libctx)) + NULL, NULL, libctx)) return 0; else if (ctx->ctx_init != NULL - && !EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), - OSSL_MAC_NAME_HMAC) - && !EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), - OSSL_MAC_NAME_CMAC)) { + && !EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), + OSSL_MAC_NAME_HMAC) + && !EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), + OSSL_MAC_NAME_CMAC)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC); return 0; } @@ -302,7 +302,7 @@ && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { ctx->mode = COUNTER; } else if (p != NULL - && OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) { + && OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) { ctx->mode = FEEDBACK; } else if (p != NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); @@ -335,13 +335,13 @@ /* Set up digest context, if we can. */ if (ctx->ctx_init != NULL && ctx->ki_len != 0 - && !EVP_MAC_init(ctx->ctx_init, ctx->ki, ctx->ki_len, NULL)) - return 0; + && !EVP_MAC_init(ctx->ctx_init, ctx->ki, ctx->ki_len, NULL)) + return 0; return 1; } static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), @@ -373,23 +373,22 @@ } static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { - static const OSSL_PARAM known_gettable_ctx_params[] = - { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END }; + static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END }; return known_gettable_ctx_params; } const OSSL_DISPATCH ossl_kdf_kbkdf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kbkdf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kbkdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kbkdf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kbkdf_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kbkdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kbkdf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kbkdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kbkdf_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kbkdf_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kbkdf_set_ctx_params }, + (void (*)(void))kbkdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))kbkdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kbkdf_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kbkdf_get_ctx_params }, + (void (*)(void))kbkdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))kbkdf_get_ctx_params }, { 0, NULL }, }; --- crypto/openssl/providers/implementations/kdfs/krb5kdf.c.orig +++ crypto/openssl/providers/implementations/kdfs/krb5kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,9 +43,9 @@ static OSSL_FUNC_kdf_get_ctx_params_fn krb5kdf_get_ctx_params; static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine, - const unsigned char *key, size_t key_len, - const unsigned char *constant, size_t constant_len, - unsigned char *okey, size_t okey_len); + const unsigned char *key, size_t key_len, + const unsigned char *constant, size_t constant_len, + unsigned char *okey, size_t okey_len); typedef struct { void *provctx; @@ -94,7 +94,7 @@ } static int krb5kdf_set_membuf(unsigned char **dst, size_t *dst_len, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { OPENSSL_clear_free(*dst, *dst_len); *dst = NULL; @@ -103,7 +103,7 @@ } static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx; const EVP_CIPHER *cipher; @@ -127,8 +127,8 @@ } engine = ossl_prov_cipher_engine(&ctx->cipher); return KRB5KDF(cipher, engine, ctx->key, ctx->key_len, - ctx->constant, ctx->constant_len, - key, keylen); + ctx->constant, ctx->constant_len, + key, keylen); } static int krb5kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -156,7 +156,7 @@ } static const OSSL_PARAM *krb5kdf_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), @@ -187,7 +187,7 @@ } static const OSSL_PARAM *krb5kdf_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -197,18 +197,18 @@ } const OSSL_DISPATCH ossl_kdf_krb5kdf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))krb5kdf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))krb5kdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))krb5kdf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))krb5kdf_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))krb5kdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))krb5kdf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))krb5kdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))krb5kdf_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))krb5kdf_settable_ctx_params }, + (void (*)(void))krb5kdf_settable_ctx_params }, { OSSL_FUNC_KDF_SET_CTX_PARAMS, - (void(*)(void))krb5kdf_set_ctx_params }, + (void (*)(void))krb5kdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))krb5kdf_gettable_ctx_params }, + (void (*)(void))krb5kdf_gettable_ctx_params }, { OSSL_FUNC_KDF_GET_CTX_PARAMS, - (void(*)(void))krb5kdf_get_ctx_params }, + (void (*)(void))krb5kdf_get_ctx_params }, { 0, NULL } }; @@ -233,8 +233,7 @@ } /* fail if keys are such that triple des degrades to single des */ - if (CRYPTO_memcmp(&key[0], &key[8], 8) == 0 || - CRYPTO_memcmp(&key[8], &key[16], 8) == 0) { + if (CRYPTO_memcmp(&key[0], &key[8], 8) == 0 || CRYPTO_memcmp(&key[8], &key[16], 8) == 0) { return 0; } @@ -263,7 +262,7 @@ * finally add carry if any */ static void n_fold(unsigned char *block, unsigned int blocksize, - const unsigned char *constant, size_t constant_len) + const unsigned char *constant, size_t constant_len) { unsigned int tmp, gcd, remainder, lcm, carry; int b, l; @@ -305,9 +304,9 @@ /* rbyte % constant_len gives us the unrotated byte in the * constant buffer, get also the previous byte then * appropriately shift them to get the rotated byte we need */ - tmp = (constant[(rbyte-1) % constant_len] << (8 - rshift) - | constant[rbyte % constant_len] >> rshift) - & 0xff; + tmp = (constant[(rbyte - 1) % constant_len] << (8 - rshift) + | constant[rbyte % constant_len] >> rshift) + & 0xff; /* add with carry to any value placed by previous passes */ tmp += carry + block[b]; block[b] = tmp & 0xff; @@ -324,12 +323,12 @@ } static int cipher_init(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, ENGINE *engine, - const unsigned char *key, size_t key_len) + const EVP_CIPHER *cipher, ENGINE *engine, + const unsigned char *key, size_t key_len) { int klen, ret; - ret = EVP_EncryptInit_ex(ctx, cipher, engine, key, NULL); + ret = EVP_EncryptInit_ex(ctx, cipher, engine, NULL, NULL); if (!ret) goto out; /* set the key len for the odd variable key len cipher */ @@ -341,6 +340,9 @@ goto out; } } + ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL); + if (!ret) + goto out; /* we never want padding, either the length requested is a multiple of * the cipher block size or we are passed a cipher that can cope with * partial blocks via techniques like cipher text stealing */ @@ -353,9 +355,9 @@ } static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine, - const unsigned char *key, size_t key_len, - const unsigned char *constant, size_t constant_len, - unsigned char *okey, size_t okey_len) + const unsigned char *key, size_t key_len, + const unsigned char *constant, size_t constant_len, + unsigned char *okey, size_t okey_len) { EVP_CIPHER_CTX *ctx = NULL; unsigned char block[EVP_MAX_BLOCK_LENGTH * 2]; @@ -372,9 +374,8 @@ #ifndef OPENSSL_NO_DES /* special case for 3des, where the caller may be requesting * the random raw key, instead of the fixed up key */ - if (EVP_CIPHER_get_nid(cipher) == NID_des_ede3_cbc && - key_len == 24 && okey_len == 21) { - des3_no_fixup = 1; + if (EVP_CIPHER_get_nid(cipher) == NID_des_ede3_cbc && key_len == 24 && okey_len == 21) { + des3_no_fixup = 1; } else { #endif ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_OUTPUT_BUFFER_SIZE); @@ -409,7 +410,7 @@ int olen; ret = EVP_EncryptUpdate(ctx, cipherblock, &olen, - plainblock, blocksize); + plainblock, blocksize); if (!ret) goto out; cipherlen = olen; @@ -464,4 +465,3 @@ OPENSSL_cleanse(block, EVP_MAX_BLOCK_LENGTH * 2); return ret; } - --- crypto/openssl/providers/implementations/kdfs/pbkdf1.c.orig +++ crypto/openssl/providers/implementations/kdfs/pbkdf1.c @@ -48,9 +48,9 @@ */ static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t iter, const EVP_MD *md_type, - unsigned char *out, size_t n) + const unsigned char *salt, size_t saltlen, + uint64_t iter, const EVP_MD *md_type, + unsigned char *out, size_t n) { uint64_t i; int mdsize, ret = 0; @@ -137,7 +137,7 @@ } static int kdf_pbkdf1_set_membuf(unsigned char **buffer, size_t *buflen, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { OPENSSL_clear_free(*buffer, *buflen); *buffer = NULL; @@ -156,7 +156,7 @@ } static int kdf_pbkdf1_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_PBKDF1 *ctx = (KDF_PBKDF1 *)vctx; const EVP_MD *md; @@ -176,7 +176,7 @@ md = ossl_prov_digest_md(&ctx->digest); return kdf_pbkdf1_do_derive(ctx->pass, ctx->pass_len, ctx->salt, ctx->salt_len, - ctx->iter, md, key, keylen); + ctx->iter, md, key, keylen); } static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -193,7 +193,7 @@ return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) - if (!kdf_pbkdf1_set_membuf(&ctx->salt, &ctx->salt_len,p)) + if (!kdf_pbkdf1_set_membuf(&ctx->salt, &ctx->salt_len, p)) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ITER)) != NULL) @@ -203,7 +203,7 @@ } static const OSSL_PARAM *kdf_pbkdf1_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), @@ -226,7 +226,7 @@ } static const OSSL_PARAM *kdf_pbkdf1_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -236,15 +236,15 @@ } const OSSL_DISPATCH ossl_kdf_pbkdf1_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_pbkdf1_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_pbkdf1_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_pbkdf1_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_pbkdf1_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kdf_pbkdf1_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kdf_pbkdf1_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kdf_pbkdf1_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kdf_pbkdf1_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kdf_pbkdf1_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_pbkdf1_set_ctx_params }, + (void (*)(void))kdf_pbkdf1_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))kdf_pbkdf1_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kdf_pbkdf1_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_pbkdf1_get_ctx_params }, + (void (*)(void))kdf_pbkdf1_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))kdf_pbkdf1_get_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/kdfs/pbkdf2.c.orig +++ crypto/openssl/providers/implementations/kdfs/pbkdf2.c @@ -31,10 +31,10 @@ #include "pbkdf2.h" /* Constants specified in SP800-132 */ -#define KDF_PBKDF2_MIN_KEY_LEN_BITS 112 +#define KDF_PBKDF2_MIN_KEY_LEN_BITS 112 #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF #define KDF_PBKDF2_MIN_ITERATIONS 1000 -#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) +#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new; static OSSL_FUNC_kdf_freectx_fn kdf_pbkdf2_free; @@ -45,10 +45,10 @@ static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_pbkdf2_gettable_ctx_params; static OSSL_FUNC_kdf_get_ctx_params_fn kdf_pbkdf2_get_ctx_params; -static int pbkdf2_derive(const char *pass, size_t passlen, - const unsigned char *salt, int saltlen, uint64_t iter, - const EVP_MD *digest, unsigned char *key, - size_t keylen, int extra_checks); +static int pbkdf2_derive(const char *pass, size_t passlen, + const unsigned char *salt, int saltlen, uint64_t iter, + const EVP_MD *digest, unsigned char *key, + size_t keylen, int extra_checks); typedef struct { void *provctx; @@ -114,7 +114,7 @@ OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - SN_sha1, 0); + SN_sha1, 0); if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) /* This is an error, but there is no way to indicate such directly */ ossl_prov_digest_reset(&ctx->digest); @@ -123,7 +123,7 @@ } static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { OPENSSL_clear_free(*buffer, *buflen); *buffer = NULL; @@ -142,7 +142,7 @@ } static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; const EVP_MD *md; @@ -162,8 +162,8 @@ md = ossl_prov_digest_md(&ctx->digest); return pbkdf2_derive((char *)ctx->pass, ctx->pass_len, - ctx->salt, ctx->salt_len, ctx->iter, - md, key, keylen, ctx->lower_bound_checks); + ctx->salt, ctx->salt_len, ctx->iter, + md, key, keylen, ctx->lower_bound_checks); } static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -196,7 +196,7 @@ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH); return 0; } - if (!pbkdf2_set_membuf(&ctx->salt, &ctx->salt_len,p)) + if (!pbkdf2_set_membuf(&ctx->salt, &ctx->salt_len, p)) return 0; } @@ -214,7 +214,7 @@ } static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), @@ -238,7 +238,7 @@ } static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -248,16 +248,16 @@ } const OSSL_DISPATCH ossl_kdf_pbkdf2_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_pbkdf2_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_pbkdf2_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_pbkdf2_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_pbkdf2_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kdf_pbkdf2_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kdf_pbkdf2_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kdf_pbkdf2_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kdf_pbkdf2_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kdf_pbkdf2_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_pbkdf2_set_ctx_params }, + (void (*)(void))kdf_pbkdf2_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))kdf_pbkdf2_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kdf_pbkdf2_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_pbkdf2_get_ctx_params }, + (void (*)(void))kdf_pbkdf2_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))kdf_pbkdf2_get_ctx_params }, { 0, NULL } }; @@ -272,9 +272,9 @@ * - Randomly-generated portion of the salt shall be at least 128 bits. */ static int pbkdf2_derive(const char *pass, size_t passlen, - const unsigned char *salt, int saltlen, uint64_t iter, - const EVP_MD *digest, unsigned char *key, - size_t keylen, int lower_bound_checks) + const unsigned char *salt, int saltlen, uint64_t iter, + const EVP_MD *digest, unsigned char *key, + size_t keylen, int lower_bound_checks) { int ret = 0; unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; @@ -337,15 +337,15 @@ if (!HMAC_CTX_copy(hctx, hctx_tpl)) goto err; if (!HMAC_Update(hctx, salt, saltlen) - || !HMAC_Update(hctx, itmp, 4) - || !HMAC_Final(hctx, digtmp, NULL)) + || !HMAC_Update(hctx, itmp, 4) + || !HMAC_Final(hctx, digtmp, NULL)) goto err; memcpy(p, digtmp, cplen); for (j = 1; j < iter; j++) { if (!HMAC_CTX_copy(hctx, hctx_tpl)) goto err; if (!HMAC_Update(hctx, digtmp, mdlen) - || !HMAC_Final(hctx, digtmp, NULL)) + || !HMAC_Final(hctx, digtmp, NULL)) goto err; for (k = 0; k < cplen; k++) p[k] ^= digtmp[k]; --- crypto/openssl/providers/implementations/kdfs/pkcs12kdf.c.orig +++ crypto/openssl/providers/implementations/kdfs/pkcs12kdf.c @@ -46,9 +46,9 @@ /* PKCS12 compatible key/IV generation */ static int pkcs12kdf_derive(const unsigned char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - int id, uint64_t iter, const EVP_MD *md_type, - unsigned char *out, size_t n) + const unsigned char *salt, size_t saltlen, + int id, uint64_t iter, const EVP_MD *md_type, + unsigned char *out, size_t n) { unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL; size_t Slen, Plen, Ilen; @@ -126,7 +126,7 @@ } } - end: +end: OPENSSL_free(Ai); OPENSSL_free(B); OPENSSL_free(D); @@ -179,7 +179,7 @@ } static int pkcs12kdf_set_membuf(unsigned char **buffer, size_t *buflen, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { OPENSSL_clear_free(*buffer, *buflen); *buffer = NULL; @@ -198,7 +198,7 @@ } static int kdf_pkcs12_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_PKCS12 *ctx = (KDF_PKCS12 *)vctx; const EVP_MD *md; @@ -218,7 +218,7 @@ md = ossl_prov_digest_md(&ctx->digest); return pkcs12kdf_derive(ctx->pass, ctx->pass_len, ctx->salt, ctx->salt_len, - ctx->id, ctx->iter, md, key, keylen); + ctx->id, ctx->iter, md, key, keylen); } static int kdf_pkcs12_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -238,7 +238,7 @@ return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) - if (!pkcs12kdf_set_membuf(&ctx->salt, &ctx->salt_len,p)) + if (!pkcs12kdf_set_membuf(&ctx->salt, &ctx->salt_len, p)) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PKCS12_ID)) != NULL) @@ -252,7 +252,7 @@ } static const OSSL_PARAM *kdf_pkcs12_settable_ctx_params( - ossl_unused void *ctx, ossl_unused void *provctx) + ossl_unused void *ctx, ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), @@ -276,7 +276,7 @@ } static const OSSL_PARAM *kdf_pkcs12_gettable_ctx_params( - ossl_unused void *ctx, ossl_unused void *provctx) + ossl_unused void *ctx, ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -286,15 +286,15 @@ } const OSSL_DISPATCH ossl_kdf_pkcs12_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_pkcs12_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_pkcs12_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_pkcs12_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_pkcs12_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kdf_pkcs12_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kdf_pkcs12_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kdf_pkcs12_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kdf_pkcs12_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kdf_pkcs12_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_pkcs12_set_ctx_params }, + (void (*)(void))kdf_pkcs12_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))kdf_pkcs12_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kdf_pkcs12_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_pkcs12_get_ctx_params }, + (void (*)(void))kdf_pkcs12_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))kdf_pkcs12_get_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/kdfs/scrypt.c.orig +++ crypto/openssl/providers/implementations/kdfs/scrypt.c @@ -34,10 +34,10 @@ static OSSL_FUNC_kdf_get_ctx_params_fn kdf_scrypt_get_ctx_params; static int scrypt_alg(const char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen, EVP_MD *sha256, - OSSL_LIB_CTX *libctx, const char *propq); + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen, EVP_MD *sha256, + OSSL_LIB_CTX *libctx, const char *propq); typedef struct { OSSL_LIB_CTX *libctx; @@ -107,7 +107,7 @@ } static int scrypt_set_membuf(unsigned char **buffer, size_t *buflen, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { OPENSSL_clear_free(*buffer, *buflen); *buffer = NULL; @@ -151,7 +151,7 @@ } static int kdf_scrypt_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; @@ -172,9 +172,9 @@ return 0; return scrypt_alg((char *)ctx->pass, ctx->pass_len, ctx->salt, - ctx->salt_len, ctx->N, ctx->r, ctx->p, - ctx->maxmem_bytes, key, keylen, ctx->sha256, - ctx->libctx, ctx->propq); + ctx->salt_len, ctx->N, ctx->r, ctx->p, + ctx->maxmem_bytes, key, keylen, ctx->sha256, + ctx->libctx, ctx->propq); } static int is_power_of_two(uint64_t value) @@ -240,7 +240,7 @@ } static const OSSL_PARAM *kdf_scrypt_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PASSWORD, NULL, 0), @@ -265,7 +265,7 @@ } static const OSSL_PARAM *kdf_scrypt_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -275,20 +275,20 @@ } const OSSL_DISPATCH ossl_kdf_scrypt_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_scrypt_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_scrypt_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_scrypt_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_scrypt_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kdf_scrypt_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kdf_scrypt_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kdf_scrypt_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kdf_scrypt_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kdf_scrypt_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_scrypt_set_ctx_params }, + (void (*)(void))kdf_scrypt_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))kdf_scrypt_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kdf_scrypt_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_scrypt_get_ctx_params }, + (void (*)(void))kdf_scrypt_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))kdf_scrypt_get_ctx_params }, { 0, NULL } }; -#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) +#define R(a, b) (((a) << (b)) | ((a) >> (32 - (b)))) static void salsa208_word_specification(uint32_t inout[16]) { int i; @@ -351,7 +351,7 @@ } static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, - uint32_t *X, uint32_t *T, uint32_t *V) + uint32_t *X, uint32_t *T, uint32_t *V) { unsigned char *pB; uint32_t *pV; @@ -389,7 +389,7 @@ } #ifndef SIZE_MAX -# define SIZE_MAX ((size_t)-1) +#define SIZE_MAX ((size_t)-1) #endif /* @@ -397,7 +397,7 @@ * most (all?) platforms. */ -#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) +#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) /* * Maximum value of p * r: @@ -406,13 +406,13 @@ * p * r <= (2^30-1) */ -#define SCRYPT_PR_MAX ((1 << 30) - 1) +#define SCRYPT_PR_MAX ((1 << 30) - 1) static int scrypt_alg(const char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen, EVP_MD *sha256, - OSSL_LIB_CTX *libctx, const char *propq) + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen, EVP_MD *sha256, + OSSL_LIB_CTX *libctx, const char *propq) { int rv = 0; unsigned char *B; @@ -497,17 +497,19 @@ T = X + 32 * r; V = T + 32 * r; if (ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, 1, sha256, - (int)Blen, B, libctx, propq) == 0) + (int)Blen, B, libctx, propq) + == 0) goto err; for (i = 0; i < p; i++) scryptROMix(B + 128 * r * i, r, N, X, T, V); if (ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, B, (int)Blen, 1, sha256, - keylen, key, libctx, propq) == 0) + keylen, key, libctx, propq) + == 0) goto err; rv = 1; - err: +err: if (rv == 0) ERR_raise(ERR_LIB_EVP, EVP_R_PBKDF2_ERROR); --- crypto/openssl/providers/implementations/kdfs/sshkdf.c.orig +++ crypto/openssl/providers/implementations/kdfs/sshkdf.c @@ -33,10 +33,10 @@ static OSSL_FUNC_kdf_get_ctx_params_fn kdf_sshkdf_get_ctx_params; static int SSHKDF(const EVP_MD *evp_md, - const unsigned char *key, size_t key_len, - const unsigned char *xcghash, size_t xcghash_len, - const unsigned char *session_id, size_t session_id_len, - char type, unsigned char *okey, size_t okey_len); + const unsigned char *key, size_t key_len, + const unsigned char *xcghash, size_t xcghash_len, + const unsigned char *session_id, size_t session_id_len, + char type, unsigned char *okey, size_t okey_len); typedef struct { void *provctx; @@ -88,7 +88,7 @@ } static int sshkdf_set_membuf(unsigned char **dst, size_t *dst_len, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { OPENSSL_clear_free(*dst, *dst_len); *dst = NULL; @@ -97,7 +97,7 @@ } static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; const EVP_MD *md; @@ -127,9 +127,9 @@ return 0; } return SSHKDF(md, ctx->key, ctx->key_len, - ctx->xcghash, ctx->xcghash_len, - ctx->session_id, ctx->session_id_len, - ctx->type, key, keylen); + ctx->xcghash, ctx->xcghash_len, + ctx->session_id, ctx->session_id_len, + ctx->type, key, keylen); } static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -177,7 +177,7 @@ } static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), @@ -201,7 +201,7 @@ } static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -211,24 +211,24 @@ } const OSSL_DISPATCH ossl_kdf_sshkdf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_sshkdf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_sshkdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_sshkdf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_sshkdf_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kdf_sshkdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kdf_sshkdf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kdf_sshkdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kdf_sshkdf_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kdf_sshkdf_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_sshkdf_set_ctx_params }, + (void (*)(void))kdf_sshkdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))kdf_sshkdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kdf_sshkdf_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_sshkdf_get_ctx_params }, + (void (*)(void))kdf_sshkdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))kdf_sshkdf_get_ctx_params }, { 0, NULL } }; static int SSHKDF(const EVP_MD *evp_md, - const unsigned char *key, size_t key_len, - const unsigned char *xcghash, size_t xcghash_len, - const unsigned char *session_id, size_t session_id_len, - char type, unsigned char *okey, size_t okey_len) + const unsigned char *key, size_t key_len, + const unsigned char *xcghash, size_t xcghash_len, + const unsigned char *session_id, size_t session_id_len, + char type, unsigned char *okey, size_t okey_len) { EVP_MD_CTX *md = NULL; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -299,4 +299,3 @@ OPENSSL_cleanse(digest, EVP_MAX_MD_SIZE); return ret; } - --- crypto/openssl/providers/implementations/kdfs/sskdf.c.orig +++ crypto/openssl/providers/implementations/kdfs/sskdf.c @@ -53,8 +53,8 @@ typedef struct { void *provctx; - EVP_MAC_CTX *macctx; /* H(x) = HMAC_hash OR H(x) = KMAC */ - PROV_DIGEST digest; /* H(x) = hash(x) */ + EVP_MAC_CTX *macctx; /* H(x) = HMAC_hash OR H(x) = KMAC */ + PROV_DIGEST digest; /* H(x) = hash(x) */ unsigned char *secret; size_t secret_len; unsigned char *info; @@ -65,7 +65,7 @@ int is_kmac; } KDF_SSKDF; -#define SSKDF_MAX_INLEN (1<<30) +#define SSKDF_MAX_INLEN (1 << 30) #define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4) #define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4) @@ -92,10 +92,10 @@ * result[i] = Hash(z || counter || info) for X9.63. */ static int SSKDF_hash_kdm(const EVP_MD *kdf_md, - const unsigned char *z, size_t z_len, - const unsigned char *info, size_t info_len, - unsigned int append_ctr, - unsigned char *derived_key, size_t derived_key_len) + const unsigned char *z, size_t z_len, + const unsigned char *info, size_t info_len, + unsigned int append_ctr, + unsigned char *derived_key, size_t derived_key_len) { int ret = 0, hlen; size_t counter, out_len, len = derived_key_len; @@ -105,8 +105,8 @@ EVP_MD_CTX *ctx = NULL, *ctx_init = NULL; if (z_len > SSKDF_MAX_INLEN || info_len > SSKDF_MAX_INLEN - || derived_key_len > SSKDF_MAX_INLEN - || derived_key_len == 0) + || derived_key_len > SSKDF_MAX_INLEN + || derived_key_len == 0) return 0; hlen = EVP_MD_get_size(kdf_md); @@ -157,8 +157,8 @@ } static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, - size_t custom_len, size_t kmac_out_len, - size_t derived_key_len, unsigned char **out) + size_t custom_len, size_t kmac_out_len, + size_t derived_key_len, unsigned char **out) { OSSL_PARAM params[2]; @@ -167,7 +167,7 @@ return 1; params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM, - (void *)custom, custom_len); + (void *)custom, custom_len); params[1] = OSSL_PARAM_construct_end(); if (!EVP_MAC_CTX_set_params(ctx, params)) @@ -178,15 +178,15 @@ kmac_out_len = derived_key_len; /* otherwise check the size is valid */ else if (!(kmac_out_len == derived_key_len - || kmac_out_len == 20 - || kmac_out_len == 28 - || kmac_out_len == 32 - || kmac_out_len == 48 - || kmac_out_len == 64)) + || kmac_out_len == 20 + || kmac_out_len == 28 + || kmac_out_len == 32 + || kmac_out_len == 48 + || kmac_out_len == 64)) return 0; params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, - &kmac_out_len); + &kmac_out_len); if (EVP_MAC_CTX_set_params(ctx, params) <= 0) return 0; @@ -210,12 +210,12 @@ * H(x) = KMAC#(salt, x, outbits, CustomString='KDF') */ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, - const unsigned char *kmac_custom, - size_t kmac_custom_len, size_t kmac_out_len, - const unsigned char *salt, size_t salt_len, - const unsigned char *z, size_t z_len, - const unsigned char *info, size_t info_len, - unsigned char *derived_key, size_t derived_key_len) + const unsigned char *kmac_custom, + size_t kmac_custom_len, size_t kmac_out_len, + const unsigned char *salt, size_t salt_len, + const unsigned char *z, size_t z_len, + const unsigned char *info, size_t info_len, + unsigned char *derived_key, size_t derived_key_len) { int ret = 0; size_t counter, out_len, len; @@ -226,12 +226,12 @@ unsigned char *mac = mac_buf, *kmac_buffer = NULL; if (z_len > SSKDF_MAX_INLEN || info_len > SSKDF_MAX_INLEN - || derived_key_len > SSKDF_MAX_INLEN - || derived_key_len == 0) + || derived_key_len > SSKDF_MAX_INLEN + || derived_key_len == 0) return 0; if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len, - derived_key_len, &kmac_buffer)) + derived_key_len, &kmac_buffer)) goto end; if (kmac_buffer != NULL) mac = kmac_buffer; @@ -321,7 +321,7 @@ } static int sskdf_set_buffer(unsigned char **out, size_t *out_len, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { if (p->data == NULL || p->data_size == 0) return 1; @@ -348,7 +348,7 @@ } static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; const EVP_MD *md; @@ -400,10 +400,10 @@ ctx->salt_len = default_salt_len; } ret = SSKDF_mac_kdm(ctx->macctx, - custom, custom_len, ctx->out_len, - ctx->salt, ctx->salt_len, - ctx->secret, ctx->secret_len, - ctx->info, ctx->info_len, key, keylen); + custom, custom_len, ctx->out_len, + ctx->salt, ctx->salt_len, + ctx->secret, ctx->secret_len, + ctx->info, ctx->info_len, key, keylen); return ret; } else { /* H(x) = hash */ @@ -412,12 +412,12 @@ return 0; } return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, - ctx->info, ctx->info_len, 0, key, keylen); + ctx->info, ctx->info_len, 0, key, keylen); } } static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; const EVP_MD *md; @@ -443,7 +443,7 @@ } return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, - ctx->info, ctx->info_len, 1, key, keylen); + ctx->info, ctx->info_len, 1, key, keylen); } static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -457,19 +457,19 @@ return 1; if (!ossl_prov_macctx_load_from_params(&ctx->macctx, params, - NULL, NULL, NULL, libctx)) + NULL, NULL, NULL, libctx)) return 0; - if (ctx->macctx != NULL) { + if (ctx->macctx != NULL) { if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), - OSSL_MAC_NAME_KMAC128) + OSSL_MAC_NAME_KMAC128) || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), - OSSL_MAC_NAME_KMAC256)) { + OSSL_MAC_NAME_KMAC256)) { ctx->is_kmac = 1; } - } + } - if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) - return 0; + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL || (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) @@ -494,7 +494,7 @@ } static const OSSL_PARAM *sskdf_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), @@ -521,7 +521,7 @@ } static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -531,29 +531,29 @@ } const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))sskdf_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))sskdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))sskdf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))sskdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))sskdf_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))sskdf_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))sskdf_set_ctx_params }, + (void (*)(void))sskdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))sskdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))sskdf_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_get_ctx_params }, + (void (*)(void))sskdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_get_ctx_params }, { 0, NULL } }; const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))x963kdf_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))sskdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))sskdf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))sskdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))x963kdf_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))sskdf_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))sskdf_set_ctx_params }, + (void (*)(void))sskdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))sskdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))sskdf_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_get_ctx_params }, + (void (*)(void))sskdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_get_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/kdfs/tls1_prf.c.orig +++ crypto/openssl/providers/implementations/kdfs/tls1_prf.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,9 +72,9 @@ static OSSL_FUNC_kdf_get_ctx_params_fn kdf_tls1_prf_get_ctx_params; static int tls1_prf_alg(EVP_MAC_CTX *mdctx, EVP_MAC_CTX *sha1ctx, - const unsigned char *sec, size_t slen, - const unsigned char *seed, size_t seed_len, - unsigned char *out, size_t olen); + const unsigned char *sec, size_t slen, + const unsigned char *seed, size_t seed_len, + unsigned char *out, size_t olen); #define TLS1_PRF_MAXBUF 1024 @@ -134,7 +134,7 @@ } static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; @@ -159,9 +159,9 @@ } return tls1_prf_alg(ctx->P_hash, ctx->P_sha1, - ctx->sec, ctx->seclen, - ctx->seed, ctx->seedlen, - key, keylen); + ctx->sec, ctx->seclen, + ctx->seed, ctx->seedlen, + key, keylen); } static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) @@ -176,17 +176,18 @@ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) { if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, - OSSL_MAC_NAME_HMAC, - NULL, SN_md5, libctx) + OSSL_MAC_NAME_HMAC, + NULL, SN_md5, libctx) || !ossl_prov_macctx_load_from_params(&ctx->P_sha1, params, - OSSL_MAC_NAME_HMAC, - NULL, SN_sha1, libctx)) + OSSL_MAC_NAME_HMAC, + NULL, SN_sha1, libctx)) return 0; } else { EVP_MAC_CTX_free(ctx->P_sha1); + ctx->P_sha1 = NULL; if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, - OSSL_MAC_NAME_HMAC, - NULL, NULL, libctx)) + OSSL_MAC_NAME_HMAC, + NULL, NULL, libctx)) return 0; } } @@ -200,15 +201,15 @@ /* The seed fields concatenate, so process them all */ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SEED)) != NULL) { for (; p != NULL; p = OSSL_PARAM_locate_const(p + 1, - OSSL_KDF_PARAM_SEED)) { + OSSL_KDF_PARAM_SEED)) { const void *q = ctx->seed + ctx->seedlen; size_t sz = 0; if (p->data_size != 0 && p->data != NULL && !OSSL_PARAM_get_octet_string(p, (void **)&q, - TLS1_PRF_MAXBUF - ctx->seedlen, - &sz)) + TLS1_PRF_MAXBUF - ctx->seedlen, + &sz)) return 0; ctx->seedlen += sz; } @@ -217,7 +218,7 @@ } static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params( - ossl_unused void *ctx, ossl_unused void *provctx) + ossl_unused void *ctx, ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), @@ -239,7 +240,7 @@ } static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params( - ossl_unused void *ctx, ossl_unused void *provctx) + ossl_unused void *ctx, ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -249,18 +250,18 @@ } const OSSL_DISPATCH ossl_kdf_tls1_prf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_tls1_prf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_tls1_prf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_tls1_prf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_tls1_prf_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))kdf_tls1_prf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))kdf_tls1_prf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))kdf_tls1_prf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))kdf_tls1_prf_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))kdf_tls1_prf_settable_ctx_params }, + (void (*)(void))kdf_tls1_prf_settable_ctx_params }, { OSSL_FUNC_KDF_SET_CTX_PARAMS, - (void(*)(void))kdf_tls1_prf_set_ctx_params }, + (void (*)(void))kdf_tls1_prf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))kdf_tls1_prf_gettable_ctx_params }, + (void (*)(void))kdf_tls1_prf_gettable_ctx_params }, { OSSL_FUNC_KDF_GET_CTX_PARAMS, - (void(*)(void))kdf_tls1_prf_get_ctx_params }, + (void (*)(void))kdf_tls1_prf_get_ctx_params }, { 0, NULL } }; @@ -285,9 +286,9 @@ * A(i) = HMAC_(secret, A(i-1)) */ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, - const unsigned char *sec, size_t sec_len, - const unsigned char *seed, size_t seed_len, - unsigned char *out, size_t olen) + const unsigned char *sec, size_t sec_len, + const unsigned char *seed, size_t seed_len, + unsigned char *out, size_t olen) { size_t chunk; EVP_MAC_CTX *ctx = NULL, *ctx_Ai = NULL; @@ -343,7 +344,7 @@ olen -= chunk; } ret = 1; - err: +err: EVP_MAC_CTX_free(ctx); EVP_MAC_CTX_free(ctx_Ai); OPENSSL_cleanse(Ai, sizeof(Ai)); @@ -371,9 +372,9 @@ * PRF(secret, label, seed) = P_(secret, label + seed) */ static int tls1_prf_alg(EVP_MAC_CTX *mdctx, EVP_MAC_CTX *sha1ctx, - const unsigned char *sec, size_t slen, - const unsigned char *seed, size_t seed_len, - unsigned char *out, size_t olen) + const unsigned char *sec, size_t slen, + const unsigned char *seed, size_t seed_len, + unsigned char *out, size_t olen) { if (sha1ctx != NULL) { /* TLS v1.0 and TLS v1.1 */ @@ -384,7 +385,7 @@ size_t L_S2 = L_S1; if (!tls1_prf_P_hash(mdctx, sec, L_S1, - seed, seed_len, out, olen)) + seed, seed_len, out, olen)) return 0; if ((tmp = OPENSSL_malloc(olen)) == NULL) { @@ -393,7 +394,7 @@ } if (!tls1_prf_P_hash(sha1ctx, sec + slen - L_S2, L_S2, - seed, seed_len, tmp, olen)) { + seed, seed_len, tmp, olen)) { OPENSSL_clear_free(tmp, olen); return 0; } --- crypto/openssl/providers/implementations/kdfs/x942kdf.c.orig +++ crypto/openssl/providers/implementations/kdfs/x942kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -62,19 +62,19 @@ size_t keklen; /* size in bytes */ } kek_algs[] = { { "AES-128-WRAP", ossl_der_oid_id_aes128_wrap, DER_OID_SZ_id_aes128_wrap, - 16 }, + 16 }, { "AES-192-WRAP", ossl_der_oid_id_aes192_wrap, DER_OID_SZ_id_aes192_wrap, - 24 }, + 24 }, { "AES-256-WRAP", ossl_der_oid_id_aes256_wrap, DER_OID_SZ_id_aes256_wrap, - 32 }, + 32 }, #ifndef FIPS_MODULE { "DES3-WRAP", ossl_der_oid_id_alg_CMS3DESwrap, - DER_OID_SZ_id_alg_CMS3DESwrap, 24 }, + DER_OID_SZ_id_alg_CMS3DESwrap, 24 }, #endif }; static int find_alg_id(OSSL_LIB_CTX *libctx, const char *algname, - const char *propq, size_t *id) + const char *propq, size_t *id) { int ret = 1; size_t i; @@ -97,43 +97,42 @@ } static int DER_w_keyinfo(WPACKET *pkt, - const unsigned char *der_oid, size_t der_oidlen, - unsigned char **pcounter) + const unsigned char *der_oid, size_t der_oidlen, + unsigned char **pcounter) { return ossl_DER_w_begin_sequence(pkt, -1) - /* Store the initial value of 1 into the counter */ - && ossl_DER_w_octet_string_uint32(pkt, -1, 1) - /* Remember where we stored the counter in the buffer */ - && (pcounter == NULL - || (*pcounter = WPACKET_get_curr(pkt)) != NULL) - && ossl_DER_w_precompiled(pkt, -1, der_oid, der_oidlen) - && ossl_DER_w_end_sequence(pkt, -1); + /* Store the initial value of 1 into the counter */ + && ossl_DER_w_octet_string_uint32(pkt, -1, 1) + /* Remember where we stored the counter in the buffer */ + && (pcounter == NULL + || (*pcounter = WPACKET_get_curr(pkt)) != NULL) + && ossl_DER_w_precompiled(pkt, -1, der_oid, der_oidlen) + && ossl_DER_w_end_sequence(pkt, -1); } static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen, - const unsigned char *der_oid, size_t der_oidlen, - const unsigned char *acvp, size_t acvplen, - const unsigned char *partyu, size_t partyulen, - const unsigned char *partyv, size_t partyvlen, - const unsigned char *supp_pub, size_t supp_publen, - const unsigned char *supp_priv, size_t supp_privlen, - uint32_t keylen_bits, unsigned char **pcounter) + const unsigned char *der_oid, size_t der_oidlen, + const unsigned char *acvp, size_t acvplen, + const unsigned char *partyu, size_t partyulen, + const unsigned char *partyv, size_t partyvlen, + const unsigned char *supp_pub, size_t supp_publen, + const unsigned char *supp_priv, size_t supp_privlen, + uint32_t keylen_bits, unsigned char **pcounter) { - return (buf != NULL ? WPACKET_init_der(pkt, buf, buflen) : - WPACKET_init_null_der(pkt)) - && ossl_DER_w_begin_sequence(pkt, -1) - && (supp_priv == NULL - || ossl_DER_w_octet_string(pkt, 3, supp_priv, supp_privlen)) - && (supp_pub == NULL - || ossl_DER_w_octet_string(pkt, 2, supp_pub, supp_publen)) - && (keylen_bits == 0 - || ossl_DER_w_octet_string_uint32(pkt, 2, keylen_bits)) - && (partyv == NULL || ossl_DER_w_octet_string(pkt, 1, partyv, partyvlen)) - && (partyu == NULL || ossl_DER_w_octet_string(pkt, 0, partyu, partyulen)) - && (acvp == NULL || ossl_DER_w_precompiled(pkt, -1, acvp, acvplen)) - && DER_w_keyinfo(pkt, der_oid, der_oidlen, pcounter) - && ossl_DER_w_end_sequence(pkt, -1) - && WPACKET_finish(pkt); + return (buf != NULL ? WPACKET_init_der(pkt, buf, buflen) : WPACKET_init_null_der(pkt)) + && ossl_DER_w_begin_sequence(pkt, -1) + && (supp_priv == NULL + || ossl_DER_w_octet_string(pkt, 3, supp_priv, supp_privlen)) + && (supp_pub == NULL + || ossl_DER_w_octet_string(pkt, 2, supp_pub, supp_publen)) + && (keylen_bits == 0 + || ossl_DER_w_octet_string_uint32(pkt, 2, keylen_bits)) + && (partyv == NULL || ossl_DER_w_octet_string(pkt, 1, partyv, partyvlen)) + && (partyu == NULL || ossl_DER_w_octet_string(pkt, 0, partyu, partyulen)) + && (acvp == NULL || ossl_DER_w_precompiled(pkt, -1, acvp, acvplen)) + && DER_w_keyinfo(pkt, der_oid, der_oidlen, pcounter) + && ossl_DER_w_end_sequence(pkt, -1) + && WPACKET_finish(pkt); } /* @@ -169,7 +168,7 @@ * |cek_oidlen| The length (in bytes) of the key wrapping algorithm oid, * |acvp| is the optional blob of DER data representing one or more of the * OtherInfo fields related to |partyu|, |partyv|, |supp_pub| and |supp_priv|. - * This field should noramlly be NULL. If |acvp| is non NULL then |partyu|, + * This field should normally be NULL. If |acvp| is non NULL then |partyu|, * |partyv|, |supp_pub| and |supp_priv| should all be NULL. * |acvp_len| is the |acvp| length (in bytes). * |partyu| is the optional public info contributed by the initiator. @@ -195,14 +194,14 @@ */ static int x942_encode_otherinfo(size_t keylen, - const unsigned char *cek_oid, size_t cek_oid_len, - const unsigned char *acvp, size_t acvp_len, - const unsigned char *partyu, size_t partyu_len, - const unsigned char *partyv, size_t partyv_len, - const unsigned char *supp_pub, size_t supp_pub_len, - const unsigned char *supp_priv, size_t supp_priv_len, - unsigned char **der, size_t *der_len, - unsigned char **out_ctr) + const unsigned char *cek_oid, size_t cek_oid_len, + const unsigned char *acvp, size_t acvp_len, + const unsigned char *partyu, size_t partyu_len, + const unsigned char *partyv, size_t partyv_len, + const unsigned char *supp_pub, size_t supp_pub_len, + const unsigned char *supp_priv, size_t supp_priv_len, + unsigned char **der, size_t *der_len, + unsigned char **out_ctr) { int ret = 0; unsigned char *pcounter = NULL, *der_buf = NULL; @@ -217,10 +216,10 @@ /* Calculate the size of the buffer */ if (!der_encode_sharedinfo(&pkt, NULL, 0, cek_oid, cek_oid_len, - acvp, acvp_len, - partyu, partyu_len, partyv, partyv_len, - supp_pub, supp_pub_len, supp_priv, supp_priv_len, - keylen_bits, NULL) + acvp, acvp_len, + partyu, partyu_len, partyv, partyv_len, + supp_pub, supp_pub_len, supp_priv, supp_priv_len, + keylen_bits, NULL) || !WPACKET_get_total_written(&pkt, &der_buflen)) goto err; WPACKET_cleanup(&pkt); @@ -230,14 +229,14 @@ goto err; /* Encode into the buffer */ if (!der_encode_sharedinfo(&pkt, der_buf, der_buflen, cek_oid, cek_oid_len, - acvp, acvp_len, - partyu, partyu_len, partyv, partyv_len, - supp_pub, supp_pub_len, supp_priv, supp_priv_len, - keylen_bits, &pcounter)) + acvp, acvp_len, + partyu, partyu_len, partyv, partyv_len, + supp_pub, supp_pub_len, supp_priv, supp_priv_len, + keylen_bits, &pcounter)) goto err; /* * Since we allocated the exact size required, the buffer should point to the - * start of the alllocated buffer at this point. + * start of the allocated buffer at this point. */ if (WPACKET_get_curr(&pkt) != der_buf) goto err; @@ -262,10 +261,10 @@ } static int x942kdf_hash_kdm(const EVP_MD *kdf_md, - const unsigned char *z, size_t z_len, - const unsigned char *other, size_t other_len, - unsigned char *ctr, - unsigned char *derived_key, size_t derived_key_len) + const unsigned char *z, size_t z_len, + const unsigned char *other, size_t other_len, + unsigned char *ctr, + unsigned char *derived_key, size_t derived_key_len) { int ret = 0, hlen; size_t counter, out_len, len = derived_key_len; @@ -371,7 +370,7 @@ } static int x942kdf_set_buffer(unsigned char **out, size_t *out_len, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { if (p->data_size == 0 || p->data == NULL) return 1; @@ -395,7 +394,7 @@ } static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { KDF_X942 *ctx = (KDF_X942 *)vctx; const EVP_MD *md; @@ -450,18 +449,18 @@ } /* generate the otherinfo der */ if (!x942_encode_otherinfo(ctx->use_keybits ? ctx->dkm_len : 0, - ctx->cek_oid, ctx->cek_oid_len, - ctx->acvpinfo, ctx->acvpinfo_len, - ctx->partyuinfo, ctx->partyuinfo_len, - ctx->partyvinfo, ctx->partyvinfo_len, - ctx->supp_pubinfo, ctx->supp_pubinfo_len, - ctx->supp_privinfo, ctx->supp_privinfo_len, - &der, &der_len, &ctr)) { + ctx->cek_oid, ctx->cek_oid_len, + ctx->acvpinfo, ctx->acvpinfo_len, + ctx->partyuinfo, ctx->partyuinfo_len, + ctx->partyvinfo, ctx->partyvinfo_len, + ctx->supp_pubinfo, ctx->supp_pubinfo_len, + ctx->supp_privinfo, ctx->supp_privinfo_len, + &der, &der_len, &ctr)) { ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING); return 0; } ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len, - der, der_len, ctr, key, keylen); + der, der_len, ctr, key, keylen); OPENSSL_free(der); return ret; } @@ -539,7 +538,7 @@ } static const OSSL_PARAM *x942kdf_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), @@ -570,7 +569,7 @@ } static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), @@ -580,15 +579,15 @@ } const OSSL_DISPATCH ossl_kdf_x942_kdf_functions[] = { - { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))x942kdf_new }, - { OSSL_FUNC_KDF_FREECTX, (void(*)(void))x942kdf_free }, - { OSSL_FUNC_KDF_RESET, (void(*)(void))x942kdf_reset }, - { OSSL_FUNC_KDF_DERIVE, (void(*)(void))x942kdf_derive }, + { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))x942kdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void (*)(void))x942kdf_free }, + { OSSL_FUNC_KDF_RESET, (void (*)(void))x942kdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void (*)(void))x942kdf_derive }, { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, - (void(*)(void))x942kdf_settable_ctx_params }, - { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))x942kdf_set_ctx_params }, + (void (*)(void))x942kdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))x942kdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void(*)(void))x942kdf_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))x942kdf_get_ctx_params }, + (void (*)(void))x942kdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))x942kdf_get_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/kem/rsa_kem.c.orig +++ crypto/openssl/providers/implementations/kem/rsa_kem.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,8 +43,8 @@ * Only the KEM for RSASVE as defined in SP800-56b r2 is implemented * currently. */ -#define KEM_OP_UNDEFINED -1 -#define KEM_OP_RSASVE 0 +#define KEM_OP_UNDEFINED -1 +#define KEM_OP_RSASVE 0 /* * What's passed as an actual key is defined by the KEYMGMT interface. @@ -82,7 +82,7 @@ static void *rsakem_newctx(void *provctx) { - PROV_RSA_CTX *prsactx = OPENSSL_zalloc(sizeof(PROV_RSA_CTX)); + PROV_RSA_CTX *prsactx = OPENSSL_zalloc(sizeof(PROV_RSA_CTX)); if (prsactx == NULL) return NULL; @@ -118,7 +118,7 @@ } static int rsakem_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[], int operation) + const OSSL_PARAM params[], int operation) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -137,13 +137,13 @@ } static int rsakem_encapsulate_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return rsakem_init(vprsactx, vrsa, params, EVP_PKEY_OP_ENCAPSULATE); } static int rsakem_decapsulate_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return rsakem_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECAPSULATE); } @@ -160,7 +160,7 @@ }; static const OSSL_PARAM *rsakem_gettable_ctx_params(ossl_unused void *vprsactx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_rsakem_ctx_params; } @@ -176,7 +176,6 @@ if (params == NULL) return 1; - p = OSSL_PARAM_locate_const(params, OSSL_KEM_PARAM_OPERATION); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) @@ -195,7 +194,7 @@ }; static const OSSL_PARAM *rsakem_settable_ctx_params(ossl_unused void *vprsactx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_rsakem_ctx_params; } @@ -207,7 +206,7 @@ * Generate a random in the range 1 < z < (n – 1) */ static int rsasve_gen_rand_bytes(RSA *rsa_pub, - unsigned char *out, int outlen) + unsigned char *out, int outlen) { int ret = 0; BN_CTX *bnctx; @@ -227,11 +226,11 @@ nminus3 = BN_CTX_get(bnctx); z = BN_CTX_get(bnctx); ret = (z != NULL - && (BN_copy(nminus3, RSA_get0_n(rsa_pub)) != NULL) - && BN_sub_word(nminus3, 3) - && BN_priv_rand_range_ex(z, nminus3, 0, bnctx) - && BN_add_word(z, 2) - && (BN_bn2binpad(z, out, outlen) == outlen)); + && (BN_copy(nminus3, RSA_get0_n(rsa_pub)) != NULL) + && BN_sub_word(nminus3, 3) + && BN_priv_rand_range_ex(z, nminus3, 0, bnctx) + && BN_add_word(z, 2) + && (BN_bn2binpad(z, out, outlen) == outlen)); BN_CTX_end(bnctx); BN_CTX_free(bnctx); return ret; @@ -242,8 +241,8 @@ * 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE). */ static int rsasve_generate(PROV_RSA_CTX *prsactx, - unsigned char *out, size_t *outlen, - unsigned char *secret, size_t *secretlen) + unsigned char *out, size_t *outlen, + unsigned char *secret, size_t *secretlen) { int ret; size_t nlen; @@ -268,7 +267,7 @@ /* * If outlen is specified, then it must report the length * of the out buffer on input so that we can confirm - * its size is sufficent for encapsulation + * its size is sufficient for encapsulation */ if (outlen != NULL && *outlen < nlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); @@ -283,24 +282,25 @@ return 0; /* Step(3): out = RSAEP((n,e), z) */ - ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING); - if (ret) { - ret = 1; - if (outlen != NULL) - *outlen = nlen; - if (secretlen != NULL) - *secretlen = nlen; - } else { + ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa, + RSA_NO_PADDING); + if (ret <= 0 || ret != (int)nlen) { OPENSSL_cleanse(secret, nlen); + return 0; } - return ret; + + if (outlen != NULL) + *outlen = nlen; + if (secretlen != NULL) + *secretlen = nlen; + + return 1; } /** * rsasve_recover - Recovers a secret value from ciphertext using an RSA * private key. Once, recovered, the secret value is considered to be a - * shared secret. Algorithm is preformed as per - * NIST SP 800-56B Rev 2 + * shared secret. Algorithm is performed as per NIST SP 800-56B Rev 2 * 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER). * * This function performs RSA decryption using the private key from the @@ -318,8 +318,8 @@ * error messages are raised using the ERR_raise function. */ static int rsasve_recover(PROV_RSA_CTX *prsactx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) { size_t nlen; int ret; @@ -363,48 +363,48 @@ } static int rsakem_generate(void *vprsactx, unsigned char *out, size_t *outlen, - unsigned char *secret, size_t *secretlen) + unsigned char *secret, size_t *secretlen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; switch (prsactx->op) { - case KEM_OP_RSASVE: - return rsasve_generate(prsactx, out, outlen, secret, secretlen); - default: - return -2; + case KEM_OP_RSASVE: + return rsasve_generate(prsactx, out, outlen, secret, secretlen); + default: + return -2; } } static int rsakem_recover(void *vprsactx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) + const unsigned char *in, size_t inlen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; switch (prsactx->op) { - case KEM_OP_RSASVE: - return rsasve_recover(prsactx, out, outlen, in, inlen); - default: - return -2; + case KEM_OP_RSASVE: + return rsasve_recover(prsactx, out, outlen, in, inlen); + default: + return -2; } } const OSSL_DISPATCH ossl_rsa_asym_kem_functions[] = { { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))rsakem_newctx }, { OSSL_FUNC_KEM_ENCAPSULATE_INIT, - (void (*)(void))rsakem_encapsulate_init }, + (void (*)(void))rsakem_encapsulate_init }, { OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))rsakem_generate }, { OSSL_FUNC_KEM_DECAPSULATE_INIT, - (void (*)(void))rsakem_decapsulate_init }, + (void (*)(void))rsakem_decapsulate_init }, { OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))rsakem_recover }, { OSSL_FUNC_KEM_FREECTX, (void (*)(void))rsakem_freectx }, { OSSL_FUNC_KEM_DUPCTX, (void (*)(void))rsakem_dupctx }, { OSSL_FUNC_KEM_GET_CTX_PARAMS, - (void (*)(void))rsakem_get_ctx_params }, + (void (*)(void))rsakem_get_ctx_params }, { OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS, - (void (*)(void))rsakem_gettable_ctx_params }, + (void (*)(void))rsakem_gettable_ctx_params }, { OSSL_FUNC_KEM_SET_CTX_PARAMS, - (void (*)(void))rsakem_set_ctx_params }, + (void (*)(void))rsakem_set_ctx_params }, { OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS, - (void (*)(void))rsakem_settable_ctx_params }, + (void (*)(void))rsakem_settable_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c.orig +++ crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c @@ -47,7 +47,7 @@ static OSSL_FUNC_keymgmt_export_types_fn dh_export_types; static OSSL_FUNC_keymgmt_dup_fn dh_dup; -#define DH_POSSIBLE_SELECTIONS \ +#define DH_POSSIBLE_SELECTIONS \ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) struct dh_gen_ctx { @@ -202,8 +202,7 @@ ok = ok && ossl_dh_params_fromdata(dh, params); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - int include_private = - selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_dh_key_fromdata(dh, params, include_private); } @@ -212,7 +211,7 @@ } static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, - void *cbarg) + void *cbarg) { DH *dh = keydata; OSSL_PARAM_BLD *tmpl = NULL; @@ -233,8 +232,7 @@ ok = ok && ossl_dh_params_todata(dh, tmpl, NULL); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - int include_private = - selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_dh_key_todata(dh, tmpl, NULL, include_private); } @@ -253,20 +251,20 @@ /* IMEXPORT = IMPORT + EXPORT */ -# define DH_IMEXPORTABLE_PARAMETERS \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL), \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0) -# define DH_IMEXPORTABLE_PUBLIC_KEY \ +#define DH_IMEXPORTABLE_PARAMETERS \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL), \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0) +#define DH_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) -# define DH_IMEXPORTABLE_PRIVATE_KEY \ +#define DH_IMEXPORTABLE_PRIVATE_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) static const OSSL_PARAM dh_all_types[] = { DH_IMEXPORTABLE_PARAMETERS, @@ -284,10 +282,10 @@ OSSL_PARAM_END }; static const OSSL_PARAM *dh_types[] = { - NULL, /* Index 0 = none of them */ - dh_parameter_types, /* Index 1 = parameter types */ - dh_key_types, /* Index 2 = key types */ - dh_all_types /* Index 3 = 1 + 2 */ + NULL, /* Index 0 = none of them */ + dh_parameter_types, /* Index 1 = parameter types */ + dh_key_types, /* Index 2 = key types */ + dh_all_types /* Index 3 = 1 + 2 */ }; static const OSSL_PARAM *dh_imexport_types(int selection) @@ -329,7 +327,7 @@ if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; p->return_size = ossl_dh_key2buf(dh, (unsigned char **)&p->data, - p->data_size, 0); + p->data_size, 0); if (p->return_size == 0) return 0; } @@ -371,8 +369,8 @@ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL - && (p->data_type != OSSL_PARAM_OCTET_STRING - || !ossl_dh_buf2key(dh, p->data, p->data_size))) + && (p->data_type != OSSL_PARAM_OCTET_STRING + || !ossl_dh_buf2key(dh, p->data, p->data_size))) return 0; return 1; @@ -403,7 +401,8 @@ DH_get0_key(dh, NULL, &priv_key); if (priv_key == NULL) return 0; - return ossl_dh_check_priv_key(dh, priv_key, &status);; + return ossl_dh_check_priv_key(dh, priv_key, &status); + ; } static int dh_validate(const void *keydata, int selection, int checktype) @@ -436,13 +435,13 @@ ok = ok && dh_validate_private(dh); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) - == OSSL_KEYMGMT_SELECT_KEYPAIR) + == OSSL_KEYMGMT_SELECT_KEYPAIR) ok = ok && ossl_dh_check_pairwise(dh); return ok; } static void *dh_gen_init_base(void *provctx, int selection, - const OSSL_PARAM params[], int type) + const OSSL_PARAM params[], int type) { OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); struct dh_gen_ctx *gctx = NULL; @@ -450,8 +449,7 @@ if (!ossl_prov_is_running()) return NULL; - if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) + if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) return NULL; if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { @@ -462,12 +460,12 @@ gctx->mdname = NULL; #ifdef FIPS_MODULE gctx->gen_type = (type == DH_FLAG_TYPE_DHX) - ? DH_PARAMGEN_TYPE_FIPS_186_4 - : DH_PARAMGEN_TYPE_GROUP; + ? DH_PARAMGEN_TYPE_FIPS_186_4 + : DH_PARAMGEN_TYPE_GROUP; #else gctx->gen_type = (type == DH_FLAG_TYPE_DHX) - ? DH_PARAMGEN_TYPE_FIPS_186_2 - : DH_PARAMGEN_TYPE_GENERATOR; + ? DH_PARAMGEN_TYPE_FIPS_186_2 + : DH_PARAMGEN_TYPE_GENERATOR; #endif gctx->gindex = -1; gctx->hindex = 0; @@ -483,15 +481,15 @@ } static void *dh_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return dh_gen_init_base(provctx, selection, params, DH_FLAG_TYPE_DH); } static void *dhx_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { - return dh_gen_init_base(provctx, selection, params, DH_FLAG_TYPE_DHX); + return dh_gen_init_base(provctx, selection, params, DH_FLAG_TYPE_DHX); } static int dh_gen_set_template(void *genctx, void *templ) @@ -506,7 +504,7 @@ } static int dh_set_gen_seed(struct dh_gen_ctx *gctx, unsigned char *seed, - size_t seedlen) + size_t seedlen) { OPENSSL_clear_free(gctx->seed, gctx->seedlen); gctx->seed = NULL; @@ -533,8 +531,7 @@ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING - || ((gctx->gen_type = - dh_gen_type_name2id_w_default(p->data, gctx->dh_type)) == -1)) { + || ((gctx->gen_type = dh_gen_type_name2id_w_default(p->data, gctx->dh_type)) == -1)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -546,8 +543,7 @@ if (p->data_type != OSSL_PARAM_UTF8_STRING || p->data == NULL || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL - || ((gctx->group_nid = - ossl_ffc_named_group_get_uid(group)) == NID_undef)) { + || ((gctx->group_nid = ossl_ffc_named_group_get_uid(group)) == NID_undef)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -562,7 +558,7 @@ } static const OSSL_PARAM *dh_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM dh_gen_settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), @@ -576,7 +572,7 @@ } static const OSSL_PARAM *dhx_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM dhx_gen_settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), @@ -617,7 +613,7 @@ if (p != NULL && (p->data_type != OSSL_PARAM_OCTET_STRING || !dh_set_gen_seed(gctx, p->data, p->data_size))) - return 0; + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL && !OSSL_PARAM_get_size_t(p, &gctx->qbits)) return 0; @@ -669,7 +665,8 @@ || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS) != NULL || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST) != NULL || OSSL_PARAM_locate_const(params, - OSSL_PKEY_PARAM_FFC_DIGEST_PROPS) != NULL) { + OSSL_PKEY_PARAM_FFC_DIGEST_PROPS) + != NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -708,7 +705,7 @@ /* For parameter generation - If there is a group name just create it */ if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP - && gctx->ffc_params == NULL) { + && gctx->ffc_params == NULL) { /* Select a named group if there is not one already */ if (gctx->group_nid == NID_undef) gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits); @@ -756,11 +753,11 @@ */ if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR) ret = DH_generate_parameters_ex(dh, gctx->pbits, - gctx->generator, gencb); + gctx->generator, gencb); else ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type, - gctx->pbits, gctx->qbits, - gencb); + gctx->pbits, gctx->qbits, + gencb); if (ret <= 0) goto end; } @@ -772,7 +769,7 @@ if (gctx->priv_len > 0) DH_set_length(dh, (long)gctx->priv_len); ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, - gctx->gen_type == DH_PARAMGEN_TYPE_FIPS_186_2); + gctx->gen_type == DH_PARAMGEN_TYPE_FIPS_186_2); if (DH_generate_key(dh) <= 0) goto end; } @@ -829,15 +826,15 @@ { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dh_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, - (void (*)(void))dh_gen_settable_params }, + (void (*)(void))dh_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup }, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dh_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params }, - { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))dh_set_params }, - { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))dh_settable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))dh_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))dh_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))dh_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))dh_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate }, @@ -861,15 +858,15 @@ { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dhx_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, - (void (*)(void))dhx_gen_settable_params }, + (void (*)(void))dhx_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup }, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dh_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params }, - { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))dh_set_params }, - { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))dh_settable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))dh_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))dh_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))dh_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))dh_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate }, @@ -878,7 +875,7 @@ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export }, { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, - (void (*)(void))dhx_query_operation_name }, + (void (*)(void))dhx_query_operation_name }, { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dh_dup }, { 0, NULL } }; --- crypto/openssl/providers/implementations/keymgmt/dsa_kmgmt.c.orig +++ crypto/openssl/providers/implementations/keymgmt/dsa_kmgmt.c @@ -46,7 +46,7 @@ static OSSL_FUNC_keymgmt_dup_fn dsa_dup; #define DSA_DEFAULT_MD "SHA256" -#define DSA_POSSIBLE_SELECTIONS \ +#define DSA_POSSIBLE_SELECTIONS \ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) struct dsa_gen_ctx { @@ -68,13 +68,12 @@ OSSL_CALLBACK *cb; void *cbarg; }; -typedef struct dh_name2id_st{ +typedef struct dh_name2id_st { const char *name; int id; } DSA_GENTYPE_NAME2ID; -static const DSA_GENTYPE_NAME2ID dsatype2id[]= -{ +static const DSA_GENTYPE_NAME2ID dsatype2id[] = { #ifdef FIPS_MODULE { "default", DSA_PARAMGEN_TYPE_FIPS_186_4 }, #else @@ -96,7 +95,7 @@ } static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], - int include_private) + int include_private) { const BIGNUM *priv = NULL, *pub = NULL; @@ -203,8 +202,7 @@ ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - int include_private = - selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_dsa_key_fromdata(dsa, params, include_private); } @@ -213,7 +211,7 @@ } static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, - void *cbarg) + void *cbarg) { DSA *dsa = keydata; OSSL_PARAM_BLD *tmpl; @@ -233,8 +231,7 @@ if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) ok = ok && ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), tmpl, NULL); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - int include_private = - selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && dsa_key_todata(dsa, tmpl, NULL, include_private); } @@ -253,18 +250,18 @@ /* IMEXPORT = IMPORT + EXPORT */ -# define DSA_IMEXPORTABLE_PARAMETERS \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0) -# define DSA_IMEXPORTABLE_PUBLIC_KEY \ +#define DSA_IMEXPORTABLE_PARAMETERS \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0) +#define DSA_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) -# define DSA_IMEXPORTABLE_PRIVATE_KEY \ +#define DSA_IMEXPORTABLE_PRIVATE_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) static const OSSL_PARAM dsa_all_types[] = { DSA_IMEXPORTABLE_PARAMETERS, @@ -282,10 +279,10 @@ OSSL_PARAM_END }; static const OSSL_PARAM *dsa_types[] = { - NULL, /* Index 0 = none of them */ - dsa_parameter_types, /* Index 1 = parameter types */ - dsa_key_types, /* Index 2 = key types */ - dsa_all_types /* Index 3 = 1 + 2 */ + NULL, /* Index 0 = none of them */ + dsa_parameter_types, /* Index 1 = parameter types */ + dsa_key_types, /* Index 2 = key types */ + dsa_all_types /* Index 3 = 1 + 2 */ }; static const OSSL_PARAM *dsa_imexport_types(int selection) @@ -327,7 +324,7 @@ && !OSSL_PARAM_set_utf8_string(p, DSA_DEFAULT_MD)) return 0; return ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), NULL, params) - && dsa_key_todata(dsa, NULL, params, 1); + && dsa_key_todata(dsa, NULL, params, 1); } static const OSSL_PARAM dsa_params[] = { @@ -403,7 +400,7 @@ } static void *dsa_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); struct dsa_gen_ctx *gctx = NULL; @@ -444,7 +441,7 @@ } static int dsa_set_gen_seed(struct dsa_gen_ctx *gctx, unsigned char *seed, - size_t seedlen) + size_t seedlen) { OPENSSL_clear_free(gctx->seed, gctx->seedlen); gctx->seed = NULL; @@ -468,7 +465,6 @@ if (params == NULL) return 1; - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING @@ -493,7 +489,7 @@ if (p != NULL && (p->data_type != OSSL_PARAM_OCTET_STRING || !dsa_set_gen_seed(gctx, p->data, p->data_size))) - return 0; + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL && !OSSL_PARAM_get_size_t(p, &gctx->pbits)) return 0; @@ -522,7 +518,7 @@ } static const OSSL_PARAM *dsa_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), @@ -565,8 +561,7 @@ return NULL; if (gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_DEFAULT) - gctx->gen_type = (gctx->pbits >= 2048 ? DSA_PARAMGEN_TYPE_FIPS_186_4 : - DSA_PARAMGEN_TYPE_FIPS_186_2); + gctx->gen_type = (gctx->pbits >= 2048 ? DSA_PARAMGEN_TYPE_FIPS_186_4 : DSA_PARAMGEN_TYPE_FIPS_186_2); gctx->cb = osslcb; gctx->cbarg = cbarg; @@ -596,13 +591,14 @@ } if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { - if (ossl_dsa_generate_ffc_parameters(dsa, gctx->gen_type, - gctx->pbits, gctx->qbits, - gencb) <= 0) - goto end; + if (ossl_dsa_generate_ffc_parameters(dsa, gctx->gen_type, + gctx->pbits, gctx->qbits, + gencb) + <= 0) + goto end; } ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, - gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_186_2); + gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_186_2); if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { if (ffc->p == NULL || ffc->q == NULL @@ -661,13 +657,13 @@ { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dsa_gen_set_template }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dsa_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, - (void (*)(void))dsa_gen_settable_params }, + (void (*)(void))dsa_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dsa_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dsa_gen_cleanup }, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dsa_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dsa_freedata }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dsa_gettable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))dsa_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))dsa_gettable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dsa_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dsa_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dsa_validate }, --- crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c.orig +++ crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c @@ -28,9 +28,9 @@ #include "internal/param_build_set.h" #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 -# include "crypto/sm2.h" -# endif +#ifndef OPENSSL_NO_SM2 +#include "crypto/sm2.h" +#endif #endif static OSSL_FUNC_keymgmt_new_fn ec_newdata; @@ -56,7 +56,7 @@ static OSSL_FUNC_keymgmt_query_operation_name_fn ec_query_operation_name; static OSSL_FUNC_keymgmt_dup_fn ec_dup; #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 static OSSL_FUNC_keymgmt_new_fn sm2_newdata; static OSSL_FUNC_keymgmt_gen_init_fn sm2_gen_init; static OSSL_FUNC_keymgmt_gen_fn sm2_gen; @@ -66,16 +66,15 @@ static OSSL_FUNC_keymgmt_import_fn sm2_import; static OSSL_FUNC_keymgmt_query_operation_name_fn sm2_query_operation_name; static OSSL_FUNC_keymgmt_validate_fn sm2_validate; -# endif +#endif #endif #define EC_DEFAULT_MD "SHA256" -#define EC_POSSIBLE_SELECTIONS \ +#define EC_POSSIBLE_SELECTIONS \ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) #define SM2_DEFAULT_MD "SM3" -static -const char *ec_query_operation_name(int operation_id) +static const char *ec_query_operation_name(int operation_id) { switch (operation_id) { case OSSL_OP_KEYEXCH: @@ -87,9 +86,8 @@ } #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 -static -const char *sm2_query_operation_name(int operation_id) +#ifndef OPENSSL_NO_SM2 +static const char *sm2_query_operation_name(int operation_id) { switch (operation_id) { case OSSL_OP_SIGNATURE: @@ -97,7 +95,7 @@ } return NULL; } -# endif +#endif #endif /* @@ -107,10 +105,9 @@ * This function only exports the bare keypair, domain parameters and other * parameters are exported separately. */ -static ossl_inline -int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[], int include_private, - unsigned char **pub_key) +static ossl_inline int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[], int include_private, + unsigned char **pub_key) { BIGNUM *x = NULL, *y = NULL; const BIGNUM *priv_key = NULL; @@ -137,7 +134,6 @@ if (bnctx == NULL) goto err; - /* If we are doing a get then check first before decoding the point */ if (tmpl == NULL) { p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY); @@ -150,11 +146,12 @@ point_conversion_form_t format = EC_KEY_get_conv_form(eckey); if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, - format, - pub_key, bnctx)) == 0 + format, + pub_key, bnctx)) + == 0 || !ossl_param_build_set_octet_string(tmpl, p, - OSSL_PKEY_PARAM_PUB_KEY, - *pub_key, pub_key_len)) + OSSL_PKEY_PARAM_PUB_KEY, + *pub_key, pub_key_len)) goto err; } if (px != NULL || py != NULL) { @@ -173,11 +170,11 @@ goto err; if (px != NULL && !ossl_param_build_set_bn(tmpl, px, - OSSL_PKEY_PARAM_EC_PUB_X, x)) + OSSL_PKEY_PARAM_EC_PUB_X, x)) goto err; if (py != NULL && !ossl_param_build_set_bn(tmpl, py, - OSSL_PKEY_PARAM_EC_PUB_Y, y)) + OSSL_PKEY_PARAM_EC_PUB_Y, y)) goto err; } } @@ -222,22 +219,21 @@ ecbits = EC_GROUP_order_bits(ecg); if (ecbits <= 0) goto err; - sz = (ecbits + 7 ) / 8; + sz = (ecbits + 7) / 8; if (!ossl_param_build_set_bn_pad(tmpl, params, - OSSL_PKEY_PARAM_PRIV_KEY, - priv_key, sz)) + OSSL_PKEY_PARAM_PRIV_KEY, + priv_key, sz)) goto err; } ret = 1; - err: +err: BN_CTX_free(bnctx); return ret; } -static ossl_inline -int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[]) +static ossl_inline int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[]) { int ecdh_cofactor_mode = 0, group_check = 0; const char *name = NULL; @@ -250,32 +246,30 @@ name = ossl_ec_pt_format_id2name((int)format); if (name != NULL && !ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - name)) + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + name)) return 0; group_check = EC_KEY_get_flags(ec) & EC_FLAG_CHECK_NAMED_GROUP_MASK; name = ossl_ec_check_group_type_id2name(group_check); if (name != NULL && !ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, - name)) + OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, + name)) return 0; if ((EC_KEY_get_enc_flags(ec) & EC_PKEY_NO_PUBKEY) != 0 - && !ossl_param_build_set_int(tmpl, params, - OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0)) + && !ossl_param_build_set_int(tmpl, params, + OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0)) return 0; - ecdh_cofactor_mode = - (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; + ecdh_cofactor_mode = (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; return ossl_param_build_set_int(tmpl, params, - OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, - ecdh_cofactor_mode); + OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, + ecdh_cofactor_mode); } -static -void *ec_newdata(void *provctx) +static void *ec_newdata(void *provctx) { if (!ossl_prov_is_running()) return NULL; @@ -283,25 +277,22 @@ } #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 -static -void *sm2_newdata(void *provctx) +#ifndef OPENSSL_NO_SM2 +static void *sm2_newdata(void *provctx) { if (!ossl_prov_is_running()) return NULL; return EC_KEY_new_by_curve_name_ex(PROV_LIBCTX_OF(provctx), NULL, NID_sm2); } -# endif +#endif #endif -static -void ec_freedata(void *keydata) +static void ec_freedata(void *keydata) { EC_KEY_free(keydata); } -static -int ec_has(const void *keydata, int selection) +static int ec_has(const void *keydata, int selection) { const EC_KEY *ec = keydata; int ok = 1; @@ -386,9 +377,8 @@ return 1; } -static -int common_import(void *keydata, int selection, const OSSL_PARAM params[], - int sm2_wanted) +static int common_import(void *keydata, int selection, const OSSL_PARAM params[], + int sm2_wanted) { EC_KEY *ec = keydata; int ok = 1; @@ -418,8 +408,7 @@ return 0; if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - int include_private = - selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_ec_key_fromdata(ec, params, include_private); } @@ -429,25 +418,22 @@ return ok; } -static -int ec_import(void *keydata, int selection, const OSSL_PARAM params[]) +static int ec_import(void *keydata, int selection, const OSSL_PARAM params[]) { return common_import(keydata, selection, params, 0); } #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 -static -int sm2_import(void *keydata, int selection, const OSSL_PARAM params[]) +#ifndef OPENSSL_NO_SM2 +static int sm2_import(void *keydata, int selection, const OSSL_PARAM params[]) { return common_import(keydata, selection, params, 1); } -# endif +#endif #endif -static -int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, - void *cbarg) +static int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, + void *cbarg) { EC_KEY *ec = keydata; OSSL_PARAM_BLD *tmpl = NULL; @@ -475,7 +461,7 @@ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0) return 0; if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) + && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) return 0; tmpl = OSSL_PARAM_BLD_new(); @@ -489,15 +475,11 @@ goto end; } BN_CTX_start(bnctx); - ok = ok && ossl_ec_group_todata(EC_KEY_get0_group(ec), tmpl, NULL, - ossl_ec_key_get_libctx(ec), - ossl_ec_key_get0_propq(ec), - bnctx, &genbuf); + ok = ok && ossl_ec_group_todata(EC_KEY_get0_group(ec), tmpl, NULL, ossl_ec_key_get_libctx(ec), ossl_ec_key_get0_propq(ec), bnctx, &genbuf); } if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - int include_private = - selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && key_to_params(ec, tmpl, NULL, include_private, &pub_key); } @@ -522,27 +504,27 @@ /* IMEXPORT = IMPORT + EXPORT */ -# define EC_IMEXPORTABLE_DOM_PARAMETERS \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),\ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_B, NULL, 0), \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0), \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL) - -# define EC_IMEXPORTABLE_PUBLIC_KEY \ +#define EC_IMEXPORTABLE_DOM_PARAMETERS \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_B, NULL, 0), \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0), \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL) + +#define EC_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) -# define EC_IMEXPORTABLE_PRIVATE_KEY \ +#define EC_IMEXPORTABLE_PRIVATE_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) -# define EC_IMEXPORTABLE_OTHER_PARAMETERS \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) +#define EC_IMEXPORTABLE_OTHER_PARAMETERS \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) /* * Include all the possible combinations of OSSL_PARAM arrays for @@ -553,8 +535,7 @@ */ #include "ec_kmgmt_imexport.inc" -static ossl_inline -const OSSL_PARAM *ec_imexport_types(int selection) +static ossl_inline const OSSL_PARAM *ec_imexport_types(int selection) { int type_select = 0; @@ -569,14 +550,12 @@ return ec_types[type_select]; } -static -const OSSL_PARAM *ec_import_types(int selection) +static const OSSL_PARAM *ec_import_types(int selection) { return ec_imexport_types(selection); } -static -const OSSL_PARAM *ec_export_types(int selection) +static const OSSL_PARAM *ec_export_types(int selection) { return ec_imexport_types(selection); } @@ -606,24 +585,24 @@ m = EC_GROUP_get_degree(group); if (!ossl_param_build_set_int(NULL, params, OSSL_PKEY_PARAM_EC_CHAR2_M, m) || !ossl_param_build_set_utf8_string(NULL, params, - OSSL_PKEY_PARAM_EC_CHAR2_TYPE, - basis_name)) + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, + basis_name)) goto err; if (basis_nid == NID_X9_62_tpBasis) { if (!EC_GROUP_get_trinomial_basis(group, &k1) || !ossl_param_build_set_int(NULL, params, - OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, - (int)k1)) + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, + (int)k1)) goto err; } else { if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3) || !ossl_param_build_set_int(NULL, params, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, (int)k1) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, (int)k1) || !ossl_param_build_set_int(NULL, params, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, (int)k2) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, (int)k2) || !ossl_param_build_set_int(NULL, params, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, (int)k3)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, (int)k3)) goto err; } ret = 1; @@ -632,8 +611,7 @@ #endif /* OPENSSL_NO_EC2M */ } -static -int common_get_params(void *key, OSSL_PARAM params[], int sm2) +static int common_get_params(void *key, OSSL_PARAM params[], int sm2) { int ret = 0; EC_KEY *eck = key; @@ -703,22 +681,22 @@ } if ((p = OSSL_PARAM_locate(params, - OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS)) - != NULL) { + OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS)) + != NULL) { int explicitparams = EC_KEY_decoded_from_explicit_params(eck); if (explicitparams < 0 - || !OSSL_PARAM_set_int(p, explicitparams)) + || !OSSL_PARAM_set_int(p, explicitparams)) goto err; } if (!sm2) { if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL - && !OSSL_PARAM_set_utf8_string(p, EC_DEFAULT_MD)) + && !OSSL_PARAM_set_utf8_string(p, EC_DEFAULT_MD)) goto err; } else { if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL - && !OSSL_PARAM_set_utf8_string(p, SM2_DEFAULT_MD)) + && !OSSL_PARAM_set_utf8_string(p, SM2_DEFAULT_MD)) goto err; } @@ -728,15 +706,15 @@ if (p != NULL) { int ecdh_cofactor_mode = 0; - ecdh_cofactor_mode = - (EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; + ecdh_cofactor_mode = (EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode)) goto err; } } if ((p = OSSL_PARAM_locate(params, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) + != NULL) { const EC_POINT *ecp = EC_KEY_get0_public_key(key); if (ecp == NULL) { @@ -744,17 +722,17 @@ goto err; } p->return_size = EC_POINT_point2oct(ecg, ecp, - POINT_CONVERSION_UNCOMPRESSED, - p->data, p->data_size, bnctx); + POINT_CONVERSION_UNCOMPRESSED, + p->data, p->data_size, bnctx); if (p->return_size == 0) goto err; } ret = ec_get_ecm_params(ecg, params) - && ossl_ec_group_todata(ecg, NULL, params, libctx, propq, bnctx, - &genbuf) - && key_to_params(eck, NULL, params, 1, &pub_key) - && otherparams_to_params(eck, NULL, params); + && ossl_ec_group_todata(ecg, NULL, params, libctx, propq, bnctx, + &genbuf) + && key_to_params(eck, NULL, params, 1, &pub_key) + && otherparams_to_params(eck, NULL, params); err: OPENSSL_free(genbuf); OPENSSL_free(pub_key); @@ -763,22 +741,21 @@ return ret; } -static -int ec_get_params(void *key, OSSL_PARAM params[]) +static int ec_get_params(void *key, OSSL_PARAM params[]) { return common_get_params(key, params, 0); } #ifndef OPENSSL_NO_EC2M -# define EC2M_GETTABLE_DOM_PARAMS \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_M, NULL), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_CHAR2_TYPE, NULL, 0), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, NULL), \ +#define EC2M_GETTABLE_DOM_PARAMS \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_M, NULL), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_CHAR2_TYPE, NULL, 0), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, NULL), #else -# define EC2M_GETTABLE_DOM_PARAMS +#define EC2M_GETTABLE_DOM_PARAMS #endif static const OSSL_PARAM ec_known_gettable_params[] = { @@ -790,7 +767,7 @@ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL), EC_IMEXPORTABLE_DOM_PARAMETERS, EC2M_GETTABLE_DOM_PARAMS - EC_IMEXPORTABLE_PUBLIC_KEY, + EC_IMEXPORTABLE_PUBLIC_KEY, OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_PUB_Y, NULL, 0), EC_IMEXPORTABLE_PRIVATE_KEY, @@ -798,8 +775,7 @@ OSSL_PARAM_END }; -static -const OSSL_PARAM *ec_gettable_params(void *provctx) +static const OSSL_PARAM *ec_gettable_params(void *provctx) { return ec_known_gettable_params; } @@ -815,14 +791,12 @@ OSSL_PARAM_END }; -static -const OSSL_PARAM *ec_settable_params(void *provctx) +static const OSSL_PARAM *ec_settable_params(void *provctx) { return ec_known_settable_params; } -static -int ec_set_params(void *key, const OSSL_PARAM params[]) +static int ec_set_params(void *key, const OSSL_PARAM params[]) { EC_KEY *eck = key; const OSSL_PARAM *p; @@ -832,7 +806,6 @@ if (params == NULL) return 1; - if (!ossl_ec_group_set_params((EC_GROUP *)EC_KEY_get0_group(key), params)) return 0; @@ -842,8 +815,8 @@ int ret = 1; if (ctx == NULL - || p->data_type != OSSL_PARAM_OCTET_STRING - || !EC_KEY_oct2key(key, p->data, p->data_size, ctx)) + || p->data_type != OSSL_PARAM_OCTET_STRING + || !EC_KEY_oct2key(key, p->data, p->data_size, ctx)) ret = 0; BN_CTX_free(ctx); if (!ret) @@ -854,9 +827,8 @@ } #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 -static -int sm2_get_params(void *key, OSSL_PARAM params[]) +#ifndef OPENSSL_NO_SM2 +static int sm2_get_params(void *key, OSSL_PARAM params[]) { return common_get_params(key, params, 1); } @@ -876,8 +848,7 @@ OSSL_PARAM_END }; -static -const OSSL_PARAM *sm2_gettable_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2_gettable_params(ossl_unused void *provctx) { return sm2_known_gettable_params; } @@ -887,14 +858,12 @@ OSSL_PARAM_END }; -static -const OSSL_PARAM *sm2_settable_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2_settable_params(ossl_unused void *provctx) { return sm2_known_settable_params; } -static -int sm2_validate(const void *keydata, int selection, int checktype) +static int sm2_validate(const void *keydata, int selection, int checktype) { const EC_KEY *eck = keydata; int ok = 1; @@ -907,7 +876,7 @@ return 1; /* nothing to validate */ ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eck)); - if (ctx == NULL) + if (ctx == NULL) return 0; if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) @@ -929,11 +898,10 @@ BN_CTX_free(ctx); return ok; } -# endif +#endif #endif -static -int ec_validate(const void *keydata, int selection, int checktype) +static int ec_validate(const void *keydata, int selection, int checktype) { const EC_KEY *eck = keydata; int ok = 1; @@ -946,15 +914,14 @@ return 1; /* nothing to validate */ ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eck)); - if (ctx == NULL) + if (ctx == NULL) return 0; if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { int flags = EC_KEY_get_flags(eck); if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0) - ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), - (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx) > 0; + ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx) > 0; else ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); } @@ -992,7 +959,7 @@ }; static void *ec_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); struct ec_gen_ctx *gctx = NULL; @@ -1013,9 +980,9 @@ } #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 static void *sm2_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { struct ec_gen_ctx *gctx = ec_gen_init(provctx, selection, params); @@ -1029,7 +996,7 @@ } return NULL; } -# endif +#endif #endif static int ec_gen_set_group(void *genctx, const EC_GROUP *src) @@ -1060,42 +1027,42 @@ return ec_gen_set_group(gctx, ec_group); } -#define COPY_INT_PARAM(params, key, val) \ -p = OSSL_PARAM_locate_const(params, key); \ -if (p != NULL && !OSSL_PARAM_get_int(p, &val)) \ - goto err; - -#define COPY_UTF8_PARAM(params, key, val) \ -p = OSSL_PARAM_locate_const(params, key); \ -if (p != NULL) { \ - if (p->data_type != OSSL_PARAM_UTF8_STRING) \ - goto err; \ - OPENSSL_free(val); \ - val = OPENSSL_strdup(p->data); \ - if (val == NULL) \ - goto err; \ -} +#define COPY_INT_PARAM(params, key, val) \ + p = OSSL_PARAM_locate_const(params, key); \ + if (p != NULL && !OSSL_PARAM_get_int(p, &val)) \ + goto err; -#define COPY_OCTET_PARAM(params, key, val, len) \ -p = OSSL_PARAM_locate_const(params, key); \ -if (p != NULL) { \ - if (p->data_type != OSSL_PARAM_OCTET_STRING) \ - goto err; \ - OPENSSL_free(val); \ - len = p->data_size; \ - val = OPENSSL_memdup(p->data, p->data_size); \ - if (val == NULL) \ - goto err; \ -} +#define COPY_UTF8_PARAM(params, key, val) \ + p = OSSL_PARAM_locate_const(params, key); \ + if (p != NULL) { \ + if (p->data_type != OSSL_PARAM_UTF8_STRING) \ + goto err; \ + OPENSSL_free(val); \ + val = OPENSSL_strdup(p->data); \ + if (val == NULL) \ + goto err; \ + } -#define COPY_BN_PARAM(params, key, bn) \ -p = OSSL_PARAM_locate_const(params, key); \ -if (p != NULL) { \ - if (bn == NULL) \ - bn = BN_new(); \ - if (bn == NULL || !OSSL_PARAM_get_BN(p, &bn)) \ - goto err; \ -} +#define COPY_OCTET_PARAM(params, key, val, len) \ + p = OSSL_PARAM_locate_const(params, key); \ + if (p != NULL) { \ + if (p->data_type != OSSL_PARAM_OCTET_STRING) \ + goto err; \ + OPENSSL_free(val); \ + len = p->data_size; \ + val = OPENSSL_memdup(p->data, p->data_size); \ + if (val == NULL) \ + goto err; \ + } + +#define COPY_BN_PARAM(params, key, bn) \ + p = OSSL_PARAM_locate_const(params, key); \ + if (p != NULL) { \ + if (bn == NULL) \ + bn = BN_new(); \ + if (bn == NULL || !OSSL_PARAM_get_BN(p, &bn)) \ + goto err; \ + } static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) { @@ -1120,7 +1087,7 @@ COPY_OCTET_PARAM(params, OSSL_PKEY_PARAM_EC_SEED, gctx->seed, gctx->seed_len); COPY_OCTET_PARAM(params, OSSL_PKEY_PARAM_EC_GENERATOR, gctx->gen, - gctx->gen_len); + gctx->gen_len); ret = 1; err: @@ -1141,24 +1108,24 @@ if (gctx->encoding != NULL && !OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_EC_ENCODING, - gctx->encoding, 0)) + gctx->encoding, 0)) goto err; if (gctx->pt_format != NULL && !OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - gctx->pt_format, 0)) + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + gctx->pt_format, 0)) goto err; if (gctx->group_name != NULL) { if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, - gctx->group_name, 0)) + gctx->group_name, 0)) goto err; /* Ignore any other parameters if there is a group name */ goto build; } else if (gctx->field_type != NULL) { if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_EC_FIELD_TYPE, - gctx->field_type, 0)) + gctx->field_type, 0)) goto err; } else { goto err; @@ -1175,17 +1142,17 @@ if (gctx->cofactor != NULL && !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, - gctx->cofactor)) + gctx->cofactor)) goto err; if (gctx->seed != NULL && !OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_EC_SEED, - gctx->seed, gctx->seed_len)) + gctx->seed, gctx->seed_len)) goto err; if (gctx->gen == NULL || !OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_EC_GENERATOR, - gctx->gen, gctx->gen_len)) + gctx->gen, gctx->gen_len)) goto err; build: params = OSSL_PARAM_BLD_to_param(bld); @@ -1206,7 +1173,7 @@ } static const OSSL_PARAM *ec_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), @@ -1291,7 +1258,7 @@ } #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 /* * The callback arguments (osslcb & cbarg) are not used by EC_KEY generation */ @@ -1339,7 +1306,7 @@ EC_KEY_free(ec); return NULL; } -# endif +#endif #endif static void ec_gen_cleanup(void *genctx) @@ -1365,7 +1332,7 @@ } static void *common_load(const void *reference, size_t reference_sz, - int sm2_wanted) + int sm2_wanted) { EC_KEY *ec = NULL; @@ -1389,12 +1356,12 @@ } #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 static void *sm2_load(const void *reference, size_t reference_sz) { return common_load(reference, reference_sz, 1); } -# endif +#endif #endif static void *ec_dup(const void *keydata_from, int selection) @@ -1408,18 +1375,18 @@ { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))ec_gen_init }, { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, - (void (*)(void))ec_gen_set_template }, + (void (*)(void))ec_gen_set_template }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ec_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, - (void (*)(void))ec_gen_settable_params }, + (void (*)(void))ec_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ec_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup }, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))ec_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))ec_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ec_gettable_params }, - { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params }, - { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))ec_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))ec_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))ec_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))ec_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))ec_validate }, @@ -1428,29 +1395,29 @@ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export }, { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, - (void (*)(void))ec_query_operation_name }, + (void (*)(void))ec_query_operation_name }, { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))ec_dup }, { 0, NULL } }; #ifndef FIPS_MODULE -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 const OSSL_DISPATCH ossl_sm2_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))sm2_newdata }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))sm2_gen_init }, { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, - (void (*)(void))ec_gen_set_template }, + (void (*)(void))ec_gen_set_template }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ec_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, - (void (*)(void))ec_gen_settable_params }, + (void (*)(void))ec_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))sm2_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup }, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))sm2_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))sm2_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))sm2_gettable_params }, - { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params }, - { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))sm2_settable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))sm2_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))sm2_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))ec_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))sm2_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))sm2_validate }, @@ -1459,9 +1426,9 @@ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export }, { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, - (void (*)(void))sm2_query_operation_name }, + (void (*)(void))sm2_query_operation_name }, { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))ec_dup }, { 0, NULL } }; -# endif +#endif #endif --- crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c.orig +++ crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,8 +23,8 @@ #include "prov/providercommon.h" #include "prov/provider_ctx.h" #ifdef S390X_EC_ASM -# include "s390x_arch.h" -# include /* For SHA512_DIGEST_LENGTH */ +#include "s390x_arch.h" +#include /* For SHA512_DIGEST_LENGTH */ #endif static OSSL_FUNC_keymgmt_new_fn x25519_new_key; @@ -92,7 +92,7 @@ if (!ossl_prov_is_running()) return 0; return ossl_ecx_key_new(PROV_LIBCTX_OF(provctx), ECX_KEY_TYPE_X25519, 0, - NULL); + NULL); } static void *x448_new_key(void *provctx) @@ -100,7 +100,7 @@ if (!ossl_prov_is_running()) return 0; return ossl_ecx_key_new(PROV_LIBCTX_OF(provctx), ECX_KEY_TYPE_X448, 0, - NULL); + NULL); } static void *ed25519_new_key(void *provctx) @@ -108,7 +108,7 @@ if (!ossl_prov_is_running()) return 0; return ossl_ecx_key_new(PROV_LIBCTX_OF(provctx), ECX_KEY_TYPE_ED25519, 0, - NULL); + NULL); } static void *ed448_new_key(void *provctx) @@ -116,7 +116,7 @@ if (!ossl_prov_is_running()) return 0; return ossl_ecx_key_new(PROV_LIBCTX_OF(provctx), ECX_KEY_TYPE_ED448, 0, - NULL); + NULL); } static int ecx_has(const void *keydata, int selection) @@ -207,28 +207,28 @@ } static int key_to_params(ECX_KEY *key, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[], int include_private) + OSSL_PARAM params[], int include_private) { if (key == NULL) return 0; if (!ossl_param_build_set_octet_string(tmpl, params, - OSSL_PKEY_PARAM_PUB_KEY, - key->pubkey, key->keylen)) + OSSL_PKEY_PARAM_PUB_KEY, + key->pubkey, key->keylen)) return 0; if (include_private && key->privkey != NULL && !ossl_param_build_set_octet_string(tmpl, params, - OSSL_PKEY_PARAM_PRIV_KEY, - key->privkey, key->keylen)) + OSSL_PKEY_PARAM_PRIV_KEY, + key->privkey, key->keylen)) return 0; return 1; } static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, - void *cbarg) + void *cbarg) { ECX_KEY *key = keydata; OSSL_PARAM_BLD *tmpl; @@ -263,9 +263,9 @@ return ret; } -#define ECX_KEY_TYPES() \ -OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), \ -OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) +#define ECX_KEY_TYPES() \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) static const OSSL_PARAM ecx_key_types[] = { ECX_KEY_TYPES(), @@ -279,7 +279,7 @@ } static int ecx_get_params(void *key, OSSL_PARAM params[], int bits, int secbits, - int size) + int size) { ECX_KEY *ecx = key; OSSL_PARAM *p; @@ -294,8 +294,8 @@ && !OSSL_PARAM_set_int(p, size)) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL - && (ecx->type == ECX_KEY_TYPE_X25519 - || ecx->type == ECX_KEY_TYPE_X448)) { + && (ecx->type == ECX_KEY_TYPE_X25519 + || ecx->type == ECX_KEY_TYPE_X448)) { if (!OSSL_PARAM_set_octet_string(p, ecx->pubkey, ecx->keylen)) return 0; } @@ -308,7 +308,8 @@ OSSL_PARAM *p; if ((p = OSSL_PARAM_locate(params, - OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL + OSSL_PKEY_PARAM_MANDATORY_DIGEST)) + != NULL && !OSSL_PARAM_set_utf8_string(p, "")) return 0; return 1; @@ -317,26 +318,26 @@ static int x25519_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, X25519_BITS, X25519_SECURITY_BITS, - X25519_KEYLEN); + X25519_KEYLEN); } static int x448_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, X448_BITS, X448_SECURITY_BITS, - X448_KEYLEN); + X448_KEYLEN); } static int ed25519_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, ED25519_BITS, ED25519_SECURITY_BITS, - ED25519_SIGSIZE) + ED25519_SIGSIZE) && ed_get_params(key, params); } static int ed448_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, ED448_BITS, ED448_SECURITY_BITS, - ED448_SIGSIZE) + ED448_SIGSIZE) && ed_get_params(key, params); } @@ -344,7 +345,6 @@ OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), ECX_KEY_TYPES(), OSSL_PARAM_END @@ -354,6 +354,7 @@ OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0), ECX_KEY_TYPES(), OSSL_PARAM_END }; @@ -405,8 +406,8 @@ void *buf = ecxkey->pubkey; if (p->data_size != ecxkey->keylen - || !OSSL_PARAM_get_octet_string(p, &buf, sizeof(ecxkey->pubkey), - NULL)) + || !OSSL_PARAM_get_octet_string(p, &buf, sizeof(ecxkey->pubkey), + NULL)) return 0; OPENSSL_clear_free(ecxkey->privkey, ecxkey->keylen); ecxkey->privkey = NULL; @@ -473,7 +474,7 @@ } static void *ecx_gen_init(void *provctx, int selection, - const OSSL_PARAM params[], ECX_KEY_TYPE type) + const OSSL_PARAM params[], ECX_KEY_TYPE type) { OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); struct ecx_gen_ctx *gctx = NULL; @@ -485,6 +486,8 @@ gctx->libctx = libctx; gctx->type = type; gctx->selection = selection; + } else { + return NULL; } if (!ecx_gen_set_params(gctx, params)) { ecx_gen_cleanup(gctx); @@ -494,25 +497,25 @@ } static void *x25519_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return ecx_gen_init(provctx, selection, params, ECX_KEY_TYPE_X25519); } static void *x448_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return ecx_gen_init(provctx, selection, params, ECX_KEY_TYPE_X448); } static void *ed25519_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return ecx_gen_init(provctx, selection, params, ECX_KEY_TYPE_ED25519); } static void *ed448_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return ecx_gen_init(provctx, selection, params, ECX_KEY_TYPE_ED448); } @@ -535,19 +538,19 @@ * expected. */ switch (gctx->type) { - case ECX_KEY_TYPE_X25519: - groupname = "x25519"; - break; - case ECX_KEY_TYPE_X448: - groupname = "x448"; - break; - default: - /* We only support this for key exchange at the moment */ - break; + case ECX_KEY_TYPE_X25519: + groupname = "x25519"; + break; + case ECX_KEY_TYPE_X448: + groupname = "x448"; + break; + default: + /* We only support this for key exchange at the moment */ + break; } if (p->data_type != OSSL_PARAM_UTF8_STRING - || groupname == NULL - || OPENSSL_strcasecmp(p->data, groupname) != 0) { + || groupname == NULL + || OPENSSL_strcasecmp(p->data, groupname) != 0) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -566,7 +569,7 @@ } static const OSSL_PARAM *ecx_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), @@ -584,7 +587,8 @@ if (gctx == NULL) return NULL; if ((key = ossl_ecx_key_new(gctx->libctx, gctx->type, 0, - gctx->propq)) == NULL) { + gctx->propq)) + == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; } @@ -613,12 +617,12 @@ break; case ECX_KEY_TYPE_ED25519: if (!ossl_ed25519_public_from_private(gctx->libctx, key->pubkey, privkey, - gctx->propq)) + gctx->propq)) goto err; break; case ECX_KEY_TYPE_ED448: if (!ossl_ed448_public_from_private(gctx->libctx, key->pubkey, privkey, - gctx->propq)) + gctx->propq)) goto err; break; } @@ -694,6 +698,9 @@ { struct ecx_gen_ctx *gctx = genctx; + if (gctx == NULL) + return; + OPENSSL_free(gctx->propq); OPENSSL_free(gctx); } @@ -732,12 +739,12 @@ break; case ECX_KEY_TYPE_ED25519: if (!ossl_ed25519_public_from_private(ecx->libctx, pub, ecx->privkey, - ecx->propq)) + ecx->propq)) return 0; break; case ECX_KEY_TYPE_ED448: if (!ossl_ed448_public_from_private(ecx->libctx, pub, ecx->privkey, - ecx->propq)) + ecx->propq)) return 0; break; default: @@ -794,30 +801,30 @@ return ecx_validate(keydata, selection, ECX_KEY_TYPE_ED448, ED448_KEYLEN); } -#define MAKE_KEYMGMT_FUNCTIONS(alg) \ - const OSSL_DISPATCH ossl_##alg##_keymgmt_functions[] = { \ - { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))alg##_new_key }, \ - { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ossl_ecx_key_free }, \ - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))alg##_get_params }, \ - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))alg##_gettable_params }, \ - { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))alg##_set_params }, \ - { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))alg##_settable_params }, \ - { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \ - { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ecx_match }, \ - { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))alg##_validate }, \ - { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \ - { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types }, \ - { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export }, \ - { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types }, \ - { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))alg##_gen_init }, \ - { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ecx_gen_set_params }, \ - { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, \ - (void (*)(void))ecx_gen_settable_params }, \ - { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))alg##_gen }, \ - { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ecx_gen_cleanup }, \ - { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))ecx_load }, \ - { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))ecx_dup }, \ - { 0, NULL } \ +#define MAKE_KEYMGMT_FUNCTIONS(alg) \ + const OSSL_DISPATCH ossl_##alg##_keymgmt_functions[] = { \ + { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))alg##_new_key }, \ + { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ossl_ecx_key_free }, \ + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))alg##_get_params }, \ + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))alg##_gettable_params }, \ + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))alg##_set_params }, \ + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))alg##_settable_params }, \ + { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \ + { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ecx_match }, \ + { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))alg##_validate }, \ + { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \ + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types }, \ + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export }, \ + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types }, \ + { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))alg##_gen_init }, \ + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ecx_gen_set_params }, \ + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, \ + (void (*)(void))ecx_gen_settable_params }, \ + { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))alg##_gen }, \ + { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ecx_gen_cleanup }, \ + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))ecx_load }, \ + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))ecx_dup }, \ + { 0, NULL } \ }; MAKE_KEYMGMT_FUNCTIONS(x25519) @@ -826,7 +833,7 @@ MAKE_KEYMGMT_FUNCTIONS(ed448) #ifdef S390X_EC_ASM -# include "s390x_arch.h" +#include "s390x_arch.h" static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx) { @@ -836,7 +843,7 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; ECX_KEY *key = ossl_ecx_key_new(gctx->libctx, ECX_KEY_TYPE_X25519, 1, - gctx->propq); + gctx->propq); unsigned char *privkey = NULL, *pubkey; if (key == NULL) { @@ -867,7 +874,7 @@ goto err; key->haspubkey = 1; return key; - err: +err: ossl_ecx_key_free(key); return NULL; } @@ -882,7 +889,7 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; ECX_KEY *key = ossl_ecx_key_new(gctx->libctx, ECX_KEY_TYPE_X448, 1, - gctx->propq); + gctx->propq); unsigned char *privkey = NULL, *pubkey; if (key == NULL) { @@ -912,7 +919,7 @@ goto err; key->haspubkey = 1; return key; - err: +err: ossl_ecx_key_free(key); return NULL; } @@ -925,13 +932,42 @@ 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21 }; static const unsigned char generator_y[] = { - 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x58, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, + 0x66, }; unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; ECX_KEY *key = ossl_ecx_key_new(gctx->libctx, ECX_KEY_TYPE_ED25519, 1, - gctx->propq); + gctx->propq); unsigned char *privkey = NULL, *pubkey; unsigned int sz; EVP_MD *sha = NULL; @@ -970,13 +1006,14 @@ buff[31] |= 64; if (s390x_ed25519_mul(x_dst, pubkey, - generator_x, generator_y, buff) != 1) + generator_x, generator_y, buff) + != 1) goto err; pubkey[31] |= ((x_dst[0] & 0x01) << 7); key->haspubkey = 1; return key; - err: +err: ossl_ecx_key_free(key); return NULL; } @@ -999,7 +1036,7 @@ }; unsigned char x_dst[57], buff[114]; ECX_KEY *key = ossl_ecx_key_new(gctx->libctx, ECX_KEY_TYPE_ED448, 1, - gctx->propq); + gctx->propq); unsigned char *privkey = NULL, *pubkey; EVP_MD_CTX *hashctx = NULL; EVP_MD *shake = NULL; @@ -1042,7 +1079,8 @@ buff[56] = 0; if (s390x_ed448_mul(x_dst, pubkey, - generator_x, generator_y, buff) != 1) + generator_x, generator_y, buff) + != 1) goto err; pubkey[56] |= ((x_dst[0] & 0x01) << 7); @@ -1050,7 +1088,7 @@ EVP_MD_free(shake); key->haspubkey = 1; return key; - err: +err: ossl_ecx_key_free(key); EVP_MD_CTX_free(hashctx); EVP_MD_free(shake); --- crypto/openssl/providers/implementations/keymgmt/kdf_legacy_kmgmt.c.orig +++ crypto/openssl/providers/implementations/keymgmt/kdf_legacy_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,7 +69,7 @@ /* This is effectively doing a new operation on the KDF_DATA and should be * adequately guarded again modules' error states. However, both current - * calls here are guarded propery in exchange/kdf_exch.c. Thus, it + * calls here are guarded properly in exchange/kdf_exch.c. Thus, it * could be removed here. The concern is that something in the future * might call this function without adequate guards. It's a cheap call, * it seems best to leave it even though it is currently redundant. --- crypto/openssl/providers/implementations/keymgmt/mac_legacy_kmgmt.c.orig +++ crypto/openssl/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include "internal/param_build_set.h" #include "prov/implementations.h" @@ -108,7 +108,7 @@ /* This is effectively doing a new operation on the MAC_KEY and should be * adequately guarded again modules' error states. However, both current - * calls here are guarded propery in signature/mac_legacy.c. Thus, it + * calls here are guarded properly in signature/mac_legacy.c. Thus, it * could be removed here. The concern is that something in the future * might call this function without adequate guards. It's a cheap call, * it seems best to leave it even though it is currently redundant. @@ -165,18 +165,16 @@ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if ((key1->priv_key == NULL && key2->priv_key != NULL) - || (key1->priv_key != NULL && key2->priv_key == NULL) - || key1->priv_key_len != key2->priv_key_len - || (key1->cipher.cipher == NULL && key2->cipher.cipher != NULL) - || (key1->cipher.cipher != NULL && key2->cipher.cipher == NULL)) + || (key1->priv_key != NULL && key2->priv_key == NULL) + || key1->priv_key_len != key2->priv_key_len + || (key1->cipher.cipher == NULL && key2->cipher.cipher != NULL) + || (key1->cipher.cipher != NULL && key2->cipher.cipher == NULL)) ok = 0; else ok = ok && (key1->priv_key == NULL /* implies key2->privkey == NULL */ - || CRYPTO_memcmp(key1->priv_key, key2->priv_key, - key1->priv_key_len) == 0); + || CRYPTO_memcmp(key1->priv_key, key2->priv_key, key1->priv_key_len) == 0); if (key1->cipher.cipher != NULL) - ok = ok && EVP_CIPHER_is_a(key1->cipher.cipher, - EVP_CIPHER_get0_name(key2->cipher.cipher)); + ok = ok && EVP_CIPHER_is_a(key1->cipher.cipher, EVP_CIPHER_get0_name(key2->cipher.cipher)); } return ok; } @@ -216,8 +214,7 @@ } } - if (key->cmac && !ossl_prov_cipher_load_from_params(&key->cipher, params, - key->libctx)) { + if (key->cmac && !ossl_prov_cipher_load_from_params(&key->cipher, params, key->libctx)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -242,28 +239,28 @@ } static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[]) + OSSL_PARAM params[]) { if (key == NULL) return 0; if (key->priv_key != NULL && !ossl_param_build_set_octet_string(tmpl, params, - OSSL_PKEY_PARAM_PRIV_KEY, - key->priv_key, key->priv_key_len)) + OSSL_PKEY_PARAM_PRIV_KEY, + key->priv_key, key->priv_key_len)) return 0; if (key->cipher.cipher != NULL && !ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_CIPHER, - EVP_CIPHER_get0_name(key->cipher.cipher))) + OSSL_PKEY_PARAM_CIPHER, + EVP_CIPHER_get0_name(key->cipher.cipher))) return 0; #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if (key->cipher.engine != NULL && !ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_ENGINE, - ENGINE_get_id(key->cipher.engine))) + OSSL_PKEY_PARAM_ENGINE, + ENGINE_get_id(key->cipher.engine))) return 0; #endif @@ -271,7 +268,7 @@ } static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, - void *cbarg) + void *cbarg) { MAC_KEY *key = keydata; OSSL_PARAM_BLD *tmpl; @@ -289,7 +286,7 @@ return 0; if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && !key_to_params(key, tmpl, NULL)) + && !key_to_params(key, tmpl, NULL)) goto err; params = OSSL_PARAM_BLD_to_param(tmpl); @@ -394,7 +391,7 @@ } static void *mac_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); @@ -406,7 +403,7 @@ } static void *cmac_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); @@ -451,7 +448,7 @@ return 0; if (!ossl_prov_cipher_load_from_params(&gctx->cipher, params, - gctx->libctx)) { + gctx->libctx)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -460,7 +457,7 @@ } static const OSSL_PARAM *mac_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), @@ -470,7 +467,7 @@ } static const OSSL_PARAM *cmac_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), @@ -527,6 +524,9 @@ { struct mac_gen_ctx *gctx = genctx; + if (gctx == NULL) + return; + OPENSSL_secure_clear_free(gctx->priv_key, gctx->priv_key_len); ossl_prov_cipher_reset(&gctx->cipher); OPENSSL_free(gctx); @@ -535,10 +535,10 @@ const OSSL_DISPATCH ossl_mac_legacy_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))mac_new }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))mac_free }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))mac_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))mac_gettable_params }, - { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))mac_set_params }, - { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))mac_settable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))mac_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))mac_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))mac_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))mac_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))mac_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))mac_match }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))mac_import }, @@ -557,10 +557,10 @@ const OSSL_DISPATCH ossl_cmac_legacy_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))mac_new_cmac }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))mac_free }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))mac_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))cmac_gettable_params }, - { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))mac_set_params }, - { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))mac_settable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))mac_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))cmac_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))mac_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))mac_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))mac_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))mac_match }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))mac_import }, @@ -575,4 +575,3 @@ { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup }, { 0, NULL } }; - --- crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c.orig +++ crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c @@ -53,18 +53,18 @@ #define RSA_DEFAULT_MD "SHA256" #define RSA_PSS_DEFAULT_MD OSSL_DIGEST_NAME_SHA1 -#define RSA_POSSIBLE_SELECTIONS \ +#define RSA_POSSIBLE_SELECTIONS \ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) DEFINE_STACK_OF(BIGNUM) DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, int *defaults_set, - const OSSL_PARAM params[], int rsa_type, - OSSL_LIB_CTX *libctx) + const OSSL_PARAM params[], int rsa_type, + OSSL_LIB_CTX *libctx) { if (!ossl_rsa_pss_params_30_fromdata(pss_params, defaults_set, - params, libctx)) + params, libctx)) return 0; /* If not a PSS type RSA, sending us PSS parameters is wrong */ @@ -186,13 +186,9 @@ rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) - ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), - &pss_defaults_set, - params, rsa_type, - ossl_rsa_get0_libctx(rsa)); + ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), &pss_defaults_set, params, rsa_type, ossl_rsa_get0_libctx(rsa)); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - int include_private = - selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_rsa_fromdata(rsa, params, include_private); } @@ -201,7 +197,7 @@ } static int rsa_export(void *keydata, int selection, - OSSL_CALLBACK *param_callback, void *cbarg) + OSSL_CALLBACK *param_callback, void *cbarg) { RSA *rsa = keydata; const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); @@ -220,11 +216,9 @@ return 0; if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) - ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) - || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); + ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - int include_private = - selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_rsa_todata(rsa, tmpl, NULL, include_private); } @@ -243,54 +237,54 @@ #ifdef FIPS_MODULE /* In fips mode there are no multi-primes. */ -# define RSA_KEY_MP_TYPES() \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), +#define RSA_KEY_MP_TYPES() \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), #else /* * We allow up to 10 prime factors (starting with p, q). * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT */ -# define RSA_KEY_MP_TYPES() \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), +#define RSA_KEY_MP_TYPES() \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), #endif -#define RSA_KEY_TYPES() \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ -OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ -RSA_KEY_MP_TYPES() +#define RSA_KEY_TYPES() \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ + RSA_KEY_MP_TYPES() /* * This provider can export everything in an RSA key, so we use the exact @@ -301,7 +295,7 @@ */ static const OSSL_PARAM rsa_key_types[] = { RSA_KEY_TYPES() - OSSL_PARAM_END + OSSL_PARAM_END }; /* * We lied about the amount of factors, exponents and coefficients, the @@ -361,17 +355,17 @@ * With RSA-OAEP keys, this may need to be amended. */ if ((p = OSSL_PARAM_locate(params, - OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL + OSSL_PKEY_PARAM_MANDATORY_DIGEST)) + != NULL && rsa_type == RSA_FLAG_TYPE_RSASSAPSS && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) { - const char *mdname = - ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); + const char *mdname = ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) return 0; } return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS - || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) + || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) && ossl_rsa_todata(rsa, NULL, params, 1); } @@ -381,7 +375,7 @@ OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), RSA_KEY_TYPES() - OSSL_PARAM_END + OSSL_PARAM_END }; static const OSSL_PARAM *rsa_gettable_params(void *provctx) @@ -448,7 +442,7 @@ } static void *gen_init(void *provctx, int selection, int rsa_type, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); struct rsa_gen_ctx *gctx = NULL; @@ -484,13 +478,13 @@ } static void *rsa_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA, params); } static void *rsapss_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS, params); } @@ -525,7 +519,7 @@ /* Only attempt to get PSS parameters when generating an RSA-PSS key */ if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS && !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params, - gctx->rsa_type, gctx->libctx)) + gctx->rsa_type, gctx->libctx)) return 0; #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) /* Any ACVP test related parameters are copied into a params[] */ @@ -535,24 +529,24 @@ return 1; } -#define rsa_gen_basic \ - OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ - OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) +#define rsa_gen_basic \ + OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ + OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) /* * The following must be kept in sync with ossl_rsa_pss_params_30_fromdata() * in crypto/rsa/rsa_backend.c */ -#define rsa_gen_pss \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) +#define rsa_gen_pss \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { rsa_gen_basic, @@ -563,7 +557,7 @@ } static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { rsa_gen_basic, @@ -617,12 +611,12 @@ #endif if (!RSA_generate_multi_prime_key(rsa_tmp, - (int)gctx->nbits, (int)gctx->primes, - gctx->pub_exp, gencb)) + (int)gctx->nbits, (int)gctx->primes, + gctx->pub_exp, gencb)) goto err; if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp), - &gctx->pss_params)) + &gctx->pss_params)) goto err; RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); @@ -630,7 +624,7 @@ rsa = rsa_tmp; rsa_tmp = NULL; - err: +err: BN_GENCB_free(gencb); RSA_free(rsa_tmp); return rsa; @@ -651,7 +645,7 @@ } static void *common_load(const void *reference, size_t reference_sz, - int expected_rsa_type) + int expected_rsa_type) { RSA *rsa = NULL; @@ -698,15 +692,15 @@ { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, - (void (*)(void))rsa_gen_set_params }, + (void (*)(void))rsa_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, - (void (*)(void))rsa_gen_settable_params }, + (void (*)(void))rsa_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))rsa_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))rsa_gettable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, @@ -723,13 +717,13 @@ { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, - (void (*)(void))rsapss_gen_settable_params }, + (void (*)(void))rsapss_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsapss_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))rsa_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))rsa_gettable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, @@ -738,7 +732,7 @@ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, - (void (*)(void))rsa_query_operation_name }, + (void (*)(void))rsa_query_operation_name }, { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, { 0, NULL } }; --- crypto/openssl/providers/implementations/macs/blake2_mac_impl.c.orig +++ crypto/openssl/providers/implementations/macs/blake2_mac_impl.c @@ -88,7 +88,7 @@ } static int blake2_setkey(struct blake2_mac_data_st *macctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { if (keylen > BLAKE2_KEYBYTES || keylen == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); @@ -103,7 +103,7 @@ } static int blake2_mac_init(void *vmacctx, const unsigned char *key, - size_t keylen, const OSSL_PARAM params[]) + size_t keylen, const OSSL_PARAM params[]) { struct blake2_mac_data_st *macctx = vmacctx; @@ -121,7 +121,7 @@ } static int blake2_mac_update(void *vmacctx, - const unsigned char *data, size_t datalen) + const unsigned char *data, size_t datalen) { struct blake2_mac_data_st *macctx = vmacctx; @@ -132,8 +132,8 @@ } static int blake2_mac_final(void *vmacctx, - unsigned char *out, size_t *outl, - size_t outsize) + unsigned char *out, size_t *outl, + size_t outsize) { struct blake2_mac_data_st *macctx = vmacctx; @@ -150,7 +150,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *blake2_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -160,11 +160,11 @@ OSSL_PARAM *p; if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL - && !OSSL_PARAM_set_size_t(p, blake2_mac_size(vmacctx))) + && !OSSL_PARAM_set_size_t(p, blake2_mac_size(vmacctx))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL - && !OSSL_PARAM_set_size_t(p, BLAKE2_BLOCKBYTES)) + && !OSSL_PARAM_set_size_t(p, BLAKE2_BLOCKBYTES)) return 0; return 1; @@ -178,7 +178,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *blake2_mac_settable_ctx_params( - ossl_unused void *ctx, ossl_unused void *p_ctx) + ossl_unused void *ctx, ossl_unused void *p_ctx) { return known_settable_ctx_params; } @@ -207,7 +207,7 @@ } if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL - && !blake2_setkey(macctx, p->data, p->data_size)) + && !blake2_setkey(macctx, p->data, p->data_size)) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM)) @@ -245,10 +245,10 @@ { OSSL_FUNC_MAC_UPDATE, (void (*)(void))blake2_mac_update }, { OSSL_FUNC_MAC_FINAL, (void (*)(void))blake2_mac_final }, { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, - (void (*)(void))blake2_gettable_ctx_params }, + (void (*)(void))blake2_gettable_ctx_params }, { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))blake2_get_ctx_params }, { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))blake2_mac_settable_ctx_params }, + (void (*)(void))blake2_mac_settable_ctx_params }, { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))blake2_mac_set_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/macs/blake2b_mac.c.orig +++ crypto/openssl/providers/implementations/macs/blake2b_mac.c @@ -29,5 +29,6 @@ /* OSSL_DISPATCH symbol */ #define BLAKE2_FUNCTIONS ossl_blake2bmac_functions +/* clang-format off */ #include "blake2_mac_impl.c" - +/* clang-format on */ --- crypto/openssl/providers/implementations/macs/blake2s_mac.c.orig +++ crypto/openssl/providers/implementations/macs/blake2s_mac.c @@ -29,4 +29,6 @@ /* OSSL_DISPATCH symbol */ #define BLAKE2_FUNCTIONS ossl_blake2smac_functions +/* clang-format off */ #include "blake2_mac_impl.c" +/* clang-format on */ --- crypto/openssl/providers/implementations/macs/cmac_prov.c.orig +++ crypto/openssl/providers/implementations/macs/cmac_prov.c @@ -108,17 +108,17 @@ } static int cmac_setkey(struct cmac_data_st *macctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { int rv = CMAC_Init(macctx->ctx, key, keylen, - ossl_prov_cipher_cipher(&macctx->cipher), - ossl_prov_cipher_engine(&macctx->cipher)); + ossl_prov_cipher_cipher(&macctx->cipher), + ossl_prov_cipher_engine(&macctx->cipher)); ossl_prov_cipher_reset(&macctx->cipher); return rv; } static int cmac_init(void *vmacctx, const unsigned char *key, - size_t keylen, const OSSL_PARAM params[]) + size_t keylen, const OSSL_PARAM params[]) { struct cmac_data_st *macctx = vmacctx; @@ -131,7 +131,7 @@ } static int cmac_update(void *vmacctx, const unsigned char *data, - size_t datalen) + size_t datalen) { struct cmac_data_st *macctx = vmacctx; @@ -139,7 +139,7 @@ } static int cmac_final(void *vmacctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { struct cmac_data_st *macctx = vmacctx; @@ -155,7 +155,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *cmac_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -165,11 +165,11 @@ OSSL_PARAM *p; if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL - && !OSSL_PARAM_set_size_t(p, cmac_size(vmacctx))) + && !OSSL_PARAM_set_size_t(p, cmac_size(vmacctx))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL - && !OSSL_PARAM_set_size_t(p, cmac_size(vmacctx))) + && !OSSL_PARAM_set_size_t(p, cmac_size(vmacctx))) return 0; return 1; @@ -182,7 +182,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *cmac_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -218,10 +218,10 @@ { OSSL_FUNC_MAC_UPDATE, (void (*)(void))cmac_update }, { OSSL_FUNC_MAC_FINAL, (void (*)(void))cmac_final }, { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, - (void (*)(void))cmac_gettable_ctx_params }, + (void (*)(void))cmac_gettable_ctx_params }, { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))cmac_get_ctx_params }, { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))cmac_settable_ctx_params }, + (void (*)(void))cmac_settable_ctx_params }, { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))cmac_set_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/macs/gmac_prov.c.orig +++ crypto/openssl/providers/implementations/macs/gmac_prov.c @@ -40,7 +40,7 @@ struct gmac_data_st { void *provctx; - EVP_CIPHER_CTX *ctx; /* Cipher context */ + EVP_CIPHER_CTX *ctx; /* Cipher context */ PROV_CIPHER cipher; }; @@ -98,7 +98,7 @@ } static int gmac_setkey(struct gmac_data_st *macctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { EVP_CIPHER_CTX *ctx = macctx->ctx; @@ -112,7 +112,7 @@ } static int gmac_init(void *vmacctx, const unsigned char *key, - size_t keylen, const OSSL_PARAM params[]) + size_t keylen, const OSSL_PARAM params[]) { struct gmac_data_st *macctx = vmacctx; @@ -124,7 +124,7 @@ } static int gmac_update(void *vmacctx, const unsigned char *data, - size_t datalen) + size_t datalen) { struct gmac_data_st *macctx = vmacctx; EVP_CIPHER_CTX *ctx = macctx->ctx; @@ -143,7 +143,7 @@ } static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; struct gmac_data_st *macctx = vmacctx; @@ -157,7 +157,7 @@ hlen = gmac_size(); params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - out, (size_t)hlen); + out, (size_t)hlen); if (!EVP_CIPHER_CTX_get_params(macctx->ctx, params)) return 0; @@ -192,7 +192,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *gmac_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -221,14 +221,14 @@ return 0; } if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher), - ossl_prov_cipher_engine(&macctx->cipher), NULL, - NULL)) + ossl_prov_cipher_engine(&macctx->cipher), NULL, + NULL)) return 0; } if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) if (p->data_type != OSSL_PARAM_OCTET_STRING - || !gmac_setkey(macctx, p->data, p->data_size)) + || !gmac_setkey(macctx, p->data, p->data_size)) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_IV)) != NULL) { @@ -236,7 +236,8 @@ return 0; if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - p->data_size, NULL) <= 0 + p->data_size, NULL) + <= 0 || !EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p->data)) return 0; } @@ -253,7 +254,7 @@ { OSSL_FUNC_MAC_GETTABLE_PARAMS, (void (*)(void))gmac_gettable_params }, { OSSL_FUNC_MAC_GET_PARAMS, (void (*)(void))gmac_get_params }, { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))gmac_settable_ctx_params }, + (void (*)(void))gmac_settable_ctx_params }, { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))gmac_set_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/macs/hmac_prov.c.orig +++ crypto/openssl/providers/implementations/macs/hmac_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,7 @@ /* typedef EVP_MAC_IMPL */ struct hmac_data_st { void *provctx; - HMAC_CTX *ctx; /* HMAC context */ + HMAC_CTX *ctx; /* HMAC context */ PROV_DIGEST digest; unsigned char *key; size_t keylen; @@ -61,14 +61,14 @@ /* Defined in ssl/s3_cbc.c */ int ssl3_cbc_digest_record(const EVP_MD *md, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char header[13], - const unsigned char *data, - size_t data_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - size_t mac_secret_length, char is_sslv3); + unsigned char *md_out, + size_t *md_out_size, + const unsigned char header[13], + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); static void *hmac_new(void *provctx) { @@ -94,7 +94,7 @@ if (macctx != NULL) { HMAC_CTX_free(macctx->ctx); ossl_prov_digest_reset(&macctx->digest); - OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + OPENSSL_clear_free(macctx->key, macctx->keylen); OPENSSL_free(macctx); } } @@ -123,13 +123,13 @@ return NULL; } if (src->key != NULL) { - /* There is no "secure" OPENSSL_memdup */ - dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1); + dst->key = OPENSSL_malloc(src->keylen > 0 ? src->keylen : 1); if (dst->key == NULL) { hmac_free(dst); return 0; } - memcpy(dst->key, src->key, src->keylen); + if (src->keylen > 0) + memcpy(dst->key, src->key, src->keylen); } return dst; } @@ -149,29 +149,31 @@ } static int hmac_setkey(struct hmac_data_st *macctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { const EVP_MD *digest; if (macctx->key != NULL) - OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + OPENSSL_clear_free(macctx->key, macctx->keylen); /* Keep a copy of the key in case we need it for TLS HMAC */ - macctx->key = OPENSSL_secure_malloc(keylen > 0 ? keylen : 1); + macctx->key = OPENSSL_malloc(keylen > 0 ? keylen : 1); if (macctx->key == NULL) return 0; - memcpy(macctx->key, key, keylen); + + if (keylen > 0) + memcpy(macctx->key, key, keylen); macctx->keylen = keylen; digest = ossl_prov_digest_md(&macctx->digest); /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ if (key != NULL || (macctx->tls_data_size == 0 && digest != NULL)) return HMAC_Init_ex(macctx->ctx, key, keylen, digest, - ossl_prov_digest_engine(&macctx->digest)); + ossl_prov_digest_engine(&macctx->digest)); return 1; } static int hmac_init(void *vmacctx, const unsigned char *key, - size_t keylen, const OSSL_PARAM params[]) + size_t keylen, const OSSL_PARAM params[]) { struct hmac_data_st *macctx = vmacctx; @@ -186,7 +188,7 @@ } static int hmac_update(void *vmacctx, const unsigned char *data, - size_t datalen) + size_t datalen) { struct hmac_data_st *macctx = vmacctx; @@ -205,22 +207,22 @@ return 0; return ssl3_cbc_digest_record(ossl_prov_digest_md(&macctx->digest), - macctx->tls_mac_out, - &macctx->tls_mac_out_size, - macctx->tls_header, - data, - datalen, - macctx->tls_data_size, - macctx->key, - macctx->keylen, - 0); + macctx->tls_mac_out, + &macctx->tls_mac_out_size, + macctx->tls_header, + data, + datalen, + macctx->tls_data_size, + macctx->key, + macctx->keylen, + 0); } return HMAC_Update(macctx->ctx, data, datalen); } static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { unsigned int hlen; struct hmac_data_st *macctx = vmacctx; @@ -247,7 +249,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -258,11 +260,11 @@ OSSL_PARAM *p; if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL - && !OSSL_PARAM_set_size_t(p, hmac_size(macctx))) + && !OSSL_PARAM_set_size_t(p, hmac_size(macctx))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL - && !OSSL_PARAM_set_int(p, hmac_block_size(macctx))) + && !OSSL_PARAM_set_int(p, hmac_block_size(macctx))) return 0; return 1; @@ -278,13 +280,13 @@ OSSL_PARAM_END }; static const OSSL_PARAM *hmac_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } static int set_flag(const OSSL_PARAM params[], const char *key, int mask, - int *flags) + int *flags) { const OSSL_PARAM *p = OSSL_PARAM_locate_const(params, key); int flag = 0; @@ -317,10 +319,10 @@ return 0; if (!set_flag(params, OSSL_MAC_PARAM_DIGEST_NOINIT, EVP_MD_CTX_FLAG_NO_INIT, - &flags)) + &flags)) return 0; if (!set_flag(params, OSSL_MAC_PARAM_DIGEST_ONESHOT, EVP_MD_CTX_FLAG_ONESHOT, - &flags)) + &flags)) return 0; if (flags) HMAC_CTX_set_flags(macctx->ctx, flags); @@ -333,7 +335,8 @@ } if ((p = OSSL_PARAM_locate_const(params, - OSSL_MAC_PARAM_TLS_DATA_SIZE)) != NULL) { + OSSL_MAC_PARAM_TLS_DATA_SIZE)) + != NULL) { if (!OSSL_PARAM_get_size_t(p, &macctx->tls_data_size)) return 0; } @@ -348,10 +351,10 @@ { OSSL_FUNC_MAC_UPDATE, (void (*)(void))hmac_update }, { OSSL_FUNC_MAC_FINAL, (void (*)(void))hmac_final }, { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, - (void (*)(void))hmac_gettable_ctx_params }, + (void (*)(void))hmac_gettable_ctx_params }, { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))hmac_get_ctx_params }, { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))hmac_settable_ctx_params }, + (void (*)(void))hmac_settable_ctx_params }, { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))hmac_set_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/macs/kmac_prov.c.orig +++ crypto/openssl/providers/implementations/macs/kmac_prov.c @@ -112,10 +112,10 @@ 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 }; -#define KMAC_FLAG_XOF_MODE 1 +#define KMAC_FLAG_XOF_MODE 1 struct kmac_data_st { - void *provctx; + void *provctx; EVP_MD_CTX *ctx; PROV_DIGEST digest; size_t out_len; @@ -129,17 +129,17 @@ }; static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len, - const unsigned char *in, size_t in_len); + const unsigned char *in, size_t in_len); static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len, - size_t bits); + size_t bits); static int bytepad(unsigned char *out, size_t *out_len, - const unsigned char *in1, size_t in1_len, - const unsigned char *in2, size_t in2_len, - size_t w); + const unsigned char *in1, size_t in1_len, + const unsigned char *in2, size_t in2_len, + size_t w); static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len, - size_t *out_len, - const unsigned char *in, size_t in_len, - size_t w); + size_t *out_len, + const unsigned char *in, size_t in_len, + size_t w); static void kmac_free(void *vmacctx) { @@ -167,7 +167,7 @@ return NULL; if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL - || (kctx->ctx = EVP_MD_CTX_new()) == NULL) { + || (kctx->ctx = EVP_MD_CTX_new()) == NULL) { kmac_free(kctx); return NULL; } @@ -182,7 +182,7 @@ if (kctx == NULL) return 0; if (!ossl_prov_digest_load_from_params(&kctx->digest, params, - PROV_LIBCTX_OF(provctx))) { + PROV_LIBCTX_OF(provctx))) { kmac_free(kctx); return 0; } @@ -195,7 +195,7 @@ { static const OSSL_PARAM kmac128_params[] = { OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC128, - sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC128)), + sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC128)), OSSL_PARAM_END }; return kmac_fetch_new(provctx, kmac128_params); @@ -205,7 +205,7 @@ { static const OSSL_PARAM kmac256_params[] = { OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC256, - sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC256)), + sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC256)), OSSL_PARAM_END }; return kmac_fetch_new(provctx, kmac256_params); @@ -240,7 +240,7 @@ } static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key, - size_t keylen) + size_t keylen) { const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest); int w = EVP_MD_get_block_size(digest); @@ -254,7 +254,7 @@ return 0; } if (!kmac_bytepad_encode_key(kctx->key, sizeof(kctx->key), &kctx->key_len, - key, keylen, (size_t)w)) + key, keylen, (size_t)w)) return 0; return 1; } @@ -265,7 +265,7 @@ * effect on the output mac. */ static int kmac_init(void *vmacctx, const unsigned char *key, - size_t keylen, const OSSL_PARAM params[]) + size_t keylen, const OSSL_PARAM params[]) { struct kmac_data_st *kctx = vmacctx; EVP_MD_CTX *ctx = kctx->ctx; @@ -285,7 +285,7 @@ return 0; } if (!EVP_DigestInit_ex(kctx->ctx, ossl_prov_digest_md(&kctx->digest), - NULL)) + NULL)) return 0; t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest)); @@ -305,7 +305,7 @@ } if (!bytepad(NULL, &out_len, kmac_string, sizeof(kmac_string), - kctx->custom, kctx->custom_len, block_len)) { + kctx->custom, kctx->custom_len, block_len)) { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); return 0; } @@ -315,15 +315,15 @@ return 0; } res = bytepad(out, NULL, kmac_string, sizeof(kmac_string), - kctx->custom, kctx->custom_len, block_len) - && EVP_DigestUpdate(ctx, out, out_len) - && EVP_DigestUpdate(ctx, kctx->key, kctx->key_len); + kctx->custom, kctx->custom_len, block_len) + && EVP_DigestUpdate(ctx, out, out_len) + && EVP_DigestUpdate(ctx, kctx->key, kctx->key_len); OPENSSL_free(out); return res; } static int kmac_update(void *vmacctx, const unsigned char *data, - size_t datalen) + size_t datalen) { struct kmac_data_st *kctx = vmacctx; @@ -331,7 +331,7 @@ } static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { struct kmac_data_st *kctx = vmacctx; EVP_MD_CTX *ctx = kctx->ctx; @@ -358,7 +358,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *kmac_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -370,7 +370,7 @@ int sz; if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL - && !OSSL_PARAM_set_size_t(p, kctx->out_len)) + && !OSSL_PARAM_set_size_t(p, kctx->out_len)) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL) { @@ -390,7 +390,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *kmac_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -427,7 +427,7 @@ kctx->out_len = sz; } if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL - && !kmac_setkey(kctx, p->data, p->data_size)) + && !kmac_setkey(kctx, p->data, p->data_size)) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM)) != NULL) { @@ -436,7 +436,7 @@ return 0; } if (!encode_string(kctx->custom, sizeof(kctx->custom), &kctx->custom_len, - p->data, p->data_size)) + p->data, p->data_size)) return 0; } return 1; @@ -467,7 +467,7 @@ * e.g if bits = 32, out[2] = { 0x20, 0x01 } */ static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len, - size_t bits) + size_t bits) { unsigned int len = get_encode_size(bits); int i; @@ -498,7 +498,7 @@ * len bits K M A C */ static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len, - const unsigned char *in, size_t in_len) + const unsigned char *in, size_t in_len) { if (in == NULL) { *out_len = 0; @@ -534,8 +534,8 @@ * zero_padded(multiple of w, (left_encode(w) || in1 [|| in2]) */ static int bytepad(unsigned char *out, size_t *out_len, - const unsigned char *in1, size_t in1_len, - const unsigned char *in2, size_t in2_len, size_t w) + const unsigned char *in1, size_t in1_len, + const unsigned char *in2, size_t in2_len, size_t w) { int len; unsigned char *p = out; @@ -578,9 +578,9 @@ /* Returns out = bytepad(encode_string(in), w) */ static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len, - size_t *out_len, - const unsigned char *in, size_t in_len, - size_t w) + size_t *out_len, + const unsigned char *in, size_t in_len, + size_t w) { unsigned char tmp[KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN]; size_t tmp_len; @@ -602,10 +602,10 @@ { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, - (void (*)(void))kmac_gettable_ctx_params }, + (void (*)(void))kmac_gettable_ctx_params }, { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))kmac_settable_ctx_params }, + (void (*)(void))kmac_settable_ctx_params }, { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, { 0, NULL } }; @@ -618,10 +618,10 @@ { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, - (void (*)(void))kmac_gettable_ctx_params }, + (void (*)(void))kmac_gettable_ctx_params }, { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))kmac_settable_ctx_params }, + (void (*)(void))kmac_settable_ctx_params }, { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/macs/poly1305_prov.c.orig +++ crypto/openssl/providers/implementations/macs/poly1305_prov.c @@ -38,7 +38,7 @@ struct poly1305_data_st { void *provctx; int updated; - POLY1305 poly1305; /* Poly1305 data */ + POLY1305 poly1305; /* Poly1305 data */ }; static void *poly1305_new(void *provctx) @@ -79,7 +79,7 @@ } static int poly1305_setkey(struct poly1305_data_st *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { if (keylen != POLY1305_KEY_SIZE) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); @@ -91,7 +91,7 @@ } static int poly1305_init(void *vmacctx, const unsigned char *key, - size_t keylen, const OSSL_PARAM params[]) + size_t keylen, const OSSL_PARAM params[]) { struct poly1305_data_st *ctx = vmacctx; @@ -105,7 +105,7 @@ } static int poly1305_update(void *vmacctx, const unsigned char *data, - size_t datalen) + size_t datalen) { struct poly1305_data_st *ctx = vmacctx; @@ -119,7 +119,7 @@ } static int poly1305_final(void *vmacctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { struct poly1305_data_st *ctx = vmacctx; @@ -155,7 +155,7 @@ OSSL_PARAM_END }; static const OSSL_PARAM *poly1305_settable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -166,7 +166,7 @@ const OSSL_PARAM *p; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL - && !poly1305_setkey(ctx, p->data, p->data_size)) + && !poly1305_setkey(ctx, p->data, p->data_size)) return 0; return 1; } @@ -181,7 +181,7 @@ { OSSL_FUNC_MAC_GETTABLE_PARAMS, (void (*)(void))poly1305_gettable_params }, { OSSL_FUNC_MAC_GET_PARAMS, (void (*)(void))poly1305_get_params }, { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))poly1305_settable_ctx_params }, + (void (*)(void))poly1305_settable_ctx_params }, { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))poly1305_set_ctx_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/macs/siphash_prov.c.orig +++ crypto/openssl/providers/implementations/macs/siphash_prov.c @@ -38,8 +38,8 @@ struct siphash_data_st { void *provctx; - SIPHASH siphash; /* Siphash data */ - SIPHASH sipcopy; /* Siphash data copy for reinitialization */ + SIPHASH siphash; /* Siphash data */ + SIPHASH sipcopy; /* Siphash data copy for reinitialization */ unsigned int crounds, drounds; }; @@ -93,7 +93,7 @@ } static int siphash_setkey(struct siphash_data_st *ctx, - const unsigned char *key, size_t keylen) + const unsigned char *key, size_t keylen) { int ret; @@ -106,7 +106,7 @@ } static int siphash_init(void *vmacctx, const unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { struct siphash_data_st *ctx = vmacctx; @@ -124,7 +124,7 @@ } static int siphash_update(void *vmacctx, const unsigned char *data, - size_t datalen) + size_t datalen) { struct siphash_data_st *ctx = vmacctx; @@ -136,7 +136,7 @@ } static int siphash_final(void *vmacctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { struct siphash_data_st *ctx = vmacctx; size_t hlen = siphash_size(ctx); @@ -149,7 +149,7 @@ } static const OSSL_PARAM *siphash_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), @@ -179,7 +179,7 @@ } static const OSSL_PARAM *siphash_settable_ctx_params(ossl_unused void *ctx, - void *provctx) + void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), @@ -208,10 +208,10 @@ return 0; } if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_C_ROUNDS)) != NULL - && !OSSL_PARAM_get_uint(p, &ctx->crounds)) + && !OSSL_PARAM_get_uint(p, &ctx->crounds)) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_D_ROUNDS)) != NULL - && !OSSL_PARAM_get_uint(p, &ctx->drounds)) + && !OSSL_PARAM_get_uint(p, &ctx->drounds)) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) if (p->data_type != OSSL_PARAM_OCTET_STRING @@ -228,10 +228,10 @@ { OSSL_FUNC_MAC_UPDATE, (void (*)(void))siphash_update }, { OSSL_FUNC_MAC_FINAL, (void (*)(void))siphash_final }, { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, - (void (*)(void))siphash_gettable_ctx_params }, + (void (*)(void))siphash_gettable_ctx_params }, { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))siphash_get_ctx_params }, { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))siphash_settable_ctx_params }, + (void (*)(void))siphash_settable_ctx_params }, { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))siphash_set_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/rands/crngt.c.orig +++ crypto/openssl/providers/implementations/rands/crngt.c @@ -32,8 +32,8 @@ } CRNG_TEST_GLOBAL; static int crngt_get_entropy(PROV_CTX *provctx, const EVP_MD *digest, - unsigned char *buf, unsigned char *md, - unsigned int *md_size) + unsigned char *buf, unsigned char *md, + unsigned int *md_size) { int r; size_t n; @@ -89,8 +89,8 @@ }; static int prov_crngt_compare_previous(const unsigned char *prev, - const unsigned char *cur, - size_t sz) + const unsigned char *cur, + size_t sz) { const int res = memcmp(prev, cur, sz) != 0; @@ -100,9 +100,9 @@ } size_t ossl_crngt_get_entropy(PROV_DRBG *drbg, - unsigned char **pout, - int entropy, size_t min_len, size_t max_len, - int prediction_resistance) + unsigned char **pout, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance) { unsigned char md[EVP_MAX_MD_SIZE]; unsigned char buf[CRNGT_BUFSIZ]; @@ -114,7 +114,7 @@ OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx); CRNG_TEST_GLOBAL *crngt_glob = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_RAND_CRNGT_INDEX, - &rand_crng_ossl_ctx_method); + &rand_crng_ossl_ctx_method); OSSL_CALLBACK *stcb = NULL; void *stcbarg = NULL; OSSL_SELF_TEST *st = NULL; @@ -127,7 +127,7 @@ if (!crngt_glob->preloaded) { if (!crngt_get_entropy(drbg->provctx, crngt_glob->md, buf, - crngt_glob->crngt_prev, NULL)) { + crngt_glob->crngt_prev, NULL)) { OPENSSL_cleanse(buf, sizeof(buf)); goto unlock_return; } @@ -154,7 +154,7 @@ if (st == NULL) goto err; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_CRNG, - OSSL_SELF_TEST_DESC_RNG); + OSSL_SELF_TEST_DESC_RNG); } for (t = bytes_needed; t > 0;) { @@ -181,18 +181,18 @@ *pout = ent; ent = NULL; - err: +err: OSSL_SELF_TEST_onend(st, crng_test_pass); OSSL_SELF_TEST_free(st); OPENSSL_secure_clear_free(ent, bytes_needed); - unlock_return: +unlock_return: CRYPTO_THREAD_unlock(crngt_glob->lock); return r; } void ossl_crngt_cleanup_entropy(ossl_unused PROV_DRBG *drbg, - unsigned char *out, size_t outlen) + unsigned char *out, size_t outlen) { OPENSSL_secure_clear_free(out, outlen); } --- crypto/openssl/providers/implementations/rands/drbg.c.orig +++ crypto/openssl/providers/implementations/rands/drbg.c @@ -39,7 +39,7 @@ static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING; static const OSSL_DISPATCH *find_call(const OSSL_DISPATCH *dispatch, - int function); + int function); static int rand_drbg_restart(PROV_DRBG *drbg); @@ -65,8 +65,8 @@ void *parent = drbg->parent; if (parent != NULL - && drbg->parent_lock != NULL - && !drbg->parent_lock(parent)) { + && drbg->parent_lock != NULL + && !drbg->parent_lock(parent)) { ERR_raise(ERR_LIB_PROV, PROV_R_PARENT_LOCKING_NOT_ENABLED); return 0; } @@ -122,7 +122,7 @@ ossl_drbg_unlock_parent(drbg); return r; - err: +err: r = tsan_load(&drbg->reseed_counter) - 2; if (r == 0) r = UINT_MAX; @@ -142,9 +142,9 @@ * its entropy will be used up first. */ size_t ossl_drbg_get_seed(void *vdrbg, unsigned char **pout, - int entropy, size_t min_len, - size_t max_len, int prediction_resistance, - const unsigned char *adin, size_t adin_len) + int entropy, size_t min_len, + size_t max_len, int prediction_resistance, + const unsigned char *adin, size_t adin_len) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; size_t bytes_needed; @@ -174,8 +174,8 @@ * intentional and correct here. */ if (!ossl_prov_drbg_generate(drbg, buffer, bytes_needed, - drbg->strength, prediction_resistance, - (unsigned char *)&drbg, sizeof(drbg))) { + drbg->strength, prediction_resistance, + (unsigned char *)&drbg, sizeof(drbg))) { OPENSSL_secure_clear_free(buffer, bytes_needed); ERR_raise(ERR_LIB_PROV, PROV_R_GENERATE_ERROR); return 0; @@ -186,14 +186,14 @@ /* Implements the cleanup_entropy() callback */ void ossl_drbg_clear_seed(ossl_unused void *vdrbg, - unsigned char *out, size_t outlen) + unsigned char *out, size_t outlen) { OPENSSL_secure_clear_free(out, outlen); } static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy, - size_t min_len, size_t max_len, - int prediction_resistance) + size_t min_len, size_t max_len, + int prediction_resistance) { size_t bytes; unsigned int p_str; @@ -201,7 +201,7 @@ if (drbg->parent == NULL) #ifdef FIPS_MODULE return ossl_crngt_get_entropy(drbg, pout, entropy, min_len, max_len, - prediction_resistance); + prediction_resistance); #else /* * In normal use (i.e. OpenSSL's own uses), this is never called. @@ -209,7 +209,7 @@ * they always have a parent. This remains purely for legacy reasons. */ return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len, - max_len); + max_len); #endif if (drbg->parent_get_seed == NULL) { @@ -244,8 +244,8 @@ * intentional and correct here. */ bytes = drbg->parent_get_seed(drbg->parent, pout, drbg->strength, - min_len, max_len, prediction_resistance, - (unsigned char *)&drbg, sizeof(drbg)); + min_len, max_len, prediction_resistance, + (unsigned char *)&drbg, sizeof(drbg)); ossl_drbg_unlock_parent(drbg); return bytes; } @@ -315,14 +315,14 @@ /* Get a nonce from the operating system */ static size_t prov_drbg_get_nonce(PROV_DRBG *drbg, unsigned char **pout, - size_t min_len, size_t max_len) + size_t min_len, size_t max_len) { size_t ret = 0, n; unsigned char *buf = NULL; OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx); PROV_DRBG_NONCE_GLOBAL *dngbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DRBG_NONCE_INDEX, - &drbg_nonce_ossl_ctx_method); + &drbg_nonce_ossl_ctx_method); struct { void *drbg; int count; @@ -333,10 +333,10 @@ if (drbg->parent != NULL && drbg->parent_nonce != NULL) { n = drbg->parent_nonce(drbg->parent, NULL, 0, drbg->min_noncelen, - drbg->max_noncelen); + drbg->max_noncelen); if (n > 0 && (buf = OPENSSL_malloc(n)) != NULL) { ret = drbg->parent_nonce(drbg->parent, buf, 0, - drbg->min_noncelen, drbg->max_noncelen); + drbg->min_noncelen, drbg->max_noncelen); if (ret == n) { *pout = buf; return ret; @@ -349,9 +349,9 @@ memset(&data, 0, sizeof(data)); data.drbg = drbg; CRYPTO_atomic_add(&dngbl->rand_nonce_count, 1, &data.count, - dngbl->rand_nonce_lock); + dngbl->rand_nonce_lock); return ossl_prov_get_nonce(drbg->provctx, pout, min_len, max_len, - &data, sizeof(data)); + &data, sizeof(data)); } #endif /* PROV_RAND_GET_RANDOM_NONCE */ @@ -364,8 +364,8 @@ * Returns 1 on success, 0 on failure. */ int ossl_prov_drbg_instantiate(PROV_DRBG *drbg, unsigned int strength, - int prediction_resistance, - const unsigned char *pers, size_t perslen) + int prediction_resistance, + const unsigned char *pers, size_t perslen) { unsigned char *nonce = NULL, *entropy = NULL; size_t noncelen = 0, entropylen = 0; @@ -401,8 +401,8 @@ if (drbg->min_noncelen > 0) { if (drbg->parent_nonce != NULL) { noncelen = drbg->parent_nonce(drbg->parent, NULL, drbg->strength, - drbg->min_noncelen, - drbg->max_noncelen); + drbg->min_noncelen, + drbg->max_noncelen); if (noncelen == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE); goto end; @@ -412,10 +412,7 @@ ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE); goto end; } - if (noncelen != drbg->parent_nonce(drbg->parent, nonce, - drbg->strength, - drbg->min_noncelen, - drbg->max_noncelen)) { + if (noncelen != drbg->parent_nonce(drbg->parent, nonce, drbg->strength, drbg->min_noncelen, drbg->max_noncelen)) { ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE); goto end; } @@ -435,10 +432,10 @@ } #ifndef PROV_RAND_GET_RANDOM_NONCE else { /* parent == NULL */ - noncelen = prov_drbg_get_nonce(drbg, &nonce, drbg->min_noncelen, - drbg->max_noncelen); + noncelen = prov_drbg_get_nonce(drbg, &nonce, drbg->min_noncelen, + drbg->max_noncelen); if (noncelen < drbg->min_noncelen - || noncelen > drbg->max_noncelen) { + || noncelen > drbg->max_noncelen) { ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE); goto end; } @@ -454,16 +451,16 @@ } entropylen = get_entropy(drbg, &entropy, min_entropy, - min_entropylen, max_entropylen, - prediction_resistance); + min_entropylen, max_entropylen, + prediction_resistance); if (entropylen < min_entropylen - || entropylen > max_entropylen) { + || entropylen > max_entropylen) { ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_ENTROPY); goto end; } if (!drbg->instantiate(drbg, entropy, entropylen, nonce, noncelen, - pers, perslen)) { + pers, perslen)) { cleanup_entropy(drbg, entropy, entropylen); ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_INSTANTIATING_DRBG); goto end; @@ -475,7 +472,7 @@ drbg->reseed_time = time(NULL); tsan_store(&drbg->reseed_counter, drbg->reseed_next_counter); - end: +end: if (nonce != NULL) ossl_prov_cleanup_nonce(drbg->provctx, nonce, noncelen); if (drbg->state == EVP_RAND_STATE_READY) @@ -504,8 +501,8 @@ * Returns 1 on success, 0 on failure. */ int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adinlen) + const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adinlen) { unsigned char *entropy = NULL; size_t entropylen = 0; @@ -582,10 +579,10 @@ /* Reseed using our sources in addition */ entropylen = get_entropy(drbg, &entropy, drbg->strength, - drbg->min_entropylen, drbg->max_entropylen, - prediction_resistance); + drbg->min_entropylen, drbg->max_entropylen, + prediction_resistance); if (entropylen < drbg->min_entropylen - || entropylen > drbg->max_entropylen) { + || entropylen > drbg->max_entropylen) { ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_ENTROPY); goto end; } @@ -600,7 +597,7 @@ if (drbg->parent != NULL) drbg->parent_reseed_counter = get_parent_reseed_count(drbg); - end: +end: cleanup_entropy(drbg, entropy, entropylen); if (drbg->state == EVP_RAND_STATE_READY) return 1; @@ -618,8 +615,8 @@ * */ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *adin, size_t adinlen) + unsigned int strength, int prediction_resistance, + const unsigned char *adin, size_t adinlen) { int fork_id; int reseed_required = 0; @@ -672,12 +669,12 @@ reseed_required = 1; } if (drbg->parent != NULL - && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) + && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) reseed_required = 1; if (reseed_required || prediction_resistance) { if (!ossl_prov_drbg_reseed(drbg, prediction_resistance, NULL, 0, - adin, adinlen)) { + adin, adinlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_RESEED_ERROR); return 0; } @@ -729,7 +726,7 @@ /* Provider support from here down */ static const OSSL_DISPATCH *find_call(const OSSL_DISPATCH *dispatch, - int function) + int function) { if (dispatch != NULL) while (dispatch->function_id != 0) { @@ -767,19 +764,18 @@ * * Returns a pointer to the new DRBG instance on success, NULL on failure. */ -PROV_DRBG *ossl_rand_drbg_new - (void *provctx, void *parent, const OSSL_DISPATCH *p_dispatch, - int (*dnew)(PROV_DRBG *ctx), - void (*dfree)(void *vctx), - int (*instantiate)(PROV_DRBG *drbg, - const unsigned char *entropy, size_t entropylen, - const unsigned char *nonce, size_t noncelen, - const unsigned char *pers, size_t perslen), - int (*uninstantiate)(PROV_DRBG *ctx), - int (*reseed)(PROV_DRBG *drbg, const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adin_len), - int (*generate)(PROV_DRBG *, unsigned char *out, size_t outlen, - const unsigned char *adin, size_t adin_len)) +PROV_DRBG *ossl_rand_drbg_new(void *provctx, void *parent, const OSSL_DISPATCH *p_dispatch, + int (*dnew)(PROV_DRBG *ctx), + void (*dfree)(void *vctx), + int (*instantiate)(PROV_DRBG *drbg, + const unsigned char *entropy, size_t entropylen, + const unsigned char *nonce, size_t noncelen, + const unsigned char *pers, size_t perslen), + int (*uninstantiate)(PROV_DRBG *ctx), + int (*reseed)(PROV_DRBG *drbg, const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adin_len), + int (*generate)(PROV_DRBG *, unsigned char *out, size_t outlen, + const unsigned char *adin, size_t adin_len)) { PROV_DRBG *drbg; unsigned int p_str; @@ -849,7 +845,7 @@ #endif return drbg; - err: +err: dfree(drbg); return NULL; } @@ -917,7 +913,7 @@ p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_RESEED_COUNTER); if (p != NULL - && !OSSL_PARAM_set_uint(p, tsan_load(&drbg->reseed_counter))) + && !OSSL_PARAM_set_uint(p, tsan_load(&drbg->reseed_counter))) return 0; return 1; } --- crypto/openssl/providers/implementations/rands/drbg_ctr.c.orig +++ crypto/openssl/providers/implementations/rands/drbg_ctr.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,6 +20,7 @@ #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "drbg_local.h" +#include "internal/cryptlib.h" static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper; static OSSL_FUNC_rand_freectx_fn drbg_ctr_free; @@ -80,6 +81,8 @@ * are XORing. So just process however much input we have. */ n = inlen < ctr->keylen ? inlen : ctr->keylen; + if (!ossl_assert(n <= sizeof(ctr->K))) + return; for (i = 0; i < n; i++) ctr->K[i] ^= in[i]; if (inlen <= ctr->keylen) @@ -98,7 +101,7 @@ * Process a complete block using BCC algorithm of SP 800-90A 10.3.3 */ __owur static int ctr_BCC_block(PROV_DRBG_CTR *ctr, unsigned char *out, - const unsigned char *in, int len) + const unsigned char *in, int len) { int i, outlen = AES_BLOCK_SIZE; @@ -111,7 +114,6 @@ return 1; } - /* * Handle several BCC operations for as much data as we need for K and X */ @@ -135,7 +137,7 @@ */ __owur static int ctr_BCC_init(PROV_DRBG_CTR *ctr) { - unsigned char bltmp[48] = {0}; + unsigned char bltmp[48] = { 0 }; unsigned char num_of_blk; memset(ctr->KX, 0, 48); @@ -149,7 +151,7 @@ * Process several blocks into BCC algorithm, some possibly partial */ __owur static int ctr_BCC_update(PROV_DRBG_CTR *ctr, - const unsigned char *in, size_t inlen) + const unsigned char *in, size_t inlen) { if (in == NULL || inlen == 0) return 1; @@ -194,9 +196,9 @@ } __owur static int ctr_df(PROV_DRBG_CTR *ctr, - const unsigned char *in1, size_t in1len, - const unsigned char *in2, size_t in2len, - const unsigned char *in3, size_t in3len) + const unsigned char *in1, size_t in1len, + const unsigned char *in2, size_t in2len, + const unsigned char *in3, size_t in3len) { static unsigned char c80 = 0x80; size_t inlen; @@ -235,16 +237,16 @@ return 0; /* X follows key K */ if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen, - AES_BLOCK_SIZE) + AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX, - AES_BLOCK_SIZE) + AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; if (ctr->keylen != 16) if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen, - ctr->KX + 16, AES_BLOCK_SIZE) + ctr->KX + 16, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; return 1; @@ -257,9 +259,9 @@ * so we handle both cases in this function instead. */ __owur static int ctr_update(PROV_DRBG *drbg, - const unsigned char *in1, size_t in1len, - const unsigned char *in2, size_t in2len, - const unsigned char *nonce, size_t noncelen) + const unsigned char *in1, size_t in1len, + const unsigned char *in2, size_t in2len, + const unsigned char *nonce, size_t noncelen) { PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data; int outlen = AES_BLOCK_SIZE; @@ -278,7 +280,7 @@ len = 48; } if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len) - || outlen != len) + || outlen != len) return 0; memcpy(ctr->K, out, ctr->keylen); memcpy(ctr->V, out + ctr->keylen, 16); @@ -303,9 +305,9 @@ } static int drbg_ctr_instantiate(PROV_DRBG *drbg, - const unsigned char *entropy, size_t entropylen, - const unsigned char *nonce, size_t noncelen, - const unsigned char *pers, size_t perslen) + const unsigned char *entropy, size_t entropylen, + const unsigned char *nonce, size_t noncelen, + const unsigned char *pers, size_t perslen) { PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data; @@ -324,22 +326,22 @@ } static int drbg_ctr_instantiate_wrapper(void *vdrbg, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, - size_t pstr_len, - const OSSL_PARAM params[]) + int prediction_resistance, + const unsigned char *pstr, + size_t pstr_len, + const OSSL_PARAM params[]) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; if (!ossl_prov_is_running() || !drbg_ctr_set_ctx_params(drbg, params)) return 0; return ossl_prov_drbg_instantiate(drbg, strength, prediction_resistance, - pstr, pstr_len); + pstr, pstr_len); } static int drbg_ctr_reseed(PROV_DRBG *drbg, - const unsigned char *entropy, size_t entropylen, - const unsigned char *adin, size_t adinlen) + const unsigned char *entropy, size_t entropylen, + const unsigned char *adin, size_t adinlen) { PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data; @@ -353,13 +355,13 @@ } static int drbg_ctr_reseed_wrapper(void *vdrbg, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adin_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adin_len) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; return ossl_prov_drbg_reseed(drbg, prediction_resistance, ent, ent_len, - adin, adin_len); + adin, adin_len); } static void ctr96_inc(unsigned char *counter) @@ -375,8 +377,8 @@ } static int drbg_ctr_generate(PROV_DRBG *drbg, - unsigned char *out, size_t outlen, - const unsigned char *adin, size_t adinlen) + unsigned char *out, size_t outlen, + const unsigned char *adin, size_t adinlen) { PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data; unsigned int ctr32, blocks; @@ -410,7 +412,7 @@ do { if (!EVP_CipherInit_ex(ctr->ctx_ctr, - NULL, NULL, NULL, ctr->V, -1)) + NULL, NULL, NULL, ctr->V, -1)) return 0; /*- @@ -448,15 +450,14 @@ return 1; } -static int drbg_ctr_generate_wrapper - (void *vdrbg, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *adin, size_t adin_len) +static int drbg_ctr_generate_wrapper(void *vdrbg, unsigned char *out, size_t outlen, + unsigned int strength, int prediction_resistance, + const unsigned char *adin, size_t adin_len) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; return ossl_prov_drbg_generate(drbg, out, outlen, strength, - prediction_resistance, adin, adin_len); + prediction_resistance, adin, adin_len); } static int drbg_ctr_uninstantiate(PROV_DRBG *drbg) @@ -543,9 +544,9 @@ } if (!EVP_CipherInit_ex(ctr->ctx_ecb, - ctr->cipher_ecb, NULL, NULL, NULL, 1) + ctr->cipher_ecb, NULL, NULL, NULL, 1) || !EVP_CipherInit_ex(ctr->ctx_ctr, - ctr->cipher_ctr, NULL, NULL, NULL, 1)) { + ctr->cipher_ctr, NULL, NULL, NULL, 1)) { ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS); goto err; } @@ -570,7 +571,7 @@ } /* Set key schedule for df_key */ if (!EVP_CipherInit_ex(ctr->ctx_df, - ctr->cipher_ecb, NULL, df_key, NULL, 1)) { + ctr->cipher_ecb, NULL, df_key, NULL, 1)) { ERR_raise(ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED); goto err; } @@ -600,12 +601,12 @@ } static void *drbg_ctr_new_wrapper(void *provctx, void *parent, - const OSSL_DISPATCH *parent_dispatch) + const OSSL_DISPATCH *parent_dispatch) { return ossl_rand_drbg_new(provctx, parent, parent_dispatch, - &drbg_ctr_new, &drbg_ctr_free, - &drbg_ctr_instantiate, &drbg_ctr_uninstantiate, - &drbg_ctr_reseed, &drbg_ctr_generate); + &drbg_ctr_new, &drbg_ctr_free, + &drbg_ctr_instantiate, &drbg_ctr_uninstantiate, + &drbg_ctr_reseed, &drbg_ctr_generate); } static void drbg_ctr_free(void *vdrbg) @@ -639,7 +640,7 @@ if (p != NULL) { if (ctr->cipher_ctr == NULL || !OSSL_PARAM_set_utf8_string(p, - EVP_CIPHER_get0_name(ctr->cipher_ctr))) + EVP_CIPHER_get0_name(ctr->cipher_ctr))) return 0; } @@ -647,7 +648,7 @@ } static const OSSL_PARAM *drbg_ctr_gettable_ctx_params(ossl_unused void *vctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_CIPHER, NULL, 0), @@ -669,14 +670,15 @@ int i, cipher_init = 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_DRBG_PARAM_USE_DF)) != NULL - && OSSL_PARAM_get_int(p, &i)) { + && OSSL_PARAM_get_int(p, &i)) { /* FIPS errors out in the drbg_ctr_init() call later */ ctr->use_df = i != 0; cipher_init = 1; } if ((p = OSSL_PARAM_locate_const(params, - OSSL_DRBG_PARAM_PROPERTIES)) != NULL) { + OSSL_DRBG_PARAM_PROPERTIES)) + != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; propquery = (const char *)p->data; @@ -688,7 +690,7 @@ size_t ecb_str_len = sizeof("ECB") - 1; if (p->data_type != OSSL_PARAM_UTF8_STRING - || p->data_size < ctr_str_len) + || p->data_size < ctr_str_len) return 0; if (OPENSSL_strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER); @@ -718,7 +720,7 @@ } static const OSSL_PARAM *drbg_ctr_settable_ctx_params(ossl_unused void *vctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, NULL, 0), @@ -731,26 +733,26 @@ } const OSSL_DISPATCH ossl_drbg_ctr_functions[] = { - { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))drbg_ctr_new_wrapper }, - { OSSL_FUNC_RAND_FREECTX, (void(*)(void))drbg_ctr_free }, + { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))drbg_ctr_new_wrapper }, + { OSSL_FUNC_RAND_FREECTX, (void (*)(void))drbg_ctr_free }, { OSSL_FUNC_RAND_INSTANTIATE, - (void(*)(void))drbg_ctr_instantiate_wrapper }, + (void (*)(void))drbg_ctr_instantiate_wrapper }, { OSSL_FUNC_RAND_UNINSTANTIATE, - (void(*)(void))drbg_ctr_uninstantiate_wrapper }, - { OSSL_FUNC_RAND_GENERATE, (void(*)(void))drbg_ctr_generate_wrapper }, - { OSSL_FUNC_RAND_RESEED, (void(*)(void))drbg_ctr_reseed_wrapper }, - { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))ossl_drbg_enable_locking }, - { OSSL_FUNC_RAND_LOCK, (void(*)(void))ossl_drbg_lock }, - { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))ossl_drbg_unlock }, + (void (*)(void))drbg_ctr_uninstantiate_wrapper }, + { OSSL_FUNC_RAND_GENERATE, (void (*)(void))drbg_ctr_generate_wrapper }, + { OSSL_FUNC_RAND_RESEED, (void (*)(void))drbg_ctr_reseed_wrapper }, + { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))ossl_drbg_enable_locking }, + { OSSL_FUNC_RAND_LOCK, (void (*)(void))ossl_drbg_lock }, + { OSSL_FUNC_RAND_UNLOCK, (void (*)(void))ossl_drbg_unlock }, { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS, - (void(*)(void))drbg_ctr_settable_ctx_params }, - { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void(*)(void))drbg_ctr_set_ctx_params }, + (void (*)(void))drbg_ctr_settable_ctx_params }, + { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void (*)(void))drbg_ctr_set_ctx_params }, { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, - (void(*)(void))drbg_ctr_gettable_ctx_params }, - { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))drbg_ctr_get_ctx_params }, + (void (*)(void))drbg_ctr_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void (*)(void))drbg_ctr_get_ctx_params }, { OSSL_FUNC_RAND_VERIFY_ZEROIZATION, - (void(*)(void))drbg_ctr_verify_zeroization }, - { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))ossl_drbg_get_seed }, - { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))ossl_drbg_clear_seed }, + (void (*)(void))drbg_ctr_verify_zeroization }, + { OSSL_FUNC_RAND_GET_SEED, (void (*)(void))ossl_drbg_get_seed }, + { OSSL_FUNC_RAND_CLEAR_SEED, (void (*)(void))ossl_drbg_clear_seed }, { 0, NULL } }; --- crypto/openssl/providers/implementations/rands/drbg_hash.c.orig +++ crypto/openssl/providers/implementations/rands/drbg_hash.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,13 +36,13 @@ static OSSL_FUNC_rand_verify_zeroization_fn drbg_hash_verify_zeroization; /* 888 bits from SP800-90Ar1 10.1 table 2 */ -#define HASH_PRNG_MAX_SEEDLEN (888/8) +#define HASH_PRNG_MAX_SEEDLEN (888 / 8) /* 440 bits from SP800-90Ar1 10.1 table 2 */ -#define HASH_PRNG_SMALL_SEEDLEN (440/8) +#define HASH_PRNG_SMALL_SEEDLEN (440 / 8) /* Determine what seedlen to use based on the block length */ -#define MAX_BLOCKLEN_USING_SMALL_SEEDLEN (256/8) +#define MAX_BLOCKLEN_USING_SMALL_SEEDLEN (256 / 8) #define INBYTE_IGNORE ((unsigned char)0xFF) typedef struct rand_drbg_hash_st { @@ -65,10 +65,10 @@ * These are concatenated as part of the DigestUpdate process. */ static int hash_df(PROV_DRBG *drbg, unsigned char *out, - const unsigned char inbyte, - const unsigned char *in, size_t inlen, - const unsigned char *in2, size_t in2len, - const unsigned char *in3, size_t in3len) + const unsigned char inbyte, + const unsigned char *in, size_t inlen, + const unsigned char *in2, size_t in2len, + const unsigned char *in3, size_t in3len) { PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data; EVP_MD_CTX *ctx = hash->ctx; @@ -113,7 +113,7 @@ memcpy(out, vtmp, outlen); OPENSSL_cleanse(vtmp, hash->blocklen); break; - } else if(!EVP_DigestFinal(ctx, out, NULL)) { + } else if (!EVP_DigestFinal(ctx, out, NULL)) { return 0; } @@ -129,8 +129,8 @@ /* Helper function that just passes 2 input parameters to hash_df() */ static int hash_df1(PROV_DRBG *drbg, unsigned char *out, - const unsigned char in_byte, - const unsigned char *in1, size_t in1len) + const unsigned char in_byte, + const unsigned char *in1, size_t in1len) { return hash_df(drbg, out, in_byte, in1, in1len, NULL, 0, NULL, 0); } @@ -142,7 +142,7 @@ * where dst size is drbg->seedlen, and inlen <= drbg->seedlen. */ static int add_bytes(PROV_DRBG *drbg, unsigned char *dst, - unsigned char *in, size_t inlen) + unsigned char *in, size_t inlen) { size_t i; int result; @@ -163,8 +163,8 @@ if (carry != 0) { /* Add the carry to the top of the dst if inlen is not the same size */ for (i = drbg->seedlen - inlen; i > 0; --i, d--) { - *d += 1; /* Carry can only be 1 */ - if (*d != 0) /* exit if carry doesnt propagate to the next byte */ + *d += 1; /* Carry can only be 1 */ + if (*d != 0) /* exit if carry doesn't propagate to the next byte */ break; } } @@ -173,17 +173,17 @@ /* V = (V + Hash(inbyte || V || [additional_input]) mod (2^seedlen) */ static int add_hash_to_v(PROV_DRBG *drbg, unsigned char inbyte, - const unsigned char *adin, size_t adinlen) + const unsigned char *adin, size_t adinlen) { PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data; EVP_MD_CTX *ctx = hash->ctx; return EVP_DigestInit_ex(ctx, ossl_prov_digest_md(&hash->digest), NULL) - && EVP_DigestUpdate(ctx, &inbyte, 1) - && EVP_DigestUpdate(ctx, hash->V, drbg->seedlen) - && (adin == NULL || EVP_DigestUpdate(ctx, adin, adinlen)) - && EVP_DigestFinal(ctx, hash->vtmp, NULL) - && add_bytes(drbg, hash->V, hash->vtmp, hash->blocklen); + && EVP_DigestUpdate(ctx, &inbyte, 1) + && EVP_DigestUpdate(ctx, hash->V, drbg->seedlen) + && (adin == NULL || EVP_DigestUpdate(ctx, adin, adinlen)) + && EVP_DigestFinal(ctx, hash->vtmp, NULL) + && add_bytes(drbg, hash->V, hash->vtmp, hash->blocklen); } /* @@ -212,10 +212,10 @@ if (outlen == 0) return 1; memcpy(hash->vtmp, hash->V, drbg->seedlen); - for(;;) { + for (;;) { if (!EVP_DigestInit_ex(hash->ctx, ossl_prov_digest_md(&hash->digest), - NULL) - || !EVP_DigestUpdate(hash->ctx, hash->vtmp, drbg->seedlen)) + NULL) + || !EVP_DigestUpdate(hash->ctx, hash->vtmp, drbg->seedlen)) return 0; if (outlen < hash->blocklen) { @@ -246,9 +246,9 @@ * Returns zero if an error occurs otherwise it returns 1. */ static int drbg_hash_instantiate(PROV_DRBG *drbg, - const unsigned char *ent, size_t ent_len, - const unsigned char *nonce, size_t nonce_len, - const unsigned char *pstr, size_t pstr_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *nonce, size_t nonce_len, + const unsigned char *pstr, size_t pstr_len) { PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data; @@ -257,24 +257,24 @@ /* (Step 1-3) V = Hash_df(entropy||nonce||pers, seedlen) */ return hash->ctx != NULL - && hash_df(drbg, hash->V, INBYTE_IGNORE, - ent, ent_len, nonce, nonce_len, pstr, pstr_len) - /* (Step 4) C = Hash_df(0x00||V, seedlen) */ - && hash_df1(drbg, hash->C, 0x00, hash->V, drbg->seedlen); + && hash_df(drbg, hash->V, INBYTE_IGNORE, + ent, ent_len, nonce, nonce_len, pstr, pstr_len) + /* (Step 4) C = Hash_df(0x00||V, seedlen) */ + && hash_df1(drbg, hash->C, 0x00, hash->V, drbg->seedlen); } static int drbg_hash_instantiate_wrapper(void *vdrbg, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, - size_t pstr_len, - const OSSL_PARAM params[]) + int prediction_resistance, + const unsigned char *pstr, + size_t pstr_len, + const OSSL_PARAM params[]) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; if (!ossl_prov_is_running() || !drbg_hash_set_ctx_params(drbg, params)) return 0; return ossl_prov_drbg_instantiate(drbg, strength, prediction_resistance, - pstr, pstr_len); + pstr, pstr_len); } /* @@ -286,15 +286,15 @@ * Returns zero if an error occurs otherwise it returns 1. */ static int drbg_hash_reseed(PROV_DRBG *drbg, - const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adin_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adin_len) { PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data; /* (Step 1-2) V = Hash_df(0x01 || V || entropy_input || additional_input) */ /* V about to be updated so use C as output instead */ if (!hash_df(drbg, hash->C, 0x01, hash->V, drbg->seedlen, ent, ent_len, - adin, adin_len)) + adin, adin_len)) return 0; memcpy(hash->V, hash->C, drbg->seedlen); /* (Step 4) C = Hash_df(0x00||V, seedlen) */ @@ -302,13 +302,13 @@ } static int drbg_hash_reseed_wrapper(void *vdrbg, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adin_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adin_len) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; return ossl_prov_drbg_reseed(drbg, prediction_resistance, ent, ent_len, - adin, adin_len); + adin, adin_len); } /* @@ -321,8 +321,8 @@ * Returns zero if an error occurs otherwise it returns 1. */ static int drbg_hash_generate(PROV_DRBG *drbg, - unsigned char *out, size_t outlen, - const unsigned char *adin, size_t adin_len) + unsigned char *out, size_t outlen, + const unsigned char *adin, size_t adin_len) { PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)drbg->data; unsigned char counter[4]; @@ -334,29 +334,28 @@ counter[3] = (unsigned char)(reseed_counter & 0xff); return hash->ctx != NULL - && (adin == NULL - /* (Step 2) if adin != NULL then V = V + Hash(0x02||V||adin) */ - || adin_len == 0 - || add_hash_to_v(drbg, 0x02, adin, adin_len)) - /* (Step 3) Hashgen(outlen, V) */ - && hash_gen(drbg, out, outlen) - /* (Step 4/5) H = V = (V + Hash(0x03||V) mod (2^seedlen_bits) */ - && add_hash_to_v(drbg, 0x03, NULL, 0) - /* (Step 5) V = (V + H + C + reseed_counter) mod (2^seedlen_bits) */ - /* V = (V + C) mod (2^seedlen_bits) */ - && add_bytes(drbg, hash->V, hash->C, drbg->seedlen) - /* V = (V + reseed_counter) mod (2^seedlen_bits) */ - && add_bytes(drbg, hash->V, counter, 4); + && (adin == NULL + /* (Step 2) if adin != NULL then V = V + Hash(0x02||V||adin) */ + || adin_len == 0 + || add_hash_to_v(drbg, 0x02, adin, adin_len)) + /* (Step 3) Hashgen(outlen, V) */ + && hash_gen(drbg, out, outlen) + /* (Step 4/5) H = V = (V + Hash(0x03||V) mod (2^seedlen_bits) */ + && add_hash_to_v(drbg, 0x03, NULL, 0) + /* (Step 5) V = (V + H + C + reseed_counter) mod (2^seedlen_bits) */ + /* V = (V + C) mod (2^seedlen_bits) */ + && add_bytes(drbg, hash->V, hash->C, drbg->seedlen) + /* V = (V + reseed_counter) mod (2^seedlen_bits) */ + && add_bytes(drbg, hash->V, counter, 4); } -static int drbg_hash_generate_wrapper - (void *vdrbg, unsigned char *out, size_t outlen, unsigned int strength, - int prediction_resistance, const unsigned char *adin, size_t adin_len) +static int drbg_hash_generate_wrapper(void *vdrbg, unsigned char *out, size_t outlen, unsigned int strength, + int prediction_resistance, const unsigned char *adin, size_t adin_len) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; return ossl_prov_drbg_generate(drbg, out, outlen, strength, - prediction_resistance, adin, adin_len); + prediction_resistance, adin, adin_len); } static int drbg_hash_uninstantiate(PROV_DRBG *drbg) @@ -408,12 +407,12 @@ } static void *drbg_hash_new_wrapper(void *provctx, void *parent, - const OSSL_DISPATCH *parent_dispatch) + const OSSL_DISPATCH *parent_dispatch) { return ossl_rand_drbg_new(provctx, parent, parent_dispatch, - &drbg_hash_new, &drbg_hash_free, - &drbg_hash_instantiate, &drbg_hash_uninstantiate, - &drbg_hash_reseed, &drbg_hash_generate); + &drbg_hash_new, &drbg_hash_free, + &drbg_hash_instantiate, &drbg_hash_uninstantiate, + &drbg_hash_reseed, &drbg_hash_generate); } static void drbg_hash_free(void *vdrbg) @@ -447,7 +446,7 @@ } static const OSSL_PARAM *drbg_hash_gettable_ctx_params(ossl_unused void *vctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_DIGEST, NULL, 0), @@ -493,7 +492,7 @@ } static const OSSL_PARAM *drbg_hash_settable_ctx_params(ossl_unused void *vctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, NULL, 0), @@ -505,26 +504,26 @@ } const OSSL_DISPATCH ossl_drbg_hash_functions[] = { - { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))drbg_hash_new_wrapper }, - { OSSL_FUNC_RAND_FREECTX, (void(*)(void))drbg_hash_free }, + { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))drbg_hash_new_wrapper }, + { OSSL_FUNC_RAND_FREECTX, (void (*)(void))drbg_hash_free }, { OSSL_FUNC_RAND_INSTANTIATE, - (void(*)(void))drbg_hash_instantiate_wrapper }, + (void (*)(void))drbg_hash_instantiate_wrapper }, { OSSL_FUNC_RAND_UNINSTANTIATE, - (void(*)(void))drbg_hash_uninstantiate_wrapper }, - { OSSL_FUNC_RAND_GENERATE, (void(*)(void))drbg_hash_generate_wrapper }, - { OSSL_FUNC_RAND_RESEED, (void(*)(void))drbg_hash_reseed_wrapper }, - { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))ossl_drbg_enable_locking }, - { OSSL_FUNC_RAND_LOCK, (void(*)(void))ossl_drbg_lock }, - { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))ossl_drbg_unlock }, + (void (*)(void))drbg_hash_uninstantiate_wrapper }, + { OSSL_FUNC_RAND_GENERATE, (void (*)(void))drbg_hash_generate_wrapper }, + { OSSL_FUNC_RAND_RESEED, (void (*)(void))drbg_hash_reseed_wrapper }, + { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))ossl_drbg_enable_locking }, + { OSSL_FUNC_RAND_LOCK, (void (*)(void))ossl_drbg_lock }, + { OSSL_FUNC_RAND_UNLOCK, (void (*)(void))ossl_drbg_unlock }, { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS, - (void(*)(void))drbg_hash_settable_ctx_params }, - { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void(*)(void))drbg_hash_set_ctx_params }, + (void (*)(void))drbg_hash_settable_ctx_params }, + { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void (*)(void))drbg_hash_set_ctx_params }, { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, - (void(*)(void))drbg_hash_gettable_ctx_params }, - { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))drbg_hash_get_ctx_params }, + (void (*)(void))drbg_hash_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void (*)(void))drbg_hash_get_ctx_params }, { OSSL_FUNC_RAND_VERIFY_ZEROIZATION, - (void(*)(void))drbg_hash_verify_zeroization }, - { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))ossl_drbg_get_seed }, - { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))ossl_drbg_clear_seed }, + (void (*)(void))drbg_hash_verify_zeroization }, + { OSSL_FUNC_RAND_GET_SEED, (void (*)(void))ossl_drbg_get_seed }, + { OSSL_FUNC_RAND_CLEAR_SEED, (void (*)(void))ossl_drbg_clear_seed }, { 0, NULL } }; --- crypto/openssl/providers/implementations/rands/drbg_hmac.c.orig +++ crypto/openssl/providers/implementations/rands/drbg_hmac.c @@ -33,8 +33,8 @@ static OSSL_FUNC_rand_verify_zeroization_fn drbg_hmac_verify_zeroization; typedef struct rand_drbg_hmac_st { - EVP_MAC_CTX *ctx; /* H(x) = HMAC_hash OR H(x) = KMAC */ - PROV_DIGEST digest; /* H(x) = hash(x) */ + EVP_MAC_CTX *ctx; /* H(x) = HMAC_hash OR H(x) = KMAC */ + PROV_DIGEST digest; /* H(x) = hash(x) */ size_t blocklen; unsigned char K[EVP_MAX_MD_SIZE]; unsigned char V[EVP_MAX_MD_SIZE]; @@ -55,26 +55,26 @@ * Returns zero if an error occurs otherwise it returns 1. */ static int do_hmac(PROV_DRBG_HMAC *hmac, unsigned char inbyte, - const unsigned char *in1, size_t in1len, - const unsigned char *in2, size_t in2len, - const unsigned char *in3, size_t in3len) + const unsigned char *in1, size_t in1len, + const unsigned char *in2, size_t in2len, + const unsigned char *in3, size_t in3len) { EVP_MAC_CTX *ctx = hmac->ctx; if (!EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL) - /* K = HMAC(K, V || inbyte || [in1] || [in2] || [in3]) */ - || !EVP_MAC_update(ctx, hmac->V, hmac->blocklen) - || !EVP_MAC_update(ctx, &inbyte, 1) - || !(in1 == NULL || in1len == 0 || EVP_MAC_update(ctx, in1, in1len)) - || !(in2 == NULL || in2len == 0 || EVP_MAC_update(ctx, in2, in2len)) - || !(in3 == NULL || in3len == 0 || EVP_MAC_update(ctx, in3, in3len)) - || !EVP_MAC_final(ctx, hmac->K, NULL, sizeof(hmac->K))) + /* K = HMAC(K, V || inbyte || [in1] || [in2] || [in3]) */ + || !EVP_MAC_update(ctx, hmac->V, hmac->blocklen) + || !EVP_MAC_update(ctx, &inbyte, 1) + || !(in1 == NULL || in1len == 0 || EVP_MAC_update(ctx, in1, in1len)) + || !(in2 == NULL || in2len == 0 || EVP_MAC_update(ctx, in2, in2len)) + || !(in3 == NULL || in3len == 0 || EVP_MAC_update(ctx, in3, in3len)) + || !EVP_MAC_final(ctx, hmac->K, NULL, sizeof(hmac->K))) return 0; - /* V = HMAC(K, V) */ + /* V = HMAC(K, V) */ return EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL) - && EVP_MAC_update(ctx, hmac->V, hmac->blocklen) - && EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V)); + && EVP_MAC_update(ctx, hmac->V, hmac->blocklen) + && EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V)); } /* @@ -92,9 +92,9 @@ * Returns zero if an error occurs otherwise it returns 1. */ static int drbg_hmac_update(PROV_DRBG *drbg, - const unsigned char *in1, size_t in1len, - const unsigned char *in2, size_t in2len, - const unsigned char *in3, size_t in3len) + const unsigned char *in1, size_t in1len, + const unsigned char *in2, size_t in2len, + const unsigned char *in3, size_t in3len) { PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data; @@ -120,9 +120,9 @@ * Returns zero if an error occurs otherwise it returns 1. */ static int drbg_hmac_instantiate(PROV_DRBG *drbg, - const unsigned char *ent, size_t ent_len, - const unsigned char *nonce, size_t nonce_len, - const unsigned char *pstr, size_t pstr_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *nonce, size_t nonce_len, + const unsigned char *pstr, size_t pstr_len) { PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data; @@ -137,21 +137,21 @@ memset(hmac->V, 0x01, hmac->blocklen); /* (Step 4) (K,V) = HMAC_DRBG_Update(entropy||nonce||pers string, K, V) */ return drbg_hmac_update(drbg, ent, ent_len, nonce, nonce_len, pstr, - pstr_len); + pstr_len); } static int drbg_hmac_instantiate_wrapper(void *vdrbg, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, - size_t pstr_len, - const OSSL_PARAM params[]) + int prediction_resistance, + const unsigned char *pstr, + size_t pstr_len, + const OSSL_PARAM params[]) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; if (!ossl_prov_is_running() || !drbg_hmac_set_ctx_params(drbg, params)) return 0; return ossl_prov_drbg_instantiate(drbg, strength, prediction_resistance, - pstr, pstr_len); + pstr, pstr_len); } /* @@ -165,21 +165,21 @@ * Returns zero if an error occurs otherwise it returns 1. */ static int drbg_hmac_reseed(PROV_DRBG *drbg, - const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adin_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adin_len) { /* (Step 2) (K,V) = HMAC_DRBG_Update(entropy||additional_input, K, V) */ return drbg_hmac_update(drbg, ent, ent_len, adin, adin_len, NULL, 0); } static int drbg_hmac_reseed_wrapper(void *vdrbg, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adin_len) + const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adin_len) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; return ossl_prov_drbg_reseed(drbg, prediction_resistance, ent, ent_len, - adin, adin_len); + adin, adin_len); } /* @@ -192,8 +192,8 @@ * Returns zero if an error occurs otherwise it returns 1. */ static int drbg_hmac_generate(PROV_DRBG *drbg, - unsigned char *out, size_t outlen, - const unsigned char *adin, size_t adin_len) + unsigned char *out, size_t outlen, + const unsigned char *adin, size_t adin_len) { PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data; EVP_MAC_CTX *ctx = hmac->ctx; @@ -201,8 +201,8 @@ /* (Step 2) if adin != NULL then (K,V) = HMAC_DRBG_Update(adin, K, V) */ if (adin != NULL - && adin_len > 0 - && !drbg_hmac_update(drbg, adin, adin_len, NULL, 0, NULL, 0)) + && adin_len > 0 + && !drbg_hmac_update(drbg, adin, adin_len, NULL, 0, NULL, 0)) return 0; /* @@ -237,14 +237,13 @@ return 1; } -static int drbg_hmac_generate_wrapper - (void *vdrbg, unsigned char *out, size_t outlen, unsigned int strength, - int prediction_resistance, const unsigned char *adin, size_t adin_len) +static int drbg_hmac_generate_wrapper(void *vdrbg, unsigned char *out, size_t outlen, unsigned int strength, + int prediction_resistance, const unsigned char *adin, size_t adin_len) { PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; return ossl_prov_drbg_generate(drbg, out, outlen, strength, - prediction_resistance, adin, adin_len); + prediction_resistance, adin, adin_len); } static int drbg_hmac_uninstantiate(PROV_DRBG *drbg) @@ -294,12 +293,12 @@ } static void *drbg_hmac_new_wrapper(void *provctx, void *parent, - const OSSL_DISPATCH *parent_dispatch) + const OSSL_DISPATCH *parent_dispatch) { return ossl_rand_drbg_new(provctx, parent, parent_dispatch, - &drbg_hmac_new, &drbg_hmac_free, - &drbg_hmac_instantiate, &drbg_hmac_uninstantiate, - &drbg_hmac_reseed, &drbg_hmac_generate); + &drbg_hmac_new, &drbg_hmac_free, + &drbg_hmac_instantiate, &drbg_hmac_uninstantiate, + &drbg_hmac_reseed, &drbg_hmac_generate); } static void drbg_hmac_free(void *vdrbg) @@ -343,7 +342,7 @@ } static const OSSL_PARAM *drbg_hmac_gettable_ctx_params(ossl_unused void *vctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_MAC, NULL, 0), @@ -376,7 +375,7 @@ } if (!ossl_prov_macctx_load_from_params(&hmac->ctx, params, - NULL, NULL, NULL, libctx)) + NULL, NULL, NULL, libctx)) return 0; if (hmac->ctx != NULL) { @@ -395,7 +394,7 @@ } static const OSSL_PARAM *drbg_hmac_settable_ctx_params(ossl_unused void *vctx, - ossl_unused void *p_ctx) + ossl_unused void *p_ctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, NULL, 0), @@ -408,26 +407,26 @@ } const OSSL_DISPATCH ossl_drbg_ossl_hmac_functions[] = { - { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))drbg_hmac_new_wrapper }, - { OSSL_FUNC_RAND_FREECTX, (void(*)(void))drbg_hmac_free }, + { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))drbg_hmac_new_wrapper }, + { OSSL_FUNC_RAND_FREECTX, (void (*)(void))drbg_hmac_free }, { OSSL_FUNC_RAND_INSTANTIATE, - (void(*)(void))drbg_hmac_instantiate_wrapper }, + (void (*)(void))drbg_hmac_instantiate_wrapper }, { OSSL_FUNC_RAND_UNINSTANTIATE, - (void(*)(void))drbg_hmac_uninstantiate_wrapper }, - { OSSL_FUNC_RAND_GENERATE, (void(*)(void))drbg_hmac_generate_wrapper }, - { OSSL_FUNC_RAND_RESEED, (void(*)(void))drbg_hmac_reseed_wrapper }, - { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))ossl_drbg_enable_locking }, - { OSSL_FUNC_RAND_LOCK, (void(*)(void))ossl_drbg_lock }, - { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))ossl_drbg_unlock }, + (void (*)(void))drbg_hmac_uninstantiate_wrapper }, + { OSSL_FUNC_RAND_GENERATE, (void (*)(void))drbg_hmac_generate_wrapper }, + { OSSL_FUNC_RAND_RESEED, (void (*)(void))drbg_hmac_reseed_wrapper }, + { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))ossl_drbg_enable_locking }, + { OSSL_FUNC_RAND_LOCK, (void (*)(void))ossl_drbg_lock }, + { OSSL_FUNC_RAND_UNLOCK, (void (*)(void))ossl_drbg_unlock }, { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS, - (void(*)(void))drbg_hmac_settable_ctx_params }, - { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void(*)(void))drbg_hmac_set_ctx_params }, + (void (*)(void))drbg_hmac_settable_ctx_params }, + { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void (*)(void))drbg_hmac_set_ctx_params }, { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, - (void(*)(void))drbg_hmac_gettable_ctx_params }, - { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))drbg_hmac_get_ctx_params }, + (void (*)(void))drbg_hmac_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void (*)(void))drbg_hmac_get_ctx_params }, { OSSL_FUNC_RAND_VERIFY_ZEROIZATION, - (void(*)(void))drbg_hmac_verify_zeroization }, - { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))ossl_drbg_get_seed }, - { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))ossl_drbg_clear_seed }, + (void (*)(void))drbg_hmac_verify_zeroization }, + { OSSL_FUNC_RAND_GET_SEED, (void (*)(void))ossl_drbg_get_seed }, + { OSSL_FUNC_RAND_CLEAR_SEED, (void (*)(void))ossl_drbg_clear_seed }, { 0, NULL } }; --- crypto/openssl/providers/implementations/rands/drbg_local.h.orig +++ crypto/openssl/providers/implementations/rands/drbg_local.h @@ -8,27 +8,27 @@ */ #ifndef OSSL_CRYPTO_PROV_LOCAL_H -# define OSSL_CRYPTO_PROV_LOCAL_H +#define OSSL_CRYPTO_PROV_LOCAL_H -# include -# include -# include -# include -# include "internal/tsan_assist.h" -# include "internal/nelem.h" -# include "internal/numbers.h" -# include "prov/provider_ctx.h" +#include +#include +#include +#include +#include "internal/tsan_assist.h" +#include "internal/nelem.h" +#include "internal/numbers.h" +#include "prov/provider_ctx.h" /* How many times to read the TSC as a randomness source. */ -# define TSC_READ_COUNT 4 +#define TSC_READ_COUNT 4 /* Maximum reseed intervals */ -# define MAX_RESEED_INTERVAL (1 << 24) -# define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */ +#define MAX_RESEED_INTERVAL (1 << 24) +#define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */ /* Default reseed intervals */ -# define RESEED_INTERVAL (1 << 8) -# define TIME_INTERVAL (60*60) /* 1 hour */ +#define RESEED_INTERVAL (1 << 8) +#define TIME_INTERVAL (60 * 60) /* 1 hour */ /* * The number of bytes that constitutes an atomic lump of entropy with respect @@ -38,7 +38,7 @@ * * The value is in bytes. */ -#define CRNGT_BUFSIZ 16 +#define CRNGT_BUFSIZ 16 /* * Maximum input size for the DRBG (entropy, nonce, personalization string) @@ -47,15 +47,15 @@ * * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes. */ -# define DRBG_MAX_LENGTH INT32_MAX +#define DRBG_MAX_LENGTH INT32_MAX /* The default nonce */ #ifdef CHARSET_EBCDIC -# define DRBG_DEFAULT_PERS_STRING { 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, \ - 0x4c, 0x20, 0x4e, 0x49, 0x53, 0x54, 0x20, 0x53, 0x50, 0x20, 0x38, 0x30, \ - 0x30, 0x2d, 0x39, 0x30, 0x41, 0x20, 0x44, 0x52, 0x42, 0x47, 0x00}; +#define DRBG_DEFAULT_PERS_STRING { 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, \ + 0x4c, 0x20, 0x4e, 0x49, 0x53, 0x54, 0x20, 0x53, 0x50, 0x20, 0x38, 0x30, \ + 0x30, 0x2d, 0x39, 0x30, 0x41, 0x20, 0x44, 0x52, 0x42, 0x47, 0x00 }; #else -# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG" +#define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG" #endif typedef struct prov_drbg_st PROV_DRBG; @@ -76,14 +76,14 @@ /* Virtual functions are cache here */ int (*instantiate)(PROV_DRBG *drbg, - const unsigned char *entropy, size_t entropylen, - const unsigned char *nonce, size_t noncelen, - const unsigned char *pers, size_t perslen); + const unsigned char *entropy, size_t entropylen, + const unsigned char *nonce, size_t noncelen, + const unsigned char *pers, size_t perslen); int (*uninstantiate)(PROV_DRBG *ctx); int (*reseed)(PROV_DRBG *drbg, const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adin_len); + const unsigned char *adin, size_t adin_len); int (*generate)(PROV_DRBG *, unsigned char *out, size_t outlen, - const unsigned char *adin, size_t adin_len); + const unsigned char *adin, size_t adin_len); /* Parent PROV_RAND and its dispatch table functions */ void *parent; @@ -178,34 +178,33 @@ OSSL_CALLBACK *cleanup_nonce_fn; }; -PROV_DRBG *ossl_rand_drbg_new - (void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch, - int (*dnew)(PROV_DRBG *ctx), - void (*dfree)(void *vctx), - int (*instantiate)(PROV_DRBG *drbg, - const unsigned char *entropy, size_t entropylen, - const unsigned char *nonce, size_t noncelen, - const unsigned char *pers, size_t perslen), - int (*uninstantiate)(PROV_DRBG *ctx), - int (*reseed)(PROV_DRBG *drbg, const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adin_len), - int (*generate)(PROV_DRBG *, unsigned char *out, size_t outlen, - const unsigned char *adin, size_t adin_len)); +PROV_DRBG *ossl_rand_drbg_new(void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch, + int (*dnew)(PROV_DRBG *ctx), + void (*dfree)(void *vctx), + int (*instantiate)(PROV_DRBG *drbg, + const unsigned char *entropy, size_t entropylen, + const unsigned char *nonce, size_t noncelen, + const unsigned char *pers, size_t perslen), + int (*uninstantiate)(PROV_DRBG *ctx), + int (*reseed)(PROV_DRBG *drbg, const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adin_len), + int (*generate)(PROV_DRBG *, unsigned char *out, size_t outlen, + const unsigned char *adin, size_t adin_len)); void ossl_rand_drbg_free(PROV_DRBG *drbg); int ossl_prov_drbg_instantiate(PROV_DRBG *drbg, unsigned int strength, - int prediction_resistance, - const unsigned char *pers, size_t perslen); + int prediction_resistance, + const unsigned char *pers, size_t perslen); int ossl_prov_drbg_uninstantiate(PROV_DRBG *drbg); int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *adin, size_t adinlen); + const unsigned char *ent, size_t ent_len, + const unsigned char *adin, size_t adinlen); int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *adin, size_t adinlen); + unsigned int strength, int prediction_resistance, + const unsigned char *adin, size_t adinlen); /* Seeding api */ OSSL_FUNC_rand_get_seed_fn ossl_drbg_get_seed; @@ -230,31 +229,31 @@ int ossl_drbg_get_ctx_params(PROV_DRBG *drbg, OSSL_PARAM params[]); int ossl_drbg_set_ctx_params(PROV_DRBG *drbg, const OSSL_PARAM params[]); -#define OSSL_PARAM_DRBG_SETTABLE_CTX_COMMON \ - OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL), \ - OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL) - -#define OSSL_PARAM_DRBG_GETTABLE_CTX_COMMON \ - OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), \ - OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL), \ - OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL), \ - OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_ENTROPYLEN, NULL), \ - OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ENTROPYLEN, NULL), \ - OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_NONCELEN, NULL), \ - OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_NONCELEN, NULL), \ - OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_PERSLEN, NULL), \ - OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ADINLEN, NULL), \ - OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_COUNTER, NULL), \ - OSSL_PARAM_time_t(OSSL_DRBG_PARAM_RESEED_TIME, NULL), \ - OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL), \ - OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL) +#define OSSL_PARAM_DRBG_SETTABLE_CTX_COMMON \ + OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL), \ + OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL) + +#define OSSL_PARAM_DRBG_GETTABLE_CTX_COMMON \ + OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), \ + OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL), \ + OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL), \ + OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_ENTROPYLEN, NULL), \ + OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ENTROPYLEN, NULL), \ + OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_NONCELEN, NULL), \ + OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_NONCELEN, NULL), \ + OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_PERSLEN, NULL), \ + OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ADINLEN, NULL), \ + OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_COUNTER, NULL), \ + OSSL_PARAM_time_t(OSSL_DRBG_PARAM_RESEED_TIME, NULL), \ + OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL), \ + OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL) /* Continuous test "entropy" calls */ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg, - unsigned char **pout, - int entropy, size_t min_len, size_t max_len, - int prediction_resistance); + unsigned char **pout, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance); void ossl_crngt_cleanup_entropy(PROV_DRBG *drbg, - unsigned char *out, size_t outlen); + unsigned char *out, size_t outlen); #endif --- crypto/openssl/providers/implementations/rands/seed_src.c.orig +++ crypto/openssl/providers/implementations/rands/seed_src.c @@ -43,7 +43,7 @@ } PROV_SEED_SRC; static void *seed_src_new(void *provctx, void *parent, - const OSSL_DISPATCH *parent_dispatch) + const OSSL_DISPATCH *parent_dispatch) { PROV_SEED_SRC *s; @@ -69,9 +69,9 @@ } static int seed_src_instantiate(void *vseed, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, - ossl_unused const OSSL_PARAM params[]) + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + ossl_unused const OSSL_PARAM params[]) { PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed; @@ -88,10 +88,10 @@ } static int seed_src_generate(void *vseed, unsigned char *out, size_t outlen, - unsigned int strength, - ossl_unused int prediction_resistance, - ossl_unused const unsigned char *adin, - ossl_unused size_t adin_len) + unsigned int strength, + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *adin, + ossl_unused size_t adin_len) { PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed; size_t entropy_available; @@ -99,8 +99,8 @@ if (s->state != EVP_RAND_STATE_READY) { ERR_raise(ERR_LIB_PROV, - s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE - : PROV_R_NOT_INSTANTIATED); + s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE + : PROV_R_NOT_INSTANTIATED); return 0; } @@ -121,18 +121,18 @@ } static int seed_src_reseed(void *vseed, - ossl_unused int prediction_resistance, - ossl_unused const unsigned char *ent, - ossl_unused size_t ent_len, - ossl_unused const unsigned char *adin, - ossl_unused size_t adin_len) + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *ent, + ossl_unused size_t ent_len, + ossl_unused const unsigned char *adin, + ossl_unused size_t adin_len) { PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed; if (s->state != EVP_RAND_STATE_READY) { ERR_raise(ERR_LIB_PROV, - s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE - : PROV_R_NOT_INSTANTIATED); + s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE + : PROV_R_NOT_INSTANTIATED); return 0; } return 1; @@ -158,7 +158,7 @@ } static const OSSL_PARAM *seed_src_gettable_ctx_params(ossl_unused void *vseed, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), @@ -175,9 +175,9 @@ } static size_t seed_get_seed(void *vseed, unsigned char **pout, - int entropy, size_t min_len, size_t max_len, - int prediction_resistance, - const unsigned char *adin, size_t adin_len) + int entropy, size_t min_len, size_t max_len, + int prediction_resistance, + const unsigned char *adin, size_t adin_len) { size_t bytes_needed; unsigned char *p; @@ -202,7 +202,8 @@ return 0; } if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance, - adin, adin_len) != 0) { + adin, adin_len) + != 0) { *pout = p; return bytes_needed; } @@ -211,7 +212,7 @@ } static void seed_clear_seed(ossl_unused void *vdrbg, - unsigned char *out, size_t outlen) + unsigned char *out, size_t outlen) { OPENSSL_secure_clear_free(out, outlen); } @@ -231,23 +232,23 @@ } const OSSL_DISPATCH ossl_seed_src_functions[] = { - { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))seed_src_new }, - { OSSL_FUNC_RAND_FREECTX, (void(*)(void))seed_src_free }, + { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))seed_src_new }, + { OSSL_FUNC_RAND_FREECTX, (void (*)(void))seed_src_free }, { OSSL_FUNC_RAND_INSTANTIATE, - (void(*)(void))seed_src_instantiate }, + (void (*)(void))seed_src_instantiate }, { OSSL_FUNC_RAND_UNINSTANTIATE, - (void(*)(void))seed_src_uninstantiate }, - { OSSL_FUNC_RAND_GENERATE, (void(*)(void))seed_src_generate }, - { OSSL_FUNC_RAND_RESEED, (void(*)(void))seed_src_reseed }, - { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))seed_src_enable_locking }, - { OSSL_FUNC_RAND_LOCK, (void(*)(void))seed_src_lock }, - { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))seed_src_unlock }, + (void (*)(void))seed_src_uninstantiate }, + { OSSL_FUNC_RAND_GENERATE, (void (*)(void))seed_src_generate }, + { OSSL_FUNC_RAND_RESEED, (void (*)(void))seed_src_reseed }, + { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))seed_src_enable_locking }, + { OSSL_FUNC_RAND_LOCK, (void (*)(void))seed_src_lock }, + { OSSL_FUNC_RAND_UNLOCK, (void (*)(void))seed_src_unlock }, { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, - (void(*)(void))seed_src_gettable_ctx_params }, - { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))seed_src_get_ctx_params }, + (void (*)(void))seed_src_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void (*)(void))seed_src_get_ctx_params }, { OSSL_FUNC_RAND_VERIFY_ZEROIZATION, - (void(*)(void))seed_src_verify_zeroization }, - { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))seed_get_seed }, - { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))seed_clear_seed }, + (void (*)(void))seed_src_verify_zeroization }, + { OSSL_FUNC_RAND_GET_SEED, (void (*)(void))seed_get_seed }, + { OSSL_FUNC_RAND_CLEAR_SEED, (void (*)(void))seed_clear_seed }, { 0, NULL } }; --- crypto/openssl/providers/implementations/rands/seeding/rand_cpu_x86.c.orig +++ crypto/openssl/providers/implementations/rands/seeding/rand_cpu_x86.c @@ -13,13 +13,13 @@ #include "prov/seeding.h" #ifdef OPENSSL_RAND_SEED_RDCPU -# if defined(OPENSSL_SYS_TANDEM) && defined(_TNS_X_TARGET) -# include /* _rdrand64 */ -# include /* memcpy */ -# else +#if defined(OPENSSL_SYS_TANDEM) && defined(_TNS_X_TARGET) +#include /* _rdrand64 */ +#include /* memcpy */ +#else size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); -# endif +#endif static size_t get_hardware_random_value(unsigned char *buf, size_t len); @@ -88,16 +88,17 @@ return 0; } #else -static size_t get_hardware_random_value(unsigned char *buf, size_t len) { +static size_t get_hardware_random_value(unsigned char *buf, size_t len) +{ /* Whichever comes first, use RDSEED, RDRAND or nothing */ if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) { - if (OPENSSL_ia32_rdseed_bytes(buf, len) != len) - return 0; + if (OPENSSL_ia32_rdseed_bytes(buf, len) != len) + return 0; } else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) { - if (OPENSSL_ia32_rdrand_bytes(buf, len) != len) - return 0; + if (OPENSSL_ia32_rdrand_bytes(buf, len) != len) + return 0; } else - return 0; + return 0; return len; } #endif --- crypto/openssl/providers/implementations/rands/seeding/rand_tsc.c.orig +++ crypto/openssl/providers/implementations/rands/seeding/rand_tsc.c @@ -19,7 +19,7 @@ * Some SP800-90B tests have been run, but there is internal skepticism. * So for now this code is not used. */ -# error "RDTSC enabled? Should not be possible!" +#error "RDTSC enabled? Should not be possible!" /* * Acquire entropy from high-speed clock --- crypto/openssl/providers/implementations/rands/seeding/rand_unix.c.orig +++ crypto/openssl/providers/implementations/rands/seeding/rand_unix.c @@ -8,7 +8,7 @@ */ #ifndef _GNU_SOURCE -# define _GNU_SOURCE +#define _GNU_SOURCE #endif #include "../e_os.h" #include @@ -22,38 +22,38 @@ #include "prov/seeding.h" #ifdef __linux -# include -# ifdef DEVRANDOM_WAIT -# include -# include -# endif +#include +#ifdef DEVRANDOM_WAIT +#include +#include +#endif #endif #if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) -# include -# include -# include +#include +#include +#include #endif #if defined(__OpenBSD__) -# include +#include #endif #if defined(__DragonFly__) -# include -# include +#include +#include #endif #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ - || defined(__DJGPP__) -# include -# include -# include -# include -# include + || defined(__DJGPP__) +#include +#include +#include +#include +#include static uint64_t get_time_stamp(void); static uint64_t get_timer_bits(void); /* Macro to convert two thirty two bit values into a sixty four bit one */ -# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b)) +#define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b)) /* * Check for the existence and support of POSIX timers. The standard @@ -75,54 +75,54 @@ * The nested #if sequences are required to avoid using a parameterised * macro that might be undefined. */ -# undef OSSL_POSIX_TIMER_OKAY +#undef OSSL_POSIX_TIMER_OKAY /* On some systems, _POSIX_TIMERS is defined but empty. * Subtracting by 0 when comparing avoids an error in this case. */ -# if defined(_POSIX_TIMERS) && _POSIX_TIMERS -0 > 0 -# if defined(__GLIBC__) -# if defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 17) -# define OSSL_POSIX_TIMER_OKAY -# endif -# endif -# else -# define OSSL_POSIX_TIMER_OKAY -# endif -# endif -#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) +#if defined(_POSIX_TIMERS) && _POSIX_TIMERS - 0 > 0 +#if defined(__GLIBC__) +#if defined(__GLIBC_PREREQ) +#if __GLIBC_PREREQ(2, 17) +#define OSSL_POSIX_TIMER_OKAY +#endif +#endif +#else +#define OSSL_POSIX_TIMER_OKAY +#endif +#endif +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ || defined(__DJGPP__) */ #if defined(OPENSSL_RAND_SEED_NONE) /* none means none. this simplifies the following logic */ -# undef OPENSSL_RAND_SEED_OS -# undef OPENSSL_RAND_SEED_GETRANDOM -# undef OPENSSL_RAND_SEED_LIBRANDOM -# undef OPENSSL_RAND_SEED_DEVRANDOM -# undef OPENSSL_RAND_SEED_RDTSC -# undef OPENSSL_RAND_SEED_RDCPU -# undef OPENSSL_RAND_SEED_EGD +#undef OPENSSL_RAND_SEED_OS +#undef OPENSSL_RAND_SEED_GETRANDOM +#undef OPENSSL_RAND_SEED_LIBRANDOM +#undef OPENSSL_RAND_SEED_DEVRANDOM +#undef OPENSSL_RAND_SEED_RDTSC +#undef OPENSSL_RAND_SEED_RDCPU +#undef OPENSSL_RAND_SEED_EGD #endif #if defined(OPENSSL_SYS_UEFI) && !defined(OPENSSL_RAND_SEED_NONE) -# error "UEFI only supports seeding NONE" +#error "UEFI only supports seeding NONE" #endif #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \ - || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \ + || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \ || defined(OPENSSL_SYS_UEFI)) -# if defined(OPENSSL_SYS_VOS) +#if defined(OPENSSL_SYS_VOS) -# ifndef OPENSSL_RAND_SEED_OS -# error "Unsupported seeding method configured; must be os" -# endif +#ifndef OPENSSL_RAND_SEED_OS +#error "Unsupported seeding method configured; must be os" +#endif -# if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32) -# error "Unsupported HP-PA and IA32 at the same time." -# endif -# if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32) -# error "Must have one of HP-PA or IA32" -# endif +#if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32) +#error "Unsupported HP-PA and IA32 at the same time." +#endif +#if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32) +#error "Must have one of HP-PA or IA32" +#endif /* * The following algorithm repeatedly samples the real-time clock (RTC) to @@ -145,13 +145,13 @@ size_t bytes_needed; struct timespec ts; unsigned char v; -# ifdef OPENSSL_SYS_VOS_HPPA +#ifdef OPENSSL_SYS_VOS_HPPA long duration; extern void s$sleep(long *_duration, short int *_code); -# else +#else long long duration; extern void s$sleep2(long long *_duration, short int *_code); -# endif +#endif bytes_needed = ossl_rand_pool_bytes_needed(pool, 4 /*entropy_factor*/); @@ -163,20 +163,20 @@ for (k = 0; k < 99; k++) ts.tv_nsec = random(); -# ifdef OPENSSL_SYS_VOS_HPPA +#ifdef OPENSSL_SYS_VOS_HPPA /* sleep for 1/1024 of a second (976 us). */ duration = 1; s$sleep(&duration, &code); -# else +#else /* sleep for 1/65536 of a second (15 us). */ duration = 1; s$sleep2(&duration, &code); -# endif +#endif /* Get wall clock time, take 8 bits. */ clock_gettime(CLOCK_REALTIME, &ts); v = (unsigned char)(ts.tv_nsec & 0xFF); - ossl_rand_pool_add(pool, arg, &v, sizeof(v) , 2); + ossl_rand_pool_add(pool, arg, &v, sizeof(v), 2); } return ossl_rand_pool_entropy_available(pool); } @@ -189,30 +189,29 @@ { } -# else +#else -# if defined(OPENSSL_RAND_SEED_EGD) && \ - (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD)) -# error "Seeding uses EGD but EGD is turned off or no device given" -# endif +#if defined(OPENSSL_RAND_SEED_EGD) && (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD)) +#error "Seeding uses EGD but EGD is turned off or no device given" +#endif -# if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM) -# error "Seeding uses urandom but DEVRANDOM is not configured" -# endif +#if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM) +#error "Seeding uses urandom but DEVRANDOM is not configured" +#endif -# if defined(OPENSSL_RAND_SEED_OS) -# if !defined(DEVRANDOM) -# error "OS seeding requires DEVRANDOM to be configured" -# endif -# define OPENSSL_RAND_SEED_GETRANDOM -# define OPENSSL_RAND_SEED_DEVRANDOM -# endif +#if defined(OPENSSL_RAND_SEED_OS) +#if !defined(DEVRANDOM) +#error "OS seeding requires DEVRANDOM to be configured" +#endif +#define OPENSSL_RAND_SEED_GETRANDOM +#define OPENSSL_RAND_SEED_DEVRANDOM +#endif -# if defined(OPENSSL_RAND_SEED_LIBRANDOM) -# error "librandom not (yet) supported" -# endif +#if defined(OPENSSL_RAND_SEED_LIBRANDOM) +#error "librandom not (yet) supported" +#endif -# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) /* * sysctl_random(): Use sysctl() to read a random number from the kernel * Returns the number of bytes returned in buf on success, -1 on failure. @@ -234,7 +233,7 @@ * when the sysctl returns long and we want to request something not a * multiple of longs, which should never be the case. */ -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) if (!ossl_assert(buflen % sizeof(long) == 0)) { errno = EINVAL; return -1; @@ -248,7 +247,7 @@ * up to 256 bytes. * Just return an error on older NetBSD versions. */ -#if defined(__NetBSD__) && __NetBSD_Version__ < 400000000 +#if defined(__NetBSD__) && __NetBSD_Version__ < 400000000 errno = ENOSYS; return -1; #endif @@ -267,65 +266,65 @@ return done; } -# endif - -# if defined(OPENSSL_RAND_SEED_GETRANDOM) - -# if defined(__linux) && !defined(__NR_getrandom) -# if defined(__arm__) -# define __NR_getrandom (__NR_SYSCALL_BASE+384) -# elif defined(__i386__) -# define __NR_getrandom 355 -# elif defined(__x86_64__) -# if defined(__ILP32__) -# define __NR_getrandom (__X32_SYSCALL_BIT + 318) -# else -# define __NR_getrandom 318 -# endif -# elif defined(__xtensa__) -# define __NR_getrandom 338 -# elif defined(__s390__) || defined(__s390x__) -# define __NR_getrandom 349 -# elif defined(__bfin__) -# define __NR_getrandom 389 -# elif defined(__powerpc__) -# define __NR_getrandom 359 -# elif defined(__mips__) || defined(__mips64) -# if _MIPS_SIM == _MIPS_SIM_ABI32 -# define __NR_getrandom (__NR_Linux + 353) -# elif _MIPS_SIM == _MIPS_SIM_ABI64 -# define __NR_getrandom (__NR_Linux + 313) -# elif _MIPS_SIM == _MIPS_SIM_NABI32 -# define __NR_getrandom (__NR_Linux + 317) -# endif -# elif defined(__hppa__) -# define __NR_getrandom (__NR_Linux + 339) -# elif defined(__sparc__) -# define __NR_getrandom 347 -# elif defined(__ia64__) -# define __NR_getrandom 1339 -# elif defined(__alpha__) -# define __NR_getrandom 511 -# elif defined(__sh__) -# if defined(__SH5__) -# define __NR_getrandom 373 -# else -# define __NR_getrandom 384 -# endif -# elif defined(__avr32__) -# define __NR_getrandom 317 -# elif defined(__microblaze__) -# define __NR_getrandom 385 -# elif defined(__m68k__) -# define __NR_getrandom 352 -# elif defined(__cris__) -# define __NR_getrandom 356 -# elif defined(__aarch64__) -# define __NR_getrandom 278 -# else /* generic */ -# define __NR_getrandom 278 -# endif -# endif +#endif + +#if defined(OPENSSL_RAND_SEED_GETRANDOM) + +#if defined(__linux) && !defined(__NR_getrandom) +#if defined(__arm__) +#define __NR_getrandom (__NR_SYSCALL_BASE + 384) +#elif defined(__i386__) +#define __NR_getrandom 355 +#elif defined(__x86_64__) +#if defined(__ILP32__) +#define __NR_getrandom (__X32_SYSCALL_BIT + 318) +#else +#define __NR_getrandom 318 +#endif +#elif defined(__xtensa__) +#define __NR_getrandom 338 +#elif defined(__s390__) || defined(__s390x__) +#define __NR_getrandom 349 +#elif defined(__bfin__) +#define __NR_getrandom 389 +#elif defined(__powerpc__) +#define __NR_getrandom 359 +#elif defined(__mips__) || defined(__mips64) +#if _MIPS_SIM == _MIPS_SIM_ABI32 +#define __NR_getrandom (__NR_Linux + 353) +#elif _MIPS_SIM == _MIPS_SIM_ABI64 +#define __NR_getrandom (__NR_Linux + 313) +#elif _MIPS_SIM == _MIPS_SIM_NABI32 +#define __NR_getrandom (__NR_Linux + 317) +#endif +#elif defined(__hppa__) +#define __NR_getrandom (__NR_Linux + 339) +#elif defined(__sparc__) +#define __NR_getrandom 347 +#elif defined(__ia64__) +#define __NR_getrandom 1339 +#elif defined(__alpha__) +#define __NR_getrandom 511 +#elif defined(__sh__) +#if defined(__SH5__) +#define __NR_getrandom 373 +#else +#define __NR_getrandom 384 +#endif +#elif defined(__avr32__) +#define __NR_getrandom 317 +#elif defined(__microblaze__) +#define __NR_getrandom 385 +#elif defined(__m68k__) +#define __NR_getrandom 352 +#elif defined(__cris__) +#define __NR_getrandom 356 +#elif defined(__aarch64__) +#define __NR_getrandom 278 +#else /* generic */ +#define __NR_getrandom 278 +#endif +#endif /* * syscall_random(): Try to get random data using a system call @@ -356,8 +355,8 @@ * Note: Sometimes getentropy() can be provided but not implemented * internally. So we need to check errno for ENOSYS */ -# if !defined(__DragonFly__) && !defined(__NetBSD__) -# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) +#if !defined(__DragonFly__) && !defined(__NetBSD__) +#if defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *buffer, size_t length) __attribute__((weak)); if (getentropy != NULL) { @@ -366,13 +365,13 @@ if (errno != ENOSYS) return -1; } -# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) +#elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) - return (ssize_t)buflen; + return (ssize_t)buflen; return -1; -# else +#else union { void *p; int (*f)(void *buffer, size_t length); @@ -387,25 +386,25 @@ ERR_pop_to_mark(); if (p_getentropy.p != NULL) return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; -# endif -# endif /* !__DragonFly__ */ +#endif +#endif /* !__DragonFly__ */ /* Linux supports this since version 3.17 */ -# if defined(__linux) && defined(__NR_getrandom) +#if defined(__linux) && defined(__NR_getrandom) return syscall(__NR_getrandom, buf, buflen, 0); -# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) +#elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) return sysctl_random(buf, buflen); -# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ - || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) +#elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ + || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) return getrandom(buf, buflen, 0); -# else +#else errno = ENOSYS; return -1; -# endif +#endif } -# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ +#endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ -# if defined(OPENSSL_RAND_SEED_DEVRANDOM) +#if defined(OPENSSL_RAND_SEED_DEVRANDOM) static const char *random_device_paths[] = { DEVRANDOM }; static struct random_device { int fd; @@ -416,8 +415,8 @@ } random_devices[OSSL_NELEM(random_device_paths)]; static int keep_random_devices_open = 1; -# if defined(__linux) && defined(DEVRANDOM_WAIT) \ - && defined(OPENSSL_RAND_SEED_GETRANDOM) +#if defined(__linux) && defined(DEVRANDOM_WAIT) \ + && defined(OPENSSL_RAND_SEED_GETRANDOM) static void *shm_addr; static void cleanup_shm(void) @@ -469,16 +468,18 @@ FD_ZERO(&fds); FD_SET(fd, &fds); while ((r = select(fd + 1, &fds, NULL, NULL, NULL)) < 0 - && errno == EINTR); + && errno == EINTR) + ; } else { - while ((r = read(fd, &c, 1)) < 0 && errno == EINTR); + while ((r = read(fd, &c, 1)) < 0 && errno == EINTR) + ; } close(fd); if (r == 1) { seeded = 1; /* Create the shared memory indicator */ shm_id = shmget(OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID, 1, - IPC_CREAT | S_IRUSR | S_IRGRP | S_IROTH); + IPC_CREAT | S_IRUSR | S_IRGRP | S_IROTH); } } } @@ -495,12 +496,12 @@ } return seeded; } -# else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */ +#else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */ static int wait_random_seeded(void) { return 1; } -# endif +#endif /* * Verify that the file descriptor associated with the random source is @@ -509,16 +510,16 @@ * So the handle might have been closed or even reused for opening * another file. */ -static int check_random_device(struct random_device * rd) +static int check_random_device(struct random_device *rd) { struct stat st; return rd->fd != -1 - && fstat(rd->fd, &st) != -1 - && rd->dev == st.st_dev - && rd->ino == st.st_ino - && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0 - && rd->rdev == st.st_rdev; + && fstat(rd->fd, &st) != -1 + && rd->dev == st.st_dev + && rd->ino == st.st_ino + && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0 + && rd->rdev == st.st_rdev; } /* @@ -527,7 +528,7 @@ static int get_random_device(size_t n) { struct stat st; - struct random_device * rd = &random_devices[n]; + struct random_device *rd = &random_devices[n]; /* reuse existing file descriptor if it is (still) valid */ if (check_random_device(rd)) @@ -556,7 +557,7 @@ */ static void close_random_device(size_t n) { - struct random_device * rd = &random_devices[n]; + struct random_device *rd = &random_devices[n]; if (check_random_device(rd)) close(rd->fd); @@ -589,7 +590,7 @@ keep_random_devices_open = keep; } -# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */ +#else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */ int ossl_rand_pool_init(void) { @@ -604,7 +605,7 @@ { } -# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */ +#endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */ /* * Try the various seeding methods in turn, exit when successful. @@ -625,14 +626,14 @@ */ size_t ossl_pool_acquire_entropy(RAND_POOL *pool) { -# if defined(OPENSSL_RAND_SEED_NONE) +#if defined(OPENSSL_RAND_SEED_NONE) return ossl_rand_pool_entropy_available(pool); -# else +#else size_t entropy_available = 0; - (void)entropy_available; /* avoid compiler warning */ + (void)entropy_available; /* avoid compiler warning */ -# if defined(OPENSSL_RAND_SEED_GETRANDOM) +#if defined(OPENSSL_RAND_SEED_GETRANDOM) { size_t bytes_needed; unsigned char *buffer; @@ -656,15 +657,15 @@ entropy_available = ossl_rand_pool_entropy_available(pool); if (entropy_available > 0) return entropy_available; -# endif +#endif -# if defined(OPENSSL_RAND_SEED_LIBRANDOM) +#if defined(OPENSSL_RAND_SEED_LIBRANDOM) { /* Not yet implemented. */ } -# endif +#endif -# if defined(OPENSSL_RAND_SEED_DEVRANDOM) +#if defined(OPENSSL_RAND_SEED_DEVRANDOM) if (wait_random_seeded()) { size_t bytes_needed; unsigned char *buffer; @@ -672,7 +673,7 @@ bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); - i++) { + i++) { ssize_t bytes = 0; /* Maximum number of consecutive unsuccessful attempts */ int attempts = 3; @@ -702,21 +703,21 @@ if (entropy_available > 0) return entropy_available; } -# endif +#endif -# if defined(OPENSSL_RAND_SEED_RDTSC) +#if defined(OPENSSL_RAND_SEED_RDTSC) entropy_available = ossl_prov_acquire_entropy_from_tsc(pool); if (entropy_available > 0) return entropy_available; -# endif +#endif -# if defined(OPENSSL_RAND_SEED_RDCPU) +#if defined(OPENSSL_RAND_SEED_RDCPU) entropy_available = ossl_prov_acquire_entropy_from_cpu(pool); if (entropy_available > 0) return entropy_available; -# endif +#endif -# if defined(OPENSSL_RAND_SEED_EGD) +#if defined(OPENSSL_RAND_SEED_EGD) { static const char *paths[] = { DEVRANDOM_EGD, NULL }; size_t bytes_needed; @@ -730,7 +731,7 @@ buffer = ossl_rand_pool_add_begin(pool, bytes_needed); num = RAND_query_egd_bytes(paths[i], - buffer, (int)bytes_needed); + buffer, (int)bytes_needed); if (num == (int)bytes_needed) bytes = bytes_needed; @@ -741,16 +742,16 @@ if (entropy_available > 0) return entropy_available; } -# endif +#endif return ossl_rand_pool_entropy_available(pool); -# endif +#endif } -# endif +#endif #endif #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ - || defined(__DJGPP__) + || defined(__DJGPP__) int ossl_pool_add_nonce_data(RAND_POOL *pool) { struct { @@ -798,7 +799,6 @@ return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } - /* * Get the current time with the highest possible resolution * @@ -808,23 +808,23 @@ */ static uint64_t get_time_stamp(void) { -# if defined(OSSL_POSIX_TIMER_OKAY) +#if defined(OSSL_POSIX_TIMER_OKAY) { struct timespec ts; if (clock_gettime(CLOCK_REALTIME, &ts) == 0) return TWO32TO64(ts.tv_sec, ts.tv_nsec); } -# endif -# if defined(__unix__) \ - || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) +#endif +#if defined(__unix__) \ + || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) { struct timeval tv; if (gettimeofday(&tv, NULL) == 0) return TWO32TO64(tv.tv_sec, tv.tv_usec); } -# endif +#endif return time(NULL); } @@ -842,41 +842,41 @@ if (res != 0) return res; -# if defined(__sun) || defined(__hpux) +#if defined(__sun) || defined(__hpux) return gethrtime(); -# elif defined(_AIX) +#elif defined(_AIX) { timebasestruct_t t; read_wall_time(&t, TIMEBASE_SZ); return TWO32TO64(t.tb_high, t.tb_low); } -# elif defined(OSSL_POSIX_TIMER_OKAY) +#elif defined(OSSL_POSIX_TIMER_OKAY) { struct timespec ts; -# ifdef CLOCK_BOOTTIME -# define CLOCK_TYPE CLOCK_BOOTTIME -# elif defined(_POSIX_MONOTONIC_CLOCK) -# define CLOCK_TYPE CLOCK_MONOTONIC -# else -# define CLOCK_TYPE CLOCK_REALTIME -# endif +#ifdef CLOCK_BOOTTIME +#define CLOCK_TYPE CLOCK_BOOTTIME +#elif defined(_POSIX_MONOTONIC_CLOCK) +#define CLOCK_TYPE CLOCK_MONOTONIC +#else +#define CLOCK_TYPE CLOCK_REALTIME +#endif if (clock_gettime(CLOCK_TYPE, &ts) == 0) return TWO32TO64(ts.tv_sec, ts.tv_nsec); } -# endif -# if defined(__unix__) \ - || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) +#endif +#if defined(__unix__) \ + || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) { struct timeval tv; if (gettimeofday(&tv, NULL) == 0) return TWO32TO64(tv.tv_sec, tv.tv_usec); } -# endif +#endif return time(NULL); } -#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ || defined(__DJGPP__) */ --- crypto/openssl/providers/implementations/rands/seeding/rand_vms.c.orig +++ crypto/openssl/providers/implementations/rands/seeding/rand_vms.c @@ -9,7 +9,7 @@ #include "e_os.h" -#define __NEW_STARLET 1 /* New starlet definitions since VMS 7.0 */ +#define __NEW_STARLET 1 /* New starlet definitions since VMS 7.0 */ #include #include "internal/cryptlib.h" #include @@ -29,13 +29,13 @@ #include #include #ifdef __DECC -# pragma message disable DOLLARID +#pragma message disable DOLLARID #endif -#include /* SYS$GET_ENTROPY presence */ +#include /* SYS$GET_ENTROPY presence */ #ifndef OPENSSL_RAND_SEED_OS -# error "Unsupported seeding method configured; must be os" +#error "Unsupported seeding method configured; must be os" #endif /* @@ -49,221 +49,221 @@ /* We need to make sure we have the right size pointer in some cases */ #if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 +#pragma pointer_size save +#pragma pointer_size 32 #endif typedef uint32_t *uint32_t__ptr32; #if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size restore +#pragma pointer_size restore #endif struct item_st { - short length, code; /* length is number of bytes */ + short length, code; /* length is number of bytes */ }; static const struct item_st DVI_item_data[] = { - {4, DVI$_ERRCNT}, - {4, DVI$_REFCNT}, + { 4, DVI$_ERRCNT }, + { 4, DVI$_REFCNT }, }; static const struct item_st JPI_item_data[] = { - {4, JPI$_BUFIO}, - {4, JPI$_CPUTIM}, - {4, JPI$_DIRIO}, - {4, JPI$_IMAGECOUNT}, - {4, JPI$_PAGEFLTS}, - {4, JPI$_PID}, - {4, JPI$_PPGCNT}, - {4, JPI$_WSPEAK}, + { 4, JPI$_BUFIO }, + { 4, JPI$_CPUTIM }, + { 4, JPI$_DIRIO }, + { 4, JPI$_IMAGECOUNT }, + { 4, JPI$_PAGEFLTS }, + { 4, JPI$_PID }, + { 4, JPI$_PPGCNT }, + { 4, JPI$_WSPEAK }, /* * Note: the direct result is just a 32-bit address. However, it points * to a list of 4 32-bit words, so we make extra space for them so we can * do in-place replacement of values */ - {16, JPI$_FINALEXC}, + { 16, JPI$_FINALEXC }, }; static const struct item_st JPI_item_data_64bit[] = { - {8, JPI$_LAST_LOGIN_I}, - {8, JPI$_LOGINTIM}, + { 8, JPI$_LAST_LOGIN_I }, + { 8, JPI$_LOGINTIM }, }; static const struct item_st RMI_item_data[] = { - {4, RMI$_COLPG}, - {4, RMI$_MWAIT}, - {4, RMI$_CEF}, - {4, RMI$_PFW}, - {4, RMI$_LEF}, - {4, RMI$_LEFO}, - {4, RMI$_HIB}, - {4, RMI$_HIBO}, - {4, RMI$_SUSP}, - {4, RMI$_SUSPO}, - {4, RMI$_FPG}, - {4, RMI$_COM}, - {4, RMI$_COMO}, - {4, RMI$_CUR}, + { 4, RMI$_COLPG }, + { 4, RMI$_MWAIT }, + { 4, RMI$_CEF }, + { 4, RMI$_PFW }, + { 4, RMI$_LEF }, + { 4, RMI$_LEFO }, + { 4, RMI$_HIB }, + { 4, RMI$_HIBO }, + { 4, RMI$_SUSP }, + { 4, RMI$_SUSPO }, + { 4, RMI$_FPG }, + { 4, RMI$_COM }, + { 4, RMI$_COMO }, + { 4, RMI$_CUR }, #if defined __alpha - {4, RMI$_FRLIST}, - {4, RMI$_MODLIST}, + { 4, RMI$_FRLIST }, + { 4, RMI$_MODLIST }, #endif - {4, RMI$_FAULTS}, - {4, RMI$_PREADS}, - {4, RMI$_PWRITES}, - {4, RMI$_PWRITIO}, - {4, RMI$_PREADIO}, - {4, RMI$_GVALFLTS}, - {4, RMI$_WRTINPROG}, - {4, RMI$_FREFLTS}, - {4, RMI$_DZROFLTS}, - {4, RMI$_SYSFAULTS}, - {4, RMI$_ISWPCNT}, - {4, RMI$_DIRIO}, - {4, RMI$_BUFIO}, - {4, RMI$_MBREADS}, - {4, RMI$_MBWRITES}, - {4, RMI$_LOGNAM}, - {4, RMI$_FCPCALLS}, - {4, RMI$_FCPREAD}, - {4, RMI$_FCPWRITE}, - {4, RMI$_FCPCACHE}, - {4, RMI$_FCPCPU}, - {4, RMI$_FCPHIT}, - {4, RMI$_FCPSPLIT}, - {4, RMI$_FCPFAULT}, - {4, RMI$_ENQNEW}, - {4, RMI$_ENQCVT}, - {4, RMI$_DEQ}, - {4, RMI$_BLKAST}, - {4, RMI$_ENQWAIT}, - {4, RMI$_ENQNOTQD}, - {4, RMI$_DLCKSRCH}, - {4, RMI$_DLCKFND}, - {4, RMI$_NUMLOCKS}, - {4, RMI$_NUMRES}, - {4, RMI$_ARRLOCPK}, - {4, RMI$_DEPLOCPK}, - {4, RMI$_ARRTRAPK}, - {4, RMI$_TRCNGLOS}, - {4, RMI$_RCVBUFFL}, - {4, RMI$_ENQNEWLOC}, - {4, RMI$_ENQNEWIN}, - {4, RMI$_ENQNEWOUT}, - {4, RMI$_ENQCVTLOC}, - {4, RMI$_ENQCVTIN}, - {4, RMI$_ENQCVTOUT}, - {4, RMI$_DEQLOC}, - {4, RMI$_DEQIN}, - {4, RMI$_DEQOUT}, - {4, RMI$_BLKLOC}, - {4, RMI$_BLKIN}, - {4, RMI$_BLKOUT}, - {4, RMI$_DIRIN}, - {4, RMI$_DIROUT}, - /* We currently get a fault when trying these */ + { 4, RMI$_FAULTS }, + { 4, RMI$_PREADS }, + { 4, RMI$_PWRITES }, + { 4, RMI$_PWRITIO }, + { 4, RMI$_PREADIO }, + { 4, RMI$_GVALFLTS }, + { 4, RMI$_WRTINPROG }, + { 4, RMI$_FREFLTS }, + { 4, RMI$_DZROFLTS }, + { 4, RMI$_SYSFAULTS }, + { 4, RMI$_ISWPCNT }, + { 4, RMI$_DIRIO }, + { 4, RMI$_BUFIO }, + { 4, RMI$_MBREADS }, + { 4, RMI$_MBWRITES }, + { 4, RMI$_LOGNAM }, + { 4, RMI$_FCPCALLS }, + { 4, RMI$_FCPREAD }, + { 4, RMI$_FCPWRITE }, + { 4, RMI$_FCPCACHE }, + { 4, RMI$_FCPCPU }, + { 4, RMI$_FCPHIT }, + { 4, RMI$_FCPSPLIT }, + { 4, RMI$_FCPFAULT }, + { 4, RMI$_ENQNEW }, + { 4, RMI$_ENQCVT }, + { 4, RMI$_DEQ }, + { 4, RMI$_BLKAST }, + { 4, RMI$_ENQWAIT }, + { 4, RMI$_ENQNOTQD }, + { 4, RMI$_DLCKSRCH }, + { 4, RMI$_DLCKFND }, + { 4, RMI$_NUMLOCKS }, + { 4, RMI$_NUMRES }, + { 4, RMI$_ARRLOCPK }, + { 4, RMI$_DEPLOCPK }, + { 4, RMI$_ARRTRAPK }, + { 4, RMI$_TRCNGLOS }, + { 4, RMI$_RCVBUFFL }, + { 4, RMI$_ENQNEWLOC }, + { 4, RMI$_ENQNEWIN }, + { 4, RMI$_ENQNEWOUT }, + { 4, RMI$_ENQCVTLOC }, + { 4, RMI$_ENQCVTIN }, + { 4, RMI$_ENQCVTOUT }, + { 4, RMI$_DEQLOC }, + { 4, RMI$_DEQIN }, + { 4, RMI$_DEQOUT }, + { 4, RMI$_BLKLOC }, + { 4, RMI$_BLKIN }, + { 4, RMI$_BLKOUT }, + { 4, RMI$_DIRIN }, + { 4, RMI$_DIROUT }, +/* We currently get a fault when trying these */ #if 0 {140, RMI$_MSCP_EVERYTHING}, /* 35 32-bit words */ {152, RMI$_DDTM_ALL}, /* 38 32-bit words */ {80, RMI$_TMSCP_EVERYTHING} /* 20 32-bit words */ #endif - {4, RMI$_LPZ_PAGCNT}, - {4, RMI$_LPZ_HITS}, - {4, RMI$_LPZ_MISSES}, - {4, RMI$_LPZ_EXPCNT}, - {4, RMI$_LPZ_ALLOCF}, - {4, RMI$_LPZ_ALLOC2}, - {4, RMI$_ACCESS}, - {4, RMI$_ALLOC}, - {4, RMI$_FCPCREATE}, - {4, RMI$_VOLWAIT}, - {4, RMI$_FCPTURN}, - {4, RMI$_FCPERASE}, - {4, RMI$_OPENS}, - {4, RMI$_FIDHIT}, - {4, RMI$_FIDMISS}, - {4, RMI$_FILHDR_HIT}, - {4, RMI$_DIRFCB_HIT}, - {4, RMI$_DIRFCB_MISS}, - {4, RMI$_DIRDATA_HIT}, - {4, RMI$_EXTHIT}, - {4, RMI$_EXTMISS}, - {4, RMI$_QUOHIT}, - {4, RMI$_QUOMISS}, - {4, RMI$_STORAGMAP_HIT}, - {4, RMI$_VOLLCK}, - {4, RMI$_SYNCHLCK}, - {4, RMI$_SYNCHWAIT}, - {4, RMI$_ACCLCK}, - {4, RMI$_XQPCACHEWAIT}, - {4, RMI$_DIRDATA_MISS}, - {4, RMI$_FILHDR_MISS}, - {4, RMI$_STORAGMAP_MISS}, - {4, RMI$_PROCCNTMAX}, - {4, RMI$_PROCBATCNT}, - {4, RMI$_PROCINTCNT}, - {4, RMI$_PROCNETCNT}, - {4, RMI$_PROCSWITCHCNT}, - {4, RMI$_PROCBALSETCNT}, - {4, RMI$_PROCLOADCNT}, - {4, RMI$_BADFLTS}, - {4, RMI$_EXEFAULTS}, - {4, RMI$_HDRINSWAPS}, - {4, RMI$_HDROUTSWAPS}, - {4, RMI$_IOPAGCNT}, - {4, RMI$_ISWPCNTPG}, - {4, RMI$_OSWPCNT}, - {4, RMI$_OSWPCNTPG}, - {4, RMI$_RDFAULTS}, - {4, RMI$_TRANSFLTS}, - {4, RMI$_WRTFAULTS}, + { 4, RMI$_LPZ_PAGCNT }, + { 4, RMI$_LPZ_HITS }, + { 4, RMI$_LPZ_MISSES }, + { 4, RMI$_LPZ_EXPCNT }, + { 4, RMI$_LPZ_ALLOCF }, + { 4, RMI$_LPZ_ALLOC2 }, + { 4, RMI$_ACCESS }, + { 4, RMI$_ALLOC }, + { 4, RMI$_FCPCREATE }, + { 4, RMI$_VOLWAIT }, + { 4, RMI$_FCPTURN }, + { 4, RMI$_FCPERASE }, + { 4, RMI$_OPENS }, + { 4, RMI$_FIDHIT }, + { 4, RMI$_FIDMISS }, + { 4, RMI$_FILHDR_HIT }, + { 4, RMI$_DIRFCB_HIT }, + { 4, RMI$_DIRFCB_MISS }, + { 4, RMI$_DIRDATA_HIT }, + { 4, RMI$_EXTHIT }, + { 4, RMI$_EXTMISS }, + { 4, RMI$_QUOHIT }, + { 4, RMI$_QUOMISS }, + { 4, RMI$_STORAGMAP_HIT }, + { 4, RMI$_VOLLCK }, + { 4, RMI$_SYNCHLCK }, + { 4, RMI$_SYNCHWAIT }, + { 4, RMI$_ACCLCK }, + { 4, RMI$_XQPCACHEWAIT }, + { 4, RMI$_DIRDATA_MISS }, + { 4, RMI$_FILHDR_MISS }, + { 4, RMI$_STORAGMAP_MISS }, + { 4, RMI$_PROCCNTMAX }, + { 4, RMI$_PROCBATCNT }, + { 4, RMI$_PROCINTCNT }, + { 4, RMI$_PROCNETCNT }, + { 4, RMI$_PROCSWITCHCNT }, + { 4, RMI$_PROCBALSETCNT }, + { 4, RMI$_PROCLOADCNT }, + { 4, RMI$_BADFLTS }, + { 4, RMI$_EXEFAULTS }, + { 4, RMI$_HDRINSWAPS }, + { 4, RMI$_HDROUTSWAPS }, + { 4, RMI$_IOPAGCNT }, + { 4, RMI$_ISWPCNTPG }, + { 4, RMI$_OSWPCNT }, + { 4, RMI$_OSWPCNTPG }, + { 4, RMI$_RDFAULTS }, + { 4, RMI$_TRANSFLTS }, + { 4, RMI$_WRTFAULTS }, #if defined __alpha - {4, RMI$_USERPAGES}, + { 4, RMI$_USERPAGES }, #endif - {4, RMI$_VMSPAGES}, - {4, RMI$_TTWRITES}, - {4, RMI$_BUFOBJPAG}, - {4, RMI$_BUFOBJPAGPEAK}, - {4, RMI$_BUFOBJPAGS01}, - {4, RMI$_BUFOBJPAGS2}, - {4, RMI$_BUFOBJPAGMAXS01}, - {4, RMI$_BUFOBJPAGMAXS2}, - {4, RMI$_BUFOBJPAGPEAKS01}, - {4, RMI$_BUFOBJPAGPEAKS2}, - {4, RMI$_BUFOBJPGLTMAXS01}, - {4, RMI$_BUFOBJPGLTMAXS2}, - {4, RMI$_DLCK_INCMPLT}, - {4, RMI$_DLCKMSGS_IN}, - {4, RMI$_DLCKMSGS_OUT}, - {4, RMI$_MCHKERRS}, - {4, RMI$_MEMERRS}, + { 4, RMI$_VMSPAGES }, + { 4, RMI$_TTWRITES }, + { 4, RMI$_BUFOBJPAG }, + { 4, RMI$_BUFOBJPAGPEAK }, + { 4, RMI$_BUFOBJPAGS01 }, + { 4, RMI$_BUFOBJPAGS2 }, + { 4, RMI$_BUFOBJPAGMAXS01 }, + { 4, RMI$_BUFOBJPAGMAXS2 }, + { 4, RMI$_BUFOBJPAGPEAKS01 }, + { 4, RMI$_BUFOBJPAGPEAKS2 }, + { 4, RMI$_BUFOBJPGLTMAXS01 }, + { 4, RMI$_BUFOBJPGLTMAXS2 }, + { 4, RMI$_DLCK_INCMPLT }, + { 4, RMI$_DLCKMSGS_IN }, + { 4, RMI$_DLCKMSGS_OUT }, + { 4, RMI$_MCHKERRS }, + { 4, RMI$_MEMERRS }, }; static const struct item_st RMI_item_data_64bit[] = { #if defined __ia64 - {8, RMI$_FRLIST}, - {8, RMI$_MODLIST}, + { 8, RMI$_FRLIST }, + { 8, RMI$_MODLIST }, #endif - {8, RMI$_LCKMGR_REQCNT}, - {8, RMI$_LCKMGR_REQTIME}, - {8, RMI$_LCKMGR_SPINCNT}, - {8, RMI$_LCKMGR_SPINTIME}, - {8, RMI$_CPUINTSTK}, - {8, RMI$_CPUMPSYNCH}, - {8, RMI$_CPUKERNEL}, - {8, RMI$_CPUEXEC}, - {8, RMI$_CPUSUPER}, - {8, RMI$_CPUUSER}, + { 8, RMI$_LCKMGR_REQCNT }, + { 8, RMI$_LCKMGR_REQTIME }, + { 8, RMI$_LCKMGR_SPINCNT }, + { 8, RMI$_LCKMGR_SPINTIME }, + { 8, RMI$_CPUINTSTK }, + { 8, RMI$_CPUMPSYNCH }, + { 8, RMI$_CPUKERNEL }, + { 8, RMI$_CPUEXEC }, + { 8, RMI$_CPUSUPER }, + { 8, RMI$_CPUUSER }, #if defined __ia64 - {8, RMI$_USERPAGES}, + { 8, RMI$_USERPAGES }, #endif - {8, RMI$_TQETOTAL}, - {8, RMI$_TQESYSUB}, - {8, RMI$_TQEUSRTIMR}, - {8, RMI$_TQEUSRWAKE}, + { 8, RMI$_TQETOTAL }, + { 8, RMI$_TQESYSUB }, + { 8, RMI$_TQEUSRTIMR }, + { 8, RMI$_TQEUSRWAKE }, }; static const struct item_st SYI_item_data[] = { - {4, SYI$_PAGEFILE_FREE}, + { 4, SYI$_PAGEFILE_FREE }, }; /* @@ -280,9 +280,9 @@ * Returns the number of elements used in databuffer */ static size_t prepare_item_list(const struct item_st *items_input, - size_t items_input_num, - ILE3 *items, - uint32_t__ptr32 databuffer) + size_t items_input_num, + ILE3 *items, + uint32_t__ptr32 databuffer) { size_t data_sz = 0; @@ -339,7 +339,7 @@ * For the moment, we assume about 0.05 entropy bits per data bit, or 1 * bit of entropy per 20 data bits. */ -#define ENTROPY_FACTOR 20 +#define ENTROPY_FACTOR 20 size_t data_collect_method(RAND_POOL *pool) { @@ -353,12 +353,12 @@ /* This ensures buffer starts at 64 bit boundary */ uint64_t dummy; uint32_t buffer[OSSL_NELEM(JPI_item_data_64bit) * 2 - + OSSL_NELEM(RMI_item_data_64bit) * 2 - + OSSL_NELEM(DVI_item_data) - + OSSL_NELEM(JPI_item_data) - + OSSL_NELEM(RMI_item_data) - + OSSL_NELEM(SYI_item_data) - + 4 /* For JPI$_FINALEXC */]; + + OSSL_NELEM(RMI_item_data_64bit) * 2 + + OSSL_NELEM(DVI_item_data) + + OSSL_NELEM(JPI_item_data) + + OSSL_NELEM(RMI_item_data) + + OSSL_NELEM(SYI_item_data) + + 4 /* For JPI$_FINALEXC */]; } data; size_t total_elems = 0; size_t total_length = 0; @@ -366,21 +366,19 @@ size_t bytes_remaining = ossl_rand_pool_bytes_remaining(pool); /* Take all the 64-bit items first, to ensure proper alignment of data */ - total_elems += - prepare_item_list(JPI_item_data_64bit, OSSL_NELEM(JPI_item_data_64bit), - JPI_items_64bit, &data.buffer[total_elems]); - total_elems += - prepare_item_list(RMI_item_data_64bit, OSSL_NELEM(RMI_item_data_64bit), - RMI_items_64bit, &data.buffer[total_elems]); + total_elems += prepare_item_list(JPI_item_data_64bit, OSSL_NELEM(JPI_item_data_64bit), + JPI_items_64bit, &data.buffer[total_elems]); + total_elems += prepare_item_list(RMI_item_data_64bit, OSSL_NELEM(RMI_item_data_64bit), + RMI_items_64bit, &data.buffer[total_elems]); /* Now the 32-bit items */ total_elems += prepare_item_list(DVI_item_data, OSSL_NELEM(DVI_item_data), - DVI_items, &data.buffer[total_elems]); + DVI_items, &data.buffer[total_elems]); total_elems += prepare_item_list(JPI_item_data, OSSL_NELEM(JPI_item_data), - JPI_items, &data.buffer[total_elems]); + JPI_items, &data.buffer[total_elems]); total_elems += prepare_item_list(RMI_item_data, OSSL_NELEM(RMI_item_data), - RMI_items, &data.buffer[total_elems]); + RMI_items, &data.buffer[total_elems]); total_elems += prepare_item_list(SYI_item_data, OSSL_NELEM(SYI_item_data), - SYI_items, &data.buffer[total_elems]); + SYI_items, &data.buffer[total_elems]); total_length = total_elems * sizeof(data.buffer[0]); /* Fill data.buffer with various info bits from this process */ @@ -388,10 +386,11 @@ uint32_t status; uint32_t efn; IOSB iosb; - $DESCRIPTOR(SYSDEVICE,"SYS$SYSDEVICE:"); + $DESCRIPTOR(SYSDEVICE, "SYS$SYSDEVICE:"); if ((status = sys$getdviw(EFN$C_ENF, 0, &SYSDEVICE, DVI_items, - 0, 0, 0, 0, 0)) != SS$_NORMAL) { + 0, 0, 0, 0, 0)) + != SS$_NORMAL) { lib$signal(status); return 0; } @@ -457,8 +456,8 @@ */ if (!ossl_assert(total_length >= bytes_needed)) { ERR_raise_data(ERR_LIB_RAND, RAND_R_RANDOM_POOL_UNDERFLOW, - "Needed: %zu, Available: %zu", - bytes_needed, total_length); + "Needed: %zu, Available: %zu", + bytes_needed, total_length); return 0; } @@ -470,7 +469,7 @@ /* We give the pessimistic value for the amount of entropy */ ossl_rand_pool_add(pool, (unsigned char *)data.buffer, total_length, - 8 * total_length / ENTROPY_FACTOR); + 8 * total_length / ENTROPY_FACTOR); return ossl_rand_pool_entropy_available(pool); } @@ -509,10 +508,9 @@ uint32_t status; for (bytes_needed = ossl_rand_pool_bytes_needed(pool, 1); - bytes_needed > 0; - bytes_needed -= bytes_to_get) { - bytes_to_get = - bytes_needed > sizeof(buffer) ? sizeof(buffer) : bytes_needed; + bytes_needed > 0; + bytes_needed -= bytes_to_get) { + bytes_to_get = bytes_needed > sizeof(buffer) ? sizeof(buffer) : bytes_needed; status = get_entropy_address(buffer, bytes_to_get); if (status == SS$_RETRY) { @@ -589,7 +587,7 @@ data.pid = getpid(); data.tid = CRYPTO_THREAD_get_current_id(); data.seq = 0; - sys$gettim((void*)&data.time); + sys$gettim((void *)&data.time); if (data.time == last_time) { data.seq = ++last_seq; --- crypto/openssl/providers/implementations/rands/seeding/rand_vxworks.c.orig +++ crypto/openssl/providers/implementations/rands/seeding/rand_vxworks.c @@ -19,19 +19,19 @@ #if defined(OPENSSL_RAND_SEED_NONE) /* none means none */ -# undef OPENSSL_RAND_SEED_OS +#undef OPENSSL_RAND_SEED_OS #endif #if defined(OPENSSL_RAND_SEED_OS) -# if _WRS_VXWORKS_MAJOR >= 7 -# define RAND_SEED_VXRANDLIB -# else -# error "VxWorks <7 only support RAND_SEED_NONE" -# endif +#if _WRS_VXWORKS_MAJOR >= 7 +#define RAND_SEED_VXRANDLIB +#else +#error "VxWorks <7 only support RAND_SEED_NONE" +#endif #endif #if defined(RAND_SEED_VXRANDLIB) -# include +#include #endif /* Macro to convert two thirty two bit values into a sixty four bit one */ @@ -125,8 +125,7 @@ size_t bytes_needed; bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - if (bytes_needed > 0) - { + if (bytes_needed > 0) { int retryCount = 0; STATUS result = ERROR; unsigned char *buffer; @@ -136,7 +135,7 @@ RANDOM_NUM_GEN_STATUS status = randStatus(); if ((status == RANDOM_NUM_GEN_ENOUGH_ENTROPY) - || (status == RANDOM_NUM_GEN_MAX_ENTROPY) ) { + || (status == RANDOM_NUM_GEN_MAX_ENTROPY)) { result = randBytes(buffer, bytes_needed); if (result == OK) ossl_rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); --- crypto/openssl/providers/implementations/rands/seeding/rand_win.c.orig +++ crypto/openssl/providers/implementations/rands/seeding/rand_win.c @@ -15,64 +15,64 @@ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -# ifndef OPENSSL_RAND_SEED_OS -# error "Unsupported seeding method configured; must be os" -# endif +#ifndef OPENSSL_RAND_SEED_OS +#error "Unsupported seeding method configured; must be os" +#endif -# include +#include /* On Windows Vista or higher use BCrypt instead of the legacy CryptoAPI */ -# if defined(_MSC_VER) && _MSC_VER > 1500 /* 1500 = Visual Studio 2008 */ \ - && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 -# define USE_BCRYPTGENRANDOM -# endif - -# ifdef USE_BCRYPTGENRANDOM -# include -# ifdef _MSC_VER -# pragma comment(lib, "bcrypt.lib") -# endif -# ifndef STATUS_SUCCESS -# define STATUS_SUCCESS ((NTSTATUS)0x00000000L) -# endif -# else -# include +#if defined(_MSC_VER) && _MSC_VER > 1500 /* 1500 = Visual Studio 2008 */ \ + && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 +#define USE_BCRYPTGENRANDOM +#endif + +#ifdef USE_BCRYPTGENRANDOM +#include +#ifdef _MSC_VER +#pragma comment(lib, "bcrypt.lib") +#endif +#ifndef STATUS_SUCCESS +#define STATUS_SUCCESS ((NTSTATUS)0x00000000L) +#endif +#else +#include /* * Intel hardware RNG CSP -- available from * http://developer.intel.com/design/security/rng/redist_license.htm */ -# define PROV_INTEL_SEC 22 -# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" -# endif +#define PROV_INTEL_SEC 22 +#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +#endif size_t ossl_pool_acquire_entropy(RAND_POOL *pool) { -# ifndef USE_BCRYPTGENRANDOM +#ifndef USE_BCRYPTGENRANDOM HCRYPTPROV hProvider; -# endif +#endif unsigned char *buffer; size_t bytes_needed; size_t entropy_available = 0; - -# ifdef OPENSSL_RAND_SEED_RDTSC +#ifdef OPENSSL_RAND_SEED_RDTSC entropy_available = ossl_prov_acquire_entropy_from_tsc(pool); if (entropy_available > 0) return entropy_available; -# endif +#endif -# ifdef OPENSSL_RAND_SEED_RDCPU +#ifdef OPENSSL_RAND_SEED_RDCPU entropy_available = ossl_prov_acquire_entropy_from_cpu(pool); if (entropy_available > 0) return entropy_available; -# endif +#endif -# ifdef USE_BCRYPTGENRANDOM +#ifdef USE_BCRYPTGENRANDOM bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = ossl_rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; if (BCryptGenRandom(NULL, buffer, bytes_needed, - BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) + BCRYPT_USE_SYSTEM_PREFERRED_RNG) + == STATUS_SUCCESS) bytes = bytes_needed; ossl_rand_pool_add_end(pool, bytes, 8 * bytes); @@ -80,14 +80,15 @@ } if (entropy_available > 0) return entropy_available; -# else +#else bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = ossl_rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; /* poll the CryptoAPI PRNG */ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) { + CRYPT_VERIFYCONTEXT | CRYPT_SILENT) + != 0) { if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0) bytes = bytes_needed; @@ -106,8 +107,9 @@ size_t bytes = 0; /* poll the Pentium PRG with CryptoAPI */ if (CryptAcquireContextW(&hProvider, NULL, - INTEL_DEF_PROV, PROV_INTEL_SEC, - CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) { + INTEL_DEF_PROV, PROV_INTEL_SEC, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT) + != 0) { if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0) bytes = bytes_needed; @@ -118,12 +120,11 @@ } if (entropy_available > 0) return entropy_available; -# endif +#endif return ossl_rand_pool_entropy_available(pool); } - int ossl_pool_add_nonce_data(RAND_POOL *pool) { struct { --- crypto/openssl/providers/implementations/rands/test_rng.c.orig +++ crypto/openssl/providers/implementations/rands/test_rng.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,7 +48,7 @@ } PROV_TEST_RNG; static void *test_rng_new(void *provctx, void *parent, - const OSSL_DISPATCH *parent_dispatch) + const OSSL_DISPATCH *parent_dispatch) { PROV_TEST_RNG *t; @@ -75,9 +75,9 @@ } static int test_rng_instantiate(void *vtest, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, - const OSSL_PARAM params[]) + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]) { PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest; @@ -100,8 +100,8 @@ } static int test_rng_generate(void *vtest, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *adin, size_t adin_len) + unsigned int strength, int prediction_resistance, + const unsigned char *adin, size_t adin_len) { PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest; @@ -113,28 +113,30 @@ } static int test_rng_reseed(ossl_unused void *vtest, - ossl_unused int prediction_resistance, - ossl_unused const unsigned char *ent, - ossl_unused size_t ent_len, - ossl_unused const unsigned char *adin, - ossl_unused size_t adin_len) + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *ent, + ossl_unused size_t ent_len, + ossl_unused const unsigned char *adin, + ossl_unused size_t adin_len) { return 1; } static size_t test_rng_nonce(void *vtest, unsigned char *out, - unsigned int strength, - ossl_unused size_t min_noncelen, - ossl_unused size_t max_noncelen) + unsigned int strength, + ossl_unused size_t min_noncelen, + size_t max_noncelen) { PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest; + size_t i; if (t->nonce == NULL || strength > t->strength) return 0; + i = t->nonce_len > max_noncelen ? max_noncelen : t->nonce_len; if (out != NULL) - memcpy(out, t->nonce, t->nonce_len); - return t->nonce_len; + memcpy(out, t->nonce, i); + return i; } static int test_rng_get_ctx_params(void *vtest, OSSL_PARAM params[]) @@ -157,7 +159,7 @@ } static const OSSL_PARAM *test_rng_gettable_ctx_params(ossl_unused void *vtest, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), @@ -203,14 +205,14 @@ } p = OSSL_PARAM_locate_const(params, OSSL_RAND_PARAM_MAX_REQUEST); - if (p != NULL && !OSSL_PARAM_get_size_t(p, &t->max_request)) + if (p != NULL && !OSSL_PARAM_get_size_t(p, &t->max_request)) return 0; return 1; } static const OSSL_PARAM *test_rng_settable_ctx_params(ossl_unused void *vtest, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, NULL, 0), @@ -228,15 +230,15 @@ } static size_t test_rng_get_seed(void *vtest, unsigned char **pout, - int entropy, size_t min_len, size_t max_len, - ossl_unused int prediction_resistance, - ossl_unused const unsigned char *adin, - ossl_unused size_t adin_len) + int entropy, size_t min_len, size_t max_len, + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *adin, + ossl_unused size_t adin_len) { PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest; *pout = t->entropy; - return t->entropy_len > max_len ? max_len : t->entropy_len; + return t->entropy_len > max_len ? max_len : t->entropy_len; } static int test_rng_enable_locking(void *vtest) @@ -271,26 +273,26 @@ } const OSSL_DISPATCH ossl_test_rng_functions[] = { - { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))test_rng_new }, - { OSSL_FUNC_RAND_FREECTX, (void(*)(void))test_rng_free }, + { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))test_rng_new }, + { OSSL_FUNC_RAND_FREECTX, (void (*)(void))test_rng_free }, { OSSL_FUNC_RAND_INSTANTIATE, - (void(*)(void))test_rng_instantiate }, + (void (*)(void))test_rng_instantiate }, { OSSL_FUNC_RAND_UNINSTANTIATE, - (void(*)(void))test_rng_uninstantiate }, - { OSSL_FUNC_RAND_GENERATE, (void(*)(void))test_rng_generate }, - { OSSL_FUNC_RAND_RESEED, (void(*)(void))test_rng_reseed }, - { OSSL_FUNC_RAND_NONCE, (void(*)(void))test_rng_nonce }, - { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))test_rng_enable_locking }, - { OSSL_FUNC_RAND_LOCK, (void(*)(void))test_rng_lock }, - { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))test_rng_unlock }, + (void (*)(void))test_rng_uninstantiate }, + { OSSL_FUNC_RAND_GENERATE, (void (*)(void))test_rng_generate }, + { OSSL_FUNC_RAND_RESEED, (void (*)(void))test_rng_reseed }, + { OSSL_FUNC_RAND_NONCE, (void (*)(void))test_rng_nonce }, + { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))test_rng_enable_locking }, + { OSSL_FUNC_RAND_LOCK, (void (*)(void))test_rng_lock }, + { OSSL_FUNC_RAND_UNLOCK, (void (*)(void))test_rng_unlock }, { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS, - (void(*)(void))test_rng_settable_ctx_params }, - { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void(*)(void))test_rng_set_ctx_params }, + (void (*)(void))test_rng_settable_ctx_params }, + { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void (*)(void))test_rng_set_ctx_params }, { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, - (void(*)(void))test_rng_gettable_ctx_params }, - { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))test_rng_get_ctx_params }, + (void (*)(void))test_rng_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void (*)(void))test_rng_get_ctx_params }, { OSSL_FUNC_RAND_VERIFY_ZEROIZATION, - (void(*)(void))test_rng_verify_zeroization }, - { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))test_rng_get_seed }, + (void (*)(void))test_rng_verify_zeroization }, + { OSSL_FUNC_RAND_GET_SEED, (void (*)(void))test_rng_get_seed }, { 0, NULL } }; --- crypto/openssl/providers/implementations/signature/dsa_sig.c.orig +++ crypto/openssl/providers/implementations/signature/dsa_sig.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -80,7 +80,7 @@ /* The Algorithm Identifier of the combined signature algorithm */ unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; unsigned char *aid; - size_t aid_len; + size_t aid_len; /* main digest */ EVP_MD *md; @@ -88,7 +88,6 @@ int operation; } PROV_DSA_CTX; - static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx) { if (pdsactx->md != NULL) @@ -118,7 +117,7 @@ } static int dsa_setup_md(PROV_DSA_CTX *ctx, - const char *mdname, const char *mdprops) + const char *mdname, const char *mdprops) { if (mdprops == NULL) mdprops = ctx->propq; @@ -128,19 +127,19 @@ WPACKET pkt; EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); + sha1_allowed); size_t mdname_len = strlen(mdname); if (md == NULL || md_nid < 0) { if (md == NULL) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s could not be fetched", mdname); + "%s could not be fetched", mdname); if (md_nid < 0) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest=%s", mdname); + "digest=%s", mdname); if (mdname_len >= sizeof(ctx->mdname)) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s exceeds name buffer length", mdname); + "%s exceeds name buffer length", mdname); EVP_MD_free(md); return 0; } @@ -148,7 +147,7 @@ if (!ctx->flag_allow_md) { if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest %s != %s", mdname, ctx->mdname); + "digest %s != %s", mdname, ctx->mdname); EVP_MD_free(md); return 0; } @@ -169,7 +168,7 @@ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) && ossl_DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa, - md_nid) + md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); @@ -184,12 +183,12 @@ } static int dsa_signverify_init(void *vpdsactx, void *vdsa, - const OSSL_PARAM params[], int operation) + const OSSL_PARAM params[], int operation) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; if (!ossl_prov_is_running() - || pdsactx == NULL) + || pdsactx == NULL) return 0; if (vdsa == NULL && pdsactx->dsa == NULL) { @@ -199,7 +198,7 @@ if (vdsa != NULL) { if (!ossl_dsa_check_key(pdsactx->libctx, vdsa, - operation == EVP_PKEY_OP_SIGN)) { + operation == EVP_PKEY_OP_SIGN)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } @@ -223,13 +222,13 @@ } static int dsa_verify_init(void *vpdsactx, void *vdsa, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_VERIFY); } static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, - size_t sigsize, const unsigned char *tbs, size_t tbslen) + size_t sigsize, const unsigned char *tbs, size_t tbslen) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; int ret; @@ -260,7 +259,7 @@ } static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *tbs, size_t tbslen) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; size_t mdsize = dsa_get_md_size(pdsactx); @@ -272,8 +271,8 @@ } static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, - void *vdsa, const OSSL_PARAM params[], - int operation) + void *vdsa, const OSSL_PARAM params[], + int operation) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; @@ -299,28 +298,28 @@ return 1; - error: +error: EVP_MD_CTX_free(pdsactx->mdctx); pdsactx->mdctx = NULL; return 0; } static int dsa_digest_sign_init(void *vpdsactx, const char *mdname, - void *vdsa, const OSSL_PARAM params[]) + void *vdsa, const OSSL_PARAM params[]) { return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, - EVP_PKEY_OP_SIGN); + EVP_PKEY_OP_SIGN); } static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, - void *vdsa, const OSSL_PARAM params[]) + void *vdsa, const OSSL_PARAM params[]) { return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, - EVP_PKEY_OP_VERIFY); + EVP_PKEY_OP_VERIFY); } int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data, - size_t datalen) + size_t datalen) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; @@ -331,7 +330,7 @@ } int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen, - size_t sigsize) + size_t sigsize) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -359,9 +358,8 @@ return dsa_sign(vpdsactx, sig, siglen, sigsize, digest, (size_t)dlen); } - int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, - size_t siglen) + size_t siglen) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -414,6 +412,7 @@ dstctx->md = NULL; dstctx->mdctx = NULL; dstctx->propq = NULL; + dstctx->aid = NULL; if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa)) goto err; @@ -426,7 +425,7 @@ if (srcctx->mdctx != NULL) { dstctx->mdctx = EVP_MD_CTX_new(); if (dstctx->mdctx == NULL - || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) + || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) goto err; } if (srcctx->propq != NULL) { @@ -434,9 +433,21 @@ if (dstctx->propq == NULL) goto err; } + /* + * The DER-encoding of the algorithm OID is written at the end of aid_buf. + * Check that srcctx->aid points into the source aid_buf and then use the + * same offset into dstctx->aid_buf. + */ + if (srcctx->aid != NULL + && srcctx->aid_len > 0 + && srcctx->aid >= srcctx->aid_buf + && srcctx->aid + srcctx->aid_len <= srcctx->aid_buf + sizeof(srcctx->aid_buf)) + dstctx->aid = dstctx->aid_buf + (srcctx->aid - srcctx->aid_buf); + else + dstctx->aid_len = 0; return dstctx; - err: +err: dsa_freectx(dstctx); return NULL; } @@ -468,7 +479,7 @@ }; static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -487,9 +498,8 @@ if (p != NULL) { char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_PROPERTIES); + const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, + OSSL_SIGNATURE_PARAM_PROPERTIES); if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) return 0; @@ -514,7 +524,7 @@ }; static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx, - ossl_unused void *provctx) + ossl_unused void *provctx) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; @@ -570,32 +580,32 @@ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))dsa_verify_init }, { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))dsa_verify }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, - (void (*)(void))dsa_digest_sign_init }, + (void (*)(void))dsa_digest_sign_init }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, - (void (*)(void))dsa_digest_signverify_update }, + (void (*)(void))dsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, - (void (*)(void))dsa_digest_sign_final }, + (void (*)(void))dsa_digest_sign_final }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, - (void (*)(void))dsa_digest_verify_init }, + (void (*)(void))dsa_digest_verify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, - (void (*)(void))dsa_digest_signverify_update }, + (void (*)(void))dsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, - (void (*)(void))dsa_digest_verify_final }, + (void (*)(void))dsa_digest_verify_final }, { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))dsa_get_ctx_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, - (void (*)(void))dsa_gettable_ctx_params }, + (void (*)(void))dsa_gettable_ctx_params }, { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))dsa_set_ctx_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, - (void (*)(void))dsa_settable_ctx_params }, + (void (*)(void))dsa_settable_ctx_params }, { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, - (void (*)(void))dsa_get_ctx_md_params }, + (void (*)(void))dsa_get_ctx_md_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, - (void (*)(void))dsa_gettable_ctx_md_params }, + (void (*)(void))dsa_gettable_ctx_md_params }, { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, - (void (*)(void))dsa_set_ctx_md_params }, + (void (*)(void))dsa_set_ctx_md_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, - (void (*)(void))dsa_settable_ctx_md_params }, + (void (*)(void))dsa_settable_ctx_md_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/signature/ecdsa_sig.c.orig +++ crypto/openssl/providers/implementations/signature/ecdsa_sig.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,7 +77,7 @@ /* The Algorithm Identifier of the combined signature algorithm */ unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; unsigned char *aid; - size_t aid_len; + size_t aid_len; size_t mdsize; int operation; @@ -126,12 +126,12 @@ } static int ecdsa_signverify_init(void *vctx, void *ec, - const OSSL_PARAM params[], int operation) + const OSSL_PARAM params[], int operation) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; if (!ossl_prov_is_running() - || ctx == NULL) + || ctx == NULL) return 0; if (ec == NULL && ctx->ec == NULL) { @@ -167,7 +167,7 @@ } static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen, - size_t sigsize, const unsigned char *tbs, size_t tbslen) + size_t sigsize, const unsigned char *tbs, size_t tbslen) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; int ret; @@ -202,7 +202,7 @@ } static int ecdsa_verify(void *vctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *tbs, size_t tbslen) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; @@ -213,7 +213,7 @@ } static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, - const char *mdprops) + const char *mdprops) { EVP_MD *md = NULL; size_t mdname_len; @@ -226,7 +226,7 @@ mdname_len = strlen(mdname); if (mdname_len >= sizeof(ctx->mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s exceeds name buffer length", mdname); + "%s exceeds name buffer length", mdname); return 0; } if (mdprops == NULL) @@ -234,15 +234,15 @@ md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); if (md == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s could not be fetched", mdname); + "%s could not be fetched", mdname); return 0; } sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, - sha1_allowed); + sha1_allowed); if (md_nid < 0) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest=%s", mdname); + "digest=%s", mdname); EVP_MD_free(md); return 0; } @@ -250,7 +250,7 @@ if (!ctx->flag_allow_md) { if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest %s != %s", mdname, ctx->mdname); + "digest %s != %s", mdname, ctx->mdname); EVP_MD_free(md); return 0; } @@ -264,7 +264,7 @@ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) && ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, - md_nid) + md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); @@ -279,8 +279,8 @@ } static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, - void *ec, const OSSL_PARAM params[], - int operation) + void *ec, const OSSL_PARAM params[], + int operation) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; @@ -309,21 +309,21 @@ } static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return ecdsa_digest_signverify_init(vctx, mdname, ec, params, - EVP_PKEY_OP_SIGN); + EVP_PKEY_OP_SIGN); } static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return ecdsa_digest_signverify_init(vctx, mdname, ec, params, - EVP_PKEY_OP_VERIFY); + EVP_PKEY_OP_VERIFY); } int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data, - size_t datalen) + size_t datalen) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; @@ -334,7 +334,7 @@ } int ecdsa_digest_sign_final(void *vctx, unsigned char *sig, size_t *siglen, - size_t sigsize) + size_t sigsize) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -355,7 +355,7 @@ } int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, - size_t siglen) + size_t siglen) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -392,14 +392,13 @@ PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx; PROV_ECDSA_CTX *dstctx; - if (!ossl_prov_is_running()) - return NULL; - - dstctx = OPENSSL_zalloc(sizeof(*srcctx)); - if (dstctx == NULL) + /* Test KATS should not need to be supported */ + if (!ossl_prov_is_running() + || srcctx->kinv != NULL + || srcctx->r != NULL + || (dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL) return NULL; - *dstctx = *srcctx; dstctx->ec = NULL; dstctx->md = NULL; dstctx->mdctx = NULL; @@ -407,30 +406,22 @@ if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec)) goto err; - /* Test KATS should not need to be supported */ - if (srcctx->kinv != NULL || srcctx->r != NULL) - goto err; dstctx->ec = srcctx->ec; if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) goto err; dstctx->md = srcctx->md; - if (srcctx->mdctx != NULL) { - dstctx->mdctx = EVP_MD_CTX_new(); - if (dstctx->mdctx == NULL - || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) - goto err; - } - - if (srcctx->propq != NULL) { - dstctx->propq = OPENSSL_strdup(srcctx->propq); - if (dstctx->propq == NULL) - goto err; - } + if (srcctx->mdctx != NULL + && ((dstctx->mdctx = EVP_MD_CTX_new()) == NULL + || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))) + goto err; + if (srcctx->propq != NULL + && (dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL) + goto err; return dstctx; - err: +err: ecdsa_freectx(dstctx); return NULL; } @@ -452,9 +443,7 @@ return 0; p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL - ? ctx->mdname - : EVP_MD_get0_name(ctx->md))) + if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL ? ctx->mdname : EVP_MD_get0_name(ctx->md))) return 0; return 1; @@ -468,7 +457,7 @@ }; static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -494,9 +483,8 @@ if (p != NULL) { char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_PROPERTIES); + const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, + OSSL_SIGNATURE_PARAM_PROPERTIES); if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) return 0; @@ -532,7 +520,7 @@ }; static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; @@ -588,32 +576,32 @@ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))ecdsa_verify_init }, { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))ecdsa_verify }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, - (void (*)(void))ecdsa_digest_sign_init }, + (void (*)(void))ecdsa_digest_sign_init }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, - (void (*)(void))ecdsa_digest_signverify_update }, + (void (*)(void))ecdsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, - (void (*)(void))ecdsa_digest_sign_final }, + (void (*)(void))ecdsa_digest_sign_final }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, - (void (*)(void))ecdsa_digest_verify_init }, + (void (*)(void))ecdsa_digest_verify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, - (void (*)(void))ecdsa_digest_signverify_update }, + (void (*)(void))ecdsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, - (void (*)(void))ecdsa_digest_verify_final }, + (void (*)(void))ecdsa_digest_verify_final }, { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx }, { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx }, { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))ecdsa_get_ctx_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, - (void (*)(void))ecdsa_gettable_ctx_params }, + (void (*)(void))ecdsa_gettable_ctx_params }, { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))ecdsa_set_ctx_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, - (void (*)(void))ecdsa_settable_ctx_params }, + (void (*)(void))ecdsa_settable_ctx_params }, { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, - (void (*)(void))ecdsa_get_ctx_md_params }, + (void (*)(void))ecdsa_get_ctx_md_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, - (void (*)(void))ecdsa_gettable_ctx_md_params }, + (void (*)(void))ecdsa_gettable_ctx_md_params }, { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, - (void (*)(void))ecdsa_set_ctx_md_params }, + (void (*)(void))ecdsa_set_ctx_md_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, - (void (*)(void))ecdsa_settable_ctx_md_params }, + (void (*)(void))ecdsa_settable_ctx_md_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/signature/eddsa_sig.c.orig +++ crypto/openssl/providers/implementations/signature/eddsa_sig.c @@ -24,23 +24,23 @@ #include "crypto/ecx.h" #ifdef S390X_EC_ASM -# include "s390x_arch.h" +#include "s390x_arch.h" -# define S390X_CAN_SIGN(edtype) \ -((OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_##edtype)) \ -&& (OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_##edtype)) \ -&& (OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_##edtype))) +#define S390X_CAN_SIGN(edtype) \ + ((OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_##edtype)) \ + && (OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_##edtype)) \ + && (OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_##edtype))) static int s390x_ed25519_digestsign(const ECX_KEY *edkey, unsigned char *sig, - const unsigned char *tbs, size_t tbslen); + const unsigned char *tbs, size_t tbslen); static int s390x_ed448_digestsign(const ECX_KEY *edkey, unsigned char *sig, - const unsigned char *tbs, size_t tbslen); + const unsigned char *tbs, size_t tbslen); static int s390x_ed25519_digestverify(const ECX_KEY *edkey, - const unsigned char *sig, - const unsigned char *tbs, size_t tbslen); + const unsigned char *sig, + const unsigned char *tbs, size_t tbslen); static int s390x_ed448_digestverify(const ECX_KEY *edkey, - const unsigned char *sig, - const unsigned char *tbs, size_t tbslen); + const unsigned char *sig, + const unsigned char *tbs, size_t tbslen); #endif /* S390X_EC_ASM */ @@ -62,7 +62,7 @@ /* The Algorithm Identifier of the signature algorithm */ unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; unsigned char *aid; - size_t aid_len; + size_t aid_len; } PROV_EDDSA_CTX; static void *eddsa_newctx(void *provctx, const char *propq_unused) @@ -84,8 +84,8 @@ } static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, - void *vedkey, - ossl_unused const OSSL_PARAM params[]) + void *vedkey, + ossl_unused const OSSL_PARAM params[]) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; ECX_KEY *edkey = (ECX_KEY *)vedkey; @@ -148,8 +148,8 @@ } int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret, - size_t *siglen, size_t sigsize, - const unsigned char *tbs, size_t tbslen) + size_t *siglen, size_t sigsize, + const unsigned char *tbs, size_t tbslen) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; const ECX_KEY *edkey = peddsactx->key; @@ -171,16 +171,17 @@ } #ifdef S390X_EC_ASM if (S390X_CAN_SIGN(ED25519)) { - if (s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen) == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); - return 0; - } - *siglen = ED25519_SIGSIZE; - return 1; + if (s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen) == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); + return 0; + } + *siglen = ED25519_SIGSIZE; + return 1; } #endif /* S390X_EC_ASM */ if (ossl_ed25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey, - peddsactx->libctx, NULL) == 0) { + peddsactx->libctx, NULL) + == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); return 0; } @@ -189,8 +190,8 @@ } int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret, - size_t *siglen, size_t sigsize, - const unsigned char *tbs, size_t tbslen) + size_t *siglen, size_t sigsize, + const unsigned char *tbs, size_t tbslen) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; const ECX_KEY *edkey = peddsactx->key; @@ -213,15 +214,16 @@ #ifdef S390X_EC_ASM if (S390X_CAN_SIGN(ED448)) { if (s390x_ed448_digestsign(edkey, sigret, tbs, tbslen) == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); - return 0; - } - *siglen = ED448_SIGSIZE; - return 1; + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); + return 0; + } + *siglen = ED448_SIGSIZE; + return 1; } #endif /* S390X_EC_ASM */ if (ossl_ed448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey, - edkey->privkey, NULL, 0, edkey->propq) == 0) { + edkey->privkey, NULL, 0, edkey->propq) + == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); return 0; } @@ -230,8 +232,8 @@ } int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) + size_t siglen, const unsigned char *tbs, + size_t tbslen) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; const ECX_KEY *edkey = peddsactx->key; @@ -245,12 +247,12 @@ #endif /* S390X_EC_ASM */ return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey, - peddsactx->libctx, edkey->propq); + peddsactx->libctx, edkey->propq); } int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) + size_t siglen, const unsigned char *tbs, + size_t tbslen) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; const ECX_KEY *edkey = peddsactx->key; @@ -264,7 +266,7 @@ #endif /* S390X_EC_ASM */ return ossl_ed448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey, - NULL, 0, edkey->propq); + NULL, 0, edkey->propq); } static void eddsa_freectx(void *vpeddsactx) @@ -298,7 +300,7 @@ dstctx->key = srcctx->key; return dstctx; - err: +err: eddsa_freectx(dstctx); return NULL; } @@ -312,8 +314,7 @@ return 0; p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); - if (p != NULL && !OSSL_PARAM_set_octet_string(p, peddsactx->aid, - peddsactx->aid_len)) + if (p != NULL && !OSSL_PARAM_set_octet_string(p, peddsactx->aid, peddsactx->aid_len)) return 0; return 1; @@ -325,7 +326,7 @@ }; static const OSSL_PARAM *eddsa_gettable_ctx_params(ossl_unused void *vpeddsactx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -333,43 +334,43 @@ const OSSL_DISPATCH ossl_ed25519_signature_functions[] = { { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))eddsa_newctx }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, - (void (*)(void))eddsa_digest_signverify_init }, + (void (*)(void))eddsa_digest_signverify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN, - (void (*)(void))ed25519_digest_sign }, + (void (*)(void))ed25519_digest_sign }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, - (void (*)(void))eddsa_digest_signverify_init }, + (void (*)(void))eddsa_digest_signverify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY, - (void (*)(void))ed25519_digest_verify }, + (void (*)(void))ed25519_digest_verify }, { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx }, { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx }, { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, - (void (*)(void))eddsa_gettable_ctx_params }, + (void (*)(void))eddsa_gettable_ctx_params }, { 0, NULL } }; const OSSL_DISPATCH ossl_ed448_signature_functions[] = { { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))eddsa_newctx }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, - (void (*)(void))eddsa_digest_signverify_init }, + (void (*)(void))eddsa_digest_signverify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN, - (void (*)(void))ed448_digest_sign }, + (void (*)(void))ed448_digest_sign }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, - (void (*)(void))eddsa_digest_signverify_init }, + (void (*)(void))eddsa_digest_signverify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY, - (void (*)(void))ed448_digest_verify }, + (void (*)(void))ed448_digest_verify }, { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))eddsa_freectx }, { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))eddsa_dupctx }, { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))eddsa_get_ctx_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, - (void (*)(void))eddsa_gettable_ctx_params }, + (void (*)(void))eddsa_gettable_ctx_params }, { 0, NULL } }; #ifdef S390X_EC_ASM static int s390x_ed25519_digestsign(const ECX_KEY *edkey, unsigned char *sig, - const unsigned char *tbs, size_t tbslen) + const unsigned char *tbs, size_t tbslen) { int rc; union { @@ -394,7 +395,7 @@ } static int s390x_ed448_digestsign(const ECX_KEY *edkey, unsigned char *sig, - const unsigned char *tbs, size_t tbslen) + const unsigned char *tbs, size_t tbslen) { int rc; union { @@ -421,8 +422,8 @@ } static int s390x_ed25519_digestverify(const ECX_KEY *edkey, - const unsigned char *sig, - const unsigned char *tbs, size_t tbslen) + const unsigned char *sig, + const unsigned char *tbs, size_t tbslen) { union { struct { @@ -438,13 +439,16 @@ s390x_flip_endian32(param.ed25519.pub, edkey->pubkey); return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519, - ¶m.ed25519, tbs, tbslen) == 0 ? 1 : 0; + ¶m.ed25519, tbs, tbslen) + == 0 + ? 1 + : 0; } static int s390x_ed448_digestverify(const ECX_KEY *edkey, - const unsigned char *sig, - const unsigned char *tbs, - size_t tbslen) + const unsigned char *sig, + const unsigned char *tbs, + size_t tbslen) { union { struct { @@ -463,7 +467,10 @@ s390x_flip_endian64(param.ed448.pub, param.ed448.pub); return s390x_kdsa(S390X_EDDSA_VERIFY_ED448, - ¶m.ed448, tbs, tbslen) == 0 ? 1 : 0; + ¶m.ed448, tbs, tbslen) + == 0 + ? 1 + : 0; } #endif /* S390X_EC_ASM */ --- crypto/openssl/providers/implementations/signature/mac_legacy_sig.c.orig +++ crypto/openssl/providers/implementations/signature/mac_legacy_sig.c @@ -18,7 +18,7 @@ #include #include #ifndef FIPS_MODULE -# include +#include #endif #include "prov/implementations.h" #include "prov/provider_ctx.h" @@ -77,17 +77,17 @@ return pmacctx; - err: +err: OPENSSL_free(pmacctx->propq); OPENSSL_free(pmacctx); EVP_MAC_free(mac); return NULL; } -#define MAC_NEWCTX(funcname, macname) \ +#define MAC_NEWCTX(funcname, macname) \ static void *mac_##funcname##_newctx(void *provctx, const char *propq) \ - { \ - return mac_newctx(provctx, propq, macname); \ + { \ + return mac_newctx(provctx, propq, macname); \ } MAC_NEWCTX(hmac, "HMAC") @@ -96,7 +96,7 @@ MAC_NEWCTX(cmac, "CMAC") static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx; const char *ciphername = NULL, *engine = NULL; @@ -125,22 +125,22 @@ #endif if (!ossl_prov_set_macctx(pmacctx->macctx, NULL, - (char *)ciphername, - (char *)mdname, - (char *)engine, - pmacctx->key->properties, - NULL, 0)) + (char *)ciphername, + (char *)mdname, + (char *)engine, + pmacctx->key->properties, + NULL, 0)) return 0; if (!EVP_MAC_init(pmacctx->macctx, pmacctx->key->priv_key, - pmacctx->key->priv_key_len, params)) + pmacctx->key->priv_key_len, params)) return 0; return 1; } int mac_digest_sign_update(void *vpmacctx, const unsigned char *data, - size_t datalen) + size_t datalen) { PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx; @@ -151,7 +151,7 @@ } int mac_digest_sign_final(void *vpmacctx, unsigned char *mac, size_t *maclen, - size_t macsize) + size_t macsize) { PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx; @@ -202,7 +202,7 @@ } return dstctx; - err: +err: mac_freectx(dstctx); return NULL; } @@ -215,11 +215,11 @@ } static const OSSL_PARAM *mac_settable_ctx_params(ossl_unused void *ctx, - void *provctx, - const char *macname) + void *provctx, + const char *macname) { EVP_MAC *mac = EVP_MAC_fetch(PROV_LIBCTX_OF(provctx), macname, - NULL); + NULL); const OSSL_PARAM *params; if (mac == NULL) @@ -231,11 +231,11 @@ return params; } -#define MAC_SETTABLE_CTX_PARAMS(funcname, macname) \ +#define MAC_SETTABLE_CTX_PARAMS(funcname, macname) \ static const OSSL_PARAM *mac_##funcname##_settable_ctx_params(void *ctx, \ - void *provctx) \ - { \ - return mac_settable_ctx_params(ctx, provctx, macname); \ + void *provctx) \ + { \ + return mac_settable_ctx_params(ctx, provctx, macname); \ } MAC_SETTABLE_CTX_PARAMS(hmac, "HMAC") @@ -243,22 +243,22 @@ MAC_SETTABLE_CTX_PARAMS(poly1305, "POLY1305") MAC_SETTABLE_CTX_PARAMS(cmac, "CMAC") -#define MAC_SIGNATURE_FUNCTIONS(funcname) \ - const OSSL_DISPATCH ossl_mac_legacy_##funcname##_signature_functions[] = { \ +#define MAC_SIGNATURE_FUNCTIONS(funcname) \ + const OSSL_DISPATCH ossl_mac_legacy_##funcname##_signature_functions[] = { \ { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))mac_##funcname##_newctx }, \ - { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, \ - (void (*)(void))mac_digest_sign_init }, \ - { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, \ - (void (*)(void))mac_digest_sign_update }, \ - { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, \ - (void (*)(void))mac_digest_sign_final }, \ - { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))mac_freectx }, \ - { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))mac_dupctx }, \ - { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \ - (void (*)(void))mac_set_ctx_params }, \ - { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \ - (void (*)(void))mac_##funcname##_settable_ctx_params }, \ - { 0, NULL } \ + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, \ + (void (*)(void))mac_digest_sign_init }, \ + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, \ + (void (*)(void))mac_digest_sign_update }, \ + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, \ + (void (*)(void))mac_digest_sign_final }, \ + { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))mac_freectx }, \ + { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))mac_dupctx }, \ + { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \ + (void (*)(void))mac_set_ctx_params }, \ + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \ + (void (*)(void))mac_##funcname##_settable_ctx_params }, \ + { 0, NULL } \ }; MAC_SIGNATURE_FUNCTIONS(hmac) --- crypto/openssl/providers/implementations/signature/rsa_sig.c.orig +++ crypto/openssl/providers/implementations/signature/rsa_sig.c @@ -59,11 +59,11 @@ static OSSL_FUNC_signature_settable_ctx_md_params_fn rsa_settable_ctx_md_params; static OSSL_ITEM padding_item[] = { - { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, - { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, - { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, - { RSA_PKCS1_PSS_PADDING, OSSL_PKEY_RSA_PAD_MODE_PSS }, - { 0, NULL } + { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, + { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, + { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, + { RSA_PKCS1_PSS_PADDING, OSSL_PKEY_RSA_PAD_MODE_PSS }, + { 0, NULL } }; /* @@ -120,33 +120,33 @@ } static int rsa_check_padding(const PROV_RSA_CTX *prsactx, - const char *mdname, const char *mgf1_mdname, - int mdnid) + const char *mdname, const char *mgf1_mdname, + int mdnid) { - switch(prsactx->pad_mode) { - case RSA_NO_PADDING: - if (mdname != NULL || mdnid != NID_undef) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); - return 0; - } - break; - case RSA_X931_PADDING: - if (RSA_X931_hash_id(mdnid) == -1) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_X931_DIGEST); + switch (prsactx->pad_mode) { + case RSA_NO_PADDING: + if (mdname != NULL || mdnid != NID_undef) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); + return 0; + } + break; + case RSA_X931_PADDING: + if (RSA_X931_hash_id(mdnid) == -1) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_X931_DIGEST); + return 0; + } + break; + case RSA_PKCS1_PSS_PADDING: + if (rsa_pss_restricted(prsactx)) + if ((mdname != NULL && !EVP_MD_is_a(prsactx->md, mdname)) + || (mgf1_mdname != NULL + && !EVP_MD_is_a(prsactx->mgf1_md, mgf1_mdname))) { + ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED); return 0; } - break; - case RSA_PKCS1_PSS_PADDING: - if (rsa_pss_restricted(prsactx)) - if ((mdname != NULL && !EVP_MD_is_a(prsactx->md, mdname)) - || (mgf1_mdname != NULL - && !EVP_MD_is_a(prsactx->mgf1_md, mgf1_mdname))) { - ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED); - return 0; - } - break; - default: - break; + break; + default: + break; } return 1; @@ -198,7 +198,7 @@ static int rsa_pss_compute_saltlen(PROV_RSA_CTX *ctx) { int saltlen = ctx->saltlen; - + if (saltlen == RSA_PSS_SALTLEN_DIGEST) { saltlen = EVP_MD_get_size(ctx->md); } else if (saltlen == RSA_PSS_SALTLEN_AUTO || saltlen == RSA_PSS_SALTLEN_MAX) { @@ -211,17 +211,17 @@ return -1; } else if (saltlen < ctx->min_saltlen) { ERR_raise_data(ERR_LIB_PROV, PROV_R_PSS_SALTLEN_TOO_SMALL, - "minimum salt length: %d, actual salt length: %d", - ctx->min_saltlen, saltlen); + "minimum salt length: %d, actual salt length: %d", + ctx->min_saltlen, saltlen); return -1; } return saltlen; } static unsigned char *rsa_generate_signature_aid(PROV_RSA_CTX *ctx, - unsigned char *aid_buf, - size_t buf_len, - size_t *aid_len) + unsigned char *aid_buf, + size_t buf_len, + size_t *aid_len) { WPACKET pkt; unsigned char *aid = NULL; @@ -234,10 +234,10 @@ return NULL; } - switch(ctx->pad_mode) { + switch (ctx->pad_mode) { case RSA_PKCS1_PADDING: ret = ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1, - ctx->mdnid); + ctx->mdnid); if (ret > 0) { break; @@ -246,8 +246,8 @@ goto cleanup; } ERR_raise_data(ERR_LIB_PROV, ERR_R_UNSUPPORTED, - "Algorithm ID generation - md NID: %d", - ctx->mdnid); + "Algorithm ID generation - md NID: %d", + ctx->mdnid); goto cleanup; case RSA_PKCS1_PSS_PADDING: saltlen = rsa_pss_compute_saltlen(ctx); @@ -256,32 +256,32 @@ if (!ossl_rsa_pss_params_30_set_defaults(&pss_params) || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, ctx->mdnid) || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params, - ctx->mgf1_mdnid) + ctx->mgf1_mdnid) || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen) || !ossl_DER_w_algorithmIdentifier_RSA_PSS(&pkt, -1, - RSA_FLAG_TYPE_RSASSAPSS, - &pss_params)) { + RSA_FLAG_TYPE_RSASSAPSS, + &pss_params)) { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); goto cleanup; } break; default: ERR_raise_data(ERR_LIB_PROV, ERR_R_UNSUPPORTED, - "Algorithm ID generation - pad mode: %d", - ctx->pad_mode); + "Algorithm ID generation - pad mode: %d", + ctx->pad_mode); goto cleanup; } if (WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, aid_len); aid = WPACKET_get_curr(&pkt); } - cleanup: +cleanup: WPACKET_cleanup(&pkt); return aid; } static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, - const char *mdprops) + const char *mdprops) { if (mdprops == NULL) mdprops = ctx->propq; @@ -290,7 +290,7 @@ EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, - sha1_allowed); + sha1_allowed); size_t mdname_len = strlen(mdname); if (md == NULL @@ -299,13 +299,13 @@ || mdname_len >= sizeof(ctx->mdname)) { if (md == NULL) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s could not be fetched", mdname); + "%s could not be fetched", mdname); if (md_nid <= 0) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest=%s", mdname); + "digest=%s", mdname); if (mdname_len >= sizeof(ctx->mdname)) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s exceeds name buffer length", mdname); + "%s exceeds name buffer length", mdname); EVP_MD_free(md); return 0; } @@ -313,7 +313,7 @@ if (!ctx->flag_allow_md) { if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest %s != %s", mdname, ctx->mdname); + "digest %s != %s", mdname, ctx->mdname); EVP_MD_free(md); return 0; } @@ -345,7 +345,7 @@ } static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, - const char *mdprops) + const char *mdprops) { size_t len; EVP_MD *md = NULL; @@ -356,7 +356,7 @@ if ((md = EVP_MD_fetch(ctx->libctx, mdname, mdprops)) == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s could not be fetched", mdname); + "%s could not be fetched", mdname); return 0; } /* The default for mgf1 is SHA1 - so allow SHA1 */ @@ -364,14 +364,14 @@ || !rsa_check_padding(ctx, NULL, mdname, mdnid)) { if (mdnid <= 0) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest=%s", mdname); + "digest=%s", mdname); EVP_MD_free(md); return 0; } len = OPENSSL_strlcpy(ctx->mgf1_mdname, mdname, sizeof(ctx->mgf1_mdname)); if (len >= sizeof(ctx->mgf1_mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s exceeds name buffer length", mdname); + "%s exceeds name buffer length", mdname); EVP_MD_free(md); return 0; } @@ -384,7 +384,7 @@ } static int rsa_signverify_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[], int operation) + const OSSL_PARAM params[], int operation) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -420,8 +420,7 @@ prsactx->pad_mode = RSA_PKCS1_PSS_PADDING; { - const RSA_PSS_PARAMS_30 *pss = - ossl_rsa_get0_pss_params_30(prsactx->rsa); + const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30(prsactx->rsa); if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) { int md_nid = ossl_rsa_pss_params_30_hashalg(pss); @@ -435,27 +434,27 @@ if (mdname == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "PSS restrictions lack hash algorithm"); + "PSS restrictions lack hash algorithm"); return 0; } if (mgf1mdname == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "PSS restrictions lack MGF1 hash algorithm"); + "PSS restrictions lack MGF1 hash algorithm"); return 0; } len = OPENSSL_strlcpy(prsactx->mdname, mdname, - sizeof(prsactx->mdname)); + sizeof(prsactx->mdname)); if (len >= sizeof(prsactx->mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "hash algorithm name too long"); + "hash algorithm name too long"); return 0; } len = OPENSSL_strlcpy(prsactx->mgf1_mdname, mgf1mdname, - sizeof(prsactx->mgf1_mdname)); + sizeof(prsactx->mgf1_mdname)); if (len >= sizeof(prsactx->mgf1_mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "MGF1 hash algorithm name too long"); + "MGF1 hash algorithm name too long"); return 0; } prsactx->saltlen = min_saltlen; @@ -512,7 +511,7 @@ } static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, - size_t sigsize, const unsigned char *tbs, size_t tbslen) + size_t sigsize, const unsigned char *tbs, size_t tbslen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -529,7 +528,7 @@ if (sigsize < rsasize) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SIGNATURE_SIZE, - "is %zu, should be at least %zu", sigsize, rsasize); + "is %zu, should be at least %zu", sigsize, rsasize); return 0; } @@ -545,11 +544,11 @@ if (prsactx->pad_mode != RSA_PKCS1_PADDING) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE, - "only PKCS#1 padding supported with MDC2"); + "only PKCS#1 padding supported with MDC2"); return 0; } ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, - prsactx->rsa); + prsactx->rsa); if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); @@ -563,8 +562,8 @@ case RSA_X931_PADDING: if ((size_t)RSA_size(prsactx->rsa) < tbslen + 1) { ERR_raise_data(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL, - "RSA key size = %d, expected minimum = %d", - RSA_size(prsactx->rsa), tbslen + 1); + "RSA key size = %d, expected minimum = %d", + RSA_size(prsactx->rsa), tbslen + 1); return 0; } if (!setup_tbuf(prsactx)) { @@ -574,23 +573,21 @@ memcpy(prsactx->tbuf, tbs, tbslen); prsactx->tbuf[tbslen] = RSA_X931_hash_id(prsactx->mdnid); ret = RSA_private_encrypt(tbslen + 1, prsactx->tbuf, - sig, prsactx->rsa, RSA_X931_PADDING); + sig, prsactx->rsa, RSA_X931_PADDING); clean_tbuf(prsactx); break; - case RSA_PKCS1_PADDING: - { - unsigned int sltmp; + case RSA_PKCS1_PADDING: { + unsigned int sltmp; - ret = RSA_sign(prsactx->mdnid, tbs, tbslen, sig, &sltmp, - prsactx->rsa); - if (ret <= 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); - return 0; - } - ret = sltmp; + ret = RSA_sign(prsactx->mdnid, tbs, tbslen, sig, &sltmp, + prsactx->rsa); + if (ret <= 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); + return 0; } - break; + ret = sltmp; + } break; case RSA_PKCS1_PSS_PADDING: /* Check PSS restrictions */ @@ -599,11 +596,11 @@ case RSA_PSS_SALTLEN_DIGEST: if (prsactx->min_saltlen > EVP_MD_get_size(prsactx->md)) { ERR_raise_data(ERR_LIB_PROV, - PROV_R_PSS_SALTLEN_TOO_SMALL, - "minimum salt length set to %d, " - "but the digest only gives %d", - prsactx->min_saltlen, - EVP_MD_get_size(prsactx->md)); + PROV_R_PSS_SALTLEN_TOO_SMALL, + "minimum salt length set to %d, " + "but the digest only gives %d", + prsactx->min_saltlen, + EVP_MD_get_size(prsactx->md)); return 0; } /* FALLTHRU */ @@ -611,11 +608,11 @@ if (prsactx->saltlen >= 0 && prsactx->saltlen < prsactx->min_saltlen) { ERR_raise_data(ERR_LIB_PROV, - PROV_R_PSS_SALTLEN_TOO_SMALL, - "minimum salt length set to %d, but the" - "actual salt length is only set to %d", - prsactx->min_saltlen, - prsactx->saltlen); + PROV_R_PSS_SALTLEN_TOO_SMALL, + "minimum salt length set to %d, but the" + "actual salt length is only set to %d", + prsactx->min_saltlen, + prsactx->saltlen); return 0; } break; @@ -624,29 +621,29 @@ if (!setup_tbuf(prsactx)) return 0; if (!RSA_padding_add_PKCS1_PSS_mgf1(prsactx->rsa, - prsactx->tbuf, tbs, - prsactx->md, prsactx->mgf1_md, - prsactx->saltlen)) { + prsactx->tbuf, tbs, + prsactx->md, prsactx->mgf1_md, + prsactx->saltlen)) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } ret = RSA_private_encrypt(RSA_size(prsactx->rsa), prsactx->tbuf, - sig, prsactx->rsa, RSA_NO_PADDING); + sig, prsactx->rsa, RSA_NO_PADDING); clean_tbuf(prsactx); break; default: ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE, - "Only X.931, PKCS#1 v1.5 or PSS padding allowed"); + "Only X.931, PKCS#1 v1.5 or PSS padding allowed"); return 0; } } else { ret = RSA_private_encrypt(tbslen, tbs, sig, prsactx->rsa, - prsactx->pad_mode); + prsactx->pad_mode); } #ifndef FIPS_MODULE - end: +end: #endif if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); @@ -658,20 +655,20 @@ } static int rsa_verify_recover_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; return rsa_signverify_init(vprsactx, vrsa, params, - EVP_PKEY_OP_VERIFYRECOVER); + EVP_PKEY_OP_VERIFYRECOVER); } static int rsa_verify_recover(void *vprsactx, - unsigned char *rout, - size_t *routlen, - size_t routsize, - const unsigned char *sig, - size_t siglen) + unsigned char *rout, + size_t *routlen, + size_t routsize, + const unsigned char *sig, + size_t siglen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -690,7 +687,7 @@ if (!setup_tbuf(prsactx)) return 0; ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, - RSA_X931_PADDING); + RSA_X931_PADDING); if (ret < 1) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; @@ -702,8 +699,8 @@ } if (ret != EVP_MD_get_size(prsactx->md)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH, - "Should be %d, but got %d", - EVP_MD_get_size(prsactx->md), ret); + "Should be %d, but got %d", + EVP_MD_get_size(prsactx->md), ret); return 0; } @@ -711,36 +708,34 @@ if (rout != prsactx->tbuf) { if (routsize < (size_t)ret) { ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL, - "buffer size is %d, should be %d", - routsize, ret); + "buffer size is %d, should be %d", + routsize, ret); return 0; } memcpy(rout, prsactx->tbuf, ret); } break; - case RSA_PKCS1_PADDING: - { - size_t sltmp; + case RSA_PKCS1_PADDING: { + size_t sltmp; - ret = ossl_rsa_verify(prsactx->mdnid, NULL, 0, rout, &sltmp, - sig, siglen, prsactx->rsa); - if (ret <= 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); - return 0; - } - ret = sltmp; + ret = ossl_rsa_verify(prsactx->mdnid, NULL, 0, rout, &sltmp, + sig, siglen, prsactx->rsa); + if (ret <= 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); + return 0; } - break; + ret = sltmp; + } break; default: ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE, - "Only X.931 or PKCS#1 v1.5 padding allowed"); + "Only X.931 or PKCS#1 v1.5 padding allowed"); return 0; } } else { ret = RSA_public_decrypt(siglen, sig, rout, prsactx->rsa, - prsactx->pad_mode); + prsactx->pad_mode); if (ret < 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; @@ -751,7 +746,7 @@ } static int rsa_verify_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; @@ -759,7 +754,7 @@ } static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *tbs, size_t tbslen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; size_t rslen; @@ -770,7 +765,7 @@ switch (prsactx->pad_mode) { case RSA_PKCS1_PADDING: if (!RSA_verify(prsactx->mdnid, tbs, tbslen, sig, siglen, - prsactx->rsa)) { + prsactx->rsa)) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } @@ -779,47 +774,47 @@ if (!setup_tbuf(prsactx)) return 0; if (rsa_verify_recover(prsactx, prsactx->tbuf, &rslen, 0, - sig, siglen) <= 0) + sig, siglen) + <= 0) return 0; break; - case RSA_PKCS1_PSS_PADDING: - { - int ret; - size_t mdsize; - - /* - * We need to check this for the RSA_verify_PKCS1_PSS_mgf1() - * call - */ - mdsize = rsa_get_md_size(prsactx); - if (tbslen != mdsize) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH, - "Should be %d, but got %d", - mdsize, tbslen); - return 0; - } + case RSA_PKCS1_PSS_PADDING: { + int ret; + size_t mdsize; - if (!setup_tbuf(prsactx)) - return 0; - ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, - prsactx->rsa, RSA_NO_PADDING); - if (ret <= 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); - return 0; - } - ret = RSA_verify_PKCS1_PSS_mgf1(prsactx->rsa, tbs, - prsactx->md, prsactx->mgf1_md, - prsactx->tbuf, - prsactx->saltlen); - if (ret <= 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); - return 0; - } - return 1; + /* + * We need to check this for the RSA_verify_PKCS1_PSS_mgf1() + * call + */ + mdsize = rsa_get_md_size(prsactx); + if (tbslen != mdsize) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH, + "Should be %d, but got %d", + mdsize, tbslen); + return 0; + } + + if (!setup_tbuf(prsactx)) + return 0; + ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, + prsactx->rsa, RSA_NO_PADDING); + if (ret <= 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); + return 0; } + ret = RSA_verify_PKCS1_PSS_mgf1(prsactx->rsa, tbs, + prsactx->md, prsactx->mgf1_md, + prsactx->tbuf, + prsactx->saltlen); + if (ret <= 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); + return 0; + } + return 1; + } default: ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE, - "Only X.931, PKCS#1 v1.5 or PSS padding allowed"); + "Only X.931, PKCS#1 v1.5 or PSS padding allowed"); return 0; } } else { @@ -828,7 +823,7 @@ if (!setup_tbuf(prsactx)) return 0; ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, - prsactx->pad_mode); + prsactx->pad_mode); if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; @@ -843,8 +838,8 @@ } static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, - void *vrsa, const OSSL_PARAM params[], - int operation) + void *vrsa, const OSSL_PARAM params[], + int operation) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -873,15 +868,15 @@ return 1; - error: +error: EVP_MD_CTX_free(prsactx->mdctx); prsactx->mdctx = NULL; return 0; } static int rsa_digest_signverify_update(void *vprsactx, - const unsigned char *data, - size_t datalen) + const unsigned char *data, + size_t datalen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -892,16 +887,16 @@ } static int rsa_digest_sign_init(void *vprsactx, const char *mdname, - void *vrsa, const OSSL_PARAM params[]) + void *vrsa, const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; return rsa_digest_signverify_init(vprsactx, mdname, vrsa, - params, EVP_PKEY_OP_SIGN); + params, EVP_PKEY_OP_SIGN); } static int rsa_digest_sign_final(void *vprsactx, unsigned char *sig, - size_t *siglen, size_t sigsize) + size_t *siglen, size_t sigsize) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -929,16 +924,16 @@ } static int rsa_digest_verify_init(void *vprsactx, const char *mdname, - void *vrsa, const OSSL_PARAM params[]) + void *vrsa, const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; return rsa_digest_signverify_init(vprsactx, mdname, vrsa, - params, EVP_PKEY_OP_VERIFY); + params, EVP_PKEY_OP_VERIFY); } int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, - size_t siglen) + size_t siglen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -1017,7 +1012,7 @@ if (srcctx->mdctx != NULL) { dstctx->mdctx = EVP_MD_CTX_new(); if (dstctx->mdctx == NULL - || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) + || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) goto err; } @@ -1028,7 +1023,7 @@ } return dstctx; - err: +err: rsa_freectx(dstctx); return NULL; } @@ -1046,10 +1041,10 @@ /* The Algorithm Identifier of the combined signature algorithm */ unsigned char aid_buf[128]; unsigned char *aid; - size_t aid_len; + size_t aid_len; aid = rsa_generate_signature_aid(prsactx, aid_buf, - sizeof(aid_buf), &aid_len); + sizeof(aid_buf), &aid_len); if (aid == NULL || !OSSL_PARAM_set_octet_string(p, aid, aid_len)) return 0; } @@ -1061,26 +1056,24 @@ if (!OSSL_PARAM_set_int(p, prsactx->pad_mode)) return 0; break; - case OSSL_PARAM_UTF8_STRING: - { - int i; - const char *word = NULL; - - for (i = 0; padding_item[i].id != 0; i++) { - if (prsactx->pad_mode == (int)padding_item[i].id) { - word = padding_item[i].ptr; - break; - } - } + case OSSL_PARAM_UTF8_STRING: { + int i; + const char *word = NULL; - if (word != NULL) { - if (!OSSL_PARAM_set_utf8_string(p, word)) - return 0; - } else { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + for (i = 0; padding_item[i].id != 0; i++) { + if (prsactx->pad_mode == (int)padding_item[i].id) { + word = padding_item[i].ptr; + break; } } - break; + + if (word != NULL) { + if (!OSSL_PARAM_set_utf8_string(p, word)) + return 0; + } else { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + } + } break; default: return 0; } @@ -1111,16 +1104,15 @@ case RSA_PSS_SALTLEN_AUTO: value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO; break; - default: - { - int len = BIO_snprintf(p->data, p->data_size, "%d", - prsactx->saltlen); + default: { + int len = BIO_snprintf(p->data, p->data_size, "%d", + prsactx->saltlen); - if (len <= 0) - return 0; - p->return_size = len; - break; - } + if (len <= 0) + return 0; + p->return_size = len; + break; + } } if (value != NULL && !OSSL_PARAM_set_utf8_string(p, value)) @@ -1141,7 +1133,7 @@ }; static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -1167,9 +1159,8 @@ p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); if (p != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_PROPERTIES); + const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, + OSSL_SIGNATURE_PARAM_PROPERTIES); pmdname = mdname; if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) @@ -1178,7 +1169,7 @@ if (propsp != NULL) { pmdprops = mdprops; if (!OSSL_PARAM_get_utf8_string(propsp, - &pmdprops, sizeof(mdprops))) + &pmdprops, sizeof(mdprops))) return 0; } } @@ -1192,21 +1183,19 @@ if (!OSSL_PARAM_get_int(p, &pad_mode)) return 0; break; - case OSSL_PARAM_UTF8_STRING: - { - int i; + case OSSL_PARAM_UTF8_STRING: { + int i; - if (p->data == NULL) - return 0; + if (p->data == NULL) + return 0; - for (i = 0; padding_item[i].id != 0; i++) { - if (strcmp(p->data, padding_item[i].ptr) == 0) { - pad_mode = padding_item[i].id; - break; - } + for (i = 0; padding_item[i].id != 0; i++) { + if (strcmp(p->data, padding_item[i].ptr) == 0) { + pad_mode = padding_item[i].id; + break; } } - break; + } break; default: return 0; } @@ -1221,9 +1210,9 @@ goto bad_pad; case RSA_PKCS1_PSS_PADDING: if ((prsactx->operation - & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)) == 0) { - err_extra_text = - "PSS padding only allowed for sign and verify operations"; + & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)) + == 0) { + err_extra_text = "PSS padding only allowed for sign and verify operations"; goto bad_pad; } break; @@ -1237,18 +1226,19 @@ err_extra_text = "X.931 padding not allowed with RSA-PSS"; cont: if (RSA_test_flags(prsactx->rsa, - RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA) + RSA_FLAG_TYPE_MASK) + == RSA_FLAG_TYPE_RSA) break; /* FALLTHRU */ default: bad_pad: if (err_extra_text == NULL) ERR_raise(ERR_LIB_PROV, - PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); + PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); else ERR_raise_data(ERR_LIB_PROV, - PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE, - err_extra_text); + PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE, + err_extra_text); return 0; } } @@ -1257,8 +1247,8 @@ if (p != NULL) { if (pad_mode != RSA_PKCS1_PSS_PADDING) { ERR_raise_data(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED, - "PSS saltlen can only be specified if " - "PSS padding has been specified first"); + "PSS saltlen can only be specified if " + "PSS padding has been specified first"); return 0; } @@ -1296,28 +1286,28 @@ case RSA_PSS_SALTLEN_AUTO: if (prsactx->operation == EVP_PKEY_OP_VERIFY) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH, - "Cannot use autodetected salt length"); + "Cannot use autodetected salt length"); return 0; } break; case RSA_PSS_SALTLEN_DIGEST: if (prsactx->min_saltlen > EVP_MD_get_size(prsactx->md)) { ERR_raise_data(ERR_LIB_PROV, - PROV_R_PSS_SALTLEN_TOO_SMALL, - "Should be more than %d, but would be " - "set to match digest size (%d)", - prsactx->min_saltlen, - EVP_MD_get_size(prsactx->md)); + PROV_R_PSS_SALTLEN_TOO_SMALL, + "Should be more than %d, but would be " + "set to match digest size (%d)", + prsactx->min_saltlen, + EVP_MD_get_size(prsactx->md)); return 0; } break; default: if (saltlen >= 0 && saltlen < prsactx->min_saltlen) { ERR_raise_data(ERR_LIB_PROV, - PROV_R_PSS_SALTLEN_TOO_SMALL, - "Should be more than %d, " - "but would be set to %d", - prsactx->min_saltlen, saltlen); + PROV_R_PSS_SALTLEN_TOO_SMALL, + "Should be more than %d, " + "but would be set to %d", + prsactx->min_saltlen, saltlen); return 0; } } @@ -1326,9 +1316,8 @@ p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_MGF1_DIGEST); if (p != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES); + const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, + OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES); pmgf1mdname = mgf1mdname; if (!OSSL_PARAM_get_utf8_string(p, &pmgf1mdname, sizeof(mgf1mdname))) @@ -1337,13 +1326,13 @@ if (propsp != NULL) { pmgf1mdprops = mgf1mdprops; if (!OSSL_PARAM_get_utf8_string(propsp, - &pmgf1mdprops, sizeof(mgf1mdprops))) + &pmgf1mdprops, sizeof(mgf1mdprops))) return 0; } if (pad_mode != RSA_PKCS1_PSS_PADDING) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MGF1_MD); - return 0; + return 0; } } @@ -1387,7 +1376,7 @@ }; static const OSSL_PARAM *rsa_settable_ctx_params(void *vprsactx, - ossl_unused void *provctx) + ossl_unused void *provctx) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -1443,36 +1432,36 @@ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))rsa_verify_init }, { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))rsa_verify }, { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, - (void (*)(void))rsa_verify_recover_init }, + (void (*)(void))rsa_verify_recover_init }, { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, - (void (*)(void))rsa_verify_recover }, + (void (*)(void))rsa_verify_recover }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, - (void (*)(void))rsa_digest_sign_init }, + (void (*)(void))rsa_digest_sign_init }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, - (void (*)(void))rsa_digest_signverify_update }, + (void (*)(void))rsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, - (void (*)(void))rsa_digest_sign_final }, + (void (*)(void))rsa_digest_sign_final }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, - (void (*)(void))rsa_digest_verify_init }, + (void (*)(void))rsa_digest_verify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, - (void (*)(void))rsa_digest_signverify_update }, + (void (*)(void))rsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, - (void (*)(void))rsa_digest_verify_final }, + (void (*)(void))rsa_digest_verify_final }, { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))rsa_freectx }, { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))rsa_dupctx }, { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))rsa_get_ctx_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, - (void (*)(void))rsa_gettable_ctx_params }, + (void (*)(void))rsa_gettable_ctx_params }, { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))rsa_set_ctx_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, - (void (*)(void))rsa_settable_ctx_params }, + (void (*)(void))rsa_settable_ctx_params }, { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, - (void (*)(void))rsa_get_ctx_md_params }, + (void (*)(void))rsa_get_ctx_md_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, - (void (*)(void))rsa_gettable_ctx_md_params }, + (void (*)(void))rsa_gettable_ctx_md_params }, { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, - (void (*)(void))rsa_set_ctx_md_params }, + (void (*)(void))rsa_set_ctx_md_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, - (void (*)(void))rsa_settable_ctx_md_params }, + (void (*)(void))rsa_settable_ctx_md_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/signature/sm2_sig.c.orig +++ crypto/openssl/providers/implementations/signature/sm2_sig.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ /* * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use - SM2 implemetation uses ECDSA_size() function. + * internal use - SM2 implementation uses ECDSA_size() function. */ #include "internal/deprecated.h" @@ -66,9 +66,9 @@ EC_KEY *ec; /* - * Flag to termine if the 'z' digest needs to be computed and fed to the + * Flag to determine if the 'z' digest needs to be computed and fed to the * hash function. - * This flag should be set on initialization and the compuation should + * This flag should be set on initialization and the computation should * be performed only once, on first update. */ unsigned int flag_compute_z_digest : 1; @@ -78,7 +78,7 @@ /* The Algorithm Identifier of the combined signature algorithm */ unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; unsigned char *aid; - size_t aid_len; + size_t aid_len; /* main digest */ EVP_MD *md; @@ -94,7 +94,7 @@ { if (psm2ctx->md == NULL) /* We need an SM3 md to compare with */ psm2ctx->md = EVP_MD_fetch(psm2ctx->libctx, psm2ctx->mdname, - psm2ctx->propq); + psm2ctx->propq); if (psm2ctx->md == NULL) return 0; @@ -104,7 +104,7 @@ if (strlen(mdname) >= sizeof(psm2ctx->mdname) || !EVP_MD_is_a(psm2ctx->md, mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, "digest=%s", - mdname); + mdname); return 0; } @@ -131,12 +131,12 @@ } static int sm2sig_signature_init(void *vpsm2ctx, void *ec, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; if (!ossl_prov_is_running() - || psm2ctx == NULL) + || psm2ctx == NULL) return 0; if (ec == NULL && psm2ctx->ec == NULL) { @@ -155,7 +155,7 @@ } static int sm2sig_sign(void *vpsm2ctx, unsigned char *sig, size_t *siglen, - size_t sigsize, const unsigned char *tbs, size_t tbslen) + size_t sigsize, const unsigned char *tbs, size_t tbslen) { PROV_SM2_CTX *ctx = (PROV_SM2_CTX *)vpsm2ctx; int ret; @@ -183,7 +183,7 @@ } static int sm2sig_verify(void *vpsm2ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) + const unsigned char *tbs, size_t tbslen) { PROV_SM2_CTX *ctx = (PROV_SM2_CTX *)vpsm2ctx; @@ -202,13 +202,19 @@ } static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, - void *ec, const OSSL_PARAM params[]) + void *ec, const OSSL_PARAM params[]) { PROV_SM2_CTX *ctx = (PROV_SM2_CTX *)vpsm2ctx; int md_nid; WPACKET pkt; int ret = 0; + /* + * Each EVP_Digest{Sign,Verify}Init_ex(3) starts with fresh content, that + * needs to recompute the "Z" digest. + */ + ctx->flag_compute_z_digest = 1; + if (!sm2sig_signature_init(vpsm2ctx, ec, params) || !sm2sig_set_mdname(ctx, mdname)) return ret; @@ -240,11 +246,9 @@ if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) goto error; - ctx->flag_compute_z_digest = 1; - ret = 1; - error: +error: return ret; } @@ -260,7 +264,7 @@ if ((z = OPENSSL_zalloc(ctx->mdsize)) == NULL /* get hashed prefix 'z' of tbs message */ || !ossl_sm2_compute_z_digest(z, ctx->md, ctx->id, ctx->id_len, - ctx->ec) + ctx->ec) || !EVP_DigestUpdate(ctx->mdctx, z, ctx->mdsize)) ret = 0; OPENSSL_free(z); @@ -270,7 +274,7 @@ } int sm2sig_digest_signverify_update(void *vpsm2ctx, const unsigned char *data, - size_t datalen) + size_t datalen) { PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; @@ -282,7 +286,7 @@ } int sm2sig_digest_sign_final(void *vpsm2ctx, unsigned char *sig, size_t *siglen, - size_t sigsize) + size_t sigsize) { PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -297,16 +301,15 @@ */ if (sig != NULL) { if (!(sm2sig_compute_z_digest(psm2ctx) - && EVP_DigestFinal_ex(psm2ctx->mdctx, digest, &dlen))) + && EVP_DigestFinal_ex(psm2ctx->mdctx, digest, &dlen))) return 0; } return sm2sig_sign(vpsm2ctx, sig, siglen, sigsize, digest, (size_t)dlen); } - int sm2sig_digest_verify_final(void *vpsm2ctx, const unsigned char *sig, - size_t siglen) + size_t siglen) { PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; unsigned char digest[EVP_MAX_MD_SIZE]; @@ -318,7 +321,7 @@ return 0; if (!(sm2sig_compute_z_digest(psm2ctx) - && EVP_DigestFinal_ex(psm2ctx->mdctx, digest, &dlen))) + && EVP_DigestFinal_ex(psm2ctx->mdctx, digest, &dlen))) return 0; return sm2sig_verify(vpsm2ctx, sig, siglen, digest, (size_t)dlen); @@ -368,7 +371,7 @@ if (srcctx->mdctx != NULL) { dstctx->mdctx = EVP_MD_CTX_new(); if (dstctx->mdctx == NULL - || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) + || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) goto err; } @@ -381,7 +384,7 @@ } return dstctx; - err: +err: sm2sig_freectx(dstctx); return NULL; } @@ -404,9 +407,7 @@ return 0; p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, psm2ctx->md == NULL - ? psm2ctx->mdname - : EVP_MD_get0_name(psm2ctx->md))) + if (p != NULL && !OSSL_PARAM_set_utf8_string(p, psm2ctx->md == NULL ? psm2ctx->mdname : EVP_MD_get0_name(psm2ctx->md))) return 0; return 1; @@ -420,7 +421,7 @@ }; static const OSSL_PARAM *sm2sig_gettable_ctx_params(ossl_unused void *vpsm2ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -462,8 +463,7 @@ * this needs to be adjusted accordingly. */ p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); - if (p != NULL && (!OSSL_PARAM_get_size_t(p, &mdsize) - || mdsize != psm2ctx->mdsize)) + if (p != NULL && (!OSSL_PARAM_get_size_t(p, &mdsize) || mdsize != psm2ctx->mdsize)) return 0; p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); @@ -490,7 +490,7 @@ }; static const OSSL_PARAM *sm2sig_settable_ctx_params(ossl_unused void *vpsm2ctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -542,32 +542,32 @@ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))sm2sig_signature_init }, { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))sm2sig_verify }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, - (void (*)(void))sm2sig_digest_signverify_init }, + (void (*)(void))sm2sig_digest_signverify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, - (void (*)(void))sm2sig_digest_signverify_update }, + (void (*)(void))sm2sig_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, - (void (*)(void))sm2sig_digest_sign_final }, + (void (*)(void))sm2sig_digest_sign_final }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, - (void (*)(void))sm2sig_digest_signverify_init }, + (void (*)(void))sm2sig_digest_signverify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, - (void (*)(void))sm2sig_digest_signverify_update }, + (void (*)(void))sm2sig_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, - (void (*)(void))sm2sig_digest_verify_final }, + (void (*)(void))sm2sig_digest_verify_final }, { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))sm2sig_freectx }, { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))sm2sig_dupctx }, { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))sm2sig_get_ctx_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, - (void (*)(void))sm2sig_gettable_ctx_params }, + (void (*)(void))sm2sig_gettable_ctx_params }, { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))sm2sig_set_ctx_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, - (void (*)(void))sm2sig_settable_ctx_params }, + (void (*)(void))sm2sig_settable_ctx_params }, { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, - (void (*)(void))sm2sig_get_ctx_md_params }, + (void (*)(void))sm2sig_get_ctx_md_params }, { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, - (void (*)(void))sm2sig_gettable_ctx_md_params }, + (void (*)(void))sm2sig_gettable_ctx_md_params }, { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, - (void (*)(void))sm2sig_set_ctx_md_params }, + (void (*)(void))sm2sig_set_ctx_md_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, - (void (*)(void))sm2sig_settable_ctx_md_params }, + (void (*)(void))sm2sig_settable_ctx_md_params }, { 0, NULL } }; --- crypto/openssl/providers/implementations/storemgmt/file_store.c.orig +++ crypto/openssl/providers/implementations/storemgmt/file_store.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include -#include /* isdigit */ +#include /* isdigit */ #include #include @@ -22,11 +22,11 @@ #include #include #include -#include /* The OSSL_STORE_INFO type numbers */ +#include /* The OSSL_STORE_INFO type numbers */ #include "internal/cryptlib.h" #include "internal/o_dir.h" #include "crypto/decoder.h" -#include "crypto/ctype.h" /* ossl_isdigit() */ +#include "crypto/ctype.h" /* ossl_isdigit() */ #include "prov/implementations.h" #include "prov/bio.h" #include "file_store_local.h" @@ -34,11 +34,11 @@ DEFINE_STACK_OF(OSSL_STORE_INFO) #ifdef _WIN32 -# define stat _stat +#define stat _stat #endif #ifndef S_ISDIR -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) #endif static OSSL_FUNC_store_open_fn file_open; @@ -65,10 +65,10 @@ struct file_ctx_st { void *provctx; - char *uri; /* The URI we currently try to load */ + char *uri; /* The URI we currently try to load */ enum { - IS_FILE = 0, /* Read file and pass results */ - IS_DIR /* Pass directory entry names */ + IS_FILE = 0, /* Read file and pass results */ + IS_DIR /* Pass directory entry names */ } type; union { @@ -78,7 +78,7 @@ OSSL_DECODER_CTX *decoderctx; char *input_type; - char *propq; /* The properties we got as a parameter */ + char *propq; /* The properties we got as a parameter */ } file; /* Used with |IS_DIR| */ @@ -105,6 +105,8 @@ /* Expected object type. May be unspecified */ int expected_type; + /* Fatal error occurred. We should indicate EOF. */ + int fatal_error; }; static void free_file_ctx(struct file_ctx_st *ctx) @@ -122,7 +124,7 @@ } static struct file_ctx_st *new_file_ctx(int type, const char *uri, - void *provctx) + void *provctx) { struct file_ctx_st *ctx = NULL; @@ -150,7 +152,7 @@ * */ static struct file_ctx_st *file_open_stream(BIO *source, const char *uri, - void *provctx) + void *provctx) { struct file_ctx_st *ctx; @@ -162,7 +164,7 @@ ctx->_.file.file = source; return ctx; - err: +err: free_file_ctx(ctx); return NULL; } @@ -181,13 +183,13 @@ if (ctx->_.dir.last_entry == NULL) { if (ctx->_.dir.last_errno != 0) { ERR_raise_data(ERR_LIB_SYS, ctx->_.dir.last_errno, - "Calling OPENSSL_DIR_read(\"%s\")", path); + "Calling OPENSSL_DIR_read(\"%s\")", path); goto err; } ctx->_.dir.end_reached = 1; } return ctx; - err: +err: file_close(ctx); return NULL; } @@ -198,7 +200,7 @@ struct stat st; struct { const char *path; - unsigned int check_absolute:1; + unsigned int check_absolute : 1; } path_data[2]; size_t path_data_n = 0, i; const char *path; @@ -222,7 +224,7 @@ const char *p = &uri[5]; if (strncmp(&uri[5], "//", 2) == 0) { - path_data_n--; /* Invalidate using the full URI */ + path_data_n--; /* Invalidate using the full URI */ if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { p = &uri[16]; } else if (uri[7] == '/') { @@ -250,7 +252,6 @@ path_data[path_data_n++].path = p; } - for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { /* * If the scheme "file" was an explicit part of the URI, the path must @@ -259,14 +260,14 @@ if (path_data[i].check_absolute && path_data[i].path[0] != '/') { ERR_clear_last_mark(); ERR_raise_data(ERR_LIB_PROV, PROV_R_PATH_MUST_BE_ABSOLUTE, - "Given path=%s", path_data[i].path); + "Given path=%s", path_data[i].path); return NULL; } if (stat(path_data[i].path, &st) < 0) { ERR_raise_data(ERR_LIB_SYS, errno, - "calling stat(%s)", - path_data[i].path); + "calling stat(%s)", + path_data[i].path); } else { path = path_data[i].path; } @@ -282,7 +283,7 @@ if (S_ISDIR(st.st_mode)) ctx = file_open_dir(path, uri, provctx); else if ((bio = BIO_new_file(path, "rb")) == NULL - || (ctx = file_open_stream(bio, uri, provctx)) == NULL) + || (ctx = file_open_stream(bio, uri, provctx)) == NULL) BIO_free_all(bio); return ctx; @@ -357,7 +358,7 @@ if (ctx->type != IS_DIR) { ERR_raise(ERR_LIB_PROV, - PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); + PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); return 0; } @@ -365,10 +366,10 @@ || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL) return 0; hash = X509_NAME_hash_ex(x509_name, - ossl_prov_ctx_get0_libctx(ctx->provctx), NULL, - &ok); + ossl_prov_ctx_get0_libctx(ctx->provctx), NULL, + &ok); BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name), - "%08lx", hash); + "%08lx", hash); X509_NAME_free(x509_name); if (ok == 0) return 0; @@ -387,7 +388,7 @@ }; static int file_load_construct(OSSL_DECODER_INSTANCE *decoder_inst, - const OSSL_PARAM *params, void *construct_data) + const OSSL_PARAM *params, void *construct_data) { struct file_load_data_st *data = construct_data; @@ -430,7 +431,7 @@ /* Make sure the input type is set */ if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx, - ctx->_.file.input_type)) { + ctx->_.file.input_type)) { ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); goto err; } @@ -444,14 +445,14 @@ switch (ctx->expected_type) { case OSSL_STORE_INFO_CERT: if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx, - "Certificate")) { + "Certificate")) { ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); goto err; } break; case OSSL_STORE_INFO_CRL: if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx, - "CertificateList")) { + "CertificateList")) { ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); goto err; } @@ -461,8 +462,8 @@ } for (to_algo = ossl_any_to_obj_algorithm; - to_algo->algorithm_names != NULL; - to_algo++) { + to_algo->algorithm_names != NULL; + to_algo++) { OSSL_DECODER *to_obj = NULL; OSSL_DECODER_INSTANCE *to_obj_inst = NULL; @@ -480,7 +481,7 @@ goto err; if (!ossl_decoder_ctx_add_decoder_inst(ctx->_.file.decoderctx, - to_obj_inst)) { + to_obj_inst)) { ossl_decoder_instance_free(to_obj_inst); ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); goto err; @@ -488,7 +489,7 @@ } /* Add on the usual extra decoders */ if (!OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx, - libctx, ctx->_.file.propq)) { + libctx, ctx->_.file.propq)) { ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); goto err; } @@ -498,30 +499,32 @@ * data to the load callback */ if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx, - file_load_construct) + file_load_construct) || !OSSL_DECODER_CTX_set_cleanup(ctx->_.file.decoderctx, - file_load_cleanup)) { + file_load_cleanup)) { ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); goto err; } } ok = 1; - err: +err: return ok; } static int file_load_file(struct file_ctx_st *ctx, - OSSL_CALLBACK *object_cb, void *object_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct file_load_data_st data; int ret, err; /* Setup the decoders (one time shot per session */ - if (!file_setup_decoders(ctx)) + if (!file_setup_decoders(ctx)) { + ctx->fatal_error = 1; return 0; + } /* Setup for this object */ @@ -635,8 +638,8 @@ } static int file_load_dir_entry(struct file_ctx_st *ctx, - OSSL_CALLBACK *object_cb, void *object_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { /* Prepare as much as possible in advance */ static const int object_type = OSSL_OBJECT_NAME; @@ -664,8 +667,7 @@ && file_name_check(ctx, ctx->_.dir.last_entry)) { /* If we can't allocate the new name, we fail */ - if ((newname = - file_name_to_uri(ctx, ctx->_.dir.last_entry)) == NULL) + if ((newname = file_name_to_uri(ctx, ctx->_.dir.last_entry)) == NULL) return 0; } @@ -694,8 +696,8 @@ */ static int file_load(void *loaderctx, - OSSL_CALLBACK *object_cb, void *object_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct file_ctx_st *ctx = loaderctx; @@ -703,8 +705,7 @@ case IS_FILE: return file_load_file(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg); case IS_DIR: - return - file_load_dir_entry(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg); + return file_load_dir_entry(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg); default: break; } @@ -723,6 +724,9 @@ { struct file_ctx_st *ctx = loaderctx; + if (ctx->fatal_error) + return 1; + switch (ctx->type) { case IS_DIR: return ctx->_.dir.end_reached; @@ -781,7 +785,7 @@ { OSSL_FUNC_STORE_OPEN, (void (*)(void))file_open }, { OSSL_FUNC_STORE_ATTACH, (void (*)(void))file_attach }, { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS, - (void (*)(void))file_settable_ctx_params }, + (void (*)(void))file_settable_ctx_params }, { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))file_set_ctx_params }, { OSSL_FUNC_STORE_LOAD, (void (*)(void))file_load }, { OSSL_FUNC_STORE_EOF, (void (*)(void))file_eof }, --- crypto/openssl/providers/implementations/storemgmt/file_store_any2obj.c.orig +++ crypto/openssl/providers/implementations/storemgmt/file_store_any2obj.c @@ -32,7 +32,7 @@ #include #include #include "internal/asn1.h" -#include "crypto/pem.h" /* For internal PVK and "blob" headers */ +#include "crypto/pem.h" /* For internal PVK and "blob" headers */ #include "prov/bio.h" #include "file_store_local.h" @@ -55,7 +55,7 @@ } static int any2obj_decode_final(void *provctx, int objtype, BUF_MEM *mem, - OSSL_CALLBACK *data_cb, void *data_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg) { /* * 1 indicates that we successfully decoded something, or not at all. @@ -66,11 +66,9 @@ if (mem != NULL) { OSSL_PARAM params[3]; - params[0] = - OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); - params[1] = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, - mem->data, mem->length); + params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); + params[1] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, + mem->data, mem->length); params[2] = OSSL_PARAM_construct_end(); ok = data_cb(params, data_cbarg); @@ -81,8 +79,8 @@ static OSSL_FUNC_decoder_decode_fn der2obj_decode; static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { BIO *in = ossl_bio_new_from_core_bio(provctx, cin); BUF_MEM *mem = NULL; @@ -102,13 +100,13 @@ /* any2obj_decode_final() frees |mem| for us */ return any2obj_decode_final(provctx, OSSL_OBJECT_UNKNOWN, mem, - data_cb, data_cbarg); + data_cb, data_cbarg); } static OSSL_FUNC_decoder_decode_fn msblob2obj_decode; static int msblob2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { BIO *in = ossl_bio_new_from_core_bio(provctx, cin); BUF_MEM *mem = NULL; @@ -122,7 +120,7 @@ if (in == NULL) goto err; - mem_want = 16; /* The size of the MSBLOB header */ + mem_want = 16; /* The size of the MSBLOB header */ if ((mem = BUF_MEM_new()) == NULL || !BUF_MEM_grow(mem, mem_want)) { ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); @@ -136,7 +134,6 @@ if (!ok) goto next; - ERR_set_mark(); p = (unsigned char *)&mem->data[0]; ok = ossl_do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) > 0; @@ -156,7 +153,7 @@ mem_len += mem_want; ERR_pop_to_mark(); - next: +next: /* Free resources we no longer need. */ BIO_free(in); if (!ok && mem != NULL) { @@ -166,9 +163,9 @@ /* any2obj_decode_final() frees |mem| for us */ return any2obj_decode_final(provctx, OSSL_OBJECT_PKEY, mem, - data_cb, data_cbarg); + data_cb, data_cbarg); - err: +err: BIO_free(in); BUF_MEM_free(mem); return 0; @@ -176,8 +173,8 @@ static OSSL_FUNC_decoder_decode_fn pvk2obj_decode; static int pvk2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *data_cb, void *data_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { BIO *in = ossl_bio_new_from_core_bio(provctx, cin); BUF_MEM *mem = NULL; @@ -189,7 +186,7 @@ if (in == NULL) goto err; - mem_want = 24; /* The size of the PVK header */ + mem_want = 24; /* The size of the PVK header */ if ((mem = BUF_MEM_new()) == NULL || !BUF_MEM_grow(mem, mem_want)) { ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); @@ -203,7 +200,6 @@ if (!ok) goto next; - ERR_set_mark(); p = (unsigned char *)&mem->data[0]; ok = ossl_do_PVK_header(&p, 24, 0, &saltlen, &keylen) > 0; @@ -223,7 +219,7 @@ mem_len += mem_want; ERR_pop_to_mark(); - next: +next: /* Free resources we no longer need. */ BIO_free(in); if (!ok && mem != NULL) { @@ -233,9 +229,9 @@ /* any2obj_decode_final() frees |mem| for us */ return any2obj_decode_final(provctx, OSSL_OBJECT_PKEY, mem, - data_cb, data_cbarg); + data_cb, data_cbarg); - err: +err: BIO_free(in); BUF_MEM_free(mem); return 0; @@ -257,5 +253,7 @@ { "obj", "input=DER", der_to_obj_decoder_functions }, { "obj", "input=MSBLOB", msblob_to_obj_decoder_functions }, { "obj", "input=PVK", pvk_to_obj_decoder_functions }, - { NULL, } + { + NULL, + } }; --- crypto/openssl/providers/implementations/storemgmt/file_store_local.h.orig +++ crypto/openssl/providers/implementations/storemgmt/file_store_local.h @@ -8,4 +8,3 @@ */ extern const OSSL_ALGORITHM ossl_any_to_obj_algorithm[]; - --- crypto/openssl/providers/legacyprov.c.orig +++ crypto/openssl/providers/legacyprov.c @@ -30,7 +30,7 @@ #ifdef STATIC_LEGACY OSSL_provider_init_fn ossl_legacy_provider_init; -# define OSSL_provider_init ossl_legacy_provider_init +#define OSSL_provider_init ossl_legacy_provider_init #endif /* Parameters we provide to the core */ @@ -121,9 +121,9 @@ #ifndef OPENSSL_NO_RC4 ALG(PROV_NAMES_RC4, ossl_rc4128_functions), ALG(PROV_NAMES_RC4_40, ossl_rc440_functions), -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 ALG(PROV_NAMES_RC4_HMAC_MD5, ossl_rc4_hmac_ossl_md5_functions), -# endif /* OPENSSL_NO_MD5 */ +#endif /* OPENSSL_NO_MD5 */ #endif /* OPENSSL_NO_RC4 */ #ifndef OPENSSL_NO_RC5 ALG(PROV_NAMES_RC5_ECB, ossl_rc5128ecb_functions), @@ -149,7 +149,7 @@ }; static const OSSL_ALGORITHM *legacy_query(void *provctx, int operation_id, - int *no_cache) + int *no_cache) { *no_cache = 0; switch (operation_id) { @@ -179,9 +179,9 @@ }; int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { OSSL_LIB_CTX *libctx = NULL; --- crypto/openssl/providers/nullprov.c.orig +++ crypto/openssl/providers/nullprov.c @@ -52,8 +52,8 @@ } static const OSSL_ALGORITHM *null_query(OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { *no_cache = 0; return NULL; @@ -68,9 +68,9 @@ }; int ossl_null_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { *out = null_dispatch_table; --- crypto/openssl/ssl/bio_ssl.c.orig +++ crypto/openssl/ssl/bio_ssl.c @@ -24,7 +24,7 @@ static int ssl_free(BIO *data); static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); typedef struct bio_ssl_st { - SSL *ssl; /* The ssl handle :-) */ + SSL *ssl; /* The ssl handle :-) */ /* re-negotiate every time the total number of bytes is this size */ int num_renegotiates; unsigned long renegotiate_count; @@ -37,11 +37,11 @@ BIO_TYPE_SSL, "ssl", ssl_write, - NULL, /* ssl_write_old, */ + NULL, /* ssl_write_old, */ ssl_read, - NULL, /* ssl_read_old, */ + NULL, /* ssl_read_old, */ ssl_puts, - NULL, /* ssl_gets, */ + NULL, /* ssl_gets, */ ssl_ctrl, ssl_new, ssl_free, @@ -258,7 +258,7 @@ ret = 0; break; case BIO_C_SSL_MODE: - if (num) /* client mode */ + if (num) /* client mode */ SSL_set_connect_state(ssl); else SSL_set_accept_state(ssl); @@ -430,7 +430,7 @@ if ((ret = BIO_push(buf, ssl)) == NULL) goto err; return ret; - err: +err: BIO_free(buf); BIO_free(ssl); #endif @@ -449,7 +449,7 @@ if ((ret = BIO_push(ssl, con)) == NULL) goto err; return ret; - err: +err: BIO_free(ssl); BIO_free(con); #endif --- crypto/openssl/ssl/d1_lib.c.orig +++ crypto/openssl/ssl/d1_lib.c @@ -137,14 +137,14 @@ * enc_write_ctx/write_hash and they can be freed */ if (s->enc_write_ctx - != frag->msg_header.saved_retransmit_state.enc_write_ctx) + != frag->msg_header.saved_retransmit_state.enc_write_ctx) EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state - .enc_write_ctx); + .enc_write_ctx); if (s->write_hash - != frag->msg_header.saved_retransmit_state.write_hash) + != frag->msg_header.saved_retransmit_state.write_hash) EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state - .write_hash); + .write_hash); } dtls1_hm_fragment_free(frag); @@ -152,7 +152,6 @@ } } - void dtls1_free(SSL *s) { DTLS_RECORD_LAYER_free(&s->rlayer); @@ -286,10 +285,10 @@ /* Add duration to current time */ - sec = s->d1->timeout_duration_us / 1000000; + sec = s->d1->timeout_duration_us / 1000000; usec = s->d1->timeout_duration_us - (sec * 1000000); - s->d1->next_timeout.tv_sec += sec; + s->d1->next_timeout.tv_sec += sec; s->d1->next_timeout.tv_usec += usec; if (s->d1->next_timeout.tv_usec >= 1000000) { @@ -298,7 +297,7 @@ } BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, - &(s->d1->next_timeout)); + &(s->d1->next_timeout)); } struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) @@ -314,9 +313,7 @@ get_current_time(&timenow); /* If timer already expired, set remaining time to 0 */ - if (s->d1->next_timeout.tv_sec < timenow.tv_sec || - (s->d1->next_timeout.tv_sec == timenow.tv_sec && - s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { + if (s->d1->next_timeout.tv_sec < timenow.tv_sec || (s->d1->next_timeout.tv_sec == timenow.tv_sec && s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { memset(timeleft, 0, sizeof(*timeleft)); return timeleft; } @@ -373,7 +370,7 @@ memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); s->d1->timeout_duration_us = 1000000; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, - &(s->d1->next_timeout)); + &(s->d1->next_timeout)); /* Clear retransmission buffer */ dtls1_clear_sent_buffer(s); } @@ -387,8 +384,7 @@ /* Reduce MTU after 2 unsuccessful retransmissions */ if (s->d1->timeout_num_alerts > 2 && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); + mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); if (mtu < s->d1->mtu) s->d1->mtu = mtu; } @@ -436,13 +432,13 @@ GetSystemTime(&st); SystemTimeToFileTime(&st, &now.ft); /* re-bias to 1/1/1970 */ -# ifdef __MINGW32__ +#ifdef __MINGW32__ now.ul -= 116444736000000000ULL; -# else +#else /* *INDENT-OFF* */ now.ul -= 116444736000000000UI64; /* *INDENT-ON* */ -# endif +#endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; #else @@ -450,8 +446,8 @@ #endif } -#define LISTEN_SUCCESS 2 -#define LISTEN_SEND_VERIFY_REQUEST 1 +#define LISTEN_SUCCESS 2 +#define LISTEN_SEND_VERIFY_REQUEST 1 #ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client) @@ -505,7 +501,7 @@ buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf; wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf; #if defined(SSL3_ALIGN_PAYLOAD) -# if SSL3_ALIGN_PAYLOAD != 0 +#if SSL3_ALIGN_PAYLOAD != 0 /* * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for * consistency with ssl3_read_n. In practice it should make no difference @@ -514,7 +510,7 @@ */ align = (size_t)buf + SSL3_RT_HEADER_LENGTH; align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); -# endif +#endif #endif buf += align; @@ -522,8 +518,7 @@ /* Get a packet */ clear_sys_error(); - n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH - + DTLS1_RT_HEADER_LENGTH); + n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH + DTLS1_RT_HEADER_LENGTH); if (n <= 0) { if (BIO_should_retry(rbio)) { /* Non-blocking IO */ @@ -554,7 +549,7 @@ if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, buf, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); /* Get the record header */ if (!PACKET_get_1(&pkt, &rectype) @@ -617,7 +612,7 @@ } /* Message sequence number can only be 0 or 1 */ - if (msgseq > 2) { + if (msgseq > 1) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SEQUENCE_NUMBER); goto end; } @@ -637,8 +632,8 @@ if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data, - fraglen + DTLS1_HM_HEADER_LENGTH, s, - s->msg_callback_arg); + fraglen + DTLS1_HM_HEADER_LENGTH, s, + s->msg_callback_arg); if (!PACKET_get_net_2(&msgpayload, &clientvers)) { ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH); @@ -648,8 +643,7 @@ /* * Verify client version is supported */ - if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) && - s->method->version != DTLS_ANY_VERSION) { + if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) && s->method->version != DTLS_ANY_VERSION) { ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER); goto end; } @@ -681,7 +675,8 @@ return -1; } if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt), - (unsigned int)PACKET_remaining(&cookiepkt)) == 0) { + (unsigned int)PACKET_remaining(&cookiepkt)) + == 0) { /* * We treat invalid cookies in the same was as no cookie as * per RFC6347 @@ -705,9 +700,7 @@ */ /* Generate the cookie */ - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || - cookielen > 255) { + if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || cookielen > 255) { ERR_raise(ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); /* This is fatal */ return -1; @@ -723,54 +716,54 @@ /* Construct the record and message headers */ if (!WPACKET_init_static_len(&wpkt, - wbuf, - ssl_get_max_send_fragment(s) - + DTLS1_RT_HEADER_LENGTH, - 0) - || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE) - || !WPACKET_put_bytes_u16(&wpkt, version) - /* - * Record sequence number is always the same as in the - * received ClientHello - */ - || !WPACKET_memcpy(&wpkt, seq, SEQ_NUM_SIZE) - /* End of record, start sub packet for message */ - || !WPACKET_start_sub_packet_u16(&wpkt) - /* Message type */ - || !WPACKET_put_bytes_u8(&wpkt, - DTLS1_MT_HELLO_VERIFY_REQUEST) - /* - * Message length - doesn't follow normal TLS convention: - * the length isn't the last thing in the message header. - * We'll need to fill this in later when we know the - * length. Set it to zero for now - */ - || !WPACKET_put_bytes_u24(&wpkt, 0) - /* - * Message sequence number is always 0 for a - * HelloVerifyRequest - */ - || !WPACKET_put_bytes_u16(&wpkt, 0) - /* - * We never fragment a HelloVerifyRequest, so fragment - * offset is 0 - */ - || !WPACKET_put_bytes_u24(&wpkt, 0) - /* - * Fragment length is the same as message length, but - * this *is* the last thing in the message header so we - * can just start a sub-packet. No need to come back - * later for this one. - */ - || !WPACKET_start_sub_packet_u24(&wpkt) - /* Create the actual HelloVerifyRequest body */ - || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen) - /* Close message body */ - || !WPACKET_close(&wpkt) - /* Close record body */ - || !WPACKET_close(&wpkt) - || !WPACKET_get_total_written(&wpkt, &wreclen) - || !WPACKET_finish(&wpkt)) { + wbuf, + ssl_get_max_send_fragment(s) + + DTLS1_RT_HEADER_LENGTH, + 0) + || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE) + || !WPACKET_put_bytes_u16(&wpkt, version) + /* + * Record sequence number is always the same as in the + * received ClientHello + */ + || !WPACKET_memcpy(&wpkt, seq, SEQ_NUM_SIZE) + /* End of record, start sub packet for message */ + || !WPACKET_start_sub_packet_u16(&wpkt) + /* Message type */ + || !WPACKET_put_bytes_u8(&wpkt, + DTLS1_MT_HELLO_VERIFY_REQUEST) + /* + * Message length - doesn't follow normal TLS convention: + * the length isn't the last thing in the message header. + * We'll need to fill this in later when we know the + * length. Set it to zero for now + */ + || !WPACKET_put_bytes_u24(&wpkt, 0) + /* + * Message sequence number is always 0 for a + * HelloVerifyRequest + */ + || !WPACKET_put_bytes_u16(&wpkt, 0) + /* + * We never fragment a HelloVerifyRequest, so fragment + * offset is 0 + */ + || !WPACKET_put_bytes_u24(&wpkt, 0) + /* + * Fragment length is the same as message length, but + * this *is* the last thing in the message header so we + * can just start a sub-packet. No need to come back + * later for this one. + */ + || !WPACKET_start_sub_packet_u24(&wpkt) + /* Create the actual HelloVerifyRequest body */ + || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen) + /* Close message body */ + || !WPACKET_close(&wpkt) + /* Close record body */ + || !WPACKET_close(&wpkt) + || !WPACKET_get_total_written(&wpkt, &wreclen) + || !WPACKET_finish(&wpkt)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); WPACKET_cleanup(&wpkt); /* This is fatal */ @@ -785,12 +778,12 @@ * last 3 bytes of the message header */ memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1], - &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3], - 3); + &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3], + 3); if (s->msg_callback) - s->msg_callback(1, 0, SSL3_RT_HEADER, buf, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + s->msg_callback(1, version, SSL3_RT_HEADER, wbuf, + DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); if ((tmpclient = BIO_ADDR_new()) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -863,7 +856,7 @@ return -1; ret = 1; - end: +end: BIO_ADDR_free(tmpclient); return ret; } @@ -881,15 +874,14 @@ BIO *wbio; wbio = SSL_get_wbio(s); - if (wbio != NULL && BIO_dgram_is_sctp(wbio) && - !(s->shutdown & SSL_SENT_SHUTDOWN)) { + if (wbio != NULL && BIO_dgram_is_sctp(wbio) && !(s->shutdown & SSL_SENT_SHUTDOWN)) { ret = BIO_dgram_sctp_wait_for_dry(wbio); if (ret < 0) return -1; if (ret == 0) BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, - NULL); + NULL); } #endif ret = ssl3_shutdown(s); @@ -902,16 +894,14 @@ int dtls1_query_mtu(SSL *s) { if (s->d1->link_mtu) { - s->d1->mtu = - s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); + s->d1->mtu = s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); s->d1->link_mtu = 0; } /* AHA! Figure out the MTU, and stick to the right size */ if (s->d1->mtu < dtls1_min_mtu(s)) { if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - s->d1->mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); /* * I've seen the kernel return bogus numbers when it doesn't know @@ -921,7 +911,7 @@ /* Set to min mtu */ s->d1->mtu = dtls1_min_mtu(s); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - (long)s->d1->mtu, NULL); + (long)s->d1->mtu, NULL); } } else return 0; @@ -931,8 +921,7 @@ static size_t dtls1_link_min_mtu(void) { - return (g_probable_mtu[(sizeof(g_probable_mtu) / - sizeof(g_probable_mtu[0])) - 1]); + return (g_probable_mtu[(sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0])) - 1]); } size_t dtls1_min_mtu(SSL *s) @@ -950,7 +939,7 @@ return 0; if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead, - &blocksize, &ext_overhead)) + &blocksize, &ext_overhead)) return 0; if (SSL_READ_ETM(s)) --- crypto/openssl/ssl/d1_msg.c.orig +++ crypto/openssl/ssl/d1_msg.c @@ -10,7 +10,7 @@ #include "ssl_local.h" int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, - size_t *written) + size_t *written) { int i; @@ -35,7 +35,7 @@ int dtls1_dispatch_alert(SSL *s) { int i, j; - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; size_t written; @@ -55,7 +55,7 @@ if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, - 2, s, s->msg_callback_arg); + 2, s, s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; --- crypto/openssl/ssl/d1_srtp.c.orig +++ crypto/openssl/ssl/d1_srtp.c @@ -21,26 +21,26 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { - "SRTP_AES128_CM_SHA1_80", - SRTP_AES128_CM_SHA1_80, - }, + "SRTP_AES128_CM_SHA1_80", + SRTP_AES128_CM_SHA1_80, + }, { - "SRTP_AES128_CM_SHA1_32", - SRTP_AES128_CM_SHA1_32, - }, + "SRTP_AES128_CM_SHA1_32", + SRTP_AES128_CM_SHA1_32, + }, { - "SRTP_AEAD_AES_128_GCM", - SRTP_AEAD_AES_128_GCM, - }, + "SRTP_AEAD_AES_128_GCM", + SRTP_AEAD_AES_128_GCM, + }, { - "SRTP_AEAD_AES_256_GCM", - SRTP_AEAD_AES_256_GCM, - }, - {0} + "SRTP_AEAD_AES_256_GCM", + SRTP_AEAD_AES_256_GCM, + }, + { 0 } }; static int find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, size_t len) + SRTP_PROTECTION_PROFILE **pptr, size_t len) { SRTP_PROTECTION_PROFILE *p; @@ -59,7 +59,7 @@ } static int ssl_ctx_make_profiles(const char *profiles_string, - STACK_OF(SRTP_PROTECTION_PROFILE) **out) + STACK_OF(SRTP_PROTECTION_PROFILE) **out) { STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; @@ -75,8 +75,7 @@ do { col = strchr(ptr, ':'); - if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) - : strlen(ptr))) { + if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) : strlen(ptr))) { if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); goto err; @@ -100,7 +99,7 @@ *out = profiles; return 0; - err: +err: sk_SRTP_PROTECTION_PROFILE_free(profiles); return 1; } --- crypto/openssl/ssl/ktls.c.orig +++ crypto/openssl/ssl/ktls.c @@ -10,69 +10,8 @@ #include "ssl_local.h" #include "internal/ktls.h" -#ifndef OPENSSL_NO_KTLS_RX - /* - * Count the number of records that were not processed yet from record boundary. - * - * This function assumes that there are only fully formed records read in the - * record layer. If read_ahead is enabled, then this might be false and this - * function will fail. - */ -static int count_unprocessed_records(SSL *s) -{ - SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); - PACKET pkt, subpkt; - int count = 0; - - if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left)) - return -1; - - while (PACKET_remaining(&pkt) > 0) { - /* Skip record type and version */ - if (!PACKET_forward(&pkt, 3)) - return -1; - - /* Read until next record */ - if (!PACKET_get_length_prefixed_2(&pkt, &subpkt)) - return -1; - - count += 1; - } - - return count; -} - -/* - * The kernel cannot offload receive if a partial TLS record has been read. - * Check the read buffer for unprocessed records. If the buffer contains a - * partial record, fail and return 0. Otherwise, update the sequence - * number at *rec_seq for the count of unprocessed records and return 1. - */ -static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq) -{ - int bit, count_unprocessed; - - count_unprocessed = count_unprocessed_records(s); - if (count_unprocessed < 0) - return 0; - - /* increment the crypto_info record sequence */ - while (count_unprocessed) { - for (bit = 7; bit >= 0; bit--) { /* increment */ - ++rec_seq[bit]; - if (rec_seq[bit] != 0) - break; - } - count_unprocessed--; - - } - - return 1; -} -#endif - #if defined(__FreeBSD__) -# include "crypto/cryptodev.h" +#include "crypto/cryptodev.h" /*- * Check if a given cipher is supported by the KTLS interface. @@ -81,7 +20,7 @@ * supports the cipher suite used at all. */ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - const EVP_CIPHER_CTX *dd) + const EVP_CIPHER_CTX *dd) { switch (s->version) { @@ -98,10 +37,6 @@ case SSL_AES128GCM: case SSL_AES256GCM: return 1; -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 - case SSL_CHACHA20POLY1305: - return 1; -# endif case SSL_AES128: case SSL_AES256: if (s->ext.use_etm) @@ -120,11 +55,11 @@ } /* Function to configure kernel TLS structure */ -int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, - int is_tx, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size) +int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + void *rl_sequence, ktls_crypto_info_t *crypto_info, + unsigned char **rec_seq, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size) { memset(crypto_info, 0, sizeof(*crypto_info)); switch (s->s3.tmp.new_cipher->algorithm_enc) { @@ -135,16 +70,9 @@ crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); if (crypto_info->iv_len < 0) return 0; - } - else + } else crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 - case SSL_CHACHA20POLY1305: - crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305; - crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); - break; -# endif case SSL_AES128: case SSL_AES256: switch (s->s3.tmp.new_cipher->algorithm_mac) { @@ -173,24 +101,24 @@ crypto_info->iv = iv; crypto_info->tls_vmajor = (s->version >> 8) & 0x000000ff; crypto_info->tls_vminor = (s->version & 0x000000ff); -# ifdef TCP_RXTLS_ENABLE +#ifdef TCP_RXTLS_ENABLE memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq)); - if (!is_tx && !check_rx_read_ahead(s, crypto_info->rec_seq)) - return 0; -# else - if (!is_tx) - return 0; -# endif + if (rec_seq != NULL) + *rec_seq = crypto_info->rec_seq; +#else + if (rec_seq != NULL) + *rec_seq = NULL; +#endif return 1; }; -#endif /* __FreeBSD__ */ +#endif /* __FreeBSD__ */ #if defined(OPENSSL_SYS_LINUX) /* Function to check supported ciphers in Linux */ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - const EVP_CIPHER_CTX *dd) + const EVP_CIPHER_CTX *dd) { switch (s->version) { case TLS1_2_VERSION: @@ -200,27 +128,27 @@ return 0; } - /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 + /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 * or Chacha20-Poly1305 */ -# ifdef OPENSSL_KTLS_AES_CCM_128 +#ifdef OPENSSL_KTLS_AES_CCM_128 if (EVP_CIPHER_is_a(c, "AES-128-CCM")) { if (s->version == TLS_1_3_VERSION /* broken on 5.x kernels */ || EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN) return 0; return 1; } else -# endif - if (0 -# ifdef OPENSSL_KTLS_AES_GCM_128 - || EVP_CIPHER_is_a(c, "AES-128-GCM") -# endif -# ifdef OPENSSL_KTLS_AES_GCM_256 - || EVP_CIPHER_is_a(c, "AES-256-GCM") -# endif -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 - || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305") -# endif +#endif + if (0 +#ifdef OPENSSL_KTLS_AES_GCM_128 + || EVP_CIPHER_is_a(c, "AES-128-GCM") +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + || EVP_CIPHER_is_a(c, "AES-256-GCM") +#endif +#ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305") +#endif ) { return 1; } @@ -228,98 +156,88 @@ } /* Function to configure kernel TLS structure */ -int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, - int is_tx, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size) +int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + void *rl_sequence, ktls_crypto_info_t *crypto_info, + unsigned char **rec_seq, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size) { unsigned char geniv[12]; unsigned char *iiv = iv; -# ifdef OPENSSL_NO_KTLS_RX - if (!is_tx) - return 0; -# endif - - if (s->version == TLS1_2_VERSION && - EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { + if (s->version == TLS1_2_VERSION && EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv, - EVP_GCM_TLS_FIXED_IV_LEN - + EVP_GCM_TLS_EXPLICIT_IV_LEN)) + EVP_GCM_TLS_FIXED_IV_LEN + + EVP_GCM_TLS_EXPLICIT_IV_LEN)) return 0; iiv = geniv; } memset(crypto_info, 0, sizeof(*crypto_info)); - switch (EVP_CIPHER_get_nid(c)) - { -# ifdef OPENSSL_KTLS_AES_GCM_128 + switch (EVP_CIPHER_get_nid(c)) { +#ifdef OPENSSL_KTLS_AES_GCM_128 case NID_aes_128_gcm: crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128; crypto_info->gcm128.info.version = s->version; crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128); memcpy(crypto_info->gcm128.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, - TLS_CIPHER_AES_GCM_128_IV_SIZE); + TLS_CIPHER_AES_GCM_128_IV_SIZE); memcpy(crypto_info->gcm128.salt, iiv, TLS_CIPHER_AES_GCM_128_SALT_SIZE); memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->gcm128.rec_seq, rl_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm128.rec_seq)) - return 0; + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + if (rec_seq != NULL) + *rec_seq = crypto_info->gcm128.rec_seq; return 1; -# endif -# ifdef OPENSSL_KTLS_AES_GCM_256 +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 case NID_aes_256_gcm: crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256; crypto_info->gcm256.info.version = s->version; crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256); memcpy(crypto_info->gcm256.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, - TLS_CIPHER_AES_GCM_256_IV_SIZE); + TLS_CIPHER_AES_GCM_256_IV_SIZE); memcpy(crypto_info->gcm256.salt, iiv, TLS_CIPHER_AES_GCM_256_SALT_SIZE); memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->gcm256.rec_seq, rl_sequence, - TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); - if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm256.rec_seq)) - return 0; + TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); + if (rec_seq != NULL) + *rec_seq = crypto_info->gcm256.rec_seq; return 1; -# endif -# ifdef OPENSSL_KTLS_AES_CCM_128 +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 case NID_aes_128_ccm: crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128; crypto_info->ccm128.info.version = s->version; crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128); memcpy(crypto_info->ccm128.iv, iiv + EVP_CCM_TLS_FIXED_IV_LEN, - TLS_CIPHER_AES_CCM_128_IV_SIZE); + TLS_CIPHER_AES_CCM_128_IV_SIZE); memcpy(crypto_info->ccm128.salt, iiv, TLS_CIPHER_AES_CCM_128_SALT_SIZE); memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->ccm128.rec_seq, rl_sequence, - TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); - if (!is_tx && !check_rx_read_ahead(s, crypto_info->ccm128.rec_seq)) - return 0; + TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); + if (rec_seq != NULL) + *rec_seq = crypto_info->ccm128.rec_seq; return 1; -# endif -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 +#endif +#ifdef OPENSSL_KTLS_CHACHA20_POLY1305 case NID_chacha20_poly1305: crypto_info->chacha20poly1305.info.cipher_type = TLS_CIPHER_CHACHA20_POLY1305; crypto_info->chacha20poly1305.info.version = s->version; crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305); memcpy(crypto_info->chacha20poly1305.iv, iiv, - TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE); + TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE); memcpy(crypto_info->chacha20poly1305.key, key, - EVP_CIPHER_get_key_length(c)); + EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence, - TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); - if (!is_tx - && !check_rx_read_ahead(s, - crypto_info->chacha20poly1305.rec_seq)) - return 0; + TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); + if (rec_seq != NULL) + *rec_seq = crypto_info->chacha20poly1305.rec_seq; return 1; -# endif +#endif default: return 0; } - } #endif /* OPENSSL_SYS_LINUX */ --- crypto/openssl/ssl/methods.c.orig +++ crypto/openssl/ssl/methods.c @@ -17,29 +17,29 @@ */ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, - TLS_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_2_enc_data) + TLS_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, - tlsv1_3_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_3_enc_data) + tlsv1_3_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, - tlsv1_2_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_2_enc_data) + tlsv1_2_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_2_enc_data) #endif #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, - tlsv1_1_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_1_enc_data) + tlsv1_1_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_1_enc_data) #endif #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, - tlsv1_method, - ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data) + tlsv1_method, + ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data) #endif #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect) @@ -48,133 +48,133 @@ * TLS/SSLv3 server methods */ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, - TLS_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_2_enc_data) + TLS_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, - tlsv1_3_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_3_enc_data) + tlsv1_3_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, - tlsv1_2_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_2_enc_data) + tlsv1_2_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_2_enc_data) #endif #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, - tlsv1_1_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_1_enc_data) + tlsv1_1_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_1_enc_data) #endif #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, - tlsv1_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_enc_data) + tlsv1_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_enc_data) #endif #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_server_method, - ossl_statem_accept, ssl_undefined_function) + ossl_statem_accept, ssl_undefined_function) #endif /*- * TLS/SSLv3 client methods */ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, - TLS_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_2_enc_data) + TLS_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, - tlsv1_3_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_3_enc_data) + tlsv1_3_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, - tlsv1_2_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_2_enc_data) + tlsv1_2_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_2_enc_data) #endif #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, - tlsv1_1_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_1_enc_data) + tlsv1_1_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_1_enc_data) #endif #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, - tlsv1_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_enc_data) + tlsv1_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_enc_data) #endif #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_client_method, - ssl_undefined_function, ossl_statem_connect) + ssl_undefined_function, ossl_statem_connect) #endif /*- * DTLS methods */ #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, - dtlsv1_method, - ossl_statem_accept, - ossl_statem_connect, DTLSv1_enc_data) + dtlsv1_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_enc_data) #endif #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, - dtlsv1_2_method, - ossl_statem_accept, - ossl_statem_connect, DTLSv1_2_enc_data) + dtlsv1_2_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_2_enc_data) #endif IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, - DTLS_method, - ossl_statem_accept, - ossl_statem_connect, DTLSv1_2_enc_data) + DTLS_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_2_enc_data) /*- * DTLS server methods */ #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, - dtlsv1_server_method, - ossl_statem_accept, - ssl_undefined_function, DTLSv1_enc_data) + dtlsv1_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_enc_data) #endif #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, - dtlsv1_2_server_method, - ossl_statem_accept, - ssl_undefined_function, DTLSv1_2_enc_data) + dtlsv1_2_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_2_enc_data) #endif IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, - DTLS_server_method, - ossl_statem_accept, - ssl_undefined_function, DTLSv1_2_enc_data) + DTLS_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_2_enc_data) /*- * DTLS client methods */ #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, - dtlsv1_client_method, - ssl_undefined_function, - ossl_statem_connect, DTLSv1_enc_data) + dtlsv1_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_enc_data) IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, - dtls_bad_ver_client_method, - ssl_undefined_function, - ossl_statem_connect, DTLSv1_enc_data) + dtls_bad_ver_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_enc_data) #endif #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, - dtlsv1_2_client_method, - ssl_undefined_function, - ossl_statem_connect, DTLSv1_2_enc_data) + dtlsv1_2_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_2_enc_data) #endif IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, - DTLS_client_method, - ssl_undefined_function, - ossl_statem_connect, DTLSv1_2_enc_data) + DTLS_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_2_enc_data) #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# ifndef OPENSSL_NO_TLS1_2_METHOD +#ifndef OPENSSL_NO_TLS1_2_METHOD const SSL_METHOD *TLSv1_2_method(void) { return tlsv1_2_method(); @@ -189,9 +189,9 @@ { return tlsv1_2_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_TLS1_1_METHOD +#ifndef OPENSSL_NO_TLS1_1_METHOD const SSL_METHOD *TLSv1_1_method(void) { return tlsv1_1_method(); @@ -206,9 +206,9 @@ { return tlsv1_1_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_TLS1_METHOD +#ifndef OPENSSL_NO_TLS1_METHOD const SSL_METHOD *TLSv1_method(void) { return tlsv1_method(); @@ -223,9 +223,9 @@ { return tlsv1_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_SSL3_METHOD +#ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void) { return sslv3_method(); @@ -240,9 +240,9 @@ { return sslv3_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_DTLS1_2_METHOD +#ifndef OPENSSL_NO_DTLS1_2_METHOD const SSL_METHOD *DTLSv1_2_method(void) { return dtlsv1_2_method(); @@ -257,9 +257,9 @@ { return dtlsv1_2_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_DTLS1_METHOD +#ifndef OPENSSL_NO_DTLS1_METHOD const SSL_METHOD *DTLSv1_method(void) { return dtlsv1_method(); @@ -274,6 +274,6 @@ { return dtlsv1_client_method(); } -# endif +#endif #endif --- crypto/openssl/ssl/pqueue.c.orig +++ crypto/openssl/ssl/pqueue.c @@ -60,12 +60,12 @@ } for (curr = NULL, next = pq->items; - next != NULL; curr = next, next = next->next) { + next != NULL; curr = next, next = next->next) { /* * we can compare 64-bit value in big-endian encoding with memcmp:-) */ int cmp = memcmp(next->priority, item->priority, 8); - if (cmp > 0) { /* next > item */ + if (cmp > 0) { /* next > item */ item->next = next; if (curr == NULL) @@ -76,7 +76,7 @@ return item; } - else if (cmp == 0) /* duplicates not allowed */ + else if (cmp == 0) /* duplicates not allowed */ return NULL; } --- crypto/openssl/ssl/record/dtls1_bitmap.c.orig +++ crypto/openssl/ssl/record/dtls1_bitmap.c @@ -44,13 +44,13 @@ cmp = satsub64be(seq, bitmap->max_seq_num); if (cmp > 0) { SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq); - return 1; /* this record in new */ + return 1; /* this record in new */ } shift = -cmp; if (shift >= sizeof(bitmap->map) * 8) - return 0; /* stale, outside the window */ + return 0; /* stale, outside the window */ else if (bitmap->map & (1UL << shift)) - return 0; /* record previously received */ + return 0; /* record previously received */ SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq); return 1; --- crypto/openssl/ssl/record/rec_layer_d1.c.orig +++ crypto/openssl/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -106,14 +106,14 @@ { if (e == rl->d->w_epoch - 1) { memcpy(rl->d->curr_write_sequence, - rl->write_sequence, sizeof(rl->write_sequence)); + rl->write_sequence, sizeof(rl->write_sequence)); memcpy(rl->write_sequence, - rl->d->last_write_sequence, sizeof(rl->write_sequence)); + rl->d->last_write_sequence, sizeof(rl->write_sequence)); } else if (e == rl->d->w_epoch + 1) { memcpy(rl->d->last_write_sequence, - rl->write_sequence, sizeof(unsigned char[8])); + rl->write_sequence, sizeof(unsigned char[8])); memcpy(rl->write_sequence, - rl->d->curr_write_sequence, sizeof(rl->write_sequence)); + rl->d->curr_write_sequence, sizeof(rl->write_sequence)); } rl->d->w_epoch = e; } @@ -170,11 +170,9 @@ #ifndef OPENSSL_NO_SCTP /* Store bio_dgram_sctp_rcvinfo struct */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - (SSL_get_state(s) == TLS_ST_SR_FINISHED - || SSL_get_state(s) == TLS_ST_CR_FINISHED)) { + if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && (SSL_get_state(s) == TLS_ST_SR_FINISHED || SSL_get_state(s) == TLS_ST_CR_FINISHED)) { BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, - sizeof(rdata->recordinfo), &rdata->recordinfo); + sizeof(rdata->recordinfo), &rdata->recordinfo); } #endif @@ -223,8 +221,8 @@ * processed yet */ #define dtls1_get_unprocessed_record(s) \ - dtls1_retrieve_buffered_record((s), \ - &((s)->rlayer.d->unprocessed_rcds)) + dtls1_retrieve_buffered_record((s), \ + &((s)->rlayer.d->unprocessed_rcds)) int dtls1_process_buffered_records(SSL *s) { @@ -239,7 +237,7 @@ if (item) { /* Check if epoch is current. */ if (s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) - return 1; /* Nothing to do. */ + return 1; /* Nothing to do. */ rr = RECORD_LAYER_get_rrec(&s->rlayer); @@ -265,8 +263,8 @@ * current record is from a different epoch. But that cannot * be the case because we already checked the epoch above */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; } #ifndef OPENSSL_NO_SCTP /* Only do replay check if no SCTP bio */ @@ -294,7 +292,8 @@ } if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), - SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) { + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) + < 0) { /* SSLfatal() already called */ return 0; } @@ -341,12 +340,12 @@ * none of our business */ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - size_t len, int peek, size_t *readbytes) + size_t len, int peek, size_t *readbytes) { int i, j, iret; size_t n; SSL3_RECORD *rr; - void (*cb) (const SSL *ssl, int type2, int val) = NULL; + void (*cb)(const SSL *ssl, int type2, int val) = NULL; if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) { /* Not initialized yet */ @@ -356,9 +355,7 @@ } } - if ((type && (type != SSL3_RT_APPLICATION_DATA) && - (type != SSL3_RT_HANDSHAKE)) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) { + if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -373,7 +370,7 @@ return -1; } - start: +start: s->rwstate = SSL_NOTHING; /*- @@ -397,7 +394,7 @@ if (BIO_dgram_is_sctp(SSL_get_rbio(s))) { DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, - sizeof(rdata->recordinfo), &rdata->recordinfo); + sizeof(rdata->recordinfo), &rdata->recordinfo); } #endif @@ -440,7 +437,7 @@ * record that isn't an alert. */ if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT - && SSL3_RECORD_get_length(rr) != 0) + && SSL3_RECORD_get_length(rr) != 0) s->rlayer.alert_count = 0; /* we now have a packet which can be read and processed */ @@ -454,7 +451,8 @@ * data for later processing rather than dropping the connection. */ if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data), - SSL3_RECORD_get_seq_num(rr)) < 0) { + SSL3_RECORD_get_seq_num(rr)) + < 0) { /* SSLfatal() already called */ return -1; } @@ -486,10 +484,9 @@ * make sure that we are not getting application data when we are * doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { + if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_APP_DATA_IN_HANDSHAKE); + SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } @@ -533,8 +530,7 @@ * app data. If there was an alert and there is no message to read * anymore, finally set shutdown. */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - s->d1->shutdown_received + if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && s->d1->shutdown_received && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; @@ -552,20 +548,20 @@ if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { unsigned int alert_level, alert_descr; unsigned char *alert_bytes = SSL3_RECORD_get_data(rr) - + SSL3_RECORD_get_off(rr); + + SSL3_RECORD_get_off(rr); PACKET alert; if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr)) - || !PACKET_get_1(&alert, &alert_level) - || !PACKET_get_1(&alert, &alert_descr) - || PACKET_remaining(&alert) != 0) { + || !PACKET_get_1(&alert, &alert_level) + || !PACKET_get_1(&alert, &alert_descr) + || PACKET_remaining(&alert) != 0) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); return -1; } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, - s->msg_callback_arg); + s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; @@ -584,7 +580,7 @@ s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_TOO_MANY_WARN_ALERTS); + SSL_R_TOO_MANY_WARN_ALERTS); return -1; } @@ -595,8 +591,7 @@ * after a close_notify alert. We have to check this first so * that nothing gets discarded. */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { + if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { s->d1->shutdown_received = 1; s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); @@ -606,13 +601,24 @@ #endif s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; + } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { + /* + * This is a warning but we receive it if we requested + * renegotiation and the peer denied it. Terminate with a fatal + * alert because if the application tried to renegotiate it + * presumably had a good reason and expects it to succeed. In + * the future we might have a renegotiation where we don't care + * if the peer refused it where we carry on. + */ + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION); + return -1; } } else if (alert_level == SSL3_AL_FATAL) { s->rwstate = SSL_NOTHING; s->s3.fatal_alert = alert_descr; SSLfatal_data(s, SSL_AD_NO_ALERT, - SSL_AD_REASON_OFFSET + alert_descr, - "SSL alert number %d", alert_descr); + SSL_AD_REASON_OFFSET + alert_descr, + "SSL alert number %d", alert_descr); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); @@ -646,8 +652,7 @@ /* * Unexpected handshake message (Client Hello, or protocol violation) */ - if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && - !ossl_statem_get_in_handshake(s)) { + if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && !ossl_statem_get_in_handshake(s)) { struct hm_header_st msg_hdr; /* @@ -655,7 +660,7 @@ * at least enough record bytes for a message header */ if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch - || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) { + || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) { SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); goto start; @@ -758,9 +763,7 @@ * application data at this point (session renegotiation not yet * started), we will indulge it. */ - if (s->s3.in_read_app_data && - (s->s3.total_renegotiations != 0) && - ossl_statem_app_data_allowed(s)) { + if (s->s3.in_read_app_data && (s->s3.total_renegotiations != 0) && ossl_statem_app_data_allowed(s)) { s->s3.in_read_app_data = 2; return -1; } else { @@ -776,7 +779,7 @@ * not all data has been sent or non-blocking IO. */ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, - size_t *written) + size_t *written) { int i; @@ -790,7 +793,7 @@ } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - size_t len, int create_empty_fragment, size_t *written) + size_t len, int create_empty_fragment, size_t *written) { unsigned char *p, *pseq; int i, mac_size, clear = 0; @@ -830,8 +833,8 @@ sess = s->session; if ((sess == NULL) - || (s->enc_write_ctx == NULL) - || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) + || (s->enc_write_ctx == NULL) + || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) clear = 1; if (clear) @@ -840,7 +843,7 @@ mac_size = EVP_MD_CTX_get_size(s->write_hash); if (mac_size < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); + SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); return -1; } } @@ -856,8 +859,7 @@ * haven't decided which version to use yet send back using version 1.0 * header: otherwise some clients will ignore it. */ - if (s->method->version == DTLS_ANY_VERSION && - s->max_proto_version != DTLS1_BAD_VER) { + if (s->method->version == DTLS_ANY_VERSION && s->max_proto_version != DTLS1_BAD_VER) { *(p++) = DTLS1_VERSION >> 8; *(p++) = DTLS1_VERSION & 0xff; } else { @@ -908,7 +910,7 @@ } } else { memcpy(SSL3_RECORD_get_data(&wr), SSL3_RECORD_get_input(&wr), - SSL3_RECORD_get_length(&wr)); + SSL3_RECORD_get_length(&wr)); SSL3_RECORD_reset_input(&wr); } @@ -920,8 +922,8 @@ if (!SSL_WRITE_ETM(s) && mac_size != 0) { if (!s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr) + eivlen]), - 1)) { + &(p[SSL3_RECORD_get_length(&wr) + eivlen]), + 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -944,7 +946,7 @@ if (SSL_WRITE_ETM(s) && mac_size != 0) { if (!s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr)]), 1)) { + &(p[SSL3_RECORD_get_length(&wr)]), 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -963,7 +965,7 @@ if (s->msg_callback) s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); /* * we should now have wr.data pointing to the encrypted data, which is @@ -1001,7 +1003,7 @@ } DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch) + unsigned int *is_next_epoch) { *is_next_epoch = 0; @@ -1015,7 +1017,7 @@ * processed all of the unprocessed records from the previous epoch */ else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) - && s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) { + && s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) { *is_next_epoch = 1; return &s->rlayer.d->next_bitmap; } @@ -1032,7 +1034,7 @@ seq = s->rlayer.read_sequence; s->rlayer.d->r_epoch++; memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap, - sizeof(s->rlayer.d->bitmap)); + sizeof(s->rlayer.d->bitmap)); memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap)); /* @@ -1043,7 +1045,7 @@ } else { seq = s->rlayer.write_sequence; memcpy(s->rlayer.d->last_write_sequence, seq, - sizeof(s->rlayer.write_sequence)); + sizeof(s->rlayer.write_sequence)); s->rlayer.d->w_epoch++; } --- crypto/openssl/ssl/record/rec_layer_s3.c.orig +++ crypto/openssl/ssl/record/rec_layer_s3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,13 +18,9 @@ #include "internal/packet.h" #include "internal/cryptlib.h" -#if defined(OPENSSL_SMALL_FOOTPRINT) || \ - !( defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) \ - ) -# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK -# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 +#if defined(OPENSSL_SMALL_FOOTPRINT) || !(defined(AES_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64))) +#undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +#define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 #endif void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s) @@ -189,7 +185,7 @@ * Return values are as per SSL_read() */ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, - size_t *readbytes) + size_t *readbytes) { /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase @@ -215,7 +211,7 @@ } left = rb->left; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); #endif @@ -309,8 +305,8 @@ if (ret >= 0) bioread = ret; if (ret <= 0 - && !BIO_should_retry(s->rbio) - && BIO_eof(s->rbio)) { + && !BIO_should_retry(s->rbio) + && BIO_eof(s->rbio)) { if (s->options & SSL_OP_IGNORE_UNEXPECTED_EOF) { SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN); s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY; @@ -320,7 +316,7 @@ * applications for control flow decisions. */ SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_UNEXPECTED_EOF_WHILE_READING); + SSL_R_UNEXPECTED_EOF_WHILE_READING); } } } else { @@ -343,7 +339,7 @@ */ if (SSL_IS_DTLS(s)) { if (n > left) - n = left; /* makes the while condition false */ + n = left; /* makes the while condition false */ } } @@ -361,7 +357,7 @@ * not all data has been sent or non-blocking IO. */ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, - size_t *written) + size_t *written) { const unsigned char *buf = buf_; size_t tot; @@ -391,7 +387,7 @@ } if (s->early_data_state == SSL_EARLY_DATA_WRITING - && !early_data_count_ok(s, len, 0, 1)) { + && !early_data_count_ok(s, len, 0, 1)) { /* SSLfatal() already called */ return -1; } @@ -403,8 +399,7 @@ * into init unless we have writes pending - in which case we should finish * doing that first. */ - if (wb->left == 0 && (s->key_update != SSL_KEY_UPDATE_NONE - || s->ext.extra_tickets_expected > 0)) + if (wb->left == 0 && (s->key_update != SSL_KEY_UPDATE_NONE || s->ext.extra_tickets_expected > 0)) ossl_statem_set_in_init(s, 1); /* @@ -413,7 +408,7 @@ * messages yet. */ if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s) - && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) { + && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) { i = s->handshake_func(s); /* SSLfatal() already called */ if (i < 0) @@ -430,13 +425,13 @@ if (wb->left != 0) { /* SSLfatal() already called if appropriate */ i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot, - &tmpwrit); + &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } - tot += tmpwrit; /* this might be last fragment */ + tot += tmpwrit; /* this might be last fragment */ } #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK /* @@ -446,14 +441,15 @@ * compromise is considered worthy. */ if (type == SSL3_RT_APPLICATION_DATA - && len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) - && s->compress == NULL - && s->msg_callback == NULL - && !SSL_WRITE_ETM(s) - && SSL_USE_EXPLICIT_IV(s) - && BIO_get_ktls_send(s->wbio) == 0 - && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) - & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0) { + && len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) + && s->compress == NULL + && s->msg_callback == NULL + && !SSL_WRITE_ETM(s) + && SSL_USE_EXPLICIT_IV(s) + && BIO_get_ktls_send(s->wbio) == 0 + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) + & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) + != 0) { unsigned char aad[13]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t packlen; @@ -467,8 +463,8 @@ ssl3_release_write_buffer(s); packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, - (int)max_send_fragment, NULL); + EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, + (int)max_send_fragment, NULL); if (len >= 8 * max_send_fragment) packlen *= 8; @@ -519,8 +515,8 @@ mb_param.len = nw; packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, - sizeof(mb_param), &mb_param); + EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, + sizeof(mb_param), &mb_param); packlen = (size_t)packleni; if (packleni <= 0 || packlen > wb->len) { /* never happens */ /* free jumbo buffer */ @@ -533,14 +529,16 @@ mb_param.len = nw; if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, - sizeof(mb_param), &mb_param) <= 0) + EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, + sizeof(mb_param), &mb_param) + <= 0) return -1; s->rlayer.write_sequence[7] += mb_param.interleave; if (s->rlayer.write_sequence[7] < mb_param.interleave) { int j = 6; - while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ; + while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) + ; } wb->offset = 0; @@ -571,14 +569,14 @@ tot += tmpwrit; } } else -#endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */ - if (tot == len) { /* done? */ - if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) - ssl3_release_write_buffer(s); +#endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */ + if (tot == len) { /* done? */ + if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) + ssl3_release_write_buffer(s); - *written = tot; - return 1; - } + *written = tot; + return 1; + } n = (len - tot); @@ -602,12 +600,13 @@ if (maxpipes == 0 || s->enc_write_ctx == NULL || (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) - & EVP_CIPH_FLAG_PIPELINE) == 0 + & EVP_CIPH_FLAG_PIPELINE) + == 0 || !SSL_USE_EXPLICIT_IV(s)) maxpipes = 1; if (max_send_fragment == 0 - || split_send_fragment == 0 - || split_send_fragment > max_send_fragment) { + || split_send_fragment == 0 + || split_send_fragment > max_send_fragment) { /* * We should have prevented this when we set/get the split and max send * fragments so we shouldn't get here @@ -646,7 +645,7 @@ } i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0, - &tmpwrit); + &tmpwrit); if (i <= 0) { /* SSLfatal() already called if appropriate */ /* XXX should we ssl3_release_write_buffer if i<0? */ @@ -654,9 +653,7 @@ return i; } - if (tmpwrit == n || - (type == SSL3_RT_APPLICATION_DATA && - (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { + if (tmpwrit == n || (type == SSL3_RT_APPLICATION_DATA && (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { /* * next chunk of data should get another prepended empty fragment * in ciphersuites with known-IV weakness: @@ -664,8 +661,8 @@ s->s3.empty_fragment_done = 0; if (tmpwrit == n - && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0 - && !SSL_IS_DTLS(s)) + && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0 + && !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); *written = tot + tmpwrit; @@ -678,8 +675,8 @@ } int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - size_t *pipelens, size_t numpipes, - int create_empty_fragment, size_t *written) + size_t *pipelens, size_t numpipes, + int create_empty_fragment, size_t *written) { WPACKET pkt[SSL_MAX_PIPELINES]; SSL3_RECORD wr[SSL_MAX_PIPELINES]; @@ -729,8 +726,8 @@ sess = s->session; if ((sess == NULL) - || (s->enc_write_ctx == NULL) - || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) { + || (s->enc_write_ctx == NULL) + || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) { clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { @@ -766,8 +763,7 @@ goto err; } - if (prefix_len > - (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { + if (prefix_len > (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -792,7 +788,7 @@ if (create_empty_fragment) { wb = &s->rlayer.wbuf[0]; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 /* * extra fragment would be couple of cipher blocks, which would be * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real @@ -803,8 +799,8 @@ #endif SSL3_BUFFER_set_offset(wb, align); if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb), - SSL3_BUFFER_get_len(wb), 0) - || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) { + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -812,10 +808,9 @@ } else if (prefix_len) { wb = &s->rlayer.wbuf[0]; if (!WPACKET_init_static_len(&pkt[0], - SSL3_BUFFER_get_buf(wb), - SSL3_BUFFER_get_len(wb), 0) - || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb) - + prefix_len, NULL)) { + SSL3_BUFFER_get_buf(wb), + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb) + prefix_len, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -831,8 +826,8 @@ #endif SSL3_BUFFER_set_offset(wb, align); if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb), - SSL3_BUFFER_get_len(wb), 0) - || !WPACKET_allocate_bytes(thispkt, align, NULL)) { + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(thispkt, align, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -848,7 +843,7 @@ if (eivlen < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; - } + } if (eivlen <= 1) eivlen = 0; } else if (mode == EVP_CIPH_GCM_MODE) { @@ -859,7 +854,7 @@ } } - wpacket_init_complete: +wpacket_init_complete: totlen = 0; /* Clear our SSL3_RECORD structures */ @@ -879,9 +874,9 @@ * record type */ if (SSL_TREAT_AS_TLS13(s) - && s->enc_write_ctx != NULL - && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS - || type != SSL3_RT_ALERT)) + && s->enc_write_ctx != NULL + && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS + || type != SSL3_RT_ALERT)) rectype = SSL3_RT_APPLICATION_DATA; else rectype = type; @@ -892,9 +887,9 @@ * and record version number > TLS 1.0 */ if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO - && !s->renegotiate - && TLS1_get_version(s) > TLS1_VERSION - && s->hello_retry_request == SSL_HRR_NONE) + && !s->renegotiate + && TLS1_get_version(s) > TLS1_VERSION + && s->hello_retry_request == SSL_HRR_NONE) version = TLS1_VERSION; SSL3_RECORD_set_rec_version(thiswr, version); @@ -907,14 +902,14 @@ * Otherwise write the header now */ if (!BIO_get_ktls_send(s->wbio) - && (!WPACKET_put_bytes_u8(thispkt, rectype) + && (!WPACKET_put_bytes_u8(thispkt, rectype) || !WPACKET_put_bytes_u16(thispkt, version) || !WPACKET_start_sub_packet_u16(thispkt) || (eivlen > 0 && !WPACKET_allocate_bytes(thispkt, eivlen, NULL)) || (maxcomplen > 0 && !WPACKET_reserve_bytes(thispkt, maxcomplen, - &compressdata)))) { + &compressdata)))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -933,7 +928,7 @@ /* first we compress */ if (s->compress != NULL) { if (!ssl3_do_compress(s, thiswr) - || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) { + || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE); goto err; } @@ -950,10 +945,10 @@ } if (SSL_TREAT_AS_TLS13(s) - && !BIO_get_ktls_send(s->wbio) - && s->enc_write_ctx != NULL - && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS - || type != SSL3_RT_ALERT)) { + && !BIO_get_ktls_send(s->wbio) + && s->enc_write_ctx != NULL + && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS + || type != SSL3_RT_ALERT)) { size_t rlen, max_send_fragment; if (!WPACKET_put_bytes_u8(thispkt, type)) { @@ -991,7 +986,7 @@ padding = max_padding; if (!WPACKET_memset(thispkt, 0, padding)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } SSL3_RECORD_add_length(thiswr, padding); @@ -1009,29 +1004,30 @@ unsigned char *mac; if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) - || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { + || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } } /* - * Reserve some bytes for any growth that may occur during encryption. If - * we are adding the MAC independently of the cipher algorithm, then the - * max encrypted overhead does not need to include an allocation for that - * MAC - */ + * Reserve some bytes for any growth that may occur during encryption. If + * we are adding the MAC independently of the cipher algorithm, then the + * max encrypted overhead does not need to include an allocation for that + * MAC + */ if (!BIO_get_ktls_send(s->wbio)) { if (!WPACKET_reserve_bytes(thispkt, - SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - - mac_size, NULL) + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size, + NULL) /* * We also need next the amount of bytes written to this * sub-packet */ || !WPACKET_get_length(thispkt, &len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; } /* Get a pointer to the start of this record excluding header */ @@ -1056,7 +1052,8 @@ } else { if (!BIO_get_ktls_send(s->wbio)) { if (s->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL, - mac_size) < 1) { + mac_size) + < 1) { if (!ossl_statem_in_error(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); } @@ -1076,15 +1073,16 @@ /* Allocate bytes for the encryption overhead */ if (!WPACKET_get_length(thispkt, &origlen) - /* Check we allowed enough room for the encryption growth */ - || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - - mac_size >= thiswr->length) - /* Encryption should never shrink the data! */ - || origlen > thiswr->length - || (thiswr->length > origlen - && !WPACKET_allocate_bytes(thispkt, - thiswr->length - origlen, - NULL))) { + /* Check we allowed enough room for the encryption growth */ + || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size + >= thiswr->length) + /* Encryption should never shrink the data! */ + || origlen > thiswr->length + || (thiswr->length > origlen + && !WPACKET_allocate_bytes(thispkt, + thiswr->length - origlen, + NULL))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1092,7 +1090,7 @@ unsigned char *mac; if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) - || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { + || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1100,23 +1098,23 @@ } if (!WPACKET_get_length(thispkt, &len) - || !WPACKET_close(thispkt)) { + || !WPACKET_close(thispkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if (s->msg_callback) { recordstart = WPACKET_get_curr(thispkt) - len - - SSL3_RT_HEADER_LENGTH; + - SSL3_RT_HEADER_LENGTH; s->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart, - SSL3_RT_HEADER_LENGTH, s, - s->msg_callback_arg); + SSL3_RT_HEADER_LENGTH, s, + s->msg_callback_arg); if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) { unsigned char ctype = type; s->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE, - &ctype, 1, s, s->msg_callback_arg); + &ctype, 1, s, s->msg_callback_arg); } } @@ -1142,7 +1140,7 @@ return 1; } - mac_done: + mac_done: /* * we should now have thiswr->data pointing to the encrypted data, which * is thiswr->length long @@ -1152,7 +1150,7 @@ /* now let's set up wb */ SSL3_BUFFER_set_left(&s->rlayer.wbuf[j], - prefix_len + SSL3_RECORD_get_length(thiswr)); + prefix_len + SSL3_RECORD_get_length(thiswr)); } /* @@ -1166,7 +1164,7 @@ /* we now just need to write the buffer */ return ssl3_write_pending(s, type, buf, totlen, written); - err: +err: for (j = 0; j < wpinited; j++) WPACKET_cleanup(&pkt[j]); return -1; @@ -1177,7 +1175,7 @@ * Return values are as per SSL_write() */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, - size_t *written) + size_t *written) { int i; SSL3_BUFFER *wb = s->rlayer.wbuf; @@ -1213,10 +1211,8 @@ return i; BIO_set_ktls_ctrl_msg(s->wbio, type); } - i = BIO_write(s->wbio, (char *) - &(SSL3_BUFFER_get_buf(&wb[currbuf]) - [SSL3_BUFFER_get_offset(&wb[currbuf])]), - (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); + i = BIO_write(s->wbio, (char *)&(SSL3_BUFFER_get_buf(&wb[currbuf])[SSL3_BUFFER_get_offset(&wb[currbuf])]), + (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); if (i >= 0) tmpwrit = i; } else { @@ -1284,13 +1280,13 @@ * none of our business */ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - size_t len, int peek, size_t *readbytes) + size_t len, int peek, size_t *readbytes) { int i, j, ret; size_t n, curr_rec, num_recs, totalbytes; SSL3_RECORD *rr; SSL3_BUFFER *rbuf; - void (*cb) (const SSL *ssl, int type2, int val) = NULL; + void (*cb)(const SSL *ssl, int type2, int val) = NULL; int is_tls13 = SSL_IS_TLS13(s); rbuf = &s->rlayer.rbuf; @@ -1304,15 +1300,15 @@ } if ((type && (type != SSL3_RT_APPLICATION_DATA) - && (type != SSL3_RT_HANDSHAKE)) || (peek - && (type != - SSL3_RT_APPLICATION_DATA))) { + && (type != SSL3_RT_HANDSHAKE)) + || (peek + && (type != SSL3_RT_APPLICATION_DATA))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } if ((type == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len > 0)) - /* (partially) satisfy request from storage */ + /* (partially) satisfy request from storage */ { unsigned char *src = s->rlayer.handshake_fragment; unsigned char *dst = buf; @@ -1350,7 +1346,7 @@ if (i == 0) return -1; } - start: +start: s->rwstate = SSL_NOTHING; /*- @@ -1380,8 +1376,9 @@ } /* Skip over any records we have already read */ for (curr_rec = 0; - curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]); - curr_rec++) ; + curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]); + curr_rec++) + ; if (curr_rec == num_recs) { RECORD_LAYER_set_numrpipes(&s->rlayer, 0); num_recs = 0; @@ -1391,10 +1388,10 @@ rr = &rr[curr_rec]; if (s->rlayer.handshake_fragment_len > 0 - && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE - && SSL_IS_TLS13(s)) { + && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE + && SSL_IS_TLS13(s)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); + SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); return -1; } @@ -1403,7 +1400,7 @@ * record that isn't an alert. */ if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT - && SSL3_RECORD_get_length(rr) != 0) + && SSL3_RECORD_get_length(rr) != 0) s->rlayer.alert_count = 0; /* we now have a packet which can be read and processed */ @@ -1412,7 +1409,7 @@ * reset by ssl3_get_finished */ && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); + SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); return -1; } @@ -1439,8 +1436,7 @@ * make sure that we are not getting application data when we are * doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { + if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } @@ -1497,7 +1493,7 @@ } totalbytes += n; } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs - && totalbytes < len); + && totalbytes < len); if (totalbytes == 0) { /* We must have read empty records. Get more data */ goto start; @@ -1551,20 +1547,20 @@ if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { unsigned int alert_level, alert_descr; unsigned char *alert_bytes = SSL3_RECORD_get_data(rr) - + SSL3_RECORD_get_off(rr); + + SSL3_RECORD_get_off(rr); PACKET alert; if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr)) - || !PACKET_get_1(&alert, &alert_level) - || !PACKET_get_1(&alert, &alert_descr) - || PACKET_remaining(&alert) != 0) { + || !PACKET_get_1(&alert, &alert_level) + || !PACKET_get_1(&alert, &alert_descr) + || PACKET_remaining(&alert) != 0) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); return -1; } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, - s->msg_callback_arg); + s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; @@ -1577,14 +1573,14 @@ } if (alert_level == SSL3_AL_WARNING - || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) { + || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) { s->s3.warn_alert = alert_descr; SSL3_RECORD_set_read(rr); s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_TOO_MANY_WARN_ALERTS); + SSL_R_TOO_MANY_WARN_ALERTS); return -1; } } @@ -1596,15 +1592,15 @@ if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) { goto start; } else if (alert_descr == SSL_AD_CLOSE_NOTIFY - && (is_tls13 || alert_level == SSL3_AL_WARNING)) { + && (is_tls13 || alert_level == SSL3_AL_WARNING)) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; } else if (alert_level == SSL3_AL_FATAL || is_tls13) { s->rwstate = SSL_NOTHING; s->s3.fatal_alert = alert_descr; SSLfatal_data(s, SSL_AD_NO_ALERT, - SSL_AD_REASON_OFFSET + alert_descr, - "SSL alert number %d", alert_descr); + SSL_AD_REASON_OFFSET + alert_descr, + "SSL alert number %d", alert_descr); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); @@ -1613,10 +1609,10 @@ /* * This is a warning but we receive it if we requested * renegotiation and the peer denied it. Terminate with a fatal - * alert because if application tried to renegotiate it + * alert because if the application tried to renegotiate it * presumably had a good reason and expects it to succeed. In - * future we might have a renegotiation where we don't care if - * the peer refused it where we carry on. + * the future we might have a renegotiation where we don't care + * if the peer refused it where we carry on. */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION); return -1; @@ -1664,7 +1660,7 @@ SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); SSLfatal(s, SSL_AD_NO_ALERT, - SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY); + SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY); return -1; } } @@ -1686,7 +1682,7 @@ /* now move 'n' bytes: */ memcpy(dest + *dest_len, - SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n); + SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n); SSL3_RECORD_add_off(rr, n); SSL3_RECORD_sub_length(rr, n); *dest_len += n; @@ -1694,7 +1690,7 @@ SSL3_RECORD_set_read(rr); if (*dest_len < dest_maxlen) - goto start; /* fragment was too small */ + goto start; /* fragment was too small */ } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -1707,7 +1703,7 @@ * protocol violation) */ if ((s->rlayer.handshake_fragment_len >= 4) - && !ossl_statem_get_in_handshake(s)) { + && !ossl_statem_get_in_handshake(s)) { int ined = (s->early_data_state == SSL_EARLY_DATA_READING); /* We found handshake data, so we're going back into init */ @@ -1792,7 +1788,7 @@ * record. */ if (!early_data_count_ok(s, rr->length, - EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { /* SSLfatal() already called */ return -1; } --- crypto/openssl/ssl/record/record.h.orig +++ crypto/openssl/ssl/record/record.h @@ -29,7 +29,7 @@ int app_buffer; } SSL3_BUFFER; -#define SEQ_NUM_SIZE 8 +#define SEQ_NUM_SIZE 8 typedef struct ssl3_record_st { /* Record layer version */ @@ -184,20 +184,20 @@ }; typedef struct ssl_mac_buf_st SSL_MAC_BUF; -#define MIN_SSL2_RECORD_LEN 9 +#define MIN_SSL2_RECORD_LEN 9 -#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) -#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) -#define RECORD_LAYER_get_packet(rl) ((rl)->packet) -#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length) +#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) +#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) +#define RECORD_LAYER_get_packet(rl) ((rl)->packet) +#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length) #define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc)) -#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch) +#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch) #define DTLS_RECORD_LAYER_get_processed_rcds(rl) \ - ((rl)->d->processed_rcds) + ((rl)->d->processed_rcds) #define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \ - ((rl)->d->unprocessed_rcds) -#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) -#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) + ((rl)->d->unprocessed_rcds) +#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) +#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); @@ -212,24 +212,24 @@ size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); __owur size_t ssl3_pending(const SSL *s); __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len, - size_t *written); + size_t *written); int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - size_t *pipelens, size_t numpipes, - int create_empty_fragment, size_t *written); + size_t *pipelens, size_t numpipes, + int create_empty_fragment, size_t *written); __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, size_t len, int peek, - size_t *readbytes); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); __owur int ssl3_setup_buffers(SSL *s); __owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send, - SSL_MAC_BUF *mac, size_t macsize); + SSL_MAC_BUF *mac, size_t macsize); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, - size_t *written); + size_t *written); __owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - SSL_MAC_BUF *mac, size_t macsize); + SSL_MAC_BUF *mac, size_t macsize); __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send, - SSL_MAC_BUF *mac, size_t macsize); + SSL_MAC_BUF *mac, size_t macsize); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); @@ -237,12 +237,12 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq); __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, size_t len, int peek, - size_t *readbytes); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, - size_t *written); + size_t *written); int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - size_t len, int create_empty_fragment, size_t *written); + size_t len, int create_empty_fragment, size_t *written); void dtls1_reset_seq_numbers(SSL *s, int rw); int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, - size_t off); + size_t off); --- crypto/openssl/ssl/record/record_local.h.orig +++ crypto/openssl/ssl/record/record_local.h @@ -14,33 +14,33 @@ * * *****************************************************************************/ -#define MAX_WARN_ALERT_COUNT 5 +#define MAX_WARN_ALERT_COUNT 5 /* Functions/macros provided by the RECORD_LAYER component */ -#define RECORD_LAYER_get_rrec(rl) ((rl)->rrec) -#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p)) -#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) -#define RECORD_LAYER_get_rstate(rl) ((rl)->rstate) -#define RECORD_LAYER_set_rstate(rl, st) ((rl)->rstate = (st)) -#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) -#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) -#define RECORD_LAYER_get_numrpipes(rl) ((rl)->numrpipes) -#define RECORD_LAYER_set_numrpipes(rl, n) ((rl)->numrpipes = (n)) +#define RECORD_LAYER_get_rrec(rl) ((rl)->rrec) +#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p)) +#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) +#define RECORD_LAYER_get_rstate(rl) ((rl)->rstate) +#define RECORD_LAYER_set_rstate(rl, st) ((rl)->rstate = (st)) +#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) +#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) +#define RECORD_LAYER_get_numrpipes(rl) ((rl)->numrpipes) +#define RECORD_LAYER_set_numrpipes(rl, n) ((rl)->numrpipes = (n)) #define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++) #define RECORD_LAYER_reset_empty_record_count(rl) \ - ((rl)->empty_record_count = 0) + ((rl)->empty_record_count = 0) #define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count) -#define RECORD_LAYER_is_first_record(rl) ((rl)->is_first_record) -#define RECORD_LAYER_set_first_record(rl) ((rl)->is_first_record = 1) -#define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0) -#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) +#define RECORD_LAYER_is_first_record(rl) ((rl)->is_first_record) +#define RECORD_LAYER_set_first_record(rl) ((rl)->is_first_record = 1) +#define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0) +#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) __owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, - size_t *readbytes); + size_t *readbytes); DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch); + unsigned int *is_next_epoch); int dtls1_process_buffered_records(SSL *s); int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue); int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); @@ -53,20 +53,20 @@ /* Macros/functions provided by the SSL3_BUFFER component */ -#define SSL3_BUFFER_get_buf(b) ((b)->buf) -#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n)) -#define SSL3_BUFFER_get_len(b) ((b)->len) -#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) -#define SSL3_BUFFER_get_left(b) ((b)->left) -#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) -#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) -#define SSL3_BUFFER_get_offset(b) ((b)->offset) -#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) -#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) -#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL) -#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) -#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l)) -#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer) +#define SSL3_BUFFER_get_buf(b) ((b)->buf) +#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n)) +#define SSL3_BUFFER_get_len(b) ((b)->len) +#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) +#define SSL3_BUFFER_get_left(b) ((b)->left) +#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) +#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) +#define SSL3_BUFFER_get_offset(b) ((b)->offset) +#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) +#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) +#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL) +#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) +#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l)) +#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer) void SSL3_BUFFER_clear(SSL3_BUFFER *b); void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); @@ -78,28 +78,28 @@ /* Macros/functions provided by the SSL3_RECORD component */ -#define SSL3_RECORD_get_type(r) ((r)->type) -#define SSL3_RECORD_set_type(r, t) ((r)->type = (t)) -#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v)) -#define SSL3_RECORD_get_length(r) ((r)->length) -#define SSL3_RECORD_set_length(r, l) ((r)->length = (l)) -#define SSL3_RECORD_add_length(r, l) ((r)->length += (l)) -#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l)) -#define SSL3_RECORD_get_data(r) ((r)->data) -#define SSL3_RECORD_set_data(r, d) ((r)->data = (d)) -#define SSL3_RECORD_get_input(r) ((r)->input) -#define SSL3_RECORD_set_input(r, i) ((r)->input = (i)) -#define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data) -#define SSL3_RECORD_reset_data(r) ((r)->data = (r)->input) -#define SSL3_RECORD_get_seq_num(r) ((r)->seq_num) -#define SSL3_RECORD_get_off(r) ((r)->off) -#define SSL3_RECORD_set_off(r, o) ((r)->off = (o)) -#define SSL3_RECORD_add_off(r, o) ((r)->off += (o)) -#define SSL3_RECORD_get_epoch(r) ((r)->epoch) +#define SSL3_RECORD_get_type(r) ((r)->type) +#define SSL3_RECORD_set_type(r, t) ((r)->type = (t)) +#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v)) +#define SSL3_RECORD_get_length(r) ((r)->length) +#define SSL3_RECORD_set_length(r, l) ((r)->length = (l)) +#define SSL3_RECORD_add_length(r, l) ((r)->length += (l)) +#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l)) +#define SSL3_RECORD_get_data(r) ((r)->data) +#define SSL3_RECORD_set_data(r, d) ((r)->data = (d)) +#define SSL3_RECORD_get_input(r) ((r)->input) +#define SSL3_RECORD_set_input(r, i) ((r)->input = (i)) +#define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data) +#define SSL3_RECORD_reset_data(r) ((r)->data = (r)->input) +#define SSL3_RECORD_get_seq_num(r) ((r)->seq_num) +#define SSL3_RECORD_get_off(r) ((r)->off) +#define SSL3_RECORD_set_off(r, o) ((r)->off = (o)) +#define SSL3_RECORD_add_off(r, o) ((r)->off += (o)) +#define SSL3_RECORD_get_epoch(r) ((r)->epoch) #define SSL3_RECORD_is_sslv2_record(r) \ - ((r)->rec_version == SSL2_VERSION) -#define SSL3_RECORD_is_read(r) ((r)->read) -#define SSL3_RECORD_set_read(r) ((r)->read = 1) + ((r)->rec_version == SSL2_VERSION) +#define SSL3_RECORD_is_read(r) ((r)->read) +#define SSL3_RECORD_set_read(r) ((r)->read = 1) void SSL3_RECORD_clear(SSL3_RECORD *r, size_t); void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs); @@ -108,20 +108,20 @@ __owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr); __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); __owur int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx); __owur int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx); int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap); __owur int dtls1_get_record(SSL *s); int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send); --- crypto/openssl/ssl/record/ssl3_buffer.c.orig +++ crypto/openssl/ssl/record/ssl3_buffer.c @@ -47,7 +47,7 @@ else headerlen = SSL3_RT_HEADER_LENGTH; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); #endif @@ -96,7 +96,7 @@ else headerlen = SSL3_RT_HEADER_LENGTH; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 align = SSL3_ALIGN_PAYLOAD - 1; #endif @@ -121,7 +121,7 @@ if (thiswb->len != len) { OPENSSL_free(thiswb->buf); - thiswb->buf = NULL; /* force reallocation */ + thiswb->buf = NULL; /* force reallocation */ } if (thiswb->buf == NULL) { --- crypto/openssl/ssl/record/ssl3_record.c.orig +++ crypto/openssl/ssl/record/ssl3_record.c @@ -114,7 +114,7 @@ */ if (!s->server && sess->ext.max_early_data == 0) { if (!ossl_assert(s->psksession != NULL - && s->psksession->ext.max_early_data > 0)) { + && s->psksession->ext.max_early_data > 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -127,11 +127,12 @@ max_early_data = s->recv_max_early_data; else max_early_data = s->recv_max_early_data < sess->ext.max_early_data - ? s->recv_max_early_data : sess->ext.max_early_data; + ? s->recv_max_early_data + : sess->ext.max_early_data; if (max_early_data == 0) { SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_TOO_MUCH_EARLY_DATA); + SSL_R_TOO_MUCH_EARLY_DATA); return 0; } @@ -140,7 +141,7 @@ if (s->early_data_count + length > max_early_data) { SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_TOO_MUCH_EARLY_DATA); + SSL_R_TOO_MUCH_EARLY_DATA); return 0; } s->early_data_count += length; @@ -156,7 +157,7 @@ */ #define MAX_EMPTY_RECORDS 32 -#define SSL2_RT_HEADER_LENGTH 2 +#define SSL2_RT_HEADER_LENGTH 2 /*- * Call this to get new input records. * It will return <= 0 if more data is needed, normally due to an error @@ -185,52 +186,45 @@ int imac_size; size_t num_recs = 0, max_recs, j; PACKET pkt, sslv2pkt; - int using_ktls; + int is_ktls_left; SSL_MAC_BUF *macbufs = NULL; int ret = -1; rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); + is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0); max_recs = s->max_pipelines; if (max_recs == 0) max_recs = 1; sess = s->session; - /* - * KTLS reads full records. If there is any data left, - * then it is from before enabling ktls. - */ - using_ktls = BIO_get_ktls_recv(s->rbio) && SSL3_BUFFER_get_left(rbuf) == 0; - do { thisrr = &rr[num_recs]; /* check if we have the header */ - if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || - (RECORD_LAYER_get_packet_length(&s->rlayer) - < SSL3_RT_HEADER_LENGTH)) { + if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) { size_t sslv2len; unsigned int type; rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(rbuf), 0, - num_recs == 0 ? 1 : 0, &n); + SSL3_BUFFER_get_len(rbuf), 0, + num_recs == 0 ? 1 : 0, &n); if (rret <= 0) { #ifndef OPENSSL_NO_KTLS if (!BIO_get_ktls_recv(s->rbio) || rret == 0) - return rret; /* error or non-blocking */ + return rret; /* error or non-blocking */ switch (errno) { case EBADMSG: SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); break; case EMSGSIZE: SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_PACKET_LENGTH_TOO_LONG); + SSL_R_PACKET_LENGTH_TOO_LONG); break; case EINVAL: SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); break; default: break; @@ -242,13 +236,13 @@ p = RECORD_LAYER_get_packet(&s->rlayer); if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer), - RECORD_LAYER_get_packet_length(&s->rlayer))) { + RECORD_LAYER_get_packet_length(&s->rlayer))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } sslv2pkt = pkt; if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len) - || !PACKET_get_1(&sslv2pkt, &type)) { + || !PACKET_get_1(&sslv2pkt, &type)) { SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -256,8 +250,8 @@ * The first record received by the server may be a V2ClientHello. */ if (s->server && RECORD_LAYER_is_first_record(&s->rlayer) - && (sslv2len & 0x8000) != 0 - && (type == SSL2_MT_CLIENT_HELLO)) { + && (sslv2len & 0x8000) != 0 + && (type == SSL2_MT_CLIENT_HELLO)) { /* * SSLv2 style record * @@ -273,9 +267,9 @@ thisrr->length = sslv2len & 0x7fff; if (thisrr->length > SSL3_BUFFER_get_len(rbuf) - - SSL2_RT_HEADER_LENGTH) { + - SSL2_RT_HEADER_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_PACKET_LENGTH_TOO_LONG); + SSL_R_PACKET_LENGTH_TOO_LONG); return -1; } @@ -288,11 +282,11 @@ /* Pull apart the header into the SSL3_RECORD */ if (!PACKET_get_1(&pkt, &type) - || !PACKET_get_net_2(&pkt, &version) - || !PACKET_get_net_2_len(&pkt, &thisrr->length)) { + || !PACKET_get_net_2(&pkt, &version) + || !PACKET_get_net_2_len(&pkt, &thisrr->length)) { if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, - s->msg_callback_arg); + s->msg_callback_arg); SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -301,7 +295,7 @@ if (s->msg_callback) s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, s, - s->msg_callback_arg); + s->msg_callback_arg); /* * Lets check version. In TLSv1.3 we only check this field @@ -311,8 +305,8 @@ * that explicitly */ if (!s->first_packet && !SSL_IS_TLS13(s) - && s->hello_retry_request != SSL_HRR_PENDING - && version != (unsigned int)s->version) { + && s->hello_retry_request != SSL_HRR_PENDING + && version != (unsigned int)s->version) { if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) { if (thisrr->type == SSL3_RT_ALERT) { @@ -325,7 +319,7 @@ * end. */ SSLfatal(s, SSL_AD_NO_ALERT, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } /* @@ -334,7 +328,7 @@ s->version = (unsigned short)version; } SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } @@ -343,53 +337,47 @@ /* Go back to start of packet, look at the five bytes * that we have. */ p = RECORD_LAYER_get_packet(&s->rlayer); - if (strncmp((char *)p, "GET ", 4) == 0 || - strncmp((char *)p, "POST ", 5) == 0 || - strncmp((char *)p, "HEAD ", 5) == 0 || - strncmp((char *)p, "PUT ", 4) == 0) { + if (strncmp((char *)p, "GET ", 4) == 0 || strncmp((char *)p, "POST ", 5) == 0 || strncmp((char *)p, "HEAD ", 5) == 0 || strncmp((char *)p, "PUT ", 4) == 0) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST); return -1; } else if (strncmp((char *)p, "CONNE", 5) == 0) { SSLfatal(s, SSL_AD_NO_ALERT, - SSL_R_HTTPS_PROXY_REQUEST); + SSL_R_HTTPS_PROXY_REQUEST); return -1; } /* Doesn't look like TLS - don't send an alert */ SSLfatal(s, SSL_AD_NO_ALERT, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } else { SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } } - if (SSL_IS_TLS13(s) - && s->enc_read_ctx != NULL - && !using_ktls) { + if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { if (thisrr->type != SSL3_RT_APPLICATION_DATA - && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC - || !SSL_IS_FIRST_HANDSHAKE(s)) - && (thisrr->type != SSL3_RT_ALERT - || s->statem.enc_read_state - != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) { + && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC + || !SSL_IS_FIRST_HANDSHAKE(s)) + && (thisrr->type != SSL3_RT_ALERT + || s->statem.enc_read_state + != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_BAD_RECORD_TYPE); + SSL_R_BAD_RECORD_TYPE); return -1; } if (thisrr->rec_version != TLS1_2_VERSION) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } } - if (thisrr->length > - SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { + if (thisrr->length > SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_PACKET_LENGTH_TOO_LONG); + SSL_R_PACKET_LENGTH_TOO_LONG); return -1; } } @@ -398,15 +386,9 @@ } if (SSL_IS_TLS13(s)) { - size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; - - /* KTLS strips the inner record type. */ - if (using_ktls) - len = SSL3_RT_MAX_ENCRYPTED_LENGTH; - - if (thisrr->length > len) { + if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; } } else { @@ -422,12 +404,12 @@ #endif /* KTLS may use all of the buffer */ - if (using_ktls) + if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) len = SSL3_BUFFER_get_left(rbuf); if (thisrr->length > len) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; } } @@ -449,7 +431,7 @@ rret = ssl3_read_n(s, more, more, 1, 0, &n); if (rret <= 0) - return rret; /* error or non-blocking io */ + return rret; /* error or non-blocking io */ } /* set state for later operations */ @@ -461,11 +443,9 @@ * + thisrr->length and we have that many bytes in s->rlayer.packet */ if (thisrr->rec_version == SSL2_VERSION) { - thisrr->input = - &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]); + thisrr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]); } else { - thisrr->input = - &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]); + thisrr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]); } /* @@ -494,23 +474,24 @@ RECORD_LAYER_reset_packet_length(&s->rlayer); RECORD_LAYER_clear_first_record(&s->rlayer); } while (num_recs < max_recs - && thisrr->type == SSL3_RT_APPLICATION_DATA - && SSL_USE_EXPLICIT_IV(s) - && s->enc_read_ctx != NULL - && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx)) - & EVP_CIPH_FLAG_PIPELINE) != 0 - && ssl3_record_app_data_waiting(s)); + && thisrr->type == SSL3_RT_APPLICATION_DATA + && SSL_USE_EXPLICIT_IV(s) + && s->enc_read_ctx != NULL + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx)) + & EVP_CIPH_FLAG_PIPELINE) + != 0 + && ssl3_record_app_data_waiting(s)); if (num_recs == 1 - && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC - && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE) - && SSL_IS_FIRST_HANDSHAKE(s)) { + && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC + && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE) + && SSL_IS_FIRST_HANDSHAKE(s)) { /* * CCS messages must be exactly 1 byte long, containing the value 0x01 */ if (thisrr->length != 1 || thisrr->data[0] != 0x01) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_CCS_MESSAGE); + SSL_R_INVALID_CCS_MESSAGE); return -1; } /* @@ -522,7 +503,7 @@ if (RECORD_LAYER_get_empty_record_count(&s->rlayer) > MAX_EMPTY_RECORDS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_UNEXPECTED_CCS_MESSAGE); + SSL_R_UNEXPECTED_CCS_MESSAGE); return -1; } thisrr->read = 1; @@ -531,7 +512,11 @@ return 1; } - if (using_ktls) + /* + * KTLS reads full records. If there is any data left, + * then it is from before enabling ktls + */ + if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) goto skip_decryption; if (s->read_hash != NULL) { @@ -540,8 +525,8 @@ if (tmpmd != NULL) { imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - return -1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); + return -1; } mac_size = (size_t)imac_size; } @@ -563,10 +548,10 @@ } thisrr->length -= mac_size; mac = thisrr->data + thisrr->length; - i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); + i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */); if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) { SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); return -1; } } @@ -615,7 +600,7 @@ thisrr = &rr[0]; if (!early_data_count_ok(s, thisrr->length, - EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { /* SSLfatal() already called */ goto end; } @@ -629,27 +614,29 @@ } ERR_clear_last_mark(); SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto end; } else { ERR_clear_last_mark(); } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "dec %lu\n", (unsigned long)rr[0].length); BIO_dump_indent(trc_out, rr[0].data, rr[0].length, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); /* r->length is now the compressed data plus mac */ if ((sess != NULL) - && (s->enc_read_ctx != NULL) - && (!SSL_READ_ETM(s) && EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { + && (s->enc_read_ctx != NULL) + && (!SSL_READ_ETM(s) && EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ for (j = 0; j < num_recs; j++) { SSL_MAC_BUF *thismb = &macbufs[j]; thisrr = &rr[j]; - i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); + i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */); if (i == 0 || thismb == NULL || thismb->mac == NULL || CRYPTO_memcmp(md, thismb->mac, (size_t)mac_size) != 0) enc_err = 0; @@ -671,11 +658,11 @@ * visible to an attacker (e.g. via a logfile) */ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto end; } - skip_decryption: +skip_decryption: for (j = 0; j < num_recs; j++) { thisrr = &rr[j]; @@ -684,51 +671,43 @@ if (s->expand != NULL) { if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_COMPRESSED_LENGTH_TOO_LONG); + SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto end; } if (!ssl3_do_uncompress(s, thisrr)) { SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, - SSL_R_BAD_DECOMPRESSION); + SSL_R_BAD_DECOMPRESSION); goto end; } } if (SSL_IS_TLS13(s) - && s->enc_read_ctx != NULL - && thisrr->type != SSL3_RT_ALERT) { - /* - * The following logic are irrelevant in KTLS: the kernel provides - * unprotected record and thus record type represent the actual - * content type, and padding is already removed and thisrr->type and - * thisrr->length should have the correct values. - */ - if (!using_ktls) { - size_t end; + && s->enc_read_ctx != NULL + && thisrr->type != SSL3_RT_ALERT) { + size_t end; - if (thisrr->length == 0 - || thisrr->type != SSL3_RT_APPLICATION_DATA) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); - goto end; - } + if (thisrr->length == 0 + || thisrr->type != SSL3_RT_APPLICATION_DATA) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); + goto end; + } - /* Strip trailing padding */ - for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; - end--) - continue; + /* Strip trailing padding */ + for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; + end--) + continue; - thisrr->length = end; - thisrr->type = thisrr->data[end]; - } + thisrr->length = end; + thisrr->type = thisrr->data[end]; if (thisrr->type != SSL3_RT_APPLICATION_DATA - && thisrr->type != SSL3_RT_ALERT - && thisrr->type != SSL3_RT_HANDSHAKE) { + && thisrr->type != SSL3_RT_ALERT + && thisrr->type != SSL3_RT_HANDSHAKE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); goto end; } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, - &thisrr->type, 1, s, s->msg_callback_arg); + &thisrr->data[end], 1, s, s->msg_callback_arg); } /* @@ -736,9 +715,9 @@ * length. */ if (SSL_IS_TLS13(s) - && (thisrr->type == SSL3_RT_HANDSHAKE - || thisrr->type == SSL3_RT_ALERT) - && thisrr->length == 0) { + && (thisrr->type == SSL3_RT_HANDSHAKE + || thisrr->type == SSL3_RT_ALERT) + && thisrr->length == 0) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_LENGTH); goto end; } @@ -751,7 +730,8 @@ * Therefore we have to rely on KTLS to check the plaintext length * limit in the kernel. */ - if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH && !using_ktls) { + if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH + && (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } @@ -762,7 +742,7 @@ * Note: USE_MAX_FRAGMENT_LENGTH_EXT and KTLS are mutually exclusive. */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { + && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } @@ -792,7 +772,7 @@ if (s->early_data_state == SSL_EARLY_DATA_READING) { thisrr = &rr[0]; if (thisrr->type == SSL3_RT_APPLICATION_DATA - && !early_data_count_ok(s, thisrr->length, 0, 0)) { + && !early_data_count_ok(s, thisrr->length, 0, 0)) { /* SSLfatal already called */ goto end; } @@ -800,7 +780,7 @@ RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs); ret = 1; - end: +end: if (macbufs != NULL) { for (j = 0; j < num_recs; j++) { if (macbufs[j].alloced) @@ -824,7 +804,7 @@ return 0; i = COMP_expand_block(ssl->expand, rr->comp, - SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); + SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) return 0; else @@ -840,8 +820,8 @@ int i; i = COMP_compress_block(ssl->compress, wr->data, - (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD), - wr->input, (int)wr->length); + (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD), + wr->input, (int)wr->length); if (i < 0) return 0; else @@ -862,7 +842,7 @@ * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) */ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, - SSL_MAC_BUF *mac, size_t macsize) + SSL_MAC_BUF *mac, size_t macsize) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; @@ -931,7 +911,7 @@ int outlen; if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input, - (unsigned int)l)) + (unsigned int)l)) return 0; rec->length = outlen; @@ -943,8 +923,8 @@ mac->alloced = 0; *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, - (void **)&mac->mac, - macsize); + (void **)&mac->mac, + macsize); *p = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_get_params(ds, params)) { @@ -962,13 +942,13 @@ if (!sending) return ssl3_cbc_remove_padding_and_mac(&rec->length, - rec->orig_len, - rec->data, - (mac != NULL) ? &mac->mac : NULL, - (mac != NULL) ? &mac->alloced : NULL, - bs, - macsize, - s->ctx->libctx); + rec->orig_len, + rec->data, + (mac != NULL) ? &mac->mac : NULL, + (mac != NULL) ? &mac->alloced : NULL, + bs, + macsize, + s->ctx->libctx); } } return 1; @@ -986,7 +966,7 @@ * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) */ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - SSL_MAC_BUF *macs, size_t macsize) + SSL_MAC_BUF *macs, size_t macsize) { EVP_CIPHER_CTX *ds; size_t reclen[SSL_MAX_PIPELINES]; @@ -1035,7 +1015,8 @@ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input, - ivlen, 0) <= 0) { + ivlen, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1069,7 +1050,8 @@ if (n_recs > 1) { if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) - & EVP_CIPH_FLAG_PIPELINE) == 0) { + & EVP_CIPH_FLAG_PIPELINE) + == 0) { /* * We shouldn't have been called with pipeline data if the * cipher doesn't support pipelining @@ -1082,18 +1064,18 @@ reclen[ctr] = recs[ctr].length; if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) - & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { + & EVP_CIPH_FLAG_AEAD_CIPHER) + != 0) { unsigned char *seq; seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer) - : RECORD_LAYER_get_read_sequence(&s->rlayer); + : RECORD_LAYER_get_read_sequence(&s->rlayer); if (SSL_IS_DTLS(s)) { /* DTLS does not support pipelining */ unsigned char dtlsseq[8], *p = dtlsseq; - s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : - DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); + s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); memcpy(p, &seq[2], 6); memcpy(buf[ctr], dtlsseq, 8); } else { @@ -1111,7 +1093,7 @@ buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8); buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff); pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, - EVP_AEAD_TLS1_AAD_LEN, buf[ctr]); + EVP_AEAD_TLS1_AAD_LEN, buf[ctr]); if (pad <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -1156,7 +1138,8 @@ data[ctr] = recs[ctr].data; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS, - (int)n_recs, data) <= 0) { + (int)n_recs, data) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_PIPELINE_FAILURE); return 0; } @@ -1165,9 +1148,11 @@ data[ctr] = recs[ctr].input; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS, - (int)n_recs, data) <= 0 + (int)n_recs, data) + <= 0 || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS, - (int)n_recs, reclen) <= 0) { + (int)n_recs, reclen) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_PIPELINE_FAILURE); return 0; } @@ -1197,13 +1182,13 @@ int outlen; /* Provided cipher - we do not support pipelining on this path */ - if (n_recs > 1) { + if (n_recs > 1) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (!EVP_CipherUpdate(ds, recs[0].data, &outlen, recs[0].input, - (unsigned int)reclen[0])) + (unsigned int)reclen[0])) return 0; recs[0].length = outlen; @@ -1214,11 +1199,11 @@ */ if (!sending) { if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { - recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; + recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; + recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { - recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; + recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; + recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { recs[0].data += bs; recs[0].input += bs; @@ -1233,14 +1218,14 @@ macs[0].alloced = 0; *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, - (void **)&macs[0].mac, - macsize); + (void **)&macs[0].mac, + macsize); *p = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_get_params(ds, params)) { /* Shouldn't normally happen */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); return 0; } } @@ -1249,11 +1234,12 @@ /* Legacy cipher */ tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, - (unsigned int)reclen[0]); + (unsigned int)reclen[0]); if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) - & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0 - ? (tmpr < 0) - : (tmpr == 0)) { + & EVP_CIPH_FLAG_CUSTOM_CIPHER) + != 0 + ? (tmpr < 0) + : (tmpr == 0)) { /* AEAD can fail to verify MAC */ return 0; } @@ -1283,16 +1269,17 @@ * with a random MAC if padding is invalid */ if (!tls1_cbc_remove_padding_and_mac(&recs[ctr].length, - recs[ctr].orig_len, - recs[ctr].data, - (macs != NULL) ? &macs[ctr].mac : NULL, - (macs != NULL) ? &macs[ctr].alloced - : NULL, - bs, - pad ? (size_t)pad : macsize, - (EVP_CIPHER_get_flags(enc) - & EVP_CIPH_FLAG_AEAD_CIPHER) != 0, - s->ctx->libctx)) + recs[ctr].orig_len, + recs[ctr].data, + (macs != NULL) ? &macs[ctr].mac : NULL, + (macs != NULL) ? &macs[ctr].alloced + : NULL, + bs, + pad ? (size_t)pad : macsize, + (EVP_CIPHER_get_flags(enc) + & EVP_CIPH_FLAG_AEAD_CIPHER) + != 0, + s->ctx->libctx)) return 0; } } @@ -1379,10 +1366,11 @@ /* Final param == is SSLv3 */ if (ssl3_cbc_digest_record(EVP_MD_CTX_get0_md(hash), - md, &md_size, - header, rec->input, - rec->length, rec->orig_len, - mac_sec, md_size, 1) <= 0) + md, &md_size, + header, rec->input, + rec->length, rec->orig_len, + mac_sec, md_size, 1) + <= 0) return 0; #endif } else { @@ -1466,8 +1454,7 @@ if (SSL_IS_DTLS(ssl)) { unsigned char dtlsseq[8], *p = dtlsseq; - s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) : - DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p); + s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p); memcpy(p, &seq[2], 6); memcpy(header, dtlsseq, 8); @@ -1486,11 +1473,11 @@ OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; *p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, - &rec->orig_len); + &rec->orig_len); *p++ = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx), - tls_hmac_params)) { + tls_hmac_params)) { goto end; } } @@ -1501,12 +1488,14 @@ goto end; } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "seq:\n"); BIO_dump_indent(trc_out, seq, 8, 4); BIO_printf(trc_out, "rec:\n"); BIO_dump_indent(trc_out, rec->data, rec->length, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); if (!SSL_IS_DTLS(ssl)) { for (i = 7; i >= 0; i--) { @@ -1515,12 +1504,14 @@ break; } } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "md:\n"); BIO_dump_indent(trc_out, md, md_size, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); ret = 1; - end: +end: EVP_MD_CTX_free(hmac); return ret; } @@ -1575,8 +1566,8 @@ if (tmpmd != NULL) { imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); + return 0; } mac_size = (size_t)imac_size; } @@ -1591,10 +1582,10 @@ } rr->length -= mac_size; mac = rr->data + rr->length; - i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); + i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */); if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); return 0; } /* @@ -1630,19 +1621,21 @@ goto end; } ERR_clear_last_mark(); - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "dec %zd\n", rr->length); BIO_dump_indent(trc_out, rr->data, rr->length, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); /* r->length is now the compressed data plus mac */ if ((sess != NULL) - && !SSL_READ_ETM(s) - && (s->enc_read_ctx != NULL) - && (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { + && !SSL_READ_ETM(s) + && (s->enc_read_ctx != NULL) + && (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ - i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); + i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */); if (i == 0 || macbuf.mac == NULL || CRYPTO_memcmp(md, macbuf.mac, mac_size) != 0) enc_err = 0; @@ -1661,7 +1654,7 @@ if (s->expand != NULL) { if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_COMPRESSED_LENGTH_TOO_LONG); + SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto end; } if (!ssl3_do_uncompress(s, rr)) { @@ -1697,7 +1690,7 @@ dtls1_record_bitmap_update(s, bitmap); ret = 1; - end: +end: if (macbuf.alloced) OPENSSL_free(macbuf.mac); return ret; @@ -1706,9 +1699,9 @@ /* * Retrieve a buffered record that belongs to the current epoch, i.e. processed */ -#define dtls1_get_processed_record(s) \ - dtls1_retrieve_buffered_record((s), \ - &(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer))) +#define dtls1_get_processed_record(s) \ + dtls1_retrieve_buffered_record((s), \ + &(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer))) /*- * Call this to get a new input record. @@ -1733,7 +1726,7 @@ rr = RECORD_LAYER_get_rrec(&s->rlayer); - again: +again: /* * The epoch may have changed. If so, process all the pending records. * This is a non-blocking operation. @@ -1750,19 +1743,17 @@ /* get something from the wire */ /* check if we have the header */ - if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || - (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { + if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n); + SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n); /* read timeout is handled by dtls1_read_bytes */ if (rret <= 0) { /* SSLfatal() already called if appropriate */ - return rret; /* error or non-blocking */ + return rret; /* error or non-blocking */ } /* this packet contained a partial record, dump it */ - if (RECORD_LAYER_get_packet_length(&s->rlayer) != - DTLS1_RT_HEADER_LENGTH) { + if (RECORD_LAYER_get_packet_length(&s->rlayer) != DTLS1_RT_HEADER_LENGTH) { RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1773,7 +1764,7 @@ if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, - s, s->msg_callback_arg); + s, s->msg_callback_arg); /* Pull apart the header into the DTLS1_RECORD */ rr->type = *(p++); @@ -1822,7 +1813,7 @@ /* If received packet overflows own-client Max Fragment Length setting */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) { + && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) { /* record too long, silently discard it */ rr->length = 0; rr->read = 1; @@ -1835,8 +1826,7 @@ /* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data */ - if (rr->length > - RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { + if (rr->length > RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { /* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */ more = rr->length; rret = ssl3_read_n(s, more, more, 1, 1, &n); @@ -1865,7 +1855,7 @@ if (bitmap == NULL) { rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ - goto again; /* get another record */ + goto again; /* get another record */ } #ifndef OPENSSL_NO_SCTP /* Only do replay check if no SCTP bio */ @@ -1876,7 +1866,7 @@ rr->length = 0; rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ - goto again; /* get another record */ + goto again; /* get another record */ } #ifndef OPENSSL_NO_SCTP } @@ -1895,9 +1885,10 @@ */ if (is_next_epoch) { if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) { - if (dtls1_buffer_record (s, + if (dtls1_buffer_record(s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), - rr->seq_num) < 0) { + rr->seq_num) + < 0) { /* SSLfatal() already called */ return -1; } @@ -1916,11 +1907,10 @@ rr->length = 0; rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ - goto again; /* get another record */ + goto again; /* get another record */ } return 1; - } int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off) @@ -1940,7 +1930,8 @@ rr->data = s->rlayer.packet + DTLS1_RT_HEADER_LENGTH; if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), - SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <= 0) { + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) + <= 0) { /* SSLfatal() already called */ return 0; } --- crypto/openssl/ssl/record/ssl3_record_tls13.c.orig +++ crypto/openssl/ssl/record/ssl3_record_tls13.c @@ -21,7 +21,7 @@ * 1: if the record encryption/decryption was successful. */ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize) + ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize) { EVP_CIPHER_CTX *ctx; unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; @@ -69,12 +69,12 @@ } if (s->early_data_state == SSL_EARLY_DATA_WRITING - || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { + || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { if (s->session != NULL && s->session->ext.max_early_data > 0) { alg_enc = s->session->cipher->algorithm_enc; } else { if (!ossl_assert(s->psksession != NULL - && s->psksession->ext.max_early_data > 0)) { + && s->psksession->ext.max_early_data > 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -95,10 +95,9 @@ if (alg_enc & SSL_AESCCM) { if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; - else + else taglen = EVP_CCM_TLS_TAG_LEN; - if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, - NULL) <= 0) { + if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -144,21 +143,19 @@ } if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0 - || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, - rec->data + rec->length) <= 0)) { + || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, rec->data + rec->length) <= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } /* Set up the AAD */ if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0) - || !WPACKET_put_bytes_u8(&wpkt, rec->type) - || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version) - || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen) - || !WPACKET_get_total_written(&wpkt, &hdrlen) - || hdrlen != SSL3_RT_HEADER_LENGTH - || !WPACKET_finish(&wpkt)) { + || !WPACKET_put_bytes_u8(&wpkt, rec->type) + || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version) + || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen) + || !WPACKET_get_total_written(&wpkt, &hdrlen) + || hdrlen != SSL3_RT_HEADER_LENGTH + || !WPACKET_finish(&wpkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); WPACKET_cleanup(&wpkt); return 0; @@ -169,20 +166,24 @@ * any AAD. */ if (((alg_enc & SSL_AESCCM) != 0 - && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, - (unsigned int)rec->length) <= 0) - || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, - sizeof(recheader)) <= 0 - || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input, - (unsigned int)rec->length) <= 0 - || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0 - || (size_t)(lenu + lenf) != rec->length) { + && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, + (unsigned int)rec->length) + <= 0) + || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, + sizeof(recheader)) + <= 0 + || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input, + (unsigned int)rec->length) + <= 0 + || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0 + || (size_t)(lenu + lenf) != rec->length) { return 0; } if (sending) { /* Add the tag */ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, - rec->data + rec->length) <= 0) { + rec->data + rec->length) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } --- crypto/openssl/ssl/record/tls_pad.c.orig +++ crypto/openssl/ssl/record/tls_pad.c @@ -22,31 +22,31 @@ */ static int ssl3_cbc_copy_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, - size_t mac_size, - size_t good, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, + size_t mac_size, + size_t good, + OSSL_LIB_CTX *libctx); int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx); int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx); /*- * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC @@ -66,16 +66,16 @@ * MAC returned is random. */ int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx) + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx) { size_t padding_length; size_t good; - const size_t overhead = 1 /* padding length byte */ + mac_size; + const size_t overhead = 1 /* padding length byte */ + mac_size; /* * These lengths are all public so we can test them in non-constant time. @@ -90,7 +90,7 @@ *reclen -= good & (padding_length + 1); return ssl3_cbc_copy_mac(reclen, origreclen, recdata, mac, alloced, - block_size, mac_size, good, libctx); + block_size, mac_size, good, libctx); } /*- @@ -111,18 +111,18 @@ * MAC returned is random. */ int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx) + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx) { size_t good = -1; size_t padding_length, to_check, i; size_t overhead = ((block_size == 1) ? 0 : 1) /* padding length byte */ - + mac_size; + + mac_size; /* * These lengths are all public so we can test them in non-constant @@ -151,7 +151,7 @@ * maximum amount of padding possible. (Again, the length of the record * is public information so we can use it.) */ - to_check = 256; /* maximum amount of padding, inc length byte. */ + to_check = 256; /* maximum amount of padding, inc length byte. */ if (to_check > *reclen) to_check = *reclen; @@ -174,7 +174,7 @@ } return ssl3_cbc_copy_mac(reclen, origreclen, recdata, mac, alloced, - block_size, mac_size, good, libctx); + block_size, mac_size, good, libctx); } /*- @@ -195,14 +195,14 @@ #define CBC_MAC_ROTATE_IN_PLACE static int ssl3_cbc_copy_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, - size_t mac_size, - size_t good, - OSSL_LIB_CTX *libctx) + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, + size_t mac_size, + size_t good, + OSSL_LIB_CTX *libctx) { #if defined(CBC_MAC_ROTATE_IN_PLACE) unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; @@ -229,7 +229,7 @@ size_t rotate_offset; if (!ossl_assert(origreclen >= mac_size - && mac_size <= EVP_MAX_MD_SIZE)) + && mac_size <= EVP_MAX_MD_SIZE)) return 0; /* If no MAC then nothing to be done */ @@ -301,8 +301,8 @@ /* If the padding wasn't good we emit a random MAC */ out[j++] = constant_time_select_8((unsigned char)(good & 0xff), - aux3, - randmac[i]); + aux3, + randmac[i]); rotate_offset &= constant_time_lt_s(rotate_offset, mac_size); } #else @@ -317,7 +317,7 @@ /* If the padding wasn't good we emit a random MAC */ out[i] = constant_time_select_8((unsigned char)(good & 0xff), out[i], - randmac[i]); + randmac[i]); } #endif --- crypto/openssl/ssl/s3_cbc.c.orig +++ crypto/openssl/ssl/s3_cbc.c @@ -16,7 +16,6 @@ * moved out of libssl. */ - /* * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. @@ -28,41 +27,41 @@ #include #ifndef FIPS_MODULE -# include +#include #endif #include char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); int ssl3_cbc_digest_record(const EVP_MD *md, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char *header, - const unsigned char *data, - size_t data_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - size_t mac_secret_length, char is_sslv3); - -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); + +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) + +#define l2n6(l, c) (*((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) + +#define l2n8(l, c) (*((c)++) = (unsigned char)(((l) >> 56) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 48) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) /* * MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's @@ -82,11 +81,11 @@ * u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in * little-endian order. The value of p is advanced by four. */ -# define u32toLE(n, p) \ - (*((p)++)=(unsigned char)(n), \ - *((p)++)=(unsigned char)(n>>8), \ - *((p)++)=(unsigned char)(n>>16), \ - *((p)++)=(unsigned char)(n>>24)) +#define u32toLE(n, p) \ + (*((p)++) = (unsigned char)(n), \ + *((p)++) = (unsigned char)(n >> 8), \ + *((p)++) = (unsigned char)(n >> 16), \ + *((p)++) = (unsigned char)(n >> 24)) /* * These functions serialize the state of a hash and thus perform the @@ -133,7 +132,7 @@ } } -#undef LARGEST_DIGEST_CTX +#undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA512_CTX /*- @@ -156,26 +155,26 @@ * Returns 1 on success or 0 on error */ int ssl3_cbc_digest_record(const EVP_MD *md, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char *header, - const unsigned char *data, - size_t data_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - size_t mac_secret_length, char is_sslv3) + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3) { union { OSSL_UNION_ALIGN; unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; - void (*md_final_raw) (void *ctx, unsigned char *md_out); - void (*md_transform) (void *ctx, const unsigned char *block); + void (*md_final_raw)(void *ctx, unsigned char *md_out); + void (*md_transform)(void *ctx, const unsigned char *block); size_t md_size, md_block_size = 64; size_t sslv3_pad_length = 40, header_length, variance_blocks, - len, max_mac_bytes, num_blocks, - num_starting_blocks, k, mac_end_offset, c, index_a, index_b; - size_t bits; /* at most 18 bits */ + len, max_mac_bytes, num_blocks, + num_starting_blocks, k, mac_end_offset, c, index_a, index_b; + size_t bits; /* at most 18 bits */ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; /* hmac_pad is the masked HMAC key. */ unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; @@ -206,8 +205,7 @@ if (MD5_Init((MD5_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_md5_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))MD5_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))MD5_Transform; md_size = 16; sslv3_pad_length = 48; length_is_big_endian = 0; @@ -216,29 +214,25 @@ if (SHA1_Init((SHA_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha1_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; md_size = 20; } else if (EVP_MD_is_a(md, "SHA2-224")) { if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha256_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 224 / 8; - } else if (EVP_MD_is_a(md, "SHA2-256")) { + } else if (EVP_MD_is_a(md, "SHA2-256")) { if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha256_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 32; - } else if (EVP_MD_is_a(md, "SHA2-384")) { + } else if (EVP_MD_is_a(md, "SHA2-384")) { if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha512_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; md_size = 384 / 8; md_block_size = 128; md_length_size = 16; @@ -246,8 +240,7 @@ if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha512_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; md_size = 64; md_block_size = 128; md_length_size = 16; @@ -262,16 +255,15 @@ } if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES) - || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE) - || !ossl_assert(md_size <= EVP_MAX_MD_SIZE)) + || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE) + || !ossl_assert(md_size <= EVP_MAX_MD_SIZE)) return 0; header_length = 13; if (is_sslv3) { header_length = mac_secret_length + sslv3_pad_length + 8 /* sequence - * number */ + - 1 /* record type */ + - 2 /* record length */ ; + * number */ + + 1 /* record type */ + 2 /* record length */; } /* @@ -289,7 +281,7 @@ * short and there obviously cannot be this many blocks then * variance_blocks can be reduced. */ - variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1); + variance_blocks = is_sslv3 ? 2 : (((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1); /* * From now on we're dealing with the MAC, which conceptually has 13 * bytes of `header' before the start of the data (TLS) or 71/75 bytes @@ -302,9 +294,7 @@ */ max_mac_bytes = len - md_size - 1; /* num_blocks is the maximum number of hash blocks. */ - num_blocks = - (max_mac_bytes + 1 + md_length_size + md_block_size - - 1) / md_block_size; + num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; /* * In order to calculate the MAC in constant time we have to handle the * final blocks specially because the padding value could cause the end @@ -427,7 +417,7 @@ * constant time, to |mac_out|. */ for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; - i++) { + i++) { unsigned char block[MAX_HASH_BLOCK_SIZE]; unsigned char is_block_a = constant_time_eq_8_s(i, index_a); unsigned char is_block_b = constant_time_eq_8_s(i, index_b); @@ -465,9 +455,7 @@ if (j >= md_block_size - md_length_size) { /* If this is index_b, write a length byte. */ b = constant_time_select_8(is_block_b, - length_bytes[j - - (md_block_size - - md_length_size)], b); + length_bytes[j - (md_block_size - md_length_size)], b); } block[j] = b; } @@ -483,7 +471,7 @@ if (md_ctx == NULL) goto err; - if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */ ) <= 0) + if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */) <= 0) goto err; if (is_sslv3) { /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ @@ -507,7 +495,7 @@ *md_out_size = md_out_size_u; ret = 1; - err: +err: EVP_MD_CTX_free(md_ctx); return ret; } --- crypto/openssl/ssl/s3_enc.c.orig +++ crypto/openssl/ssl/s3_enc.c @@ -26,7 +26,7 @@ int ret = 0; #ifdef CHARSET_EBCDIC - c = os_toascii[c]; /* 'A' in ASCII */ + c = os_toascii[c]; /* 'A' in ASCII */ #endif k = 0; md5 = ssl_evp_md_fetch(s->ctx->libctx, NID_md5, s->ctx->propq); @@ -50,13 +50,13 @@ if (!EVP_DigestInit_ex(s1, sha1, NULL) || !EVP_DigestUpdate(s1, buf, k) || !EVP_DigestUpdate(s1, s->session->master_key, - s->session->master_key_length) + s->session->master_key_length) || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE) || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE) || !EVP_DigestFinal_ex(s1, smd, NULL) || !EVP_DigestInit_ex(m5, md5, NULL) || !EVP_DigestUpdate(m5, s->session->master_key, - s->session->master_key_length) + s->session->master_key_length) || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -78,7 +78,7 @@ } OPENSSL_cleanse(smd, sizeof(smd)); ret = 1; - err: +err: EVP_MD_CTX_free(m5); EVP_MD_CTX_free(s1); ssl_evp_md_free(md5); @@ -140,7 +140,7 @@ s->expand = COMP_CTX_new(comp); if (s->expand == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_COMPRESSION_LIBRARY_ERROR); + SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } } @@ -173,7 +173,7 @@ s->compress = COMP_CTX_new(comp); if (s->compress == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_COMPRESSION_LIBRARY_ERROR); + SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } } @@ -195,8 +195,7 @@ cl = EVP_CIPHER_get_key_length(c); j = cl; k = EVP_CIPHER_get_iv_length(c); - if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || - (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { + if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms = &(p[0]); n = i + i; key = &(p[n]); @@ -230,14 +229,14 @@ * different to that in c if we have an ENGINE in use */ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL - && !tls_provider_set_tls_params(s, dd, c, m)) { + && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; } s->statem.enc_write_state = ENC_WRITE_STATE_VALID; return 1; - err: +err: return 0; } @@ -254,7 +253,7 @@ return 1; if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp, - 0)) { + 0)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -390,7 +389,7 @@ md = ssl_handshake_md(s); if (md == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); + SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); return 0; } if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL) @@ -408,17 +407,17 @@ } void ssl3_digest_master_key_set_params(const SSL_SESSION *session, - OSSL_PARAM params[]) + OSSL_PARAM params[]) { int n = 0; params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, - (void *)session->master_key, - session->master_key_length); + (void *)session->master_key, + session->master_key_length); params[n++] = OSSL_PARAM_construct_end(); } size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, - unsigned char *p) + unsigned char *p) { int ret; EVP_MD_CTX *ctx = NULL; @@ -459,19 +458,19 @@ if (EVP_DigestUpdate(ctx, sender, len) <= 0 || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - ret = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + ret = 0; } } - err: +err: EVP_MD_CTX_free(ctx); return ret; } int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - size_t len, size_t *secret_size) + size_t len, size_t *secret_size) { static const unsigned char *salt[3] = { #ifndef CHARSET_EBCDIC @@ -497,12 +496,15 @@ for (i = 0; i < 3; i++) { if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 || EVP_DigestUpdate(ctx, salt[i], - strlen((const char *)salt[i])) <= 0 + strlen((const char *)salt[i])) + <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]), - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 @@ -573,7 +575,7 @@ case SSL_AD_USER_CANCELLED: return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_NO_RENEGOTIATION: - return -1; /* Don't send it :-) */ + return -1; /* Don't send it :-) */ case SSL_AD_UNSUPPORTED_EXTENSION: return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_CERTIFICATE_UNOBTAINABLE: --- crypto/openssl/ssl/s3_lib.c.orig +++ crypto/openssl/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -21,9 +21,9 @@ #include #include "internal/cryptlib.h" -#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) -#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) -#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) +#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) +#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) +#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) /* TLSv1.3 downgrade protection sentinel values */ const unsigned char tls11downgrade[] = { @@ -44,3174 +44,3568 @@ SSL_aANY, SSL_AES128GCM, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256, 128, 128, - }, { + }, + { + 1, + TLS1_3_RFC_AES_256_GCM_SHA384, + TLS1_3_RFC_AES_256_GCM_SHA384, + TLS1_3_CK_AES_256_GCM_SHA384, + SSL_kANY, + SSL_aANY, + SSL_AES256GCM, + SSL_AEAD, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384, + 256, + 256, + }, + { + 1, + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + TLS1_3_CK_CHACHA20_POLY1305_SHA256, + SSL_kANY, + SSL_aANY, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 256, + 256, + }, + { + 1, + TLS1_3_RFC_AES_128_CCM_SHA256, + TLS1_3_RFC_AES_128_CCM_SHA256, + TLS1_3_CK_AES_128_CCM_SHA256, + SSL_kANY, + SSL_aANY, + SSL_AES128CCM, + SSL_AEAD, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, + }, + { + 1, + TLS1_3_RFC_AES_128_CCM_8_SHA256, + TLS1_3_RFC_AES_128_CCM_8_SHA256, + TLS1_3_CK_AES_128_CCM_8_SHA256, + SSL_kANY, + SSL_aANY, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, + } +}; + +/* + * The list of available ciphers, mostly organized into the following + * groups: + * Always there + * EC + * PSK + * SRP (within that: RSA EC PSK) + * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED + * Weak ciphers + */ +static SSL_CIPHER ssl3_ciphers[] = { + { + 1, + SSL3_TXT_RSA_NULL_MD5, + SSL3_RFC_RSA_NULL_MD5, + SSL3_CK_RSA_NULL_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_MD5, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + SSL3_TXT_RSA_NULL_SHA, + SSL3_RFC_RSA_NULL_SHA, + SSL3_CK_RSA_NULL_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_DES_192_CBC3_SHA, + SSL3_RFC_RSA_DES_192_CBC3_SHA, + SSL3_CK_RSA_DES_192_CBC3_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + { + 1, + SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, + SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA, + SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + { + 1, + SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, + SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA, + SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + { + 1, + SSL3_TXT_ADH_DES_192_CBC_SHA, + SSL3_RFC_ADH_DES_192_CBC_SHA, + SSL3_CK_ADH_DES_192_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_RSA_WITH_AES_128_SHA, + TLS1_RFC_RSA_WITH_AES_128_SHA, + TLS1_CK_RSA_WITH_AES_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, + TLS1_RFC_DHE_DSS_WITH_AES_128_SHA, + TLS1_CK_DHE_DSS_WITH_AES_128_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, + TLS1_RFC_DHE_RSA_WITH_AES_128_SHA, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_AES_128_SHA, + TLS1_RFC_ADH_WITH_AES_128_SHA, + TLS1_CK_ADH_WITH_AES_128_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_256_SHA, + TLS1_RFC_RSA_WITH_AES_256_SHA, + TLS1_CK_RSA_WITH_AES_256_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, + TLS1_RFC_DHE_DSS_WITH_AES_256_SHA, + TLS1_CK_DHE_DSS_WITH_AES_256_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, + TLS1_RFC_DHE_RSA_WITH_AES_256_SHA, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ADH_WITH_AES_256_SHA, + TLS1_RFC_ADH_WITH_AES_256_SHA, + TLS1_CK_ADH_WITH_AES_256_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_WITH_NULL_SHA256, + TLS1_RFC_RSA_WITH_NULL_SHA256, + TLS1_CK_RSA_WITH_NULL_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_128_SHA256, + TLS1_RFC_RSA_WITH_AES_128_SHA256, + TLS1_CK_RSA_WITH_AES_128_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_256_SHA256, + TLS1_RFC_RSA_WITH_AES_256_SHA256, + TLS1_CK_RSA_WITH_AES_256_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_AES256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ADH_WITH_AES_128_SHA256, + TLS1_RFC_ADH_WITH_AES_128_SHA256, + TLS1_CK_ADH_WITH_AES_128_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_AES_256_SHA256, + TLS1_RFC_ADH_WITH_AES_256_SHA256, + TLS1_CK_ADH_WITH_AES_256_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_AES256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + SSL_kRSA, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aDSS, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256, + TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384, + TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aNULL, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_128_CCM, + TLS1_RFC_RSA_WITH_AES_128_CCM, + TLS1_CK_RSA_WITH_AES_128_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_256_CCM, + TLS1_RFC_RSA_WITH_AES_256_CCM, + TLS1_CK_RSA_WITH_AES_256_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, + TLS1_RFC_DHE_RSA_WITH_AES_128_CCM, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, + TLS1_RFC_DHE_RSA_WITH_AES_256_CCM, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_128_CCM_8, + TLS1_RFC_RSA_WITH_AES_128_CCM_8, + TLS1_CK_RSA_WITH_AES_128_CCM_8, + SSL_kRSA, + SSL_aRSA, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_WITH_AES_256_CCM_8, + TLS1_RFC_RSA_WITH_AES_256_CCM_8, + TLS1_CK_RSA_WITH_AES_256_CCM_8, + SSL_kRSA, + SSL_aRSA, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, + TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, + SSL_kDHE, + SSL_aRSA, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, + TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, + SSL_kDHE, + SSL_aRSA, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_128_CCM, + TLS1_RFC_PSK_WITH_AES_128_CCM, + TLS1_CK_PSK_WITH_AES_128_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_256_CCM, + TLS1_RFC_PSK_WITH_AES_256_CCM, + TLS1_CK_PSK_WITH_AES_256_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, + TLS1_RFC_DHE_PSK_WITH_AES_128_CCM, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, + TLS1_RFC_DHE_PSK_WITH_AES_256_CCM, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_128_CCM_8, + TLS1_RFC_PSK_WITH_AES_128_CCM_8, + TLS1_CK_PSK_WITH_AES_128_CCM_8, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_256_CCM_8, + TLS1_RFC_PSK_WITH_AES_256_CCM_8, + TLS1_CK_PSK_WITH_AES_256_CCM_8, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, + TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, + TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_eNULL, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_3DES, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + TLS1_RFC_ECDH_anon_WITH_NULL_SHA, + TLS1_CK_ECDH_anon_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_eNULL, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_AES128, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_AES256, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256, + SSL_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_NULL_SHA, + TLS1_RFC_PSK_WITH_NULL_SHA, + TLS1_CK_PSK_WITH_NULL_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA, + TLS1_CK_DHE_PSK_WITH_NULL_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA, + TLS1_CK_RSA_PSK_WITH_NULL_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_NULL_SHA256, + TLS1_RFC_PSK_WITH_NULL_SHA256, + TLS1_CK_PSK_WITH_NULL_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_PSK_WITH_NULL_SHA384, + TLS1_RFC_PSK_WITH_NULL_SHA384, + TLS1_CK_PSK_WITH_NULL_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA256, + TLS1_CK_DHE_PSK_WITH_NULL_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA384, + TLS1_CK_DHE_PSK_WITH_NULL_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA256, + TLS1_CK_RSA_PSK_WITH_NULL_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA384, + TLS1_CK_RSA_PSK_WITH_NULL_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, + +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + { + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + { + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif + { + 1, + TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + + { + 1, + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kECDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + SSL_kECDHE, + SSL_aECDSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_PSK_WITH_CHACHA20_POLY1305, + SSL_kPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + +#ifndef OPENSSL_NO_GOST + { + 1, + "GOST2001-GOST89-GOST89", + "TLS_GOSTR341001_WITH_28147_CNT_IMIT", + 0x3000081, + SSL_kGOST, + SSL_aGOST01, + SSL_eGOST2814789CNT, + SSL_GOST89MAC, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, + 256, + 256, + }, + { + 1, + "GOST2001-NULL-GOST94", + "TLS_GOSTR341001_WITH_NULL_GOSTR3411", + 0x3000083, + SSL_kGOST, + SSL_aGOST01, + SSL_eNULL, + SSL_GOST94, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, + 0, + 0, + }, + { + 1, + "IANA-GOST2012-GOST8912-GOST8912", + NULL, + 0x0300c102, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eGOST2814789CNT12, + SSL_GOST89MAC12, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 256, + 256, + }, + { + 1, + "LEGACY-GOST2012-GOST8912-GOST8912", + NULL, + 0x0300ff85, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eGOST2814789CNT12, + SSL_GOST89MAC12, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 256, + 256, + }, + { + 1, + "GOST2012-NULL-GOST12", + NULL, + 0x0300ff87, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eNULL, + SSL_GOST12_256, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 0, + 0, + }, + { + 1, + "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC", + NULL, + 0x0300C100, + SSL_kGOST18, + SSL_aGOST12, + SSL_KUZNYECHIK, + SSL_KUZNYECHIKOMAC, + TLS1_2_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, + 256, + 256, + }, + { + 1, + "GOST2012-MAGMA-MAGMAOMAC", + NULL, + 0x0300C101, + SSL_kGOST18, + SSL_aGOST12, + SSL_MAGMA, + SSL_MAGMAOMAC, + TLS1_2_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, + 256, + 256, + }, +#endif /* OPENSSL_NO_GOST */ + + { + 1, + SSL3_TXT_RSA_IDEA_128_SHA, + SSL3_RFC_RSA_IDEA_128_SHA, + SSL3_CK_RSA_IDEA_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_IDEA, + SSL_SHA1, + SSL3_VERSION, + TLS1_1_VERSION, + DTLS1_BAD_VER, + DTLS1_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + { + 1, + TLS1_TXT_RSA_WITH_SEED_SHA, + TLS1_RFC_RSA_WITH_SEED_SHA, + TLS1_CK_RSA_WITH_SEED_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_SEED_SHA, + TLS1_RFC_DHE_DSS_WITH_SEED_SHA, + TLS1_CK_DHE_DSS_WITH_SEED_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_SEED_SHA, + TLS1_RFC_DHE_RSA_WITH_SEED_SHA, + TLS1_CK_DHE_RSA_WITH_SEED_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ADH_WITH_SEED_SHA, + TLS1_RFC_ADH_WITH_SEED_SHA, + TLS1_CK_ADH_WITH_SEED_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_RC4_128_MD5, + SSL3_RFC_RSA_RC4_128_MD5, + SSL3_CK_RSA_RC4_128_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_MD5, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + SSL3_TXT_RSA_RC4_128_SHA, + SSL3_RFC_RSA_RC4_128_SHA, + SSL3_CK_RSA_RC4_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + SSL3_TXT_ADH_RC4_128_MD5, + SSL3_RFC_ADH_RC4_128_MD5, + SSL3_CK_ADH_RC4_128_MD5, + SSL_kDHE, + SSL_aNULL, + SSL_RC4, + SSL_MD5, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { 1, - TLS1_3_RFC_AES_256_GCM_SHA384, - TLS1_3_RFC_AES_256_GCM_SHA384, - TLS1_3_CK_AES_256_GCM_SHA384, - SSL_kANY, - SSL_aANY, - SSL_AES256GCM, + TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA, + TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_RC4, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_RC4, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_RC4_128_SHA, + TLS1_RFC_PSK_WITH_RC4_128_SHA, + TLS1_CK_PSK_WITH_RC4_128_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, + TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA, + TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, + TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ + + { + 1, + TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_ARIA128GCM, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kRSA, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, { 1, - TLS1_3_RFC_CHACHA20_POLY1305_SHA256, - TLS1_3_RFC_CHACHA20_POLY1305_SHA256, - TLS1_3_CK_CHACHA20_POLY1305_SHA256, - SSL_kANY, - SSL_aANY, - SSL_CHACHA20POLY1305, + TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_ARIA128GCM, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kDHE, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, { 1, - TLS1_3_RFC_AES_128_CCM_SHA256, - TLS1_3_RFC_AES_128_CCM_SHA256, - TLS1_3_CK_AES_128_CCM_SHA256, - SSL_kANY, - SSL_aANY, - SSL_AES128CCM, + TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_ARIA128GCM, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, - }, { + }, + { 1, - TLS1_3_RFC_AES_128_CCM_8_SHA256, - TLS1_3_RFC_AES_128_CCM_8_SHA256, - TLS1_3_CK_AES_128_CCM_8_SHA256, - SSL_kANY, - SSL_aANY, - SSL_AES128CCM8, + TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + SSL_kDHE, + SSL_aDSS, + SSL_ARIA256GCM, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, - } -}; - -/* - * The list of available ciphers, mostly organized into the following - * groups: - * Always there - * EC - * PSK - * SRP (within that: RSA EC PSK) - * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED - * Weak ciphers - */ -static SSL_CIPHER ssl3_ciphers[] = { + }, { - 1, - SSL3_TXT_RSA_NULL_MD5, - SSL3_RFC_RSA_NULL_MD5, - SSL3_CK_RSA_NULL_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_MD5, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - SSL3_TXT_RSA_NULL_SHA, - SSL3_RFC_RSA_NULL_SHA, - SSL3_CK_RSA_NULL_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - SSL3_TXT_RSA_DES_192_CBC3_SHA, - SSL3_RFC_RSA_DES_192_CBC3_SHA, - SSL3_CK_RSA_DES_192_CBC3_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - { - 1, - SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, - SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA, - SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - { - 1, - SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, - SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA, - SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, - SSL3_RFC_ADH_DES_192_CBC_SHA, - SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -#endif + 1, + TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA, - TLS1_RFC_RSA_WITH_AES_128_SHA, - TLS1_CK_RSA_WITH_AES_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, - TLS1_RFC_DHE_DSS_WITH_AES_128_SHA, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, - TLS1_RFC_DHE_RSA_WITH_AES_128_SHA, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA, - TLS1_RFC_ADH_WITH_AES_128_SHA, - TLS1_CK_ADH_WITH_AES_128_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA, - TLS1_RFC_RSA_WITH_AES_256_SHA, - TLS1_CK_RSA_WITH_AES_256_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, - TLS1_RFC_DHE_DSS_WITH_AES_256_SHA, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, - TLS1_RFC_DHE_RSA_WITH_AES_256_SHA, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA, - TLS1_RFC_ADH_WITH_AES_256_SHA, - TLS1_CK_ADH_WITH_AES_256_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_WITH_NULL_SHA256, - TLS1_RFC_RSA_WITH_NULL_SHA256, - TLS1_CK_RSA_WITH_NULL_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA256, - TLS1_RFC_RSA_WITH_AES_128_SHA256, - TLS1_CK_RSA_WITH_AES_128_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA256, - TLS1_RFC_RSA_WITH_AES_256_SHA256, - TLS1_CK_RSA_WITH_AES_256_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, - TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, - TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_AES256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA256, - TLS1_RFC_ADH_WITH_AES_128_SHA256, - TLS1_CK_ADH_WITH_AES_128_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA256, - TLS1_RFC_ADH_WITH_AES_256_SHA256, - TLS1_CK_ADH_WITH_AES_256_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_AES256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, - SSL_kRSA, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aDSS, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256, - TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aNULL, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_128_CCM, - TLS1_RFC_RSA_WITH_AES_128_CCM, - TLS1_CK_RSA_WITH_AES_128_CCM, - SSL_kRSA, - SSL_aRSA, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_256_CCM, - TLS1_RFC_RSA_WITH_AES_256_CCM, - TLS1_CK_RSA_WITH_AES_256_CCM, - SSL_kRSA, - SSL_aRSA, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, - TLS1_RFC_DHE_RSA_WITH_AES_128_CCM, - TLS1_CK_DHE_RSA_WITH_AES_128_CCM, - SSL_kDHE, - SSL_aRSA, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, - TLS1_RFC_DHE_RSA_WITH_AES_256_CCM, - TLS1_CK_DHE_RSA_WITH_AES_256_CCM, - SSL_kDHE, - SSL_aRSA, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_128_CCM_8, - TLS1_RFC_RSA_WITH_AES_128_CCM_8, - TLS1_CK_RSA_WITH_AES_128_CCM_8, - SSL_kRSA, - SSL_aRSA, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_WITH_AES_256_CCM_8, - TLS1_RFC_RSA_WITH_AES_256_CCM_8, - TLS1_CK_RSA_WITH_AES_256_CCM_8, - SSL_kRSA, - SSL_aRSA, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, - TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8, - TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, - SSL_kDHE, - SSL_aRSA, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, - TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8, - TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, - SSL_kDHE, - SSL_aRSA, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_128_CCM, - TLS1_RFC_PSK_WITH_AES_128_CCM, - TLS1_CK_PSK_WITH_AES_128_CCM, - SSL_kPSK, - SSL_aPSK, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_256_CCM, - TLS1_RFC_PSK_WITH_AES_256_CCM, - TLS1_CK_PSK_WITH_AES_256_CCM, - SSL_kPSK, - SSL_aPSK, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, - TLS1_RFC_DHE_PSK_WITH_AES_128_CCM, - TLS1_CK_DHE_PSK_WITH_AES_128_CCM, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, - TLS1_RFC_DHE_PSK_WITH_AES_256_CCM, - TLS1_CK_DHE_PSK_WITH_AES_256_CCM, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_128_CCM_8, - TLS1_RFC_PSK_WITH_AES_128_CCM_8, - TLS1_CK_PSK_WITH_AES_128_CCM_8, - SSL_kPSK, - SSL_aPSK, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_256_CCM_8, - TLS1_RFC_PSK_WITH_AES_256_CCM_8, - TLS1_CK_PSK_WITH_AES_256_CCM_8, - SSL_kPSK, - SSL_aPSK, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, - TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8, - TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, - TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8, - TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_eNULL, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_3DES, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, - TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - TLS1_RFC_ECDH_anon_WITH_NULL_SHA, - TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_eNULL, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif - { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_AES256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_NULL_SHA, - TLS1_RFC_PSK_WITH_NULL_SHA, - TLS1_CK_PSK_WITH_NULL_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA, - TLS1_RFC_DHE_PSK_WITH_NULL_SHA, - TLS1_CK_DHE_PSK_WITH_NULL_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA, - TLS1_RFC_RSA_PSK_WITH_NULL_SHA, - TLS1_CK_RSA_PSK_WITH_NULL_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif - { - 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, - TLS1_RFC_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, - TLS1_RFC_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif - { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, - TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, - TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, - TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, - TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, - TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, - TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, - TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, - TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, - TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, - TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_NULL_SHA256, - TLS1_RFC_PSK_WITH_NULL_SHA256, - TLS1_CK_PSK_WITH_NULL_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - TLS1_TXT_PSK_WITH_NULL_SHA384, - TLS1_RFC_PSK_WITH_NULL_SHA384, - TLS1_CK_PSK_WITH_NULL_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, - TLS1_RFC_DHE_PSK_WITH_NULL_SHA256, - TLS1_CK_DHE_PSK_WITH_NULL_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, - TLS1_RFC_DHE_PSK_WITH_NULL_SHA384, - TLS1_CK_DHE_PSK_WITH_NULL_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, - TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, - TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, - TLS1_RFC_RSA_PSK_WITH_NULL_SHA256, - TLS1_CK_RSA_PSK_WITH_NULL_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, - TLS1_RFC_RSA_PSK_WITH_NULL_SHA384, - TLS1_CK_RSA_PSK_WITH_NULL_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, - TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, - TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, - TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, - }, - -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif - { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, - TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, - TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - - { - 1, - TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, - SSL_kDHE, - SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, - SSL_kECDHE, - SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - SSL_kECDHE, - SSL_aECDSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, - TLS1_RFC_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_PSK_WITH_CHACHA20_POLY1305, - SSL_kPSK, - SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, - TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - -#ifndef OPENSSL_NO_GOST + 1, + TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - "GOST2001-GOST89-GOST89", - "TLS_GOSTR341001_WITH_28147_CNT_IMIT", - 0x3000081, - SSL_kGOST, - SSL_aGOST01, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, - 256, - 256, - }, - { - 1, - "GOST2001-NULL-GOST94", - "TLS_GOSTR341001_WITH_NULL_GOSTR3411", - 0x3000083, - SSL_kGOST, - SSL_aGOST01, - SSL_eNULL, - SSL_GOST94, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, - 0, - 0, - }, - { - 1, - "IANA-GOST2012-GOST8912-GOST8912", - NULL, - 0x0300c102, - SSL_kGOST, - SSL_aGOST12 | SSL_aGOST01, - SSL_eGOST2814789CNT12, - SSL_GOST89MAC12, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 256, - 256, - }, - { - 1, - "LEGACY-GOST2012-GOST8912-GOST8912", - NULL, - 0x0300ff85, - SSL_kGOST, - SSL_aGOST12 | SSL_aGOST01, - SSL_eGOST2814789CNT12, - SSL_GOST89MAC12, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 256, - 256, - }, - { - 1, - "GOST2012-NULL-GOST12", - NULL, - 0x0300ff87, - SSL_kGOST, - SSL_aGOST12 | SSL_aGOST01, - SSL_eNULL, - SSL_GOST12_256, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 0, - 0, - }, - { - 1, - "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC", - NULL, - 0x0300C100, - SSL_kGOST18, - SSL_aGOST12, - SSL_KUZNYECHIK, - SSL_KUZNYECHIKOMAC, - TLS1_2_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, - 256, - 256, - }, - { - 1, - "GOST2012-MAGMA-MAGMAOMAC", - NULL, - 0x0300C101, - SSL_kGOST18, - SSL_aGOST12, - SSL_MAGMA, - SSL_MAGMAOMAC, - TLS1_2_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, - 256, - 256, - }, -#endif /* OPENSSL_NO_GOST */ - - { - 1, - SSL3_TXT_RSA_IDEA_128_SHA, - SSL3_RFC_RSA_IDEA_128_SHA, - SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_IDEA, - SSL_SHA1, - SSL3_VERSION, TLS1_1_VERSION, - DTLS1_BAD_VER, DTLS1_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - { - 1, - TLS1_TXT_RSA_WITH_SEED_SHA, - TLS1_RFC_RSA_WITH_SEED_SHA, - TLS1_CK_RSA_WITH_SEED_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_SEED_SHA, - TLS1_RFC_DHE_DSS_WITH_SEED_SHA, - TLS1_CK_DHE_DSS_WITH_SEED_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_SEED_SHA, - TLS1_RFC_DHE_RSA_WITH_SEED_SHA, - TLS1_CK_DHE_RSA_WITH_SEED_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ADH_WITH_SEED_SHA, - TLS1_RFC_ADH_WITH_SEED_SHA, - TLS1_CK_ADH_WITH_SEED_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_RFC_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_RFC_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_RFC_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kDHE, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, - TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA, - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_RC4, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_RC4, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_PSK_WITH_RC4_128_SHA, - TLS1_RFC_PSK_WITH_RC4_128_SHA, - TLS1_CK_PSK_WITH_RC4_128_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, - TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA, - TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, - TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA, - TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ - - { - 1, - TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384, - SSL_kRSA, - SSL_aRSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - SSL_kDHE, - SSL_aRSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384, - SSL_kDHE, - SSL_aDSS, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - { - 1, - TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, }; /* @@ -3221,18 +3615,40 @@ */ static SSL_CIPHER ssl3_scsvs[] = { { - 0, - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", - SSL3_CK_SCSV, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + SSL3_CK_SCSV, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, }, { - 0, - "TLS_FALLBACK_SCSV", - "TLS_FALLBACK_SCSV", - SSL3_CK_FALLBACK_SCSV, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, + "TLS_FALLBACK_SCSV", + "TLS_FALLBACK_SCSV", + SSL3_CK_FALLBACK_SCSV, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, }, }; @@ -3249,15 +3665,15 @@ void ssl_sort_cipher_list(void) { qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]), - cipher_compare); + cipher_compare); qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]), - cipher_compare); + cipher_compare); qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare); } static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s, - const char * t, size_t u, - const unsigned char * v, size_t w, int x) + const char *t, size_t u, + const unsigned char *v, size_t w, int x) { (void)r; (void)s; @@ -3316,7 +3732,7 @@ /* Set the content type and 3 bytes for the message len */ if (!WPACKET_put_bytes_u8(pkt, htype) - || !WPACKET_start_sub_packet_u24(pkt)) + || !WPACKET_start_sub_packet_u24(pkt)) return 0; return 1; @@ -3440,46 +3856,42 @@ ret = (int)(s->s3.flags); break; #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_DH: - { - EVP_PKEY *pkdh = NULL; - if (parg == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - pkdh = ssl_dh_to_pkey(parg); - if (pkdh == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!SSL_set0_tmp_dh_pkey(s, pkdh)) { - EVP_PKEY_free(pkdh); - return 0; - } - return 1; + case SSL_CTRL_SET_TMP_DH: { + EVP_PKEY *pkdh = NULL; + if (parg == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; } - break; - case SSL_CTRL_SET_TMP_DH_CB: - { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return ret; + pkdh = ssl_dh_to_pkey(parg); + if (pkdh == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!SSL_set0_tmp_dh_pkey(s, pkdh)) { + EVP_PKEY_free(pkdh); + return 0; } + return 1; + } break; + case SSL_CTRL_SET_TMP_DH_CB: { + ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return ret; + } #endif case SSL_CTRL_SET_DH_AUTO: s->cert->dh_tmp_auto = larg; return 1; #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_ECDH: - { - if (parg == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, - &s->ext.supportedgroups_len, - parg); + case SSL_CTRL_SET_TMP_ECDH: { + if (parg == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; } -#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, + parg); + } +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ case SSL_CTRL_SET_TLSEXT_HOSTNAME: /* * This API is only used for a client to set what SNI it will request @@ -3549,7 +3961,7 @@ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: *(unsigned char **)parg = s->ext.ocsp.resp; if (s->ext.ocsp.resp_len == 0 - || s->ext.ocsp.resp_len > LONG_MAX) + || s->ext.ocsp.resp_len > LONG_MAX) return -1; return (long)s->ext.ocsp.resp_len; @@ -3601,59 +4013,56 @@ } return ssl_cert_set_current(s->cert, larg); - case SSL_CTRL_GET_GROUPS: - { - uint16_t *clist; - size_t clistlen; + case SSL_CTRL_GET_GROUPS: { + uint16_t *clist; + size_t clistlen; - if (!s->session) - return 0; - clist = s->ext.peer_supportedgroups; - clistlen = s->ext.peer_supportedgroups_len; - if (parg) { - size_t i; - int *cptr = parg; - - for (i = 0; i < clistlen; i++) { - const TLS_GROUP_INFO *cinf - = tls1_group_id_lookup(s->ctx, clist[i]); - - if (cinf != NULL) - cptr[i] = tls1_group_id2nid(cinf->group_id, 1); - else - cptr[i] = TLSEXT_nid_unknown | clist[i]; - } + if (!s->session) + return 0; + clist = s->ext.peer_supportedgroups; + clistlen = s->ext.peer_supportedgroups_len; + if (parg) { + size_t i; + int *cptr = parg; + + for (i = 0; i < clistlen; i++) { + const TLS_GROUP_INFO *cinf + = tls1_group_id_lookup(s->ctx, clist[i]); + + if (cinf != NULL) + cptr[i] = tls1_group_id2nid(cinf->group_id, 1); + else + cptr[i] = TLSEXT_nid_unknown | clist[i]; } - return (int)clistlen; } + return (int)clistlen; + } case SSL_CTRL_SET_GROUPS: return tls1_set_groups(&s->ext.supportedgroups, - &s->ext.supportedgroups_len, parg, larg); + &s->ext.supportedgroups_len, parg, larg); case SSL_CTRL_SET_GROUPS_LIST: return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups, - &s->ext.supportedgroups_len, parg); + &s->ext.supportedgroups_len, parg); - case SSL_CTRL_GET_SHARED_GROUP: - { - uint16_t id = tls1_shared_group(s, larg); + case SSL_CTRL_GET_SHARED_GROUP: { + uint16_t id = tls1_shared_group(s, larg); - if (larg != -1) - return tls1_group_id2nid(id, 1); - return id; - } - case SSL_CTRL_GET_NEGOTIATED_GROUP: - { - unsigned int id; - - if (SSL_IS_TLS13(s) && s->s3.did_kex) - id = s->s3.group_id; - else - id = s->session->kex_group; - ret = tls1_group_id2nid(id, 1); - break; - } + if (larg != -1) + return tls1_group_id2nid(id, 1); + return id; + } + case SSL_CTRL_GET_NEGOTIATED_GROUP: { + unsigned int id; + + if (SSL_IS_TLS13(s) && s->s3.did_kex) + id = s->s3.group_id; + else + id = s->session->kex_group; + ret = tls1_group_id2nid(id, 1); + break; + } case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); @@ -3666,15 +4075,14 @@ case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: return tls1_set_sigalgs_list(s->cert, parg, 1); - case SSL_CTRL_GET_CLIENT_CERT_TYPES: - { - const unsigned char **pctype = parg; - if (s->server || !s->s3.tmp.cert_req) - return 0; - if (pctype) - *pctype = s->s3.tmp.ctype; - return s->s3.tmp.ctype_len; - } + case SSL_CTRL_GET_CLIENT_CERT_TYPES: { + const unsigned char **pctype = parg; + if (s->server || !s->s3.tmp.cert_req) + return 0; + if (pctype) + *pctype = s->s3.tmp.ctype; + return s->s3.tmp.ctype_len; + } case SSL_CTRL_SET_CLIENT_CERT_TYPES: if (!s->server) @@ -3726,15 +4134,14 @@ return 1; } - case SSL_CTRL_GET_EC_POINT_FORMATS: - { - const unsigned char **pformat = parg; + case SSL_CTRL_GET_EC_POINT_FORMATS: { + const unsigned char **pformat = parg; - if (s->ext.peer_ecpointformats == NULL) - return 0; - *pformat = s->ext.peer_ecpointformats; - return (int)s->ext.peer_ecpointformats_len; - } + if (s->ext.peer_ecpointformats == NULL) + return 0; + *pformat = s->ext.peer_ecpointformats; + return (int)s->ext.peer_ecpointformats_len; + } default: break; @@ -3742,7 +4149,7 @@ return ret; } -long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) +long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { int ret = 0; @@ -3755,7 +4162,7 @@ #endif case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->ext.debug_cb = (void (*)(SSL *, int, int, - const unsigned char *, int, void *))fp; + const unsigned char *, int, void *))fp; ret = 1; break; @@ -3773,84 +4180,76 @@ { switch (cmd) { #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_DH: - { - EVP_PKEY *pkdh = NULL; - if (parg == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - pkdh = ssl_dh_to_pkey(parg); - if (pkdh == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) { - EVP_PKEY_free(pkdh); - return 0; - } - return 1; + case SSL_CTRL_SET_TMP_DH: { + EVP_PKEY *pkdh = NULL; + if (parg == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; } - case SSL_CTRL_SET_TMP_DH_CB: - { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + pkdh = ssl_dh_to_pkey(parg); + if (pkdh == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) { + EVP_PKEY_free(pkdh); return 0; } + return 1; + } + case SSL_CTRL_SET_TMP_DH_CB: { + ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } #endif case SSL_CTRL_SET_DH_AUTO: ctx->cert->dh_tmp_auto = larg; return 1; #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_ECDH: - { - if (parg == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups, - &ctx->ext.supportedgroups_len, - parg); + case SSL_CTRL_SET_TMP_ECDH: { + if (parg == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; } -#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, + parg); + } +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->ext.servername_arg = parg; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: - case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: - { - unsigned char *keys = parg; - long tick_keylen = (sizeof(ctx->ext.tick_key_name) + - sizeof(ctx->ext.secure->tick_hmac_key) + - sizeof(ctx->ext.secure->tick_aes_key)); - if (keys == NULL) - return tick_keylen; - if (larg != tick_keylen) { - ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH); - return 0; - } - if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { - memcpy(ctx->ext.tick_key_name, keys, - sizeof(ctx->ext.tick_key_name)); - memcpy(ctx->ext.secure->tick_hmac_key, - keys + sizeof(ctx->ext.tick_key_name), - sizeof(ctx->ext.secure->tick_hmac_key)); - memcpy(ctx->ext.secure->tick_aes_key, - keys + sizeof(ctx->ext.tick_key_name) + - sizeof(ctx->ext.secure->tick_hmac_key), - sizeof(ctx->ext.secure->tick_aes_key)); - } else { - memcpy(keys, ctx->ext.tick_key_name, - sizeof(ctx->ext.tick_key_name)); - memcpy(keys + sizeof(ctx->ext.tick_key_name), - ctx->ext.secure->tick_hmac_key, - sizeof(ctx->ext.secure->tick_hmac_key)); - memcpy(keys + sizeof(ctx->ext.tick_key_name) + - sizeof(ctx->ext.secure->tick_hmac_key), - ctx->ext.secure->tick_aes_key, - sizeof(ctx->ext.secure->tick_aes_key)); - } - return 1; + case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { + unsigned char *keys = parg; + long tick_keylen = (sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key) + sizeof(ctx->ext.secure->tick_aes_key)); + if (keys == NULL) + return tick_keylen; + if (larg != tick_keylen) { + ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH); + return 0; + } + if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { + memcpy(ctx->ext.tick_key_name, keys, + sizeof(ctx->ext.tick_key_name)); + memcpy(ctx->ext.secure->tick_hmac_key, + keys + sizeof(ctx->ext.tick_key_name), + sizeof(ctx->ext.secure->tick_hmac_key)); + memcpy(ctx->ext.secure->tick_aes_key, + keys + sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key), + sizeof(ctx->ext.secure->tick_aes_key)); + } else { + memcpy(keys, ctx->ext.tick_key_name, + sizeof(ctx->ext.tick_key_name)); + memcpy(keys + sizeof(ctx->ext.tick_key_name), + ctx->ext.secure->tick_hmac_key, + sizeof(ctx->ext.secure->tick_hmac_key)); + memcpy(keys + sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key), + ctx->ext.secure->tick_aes_key, + sizeof(ctx->ext.secure->tick_aes_key)); } + return 1; + } case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: return ctx->ext.status_type; @@ -3864,11 +4263,11 @@ return 1; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG: - *(void**)parg = ctx->ext.status_arg; + *(void **)parg = ctx->ext.status_arg; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: - *(int (**)(SSL*, void*))parg = ctx->ext.status_cb; + *(int (**)(SSL *, void *))parg = ctx->ext.status_cb; break; #ifndef OPENSSL_NO_SRP @@ -3888,8 +4287,7 @@ } break; case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: - ctx->srp_ctx.SRP_give_srp_client_pwd_callback = - srp_password_from_info_cb; + ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb; if (ctx->srp_ctx.info != NULL) OPENSSL_free(ctx->srp_ctx.info); if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) { @@ -3909,13 +4307,13 @@ case SSL_CTRL_SET_GROUPS: return tls1_set_groups(&ctx->ext.supportedgroups, - &ctx->ext.supportedgroups_len, - parg, larg); + &ctx->ext.supportedgroups_len, + parg, larg); case SSL_CTRL_SET_GROUPS_LIST: return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups, - &ctx->ext.supportedgroups_len, - parg); + &ctx->ext.supportedgroups_len, + parg); case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); @@ -4001,15 +4399,13 @@ return 1; } -long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) +long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { switch (cmd) { #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_DH_CB: - { - ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } - break; + case SSL_CTRL_SET_TMP_DH_CB: { + ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + } break; #endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp; @@ -4019,12 +4415,12 @@ ctx->ext.status_cb = (int (*)(SSL *, void *))fp; break; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *, - unsigned char *, - EVP_CIPHER_CTX *, - HMAC_CTX *, int))fp; + unsigned char *, + EVP_CIPHER_CTX *, + HMAC_CTX *, int))fp; break; #endif @@ -4035,29 +4431,23 @@ break; case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: ctx->srp_ctx.srp_Mask |= SSL_kSRP; - ctx->srp_ctx.TLS_ext_srp_username_callback = - (int (*)(SSL *, int *, void *))fp; + ctx->srp_ctx.TLS_ext_srp_username_callback = (int (*)(SSL *, int *, void *))fp; break; case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: ctx->srp_ctx.srp_Mask |= SSL_kSRP; - ctx->srp_ctx.SRP_give_srp_client_pwd_callback = - (char *(*)(SSL *, void *))fp; + ctx->srp_ctx.SRP_give_srp_client_pwd_callback = (char *(*)(SSL *, void *))fp; break; #endif - case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: - { - ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp; - } - break; + case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: { + ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp; + } break; default: return 0; } return 1; } -int SSL_CTX_set_tlsext_ticket_key_evp_cb - (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, - EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)) +int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)) { ctx->ext.ticket_key_evp_cb = fp; return 1; @@ -4081,9 +4471,8 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) { SSL_CIPHER *tbl; - SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs}; - size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, - SSL3_NUM_SCSVS}; + SSL_CIPHER *alltabs[] = { tls13_ciphers, ssl3_ciphers, ssl3_scsvs }; + size_t i, j, tblsize[] = { TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, SSL3_NUM_SCSVS }; /* this is not efficient, necessary to optimize this? */ for (j = 0; j < OSSL_NELEM(alltabs); j++) { @@ -4105,8 +4494,8 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG - | ((uint32_t)p[0] << 8L) - | (uint32_t)p[1]); + | ((uint32_t)p[0] << 8L) + | (uint32_t)p[1]); } int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) @@ -4132,7 +4521,7 @@ * Returns the selected cipher or NULL when no common ciphers. */ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr) + STACK_OF(SSL_CIPHER) *srvr) { const SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; @@ -4149,20 +4538,22 @@ * pay with the price of sk_SSL_CIPHER_dup(). */ - OSSL_TRACE_BEGIN(TLS_CIPHER) { + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, "Server has %d from %p:\n", - sk_SSL_CIPHER_num(srvr), (void *)srvr); + sk_SSL_CIPHER_num(srvr), (void *)srvr); for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { c = sk_SSL_CIPHER_value(srvr, i); BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name); } BIO_printf(trc_out, "Client sent %d from %p:\n", - sk_SSL_CIPHER_num(clnt), (void *)clnt); + sk_SSL_CIPHER_num(clnt), (void *)clnt); for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { c = sk_SSL_CIPHER_value(clnt, i); BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name); } - } OSSL_TRACE_END(TLS_CIPHER); + } + OSSL_TRACE_END(TLS_CIPHER); /* SUITE-B takes precedence over server preference and ChaCha priortiy */ if (tls1_suiteb(s)) { @@ -4227,7 +4618,8 @@ * that. */ if (s->psk_server_callback != NULL) { - for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++); + for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++) + ; if (j == SSL_PKEY_NUM) { /* There are no certificates */ prefer_sha256 = 1; @@ -4243,12 +4635,9 @@ c = sk_SSL_CIPHER_value(prio, i); /* Skip ciphers not supported by the protocol version */ - if (!SSL_IS_DTLS(s) && - ((s->version < c->min_tls) || (s->version > c->max_tls))) + if (!SSL_IS_DTLS(s) && ((s->version < c->min_tls) || (s->version > c->max_tls))) continue; - if (SSL_IS_DTLS(s) && - (DTLS_VERSION_LT(s->version, c->min_dtls) || - DTLS_VERSION_GT(s->version, c->max_dtls))) + if (SSL_IS_DTLS(s) && (DTLS_VERSION_LT(s->version, c->min_dtls) || DTLS_VERSION_GT(s->version, c->max_dtls))) continue; /* @@ -4272,12 +4661,12 @@ /* with PSK there must be server callback set */ if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) continue; -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ ok = (alg_k & mask_k) && (alg_a & mask_a); OSSL_TRACE7(TLS_CIPHER, - "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", - ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); + "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", + ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); /* * if we are considering an ECC cipher suite that uses an ephemeral @@ -4293,7 +4682,7 @@ if (ii >= 0) { /* Check security callback permits this cipher */ if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, - c->strength_bits, 0, (void *)c)) + c->strength_bits, 0, (void *)c)) continue; if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) @@ -4308,7 +4697,7 @@ const EVP_MD *md = ssl_md(s->ctx, tmp->algorithm2); if (md != NULL - && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) { + && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) { ret = tmp; break; } @@ -4357,7 +4746,7 @@ if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) return 0; if (!(alg_a & SSL_aDSS) - && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) + && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) return 0; } if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) @@ -4370,8 +4759,8 @@ * need to check for SSL_kECDH or SSL_kECDHE */ if (s->version >= TLS1_VERSION - && !(alg_a & SSL_aECDSA) - && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) + && !(alg_a & SSL_aECDSA) + && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) return 0; return 1; @@ -4414,7 +4803,7 @@ * written, s->s3.alert_dispatch will be true */ if (s->s3.alert_dispatch) - return -1; /* return WANT_WRITE */ + return -1; /* return WANT_WRITE */ } else if (s->s3.alert_dispatch) { /* resend it if not sent */ ret = s->method->ssl_dispatch_alert(s); @@ -4433,12 +4822,11 @@ */ s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes); if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return -1; /* return WANT_READ */ + return -1; /* return WANT_READ */ } } - if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && - !s->s3.alert_dispatch) + if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && !s->s3.alert_dispatch) return 1; else return 0; @@ -4451,11 +4839,11 @@ ssl3_renegotiate_check(s, 0); return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, - written); + written); } static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, - size_t *readbytes) + size_t *readbytes) { int ret; @@ -4463,9 +4851,8 @@ if (s->s3.renegotiate) ssl3_renegotiate_check(s, 0); s->s3.in_read_app_data = 1; - ret = - s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, - peek, readbytes); + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, + peek, readbytes); if ((ret == -1) && (s->s3.in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called @@ -4475,9 +4862,8 @@ * application data again. */ ossl_statem_set_in_handshake(s, 1); - ret = - s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, - len, peek, readbytes); + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, + len, peek, readbytes); ossl_statem_set_in_handshake(s, 0); } else s->s3.in_read_app_data = 0; @@ -4562,7 +4948,7 @@ * failure, 1 on success. */ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, - DOWNGRADE dgrd) + DOWNGRADE dgrd) { int send_time = 0, ret; @@ -4584,21 +4970,21 @@ if (ret > 0) { if (!ossl_assert(sizeof(tls11downgrade) < len) - || !ossl_assert(sizeof(tls12downgrade) < len)) - return 0; + || !ossl_assert(sizeof(tls12downgrade) < len)) + return 0; if (dgrd == DOWNGRADE_TO_1_2) memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, - sizeof(tls12downgrade)); + sizeof(tls12downgrade)); else if (dgrd == DOWNGRADE_TO_1_1) memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, - sizeof(tls11downgrade)); + sizeof(tls11downgrade)); } return ret; } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, - int free_pms) + int free_pms) { unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; int ret = 0; @@ -4633,8 +5019,8 @@ s->s3.tmp.psk = NULL; s->s3.tmp.psklen = 0; if (!s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, pskpms, pskpmslen, - &s->session->master_key_length)) { + s->session->master_key, pskpms, pskpmslen, + &s->session->master_key_length)) { OPENSSL_clear_free(pskpms, pskpmslen); /* SSLfatal() already called */ goto err; @@ -4654,7 +5040,7 @@ } ret = 1; - err: +err: if (pms) { if (free_pms) OPENSSL_clear_free(pms, pmslen); @@ -4686,7 +5072,7 @@ pkey = NULL; } - err: +err: EVP_PKEY_CTX_free(pctx); return pkey; } @@ -4704,7 +5090,7 @@ } pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, - s->ctx->propq); + s->ctx->propq); if (pctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -4724,7 +5110,7 @@ pkey = NULL; } - err: +err: EVP_PKEY_CTX_free(pctx); return pkey; } @@ -4742,7 +5128,7 @@ goto err; pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, - s->ctx->propq); + s->ctx->propq); if (pctx == NULL) goto err; @@ -4757,7 +5143,7 @@ pkey = NULL; } - err: +err: EVP_PKEY_CTX_free(pctx); return pkey; } @@ -4775,8 +5161,8 @@ */ if (!s->hit) rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, - 0, - (unsigned char *)&s->early_secret); + 0, + (unsigned char *)&s->early_secret); else rv = 1; @@ -4810,7 +5196,7 @@ goto err; } - if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH")) + if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH")) EVP_PKEY_CTX_set_dh_pad(pctx, 1); pms = OPENSSL_malloc(pmslen); @@ -4820,7 +5206,10 @@ } if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + /* + * the public key was probably a weak key + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); goto err; } @@ -4835,7 +5224,7 @@ rv = 1; } - err: +err: OPENSSL_clear_free(pms, pmslen); EVP_PKEY_CTX_free(pctx); return rv; @@ -4843,8 +5232,8 @@ /* Decapsulate secrets for KEM */ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, - const unsigned char *ct, size_t ctlen, - int gensecret) + const unsigned char *ct, size_t ctlen, + int gensecret) { int rv = 0; unsigned char *pms = NULL; @@ -4859,7 +5248,7 @@ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0 - || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) { + || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -4886,15 +5275,15 @@ rv = 1; } - err: +err: OPENSSL_clear_free(pms, pmslen); EVP_PKEY_CTX_free(pctx); return rv; } int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, - unsigned char **ctp, size_t *ctlenp, - int gensecret) + unsigned char **ctp, size_t *ctlenp, + int gensecret) { int rv = 0; unsigned char *pms = NULL, *ct = NULL; @@ -4909,8 +5298,8 @@ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq); if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0 - || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0 - || pmslen == 0 || ctlen == 0) { + || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0 + || pmslen == 0 || ctlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -4923,7 +5312,7 @@ } if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); goto err; } @@ -4945,14 +5334,15 @@ ct = NULL; } - err: +err: OPENSSL_clear_free(pms, pmslen); OPENSSL_free(ct); EVP_PKEY_CTX_free(pctx); return rv; } -const char *SSL_group_to_name(SSL *s, int nid) { +const char *SSL_group_to_name(SSL *s, int nid) +{ int group_id = 0; const TLS_GROUP_INFO *cinf = NULL; --- crypto/openssl/ssl/s3_msg.c.orig +++ crypto/openssl/ssl/s3_msg.c @@ -76,13 +76,13 @@ { int i, j; size_t alertlen; - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; size_t written; s->s3.alert_dispatch = 0; alertlen = 2; i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0, - &written); + &written); if (i <= 0) { s->s3.alert_dispatch = 1; } else { @@ -94,7 +94,7 @@ if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, - 2, s, s->msg_callback_arg); + 2, s, s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; --- crypto/openssl/ssl/ssl_asn1.c.orig +++ crypto/openssl/ssl/ssl_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -85,7 +85,7 @@ /* Initialise OCTET STRING from buffer and length */ static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, - const unsigned char *data, size_t len) + const unsigned char *data, size_t len) { os->data = (unsigned char *)data; /* justified cast: data is not modified */ os->length = (int)len; @@ -95,7 +95,7 @@ /* Initialise OCTET STRING from string */ static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, - const char *data) + const char *data) { if (data != NULL) ssl_session_oinit(dest, os, (const unsigned char *)data, strlen(data)); @@ -155,13 +155,13 @@ #endif ssl_session_oinit(&as.master_key, &master_key, - in->master_key, in->master_key_length); + in->master_key, in->master_key_length); ssl_session_oinit(&as.session_id, &session_id, - in->session_id, in->session_id_length); + in->session_id, in->session_id_length); ssl_session_oinit(&as.session_id_context, &sid_ctx, - in->sid_ctx, in->sid_ctx_length); + in->sid_ctx, in->sid_ctx_length); as.time = (int64_t)in->time; as.timeout = (int64_t)in->timeout; @@ -170,22 +170,22 @@ as.peer = in->peer; ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, - in->ext.hostname); + in->ext.hostname); if (in->ext.tick) { ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, - in->ext.tick, in->ext.ticklen); + in->ext.tick, in->ext.ticklen); } if (in->ext.tick_lifetime_hint > 0) as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint; as.tlsext_tick_age_add = in->ext.tick_age_add; #ifndef OPENSSL_NO_PSK ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, - in->psk_identity_hint); + in->psk_identity_hint); ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity); -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username); -#endif /* OPENSSL_NO_SRP */ +#endif /* OPENSSL_NO_SRP */ as.flags = in->flags; as.max_early_data = in->ext.max_early_data; @@ -194,7 +194,7 @@ as.alpn_selected = NULL; else ssl_session_oinit(&as.alpn_selected, &alpn_selected, - in->ext.alpn_selected, in->ext.alpn_selected_len); + in->ext.alpn_selected, in->ext.alpn_selected_len); as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; @@ -202,10 +202,9 @@ as.ticket_appdata = NULL; else ssl_session_oinit(&as.ticket_appdata, &ticket_appdata, - in->ticket_appdata, in->ticket_appdata_len); + in->ticket_appdata, in->ticket_appdata_len); return i2d_SSL_SESSION_ASN1(&as, pp); - } /* Utility functions for d2i_SSL_SESSION */ @@ -227,7 +226,7 @@ /* Copy an OCTET STRING, return error if it exceeds maximum length */ static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, - ASN1_OCTET_STRING *src, size_t maxlen) + ASN1_OCTET_STRING *src, size_t maxlen) { if (src == NULL || src->length == 0) { *pdstlen = 0; @@ -241,7 +240,7 @@ } SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length) + long length) { long id; size_t tmpl; @@ -284,7 +283,7 @@ } id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L) - | (unsigned long)as->cipher->data[1]; + | (unsigned long)as->cipher->data[1]; ret->cipher_id = id; ret->cipher = ssl3_get_cipher_by_id(id); @@ -292,11 +291,11 @@ goto err; if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, - as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) + as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) goto err; if (!ssl_session_memcpy(ret->master_key, &tmpl, - as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) + as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) goto err; ret->master_key_length = tmpl; @@ -317,7 +316,7 @@ as->peer = NULL; if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length, - as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) + as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) goto err; /* NB: this defaults to zero which is X509_V_OK */ @@ -358,7 +357,7 @@ #ifndef OPENSSL_NO_SRP if (!ssl_session_strndup(&ret->srp_username, as->srp_username)) goto err; -#endif /* OPENSSL_NO_SRP */ +#endif /* OPENSSL_NO_SRP */ /* Flags defaults to zero which is fine */ ret->flags = (int32_t)as->flags; ret->ext.max_early_data = as->max_early_data; @@ -392,7 +391,7 @@ *pp = p; return ret; - err: +err: M_ASN1_free_of(as, SSL_SESSION_ASN1); if ((a == NULL) || (*a != ret)) SSL_SESSION_free(ret); --- crypto/openssl/ssl/ssl_cert.c.orig +++ crypto/openssl/ssl/ssl_cert.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -25,19 +25,18 @@ #include "ssl_cert_table.h" #include "internal/thread_once.h" #ifndef OPENSSL_NO_POSIX_IO -# include -# ifdef _WIN32 -# define stat _stat -# endif -# ifndef S_ISDIR -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) -# endif +#include +#ifdef _WIN32 +#define stat _stat +#endif +#ifndef S_ISDIR +#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif #endif - static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, void *other, - void *ex); + int op, int bits, int nid, void *other, + void *ex); static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT; static volatile int ssl_x509_store_ctx_idx = -1; @@ -45,8 +44,8 @@ DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init) { ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0, - "SSL for verify callback", - NULL, NULL, NULL); + "SSL for verify callback", + NULL, NULL, NULL); return ssl_x509_store_ctx_idx >= 0; } @@ -131,37 +130,36 @@ } if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ - ret->pkeys[i].serverinfo = - OPENSSL_malloc(cert->pkeys[i].serverinfo_length); + ret->pkeys[i].serverinfo = OPENSSL_malloc(cert->pkeys[i].serverinfo_length); if (ret->pkeys[i].serverinfo == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); goto err; } ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length; memcpy(ret->pkeys[i].serverinfo, - cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); + cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); } } /* Configured sigalgs copied across */ if (cert->conf_sigalgs) { ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen - * sizeof(*cert->conf_sigalgs)); + * sizeof(*cert->conf_sigalgs)); if (ret->conf_sigalgs == NULL) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, - cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); + cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; if (cert->client_sigalgs) { ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen - * sizeof(*cert->client_sigalgs)); + * sizeof(*cert->client_sigalgs)); if (ret->client_sigalgs == NULL) goto err; memcpy(ret->client_sigalgs, cert->client_sigalgs, - cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); + cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); ret->client_sigalgslen = cert->client_sigalgslen; } else ret->client_sigalgs = NULL; @@ -203,7 +201,7 @@ #endif return ret; - err: +err: ssl_cert_free(ret); return NULL; @@ -366,7 +364,7 @@ return 0; } -void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg) +void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg) { c->cert_cb = cb; c->cert_cb_arg = arg; @@ -416,8 +414,7 @@ /* Set suite B flags if needed */ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); - if (!X509_STORE_CTX_set_ex_data - (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { + if (!X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { goto end; } @@ -463,13 +460,13 @@ /* Move peername from the store context params to the SSL handle's */ X509_VERIFY_PARAM_move_peername(s->param, param); - end: +end: X509_STORE_CTX_free(ctx); return i; } static void set0_CA_list(STACK_OF(X509_NAME) **ca_list, - STACK_OF(X509_NAME) *name_list) + STACK_OF(X509_NAME) *name_list) { sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); *ca_list = name_list; @@ -494,7 +491,7 @@ sk_X509_NAME_pop_free(ret, X509_NAME_free); return NULL; } - sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */ + sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */ } return ret; } @@ -543,7 +540,7 @@ { if (!s->server) return s->s3.tmp.peer_ca_names; - return s->client_ca_names != NULL ? s->client_ca_names + return s->client_ca_names != NULL ? s->client_ca_names : s->ctx->client_ca_names; } @@ -626,8 +623,8 @@ } STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, - OSSL_LIB_CTX *libctx, - const char *propq) + OSSL_LIB_CTX *libctx, + const char *propq) { BIO *in = BIO_new(BIO_s_file()); X509 *x = NULL; @@ -679,11 +676,11 @@ } goto done; - err: +err: X509_NAME_free(xn); sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; - done: +done: /* restore the old libctx */ OSSL_LIB_CTX_set0_default(prev_libctx); BIO_free(in); @@ -700,13 +697,13 @@ } int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *file) + const char *file) { BIO *in; X509 *x = NULL; X509_NAME *xn = NULL; int ret = 1; - int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b); + int (*oldcmp)(const X509_NAME *const *a, const X509_NAME *const *b); oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); @@ -740,9 +737,9 @@ ERR_clear_error(); goto done; - err: +err: ret = 0; - done: +done: BIO_free(in); X509_free(x); (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); @@ -750,7 +747,7 @@ } int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *dir) + const char *dir) { OPENSSL_DIR_CTX *d = NULL; const char *filename; @@ -791,14 +788,14 @@ if (errno) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling OPENSSL_dir_read(%s)", dir); + "calling OPENSSL_dir_read(%s)", dir); ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); goto err; } ret = 1; - err: +err: if (d) OPENSSL_DIR_end(&d); @@ -806,22 +803,23 @@ } static int add_uris_recursive(STACK_OF(X509_NAME) *stack, - const char *uri, int depth) + const char *uri, int depth) { int ok = 1; OSSL_STORE_CTX *ctx = NULL; X509 *x = NULL; X509_NAME *xn = NULL; + OSSL_STORE_INFO *info = NULL; if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL) goto err; while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) { - OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); - int infotype = info == 0 ? 0 : OSSL_STORE_INFO_get_type(info); + int infotype; - if (info == NULL) + if ((info = OSSL_STORE_load(ctx)) == NULL) continue; + infotype = OSSL_STORE_INFO_get_type(info); if (infotype == OSSL_STORE_INFO_NAME) { /* @@ -830,7 +828,7 @@ */ if (depth > 0) ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info), - depth - 1); + depth - 1); } else if (infotype == OSSL_STORE_INFO_CERT) { if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL || (xn = X509_get_subject_name(x)) == NULL @@ -846,23 +844,25 @@ } OSSL_STORE_INFO_free(info); + info = NULL; } ERR_clear_error(); goto done; - err: +err: ok = 0; - done: + OSSL_STORE_INFO_free(info); +done: OSSL_STORE_close(ctx); return ok; } int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *store) + const char *store) { - int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b) + int (*oldcmp)(const X509_NAME *const *a, const X509_NAME *const *b) = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); int ret = add_uris_recursive(stack, store, 1); @@ -922,7 +922,7 @@ } /* Set suite B flags if needed */ X509_STORE_CTX_set_flags(xs_ctx, - c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS); + c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS); i = X509_verify_cert(xs_ctx); if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) { @@ -936,7 +936,7 @@ if (i <= 0) { i = X509_STORE_CTX_get_error(xs_ctx); ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED, - "Verify error:%s", X509_verify_cert_error_string(i)); + "Verify error:%s", X509_verify_cert_error_string(i)); goto err; } @@ -971,7 +971,7 @@ cpk->chain = chain; if (rv == 0) rv = 1; - err: +err: if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) X509_STORE_free(chain_store); X509_STORE_CTX_free(xs_ctx); @@ -1026,8 +1026,8 @@ } static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, void *other, - void *ex) + int op, int bits, int nid, void *other, + void *ex) { int level, minbits, pfs_mask; @@ -1045,31 +1045,29 @@ switch (op) { case SSL_SECOP_CIPHER_SUPPORTED: case SSL_SECOP_CIPHER_SHARED: - case SSL_SECOP_CIPHER_CHECK: - { - const SSL_CIPHER *c = other; - /* No ciphers below security level */ - if (bits < minbits) - return 0; - /* No unauthenticated ciphersuites */ - if (c->algorithm_auth & SSL_aNULL) - return 0; - /* No MD5 mac ciphersuites */ - if (c->algorithm_mac & SSL_MD5) - return 0; - /* SHA1 HMAC is 160 bits of security */ - if (minbits > 160 && c->algorithm_mac & SSL_SHA1) - return 0; - /* Level 2: no RC4 */ - if (level >= 2 && c->algorithm_enc == SSL_RC4) - return 0; - /* Level 3: forward secure ciphersuites only */ - pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK; - if (level >= 3 && c->min_tls != TLS1_3_VERSION && - !(c->algorithm_mkey & pfs_mask)) - return 0; - break; - } + case SSL_SECOP_CIPHER_CHECK: { + const SSL_CIPHER *c = other; + /* No ciphers below security level */ + if (bits < minbits) + return 0; + /* No unauthenticated ciphersuites */ + if (c->algorithm_auth & SSL_aNULL) + return 0; + /* No MD5 mac ciphersuites */ + if (c->algorithm_mac & SSL_MD5) + return 0; + /* SHA1 HMAC is 160 bits of security */ + if (minbits > 160 && c->algorithm_mac & SSL_SHA1) + return 0; + /* Level 2: no RC4 */ + if (level >= 2 && c->algorithm_enc == SSL_RC4) + return 0; + /* Level 3: forward secure ciphersuites only */ + pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK; + if (level >= 3 && c->min_tls != TLS1_3_VERSION && !(c->algorithm_mkey & pfs_mask)) + return 0; + break; + } case SSL_SECOP_VERSION: if (!SSL_IS_DTLS(s)) { /* SSLv3 not allowed at level 2 */ @@ -1111,7 +1109,7 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) { return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other, - ctx->cert->sec_ex); + ctx->cert->sec_ex); } int ssl_cert_lookup_by_nid(int nid, size_t *pidx) --- crypto/openssl/ssl/ssl_cert_table.h.orig +++ crypto/openssl/ssl/ssl_cert_table.h @@ -10,14 +10,14 @@ /* * Certificate table information. NB: table entries must match SSL_PKEY indices */ -static const SSL_CERT_LOOKUP ssl_cert_info [] = { - {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */ - {EVP_PKEY_RSA_PSS, SSL_aRSA}, /* SSL_PKEY_RSA_PSS_SIGN */ - {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */ - {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */ - {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */ - {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */ - {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */ - {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */ - {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */ +static const SSL_CERT_LOOKUP ssl_cert_info[] = { + { EVP_PKEY_RSA, SSL_aRSA }, /* SSL_PKEY_RSA */ + { EVP_PKEY_RSA_PSS, SSL_aRSA }, /* SSL_PKEY_RSA_PSS_SIGN */ + { EVP_PKEY_DSA, SSL_aDSS }, /* SSL_PKEY_DSA_SIGN */ + { EVP_PKEY_EC, SSL_aECDSA }, /* SSL_PKEY_ECC */ + { NID_id_GostR3410_2001, SSL_aGOST01 }, /* SSL_PKEY_GOST01 */ + { NID_id_GostR3410_2012_256, SSL_aGOST12 }, /* SSL_PKEY_GOST12_256 */ + { NID_id_GostR3410_2012_512, SSL_aGOST12 }, /* SSL_PKEY_GOST12_512 */ + { EVP_PKEY_ED25519, SSL_aECDSA }, /* SSL_PKEY_ED25519 */ + { EVP_PKEY_ED448, SSL_aECDSA } /* SSL_PKEY_ED448 */ }; --- crypto/openssl/ssl/ssl_ciph.c.orig +++ crypto/openssl/ssl/ssl_ciph.c @@ -31,35 +31,35 @@ /* Table of NIDs for each cipher */ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { - {SSL_DES, NID_des_cbc}, /* SSL_ENC_DES_IDX 0 */ - {SSL_3DES, NID_des_ede3_cbc}, /* SSL_ENC_3DES_IDX 1 */ - {SSL_RC4, NID_rc4}, /* SSL_ENC_RC4_IDX 2 */ - {SSL_RC2, NID_rc2_cbc}, /* SSL_ENC_RC2_IDX 3 */ - {SSL_IDEA, NID_idea_cbc}, /* SSL_ENC_IDEA_IDX 4 */ - {SSL_eNULL, NID_undef}, /* SSL_ENC_NULL_IDX 5 */ - {SSL_AES128, NID_aes_128_cbc}, /* SSL_ENC_AES128_IDX 6 */ - {SSL_AES256, NID_aes_256_cbc}, /* SSL_ENC_AES256_IDX 7 */ - {SSL_CAMELLIA128, NID_camellia_128_cbc}, /* SSL_ENC_CAMELLIA128_IDX 8 */ - {SSL_CAMELLIA256, NID_camellia_256_cbc}, /* SSL_ENC_CAMELLIA256_IDX 9 */ - {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */ - {SSL_SEED, NID_seed_cbc}, /* SSL_ENC_SEED_IDX 11 */ - {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */ - {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */ - {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */ - {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */ - {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */ - {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */ - {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */ - {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ - {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ - {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ - {SSL_MAGMA, NID_magma_ctr_acpkm}, /* SSL_ENC_MAGMA_IDX */ - {SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm}, /* SSL_ENC_KUZNYECHIK_IDX */ + { SSL_DES, NID_des_cbc }, /* SSL_ENC_DES_IDX 0 */ + { SSL_3DES, NID_des_ede3_cbc }, /* SSL_ENC_3DES_IDX 1 */ + { SSL_RC4, NID_rc4 }, /* SSL_ENC_RC4_IDX 2 */ + { SSL_RC2, NID_rc2_cbc }, /* SSL_ENC_RC2_IDX 3 */ + { SSL_IDEA, NID_idea_cbc }, /* SSL_ENC_IDEA_IDX 4 */ + { SSL_eNULL, NID_undef }, /* SSL_ENC_NULL_IDX 5 */ + { SSL_AES128, NID_aes_128_cbc }, /* SSL_ENC_AES128_IDX 6 */ + { SSL_AES256, NID_aes_256_cbc }, /* SSL_ENC_AES256_IDX 7 */ + { SSL_CAMELLIA128, NID_camellia_128_cbc }, /* SSL_ENC_CAMELLIA128_IDX 8 */ + { SSL_CAMELLIA256, NID_camellia_256_cbc }, /* SSL_ENC_CAMELLIA256_IDX 9 */ + { SSL_eGOST2814789CNT, NID_gost89_cnt }, /* SSL_ENC_GOST89_IDX 10 */ + { SSL_SEED, NID_seed_cbc }, /* SSL_ENC_SEED_IDX 11 */ + { SSL_AES128GCM, NID_aes_128_gcm }, /* SSL_ENC_AES128GCM_IDX 12 */ + { SSL_AES256GCM, NID_aes_256_gcm }, /* SSL_ENC_AES256GCM_IDX 13 */ + { SSL_AES128CCM, NID_aes_128_ccm }, /* SSL_ENC_AES128CCM_IDX 14 */ + { SSL_AES256CCM, NID_aes_256_ccm }, /* SSL_ENC_AES256CCM_IDX 15 */ + { SSL_AES128CCM8, NID_aes_128_ccm }, /* SSL_ENC_AES128CCM8_IDX 16 */ + { SSL_AES256CCM8, NID_aes_256_ccm }, /* SSL_ENC_AES256CCM8_IDX 17 */ + { SSL_eGOST2814789CNT12, NID_gost89_cnt_12 }, /* SSL_ENC_GOST8912_IDX 18 */ + { SSL_CHACHA20POLY1305, NID_chacha20_poly1305 }, /* SSL_ENC_CHACHA_IDX 19 */ + { SSL_ARIA128GCM, NID_aria_128_gcm }, /* SSL_ENC_ARIA128GCM_IDX 20 */ + { SSL_ARIA256GCM, NID_aria_256_gcm }, /* SSL_ENC_ARIA256GCM_IDX 21 */ + { SSL_MAGMA, NID_magma_ctr_acpkm }, /* SSL_ENC_MAGMA_IDX */ + { SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm }, /* SSL_ENC_KUZNYECHIK_IDX */ }; -#define SSL_COMP_NULL_IDX 0 -#define SSL_COMP_ZLIB_IDX 1 -#define SSL_COMP_NUM_IDX 2 +#define SSL_COMP_NULL_IDX 0 +#define SSL_COMP_ZLIB_IDX 1 +#define SSL_COMP_NUM_IDX 2 static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; @@ -69,53 +69,53 @@ /* NB: make sure indices in this table matches values above */ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { - {SSL_MD5, NID_md5}, /* SSL_MD_MD5_IDX 0 */ - {SSL_SHA1, NID_sha1}, /* SSL_MD_SHA1_IDX 1 */ - {SSL_GOST94, NID_id_GostR3411_94}, /* SSL_MD_GOST94_IDX 2 */ - {SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */ - {SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */ - {SSL_SHA384, NID_sha384}, /* SSL_MD_SHA384_IDX 5 */ - {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */ - {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */ - {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ - {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ - {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ - {0, NID_sha512}, /* SSL_MD_SHA512_IDX 11 */ - {SSL_MAGMAOMAC, NID_magma_mac}, /* sSL_MD_MAGMAOMAC_IDX */ - {SSL_KUZNYECHIKOMAC, NID_kuznyechik_mac} /* SSL_MD_KUZNYECHIKOMAC_IDX */ + { SSL_MD5, NID_md5 }, /* SSL_MD_MD5_IDX 0 */ + { SSL_SHA1, NID_sha1 }, /* SSL_MD_SHA1_IDX 1 */ + { SSL_GOST94, NID_id_GostR3411_94 }, /* SSL_MD_GOST94_IDX 2 */ + { SSL_GOST89MAC, NID_id_Gost28147_89_MAC }, /* SSL_MD_GOST89MAC_IDX 3 */ + { SSL_SHA256, NID_sha256 }, /* SSL_MD_SHA256_IDX 4 */ + { SSL_SHA384, NID_sha384 }, /* SSL_MD_SHA384_IDX 5 */ + { SSL_GOST12_256, NID_id_GostR3411_2012_256 }, /* SSL_MD_GOST12_256_IDX 6 */ + { SSL_GOST89MAC12, NID_gost_mac_12 }, /* SSL_MD_GOST89MAC12_IDX 7 */ + { SSL_GOST12_512, NID_id_GostR3411_2012_512 }, /* SSL_MD_GOST12_512_IDX 8 */ + { 0, NID_md5_sha1 }, /* SSL_MD_MD5_SHA1_IDX 9 */ + { 0, NID_sha224 }, /* SSL_MD_SHA224_IDX 10 */ + { 0, NID_sha512 }, /* SSL_MD_SHA512_IDX 11 */ + { SSL_MAGMAOMAC, NID_magma_mac }, /* sSL_MD_MAGMAOMAC_IDX */ + { SSL_KUZNYECHIKOMAC, NID_kuznyechik_mac } /* SSL_MD_KUZNYECHIKOMAC_IDX */ }; /* *INDENT-OFF* */ static const ssl_cipher_table ssl_cipher_table_kx[] = { - {SSL_kRSA, NID_kx_rsa}, - {SSL_kECDHE, NID_kx_ecdhe}, - {SSL_kDHE, NID_kx_dhe}, - {SSL_kECDHEPSK, NID_kx_ecdhe_psk}, - {SSL_kDHEPSK, NID_kx_dhe_psk}, - {SSL_kRSAPSK, NID_kx_rsa_psk}, - {SSL_kPSK, NID_kx_psk}, - {SSL_kSRP, NID_kx_srp}, - {SSL_kGOST, NID_kx_gost}, - {SSL_kGOST18, NID_kx_gost18}, - {SSL_kANY, NID_kx_any} + { SSL_kRSA, NID_kx_rsa }, + { SSL_kECDHE, NID_kx_ecdhe }, + { SSL_kDHE, NID_kx_dhe }, + { SSL_kECDHEPSK, NID_kx_ecdhe_psk }, + { SSL_kDHEPSK, NID_kx_dhe_psk }, + { SSL_kRSAPSK, NID_kx_rsa_psk }, + { SSL_kPSK, NID_kx_psk }, + { SSL_kSRP, NID_kx_srp }, + { SSL_kGOST, NID_kx_gost }, + { SSL_kGOST18, NID_kx_gost18 }, + { SSL_kANY, NID_kx_any } }; static const ssl_cipher_table ssl_cipher_table_auth[] = { - {SSL_aRSA, NID_auth_rsa}, - {SSL_aECDSA, NID_auth_ecdsa}, - {SSL_aPSK, NID_auth_psk}, - {SSL_aDSS, NID_auth_dss}, - {SSL_aGOST01, NID_auth_gost01}, - {SSL_aGOST12, NID_auth_gost12}, - {SSL_aSRP, NID_auth_srp}, - {SSL_aNULL, NID_auth_null}, - {SSL_aANY, NID_auth_any} + { SSL_aRSA, NID_auth_rsa }, + { SSL_aECDSA, NID_auth_ecdsa }, + { SSL_aPSK, NID_auth_psk }, + { SSL_aDSS, NID_auth_dss }, + { SSL_aGOST01, NID_auth_gost01 }, + { SSL_aGOST12, NID_auth_gost12 }, + { SSL_aSRP, NID_auth_srp }, + { SSL_aNULL, NID_auth_null }, + { SSL_aANY, NID_auth_any } }; /* *INDENT-ON* */ /* Utility function for table lookup */ -static int ssl_cipher_info_find(const ssl_cipher_table * table, - size_t table_cnt, uint32_t mask) +static int ssl_cipher_info_find(const ssl_cipher_table *table, + size_t table_cnt, uint32_t mask) { size_t i; for (i = 0; i < table_cnt; i++, table++) { @@ -144,16 +144,16 @@ NID_undef, NID_undef, NID_undef, NID_undef, NID_undef }; -#define CIPHER_ADD 1 -#define CIPHER_KILL 2 -#define CIPHER_DEL 3 -#define CIPHER_ORD 4 -#define CIPHER_SPECIAL 5 +#define CIPHER_ADD 1 +#define CIPHER_KILL 2 +#define CIPHER_DEL 3 +#define CIPHER_ORD 4 +#define CIPHER_SPECIAL 5 /* * Bump the ciphers to the top of the list. * This rule isn't currently supported by the public cipherstring API. */ -#define CIPHER_BUMP 6 +#define CIPHER_BUMP 6 typedef struct cipher_order_st { const SSL_CIPHER *cipher; @@ -164,122 +164,122 @@ static const SSL_CIPHER cipher_aliases[] = { /* "ALL" doesn't include eNULL (must be specifically enabled) */ - {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL}, + { 0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL }, /* "COMPLEMENTOFALL" */ - {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL}, + { 0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL }, /* * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT}, + { 0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT }, /* * key exchange aliases (some of those using only a single bit here * combine multiple key exchange algs according to the RFCs, e.g. kDHE * combines DHE_DSS and DHE_RSA) */ - {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA}, + { 0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA }, - {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE}, - {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE}, - {0, SSL_TXT_DH, NULL, 0, SSL_kDHE}, + { 0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE }, + { 0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE }, + { 0, SSL_TXT_DH, NULL, 0, SSL_kDHE }, - {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE}, - {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE}, - {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE}, + { 0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE }, + { 0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE }, + { 0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE }, - {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK}, - {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK}, - {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK}, - {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK}, - {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, - {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST}, - {0, SSL_TXT_kGOST18, NULL, 0, SSL_kGOST18}, + { 0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK }, + { 0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK }, + { 0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK }, + { 0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK }, + { 0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP }, + { 0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST }, + { 0, SSL_TXT_kGOST18, NULL, 0, SSL_kGOST18 }, /* server authentication aliases */ - {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, - {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS}, - {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS}, - {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL}, - {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA}, - {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA}, - {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK}, - {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01}, - {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12}, - {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12}, - {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP}, + { 0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA }, + { 0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS }, + { 0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS }, + { 0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL }, + { 0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA }, + { 0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA }, + { 0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK }, + { 0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01 }, + { 0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12 }, + { 0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12 }, + { 0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP }, /* aliases combining key exchange and server authentication */ - {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL}, - {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL}, - {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL}, - {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL}, - {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL}, - {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA}, - {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL}, - {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL}, - {0, SSL_TXT_PSK, NULL, 0, SSL_PSK}, - {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP}, + { 0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL }, + { 0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL }, + { 0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL }, + { 0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL }, + { 0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL }, + { 0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA }, + { 0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL }, + { 0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL }, + { 0, SSL_TXT_PSK, NULL, 0, SSL_PSK }, + { 0, SSL_TXT_SRP, NULL, 0, SSL_kSRP }, /* symmetric encryption aliases */ - {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES}, - {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4}, - {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2}, - {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA}, - {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED}, - {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL}, - {0, SSL_TXT_GOST, NULL, 0, 0, 0, - SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12 | SSL_MAGMA | SSL_KUZNYECHIK}, - {0, SSL_TXT_AES128, NULL, 0, 0, 0, - SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8}, - {0, SSL_TXT_AES256, NULL, 0, 0, 0, - SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8}, - {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES}, - {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM}, - {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0, - SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8}, - {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8}, - {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128}, - {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256}, - {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA}, - {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20}, - {0, SSL_TXT_GOST2012_GOST8912_GOST8912, NULL, 0, 0, 0, SSL_eGOST2814789CNT12}, - - {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA}, - {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM}, - {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM}, - {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM}, - {0, SSL_TXT_CBC, NULL, 0, 0, 0, SSL_CBC}, + { 0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES }, + { 0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4 }, + { 0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2 }, + { 0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA }, + { 0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED }, + { 0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL }, + { 0, SSL_TXT_GOST, NULL, 0, 0, 0, + SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12 | SSL_MAGMA | SSL_KUZNYECHIK }, + { 0, SSL_TXT_AES128, NULL, 0, 0, 0, + SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8 }, + { 0, SSL_TXT_AES256, NULL, 0, 0, 0, + SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8 }, + { 0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES }, + { 0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM }, + { 0, SSL_TXT_AES_CCM, NULL, 0, 0, 0, + SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8 }, + { 0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8 }, + { 0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128 }, + { 0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256 }, + { 0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA }, + { 0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20 }, + { 0, SSL_TXT_GOST2012_GOST8912_GOST8912, NULL, 0, 0, 0, SSL_eGOST2814789CNT12 }, + + { 0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA }, + { 0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM }, + { 0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM }, + { 0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM }, + { 0, SSL_TXT_CBC, NULL, 0, 0, 0, SSL_CBC }, /* MAC aliases */ - {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, - {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1}, - {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1}, - {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94}, - {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12}, - {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256}, - {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384}, - {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256}, + { 0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5 }, + { 0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1 }, + { 0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1 }, + { 0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94 }, + { 0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12 }, + { 0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256 }, + { 0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384 }, + { 0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256 }, /* protocol version aliases */ - {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION}, - {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION}, - {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION}, - {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION}, + { 0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION }, + { 0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION }, + { 0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION }, + { 0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION }, /* strength classes */ - {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW}, - {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM}, - {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH}, + { 0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW }, + { 0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM }, + { 0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH }, /* FIPS 140-2 approved ciphersuite */ - {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS}, + { 0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS }, /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */ - {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0, - SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS}, - {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0, - SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS}, + { 0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0, + SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS }, + { 0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0, + SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS }, }; @@ -294,8 +294,7 @@ const EVP_PKEY_ASN1_METHOD *ameth; int pkey_id = 0; ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); - if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, - ameth) > 0) + if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth) > 0) return pkey_id; return 0; } @@ -310,7 +309,8 @@ ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); if (ameth) { if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, - ameth) <= 0) + ameth) + <= 0) pkey_id = 0; } tls_engine_finish(tmpeng); @@ -396,31 +396,27 @@ * present, disable appropriate auth and key exchange */ memcpy(ctx->ssl_mac_pkey_id, default_mac_pkey_id, - sizeof(ctx->ssl_mac_pkey_id)); + sizeof(ctx->ssl_mac_pkey_id)); - ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = - get_optional_pkey_id(SN_id_Gost28147_89_MAC); + ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id(SN_id_Gost28147_89_MAC); if (ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; else ctx->disabled_mac_mask |= SSL_GOST89MAC; - ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = - get_optional_pkey_id(SN_gost_mac_12); + ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id(SN_gost_mac_12); if (ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32; else ctx->disabled_mac_mask |= SSL_GOST89MAC12; - ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = - get_optional_pkey_id(SN_magma_mac); + ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = get_optional_pkey_id(SN_magma_mac); if (ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_MAGMAOMAC_IDX] = 32; else ctx->disabled_mac_mask |= SSL_MAGMAOMAC; - ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = - get_optional_pkey_id(SN_kuznyechik_mac); + ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = get_optional_pkey_id(SN_kuznyechik_mac); if (ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_KUZNYECHIKOMAC_IDX] = 32; else @@ -435,11 +431,10 @@ /* * Disable GOST key exchange if no GOST signature algs are available * */ - if ((ctx->disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == - (SSL_aGOST01 | SSL_aGOST12)) + if ((ctx->disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == (SSL_aGOST01 | SSL_aGOST12)) ctx->disabled_mkey_mask |= SSL_kGOST; - if ((ctx->disabled_auth_mask & SSL_aGOST12) == SSL_aGOST12) + if ((ctx->disabled_auth_mask & SSL_aGOST12) == SSL_aGOST12) ctx->disabled_mkey_mask |= SSL_kGOST18; return 1; @@ -480,7 +475,7 @@ #endif int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, - const EVP_CIPHER **enc) + const EVP_CIPHER **enc) { int i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, sslc->algorithm_enc); @@ -500,7 +495,7 @@ const EVP_CIPHER *cipher = ctx->ssl_cipher_methods[i]; if (cipher == NULL - || !ssl_evp_cipher_up_ref(cipher)) + || !ssl_evp_cipher_up_ref(cipher)) return 0; *enc = ctx->ssl_cipher_methods[i]; } @@ -509,9 +504,9 @@ } int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, - const EVP_CIPHER **enc, const EVP_MD **md, - int *mac_pkey_type, size_t *mac_secret_size, - SSL_COMP **comp, int use_etm) + const EVP_CIPHER **enc, const EVP_MD **md, + int *mac_pkey_type, size_t *mac_secret_size, + SSL_COMP **comp, int use_etm) { int i; const SSL_CIPHER *c; @@ -560,7 +555,7 @@ const EVP_MD *digest = ctx->ssl_digest_methods[i]; if (digest == NULL - || !ssl_evp_md_up_ref(digest)) { + || !ssl_evp_md_up_ref(digest)) { ssl_evp_cipher_free(*enc); return 0; } @@ -572,40 +567,40 @@ } if ((*enc != NULL) - && (*md != NULL + && (*md != NULL || (EVP_CIPHER_get_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) && (!mac_pkey_type || *mac_pkey_type != NID_undef)) { const EVP_CIPHER *evp = NULL; if (use_etm - || s->ssl_version >> 8 != TLS1_VERSION_MAJOR - || s->ssl_version < TLS1_VERSION) + || s->ssl_version >> 8 != TLS1_VERSION_MAJOR + || s->ssl_version < TLS1_VERSION) return 1; if (c->algorithm_enc == SSL_RC4 - && c->algorithm_mac == SSL_MD5) + && c->algorithm_mac == SSL_MD5) evp = ssl_evp_cipher_fetch(ctx->libctx, NID_rc4_hmac_md5, - ctx->propq); + ctx->propq); else if (c->algorithm_enc == SSL_AES128 - && c->algorithm_mac == SSL_SHA1) + && c->algorithm_mac == SSL_SHA1) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_128_cbc_hmac_sha1, - ctx->propq); + NID_aes_128_cbc_hmac_sha1, + ctx->propq); else if (c->algorithm_enc == SSL_AES256 - && c->algorithm_mac == SSL_SHA1) - evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_256_cbc_hmac_sha1, - ctx->propq); + && c->algorithm_mac == SSL_SHA1) + evp = ssl_evp_cipher_fetch(ctx->libctx, + NID_aes_256_cbc_hmac_sha1, + ctx->propq); else if (c->algorithm_enc == SSL_AES128 - && c->algorithm_mac == SSL_SHA256) + && c->algorithm_mac == SSL_SHA256) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_128_cbc_hmac_sha256, - ctx->propq); + NID_aes_128_cbc_hmac_sha256, + ctx->propq); else if (c->algorithm_enc == SSL_AES256 - && c->algorithm_mac == SSL_SHA256) + && c->algorithm_mac == SSL_SHA256) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_256_cbc_hmac_sha256, - ctx->propq); + NID_aes_256_cbc_hmac_sha256, + ctx->propq); if (evp != NULL) { ssl_evp_cipher_free(*enc); @@ -638,10 +633,10 @@ } #define ITEM_SEP(a) \ - (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) + (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) + CIPHER_ORDER **tail) { if (curr == *tail) return; @@ -658,7 +653,7 @@ } static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) + CIPHER_ORDER **tail) { if (curr == *head) return; @@ -675,14 +670,14 @@ } static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, - int num_of_ciphers, - uint32_t disabled_mkey, - uint32_t disabled_auth, - uint32_t disabled_enc, - uint32_t disabled_mac, - CIPHER_ORDER *co_list, - CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) + int num_of_ciphers, + uint32_t disabled_mkey, + uint32_t disabled_auth, + uint32_t disabled_enc, + uint32_t disabled_mac, + CIPHER_ORDER *co_list, + CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { int i, co_list_num; const SSL_CIPHER *c; @@ -695,22 +690,17 @@ */ /* Get the initial list of ciphers */ - co_list_num = 0; /* actual count of ciphers */ + co_list_num = 0; /* actual count of ciphers */ for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if (c == NULL || !c->valid) continue; - if ((c->algorithm_mkey & disabled_mkey) || - (c->algorithm_auth & disabled_auth) || - (c->algorithm_enc & disabled_enc) || - (c->algorithm_mac & disabled_mac)) + if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || (c->algorithm_mac & disabled_mac)) continue; - if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) && - c->min_tls == 0) + if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) && c->min_tls == 0) continue; - if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) && - c->min_dtls == 0) + if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) && c->min_dtls == 0) continue; co_list[co_list_num].cipher = c; @@ -745,12 +735,12 @@ } static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, - int num_of_group_aliases, - uint32_t disabled_mkey, - uint32_t disabled_auth, - uint32_t disabled_enc, - uint32_t disabled_mac, - CIPHER_ORDER *head) + int num_of_group_aliases, + uint32_t disabled_mkey, + uint32_t disabled_auth, + uint32_t disabled_enc, + uint32_t disabled_mac, + CIPHER_ORDER *head) { CIPHER_ORDER *ciph_curr; const SSL_CIPHER **ca_curr; @@ -803,30 +793,31 @@ ca_curr++; } - *ca_curr = NULL; /* end of list */ + *ca_curr = NULL; /* end of list */ } static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, - uint32_t alg_auth, uint32_t alg_enc, - uint32_t alg_mac, int min_tls, - uint32_t algo_strength, int rule, - int32_t strength_bits, CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) + uint32_t alg_auth, uint32_t alg_enc, + uint32_t alg_mac, int min_tls, + uint32_t algo_strength, int rule, + int32_t strength_bits, CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *next, *last; const SSL_CIPHER *cp; int reverse = 0; - OSSL_TRACE_BEGIN(TLS_CIPHER){ + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, - "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n", - rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls, - algo_strength, strength_bits); + "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n", + rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls, + algo_strength, strength_bits); } if (rule == CIPHER_DEL || rule == CIPHER_BUMP) - reverse = 1; /* needed to maintain sorting between currently - * deleted ciphers */ + reverse = 1; /* needed to maintain sorting between currently + * deleted ciphers */ head = *head_p; tail = *tail_p; @@ -863,11 +854,11 @@ } else { if (trc_out != NULL) { BIO_printf(trc_out, - "\nName: %s:" - "\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n", - cp->name, cp->algorithm_mkey, cp->algorithm_auth, - cp->algorithm_enc, cp->algorithm_mac, cp->min_tls, - cp->algo_strength); + "\nName: %s:" + "\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n", + cp->name, cp->algorithm_mkey, cp->algorithm_auth, + cp->algorithm_enc, cp->algorithm_mac, cp->min_tls, + cp->algo_strength); } if (cipher_id != 0 && (cipher_id != cp->id)) continue; @@ -945,7 +936,7 @@ } static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) + CIPHER_ORDER **tail_p) { int32_t max_strength_bits; int i, *number_uses; @@ -986,16 +977,16 @@ for (i = max_strength_bits; i >= 0; i--) if (number_uses[i] > 0) ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, - tail_p); + tail_p); OPENSSL_free(number_uses); return 1; } static int ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p, - const SSL_CIPHER **ca_list, CERT *c) + CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p, + const SSL_CIPHER **ca_list, CERT *c) { uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength; int min_tls; @@ -1006,11 +997,11 @@ retval = 1; l = rule_str; - for ( ; ; ) { + for (;;) { ch = *l; if (ch == '\0') - break; /* done */ + break; /* done */ if (ch == '-') { rule = CIPHER_DEL; l++; @@ -1044,13 +1035,10 @@ buf = l; buflen = 0; #ifndef CHARSET_EBCDIC - while (((ch >= 'A') && (ch <= 'Z')) || - ((ch >= '0') && (ch <= '9')) || - ((ch >= 'a') && (ch <= 'z')) || - (ch == '-') || (ch == '.') || (ch == '=')) + while (((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) || ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.') || (ch == '=')) #else while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.') - || (ch == '=')) + || (ch == '=')) #endif { ch = *(++l); @@ -1068,8 +1056,8 @@ } if (rule == CIPHER_SPECIAL) { - found = 0; /* unused -- avoid compiler warning */ - break; /* special treatment */ + found = 0; /* unused -- avoid compiler warning */ + break; /* special treatment */ } /* check for multi-part specification */ @@ -1103,7 +1091,7 @@ } if (!found) - break; /* ignore this entry */ + break; /* ignore this entry */ if (ca_list[j]->algorithm_mkey) { if (alg_mkey) { @@ -1155,9 +1143,7 @@ if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { if (algo_strength & SSL_STRONG_MASK) { - algo_strength &= - (ca_list[j]->algo_strength & SSL_STRONG_MASK) | - ~SSL_STRONG_MASK; + algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; @@ -1169,16 +1155,13 @@ if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) { if (algo_strength & SSL_DEFAULT_MASK) { - algo_strength &= - (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) | - ~SSL_DEFAULT_MASK; + algo_strength &= (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) | ~SSL_DEFAULT_MASK; if (!(algo_strength & SSL_DEFAULT_MASK)) { found = 0; break; } } else { - algo_strength |= - ca_list[j]->algo_strength & SSL_DEFAULT_MASK; + algo_strength |= ca_list[j]->algo_strength & SSL_DEFAULT_MASK; } } @@ -1239,22 +1222,22 @@ l++; } else if (found) { ssl_cipher_apply_rule(cipher_id, - alg_mkey, alg_auth, alg_enc, alg_mac, - min_tls, algo_strength, rule, -1, head_p, - tail_p); + alg_mkey, alg_auth, alg_enc, alg_mac, + min_tls, algo_strength, rule, -1, head_p, + tail_p); } else { while ((*l != '\0') && !ITEM_SEP(*l)) l++; } if (*l == '\0') - break; /* done */ + break; /* done */ } return retval; } static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, - const char **prule_str) + const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { @@ -1289,8 +1272,7 @@ if (suiteb_comb2) *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384"; else - *prule_str = - "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"; + *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"; break; case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256"; @@ -1338,8 +1320,8 @@ /* Parse the list. We explicitly allow an empty list */ if (*str != '\0' - && (CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers) <= 0 - || sk_SSL_CIPHER_num(newciphers) == 0)) { + && (CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers) <= 0 + || sk_SSL_CIPHER_num(newciphers) == 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); sk_SSL_CIPHER_free(newciphers); return 0; @@ -1351,7 +1333,7 @@ } static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id, - STACK_OF(SSL_CIPHER) *cipherstack) + STACK_OF(SSL_CIPHER) *cipherstack) { STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); @@ -1369,9 +1351,9 @@ } static int update_cipher_list(SSL_CTX *ctx, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - STACK_OF(SSL_CIPHER) *tls13_ciphersuites) + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites) { int i; STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(*cipher_list); @@ -1384,8 +1366,8 @@ * list. */ while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0 - && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls - == TLS1_3_VERSION) + && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls + == TLS1_3_VERSION) (void)sk_SSL_CIPHER_delete(tmp_cipher_list, 0); /* Insert the new TLSv1.3 ciphersuites */ @@ -1394,9 +1376,11 @@ /* Don't include any TLSv1.3 ciphersuites that are disabled */ if ((sslc->algorithm_enc & ctx->disabled_enc_mask) == 0 - && (ssl_cipher_table_mac[sslc->algorithm2 - & SSL_HANDSHAKE_MAC_MASK].mask - & ctx->disabled_mac_mask) == 0) { + && (ssl_cipher_table_mac[sslc->algorithm2 + & SSL_HANDSHAKE_MAC_MASK] + .mask + & ctx->disabled_mac_mask) + == 0) { sk_SSL_CIPHER_unshift(tmp_cipher_list, sslc); } } @@ -1418,7 +1402,7 @@ if (ret && ctx->cipher_list != NULL) return update_cipher_list(ctx, &ctx->cipher_list, &ctx->cipher_list_by_id, - ctx->tls13_ciphersuites); + ctx->tls13_ciphersuites); return ret; } @@ -1434,17 +1418,17 @@ } if (ret && s->cipher_list != NULL) return update_cipher_list(s->ctx, &s->cipher_list, &s->cipher_list_by_id, - s->tls13_ciphersuites); + s->tls13_ciphersuites); return ret; } STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, - STACK_OF(SSL_CIPHER) *tls13_ciphersuites, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - const char *rule_str, - CERT *c) + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + const char *rule_str, + CERT *c) { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i; uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; @@ -1483,12 +1467,12 @@ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return NULL; /* Failure */ + return NULL; /* Failure */ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, - disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, co_list, &head, &tail); + disabled_mkey, disabled_auth, disabled_enc, + disabled_mac, co_list, &head, &tail); /* Now arrange all ciphers by preference. */ @@ -1500,17 +1484,17 @@ * preference). */ ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, - -1, &head, &tail); + -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, - &tail); + &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, - &tail); + &tail); /* Within each strength group, we prefer GCM over CHACHA... */ ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1, - &head, &tail); + &head, &tail); ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1, - &head, &tail); + &head, &tail); /* * ...and generally, our preferred cipher is AES. @@ -1518,14 +1502,14 @@ * strength. */ ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD, - -1, &head, &tail); + -1, &head, &tail); /* Temporarily enable everything else for sorting */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); /* Low priority for MD5 */ ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); /* * Move anonymous ciphers to the end. Usually, these will remain @@ -1533,16 +1517,16 @@ * we prefer authenticated ciphers.) */ ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); /* RC4 is sort-of broken -- move to the end */ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); /* * Now sort by symmetric encryption strength. The above ordering remains @@ -1557,7 +1541,7 @@ * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs. */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1, - &head, &tail); + &head, &tail); /* * Irrespective of strength, enforce the following order: @@ -1573,11 +1557,11 @@ * reverse order of preference. */ ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1, - &head, &tail); + &head, &tail); ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0, - CIPHER_BUMP, -1, &head, &tail); + CIPHER_BUMP, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0, - CIPHER_BUMP, -1, &head, &tail); + CIPHER_BUMP, -1, &head, &tail); /* Now disable everything (maintaining the ordering!) */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); @@ -1596,11 +1580,11 @@ if (ca_list == NULL) { OPENSSL_free(co_list); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return NULL; /* Failure */ + return NULL; /* Failure */ } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, - disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, head); + disabled_mkey, disabled_auth, disabled_enc, + disabled_mac, head); /* * If the rule_string begins with DEFAULT, apply the default rule @@ -1610,7 +1594,7 @@ rule_p = rule_str; if (strncmp(rule_str, "DEFAULT", 7) == 0) { ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(), - &head, &tail, ca_list, c); + &head, &tail, ca_list, c); rule_p += 7; if (*rule_p == ':') rule_p++; @@ -1619,9 +1603,9 @@ if (ok && (rule_p[0] != '\0')) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c); - OPENSSL_free(ca_list); /* Not needed anymore */ + OPENSSL_free(ca_list); /* Not needed anymore */ - if (!ok) { /* Rule processing failure */ + if (!ok) { /* Rule processing failure */ OPENSSL_free(co_list); return NULL; } @@ -1641,9 +1625,11 @@ /* Don't include any TLSv1.3 ciphers that are disabled */ if ((sslc->algorithm_enc & disabled_enc) != 0 - || (ssl_cipher_table_mac[sslc->algorithm2 - & SSL_HANDSHAKE_MAC_MASK].mask - & ctx->disabled_mac_mask) != 0) { + || (ssl_cipher_table_mac[sslc->algorithm2 + & SSL_HANDSHAKE_MAC_MASK] + .mask + & ctx->disabled_mac_mask) + != 0) { sk_SSL_CIPHER_delete(tls13_ciphersuites, i); i--; continue; @@ -1656,7 +1642,8 @@ } } - OSSL_TRACE_BEGIN(TLS_CIPHER) { + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, "cipher selection:\n"); } /* @@ -1675,7 +1662,7 @@ BIO_printf(trc_out, "<%s>\n", curr->cipher->name); } } - OPENSSL_free(co_list); /* Not needed any longer */ + OPENSSL_free(co_list); /* Not needed any longer */ OSSL_TRACE_END(TLS_CIPHER); if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) { @@ -1984,7 +1971,7 @@ } STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) - *meths) + *meths) { return meths; } @@ -2002,7 +1989,7 @@ } STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) - *meths) + *meths) { STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods; ssl_comp_methods = meths; @@ -2092,7 +2079,7 @@ } const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, - int all) + int all) { const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr); @@ -2159,8 +2146,8 @@ } int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, - size_t *int_overhead, size_t *blocksize, - size_t *ext_overhead) + size_t *int_overhead, size_t *blocksize, + size_t *ext_overhead) { size_t mac = 0, in = 0, blk = 0, out = 0; @@ -2192,8 +2179,7 @@ /* If it wasn't AEAD or SSL_eNULL, we expect it to be a known CBC cipher. */ - if (e_ciph == NULL || - EVP_CIPHER_get_mode(e_ciph) != EVP_CIPH_CBC_MODE) + if (e_ciph == NULL || EVP_CIPHER_get_mode(e_ciph) != EVP_CIPH_CBC_MODE) return 0; in = 1; /* padding length byte */ --- crypto/openssl/ssl/ssl_conf.c.orig +++ crypto/openssl/ssl/ssl_conf.c @@ -34,38 +34,38 @@ } ssl_switch_tbl; /* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */ -#define SSL_TFLAG_INV 0x1 +#define SSL_TFLAG_INV 0x1 /* Mask for type of flag referred to */ #define SSL_TFLAG_TYPE_MASK 0xf00 /* Flag is for options */ -#define SSL_TFLAG_OPTION 0x000 +#define SSL_TFLAG_OPTION 0x000 /* Flag is for cert_flags */ -#define SSL_TFLAG_CERT 0x100 +#define SSL_TFLAG_CERT 0x100 /* Flag is for verify mode */ -#define SSL_TFLAG_VFY 0x200 +#define SSL_TFLAG_VFY 0x200 /* Option can only be used for clients */ #define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT /* Option can only be used for servers */ #define SSL_TFLAG_SERVER SSL_CONF_FLAG_SERVER -#define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT|SSL_TFLAG_SERVER) +#define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT | SSL_TFLAG_SERVER) #define SSL_FLAG_TBL(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag } #define SSL_FLAG_TBL_SRV(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag } #define SSL_FLAG_TBL_CLI(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag } #define SSL_FLAG_TBL_INV(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_BOTH, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_INV | SSL_TFLAG_BOTH, flag } #define SSL_FLAG_TBL_SRV_INV(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_SERVER, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_INV | SSL_TFLAG_SERVER, flag } #define SSL_FLAG_TBL_CERT(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT | SSL_TFLAG_BOTH, flag } #define SSL_FLAG_VFY_CLI(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag } #define SSL_FLAG_VFY_SRV(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag } /* * Opaque structure containing SSL configuration context. @@ -104,7 +104,7 @@ }; static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, - uint64_t option_value, int onoff) + uint64_t option_value, int onoff) { uint32_t *pflags; @@ -131,7 +131,6 @@ default: return; - } if (onoff) *pflags |= option_value; @@ -140,7 +139,7 @@ } static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, - const char *name, int namelen, int onoff) + const char *name, int namelen, int onoff) { /* If name not relevant for context skip */ if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH)) @@ -149,7 +148,7 @@ if (strcmp(tbl->name, name)) return 0; } else if (tbl->namelen != namelen - || OPENSSL_strncasecmp(tbl->name, name, namelen)) + || OPENSSL_strncasecmp(tbl->name, name, namelen)) return 0; ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); return 1; @@ -233,11 +232,10 @@ /* Ignore values supported by 1.0.2 for the automatic selection */ if ((cctx->flags & SSL_CONF_FLAG_FILE) - && (OPENSSL_strcasecmp(value, "+automatic") == 0 - || OPENSSL_strcasecmp(value, "automatic") == 0)) + && (OPENSSL_strcasecmp(value, "+automatic") == 0 + || OPENSSL_strcasecmp(value, "automatic") == 0)) return 1; - if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && - strcmp(value, "auto") == 0) + if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && strcmp(value, "auto") == 0) return 1; /* ECDHParameters accepts a single group name */ @@ -311,14 +309,14 @@ * shrink. */ static const struct protocol_versions versions[] = { - {"None", 0}, - {"SSLv3", SSL3_VERSION}, - {"TLSv1", TLS1_VERSION}, - {"TLSv1.1", TLS1_1_VERSION}, - {"TLSv1.2", TLS1_2_VERSION}, - {"TLSv1.3", TLS1_3_VERSION}, - {"DTLSv1", DTLS1_VERSION}, - {"DTLSv1.2", DTLS1_2_VERSION} + { "None", 0 }, + { "SSLv3", SSL3_VERSION }, + { "TLSv1", TLS1_VERSION }, + { "TLSv1.1", TLS1_1_VERSION }, + { "TLSv1.2", TLS1_2_VERSION }, + { "TLSv1.3", TLS1_3_VERSION }, + { "DTLSv1", DTLS1_VERSION }, + { "DTLSv1.2", DTLS1_2_VERSION } }; size_t i; size_t n = OSSL_NELEM(versions); @@ -374,20 +372,20 @@ static const ssl_flag_tbl ssl_option_list[] = { SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET), SSL_FLAG_TBL_INV("EmptyFragments", - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS), + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS), SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", - SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL("UnsafeLegacyServerConnect", - SSL_OP_LEGACY_SERVER_CONNECT), + SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL("ClientRenegotiation", - SSL_OP_ALLOW_CLIENT_RENEGOTIATION), + SSL_OP_ALLOW_CLIENT_RENEGOTIATION), SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), @@ -411,13 +409,12 @@ SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER), SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER), SSL_FLAG_VFY_SRV("Require", - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE), SSL_FLAG_VFY_SRV("RequestPostHandshake", - SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE), + SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE), SSL_FLAG_VFY_SRV("RequirePostHandshake", - SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT), + SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), }; if (value == NULL) return -3; @@ -470,8 +467,8 @@ } static int do_store(SSL_CONF_CTX *cctx, - const char *CAfile, const char *CApath, const char *CAstore, - int verify_store) + const char *CAfile, const char *CApath, const char *CAstore, + int verify_store) { CERT *cert; X509_STORE **st; @@ -503,8 +500,7 @@ return 0; if (CApath != NULL && !X509_STORE_load_path(*st, CApath)) return 0; - if (CAstore != NULL && !X509_STORE_load_store_ex(*st, CAstore, libctx, - propq)) + if (CAstore != NULL && !X509_STORE_load_store_ex(*st, CAstore, libctx, propq)) return 0; return 1; } @@ -598,14 +594,15 @@ decoderctx = OSSL_DECODER_CTX_new_for_pkey(&dhpkey, "PEM", NULL, "DH", - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - sslctx->libctx, sslctx->propq); + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + sslctx->libctx, sslctx->propq); if (decoderctx == NULL) goto end; ERR_set_mark(); while (!OSSL_DECODER_from_bio(decoderctx, in) - && dhpkey == NULL - && !BIO_eof(in)); + && dhpkey == NULL + && !BIO_eof(in)) + ; OSSL_DECODER_CTX_free(decoderctx); if (dhpkey == NULL) { @@ -625,7 +622,7 @@ if ((rv = SSL_set0_tmp_dh_pkey(cctx->ssl, dhpkey)) > 0) dhpkey = NULL; } - end: +end: EVP_PKEY_free(dhpkey); BIO_free(in); return rv > 0; @@ -649,7 +646,6 @@ return rv; } - static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value) { int rv = 0; @@ -665,7 +661,7 @@ } typedef struct { - int (*cmd) (SSL_CONF_CTX *cctx, const char *value); + int (*cmd)(SSL_CONF_CTX *cctx, const char *value); const char *str_file; const char *str_cmdline; unsigned short flags; @@ -675,13 +671,13 @@ /* Table of supported parameters */ #define SSL_CONF_CMD(name, cmdopt, flags, type) \ - {cmd_##name, #name, cmdopt, flags, type} + { cmd_##name, #name, cmdopt, flags, type } #define SSL_CONF_CMD_STRING(name, cmdopt, flags) \ - SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING) + SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING) #define SSL_CONF_CMD_SWITCH(name, flags) \ - {0, NULL, name, flags, SSL_CONF_TYPE_NONE} + { 0, NULL, name, flags, SSL_CONF_TYPE_NONE } /* See apps/include/opt.h if you change this table. */ /* The SSL_CONF_CMD_SWITCH should be the same order as ssl_cmd_switches */ @@ -723,84 +719,84 @@ SSL_CONF_CMD_STRING(Options, NULL, 0), SSL_CONF_CMD_STRING(VerifyMode, NULL, 0), SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ServerInfoFile, NULL, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_DIR), + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ChainCAStore, "chainCAstore", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_STORE), + SSL_CONF_TYPE_STORE), SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_DIR), + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(VerifyCAStore, "verifyCAstore", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_STORE), + SSL_CONF_TYPE_STORE), SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ClientCAFile, NULL, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_DIR), + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(ClientCAPath, NULL, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_DIR), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(RequestCAStore, "requestCAStore", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_STORE), + SSL_CONF_TYPE_STORE), SSL_CONF_CMD(ClientCAStore, NULL, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_STORE), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_STORE), SSL_CONF_CMD(DHParameters, "dhparam", - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0), SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER), }; /* Supported switches: must match order of switches in ssl_conf_cmds */ static const ssl_switch_tbl ssl_cmd_switches[] = { - {SSL_OP_NO_SSLv3, 0}, /* no_ssl3 */ - {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */ - {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ - {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ - {SSL_OP_NO_TLSv1_3, 0}, /* no_tls1_3 */ - {SSL_OP_ALL, 0}, /* bugs */ - {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ - {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */ - {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */ - {SSL_OP_NO_TICKET, 0}, /* no_ticket */ - {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */ + { SSL_OP_NO_SSLv3, 0 }, /* no_ssl3 */ + { SSL_OP_NO_TLSv1, 0 }, /* no_tls1 */ + { SSL_OP_NO_TLSv1_1, 0 }, /* no_tls1_1 */ + { SSL_OP_NO_TLSv1_2, 0 }, /* no_tls1_2 */ + { SSL_OP_NO_TLSv1_3, 0 }, /* no_tls1_3 */ + { SSL_OP_ALL, 0 }, /* bugs */ + { SSL_OP_NO_COMPRESSION, 0 }, /* no_comp */ + { SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV }, /* comp */ + { SSL_OP_SINGLE_ECDH_USE, 0 }, /* ecdh_single */ + { SSL_OP_NO_TICKET, 0 }, /* no_ticket */ + { SSL_OP_CIPHER_SERVER_PREFERENCE, 0 }, /* serverpref */ /* legacy_renegotiation */ - {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0}, + { SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0 }, /* Allow client renegotiation */ - {SSL_OP_ALLOW_CLIENT_RENEGOTIATION, 0}, + { SSL_OP_ALLOW_CLIENT_RENEGOTIATION, 0 }, /* legacy_server_connect */ - {SSL_OP_LEGACY_SERVER_CONNECT, 0}, + { SSL_OP_LEGACY_SERVER_CONNECT, 0 }, /* no_renegotiation */ - {SSL_OP_NO_RENEGOTIATION, 0}, + { SSL_OP_NO_RENEGOTIATION, 0 }, /* no_resumption_on_reneg */ - {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0}, + { SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0 }, /* no_legacy_server_connect */ - {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV}, + { SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV }, /* allow_no_dhe_kex */ - {SSL_OP_ALLOW_NO_DHE_KEX, 0}, + { SSL_OP_ALLOW_NO_DHE_KEX, 0 }, /* chacha reprioritization */ - {SSL_OP_PRIORITIZE_CHACHA, 0}, - {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */ + { SSL_OP_PRIORITIZE_CHACHA, 0 }, + { SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT }, /* strict */ /* no_middlebox */ - {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV}, + { SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV }, /* anti_replay */ - {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV}, + { SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV }, /* no_anti_replay */ - {SSL_OP_NO_ANTI_REPLAY, 0}, + { SSL_OP_NO_ANTI_REPLAY, 0 }, /* no Encrypt-then-Mac */ - {SSL_OP_NO_ENCRYPT_THEN_MAC, 0}, + { SSL_OP_NO_ENCRYPT_THEN_MAC, 0 }, }; static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) @@ -811,11 +807,9 @@ if (cctx->prefix) { if (strlen(*pcmd) <= cctx->prefixlen) return 0; - if (cctx->flags & SSL_CONF_FLAG_CMDLINE && - strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) + if (cctx->flags & SSL_CONF_FLAG_CMDLINE && strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) return 0; - if (cctx->flags & SSL_CONF_FLAG_FILE && - OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) + if (cctx->flags & SSL_CONF_FLAG_FILE && OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) return 0; *pcmd += cctx->prefixlen; } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { @@ -827,7 +821,7 @@ } /* Determine if a command is allowed according to cctx flags */ -static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t) +static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl *t) { unsigned int tfl = t->flags; unsigned int cfl = cctx->flags; @@ -842,7 +836,7 @@ } static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, - const char *cmd) + const char *cmd) { const ssl_conf_cmd_tbl *t; size_t i; @@ -865,7 +859,7 @@ return NULL; } -static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd) +static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl *cmd) { /* Find index of command in table */ size_t idx = cmd - ssl_conf_cmds; @@ -909,15 +903,15 @@ if (rv != -2) rv = 0; - bad_value: + bad_value: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE, - "cmd=%s, value=%s", cmd, - value != NULL ? value : ""); + "cmd=%s, value=%s", cmd, + value != NULL ? value : ""); return rv; } - unknown_cmd: +unknown_cmd: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd); --- crypto/openssl/ssl/ssl_err.c.orig +++ crypto/openssl/ssl/ssl_err.c @@ -15,552 +15,552 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA SSL_str_reasons[] = { - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), - "application data after close notify"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), - "app data in handshake"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), - "attempt to reuse session in different context"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE), - "at least (D)TLS 1.2 needed in Suite B mode"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC), - "bad change cipher spec"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), - "bad data returned by callback"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH), - "bad handshake length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE), - "bad handshake state"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER), - "bad protocol version number"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), - "bad srtp protection profile list"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY), - "binder does not verify"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), - "block cipher pad is wrong"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER), - "cannot change cipher"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_GET_GROUP_NAME), - "cannot get group name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH), - "ca dn length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_MD_TOO_WEAK), "ca md too weak"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "ccs received early"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED), - "certificate verify failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "cert cb error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH), - "cert length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED), - "ciphersuite digest has changed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH), - "cipher code wrong length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG), - "compressed length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED), - "compression disabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE), - "compression failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), - "compression id not within private range"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR), - "compression library error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET), - "connection type not set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONTEXT_NOT_DANE_ENABLED), - "context not dane enabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE), - "cookie gen callback failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COPY_PARAMETERS_FAILED), - "copy parameters failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED), - "custom ext handler already installed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED), - "dane already enabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL), - "dane cannot override mtype full"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_NOT_ENABLED), "dane not enabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE), - "dane tlsa bad certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE), - "dane tlsa bad certificate usage"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DATA_LENGTH), - "dane tlsa bad data length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH), - "dane tlsa bad digest length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE), - "dane tlsa bad matching type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY), - "dane tlsa bad public key"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_SELECTOR), - "dane tlsa bad selector"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_NULL_DATA), - "dane tlsa null data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), - "data between ccs and finished"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG), - "data length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "decryption failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), - "decryption failed or bad record mac"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_KEY_TOO_SMALL), "dh key too small"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), - "dh public value length is wrong"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED), - "digest check failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG), - "dtls message too big"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID), - "duplicate compression id"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING), - "ecc cert not for signing"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE), - "ecdh required for suiteb mode"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EE_KEY_TOO_SMALL), "ee key too small"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), - "empty srtp protection profile list"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG), - "encrypted length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), - "error in received cipher list"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN), - "error setting tlsa base domain"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE), - "exceeds max fragment size"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE), - "excessive message size"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTENSION_NOT_RECEIVED), - "extension not received"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE), - "extra data in message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXT_LENGTH_MISMATCH), - "ext length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC), - "failed to init async"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO), - "fragmented client hello"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS), - "got a fin before a ccs"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST), - "https proxy request"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_POINT_COMPRESSION), - "illegal point compression"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST), - "illegal Suite B digest"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK), - "inappropriate fallback"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION), - "inconsistent compression"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_ALPN), - "inconsistent early data alpn"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_SNI), - "inconsistent early data sni"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY), - "insufficient security"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE), - "invalid ccs message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG), - "invalid certificate or alg"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM), - "invalid compression algorithm"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIG), "invalid config"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIGURATION_NAME), - "invalid configuration name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONTEXT), "invalid context"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CT_VALIDATION_TYPE), - "invalid ct validation type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_KEY_UPDATE_TYPE), - "invalid key update type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MAX_EARLY_DATA), - "invalid max early data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME), - "invalid null cmd name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SEQUENCE_NUMBER), - "invalid sequence number"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), - "invalid serverinfo data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SESSION_ID), "invalid session id"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME), - "invalid srp username"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE), - "invalid status response"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), - "invalid ticket keys length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED), - "legacy sigalg disallowed or unsupported"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "library bug"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS), - "library has no ciphers"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT), - "missing dsa signing cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT), - "missing ecdsa signing cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION), - "missing psk kex modes extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), - "missing rsa certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), - "missing rsa encrypting cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT), - "missing rsa signing cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION), - "missing sigalgs extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT), - "missing signing cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM), - "can't find SRP server param"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION), - "missing supported groups extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY), - "missing tmp ecdh key"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA), - "mixed handshake and non handshake data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), - "not on record boundary"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE), - "not replacing certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_SERVER), "not server"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL), - "no application protocol"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED), - "no certificates returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED), - "no certificate assigned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "no certificate set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CHANGE_FOLLOWING_HRR), - "no change following hrr"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE), - "no ciphers available"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED), - "no ciphers specified"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "no cipher match"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD), - "no client cert method"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED), - "no compression specified"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET), - "no cookie callback set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), - "Peer haven't sent GOST certificate, required for selected ciphersuite"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED), - "no method specified"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED), - "no private key assigned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE), - "no protocols available"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "no renegotiation"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "no required digest"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "no shared cipher"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_GROUPS), "no shared groups"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS), - "no shared signature algorithms"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM), - "no suitable digest algorithm"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_GROUPS), "no suitable groups"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE), - "no suitable key share"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM), - "no suitable signature algorithm"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VALID_SCTS), "no valid scts"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_COOKIE_CALLBACK), - "no verify cookie callback"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), - "null ssl method passed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), - "ocsp callback failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), - "old session cipher not returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), - "old session compression algorithm not returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG), - "packet length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "path too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), - "peer did not return a certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX), - "pem name bad prefix"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PIPELINE_FAILURE), "pipeline failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR), - "post handshake auth encoding err"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRIVATE_KEY_MISMATCH), - "private key mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN), - "protocol is shutdown"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND), - "psk identity not found"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "psk no server cb"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "read bio not set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED), - "read timeout expired"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH), - "record length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG), - "renegotiate ext too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR), - "renegotiation encoding err"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH), - "renegotiation mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_PENDING), "request pending"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_SENT), "request sent"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING), - "required cipher missing"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING), - "required compression algorithm missing"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), - "scsv received when renegotiating"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED), - "sct verification failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), - "session id context uninitialized"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHUTDOWN_WHILE_IN_INIT), - "shutdown while in init"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR), - "signature algorithms error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), - "signature for non signing certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "error with the srp params"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), - "srtp could not allocate profiles"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), - "srtp protection profile list too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), - "srtp unknown protection profile"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH), - "ssl3 ext invalid max fragment length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME), - "ssl3 ext invalid servername"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), - "ssl3 ext invalid servername type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG), - "ssl3 session id too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), - "sslv3 alert bad certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), - "sslv3 alert bad record mac"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), - "sslv3 alert certificate expired"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), - "sslv3 alert certificate revoked"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), - "sslv3 alert certificate unknown"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), - "sslv3 alert decompression failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), - "sslv3 alert handshake failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), - "sslv3 alert illegal parameter"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE), - "sslv3 alert no certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), - "sslv3 alert unexpected message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), - "sslv3 alert unsupported certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY), - "ssl command section empty"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND), - "ssl command section not found"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), - "ssl ctx has no default ssl version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE), - "ssl handshake failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), - "ssl library has no ciphers"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_NEGATIVE_LENGTH), - "ssl negative length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_EMPTY), "ssl section empty"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_NOT_FOUND), - "ssl section not found"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), - "ssl session id callback failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT), - "ssl session id conflict"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), - "ssl session id context too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), - "ssl session id has bad length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_TOO_LONG), - "ssl session id too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH), - "ssl session version mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), - "tlsv13 alert certificate required"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION), - "tlsv13 alert missing extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED), - "tlsv1 alert access denied"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR), - "tlsv1 alert decode error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), - "tlsv1 alert decryption failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR), - "tlsv1 alert decrypt error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), - "tlsv1 alert export restriction"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), - "tlsv1 alert inappropriate fallback"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), - "tlsv1 alert insufficient security"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), - "tlsv1 alert internal error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), - "tlsv1 alert no application protocol"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), - "tlsv1 alert no renegotiation"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), - "tlsv1 alert protocol version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), - "tlsv1 alert record overflow"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), - "tlsv1 alert unknown ca"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), - "tlsv1 alert unknown psk identity"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), - "tlsv1 alert user cancelled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), - "tlsv1 bad certificate hash value"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), - "tlsv1 bad certificate status response"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), - "tlsv1 certificate unobtainable"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME), - "tlsv1 unrecognized name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION), - "tlsv1 unsupported extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), - "tls illegal exporter label"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), - "tls invalid ecpointformat list"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_KEY_UPDATES), - "too many key updates"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_WARN_ALERTS), - "too many warn alerts"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MUCH_EARLY_DATA), - "too much early data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), - "unable to find ecdh parameters"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), - "unable to find public key parameters"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), - "unable to load ssl3 md5 routines"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), - "unable to load ssl3 sha1 routines"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE), - "unexpected ccs message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), - "unexpected end of early data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING), - "unexpected eof while reading"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE), - "unknown certificate type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED), - "unknown cipher returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE), - "unknown cipher type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_COMMAND), "unknown command"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), - "unknown key exchange type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION), - "unknown ssl version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "unknown state"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), - "unsafe legacy renegotiation disabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSOLICITED_EXTENSION), - "unsolicited extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), - "unsupported compression algorithm"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), - "unsupported elliptic curve"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL), - "unsupported protocol"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION), - "unsupported ssl version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE), - "unsupported status type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED), - "use srtp not negotiated"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_HIGH), "version too high"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_LOW), "version too low"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE), - "wrong certificate type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), - "wrong cipher returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), - "wrong signature length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), - "wrong signature size"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE), - "wrong signature type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "wrong ssl version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER), - "wrong version number"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "x509 lib"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), - "x509 verification setup problems"}, - {0, NULL} + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), + "application data after close notify" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), + "app data in handshake" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), + "attempt to reuse session in different context" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE), + "at least (D)TLS 1.2 needed in Suite B mode" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC), + "bad change cipher spec" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), + "bad data returned by callback" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH), + "bad handshake length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE), + "bad handshake state" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER), + "bad protocol version number" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "bad signature" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "bad srp a length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), + "bad srtp protection profile list" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY), + "binder does not verify" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), + "block cipher pad is wrong" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER), + "cannot change cipher" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_GET_GROUP_NAME), + "cannot get group name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH), + "ca dn length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_MD_TOO_WEAK), "ca md too weak" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "ccs received early" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED), + "certificate verify failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "cert cb error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH), + "cert length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED), + "ciphersuite digest has changed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH), + "cipher code wrong length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG), + "compressed length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED), + "compression disabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE), + "compression failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), + "compression id not within private range" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR), + "compression library error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET), + "connection type not set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONTEXT_NOT_DANE_ENABLED), + "context not dane enabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE), + "cookie gen callback failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COPY_PARAMETERS_FAILED), + "copy parameters failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED), + "custom ext handler already installed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED), + "dane already enabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL), + "dane cannot override mtype full" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_NOT_ENABLED), "dane not enabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE), + "dane tlsa bad certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE), + "dane tlsa bad certificate usage" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DATA_LENGTH), + "dane tlsa bad data length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH), + "dane tlsa bad digest length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE), + "dane tlsa bad matching type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY), + "dane tlsa bad public key" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_SELECTOR), + "dane tlsa bad selector" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_NULL_DATA), + "dane tlsa null data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), + "data between ccs and finished" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG), + "data length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "decryption failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), + "decryption failed or bad record mac" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_KEY_TOO_SMALL), "dh key too small" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), + "dh public value length is wrong" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED), + "digest check failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG), + "dtls message too big" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID), + "duplicate compression id" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING), + "ecc cert not for signing" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE), + "ecdh required for suiteb mode" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EE_KEY_TOO_SMALL), "ee key too small" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), + "empty srtp protection profile list" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG), + "encrypted length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), + "error in received cipher list" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN), + "error setting tlsa base domain" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE), + "exceeds max fragment size" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE), + "excessive message size" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTENSION_NOT_RECEIVED), + "extension not received" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE), + "extra data in message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXT_LENGTH_MISMATCH), + "ext length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC), + "failed to init async" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO), + "fragmented client hello" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS), + "got a fin before a ccs" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST), + "https proxy request" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_POINT_COMPRESSION), + "illegal point compression" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST), + "illegal Suite B digest" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK), + "inappropriate fallback" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION), + "inconsistent compression" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_ALPN), + "inconsistent early data alpn" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_SNI), + "inconsistent early data sni" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY), + "insufficient security" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE), + "invalid ccs message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG), + "invalid certificate or alg" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM), + "invalid compression algorithm" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIG), "invalid config" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIGURATION_NAME), + "invalid configuration name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONTEXT), "invalid context" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CT_VALIDATION_TYPE), + "invalid ct validation type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_KEY_UPDATE_TYPE), + "invalid key update type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MAX_EARLY_DATA), + "invalid max early data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME), + "invalid null cmd name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SEQUENCE_NUMBER), + "invalid sequence number" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), + "invalid serverinfo data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SESSION_ID), "invalid session id" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME), + "invalid srp username" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE), + "invalid status response" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), + "invalid ticket keys length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED), + "legacy sigalg disallowed or unsupported" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "library bug" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS), + "library has no ciphers" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT), + "missing dsa signing cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT), + "missing ecdsa signing cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION), + "missing psk kex modes extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), + "missing rsa certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), + "missing rsa encrypting cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT), + "missing rsa signing cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION), + "missing sigalgs extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT), + "missing signing cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM), + "can't find SRP server param" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION), + "missing supported groups extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY), + "missing tmp ecdh key" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA), + "mixed handshake and non handshake data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), + "not on record boundary" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE), + "not replacing certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_SERVER), "not server" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL), + "no application protocol" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED), + "no certificates returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED), + "no certificate assigned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "no certificate set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CHANGE_FOLLOWING_HRR), + "no change following hrr" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE), + "no ciphers available" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED), + "no ciphers specified" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "no cipher match" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD), + "no client cert method" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED), + "no compression specified" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET), + "no cookie callback set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), + "Peer haven't sent GOST certificate, required for selected ciphersuite" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED), + "no method specified" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "no pem extensions" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED), + "no private key assigned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE), + "no protocols available" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "no renegotiation" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "no required digest" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "no shared cipher" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_GROUPS), "no shared groups" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS), + "no shared signature algorithms" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM), + "no suitable digest algorithm" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_GROUPS), "no suitable groups" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE), + "no suitable key share" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM), + "no suitable signature algorithm" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VALID_SCTS), "no valid scts" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_COOKIE_CALLBACK), + "no verify cookie callback" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), + "null ssl method passed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), + "ocsp callback failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), + "old session cipher not returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), + "old session compression algorithm not returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG), + "packet length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "path too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), + "peer did not return a certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX), + "pem name bad prefix" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "pem name too short" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PIPELINE_FAILURE), "pipeline failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR), + "post handshake auth encoding err" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRIVATE_KEY_MISMATCH), + "private key mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN), + "protocol is shutdown" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND), + "psk identity not found" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "psk no client cb" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "psk no server cb" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "read bio not set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED), + "read timeout expired" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH), + "record length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG), + "renegotiate ext too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR), + "renegotiation encoding err" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH), + "renegotiation mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_PENDING), "request pending" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_SENT), "request sent" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING), + "required cipher missing" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING), + "required compression algorithm missing" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), + "scsv received when renegotiating" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED), + "sct verification failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), + "session id context uninitialized" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHUTDOWN_WHILE_IN_INIT), + "shutdown while in init" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR), + "signature algorithms error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), + "signature for non signing certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "error with the srp params" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), + "srtp could not allocate profiles" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), + "srtp protection profile list too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), + "srtp unknown protection profile" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH), + "ssl3 ext invalid max fragment length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME), + "ssl3 ext invalid servername" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), + "ssl3 ext invalid servername type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG), + "ssl3 session id too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), + "sslv3 alert bad certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), + "sslv3 alert bad record mac" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), + "sslv3 alert certificate expired" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), + "sslv3 alert certificate revoked" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), + "sslv3 alert certificate unknown" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), + "sslv3 alert decompression failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), + "sslv3 alert handshake failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), + "sslv3 alert illegal parameter" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE), + "sslv3 alert no certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), + "sslv3 alert unexpected message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), + "sslv3 alert unsupported certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY), + "ssl command section empty" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND), + "ssl command section not found" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), + "ssl ctx has no default ssl version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE), + "ssl handshake failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), + "ssl library has no ciphers" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_NEGATIVE_LENGTH), + "ssl negative length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_EMPTY), "ssl section empty" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_NOT_FOUND), + "ssl section not found" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), + "ssl session id callback failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT), + "ssl session id conflict" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), + "ssl session id context too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), + "ssl session id has bad length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_TOO_LONG), + "ssl session id too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH), + "ssl session version mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), + "tlsv13 alert certificate required" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION), + "tlsv13 alert missing extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED), + "tlsv1 alert access denied" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR), + "tlsv1 alert decode error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), + "tlsv1 alert decryption failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR), + "tlsv1 alert decrypt error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), + "tlsv1 alert export restriction" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), + "tlsv1 alert inappropriate fallback" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), + "tlsv1 alert insufficient security" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), + "tlsv1 alert internal error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), + "tlsv1 alert no application protocol" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), + "tlsv1 alert no renegotiation" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), + "tlsv1 alert protocol version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), + "tlsv1 alert record overflow" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), + "tlsv1 alert unknown ca" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), + "tlsv1 alert unknown psk identity" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), + "tlsv1 alert user cancelled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), + "tlsv1 bad certificate hash value" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), + "tlsv1 bad certificate status response" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), + "tlsv1 certificate unobtainable" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME), + "tlsv1 unrecognized name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION), + "tlsv1 unsupported extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), + "tls illegal exporter label" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), + "tls invalid ecpointformat list" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_KEY_UPDATES), + "too many key updates" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_WARN_ALERTS), + "too many warn alerts" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MUCH_EARLY_DATA), + "too much early data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), + "unable to find ecdh parameters" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), + "unable to find public key parameters" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), + "unable to load ssl3 md5 routines" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), + "unable to load ssl3 sha1 routines" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE), + "unexpected ccs message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), + "unexpected end of early data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING), + "unexpected eof while reading" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE), + "unknown certificate type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED), + "unknown cipher returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE), + "unknown cipher type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_COMMAND), "unknown command" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), + "unknown key exchange type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION), + "unknown ssl version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "unknown state" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), + "unsafe legacy renegotiation disabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSOLICITED_EXTENSION), + "unsolicited extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), + "unsupported compression algorithm" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), + "unsupported elliptic curve" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL), + "unsupported protocol" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION), + "unsupported ssl version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE), + "unsupported status type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED), + "use srtp not negotiated" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_HIGH), "version too high" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_LOW), "version too low" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE), + "wrong certificate type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), + "wrong cipher returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), + "wrong signature length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), + "wrong signature size" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE), + "wrong signature type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "wrong ssl version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER), + "wrong version number" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "x509 lib" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), + "x509 verification setup problems" }, + { 0, NULL } }; #endif --- crypto/openssl/ssl/ssl_init.c.orig +++ crypto/openssl/ssl/ssl_init.c @@ -27,7 +27,7 @@ { #ifndef OPENSSL_NO_COMP OSSL_TRACE(INIT, "ossl_init_ssl_base: " - "SSL_COMP_get_compression_methods()\n"); + "SSL_COMP_get_compression_methods()\n"); /* * This will initialise the built-in compression algorithms. The value * returned is a STACK_OF(SSL_COMP), but that can be discarded safely @@ -35,7 +35,7 @@ SSL_COMP_get_compression_methods(); #endif ssl_sort_cipher_list(); - OSSL_TRACE(INIT,"ossl_init_ssl_base: SSL_add_ssl_module()\n"); + OSSL_TRACE(INIT, "ossl_init_ssl_base: SSL_add_ssl_module()\n"); /* * We ignore an error return here. Not much we can do - but not that bad * either. We can still safely continue. @@ -61,7 +61,7 @@ } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, - ossl_init_load_ssl_strings) + ossl_init_load_ssl_strings) { /* Do nothing in this case */ return 1; @@ -77,7 +77,7 @@ if (ssl_base_inited) { #ifndef OPENSSL_NO_COMP OSSL_TRACE(INIT, "ssl_library_stop: " - "ssl_comp_free_compression_methods_int()\n"); + "ssl_comp_free_compression_methods_int()\n"); ssl_comp_free_compression_methods_int(); #endif } @@ -88,7 +88,7 @@ * called prior to any threads making calls to any OpenSSL functions, * i.e. passing a non-null settings value is assumed to be single-threaded. */ -int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { static int stoperrset = 0; @@ -106,7 +106,7 @@ } opts |= OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS; + | OPENSSL_INIT_ADD_ALL_DIGESTS; #ifndef OPENSSL_NO_AUTOLOAD_CONFIG if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) opts |= OPENSSL_INIT_LOAD_CONFIG; @@ -120,7 +120,7 @@ if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, - ossl_init_load_ssl_strings)) + ossl_init_load_ssl_strings)) return 0; if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) --- crypto/openssl/ssl/ssl_lib.c.orig +++ crypto/openssl/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -26,19 +26,19 @@ #include "internal/ktls.h" static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, - SSL_MAC_BUF *mac, size_t macsize) + SSL_MAC_BUF *mac, size_t macsize) { return ssl_undefined_function(ssl); } static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, - int t) + int t) { return ssl_undefined_function(ssl); } static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, - unsigned char *s, size_t t, size_t *u) + unsigned char *s, size_t t, size_t *u) { return ssl_undefined_function(ssl); } @@ -49,7 +49,7 @@ } static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, - unsigned char *t) + unsigned char *t) { return ssl_undefined_function(ssl); } @@ -60,8 +60,8 @@ } static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, - const char *t, size_t u, - const unsigned char *v, size_t w, int x) + const char *t, size_t u, + const unsigned char *v, size_t w, int x) { return ssl_undefined_function(ssl); } @@ -73,10 +73,10 @@ ssl_undefined_function_3, ssl_undefined_function_4, ssl_undefined_function_5, - NULL, /* client_finished_label */ - 0, /* client_finished_label_len */ - NULL, /* server_finished_label */ - 0, /* server_finished_label_len */ + NULL, /* client_finished_label */ + 0, /* client_finished_label_len */ + NULL, /* server_finished_label */ + 0, /* server_finished_label_len */ ssl_undefined_function_6, ssl_undefined_function_7, }; @@ -85,11 +85,13 @@ SSL *s; void *buf; size_t num; - enum { READFUNC, WRITEFUNC, OTHERFUNC } type; + enum { READFUNC, + WRITEFUNC, + OTHERFUNC } type; union { - int (*func_read) (SSL *, void *, size_t, size_t *); - int (*func_write) (SSL *, const void *, size_t, size_t *); - int (*func_other) (SSL *); + int (*func_read)(SSL *, void *, size_t, size_t *); + int (*func_write)(SSL *, const void *, size_t, size_t *); + int (*func_other)(SSL *); } f; }; @@ -98,15 +100,9 @@ uint8_t ord; int nid; } dane_mds[] = { - { - DANETLS_MATCHING_FULL, 0, NID_undef - }, - { - DANETLS_MATCHING_2256, 1, NID_sha256 - }, - { - DANETLS_MATCHING_2512, 2, NID_sha512 - }, + { DANETLS_MATCHING_FULL, 0, NID_undef }, + { DANETLS_MATCHING_2256, 1, NID_sha256 }, + { DANETLS_MATCHING_2512, 2, NID_sha512 }, }; static int dane_ctx_enable(struct dane_ctx_st *dctx) @@ -114,7 +110,7 @@ const EVP_MD **mdevp; uint8_t *mdord; uint8_t mdmax = DANETLS_MATCHING_LAST; - int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */ + int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */ size_t i; if (dctx->mdevp != NULL) @@ -134,8 +130,7 @@ for (i = 0; i < OSSL_NELEM(dane_mds); ++i) { const EVP_MD *md; - if (dane_mds[i].nid == NID_undef || - (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL) + if (dane_mds[i].nid == NID_undef || (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL) continue; mdevp[dane_mds[i].mtype] = md; mdord[dane_mds[i].mtype] = dane_mds[i].ord; @@ -208,14 +203,15 @@ danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype, - t->data, t->dlen) <= 0) + t->data, t->dlen) + <= 0) return 0; } return 1; } static int dane_mtype_set(struct dane_ctx_st *dctx, - const EVP_MD *md, uint8_t mtype, uint8_t ord) + const EVP_MD *md, uint8_t mtype, uint8_t ord) { int i; @@ -267,9 +263,9 @@ } static int dane_tlsa_add(SSL_DANE *dane, - uint8_t usage, - uint8_t selector, - uint8_t mtype, const unsigned char *data, size_t dlen) + uint8_t usage, + uint8_t selector, + uint8_t mtype, const unsigned char *data, size_t dlen) { danetls_record *t; const EVP_MD *md = NULL; @@ -339,8 +335,7 @@ switch (selector) { case DANETLS_SELECTOR_CERT: - if (!d2i_X509(&cert, &p, ilen) || p < data || - dlen != (size_t)(p - data)) { + if (!d2i_X509(&cert, &p, ilen) || p < data || dlen != (size_t)(p - data)) { X509_free(cert); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); @@ -357,7 +352,7 @@ /* * The Full(0) certificate decodes to a seemingly valid X.509 * object with a plausible key, so the TLSA record is well - * formed. However, we don't actually need the certifiate for + * formed. However, we don't actually need the certificate for * usages PKIX-EE(1) or DANE-EE(3), because at least the EE * certificate is always presented by the peer. We discard the * certificate, and just use the TLSA data as an opaque blob @@ -377,9 +372,7 @@ * the chain with untrusted Full(0) certificates from DNS, in case * they are missing from the chain. */ - if ((dane->certs == NULL && - (dane->certs = sk_X509_new_null()) == NULL) || - !sk_X509_push(dane->certs, cert)) { + if ((dane->certs == NULL && (dane->certs = sk_X509_new_null()) == NULL) || !sk_X509_push(dane->certs, cert)) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); X509_free(cert); tlsa_free(t); @@ -388,8 +381,7 @@ break; case DANETLS_SELECTOR_SPKI: - if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || - dlen != (size_t)(p - data)) { + if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || dlen != (size_t)(p - data)) { EVP_PKEY_free(pkey); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); @@ -497,7 +489,7 @@ || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION) && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version)) #endif - ) + ) return 0; } else { /* Regular TLS version checks. */ @@ -554,7 +546,7 @@ #ifdef OPENSSL_NO_TLS1_3 || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version) #endif - ) + ) return 0; } return 1; @@ -566,13 +558,12 @@ * This is used by platform version identification tools. * Do not inline this procedure or make it static. */ -# define OPENSSL_VPROC_STRING_(x) x##_SSL -# define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) -# define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) -void OPENSSL_VPROC_FUNC(void) {} +#define OPENSSL_VPROC_STRING_(x) x##_SSL +#define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) +#define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) +void OPENSSL_VPROC_FUNC(void) { } #endif - static void clear_ciphers(SSL *s) { /* clear the current cipher */ @@ -672,10 +663,10 @@ return 0; } sk = ssl_create_cipher_list(ctx, - ctx->tls13_ciphersuites, - &(ctx->cipher_list), - &(ctx->cipher_list_by_id), - OSSL_default_cipher_list(), ctx->cert); + ctx->tls13_ciphersuites, + &(ctx->cipher_list), + &(ctx->cipher_list_by_id), + OSSL_default_cipher_list(), ctx->cert); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; @@ -784,21 +775,18 @@ SSL_CTX_up_ref(ctx); s->session_ctx = ctx; if (ctx->ext.ecpointformats) { - s->ext.ecpointformats = - OPENSSL_memdup(ctx->ext.ecpointformats, - ctx->ext.ecpointformats_len); + s->ext.ecpointformats = OPENSSL_memdup(ctx->ext.ecpointformats, + ctx->ext.ecpointformats_len); if (!s->ext.ecpointformats) { s->ext.ecpointformats_len = 0; goto err; } - s->ext.ecpointformats_len = - ctx->ext.ecpointformats_len; + s->ext.ecpointformats_len = ctx->ext.ecpointformats_len; } if (ctx->ext.supportedgroups) { - s->ext.supportedgroups = - OPENSSL_memdup(ctx->ext.supportedgroups, - ctx->ext.supportedgroups_len - * sizeof(*ctx->ext.supportedgroups)); + s->ext.supportedgroups = OPENSSL_memdup(ctx->ext.supportedgroups, + ctx->ext.supportedgroups_len + * sizeof(*ctx->ext.supportedgroups)); if (!s->ext.supportedgroups) { s->ext.supportedgroups_len = 0; goto err; @@ -858,12 +846,12 @@ #ifndef OPENSSL_NO_CT if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, - ctx->ct_validation_callback_arg)) + ctx->ct_validation_callback_arg)) goto err; #endif return s; - err: +err: SSL_free(s); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return NULL; @@ -887,7 +875,7 @@ } int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) + unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); @@ -900,7 +888,7 @@ } int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) + unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); @@ -931,7 +919,7 @@ } int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len) + unsigned int id_len) { /* * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how @@ -990,8 +978,7 @@ { /* If a hostname is provided and parses as an IP address, * treat it as such. */ - if (hostname) - { + if (hostname) { ASN1_OCTET_STRING *ip; char *old_ip; @@ -1001,8 +988,7 @@ ASN1_OCTET_STRING_free(ip); old_ip = X509_VERIFY_PARAM_get1_ip_asc(s->param); - if (old_ip) - { + if (old_ip) { OPENSSL_free(old_ip); /* There can be only one IP address */ return 0; @@ -1121,7 +1107,7 @@ } int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, - uint8_t *mtype, const unsigned char **data, size_t *dlen) + uint8_t *mtype, const unsigned char **data, size_t *dlen) { SSL_DANE *dane = &s->dane; @@ -1148,13 +1134,13 @@ } int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, const unsigned char *data, size_t dlen) + uint8_t mtype, const unsigned char *data, size_t dlen) { return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); } int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, - uint8_t ord) + uint8_t ord) { return dane_mtype_set(&ctx->dane, md, mtype, ord); } @@ -1406,17 +1392,8 @@ } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(s, bio, bio); -#ifndef OPENSSL_NO_KTLS - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(fd); -#endif /* OPENSSL_NO_KTLS */ ret = 1; - err: +err: return ret; } @@ -1434,15 +1411,6 @@ } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set0_wbio(s, bio); -#ifndef OPENSSL_NO_KTLS - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(fd); -#endif /* OPENSSL_NO_KTLS */ } else { BIO_up_ref(rbio); SSL_set0_wbio(s, rbio); @@ -1507,7 +1475,8 @@ return X509_VERIFY_PARAM_get_depth(s->param); } -int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { +int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) +{ return s->verify_callback; } @@ -1521,12 +1490,13 @@ return X509_VERIFY_PARAM_get_depth(ctx->param); } -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) +{ return ctx->default_verify_callback; } void SSL_set_verify(SSL *s, int mode, - int (*callback) (int ok, X509_STORE_CTX *ctx)) + int (*callback)(int ok, X509_STORE_CTX *ctx)) { s->verify_mode = mode; if (callback != NULL) @@ -1673,8 +1643,7 @@ ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); return 0; } - return X509_check_private_key - (ctx->cert->key->x509, ctx->cert->key->privatekey); + return X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey); } /* Fix this function so that it takes an optional type parameter */ @@ -1693,7 +1662,7 @@ return 0; } return X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey); + ssl->cert->key->privatekey); } int SSL_waiting_for_async(SSL *s) @@ -1714,14 +1683,14 @@ } int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, - OSSL_ASYNC_FD *delfd, size_t *numdelfds) + OSSL_ASYNC_FD *delfd, size_t *numdelfds) { ASYNC_WAIT_CTX *ctx = s->waitctx; if (ctx == NULL) return 0; return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, - numdelfds); + numdelfds); } int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback) @@ -1791,7 +1760,7 @@ } static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, - int (*func) (void *)) + int (*func)(void *)) { int ret; if (s->waitctx == NULL) { @@ -1799,14 +1768,13 @@ if (s->waitctx == NULL) return -1; if (s->async_cb != NULL - && !ASYNC_WAIT_CTX_set_callback - (s->waitctx, ssl_async_wait_ctx_cb, s)) + && !ASYNC_WAIT_CTX_set_callback(s->waitctx, ssl_async_wait_ctx_cb, s)) return -1; } s->rwstate = SSL_NOTHING; switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, - sizeof(struct ssl_async_args))) { + sizeof(struct ssl_async_args))) { case ASYNC_ERR: s->rwstate = SSL_NOTHING; ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC); @@ -1863,7 +1831,7 @@ } if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY - || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { + || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -1958,8 +1926,7 @@ * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData * message */ - if (ret > 0 || (ret <= 0 && s->early_data_state - != SSL_EARLY_DATA_FINISHED_READING)) { + if (ret > 0 || (ret <= 0 && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING)) { s->early_data_state = SSL_EARLY_DATA_READ_RETRY; return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS : SSL_READ_EARLY_DATA_ERROR; @@ -2031,7 +1998,6 @@ return ret; } - int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) { int ret = ssl_peek_internal(s, buf, num, readbytes); @@ -2055,8 +2021,8 @@ } if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY - || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY - || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { + || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY + || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -2125,15 +2091,13 @@ #ifdef OPENSSL_NO_KTLS ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR, - "can't call ktls_sendfile(), ktls disabled"); + "can't call ktls_sendfile(), ktls disabled"); return -1; #else ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags); if (ret < 0) { #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY) - if ((get_last_sys_error() == EAGAIN) || - (get_last_sys_error() == EINTR) || - (get_last_sys_error() == EBUSY)) + if ((get_last_sys_error() == EAGAIN) || (get_last_sys_error() == EINTR) || (get_last_sys_error() == EBUSY)) BIO_set_retry_write(s->wbio); else #endif @@ -2185,9 +2149,9 @@ switch (s->early_data_state) { case SSL_EARLY_DATA_NONE: if (s->server - || !SSL_in_before(s) - || ((s->session == NULL || s->session->ext.max_early_data == 0) - && (s->psk_use_session_cb == NULL))) { + || !SSL_in_before(s) + || ((s->session == NULL || s->session->ext.max_early_data == 0) + && (s->psk_use_session_cb == NULL))) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -2288,7 +2252,7 @@ } if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED - && updatetype != SSL_KEY_UPDATE_REQUESTED) { + && updatetype != SSL_KEY_UPDATE_REQUESTED) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE); return 0; } @@ -2365,8 +2329,8 @@ { /* If we are in init because we're sending tickets, okay to send more. */ if ((SSL_in_init(s) && s->ext.extra_tickets_expected == 0) - || SSL_IS_FIRST_HANDSHAKE(s) || !s->server - || !SSL_IS_TLS13(s)) + || SSL_IS_FIRST_HANDSHAKE(s) || !s->server + || !SSL_IS_TLS13(s)) return 0; s->ext.extra_tickets_expected++; if (!RECORD_LAYER_write_pending(&s->rlayer) && !SSL_in_init(s)) @@ -2453,14 +2417,14 @@ return 0; case SSL_CTRL_SET_MIN_PROTO_VERSION: return ssl_check_allowed_versions(larg, s->max_proto_version) - && ssl_set_version_bound(s->ctx->method->version, (int)larg, - &s->min_proto_version); + && ssl_set_version_bound(s->ctx->method->version, (int)larg, + &s->min_proto_version); case SSL_CTRL_GET_MIN_PROTO_VERSION: return s->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: return ssl_check_allowed_versions(s->min_proto_version, larg) - && ssl_set_version_bound(s->ctx->method->version, (int)larg, - &s->max_proto_version); + && ssl_set_version_bound(s->ctx->method->version, (int)larg, + &s->max_proto_version); case SSL_CTRL_GET_MAX_PROTO_VERSION: return s->max_proto_version; default: @@ -2468,14 +2432,13 @@ } } -long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) +long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = (void (*) - (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, - void *arg))(fp); + s->msg_callback = (void (*)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, + void *arg))(fp); return 1; default: @@ -2602,14 +2565,14 @@ return (ctx->cert->cert_flags &= ~larg); case SSL_CTRL_SET_MIN_PROTO_VERSION: return ssl_check_allowed_versions(larg, ctx->max_proto_version) - && ssl_set_version_bound(ctx->method->version, (int)larg, - &ctx->min_proto_version); + && ssl_set_version_bound(ctx->method->version, (int)larg, + &ctx->min_proto_version); case SSL_CTRL_GET_MIN_PROTO_VERSION: return ctx->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: return ssl_check_allowed_versions(ctx->min_proto_version, larg) - && ssl_set_version_bound(ctx->method->version, (int)larg, - &ctx->max_proto_version); + && ssl_set_version_bound(ctx->method->version, (int)larg, + &ctx->max_proto_version); case SSL_CTRL_GET_MAX_PROTO_VERSION: return ctx->max_proto_version; default: @@ -2617,14 +2580,13 @@ } } -long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) +long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - ctx->msg_callback = (void (*) - (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, - void *arg))(fp); + ctx->msg_callback = (void (*)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, + void *arg))(fp); return 1; default: @@ -2642,7 +2604,7 @@ } int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, - const SSL_CIPHER *const *bp) + const SSL_CIPHER *const *bp) { if ((*ap)->id > (*bp)->id) return 1; @@ -2764,8 +2726,8 @@ STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites, - &ctx->cipher_list, &ctx->cipher_list_by_id, str, - ctx->cert); + &ctx->cipher_list, &ctx->cipher_list_by_id, str, + ctx->cert); /* * ssl_create_cipher_list may return an empty stack if it was unable to * find a cipher matching the given rule string (for example if the rule @@ -2788,8 +2750,8 @@ STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(s->ctx, s->tls13_ciphersuites, - &s->cipher_list, &s->cipher_list_by_id, str, - s->cert); + &s->cipher_list, &s->cipher_list_by_id, str, + s->cert); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; @@ -2808,8 +2770,8 @@ int i; if (!s->server - || s->peer_ciphers == NULL - || size < 2) + || s->peer_ciphers == NULL + || size < 2) return NULL; p = buf; @@ -2828,18 +2790,20 @@ if (sk_SSL_CIPHER_find(srvrsk, c) < 0) continue; - n = OPENSSL_strnlen(c->name, size); - if (n >= size) { - if (p != buf) - --p; - *p = '\0'; - return buf; - } + n = (int)OPENSSL_strnlen(c->name, size); + if (n >= size) + break; + memcpy(p, c->name, n); p += n; *(p++) = ':'; size -= n + 1; } + + /* No overlap */ + if (p == buf) + return NULL; + p[-1] = '\0'; return buf; } @@ -2851,7 +2815,7 @@ * - if we are before or during/after the handshake, * - if a resumption or normal handshake is being attempted/has occurred * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3 - * + * * Note that only the host_name type is defined (RFC 3546). */ const char *SSL_get_servername(const SSL *s, const int type) @@ -2881,7 +2845,7 @@ * - The function will return the servername requested by the client in * this handshake or NULL if none was requested. */ - if (s->hit && !SSL_IS_TLS13(s)) + if (s->hit && !SSL_IS_TLS13(s)) return s->session->ext.hostname; } else { /** @@ -2908,8 +2872,8 @@ */ if (SSL_in_before(s)) { if (s->ext.hostname == NULL - && s->session != NULL - && s->session->ssl_version != TLS1_3_VERSION) + && s->session != NULL + && s->session->ssl_version != TLS1_3_VERSION) return s->session->ext.hostname; } else { if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL) @@ -2948,15 +2912,15 @@ * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. */ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *server, - unsigned int server_len, - const unsigned char *client, unsigned int client_len) + const unsigned char *server, + unsigned int server_len, + const unsigned char *client, unsigned int client_len) { PACKET cpkt, csubpkt, spkt, ssubpkt; if (!PACKET_buf_init(&cpkt, client, client_len) - || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) - || PACKET_remaining(&csubpkt) == 0) { + || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) + || PACKET_remaining(&csubpkt) == 0) { *out = NULL; *outlen = 0; return OPENSSL_NPN_NO_OVERLAP; @@ -2979,7 +2943,7 @@ if (PACKET_buf_init(&cpkt, client, client_len)) { while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), - PACKET_remaining(&ssubpkt))) { + PACKET_remaining(&ssubpkt))) { /* We found a match */ *out = (unsigned char *)PACKET_data(&ssubpkt); *outlen = (unsigned char)PACKET_remaining(&ssubpkt); @@ -3012,7 +2976,7 @@ * provided by the callback. */ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned *len) + unsigned *len) { *data = s->ext.npn; if (*data == NULL) { @@ -3033,8 +2997,8 @@ * ServerHello. */ void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, - SSL_CTX_npn_advertised_cb_func cb, - void *arg) + SSL_CTX_npn_advertised_cb_func cb, + void *arg) { ctx->ext.npn_advertised_cb = cb; ctx->ext.npn_advertised_cb_arg = arg; @@ -3051,8 +3015,8 @@ * a value other than SSL_TLSEXT_ERR_OK. */ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, - SSL_CTX_npn_select_cb_func cb, - void *arg) + SSL_CTX_npn_select_cb_func cb, + void *arg) { ctx->ext.npn_select_cb = cb; ctx->ext.npn_select_cb_arg = arg; @@ -3078,7 +3042,7 @@ * length-prefixed strings). Returns 0 on success. */ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, - unsigned int protos_len) + unsigned int protos_len) { unsigned char *alpn; @@ -3110,7 +3074,7 @@ * length-prefixed strings). Returns 0 on success. */ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, - unsigned int protos_len) + unsigned int protos_len) { unsigned char *alpn; @@ -3142,8 +3106,8 @@ * from the client's list of offered protocols. */ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - SSL_CTX_alpn_select_cb_func cb, - void *arg) + SSL_CTX_alpn_select_cb_func cb, + void *arg) { ctx->ext.alpn_select_cb = cb; ctx->ext.alpn_select_cb_arg = arg; @@ -3156,7 +3120,7 @@ * respond with a negotiated protocol then |*len| will be zero. */ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len) + unsigned int *len) { *data = ssl->s3.alpn_selected; if (*data == NULL) @@ -3166,29 +3130,29 @@ } int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, size_t contextlen, - int use_context) + const char *label, size_t llen, + const unsigned char *context, size_t contextlen, + int use_context) { if (s->session == NULL || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, context, - contextlen, use_context); + llen, context, + contextlen, use_context); } int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen) + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen) { if (s->version != TLS1_3_VERSION) return 0; return tls13_export_keying_material_early(s, out, olen, label, llen, - context, contextlen); + context, contextlen); } static unsigned long ssl_session_hash(const SSL_SESSION *a) @@ -3203,11 +3167,7 @@ session_id = tmp_storage; } - l = (unsigned long) - ((unsigned long)session_id[0]) | - ((unsigned long)session_id[1] << 8L) | - ((unsigned long)session_id[2] << 16L) | - ((unsigned long)session_id[3] << 24L); + l = (unsigned long)((unsigned long)session_id[0]) | ((unsigned long)session_id[1] << 8L) | ((unsigned long)session_id[2] << 16L) | ((unsigned long)session_id[3] << 24L); return l; } @@ -3235,7 +3195,7 @@ */ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, - const SSL_METHOD *meth) + const SSL_METHOD *meth) { SSL_CTX *ret = NULL; @@ -3311,7 +3271,6 @@ if (!ssl_setup_sig_algs(ret)) goto err2; - if (!ssl_load_groups(ret)) goto err2; @@ -3319,9 +3278,9 @@ goto err; if (!ssl_create_cipher_list(ret, - ret->tls13_ciphersuites, - &ret->cipher_list, &ret->cipher_list_by_id, - OSSL_default_cipher_list(), ret->cert) + ret->tls13_ciphersuites, + &ret->cipher_list, &ret->cipher_list_by_id, + OSSL_default_cipher_list(), ret->cert) || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; @@ -3359,15 +3318,19 @@ /* Setup RFC5077 ticket keys */ if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name, - sizeof(ret->ext.tick_key_name), 0) <= 0) + sizeof(ret->ext.tick_key_name), 0) + <= 0) || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key, - sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0) + sizeof(ret->ext.secure->tick_hmac_key), 0) + <= 0) || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key, - sizeof(ret->ext.secure->tick_aes_key), 0) <= 0)) + sizeof(ret->ext.secure->tick_aes_key), 0) + <= 0)) ret->options |= SSL_OP_NO_TICKET; if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key, - sizeof(ret->ext.cookie_hmac_key), 0) <= 0) + sizeof(ret->ext.cookie_hmac_key), 0) + <= 0) goto err; #ifndef OPENSSL_NO_SRP @@ -3375,9 +3338,9 @@ goto err; #endif #ifndef OPENSSL_NO_ENGINE -# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO -# define eng_strx(x) #x -# define eng_str(x) eng_strx(x) +#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO +#define eng_strx(x) #x +#define eng_str(x) eng_strx(x) /* Use specific client engine automatically... ignore errors */ { ENGINE *eng; @@ -3390,7 +3353,7 @@ if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) ERR_clear_error(); } -# endif +#endif #endif /* * Disable compression by default to prevent CRIME. Applications can @@ -3438,9 +3401,9 @@ ssl_ctx_system_config(ret); return ret; - err: +err: ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - err2: +err2: SSL_CTX_free(ret); return NULL; } @@ -3588,15 +3551,15 @@ } void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, - int (*cb) (X509_STORE_CTX *, void *), - void *arg) + int (*cb)(X509_STORE_CTX *, void *), + void *arg) { ctx->app_verify_callback = cb; ctx->app_verify_arg = arg; } void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, - int (*cb) (int, X509_STORE_CTX *)) + int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode = mode; ctx->default_verify_callback = cb; @@ -3607,12 +3570,12 @@ X509_VERIFY_PARAM_set_depth(ctx->param, depth); } -void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg) +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg) { ssl_cert_set_cert_cb(c->cert, cb, arg); } -void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) +void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg) { ssl_cert_set_cert_cb(s->cert, cb, arg); } @@ -3629,8 +3592,8 @@ return; dh_tmp = (c->dh_tmp != NULL - || c->dh_tmp_cb != NULL - || c->dh_tmp_auto); + || c->dh_tmp_cb != NULL + || c->dh_tmp_auto); rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; @@ -3640,7 +3603,7 @@ mask_a = 0; OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n", - dh_tmp, rsa_enc, rsa_sign, dsa_sign); + dh_tmp, rsa_enc, rsa_sign, dsa_sign); #ifndef OPENSSL_NO_GOST if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { @@ -3668,9 +3631,7 @@ * if TLS 1.2 and peer supports it. */ - if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) - && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION)) + if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN && TLS1_get_version(s) == TLS1_2_VERSION)) mask_a |= SSL_aRSA; if (dsa_sign) { @@ -3694,15 +3655,15 @@ } /* Allow Ed25519 for TLS 1.2 if peer supports it */ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519) - && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION) - mask_a |= SSL_aECDSA; + && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION) + mask_a |= SSL_aECDSA; /* Allow Ed448 for TLS 1.2 if peer supports it */ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448) - && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION) - mask_a |= SSL_aECDSA; + && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION) + mask_a |= SSL_aECDSA; mask_k |= SSL_kECDHE; @@ -3730,11 +3691,11 @@ return 0; } } - return 1; /* all checks are ok */ + return 1; /* all checks are ok */ } int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, - size_t *serverinfo_length) + size_t *serverinfo_length) { CERT_PKEY *cpk = s->s3.tmp.cert; *serverinfo_length = 0; @@ -3769,7 +3730,7 @@ * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set). */ if (s->server && s->session->sid_ctx_length == 0 - && (s->verify_mode & SSL_VERIFY_PEER) != 0) + && (s->verify_mode & SSL_VERIFY_PEER) != 0) return; i = s->session_ctx->session_cache_mode; @@ -3787,12 +3748,12 @@ * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket */ if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 - && (!SSL_IS_TLS13(s) - || !s->server - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) - || s->session_ctx->remove_session_cb != NULL - || (s->options & SSL_OP_NO_TICKET) != 0)) + && (!SSL_IS_TLS13(s) + || !s->server + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) + || s->session_ctx->remove_session_cb != NULL + || (s->options & SSL_OP_NO_TICKET) != 0)) SSL_CTX_add_session(s->session_ctx, s->session); /* @@ -3836,7 +3797,7 @@ if (s->method != meth) { const SSL_METHOD *sm = s->method; - int (*hf) (SSL *) = s->handshake_func; + int (*hf)(SSL *) = s->handshake_func; if (sm->version == meth->version) s->method = meth; @@ -3931,8 +3892,7 @@ if (SSL_want_client_hello_cb(s)) return SSL_ERROR_WANT_CLIENT_HELLO_CB; - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) return SSL_ERROR_ZERO_RETURN; return SSL_ERROR_SYSCALL; @@ -4020,8 +3980,7 @@ const char *ssl_protocol_to_string(int version) { - switch(version) - { + switch (version) { case TLS1_3_VERSION: return "TLSv1.3"; @@ -4128,7 +4087,7 @@ } if (!SSL_set_session_id_context(ret, s->sid_ctx, - (int)s->sid_ctx_length)) + (int)s->sid_ctx_length)) goto err; } @@ -4180,12 +4139,12 @@ /* Dup the client_CA list */ if (!dup_ca_names(&ret->ca_names, s->ca_names) - || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) + || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) goto err; return ret; - err: +err: SSL_free(ret); return NULL; } @@ -4382,15 +4341,13 @@ * not match (i.e., it was set per-ssl with SSL_set_session_id_context), * leave it unchanged. */ - if ((ssl->ctx != NULL) && - (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && - (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { + if ((ssl->ctx != NULL) && (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { ssl->sid_ctx_length = ctx->sid_ctx_length; memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); } SSL_CTX_up_ref(ctx); - SSL_CTX_free(ssl->ctx); /* decrement reference count */ + SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; return ssl->ctx; @@ -4399,7 +4356,7 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) { return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx, - ctx->propq); + ctx->propq); } int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) @@ -4432,7 +4389,7 @@ ERR_set_mark(); X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx, - ctx->propq); + ctx->propq); ERR_pop_to_mark(); @@ -4460,7 +4417,7 @@ int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile) { return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx, - ctx->propq); + ctx->propq); } int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath) @@ -4471,11 +4428,11 @@ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore) { return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx, - ctx->propq); + ctx->propq); } int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath) + const char *CApath) { if (CAfile == NULL && CApath == NULL) return 0; @@ -4487,7 +4444,7 @@ } void SSL_set_info_callback(SSL *ssl, - void (*cb) (const SSL *ssl, int type, int val)) + void (*cb)(const SSL *ssl, int type, int val)) { ssl->info_callback = cb; } @@ -4496,9 +4453,10 @@ * One compiler (Diab DCC) doesn't like argument names in returned function * pointer. */ -void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , - int /* type */ , - int /* val */ ) { +void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /* ssl */, + int /* type */, + int /* val */) +{ return ssl->info_callback; } @@ -4533,7 +4491,7 @@ } size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, - unsigned char *out, size_t outlen) + unsigned char *out, size_t outlen) { if (outlen == 0) return session->master_key_length; @@ -4544,7 +4502,7 @@ } int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, - size_t len) + size_t len) { if (len > sizeof(sess->master_key)) return 0; @@ -4554,7 +4512,6 @@ return 1; } - int SSL_set_ex_data(SSL *s, int idx, void *arg) { return CRYPTO_set_ex_data(&s->ex_data, idx, arg); @@ -4675,7 +4632,7 @@ } void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, - SSL_psk_find_session_cb_func cb) + SSL_psk_find_session_cb_func cb) { ctx->psk_find_session_cb = cb; } @@ -4686,47 +4643,47 @@ } void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, - SSL_psk_use_session_cb_func cb) + SSL_psk_use_session_cb_func cb) { ctx->psk_use_session_cb = cb; } void SSL_CTX_set_msg_callback(SSL_CTX *ctx, - void (*cb) (int write_p, int version, - int content_type, const void *buf, - size_t len, SSL *ssl, void *arg)) + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)) { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } void SSL_set_msg_callback(SSL *ssl, - void (*cb) (int write_p, int version, - int content_type, const void *buf, - size_t len, SSL *ssl, void *arg)) + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - int - is_forward_secure)) + int (*cb)(SSL *ssl, + int + is_forward_secure)) { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, - (void (*)(void))cb); + (void (*)(void))cb); } void SSL_set_not_resumable_session_callback(SSL *ssl, - int (*cb) (SSL *ssl, - int is_forward_secure)) + int (*cb)(SSL *ssl, + int is_forward_secure)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, - (void (*)(void))cb); + (void (*)(void))cb); } void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, - size_t (*cb) (SSL *ssl, int type, - size_t len, void *arg)) + size_t (*cb)(SSL *ssl, int type, + size_t len, void *arg)) { ctx->record_padding_cb = cb; } @@ -4754,8 +4711,8 @@ } int SSL_set_record_padding_callback(SSL *ssl, - size_t (*cb) (SSL *ssl, int type, - size_t len, void *arg)) + size_t (*cb)(SSL *ssl, int type, + size_t len, void *arg)) { BIO *b; @@ -4841,7 +4798,7 @@ /* Retrieve handshake hashes */ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, - size_t *hashlen) + size_t *hashlen) { EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *hdgst = s->s3.handshake_dgst; @@ -4868,7 +4825,7 @@ *hashlen = hashleni; ret = 1; - err: +err: EVP_MD_CTX_free(ctx); return ret; } @@ -4903,17 +4860,18 @@ } void SSL_set_security_callback(SSL *s, - int (*cb) (const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex)) + int (*cb)(const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)) { s->cert->sec_cb = cb; } -int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, - const SSL_CTX *ctx, int op, - int bits, int nid, void *other, - void *ex) { +int (*SSL_get_security_callback(const SSL *s))(const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex) +{ return s->cert->sec_cb; } @@ -4938,19 +4896,20 @@ } void SSL_CTX_set_security_callback(SSL_CTX *ctx, - int (*cb) (const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex)) + int (*cb)(const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)) { ctx->cert->sec_cb = cb; } -int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, - const SSL_CTX *ctx, - int op, int bits, - int nid, - void *other, - void *ex) { +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex) +{ return ctx->cert->sec_cb; } @@ -5013,7 +4972,7 @@ * of error, likewise the |src| stack may be left in an intermediate state. */ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, - sct_source_t origin) + sct_source_t origin) { int scts_moved = 0; SCT *sct = NULL; @@ -5036,7 +4995,7 @@ } return scts_moved; - err: +err: SCT_free(sct); return -1; } @@ -5071,7 +5030,7 @@ */ static int ct_extract_ocsp_response_scts(SSL *s) { -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP int scts_extracted = 0; const unsigned char *p; OCSP_BASICRESP *br = NULL; @@ -5097,22 +5056,20 @@ if (single == NULL) continue; - scts = - OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); - scts_extracted = - ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE); + scts = OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); + scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE); if (scts_extracted < 0) goto err; } - err: +err: SCT_LIST_free(scts); OCSP_BASICRESP_free(br); OCSP_RESPONSE_free(rsp); return scts_extracted; -# else +#else /* Behave as if no OCSP response exists */ return 0; -# endif +#endif } /* @@ -5126,11 +5083,9 @@ X509 *cert = s->session != NULL ? s->session->peer : NULL; if (cert != NULL) { - STACK_OF(SCT) *scts = - X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL); + STACK_OF(SCT) *scts = X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL); - scts_extracted = - ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); + scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); SCT_LIST_free(scts); } @@ -5146,26 +5101,24 @@ const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s) { if (!s->scts_parsed) { - if (ct_extract_tls_extension_scts(s) < 0 || - ct_extract_ocsp_response_scts(s) < 0 || - ct_extract_x509v3_extension_scts(s) < 0) + if (ct_extract_tls_extension_scts(s) < 0 || ct_extract_ocsp_response_scts(s) < 0 || ct_extract_x509v3_extension_scts(s) < 0) goto err; s->scts_parsed = 1; } return s->scts; - err: +err: return NULL; } -static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx, - const STACK_OF(SCT) *scts, void *unused_arg) +static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *unused_arg) { return 1; } -static int ct_strict(const CT_POLICY_EVAL_CTX * ctx, - const STACK_OF(SCT) *scts, void *unused_arg) +static int ct_strict(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *unused_arg) { int count = scts != NULL ? sk_SCT_num(scts) : 0; int i; @@ -5182,15 +5135,13 @@ } int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, - void *arg) + void *arg) { /* * Since code exists that uses the custom extension handler for CT, look * for this and throw an error if they have already registered to use CT. */ - if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx, - TLSEXT_TYPE_signed_certificate_timestamp)) - { + if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx, TLSEXT_TYPE_signed_certificate_timestamp)) { ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); return 0; } @@ -5210,15 +5161,13 @@ } int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, - ssl_ct_validation_cb callback, void *arg) + ssl_ct_validation_cb callback, void *arg) { /* * Since code exists that uses the custom extension handler for CT, look for * this and throw an error if they have already registered to use CT. */ - if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx, - TLSEXT_TYPE_signed_certificate_timestamp)) - { + if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx, TLSEXT_TYPE_signed_certificate_timestamp)) { ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); return 0; } @@ -5258,9 +5207,7 @@ * applications that perform certificate verification and therefore will * process SCTs when enabled. */ - if (s->ct_validation_callback == NULL || cert == NULL || - s->verify_result != X509_V_OK || - s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1) + if (s->ct_validation_callback == NULL || cert == NULL || s->verify_result != X509_V_OK || s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1) return 1; /* @@ -5286,7 +5233,7 @@ CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); CT_POLICY_EVAL_CTX_set_time( - ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); + ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); scts = SSL_get0_peer_scts(s); @@ -5311,11 +5258,11 @@ ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); if (ret < 0) - ret = 0; /* This function returns 0 on failure */ + ret = 0; /* This function returns 0 on failure */ if (!ret) SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED); - end: +end: CT_POLICY_EVAL_CTX_free(ctx); /* * With SSL_VERIFY_NONE the session may be cached and re-used despite a @@ -5373,7 +5320,7 @@ return CTLOG_STORE_load_file(ctx->ctlog_store, path); } -void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs) +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs) { CTLOG_STORE_free(ctx->ctlog_store); ctx->ctlog_store = logs; @@ -5384,10 +5331,10 @@ return ctx->ctlog_store; } -#endif /* OPENSSL_NO_CT */ +#endif /* OPENSSL_NO_CT */ void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, - void *arg) + void *arg) { c->client_hello_cb = cb; c->client_hello_cb_arg = arg; @@ -5476,13 +5423,13 @@ *out = present; *outlen = num; return 1; - err: +err: OPENSSL_free(present); return 0; } int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, - size_t *outlen) + size_t *outlen) { size_t i; RAW_EXTENSION *r; @@ -5532,11 +5479,11 @@ } static int nss_keylog_int(const char *prefix, - SSL *ssl, - const uint8_t *parameter_1, - size_t parameter_1_len, - const uint8_t *parameter_2, - size_t parameter_2_len) + SSL *ssl, + const uint8_t *parameter_1, + size_t parameter_1_len, + const uint8_t *parameter_2, + size_t parameter_2_len) { char *out = NULL; char *cursor = NULL; @@ -5581,14 +5528,13 @@ ssl->ctx->keylog_callback(ssl, (const char *)out); OPENSSL_clear_free(out, out_len); return 1; - } int ssl_log_rsa_client_key_exchange(SSL *ssl, - const uint8_t *encrypted_premaster, - size_t encrypted_premaster_len, - const uint8_t *premaster, - size_t premaster_len) + const uint8_t *encrypted_premaster, + size_t encrypted_premaster_len, + const uint8_t *premaster, + size_t premaster_len) { if (encrypted_premaster_len < 8) { SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -5597,27 +5543,27 @@ /* We only want the first 8 bytes of the encrypted premaster as a tag. */ return nss_keylog_int("RSA", - ssl, - encrypted_premaster, - 8, - premaster, - premaster_len); + ssl, + encrypted_premaster, + 8, + premaster, + premaster_len); } int ssl_log_secret(SSL *ssl, - const char *label, - const uint8_t *secret, - size_t secret_len) + const char *label, + const uint8_t *secret, + size_t secret_len) { return nss_keylog_int(label, - ssl, - ssl->s3.client_random, - SSL3_RANDOM_SIZE, - secret, - secret_len); + ssl, + ssl->s3.client_random, + SSL3_RANDOM_SIZE, + secret, + secret_len); } -#define SSLV2_CIPHER_LEN 3 +#define SSLV2_CIPHER_LEN 3 int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) { @@ -5659,14 +5605,14 @@ return 0; } for (s->s3.tmp.ciphers_rawlen = 0; - PACKET_remaining(&sslv2ciphers) > 0; - raw += TLS_CIPHER_LEN) { + PACKET_remaining(&sslv2ciphers) > 0; + raw += TLS_CIPHER_LEN) { if (!PACKET_get_1(&sslv2ciphers, &leadbyte) - || (leadbyte == 0 - && !PACKET_copy_bytes(&sslv2ciphers, raw, - TLS_CIPHER_LEN)) - || (leadbyte != 0 - && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { + || (leadbyte == 0 + && !PACKET_copy_bytes(&sslv2ciphers, raw, + TLS_CIPHER_LEN)) + || (leadbyte != 0 + && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET); OPENSSL_free(s->s3.tmp.ciphers_raw); s->s3.tmp.ciphers_raw = NULL; @@ -5677,7 +5623,7 @@ s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN; } } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw, - &s->s3.tmp.ciphers_rawlen)) { + &s->s3.tmp.ciphers_rawlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -5685,8 +5631,8 @@ } int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, - int isv2format, STACK_OF(SSL_CIPHER) **sk, - STACK_OF(SSL_CIPHER) **scsvs) + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs) { PACKET pkt; @@ -5696,9 +5642,9 @@ } int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, - STACK_OF(SSL_CIPHER) **skp, - STACK_OF(SSL_CIPHER) **scsvs_out, - int sslv2format, int fatal) + STACK_OF(SSL_CIPHER) **skp, + STACK_OF(SSL_CIPHER) **scsvs_out, + int sslv2format, int fatal) { const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk = NULL; @@ -5720,7 +5666,7 @@ if (PACKET_remaining(cipher_suites) % n != 0) { if (fatal) SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); else ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return 0; @@ -5748,8 +5694,7 @@ /* For SSLv2-compat, ignore leading 0-byte. */ c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1); if (c != NULL) { - if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || - (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { + if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { if (fatal) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); else @@ -5775,7 +5720,7 @@ else sk_SSL_CIPHER_free(scsvs); return 1; - err: +err: sk_SSL_CIPHER_free(sk); sk_SSL_CIPHER_free(scsvs); return 0; @@ -5935,9 +5880,9 @@ } int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, - SSL_CTX_generate_session_ticket_fn gen_cb, - SSL_CTX_decrypt_session_ticket_fn dec_cb, - void *arg) + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg) { ctx->generate_ticket_cb = gen_cb; ctx->decrypt_ticket_cb = dec_cb; @@ -5946,24 +5891,24 @@ } void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, - SSL_allow_early_data_cb_fn cb, - void *arg) + SSL_allow_early_data_cb_fn cb, + void *arg) { ctx->allow_early_data_cb = cb; ctx->allow_early_data_cb_data = arg; } void SSL_set_allow_early_data_cb(SSL *s, - SSL_allow_early_data_cb_fn cb, - void *arg) + SSL_allow_early_data_cb_fn cb, + void *arg) { s->allow_early_data_cb = cb; s->allow_early_data_cb_data = arg; } const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties) + int nid, + const char *properties) { const EVP_CIPHER *ciph; @@ -5981,7 +5926,6 @@ return ciph; } - int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher) { /* Don't up-ref an implicit EVP_CIPHER */ @@ -6010,8 +5954,8 @@ } const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties) + int nid, + const char *properties) { const EVP_MD *md; @@ -6056,7 +6000,7 @@ int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) { if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { + EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); return 0; } @@ -6068,7 +6012,7 @@ int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey) { if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { + EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); return 0; } --- crypto/openssl/ssl/ssl_local.h.orig +++ crypto/openssl/ssl/ssl_local.h @@ -10,140 +10,155 @@ */ #ifndef OSSL_SSL_LOCAL_H -# define OSSL_SSL_LOCAL_H - -# include "e_os.h" /* struct timeval for DTLS */ -# include -# include -# include -# include - -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include "record/record.h" -# include "statem/statem.h" -# include "internal/packet.h" -# include "internal/dane.h" -# include "internal/refcount.h" -# include "internal/tsan_assist.h" -# include "internal/bio.h" -# include "internal/ktls.h" - -# ifdef OPENSSL_BUILD_SHLIBSSL -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif - -# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) +#define OSSL_SSL_LOCAL_H + +#include "e_os.h" /* struct timeval for DTLS */ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "record/record.h" +#include "statem/statem.h" +#include "internal/packet.h" +#include "internal/dane.h" +#include "internal/refcount.h" +#include "internal/tsan_assist.h" +#include "internal/bio.h" +#include "internal/ktls.h" + +#ifdef OPENSSL_BUILD_SHLIBSSL +#undef OPENSSL_EXTERN +#define OPENSSL_EXTERN OPENSSL_EXPORT +#endif + +#define c2l(c, l) (l = ((unsigned long)(*((c)++))), \ + l |= (((unsigned long)(*((c)++))) << 8), \ + l |= (((unsigned long)(*((c)++))) << 16), \ + l |= (((unsigned long)(*((c)++))) << 24)) /* NOTE - c is not incremented as per c2l */ -# define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff)) - -# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ - l|=((unsigned long)(*((c)++)))<<16, \ - l|=((unsigned long)(*((c)++)))<< 8, \ - l|=((unsigned long)(*((c)++)))) - -# define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ - l|=((uint64_t)(*((c)++)))<<48, \ - l|=((uint64_t)(*((c)++)))<<40, \ - l|=((uint64_t)(*((c)++)))<<32, \ - l|=((uint64_t)(*((c)++)))<<24, \ - l|=((uint64_t)(*((c)++)))<<16, \ - l|=((uint64_t)(*((c)++)))<< 8, \ - l|=((uint64_t)(*((c)++)))) - - -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define c2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))) << 24; \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))); \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))) << 24; \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))); \ + } \ + } + +#define l2c(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff)) + +#define n2l(c, l) (l = ((unsigned long)(*((c)++))) << 24, \ + l |= ((unsigned long)(*((c)++))) << 16, \ + l |= ((unsigned long)(*((c)++))) << 8, \ + l |= ((unsigned long)(*((c)++)))) + +#define n2l8(c, l) (l = ((uint64_t)(*((c)++))) << 56, \ + l |= ((uint64_t)(*((c)++))) << 48, \ + l |= ((uint64_t)(*((c)++))) << 40, \ + l |= ((uint64_t)(*((c)++))) << 32, \ + l |= ((uint64_t)(*((c)++))) << 24, \ + l |= ((uint64_t)(*((c)++))) << 16, \ + l |= ((uint64_t)(*((c)++))) << 8, \ + l |= ((uint64_t)(*((c)++)))) + +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) + +#define l2n6(l, c) (*((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) + +#define l2n8(l, c) (*((c)++) = (unsigned char)(((l) >> 56) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 48) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) /* NOTE - c is not incremented as per l2c */ -# define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ - (((unsigned int)((c)[1])) )),(c)+=2) -# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \ - (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2) - -# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \ - (((unsigned long)((c)[1]))<< 8)| \ - (((unsigned long)((c)[2])) )),(c)+=3) - -# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \ - (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ - (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) - -# define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION -# define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION +#define l2cn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2) >> 24) & 0xff); \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 16) & 0xff); \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 8) & 0xff); \ + case 5: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + case 4: \ + *(--(c)) = (unsigned char)(((l1) >> 24) & 0xff); \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 16) & 0xff); \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 8) & 0xff); \ + case 1: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + } \ + } + +#define n2s(c, s) ((s = (((unsigned int)((c)[0])) << 8) | (((unsigned int)((c)[1])))), (c) += 2) +#define s2n(s, c) (((c)[0] = (unsigned char)(((s) >> 8) & 0xff), \ + (c)[1] = (unsigned char)(((s)) & 0xff)), \ + (c) += 2) + +#define n2l3(c, l) ((l = (((unsigned long)((c)[0])) << 16) | (((unsigned long)((c)[1])) << 8) | (((unsigned long)((c)[2])))), (c) += 3) + +#define l2n3(l, c) (((c)[0] = (unsigned char)(((l) >> 16) & 0xff), \ + (c)[1] = (unsigned char)(((l) >> 8) & 0xff), \ + (c)[2] = (unsigned char)(((l)) & 0xff)), \ + (c) += 3) + +#define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION +#define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION /* * DTLS version numbers are strange because they're inverted. Except for * DTLS1_BAD_VER, which should be considered "lower" than the rest. */ -# define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1)) -# define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2)) -# define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2)) -# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2)) -# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2)) - +#define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1)) +#define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2)) +#define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2)) +#define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2)) +#define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2)) /* * Define the Bitmasks for SSL_CIPHER.algorithms. @@ -161,277 +176,275 @@ /* Bits for algorithm_mkey (key exchange algorithm) */ /* RSA key exchange */ -# define SSL_kRSA 0x00000001U +#define SSL_kRSA 0x00000001U /* tmp DH key no DH cert */ -# define SSL_kDHE 0x00000002U +#define SSL_kDHE 0x00000002U /* synonym */ -# define SSL_kEDH SSL_kDHE +#define SSL_kEDH SSL_kDHE /* ephemeral ECDH */ -# define SSL_kECDHE 0x00000004U +#define SSL_kECDHE 0x00000004U /* synonym */ -# define SSL_kEECDH SSL_kECDHE +#define SSL_kEECDH SSL_kECDHE /* PSK */ -# define SSL_kPSK 0x00000008U +#define SSL_kPSK 0x00000008U /* GOST key exchange */ -# define SSL_kGOST 0x00000010U +#define SSL_kGOST 0x00000010U /* SRP */ -# define SSL_kSRP 0x00000020U +#define SSL_kSRP 0x00000020U -# define SSL_kRSAPSK 0x00000040U -# define SSL_kECDHEPSK 0x00000080U -# define SSL_kDHEPSK 0x00000100U +#define SSL_kRSAPSK 0x00000040U +#define SSL_kECDHEPSK 0x00000080U +#define SSL_kDHEPSK 0x00000100U /* GOST KDF key exchange, draft-smyshlyaev-tls12-gost-suites */ -# define SSL_kGOST18 0x00000200U +#define SSL_kGOST18 0x00000200U /* all PSK */ -# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) +#define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) /* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */ -# define SSL_kANY 0x00000000U +#define SSL_kANY 0x00000000U /* Bits for algorithm_auth (server authentication) */ /* RSA auth */ -# define SSL_aRSA 0x00000001U +#define SSL_aRSA 0x00000001U /* DSS auth */ -# define SSL_aDSS 0x00000002U +#define SSL_aDSS 0x00000002U /* no auth (i.e. use ADH or AECDH) */ -# define SSL_aNULL 0x00000004U +#define SSL_aNULL 0x00000004U /* ECDSA auth*/ -# define SSL_aECDSA 0x00000008U +#define SSL_aECDSA 0x00000008U /* PSK auth */ -# define SSL_aPSK 0x00000010U +#define SSL_aPSK 0x00000010U /* GOST R 34.10-2001 signature auth */ -# define SSL_aGOST01 0x00000020U +#define SSL_aGOST01 0x00000020U /* SRP auth */ -# define SSL_aSRP 0x00000040U +#define SSL_aSRP 0x00000040U /* GOST R 34.10-2012 signature auth */ -# define SSL_aGOST12 0x00000080U +#define SSL_aGOST12 0x00000080U /* Any appropriate signature auth (for TLS 1.3 ciphersuites) */ -# define SSL_aANY 0x00000000U +#define SSL_aANY 0x00000000U /* All bits requiring a certificate */ #define SSL_aCERT \ (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12) /* Bits for algorithm_enc (symmetric encryption) */ -# define SSL_DES 0x00000001U -# define SSL_3DES 0x00000002U -# define SSL_RC4 0x00000004U -# define SSL_RC2 0x00000008U -# define SSL_IDEA 0x00000010U -# define SSL_eNULL 0x00000020U -# define SSL_AES128 0x00000040U -# define SSL_AES256 0x00000080U -# define SSL_CAMELLIA128 0x00000100U -# define SSL_CAMELLIA256 0x00000200U -# define SSL_eGOST2814789CNT 0x00000400U -# define SSL_SEED 0x00000800U -# define SSL_AES128GCM 0x00001000U -# define SSL_AES256GCM 0x00002000U -# define SSL_AES128CCM 0x00004000U -# define SSL_AES256CCM 0x00008000U -# define SSL_AES128CCM8 0x00010000U -# define SSL_AES256CCM8 0x00020000U -# define SSL_eGOST2814789CNT12 0x00040000U -# define SSL_CHACHA20POLY1305 0x00080000U -# define SSL_ARIA128GCM 0x00100000U -# define SSL_ARIA256GCM 0x00200000U -# define SSL_MAGMA 0x00400000U -# define SSL_KUZNYECHIK 0x00800000U - -# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) -# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) -# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM) -# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) -# define SSL_CHACHA20 (SSL_CHACHA20POLY1305) -# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) -# define SSL_ARIA (SSL_ARIAGCM) -# define SSL_CBC (SSL_DES | SSL_3DES | SSL_RC2 | SSL_IDEA \ - | SSL_AES128 | SSL_AES256 | SSL_CAMELLIA128 \ - | SSL_CAMELLIA256 | SSL_SEED) +#define SSL_DES 0x00000001U +#define SSL_3DES 0x00000002U +#define SSL_RC4 0x00000004U +#define SSL_RC2 0x00000008U +#define SSL_IDEA 0x00000010U +#define SSL_eNULL 0x00000020U +#define SSL_AES128 0x00000040U +#define SSL_AES256 0x00000080U +#define SSL_CAMELLIA128 0x00000100U +#define SSL_CAMELLIA256 0x00000200U +#define SSL_eGOST2814789CNT 0x00000400U +#define SSL_SEED 0x00000800U +#define SSL_AES128GCM 0x00001000U +#define SSL_AES256GCM 0x00002000U +#define SSL_AES128CCM 0x00004000U +#define SSL_AES256CCM 0x00008000U +#define SSL_AES128CCM8 0x00010000U +#define SSL_AES256CCM8 0x00020000U +#define SSL_eGOST2814789CNT12 0x00040000U +#define SSL_CHACHA20POLY1305 0x00080000U +#define SSL_ARIA128GCM 0x00100000U +#define SSL_ARIA256GCM 0x00200000U +#define SSL_MAGMA 0x00400000U +#define SSL_KUZNYECHIK 0x00800000U + +#define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) +#define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) +#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AESGCM | SSL_AESCCM) +#define SSL_CAMELLIA (SSL_CAMELLIA128 | SSL_CAMELLIA256) +#define SSL_CHACHA20 (SSL_CHACHA20POLY1305) +#define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) +#define SSL_ARIA (SSL_ARIAGCM) +#define SSL_CBC (SSL_DES | SSL_3DES | SSL_RC2 | SSL_IDEA \ + | SSL_AES128 | SSL_AES256 | SSL_CAMELLIA128 \ + | SSL_CAMELLIA256 | SSL_SEED) /* Bits for algorithm_mac (symmetric authentication) */ -# define SSL_MD5 0x00000001U -# define SSL_SHA1 0x00000002U -# define SSL_GOST94 0x00000004U -# define SSL_GOST89MAC 0x00000008U -# define SSL_SHA256 0x00000010U -# define SSL_SHA384 0x00000020U +#define SSL_MD5 0x00000001U +#define SSL_SHA1 0x00000002U +#define SSL_GOST94 0x00000004U +#define SSL_GOST89MAC 0x00000008U +#define SSL_SHA256 0x00000010U +#define SSL_SHA384 0x00000020U /* Not a real MAC, just an indication it is part of cipher */ -# define SSL_AEAD 0x00000040U -# define SSL_GOST12_256 0x00000080U -# define SSL_GOST89MAC12 0x00000100U -# define SSL_GOST12_512 0x00000200U -# define SSL_MAGMAOMAC 0x00000400U -# define SSL_KUZNYECHIKOMAC 0x00000800U +#define SSL_AEAD 0x00000040U +#define SSL_GOST12_256 0x00000080U +#define SSL_GOST89MAC12 0x00000100U +#define SSL_GOST12_512 0x00000200U +#define SSL_MAGMAOMAC 0x00000400U +#define SSL_KUZNYECHIKOMAC 0x00000800U /* * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make * sure to update this constant too */ -# define SSL_MD_MD5_IDX 0 -# define SSL_MD_SHA1_IDX 1 -# define SSL_MD_GOST94_IDX 2 -# define SSL_MD_GOST89MAC_IDX 3 -# define SSL_MD_SHA256_IDX 4 -# define SSL_MD_SHA384_IDX 5 -# define SSL_MD_GOST12_256_IDX 6 -# define SSL_MD_GOST89MAC12_IDX 7 -# define SSL_MD_GOST12_512_IDX 8 -# define SSL_MD_MD5_SHA1_IDX 9 -# define SSL_MD_SHA224_IDX 10 -# define SSL_MD_SHA512_IDX 11 -# define SSL_MD_MAGMAOMAC_IDX 12 -# define SSL_MD_KUZNYECHIKOMAC_IDX 13 -# define SSL_MAX_DIGEST 14 - -#define SSL_MD_NUM_IDX SSL_MAX_DIGEST +#define SSL_MD_MD5_IDX 0 +#define SSL_MD_SHA1_IDX 1 +#define SSL_MD_GOST94_IDX 2 +#define SSL_MD_GOST89MAC_IDX 3 +#define SSL_MD_SHA256_IDX 4 +#define SSL_MD_SHA384_IDX 5 +#define SSL_MD_GOST12_256_IDX 6 +#define SSL_MD_GOST89MAC12_IDX 7 +#define SSL_MD_GOST12_512_IDX 8 +#define SSL_MD_MD5_SHA1_IDX 9 +#define SSL_MD_SHA224_IDX 10 +#define SSL_MD_SHA512_IDX 11 +#define SSL_MD_MAGMAOMAC_IDX 12 +#define SSL_MD_KUZNYECHIKOMAC_IDX 13 +#define SSL_MAX_DIGEST 14 + +#define SSL_MD_NUM_IDX SSL_MAX_DIGEST /* Bits for algorithm2 (handshake digests and other extra flags) */ /* Bits 0-7 are handshake MAC */ -# define SSL_HANDSHAKE_MAC_MASK 0xFF -# define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX -# define SSL_HANDSHAKE_MAC_SHA256 SSL_MD_SHA256_IDX -# define SSL_HANDSHAKE_MAC_SHA384 SSL_MD_SHA384_IDX -# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX -# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX -# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX -# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1 +#define SSL_HANDSHAKE_MAC_MASK 0xFF +#define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX +#define SSL_HANDSHAKE_MAC_SHA256 SSL_MD_SHA256_IDX +#define SSL_HANDSHAKE_MAC_SHA384 SSL_MD_SHA384_IDX +#define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX +#define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX +#define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX +#define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1 /* Bits 8-15 bits are PRF */ -# define TLS1_PRF_DGST_SHIFT 8 -# define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_DGST_SHIFT 8 +#define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) /* * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also * goes into algorithm2) */ -# define TLS1_STREAM_MAC 0x10000 +#define TLS1_STREAM_MAC 0x10000 /* * TLSTREE cipher/mac key derivation from draft-smyshlyaev-tls12-gost-suites * (currently this also goes into algorithm2) */ -# define TLS1_TLSTREE 0x20000 +#define TLS1_TLSTREE 0x20000 -# define SSL_STRONG_MASK 0x0000001FU -# define SSL_DEFAULT_MASK 0X00000020U +#define SSL_STRONG_MASK 0x0000001FU +#define SSL_DEFAULT_MASK 0X00000020U -# define SSL_STRONG_NONE 0x00000001U -# define SSL_LOW 0x00000002U -# define SSL_MEDIUM 0x00000004U -# define SSL_HIGH 0x00000008U -# define SSL_FIPS 0x00000010U -# define SSL_NOT_DEFAULT 0x00000020U +#define SSL_STRONG_NONE 0x00000001U +#define SSL_LOW 0x00000002U +#define SSL_MEDIUM 0x00000004U +#define SSL_HIGH 0x00000008U +#define SSL_FIPS 0x00000010U +#define SSL_NOT_DEFAULT 0x00000020U /* we have used 0000003f - 26 bits left to go */ /* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */ -# define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 +#define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 /* Check if an SSL structure is using DTLS */ -# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) +#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) /* Check if we are using TLSv1.3 */ -# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ - && (s)->method->version >= TLS1_3_VERSION \ - && (s)->method->version != TLS_ANY_VERSION) +#define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ + && (s)->method->version >= TLS1_3_VERSION \ + && (s)->method->version != TLS_ANY_VERSION) -# define SSL_TREAT_AS_TLS13(s) \ +#define SSL_TREAT_AS_TLS13(s) \ (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \ - || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ - || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ - || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ - || (s)->hello_retry_request == SSL_HRR_PENDING) + || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ + || (s)->hello_retry_request == SSL_HRR_PENDING) -# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \ - || (s)->s3.tmp.peer_finish_md_len == 0) +#define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \ + || (s)->s3.tmp.peer_finish_md_len == 0) /* See if we need explicit IV */ -# define SSL_USE_EXPLICIT_IV(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) +#define SSL_USE_EXPLICIT_IV(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) /* * See if we use signature algorithms extension and signature algorithm * before signatures. */ -# define SSL_USE_SIGALGS(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) +#define SSL_USE_SIGALGS(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) /* * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may * apply to others in future. */ -# define SSL_USE_TLS1_2_CIPHERS(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) +#define SSL_USE_TLS1_2_CIPHERS(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* * Determine if a client can use TLS 1.2 ciphersuites: can't rely on method * flags because it may not be set to correct version yet. */ -# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ - ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \ - (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION))) +#define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ + ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION))) /* * Determine if a client should send signature algorithms extension: * as with TLS1.2 cipher we can't rely on method flags. */ -# define SSL_CLIENT_USE_SIGALGS(s) \ +#define SSL_CLIENT_USE_SIGALGS(s) \ SSL_CLIENT_USE_TLS1_2_CIPHERS(s) -# define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \ - (((value) >= TLSEXT_max_fragment_length_512) && \ - ((value) <= TLSEXT_max_fragment_length_4096)) -# define USE_MAX_FRAGMENT_LENGTH_EXT(session) \ +#define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \ + (((value) >= TLSEXT_max_fragment_length_512) && ((value) <= TLSEXT_max_fragment_length_4096)) +#define USE_MAX_FRAGMENT_LENGTH_EXT(session) \ IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode) -# define GET_MAX_FRAGMENT_LENGTH(session) \ +#define GET_MAX_FRAGMENT_LENGTH(session) \ (512U << (session->ext.max_fragment_len_mode - 1)) -# define SSL_READ_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) -# define SSL_WRITE_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) +#define SSL_READ_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) +#define SSL_WRITE_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) /* Mostly for SSLv3 */ -# define SSL_PKEY_RSA 0 -# define SSL_PKEY_RSA_PSS_SIGN 1 -# define SSL_PKEY_DSA_SIGN 2 -# define SSL_PKEY_ECC 3 -# define SSL_PKEY_GOST01 4 -# define SSL_PKEY_GOST12_256 5 -# define SSL_PKEY_GOST12_512 6 -# define SSL_PKEY_ED25519 7 -# define SSL_PKEY_ED448 8 -# define SSL_PKEY_NUM 9 - -# define SSL_ENC_DES_IDX 0 -# define SSL_ENC_3DES_IDX 1 -# define SSL_ENC_RC4_IDX 2 -# define SSL_ENC_RC2_IDX 3 -# define SSL_ENC_IDEA_IDX 4 -# define SSL_ENC_NULL_IDX 5 -# define SSL_ENC_AES128_IDX 6 -# define SSL_ENC_AES256_IDX 7 -# define SSL_ENC_CAMELLIA128_IDX 8 -# define SSL_ENC_CAMELLIA256_IDX 9 -# define SSL_ENC_GOST89_IDX 10 -# define SSL_ENC_SEED_IDX 11 -# define SSL_ENC_AES128GCM_IDX 12 -# define SSL_ENC_AES256GCM_IDX 13 -# define SSL_ENC_AES128CCM_IDX 14 -# define SSL_ENC_AES256CCM_IDX 15 -# define SSL_ENC_AES128CCM8_IDX 16 -# define SSL_ENC_AES256CCM8_IDX 17 -# define SSL_ENC_GOST8912_IDX 18 -# define SSL_ENC_CHACHA_IDX 19 -# define SSL_ENC_ARIA128GCM_IDX 20 -# define SSL_ENC_ARIA256GCM_IDX 21 -# define SSL_ENC_MAGMA_IDX 22 -# define SSL_ENC_KUZNYECHIK_IDX 23 -# define SSL_ENC_NUM_IDX 24 +#define SSL_PKEY_RSA 0 +#define SSL_PKEY_RSA_PSS_SIGN 1 +#define SSL_PKEY_DSA_SIGN 2 +#define SSL_PKEY_ECC 3 +#define SSL_PKEY_GOST01 4 +#define SSL_PKEY_GOST12_256 5 +#define SSL_PKEY_GOST12_512 6 +#define SSL_PKEY_ED25519 7 +#define SSL_PKEY_ED448 8 +#define SSL_PKEY_NUM 9 + +#define SSL_ENC_DES_IDX 0 +#define SSL_ENC_3DES_IDX 1 +#define SSL_ENC_RC4_IDX 2 +#define SSL_ENC_RC2_IDX 3 +#define SSL_ENC_IDEA_IDX 4 +#define SSL_ENC_NULL_IDX 5 +#define SSL_ENC_AES128_IDX 6 +#define SSL_ENC_AES256_IDX 7 +#define SSL_ENC_CAMELLIA128_IDX 8 +#define SSL_ENC_CAMELLIA256_IDX 9 +#define SSL_ENC_GOST89_IDX 10 +#define SSL_ENC_SEED_IDX 11 +#define SSL_ENC_AES128GCM_IDX 12 +#define SSL_ENC_AES256GCM_IDX 13 +#define SSL_ENC_AES128CCM_IDX 14 +#define SSL_ENC_AES256CCM_IDX 15 +#define SSL_ENC_AES128CCM8_IDX 16 +#define SSL_ENC_AES256CCM8_IDX 17 +#define SSL_ENC_GOST8912_IDX 18 +#define SSL_ENC_CHACHA_IDX 19 +#define SSL_ENC_ARIA128GCM_IDX 20 +#define SSL_ENC_ARIA256GCM_IDX 21 +#define SSL_ENC_MAGMA_IDX 22 +#define SSL_ENC_KUZNYECHIK_IDX 23 +#define SSL_ENC_NUM_IDX 24 /*- * SSL_kRSA <- RSA_ENC @@ -450,36 +463,36 @@ /* Post-Handshake Authentication state */ typedef enum { SSL_PHA_NONE = 0, - SSL_PHA_EXT_SENT, /* client-side only: extension sent */ - SSL_PHA_EXT_RECEIVED, /* server-side only: extension received */ + SSL_PHA_EXT_SENT, /* client-side only: extension sent */ + SSL_PHA_EXT_RECEIVED, /* server-side only: extension received */ SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */ - SSL_PHA_REQUESTED /* request received by client, or sent by server */ + SSL_PHA_REQUESTED /* request received by client, or sent by server */ } SSL_PHA_STATE; /* CipherSuite length. SSLv3 and all TLS versions. */ -# define TLS_CIPHER_LEN 2 +#define TLS_CIPHER_LEN 2 /* used to hold info on the particular ciphers used */ struct ssl_cipher_st { uint32_t valid; - const char *name; /* text name */ - const char *stdname; /* RFC name */ - uint32_t id; /* id, 4 bytes, first is version */ + const char *name; /* text name */ + const char *stdname; /* RFC name */ + uint32_t id; /* id, 4 bytes, first is version */ /* * changed in 1.0.0: these four used to be portions of a single value * 'algorithms' */ - uint32_t algorithm_mkey; /* key exchange algorithm */ - uint32_t algorithm_auth; /* server authentication */ - uint32_t algorithm_enc; /* symmetric encryption */ - uint32_t algorithm_mac; /* symmetric authentication */ - int min_tls; /* minimum SSL/TLS protocol version */ - int max_tls; /* maximum SSL/TLS protocol version */ - int min_dtls; /* minimum DTLS protocol version */ - int max_dtls; /* maximum DTLS protocol version */ - uint32_t algo_strength; /* strength and export flags */ - uint32_t algorithm2; /* Extra flags */ - int32_t strength_bits; /* Number of bits really used */ - uint32_t alg_bits; /* Number of bits for algorithm */ + uint32_t algorithm_mkey; /* key exchange algorithm */ + uint32_t algorithm_auth; /* server authentication */ + uint32_t algorithm_enc; /* symmetric encryption */ + uint32_t algorithm_mac; /* symmetric authentication */ + int min_tls; /* minimum SSL/TLS protocol version */ + int max_tls; /* maximum SSL/TLS protocol version */ + int min_dtls; /* minimum DTLS protocol version */ + int max_dtls; /* maximum DTLS protocol version */ + uint32_t algo_strength; /* strength and export flags */ + uint32_t algorithm2; /* Extra flags */ + int32_t strength_bits; /* Number of bits really used */ + uint32_t alg_bits; /* Number of bits for algorithm */ }; /* Used to hold SSL/TLS functions */ @@ -487,43 +500,43 @@ int version; unsigned flags; unsigned long mask; - int (*ssl_new) (SSL *s); - int (*ssl_clear) (SSL *s); - void (*ssl_free) (SSL *s); - int (*ssl_accept) (SSL *s); - int (*ssl_connect) (SSL *s); - int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes); - int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes); - int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written); - int (*ssl_shutdown) (SSL *s); - int (*ssl_renegotiate) (SSL *s); - int (*ssl_renegotiate_check) (SSL *s, int); - int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type, - unsigned char *buf, size_t len, int peek, - size_t *readbytes); - int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len, - size_t *written); - int (*ssl_dispatch_alert) (SSL *s); - long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); - long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); - const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); - int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt, - size_t *len); - size_t (*ssl_pending) (const SSL *s); - int (*num_ciphers) (void); - const SSL_CIPHER *(*get_cipher) (unsigned ncipher); - long (*get_timeout) (void); + int (*ssl_new)(SSL *s); + int (*ssl_clear)(SSL *s); + void (*ssl_free)(SSL *s); + int (*ssl_accept)(SSL *s); + int (*ssl_connect)(SSL *s); + int (*ssl_read)(SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_peek)(SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_write)(SSL *s, const void *buf, size_t len, size_t *written); + int (*ssl_shutdown)(SSL *s); + int (*ssl_renegotiate)(SSL *s); + int (*ssl_renegotiate_check)(SSL *s, int); + int (*ssl_read_bytes)(SSL *s, int type, int *recvd_type, + unsigned char *buf, size_t len, int peek, + size_t *readbytes); + int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, size_t len, + size_t *written); + int (*ssl_dispatch_alert)(SSL *s); + long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); + long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); + const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); + int (*put_cipher_by_char)(const SSL_CIPHER *cipher, WPACKET *pkt, + size_t *len); + size_t (*ssl_pending)(const SSL *s); + int (*num_ciphers)(void); + const SSL_CIPHER *(*get_cipher)(unsigned ncipher); + long (*get_timeout)(void); const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ - int (*ssl_version) (void); - long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); - long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); + int (*ssl_version)(void); + long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); + long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); }; /* * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for * consistency, even in the event of OPENSSL_NO_PSK being defined. */ -# define TLS13_MAX_RESUMPTION_PSK_LENGTH 512 +#define TLS13_MAX_RESUMPTION_PSK_LENGTH 512 /*- * Lets make this into an ASN.1 type structure as follows @@ -552,8 +565,8 @@ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). */ struct ssl_session_st { - int ssl_version; /* what ssl version session info is being kept - * in here? */ + int ssl_version; /* what ssl version session info is being kept + * in here? */ size_t master_key_length; /* TLSv1.3 early_secret used for external PSKs */ @@ -573,10 +586,10 @@ */ size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK char *psk_identity_hint; char *psk_identity; -# endif +#endif /* * Used to indicate that session resumption is not allowed. Applications * can also set this bit for a new session via not_resumable_session_cb @@ -591,7 +604,7 @@ * when app_verify_callback accepts a session where the peer's * certificate is not ok, we must remember the error for session reuse: */ - long verify_result; /* only for servers */ + long verify_result; /* only for servers */ CRYPTO_REF_COUNT references; time_t timeout; time_t time; @@ -599,10 +612,10 @@ int timeout_ovf; unsigned int compress_meth; /* Need to lookup the method */ const SSL_CIPHER *cipher; - unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to - * load the 'cipher' structure */ - unsigned int kex_group; /* TLS group from key exchange */ - CRYPTO_EX_DATA ex_data; /* application specific data */ + unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to + * load the 'cipher' structure */ + unsigned int kex_group; /* TLS group from key exchange */ + CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to * implement a maximum cache size. @@ -613,7 +626,7 @@ char *hostname; /* RFC4507 info */ unsigned char *tick; /* Session ticket */ - size_t ticklen; /* Session ticket length */ + size_t ticklen; /* Session ticket length */ /* Session lifetime hint in seconds */ unsigned long tick_lifetime_hint; uint32_t tick_age_add; @@ -630,9 +643,9 @@ */ uint8_t max_fragment_len_mode; } ext; -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP char *srp_username; -# endif +#endif unsigned char *ticket_appdata; size_t ticket_appdata_len; uint32_t flags; @@ -641,19 +654,19 @@ }; /* Extended master secret support */ -# define SSL_SESS_FLAG_EXTMS 0x1 +#define SSL_SESS_FLAG_EXTMS 0x1 -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP typedef struct srp_ctx_st { /* param for all the callbacks */ void *SRP_cb_arg; /* set client Hello login callback */ - int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); + int (*TLS_ext_srp_username_callback)(SSL *, int *, void *); /* set SRP N/g param callback for verification */ - int (*SRP_verify_param_callback) (SSL *, void *); + int (*SRP_verify_param_callback)(SSL *, void *); /* set SRP client passwd callback */ - char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); + char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); char *login; BIGNUM *N, *g, *s, *B, *A; BIGNUM *a, *b, *v; @@ -662,7 +675,7 @@ unsigned long srp_Mask; } SRP_CTX; -# endif +#endif typedef enum { SSL_EARLY_DATA_NONE = 0, @@ -690,7 +703,7 @@ * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the * content of the alert record either which is 2 bytes. */ -# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2) +#define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2) /* * The allowance we have between the client's calculated ticket age and our own. @@ -698,9 +711,9 @@ * client's age calculation is different by more than this than our own then we * do not allow that ticket for early_data. */ -# define TICKET_AGE_ALLOWANCE (10 * 1000) +#define TICKET_AGE_ALLOWANCE (10 * 1000) -#define MAX_COMPRESSIONS_SIZE 255 +#define MAX_COMPRESSIONS_SIZE 255 struct ssl_comp_st { int id; @@ -776,8 +789,8 @@ /* Needed in ssl_cert.c */ DEFINE_LHASH_OF(X509_NAME); -# define TLSEXT_KEYNAME_LENGTH 16 -# define TLSEXT_TICK_KEY_LENGTH 32 +#define TLSEXT_KEYNAME_LENGTH 16 +#define TLSEXT_TICK_KEY_LENGTH 32 typedef struct ssl_ctx_ext_secure_st { unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH]; @@ -793,50 +806,50 @@ */ typedef struct ssl_hmac_st { EVP_MAC_CTX *ctx; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 HMAC_CTX *old_ctx; -# endif +#endif } SSL_HMAC; SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx); void ssl_hmac_free(SSL_HMAC *ctx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx); -# endif +#endif EVP_MAC_CTX *ssl_hmac_get0_EVP_MAC_CTX(SSL_HMAC *ctx); int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md); int ssl_hmac_update(SSL_HMAC *ctx, const unsigned char *data, size_t len); int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len, - size_t max_size); + size_t max_size); size_t ssl_hmac_size(const SSL_HMAC *ctx); int ssl_get_EC_curve_nid(const EVP_PKEY *pkey); __owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey, - const unsigned char *enckey, - size_t enckeylen); + const unsigned char *enckey, + size_t enckeylen); typedef struct tls_group_info_st { - char *tlsname; /* Curve Name as in TLS specs */ - char *realname; /* Curve Name according to provider */ - char *algorithm; /* Algorithm name to fetch */ - unsigned int secbits; /* Bits of security (from SP800-57) */ - uint16_t group_id; /* Group ID */ - int mintls; /* Minimum TLS version, -1 unsupported */ - int maxtls; /* Maximum TLS version (or 0 for undefined) */ - int mindtls; /* Minimum DTLS version, -1 unsupported */ - int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ - char is_kem; /* Mode for this Group: 0 is KEX, 1 is KEM */ + char *tlsname; /* Curve Name as in TLS specs */ + char *realname; /* Curve Name according to provider */ + char *algorithm; /* Algorithm name to fetch */ + unsigned int secbits; /* Bits of security (from SP800-57) */ + uint16_t group_id; /* Group ID */ + int mintls; /* Minimum TLS version, -1 unsupported */ + int maxtls; /* Maximum TLS version (or 0 for undefined) */ + int mindtls; /* Minimum DTLS version, -1 unsupported */ + int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ + char is_kem; /* Mode for this Group: 0 is KEX, 1 is KEM */ } TLS_GROUP_INFO; /* flags values */ -# define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */ -# define TLS_GROUP_CURVE_PRIME 0x00000001U -# define TLS_GROUP_CURVE_CHAR2 0x00000002U -# define TLS_GROUP_CURVE_CUSTOM 0x00000004U -# define TLS_GROUP_FFDHE 0x00000008U -# define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U +#define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */ +#define TLS_GROUP_CURVE_PRIME 0x00000001U +#define TLS_GROUP_CURVE_CHAR2 0x00000002U +#define TLS_GROUP_CURVE_CUSTOM 0x00000004U +#define TLS_GROUP_FFDHE 0x00000008U +#define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U -# define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3) +#define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE | TLS_GROUP_ONLY_FOR_TLS1_3) struct ssl_ctx_st { OSSL_LIB_CTX *libctx; @@ -877,29 +890,29 @@ * removed from the cache. After the call, OpenSSL will * SSL_SESSION_free() it. */ - int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); - void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); - SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, - const unsigned char *data, int len, - int *copy); + int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); + void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); + SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, + const unsigned char *data, int len, + int *copy); struct { - TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */ + TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */ TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */ - TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */ - TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */ + TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */ + TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */ TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */ - TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */ - TSAN_QUALIFIER int sess_miss; /* session lookup misses */ - TSAN_QUALIFIER int sess_timeout; /* reuse attempt on timeouted session */ - TSAN_QUALIFIER int sess_cache_full; /* session removed due to full cache */ - TSAN_QUALIFIER int sess_hit; /* session reuse actually done */ - TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in - * the cache was passed back via - * the callback. This indicates - * that the application is - * supplying session-id's from - * other processes - spooky - * :-) */ + TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */ + TSAN_QUALIFIER int sess_miss; /* session lookup misses */ + TSAN_QUALIFIER int sess_timeout; /* reuse attempt on timeouted session */ + TSAN_QUALIFIER int sess_cache_full; /* session removed due to full cache */ + TSAN_QUALIFIER int sess_hit; /* session reuse actually done */ + TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in + * the cache was passed back via + * the callback. This indicates + * that the application is + * supplying session-id's from + * other processes - spooky + * :-) */ } stats; #ifdef TSAN_REQUIRES_LOCKING CRYPTO_RWLOCK *tsan_lock; @@ -908,7 +921,7 @@ CRYPTO_REF_COUNT references; /* if defined, these override the X509_verify_cert() calls */ - int (*app_verify_callback) (X509_STORE_CTX *, void *); + int (*app_verify_callback)(X509_STORE_CTX *, void *); void *app_verify_arg; /* * before OpenSSL 0.9.7, 'app_verify_arg' was ignored @@ -922,28 +935,28 @@ void *default_passwd_callback_userdata; /* get client cert callback */ - int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); /* cookie generate callback */ - int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len); /* verify cookie callback */ - int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len); + int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie, + unsigned int cookie_len); /* TLS1.3 app-controlled cookie generate callback */ - int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie, - size_t *cookie_len); + int (*gen_stateless_cookie_cb)(SSL *ssl, unsigned char *cookie, + size_t *cookie_len); /* TLS1.3 verify app-controlled cookie callback */ - int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie, - size_t cookie_len); + int (*verify_stateless_cookie_cb)(SSL *ssl, const unsigned char *cookie, + size_t cookie_len); CRYPTO_EX_DATA ex_data; - const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ - const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ + const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ + const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ STACK_OF(X509) *extra_certs; STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ @@ -951,7 +964,7 @@ /* Default values used when no per-SSL value is defined follow */ /* used if SSL's info_callback is NULL */ - void (*info_callback) (const SSL *ssl, int type, int val); + void (*info_callback)(const SSL *ssl, int type, int val); /* * What we put in certificate_authorities extension for TLS 1.3 @@ -977,15 +990,15 @@ int read_ahead; /* callback that allows applications to peek at protocol messages */ - void (*msg_callback) (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); + void (*msg_callback)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; uint32_t verify_mode; size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* called 'verify_callback' in the SSL */ - int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); + int (*default_verify_callback)(int ok, X509_STORE_CTX *ctx); /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; @@ -994,15 +1007,15 @@ int quiet_shutdown; -# ifndef OPENSSL_NO_CT - CTLOG_STORE *ctlog_store; /* CT Log Store */ +#ifndef OPENSSL_NO_CT + CTLOG_STORE *ctlog_store; /* CT Log Store */ /* * Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * If they are not, the connection should be aborted. */ ssl_ct_validation_cb ct_validation_callback; void *ct_validation_callback_arg; -# endif +#endif /* * If we're using more than one pipeline how should we divide the data @@ -1021,12 +1034,12 @@ /* The default read buffer length to use (0 means not set) */ size_t default_read_buf_len; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE /* * Engine to pass requests for client certs to */ ENGINE *client_cert_engine; -# endif +#endif /* ClientHello callback. Mostly for extensions, but not entirely. */ SSL_client_hello_cb_fn client_hello_cb; @@ -1035,25 +1048,25 @@ /* TLS extensions. */ struct { /* TLS extensions servername callback */ - int (*servername_cb) (SSL *, int *, void *); + int (*servername_cb)(SSL *, int *, void *); void *servername_arg; /* RFC 4507 session ticket keys */ unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH]; SSL_CTX_EXT_SECURE *secure; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Callback to support customisation of ticket key setting */ - int (*ticket_key_cb) (SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); + int (*ticket_key_cb)(SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); #endif - int (*ticket_key_evp_cb) (SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, EVP_MAC_CTX *hctx, - int enc); + int (*ticket_key_evp_cb)(SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, EVP_MAC_CTX *hctx, + int enc); /* certificate status request info */ /* Callback for status request */ - int (*status_cb) (SSL *ssl, void *arg); + int (*status_cb)(SSL *ssl, void *arg); void *status_arg; /* ext status type used for CSR extension (OCSP Stapling) */ int status_type; @@ -1084,11 +1097,11 @@ * wire-format. * inlen: the length of |in|. */ - int (*alpn_select_cb) (SSL *s, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); + int (*alpn_select_cb)(SSL *s, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); void *alpn_select_cb_arg; /* @@ -1098,7 +1111,7 @@ unsigned char *alpn; size_t alpn_len; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* Next protocol negotiation information */ /* @@ -1113,34 +1126,34 @@ */ SSL_CTX_npn_select_cb_func npn_select_cb; void *npn_select_cb_arg; -# endif +#endif unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH]; } ext; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK SSL_psk_client_cb_func psk_client_callback; SSL_psk_server_cb_func psk_server_callback; -# endif +#endif SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb; -# ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ -# endif +#ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +#endif /* Shared DANE context */ struct dane_ctx_st dane; -# ifndef OPENSSL_NO_SRTP +#ifndef OPENSSL_NO_SRTP /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; -# endif +#endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. */ - int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); + int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure); CRYPTO_RWLOCK *lock; @@ -1233,7 +1246,7 @@ * request needs re-doing when in SSL_accept or SSL_connect */ int rwstate; - int (*handshake_func) (SSL *); + int (*handshake_func)(SSL *); /* * Imagine that here's a boolean member "init" that is switched as soon * as SSL_set_{accept/connect}_state is called for the first time, so @@ -1257,11 +1270,11 @@ /* where we are */ OSSL_STATEM statem; SSL_EARLY_DATA_STATE early_data_state; - BUF_MEM *init_buf; /* buffer used during init */ - void *init_msg; /* pointer to handshake message body, set by - * ssl3_get_message() */ - size_t init_num; /* amount read/written */ - size_t init_off; /* amount read/written */ + BUF_MEM *init_buf; /* buffer used during init */ + void *init_msg; /* pointer to handshake message body, set by + * ssl3_get_message() */ + size_t init_num; /* amount read/written */ + size_t init_off; /* amount read/written */ struct { long flags; @@ -1313,7 +1326,7 @@ int message_type; /* used to hold the new cipher we are going to use */ const SSL_CIPHER *new_cipher; - EVP_PKEY *pkey; /* holds short lived key exchange key */ + EVP_PKEY *pkey; /* holds short lived key exchange key */ /* used for certificate requests */ int cert_req; /* Certificate types in certificate request message. */ @@ -1327,11 +1340,11 @@ const EVP_MD *new_hash; int new_mac_pkey_type; size_t new_mac_secret_size; -# ifndef OPENSSL_NO_COMP +#ifndef OPENSSL_NO_COMP const SSL_COMP *new_compression; -# else +#else char *new_compression; -# endif +#endif int cert_request; /* Raw values of the cipher list from a client */ unsigned char *ciphers_raw; @@ -1339,11 +1352,11 @@ /* Temporary storage for premaster secret */ unsigned char *pms; size_t pmslen; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK /* Temporary storage for PSK key */ unsigned char *psk; size_t psklen; -# endif +#endif /* Signature algorithm we actually use */ const struct sigalg_lookup_st *sigalg; /* Pointer to certificate we use */ @@ -1390,12 +1403,12 @@ size_t previous_server_finished_len; int send_connection_binding; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* * Set if we saw the Next Protocol Negotiation extension from our peer. */ int npn_seen; -# endif +#endif /* * ALPN information (we are in the process of transitioning from NPN to @@ -1435,12 +1448,12 @@ } s3; - struct dtls1_state_st *d1; /* DTLSv1 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ /* callback that allows applications to peek at protocol messages */ - void (*msg_callback) (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); + void (*msg_callback)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; - int hit; /* reusing a previous session */ + int hit; /* reusing a previous session */ X509_VERIFY_PARAM *param; /* Per connection DANE state */ SSL_DANE dane; @@ -1472,12 +1485,12 @@ unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ - EVP_MD_CTX *read_hash; /* used for mac generation */ - COMP_CTX *compress; /* compression */ - COMP_CTX *expand; /* uncompress */ + EVP_MD_CTX *read_hash; /* used for mac generation */ + COMP_CTX *compress; /* compression */ + COMP_CTX *expand; /* uncompress */ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ - EVP_MD_CTX *write_hash; /* used for mac generation */ + EVP_MD_CTX *write_hash; /* used for mac generation */ /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ @@ -1491,8 +1504,9 @@ size_t cert_verify_hash_len; /* Flag to indicate whether we should send a HelloRetryRequest or not */ - enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE} - hello_retry_request; + enum { SSL_HRR_NONE = 0, + SSL_HRR_PENDING, + SSL_HRR_COMPLETE } hello_retry_request; /* * the session_id_context is used to ensure sessions are only reused in @@ -1521,17 +1535,17 @@ */ uint32_t verify_mode; /* fail if callback returns 0 */ - int (*verify_callback) (int ok, X509_STORE_CTX *ctx); + int (*verify_callback)(int ok, X509_STORE_CTX *ctx); /* optional informational callback */ - void (*info_callback) (const SSL *ssl, int type, int val); + void (*info_callback)(const SSL *ssl, int type, int val); /* error bytes to be written */ int error; /* actual code */ int error_code; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK SSL_psk_client_cb_func psk_client_callback; SSL_psk_server_cb_func psk_server_callback; -# endif +#endif SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb; @@ -1581,7 +1595,7 @@ uint8_t extflags[TLSEXT_IDX_num_builtins]; /* TLS extension debug callback */ void (*debug_cb)(SSL *s, int client_server, int type, - const unsigned char *data, int len, void *arg); + const unsigned char *data, int len, void *arg); void *debug_arg; char *hostname; /* certificate status request info */ @@ -1619,7 +1633,7 @@ uint16_t *supportedgroups; size_t peer_supportedgroups_len; - /* peer's list */ + /* peer's list */ uint16_t *peer_supportedgroups; /* TLS Session Ticket extension override */ @@ -1695,7 +1709,7 @@ * 2 : don't call servername callback, no ack in server hello */ int servername_done; -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT /* * Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * If they are not, the connection should be aborted. @@ -1710,14 +1724,14 @@ STACK_OF(SCT) *scts; /* Have we attempted to find/parse SCTs yet? */ int scts_parsed; -# endif - SSL_CTX *session_ctx; /* initial ctx, used to store sessions */ -# ifndef OPENSSL_NO_SRTP +#endif + SSL_CTX *session_ctx; /* initial ctx, used to store sessions */ +#ifndef OPENSSL_NO_SRTP /* What we'll do */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; -# endif +#endif /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -1729,20 +1743,20 @@ /* Post-handshake authentication state */ SSL_PHA_STATE post_handshake_auth; int pha_enabled; - uint8_t* pha_context; + uint8_t *pha_context; size_t pha_context_len; int certreqs_sent; EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */ -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP /* ctx for SRP authentication */ SRP_CTX srp_ctx; -# endif +#endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. */ - int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); + int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure); RECORD_LAYER rlayer; /* Default password callback. */ pem_password_cb *default_passwd_callback; @@ -1804,7 +1818,7 @@ /* * Structure containing table entry of values associated with the signature * algorithms (signature scheme) extension -*/ + */ typedef struct sigalg_lookup_st { /* TLS 1.3 signature scheme name */ const char *name; @@ -1837,23 +1851,23 @@ /* DTLS structures */ -# ifndef OPENSSL_NO_SCTP -# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" -# endif +#ifndef OPENSSL_NO_SCTP +#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" +#endif /* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ -# define DTLS1_MAX_MTU_OVERHEAD 48 +#define DTLS1_MAX_MTU_OVERHEAD 48 /* * Flag used in message reuse to indicate the buffer contains the record * header as well as the handshake message header. */ -# define DTLS1_SKIP_RECORD_HEADER 2 +#define DTLS1_SKIP_RECORD_HEADER 2 struct dtls1_retransmit_state { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ - COMP_CTX *compress; /* compression */ + EVP_MD_CTX *write_hash; /* used for mac generation */ + COMP_CTX *compress; /* compression */ SSL_SESSION *session; unsigned short epoch; }; @@ -1878,7 +1892,7 @@ typedef struct pitem_st pitem; struct pitem_st { - unsigned char priority[8]; /* 64-bit value in big-endian encoding */ + unsigned char priority[8]; /* 64-bit value in big-endian encoding */ void *data; pitem *next; }; @@ -1909,8 +1923,8 @@ pqueue *buffered_messages; /* Buffered (sent) handshake records */ pqueue *sent_messages; - size_t link_mtu; /* max on-the-wire DTLS packet size */ - size_t mtu; /* max DTLS packet size */ + size_t link_mtu; /* max on-the-wire DTLS packet size */ + size_t mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; struct hm_header_st r_msg_hdr; /* Number of alerts received so far */ @@ -1923,9 +1937,9 @@ unsigned int timeout_duration_us; unsigned int retransmitting; -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP int shutdown_received; -# endif +#endif DTLS_timer_cb timer_cb; @@ -1934,9 +1948,9 @@ /* * From ECC-TLS draft, used in encoding the curve type in ECParameters */ -# define EXPLICIT_PRIME_CURVE_TYPE 1 -# define EXPLICIT_CHAR2_CURVE_TYPE 2 -# define NAMED_CURVE_TYPE 3 +#define EXPLICIT_PRIME_CURVE_TYPE 1 +#define EXPLICIT_CHAR2_CURVE_TYPE 2 +#define NAMED_CURVE_TYPE 3 struct cert_pkey_st { X509 *x509; @@ -1954,10 +1968,10 @@ size_t serverinfo_length; }; /* Retrieve Suite B flags */ -# define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) +#define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) /* Uses to check strict mode: suite B modes are always strict */ -# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \ - (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT) +#define SSL_CERT_FLAGS_CHECK_TLS_STRICT \ + (SSL_CERT_FLAG_SUITEB_128_LOS | SSL_CERT_FLAG_TLS_STRICT) typedef enum { ENDPOINT_CLIENT = 0, @@ -1965,7 +1979,6 @@ ENDPOINT_BOTH } ENDPOINT; - typedef struct { unsigned short ext_type; ENDPOINT role; @@ -1989,12 +2002,12 @@ * Indicates an extension has been received. Used to check for unsolicited or * duplicate extensions. */ -# define SSL_EXT_FLAG_RECEIVED 0x1 +#define SSL_EXT_FLAG_RECEIVED 0x1 /* * Indicates an extension has been sent: used to enable sending of * corresponding ServerHello extension. */ -# define SSL_EXT_FLAG_SENT 0x2 +#define SSL_EXT_FLAG_SENT 0x2 typedef struct { custom_ext_method *meths; @@ -2011,7 +2024,7 @@ CERT_PKEY *key; EVP_PKEY *dh_tmp; - DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); + DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); int dh_tmp_auto; /* Flags related to certificates */ uint32_t cert_flags; @@ -2044,7 +2057,7 @@ * allows advanced applications to select certificates on the fly: for * example based on supported signature algorithms or curves. */ - int (*cert_cb) (SSL *ssl, void *arg); + int (*cert_cb)(SSL *ssl, void *arg); void *cert_cb_arg; /* * Optional X509_STORE for chain building or certificate validation If @@ -2055,83 +2068,83 @@ /* Custom extensions */ custom_ext_methods custext; /* Security callback */ - int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, - void *other, void *ex); + int (*sec_cb)(const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, + void *other, void *ex); /* Security level */ int sec_level; void *sec_ex; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK /* If not NULL psk identity hint to use for servers */ char *psk_identity_hint; -# endif - CRYPTO_REF_COUNT references; /* >1 only if SSL_copy_session_id is used */ +#endif + CRYPTO_REF_COUNT references; /* >1 only if SSL_copy_session_id is used */ CRYPTO_RWLOCK *lock; } CERT; -# define FP_ICC (int (*)(const void *,const void *)) +#define FP_ICC (int (*)(const void *, const void *)) /* * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit * of a mess of functions, but hell, think of it as an opaque structure :-) */ typedef struct ssl3_enc_method { - int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t); - int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); - int (*setup_key_block) (SSL *); - int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, - size_t, size_t *); - int (*change_cipher_state) (SSL *, int); - size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *); + int (*enc)(SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t); + int (*mac)(SSL *, SSL3_RECORD *, unsigned char *, int); + int (*setup_key_block)(SSL *); + int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, + size_t, size_t *); + int (*change_cipher_state)(SSL *, int); + size_t (*final_finish_mac)(SSL *, const char *, size_t, unsigned char *); const char *client_finished_label; size_t client_finished_label_len; const char *server_finished_label; size_t server_finished_label_len; - int (*alert_value) (int); - int (*export_keying_material) (SSL *, unsigned char *, size_t, - const char *, size_t, - const unsigned char *, size_t, - int use_context); + int (*alert_value)(int); + int (*export_keying_material)(SSL *, unsigned char *, size_t, + const char *, size_t, + const unsigned char *, size_t, + int use_context); /* Various flags indicating protocol version requirements */ uint32_t enc_flags; /* Set the handshake header */ - int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type); + int (*set_handshake_header)(SSL *s, WPACKET *pkt, int type); /* Close construction of the handshake message */ - int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype); + int (*close_construct_packet)(SSL *s, WPACKET *pkt, int htype); /* Write out handshake message */ - int (*do_write) (SSL *s); + int (*do_write)(SSL *s); } SSL3_ENC_METHOD; -# define ssl_set_handshake_header(s, pkt, htype) \ - s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) -# define ssl_close_construct_packet(s, pkt, htype) \ - s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype)) -# define ssl_do_write(s) s->method->ssl3_enc->do_write(s) +#define ssl_set_handshake_header(s, pkt, htype) \ + s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) +#define ssl_close_construct_packet(s, pkt, htype) \ + s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype)) +#define ssl_do_write(s) s->method->ssl3_enc->do_write(s) /* Values for enc_flags */ /* Uses explicit IV for CBC mode */ -# define SSL_ENC_FLAG_EXPLICIT_IV 0x1 +#define SSL_ENC_FLAG_EXPLICIT_IV 0x1 /* Uses signature algorithms extension */ -# define SSL_ENC_FLAG_SIGALGS 0x2 +#define SSL_ENC_FLAG_SIGALGS 0x2 /* Uses SHA256 default PRF */ -# define SSL_ENC_FLAG_SHA256_PRF 0x4 +#define SSL_ENC_FLAG_SHA256_PRF 0x4 /* Is DTLS */ -# define SSL_ENC_FLAG_DTLS 0x8 +#define SSL_ENC_FLAG_DTLS 0x8 /* * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may * apply to others in future. */ -# define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10 +#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10 -# ifndef OPENSSL_NO_COMP +#ifndef OPENSSL_NO_COMP /* Used for holding the relevant compression methods loaded into SSL_CTX */ typedef struct ssl3_comp_st { - int comp_id; /* The identifier byte for this compression - * type */ - char *name; /* Text name used for the compression type */ - COMP_METHOD *method; /* The method :-) */ + int comp_id; /* The identifier byte for this compression + * type */ + char *name; /* Text name used for the compression type */ + COMP_METHOD *method; /* The method :-) */ } SSL3_COMP; -# endif +#endif typedef enum downgrade_en { DOWNGRADE_NONE, @@ -2143,55 +2156,54 @@ * Dummy status type for the status_type extension. Indicates no status type * set */ -#define TLSEXT_STATUSTYPE_nothing -1 +#define TLSEXT_STATUSTYPE_nothing -1 /* Sigalgs values */ -#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403 -#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503 -#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603 -#define TLSEXT_SIGALG_ecdsa_sha224 0x0303 -#define TLSEXT_SIGALG_ecdsa_sha1 0x0203 -#define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804 -#define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805 -#define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806 -#define TLSEXT_SIGALG_rsa_pss_pss_sha256 0x0809 -#define TLSEXT_SIGALG_rsa_pss_pss_sha384 0x080a -#define TLSEXT_SIGALG_rsa_pss_pss_sha512 0x080b -#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401 -#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501 -#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601 -#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301 -#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201 -#define TLSEXT_SIGALG_dsa_sha256 0x0402 -#define TLSEXT_SIGALG_dsa_sha384 0x0502 -#define TLSEXT_SIGALG_dsa_sha512 0x0602 -#define TLSEXT_SIGALG_dsa_sha224 0x0302 -#define TLSEXT_SIGALG_dsa_sha1 0x0202 -#define TLSEXT_SIGALG_gostr34102012_256_intrinsic 0x0840 -#define TLSEXT_SIGALG_gostr34102012_512_intrinsic 0x0841 -#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee -#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef -#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded - -#define TLSEXT_SIGALG_ed25519 0x0807 -#define TLSEXT_SIGALG_ed448 0x0808 +#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403 +#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503 +#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603 +#define TLSEXT_SIGALG_ecdsa_sha224 0x0303 +#define TLSEXT_SIGALG_ecdsa_sha1 0x0203 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806 +#define TLSEXT_SIGALG_rsa_pss_pss_sha256 0x0809 +#define TLSEXT_SIGALG_rsa_pss_pss_sha384 0x080a +#define TLSEXT_SIGALG_rsa_pss_pss_sha512 0x080b +#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401 +#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501 +#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601 +#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301 +#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201 +#define TLSEXT_SIGALG_dsa_sha256 0x0402 +#define TLSEXT_SIGALG_dsa_sha384 0x0502 +#define TLSEXT_SIGALG_dsa_sha512 0x0602 +#define TLSEXT_SIGALG_dsa_sha224 0x0302 +#define TLSEXT_SIGALG_dsa_sha1 0x0202 +#define TLSEXT_SIGALG_gostr34102012_256_intrinsic 0x0840 +#define TLSEXT_SIGALG_gostr34102012_512_intrinsic 0x0841 +#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee +#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef +#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded + +#define TLSEXT_SIGALG_ed25519 0x0807 +#define TLSEXT_SIGALG_ed448 0x0808 /* Known PSK key exchange modes */ -#define TLSEXT_KEX_MODE_KE 0x00 -#define TLSEXT_KEX_MODE_KE_DHE 0x01 +#define TLSEXT_KEX_MODE_KE 0x00 +#define TLSEXT_KEX_MODE_KE_DHE 0x01 /* * Internal representations of key exchange modes */ -#define TLSEXT_KEX_MODE_FLAG_NONE 0 -#define TLSEXT_KEX_MODE_FLAG_KE 1 -#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2 +#define TLSEXT_KEX_MODE_FLAG_NONE 0 +#define TLSEXT_KEX_MODE_FLAG_KE 1 +#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2 -#define SSL_USE_PSS(s) (s->s3.tmp.peer_sigalg != NULL && \ - s->s3.tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) +#define SSL_USE_PSS(s) (s->s3.tmp.peer_sigalg != NULL && s->s3.tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) /* A dummy signature value not valid for TLSv1.2 signature algs */ -#define TLSEXT_signature_rsa_pss 0x0101 +#define TLSEXT_signature_rsa_pss 0x0101 /* TLSv1.3 downgrade protection sentinel values */ extern const unsigned char tls11downgrade[8]; @@ -2234,125 +2246,125 @@ /* * Flags for SSL methods */ -# define SSL_METHOD_NO_FIPS (1U<<0) -# define SSL_METHOD_NO_SUITEB (1U<<1) - -# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, enc_data) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - version, \ - flags, \ - mask, \ - tls1_new, \ - tls1_clear, \ - tls1_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - ssl3_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - tls1_default_timeout, \ - &enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } - -# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - SSL3_VERSION, \ - SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \ - SSL_OP_NO_SSLv3, \ - ssl3_new, \ - ssl3_clear, \ - ssl3_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - ssl3_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - ssl3_default_timeout, \ - &SSLv3_enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } - -# define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, enc_data) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - version, \ - flags, \ - mask, \ - dtls1_new, \ - dtls1_clear, \ - dtls1_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - dtls1_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - dtls1_read_bytes, \ - dtls1_write_app_data_bytes, \ - dtls1_dispatch_alert, \ - dtls1_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - dtls1_default_timeout, \ - &enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } +#define SSL_METHOD_NO_FIPS (1U << 0) +#define SSL_METHOD_NO_SUITEB (1U << 1) + +#define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \ + s_connect, enc_data) \ + const SSL_METHOD *func_name(void) \ + { \ + static const SSL_METHOD func_name##_data = { \ + version, \ + flags, \ + mask, \ + tls1_new, \ + tls1_clear, \ + tls1_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + tls1_default_timeout, \ + &enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \ + const SSL_METHOD *func_name(void) \ + { \ + static const SSL_METHOD func_name##_data = { \ + SSL3_VERSION, \ + SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \ + SSL_OP_NO_SSLv3, \ + ssl3_new, \ + ssl3_clear, \ + ssl3_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + ssl3_default_timeout, \ + &SSLv3_enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \ + s_connect, enc_data) \ + const SSL_METHOD *func_name(void) \ + { \ + static const SSL_METHOD func_name##_data = { \ + version, \ + flags, \ + mask, \ + dtls1_new, \ + dtls1_clear, \ + dtls1_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + dtls1_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + dtls1_read_bytes, \ + dtls1_write_app_data_bytes, \ + dtls1_dispatch_alert, \ + dtls1_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + dtls1_default_timeout, \ + &enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } struct openssl_ssl_test_functions { - int (*p_ssl_init_wbio_buffer) (SSL *s); - int (*p_ssl3_setup_buffers) (SSL *s); + int (*p_ssl_init_wbio_buffer)(SSL *s); + int (*p_ssl3_setup_buffers)(SSL *s); }; const char *ssl_protocol_to_string(int version); @@ -2367,13 +2379,13 @@ } static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups, - size_t *pgroupslen) + size_t *pgroupslen) { *pgroups = s->ext.peer_supportedgroups; *pgroupslen = s->ext.peer_supportedgroups_len; } -# ifndef OPENSSL_UNIT_TEST +#ifndef OPENSSL_UNIT_TEST __owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes); __owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written); @@ -2386,68 +2398,68 @@ __owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); __owur int ssl_get_new_session(SSL *s, int session); __owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, - size_t sess_id_len); + size_t sess_id_len); __owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, - const SSL_CIPHER *const *bp); + const SSL_CIPHER *const *bp); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, - STACK_OF(SSL_CIPHER) *tls13_ciphersuites, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - const char *rule_str, - CERT *c); + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + const char *rule_str, + CERT *c); __owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, - STACK_OF(SSL_CIPHER) **skp, - STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, - int fatal); + STACK_OF(SSL_CIPHER) **skp, + STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, + int fatal); void ssl_update_cache(SSL *s, int mode); __owur int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, - const EVP_CIPHER **enc); + const EVP_CIPHER **enc); __owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s, - const EVP_CIPHER **enc, const EVP_MD **md, - int *mac_pkey_type, size_t *mac_secret_size, - SSL_COMP **comp, int use_etm); + const EVP_CIPHER **enc, const EVP_MD **md, + int *mac_pkey_type, size_t *mac_secret_size, + SSL_COMP **comp, int use_etm); __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, - size_t *int_overhead, size_t *blocksize, - size_t *ext_overhead); + size_t *int_overhead, size_t *blocksize, + size_t *ext_overhead); __owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, - const unsigned char *ptr, - int all); + const unsigned char *ptr, + int all); __owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_select_current(CERT *c, X509 *x); __owur int ssl_cert_set_current(CERT *c, long arg); -void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg); +void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg); __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, - int ref); + int ref); __owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, - void *other); + void *other); int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp); __owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, - size_t *pidx); + size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx); int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); __owur int ssl_get_server_cert_serverinfo(SSL *s, - const unsigned char **serverinfo, - size_t *serverinfo_length); + const unsigned char **serverinfo, + size_t *serverinfo_length); void ssl_set_masks(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_x509err2alert(int type); @@ -2456,22 +2468,22 @@ __owur int ssl_setup_sig_algs(SSL_CTX *ctx); int ssl_load_groups(SSL_CTX *ctx); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, - size_t len, DOWNGRADE dgrd); + size_t len, DOWNGRADE dgrd); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, - int free_pms); + int free_pms); __owur EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm); __owur int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen); __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, - int genmaster); + int genmaster); __owur int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, - const unsigned char *ct, size_t ctlen, - int gensecret); + const unsigned char *ct, size_t ctlen, + int gensecret); __owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, - unsigned char **ctp, size_t *ctlenp, - int gensecret); + unsigned char **ctp, size_t *ctlenp, + int gensecret); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); __owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, - void *key); + void *key); __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl); __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl); @@ -2479,7 +2491,7 @@ __owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, - size_t *len); + size_t *len); int ssl3_init_finished_mac(SSL *s); __owur int ssl3_setup_key_block(SSL *s); __owur int ssl3_change_cipher_state(SSL *s, int which); @@ -2487,25 +2499,25 @@ __owur int ssl3_do_write(SSL *s, int type); int ssl3_send_alert(SSL *s, int level, int desc); __owur int ssl3_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, size_t len, - size_t *secret_size); + unsigned char *p, size_t len, + size_t *secret_size); __owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt); __owur int ssl3_num_ciphers(void); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl, int initok); void ssl3_digest_master_key_set_params(const SSL_SESSION *session, - OSSL_PARAM params[]); + OSSL_PARAM params[]); __owur int ssl3_dispatch_alert(SSL *s); __owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, - unsigned char *p); + unsigned char *p); __owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); void ssl3_free_digest_list(SSL *s); __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, - CERT_PKEY *cpk); + CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, - STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr); + STACK_OF(SSL_CIPHER) *clnt, + STACK_OF(SSL_CIPHER) *srvr); __owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); @@ -2516,8 +2528,8 @@ int ssl3_clear(SSL *s); __owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); __owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); -__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); -__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); +__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); +__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); __owur int ssl3_do_change_cipher_spec(SSL *ssl); __owur long ssl3_default_timeout(void); @@ -2532,27 +2544,27 @@ __owur int ssl_allow_compression(SSL *s); __owur int ssl_version_supported(const SSL *s, int version, - const SSL_METHOD **meth); + const SSL_METHOD **meth); __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); __owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, - DOWNGRADE *dgrd); + DOWNGRADE *dgrd); __owur int ssl_choose_client_version(SSL *s, int version, - RAW_EXTENSION *extensions); + RAW_EXTENSION *extensions); __owur int ssl_get_min_max_version(const SSL *s, int *min_version, - int *max_version, int *real_max); + int *max_version, int *real_max); __owur long tls1_default_timeout(void); __owur int dtls1_do_write(SSL *s, int type); void dtls1_set_message_header(SSL *s, - unsigned char mt, - size_t len, - size_t frag_off, size_t frag_len); + unsigned char mt, + size_t len, + size_t frag_off, size_t frag_len); int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, - size_t *written); + size_t *written); __owur int dtls1_read_failed(SSL *s, int code); __owur int dtls1_buffer_message(SSL *s, int ccs); @@ -2562,7 +2574,7 @@ void dtls1_clear_received_buffer(SSL *s); void dtls1_clear_sent_buffer(SSL *s); void dtls1_get_message_header(unsigned char *data, - struct hm_header_st *msg_hdr); + struct hm_header_st *msg_hdr); __owur long dtls1_default_timeout(void); __owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); __owur int dtls1_check_timeout_num(SSL *s); @@ -2571,7 +2583,7 @@ void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - size_t cookie_len); + size_t cookie_len); __owur size_t dtls1_min_mtu(SSL *s); void dtls1_hm_fragment_free(hm_fragment *frag); __owur int dtls1_query_mtu(SSL *s); @@ -2594,53 +2606,53 @@ __owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_setup_key_block(SSL *s); __owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *p); + unsigned char *p); __owur int tls1_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, size_t len, - size_t *secret_size); + unsigned char *p, size_t len, + size_t *secret_size); __owur int tls13_setup_key_block(SSL *s); __owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *p); + unsigned char *p); __owur int tls13_change_cipher_state(SSL *s, int which); __owur int tls13_update_key(SSL *s, int send); __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md, - const unsigned char *secret, - const unsigned char *label, size_t labellen, - const unsigned char *data, size_t datalen, - unsigned char *out, size_t outlen, int fatal); + const unsigned char *secret, + const unsigned char *label, size_t labellen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outlen, int fatal); __owur int tls13_derive_key(SSL *s, const EVP_MD *md, - const unsigned char *secret, unsigned char *key, - size_t keylen); + const unsigned char *secret, unsigned char *key, + size_t keylen); __owur int tls13_derive_iv(SSL *s, const EVP_MD *md, - const unsigned char *secret, unsigned char *iv, - size_t ivlen); + const unsigned char *secret, unsigned char *iv, + size_t ivlen); __owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, - const unsigned char *secret, - unsigned char *fin, size_t finlen); + const unsigned char *secret, + unsigned char *fin, size_t finlen); int tls13_generate_secret(SSL *s, const EVP_MD *md, - const unsigned char *prevsecret, - const unsigned char *insecret, - size_t insecretlen, - unsigned char *outsecret); + const unsigned char *prevsecret, + const unsigned char *insecret, + size_t insecretlen, + unsigned char *outsecret); __owur int tls13_generate_handshake_secret(SSL *s, - const unsigned char *insecret, - size_t insecretlen); + const unsigned char *insecret, + size_t insecretlen); __owur int tls13_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *prev, size_t prevlen, - size_t *secret_size); + unsigned char *prev, size_t prevlen, + size_t *secret_size); __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *p, size_t plen, - int use_context); + const char *label, size_t llen, + const unsigned char *p, size_t plen, + int use_context); __owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen, int use_context); + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); __owur int tls13_export_keying_material_early(SSL *s, unsigned char *out, - size_t olen, const char *label, - size_t llen, - const unsigned char *context, - size_t contextlen); + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); __owur int tls1_alert_code(int code); __owur int tls13_alert_code(int code); __owur int ssl3_alert_code(int code); @@ -2655,29 +2667,29 @@ __owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); __owur uint16_t tls1_shared_group(SSL *s, int nmatch); __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, - int *curves, size_t ncurves); + int *curves, size_t ncurves); __owur int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, - const char *str); + const char *str); __owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); __owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion, - int maxversion, int isec, int *okfortls13); + int maxversion, int isec, int *okfortls13); __owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id); void tls1_get_formatlist(SSL *s, const unsigned char **pformats, - size_t *num_formats); + size_t *num_formats); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur int tls_group_allowed(SSL *s, uint16_t curve, int op); void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, - size_t *pgroupslen); + size_t *pgroupslen); __owur int tls1_set_server_sigalgs(SSL *s); __owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, - SSL_SESSION **ret); + SSL_SESSION **ret); __owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, - size_t eticklen, - const unsigned char *sess_id, - size_t sesslen, SSL_SESSION **psess); + size_t eticklen, + const unsigned char *sess_id, + size_t sesslen, SSL_SESSION **psess); __owur int tls_use_ticket(SSL *s); @@ -2685,22 +2697,22 @@ __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); __owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, - int client); + int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, - int client); + int client); int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, - int idx); + int idx); void tls1_set_cert_validity(SSL *s); -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT __owur int ssl_validate_ct(SSL *s); -# endif +#endif __owur EVP_PKEY *ssl_get_auto_dh(SSL *s); __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, - int vfy); + int vfy); int tls_choose_sigalg(SSL *s, int fatalerrs); @@ -2708,13 +2720,13 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash); __owur long ssl_get_algorithm2(SSL *s); __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, - const uint16_t *psig, size_t psiglen); + const uint16_t *psig, size_t psiglen); __owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen); __owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert); __owur int tls1_process_sigalgs(SSL *s); __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); __owur int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, - const EVP_MD **pmd); + const EVP_MD **pmd); __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); __owur int tls_check_sigalg_curve(const SSL *s, int curve); __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); @@ -2722,7 +2734,7 @@ __owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, - size_t *hashlen); + size_t *hashlen); __owur const EVP_MD *ssl_md(SSL_CTX *ctx, int idx); __owur const EVP_MD *ssl_handshake_md(SSL *s); __owur const EVP_MD *ssl_prf_md(SSL *s); @@ -2734,10 +2746,10 @@ * |encrypted_premaster|. */ __owur int ssl_log_rsa_client_key_exchange(SSL *ssl, - const uint8_t *encrypted_premaster, - size_t encrypted_premaster_len, - const uint8_t *premaster, - size_t premaster_len); + const uint8_t *encrypted_premaster, + size_t encrypted_premaster_len, + const uint8_t *premaster, + size_t premaster_len); /* * ssl_log_secret logs |secret| to the SSL_CTX associated with |ssl|, if @@ -2745,7 +2757,7 @@ * the entry with |label|. */ __owur int ssl_log_secret(SSL *ssl, const char *label, - const uint8_t *secret, size_t secret_len); + const uint8_t *secret, size_t secret_len); #define MASTER_SECRET_LABEL "CLIENT_RANDOM" #define CLIENT_EARLY_LABEL "CLIENT_EARLY_TRAFFIC_SECRET" @@ -2758,28 +2770,28 @@ #define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET" #define EXPORTER_SECRET_LABEL "EXPORTER_SECRET" -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS /* ktls.c */ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - const EVP_CIPHER_CTX *dd); -int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, - int is_tx, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size); -# endif + const EVP_CIPHER_CTX *dd); +int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + void *rl_sequence, ktls_crypto_info_t *crypto_info, + unsigned char **rec_seq, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size); +#endif /* s3_cbc.c */ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); __owur int ssl3_cbc_digest_record(const EVP_MD *md, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char *header, - const unsigned char *data, - size_t data_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - size_t mac_secret_length, char is_sslv3); + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); __owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL *s); @@ -2792,21 +2804,21 @@ /* statem/extensions_cust.c */ custom_ext_method *custom_ext_find(const custom_ext_methods *exts, - ENDPOINT role, unsigned int ext_type, - size_t *idx); + ENDPOINT role, unsigned int ext_type, + size_t *idx); void custom_ext_init(custom_ext_methods *meths); __owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, - const unsigned char *ext_data, size_t ext_size, - X509 *x, size_t chainidx); + const unsigned char *ext_data, size_t ext_size, + X509 *x, size_t chainidx); __owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, - size_t chainidx, int maxversion); + size_t chainidx, int maxversion); __owur int custom_exts_copy(custom_ext_methods *dst, - const custom_ext_methods *src); + const custom_ext_methods *src); __owur int custom_exts_copy_flags(custom_ext_methods *dst, - const custom_ext_methods *src); + const custom_ext_methods *src); void custom_exts_free(custom_ext_methods *exts); void ssl_comp_free_compression_methods_int(void); @@ -2815,19 +2827,19 @@ void ssl_ctx_system_config(SSL_CTX *ctx); const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties); + int nid, + const char *properties); int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher); void ssl_evp_cipher_free(const EVP_CIPHER *cipher); const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties); + int nid, + const char *properties); int ssl_evp_md_up_ref(const EVP_MD *md); void ssl_evp_md_free(const EVP_MD *md); int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md); + const EVP_CIPHER *ciph, + const EVP_MD *md); void tls_engine_finish(ENGINE *e); const EVP_CIPHER *tls_get_cipher_from_engine(int nid); @@ -2848,14 +2860,14 @@ int ssl_srp_calc_a_param_intern(SSL *s); int ssl_srp_server_param_with_username_intern(SSL *s, int *ad); -void ssl_session_calculate_timeout(SSL_SESSION* ss); +void ssl_session_calculate_timeout(SSL_SESSION *ss); -# else /* OPENSSL_UNIT_TEST */ +#else /* OPENSSL_UNIT_TEST */ -# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer -# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers +#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer +#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers -# endif +#endif /* Some helper routines to support TSAN operations safely */ static ossl_unused ossl_inline int ssl_tsan_lock(const SSL_CTX *ctx) @@ -2875,7 +2887,7 @@ } static ossl_unused ossl_inline void ssl_tsan_counter(const SSL_CTX *ctx, - TSAN_QUALIFIER int *stat) + TSAN_QUALIFIER int *stat) { if (ssl_tsan_lock(ctx)) { tsan_counter(stat); --- crypto/openssl/ssl/ssl_mcnf.c.orig +++ crypto/openssl/ssl/ssl_mcnf.c @@ -41,7 +41,7 @@ if (!conf_ssl_name_find(name, &idx)) { if (!system) ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME, - "name=%s", name); + "name=%s", name); goto err; } cmds = conf_ssl_get(idx, &name, &cmd_count); @@ -78,7 +78,7 @@ } if (!SSL_CONF_CTX_finish(cctx)) ++err; - err: +err: OSSL_LIB_CTX_set0_default(prev_libctx); SSL_CONF_CTX_free(cctx); return err == 0; --- crypto/openssl/ssl/ssl_rsa.c.orig +++ crypto/openssl/ssl/ssl_rsa.c @@ -20,10 +20,10 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ - | SSL_EXT_CLIENT_HELLO \ - | SSL_EXT_TLS1_2_SERVER_HELLO \ - | SSL_EXT_IGNORE_ON_RESUMPTION) +#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ + | SSL_EXT_CLIENT_HELLO \ + | SSL_EXT_TLS1_2_SERVER_HELLO \ + | SSL_EXT_IGNORE_ON_RESUMPTION) int SSL_use_certificate(SSL *ssl, X509 *x) { @@ -75,7 +75,7 @@ } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; cert = PEM_read_bio_X509(in, &x, ssl->default_passwd_callback, - ssl->default_passwd_callback_userdata); + ssl->default_passwd_callback_userdata); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -87,7 +87,7 @@ } ret = SSL_use_certificate(ssl, x); - end: +end: X509_free(x); BIO_free(in); return ret; @@ -104,7 +104,7 @@ return 0; } - if (d2i_X509(&x, &d, (long)len)== NULL) { + if (d2i_X509(&x, &d, (long)len) == NULL) { X509_free(x); ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); return 0; @@ -125,7 +125,7 @@ } if (c->pkeys[i].x509 != NULL - && !X509_check_private_key(c->pkeys[i].x509, pkey)) + && !X509_check_private_key(c->pkeys[i].x509, pkey)) return 0; EVP_PKEY_free(c->pkeys[i].privatekey); @@ -166,14 +166,14 @@ if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey_ex(in, NULL, - ssl->default_passwd_callback, - ssl->default_passwd_callback_userdata, - ssl->ctx->libctx, - ssl->ctx->propq); + ssl->default_passwd_callback, + ssl->default_passwd_callback_userdata, + ssl->ctx->libctx, + ssl->ctx->propq); } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx, - ssl->ctx->propq); + ssl->ctx->propq); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -184,13 +184,13 @@ } ret = SSL_use_PrivateKey(ssl, pkey); EVP_PKEY_free(pkey); - end: +end: BIO_free(in); return ret; } int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, - long len) + long len) { int ret; const unsigned char *p; @@ -198,7 +198,8 @@ p = d; if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx, - ssl->ctx->propq)) == NULL) { + ssl->ctx->propq)) + == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); return 0; } @@ -306,7 +307,7 @@ } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + ctx->default_passwd_callback_userdata); } if (cert == NULL) { ERR_raise(ERR_LIB_SSL, j); @@ -314,7 +315,7 @@ } ret = SSL_CTX_use_certificate(ctx, x); - end: +end: X509_free(x); BIO_free(in); return ret; @@ -370,9 +371,9 @@ if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey_ex(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata, - ctx->libctx, ctx->propq); + ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata, + ctx->libctx, ctx->propq); } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq); @@ -386,13 +387,13 @@ } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); - end: +end: BIO_free(in); return ret; } int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - const unsigned char *d, long len) + const unsigned char *d, long len) { int ret; const unsigned char *p; @@ -400,7 +401,8 @@ p = d; if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx, - ctx->propq)) == NULL) { + ctx->propq)) + == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); return 0; } @@ -427,8 +429,8 @@ if (ctx == NULL && ssl == NULL) return 0; - ERR_clear_error(); /* clear error stack for - * SSL_CTX_use_certificate() */ + ERR_clear_error(); /* clear error stack for + * SSL_CTX_use_certificate() */ if (ctx != NULL) { passwd_callback = ctx->default_passwd_callback; @@ -455,7 +457,8 @@ goto end; } if (PEM_read_bio_X509_AUX(in, &x, passwd_callback, - passwd_callback_userdata) == NULL) { + passwd_callback_userdata) + == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB); goto end; } @@ -466,8 +469,8 @@ ret = SSL_use_certificate(ssl, x); if (ERR_peek_error() != 0) - ret = 0; /* Key/certificate mismatch doesn't imply - * ret==0 ... */ + ret = 0; /* Key/certificate mismatch doesn't imply + * ret==0 ... */ if (ret) { /* * If we could set up our certificate, now proceed to the CA @@ -494,7 +497,8 @@ goto end; } if (PEM_read_bio_X509(in, &ca, passwd_callback, - passwd_callback_userdata) != NULL) { + passwd_callback_userdata) + != NULL) { if (ctx) r = SSL_CTX_add0_chain_cert(ctx, ca); else @@ -520,10 +524,10 @@ && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) ERR_clear_error(); else - ret = 0; /* some real error */ + ret = 0; /* some real error */ } - end: +end: X509_free(x); BIO_free(in); return ret; @@ -540,10 +544,10 @@ } static int serverinfo_find_extension(const unsigned char *serverinfo, - size_t serverinfo_length, - unsigned int extension_type, - const unsigned char **extension_data, - size_t *extension_length) + size_t serverinfo_length, + unsigned int extension_type, + const unsigned char **extension_data, + size_t *extension_length) { PACKET pkt, data; @@ -561,27 +565,28 @@ /* end of serverinfo */ if (PACKET_remaining(&pkt) == 0) - return 0; /* Extension not found */ + return 0; /* Extension not found */ if (!PACKET_get_net_4(&pkt, &context) - || !PACKET_get_net_2(&pkt, &type) - || !PACKET_get_length_prefixed_2(&pkt, &data)) + || !PACKET_get_net_2(&pkt, &type) + || !PACKET_get_length_prefixed_2(&pkt, &data)) return -1; if (type == extension_type) { *extension_data = PACKET_data(&data); - *extension_length = PACKET_remaining(&data);; - return 1; /* Success */ + *extension_length = PACKET_remaining(&data); + ; + return 1; /* Success */ } } /* Unreachable */ } static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *in, - size_t inlen, X509 *x, size_t chainidx, - int *al, void *arg) + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *arg) { if (inlen != 0) { @@ -593,18 +598,18 @@ } static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al, - arg); + arg); } static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char **out, - size_t *outlen, X509 *x, size_t chainidx, - int *al, void *arg) + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *arg) { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; @@ -615,28 +620,29 @@ /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo, - &serverinfo_length)) != 0) { + &serverinfo_length)) + != 0) { /* Find the relevant extension from the serverinfo */ int retval = serverinfo_find_extension(serverinfo, serverinfo_length, - ext_type, out, outlen); + ext_type, out, outlen); if (retval == -1) { *al = SSL_AD_INTERNAL_ERROR; - return -1; /* Error */ + return -1; /* Error */ } if (retval == 0) - return 0; /* No extension found, don't send extension */ - return 1; /* Send extension */ + return 0; /* No extension found, don't send extension */ + return 1; /* Send extension */ } - return 0; /* No serverinfo data found, don't send - * extension */ + return 0; /* No serverinfo data found, don't send + * extension */ } static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, size_t *outlen, - int *al, void *arg) + const unsigned char **out, size_t *outlen, + int *al, void *arg) { return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al, - arg); + arg); } /* @@ -645,8 +651,8 @@ * the included extensions. */ static int serverinfo_process_buffer(unsigned int version, - const unsigned char *serverinfo, - size_t serverinfo_length, SSL_CTX *ctx) + const unsigned char *serverinfo, + size_t serverinfo_length, SSL_CTX *ctx) { PACKET pkt; @@ -665,8 +671,8 @@ PACKET data; if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context)) - || !PACKET_get_net_2(&pkt, &ext_type) - || !PACKET_get_length_prefixed_2(&pkt, &data)) + || !PACKET_get_net_2(&pkt, &ext_type) + || !PACKET_get_length_prefixed_2(&pkt, &data)) return 0; if (ctx == NULL) @@ -685,17 +691,17 @@ */ if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) { if (!SSL_CTX_add_server_custom_ext(ctx, ext_type, - serverinfo_srv_add_cb, - NULL, NULL, - serverinfo_srv_parse_cb, - NULL)) + serverinfo_srv_add_cb, + NULL, NULL, + serverinfo_srv_parse_cb, + NULL)) return 0; } else { if (!SSL_CTX_add_custom_ext(ctx, ext_type, context, - serverinfoex_srv_add_cb, - NULL, NULL, - serverinfoex_srv_parse_cb, - NULL)) + serverinfoex_srv_add_cb, + NULL, NULL, + serverinfoex_srv_parse_cb, + NULL)) return 0; } } @@ -714,9 +720,9 @@ } static void extension_append(unsigned int version, - const unsigned char *extension, - const size_t extension_length, - unsigned char *serverinfo) + const unsigned char *extension, + const size_t extension_length, + unsigned char *serverinfo) { const size_t contextoff = extension_contextoff(version); @@ -732,8 +738,8 @@ } int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, - const unsigned char *serverinfo, - size_t serverinfo_length) + const unsigned char *serverinfo, + size_t serverinfo_length) { unsigned char *new_serverinfo = NULL; @@ -747,7 +753,7 @@ * over the converted serverinfo. */ const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1, - serverinfo_length); + serverinfo_length); unsigned char *sinfo; int ret; @@ -760,13 +766,13 @@ extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo); ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo, - sinfo_length); + sinfo_length); OPENSSL_free(sinfo); return ret; } if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, - NULL)) { + NULL)) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA); return 0; } @@ -775,7 +781,7 @@ return 0; } new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo, - serverinfo_length); + serverinfo_length); if (new_serverinfo == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; @@ -789,7 +795,7 @@ * register callbacks. */ if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, - ctx)) { + ctx)) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA); return 0; } @@ -797,10 +803,10 @@ } int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, - size_t serverinfo_length) + size_t serverinfo_length) { return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo, - serverinfo_length); + serverinfo_length); } int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) @@ -846,7 +852,7 @@ if (num_extensions == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS); goto end; - } else /* End of file, we're done */ + } else /* End of file, we're done */ break; } /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ @@ -874,16 +880,16 @@ if (version == SSL_SERVERINFOV1) { /* 4 byte header: 2 bytes type, 2 bytes len */ if (extension_length < 4 - || (extension[2] << 8) + extension[3] - != extension_length - 4) { + || (extension[2] << 8) + extension[3] + != extension_length - 4) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA); goto end; } } else { /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */ if (extension_length < 8 - || (extension[6] << 8) + extension[7] - != extension_length - 8) { + || (extension[6] << 8) + extension[7] + != extension_length - 8) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA); goto end; } @@ -897,7 +903,7 @@ } serverinfo = tmp; extension_append(version, extension, extension_length, - serverinfo + serverinfo_length); + serverinfo + serverinfo_length); serverinfo_length += append_length; OPENSSL_free(name); @@ -909,8 +915,8 @@ } ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo, - serverinfo_length); - end: + serverinfo_length); +end: /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */ OPENSSL_free(name); OPENSSL_free(header); @@ -921,7 +927,7 @@ } static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override) + STACK_OF(X509) *chain, int override) { int ret = 0; size_t i; @@ -983,9 +989,7 @@ goto out; } - if (!override && (c->pkeys[i].x509 != NULL - || c->pkeys[i].privatekey != NULL - || c->pkeys[i].chain != NULL)) { + if (!override && (c->pkeys[i].x509 != NULL || c->pkeys[i].privatekey != NULL || c->pkeys[i].chain != NULL)) { /* No override, and something already there */ ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE); goto out; @@ -993,7 +997,7 @@ if (chain != NULL) { dup_chain = X509_chain_up_ref(chain); - if (dup_chain == NULL) { + if (dup_chain == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); goto out; } @@ -1013,19 +1017,19 @@ c->key = &(c->pkeys[i]); ret = 1; - out: +out: EVP_PKEY_free(pubkey); return ret; } int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override) + STACK_OF(X509) *chain, int override) { return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override); } int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override) + STACK_OF(X509) *chain, int override) { return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override); } --- crypto/openssl/ssl/ssl_rsa_legacy.c.orig +++ crypto/openssl/ssl/ssl_rsa_legacy.c @@ -62,8 +62,8 @@ } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; rsa = PEM_read_bio_RSAPrivateKey(in, NULL, - SSL_get_default_passwd_cb(ssl), - SSL_get_default_passwd_cb_userdata(ssl)); + SSL_get_default_passwd_cb(ssl), + SSL_get_default_passwd_cb_userdata(ssl)); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -74,7 +74,7 @@ } ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); - end: +end: BIO_free(in); return ret; } @@ -144,8 +144,8 @@ } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; rsa = PEM_read_bio_RSAPrivateKey(in, NULL, - SSL_CTX_get_default_passwd_cb(ctx), - SSL_CTX_get_default_passwd_cb_userdata(ctx)); + SSL_CTX_get_default_passwd_cb(ctx), + SSL_CTX_get_default_passwd_cb_userdata(ctx)); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -156,13 +156,13 @@ } ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); RSA_free(rsa); - end: +end: BIO_free(in); return ret; } int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, - long len) + long len) { int ret; const unsigned char *p; --- crypto/openssl/ssl/ssl_sess.c.orig +++ crypto/openssl/ssl/ssl_sess.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -9,8 +9,8 @@ */ #if defined(__TANDEM) && defined(_SPT_MODEL_) -# include -# include /* timeval */ +#include +#include /* timeval */ #endif #include #include @@ -54,22 +54,23 @@ } #ifdef __DJGPP__ /* time_t is unsigned on djgpp, it's signed anywhere else */ -# define TMAX(_type_) ((time_t)-1) +#define TMAX(_type_) ((time_t)-1) #else -# define TMAX(_type_) ((time_t)(((_type_)-1) >> 1)) +#define TMAX(_type_) ((time_t)(((_type_) - 1) >> 1)) #endif -#define CALCULATE_TIMEOUT(_ss_, _type_) do { \ - _type_ overflow; \ - time_t tmax = TMAX(_type_); \ - overflow = (_type_)tmax - (_type_)(_ss_)->time; \ - if ((_ss_)->timeout > (time_t)overflow) { \ - (_ss_)->timeout_ovf = 1; \ +#define CALCULATE_TIMEOUT(_ss_, _type_) \ + do { \ + _type_ overflow; \ + time_t tmax = TMAX(_type_); \ + overflow = (_type_)tmax - (_type_)(_ss_)->time; \ + if ((_ss_)->timeout > (time_t)overflow) { \ + (_ss_)->timeout_ovf = 1; \ (_ss_)->calc_timeout = (_ss_)->timeout - (time_t)overflow; \ - } else { \ - (_ss_)->timeout_ovf = 0; \ - (_ss_)->calc_timeout = (_ss_)->time + (_ss_)->timeout; \ - } \ + } else { \ + (_ss_)->timeout_ovf = 0; \ + (_ss_)->calc_timeout = (_ss_)->time + (_ss_)->timeout; \ + } \ } while (0) /* * Calculates effective timeout, saving overflow state @@ -148,9 +149,9 @@ } ss->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_UNSPECIFIED; - ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ + ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; - ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ + ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ ss->time = time(NULL); ssl_session_calculate_timeout(ss); ss->lock = CRYPTO_THREAD_lock_new(); @@ -245,7 +246,7 @@ #endif if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, - &dest->ex_data, &src->ex_data)) { + &dest->ex_data, &src->ex_data)) { goto err; } @@ -257,8 +258,7 @@ } if (ticket != 0 && src->ext.tick != NULL) { - dest->ext.tick = - OPENSSL_memdup(src->ext.tick, src->ext.ticklen); + dest->ext.tick = OPENSSL_memdup(src->ext.tick, src->ext.ticklen); if (dest->ext.tick == NULL) goto err; } else { @@ -268,7 +268,7 @@ if (src->ext.alpn_selected != NULL) { dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected, - src->ext.alpn_selected_len); + src->ext.alpn_selected_len); if (dest->ext.alpn_selected == NULL) goto err; } @@ -283,14 +283,13 @@ #endif if (src->ticket_appdata != NULL) { - dest->ticket_appdata = - OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len); + dest->ticket_appdata = OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len); if (dest->ticket_appdata == NULL) goto err; } return dest; - err: +err: ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(dest); return NULL; @@ -324,7 +323,7 @@ return s->session_id; } const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, - unsigned int *len) + unsigned int *len) { if (len != NULL) *len = (unsigned int)s->sid_ctx_length; @@ -349,14 +348,13 @@ #define MAX_SESS_ID_ATTEMPTS 10 static int def_generate_session_id(SSL *ssl, unsigned char *id, - unsigned int *id_len) + unsigned int *id_len) { unsigned int retry = 0; do if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0) return 0; - while (SSL_has_matching_session_id(ssl, id, *id_len) && - (++retry < MAX_SESS_ID_ATTEMPTS)) ; + while (SSL_has_matching_session_id(ssl, id, *id_len) && (++retry < MAX_SESS_ID_ATTEMPTS)); if (retry < MAX_SESS_ID_ATTEMPTS) return 1; /* else - woops a session_id match */ @@ -418,7 +416,7 @@ if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) { CRYPTO_THREAD_unlock(s->lock); SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); return 0; } if (s->generate_session_id) @@ -433,7 +431,7 @@ if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); + SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); return 0; } /* @@ -443,13 +441,13 @@ if (tmp == 0 || tmp > ss->session_id_length) { /* The callback set an illegal length */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); + SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); return 0; } ss->session_id_length = tmp; /* Finally, check for a conflict */ if (SSL_has_matching_session_id(s, ss->session_id, - (unsigned int)ss->session_id_length)) { + (unsigned int)ss->session_id_length)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT); return 0; } @@ -514,12 +512,13 @@ } SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, - size_t sess_id_len) + size_t sess_id_len) { SSL_SESSION *ret = NULL; if ((s->session_ctx->session_cache_mode - & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) { + & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) + == 0) { SSL_SESSION data; data.ssl_version = s->version; @@ -554,7 +553,7 @@ return NULL; } ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_cb_hit); + &s->session_ctx->stats.sess_cb_hit); /* * Increment reference count now if the session callback asks us @@ -570,8 +569,7 @@ * Add the externally cached session to the internal cache as * well if and only if we are supposed to. */ - if ((s->session_ctx->session_cache_mode & - SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) { + if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) { /* * Either return value of SSL_CTX_add_session should not * interrupt the session resumption process. The return @@ -612,18 +610,21 @@ SSL_TICKET_STATUS r; if (SSL_IS_TLS13(s)) { + SSL_SESSION_free(s->session); + s->session = NULL; /* * By default we will send a new ticket. This can be overridden in the * ticket processing. */ s->ext.ticket_expected = 1; if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, - SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, - NULL, 0) - || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO, - hello->pre_proc_exts, NULL, 0)) + SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, + NULL, 0) + || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO, + hello->pre_proc_exts, NULL, 0)) return -1; + /* If we resumed, s->session will now be set */ ret = s->session; } else { /* sets s->ext.ticket_expected */ @@ -639,7 +640,7 @@ if (hello->session_id_len > 0) { try_session_cache = 1; ret = lookup_sess_in_cache(s, hello->session_id, - hello->session_id_len); + hello->session_id_len); } break; case SSL_TICKET_NO_DECRYPT: @@ -664,7 +665,7 @@ * We have the session requested by the client, but we don't want to * use it in this context. */ - goto err; /* treat like cache miss */ + goto err; /* treat like cache miss */ } if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { @@ -679,7 +680,7 @@ */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } @@ -697,7 +698,7 @@ if (ret->flags & SSL_SESS_FLAG_EXTMS) { /* If old session includes extms, but new does not: abort handshake */ if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); fatal = 1; goto err; } @@ -716,7 +717,7 @@ s->verify_result = s->session->verify_result; return 1; - err: +err: if (ret != NULL) { SSL_SESSION_free(ret); /* In TLSv1.3 s->session was already set to ret, so we NULL it out */ @@ -774,8 +775,7 @@ * obtain the same session from an external cache) */ s = NULL; - } else if (s == NULL && - lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) { + } else if (s == NULL && lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) { /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */ /* @@ -817,7 +817,7 @@ * count because it already takes into account the cache */ - SSL_SESSION_free(s); /* s == c */ + SSL_SESSION_free(s); /* s == c */ ret = 0; } CRYPTO_THREAD_unlock(ctx->lock); @@ -922,11 +922,11 @@ } int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, - unsigned int sid_len) + unsigned int sid_len) { if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { - ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG); - return 0; + ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG); + return 0; } s->session_id_length = sid_len; if (sid != s->session_id) @@ -1038,7 +1038,7 @@ } void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, - size_t *len) + size_t *len) { *len = s->ext.ticklen; if (tick != NULL) @@ -1058,15 +1058,15 @@ } void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, - const unsigned char **alpn, - size_t *len) + const unsigned char **alpn, + size_t *len) { *alpn = s->ext.alpn_selected; *len = s->ext.alpn_selected_len; } int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, - size_t len) + size_t len) { OPENSSL_free(s->ext.alpn_selected); if (alpn == NULL || len == 0) { @@ -1090,7 +1090,7 @@ } int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) + unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); @@ -1110,7 +1110,7 @@ * session ID. */ return !s->not_resumable - && (s->session_id_length > 0 || s->ext.ticklen > 0); + && (s->session_id_length > 0 || s->ext.ticklen > 0); } long SSL_CTX_set_timeout(SSL_CTX *s, long t) @@ -1131,8 +1131,8 @@ } int SSL_set_session_secret_cb(SSL *s, - tls_session_secret_cb_fn tls_session_secret_cb, - void *arg) + tls_session_secret_cb_fn tls_session_secret_cb, + void *arg) { if (s == NULL) return 0; @@ -1142,7 +1142,7 @@ } int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg) + void *arg) { if (s == NULL) return 0; @@ -1156,8 +1156,7 @@ if (s->version >= TLS1_VERSION) { OPENSSL_free(s->ext.session_ticket); s->ext.session_ticket = NULL; - s->ext.session_ticket = - OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); + s->ext.session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); if (s->ext.session_ticket == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; @@ -1228,9 +1227,7 @@ int ssl_clear_bad_session(SSL *s) { - if ((s->session != NULL) && - !(s->shutdown & SSL_SENT_SHUTDOWN) && - !(SSL_in_init(s) || SSL_in_before(s))) { + if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && !(SSL_in_init(s) || SSL_in_before(s))) { SSL_CTX_remove_session(s->session_ctx, s->session); return 1; } else @@ -1302,7 +1299,7 @@ * one session in the cache it will be caught above */ next = ctx->session_cache_head->next; - while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) { + while (next != (SSL_SESSION *)&(ctx->session_cache_tail)) { if (timeoutcmp(s, next) >= 0) { s->next = next; s->prev = next->prev; @@ -1318,76 +1315,82 @@ } void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess)) + int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { ctx->new_session_cb = cb; } -int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) { +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) +{ return ctx->new_session_cb; } void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess)) + void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) { ctx->remove_session_cb = cb; } -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx, - SSL_SESSION *sess) { +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX *ctx, + SSL_SESSION *sess) +{ return ctx->remove_session_cb; } void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*cb) (struct ssl_st *ssl, - const unsigned char *data, - int len, int *copy)) + SSL_SESSION *(*cb)(struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy)) { ctx->get_session_cb = cb; } -SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl, - const unsigned char - *data, int len, - int *copy) { +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, + const unsigned char + *data, + int len, + int *copy) +{ return ctx->get_session_cb; } void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb) (const SSL *ssl, int type, int val)) + void (*cb)(const SSL *ssl, int type, int val)) { ctx->info_callback = cb; } -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, - int val) { +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, + int val) +{ return ctx->info_callback; } void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey)) + int (*cb)(SSL *ssl, X509 **x509, + EVP_PKEY **pkey)) { ctx->client_cert_cb = cb; } -int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey) { +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, + EVP_PKEY **pkey) +{ return ctx->client_cert_cb; } void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - unsigned char *cookie, - unsigned int *cookie_len)) + int (*cb)(SSL *ssl, + unsigned char *cookie, + unsigned int *cookie_len)) { ctx->app_gen_cookie_cb = cb; } void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char *cookie, - unsigned int cookie_len)) + int (*cb)(SSL *ssl, + const unsigned char *cookie, + unsigned int cookie_len)) { ctx->app_verify_cookie_cb = cb; } @@ -1417,18 +1420,18 @@ void SSL_CTX_set_stateless_cookie_generate_cb( SSL_CTX *ctx, - int (*cb) (SSL *ssl, - unsigned char *cookie, - size_t *cookie_len)) + int (*cb)(SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)) { ctx->gen_stateless_cookie_cb = cb; } void SSL_CTX_set_stateless_cookie_verify_cb( SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char *cookie, - size_t cookie_len)) + int (*cb)(SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)) { ctx->verify_stateless_cookie_cb = cb; } --- crypto/openssl/ssl/ssl_txt.c.orig +++ crypto/openssl/ssl/ssl_txt.c @@ -47,17 +47,20 @@ if (x->cipher == NULL) { if (((x->cipher_id) & 0xff000000) == 0x02000000) { if (BIO_printf(bp, " Cipher : %06lX\n", - x->cipher_id & 0xffffff) <= 0) + x->cipher_id & 0xffffff) + <= 0) goto err; } else { if (BIO_printf(bp, " Cipher : %04lX\n", - x->cipher_id & 0xffff) <= 0) + x->cipher_id & 0xffff) + <= 0) goto err; } } else { if (BIO_printf(bp, " Cipher : %s\n", - ((x->cipher->name == NULL) ? "unknown" - : x->cipher->name)) <= 0) + ((x->cipher->name == NULL) ? "unknown" + : x->cipher->name)) + <= 0) goto err; } if (BIO_puts(bp, " Session-ID: ") <= 0) @@ -88,8 +91,7 @@ goto err; if (BIO_puts(bp, "\n PSK identity hint: ") <= 0) goto err; - if (BIO_printf - (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) + if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; #endif #ifndef OPENSSL_NO_SRP @@ -100,15 +102,15 @@ #endif if (x->ext.tick_lifetime_hint) { if (BIO_printf(bp, - "\n TLS session ticket lifetime hint: %ld (seconds)", - x->ext.tick_lifetime_hint) <= 0) + "\n TLS session ticket lifetime hint: %ld (seconds)", + x->ext.tick_lifetime_hint) + <= 0) goto err; } if (x->ext.tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; - if (BIO_dump_indent - (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) + if (BIO_dump_indent(bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) <= 0) goto err; } @@ -123,7 +125,8 @@ goto err; } else { if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, - comp->name) <= 0) + comp->name) + <= 0) goto err; } } @@ -142,21 +145,24 @@ if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, - X509_verify_cert_error_string(x->verify_result)) <= 0) + X509_verify_cert_error_string(x->verify_result)) + <= 0) goto err; if (BIO_printf(bp, " Extended master secret: %s\n", - x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) + x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") + <= 0) goto err; if (istls13) { if (BIO_printf(bp, " Max Early Data: %u\n", - x->ext.max_early_data) <= 0) + x->ext.max_early_data) + <= 0) goto err; } return 1; - err: +err: return 0; } @@ -197,6 +203,6 @@ goto err; return 1; - err: +err: return 0; } --- crypto/openssl/ssl/sslerr.h.orig +++ crypto/openssl/ssl/sslerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_SSLERR_H -# define OSSL_SSLERR_H -# pragma once +#define OSSL_SSLERR_H +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_SSL_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif --- crypto/openssl/ssl/statem/extensions.c.orig +++ crypto/openssl/ssl/statem/extensions.c @@ -8,8 +8,8 @@ */ #if defined(__TANDEM) && defined(_SPT_MODEL_) -# include -# include /* timeval */ +#include +#include /* timeval */ #endif #include @@ -36,12 +36,12 @@ static int init_sig_algs(SSL *s, unsigned int context); static int init_certificate_authorities(SSL *s, unsigned int context); static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, - unsigned int context, - X509 *x, - size_t chainidx); + unsigned int context, + X509 *x, + size_t chainidx); static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_SRP static int init_srp(SSL *s, unsigned int context); #endif @@ -76,16 +76,16 @@ int (*init)(SSL *s, unsigned int context); /* Parse extension sent from client to server */ int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); /* Parse extension send from server to client */ int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); /* Construct extension sent from server to client */ EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* Construct extension sent from client to server */ EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* * Finalise extension after parsing. Always called where an extensions was * initialised even if the extension was not present. |sent| is set to 1 if @@ -123,269 +123,225 @@ */ #define INVALID_EXTENSION { TLSEXT_TYPE_invalid, 0, NULL, NULL, NULL, NULL, NULL, NULL } static const EXTENSION_DEFINITION ext_defs[] = { - { - TLSEXT_TYPE_renegotiate, + { TLSEXT_TYPE_renegotiate, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate, tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate, - final_renegotiate - }, - { - TLSEXT_TYPE_server_name, + final_renegotiate }, + { TLSEXT_TYPE_server_name, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, init_server_name, tls_parse_ctos_server_name, tls_parse_stoc_server_name, tls_construct_stoc_server_name, tls_construct_ctos_server_name, - final_server_name - }, - { - TLSEXT_TYPE_max_fragment_length, + final_server_name }, + { TLSEXT_TYPE_max_fragment_length, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen, tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen, - final_maxfragmentlen - }, + final_maxfragmentlen }, #ifndef OPENSSL_NO_SRP - { - TLSEXT_TYPE_srp, + { TLSEXT_TYPE_srp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL - }, + init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_ec_point_formats, + { TLSEXT_TYPE_ec_point_formats, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, - final_ec_pt_formats - }, - { - /* - * "supported_groups" is spread across several specifications. - * It was originally specified as "elliptic_curves" in RFC 4492, - * and broadened to include named FFDH groups by RFC 7919. - * Both RFCs 4492 and 7919 do not include a provision for the server - * to indicate to the client the complete list of groups supported - * by the server, with the server instead just indicating the - * selected group for this connection in the ServerKeyExchange - * message. TLS 1.3 adds a scheme for the server to indicate - * to the client its list of supported groups in the - * EncryptedExtensions message, but none of the relevant - * specifications permit sending supported_groups in the ServerHello. - * Nonetheless (possibly due to the close proximity to the - * "ec_point_formats" extension, which is allowed in the ServerHello), - * there are several servers that send this extension in the - * ServerHello anyway. Up to and including the 1.1.0 release, - * we did not check for the presence of nonpermitted extensions, - * so to avoid a regression, we must permit this extension in the - * TLS 1.2 ServerHello as well. - * - * Note that there is no tls_parse_stoc_supported_groups function, - * so we do not perform any additional parsing, validation, or - * processing on the server's group list -- this is just a minimal - * change to preserve compatibility with these misbehaving servers. - */ + final_ec_pt_formats }, + { /* + * "supported_groups" is spread across several specifications. + * It was originally specified as "elliptic_curves" in RFC 4492, + * and broadened to include named FFDH groups by RFC 7919. + * Both RFCs 4492 and 7919 do not include a provision for the server + * to indicate to the client the complete list of groups supported + * by the server, with the server instead just indicating the + * selected group for this connection in the ServerKeyExchange + * message. TLS 1.3 adds a scheme for the server to indicate + * to the client its list of supported groups in the + * EncryptedExtensions message, but none of the relevant + * specifications permit sending supported_groups in the ServerHello. + * Nonetheless (possibly due to the close proximity to the + * "ec_point_formats" extension, which is allowed in the ServerHello), + * there are several servers that send this extension in the + * ServerHello anyway. Up to and including the 1.1.0 release, + * we did not check for the presence of nonpermitted extensions, + * so to avoid a regression, we must permit this extension in the + * TLS 1.2 ServerHello as well. + * + * Note that there is no tls_parse_stoc_supported_groups function, + * so we do not perform any additional parsing, validation, or + * processing on the server's group list -- this is just a minimal + * change to preserve compatibility with these misbehaving servers. + */ TLSEXT_TYPE_supported_groups, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_2_SERVER_HELLO, + | SSL_EXT_TLS1_2_SERVER_HELLO, NULL, tls_parse_ctos_supported_groups, NULL, tls_construct_stoc_supported_groups, - tls_construct_ctos_supported_groups, NULL - }, - { - TLSEXT_TYPE_session_ticket, + tls_construct_ctos_supported_groups, NULL }, + { TLSEXT_TYPE_session_ticket, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_session_ticket, tls_parse_ctos_session_ticket, tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket, - tls_construct_ctos_session_ticket, NULL - }, + tls_construct_ctos_session_ticket, NULL }, #ifndef OPENSSL_NO_OCSP - { - TLSEXT_TYPE_status_request, + { TLSEXT_TYPE_status_request, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_status_request, tls_parse_ctos_status_request, tls_parse_stoc_status_request, tls_construct_stoc_status_request, - tls_construct_ctos_status_request, NULL - }, + tls_construct_ctos_status_request, NULL }, #else INVALID_EXTENSION, #endif #ifndef OPENSSL_NO_NEXTPROTONEG - { - TLSEXT_TYPE_next_proto_neg, + { TLSEXT_TYPE_next_proto_neg, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn, - tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL - }, + tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL }, #else INVALID_EXTENSION, #endif - { - /* - * Must appear in this list after server_name so that finalisation - * happens after server_name callbacks - */ + { /* + * Must appear in this list after server_name so that finalisation + * happens after server_name callbacks + */ TLSEXT_TYPE_application_layer_protocol_negotiation, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn, - tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn - }, + tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn }, #ifndef OPENSSL_NO_SRTP - { - TLSEXT_TYPE_use_srtp, + { TLSEXT_TYPE_use_srtp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY, init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp, - tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL - }, + tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_encrypt_then_mac, + { TLSEXT_TYPE_encrypt_then_mac, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm, - tls_construct_stoc_etm, tls_construct_ctos_etm, NULL - }, + tls_construct_stoc_etm, tls_construct_ctos_etm, NULL }, #ifndef OPENSSL_NO_CT - { - TLSEXT_TYPE_signed_certificate_timestamp, + { TLSEXT_TYPE_signed_certificate_timestamp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, /* * No server side support for this, but can be provided by a custom * extension. This is an exception to the rule that custom extensions * cannot override built in ones. */ - NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL - }, + NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_extended_master_secret, + { TLSEXT_TYPE_extended_master_secret, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems, - tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems - }, - { - TLSEXT_TYPE_signature_algorithms_cert, + tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems }, + { TLSEXT_TYPE_signature_algorithms_cert, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_sig_algs_cert, tls_parse_ctos_sig_algs_cert, tls_parse_ctos_sig_algs_cert, /* We do not generate signature_algorithms_cert at present. */ - NULL, NULL, NULL - }, + NULL, NULL, NULL }, { TLSEXT_TYPE_post_handshake_auth, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY, init_post_handshake_auth, - tls_parse_ctos_post_handshake_auth, NULL, - NULL, tls_construct_ctos_post_handshake_auth, + tls_parse_ctos_post_handshake_auth, + NULL, + NULL, + tls_construct_ctos_post_handshake_auth, NULL, }, - { - TLSEXT_TYPE_signature_algorithms, + { TLSEXT_TYPE_signature_algorithms, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_sig_algs, tls_parse_ctos_sig_algs, tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs, - tls_construct_ctos_sig_algs, final_sig_algs - }, - { - TLSEXT_TYPE_supported_versions, + tls_construct_ctos_sig_algs, final_sig_algs }, + { TLSEXT_TYPE_supported_versions, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY, + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY, NULL, /* Processed inline as part of version selection */ NULL, tls_parse_stoc_supported_versions, tls_construct_stoc_supported_versions, - tls_construct_ctos_supported_versions, NULL - }, - { - TLSEXT_TYPE_psk_kex_modes, + tls_construct_ctos_supported_versions, NULL }, + { TLSEXT_TYPE_psk_kex_modes, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_ONLY, init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, - tls_construct_ctos_psk_kex_modes, NULL - }, - { - /* - * Must be in this list after supported_groups. We need that to have - * been parsed before we do this one. - */ + tls_construct_ctos_psk_kex_modes, NULL }, + { /* + * Must be in this list after supported_groups. We need that to have + * been parsed before we do this one. + */ TLSEXT_TYPE_key_share, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY + | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share, tls_construct_stoc_key_share, tls_construct_ctos_key_share, - final_key_share - }, - { - /* Must be after key_share */ + final_key_share }, + { /* Must be after key_share */ TLSEXT_TYPE_cookie, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie, - tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL - }, - { - /* - * Special unsolicited ServerHello extension only used when - * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but - * ignore it. - */ + tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL }, + { /* + * Special unsolicited ServerHello extension only used when + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but + * ignore it. + */ TLSEXT_TYPE_cryptopro_bug, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL - }, - { - TLSEXT_TYPE_early_data, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL }, + { TLSEXT_TYPE_early_data, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data, tls_construct_stoc_early_data, tls_construct_ctos_early_data, - final_early_data - }, + final_early_data }, { TLSEXT_TYPE_certificate_authorities, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_ONLY, init_certificate_authorities, - tls_parse_certificate_authorities, tls_parse_certificate_authorities, + tls_parse_certificate_authorities, + tls_parse_certificate_authorities, tls_construct_certificate_authorities, - tls_construct_certificate_authorities, NULL, + tls_construct_certificate_authorities, + NULL, }, - { - /* Must be immediately before pre_shared_key */ + { /* Must be immediately before pre_shared_key */ TLSEXT_TYPE_padding, SSL_EXT_CLIENT_HELLO, NULL, /* We send this, but don't read it */ - NULL, NULL, NULL, tls_construct_ctos_padding, NULL - }, - { - /* Required by the TLSv1.3 spec to always be the last extension */ + NULL, NULL, NULL, tls_construct_ctos_padding, NULL }, + { /* Required by the TLSv1.3 spec to always be the last extension */ TLSEXT_TYPE_psk, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, - tls_construct_ctos_psk, final_psk - } + tls_construct_ctos_psk, final_psk } }; /* Returns a TLSEXT_TYPE for the given index */ @@ -441,7 +397,7 @@ custom_ext_method *meth = NULL; meth = custom_ext_find(&s->cert->custext, role, thisext->type, - &offset); + &offset); if (!ossl_assert(meth != NULL)) return 0; context = meth->context; @@ -461,8 +417,8 @@ * the definition for the extension we found. */ static int verify_extension(SSL *s, unsigned int context, unsigned int type, - custom_ext_methods *meths, RAW_EXTENSION *rawexlist, - RAW_EXTENSION **found) + custom_ext_methods *meths, RAW_EXTENSION *rawexlist, + RAW_EXTENSION **found) { size_t i; size_t builtin_num = OSSL_NELEM(ext_defs); @@ -522,22 +478,22 @@ is_tls13 = SSL_IS_TLS13(s); if ((SSL_IS_DTLS(s) - && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) - || (s->version == SSL3_VERSION - && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) - /* - * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", - * which is never true when generating the ClientHello. - * However, version negotiation *has* occurred by the time the - * ClientHello extensions are being parsed. - * Be careful to allow TLS 1.3-only extensions when generating - * the ClientHello. - */ - || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) - || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0 - && (thisctx & SSL_EXT_CLIENT_HELLO) == 0) - || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) - || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) + && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) + || (s->version == SSL3_VERSION + && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) + /* + * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", + * which is never true when generating the ClientHello. + * However, version negotiation *has* occurred by the time the + * ClientHello extensions are being parsed. + * Be careful to allow TLS 1.3-only extensions when generating + * the ClientHello. + */ + || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) + || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) == 0) + || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) + || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) return 0; return 1; } @@ -559,7 +515,7 @@ * extensions that we know about. We ignore others. */ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, size_t *len, int init) + RAW_EXTENSION **res, size_t *len, int init) { PACKET extensions = *packet; size_t i = 0; @@ -590,8 +546,7 @@ PACKET extension; RAW_EXTENSION *thisex; - if (!PACKET_get_net_2(&extensions, &type) || - !PACKET_get_length_prefixed_2(&extensions, &extension)) { + if (!PACKET_get_net_2(&extensions, &type) || !PACKET_get_length_prefixed_2(&extensions, &extension)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); goto err; } @@ -601,10 +556,10 @@ * PSK extension, which must be the last one in the ClientHello. */ if (!verify_extension(s, context, type, exts, raw_extensions, &thisex) - || (thisex != NULL && thisex->present == 1) - || (type == TLSEXT_TYPE_psk - && (context & SSL_EXT_CLIENT_HELLO) != 0 - && PACKET_remaining(&extensions) != 0)) { + || (thisex != NULL && thisex->present == 1) + || (type == TLSEXT_TYPE_psk + && (context & SSL_EXT_CLIENT_HELLO) != 0 + && PACKET_remaining(&extensions) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); goto err; } @@ -624,20 +579,18 @@ * itself handle unsolicited response checks. */ if (idx < OSSL_NELEM(ext_defs) - && (context & (SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0 - && type != TLSEXT_TYPE_cookie - && type != TLSEXT_TYPE_renegotiate - && type != TLSEXT_TYPE_signed_certificate_timestamp - && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 + && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0 + && type != TLSEXT_TYPE_cookie + && type != TLSEXT_TYPE_renegotiate + && type != TLSEXT_TYPE_signed_certificate_timestamp + && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 #ifndef OPENSSL_NO_GOST - && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 - && type == TLSEXT_TYPE_cryptopro_bug) + && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 + && type == TLSEXT_TYPE_cryptopro_bug) #endif - ) { + ) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, - SSL_R_UNSOLICITED_EXTENSION); + SSL_R_UNSOLICITED_EXTENSION); goto err; } if (thisex != NULL) { @@ -647,9 +600,9 @@ thisex->received_order = i++; if (s->ext.debug_cb) s->ext.debug_cb(s, !s->server, thisex->type, - PACKET_data(&thisex->data), - PACKET_remaining(&thisex->data), - s->ext.debug_arg); + PACKET_data(&thisex->data), + PACKET_remaining(&thisex->data), + s->ext.debug_arg); } } @@ -659,7 +612,7 @@ * whether we have found them or not */ for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs); - i++, thisexd++) { + i++, thisexd++) { if (thisexd->init != NULL && (thisexd->context & context) != 0 && extension_is_relevant(s, thisexd->context, context) && !thisexd->init(s, context)) { @@ -674,7 +627,7 @@ *len = num_exts; return 1; - err: +err: OPENSSL_free(raw_extensions); return 0; } @@ -690,11 +643,12 @@ * present this counted as success. */ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, - RAW_EXTENSION *exts, X509 *x, size_t chainidx) + RAW_EXTENSION *exts, X509 *x, size_t chainidx) { RAW_EXTENSION *currext = &exts[idx]; int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) = NULL; + size_t chainidx) + = NULL; /* Skip if the extension is not present */ if (!currext->present) @@ -727,9 +681,9 @@ /* Parse custom extensions */ return custom_ext_parse(s, context, currext->type, - PACKET_data(&currext->data), - PACKET_remaining(&currext->data), - x, chainidx); + PACKET_data(&currext->data), + PACKET_remaining(&currext->data), + x, chainidx); } /* @@ -740,7 +694,7 @@ * its position in the |chainidx|, with 0 being the first certificate. */ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, - size_t chainidx, int fin) + size_t chainidx, int fin) { size_t i, numexts = OSSL_NELEM(ext_defs); const EXTENSION_DEFINITION *thisexd; @@ -762,7 +716,7 @@ * whether we have found them or not */ for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); - i++, thisexd++) { + i++, thisexd++) { if (thisexd->final != NULL && (thisexd->context & context) != 0 && !thisexd->final(s, context, exts[i].present)) { /* SSLfatal() already called */ @@ -775,7 +729,7 @@ } int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, - int max_version) + int max_version) { /* Skip if not relevant for our context */ if ((extctx & thisctx) == 0) @@ -783,9 +737,9 @@ /* Check if this extension is defined for our protocol. If not, skip */ if (!extension_is_relevant(s, extctx, thisctx) - || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 - && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 - && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) + || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 + && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) return 0; return 1; @@ -800,22 +754,21 @@ * failure construction stops at the first extension to fail to construct. */ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { size_t i; int min_version, max_version = 0, reason; const EXTENSION_DEFINITION *thisexd; if (!WPACKET_start_sub_packet_u16(pkt) - /* - * If extensions are of zero length then we don't even add the - * extensions length bytes to a ClientHello/ServerHello - * (for non-TLSv1.3). - */ - || ((context & - (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 - && !WPACKET_set_flags(pkt, - WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) { + /* + * If extensions are of zero length then we don't even add the + * extensions length bytes to a ClientHello/ServerHello + * (for non-TLSv1.3). + */ + || ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 + && !WPACKET_set_flags(pkt, + WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -840,7 +793,7 @@ for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) { EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN ret; /* Skip if not relevant for our context */ @@ -859,9 +812,7 @@ return 0; } if (ret == EXT_RETURN_SENT - && (context & (SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0) + && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0) s->ext.extflags[i] |= SSL_EXT_FLAG_SENT; } @@ -888,10 +839,10 @@ * renegotiation */ if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT) - && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) - && !sent) { + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + && !sent) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } @@ -900,19 +851,18 @@ /* Need RI if renegotiating */ if (s->renegotiate - && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) - && !sent) { + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + && !sent) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } - return 1; } static ossl_inline void ssl_tsan_decr(const SSL_CTX *ctx, - TSAN_QUALIFIER int *stat) + TSAN_QUALIFIER int *stat) { if (ssl_tsan_lock(ctx)) { tsan_decr(stat); @@ -945,10 +895,10 @@ if (s->ctx->ext.servername_cb != NULL) ret = s->ctx->ext.servername_cb(s, &altmp, - s->ctx->ext.servername_arg); + s->ctx->ext.servername_arg); else if (s->session_ctx->ext.servername_cb != NULL) ret = s->session_ctx->ext.servername_cb(s, &altmp, - s->session_ctx->ext.servername_arg); + s->session_ctx->ext.servername_arg); /* * For servers, propagate the SNI hostname from the temporary @@ -976,7 +926,7 @@ * exceed sess_accept (zero) for the new context. */ if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx - && s->hello_retry_request == SSL_HRR_NONE) { + && s->hello_retry_request == SSL_HRR_NONE) { ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept); ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept); } @@ -987,10 +937,10 @@ * Also, if this is not a resumption, create a new session ID */ if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected - && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) { + && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) { s->ext.ticket_expected = 0; if (!s->hit) { - SSL_SESSION* ss = SSL_get_session(s); + SSL_SESSION *ss = SSL_get_session(s); if (ss != NULL) { OPENSSL_free(ss->ext.tick); @@ -1046,10 +996,10 @@ * must contain uncompressed. */ if (s->ext.ecpointformats != NULL - && s->ext.ecpointformats_len > 0 - && s->ext.peer_ecpointformats != NULL - && s->ext.peer_ecpointformats_len > 0 - && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { + && s->ext.ecpointformats_len > 0 + && s->ext.peer_ecpointformats != NULL + && s->ext.peer_ecpointformats_len > 0 + && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list = s->ext.peer_ecpointformats; @@ -1060,7 +1010,7 @@ } if (i == s->ext.peer_ecpointformats_len) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); + SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); return 0; } } @@ -1120,7 +1070,7 @@ static int final_alpn(SSL *s, unsigned int context, int sent) { if (!s->server && !sent && s->session->ext.alpn_selected != NULL) - s->ext.early_data_ok = 0; + s->ext.early_data_ok = 0; if (!s->server || !SSL_IS_TLS13(s)) return 1; @@ -1209,8 +1159,7 @@ * Check extended master secret extension is consistent with * original session. */ - if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != - !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { + if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); return 0; } @@ -1227,9 +1176,9 @@ } static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, - unsigned int context, - X509 *x, - size_t chainidx) + unsigned int context, + X509 *x, + size_t chainidx) { const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s); @@ -1256,8 +1205,8 @@ } static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!parse_ca_names(s, pkt)) return 0; @@ -1282,7 +1231,7 @@ { if (!sent && SSL_IS_TLS13(s) && !s->hit) { SSLfatal(s, TLS13_AD_MISSING_EXTENSION, - SSL_R_MISSING_SIGALGS_EXTENSION); + SSL_R_MISSING_SIGALGS_EXTENSION); return 0; } @@ -1311,9 +1260,9 @@ * fail; */ if (!s->server - && !sent - && (!s->hit - || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) { + && !sent + && (!s->hit + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) { /* Nothing left we can do - just fail */ SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_NO_SUITABLE_KEY_SHARE); return 0; @@ -1356,7 +1305,7 @@ if (s->s3.peer_tmp != NULL) { /* We have a suitable key_share */ if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 - && !s->ext.cookieok) { + && !s->ext.cookieok) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { /* * If we are stateless then we wouldn't know about any @@ -1372,9 +1321,9 @@ } else { /* No suitable key_share */ if (s->hello_retry_request == SSL_HRR_NONE && sent - && (!s->hit - || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) - != 0)) { + && (!s->hit + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) + != 0)) { const uint16_t *pgroups, *clntgroups; size_t num_groups, clnt_num_groups, i; unsigned int group_id = 0; @@ -1392,11 +1341,11 @@ group_id = pgroups[i]; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, - 1) - && tls_group_allowed(s, group_id, - SSL_SECOP_CURVE_SUPPORTED) - && tls_valid_group(s, group_id, TLS1_3_VERSION, - TLS1_3_VERSION, 0, NULL)) + 1) + && tls_group_allowed(s, group_id, + SSL_SECOP_CURVE_SUPPORTED) + && tls_valid_group(s, group_id, TLS1_3_VERSION, + TLS1_3_VERSION, 0, NULL)) break; } @@ -1408,16 +1357,15 @@ } } if (!s->hit - || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { /* Nothing left we can do - just fail */ - SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE - : SSL_AD_MISSING_EXTENSION, - SSL_R_NO_SUITABLE_KEY_SHARE); + SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE : SSL_AD_MISSING_EXTENSION, + SSL_R_NO_SUITABLE_KEY_SHARE); return 0; } if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 - && !s->ext.cookieok) { + && !s->ext.cookieok) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { /* * If we are stateless then we wouldn't know about any @@ -1460,9 +1408,9 @@ } int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, - size_t binderoffset, const unsigned char *binderin, - unsigned char *binderout, SSL_SESSION *sess, int sign, - int external) + size_t binderoffset, const unsigned char *binderin, + unsigned char *binderout, SSL_SESSION *sess, int sign, + int external) { EVP_PKEY *mackey = NULL; EVP_MD_CTX *mctx = NULL; @@ -1471,7 +1419,7 @@ unsigned char *early_secret; #ifdef CHARSET_EBCDIC static const unsigned char resumption_label[] = { 0x72, 0x65, 0x73, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; - static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; + static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; #else static const unsigned char resumption_label[] = "res binder"; static const unsigned char external_label[] = "ext binder"; @@ -1490,9 +1438,9 @@ hashsize = (size_t)hashsizei; if (external - && s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->session->ext.max_early_data == 0 - && sess->ext.max_early_data > 0) + && s->early_data_state == SSL_EARLY_DATA_CONNECTING + && s->session->ext.max_early_data == 0 + && sess->ext.max_early_data > 0) usepskfored = 1; if (external) { @@ -1517,7 +1465,7 @@ early_secret = (unsigned char *)sess->early_secret; if (!tls13_generate_secret(s, md, NULL, sess->master_key, - sess->master_key_length, early_secret)) { + sess->master_key_length, early_secret)) { /* SSLfatal() already called */ goto err; } @@ -1528,15 +1476,15 @@ */ mctx = EVP_MD_CTX_new(); if (mctx == NULL - || EVP_DigestInit_ex(mctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + || EVP_DigestInit_ex(mctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } /* Generate the binder key */ if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, - hashsize, binderkey, hashsize, 1)) { + hashsize, binderkey, hashsize, 1)) { /* SSLfatal() already called */ goto err; } @@ -1562,8 +1510,7 @@ long hdatalen_l; void *hdata; - hdatalen = hdatalen_l = - BIO_get_mem_data(s->s3.handshake_buffer, &hdata); + hdatalen = hdatalen_l = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); if (hdatalen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; @@ -1578,10 +1525,10 @@ /* Find how many bytes are left after the first two messages */ if (!PACKET_buf_init(&hashprefix, hdata, hdatalen) - || !PACKET_forward(&hashprefix, 1) - || !PACKET_get_length_prefixed_3(&hashprefix, &msg) - || !PACKET_forward(&hashprefix, 1) - || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) { + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg) + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1595,14 +1542,14 @@ } if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0 - || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } mackey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, finishedkey, - hashsize); + s->ctx->propq, finishedkey, + hashsize); if (mackey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1613,10 +1560,11 @@ bindersize = hashsize; if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx, - s->ctx->propq, mackey, NULL) <= 0 - || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 - || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 - || bindersize != hashsize) { + s->ctx->propq, mackey, NULL) + <= 0 + || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 + || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 + || bindersize != hashsize) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1630,7 +1578,7 @@ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BINDER_DOES_NOT_VERIFY); } - err: +err: OPENSSL_cleanse(binderkey, sizeof(binderkey)); OPENSSL_cleanse(finishedkey, sizeof(finishedkey)); EVP_PKEY_free(mackey); @@ -1646,8 +1594,8 @@ if (!s->server) { if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - && sent - && !s->ext.early_data_ok) { + && sent + && !s->ext.early_data_ok) { /* * If we get here then the server accepted our early_data but we * later realised that it shouldn't have done (e.g. inconsistent @@ -1661,19 +1609,19 @@ } if (s->max_early_data == 0 - || !s->hit - || s->early_data_state != SSL_EARLY_DATA_ACCEPTING - || !s->ext.early_data_ok - || s->hello_retry_request != SSL_HRR_NONE - || (s->allow_early_data_cb != NULL - && !s->allow_early_data_cb(s, - s->allow_early_data_cb_data))) { + || !s->hit + || s->early_data_state != SSL_EARLY_DATA_ACCEPTING + || !s->ext.early_data_ok + || s->hello_retry_request != SSL_HRR_NONE + || (s->allow_early_data_cb != NULL + && !s->allow_early_data_cb(s, + s->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return 0; } @@ -1690,7 +1638,7 @@ /* Current SSL buffer is lower than requested MFL */ if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session)) + && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session)) /* trigger a larger buffer reallocation */ if (!ssl3_setup_buffers(s)) { /* SSLfatal() already called */ @@ -1714,9 +1662,9 @@ static int final_psk(SSL *s, unsigned int context, int sent) { if (s->server && sent && s->clienthello != NULL - && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { + && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { SSLfatal(s, TLS13_AD_MISSING_EXTENSION, - SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); + SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); return 0; } --- crypto/openssl/ssl/statem/extensions_clnt.c.orig +++ crypto/openssl/ssl/statem/extensions_clnt.c @@ -13,18 +13,18 @@ #include "statem_local.h" EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { /* Add RI if renegotiating */ if (!s->renegotiate) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -33,23 +33,23 @@ } EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->ext.hostname == NULL) return EXT_RETURN_NOT_SENT; /* Add TLS extension servername to the Client Hello message */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) - /* Sub-packet for server_name extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for servername list (always 1 hostname)*/ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, - strlen(s->ext.hostname)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for server_name extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for servername list (always 1 hostname)*/ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, + strlen(s->ext.hostname)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -59,8 +59,8 @@ /* Push a Max Fragment Len extension into ClientHello */ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_DISABLED) return EXT_RETURN_NOT_SENT; @@ -71,10 +71,10 @@ * 1 byte for the Max Fragment Length code value. */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length) - /* Sub-packet for Max Fragment Length extension (1 byte) */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode) - || !WPACKET_close(pkt)) { + /* Sub-packet for Max Fragment Length extension (1 byte) */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -84,22 +84,22 @@ #ifndef OPENSSL_NO_SRP EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { /* Add SRP username if there is one */ if (s->srp_ctx.login == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp) - /* Sub-packet for SRP extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - /* login must not be zero...internal error if so */ - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) - || !WPACKET_memcpy(pkt, s->srp_ctx.login, - strlen(s->srp_ctx.login)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for SRP extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + /* login must not be zero...internal error if so */ + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) + || !WPACKET_memcpy(pkt, s->srp_ctx.login, + strlen(s->srp_ctx.login)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -128,8 +128,8 @@ alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) - || (alg_a & SSL_aECDSA) - || c->min_tls >= TLS1_3_VERSION) { + || (alg_a & SSL_aECDSA) + || c->min_tls >= TLS1_3_VERSION) { ret = 1; break; } @@ -144,7 +144,7 @@ uint16_t ctmp = pgroups[j]; if (tls_valid_group(s, ctmp, min_version, max_version, 1, NULL) - && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) return 1; } @@ -152,8 +152,8 @@ } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char *pformats; size_t num_formats; @@ -171,10 +171,10 @@ tls1_get_formatlist(s, &pformats, &num_formats); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) - /* Sub-packet for formats extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) - || !WPACKET_close(pkt)) { + /* Sub-packet for formats extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -183,8 +183,8 @@ } EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const uint16_t *pgroups = NULL; size_t num_groups = 0, i, tls13added = 0, added = 0; @@ -201,7 +201,7 @@ * if we don't have EC support then we don't send this extension. */ if (!use_ecc(s, min_version, max_version) - && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) + && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) return EXT_RETURN_NOT_SENT; /* @@ -210,10 +210,10 @@ tls1_get_supported_groups(s, &pgroups, &num_groups); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) - /* Sub-packet for supported_groups extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) { + /* Sub-packet for supported_groups extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -223,7 +223,7 @@ int okfortls13; if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13) - && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -236,7 +236,7 @@ if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { if (added == 0) SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, - "No groups enabled for max supported SSL/TLS version"); + "No groups enabled for max supported SSL/TLS version"); else SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -244,7 +244,7 @@ if (tls13added == 0 && max_version == TLS1_3_VERSION) { SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, - "No groups enabled for max supported SSL/TLS version"); + "No groups enabled for max supported SSL/TLS version"); return EXT_RETURN_FAIL; } @@ -252,8 +252,8 @@ } EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { size_t ticklen; @@ -261,11 +261,11 @@ return EXT_RETURN_NOT_SENT; if (!s->new_session && s->session != NULL - && s->session->ext.tick != NULL - && s->session->ssl_version != TLS1_3_VERSION) { + && s->session->ext.tick != NULL + && s->session->ssl_version != TLS1_3_VERSION) { ticklen = s->session->ext.ticklen; } else if (s->session && s->ext.session_ticket != NULL - && s->ext.session_ticket->data != NULL) { + && s->ext.session_ticket->data != NULL) { ticklen = s->ext.session_ticket->length; s->session->ext.tick = OPENSSL_malloc(ticklen); if (s->session->ext.tick == NULL) { @@ -273,18 +273,17 @@ return EXT_RETURN_FAIL; } memcpy(s->session->ext.tick, - s->ext.session_ticket->data, ticklen); + s->ext.session_ticket->data, ticklen); s->session->ext.ticklen = ticklen; } else { ticklen = 0; } - if (ticklen == 0 && s->ext.session_ticket != NULL && - s->ext.session_ticket->data == NULL) + if (ticklen == 0 && s->ext.session_ticket != NULL && s->ext.session_ticket->data == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) - || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { + || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -293,8 +292,8 @@ } EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { size_t salglen; const uint16_t *salg; @@ -304,13 +303,13 @@ salglen = tls12_get_psigalgs(s, 1, &salg); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms) - /* Sub-packet for sig-algs extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for the actual list */ - || !WPACKET_start_sub_packet_u16(pkt) - || !tls12_copy_sigalgs(s, pkt, salg, salglen) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for sig-algs extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for the actual list */ + || !WPACKET_start_sub_packet_u16(pkt) + || !tls12_copy_sigalgs(s, pkt, salg, salglen) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -320,8 +319,8 @@ #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { int i; @@ -333,11 +332,11 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) - /* Sub-packet for status request extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp) - /* Sub-packet for the ids */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for status request extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp) + /* Sub-packet for the ids */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -347,15 +346,15 @@ int idlen = i2d_OCSP_RESPID(id, NULL); if (idlen <= 0 - /* Sub-packet for an individual id */ - || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes) - || i2d_OCSP_RESPID(id, &idbytes) != idlen) { + /* Sub-packet for an individual id */ + || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes) + || i2d_OCSP_RESPID(id, &idbytes) != idlen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } } if (!WPACKET_close(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -368,11 +367,11 @@ return EXT_RETURN_FAIL; } if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes) - || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) - != extlen) { + || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) + != extlen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; - } + } } if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -385,7 +384,7 @@ #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) return EXT_RETURN_NOT_SENT; @@ -395,7 +394,7 @@ * for Next Protocol Negotiation */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -405,7 +404,7 @@ #endif EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { s->s3.alpn_sent = 0; @@ -413,11 +412,11 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, - TLSEXT_TYPE_application_layer_protocol_negotiation) - /* Sub-packet ALPN extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) - || !WPACKET_close(pkt)) { + TLSEXT_TYPE_application_layer_protocol_negotiation) + /* Sub-packet ALPN extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -426,11 +425,10 @@ return EXT_RETURN_SENT; } - #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s); int i, end; @@ -439,18 +437,17 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) - /* Sub-packet for SRTP extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for the protection profile list */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for SRTP extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for the protection profile list */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } end = sk_SRTP_PROTECTION_PROFILE_num(clnt); for (i = 0; i < end; i++) { - const SRTP_PROTECTION_PROFILE *prof = - sk_SRTP_PROTECTION_PROFILE_value(clnt, i); + const SRTP_PROTECTION_PROFILE *prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -458,9 +455,9 @@ } } if (!WPACKET_close(pkt) - /* Add an empty use_mki value */ - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_close(pkt)) { + /* Add an empty use_mki value */ + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -470,13 +467,13 @@ #endif EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -486,7 +483,7 @@ #ifndef OPENSSL_NO_CT EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->ct_validation_callback == NULL) return EXT_RETURN_NOT_SENT; @@ -496,7 +493,7 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -506,13 +503,13 @@ #endif EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -521,8 +518,8 @@ } EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { int currv, min_version, max_version, reason; @@ -540,8 +537,8 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -564,19 +561,19 @@ * Construct a psk_kex_modes extension. */ EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk_kex_modes) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE) - || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE) + || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -615,7 +612,7 @@ /* Encode the public key. */ encodedlen = EVP_PKEY_get1_encoded_public_key(key_share_key, - &encoded_point); + &encoded_point); if (encodedlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); goto err; @@ -623,7 +620,7 @@ /* Create KeyShareEntry */ if (!WPACKET_put_bytes_u16(pkt, curve_id) - || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) { + || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -638,7 +635,7 @@ OPENSSL_free(encoded_point); return 1; - err: +err: if (s->s3.tmp.pkey == NULL) EVP_PKEY_free(key_share_key); OPENSSL_free(encoded_point); @@ -647,8 +644,8 @@ #endif EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 size_t i, num_groups = 0; @@ -657,10 +654,10 @@ /* key_share extension */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - /* Extension data sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt) - /* KeyShare list sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Extension data sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt) + /* KeyShare list sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -680,7 +677,7 @@ continue; if (!tls_valid_group(s, pgroups[i], TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) + 0, NULL)) continue; curve_id = pgroups[i]; @@ -709,7 +706,7 @@ } EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { EXT_RETURN ret = EXT_RETURN_FAIL; @@ -718,17 +715,17 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) - /* Extension data sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, - s->ext.tls13_cookie_len) - || !WPACKET_close(pkt)) { + /* Extension data sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, + s->ext.tls13_cookie_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto end; } ret = EXT_RETURN_SENT; - end: +end: OPENSSL_free(s->ext.tls13_cookie); s->ext.tls13_cookie = NULL; s->ext.tls13_cookie_len = 0; @@ -737,12 +734,12 @@ } EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_PSK char identity[PSK_MAX_IDENTITY_LEN + 1]; -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ const unsigned char *id = NULL; size_t idlen = 0; SSL_SESSION *psksess = NULL; @@ -753,9 +750,9 @@ handmd = ssl_handshake_md(s); if (s->psk_use_session_cb != NULL - && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess) - || (psksess != NULL - && psksess->ssl_version != TLS1_3_VERSION))) { + && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess) + || (psksess != NULL + && psksess->ssl_version != TLS1_3_VERSION))) { SSL_SESSION_free(psksess); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); return EXT_RETURN_FAIL; @@ -768,7 +765,7 @@ memset(identity, 0, sizeof(identity)); psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1, - psk, sizeof(psk)); + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); @@ -796,9 +793,9 @@ psksess = SSL_SESSION_new(); if (psksess == NULL - || !SSL_SESSION_set1_master_key(psksess, psk, psklen) - || !SSL_SESSION_set_cipher(psksess, cipher) - || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) { + || !SSL_SESSION_set1_master_key(psksess, psk, psklen) + || !SSL_SESSION_set_cipher(psksess, cipher) + || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); OPENSSL_cleanse(psk, psklen); return EXT_RETURN_FAIL; @@ -806,7 +803,7 @@ OPENSSL_cleanse(psk, psklen); } } -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ SSL_SESSION_free(s->psksession); s->psksession = psksess; @@ -822,8 +819,8 @@ } if (s->early_data_state != SSL_EARLY_DATA_CONNECTING - || (s->session->ext.max_early_data == 0 - && (psksess == NULL || psksess->ext.max_early_data == 0))) { + || (s->session->ext.max_early_data == 0 + && (psksess == NULL || psksess->ext.max_early_data == 0))) { s->max_early_data = 0; return EXT_RETURN_NOT_SENT; } @@ -832,10 +829,10 @@ if (edsess->ext.hostname != NULL) { if (s->ext.hostname == NULL - || (s->ext.hostname != NULL - && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) { + || (s->ext.hostname != NULL + && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_INCONSISTENT_EARLY_DATA_SNI); + SSL_R_INCONSISTENT_EARLY_DATA_SNI); return EXT_RETURN_FAIL; } } @@ -859,21 +856,21 @@ } while (PACKET_get_length_prefixed_1(&prots, &alpnpkt)) { if (PACKET_equal(&alpnpkt, edsess->ext.alpn_selected, - edsess->ext.alpn_selected_len)) { + edsess->ext.alpn_selected_len)) { found = 1; break; } } if (!found) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_INCONSISTENT_EARLY_DATA_ALPN); + SSL_R_INCONSISTENT_EARLY_DATA_ALPN); return EXT_RETURN_FAIL; } } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -888,8 +885,8 @@ return EXT_RETURN_SENT; } -#define F5_WORKAROUND_MIN_MSG_LEN 0xff -#define F5_WORKAROUND_MAX_MSG_LEN 0x200 +#define F5_WORKAROUND_MIN_MSG_LEN 0xff +#define F5_WORKAROUND_MAX_MSG_LEN 0x200 /* * PSK pre binder overhead = @@ -906,8 +903,8 @@ #define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1) EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { unsigned char *padbytes; size_t hlen; @@ -931,8 +928,8 @@ * extension, so we need to calculate how long it is going to be. */ if (s->session->ssl_version == TLS1_3_VERSION - && s->session->ext.ticklen != 0 - && s->session->cipher != NULL) { + && s->session->ext.ticklen != 0 + && s->session->cipher != NULL) { const EVP_MD *md = ssl_md(s->ctx, s->session->cipher->algorithm2); if (md != NULL) { @@ -940,8 +937,8 @@ * Add the fixed PSK overhead, the identity length and the binder * length. */ - hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen - + EVP_MD_get_size(md); + hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen + + EVP_MD_get_size(md); } } @@ -961,7 +958,7 @@ hlen = 1; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding) - || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) { + || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -975,7 +972,7 @@ * Construct the pre_shared_key extension */ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 uint32_t agesec, agems = 0; @@ -997,7 +994,7 @@ * so don't add this extension. */ if (s->session->ssl_version != TLS1_3_VERSION - || (s->session->ext.ticklen == 0 && s->psksession == NULL)) + || (s->session->ext.ticklen == 0 && s->psksession == NULL)) return EXT_RETURN_NOT_SENT; if (s->hello_retry_request == SSL_HRR_PENDING) @@ -1076,7 +1073,7 @@ dores = 1; } - dopsksess: +dopsksess: if (!dores && s->psksession == NULL) return EXT_RETURN_NOT_SENT; @@ -1105,16 +1102,16 @@ /* Create the extension, but skip over the binder for now */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } if (dores) { if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, - s->session->ext.ticklen) - || !WPACKET_put_bytes_u32(pkt, agems)) { + s->session->ext.ticklen) + || !WPACKET_put_bytes_u32(pkt, agems)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1122,8 +1119,8 @@ if (s->psksession != NULL) { if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id, - s->psksession_id_len) - || !WPACKET_put_bytes_u32(pkt, 0)) { + s->psksession_id_len) + || !WPACKET_put_bytes_u32(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1131,20 +1128,20 @@ } if (!WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &binderoffset) - || !WPACKET_start_sub_packet_u16(pkt) - || (dores - && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder)) - || (s->psksession != NULL - && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &msglen) - /* - * We need to fill in all the sub-packet lengths now so we can - * calculate the HMAC of the message up to the binders - */ - || !WPACKET_fill_lengths(pkt)) { + || !WPACKET_get_total_written(pkt, &binderoffset) + || !WPACKET_start_sub_packet_u16(pkt) + || (dores + && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder)) + || (s->psksession != NULL + && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &msglen) + /* + * We need to fill in all the sub-packet lengths now so we can + * calculate the HMAC of the message up to the binders + */ + || !WPACKET_fill_lengths(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1152,15 +1149,17 @@ msgstart = WPACKET_get_curr(pkt) - msglen; if (dores - && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL, - resbinder, s->session, 1, 0) != 1) { + && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL, + resbinder, s->session, 1, 0) + != 1) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } if (s->psksession != NULL - && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL, - pskbinder, s->psksession, 1, 1) != 1) { + && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL, + pskbinder, s->psksession, 1, 1) + != 1) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } @@ -1172,9 +1171,9 @@ } EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 if (!s->pha_enabled) @@ -1182,8 +1181,8 @@ /* construct extension - 0 length, no contents */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_post_handshake_auth) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1196,12 +1195,11 @@ #endif } - /* * Parse the server's renegotiation binding and abort if it's not right */ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { size_t expected_len = s->s3.previous_client_finished_len + s->s3.previous_server_finished_len; @@ -1210,9 +1208,9 @@ /* Check for logic errors */ if (!ossl_assert(expected_len == 0 - || s->s3.previous_client_finished_len != 0) + || s->s3.previous_client_finished_len != 0) || !ossl_assert(expected_len == 0 - || s->s3.previous_server_finished_len != 0)) { + || s->s3.previous_server_finished_len != 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1237,14 +1235,16 @@ if (!PACKET_get_bytes(pkt, &data, s->s3.previous_client_finished_len) || memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) != 0) { + s->s3.previous_client_finished_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3.previous_server_finished_len) || memcmp(data, s->s3.previous_server_finished, - s->s3.previous_server_finished_len) != 0) { + s->s3.previous_server_finished_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); return 0; } @@ -1255,7 +1255,7 @@ /* Parse the server's max fragment len extension packet */ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int value; @@ -1267,7 +1267,7 @@ /* |value| should contains a valid max-fragment-length code. */ if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -1279,7 +1279,7 @@ */ if (value != s->ext.max_fragment_len_mode) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -1293,7 +1293,7 @@ } int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->ext.hostname == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1321,7 +1321,7 @@ } int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { size_t ecpointformats_len; PACKET ecptformatlist; @@ -1349,8 +1349,8 @@ s->ext.peer_ecpointformats_len = ecpointformats_len; if (!PACKET_copy_bytes(&ecptformatlist, - s->ext.peer_ecpointformats, - ecpointformats_len)) { + s->ext.peer_ecpointformats, + ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1360,12 +1360,9 @@ } int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { - if (s->ext.session_ticket_cb != NULL && - !s->ext.session_ticket_cb(s, PACKET_data(pkt), - PACKET_remaining(pkt), - s->ext.session_ticket_cb_arg)) { + if (s->ext.session_ticket_cb != NULL && !s->ext.session_ticket_cb(s, PACKET_data(pkt), PACKET_remaining(pkt), s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; } @@ -1386,7 +1383,7 @@ #ifndef OPENSSL_NO_OCSP int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends a CertificateRequest */ @@ -1424,10 +1421,9 @@ } #endif - #ifndef OPENSSL_NO_CT int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends it in a CertificateRequest */ @@ -1461,23 +1457,25 @@ } } else { ENDPOINT role = (context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 - ? ENDPOINT_CLIENT : ENDPOINT_BOTH; + ? ENDPOINT_CLIENT + : ENDPOINT_BOTH; /* * If we didn't ask for it then there must be a custom extension, * otherwise this is unsolicited. */ if (custom_ext_find(&s->cert->custext, role, - TLSEXT_TYPE_signed_certificate_timestamp, - NULL) == NULL) { + TLSEXT_TYPE_signed_certificate_timestamp, + NULL) + == NULL) { SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); return 0; } if (!custom_ext_parse(s, context, - TLSEXT_TYPE_signed_certificate_timestamp, - PACKET_data(pkt), PACKET_remaining(pkt), - x, chainidx)) { + TLSEXT_TYPE_signed_certificate_timestamp, + PACKET_data(pkt), PACKET_remaining(pkt), + x, chainidx)) { /* SSLfatal already called */ return 0; } @@ -1487,7 +1485,6 @@ } #endif - #ifndef OPENSSL_NO_NEXTPROTONEG /* * ssl_next_proto_validate validates a Next Protocol Negotiation block. No @@ -1510,7 +1507,7 @@ } int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { unsigned char *selected; unsigned char selected_len; @@ -1533,11 +1530,11 @@ return 0; } if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len, - PACKET_data(pkt), - PACKET_remaining(pkt), - s->ctx->ext.npn_select_cb_arg) != - SSL_TLSEXT_ERR_OK - || selected_len == 0) { + PACKET_data(pkt), + PACKET_remaining(pkt), + s->ctx->ext.npn_select_cb_arg) + != SSL_TLSEXT_ERR_OK + || selected_len == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; } @@ -1563,7 +1560,7 @@ #endif int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { size_t len; PACKET confpkt, protpkt; @@ -1622,9 +1619,9 @@ s->s3.alpn_selected_len = len; if (s->session->ext.alpn_selected == NULL - || s->session->ext.alpn_selected_len != len - || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) - != 0) { + || s->session->ext.alpn_selected_len != len + || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) + != 0) { /* ALPN not consistent with the old session so cannot use early_data */ s->ext.early_data_ok = 0; } @@ -1637,8 +1634,7 @@ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); + s->session->ext.alpn_selected = OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1652,7 +1648,7 @@ #ifndef OPENSSL_NO_SRTP int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { unsigned int id, ct, mki; int i; @@ -1660,11 +1656,11 @@ SRTP_PROTECTION_PROFILE *prof; if (!PACKET_get_net_2(pkt, &ct) || ct != 2 - || !PACKET_get_net_2(pkt, &id) - || !PACKET_get_1(pkt, &mki) - || PACKET_remaining(pkt) != 0) { + || !PACKET_get_net_2(pkt, &id) + || !PACKET_get_1(pkt, &mki) + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -1695,29 +1691,29 @@ } SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } #endif int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) - && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 - && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT - && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 - && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA - && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) + && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD + && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 + && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT + && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 + && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA + && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) s->ext.use_etm = 1; return 1; } int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return 1; @@ -1729,12 +1725,12 @@ } int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int version; if (!PACKET_get_net_2(pkt, &version) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1745,7 +1741,7 @@ */ if (version != TLS1_3_VERSION) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + SSL_R_BAD_PROTOCOL_VERSION_NUMBER); return 0; } @@ -1760,7 +1756,7 @@ } int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int group_id; @@ -1804,9 +1800,9 @@ break; } if (i >= num_groups - || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) - || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } @@ -1854,7 +1850,7 @@ } if (!PACKET_as_length_prefixed_2(pkt, &encoded_pt) - || PACKET_remaining(&encoded_pt) == 0) { + || PACKET_remaining(&encoded_pt) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1869,7 +1865,8 @@ } if (tls13_set_encoded_pub_key(skey, PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + PACKET_remaining(&encoded_pt)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); EVP_PKEY_free(skey); return 0; @@ -1898,13 +1895,13 @@ } int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET cookie; if (!PACKET_as_length_prefixed_2(pkt, &cookie) - || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, - &s->ext.tls13_cookie_len)) { + || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, + &s->ext.tls13_cookie_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1913,13 +1910,13 @@ } int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { unsigned long max_early_data; if (!PACKET_get_net_4(pkt, &max_early_data) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_INVALID_MAX_EARLY_DATA); return 0; } @@ -1935,7 +1932,7 @@ } if (!s->ext.early_data_ok - || !s->hit) { + || !s->hit) { /* * If we get here then we didn't send early data, or we didn't resume * using the first identity, or the SNI/ALPN is not consistent so the @@ -1951,7 +1948,7 @@ } int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int identity; @@ -1990,9 +1987,9 @@ * early_secret across that we generated earlier. */ if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) - || s->session->ext.max_early_data > 0 - || s->psksession->ext.max_early_data == 0) + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) + || s->session->ext.max_early_data > 0 + || s->psksession->ext.max_early_data == 0) memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE); SSL_SESSION_free(s->session); --- crypto/openssl/ssl/statem/extensions_cust.c.orig +++ crypto/openssl/ssl/statem/extensions_cust.c @@ -29,10 +29,10 @@ * Provide thin wrapper callbacks which convert new style arguments to old style */ static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char **out, - size_t *outlen, X509 *x, size_t chainidx, - int *al, void *add_arg) + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *add_arg) { custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg; @@ -40,12 +40,12 @@ return 1; return add_cb_wrap->add_cb(s, ext_type, out, outlen, al, - add_cb_wrap->add_arg); + add_cb_wrap->add_arg); } static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *out, void *add_arg) + unsigned int context, + const unsigned char *out, void *add_arg) { custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg; @@ -56,19 +56,18 @@ } static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *in, - size_t inlen, X509 *x, size_t chainidx, - int *al, void *parse_arg) + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *parse_arg) { - custom_ext_parse_cb_wrap *parse_cb_wrap = - (custom_ext_parse_cb_wrap *)parse_arg; + custom_ext_parse_cb_wrap *parse_cb_wrap = (custom_ext_parse_cb_wrap *)parse_arg; if (parse_cb_wrap->parse_cb == NULL) return 1; return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al, - parse_cb_wrap->parse_arg); + parse_cb_wrap->parse_arg); } /* @@ -79,16 +78,16 @@ * client, or ENDPOINT_BOTH for either */ custom_ext_method *custom_ext_find(const custom_ext_methods *exts, - ENDPOINT role, unsigned int ext_type, - size_t *idx) + ENDPOINT role, unsigned int ext_type, + size_t *idx) { size_t i; custom_ext_method *meth = exts->meths; for (i = 0; i < exts->meths_count; i++, meth++) { if (ext_type == meth->ext_type - && (role == ENDPOINT_BOTH || role == meth->role - || meth->role == ENDPOINT_BOTH)) { + && (role == ENDPOINT_BOTH || role == meth->role + || meth->role == ENDPOINT_BOTH)) { if (idx != NULL) *idx = i; return meth; @@ -111,8 +110,8 @@ /* Pass received custom extension data to the application for parsing. */ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, - const unsigned char *ext_data, size_t ext_size, X509 *x, - size_t chainidx) + const unsigned char *ext_data, size_t ext_size, X509 *x, + size_t chainidx) { int al; custom_ext_methods *exts = &s->cert->custext; @@ -131,9 +130,7 @@ if (!extension_is_relevant(s, meth->context, context)) return 1; - if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) { + if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) { /* * If it's ServerHello or EncryptedExtensions we can't have any * extensions not sent in ClientHello. @@ -150,7 +147,7 @@ * extensions in the response messages */ if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)) - != 0) + != 0) meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; /* If no parse function set return success */ @@ -158,7 +155,8 @@ return 1; if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx, - &al, meth->parse_arg) <= 0) { + &al, meth->parse_arg) + <= 0) { SSLfatal(s, al, SSL_R_BAD_EXTENSION); return 0; } @@ -171,7 +169,7 @@ * buffer. */ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, - int maxversion) + int maxversion) { custom_ext_methods *exts = &s->cert->custext; custom_ext_method *meth; @@ -187,11 +185,7 @@ if (!should_add_extension(s, meth->context, context, maxversion)) continue; - if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_3_CERTIFICATE - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { + if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { /* Only send extensions present in ClientHello/CertificateRequest */ if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED)) continue; @@ -205,21 +199,21 @@ if (meth->add_cb != NULL) { int cb_retval = meth->add_cb(s, meth->ext_type, context, &out, - &outlen, x, chainidx, &al, - meth->add_arg); + &outlen, x, chainidx, &al, + meth->add_arg); if (cb_retval < 0) { SSLfatal(s, al, SSL_R_CALLBACK_FAILED); - return 0; /* error */ + return 0; /* error */ } if (cb_retval == 0) - continue; /* skip this extension */ + continue; /* skip this extension */ } if (!WPACKET_put_bytes_u16(pkt, meth->ext_type) - || !WPACKET_start_sub_packet_u16(pkt) - || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) + || !WPACKET_close(pkt)) { if (meth->free_cb != NULL) meth->free_cb(s, meth->ext_type, context, out, meth->add_arg); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -232,7 +226,7 @@ if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) { if (meth->free_cb != NULL) meth->free_cb(s, meth->ext_type, context, out, - meth->add_arg); + meth->add_arg); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -251,14 +245,14 @@ /* Copy the flags from src to dst for any extensions that exist in both */ int custom_exts_copy_flags(custom_ext_methods *dst, - const custom_ext_methods *src) + const custom_ext_methods *src) { size_t i; custom_ext_method *methsrc = src->meths; for (i = 0; i < src->meths_count; i++, methsrc++) { custom_ext_method *methdst = custom_ext_find(dst, methsrc->role, - methsrc->ext_type, NULL); + methsrc->ext_type, NULL); if (methdst == NULL) continue; @@ -276,9 +270,8 @@ int err = 0; if (src->meths_count > 0) { - dst->meths = - OPENSSL_memdup(src->meths, - sizeof(*src->meths) * src->meths_count); + dst->meths = OPENSSL_memdup(src->meths, + sizeof(*src->meths) * src->meths_count); if (dst->meths == NULL) return 0; dst->meths_count = src->meths_count; @@ -302,9 +295,9 @@ } methdst->add_arg = OPENSSL_memdup(methsrc->add_arg, - sizeof(custom_ext_add_cb_wrap)); + sizeof(custom_ext_add_cb_wrap)); methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg, - sizeof(custom_ext_parse_cb_wrap)); + sizeof(custom_ext_parse_cb_wrap)); if (methdst->add_arg == NULL || methdst->parse_arg == NULL) err = 1; @@ -341,17 +334,18 @@ int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type) { return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type, - NULL) != NULL; + NULL) + != NULL; } static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, - unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, - void *parse_arg) + unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg) { custom_ext_methods *exts = &ctx->cert->custext; custom_ext_method *meth, *tmp; @@ -370,8 +364,8 @@ * these two things may not play well together. */ if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp - && (context & SSL_EXT_CLIENT_HELLO) != 0 - && SSL_CTX_ct_is_enabled(ctx)) + && (context & SSL_EXT_CLIENT_HELLO) != 0 + && SSL_CTX_ct_is_enabled(ctx)) return 0; #endif @@ -380,7 +374,7 @@ * for extension types that previously were not supported, but now are. */ if (SSL_extension_supported(ext_type) - && ext_type != TLSEXT_TYPE_signed_certificate_timestamp) + && ext_type != TLSEXT_TYPE_signed_certificate_timestamp) return 0; /* Extension type must fit in 16 bits */ @@ -390,7 +384,7 @@ if (custom_ext_find(exts, role, ext_type, NULL)) return 0; tmp = OPENSSL_realloc(exts->meths, - (exts->meths_count + 1) * sizeof(custom_ext_method)); + (exts->meths_count + 1) * sizeof(custom_ext_method)); if (tmp == NULL) return 0; @@ -410,12 +404,12 @@ } static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, - unsigned int ext_type, - unsigned int context, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + unsigned int ext_type, + unsigned int context, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { custom_ext_add_cb_wrap *add_cb_wrap = OPENSSL_malloc(sizeof(*add_cb_wrap)); @@ -436,12 +430,12 @@ parse_cb_wrap->parse_cb = parse_cb; ret = add_custom_ext_intern(ctx, role, ext_type, - context, - custom_ext_add_old_cb_wrap, - custom_ext_free_old_cb_wrap, - add_cb_wrap, - custom_ext_parse_old_cb_wrap, - parse_cb_wrap); + context, + custom_ext_add_old_cb_wrap, + custom_ext_free_old_cb_wrap, + add_cb_wrap, + custom_ext_parse_old_cb_wrap, + parse_cb_wrap); if (!ret) { OPENSSL_free(add_cb_wrap); @@ -453,42 +447,42 @@ /* Application level functions to add the old custom extension callbacks */ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type, - SSL_EXT_TLS1_2_AND_BELOW_ONLY - | SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_IGNORE_ON_RESUMPTION, - add_cb, free_cb, add_arg, parse_cb, parse_arg); + SSL_EXT_TLS1_2_AND_BELOW_ONLY + | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_IGNORE_ON_RESUMPTION, + add_cb, free_cb, add_arg, parse_cb, parse_arg); } int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type, - SSL_EXT_TLS1_2_AND_BELOW_ONLY - | SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_IGNORE_ON_RESUMPTION, - add_cb, free_cb, add_arg, parse_cb, parse_arg); + SSL_EXT_TLS1_2_AND_BELOW_ONLY + | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_IGNORE_ON_RESUMPTION, + add_cb, free_cb, add_arg, parse_cb, parse_arg); } int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg) + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg) { return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb, - free_cb, add_arg, parse_cb, parse_arg); + free_cb, add_arg, parse_cb, parse_arg); } int SSL_extension_supported(unsigned int ext_type) --- crypto/openssl/ssl/statem/extensions_srvr.c.orig +++ crypto/openssl/ssl/statem/extensions_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ #include "statem_local.h" #include "internal/cryptlib.h" -#define COOKIE_STATE_FORMAT_VERSION 1 +#define COOKIE_STATE_FORMAT_VERSION 1 /* * 2 bytes for packet length, 2 bytes for format version, 2 bytes for @@ -22,7 +22,7 @@ * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing. */ #define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 8 + 2 + EVP_MAX_MD_SIZE + 1 \ - + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) + + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) /* * Message header + 2 bytes for protocol version + number of random bytes + @@ -31,15 +31,15 @@ * + 2 bytes for extension block length + 6 bytes for key_share extension * + 4 bytes for cookie extension header + the number of bytes in the cookie */ -#define MAX_HRR_SIZE (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \ - + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \ - + MAX_COOKIE_SIZE) +#define MAX_HRR_SIZE (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \ + + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \ + + MAX_COOKIE_SIZE) /* * Parse the client's renegotiation binding and abort if it's not right */ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int ilen; const unsigned char *data; @@ -58,7 +58,7 @@ } if (memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len)) { + s->s3.previous_client_finished_len)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } @@ -92,7 +92,7 @@ * - On session reconnect, the servername extension may be absent. */ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int servname_type; PACKET sni, hostname; @@ -157,14 +157,14 @@ */ s->servername_done = (s->session->ext.hostname != NULL) && PACKET_equal(&hostname, s->session->ext.hostname, - strlen(s->session->ext.hostname)); + strlen(s->session->ext.hostname)); } return 1; } int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int value; @@ -176,7 +176,7 @@ /* Received |value| should be a valid max-fragment-length code. */ if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -206,12 +206,12 @@ #ifndef OPENSSL_NO_SRP int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET srp_I; if (!PACKET_as_length_prefixed_1(pkt, &srp_I) - || PACKET_contains_zero_byte(&srp_I)) { + || PACKET_contains_zero_byte(&srp_I)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -226,7 +226,7 @@ #endif int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET ec_point_format_list; @@ -238,8 +238,8 @@ if (!s->hit) { if (!PACKET_memdup(&ec_point_format_list, - &s->ext.peer_ecpointformats, - &s->ext.peer_ecpointformats_len)) { + &s->ext.peer_ecpointformats, + &s->ext.peer_ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -249,12 +249,9 @@ } int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { - if (s->ext.session_ticket_cb && - !s->ext.session_ticket_cb(s, PACKET_data(pkt), - PACKET_remaining(pkt), - s->ext.session_ticket_cb_arg)) { + if (s->ext.session_ticket_cb && !s->ext.session_ticket_cb(s, PACKET_data(pkt), PACKET_remaining(pkt), s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -263,19 +260,25 @@ } int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { PACKET supported_sig_algs; if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs) - || PACKET_remaining(&supported_sig_algs) == 0) { + || PACKET_remaining(&supported_sig_algs) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } - if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { + /* + * We use this routine on both clients and servers, and when clients + * get asked for PHA we need to always save the sigalgs regardless + * of whether it was a resumption or not. + */ + if ((!s->server || (s->server && !s->hit)) + && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -284,17 +287,23 @@ } int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET supported_sig_algs; if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs) - || PACKET_remaining(&supported_sig_algs) == 0) { + || PACKET_remaining(&supported_sig_algs) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } - if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { + /* + * We use this routine on both clients and servers, and when clients + * get asked for PHA we need to always save the sigalgs regardless + * of whether it was a resumption or not. + */ + if ((!s->server || (s->server && !s->hit)) + && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -304,7 +313,7 @@ #ifndef OPENSSL_NO_OCSP int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET responder_id_list, exts; @@ -329,7 +338,7 @@ return 1; } - if (!PACKET_get_length_prefixed_2 (pkt, &responder_id_list)) { + if (!PACKET_get_length_prefixed_2(pkt, &responder_id_list)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -355,14 +364,14 @@ const unsigned char *id_data; if (!PACKET_get_length_prefixed_2(&responder_id_list, &responder_id) - || PACKET_remaining(&responder_id) == 0) { + || PACKET_remaining(&responder_id) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } id_data = PACKET_data(&responder_id); id = d2i_OCSP_RESPID(NULL, &id_data, - (int)PACKET_remaining(&responder_id)); + (int)PACKET_remaining(&responder_id)); if (id == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -393,9 +402,8 @@ const unsigned char *ext_data = PACKET_data(&exts); sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, - X509_EXTENSION_free); - s->ext.ocsp.exts = - d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts)); + X509_EXTENSION_free); + s->ext.ocsp.exts = d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts)); if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -408,7 +416,7 @@ #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { /* * We shouldn't accept this extension on a @@ -426,7 +434,7 @@ * extension, not including type and length. Returns: 1 on success, 0 on error. */ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET protocol_list, save_protocol_list, protocol; @@ -443,7 +451,7 @@ do { /* Protocol names can't be empty. */ if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol) - || PACKET_remaining(&protocol) == 0) { + || PACKET_remaining(&protocol) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -453,7 +461,7 @@ s->s3.alpn_proposed = NULL; s->s3.alpn_proposed_len = 0; if (!PACKET_memdup(&save_protocol_list, - &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { + &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -463,7 +471,7 @@ #ifndef OPENSSL_NO_SRTP int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; unsigned int ct, mki_len, id; @@ -476,9 +484,9 @@ /* Pull off the length of the cipher suite list and check it is even */ if (!PACKET_get_net_2(pkt, &ct) || (ct & 1) != 0 - || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { + || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -490,7 +498,7 @@ while (PACKET_remaining(&subpkt)) { if (!PACKET_get_net_2(&subpkt, &id)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -501,8 +509,7 @@ * does nothing. */ for (i = 0; i < srtp_pref; i++) { - SRTP_PROTECTION_PROFILE *sprof = - sk_SRTP_PROTECTION_PROFILE_value(srvr, i); + SRTP_PROTECTION_PROFILE *sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); if (sprof->id == id) { s->srtp_profile = sprof; @@ -515,7 +522,7 @@ /* Now extract the MKI value as a sanity check, but discard it for now */ if (!PACKET_get_1(pkt, &mki_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -530,7 +537,7 @@ #endif int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) s->ext.use_etm = 1; @@ -543,14 +550,14 @@ * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. */ int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 PACKET psk_kex_modes; unsigned int mode; if (!PACKET_as_length_prefixed_1(pkt, &psk_kex_modes) - || PACKET_remaining(&psk_kex_modes) == 0) { + || PACKET_remaining(&psk_kex_modes) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -559,7 +566,7 @@ if (mode == TLSEXT_KEX_MODE_KE_DHE) s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE; else if (mode == TLSEXT_KEX_MODE_KE - && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) + && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE; } #endif @@ -572,7 +579,7 @@ * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. */ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int group_id; @@ -606,7 +613,7 @@ * extension. */ SSLfatal(s, SSL_AD_MISSING_EXTENSION, - SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION); + SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION); return 0; } @@ -622,8 +629,8 @@ while (PACKET_remaining(&key_share_list) > 0) { if (!PACKET_get_net_2(&key_share_list, &group_id) - || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt) - || PACKET_remaining(&encoded_pt) == 0) { + || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt) + || PACKET_remaining(&encoded_pt) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -640,8 +647,8 @@ * we requested, and must be the only key_share sent. */ if (s->s3.group_id != 0 - && (group_id != s->s3.group_id - || PACKET_remaining(&key_share_list) != 0)) { + && (group_id != s->s3.group_id + || PACKET_remaining(&key_share_list) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } @@ -654,20 +661,20 @@ /* Check if this share is for a group we can use */ if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1) - || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) - /* - * We tolerate but ignore a group id that we don't think is - * suitable for TLSv1.3 - */ - || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + /* + * We tolerate but ignore a group id that we don't think is + * suitable for TLSv1.3 + */ + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { /* Share not suitable */ continue; } if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } @@ -676,8 +683,9 @@ s->session->kex_group = group_id; if (tls13_set_encoded_pub_key(s->s3.peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); return 0; } @@ -690,7 +698,7 @@ } int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int format, version, key_share, group_id; @@ -706,7 +714,7 @@ /* Ignore any cookie if we're not set up to verify it */ if (s->ctx->verify_stateless_cookie_cb == NULL - || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) + || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return 1; if (!PACKET_as_length_prefixed_2(pkt, &cookie)) { @@ -718,7 +726,7 @@ data = PACKET_data(&raw); rawlen = PACKET_remaining(&raw); if (rawlen < SHA256_DIGEST_LENGTH - || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) { + || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -727,9 +735,9 @@ /* Verify the HMAC of the cookie */ hctx = EVP_MD_CTX_create(); pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext.cookie_hmac_key)); + s->ctx->propq, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); @@ -739,10 +747,12 @@ hmaclen = SHA256_DIGEST_LENGTH; if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, - s->ctx->propq, pkey, NULL) <= 0 - || EVP_DigestSign(hctx, hmac, &hmaclen, data, - rawlen - SHA256_DIGEST_LENGTH) <= 0 - || hmaclen != SHA256_DIGEST_LENGTH) { + s->ctx->propq, pkey, NULL) + <= 0 + || EVP_DigestSign(hctx, hmac, &hmaclen, data, + rawlen - SHA256_DIGEST_LENGTH) + <= 0 + || hmaclen != SHA256_DIGEST_LENGTH) { EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -777,7 +787,7 @@ } if (version != TLS1_3_VERSION) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + SSL_R_BAD_PROTOCOL_VERSION_NUMBER); return 0; } @@ -792,8 +802,8 @@ return 0; } if (group_id != s->s3.group_id - || s->s3.tmp.new_cipher - != ssl_get_cipher_by_char(s, ciphdata, 0)) { + || s->s3.tmp.new_cipher + != ssl_get_cipher_by_char(s, ciphdata, 0)) { /* * We chose a different cipher or group id this time around to what is * in the cookie. Something must have changed. @@ -803,10 +813,10 @@ } if (!PACKET_get_1(&cookie, &key_share) - || !PACKET_get_net_8(&cookie, &tm) - || !PACKET_get_length_prefixed_2(&cookie, &chhash) - || !PACKET_get_length_prefixed_1(&cookie, &appcookie) - || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { + || !PACKET_get_net_8(&cookie, &tm) + || !PACKET_get_length_prefixed_2(&cookie, &chhash) + || !PACKET_get_length_prefixed_1(&cookie, &appcookie) + || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -820,7 +830,8 @@ /* Verify the app cookie */ if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie), - PACKET_remaining(&appcookie)) == 0) { + PACKET_remaining(&appcookie)) + == 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); return 0; } @@ -835,45 +846,45 @@ return 0; } if (!WPACKET_put_bytes_u8(&hrrpkt, SSL3_MT_SERVER_HELLO) - || !WPACKET_start_sub_packet_u24(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION) - || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) - || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, - s->tmp_session_id_len) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, - &ciphlen) - || !WPACKET_put_bytes_u8(&hrrpkt, 0) - || !WPACKET_start_sub_packet_u16(&hrrpkt)) { + || !WPACKET_start_sub_packet_u24(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION) + || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) + || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, + s->tmp_session_id_len) + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, + &ciphlen) + || !WPACKET_put_bytes_u8(&hrrpkt, 0) + || !WPACKET_start_sub_packet_u16(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->version) - || !WPACKET_close(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, s->version) + || !WPACKET_close(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (key_share) { if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) - || !WPACKET_close(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) + || !WPACKET_close(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } } if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_cookie) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen) - || !WPACKET_close(&hrrpkt) /* cookie extension */ - || !WPACKET_close(&hrrpkt) /* extension block */ - || !WPACKET_close(&hrrpkt) /* message */ - || !WPACKET_get_total_written(&hrrpkt, &hrrlen) - || !WPACKET_finish(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen) + || !WPACKET_close(&hrrpkt) /* cookie extension */ + || !WPACKET_close(&hrrpkt) /* extension block */ + || !WPACKET_close(&hrrpkt) /* message */ + || !WPACKET_get_total_written(&hrrpkt, &hrrlen) + || !WPACKET_finish(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -881,8 +892,8 @@ /* Reconstruct the transcript hash */ if (!create_synthetic_message_hash(s, PACKET_data(&chhash), - PACKET_remaining(&chhash), hrr, - hrrlen)) { + PACKET_remaining(&chhash), hrr, + hrrlen)) { /* SSLfatal() already called */ return 0; } @@ -897,14 +908,14 @@ } int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET supported_groups_list; /* Each group is 2 bytes and we must have at least 1. */ if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list) - || PACKET_remaining(&supported_groups_list) == 0 - || (PACKET_remaining(&supported_groups_list) % 2) != 0) { + || PACKET_remaining(&supported_groups_list) == 0 + || (PACKET_remaining(&supported_groups_list) % 2) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -914,8 +925,8 @@ s->ext.peer_supportedgroups = NULL; s->ext.peer_supportedgroups_len = 0; if (!tls1_save_u16(&supported_groups_list, - &s->ext.peer_supportedgroups, - &s->ext.peer_supportedgroups_len)) { + &s->ext.peer_supportedgroups, + &s->ext.peer_supportedgroups_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -925,7 +936,7 @@ } int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { /* The extension must always be empty */ if (PACKET_remaining(pkt) != 0) { @@ -941,9 +952,8 @@ return 1; } - int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); @@ -959,25 +969,25 @@ } static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, - SSL_SESSION **sess) + SSL_SESSION **sess) { SSL_SESSION *tmpsess = NULL; s->ext.ticket_expected = 1; switch (PACKET_remaining(tick)) { - case 0: - return SSL_TICKET_EMPTY; + case 0: + return SSL_TICKET_EMPTY; - case SSL_MAX_SSL_SESSION_ID_LENGTH: - break; + case SSL_MAX_SSL_SESSION_ID_LENGTH: + break; - default: - return SSL_TICKET_NO_DECRYPT; + default: + return SSL_TICKET_NO_DECRYPT; } tmpsess = lookup_sess_in_cache(s, PACKET_data(tick), - SSL_MAX_SSL_SESSION_ID_LENGTH); + SSL_MAX_SSL_SESSION_ID_LENGTH); if (tmpsess == NULL) return SSL_TICKET_NO_DECRYPT; @@ -987,7 +997,7 @@ } int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET identities, binders, binder; size_t binderoffset, hashsize; @@ -1000,7 +1010,8 @@ * ignore this extension */ if ((s->ext.psk_kex_mode - & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0) + & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) + == 0) return 1; if (!PACKET_get_length_prefixed_2(pkt, &identities)) { @@ -1015,23 +1026,23 @@ size_t idlen; if (!PACKET_get_length_prefixed_2(&identities, &identity) - || !PACKET_get_net_4(&identities, &ticket_agel)) { + || !PACKET_get_net_4(&identities, &ticket_agel)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } idlen = PACKET_remaining(&identity); if (s->psk_find_session_cb != NULL - && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, - &sess)) { + && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, + &sess)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); return 0; } #ifndef OPENSSL_NO_PSK - if(sess == NULL - && s->psk_server_callback != NULL - && idlen <= PSK_MAX_IDENTITY_LEN) { + if (sess == NULL + && s->psk_server_callback != NULL + && idlen <= PSK_MAX_IDENTITY_LEN) { char *pskid = NULL; unsigned char pskdata[PSK_MAX_PSK_LEN]; unsigned int pskdatalen; @@ -1041,7 +1052,7 @@ return 0; } pskdatalen = s->psk_server_callback(s, pskid, pskdata, - sizeof(pskdata)); + sizeof(pskdata)); OPENSSL_free(pskid); if (pskdatalen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1063,11 +1074,11 @@ sess = SSL_SESSION_new(); if (sess == NULL - || !SSL_SESSION_set1_master_key(sess, pskdata, - pskdatalen) - || !SSL_SESSION_set_cipher(sess, cipher) - || !SSL_SESSION_set_protocol_version(sess, - TLS1_3_VERSION)) { + || !SSL_SESSION_set1_master_key(sess, pskdata, + pskdatalen) + || !SSL_SESSION_set_cipher(sess, cipher) + || !SSL_SESSION_set_protocol_version(sess, + TLS1_3_VERSION)) { OPENSSL_cleanse(pskdata, pskdatalen); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1108,13 +1119,13 @@ * is no point in using full stateless tickets. */ if ((s->options & SSL_OP_NO_TICKET) != 0 - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) ret = tls_get_stateful_ticket(s, &identity, &sess); else ret = tls_decrypt_ticket(s, PACKET_data(&identity), - PACKET_remaining(&identity), NULL, 0, - &sess); + PACKET_remaining(&identity), NULL, 0, + &sess); if (ret == SSL_TICKET_EMPTY) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); @@ -1122,7 +1133,7 @@ } if (ret == SSL_TICKET_FATAL_ERR_MALLOC - || ret == SSL_TICKET_FATAL_ERR_OTHER) { + || ret == SSL_TICKET_FATAL_ERR_OTHER) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1131,8 +1142,8 @@ /* Check for replay */ if (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 - && !SSL_CTX_remove_session(s->session_ctx, sess)) { + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 + && !SSL_CTX_remove_session(s->session_ctx, sess)) { SSL_SESSION_free(sess); sess = NULL; continue; @@ -1152,10 +1163,10 @@ * rounding errors. */ if (id == 0 - && sess->timeout >= (long)agesec - && agems / (uint32_t)1000 == agesec - && ticket_age <= agems + 1000 - && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) { + && sess->timeout >= (long)agesec + && agems / (uint32_t)1000 == agesec + && ticket_age <= agems + 1000 + && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) { /* * Ticket age is within tolerance and not expired. We allow it * for early data @@ -1171,7 +1182,7 @@ } if (!EVP_MD_is_a(md, EVP_MD_get0_name(ssl_md(s->ctx, - s->s3.tmp.new_cipher->algorithm2)))) { + s->s3.tmp.new_cipher->algorithm2)))) { /* The ciphersuite is not compatible with this session. */ SSL_SESSION_free(sess); sess = NULL; @@ -1205,8 +1216,9 @@ goto err; } if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, - binderoffset, PACKET_data(&binder), NULL, sess, 0, - ext) != 1) { + binderoffset, PACKET_data(&binder), NULL, sess, 0, + ext) + != 1) { /* SSLfatal() already called */ goto err; } @@ -1222,13 +1234,13 @@ } int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { if (PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR); + SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR); return 0; } @@ -1241,22 +1253,22 @@ * Add the server's renegotiation binding */ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!s->s3.send_connection_binding) return EXT_RETURN_NOT_SENT; /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) - || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, - s->s3.previous_server_finished_len) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) + || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, + s->s3.previous_server_finished_len) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1265,8 +1277,8 @@ } EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->servername_done != 1) return EXT_RETURN_NOT_SENT; @@ -1279,7 +1291,7 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1289,8 +1301,8 @@ /* Add/include the server's max fragment len extension into ServerHello */ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) return EXT_RETURN_NOT_SENT; @@ -1311,13 +1323,13 @@ } EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3.tmp.new_cipher->algorithm_auth; int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) - && (s->ext.peer_ecpointformats != NULL); + && (s->ext.peer_ecpointformats != NULL); const unsigned char *plist; size_t plistlen; @@ -1326,9 +1338,9 @@ tls1_get_formatlist(s, &plist, &plistlen); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1337,8 +1349,8 @@ } EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const uint16_t *groups; size_t numgroups, i, first = 1; @@ -1361,7 +1373,7 @@ uint16_t group = groups[i]; if (tls_valid_group(s, group, version, version, 0, NULL) - && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { if (first) { /* * Check if the client is already using our preferred group. If @@ -1372,9 +1384,9 @@ /* Add extension header */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) - /* Sub-packet for supported_groups extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for supported_groups extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1382,9 +1394,9 @@ first = 0; } if (!WPACKET_put_bytes_u16(pkt, group)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } } } @@ -1397,8 +1409,8 @@ } EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!s->ext.ticket_expected || !tls_use_ticket(s)) { s->ext.ticket_expected = 0; @@ -1406,7 +1418,7 @@ } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1416,8 +1428,8 @@ #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { /* We don't currently support this extension inside a CertificateRequest */ if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) @@ -1430,7 +1442,7 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1441,8 +1453,8 @@ * separate message */ if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { - /* SSLfatal() already called */ - return EXT_RETURN_FAIL; + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; } if (!WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1455,8 +1467,8 @@ #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char *npa; unsigned int npalen; @@ -1468,10 +1480,10 @@ return EXT_RETURN_NOT_SENT; ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen, - s->ctx->ext.npn_advertised_cb_arg); + s->ctx->ext.npn_advertised_cb_arg); if (ret == SSL_TLSEXT_ERR_OK) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) - || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { + || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1484,19 +1496,19 @@ #endif EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->s3.alpn_selected == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, - TLSEXT_TYPE_application_layer_protocol_negotiation) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, - s->s3.alpn_selected_len) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + TLSEXT_TYPE_application_layer_protocol_negotiation) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, + s->s3.alpn_selected_len) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1506,18 +1518,18 @@ #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->srtp_profile == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, 2) - || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, 2) + || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1527,7 +1539,7 @@ #endif EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (!s->ext.use_etm) return EXT_RETURN_NOT_SENT; @@ -1547,7 +1559,7 @@ } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1556,13 +1568,13 @@ } EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1571,8 +1583,8 @@ } EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!ossl_assert(SSL_IS_TLS13(s))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1580,9 +1592,9 @@ } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->version) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->version) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1591,8 +1603,8 @@ } EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned char *encodedPoint; @@ -1606,9 +1618,9 @@ return EXT_RETURN_NOT_SENT; } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1633,8 +1645,8 @@ } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1661,7 +1673,7 @@ } if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_PKEY_free(skey); OPENSSL_free(encodedPoint); @@ -1700,7 +1712,7 @@ } if (!WPACKET_sub_memcpy_u16(pkt, ct, ctlen) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); OPENSSL_free(ct); return EXT_RETURN_FAIL; @@ -1723,7 +1735,7 @@ } EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie; @@ -1742,20 +1754,20 @@ } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_get_total_written(pkt, &startlen) - || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) - || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) - || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, - &ciphlen) - /* Is there a key_share extension present in this HRR? */ - || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) - || !WPACKET_put_bytes_u64(pkt, time(NULL)) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_get_total_written(pkt, &startlen) + || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) + || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, + &ciphlen) + /* Is there a key_share extension present in this HRR? */ + || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) + || !WPACKET_put_bytes_u64(pkt, time(NULL)) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1766,16 +1778,16 @@ * subsequently allocate them (below) */ if (!ssl3_digest_cached_records(s, 0) - || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { + || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } if (!WPACKET_allocate_bytes(pkt, hashlen, &hashval2) - || !ossl_assert(hashval1 == hashval2) - || !WPACKET_close(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) { + || !ossl_assert(hashval1 == hashval2) + || !WPACKET_close(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1787,10 +1799,10 @@ } if (!WPACKET_allocate_bytes(pkt, appcookielen, &appcookie2) - || !ossl_assert(appcookie1 == appcookie2) - || !WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &totcookielen) - || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) { + || !ossl_assert(appcookie1 == appcookie2) + || !WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &totcookielen) + || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1805,18 +1817,20 @@ /* HMAC the cookie */ hctx = EVP_MD_CTX_create(); pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext.cookie_hmac_key)); + s->ctx->propq, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, - s->ctx->propq, pkey, NULL) <= 0 - || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, - totcookielen) <= 0) { + s->ctx->propq, pkey, NULL) + <= 0 + || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, + totcookielen) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1827,17 +1841,17 @@ } if (!WPACKET_allocate_bytes(pkt, hmaclen, &hmac2) - || !ossl_assert(hmac == hmac2) - || !ossl_assert(cookie == hmac - totcookielen) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !ossl_assert(hmac == hmac2) + || !ossl_assert(cookie == hmac - totcookielen) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } ret = EXT_RETURN_SENT; - err: +err: EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); return ret; @@ -1847,12 +1861,12 @@ } EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char cryptopro_ext[36] = { - 0xfd, 0xe8, /* 65000 */ - 0x00, 0x20, /* 32 bytes length */ + 0xfd, 0xe8, /* 65000 */ + 0x00, 0x20, /* 32 bytes length */ 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, @@ -1860,8 +1874,8 @@ }; if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80 - && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) - || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) + && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) + || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) { @@ -1873,17 +1887,17 @@ } EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { if (s->max_early_data == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u32(pkt, s->max_early_data) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u32(pkt, s->max_early_data) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1895,8 +1909,8 @@ return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1905,15 +1919,15 @@ } EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (!s->hit) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } --- crypto/openssl/ssl/statem/statem.c.orig +++ crypto/openssl/ssl/statem/statem.c @@ -8,8 +8,8 @@ */ #if defined(__TANDEM) && defined(_SPT_MODEL_) -# include -# include /* timeval */ +#include +#include /* timeval */ #endif #include "internal/cryptlib.h" @@ -120,11 +120,11 @@ { /* We shouldn't call SSLfatal() twice. Once is enough */ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) - return; + return; s->statem.in_init = 1; s->statem.state = MSG_FLOW_ERROR; if (al != SSL_AD_NO_ALERT - && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) + && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) ssl3_send_alert(s, SSL3_AL_FATAL, al); } @@ -150,10 +150,10 @@ * a fatal error state. We verify that we are, and set it if not (this would * indicate a bug). */ -#define check_fatal(s) \ - do { \ - if (!ossl_assert((s)->statem.in_init \ - && (s)->statem.state == MSG_FLOW_ERROR)) \ +#define check_fatal(s) \ + do { \ + if (!ossl_assert((s)->statem.in_init \ + && (s)->statem.state == MSG_FLOW_ERROR)) \ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_FATAL); \ } while (0) @@ -197,8 +197,8 @@ return 0; if (!s->server - || s->statem.hand_state != TLS_ST_EARLY_DATA - || s->hello_retry_request == SSL_HRR_COMPLETE) + || s->statem.hand_state != TLS_ST_EARLY_DATA + || s->hello_retry_request == SSL_HRR_COMPLETE) return 0; return 1; @@ -216,7 +216,7 @@ { if (sending == -1) { if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END - || s->statem.hand_state == TLS_ST_EARLY_DATA) { + || s->statem.hand_state == TLS_ST_EARLY_DATA) { ossl_statem_set_in_init(s, 1); if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { /* @@ -227,10 +227,9 @@ } } } else if (!s->server) { - if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END - || s->statem.hand_state == TLS_ST_EARLY_DATA) - && s->early_data_state != SSL_EARLY_DATA_WRITING) - || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { + if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END || s->statem.hand_state == TLS_ST_EARLY_DATA) + && s->early_data_state != SSL_EARLY_DATA_WRITING) + || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { ossl_statem_set_in_init(s, 1); /* * SSL_write() has been called directly. We don't allow any more @@ -241,7 +240,7 @@ } } else { if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING - && s->statem.hand_state == TLS_ST_EARLY_DATA) + && s->statem.hand_state == TLS_ST_EARLY_DATA) ossl_statem_set_in_init(s, 1); } } @@ -270,7 +269,7 @@ return state_machine(s, 1); } -typedef void (*info_cb) (const SSL *, int, int); +typedef void (*info_cb)(const SSL *, int, int); static info_cb get_callback(SSL *s) { @@ -313,7 +312,7 @@ static int state_machine(SSL *s, int server) { BUF_MEM *buf = NULL; - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; OSSL_STATEM *st = &s->statem; int ret = -1; int ssret; @@ -344,13 +343,13 @@ * identifier other than 0. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - st->in_handshake, NULL); + st->in_handshake, NULL); } #endif /* Initialise state machine */ if (st->state == MSG_FLOW_UNINITED - || st->state == MSG_FLOW_FINISHED) { + || st->state == MSG_FLOW_FINISHED) { if (st->state == MSG_FLOW_UNINITED) { st->hand_state = TLS_ST_BEFORE; st->request_state = TLS_ST_BEFORE; @@ -369,8 +368,7 @@ */ if (SSL_IS_DTLS(s)) { - if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && - (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { + if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); goto end; } @@ -423,7 +421,7 @@ } if ((SSL_in_before(s)) - || s->renegotiate) { + || s->renegotiate) { if (!tls_setup_handshake(s)) { /* SSLfatal() already called */ goto end; @@ -468,7 +466,7 @@ ret = 1; - end: +end: st->in_handshake--; #ifndef OPENSSL_NO_SCTP @@ -478,7 +476,7 @@ * identifier other than 0. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - st->in_handshake, NULL); + st->in_handshake, NULL); } #endif @@ -502,7 +500,8 @@ st->read_state = READ_STATE_HEADER; } -static int grow_init_buf(SSL *s, size_t size) { +static int grow_init_buf(SSL *s, size_t size) +{ size_t msg_offset = (char *)s->init_msg - s->init_buf->data; @@ -548,12 +547,12 @@ OSSL_STATEM *st = &s->statem; int ret, mt; size_t len = 0; - int (*transition) (SSL *s, int mt); + int (*transition)(SSL *s, int mt); PACKET pkt; - MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); - WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); - size_t (*max_message_size) (SSL *s); - void (*cb) (const SSL *ssl, int type, int val) = NULL; + MSG_PROCESS_RETURN (*process_message)(SSL *s, PACKET *pkt); + WORK_STATE (*post_process_message)(SSL *s, WORK_STATE wst); + size_t (*max_message_size)(SSL *s); + void (*cb)(const SSL *ssl, int type, int val) = NULL; cb = get_callback(s); @@ -608,15 +607,14 @@ if (s->s3.tmp.message_size > max_message_size(s)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSL_R_EXCESSIVE_MESSAGE_SIZE); return SUB_STATE_ERROR; } /* dtls_get_message already did this */ if (!SSL_IS_DTLS(s) - && s->s3.tmp.message_size > 0 - && !grow_init_buf(s, s->s3.tmp.message_size - + SSL3_HM_HEADER_LENGTH)) { + && s->s3.tmp.message_size > 0 + && !grow_init_buf(s, s->s3.tmp.message_size + SSL3_HM_HEADER_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); return SUB_STATE_ERROR; } @@ -765,14 +763,14 @@ { OSSL_STATEM *st = &s->statem; int ret; - WRITE_TRAN(*transition) (SSL *s); - WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst); - WORK_STATE(*post_work) (SSL *s, WORK_STATE wst); - int (*get_construct_message_f) (SSL *s, WPACKET *pkt, - int (**confunc) (SSL *s, WPACKET *pkt), - int *mt); - void (*cb) (const SSL *ssl, int type, int val) = NULL; - int (*confunc) (SSL *s, WPACKET *pkt); + WRITE_TRAN (*transition)(SSL *s); + WORK_STATE (*pre_work)(SSL *s, WORK_STATE wst); + WORK_STATE (*post_work)(SSL *s, WORK_STATE wst); + int (*get_construct_message_f)(SSL *s, WPACKET *pkt, + int (**confunc)(SSL *s, WPACKET *pkt), + int *mt); + void (*cb)(const SSL *ssl, int type, int val) = NULL; + int (*confunc)(SSL *s, WPACKET *pkt); int mt; WPACKET pkt; @@ -844,7 +842,7 @@ break; } if (!WPACKET_init(&pkt, s->init_buf) - || !ssl_set_handshake_header(s, &pkt, mt)) { + || !ssl_set_handshake_header(s, &pkt, mt)) { WPACKET_cleanup(&pkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; @@ -869,7 +867,7 @@ } /* else success */ } if (!ssl_close_construct_packet(s, &pkt, mt) - || !WPACKET_finish(&pkt)) { + || !WPACKET_finish(&pkt)) { WPACKET_cleanup(&pkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; @@ -974,7 +972,7 @@ int ossl_statem_export_allowed(SSL *s) { return s->s3.previous_server_finished_len != 0 - && s->statem.hand_state != TLS_ST_SW_FINISHED; + && s->statem.hand_state != TLS_ST_SW_FINISHED; } /* @@ -989,5 +987,5 @@ * as we have sent early_data. */ return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED - || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); + || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); } --- crypto/openssl/ssl/statem/statem.h.orig +++ crypto/openssl/ssl/statem/statem.h @@ -134,13 +134,13 @@ void ossl_statem_set_renegotiate(SSL *s); void ossl_statem_send_fatal(SSL *s, int al); void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...); -# define SSL_AD_NO_ALERT -1 -# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) -# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) -# define SSLfatal_data \ - (ERR_new(), \ - ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ - ossl_statem_fatal) +#define SSL_AD_NO_ALERT -1 +#define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) +#define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) +#define SSLfatal_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ + ossl_statem_fatal) int ossl_statem_in_error(const SSL *s); void ossl_statem_set_in_init(SSL *s, int init); --- crypto/openssl/ssl/statem/statem_clnt.c.orig +++ crypto/openssl/ssl/statem/statem_clnt.c @@ -34,7 +34,7 @@ static ossl_inline int cert_req_allowed(SSL *s); static int key_exchange_expected(SSL *s); static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, - WPACKET *pkt); + WPACKET *pkt); /* * Is a CertificateRequest message allowed at the moment or not? @@ -47,7 +47,7 @@ { /* TLS does not like anon-DH with client cert */ if ((s->version > SSL3_VERSION - && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) + && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) return 0; @@ -69,8 +69,7 @@ * Can't skip server key exchange if this is an ephemeral * ciphersuite or for SRP */ - if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK - | SSL_kSRP)) { + if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK | SSL_kSRP)) { return 1; } @@ -169,7 +168,7 @@ if (mt == SSL3_MT_CERTIFICATE_REQUEST) { #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION /* Restore digest for PHA before adding message.*/ -# error Internal DTLS version error +#error Internal DTLS version error #endif if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { s->post_handshake_auth = SSL_PHA_REQUESTED; @@ -264,9 +263,9 @@ st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; } else if (s->version >= TLS1_VERSION - && s->ext.session_secret_cb != NULL - && s->session->ext.tick != NULL - && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + && s->ext.session_secret_cb != NULL + && s->session->ext.tick != NULL + && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { /* * Normally, we can tell if the server is resuming the session * from the session ID. EAP-FAST (RFC 4851), however, relies on @@ -277,7 +276,7 @@ st->hand_state = TLS_ST_CR_CHANGE; return 1; } else if (!(s->s3.tmp.new_cipher->algorithm_auth - & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { + & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_CR_CERT; return 1; @@ -293,7 +292,7 @@ return 1; } } else if (mt == SSL3_MT_CERTIFICATE_REQUEST - && cert_req_allowed(s)) { + && cert_req_allowed(s)) { st->hand_state = TLS_ST_CR_CERT_REQ; return 1; } else if (mt == SSL3_MT_SERVER_DONE) { @@ -318,8 +317,7 @@ case TLS_ST_CR_CERT_STATUS: ske_expected = key_exchange_expected(s); /* SKE is optional for some PSK ciphersuites */ - if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) - && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { + if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { st->hand_state = TLS_ST_CR_KEY_EXCH; return 1; @@ -379,7 +377,7 @@ break; } - err: +err: /* No valid transition found */ if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; @@ -438,14 +436,14 @@ case TLS_ST_CR_FINISHED: if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY - || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) + || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) st->hand_state = TLS_ST_PENDING_EARLY_DATA_END; else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request == SSL_HRR_NONE) + && s->hello_retry_request == SSL_HRR_NONE) st->hand_state = TLS_ST_CW_CHANGE; else st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT - : TLS_ST_CW_FINISHED; + : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_PENDING_EARLY_DATA_END: @@ -458,13 +456,13 @@ case TLS_ST_CW_END_OF_EARLY_DATA: case TLS_ST_CW_CHANGE: st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT - : TLS_ST_CW_FINISHED; + : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_CW_CERT: /* If a non-empty Certificate we also send CertificateVerify */ st->hand_state = (s->s3.tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY - : TLS_ST_CW_FINISHED; + : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_CW_CERT_VRFY: @@ -550,7 +548,7 @@ * because we did early data. */ if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) st->hand_state = TLS_ST_CW_CHANGE; else st->hand_state = TLS_ST_CW_CLNT_HELLO; @@ -706,7 +704,7 @@ * on with the handshake. Otherwise we pause here. */ if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING - || s->early_data_state == SSL_EARLY_DATA_NONE) + || s->early_data_state == SSL_EARLY_DATA_NONE) return WORK_FINISHED_CONTINUE; /* Fall through */ @@ -738,7 +736,7 @@ case TLS_ST_CW_CLNT_HELLO: if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0) { + && s->max_early_data > 0) { /* * We haven't selected TLSv1.3 yet so we don't call the change * cipher state function associated with the SSL_METHOD. Instead @@ -746,7 +744,7 @@ */ if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) { if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -782,14 +780,14 @@ if (SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING) break; if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0) { + && s->max_early_data > 0) { /* * We haven't selected TLSv1.3 yet so we don't call the change * cipher state function associated with the SSL_METHOD. Instead * we call tls13_change_cipher_state() directly. */ if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) return WORK_ERROR; break; } @@ -808,7 +806,7 @@ } if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -821,7 +819,7 @@ * no SCTP used. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif @@ -837,7 +835,7 @@ * no SCTP used. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (statem_flush(s) != 1) @@ -880,7 +878,7 @@ * 0: Error */ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, - confunc_f *confunc, int *mt) + confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; @@ -1109,10 +1107,10 @@ } if (sess == NULL - || !ssl_version_supported(s, sess->ssl_version, NULL) - || !SSL_SESSION_is_resumable(sess)) { + || !ssl_version_supported(s, sess->ssl_version, NULL) + || !SSL_SESSION_is_resumable(sess)) { if (s->hello_retry_request == SSL_HRR_NONE - && !ssl_get_new_session(s, 0)) { + && !ssl_get_new_session(s, 0)) { /* SSLfatal() already called */ return 0; } @@ -1138,8 +1136,7 @@ i = (s->hello_retry_request == SSL_HRR_NONE); } - if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), - DOWNGRADE_NONE) <= 0) { + if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), DOWNGRADE_NONE) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1178,7 +1175,7 @@ * supported_versions extension for the real supported versions. */ if (!WPACKET_put_bytes_u16(pkt, s->client_version) - || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) { + || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1187,13 +1184,14 @@ session_id = s->session->session_id; if (s->new_session || s->session->ssl_version == TLS1_3_VERSION) { if (s->version == TLS1_3_VERSION - && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { + && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { sess_id_len = sizeof(s->tmp_session_id); s->tmp_session_id_len = sess_id_len; session_id = s->tmp_session_id; if (s->hello_retry_request == SSL_HRR_NONE - && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id, - sess_id_len, 0) <= 0) { + && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id, + sess_id_len, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1209,9 +1207,8 @@ } } if (!WPACKET_start_sub_packet_u8(pkt) - || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id, - sess_id_len)) - || !WPACKET_close(pkt)) { + || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id, sess_id_len)) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1219,8 +1216,8 @@ /* cookie stuff for DTLS */ if (SSL_IS_DTLS(s)) { if (s->d1->cookie_len > sizeof(s->d1->cookie) - || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, - s->d1->cookie_len)) { + || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, + s->d1->cookie_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1248,8 +1245,8 @@ } #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s) - && s->ctx->comp_methods - && (SSL_IS_DTLS(s) || s->s3.tmp.max_ver < TLS1_3_VERSION)) { + && s->ctx->comp_methods + && (SSL_IS_DTLS(s) || s->s3.tmp.max_ver < TLS1_3_VERSION)) { int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); for (i = 0; i < compnum; i++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); @@ -1331,7 +1328,7 @@ } if (SSL_IS_TLS13(s) && s->s3.tmp.new_cipher != NULL - && s->s3.tmp.new_cipher->id != c->id) { + && s->s3.tmp.new_cipher->id != c->id) { /* ServerHello selected a different ciphersuite to that in the HRR */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CIPHER_RETURNED); return 0; @@ -1353,9 +1350,9 @@ * ciphersuite as long as the hash is the same. */ if (md == NULL - || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) { + || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); + SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); return 0; } } else { @@ -1364,7 +1361,7 @@ * ciphersuite. */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); return 0; } } @@ -1394,9 +1391,9 @@ /* load the server random */ if (s->version == TLS1_3_VERSION - && sversion == TLS1_2_VERSION - && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE - && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { + && sversion == TLS1_2_VERSION + && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE + && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { if (s->hello_retry_request != SSL_HRR_NONE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto err; @@ -1440,16 +1437,16 @@ if (PACKET_remaining(pkt) == 0 && !hrr) { PACKET_null_init(&extpkt); } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH); goto err; } if (!hrr) { if (!tls_collect_extensions(s, &extpkt, - SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO, - &extensions, NULL, 1)) { + SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO, + &extensions, NULL, 1)) { /* SSLfatal() already called */ goto err; } @@ -1463,13 +1460,14 @@ if (SSL_IS_TLS13(s) || hrr) { if (compression != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } if (session_id_len != s->tmp_session_id_len - || memcmp(PACKET_data(&session_id), s->tmp_session_id, - session_id_len) != 0) { + || memcmp(PACKET_data(&session_id), s->tmp_session_id, + session_id_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INVALID_SESSION_ID); goto err; } @@ -1504,14 +1502,14 @@ */ if (RECORD_LAYER_processed_read_pending(&s->rlayer)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_NOT_ON_RECORD_BOUNDARY); + SSL_R_NOT_ON_RECORD_BOUNDARY); goto err; } /* This will set s->hit if we are resuming */ if (!tls_parse_extension(s, TLSEXT_IDX_psk, - SSL_EXT_TLS1_3_SERVER_HELLO, - extensions, NULL, 0)) { + SSL_EXT_TLS1_3_SERVER_HELLO, + extensions, NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -1529,7 +1527,7 @@ * message to see if the server wants to resume. */ if (s->version >= TLS1_VERSION - && s->ext.session_secret_cb != NULL && s->session->ext.tick) { + && s->ext.session_secret_cb != NULL && s->session->ext.tick) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -1538,13 +1536,12 @@ int master_key_length; master_key_length = sizeof(s->session->master_key); if (s->ext.session_secret_cb(s, s->session->master_key, - &master_key_length, - NULL, &pref_cipher, - s->ext.session_secret_cb_arg) - && master_key_length > 0) { + &master_key_length, + NULL, &pref_cipher, + s->ext.session_secret_cb_arg) + && master_key_length > 0) { s->session->master_key_length = master_key_length; - s->session->cipher = pref_cipher ? - pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); + s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); } else { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1552,18 +1549,19 @@ } if (session_id_len != 0 - && session_id_len == s->session->session_id_length - && memcmp(PACKET_data(&session_id), s->session->session_id, - session_id_len) == 0) + && session_id_len == s->session->session_id_length + && memcmp(PACKET_data(&session_id), s->session->session_id, + session_id_len) + == 0) s->hit = 1; } if (s->hit) { if (s->sid_ctx_length != s->session->sid_ctx_length - || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { + || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto err; } } else { @@ -1594,14 +1592,14 @@ /* session_id_len could be 0 */ if (session_id_len > 0) memcpy(s->session->session_id, PACKET_data(&session_id), - session_id_len); + session_id_len); } } /* Session version and negotiated protocol version should match */ if (s->version != s->session->ssl_version) { SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_SSL_SESSION_VERSION_MISMATCH); + SSL_R_SSL_SESSION_VERSION_MISMATCH); goto err; } /* @@ -1619,7 +1617,7 @@ #ifdef OPENSSL_NO_COMP if (compression != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto err; } /* @@ -1633,7 +1631,7 @@ #else if (s->hit && compression != s->session->compress_meth) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); + SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); goto err; } if (compression == 0) @@ -1647,7 +1645,7 @@ if (compression != 0 && comp == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto err; } else { s->s3.tmp.new_compression = comp; @@ -1670,7 +1668,7 @@ * no SCTP used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -1678,16 +1676,17 @@ labellen += 1; if (SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), - labelbuffer, - labellen, NULL, 0, 0) <= 0) { + sizeof(sctpauthkey), + labelbuffer, + labellen, NULL, 0, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, + sizeof(sctpauthkey), sctpauthkey); } #endif @@ -1696,22 +1695,22 @@ * we're done with this message */ if (SSL_IS_TLS13(s) - && (!s->method->ssl3_enc->setup_key_block(s) - || !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) { + && (!s->method->ssl3_enc->setup_key_block(s) + || !s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) { /* SSLfatal() already called */ goto err; } OPENSSL_free(extensions); return MSG_PROCESS_CONTINUE_READING; - err: +err: OPENSSL_free(extensions); return MSG_PROCESS_ERROR; } static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, - PACKET *extpkt) + PACKET *extpkt) { RAW_EXTENSION *extensions = NULL; @@ -1723,9 +1722,9 @@ s->enc_write_ctx = NULL; if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - &extensions, NULL, 1) - || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - extensions, NULL, 0, 1)) { + &extensions, NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, + extensions, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -1758,13 +1757,13 @@ * for HRR messages. */ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { + s->init_num + SSL3_HM_HEADER_LENGTH)) { /* SSLfatal() already called */ goto err; } return MSG_PROCESS_FINISHED_READING; - err: +err: OPENSSL_free(extensions); return MSG_PROCESS_ERROR; } @@ -1784,10 +1783,10 @@ } if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context)) - || context != 0 - || !PACKET_get_net_3(pkt, &cert_list_len) - || PACKET_remaining(pkt) != cert_list_len - || PACKET_remaining(pkt) == 0) { + || context != 0 + || !PACKET_get_net_3(pkt, &cert_list_len) + || PACKET_remaining(pkt) != cert_list_len + || PACKET_remaining(pkt) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -1806,7 +1805,8 @@ goto err; } if (d2i_X509(&x, (const unsigned char **)&certbytes, - cert_len) == NULL) { + cert_len) + == NULL) { SSLfatal(s, SSL_AD_BAD_CERTIFICATE, ERR_R_ASN1_LIB); goto err; } @@ -1825,11 +1825,11 @@ goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - NULL, chainidx == 0) + SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, + NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, - PACKET_remaining(pkt) == 0)) { + rawexts, x, chainidx, + PACKET_remaining(pkt) == 0)) { OPENSSL_free(rawexts); /* SSLfatal already called */ goto err; @@ -1845,7 +1845,7 @@ } return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: X509_free(x); sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = NULL; @@ -1887,10 +1887,10 @@ */ if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { SSLfatal(s, ssl_x509err2alert(s->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); + SSL_R_CERTIFICATE_VERIFY_FAILED); return WORK_ERROR; } - ERR_clear_error(); /* but we keep s->verify_result */ + ERR_clear_error(); /* but we keep s->verify_result */ /* * Inconsistency alert: cert_chain does include the peer's certificate, @@ -1902,7 +1902,7 @@ if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); + SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); return WORK_ERROR; } @@ -1929,9 +1929,9 @@ /* Save the current hash state for when we receive the CertificateVerify */ if (SSL_IS_TLS13(s) - && !ssl_handshake_hash(s, s->cert_verify_hash, - sizeof(s->cert_verify_hash), - &s->cert_verify_hash_len)) { + && !ssl_handshake_hash(s, s->cert_verify_hash, + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { /* SSLfatal() already called */; return WORK_ERROR; } @@ -1965,7 +1965,7 @@ OPENSSL_free(s->session->psk_identity_hint); s->session->psk_identity_hint = NULL; } else if (!PACKET_strndup(&psk_identity_hint, - &s->session->psk_identity_hint)) { + &s->session->psk_identity_hint)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1990,18 +1990,18 @@ return 0; } - if ((s->srp_ctx.N = - BN_bin2bn(PACKET_data(&prime), - (int)PACKET_remaining(&prime), NULL)) == NULL - || (s->srp_ctx.g = - BN_bin2bn(PACKET_data(&generator), - (int)PACKET_remaining(&generator), NULL)) == NULL - || (s->srp_ctx.s = - BN_bin2bn(PACKET_data(&salt), - (int)PACKET_remaining(&salt), NULL)) == NULL - || (s->srp_ctx.B = - BN_bin2bn(PACKET_data(&server_pub), - (int)PACKET_remaining(&server_pub), NULL)) == NULL) { + if ((s->srp_ctx.N = BN_bin2bn(PACKET_data(&prime), + (int)PACKET_remaining(&prime), NULL)) + == NULL + || (s->srp_ctx.g = BN_bin2bn(PACKET_data(&generator), + (int)PACKET_remaining(&generator), NULL)) + == NULL + || (s->srp_ctx.s = BN_bin2bn(PACKET_data(&salt), + (int)PACKET_remaining(&salt), NULL)) + == NULL + || (s->srp_ctx.B = BN_bin2bn(PACKET_data(&server_pub), + (int)PACKET_remaining(&server_pub), NULL)) + == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BN_LIB); return 0; } @@ -2041,9 +2041,9 @@ p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL); g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator), - NULL); + NULL); bnpub_key = BN_bin2bn(PACKET_data(&pub_key), - (int)PACKET_remaining(&pub_key), NULL); + (int)PACKET_remaining(&pub_key), NULL); if (p == NULL || g == NULL || bnpub_key == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BN_LIB); goto err; @@ -2051,11 +2051,11 @@ tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - bnpub_key) - || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, + bnpub_key) + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2066,7 +2066,7 @@ goto err; } if (EVP_PKEY_fromdata_init(pctx) <= 0 - || EVP_PKEY_fromdata(pctx, &peer_tmp, EVP_PKEY_KEYPAIR, params) <= 0) { + || EVP_PKEY_fromdata(pctx, &peer_tmp, EVP_PKEY_KEYPAIR, params) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_DH_VALUE); goto err; } @@ -2074,21 +2074,21 @@ EVP_PKEY_CTX_free(pctx); pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, peer_tmp, s->ctx->propq); if (pctx == NULL - /* - * EVP_PKEY_param_check() will verify that the DH params are using - * a safe prime. In this context, because we're using ephemeral DH, - * we're ok with it not being a safe prime. - * EVP_PKEY_param_check_quick() skips the safe prime check. - */ - || EVP_PKEY_param_check_quick(pctx) != 1 - || EVP_PKEY_public_check(pctx) != 1) { + /* + * EVP_PKEY_param_check() will verify that the DH params are using + * a safe prime. In this context, because we're using ephemeral DH, + * we're ok with it not being a safe prime. + * EVP_PKEY_param_check_quick() skips the safe prime check. + */ + || EVP_PKEY_param_check_quick(pctx) != 1 + || EVP_PKEY_public_check(pctx) != 1) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_DH_VALUE); goto err; } if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(peer_tmp), - 0, peer_tmp)) { + EVP_PKEY_get_security_bits(peer_tmp), + 0, peer_tmp)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); goto err; } @@ -2106,7 +2106,7 @@ ret = 1; - err: +err: OSSL_PARAM_BLD_free(tmpl); OSSL_PARAM_free(params); EVP_PKEY_free(peer_tmp); @@ -2137,14 +2137,14 @@ * server has sent an invalid curve. */ if (curve_type != NAMED_CURVE_TYPE - || !tls1_check_group_id(s, curve_id, 1)) { + || !tls1_check_group_id(s, curve_id, 1)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE); return 0; } if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } @@ -2154,8 +2154,9 @@ } if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); return 0; } @@ -2233,8 +2234,7 @@ * equals the length of the parameters. */ if (!PACKET_get_sub_packet(&save_param_start, ¶ms, - PACKET_remaining(&save_param_start) - - PACKET_remaining(pkt))) { + PACKET_remaining(&save_param_start) - PACKET_remaining(pkt))) { SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2246,24 +2246,24 @@ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT); goto err; } - if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) { + if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) { /* SSLfatal() already called */ goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); goto err; } if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); + SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); goto err; } if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (!PACKET_get_length_prefixed_2(pkt, &signature) || PACKET_remaining(pkt) != 0) { @@ -2278,29 +2278,31 @@ } if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + s->ctx->libctx, s->ctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } if (SSL_USE_PSS(s)) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } } tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(¶ms), - PACKET_remaining(¶ms)); + PACKET_remaining(¶ms)); if (tbslen == 0) { /* SSLfatal() already called */ goto err; } rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature), - PACKET_remaining(&signature), tbs, tbslen); + PACKET_remaining(&signature), tbs, tbslen); OPENSSL_free(tbs); if (rv <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); @@ -2327,7 +2329,7 @@ } return MSG_PROCESS_CONTINUE_READING; - err: +err: EVP_MD_CTX_free(md_ctx); return MSG_PROCESS_ERROR; } @@ -2361,8 +2363,7 @@ s->pha_context = NULL; s->pha_context_len = 0; - if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || - !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { + if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return MSG_PROCESS_ERROR; } @@ -2372,10 +2373,10 @@ return MSG_PROCESS_ERROR; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - &rawexts, NULL, 1) + SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + &rawexts, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - rawexts, NULL, 0, 1)) { + rawexts, NULL, 0, 1)) { /* SSLfatal() already called */ OPENSSL_free(rawexts); return MSG_PROCESS_ERROR; @@ -2413,7 +2414,7 @@ */ if (!tls1_save_sigalgs(s, &sigalgs, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SIGNATURE_ALGORITHMS_ERROR); + SSL_R_SIGNATURE_ALGORITHMS_ERROR); return MSG_PROCESS_ERROR; } if (!tls1_process_sigalgs(s)) { @@ -2502,7 +2503,7 @@ } if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0 - && !SSL_IS_TLS13(s)) { + && !SSL_IS_TLS13(s)) { /* * In TLSv1.2 and below the arrival of a new tickets signals that * any old ticket we were using is now out of date, so we remove the @@ -2540,17 +2541,17 @@ PACKET extpkt; if (!PACKET_as_length_prefixed_2(pkt, &extpkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } if (!tls_collect_extensions(s, &extpkt, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts, - NULL, 1) - || !tls_parse_all_extensions(s, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - exts, NULL, 0, 1)) { + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts, + NULL, 1) + || !tls_parse_all_extensions(s, + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + exts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -2578,8 +2579,8 @@ * but s->session->session_id_length is a size_t */ if (!EVP_Digest(s->session->ext.tick, ticklen, - s->session->session_id, &sess_len, - sha256, NULL)) { + s->session->session_id, &sess_len, + sha256, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -2593,7 +2594,9 @@ const EVP_MD *md = ssl_handshake_md(s); int hashleni = EVP_MD_get_size(md); size_t hashlen; - static const unsigned char nonce_label[] = "resumption"; + /* ASCII: "resumption", in hex for EBCDIC compatibility */ + static const unsigned char nonce_label[] = { 0x72, 0x65, 0x73, 0x75, 0x6D, + 0x70, 0x74, 0x69, 0x6F, 0x6E }; /* Ensure cast to size_t is safe */ if (!ossl_assert(hashleni >= 0)) { @@ -2603,12 +2606,12 @@ hashlen = (size_t)hashleni; if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, - nonce_label, - sizeof(nonce_label) - 1, - PACKET_data(&nonce), - PACKET_remaining(&nonce), - s->session->master_key, - hashlen, 1)) { + nonce_label, + sizeof(nonce_label), + PACKET_data(&nonce), + PACKET_remaining(&nonce), + s->session->master_key, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -2620,7 +2623,7 @@ } return MSG_PROCESS_CONTINUE_READING; - err: +err: EVP_MD_free(sha256); OPENSSL_free(exts); return MSG_PROCESS_ERROR; @@ -2660,7 +2663,6 @@ return 1; } - MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) { if (!tls_process_cert_status_body(s, pkt)) { @@ -2694,17 +2696,17 @@ * message, or NULL and -1 otherwise */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing - && s->ctx->ext.status_cb != NULL) { + && s->ctx->ext.status_cb != NULL) { int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); if (ret == 0) { SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE, - SSL_R_INVALID_STATUS_RESPONSE); + SSL_R_INVALID_STATUS_RESPONSE); return 0; } if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_OCSP_CALLBACK_FAILURE); + SSL_R_OCSP_CALLBACK_FAILURE); return 0; } } @@ -2769,12 +2771,12 @@ memset(identity, 0, sizeof(identity)); psklen = s->psk_client_callback(s, s->session->psk_identity_hint, - identity, sizeof(identity) - 1, - psk, sizeof(psk)); + identity, sizeof(identity) - 1, + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); - psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ + psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ goto err; } else if (psklen == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_PSK_IDENTITY_NOT_FOUND); @@ -2802,14 +2804,14 @@ s->session->psk_identity = tmpidentity; tmpidentity = NULL; - if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) { + if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } ret = 1; - err: +err: OPENSSL_cleanse(psk, psklen); OPENSSL_cleanse(identity, sizeof(identity)); OPENSSL_clear_free(tmppsk, psklen); @@ -2872,7 +2874,7 @@ goto err; } if (!WPACKET_allocate_bytes(pkt, enclen, &encdata) - || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) { + || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_RSA_ENCRYPT); goto err; } @@ -2895,7 +2897,7 @@ s->s3.tmp.pmslen = pmslen; return 1; - err: +err: OPENSSL_clear_free(pms, pmslen); EVP_PKEY_CTX_free(pctx); @@ -2959,7 +2961,7 @@ } ret = 1; - err: +err: OPENSSL_free(encoded_pub); EVP_PKEY_free(ckey); return ret; @@ -3003,7 +3005,7 @@ } ret = 1; - err: +err: OPENSSL_free(encodedPoint); EVP_PKEY_free(ckey); return ret; @@ -3032,13 +3034,13 @@ peer_cert = s->session->peer; if (peer_cert == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); return 0; } pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, - X509_get0_pubkey(peer_cert), - s->ctx->propq); + X509_get0_pubkey(peer_cert), + s->ctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; @@ -3072,9 +3074,11 @@ if (ukm_hash == NULL || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0 || EVP_DigestUpdate(ukm_hash, s->s3.client_random, - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestUpdate(ukm_hash, s->s3.server_random, - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -3082,7 +3086,8 @@ EVP_MD_CTX_free(ukm_hash); ukm_hash = NULL; if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) <= 0) { + EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3097,8 +3102,8 @@ } if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) - || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81)) - || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) { + || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81)) + || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3108,7 +3113,7 @@ s->s3.tmp.pmslen = pmslen; return 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); OPENSSL_clear_free(pms, pmslen); EVP_MD_CTX_free(ukm_hash); @@ -3132,7 +3137,7 @@ int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf) { - EVP_MD_CTX * hash = NULL; + EVP_MD_CTX *hash = NULL; unsigned int md_len; const EVP_MD *md = ssl_evp_md_fetch(s->ctx->libctx, NID_id_GostR3411_2012_256, s->ctx->propq); @@ -3191,36 +3196,38 @@ goto err; } - /* Get server certificate PKEY and create ctx from it */ + /* Get server certificate PKEY and create ctx from it */ peer_cert = s->session->peer; if (peer_cert == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); goto err; } pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, - X509_get0_pubkey(peer_cert), - s->ctx->propq); + X509_get0_pubkey(peer_cert), + s->ctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } - if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 ) { + if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; }; /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) { + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) { + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3231,7 +3238,7 @@ } if (!WPACKET_allocate_bytes(pkt, msglen, &encdata) - || EVP_PKEY_encrypt(pkey_ctx, encdata, &msglen, pms, pmslen) <= 0) { + || EVP_PKEY_encrypt(pkey_ctx, encdata, &msglen, pms, pmslen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -3242,7 +3249,7 @@ s->s3.tmp.pmslen = pmslen; return 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); OPENSSL_clear_free(pms, pmslen); return 0; @@ -3258,8 +3265,8 @@ unsigned char *abytes = NULL; if (s->srp_ctx.A == NULL - || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A), - &abytes)) { + || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A), + &abytes)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3317,7 +3324,7 @@ } return 1; - err: +err: OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); s->s3.tmp.pms = NULL; s->s3.tmp.pmslen = 0; @@ -3373,7 +3380,7 @@ * used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -3381,19 +3388,20 @@ labellen += 1; if (SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, 0) <= 0) { + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } #endif return 1; - err: +err: OPENSSL_clear_free(pms, pmslen); s->s3.tmp.pms = NULL; s->s3.tmp.pmslen = 0; @@ -3414,8 +3422,7 @@ * If strict mode check suitability of chain before using it. This also * adjusts suite B digest if necessary. */ - if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && - !tls1_check_chain(s, NULL, NULL, NULL, -2)) + if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && !tls1_check_chain(s, NULL, NULL, NULL, -2)) return 0; return 1; } @@ -3514,16 +3521,16 @@ } } if (!ssl3_output_cert_chain(s, pkt, - (s->s3.tmp.cert_req == 2) ? NULL - : s->cert->key)) { + (s->s3.tmp.cert_req == 2) ? NULL + : s->cert->key)) { /* SSLfatal() already called */ return 0; } if (SSL_IS_TLS13(s) - && SSL_IS_FIRST_HANDSHAKE(s) - && (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + && SSL_IS_FIRST_HANDSHAKE(s) + && (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { /* * This is a fatal error, which leaves enc_write_ctx in an inconsistent * state and thus ssl3_send_alert may crash. @@ -3566,7 +3573,7 @@ if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); + SSL_R_MISSING_RSA_ENCRYPTING_CERT); return 0; } @@ -3588,7 +3595,7 @@ padding_len = 32 - ((len + 2) % 32); if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len) - || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) { + || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3633,16 +3640,16 @@ RAW_EXTENSION *rawexts = NULL; if (!PACKET_as_length_prefixed_2(pkt, &extensions) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, - NULL, 1) - || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - rawexts, NULL, 0, 1)) { + SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, + NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + rawexts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -3650,7 +3657,7 @@ OPENSSL_free(rawexts); return MSG_PROCESS_CONTINUE_READING; - err: +err: OPENSSL_free(rawexts); return MSG_PROCESS_ERROR; } @@ -3688,9 +3695,9 @@ } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH -# if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6 -# error Max cipher length too short -# endif +#if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6 +#error Max cipher length too short +#endif /* * Some servers hang if client hello > 256 bytes as hack workaround * chop number of supported ciphers to keep it well below this if we @@ -3725,11 +3732,11 @@ if (!maxverok) { if (SSL_IS_DTLS(s)) { if (DTLS_VERSION_GE(c->max_dtls, s->s3.tmp.max_ver) - && DTLS_VERSION_LE(c->min_dtls, s->s3.tmp.max_ver)) + && DTLS_VERSION_LE(c->min_dtls, s->s3.tmp.max_ver)) maxverok = 1; } else { if (c->max_tls >= s->s3.tmp.max_ver - && c->min_tls <= s->s3.tmp.max_ver) + && c->min_tls <= s->s3.tmp.max_ver) maxverok = 1; } } @@ -3738,13 +3745,12 @@ } if (totlen == 0 || !maxverok) { - const char *maxvertext = - !maxverok + const char *maxvertext = !maxverok ? "No ciphers enabled for max supported SSL/TLS version" : NULL; SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_CIPHERS_AVAILABLE, - maxvertext); + maxvertext); return 0; } @@ -3775,7 +3781,7 @@ int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt) { if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) { + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } --- crypto/openssl/ssl/statem/statem_dtls.c.orig +++ crypto/openssl/ssl/statem/statem_dtls.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,37 +20,46 @@ #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) -#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ - if ((end) - (start) <= 8) { \ - long ii; \ - for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ - } else { \ - long ii; \ - bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ - for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ - bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ - } } - -#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ - long ii; \ - is_complete = 1; \ - if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ - if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ - if (bitmask[ii] != 0xff) { is_complete = 0; break; } } - -static unsigned char bitmask_start_values[] = - { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 }; -static unsigned char bitmask_end_values[] = - { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; +#define RSMBLY_BITMASK_MARK(bitmask, start, end) \ + { \ + if ((end) - (start) <= 8) { \ + long ii; \ + for (ii = (start); ii < (end); ii++) \ + bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ + } else { \ + long ii; \ + bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ + for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) \ + bitmask[ii] = 0xff; \ + bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ + } \ + } + +#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) \ + { \ + long ii; \ + is_complete = 1; \ + if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) \ + is_complete = 0; \ + if (is_complete) \ + for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0; ii--) \ + if (bitmask[ii] != 0xff) { \ + is_complete = 0; \ + break; \ + } \ + } + +static unsigned char bitmask_start_values[] = { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 }; +static unsigned char bitmask_end_values[] = { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; static void dtls1_fix_message_header(SSL *s, size_t frag_off, - size_t frag_len); + size_t frag_len); static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - size_t len, - unsigned short seq_num, - size_t frag_off, - size_t frag_len); + size_t len, + unsigned short seq_num, + size_t frag_off, + size_t frag_len); static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len); static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) @@ -121,23 +130,20 @@ return -1; if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) { - if (!ossl_assert(s->init_num == - s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)) + if (!ossl_assert(s->init_num == s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)) return -1; } if (s->write_hash) { if (s->enc_write_ctx - && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & - EVP_CIPH_FLAG_AEAD_CIPHER) != 0) + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) mac_size = 0; else mac_size = EVP_MD_CTX_get_size(s->write_hash); } else mac_size = 0; - if (s->enc_write_ctx && - (EVP_CIPHER_CTX_get_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) + if (s->enc_write_ctx && (EVP_CIPHER_CTX_get_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) blocksize = 2 * EVP_CIPHER_CTX_get_block_size(s->enc_write_ctx); else blocksize = 0; @@ -231,12 +237,11 @@ dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH); dtls1_write_message_header(s, - (unsigned char *)&s->init_buf-> - data[s->init_off]); + (unsigned char *)&s->init_buf->data[s->init_off]); } ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, - &written); + &written); if (ret <= 0) { /* * might need to update MTU here, but we don't know which @@ -244,8 +249,7 @@ * retransmit anything. continue as if everything is fine and * wait for an alert to handle the retransmit */ - if (retry && BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { + if (retry && BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { if (!dtls1_query_mtu(s)) return -1; @@ -270,8 +274,7 @@ * should not be done for 'Hello Request's, but in that case * we'll ignore the result anyway */ - unsigned char *p = - (unsigned char *)&s->init_buf->data[s->init_off]; + unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; size_t xlen; @@ -299,8 +302,8 @@ if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, - s->msg_callback_arg); + (size_t)(s->init_off + s->init_num), s, + s->msg_callback_arg); s->init_off = 0; /* done writing this message */ s->init_num = 0; @@ -335,10 +338,10 @@ msg_hdr = &s->d1->r_msg_hdr; memset(msg_hdr, 0, sizeof(*msg_hdr)); - again: +again: if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) { if (errtype == DTLS1_HM_BAD_FRAGMENT - || errtype == DTLS1_HM_FRAGMENT_RETRY) { + || errtype == DTLS1_HM_FRAGMENT_RETRY) { /* bad fragment received */ goto again; } @@ -352,7 +355,7 @@ if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - p, 1, s, s->msg_callback_arg); + p, 1, s, s->msg_callback_arg); } /* * This isn't a real handshake message so skip the processing below. @@ -411,10 +414,10 @@ if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, - s, s->msg_callback_arg); + s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, + s, s->msg_callback_arg); - end: +end: *len = s->init_num; return 1; } @@ -442,7 +445,7 @@ /* sanity checking */ if ((frag_off + frag_len) > msg_len - || msg_len > dtls1_max_handshake_message_len(s)) { + || msg_len > dtls1_max_handshake_message_len(s)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE); return 0; } @@ -505,9 +508,9 @@ hm_fragment *nextfrag; if (!s->server - || frag->msg_header.seq != 0 - || s->d1->handshake_read_seq != 1 - || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { + || frag->msg_header.seq != 0 + || s->d1->handshake_read_seq != 1 + || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { /* * This is a stale message that has been buffered so clear it. * It is safe to pop this message from the queue even though @@ -530,9 +533,9 @@ nextfrag = (hm_fragment *)next->data; if (nextfrag->msg_header.seq == s->d1->handshake_read_seq) { /* - * We have fragments for both a ClientHello without - * cookie and one with. Ditch the one without. - */ + * We have fragments for both a ClientHello without + * cookie and one with. Ditch the one without. + */ pqueue_pop(s->d1->buffered_messages); dtls1_hm_fragment_free(frag); pitem_free(item); @@ -560,10 +563,9 @@ ret = dtls1_preprocess_fragment(s, &frag->msg_header); if (ret && frag->msg_header.frag_len > 0) { - unsigned char *p = - (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, - frag->msg_header.frag_len); + frag->msg_header.frag_len); } dtls1_hm_fragment_free(frag); @@ -602,8 +604,7 @@ size_t frag_len = msg_hdr->frag_len; size_t readbytes; - if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || - msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) + if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) goto err; if (frag_len == 0) { @@ -642,10 +643,8 @@ while (frag_len) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - devnull, - frag_len > - sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &readbytes); + devnull, + frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0, &readbytes); if (i <= 0) goto err; frag_len -= readbytes; @@ -655,20 +654,20 @@ /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment + msg_hdr->frag_off, - frag_len, 0, &readbytes); + frag->fragment + msg_hdr->frag_off, + frag_len, 0, &readbytes); if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, - (long)(msg_hdr->frag_off + frag_len)); + (long)(msg_hdr->frag_off + frag_len)); if (!ossl_assert(msg_hdr->msg_len > 0)) goto err; RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, - is_complete); + is_complete); if (is_complete) { OPENSSL_free(frag->reassembly); @@ -695,7 +694,7 @@ return DTLS1_HM_FRAGMENT_RETRY; - err: +err: if (item == NULL) dtls1_hm_fragment_free(frag); return -1; @@ -732,17 +731,13 @@ * in the future, already in the queue or if we received a FINISHED * before the SERVER_HELLO, which then must be a stale retransmit. */ - if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || - (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { + if (msg_hdr->seq <= s->d1->handshake_read_seq || msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull[256]; while (frag_len) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - devnull, - frag_len > - sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &readbytes); + devnull, + frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0, &readbytes); if (i <= 0) goto err; frag_len -= readbytes; @@ -766,9 +761,9 @@ * read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment, frag_len, 0, - &readbytes); - if (i<=0 || readbytes != frag_len) + frag->fragment, frag_len, 0, + &readbytes); + if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -793,7 +788,7 @@ return DTLS1_HM_FRAGMENT_RETRY; - err: +err: if (item == NULL) dtls1_hm_fragment_free(frag); return 0; @@ -810,7 +805,7 @@ *errtype = 0; - redo: +redo: /* see if we have the required fragment already */ ret = dtls1_retrieve_buffered_fragment(s, &frag_len); if (ret < 0) { @@ -825,8 +820,8 @@ /* read handshake message header */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire, - DTLS1_HM_HEADER_LENGTH, 0, &readbytes); - if (i <= 0) { /* nbio, or an error */ + DTLS1_HM_HEADER_LENGTH, 0, &readbytes); + if (i <= 0) { /* nbio, or an error */ s->rwstate = SSL_READING; *len = 0; return 0; @@ -834,7 +829,7 @@ if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) { if (wire[0] != SSL3_MT_CCS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_BAD_CHANGE_CIPHER_SPEC); + SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } @@ -877,10 +872,10 @@ */ if (msg_hdr.seq != s->d1->handshake_read_seq) { if (!s->server - || msg_hdr.seq != 0 - || s->d1->handshake_read_seq != 1 - || wire[0] != SSL3_MT_CLIENT_HELLO - || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { + || msg_hdr.seq != 0 + || s->d1->handshake_read_seq != 1 + || wire[0] != SSL3_MT_CLIENT_HELLO + || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr); return 0; } @@ -898,9 +893,9 @@ } if (!s->server - && s->d1->r_msg_hdr.frag_off == 0 - && s->statem.hand_state != TLS_ST_OK - && wire[0] == SSL3_MT_HELLO_REQUEST) { + && s->d1->r_msg_hdr.frag_off == 0 + && s->statem.hand_state != TLS_ST_OK + && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- we are * doing a handshake anyway now, so ignore them if their format is @@ -909,12 +904,12 @@ if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - wire, DTLS1_HM_HEADER_LENGTH, s, - s->msg_callback_arg); + wire, DTLS1_HM_HEADER_LENGTH, s, + s->msg_callback_arg); s->init_num = 0; goto redo; - } else { /* Incorrectly formatted Hello request */ + } else { /* Incorrectly formatted Hello request */ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; @@ -927,11 +922,10 @@ } if (frag_len > 0) { - unsigned char *p = - (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[frag_off], frag_len, 0, &readbytes); + &p[frag_off], frag_len, 0, &readbytes); /* * This shouldn't ever fail due to NBIO because we already checked @@ -975,7 +969,7 @@ *len = s->init_num = frag_len; return 1; - f_err: +f_err: s->init_num = 0; *len = 0; return 0; @@ -1059,8 +1053,7 @@ return code; } /* done, no need to send a retransmit */ - if (!SSL_in_init(s)) - { + if (!SSL_in_init(s)) { BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code; } @@ -1095,10 +1088,7 @@ for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { frag = (hm_fragment *)item->data; - if (dtls1_retransmit_message(s, (unsigned short) - dtls1_get_queue_priority - (frag->msg_header.seq, - frag->msg_header.is_ccs), &found) <= 0) + if (dtls1_retransmit_message(s, (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), &found) <= 0) return -1; } @@ -1126,16 +1116,13 @@ if (is_ccs) { /* For DTLS1_BAD_VER the header length is non-standard */ - if (!ossl_assert(s->d1->w_msg_hdr.msg_len + - ((s->version == - DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) - == (unsigned int)s->init_num)) { + if (!ossl_assert(s->d1->w_msg_hdr.msg_len + ((s->version == DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) + == (unsigned int)s->init_num)) { dtls1_hm_fragment_free(frag); return 0; } } else { - if (!ossl_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num)) { + if (!ossl_assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num)) { dtls1_hm_fragment_free(frag); return 0; } @@ -1153,18 +1140,14 @@ frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; frag->msg_header.saved_retransmit_state.compress = s->compress; frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = - DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer); + frag->msg_header.saved_retransmit_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer); memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = - (unsigned - char)(dtls1_get_queue_priority(frag->msg_header.seq, - frag->msg_header.is_ccs) >> 8); - seq64be[7] = - (unsigned - char)(dtls1_get_queue_priority(frag->msg_header.seq, - frag->msg_header.is_ccs)); + seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs) + >> 8); + seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs)); item = pitem_new(seq64be, frag); if (item == NULL) { @@ -1172,7 +1155,11 @@ return 0; } - pqueue_insert(s->d1->sent_messages, item); + if (pqueue_insert(s->d1->sent_messages, item) == NULL) { + dtls1_hm_fragment_free(frag); + pitem_free(item); + return 0; + } return 1; } @@ -1207,13 +1194,13 @@ header_length = DTLS1_HM_HEADER_LENGTH; memcpy(s->init_buf->data, frag->fragment, - frag->msg_header.msg_len + header_length); + frag->msg_header.msg_len + header_length); s->init_num = frag->msg_header.msg_len + header_length; dtls1_set_message_header_int(s, frag->msg_header.type, - frag->msg_header.msg_len, - frag->msg_header.seq, 0, - frag->msg_header.frag_len); + frag->msg_header.msg_len, + frag->msg_header.seq, 0, + frag->msg_header.frag_len); /* save current state */ saved_state.enc_write_ctx = s->enc_write_ctx; @@ -1230,11 +1217,9 @@ s->compress = frag->msg_header.saved_retransmit_state.compress; s->session = frag->msg_header.saved_retransmit_state.session; DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer, - frag->msg_header. - saved_retransmit_state.epoch); + frag->msg_header.saved_retransmit_state.epoch); - ret = dtls1_do_write(s, frag->msg_header.is_ccs ? - SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); + ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); /* restore current state */ s->enc_write_ctx = saved_state.enc_write_ctx; @@ -1250,8 +1235,8 @@ } void dtls1_set_message_header(SSL *s, - unsigned char mt, size_t len, - size_t frag_off, size_t frag_len) + unsigned char mt, size_t len, + size_t frag_off, size_t frag_len) { if (frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; @@ -1259,14 +1244,14 @@ } dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, - frag_off, frag_len); + frag_off, frag_len); } /* don't actually do the writing, wait till the MTU has been retrieved */ static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - size_t len, unsigned short seq_num, - size_t frag_off, size_t frag_len) + size_t len, unsigned short seq_num, + size_t frag_off, size_t frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1318,7 +1303,7 @@ if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); + s->d1->handshake_write_seq, 0, 0); if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) return 0; } else { @@ -1328,7 +1313,7 @@ * filled in later */ if (!WPACKET_allocate_bytes(pkt, DTLS1_HM_HEADER_LENGTH, &header) - || !WPACKET_start_sub_packet(pkt)) + || !WPACKET_start_sub_packet(pkt)) return 0; } @@ -1340,8 +1325,8 @@ size_t msglen; if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt)) - || !WPACKET_get_length(pkt, &msglen) - || msglen > INT_MAX) + || !WPACKET_get_length(pkt, &msglen) + || msglen > INT_MAX) return 0; if (htype != SSL3_MT_CHANGE_CIPHER_SPEC) { @@ -1353,8 +1338,7 @@ if (htype != DTLS1_MT_HELLO_VERIFY_REQUEST) { /* Buffer the message to handle re-xmits */ - if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC - ? 1 : 0)) + if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC ? 1 : 0)) return 0; } --- crypto/openssl/ssl/statem/statem_lib.c.orig +++ crypto/openssl/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -46,7 +46,7 @@ size_t written = 0; ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], - s->init_num, &written); + s->init_num, &written); if (ret <= 0) return -1; if (type == SSL3_RT_HANDSHAKE) @@ -55,18 +55,16 @@ * ignore the result anyway * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added */ - if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET - && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE - && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) + if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) if (!ssl3_finish_mac(s, - (unsigned char *)&s->init_buf->data[s->init_off], - written)) + (unsigned char *)&s->init_buf->data[s->init_off], + written)) return -1; if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, - s->msg_callback_arg); + (size_t)(s->init_off + s->init_num), s, + s->msg_callback_arg); return 1; } s->init_off += written; @@ -79,8 +77,8 @@ size_t msglen; if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt)) - || !WPACKET_get_length(pkt, &msglen) - || msglen > INT_MAX) + || !WPACKET_get_length(pkt, &msglen) + || msglen > INT_MAX) return 0; s->init_num = (int)msglen; s->init_off = 0; @@ -119,11 +117,11 @@ } if (md5sha1_needed) { SSLfatal_data(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_DIGEST_ALGORITHM, - "The max supported SSL/TLS version needs the" - " MD5-SHA1 digest but it is not available" - " in the loaded providers. Use (D)TLSv1.2 or" - " above, or load different providers"); + SSL_R_NO_SUITABLE_DIGEST_ALGORITHM, + "The max supported SSL/TLS version needs the" + " MD5-SHA1 digest but it is not available" + " in the loaded providers. Use (D)TLSv1.2 or" + " above, or load different providers"); return 0; } @@ -157,8 +155,7 @@ const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); if (SSL_IS_DTLS(s)) { - if (DTLS_VERSION_GE(ver_max, c->min_dtls) && - DTLS_VERSION_LE(ver_max, c->max_dtls)) + if (DTLS_VERSION_GE(ver_max, c->min_dtls) && DTLS_VERSION_LE(ver_max, c->max_dtls)) ok = 1; } else if (ver_max >= c->min_tls && ver_max <= c->max_tls) { ok = 1; @@ -168,9 +165,9 @@ } if (!ok) { SSLfatal_data(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_CIPHERS_AVAILABLE, - "No ciphers enabled for max supported " - "SSL/TLS version"); + SSL_R_NO_CIPHERS_AVAILABLE, + "No ciphers enabled for max supported " + "SSL/TLS version"); return 0; } if (SSL_IS_FIRST_HANDSHAKE(s)) { @@ -187,7 +184,7 @@ ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_connect); else ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_connect_renegotiate); + &s->session_ctx->stats.sess_connect_renegotiate); /* mark client_random uninitialized */ memset(s->s3.client_random, 0, sizeof(s->s3.client_random)); @@ -206,21 +203,21 @@ * Size of the to-be-signed TLS13 data, without the hash size itself: * 64 bytes of value 32, 33 context bytes, 1 byte separator */ -#define TLS13_TBS_START_SIZE 64 -#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) +#define TLS13_TBS_START_SIZE 64 +#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, - void **hdata, size_t *hdatalen) + void **hdata, size_t *hdatalen) { #ifdef CHARSET_EBCDIC static const char servercontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, - 0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, - 0x69, 0x66, 0x79, 0x00 }; + 0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x00 }; static const char clientcontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, - 0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, - 0x69, 0x66, 0x79, 0x00 }; + 0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x00 }; #else static const char servercontext[] = "TLS 1.3, server CertificateVerify"; static const char clientcontext[] = "TLS 1.3, client CertificateVerify"; @@ -232,7 +229,7 @@ memset(tls13tbs, 32, TLS13_TBS_START_SIZE); /* This copies the 33 bytes of context plus the 0 separator byte */ if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY - || s->statem.hand_state == TLS_ST_SW_CERT_VRFY) + || s->statem.hand_state == TLS_ST_SW_CERT_VRFY) strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, servercontext); else strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, clientcontext); @@ -243,12 +240,12 @@ * that includes the CertVerify itself. */ if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY - || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) { + || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) { memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash, - s->cert_verify_hash_len); + s->cert_verify_hash_len); hashlen = s->cert_verify_hash_len; } else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE, - EVP_MAX_MD_SIZE, &hashlen)) { + EVP_MAX_MD_SIZE, &hashlen)) { /* SSLfatal() already called */ return 0; } @@ -311,9 +308,10 @@ } if (EVP_DigestSignInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + s->ctx->libctx, s->ctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -321,7 +319,8 @@ if (lu->sig == EVP_PKEY_RSA_PSS) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -333,8 +332,9 @@ */ if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) <= 0 + (int)s->session->master_key_length, + s->session->master_key) + <= 0 || EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); @@ -342,7 +342,7 @@ } sig = OPENSSL_malloc(siglen); if (sig == NULL - || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { + || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -357,7 +357,7 @@ } sig = OPENSSL_malloc(siglen); if (sig == NULL - || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { + || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -388,7 +388,7 @@ OPENSSL_free(sig); EVP_MD_CTX_free(mctx); return 1; - err: +err: OPENSSL_free(sig); EVP_MD_CTX_free(mctx); return 0; @@ -426,7 +426,7 @@ if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); + SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); goto err; } @@ -442,9 +442,9 @@ goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); + goto err; } if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) { @@ -454,7 +454,7 @@ if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); /* Check for broken implementations of GOST ciphersuites */ /* @@ -464,14 +464,14 @@ #ifndef OPENSSL_NO_GOST if (!SSL_USE_SIGALGS(s) && ((PACKET_remaining(pkt) == 64 - && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001 - || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256)) + && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001 + || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256)) || (PACKET_remaining(pkt) == 128 && EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_512))) { len = PACKET_remaining(pkt); } else #endif - if (!PACKET_get_net_2(pkt, &len)) { + if (!PACKET_get_net_2(pkt, &len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -491,12 +491,13 @@ } OSSL_TRACE1(TLS, "Using client verify alg %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (EVP_DigestVerifyInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + s->ctx->libctx, s->ctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -519,16 +520,18 @@ if (SSL_USE_PSS(s)) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } } if (s->version == SSL3_VERSION) { if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) <= 0) { + || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -556,7 +559,7 @@ ret = MSG_PROCESS_CONTINUE_PROCESSING; else ret = MSG_PROCESS_CONTINUE_READING; - err: +err: BIO_free(s->s3.handshake_buffer); s->s3.handshake_buffer = NULL; EVP_MD_CTX_free(mctx); @@ -581,10 +584,11 @@ * client certificate */ if (SSL_IS_TLS13(s) - && !s->server - && s->s3.tmp.cert_req == 0 - && (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {; + && !s->server + && s->s3.tmp.cert_req == 0 + && (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + ; /* SSLfatal() already called */ return 0; } @@ -598,8 +602,8 @@ } finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, - s->s3.tmp.finish_md); + sender, slen, + s->s3.tmp.finish_md); if (finish_md_len == 0) { /* SSLfatal() already called */ return 0; @@ -616,9 +620,7 @@ * Log the master secret, if logging is enabled. We don't log it for * TLSv1.3: there's a different key schedule for that. */ - if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL, - s->session->master_key, - s->session->master_key_length)) { + if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key, s->session->master_key_length)) { /* SSLfatal() already called */ return 0; } @@ -632,11 +634,11 @@ } if (!s->server) { memcpy(s->s3.previous_client_finished, s->s3.tmp.finish_md, - finish_md_len); + finish_md_len); s->s3.previous_client_finished_len = finish_md_len; } else { memcpy(s->s3.previous_server_finished, s->s3.tmp.finish_md, - finish_md_len); + finish_md_len); s->s3.previous_server_finished_len = finish_md_len; } @@ -668,7 +670,7 @@ } if (!PACKET_get_1(pkt, &updatetype) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_KEY_UPDATE); return MSG_PROCESS_ERROR; } @@ -678,7 +680,7 @@ * didn't recognise. */ if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED - && updatetype != SSL_KEY_UPDATE_REQUESTED) { + && updatetype != SSL_KEY_UPDATE_REQUESTED) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_UPDATE); return MSG_PROCESS_ERROR; } @@ -716,9 +718,8 @@ slen = s->method->ssl3_enc->client_finished_label_len; } - s->s3.tmp.peer_finish_md_len = - s->method->ssl3_enc->final_finish_mac(s, sender, slen, - s->s3.tmp.peer_finish_md); + s->s3.tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, + s->s3.tmp.peer_finish_md); if (s->s3.tmp.peer_finish_md_len == 0) { /* SSLfatal() already called */ @@ -740,7 +741,7 @@ */ if (SSL_IS_DTLS(s)) { if ((s->version == DTLS1_BAD_VER - && remain != DTLS1_CCS_HEADER_LENGTH + 1) + && remain != DTLS1_CCS_HEADER_LENGTH + 1) || (s->version != DTLS1_BAD_VER && remain != DTLS1_CCS_HEADER_LENGTH - 1)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_CHANGE_CIPHER_SPEC); @@ -788,20 +789,19 @@ { size_t md_len; - /* This is a real handshake so make sure we clean it up at the end */ if (s->server) { /* - * To get this far we must have read encrypted data from the client. We - * no longer tolerate unencrypted alerts. This value is ignored if less - * than TLSv1.3 - */ + * To get this far we must have read encrypted data from the client. We + * no longer tolerate unencrypted alerts. This value is ignored if less + * than TLSv1.3 + */ s->statem.enc_read_state = ENC_READ_STATE_VALID; if (s->post_handshake_auth != SSL_PHA_REQUESTED) s->statem.cleanuphand = 1; if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) { - /* SSLfatal() already called */ - return MSG_PROCESS_ERROR; + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; } } @@ -829,7 +829,8 @@ } if (CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, - md_len) != 0) { + md_len) + != 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DIGEST_CHECK_FAILED); return MSG_PROCESS_ERROR; } @@ -843,11 +844,11 @@ } if (s->server) { memcpy(s->s3.previous_client_finished, s->s3.tmp.peer_finish_md, - md_len); + md_len); s->s3.previous_client_finished_len = md_len; } else { memcpy(s->s3.previous_server_finished, s->s3.tmp.peer_finish_md, - md_len); + md_len); s->s3.previous_server_finished_len = md_len; } @@ -857,9 +858,7 @@ */ if (SSL_IS_TLS13(s)) { if (s->server) { - if (s->post_handshake_auth != SSL_PHA_REQUESTED && - !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { + if (s->post_handshake_auth != SSL_PHA_REQUESTED && !s->method->ssl3_enc->change_cipher_state(s, SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } @@ -909,14 +908,14 @@ return 0; } if (!WPACKET_sub_allocate_bytes_u24(pkt, len, &outbytes) - || i2d_X509(x, &outbytes) != len) { + || i2d_X509(x, &outbytes) != len) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (SSL_IS_TLS13(s) - && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x, - chain)) { + && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x, + chain)) { /* SSLfatal() already called */ return 0; } @@ -955,7 +954,7 @@ if (chain_store != NULL) { X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, - s->ctx->propq); + s->ctx->propq); if (xs_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -1044,9 +1043,9 @@ * freed up as well. */ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, - int clearbufs, int stop) + int clearbufs, int stop) { - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; int cleanuphand = s->statem.cleanuphand; if (clearbufs) { @@ -1060,7 +1059,7 @@ */ || BIO_dgram_is_sctp(SSL_get_wbio(s)) #endif - ) { + ) { /* * We don't do this in DTLS over UDP because we may still need the init_buf * in case there are any unexpected retransmits @@ -1077,7 +1076,7 @@ } if (SSL_IS_TLS13(s) && !s->server - && s->post_handshake_auth == SSL_PHA_REQUESTED) + && s->post_handshake_auth == SSL_PHA_REQUESTED) s->post_handshake_auth = SSL_PHA_EXT_SENT; /* @@ -1111,7 +1110,8 @@ * so we remove this one from the cache. */ if ((s->session_ctx->session_cache_mode - & SSL_SESS_CACHE_CLIENT) != 0) + & SSL_SESS_CACHE_CLIENT) + != 0) SSL_CTX_remove_session(s->session_ctx, s->session); } else { /* @@ -1122,11 +1122,11 @@ } if (s->hit) ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_hit); + &s->session_ctx->stats.sess_hit); s->handshake_func = ossl_statem_connect; ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_connect_good); + &s->session_ctx->stats.sess_connect_good); } if (SSL_IS_DTLS(s)) { @@ -1148,8 +1148,8 @@ if (cb != NULL) { if (cleanuphand - || !SSL_IS_TLS13(s) - || SSL_IS_FIRST_HANDSHAKE(s)) + || !SSL_IS_TLS13(s) + || SSL_IS_FIRST_HANDSHAKE(s)) cb(s, SSL_CB_HANDSHAKE_DONE, 1); } @@ -1174,9 +1174,9 @@ do { while (s->init_num < SSL3_HM_HEADER_LENGTH) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, - &p[s->init_num], - SSL3_HM_HEADER_LENGTH - s->init_num, - 0, &readbytes); + &p[s->init_num], + SSL3_HM_HEADER_LENGTH - s->init_num, + 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; return 0; @@ -1188,11 +1188,11 @@ */ if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_BAD_CHANGE_CIPHER_SPEC); + SSL_R_BAD_CHANGE_CIPHER_SPEC); return 0; } if (s->statem.hand_state == TLS_ST_BEFORE - && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) { + && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) { /* * We are stateless and we received a CCS. Probably this is * from a client between the first and second ClientHellos. @@ -1209,7 +1209,7 @@ return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_CCS_RECEIVED_EARLY); + SSL_R_CCS_RECEIVED_EARLY); return 0; } s->init_num += readbytes; @@ -1218,7 +1218,7 @@ skip_message = 0; if (!s->server) if (s->statem.hand_state != TLS_ST_OK - && p[0] == SSL3_MT_HELLO_REQUEST) + && p[0] == SSL3_MT_HELLO_REQUEST) /* * The server may always send 'Hello Request' messages -- * we are doing a handshake anyway now, so ignore them if @@ -1231,8 +1231,8 @@ if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, SSL3_HM_HEADER_LENGTH, s, - s->msg_callback_arg); + p, SSL3_HM_HEADER_LENGTH, s, + s->msg_callback_arg); } } while (skip_message); /* s->init_num == SSL3_HM_HEADER_LENGTH */ @@ -1259,7 +1259,7 @@ /* BUF_MEM_grow takes an 'int' parameter */ if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSL_R_EXCESSIVE_MESSAGE_SIZE); return 0; } s->s3.tmp.message_size = l; @@ -1287,7 +1287,7 @@ n = s->s3.tmp.message_size - s->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[s->init_num], n, 0, &readbytes); + &p[s->init_num], n, 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; *len = 0; @@ -1310,14 +1310,14 @@ /* Feed this message into MAC computation. */ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num)) { + s->init_num)) { /* SSLfatal() already called */ *len = 0; return 0; } if (s->msg_callback) s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, - (size_t)s->init_num, s, s->msg_callback_arg); + (size_t)s->init_num, s, s->msg_callback_arg); } else { /* * We defer feeding in the HRR until later. We'll do it as part of @@ -1325,17 +1325,17 @@ * The TLsv1.3 handshake transcript stops at the ClientFinished * message. */ -#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) +#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) /* KeyUpdate and NewSessionTicket do not need to be added */ - if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET - && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { + if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO - || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE - || memcmp(hrrrandom, - s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, - SSL3_RANDOM_SIZE) != 0) { + || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE + || memcmp(hrrrandom, + s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, + SSL3_RANDOM_SIZE) + != 0) { if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { + s->init_num + SSL3_HM_HEADER_LENGTH)) { /* SSLfatal() already called */ *len = 0; return 0; @@ -1344,8 +1344,8 @@ } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, - s->msg_callback_arg); + (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, + s->msg_callback_arg); } *len = s->init_num; @@ -1353,49 +1353,49 @@ } static const X509ERR2ALERT x509table[] = { - {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, - {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, - {X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED}, - {X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, - {X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, - {X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, - {X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE}, - {X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR}, + { X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE }, + { X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED }, + { X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED }, + { X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR }, + { X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED }, + { X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR }, + { X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE }, + { X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR }, /* Last entry; return this if we don't find the value above. */ - {X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN} + { X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN } }; int ssl_x509err2alert(int x509err) @@ -1428,63 +1428,63 @@ typedef struct { int version; - const SSL_METHOD *(*cmeth) (void); - const SSL_METHOD *(*smeth) (void); + const SSL_METHOD *(*cmeth)(void); + const SSL_METHOD *(*smeth)(void); } version_info; #if TLS_MAX_VERSION_INTERNAL != TLS1_3_VERSION -# error Code needs update for TLS_method() support beyond TLS1_3_VERSION. +#error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif /* Must be in order high to low */ static const version_info tls_version_table[] = { #ifndef OPENSSL_NO_TLS1_3 - {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, + { TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method }, #else - {TLS1_3_VERSION, NULL, NULL}, + { TLS1_3_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1_2 - {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, + { TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method }, #else - {TLS1_2_VERSION, NULL, NULL}, + { TLS1_2_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1_1 - {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method}, + { TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method }, #else - {TLS1_1_VERSION, NULL, NULL}, + { TLS1_1_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1 - {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method}, + { TLS1_VERSION, tlsv1_client_method, tlsv1_server_method }, #else - {TLS1_VERSION, NULL, NULL}, + { TLS1_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_SSL3 - {SSL3_VERSION, sslv3_client_method, sslv3_server_method}, + { SSL3_VERSION, sslv3_client_method, sslv3_server_method }, #else - {SSL3_VERSION, NULL, NULL}, + { SSL3_VERSION, NULL, NULL }, #endif - {0, NULL, NULL}, + { 0, NULL, NULL }, }; #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION -# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. +#error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. #endif /* Must be in order high to low */ static const version_info dtls_version_table[] = { #ifndef OPENSSL_NO_DTLS1_2 - {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method}, + { DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method }, #else - {DTLS1_2_VERSION, NULL, NULL}, + { DTLS1_2_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_DTLS1 - {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method}, - {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL}, + { DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method }, + { DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL }, #else - {DTLS1_VERSION, NULL, NULL}, - {DTLS1_BAD_VER, NULL, NULL}, + { DTLS1_VERSION, NULL, NULL }, + { DTLS1_BAD_VER, NULL, NULL }, #endif - {0, NULL, NULL}, + { 0, NULL, NULL }, }; /* @@ -1499,13 +1499,10 @@ { int version = method->version; - if ((s->min_proto_version != 0 && - version_cmp(s, version, s->min_proto_version) < 0) || - ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) + if ((s->min_proto_version != 0 && version_cmp(s, version, s->min_proto_version) < 0) || ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) return SSL_R_VERSION_TOO_LOW; - if (s->max_proto_version != 0 && - version_cmp(s, version, s->max_proto_version) > 0) + if (s->max_proto_version != 0 && version_cmp(s, version, s->max_proto_version) > 0) return SSL_R_VERSION_TOO_HIGH; if ((s->options & method->mask) != 0) @@ -1534,7 +1531,7 @@ * cb is set then we just assume TLSv1.3 will be ok */ if (s->ctx->ext.servername_cb != NULL - || s->session_ctx->ext.servername_cb != NULL) + || s->session_ctx->ext.servername_cb != NULL) return 1; #ifndef OPENSSL_NO_PSK @@ -1600,14 +1597,14 @@ } for (vent = table; - vent->version != 0 && version_cmp(s, version, vent->version) <= 0; - ++vent) { + vent->version != 0 && version_cmp(s, version, vent->version) <= 0; + ++vent) { if (vent->cmeth != NULL - && version_cmp(s, version, vent->version) == 0 - && ssl_method_error(s, vent->cmeth()) == 0 - && (!s->server - || version != TLS1_3_VERSION - || is_tls13_capable(s))) { + && version_cmp(s, version, vent->version) == 0 + && ssl_method_error(s, vent->cmeth()) == 0 + && (!s->server + || version != TLS1_3_VERSION + || is_tls13_capable(s))) { if (meth != NULL) *meth = vent->cmeth(); return 1; @@ -1681,9 +1678,7 @@ } valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION_INTERNAL; - valid_dtls = - DTLS_VERSION_LE(version, DTLS_MAX_VERSION_INTERNAL) && - DTLS_VERSION_GE(version, DTLS1_BAD_VER); + valid_dtls = DTLS_VERSION_LE(version, DTLS_MAX_VERSION_INTERNAL) && DTLS_VERSION_GE(version, DTLS1_BAD_VER); if (!valid_tls && !valid_dtls) return 0; @@ -1722,18 +1717,18 @@ static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd) { if (vers == TLS1_2_VERSION - && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { + && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { *dgrd = DOWNGRADE_TO_1_2; } else if (!SSL_IS_DTLS(s) - && vers < TLS1_2_VERSION - /* - * We need to ensure that a server that disables TLSv1.2 - * (creating a hole between TLSv1.3 and TLSv1.1) can still - * complete handshakes with clients that support TLSv1.2 and - * below. Therefore we do not enable the sentinel if TLSv1.3 is - * enabled and TLSv1.2 is not. - */ - && ssl_version_supported(s, TLS1_2_VERSION, NULL)) { + && vers < TLS1_2_VERSION + /* + * We need to ensure that a server that disables TLSv1.2 + * (creating a hole between TLSv1.3 and TLSv1.1) can still + * complete handshakes with clients that support TLSv1.2 and + * below. Therefore we do not enable the sentinel if TLSv1.3 is + * enabled and TLSv1.2 is not. + */ + && ssl_version_supported(s, TLS1_2_VERSION, NULL)) { *dgrd = DOWNGRADE_TO_1_1; } else { *dgrd = DOWNGRADE_NONE; @@ -1871,8 +1866,7 @@ for (vent = table; vent->version != 0; ++vent) { const SSL_METHOD *method; - if (vent->smeth == NULL || - version_cmp(s, client_version, vent->version) < 0) + if (vent->smeth == NULL || version_cmp(s, client_version, vent->version) < 0) continue; method = vent->smeth(); if (ssl_method_error(s, method) == 0) { @@ -1908,15 +1902,16 @@ /* This will overwrite s->version if the extension is present */ if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions, - SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO, extensions, - NULL, 0)) { + SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO, + extensions, + NULL, 0)) { s->version = origv; return 0; } if (s->hello_retry_request != SSL_HRR_NONE - && s->version != TLS1_3_VERSION) { + && s->version != TLS1_3_VERSION) { s->version = origv; SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); return 0; @@ -1967,26 +1962,29 @@ real_max = ver_max; /* Check for downgrades */ - if (s->version == TLS1_2_VERSION && real_max > s->version) { - if (memcmp(tls12downgrade, - s->s3.server_random + SSL3_RANDOM_SIZE - - sizeof(tls12downgrade), - sizeof(tls12downgrade)) == 0) { + if (!SSL_IS_DTLS(s) && real_max > s->version) { + /* Signal applies to all versions */ + if (memcmp(tls11downgrade, + s->s3.server_random + SSL3_RANDOM_SIZE + - sizeof(tls11downgrade), + sizeof(tls11downgrade)) + == 0) { s->version = origv; SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); return 0; } - } else if (!SSL_IS_DTLS(s) - && s->version < TLS1_2_VERSION - && real_max > s->version) { - if (memcmp(tls11downgrade, + /* Only when accepting TLS1.3 */ + if (real_max == TLS1_3_VERSION + && memcmp(tls12downgrade, s->s3.server_random + SSL3_RANDOM_SIZE - - sizeof(tls11downgrade), - sizeof(tls11downgrade)) == 0) { + - sizeof(tls12downgrade), + sizeof(tls12downgrade)) + == 0) { + s->version = origv; SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); return 0; } } @@ -2027,7 +2025,7 @@ * min_version and max_version will also be set to 0. */ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, - int *real_max) + int *real_max) { int version, tmp_real_max; int hole; @@ -2166,7 +2164,7 @@ * 1) or 0 otherwise. */ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, - size_t num_groups, int checkallow) + size_t num_groups, int checkallow) { size_t i; @@ -2177,8 +2175,8 @@ uint16_t group = groups[i]; if (group_id == group - && (!checkallow - || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { + && (!checkallow + || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { return 1; } } @@ -2188,8 +2186,8 @@ /* Replace ClientHello1 in the transcript hash with a synthetic message */ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, - size_t hashlen, const unsigned char *hrr, - size_t hrrlen) + size_t hashlen, const unsigned char *hrr, + size_t hrrlen) { unsigned char hashvaltmp[EVP_MAX_MD_SIZE]; unsigned char msghdr[SSL3_HM_HEADER_LENGTH]; @@ -2201,8 +2199,8 @@ hashlen = 0; /* Get the hash of the initial ClientHello */ if (!ssl3_digest_cached_records(s, 0) - || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), - &hashlen)) { + || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), + &hashlen)) { /* SSLfatal() already called */ return 0; } @@ -2218,7 +2216,7 @@ msghdr[0] = SSL3_MT_MESSAGE_HASH; msghdr[SSL3_HM_HEADER_LENGTH - 1] = (unsigned char)hashlen; if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH) - || !ssl3_finish_mac(s, hashval, hashlen)) { + || !ssl3_finish_mac(s, hashval, hashlen)) { /* SSLfatal() already called */ return 0; } @@ -2229,10 +2227,10 @@ * receiving a ClientHello2 with a cookie. */ if (hrr != NULL - && (!ssl3_finish_mac(s, hrr, hrrlen) - || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->s3.tmp.message_size - + SSL3_HM_HEADER_LENGTH))) { + && (!ssl3_finish_mac(s, hrr, hrrlen) + || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, + s->s3.tmp.message_size + + SSL3_HM_HEADER_LENGTH))) { /* SSLfatal() already called */ return 0; } @@ -2293,7 +2291,7 @@ return 1; - err: +err: sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); X509_NAME_free(xn); return 0; @@ -2301,7 +2299,8 @@ const STACK_OF(X509_NAME) *get_ca_names(SSL *s) { - const STACK_OF(X509_NAME) *ca_sk = NULL;; + const STACK_OF(X509_NAME) *ca_sk = NULL; + ; if (s->server) { ca_sk = SSL_get_client_CA_list(s); @@ -2332,10 +2331,10 @@ int namelen; if (name == NULL - || (namelen = i2d_X509_NAME(name, NULL)) < 0 - || !WPACKET_sub_allocate_bytes_u16(pkt, namelen, - &namebytes) - || i2d_X509_NAME(name, &namebytes) != namelen) { + || (namelen = i2d_X509_NAME(name, NULL)) < 0 + || !WPACKET_sub_allocate_bytes_u16(pkt, namelen, + &namebytes) + || i2d_X509_NAME(name, &namebytes) != namelen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2352,7 +2351,7 @@ /* Create a buffer containing data to be signed for server key exchange */ size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, - const void *param, size_t paramlen) + const void *param, size_t paramlen) { size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen; unsigned char *tbs = OPENSSL_malloc(tbslen); @@ -2387,7 +2386,7 @@ return 0; } if (!EVP_MD_CTX_copy_ex(s->pha_dgst, - s->s3.handshake_dgst)) { + s->s3.handshake_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_MD_CTX_free(s->pha_dgst); s->pha_dgst = NULL; @@ -2408,7 +2407,7 @@ return 0; } if (!EVP_MD_CTX_copy_ex(s->s3.handshake_dgst, - s->pha_dgst)) { + s->pha_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } --- crypto/openssl/ssl/statem/statem_local.h.orig +++ crypto/openssl/ssl/statem/statem_local.h @@ -18,28 +18,28 @@ /* The spec allows for a longer length than this, but we limit it */ #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 -#define END_OF_EARLY_DATA_MAX_LENGTH 0 -#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 +#define END_OF_EARLY_DATA_MAX_LENGTH 0 +#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 #define SESSION_TICKET_MAX_LENGTH_TLS13 131338 #define SESSION_TICKET_MAX_LENGTH_TLS12 65541 -#define SERVER_KEY_EXCH_MAX_LENGTH 102400 -#define SERVER_HELLO_DONE_MAX_LENGTH 0 -#define KEY_UPDATE_MAX_LENGTH 1 -#define CCS_MAX_LENGTH 1 +#define SERVER_KEY_EXCH_MAX_LENGTH 102400 +#define SERVER_HELLO_DONE_MAX_LENGTH 0 +#define KEY_UPDATE_MAX_LENGTH 1 +#define CCS_MAX_LENGTH 1 /* Max ServerHello size permitted by RFC 8446 */ -#define SERVER_HELLO_MAX_LENGTH 65607 +#define SERVER_HELLO_MAX_LENGTH 65607 /* Max should actually be 36 but we are generous */ -#define FINISHED_MAX_LENGTH 64 +#define FINISHED_MAX_LENGTH 64 /* Dummy message type */ -#define SSL3_MT_DUMMY -1 +#define SSL3_MT_DUMMY -1 /* Invalid extension ID for non-supported extensions */ -#define TLSEXT_TYPE_invalid 0x10000 -#define TLSEXT_TYPE_out_of_range 0x10001 +#define TLSEXT_TYPE_invalid 0x10000 +#define TLSEXT_TYPE_out_of_range 0x10001 unsigned int ossl_get_extension_type(size_t idx); extern const unsigned char hrrrandom[]; @@ -59,19 +59,19 @@ MSG_PROCESS_CONTINUE_READING } MSG_PROCESS_RETURN; -typedef int (*confunc_f) (SSL *s, WPACKET *pkt); +typedef int (*confunc_f)(SSL *s, WPACKET *pkt); int ssl3_take_mac(SSL *s); int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, - size_t num_groups, int checkallow); + size_t num_groups, int checkallow); int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, - size_t hashlen, const unsigned char *hrr, - size_t hrrlen); + size_t hashlen, const unsigned char *hrr, + size_t hrrlen); int parse_ca_names(SSL *s, PACKET *pkt); const STACK_OF(X509_NAME) *get_ca_names(SSL *s); int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt); size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, - const void *param, size_t paramlen); + const void *param, size_t paramlen); /* * TLS/DTLS client state machine functions @@ -81,7 +81,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, - confunc_f *confunc, int *mt); + confunc_f *confunc, int *mt); size_t ossl_statem_client_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst); @@ -94,7 +94,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, - confunc_f *confunc,int *mt); + confunc_f *confunc, int *mt); size_t ossl_statem_server_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); @@ -116,7 +116,7 @@ __owur int tls_construct_key_update(SSL *s, WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt); __owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, - int stop); + int stop); __owur WORK_STATE dtls_wait_for_dry(SSL *s); /* some client-only functions */ @@ -180,249 +180,249 @@ } EXT_RETURN; __owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx, - RAW_EXTENSION *exts); + RAW_EXTENSION *exts); __owur int extension_is_relevant(SSL *s, unsigned int extctx, - unsigned int thisctx); + unsigned int thisctx); __owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, size_t *len, int init); + RAW_EXTENSION **res, size_t *len, int init); __owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, - RAW_EXTENSION *exts, X509 *x, size_t chainidx); + RAW_EXTENSION *exts, X509 *x, size_t chainidx); __owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, - X509 *x, size_t chainidx, int fin); + X509 *x, size_t chainidx, int fin); __owur int should_add_extension(SSL *s, unsigned int extctx, - unsigned int thisctx, int max_version); + unsigned int thisctx, int max_version); __owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); __owur int tls_psk_do_binder(SSL *s, const EVP_MD *md, - const unsigned char *msgstart, - size_t binderoffset, const unsigned char *binderin, - unsigned char *binderout, - SSL_SESSION *sess, int sign, int external); + const unsigned char *msgstart, + size_t binderoffset, const unsigned char *binderin, + unsigned char *binderout, + SSL_SESSION *sess, int sign, int external); /* Server Extension processing */ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidxl); + X509 *x, size_t chainidxl); int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #ifndef OPENSSL_NO_OCSP int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #ifndef OPENSSL_NO_SRTP int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* * Not in public headers as this is not an official extension. Only used when * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. */ -#define TLSEXT_TYPE_cryptopro_bug 0xfde8 +#define TLSEXT_TYPE_cryptopro_bug 0xfde8 EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* Client Extension processing */ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_CT EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_CT int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #ifndef OPENSSL_NO_SRTP int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_handle_alpn(SSL *s); --- crypto/openssl/ssl/statem/statem_srvr.c.orig +++ crypto/openssl/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -27,18 +27,18 @@ #include #include -#define TICKET_NONCE_SIZE 8 +#define TICKET_NONCE_SIZE 8 typedef struct { - ASN1_TYPE *kxBlob; - ASN1_TYPE *opaqueBlob; + ASN1_TYPE *kxBlob; + ASN1_TYPE *opaqueBlob; } GOST_KX_MESSAGE; DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE) ASN1_SEQUENCE(GOST_KX_MESSAGE) = { - ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY), - ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY), + ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY), + ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY), } ASN1_SEQUENCE_END(GOST_KX_MESSAGE) IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE) @@ -128,7 +128,7 @@ break; if (mt == SSL3_MT_CERTIFICATE - && s->post_handshake_auth == SSL_PHA_REQUESTED) { + && s->post_handshake_auth == SSL_PHA_REQUESTED) { st->hand_state = TLS_ST_SR_CERT; return 1; } @@ -198,7 +198,7 @@ * cert. */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); return 0; } st->hand_state = TLS_ST_SR_KEY_EXCH; @@ -293,7 +293,7 @@ break; } - err: +err: /* No valid transition found */ if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; @@ -333,10 +333,10 @@ * key exchange. */ if (alg_k & (SSL_kDHE | SSL_kECDHE) - /* - * PSK: send ServerKeyExchange if PSK identity hint if - * provided - */ + /* + * PSK: send ServerKeyExchange if PSK identity hint if + * provided + */ #ifndef OPENSSL_NO_PSK /* Only send SKE if we have identity hint for plain PSK */ || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) @@ -348,7 +348,7 @@ /* SRP: send ServerKeyExchange */ || (alg_k & SSL_kSRP) #endif - ) { + ) { return 1; } @@ -365,39 +365,38 @@ int send_certificate_request(SSL *s) { if ( - /* don't request cert unless asked for it: */ - s->verify_mode & SSL_VERIFY_PEER - /* - * don't request if post-handshake-only unless doing - * post-handshake in TLSv1.3: - */ - && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) - || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) - /* - * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert - * a second time: - */ - && (s->certreqs_sent < 1 || - !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) - /* - * never request cert in anonymous ciphersuites (see - * section "Certificate request" in SSL 3 drafts and in - * RFC 2246): - */ - && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) - /* - * ... except when the application insists on - * verification (against the specs, but statem_clnt.c accepts - * this for SSL 3) - */ - || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) - /* don't request certificate for SRP auth */ - && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP) - /* - * With normal PSK Certificates and Certificate Requests - * are omitted - */ - && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) { + /* don't request cert unless asked for it: */ + s->verify_mode & SSL_VERIFY_PEER + /* + * don't request if post-handshake-only unless doing + * post-handshake in TLSv1.3: + */ + && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) + || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) + /* + * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert + * a second time: + */ + && (s->certreqs_sent < 1 || !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) + /* + * never request cert in anonymous ciphersuites (see + * section "Certificate request" in SSL 3 drafts and in + * RFC 2246): + */ + && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) + /* + * ... except when the application insists on + * verification (against the specs, but statem_clnt.c accepts + * this for SSL 3) + */ + || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) + /* don't request certificate for SRP auth */ + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP) + /* + * With normal PSK Certificates and Certificate Requests + * are omitted + */ + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) { return 1; } @@ -446,7 +445,7 @@ case TLS_ST_SW_SRVR_HELLO: if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request != SSL_HRR_COMPLETE) + && s->hello_retry_request != SSL_HRR_COMPLETE) st->hand_state = TLS_ST_SW_CHANGE; else if (s->hello_retry_request == SSL_HRR_PENDING) st->hand_state = TLS_ST_EARLY_DATA; @@ -606,8 +605,7 @@ } else { /* Check if it is anon DH or anon ECDH, */ /* normal PSK or SRP */ - if (!(s->s3.tmp.new_cipher->algorithm_auth & - (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { + if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { st->hand_state = TLS_ST_SW_CERT; } else if (send_server_key_exchange(s)) { st->hand_state = TLS_ST_SW_KEY_EXCH; @@ -724,7 +722,7 @@ case TLS_ST_SW_SESSION_TICKET: if (SSL_IS_TLS13(s) && s->sent_tickets == 0 - && s->ext.extra_tickets_expected == 0) { + && s->ext.extra_tickets_expected == 0) { /* * Actually this is the end of the handshake, but we're going * straight into writing the session ticket out. So we finish off @@ -770,7 +768,7 @@ case TLS_ST_EARLY_DATA: if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING - && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) + && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return WORK_FINISHED_CONTINUE; /* Fall through */ @@ -844,7 +842,7 @@ case TLS_ST_SW_SRVR_HELLO: if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) { if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0 - && statem_flush(s) != 1) + && statem_flush(s) != 1) return WORK_MORE_A; break; } @@ -859,7 +857,7 @@ * SCTP used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -867,20 +865,21 @@ labellen += 1; if (SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, - 0) <= 0) { + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, + 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } #endif if (!SSL_IS_TLS13(s) - || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request != SSL_HRR_COMPLETE)) + || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 + && s->hello_retry_request != SSL_HRR_COMPLETE)) break; /* Fall through */ @@ -894,14 +893,14 @@ if (SSL_IS_TLS13(s)) { if (!s->method->ssl3_enc->setup_key_block(s) || !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED && !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -921,12 +920,11 @@ * no SCTP used. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_SERVER_WRITE)) - { + SSL3_CHANGE_CIPHER_SERVER_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -950,19 +948,19 @@ * no SCTP used. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (SSL_IS_TLS13(s)) { /* TLS 1.3 gets the secret size from the handshake md */ size_t dummy; if (!s->method->ssl3_enc->generate_master_secret(s, - s->master_secret, s->handshake_secret, 0, - &dummy) + s->master_secret, s->handshake_secret, 0, + &dummy) || !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) - /* SSLfatal() already called */ - return WORK_ERROR; + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) + /* SSLfatal() already called */ + return WORK_ERROR; } break; @@ -986,7 +984,7 @@ clear_sys_error(); if (SSL_IS_TLS13(s) && statem_flush(s) != 1) { if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL - && conn_is_closed()) { + && conn_is_closed()) { /* * We ignore connection closed errors in TLSv1.3 when sending a * NewSessionTicket and behave as if we were successful. This is @@ -1015,7 +1013,7 @@ * 0: Error */ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, - confunc_f *confunc, int *mt) + confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; @@ -1059,7 +1057,6 @@ *mt = SSL3_MT_CERTIFICATE_VERIFY; break; - case TLS_ST_SW_KEY_EXCH: *confunc = tls_construct_server_key_exchange; *mt = SSL3_MT_SERVER_KEY_EXCHANGE; @@ -1124,10 +1121,10 @@ * 2 + # length of extensions * 2^16-1 # maximum length of extensions */ -#define CLIENT_HELLO_MAX_LENGTH 131396 +#define CLIENT_HELLO_MAX_LENGTH 131396 -#define CLIENT_KEY_EXCH_MAX_LENGTH 2048 -#define NEXT_PROTO_MAX_LENGTH 514 +#define CLIENT_KEY_EXCH_MAX_LENGTH 2048 +#define NEXT_PROTO_MAX_LENGTH 514 /* * Returns the maximum allowed length for the current message that we are @@ -1214,7 +1211,6 @@ case TLS_ST_SR_KEY_UPDATE: return tls_process_key_update(s, pkt); - } } @@ -1247,15 +1243,14 @@ int ret; int al = SSL_AD_UNRECOGNIZED_NAME; - if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) && - (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { + if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { if (s->srp_ctx.login == NULL) { /* * RFC 5054 says SHOULD reject, we do so if There is no srp * login name */ SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY, - SSL_R_PSK_IDENTITY_NOT_FOUND); + SSL_R_PSK_IDENTITY_NOT_FOUND); return -1; } else { ret = ssl_srp_server_param_with_username_intern(s, &al); @@ -1263,9 +1258,9 @@ return 0; if (ret == SSL3_AL_FATAL) { SSLfatal(s, al, - al == SSL_AD_UNKNOWN_PSK_IDENTITY - ? SSL_R_PSK_IDENTITY_NOT_FOUND - : SSL_R_CLIENTHELLO_TLSEXT); + al == SSL_AD_UNKNOWN_PSK_IDENTITY + ? SSL_R_PSK_IDENTITY_NOT_FOUND + : SSL_R_CLIENTHELLO_TLSEXT); return -1; } } @@ -1275,11 +1270,11 @@ #endif int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - size_t cookie_len) + size_t cookie_len) { /* Always use DTLS 1.0 version: see RFC 6347 */ if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION) - || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len)) + || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len)) return 0; return 1; @@ -1288,17 +1283,14 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) { unsigned int cookie_leni; - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &cookie_leni) == 0 || - cookie_leni > DTLS1_COOKIE_LENGTH) { + if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, s->d1->cookie, &cookie_leni) == 0 || cookie_leni > DTLS1_COOKIE_LENGTH) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return 0; } s->d1->cookie_len = cookie_leni; if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie, - s->d1->cookie_len)) { + s->d1->cookie_len)) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); return 0; } @@ -1323,26 +1315,42 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) { static const unsigned char kSafariExtensionsBlock[] = { - 0x00, 0x0a, /* elliptic_curves extension */ - 0x00, 0x08, /* 8 bytes */ - 0x00, 0x06, /* 6 bytes of curve ids */ - 0x00, 0x17, /* P-256 */ - 0x00, 0x18, /* P-384 */ - 0x00, 0x19, /* P-521 */ - - 0x00, 0x0b, /* ec_point_formats */ - 0x00, 0x02, /* 2 bytes */ - 0x01, /* 1 point format */ - 0x00, /* uncompressed */ + 0x00, + 0x0a, /* elliptic_curves extension */ + 0x00, + 0x08, /* 8 bytes */ + 0x00, + 0x06, /* 6 bytes of curve ids */ + 0x00, + 0x17, /* P-256 */ + 0x00, + 0x18, /* P-384 */ + 0x00, + 0x19, /* P-521 */ + + 0x00, + 0x0b, /* ec_point_formats */ + 0x00, + 0x02, /* 2 bytes */ + 0x01, /* 1 point format */ + 0x00, /* uncompressed */ /* The following is only present in TLS 1.2 */ - 0x00, 0x0d, /* signature_algorithms */ - 0x00, 0x0c, /* 12 bytes */ - 0x00, 0x0a, /* 10 bytes */ - 0x05, 0x01, /* SHA-384/RSA */ - 0x04, 0x01, /* SHA-256/RSA */ - 0x02, 0x01, /* SHA-1/RSA */ - 0x04, 0x03, /* SHA-256/ECDSA */ - 0x02, 0x03, /* SHA-1/ECDSA */ + 0x00, + 0x0d, /* signature_algorithms */ + 0x00, + 0x0c, /* 12 bytes */ + 0x00, + 0x0a, /* 10 bytes */ + 0x05, + 0x01, /* SHA-384/RSA */ + 0x04, + 0x01, /* SHA-256/RSA */ + 0x02, + 0x01, /* SHA-1/RSA */ + 0x04, + 0x03, /* SHA-256/ECDSA */ + 0x02, + 0x03, /* SHA-1/ECDSA */ }; /* Length of the common prefix (first two extensions). */ static const size_t kSafariCommonExtensionsLength = 18; @@ -1361,16 +1369,15 @@ if (type != TLSEXT_TYPE_server_name) return; - ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? - sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; + ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, - ext_len); + ext_len); } -#define RENEG_OPTIONS_OK(options) \ +#define RENEG_OPTIONS_OK(options) \ ((options & SSL_OP_NO_RENEGOTIATION) == 0 \ - && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0) + && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0) MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) { @@ -1386,9 +1393,10 @@ goto err; } if (!RENEG_OPTIONS_OK(s->options) - || (!s->s3.send_connection_binding - && (s->options - & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) { + || (!s->s3.send_connection_binding + && (s->options + & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + == 0)) { ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); return MSG_PROCESS_FINISHED_READING; } @@ -1412,7 +1420,7 @@ unsigned int mt; if (!SSL_IS_FIRST_HANDSHAKE(s) - || s->hello_retry_request != SSL_HRR_NONE) { + || s->hello_retry_request != SSL_HRR_NONE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto err; } @@ -1472,7 +1480,7 @@ } if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites, - ciphersuite_len) + ciphersuite_len) || !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len) || !PACKET_get_sub_packet(pkt, &challenge, challenge_len) /* No extensions. */ @@ -1488,11 +1496,11 @@ * sizeof(clienthello->random) does. */ challenge_len = challenge_len > SSL3_RANDOM_SIZE - ? SSL3_RANDOM_SIZE : challenge_len; + ? SSL3_RANDOM_SIZE + : challenge_len; memset(clienthello->random, 0, SSL3_RANDOM_SIZE); if (!PACKET_copy_bytes(&challenge, - clienthello->random + SSL3_RANDOM_SIZE - - challenge_len, challenge_len) + clienthello->random + SSL3_RANDOM_SIZE - challenge_len, challenge_len) /* Advertise only null compression. */ || !PACKET_buf_init(&compression, &null_compression, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1505,8 +1513,8 @@ if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE) || !PACKET_get_length_prefixed_1(pkt, &session_id) || !PACKET_copy_all(&session_id, clienthello->session_id, - SSL_MAX_SSL_SESSION_ID_LENGTH, - &clienthello->session_id_len)) { + SSL_MAX_SSL_SESSION_ID_LENGTH, + &clienthello->session_id_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -1517,8 +1525,8 @@ goto err; } if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie, - DTLS1_COOKIE_LENGTH, - &clienthello->dtls_cookie_len)) { + DTLS1_COOKIE_LENGTH, + &clienthello->dtls_cookie_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1550,7 +1558,7 @@ PACKET_null_init(&clienthello->extensions); } else { if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -1558,8 +1566,8 @@ } if (!PACKET_copy_all(&compression, clienthello->compressions, - MAX_COMPRESSIONS_SIZE, - &clienthello->compressions_len)) { + MAX_COMPRESSIONS_SIZE, + &clienthello->compressions_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1567,8 +1575,8 @@ /* Preserve the raw extensions PACKET for later use */ extensions = clienthello->extensions; if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO, - &clienthello->pre_proc_exts, - &clienthello->pre_proc_exts_len, 1)) { + &clienthello->pre_proc_exts, + &clienthello->pre_proc_exts_len, 1)) { /* SSLfatal already been called */ goto err; } @@ -1576,7 +1584,7 @@ return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: if (clienthello != NULL) OPENSSL_free(clienthello->pre_proc_exts); OPENSSL_free(clienthello); @@ -1624,8 +1632,8 @@ if (clienthello->isv2) { if (clienthello->legacy_version == SSL2_VERSION - || (clienthello->legacy_version & 0xff00) - != (SSL3_VERSION_MAJOR << 8)) { + || (clienthello->legacy_version & 0xff00) + != (SSL3_VERSION_MAJOR << 8)) { /* * This is real SSLv2 or something completely unknown. We don't * support it. @@ -1642,8 +1650,7 @@ */ if (!SSL_IS_DTLS(s)) { protverr = ssl_choose_server_version(s, clienthello, &dgrd); - } else if (s->method->version != DTLS_ANY_VERSION && - DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) { + } else if (s->method->version != DTLS_ANY_VERSION && DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) { protverr = SSL_R_VERSION_TOO_LOW; } else { protverr = 0; @@ -1669,16 +1676,18 @@ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (s->ctx->app_verify_cookie_cb != NULL) { if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie, - clienthello->dtls_cookie_len) == 0) { + clienthello->dtls_cookie_len) + == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_COOKIE_MISMATCH); + SSL_R_COOKIE_MISMATCH); goto err; /* else cookie verification succeeded */ } /* default verification */ } else if (s->d1->cookie_len != clienthello->dtls_cookie_len - || memcmp(clienthello->dtls_cookie, s->d1->cookie, - s->d1->cookie_len) != 0) { + || memcmp(clienthello->dtls_cookie, s->d1->cookie, + s->d1->cookie_len) + != 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_COOKIE_MISMATCH); goto err; } @@ -1697,9 +1706,9 @@ s->hit = 0; if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites, - clienthello->isv2) || - !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs, - clienthello->isv2, 1)) { + clienthello->isv2) + || !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs, + clienthello->isv2, 1)) { /* SSLfatal() already called */ goto err; } @@ -1707,18 +1716,17 @@ s->s3.send_connection_binding = 0; /* Check what signalling cipher-suite values were received. */ if (scsvs != NULL) { - for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { + for (i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { c = sk_SSL_CIPHER_value(scsvs, i); if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) { if (s->renegotiate) { /* SCSV is fatal if renegotiating */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); goto err; } s->s3.send_connection_binding = 1; - } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && - !ssl_check_version_downgrade(s)) { + } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && !ssl_check_version_downgrade(s)) { /* * This SCSV indicates that the client previously tried * a higher version. We should fail if the current version @@ -1727,7 +1735,7 @@ * an insecure downgrade. */ SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); goto err; } } @@ -1735,16 +1743,15 @@ /* For TLSv1.3 we must select the ciphersuite *before* session resumption */ if (SSL_IS_TLS13(s)) { - const SSL_CIPHER *cipher = - ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); + const SSL_CIPHER *cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SHARED_CIPHER); goto err; } if (s->hello_retry_request == SSL_HRR_PENDING - && (s->s3.tmp.new_cipher == NULL - || s->s3.tmp.new_cipher->id != cipher->id)) { + && (s->s3.tmp.new_cipher == NULL + || s->s3.tmp.new_cipher->id != cipher->id)) { /* * A previous HRR picked a different ciphersuite to the one we * just selected. Something must have changed. @@ -1757,8 +1764,8 @@ /* We need to do this before getting the session */ if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret, - SSL_EXT_CLIENT_HELLO, - clienthello->pre_proc_exts, NULL, 0)) { + SSL_EXT_CLIENT_HELLO, + clienthello->pre_proc_exts, NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -1779,9 +1786,7 @@ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be * ignored. */ - if (clienthello->isv2 || - (s->new_session && - (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { + if (clienthello->isv2 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s, 1)) { /* SSLfatal() already called */ goto err; @@ -1805,7 +1810,7 @@ if (SSL_IS_TLS13(s)) { memcpy(s->tmp_session_id, s->clienthello->session_id, - s->clienthello->session_id_len); + s->clienthello->session_id_len); s->tmp_session_id_len = s->clienthello->session_id_len; } @@ -1817,15 +1822,16 @@ j = 0; id = s->session->cipher->id; - OSSL_TRACE_BEGIN(TLS_CIPHER) { + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, "client sent %d ciphers\n", - sk_SSL_CIPHER_num(ciphers)); + sk_SSL_CIPHER_num(ciphers)); } for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { c = sk_SSL_CIPHER_value(ciphers, i); if (trc_out != NULL) BIO_printf(trc_out, "client [%2d of %2d]:%s\n", i, - sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c)); + sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c)); if (c->id == id) { j = 1; break; @@ -1837,7 +1843,7 @@ * to reuse it */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_REQUIRED_CIPHER_MISSING); + SSL_R_REQUIRED_CIPHER_MISSING); OSSL_TRACE_CANCEL(TLS_CIPHER); goto err; } @@ -1860,7 +1866,7 @@ /* TLS extensions */ if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO, - clienthello->pre_proc_exts, NULL, 0, 1)) { + clienthello->pre_proc_exts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -1881,10 +1887,10 @@ } if (!s->hit - && s->version >= TLS1_VERSION - && !SSL_IS_TLS13(s) - && !SSL_IS_DTLS(s) - && s->ext.session_secret_cb) { + && s->version >= TLS1_VERSION + && !SSL_IS_TLS13(s) + && !SSL_IS_DTLS(s) + && s->ext.session_secret_cb) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -1894,10 +1900,10 @@ master_key_length = sizeof(s->session->master_key); if (s->ext.session_secret_cb(s, s->session->master_key, - &master_key_length, ciphers, - &pref_cipher, - s->ext.session_secret_cb_arg) - && master_key_length > 0) { + &master_key_length, ciphers, + &pref_cipher, + s->ext.session_secret_cb_arg) + && master_key_length > 0) { s->session->master_key_length = master_key_length; s->hit = 1; s->peer_ciphers = ciphers; @@ -1908,7 +1914,7 @@ /* check if some cipher was preferred by call back */ if (pref_cipher == NULL) pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers, - SSL_get_ciphers(s)); + SSL_get_ciphers(s)); if (pref_cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SHARED_CIPHER); goto err; @@ -1936,7 +1942,7 @@ */ if (clienthello->compressions_len != 1) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } } @@ -1949,7 +1955,7 @@ /* Can't disable compression */ if (!ssl_allow_compression(s)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_INCONSISTENT_COMPRESSION); + SSL_R_INCONSISTENT_COMPRESSION); goto err; } /* Look for resumed compression method */ @@ -1962,7 +1968,7 @@ } if (s->s3.tmp.new_compression == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } /* Look for resumed method in compression list */ @@ -1972,7 +1978,7 @@ } if (k >= clienthello->compressions_len) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); + SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); goto err; } } else if (s->hit) { @@ -2043,7 +2049,7 @@ OPENSSL_free(s->clienthello); s->clienthello = NULL; return 1; - err: +err: sk_SSL_CIPHER_free(ciphers); sk_SSL_CIPHER_free(scsvs); OPENSSL_free(clienthello->pre_proc_exts); @@ -2068,7 +2074,7 @@ * influence which certificate is sent */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL - && s->ctx->ext.status_cb != NULL) { + && s->ctx->ext.status_cb != NULL) { int ret; /* If no certificate can't return certificate status */ @@ -2112,9 +2118,9 @@ if (s->ctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len, - s->s3.alpn_proposed, - (unsigned int)s->s3.alpn_proposed_len, - s->ctx->ext.alpn_select_cb_arg); + s->s3.alpn_proposed, + (unsigned int)s->s3.alpn_proposed_len, + s->ctx->ext.alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { OPENSSL_free(s->s3.alpn_selected); @@ -2132,9 +2138,10 @@ /* Check ALPN is consistent with session */ if (s->session->ext.alpn_selected == NULL - || selected_len != s->session->ext.alpn_selected_len - || memcmp(selected, s->session->ext.alpn_selected, - selected_len) != 0) { + || selected_len != s->session->ext.alpn_selected_len + || memcmp(selected, s->session->ext.alpn_selected, + selected_len) + != 0) { /* Not consistent so can't be used for early_data */ s->ext.early_data_ok = 0; @@ -2146,14 +2153,14 @@ */ if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); return 0; } s->session->ext.alpn_selected = OPENSSL_memdup(selected, - selected_len); + selected_len); if (s->session->ext.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); return 0; } s->session->ext.alpn_selected_len = selected_len; @@ -2163,7 +2170,7 @@ return 1; } else if (r != SSL_TLSEXT_ERR_NOACK) { SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, - SSL_R_NO_APPLICATION_PROTOCOL); + SSL_R_NO_APPLICATION_PROTOCOL); return 0; } /* @@ -2213,12 +2220,11 @@ /* In TLSv1.3 we selected the ciphersuite before resumption */ if (!SSL_IS_TLS13(s)) { - cipher = - ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); + cipher = ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SHARED_CIPHER); + SSL_R_NO_SHARED_CIPHER); goto err; } s->s3.tmp.new_cipher = cipher; @@ -2230,10 +2236,10 @@ } /* check whether we should disable session resumption */ if (s->not_resumable_session_cb != NULL) - s->session->not_resumable = - s->not_resumable_session_cb(s, - ((s->s3.tmp.new_cipher->algorithm_mkey - & (SSL_kDHE | SSL_kECDHE)) != 0)); + s->session->not_resumable = s->not_resumable_session_cb(s, + ((s->s3.tmp.new_cipher->algorithm_mkey + & (SSL_kDHE | SSL_kECDHE)) + != 0)); if (s->session->not_resumable) /* do not send a session ticket */ s->ext.ticket_expected = 0; @@ -2294,7 +2300,7 @@ #endif return WORK_FINISHED_STOP; - err: +err: return WORK_ERROR; } @@ -2308,14 +2314,15 @@ version = usetls13 ? TLS1_2_VERSION : s->version; if (!WPACKET_put_bytes_u16(pkt, version) - /* - * Random stuff. Filling of the server_random takes place in - * tls_process_client_hello() - */ - || !WPACKET_memcpy(pkt, - s->hello_retry_request == SSL_HRR_PENDING - ? hrrrandom : s->s3.server_random, - SSL3_RANDOM_SIZE)) { + /* + * Random stuff. Filling of the server_random takes place in + * tls_process_client_hello() + */ + || !WPACKET_memcpy(pkt, + s->hello_retry_request == SSL_HRR_PENDING + ? hrrrandom + : s->s3.server_random, + SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2339,7 +2346,7 @@ * to send back. */ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit) + && !s->hit) s->session->session_id_length = 0; if (usetls13) { @@ -2366,19 +2373,19 @@ #endif if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &len) - || !WPACKET_put_bytes_u8(pkt, compm)) { + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &len) + || !WPACKET_put_bytes_u8(pkt, compm)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (!tls_construct_extensions(s, pkt, - s->hello_retry_request == SSL_HRR_PENDING - ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - : (SSL_IS_TLS13(s) - ? SSL_EXT_TLS1_3_SERVER_HELLO - : SSL_EXT_TLS1_2_SERVER_HELLO), - NULL, 0)) { + s->hello_retry_request == SSL_HRR_PENDING + ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST + : (SSL_IS_TLS13(s) + ? SSL_EXT_TLS1_3_SERVER_HELLO + : SSL_EXT_TLS1_2_SERVER_HELLO), + NULL, 0)) { /* SSLfatal() already called */ return 0; } @@ -2398,7 +2405,7 @@ return 0; } } else if (!(s->verify_mode & SSL_VERIFY_PEER) - && !ssl3_digest_cached_records(s, 0)) { + && !ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */; return 0; } @@ -2449,123 +2456,121 @@ /* Plain PSK or RSAPSK nothing to do */ if (type & (SSL_kPSK | SSL_kRSAPSK)) { } else -#endif /* !OPENSSL_NO_PSK */ - if (type & (SSL_kDHE | SSL_kDHEPSK)) { - CERT *cert = s->cert; - EVP_PKEY *pkdhp = NULL; - - if (s->cert->dh_tmp_auto) { - pkdh = ssl_get_auto_dh(s); - if (pkdh == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; +#endif /* !OPENSSL_NO_PSK */ + if (type & (SSL_kDHE | SSL_kDHEPSK)) { + CERT *cert = s->cert; + EVP_PKEY *pkdhp = NULL; + + if (s->cert->dh_tmp_auto) { + pkdh = ssl_get_auto_dh(s); + if (pkdh == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + pkdhp = pkdh; + } else { + pkdhp = cert->dh_tmp; } - pkdhp = pkdh; - } else { - pkdhp = cert->dh_tmp; - } #if !defined(OPENSSL_NO_DEPRECATED_3_0) - if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { - pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(s, 0, 1024)); - if (pkdh == NULL) { + if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { + pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(s, 0, 1024)); + if (pkdh == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + pkdhp = pkdh; + } +#endif + if (pkdhp == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_TMP_DH_KEY); + goto err; + } + if (!ssl_security(s, SSL_SECOP_TMP_DH, + EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); + goto err; + } + if (s->s3.tmp.pkey != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - pkdhp = pkdh; - } -#endif - if (pkdhp == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_TMP_DH_KEY); - goto err; - } - if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); - goto err; - } - if (s->s3.tmp.pkey != NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - s->s3.tmp.pkey = ssl_generate_pkey(s, pkdhp); - if (s->s3.tmp.pkey == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } + s->s3.tmp.pkey = ssl_generate_pkey(s, pkdhp); + if (s->s3.tmp.pkey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } - EVP_PKEY_free(pkdh); - pkdh = NULL; + EVP_PKEY_free(pkdh); + pkdh = NULL; - /* These BIGNUMs need to be freed when we're finished */ - freer = 1; - if (!EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_P, - &r[0]) + /* These BIGNUMs need to be freed when we're finished */ + freer = 1; + if (!EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_P, + &r[0]) || !EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_G, - &r[1]) + &r[1]) || !EVP_PKEY_get_bn_param(s->s3.tmp.pkey, - OSSL_PKEY_PARAM_PUB_KEY, &r[2])) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - } else if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { + OSSL_PKEY_PARAM_PUB_KEY, &r[2])) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + } else if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { - if (s->s3.tmp.pkey != NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } + if (s->s3.tmp.pkey != NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } - /* Get NID of appropriate shared curve */ - curve_id = tls1_shared_group(s, -2); - if (curve_id == 0) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - goto err; - } - /* Cache the group used in the SSL_SESSION */ - s->session->kex_group = curve_id; - /* Generate a new key for this curve */ - s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id); - if (s->s3.tmp.pkey == NULL) { - /* SSLfatal() already called */ - goto err; - } + /* Get NID of appropriate shared curve */ + curve_id = tls1_shared_group(s, -2); + if (curve_id == 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + goto err; + } + /* Cache the group used in the SSL_SESSION */ + s->session->kex_group = curve_id; + /* Generate a new key for this curve */ + s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id); + if (s->s3.tmp.pkey == NULL) { + /* SSLfatal() already called */ + goto err; + } - /* Encode the public key. */ - encodedlen = EVP_PKEY_get1_encoded_public_key(s->s3.tmp.pkey, - &encodedPoint); - if (encodedlen == 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); - goto err; - } + /* Encode the public key. */ + encodedlen = EVP_PKEY_get1_encoded_public_key(s->s3.tmp.pkey, + &encodedPoint); + if (encodedlen == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); + goto err; + } - /* - * We'll generate the serverKeyExchange message explicitly so we - * can set these to NULLs - */ - r[0] = NULL; - r[1] = NULL; - r[2] = NULL; - r[3] = NULL; - } else + /* + * We'll generate the serverKeyExchange message explicitly so we + * can set these to NULLs + */ + r[0] = NULL; + r[1] = NULL; + r[2] = NULL; + r[3] = NULL; + } else #ifndef OPENSSL_NO_SRP - if (type & SSL_kSRP) { - if ((s->srp_ctx.N == NULL) || - (s->srp_ctx.g == NULL) || - (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_SRP_PARAM); + if (type & SSL_kSRP) { + if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_SRP_PARAM); + goto err; + } + r[0] = s->srp_ctx.N; + r[1] = s->srp_ctx.g; + r[2] = s->srp_ctx.s; + r[3] = s->srp_ctx.B; + } else +#endif + { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto err; } - r[0] = s->srp_ctx.N; - r[1] = s->srp_ctx.g; - r[2] = s->srp_ctx.s; - r[3] = s->srp_ctx.B; - } else -#endif - { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto err; - } if (((s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { @@ -2578,15 +2583,16 @@ #ifndef OPENSSL_NO_PSK if (type & SSL_PSK) { size_t len = (s->cert->psk_identity_hint == NULL) - ? 0 : strlen(s->cert->psk_identity_hint); + ? 0 + : strlen(s->cert->psk_identity_hint); /* * It should not happen that len > PSK_MAX_IDENTITY_LEN - we already * checked this when we set the identity hint - but just in case */ if (len > PSK_MAX_IDENTITY_LEN - || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, - len)) { + || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, + len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2627,7 +2633,7 @@ } if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2643,9 +2649,9 @@ * point itself */ if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE) - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_put_bytes_u8(pkt, curve_id) - || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) { + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_put_bytes_u8(pkt, curve_id) + || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2677,9 +2683,10 @@ } if (EVP_DigestSignInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + s->ctx->libctx, s->ctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2691,18 +2698,18 @@ } } tbslen = construct_key_exchange_tbs(s, &tbs, - s->init_buf->data + paramoffset, - paramlen); + s->init_buf->data + paramoffset, + paramlen); if (tbslen == 0) { /* SSLfatal() already called */ goto err; } - if (EVP_DigestSign(md_ctx, NULL, &siglen, tbs, tbslen) <=0 - || !WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1) - || EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen) <= 0 - || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) - || sigbytes1 != sigbytes2) { + if (EVP_DigestSign(md_ctx, NULL, &siglen, tbs, tbslen) <= 0 + || !WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1) + || EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen) <= 0 + || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) + || sigbytes1 != sigbytes2) { OPENSSL_free(tbs); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -2711,7 +2718,7 @@ } ret = 1; - err: +err: EVP_PKEY_free(pkdh); OPENSSL_free(encodedPoint); EVP_MD_CTX_free(md_ctx); @@ -2737,9 +2744,10 @@ return 0; } if (RAND_bytes_ex(s->ctx->libctx, s->pha_context, - s->pha_context_len, 0) <= 0 - || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, - s->pha_context_len)) { + s->pha_context_len, 0) + <= 0 + || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, + s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2756,8 +2764,8 @@ } if (!tls_construct_extensions(s, pkt, - SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, - 0)) { + SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, + 0)) { /* SSLfatal() already called */ return 0; } @@ -2776,9 +2784,9 @@ size_t nl = tls12_get_psigalgs(s, 1, &psigs); if (!WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) - || !tls12_copy_sigalgs(s, pkt, psigs, nl) - || !WPACKET_close(pkt)) { + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) + || !tls12_copy_sigalgs(s, pkt, psigs, nl) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2789,7 +2797,7 @@ return 0; } - done: +done: s->certreqs_sent++; s->s3.tmp.cert_request = 1; return 1; @@ -2821,7 +2829,7 @@ } psklen = s->psk_server_callback(s, s->session->psk_identity, - psk, sizeof(psk)); + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -2898,7 +2906,7 @@ * We must not leak whether a decryption failure occurs because of * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246, * section 7.4.7.1). We use the special padding type - * RSA_PKCS1_WITH_TLS_PADDING to do that. It will automaticaly decrypt the + * RSA_PKCS1_WITH_TLS_PADDING to do that. It will automatically decrypt the * RSA, check the padding and check that the client version is as expected * in the premaster secret. If any of that fails then the function appears * to return successfully but with a random result. The call below could @@ -2906,23 +2914,24 @@ * See https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ if (EVP_PKEY_decrypt_init(ctx) <= 0 - || EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_WITH_TLS_PADDING) <= 0) { + || EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_WITH_TLS_PADDING) <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } *p++ = OSSL_PARAM_construct_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, - (unsigned int *)&s->client_version); - if ((s->options & SSL_OP_TLS_ROLLBACK_BUG) != 0) + (unsigned int *)&s->client_version); + if ((s->options & SSL_OP_TLS_ROLLBACK_BUG) != 0) *p++ = OSSL_PARAM_construct_uint( OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, (unsigned int *)&s->version); *p++ = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_set_params(ctx, params) - || EVP_PKEY_decrypt(ctx, rsa_decrypt, &outlen, - PACKET_data(&enc_premaster), - PACKET_remaining(&enc_premaster)) <= 0) { + || EVP_PKEY_decrypt(ctx, rsa_decrypt, &outlen, + PACKET_data(&enc_premaster), + PACKET_remaining(&enc_premaster)) + <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } @@ -2939,13 +2948,13 @@ /* Also cleanses rsa_decrypt (on success or failure) */ if (!ssl_generate_master_secret(s, rsa_decrypt, - SSL_MAX_MASTER_KEY_LENGTH, 0)) { + SSL_MAX_MASTER_KEY_LENGTH, 0)) { /* SSLfatal() already called */ goto err; } ret = 1; - err: +err: OPENSSL_free(rsa_decrypt); EVP_PKEY_CTX_free(ctx); return ret; @@ -2997,7 +3006,7 @@ ret = 1; EVP_PKEY_free(s->s3.tmp.pkey); s->s3.tmp.pkey = NULL; - err: +err: EVP_PKEY_free(ckey); return ret; } @@ -3052,7 +3061,7 @@ ret = 1; EVP_PKEY_free(s->s3.tmp.pkey); s->s3.tmp.pkey = NULL; - err: +err: EVP_PKEY_free(ckey); return ret; @@ -3153,10 +3162,10 @@ * We have nothing to do with this blob so we just skip it */ pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt)); if (pKX == NULL - || pKX->kxBlob == NULL - || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); - goto err; + || pKX->kxBlob == NULL + || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); + goto err; } if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) { @@ -3173,23 +3182,25 @@ start = pKX->kxBlob->value.sequence->data; if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, - inlen) <= 0) { + inlen) + <= 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } /* Generate master secret */ if (!ssl_generate_master_secret(s, premaster_secret, - sizeof(premaster_secret), 0)) { + sizeof(premaster_secret), 0)) { /* SSLfatal() already called */ goto err; } /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, - NULL) > 0) + NULL) + > 0) s->statem.no_cert_verify = 1; ret = 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); GOST_KX_MESSAGE_free(pKX); return ret; @@ -3223,9 +3234,7 @@ } /* Get our certificate private key */ - pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey != NULL ? - s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey : - s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey; + pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey != NULL ? s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey : s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey; if (pk == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_STATE); goto err; @@ -3243,13 +3252,15 @@ /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code depending on size */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) { + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) { + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3262,13 +3273,13 @@ } /* Generate master secret */ if (!ssl_generate_master_secret(s, premaster_secret, - sizeof(premaster_secret), 0)) { - /* SSLfatal() already called */ - goto err; + sizeof(premaster_secret), 0)) { + /* SSLfatal() already called */ + goto err; } ret = 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); return ret; #else @@ -3337,7 +3348,7 @@ } return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen); s->s3.tmp.psk = NULL; @@ -3359,7 +3370,7 @@ * used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -3367,15 +3378,16 @@ labellen += 1; if (SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, - 0) <= 0) { + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, + 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } } #endif @@ -3432,16 +3444,13 @@ goto err; } - if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context) - || (s->pha_context == NULL && PACKET_remaining(&context) != 0) - || (s->pha_context != NULL && - !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) { + if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context) || (s->pha_context == NULL && PACKET_remaining(&context) != 0) || (s->pha_context != NULL && !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_INVALID_CONTEXT); goto err; } if (!PACKET_get_length_prefixed_3(pkt, &spkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -3478,11 +3487,11 @@ goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - NULL, chainidx == 0) + SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, + NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, - PACKET_remaining(&spkt) == 0)) { + rawexts, x, chainidx, + PACKET_remaining(&spkt) == 0)) { OPENSSL_free(rawexts); goto err; } @@ -3500,14 +3509,13 @@ /* TLS does not mind 0 certs returned */ if (s->version == SSL3_VERSION) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_CERTIFICATES_RETURNED); + SSL_R_NO_CERTIFICATES_RETURNED); goto err; } /* Fail for TLS only if we required a certificate */ - else if ((s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { + else if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); goto err; } /* No client certificate so digest cached records */ @@ -3520,13 +3528,13 @@ i = ssl_verify_cert_chain(s, sk); if (i <= 0) { SSLfatal(s, ssl_x509err2alert(s->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); + SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } pkey = X509_get0_pubkey(sk_X509_value(sk, 0)); if (pkey == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSL_R_UNKNOWN_CERTIFICATE_TYPE); goto err; } } @@ -3574,8 +3582,8 @@ /* Save the current hash state for when we receive the CertificateVerify */ if (SSL_IS_TLS13(s)) { if (!ssl_handshake_hash(s, s->cert_verify_hash, - sizeof(s->cert_verify_hash), - &s->cert_verify_hash_len)) { + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { /* SSLfatal() already called */ goto err; } @@ -3586,7 +3594,7 @@ ret = MSG_PROCESS_CONTINUE_READING; - err: +err: X509_free(x); sk_X509_pop_free(sk, X509_free); return ret; @@ -3618,7 +3626,7 @@ } static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, - unsigned char *tick_nonce) + unsigned char *tick_nonce) { uint32_t timeout = (uint32_t)s->session->timeout; @@ -3644,7 +3652,7 @@ if (SSL_IS_TLS13(s)) { if (!WPACKET_put_bytes_u32(pkt, age_add) - || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { + || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3664,7 +3672,7 @@ * -1 on fatal error */ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, - unsigned char *tick_nonce) + unsigned char *tick_nonce) { unsigned char *senc = NULL; EVP_CIPHER_CTX *ctx = NULL; @@ -3748,13 +3756,13 @@ if (tctx->ext.ticket_key_evp_cb != NULL) ret = tctx->ext.ticket_key_evp_cb(s, key_name, iv, ctx, - ssl_hmac_get0_EVP_MAC_CTX(hctx), - 1); + ssl_hmac_get0_EVP_MAC_CTX(hctx), + 1); #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx, - ssl_hmac_get0_HMAC_CTX(hctx), 1); + ssl_hmac_get0_HMAC_CTX(hctx), 1); #endif if (ret == 0) { @@ -3769,7 +3777,7 @@ } /* Put timeout and length */ if (!WPACKET_put_bytes_u32(pkt, 0) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3789,7 +3797,7 @@ } } else { EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", - s->ctx->propq); + s->ctx->propq); if (cipher == NULL) { /* Error is already recorded */ @@ -3799,19 +3807,19 @@ iv_len = EVP_CIPHER_get_iv_length(cipher); if (iv_len < 0 - || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 - || !EVP_EncryptInit_ex(ctx, cipher, NULL, - tctx->ext.secure->tick_aes_key, iv) - || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, - sizeof(tctx->ext.secure->tick_hmac_key), - "SHA256")) { + || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 + || !EVP_EncryptInit_ex(ctx, cipher, NULL, + tctx->ext.secure->tick_aes_key, iv) + || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, + sizeof(tctx->ext.secure->tick_hmac_key), + "SHA256")) { EVP_CIPHER_free(cipher); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } EVP_CIPHER_free(cipher); memcpy(key_name, tctx->ext.tick_key_name, - sizeof(tctx->ext.tick_key_name)); + sizeof(tctx->ext.tick_key_name)); } if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { @@ -3820,29 +3828,29 @@ } if (!WPACKET_get_total_written(pkt, &macoffset) - /* Output key name */ - || !WPACKET_memcpy(pkt, key_name, sizeof(key_name)) - /* output IV */ - || !WPACKET_memcpy(pkt, iv, iv_len) - || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH, - &encdata1) - /* Encrypt session data */ - || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen) - || !WPACKET_allocate_bytes(pkt, len, &encdata2) - || encdata1 != encdata2 - || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal) - || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2) - || encdata1 + len != encdata2 - || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH - || !WPACKET_get_total_written(pkt, &macendoffset) - || !ssl_hmac_update(hctx, - (unsigned char *)s->init_buf->data + macoffset, - macendoffset - macoffset) - || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1) - || !ssl_hmac_final(hctx, macdata1, &hlen, EVP_MAX_MD_SIZE) - || hlen > EVP_MAX_MD_SIZE - || !WPACKET_allocate_bytes(pkt, hlen, &macdata2) - || macdata1 != macdata2) { + /* Output key name */ + || !WPACKET_memcpy(pkt, key_name, sizeof(key_name)) + /* output IV */ + || !WPACKET_memcpy(pkt, iv, iv_len) + || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH, + &encdata1) + /* Encrypt session data */ + || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen) + || !WPACKET_allocate_bytes(pkt, len, &encdata2) + || encdata1 != encdata2 + || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal) + || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2) + || encdata1 + len != encdata2 + || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH + || !WPACKET_get_total_written(pkt, &macendoffset) + || !ssl_hmac_update(hctx, + (unsigned char *)s->init_buf->data + macoffset, + macendoffset - macoffset) + || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1) + || !ssl_hmac_final(hctx, macdata1, &hlen, EVP_MAX_MD_SIZE) + || hlen > EVP_MAX_MD_SIZE + || !WPACKET_allocate_bytes(pkt, hlen, &macdata2) + || macdata1 != macdata2) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3854,7 +3862,7 @@ } ok = 1; - err: +err: OPENSSL_free(senc); EVP_CIPHER_CTX_free(ctx); ssl_hmac_free(hctx); @@ -3862,7 +3870,7 @@ } static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, - unsigned char *tick_nonce) + unsigned char *tick_nonce) { if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { /* SSLfatal() already called */ @@ -3870,8 +3878,8 @@ } if (!WPACKET_memcpy(pkt, s->session->session_id, - s->session->session_id_length) - || !WPACKET_close(pkt)) { + s->session->session_id_length) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3908,7 +3916,9 @@ if (SSL_IS_TLS13(s)) { size_t i, hashlen; uint64_t nonce; - static const unsigned char nonce_label[] = "resumption"; + /* ASCII: "resumption", in hex for EBCDIC compatibility */ + static const unsigned char nonce_label[] = { 0x72, 0x65, 0x73, 0x75, 0x6D, + 0x70, 0x74, 0x69, 0x6F, 0x6E }; const EVP_MD *md = ssl_handshake_md(s); int hashleni = EVP_MD_get_size(md); @@ -3941,7 +3951,8 @@ goto err; } if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c, - sizeof(age_add_u), 0) <= 0) { + sizeof(age_add_u), 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3954,12 +3965,12 @@ } if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, - nonce_label, - sizeof(nonce_label) - 1, - tick_nonce, - TICKET_NONCE_SIZE, - s->session->master_key, - hashlen, 1)) { + nonce_label, + sizeof(nonce_label), + tick_nonce, + TICKET_NONCE_SIZE, + s->session->master_key, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -3969,8 +3980,7 @@ ssl_session_calculate_timeout(s->session); if (s->s3.alpn_selected != NULL) { OPENSSL_free(s->session->ext.alpn_selected); - s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); + s->session->ext.alpn_selected = OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -3981,8 +3991,7 @@ s->session->ext.max_early_data = s->max_early_data; } - if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { + if (tctx->generate_ticket_cb != NULL && tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3992,9 +4001,9 @@ * is no point in using full stateless tickets. */ if (SSL_IS_TLS13(s) - && ((s->options & SSL_OP_NO_TICKET) != 0 - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { + && ((s->options & SSL_OP_NO_TICKET) != 0 + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) { /* SSLfatal() already called */ goto err; @@ -4003,7 +4012,7 @@ int tmpret; tmpret = construct_stateless_ticket(s, pkt, age_add_u.age_add, - tick_nonce); + tick_nonce); if (tmpret != 1) { if (tmpret == 0) { ret = 2; /* Non-fatal. Abort construction but continue */ @@ -4017,8 +4026,8 @@ if (SSL_IS_TLS13(s)) { if (!tls_construct_extensions(s, pkt, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - NULL, 0)) { + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -4027,7 +4036,7 @@ } ret = 1; - err: +err: return ret; } @@ -4038,8 +4047,8 @@ int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) { if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type) - || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, - s->ext.ocsp.resp_len)) { + || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, + s->ext.ocsp.resp_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -4096,7 +4105,7 @@ static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt) { if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - NULL, 0)) { + NULL, 0)) { /* SSLfatal() already called */ return 0; } @@ -4112,7 +4121,7 @@ } if (s->early_data_state != SSL_EARLY_DATA_READING - && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) { + && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return MSG_PROCESS_ERROR; } @@ -4128,7 +4137,7 @@ s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } --- crypto/openssl/ssl/t1_enc.c.orig +++ crypto/openssl/ssl/t1_enc.c @@ -23,13 +23,13 @@ /* seed1 through seed5 are concatenated */ static int tls1_PRF(SSL *s, - const void *seed1, size_t seed1_len, - const void *seed2, size_t seed2_len, - const void *seed3, size_t seed3_len, - const void *seed4, size_t seed4_len, - const void *seed5, size_t seed5_len, - const unsigned char *sec, size_t slen, - unsigned char *out, size_t olen, int fatal) + const void *seed1, size_t seed1_len, + const void *seed2, size_t seed2_len, + const void *seed3, size_t seed3_len, + const void *seed4, size_t seed4_len, + const void *seed5, size_t seed5_len, + const unsigned char *sec, size_t slen, + unsigned char *out, size_t olen, int fatal) { const EVP_MD *md = ssl_prf_md(s); EVP_KDF *kdf; @@ -54,27 +54,27 @@ goto err; mdname = EVP_MD_get0_name(md); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, - (unsigned char *)sec, - (size_t)slen); + (unsigned char *)sec, + (size_t)slen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed1, (size_t)seed1_len); + (void *)seed1, (size_t)seed1_len); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed2, (size_t)seed2_len); + (void *)seed2, (size_t)seed2_len); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed3, (size_t)seed3_len); + (void *)seed3, (size_t)seed3_len); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed4, (size_t)seed4_len); + (void *)seed4, (size_t)seed4_len); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed5, (size_t)seed5_len); + (void *)seed5, (size_t)seed5_len); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_derive(kctx, out, olen, params)) { EVP_KDF_CTX_free(kctx); return 1; } - err: +err: if (fatal) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); else @@ -89,18 +89,53 @@ /* Calls SSLfatal() as required */ ret = tls1_PRF(s, - TLS_MD_KEY_EXPANSION_CONST, - TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random, - SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE, - NULL, 0, NULL, 0, s->session->master_key, - s->session->master_key_length, km, num, 1); + TLS_MD_KEY_EXPANSION_CONST, + TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random, + SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE, + NULL, 0, NULL, 0, s->session->master_key, + s->session->master_key_length, km, num, 1); return ret; } +#ifndef OPENSSL_NO_KTLS +/* + * Count the number of records that were not processed yet from record boundary. + * + * This function assumes that there are only fully formed records read in the + * record layer. If read_ahead is enabled, then this might be false and this + * function will fail. + */ +#ifndef OPENSSL_NO_KTLS_RX +static int count_unprocessed_records(SSL *s) +{ + SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); + PACKET pkt, subpkt; + int count = 0; + + if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left)) + return -1; + + while (PACKET_remaining(&pkt) > 0) { + /* Skip record type and version */ + if (!PACKET_forward(&pkt, 3)) + return -1; + + /* Read until next record */ + if (!PACKET_get_length_prefixed_2(&pkt, &subpkt)) + return -1; + + count += 1; + } + + return count; +} +#endif +#endif + int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md) + const EVP_CIPHER *ciph, + const EVP_MD *md) { /* * Provided cipher, the TLS padding/MAC removal is performed provider @@ -111,20 +146,20 @@ int imacsize = -1; if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 - /* - * We look at s->ext.use_etm instead of SSL_READ_ETM() or - * SSL_WRITE_ETM() because this test applies to both reading - * and writing. - */ - && !s->ext.use_etm) + /* + * We look at s->ext.use_etm instead of SSL_READ_ETM() or + * SSL_WRITE_ETM() because this test applies to both reading + * and writing. + */ + && !s->ext.use_etm) imacsize = EVP_MD_get_size(md); if (imacsize >= 0) macsize = (size_t)imacsize; *pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, - &s->version); + &s->version); *pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, - &macsize); + &macsize); *pprm = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_set_params(ctx, params)) { @@ -135,7 +170,6 @@ return 1; } - static int tls_iv_length_within_key_block(const EVP_CIPHER *c) { /* If GCM/CCM mode only part of IV comes from PRF */ @@ -165,7 +199,12 @@ int reuse_dd = 0; #ifndef OPENSSL_NO_KTLS ktls_crypto_info_t crypto_info; + unsigned char *rec_seq; void *rl_sequence; +#ifndef OPENSSL_NO_KTLS_RX + int count_unprocessed; + int bit; +#endif BIO *bio; #endif @@ -216,7 +255,7 @@ s->expand = COMP_CTX_new(comp->method); if (s->expand == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_COMPRESSION_LIBRARY_ERROR); + SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } } @@ -272,7 +311,7 @@ s->compress = COMP_CTX_new(comp->method); if (s->compress == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_COMPRESSION_LIBRARY_ERROR); + SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } } @@ -295,8 +334,7 @@ cl = EVP_CIPHER_get_key_length(c); j = cl; k = tls_iv_length_within_key_block(c); - if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || - (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { + if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms = &(p[0]); n = i + i; key = &(p[n]); @@ -323,8 +361,8 @@ if (!(EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { if (mac_type == EVP_PKEY_HMAC) { mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, mac_secret, - *mac_secret_size); + s->ctx->propq, mac_secret, + *mac_secret_size); } else { /* * If its not HMAC then the only other types of MAC we support are @@ -332,12 +370,13 @@ * a MAC key. */ mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret, - (int)*mac_secret_size); + (int)*mac_secret_size); } if (mac_key == NULL || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_get0_name(m), - s->ctx->libctx, s->ctx->propq, mac_key, - NULL) <= 0) { + s->ctx->libctx, s->ctx->propq, mac_key, + NULL) + <= 0) { EVP_PKEY_free(mac_key); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -345,22 +384,24 @@ EVP_PKEY_free(mac_key); } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "which = %04X, mac key:\n", which); BIO_dump_indent(trc_out, ms, i, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) || EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, - iv) <= 0) { + iv) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } } else if (EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) { int taglen; - if (s->s3.tmp. - new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) + if (s->s3.tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; else taglen = EVP_CCM_TLS_TAG_LEN; @@ -382,7 +423,8 @@ if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size && EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - (int)*mac_secret_size, mac_secret) <= 0) { + (int)*mac_secret_size, mac_secret) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -392,7 +434,7 @@ * different to that in c if we have an ENGINE in use */ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL - && !tls_provider_set_tls_params(s, dd, c, m)) { + && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; } @@ -421,13 +463,12 @@ /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */ if (which & SSL3_CC_WRITE) { - if (BIO_flush(bio) <= 0) - goto skip_ktls; + if (BIO_flush(bio) <= 0) + goto skip_ktls; } /* ktls doesn't support renegotiation */ - if ((BIO_get_ktls_send(s->wbio) && (which & SSL3_CC_WRITE)) || - (BIO_get_ktls_recv(s->rbio) && (which & SSL3_CC_READ))) { + if ((BIO_get_ktls_send(s->wbio) && (which & SSL3_CC_WRITE)) || (BIO_get_ktls_recv(s->rbio) && (which & SSL3_CC_READ))) { SSLfatal(s, SSL_AD_NO_RENEGOTIATION, ERR_R_INTERNAL_ERROR); goto err; } @@ -437,11 +478,30 @@ else rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); - if (!ktls_configure_crypto(s, c, dd, rl_sequence, &crypto_info, - which & SSL3_CC_WRITE, iv, key, ms, - *mac_secret_size)) + if (!ktls_configure_crypto(s, c, dd, rl_sequence, &crypto_info, &rec_seq, + iv, key, ms, *mac_secret_size)) goto skip_ktls; + if (which & SSL3_CC_READ) { +#ifndef OPENSSL_NO_KTLS_RX + count_unprocessed = count_unprocessed_records(s); + if (count_unprocessed < 0) + goto skip_ktls; + + /* increment the crypto_info record sequence */ + while (count_unprocessed) { + for (bit = 7; bit >= 0; bit--) { /* increment */ + ++rec_seq[bit]; + if (rec_seq[bit] != 0) + break; + } + count_unprocessed--; + } +#else + goto skip_ktls; +#endif + } + /* ktls works with user provided buffers directly */ if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { if (which & SSL3_CC_WRITE) @@ -449,19 +509,21 @@ SSL_set_options(s, SSL_OP_NO_RENEGOTIATION); } - skip_ktls: -#endif /* OPENSSL_NO_KTLS */ +skip_ktls: +#endif /* OPENSSL_NO_KTLS */ s->statem.enc_write_state = ENC_WRITE_STATE_VALID; - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "which = %04X, key:\n", which); BIO_dump_indent(trc_out, key, EVP_CIPHER_get_key_length(c), 4); BIO_printf(trc_out, "iv:\n"); BIO_dump_indent(trc_out, iv, k, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); return 1; - err: +err: return 0; } @@ -479,7 +541,7 @@ return 1; if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type, - &mac_secret_size, &comp, s->ext.use_etm)) { + &mac_secret_size, &comp, s->ext.use_etm)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -492,7 +554,7 @@ s->s3.tmp.new_mac_pkey_type = mac_type; s->s3.tmp.new_mac_secret_size = mac_secret_size; num = mac_secret_size + EVP_CIPHER_get_key_length(c) - + tls_iv_length_within_key_block(c); + + tls_iv_length_within_key_block(c); num *= 2; ssl3_cleanup_key_block(s); @@ -505,7 +567,8 @@ s->s3.tmp.key_block_length = num; s->s3.tmp.key_block = p; - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "key block length: %zu\n", num); BIO_printf(trc_out, "client random\n"); BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); @@ -513,19 +576,22 @@ BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "master key\n"); BIO_dump_indent(trc_out, - s->session->master_key, - s->session->master_key_length, 4); - } OSSL_TRACE_END(TLS); + s->session->master_key, + s->session->master_key_length, 4); + } + OSSL_TRACE_END(TLS); if (!tls1_generate_key_block(s, p, num)) { /* SSLfatal() already called */ goto err; } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "key block\n"); BIO_dump_indent(trc_out, p, num, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && s->method->version <= TLS1_VERSION) { @@ -545,12 +611,12 @@ } ret = 1; - err: +err: return ret; } size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *out) + unsigned char *out) { size_t hashlen; unsigned char hash[EVP_MAX_MD_SIZE]; @@ -570,8 +636,8 @@ } if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0, - s->session->master_key, s->session->master_key_length, - out, finished_size, 1)) { + s->session->master_key, s->session->master_key_length, + out, finished_size, 1)) { /* SSLfatal() already called */ return 0; } @@ -580,7 +646,7 @@ } int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - size_t len, size_t *secret_size) + size_t len, size_t *secret_size) { if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; @@ -591,41 +657,44 @@ * point (after client key exchange and before certificate verify) */ if (!ssl3_digest_cached_records(s, 1) - || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { + || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { /* SSLfatal() already called */ return 0; } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "Handshake hashes:\n"); BIO_dump(trc_out, (char *)hash, hashlen); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); if (!tls1_PRF(s, - TLS_MD_EXTENDED_MASTER_SECRET_CONST, - TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, - hash, hashlen, - NULL, 0, - NULL, 0, - NULL, 0, p, len, out, - SSL3_MASTER_SECRET_SIZE, 1)) { + TLS_MD_EXTENDED_MASTER_SECRET_CONST, + TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, + hash, hashlen, + NULL, 0, + NULL, 0, + NULL, 0, p, len, out, + SSL3_MASTER_SECRET_SIZE, 1)) { /* SSLfatal() already called */ return 0; } OPENSSL_cleanse(hash, hashlen); } else { if (!tls1_PRF(s, - TLS_MD_MASTER_SECRET_CONST, - TLS_MD_MASTER_SECRET_CONST_SIZE, - s->s3.client_random, SSL3_RANDOM_SIZE, - NULL, 0, - s->s3.server_random, SSL3_RANDOM_SIZE, - NULL, 0, p, len, out, - SSL3_MASTER_SECRET_SIZE, 1)) { - /* SSLfatal() already called */ + TLS_MD_MASTER_SECRET_CONST, + TLS_MD_MASTER_SECRET_CONST_SIZE, + s->s3.client_random, SSL3_RANDOM_SIZE, + NULL, 0, + s->s3.server_random, SSL3_RANDOM_SIZE, + NULL, 0, p, len, out, + SSL3_MASTER_SECRET_SIZE, 1)) { + /* SSLfatal() already called */ return 0; } } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "Premaster Secret:\n"); BIO_dump_indent(trc_out, p, len, 4); BIO_printf(trc_out, "Client Random:\n"); @@ -634,18 +703,19 @@ BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "Master Secret:\n"); BIO_dump_indent(trc_out, - s->session->master_key, - SSL3_MASTER_SECRET_SIZE, 4); - } OSSL_TRACE_END(TLS); + s->session->master_key, + SSL3_MASTER_SECRET_SIZE, 4); + } + OSSL_TRACE_END(TLS); *secret_size = SSL3_MASTER_SECRET_SIZE; return 1; } int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen, int use_context) + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context) { unsigned char *val = NULL; size_t vallen = 0, currentvalpos; @@ -688,39 +758,44 @@ * the comparisons won't have buffer overflow */ if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST, - TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) + TLS_MD_CLIENT_FINISH_CONST_SIZE) + == 0) goto err1; if (memcmp(val, TLS_MD_SERVER_FINISH_CONST, - TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) + TLS_MD_SERVER_FINISH_CONST_SIZE) + == 0) goto err1; if (memcmp(val, TLS_MD_MASTER_SECRET_CONST, - TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) + TLS_MD_MASTER_SECRET_CONST_SIZE) + == 0) goto err1; if (memcmp(val, TLS_MD_EXTENDED_MASTER_SECRET_CONST, - TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) == 0) + TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) + == 0) goto err1; if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, - TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) + TLS_MD_KEY_EXPANSION_CONST_SIZE) + == 0) goto err1; rv = tls1_PRF(s, - val, vallen, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0, - s->session->master_key, s->session->master_key_length, - out, olen, 0); + val, vallen, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0, + s->session->master_key, s->session->master_key_length, + out, olen, 0); goto ret; - err1: +err1: ERR_raise(ERR_LIB_SSL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); rv = 0; goto ret; - err2: +err2: ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); rv = 0; - ret: +ret: OPENSSL_clear_free(val, vallen); return rv; } --- crypto/openssl/ssl/t1_lib.c.orig +++ crypto/openssl/ssl/t1_lib.c @@ -142,48 +142,48 @@ int nid; uint16_t group_id; } nid_to_group[] = { - {NID_sect163k1, OSSL_TLS_GROUP_ID_sect163k1}, - {NID_sect163r1, OSSL_TLS_GROUP_ID_sect163r1}, - {NID_sect163r2, OSSL_TLS_GROUP_ID_sect163r2}, - {NID_sect193r1, OSSL_TLS_GROUP_ID_sect193r1}, - {NID_sect193r2, OSSL_TLS_GROUP_ID_sect193r2}, - {NID_sect233k1, OSSL_TLS_GROUP_ID_sect233k1}, - {NID_sect233r1, OSSL_TLS_GROUP_ID_sect233r1}, - {NID_sect239k1, OSSL_TLS_GROUP_ID_sect239k1}, - {NID_sect283k1, OSSL_TLS_GROUP_ID_sect283k1}, - {NID_sect283r1, OSSL_TLS_GROUP_ID_sect283r1}, - {NID_sect409k1, OSSL_TLS_GROUP_ID_sect409k1}, - {NID_sect409r1, OSSL_TLS_GROUP_ID_sect409r1}, - {NID_sect571k1, OSSL_TLS_GROUP_ID_sect571k1}, - {NID_sect571r1, OSSL_TLS_GROUP_ID_sect571r1}, - {NID_secp160k1, OSSL_TLS_GROUP_ID_secp160k1}, - {NID_secp160r1, OSSL_TLS_GROUP_ID_secp160r1}, - {NID_secp160r2, OSSL_TLS_GROUP_ID_secp160r2}, - {NID_secp192k1, OSSL_TLS_GROUP_ID_secp192k1}, - {NID_X9_62_prime192v1, OSSL_TLS_GROUP_ID_secp192r1}, - {NID_secp224k1, OSSL_TLS_GROUP_ID_secp224k1}, - {NID_secp224r1, OSSL_TLS_GROUP_ID_secp224r1}, - {NID_secp256k1, OSSL_TLS_GROUP_ID_secp256k1}, - {NID_X9_62_prime256v1, OSSL_TLS_GROUP_ID_secp256r1}, - {NID_secp384r1, OSSL_TLS_GROUP_ID_secp384r1}, - {NID_secp521r1, OSSL_TLS_GROUP_ID_secp521r1}, - {NID_brainpoolP256r1, OSSL_TLS_GROUP_ID_brainpoolP256r1}, - {NID_brainpoolP384r1, OSSL_TLS_GROUP_ID_brainpoolP384r1}, - {NID_brainpoolP512r1, OSSL_TLS_GROUP_ID_brainpoolP512r1}, - {EVP_PKEY_X25519, OSSL_TLS_GROUP_ID_x25519}, - {EVP_PKEY_X448, OSSL_TLS_GROUP_ID_x448}, - {NID_id_tc26_gost_3410_2012_256_paramSetA, 0x0022}, - {NID_id_tc26_gost_3410_2012_256_paramSetB, 0x0023}, - {NID_id_tc26_gost_3410_2012_256_paramSetC, 0x0024}, - {NID_id_tc26_gost_3410_2012_256_paramSetD, 0x0025}, - {NID_id_tc26_gost_3410_2012_512_paramSetA, 0x0026}, - {NID_id_tc26_gost_3410_2012_512_paramSetB, 0x0027}, - {NID_id_tc26_gost_3410_2012_512_paramSetC, 0x0028}, - {NID_ffdhe2048, OSSL_TLS_GROUP_ID_ffdhe2048}, - {NID_ffdhe3072, OSSL_TLS_GROUP_ID_ffdhe3072}, - {NID_ffdhe4096, OSSL_TLS_GROUP_ID_ffdhe4096}, - {NID_ffdhe6144, OSSL_TLS_GROUP_ID_ffdhe6144}, - {NID_ffdhe8192, OSSL_TLS_GROUP_ID_ffdhe8192} + { NID_sect163k1, OSSL_TLS_GROUP_ID_sect163k1 }, + { NID_sect163r1, OSSL_TLS_GROUP_ID_sect163r1 }, + { NID_sect163r2, OSSL_TLS_GROUP_ID_sect163r2 }, + { NID_sect193r1, OSSL_TLS_GROUP_ID_sect193r1 }, + { NID_sect193r2, OSSL_TLS_GROUP_ID_sect193r2 }, + { NID_sect233k1, OSSL_TLS_GROUP_ID_sect233k1 }, + { NID_sect233r1, OSSL_TLS_GROUP_ID_sect233r1 }, + { NID_sect239k1, OSSL_TLS_GROUP_ID_sect239k1 }, + { NID_sect283k1, OSSL_TLS_GROUP_ID_sect283k1 }, + { NID_sect283r1, OSSL_TLS_GROUP_ID_sect283r1 }, + { NID_sect409k1, OSSL_TLS_GROUP_ID_sect409k1 }, + { NID_sect409r1, OSSL_TLS_GROUP_ID_sect409r1 }, + { NID_sect571k1, OSSL_TLS_GROUP_ID_sect571k1 }, + { NID_sect571r1, OSSL_TLS_GROUP_ID_sect571r1 }, + { NID_secp160k1, OSSL_TLS_GROUP_ID_secp160k1 }, + { NID_secp160r1, OSSL_TLS_GROUP_ID_secp160r1 }, + { NID_secp160r2, OSSL_TLS_GROUP_ID_secp160r2 }, + { NID_secp192k1, OSSL_TLS_GROUP_ID_secp192k1 }, + { NID_X9_62_prime192v1, OSSL_TLS_GROUP_ID_secp192r1 }, + { NID_secp224k1, OSSL_TLS_GROUP_ID_secp224k1 }, + { NID_secp224r1, OSSL_TLS_GROUP_ID_secp224r1 }, + { NID_secp256k1, OSSL_TLS_GROUP_ID_secp256k1 }, + { NID_X9_62_prime256v1, OSSL_TLS_GROUP_ID_secp256r1 }, + { NID_secp384r1, OSSL_TLS_GROUP_ID_secp384r1 }, + { NID_secp521r1, OSSL_TLS_GROUP_ID_secp521r1 }, + { NID_brainpoolP256r1, OSSL_TLS_GROUP_ID_brainpoolP256r1 }, + { NID_brainpoolP384r1, OSSL_TLS_GROUP_ID_brainpoolP384r1 }, + { NID_brainpoolP512r1, OSSL_TLS_GROUP_ID_brainpoolP512r1 }, + { EVP_PKEY_X25519, OSSL_TLS_GROUP_ID_x25519 }, + { EVP_PKEY_X448, OSSL_TLS_GROUP_ID_x448 }, + { NID_id_tc26_gost_3410_2012_256_paramSetA, 0x0022 }, + { NID_id_tc26_gost_3410_2012_256_paramSetB, 0x0023 }, + { NID_id_tc26_gost_3410_2012_256_paramSetC, 0x0024 }, + { NID_id_tc26_gost_3410_2012_256_paramSetD, 0x0025 }, + { NID_id_tc26_gost_3410_2012_512_paramSetA, 0x0026 }, + { NID_id_tc26_gost_3410_2012_512_paramSetB, 0x0027 }, + { NID_id_tc26_gost_3410_2012_512_paramSetC, 0x0028 }, + { NID_ffdhe2048, OSSL_TLS_GROUP_ID_ffdhe2048 }, + { NID_ffdhe3072, OSSL_TLS_GROUP_ID_ffdhe3072 }, + { NID_ffdhe4096, OSSL_TLS_GROUP_ID_ffdhe4096 }, + { NID_ffdhe6144, OSSL_TLS_GROUP_ID_ffdhe6144 }, + { NID_ffdhe8192, OSSL_TLS_GROUP_ID_ffdhe8192 } }; static const unsigned char ecformats_default[] = { @@ -194,23 +194,23 @@ /* The default curves */ static const uint16_t supported_groups_default[] = { - 29, /* X25519 (29) */ - 23, /* secp256r1 (23) */ - 30, /* X448 (30) */ - 25, /* secp521r1 (25) */ - 24, /* secp384r1 (24) */ - 34, /* GC256A (34) */ - 35, /* GC256B (35) */ - 36, /* GC256C (36) */ - 37, /* GC256D (37) */ - 38, /* GC512A (38) */ - 39, /* GC512B (39) */ - 40, /* GC512C (40) */ - 0x100, /* ffdhe2048 (0x100) */ - 0x101, /* ffdhe3072 (0x101) */ - 0x102, /* ffdhe4096 (0x102) */ - 0x103, /* ffdhe6144 (0x103) */ - 0x104, /* ffdhe8192 (0x104) */ + 29, /* X25519 (29) */ + 23, /* secp256r1 (23) */ + 30, /* X448 (30) */ + 25, /* secp521r1 (25) */ + 24, /* secp384r1 (24) */ + 34, /* GC256A (34) */ + 35, /* GC256B (35) */ + 36, /* GC256C (36) */ + 37, /* GC256D (37) */ + 38, /* GC512A (38) */ + 39, /* GC512B (39) */ + 40, /* GC512C (40) */ + 0x100, /* ffdhe2048 (0x100) */ + 0x101, /* ffdhe3072 (0x101) */ + 0x102, /* ffdhe4096 (0x102) */ + 0x103, /* ffdhe6144 (0x103) */ + 0x104, /* ffdhe8192 (0x104) */ }; static const uint16_t suiteb_curves[] = { @@ -223,7 +223,7 @@ OSSL_PROVIDER *provider; }; -#define TLS_GROUP_LIST_MALLOC_BLOCK_SIZE 10 +#define TLS_GROUP_LIST_MALLOC_BLOCK_SIZE 10 static OSSL_CALLBACK add_provider_groups; static int add_provider_groups(const OSSL_PARAM params[], void *data) { @@ -242,20 +242,20 @@ if (ctx->group_list_max_len == 0) tmp = OPENSSL_malloc(sizeof(TLS_GROUP_INFO) - * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); + * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); else tmp = OPENSSL_realloc(ctx->group_list, - (ctx->group_list_max_len - + TLS_GROUP_LIST_MALLOC_BLOCK_SIZE) - * sizeof(TLS_GROUP_INFO)); + (ctx->group_list_max_len + + TLS_GROUP_LIST_MALLOC_BLOCK_SIZE) + * sizeof(TLS_GROUP_INFO)); if (tmp == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } ctx->group_list = tmp; memset(tmp + ctx->group_list_max_len, - 0, - sizeof(TLS_GROUP_INFO) * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); + 0, + sizeof(TLS_GROUP_INFO) * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); ctx->group_list_max_len += TLS_GROUP_LIST_MALLOC_BLOCK_SIZE; } @@ -367,7 +367,7 @@ EVP_KEYMGMT_free(keymgmt); } ERR_pop_to_mark(); - err: +err: if (ginf != NULL) { OPENSSL_free(ginf->tlsname); OPENSSL_free(ginf->realname); @@ -384,7 +384,7 @@ pgd.ctx = vctx; pgd.provider = provider; return OSSL_PROVIDER_get_capabilities(provider, "TLS-GROUP", - add_provider_groups, &pgd); + add_provider_groups, &pgd); } int ssl_load_groups(SSL_CTX *ctx) @@ -416,8 +416,8 @@ } memcpy(ctx->ext.supported_groups_default, - tmp_supp_groups, - num_deflt_grps * sizeof(tmp_supp_groups[0])); + tmp_supp_groups, + num_deflt_grps * sizeof(tmp_supp_groups[0])); ctx->ext.supported_groups_default_len = num_deflt_grps; return 1; @@ -429,7 +429,7 @@ for (i = 0; i < ctx->group_list_len; i++) { if (strcmp(ctx->group_list[i].tlsname, name) == 0 - || strcmp(ctx->group_list[i].realname, name) == 0) + || strcmp(ctx->group_list[i].realname, name) == 0) return ctx->group_list[i].group_id; } @@ -459,8 +459,7 @@ * Return well known Group NIDs - for backwards compatibility. This won't * work for groups we don't know about. */ - for (i = 0; i < OSSL_NELEM(nid_to_group); i++) - { + for (i = 0; i < OSSL_NELEM(nid_to_group); i++) { if (nid_to_group[i].group_id == group_id) return nid_to_group[i].nid; } @@ -477,8 +476,7 @@ * Return well known Group ids - for backwards compatibility. This won't * work for groups we don't know about. */ - for (i = 0; i < OSSL_NELEM(nid_to_group); i++) - { + for (i = 0; i < OSSL_NELEM(nid_to_group); i++) { if (nid_to_group[i].nid == nid) return nid_to_group[i].group_id; } @@ -491,7 +489,7 @@ * the number of groups supported. */ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, - size_t *pgroupslen) + size_t *pgroupslen) { /* For Suite B mode only include P-256, P-384 */ switch (tls1_suiteb(s)) { @@ -523,7 +521,7 @@ } int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion, - int isec, int *okfortls13) + int isec, int *okfortls13) { const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group_id); int ret; @@ -554,12 +552,12 @@ ret &= (maxversion >= ginfo->mintls); if (ret && okfortls13 != NULL && maxversion == TLS1_3_VERSION) *okfortls13 = (ginfo->maxtls == 0) - || (ginfo->maxtls >= TLS1_3_VERSION); + || (ginfo->maxtls >= TLS1_3_VERSION); } ret &= !isec - || strcmp(ginfo->algorithm, "EC") == 0 - || strcmp(ginfo->algorithm, "X25519") == 0 - || strcmp(ginfo->algorithm, "X448") == 0; + || strcmp(ginfo->algorithm, "EC") == 0 + || strcmp(ginfo->algorithm, "X25519") == 0 + || strcmp(ginfo->algorithm, "X448") == 0; return ret; } @@ -576,7 +574,7 @@ gtmp[0] = group >> 8; gtmp[1] = group & 0xff; return ssl_security(s, op, ginfo->secbits, - tls1_group_id2nid(ginfo->group_id, 0), (void *)gtmp); + tls1_group_id2nid(ginfo->group_id, 0), (void *)gtmp); } /* Return 1 if "id" is in "list" */ @@ -641,7 +639,7 @@ const TLS_GROUP_INFO *inf; if (!tls1_in_list(id, supp, num_supp) - || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) + || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) continue; inf = tls1_group_id_lookup(ctx, id); if (!ossl_assert(inf != NULL)) @@ -650,20 +648,20 @@ if (inf->maxdtls == -1) continue; if ((inf->mindtls != 0 && DTLS_VERSION_LT(s->version, inf->mindtls)) - || (inf->maxdtls != 0 - && DTLS_VERSION_GT(s->version, inf->maxdtls))) + || (inf->maxdtls != 0 + && DTLS_VERSION_GT(s->version, inf->maxdtls))) continue; } else { if (inf->maxtls == -1) continue; if ((inf->mintls != 0 && s->version < inf->mintls) - || (inf->maxtls != 0 && s->version > inf->maxtls)) + || (inf->maxtls != 0 && s->version > inf->maxtls)) continue; } if (nmatch == k) return id; - k++; + k++; } if (nmatch == -1) return k; @@ -672,7 +670,7 @@ } int tls1_set_groups(uint16_t **pext, size_t *pextlen, - int *groups, size_t ngroups) + int *groups, size_t ngroups) { uint16_t *glist; size_t i; @@ -714,8 +712,8 @@ return 0; } -# define GROUPLIST_INCREMENT 40 -# define GROUP_NAME_BUFFER_LENGTH 64 +#define GROUPLIST_INCREMENT 40 +#define GROUP_NAME_BUFFER_LENGTH 64 typedef struct { SSL_CTX *ctx; size_t gidcnt; @@ -733,9 +731,8 @@ if (elem == NULL) return 0; if (garg->gidcnt == garg->gidmax) { - uint16_t *tmp = - OPENSSL_realloc(garg->gid_arr, - (garg->gidmax + GROUPLIST_INCREMENT) * sizeof(*garg->gid_arr)); + uint16_t *tmp = OPENSSL_realloc(garg->gid_arr, + (garg->gidmax + GROUPLIST_INCREMENT) * sizeof(*garg->gid_arr)); if (tmp == NULL) return 0; garg->gidmax += GROUPLIST_INCREMENT; @@ -749,7 +746,7 @@ gid = tls1_group_name2id(garg->ctx, etmp); if (gid == 0) { ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, - "group '%s' cannot be set", etmp); + "group '%s' cannot be set", etmp); return 0; } for (i = 0; i < garg->gidcnt; i++) @@ -761,7 +758,7 @@ /* Set groups based on a colon separated list */ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, - const char *str) + const char *str) { gid_cb_st gcb; uint16_t *tmparr; @@ -791,14 +788,14 @@ *pext = tmparr; *pextlen = gcb.gidcnt; ret = 1; - end: +end: OPENSSL_free(gcb.gid_arr); return ret; } /* Check a group id matches preferences */ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) - { +{ const uint16_t *groups; size_t groups_len; @@ -845,12 +842,12 @@ * extension, so groups_len == 0 always means no extension. */ if (groups_len == 0) - return 1; + return 1; return tls1_in_list(group_id, groups, groups_len); } void tls1_get_formatlist(SSL *s, const unsigned char **pformats, - size_t *num_formats) + size_t *num_formats) { /* * If we have a custom point format list use it otherwise use default @@ -879,13 +876,12 @@ if (!EVP_PKEY_is_a(pkey, "EC")) return 1; - /* Get required compression id */ point_conv = EVP_PKEY_get_ec_point_conv_form(pkey); if (point_conv == 0) return 0; if (point_conv == POINT_CONVERSION_UNCOMPRESSED) { - comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; + comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; } else if (SSL_IS_TLS13(s)) { /* * ec_point_formats extension is not used in TLSv1.3 so we ignore @@ -964,10 +960,11 @@ else if (group_id == TLSEXT_curve_P_384) check_md = NID_ecdsa_with_SHA384; else - return 0; /* Should never happen */ + return 0; /* Should never happen */ for (i = 0; i < s->shared_sigalgslen; i++) { if (check_md == s->shared_sigalgs[i]->sigandhash) - return 1;; + return 1; + ; } return 0; } @@ -1042,111 +1039,110 @@ #endif }; - static const uint16_t suiteb_sigalgs[] = { TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp384r1_sha384 }; static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { - {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA256, NID_X9_62_prime256v1, 1}, - {"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA384, NID_secp384r1, 1}, - {"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA512, NID_secp521r1, 1}, - {"ed25519", TLSEXT_SIGALG_ed25519, - NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519, - NID_undef, NID_undef, 1}, - {"ed448", TLSEXT_SIGALG_ed448, - NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_ecdsa_sha224, - NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA224, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_ecdsa_sha1, - NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA1, NID_undef, 1}, - {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef, 1}, - {"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef, 1}, - {"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef, 1}, - {"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef, 1}, - {"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef, 1}, - {"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef, 1}, - {"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha256WithRSAEncryption, NID_undef, 1}, - {"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha384WithRSAEncryption, NID_undef, 1}, - {"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha512WithRSAEncryption, NID_undef, 1}, - {"rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224, - NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha224WithRSAEncryption, NID_undef, 1}, - {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1, - NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha1WithRSAEncryption, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_dsa_with_SHA256, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha224, - NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha1, - NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_dsaWithSHA1, NID_undef, 1}, + { "ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA256, NID_X9_62_prime256v1, 1 }, + { "ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA384, NID_secp384r1, 1 }, + { "ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA512, NID_secp521r1, 1 }, + { "ed25519", TLSEXT_SIGALG_ed25519, + NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519, + NID_undef, NID_undef, 1 }, + { "ed448", TLSEXT_SIGALG_ed448, + NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_ecdsa_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA224, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_ecdsa_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA1, NID_undef, 1 }, + { "rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef, 1 }, + { "rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef, 1 }, + { "rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef, 1 }, + { "rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef, 1 }, + { "rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef, 1 }, + { "rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef, 1 }, + { "rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha256WithRSAEncryption, NID_undef, 1 }, + { "rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha384WithRSAEncryption, NID_undef, 1 }, + { "rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha512WithRSAEncryption, NID_undef, 1 }, + { "rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha224WithRSAEncryption, NID_undef, 1 }, + { "rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha1WithRSAEncryption, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_dsa_with_SHA256, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_dsaWithSHA1, NID_undef, 1 }, #ifndef OPENSSL_NO_GOST - {NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic, - NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, - NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_gostr34102012_512_intrinsic, - NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, - NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, - NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, - NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, - NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, - NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, - NID_id_GostR3411_94, SSL_MD_GOST94_IDX, - NID_id_GostR3410_2001, SSL_PKEY_GOST01, - NID_undef, NID_undef, 1} + { NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic, + NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, + NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_gostr34102012_512_intrinsic, + NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, + NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, + NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, + NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, + NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, + NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, + NID_id_GostR3411_94, SSL_MD_GOST94_IDX, + NID_id_GostR3410_2001, SSL_PKEY_GOST01, + NID_undef, NID_undef, 1 } #endif }; /* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */ static const SIGALG_LOOKUP legacy_rsa_sigalg = { "rsa_pkcs1_md5_sha1", 0, - NID_md5_sha1, SSL_MD_MD5_SHA1_IDX, - EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_undef, NID_undef, 1 + NID_md5_sha1, SSL_MD_MD5_SHA1_IDX, + EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_undef, NID_undef, 1 }; /* @@ -1179,7 +1175,7 @@ ERR_set_mark(); for (i = 0, lu = sigalg_lookup_tbl; - i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { EVP_PKEY_CTX *pctx; cache[i] = *lu; @@ -1193,7 +1189,7 @@ * independently - but not as a combination. We ignore this for now. */ if (lu->hash != NID_undef - && ctx->ssl_digest_methods[lu->hash_idx] == NULL) { + && ctx->ssl_digest_methods[lu->hash_idx] == NULL) { cache[i].enabled = 0; continue; } @@ -1213,7 +1209,7 @@ cache = NULL; ret = 1; - err: +err: OPENSSL_free(cache); EVP_PKEY_free(tmpkey); return ret; @@ -1226,9 +1222,9 @@ const SIGALG_LOOKUP *lu; for (i = 0, lu = s->ctx->sigalg_lookup_cache; - /* cache should have the same number of elements as sigalg_lookup_tbl */ - i < OSSL_NELEM(sigalg_lookup_tbl); - lu++, i++) { + /* cache should have the same number of elements as sigalg_lookup_tbl */ + i < OSSL_NELEM(sigalg_lookup_tbl); + lu++, i++) { if (lu->sigalg == sigalg) { if (!lu->enabled) return NULL; @@ -1265,7 +1261,7 @@ */ #define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_get_size(md) + 2) static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey, - const SIGALG_LOOKUP *lu) + const SIGALG_LOOKUP *lu) { const EVP_MD *md; @@ -1310,7 +1306,7 @@ int real_idx; for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01; - real_idx--) { + real_idx--) { if (s->cert->pkeys[real_idx].privatekey != NULL) { idx = real_idx; break; @@ -1325,11 +1321,11 @@ int real_idx; for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST12_256; - real_idx--) { - if (s->cert->pkeys[real_idx].privatekey != NULL) { - idx = real_idx; - break; - } + real_idx--) { + if (s->cert->pkeys[real_idx].privatekey != NULL) { + idx = real_idx; + break; + } } } } else { @@ -1410,8 +1406,8 @@ */ int tls_check_sigalg_curve(const SSL *s, int curve) { - const uint16_t *sigs; - size_t siglen, i; + const uint16_t *sigs; + size_t siglen, i; if (s->cert->conf_sigalgs) { sigs = s->cert->conf_sigalgs; @@ -1427,8 +1423,8 @@ if (lu == NULL) continue; if (lu->sig == EVP_PKEY_EC - && lu->curve != NID_undef - && curve == lu->curve) + && lu->curve != NID_undef + && curve == lu->curve) return 1; } @@ -1446,8 +1442,7 @@ if (!tls1_lookup_md(ctx, lu, &md)) return 0; - if (md != NULL) - { + if (md != NULL) { int md_type = EVP_MD_get_type(md); /* Security bits: half digest bits */ @@ -1515,13 +1510,13 @@ if (lu == NULL || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) || (pkeyid != lu->sig - && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { + && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } /* Check the sigalg is consistent with the key OID */ if (!ssl_cert_lookup_by_nid(EVP_PKEY_get_id(pkey), &cidx) - || lu->sig_idx != (int)cidx) { + || lu->sig_idx != (int)cidx) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } @@ -1531,7 +1526,7 @@ /* Check point compression is permitted */ if (!tls1_check_pkey_comp(s, pkey)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_ILLEGAL_POINT_COMPRESSION); + SSL_R_ILLEGAL_POINT_COMPRESSION); return 0; } @@ -1555,7 +1550,7 @@ if (sig != TLSEXT_SIGALG_ecdsa_secp256r1_sha256 && sig != TLSEXT_SIGALG_ecdsa_secp384r1_sha384) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_WRONG_SIGNATURE_TYPE); + SSL_R_WRONG_SIGNATURE_TYPE); return 0; } } @@ -1572,8 +1567,7 @@ break; } /* Allow fallback to SHA1 if not strict mode */ - if (i == sent_sigslen && (lu->hash != NID_sha1 - || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { + if (i == sent_sigslen && (lu->hash != NID_sha1 || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } @@ -1588,10 +1582,7 @@ sigalgstr[0] = (sig >> 8) & 0xff; sigalgstr[1] = sig & 0xff; secbits = sigalg_security_bits(s->ctx, lu); - if (secbits == 0 || - !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, - md != NULL ? EVP_MD_get_type(md) : NID_undef, - (void *)sigalgstr)) { + if (secbits == 0 || !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, md != NULL ? EVP_MD_get_type(md) : NID_undef, (void *)sigalgstr)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } @@ -1632,7 +1623,8 @@ s->s3.tmp.mask_k = 0; ssl_set_sig_mask(&s->s3.tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); if (ssl_get_min_max_version(s, &s->s3.tmp.min_ver, - &s->s3.tmp.max_ver, NULL) != 0) + &s->s3.tmp.max_ver, NULL) + != 0) return 0; #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ @@ -1640,7 +1632,7 @@ s->s3.tmp.mask_a |= SSL_aPSK; s->s3.tmp.mask_k |= SSL_PSK; } -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) { s->s3.tmp.mask_a |= SSL_aSRP; @@ -1674,14 +1666,13 @@ * in SSLv3 if we are a client */ if (min_tls == TLS1_VERSION && ecdhe - && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) + && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) min_tls = SSL3_VERSION; if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver)) return 1; } - if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) - || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) + if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) return 1; return !ssl_security(s, op, c->strength_bits, 0, (void *)c); @@ -1710,7 +1701,7 @@ * the default algorithm for each certificate type */ if (s->s3.tmp.peer_cert_sigalgs == NULL - && s->s3.tmp.peer_sigalgs == NULL) { + && s->s3.tmp.peer_sigalgs == NULL) { const uint16_t *sent_sigs; size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); @@ -1723,8 +1714,8 @@ /* Check default matches a type we sent */ for (j = 0; j < sent_sigslen; j++) { if (lu->sigalg == sent_sigs[j]) { - s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN; - break; + s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN; + break; } } } @@ -1740,7 +1731,7 @@ /* Fatal error if no shared signature algorithms */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS); + SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS); return 0; } @@ -1752,7 +1743,7 @@ * point to the resulting session. */ SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, - SSL_SESSION **ret) + SSL_SESSION **ret) { size_t size; RAW_EXTENSION *ticketext; @@ -1775,7 +1766,7 @@ size = PACKET_remaining(&ticketext->data); return tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size, - hello->session_id, hello->session_id_len, ret); + hello->session_id, hello->session_id_len, ret); } /*- @@ -1802,8 +1793,8 @@ * point to the resulting session. */ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, - size_t eticklen, const unsigned char *sess_id, - size_t sesslen, SSL_SESSION **psess) + size_t eticklen, const unsigned char *sess_id, + size_t sesslen, SSL_SESSION **psess) { SSL_SESSION *sess = NULL; unsigned char *sdec; @@ -1863,16 +1854,16 @@ if (tctx->ext.ticket_key_evp_cb != NULL) rv = tctx->ext.ticket_key_evp_cb(s, nctick, - nctick + TLSEXT_KEYNAME_LENGTH, - ctx, - ssl_hmac_get0_EVP_MAC_CTX(hctx), - 0); + nctick + TLSEXT_KEYNAME_LENGTH, + ctx, + ssl_hmac_get0_EVP_MAC_CTX(hctx), + 0); #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ rv = tctx->ext.ticket_key_cb(s, nctick, - nctick + TLSEXT_KEYNAME_LENGTH, - ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0); + nctick + TLSEXT_KEYNAME_LENGTH, + ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0); #endif if (rv < 0) { ret = SSL_TICKET_FATAL_ERR_OTHER; @@ -1889,20 +1880,23 @@ /* Check key name matches */ if (memcmp(etick, tctx->ext.tick_key_name, - TLSEXT_KEYNAME_LENGTH) != 0) { + TLSEXT_KEYNAME_LENGTH) + != 0) { ret = SSL_TICKET_NO_DECRYPT; goto end; } aes256cbc = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", - s->ctx->propq); + s->ctx->propq); if (aes256cbc == NULL || ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, - sizeof(tctx->ext.secure->tick_hmac_key), - "SHA256") <= 0 + sizeof(tctx->ext.secure->tick_hmac_key), + "SHA256") + <= 0 || EVP_DecryptInit_ex(ctx, aes256cbc, NULL, - tctx->ext.secure->tick_aes_key, - etick + TLSEXT_KEYNAME_LENGTH) <= 0) { + tctx->ext.secure->tick_aes_key, + etick + TLSEXT_KEYNAME_LENGTH) + <= 0) { EVP_CIPHER_free(aes256cbc); ret = SSL_TICKET_FATAL_ERR_OTHER; goto end; @@ -1949,8 +1943,7 @@ p = etick + TLSEXT_KEYNAME_LENGTH + ivlen; eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen; sdec = OPENSSL_malloc(eticklen); - if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, - (int)eticklen) <= 0) { + if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { OPENSSL_free(sdec); ret = SSL_TICKET_FATAL_ERR_OTHER; goto end; @@ -1996,7 +1989,7 @@ */ ret = SSL_TICKET_NO_DECRYPT; - end: +end: EVP_CIPHER_CTX_free(ctx); ssl_hmac_free(hctx); @@ -2006,18 +1999,18 @@ * performs any action */ if (s->session_ctx->decrypt_ticket_cb != NULL - && (ret == SSL_TICKET_EMPTY - || ret == SSL_TICKET_NO_DECRYPT - || ret == SSL_TICKET_SUCCESS - || ret == SSL_TICKET_SUCCESS_RENEW)) { + && (ret == SSL_TICKET_EMPTY + || ret == SSL_TICKET_NO_DECRYPT + || ret == SSL_TICKET_SUCCESS + || ret == SSL_TICKET_SUCCESS_RENEW)) { size_t keyname_len = eticklen; int retcb; if (keyname_len > TLSEXT_KEYNAME_LENGTH) keyname_len = TLSEXT_KEYNAME_LENGTH; retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len, - ret, - s->session_ctx->ticket_cb_data); + ret, + s->session_ctx->ticket_cb_data); switch (retcb) { case SSL_TICKET_RETURN_ABORT: ret = SSL_TICKET_FATAL_ERR_OTHER; @@ -2040,7 +2033,7 @@ case SSL_TICKET_RETURN_USE: case SSL_TICKET_RETURN_USE_RENEW: if (ret != SSL_TICKET_SUCCESS - && ret != SSL_TICKET_SUCCESS_RENEW) + && ret != SSL_TICKET_SUCCESS_RENEW) ret = SSL_TICKET_FATAL_ERR_OTHER; else if (retcb == SSL_TICKET_RETURN_USE) ret = SSL_TICKET_SUCCESS; @@ -2093,14 +2086,14 @@ return 0; if (lu->sig == NID_id_GostR3410_2012_256 - || lu->sig == NID_id_GostR3410_2012_512 - || lu->sig == NID_id_GostR3410_2001) { + || lu->sig == NID_id_GostR3410_2012_512 + || lu->sig == NID_id_GostR3410_2001) { /* We never allow GOST sig algs on the server with TLSv1.3 */ if (s->server && SSL_IS_TLS13(s)) return 0; if (!s->server - && s->method->version == TLS_ANY_VERSION - && s->s3.tmp.max_ver >= TLS1_3_VERSION) { + && s->method->version == TLS_ANY_VERSION + && s->s3.tmp.max_ver >= TLS1_3_VERSION) { int i, num; STACK_OF(SSL_CIPHER) *sk; @@ -2163,18 +2156,18 @@ clu = ssl_cert_lookup_by_idx(lu->sig_idx); if (clu == NULL) - continue; + continue; /* If algorithm is disabled see if we can enable it */ if ((clu->amask & disabled_mask) != 0 - && tls12_sigalg_allowed(s, op, lu)) + && tls12_sigalg_allowed(s, op, lu)) disabled_mask &= ~clu->amask; } *pmask_a |= disabled_mask; } int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, - const uint16_t *psig, size_t psiglen) + const uint16_t *psig, size_t psiglen) { size_t i; int rv = 0; @@ -2183,7 +2176,7 @@ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *psig); if (lu == NULL - || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) + || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) continue; if (!WPACKET_put_bytes_u16(pkt, *psig)) return 0; @@ -2191,10 +2184,7 @@ * If TLS 1.3 must have at least one valid TLS 1.3 message * signing algorithm: i.e. neither RSA nor SHA1/SHA224 */ - if (rv == 0 && (!SSL_IS_TLS13(s) - || (lu->sig != EVP_PKEY_RSA - && lu->hash != NID_sha1 - && lu->hash != NID_sha224))) + if (rv == 0 && (!SSL_IS_TLS13(s) || (lu->sig != EVP_PKEY_RSA && lu->hash != NID_sha1 && lu->hash != NID_sha224))) rv = 1; } if (rv == 0) @@ -2204,8 +2194,8 @@ /* Given preference and allowed sigalgs set shared sigalgs */ static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, - const uint16_t *pref, size_t preflen, - const uint16_t *allow, size_t allowlen) + const uint16_t *pref, size_t preflen, + const uint16_t *allow, size_t allowlen) { const uint16_t *ptmp, *atmp; size_t i, j, nmatch = 0; @@ -2214,7 +2204,7 @@ /* Skip disabled hashes or signature algorithms */ if (lu == NULL - || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu)) + || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu)) continue; for (j = 0, atmp = allow; j < allowlen; j++, atmp++) { if (*ptmp == *atmp) { @@ -2290,7 +2280,7 @@ size >>= 1; - if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL) { + if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } @@ -2320,11 +2310,10 @@ if (cert) return tls1_save_u16(pkt, &s->s3.tmp.peer_cert_sigalgs, - &s->s3.tmp.peer_cert_sigalgslen); + &s->s3.tmp.peer_cert_sigalgslen); else return tls1_save_u16(pkt, &s->s3.tmp.peer_sigalgs, - &s->s3.tmp.peer_sigalgslen); - + &s->s3.tmp.peer_sigalgslen); } /* Set preferred digest for each key type */ @@ -2355,8 +2344,8 @@ } int SSL_get_sigalgs(SSL *s, int idx, - int *psign, int *phash, int *psignhash, - unsigned char *rsig, unsigned char *rhash) + int *psign, int *phash, int *psignhash, + unsigned char *rsig, unsigned char *rhash) { uint16_t *psig = s->s3.tmp.peer_sigalgs; size_t numsigalgs = s->s3.tmp.peer_sigalgslen; @@ -2384,8 +2373,8 @@ } int SSL_get_shared_sigalgs(SSL *s, int idx, - int *psign, int *phash, int *psignhash, - unsigned char *rsig, unsigned char *rhash) + int *psign, int *phash, int *psignhash, + unsigned char *rsig, unsigned char *rhash) { const SIGALG_LOOKUP *shsigalgs; if (s->shared_sigalgs == NULL @@ -2433,7 +2422,7 @@ } } /* Maximum length of a signature algorithm string component */ -#define TLS_MAX_SIGSTRING_LEN 40 +#define TLS_MAX_SIGSTRING_LEN 40 static int sig_cb(const char *elem, int len, void *arg) { @@ -2462,7 +2451,7 @@ */ if (p == NULL) { for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); - i++, s++) { + i++, s++) { if (s->name != NULL && strcmp(etmp, s->name) == 0) { sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; break; @@ -2480,7 +2469,7 @@ if (sig_alg == NID_undef || hash_alg == NID_undef) return 0; for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); - i++, s++) { + i++, s++) { if (s->hash == hash_alg && s->sig == sig_alg) { sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; break; @@ -2516,7 +2505,7 @@ } int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, - int client) + int client) { uint16_t *sigalgs; @@ -2557,7 +2546,7 @@ int sig_id = *psig_nids++; for (j = 0, curr = sigalg_lookup_tbl; j < OSSL_NELEM(sigalg_lookup_tbl); - j++, curr++) { + j++, curr++) { if (curr->hash == md_id && curr->sig == sig_id) { *sptr++ = curr->sigalg; break; @@ -2580,7 +2569,7 @@ return 1; - err: +err: OPENSSL_free(sigalgs); return 0; } @@ -2610,8 +2599,8 @@ } for (i = 0; i < sigalgslen; i++) { sigalg = use_pc_sigalgs - ? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) - : s->shared_sigalgs[i]; + ? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) + : s->shared_sigalgs[i]; if (sigalg != NULL && sig_nid == sigalg->sigandhash) return 1; } @@ -2641,14 +2630,14 @@ /* Flags which need to be set for a certificate when strict mode not set */ #define CERT_PKEY_VALID_FLAGS \ - (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM) + (CERT_PKEY_EE_SIGNATURE | CERT_PKEY_EE_PARAM) /* Strict mode flags */ -#define CERT_PKEY_STRICT_FLAGS \ - (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \ - | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE) +#define CERT_PKEY_STRICT_FLAGS \ + (CERT_PKEY_VALID_FLAGS | CERT_PKEY_CA_SIGNATURE | CERT_PKEY_CA_PARAM \ + | CERT_PKEY_ISSUER_NAME | CERT_PKEY_CERT_TYPE) int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, - int idx) + int idx) { int i; int rv = 0; @@ -2710,9 +2699,9 @@ int default_nid; int rsign = 0; if (s->s3.tmp.peer_cert_sigalgs != NULL - || s->s3.tmp.peer_sigalgs != NULL) { + || s->s3.tmp.peer_sigalgs != NULL) { default_nid = 0; - /* If no sigalgs extension use defaults from RFC5246 */ + /* If no sigalgs extension use defaults from RFC5246 */ } else { switch (idx) { case SSL_PKEY_RSA: @@ -2797,7 +2786,7 @@ /* Else not TLS 1.2, so mark EE and CA signing algorithms OK */ else if (check_flags) rv |= CERT_PKEY_EE_SIGNATURE | CERT_PKEY_CA_SIGNATURE; - skip_sigs: +skip_sigs: /* Check cert parameters are consistent */ if (tls1_check_cert_param(s, x, 1)) rv |= CERT_PKEY_EE_PARAM; @@ -2870,7 +2859,7 @@ if (!check_flags || (rv & check_flags) == check_flags) rv |= CERT_PKEY_VALID; - end: +end: if (TLS1_get_version(s) >= TLS1_2_VERSION) rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN); @@ -2955,18 +2944,18 @@ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq); if (pctx == NULL - || EVP_PKEY_fromdata_init(pctx) != 1) + || EVP_PKEY_fromdata_init(pctx) != 1) goto err; tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2)) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2)) goto err; params = OSSL_PARAM_BLD_to_param(tmpl); if (params == NULL - || EVP_PKEY_fromdata(pctx, &dhp, EVP_PKEY_KEY_PARAMETERS, params) != 1) + || EVP_PKEY_fromdata(pctx, &dhp, EVP_PKEY_KEY_PARAMETERS, params) != 1) goto err; err: @@ -3072,9 +3061,9 @@ /* If not recognised or not supported by cipher mask it is not suitable */ if (clu == NULL - || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0 - || (clu->nid == EVP_PKEY_RSA_PSS - && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) + || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0 + || (clu->nid == EVP_PKEY_RSA_PSS + && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) return -1; return s->s3.tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; @@ -3087,7 +3076,7 @@ * Returns true if the cert is usable and false otherwise. */ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, - EVP_PKEY *pkey) + EVP_PKEY *pkey) { const SIGALG_LOOKUP *lu; int mdnid, pknid, supported; @@ -3101,8 +3090,8 @@ if (sig->hash != NID_undef) mdname = OBJ_nid2sn(sig->hash); supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx, - mdname, - s->ctx->propq); + mdname, + s->ctx->propq); if (supported <= 0) return 0; @@ -3153,7 +3142,7 @@ return 0; return check_cert_usable(s, sig, s->cert->pkeys[idx].x509, - s->cert->pkeys[idx].privatekey); + s->cert->pkeys[idx].privatekey); } /* @@ -3161,7 +3150,7 @@ * specified signature scheme |sig|, or false otherwise. */ static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, - EVP_PKEY *pkey) + EVP_PKEY *pkey) { size_t idx; @@ -3201,7 +3190,7 @@ if (!tls1_lookup_md(s->ctx, lu, NULL)) continue; if ((pkey == NULL && !has_usable_cert(s, lu, -1)) - || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) + || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) continue; tmppkey = (pkey != NULL) ? pkey @@ -3251,7 +3240,7 @@ if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } } else { @@ -3259,7 +3248,7 @@ if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT)) return 1; if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys)) - return 1; + return 1; if (SSL_USE_SIGALGS(s)) { size_t i; @@ -3269,7 +3258,7 @@ /* For Suite B need to match signature algorithm to curve */ if (tls1_suiteb(s)) curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC] - .privatekey); + .privatekey); /* * Find highest preference signature algorithm matching @@ -3308,23 +3297,23 @@ * we have to assume GOST support. */ if (i == s->shared_sigalgslen && s->s3.tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) { - if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { - if (!fatalerrs) - return 1; - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); - return 0; - } else { - i = 0; - sig_idx = lu->sig_idx; - } + if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + return 0; + } else { + i = 0; + sig_idx = lu->sig_idx; + } } #endif if (i == s->shared_sigalgslen) { if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } } else { @@ -3338,7 +3327,7 @@ if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } @@ -3346,14 +3335,14 @@ sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); for (i = 0; i < sent_sigslen; i++, sent_sigs++) { if (lu->sigalg == *sent_sigs - && has_usable_cert(s, lu, lu->sig_idx)) + && has_usable_cert(s, lu, lu->sig_idx)) break; } if (i == sent_sigslen) { if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_WRONG_SIGNATURE_TYPE); + SSL_R_WRONG_SIGNATURE_TYPE); return 0; } } @@ -3362,7 +3351,7 @@ if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } } @@ -3378,7 +3367,7 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode) { if (mode != TLSEXT_max_fragment_length_DISABLED - && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { + && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -3390,7 +3379,7 @@ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode) { if (mode != TLSEXT_max_fragment_length_DISABLED - && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { + && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -3418,7 +3407,7 @@ return NULL; #ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->ext.ticket_key_evp_cb == NULL - && ctx->ext.ticket_key_cb != NULL) { + && ctx->ext.ticket_key_cb != NULL) { if (!ssl_hmac_old_new(ret)) goto err; return ret; @@ -3429,7 +3418,7 @@ goto err; EVP_MAC_free(mac); return ret; - err: +err: EVP_MAC_CTX_free(ret->ctx); EVP_MAC_free(mac); OPENSSL_free(ret); @@ -3481,7 +3470,7 @@ } int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len, - size_t max_size) + size_t max_size) { if (ctx->ctx != NULL) return EVP_MAC_final(ctx->ctx, md, len, max_size); @@ -3514,8 +3503,8 @@ } __owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey, - const unsigned char *enckey, - size_t enckeylen) + const unsigned char *enckey, + size_t enckeylen) { if (EVP_PKEY_is_a(pkey, "DH")) { int bits = EVP_PKEY_get_bits(pkey); --- crypto/openssl/ssl/t1_trce.c.orig +++ crypto/openssl/ssl/t1_trce.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,15 +18,15 @@ const char *name; } ssl_trace_tbl; -# define ssl_trace_str(val, tbl) \ +#define ssl_trace_str(val, tbl) \ do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) -# define ssl_trace_list(bio, indent, msg, msglen, value, table) \ - do_ssl_trace_list(bio, indent, msg, msglen, value, \ - table, OSSL_NELEM(table)) +#define ssl_trace_list(bio, indent, msg, msglen, value, table) \ + do_ssl_trace_list(bio, indent, msg, msglen, value, \ + table, OSSL_NELEM(table)) static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl, - size_t ntbl) + size_t ntbl) { size_t i; @@ -38,8 +38,8 @@ } static int do_ssl_trace_list(BIO *bio, int indent, - const unsigned char *msg, size_t msglen, - size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl) + const unsigned char *msg, size_t msglen, + size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl) { int val; @@ -60,559 +60,559 @@ /* Version number */ static const ssl_trace_tbl ssl_version_tbl[] = { - {SSL3_VERSION, "SSL 3.0"}, - {TLS1_VERSION, "TLS 1.0"}, - {TLS1_1_VERSION, "TLS 1.1"}, - {TLS1_2_VERSION, "TLS 1.2"}, - {TLS1_3_VERSION, "TLS 1.3"}, - {DTLS1_VERSION, "DTLS 1.0"}, - {DTLS1_2_VERSION, "DTLS 1.2"}, - {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} + { SSL3_VERSION, "SSL 3.0" }, + { TLS1_VERSION, "TLS 1.0" }, + { TLS1_1_VERSION, "TLS 1.1" }, + { TLS1_2_VERSION, "TLS 1.2" }, + { TLS1_3_VERSION, "TLS 1.3" }, + { DTLS1_VERSION, "DTLS 1.0" }, + { DTLS1_2_VERSION, "DTLS 1.2" }, + { DTLS1_BAD_VER, "DTLS 1.0 (bad)" } }; static const ssl_trace_tbl ssl_content_tbl[] = { - {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"}, - {SSL3_RT_ALERT, "Alert"}, - {SSL3_RT_HANDSHAKE, "Handshake"}, - {SSL3_RT_APPLICATION_DATA, "ApplicationData"}, + { SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec" }, + { SSL3_RT_ALERT, "Alert" }, + { SSL3_RT_HANDSHAKE, "Handshake" }, + { SSL3_RT_APPLICATION_DATA, "ApplicationData" }, }; /* Handshake types, sorted by ascending id */ static const ssl_trace_tbl ssl_handshake_tbl[] = { - {SSL3_MT_HELLO_REQUEST, "HelloRequest"}, - {SSL3_MT_CLIENT_HELLO, "ClientHello"}, - {SSL3_MT_SERVER_HELLO, "ServerHello"}, - {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, - {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, - {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"}, - {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, - {SSL3_MT_CERTIFICATE, "Certificate"}, - {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"}, - {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"}, - {SSL3_MT_SERVER_DONE, "ServerHelloDone"}, - {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"}, - {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, - {SSL3_MT_FINISHED, "Finished"}, - {SSL3_MT_CERTIFICATE_URL, "CertificateUrl"}, - {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, - {SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"}, - {SSL3_MT_KEY_UPDATE, "KeyUpdate"}, -# ifndef OPENSSL_NO_NEXTPROTONEG - {SSL3_MT_NEXT_PROTO, "NextProto"}, -# endif - {SSL3_MT_MESSAGE_HASH, "MessageHash"} + { SSL3_MT_HELLO_REQUEST, "HelloRequest" }, + { SSL3_MT_CLIENT_HELLO, "ClientHello" }, + { SSL3_MT_SERVER_HELLO, "ServerHello" }, + { DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest" }, + { SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket" }, + { SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData" }, + { SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions" }, + { SSL3_MT_CERTIFICATE, "Certificate" }, + { SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange" }, + { SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest" }, + { SSL3_MT_SERVER_DONE, "ServerHelloDone" }, + { SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify" }, + { SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange" }, + { SSL3_MT_FINISHED, "Finished" }, + { SSL3_MT_CERTIFICATE_URL, "CertificateUrl" }, + { SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus" }, + { SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData" }, + { SSL3_MT_KEY_UPDATE, "KeyUpdate" }, +#ifndef OPENSSL_NO_NEXTPROTONEG + { SSL3_MT_NEXT_PROTO, "NextProto" }, +#endif + { SSL3_MT_MESSAGE_HASH, "MessageHash" } }; /* Cipher suites */ static const ssl_trace_tbl ssl_ciphers_tbl[] = { - {0x0000, "TLS_NULL_WITH_NULL_NULL"}, - {0x0001, "TLS_RSA_WITH_NULL_MD5"}, - {0x0002, "TLS_RSA_WITH_NULL_SHA"}, - {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, - {0x0004, "TLS_RSA_WITH_RC4_128_MD5"}, - {0x0005, "TLS_RSA_WITH_RC4_128_SHA"}, - {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"}, - {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"}, - {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, - {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, - {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, - {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, - {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, - {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"}, - {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, - {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"}, - {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, - {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, - {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, - {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, - {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"}, - {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"}, - {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"}, - {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"}, - {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"}, - {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"}, - {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"}, - {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"}, - {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"}, - {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"}, - {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"}, - {0x002C, "TLS_PSK_WITH_NULL_SHA"}, - {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"}, - {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"}, - {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"}, - {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, - {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, - {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, - {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, - {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"}, - {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"}, - {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, - {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, - {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, - {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, - {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"}, - {0x003B, "TLS_RSA_WITH_NULL_SHA256"}, - {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"}, - {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"}, - {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, - {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, - {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, - {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, - {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, - {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, - {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, - {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, - {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, - {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, - {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"}, - {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"}, - {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"}, - {0x008A, "TLS_PSK_WITH_RC4_128_SHA"}, - {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"}, - {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"}, - {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"}, - {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"}, - {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"}, - {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"}, - {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"}, - {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"}, - {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"}, - {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"}, - {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"}, - {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"}, - {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"}, - {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"}, - {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"}, - {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"}, - {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"}, - {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"}, - {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"}, - {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"}, - {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}, - {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"}, - {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"}, - {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"}, - {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"}, - {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"}, - {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B0, "TLS_PSK_WITH_NULL_SHA256"}, - {0x00B1, "TLS_PSK_WITH_NULL_SHA384"}, - {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"}, - {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"}, - {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"}, - {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"}, - {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"}, - {0x5600, "TLS_FALLBACK_SCSV"}, - {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"}, - {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"}, - {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"}, - {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"}, - {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"}, - {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}, - {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"}, - {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"}, - {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"}, - {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"}, - {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"}, - {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"}, - {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"}, - {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"}, - {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}, - {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}, - {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"}, - {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"}, - {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"}, - {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"}, - {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"}, - {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"}, - {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"}, - {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"}, - {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"}, - {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"}, - {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"}, - {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"}, - {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}, - {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"}, - {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"}, - {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"}, - {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, - {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}, - {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"}, - {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"}, - {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, - {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, - {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"}, - {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"}, - {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, - {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, - {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"}, - {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}, - {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"}, - {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"}, - {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"}, - {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"}, - {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"}, - {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"}, - {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"}, - {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"}, - {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"}, - {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"}, - {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"}, - {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"}, - {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"}, - {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"}, - {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"}, - {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"}, - {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"}, - {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"}, - {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"}, - {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"}, - {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC09C, "TLS_RSA_WITH_AES_128_CCM"}, - {0xC09D, "TLS_RSA_WITH_AES_256_CCM"}, - {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"}, - {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"}, - {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"}, - {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"}, - {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"}, - {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"}, - {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"}, - {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"}, - {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"}, - {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"}, - {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"}, - {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"}, - {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"}, - {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"}, - {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"}, - {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, - {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, - {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, - {0xC102, "IANA-GOST2012-GOST8912-GOST8912"}, - {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0x1301, "TLS_AES_128_GCM_SHA256"}, - {0x1302, "TLS_AES_256_GCM_SHA384"}, - {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, - {0x1304, "TLS_AES_128_CCM_SHA256"}, - {0x1305, "TLS_AES_128_CCM_8_SHA256"}, - {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, - {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, - {0xFF85, "LEGACY-GOST2012-GOST8912-GOST8912"}, - {0xFF87, "GOST2012-NULL-GOST12"}, - {0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC"}, - {0xC101, "GOST2012-MAGMA-MAGMAOMAC"}, - {0xC102, "GOST2012-GOST8912-IANA"}, + { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, + { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, + { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, + { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, + { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, + { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, + { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, + { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, + { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, + { 0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, + { 0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, + { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, + { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, + { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, + { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, + { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA" }, + { 0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, + { 0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, + { 0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, + { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, + { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" }, + { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, + { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" }, + { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, + { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" }, + { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, + { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, + { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, + { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, + { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, + { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, + { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, + { 0x002C, "TLS_PSK_WITH_NULL_SHA" }, + { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, + { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, + { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, + { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, + { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, + { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, + { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, + { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, + { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, + { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, + { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, + { 0x003B, "TLS_RSA_WITH_NULL_SHA256" }, + { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, + { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, + { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, + { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, + { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, + { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, + { 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT" }, + { 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411" }, + { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" }, + { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, + { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, + { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, + { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, + { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, + { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, + { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, + { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, + { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" }, + { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, + { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, + { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, + { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, + { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, + { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, + { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, + { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, + { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, + { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, + { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, + { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" }, + { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" }, + { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, + { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, + { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, + { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, + { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, + { 0x5600, "TLS_FALLBACK_SCSV" }, + { 0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, + { 0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, + { 0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, + { 0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, + { 0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, + { 0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, + { 0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, + { 0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, + { 0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA" }, + { 0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, + { 0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, + { 0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, + { 0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC015, "TLS_ECDH_anon_WITH_NULL_SHA" }, + { 0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, + { 0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, + { 0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, + { 0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, + { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, + { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, + { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, + { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, + { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, + { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, + { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, + { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, + { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, + { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, + { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, + { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, + { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, + { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, + { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, + { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, + { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, + { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, + { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, + { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, + { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, + { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, + { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, + { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, + { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, + { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, + { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, + { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, + { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" }, + { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" }, + { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" }, + { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" }, + { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" }, + { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" }, + { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" }, + { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" }, + { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" }, + { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" }, + { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" }, + { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" }, + { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" }, + { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" }, + { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" }, + { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" }, + { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" }, + { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" }, + { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" }, + { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" }, + { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" }, + { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" }, + { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" }, + { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" }, + { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" }, + { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" }, + { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" }, + { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" }, + { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" }, + { 0xC102, "IANA-GOST2012-GOST8912-GOST8912" }, + { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0x1301, "TLS_AES_128_GCM_SHA256" }, + { 0x1302, "TLS_AES_256_GCM_SHA384" }, + { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" }, + { 0x1304, "TLS_AES_128_CCM_SHA256" }, + { 0x1305, "TLS_AES_128_CCM_8_SHA256" }, + { 0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA" }, + { 0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, + { 0xFF85, "LEGACY-GOST2012-GOST8912-GOST8912" }, + { 0xFF87, "GOST2012-NULL-GOST12" }, + { 0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC" }, + { 0xC101, "GOST2012-MAGMA-MAGMAOMAC" }, + { 0xC102, "GOST2012-GOST8912-IANA" }, }; /* Compression methods */ static const ssl_trace_tbl ssl_comp_tbl[] = { - {0x0000, "No Compression"}, - {0x0001, "Zlib Compression"} + { 0x0000, "No Compression" }, + { 0x0001, "Zlib Compression" } }; /* Extensions sorted by ascending id */ static const ssl_trace_tbl ssl_exts_tbl[] = { - {TLSEXT_TYPE_server_name, "server_name"}, - {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"}, - {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"}, - {TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys"}, - {TLSEXT_TYPE_truncated_hmac, "truncated_hmac"}, - {TLSEXT_TYPE_status_request, "status_request"}, - {TLSEXT_TYPE_user_mapping, "user_mapping"}, - {TLSEXT_TYPE_client_authz, "client_authz"}, - {TLSEXT_TYPE_server_authz, "server_authz"}, - {TLSEXT_TYPE_cert_type, "cert_type"}, - {TLSEXT_TYPE_supported_groups, "supported_groups"}, - {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, - {TLSEXT_TYPE_srp, "srp"}, - {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, - {TLSEXT_TYPE_use_srtp, "use_srtp"}, - {TLSEXT_TYPE_application_layer_protocol_negotiation, - "application_layer_protocol_negotiation"}, - {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, - {TLSEXT_TYPE_padding, "padding"}, - {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, - {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, - {TLSEXT_TYPE_session_ticket, "session_ticket"}, - {TLSEXT_TYPE_psk, "psk"}, - {TLSEXT_TYPE_early_data, "early_data"}, - {TLSEXT_TYPE_supported_versions, "supported_versions"}, - {TLSEXT_TYPE_cookie, "cookie_ext"}, - {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"}, - {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"}, - {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"}, - {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"}, - {TLSEXT_TYPE_key_share, "key_share"}, - {TLSEXT_TYPE_renegotiate, "renegotiate"}, -# ifndef OPENSSL_NO_NEXTPROTONEG - {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, -# endif + { TLSEXT_TYPE_server_name, "server_name" }, + { TLSEXT_TYPE_max_fragment_length, "max_fragment_length" }, + { TLSEXT_TYPE_client_certificate_url, "client_certificate_url" }, + { TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys" }, + { TLSEXT_TYPE_truncated_hmac, "truncated_hmac" }, + { TLSEXT_TYPE_status_request, "status_request" }, + { TLSEXT_TYPE_user_mapping, "user_mapping" }, + { TLSEXT_TYPE_client_authz, "client_authz" }, + { TLSEXT_TYPE_server_authz, "server_authz" }, + { TLSEXT_TYPE_cert_type, "cert_type" }, + { TLSEXT_TYPE_supported_groups, "supported_groups" }, + { TLSEXT_TYPE_ec_point_formats, "ec_point_formats" }, + { TLSEXT_TYPE_srp, "srp" }, + { TLSEXT_TYPE_signature_algorithms, "signature_algorithms" }, + { TLSEXT_TYPE_use_srtp, "use_srtp" }, + { TLSEXT_TYPE_application_layer_protocol_negotiation, + "application_layer_protocol_negotiation" }, + { TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps" }, + { TLSEXT_TYPE_padding, "padding" }, + { TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac" }, + { TLSEXT_TYPE_extended_master_secret, "extended_master_secret" }, + { TLSEXT_TYPE_session_ticket, "session_ticket" }, + { TLSEXT_TYPE_psk, "psk" }, + { TLSEXT_TYPE_early_data, "early_data" }, + { TLSEXT_TYPE_supported_versions, "supported_versions" }, + { TLSEXT_TYPE_cookie, "cookie_ext" }, + { TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes" }, + { TLSEXT_TYPE_certificate_authorities, "certificate_authorities" }, + { TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth" }, + { TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert" }, + { TLSEXT_TYPE_key_share, "key_share" }, + { TLSEXT_TYPE_renegotiate, "renegotiate" }, +#ifndef OPENSSL_NO_NEXTPROTONEG + { TLSEXT_TYPE_next_proto_neg, "next_proto_neg" }, +#endif }; static const ssl_trace_tbl ssl_groups_tbl[] = { - {1, "sect163k1 (K-163)"}, - {2, "sect163r1"}, - {3, "sect163r2 (B-163)"}, - {4, "sect193r1"}, - {5, "sect193r2"}, - {6, "sect233k1 (K-233)"}, - {7, "sect233r1 (B-233)"}, - {8, "sect239k1"}, - {9, "sect283k1 (K-283)"}, - {10, "sect283r1 (B-283)"}, - {11, "sect409k1 (K-409)"}, - {12, "sect409r1 (B-409)"}, - {13, "sect571k1 (K-571)"}, - {14, "sect571r1 (B-571)"}, - {15, "secp160k1"}, - {16, "secp160r1"}, - {17, "secp160r2"}, - {18, "secp192k1"}, - {19, "secp192r1 (P-192)"}, - {20, "secp224k1"}, - {21, "secp224r1 (P-224)"}, - {22, "secp256k1"}, - {23, "secp256r1 (P-256)"}, - {24, "secp384r1 (P-384)"}, - {25, "secp521r1 (P-521)"}, - {26, "brainpoolP256r1"}, - {27, "brainpoolP384r1"}, - {28, "brainpoolP512r1"}, - {29, "ecdh_x25519"}, - {30, "ecdh_x448"}, - {34, "GC256A"}, - {35, "GC256B"}, - {36, "GC256C"}, - {37, "GC256D"}, - {38, "GC512A"}, - {39, "GC512B"}, - {40, "GC512C"}, - {256, "ffdhe2048"}, - {257, "ffdhe3072"}, - {258, "ffdhe4096"}, - {259, "ffdhe6144"}, - {260, "ffdhe8192"}, - {0xFF01, "arbitrary_explicit_prime_curves"}, - {0xFF02, "arbitrary_explicit_char2_curves"} + { 1, "sect163k1 (K-163)" }, + { 2, "sect163r1" }, + { 3, "sect163r2 (B-163)" }, + { 4, "sect193r1" }, + { 5, "sect193r2" }, + { 6, "sect233k1 (K-233)" }, + { 7, "sect233r1 (B-233)" }, + { 8, "sect239k1" }, + { 9, "sect283k1 (K-283)" }, + { 10, "sect283r1 (B-283)" }, + { 11, "sect409k1 (K-409)" }, + { 12, "sect409r1 (B-409)" }, + { 13, "sect571k1 (K-571)" }, + { 14, "sect571r1 (B-571)" }, + { 15, "secp160k1" }, + { 16, "secp160r1" }, + { 17, "secp160r2" }, + { 18, "secp192k1" }, + { 19, "secp192r1 (P-192)" }, + { 20, "secp224k1" }, + { 21, "secp224r1 (P-224)" }, + { 22, "secp256k1" }, + { 23, "secp256r1 (P-256)" }, + { 24, "secp384r1 (P-384)" }, + { 25, "secp521r1 (P-521)" }, + { 26, "brainpoolP256r1" }, + { 27, "brainpoolP384r1" }, + { 28, "brainpoolP512r1" }, + { 29, "ecdh_x25519" }, + { 30, "ecdh_x448" }, + { 34, "GC256A" }, + { 35, "GC256B" }, + { 36, "GC256C" }, + { 37, "GC256D" }, + { 38, "GC512A" }, + { 39, "GC512B" }, + { 40, "GC512C" }, + { 256, "ffdhe2048" }, + { 257, "ffdhe3072" }, + { 258, "ffdhe4096" }, + { 259, "ffdhe6144" }, + { 260, "ffdhe8192" }, + { 0xFF01, "arbitrary_explicit_prime_curves" }, + { 0xFF02, "arbitrary_explicit_char2_curves" } }; static const ssl_trace_tbl ssl_point_tbl[] = { - {0, "uncompressed"}, - {1, "ansiX962_compressed_prime"}, - {2, "ansiX962_compressed_char2"} + { 0, "uncompressed" }, + { 1, "ansiX962_compressed_prime" }, + { 2, "ansiX962_compressed_char2" } }; static const ssl_trace_tbl ssl_mfl_tbl[] = { - {0, "disabled"}, - {1, "max_fragment_length := 2^9 (512 bytes)"}, - {2, "max_fragment_length := 2^10 (1024 bytes)"}, - {3, "max_fragment_length := 2^11 (2048 bytes)"}, - {4, "max_fragment_length := 2^12 (4096 bytes)"} + { 0, "disabled" }, + { 1, "max_fragment_length := 2^9 (512 bytes)" }, + { 2, "max_fragment_length := 2^10 (1024 bytes)" }, + { 3, "max_fragment_length := 2^11 (2048 bytes)" }, + { 4, "max_fragment_length := 2^12 (4096 bytes)" } }; static const ssl_trace_tbl ssl_sigalg_tbl[] = { - {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256"}, - {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384"}, - {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"}, - {TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"}, - {TLSEXT_SIGALG_ed25519, "ed25519"}, - {TLSEXT_SIGALG_ed448, "ed448"}, - {TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"}, - {TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256"}, - {TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384"}, - {TLSEXT_SIGALG_rsa_pss_rsae_sha512, "rsa_pss_rsae_sha512"}, - {TLSEXT_SIGALG_rsa_pss_pss_sha256, "rsa_pss_pss_sha256"}, - {TLSEXT_SIGALG_rsa_pss_pss_sha384, "rsa_pss_pss_sha384"}, - {TLSEXT_SIGALG_rsa_pss_pss_sha512, "rsa_pss_pss_sha512"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1"}, - {TLSEXT_SIGALG_dsa_sha256, "dsa_sha256"}, - {TLSEXT_SIGALG_dsa_sha384, "dsa_sha384"}, - {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"}, - {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"}, - {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"}, - {TLSEXT_SIGALG_gostr34102012_256_intrinsic, "gost2012_256"}, - {TLSEXT_SIGALG_gostr34102012_512_intrinsic, "gost2012_512"}, - {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, - {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, - {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"}, + { TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256" }, + { TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384" }, + { TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512" }, + { TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224" }, + { TLSEXT_SIGALG_ed25519, "ed25519" }, + { TLSEXT_SIGALG_ed448, "ed448" }, + { TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1" }, + { TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256" }, + { TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384" }, + { TLSEXT_SIGALG_rsa_pss_rsae_sha512, "rsa_pss_rsae_sha512" }, + { TLSEXT_SIGALG_rsa_pss_pss_sha256, "rsa_pss_pss_sha256" }, + { TLSEXT_SIGALG_rsa_pss_pss_sha384, "rsa_pss_pss_sha384" }, + { TLSEXT_SIGALG_rsa_pss_pss_sha512, "rsa_pss_pss_sha512" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1" }, + { TLSEXT_SIGALG_dsa_sha256, "dsa_sha256" }, + { TLSEXT_SIGALG_dsa_sha384, "dsa_sha384" }, + { TLSEXT_SIGALG_dsa_sha512, "dsa_sha512" }, + { TLSEXT_SIGALG_dsa_sha224, "dsa_sha224" }, + { TLSEXT_SIGALG_dsa_sha1, "dsa_sha1" }, + { TLSEXT_SIGALG_gostr34102012_256_intrinsic, "gost2012_256" }, + { TLSEXT_SIGALG_gostr34102012_512_intrinsic, "gost2012_512" }, + { TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256" }, + { TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512" }, + { TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94" }, }; static const ssl_trace_tbl ssl_ctype_tbl[] = { - {1, "rsa_sign"}, - {2, "dss_sign"}, - {3, "rsa_fixed_dh"}, - {4, "dss_fixed_dh"}, - {5, "rsa_ephemeral_dh"}, - {6, "dss_ephemeral_dh"}, - {20, "fortezza_dms"}, - {64, "ecdsa_sign"}, - {65, "rsa_fixed_ecdh"}, - {66, "ecdsa_fixed_ecdh"}, - {67, "gost_sign256"}, - {68, "gost_sign512"}, + { 1, "rsa_sign" }, + { 2, "dss_sign" }, + { 3, "rsa_fixed_dh" }, + { 4, "dss_fixed_dh" }, + { 5, "rsa_ephemeral_dh" }, + { 6, "dss_ephemeral_dh" }, + { 20, "fortezza_dms" }, + { 64, "ecdsa_sign" }, + { 65, "rsa_fixed_ecdh" }, + { 66, "ecdsa_fixed_ecdh" }, + { 67, "gost_sign256" }, + { 68, "gost_sign512" }, }; static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { - {TLSEXT_KEX_MODE_KE, "psk_ke"}, - {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"} + { TLSEXT_KEX_MODE_KE, "psk_ke" }, + { TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke" } }; static const ssl_trace_tbl ssl_key_update_tbl[] = { - {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"}, - {SSL_KEY_UPDATE_REQUESTED, "update_requested"} + { SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested" }, + { SSL_KEY_UPDATE_REQUESTED, "update_requested" } }; static void ssl_print_hex(BIO *bio, int indent, const char *name, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { size_t i; @@ -624,7 +624,7 @@ } static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen) { size_t blen; const unsigned char *p = *pmsg; @@ -644,8 +644,8 @@ } static int ssl_print_version(BIO *bio, int indent, const char *name, - const unsigned char **pmsg, size_t *pmsglen, - unsigned int *version) + const unsigned char **pmsg, size_t *pmsglen, + unsigned int *version) { int vers; @@ -656,14 +656,14 @@ *version = vers; BIO_indent(bio, indent, 80); BIO_printf(bio, "%s=0x%x (%s)\n", - name, vers, ssl_trace_str(vers, ssl_version_tbl)); + name, vers, ssl_trace_str(vers, ssl_version_tbl)); *pmsg += 2; *pmsglen -= 2; return 1; } static int ssl_print_random(BIO *bio, int indent, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen) { unsigned int tm; const unsigned char *p = *pmsg; @@ -671,9 +671,9 @@ if (*pmsglen < 32) return 0; tm = ((unsigned int)p[0] << 24) - | ((unsigned int)p[1] << 16) - | ((unsigned int)p[2] << 8) - | (unsigned int)p[3]; + | ((unsigned int)p[1] << 16) + | ((unsigned int)p[2] << 8) + | (unsigned int)p[3]; p += 4; BIO_indent(bio, indent, 80); BIO_puts(bio, "Random:\n"); @@ -686,7 +686,7 @@ } static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen) { if (*pmsglen < 2) return 0; @@ -696,7 +696,7 @@ BIO_indent(bio, indent, 80); BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n", - ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); *pmsg += 2; *pmsglen -= 2; } @@ -704,8 +704,8 @@ } static int ssl_print_extension(BIO *bio, int indent, int server, - unsigned char mt, int extype, - const unsigned char *ext, size_t extlen) + unsigned char mt, int extype, + const unsigned char *ext, size_t extlen) { size_t xlen, share_len; unsigned int sigalg; @@ -713,7 +713,7 @@ BIO_indent(bio, indent, 80); BIO_printf(bio, "extension_type=%s(%d), length=%d\n", - ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); + ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); switch (extype) { case TLSEXT_TYPE_max_fragment_length: if (extlen < 1) @@ -770,7 +770,7 @@ BIO_indent(bio, indent + 2, 80); sigalg = (ext[0] << 8) | ext[1]; BIO_printf(bio, "%s (0x%04x)\n", - ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); xlen -= 2; ext += 2; } @@ -813,7 +813,7 @@ group_id = (ext[0] << 8) | ext[1]; BIO_indent(bio, indent + 4, 80); BIO_printf(bio, "NamedGroup: %s (%d)\n", - ssl_trace_str(group_id, ssl_groups_tbl), group_id); + ssl_trace_str(group_id, ssl_groups_tbl), group_id); break; } if (extlen < 2) @@ -839,7 +839,7 @@ return 0; BIO_indent(bio, indent + 4, 80); BIO_printf(bio, "NamedGroup: %s (%d)\n", - ssl_trace_str(group_id, ssl_groups_tbl), group_id); + ssl_trace_str(group_id, ssl_groups_tbl), group_id); ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len); } break; @@ -853,7 +853,7 @@ version = (ext[0] << 8) | ext[1]; BIO_indent(bio, indent + 4, 80); BIO_printf(bio, "%s (%d)\n", - ssl_trace_str(version, ssl_version_tbl), version); + ssl_trace_str(version, ssl_version_tbl), version); break; } if (extlen < 1) @@ -862,7 +862,7 @@ if (extlen != xlen + 1) return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, - ssl_version_tbl); + ssl_version_tbl); case TLSEXT_TYPE_psk_kex_modes: if (extlen < 1) @@ -871,7 +871,7 @@ if (extlen != xlen + 1) return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, - ssl_psk_kex_modes_tbl); + ssl_psk_kex_modes_tbl); case TLSEXT_TYPE_early_data: if (mt != SSL3_MT_NEWSESSION_TICKET) @@ -879,9 +879,9 @@ if (extlen != 4) return 0; max_early_data = ((unsigned int)ext[0] << 24) - | ((unsigned int)ext[1] << 16) - | ((unsigned int)ext[2] << 8) - | (unsigned int)ext[3]; + | ((unsigned int)ext[1] << 16) + | ((unsigned int)ext[2] << 8) + | (unsigned int)ext[3]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "max_early_data=%u\n", max_early_data); break; @@ -893,8 +893,8 @@ } static int ssl_print_extensions(BIO *bio, int indent, int server, - unsigned char mt, const unsigned char **msgin, - size_t *msginlen) + unsigned char mt, const unsigned char **msgin, + size_t *msginlen) { size_t extslen, msglen = *msginlen; const unsigned char *msg = *msgin; @@ -928,13 +928,13 @@ extlen = (msg[2] << 8) | msg[3]; if (extslen < extlen + 4) { BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype, - (int)extlen); + (int)extlen); BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2); return 0; } msg += 4; if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg, - extlen)) + extlen)) return 0; msg += extlen; extslen -= extlen + 4; @@ -946,7 +946,7 @@ } static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { size_t len; unsigned int cs; @@ -974,7 +974,7 @@ cs = (msg[0] << 8) | msg[1]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "{0x%02X, 0x%02X} %s\n", - msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); + msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); msg += 2; msglen -= 2; len -= 2; @@ -991,19 +991,19 @@ while (len > 0) { BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "%s (0x%02X)\n", - ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); + ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); msg++; msglen--; len--; } if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg, - &msglen)) + &msglen)) return 0; return 1; } static int dtls_print_hello_vfyrequest(BIO *bio, int indent, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) return 0; @@ -1013,7 +1013,7 @@ } static int ssl_print_server_hello(BIO *bio, int indent, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { unsigned int cs; unsigned int vers; @@ -1023,14 +1023,14 @@ if (!ssl_print_random(bio, indent, &msg, &msglen)) return 0; if (vers != TLS1_3_VERSION - && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) + && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) return 0; if (msglen < 2) return 0; cs = (msg[0] << 8) | msg[1]; BIO_indent(bio, indent, 80); BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", - msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); + msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); msg += 2; msglen -= 2; if (vers != TLS1_3_VERSION) { @@ -1038,12 +1038,12 @@ return 0; BIO_indent(bio, indent, 80); BIO_printf(bio, "compression_method: %s (0x%02X)\n", - ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); + ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); msg++; msglen--; } if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg, - &msglen)) + &msglen)) return 0; return 1; } @@ -1097,7 +1097,7 @@ } static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { const char *algname; int id = ssl_get_keyex(&algname, ssl); @@ -1106,7 +1106,7 @@ BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); if (id & SSL_PSK) { if (!ssl_print_hexbuf(bio, indent + 2, - "psk_identity", 2, &msg, &msglen)) + "psk_identity", 2, &msg, &msglen)) return 0; } switch (id) { @@ -1115,10 +1115,10 @@ case SSL_kRSAPSK: if (TLS1_get_version(ssl) == SSL3_VERSION) { ssl_print_hex(bio, indent + 2, - "EncryptedPreMasterSecret", msg, msglen); + "EncryptedPreMasterSecret", msg, msglen); } else { if (!ssl_print_hexbuf(bio, indent + 2, - "EncryptedPreMasterSecret", 2, &msg, &msglen)) + "EncryptedPreMasterSecret", 2, &msg, &msglen)) return 0; } break; @@ -1140,7 +1140,7 @@ break; case SSL_kGOST18: ssl_print_hex(bio, indent + 2, - "GOST-wrapped PreMasterSecret", msg, msglen); + "GOST-wrapped PreMasterSecret", msg, msglen); msglen = 0; break; } @@ -1149,7 +1149,7 @@ } static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { const char *algname; int id = ssl_get_keyex(&algname, ssl); @@ -1158,7 +1158,7 @@ BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); if (id & SSL_PSK) { if (!ssl_print_hexbuf(bio, indent + 2, - "psk_identity_hint", 2, &msg, &msglen)) + "psk_identity_hint", 2, &msg, &msglen)) return 0; } switch (id) { @@ -1167,7 +1167,7 @@ if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen)) return 0; if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2, - &msg, &msglen)) + &msg, &msglen)) return 0; break; @@ -1196,7 +1196,7 @@ return 0; curve = (msg[1] << 8) | msg[2]; BIO_printf(bio, "named_curve: %s (%d)\n", - ssl_trace_str(curve, ssl_groups_tbl), curve); + ssl_trace_str(curve, ssl_groups_tbl), curve); msg += 3; msglen -= 3; if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) @@ -1217,7 +1217,7 @@ } static int ssl_print_certificate(BIO *bio, int indent, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen) { size_t msglen = *pmsglen; size_t clen; @@ -1234,7 +1234,7 @@ BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen); x = d2i_X509(NULL, &q, clen); if (!x) - BIO_puts(bio, "\n"); + BIO_puts(bio, "\n"); else { BIO_puts(bio, "\n------details-----\n"); X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); @@ -1252,13 +1252,13 @@ } static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, - int indent, const unsigned char *msg, - size_t msglen) + int indent, const unsigned char *msg, + size_t msglen) { size_t clen; if (SSL_IS_TLS13(ssl) - && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) + && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) return 0; if (msglen < 3) @@ -1274,15 +1274,14 @@ return 0; if (SSL_IS_TLS13(ssl) && !ssl_print_extensions(bio, indent + 2, server, - SSL3_MT_CERTIFICATE, &msg, &clen)) + SSL3_MT_CERTIFICATE, &msg, &clen)) return 0; - } return 1; } static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { size_t xlen; unsigned int sigalg; @@ -1291,7 +1290,7 @@ if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) return 0; if (!ssl_print_extensions(bio, indent, 1, - SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen)) + SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen)) return 0; return 1; } else { @@ -1322,7 +1321,7 @@ BIO_indent(bio, indent + 2, 80); sigalg = (msg[0] << 8) | msg[1]; BIO_printf(bio, "%s (0x%04x)\n", - ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); xlen -= 2; msg += 2; } @@ -1353,7 +1352,7 @@ p = msg; nm = d2i_X509_NAME(NULL, &p, dlen); if (!nm) { - BIO_puts(bio, "\n"); + BIO_puts(bio, "\n"); } else { X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); BIO_puts(bio, "\n"); @@ -1364,14 +1363,14 @@ } if (SSL_IS_TLS13(ssl)) { if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, - &msg, &msglen)) + &msg, &msglen)) return 0; } return msglen == 0; } static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { unsigned int tick_life; @@ -1383,9 +1382,9 @@ if (msglen < 4) return 0; tick_life = ((unsigned int)msg[0] << 24) - | ((unsigned int)msg[1] << 16) - | ((unsigned int)msg[2] << 8) - | (unsigned int)msg[3]; + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); @@ -1395,8 +1394,7 @@ if (msglen < 4) return 0; - ticket_age_add = - ((unsigned int)msg[0] << 24) + ticket_age_add = ((unsigned int)msg[0] << 24) | ((unsigned int)msg[1] << 16) | ((unsigned int)msg[2] << 8) | (unsigned int)msg[3]; @@ -1405,14 +1403,14 @@ BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add); if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg, - &msglen)) + &msglen)) return 0; } if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) return 0; if (SSL_IS_TLS13(ssl) - && !ssl_print_extensions(bio, indent + 2, 0, - SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) + && !ssl_print_extensions(bio, indent + 2, 0, + SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) return 0; if (msglen) return 0; @@ -1420,8 +1418,8 @@ } static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, - const unsigned char *msg, size_t msglen, - int indent) + const unsigned char *msg, size_t msglen, + int indent) { size_t hlen; unsigned char htype; @@ -1432,7 +1430,7 @@ hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3]; BIO_indent(bio, indent, 80); BIO_printf(bio, "%s, Length=%d\n", - ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); + ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); msg += 4; msglen -= 4; if (SSL_IS_DTLS(ssl)) { @@ -1440,10 +1438,10 @@ return 0; BIO_indent(bio, indent, 80); BIO_printf(bio, "message_seq=%d, fragment_offset=%d, " - "fragment_length=%d\n", - (msg[0] << 8) | msg[1], - (msg[2] << 16) | (msg[3] << 8) | msg[4], - (msg[5] << 16) | (msg[6] << 8) | msg[7]); + "fragment_length=%d\n", + (msg[0] << 8) | msg[1], + (msg[2] << 16) | (msg[3] << 8) | msg[4], + (msg[5] << 16) | (msg[6] << 8) | msg[7]); msg += 8; msglen -= 8; } @@ -1506,7 +1504,7 @@ case SSL3_MT_ENCRYPTED_EXTENSIONS: if (!ssl_print_extensions(bio, indent + 2, 1, - SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) + SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) return 0; break; @@ -1516,7 +1514,7 @@ return 0; } if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1, - ssl_key_update_tbl)) + ssl_key_update_tbl)) return 0; break; @@ -1529,49 +1527,46 @@ } void SSL_trace(int write_p, int version, int content_type, - const void *buf, size_t msglen, SSL *ssl, void *arg) + const void *buf, size_t msglen, SSL *ssl, void *arg) { const unsigned char *msg = buf; BIO *bio = arg; switch (content_type) { - case SSL3_RT_HEADER: - { - int hvers; - - /* avoid overlapping with length at the end of buffer */ - if (msglen < (size_t)(SSL_IS_DTLS(ssl) ? - DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { - BIO_puts(bio, write_p ? "Sent" : "Received"); - ssl_print_hex(bio, 0, " too short message", msg, msglen); - break; - } - hvers = msg[1] << 8 | msg[2]; - BIO_puts(bio, write_p ? "Sent" : "Received"); - BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", - ssl_trace_str(hvers, ssl_version_tbl), hvers); - if (SSL_IS_DTLS(ssl)) { - BIO_printf(bio, - " epoch=%d, sequence_number=%04x%04x%04x\n", - (msg[3] << 8 | msg[4]), - (msg[5] << 8 | msg[6]), - (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); - } + case SSL3_RT_HEADER: { + int hvers; - BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", - ssl_trace_str(msg[0], ssl_content_tbl), msg[0], - msg[msglen - 2] << 8 | msg[msglen - 1]); + /* avoid overlapping with length at the end of buffer */ + if (msglen < (size_t)(SSL_IS_DTLS(ssl) ? DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { + BIO_puts(bio, write_p ? "Sent" : "Received"); + ssl_print_hex(bio, 0, " too short message", msg, msglen); + break; } - break; + hvers = msg[1] << 8 | msg[2]; + BIO_puts(bio, write_p ? "Sent" : "Received"); + BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", + ssl_trace_str(hvers, ssl_version_tbl), hvers); + if (SSL_IS_DTLS(ssl)) { + BIO_printf(bio, + " epoch=%d, sequence_number=%04x%04x%04x\n", + (msg[3] << 8 | msg[4]), + (msg[5] << 8 | msg[6]), + (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); + } + + BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", + ssl_trace_str(msg[0], ssl_content_tbl), msg[0], + msg[msglen - 2] << 8 | msg[msglen - 1]); + } break; case SSL3_RT_INNER_CONTENT_TYPE: BIO_printf(bio, " Inner Content Type = %s (%d)", - ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); + ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); break; case SSL3_RT_HANDSHAKE: if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p, - msg, msglen, 4)) + msg, msglen, 4)) BIO_printf(bio, "Message length parse error!\n"); break; @@ -1587,10 +1582,9 @@ BIO_puts(bio, " Illegal Alert Length\n"); else { BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", - SSL_alert_type_string_long(msg[0] << 8), - msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); + SSL_alert_type_string_long(msg[0] << 8), + msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); } - } BIO_puts(bio, "\n"); --- crypto/openssl/ssl/tls13_enc.c.orig +++ crypto/openssl/ssl/tls13_enc.c @@ -16,7 +16,7 @@ #include #include -#define TLS13_MAX_LABEL_LEN 249 +#define TLS13_MAX_LABEL_LEN 249 #ifdef CHARSET_EBCDIC static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 }; @@ -32,12 +32,12 @@ * |fatal| is set. Returns 1 on success 0 on failure. */ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, - const unsigned char *label, size_t labellen, - const unsigned char *data, size_t datalen, - unsigned char *out, size_t outlen, int fatal) + const unsigned char *label, size_t labellen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outlen, int fatal) { EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, - s->ctx->propq); + s->ctx->propq); EVP_KDF_CTX *kctx; OSSL_PARAM params[7], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; @@ -76,18 +76,18 @@ *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)secret, hashlen); + (unsigned char *)secret, hashlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, - (unsigned char *)label_prefix, - sizeof(label_prefix) - 1); + (unsigned char *)label_prefix, + sizeof(label_prefix) - 1); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, - (unsigned char *)label, labellen); + (unsigned char *)label, labellen); if (data != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_DATA, - (unsigned char *)data, - datalen); + (unsigned char *)data, + datalen); *p++ = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, out, outlen, params) <= 0; @@ -108,16 +108,16 @@ * success 0 on failure. */ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, - unsigned char *key, size_t keylen) + unsigned char *key, size_t keylen) { #ifdef CHARSET_EBCDIC - static const unsigned char keylabel[] ={ 0x6B, 0x65, 0x79, 0x00 }; + static const unsigned char keylabel[] = { 0x6B, 0x65, 0x79, 0x00 }; #else - static const unsigned char keylabel[] = "key"; + static const unsigned char keylabel[] = "key"; #endif return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1, - NULL, 0, key, keylen, 1); + NULL, 0, key, keylen, 1); } /* @@ -125,30 +125,30 @@ * success 0 on failure. */ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, - unsigned char *iv, size_t ivlen) + unsigned char *iv, size_t ivlen) { #ifdef CHARSET_EBCDIC - static const unsigned char ivlabel[] = { 0x69, 0x76, 0x00 }; + static const unsigned char ivlabel[] = { 0x69, 0x76, 0x00 }; #else - static const unsigned char ivlabel[] = "iv"; + static const unsigned char ivlabel[] = "iv"; #endif return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1, - NULL, 0, iv, ivlen, 1); + NULL, 0, iv, ivlen, 1); } int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, - const unsigned char *secret, - unsigned char *fin, size_t finlen) + const unsigned char *secret, + unsigned char *fin, size_t finlen) { #ifdef CHARSET_EBCDIC - static const unsigned char finishedlabel[] = { 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64, 0x00 }; + static const unsigned char finishedlabel[] = { 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64, 0x00 }; #else - static const unsigned char finishedlabel[] = "finished"; + static const unsigned char finishedlabel[] = "finished"; #endif return tls13_hkdf_expand(s, md, secret, finishedlabel, - sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1); + sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1); } /* @@ -157,10 +157,10 @@ * pointed to by |outsecret|. Returns 1 on success 0 on failure. */ int tls13_generate_secret(SSL *s, const EVP_MD *md, - const unsigned char *prevsecret, - const unsigned char *insecret, - size_t insecretlen, - unsigned char *outsecret) + const unsigned char *prevsecret, + const unsigned char *insecret, + size_t insecretlen, + unsigned char *outsecret) { size_t mdlen; int mdleni; @@ -195,20 +195,20 @@ *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); if (insecret != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)insecret, - insecretlen); + (unsigned char *)insecret, + insecretlen); if (prevsecret != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)prevsecret, mdlen); + (unsigned char *)prevsecret, mdlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, - (unsigned char *)label_prefix, - sizeof(label_prefix) - 1); + (unsigned char *)label_prefix, + sizeof(label_prefix) - 1); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, - (unsigned char *)derived_secret_label, - sizeof(derived_secret_label) - 1); + (unsigned char *)derived_secret_label, + sizeof(derived_secret_label) - 1); *p++ = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, outsecret, mdlen, params) <= 0; @@ -226,12 +226,12 @@ * generated. Returns 1 on success 0 on failure. */ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, - size_t insecretlen) + size_t insecretlen) { /* Calls SSLfatal() if required */ return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret, - insecret, insecretlen, - (unsigned char *)&s->handshake_secret); + insecret, insecretlen, + (unsigned char *)&s->handshake_secret); } /* @@ -240,8 +240,8 @@ * failure. */ int tls13_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *prev, size_t prevlen, - size_t *secret_size) + unsigned char *prev, size_t prevlen, + size_t *secret_size) { const EVP_MD *md = ssl_handshake_md(s); @@ -255,7 +255,7 @@ * 0 on error. */ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *out) + unsigned char *out) { const EVP_MD *md = ssl_handshake_md(s); const char *mdname = EVP_MD_get0_name(md); @@ -271,8 +271,8 @@ /* Safe to cast away const here since we're not "getting" any data */ if (s->ctx->propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, - (char *)s->ctx->propq, - 0); + (char *)s->ctx->propq, + 0); *p = OSSL_PARAM_construct_end(); if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { @@ -286,21 +286,21 @@ key = s->client_finished_secret; } else { if (!tls13_derive_finishedkey(s, md, - s->client_app_traffic_secret, - finsecret, hashlen)) + s->client_app_traffic_secret, + finsecret, hashlen)) goto err; key = finsecret; } if (!EVP_Q_mac(s->ctx->libctx, "HMAC", s->ctx->propq, mdname, - params, key, hashlen, hash, hashlen, - /* outsize as per sizeof(peer_finish_md) */ - out, EVP_MAX_MD_SIZE * 2, &len)) { + params, key, hashlen, hash, hashlen, + /* outsize as per sizeof(peer_finish_md) */ + out, EVP_MAX_MD_SIZE * 2, &len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - err: +err: OPENSSL_cleanse(finsecret, sizeof(finsecret)); return len; } @@ -316,7 +316,7 @@ s->session->cipher = s->s3.tmp.new_cipher; if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL, - 0)) { + 0)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -331,13 +331,13 @@ } static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, - const EVP_CIPHER *ciph, - const unsigned char *insecret, - const unsigned char *hash, - const unsigned char *label, - size_t labellen, unsigned char *secret, - unsigned char *key, unsigned char *iv, - EVP_CIPHER_CTX *ciph_ctx) + const EVP_CIPHER *ciph, + const unsigned char *insecret, + const unsigned char *hash, + const unsigned char *label, + size_t labellen, unsigned char *secret, + unsigned char *key, unsigned char *iv, + EVP_CIPHER_CTX *ciph_ctx) { size_t ivlen, keylen, taglen; int hashleni = EVP_MD_get_size(md); @@ -351,7 +351,7 @@ hashlen = (size_t)hashleni; if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen, - secret, hashlen, 1)) { + secret, hashlen, 1)) { /* SSLfatal() already called */ return 0; } @@ -375,7 +375,7 @@ } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; - else + else taglen = EVP_CCM_TLS_TAG_LEN; } else { ivlen = EVP_CIPHER_get_iv_length(ciph); @@ -383,15 +383,14 @@ } if (!tls13_derive_key(s, md, secret, key, keylen) - || !tls13_derive_iv(s, md, secret, iv, ivlen)) { + || !tls13_derive_iv(s, md, secret, iv, ivlen)) { /* SSLfatal() already called */ return 0; } if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0 || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) <= 0 - || (taglen != 0 && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, NULL) <= 0) + || (taglen != 0 && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0) || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return 0; @@ -403,14 +402,14 @@ int tls13_change_cipher_state(SSL *s, int which) { #ifdef CHARSET_EBCDIC - static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; - static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; - static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char client_early_traffic[] = { 0x63, 0x20, 0x65, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char client_handshake_traffic[] = { 0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char client_application_traffic[] = { 0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char server_handshake_traffic[] = { 0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char server_application_traffic[] = { 0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char exporter_master_secret[] = { 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00 }; + static const unsigned char resumption_master_secret[] = { 0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00 }; + static const unsigned char early_exporter_master_secret[] = { 0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00 }; #else static const unsigned char client_early_traffic[] = "c e traffic"; static const unsigned char client_handshake_traffic[] = "c hs traffic"; @@ -438,7 +437,6 @@ const EVP_CIPHER *cipher = NULL; #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) ktls_crypto_info_t crypto_info; - void *rl_sequence; BIO *bio; #endif @@ -474,7 +472,7 @@ } if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE)) - || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) { + || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) { if (which & SSL3_CC_EARLY) { EVP_MD_CTX *mdctx = NULL; long handlen; @@ -494,16 +492,15 @@ } if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0 - && s->session->ext.max_early_data == 0) { + && s->max_early_data > 0 + && s->session->ext.max_early_data == 0) { /* * If we are attempting to send early data, and we've decided to * actually do it but max_early_data in s->session is 0 then we * must be using an external PSK. */ if (!ossl_assert(s->psksession != NULL - && s->max_early_data == - s->psksession->ext.max_early_data)) { + && s->max_early_data == s->psksession->ext.max_early_data)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -538,8 +535,8 @@ md = ssl_md(s->ctx, sslcipher->algorithm2); if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL) - || !EVP_DigestUpdate(mdctx, hdata, handlen) - || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) { + || !EVP_DigestUpdate(mdctx, hdata, handlen) + || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_MD_CTX_free(mdctx); goto err; @@ -548,17 +545,17 @@ EVP_MD_CTX_free(mdctx); if (!tls13_hkdf_expand(s, md, insecret, - early_exporter_master_secret, - sizeof(early_exporter_master_secret) - 1, - hashval, hashlen, - s->early_exporter_master_secret, hashlen, - 1)) { + early_exporter_master_secret, + sizeof(early_exporter_master_secret) - 1, + hashval, hashlen, + s->early_exporter_master_secret, hashlen, + 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL, - s->early_exporter_master_secret, hashlen)) { + s->early_exporter_master_secret, hashlen)) { /* SSLfatal() already called */ goto err; } @@ -613,7 +610,7 @@ md = ssl_handshake_md(s); cipher = s->s3.tmp.new_sym_enc; if (!ssl3_digest_cached_records(s, 1) - || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) { + || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) { /* SSLfatal() already called */; goto err; } @@ -635,22 +632,22 @@ * hash for the whole handshake including the Client Finished */ if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, - resumption_master_secret, - sizeof(resumption_master_secret) - 1, - hashval, hashlen, s->resumption_master_secret, - hashlen, 1)) { + resumption_master_secret, + sizeof(resumption_master_secret) - 1, + hashval, hashlen, s->resumption_master_secret, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } } /* check whether cipher is known */ - if(!ossl_assert(cipher != NULL)) + if (!ossl_assert(cipher != NULL)) goto err; if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher, - insecret, hash, label, labellen, secret, key, - iv, ciph_ctx)) { + insecret, hash, label, labellen, secret, key, + iv, ciph_ctx)) { /* SSLfatal() already called */ goto err; } @@ -659,16 +656,16 @@ memcpy(s->server_app_traffic_secret, secret, hashlen); /* Now we create the exporter master secret */ if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, - exporter_master_secret, - sizeof(exporter_master_secret) - 1, - hash, hashlen, s->exporter_master_secret, - hashlen, 1)) { + exporter_master_secret, + sizeof(exporter_master_secret) - 1, + hash, hashlen, s->exporter_master_secret, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret, - hashlen)) { + hashlen)) { /* SSLfatal() already called */ goto err; } @@ -681,8 +678,8 @@ } if (finsecret != NULL - && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret, - finsecret, finsecretlen)) { + && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret, + finsecret, finsecretlen)) { /* SSLfatal() already called */ goto err; } @@ -692,9 +689,10 @@ else s->statem.enc_write_state = ENC_WRITE_STATE_VALID; #ifndef OPENSSL_NO_KTLS -# if defined(OPENSSL_KTLS_TLS13) - if (!(which & SSL3_CC_APPLICATION) - || (s->options & SSL_OP_ENABLE_KTLS) == 0) +#if defined(OPENSSL_KTLS_TLS13) + if (!(which & SSL3_CC_WRITE) + || !(which & SSL3_CC_APPLICATION) + || (s->options & SSL_OP_ENABLE_KTLS) == 0) goto skip_ktls; /* ktls supports only the maximum fragment size */ @@ -709,10 +707,7 @@ if (!ktls_check_supported_cipher(s, cipher, ciph_ctx)) goto skip_ktls; - if (which & SSL3_CC_WRITE) - bio = s->wbio; - else - bio = s->rbio; + bio = s->wbio; if (!ossl_assert(bio != NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -720,31 +715,23 @@ } /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */ - if (which & SSL3_CC_WRITE) { - if (BIO_flush(bio) <= 0) - goto skip_ktls; - } + if (BIO_flush(bio) <= 0) + goto skip_ktls; /* configure kernel crypto structure */ - if (which & SSL3_CC_WRITE) - rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); - else - rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); - - if (!ktls_configure_crypto(s, cipher, ciph_ctx, rl_sequence, &crypto_info, - which & SSL3_CC_WRITE, iv, key, NULL, 0)) + if (!ktls_configure_crypto(s, cipher, ciph_ctx, + RECORD_LAYER_get_write_sequence(&s->rlayer), + &crypto_info, NULL, iv, key, NULL, 0)) goto skip_ktls; /* ktls works with user provided buffers directly */ - if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { - if (which & SSL3_CC_WRITE) - ssl3_release_write_buffer(s); - } + if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) + ssl3_release_write_buffer(s); skip_ktls: -# endif +#endif #endif ret = 1; - err: +err: if ((which & SSL3_CC_EARLY) != 0) { /* We up-refed this so now we need to down ref */ ssl_evp_cipher_free(cipher); @@ -757,9 +744,9 @@ int tls13_update_key(SSL *s, int sending) { #ifdef CHARSET_EBCDIC - static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00}; + static const unsigned char application_traffic[] = { 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x20, 0x75, 0x70, 0x64, 0x00 }; #else - static const unsigned char application_traffic[] = "traffic upd"; + static const unsigned char application_traffic[] = "traffic upd"; #endif const EVP_MD *md = ssl_handshake_md(s); size_t hashlen; @@ -793,10 +780,10 @@ } if (!derive_secret_key_and_iv(s, sending, md, - s->s3.tmp.new_sym_enc, insecret, NULL, - application_traffic, - sizeof(application_traffic) - 1, secret, key, - iv, ciph_ctx)) { + s->s3.tmp.new_sym_enc, insecret, NULL, + application_traffic, + sizeof(application_traffic) - 1, secret, key, + iv, ciph_ctx)) { /* SSLfatal() already called */ goto err; } @@ -812,7 +799,7 @@ s->statem.enc_write_state = ENC_WRITE_STATE_VALID; ret = 1; - err: +err: OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(secret, sizeof(secret)); return ret; @@ -828,13 +815,13 @@ } int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen, int use_context) + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context) { unsigned char exportsecret[EVP_MAX_MD_SIZE]; #ifdef CHARSET_EBCDIC - static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char exporterlabel[] = { 0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00 }; #else static const unsigned char exporterlabel[] = "exporter"; #endif @@ -851,33 +838,33 @@ contextlen = 0; if (EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestUpdate(ctx, context, contextlen) <= 0 - || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 - || EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 - || !tls13_hkdf_expand(s, md, s->exporter_master_secret, - (const unsigned char *)label, llen, - data, datalen, exportsecret, hashsize, 0) - || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, - sizeof(exporterlabel) - 1, hash, hashsize, - out, olen, 0)) + || EVP_DigestUpdate(ctx, context, contextlen) <= 0 + || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 + || !tls13_hkdf_expand(s, md, s->exporter_master_secret, + (const unsigned char *)label, llen, + data, datalen, exportsecret, hashsize, 0) + || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, + sizeof(exporterlabel) - 1, hash, hashsize, + out, olen, 0)) goto err; ret = 1; - err: +err: EVP_MD_CTX_free(ctx); return ret; } int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen) + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen) { #ifdef CHARSET_EBCDIC - static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char exporterlabel[] = { 0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00 }; #else - static const unsigned char exporterlabel[] = "exporter"; + static const unsigned char exporterlabel[] = "exporter"; #endif unsigned char exportsecret[EVP_MAX_MD_SIZE]; unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE]; @@ -891,7 +878,7 @@ goto err; if (!s->server && s->max_early_data > 0 - && s->session->ext.max_early_data == 0) + && s->session->ext.max_early_data == 0) sslcipher = SSL_SESSION_get0_cipher(s->psksession); else sslcipher = SSL_SESSION_get0_cipher(s->session); @@ -914,21 +901,21 @@ * Here Transcript-Hash is the cipher suite hash algorithm. */ if (md == NULL - || EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestUpdate(ctx, context, contextlen) <= 0 - || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 - || EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 - || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret, - (const unsigned char *)label, llen, - data, datalen, exportsecret, hashsize, 0) - || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, - sizeof(exporterlabel) - 1, hash, hashsize, - out, olen, 0)) + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestUpdate(ctx, context, contextlen) <= 0 + || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 + || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret, + (const unsigned char *)label, llen, + data, datalen, exportsecret, hashsize, 0) + || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, + sizeof(exporterlabel) - 1, hash, hashsize, + out, olen, 0)) goto err; ret = 1; - err: +err: EVP_MD_CTX_free(ctx); return ret; } --- crypto/openssl/ssl/tls_depr.c.orig +++ crypto/openssl/ssl/tls_depr.c @@ -67,8 +67,8 @@ int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey) { return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, - SSL_get_client_CA_list(s), - px509, ppkey, NULL, NULL, NULL); + SSL_get_client_CA_list(s), + px509, ppkey, NULL, NULL, NULL); } #endif @@ -148,7 +148,7 @@ /* Some deprecated public APIs pass DH objects */ EVP_PKEY *ssl_dh_to_pkey(DH *dh) { -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH EVP_PKEY *ret; if (dh == NULL) @@ -159,16 +159,16 @@ return NULL; } return ret; -# else +#else return NULL; -# endif +#endif } /* Some deprecated public APIs pass EC_KEY objects */ int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, - void *key) + void *key) { -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key); int nid; @@ -180,9 +180,9 @@ if (nid == NID_undef) return 0; return tls1_set_groups(pext, pextlen, &nid, 1); -# else +#else return 0; -# endif +#endif } /* @@ -190,18 +190,17 @@ * ctx: the SSL context. * dh: the callback */ -# if !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_DH) void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)) + DH *(*dh)(SSL *ssl, int is_export, + int keylength)) { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); } -void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, - int keylength)) +void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, int keylength)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); } -# endif +#endif #endif /* OPENSSL_NO_DEPRECATED */ --- crypto/openssl/ssl/tls_srp.c.orig +++ crypto/openssl/ssl/tls_srp.c @@ -23,7 +23,7 @@ #include "ssl_local.h" #ifndef OPENSSL_NO_SRP -# include +#include /* * The public API SSL_CTX_SRP_CTX_free() is deprecated so we use @@ -96,50 +96,30 @@ s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg; /* set client Hello login callback */ - s->srp_ctx.TLS_ext_srp_username_callback = - ctx->srp_ctx.TLS_ext_srp_username_callback; + s->srp_ctx.TLS_ext_srp_username_callback = ctx->srp_ctx.TLS_ext_srp_username_callback; /* set SRP N/g param callback for verification */ - s->srp_ctx.SRP_verify_param_callback = - ctx->srp_ctx.SRP_verify_param_callback; + s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback; /* set SRP client passwd callback */ - s->srp_ctx.SRP_give_srp_client_pwd_callback = - ctx->srp_ctx.SRP_give_srp_client_pwd_callback; + s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback; s->srp_ctx.strength = ctx->srp_ctx.strength; - if (((ctx->srp_ctx.N != NULL) && - ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) || - ((ctx->srp_ctx.g != NULL) && - ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) || - ((ctx->srp_ctx.s != NULL) && - ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) || - ((ctx->srp_ctx.B != NULL) && - ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) || - ((ctx->srp_ctx.A != NULL) && - ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) || - ((ctx->srp_ctx.a != NULL) && - ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) || - ((ctx->srp_ctx.v != NULL) && - ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) || - ((ctx->srp_ctx.b != NULL) && - ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) { + if (((ctx->srp_ctx.N != NULL) && ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) || ((ctx->srp_ctx.g != NULL) && ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) || ((ctx->srp_ctx.s != NULL) && ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) || ((ctx->srp_ctx.B != NULL) && ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) || ((ctx->srp_ctx.A != NULL) && ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) || ((ctx->srp_ctx.a != NULL) && ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) || ((ctx->srp_ctx.v != NULL) && ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) || ((ctx->srp_ctx.b != NULL) && ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) { ERR_raise(ERR_LIB_SSL, ERR_R_BN_LIB); goto err; } - if ((ctx->srp_ctx.login != NULL) && - ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) { + if ((ctx->srp_ctx.login != NULL) && ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); goto err; } - if ((ctx->srp_ctx.info != NULL) && - ((s->srp_ctx.info = OPENSSL_strdup(ctx->srp_ctx.info)) == NULL)) { + if ((ctx->srp_ctx.info != NULL) && ((s->srp_ctx.info = OPENSSL_strdup(ctx->srp_ctx.info)) == NULL)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); goto err; } s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; return 1; - err: +err: OPENSSL_free(s->srp_ctx.login); OPENSSL_free(s->srp_ctx.info); BN_free(s->srp_ctx.N); @@ -190,17 +170,11 @@ int al; *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; - if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && - ((al = - s->srp_ctx.TLS_ext_srp_username_callback(s, ad, - s->srp_ctx.SRP_cb_arg)) != - SSL_ERROR_NONE)) + if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE)) return al; *ad = SSL_AD_INTERNAL_ERROR; - if ((s->srp_ctx.N == NULL) || - (s->srp_ctx.g == NULL) || - (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL)) + if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL)) return SSL3_AL_FATAL; if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b), 0) <= 0) @@ -210,10 +184,11 @@ /* Calculate: B = (kv + g^b) % N */ - return ((s->srp_ctx.B = - SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, - s->srp_ctx.v, s->ctx->libctx, s->ctx->propq)) != - NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL; + return ((s->srp_ctx.B = SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, + s->srp_ctx.v, s->ctx->libctx, s->ctx->propq)) + != NULL) + ? SSL_ERROR_NONE + : SSL3_AL_FATAL; } int SSL_srp_server_param_with_username(SSL *s, int *ad) @@ -226,7 +201,7 @@ * fly */ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, - const char *grp) + const char *grp) { SRP_gN *GN = SRP_get_default_gN(grp); if (GN == NULL) @@ -238,15 +213,15 @@ BN_clear_free(s->srp_ctx.s); s->srp_ctx.s = NULL; if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, - s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx, - s->ctx->propq)) + s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx, + s->ctx->propq)) return -1; return 1; } int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, - BIGNUM *sa, BIGNUM *v, char *info) + BIGNUM *sa, BIGNUM *v, char *info) { if (N != NULL) { if (s->srp_ctx.N != NULL) { @@ -291,8 +266,7 @@ return -1; } - if (!(s->srp_ctx.N) || - !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v)) + if (!(s->srp_ctx.N) || !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v)) return -1; return 1; @@ -307,10 +281,12 @@ if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) goto err; if ((u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, - s->ctx->libctx, s->ctx->propq)) == NULL) + s->ctx->libctx, s->ctx->propq)) + == NULL) goto err; if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, - s->srp_ctx.N)) == NULL) + s->srp_ctx.N)) + == NULL) goto err; tmp_len = BN_num_bytes(K); @@ -321,7 +297,7 @@ BN_bn2bin(K, tmp); /* Calls SSLfatal() as required */ ret = ssl_generate_master_secret(s, tmp, tmp_len, 1); - err: +err: BN_clear_free(K); BN_clear_free(u); return ret; @@ -339,26 +315,28 @@ * Checks if b % n == 0 */ if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0 - || (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, - s->ctx->libctx, s->ctx->propq)) - == NULL - || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) { + || (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, + s->ctx->libctx, s->ctx->propq)) + == NULL + || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, - s->srp_ctx.SRP_cb_arg)) - == NULL) { + s->srp_ctx.SRP_cb_arg)) + == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED); goto err; } if ((x = SRP_Calc_x_ex(s->srp_ctx.s, s->srp_ctx.login, passwd, - s->ctx->libctx, s->ctx->propq)) == NULL - || (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B, - s->srp_ctx.g, x, - s->srp_ctx.a, u, - s->ctx->libctx, - s->ctx->propq)) == NULL) { + s->ctx->libctx, s->ctx->propq)) + == NULL + || (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B, + s->srp_ctx.g, x, + s->srp_ctx.a, u, + s->ctx->libctx, + s->ctx->propq)) + == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -371,7 +349,7 @@ BN_bn2bin(K, tmp); /* Calls SSLfatal() as required */ ret = ssl_generate_master_secret(s, tmp, tmp_len, 1); - err: +err: BN_clear_free(K); BN_clear_free(x); if (passwd != NULL) @@ -405,7 +383,7 @@ } } else if (!SRP_check_known_gN_param(srp->g, srp->N)) { SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, - SSL_R_INSUFFICIENT_SECURITY); + SSL_R_INSUFFICIENT_SECURITY); return 0; } @@ -464,8 +442,8 @@ return s->ctx->srp_ctx.info; } -# define tls1_ctx_ctrl ssl3_ctx_ctrl -# define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl +#define tls1_ctx_ctrl ssl3_ctx_ctrl +#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name) { @@ -480,14 +458,14 @@ int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength) { return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength, - NULL); + NULL); } int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, - int (*cb) (SSL *, void *)) + int (*cb)(SSL *, void *)) { return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB, - (void (*)(void))cb); + (void (*)(void))cb); } int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg) @@ -496,17 +474,17 @@ } int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, - int (*cb) (SSL *, int *, void *)) + int (*cb)(SSL *, int *, void *)) { return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB, - (void (*)(void))cb); + (void (*)(void))cb); } int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, - char *(*cb) (SSL *, void *)) + char *(*cb)(SSL *, void *)) { return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB, - (void (*)(void))cb); + (void (*)(void))cb); } #endif --- crypto/openssl/test/README-external.md.orig +++ crypto/openssl/test/README-external.md @@ -39,7 +39,7 @@ You will need a git checkout of krb5 at the top level: - $ git clone https://github.com/krb5/krb5 + $ git submodule update --init krb5's master has to pass this same CI, but a known-good version is krb5-1.15.1-final if you want to be sure. --- crypto/openssl/test/acvp_test.c.orig +++ crypto/openssl/test/acvp_test.c @@ -52,14 +52,14 @@ static const OPTIONS test_options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, { "config", OPT_CONFIG_FILE, '<', - "The configuration file to use for the libctx" }, + "The configuration file to use for the libctx" }, { NULL } }; return test_options; } static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name, - unsigned char **out, size_t *out_len) + unsigned char **out, size_t *out_len) { unsigned char *buf = NULL; BIGNUM *bn = NULL; @@ -85,8 +85,8 @@ } static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name, - const unsigned char *msg, size_t msg_len, - unsigned char **sig_out, size_t *sig_out_len) + const unsigned char *msg, size_t msg_len, + unsigned char **sig_out, size_t *sig_out_len) { int ret = 0; EVP_MD_CTX *md_ctx = NULL; @@ -98,7 +98,8 @@ if (!TEST_ptr(sig = OPENSSL_malloc(sz)) || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx, - NULL, pkey, NULL), 1) + NULL, pkey, NULL), + 1) || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0)) goto err; *sig_out = sig; @@ -126,11 +127,11 @@ if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)) || !TEST_int_ge(self_test_args.called, 3) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv, - &priv_len)) + &priv_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx, - &pubx_len)) + &pubx_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby, - &puby_len))) + &puby_len))) goto err; test_output_memory("qy", puby, puby_len); @@ -148,8 +149,8 @@ } static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name, - const unsigned char *pub, size_t pub_len, - int expected) + const unsigned char *pub, size_t pub_len, + int expected) { int ret = 0; EVP_PKEY_CTX *ctx = NULL; @@ -159,16 +160,19 @@ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || (curve_name != NULL && !TEST_true(OSSL_PARAM_BLD_push_utf8_string( - bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0)) + bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) + > 0)) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_PUB_KEY, - pub, pub_len) > 0) + OSSL_PKEY_PARAM_PUB_KEY, + pub, pub_len) + > 0) || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, - params), expected)) - goto err; + params), + expected)) + goto err; ret = 1; err: @@ -187,7 +191,7 @@ EVP_PKEY *pkey = NULL; if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, - tst->pub, tst->pub_len, tst->pass))) + tst->pub, tst->pub_len, tst->pass))) goto err; if (tst->pass) { @@ -204,8 +208,8 @@ /* Extract r and s from an ecdsa signature */ static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, - unsigned char **r, unsigned char **s, - size_t *rlen, size_t *slen) + unsigned char **r, unsigned char **s, + size_t *rlen, size_t *slen) { int ret = 0; unsigned char *rbuf = NULL, *sbuf = NULL; @@ -257,7 +261,7 @@ goto err; if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, - &sig, &sig_len)) + &sig, &sig_len)) || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) goto err; test_output_memory("r", r, rlen); @@ -283,7 +287,7 @@ const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id]; if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, - tst->pub, tst->pub_len, 1))) + tst->pub, tst->pub_len, 1))) goto err; if (!TEST_ptr(sign = ECDSA_SIG_new()) @@ -294,11 +298,12 @@ rbn = sbn = NULL; ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0) - && TEST_ptr(md_ctx = EVP_MD_CTX_new()) - && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg, - libctx, NULL, pkey, NULL) - && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len, - tst->msg, tst->msg_len), tst->pass)); + && TEST_ptr(md_ctx = EVP_MD_CTX_new()) + && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg, + libctx, NULL, pkey, NULL) + && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len, + tst->msg, tst->msg_len), + tst->pass)); err: BN_free(rbn); BN_free(sbn); @@ -307,13 +312,12 @@ EVP_PKEY_free(pkey); EVP_MD_CTX_free(md_ctx); return ret; - } #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_DSA static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name, - unsigned char **out, size_t *out_len) + unsigned char **out, size_t *out_len) { size_t len = 0; unsigned char *buf = NULL; @@ -356,7 +360,7 @@ if (!TEST_ptr(param_key = dsa_paramgen(L, N)) || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, - NULL)) + NULL)) || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)) goto err; @@ -377,15 +381,15 @@ if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N)) || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, - NULL)) + NULL)) || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)) goto err; for (i = 0; i < 2; ++i) { if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0) || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY, - &priv, &priv_len)) + &priv, &priv_len)) || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY, - &pub, &pub_len))) + &pub, &pub_len))) goto err; test_output_memory("y", pub, pub_len); test_output_memory("x", priv, priv_len); @@ -421,14 +425,14 @@ || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N)) || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)) || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P, - &p, &plen)) + &p, &plen)) || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q, - &q, &qlen)) + &q, &qlen)) || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED, - &seed, &seedlen)) + &seed, &seedlen)) || !TEST_true(EVP_PKEY_get_int_param(param_key, - OSSL_PKEY_PARAM_FFC_PCOUNTER, - &counter))) + OSSL_PKEY_PARAM_FFC_PCOUNTER, + &counter))) goto err; test_output_memory("p", p, plen); @@ -446,14 +450,14 @@ } static int dsa_create_pkey(EVP_PKEY **pkey, - const unsigned char *p, size_t p_len, - const unsigned char *q, size_t q_len, - const unsigned char *g, size_t g_len, - const unsigned char *seed, size_t seed_len, - int counter, - int validate_pq, int validate_g, - const unsigned char *pub, size_t pub_len, - BN_CTX *bn_ctx) + const unsigned char *p, size_t p_len, + const unsigned char *q, size_t q_len, + const unsigned char *g, size_t g_len, + const unsigned char *seed, size_t seed_len, + int counter, + int validate_pq, int validate_g, + const unsigned char *pub, size_t pub_len, + BN_CTX *bn_ctx) { int ret = 0; EVP_PKEY_CTX *ctx = NULL; @@ -465,49 +469,50 @@ || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx)) || !TEST_ptr(BN_bin2bn(p, p_len, p_bn)) || !TEST_true(OSSL_PARAM_BLD_push_int(bld, - OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, - validate_pq)) + OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, + validate_pq)) || !TEST_true(OSSL_PARAM_BLD_push_int(bld, - OSSL_PKEY_PARAM_FFC_VALIDATE_G, - validate_g)) + OSSL_PKEY_PARAM_FFC_VALIDATE_G, + validate_g)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn)) || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx)) || !TEST_ptr(BN_bin2bn(q, q_len, q_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn))) goto err; - if (g != NULL) { - if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx)) - || !TEST_ptr(BN_bin2bn(g, g_len, g_bn)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, - OSSL_PKEY_PARAM_FFC_G, g_bn))) - goto err; - } - if (seed != NULL) { - if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len))) - goto err; - } - if (counter != -1) { - if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, - OSSL_PKEY_PARAM_FFC_PCOUNTER, - counter))) - goto err; - } - if (pub != NULL) { - if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) - || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, - OSSL_PKEY_PARAM_PUB_KEY, - pub_bn))) - goto err; - } - if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) - || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) - || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) - || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, - params), 1)) - goto err; + if (g != NULL) { + if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(g, g_len, g_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, + OSSL_PKEY_PARAM_FFC_G, g_bn))) + goto err; + } + if (seed != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len))) + goto err; + } + if (counter != -1) { + if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, + OSSL_PKEY_PARAM_FFC_PCOUNTER, + counter))) + goto err; + } + if (pub != NULL) { + if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub_bn))) + goto err; + } + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) + || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, + params), + 1)) + goto err; ret = 1; err: @@ -527,13 +532,13 @@ if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len, - tst->q, tst->q_len, NULL, 0, - tst->seed, tst->seed_len, tst->counter, - 1, 0, - NULL, 0, - bn_ctx)) + tst->q, tst->q_len, NULL, 0, + tst->seed, tst->seed_len, tst->counter, + 1, 0, + NULL, 0, + bn_ctx)) || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, - NULL)) + NULL)) || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass)) goto err; @@ -547,8 +552,8 @@ /* Extract r and s from a dsa signature */ static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, - unsigned char **r, unsigned char **s, - size_t *r_len, size_t *s_len) + unsigned char **r, unsigned char **s, + size_t *r_len, size_t *s_len) { int ret = 0; unsigned char *rbuf = NULL, *sbuf = NULL; @@ -598,7 +603,7 @@ goto err; if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, - &sig, &sig_len)) + &sig, &sig_len)) || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) goto err; test_output_memory("r", r, rlen); @@ -625,13 +630,13 @@ unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int digest_len; BN_CTX *bn_ctx = NULL; - const struct dsa_sigver_st *tst = &dsa_sigver_data[id]; + const struct dsa_sigver_st *tst = &dsa_sigver_data[id]; if (!TEST_ptr(bn_ctx = BN_CTX_new()) || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len, - tst->q, tst->q_len, tst->g, tst->g_len, - NULL, 0, 0, 0, 0, tst->pub, tst->pub_len, - bn_ctx))) + tst->q, tst->q_len, tst->g, tst->g_len, + NULL, 0, 0, 0, 0, tst->pub, tst->pub_len, + bn_ctx))) goto err; if (!TEST_ptr(sign = DSA_SIG_new()) @@ -643,14 +648,14 @@ if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, "")) || !TEST_true(EVP_Digest(tst->msg, tst->msg_len, - digest, &digest_len, md, NULL))) + digest, &digest_len, md, NULL))) goto err; if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0) || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len), - tst->pass)) + tst->pass)) goto err; ret = 1; err: @@ -666,14 +671,13 @@ } #endif /* OPENSSL_NO_DSA */ - /* cipher encrypt/decrypt */ static int cipher_enc(const char *alg, - const unsigned char *pt, size_t pt_len, - const unsigned char *key, size_t key_len, - const unsigned char *iv, size_t iv_len, - const unsigned char *ct, size_t ct_len, - int enc) + const unsigned char *pt, size_t pt_len, + const unsigned char *key, size_t key_len, + const unsigned char *iv, size_t iv_len, + const unsigned char *ct, size_t ct_len, + int enc) { int ret = 0, out_len = 0, len = 0; EVP_CIPHER_CTX *ctx = NULL; @@ -704,23 +708,23 @@ const int enc = 1; return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len, - tst->key, tst->key_len, - tst->iv, tst->iv_len, - tst->ct, tst->ct_len, enc)) - && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len, - tst->key, tst->key_len, - tst->iv, tst->iv_len, - tst->pt, tst->pt_len, !enc)); + tst->key, tst->key_len, + tst->iv, tst->iv_len, + tst->ct, tst->ct_len, enc)) + && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, + tst->pt, tst->pt_len, !enc)); } static int aes_ccm_enc_dec(const char *alg, - const unsigned char *pt, size_t pt_len, - const unsigned char *key, size_t key_len, - const unsigned char *iv, size_t iv_len, - const unsigned char *aad, size_t aad_len, - const unsigned char *ct, size_t ct_len, - const unsigned char *tag, size_t tag_len, - int enc, int pass) + const unsigned char *pt, size_t pt_len, + const unsigned char *key, size_t key_len, + const unsigned char *iv, size_t iv_len, + const unsigned char *aad, size_t aad_len, + const unsigned char *ct, size_t ct_len, + const unsigned char *tag, size_t tag_len, + int enc, int pass) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -729,15 +733,17 @@ unsigned char out[1024]; TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", - pass ? "pass" : "fail"); + pass ? "pass" : "fail"); if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, - NULL), 0) + NULL), + 0) || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, - enc ? NULL : (void *)tag), 0) + enc ? NULL : (void *)tag), + 0) || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len)) @@ -754,7 +760,8 @@ if (enc) { out_len += len; if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - tag_len, out + out_len), 0) + tag_len, out + out_len), + 0) || !TEST_mem_eq(out, out_len, ct, ct_len) || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) goto err; @@ -785,29 +792,29 @@ return 0; return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len, - tst->key, tst->key_len, - tst->iv, tst->iv_len, tst->aad, tst->aad_len, - tst->ct, ct_len, tag, tag_len, enc, pass) - && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, - tst->key, tst->key_len, - tst->iv, tst->iv_len, tst->aad, tst->aad_len, - tst->pt, tst->pt_len, tag, tag_len, !enc, pass) - /* test that it fails if the tag is incorrect */ - && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, - tst->key, tst->key_len, - tst->iv, tst->iv_len, tst->aad, tst->aad_len, - tst->pt, tst->pt_len, - tag - 1, tag_len, !enc, !pass); + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->ct, ct_len, tag, tag_len, enc, pass) + && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, tag, tag_len, !enc, pass) + /* test that it fails if the tag is incorrect */ + && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, + tag - 1, tag_len, !enc, !pass); } static int aes_gcm_enc_dec(const char *alg, - const unsigned char *pt, size_t pt_len, - const unsigned char *key, size_t key_len, - const unsigned char *iv, size_t iv_len, - const unsigned char *aad, size_t aad_len, - const unsigned char *ct, size_t ct_len, - const unsigned char *tag, size_t tag_len, - int enc, int pass) + const unsigned char *pt, size_t pt_len, + const unsigned char *key, size_t key_len, + const unsigned char *iv, size_t iv_len, + const unsigned char *aad, size_t aad_len, + const unsigned char *ct, size_t ct_len, + const unsigned char *tag, size_t tag_len, + int enc, int pass) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -816,18 +823,20 @@ unsigned char out[1024]; TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", - pass ? "pass" : "fail"); + pass ? "pass" : "fail"); if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, - NULL), 0)) + NULL), + 0)) goto err; if (!enc) { if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, - (void *)tag), 0)) + (void *)tag), + 0)) goto err; } /* @@ -851,9 +860,10 @@ if (enc) { if (!TEST_mem_eq(out, out_len, ct, ct_len) || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - tag_len, out + out_len), 0) + tag_len, out + out_len), + 0) || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) - goto err; + goto err; } else { if (!TEST_mem_eq(out, out_len, ct, ct_len)) goto err; @@ -873,28 +883,28 @@ int pass = 1; return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len, - tst->key, tst->key_len, - tst->iv, tst->iv_len, tst->aad, tst->aad_len, - tst->ct, tst->ct_len, tst->tag, tst->tag_len, - enc, pass) - && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, - tst->key, tst->key_len, - tst->iv, tst->iv_len, tst->aad, tst->aad_len, - tst->pt, tst->pt_len, tst->tag, tst->tag_len, - !enc, pass) - /* Fail if incorrect tag passed to decrypt */ - && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, - tst->key, tst->key_len, - tst->iv, tst->iv_len, tst->aad, tst->aad_len, - tst->pt, tst->pt_len, tst->aad, tst->tag_len, - !enc, !pass); + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->ct, tst->ct_len, tst->tag, tst->tag_len, + enc, pass) + && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, tst->tag, tst->tag_len, + !enc, pass) + /* Fail if incorrect tag passed to decrypt */ + && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, tst->aad, tst->tag_len, + !enc, !pass); } #ifndef OPENSSL_NO_DH static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name, - const unsigned char *pub, size_t pub_len, - const unsigned char *priv, size_t priv_len, - BN_CTX *bn_ctx, int pass) + const unsigned char *pub, size_t pub_len, + const unsigned char *priv, size_t priv_len, + BN_CTX *bn_ctx, int pass) { int ret = 0; EVP_PKEY_CTX *ctx = NULL; @@ -905,22 +915,23 @@ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || (group_name != NULL && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string( - bld, OSSL_PKEY_PARAM_GROUP_NAME, - group_name, 0), 0))) + bld, OSSL_PKEY_PARAM_GROUP_NAME, + group_name, 0), + 0))) goto err; if (pub != NULL) { if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, - pub_bn))) + pub_bn))) goto err; } if (priv != NULL) { if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx)) || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, - priv_bn))) + priv_bn))) goto err; } @@ -928,8 +939,8 @@ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params), - pass)) - goto err; + pass)) + goto err; ret = 1; err: @@ -951,7 +962,7 @@ const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id]; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - (char *)tst->group_name, 0); + (char *)tst->group_name, 0); params[1] = OSSL_PARAM_construct_end(); if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) @@ -959,9 +970,9 @@ || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params)) || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, - &priv, &priv_len)) + &priv, &priv_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, - &pub, &pub_len))) + &pub, &pub_len))) goto err; test_output_memory("x", priv, priv_len); @@ -985,8 +996,8 @@ if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) || !TEST_true(dh_create_pkey(&pkey, tst->group_name, - tst->pub, tst->pub_len, - tst->priv, tst->priv_len, bn_ctx, 1)) + tst->pub, tst->pub_len, + tst->priv, tst->priv_len, bn_ctx, 1)) || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass)) goto err; @@ -1000,12 +1011,11 @@ } #endif /* OPENSSL_NO_DH */ - static int rsa_create_pkey(EVP_PKEY **pkey, - const unsigned char *n, size_t n_len, - const unsigned char *e, size_t e_len, - const unsigned char *d, size_t d_len, - BN_CTX *bn_ctx) + const unsigned char *n, size_t n_len, + const unsigned char *e, size_t e_len, + const unsigned char *d, size_t d_len, + BN_CTX *bn_ctx) { int ret = 0; EVP_PKEY_CTX *ctx = NULL; @@ -1023,21 +1033,21 @@ if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx)) || !TEST_ptr(BN_bin2bn(e, e_len, e_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, - e_bn))) + e_bn))) goto err; } if (d != NULL) { if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx)) || !TEST_ptr(BN_bin2bn(d, d_len, d_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, - d_bn))) + d_bn))) goto err; } if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params), - 1)) + 1)) goto err; ret = 1; @@ -1074,17 +1084,17 @@ || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL)) || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1, - xp1_bn)) + xp1_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2, - xp2_bn)) + xp2_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP, - xp_bn)) + xp_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1, - xq1_bn)) + xq1_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2, - xq2_bn)) + xq2_bn)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ, - xq_bn)) + xq_bn)) || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; @@ -1096,21 +1106,21 @@ || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0) || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1, - &p1, &p1_len)) + &p1, &p1_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2, - &p2, &p2_len)) + &p2, &p2_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1, - &q1, &q1_len)) + &q1, &q1_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2, - &q2, &q2_len)) + &q2, &q2_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, - &p, &p_len)) + &p, &p_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, - &q, &q_len)) + &q, &q_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, - &n, &n_len)) + &n, &n_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D, - &d, &d_len))) + &d, &d_len))) goto err; if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len) @@ -1169,20 +1179,20 @@ p = params; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, - (char *)tst->sig_pad_mode, 0); + (char *)tst->sig_pad_mode, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, - (char *)tst->digest_alg, 0); + (char *)tst->digest_alg, 0); if (salt_len >= 0) *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, - &salt_len); + &salt_len); *p++ = OSSL_PARAM_construct_end(); if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod)) - || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) - || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) - || !TEST_true(sig_gen(pkey, params, tst->digest_alg, - tst->msg, tst->msg_len, - &sig, &sig_len))) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) + || !TEST_true(sig_gen(pkey, params, tst->digest_alg, + tst->msg, tst->msg_len, + &sig, &sig_len))) goto err; test_output_memory("n", n, n_len); test_output_memory("e", e, e_len); @@ -1204,32 +1214,33 @@ EVP_MD_CTX *md_ctx = NULL; BN_CTX *bn_ctx = NULL; OSSL_PARAM params[4], *p; - const struct rsa_sigver_st *tst = &rsa_sigver_data[id]; + const struct rsa_sigver_st *tst = &rsa_sigver_data[id]; int salt_len = tst->pss_salt_len; TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode, - tst->pass == PASS ? "pass" : "fail"); + tst->pass == PASS ? "pass" : "fail"); p = params; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, - (char *)tst->sig_pad_mode, 0); + (char *)tst->sig_pad_mode, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, - (char *)tst->digest_alg, 0); + (char *)tst->digest_alg, 0); if (salt_len >= 0) *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, - &salt_len); + &salt_len); *p++ = OSSL_PARAM_construct_end(); if (!TEST_ptr(bn_ctx = BN_CTX_new()) || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len, - tst->e, tst->e_len, NULL, 0, bn_ctx)) + tst->e, tst->e_len, NULL, 0, bn_ctx)) || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx, - tst->digest_alg, libctx, NULL, - pkey, NULL)) + tst->digest_alg, libctx, NULL, + pkey, NULL)) || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params)) || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len, - tst->msg, tst->msg_len), tst->pass)) + tst->msg, tst->msg_len), + tst->pass)) goto err; ret = 1; err: @@ -1249,7 +1260,7 @@ unsigned char *n = NULL, *e = NULL; size_t n_len = 0, e_len = 0; BN_CTX *bn_ctx = NULL; - const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id]; + const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id]; if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) @@ -1315,7 +1326,7 @@ unsigned char returned_bits[64]; const size_t returned_bits_len = sizeof(returned_bits); unsigned int strength = 256; - const struct drbg_st *tst = &drbg_data[id]; + const struct drbg_st *tst = &drbg_data[id]; int res = 0; /* Create the seed source */ @@ -1337,20 +1348,20 @@ /* Set the DRBG up */ params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, - (int *)&tst->use_df); + (int *)&tst->use_df); params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, - (char *)tst->cipher, 0); + (char *)tst->cipher, 0); params[2] = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params))) goto err; /* Feed in the entropy and nonce */ params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, - (void *)tst->entropy_input, - tst->entropy_input_len); + (void *)tst->entropy_input, + tst->entropy_input_len); params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, - (void *)tst->nonce, - tst->nonce_len); + (void *)tst->nonce, + tst->nonce_len); params[2] = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_RAND_CTX_set_params(parent, params))) goto err; @@ -1362,9 +1373,9 @@ */ if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL)) || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len, - 0, 0, NULL, 0)) + 0, 0, NULL, 0)) || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len, - 0, 0, NULL, 0))) + 0, 0, NULL, 0))) goto err; test_output_memory("returned bits", returned_bits, returned_bits_len); @@ -1376,7 +1387,7 @@ /* Verify the output */ if (!TEST_mem_eq(returned_bits, returned_bits_len, - tst->returned_bits, tst->returned_bits_len)) + tst->returned_bits, tst->returned_bits_len)) goto err; res = 1; err: @@ -1418,7 +1429,7 @@ goto err; if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx)) || !TEST_ptr(p = OSSL_PARAM_locate_const(params, - OSSL_CIPHER_PARAM_USE_BITS))) + OSSL_CIPHER_PARAM_USE_BITS))) goto err; EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0)) @@ -1446,7 +1457,7 @@ config_file = opt_arg(); break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; @@ -1467,13 +1478,13 @@ ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data)); ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data)); ADD_ALL_TESTS(rsa_decryption_primitive_test, - OSSL_NELEM(rsa_decrypt_prim_data)); + OSSL_NELEM(rsa_decrypt_prim_data)); #ifndef OPENSSL_NO_DH ADD_ALL_TESTS(dh_safe_prime_keygen_test, - OSSL_NELEM(dh_safe_prime_keygen_data)); + OSSL_NELEM(dh_safe_prime_keygen_data)); ADD_ALL_TESTS(dh_safe_prime_keyver_test, - OSSL_NELEM(dh_safe_prime_keyver_data)); + OSSL_NELEM(dh_safe_prime_keyver_data)); #endif /* OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DSA --- crypto/openssl/test/aesgcmtest.c.orig +++ crypto/openssl/test/aesgcmtest.c @@ -36,7 +36,7 @@ }; static int do_encrypt(unsigned char *iv_gen, unsigned char *ct, int *ct_len, - unsigned char *tag, int *tag_len) + unsigned char *tag, int *tag_len) { int ret = 0; EVP_CIPHER_CTX *ctx = NULL; @@ -45,26 +45,31 @@ *tag_len = 16; ret = TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - && TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, - NULL) > 0) - && TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, - iv_gen != NULL ? NULL : gcm_iv) > 0) - && TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, - sizeof(gcm_aad)) > 0) - && TEST_true(EVP_EncryptUpdate(ctx, ct, ct_len, gcm_pt, - sizeof(gcm_pt)) > 0) - && TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &outlen) > 0) - && TEST_int_eq(EVP_CIPHER_CTX_get_tag_length(ctx), 16) - && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, - tag) > 0) - && TEST_true(iv_gen == NULL - || EVP_CIPHER_CTX_get_original_iv(ctx, iv_gen, 12)); + && TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, + NULL) + > 0) + && TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, + iv_gen != NULL ? NULL : gcm_iv) + > 0) + && TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, + sizeof(gcm_aad)) + > 0) + && TEST_true(EVP_EncryptUpdate(ctx, ct, ct_len, gcm_pt, + sizeof(gcm_pt)) + > 0) + && TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &outlen) > 0) + && TEST_int_eq(EVP_CIPHER_CTX_get_tag_length(ctx), 16) + && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, + tag) + > 0) + && TEST_true(iv_gen == NULL + || EVP_CIPHER_CTX_get_original_iv(ctx, iv_gen, 12)); EVP_CIPHER_CTX_free(ctx); return ret; } static int do_decrypt(const unsigned char *iv, const unsigned char *ct, - int ct_len, const unsigned char *tag, int tag_len) + int ct_len, const unsigned char *tag, int tag_len) { int ret = 0; EVP_CIPHER_CTX *ctx = NULL; @@ -73,18 +78,22 @@ unsigned char outbuf[32]; ret = TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - && TEST_true(EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, - NULL, NULL) > 0) - && TEST_true(EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, iv) > 0) - && TEST_int_eq(EVP_CIPHER_CTX_get_tag_length(ctx), 16) - && TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, - sizeof(gcm_aad)) > 0) - && TEST_true(EVP_DecryptUpdate(ctx, pt, &ptlen, ct, - ct_len) > 0) - && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - tag_len, (void *)tag) > 0) - && TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen) > 0) - && TEST_mem_eq(gcm_pt, sizeof(gcm_pt), pt, ptlen); + && TEST_true(EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, + NULL, NULL) + > 0) + && TEST_true(EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, iv) > 0) + && TEST_int_eq(EVP_CIPHER_CTX_get_tag_length(ctx), 16) + && TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, + sizeof(gcm_aad)) + > 0) + && TEST_true(EVP_DecryptUpdate(ctx, pt, &ptlen, ct, + ct_len) + > 0) + && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + tag_len, (void *)tag) + > 0) + && TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen) > 0) + && TEST_mem_eq(gcm_pt, sizeof(gcm_pt), pt, ptlen); EVP_CIPHER_CTX_free(ctx); return ret; @@ -97,9 +106,9 @@ int ctlen = 0, taglen = 0; return do_encrypt(NULL, ct, &ctlen, tag, &taglen) - && TEST_mem_eq(gcm_ct, sizeof(gcm_ct), ct, ctlen) - && TEST_mem_eq(gcm_tag, sizeof(gcm_tag), tag, taglen) - && do_decrypt(gcm_iv, ct, ctlen, tag, taglen); + && TEST_mem_eq(gcm_ct, sizeof(gcm_ct), ct, ctlen) + && TEST_mem_eq(gcm_tag, sizeof(gcm_tag), tag, taglen) + && do_decrypt(gcm_iv, ct, ctlen, tag, taglen); } static int badkeylen_test(void) @@ -109,9 +118,9 @@ const EVP_CIPHER *cipher; ret = TEST_ptr(cipher = EVP_aes_192_gcm()) - && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - && TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL)) - && TEST_int_le(EVP_CIPHER_CTX_set_key_length(ctx, 2), 0); + && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + && TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL)) + && TEST_int_le(EVP_CIPHER_CTX_set_key_length(ctx, 2), 0); EVP_CIPHER_CTX_free(ctx); return ret; } @@ -124,7 +133,7 @@ int ctlen = 0, taglen = 0; return do_encrypt(iv_gen, ct, &ctlen, tag, &taglen) - && do_decrypt(iv_gen, ct, ctlen, tag, taglen); + && do_decrypt(iv_gen, ct, ctlen, tag, taglen); } int setup_tests(void) --- crypto/openssl/test/afalgtest.c.orig +++ crypto/openssl/test/afalgtest.c @@ -20,7 +20,7 @@ #include "testutil.h" /* Use a buffer size which is not aligned to block size */ -#define BUFFER_SIZE 17 +#define BUFFER_SIZE 17 #ifndef OPENSSL_NO_ENGINE static ENGINE *e; @@ -34,24 +34,18 @@ const unsigned char *enc_result = NULL; int encl, encf, decl, decf; int ret = 0; - static const unsigned char key[] = - "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06" - "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06"; - static const unsigned char iv[] = - "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30\xb4\x22\xda\x80\x2c\x9f\xac\x41"; + static const unsigned char key[] = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06" + "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06"; + static const unsigned char iv[] = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30\xb4\x22\xda\x80\x2c\x9f\xac\x41"; /* input = "Single block msg\n" 17 Bytes*/ - static const unsigned char in[BUFFER_SIZE] = - "\x53\x69\x6e\x67\x6c\x65\x20\x62\x6c\x6f\x63\x6b\x20\x6d\x73\x67" - "\x0a"; - static const unsigned char encresult_128[BUFFER_SIZE] = - "\xe3\x53\x77\x9c\x10\x79\xae\xb8\x27\x08\x94\x2d\xbe\x77\x18\x1a" - "\x2d"; - static const unsigned char encresult_192[BUFFER_SIZE] = - "\xf7\xe4\x26\xd1\xd5\x4f\x8f\x39\xb1\x9e\xe0\xdf\x61\xb9\xc2\x55" - "\xeb"; - static const unsigned char encresult_256[BUFFER_SIZE] = - "\xa0\x76\x85\xfd\xc1\x65\x71\x9d\xc7\xe9\x13\x6e\xae\x55\x49\xb4" - "\x13"; + static const unsigned char in[BUFFER_SIZE] = "\x53\x69\x6e\x67\x6c\x65\x20\x62\x6c\x6f\x63\x6b\x20\x6d\x73\x67" + "\x0a"; + static const unsigned char encresult_128[BUFFER_SIZE] = "\xe3\x53\x77\x9c\x10\x79\xae\xb8\x27\x08\x94\x2d\xbe\x77\x18\x1a" + "\x2d"; + static const unsigned char encresult_192[BUFFER_SIZE] = "\xf7\xe4\x26\xd1\xd5\x4f\x8f\x39\xb1\x9e\xe0\xdf\x61\xb9\xc2\x55" + "\xeb"; + static const unsigned char encresult_256[BUFFER_SIZE] = "\xa0\x76\x85\xfd\xc1\x65\x71\x9d\xc7\xe9\x13\x6e\xae\x55\x49\xb4" + "\x13"; #ifdef OSSL_SANITIZE_MEMORY /* @@ -64,27 +58,27 @@ #endif switch (keysize_idx) { - case 0: - cipher = EVP_aes_128_cbc(); - enc_result = &encresult_128[0]; - break; - case 1: - cipher = EVP_aes_192_cbc(); - enc_result = &encresult_192[0]; - break; - case 2: - cipher = EVP_aes_256_cbc(); - enc_result = &encresult_256[0]; - break; - default: - cipher = NULL; + case 0: + cipher = EVP_aes_128_cbc(); + enc_result = &encresult_128[0]; + break; + case 1: + cipher = EVP_aes_192_cbc(); + enc_result = &encresult_192[0]; + break; + case 2: + cipher = EVP_aes_256_cbc(); + enc_result = &encresult_256[0]; + break; + default: + cipher = NULL; } if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) - return 0; + return 0; if (!TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1)) - || !TEST_true(EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE)) - || !TEST_true(EVP_CipherFinal_ex(ctx, ebuf + encl, &encf))) + || !TEST_true(EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE)) + || !TEST_true(EVP_CipherFinal_ex(ctx, ebuf + encl, &encf))) goto end; encl += encf; @@ -92,19 +86,19 @@ goto end; if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) - || !TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0)) - || !TEST_true(EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl)) - || !TEST_true(EVP_CipherFinal_ex(ctx, dbuf + decl, &decf))) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0)) + || !TEST_true(EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl)) + || !TEST_true(EVP_CipherFinal_ex(ctx, dbuf + decl, &decf))) goto end; decl += decf; if (!TEST_int_eq(decl, BUFFER_SIZE) - || !TEST_mem_eq(dbuf, BUFFER_SIZE, in, BUFFER_SIZE)) + || !TEST_mem_eq(dbuf, BUFFER_SIZE, in, BUFFER_SIZE)) goto end; ret = 1; - end: +end: EVP_CIPHER_CTX_free(ctx); return ret; } @@ -112,7 +106,7 @@ static int test_pr16743(void) { int ret = 0; - const EVP_CIPHER * cipher; + const EVP_CIPHER *cipher; EVP_CIPHER_CTX *ctx; if (!TEST_true(ENGINE_init(e))) @@ -130,9 +124,9 @@ int global_init(void) { ENGINE_load_builtin_engines(); -# ifndef OPENSSL_NO_STATIC_ENGINE +#ifndef OPENSSL_NO_STATIC_ENGINE OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL); -# endif +#endif return 1; } #endif --- crypto/openssl/test/algorithmid_test.c.orig +++ crypto/openssl/test/algorithmid_test.c @@ -14,9 +14,9 @@ #include "testutil.h" /* Collected arguments */ -static const char *eecert_filename = NULL; /* For test_x509_file() */ -static const char *cacert_filename = NULL; /* For test_x509_file() */ -static const char *pubkey_filename = NULL; /* For test_spki_file() */ +static const char *eecert_filename = NULL; /* For test_x509_file() */ +static const char *cacert_filename = NULL; /* For test_x509_file() */ +static const char *pubkey_filename = NULL; /* For test_spki_file() */ #define ALGORITHMID_NAME "algorithm-id" @@ -35,7 +35,7 @@ const OSSL_PARAM *gettable_params = NULL; OSSL_PARAM params[] = { OSSL_PARAM_octet_string(ALGORITHMID_NAME, - &algid_prov, sizeof(algid_prov)), + &algid_prov, sizeof(algid_prov)), OSSL_PARAM_END }; int ret = 0; @@ -58,10 +58,11 @@ * in this function. */ if ((keydata = evp_pkey_export_to_provider(pkey, NULL, - &keymgmt, NULL)) == NULL) { + &keymgmt, NULL)) + == NULL) { TEST_info("The public key found in '%s' doesn't have provider support." " Skipping...", - filename); + filename); ret = 1; goto end; } @@ -70,7 +71,7 @@ TEST_info("The AlgorithmID key type (%s) for the public key found in" " '%s' doesn't match the key type of the extracted public" " key.", - name, filename); + name, filename); ret = 1; goto end; } @@ -79,7 +80,7 @@ || !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) { TEST_info("The %s provider keymgmt appears to lack support for algorithm-id." " Skipping...", - name); + name); ret = 1; goto end; } @@ -91,10 +92,10 @@ /* We now have all the algorithm IDs we need, let's compare them */ if (TEST_mem_eq(algid_legacy, algid_legacy_len, - algid_prov, algid_prov_len)) + algid_prov, algid_prov_len)) ret = 1; - end: +end: EVP_KEYMGMT_free(keymgmt); OPENSSL_free(algid_legacy); return ret; @@ -108,7 +109,7 @@ } static int test_x509_sig_aid(X509 *eecert, const char *ee_filename, - X509 *cacert, const char *ca_filename) + X509 *cacert, const char *ca_filename) { const ASN1_OBJECT *sig_oid = NULL; const X509_ALGOR *alg = NULL; @@ -123,7 +124,7 @@ const OSSL_PARAM *gettable_params = NULL; OSSL_PARAM params[] = { OSSL_PARAM_octet_string("algorithm-id", - &algid_prov, sizeof(algid_prov)), + &algid_prov, sizeof(algid_prov)), OSSL_PARAM_END }; int ret = 0; @@ -139,9 +140,9 @@ if (!TEST_true(EVP_PKEY_is_a(pkey, OBJ_nid2sn(pkey_nid)))) { TEST_info("The '%s' pubkey can't be used to verify the '%s' signature", - ca_filename, ee_filename); + ca_filename, ee_filename); TEST_info("Signature algorithm is %s (pkey type %s, hash type %s)", - OBJ_nid2sn(sig_nid), OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid)); + OBJ_nid2sn(sig_nid), OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid)); TEST_info("Pkey key type is %s", EVP_PKEY_get0_type_name(pkey)); goto end; } @@ -151,11 +152,11 @@ if (!TEST_ptr(mdctx = EVP_MD_CTX_new()) || !TEST_true(EVP_DigestVerifyInit_ex(mdctx, &pctx, - OBJ_nid2sn(dig_nid), - NULL, NULL, pkey, NULL))) { + OBJ_nid2sn(dig_nid), + NULL, NULL, pkey, NULL))) { TEST_info("Couldn't initialize a DigestVerify operation with " "pkey type %s and hash type %s", - OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid)); + OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid)); goto end; } @@ -163,7 +164,7 @@ || !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) { TEST_info("The %s provider keymgmt appears to lack support for algorithm-id" " Skipping...", - OBJ_nid2sn(pkey_nid)); + OBJ_nid2sn(pkey_nid)); ret = 1; goto end; } @@ -175,10 +176,10 @@ /* We now have all the algorithm IDs we need, let's compare them */ if (TEST_mem_eq(algid_legacy, algid_legacy_len, - algid_prov, algid_prov_len)) + algid_prov, algid_prov_len)) ret = 1; - end: +end: EVP_MD_CTX_free(mdctx); /* pctx is free by EVP_MD_CTX_free() */ OPENSSL_free(algid_legacy); @@ -199,13 +200,13 @@ if ((pubkey = PEM_read_bio_X509_PUBKEY(b, NULL, NULL, NULL)) == NULL) { TEST_error("'%s' doesn't appear to be a SubjectPublicKeyInfo in PEM format\n", - pubkey_filename); + pubkey_filename); TEST_openssl_errors(); goto end; } ret = test_spki_aid(pubkey, pubkey_filename); - end: +end: BIO_free(b); X509_PUBKEY_free(pubkey); return ret; @@ -230,13 +231,13 @@ if ((eecert = PEM_read_bio_X509(bee, NULL, NULL, NULL)) == NULL) { TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n", - eecert_filename); + eecert_filename); TEST_openssl_errors(); goto end; } if ((cacert = PEM_read_bio_X509(bca, NULL, NULL, NULL)) == NULL) { TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n", - cacert_filename); + cacert_filename); TEST_openssl_errors(); goto end; } @@ -244,7 +245,7 @@ ret = test_x509_sig_aid(eecert, eecert_filename, cacert, cacert_filename) & test_x509_spki_aid(eecert, eecert_filename) & test_x509_spki_aid(cacert, cacert_filename); - end: +end: BIO_free(bee); BIO_free(bca); X509_free(eecert); @@ -267,7 +268,7 @@ { "x509", OPT_X509, '-', "Test X.509 certificates. Requires two files" }, { "spki", OPT_SPKI, '-', "Test public keys in SubjectPublicKeyInfo form. Requires one file" }, { OPT_HELP_STR, 1, '-', - "file...\tFile(s) to run tests on. All files must be PEM encoded.\n" }, + "file...\tFile(s) to run tests on. All files must be PEM encoded.\n" }, { NULL } }; return test_options; @@ -287,7 +288,7 @@ spki = 1; break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; --- crypto/openssl/test/asn1_decode_test.c.orig +++ crypto/openssl/test/asn1_decode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,16 +17,16 @@ #include "testutil.h" #ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wunused-function" +#pragma GCC diagnostic ignored "-Wunused-function" #endif #ifdef __clang__ -# pragma clang diagnostic ignored "-Wunused-function" +#pragma clang diagnostic ignored "-Wunused-function" #endif /* Badly coded ASN.1 INTEGER zero wrapped in a sequence */ static unsigned char t_invalid_zero[] = { - 0x30, 0x02, /* SEQUENCE tag + length */ - 0x02, 0x00 /* INTEGER tag + length */ + 0x30, 0x02, /* SEQUENCE tag + length */ + 0x02, 0x00 /* INTEGER tag + length */ }; #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -46,11 +46,10 @@ static int test_long(void) { const unsigned char *p = t_invalid_zero; - ASN1_LONG_DATA *dectst = - d2i_ASN1_LONG_DATA(NULL, &p, sizeof(t_invalid_zero)); + ASN1_LONG_DATA *dectst = d2i_ASN1_LONG_DATA(NULL, &p, sizeof(t_invalid_zero)); if (dectst == NULL) - return 0; /* Fail */ + return 0; /* Fail */ ASN1_LONG_DATA_free(dectst); return 1; @@ -73,11 +72,10 @@ static int test_int32(void) { const unsigned char *p = t_invalid_zero; - ASN1_INT32_DATA *dectst = - d2i_ASN1_INT32_DATA(NULL, &p, sizeof(t_invalid_zero)); + ASN1_INT32_DATA *dectst = d2i_ASN1_INT32_DATA(NULL, &p, sizeof(t_invalid_zero)); if (dectst == NULL) - return 0; /* Fail */ + return 0; /* Fail */ ASN1_INT32_DATA_free(dectst); return 1; @@ -99,11 +97,10 @@ static int test_uint32(void) { const unsigned char *p = t_invalid_zero; - ASN1_UINT32_DATA *dectst = - d2i_ASN1_UINT32_DATA(NULL, &p, sizeof(t_invalid_zero)); + ASN1_UINT32_DATA *dectst = d2i_ASN1_UINT32_DATA(NULL, &p, sizeof(t_invalid_zero)); if (dectst == NULL) - return 0; /* Fail */ + return 0; /* Fail */ ASN1_UINT32_DATA_free(dectst); return 1; @@ -125,11 +122,10 @@ static int test_int64(void) { const unsigned char *p = t_invalid_zero; - ASN1_INT64_DATA *dectst = - d2i_ASN1_INT64_DATA(NULL, &p, sizeof(t_invalid_zero)); + ASN1_INT64_DATA *dectst = d2i_ASN1_INT64_DATA(NULL, &p, sizeof(t_invalid_zero)); if (dectst == NULL) - return 0; /* Fail */ + return 0; /* Fail */ ASN1_INT64_DATA_free(dectst); return 1; @@ -151,11 +147,10 @@ static int test_uint64(void) { const unsigned char *p = t_invalid_zero; - ASN1_UINT64_DATA *dectst = - d2i_ASN1_UINT64_DATA(NULL, &p, sizeof(t_invalid_zero)); + ASN1_UINT64_DATA *dectst = d2i_ASN1_UINT64_DATA(NULL, &p, sizeof(t_invalid_zero)); if (dectst == NULL) - return 0; /* Fail */ + return 0; /* Fail */ ASN1_UINT64_DATA_free(dectst); return 1; @@ -178,15 +173,15 @@ /* Empty sequence for invalid template test */ static unsigned char t_invalid_template[] = { - 0x30, 0x03, /* SEQUENCE tag + length */ - 0x0c, 0x01, 0x41 /* UTF8String, length 1, "A" */ + 0x30, 0x03, /* SEQUENCE tag + length */ + 0x0c, 0x01, 0x41 /* UTF8String, length 1, "A" */ }; static int test_invalid_template(void) { const unsigned char *p = t_invalid_template; INVALIDTEMPLATE *tmp = d2i_INVALIDTEMPLATE(NULL, &p, - sizeof(t_invalid_template)); + sizeof(t_invalid_template)); /* We expect a NULL pointer return */ if (TEST_ptr_null(tmp)) @@ -209,7 +204,7 @@ /* Create an object that owns dynamically allocated 'sn' and 'ln' fields */ if (!TEST_ptr(obj = ASN1_OBJECT_create(NID_undef, cn_der, sizeof(cn_der), - "C", "countryName"))) + "C", "countryName"))) goto err; /* reuse obj - this should not leak sn and ln */ if (!TEST_ptr(d2i_ASN1_OBJECT(&obj, &p, sizeof(oid_der)))) --- crypto/openssl/test/asn1_dsa_internal_test.c.orig +++ crypto/openssl/test/asn1_dsa_internal_test.c @@ -15,28 +15,28 @@ #include "testutil.h" static unsigned char t_dsa_sig[] = { - 0x30, 0x06, /* SEQUENCE tag + length */ - 0x02, 0x01, 0x01, /* INTEGER tag + length + content */ - 0x02, 0x01, 0x02 /* INTEGER tag + length + content */ + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0x01, /* INTEGER tag + length + content */ + 0x02, 0x01, 0x02 /* INTEGER tag + length + content */ }; static unsigned char t_dsa_sig_extra[] = { - 0x30, 0x06, /* SEQUENCE tag + length */ - 0x02, 0x01, 0x01, /* INTEGER tag + length + content */ - 0x02, 0x01, 0x02, /* INTEGER tag + length + content */ - 0x05, 0x00 /* NULL tag + length */ + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0x01, /* INTEGER tag + length + content */ + 0x02, 0x01, 0x02, /* INTEGER tag + length + content */ + 0x05, 0x00 /* NULL tag + length */ }; static unsigned char t_dsa_sig_msb[] = { - 0x30, 0x08, /* SEQUENCE tag + length */ - 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length + content */ - 0x02, 0x02, 0x00, 0x82 /* INTEGER tag + length + content */ + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length + content */ + 0x02, 0x02, 0x00, 0x82 /* INTEGER tag + length + content */ }; static unsigned char t_dsa_sig_two[] = { - 0x30, 0x08, /* SEQUENCE tag + length */ - 0x02, 0x02, 0x01, 0x00, /* INTEGER tag + length + content */ - 0x02, 0x02, 0x02, 0x00 /* INTEGER tag + length + content */ + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x01, 0x00, /* INTEGER tag + length + content */ + 0x02, 0x02, 0x02, 0x00 /* INTEGER tag + length + content */ }; /* @@ -44,9 +44,9 @@ * (valid) INTEGER. */ static unsigned char t_invalid_int_zero[] = { - 0x30, 0x05, /* SEQUENCE tag + length */ - 0x02, 0x00, /* INTEGER tag + length */ - 0x02, 0x01, 0x2a /* INTEGER tag + length */ + 0x30, 0x05, /* SEQUENCE tag + length */ + 0x02, 0x00, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ }; /* @@ -54,9 +54,9 @@ * with another (valid) INTEGER. */ static unsigned char t_invalid_int[] = { - 0x30, 0x07, /* SEQUENCE tag + length */ - 0x02, 0x02, 0x00, 0x7f, /* INTEGER tag + length */ - 0x02, 0x01, 0x2a /* INTEGER tag + length */ + 0x30, 0x07, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x7f, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ }; /* @@ -64,21 +64,21 @@ * (valid) INTEGER. */ static unsigned char t_neg_int[] = { - 0x30, 0x06, /* SEQUENCE tag + length */ - 0x02, 0x01, 0xaa, /* INTEGER tag + length */ - 0x02, 0x01, 0x2a /* INTEGER tag + length */ + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0xaa, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ }; static unsigned char t_trunc_der[] = { - 0x30, 0x08, /* SEQUENCE tag + length */ - 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length */ - 0x02, 0x02, 0x00 /* INTEGER tag + length */ + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length */ + 0x02, 0x02, 0x00 /* INTEGER tag + length */ }; static unsigned char t_trunc_seq[] = { - 0x30, 0x07, /* SEQUENCE tag + length */ - 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length */ - 0x02, 0x02, 0x00, 0x82 /* INTEGER tag + length */ + 0x30, 0x07, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length */ + 0x02, 0x02, 0x00, 0x82 /* INTEGER tag + length */ }; static int test_decode(void) @@ -94,8 +94,8 @@ /* Positive tests */ pder = t_dsa_sig; if (ossl_decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig)) == 0 - || !TEST_ptr_eq(pder, (t_dsa_sig + sizeof(t_dsa_sig))) - || !TEST_BN_eq_word(r, 1) || !TEST_BN_eq_word(s, 2)) { + || !TEST_ptr_eq(pder, (t_dsa_sig + sizeof(t_dsa_sig))) + || !TEST_BN_eq_word(r, 1) || !TEST_BN_eq_word(s, 2)) { TEST_info("asn1_dsa test_decode: t_dsa_sig failed"); goto fail; } @@ -104,9 +104,9 @@ BN_clear(s); pder = t_dsa_sig_extra; if (ossl_decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_extra)) == 0 - || !TEST_ptr_eq(pder, - (t_dsa_sig_extra + sizeof(t_dsa_sig_extra) - 2)) - || !TEST_BN_eq_word(r, 1) || !TEST_BN_eq_word(s, 2)) { + || !TEST_ptr_eq(pder, + (t_dsa_sig_extra + sizeof(t_dsa_sig_extra) - 2)) + || !TEST_BN_eq_word(r, 1) || !TEST_BN_eq_word(s, 2)) { TEST_info("asn1_dsa test_decode: t_dsa_sig_extra failed"); goto fail; } @@ -115,8 +115,8 @@ BN_clear(s); pder = t_dsa_sig_msb; if (ossl_decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_msb)) == 0 - || !TEST_ptr_eq(pder, (t_dsa_sig_msb + sizeof(t_dsa_sig_msb))) - || !TEST_BN_eq_word(r, 0x81) || !TEST_BN_eq_word(s, 0x82)) { + || !TEST_ptr_eq(pder, (t_dsa_sig_msb + sizeof(t_dsa_sig_msb))) + || !TEST_BN_eq_word(r, 0x81) || !TEST_BN_eq_word(s, 0x82)) { TEST_info("asn1_dsa test_decode: t_dsa_sig_msb failed"); goto fail; } @@ -125,8 +125,8 @@ BN_clear(s); pder = t_dsa_sig_two; if (ossl_decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_two)) == 0 - || !TEST_ptr_eq(pder, (t_dsa_sig_two + sizeof(t_dsa_sig_two))) - || !TEST_BN_eq_word(r, 0x100) || !TEST_BN_eq_word(s, 0x200)) { + || !TEST_ptr_eq(pder, (t_dsa_sig_two + sizeof(t_dsa_sig_two))) + || !TEST_BN_eq_word(r, 0x100) || !TEST_BN_eq_word(s, 0x200)) { TEST_info("asn1_dsa test_decode: t_dsa_sig_two failed"); goto fail; } --- crypto/openssl/test/asn1_encode_test.c.orig +++ crypto/openssl/test/asn1_encode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,12 +16,12 @@ #include "testutil.h" #ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wunused-function" -# pragma GCC diagnostic ignored "-Wformat" +#pragma GCC diagnostic ignored "-Wunused-function" +#pragma GCC diagnostic ignored "-Wformat" #endif #ifdef __clang__ -# pragma clang diagnostic ignored "-Wunused-function" -# pragma clang diagnostic ignored "-Wformat" +#pragma clang diagnostic ignored "-Wunused-function" +#pragma clang diagnostic ignored "-Wformat" #endif /***** Custom test data ******************************************************/ @@ -93,9 +93,11 @@ unsigned char *bytes2; size_t nbytes2; } TEST_CUSTOM_DATA; -#define CUSTOM_DATA(v) \ - { v, sizeof(v), t_one, sizeof(t_one) }, \ - { t_one, sizeof(t_one), v, sizeof(v) } +#define CUSTOM_DATA(v) \ + { v, sizeof(v), t_one, sizeof(t_one) }, \ + { \ + t_one, sizeof(t_one), v, sizeof(v) \ + } static TEST_CUSTOM_DATA test_custom_data[] = { CUSTOM_DATA(t_zero), @@ -117,7 +119,6 @@ CUSTOM_DATA(t_4bytes_5_negpad), }; - /***** Type specific test data ***********************************************/ /* @@ -129,12 +130,14 @@ * For easy creation of arrays of expected data. These macros correspond to * the uses of CUSTOM_DATA above. */ -#define CUSTOM_EXPECTED_SUCCESS(num, znum) \ - { 0xff, num, 1 }, \ - { 0xff, 1, znum } -#define CUSTOM_EXPECTED_FAILURE \ - { 0, 0, 0 }, \ - { 0, 0, 0 } +#define CUSTOM_EXPECTED_SUCCESS(num, znum) \ + { 0xff, num, 1 }, \ + { \ + 0xff, 1, znum \ + } +#define CUSTOM_EXPECTED_FAILURE \ + { 0, 0, 0 }, \ + { 0, 0, 0 } /* * A structure to collect all test information in. There MUST be one instance @@ -146,7 +149,7 @@ typedef struct { ASN1_ITEM_EXP *asn1_type; const char *name; - int skip; /* 1 if this package should be skipped */ + int skip; /* 1 if this package should be skipped */ /* An array of structures to compare decoded custom data with */ void *encode_expectations; @@ -170,14 +173,14 @@ } TEST_PACKAGE; /* To facilitate the creation of an encdec_data array */ -#define ENCDEC_DATA(num, znum) \ +#define ENCDEC_DATA(num, znum) \ { 0xff, num, 1 }, { 0xff, 1, znum } -#define ENCDEC_ARRAY(max, zmax, min, zmin) \ - ENCDEC_DATA(max,zmax), \ - ENCDEC_DATA(min,zmin), \ - ENCDEC_DATA(1, 1), \ - ENCDEC_DATA(-1, -1), \ - ENCDEC_DATA(0, ASN1_LONG_UNDEF) +#define ENCDEC_ARRAY(max, zmax, min, zmin) \ + ENCDEC_DATA(max, zmax), \ + ENCDEC_DATA(min, zmin), \ + ENCDEC_DATA(1, 1), \ + ENCDEC_DATA(-1, -1), \ + ENCDEC_DATA(0, ASN1_LONG_UNDEF) #ifndef OPENSSL_NO_DEPRECATED_3_0 /***** LONG ******************************************************************/ @@ -200,23 +203,25 @@ static ASN1_LONG_DATA long_expected_32bit[] = { /* The following should fail on the second because it's the default */ - { 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */ - { 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */ + { 0xff, 0, 1 }, + { 0, 0, 0 }, /* t_zero */ + { 0, 0, 0 }, + { 0xff, 1, 0x7fffffff }, /* t_longundef */ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */ - CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */ - CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_1 (too large positive) */ - CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */ + CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_1 (too large positive) */ + CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX - 1), /* t_4bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ }; static ASN1_LONG_DATA long_encdec_data_32bit[] = { ENCDEC_ARRAY(LONG_MAX - 1, LONG_MAX, LONG_MIN, LONG_MIN), @@ -236,23 +241,25 @@ static ASN1_LONG_DATA long_expected_64bit[] = { /* The following should fail on the second because it's the default */ - { 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */ - { 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */ + { 0xff, 0, 1 }, + { 0, 0, 0 }, /* t_zero */ + { 0, 0, 0 }, + { 0xff, 1, 0x7fffffff }, /* t_longundef */ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */ - CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */ CUSTOM_EXPECTED_SUCCESS(LONG_MAX, LONG_MAX), /* t_8bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */ CUSTOM_EXPECTED_SUCCESS(LONG_MIN, LONG_MIN), /* t_8bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad (illegal padding) */ CUSTOM_EXPECTED_SUCCESS((long)0x1ffffffff, (long)0x1ffffffff), /* t_5bytes_1 */ CUSTOM_EXPECTED_SUCCESS((long)0x80000000, (long)0x80000000), /* t_4bytes_1 */ - CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ + CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX - 1), /* t_4bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ }; static ASN1_LONG_DATA long_encdec_data_64bit[] = { ENCDEC_ARRAY(LONG_MAX, LONG_MAX, LONG_MIN, LONG_MIN), @@ -294,18 +301,18 @@ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */ - CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */ - CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_1 (too large positive) */ - CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */ + CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_1 (too large positive) */ + CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX - 1), /* t_4bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ }; static ASN1_INT32_DATA int32_encdec_data[] = { ENCDEC_ARRAY(INT32_MAX, INT32_MAX, INT32_MIN, INT32_MIN), @@ -340,20 +347,20 @@ CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */ CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */ - CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */ - CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */ - CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */ - CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */ + CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */ + CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */ + CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */ CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */ - CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_4_neg (illegal negative value) */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ + CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX - 1), /* t_4bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_4_neg (illegal negative value) */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ }; static ASN1_UINT32_DATA uint32_encdec_data[] = { ENCDEC_ARRAY(UINT32_MAX, UINT32_MAX, 0, 0), @@ -390,18 +397,18 @@ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */ - CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 (too large positive) */ + CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 (too large positive) */ CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */ CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad (illegal padding) */ CUSTOM_EXPECTED_SUCCESS(0x1ffffffffULL, 0x1ffffffffULL), /* t_5bytes_1 */ CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */ - CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ + CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX - 1), /* t_4bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ }; static ASN1_INT64_DATA int64_encdec_data[] = { ENCDEC_ARRAY(INT64_MAX, INT64_MAX, INT64_MIN, INT64_MIN), @@ -437,21 +444,21 @@ CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */ CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */ CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */ - CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */ - CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */ - CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ - CUSTOM_EXPECTED_SUCCESS((uint64_t)INT64_MAX+1, (uint64_t)INT64_MAX+1), - /* t_8bytes_1 */ + CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */ + CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */ + CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */ + CUSTOM_EXPECTED_SUCCESS((uint64_t)INT64_MAX + 1, (uint64_t)INT64_MAX + 1), + /* t_8bytes_1 */ CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */ - CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */ + CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */ CUSTOM_EXPECTED_SUCCESS(0x1ffffffffULL, 0x1ffffffffULL), /* t_5bytes_1 */ CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */ - CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_4_neg (illegal negative value) */ - CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ + CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX - 1), /* t_4bytes_2 */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_4_neg (illegal negative value) */ + CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */ }; static ASN1_UINT64_DATA uint64_encdec_data[] = { ENCDEC_ARRAY(UINT64_MAX, UINT64_MAX, 0, 0), @@ -467,11 +474,10 @@ /***** General testing functions *********************************************/ - /* Template structure to map onto any test data structure */ typedef struct { ASN1_BOOLEAN success; - unsigned char bytes[1]; /* In reality, there's more */ + unsigned char bytes[1]; /* In reality, there's more */ } EXPECTED; /* @@ -482,8 +488,8 @@ * 1 decoded structure was what was expected (success) */ static int do_decode(unsigned char *bytes, long nbytes, - const EXPECTED *expected, size_t expected_size, - const TEST_PACKAGE *package) + const EXPECTED *expected, size_t expected_size, + const TEST_PACKAGE *package) { EXPECTED *enctst = NULL; const unsigned char *start; @@ -518,8 +524,8 @@ * 1 encoded DER was what was expected (success) */ static int do_encode(EXPECTED *input, - const unsigned char *expected, size_t expected_len, - const TEST_PACKAGE *package) + const unsigned char *expected, size_t expected_len, + const TEST_PACKAGE *package) { unsigned char *data = NULL; int len; @@ -547,7 +553,7 @@ /* Do an encode/decode round trip */ static int do_enc_dec(EXPECTED *bytes, long nbytes, - const TEST_PACKAGE *package) + const TEST_PACKAGE *package) { unsigned char *data = NULL; int len; @@ -592,7 +598,7 @@ } static size_t make_custom_der(const TEST_CUSTOM_DATA *custom_data, - unsigned char **encoding, int explicit_default) + unsigned char **encoding, int explicit_default) { size_t firstbytes, secondbytes = 0, secondbytesinner = 0, seqbytes; const unsigned char t_true[] = { V_ASN1_BOOLEAN, 0x01, 0xff }; @@ -602,8 +608,7 @@ /* * The first item is just an INTEGER tag, INTEGER length and INTEGER content */ - firstbytes = - 1 + der_encode_length(custom_data->nbytes1, NULL) + firstbytes = 1 + der_encode_length(custom_data->nbytes1, NULL) + custom_data->nbytes1; for (i = custom_data->nbytes2; i > 0; i--) { @@ -615,11 +620,9 @@ * The second item is an explicit tag, content length, INTEGER tag, * INTEGER length, INTEGER bytes */ - secondbytesinner = - 1 + der_encode_length(custom_data->nbytes2, NULL) + secondbytesinner = 1 + der_encode_length(custom_data->nbytes2, NULL) + custom_data->nbytes2; - secondbytes = - 1 + der_encode_length(secondbytesinner, NULL) + secondbytesinner; + secondbytes = 1 + der_encode_length(secondbytesinner, NULL) + secondbytesinner; } /* @@ -627,8 +630,7 @@ * (copied from t_true), the first (firstbytes) and second (secondbytes) * items */ - seqbytes = - 1 + der_encode_length(sizeof(t_true) + firstbytes + secondbytes, NULL) + seqbytes = 1 + der_encode_length(sizeof(t_true) + firstbytes + secondbytes, NULL) + sizeof(t_true) + firstbytes + secondbytes; *encoding = p = OPENSSL_malloc(seqbytes); @@ -667,8 +669,8 @@ /* Attempt to decode a custom encoding of the test structure */ static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data, - const EXPECTED *expected, size_t expected_size, - const TEST_PACKAGE *package) + const EXPECTED *expected, size_t expected_size, + const TEST_PACKAGE *package) { unsigned char *encoding = NULL; /* @@ -682,7 +684,7 @@ return -1; ret = do_decode(encoding, encoding_length, expected, expected_size, - package); + package); OPENSSL_free(encoding); return ret; @@ -690,8 +692,8 @@ /* Attempt to encode the test structure and compare it to custom DER */ static int do_encode_custom(EXPECTED *input, - const TEST_CUSTOM_DATA *custom_data, - const TEST_PACKAGE *package) + const TEST_CUSTOM_DATA *custom_data, + const TEST_PACKAGE *package) { unsigned char *expected = NULL; size_t expected_length = make_custom_der(custom_data, &expected, 0); @@ -717,15 +719,14 @@ if ((o = OPENSSL_malloc(DATA_BUF_SIZE)) == NULL) return 0; - (void)RAND_bytes((unsigned char*)o, - (int)package->encode_expectations_elem_size); + (void)RAND_bytes((unsigned char *)o, + (int)package->encode_expectations_elem_size); ret = ASN1_item_print(bio_err, o, 0, i, NULL); OPENSSL_free(o); return ret; } - static int test_intern(const TEST_PACKAGE *package) { unsigned int i; @@ -738,8 +739,7 @@ /* Do decode_custom checks */ nelems = package->encode_expectations_size / package->encode_expectations_elem_size; - OPENSSL_assert(nelems == - sizeof(test_custom_data) / sizeof(test_custom_data[0])); + OPENSSL_assert(nelems == sizeof(test_custom_data) / sizeof(test_custom_data[0])); for (i = 0; i < nelems; i++) { size_t pos = i * package->encode_expectations_elem_size; EXPECTED *expected @@ -749,14 +749,14 @@ case -1: if (expected->success) { TEST_error("Failed custom encode round trip %u of %s", - i, package->name); + i, package->name); TEST_openssl_errors(); fail++; } break; case 0: TEST_error("Custom encode round trip %u of %s mismatch", - i, package->name); + i, package->name); TEST_openssl_errors(); fail++; break; @@ -764,22 +764,22 @@ break; default: OPENSSL_die("do_encode_custom() return unknown value", - __FILE__, __LINE__); + __FILE__, __LINE__); } switch (do_decode_custom(&test_custom_data[i], expected, - package->encode_expectations_elem_size, - package)) { + package->encode_expectations_elem_size, + package)) { case -1: if (expected->success) { TEST_error("Failed custom decode round trip %u of %s", - i, package->name); + i, package->name); TEST_openssl_errors(); fail++; } break; case 0: TEST_error("Custom decode round trip %u of %s mismatch", - i, package->name); + i, package->name); TEST_openssl_errors(); fail++; break; @@ -787,7 +787,7 @@ break; default: OPENSSL_die("do_decode_custom() return unknown value", - __FILE__, __LINE__); + __FILE__, __LINE__); } } @@ -802,21 +802,21 @@ case -1: if (expected->success) { TEST_error("Failed encode/decode round trip %u of %s", - i, package->name); + i, package->name); TEST_openssl_errors(); fail++; } break; case 0: TEST_error("Encode/decode round trip %u of %s mismatch", - i, package->name); + i, package->name); fail++; break; case 1: break; default: OPENSSL_die("do_enc_dec() return unknown value", - __FILE__, __LINE__); + __FILE__, __LINE__); } } @@ -892,7 +892,6 @@ return ret < 0; } - int setup_tests(void) { #ifndef OPENSSL_NO_DEPRECATED_3_0 --- crypto/openssl/test/asn1_internal_test.c.orig +++ crypto/openssl/test/asn1_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,6 +20,7 @@ #include #include +#include #include #include "testutil.h" #include "internal/nelem.h" @@ -54,7 +55,7 @@ TEST_info("asn1 tbl_standard: out of order"); for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) TEST_note("asn1 tbl_standard: Index %zu, NID %d, Name=%s", - i, tmp->nid, OBJ_nid2ln(tmp->nid)); + i, tmp->nid, OBJ_nid2ln(tmp->nid)); return 0; } @@ -76,7 +77,7 @@ int ok = 1; for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods); - i++, tmp++) { + i++, tmp++) { if ((*tmp)->pkey_id < last_pkey_id) { last_pkey_id = 0; break; @@ -92,9 +93,9 @@ * Anything else is an error and may lead to a corrupt ASN1 method table */ if (!TEST_true(((*tmp)->pem_str == NULL && ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) != 0) - || ((*tmp)->pem_str != NULL && ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) == 0))) { + || ((*tmp)->pem_str != NULL && ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) == 0))) { TEST_note("asn1 standard methods: Index %zu, pkey ID %d, Name=%s", - i, (*tmp)->pkey_id, OBJ_nid2sn((*tmp)->pkey_id)); + i, (*tmp)->pkey_id, OBJ_nid2sn((*tmp)->pkey_id)); ok = 0; } } @@ -106,9 +107,9 @@ TEST_note("asn1 standard methods: out of order"); for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods); - i++, tmp++) + i++, tmp++) TEST_note("asn1 standard methods: Index %zu, pkey ID %d, Name=%s", - i, (*tmp)->pkey_id, OBJ_nid2sn((*tmp)->pkey_id)); + i, (*tmp)->pkey_id, OBJ_nid2sn((*tmp)->pkey_id)); return 0; } @@ -134,7 +135,7 @@ || !TEST_true(RSA_set0_key(rsa, n, e, NULL))) goto end; - n = e = NULL; /* They are now "owned" by |rsa| */ + n = e = NULL; /* They are now "owned" by |rsa| */ /* * This SHOULD fail, as we're trying to encode a public key as a private @@ -143,7 +144,7 @@ if (TEST_int_le(i2d_RSAPrivateKey(rsa, NULL), 0)) ok = 1; - end: +end: RSA_free(rsa); BN_free(n); BN_free(e); @@ -163,8 +164,8 @@ for (; univ < end; univ += 4) { if (!TEST_int_eq(ASN1_mbstring_copy(NULL, univ, 4, MBSTRING_UNIV, - B_ASN1_UTF8STRING), - expected)) + B_ASN1_UTF8STRING), + expected)) ok = 0; } return ok; @@ -190,11 +191,45 @@ return ok; } +static int test_mbstring_ncopy(void) +{ + ASN1_STRING *str = NULL; + const unsigned char in[] = { 0xFF, 0xFE, 0xFF, 0xFE }; + int inlen = 4; + int inform = MBSTRING_UNIV; + + if (!TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALSTRING, 0, 0), -1) + || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VISIBLESTRING, 0, 0), -1) + || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VIDEOTEXSTRING, 0, 0), -1) + || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALIZEDTIME, 0, 0), -1)) + return 0; + + return 1; +} + +static int test_ossl_uni2utf8(void) +{ + const unsigned char in[] = { 0x21, 0x92 }; /* unicode right arrow */ + int inlen = 2; + char *out = NULL; + int ok = 0; + + /* reproducer for CVE-2025-69419 */ + out = OPENSSL_uni2utf8(in, inlen); + if (TEST_str_eq(out, "\xe2\x86\x92")) + ok = 1; + + OPENSSL_free(out); + return ok; +} + int setup_tests(void) { ADD_TEST(test_tbl_standard); ADD_TEST(test_standard_methods); ADD_TEST(test_empty_nonoptional_content); ADD_TEST(test_unicode_range); + ADD_TEST(test_mbstring_ncopy); + ADD_TEST(test_ossl_uni2utf8); return 1; } --- crypto/openssl/test/asn1_stable_parse_test.c.orig +++ crypto/openssl/test/asn1_stable_parse_test.c @@ -24,13 +24,12 @@ static const OPTIONS options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, { "config", OPT_CONFIG_FILE, '<', - "The configuration file to use for the libctx" }, + "The configuration file to use for the libctx" }, { NULL } }; return options; } - /* * Test that parsing a config file with incorrect stable settings aren't parsed * and appropriate errors are raised --- crypto/openssl/test/asn1_string_table_test.c.orig +++ crypto/openssl/test/asn1_string_table_test.c @@ -66,7 +66,7 @@ } rv = 1; - out: +out: return rv; } --- crypto/openssl/test/asn1_time_test.c.orig +++ crypto/openssl/test/asn1_time_test.c @@ -19,90 +19,530 @@ #include "internal/nelem.h" struct testdata { - char *data; /* TIME string value */ - int type; /* GENERALIZED OR UTC */ - int expected_type; /* expected type after set/set_string_gmt */ - int check_result; /* check result */ - time_t t; /* expected time_t*/ - int cmp_result; /* comparison to baseline result */ - int convert_result; /* conversion result */ + char *data; /* TIME string value */ + int type; /* GENERALIZED OR UTC */ + int expected_type; /* expected type after set/set_string_gmt */ + int check_result; /* check result */ + time_t t; /* expected time_t*/ + int cmp_result; /* comparison to baseline result */ + int convert_result; /* conversion result */ }; static struct testdata tbl_testdata_pos[] = { - { "0", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, /* Bad time */ - { "ABCD", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "0ABCD", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "1-700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "`9700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "19700101000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, - { "A00101000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, - { "A9700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "1A700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "19A00101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "197A0101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "1970A101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "19700A01000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "197001A1000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "1970010A000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "19700101A00000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "197001010A0000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "1970010100A000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "19700101000A00Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "197001010000A0Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "1970010100000AZ", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "700101000000X", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 0, }, - { "19700101000000X", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0, 0, 0, 0, }, - { "19700101000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 0, -1, 1, }, /* Epoch begins */ - { "700101000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 0, -1, 1, }, /* ditto */ - { "20380119031407Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 0x7FFFFFFF, 1, 1, }, /* Max 32bit time_t */ - { "380119031407Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 0x7FFFFFFF, 1, 1, }, - { "20371231235959Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 2145916799, 1, 1, }, /* Just before 2038 */ - { "20371231235959Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 0, 0, 0, 1, }, /* Bad UTC time */ - { "371231235959Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 2145916799, 1, 1, }, - { "19701006121456Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 24063296, -1, 1, }, - { "701006121456Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 24063296, -1, 1, }, - { "19991231000000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, /* Match baseline */ - { "199912310000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, /* In various flavors */ - { "991231000000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "9912310000Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "9912310000+0000", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "199912310000+0000", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "9912310000-0000", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "199912310000-0000", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "199912310100+0100", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "199912302300-0100", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "199912302300-A000", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 0, 946598400, 0, 1, }, - { "199912302300-0A00", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 0, 946598400, 0, 1, }, - { "9912310100+0100", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, - { "9912302300-0100", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, 946598400, 0, 1, }, + { + "0", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, /* Bad time */ + { + "ABCD", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "0ABCD", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "1-700101000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "`9700101000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "19700101000000Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 0, + 0, + 0, + 0, + }, + { + "A00101000000Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 0, + 0, + 0, + 0, + }, + { + "A9700101000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "1A700101000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "19A00101000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "197A0101000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "1970A101000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "19700A01000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "197001A1000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "1970010A000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "19700101A00000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "197001010A0000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "1970010100A000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "19700101000A00Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "197001010000A0Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "1970010100000AZ", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "700101000000X", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 0, + 0, + 0, + 0, + }, + { + "19700101000000X", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 0, + 0, + 0, + 0, + }, + { + "19700101000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 0, + -1, + 1, + }, /* Epoch begins */ + { + "700101000000Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 0, + -1, + 1, + }, /* ditto */ + { + "20380119031407Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 0x7FFFFFFF, + 1, + 1, + }, /* Max 32bit time_t */ + { + "380119031407Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 0x7FFFFFFF, + 1, + 1, + }, + { + "20371231235959Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 2145916799, + 1, + 1, + }, /* Just before 2038 */ + { + "20371231235959Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 0, + 0, + 0, + 1, + }, /* Bad UTC time */ + { + "371231235959Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 2145916799, + 1, + 1, + }, + { + "19701006121456Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 24063296, + -1, + 1, + }, + { + "701006121456Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 24063296, + -1, + 1, + }, + { + "19991231000000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, /* Match baseline */ + { + "199912310000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, /* In various flavors */ + { + "991231000000Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "9912310000Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "9912310000+0000", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "199912310000+0000", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "9912310000-0000", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "199912310000-0000", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "199912310100+0100", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "199912302300-0100", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "199912302300-A000", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 0, + 946598400, + 0, + 1, + }, + { + "199912302300-0A00", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 0, + 946598400, + 0, + 1, + }, + { + "9912310100+0100", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, + { + "9912302300-0100", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + 946598400, + 0, + 1, + }, }; /* ASSUMES SIGNED TIME_T */ static struct testdata tbl_testdata_neg[] = { - { "19011213204552Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 1, INT_MIN, -1, 0, }, - { "691006121456Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, -7472704, -1, 1, }, - { "19691006121456Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, -7472704, -1, 1, }, + { + "19011213204552Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 1, + INT_MIN, + -1, + 0, + }, + { + "691006121456Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + -7472704, + -1, + 1, + }, + { + "19691006121456Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + -7472704, + -1, + 1, + }, }; /* explicit casts to time_t short warnings on systems with 32-bit time_t */ static struct testdata tbl_testdata_pos_64bit[] = { - { "20380119031408Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, (time_t)0x80000000, 1, 1, }, - { "20380119031409Z", V_ASN1_GENERALIZEDTIME, V_ASN1_UTCTIME, 1, (time_t)0x80000001, 1, 1, }, - { "380119031408Z", V_ASN1_UTCTIME, V_ASN1_UTCTIME, 1, (time_t)0x80000000, 1, 1, }, - { "20500101120000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 1, (time_t)0x967b1ec0, 1, 0, }, + { + "20380119031408Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + (time_t)0x80000000, + 1, + 1, + }, + { + "20380119031409Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_UTCTIME, + 1, + (time_t)0x80000001, + 1, + 1, + }, + { + "380119031408Z", + V_ASN1_UTCTIME, + V_ASN1_UTCTIME, + 1, + (time_t)0x80000000, + 1, + 1, + }, + { + "20500101120000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 1, + (time_t)0x967b1ec0, + 1, + 0, + }, }; /* ASSUMES SIGNED TIME_T */ static struct testdata tbl_testdata_neg_64bit[] = { - { "19011213204551Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 1, (time_t)-2147483649LL, -1, 0, }, - { "19000101120000Z", V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 1, (time_t)-2208945600LL, -1, 0, }, + { + "19011213204551Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 1, + (time_t)-2147483649LL, + -1, + 0, + }, + { + "19000101120000Z", + V_ASN1_GENERALIZEDTIME, + V_ASN1_GENERALIZEDTIME, + 1, + (time_t)-2208945600LL, + -1, + 0, + }, }; /* A baseline time to compare to */ static ASN1_TIME gtime = { 15, V_ASN1_GENERALIZEDTIME, - (unsigned char*)"19991231000000Z", + (unsigned char *)"19991231000000Z", 0 }; static time_t gtime_t = 946598400; @@ -115,8 +555,8 @@ struct testdata *td = &tbl[idx]; int day, sec; - atime.data = (unsigned char*)td->data; - atime.length = strlen((char*)atime.data); + atime.data = (unsigned char *)td->data; + atime.length = strlen((char *)atime.data); atime.type = td->type; atime.flags = 0; @@ -144,9 +584,7 @@ if (!TEST_true(ASN1_TIME_diff(&day, &sec, >ime, &atime))) { TEST_info("ASN1_TIME_diff(%s) to baseline failed", atime.data); error = 1; - } else if (!((td->cmp_result == 0 && TEST_true((day == 0 && sec == 0))) || - (td->cmp_result == -1 && TEST_true((day < 0 || sec < 0))) || - (td->cmp_result == 1 && TEST_true((day > 0 || sec > 0))))) { + } else if (!((td->cmp_result == 0 && TEST_true((day == 0 && sec == 0))) || (td->cmp_result == -1 && TEST_true((day < 0 || sec < 0))) || (td->cmp_result == 1 && TEST_true((day > 0 || sec > 0))))) { TEST_info("ASN1_TIME_diff(%s) to baseline bad comparison", atime.data); error = 1; } @@ -164,7 +602,7 @@ int local_error = 0; if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) { TEST_info("ASN1_TIME_set(%ld) compare failed (%s->%s)", - (long)td->t, td->data, ptime->data); + (long)td->t, td->data, ptime->data); local_error = error = 1; } if (!TEST_int_eq(ptime->type, td->expected_type)) { @@ -286,31 +724,31 @@ static unsigned char TODAY_UTC_STR[] = "170825000000Z"; static unsigned char TOMORROW_UTC_STR[] = "170826000000Z"; -#define TODAY_GEN { sizeof(TODAY_GEN_STR)-1, V_ASN1_GENERALIZEDTIME, TODAY_GEN_STR, 0 } -#define TOMORROW_GEN { sizeof(TOMORROW_GEN_STR)-1, V_ASN1_GENERALIZEDTIME, TOMORROW_GEN_STR, 0 } -#define TODAY_UTC { sizeof(TODAY_UTC_STR)-1, V_ASN1_UTCTIME, TODAY_UTC_STR, 0 } -#define TOMORROW_UTC { sizeof(TOMORROW_UTC_STR)-1, V_ASN1_UTCTIME, TOMORROW_UTC_STR, 0 } +#define TODAY_GEN { sizeof(TODAY_GEN_STR) - 1, V_ASN1_GENERALIZEDTIME, TODAY_GEN_STR, 0 } +#define TOMORROW_GEN { sizeof(TOMORROW_GEN_STR) - 1, V_ASN1_GENERALIZEDTIME, TOMORROW_GEN_STR, 0 } +#define TODAY_UTC { sizeof(TODAY_UTC_STR) - 1, V_ASN1_UTCTIME, TODAY_UTC_STR, 0 } +#define TOMORROW_UTC { sizeof(TOMORROW_UTC_STR) - 1, V_ASN1_UTCTIME, TOMORROW_UTC_STR, 0 } static struct compare_testdata tbl_compare_testdata[] = { - { TODAY_GEN, TODAY_GEN, 0 }, - { TODAY_GEN, TODAY_UTC, 0 }, - { TODAY_GEN, TOMORROW_GEN, -1 }, - { TODAY_GEN, TOMORROW_UTC, -1 }, - - { TODAY_UTC, TODAY_GEN, 0 }, - { TODAY_UTC, TODAY_UTC, 0 }, - { TODAY_UTC, TOMORROW_GEN, -1 }, - { TODAY_UTC, TOMORROW_UTC, -1 }, - - { TOMORROW_GEN, TODAY_GEN, 1 }, - { TOMORROW_GEN, TODAY_UTC, 1 }, - { TOMORROW_GEN, TOMORROW_GEN, 0 }, - { TOMORROW_GEN, TOMORROW_UTC, 0 }, - - { TOMORROW_UTC, TODAY_GEN, 1 }, - { TOMORROW_UTC, TODAY_UTC, 1 }, - { TOMORROW_UTC, TOMORROW_GEN, 0 }, - { TOMORROW_UTC, TOMORROW_UTC, 0 } + { TODAY_GEN, TODAY_GEN, 0 }, + { TODAY_GEN, TODAY_UTC, 0 }, + { TODAY_GEN, TOMORROW_GEN, -1 }, + { TODAY_GEN, TOMORROW_UTC, -1 }, + + { TODAY_UTC, TODAY_GEN, 0 }, + { TODAY_UTC, TODAY_UTC, 0 }, + { TODAY_UTC, TOMORROW_GEN, -1 }, + { TODAY_UTC, TOMORROW_UTC, -1 }, + + { TOMORROW_GEN, TODAY_GEN, 1 }, + { TOMORROW_GEN, TODAY_UTC, 1 }, + { TOMORROW_GEN, TOMORROW_GEN, 0 }, + { TOMORROW_GEN, TOMORROW_UTC, 0 }, + + { TOMORROW_UTC, TODAY_GEN, 1 }, + { TOMORROW_UTC, TODAY_UTC, 1 }, + { TOMORROW_UTC, TOMORROW_GEN, 0 }, + { TOMORROW_UTC, TOMORROW_UTC, 0 } }; static int test_table_compare(int idx) @@ -372,7 +810,7 @@ } ret = 1; - err: +err: ASN1_STRING_free(asn1_time); ASN1_STRING_free(asn1_gentime); ASN1_STRING_free(asn1_time_dup); --- crypto/openssl/test/asynciotest.c.orig +++ crypto/openssl/test/asynciotest.c @@ -33,7 +33,7 @@ static int async_puts(BIO *bp, const char *str); /* Choose a sufficiently large type likely to be unused for this custom BIO */ -# define BIO_TYPE_ASYNC_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_ASYNC_FILTER (0x80 | BIO_TYPE_FILTER) static BIO_METHOD *methods_async = NULL; @@ -46,7 +46,7 @@ { if (methods_async == NULL) { methods_async = BIO_meth_new(BIO_TYPE_ASYNC_FILTER, "Async filter"); - if ( methods_async == NULL + if (methods_async == NULL || !BIO_meth_set_write(methods_async, async_write) || !BIO_meth_set_read(methods_async, async_read) || !BIO_meth_set_puts(methods_async, async_puts) @@ -114,12 +114,12 @@ return ret; } -#define MIN_RECORD_LEN 6 +#define MIN_RECORD_LEN 6 -#define CONTENTTYPEPOS 0 -#define VERSIONHIPOS 1 -#define VERSIONLOPOS 2 -#define DATAPOS 5 +#define CONTENTTYPEPOS 0 +#define VERSIONHIPOS 1 +#define VERSIONLOPOS 2 +#define DATAPOS 5 static int async_write(BIO *bio, const char *in, int inl) { @@ -151,9 +151,9 @@ unsigned int msgtype = 0, negversion = 0; if (!PACKET_get_1(&pkt, &contenttype) - || !PACKET_get_1(&pkt, &versionhi) - || !PACKET_get_1(&pkt, &versionlo) - || !PACKET_get_length_prefixed_2(&pkt, &payload)) + || !PACKET_get_1(&pkt, &versionhi) + || !PACKET_get_1(&pkt, &versionlo) + || !PACKET_get_length_prefixed_2(&pkt, &payload)) return -1; /* Pretend we wrote out the record header */ @@ -161,25 +161,25 @@ wholebody = payload; if (contenttype == SSL3_RT_HANDSHAKE - && !PACKET_get_1(&wholebody, &msgtype)) + && !PACKET_get_1(&wholebody, &msgtype)) return -1; if (msgtype == SSL3_MT_SERVER_HELLO) { if (!PACKET_forward(&wholebody, - SSL3_HM_HEADER_LENGTH - 1) - || !PACKET_get_net_2(&wholebody, &negversion) - /* Skip random (32 bytes) */ - || !PACKET_forward(&wholebody, 32) - /* Skip session id */ - || !PACKET_get_length_prefixed_1(&wholebody, - &sessionid) - /* - * Skip ciphersuite (2 bytes) and compression - * method (1 byte) - */ - || !PACKET_forward(&wholebody, 2 + 1) - || !PACKET_get_length_prefixed_2(&wholebody, - &extensions)) + SSL3_HM_HEADER_LENGTH - 1) + || !PACKET_get_net_2(&wholebody, &negversion) + /* Skip random (32 bytes) */ + || !PACKET_forward(&wholebody, 32) + /* Skip session id */ + || !PACKET_get_length_prefixed_1(&wholebody, + &sessionid) + /* + * Skip ciphersuite (2 bytes) and compression + * method (1 byte) + */ + || !PACKET_forward(&wholebody, 2 + 1) + || !PACKET_get_length_prefixed_2(&wholebody, + &extensions)) return -1; /* @@ -191,13 +191,13 @@ PACKET extbody; if (!PACKET_get_net_2(&extensions, &type) - || !PACKET_get_length_prefixed_2(&extensions, + || !PACKET_get_length_prefixed_2(&extensions, &extbody)) return -1; if (type == TLSEXT_TYPE_supported_versions - && (!PACKET_get_net_2(&extbody, &negversion) - || PACKET_remaining(&extbody) != 0)) + && (!PACKET_get_net_2(&extbody, &negversion) + || PACKET_remaining(&extbody) != 0)) return -1; } } @@ -212,7 +212,7 @@ 0, /* Version lo */ 0, /* Length hi */ 1, /* Length lo */ - 0 /* Data */ + 0 /* Data */ }; smallrec[CONTENTTYPEPOS] = contenttype; @@ -229,8 +229,8 @@ * TLS1.2), otherwise we get a bad record MAC */ if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC - || (negversion == TLS1_3_VERSION - && msgtype == SSL3_MT_SERVER_HELLO)) { + || (negversion == TLS1_3_VERSION + && msgtype == SSL3_MT_SERVER_HELLO)) { fragment = 0; break; } @@ -284,7 +284,7 @@ return async_write(bio, str, strlen(str)); } -#define MAX_ATTEMPTS 100 +#define MAX_ATTEMPTS 100 static int test_asyncio(int test) { @@ -297,9 +297,9 @@ char buf[sizeof(testdata)]; if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, 0, - &serverctx, &clientctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, 0, + &serverctx, &clientctx, cert, privkey))) goto end; /* @@ -311,11 +311,10 @@ if (test == 1) fragment = 1; - s_to_c_fbio = BIO_new(bio_f_async_filter()); c_to_s_fbio = BIO_new(bio_f_async_filter()); if (!TEST_ptr(s_to_c_fbio) - || !TEST_ptr(c_to_s_fbio)) { + || !TEST_ptr(c_to_s_fbio)) { BIO_free(s_to_c_fbio); BIO_free(c_to_s_fbio); goto end; @@ -323,9 +322,9 @@ /* BIOs get freed on error */ if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, - &clientssl, s_to_c_fbio, c_to_s_fbio)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + &clientssl, s_to_c_fbio, c_to_s_fbio)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; /* @@ -348,8 +347,7 @@ } else { int ssl_error = SSL_get_error(clientssl, ret); - if (!TEST_false(ssl_error == SSL_ERROR_SYSCALL || - ssl_error == SSL_ERROR_SSL)) + if (!TEST_false(ssl_error == SSL_ERROR_SYSCALL || ssl_error == SSL_ERROR_SSL)) goto end; } } @@ -361,16 +359,14 @@ * it could fail once for each byte read, including all overhead * bytes from the record header/padding etc. */ - for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && - i < MAX_ATTEMPTS; i++) { + for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < MAX_ATTEMPTS; i++) { ret = SSL_read(serverssl, buf + len, sizeof(buf) - len); if (ret > 0) { len += ret; } else { int ssl_error = SSL_get_error(serverssl, ret); - if (!TEST_false(ssl_error == SSL_ERROR_SYSCALL || - ssl_error == SSL_ERROR_SSL)) + if (!TEST_false(ssl_error == SSL_ERROR_SYSCALL || ssl_error == SSL_ERROR_SSL)) goto end; } } @@ -385,7 +381,7 @@ testresult = 1; - end: +end: SSL_free(clientssl); SSL_free(serverssl); SSL_CTX_free(clientctx); @@ -404,7 +400,7 @@ } if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1))) + || !TEST_ptr(privkey = test_get_argument(1))) return 0; ADD_ALL_TESTS(test_asyncio, 2); --- crypto/openssl/test/asynctest.c.orig +++ crypto/openssl/test/asynctest.c @@ -8,7 +8,7 @@ */ #ifdef _WIN32 -# include +#include #endif #include @@ -70,13 +70,12 @@ goto err; ret = 1; - err: +err: OSSL_LIB_CTX_free(libctx); return ret; } - -#define MAGIC_WAIT_FD ((OSSL_ASYNC_FD)99) +#define MAGIC_WAIT_FD ((OSSL_ASYNC_FD)99) static int waitfd(void *args) { ASYNC_JOB *job; @@ -126,25 +125,25 @@ int funcret1, funcret2, funcret3; ASYNC_WAIT_CTX *waitctx = NULL; - if ( !ASYNC_init_thread(2, 0) - || (waitctx = ASYNC_WAIT_CTX_new()) == NULL - || ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0) - != ASYNC_PAUSE - || ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0) - != ASYNC_PAUSE - || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) - != ASYNC_NO_JOBS - || ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0) - != ASYNC_FINISH - || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) - != ASYNC_PAUSE - || ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0) - != ASYNC_FINISH - || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) - != ASYNC_FINISH - || funcret1 != 1 - || funcret2 != 1 - || funcret3 != 1) { + if (!ASYNC_init_thread(2, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0) + != ASYNC_PAUSE + || ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0) + != ASYNC_PAUSE + || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) + != ASYNC_NO_JOBS + || ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0) + != ASYNC_FINISH + || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) + != ASYNC_PAUSE + || ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0) + != ASYNC_FINISH + || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) + != ASYNC_FINISH + || funcret1 != 1 + || funcret2 != 1 + || funcret3 != 1) { fprintf(stderr, "test_ASYNC_init_thread() failed\n"); ASYNC_WAIT_CTX_free(waitctx); ASYNC_cleanup_thread(); @@ -170,17 +169,17 @@ void *get_arg; int set_status = 1; - if ( !ASYNC_init_thread(1, 0) - || (waitctx = ASYNC_WAIT_CTX_new()) == NULL - || ASYNC_WAIT_CTX_set_callback(waitctx, test_callback, (void*)&set_arg) - != 1 - || ASYNC_WAIT_CTX_get_callback(waitctx, &get_callback, &get_arg) - != 1 - || test_callback != get_callback - || get_arg != (void*)&set_arg - || (*get_callback)(get_arg) != 1 - || ASYNC_WAIT_CTX_set_status(waitctx, set_status) != 1 - || set_status != ASYNC_WAIT_CTX_get_status(waitctx)) { + if (!ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_WAIT_CTX_set_callback(waitctx, test_callback, (void *)&set_arg) + != 1 + || ASYNC_WAIT_CTX_get_callback(waitctx, &get_callback, &get_arg) + != 1 + || test_callback != get_callback + || get_arg != (void *)&set_arg + || (*get_callback)(get_arg) != 1 + || ASYNC_WAIT_CTX_set_status(waitctx, set_status) != 1 + || set_status != ASYNC_WAIT_CTX_get_status(waitctx)) { fprintf(stderr, "test_ASYNC_callback_status() failed\n"); ASYNC_WAIT_CTX_free(waitctx); ASYNC_cleanup_thread(); @@ -190,7 +189,6 @@ ASYNC_WAIT_CTX_free(waitctx); ASYNC_cleanup_thread(); return 1; - } static int test_ASYNC_start_job(void) @@ -201,15 +199,15 @@ ctr = 0; - if ( !ASYNC_init_thread(1, 0) - || (waitctx = ASYNC_WAIT_CTX_new()) == NULL - || ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0) - != ASYNC_PAUSE - || ctr != 1 - || ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0) - != ASYNC_FINISH - || ctr != 2 - || funcret != 2) { + if (!ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0) + != ASYNC_PAUSE + || ctr != 1 + || ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0) + != ASYNC_FINISH + || ctr != 2 + || funcret != 2) { fprintf(stderr, "test_ASYNC_start_job() failed\n"); ASYNC_WAIT_CTX_free(waitctx); ASYNC_cleanup_thread(); @@ -229,14 +227,14 @@ currjob = NULL; - if ( !ASYNC_init_thread(1, 0) - || (waitctx = ASYNC_WAIT_CTX_new()) == NULL - || ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0) - != ASYNC_PAUSE - || currjob != job - || ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0) - != ASYNC_FINISH - || funcret != 1) { + if (!ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0) + != ASYNC_PAUSE + || currjob != job + || ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0) + != ASYNC_FINISH + || funcret != 1) { fprintf(stderr, "test_ASYNC_get_current_job() failed\n"); ASYNC_WAIT_CTX_free(waitctx); ASYNC_cleanup_thread(); @@ -256,54 +254,54 @@ OSSL_ASYNC_FD fd = OSSL_BAD_ASYNC_FD, delfd = OSSL_BAD_ASYNC_FD; size_t numfds, numdelfds; - if ( !ASYNC_init_thread(1, 0) - || (waitctx = ASYNC_WAIT_CTX_new()) == NULL - /* On first run we're not expecting any wait fds */ - || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) - != ASYNC_PAUSE - || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) - || numfds != 0 - || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, - &numdelfds) - || numfds != 0 - || numdelfds != 0 - /* On second run we're expecting one added fd */ - || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) - != ASYNC_PAUSE - || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) - || numfds != 1 - || !ASYNC_WAIT_CTX_get_all_fds(waitctx, &fd, &numfds) - || fd != MAGIC_WAIT_FD - || (fd = OSSL_BAD_ASYNC_FD, 0) /* Assign to something else */ - || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, - &numdelfds) - || numfds != 1 - || numdelfds != 0 - || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, &fd, &numfds, NULL, - &numdelfds) - || fd != MAGIC_WAIT_FD - /* On third run we expect one deleted fd */ - || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) - != ASYNC_PAUSE - || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) - || numfds != 0 - || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, - &numdelfds) - || numfds != 0 - || numdelfds != 1 - || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, &delfd, - &numdelfds) - || delfd != MAGIC_WAIT_FD - /* On last run we are not expecting any wait fd */ - || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) - != ASYNC_FINISH - || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) - || numfds != 0 - || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, - &numdelfds) - || numfds != 0 - || numdelfds != 0 - || funcret != 1) { + if (!ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + /* On first run we're not expecting any wait fds */ + || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) + != ASYNC_PAUSE + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) + || numfds != 0 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, + &numdelfds) + || numfds != 0 + || numdelfds != 0 + /* On second run we're expecting one added fd */ + || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) + != ASYNC_PAUSE + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) + || numfds != 1 + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, &fd, &numfds) + || fd != MAGIC_WAIT_FD + || (fd = OSSL_BAD_ASYNC_FD, 0) /* Assign to something else */ + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, + &numdelfds) + || numfds != 1 + || numdelfds != 0 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, &fd, &numfds, NULL, + &numdelfds) + || fd != MAGIC_WAIT_FD + /* On third run we expect one deleted fd */ + || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) + != ASYNC_PAUSE + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) + || numfds != 0 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, + &numdelfds) + || numfds != 0 + || numdelfds != 1 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, &delfd, + &numdelfds) + || delfd != MAGIC_WAIT_FD + /* On last run we are not expecting any wait fd */ + || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) + != ASYNC_FINISH + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) + || numfds != 0 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, + &numdelfds) + || numfds != 0 + || numdelfds != 0 + || funcret != 1) { fprintf(stderr, "test_ASYNC_get_wait_fd() failed\n"); ASYNC_WAIT_CTX_free(waitctx); ASYNC_cleanup_thread(); @@ -321,13 +319,13 @@ int funcret; ASYNC_WAIT_CTX *waitctx = NULL; - if ( !ASYNC_init_thread(1, 0) - || (waitctx = ASYNC_WAIT_CTX_new()) == NULL - || ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0) - != ASYNC_PAUSE - || ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0) - != ASYNC_FINISH - || funcret != 1) { + if (!ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0) + != ASYNC_PAUSE + || ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0) + != ASYNC_FINISH + || funcret != 1) { fprintf(stderr, "test_ASYNC_block_pause() failed\n"); ASYNC_WAIT_CTX_free(waitctx); ASYNC_cleanup_thread(); @@ -350,18 +348,18 @@ if (libctx == NULL) { fprintf(stderr, - "test_ASYNC_start_job_ex() failed to create libctx\n"); + "test_ASYNC_start_job_ex() failed to create libctx\n"); goto err; } globalctx = oldctx = OSSL_LIB_CTX_set0_default(libctx); if ((waitctx = ASYNC_WAIT_CTX_new()) == NULL - || ASYNC_start_job(&job, waitctx, &funcret, change_deflt_libctx, - NULL, 0) - != ASYNC_PAUSE) { + || ASYNC_start_job(&job, waitctx, &funcret, change_deflt_libctx, + NULL, 0) + != ASYNC_PAUSE) { fprintf(stderr, - "test_ASYNC_start_job_ex() failed to start job\n"); + "test_ASYNC_start_job_ex() failed to start job\n"); goto err; } @@ -370,14 +368,14 @@ oldctx = OSSL_LIB_CTX_set0_default(tmpctx); if (tmpctx != libctx) { fprintf(stderr, - "test_ASYNC_start_job_ex() failed - unexpected libctx\n"); + "test_ASYNC_start_job_ex() failed - unexpected libctx\n"); goto err; } if (ASYNC_start_job(&job, waitctx, &funcret, change_deflt_libctx, NULL, 0) - != ASYNC_PAUSE) { + != ASYNC_PAUSE) { fprintf(stderr, - "test_ASYNC_start_job_ex() - restarting job failed\n"); + "test_ASYNC_start_job_ex() - restarting job failed\n"); goto err; } @@ -385,15 +383,15 @@ tmpctx = OSSL_LIB_CTX_set0_default(oldctx); if (tmpctx != libctx) { fprintf(stderr, - "test_ASYNC_start_job_ex() failed - unexpected libctx\n"); + "test_ASYNC_start_job_ex() failed - unexpected libctx\n"); goto err; } if (ASYNC_start_job(&job, waitctx, &funcret, change_deflt_libctx, NULL, 0) - != ASYNC_FINISH - || funcret != 1) { + != ASYNC_FINISH + || funcret != 1) { fprintf(stderr, - "test_ASYNC_start_job_ex() - finishing job failed\n"); + "test_ASYNC_start_job_ex() - finishing job failed\n"); goto err; } @@ -402,12 +400,12 @@ OSSL_LIB_CTX_set0_default(tmpctx); if (tmpctx != globalctx) { fprintf(stderr, - "test_ASYNC_start_job_ex() failed - global libctx check failed\n"); + "test_ASYNC_start_job_ex() failed - global libctx check failed\n"); goto err; } ret = 1; - err: +err: ASYNC_WAIT_CTX_free(waitctx); ASYNC_cleanup_thread(); OSSL_LIB_CTX_free(libctx); @@ -418,15 +416,15 @@ { if (!ASYNC_is_capable()) { fprintf(stderr, - "OpenSSL build is not ASYNC capable - skipping async tests\n"); + "OpenSSL build is not ASYNC capable - skipping async tests\n"); } else { if (!test_ASYNC_init_thread() - || !test_ASYNC_callback_status() - || !test_ASYNC_start_job() - || !test_ASYNC_get_current_job() - || !test_ASYNC_WAIT_CTX_get_all_fds() - || !test_ASYNC_block_pause() - || !test_ASYNC_start_job_ex()) { + || !test_ASYNC_callback_status() + || !test_ASYNC_start_job() + || !test_ASYNC_get_current_job() + || !test_ASYNC_WAIT_CTX_get_all_fds() + || !test_ASYNC_block_pause() + || !test_ASYNC_start_job_ex()) { return 1; } } --- crypto/openssl/test/bad_dtls_test.c.orig +++ crypto/openssl/test/bad_dtls_test.c @@ -63,9 +63,9 @@ static EVP_MD_CTX *handshake_md; static int do_PRF(const void *seed1, int seed1_len, - const void *seed2, int seed2_len, - const void *seed3, int seed3_len, - unsigned char *out, int olen) + const void *seed2, int seed2_len, + const void *seed3, int seed3_len, + unsigned char *out, int olen) { EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); size_t outlen = olen; @@ -85,24 +85,105 @@ static SSL_SESSION *client_session(void) { static unsigned char session_asn1[] = { - 0x30, 0x5F, /* SEQUENCE, length 0x5F */ - 0x02, 0x01, 0x01, /* INTEGER, SSL_SESSION_ASN1_VERSION */ - 0x02, 0x02, 0x01, 0x00, /* INTEGER, DTLS1_BAD_VER */ - 0x04, 0x02, 0x00, 0x2F, /* OCTET_STRING, AES128-SHA */ - 0x04, 0x20, /* OCTET_STRING, session id */ + 0x30, + 0x5F, /* SEQUENCE, length 0x5F */ + 0x02, + 0x01, + 0x01, /* INTEGER, SSL_SESSION_ASN1_VERSION */ + 0x02, + 0x02, + 0x01, + 0x00, /* INTEGER, DTLS1_BAD_VER */ + 0x04, + 0x02, + 0x00, + 0x2F, /* OCTET_STRING, AES128-SHA */ + 0x04, + 0x20, /* OCTET_STRING, session id */ #define SS_SESSID_OFS 15 /* Session ID goes here */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x04, 0x30, /* OCTET_STRING, master secret */ + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x04, + 0x30, /* OCTET_STRING, master secret */ #define SS_SECRET_OFS 49 /* Master secret goes here */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, }; const unsigned char *p = session_asn1; @@ -153,8 +234,7 @@ return 0; /* Check session id length and content */ - if (!PACKET_get_length_prefixed_1(&pkt, &pkt2) || - !PACKET_equal(&pkt2, session_id, sizeof(session_id))) + if (!PACKET_get_length_prefixed_1(&pkt, &pkt2) || !PACKET_equal(&pkt2, session_id, sizeof(session_id))) return 0; /* Check cookie */ @@ -183,8 +263,7 @@ return 0; /* Update handshake MAC for second ClientHello (with cookie) */ - if (cookie_found && !EVP_DigestUpdate(handshake_md, data + MAC_OFFSET, - len - MAC_OFFSET)) + if (cookie_found && !EVP_DigestUpdate(handshake_md, data + MAC_OFFSET, len - MAC_OFFSET)) return 0; (void)BIO_reset(wbio); @@ -196,21 +275,54 @@ { static unsigned char hello_verify[] = { 0x16, /* Handshake */ - 0x01, 0x00, /* DTLS1_BAD_VER */ - 0x00, 0x00, /* Epoch 0 */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Seq# 0 */ - 0x00, 0x23, /* Length */ + 0x01, + 0x00, /* DTLS1_BAD_VER */ + 0x00, + 0x00, /* Epoch 0 */ + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, /* Seq# 0 */ + 0x00, + 0x23, /* Length */ 0x03, /* Hello Verify */ - 0x00, 0x00, 0x17, /* Length */ - 0x00, 0x00, /* Seq# 0 */ - 0x00, 0x00, 0x00, /* Fragment offset */ - 0x00, 0x00, 0x17, /* Fragment length */ - 0x01, 0x00, /* DTLS1_BAD_VER */ + 0x00, + 0x00, + 0x17, /* Length */ + 0x00, + 0x00, /* Seq# 0 */ + 0x00, + 0x00, + 0x00, /* Fragment offset */ + 0x00, + 0x00, + 0x17, /* Fragment length */ + 0x01, + 0x00, /* DTLS1_BAD_VER */ 0x14, /* Cookie length */ #define HV_COOKIE_OFS 28 /* Cookie goes here */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, }; memcpy(hello_verify + HV_COOKIE_OFS, cookie, sizeof(cookie)); @@ -224,44 +336,127 @@ { static unsigned char server_hello[] = { 0x16, /* Handshake */ - 0x01, 0x00, /* DTLS1_BAD_VER */ - 0x00, 0x00, /* Epoch 0 */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, /* Seq# 1 */ - 0x00, 0x52, /* Length */ + 0x01, + 0x00, /* DTLS1_BAD_VER */ + 0x00, + 0x00, /* Epoch 0 */ + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x01, /* Seq# 1 */ + 0x00, + 0x52, /* Length */ 0x02, /* Server Hello */ - 0x00, 0x00, 0x46, /* Length */ - 0x00, 0x01, /* Seq# */ - 0x00, 0x00, 0x00, /* Fragment offset */ - 0x00, 0x00, 0x46, /* Fragment length */ - 0x01, 0x00, /* DTLS1_BAD_VER */ + 0x00, + 0x00, + 0x46, /* Length */ + 0x00, + 0x01, /* Seq# */ + 0x00, + 0x00, + 0x00, /* Fragment offset */ + 0x00, + 0x00, + 0x46, /* Fragment length */ + 0x01, + 0x00, /* DTLS1_BAD_VER */ #define SH_RANDOM_OFS 27 /* Server random goes here */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, 0x20, /* Session ID length */ #define SH_SESSID_OFS 60 /* Session ID goes here */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x2f, /* Cipher suite AES128-SHA */ + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x2f, /* Cipher suite AES128-SHA */ 0x00, /* Compression null */ }; static unsigned char change_cipher_spec[] = { 0x14, /* Change Cipher Spec */ - 0x01, 0x00, /* DTLS1_BAD_VER */ - 0x00, 0x00, /* Epoch 0 */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, /* Seq# 2 */ - 0x00, 0x03, /* Length */ - 0x01, 0x00, 0x02, /* Message */ + 0x01, + 0x00, /* DTLS1_BAD_VER */ + 0x00, + 0x00, /* Epoch 0 */ + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x02, /* Seq# 2 */ + 0x00, + 0x03, /* Length */ + 0x01, + 0x00, + 0x02, /* Message */ }; memcpy(server_hello + SH_RANDOM_OFS, server_random, sizeof(server_random)); memcpy(server_hello + SH_SESSID_OFS, session_id, sizeof(session_id)); if (!EVP_DigestUpdate(handshake_md, server_hello + MAC_OFFSET, - sizeof(server_hello) - MAC_OFFSET)) + sizeof(server_hello) - MAC_OFFSET)) return 0; BIO_write(rbio, server_hello, sizeof(server_hello)); @@ -272,7 +467,7 @@ /* Create header, HMAC, pad, encrypt and send a record */ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, - const void *msg, size_t len) + const void *msg, size_t len) { /* Note that the order of the record header fields on the wire, * and in the HMAC, is different. So we just keep them in separate @@ -307,21 +502,21 @@ /* Append HMAC to data */ if (!TEST_ptr(hmac = EVP_MAC_fetch(NULL, "HMAC", NULL)) - || !TEST_ptr(ctx = EVP_MAC_CTX_new(hmac))) + || !TEST_ptr(ctx = EVP_MAC_CTX_new(hmac))) goto end; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - "SHA1", 0); + "SHA1", 0); params[1] = OSSL_PARAM_construct_end(); lenbytes[0] = (unsigned char)(len >> 8); lenbytes[1] = (unsigned char)(len); if (!EVP_MAC_init(ctx, mac_key, 20, params) - || !EVP_MAC_update(ctx, epoch, 2) - || !EVP_MAC_update(ctx, seq, 6) - || !EVP_MAC_update(ctx, &type, 1) - || !EVP_MAC_update(ctx, ver, 2) /* Version */ - || !EVP_MAC_update(ctx, lenbytes, 2) /* Length */ - || !EVP_MAC_update(ctx, enc, len) /* Finally the data itself */ - || !EVP_MAC_final(ctx, enc + len, NULL, SHA_DIGEST_LENGTH)) + || !EVP_MAC_update(ctx, epoch, 2) + || !EVP_MAC_update(ctx, seq, 6) + || !EVP_MAC_update(ctx, &type, 1) + || !EVP_MAC_update(ctx, ver, 2) /* Version */ + || !EVP_MAC_update(ctx, lenbytes, 2) /* Length */ + || !EVP_MAC_update(ctx, enc, len) /* Finally the data itself */ + || !EVP_MAC_final(ctx, enc + len, NULL, SHA_DIGEST_LENGTH)) goto end; /* Append padding bytes */ @@ -332,10 +527,10 @@ /* Generate IV, and encrypt */ if (!TEST_int_gt(RAND_bytes(iv, sizeof(iv)), 0) - || !TEST_ptr(enc_ctx = EVP_CIPHER_CTX_new()) - || !TEST_true(EVP_CipherInit_ex(enc_ctx, EVP_aes_128_cbc(), NULL, - enc_key, iv, 1)) - || !TEST_int_ge(EVP_Cipher(enc_ctx, enc, enc, len), 0)) + || !TEST_ptr(enc_ctx = EVP_CIPHER_CTX_new()) + || !TEST_true(EVP_CipherInit_ex(enc_ctx, EVP_aes_128_cbc(), NULL, + enc_key, iv, 1)) + || !TEST_int_ge(EVP_Cipher(enc_ctx, enc, enc, len), 0)) goto end; /* Finally write header (from fragmented variables), IV and encrypted record */ @@ -350,7 +545,7 @@ BIO_write(rbio, iv, sizeof(iv)); BIO_write(rbio, enc, len); ret = 1; - end: +end: EVP_MAC_free(hmac); EVP_MAC_CTX_free(ctx); EVP_CIPHER_CTX_free(enc_ctx); @@ -360,34 +555,40 @@ static int send_finished(SSL *s, BIO *rbio) { - static unsigned char finished_msg[DTLS1_HM_HEADER_LENGTH + - TLS1_FINISH_MAC_LENGTH] = { + static unsigned char finished_msg[DTLS1_HM_HEADER_LENGTH + TLS1_FINISH_MAC_LENGTH] = { 0x14, /* Finished */ - 0x00, 0x00, 0x0c, /* Length */ - 0x00, 0x03, /* Seq# 3 */ - 0x00, 0x00, 0x00, /* Fragment offset */ - 0x00, 0x00, 0x0c, /* Fragment length */ + 0x00, + 0x00, + 0x0c, /* Length */ + 0x00, + 0x03, /* Seq# 3 */ + 0x00, + 0x00, + 0x00, /* Fragment offset */ + 0x00, + 0x00, + 0x0c, /* Fragment length */ /* Finished MAC (12 bytes) */ }; unsigned char handshake_hash[EVP_MAX_MD_SIZE]; /* Derive key material */ do_PRF(TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, - server_random, SSL3_RANDOM_SIZE, - client_random, SSL3_RANDOM_SIZE, - key_block, sizeof(key_block)); + server_random, SSL3_RANDOM_SIZE, + client_random, SSL3_RANDOM_SIZE, + key_block, sizeof(key_block)); /* Generate Finished MAC */ if (!EVP_DigestFinal_ex(handshake_md, handshake_hash, NULL)) return 0; do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, - handshake_hash, EVP_MD_CTX_get_size(handshake_md), - NULL, 0, - finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH); + handshake_hash, EVP_MD_CTX_get_size(handshake_md), + NULL, 0, + finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH); return send_record(rbio, SSL3_RT_HANDSHAKE, 0, - finished_msg, sizeof(finished_msg)); + finished_msg, sizeof(finished_msg)); } static int validate_ccs(BIO *wbio) @@ -442,7 +643,7 @@ } #define NODROP(x) { x##UL, 0 } -#define DROP(x) { x##UL, 1 } +#define DROP(x) { x##UL, 1 } static struct { uint64_t seq; @@ -486,29 +687,29 @@ handshake_md = EVP_MD_CTX_new(); if (!TEST_ptr(handshake_md) - || !TEST_true(EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), - NULL))) + || !TEST_true(EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), + NULL))) goto end; ctx = SSL_CTX_new(DTLS_client_method()); if (!TEST_ptr(ctx) - || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) - || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) - || !TEST_true(SSL_CTX_set_options(ctx, - SSL_OP_LEGACY_SERVER_CONNECT)) - || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA"))) + || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_options(ctx, + SSL_OP_LEGACY_SERVER_CONNECT)) + || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA"))) goto end; con = SSL_new(ctx); if (!TEST_ptr(con) - || !TEST_true(SSL_set_session(con, sess))) + || !TEST_true(SSL_set_session(con, sess))) goto end; rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); if (!TEST_ptr(rbio) - || !TEST_ptr(wbio)) + || !TEST_ptr(wbio)) goto end; SSL_set_bio(con, rbio, wbio); @@ -532,27 +733,27 @@ /* Send initial ClientHello */ ret = SSL_do_handshake(con); if (!TEST_int_le(ret, 0) - || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) - || !TEST_int_eq(validate_client_hello(wbio), 1) - || !TEST_true(send_hello_verify(rbio))) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_int_eq(validate_client_hello(wbio), 1) + || !TEST_true(send_hello_verify(rbio))) goto end; ret = SSL_do_handshake(con); if (!TEST_int_le(ret, 0) - || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) - || !TEST_int_eq(validate_client_hello(wbio), 2) - || !TEST_true(send_server_hello(rbio))) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_int_eq(validate_client_hello(wbio), 2) + || !TEST_true(send_server_hello(rbio))) goto end; ret = SSL_do_handshake(con); if (!TEST_int_le(ret, 0) - || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) - || !TEST_true(send_finished(con, rbio))) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_true(send_finished(con, rbio))) goto end; ret = SSL_do_handshake(con); if (!TEST_int_gt(ret, 0) - || !TEST_true(validate_ccs(wbio))) + || !TEST_true(validate_ccs(wbio))) goto end; /* While we're here and crafting packets by hand, we might as well do a @@ -564,9 +765,9 @@ uint64_t recv_buf[2]; if (!TEST_true(send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq, - &tests[i].seq, sizeof(uint64_t)))) { + &tests[i].seq, sizeof(uint64_t)))) { TEST_error("Failed to send data seq #0x%x%08x (%d)\n", - (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i); + (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i); goto end; } @@ -576,7 +777,7 @@ ret = SSL_read(con, recv_buf, 2 * sizeof(uint64_t)); if (!TEST_int_eq(ret, (int)sizeof(uint64_t))) { TEST_error("SSL_read failed or wrong size on seq#0x%x%08x (%d)\n", - (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i); + (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i); goto end; } if (!TEST_true(recv_buf[0] == tests[i].seq)) @@ -584,12 +785,12 @@ } /* The last test cannot be DROP() */ - if (!TEST_false(tests[i-1].drop)) + if (!TEST_false(tests[i - 1].drop)) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); BIO_free(rbio); BIO_free(wbio); --- crypto/openssl/test/bftest.c.orig +++ crypto/openssl/test/bftest.c @@ -22,11 +22,11 @@ #include "internal/nelem.h" #ifndef OPENSSL_NO_BF -# include +#include -# ifdef CHARSET_EBCDIC -# include -# endif +#ifdef CHARSET_EBCDIC +#include +#endif static char bf_key[2][30] = { "abcdefghijklmnopqrstuvwxyz", @@ -35,136 +35,135 @@ /* big endian */ static BF_LONG bf_plain[2][2] = { - {0x424c4f57L, 0x46495348L}, - {0xfedcba98L, 0x76543210L} + { 0x424c4f57L, 0x46495348L }, + { 0xfedcba98L, 0x76543210L } }; static BF_LONG bf_cipher[2][2] = { - {0x324ed0feL, 0xf413a203L}, - {0xcc91732bL, 0x8022f684L} + { 0x324ed0feL, 0xf413a203L }, + { 0xcc91732bL, 0x8022f684L } }; /************/ /* Lets use the DES test vectors :-) */ -# define NUM_TESTS 34 +#define NUM_TESTS 34 static unsigned char ecb_data[NUM_TESTS][8] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}, - {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57}, - {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E}, - {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86}, - {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E}, - {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6}, - {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE}, - {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6}, - {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE}, - {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16}, - {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F}, - {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46}, - {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E}, - {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76}, - {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07}, - {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F}, - {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7}, - {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, - {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6}, - {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF}, - {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, - {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, - {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10} + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }, + { 0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57 }, + { 0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E }, + { 0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86 }, + { 0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E }, + { 0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6 }, + { 0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE }, + { 0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6 }, + { 0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE }, + { 0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16 }, + { 0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F }, + { 0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46 }, + { 0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E }, + { 0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76 }, + { 0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07 }, + { 0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F }, + { 0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7 }, + { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, + { 0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6 }, + { 0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF }, + { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, + { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, + { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 } }; static unsigned char plain_data[NUM_TESTS][8] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, - {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42}, - {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA}, - {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72}, - {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A}, - {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2}, - {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A}, - {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2}, - {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A}, - {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02}, - {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A}, - {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32}, - {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA}, - {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62}, - {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2}, - {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA}, - {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92}, - {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A}, - {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2}, - {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF} + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, + { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42 }, + { 0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA }, + { 0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72 }, + { 0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A }, + { 0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2 }, + { 0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A }, + { 0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2 }, + { 0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A }, + { 0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02 }, + { 0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A }, + { 0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32 }, + { 0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA }, + { 0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62 }, + { 0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2 }, + { 0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA }, + { 0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92 }, + { 0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A }, + { 0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2 }, + { 0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } }; static unsigned char cipher_data[NUM_TESTS][8] = { - {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78}, - {0x51, 0x86, 0x6F, 0xD5, 0xB8, 0x5E, 0xCB, 0x8A}, - {0x7D, 0x85, 0x6F, 0x9A, 0x61, 0x30, 0x63, 0xF2}, - {0x24, 0x66, 0xDD, 0x87, 0x8B, 0x96, 0x3C, 0x9D}, - {0x61, 0xF9, 0xC3, 0x80, 0x22, 0x81, 0xB0, 0x96}, - {0x7D, 0x0C, 0xC6, 0x30, 0xAF, 0xDA, 0x1E, 0xC7}, - {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78}, - {0x0A, 0xCE, 0xAB, 0x0F, 0xC6, 0xA0, 0xA2, 0x8D}, - {0x59, 0xC6, 0x82, 0x45, 0xEB, 0x05, 0x28, 0x2B}, - {0xB1, 0xB8, 0xCC, 0x0B, 0x25, 0x0F, 0x09, 0xA0}, - {0x17, 0x30, 0xE5, 0x77, 0x8B, 0xEA, 0x1D, 0xA4}, - {0xA2, 0x5E, 0x78, 0x56, 0xCF, 0x26, 0x51, 0xEB}, - {0x35, 0x38, 0x82, 0xB1, 0x09, 0xCE, 0x8F, 0x1A}, - {0x48, 0xF4, 0xD0, 0x88, 0x4C, 0x37, 0x99, 0x18}, - {0x43, 0x21, 0x93, 0xB7, 0x89, 0x51, 0xFC, 0x98}, - {0x13, 0xF0, 0x41, 0x54, 0xD6, 0x9D, 0x1A, 0xE5}, - {0x2E, 0xED, 0xDA, 0x93, 0xFF, 0xD3, 0x9C, 0x79}, - {0xD8, 0x87, 0xE0, 0x39, 0x3C, 0x2D, 0xA6, 0xE3}, - {0x5F, 0x99, 0xD0, 0x4F, 0x5B, 0x16, 0x39, 0x69}, - {0x4A, 0x05, 0x7A, 0x3B, 0x24, 0xD3, 0x97, 0x7B}, - {0x45, 0x20, 0x31, 0xC1, 0xE4, 0xFA, 0xDA, 0x8E}, - {0x75, 0x55, 0xAE, 0x39, 0xF5, 0x9B, 0x87, 0xBD}, - {0x53, 0xC5, 0x5F, 0x9C, 0xB4, 0x9F, 0xC0, 0x19}, - {0x7A, 0x8E, 0x7B, 0xFA, 0x93, 0x7E, 0x89, 0xA3}, - {0xCF, 0x9C, 0x5D, 0x7A, 0x49, 0x86, 0xAD, 0xB5}, - {0xD1, 0xAB, 0xB2, 0x90, 0x65, 0x8B, 0xC7, 0x78}, - {0x55, 0xCB, 0x37, 0x74, 0xD1, 0x3E, 0xF2, 0x01}, - {0xFA, 0x34, 0xEC, 0x48, 0x47, 0xB2, 0x68, 0xB2}, - {0xA7, 0x90, 0x79, 0x51, 0x08, 0xEA, 0x3C, 0xAE}, - {0xC3, 0x9E, 0x07, 0x2D, 0x9F, 0xAC, 0x63, 0x1D}, - {0x01, 0x49, 0x33, 0xE0, 0xCD, 0xAF, 0xF6, 0xE4}, - {0xF2, 0x1E, 0x9A, 0x77, 0xB7, 0x1C, 0x49, 0xBC}, - {0x24, 0x59, 0x46, 0x88, 0x57, 0x54, 0x36, 0x9A}, - {0x6B, 0x5C, 0x5A, 0x9C, 0x5D, 0x9E, 0x0A, 0x5A}, + { 0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78 }, + { 0x51, 0x86, 0x6F, 0xD5, 0xB8, 0x5E, 0xCB, 0x8A }, + { 0x7D, 0x85, 0x6F, 0x9A, 0x61, 0x30, 0x63, 0xF2 }, + { 0x24, 0x66, 0xDD, 0x87, 0x8B, 0x96, 0x3C, 0x9D }, + { 0x61, 0xF9, 0xC3, 0x80, 0x22, 0x81, 0xB0, 0x96 }, + { 0x7D, 0x0C, 0xC6, 0x30, 0xAF, 0xDA, 0x1E, 0xC7 }, + { 0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78 }, + { 0x0A, 0xCE, 0xAB, 0x0F, 0xC6, 0xA0, 0xA2, 0x8D }, + { 0x59, 0xC6, 0x82, 0x45, 0xEB, 0x05, 0x28, 0x2B }, + { 0xB1, 0xB8, 0xCC, 0x0B, 0x25, 0x0F, 0x09, 0xA0 }, + { 0x17, 0x30, 0xE5, 0x77, 0x8B, 0xEA, 0x1D, 0xA4 }, + { 0xA2, 0x5E, 0x78, 0x56, 0xCF, 0x26, 0x51, 0xEB }, + { 0x35, 0x38, 0x82, 0xB1, 0x09, 0xCE, 0x8F, 0x1A }, + { 0x48, 0xF4, 0xD0, 0x88, 0x4C, 0x37, 0x99, 0x18 }, + { 0x43, 0x21, 0x93, 0xB7, 0x89, 0x51, 0xFC, 0x98 }, + { 0x13, 0xF0, 0x41, 0x54, 0xD6, 0x9D, 0x1A, 0xE5 }, + { 0x2E, 0xED, 0xDA, 0x93, 0xFF, 0xD3, 0x9C, 0x79 }, + { 0xD8, 0x87, 0xE0, 0x39, 0x3C, 0x2D, 0xA6, 0xE3 }, + { 0x5F, 0x99, 0xD0, 0x4F, 0x5B, 0x16, 0x39, 0x69 }, + { 0x4A, 0x05, 0x7A, 0x3B, 0x24, 0xD3, 0x97, 0x7B }, + { 0x45, 0x20, 0x31, 0xC1, 0xE4, 0xFA, 0xDA, 0x8E }, + { 0x75, 0x55, 0xAE, 0x39, 0xF5, 0x9B, 0x87, 0xBD }, + { 0x53, 0xC5, 0x5F, 0x9C, 0xB4, 0x9F, 0xC0, 0x19 }, + { 0x7A, 0x8E, 0x7B, 0xFA, 0x93, 0x7E, 0x89, 0xA3 }, + { 0xCF, 0x9C, 0x5D, 0x7A, 0x49, 0x86, 0xAD, 0xB5 }, + { 0xD1, 0xAB, 0xB2, 0x90, 0x65, 0x8B, 0xC7, 0x78 }, + { 0x55, 0xCB, 0x37, 0x74, 0xD1, 0x3E, 0xF2, 0x01 }, + { 0xFA, 0x34, 0xEC, 0x48, 0x47, 0xB2, 0x68, 0xB2 }, + { 0xA7, 0x90, 0x79, 0x51, 0x08, 0xEA, 0x3C, 0xAE }, + { 0xC3, 0x9E, 0x07, 0x2D, 0x9F, 0xAC, 0x63, 0x1D }, + { 0x01, 0x49, 0x33, 0xE0, 0xCD, 0xAF, 0xF6, 0xE4 }, + { 0xF2, 0x1E, 0x9A, 0x77, 0xB7, 0x1C, 0x49, 0xBC }, + { 0x24, 0x59, 0x46, 0x88, 0x57, 0x54, 0x36, 0x9A }, + { 0x6B, 0x5C, 0x5A, 0x9C, 0x5D, 0x9E, 0x0A, 0x5A }, }; static unsigned char cbc_key[16] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }; -static unsigned char cbc_iv[8] = - { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char cbc_iv[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; static char cbc_data[40] = "7654321 Now is the time for "; static unsigned char cbc_ok[32] = { 0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6, @@ -187,7 +186,7 @@ 0x63, 0xC2, 0xCF, 0x80, 0xDA }; -# define KEY_TEST_NUM 25 +#define KEY_TEST_NUM 25 static unsigned char key_test[KEY_TEST_NUM] = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, @@ -195,34 +194,33 @@ 0x88 }; -static unsigned char key_data[8] = - { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char key_data[8] = { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }; static unsigned char key_out[KEY_TEST_NUM][8] = { - {0xF9, 0xAD, 0x59, 0x7C, 0x49, 0xDB, 0x00, 0x5E}, - {0xE9, 0x1D, 0x21, 0xC1, 0xD9, 0x61, 0xA6, 0xD6}, - {0xE9, 0xC2, 0xB7, 0x0A, 0x1B, 0xC6, 0x5C, 0xF3}, - {0xBE, 0x1E, 0x63, 0x94, 0x08, 0x64, 0x0F, 0x05}, - {0xB3, 0x9E, 0x44, 0x48, 0x1B, 0xDB, 0x1E, 0x6E}, - {0x94, 0x57, 0xAA, 0x83, 0xB1, 0x92, 0x8C, 0x0D}, - {0x8B, 0xB7, 0x70, 0x32, 0xF9, 0x60, 0x62, 0x9D}, - {0xE8, 0x7A, 0x24, 0x4E, 0x2C, 0xC8, 0x5E, 0x82}, - {0x15, 0x75, 0x0E, 0x7A, 0x4F, 0x4E, 0xC5, 0x77}, - {0x12, 0x2B, 0xA7, 0x0B, 0x3A, 0xB6, 0x4A, 0xE0}, - {0x3A, 0x83, 0x3C, 0x9A, 0xFF, 0xC5, 0x37, 0xF6}, - {0x94, 0x09, 0xDA, 0x87, 0xA9, 0x0F, 0x6B, 0xF2}, - {0x88, 0x4F, 0x80, 0x62, 0x50, 0x60, 0xB8, 0xB4}, - {0x1F, 0x85, 0x03, 0x1C, 0x19, 0xE1, 0x19, 0x68}, - {0x79, 0xD9, 0x37, 0x3A, 0x71, 0x4C, 0xA3, 0x4F}, - {0x93, 0x14, 0x28, 0x87, 0xEE, 0x3B, 0xE1, 0x5C}, - {0x03, 0x42, 0x9E, 0x83, 0x8C, 0xE2, 0xD1, 0x4B}, - {0xA4, 0x29, 0x9E, 0x27, 0x46, 0x9F, 0xF6, 0x7B}, - {0xAF, 0xD5, 0xAE, 0xD1, 0xC1, 0xBC, 0x96, 0xA8}, - {0x10, 0x85, 0x1C, 0x0E, 0x38, 0x58, 0xDA, 0x9F}, - {0xE6, 0xF5, 0x1E, 0xD7, 0x9B, 0x9D, 0xB2, 0x1F}, - {0x64, 0xA6, 0xE1, 0x4A, 0xFD, 0x36, 0xB4, 0x6F}, - {0x80, 0xC7, 0xD7, 0xD4, 0x5A, 0x54, 0x79, 0xAD}, - {0x05, 0x04, 0x4B, 0x62, 0xFA, 0x52, 0xD0, 0x80}, + { 0xF9, 0xAD, 0x59, 0x7C, 0x49, 0xDB, 0x00, 0x5E }, + { 0xE9, 0x1D, 0x21, 0xC1, 0xD9, 0x61, 0xA6, 0xD6 }, + { 0xE9, 0xC2, 0xB7, 0x0A, 0x1B, 0xC6, 0x5C, 0xF3 }, + { 0xBE, 0x1E, 0x63, 0x94, 0x08, 0x64, 0x0F, 0x05 }, + { 0xB3, 0x9E, 0x44, 0x48, 0x1B, 0xDB, 0x1E, 0x6E }, + { 0x94, 0x57, 0xAA, 0x83, 0xB1, 0x92, 0x8C, 0x0D }, + { 0x8B, 0xB7, 0x70, 0x32, 0xF9, 0x60, 0x62, 0x9D }, + { 0xE8, 0x7A, 0x24, 0x4E, 0x2C, 0xC8, 0x5E, 0x82 }, + { 0x15, 0x75, 0x0E, 0x7A, 0x4F, 0x4E, 0xC5, 0x77 }, + { 0x12, 0x2B, 0xA7, 0x0B, 0x3A, 0xB6, 0x4A, 0xE0 }, + { 0x3A, 0x83, 0x3C, 0x9A, 0xFF, 0xC5, 0x37, 0xF6 }, + { 0x94, 0x09, 0xDA, 0x87, 0xA9, 0x0F, 0x6B, 0xF2 }, + { 0x88, 0x4F, 0x80, 0x62, 0x50, 0x60, 0xB8, 0xB4 }, + { 0x1F, 0x85, 0x03, 0x1C, 0x19, 0xE1, 0x19, 0x68 }, + { 0x79, 0xD9, 0x37, 0x3A, 0x71, 0x4C, 0xA3, 0x4F }, + { 0x93, 0x14, 0x28, 0x87, 0xEE, 0x3B, 0xE1, 0x5C }, + { 0x03, 0x42, 0x9E, 0x83, 0x8C, 0xE2, 0xD1, 0x4B }, + { 0xA4, 0x29, 0x9E, 0x27, 0x46, 0x9F, 0xF6, 0x7B }, + { 0xAF, 0xD5, 0xAE, 0xD1, 0xC1, 0xBC, 0x96, 0xA8 }, + { 0x10, 0x85, 0x1C, 0x0E, 0x38, 0x58, 0xDA, 0x9F }, + { 0xE6, 0xF5, 0x1E, 0xD7, 0x9B, 0x9D, 0xB2, 0x1F }, + { 0x64, 0xA6, 0xE1, 0x4A, 0xFD, 0x36, 0xB4, 0x6F }, + { 0x80, 0xC7, 0xD7, 0xD4, 0x5A, 0x54, 0x79, 0xAD }, + { 0x05, 0x04, 0x4B, 0x62, 0xFA, 0x52, 0xD0, 0x80 }, }; static int print_test_data(void) @@ -336,7 +334,7 @@ BF_KEY key; unsigned char out[8]; - BF_set_key(&key, n+1, key_test); + BF_set_key(&key, n + 1, key_test); BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT); /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */ if (!TEST_mem_eq(out, 8, &(key_out[n][0]), 8)) @@ -359,7 +357,7 @@ memset(cbc_out, 0, sizeof(cbc_out)); memcpy(iv, cbc_iv, sizeof(iv)); BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, - &key, iv, BF_ENCRYPT); + &key, iv, BF_ENCRYPT); if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32)) ret = 0; @@ -386,9 +384,9 @@ memcpy(iv, cbc_iv, 8); n = 0; BF_cfb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, - &key, iv, &n, BF_ENCRYPT); + &key, iv, &n, BF_ENCRYPT); BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]), - len - 13, &key, iv, &n, BF_ENCRYPT); + len - 13, &key, iv, &n, BF_ENCRYPT); if (!TEST_mem_eq(cbc_out, (int)len, cfb64_ok, (int)len)) ret = 0; @@ -396,7 +394,7 @@ memcpy(iv, cbc_iv, 8); BF_cfb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n, BF_DECRYPT); BF_cfb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, - &key, iv, &n, BF_DECRYPT); + &key, iv, &n, BF_DECRYPT); if (!TEST_mem_eq(cbc_in, (int)len, cbc_data, (int)len)) ret = 0; @@ -418,9 +416,9 @@ memcpy(iv, cbc_iv, 8); n = 0; BF_ofb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, &key, iv, - &n); + &n); BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]), - len - 13, &key, iv, &n); + len - 13, &key, iv, &n); if (!TEST_mem_eq(cbc_out, (int)len, ofb64_ok, (int)len)) ret = 0; @@ -446,7 +444,7 @@ { static const OPTIONS test_options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, - { "print", OPT_PRINT, '-', "Output test tables instead of running tests"}, + { "print", OPT_PRINT, '-', "Output test tables instead of running tests" }, { NULL } }; return test_options; @@ -456,29 +454,29 @@ { #ifndef OPENSSL_NO_BF OPTION_CHOICE o; -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC int n; ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data)); for (n = 0; n < 2; n++) { ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n])); } -# endif +#endif while ((o = opt_next()) != OPT_EOF) { - switch(o) { + switch (o) { case OPT_PRINT: print_test_data(); return 1; case OPT_TEST_CASES: break; default: - return 0; + return 0; } } ADD_ALL_TESTS(test_bf_ecb_raw, 2); ADD_ALL_TESTS(test_bf_ecb, NUM_TESTS); - ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM-1); + ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM - 1); ADD_TEST(test_bf_cbc); ADD_TEST(test_bf_cfb64); ADD_TEST(test_bf_ofb64); --- crypto/openssl/test/bio_callback_test.c.orig +++ crypto/openssl/test/bio_callback_test.c @@ -14,28 +14,28 @@ #include "testutil.h" #define MAXCOUNT 5 -static int my_param_count; -static BIO *my_param_b[MAXCOUNT]; -static int my_param_oper[MAXCOUNT]; +static int my_param_count; +static BIO *my_param_b[MAXCOUNT]; +static int my_param_oper[MAXCOUNT]; static const char *my_param_argp[MAXCOUNT]; -static int my_param_argi[MAXCOUNT]; -static long my_param_argl[MAXCOUNT]; -static long my_param_ret[MAXCOUNT]; -static size_t my_param_len[MAXCOUNT]; -static size_t my_param_processed[MAXCOUNT]; +static int my_param_argi[MAXCOUNT]; +static long my_param_argl[MAXCOUNT]; +static long my_param_ret[MAXCOUNT]; +static size_t my_param_len[MAXCOUNT]; +static size_t my_param_processed[MAXCOUNT]; static long my_bio_cb_ex(BIO *b, int oper, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed) + int argi, long argl, int ret, size_t *processed) { if (my_param_count >= MAXCOUNT) return -1; - my_param_b[my_param_count] = b; + my_param_b[my_param_count] = b; my_param_oper[my_param_count] = oper; my_param_argp[my_param_count] = argp; my_param_argi[my_param_count] = argi; my_param_argl[my_param_count] = argl; - my_param_ret[my_param_count] = ret; - my_param_len[my_param_count] = len; + my_param_ret[my_param_count] = ret; + my_param_len[my_param_count] = len; my_param_processed[my_param_count] = processed != NULL ? *processed : 0; my_param_count++; @@ -62,127 +62,127 @@ BIO_set_callback_ex(bio, my_bio_cb_ex); i = BIO_write(bio, test1, test1len); if (!TEST_int_eq(i, test1len) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_WRITE) - || !TEST_ptr_eq(my_param_argp[0], test1) - || !TEST_size_t_eq(my_param_len[0], test1len) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_int_eq((int)my_param_ret[0], 1) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_WRITE | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], test1) - || !TEST_size_t_eq(my_param_len[1], test1len) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_size_t_eq(my_param_processed[1], test1len) - || !TEST_int_eq((int)my_param_ret[1], 1)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_WRITE) + || !TEST_ptr_eq(my_param_argp[0], test1) + || !TEST_size_t_eq(my_param_len[0], test1len) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_int_eq((int)my_param_ret[0], 1) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_WRITE | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], test1) + || !TEST_size_t_eq(my_param_len[1], test1len) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_size_t_eq(my_param_processed[1], test1len) + || !TEST_int_eq((int)my_param_ret[1], 1)) goto err; my_param_count = 0; i = BIO_read(bio, buf, sizeof(buf)); if (!TEST_mem_eq(buf, i, test1, test1len) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) - || !TEST_ptr_eq(my_param_argp[0], buf) - || !TEST_size_t_eq(my_param_len[0], sizeof(buf)) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_int_eq((int)my_param_ret[0], 1) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], buf) - || !TEST_size_t_eq(my_param_len[1], sizeof(buf)) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_size_t_eq(my_param_processed[1], test1len) - || !TEST_int_eq((int)my_param_ret[1], 1)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) + || !TEST_ptr_eq(my_param_argp[0], buf) + || !TEST_size_t_eq(my_param_len[0], sizeof(buf)) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_int_eq((int)my_param_ret[0], 1) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], buf) + || !TEST_size_t_eq(my_param_len[1], sizeof(buf)) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_size_t_eq(my_param_processed[1], test1len) + || !TEST_int_eq((int)my_param_ret[1], 1)) goto err; /* By default a mem bio returns -1 if it has run out of data */ my_param_count = 0; i = BIO_read(bio, buf, sizeof(buf)); if (!TEST_int_eq(i, -1) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) - || !TEST_ptr_eq(my_param_argp[0], buf) - || !TEST_size_t_eq(my_param_len[0], sizeof(buf)) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_int_eq((int)my_param_ret[0], 1) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], buf) - || !TEST_size_t_eq(my_param_len[1], sizeof(buf)) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_size_t_eq(my_param_processed[1], 0) - || !TEST_int_eq((int)my_param_ret[1], -1)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) + || !TEST_ptr_eq(my_param_argp[0], buf) + || !TEST_size_t_eq(my_param_len[0], sizeof(buf)) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_int_eq((int)my_param_ret[0], 1) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], buf) + || !TEST_size_t_eq(my_param_len[1], sizeof(buf)) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_size_t_eq(my_param_processed[1], 0) + || !TEST_int_eq((int)my_param_ret[1], -1)) goto err; /* Force the mem bio to return 0 if it has run out of data */ my_param_count = 0; i = BIO_set_mem_eof_return(bio, 0); if (!TEST_int_eq(i, 1) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_CTRL) - || !TEST_ptr_eq(my_param_argp[0], NULL) - || !TEST_int_eq(my_param_argi[0], BIO_C_SET_BUF_MEM_EOF_RETURN) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_int_eq((int)my_param_ret[0], 1) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_CTRL | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], NULL) - || !TEST_int_eq(my_param_argi[1], BIO_C_SET_BUF_MEM_EOF_RETURN) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_int_eq((int)my_param_ret[1], 1)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_CTRL) + || !TEST_ptr_eq(my_param_argp[0], NULL) + || !TEST_int_eq(my_param_argi[0], BIO_C_SET_BUF_MEM_EOF_RETURN) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_int_eq((int)my_param_ret[0], 1) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_CTRL | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], NULL) + || !TEST_int_eq(my_param_argi[1], BIO_C_SET_BUF_MEM_EOF_RETURN) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_int_eq((int)my_param_ret[1], 1)) goto err; my_param_count = 0; i = BIO_read(bio, buf, sizeof(buf)); if (!TEST_int_eq(i, 0) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) - || !TEST_ptr_eq(my_param_argp[0], buf) - || !TEST_size_t_eq(my_param_len[0], sizeof(buf)) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_int_eq((int)my_param_ret[0], 1) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], buf) - || !TEST_size_t_eq(my_param_len[1], sizeof(buf)) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_size_t_eq(my_param_processed[1], 0) - || !TEST_int_eq((int)my_param_ret[1], 0)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) + || !TEST_ptr_eq(my_param_argp[0], buf) + || !TEST_size_t_eq(my_param_len[0], sizeof(buf)) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_int_eq((int)my_param_ret[0], 1) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], buf) + || !TEST_size_t_eq(my_param_len[1], sizeof(buf)) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_size_t_eq(my_param_processed[1], 0) + || !TEST_int_eq((int)my_param_ret[1], 0)) goto err; my_param_count = 0; i = BIO_puts(bio, test2); if (!TEST_int_eq(i, 5) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_PUTS) - || !TEST_ptr_eq(my_param_argp[0], test2) - || !TEST_int_eq(my_param_argi[0], 0) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_int_eq((int)my_param_ret[0], 1) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_PUTS | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], test2) - || !TEST_int_eq(my_param_argi[1], 0) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_size_t_eq(my_param_processed[1], test2len) - || !TEST_int_eq((int)my_param_ret[1], 1)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_PUTS) + || !TEST_ptr_eq(my_param_argp[0], test2) + || !TEST_int_eq(my_param_argi[0], 0) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_int_eq((int)my_param_ret[0], 1) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_PUTS | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], test2) + || !TEST_int_eq(my_param_argi[1], 0) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_size_t_eq(my_param_processed[1], test2len) + || !TEST_int_eq((int)my_param_ret[1], 1)) goto err; my_param_count = 0; i = BIO_free(bio); if (!TEST_int_eq(i, 1) - || !TEST_int_eq(my_param_count, 1) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_FREE) - || !TEST_ptr_eq(my_param_argp[0], NULL) - || !TEST_int_eq(my_param_argi[0], 0) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_int_eq((int)my_param_ret[0], 1)) + || !TEST_int_eq(my_param_count, 1) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_FREE) + || !TEST_ptr_eq(my_param_argp[0], NULL) + || !TEST_int_eq(my_param_argi[0], 0) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_int_eq((int)my_param_ret[0], 1)) goto finish; ok = 1; @@ -200,16 +200,16 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 static long my_bio_callback(BIO *b, int oper, const char *argp, int argi, - long argl, long ret) + long argl, long ret) { if (my_param_count >= MAXCOUNT) return -1; - my_param_b[my_param_count] = b; + my_param_b[my_param_count] = b; my_param_oper[my_param_count] = oper; my_param_argp[my_param_count] = argp; my_param_argi[my_param_count] = argi; my_param_argl[my_param_count] = argl; - my_param_ret[my_param_count] = ret; + my_param_ret[my_param_count] = ret; my_param_count++; return ret; } @@ -234,56 +234,56 @@ BIO_set_callback(bio, my_bio_callback); i = BIO_write(bio, test1, test1len); if (!TEST_int_eq(i, test1len) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_WRITE) - || !TEST_ptr_eq(my_param_argp[0], test1) - || !TEST_int_eq(my_param_argi[0], test1len) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_long_eq(my_param_ret[0], 1L) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_WRITE | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], test1) - || !TEST_int_eq(my_param_argi[1], test1len) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_long_eq(my_param_ret[1], (long)test1len)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_WRITE) + || !TEST_ptr_eq(my_param_argp[0], test1) + || !TEST_int_eq(my_param_argi[0], test1len) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_long_eq(my_param_ret[0], 1L) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_WRITE | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], test1) + || !TEST_int_eq(my_param_argi[1], test1len) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_long_eq(my_param_ret[1], (long)test1len)) goto err; my_param_count = 0; i = BIO_read(bio, buf, sizeof(buf)); if (!TEST_mem_eq(buf, i, test1, test1len) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) - || !TEST_ptr_eq(my_param_argp[0], buf) - || !TEST_int_eq(my_param_argi[0], sizeof(buf)) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_long_eq(my_param_ret[0], 1L) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], buf) - || !TEST_int_eq(my_param_argi[1], sizeof(buf)) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_long_eq(my_param_ret[1], (long)test1len)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) + || !TEST_ptr_eq(my_param_argp[0], buf) + || !TEST_int_eq(my_param_argi[0], sizeof(buf)) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_long_eq(my_param_ret[0], 1L) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], buf) + || !TEST_int_eq(my_param_argi[1], sizeof(buf)) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_long_eq(my_param_ret[1], (long)test1len)) goto err; /* By default a mem bio returns -1 if it has run out of data */ my_param_count = 0; i = BIO_read(bio, buf, sizeof(buf)); if (!TEST_int_eq(i, -1) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) - || !TEST_ptr_eq(my_param_argp[0], buf) - || !TEST_int_eq(my_param_argi[0], sizeof(buf)) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_long_eq(my_param_ret[0], 1L) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], buf) - || !TEST_int_eq(my_param_argi[1], sizeof(buf)) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_long_eq(my_param_ret[1], -1L)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) + || !TEST_ptr_eq(my_param_argp[0], buf) + || !TEST_int_eq(my_param_argi[0], sizeof(buf)) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_long_eq(my_param_ret[0], 1L) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], buf) + || !TEST_int_eq(my_param_argi[1], sizeof(buf)) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_long_eq(my_param_ret[1], -1L)) goto err; /* Force the mem bio to return 0 if it has run out of data */ @@ -291,49 +291,49 @@ my_param_count = 0; i = BIO_read(bio, buf, sizeof(buf)); if (!TEST_int_eq(i, 0) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) - || !TEST_ptr_eq(my_param_argp[0], buf) - || !TEST_int_eq(my_param_argi[0], sizeof(buf)) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_long_eq(my_param_ret[0], 1L) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], buf) - || !TEST_int_eq(my_param_argi[1], sizeof(buf)) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_long_eq(my_param_ret[1], 0L)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_READ) + || !TEST_ptr_eq(my_param_argp[0], buf) + || !TEST_int_eq(my_param_argi[0], sizeof(buf)) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_long_eq(my_param_ret[0], 1L) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], buf) + || !TEST_int_eq(my_param_argi[1], sizeof(buf)) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_long_eq(my_param_ret[1], 0L)) goto err; my_param_count = 0; i = BIO_puts(bio, test2); if (!TEST_int_eq(i, 5) - || !TEST_int_eq(my_param_count, 2) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_PUTS) - || !TEST_ptr_eq(my_param_argp[0], test2) - || !TEST_int_eq(my_param_argi[0], 0) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_long_eq(my_param_ret[0], 1L) - || !TEST_ptr_eq(my_param_b[1], bio) - || !TEST_int_eq(my_param_oper[1], BIO_CB_PUTS | BIO_CB_RETURN) - || !TEST_ptr_eq(my_param_argp[1], test2) - || !TEST_int_eq(my_param_argi[1], 0) - || !TEST_long_eq(my_param_argl[1], 0L) - || !TEST_long_eq(my_param_ret[1], (long)test2len)) + || !TEST_int_eq(my_param_count, 2) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_PUTS) + || !TEST_ptr_eq(my_param_argp[0], test2) + || !TEST_int_eq(my_param_argi[0], 0) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_long_eq(my_param_ret[0], 1L) + || !TEST_ptr_eq(my_param_b[1], bio) + || !TEST_int_eq(my_param_oper[1], BIO_CB_PUTS | BIO_CB_RETURN) + || !TEST_ptr_eq(my_param_argp[1], test2) + || !TEST_int_eq(my_param_argi[1], 0) + || !TEST_long_eq(my_param_argl[1], 0L) + || !TEST_long_eq(my_param_ret[1], (long)test2len)) goto err; my_param_count = 0; i = BIO_free(bio); if (!TEST_int_eq(i, 1) - || !TEST_int_eq(my_param_count, 1) - || !TEST_ptr_eq(my_param_b[0], bio) - || !TEST_int_eq(my_param_oper[0], BIO_CB_FREE) - || !TEST_ptr_eq(my_param_argp[0], NULL) - || !TEST_int_eq(my_param_argi[0], 0) - || !TEST_long_eq(my_param_argl[0], 0L) - || !TEST_long_eq(my_param_ret[0], 1L)) + || !TEST_int_eq(my_param_count, 1) + || !TEST_ptr_eq(my_param_b[0], bio) + || !TEST_int_eq(my_param_oper[0], BIO_CB_FREE) + || !TEST_ptr_eq(my_param_argp[0], NULL) + || !TEST_int_eq(my_param_argi[0], 0) + || !TEST_long_eq(my_param_argl[0], 0L) + || !TEST_long_eq(my_param_ret[0], 1L)) goto finish; ok = 1; --- crypto/openssl/test/bio_core_test.c.orig +++ crypto/openssl/test/bio_core_test.c @@ -17,13 +17,13 @@ }; static int tst_bio_core_read_ex(OSSL_CORE_BIO *bio, char *data, size_t data_len, - size_t *bytes_read) + size_t *bytes_read) { return BIO_read_ex(bio->bio, data, data_len, bytes_read); } static int tst_bio_core_write_ex(OSSL_CORE_BIO *bio, const char *data, - size_t data_len, size_t *written) + size_t data_len, size_t *written) { return BIO_write_ex(bio->bio, data, data_len, written); } @@ -75,31 +75,31 @@ corebio.bio = BIO_new(BIO_s_mem()); if (!TEST_ptr(corebio.bio) - || !TEST_ptr(libctx) - /* - * Attempting to create a corebio in a libctx that was not - * created via OSSL_LIB_CTX_new_from_dispatch() should fail. - */ - || !TEST_ptr_null((cbiobad = BIO_new_from_core_bio(NULL, &corebio))) - || !TEST_ptr((cbio = BIO_new_from_core_bio(libctx, &corebio)))) + || !TEST_ptr(libctx) + /* + * Attempting to create a corebio in a libctx that was not + * created via OSSL_LIB_CTX_new_from_dispatch() should fail. + */ + || !TEST_ptr_null((cbiobad = BIO_new_from_core_bio(NULL, &corebio))) + || !TEST_ptr((cbio = BIO_new_from_core_bio(libctx, &corebio)))) goto err; if (!TEST_int_gt(BIO_puts(corebio.bio, msg), 0) - /* Test a ctrl via BIO_eof */ - || !TEST_false(BIO_eof(cbio)) - || !TEST_int_gt(BIO_gets(cbio, buf, sizeof(buf)), 0) - || !TEST_true(BIO_eof(cbio)) - || !TEST_str_eq(buf, msg)) + /* Test a ctrl via BIO_eof */ + || !TEST_false(BIO_eof(cbio)) + || !TEST_int_gt(BIO_gets(cbio, buf, sizeof(buf)), 0) + || !TEST_true(BIO_eof(cbio)) + || !TEST_str_eq(buf, msg)) goto err; buf[0] = '\0'; if (!TEST_int_gt(BIO_write(cbio, msg, strlen(msg) + 1), 0) - || !TEST_int_gt(BIO_read(cbio, buf, sizeof(buf)), 0) - || !TEST_str_eq(buf, msg)) + || !TEST_int_gt(BIO_read(cbio, buf, sizeof(buf)), 0) + || !TEST_str_eq(buf, msg)) goto err; testresult = 1; - err: +err: BIO_free(cbiobad); BIO_free(cbio); BIO_free(corebio.bio); --- crypto/openssl/test/bio_enc_test.c.orig +++ crypto/openssl/test/bio_enc_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,12 +14,12 @@ #include "testutil.h" -#define ENCRYPT 1 -#define DECRYPT 0 +#define ENCRYPT 1 +#define DECRYPT 0 -#define DATA_SIZE 1024 -#define MAX_IV 32 -#define BUF_SIZE (DATA_SIZE + MAX_IV) +#define DATA_SIZE 1024 +#define MAX_IV 32 +#define BUF_SIZE (DATA_SIZE + MAX_IV) static const unsigned char KEY[] = { 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a, @@ -35,8 +35,8 @@ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; -static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, - const unsigned char* iv) +static int do_bio_cipher(const EVP_CIPHER *cipher, const unsigned char *key, + const unsigned char *iv) { BIO *b, *mem; static unsigned char inp[BUF_SIZE] = { 0 }; @@ -108,7 +108,7 @@ goto err; BIO_push(b, mem); memset(out, 0, sizeof(out)); - for (len = 0; (delta = BIO_read(b, out + len, i)); ) { + for (len = 0; (delta = BIO_read(b, out + len, i));) { len += delta; } BIO_free_all(b); @@ -132,7 +132,17 @@ if (!TEST_ptr(mem)) goto err; BIO_push(b, mem); +#if 0 + /* + * This is wrong to do, it always fails, and incorrectly ends up + * calling `EVP_CipherFinal()` and setting ctx->finished = 1, ... + * all of which are unwanted. But just deleting this is less + * instructive to future readers of the code. Don't call BIO_flush + * until you're done either reading or writing and want to finalise + * the state. + */ (void)BIO_flush(b); +#endif memset(out, 0, sizeof(out)); len = BIO_read(b, out, sizeof(out)); BIO_free_all(b); @@ -186,7 +196,7 @@ goto err; BIO_push(b, mem); memset(out, 0, sizeof(out)); - for (len = 0; (delta = BIO_read(b, out + len, i)); ) { + for (len = 0; (delta = BIO_read(b, out + len, i));) { len += delta; } BIO_free_all(b); @@ -204,14 +214,13 @@ return 0; } -static int do_test_bio_cipher(const EVP_CIPHER* cipher, int idx) +static int do_test_bio_cipher(const EVP_CIPHER *cipher, int idx) { - switch(idx) - { - case 0: - return do_bio_cipher(cipher, KEY, NULL); - case 1: - return do_bio_cipher(cipher, KEY, IV); + switch (idx) { + case 0: + return do_bio_cipher(cipher, KEY, NULL); + case 1: + return do_bio_cipher(cipher, KEY, IV); } return 0; } @@ -236,19 +245,80 @@ return do_test_bio_cipher(EVP_aes_256_ofb(), idx); } -# ifndef OPENSSL_NO_CHACHA +#ifndef OPENSSL_NO_CHACHA static int test_bio_enc_chacha20(int idx) { return do_test_bio_cipher(EVP_chacha20(), idx); } -# ifndef OPENSSL_NO_POLY1305 +#ifndef OPENSSL_NO_POLY1305 static int test_bio_enc_chacha20_poly1305(int idx) { return do_test_bio_cipher(EVP_chacha20_poly1305(), idx); } -# endif -# endif +#endif +#endif + +static int test_bio_enc_eof_read_flush(void) +{ + /* Length chosen to ensure base64 encoding employs padding */ + const unsigned char pbuf[] = "Attack at dawn"; + unsigned char cbuf[16]; /* At least as long as pbuf */ + const EVP_CIPHER *cipher = EVP_aes_256_gcm(); + EVP_CIPHER_CTX *ctx = NULL; + BIO *mem = NULL, *b64 = NULL, *cbio = NULL; + unsigned char tag[16]; + size_t key_size, iv_size; + int n, ret = 0; + + memset(tag, 0, sizeof(tag)); + if (!TEST_ptr(cipher) + || !TEST_int_gt((key_size = EVP_CIPHER_key_length(cipher)), 0) + || !TEST_int_gt((iv_size = EVP_CIPHER_iv_length(cipher)), 0) + || !TEST_ptr(mem = BIO_new(BIO_s_mem())) + || !TEST_ptr(b64 = BIO_new(BIO_f_base64())) + || !TEST_ptr(cbio = BIO_new(BIO_f_cipher())) + || !TEST_ptr(BIO_push(b64, mem)) + || !TEST_ptr(BIO_push(cbio, b64)) + || !TEST_int_gt(BIO_get_cipher_ctx(cbio, &ctx), 0) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, KEY, IV, ENCRYPT)) + || !TEST_int_gt(BIO_write(cbio, pbuf, sizeof(pbuf) - 1), 0) + || !TEST_int_gt(BIO_flush(cbio), 0) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, + sizeof(tag), tag), + 0)) + goto end; + BIO_free(cbio); + BIO_free(b64); + b64 = cbio = NULL; + + BIO_set_mem_eof_return(mem, 0); + BIO_set_flags(mem, BIO_FLAGS_NONCLEAR_RST); + if (!TEST_int_gt(BIO_reset(mem), 0) + || !TEST_ptr(b64 = BIO_new(BIO_f_base64())) + || !TEST_ptr(cbio = BIO_new(BIO_f_cipher())) + || !TEST_ptr(BIO_push(b64, mem)) + || !TEST_ptr(BIO_push(cbio, b64)) + || !TEST_int_gt(BIO_get_cipher_ctx(cbio, &ctx), 0) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, KEY, IV, DECRYPT)) + || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, + sizeof(tag), tag), + 0) + || !TEST_int_gt((n = BIO_read(cbio, cbuf, sizeof(cbuf))), 0) + || !TEST_true(BIO_get_cipher_status(cbio)) + /* Evaluate both and report whether either or both failed */ + || (!TEST_int_gt(BIO_flush(cbio), 0) + !TEST_true(BIO_get_cipher_status(cbio))) + || !TEST_mem_eq(cbuf, n, pbuf, sizeof(pbuf) - 1)) + goto end; + + ret = 1; + +end: + BIO_free(cbio); + BIO_free(b64); + BIO_free(mem); + return ret; +} int setup_tests(void) { @@ -256,11 +326,12 @@ ADD_ALL_TESTS(test_bio_enc_aes_128_ctr, 2); ADD_ALL_TESTS(test_bio_enc_aes_256_cfb, 2); ADD_ALL_TESTS(test_bio_enc_aes_256_ofb, 2); -# ifndef OPENSSL_NO_CHACHA +#ifndef OPENSSL_NO_CHACHA ADD_ALL_TESTS(test_bio_enc_chacha20, 2); -# ifndef OPENSSL_NO_POLY1305 +#ifndef OPENSSL_NO_POLY1305 ADD_ALL_TESTS(test_bio_enc_chacha20_poly1305, 2); -# endif -# endif +#endif +#endif + ADD_TEST(test_bio_enc_eof_read_flush); return 1; } --- crypto/openssl/test/bio_memleak_test.c.orig +++ crypto/openssl/test/bio_memleak_test.c @@ -25,7 +25,7 @@ if (!TEST_ptr(bio)) goto finish; bufmem.length = sizeof(str); - bufmem.data = (char *) str; + bufmem.data = (char *)str; bufmem.max = bufmem.length; BIO_set_mem_buf(bio, &bufmem, BIO_NOCLOSE); BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY); @@ -35,7 +35,7 @@ goto finish; ok = 1; - finish: +finish: BIO_free(bio); return ok; } @@ -62,7 +62,7 @@ goto finish; ok = 1; - finish: +finish: BIO_free(bio); BUF_MEM_free(bufmem); return ok; @@ -98,7 +98,7 @@ goto finish; ok = 1; - finish: +finish: BIO_free(bio); return ok; } @@ -139,7 +139,7 @@ goto finish; ok = 1; - finish: +finish: BIO_free(bio); BIO_free(bio2); return ok; @@ -176,7 +176,7 @@ ok = 1; - finish: +finish: BIO_free(bio); return ok; } @@ -216,19 +216,19 @@ ok = 1; - finish: +finish: BIO_free(bio); return ok; } static int error_callback_fired; static long BIO_error_callback(BIO *bio, int cmd, const char *argp, - size_t len, int argi, - long argl, int ret, size_t *processed) + size_t len, int argi, + long argl, int ret, size_t *processed) { if ((cmd & (BIO_CB_READ | BIO_CB_RETURN)) != 0) { error_callback_fired = 1; - ret = 0; /* fail for read operations to simulate error in input BIO */ + ret = 0; /* fail for read operations to simulate error in input BIO */ } return ret; } @@ -246,7 +246,7 @@ goto finish; bufmem.length = sizeof(str); - bufmem.data = (char *) str; + bufmem.data = (char *)str; bufmem.max = bufmem.length; BIO_set_mem_buf(bio, &bufmem, BIO_NOCLOSE); BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY); @@ -261,9 +261,9 @@ error_callback_fired = 0; - if (!TEST_false(i2d_ASN1_bio_stream(out, (ASN1_VALUE*) p7, bio, - SMIME_STREAM | SMIME_BINARY, - ASN1_ITEM_rptr(PKCS7)))) + if (!TEST_false(i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, bio, + SMIME_STREAM | SMIME_BINARY, + ASN1_ITEM_rptr(PKCS7)))) goto finish; if (!TEST_int_eq(error_callback_fired, 1)) @@ -271,7 +271,7 @@ ok = 1; - finish: +finish: BIO_free(bio); BIO_free(out); PKCS7_free(p7); --- crypto/openssl/test/bio_prefix_text.c.orig +++ crypto/openssl/test/bio_prefix_text.c @@ -102,7 +102,7 @@ size_t i; next = bio_out; - BIO_up_ref(next); /* Protection against freeing */ + BIO_up_ref(next); /* Protection against freeing */ for (i = 0; n > 0; i++, n--) { BIO *curr = BIO_new(BIO_f_prefix()); @@ -116,7 +116,7 @@ } } return chain != NULL; - err: +err: /* Free the chain we built up */ BIO_free_all(next); OPENSSL_free(chain); @@ -156,7 +156,6 @@ OPENSSL_assert(bio_out != NULL); OPENSSL_assert(bio_err != NULL); - while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_AMOUNT: @@ -164,18 +163,18 @@ amount = strtoul(arg, &endptr, 10); if (endptr[0] != '\0') { BIO_printf(bio_err, - "%s: -n argument isn't a decimal number: %s", - progname, arg); + "%s: -n argument isn't a decimal number: %s", + progname, arg); return 0; } if (amount < 1) { BIO_printf(bio_err, "%s: must set up at least one filter", - progname); + progname); return 0; } if (!setup_bio_chain(progname)) { BIO_printf(bio_err, "%s: failed setting up filter chain", - progname); + progname); return 0; } break; @@ -191,8 +190,8 @@ idx = strtoul(arg, &endptr, 10); if (endptr[0] != ':') { BIO_printf(bio_err, - "%s: -i index isn't a decimal number: %s", - progname, arg); + "%s: -i index isn't a decimal number: %s", + progname, arg); return 0; } colon++; @@ -202,18 +201,18 @@ indent = strtoul(colon, &endptr, 10); if (endptr[0] != '\0') { BIO_printf(bio_err, - "%s: -i value isn't a decimal number: %s", - progname, arg); + "%s: -i value isn't a decimal number: %s", + progname, arg); return 0; } if (idx >= amount) { BIO_printf(bio_err, "%s: index (%zu) not within range 0..%zu", - progname, idx, amount - 1); + progname, idx, amount - 1); return 0; } if (BIO_set_indent(chain[idx], (long)indent) <= 0) { BIO_printf(bio_err, "%s: failed setting indentation: %s", - progname, arg); + progname, arg); return 0; } break; @@ -229,8 +228,8 @@ idx = strtoul(arg, &endptr, 10); if (endptr[0] != ':') { BIO_printf(bio_err, - "%s: -p index isn't a decimal number: %s", - progname, arg); + "%s: -p index isn't a decimal number: %s", + progname, arg); return 0; } colon++; @@ -239,12 +238,12 @@ } if (idx >= amount) { BIO_printf(bio_err, "%s: index (%zu) not within range 0..%zu", - progname, idx, amount - 1); + progname, idx, amount - 1); return 0; } if (BIO_set_prefix(chain[idx], colon) <= 0) { BIO_printf(bio_err, "%s: failed setting prefix: %s", - progname, arg); + progname, arg); return 0; } break; --- /dev/null +++ crypto/openssl/test/bio_pw_callback_test.c @@ -0,0 +1,402 @@ +/* + * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "testutil.h" + +#include +#include + +/* dummy data that needs to be passed to the callback */ +typedef struct CallbackData { + char magic; + int result; +} CALLBACK_DATA; + +/* constants */ +static const char weak_password[] = "weak_password"; +static const char a0a_password[] = "aaaaaaaa\0aaaaaaaa"; +static const char a0b_password[] = "aaaaaaaa\0bbbbbbbb"; +static const char cb_magic = 'p'; + +/* shared working data for all tests */ +static char *key_file = NULL; +static EVP_PKEY *original_pkey = NULL; + +/* the test performed by the callback */ +typedef enum CallbackTest { + CB_TEST_NEGATIVE = 0, + CB_TEST_ZERO_LENGTH, + CB_TEST_WEAK, + CB_TEST_16ZERO, + CB_TEST_A0A, + CB_TEST_A0B, + CB_TEST_MATCH_SIZE, + CB_TEST_EXCEED_SIZE +} CALLBACK_TEST; +static CALLBACK_TEST callback_test = CB_TEST_NEGATIVE; + +typedef enum KeyEncoding { + KE_PEM = 0, + KE_PKCS8 +} KEY_ENCODING; + +typedef enum ExpectedResult { + ER_FAILURE = 0, + ER_SUCCESS +} EXPECTED_RESULT; + +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_KEY_FILE, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "keyfile", OPT_KEY_FILE, '<', + "The PEM file with the encrypted key to load" }, + { NULL } + }; + return test_options; +} + +static int callback_copy_password(char *buf, int size) +{ + int ret = -1; + + switch (callback_test) { + case CB_TEST_NEGATIVE: + break; + case CB_TEST_ZERO_LENGTH: + ret = 0; + break; + case CB_TEST_WEAK: + ret = sizeof(weak_password) - 1; + memcpy(buf, weak_password, ret); + break; + case CB_TEST_16ZERO: + memset(buf, 0, 16); + ret = 16; + break; + case CB_TEST_A0A: + ret = sizeof(a0a_password) - 1; + memcpy(buf, a0a_password, ret); + break; + case CB_TEST_A0B: + ret = sizeof(a0b_password) - 1; + memcpy(buf, a0b_password, ret); + break; + case CB_TEST_MATCH_SIZE: + memset(buf, 'e', size); + ret = size; + break; + case CB_TEST_EXCEED_SIZE: + memset(buf, 'e', size); + ret = 1000000; + break; + } + return ret; +} + +static int read_callback(char *buf, int size, int rwflag, void *u) +{ + CALLBACK_DATA *cb_data = (CALLBACK_DATA *)u; + int ret = -1; + + /* basic verification of the received data */ + if (!TEST_ptr(cb_data)) + goto err; + if (!TEST_char_eq(cb_data->magic, cb_magic)) + goto err; + if (!TEST_ptr(buf)) + goto err; + if (!TEST_int_gt(size, 0)) + goto err; + if (!TEST_int_eq(rwflag, 0)) + goto err; + ret = callback_copy_password(buf, size); + cb_data->result = 1; +err: + return ret; +} + +static int write_callback(char *buf, int size, int rwflag, void *u) +{ + CALLBACK_DATA *cb_data = (CALLBACK_DATA *)u; + int ret = -1; + + /* basic verification of the received data */ + if (!TEST_ptr(cb_data)) + goto err; + if (!TEST_char_eq(cb_data->magic, cb_magic)) + goto err; + if (!TEST_ptr(buf)) + goto err; + if (!TEST_int_gt(size, 0)) + goto err; + if (!TEST_int_eq(rwflag, 1)) + goto err; + ret = callback_copy_password(buf, size); + cb_data->result = 1; +err: + return ret; +} + +static int re_encrypt_key(char **enc_data, int *enc_data_size, + KEY_ENCODING key_encoding) +{ + CALLBACK_DATA cb_data; + int w_ret = 0; + BUF_MEM *bptr = NULL; + BIO *bio = NULL; + int ret = 0; + + if (!TEST_ptr(enc_data)) + goto err; + if (!TEST_ptr(enc_data_size)) + goto err; + if (!TEST_ptr(bio = BIO_new(BIO_s_mem()))) + goto err; + cb_data.magic = cb_magic; + cb_data.result = 0; + switch (key_encoding) { + case KE_PEM: + w_ret = PEM_write_bio_PrivateKey(bio, original_pkey, EVP_aes_256_cbc(), + NULL, 0, write_callback, &cb_data); + break; + case KE_PKCS8: + w_ret = i2d_PKCS8PrivateKey_bio(bio, original_pkey, EVP_aes_256_cbc(), + NULL, 0, write_callback, &cb_data); + break; + } + if (!TEST_int_ne(w_ret, 0)) + goto err; + if (!TEST_char_eq(cb_data.magic, cb_magic)) + goto err; + if (!TEST_int_eq(cb_data.result, 1)) + goto err; + *enc_data_size = BIO_get_mem_data(bio, enc_data); + BIO_get_mem_ptr(bio, &bptr); + if (!BIO_set_close(bio, BIO_NOCLOSE)) + goto err; + bptr->data = NULL; + ret = 1; +err: + BUF_MEM_free(bptr); + BIO_free(bio); + return ret; +} + +static int decrypt_key(char *enc_data, int enc_data_size, + KEY_ENCODING key_encoding, + EXPECTED_RESULT expected_result) +{ + CALLBACK_DATA cb_data; + EVP_PKEY *r_ret = NULL; + BIO *bio = NULL; + EVP_PKEY *pkey = NULL; + int ret = 0; + + if (!TEST_ptr(bio = BIO_new_mem_buf(enc_data, enc_data_size))) + goto err; + cb_data.magic = cb_magic; + cb_data.result = 0; + switch (key_encoding) { + case KE_PEM: + r_ret = PEM_read_bio_PrivateKey(bio, &pkey, read_callback, &cb_data); + break; + case KE_PKCS8: + r_ret = d2i_PKCS8PrivateKey_bio(bio, &pkey, read_callback, &cb_data); + break; + } + if (expected_result == ER_SUCCESS) { + if (!TEST_ptr(r_ret)) + goto err; + } else { + if (!TEST_ptr_null(r_ret)) + goto err; + } + if (!TEST_char_eq(cb_data.magic, cb_magic)) + goto err; + if (!TEST_int_eq(cb_data.result, 1)) + goto err; + ret = 1; +err: + EVP_PKEY_free(pkey); + BIO_free(bio); + return ret; +} + +static int full_cycle_test(KEY_ENCODING key_encoding, CALLBACK_TEST write_test, + CALLBACK_TEST read_test, + EXPECTED_RESULT expected_read_result) +{ + char *enc_data = NULL; + int enc_data_size = 0; + int ret = 0; + + callback_test = write_test; + if (!re_encrypt_key(&enc_data, &enc_data_size, key_encoding)) + goto err; + callback_test = read_test; + if (!decrypt_key(enc_data, enc_data_size, key_encoding, + expected_read_result)) + goto err; + ret = 1; +err: + OPENSSL_free(enc_data); + return ret; +} + +static int test_pem_negative(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_WEAK, CB_TEST_NEGATIVE, ER_FAILURE); +} + +static int test_pem_zero_length(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_ZERO_LENGTH, CB_TEST_ZERO_LENGTH, + ER_SUCCESS); +} + +static int test_pem_weak(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_WEAK, CB_TEST_WEAK, ER_SUCCESS); +} + +static int test_pem_16zero(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_16ZERO, CB_TEST_16ZERO, ER_SUCCESS); +} + +static int test_pem_a0a(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_A0A, CB_TEST_A0A, ER_SUCCESS); +} + +static int test_pem_a0a_a0b(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_A0A, CB_TEST_A0B, ER_FAILURE); +} + +static int test_pem_match_size(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_MATCH_SIZE, CB_TEST_MATCH_SIZE, + ER_SUCCESS); +} + +static int test_pem_exceed_size(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_MATCH_SIZE, CB_TEST_EXCEED_SIZE, + ER_FAILURE); +} + +static int test_pkcs8_negative(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_WEAK, CB_TEST_NEGATIVE, ER_FAILURE); +} + +static int test_pkcs8_zero_length(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_ZERO_LENGTH, CB_TEST_ZERO_LENGTH, + ER_SUCCESS); +} + +static int test_pkcs8_weak(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_WEAK, CB_TEST_WEAK, ER_SUCCESS); +} + +static int test_pkcs8_16zero(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_16ZERO, CB_TEST_16ZERO, + ER_SUCCESS); +} + +static int test_pkcs8_a0a(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_A0A, CB_TEST_A0A, ER_SUCCESS); +} + +static int test_pkcs8_a0a_a0b(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_A0A, CB_TEST_A0B, ER_FAILURE); +} + +static int test_pkcs8_match_size(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_MATCH_SIZE, CB_TEST_MATCH_SIZE, + ER_SUCCESS); +} + +static int test_pkcs8_exceed_size(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_MATCH_SIZE, CB_TEST_EXCEED_SIZE, + ER_FAILURE); +} + +static int callback_original_pw(char *buf, int size, int rwflag, void *u) +{ + memcpy(buf, weak_password, sizeof(weak_password) - 1); + return sizeof(weak_password) - 1; +} + +int setup_tests(void) +{ + OPTION_CHOICE o; + BIO *bio = NULL; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_KEY_FILE: + key_file = opt_arg(); + break; + case OPT_TEST_CASES: + break; + default: + case OPT_ERR: + return 0; + } + } + + /* read the original key */ + if (!TEST_ptr(bio = BIO_new_file(key_file, "r"))) + return 0; + if (!TEST_ptr(PEM_read_bio_PrivateKey(bio, &original_pkey, + callback_original_pw, NULL))) + return 0; + BIO_free(bio); + + /* add all tests */ + ADD_TEST(test_pem_negative); + ADD_TEST(test_pem_zero_length); + ADD_TEST(test_pem_weak); + ADD_TEST(test_pem_16zero); + ADD_TEST(test_pem_a0a); + ADD_TEST(test_pem_a0a_a0b); + ADD_TEST(test_pem_match_size); + ADD_TEST(test_pem_exceed_size); + ADD_TEST(test_pkcs8_negative); + ADD_TEST(test_pkcs8_zero_length); + ADD_TEST(test_pkcs8_weak); + ADD_TEST(test_pkcs8_16zero); + ADD_TEST(test_pkcs8_a0a); + ADD_TEST(test_pkcs8_a0a_a0b); + ADD_TEST(test_pkcs8_match_size); + ADD_TEST(test_pkcs8_exceed_size); + return 1; +} + +void cleanup_tests(void) +{ + EVP_PKEY_free(original_pkey); +} --- crypto/openssl/test/bio_readbuffer_test.c.orig +++ crypto/openssl/test/bio_readbuffer_test.c @@ -34,7 +34,8 @@ /* Open a file BIO and read all the data */ if (!TEST_ptr(in = BIO_new_file(filename, "r")) || !TEST_int_eq(BIO_read_ex(in, expected, sizeof(expected), - &readbytes), 1) + &readbytes), + 1) || !TEST_int_lt(readbytes, sizeof(expected))) goto err; BIO_free(in); --- crypto/openssl/test/bioprinttest.c.orig +++ crypto/openssl/test/bioprinttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,90 +20,97 @@ static int justprint = 0; -static char *fpexpected[][10][5] = { +static char *fpexpected[][11][5] = { { - /* 00 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" }, - /* 01 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" }, - /* 02 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" }, - /* 03 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" }, - /* 04 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" }, - /* 05 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" }, - /* 06 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" }, - /* 07 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" }, - /* 08 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" }, - /* 09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, + /* 0.00 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" }, + /* 0.01 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" }, + /* 0.02 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" }, + /* 0.03 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" }, + /* 0.04 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" }, + /* 0.05 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" }, + /* 0.06 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" }, + /* 0.07 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" }, + /* 0.08 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" }, + /* 0.09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, + /* 0.10 */ { "-6.6667e+04", "-66666.6667", "-6.667e+04", "-6.6667E+04", "-6.667E+04" }, }, { - /* 10 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" }, - /* 11 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" }, - /* 12 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" }, - /* 13 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" }, - /* 14 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" }, - /* 15 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" }, - /* 16 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" }, - /* 17 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" }, - /* 18 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" }, - /* 19 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" }, + /* 1.00 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" }, + /* 1.01 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" }, + /* 1.02 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" }, + /* 1.03 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" }, + /* 1.04 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" }, + /* 1.05 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" }, + /* 1.06 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" }, + /* 1.07 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" }, + /* 1.08 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" }, + /* 1.09 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" }, + /* 1.10 */ { "-6.66667e+04", "-66666.66667", "-66667", "-6.66667E+04", "-66667" }, }, { - /* 20 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" }, - /* 21 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" }, - /* 22 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" }, - /* 23 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" }, - /* 24 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" }, - /* 25 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" }, - /* 26 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" }, - /* 27 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" }, - /* 28 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" }, - /* 29 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" }, + /* 2.00 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" }, + /* 2.01 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" }, + /* 2.02 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" }, + /* 2.03 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" }, + /* 2.04 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" }, + /* 2.05 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" }, + /* 2.06 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" }, + /* 2.07 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" }, + /* 2.08 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" }, + /* 2.09 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" }, + /* 2.10 */ { " -6.6667e+04", " -66666.6667", " -6.667e+04", " -6.6667E+04", " -6.667E+04" }, }, { - /* 30 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" }, - /* 31 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" }, - /* 32 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" }, - /* 33 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" }, - /* 34 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" }, - /* 35 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" }, - /* 36 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" }, - /* 37 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" }, - /* 38 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" }, - /* 39 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" }, + /* 3.00 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" }, + /* 3.01 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" }, + /* 3.02 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" }, + /* 3.03 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" }, + /* 3.04 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" }, + /* 3.05 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" }, + /* 3.06 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" }, + /* 3.07 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" }, + /* 3.08 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" }, + /* 3.09 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" }, + /* 3.10 */ { "-6.66667e+04", "-66666.66667", " -66667", "-6.66667E+04", " -66667" }, }, { - /* 40 */ { "0e+00", "0", "0", "0E+00", "0" }, - /* 41 */ { "7e-01", "1", "0.7", "7E-01", "0.7" }, - /* 42 */ { "7e-01", "1", "0.7", "7E-01", "0.7" }, - /* 43 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" }, - /* 44 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" }, - /* 45 */ { "7e+00", "7", "7", "7E+00", "7" }, - /* 46 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" }, - /* 47 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" }, - /* 48 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" }, - /* 49 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" }, + /* 4.00 */ { "0e+00", "0", "0", "0E+00", "0" }, + /* 4.01 */ { "7e-01", "1", "0.7", "7E-01", "0.7" }, + /* 4.02 */ { "7e-01", "1", "0.7", "7E-01", "0.7" }, + /* 4.03 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" }, + /* 4.04 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" }, + /* 4.05 */ { "7e+00", "7", "7", "7E+00", "7" }, + /* 4.06 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" }, + /* 4.07 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" }, + /* 4.08 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" }, + /* 4.09 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" }, + /* 4.10 */ { "-7e+04", "-66667", "-7e+04", "-7E+04", "-7E+04" }, }, { - /* 50 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" }, - /* 51 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" }, - /* 52 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" }, - /* 53 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" }, - /* 54 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" }, - /* 55 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" }, - /* 56 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" }, - /* 57 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" }, - /* 58 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" }, - /* 59 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" }, + /* 5.00 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" }, + /* 5.01 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" }, + /* 5.02 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" }, + /* 5.03 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" }, + /* 5.04 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" }, + /* 5.05 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" }, + /* 5.06 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" }, + /* 5.07 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" }, + /* 5.08 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" }, + /* 5.09 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" }, + /* 5.10 */ { "-6.666667e+04", "-66666.666667", "-66666.7", "-6.666667E+04", "-66666.7" }, }, { - /* 60 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" }, - /* 61 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" }, - /* 62 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" }, - /* 63 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" }, - /* 64 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" }, - /* 65 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" }, - /* 66 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" }, - /* 67 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" }, - /* 68 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" }, - /* 69 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, + /* 6.00 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" }, + /* 6.01 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" }, + /* 6.02 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" }, + /* 6.03 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" }, + /* 6.04 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" }, + /* 6.05 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" }, + /* 6.06 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" }, + /* 6.07 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" }, + /* 6.08 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" }, + /* 6.09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, + /* 6.10 */ { "-6.6667e+04", "-66666.6667", "-6.667e+04", "-6.6667E+04", "-6.667E+04" }, }, }; @@ -114,16 +121,14 @@ } z_data; static z_data zu_data[] = { - { SIZE_MAX, "%zu", (sizeof(size_t) == 4 ? "4294967295" - : sizeof(size_t) == 8 ? "18446744073709551615" - : "") }, + { SIZE_MAX, "%zu", (sizeof(size_t) == 4 ? "4294967295" : sizeof(size_t) == 8 ? "18446744073709551615" + : "") }, /* * in 2-complement, the unsigned number divided by two plus one becomes the * smallest possible negative signed number of the corresponding type */ - { SIZE_MAX / 2 + 1, "%zi", (sizeof(size_t) == 4 ? "-2147483648" - : sizeof(size_t) == 8 ? "-9223372036854775808" - : "") }, + { SIZE_MAX / 2 + 1, "%zi", (sizeof(size_t) == 4 ? "-2147483648" : sizeof(size_t) == 8 ? "-9223372036854775808" + : "") }, { 0, "%zu", "0" }, { 0, "%zi", "0" }, }; @@ -167,7 +172,6 @@ return 1; } - /* Precision and width. */ typedef struct pw_st { int p; @@ -197,19 +201,19 @@ if (prec >= 0) BIO_snprintf(format, sizeof(format), "%%%s.%d%s", width, prec, - fspec); + fspec); else BIO_snprintf(format, sizeof(format), "%%%s%s", width, fspec); BIO_snprintf(result, sizeof(result), format, val); if (justprint) { if (i == 0) - printf(" /* %d%d */ { \"%s\"", test, sub, result); + printf(" /* %d.%02d */ { \"%s\"", test, sub, result); else printf(", \"%s\"", result); } else if (!TEST_str_eq(fpexpected[test][sub][i], result)) { TEST_info("test %d format=|%s| exp=|%s|, ret=|%s|", - test, format, fpexpected[test][sub][i], result); + test, format, fpexpected[test][sub][i], result); ret = 0; } } @@ -235,7 +239,8 @@ && TEST_true(dofptest(i, t++, 66.0 + frac, pwp->w, pwp->p)) && TEST_true(dofptest(i, t++, 666.0 + frac, pwp->w, pwp->p)) && TEST_true(dofptest(i, t++, 6666.0 + frac, pwp->w, pwp->p)) - && TEST_true(dofptest(i, t++, 66666.0 + frac, pwp->w, pwp->p)); + && TEST_true(dofptest(i, t++, 66666.0 + frac, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, -66666.0 - frac, pwp->w, pwp->p)); if (justprint) printf(" },\n"); return r; @@ -247,7 +252,8 @@ /* Test excessively big number. Should fail */ if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f\n", 2 * (double)ULONG_MAX), -1)) + "%f\n", 2 * (double)ULONG_MAX), + -1)) return 0; return 1; @@ -359,4 +365,3 @@ { return fflush(stderr); } - --- crypto/openssl/test/bn_internal_test.c.orig +++ crypto/openssl/test/bn_internal_test.c @@ -31,12 +31,12 @@ BIGNUM *bn = NULL; ret = TEST_ptr(bn = BN_new()) - /* test passing a prime returns the correct status */ - && TEST_true(BN_set_word(bn, 11)) - /* return extra parameters related to composite */ - && TEST_true(ossl_bn_miller_rabin_is_prime(bn, 10, ctx, NULL, 1, - &status)) - && TEST_int_eq(status, BN_PRIMETEST_PROBABLY_PRIME); + /* test passing a prime returns the correct status */ + && TEST_true(BN_set_word(bn, 11)) + /* return extra parameters related to composite */ + && TEST_true(ossl_bn_miller_rabin_is_prime(bn, 10, ctx, NULL, 1, + &status)) + && TEST_int_eq(status, BN_PRIMETEST_PROBABLY_PRIME); BN_free(bn); return ret; } @@ -52,11 +52,11 @@ BIGNUM *bn = NULL; ret = TEST_ptr(bn = BN_new()) - /* negative tests for different composite numbers */ - && TEST_true(BN_set_word(bn, composites[id])) - && TEST_true(ossl_bn_miller_rabin_is_prime(bn, 10, ctx, NULL, 1, - &status)) - && TEST_int_ne(status, BN_PRIMETEST_PROBABLY_PRIME); + /* negative tests for different composite numbers */ + && TEST_true(BN_set_word(bn, composites[id])) + && TEST_true(ossl_bn_miller_rabin_is_prime(bn, 10, ctx, NULL, 1, + &status)) + && TEST_int_ne(status, BN_PRIMETEST_PROBABLY_PRIME); BN_free(bn); return ret; @@ -102,4 +102,3 @@ { BN_CTX_free(ctx); } - --- crypto/openssl/test/bn_rand_range.h.orig +++ crypto/openssl/test/bn_rand_range.h @@ -15,44 +15,43 @@ unsigned int iterations; double critical; } rand_range_cases[] = { - { 2, 200, 3.841459 }, - { 3, 300, 5.991465 }, - { 4, 400, 7.814728 }, - { 5, 500, 9.487729 }, - { 6, 600, 11.070498 }, - { 7, 700, 12.591587 }, - { 8, 800, 14.067140 }, - { 9, 900, 15.507313 }, - { 10, 1000, 16.918978 }, - { 11, 1100, 18.307038 }, - { 12, 1200, 19.675138 }, - { 13, 1300, 21.026070 }, - { 14, 1400, 22.362032 }, - { 15, 1500, 23.684791 }, - { 16, 1600, 24.995790 }, - { 17, 1700, 26.296228 }, - { 18, 1800, 27.587112 }, - { 19, 1900, 28.869299 }, - { 20, 2000, 30.143527 }, - { 30, 3000, 42.556968 }, - { 40, 4000, 54.572228 }, - { 50, 5000, 66.338649 }, - { 60, 6000, 77.930524 }, - { 70, 7000, 89.391208 }, - { 80, 8000, 100.748619 }, - { 90, 9000, 112.021986 }, - { 100, 10000, 123.225221 }, - { 1000, 10000, 1073.642651 }, - { 2000, 20000, 2104.128222 }, - { 3000, 30000, 3127.515432 }, - { 4000, 40000, 4147.230012 }, - { 5000, 50000, 5164.598069 }, - { 6000, 60000, 6180.299514 }, - { 7000, 70000, 7194.738181 }, - { 8000, 80000, 8208.177159 }, - { 9000, 90000, 9220.799176 }, - { 10000, 100000, 10232.737266 }, + { 2, 200, 3.841459 }, + { 3, 300, 5.991465 }, + { 4, 400, 7.814728 }, + { 5, 500, 9.487729 }, + { 6, 600, 11.070498 }, + { 7, 700, 12.591587 }, + { 8, 800, 14.067140 }, + { 9, 900, 15.507313 }, + { 10, 1000, 16.918978 }, + { 11, 1100, 18.307038 }, + { 12, 1200, 19.675138 }, + { 13, 1300, 21.026070 }, + { 14, 1400, 22.362032 }, + { 15, 1500, 23.684791 }, + { 16, 1600, 24.995790 }, + { 17, 1700, 26.296228 }, + { 18, 1800, 27.587112 }, + { 19, 1900, 28.869299 }, + { 20, 2000, 30.143527 }, + { 30, 3000, 42.556968 }, + { 40, 4000, 54.572228 }, + { 50, 5000, 66.338649 }, + { 60, 6000, 77.930524 }, + { 70, 7000, 89.391208 }, + { 80, 8000, 100.748619 }, + { 90, 9000, 112.021986 }, + { 100, 10000, 123.225221 }, + { 1000, 10000, 1073.642651 }, + { 2000, 20000, 2104.128222 }, + { 3000, 30000, 3127.515432 }, + { 4000, 40000, 4147.230012 }, + { 5000, 50000, 5164.598069 }, + { 6000, 60000, 6180.299514 }, + { 7000, 70000, 7194.738181 }, + { 8000, 80000, 8208.177159 }, + { 9000, 90000, 9220.799176 }, + { 10000, 100000, 10232.737266 }, }; static const int binomial_critical = 29; - --- crypto/openssl/test/bntest.c.orig +++ crypto/openssl/test/bntest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,8 +36,8 @@ size_t mpi_len; } MPITEST; -static const int NUM0 = 100; /* number of tests */ -static const int NUM1 = 50; /* additional tests for some functions */ +static const int NUM0 = 100; /* number of tests */ +static const int NUM1 = 50; /* additional tests for some functions */ static BN_CTX *ctx; /* @@ -56,7 +56,7 @@ int i = s->numpairs; PAIR *pp = s->pairs; - for ( ; --i >= 0; pp++) + for (; --i >= 0; pp++) if (OPENSSL_strcasecmp(pp->key, key) == 0) return pp->value; return NULL; @@ -113,12 +113,12 @@ int st = 0; if (!TEST_ptr(ret = getBN(s, attribute)) - || !TEST_ulong_le(word = BN_get_word(ret), INT_MAX)) + || !TEST_ulong_le(word = BN_get_word(ret), INT_MAX)) goto err; *out = (int)word; st = 1; - err: +err: BN_free(ret); return st; } @@ -150,9 +150,9 @@ int top, cond, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new())) goto err; if (!(TEST_true(BN_bntest_rand(a, 1024, 1, 0)) @@ -165,21 +165,21 @@ /* regular swap */ BN_swap(a, b); if (!equalBN("swap", a, d) - || !equalBN("swap", b, c)) + || !equalBN("swap", b, c)) goto err; /* conditional swap: true */ cond = 1; BN_consttime_swap(cond, a, b, top); if (!equalBN("cswap true", a, c) - || !equalBN("cswap true", b, d)) + || !equalBN("cswap true", b, d)) goto err; /* conditional swap: false */ cond = 0; BN_consttime_swap(cond, a, b, top); if (!equalBN("cswap false", a, c) - || !equalBN("cswap false", b, d)) + || !equalBN("cswap false", b, d)) goto err; /* same tests but checking flag swap */ @@ -187,29 +187,29 @@ BN_swap(a, b); if (!equalBN("swap, flags", a, d) - || !equalBN("swap, flags", b, c) - || !TEST_true(BN_get_flags(b, BN_FLG_CONSTTIME)) - || !TEST_false(BN_get_flags(a, BN_FLG_CONSTTIME))) + || !equalBN("swap, flags", b, c) + || !TEST_true(BN_get_flags(b, BN_FLG_CONSTTIME)) + || !TEST_false(BN_get_flags(a, BN_FLG_CONSTTIME))) goto err; cond = 1; BN_consttime_swap(cond, a, b, top); if (!equalBN("cswap true, flags", a, c) - || !equalBN("cswap true, flags", b, d) - || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) - || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) + || !equalBN("cswap true, flags", b, d) + || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) + || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) goto err; cond = 0; BN_consttime_swap(cond, a, b, top); if (!equalBN("cswap false, flags", a, c) - || !equalBN("cswap false, flags", b, d) - || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) - || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) + || !equalBN("cswap false, flags", b, d) + || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) + || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) goto err; st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -223,16 +223,16 @@ int i, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(c = BN_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new())) goto err; for (i = 0; i < NUM0 + NUM1; i++) { if (i < NUM1) { if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0))) - && TEST_ptr(BN_copy(b, a)) - && TEST_int_ne(BN_set_bit(a, i), 0) - && TEST_true(BN_add_word(b, i))) + && TEST_ptr(BN_copy(b, a)) + && TEST_int_ne(BN_set_bit(a, i), 0) + && TEST_true(BN_add_word(b, i))) goto err; } else { if (!TEST_true(BN_bntest_rand(b, 400 + i - NUM1, 0, 0))) @@ -247,7 +247,7 @@ goto err; } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -261,11 +261,11 @@ int st = 0, i; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new()) - || !TEST_ptr(recp = BN_RECP_CTX_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(recp = BN_RECP_CTX_new())) goto err; for (i = 0; i < NUM0 + NUM1; i++) { @@ -290,7 +290,7 @@ goto err; } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -303,10 +303,10 @@ static struct { int n, divisor, result, remainder; } signed_mod_tests[] = { - { 10, 3, 3, 1 }, - { -10, 3, -3, -1 }, - { 10, -3, -3, 1 }, - { -10, -3, 3, -1 }, + { 10, 3, 3, 1 }, + { -10, 3, -3, -1 }, + { 10, -3, -3, 1 }, + { -10, -3, 3, -1 }, }; static BIGNUM *set_signed_bn(int value) @@ -329,16 +329,16 @@ int st = 0; if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n)) - || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) - || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) - || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) + || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) + || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) + || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) goto err; if (TEST_true(BN_div(a, b, a, b, ctx)) - && TEST_BN_eq(a, c) - && TEST_BN_eq(b, d)) + && TEST_BN_eq(a, c) + && TEST_BN_eq(b, d)) st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -352,16 +352,16 @@ int st = 0; if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n)) - || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) - || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) - || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) + || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) + || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) + || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) goto err; if (TEST_true(BN_div(b, a, a, b, ctx)) - && TEST_BN_eq(b, c) - && TEST_BN_eq(a, d)) + && TEST_BN_eq(b, c) + && TEST_BN_eq(a, d)) st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -375,10 +375,10 @@ int st = 0, i; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new())) goto err; if (!(TEST_true(BN_bntest_rand(a, 1024, 0, 0)))) @@ -397,7 +397,7 @@ goto err; } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -458,14 +458,14 @@ int st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(p = BN_new()) - || !TEST_ptr(m = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(n = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(mont = BN_MONT_CTX_new())) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(m = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(mont = BN_MONT_CTX_new())) goto err; /* must be odd for montgomery */ @@ -482,20 +482,20 @@ /* Regression test for carry bug in mulx4x_mont */ if (!(TEST_true(BN_hex2bn(&a, - "7878787878787878787878787878787878787878787878787878787878787878" - "7878787878787878787878787878787878787878787878787878787878787878" - "7878787878787878787878787878787878787878787878787878787878787878" - "7878787878787878787878787878787878787878787878787878787878787878")) - && TEST_true(BN_hex2bn(&b, - "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744" - "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593" - "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03" - "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81")) - && TEST_true(BN_hex2bn(&n, - "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B" - "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5" - "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4" - "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF")))) + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878")) + && TEST_true(BN_hex2bn(&b, + "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744" + "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593" + "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03" + "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81")) + && TEST_true(BN_hex2bn(&n, + "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B" + "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5" + "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4" + "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF")))) goto err; if (!(TEST_true(BN_MONT_CTX_set(mont, n, ctx)) @@ -519,7 +519,7 @@ /* Regression test for carry bug in bn_sqrx8x_internal */ { static const char *ahex[] = { - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", @@ -534,7 +534,7 @@ NULL }; static const char *nhex[] = { - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", @@ -559,42 +559,42 @@ goto err; if (!TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx)) - || !TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx)) - || !TEST_BN_eq(c, d)) + || !TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx)) + || !TEST_BN_eq(c, d)) goto err; /* Regression test for bug in BN_from_montgomery_word */ if (!(TEST_true(BN_hex2bn(&a, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) - && TEST_true(BN_hex2bn(&n, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) - && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) - && TEST_false(BN_mod_mul_montgomery(d, a, a, mont, ctx)))) + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + && TEST_true(BN_hex2bn(&n, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) + && TEST_false(BN_mod_mul_montgomery(d, a, a, mont, ctx)))) goto err; /* Regression test for bug in rsaz_1024_mul_avx2 */ if (!(TEST_true(BN_hex2bn(&a, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) - && TEST_true(BN_hex2bn(&b, - "2020202020202020202020202020202020202020202020202020202020202020" - "2020202020202020202020202020202020202020202020202020202020202020" - "20202020202020FF202020202020202020202020202020202020202020202020" - "2020202020202020202020202020202020202020202020202020202020202020")) - && TEST_true(BN_hex2bn(&n, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020FF")) - && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) - && TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont)) - && TEST_true(BN_mod_exp_mont(d, a, b, n, ctx, mont)) - && TEST_BN_eq(c, d))) + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) + && TEST_true(BN_hex2bn(&b, + "2020202020202020202020202020202020202020202020202020202020202020" + "2020202020202020202020202020202020202020202020202020202020202020" + "20202020202020FF202020202020202020202020202020202020202020202020" + "2020202020202020202020202020202020202020202020202020202020202020")) + && TEST_true(BN_hex2bn(&n, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020FF")) + && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) + && TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont)) + && TEST_true(BN_mod_exp_mont(d, a, b, n, ctx, mont)) + && TEST_BN_eq(c, d))) goto err; /* @@ -602,22 +602,22 @@ * BN_mod_exp_mont_consttime should reduce the input first. */ if (!(TEST_true(BN_hex2bn(&a, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) - && TEST_true(BN_hex2bn(&b, - "1FA53F26F8811C58BE0357897AA5E165693230BC9DF5F01DFA6A2D59229EC69D" - "9DE6A89C36E3B6957B22D6FAAD5A3C73AE587B710DBE92E83D3A9A3339A085CB" - "B58F508CA4F837924BB52CC1698B7FDC2FD74362456A595A5B58E38E38E38E38" - "E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E")) - && TEST_true(BN_hex2bn(&n, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) - && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) - && TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont)))) + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) + && TEST_true(BN_hex2bn(&b, + "1FA53F26F8811C58BE0357897AA5E165693230BC9DF5F01DFA6A2D59229EC69D" + "9DE6A89C36E3B6957B22D6FAAD5A3C73AE587B710DBE92E83D3A9A3339A085CB" + "B58F508CA4F837924BB52CC1698B7FDC2FD74362456A595A5B58E38E38E38E38" + "E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E")) + && TEST_true(BN_hex2bn(&n, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) + && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) + && TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont)))) goto err; BN_zero(d); if (!TEST_BN_eq(c, d)) @@ -637,7 +637,8 @@ "a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", "b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e", "da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465", - NULL}; + NULL + }; static const char *phex[] = { "f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241", "a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31", @@ -647,7 +648,8 @@ "5df089292820477802a43cf5b6b94e999e8c9944ddebb0d0e95a60f88cb7e813", "ba110d20e1024774107dd02949031864923b3cb8c3f7250d6d1287b0a40db6a4", "7bd5a469518eb65aa207ddc47d8c6e5fc8e0c105be8fc1d4b57b2e27540471d5", - NULL}; + NULL + }; static const char *mhex[] = { "fef15d5ce4625f1bccfbba49fc8439c72bf8202af039a2259678941b60bb4a8f", "2987e965d58fd8cf86a856674d519763d0e1211cc9f8596971050d56d9b35db3", @@ -657,14 +659,15 @@ "c633bd309c016e37736da92129d0b053d4ab28d21ad7d8b6fab2a8bbdc8ee647", "d2fbcf2cf426cf892e6f5639e0252993965dfb73ccd277407014ea784aaa280c", "b7b03972bc8b0baa72360bdb44b82415b86b2f260f877791cd33ba8f2d65229b", - NULL}; + NULL + }; if (!TEST_true(parse_bigBN(&e, ehex)) - || !TEST_true(parse_bigBN(&p, phex)) - || !TEST_true(parse_bigBN(&m, mhex)) - || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) - || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) - || !TEST_BN_eq(a, d)) + || !TEST_true(parse_bigBN(&p, phex)) + || !TEST_true(parse_bigBN(&m, mhex)) + || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) + || !TEST_BN_eq(a, d)) goto err; } @@ -673,7 +676,7 @@ goto err; BN_zero(a); if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) - || !TEST_BN_eq_zero(d)) + || !TEST_BN_eq_zero(d)) goto err; /* @@ -685,9 +688,9 @@ && TEST_true(BN_MONT_CTX_set(mont, m, ctx)))) goto err; if (!TEST_true(BN_from_montgomery(e, a, mont, ctx)) - || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) - || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) - || !TEST_BN_eq(a, d)) + || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) + || !TEST_BN_eq(a, d)) goto err; /* Finally, some regular test vectors. */ @@ -699,7 +702,7 @@ st = 1; - err: +err: BN_MONT_CTX_free(mont); BN_free(a); BN_free(p); @@ -719,8 +722,8 @@ int i, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(c = BN_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new())) goto err; for (i = 0; i < NUM0; i++) { @@ -732,7 +735,7 @@ if (!(TEST_true(BN_GF2m_add(c, a, b)) /* Test that two added values have the correct parity. */ && TEST_false((BN_is_odd(a) && BN_is_odd(c)) - || (!BN_is_odd(a) && !BN_is_odd(c))))) + || (!BN_is_odd(a) && !BN_is_odd(c))))) goto err; if (!(TEST_true(BN_GF2m_add(c, c, c)) /* Test that c + c = 0. */ @@ -740,7 +743,7 @@ goto err; } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -749,15 +752,15 @@ static int test_gf2m_mod(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL, *e = NULL; + BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL, *e = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b[0] = BN_new()) - || !TEST_ptr(b[1] = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new())) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new())) goto err; if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) @@ -777,7 +780,7 @@ } } st = 1; - err: +err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -789,19 +792,19 @@ static int test_gf2m_mul(void) { - BIGNUM *a, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; + BIGNUM *a, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; BIGNUM *e = NULL, *f = NULL, *g = NULL, *h = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b[0] = BN_new()) - || !TEST_ptr(b[1] = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new()) - || !TEST_ptr(f = BN_new()) - || !TEST_ptr(g = BN_new()) - || !TEST_ptr(h = BN_new())) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(f = BN_new()) + || !TEST_ptr(g = BN_new()) + || !TEST_ptr(h = BN_new())) goto err; if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) @@ -827,7 +830,7 @@ } st = 1; - err: +err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -842,14 +845,14 @@ static int test_gf2m_sqr(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b[0] = BN_new()) - || !TEST_ptr(b[1] = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new())) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new())) goto err; if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) @@ -858,7 +861,7 @@ for (i = 0; i < NUM0; i++) { if (!TEST_true(BN_bntest_rand(a, 1024, 0, 0))) - goto err; + goto err; for (j = 0; j < 2; j++) { if (!(TEST_true(BN_GF2m_mod_sqr(c, a, b[j], ctx)) && TEST_true(BN_copy(d, a)) @@ -870,7 +873,7 @@ } } st = 1; - err: +err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -881,14 +884,14 @@ static int test_gf2m_modinv(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b[0] = BN_new()) - || !TEST_ptr(b[1] = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new())) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new())) goto err; /* Test that a non-sensical, too small value causes a failure */ @@ -915,7 +918,7 @@ } } st = 1; - err: +err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -926,17 +929,17 @@ static int test_gf2m_moddiv(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; BIGNUM *e = NULL, *f = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b[0] = BN_new()) - || !TEST_ptr(b[1] = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new()) - || !TEST_ptr(f = BN_new())) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(f = BN_new())) goto err; if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) @@ -957,7 +960,7 @@ } } st = 1; - err: +err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -970,17 +973,17 @@ static int test_gf2m_modexp(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; BIGNUM *e = NULL, *f = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b[0] = BN_new()) - || !TEST_ptr(b[1] = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new()) - || !TEST_ptr(f = BN_new())) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(f = BN_new())) goto err; if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) @@ -1005,7 +1008,7 @@ } } st = 1; - err: +err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1018,17 +1021,17 @@ static int test_gf2m_modsqrt(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; BIGNUM *e = NULL, *f = NULL; int i, j, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b[0] = BN_new()) - || !TEST_ptr(b[1] = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new()) - || !TEST_ptr(f = BN_new())) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(f = BN_new())) goto err; if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) @@ -1050,7 +1053,7 @@ } } st = 1; - err: +err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1063,16 +1066,16 @@ static int test_gf2m_modsolvequad(void) { - BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; BIGNUM *e = NULL; int i, j, s = 0, t, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b[0] = BN_new()) - || !TEST_ptr(b[1] = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new()) - || !TEST_ptr(e = BN_new())) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new())) goto err; if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) @@ -1104,7 +1107,7 @@ goto err; } st = 1; - err: +err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1121,9 +1124,9 @@ int i, legendre, kronecker, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(r = BN_new()) - || !TEST_ptr(t = BN_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(r = BN_new()) + || !TEST_ptr(t = BN_new())) goto err; /* @@ -1185,7 +1188,7 @@ } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(r); @@ -1200,17 +1203,17 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(b = getBN(s, "B")) - || !TEST_ptr(sum = getBN(s, "Sum")) - || !TEST_ptr(ret = BN_new())) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(sum = getBN(s, "Sum")) + || !TEST_ptr(ret = BN_new())) goto err; if (!TEST_true(BN_add(ret, a, b)) - || !equalBN("A + B", sum, ret) - || !TEST_true(BN_sub(ret, sum, a)) - || !equalBN("Sum - A", b, ret) - || !TEST_true(BN_sub(ret, sum, b)) - || !equalBN("Sum - B", a, ret)) + || !equalBN("A + B", sum, ret) + || !TEST_true(BN_sub(ret, sum, a)) + || !equalBN("Sum - A", b, ret) + || !TEST_true(BN_sub(ret, sum, b)) + || !equalBN("Sum - B", a, ret)) goto err; /* @@ -1219,23 +1222,23 @@ * There is no test for all of |r|, |a|, and |b| pointint to the same BIGNUM. */ if (!TEST_true(BN_copy(ret, a)) - || !TEST_true(BN_add(ret, ret, b)) - || !equalBN("A + B (r is a)", sum, ret) - || !TEST_true(BN_copy(ret, b)) - || !TEST_true(BN_add(ret, a, ret)) - || !equalBN("A + B (r is b)", sum, ret) - || !TEST_true(BN_copy(ret, sum)) - || !TEST_true(BN_sub(ret, ret, a)) - || !equalBN("Sum - A (r is a)", b, ret) - || !TEST_true(BN_copy(ret, a)) - || !TEST_true(BN_sub(ret, sum, ret)) - || !equalBN("Sum - A (r is b)", b, ret) - || !TEST_true(BN_copy(ret, sum)) - || !TEST_true(BN_sub(ret, ret, b)) - || !equalBN("Sum - B (r is a)", a, ret) - || !TEST_true(BN_copy(ret, b)) - || !TEST_true(BN_sub(ret, sum, ret)) - || !equalBN("Sum - B (r is b)", a, ret)) + || !TEST_true(BN_add(ret, ret, b)) + || !equalBN("A + B (r is a)", sum, ret) + || !TEST_true(BN_copy(ret, b)) + || !TEST_true(BN_add(ret, a, ret)) + || !equalBN("A + B (r is b)", sum, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_sub(ret, ret, a)) + || !equalBN("Sum - A (r is a)", b, ret) + || !TEST_true(BN_copy(ret, a)) + || !TEST_true(BN_sub(ret, sum, ret)) + || !equalBN("Sum - A (r is b)", b, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_sub(ret, ret, b)) + || !equalBN("Sum - B (r is a)", a, ret) + || !TEST_true(BN_copy(ret, b)) + || !TEST_true(BN_sub(ret, sum, ret)) + || !equalBN("Sum - B (r is b)", a, ret)) goto err; /* @@ -1246,11 +1249,11 @@ */ if (!BN_is_negative(a) && !BN_is_negative(b) && BN_cmp(a, b) >= 0) { if (!TEST_true(BN_uadd(ret, a, b)) - || !equalBN("A +u B", sum, ret) - || !TEST_true(BN_usub(ret, sum, a)) - || !equalBN("Sum -u A", b, ret) - || !TEST_true(BN_usub(ret, sum, b)) - || !equalBN("Sum -u B", a, ret)) + || !equalBN("A +u B", sum, ret) + || !TEST_true(BN_usub(ret, sum, a)) + || !equalBN("Sum -u A", b, ret) + || !TEST_true(BN_usub(ret, sum, b)) + || !equalBN("Sum -u B", a, ret)) goto err; /* * Test that the functions work when |r| and |a| point to the same @@ -1259,23 +1262,23 @@ * BIGNUM. */ if (!TEST_true(BN_copy(ret, a)) - || !TEST_true(BN_uadd(ret, ret, b)) - || !equalBN("A +u B (r is a)", sum, ret) - || !TEST_true(BN_copy(ret, b)) - || !TEST_true(BN_uadd(ret, a, ret)) - || !equalBN("A +u B (r is b)", sum, ret) - || !TEST_true(BN_copy(ret, sum)) - || !TEST_true(BN_usub(ret, ret, a)) - || !equalBN("Sum -u A (r is a)", b, ret) - || !TEST_true(BN_copy(ret, a)) - || !TEST_true(BN_usub(ret, sum, ret)) - || !equalBN("Sum -u A (r is b)", b, ret) - || !TEST_true(BN_copy(ret, sum)) - || !TEST_true(BN_usub(ret, ret, b)) - || !equalBN("Sum -u B (r is a)", a, ret) - || !TEST_true(BN_copy(ret, b)) - || !TEST_true(BN_usub(ret, sum, ret)) - || !equalBN("Sum -u B (r is b)", a, ret)) + || !TEST_true(BN_uadd(ret, ret, b)) + || !equalBN("A +u B (r is a)", sum, ret) + || !TEST_true(BN_copy(ret, b)) + || !TEST_true(BN_uadd(ret, a, ret)) + || !equalBN("A +u B (r is b)", sum, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_usub(ret, ret, a)) + || !equalBN("Sum -u A (r is a)", b, ret) + || !TEST_true(BN_copy(ret, a)) + || !TEST_true(BN_usub(ret, sum, ret)) + || !equalBN("Sum -u A (r is b)", b, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_usub(ret, ret, b)) + || !equalBN("Sum -u B (r is a)", a, ret) + || !TEST_true(BN_copy(ret, b)) + || !TEST_true(BN_usub(ret, sum, ret)) + || !equalBN("Sum -u B (r is b)", a, ret)) goto err; } @@ -1285,16 +1288,16 @@ b_word = BN_get_word(b); if (!BN_is_negative(b) && b_word != (BN_ULONG)-1) { if (!TEST_true(BN_copy(ret, a)) - || !TEST_true(BN_add_word(ret, b_word)) - || !equalBN("A + B (word)", sum, ret) - || !TEST_true(BN_copy(ret, sum)) - || !TEST_true(BN_sub_word(ret, b_word)) - || !equalBN("Sum - B (word)", a, ret)) + || !TEST_true(BN_add_word(ret, b_word)) + || !equalBN("A + B (word)", sum, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_sub_word(ret, b_word)) + || !equalBN("Sum - B (word)", a, ret)) goto err; } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(sum); @@ -1309,41 +1312,41 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(lshift1 = getBN(s, "LShift1")) - || !TEST_ptr(zero = BN_new()) - || !TEST_ptr(ret = BN_new()) - || !TEST_ptr(two = BN_new()) - || !TEST_ptr(remainder = BN_new())) + || !TEST_ptr(lshift1 = getBN(s, "LShift1")) + || !TEST_ptr(zero = BN_new()) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(two = BN_new()) + || !TEST_ptr(remainder = BN_new())) goto err; BN_zero(zero); if (!TEST_true(BN_set_word(two, 2)) - || !TEST_true(BN_add(ret, a, a)) - || !equalBN("A + A", lshift1, ret) - || !TEST_true(BN_mul(ret, a, two, ctx)) - || !equalBN("A * 2", lshift1, ret) - || !TEST_true(BN_div(ret, remainder, lshift1, two, ctx)) - || !equalBN("LShift1 / 2", a, ret) - || !equalBN("LShift1 % 2", zero, remainder) - || !TEST_true(BN_lshift1(ret, a)) - || !equalBN("A << 1", lshift1, ret) - || !TEST_true(BN_rshift1(ret, lshift1)) - || !equalBN("LShift >> 1", a, ret) - || !TEST_true(BN_rshift1(ret, lshift1)) - || !equalBN("LShift >> 1", a, ret)) + || !TEST_true(BN_add(ret, a, a)) + || !equalBN("A + A", lshift1, ret) + || !TEST_true(BN_mul(ret, a, two, ctx)) + || !equalBN("A * 2", lshift1, ret) + || !TEST_true(BN_div(ret, remainder, lshift1, two, ctx)) + || !equalBN("LShift1 / 2", a, ret) + || !equalBN("LShift1 % 2", zero, remainder) + || !TEST_true(BN_lshift1(ret, a)) + || !equalBN("A << 1", lshift1, ret) + || !TEST_true(BN_rshift1(ret, lshift1)) + || !equalBN("LShift >> 1", a, ret) + || !TEST_true(BN_rshift1(ret, lshift1)) + || !equalBN("LShift >> 1", a, ret)) goto err; /* Set the LSB to 1 and test rshift1 again. */ if (!TEST_true(BN_set_bit(lshift1, 0)) - || !TEST_true(BN_div(ret, NULL /* rem */ , lshift1, two, ctx)) - || !equalBN("(LShift1 | 1) / 2", a, ret) - || !TEST_true(BN_rshift1(ret, lshift1)) - || !equalBN("(LShift | 1) >> 1", a, ret)) + || !TEST_true(BN_div(ret, NULL /* rem */, lshift1, two, ctx)) + || !equalBN("(LShift1 | 1) / 2", a, ret) + || !TEST_true(BN_rshift1(ret, lshift1)) + || !equalBN("(LShift | 1) >> 1", a, ret)) goto err; st = 1; - err: +err: BN_free(a); BN_free(lshift1); BN_free(zero); @@ -1360,19 +1363,19 @@ int n = 0, st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(lshift = getBN(s, "LShift")) - || !TEST_ptr(ret = BN_new()) - || !getint(s, &n, "N")) + || !TEST_ptr(lshift = getBN(s, "LShift")) + || !TEST_ptr(ret = BN_new()) + || !getint(s, &n, "N")) goto err; if (!TEST_true(BN_lshift(ret, a, n)) - || !equalBN("A << N", lshift, ret) - || !TEST_true(BN_rshift(ret, lshift, n)) - || !equalBN("A >> N", a, ret)) + || !equalBN("A << N", lshift, ret) + || !TEST_true(BN_rshift(ret, lshift, n)) + || !equalBN("A >> N", a, ret)) goto err; st = 1; - err: +err: BN_free(a); BN_free(lshift); BN_free(ret); @@ -1385,24 +1388,24 @@ int n = 0, st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(rshift = getBN(s, "RShift")) - || !TEST_ptr(ret = BN_new()) - || !getint(s, &n, "N")) + || !TEST_ptr(rshift = getBN(s, "RShift")) + || !TEST_ptr(ret = BN_new()) + || !getint(s, &n, "N")) goto err; if (!TEST_true(BN_rshift(ret, a, n)) - || !equalBN("A >> N", rshift, ret)) + || !equalBN("A >> N", rshift, ret)) goto err; /* If N == 1, try with rshift1 as well */ if (n == 1) { if (!TEST_true(BN_rshift1(ret, a)) - || !equalBN("A >> 1 (rshift1)", rshift, ret)) + || !equalBN("A >> 1 (rshift1)", rshift, ret)) goto err; } st = 1; - err: +err: BN_free(a); BN_free(rshift); BN_free(ret); @@ -1416,32 +1419,32 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(square = getBN(s, "Square")) - || !TEST_ptr(zero = BN_new()) - || !TEST_ptr(ret = BN_new()) - || !TEST_ptr(remainder = BN_new())) + || !TEST_ptr(square = getBN(s, "Square")) + || !TEST_ptr(zero = BN_new()) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(remainder = BN_new())) goto err; BN_zero(zero); if (!TEST_true(BN_sqr(ret, a, ctx)) - || !equalBN("A^2", square, ret) - || !TEST_true(BN_mul(ret, a, a, ctx)) - || !equalBN("A * A", square, ret) - || !TEST_true(BN_div(ret, remainder, square, a, ctx)) - || !equalBN("Square / A", a, ret) - || !equalBN("Square % A", zero, remainder)) + || !equalBN("A^2", square, ret) + || !TEST_true(BN_mul(ret, a, a, ctx)) + || !equalBN("A * A", square, ret) + || !TEST_true(BN_div(ret, remainder, square, a, ctx)) + || !equalBN("Square / A", a, ret) + || !equalBN("Square % A", zero, remainder)) goto err; #if HAVE_BN_SQRT BN_set_negative(a, 0); if (!TEST_true(BN_sqrt(ret, square, ctx)) - || !equalBN("sqrt(Square)", a, ret)) + || !equalBN("sqrt(Square)", a, ret)) goto err; /* BN_sqrt should fail on non-squares and negative numbers. */ if (!TEST_BN_eq_zero(square)) { if (!TEST_ptr(tmp = BN_new()) - || !TEST_true(BN_copy(tmp, square))) + || !TEST_true(BN_copy(tmp, square))) goto err; BN_set_negative(tmp, 1); @@ -1459,7 +1462,7 @@ #endif st = 1; - err: +err: BN_free(a); BN_free(square); BN_free(zero); @@ -1476,27 +1479,27 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(b = getBN(s, "B")) - || !TEST_ptr(product = getBN(s, "Product")) - || !TEST_ptr(ret = BN_new()) - || !TEST_ptr(remainder = BN_new()) - || !TEST_ptr(zero = BN_new())) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(product = getBN(s, "Product")) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(remainder = BN_new()) + || !TEST_ptr(zero = BN_new())) goto err; BN_zero(zero); if (!TEST_true(BN_mul(ret, a, b, ctx)) - || !equalBN("A * B", product, ret) - || !TEST_true(BN_div(ret, remainder, product, a, ctx)) - || !equalBN("Product / A", b, ret) - || !equalBN("Product % A", zero, remainder) - || !TEST_true(BN_div(ret, remainder, product, b, ctx)) - || !equalBN("Product / B", a, ret) - || !equalBN("Product % B", zero, remainder)) + || !equalBN("A * B", product, ret) + || !TEST_true(BN_div(ret, remainder, product, a, ctx)) + || !equalBN("Product / A", b, ret) + || !equalBN("Product % A", zero, remainder) + || !TEST_true(BN_div(ret, remainder, product, b, ctx)) + || !equalBN("Product / B", a, ret) + || !equalBN("Product % B", zero, remainder)) goto err; st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(product); @@ -1514,20 +1517,20 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(b = getBN(s, "B")) - || !TEST_ptr(quotient = getBN(s, "Quotient")) - || !TEST_ptr(remainder = getBN(s, "Remainder")) - || !TEST_ptr(ret = BN_new()) - || !TEST_ptr(ret2 = BN_new()) - || !TEST_ptr(nnmod = BN_new())) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(quotient = getBN(s, "Quotient")) + || !TEST_ptr(remainder = getBN(s, "Remainder")) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(ret2 = BN_new()) + || !TEST_ptr(nnmod = BN_new())) goto err; if (!TEST_true(BN_div(ret, ret2, a, b, ctx)) - || !equalBN("A / B", quotient, ret) - || !equalBN("A % B", remainder, ret2) - || !TEST_true(BN_mul(ret, quotient, b, ctx)) - || !TEST_true(BN_add(ret, ret, remainder)) - || !equalBN("Quotient * B + Remainder", a, ret)) + || !equalBN("A / B", quotient, ret) + || !equalBN("A % B", remainder, ret2) + || !TEST_true(BN_mul(ret, quotient, b, ctx)) + || !TEST_true(BN_add(ret, ret, remainder)) + || !equalBN("Quotient * B + Remainder", a, ret)) goto err; /* @@ -1545,22 +1548,22 @@ if (ret_word != remainder_word) { #ifdef BN_DEC_FMT1 TEST_error( - "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1, - ret_word, remainder_word); + "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1, + ret_word, remainder_word); #else TEST_error("Got A %% B (word) mismatch"); #endif goto err; } - if (!equalBN ("A / B (word)", quotient, ret)) + if (!equalBN("A / B (word)", quotient, ret)) goto err; ret_word = BN_mod_word(a, b_word); if (ret_word != remainder_word) { #ifdef BN_DEC_FMT1 TEST_error( - "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1 "", - ret_word, remainder_word); + "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1 "", + ret_word, remainder_word); #else TEST_error("Got A %% B (word) mismatch"); #endif @@ -1571,15 +1574,15 @@ /* Test BN_nnmod. */ if (!BN_is_negative(b)) { if (!TEST_true(BN_copy(nnmod, remainder)) - || (BN_is_negative(nnmod) - && !TEST_true(BN_add(nnmod, nnmod, b))) - || !TEST_true(BN_nnmod(ret, a, b, ctx)) - || !equalBN("A % B (non-negative)", nnmod, ret)) + || (BN_is_negative(nnmod) + && !TEST_true(BN_add(nnmod, nnmod, b))) + || !TEST_true(BN_nnmod(ret, a, b, ctx)) + || !equalBN("A % B (non-negative)", nnmod, ret)) goto err; } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(quotient); @@ -1596,14 +1599,14 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(b = getBN(s, "B")) - || !TEST_ptr(m = getBN(s, "M")) - || !TEST_ptr(mod_mul = getBN(s, "ModMul")) - || !TEST_ptr(ret = BN_new())) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(m = getBN(s, "M")) + || !TEST_ptr(mod_mul = getBN(s, "ModMul")) + || !TEST_ptr(ret = BN_new())) goto err; if (!TEST_true(BN_mod_mul(ret, a, b, m, ctx)) - || !equalBN("A * B (mod M)", mod_mul, ret)) + || !equalBN("A * B (mod M)", mod_mul, ret)) goto err; if (BN_is_odd(m)) { @@ -1613,15 +1616,15 @@ BIGNUM *b_tmp = BN_new(); if (mont == NULL || a_tmp == NULL || b_tmp == NULL - || !TEST_true(BN_MONT_CTX_set(mont, m, ctx)) - || !TEST_true(BN_nnmod(a_tmp, a, m, ctx)) - || !TEST_true(BN_nnmod(b_tmp, b, m, ctx)) - || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx)) - || !TEST_true(BN_to_montgomery(b_tmp, b_tmp, mont, ctx)) - || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, b_tmp, - mont, ctx)) - || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx)) - || !equalBN("A * B (mod M) (mont)", mod_mul, ret)) + || !TEST_true(BN_MONT_CTX_set(mont, m, ctx)) + || !TEST_true(BN_nnmod(a_tmp, a, m, ctx)) + || !TEST_true(BN_nnmod(b_tmp, b, m, ctx)) + || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx)) + || !TEST_true(BN_to_montgomery(b_tmp, b_tmp, mont, ctx)) + || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, b_tmp, + mont, ctx)) + || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx)) + || !equalBN("A * B (mod M) (mont)", mod_mul, ret)) st = 0; else st = 1; @@ -1633,7 +1636,7 @@ } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(m); @@ -1642,6 +1645,52 @@ return st; } +static int file_modsqr(STANZA *s) +{ + BIGNUM *a = NULL, *m = NULL, *mod_sqr = NULL, *ret = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(m = getBN(s, "M")) + || !TEST_ptr(mod_sqr = getBN(s, "ModSqr")) + || !TEST_ptr(ret = BN_new())) + goto err; + + if (!TEST_true(BN_mod_sqr(ret, a, m, ctx)) + || !equalBN("A^2 (mod M)", mod_sqr, ret)) + goto err; + + if (BN_is_odd(m)) { + /* Reduce |a| and test the Montgomery version. */ + BN_MONT_CTX *mont = BN_MONT_CTX_new(); + BIGNUM *a_tmp = BN_new(); + + if (mont == NULL || a_tmp == NULL + || !TEST_true(BN_MONT_CTX_set(mont, m, ctx)) + || !TEST_true(BN_nnmod(a_tmp, a, m, ctx)) + || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx)) + || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, a_tmp, + mont, ctx)) + || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx)) + || !equalBN("A^2 (mod M) (mont)", mod_sqr, ret)) + st = 0; + else + st = 1; + BN_MONT_CTX_free(mont); + BN_free(a_tmp); + if (st == 0) + goto err; + } + + st = 1; +err: + BN_free(a); + BN_free(m); + BN_free(mod_sqr); + BN_free(ret); + return st; +} + static int file_modexp(STANZA *s) { BIGNUM *a = NULL, *e = NULL, *m = NULL, *mod_exp = NULL, *ret = NULL; @@ -1649,23 +1698,23 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(e = getBN(s, "E")) - || !TEST_ptr(m = getBN(s, "M")) - || !TEST_ptr(mod_exp = getBN(s, "ModExp")) - || !TEST_ptr(ret = BN_new()) - || !TEST_ptr(d = BN_new())) + || !TEST_ptr(e = getBN(s, "E")) + || !TEST_ptr(m = getBN(s, "M")) + || !TEST_ptr(mod_exp = getBN(s, "ModExp")) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(d = BN_new())) goto err; if (!TEST_true(BN_mod_exp(ret, a, e, m, ctx)) - || !equalBN("A ^ E (mod M)", mod_exp, ret)) + || !equalBN("A ^ E (mod M)", mod_exp, ret)) goto err; if (BN_is_odd(m)) { if (!TEST_true(BN_mod_exp_mont(ret, a, e, m, ctx, NULL)) - || !equalBN("A ^ E (mod M) (mont)", mod_exp, ret) - || !TEST_true(BN_mod_exp_mont_consttime(ret, a, e, m, - ctx, NULL)) - || !equalBN("A ^ E (mod M) (mont const", mod_exp, ret)) + || !equalBN("A ^ E (mod M) (mont)", mod_exp, ret) + || !TEST_true(BN_mod_exp_mont_consttime(ret, a, e, m, + ctx, NULL)) + || !equalBN("A ^ E (mod M) (mont const", mod_exp, ret)) goto err; } @@ -1685,7 +1734,7 @@ goto err; st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -1703,17 +1752,17 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(e = getBN(s, "E")) - || !TEST_ptr(exp = getBN(s, "Exp")) - || !TEST_ptr(ret = BN_new())) + || !TEST_ptr(e = getBN(s, "E")) + || !TEST_ptr(exp = getBN(s, "Exp")) + || !TEST_ptr(ret = BN_new())) goto err; if (!TEST_true(BN_exp(ret, a, e, ctx)) - || !equalBN("A ^ E", exp, ret)) + || !equalBN("A ^ E", exp, ret)) goto err; st = 1; - err: +err: BN_free(a); BN_free(e); BN_free(exp); @@ -1727,10 +1776,10 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(p = getBN(s, "P")) - || !TEST_ptr(mod_sqrt = getBN(s, "ModSqrt")) - || !TEST_ptr(ret = BN_new()) - || !TEST_ptr(ret2 = BN_new())) + || !TEST_ptr(p = getBN(s, "P")) + || !TEST_ptr(mod_sqrt = getBN(s, "ModSqrt")) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(ret2 = BN_new())) goto err; if (BN_is_negative(mod_sqrt)) { @@ -1744,16 +1793,16 @@ /* There are two possible answers. */ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) - || !TEST_true(BN_sub(ret2, p, ret))) + || !TEST_true(BN_sub(ret2, p, ret))) goto err; /* The first condition should NOT be a test. */ if (BN_cmp(ret2, mod_sqrt) != 0 - && !equalBN("sqrt(A) (mod P)", mod_sqrt, ret)) + && !equalBN("sqrt(A) (mod P)", mod_sqrt, ret)) goto err; st = 1; - err: +err: BN_free(a); BN_free(p); BN_free(mod_sqrt); @@ -1768,17 +1817,17 @@ int st = 0; if (!TEST_ptr(a = getBN(s, "A")) - || !TEST_ptr(b = getBN(s, "B")) - || !TEST_ptr(gcd = getBN(s, "GCD")) - || !TEST_ptr(ret = BN_new())) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(gcd = getBN(s, "GCD")) + || !TEST_ptr(ret = BN_new())) goto err; if (!TEST_true(BN_gcd(ret, a, b, ctx)) - || !equalBN("gcd(A,B)", gcd, ret)) + || !equalBN("gcd(A,B)", gcd, ret)) goto err; st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(gcd); @@ -1807,12 +1856,12 @@ /* Test a random numbers at various byte lengths. */ for (bytes = 128 - 7; bytes <= 128; bytes++) { -# define TOP_BIT_ON 0 -# define BOTTOM_BIT_NOTOUCH 0 +#define TOP_BIT_ON 0 +#define BOTTOM_BIT_NOTOUCH 0 if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH))) goto err; if (!TEST_int_eq(BN_num_bytes(n), bytes) - || !TEST_int_eq(BN_bn2bin(n, reference), bytes)) + || !TEST_int_eq(BN_bn2bin(n, reference), bytes)) goto err; /* Empty buffer should fail. */ if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), -1)) @@ -1822,24 +1871,24 @@ goto err; /* Exactly right size should encode. */ if (!TEST_int_eq(BN_bn2binpad(n, out, bytes), bytes) - || !TEST_mem_eq(out, bytes, reference, bytes)) + || !TEST_mem_eq(out, bytes, reference, bytes)) goto err; /* Pad up one byte extra. */ if (!TEST_int_eq(BN_bn2binpad(n, out, bytes + 1), bytes + 1) - || !TEST_mem_eq(out + 1, bytes, reference, bytes) - || !TEST_mem_eq(out, 1, zeros, 1)) + || !TEST_mem_eq(out + 1, bytes, reference, bytes) + || !TEST_mem_eq(out, 1, zeros, 1)) goto err; /* Pad up to 256. */ if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out)) - || !TEST_mem_eq(out + sizeof(out) - bytes, bytes, - reference, bytes) - || !TEST_mem_eq(out, sizeof(out) - bytes, - zeros, sizeof(out) - bytes)) + || !TEST_mem_eq(out + sizeof(out) - bytes, bytes, + reference, bytes) + || !TEST_mem_eq(out, sizeof(out) - bytes, + zeros, sizeof(out) - bytes)) goto err; } st = 1; - err: +err: BN_free(n); return st; } @@ -1850,65 +1899,65 @@ int st = 0; if (!TEST_int_eq(parsedecBN(&bn, "0"), 1) - || !TEST_BN_eq_word(bn, 0) - || !TEST_BN_eq_zero(bn) - || !TEST_BN_le_zero(bn) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_eq_word(bn, 0) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_even(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parsedecBN(&bn, "256"), 3) - || !TEST_BN_eq_word(bn, 256) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_gt_zero(bn) - || !TEST_BN_ne_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_eq_word(bn, 256) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parsedecBN(&bn, "-42"), 3) - || !TEST_BN_abs_eq_word(bn, 42) - || !TEST_BN_lt_zero(bn) - || !TEST_BN_le_zero(bn) - || !TEST_BN_ne_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_abs_eq_word(bn, 42) + || !TEST_BN_lt_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parsedecBN(&bn, "1"), 1) - || !TEST_BN_eq_word(bn, 1) - || !TEST_BN_ne_zero(bn) - || !TEST_BN_gt_zero(bn) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_eq_one(bn) - || !TEST_BN_odd(bn)) + || !TEST_BN_eq_word(bn, 1) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_eq_one(bn) + || !TEST_BN_odd(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parsedecBN(&bn, "-0"), 2) - || !TEST_BN_eq_zero(bn) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_le_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_even(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parsedecBN(&bn, "42trailing garbage is ignored"), 2) - || !TEST_BN_abs_eq_word(bn, 42) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_gt_zero(bn) - || !TEST_BN_ne_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_abs_eq_word(bn, 42) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) goto err; st = 1; - err: +err: BN_free(bn); return st; } @@ -1919,62 +1968,62 @@ int st = 0; if (!TEST_int_eq(parseBN(&bn, "0"), 1) - || !TEST_BN_eq_zero(bn) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_even(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parseBN(&bn, "256"), 3) - || !TEST_BN_eq_word(bn, 0x256) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_gt_zero(bn) - || !TEST_BN_ne_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_eq_word(bn, 0x256) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parseBN(&bn, "-42"), 3) - || !TEST_BN_abs_eq_word(bn, 0x42) - || !TEST_BN_lt_zero(bn) - || !TEST_BN_le_zero(bn) - || !TEST_BN_ne_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_abs_eq_word(bn, 0x42) + || !TEST_BN_lt_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parseBN(&bn, "cb"), 2) - || !TEST_BN_eq_word(bn, 0xCB) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_gt_zero(bn) - || !TEST_BN_ne_zero(bn) - || !TEST_BN_odd(bn)) + || !TEST_BN_eq_word(bn, 0xCB) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_odd(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parseBN(&bn, "-0"), 2) - || !TEST_BN_eq_zero(bn) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_le_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_even(bn)) goto err; BN_free(bn); bn = NULL; if (!TEST_int_eq(parseBN(&bn, "abctrailing garbage is ignored"), 3) - || !TEST_BN_eq_word(bn, 0xabc) - || !TEST_BN_ge_zero(bn) - || !TEST_BN_gt_zero(bn) - || !TEST_BN_ne_zero(bn) - || !TEST_BN_even(bn)) + || !TEST_BN_eq_word(bn, 0xabc) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) goto err; st = 1; - err: +err: BN_free(bn); return st; } @@ -1988,58 +2037,58 @@ goto err; if (!TEST_true(BN_asc2bn(&bn, "0")) - || !TEST_BN_eq_zero(bn) - || !TEST_BN_ge_zero(bn)) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn)) goto err; if (!TEST_true(BN_asc2bn(&bn, "256")) - || !TEST_BN_eq_word(bn, 256) - || !TEST_BN_ge_zero(bn)) + || !TEST_BN_eq_word(bn, 256) + || !TEST_BN_ge_zero(bn)) goto err; if (!TEST_true(BN_asc2bn(&bn, "-42")) - || !TEST_BN_abs_eq_word(bn, 42) - || !TEST_BN_lt_zero(bn)) + || !TEST_BN_abs_eq_word(bn, 42) + || !TEST_BN_lt_zero(bn)) goto err; if (!TEST_true(BN_asc2bn(&bn, "0x1234")) - || !TEST_BN_eq_word(bn, 0x1234) - || !TEST_BN_ge_zero(bn)) + || !TEST_BN_eq_word(bn, 0x1234) + || !TEST_BN_ge_zero(bn)) goto err; if (!TEST_true(BN_asc2bn(&bn, "0X1234")) - || !TEST_BN_eq_word(bn, 0x1234) - || !TEST_BN_ge_zero(bn)) + || !TEST_BN_eq_word(bn, 0x1234) + || !TEST_BN_ge_zero(bn)) goto err; if (!TEST_true(BN_asc2bn(&bn, "-0xabcd")) - || !TEST_BN_abs_eq_word(bn, 0xabcd) - || !TEST_BN_lt_zero(bn)) + || !TEST_BN_abs_eq_word(bn, 0xabcd) + || !TEST_BN_lt_zero(bn)) goto err; if (!TEST_true(BN_asc2bn(&bn, "-0")) - || !TEST_BN_eq_zero(bn) - || !TEST_BN_ge_zero(bn)) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn)) goto err; if (!TEST_true(BN_asc2bn(&bn, "123trailing garbage is ignored")) - || !TEST_BN_eq_word(bn, 123) - || !TEST_BN_ge_zero(bn)) + || !TEST_BN_eq_word(bn, 123) + || !TEST_BN_ge_zero(bn)) goto err; st = 1; - err: +err: BN_free(bn); return st; } static const MPITEST kMPITests[] = { - {"0", "\x00\x00\x00\x00", 4}, - {"1", "\x00\x00\x00\x01\x01", 5}, - {"-1", "\x00\x00\x00\x01\x81", 5}, - {"128", "\x00\x00\x00\x02\x00\x80", 6}, - {"256", "\x00\x00\x00\x02\x01\x00", 6}, - {"-256", "\x00\x00\x00\x02\x81\x00", 6}, + { "0", "\x00\x00\x00\x00", 4 }, + { "1", "\x00\x00\x00\x01\x01", 5 }, + { "-1", "\x00\x00\x00\x01\x81", 5 }, + { "128", "\x00\x00\x00\x02\x00\x80", 6 }, + { "256", "\x00\x00\x00\x02\x01\x00", 6 }, + { "-256", "\x00\x00\x00\x02\x81\x00", 6 }, }; static int test_mpi(int i) @@ -2052,14 +2101,14 @@ int st = 0; if (!TEST_ptr(bn = BN_new()) - || !TEST_true(BN_asc2bn(&bn, test->base10))) + || !TEST_true(BN_asc2bn(&bn, test->base10))) goto err; mpi_len = BN_bn2mpi(bn, NULL); if (!TEST_size_t_le(mpi_len, sizeof(scratch))) goto err; if (!TEST_size_t_eq(mpi_len2 = BN_bn2mpi(bn, scratch), mpi_len) - || !TEST_mem_eq(test->mpi, test->mpi_len, scratch, mpi_len)) + || !TEST_mem_eq(test->mpi, test->mpi_len, scratch, mpi_len)) goto err; if (!TEST_ptr(bn2 = BN_mpi2bn(scratch, mpi_len, NULL))) @@ -2072,7 +2121,7 @@ BN_free(bn2); st = 1; - err: +err: BN_free(bn); return st; } @@ -2086,19 +2135,19 @@ return 0; /* Test BN_rand for degenerate cases with |top| and |bottom| parameters. */ - if (!TEST_false(BN_rand(bn, 0, 0 /* top */ , 0 /* bottom */ )) - || !TEST_false(BN_rand(bn, 0, 1 /* top */ , 1 /* bottom */ )) - || !TEST_true(BN_rand(bn, 1, 0 /* top */ , 0 /* bottom */ )) - || !TEST_BN_eq_one(bn) - || !TEST_false(BN_rand(bn, 1, 1 /* top */ , 0 /* bottom */ )) - || !TEST_true(BN_rand(bn, 1, -1 /* top */ , 1 /* bottom */ )) - || !TEST_BN_eq_one(bn) - || !TEST_true(BN_rand(bn, 2, 1 /* top */ , 0 /* bottom */ )) - || !TEST_BN_eq_word(bn, 3)) + if (!TEST_false(BN_rand(bn, 0, 0 /* top */, 0 /* bottom */)) + || !TEST_false(BN_rand(bn, 0, 1 /* top */, 1 /* bottom */)) + || !TEST_true(BN_rand(bn, 1, 0 /* top */, 0 /* bottom */)) + || !TEST_BN_eq_one(bn) + || !TEST_false(BN_rand(bn, 1, 1 /* top */, 0 /* bottom */)) + || !TEST_true(BN_rand(bn, 1, -1 /* top */, 1 /* bottom */)) + || !TEST_BN_eq_one(bn) + || !TEST_true(BN_rand(bn, 2, 1 /* top */, 0 /* bottom */)) + || !TEST_BN_eq_word(bn, 3)) goto err; st = 1; - err: +err: BN_free(bn); return st; } @@ -2158,7 +2207,7 @@ if (sum > critical) { TEST_info("Chi^2 test negative %.4f > %4.f", sum, critical); TEST_note("test case %zu range %u iterations %u", n + 1, range, - iterations); + iterations); goto err; } @@ -2190,9 +2239,9 @@ int consttime, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(c = BN_new()) - || !TEST_ptr(d = BN_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new())) goto err; /* Test that BN_mul never gives negative zero. */ @@ -2203,12 +2252,12 @@ if (!TEST_true(BN_mul(c, a, b, ctx))) goto err; if (!TEST_BN_eq_zero(c) - || !TEST_BN_ge_zero(c)) + || !TEST_BN_ge_zero(c)) goto err; for (consttime = 0; consttime < 2; consttime++) { if (!TEST_ptr(numerator = BN_new()) - || !TEST_ptr(denominator = BN_new())) + || !TEST_ptr(denominator = BN_new())) goto err; if (consttime) { BN_set_flags(numerator, BN_FLG_CONSTTIME); @@ -2216,19 +2265,19 @@ } /* Test that BN_div never gives negative zero in the quotient. */ if (!TEST_true(BN_set_word(numerator, 1)) - || !TEST_true(BN_set_word(denominator, 2))) + || !TEST_true(BN_set_word(denominator, 2))) goto err; BN_set_negative(numerator, 1); if (!TEST_true(BN_div(a, b, numerator, denominator, ctx)) - || !TEST_BN_eq_zero(a) - || !TEST_BN_ge_zero(a)) + || !TEST_BN_eq_zero(a) + || !TEST_BN_ge_zero(a)) goto err; /* Test that BN_div never gives negative zero in the remainder. */ if (!TEST_true(BN_set_word(denominator, 1)) - || !TEST_true(BN_div(a, b, numerator, denominator, ctx)) - || !TEST_BN_eq_zero(b) - || !TEST_BN_ge_zero(b)) + || !TEST_true(BN_div(a, b, numerator, denominator, ctx)) + || !TEST_BN_eq_zero(b) + || !TEST_BN_ge_zero(b)) goto err; BN_free(numerator); BN_free(denominator); @@ -2242,7 +2291,7 @@ goto err; st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(c); @@ -2259,9 +2308,9 @@ int st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(zero = BN_new()) - || !TEST_ptr(mont = BN_MONT_CTX_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(zero = BN_new()) + || !TEST_ptr(mont = BN_MONT_CTX_new())) goto err; BN_zero(zero); @@ -2278,12 +2327,12 @@ ERR_clear_error(); if (!TEST_false(BN_mod_exp_mont(a, BN_value_one(), BN_value_one(), - zero, ctx, NULL))) + zero, ctx, NULL))) goto err; ERR_clear_error(); if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(), - zero, ctx, NULL))) + zero, ctx, NULL))) goto err; ERR_clear_error(); @@ -2300,17 +2349,17 @@ ERR_clear_error(); if (!TEST_false(BN_mod_exp_mont(a, BN_value_one(), BN_value_one(), - b, ctx, NULL))) + b, ctx, NULL))) goto err; ERR_clear_error(); if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(), - b, ctx, NULL))) + b, ctx, NULL))) goto err; ERR_clear_error(); st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(zero); @@ -2324,27 +2373,27 @@ int st = 0; if (!TEST_ptr(zero = BN_new()) - || !TEST_ptr(a = BN_new()) - || !TEST_ptr(r = BN_new())) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(r = BN_new())) goto err; BN_zero(zero); if (!TEST_true(BN_mod_exp(r, a, zero, BN_value_one(), NULL)) - || !TEST_BN_eq_zero(r) - || !TEST_true(BN_mod_exp_mont(r, a, zero, BN_value_one(), - NULL, NULL)) - || !TEST_BN_eq_zero(r) - || !TEST_true(BN_mod_exp_mont_consttime(r, a, zero, - BN_value_one(), - NULL, NULL)) - || !TEST_BN_eq_zero(r) - || !TEST_true(BN_mod_exp_mont_word(r, 42, zero, - BN_value_one(), NULL, NULL)) - || !TEST_BN_eq_zero(r)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont(r, a, zero, BN_value_one(), + NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_consttime(r, a, zero, + BN_value_one(), + NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_word(r, 42, zero, + BN_value_one(), NULL, NULL)) + || !TEST_BN_eq_zero(r)) goto err; st = 1; - err: +err: BN_free(zero); BN_free(a); BN_free(r); @@ -2360,29 +2409,29 @@ BIGNUM *m = BN_new(); if (!TEST_ptr(r) - || !TEST_ptr(a) - || !TEST_ptr(p) - || !TEST_ptr(p) - || !TEST_ptr(m) - || !TEST_true(BN_set_word(a, 1)) - || !TEST_true(BN_set_word(p, 0)) - || !TEST_true(BN_set_word(m, 1))) + || !TEST_ptr(a) + || !TEST_ptr(p) + || !TEST_ptr(p) + || !TEST_ptr(m) + || !TEST_true(BN_set_word(a, 1)) + || !TEST_true(BN_set_word(p, 0)) + || !TEST_true(BN_set_word(m, 1))) goto err; /* Calculate r = 1 ^ 0 mod 1, and check the result is always 0 */ for (i = 0; i < 2; i++) { if (!TEST_true(BN_mod_exp(r, a, p, m, NULL)) - || !TEST_BN_eq_zero(r) - || !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL)) - || !TEST_BN_eq_zero(r) - || !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, NULL)) - || !TEST_BN_eq_zero(r) - || !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL)) - || !TEST_BN_eq_zero(r) - || !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL)) - || !TEST_BN_eq_zero(r) - || !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL)) - || !TEST_BN_eq_zero(r)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r)) goto err; /* Repeat for r = 1 ^ 0 mod -1 */ if (i == 0) @@ -2390,7 +2439,7 @@ } ret = 1; - err: +err: BN_free(r); BN_free(a); BN_free(p); @@ -2408,17 +2457,17 @@ if (kBits <= 1) { if (!TEST_false(BN_generate_prime_ex(r, kBits, 0, - NULL, NULL, NULL))) + NULL, NULL, NULL))) goto err; } else { if (!TEST_true(BN_generate_prime_ex(r, kBits, 0, - NULL, NULL, NULL)) - || !TEST_int_eq(BN_num_bits(r), kBits)) + NULL, NULL, NULL)) + || !TEST_int_eq(BN_num_bits(r), kBits)) goto err; } st = 1; - err: +err: BN_free(r); return st; } @@ -2433,17 +2482,17 @@ if (kBits <= 5 && kBits != 3) { if (!TEST_false(BN_generate_prime_ex(r, kBits, 1, - NULL, NULL, NULL))) + NULL, NULL, NULL))) goto err; } else { if (!TEST_true(BN_generate_prime_ex(r, kBits, 1, - NULL, NULL, NULL)) - || !TEST_int_eq(BN_num_bits(r), kBits)) + NULL, NULL, NULL)) + || !TEST_int_eq(BN_num_bits(r), kBits)) goto err; } st = 1; - err: +err: BN_free(r); return st; } @@ -2461,13 +2510,13 @@ for (trial = 0; trial <= 1; ++trial) { if (!TEST_true(BN_set_word(r, primes[i])) - || !TEST_int_eq(BN_check_prime(r, ctx, NULL), - 1)) + || !TEST_int_eq(BN_check_prime(r, ctx, NULL), + 1)) goto err; } ret = 1; - err: +err: BN_free(r); return ret; } @@ -2485,12 +2534,12 @@ for (trial = 0; trial <= 1; ++trial) { if (!TEST_true(BN_set_word(r, not_primes[i])) - || !TEST_false(BN_check_prime(r, ctx, NULL))) + || !TEST_false(BN_check_prime(r, ctx, NULL))) goto err; } ret = 1; - err: +err: BN_free(r); return ret; } @@ -2510,7 +2559,7 @@ } st = 1; - err: +err: BN_CTX_end(c); return st; } @@ -2530,7 +2579,7 @@ } st = 1; - err: +err: BN_CTX_end(c); return st; } @@ -2564,18 +2613,18 @@ int st = 0; if (!TEST_ptr(nctx = BN_CTX_new()) - || !TEST_ptr(sctx = BN_CTX_secure_new())) + || !TEST_ptr(sctx = BN_CTX_secure_new())) goto err; for (i = 0; i < 2; i++) { BN_CTX *c = i == 0 ? nctx : sctx; if (!TEST_true(test_ctx_set_ct_flag(c)) - || !TEST_true(test_ctx_check_ct_flag(c))) + || !TEST_true(test_ctx_check_ct_flag(c))) goto err; } st = 1; - err: +err: BN_CTX_free(nctx); BN_CTX_free(sctx); return st; @@ -2587,250 +2636,232 @@ int i, st = 0; if (!TEST_ptr(a = BN_new()) - || !TEST_ptr(b = BN_new()) - || !TEST_ptr(gcd = BN_new())) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(gcd = BN_new())) goto err; if (!TEST_true(BN_generate_prime_ex(a, 1024, 0, NULL, NULL, NULL))) - goto err; + goto err; for (i = 0; i < NUM0; i++) { if (!TEST_true(BN_generate_prime_ex(b, 1024, 0, - NULL, NULL, NULL)) - || !TEST_true(BN_gcd(gcd, a, b, ctx)) - || !TEST_true(BN_is_one(gcd))) + NULL, NULL, NULL)) + || !TEST_true(BN_gcd(gcd, a, b, ctx)) + || !TEST_true(BN_is_one(gcd))) goto err; } st = 1; - err: +err: BN_free(a); BN_free(b); BN_free(gcd); return st; } -typedef struct mod_exp_test_st -{ - const char *base; - const char *exp; - const char *mod; - const char *res; +typedef struct mod_exp_test_st { + const char *base; + const char *exp; + const char *mod; + const char *res; } MOD_EXP_TEST; static const MOD_EXP_TEST ModExpTests[] = { - /* original test vectors for rsaz_512_sqr bug, by OSS-Fuzz */ - { - "1166180238001879113042182292626169621106255558914000595999312084" - "4627946820899490684928760491249738643524880720584249698100907201" - "002086675047927600340800371", - "8000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000000" - "00000000", - "1340780792684523720980737645613191762604395855615117867483316354" - "3294276330515137663421134775482798690129946803802212663956180562" - "088664022929883876655300863", - "8243904058268085430037326628480645845409758077568738532059032482" - "8294114415890603594730158120426756266457928475330450251339773498" - "26758407619521544102068438" - }, - { - "4974270041410803822078866696159586946995877618987010219312844726" - "0284386121835740784990869050050504348861513337232530490826340663" - "197278031692737429054", - "4974270041410803822078866696159586946995877428188754995041148539" - "1663243362592271353668158565195557417149981094324650322556843202" - "946445882670777892608", - "1340780716511420227215592830971452482815377482627251725537099028" - "4429769497230131760206012644403029349547320953206103351725462999" - "947509743623340557059752191", - "5296244594780707015616522701706118082963369547253192207884519362" - "1767869984947542695665420219028522815539559194793619684334900442" - "49304558011362360473525933" - }, - /* test vectors for rsaz_512_srq bug, with rcx/rbx=1 */ - { /* between first and second iteration */ - "5148719036160389201525610950887605325980251964889646556085286545" - "3931548809178823413169359635978762036512397113080988070677858033" - "36463909753993540214027190", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between second and third iteration */ - "8908340854353752577419678771330460827942371434853054158622636544" - "8151360109722890949471912566649465436296659601091730745087014189" - "2672764191218875181826063", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between third and fourth iteration */ - "3427446396505596330634350984901719674479522569002785244080234738" - "4288743635435746136297299366444548736533053717416735379073185344" - "26985272974404612945608761", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between fourth and fifth iteration */ - "3472743044917564564078857826111874560045331237315597383869652985" - "6919870028890895988478351133601517365908445058405433832718206902" - "4088133164805266956353542", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between fifth and sixth iteration */ - "3608632990153469264412378349742339216742409743898601587274768025" - "0110772032985643555192767717344946174122842255204082586753499651" - "14483434992887431333675068", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between sixth and seventh iteration */ - "8455374370234070242910508226941981520235709767260723212165264877" - "8689064388017521524568434328264431772644802567028663962962025746" - "9283458217850119569539086", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between seventh and eighth iteration */ - "5155371529688532178421209781159131443543419764974688878527112131" - "7446518205609427412336183157918981038066636807317733319323257603" - "04416292040754017461076359", - "1005585594745694782468051874865438459560952436544429503329267108" - "2791323022555160232601405723625177570767523893639864538140315412" - "108959927459825236754563832", - "1005585594745694782468051874865438459560952436544429503329267108" - "2791323022555160232601405723625177570767523893639864538140315412" - "108959927459825236754563833", - "1" - }, - /* test vectors for rsaz_512_srq bug, with rcx/rbx=2 */ - { /* between first and second iteration */ - "3155666506033786929967309937640790361084670559125912405342594979" - "4345142818528956285490897841406338022378565972533508820577760065" - "58494345853302083699912572", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between second and third iteration */ - "3789819583801342198190405714582958759005991915505282362397087750" - "4213544724644823098843135685133927198668818185338794377239590049" - "41019388529192775771488319", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between third and forth iteration */ - "4695752552040706867080542538786056470322165281761525158189220280" - "4025547447667484759200742764246905647644662050122968912279199065" - "48065034299166336940507214", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between forth and fifth iteration */ - "2159140240970485794188159431017382878636879856244045329971239574" - "8919691133560661162828034323196457386059819832804593989740268964" - "74502911811812651475927076", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between fifth and sixth iteration */ - "5239312332984325668414624633307915097111691815000872662334695514" - "5436533521392362443557163429336808208137221322444780490437871903" - "99972784701334569424519255", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between sixth and seventh iteration */ - "1977953647322612860406858017869125467496941904523063466791308891" - "1172796739058531929470539758361774569875505293428856181093904091" - "33788264851714311303725089", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042158", - "6703903964971298549787012499102923063739682910296196688861780721" - "8608820150367734884009371490834517138450159290932430254268769414" - "05973284973216824503042159", - "1" - }, - { /* between seventh and eighth iteration */ - "6456987954117763835533395796948878140715006860263624787492985786" - "8514630216966738305923915688821526449499763719943997120302368211" - "04813318117996225041943964", - "1340780792994259709957402499820584612747936582059239337772356144" - "3721764030073546976801874298166903427690031858186486050853753882" - "811946551499689575296532556", - "1340780792994259709957402499820584612747936582059239337772356144" - "3721764030073546976801874298166903427690031858186486050853753882" - "811946551499689575296532557", - "1" - } + /* original test vectors for rsaz_512_sqr bug, by OSS-Fuzz */ + { + "1166180238001879113042182292626169621106255558914000595999312084" + "4627946820899490684928760491249738643524880720584249698100907201" + "002086675047927600340800371", + "8000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "00000000", + "1340780792684523720980737645613191762604395855615117867483316354" + "3294276330515137663421134775482798690129946803802212663956180562" + "088664022929883876655300863", + "8243904058268085430037326628480645845409758077568738532059032482" + "8294114415890603594730158120426756266457928475330450251339773498" + "26758407619521544102068438" }, + { "4974270041410803822078866696159586946995877618987010219312844726" + "0284386121835740784990869050050504348861513337232530490826340663" + "197278031692737429054", + "4974270041410803822078866696159586946995877428188754995041148539" + "1663243362592271353668158565195557417149981094324650322556843202" + "946445882670777892608", + "1340780716511420227215592830971452482815377482627251725537099028" + "4429769497230131760206012644403029349547320953206103351725462999" + "947509743623340557059752191", + "5296244594780707015616522701706118082963369547253192207884519362" + "1767869984947542695665420219028522815539559194793619684334900442" + "49304558011362360473525933" }, + /* test vectors for rsaz_512_srq bug, with rcx/rbx=1 */ + { /* between first and second iteration */ + "5148719036160389201525610950887605325980251964889646556085286545" + "3931548809178823413169359635978762036512397113080988070677858033" + "36463909753993540214027190", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between second and third iteration */ + "8908340854353752577419678771330460827942371434853054158622636544" + "8151360109722890949471912566649465436296659601091730745087014189" + "2672764191218875181826063", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between third and fourth iteration */ + "3427446396505596330634350984901719674479522569002785244080234738" + "4288743635435746136297299366444548736533053717416735379073185344" + "26985272974404612945608761", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between fourth and fifth iteration */ + "3472743044917564564078857826111874560045331237315597383869652985" + "6919870028890895988478351133601517365908445058405433832718206902" + "4088133164805266956353542", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between fifth and sixth iteration */ + "3608632990153469264412378349742339216742409743898601587274768025" + "0110772032985643555192767717344946174122842255204082586753499651" + "14483434992887431333675068", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between sixth and seventh iteration */ + "8455374370234070242910508226941981520235709767260723212165264877" + "8689064388017521524568434328264431772644802567028663962962025746" + "9283458217850119569539086", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between seventh and eighth iteration */ + "5155371529688532178421209781159131443543419764974688878527112131" + "7446518205609427412336183157918981038066636807317733319323257603" + "04416292040754017461076359", + "1005585594745694782468051874865438459560952436544429503329267108" + "2791323022555160232601405723625177570767523893639864538140315412" + "108959927459825236754563832", + "1005585594745694782468051874865438459560952436544429503329267108" + "2791323022555160232601405723625177570767523893639864538140315412" + "108959927459825236754563833", + "1" }, + /* test vectors for rsaz_512_srq bug, with rcx/rbx=2 */ + { /* between first and second iteration */ + "3155666506033786929967309937640790361084670559125912405342594979" + "4345142818528956285490897841406338022378565972533508820577760065" + "58494345853302083699912572", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between second and third iteration */ + "3789819583801342198190405714582958759005991915505282362397087750" + "4213544724644823098843135685133927198668818185338794377239590049" + "41019388529192775771488319", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between third and forth iteration */ + "4695752552040706867080542538786056470322165281761525158189220280" + "4025547447667484759200742764246905647644662050122968912279199065" + "48065034299166336940507214", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between forth and fifth iteration */ + "2159140240970485794188159431017382878636879856244045329971239574" + "8919691133560661162828034323196457386059819832804593989740268964" + "74502911811812651475927076", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between fifth and sixth iteration */ + "5239312332984325668414624633307915097111691815000872662334695514" + "5436533521392362443557163429336808208137221322444780490437871903" + "99972784701334569424519255", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between sixth and seventh iteration */ + "1977953647322612860406858017869125467496941904523063466791308891" + "1172796739058531929470539758361774569875505293428856181093904091" + "33788264851714311303725089", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042158", + "6703903964971298549787012499102923063739682910296196688861780721" + "8608820150367734884009371490834517138450159290932430254268769414" + "05973284973216824503042159", + "1" }, + { /* between seventh and eighth iteration */ + "6456987954117763835533395796948878140715006860263624787492985786" + "8514630216966738305923915688821526449499763719943997120302368211" + "04813318117996225041943964", + "1340780792994259709957402499820584612747936582059239337772356144" + "3721764030073546976801874298166903427690031858186486050853753882" + "811946551499689575296532556", + "1340780792994259709957402499820584612747936582059239337772356144" + "3721764030073546976801874298166903427690031858186486050853753882" + "811946551499689575296532557", + "1" } }; static int test_mod_exp(int i) { const MOD_EXP_TEST *test = &ModExpTests[i]; int res = 0; - BIGNUM* result = NULL; + BIGNUM *result = NULL; BIGNUM *base = NULL, *exponent = NULL, *modulo = NULL; char *s = NULL; if (!TEST_ptr(result = BN_new()) - || !TEST_true(BN_dec2bn(&base, test->base)) - || !TEST_true(BN_dec2bn(&exponent, test->exp)) - || !TEST_true(BN_dec2bn(&modulo, test->mod))) + || !TEST_true(BN_dec2bn(&base, test->base)) + || !TEST_true(BN_dec2bn(&exponent, test->exp)) + || !TEST_true(BN_dec2bn(&modulo, test->mod))) goto err; if (!TEST_int_eq(BN_mod_exp(result, base, exponent, modulo, ctx), 1)) @@ -2844,7 +2875,7 @@ res = 1; - err: +err: OPENSSL_free(s); BN_free(result); BN_free(base); @@ -2857,14 +2888,14 @@ { const MOD_EXP_TEST *test = &ModExpTests[i]; int res = 0; - BIGNUM* result = NULL; + BIGNUM *result = NULL; BIGNUM *base = NULL, *exponent = NULL, *modulo = NULL; char *s = NULL; if (!TEST_ptr(result = BN_new()) - || !TEST_true(BN_dec2bn(&base, test->base)) - || !TEST_true(BN_dec2bn(&exponent, test->exp)) - || !TEST_true(BN_dec2bn(&modulo, test->mod))) + || !TEST_true(BN_dec2bn(&base, test->base)) + || !TEST_true(BN_dec2bn(&exponent, test->exp)) + || !TEST_true(BN_dec2bn(&modulo, test->mod))) goto err; BN_set_flags(base, BN_FLG_CONSTTIME); @@ -2882,7 +2913,7 @@ res = 1; - err: +err: OPENSSL_free(s); BN_free(result); BN_free(base); @@ -2903,24 +2934,25 @@ *exp_m = NULL; if (!TEST_ptr(exp_result = BN_new()) - || !TEST_ptr(exp_a1 = BN_new()) - || !TEST_ptr(exp_p1 = BN_new()) - || !TEST_ptr(exp_a2 = BN_new()) - || !TEST_ptr(exp_p2 = BN_new()) - || !TEST_ptr(exp_m = BN_new())) + || !TEST_ptr(exp_a1 = BN_new()) + || !TEST_ptr(exp_p1 = BN_new()) + || !TEST_ptr(exp_a2 = BN_new()) + || !TEST_ptr(exp_p2 = BN_new()) + || !TEST_ptr(exp_m = BN_new())) goto err; if (!TEST_true(BN_one(exp_a1)) - || !TEST_true(BN_one(exp_p1)) - || !TEST_true(BN_one(exp_a2)) - || !TEST_true(BN_one(exp_p2))) + || !TEST_true(BN_one(exp_p1)) + || !TEST_true(BN_one(exp_a2)) + || !TEST_true(BN_one(exp_p2))) goto err; BN_zero(exp_m); /* input of 0 is even, so must fail */ if (!TEST_int_eq(BN_mod_exp2_mont(exp_result, exp_a1, exp_p1, exp_a2, - exp_p2, exp_m, ctx, NULL), 0)) + exp_p2, exp_m, ctx, NULL), + 0)) goto err; res = 1; @@ -2989,7 +3021,8 @@ goto err; if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple - : BN_mod_exp_recp)(r, a, b, c, ctx), 1)) + : BN_mod_exp_recp)(r, a, b, c, ctx), + 1)) goto err; if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) goto err; @@ -3003,7 +3036,8 @@ /* Aliasing with exponent must work. */ if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple - : BN_mod_exp_recp)(r, a, r, c, ctx), 1)) + : BN_mod_exp_recp)(r, a, r, c, ctx), + 1)) goto err; if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) goto err; @@ -3040,27 +3074,28 @@ static int file_test_run(STANZA *s) { static const FILETEST filetests[] = { - {"Sum", file_sum}, - {"LShift1", file_lshift1}, - {"LShift", file_lshift}, - {"RShift", file_rshift}, - {"Square", file_square}, - {"Product", file_product}, - {"Quotient", file_quotient}, - {"ModMul", file_modmul}, - {"ModExp", file_modexp}, - {"Exp", file_exp}, - {"ModSqrt", file_modsqrt}, - {"GCD", file_gcd}, + { "Sum", file_sum }, + { "LShift1", file_lshift1 }, + { "LShift", file_lshift }, + { "RShift", file_rshift }, + { "Square", file_square }, + { "Product", file_product }, + { "Quotient", file_quotient }, + { "ModMul", file_modmul }, + { "ModSqr", file_modsqr }, + { "ModExp", file_modexp }, + { "Exp", file_exp }, + { "ModSqrt", file_modsqrt }, + { "GCD", file_gcd }, }; int numtests = OSSL_NELEM(filetests); const FILETEST *tp = filetests; - for ( ; --numtests >= 0; tp++) { + for (; --numtests >= 0; tp++) { if (findattr(s, tp->name) != NULL) { if (!tp->func(s)) { TEST_info("%s:%d: Failed %s test", - s->test_file, s->start, tp->name); + s->test_file, s->start, tp->name); return 0; } return 1; @@ -3112,7 +3147,7 @@ OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), { "stochastic", OPT_STOCHASTIC_TESTS, '-', "Run stochastic tests" }, { OPT_HELP_STR, 1, '-', - "file\tFile to run tests on. Normal tests are not run\n" }, + "file\tFile to run tests on. Normal tests are not run\n" }, { NULL } }; return test_options; @@ -3129,13 +3164,13 @@ stochastic = 1; break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; } } - n = test_get_argument_count(); + n = test_get_argument_count(); if (!TEST_ptr(ctx = BN_CTX_new())) return 0; --- crypto/openssl/test/casttest.c.orig +++ crypto/openssl/test/casttest.c @@ -22,22 +22,21 @@ #include "testutil.h" #ifndef OPENSSL_NO_CAST -# include +#include static unsigned char k[16] = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A }; -static unsigned char in[8] = - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; +static unsigned char in[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; static int k_len[3] = { 16, 10, 5 }; static unsigned char c[3][8] = { - {0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2}, - {0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B}, - {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E}, + { 0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2 }, + { 0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B }, + { 0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E }, }; static unsigned char in_a[16] = { @@ -101,7 +100,7 @@ } if (!TEST_mem_eq(out_a, sizeof(c_a), c_a, sizeof(c_a)) - || !TEST_mem_eq(out_b, sizeof(c_b), c_b, sizeof(c_b))) + || !TEST_mem_eq(out_b, sizeof(c_b), c_b, sizeof(c_b))) testresult = 0; return testresult; --- /dev/null +++ crypto/openssl/test/certs/cve-2026-28388-ca.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFTCCAf2gAwIBAgIUOl5NN/jfsuLU9JSGLZAfRzviF+owDQYJKoZIhvcNAQEL +BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNjAzMTcwODE5NDdaFw0yNzAzMTcw +ODE5NDdaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQD0m4KETjF0c25spNWUiNChWP0GalDL0gVDFbtAoMVF/lvlZEcp +hcg62ifHJRPntWyVAmH70DAI87cWzl/73QYGaOcMVcH5yEM31BoK83FvhsS3RTPO +FSrNCHaZrrWuga+QkBmMcR6qX7GF5eb6ASMBsLuuDqbkCRbTJ2ryhYeWF+VFemBF +pSHpcinSSLvswTVbZiCqmoy0WkK8eiyfLMZA17PgVLQpyPZ3rp5YG5vEZZoqFc/f +1bCHjwQ7fNdLCEMqPvE/I0mg2skRClb1L1Vieud/jmjL8nVd9I12j1eUOcSKtCkW +nj4BFa7TRz13sN3LZOFvV774ZaXRJ1GxoAlnAgMBAAGjYzBhMB0GA1UdDgQWBBSt +UxfaVbV9QMmfwMoImdgi4MZHzTAfBgNVHSMEGDAWgBStUxfaVbV9QMmfwMoImdgi +4MZHzTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B +AQsFAAOCAQEA84w49n0pPJlqiD1/mn3pUZ66lBP0fFZiCuV/3YatBZcW+xcboW0Q +xImYztjZo0i+sQLZOalI4GoBqD77Dv4Qas0QoJZIp0wM8DjE3YcudCr4cpUhT1XC +ruHVHQA9bY5rW0GsfUBW6/3RbRpiK4SaFG3sUBbXPo0dC2EaLDjpLM7o2UljRrWu +d/vg6ieKuAicexLxqQLdM4SxjyvBpCwHg/dnMxawSj4Xhks1BHJ0hTLKJGDgfVHh +ex8+878u6Gf7fAOZa5idWUgTvdt5WHSW5x+Tm/P6LGG3HkM425ZU6BLTCHONoBud +cOlfWTTuIyweX5TRL5HY3SuO1cpMBpjiAA== +-----END CERTIFICATE----- --- /dev/null +++ crypto/openssl/test/certs/cve-2026-28388-crls.pem @@ -0,0 +1,22 @@ +-----BEGIN X509 CRL----- +MIIBizB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2 +MDMxNzA4MTk0N1oXDTI2MDQxNjA4MTk0N1qgLzAtMB8GA1UdIwQYMBaAFK1TF9pV +tX1AyZ/AygiZ2CLgxkfNMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBl +3vVknchCNA/oW0ovtnrE+xQs8yAk3uElooQlw88moTcts2YAcKWl49lnNWZk/RbF +Zs8m+MUuNb2W861siuvY3EwnSKVaJB2tKPfCRBP4xt+Q0g/Tn5CWxzpzHjQfLT6l +pvWOwaO7aE6bthX7MQ9XBpnHSPxsbul+MhV5PER11BYZGVh5MH0XxfMI0jDHFh2M +klTamgaao3TkVOI3OQPgzUx/q0Lz/YoCIH0pYGGP6KTGUX2x7UfD1tcIOcUp6tvO +6hG3utMgJOpZJl9yMzhG+ZURjbz4MSbBM0FVIaWnBn2VzY1jHGky0nK83IZhiddf +OohWoSH8tqwrNFZkblAH +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2 +MDEwODEyMDAwMFoXDTI2MDIwODEyMDAwMFqgMjAwMB8GA1UdIwQYMBaAFK1TF9pV +tX1AyZ/AygiZ2CLgxkfNMA0GA1UdGwEB/wQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB +AQCyYxa5iVUFxBpdXgBGSMqkuxJqQzVni8nXK0DiXHfgbTud+HD5Qp/6PX2EQuwK +SrT0yeNJBU1gxxMMsbdA0yVTPa7N2Ny39mjq/27yBXduiljo3Gs4NLEW9grJRnep +WOD1cQe3Fea5HlEfUoQJF1WVekF6CnOSqESaDvTAzqpZd7pxU8cuduiRJPin93ki +1nicQAU/G4Td190+JEAWD3/dJTg2LF6LKrmHiv2ZUTuNsVBfcbhFSoC6FpnjFUAI +kF8EgJpuBEfqV6erIuT1GD+5p1QGNqdcNl7LO9erJaUFnssJBJtj84iXd7RZARNs +njcibOSKC9YWgNmZUy0QV5D8 +-----END X509 CRL----- --- /dev/null +++ crypto/openssl/test/certs/cve-2026-28388-leaf.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 +IENBMB4XDTI2MDMxNzA4MTk0N1oXDTI3MDMxNzA4MTk0N1owFDESMBAGA1UEAwwJ +VGVzdCBMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx7jpC6+ +nRZ4ol6sShkpv04hGYtt7y+Ns4oIfdQTqo57DItFab8D8cH04zR8NND42MMnsPPn +Ovh9gv2l1mj9ZfwgXI5PvaKc6CoXvXb0ttekdDUS1iw9g04BxIXTDANxsdSXrCDd +Npyr1Pxdo3N2fiH6qN9/Lsh7yg0vJW/aJzdvhLcCTFcr89qmCsh17XfcTR0wZJXP +QdlRib9EK8aa6aKOYmm44SBbuXXyWojhheUaqVuzDj6A0L9opmh/DVXa9bdIN/FX +CKJB+d60Qxy5pKwpzDDxbCdG2vA1U2cPz8yAgelFG5AmXSHF7Id4G6GTCAY6PbTO +Jy2Z4I6NY+mj5wIDAQABo3wwejAdBgNVHQ4EFgQUlf2YZ93MvS4kZm7fshosgp+J +ImkwHwYDVR0jBBgwFoAUrVMX2lW1fUDJn8DKCJnYIuDGR80wCQYDVR0TBAIwADAt +BgNVHS4EJjAkMCKgIKAehhxodHRwOi8vZXhhbXBsZS5jb20vZGVsdGEucGVtMA0G +CSqGSIb3DQEBCwUAA4IBAQDoNAQGLS0Juf3i2fhuVQyWIFvNIMElLexeLnnd/y80 +13nsP68ZGT2D3DoHQSz3SL7sNjLBc2CiUVftdaRQ4dNCz8sBY5BRTS5XEGbbTAFZ +bQUReykuuTy83CGw/JYN6YT/OHcf4gEhUnWtRMCmIz3J/NMRVSRnpV2Ezjltm/Q+ +emFS/QclRhkP6Vu+lwM/nV6uAN8T7Ba68Hym2MN0clozrpoKeqFouB7D0i+iCZMw +zbac5as0hn7Fm+HGTbfTs2/fqUslvE6PmagepceP37pTSSVmYRmdpOD2cyCb30A+ +nJFGQg7PcacGSL1re65W35XzdU8Si8OYD+PxjDaRbPcP +-----END CERTIFICATE----- --- crypto/openssl/test/certs/mkcert.sh.orig +++ crypto/openssl/test/certs/mkcert.sh @@ -1,6 +1,6 @@ #! /bin/bash # -# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2016 Viktor Dukhovni . # All rights reserved. # @@ -255,7 +255,7 @@ local cakey=$1; shift local ca=$1; shift - exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ + exts=$(printf "%s\n%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ "subjectKeyIdentifier = hash" \ "authorityKeyIdentifier = keyid, issuer" \ "basicConstraints = CA:false" \ --- crypto/openssl/test/cipher_overhead_test.c.orig +++ crypto/openssl/test/cipher_overhead_test.c @@ -21,7 +21,7 @@ return 1; if (ciph->algorithm_enc != SSL_eNULL - && EVP_get_cipherbynid(SSL_CIPHER_get_cipher_nid(ciph)) == NULL) + && EVP_get_cipherbynid(SSL_CIPHER_get_cipher_nid(ciph)) == NULL) return 0; if (EVP_get_digestbynid(SSL_CIPHER_get_digest_nid(ciph)) == NULL) @@ -49,7 +49,7 @@ ret = 0; } else { TEST_info("Cipher %s: %zu %zu %zu %zu", - ciph->name, mac, in, blk, ex); + ciph->name, mac, in, blk, ex); } } return ret; --- crypto/openssl/test/cipherbytes_test.c.orig +++ crypto/openssl/test/cipherbytes_test.c @@ -27,12 +27,12 @@ static int test_empty(void) { STACK_OF(SSL_CIPHER) *sk = NULL, *scsv = NULL; - const unsigned char bytes[] = {0x00}; + const unsigned char bytes[] = { 0x00 }; int ret = 0; if (!TEST_int_eq(SSL_bytes_to_cipher_list(s, bytes, 0, 0, &sk, &scsv), 0) - || !TEST_ptr_null(sk) - || !TEST_ptr_null(scsv)) + || !TEST_ptr_null(sk) + || !TEST_ptr_null(scsv)) goto err; ret = 1; @@ -46,17 +46,17 @@ { STACK_OF(SSL_CIPHER) *sk, *scsv; /* ECDH-RSA-AES256 (unsupported), ECDHE-ECDSA-AES128, */ - const unsigned char bytes[] = {0xc0, 0x0f, 0x00, 0x2f, 0x01, 0x00}; + const unsigned char bytes[] = { 0xc0, 0x0f, 0x00, 0x2f, 0x01, 0x00 }; int ret = 0; if (!TEST_true(SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), - 0, &sk, &scsv)) - || !TEST_ptr(sk) - || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 1) - || !TEST_ptr(scsv) - || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0) - || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)), - "AES128-SHA")) + 0, &sk, &scsv)) + || !TEST_ptr(sk) + || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 1) + || !TEST_ptr(scsv) + || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0) + || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)), + "AES128-SHA")) goto err; ret = 1; @@ -71,21 +71,23 @@ STACK_OF(SSL_CIPHER) *sk, *scsv; /* ECDHE-ECDSA-AES256GCM, SSL2_RC4_1238_WITH_MD5, * ECDHE-ECDSA-CHACHA20-POLY1305 */ - const unsigned char bytes[] = {0x00, 0x00, 0x35, 0x01, 0x00, 0x80, - 0x00, 0x00, 0x33}; + const unsigned char bytes[] = { 0x00, 0x00, 0x35, 0x01, 0x00, 0x80, + 0x00, 0x00, 0x33 }; int ret = 0; if (!TEST_true(SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), 1, - &sk, &scsv)) - || !TEST_ptr(sk) - || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 2) - || !TEST_ptr(scsv) - || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0)) + &sk, &scsv)) + || !TEST_ptr(sk) + || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 2) + || !TEST_ptr(scsv) + || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0)) goto err; if (strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)), - "AES256-SHA") != 0 || - strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)), - "DHE-RSA-AES128-SHA") != 0) + "AES256-SHA") + != 0 + || strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)), + "DHE-RSA-AES128-SHA") + != 0) goto err; ret = 1; @@ -101,25 +103,25 @@ STACK_OF(SSL_CIPHER) *sk = NULL, *scsv = NULL; /* ECDHE-ECDSA-AES256GCM, ECDHE-ECDSA-CHACHAPOLY, DHE-RSA-AES256GCM, * EMPTY-RENEGOTIATION-INFO-SCSV, FALLBACK-SCSV */ - const unsigned char bytes[] = {0x00, 0x2f, 0x00, 0x33, 0x00, 0x9f, 0x00, 0xff, - 0x56, 0x00}; + const unsigned char bytes[] = { 0x00, 0x2f, 0x00, 0x33, 0x00, 0x9f, 0x00, 0xff, + 0x56, 0x00 }; int ret = 0; if (!SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), 0, &sk, &scsv) - || !TEST_ptr(sk) - || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 3) - || !TEST_ptr(scsv) - || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 2) - || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)), - "AES128-SHA") - || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)), - "DHE-RSA-AES128-SHA") - || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 2)), - "DHE-RSA-AES256-GCM-SHA384") - || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(scsv, 0)), - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV") - || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(scsv, 1)), - "TLS_FALLBACK_SCSV")) + || !TEST_ptr(sk) + || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 3) + || !TEST_ptr(scsv) + || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 2) + || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)), + "AES128-SHA") + || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)), + "DHE-RSA-AES128-SHA") + || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 2)), + "DHE-RSA-AES256-GCM-SHA384") + || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(scsv, 0)), + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV") + || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(scsv, 1)), + "TLS_FALLBACK_SCSV")) goto err; ret = 1; @@ -132,7 +134,7 @@ int setup_tests(void) { if (!TEST_ptr(ctx = SSL_CTX_new(TLS_server_method())) - || !TEST_ptr(s = SSL_new(ctx))) + || !TEST_ptr(s = SSL_new(ctx))) return 0; ADD_TEST(test_empty); --- crypto/openssl/test/cipherlist_test.c.orig +++ crypto/openssl/test/cipherlist_test.c @@ -27,7 +27,6 @@ SSL_CTX *client; } CIPHERLIST_TEST_FIXTURE; - static void tear_down(CIPHERLIST_TEST_FIXTURE *fixture) { if (fixture != NULL) { @@ -46,7 +45,7 @@ return NULL; fixture->test_case_name = test_case_name; if (!TEST_ptr(fixture->server = SSL_CTX_new(TLS_server_method())) - || !TEST_ptr(fixture->client = SSL_CTX_new(TLS_client_method()))) { + || !TEST_ptr(fixture->client = SSL_CTX_new(TLS_client_method()))) { tear_down(fixture); return NULL; } @@ -65,69 +64,69 @@ static const uint32_t default_ciphers_in_order[] = { #ifndef OPENSSL_NO_TLS1_3 TLS1_3_CK_AES_256_GCM_SHA384, -# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) TLS1_3_CK_CHACHA20_POLY1305_SHA256, -# endif +#endif TLS1_3_CK_AES_128_GCM_SHA256, #endif #ifndef OPENSSL_NO_TLS1_2 -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, -# endif +#endif -# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) -# ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +#ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, -# endif -# endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */ +#endif +#endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */ -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, -# endif -#endif /* !OPENSSL_NO_TLS1_2 */ +#endif +#endif /* !OPENSSL_NO_TLS1_2 */ #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) - /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */ -# ifndef OPENSSL_NO_EC +/* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */ +#ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, -# endif - #ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_256_SHA, -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, -# endif -# ifndef OPENSSL_NO_DH +#endif +#ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_128_SHA, -# endif +#endif #endif /* !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) */ #ifndef OPENSSL_NO_TLS1_2 @@ -156,7 +155,7 @@ return 0; if (!TEST_ptr(ssl = SSL_new(ctx)) - || !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))) + || !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))) goto err; num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order); @@ -175,7 +174,7 @@ ret = 1; - err: +err: sk_SSL_CIPHER_free(ciphers); SSL_free(ssl); return ret; @@ -205,7 +204,7 @@ { SETUP_CIPHERLIST_TEST_FIXTURE(); if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT")) - || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT"))) { + || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT"))) { tear_down(fixture); fixture = NULL; } @@ -228,13 +227,13 @@ s = SSL_new(fixture->client); if (!TEST_ptr(s)) - goto end; + goto end; if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0)) goto end; if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), - SSL_R_NO_CIPHER_MATCH)) + SSL_R_NO_CIPHER_MATCH)) goto end; result = 1; --- crypto/openssl/test/ciphername_test.c.orig +++ crypto/openssl/test/ciphername_test.c @@ -29,340 +29,340 @@ /* Cipher suites, copied from t1_trce.c */ static CIPHER_ID_NAME cipher_names[] = { - {0x0000, "TLS_NULL_WITH_NULL_NULL"}, - {0x0001, "TLS_RSA_WITH_NULL_MD5"}, - {0x0002, "TLS_RSA_WITH_NULL_SHA"}, - {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, - {0x0004, "TLS_RSA_WITH_RC4_128_MD5"}, - {0x0005, "TLS_RSA_WITH_RC4_128_SHA"}, - {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"}, - {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"}, - {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, - {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, - {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, - {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, - {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, - {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"}, - {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, - {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"}, - {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, - {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, - {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, - {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, - {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"}, - {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"}, - {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"}, - {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"}, - {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"}, - {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"}, - {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"}, - {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"}, - {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"}, - {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"}, - {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"}, - {0x002C, "TLS_PSK_WITH_NULL_SHA"}, - {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"}, - {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"}, - {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"}, - {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, - {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, - {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, - {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, - {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"}, - {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"}, - {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, - {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, - {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, - {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, - {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"}, - {0x003B, "TLS_RSA_WITH_NULL_SHA256"}, - {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"}, - {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"}, - {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, - {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, - {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, - {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, - {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, - {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, - {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, - {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, - {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, - {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, - {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"}, - {0x008A, "TLS_PSK_WITH_RC4_128_SHA"}, - {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"}, - {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"}, - {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"}, - {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"}, - {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"}, - {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"}, - {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"}, - {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"}, - {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"}, - {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"}, - {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"}, - {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"}, - {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"}, - {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"}, - {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"}, - {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"}, - {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"}, - {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"}, - {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"}, - {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"}, - {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}, - {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"}, - {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"}, - {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"}, - {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"}, - {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"}, - {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B0, "TLS_PSK_WITH_NULL_SHA256"}, - {0x00B1, "TLS_PSK_WITH_NULL_SHA384"}, - {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"}, - {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"}, - {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"}, - {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"}, - {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"}, - {0x5600, "TLS_FALLBACK_SCSV"}, - {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"}, - {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"}, - {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"}, - {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"}, - {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"}, - {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}, - {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"}, - {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"}, - {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"}, - {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"}, - {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"}, - {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"}, - {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"}, - {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"}, - {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}, - {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}, - {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"}, - {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"}, - {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"}, - {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"}, - {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"}, - {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"}, - {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"}, - {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"}, - {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"}, - {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"}, - {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"}, - {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"}, - {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}, - {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"}, - {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"}, - {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"}, - {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, - {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}, - {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"}, - {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"}, - {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, - {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, - {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"}, - {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"}, - {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, - {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, - {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"}, - {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}, - {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"}, - {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"}, - {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"}, - {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"}, - {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"}, - {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"}, - {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"}, - {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"}, - {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"}, - {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"}, - {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"}, - {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"}, - {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"}, - {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"}, - {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"}, - {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"}, - {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"}, - {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"}, - {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"}, - {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"}, - {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC09C, "TLS_RSA_WITH_AES_128_CCM"}, - {0xC09D, "TLS_RSA_WITH_AES_256_CCM"}, - {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"}, - {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"}, - {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"}, - {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"}, - {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"}, - {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"}, - {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"}, - {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"}, - {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"}, - {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"}, - {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"}, - {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"}, - {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"}, - {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"}, - {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"}, - {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, - {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, - {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, - {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0x1301, "TLS_AES_128_GCM_SHA256"}, - {0x1302, "TLS_AES_256_GCM_SHA384"}, - {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, - {0x1304, "TLS_AES_128_CCM_SHA256"}, - {0x1305, "TLS_AES_128_CCM_8_SHA256"}, - {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, - {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, + { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, + { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, + { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, + { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, + { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, + { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, + { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, + { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, + { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, + { 0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, + { 0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, + { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, + { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, + { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, + { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, + { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA" }, + { 0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, + { 0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, + { 0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, + { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, + { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" }, + { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, + { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" }, + { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, + { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" }, + { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, + { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, + { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, + { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, + { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, + { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, + { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, + { 0x002C, "TLS_PSK_WITH_NULL_SHA" }, + { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, + { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, + { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, + { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, + { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, + { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, + { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, + { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, + { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, + { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, + { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, + { 0x003B, "TLS_RSA_WITH_NULL_SHA256" }, + { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, + { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, + { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, + { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, + { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, + { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, + { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" }, + { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, + { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, + { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, + { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, + { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, + { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, + { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, + { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, + { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" }, + { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, + { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, + { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, + { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, + { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, + { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, + { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, + { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, + { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, + { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, + { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, + { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" }, + { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" }, + { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, + { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, + { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, + { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, + { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, + { 0x5600, "TLS_FALLBACK_SCSV" }, + { 0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, + { 0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, + { 0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, + { 0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, + { 0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, + { 0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, + { 0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, + { 0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, + { 0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA" }, + { 0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, + { 0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, + { 0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, + { 0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC015, "TLS_ECDH_anon_WITH_NULL_SHA" }, + { 0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, + { 0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, + { 0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, + { 0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, + { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, + { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, + { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, + { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, + { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, + { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, + { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, + { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, + { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, + { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, + { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, + { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, + { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, + { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, + { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, + { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, + { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, + { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, + { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, + { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, + { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, + { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, + { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, + { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, + { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, + { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, + { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, + { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, + { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" }, + { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" }, + { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" }, + { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" }, + { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" }, + { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" }, + { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" }, + { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" }, + { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" }, + { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" }, + { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" }, + { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" }, + { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" }, + { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" }, + { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" }, + { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" }, + { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" }, + { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" }, + { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" }, + { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" }, + { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" }, + { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" }, + { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" }, + { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" }, + { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" }, + { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" }, + { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" }, + { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" }, + { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" }, + { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0x1301, "TLS_AES_128_GCM_SHA256" }, + { 0x1302, "TLS_AES_256_GCM_SHA384" }, + { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" }, + { 0x1304, "TLS_AES_128_CCM_SHA256" }, + { 0x1305, "TLS_AES_128_CCM_8_SHA256" }, + { 0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA" }, + { 0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, }; static const char *get_std_name_by_id(int id) @@ -431,20 +431,20 @@ for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { c = sk_SSL_CIPHER_value(sk, i); id = SSL_CIPHER_get_id(c) & 0xFFFF; - if ((id == 0xC102) || (id == 0xFF85) ||(id == 0xFF87)) + if ((id == 0xC102) || (id == 0xFF85) || (id == 0xFF87)) /* skip GOST2012-GOST8912-GOST891 and GOST2012-NULL-GOST12 */ continue; p = SSL_CIPHER_standard_name(c); q = get_std_name_by_id(id); if (!TEST_ptr(p)) { TEST_info("test_cipher_name failed: expected %s, got NULL, cipher %x\n", - q, id); + q, id); goto err; } /* check if p is a valid standard name */ if (!TEST_str_eq(p, q)) { TEST_info("test_cipher_name(std) failed: expected %s, got %s, cipher %x\n", - q, p, id); + q, p, id); goto err; } /* test OPENSSL_cipher_name */ @@ -452,7 +452,7 @@ r = OPENSSL_cipher_name(p); if (!TEST_str_eq(r, q)) { TEST_info("test_cipher_name(ossl) failed: expected %s, got %s, cipher %x\n", - q, r, id); + q, r, id); goto err; } } --- crypto/openssl/test/clienthellotest.c.orig +++ crypto/openssl/test/clienthellotest.c @@ -21,39 +21,37 @@ #include "testutil.h" -#define CLIENT_VERSION_LEN 2 +#define CLIENT_VERSION_LEN 2 -#define TOTAL_NUM_TESTS 4 +#define TOTAL_NUM_TESTS 4 /* * Test that explicitly setting ticket data results in it appearing in the * ClientHello for a negotiated SSL/TLS version */ -#define TEST_SET_SESSION_TICK_DATA_VER_NEG 0 +#define TEST_SET_SESSION_TICK_DATA_VER_NEG 0 /* Enable padding and make sure ClientHello is long enough to require it */ -#define TEST_ADD_PADDING 1 +#define TEST_ADD_PADDING 1 /* Enable padding and make sure ClientHello is short enough to not need it */ -#define TEST_PADDING_NOT_NEEDED 2 +#define TEST_PADDING_NOT_NEEDED 2 /* * Enable padding and add a PSK to the ClientHello (this will also ensure the * ClientHello is long enough to need padding) */ -#define TEST_ADD_PADDING_AND_PSK 3 +#define TEST_ADD_PADDING_AND_PSK 3 -#define F5_WORKAROUND_MIN_MSG_LEN 0x7f -#define F5_WORKAROUND_MAX_MSG_LEN 0x200 +#define F5_WORKAROUND_MIN_MSG_LEN 0x7f +#define F5_WORKAROUND_MAX_MSG_LEN 0x200 static const char *sessionfile = NULL; /* Dummy ALPN protocols used to pad out the size of the ClientHello */ /* ASCII 'O' = 79 = 0x4F = EBCDIC '|'*/ #ifdef CHARSET_EBCDIC -static const char alpn_prots[] = - "|1234567890123456789012345678901234567890123456789012345678901234567890123456789" - "|1234567890123456789012345678901234567890123456789012345678901234567890123456789"; +static const char alpn_prots[] = "|1234567890123456789012345678901234567890123456789012345678901234567890123456789" + "|1234567890123456789012345678901234567890123456789012345678901234567890123456789"; #else -static const char alpn_prots[] = - "O1234567890123456789012345678901234567890123456789012345678901234567890123456789" - "O1234567890123456789012345678901234567890123456789012345678901234567890123456789"; +static const char alpn_prots[] = "O1234567890123456789012345678901234567890123456789012345678901234567890123456789" + "O1234567890123456789012345678901234567890123456789012345678901234567890123456789"; #endif static int test_client_hello(int currtest) @@ -91,7 +89,7 @@ if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, 0))) goto end; - switch(currtest) { + switch (currtest) { case TEST_SET_SESSION_TICK_DATA_VER_NEG: #if !defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_TLS1_2) /* TLSv1.3 is enabled and TLSv1.2 is disabled so can't do this test */ @@ -113,7 +111,7 @@ if (!TEST_false(SSL_CTX_set_cipher_list(ctx, ""))) goto end; ERR_clear_error(); - /* Fall through */ + /* Fall through */ case TEST_ADD_PADDING: case TEST_PADDING_NOT_NEEDED: SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING); @@ -125,18 +123,18 @@ * needed. */ if (currtest == TEST_ADD_PADDING) { - if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, - (unsigned char *)alpn_prots, - sizeof(alpn_prots) - 1))) + if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, + (unsigned char *)alpn_prots, + sizeof(alpn_prots) - 1))) goto end; - /* - * Otherwise we need to make sure we have a small enough message to - * not need padding. - */ + /* + * Otherwise we need to make sure we have a small enough message to + * not need padding. + */ } else if (!TEST_true(SSL_CTX_set_cipher_list(ctx, - "AES128-SHA")) - || !TEST_true(SSL_CTX_set_ciphersuites(ctx, - "TLS_AES_128_GCM_SHA256"))) { + "AES128-SHA")) + || !TEST_true(SSL_CTX_set_ciphersuites(ctx, + "TLS_AES_128_GCM_SHA256"))) { goto end; } break; @@ -165,13 +163,13 @@ * too old. */ if (!TEST_true(SSL_SESSION_set_time(sess, (long)time(NULL))) - || !TEST_true(SSL_set_session(con, sess))) + || !TEST_true(SSL_set_session(con, sess))) goto end; } rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); - if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { + if (!TEST_ptr(rbio) || !TEST_ptr(wbio)) { BIO_free(rbio); BIO_free(wbio); goto end; @@ -182,7 +180,7 @@ if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { if (!TEST_true(SSL_set_session_ticket_ext(con, dummytick, - strlen(dummytick)))) + strlen(dummytick)))) goto end; } @@ -192,39 +190,38 @@ } if (!TEST_long_ge(len = BIO_get_mem_data(wbio, (char **)&data), 0) - || !TEST_true(PACKET_buf_init(&pkt, data, len)) - /* Skip the record header */ - || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)) + || !TEST_true(PACKET_buf_init(&pkt, data, len)) + /* Skip the record header */ + || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)) goto end; msglen = PACKET_remaining(&pkt); /* Skip the handshake message header */ if (!TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) - /* Skip client version and random */ - || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN - + SSL3_RANDOM_SIZE)) - /* Skip session id */ - || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) - /* Skip ciphers */ - || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) - /* Skip compression */ - || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) - /* Extensions len */ - || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) + /* Skip client version and random */ + || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE)) + /* Skip session id */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Skip ciphers */ + || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) + /* Skip compression */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Extensions len */ + || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) goto end; /* Loop through all extensions */ while (PACKET_remaining(&pkt2)) { if (!TEST_true(PACKET_get_net_2(&pkt2, &type)) - || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) goto end; if (type == TLSEXT_TYPE_session_ticket) { if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { if (TEST_true(PACKET_equal(&pkt3, dummytick, - strlen(dummytick)))) { + strlen(dummytick)))) { /* Ticket data is as we expected */ testresult = 1; } @@ -235,7 +232,7 @@ if (!TEST_false(currtest == TEST_PADDING_NOT_NEEDED)) goto end; else if (TEST_true(currtest == TEST_ADD_PADDING - || currtest == TEST_ADD_PADDING_AND_PSK)) + || currtest == TEST_ADD_PADDING_AND_PSK)) testresult = TEST_true(msglen == F5_WORKAROUND_MAX_MSG_LEN); } } --- crypto/openssl/test/cmactest.c.orig +++ crypto/openssl/test/cmactest.c @@ -38,38 +38,26 @@ int data_len; const char *mac; } test[3] = { - { - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f - }, + { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 16, "My test data", 12, - "29cec977c48f63c200bd5c4a6881b224" - }, - { - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, - 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - }, + "29cec977c48f63c200bd5c4a6881b224" }, + { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 32, "My test data", 12, - "db6493aa04e4761f473b2b453c031c9a" - }, - { - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, - 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - }, + "db6493aa04e4761f473b2b453c031c9a" }, + { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 32, "My test data again", 18, - "65c11c75ecf590badd0a5e56cbb8af60" - }, + "65c11c75ecf590badd0a5e56cbb8af60" }, }; static char *pt(unsigned char *md, unsigned int len); @@ -83,17 +71,17 @@ if (!TEST_ptr(ctx) || !TEST_false(CMAC_Init(ctx, NULL, 0, NULL, NULL)) || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)) - /* Should be able to pass cipher first, and then key */ + /* Should be able to pass cipher first, and then key */ || !TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_128_cbc(), NULL)) - /* Must have a key */ + /* Must have a key */ || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)) - /* Now supply the key */ + /* Now supply the key */ || !TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, NULL, NULL)) - /* Update should now work */ + /* Update should now work */ || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) - /* XTS is not a suitable cipher to use */ + /* XTS is not a suitable cipher to use */ || !TEST_false(CMAC_Init(ctx, xtskey, sizeof(xtskey), EVP_aes_128_xts(), - NULL)) + NULL)) || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len))) goto err; @@ -114,7 +102,7 @@ ctx = CMAC_CTX_new(); if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, - EVP_aes_128_cbc(), NULL)) + EVP_aes_128_cbc(), NULL)) || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) || !TEST_true(CMAC_Final(ctx, buf, &len))) goto err; @@ -124,7 +112,7 @@ goto err; if (!TEST_true(CMAC_Init(ctx, test[1].key, test[1].key_len, - EVP_aes_256_cbc(), NULL)) + EVP_aes_256_cbc(), NULL)) || !TEST_true(CMAC_Update(ctx, test[1].data, test[1].data_len)) || !TEST_true(CMAC_Final(ctx, buf, &len))) goto err; @@ -179,7 +167,7 @@ goto err; if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, - EVP_aes_128_cbc(), NULL)) + EVP_aes_128_cbc(), NULL)) || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) || !TEST_true(CMAC_CTX_copy(ctx2, ctx)) || !TEST_true(CMAC_Final(ctx2, buf, &len))) @@ -204,7 +192,7 @@ for (i = 0; i < len && (i + 1) * OSSL_HEX_CHARS_PER_BYTE < sizeof(buf); i++) BIO_snprintf(buf + i * OSSL_HEX_CHARS_PER_BYTE, - OSSL_HEX_CHARS_PER_BYTE + 1, "%02x", md[i]); + OSSL_HEX_CHARS_PER_BYTE + 1, "%02x", md[i]); return buf; } @@ -215,4 +203,3 @@ ADD_TEST(test_cmac_copy); return 1; } - --- crypto/openssl/test/cmp_asn_test.c.orig +++ crypto/openssl/test/cmp_asn_test.c @@ -63,7 +63,7 @@ goto err; res = TEST_int_eq(-2, ossl_cmp_asn1_get_int(asn1integer)); - err: +err: ASN1_INTEGER_free(asn1integer); return res; } @@ -77,15 +77,14 @@ } static int execute_CMP_ASN1_OCTET_STRING_set1_test(CMP_ASN_TEST_FIXTURE * - fixture) + fixture) { if (!TEST_int_eq(fixture->expected, - ossl_cmp_asn1_octet_string_set1(&fixture->tgt_string, - fixture->src_string))) + ossl_cmp_asn1_octet_string_set1(&fixture->tgt_string, + fixture->src_string))) return 0; if (fixture->expected != 0) - return TEST_int_eq(0, ASN1_OCTET_STRING_cmp(fixture->tgt_string, - fixture->src_string)); + return TEST_int_eq(0, ASN1_OCTET_STRING_cmp(fixture->tgt_string, fixture->src_string)); return 1; } @@ -94,9 +93,9 @@ SETUP_TEST_FIXTURE(CMP_ASN_TEST_FIXTURE, set_up); fixture->expected = 1; if (!TEST_ptr(fixture->tgt_string = ASN1_OCTET_STRING_new()) - || !TEST_ptr(fixture->src_string = ASN1_OCTET_STRING_new()) - || !TEST_true(ASN1_OCTET_STRING_set(fixture->src_string, rand_data, - sizeof(rand_data)))) { + || !TEST_ptr(fixture->src_string = ASN1_OCTET_STRING_new()) + || !TEST_true(ASN1_OCTET_STRING_set(fixture->src_string, rand_data, + sizeof(rand_data)))) { tear_down(fixture); fixture = NULL; } @@ -109,9 +108,9 @@ SETUP_TEST_FIXTURE(CMP_ASN_TEST_FIXTURE, set_up); fixture->expected = 1; if (!TEST_ptr(fixture->src_string = ASN1_OCTET_STRING_new()) - || !(fixture->tgt_string = fixture->src_string) - || !TEST_true(ASN1_OCTET_STRING_set(fixture->src_string, rand_data, - sizeof(rand_data)))) { + || !(fixture->tgt_string = fixture->src_string) + || !TEST_true(ASN1_OCTET_STRING_set(fixture->src_string, rand_data, + sizeof(rand_data)))) { tear_down(fixture); fixture = NULL; } @@ -119,7 +118,6 @@ return result; } - void cleanup_tests(void) { return; --- crypto/openssl/test/cmp_client_test.c.orig +++ crypto/openssl/test/cmp_client_test.c @@ -63,29 +63,28 @@ return NULL; fixture->test_case_name = test_case_name; if (!TEST_ptr(fixture->srv_ctx = ossl_cmp_mock_srv_new(libctx, NULL)) - || !OSSL_CMP_SRV_CTX_set_accept_unprotected(fixture->srv_ctx, 1) - || !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert) - || (srv_cmp_ctx = - OSSL_CMP_SRV_CTX_get0_cmp_ctx(fixture->srv_ctx)) == NULL - || !OSSL_CMP_CTX_set1_cert(srv_cmp_ctx, server_cert) - || !OSSL_CMP_CTX_set1_pkey(srv_cmp_ctx, server_key)) + || !OSSL_CMP_SRV_CTX_set_accept_unprotected(fixture->srv_ctx, 1) + || !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert) + || (srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(fixture->srv_ctx)) == NULL + || !OSSL_CMP_CTX_set1_cert(srv_cmp_ctx, server_cert) + || !OSSL_CMP_CTX_set1_pkey(srv_cmp_ctx, server_key)) goto err; if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(libctx, NULL)) - || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out) - || !OSSL_CMP_CTX_set_transfer_cb(ctx, OSSL_CMP_CTX_server_perform) - || !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx) - || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1) - || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1) - || !OSSL_CMP_CTX_set1_oldCert(ctx, client_cert) - || !OSSL_CMP_CTX_set1_pkey(ctx, client_key) - /* client_key is by default used also for newPkey */ - || !OSSL_CMP_CTX_set1_srvCert(ctx, server_cert) - || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) + || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out) + || !OSSL_CMP_CTX_set_transfer_cb(ctx, OSSL_CMP_CTX_server_perform) + || !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx) + || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1) + || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1) + || !OSSL_CMP_CTX_set1_oldCert(ctx, client_cert) + || !OSSL_CMP_CTX_set1_pkey(ctx, client_key) + /* client_key is by default used also for newPkey */ + || !OSSL_CMP_CTX_set1_srvCert(ctx, server_cert) + || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) goto err; fixture->req_type = -1; return fixture; - err: +err: tear_down(fixture); return NULL; } @@ -93,9 +92,9 @@ static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixt) { return TEST_int_eq(OSSL_CMP_CTX_get_status(fixt->cmp_ctx), - OSSL_CMP_PKISTATUS_unspecified) + OSSL_CMP_PKISTATUS_unspecified) && TEST_int_eq(OSSL_CMP_exec_RR_ses(fixt->cmp_ctx), - fixt->expected == OSSL_CMP_PKISTATUS_accepted) + fixt->expected == OSSL_CMP_PKISTATUS_accepted) && TEST_int_eq(OSSL_CMP_CTX_get_status(fixt->cmp_ctx), fixt->expected); } @@ -111,8 +110,9 @@ sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); return TEST_int_eq(OSSL_CMP_CTX_get_status(ctx), fixture->expected) - && fixture->expected == OSSL_CMP_PKISTATUS_accepted ? - TEST_ptr(itavs) : TEST_ptr_null(itavs); + && fixture->expected == OSSL_CMP_PKISTATUS_accepted + ? TEST_ptr(itavs) + : TEST_ptr_null(itavs); } static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture) @@ -131,7 +131,7 @@ OSSL_CMP_CTX_print_errors(ctx); if (!TEST_int_eq(status, fixture->expected) && !(fixture->expected == OSSL_CMP_PKISTATUS_waiting - && TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans))) + && TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans))) return 0; if (fixture->expected != OSSL_CMP_PKISTATUS_accepted) return TEST_ptr_null(res); @@ -154,7 +154,7 @@ if (request_error) OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, NULL); fixture->expected = request_error ? OSSL_CMP_PKISTATUS_request - : OSSL_CMP_PKISTATUS_accepted; + : OSSL_CMP_PKISTATUS_accepted; EXECUTE_TEST(execute_exec_RR_ses_test, tear_down); return result; } @@ -173,9 +173,9 @@ { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); ossl_cmp_mock_srv_set_statusInfo(fixture->srv_ctx, - OSSL_CMP_PKISTATUS_rejection, - OSSL_CMP_CTX_FAILINFO_signerNotTrusted, - "test string"); + OSSL_CMP_PKISTATUS_rejection, + OSSL_CMP_CTX_FAILINFO_signerNotTrusted, + "test string"); ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx, OSSL_CMP_PKIBODY_RR); fixture->expected = OSSL_CMP_PKISTATUS_rejection; EXECUTE_TEST(execute_exec_RR_ses_test, tear_down); @@ -196,7 +196,7 @@ } static int test_exec_IR_ses_poll(int check_after, int poll_count, - int total_timeout, int expect) + int total_timeout, int expect) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_IR; @@ -204,7 +204,7 @@ ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, check_after); ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, poll_count); OSSL_CMP_CTX_set_option(fixture->cmp_ctx, - OSSL_CMP_OPT_TOTAL_TIMEOUT, total_timeout); + OSSL_CMP_OPT_TOTAL_TIMEOUT, total_timeout); EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; } @@ -218,13 +218,13 @@ static int test_exec_IR_ses_poll_no_timeout(void) { return test_exec_IR_ses_poll(checkAfter, 1 /* pollCount */, checkAfter + 1, - OSSL_CMP_PKISTATUS_accepted); + OSSL_CMP_PKISTATUS_accepted); } static int test_exec_IR_ses_poll_total_timeout(void) { return test_exec_IR_ses_poll(checkAfter + 1, 2 /* pollCount */, checkAfter, - OSSL_CMP_PKISTATUS_waiting); + OSSL_CMP_PKISTATUS_waiting); } static int test_exec_CR_ses(int implicit_confirm, int granted, int reject) @@ -232,12 +232,12 @@ SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_CR; OSSL_CMP_CTX_set_option(fixture->cmp_ctx, - OSSL_CMP_OPT_IMPLICIT_CONFIRM, implicit_confirm); + OSSL_CMP_OPT_IMPLICIT_CONFIRM, implicit_confirm); OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(fixture->srv_ctx, granted); ossl_cmp_mock_srv_set_sendError(fixture->srv_ctx, - reject ? OSSL_CMP_PKIBODY_CERTCONF : -1); + reject ? OSSL_CMP_PKIBODY_CERTCONF : -1); fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection - : OSSL_CMP_PKISTATUS_accepted; + : OSSL_CMP_PKISTATUS_accepted; EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; } @@ -271,9 +271,9 @@ } if (pubkey || raverified) OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_POPO_METHOD, - OSSL_CRMF_POPO_RAVERIFIED); - fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : - raverified ? OSSL_CMP_PKISTATUS_rejection : OSSL_CMP_PKISTATUS_accepted; + OSSL_CRMF_POPO_RAVERIFIED); + fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : raverified ? OSSL_CMP_PKISTATUS_rejection + : OSSL_CMP_PKISTATUS_accepted; EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; } @@ -308,7 +308,7 @@ } static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, - const char **txt) + const char **txt) { int *reject = OSSL_CMP_CTX_get_certConf_cb_arg(ctx); @@ -327,7 +327,7 @@ SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_P10CR; fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection - : OSSL_CMP_PKISTATUS_accepted; + : OSSL_CMP_PKISTATUS_accepted; ctx = fixture->cmp_ctx; if (!TEST_ptr(csr = load_csr_der(pkcs10_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) @@ -367,9 +367,9 @@ && check_after == CHECK_AFTER && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) && TEST_int_eq(fixture->expected, - OSSL_CMP_try_certreq(ctx, TYPE, NULL, NULL)) + OSSL_CMP_try_certreq(ctx, TYPE, NULL, NULL)) && TEST_int_eq(0, - X509_cmp(OSSL_CMP_CTX_get0_newCert(ctx), client_cert)); + X509_cmp(OSSL_CMP_CTX_get0_newCert(ctx), client_cert)); } static int test_try_certreq_poll(void) @@ -393,7 +393,7 @@ && check_after == CHECK_AFTER && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) && TEST_int_eq(fixture->expected, - OSSL_CMP_try_certreq(ctx, -1 /* abort */, NULL, NULL)) + OSSL_CMP_try_certreq(ctx, -1 /* abort */, NULL, NULL)) && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(fixture->cmp_ctx), NULL); } @@ -437,20 +437,18 @@ static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture) { - int res = - ossl_cmp_exchange_certConf(fixture->cmp_ctx, OSSL_CMP_CERTREQID, - OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable, - "abcdefg"); + int res = ossl_cmp_exchange_certConf(fixture->cmp_ctx, OSSL_CMP_CERTREQID, + OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable, + "abcdefg"); return TEST_int_eq(fixture->expected, res); } static int execute_exchange_error_test(CMP_SES_TEST_FIXTURE *fixture) { - int res = - ossl_cmp_exchange_error(fixture->cmp_ctx, - OSSL_CMP_PKISTATUS_rejection, - 1 << OSSL_CMP_PKIFAILUREINFO_unsupportedVersion, - "foo_status", 999, "foo_details"); + int res = ossl_cmp_exchange_error(fixture->cmp_ctx, + OSSL_CMP_PKISTATUS_rejection, + 1 << OSSL_CMP_PKIFAILUREINFO_unsupportedVersion, + "foo_status", 999, "foo_details"); return TEST_int_eq(fixture->expected, res); } @@ -487,7 +485,7 @@ return; } -# define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n" +#define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n" OPT_TEST_DECLARE_USAGE(USAGE) int setup_tests(void) @@ -498,10 +496,10 @@ } if (!TEST_ptr(server_key_f = test_get_argument(0)) - || !TEST_ptr(server_cert_f = test_get_argument(1)) - || !TEST_ptr(client_key_f = test_get_argument(2)) - || !TEST_ptr(client_cert_f = test_get_argument(3)) - || !TEST_ptr(pkcs10_f = test_get_argument(4))) { + || !TEST_ptr(server_cert_f = test_get_argument(1)) + || !TEST_ptr(client_key_f = test_get_argument(2)) + || !TEST_ptr(client_cert_f = test_get_argument(3)) + || !TEST_ptr(pkcs10_f = test_get_argument(4))) { TEST_error("usage: cmp_client_test %s", USAGE); return 0; } @@ -510,10 +508,10 @@ return 0; if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx)) - || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx)) - || !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx)) - || !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx)) - || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { + || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx)) + || !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx)) + || !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx)) + || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { cleanup_tests(); return 0; } --- crypto/openssl/test/cmp_ctx_test.c.orig +++ crypto/openssl/test/cmp_ctx_test.c @@ -73,16 +73,16 @@ ctx->status = 1; ctx->failInfoCode = 1; if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null()) - || !ossl_cmp_ctx_set0_newCert(ctx, X509_dup(test_cert)) - || !TEST_ptr(certs = sk_X509_new_1()) - || !ossl_cmp_ctx_set1_newChain(ctx, certs) - || !ossl_cmp_ctx_set1_caPubs(ctx, certs) - || !ossl_cmp_ctx_set1_extraCertsIn(ctx, certs) - || !ossl_cmp_ctx_set0_validatedSrvCert(ctx, X509_dup(test_cert)) - || !TEST_ptr(bytes = ASN1_OCTET_STRING_new()) - || !OSSL_CMP_CTX_set1_transactionID(ctx, bytes) - || !OSSL_CMP_CTX_set1_senderNonce(ctx, bytes) - || !ossl_cmp_ctx_set1_recipNonce(ctx, bytes)) + || !ossl_cmp_ctx_set0_newCert(ctx, X509_dup(test_cert)) + || !TEST_ptr(certs = sk_X509_new_1()) + || !ossl_cmp_ctx_set1_newChain(ctx, certs) + || !ossl_cmp_ctx_set1_caPubs(ctx, certs) + || !ossl_cmp_ctx_set1_extraCertsIn(ctx, certs) + || !ossl_cmp_ctx_set0_validatedSrvCert(ctx, X509_dup(test_cert)) + || !TEST_ptr(bytes = ASN1_OCTET_STRING_new()) + || !OSSL_CMP_CTX_set1_transactionID(ctx, bytes) + || !OSSL_CMP_CTX_set1_senderNonce(ctx, bytes) + || !ossl_cmp_ctx_set1_recipNonce(ctx, bytes)) goto err; if (!TEST_true(OSSL_CMP_CTX_reinit(ctx))) @@ -90,22 +90,22 @@ /* check whether values have been reset to default in all relevant fields */ if (!TEST_true(ctx->status == -1 - && ctx->failInfoCode == -1 - && ctx->statusString == NULL - && ctx->newCert == NULL - && ctx->newChain == NULL - && ctx->caPubs == NULL - && ctx->extraCertsIn == NULL - && ctx->validatedSrvCert == NULL - && ctx->transactionID == NULL - && ctx->senderNonce == NULL - && ctx->recipNonce == NULL)) + && ctx->failInfoCode == -1 + && ctx->statusString == NULL + && ctx->newCert == NULL + && ctx->newChain == NULL + && ctx->caPubs == NULL + && ctx->extraCertsIn == NULL + && ctx->validatedSrvCert == NULL + && ctx->transactionID == NULL + && ctx->senderNonce == NULL + && ctx->recipNonce == NULL)) goto err; /* this does not check that all remaining fields are untouched */ res = 1; - err: +err: sk_X509_pop_X509_free(certs); ASN1_OCTET_STRING_free(bytes); return res; @@ -122,19 +122,19 @@ static int msg_total_size = 0; static int msg_total_size_log_cb(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) + OSSL_CMP_severity level, const char *msg) { msg_total_size += strlen(msg); TEST_note("total=%d len=%zu msg='%s'\n", msg_total_size, strlen(msg), msg); return 1; } -# define STR64 "This is a 64 bytes looooooooooooooooooooooooooooooooong string.\n" +#define STR64 "This is a 64 bytes looooooooooooooooooooooooooooooooong string.\n" /* max string length ISO C90 compilers are required to support is 509. */ -# define STR509 STR64 STR64 STR64 STR64 STR64 STR64 STR64 \ +#define STR509 STR64 STR64 STR64 STR64 STR64 STR64 STR64 \ "This is a 61 bytes loooooooooooooooooooooooooooooong string.\n" static const char *const max_str_literal = STR509; -# define STR_SEP "" +#define STR_SEP "" static int execute_CTX_print_errors_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) { @@ -147,10 +147,10 @@ if (!TEST_true(ctx->log_cb == NULL)) res = 0; -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES); OSSL_CMP_CTX_print_errors(ctx); /* should print above error to STDERR */ -# endif +#endif /* this should work regardless of OPENSSL_NO_STDIO and OPENSSL_NO_TRACE: */ if (!TEST_true(OSSL_CMP_CTX_set_log_cb(ctx, msg_total_size_log_cb))) @@ -164,11 +164,14 @@ base_err_msg_size += strlen("NULL_ARGUMENT"); expected_size = base_err_msg_size; ossl_cmp_add_error_data("data1"); /* should prepend separator ":" */ - expected_size += strlen(":" "data1"); + expected_size += strlen(":" + "data1"); ossl_cmp_add_error_data("data2"); /* should prepend separator " : " */ - expected_size += strlen(" : " "data2"); + expected_size += strlen(" : " + "data2"); ossl_cmp_add_error_line("new line"); /* should prepend separator "\n" */ - expected_size += strlen("\n" "new line"); + expected_size += strlen("\n" + "new line"); OSSL_CMP_CTX_print_errors(ctx); if (!TEST_int_eq(msg_total_size, expected_size)) res = 0; @@ -198,8 +201,7 @@ } #endif -static -int execute_CTX_reqExtensions_have_SAN_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) +static int execute_CTX_reqExtensions_have_SAN_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture) { OSSL_CMP_CTX *ctx = fixture->ctx; const int len = 16; @@ -213,14 +215,14 @@ return 0; if (!TEST_int_eq(1, RAND_bytes(str, len)) - || !TEST_ptr(data = ASN1_OCTET_STRING_new()) - || !TEST_true(ASN1_OCTET_STRING_set(data, str, len))) + || !TEST_ptr(data = ASN1_OCTET_STRING_new()) + || !TEST_true(ASN1_OCTET_STRING_set(data, str, len))) goto err; ext = X509_EXTENSION_create_by_NID(NULL, NID_subject_alt_name, 0, data); if (!TEST_ptr(ext) - || !TEST_ptr(exts = sk_X509_EXTENSION_new_null()) - || !TEST_true(sk_X509_EXTENSION_push(exts, ext)) - || !TEST_true(OSSL_CMP_CTX_set0_reqExtensions(ctx, exts))) { + || !TEST_ptr(exts = sk_X509_EXTENSION_new_null()) + || !TEST_true(sk_X509_EXTENSION_push(exts, ext)) + || !TEST_true(OSSL_CMP_CTX_set0_reqExtensions(ctx, exts))) { X509_EXTENSION_free(ext); sk_X509_EXTENSION_free(exts); goto err; @@ -230,7 +232,7 @@ res = TEST_false(OSSL_CMP_CTX_reqExtensions_have_SAN(ctx)); X509_EXTENSION_free(ext); } - err: +err: ASN1_OCTET_STRING_free(data); return res; } @@ -242,19 +244,22 @@ return result; } -static int test_log_line; +static int test_log_line_start; +static int test_log_line_end; static int test_log_cb_res = 0; static int test_log_cb(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) + OSSL_CMP_severity level, const char *msg) { test_log_cb_res = #ifndef PEDANTIC (TEST_str_eq(func, "execute_cmp_ctx_log_cb_test") - || TEST_str_eq(func, "(unknown function)")) && + || TEST_str_eq(func, "(unknown function)")) + && #endif (TEST_str_eq(file, OPENSSL_FILE) - || TEST_str_eq(file, "(no file)")) - && (TEST_int_eq(line, test_log_line) || TEST_int_eq(line, 0)) + || TEST_str_eq(file, "(no file)")) + && (TEST_int_eq(line, test_log_line_start) || TEST_int_eq(line, 0) + || TEST_int_eq(line, test_log_line_end)) && (TEST_int_eq(level, OSSL_CMP_LOG_INFO) || TEST_int_eq(level, -1)) && TEST_str_eq(msg, "ok"); return 1; @@ -283,14 +288,16 @@ if (!TEST_true(OSSL_CMP_CTX_set_log_cb(ctx, test_log_cb))) { res = 0; } else { - test_log_line = OPENSSL_LINE + 1; + test_log_line_start = OPENSSL_LINE + 1; ossl_cmp_log2(INFO, ctx, "%s%c", "o", 'k'); + test_log_line_end = OPENSSL_LINE - 1; if (!TEST_int_eq(test_log_cb_res, 1)) res = 0; OSSL_CMP_CTX_set_log_verbosity(ctx, OSSL_CMP_LOG_ERR); test_log_cb_res = -1; /* callback should not be called at all */ - test_log_line = OPENSSL_LINE + 1; + test_log_line_start = OPENSSL_LINE + 1; ossl_cmp_log2(INFO, ctx, "%s%c", "o", 'k'); + test_log_line_end = OPENSSL_LINE - 1; if (!TEST_int_eq(test_log_cb_res, -1)) res = 0; } @@ -312,13 +319,13 @@ } static OSSL_CMP_MSG *test_transfer_cb(OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req) + const OSSL_CMP_MSG *req) { return NULL; } static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, - const char **txt) + const char **txt) { return 0; } @@ -333,148 +340,147 @@ #define get0 0 #define get1 1 -#define DEFINE_SET_GET_BASE_TEST(PREFIX, SETN, GETN, DUP, FIELD, TYPE, ERR, \ - DEFAULT, NEW, FREE) \ -static int \ -execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ -{ \ - CMP_CTX *ctx = fixture->ctx; \ - int (*set_fn)(CMP_CTX *ctx, TYPE) = \ - (int (*)(CMP_CTX *ctx, TYPE))PREFIX##_##SETN##_##FIELD; \ - /* need type cast in above assignment as TYPE arg sometimes is const */ \ - TYPE (*get_fn)(const CMP_CTX *ctx) = OSSL_CMP_CTX_##GETN##_##FIELD; \ - TYPE val1_to_free = NEW; \ - TYPE val1 = val1_to_free; \ - TYPE val1_read = 0; /* 0 works for any type */ \ - TYPE val2_to_free = NEW; \ - TYPE val2 = val2_to_free; \ - TYPE val2_read = 0; \ - TYPE val3_read = 0; \ - int res = 1; \ - \ - if (!TEST_int_eq(ERR_peek_error(), 0)) \ - res = 0; \ - if (PREFIX == 1) { /* exported setter functions must test ctx == NULL */ \ - if ((*set_fn)(NULL, val1) || ERR_peek_error() == 0) { \ - TEST_error("setter did not return error on ctx == NULL"); \ - res = 0; \ - } \ - } \ - ERR_clear_error(); \ - \ - if ((*get_fn)(NULL) != ERR || ERR_peek_error() == 0) { \ - TEST_error("getter did not return error on ctx == NULL"); \ - res = 0; \ - } \ - ERR_clear_error(); \ - \ - val1_read = (*get_fn)(ctx); \ - if (!DEFAULT(val1_read)) { \ - TEST_error("did not get default value"); \ - res = 0; \ - } \ - if (!(*set_fn)(ctx, val1)) { \ - TEST_error("setting first value failed"); \ - res = 0; \ - } \ - if (SETN == 0) \ - val1_to_free = 0; /* 0 works for any type */ \ - \ - if (GETN == 1) \ - FREE(val1_read); \ - val1_read = (*get_fn)(ctx); \ - if (SETN == 0) { \ - if (val1_read != val1) { \ - TEST_error("set/get first value did not match"); \ - res = 0; \ - } \ - } else { \ - if (DUP && val1_read == val1) { \ - TEST_error("first set did not dup the value"); \ - val1_read = 0; \ - res = 0; \ - } \ - if (DEFAULT(val1_read)) { \ - TEST_error("first set had no effect"); \ - res = 0; \ - } \ - } \ - \ - if (!(*set_fn)(ctx, val2)) { \ - TEST_error("setting second value failed"); \ - res = 0; \ - } \ - if (SETN == 0) \ - val2_to_free = 0; \ - \ - val2_read = (*get_fn)(ctx); \ - if (DEFAULT(val2_read)) { \ - TEST_error("second set reset the value"); \ - res = 0; \ - } \ - if (SETN == 0 && GETN == 0) { \ - if (val2_read != val2) { \ - TEST_error("set/get second value did not match"); \ - res = 0; \ - } \ - } else { \ - if (DUP && val2_read == val2) { \ - TEST_error("second set did not dup the value"); \ - val2_read = 0; \ - res = 0; \ - } \ - if (val2 == val1) { \ - TEST_error("second value is same as first value"); \ - res = 0; \ - } \ - if (GETN == 1 && val2_read == val1_read) { \ - /* \ - * Note that if GETN == 0 then possibly val2_read == val1_read \ - * because set1 may allocate the new copy at the same location. \ - */ \ - TEST_error("second get returned same as first get"); \ - res = 0; \ - } \ - } \ - \ - val3_read = (*get_fn)(ctx); \ - if (DEFAULT(val3_read)) { \ - TEST_error("third set reset the value"); \ - res = 0; \ - } \ - if (GETN == 0) { \ - if (val3_read != val2_read) { \ - TEST_error("third get gave different value"); \ - res = 0; \ - } \ - } else { \ - if (DUP && val3_read == val2_read) { \ - TEST_error("third get did not create a new dup"); \ - val3_read = 0; \ - res = 0; \ - } \ - } \ - /* this does not check that all remaining fields are untouched */ \ - \ - if (!TEST_int_eq(ERR_peek_error(), 0)) \ - res = 0; \ - \ - FREE(val1_to_free); \ - FREE(val2_to_free); \ - if (GETN == 1) { \ - FREE(val1_read); \ - FREE(val2_read); \ - FREE(val3_read); \ - } \ - return TEST_true(res); \ -} \ -\ -static int test_CTX_##SETN##_##GETN##_##FIELD(void) \ -{ \ - SETUP_TEST_FIXTURE(OSSL_CMP_CTX_TEST_FIXTURE, set_up); \ - EXECUTE_TEST(execute_CTX_##SETN##_##GETN##_##FIELD, tear_down); \ - return result; \ -} +#define DEFINE_SET_GET_BASE_TEST(PREFIX, SETN, GETN, DUP, FIELD, TYPE, ERR, \ + DEFAULT, NEW, FREE) \ + static int \ + execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ + { \ + CMP_CTX *ctx = fixture->ctx; \ + int (*set_fn)(CMP_CTX * ctx, TYPE) = (int (*)(CMP_CTX * ctx, TYPE)) PREFIX##_##SETN##_##FIELD; \ + /* need type cast in above assignment as TYPE arg sometimes is const */ \ + TYPE (*get_fn)(const CMP_CTX *ctx) = OSSL_CMP_CTX_##GETN##_##FIELD; \ + TYPE val1_to_free = NEW; \ + TYPE val1 = val1_to_free; \ + TYPE val1_read = 0; /* 0 works for any type */ \ + TYPE val2_to_free = NEW; \ + TYPE val2 = val2_to_free; \ + TYPE val2_read = 0; \ + TYPE val3_read = 0; \ + int res = 1; \ + \ + if (!TEST_int_eq(ERR_peek_error(), 0)) \ + res = 0; \ + if (PREFIX == 1) { /* exported setter functions must test ctx == NULL */ \ + if ((*set_fn)(NULL, val1) || ERR_peek_error() == 0) { \ + TEST_error("setter did not return error on ctx == NULL"); \ + res = 0; \ + } \ + } \ + ERR_clear_error(); \ + \ + if ((*get_fn)(NULL) != ERR || ERR_peek_error() == 0) { \ + TEST_error("getter did not return error on ctx == NULL"); \ + res = 0; \ + } \ + ERR_clear_error(); \ + \ + val1_read = (*get_fn)(ctx); \ + if (!DEFAULT(val1_read)) { \ + TEST_error("did not get default value"); \ + res = 0; \ + } \ + if (!(*set_fn)(ctx, val1)) { \ + TEST_error("setting first value failed"); \ + res = 0; \ + } \ + if (SETN == 0) \ + val1_to_free = 0; /* 0 works for any type */ \ + \ + if (GETN == 1) \ + FREE(val1_read); \ + val1_read = (*get_fn)(ctx); \ + if (SETN == 0) { \ + if (val1_read != val1) { \ + TEST_error("set/get first value did not match"); \ + res = 0; \ + } \ + } else { \ + if (DUP && val1_read == val1) { \ + TEST_error("first set did not dup the value"); \ + val1_read = 0; \ + res = 0; \ + } \ + if (DEFAULT(val1_read)) { \ + TEST_error("first set had no effect"); \ + res = 0; \ + } \ + } \ + \ + if (!(*set_fn)(ctx, val2)) { \ + TEST_error("setting second value failed"); \ + res = 0; \ + } \ + if (SETN == 0) \ + val2_to_free = 0; \ + \ + val2_read = (*get_fn)(ctx); \ + if (DEFAULT(val2_read)) { \ + TEST_error("second set reset the value"); \ + res = 0; \ + } \ + if (SETN == 0 && GETN == 0) { \ + if (val2_read != val2) { \ + TEST_error("set/get second value did not match"); \ + res = 0; \ + } \ + } else { \ + if (DUP && val2_read == val2) { \ + TEST_error("second set did not dup the value"); \ + val2_read = 0; \ + res = 0; \ + } \ + if (val2 == val1) { \ + TEST_error("second value is same as first value"); \ + res = 0; \ + } \ + if (GETN == 1 && val2_read == val1_read) { \ + /* \ + * Note that if GETN == 0 then possibly val2_read == val1_read \ + * because set1 may allocate the new copy at the same location. \ + */ \ + TEST_error("second get returned same as first get"); \ + res = 0; \ + } \ + } \ + \ + val3_read = (*get_fn)(ctx); \ + if (DEFAULT(val3_read)) { \ + TEST_error("third set reset the value"); \ + res = 0; \ + } \ + if (GETN == 0) { \ + if (val3_read != val2_read) { \ + TEST_error("third get gave different value"); \ + res = 0; \ + } \ + } else { \ + if (DUP && val3_read == val2_read) { \ + TEST_error("third get did not create a new dup"); \ + val3_read = 0; \ + res = 0; \ + } \ + } \ + /* this does not check that all remaining fields are untouched */ \ + \ + if (!TEST_int_eq(ERR_peek_error(), 0)) \ + res = 0; \ + \ + FREE(val1_to_free); \ + FREE(val2_to_free); \ + if (GETN == 1) { \ + FREE(val1_read); \ + FREE(val2_read); \ + FREE(val3_read); \ + } \ + return TEST_true(res); \ + } \ + \ + static int test_CTX_##SETN##_##GETN##_##FIELD(void) \ + { \ + SETUP_TEST_FIXTURE(OSSL_CMP_CTX_TEST_FIXTURE, set_up); \ + EXECUTE_TEST(execute_CTX_##SETN##_##GETN##_##FIELD, tear_down); \ + return result; \ + } static char *char_new(void) { @@ -504,221 +510,219 @@ #define IS_0(x) ((x) == 0) /* for any type */ #define DROP(x) (void)(x) /* dummy free() for non-pointer and function types */ -#define RET_IF_NULL_ARG(ctx, ret) \ - if (ctx == NULL) { \ +#define RET_IF_NULL_ARG(ctx, ret) \ + if (ctx == NULL) { \ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ - return ret; \ + return ret; \ } -#define DEFINE_SET_GET_TEST(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE) \ +#define DEFINE_SET_GET_TEST(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \ - TYPE *, NULL, IS_0, TYPE##_new(), TYPE##_free) + TYPE *, NULL, IS_0, TYPE##_new(), TYPE##_free) #define DEFINE_SET_GET_SK_TEST_DEFAULT(OSSL_CMP, CTX, N, M, FIELD, ELEM_TYPE, \ - DEFAULT, NEW, FREE) \ - DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, 1, FIELD, \ - STACK_OF(ELEM_TYPE)*, NULL, DEFAULT, NEW, FREE) -#define DEFINE_SET_GET_SK_TEST(OSSL_CMP, CTX, N, M, FIELD, T) \ + DEFAULT, NEW, FREE) \ + DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, 1, FIELD, \ + STACK_OF(ELEM_TYPE) *, NULL, DEFAULT, NEW, FREE) +#define DEFINE_SET_GET_SK_TEST(OSSL_CMP, CTX, N, M, FIELD, T) \ DEFINE_SET_GET_SK_TEST_DEFAULT(OSSL_CMP, CTX, N, M, FIELD, T, \ - IS_0, sk_##T##_new_null(), sk_##T##_free) -#define DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, N, M, FNAME) \ + IS_0, sk_##T##_new_null(), sk_##T##_free) +#define DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, N, M, FNAME) \ DEFINE_SET_GET_SK_TEST_DEFAULT(OSSL_CMP, CTX, N, M, FNAME, X509, \ - EMPTY_SK_X509, \ - sk_X509_new_1(), sk_X509_pop_X509_free) + EMPTY_SK_X509, \ + sk_X509_new_1(), sk_X509_pop_X509_free) #define DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE, \ - DEFAULT) \ + DEFAULT) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \ - TYPE *, NULL, DEFAULT, TYPE##_new(), TYPE##_free) + TYPE *, NULL, DEFAULT, TYPE##_new(), TYPE##_free) #define DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, N, DUP, FIELD, TYPE, DEFAULT) \ - static TYPE *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \ - { \ - RET_IF_NULL_ARG(ctx, NULL); \ - return (TYPE *)ctx->FIELD; \ - } \ + static TYPE *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \ + { \ + RET_IF_NULL_ARG(ctx, NULL); \ + return (TYPE *)ctx->FIELD; \ + } \ DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, N, 0, DUP, FIELD, TYPE, DEFAULT) #define DEFINE_SET_TEST(OSSL_CMP, CTX, N, DUP, FIELD, TYPE) \ DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, N, DUP, FIELD, TYPE, IS_0) -#define DEFINE_SET_SK_TEST(OSSL_CMP, CTX, N, FIELD, TYPE) \ +#define DEFINE_SET_SK_TEST(OSSL_CMP, CTX, N, FIELD, TYPE) \ static STACK_OF(TYPE) *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \ - { \ - RET_IF_NULL_ARG(ctx, NULL); \ - return ctx->FIELD; \ - } \ - DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get0, 1, FIELD, \ - STACK_OF(TYPE)*, NULL, IS_0, \ - sk_##TYPE##_new_null(), sk_##TYPE##_free) + { \ + RET_IF_NULL_ARG(ctx, NULL); \ + return ctx->FIELD; \ + } \ + DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get0, 1, FIELD, \ + STACK_OF(TYPE) *, NULL, IS_0, \ + sk_##TYPE##_new_null(), sk_##TYPE##_free) typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t; -#define DEFINE_SET_CB_TEST(FIELD) \ +#define DEFINE_SET_CB_TEST(FIELD) \ static OSSL_CMP_##FIELD##_t OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \ - { \ - RET_IF_NULL_ARG(ctx, NULL); \ - return ctx->FIELD; \ - } \ - DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, \ - OSSL_CMP_##FIELD##_t, NULL, IS_0, \ - test_##FIELD, DROP) -#define DEFINE_SET_GET_P_VOID_TEST(FIELD) \ + { \ + RET_IF_NULL_ARG(ctx, NULL); \ + return ctx->FIELD; \ + } \ + DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, \ + OSSL_CMP_##FIELD##_t, NULL, IS_0, \ + test_##FIELD, DROP) +#define DEFINE_SET_GET_P_VOID_TEST(FIELD) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, void *, \ - NULL, IS_0, ((void *)1), DROP) + NULL, IS_0, ((void *)1), DROP) -#define DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, DEFAULT) \ +#define DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, DEFAULT) \ DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set, get, 0, FIELD, int, -1, \ - DEFAULT, 1, DROP) + DEFAULT, 1, DROP) #define DEFINE_SET_GET_INT_TEST(OSSL_CMP, CTX, FIELD) \ DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, IS_NEG) -#define DEFINE_SET_INT_TEST(FIELD) \ +#define DEFINE_SET_INT_TEST(FIELD) \ static int OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \ - { \ - RET_IF_NULL_ARG(ctx, -1); \ - return ctx->FIELD; \ - } \ + { \ + RET_IF_NULL_ARG(ctx, -1); \ + return ctx->FIELD; \ + } \ DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, IS_0) -#define DEFINE_SET_GET_ARG_FN(SETN, GETN, FIELD, ARG, T) \ +#define DEFINE_SET_GET_ARG_FN(SETN, GETN, FIELD, ARG, T) \ static int OSSL_CMP_CTX_##SETN##_##FIELD##_##ARG(CMP_CTX *ctx, T val) \ - { \ - return OSSL_CMP_CTX_##SETN##_##FIELD(ctx, ARG, val); \ - } \ - \ - static T OSSL_CMP_CTX_##GETN##_##FIELD##_##ARG(const CMP_CTX *ctx) \ - { \ - return OSSL_CMP_CTX_##GETN##_##FIELD(ctx, ARG); \ + { \ + return OSSL_CMP_CTX_##SETN##_##FIELD(ctx, ARG, val); \ + } \ + \ + static T OSSL_CMP_CTX_##GETN##_##FIELD##_##ARG(const CMP_CTX *ctx) \ + { \ + return OSSL_CMP_CTX_##GETN##_##FIELD(ctx, ARG); \ } -#define DEFINE_SET_GET1_STR_FN(SETN, FIELD) \ - static int OSSL_CMP_CTX_##SETN##_##FIELD##_str(CMP_CTX *ctx, char *val)\ - { \ - return OSSL_CMP_CTX_##SETN##_##FIELD(ctx, (unsigned char *)val, \ - strlen(val)); \ - } \ - \ - static char *OSSL_CMP_CTX_get1_##FIELD##_str(const CMP_CTX *ctx) \ - { \ - const ASN1_OCTET_STRING *bytes = NULL; \ - \ - RET_IF_NULL_ARG(ctx, NULL); \ - bytes = ctx->FIELD; \ - return bytes == NULL ? NULL : \ - OPENSSL_strndup((char *)bytes->data, bytes->length); \ +#define DEFINE_SET_GET1_STR_FN(SETN, FIELD) \ + static int OSSL_CMP_CTX_##SETN##_##FIELD##_str(CMP_CTX *ctx, char *val) \ + { \ + return OSSL_CMP_CTX_##SETN##_##FIELD(ctx, (unsigned char *)val, \ + strlen(val)); \ + } \ + \ + static char *OSSL_CMP_CTX_get1_##FIELD##_str(const CMP_CTX *ctx) \ + { \ + const ASN1_OCTET_STRING *bytes = NULL; \ + \ + RET_IF_NULL_ARG(ctx, NULL); \ + bytes = ctx->FIELD; \ + return bytes == NULL ? NULL : OPENSSL_strndup((char *)bytes->data, bytes->length); \ } #define push 0 #define push0 0 #define push1 1 -#define DEFINE_PUSH_BASE_TEST(PUSHN, DUP, FIELD, ELEM, TYPE, T, \ - DEFAULT, NEW, FREE) \ -static TYPE sk_top_##FIELD(const CMP_CTX *ctx) \ -{ \ - return sk_##T##_value(ctx->FIELD, sk_##T##_num(ctx->FIELD) - 1); \ -} \ -\ -static int execute_CTX_##PUSHN##_##ELEM(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ -{ \ - CMP_CTX *ctx = fixture->ctx; \ - int (*push_fn)(CMP_CTX *ctx, TYPE) = \ - (int (*)(CMP_CTX *ctx, TYPE))OSSL_CMP_CTX_##PUSHN##_##ELEM; \ - /* \ - * need type cast in above assignment because TYPE arg sometimes is const \ - */ \ - int n_elem = sk_##T##_num(ctx->FIELD); \ - STACK_OF(TYPE) field_read; \ - TYPE val1_to_free = NEW; \ - TYPE val1 = val1_to_free; \ - TYPE val1_read = 0; /* 0 works for any type */ \ - TYPE val2_to_free = NEW; \ - TYPE val2 = val2_to_free; \ - TYPE val2_read = 0; \ - int res = 1; \ - \ - if (!TEST_int_eq(ERR_peek_error(), 0)) \ - res = 0; \ - if ((*push_fn)(NULL, val1) || ERR_peek_error() == 0) { \ - TEST_error("pusher did not return error on ctx == NULL"); \ - res = 0; \ - } \ - ERR_clear_error(); \ - \ - if (n_elem < 0) /* can happen for NULL stack */ \ - n_elem = 0; \ - field_read = ctx->FIELD; \ - if (!DEFAULT(field_read)) { \ - TEST_error("did not get default value for stack field"); \ - res = 0; \ - } \ - if (!(*push_fn)(ctx, val1)) { \ - TEST_error("pushing first value failed"); \ - res = 0; \ - } \ - if (PUSHN == 0) \ - val1_to_free = 0; /* 0 works for any type */ \ - \ - if (sk_##T##_num(ctx->FIELD) != ++n_elem) { \ - TEST_error("pushing first value did not increment number"); \ - res = 0; \ - } \ - val1_read = sk_top_##FIELD(ctx); \ - if (PUSHN == 0) { \ - if (val1_read != val1) { \ - TEST_error("push/sk_top first value did not match"); \ - res = 0; \ - } \ - } else { \ - if (DUP && val1_read == val1) { \ - TEST_error("first push did not dup the value"); \ - res = 0; \ - } \ - } \ - \ - if (!(*push_fn)(ctx, val2)) { \ - TEST_error("pushting second value failed"); \ - res = 0; \ - } \ - if (PUSHN == 0) \ - val2_to_free = 0; \ - \ - if (sk_##T##_num(ctx->FIELD) != ++n_elem) { \ - TEST_error("pushing second value did not increment number"); \ - res = 0; \ - } \ - val2_read = sk_top_##FIELD(ctx); \ - if (PUSHN == 0) { \ - if (val2_read != val2) { \ - TEST_error("push/sk_top second value did not match"); \ - res = 0; \ - } \ - } else { \ - if (DUP && val2_read == val2) { \ - TEST_error("second push did not dup the value"); \ - res = 0; \ - } \ - if (val2 == val1) { \ - TEST_error("second value is same as first value"); \ - res = 0; \ - } \ - } \ - /* this does not check if all remaining fields and elems are untouched */ \ - \ - if (!TEST_int_eq(ERR_peek_error(), 0)) \ - res = 0; \ - \ - FREE(val1_to_free); \ - FREE(val2_to_free); \ - return TEST_true(res); \ -} \ -\ -static int test_CTX_##PUSHN##_##ELEM(void) \ -{ \ - SETUP_TEST_FIXTURE(OSSL_CMP_CTX_TEST_FIXTURE, set_up); \ - EXECUTE_TEST(execute_CTX_##PUSHN##_##ELEM, tear_down); \ - return result; \ -} \ - -#define DEFINE_PUSH_TEST(N, DUP, FIELD, ELEM, TYPE) \ +#define DEFINE_PUSH_BASE_TEST(PUSHN, DUP, FIELD, ELEM, TYPE, T, \ + DEFAULT, NEW, FREE) \ + static TYPE sk_top_##FIELD(const CMP_CTX *ctx) \ + { \ + return sk_##T##_value(ctx->FIELD, sk_##T##_num(ctx->FIELD) - 1); \ + } \ + \ + static int execute_CTX_##PUSHN##_##ELEM(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ + { \ + CMP_CTX *ctx = fixture->ctx; \ + int (*push_fn)(CMP_CTX * ctx, TYPE) = (int (*)(CMP_CTX * ctx, TYPE)) OSSL_CMP_CTX_##PUSHN##_##ELEM; \ + /* \ + * need type cast in above assignment because TYPE arg sometimes is const \ + */ \ + int n_elem = sk_##T##_num(ctx->FIELD); \ + STACK_OF(TYPE) field_read; \ + TYPE val1_to_free = NEW; \ + TYPE val1 = val1_to_free; \ + TYPE val1_read = 0; /* 0 works for any type */ \ + TYPE val2_to_free = NEW; \ + TYPE val2 = val2_to_free; \ + TYPE val2_read = 0; \ + int res = 1; \ + \ + if (!TEST_int_eq(ERR_peek_error(), 0)) \ + res = 0; \ + if ((*push_fn)(NULL, val1) || ERR_peek_error() == 0) { \ + TEST_error("pusher did not return error on ctx == NULL"); \ + res = 0; \ + } \ + ERR_clear_error(); \ + \ + if (n_elem < 0) /* can happen for NULL stack */ \ + n_elem = 0; \ + field_read = ctx->FIELD; \ + if (!DEFAULT(field_read)) { \ + TEST_error("did not get default value for stack field"); \ + res = 0; \ + } \ + if (!(*push_fn)(ctx, val1)) { \ + TEST_error("pushing first value failed"); \ + res = 0; \ + } \ + if (PUSHN == 0) \ + val1_to_free = 0; /* 0 works for any type */ \ + \ + if (sk_##T##_num(ctx->FIELD) != ++n_elem) { \ + TEST_error("pushing first value did not increment number"); \ + res = 0; \ + } \ + val1_read = sk_top_##FIELD(ctx); \ + if (PUSHN == 0) { \ + if (val1_read != val1) { \ + TEST_error("push/sk_top first value did not match"); \ + res = 0; \ + } \ + } else { \ + if (DUP && val1_read == val1) { \ + TEST_error("first push did not dup the value"); \ + res = 0; \ + } \ + } \ + \ + if (!(*push_fn)(ctx, val2)) { \ + TEST_error("pushting second value failed"); \ + res = 0; \ + } \ + if (PUSHN == 0) \ + val2_to_free = 0; \ + \ + if (sk_##T##_num(ctx->FIELD) != ++n_elem) { \ + TEST_error("pushing second value did not increment number"); \ + res = 0; \ + } \ + val2_read = sk_top_##FIELD(ctx); \ + if (PUSHN == 0) { \ + if (val2_read != val2) { \ + TEST_error("push/sk_top second value did not match"); \ + res = 0; \ + } \ + } else { \ + if (DUP && val2_read == val2) { \ + TEST_error("second push did not dup the value"); \ + res = 0; \ + } \ + if (val2 == val1) { \ + TEST_error("second value is same as first value"); \ + res = 0; \ + } \ + } \ + /* this does not check if all remaining fields and elems are untouched */ \ + \ + if (!TEST_int_eq(ERR_peek_error(), 0)) \ + res = 0; \ + \ + FREE(val1_to_free); \ + FREE(val2_to_free); \ + return TEST_true(res); \ + } \ + \ + static int test_CTX_##PUSHN##_##ELEM(void) \ + { \ + SETUP_TEST_FIXTURE(OSSL_CMP_CTX_TEST_FIXTURE, set_up); \ + EXECUTE_TEST(execute_CTX_##PUSHN##_##ELEM, tear_down); \ + return result; \ + } + +#define DEFINE_PUSH_TEST(N, DUP, FIELD, ELEM, TYPE) \ DEFINE_PUSH_BASE_TEST(push##N, DUP, FIELD, ELEM, TYPE *, TYPE, \ - IS_0, TYPE##_new(), TYPE##_free) + IS_0, TYPE##_new(), TYPE##_free) void cleanup_tests(void) { @@ -726,8 +730,8 @@ } DEFINE_SET_GET_ARG_FN(set, get, option, 35, int) /* OPT_IGNORE_KEYUSAGE */ -DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, option_35, int, -1, IS_0, \ - 1 /* true */, DROP) +DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, option_35, int, -1, IS_0, + 1 /* true */, DROP) DEFINE_SET_CB_TEST(log_cb) @@ -745,8 +749,8 @@ DEFINE_SET_TEST(ossl_cmp, ctx, 0, 0, validatedSrvCert, X509) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, expected_sender, X509_NAME) DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore, - X509_STORE *, NULL, - DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free) + X509_STORE *, NULL, + DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free) DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, cert, X509) @@ -761,7 +765,7 @@ DEFINE_SET_GET_TEST(OSSL_CMP, CTX, 0, 0, 0, newPkey_0, EVP_PKEY) DEFINE_SET_GET1_STR_FN(set1, referenceValue) DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, 1, referenceValue_str, char, - IS_0) + IS_0) DEFINE_SET_GET1_STR_FN(set1, secretValue) DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, 1, secretValue_str, char, IS_0) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, issuer, X509_NAME) @@ -788,7 +792,7 @@ DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, extraCertsIn) DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, transactionID, ASN1_OCTET_STRING, - IS_0) + IS_0) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, senderNonce, ASN1_OCTET_STRING) DEFINE_SET_TEST(ossl_cmp, ctx, 1, 1, recipNonce, ASN1_OCTET_STRING) --- crypto/openssl/test/cmp_hdr_test.c.orig +++ crypto/openssl/test/cmp_hdr_test.c @@ -41,7 +41,7 @@ goto err; return fixture; - err: +err: tear_down(fixture); return NULL; } @@ -65,9 +65,9 @@ return result; } -#define X509_NAME_ADD(n, rd, s) \ +#define X509_NAME_ADD(n, rd, s) \ X509_NAME_add_entry_by_txt((n), (rd), MBSTRING_ASC, (unsigned char *)(s), \ - -1, -1, 0) + -1, -1, 0) static int execute_HDR_get0_senderNonce_test(CMP_HDR_TEST_FIXTURE *fixture) { @@ -80,14 +80,14 @@ X509_NAME_ADD(sender, "CN", "A common sender name"); if (!TEST_int_eq(OSSL_CMP_CTX_set1_subjectName(fixture->cmp_ctx, sender), - 1)) + 1)) goto err; if (!TEST_int_eq(ossl_cmp_hdr_init(fixture->cmp_ctx, fixture->hdr), - 1)) + 1)) goto err; sn = ossl_cmp_hdr_get0_senderNonce(fixture->hdr); if (!TEST_int_eq(ASN1_OCTET_STRING_cmp(fixture->cmp_ctx->senderNonce, sn), - 0)) + 0)) goto err; res = 1; @@ -121,7 +121,8 @@ goto err; if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->sender->d.directoryName, - x509name), 0)) + x509name), + 0)) goto err; res = 1; @@ -155,7 +156,8 @@ goto err; if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->recipient->d.directoryName, - x509name), 0)) + x509name), + 0)) goto err; res = 1; @@ -220,15 +222,17 @@ goto err; if (!TEST_int_eq(ASN1_OCTET_STRING_set(senderKID, rand_data, - sizeof(rand_data)), 1)) + sizeof(rand_data)), + 1)) goto err; if (!TEST_int_eq(ossl_cmp_hdr_set1_senderKID(fixture->hdr, senderKID), 1)) goto err; if (!TEST_int_eq(ASN1_OCTET_STRING_cmp(fixture->hdr->senderKID, - senderKID), 0)) + senderKID), + 0)) goto err; res = 1; - err: +err: ASN1_OCTET_STRING_free(senderKID); return res; } @@ -259,7 +263,7 @@ return 1; - err: +err: ASN1_UTF8STRING_free(text); return 0; } @@ -292,7 +296,7 @@ goto err; res = 1; - err: +err: ASN1_UTF8STRING_free(text); return res; @@ -315,11 +319,10 @@ return 0; if (!TEST_int_eq(ossl_cmp_hdr_generalInfo_push0_item(fixture->hdr, itav), - 1)) + 1)) return 0; - if (!TEST_true(itav == sk_OSSL_CMP_ITAV_value(fixture->hdr->generalInfo, - 0))) + if (!TEST_true(itav == sk_OSSL_CMP_ITAV_value(fixture->hdr->generalInfo, 0))) return 0; return 1; @@ -349,7 +352,7 @@ return 0; if (!TEST_ptr(val) - || !TEST_true(ASN1_INTEGER_set(asn1int, 88))) { + || !TEST_true(ASN1_INTEGER_set(asn1int, 88))) { ASN1_INTEGER_free(asn1int); return 0; } @@ -365,7 +368,7 @@ } if (!TEST_int_eq(ossl_cmp_hdr_generalInfo_push1_items(fixture->hdr, itavs), - 1)) + 1)) goto err; ginfo = fixture->hdr->generalInfo; pushed_itav = sk_OSSL_CMP_ITAV_value(ginfo, 0); @@ -379,7 +382,7 @@ res = 1; - err: +err: sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); return res; } @@ -394,7 +397,7 @@ static int execute_HDR_set_and_check_implicitConfirm_test(CMP_HDR_TEST_FIXTURE - * fixture) + *fixture) { return TEST_false(ossl_cmp_hdr_has_implicitConfirm(fixture->hdr)) && TEST_true(ossl_cmp_hdr_set_implicitConfirm(fixture->hdr)) @@ -408,14 +411,13 @@ return result; } - static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture) { ASN1_OCTET_STRING *header_nonce, *header_transactionID; ASN1_OCTET_STRING *ctx_nonce; if (!TEST_int_eq(fixture->expected, - ossl_cmp_hdr_init(fixture->cmp_ctx, fixture->hdr))) + ossl_cmp_hdr_init(fixture->cmp_ctx, fixture->hdr))) return 0; if (fixture->expected == 0) return 1; @@ -424,20 +426,17 @@ return 0; header_nonce = ossl_cmp_hdr_get0_senderNonce(fixture->hdr); - if (!TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce, - fixture->cmp_ctx->senderNonce))) + if (!TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce, fixture->cmp_ctx->senderNonce))) return 0; header_transactionID = OSSL_CMP_HDR_get0_transactionID(fixture->hdr); - if (!TEST_true(0 == ASN1_OCTET_STRING_cmp(header_transactionID, - fixture->cmp_ctx->transactionID))) + if (!TEST_true(0 == ASN1_OCTET_STRING_cmp(header_transactionID, fixture->cmp_ctx->transactionID))) return 0; header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr); ctx_nonce = fixture->cmp_ctx->recipNonce; if (ctx_nonce != NULL - && (!TEST_ptr(header_nonce) - || !TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce, - ctx_nonce)))) + && (!TEST_ptr(header_nonce) + || !TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce, ctx_nonce)))) return 0; return 1; @@ -451,8 +450,8 @@ fixture->expected = 1; if (!TEST_int_eq(1, RAND_bytes(ref, sizeof(ref))) - || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, - ref, sizeof(ref)))) { + || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, + ref, sizeof(ref)))) { tear_down(fixture); fixture = NULL; } @@ -467,9 +466,9 @@ SETUP_TEST_FIXTURE(CMP_HDR_TEST_FIXTURE, set_up); fixture->expected = 1; if (!TEST_ptr(subject = X509_NAME_new()) - || !TEST_true(X509_NAME_ADD(subject, "CN", "Common Name")) - || !TEST_true(OSSL_CMP_CTX_set1_subjectName(fixture->cmp_ctx, - subject))) { + || !TEST_true(X509_NAME_ADD(subject, "CN", "Common Name")) + || !TEST_true(OSSL_CMP_CTX_set1_subjectName(fixture->cmp_ctx, + subject))) { tear_down(fixture); fixture = NULL; } @@ -478,7 +477,6 @@ return result; } - void cleanup_tests(void) { return; --- crypto/openssl/test/cmp_msg_test.c.orig +++ crypto/openssl/test/cmp_msg_test.c @@ -54,9 +54,9 @@ fixture->test_case_name = test_case_name; if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL)) - || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1)) - || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, - ref, sizeof(ref)))) { + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1)) + || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, + ref, sizeof(ref)))) { tear_down(fixture); return NULL; } @@ -66,16 +66,14 @@ static EVP_PKEY *newkey = NULL; static X509 *cert = NULL; -#define EXECUTE_MSG_CREATION_TEST(expr) \ - do { \ - OSSL_CMP_MSG *msg = NULL; \ - int good = fixture->expected != 0 ? \ - TEST_ptr(msg = (expr)) && TEST_true(valid_asn1_encoding(msg)) : \ - TEST_ptr_null(msg = (expr)); \ - \ - OSSL_CMP_MSG_free(msg); \ - ERR_print_errors_fp(stderr); \ - return good; \ +#define EXECUTE_MSG_CREATION_TEST(expr) \ + do { \ + OSSL_CMP_MSG *msg = NULL; \ + int good = fixture->expected != 0 ? TEST_ptr(msg = (expr)) && TEST_true(valid_asn1_encoding(msg)) : TEST_ptr_null(msg = (expr)); \ + \ + OSSL_CMP_MSG_free(msg); \ + ERR_print_errors_fp(stderr); \ + return good; \ } while (0) /*- @@ -88,15 +86,15 @@ static int execute_certreq_create_test(CMP_MSG_TEST_FIXTURE *fixture) { EXECUTE_MSG_CREATION_TEST(ossl_cmp_certreq_new(fixture->cmp_ctx, - fixture->bodytype, - NULL)); + fixture->bodytype, + NULL)); } static int execute_errormsg_create_test(CMP_MSG_TEST_FIXTURE *fixture) { EXECUTE_MSG_CREATION_TEST(ossl_cmp_error_new(fixture->cmp_ctx, fixture->si, - fixture->err_code, - "details", 0)); + fixture->err_code, + "details", 0)); } static int execute_rr_create_test(CMP_MSG_TEST_FIXTURE *fixture) @@ -106,9 +104,8 @@ static int execute_certconf_create_test(CMP_MSG_TEST_FIXTURE *fixture) { - EXECUTE_MSG_CREATION_TEST(ossl_cmp_certConf_new - (fixture->cmp_ctx, OSSL_CMP_CERTREQID, - fixture->fail_info, NULL)); + EXECUTE_MSG_CREATION_TEST(ossl_cmp_certConf_new(fixture->cmp_ctx, OSSL_CMP_CERTREQID, + fixture->fail_info, NULL)); } static int execute_genm_create_test(CMP_MSG_TEST_FIXTURE *fixture) @@ -123,8 +120,7 @@ static int execute_pkimessage_create_test(CMP_MSG_TEST_FIXTURE *fixture) { - EXECUTE_MSG_CREATION_TEST(ossl_cmp_msg_create - (fixture->cmp_ctx, fixture->bodytype)); + EXECUTE_MSG_CREATION_TEST(ossl_cmp_msg_create(fixture->cmp_ctx, fixture->bodytype)); } static int set1_newPkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey) @@ -151,10 +147,10 @@ fixture->err_code = -1; fixture->expected = 1; if (!TEST_int_eq(1, RAND_bytes_ex(libctx, secret, sizeof(secret), 0)) - || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) - || !TEST_true(set1_newPkey(ctx, newkey)) - || !TEST_true(OSSL_CMP_CTX_set1_secretValue(ctx, secret, - sizeof(secret)))) { + || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) + || !TEST_true(set1_newPkey(ctx, newkey)) + || !TEST_true(OSSL_CMP_CTX_set1_secretValue(ctx, secret, + sizeof(secret)))) { tear_down(fixture); fixture = NULL; } @@ -169,9 +165,9 @@ fixture->err_code = -1; fixture->expected = 0; if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, newkey)) - || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) - /* newkey used by default for signing does not match cert: */ - || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) + /* newkey used by default for signing does not match cert: */ + || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { tear_down(fixture); fixture = NULL; } @@ -228,8 +224,8 @@ fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ; fixture->expected = 1; if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f, libctx)) - || !TEST_true(set1_newPkey(ctx, newkey)) - || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) { + || !TEST_true(set1_newPkey(ctx, newkey)) + || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) { tear_down(fixture); fixture = NULL; } @@ -259,7 +255,7 @@ fixture->err_code = -1; fixture->expected = 1; if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey)) - || !TEST_true(OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, cert))) { + || !TEST_true(OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, cert))) { tear_down(fixture); fixture = NULL; } @@ -287,7 +283,7 @@ fixture->fail_info = 0; fixture->expected = 1; if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, - X509_dup(cert)))) { + X509_dup(cert)))) { tear_down(fixture); fixture = NULL; } @@ -301,7 +297,7 @@ fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg; fixture->expected = 1; if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, - X509_dup(cert)))) { + X509_dup(cert)))) { tear_down(fixture); fixture = NULL; } @@ -315,7 +311,7 @@ fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX; fixture->expected = 1; if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx, - X509_dup(cert)))) { + X509_dup(cert)))) { tear_down(fixture); fixture = NULL; } @@ -327,8 +323,8 @@ { SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); fixture->si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, - OSSL_CMP_PKIFAILUREINFO_systemFailure, - NULL); + OSSL_CMP_PKIFAILUREINFO_systemFailure, + NULL); fixture->err_code = -1; fixture->expected = 1; /* expected: message creation is successful */ if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) { @@ -339,7 +335,6 @@ return result; } - static int test_cmp_create_pollreq(void) { SETUP_TEST_FIXTURE(CMP_MSG_TEST_FIXTURE, set_up); @@ -368,7 +363,7 @@ fixture->expected = 1; iv = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm), NULL); if (!TEST_ptr(iv) - || !TEST_true(OSSL_CMP_CTX_push0_genm_ITAV(fixture->cmp_ctx, iv))) { + || !TEST_true(OSSL_CMP_CTX_push0_genm_ITAV(fixture->cmp_ctx, iv))) { OSSL_CMP_ITAV_free(iv); tear_down(fixture); fixture = NULL; @@ -392,11 +387,9 @@ goto err; if ((cresp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) == NULL) goto err; - cresp->certifiedKeyPair->certOrEncCert->type = - OSSL_CMP_CERTORENCCERT_CERTIFICATE; - if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate = - X509_dup(cert)) == NULL - || !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp)) + cresp->certifiedKeyPair->certOrEncCert->type = OSSL_CMP_CERTORENCCERT_CERTIFICATE; + if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate = X509_dup(cert)) == NULL + || !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp)) goto err; cresp = NULL; read_cresp = ossl_cmp_certrepmessage_get0_certresponse(crepmsg, 99); @@ -409,7 +402,7 @@ goto err; res = 1; - err: +err: X509_free(certfromresp); OSSL_CMP_CERTRESPONSE_free(cresp); OSSL_CMP_CERTREPMESSAGE_free(crepmsg); @@ -423,7 +416,6 @@ return result; } - static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture) { OSSL_CMP_PKISI *si = OSSL_CMP_STATUSINFO_new(33, 44, "a text"); @@ -437,10 +429,10 @@ goto err; if (!X509_NAME_add_entry_by_txt(issuer, "CN", MBSTRING_ASC, - (unsigned char *)"The Issuer", -1, -1, 0) - || !ASN1_INTEGER_set(serial, 99) - || (cid = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL - || (rpmsg = ossl_cmp_rp_new(fixture->cmp_ctx, si, cid, 1)) == NULL) + (unsigned char *)"The Issuer", -1, -1, 0) + || !ASN1_INTEGER_set(serial, 99) + || (cid = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL + || (rpmsg = ossl_cmp_rp_new(fixture->cmp_ctx, si, cid, 1)) == NULL) goto err; if (!TEST_ptr(ossl_cmp_revrepcontent_get_CertId(rpmsg->body->value.rp, 0))) @@ -450,7 +442,7 @@ goto err; res = 1; - err: +err: ASN1_INTEGER_free(serial); X509_NAME_free(issuer); OSSL_CRMF_CERTID_free(cid); @@ -474,15 +466,13 @@ pollrep = ossl_cmp_pollRep_new(fixture->cmp_ctx, 77, 2000); if (!TEST_ptr(pollrep)) return 0; - if (!TEST_ptr(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body-> - value.pollRep, 77))) + if (!TEST_ptr(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body->value.pollRep, 77))) goto err; - if (!TEST_ptr_null(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body-> - value.pollRep, 88))) + if (!TEST_ptr_null(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body->value.pollRep, 88))) goto err; res = 1; - err: +err: OSSL_CMP_MSG_free(pollrep); return res; } @@ -556,8 +546,8 @@ } if (!TEST_ptr(newkey_f = test_get_argument(0)) - || !TEST_ptr(server_cert_f = test_get_argument(1)) - || !TEST_ptr(pkcs10_f = test_get_argument(2))) { + || !TEST_ptr(server_cert_f = test_get_argument(1)) + || !TEST_ptr(pkcs10_f = test_get_argument(2))) { TEST_error("usage: cmp_msg_test %s", USAGE); return 0; } @@ -566,8 +556,8 @@ return 0; if (!TEST_ptr(newkey = load_pkey_pem(newkey_f, libctx)) - || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx)) - || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { + || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx)) + || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { cleanup_tests(); return 0; } @@ -593,6 +583,6 @@ ADD_TEST(test_cmp_create_certrep); ADD_TEST(test_cmp_create_pollrep); ADD_ALL_TESTS_NOSUBTEST(test_cmp_pkimessage_create, - OSSL_CMP_PKIBODY_POLLREP + 1); + OSSL_CMP_PKIBODY_POLLREP + 1); return 1; } --- crypto/openssl/test/cmp_protect_test.c.orig +++ crypto/openssl/test/cmp_protect_test.c @@ -71,12 +71,11 @@ static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; static OSSL_CMP_MSG *ir_unprotected, *ir_protected; static X509 *endentity1 = NULL, *endentity2 = NULL, - *root = NULL, *intermediate = NULL; + *root = NULL, *intermediate = NULL; static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture) { - ASN1_BIT_STRING *protection = - ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); + ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); int res = TEST_ptr_null(protection); ASN1_BIT_STRING_free(protection); @@ -85,11 +84,11 @@ static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture) { - ASN1_BIT_STRING *protection = - ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); + ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); int res = TEST_ptr(protection) - && TEST_true(ASN1_STRING_cmp(protection, - fixture->msg->protection) == 0); + && TEST_true(ASN1_STRING_cmp(protection, + fixture->msg->protection) + == 0); ASN1_BIT_STRING_free(protection); return res; @@ -100,8 +99,8 @@ * but without the need for a OSSL_CMP_CTX or a X509 certificate */ static int verify_signature(OSSL_CMP_MSG *msg, - ASN1_BIT_STRING *protection, - EVP_PKEY *pkey, EVP_MD *digest) + ASN1_BIT_STRING *protection, + EVP_PKEY *pkey, EVP_MD *digest) { OSSL_CMP_PROTECTEDPART prot_part; unsigned char *prot_part_der = NULL; @@ -112,13 +111,13 @@ prot_part.header = OSSL_CMP_MSG_get0_header(msg); prot_part.body = msg->body; len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); - res = - TEST_int_ge(len, 0) + res = TEST_int_ge(len, 0) && TEST_ptr(ctx = EVP_MD_CTX_new()) && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey)) && TEST_int_eq(EVP_DigestVerify(ctx, protection->data, - protection->length, - prot_part_der, len), 1); + protection->length, + prot_part_der, len), + 1); /* cleanup */ EVP_MD_CTX_free(ctx); OPENSSL_free(prot_part_der); @@ -127,16 +126,16 @@ /* Calls OSSL_CMP_calc_protection and compares and verifies signature */ static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * - fixture) + fixture) { - ASN1_BIT_STRING *protection = - ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); + ASN1_BIT_STRING *protection = ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg); int ret = (TEST_ptr(protection) - && TEST_true(ASN1_STRING_cmp(protection, - fixture->msg->protection) == 0) - && TEST_true(verify_signature(fixture->msg, protection, - fixture->pubkey, - fixture->cmp_ctx->digest))); + && TEST_true(ASN1_STRING_cmp(protection, + fixture->msg->protection) + == 0) + && TEST_true(verify_signature(fixture->msg, protection, + fixture->pubkey, + fixture->cmp_ctx->digest))); ASN1_BIT_STRING_free(protection); return ret; @@ -146,8 +145,7 @@ { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) - || !TEST_ptr(fixture->msg->header->protectionAlg = - X509_ALGOR_new() /* no specific alg needed here */)) { + || !TEST_ptr(fixture->msg->header->protectionAlg = X509_ALGOR_new() /* no specific alg needed here */)) { tear_down(fixture); fixture = NULL; } @@ -161,7 +159,7 @@ SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->pubkey = loadedpubkey; if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -175,8 +173,8 @@ SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, - sec_insta, sizeof(sec_insta))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { + sec_insta, sizeof(sec_insta))) + || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -186,7 +184,7 @@ static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture) { return TEST_int_eq(fixture->expected, - ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); + ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg)); } #define SET_OPT_UNPROTECTED_SEND(ctx, val) \ @@ -197,7 +195,7 @@ fixture->expected = 1; if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) - || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) { tear_down(fixture); fixture = NULL; } @@ -213,16 +211,16 @@ fixture->expected = 1; if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) - || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) - /* - * Use half of the 16 bytes of random input - * for each reference and secret value - */ - || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, - rand_data, size)) - || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, - rand_data + size, - size))) { + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) + /* + * Use half of the 16 bytes of random input + * for each reference and secret value + */ + || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, + rand_data, size)) + || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, + rand_data + size, + size))) { tear_down(fixture); fixture = NULL; } @@ -235,11 +233,10 @@ SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = - OSSL_CMP_MSG_dup(ir_unprotected)) - || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) - || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) - || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { + if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)) + || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey)) + || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) { tear_down(fixture); fixture = NULL; } @@ -254,10 +251,9 @@ SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); ctx = fixture->cmp_ctx; fixture->expected = 0; - if (!TEST_ptr(fixture->msg = - OSSL_CMP_MSG_dup(ir_unprotected)) - || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) - || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { + if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) + || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0)) + || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) { tear_down(fixture); fixture = NULL; } @@ -271,7 +267,7 @@ SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->expected = 0; if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) - || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { + || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) { tear_down(fixture); fixture = NULL; } @@ -287,13 +283,13 @@ SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->expected = with_ref; if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected)) - || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) - || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) - || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, - secret, sizeof(secret)) - || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, - with_ref ? ref : NULL, - sizeof(ref)))) { + || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0) + || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL) + || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, + secret, sizeof(secret)) + || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, + with_ref ? ref : NULL, + sizeof(ref)))) { tear_down(fixture); fixture = NULL; } @@ -314,7 +310,7 @@ static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture) { return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx, - fixture->msg)); + fixture->msg)); } static int test_MSG_add_extraCerts(void) @@ -335,9 +331,8 @@ int ret = 0; OSSL_CMP_CTX *ctx = fixture->cmp_ctx; X509_STORE *store; - STACK_OF(X509) *chain = - X509_build_chain(fixture->cert, fixture->certs, NULL, - fixture->with_ss, ctx->libctx, ctx->propq); + STACK_OF(X509) *chain = X509_build_chain(fixture->cert, fixture->certs, NULL, + fixture->with_ss, ctx->libctx, ctx->propq); if (TEST_ptr(chain)) { /* Check whether chain built is equal to the expected one */ @@ -348,11 +343,11 @@ return 0; if (TEST_ptr(store = X509_STORE_new()) - && TEST_true(X509_STORE_add_cert(store, root))) { + && TEST_true(X509_STORE_add_cert(store, root))) { X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), - X509_V_FLAG_NO_CHECK_TIME); + X509_V_FLAG_NO_CHECK_TIME); chain = X509_build_chain(fixture->cert, fixture->certs, store, - fixture->with_ss, ctx->libctx, ctx->propq); + fixture->with_ss, ctx->libctx, ctx->propq); ret = TEST_int_eq(fixture->expected, chain != NULL); if (ret && chain != NULL) { /* Check whether chain built is equal to the expected one */ @@ -371,12 +366,12 @@ fixture->with_ss = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) - || !TEST_ptr(fixture->chain = sk_X509_new_null()) - || !TEST_true(sk_X509_push(fixture->certs, endentity1)) - || !TEST_true(sk_X509_push(fixture->certs, root)) - || !TEST_true(sk_X509_push(fixture->certs, intermediate)) - || !TEST_true(sk_X509_push(fixture->chain, endentity2)) - || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->certs, endentity1)) + || !TEST_true(sk_X509_push(fixture->certs, root)) + || !TEST_true(sk_X509_push(fixture->certs, intermediate)) + || !TEST_true(sk_X509_push(fixture->chain, endentity2)) + || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { tear_down(fixture); fixture = NULL; } @@ -397,10 +392,10 @@ fixture->with_ss = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) - || !TEST_ptr(fixture->chain = sk_X509_new_null()) - || !TEST_true(sk_X509_push(fixture->certs, endentity1)) - || !TEST_true(sk_X509_push(fixture->certs, root)) - || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->certs, endentity1)) + || !TEST_true(sk_X509_push(fixture->certs, root)) + || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { tear_down(fixture); fixture = NULL; } @@ -415,11 +410,11 @@ fixture->with_ss = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) - || !TEST_ptr(fixture->chain = sk_X509_new_null()) - || !TEST_true(sk_X509_push(fixture->certs, endentity1)) - || !TEST_true(sk_X509_push(fixture->certs, intermediate)) - || !TEST_true(sk_X509_push(fixture->chain, endentity2)) - || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->certs, endentity1)) + || !TEST_true(sk_X509_push(fixture->certs, intermediate)) + || !TEST_true(sk_X509_push(fixture->chain, endentity2)) + || !TEST_true(sk_X509_push(fixture->chain, intermediate))) { tear_down(fixture); fixture = NULL; } @@ -434,9 +429,9 @@ fixture->with_ss = 0; /* still chain must include the only cert (root) */ fixture->cert = root; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) - || !TEST_ptr(fixture->chain = sk_X509_new_null()) - || !TEST_true(sk_X509_push(fixture->certs, root)) - || !TEST_true(sk_X509_push(fixture->chain, root))) { + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->certs, root)) + || !TEST_true(sk_X509_push(fixture->chain, root))) { tear_down(fixture); fixture = NULL; } @@ -451,8 +446,8 @@ fixture->with_ss = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) - || !TEST_ptr(fixture->chain = sk_X509_new_null()) - || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->chain, endentity2))) { tear_down(fixture); fixture = NULL; } @@ -468,18 +463,17 @@ int res = 0; if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store, - fixture->certs, - fixture->callback_arg))) + fixture->certs, + fixture->callback_arg))) goto err; sk = X509_STORE_get1_all_certs(store); if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain))) goto err; res = 1; - err: +err: X509_STORE_free(store); sk_X509_pop_free(sk, X509_free); return res; - } static int test_X509_STORE(void) @@ -487,11 +481,11 @@ SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->callback_arg = 0; /* self-issued allowed */ if (!TEST_ptr(fixture->certs = sk_X509_new_null()) - || !sk_X509_push(fixture->certs, endentity1) - || !sk_X509_push(fixture->certs, endentity2) - || !sk_X509_push(fixture->certs, root) - || !sk_X509_push(fixture->certs, intermediate) - || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { + || !sk_X509_push(fixture->certs, endentity1) + || !sk_X509_push(fixture->certs, endentity2) + || !sk_X509_push(fixture->certs, root) + || !sk_X509_push(fixture->certs, intermediate) + || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) { tear_down(fixture); fixture = NULL; } @@ -506,10 +500,10 @@ fixture->chain = sk_X509_new_null(); fixture->callback_arg = 1; /* only self-issued */ if (!TEST_true(sk_X509_push(fixture->certs, endentity1)) - || !TEST_true(sk_X509_push(fixture->certs, endentity2)) - || !TEST_true(sk_X509_push(fixture->certs, root)) - || !TEST_true(sk_X509_push(fixture->certs, intermediate)) - || !TEST_true(sk_X509_push(fixture->chain, root))) { + || !TEST_true(sk_X509_push(fixture->certs, endentity2)) + || !TEST_true(sk_X509_push(fixture->certs, root)) + || !TEST_true(sk_X509_push(fixture->certs, intermediate)) + || !TEST_true(sk_X509_push(fixture->chain, root))) { tear_down(fixture); fixture = NULL; } @@ -517,7 +511,6 @@ return result; } - void cleanup_tests(void) { EVP_PKEY_free(loadedprivkey); @@ -535,9 +528,9 @@ OSSL_LIB_CTX_free(libctx); } -#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \ - "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ - "Intermediate_CA.crt module_name [module_conf_file]\n" +#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \ + "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \ + "Intermediate_CA.crt module_name [module_conf_file]\n" OPT_TEST_DECLARE_USAGE(USAGE) int setup_tests(void) @@ -557,15 +550,15 @@ RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); if (!TEST_ptr(server_f = test_get_argument(0)) - || !TEST_ptr(ir_protected_f = test_get_argument(1)) - || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) - || !TEST_ptr(ip_PBM_f = test_get_argument(3)) - || !TEST_ptr(server_cert_f = test_get_argument(4)) - || !TEST_ptr(server_key_f = test_get_argument(5)) - || !TEST_ptr(endentity1_f = test_get_argument(6)) - || !TEST_ptr(endentity2_f = test_get_argument(7)) - || !TEST_ptr(root_f = test_get_argument(8)) - || !TEST_ptr(intermediate_f = test_get_argument(9))) { + || !TEST_ptr(ir_protected_f = test_get_argument(1)) + || !TEST_ptr(ir_unprotected_f = test_get_argument(2)) + || !TEST_ptr(ip_PBM_f = test_get_argument(3)) + || !TEST_ptr(server_cert_f = test_get_argument(4)) + || !TEST_ptr(server_key_f = test_get_argument(5)) + || !TEST_ptr(endentity1_f = test_get_argument(6)) + || !TEST_ptr(endentity2_f = test_get_argument(7)) + || !TEST_ptr(root_f = test_get_argument(8)) + || !TEST_ptr(intermediate_f = test_get_argument(9))) { TEST_error("usage: cmp_protect_test %s", USAGE); return 0; } @@ -574,7 +567,7 @@ return 0; if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx)) - || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) + || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) return 0; if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx))) @@ -582,12 +575,12 @@ if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) loadedpubkey = loadedprivkey; if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) - || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) + || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) return 0; if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) - || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) - || !TEST_ptr(root = load_cert_pem(root_f, libctx)) - || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) + || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) + || !TEST_ptr(root = load_cert_pem(root_f, libctx)) + || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) return 0; if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) return 0; --- crypto/openssl/test/cmp_server_test.c.orig +++ crypto/openssl/test/cmp_server_test.c @@ -39,7 +39,7 @@ goto err; return fixture; - err: +err: tear_down(fixture); return NULL; } @@ -47,13 +47,13 @@ static int dummy_errorCode = CMP_R_MULTIPLE_SAN_SOURCES; /* any reason code */ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *cert_req, - int certReqId, - const OSSL_CRMF_MSG *crm, - const X509_REQ *p10cr, - X509 **certOut, - STACK_OF(X509) **chainOut, - STACK_OF(X509) **caPubs) + const OSSL_CMP_MSG *cert_req, + int certReqId, + const OSSL_CRMF_MSG *crm, + const X509_REQ *p10cr, + X509 **certOut, + STACK_OF(X509) **chainOut, + STACK_OF(X509) **caPubs) { ERR_raise(ERR_LIB_CMP, dummy_errorCode); return NULL; @@ -70,40 +70,40 @@ int res = 0; if (!TEST_ptr(client_ctx = OSSL_CMP_CTX_new(libctx, NULL)) - || !TEST_true(OSSL_CMP_CTX_set_transfer_cb_arg(client_ctx, ctx))) + || !TEST_true(OSSL_CMP_CTX_set_transfer_cb_arg(client_ctx, ctx))) goto end; if (!TEST_true(OSSL_CMP_SRV_CTX_init(ctx, dummy_custom_ctx, - process_cert_request, NULL, NULL, - NULL, NULL, NULL)) + process_cert_request, NULL, NULL, + NULL, NULL, NULL)) || !TEST_ptr(custom_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(ctx)) || !TEST_int_eq(strcmp(custom_ctx, dummy_custom_ctx), 0)) goto end; if (!TEST_true(OSSL_CMP_SRV_CTX_set_send_unprotected_errors(ctx, 0)) - || !TEST_true(OSSL_CMP_SRV_CTX_set_accept_unprotected(ctx, 0)) - || !TEST_true(OSSL_CMP_SRV_CTX_set_accept_raverified(ctx, 1)) - || !TEST_true(OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(ctx, 1))) + || !TEST_true(OSSL_CMP_SRV_CTX_set_accept_unprotected(ctx, 0)) + || !TEST_true(OSSL_CMP_SRV_CTX_set_accept_raverified(ctx, 1)) + || !TEST_true(OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(ctx, 1))) goto end; if (!TEST_ptr(cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(ctx)) - || !OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, - (unsigned char *)"server", 6) - || !OSSL_CMP_CTX_set1_secretValue(cmp_ctx, - (unsigned char *)"1234", 4)) + || !OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, + (unsigned char *)"server", 6) + || !OSSL_CMP_CTX_set1_secretValue(cmp_ctx, + (unsigned char *)"1234", 4)) goto end; if (!TEST_ptr(rsp = OSSL_CMP_CTX_server_perform(client_ctx, fixture->req)) - || !TEST_int_eq(OSSL_CMP_MSG_get_bodytype(rsp), - OSSL_CMP_PKIBODY_ERROR) - || !TEST_ptr(errorContent = rsp->body->value.error) - || !TEST_int_eq(ASN1_INTEGER_get(errorContent->errorCode), - ERR_PACK(ERR_LIB_CMP, 0, dummy_errorCode))) + || !TEST_int_eq(OSSL_CMP_MSG_get_bodytype(rsp), + OSSL_CMP_PKIBODY_ERROR) + || !TEST_ptr(errorContent = rsp->body->value.error) + || !TEST_int_eq(ASN1_INTEGER_get(errorContent->errorCode), + ERR_PACK(ERR_LIB_CMP, 0, dummy_errorCode))) goto end; res = 1; - end: +end: OSSL_CMP_MSG_free(rsp); OSSL_CMP_CTX_free(client_ctx); return res; --- crypto/openssl/test/cmp_status_test.c.orig +++ crypto/openssl/test/cmp_status_test.c @@ -14,7 +14,7 @@ typedef struct test_fixture { const char *test_case_name; int pkistatus; - const char *str; /* Not freed by tear_down */ + const char *str; /* Not freed by tear_down */ const char *text; /* Not freed by tear_down */ int pkifailure; } CMP_STATUS_TEST_FIXTURE; @@ -34,7 +34,6 @@ OPENSSL_free(fixture); } - /* * Tests PKIStatusInfo creation and get-functions */ @@ -46,33 +45,32 @@ int res = 0, i; if (!TEST_ptr(si = OSSL_CMP_STATUSINFO_new(fixture->pkistatus, - fixture->pkifailure, - fixture->text))) + fixture->pkifailure, + fixture->text))) goto end; status = ossl_cmp_pkisi_get_status(si); if (!TEST_int_eq(fixture->pkistatus, status) - || !TEST_str_eq(fixture->str, ossl_cmp_PKIStatus_to_string(status))) + || !TEST_str_eq(fixture->str, ossl_cmp_PKIStatus_to_string(status))) goto end; - if (!TEST_ptr(statusString = - sk_ASN1_UTF8STRING_value(ossl_cmp_pkisi_get0_statusString(si), - 0)) - || !TEST_mem_eq(fixture->text, strlen(fixture->text), - (char *)statusString->data, statusString->length)) + if (!TEST_ptr(statusString = sk_ASN1_UTF8STRING_value(ossl_cmp_pkisi_get0_statusString(si), + 0)) + || !TEST_mem_eq(fixture->text, strlen(fixture->text), + (char *)statusString->data, statusString->length)) goto end; if (!TEST_int_eq(fixture->pkifailure, - ossl_cmp_pkisi_get_pkifailureinfo(si))) + ossl_cmp_pkisi_get_pkifailureinfo(si))) goto end; for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) if (!TEST_int_eq((fixture->pkifailure >> i) & 1, - ossl_cmp_pkisi_check_pkifailureinfo(si, i))) + ossl_cmp_pkisi_check_pkifailureinfo(si, i))) goto end; res = 1; - end: +end: OSSL_CMP_PKISI_free(si); return res; } @@ -83,14 +81,11 @@ fixture->pkistatus = OSSL_CMP_PKISTATUS_revocationNotification; fixture->str = "PKIStatus: revocation notification - a revocation of the cert has occurred"; fixture->text = "this is an additional text describing the failure"; - fixture->pkifailure = OSSL_CMP_CTX_FAILINFO_unsupportedVersion | - OSSL_CMP_CTX_FAILINFO_badDataFormat; + fixture->pkifailure = OSSL_CMP_CTX_FAILINFO_unsupportedVersion | OSSL_CMP_CTX_FAILINFO_badDataFormat; EXECUTE_TEST(execute_PKISI_test, tear_down); return result; } - - void cleanup_tests(void) { return; --- crypto/openssl/test/cmp_vfy_test.c.orig +++ crypto/openssl/test/cmp_vfy_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -60,9 +60,9 @@ ts = X509_STORE_new(); fixture->test_case_name = test_case_name; if (ts == NULL - || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL)) - || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts) - || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) { + || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL)) + || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts) + || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) { tear_down(fixture); X509_STORE_free(ts); return NULL; @@ -76,7 +76,7 @@ static X509 *clcert = NULL; /* chain */ static X509 *endentity1 = NULL, *endentity2 = NULL, - *intermediate = NULL, *root = NULL; + *intermediate = NULL, *root = NULL; /* INSTA chain */ static X509 *insta_cert = NULL, *instaca_cert = NULL; @@ -108,8 +108,8 @@ return 0; } return TEST_int_eq(fixture->expected, - ossl_cmp_verify_popo(fixture->cmp_ctx, fixture->msg, - fixture->additional_arg)); + ossl_cmp_verify_popo(fixture->cmp_ctx, fixture->msg, + fixture->additional_arg)); } static int test_verify_popo(void) @@ -133,16 +133,16 @@ static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture) { return TEST_int_eq(fixture->expected, - ossl_cmp_msg_check_update(fixture->cmp_ctx, fixture->msg, - NULL, 0)); + ossl_cmp_msg_check_update(fixture->cmp_ctx, fixture->msg, + NULL, 0)); } static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture) { X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx); int res = TEST_int_eq(fixture->expected, - OSSL_CMP_validate_cert_path(fixture->cmp_ctx, - ts, fixture->cert)); + OSSL_CMP_validate_cert_path(fixture->cmp_ctx, + ts, fixture->cert)); OSSL_CMP_CTX_print_errors(fixture->cmp_ctx); return res; @@ -154,9 +154,9 @@ fixture->expected = !miss && !wrong; if (!TEST_true(miss ? OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, NULL) - : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, - wrong ? 4 : sizeof(sec_1))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { + : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, + wrong ? 4 : sizeof(sec_1))) + || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -191,8 +191,8 @@ fixture->expected = 0; if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad, - sizeof(sec_bad))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { + sizeof(sec_bad))) + || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -209,7 +209,7 @@ static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert) { return X509_add_cert(OSSL_CMP_CTX_get0_untrusted(ctx), cert, - X509_ADD_FLAG_UP_REF); + X509_ADD_FLAG_UP_REF); } static int test_validate_msg_signature_partial_chain(int expired) @@ -221,8 +221,8 @@ ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx); fixture->expected = !expired; if (ts == NULL - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) - || !add_trusted(fixture->cmp_ctx, srvcert)) { + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) + || !add_trusted(fixture->cmp_ctx, srvcert)) { tear_down(fixture); fixture = NULL; } else { @@ -254,9 +254,9 @@ fixture->expected = !bad_sig && !wrong && !miss; if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(miss ? OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, - sec_1, sizeof(sec_1)) - : OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, - wrong? clcert : srvcert)) + sec_1, sizeof(sec_1)) + : OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, + wrong ? clcert : srvcert)) || (bad_sig && !flip_bit(fixture->msg->protection))) { tear_down(fixture); fixture = NULL; @@ -292,8 +292,8 @@ SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) - || !add_trusted(fixture->cmp_ctx, instaca_cert) - || !add_untrusted(fixture->cmp_ctx, insta_cert)) { + || !add_trusted(fixture->cmp_ctx, instaca_cert) + || !add_untrusted(fixture->cmp_ctx, insta_cert)) { tear_down(fixture); fixture = NULL; } @@ -306,8 +306,8 @@ SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) - || !add_trusted(fixture->cmp_ctx, instaca_cert) - || !add_trusted(fixture->cmp_ctx, insta_cert)) { + || !add_trusted(fixture->cmp_ctx, instaca_cert) + || !add_trusted(fixture->cmp_ctx, insta_cert)) { tear_down(fixture); fixture = NULL; } @@ -320,7 +320,7 @@ SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx)) - || !add_trusted(fixture->cmp_ctx, instaca_cert)) { + || !add_trusted(fixture->cmp_ctx, instaca_cert)) { tear_down(fixture); fixture = NULL; } @@ -328,7 +328,6 @@ return result; } - #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_signature_sender_cert_absent(void) { @@ -391,8 +390,8 @@ X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration); } if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong) - || !add_untrusted((*fixture)->cmp_ctx, endentity1) - || !add_untrusted((*fixture)->cmp_ctx, intermediate)) { + || !add_untrusted((*fixture)->cmp_ctx, endentity1) + || !add_untrusted((*fixture)->cmp_ctx, intermediate)) { tear_down((*fixture)); (*fixture) = NULL; } @@ -428,33 +427,32 @@ const ASN1_OCTET_STRING *tid = OSSL_CMP_HDR_get0_transactionID(hdr); if (!TEST_int_eq(fixture->expected, - ossl_cmp_msg_check_update(fixture->cmp_ctx, - fixture->msg, - fixture->allow_unprotected_cb, - fixture->additional_arg))) + ossl_cmp_msg_check_update(fixture->cmp_ctx, + fixture->msg, + fixture->allow_unprotected_cb, + fixture->additional_arg))) return 0; - if (fixture->expected == 0) /* error expected aready during above check */ + if (fixture->expected == 0) /* error expected already during above check */ return 1; - return - TEST_int_eq(0, - ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr), - fixture->cmp_ctx->recipNonce)) + return TEST_int_eq(0, + ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr), + fixture->cmp_ctx->recipNonce)) && TEST_int_eq(0, - ASN1_OCTET_STRING_cmp(tid, - fixture->cmp_ctx->transactionID)); + ASN1_OCTET_STRING_cmp(tid, + fixture->cmp_ctx->transactionID)); } static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - int invalid_protection, int allow) + int invalid_protection, int allow) { return allow; } static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected, - ossl_cmp_allow_unprotected_cb_t cb, int arg, - const unsigned char *trid_data, - const unsigned char *nonce_data) + ossl_cmp_allow_unprotected_cb_t cb, int arg, + const unsigned char *trid_data, + const unsigned char *nonce_data) { OSSL_CMP_CTX *ctx = (*fixture)->cmp_ctx; int nonce_len = OSSL_CMP_SENDERNONCE_LENGTH; @@ -466,14 +464,14 @@ if ((*fixture)->msg == NULL || (nonce_data != NULL && !ossl_cmp_asn1_octet_string_set1_bytes(&ctx->senderNonce, - nonce_data, nonce_len))) { + nonce_data, nonce_len))) { tear_down((*fixture)); (*fixture) = NULL; } else if (trid_data != NULL) { ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new(); if (trid == NULL || !ASN1_OCTET_STRING_set(trid, trid_data, - OSSL_CMP_TRANSACTIONID_LENGTH) + OSSL_CMP_TRANSACTIONID_LENGTH) || !OSSL_CMP_CTX_set1_transactionID(ctx, trid)) { tear_down((*fixture)); (*fixture) = NULL; @@ -574,15 +572,14 @@ return; } - -#define USAGE "server.crt client.crt " \ - "EndEntity1.crt EndEntity2.crt " \ - "Root_CA.crt Intermediate_CA.crt " \ - "CMP_IR_protected.der CMP_IR_unprotected.der " \ - "IP_waitingStatus_PBM.der IR_rmprotection.der " \ - "insta.cert.pem insta_ca.cert.pem " \ - "IR_protected_0_extraCerts.der " \ - "IR_protected_2_extraCerts.der module_name [module_conf_file]\n" +#define USAGE "server.crt client.crt " \ + "EndEntity1.crt EndEntity2.crt " \ + "Root_CA.crt Intermediate_CA.crt " \ + "CMP_IR_protected.der CMP_IR_unprotected.der " \ + "IP_waitingStatus_PBM.der IR_rmprotection.der " \ + "insta.cert.pem insta_ca.cert.pem " \ + "IR_protected_0_extraCerts.der " \ + "IR_protected_2_extraCerts.der module_name [module_conf_file]\n" OPT_TEST_DECLARE_USAGE(USAGE) int setup_tests(void) @@ -590,11 +587,11 @@ /* Set test time stamps */ struct tm ts = { 0 }; - ts.tm_year = 2018 - 1900; /* 2018 */ - ts.tm_mon = 1; /* February */ - ts.tm_mday = 18; /* 18th */ + ts.tm_year = 2018 - 1900; /* 2018 */ + ts.tm_mon = 1; /* February */ + ts.tm_mday = 18; /* 18th */ test_time_valid = mktime(&ts); /* February 18th 2018 */ - ts.tm_year += 10; /* February 18th 2028 */ + ts.tm_year += 10; /* February 18th 2028 */ test_time_after_expiration = mktime(&ts); if (!test_skip_common_options()) { @@ -604,19 +601,19 @@ RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH); if (!TEST_ptr(server_f = test_get_argument(0)) - || !TEST_ptr(client_f = test_get_argument(1)) - || !TEST_ptr(endentity1_f = test_get_argument(2)) - || !TEST_ptr(endentity2_f = test_get_argument(3)) - || !TEST_ptr(root_f = test_get_argument(4)) - || !TEST_ptr(intermediate_f = test_get_argument(5)) - || !TEST_ptr(ir_protected_f = test_get_argument(6)) - || !TEST_ptr(ir_unprotected_f = test_get_argument(7)) - || !TEST_ptr(ip_waiting_f = test_get_argument(8)) - || !TEST_ptr(ir_rmprotection_f = test_get_argument(9)) - || !TEST_ptr(instacert_f = test_get_argument(10)) - || !TEST_ptr(instaca_f = test_get_argument(11)) - || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12)) - || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) { + || !TEST_ptr(client_f = test_get_argument(1)) + || !TEST_ptr(endentity1_f = test_get_argument(2)) + || !TEST_ptr(endentity2_f = test_get_argument(3)) + || !TEST_ptr(root_f = test_get_argument(4)) + || !TEST_ptr(intermediate_f = test_get_argument(5)) + || !TEST_ptr(ir_protected_f = test_get_argument(6)) + || !TEST_ptr(ir_unprotected_f = test_get_argument(7)) + || !TEST_ptr(ip_waiting_f = test_get_argument(8)) + || !TEST_ptr(ir_rmprotection_f = test_get_argument(9)) + || !TEST_ptr(instacert_f = test_get_argument(10)) + || !TEST_ptr(instaca_f = test_get_argument(11)) + || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12)) + || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) { TEST_error("usage: cmp_vfy_test %s", USAGE); return 0; } @@ -626,23 +623,23 @@ /* Load certificates for cert chain */ if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) - || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) - || !TEST_ptr(root = load_cert_pem(root_f, NULL)) - || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) + || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) + || !TEST_ptr(root = load_cert_pem(root_f, NULL)) + || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) goto err; if (!TEST_ptr(insta_cert = load_cert_pem(instacert_f, libctx)) - || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx))) + || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx))) goto err; /* Load certificates for message validation */ if (!TEST_ptr(srvcert = load_cert_pem(server_f, libctx)) - || !TEST_ptr(clcert = load_cert_pem(client_f, libctx))) + || !TEST_ptr(clcert = load_cert_pem(client_f, libctx))) goto err; if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) goto err; if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)) - || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx))) + || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx))) goto err; /* Message validation tests */ @@ -699,8 +696,7 @@ return 1; - err: +err: cleanup_tests(); return 0; - } --- crypto/openssl/test/cmsapitest.c.orig +++ crypto/openssl/test/cmsapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,16 +9,17 @@ #include +#include #include #include #include -#include #include "testutil.h" static X509 *cert = NULL; static EVP_PKEY *privkey = NULL; static char *derin = NULL; +static char *too_long_iv_cms_in = NULL; static int test_encrypt_decrypt(const EVP_CIPHER *cipher) { @@ -27,7 +28,7 @@ const char *msg = "Hello world"; BIO *msgbio = BIO_new_mem_buf(msg, strlen(msg)); BIO *outmsgbio = BIO_new(BIO_s_mem()); - CMS_ContentInfo* content = NULL; + CMS_ContentInfo *content = NULL; char buf[80]; if (!TEST_ptr(certstack) || !TEST_ptr(msgbio) || !TEST_ptr(outmsgbio)) @@ -41,16 +42,16 @@ goto end; if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, - CMS_TEXT))) + CMS_TEXT))) goto end; /* Check we got the message we first started with */ if (!TEST_int_eq(BIO_gets(outmsgbio, buf, sizeof(buf)), strlen(msg)) - || !TEST_int_eq(strcmp(buf, msg), 0)) + || !TEST_int_eq(strcmp(buf, msg), 0)) goto end; testresult = 1; - end: +end: sk_X509_free(certstack); BIO_free(msgbio); BIO_free(outmsgbio); @@ -281,9 +282,9 @@ }; ret = TEST_ptr(bio = BIO_new_mem_buf(cms_data, sizeof(cms_data))) - && TEST_ptr(cms = d2i_CMS_bio(bio, NULL)) - && TEST_true(CMS_verify(cms, NULL, NULL, NULL, NULL, - CMS_NO_SIGNER_CERT_VERIFY)); + && TEST_ptr(cms = d2i_CMS_bio(bio, NULL)) + && TEST_true(CMS_verify(cms, NULL, NULL, NULL, NULL, + CMS_NO_SIGNER_CERT_VERIFY)); CMS_ContentInfo_free(cms); BIO_free(bio); return ret && TEST_int_eq(ERR_peek_error(), 0); @@ -328,7 +329,7 @@ int ret = 0; if (!TEST_ptr(bio = BIO_new_file(derin, "r"))) - goto end; + goto end; switch (idx) { case 0: @@ -356,6 +357,133 @@ return ret; } +static int test_CMS_set1_key_mem_leak(void) +{ + CMS_ContentInfo *cms; + unsigned char key[32] = { 0 }; + int ret = 0; + + if (!TEST_ptr(cms = CMS_ContentInfo_new())) + return 0; + + if (!TEST_true(CMS_EncryptedData_set1_key(cms, EVP_aes_256_cbc(), + key, 32))) + goto end; + + if (!TEST_true(CMS_EncryptedData_set1_key(cms, EVP_aes_128_cbc(), + key, 16))) + goto end; + + ret = 1; +end: + CMS_ContentInfo_free(cms); + return ret; +} + +static int test_encrypted_data(void) +{ + const char *msg = "Hello world"; + BIO *msgbio = BIO_new_mem_buf(msg, (int)strlen(msg)); + uint8_t key[16] = { 0 }; + size_t keylen = 16; + CMS_ContentInfo *cms; + BIO *decryptbio = BIO_new(BIO_s_mem()); + char buf[80]; + int ret = 0; + + cms = CMS_EncryptedData_encrypt(msgbio, EVP_aes_128_cbc(), key, keylen, SMIME_BINARY); + if (!TEST_ptr(cms)) + goto end; + + if (!TEST_true(CMS_EncryptedData_decrypt(cms, key, keylen, NULL, decryptbio, SMIME_BINARY))) + goto end; + + /* Check we got the message we first started with */ + if (!TEST_int_eq(BIO_gets(decryptbio, buf, sizeof(buf)), (int)strlen(msg)) + || !TEST_int_eq(strcmp(buf, msg), 0)) + goto end; + + ret = 1; +end: + CMS_ContentInfo_free(cms); + BIO_free(msgbio); + BIO_free(decryptbio); + return ret; +} + +static int test_encrypted_data_aead(void) +{ + const char *msg = "Hello world"; + BIO *msgbio = BIO_new_mem_buf(msg, (int)strlen(msg)); + uint8_t key[16] = { 0 }; + size_t keylen = 16; + CMS_ContentInfo *cms; + BIO *decryptbio = BIO_new(BIO_s_mem()); + int ret = 0; + + cms = CMS_ContentInfo_new(); + if (!TEST_ptr(cms)) + goto end; + + /* + * AEAD algorithms are not supported by the CMS EncryptedData so setting + * the cipher to AES GCM 128 will result in a failure + */ + if (!TEST_false(CMS_EncryptedData_set1_key(cms, EVP_aes_128_gcm(), key, keylen))) + goto end; + + CMS_ContentInfo_free(cms); + cms = NULL; + + /* + * AEAD algorithms are not supported by the CMS EncryptedData so setting + * the cipher to AES GCM 128 will result in a failure + */ + cms = CMS_EncryptedData_encrypt(msgbio, EVP_aes_128_gcm(), key, keylen, SMIME_BINARY); + if (!TEST_ptr_null(cms)) + goto end; + + ret = 1; + +end: + CMS_ContentInfo_free(cms); + BIO_free(msgbio); + BIO_free(decryptbio); + return ret; +} + +static int test_cms_aesgcm_iv_too_long(void) +{ + int ret = 0; + BIO *cmsbio = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + unsigned long err = 0; + + if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r"))) + goto end; + + if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL))) + goto end; + + /* Must fail cleanly (no crash) */ + if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0))) + goto end; + err = ERR_peek_last_error(); + if (!TEST_ulong_ne(err, 0)) + goto end; + if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS)) + goto end; + if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR)) + goto end; + + ret = 1; +end: + CMS_ContentInfo_free(cms); + BIO_free(cmsbio); + BIO_free(out); + return ret; +} + OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n") int setup_tests(void) @@ -369,8 +497,9 @@ } if (!TEST_ptr(certin = test_get_argument(0)) - || !TEST_ptr(privkeyin = test_get_argument(1)) - || !TEST_ptr(derin = test_get_argument(2))) + || !TEST_ptr(privkeyin = test_get_argument(1)) + || !TEST_ptr(derin = test_get_argument(2)) + || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3))) return 0; certbio = BIO_new_file(certin, "r"); @@ -401,7 +530,11 @@ ADD_TEST(test_encrypt_decrypt_aes_192_gcm); ADD_TEST(test_encrypt_decrypt_aes_256_gcm); ADD_TEST(test_d2i_CMS_bio_NULL); + ADD_TEST(test_CMS_set1_key_mem_leak); + ADD_TEST(test_encrypted_data); + ADD_TEST(test_encrypted_data_aead); ADD_ALL_TESTS(test_d2i_CMS_decode, 2); + ADD_TEST(test_cms_aesgcm_iv_too_long); return 1; } --- crypto/openssl/test/conf_include_test.c.orig +++ crypto/openssl/test/conf_include_test.c @@ -14,26 +14,26 @@ #include "testutil.h" #ifdef _WIN32 -# include -# define DIRSEP "/\\" -# ifndef __BORLANDC__ -# define chdir _chdir -# endif -# define DIRSEP_PRESERVE 0 +#include +#define DIRSEP "/\\" +#ifndef __BORLANDC__ +#define chdir _chdir +#endif +#define DIRSEP_PRESERVE 0 #elif !defined(OPENSSL_NO_POSIX_IO) -# include -# ifndef OPENSSL_SYS_VMS -# define DIRSEP "/" -# define DIRSEP_PRESERVE 0 -# else -# define DIRSEP "/]:" -# define DIRSEP_PRESERVE 1 -# endif +#include +#ifndef OPENSSL_SYS_VMS +#define DIRSEP "/" +#define DIRSEP_PRESERVE 0 +#else +#define DIRSEP "/]:" +#define DIRSEP_PRESERVE 1 +#endif #else /* the test does not work without chdir() */ -# define chdir(x) (-1); -# define DIRSEP "/" -# define DIRSEP_PRESERVE 0 +#define chdir(x) (-1); +#define DIRSEP "/" +#define DIRSEP_PRESERVE 0 #endif /* changes path to that of the filename */ @@ -56,7 +56,7 @@ TEST_note("changing path to %s", s); ret = chdir(s); - err: +err: OPENSSL_free(s); return ret; } @@ -121,17 +121,17 @@ static int test_check_null_numbers(void) { -#if defined(_BSD_SOURCE) \ - || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \ - || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) +#if defined(_BSD_SOURCE) \ + || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \ + || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) long val = 0; /* Verify that a NULL config with a present environment variable returns * success and the value. */ if (!TEST_int_eq(setenv("FNORD", "123", 1), 0) - || !TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val)) - || !TEST_long_eq(val, 123)) { + || !TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val)) + || !TEST_long_eq(val, 123)) { TEST_note("environment variable with NULL conf failed"); return 0; } @@ -141,7 +141,7 @@ * a failure code. */ if (!TEST_int_eq(unsetenv("FNORD"), 0) - || !TEST_false(NCONF_get_number(NULL, "missing", "FNORD", &val))) { + || !TEST_false(NCONF_get_number(NULL, "missing", "FNORD", &val))) { TEST_note("missing environment variable with NULL conf failed"); return 0; } @@ -151,9 +151,9 @@ static int test_check_overflow(void) { -#if defined(_BSD_SOURCE) \ - || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \ - || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) +#if defined(_BSD_SOURCE) \ + || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \ + || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) long val = 0; char max[(sizeof(long) * 8) / 3 + 3]; char *p; @@ -161,7 +161,7 @@ p = max + BIO_snprintf(max, sizeof(max), "0%ld", LONG_MAX) - 1; setenv("FNORD", max, 1); if (!TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val)) - || !TEST_long_eq(val, LONG_MAX)) + || !TEST_long_eq(val, LONG_MAX)) return 0; while (++*p > '9') --- crypto/openssl/test/constant_time_test.c.orig +++ crypto/openssl/test/constant_time_test.c @@ -58,9 +58,9 @@ UINT64_MAX / 2 + 1, UINT64_MAX - 1, UINT64_MAX }; -static int test_binary_op(unsigned int (*op) (unsigned int a, unsigned int b), - const char *op_name, unsigned int a, unsigned int b, - int is_true) +static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b), + const char *op_name, unsigned int a, unsigned int b, + int is_true) { if (is_true && !TEST_uint_eq(op(a, b), CONSTTIME_TRUE)) return 0; @@ -69,10 +69,9 @@ return 1; } -static int test_binary_op_8(unsigned - char (*op) (unsigned int a, unsigned int b), - const char *op_name, unsigned int a, - unsigned int b, int is_true) +static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int b), + const char *op_name, unsigned int a, + unsigned int b, int is_true) { if (is_true && !TEST_uint_eq(op(a, b), CONSTTIME_TRUE_8)) return 0; @@ -81,20 +80,20 @@ return 1; } -static int test_binary_op_s(size_t (*op) (size_t a, size_t b), - const char *op_name, size_t a, size_t b, - int is_true) +static int test_binary_op_s(size_t (*op)(size_t a, size_t b), + const char *op_name, size_t a, size_t b, + int is_true) { - if (is_true && !TEST_size_t_eq(op(a,b), CONSTTIME_TRUE_S)) + if (is_true && !TEST_size_t_eq(op(a, b), CONSTTIME_TRUE_S)) return 0; - if (!is_true && !TEST_uint_eq(op(a,b), CONSTTIME_FALSE_S)) + if (!is_true && !TEST_uint_eq(op(a, b), CONSTTIME_FALSE_S)) return 0; return 1; } static int test_binary_op_64(uint64_t (*op)(uint64_t a, uint64_t b), - const char *op_name, uint64_t a, uint64_t b, - int is_true) + const char *op_name, uint64_t a, uint64_t b, + int is_true) { uint64_t c = op(a, b); @@ -260,18 +259,18 @@ unsigned int b = test_values[j]; if (!test_select(a, b) - || !test_binary_op(&constant_time_lt, "ct_lt", - a, b, a < b) - || !test_binary_op(&constant_time_lt, "constant_time_lt", - b, a, b < a) - || !test_binary_op(&constant_time_ge, "constant_time_ge", - a, b, a >= b) - || !test_binary_op(&constant_time_ge, "constant_time_ge", - b, a, b >= a) - || !test_binary_op(&constant_time_eq, "constant_time_eq", - a, b, a == b) - || !test_binary_op(&constant_time_eq, "constant_time_eq", - b, a, b == a)) + || !test_binary_op(&constant_time_lt, "ct_lt", + a, b, a < b) + || !test_binary_op(&constant_time_lt, "constant_time_lt", + b, a, b < a) + || !test_binary_op(&constant_time_ge, "constant_time_ge", + a, b, a >= b) + || !test_binary_op(&constant_time_ge, "constant_time_ge", + b, a, b >= a) + || !test_binary_op(&constant_time_eq, "constant_time_eq", + a, b, a == b) + || !test_binary_op(&constant_time_eq, "constant_time_eq", + b, a, b == a)) ret = 0; } return ret; @@ -287,17 +286,17 @@ unsigned int b = test_values_8[j]; if (!test_binary_op_8(&constant_time_lt_8, "constant_time_lt_8", - a, b, a < b) - || !test_binary_op_8(&constant_time_lt_8, "constant_time_lt_8", - b, a, b < a) - || !test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", - a, b, a >= b) - || !test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", - b, a, b >= a) - || !test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", - a, b, a == b) - || !test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", - b, a, b == a)) + a, b, a < b) + || !test_binary_op_8(&constant_time_lt_8, "constant_time_lt_8", + b, a, b < a) + || !test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", + a, b, a >= b) + || !test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", + b, a, b >= a) + || !test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", + a, b, a == b) + || !test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", + b, a, b == a)) ret = 0; } return ret; @@ -313,19 +312,19 @@ size_t b = test_values_s[j]; if (!test_select_s(a, b) - || !test_eq_s(a, b) - || !test_binary_op_s(&constant_time_lt_s, "constant_time_lt_s", - a, b, a < b) - || !test_binary_op_s(&constant_time_lt_s, "constant_time_lt_s", - b, a, b < a) - || !test_binary_op_s(&constant_time_ge_s, "constant_time_ge_s", - a, b, a >= b) - || !test_binary_op_s(&constant_time_ge_s, "constant_time_ge_s", - b, a, b >= a) - || !test_binary_op_s(&constant_time_eq_s, "constant_time_eq_s", - a, b, a == b) - || !test_binary_op_s(&constant_time_eq_s, "constant_time_eq_s", - b, a, b == a)) + || !test_eq_s(a, b) + || !test_binary_op_s(&constant_time_lt_s, "constant_time_lt_s", + a, b, a < b) + || !test_binary_op_s(&constant_time_lt_s, "constant_time_lt_s", + b, a, b < a) + || !test_binary_op_s(&constant_time_ge_s, "constant_time_ge_s", + a, b, a >= b) + || !test_binary_op_s(&constant_time_ge_s, "constant_time_ge_s", + b, a, b >= a) + || !test_binary_op_s(&constant_time_eq_s, "constant_time_eq_s", + a, b, a == b) + || !test_binary_op_s(&constant_time_eq_s, "constant_time_eq_s", + b, a, b == a)) ret = 0; } return ret; @@ -341,8 +340,8 @@ int d = signed_test_values[j]; if (!test_select_int(c, d) - || !test_eq_int(c, d) - || !test_eq_int_8(c, d)) + || !test_eq_int(c, d) + || !test_eq_int_8(c, d)) ret = 0; } return ret; @@ -387,8 +386,8 @@ uint64_t h = test_values_64[j]; if (!test_binary_op_64(&constant_time_lt_64, "constant_time_lt_64", - g, h, g < h) - || !test_select_64(g, h)) { + g, h, g < h) + || !test_select_64(g, h)) { TEST_info("test_64values failed i=%d j=%d", i, j); ret = 0; } --- crypto/openssl/test/context_internal_test.c.orig +++ crypto/openssl/test/context_internal_test.c @@ -61,8 +61,7 @@ static int test_app_context(void) { OSSL_LIB_CTX *ctx = NULL; - int result = - TEST_ptr(ctx = OSSL_LIB_CTX_new()) + int result = TEST_ptr(ctx = OSSL_LIB_CTX_new()) && test_context(ctx); OSSL_LIB_CTX_free(ctx); @@ -83,9 +82,9 @@ FOO *data = NULL; if (!TEST_ptr(global) - || !TEST_ptr(local) - || !TEST_ptr_eq(global, OSSL_LIB_CTX_set0_default(NULL)) - || !TEST_ptr(data = ossl_lib_ctx_get_data(local, 0, &foo_method))) + || !TEST_ptr(local) + || !TEST_ptr_eq(global, OSSL_LIB_CTX_set0_default(NULL)) + || !TEST_ptr(data = ossl_lib_ctx_get_data(local, 0, &foo_method))) goto err; /* Set local "i" value to 43. Global "i" should be 42 */ @@ -95,20 +94,20 @@ /* The default context should still be the "global" default */ if (!TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) - || !TEST_int_eq(data->i, 42)) + || !TEST_int_eq(data->i, 42)) goto err; /* Check we can change the local default context */ if (!TEST_ptr(prev = OSSL_LIB_CTX_set0_default(local)) - || !TEST_ptr_eq(global, prev) - || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) - || !TEST_int_eq(data->i, 43)) + || !TEST_ptr_eq(global, prev) + || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) + || !TEST_int_eq(data->i, 43)) goto err; /* Calling OSSL_LIB_CTX_set0_default() with a NULL should be a no-op */ if (!TEST_ptr_eq(local, OSSL_LIB_CTX_set0_default(NULL)) - || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) - || !TEST_int_eq(data->i, 43)) + || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) + || !TEST_int_eq(data->i, 43)) goto err; /* Global default should be unchanged */ @@ -116,14 +115,14 @@ goto err; /* Check we can swap back to the global default */ - if (!TEST_ptr(prev = OSSL_LIB_CTX_set0_default(global)) - || !TEST_ptr_eq(local, prev) - || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) - || !TEST_int_eq(data->i, 42)) + if (!TEST_ptr(prev = OSSL_LIB_CTX_set0_default(global)) + || !TEST_ptr_eq(local, prev) + || !TEST_ptr(data = ossl_lib_ctx_get_data(NULL, 0, &foo_method)) + || !TEST_int_eq(data->i, 42)) goto err; testresult = 1; - err: +err: OSSL_LIB_CTX_free(local); return testresult; } --- crypto/openssl/test/crltest.c.orig +++ crypto/openssl/test/crltest.c @@ -251,7 +251,7 @@ * Returns a value from X509_V_ERR_xxx or X509_V_OK. */ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, - unsigned long flags) + unsigned long flags) { X509_STORE_CTX *ctx = X509_STORE_CTX_new(); X509_STORE *store = X509_STORE_new(); @@ -320,11 +320,13 @@ r = TEST_ptr(basic_crl) && TEST_ptr(revoked_crl) && TEST_int_eq(verify(test_leaf, test_root, - make_CRL_stack(basic_crl, NULL), - X509_V_FLAG_CRL_CHECK), X509_V_OK) + make_CRL_stack(basic_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_OK) && TEST_int_eq(verify(test_leaf, test_root, - make_CRL_stack(basic_crl, revoked_crl), - X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED); + make_CRL_stack(basic_crl, revoked_crl), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_CERT_REVOKED); X509_CRL_free(basic_crl); X509_CRL_free(revoked_crl); return r; @@ -333,8 +335,8 @@ static int test_no_crl(void) { return TEST_int_eq(verify(test_leaf, test_root, NULL, - X509_V_FLAG_CRL_CHECK), - X509_V_ERR_UNABLE_TO_GET_CRL); + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); } static int test_bad_issuer_crl(void) @@ -344,9 +346,9 @@ r = TEST_ptr(bad_issuer_crl) && TEST_int_eq(verify(test_leaf, test_root, - make_CRL_stack(bad_issuer_crl, NULL), - X509_V_FLAG_CRL_CHECK), - X509_V_ERR_UNABLE_TO_GET_CRL); + make_CRL_stack(bad_issuer_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); X509_CRL_free(bad_issuer_crl); return r; } @@ -358,8 +360,9 @@ r = TEST_ptr(known_critical_crl) && TEST_int_eq(verify(test_leaf, test_root, - make_CRL_stack(known_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK), X509_V_OK); + make_CRL_stack(known_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_OK); X509_CRL_free(known_critical_crl); return r; } @@ -371,9 +374,9 @@ r = TEST_ptr(unknown_critical_crl) && TEST_int_eq(verify(test_leaf, test_root, - make_CRL_stack(unknown_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK), - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); + make_CRL_stack(unknown_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); X509_CRL_free(unknown_critical_crl); return r; } @@ -392,7 +395,7 @@ if (idx & 1) { if (!TEST_true(X509_CRL_up_ref(reused_crl))) goto err; - addref_crl = reused_crl; + addref_crl = reused_crl; } idx >>= 1; @@ -406,25 +409,25 @@ switch (idx) { case 0: /* valid PEM + invalid DER */ if (!TEST_ptr_null(result) - || !TEST_ptr_null(reused_crl)) + || !TEST_ptr_null(reused_crl)) goto err; break; case 1: /* invalid PEM */ if (!TEST_ptr_null(result) - || !TEST_ptr(reused_crl)) + || !TEST_ptr(reused_crl)) goto err; break; case 2: if (!TEST_ptr(result) - || !TEST_ptr(reused_crl) - || !TEST_ptr_eq(result, reused_crl)) + || !TEST_ptr(reused_crl) + || !TEST_ptr_eq(result, reused_crl)) goto err; break; } r = 1; - err: +err: OPENSSL_free(p); BIO_free(b); X509_CRL_free(reused_crl); @@ -432,6 +435,67 @@ return r; } +/* + * Test to make sure X509_verify_cert sets the issuer, reasons, and + * CRL score of the CRLs it gets from X509_STORE_CTX->get_crl + */ + +static int get_crl_fn(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x) +{ + *crl = CRL_from_strings(kBasicCRL); + return 1; +} + +static int test_get_crl_fn_score(void) +{ + X509_STORE_CTX *ctx = X509_STORE_CTX_new(); + X509_STORE *store = X509_STORE_new(); + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); + STACK_OF(X509) *roots = sk_X509_new_null(); + + int status = X509_V_ERR_UNSPECIFIED; + + if (!TEST_ptr(ctx) + || !TEST_ptr(store) + || !TEST_ptr(param) + || !TEST_ptr(roots)) + goto err; + + X509_STORE_set_get_crl(store, &get_crl_fn); + /* Create a stack; upref the cert because we free it below. */ + if (!TEST_true(X509_up_ref(test_root))) + goto err; + if (!TEST_true(sk_X509_push(roots, test_root))) { + X509_free(test_root); + goto err; + } + if (!TEST_true(X509_STORE_CTX_init(ctx, store, test_leaf, NULL))) + goto err; + + X509_STORE_CTX_set0_trusted_stack(ctx, roots); + X509_VERIFY_PARAM_set_time(param, PARAM_TIME); + if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), + (long)PARAM_TIME)) + goto err; + X509_VERIFY_PARAM_set_depth(param, 16); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); + X509_STORE_CTX_set0_param(ctx, param); + param = NULL; + + ERR_clear_error(); + status = X509_verify_cert(ctx) == 1 ? X509_V_OK + : X509_STORE_CTX_get_error(ctx); + + TEST_int_eq(status, X509_V_OK); + +err: + sk_X509_pop_free(roots, X509_free); + X509_VERIFY_PARAM_free(param); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return status == X509_V_OK; +} + int setup_tests(void) { if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) @@ -442,6 +506,7 @@ ADD_TEST(test_basic_crl); ADD_TEST(test_bad_issuer_crl); ADD_TEST(test_known_critical_crl); + ADD_TEST(test_get_crl_fn_score); ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); ADD_ALL_TESTS(test_reuse_crl, 6); return 1; --- crypto/openssl/test/ct_test.c.orig +++ crypto/openssl/test/ct_test.c @@ -23,7 +23,7 @@ #ifndef OPENSSL_NO_CT /* Used when declaring buffers to read text files into */ -# define CT_TEST_MAX_FILE_SIZE 8096 +#define CT_TEST_MAX_FILE_SIZE 8096 static char *certs_dir = NULL; static char *ct_dir = NULL; @@ -33,7 +33,7 @@ /* The current time in milliseconds */ uint64_t epoch_time_in_ms; /* The CT log store to use during tests */ - CTLOG_STORE* ctlog_store; + CTLOG_STORE *ctlog_store; /* Set the following to test handling of SCTs in X509 certificates */ const char *certs_dir; char *certificate_file; @@ -66,8 +66,8 @@ fixture->test_case_name = test_case_name; fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */ if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new()) - || !TEST_int_eq( - CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) + || !TEST_int_eq( + CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) goto end; return fixture; @@ -106,7 +106,7 @@ } static int read_text_file(const char *dir, const char *file, - char *buffer, int buffer_length) + char *buffer, int buffer_length) { int len = -1; char *file_path = test_mk_file_path(dir, file); @@ -124,7 +124,7 @@ } static int compare_sct_list_printout(STACK_OF(SCT) *sct, - const char *expected_output) + const char *expected_output) { BIO *text_buffer = NULL; char *actual_output = NULL; @@ -150,15 +150,15 @@ } static int compare_extension_printout(X509_EXTENSION *extension, - const char *expected_output) + const char *expected_output) { BIO *text_buffer = NULL; char *actual_output = NULL; int result = 0; if (!TEST_ptr(text_buffer = BIO_new(BIO_s_mem())) - || !TEST_true(X509V3_EXT_print(text_buffer, extension, - X509V3_EXT_DEFAULT, 0))) + || !TEST_true(X509V3_EXT_print(text_buffer, extension, + X509V3_EXT_DEFAULT, 0))) goto end; /* Append \n because it's easier to create files that end with one. */ @@ -181,7 +181,7 @@ } static int assert_validity(CT_TEST_FIXTURE *fixture, STACK_OF(SCT) *scts, - CT_POLICY_EVAL_CTX *policy_ctx) + CT_POLICY_EVAL_CTX *policy_ctx) { int invalid_sct_count = 0; int valid_sct_count = 0; @@ -210,11 +210,10 @@ } if (!TEST_int_eq(valid_sct_count, fixture->expected_valid_sct_count)) { - int unverified_sct_count = sk_SCT_num(scts) - - invalid_sct_count - valid_sct_count; + int unverified_sct_count = sk_SCT_num(scts) - invalid_sct_count - valid_sct_count; TEST_info("%d SCTs failed, %d SCTs unverified", - invalid_sct_count, unverified_sct_count); + invalid_sct_count, unverified_sct_count); return 0; } @@ -235,8 +234,8 @@ if (fixture->sct_text_file != NULL) { sct_text_len = read_text_file(fixture->sct_dir, fixture->sct_text_file, - expected_sct_text, - CT_TEST_MAX_FILE_SIZE - 1); + expected_sct_text, + CT_TEST_MAX_FILE_SIZE - 1); if (!TEST_int_ge(sct_text_len, 0)) goto end; @@ -244,7 +243,7 @@ } CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE( - ct_policy_ctx, fixture->ctlog_store); + ct_policy_ctx, fixture->ctlog_store); CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture->epoch_time_in_ms); @@ -254,20 +253,19 @@ X509_EXTENSION *sct_extension = NULL; if (!TEST_ptr(cert = load_pem_cert(fixture->certs_dir, - fixture->certificate_file))) + fixture->certificate_file))) goto end; CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert); if (fixture->issuer_file != NULL) { if (!TEST_ptr(issuer = load_pem_cert(fixture->certs_dir, - fixture->issuer_file))) + fixture->issuer_file))) goto end; CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer); } - sct_extension_index = - X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1); + sct_extension_index = X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1); sct_extension = X509_get_ext(cert, sct_extension_index); if (fixture->expected_sct_count > 0) { if (!TEST_ptr(sct_extension)) @@ -275,15 +273,15 @@ if (fixture->sct_text_file && !compare_extension_printout(sct_extension, - expected_sct_text)) - goto end; + expected_sct_text)) + goto end; scts = X509V3_EXT_d2i(sct_extension); for (i = 0; i < sk_SCT_num(scts); ++i) { SCT *sct_i = sk_SCT_value(scts, i); if (!TEST_int_eq(SCT_get_source(sct_i), - SCT_SOURCE_X509V3_EXTENSION)) { + SCT_SOURCE_X509V3_EXTENSION)) { goto end; } } @@ -310,12 +308,12 @@ if (fixture->sct_text_file && !compare_sct_list_printout(scts, expected_sct_text)) { - goto end; + goto end; } tls_sct_list_len = i2o_SCT_LIST(scts, &tls_sct_list); if (!TEST_mem_eq(fixture->tls_sct_list, fixture->tls_sct_list_len, - tls_sct_list, tls_sct_list_len)) + tls_sct_list, tls_sct_list_len)) goto end; } success = 1; @@ -330,8 +328,8 @@ return success; } -# define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) -# define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) +#define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) +#define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) static int test_no_scts_in_certificate(void) { @@ -411,22 +409,22 @@ static int test_decode_tls_sct(void) { const unsigned char tls_sct_list[] = "\x00\x78" /* length of list */ - "\x00\x76" - "\x00" /* version */ - /* log ID */ - "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79" - "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64" - "\x00\x00\x01\x3D\xDB\x27\xDF\x93" /* timestamp */ - "\x00\x00" /* extensions length */ - "" /* extensions */ - "\x04\x03" /* hash and signature algorithms */ - "\x00\x47" /* signature length */ - /* signature */ - "\x30\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE\x1F\xD6" - "\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3\xE5\xE2" - "\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB" - "\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89" - "\xED\xBF\x08"; + "\x00\x76" + "\x00" /* version */ + /* log ID */ + "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79" + "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64" + "\x00\x00\x01\x3D\xDB\x27\xDF\x93" /* timestamp */ + "\x00\x00" /* extensions length */ + "" /* extensions */ + "\x04\x03" /* hash and signature algorithms */ + "\x00\x47" /* signature length */ + /* signature */ + "\x30\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE\x1F\xD6" + "\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3\xE5\xE2" + "\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB" + "\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89" + "\xED\xBF\x08"; SETUP_CT_TEST_FIXTURE(); fixture->tls_sct_list = tls_sct_list; @@ -443,22 +441,20 @@ const uint64_t timestamp = 1; const char extensions[] = ""; const char signature[] = "BAMARzBAMiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUwKI+j5" - "eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8I"; + "eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8I"; SCT *sct = NULL; SETUP_CT_TEST_FIXTURE(); fixture->sct_list = sk_SCT_new_null(); - if (fixture->sct_list == NULL) - { + if (fixture->sct_list == NULL) { tear_down(fixture); return 0; } if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, - CT_LOG_ENTRY_TYPE_X509, timestamp, - extensions, signature))) - { + CT_LOG_ENTRY_TYPE_X509, timestamp, + extensions, signature))) { tear_down(fixture); return 0; } @@ -478,12 +474,11 @@ { int success = 0; CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); - const time_t default_time = - (time_t)(CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / 1000); - const time_t time_tolerance = 600; /* 10 minutes */ + const time_t default_time = (time_t)(CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / 1000); + const time_t time_tolerance = 600; /* 10 minutes */ if (!TEST_time_t_le(abs((int)difftime(time(NULL), default_time)), - time_tolerance)) + time_tolerance)) goto end; success = 1; --- crypto/openssl/test/ctype_internal_test.c.orig +++ crypto/openssl/test/ctype_internal_test.c @@ -34,19 +34,19 @@ return 1; return TEST_int_eq(isalpha(n) != 0, ossl_isalpha(n) != 0) - && TEST_int_eq(isalnum(n) != 0, ossl_isalnum(n) != 0) + && TEST_int_eq(isalnum(n) != 0, ossl_isalnum(n) != 0) #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L - && TEST_int_eq(isblank(n) != 0, ossl_isblank(n) != 0) + && TEST_int_eq(isblank(n) != 0, ossl_isblank(n) != 0) #endif - && TEST_int_eq(iscntrl(n) != 0, ossl_iscntrl(n) != 0) - && TEST_int_eq(isdigit(n) != 0, ossl_isdigit(n) != 0) - && TEST_int_eq(isgraph(n) != 0, ossl_isgraph(n) != 0) - && TEST_int_eq(islower(n) != 0, ossl_islower(n) != 0) - && TEST_int_eq(isprint(n) != 0, ossl_isprint(n) != 0) - && TEST_int_eq(ispunct(n) != 0, ossl_ispunct(n) != 0) - && TEST_int_eq(isspace(n) != 0, ossl_isspace(n) != 0) - && TEST_int_eq(isupper(n) != 0, ossl_isupper(n) != 0) - && TEST_int_eq(isxdigit(n) != 0, ossl_isxdigit(n) != 0); + && TEST_int_eq(iscntrl(n) != 0, ossl_iscntrl(n) != 0) + && TEST_int_eq(isdigit(n) != 0, ossl_isdigit(n) != 0) + && TEST_int_eq(isgraph(n) != 0, ossl_isgraph(n) != 0) + && TEST_int_eq(islower(n) != 0, ossl_islower(n) != 0) + && TEST_int_eq(isprint(n) != 0, ossl_isprint(n) != 0) + && TEST_int_eq(ispunct(n) != 0, ossl_ispunct(n) != 0) + && TEST_int_eq(isspace(n) != 0, ossl_isspace(n) != 0) + && TEST_int_eq(isupper(n) != 0, ossl_isupper(n) != 0) + && TEST_int_eq(isxdigit(n) != 0, ossl_isxdigit(n) != 0); } static struct { @@ -59,20 +59,20 @@ { '0', '0' }, { '%', '%' }, { '~', '~' }, - { 0, 0 }, + { 0, 0 }, { EOF, EOF } }; static int test_ctype_toupper(int n) { return TEST_int_eq(ossl_toupper(case_change[n].l), case_change[n].u) - && TEST_int_eq(ossl_toupper(case_change[n].u), case_change[n].u); + && TEST_int_eq(ossl_toupper(case_change[n].u), case_change[n].u); } static int test_ctype_tolower(int n) { return TEST_int_eq(ossl_tolower(case_change[n].u), case_change[n].l) - && TEST_int_eq(ossl_tolower(case_change[n].l), case_change[n].l); + && TEST_int_eq(ossl_tolower(case_change[n].l), case_change[n].l); } static int test_ctype_eof(void) --- crypto/openssl/test/curve448_internal_test.c.orig +++ crypto/openssl/test/curve448_internal_test.c @@ -76,25 +76,21 @@ }; static const uint8_t out_u3[3][56] = { - { - 0x3f, 0x48, 0x2c, 0x8a, 0x9f, 0x19, 0xb0, 0x1e, 0x6c, 0x46, 0xee, 0x97, + { 0x3f, 0x48, 0x2c, 0x8a, 0x9f, 0x19, 0xb0, 0x1e, 0x6c, 0x46, 0xee, 0x97, 0x11, 0xd9, 0xdc, 0x14, 0xfd, 0x4b, 0xf6, 0x7a, 0xf3, 0x07, 0x65, 0xc2, 0xae, 0x2b, 0x84, 0x6a, 0x4d, 0x23, 0xa8, 0xcd, 0x0d, 0xb8, 0x97, 0x08, 0x62, 0x39, 0x49, 0x2c, 0xaf, 0x35, 0x0b, 0x51, 0xf8, 0x33, 0x86, 0x8b, - 0x9b, 0xc2, 0xb3, 0xbc, 0xa9, 0xcf, 0x41, 0x13 - }, { - 0xaa, 0x3b, 0x47, 0x49, 0xd5, 0x5b, 0x9d, 0xaf, 0x1e, 0x5b, 0x00, 0x28, + 0x9b, 0xc2, 0xb3, 0xbc, 0xa9, 0xcf, 0x41, 0x13 }, + { 0xaa, 0x3b, 0x47, 0x49, 0xd5, 0x5b, 0x9d, 0xaf, 0x1e, 0x5b, 0x00, 0x28, 0x88, 0x26, 0xc4, 0x67, 0x27, 0x4c, 0xe3, 0xeb, 0xbd, 0xd5, 0xc1, 0x7b, 0x97, 0x5e, 0x09, 0xd4, 0xaf, 0x6c, 0x67, 0xcf, 0x10, 0xd0, 0x87, 0x20, 0x2d, 0xb8, 0x82, 0x86, 0xe2, 0xb7, 0x9f, 0xce, 0xea, 0x3e, 0xc3, 0x53, - 0xef, 0x54, 0xfa, 0xa2, 0x6e, 0x21, 0x9f, 0x38 - }, { - 0x07, 0x7f, 0x45, 0x36, 0x81, 0xca, 0xca, 0x36, 0x93, 0x19, 0x84, 0x20, + 0xef, 0x54, 0xfa, 0xa2, 0x6e, 0x21, 0x9f, 0x38 }, + { 0x07, 0x7f, 0x45, 0x36, 0x81, 0xca, 0xca, 0x36, 0x93, 0x19, 0x84, 0x20, 0xbb, 0xe5, 0x15, 0xca, 0xe0, 0x00, 0x24, 0x72, 0x51, 0x9b, 0x3e, 0x67, 0x66, 0x1a, 0x7e, 0x89, 0xca, 0xb9, 0x46, 0x95, 0xc8, 0xf4, 0xbc, 0xd6, 0x6e, 0x61, 0xb9, 0xb9, 0xc9, 0x46, 0xda, 0x8d, 0x52, 0x4d, 0xe3, 0xd6, - 0x9b, 0xd9, 0xd9, 0xd6, 0x6b, 0x99, 0x7e, 0x37 - } + 0x9b, 0xd9, 0xd9, 0xd6, 0x6b, 0x99, 0x7e, 0x37 } }; /* Test vectors from RFC8032 for Ed448 */ @@ -583,13 +579,13 @@ }; static const uint8_t *dohash(EVP_MD_CTX *hashctx, const uint8_t *msg, - size_t msglen) + size_t msglen) { static uint8_t hashout[64]; if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) - || !EVP_DigestUpdate(hashctx, msg, msglen) - || !EVP_DigestFinalXOF(hashctx, hashout, sizeof(hashout))) + || !EVP_DigestUpdate(hashctx, msg, msglen) + || !EVP_DigestFinalXOF(hashctx, hashout, sizeof(hashout))) return NULL; return hashout; @@ -601,45 +597,47 @@ EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); if (!TEST_ptr(hashctx) - || !TEST_true(ossl_ed448_sign(NULL, outsig, NULL, 0, pubkey1, - privkey1, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0) - || !TEST_true(ossl_ed448_sign(NULL, outsig, msg2, sizeof(msg2), - pubkey2, privkey2, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0) - || !TEST_true(ossl_ed448_sign(NULL, outsig, msg3, sizeof(msg3), - pubkey3, privkey3, context3, - sizeof(context3), NULL)) - || !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0) - || !TEST_true(ossl_ed448_sign(NULL, outsig, msg4, sizeof(msg4), - pubkey4, privkey4, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0) - || !TEST_true(ossl_ed448_sign(NULL, outsig, msg5, sizeof(msg5), - pubkey5, privkey5, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0) - || !TEST_true(ossl_ed448_sign(NULL, outsig, msg6, sizeof(msg6), - pubkey6, privkey6, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0) - || !TEST_true(ossl_ed448_sign(NULL, outsig, msg7, sizeof(msg7), - pubkey7, privkey7, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0) - || !TEST_true(ossl_ed448_sign(NULL, outsig, msg8, sizeof(msg8), - pubkey8, privkey8, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0) - || !TEST_true(ossl_ed448_sign(NULL, outsig, msg9, sizeof(msg9), - pubkey9, privkey9, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0) - || !TEST_true(ossl_ed448ph_sign(NULL, outsig, - dohash(hashctx, phmsg1, - sizeof(phmsg1)), phpubkey1, - phprivkey1, NULL, 0, NULL)) - || !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0) - || !TEST_true(ossl_ed448ph_sign(NULL, outsig, - dohash(hashctx, phmsg2, - sizeof(phmsg2)), phpubkey2, - phprivkey2, phcontext2, - sizeof(phcontext2), NULL)) - || !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) { + || !TEST_true(ossl_ed448_sign(NULL, outsig, NULL, 0, pubkey1, + privkey1, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg2, sizeof(msg2), + pubkey2, privkey2, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg3, sizeof(msg3), + pubkey3, privkey3, context3, + sizeof(context3), NULL)) + || !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg4, sizeof(msg4), + pubkey4, privkey4, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg5, sizeof(msg5), + pubkey5, privkey5, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg6, sizeof(msg6), + pubkey6, privkey6, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg7, sizeof(msg7), + pubkey7, privkey7, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg8, sizeof(msg8), + pubkey8, privkey8, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg9, sizeof(msg9), + pubkey9, privkey9, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0) + || !TEST_true(ossl_ed448ph_sign(NULL, outsig, + dohash(hashctx, phmsg1, + sizeof(phmsg1)), + phpubkey1, + phprivkey1, NULL, 0, NULL)) + || !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0) + || !TEST_true(ossl_ed448ph_sign(NULL, outsig, + dohash(hashctx, phmsg2, + sizeof(phmsg2)), + phpubkey2, + phprivkey2, phcontext2, + sizeof(phcontext2), NULL)) + || !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) { EVP_MD_CTX_free(hashctx); return 0; } @@ -657,9 +655,9 @@ /* Curve448 tests */ if (!TEST_true(ossl_x448(out, in_scalar1, in_u1)) - || !TEST_int_eq(memcmp(out, out_u1, sizeof(out)), 0) - || !TEST_true(ossl_x448(out, in_scalar2, in_u2)) - || !TEST_int_eq(memcmp(out, out_u2, sizeof(out)), 0)) + || !TEST_int_eq(memcmp(out, out_u1, sizeof(out)), 0) + || !TEST_true(ossl_x448(out, in_scalar2, in_u2)) + || !TEST_int_eq(memcmp(out, out_u2, sizeof(out)), 0)) return 0; memcpy(u, in_u3, sizeof(u)); @@ -701,7 +699,7 @@ OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("conf_file\n"), { "f", OPT_SLOW, '-', "Enables a slow test" }, { "v", OPT_PROGRESS, '-', - "Enables verbose mode (prints progress dots)" }, + "Enables verbose mode (prints progress dots)" }, { NULL } }; return test_options; --- crypto/openssl/test/d2i_test.c.orig +++ crypto/openssl/test/d2i_test.c @@ -95,7 +95,7 @@ if (TEST_int_eq(expected_error, ASN1_OK)) ret = 1; - err: +err: /* Don't indicate success for memory allocation errors */ if (ret == 1 && !TEST_false(ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)) @@ -120,11 +120,11 @@ size_t i; static error_enum expected_errors[] = { - {"OK", ASN1_OK}, - {"BIO", ASN1_BIO}, - {"decode", ASN1_DECODE}, - {"encode", ASN1_ENCODE}, - {"compare", ASN1_COMPARE} + { "OK", ASN1_OK }, + { "BIO", ASN1_BIO }, + { "decode", ASN1_DECODE }, + { "encode", ASN1_ENCODE }, + { "compare", ASN1_COMPARE } }; if (!test_skip_common_options()) { @@ -133,8 +133,8 @@ } if (!TEST_ptr(test_type_name = test_get_argument(0)) - || !TEST_ptr(expected_error_string = test_get_argument(1)) - || !TEST_ptr(test_file = test_get_argument(2))) + || !TEST_ptr(expected_error_string = test_get_argument(1)) + || !TEST_ptr(test_file = test_get_argument(2))) return 0; item_type = ASN1_ITEM_lookup(test_type_name); --- crypto/openssl/test/danetest.c.orig +++ crypto/openssl/test/danetest.c @@ -20,7 +20,7 @@ #include #include #ifndef OPENSSL_NO_ENGINE -# include +#include #endif #include "testutil.h" @@ -61,17 +61,16 @@ int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); if (!TEST_ptr(store_ctx = X509_STORE_CTX_new()) - || !TEST_ptr(ssl_ctx = SSL_get_SSL_CTX(ssl)) - || !TEST_ptr(store = SSL_CTX_get_cert_store(ssl_ctx)) - || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain)) - || !TEST_true(X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, - ssl))) + || !TEST_ptr(ssl_ctx = SSL_get_SSL_CTX(ssl)) + || !TEST_ptr(store = SSL_CTX_get_cert_store(ssl_ctx)) + || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain)) + || !TEST_true(X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, + ssl))) goto end; - X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl) - ? "ssl_client" : "ssl_server"); + X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), - SSL_get0_param(ssl)); + SSL_get0_param(ssl)); store_ctx_dane_init(store_ctx, ssl); if (SSL_get_verify_callback(ssl) != NULL) @@ -103,19 +102,20 @@ goto err; for (count = 0; - count < nelem && errtype == 0 - && PEM_read_bio(fp, &name, &header, &data, &len) == 1; - ++count) { + count < nelem && errtype == 0 + && PEM_read_bio(fp, &name, &header, &data, &len) == 1; + ++count) { if (strcmp(name, PEM_STRING_X509) == 0 - || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 - || strcmp(name, PEM_STRING_X509_OLD) == 0) { + || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 + || strcmp(name, PEM_STRING_X509_OLD) == 0) { d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0 - ? d2i_X509_AUX : d2i_X509; + ? d2i_X509_AUX + : d2i_X509; X509 *cert; const unsigned char *p = data; if (!TEST_ptr(cert = d(0, &p, len)) - || !TEST_long_eq(p - data, len)) { + || !TEST_long_eq(p - data, len)) { TEST_info("Certificate parsing error"); goto err; } @@ -224,9 +224,7 @@ v = strtol(cp, &endp, 10); e = restore_errno(); - if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) || - endp == cp || !isspace(_UC(*endp)) || - v != (*(uint8_t *)result = (uint8_t) v)) { + if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) || endp == cp || !isspace(_UC(*endp)) || v != (*(uint8_t *)result = (uint8_t)v)) { return -1; } for (cp = endp; isspace(_UC(*cp)); ++cp) @@ -251,7 +249,9 @@ { &selector, "selector", checked_uint8 }, { &mtype, "mtype", checked_uint8 }, { &data, "data", hexdecode }, - { NULL, } + { + NULL, + } }; int ret; struct tlsa_field *f; @@ -288,7 +288,7 @@ } static int test_tlsafile(SSL_CTX *ctx, const char *base_name, - BIO *f, const char *path) + BIO *f, const char *path) { char *line; int testno = 0; @@ -313,7 +313,8 @@ ++testno; if (sscanf(line, "%d %d %d %d %d%n", - &ntlsa, &ncert, &noncheck, &want, &want_depth, &off) != 5 + &ntlsa, &ncert, &noncheck, &want, &want_depth, &off) + != 5 || !allws(line + off)) { TEST_error("Malformed line for test %d", testno); return 0; @@ -360,7 +361,7 @@ if (!TEST_int_eq(err, want)) { if (want == X509_V_OK) TEST_info("Verification failure in test %d: %d=%s", - testno, err, X509_verify_cert_error_string(err)); + testno, err, X509_verify_cert_error_string(err)); else TEST_info("Unexpected error in test %d", testno); ret = 0; @@ -388,12 +389,12 @@ int ret = 0; if (!TEST_ptr(f = BIO_new_file(tlsafile, "r")) - || !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method())) - || !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0) - || !TEST_true(SSL_CTX_load_verify_file(ctx, CAfile)) - || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), 0) - || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), 0) - || !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0)) + || !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method())) + || !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0) + || !TEST_true(SSL_CTX_load_verify_file(ctx, CAfile)) + || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), 0) + || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), 0) + || !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0)) goto end; ret = 1; @@ -414,8 +415,8 @@ } if (!TEST_ptr(basedomain = test_get_argument(0)) - || !TEST_ptr(CAfile = test_get_argument(1)) - || !TEST_ptr(tlsafile = test_get_argument(2))) + || !TEST_ptr(CAfile = test_get_argument(1)) + || !TEST_ptr(tlsafile = test_get_argument(2))) return 0; ADD_TEST(run_tlsatest); --- crypto/openssl/test/defltfips_test.c.orig +++ crypto/openssl/test/defltfips_test.c @@ -35,7 +35,7 @@ * loading the FIPS provider. */ if (!TEST_int_eq(is_fips || bad_fips, is_fips_enabled) - || !TEST_int_eq(is_fips && !bad_fips, is_fips_loaded)) + || !TEST_int_eq(is_fips && !bad_fips, is_fips_loaded)) return 0; /* @@ -53,7 +53,7 @@ return 0; if (is_fips && !TEST_str_eq(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(sha256)), - "fips")) { + "fips")) { EVP_MD_free(sha256); return 0; } @@ -79,7 +79,7 @@ } argc = test_get_argument_count(); - switch(argc) { + switch (argc) { case 0: is_fips = 0; bad_fips = 0; --- crypto/openssl/test/destest.c.orig +++ crypto/openssl/test/destest.c @@ -20,182 +20,213 @@ #include "internal/nelem.h" #ifndef OPENSSL_NO_DES -# include +#include /* In case any platform doesn't use unsigned int for its checksums */ -# define TEST_cs_eq TEST_uint_eq +#define TEST_cs_eq TEST_uint_eq -# define DATA_BUF_SIZE 20 +#define DATA_BUF_SIZE 20 /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ -# define NUM_TESTS 34 +#define NUM_TESTS 34 static unsigned char key_data[NUM_TESTS][8] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}, - {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57}, - {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E}, - {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86}, - {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E}, - {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6}, - {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE}, - {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6}, - {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE}, - {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16}, - {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F}, - {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46}, - {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E}, - {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76}, - {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07}, - {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F}, - {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7}, - {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, - {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6}, - {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF}, - {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, - {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, - {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10} + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }, + { 0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57 }, + { 0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E }, + { 0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86 }, + { 0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E }, + { 0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6 }, + { 0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE }, + { 0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6 }, + { 0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE }, + { 0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16 }, + { 0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F }, + { 0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46 }, + { 0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E }, + { 0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76 }, + { 0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07 }, + { 0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F }, + { 0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7 }, + { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, + { 0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6 }, + { 0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF }, + { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, + { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, + { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 } }; static unsigned char plain_data[NUM_TESTS][8] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, - {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42}, - {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA}, - {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72}, - {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A}, - {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2}, - {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A}, - {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2}, - {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A}, - {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02}, - {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A}, - {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32}, - {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA}, - {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62}, - {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2}, - {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA}, - {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92}, - {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A}, - {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2}, - {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF} + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, + { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42 }, + { 0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA }, + { 0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72 }, + { 0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A }, + { 0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2 }, + { 0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A }, + { 0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2 }, + { 0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A }, + { 0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02 }, + { 0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A }, + { 0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32 }, + { 0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA }, + { 0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62 }, + { 0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2 }, + { 0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA }, + { 0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92 }, + { 0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A }, + { 0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2 }, + { 0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } }; static unsigned char cipher_data[NUM_TESTS][8] = { - {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7}, - {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58}, - {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B}, - {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33}, - {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D}, - {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD}, - {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7}, - {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4}, - {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B}, - {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71}, - {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A}, - {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A}, - {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95}, - {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B}, - {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09}, - {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A}, - {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F}, - {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88}, - {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77}, - {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A}, - {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56}, - {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56}, - {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56}, - {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC}, - {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A}, - {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41}, - {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93}, - {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00}, - {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06}, - {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7}, - {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51}, - {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE}, - {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D}, - {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2} + { 0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7 }, + { 0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58 }, + { 0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B }, + { 0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33 }, + { 0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D }, + { 0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD }, + { 0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7 }, + { 0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4 }, + { 0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B }, + { 0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71 }, + { 0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A }, + { 0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A }, + { 0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95 }, + { 0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B }, + { 0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09 }, + { 0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A }, + { 0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F }, + { 0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88 }, + { 0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77 }, + { 0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A }, + { 0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56 }, + { 0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56 }, + { 0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56 }, + { 0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC }, + { 0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A }, + { 0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41 }, + { 0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93 }, + { 0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00 }, + { 0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06 }, + { 0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7 }, + { 0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51 }, + { 0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE }, + { 0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D }, + { 0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2 } }; static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = { - {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E}, - {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16}, - {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27}, - {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6}, - {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25}, - {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A}, - {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74}, - {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6}, - {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67}, - {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10}, - {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85}, - {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA}, - {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3}, - {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3}, - {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A}, - {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69}, - {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1}, - {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7}, - {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F}, - {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87}, - {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A}, - {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE}, - {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3}, - {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD}, - {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84}, - {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85}, - {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC}, - {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89}, - {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E}, - {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89}, - {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7}, - {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8}, - {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85} + { 0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E }, + { 0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16 }, + { 0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27 }, + { 0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6 }, + { 0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25 }, + { 0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A }, + { 0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74 }, + { 0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6 }, + { 0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67 }, + { 0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10 }, + { 0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85 }, + { 0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA }, + { 0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3 }, + { 0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3 }, + { 0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A }, + { 0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69 }, + { 0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1 }, + { 0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7 }, + { 0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F }, + { 0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87 }, + { 0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A }, + { 0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE }, + { 0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3 }, + { 0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD }, + { 0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84 }, + { 0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85 }, + { 0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC }, + { 0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89 }, + { 0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E }, + { 0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89 }, + { 0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7 }, + { 0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8 }, + { 0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85 } }; -static unsigned char cbc_key[8] = - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; -static unsigned char cbc2_key[8] = - { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 }; -static unsigned char cbc3_key[8] = - { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; -static unsigned char cbc_iv[8] = - { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char cbc_key[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char cbc2_key[8] = { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 }; +static unsigned char cbc3_key[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char cbc_iv[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; /* * Changed the following text constant to binary so it will work on ebcdic * machines :-) */ /* static char cbc_data[40]="7654321 Now is the time for \0001"; */ static unsigned char cbc_data[40] = { - 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20, - 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20, - 0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x37, + 0x36, + 0x35, + 0x34, + 0x33, + 0x32, + 0x31, + 0x20, + 0x4E, + 0x6F, + 0x77, + 0x20, + 0x69, + 0x73, + 0x20, + 0x74, + 0x68, + 0x65, + 0x20, + 0x74, + 0x69, + 0x6D, + 0x65, + 0x20, + 0x66, + 0x6F, + 0x72, + 0x20, + 0x00, + 0x31, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, }; static unsigned char cbc_ok[32] = { @@ -205,25 +236,80 @@ 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 }; -# ifdef SCREW_THE_PARITY -# error "SCREW_THE_PARITY is not meant to be defined." -# error "Original vectors are preserved for reference only." -static unsigned char cbc2_key[8] = - { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }; +#ifdef SCREW_THE_PARITY +#error "SCREW_THE_PARITY is not meant to be defined." +#error "Original vectors are preserved for reference only." +static unsigned char cbc2_key[8] = { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }; static unsigned char xcbc_ok[32] = { - 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48, - 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD, - 0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76, - 0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2, + 0x86, + 0x74, + 0x81, + 0x0D, + 0x61, + 0xA4, + 0xA5, + 0x48, + 0xB9, + 0x93, + 0x03, + 0xE1, + 0xB8, + 0xBB, + 0xBD, + 0xBD, + 0x64, + 0x30, + 0x0B, + 0xB9, + 0x06, + 0x65, + 0x81, + 0x76, + 0x04, + 0x1D, + 0x77, + 0x62, + 0x17, + 0xCA, + 0x2B, + 0xD2, }; -# else +#else static unsigned char xcbc_ok[32] = { - 0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29, - 0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1, - 0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53, - 0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4, + 0x84, + 0x6B, + 0x29, + 0x14, + 0x85, + 0x1E, + 0x9A, + 0x29, + 0x54, + 0x73, + 0x2F, + 0x8A, + 0xA0, + 0xA6, + 0x11, + 0xC1, + 0x15, + 0xCD, + 0xC2, + 0xD7, + 0x95, + 0x1B, + 0x10, + 0x53, + 0xA6, + 0x3C, + 0x5E, + 0x03, + 0xB2, + 0x1A, + 0xA3, + 0xC4, }; -# endif +#endif static unsigned char cbc3_ok[32] = { 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0, @@ -239,10 +325,8 @@ 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88 }; -static unsigned char cfb_key[8] = - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; -static unsigned char cfb_iv[8] = - { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; +static unsigned char cfb_key[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char cfb_iv[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; static unsigned char plain[24] = { 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, @@ -276,10 +360,8 @@ 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22 }; -static unsigned char ofb_key[8] = - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; -static unsigned char ofb_iv[8] = - { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; +static unsigned char ofb_key[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char ofb_iv[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8]; static unsigned char ofb_cipher[24] = { 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51, @@ -287,8 +369,7 @@ 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3 }; static DES_LONG cbc_cksum_ret = 0xF7FE62B4L; -static unsigned char cbc_cksum_data[8] = - { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 }; +static unsigned char cbc_cksum_data[8] = { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 }; static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE]) { @@ -320,12 +401,12 @@ if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) { TEST_info("Encryption error %2d k=%s p=%s", i + 1, - pt(key_data[i], b1), pt(in, b2)); + pt(key_data[i], b1), pt(in, b2)); return 0; } if (!TEST_mem_eq(in, 8, outin, 8)) { TEST_info("Decryption error %2d k=%s p=%s", i + 1, - pt(key_data[i], b1), pt(out, b2)); + pt(key_data[i], b1), pt(out, b2)); return 0; } return 1; @@ -348,12 +429,12 @@ if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) { TEST_info("Encryption error %2d k=%s p=%s", i + 1, - pt(key_data[i], b1), pt(in, b2)); + pt(key_data[i], b1), pt(in, b2)); return 0; } if (!TEST_mem_eq(in, 8, outin, 8)) { TEST_info("Decryption error %2d k=%s p=%s ", i + 1, - pt(key_data[i], b1), pt(out, b2)); + pt(key_data[i], b1), pt(out, b2)); return 0; } return 1; @@ -373,13 +454,13 @@ memset(cbc_in, 0, sizeof(cbc_in)); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks, - &iv3, DES_ENCRYPT); + &iv3, DES_ENCRYPT); if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32)) return 0; memcpy(iv3, cbc_iv, sizeof(cbc_iv)); DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks, - &iv3, DES_DECRYPT); + &iv3, DES_DECRYPT); return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len); } @@ -397,12 +478,12 @@ memset(cbc_in, 0, sizeof(cbc_in)); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key, - DES_ENCRYPT); + DES_ENCRYPT); if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok))) return 0; memcpy(iv3, cbc_iv, sizeof(cbc_iv)); DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key, - DES_DECRYPT); + DES_DECRYPT); return TEST_mem_eq(cbc_data, n, cbc_data, n); } @@ -426,15 +507,15 @@ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, - DES_ENCRYPT); + DES_ENCRYPT); DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2, - &ks3, &iv3, DES_ENCRYPT); + &ks3, &iv3, DES_ENCRYPT); if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n)) return 0; memcpy(iv3, cbc_iv, sizeof(cbc_iv)); DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, - DES_DECRYPT); + DES_DECRYPT); return TEST_mem_eq(cbc_in, i, cbc_data, i); } @@ -496,11 +577,11 @@ memset(cbc_out, 0, sizeof(cbc_out)); memset(cbc_in, 0, sizeof(cbc_in)); DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks, - &cbc_iv, DES_ENCRYPT); + &cbc_iv, DES_ENCRYPT); if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok))) return 0; DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks, - &cbc_iv, DES_DECRYPT); + &cbc_iv, DES_DECRYPT); return TEST_mem_eq(cbc_in, n, cbc_data, n); } @@ -511,12 +592,12 @@ DES_set_key_checked(&cfb_key, &ks); memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp, - DES_ENCRYPT); + DES_ENCRYPT); if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain))) return 0; memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp, - DES_DECRYPT); + DES_DECRYPT); return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); } @@ -554,28 +635,28 @@ n = 0; DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT); DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks, - &cfb_tmp, &n, DES_ENCRYPT); + &cfb_tmp, &n, DES_ENCRYPT); if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain))) return 0; memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); n = 0; DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT); DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], - sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT); + sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT); if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain))) return 0; memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); for (i = 0; i < sizeof(plain); i++) DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp, - DES_ENCRYPT); + DES_ENCRYPT); if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain))) return 0; memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); for (i = 0; i < sizeof(plain); i++) DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp, - DES_DECRYPT); + DES_DECRYPT); return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); } @@ -588,17 +669,17 @@ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); n = 0; DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n, - DES_ENCRYPT); + DES_ENCRYPT); DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks, - &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT); + &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT); if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain))) return 0; memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); n = 0; DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks, - &cfb_tmp, &n, DES_DECRYPT); + &cfb_tmp, &n, DES_DECRYPT); DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17, - &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT); + &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT); return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); } @@ -614,7 +695,7 @@ memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks, - &ofb_tmp); + &ofb_tmp); return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); } @@ -637,7 +718,7 @@ memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); num = 0; DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp, - &num); + &num); return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); } @@ -654,14 +735,14 @@ num = 0; for (i = 0; i < sizeof(plain); i++) { DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks, - &ks, &ofb_tmp, &num); + &ks, &ofb_tmp, &num); } if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1))) return 0; memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); num = 0; DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks, - &ofb_tmp, &num); + &ofb_tmp, &num); return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); } @@ -673,7 +754,7 @@ DES_set_key_checked(&cbc_key, &ks); cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks, - &cbc_iv); + &cbc_iv); if (!TEST_cs_eq(cs, cbc_cksum_ret)) return 0; return TEST_mem_eq(cret, 8, cbc_cksum_data, 8); @@ -684,8 +765,8 @@ DES_LONG cs, lqret[4]; cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret, - (long)strlen((char *)cbc_data), 2, - (DES_cblock *)cbc_iv); + (long)strlen((char *)cbc_data), 2, + (DES_cblock *)cbc_iv); if (!TEST_cs_eq(cs, 0x70d7a63aL)) return 0; if (!TEST_cs_eq(lqret[0], 0x327eba8dL)) @@ -719,11 +800,11 @@ /* Some sanity checks and cipher loading */ if (!TEST_size_t_le(in_bytes, sizeof(in)) - || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL)) - || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8) - || !TEST_size_t_eq(bs * 3u, sizeof(key)) - || !TEST_true(in_bytes % bs == 0) - || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL)) + || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8) + || !TEST_size_t_eq(bs * 3u, sizeof(key)) + || !TEST_true(in_bytes % bs == 0) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) goto err; /* Create random data to end to end test */ @@ -738,8 +819,8 @@ /* Wrap / encrypt the key */ clen_upd = sizeof(c_txt); if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL)) - || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd, - in, in_bytes))) + || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd, + in, in_bytes))) goto err; expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs; @@ -748,15 +829,15 @@ clen_fin = sizeof(c_txt) - clen_upd; if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin)) - || !TEST_int_eq(clen_fin, 0)) + || !TEST_int_eq(clen_fin, 0)) goto err; clen = clen_upd + clen_fin; /* Decrypt the wrapped key */ plen_upd = sizeof(p_txt); if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL)) - || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd, - c_txt, clen))) + || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd, + c_txt, clen))) goto err; plen_fin = sizeof(p_txt) - plen_upd; if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin))) @@ -766,7 +847,7 @@ if (!TEST_mem_eq(in, in_bytes, p_txt, plen)) goto err; res = 1; - err: +err: EVP_CIPHER_free(cipher); EVP_CIPHER_CTX_free(ctx); return res; @@ -785,25 +866,25 @@ int expect; } weak_keys[] = { /* weak keys */ - {{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 1 }, - {{0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, 1 }, - {{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, 1 }, - {{0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, 1 }, + { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 1 }, + { { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 1 }, + { { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 1 }, + { { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 1 }, /* semi-weak keys */ - {{0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, 1 }, - {{0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, 1 }, - {{0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, 1 }, - {{0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, 1 }, - {{0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, 1 }, - {{0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, 1 }, - {{0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, 1 }, - {{0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, 1 }, - {{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, 1 }, - {{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, 1 }, - {{0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, 1 }, - {{0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}, 1 }, + { { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 1 }, + { { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 1 }, + { { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 1 }, + { { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 1 }, + { { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 1 }, + { { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 1 }, + { { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 1 }, + { { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 1 }, + { { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 1 }, + { { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 1 }, + { { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 1 }, + { { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }, 1 }, /* good key */ - {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 } + { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 } }; static int test_des_weak_keys(int n) @@ -817,19 +898,19 @@ const DES_cblock key; int expect; } bad_parity_keys[] = { - {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 0 }, - {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 0 }, + { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 0 }, + { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, 0 }, /* Perturb each byte in turn to create even parity */ - {{0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }, - {{0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }, - {{0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }, - {{0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }, - {{0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF}, 0 }, - {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF}, 0 }, - {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF}, 0 }, - {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE}, 0 }, + { { 0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }, + { { 0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }, + { { 0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }, + { { 0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF }, 0 }, + { { 0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF }, 0 }, + { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF }, 0 }, + { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF }, 0 }, + { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE }, 0 }, /* Odd parity version of above */ - {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 1 } + { { 0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF }, 1 } }; static int test_des_check_bad_parity(int n) @@ -848,14 +929,14 @@ unsigned char key[16]; if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES-EDE-ECB", NULL)) - || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - || !EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) - || !EVP_CIPHER_CTX_set_key_length(ctx, sizeof(key)) - || !EVP_CIPHER_CTX_rand_key(ctx, key)) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) + || !EVP_CIPHER_CTX_set_key_length(ctx, sizeof(key)) + || !EVP_CIPHER_CTX_rand_key(ctx, key)) goto err; res = 1; - err: +err: EVP_CIPHER_free(cipher); EVP_CIPHER_CTX_free(ctx); return res; --- crypto/openssl/test/dhtest.c.orig +++ crypto/openssl/test/dhtest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,9 +28,9 @@ #include "testutil.h" #ifndef OPENSSL_NO_DH -# include -# include "crypto/bn_dh.h" -# include "crypto/dh.h" +#include +#include "crypto/bn_dh.h" +#include "crypto/dh.h" static int cb(int p, int n, BN_GENCB *arg); @@ -77,15 +77,15 @@ goto err2; i ^= DH_MODULUS_TOO_SMALL; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) - || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) - || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) - || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) - || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) - || !TEST_false(i & DH_CHECK_INVALID_J_VALUE) - || !TEST_false(i & DH_MODULUS_TOO_SMALL) - || !TEST_false(i & DH_MODULUS_TOO_LARGE) - || !TEST_false(i)) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_INVALID_J_VALUE) + || !TEST_false(i & DH_MODULUS_TOO_SMALL) + || !TEST_false(i & DH_MODULUS_TOO_LARGE) + || !TEST_false(i)) goto err2; /* test the combined getter for p, q, and g */ @@ -135,7 +135,7 @@ /* Modulus of size: dh check max modulus bits + 1 */ if (!TEST_true(BN_set_word(p, 1)) - || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) + || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) goto err3; /* @@ -156,23 +156,23 @@ goto err3; BN_GENCB_set(_cb, &cb, NULL); if (!TEST_ptr(a = DH_new()) - || !TEST_true(DH_generate_parameters_ex(a, 512, - DH_GENERATOR_5, _cb))) + || !TEST_true(DH_generate_parameters_ex(a, 512, + DH_GENERATOR_5, _cb))) goto err3; /* ... and check whether it is valid */ if (!TEST_true(DH_check(a, &i))) goto err3; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) - || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) - || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) - || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) - || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) - || !TEST_false(i & DH_CHECK_INVALID_J_VALUE) - || !TEST_false(i & DH_MODULUS_TOO_SMALL) - || !TEST_false(i & DH_MODULUS_TOO_LARGE) - || !TEST_false(i)) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_INVALID_J_VALUE) + || !TEST_false(i & DH_MODULUS_TOO_SMALL) + || !TEST_false(i & DH_MODULUS_TOO_LARGE) + || !TEST_false(i)) goto err3; DH_get0_pqg(a, &ap, NULL, &ag); @@ -182,8 +182,8 @@ goto err3; if (!TEST_ptr(bp = BN_dup(ap)) - || !TEST_ptr(bg = BN_dup(ag)) - || !TEST_true(DH_set0_pqg(b, bp, NULL, bg))) + || !TEST_ptr(bg = BN_dup(ag)) + || !TEST_true(DH_set0_pqg(b, bp, NULL, bg))) goto err3; bp = bg = NULL; @@ -201,44 +201,44 @@ /* Also test with a private-key-only copy of |b|. */ if (!TEST_ptr(c = DHparams_dup(b)) - || !TEST_ptr(cpriv_key = BN_dup(bpriv_key)) - || !TEST_true(DH_set0_key(c, NULL, cpriv_key))) + || !TEST_ptr(cpriv_key = BN_dup(bpriv_key)) + || !TEST_true(DH_set0_key(c, NULL, cpriv_key))) goto err3; cpriv_key = NULL; alen = DH_size(a); if (!TEST_ptr(abuf = OPENSSL_malloc(alen)) - || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1)) + || !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0)) goto err3; blen = DH_size(b); if (!TEST_ptr(bbuf = OPENSSL_malloc(blen)) - || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1)) + || !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0)) goto err3; clen = DH_size(c); if (!TEST_ptr(cbuf = OPENSSL_malloc(clen)) - || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1)) + || !TEST_int_gt((cout = DH_compute_key(cbuf, apub_key, c)), 0)) goto err3; if (!TEST_true(aout >= 20) - || !TEST_mem_eq(abuf, aout, bbuf, bout) - || !TEST_mem_eq(abuf, aout, cbuf, cout)) + || !TEST_mem_eq(abuf, aout, bbuf, bout) + || !TEST_mem_eq(abuf, aout, cbuf, cout)) goto err3; ret = 1; goto success; - err1: +err1: /* an error occurred before p,q,g were assigned to dh */ BN_free(p); BN_free(q); BN_free(g); - err2: +err2: /* an error occurred before priv_key was assigned to dh */ BN_free(priv_key); - err3: - success: +err3: +success: OPENSSL_free(abuf); OPENSSL_free(bbuf); OPENSSL_free(cbuf); @@ -546,7 +546,7 @@ }; typedef struct { - DH *(*get_param) (void); + DH *(*get_param)(void); const unsigned char *xA; size_t xA_len; const unsigned char *yA; @@ -559,19 +559,19 @@ size_t Z_len; } rfc5114_td; -# define make_rfc5114_td(pre) { \ - DH_get_##pre, \ - dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \ - dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \ - dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \ - dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \ - dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \ - } +#define make_rfc5114_td(pre) { \ + DH_get_##pre, \ + dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \ + dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \ + dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \ + dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \ + dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \ +} static const rfc5114_td rfctd[] = { - make_rfc5114_td(1024_160), - make_rfc5114_td(2048_224), - make_rfc5114_td(2048_256) + make_rfc5114_td(1024_160), + make_rfc5114_td(2048_224), + make_rfc5114_td(2048_256) }; static int rfc5114_test(void) @@ -590,28 +590,28 @@ td = rfctd + i; /* Set up DH structures setting key components */ if (!TEST_ptr(dhA = td->get_param()) - || !TEST_ptr(dhB = td->get_param())) + || !TEST_ptr(dhB = td->get_param())) goto bad_err; if (!TEST_ptr(priv_key = BN_bin2bn(td->xA, td->xA_len, NULL)) - || !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL)) - || !TEST_true(DH_set0_key(dhA, pub_key, priv_key))) + || !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL)) + || !TEST_true(DH_set0_key(dhA, pub_key, priv_key))) goto bad_err; if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL)) - || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL)) - || !TEST_true( DH_set0_key(dhB, pub_key, priv_key))) + || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL)) + || !TEST_true(DH_set0_key(dhB, pub_key, priv_key))) goto bad_err; priv_key = pub_key = NULL; if (!TEST_int_gt(szA = DH_size(dhA), 0) - || !TEST_int_gt(szB = DH_size(dhB), 0) - || !TEST_size_t_eq(td->Z_len, (size_t)szA) - || !TEST_size_t_eq(td->Z_len, (size_t)szB)) + || !TEST_int_gt(szB = DH_size(dhB), 0) + || !TEST_size_t_eq(td->Z_len, (size_t)szA) + || !TEST_size_t_eq(td->Z_len, (size_t)szB)) goto err; if (!TEST_ptr(Z1 = OPENSSL_malloc((size_t)szA)) - || !TEST_ptr(Z2 = OPENSSL_malloc((size_t)szB))) + || !TEST_ptr(Z2 = OPENSSL_malloc((size_t)szB))) goto bad_err; /* * Work out shared secrets using both sides and compare with expected @@ -626,7 +626,7 @@ goto bad_err; if (!TEST_mem_eq(Z1, td->Z_len, td->Z, td->Z_len) - || !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len)) + || !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len)) goto err; DH_free(dhA); @@ -640,7 +640,7 @@ } return 1; - bad_err: +bad_err: DH_free(dhA); DH_free(dhB); BN_free(pub_key); @@ -650,7 +650,7 @@ TEST_error("Initialisation error RFC5114 set %d\n", i + 1); return 0; - err: +err: DH_free(dhA); DH_free(dhB); OPENSSL_free(Z1); @@ -669,15 +669,15 @@ int ret = 0; if (!TEST_ptr(a = DH_new_by_nid(NID_ffdhe2048))) - goto err; + goto err; if (!DH_check(a, &i)) goto err; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) - || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) - || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) - || !TEST_false(i)) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i)) goto err; if (!DH_generate_key(a)) @@ -694,21 +694,21 @@ alen = DH_size(a); if (!TEST_int_gt(alen, 0) || !TEST_ptr(abuf = OPENSSL_malloc(alen)) - || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1)) + || !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0)) goto err; blen = DH_size(b); if (!TEST_int_gt(blen, 0) || !TEST_ptr(bbuf = OPENSSL_malloc(blen)) - || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1)) + || !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0)) goto err; if (!TEST_true(aout >= 20) - || !TEST_mem_eq(abuf, aout, bbuf, bout)) + || !TEST_mem_eq(abuf, aout, bbuf, bout)) goto err; ret = 1; - err: +err: OPENSSL_free(abuf); OPENSSL_free(bbuf); DH_free(a); @@ -835,9 +835,9 @@ /* Test that after changing g it is no longer a named group */ if (!TEST_ptr(gcpy = BN_dup(BN_value_one()))) - goto err; + goto err; if (!TEST_true(DH_set0_pqg(dh2, NULL, NULL, gcpy))) - goto err; + goto err; gcpy = NULL; if (!TEST_int_eq(DH_get_nid(dh2), NID_undef)) goto err; @@ -924,10 +924,10 @@ const unsigned char *p = dh_pub_der; ret = TEST_ptr(pkey = d2i_PUBKEY_ex(NULL, &p, sizeof(dh_pub_der), - NULL, NULL)) - && TEST_true(EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_DH_PRIV_LEN, - &privlen)) - && TEST_int_eq(privlen, 1024); + NULL, NULL)) + && TEST_true(EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_DH_PRIV_LEN, + &privlen)) + && TEST_int_eq(privlen, 1024); EVP_PKEY_free(pkey); return ret; --- crypto/openssl/test/drbgtest.c.orig +++ crypto/openssl/test/drbgtest.c @@ -25,19 +25,19 @@ #include "../crypto/evp/evp_local.h" #if defined(_WIN32) -# include +#include #endif #if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif +#if defined(OPENSSL_TANDEM_FLOSS) +#include +#endif #endif #if defined(OPENSSL_SYS_UNIX) -# include -# include -# include +#include +#include +#include #endif #include "testutil.h" @@ -72,7 +72,6 @@ return gen_bytes(RAND_get0_private(NULL), buf, num); } - /* size of random output generated in test_drbg_reseed() */ #define RANDOM_SIZE 16 @@ -95,10 +94,10 @@ return 0; } -#define DRBG_UINT(name) \ - static unsigned int name(EVP_RAND_CTX *drbg) \ - { \ - return query_rand_uint(drbg, #name); \ +#define DRBG_UINT(name) \ + static unsigned int name(EVP_RAND_CTX *drbg) \ + { \ + return query_rand_uint(drbg, #name); \ } DRBG_UINT(reseed_counter) @@ -151,7 +150,7 @@ return strcmp(name, "OpenSSL FIPS Provider") == 0; } - /* +/* * Disable CRNG testing if it is enabled. * This stub remains to indicate the calling locations where it is necessary. * Once the RNG infrastructure is able to disable these tests, it should be @@ -178,16 +177,15 @@ * |before_reseed| time. */ static int test_drbg_reseed(int expect_success, - EVP_RAND_CTX *primary, - EVP_RAND_CTX *public, - EVP_RAND_CTX *private, - unsigned char *public_random, - unsigned char *private_random, - int expect_primary_reseed, - int expect_public_reseed, - int expect_private_reseed, - time_t reseed_when - ) + EVP_RAND_CTX *primary, + EVP_RAND_CTX *public, + EVP_RAND_CTX *private, + unsigned char *public_random, + unsigned char *private_random, + int expect_primary_reseed, + int expect_public_reseed, + int expect_private_reseed, + time_t reseed_when) { time_t before_reseed, after_reseed; int expected_state = (expect_success ? DRBG_READY : DRBG_ERROR); @@ -219,14 +217,15 @@ /* Generate random output from the public and private DRBG */ before_reseed = expect_primary_reseed == 1 ? reseed_when : 0; - if (!TEST_int_eq(rand_bytes((unsigned char*)public_random, - RANDOM_SIZE), expect_success) - || !TEST_int_eq(rand_priv_bytes((unsigned char*) private_random, - RANDOM_SIZE), expect_success)) + if (!TEST_int_eq(rand_bytes((unsigned char *)public_random, + RANDOM_SIZE), + expect_success) + || !TEST_int_eq(rand_priv_bytes((unsigned char *)private_random, + RANDOM_SIZE), + expect_success)) return 0; after_reseed = time(NULL); - /* * step 3: check postconditions */ @@ -246,16 +245,16 @@ if (expect_public_reseed >= 0) { /* Test whether public DRBG was reseeded as expected */ if (!TEST_int_ge(reseed_counter(public), public_reseed) - || !TEST_uint_ge(reseed_counter(public), - reseed_counter(primary))) + || !TEST_uint_ge(reseed_counter(public), + reseed_counter(primary))) return 0; } if (expect_private_reseed >= 0) { /* Test whether public DRBG was reseeded as expected */ if (!TEST_int_ge(reseed_counter(private), private_reseed) - || !TEST_uint_ge(reseed_counter(private), - reseed_counter(primary))) + || !TEST_uint_ge(reseed_counter(private), + reseed_counter(primary))) return 0; } @@ -276,7 +275,6 @@ return 1; } - #if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_RAND_SEED_EGD) /* number of children to fork */ #define DRBG_FORK_COUNT 9 @@ -287,10 +285,10 @@ unsigned char random[RANDOM_SIZE]; /* random output */ - int pindex; /* process index (0: parent, 1,2,3...: children)*/ - pid_t pid; /* process id */ - int private; /* true if the private drbg was used */ - char name[10]; /* 'parent' resp. 'child 1', 'child 2', ... */ + int pindex; /* process index (0: parent, 1,2,3...: children)*/ + pid_t pid; /* process id */ + int private; /* true if the private drbg was used */ + char name[10]; /* 'parent' resp. 'child 1', 'child 2', ... */ } drbg_fork_result; /* @@ -299,7 +297,7 @@ * This simplifies finding duplicate random output and makes * the printout in case of an error more readable. */ -static int compare_drbg_fork_result(const void * left, const void * right) +static int compare_drbg_fork_result(const void *left, const void *right) { int result; const drbg_fork_result *l = left; @@ -322,7 +320,7 @@ * * Used for finding collisions in two-byte chunks */ -static int compare_rand_chunk(const void * left, const void * right) +static int compare_rand_chunk(const void *left, const void *right) { return memcmp(left, right, 2); } @@ -334,9 +332,9 @@ * the parent process. */ static int test_drbg_reseed_in_child(EVP_RAND_CTX *primary, - EVP_RAND_CTX *public, - EVP_RAND_CTX *private, - drbg_fork_result result[2]) + EVP_RAND_CTX *public, + EVP_RAND_CTX *private, + drbg_fork_result result[2]) { int rv = 0, status; int fd[2]; @@ -359,7 +357,7 @@ if (TEST_int_eq(waitpid(pid, &status, 0), pid) && TEST_int_eq(status, 0) && TEST_true(read(fd[0], &random[0], sizeof(random)) - == sizeof(random))) { + == sizeof(random))) { /* random output of public drbg */ result[0].pid = pid; @@ -386,10 +384,10 @@ /* check whether all three DRBGs reseed and send output to parent */ if (TEST_true(test_drbg_reseed(1, primary, public, private, - &random[0], &random[RANDOM_SIZE], - 1, 1, 1, 0)) + &random[0], &random[RANDOM_SIZE], + 1, 1, 1, 0)) && TEST_true(write(fd[1], random, sizeof(random)) - == sizeof(random))) { + == sizeof(random))) { rv = 1; } @@ -403,23 +401,23 @@ } static int test_rand_reseed_on_fork(EVP_RAND_CTX *primary, - EVP_RAND_CTX *public, - EVP_RAND_CTX *private) + EVP_RAND_CTX *public, + EVP_RAND_CTX *private) { unsigned int i; pid_t pid = getpid(); int verbose = (getenv("V") != NULL); int success = 1; - int duplicate[2] = {0, 0}; + int duplicate[2] = { 0, 0 }; unsigned char random[2 * RANDOM_SIZE]; unsigned char sample[DRBG_FORK_RESULT_COUNT * RANDOM_SIZE]; unsigned char *psample = &sample[0]; drbg_fork_result result[DRBG_FORK_RESULT_COUNT]; drbg_fork_result *presult = &result[2]; - memset(&result, 0, sizeof(result)); + memset(&result, 0, sizeof(result)); - for (i = 1 ; i <= DRBG_FORK_COUNT ; ++i) { + for (i = 1; i <= DRBG_FORK_COUNT; ++i) { presult[0].pindex = presult[1].pindex = i; @@ -428,9 +426,9 @@ /* collect the random output of the children */ if (!TEST_true(test_drbg_reseed_in_child(primary, - public, - private, - presult))) + public, + private, + presult))) return 0; presult += 2; @@ -438,9 +436,9 @@ /* collect the random output of the parent */ if (!TEST_true(test_drbg_reseed(1, - primary, public, private, - &random[0], &random[RANDOM_SIZE], - 0, 0, 0, 0))) + primary, public, private, + &random[0], &random[RANDOM_SIZE], + 0, 0, 0, 0))) return 0; strcpy(result[0].name, "parent"); @@ -457,18 +455,18 @@ memcpy(result[1].random, &random[RANDOM_SIZE], RANDOM_SIZE); /* collect all sampled random data in a single buffer */ - for (i = 0 ; i < DRBG_FORK_RESULT_COUNT ; ++i) { + for (i = 0; i < DRBG_FORK_RESULT_COUNT; ++i) { memcpy(psample, &result[i].random[0], RANDOM_SIZE); psample += RANDOM_SIZE; } /* sort the results... */ qsort(result, DRBG_FORK_RESULT_COUNT, sizeof(drbg_fork_result), - compare_drbg_fork_result); + compare_drbg_fork_result); /* ...and count duplicate prefixes by looking at the first byte only */ - for (i = 1 ; i < DRBG_FORK_RESULT_COUNT ; ++i) { - if (result[i].random[0] == result[i-1].random[0]) { + for (i = 1; i < DRBG_FORK_RESULT_COUNT; ++i) { + if (result[i].random[0] == result[i - 1].random[0]) { /* count public and private duplicates separately */ ++duplicate[result[i].private]; } @@ -489,10 +487,10 @@ duplicate[0] = 0; /* sort the two-byte chunks... */ - qsort(sample, sizeof(sample)/2, 2, compare_rand_chunk); + qsort(sample, sizeof(sample) / 2, 2, compare_rand_chunk); /* ...and count duplicate chunks */ - for (i = 2, psample = sample + 2 ; i < sizeof(sample) ; i += 2, psample += 2) { + for (i = 2, psample = sample + 2; i < sizeof(sample); i += 2, psample += 2) { if (compare_rand_chunk(psample - 2, psample) == 0) ++duplicate[0]; } @@ -505,15 +503,14 @@ if (verbose || !success) { - for (i = 0 ; i < DRBG_FORK_RESULT_COUNT ; ++i) { + for (i = 0; i < DRBG_FORK_RESULT_COUNT; ++i) { char *rand_hex = OPENSSL_buf2hexstr(result[i].random, RANDOM_SIZE); TEST_note(" random: %s, pid: %d (%s, %s)", - rand_hex, - result[i].pid, - result[i].name, - result[i].private ? "private" : "public" - ); + rand_hex, + result[i].pid, + result[i].name, + result[i].private ? "private" : "public"); OPENSSL_free(rand_hex); } @@ -594,18 +591,18 @@ * Test initial seeding of shared DRBGs */ if (!TEST_true(test_drbg_reseed(1, - primary, public, private, - NULL, NULL, - 1, 1, 1, 0))) + primary, public, private, + NULL, NULL, + 1, 1, 1, 0))) goto error; /* * Test initial state of shared DRBGs */ if (!TEST_true(test_drbg_reseed(1, - primary, public, private, - NULL, NULL, - 0, 0, 0, 0))) + primary, public, private, + NULL, NULL, + 0, 0, 0, 0))) goto error; /* @@ -614,9 +611,9 @@ */ inc_reseed_counter(primary); if (!TEST_true(test_drbg_reseed(1, - primary, public, private, - NULL, NULL, - 0, 1, 1, 0))) + primary, public, private, + NULL, NULL, + 0, 1, 1, 0))) goto error; /* @@ -626,9 +623,9 @@ inc_reseed_counter(primary); inc_reseed_counter(private); if (!TEST_true(test_drbg_reseed(1, - primary, public, private, - NULL, NULL, - 0, 1, 0, 0))) + primary, public, private, + NULL, NULL, + 0, 1, 0, 0))) goto error; /* @@ -638,9 +635,9 @@ inc_reseed_counter(primary); inc_reseed_counter(public); if (!TEST_true(test_drbg_reseed(1, - primary, public, private, - NULL, NULL, - 0, 0, 1, 0))) + primary, public, private, + NULL, NULL, + 0, 0, 1, 0))) goto error; /* fill 'randomness' buffer with some arbitrary data */ @@ -657,16 +654,16 @@ before_reseed = time(NULL); RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); if (!TEST_true(test_drbg_reseed(1, - primary, public, private, - NULL, NULL, - 1, 1, 1, - before_reseed))) + primary, public, private, + NULL, NULL, + 1, 1, 1, + before_reseed))) goto error; rv = 1; error: - return rv; + return rv; } #if defined(OPENSSL_THREADS) @@ -678,7 +675,7 @@ OSSL_PARAM params[2]; params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, - &t); + &t); params[1] = OSSL_PARAM_construct_end(); return EVP_RAND_CTX_set_params(drbg, params); } @@ -690,9 +687,9 @@ EVP_RAND_CTX *public = NULL, *private = NULL; if (!TEST_ptr(public = RAND_get0_public(NULL)) - || !TEST_ptr(private = RAND_get0_private(NULL)) - || !TEST_true(set_reseed_time_interval(private, 1)) - || !TEST_true(set_reseed_time_interval(public, 1))) { + || !TEST_ptr(private = RAND_get0_private(NULL)) + || !TEST_true(set_reseed_time_interval(private, 1)) + || !TEST_true(set_reseed_time_interval(public, 1))) { multi_thread_rand_bytes_succeeded = 0; return; } @@ -702,11 +699,10 @@ multi_thread_rand_bytes_succeeded = 0; if (rand_priv_bytes(buf, sizeof(buf)) <= 0) multi_thread_rand_priv_bytes_succeeded = 0; - } - while (time(NULL) - start < 5); + } while (time(NULL) - start < 5); } -# if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) typedef HANDLE thread_t; @@ -732,7 +728,7 @@ return WaitForSingleObject(thread, INFINITE) == 0; } -# else +#else typedef pthread_t thread_t; @@ -757,13 +753,13 @@ return pthread_join(thread, NULL) == 0; } -# endif +#endif /* * The main thread will also run the test, so we'll have THREADS+1 parallel * tests running */ -# define THREADS 3 +#define THREADS 3 static int test_multi_thread(void) { @@ -792,12 +788,12 @@ EVP_RAND_CTX *drbg = NULL; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, - "AES-256-CTR", 0); + "AES-256-CTR", 0); params[1] = OSSL_PARAM_construct_end(); if (!TEST_ptr(rand = EVP_RAND_fetch(NULL, "CTR-DRBG", NULL)) - || !TEST_ptr(drbg = EVP_RAND_CTX_new(rand, parent)) - || !TEST_true(EVP_RAND_CTX_set_params(drbg, params))) { + || !TEST_ptr(drbg = EVP_RAND_CTX_new(rand, parent)) + || !TEST_true(EVP_RAND_CTX_set_params(drbg, params))) { EVP_RAND_CTX_free(drbg); drbg = NULL; } --- crypto/openssl/test/dsa_no_digest_size_test.c.orig +++ crypto/openssl/test/dsa_no_digest_size_test.c @@ -101,8 +101,8 @@ if (dsa == NULL) return NULL; if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_2048, sizeof(dsap_2048), NULL), - q = BN_bin2bn(dsaq_2048, sizeof(dsaq_2048), NULL), - g = BN_bin2bn(dsag_2048, sizeof(dsag_2048), NULL))) { + q = BN_bin2bn(dsaq_2048, sizeof(dsaq_2048), NULL), + g = BN_bin2bn(dsag_2048, sizeof(dsag_2048), NULL))) { DSA_free(dsa); BN_free(p); BN_free(q); @@ -140,9 +140,7 @@ EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *pkey = NULL; - if (!TEST_ptr(dataToSign) || - !TEST_ptr(paddedData) || - !TEST_int_eq(RAND_bytes(dataToSign, len), 1)) + if (!TEST_ptr(dataToSign) || !TEST_ptr(paddedData) || !TEST_int_eq(RAND_bytes(dataToSign, len), 1)) goto end; memset(paddedData, 0, digestlen); @@ -212,7 +210,8 @@ return ok; } -static int dsa_exact_size_test(void) { +static int dsa_exact_size_test(void) +{ /* * For a 2048-bit p, q should be either 224 or 256 bits per the table in * FIPS 186-4 4.2. @@ -221,11 +220,13 @@ return sign_and_verify(224 / 8) && sign_and_verify(256 / 8); } -static int dsa_small_digest_test(void) { +static int dsa_small_digest_test(void) +{ return sign_and_verify(16) && sign_and_verify(1); } -static int dsa_large_digest_test(void) { +static int dsa_large_digest_test(void) +{ return sign_and_verify(33) && sign_and_verify(64); } @@ -248,4 +249,3 @@ #endif return 1; } - --- crypto/openssl/test/dsatest.c.orig +++ crypto/openssl/test/dsatest.c @@ -33,29 +33,158 @@ static int dsa_cb(int p, int n, BN_GENCB *arg); static unsigned char out_p[] = { - 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, - 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, - 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, - 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, - 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, - 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, - 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, - 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, + 0x8d, + 0xf2, + 0xa4, + 0x94, + 0x49, + 0x22, + 0x76, + 0xaa, + 0x3d, + 0x25, + 0x75, + 0x9b, + 0xb0, + 0x68, + 0x69, + 0xcb, + 0xea, + 0xc0, + 0xd8, + 0x3a, + 0xfb, + 0x8d, + 0x0c, + 0xf7, + 0xcb, + 0xb8, + 0x32, + 0x4f, + 0x0d, + 0x78, + 0x82, + 0xe5, + 0xd0, + 0x76, + 0x2f, + 0xc5, + 0xb7, + 0x21, + 0x0e, + 0xaf, + 0xc2, + 0xe9, + 0xad, + 0xac, + 0x32, + 0xab, + 0x7a, + 0xac, + 0x49, + 0x69, + 0x3d, + 0xfb, + 0xf8, + 0x37, + 0x24, + 0xc2, + 0xec, + 0x07, + 0x36, + 0xee, + 0x31, + 0xc8, + 0x02, + 0x91, }; static unsigned char out_q[] = { - 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, - 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, - 0xda, 0xce, 0x91, 0x5f, + 0xc7, + 0x73, + 0x21, + 0x8c, + 0x73, + 0x7e, + 0xc8, + 0xee, + 0x99, + 0x3b, + 0x4f, + 0x2d, + 0xed, + 0x30, + 0xf4, + 0x8e, + 0xda, + 0xce, + 0x91, + 0x5f, }; static unsigned char out_g[] = { - 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, - 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, - 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, - 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, - 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, - 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, - 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, - 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, + 0x62, + 0x6d, + 0x02, + 0x78, + 0x39, + 0xea, + 0x0a, + 0x13, + 0x41, + 0x31, + 0x63, + 0xa5, + 0x5b, + 0x4c, + 0xb5, + 0x00, + 0x29, + 0x9d, + 0x55, + 0x22, + 0x95, + 0x6c, + 0xef, + 0xcb, + 0x3b, + 0xff, + 0x10, + 0xf3, + 0x99, + 0xce, + 0x2c, + 0x2e, + 0x71, + 0xcb, + 0x9d, + 0xe5, + 0xfa, + 0x24, + 0xba, + 0xbf, + 0x58, + 0xe5, + 0xb7, + 0x95, + 0x21, + 0x92, + 0x5c, + 0x9c, + 0xc4, + 0x2e, + 0x9f, + 0x6f, + 0x46, + 0x4b, + 0x08, + 0x8c, + 0xc5, + 0x72, + 0xaf, + 0x53, + 0xe6, + 0xd7, + 0x88, + 0x02, }; static int dsa_test(void) @@ -73,9 +202,26 @@ * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ static unsigned char seed[20] = { - 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, - 0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24, - 0xe0, 0x42, 0x7d, 0xd3, + 0xd5, + 0x01, + 0x4e, + 0x4b, + 0x60, + 0xef, + 0x2b, + 0xa8, + 0xb6, + 0x21, + 0x1b, + 0x40, + 0x62, + 0xba, + 0x32, + 0x24, + 0xe0, + 0x42, + 0x7d, + 0xd3, }; static const unsigned char str1[] = "12345678901234567890"; @@ -85,7 +231,7 @@ BN_GENCB_set(cb, dsa_cb, NULL); if (!TEST_ptr(dsa = DSA_new()) || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, - &counter, &h, cb))) + &counter, &h, cb))) goto end; if (!TEST_int_eq(counter, 105)) @@ -115,7 +261,7 @@ goto end; if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0)) ret = 1; - end: +end: DSA_free(dsa); BN_GENCB_free(cb); return ret; @@ -137,14 +283,14 @@ return 1; } -# define P 0 -# define Q 1 -# define G 2 -# define SEED 3 -# define PCOUNT 4 -# define GINDEX 5 -# define HCOUNT 6 -# define GROUP 7 +#define P 0 +#define Q 1 +#define G 2 +#define SEED 3 +#define PCOUNT 4 +#define GINDEX 5 +#define HCOUNT 6 +#define GROUP 7 static int dsa_keygen_test(void) { @@ -164,7 +310,7 @@ 0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44, 0x7b, 0x2a, 0xc7, 0x29 }; - static const unsigned char expected_p[]= { + static const unsigned char expected_p[] = { 0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55, 0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc, 0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8, @@ -198,13 +344,13 @@ 0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2, 0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb }; - static const unsigned char expected_q[]= { + static const unsigned char expected_q[] = { 0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a, 0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b, 0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69, 0xe2, 0x56, 0xae, 0xd7 }; - static const unsigned char expected_g[]= { + static const unsigned char expected_g[] = { 0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f, 0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f, 0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2, @@ -250,14 +396,14 @@ || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx)) || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx)) || !TEST_ptr(OSSL_PARAM_locate_const(settables, - OSSL_PKEY_PARAM_FFC_PBITS)) + OSSL_PKEY_PARAM_FFC_PBITS)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4")) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224)) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data, - sizeof(seed_data))) + sizeof(seed_data))) || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256", - "")) + "")) || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, ¶m_key), 0) || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL)) || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0) @@ -271,23 +417,23 @@ || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out)) || !TEST_BN_eq(g_in, g_out) || !TEST_true(EVP_PKEY_get_octet_string_param( - key, OSSL_PKEY_PARAM_FFC_SEED, seed_out, - sizeof(seed_out), &len)) + key, OSSL_PKEY_PARAM_FFC_SEED, seed_out, + sizeof(seed_out), &len)) || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data)) || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX, - &gindex_out)) + &gindex_out)) || !TEST_int_eq(gindex_out, -1) || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H, - &hcount_out)) + &hcount_out)) || !TEST_int_eq(hcount_out, expected_h) || !TEST_true(EVP_PKEY_get_int_param(key, - OSSL_PKEY_PARAM_FFC_PCOUNTER, - &pcount_out)) + OSSL_PKEY_PARAM_FFC_PCOUNTER, + &pcount_out)) || !TEST_int_eq(pcount_out, expected_c) || !TEST_false(EVP_PKEY_get_utf8_string_param(key, - OSSL_PKEY_PARAM_GROUP_NAME, - group_out, - sizeof(group_out), &len))) + OSSL_PKEY_PARAM_GROUP_NAME, + group_out, + sizeof(group_out), &len))) goto end; ret = 1; end: @@ -312,12 +458,12 @@ EVP_PKEY *params = NULL; ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) - && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0) - && (i == 0 - || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512))) - && TEST_int_gt(EVP_PKEY_generate(gen_ctx, ¶ms), 0) - && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL)) - && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0); + && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0) + && (i == 0 + || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512))) + && TEST_int_gt(EVP_PKEY_generate(gen_ctx, ¶ms), 0) + && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL)) + && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0); EVP_PKEY_free(params); EVP_PKEY_CTX_free(check_ctx); --- crypto/openssl/test/dtls_mtu_test.c.orig +++ crypto/openssl/test/dtls_mtu_test.c @@ -23,9 +23,9 @@ static int debug = 0; static unsigned int clnt_psk_callback(SSL *ssl, const char *hint, - char *ident, unsigned int max_ident_len, - unsigned char *psk, - unsigned int max_psk_len) + char *ident, unsigned int max_ident_len, + unsigned char *psk, + unsigned int max_psk_len) { BIO_snprintf(ident, max_ident_len, "psk"); @@ -37,8 +37,8 @@ } static unsigned int srvr_psk_callback(SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len) + unsigned char *psk, + unsigned int max_psk_len) { if (max_psk_len > 20) max_psk_len = 20; @@ -59,17 +59,17 @@ memset(buf, 0x5a, sizeof(buf)); if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, - NULL, NULL))) + NULL, NULL))) goto end; if (no_etm) SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC); if (!TEST_true(SSL_set_cipher_list(srvr_ssl, cs)) - || !TEST_true(SSL_set_cipher_list(clnt_ssl, cs)) - || !TEST_ptr(sc_bio = SSL_get_rbio(srvr_ssl)) - || !TEST_true(create_ssl_connection(clnt_ssl, srvr_ssl, - SSL_ERROR_NONE))) + || !TEST_true(SSL_set_cipher_list(clnt_ssl, cs)) + || !TEST_ptr(sc_bio = SSL_get_rbio(srvr_ssl)) + || !TEST_true(create_ssl_connection(clnt_ssl, srvr_ssl, + SSL_ERROR_NONE))) goto end; if (debug) @@ -82,8 +82,8 @@ mtus[i] = DTLS_get_data_mtu(clnt_ssl); if (debug) TEST_info("%s%s MTU for record mtu %d = %lu", - cs, no_etm ? "-noEtM" : "", - 500 + i, (unsigned long)mtus[i]); + cs, no_etm ? "-noEtM" : "", + 500 + i, (unsigned long)mtus[i]); if (!TEST_size_t_ne(mtus[i], 0)) { TEST_info("Cipher %s MTU %d", cs, 500 + i); goto end; @@ -115,8 +115,8 @@ * that made a record *larger* than the record MTU 500+j! */ TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d", - cs, (unsigned long)s, (unsigned long)mtus[i], - (unsigned long)reclen, 500 + i); + cs, (unsigned long)s, (unsigned long)mtus[i], + (unsigned long)reclen, 500 + i); goto end; } if (!TEST_false(s > mtus[i] && reclen <= (size_t)(500 + i))) { @@ -126,8 +126,8 @@ * was overly pessimistic. */ TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d", - cs, (unsigned long)s, (unsigned long)mtus[i], - (unsigned long)reclen, 500 + i); + cs, (unsigned long)s, (unsigned long)mtus[i], + (unsigned long)reclen, 500 + i); goto end; } } @@ -135,7 +135,7 @@ rv = 1; if (SSL_READ_ETM(clnt_ssl)) rv = 2; - end: +end: SSL_free(clnt_ssl); SSL_free(srvr_ssl); return rv; @@ -183,7 +183,7 @@ TEST_info("%s without EtM OK", cipher_name); } - end: +end: SSL_CTX_free(ctx); return ret; } @@ -206,7 +206,7 @@ #endif if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, - NULL, NULL))) + NULL, NULL))) goto end; SSL_set_options(srvr_ssl, SSL_OP_NO_QUERY_MTU); @@ -214,15 +214,15 @@ goto end; SSL_set_tlsext_max_fragment_length(clnt_ssl, - TLSEXT_max_fragment_length_512); + TLSEXT_max_fragment_length_512); if (!TEST_true(create_ssl_connection(srvr_ssl, clnt_ssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; rv = 1; - end: +end: SSL_free(clnt_ssl); SSL_free(srvr_ssl); SSL_CTX_free(ctx); --- crypto/openssl/test/dtlstest.c.orig +++ crypto/openssl/test/dtlstest.c @@ -20,10 +20,9 @@ static char *privkey = NULL; static unsigned int timer_cb_count; -#define NUM_TESTS 2 +#define NUM_TESTS 2 - -#define DUMMY_CERT_STATUS_LEN 12 +#define DUMMY_CERT_STATUS_LEN 12 static unsigned char certstatus[] = { SSL3_RT_HANDSHAKE, /* Content type */ @@ -45,7 +44,7 @@ static const char dummy_cookie[] = "0123456"; static int generate_cookie_cb(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len) + unsigned int *cookie_len) { memcpy(cookie, dummy_cookie, sizeof(dummy_cookie)); *cookie_len = sizeof(dummy_cookie); @@ -53,7 +52,7 @@ } static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len) + unsigned int cookie_len) { return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie)); } @@ -78,9 +77,9 @@ timer_cb_count = 0; if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), - DTLS_client_method(), - DTLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + DTLS_client_method(), + DTLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) return 0; #ifndef OPENSSL_NO_DTLS1_2 @@ -89,8 +88,8 @@ #else /* Default sigalgs are SHA1 based in = TOTAL_FULL_HAND_RECORDS) { /* We're going to do a resumption handshake. Get a session first. */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_ptr(sess = SSL_get1_session(clientssl))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_ptr(sess = SSL_get1_session(clientssl))) goto end; SSL_shutdown(clientssl); @@ -253,7 +248,7 @@ /* BIO is freed by create_ssl_connection on error */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, c_to_s_fbio))) + NULL, c_to_s_fbio))) goto end; if (sess != NULL) { @@ -278,7 +273,7 @@ epoch = 1; idx -= cli_to_srv_cookie + cli_to_srv_epoch0; } - mempackbio = BIO_next(mempackbio); + mempackbio = BIO_next(mempackbio); } BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL); BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL); @@ -291,11 +286,12 @@ /* If the test did what we planned then it should have dropped a record */ if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0, - NULL), -1)) + NULL), + -1)) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_free(serverssl); SSL_free(clientssl); @@ -313,9 +309,9 @@ int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), - DTLS_client_method(), - DTLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + DTLS_client_method(), + DTLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) return 0; SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE); @@ -325,19 +321,19 @@ #ifdef OPENSSL_NO_DTLS1_2 /* Default sigalgs are SHA1 based in outtype == VERIFY) { if (!TEST_int_eq(ret, 0) - || !TEST_mem_eq(data, datalen, verify, sizeof(verify))) + || !TEST_mem_eq(data, datalen, verify, sizeof(verify))) goto err; } else if (datalen == 0) { if (!TEST_true((ret == 0 && tp->outtype == DROP) @@ -338,7 +339,7 @@ SSL_set0_rbio(ssl, NULL); success = 1; - err: +err: /* Also frees up outbio */ SSL_free(ssl); SSL_CTX_free(ctx); --- crypto/openssl/test/ec_internal_test.c.orig +++ crypto/openssl/test/ec_internal_test.c @@ -39,15 +39,12 @@ || !TEST_true(BN_is_one(b)) /* (1/a)*a = 1 */ || !TEST_true(BN_rand(a, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) || !TEST_true(group->meth->field_inv(group, b, a, ctx)) - || (group->meth->field_encode && - !TEST_true(group->meth->field_encode(group, a, a, ctx))) - || (group->meth->field_encode && - !TEST_true(group->meth->field_encode(group, b, b, ctx))) + || (group->meth->field_encode && !TEST_true(group->meth->field_encode(group, a, a, ctx))) + || (group->meth->field_encode && !TEST_true(group->meth->field_encode(group, b, b, ctx))) || !TEST_true(group->meth->field_mul(group, c, a, b, ctx)) - || (group->meth->field_decode && - !TEST_true(group->meth->field_decode(group, c, c, ctx))) + || (group->meth->field_decode && !TEST_true(group->meth->field_decode(group, c, c, ctx))) || !TEST_true(BN_is_one(c))) goto err; @@ -55,25 +52,23 @@ BN_zero(a); if (!TEST_false(group->meth->field_inv(group, b, a, ctx)) || !TEST_true(ERR_GET_LIB(ERR_peek_last_error()) == ERR_LIB_EC) - || !TEST_true(ERR_GET_REASON(ERR_peek_last_error()) == - EC_R_CANNOT_INVERT) + || !TEST_true(ERR_GET_REASON(ERR_peek_last_error()) == EC_R_CANNOT_INVERT) /* 1/p = error */ || !TEST_false(group->meth->field_inv(group, b, group->field, ctx)) || !TEST_true(ERR_GET_LIB(ERR_peek_last_error()) == ERR_LIB_EC) - || !TEST_true(ERR_GET_REASON(ERR_peek_last_error()) == - EC_R_CANNOT_INVERT)) + || !TEST_true(ERR_GET_REASON(ERR_peek_last_error()) == EC_R_CANNOT_INVERT)) goto err; ERR_clear_error(); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } /* wrapper for group_field_tests for explicit curve params and EC_METHOD */ static int field_tests(const EC_METHOD *meth, const unsigned char *params, - int len) + int len) { BN_CTX *ctx = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; @@ -96,7 +91,7 @@ goto err; ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); if (group != NULL) @@ -143,7 +138,7 @@ { TEST_info("Testing EC_GFp_simple_method()\n"); return field_tests(EC_GFp_simple_method(), params_p256, - sizeof(params_p256) / 3); + sizeof(params_p256) / 3); } /* test EC_GFp_mont_method directly */ @@ -151,7 +146,7 @@ { TEST_info("Testing EC_GFp_mont_method()\n"); return field_tests(EC_GFp_mont_method(), params_p256, - sizeof(params_p256) / 3); + sizeof(params_p256) / 3); } #ifndef OPENSSL_NO_EC2M @@ -191,11 +186,11 @@ goto out; if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) TEST_error("GF2m polynomial degree > %d accepted", - OPENSSL_ECC_MAX_FIELD_BITS); + OPENSSL_ECC_MAX_FIELD_BITS); ret = group1 == NULL && group2 == NULL && group3 == NULL; - out: +out: EC_GROUP_free(group1); EC_GROUP_free(group2); EC_GROUP_free(group3); @@ -210,7 +205,7 @@ { TEST_info("Testing EC_GF2m_simple_method()\n"); return field_tests(EC_GF2m_simple_method(), params_b283, - sizeof(params_b283) / 3); + sizeof(params_b283) / 3); } #endif @@ -230,7 +225,7 @@ goto err; ret = 1; - err: +err: if (group != NULL) EC_GROUP_free(group); if (ctx != NULL) @@ -251,12 +246,10 @@ BIGNUM *x1 = NULL, *y1 = NULL, *z1 = NULL, *x2 = NULL, *y2 = NULL; BIGNUM *k = NULL; int testresult = 0; - const char *x1str = - "1534f0077fffffe87e9adcfe000000000000000000003e05a21d2400002e031b1f4" - "b80000c6fafa4f3c1288798d624a247b5e2ffffffffffffffefe099241900004"; - const char *p521m1 = - "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"; + const char *x1str = "1534f0077fffffe87e9adcfe000000000000000000003e05a21d2400002e031b1f4" + "b80000c6fafa4f3c1288798d624a247b5e2ffffffffffffffefe099241900004"; + const char *p521m1 = "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"; ctx = BN_CTX_new(); if (!TEST_ptr(ctx)) @@ -280,24 +273,24 @@ goto err; if (!TEST_int_gt(BN_hex2bn(&x1, x1str), 0) - || !TEST_int_gt(BN_hex2bn(&y1, p521m1), 0) - || !TEST_int_gt(BN_hex2bn(&z1, p521m1), 0) - || !TEST_int_gt(BN_hex2bn(&k, "02"), 0) - || !TEST_true(ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(grp, P, x1, - y1, z1, ctx)) - || !TEST_true(EC_POINT_mul(grp, Q, NULL, P, k, ctx)) - || !TEST_true(EC_POINT_get_affine_coordinates(grp, Q, x1, y1, ctx)) - || !TEST_true(EC_POINT_dbl(grp, R, P, ctx)) - || !TEST_true(EC_POINT_get_affine_coordinates(grp, R, x2, y2, ctx))) + || !TEST_int_gt(BN_hex2bn(&y1, p521m1), 0) + || !TEST_int_gt(BN_hex2bn(&z1, p521m1), 0) + || !TEST_int_gt(BN_hex2bn(&k, "02"), 0) + || !TEST_true(ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(grp, P, x1, + y1, z1, ctx)) + || !TEST_true(EC_POINT_mul(grp, Q, NULL, P, k, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(grp, Q, x1, y1, ctx)) + || !TEST_true(EC_POINT_dbl(grp, R, P, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(grp, R, x2, y2, ctx))) goto err; if (!TEST_int_eq(BN_cmp(x1, x2), 0) - || !TEST_int_eq(BN_cmp(y1, y2), 0)) + || !TEST_int_eq(BN_cmp(y1, y2), 0)) goto err; testresult = 1; - err: +err: BN_CTX_end(ctx); EC_POINT_free(P); EC_POINT_free(Q); @@ -336,7 +329,7 @@ testresult = 1; - err: +err: EC_KEY_free(key); EC_KEY_free(aux_key); return testresult; @@ -386,10 +379,10 @@ || !TEST_ptr(grp_copy = EC_GROUP_new_from_ecpkparameters(ecpkparams)) || !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0) || !TEST_ptr(key = EC_KEY_new()) - /* Test EC_KEY_decoded_from_explicit_params on key without a group */ + /* Test EC_KEY_decoded_from_explicit_params on key without a group */ || !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), -1) || !TEST_int_eq(EC_KEY_set_group(key, grp_copy), 1) - /* Test EC_KEY_decoded_from_explicit_params negative case */ + /* Test EC_KEY_decoded_from_explicit_params negative case */ || !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), 0)) goto err; EC_GROUP_free(grp_copy); @@ -425,13 +418,13 @@ || !TEST_int_eq(EC_GROUP_get_asn1_flag(grp_copy), OPENSSL_EC_EXPLICIT_CURVE) || !TEST_int_eq(grp_copy->decoded_from_explicit_params, 1) || !TEST_int_eq(EC_KEY_set_group(key, grp_copy), 1) - /* Test EC_KEY_decoded_from_explicit_params positive case */ + /* Test EC_KEY_decoded_from_explicit_params positive case */ || !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), 1)) goto err; testresult = 1; - err: +err: EC_KEY_free(key); EC_GROUP_free(grp); EC_GROUP_free(grp_copy); @@ -442,8 +435,7 @@ return testresult; } -static -int ecpkparams_i2d2i_test(int n) +static int ecpkparams_i2d2i_test(int n) { EC_GROUP *g1 = NULL, *g2 = NULL; FILE *fp = NULL; @@ -456,7 +448,7 @@ /* encode params to file */ if (!TEST_ptr(fp = fopen("params.der", "wb")) - || !TEST_true(i2d_ECPKParameters_fp(fp, g1))) + || !TEST_true(i2d_ECPKParameters_fp(fp, g1))) goto end; /* flush and close file */ @@ -468,7 +460,7 @@ /* decode params from file */ if (!TEST_ptr(fp = fopen("params.der", "rb")) - || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL))) + || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL))) goto end; testresult = 1; /* PASS */ --- crypto/openssl/test/ecdsatest.c.orig +++ crypto/openssl/test/ecdsatest.c @@ -18,12 +18,12 @@ #ifndef OPENSSL_NO_EC -# include -# include -# include -# include -# include "internal/nelem.h" -# include "ecdsatest.h" +#include +#include +#include +#include +#include "internal/nelem.h" +#include "ecdsatest.h" static fake_random_generate_cb fbytes; @@ -33,7 +33,7 @@ static OSSL_PROVIDER *fake_rand = NULL; static int fbytes(unsigned char *buf, size_t num, ossl_unused const char *name, - EVP_RAND_CTX *ctx) + EVP_RAND_CTX *ctx) { int ret = 0; static int fbytes_counter = 0; @@ -51,7 +51,7 @@ fbytes_counter = (fbytes_counter + 1) % OSSL_NELEM(numbers); ret = 1; - err: +err: BN_free(tmp); return ret; } @@ -120,7 +120,7 @@ fake_rand_set_callback(RAND_get0_private(NULL), &fbytes); if (!TEST_true(EC_KEY_generate_key(key)) || !TEST_true(p_len = EC_KEY_key2buf(key, POINT_CONVERSION_UNCOMPRESSED, - &pbuf, NULL)) + &pbuf, NULL)) || !TEST_ptr(qbuf = OPENSSL_hexstr2buf(ecdsa_cavs_kats[n].Q, &q_len)) || !TEST_int_eq(q_len, p_len) || !TEST_mem_eq(qbuf, q_len, pbuf, p_len)) @@ -130,7 +130,7 @@ fake_rand_set_callback(RAND_get0_private(NULL), &fbytes); if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp)) || !TEST_ptr(signature = ECDSA_do_sign_ex(digest, dgst_len, - kinv, rp, key)) + kinv, rp, key)) /* verify the signature */ || !TEST_int_eq(ECDSA_do_verify(digest, dgst_len, signature, key), 1)) goto err; @@ -143,7 +143,7 @@ ret = 1; - err: +err: OPENSSL_free(message); OPENSSL_free(pbuf); OPENSSL_free(qbuf); @@ -210,16 +210,16 @@ */ if (nid == NID_sm2 && as == EVP_PKEY_EC) { TEST_info("skipped: EC key type unsupported for curve %s", - OBJ_nid2sn(nid)); + OBJ_nid2sn(nid)); return 1; } else if (nid != NID_sm2 && as == EVP_PKEY_SM2) { TEST_info("skipped: SM2 key type unsupported for curve %s", - OBJ_nid2sn(nid)); + OBJ_nid2sn(nid)); return 1; } TEST_info("testing ECDSA for curve %s as %s key type", OBJ_nid2sn(nid), - as == EVP_PKEY_EC ? "EC" : "SM2"); + as == EVP_PKEY_EC ? "EC" : "SM2"); if (!TEST_ptr(mctx = EVP_MD_CTX_new()) /* get some random message data */ @@ -326,7 +326,7 @@ goto err; ret = 1; - err: +err: EVP_PKEY_free(pkey); EVP_PKEY_free(pkey_neg); EVP_PKEY_free(dup_pk); @@ -340,12 +340,12 @@ return test_builtin(n, EVP_PKEY_EC); } -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 static int test_builtin_as_sm2(int n) { return test_builtin(n, EVP_PKEY_SM2); } -# endif +#endif static int test_ecdsa_sig_NULL(void) { @@ -358,27 +358,33 @@ BIGNUM *kinv = NULL, *rp = NULL; ret = TEST_ptr(eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) - && TEST_int_eq(EC_KEY_generate_key(eckey), 1) - && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen0, - eckey), 1) - && TEST_int_gt(siglen0, 0) - && TEST_ptr(sig = OPENSSL_malloc(siglen0)) - && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), sig, &siglen, - eckey), 1) - && TEST_int_gt(siglen, 0) - && TEST_int_le(siglen, siglen0) - && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, - eckey), 1) - && TEST_int_eq(ECDSA_sign_setup(eckey, NULL, &kinv, &rp), 1) - && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), NULL, &siglen, - kinv, rp, eckey), 1) - && TEST_int_gt(siglen, 0) - && TEST_int_le(siglen, siglen0) - && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), sig, &siglen0, - kinv, rp, eckey), 1) - && TEST_int_eq(siglen, siglen0) - && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, - eckey), 1); + && TEST_int_eq(EC_KEY_generate_key(eckey), 1) + && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen0, + eckey), + 1) + && TEST_int_gt(siglen0, 0) + && TEST_ptr(sig = OPENSSL_malloc(siglen0)) + && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), sig, &siglen, + eckey), + 1) + && TEST_int_gt(siglen, 0) + && TEST_int_le(siglen, siglen0) + && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, + eckey), + 1) + && TEST_int_eq(ECDSA_sign_setup(eckey, NULL, &kinv, &rp), 1) + && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), NULL, &siglen, + kinv, rp, eckey), + 1) + && TEST_int_gt(siglen, 0) + && TEST_int_le(siglen, siglen0) + && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), sig, &siglen0, + kinv, rp, eckey), + 1) + && TEST_int_eq(siglen, siglen0) + && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, + eckey), + 1); EC_KEY_free(eckey); OPENSSL_free(sig); BN_free(kinv); @@ -406,9 +412,9 @@ } ADD_ALL_TESTS(test_builtin_as_ec, crv_len); ADD_TEST(test_ecdsa_sig_NULL); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 ADD_ALL_TESTS(test_builtin_as_sm2, crv_len); -# endif +#endif ADD_ALL_TESTS(x9_62_tests, OSSL_NELEM(ecdsa_cavs_kats)); #endif return 1; --- crypto/openssl/test/ecdsatest.h.orig +++ crypto/openssl/test/ecdsatest.h @@ -8,7 +8,7 @@ */ #ifndef OSSL_TEST_ECDSATEST_H -# define OSSL_TEST_ECDSATEST_H +#define OSSL_TEST_ECDSATEST_H /*- * NIST CAVP ECDSA KATs: @@ -21,10194 +21,10195 @@ */ typedef struct { - const int nid; /* curve NID */ - const int md_nid; /* hash function NID */ - const char *msg; /* message to sign */ - const char *d; /* ECDSA private key */ - const char *Q; /* ECDSA public key: Q = dG */ - const char *k; /* ECDSA nonce */ - const char *r; /* ECDSA signature (r,s) */ + const int nid; /* curve NID */ + const int md_nid; /* hash function NID */ + const char *msg; /* message to sign */ + const char *d; /* ECDSA private key */ + const char *Q; /* ECDSA public key: Q = dG */ + const char *k; /* ECDSA nonce */ + const char *r; /* ECDSA signature (r,s) */ const char *s; } ecdsa_cavs_kat_t; static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { /* prime KATs from X9.62 */ - {NID_X9_62_prime192v1, NID_sha1, - "616263", /* "abc" */ - "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", - "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" - "5ca5c0d69716dfcb3474373902", - "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", - "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", - "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, - {NID_X9_62_prime239v1, NID_sha1, - "616263", /* "abc" */ - "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", - "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" - "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", - "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", - "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", - "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, + { NID_X9_62_prime192v1, NID_sha1, + "616263", /* "abc" */ + "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", + "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" + "5ca5c0d69716dfcb3474373902", + "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", + "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", + "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686" }, + { NID_X9_62_prime239v1, NID_sha1, + "616263", /* "abc" */ + "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", + "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" + "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", + "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", + "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", + "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf" }, /* prime KATs from NIST CAVP */ - {NID_secp224r1, NID_sha224, - "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" - "9495df081c3fc60245b9f25fc9e301b845b3d703a694986e4641ae3c7e5a19e6d6edbf1d" - "61e535f49a8fad5f4ac26397cfec682f161a5fcd32c5e780668b0181a91955157635536a" - "22367308036e2070f544ad4fff3d5122c76fad5d", - "16797b5c0c7ed5461e2ff1b88e6eafa03c0f46bf072000dfc830d615", - "04605495756e6e88f1d07ae5f98787af9b4da8a641d1a9492a12174eabf5cc733b17decc" - "806ef1df861a42505d0af9ef7c3df3959b8dfc6669", - "d9a5a7328117f48b4b8dd8c17dae722e756b3ff64bd29a527137eec0", - "2fc2cff8cdd4866b1d74e45b07d333af46b7af0888049d0fdbc7b0d6", - "8d9cc4c8ea93e0fd9d6431b9a1fd99b88f281793396321b11dac41eb"}, - {NID_secp224r1, NID_sha224, - "7de42b44db0aa8bfdcdac9add227e8f0cc7ad1d94693beb5e1d325e5f3f85b3bd033fc25" - "e9469a89733a65d1fa641f7e67d668e7c71d736233c4cba20eb83c368c506affe77946b5" - "e2ec693798aecd7ff943cd8fab90affddf5ad5b8d1af332e6c5fe4a2df16837700b2781e" - "08821d4fbdd8373517f5b19f9e63b89cfeeeef6f", - "cf020a1ff36c28511191482ed1e5259c60d383606c581948c3fbe2c5", - "04fa21f85b99d3dc18c6d53351fbcb1e2d029c00fa7d1663a3dd94695ee9e79578f8988b" - "168edff1a8b34a5ed9598cc20acd1f0aed36715d88", - "c780d047454824af98677cf310117e5f9e99627d02414f136aed8e83", - "45145f06b566ec9fd0fee1b6c6551a4535c7a3bbfc0fede45f4f5038", - "7302dff12545b069cf27df49b26e4781270585463656f2834917c3ca"}, - {NID_secp224r1, NID_sha224, - "af0da3adab82784909e2b3dadcecba21eced3c60d7572023dea171044d9a10e8ba67d31b" - "04904541b87fff32a10ccc6580869055fec6216a00320a28899859a6b61faba58a0bc10c" - "2ba07ea16f214c3ddcc9fc5622ad1253b63fe7e95227ae3c9caa9962cffc8b1c4e826003" - "6469d25ab0c8e3643a820b8b3a4d8d43e4b728f9", - "dde6f173fa9f307d206ce46b4f02851ebce9638a989330249fd30b73", - "04fc21a99b060afb0d9dbf3250ea3c4da10be94ce627a65874d8e4a630e8373ab7190890" - "326aac4aacca3eba89e15d1086a05434dd033fd3f3", - "6629366a156840477df4875cfba4f8faa809e394893e1f5525326d07", - "41f8e2b1ae5add7c24da8725a067585a3ad6d5a9ed9580beb226f23a", - "a5d71bff02dce997305dd337128046f36714398f4ef6647599712fae"}, - {NID_secp224r1, NID_sha224, - "cfa56ae89727df6b7266f69d6636bf738f9e4f15f49c42a0123edac4b3743f32ea52389f" - "919ceb90575c4184897773b2f2fc5b3fcb354880f15c93383215d3c2551fcc1b4180a1ac" - "0f69c969bbc306acd115ce3976eff518540f43ad4076dbb5fbad9ce9b3234f1148b8f5e0" - "59192ff480fc4bcbd00d25f4d9f5ed4ba5693b6c", - "aeee9071248f077590ac647794b678ad371f8e0f1e14e9fbff49671e", - "04fad0a34991bbf89982ad9cf89337b4bd2565f84d5bdd004289fc1cc35d8b6764f28c81" - "63a12855a5c266efeb9388df4994b85a8b4f1bd3bc", - "1d35d027cd5a569e25c5768c48ed0c2b127c0f99cb4e52ea094fe689", - "2258184ef9f0fa698735379972ce9adf034af76017668bfcdab978de", - "866fb8e505dea6c909c2c9143ec869d1bac2282cf12366130ff2146c"}, - {NID_secp224r1, NID_sha224, - "c223c8009018321b987a615c3414d2bb15954933569ca989de32d6bf11107bc47a330ab6" - "d88d9b50d106cf5777d1b736b14bc48deda1bc573a9a7dd42cd061860645306dce7a5ba8" - "c60f135a6a21999421ce8c4670fe7287a7e9ea3aa1e0fa82721f33e6e823957fe86e2283" - "c89ef92b13cd0333c4bb70865ae1919bf538ea34", - "29c204b2954e1406a015020f9d6b3d7c00658298feb2d17440b2c1a4", - "040e0fc15e775a75d45f872e5021b554cc0579da19125e1a49299c7630cb64fe462d025a" - "e2a1394746bdbf8251f7ca5a1d6bb13e0edf6b7b09", - "39547c10bb947d69f6c3af701f2528e011a1e80a6d04cc5a37466c02", - "86622c376d326cdf679bcabf8eb034bf49f0c188f3fc3afd0006325d", - "26613d3b33c70e635d7a998f254a5b15d2a3642bf321e8cff08f1e84"}, - {NID_secp224r1, NID_sha224, - "1c27273d95182c74c100d85b5c08f4b26874c2abc87f127f304aedbf52ef6540eba16dd6" - "64ae1e9e30ea1e66ff9cc9ab5a80b5bcbd19dde88a29ff10b50a6abd73388e8071306c68" - "d0c9f6caa26b7e68de29312be959b9f4a5481f5a2ad2070a396ed3de21096541cf58c4a1" - "3308e08867565bf2df9d649357a83cdcf18d2cd9", - "8986a97b24be042a1547642f19678de4e281a68f1e794e343dabb131", - "042c070e68e8478341938f3d5026a1fe01e778cdffbebbdd7a4cd29209cde21c9c7c6590" - "ba300715a7adac278385a5175b6b4ea749c4b6a681", - "509712f9c0f3370f6a09154159975945f0107dd1cee7327c68eaa90b", - "57afda5139b180de96373c3d649700682e37efd56ae182335f081013", - "eb6cd58650cfb26dfdf21de32fa17464a6efc46830eedc16977342e6"}, - {NID_secp224r1, NID_sha224, - "069ae374971627f6b8503f3aa63ab52bcf4f3fcae65b98cdbbf917a5b08a10dc76005671" - "4db279806a8d43485320e6fee0f1e0562e077ee270ace8d3c478d79bcdff9cf8b92fdea6" - "8421d4a276f8e62ae379387ae06b60af9eb3c40bd7a768aeffccdc8a08bc78ca2eca1806" - "1058043a0e441209c5c594842838a4d9d778a053", - "d9aa95e14cb34980cfddadddfa92bde1310acaff249f73ff5b09a974", - "043a0d4b8e5fad1ea1abb8d3fb742cd45cd0b76d136e5bbb33206ad120c90ac83276b2fa" - "3757b0f226cd7360a313bc96fd8329c76a7306cc7d", - "1f1739af68a3cee7c5f09e9e09d6485d9cd64cc4085bc2bc89795aaf", - "09bbdd003532d025d7c3204c00747cd52ecdfbc7ce3dde8ffbea23e1", - "1e745e80948779a5cc8dc5cb193beebb550ec9c2647f4948bf58ba7d"}, - {NID_secp224r1, NID_sha224, - "d0d5ae3e33600aa21c1606caec449eee678c87cb593594be1fbb048cc7cfd076e5cc7132" - "ebe290c4c014e7a517a0d5972759acfa1438d9d2e5d236d19ac92136f6252b7e5bea7588" - "dcba6522b6b18128f003ecab5cb4908832fb5a375cf820f8f0e9ee870653a73dc2282f2d" - "45622a2f0e85cba05c567baf1b9862b79a4b244e", - "380fb6154ad3d2e755a17df1f047f84712d4ec9e47d34d4054ea29a8", - "044772c27cca3348b1801ae87b01cb564c8cf9b81c23cc74468a907927de9d253935b096" - "17a1655c42d385bf48504e06fa386f5fa533a21dcb", - "14dbdffa326ba2f3d64f79ff966d9ee6c1aba0d51e9a8e59f5686dc1", - "ff6d52a09ca4c3b82da0440864d6717e1be0b50b6dcf5e1d74c0ff56", - "09490be77bc834c1efaa23410dcbf800e6fae40d62a737214c5a4418"}, - {NID_secp224r1, NID_sha224, - "79b7375ae7a4f2e4adad8765d14c1540cd9979db38076c157c1837c760ca6febbb18fd42" - "152335929b735e1a08041bd38d315cd4c6b7dd2729de8752f531f07fe4ddc4f1899debc0" - "311eef0019170b58e08895b439ddf09fbf0aeb1e2fd35c2ef7ae402308c3637733802601" - "dd218fb14c22f57870835b10818369d57d318405", - "6b98ec50d6b7f7ebc3a2183ff9388f75e924243827ddded8721186e2", - "041f249911b125348e6e0a473479105cc4b8cfb4fa32d897810fc69ffea17db03b9877d1" - "b6328329061ea67aec5a38a884362e9e5b7d7642dc", - "ab3a41fedc77d1f96f3103cc7dce215bf45054a755cf101735fef503", - "70ccc0824542e296d17a79320d422f1edcf9253840dafe4427033f40", - "e3823699c355b61ab1894be3371765fae2b720405a7ce5e790ca8c00"}, - {NID_secp224r1, NID_sha224, - "8c7de96e6880d5b6efc19646b9d3d56490775cb3faab342e64db2e388c4bd9e94c4e69a6" - "3ccdb7e007a19711e69c06f106b71c983a6d97c4589045666c6ab5ea7b5b6d096ddf6fd3" - "5b819f1506a3c37ddd40929504f9f079c8d83820fc8493f97b2298aebe48fdb4ff472b29" - "018fc2b1163a22bfbb1de413e8645e871291a9f6", - "8dda0ef4170bf73077d685e7709f6f747ced08eb4cde98ef06ab7bd7", - "047df67b960ee7a2cb62b22932457360ab1e046c1ec84b91ae65642003c764ca9fc1b0cc" - "2233fa57bdcfedaab0131fb7b5f557d6ca57f4afe0", - "9ef6ebd178a76402968bc8ec8b257174a04fb5e2d65c1ab34ab039b9", - "eef9e8428105704133e0f19636c89e570485e577786df2b09f99602a", - "8c01f0162891e4b9536243cb86a6e5c177323cca09777366caf2693c"}, - {NID_secp224r1, NID_sha224, - "c89766374c5a5ccef5823e7a9b54af835ac56afbbb517bd77bfecf3fea876bd0cc9ea486" - "e3d685cfe3fb05f25d9c67992cd7863c80a55c7a263249eb3996c4698ad7381131bf3700" - "b7b24d7ca281a100cf2b750e7f0f933e662a08d9f9e47d779fb03754bd20931262ff381a" - "2fe7d1dc94f4a0520de73fa72020494d3133ecf7", - "3dbe18cd88fa49febfcb60f0369a67b2379a466d906ac46a8b8d522b", - "04b10150fd797eb870d377f1dbfa197f7d0f0ad29965af573ec13cc42a17b63ccefbe27f" - "b2a1139e5757b1082aeaa564f478c23a8f631eed5c", - "385803b262ee2ee875838b3a645a745d2e199ae112ef73a25d68d15f", - "1d293b697f297af77872582eb7f543dc250ec79ad453300d264a3b70", - "517a91b89c4859fcc10834242e710c5f0fed90ac938aa5ccdb7c66de"}, - {NID_secp224r1, NID_sha224, - "30f0e3b502eec5646929d48fd46aa73991d82079c7bd50a38b38ec0bd84167c8cf5ba39b" - "ec26999e70208af9b445046cd9d20c82b7629ca1e51bdd00daddbc35f9eb036a15ac5789" - "8642d9db09479a38cc80a2e41e380c8a766b2d623de2de798e1eabc02234b89b85d60154" - "460c3bf12764f3fbf17fcccc82df516a2fbe4ecf", - "c906b667f38c5135ea96c95722c713dbd125d61156a546f49ddaadc6", - "043c9b4ef1748a1925578658d3af51995b989ad760790157b25fe0982655648f4ff4edfb" - "899e9a13bd8d20f5c24b35dc6a6a4e42ed5983b4a0", - "b04d78d8ac40fefadb99f389a06d93f6b5b72198c1be02dbff6195f0", - "4bdd3c84647bad93dcaffd1b54eb87fc61a5704b19d7e6d756d11ad0", - "fdd81e5dca54158514f44ba2330271eff4c618330328451e2d93b9fb"}, - {NID_secp224r1, NID_sha224, - "6bbb4bf987c8e5069e47c1a541b48b8a3e6d14bfd9ac6dfaa7503b64ab5e1a55f63e91cf" - "5c3e703ac27ad88756dd7fb2d73b909fc15302d0592b974d47e72e60ed339a40b34d39a4" - "9b69ea4a5d26ce86f3ca00a70f1cd416a6a5722e8f39d1f0e966981803d6f46dac34e4c7" - "640204cd0d9f1e53fc3acf30096cd00fa80b3ae9", - "3456745fbd51eac9b8095cd687b112f93d1b58352dbe02c66bb9b0cc", - "04f0acdfbc75a748a4a0ac55281754b5c4a364b7d61c5390b334daae1086587a6768f235" - "bf523fbfc6e062c7401ac2b0242cfe4e5fb34f4057", - "854b20c61bcdf7a89959dbf0985880bb14b628f01c65ef4f6446f1c1", - "a2601fbb9fe89f39814735febb349143baa934170ffb91c6448a7823", - "bf90f9305616020a0e34ef30803fc15fa97dffc0948452bbf6cb5f66"}, - {NID_secp224r1, NID_sha224, - "05b8f8e56214d4217323f2066f974f638f0b83689fc4ed1201848230efdc1fbca8f70359" - "cecc921050141d3b02c2f17aa306fc2ce5fc06e7d0f4be162fcd985a0b687b4ba09b681c" - "b52ffe890bf5bb4a104cb2e770c04df433013605eb8c72a09902f4246d6c22b8c191ef1b" - "0bece10d5ce2744fc7345307dd1b41b6eff0ca89", - "2c522af64baaca7b7a08044312f5e265ec6e09b2272f462cc705e4c3", - "045fad3c047074b5de1960247d0cc216b4e3fb7f3b9cd960575c8479fce4fc9c7f05ff0b" - "040eb171fdd2a1dfe2572c564c2003a08c3179a422", - "9267763383f8db55eed5b1ca8f4937dc2e0ca6175066dc3d4a4586af", - "422e2e9fe535eb62f11f5f8ce87cf2e9ec65e61c06737cf6a0019ae6", - "116cfcf0965b7bc63aecade71d189d7e98a0434b124f2afbe3ccf0a9"}, - {NID_secp224r1, NID_sha224, - "e5c979f0832242b143077bce6ef146a53bb4c53abfc033473c59f3c4095a68b7a504b609" - "f2ab163b5f88f374f0f3bff8762278b1f1c37323b9ed448e3de33e6443796a9ecaa466aa" - "75175375418186c352018a57ce874e44ae72401d5c0f401b5a51804724c10653fded9066" - "e8994d36a137fdeb9364601daeef09fd174dde4a", - "3eff7d07edda14e8beba397accfee060dbe2a41587a703bbe0a0b912", - "046dd84f4d66f362844e41a7913c40b4aad5fa9ba56bb44c2d2ed9efac15f65ebcdf2fd9" - "f8035385a330bdabec0f1cd9cc7bc31d2fadbe7cda", - "7bb48839d7717bab1fdde89bf4f7b4509d1c2c12510925e13655dead", - "127051d85326049115f307af2bc426f6c2d08f4774a0b496fb6982b1", - "6857e84418c1d1179333b4e5307e92abade0b74f7521ad78044bf597"}, - {NID_secp224r1, NID_sha256, - "2b49de971bb0f705a3fb5914eb7638d72884a6c3550667dbfdf301adf26bde02f387fd42" - "6a31be6c9ff8bfe8690c8113c88576427f1466508458349fc86036afcfb66448b947707e" - "791e71f558b2bf4e7e7507773aaf4e9af51eda95cbce0a0f752b216f8a54a045d47801ff" - "410ee411a1b66a516f278327df2462fb5619470e", - "888fc992893bdd8aa02c80768832605d020b81ae0b25474154ec89aa", - "044c741e4d20103670b7161ae72271082155838418084335338ac38fa4db7919151ac285" - "87b72bad7ab180ec8e95ab9e2c8d81d9b9d7e2e383", - "06f7a56007825433c4c61153df1a135eee2f38ec687b492ed40d9c90", - "0909c9b9cae8d2790e29db6afdb45c04f5b072c4c20410c7dc9b6772", - "298f4fcae1fe271da1e0345d11d07a1fca43f58af4c113b909eedea0"}, - {NID_secp224r1, NID_sha256, - "1fa7201d96ad4d190415f2656d1387fa886afc38e5cd18b8c60da367acf32c627d2c9ea1" - "9ef3f030e559fc2a21695cdbb65ddf6ba36a70af0d3fa292a32de31da6acc6108ab2be8b" - "d37843338f0c37c2d62648d3d49013edeb9e179dadf78bf885f95e712fcdfcc8a172e47c" - "09ab159f3a00ed7b930f628c3c48257e92fc7407", - "5b5a3e186e7d5b9b0fbdfc74a05e0a3d85dc4be4c87269190c839972", - "04897089f4ef05b943eeac06589f0e09ccc571a6add3eb1610a2fc830f62ba3f6b3e6f0f" - "062058b93e6f25b6041246c5be13584a41cae7e244", - "5b6f7eca2bcc5899fce41b8169d48cd57cf0c4a1b66a30a150072676", - "f12c9985d454ffbc899ebbbb6cf43e3debcac7f19029f8f2f35cce31", - "12fcb848adbd8b1b4c72b2b54a04d936e4a5f480ae2a3ea2e3c1baae"}, - {NID_secp224r1, NID_sha256, - "74715fe10748a5b98b138f390f7ca9629c584c5d6ad268fc455c8de2e800b73fa1ea9aae" - "e85de58baa2ce9ce68d822fc31842c6b153baef3a12bf6b4541f74af65430ae931a64c8b" - "4950ad1c76b31aea8c229b3623390e233c112586aa5907bbe419841f54f0a7d6d19c003b" - "91dc84bbb59b14ec477a1e9d194c137e21c75bbb", - "f60b3a4d4e31c7005a3d2d0f91cb096d016a8ddb5ab10ecb2a549170", - "0440a4ab1e6a9f84b4dedb81795e6a7124d1cfdfd7ec64c5d4b9e3266683aa32a3c2fc06" - "8e62626f2dafce5d7f050e826e5c145cd2d13d1b27", - "c31150420dfb38ba8347e29add189ec3e38c14b0c541497fb90bf395", - "bf6c6daa89b21211ea2c9f45192d91603378d46b1a5057962dafaf12", - "cb6b237950e0f0369323055cd1f643528c7a64616f75b11c4ddd63c7"}, - {NID_secp224r1, NID_sha256, - "d10131982dd1a1d839aba383cd72855bf41061c0cb04dfa1acad3181f240341d744ca600" - "2b52f25fb3c63f16d050c4a4ef2c0ebf5f16ce987558f4b9d4a5ad3c6b81b617de00e04b" - "a32282d8bf223bfedbb325b741dfdc8f56fa85c65d42f05f6a1330d8cc6664ad32050dd7" - "b9e3993f4d6c91e5e12cbd9e82196e009ad22560", - "c8fc474d3b1cba5981348de5aef0839e376f9f18e7588f1eed7c8c85", - "0466f49457ed15f67ed4042195856f052fe774077f61cebcb9efddc3653a6e3f3423eec7" - "308a69eb1b0416d67cc3b84d24f251d7cbdb45c079", - "5e5405ae9ab6164bb476c1bb021ec78480e0488736e4f8222920fbd9", - "7b7beaf9f696ca1a8051527478c4c075ab45aa4768937886dbf38618", - "93d4cf110a37c5a6f15c4e6024822118539e860dee2f60b8c3f462f6"}, - {NID_secp224r1, NID_sha256, - "ef9dbd90ded96ad627a0a987ab90537a3e7acc1fdfa991088e9d999fd726e3ce1e1bd89a" - "7df08d8c2bf51085254c89dc67bc21e8a1a93f33a38c18c0ce3880e958ac3e3dbe8aec49" - "f981821c4ac6812dd29fab3a9ebe7fbd799fb50f12021b48d1d9abca8842547b3b99befa" - "612cc8b4ca5f9412e0352e72ab1344a0ac2913db", - "04ef5d2a45341e2ace9af8a6ebd25f6cde45453f55b7a724eb6c21f6", - "048d642868e4d0f55ee62a2052e6b806b566d2ac79dbde7939fe72577379505a57cd5690" - "4d2523b3e1281e9021167657d38aeb7d42fc8ec849", - "ec60ea6f3d6b74d102e5574182566b7e79a69699a307fee70a2d0d22", - "2fd7fcbb7832c97ce325301dd338b279a9e28b8933284d49c6eabcf6", - "550b2f1efc312805a6ed8f252e692d8ee19eaa5bcd5d0cda63a1a3f0"}, - {NID_secp224r1, NID_sha256, - "4cc91f744ac858d3577e48813219aa3538dd813b186b42d1e6218376f07cc1cc448ddd6b" - "37240e98bf953f49cf54d65c12878b33c0bf6eb1c60254f0b6fa974f847e53abc56773ee" - "f6f29885dfc619e6a48fc15a667ca94001a0c945b6357a53221b0f4b266181456b0d2d25" - "e90708777f1a6f85971c00140c631c1991e0fd06", - "35d4bbe77d149812339e85c79483cb270bdac56bbf30b5ef3d1f4d39", - "047924b1d7f5920cce98e25094e40f2eb3eb80d70b17e14b3d36c3671c26c5af35f71e61" - "858582b7cc2b41790597c53ee514ffdf7a289d108c", - "751869c1d0e79eb30aae8fbfb6d97bfa332123fd6b6c72c9cd3c1796", - "26bb1b92b0f01e94eba5fa429271371db527ce857abba13bd1103f64", - "836aba9c63e1252c2b2d72a21e6a41b82241ebe32647e7f814652bcb"}, - {NID_secp224r1, NID_sha256, - "58f43cc1924de4bc5867664adbc9d26b4f096a43aca47c27c52851b006dc2a658919ef9c" - "e5b5ac48372703be15ac51631c2bd84b88f479f113b0569a9a09e230ec1e8e573474c607" - "5284d3e57d973829af35325d9e7dab4a5f9b065155bbcaff3642a82ef4c9b9e127d3575c" - "050721653da3b087d3fa394192897a5519527d19", - "2c291a393281b75264c9b8817af684fa86a1cdc900822f74039dc5d6", - "0418cb5826ad60e6696bf07655032a3749f6577ca36da3ccd6e66a137c194e14820fe02d" - "784fd1363ff7a30399518309765bd3f4412d646da2", - "e2a860416229dfd3f5a5cc92344ca015093a543943a0d8f73bf2b2fd", - "00e300c1ef4a8c4ca5da6413856f8981db49de29bdf03f32ffc3ceab", - "f250f18a51ba5f63e1584097841099fa6ae4e98ee458c061d1d5aed7"}, - {NID_secp224r1, NID_sha256, - "113a2806b052fde683ee09453098e402204155afb3776fd1cad3a9103421d327eab8f9ec" - "0dd050ffcc83f93b34ea707705fabeccfe43ab1a71c95298fd3ec769d99ead1066950eee" - "677d225816e0faad19cf69e1b35d16771689e2092cafe16d7c0dd7b0db73fffb8d0f3eae" - "d83004dd21e753530ec939c89ba25578fa5f785b", - "831ea25dbeda33d272a1382c5def0e83929170ab06a629eed6ee244b", - "04076518e393940d42dfd09819409d66966d8c9189c83d554a9cc8a08244d0ceaf4c0f50" - "e46bea4a52e30423ce3ada19edd363ac5694c65cb8", - "6be6dd9f6a083915ccba54626caf12d246d3aece0a7eda7d8d85599c", - "ff1460946e06fb6f5d35e8d2625ca70ffb9b45308e3fabf6ad8351b1", - "6029aa3990918e8cb8a388d53b0772e5cdfff49c3405fe0d3a95933a"}, - {NID_secp224r1, NID_sha256, - "64cbfc8f2e2149a31b3e8a80c4a552f6c62aaeb7990b6e0ee55500a9d17be04213406578" - "caf315951086dff5c2af3b5ce17d425d185101ef26f86396ba3a129a4f3f8e2dd595f59e" - "fb6c0f5c2dcc394569d7268695e9ac7daa84203f1f1895f1f9e4b514a5c9cd23baa63454" - "710144fe735ad9b8f42d8c43267aa434a26d7e5f", - "70f74c7324ef137318b610ead8ddc5b964e0eed3750b20612fc2e67b", - "04279649e2a2918e683520cde3fc98b0ae58a7100e8de35e7c9cc797b6aa4de6be34be61" - "f02880139787b9038f4554a8ef1c994b887c2974b5", - "8e984864f86f7a2a73f3edda17dbccd13fac8fa4b872814abf223b1b", - "3b18736fa11d04e27e2614cda03a63ec11a180f357b0b3192920d09c", - "2f0f3dbd570727b14fbb29155538e62c930dd51c4035275c1365dc60"}, - {NID_secp224r1, NID_sha256, - "a10a11c8e30fff118d371daf824f16c08200b83ea059436466a4611ccac93b2dea2de8c1" - "006f946196aef7fe9b0c251a391b0340f21797798278b412ff2b53842eec6450728e2bca" - "062f8337a2c204b9ea04ff660cd4d4db559f2f11c4d8ef199021339fcc82396f7a93926c" - "f5f247e37d8067fe50692de54f102bd5ab51925c", - "026be5789886d25039c11d7d58a11a6e1d52cb1d5657561f2165b8a8", - "043fa617c50b177da1a2bdb98b780ad21ad1195c4bd24465f6187de3c9e3fd8d8876dfd0" - "3a4a4e31a1acad3a08d983826d286c250c4e5620c1", - "0128b8e3f50731eb5fcc223517fc0cf6b96cd1d2807eb4524bc46f77", - "3a6b633f96f3d0b6d54f7fb29ac33709e4f0dd8fa0e51606ed9765ca", - "63e8c119dfa51784decd864f6911f2210a80f8f02d472d88df10d119"}, - {NID_secp224r1, NID_sha256, - "b3f720bf566ffa369259f4361959ae0641d2755ec264a4c4349981df2b02563275b2b9ad" - "b5aee47f7a456760a971991ffed6b17809bb9694138d1677fa916123795239353158fc6b" - "22d10f20d26f5d2dcd8c56c44373eea5b93067dba2d7c5318dac2e9e8714873cb1b37f58" - "c011fd14fa1e535554efe05f468bfc8e11cd8b99", - "e79c18d935c2839644762867aa793201f96a3cde080c5968412ce784", - "04b7ae1e992b1c7fde1141f40bd913358538ca0f07f62b729f13cea327811252d12120e0" - "4805fc171a439d382c43b68a21e1a0bdf5e4ec1da4", - "7abedab1d36f4f0959a03d968b27dd5708223b66e0fc48594d827361", - "d35047d74e1e7305bb8c1a94e8ae47cb1591c3437a3e185e00afe710", - "d9c425c9d5feb776ac8952e6c4eee0ecd68aef2f0e7bff2e49c9185e"}, - {NID_secp224r1, NID_sha256, - "0a398a46df7ccc48d1e7833f8bbc67100f1ef77a62dc78bbc115b2a662f9591fbaaa91ad" - "3d788e2fdd1b3164e45293d4f5686c151296901768028ac80ded4bf89c647ad35f0c7c4c" - "b318c0c757c1d83c44d850e5fd4677281b3f13b1ee54de79c8c042813f9d3312dcc6111a" - "68299cb7e829557d7f3d96e702f65aefc6499415", - "0d087f9d1f8ae29c9cf791490efc4a5789a9d52038c4b1d22494ad8c", - "04cd95cf8fb1cd21690f40d647f2353672a1076cc6c46bddaad2d0fc56934262f74d9ee0" - "f8a2754f64cb7415923d64bf00c94a39b52803f577", - "557d0e3995dc6377b3911546dd7aeaeec62a6d8f2af6a274382fc37f", - "56df0ea6afdcc232ceb41729eec00cf906b69b6e28423a36d3c92cc5", - "f4f70fd948c9a147f55317fdea7b8a84c33e721014552d5800d63edc"}, - {NID_secp224r1, NID_sha256, - "8c33616821a6038b448d8918668977fcf1ef5aa0cf7c341837b39bbcc9bca875a3757f4b" - "392630e9995b9bbe4eb66978b877586adaa02f99d2344dae082a7603351d8ffcfca081ab" - "403cd0acb90d078dd1d0789c2eb3185c62bff2d9f04cd38e509e3b83c12ed0a5c6808fc4" - "2f7ba5b06acdc496c8ad9be648ee6a4505f8560f", - "0830aebb6577d3a3be3ba54a4501c987b0e0bb593267b9bbadb66583", - "04b88652020e083ccc1c43dc83d1881884dd4c7e3b4e3460b344b1ea6422b69b517f86d7" - "c26dc37c0f8feb4bb07fe876149fbcc3334fd2805b", - "e4f4a3280574c704c2fde47ca81ec883d27f2c5a961a294db7cda9d2", - "b30b8a0079d9a134b5e1618c2ac63e3fbe0e95866b9dbc5f423f2707", - "3dc36746610271ef66e0aa52cc2ccadc5c9b08dc769e4dc4f6538c11"}, - {NID_secp224r1, NID_sha256, - "94d56535fd4edfe67a0daa6579f9d53bf6b7b8830ae2aeb62892ff59f18756ddf2811b44" - "9c7d20d65d54f8507de4e7c50eaa084830637812aa4b250a4d61ab67845be36e4a41cdc0" - "a70f8d6e3a63d4514f0dc197e6486015046a316153d5f3a3a4a0ae1ed7ea5fa55e12e73d" - "333333685c02e0eb636234ea7e6d4b76b4b76b5a", - "2acc9b97e625263e8e4cd164302c7d1e078bfcdd706111a13ccda5b2", - "04ce1a06f82df874dded37cca03b56c0648e4e8917ecd40ee73ee61588ceb6177b8f1ac7" - "c5c6e6e1f7737cc3026952ee392badd2cd7af32f9d", - "e401fa80f96480d437ed4f61a783888062ec33d530b188fd48016a6d", - "28674f447c4742e4087bbccfb522fbad4e18b56031d2ce8f532b078a", - "a5a7a13d15b423dd17771f73cea98d89dbffa846cc209b45c0e29b76"}, - {NID_secp224r1, NID_sha256, - "5d8ebdf9eb28b47bdafaa36bf0b66a9eaf99b6c83959da4f2b1151b4f4ecd28fb115a64c" - "0cb9491093a7e9b9c53ec423e4c72e7765bb9c818da0e8c428667e44474a71db4867130c" - "77c40bfd8544b2d7b9d6464d2b8e6a48482153256a32437c3a747231f51134dd14c70340" - "7e31146a6fcde23bededcf16950486e90ca69ac0", - "f4e873d4fb944fb52323406f933815092b7672221de4d1c45917f3fc", - "040dc2cdddb990341adb1de73f02d87fc3822485a659a15145f4251d5fcf78b2a83c7352" - "eda1af2c74e1804ea04b35f76c04e89d90281dc2bb", - "5d1476c682a64162fd2fdc82696fc8cab1469a86f707ea2757416e40", - "82982b38ed465138df4018d7cfb835edcb591cb57446ca49d163782b", - "8ef1d7b326cabee7f7ab95b7b98d3c27a069c0fd95a1599c0ccb422b"}, - {NID_secp224r1, NID_sha384, - "25e4416695f77551fdce276355528ccf1ddc2483821c5d22d751d50111ca2fadc6593b52" - "c74f4b5957494f1df25b0b2f86950d0d19229ec6506fee8581d2dd09d48418b146ff16bd" - "84a17ca0dc83b1888eb407376da6c8a88fa1e60b8c2a2471dfde4b3996ef673d5bde3d70" - "c434dc9f2488e9de16ae657d29e5e59ec922a1ec", - "62c572ee0d6f81b27e591d788bfc2f42b5105d2663078dfb58069ebd", - "04bd6ba605639b98fa8113a16a3bb004ddfaec901c98a931206165f4a5a3190b10ef39e8" - "8abd60b2293b4707512b45c6c5ed5794cc11454427", - "0f0bb1e428bcdebf4dc62a5278068efc0f8ce75f89e89b3630f102b2", - "aac0ea27e129f544abcc77f110e70bbdd5aa3e425dc39d5e8887025d", - "10e5dd06aee6b8419a04aa33d9d5678b0039c3acc3c4b61fe106bfdc"}, - {NID_secp224r1, NID_sha384, - "9164d633a553deccf3cbd2effccf1387fa3177cd28c95d94a7d1a3e159c5e5c027758cc2" - "6493301b2f4d141d8d07a5fe5fead987ce5f30abeafcb48c302afc6c2309f0e93d9b6818" - "cbb6972d222cb7b01302dfe202ae83b89f53150ae4a0e2b8fc0fd1091f19b4ab2e6ab213" - "ab322d04f2c5f57113bfad3c5675227237abf773", - "e2f86bf73ba9336fa023343060f038e9ad41e5fe868e9f80574619a3", - "04f5d5346f17898ea6bbdfff19c216a8757a5dc37b95315f5481628381ae61fd172ac8b7" - "a4f13870a932dece465834cbd4f50bbcfb802c824e", - "35724ac043e3b44b73b5a7919cf675190306d26aa67c27c28c873534", - "535147c265af138eec50c7fb570bcc8d2e6f675597b0fcc034e536bc", - "743812c188a1dddf9fb34b90738f8b2e58760d6cd20ccceb1bb9c516"}, - {NID_secp224r1, NID_sha384, - "019df05929321ecea7ee1de4f412aba1c8d3c24437db04b194a68a0a59dd871be10bd3a4" - "be6edf551350ea49fc7155a4d887e1221486291abe77a30633a4c4f7868fe2df24311cba" - "0c73804883954460e122387ed414111ff96ff1aebac8b6a6491d8a0d16e48a63bf3d027c" - "0f68ee4a4b234d73b412196706af8ea022b4dcef", - "b0a203438e2586d7575bc417a4a798e47abc22aa3955b58fc2789f17", - "04dc5d217862a1e5b00c95affa9d8b925a72b9beaeb7a86dc397e788d85f05f8e976ae1e" - "b1036eca6d683a82850795bf9127dee5f8b2859445", - "408e9c8b1f33136d6ddb93ff3a498bc09d4eee99bf69cdd5af0aa5a2", - "1b5a964c8b1fc634c6e2b82322499df1d7f0c12a4d2a77723c816ab8", - "cf54599a36ca064fae0aa936de5266f87704409d22a15d28c01b7f2a"}, - {NID_secp224r1, NID_sha384, - "5d09d2b1d3fa6e12c10d8b26dc9aabc8dc02bd06e63ff33f8bb91ede4b8694592a69e4ed" - "4cdf6820069e2b9c7803658949e877ffe23bf90bcf5ce1409c06c71d86885a94048b05ac" - "0ec9db193e489a5a2bfa367caf6aa8ecdb032be366174343f6875d2fe1785e8d77334f5f" - "469cec64998e08d3303e5c9a1923b34fdc105d65", - "efcfa50fad6fb2065f9a55f28c0c42fa24c809ccb19b6fc6d8ffb085", - "0461521a0cfb72be77ba33cb3b8e022743cd9130ff49e97093b71aa178ce0819aedaf6fc" - "e639d0e593f8ab0147eeb6058f5f2b448231584ea9", - "d1eea821f286eae6ebc1f61b08f9ad4323a3787e94af4c32cd31351b", - "b37caaa71103752ac559f9eb4943324409ebfa8b585f684dcaa5c411", - "7c28e7619e2944ab4b7be022878c8052ebdf2cae5dff4f976c49686a"}, - {NID_secp224r1, NID_sha384, - "50f6dfc81c6cf189e0a310f992907fe93356cee9dea9a41c7671a8daf3f4cfe0c459ce61" - "22c1e731dbf7593419d7114cb73b46956158a982c5d52c72f43f0f822046093c69aeff1f" - "7e4cd8af00ba655c5baa2e7b6a400b4be1f6fd51b3e4cfb35a69c80a28c5cafb771b6c2e" - "52e0aeef0e3fd045e8d40745f3f8b74fd969f816", - "61a17816937987764cdc064dc7b5b4f5b16db1023acdfe25902957dd", - "04a7e975c0a8f87c683bb8e31bc160843a7b69c945f4850bd60e1c08c08930a454dcc2aa" - "13bed7ea89368b2c9d689d816b2acf4e52585ee9c4", - "44b1fdec2629f9075f89c134ac28ff19bfddaa9db02a5d7f853582b4", - "b0f5635d8bc9c53a1d54a3ec63de59ed66e6b2358d4ab79755414326", - "67c68fe265c7e5aba4232deeafb88545a2aa266fb9f2c2bb3f3ae8d2"}, - {NID_secp224r1, NID_sha384, - "e90129ac6672c85bb7b6b18e9dc199c96c81fd65034b53c77818364d512366fb9cd1bc7c" - "82404c451e561fc1ed916c0948f6ac561b33a1ccca093f07684b8c2bafa9e966377bd208" - "556018a5bafb9edcecf70498c7140fe9c8cf3ad8b8c3b0aa489df797944465047465415b" - "b0e24333235fcdd59a98829a3941eaaf62033e82", - "79d5367314ec664aa0f6ca36f95549502a05bf8400bf532d669fab8d", - "043191f0237102dac159032ab2dde53cf56c9ec827b5caddfe9e83c02ab496b1bdcca443" - "4ac0d0d91ea38ff3bc33f9f54095bfe17796d5a9e2", - "da529c52f5cc1f435d873109cd991d6cd7e1631d9ff1dd9521dd5db6", - "8e0ac63903f4921755430572c3f08bc272790639bdf1009fe2a9a714", - "6278c841a2d0a270791fe54b36c49d426d67907aa4e4f59c8638ad97"}, - {NID_secp224r1, NID_sha384, - "3c9a483c9bee33b601549c592a82e95b4319b1e74b777877f0971bcb4273716b268e8f99" - "f876e42f942f4cf08284896bbc1ffbf094ac0956c3cedfc3580cffa8c74fc6db29a371f2" - "da2d05edb9185ece741fe0d3fabfe9d5b4d373755ebed13dc6840cfa3283b9ea46ec8b95" - "c434f253ae86998182e9cc0e95ee64f323fc74b0", - "1320eedad4745121793a7eaf732b0b4498f7cb456cac8cf45a1f66f0", - "049fdd99906ab77fd29e9021bde947d05a7a9eb153612269bfb0899bc9681b65b9ac8e4c" - "2899bb622dafb253b7bf5a6e38e5f6595f997c291a", - "66ed8d8934633f4125f593cf1b1d3745c4db1f15dde60cf46ca1c7f2", - "80199485a3a96447b39f7679cd47412a78675ba17dcbd10465dc5b48", - "a251fd9f136a3cb0dd0bc80659ae032e4a761ba7045da0034553fb8c"}, - {NID_secp224r1, NID_sha384, - "bfc073fdda63c5fccaa0ca8770c293e8154e7aec56128bbac4fdbd541d602216ebf7ca1e" - "02b514d6e396f20683802ba3f334310a9226576926e3bb19ceee27738d13377cbafeb09d" - "091043501702a07aa31d1f29d50ddc55adcf16ffd40578e734a4e6cb6535f26ad48e0c62" - "ad90e79720000e87d419e92dca3e11f943655b03", - "e18821329447d3f65ba7279e96bd4624ffa1b32b90f6e8331b1e876d", - "0446c9ed837232c47022df2f1a1578fbe65ac9f2e81c98a74cc22ea31a6fc5e9568ae62b" - "31412a0b0b367242e9fd7e518c83aa06a069e1d90d", - "a4c1eb402a2fb3af26e0e14a3d2fc8ed3bc1a8b2475270356a79fdd3", - "d478b68733d8ad44be46766e7b66af782fbdc7ff7ed0b191176da98a", - "5eae9160ccf71fd1d359d89cecce72ef8afaeee2365f6ba828aa450a"}, - {NID_secp224r1, NID_sha384, - "08079955d1a1f33728128c73673ec9f21a6ce138dcab5adc4dc068e6ab57314b9fbd8b01" - "3123b2fdafa9524fbdd0288777a233de8055cccfad83046ada6a19f01c47817496667bba" - "8fc8b9456fc0e044a562d931dab1adcb66af8b66325bdf28d83ded3e2937958ccd19da54" - "0d70ef2c189f55a506c9c0d63406394c5bd3823b", - "f73e030d5a696b358986d3efaca121cf71f775f8835a21e6135145d7", - "049ca2c6ea87ac8dd3a23a5b4010841a7c8af309038882ae44634bcf55b0a347dbd5ded3" - "b8702ac5a457e8b32bd4de06fd315095fa1b7d5fe1", - "e3cc786c1288ea567836c51d6d69dd0cab5c015987d936ccc3a4beb3", - "f1234da71761b7a0f49e661a419d2a739bdc4544bf87690e3d2f96db", - "096d16bf8020c3d3c233894ad8eb81206010e62c6e692a215e088fd4"}, - {NID_secp224r1, NID_sha384, - "23900b768f6cd42b8a8df0dcbc9cb5daec8de36b9d5c619adcc1ba2b649103d5af123746" - "cdf19c3fd0665a6fb9338156182aa06181e3c6e37ce56979612af2927440424f89cef43f" - "c754854b8a5c43370808cf5f9929cf47712512ce2f8a2a20d2e9f568c2848b27dfbe0914" - "2843c83905ffa5da3b15501761b03dbc2c5398b6", - "7a0789323f8741c157a1753ae165ecaf8e8b03a60561f8b80cee467c", - "04101271a9addd4bd1f19d00bf116c8524f52cefd598e85dc381597acb2f17d14f4d8ccb" - "28b216553718152ba7c104646d8eca986dd9ddea39", - "d169f04f05b60c625cda864d187938863964dab7bb3b9dfc04b05519", - "e4a51be686a764b709da23ab48b1985e153c6ee238d945e743907afc", - "118a8f1ffe3cd556ce6345bd1a398dd9cc3729b7fd6d8af9bfd82f40"}, - {NID_secp224r1, NID_sha384, - "1eb28c0bcdd18f73e347f957ece15b4cc83a771b0877e1feaac38e24028fb38ccea8b54e" - "e017dc7c3d5a1327bc6f40b294aa65d7dc487f278846cd101ee84202f14b38aa2c275046" - "aa2577f65ebaea41cd383e8def2fd0b4444dcf426fa75c4082cd7fa035cdb1e0d34a3c79" - "d42130f5b0273eae75bc701dda3aebe7358f41b5", - "78e795d0edb11fd9e28dc26b21e751aa89bea0d87932ef11c95c0e18", - "049edd544107977134bf6360d43ccabb3c94d627c03963c0a04b439627ece4c61d319a0e" - "41f3de7863e7c355bac94395aaa74cdb5f74a87a5b", - "36f7c0f76808b826a0a974a1fd6e155e00a73f1d34674a8f88be405a", - "3e319444438bc2cc92f323ea842cb402b3c3c2448c89869ef7998edb", - "3420cc38f058f41c31e71f4b1ad488f801111c73541de69fcee60695"}, - {NID_secp224r1, NID_sha384, - "efab51855407438fd5c250670366bca3c026ecec4a59394f00d8a4b51746d0c456436665" - "6d507e3e13e62fe7abeb976b8859895848dbaecf6582f1898ea06f00d4247702ed9721bd" - "375aa83ae4c67c2eaa6e080777ea5ecf2cf787d785389560ac91cf63a52f0373c3185e18" - "a3b8a466e21b61a239f1b77624eb1acacc76c4e1", - "bee02d8bc5bffb3fd3b4c9d6f686409f02662d10150d1e58d689966a", - "048848f964c847fe9dddc774618d4588c9cd56bbe588d7b1fb369c8bfaebbb699fbd0dc0" - "8859fe9132285fe20dff3b9d561c0640b6e0717607", - "59f1450d857b40e5552a4b8cd4ab0df2f01716635d172c1106840f21", - "a206d8398a16a991bc217f77f23c6f648384f254f255a8a876404444", - "eb1169cb5b1423dc0bfaffe565ae57f986e00de06405e3e7b605862e"}, - {NID_secp224r1, NID_sha384, - "31c29ca10279a417f0cc9b1382cf54dbfdfc89f2e6ef08c403c11f580cbf8674b141ed1a" - "417563282d99a55fc616d836421cde9424815c95e7fb7668bf3f137b29937f14882d74e0" - "34b732d78d91af7721aac4950734f5fa5d4b4d35534974f8cab6d2e6dca75ddb57e99148" - "c8a59df9fc5bcd723e546e8356f671cf2f65640a", - "dc0ddf6e501418bb8eafc5d7ccc143369e2aa441df8fc57d5f94a738", - "04063a5d632f4144376e14cfb03ad8ccf1489b613acd184d20dff66545e77727f057b043" - "d8a0f7458196b72e92d11f85b0891c6aaa9d915f58", - "ff0e5cae2671db7a1b90e22c63e7570bdd27352d45bac31e338debe0", - "5bc0b4998481ecbd3b6609184a84ca41d69b08c37138097f559259f8", - "0df8828eb1ca85e46405b94e1a2972c34c5e620a54e2f640f04aecc5"}, - {NID_secp224r1, NID_sha384, - "8db476f92e332519c1a0ece5d8deded6efbd2d8e8784eea0a6b4c3b4296c35f5f8de4317" - "e5c1627b91fb1973fee86c06e4992aa5a20cb7475c8808ff1da354d07a488dffa7838c6e" - "c1e3f99e3acba831f27bee8434eeda3eb36d0c6df3658883cd40068b1bed841310f6eb38" - "d4a3d07d85848770ff7933c054cd8b34662660b1", - "229d89b2fcf8441ffc95ebb2ac2ef156e25825782044b2b8bd6a3e01", - "04de616848d8044a44789ef1ba3a6dd66fe9257ddc57f7534e59a701be26cbf74a6d25e5" - "b34b96d30f327abd574cff7f7dbe6686573a7d6c5c", - "3b18ca6ec8e8e255ac88f64302745ca0b73ff94b2b2d48be95b4aaee", - "fa94fd8b827c06115c1eefd50afc02ce5926ee0e789667783c01c34b", - "edf766a66973cfc33e4159966c07321a7f6549c3c60e8586ef41402b"}, - {NID_secp224r1, NID_sha384, - "fcb272c828fe8fd3c6f8de9410c7b6e2b36717c1b0e5e359e9109bd7fc378978aa98182a" - "9d99961898ed88999b050d3b64d1457d7a899d6d273b9f4dde2aafa36d76329d62509043" - "c338f265fc4c7d938459b7fa3b230a9f6cb632b61489546bb4181a5ad7f0d7369b8caced" - "48eb374b075b2b325bc86add0f3b680cd9e80acd", - "97d747068147c0393a0bb5c159e2c9f1bd538f6204823294883abe28", - "043858a576eef2ce24d01766997fb81b3f3f78b6104cd188610be221d795ffc677ac7bfe" - "3e0bb4cffb17355a964c8356a807151b3cba5d1f4e", - "c1a2ec1ef16cfd5107c892790daefbed061be78bd8576696b60f64d5", - "18c908541843fcdac99b9ff6bb397f3f8094d16b42670216e4eaa2d7", - "c107a8a508ff57c5d4f78f86cc37e129c864d1c44ed5e73909613b74"}, - {NID_secp224r1, NID_sha512, - "7522492bdb916a597b8121f3e5c273b1d2800ef8c1db4f7dcbae633b60d7da5193ba53a6" - "3d7a377b351897c3b24903ae1cd1994211b259be3e6ae2cbc8970e4957fdf782c7d1bc7a" - "91c80c8ef65468d4ef35428f26e2940ae8b0bd9b8074236bf6c00d0ebe83f9ddb2ade0f8" - "35138d39f33b59f244e0037c171f1ba7045a96f5", - "ba5374541c13597bded6880849184a593d69d3d4f0b1cb4d0919cbd6", - "04ac635fe00e8b7a3c8ef5655bdfb7f83e8532e59c0cc0b6534d810ffa1d067aebeba66e" - "79b28ecfe59ac6fdf5e1970dc3a84499c9d90cd8e2", - "187ed1f45c466cbafcd4b9577fb222408c011225dcccfd20f08b8d89", - "f83d54945997584c923c09662c34cf9ad1e987da8bfd9be600e7a098", - "4ff2dba9dba992c98a095b1144a539310e1a570e20c88b7d0aa1955c"}, - {NID_secp224r1, NID_sha512, - "61097114ff855c3e34a62d9b853f8982d35f29cfa4a89893badbca7849e5fb437a1a38d6" - "451bf0ca5a0d528e352b8e4b57f2ea359a7fc8841d49dd3e570f9b016f14156b0bbc4be8" - "22e260bd147ec081454969e11cb0034b7450ef4deb7ed6edb977e2f4ed60121aa095fb0a" - "b40240dc329ecc917f5c64b4410612af065ee9dd", - "1e27187134d0a63542adf4665fba22f00cfc7b0a1e02effe913ceedc", - "04ecaea8ceea55c3bd418fd34a4ff2499e25e66a104eed846bc00c31d23933a356ab1f2d" - "abc303ff0a5d076131e77032e6f502336883bf78a7", - "34cb597deae9a3b1cada937abcd247161b19b2b336b20e2e42ae01f1", - "58177ba46fb291490b39368774accf72736412c1fb5ee0f27b9b1e02", - "58337d78b95a080bfcabb5809bee012501b4da84b8ef310a4628f11c"}, - {NID_secp224r1, NID_sha512, - "dd09ae6c982bb1440ca175a87766fefeacc49393ff797c446200662744f37a6e30c5d33b" - "a70cbd8f12277fd6cc0704c17478bbab2a3047469e9618e3c340a9c8caaff5ce7c8a4d90" - "ecae6a9b84b813419dec14460298e7521c9b7fdb7a2089328005bd51d57f92a1bcbeecd3" - "4aa40482b549e006bbf6c4ce66d34a22dda4e0e0", - "0905b40e6c29bfcbf55e04266f68f10ca8d3905001d68bb61a27749b", - "04d656b73b131aa4c6336a57849ce0d3682b6ab2113d013711e8c297626328335ffc2029" - "afbfe2a15cc5636978778c3f9dab84840b05f2e705", - "dc82840d147f893497a82f023d7d2cbf0a3a5b2ac6cc1b9b23e504be", - "583af080e0ec7c1ba5a491a84889b7b7b11ccfe18927c7c219b11757", - "b23700035349df25d839f0973bef78a7515287de6c83707907074fa6"}, - {NID_secp224r1, NID_sha512, - "37a73e2774d3b274db426c89b945696daa96035031f72cea01894b24508c7f81961ec254" - "d36ed6a0f448e11cf7950af769dc6cd2c47e52c6caf0ea92c270974f0214b4db436c36a6" - "0fb722060a6bb544462a82e1714f5906ec32886f7d59ebf289541c3a00ec1e004892ef2b" - "1286a0194f55d083c6ec92c64b8fd1452e1c68ba", - "afbaede5d75e4f241dd5b53220f3f5b9c1aa1d5d298e2d43236452dc", - "04fe83e59fc8ea8b939355d3258fe53a64d45f63031a0716b7cc416173f151d23060f1c8" - "56eb7f1f58be72a7228c3af89e43b56e9695b558c7", - "0fbbe7b40136c81a8fb894498d5502157a1cf5a89d0643de92cd38f6", - "24f3f457c7b72b7e759d5a8afbf330e31c5d8d2e36f92c0e79c5d87d", - "36fd1193def34f12a960740fd79fb38bf2b480726ccad540eb42cdf8"}, - {NID_secp224r1, NID_sha512, - "9dc2046ffdc6804544db964481abe5d2d276a2a9eeec4c7ad40215b1de23561d402db69b" - "d0f6eec2254711eea4487c64d9a6b62c3ebaf5ffa8db6e7e3a6e17154d126967a47a853a" - "6f8339bdca9be306a13c7f992ded7619b0da59909a49b1e0930360e05b47f18628a36d69" - "b2f87f2bfddd6a5d4a72f84dc76dbdd43f3a6a35", - "950b07b0c2b7539a21b5135bfede214733f2e009647d38d8b21d760c", - "04f43d13bbfcee3b724063b3910fea49fd591b81e86fdb813b1a492d0c6b4c8d6fa5dc66" - "1889e3cf5ec64997a78222837885f85d2fe9b684fb", - "83e110d0d1e700d2f36543028737d2a2f1474aa3b4b28998a39e4793", - "2685265bc878e85d10ab13293dec190881a57c4a467f8fc2170432ea", - "80a347bb49036522369339bd6485a967cdda818915d8eb947302fcf9"}, - {NID_secp224r1, NID_sha512, - "d9c6847fce688c5e7525a1098b545cb6c15dcd21a02761fc82fc664372a667390680135f" - "91c01a2fa5430c634b1a6d1cd6002d8aa021e7bf5956a7901c2f81bc25d502ba5f55a55f" - "30c0323dc68205cbefec0538e68654e7b327ac1743641896c3e740d8f66f400902b304ea" - "faa4e0d8cffae140536f0922444cc3216a675697", - "015bd9f5dfef393b431c3c7fced24385d861ccb563542574a5d2a9bc", - "04e868690641e2cda13b289a6c5d2fb175940396044d9cf27b4f2240af4c78c9abdf2b7f" - "c67ed4497001d7bcf1daca1739dc14a661f91d7c40", - "e2374350f47c08f3c1359d4edf87e61d1ba4e7dd1540d8d9062efa79", - "e12dc088d2bc032bb214c77d0e0fb749fc8e61ebe1ed72996f1084b6", - "0ab58aa31e0bba5fbc76855e6549f1036fba0a589aeab978ab01b8fb"}, - {NID_secp224r1, NID_sha512, - "69df8a01b66f04930efd2012ff2243874f256ca8758145d2a9e4ecc84d0dbdbd0dc494ae" - "06db0ccbe819918137c90957114558580d6623efbafdd342b38dad9f08708084d32f874f" - "ba04782ce26aaab78de2102ad171f8a8f2b30b5bd3d55fdac5fa3acd6f7def7e61c25339" - "38572b331ba6d1c02bd74bfdbf7337ade8f4a190", - "0a3c259df933247445acffb6d8265b601d597fb9997dc2a1eb4deef4", - "04e67f4385a9da54253cc371ee9bc6739ae6385a4b87669c7baf0c460d2bb00b6ddd7b67" - "d9ac5653ec04ca8529fbf16f815c04da3c2e58e82d", - "8bf5859665b6a23e6b05a311580f60187ba1c4ae89e44877fb48af66", - "653675fb993c3fa9e57b32e33029ec230b966e8077c72c1ec90ddefc", - "792723bf87e315147cd4303de7f1dfe95cd7658ebb95c38c1a196140"}, - {NID_secp224r1, NID_sha512, - "927524982b8d60777c1105c86fac05f634abf58c73f84fb95d81ba0b86e1e43592c4fcad" - "2e395a40fbe7005697d86088e2fb3bb7287eb3f917d4f2dc281f5cbe65d05b4f9623bca8" - "49b10a03beca6aa2056a12ebb91cf257ac448c5e9a78f8349a6a29b17c8978bef43a443c" - "bb8a149eb23f794844fc41693f2dbb97181444be", - "a1c8ef463f9e7e3dd63e677412f87cf9ea4ac9a6a2dae629da5b9916", - "04400e5cd4b315ceb309545cd3277acb70bdae2073fda6ad896ea14b27fbe1d2466cd2e1" - "16f38248bd5cabaa6cbe6c4a2694d998abd7b0c991", - "82f55a25d3ed6e47c22a6eed0fa52ed0818b87d6ea7950281dfefc09", - "16305a46a3f6f9e216ef8f6a6f5f0760d064a885657c864e1c1ea035", - "58fd97050bfbca6f87e64e1458c4ad80bae26e280356da344ad3b25d"}, - {NID_secp224r1, NID_sha512, - "5f9042283561e7f19a436d01c7ef5a950a6d77ede5629cd7e43c0a5d58e8c5673c37945a" - "453291d12938253c71dbe12c8b022ba7276eda6be034ef5ec1ec77dbd1e08f0d7b8e7725" - "b7ec671c075e008a20f77f4ab266f97079b0aa6337df59a33b881954084057b21f294dd1" - "4bcb0869a4a6f1f597955ec7bf9d19bb3537a66a", - "fa511dbf6fef7e5e9c73e4555eb75d435f7884322d9faf5d78cacc0b", - "04e8dccd706c31f895f2f261ab979cbab51b8ae28196bcc12a42046380ec246be8e71ea3" - "859cb717a59990fe22e4b76858ff49becd70739a01", - "a37d665fe4314aa4cd03eb8e6a1f366b43e11fdb419c96b48f787b62", - "05e4909bcc172ab4140be291aad4660e375032bce2d762b6269ba764", - "e347a1c9d3670690e1d8d1d4cd9579848f442199c10526488da5cebf"}, - {NID_secp224r1, NID_sha512, - "c2ae5573d3bf396523bfb703db8502fd0760cd1be528f6ddbfb95aad399e0b19f3bd9e0f" - "abdb05d49e3f893dffec5b627c9c2f7ad5f32e92e4e27a38cb5c28657657377fdfa1b66c" - "d7ac3d15c6d49df92d284db99f69744f37dc7cb4e7d52920fdb200a7942623a7057ba82e" - "467dcccaa5da416b48510d8364446a6a5e2a5aa8", - "a58bd53646400a646f0e4208320dc679a9664d1c6bfb27fdc8eac7ea", - "04e22e0dc4ecd96eb0071b72ba4b4988bf784f3fe73cb81bfb93d9ac4fb3e213e518bee1" - "367a4fb3703b9008bac9d95a1fc4aa61225fff9f3c", - "42c5b6f87d3bb1ed74f5ee8398d8f8c61e9e50ffa7a1da12d39893f9", - "5c0e5c6f057de1e99ef5d237a60d7a07fa9a42b120a82f573d9fb7b2", - "2fffc0bf550bd2f650fed085a84501cacfa6a1bb984df1f9237eaa59"}, - {NID_secp224r1, NID_sha512, - "03c1a1cd30a039d0dcb22fee2450a7fa79495a0d0f4f43d2de4d75bce003c0334a8860f5" - "c164dbd94888a9f751235a3e570d31070e3e1293a7be616af7176600585d36ac01360015" - "7d2569d491da4b8a3bf3630c26e0b9925412189f50b0ae6f04c86477932e2ecd8c354610" - "6ae1ebc684cc3adb27ed665eddece886adea4ce3", - "64bd4452b572cc95510ac2e572f41136299ff17f6e8448f4ffb571d0", - "0492521fa25c2e034d127e0921efdb167f0b2ff8b20504487ed87fa264e72c770e37375a" - "d7dc2c4e63e5701826f6606f6ffb9461ee61b4e872", - "eaf76ee4d7e00d13d8a6d03dffd07ad9a8bb6dc8176c9f93059b1b7f", - "cf5058e2a6cf5e61a138b013eb292f38a1b9f07239ae5941dbce8919", - "d14198621650d985d270bc997da6e78588fd0ef843b874c66a3de3c3"}, - {NID_secp224r1, NID_sha512, - "888f6d9bc7c86c0079fbfd42d8c08d6958f40f6e570fb0b1f03d2f8f8a63df4fcc87b379" - "a222cf835820a999d34996e08961f13b86b075e7fd1c303cd3baa44de42168561589012f" - "7e5300da4f8bdf470c07119a5d9f7ba7293568cd7c6a1b7fc1e41cda40bed7d46e5a28af" - "67ae2aabfefe67a86a1c601e6f5ee543e09bd7b6", - "7f3edb710df9d982f486233d0c176aa88f5a0ee81efa9b8145020294", - "04e7611e013e7b43ff5b8b57ad83333bffcc9e469ad23070b5791dc5947784da0a11dbe1" - "6208c6e0b6d5029e71fbec4dffc9fa046d3eeb71c9", - "94db7ef9a232593091eb9a74f289529c7e0d7fef21f80b3c8556b75e", - "a971f45bab10b1d16d7234ca8e4ec987da20d9e867f28aa063296e23", - "e38c538d65a7e1a28fd3ec53f015a7e5beb60e9d309f1e3ba4b2c3d2"}, - {NID_secp224r1, NID_sha512, - "48453340f1317769e6ee6e103153714365731163dc18f84e9f2fa4b120f9c5a9645ee2f9" - "b66c84c26d95912b422b009b64af96aa418b2427a4209f2e7513ba8e43ec8cf20b34e752" - "9b22eb1199545afe9a9f7d9bcb320aec9ee0162f91c0d1dd9674c9c284f25199c5e109f6" - "f84d7ed0d269cc6413edb81bc2c83e37d644d8b9", - "b569f8296ff1d9cc01fffd9919016e5730c1858bdb7b99527153751a", - "04242f34959516a4706172f7dede23110efa314bff22eb320ab88feeff45e3227710900a" - "8acfc9bcce728119d042f64ca40876c2b380ee46e0", - "ae61523866a8f43e6cdd42ba27a34ed06527e8a5842901a64c393f76", - "c2732a4e0815f9f785500e80147e9486994446beccf8a6a352b97585", - "6ecaece6487d7920e398f7f951ab7c7aba5832dabf03704106ad1244"}, - {NID_secp224r1, NID_sha512, - "4bdfd3b91d83108409ad765b256e0c9b9937ecf647f8e6f9fc807e2e72af8246178b3fe0" - "46b4ea10170450d71a4eec790ecb05f03d7077341de26c4db7eeae24d55c9a9093e837df" - "db38168fe8230cb9605825a1282fecd741989bfcdb34678fe077477927f66bd26d003e5d" - "da22043341a14dd31841ba483ad5ce2701e0f68e", - "41a4dd8eee39232b728516e2f21e66011e7426a6b25986c3ffa237e4", - "04c32988171caab178bf50dc7310bc7f604df5a9d19a8e602519c72d8af8985d112ad9de" - "05969e5364d943c1cc5cd198359f4c62b19da0e117", - "827d4999da81fa920c8492ccc1e2d5cdafed9754cf7382a859952071", - "89c61da7422ccd676baec07e2185c12e947a2374eede87847304be6c", - "2685379624717ea28422e8d001c090405a130b4ef9f1ac726c3ca502"}, - {NID_secp224r1, NID_sha512, - "e6cdee8558bc1eacc24e82f0624ce8d02cc8d925b4dd3dec3a72f4a4e0fb76076bfa3ef2" - "e2c33bdd7c27b322bdc09bbfee8fe46f75dbd7bbd2af09690b7137943efe21706e0a1b6d" - "3089540fc58d85ddb55ea836616db573e36c521be008893f40a0a7c349602cc178ea43be" - "59d31ec6449e7ff2c5379379f7d7645134df1bc3", - "67fa50569257c8cc89ac0325db4902003a62f30b917f53e4035a7e04", - "046773a0436a9c42635730413b19aa4166f08c69c0e5002953da42253b555138290b093b" - "f2fe79acda9131d920cd1e7ac43fb8775776cd713c", - "557cb45fd3a30b3bdbf08c56eabbd4478736024aaa52bf8448096453", - "8e92cf7a674aa5f7542dd95c695589a05747431692edd04804299b8f", - "af4908b41f8180b71a6ff10fd51f3d143147af6ddddf7534d3284ed9"}, - {NID_X9_62_prime256v1, NID_sha224, - "ff624d0ba02c7b6370c1622eec3fa2186ea681d1659e0a845448e777b75a8e77a77bb26e" - "5733179d58ef9bc8a4e8b6971aef2539f77ab0963a3415bbd6258339bd1bf55de65db520" - "c63f5b8eab3d55debd05e9494212170f5d65b3286b8b668705b1e2b2b5568610617abb51" - "d2dd0cb450ef59df4b907da90cfa7b268de8c4c2", - "708309a7449e156b0db70e5b52e606c7e094ed676ce8953bf6c14757c826f590", - "0429578c7ab6ce0d11493c95d5ea05d299d536801ca9cbd50e9924e43b733b83ab08c804" - "9879c6278b2273348474158515accaa38344106ef96803c5a05adc4800", - "58f741771620bdc428e91a32d86d230873e9140336fcfb1e122892ee1d501bdc", - "4a19274429e40522234b8785dc25fc524f179dcc95ff09b3c9770fc71f54ca0d", - "58982b79a65b7320f5b92d13bdaecdd1259e760f0f718ba933fd098f6f75d4b7"}, - {NID_X9_62_prime256v1, NID_sha224, - "9155e91fd9155eeed15afd83487ea1a3af04c5998b77c0fe8c43dcc479440a8a9a89efe8" - "83d9385cb9edfde10b43bce61fb63669935ad39419cf29ef3a936931733bfc2378e253e7" - "3b7ae9a3ec7a6a7932ab10f1e5b94d05160c053988f3bdc9167155d069337d42c9a70566" - "19efc031fa5ec7310d29bd28980b1e3559757578", - "90c5386100b137a75b0bb495002b28697a451add2f1f22cb65f735e8aaeace98", - "044a92396ff7930b1da9a873a479a28a9896af6cc3d39345b949b726dc3cd978b5475abb" - "18eaed948879b9c1453e3ef2755dd90f77519ec7b6a30297aad08e4931", - "36f853b5c54b1ec61588c9c6137eb56e7a708f09c57513093e4ecf6d739900e5", - "38b29558511061cfabdc8e5bb65ac2976d1aa2ba9a5deab8074097b2172bb9ad", - "0de2cde610502b6e03c0b23602eafbcd3faf886c81d111d156b7aa550f5bcd51"}, - {NID_X9_62_prime256v1, NID_sha224, - "b242a7586a1383368a33c88264889adfa3be45422fbef4a2df4e3c5325a9c7757017e0d5" - "cf4bbf4de7f99d189f81f1fd2f0dd645574d1eb0d547eead9375677819297c1abe62526a" - "e29fc54cdd11bfe17714f2fbd2d0d0e8d297ff98535980482dd5c1ebdc5a7274aabf1382" - "c9f2315ca61391e3943856e4c5e616c2f1f7be0d", - "a3a43cece9c1abeff81099fb344d01f7d8df66447b95a667ee368f924bccf870", - "045775174deb0248112e069cb86f1546ac7a78bc2127d0cb953bad46384dd6be5ba27020" - "952971cc0b0c3abd06e9ca3e141a4943f560564eba31e5288928bc7ce7", - "a0d9a7a245bd9b9aa86cecb89341c9de2e4f9b5d095a8150826c7ba7fb3e7df7", - "b02a440add66a9ff9c3c0e9acf1be678f6bd48a10cbdec2ad6d186ffe05f3f2a", - "a98bea42aec56a1fcecec00a1cc69b01fcbcf5de7ac1b2f2dcc09b6db064f92b"}, - {NID_X9_62_prime256v1, NID_sha224, - "b64005da76b24715880af94dba379acc25a047b06066c9bedc8f17b8c74e74f4fc720d9f" - "4ef0e2a659e0756931c080587ebdcd0f85e819aea6dacb327a9d96496da53ea21aef3b2e" - "793a9c0def5196acec99891f46ead78a85bc7ab644765781d3543da9fbf9fec916dca975" - "ef3b4271e50ecc68bf79b2d8935e2b25fc063358", - "7bbc8ff13f6f921f21e949b224c16b7176c5984d312b671cf6c2e4841135fc7f", - "04f888e913ec6f3cd8b31eb89e4f8aaa8887d30ae5348ed7118696949d5b8cc7c108895d" - "09620500d244e5035e262dea3f2867cd8967b226324d5c05220d8b410c", - "21c942f3b487accbf7fadc1c4b7a6c7567ce876c195022459fa1ebf6d04ffbaa", - "2e6cc883b8acc904ee9691ef4a9f1f5a9e5fbfde847cda3be833f949fb9c7182", - "2ac48f7a930912131a8b4e3ab495307817c465d638c2a9ea5ae9e2808806e20a"}, - {NID_X9_62_prime256v1, NID_sha224, - "fe6e1ea477640655eaa1f6e3352d4bce53eb3d95424df7f238e93d8531da8f36bc35fa6b" - "e4bf5a6a382e06e855139eb617a9cc9376b4dafacbd80876343b12628619d7cbe1bff675" - "7e3706111ed53898c0219823adbc044eaf8c6ad449df8f6aab9d444dadb5c3380eec0d91" - "694df5fc4b30280d4b87d27e67ae58a1df828963", - "daf5ec7a4eebc20d9485796c355b4a65ad254fe19b998d0507e91ea24135f45d", - "04137c465085c1b1b8cccbe9fccbe9d0295a331aaf332f3ed2e285d16e574b943bd3e8d5" - "a24cd218c19760b0e85b35a8569945aa857cbf0fd6a3ce127581b217b6", - "343251dffa56e6a612fec7b078f9c3819eab402a72686b894a47a08fd97e6c23", - "775e25a296bd259510ae9375f548997bec8a744900022945281dc8c4d94f2b5b", - "d87592ceab773ae103daebbb56a04144aaccb1e14efc1024dc36c0e382df1f70"}, - {NID_X9_62_prime256v1, NID_sha224, - "907c0c00dc080a688548957b5b8b1f33ba378de1368023dcad43242411f554eb7d392d3e" - "5c1668fad3944ff9634105343d83b8c85d2a988da5f5dc60ee0518327caed6dd5cf4e9bc" - "6222deb46d00abde745f9b71d6e7aee6c7fdfc9ed053f2c0b611d4c6863088bd012ea981" - "0ee94f8e58905970ebd07353f1f409a371ed03e3", - "8729a8396f262dabd991aa404cc1753581cea405f0d19222a0b3f210de8ee3c5", - "0482b1f1a7af9b48ca8452613d7032beb0e4f28fe710306aeccc959e4d03662a355e39f3" - "3574097b8d32b471a591972496f5d44db344c037d13f06fafc75f016fd", - "6de9e21f0b2cacc1762b3558fd44d3cf156b85dbef430dd28d59713bfb9cfa0b", - "a754b42720e71925d51fcef76151405a3696cc8f9fc9ca7b46d0b16edd7fb699", - "603924780439cc16ac4cf97c2c3065bc95353aa9179d0ab5f0322ca82f851cf2"}, - {NID_X9_62_prime256v1, NID_sha224, - "771c4d7bce05610a3e71b272096b57f0d1efcce33a1cb4f714d6ebc0865b2773ec5eedc2" - "5fae81dee1d256474dbd9676623614c150916e6ed92ce4430b26037d28fa5252ef6b10c0" - "9dc2f7ee5a36a1ea7897b69f389d9f5075e271d92f4eb97b148f3abcb1e5be0b4feb8278" - "613d18abf6da60bfe448238aa04d7f11b71f44c5", - "f1b62413935fc589ad2280f6892599ad994dae8ca3655ed4f7318cc89b61aa96", - "04e0bbfe4016eea93e6f509518cbffc25d492de6ebbf80465a461caa5bdc0181593231ee" - "7a119d84fa56e3034d50fea85929aec2eb437abc7646821e1bf805fb50", - "7a33eeb9f469afd55de2fb786847a1d3e7797929305c0f90d953b6f143bb8fc6", - "96d1c9399948254ea381631fc0f43ea808110506db8aacf081df5535ac5eb8ad", - "73bf3691260dddd9997c97313f2a70783eacf8d15bdfb34bb13025cdfae72f70"}, - {NID_X9_62_prime256v1, NID_sha224, - "a3b2825235718fc679b942e8ac38fb4f54415a213c65875b5453d18ca012320ddfbbc58b" - "991eaebadfc2d1a28d4f0cd82652b12e4d5bfda89eda3be12ac52188e38e8cce32a264a3" - "00c0e463631f525ae501348594f980392c76b4a12ddc88e5ca086cb8685d03895919a862" - "7725a3e00c4728e2b7c6f6a14fc342b2937fc3dd", - "4caaa26f93f009682bbba6db6b265aec17b7ec1542bda458e8550b9e68eed18d", - "04e3c58c1c254d11c7e781ad133e4c36dd1b5de362120d336a58e7b68813f3fbee59760d" - "b66120afe0d962c81a8e5586588fd19de2f40556371611c73af22c8a68", - "c0d37142dc8b0d614fad20c4d35af6eb819e259e513ddeac1e1c273e7e1dc1bb", - "25dd8e4086c62a40d2a310e2f90f6af5cb7e677b4dfdb4dc4e99e23ea2f0e6dc", - "90ad62c179b0c9d61f521dde1cd762bfd224b5525c39c3706f2549313ddb4f39"}, - {NID_X9_62_prime256v1, NID_sha224, - "3e6e2a9bffd729ee5d4807849cd4250021d8184cda723df6ab0e5c939d39237c8e58af9d" - "869fe62d3c97b3298a99e891e5e11aa68b11a087573a40a3e83c7965e7910d72f81cad0f" - "42accc5c25a4fd3cdd8cee63757bbbfbdae98be2bc867d3bcb1333c4632cb0a55dffeb77" - "d8b119c466cd889ec468454fabe6fbee7102deaf", - "7af4b150bb7167cb68037f280d0823ce5320c01a92b1b56ee1b88547481b1de9", - "04cb3634ec4f0cbb99986be788f889e586026d5a851e80d15382f1bdb1bda2bc7551e4e4" - "3bc16fb114896b18198a1aebe6054ba20ed0c0317c1b8776158c0e6bfb", - "98edd59fafbcaee5f64e84eb5ed59fff45d14aabada47cee2fa674377173627a", - "261a1cdb0fd93c0fb06ea6068b6b03c330a12f621a7eba76682a1d152c0e8d08", - "7ca049bad54feee101d6db807635ffb8bdb05a38e445c8c3d65d60df143514c5"}, - {NID_X9_62_prime256v1, NID_sha224, - "52e5c308e70329a17c71eaedb66bbee303c8ec48a6f1a2efb235d308563cd58553d434e1" - "2f353227a9ea28608ec9c820ed83c95124e7a886f7e832a2de1032e78dc059208f9ec354" - "170b2b1cab992b52ac01e6c0e4e1b0112686962edc53ab226dafcc9fc7baed2cd9307160" - "e8572edb125935db49289b178f35a8ad23f4f801", - "52ad53e849e30bec0e6345c3e9d98ebc808b19496c1ef16d72ab4a00bbb8c634", - "047cca1334bfc2a78728c50b370399be3f9690d445aa03c701da643eeb0b0f7fa83f7522" - "238668e615405e49b2f63faee58286000a30cdb4b564ac0df99bc8950f", - "8650c30712fc253610884fbba4a332a4574d4b7822f7776cab1df8f5fa05442a", - "a18194c7ac5829afc408d78dde19542837e7be82706c3941b2d9c5e036bb51e0", - "188ead1cdf7c1d21114ff56d0421ffd501ab978ef58337462c0fa736d86299af"}, - {NID_X9_62_prime256v1, NID_sha224, - "d3e9e82051d4c84d699453c9ff44c7c09f6523bb92232bcf30bf3c380224249de2964e87" - "1d56a364d6955c81ef91d06482a6c7c61bc70f66ef22fad128d15416e7174312619134f9" - "68f1009f92cbf99248932efb533ff113fb6d949e21d6b80dfbbe69010c8d1ccb0f3808ea" - "309bb0bac1a222168c95b088847e613749b19d04", - "80754962a864be1803bc441fa331e126005bfc6d8b09ed38b7e69d9a030a5d27", - "040aaeed6dd1ae020d6eefc98ec4241ac93cbd3c8afed05bb28007e7da5727571b2dda1d" - "5b7872eb94dfffb456115037ff8d3e72f8ebdd8fcfc42391f96809be69", - "738e050aeefe54ecba5be5f93a97bbcb7557d701f9da2d7e88483454b97b55a8", - "8cb9f41dfdcb9604e0725ac9b78fc0db916dc071186ee982f6dba3da36f02efa", - "5c87fe868fd4282fb114f5d70e9590a10a5d35cedf3ff6402ba5c4344738a32e"}, - {NID_X9_62_prime256v1, NID_sha224, - "968951c2c1918436fe19fa2fe2152656a08f9a6b8aa6201920f1b424da98cee71928897f" - "f087620cc5c551320b1e75a1e98d7d98a5bd5361c9393759614a6087cc0f7fb01fcb1737" - "83eb4c4c23961a8231ac4a07d72e683b0c1bd4c51ef1b031df875e7b8d5a6e0628949f5b" - "8f157f43dccaea3b2a4fc11181e6b451e06ceb37", - "cfa8c8bd810eb0d73585f36280ecdd296ee098511be8ad5eac68984eca8eb19d", - "04c227a2af15dfa8734e11c0c50f77e24e77ed58dd8cccf1b0e9fa06bee1c64766b68659" - "2ce3745eb300d2704083db55e1fa8274e4cb7e256889ccc0bb34a60570", - "2d6b449bb38b543d6b6d34ff8cb053f5e5b337f949b069b21f421995ebb28823", - "5e89d3c9b103c2fa3cb8cebeec23640acda0257d63ffbe2d509bfc49fab1dca6", - "d70c5b1eeb29e016af9925798d24e166c23d58fedd2f1a3bbdb1ef78cdbfb63a"}, - {NID_X9_62_prime256v1, NID_sha224, - "78048628932e1c1cdd1e70932bd7b76f704ba08d7e7d825d3de763bf1a062315f4af16ec" - "cefe0b6ebadccaf403d013f50833ce2c54e24eea8345e25f93b69bb048988d102240225c" - "eacf5003e2abdcc90299f4bf2c101585d36ecdd7a155953c674789d070480d1ef47cc785" - "8e97a6d87c41c6922a00ea12539f251826e141b4", - "b2021e2665ce543b7feadd0cd5a4bd57ffcc5b32deb860b4d736d9880855da3c", - "04722e0abad4504b7832a148746153777694714eca220eced2b2156ca64cfed3ddf0351b" - "357b3081e859c46cad5328c5afa10546e92bc6c3fd541796ac30397a75", - "b15bbce4b382145de7ecd670d947e77555ef7cd1693bd53c694e2b52b04d10e1", - "9d086dcd22da165a43091991bede9c1c14515e656633cb759ec2c17f51c35253", - "23595ad1cb714559faaecaf946beb9a71e584616030ceaed8a8470f4bf62768f"}, - {NID_X9_62_prime256v1, NID_sha224, - "9b0800c443e693067591737fdbcf0966fdfa50872d41d0c189d87cbc34c2771ee5e1255f" - "d604f09fcf167fda16437c245d299147299c69046895d22482db29aba37ff57f756716cd" - "3d6223077f747c4caffbecc0a7c9dfaaafd9a9817470ded8777e6355838ac54d11b2f0fc" - "3f43668ff949cc31de0c2d15af5ef17884e4d66a", - "0c9bce6a568ca239395fc3552755575cbcdddb1d89f6f5ab354517a057b17b48", - "044814d454495df7103e2da383aba55f7842fd84f1750ee5801ad32c10d0be6c7da0bd03" - "9d5097c8f0770477f6b18d247876e88e528bf0453eab515ffab8a9eda3", - "d414f1525cdcc41eba1652de017c034ebcc7946cb2efe4713d09f67c85b83153", - "84db02c678f9a21208cec8564d145a35ba8c6f26b4eb7e19522e439720dae44c", - "537c564da0d2dc5ac4376c5f0ca3b628d01d48df47a83d842c927e4d6db1e16d"}, - {NID_X9_62_prime256v1, NID_sha224, - "fc3b8291c172dae635a6859f525beaf01cf683765d7c86f1a4d768df7cae055f639eccc0" - "8d7a0272394d949f82d5e12d69c08e2483e11a1d28a4c61f18193106e12e5de4a9d0b4bf" - "341e2acd6b715dc83ae5ff63328f8346f35521ca378b311299947f63ec593a5e32e6bd11" - "ec4edb0e75302a9f54d21226d23314729e061016", - "1daa385ec7c7f8a09adfcaea42801a4de4c889fb5c6eb4e92bc611d596d68e3f", - "04f04e9f2831d9697ae146c7d4552e5f91085cc46778400b75b76f00205252941dbd2671" - "48174cd0c2b019cd0a5256e2f3f889d1e597160372b5a1339c8d787f10", - "7707db348ee6f60365b43a2a994e9b40ed56fe03c2c31c7e781bc4ffadcba760", - "5d95c385eeba0f15db0b80ae151912409128c9c80e554246067b8f6a36d85ea5", - "db5d8a1e345f883e4fcb3871276f170b783c1a1e9da6b6615913368a8526f1c3"}, - {NID_X9_62_prime256v1, NID_sha256, - "5905238877c77421f73e43ee3da6f2d9e2ccad5fc942dcec0cbd25482935faaf416983fe" - "165b1a045ee2bcd2e6dca3bdf46c4310a7461f9a37960ca672d3feb5473e253605fb1ddf" - "d28065b53cb5858a8ad28175bf9bd386a5e471ea7a65c17cc934a9d791e91491eb3754d0" - "3799790fe2d308d16146d5c9b0d0debd97d79ce8", - "519b423d715f8b581f4fa8ee59f4771a5b44c8130b4e3eacca54a56dda72b464", - "041ccbe91c075fc7f4f033bfa248db8fccd3565de94bbfb12f3c59ff46c271bf83ce4014" - "c68811f9a21a1fdb2c0e6113e06db7ca93b7404e78dc7ccd5ca89a4ca9", - "94a1bbb14b906a61a280f245f9e93c7f3b4a6247824f5d33b9670787642a68de", - "f3ac8061b514795b8843e3d6629527ed2afd6b1f6a555a7acabb5e6f79c8c2ac", - "8bf77819ca05a6b2786c76262bf7371cef97b218e96f175a3ccdda2acc058903"}, - {NID_X9_62_prime256v1, NID_sha256, - "c35e2f092553c55772926bdbe87c9796827d17024dbb9233a545366e2e5987dd344deb72" - "df987144b8c6c43bc41b654b94cc856e16b96d7a821c8ec039b503e3d86728c494a967d8" - "3011a0e090b5d54cd47f4e366c0912bc808fbb2ea96efac88fb3ebec9342738e225f7c7c" - "2b011ce375b56621a20642b4d36e060db4524af1", - "0f56db78ca460b055c500064824bed999a25aaf48ebb519ac201537b85479813", - "04e266ddfdc12668db30d4ca3e8f7749432c416044f2d2b8c10bf3d4012aeffa8abfa864" - "04a2e9ffe67d47c587ef7a97a7f456b863b4d02cfc6928973ab5b1cb39", - "6d3e71882c3b83b156bb14e0ab184aa9fb728068d3ae9fac421187ae0b2f34c6", - "976d3a4e9d23326dc0baa9fa560b7c4e53f42864f508483a6473b6a11079b2db", - "1b766e9ceb71ba6c01dcd46e0af462cd4cfa652ae5017d4555b8eeefe36e1932"}, - {NID_X9_62_prime256v1, NID_sha256, - "3c054e333a94259c36af09ab5b4ff9beb3492f8d5b4282d16801daccb29f70fe61a0b37f" - "fef5c04cd1b70e85b1f549a1c4dc672985e50f43ea037efa9964f096b5f62f7ffdf8d6bf" - "b2cc859558f5a393cb949dbd48f269343b5263dcdb9c556eca074f2e98e6d94c2c29a677" - "afaf806edf79b15a3fcd46e7067b7669f83188ee", - "e283871239837e13b95f789e6e1af63bf61c918c992e62bca040d64cad1fc2ef", - "0474ccd8a62fba0e667c50929a53f78c21b8ff0c3c737b0b40b1750b2302b0bde829074e" - "21f3a0ef88b9efdf10d06aa4c295cc1671f758ca0e4cd108803d0f2614", - "ad5e887eb2b380b8d8280ad6e5ff8a60f4d26243e0124c2f31a297b5d0835de2", - "35fb60f5ca0f3ca08542fb3cc641c8263a2cab7a90ee6a5e1583fac2bb6f6bd1", - "ee59d81bc9db1055cc0ed97b159d8784af04e98511d0a9a407b99bb292572e96"}, - {NID_X9_62_prime256v1, NID_sha256, - "0989122410d522af64ceb07da2c865219046b4c3d9d99b01278c07ff63eaf1039cb787ae" - "9e2dd46436cc0415f280c562bebb83a23e639e476a02ec8cff7ea06cd12c86dcc3adefbf" - "1a9e9a9b6646c7599ec631b0da9a60debeb9b3e19324977f3b4f36892c8a38671c8e1cc8" - "e50fcd50f9e51deaf98272f9266fc702e4e57c30", - "a3d2d3b7596f6592ce98b4bfe10d41837f10027a90d7bb75349490018cf72d07", - "04322f80371bf6e044bc49391d97c1714ab87f990b949bc178cb7c43b7c22d89e13c15d5" - "4a5cc6b9f09de8457e873eb3deb1fceb54b0b295da6050294fae7fd999", - "24fc90e1da13f17ef9fe84cc96b9471ed1aaac17e3a4bae33a115df4e5834f18", - "d7c562370af617b581c84a2468cc8bd50bb1cbf322de41b7887ce07c0e5884ca", - "b46d9f2d8c4bf83546ff178f1d78937c008d64e8ecc5cbb825cb21d94d670d89"}, - {NID_X9_62_prime256v1, NID_sha256, - "dc66e39f9bbfd9865318531ffe9207f934fa615a5b285708a5e9c46b7775150e818d7f24" - "d2a123df3672fff2094e3fd3df6fbe259e3989dd5edfcccbe7d45e26a775a5c4329a084f" - "057c42c13f3248e3fd6f0c76678f890f513c32292dd306eaa84a59abe34b16cb5e38d0e8" - "85525d10336ca443e1682aa04a7af832b0eee4e7", - "53a0e8a8fe93db01e7ae94e1a9882a102ebd079b3a535827d583626c272d280d", - "041bcec4570e1ec2436596b8ded58f60c3b1ebc6a403bc5543040ba829630572448af62a" - "4c683f096b28558320737bf83b9959a46ad2521004ef74cf85e67494e1", - "5d833e8d24cc7a402d7ee7ec852a3587cddeb48358cea71b0bedb8fabe84e0c4", - "18caaf7b663507a8bcd992b836dec9dc5703c080af5e51dfa3a9a7c387182604", - "77c68928ac3b88d985fb43fb615fb7ff45c18ba5c81af796c613dfa98352d29c"}, - {NID_X9_62_prime256v1, NID_sha256, - "600974e7d8c5508e2c1aab0783ad0d7c4494ab2b4da265c2fe496421c4df238b0be25f25" - "659157c8a225fb03953607f7df996acfd402f147e37aee2f1693e3bf1c35eab3ae360a2b" - "d91d04622ea47f83d863d2dfecb618e8b8bdc39e17d15d672eee03bb4ce2cc5cf6b217e5" - "faf3f336fdd87d972d3a8b8a593ba85955cc9d71", - "4af107e8e2194c830ffb712a65511bc9186a133007855b49ab4b3833aefc4a1d", - "04a32e50be3dae2c8ba3f5e4bdae14cf7645420d425ead94036c22dd6c4fc59e00d623bf" - "641160c289d6742c6257ae6ba574446dd1d0e74db3aaa80900b78d4ae9", - "e18f96f84dfa2fd3cdfaec9159d4c338cd54ad314134f0b31e20591fc238d0ab", - "8524c5024e2d9a73bde8c72d9129f57873bbad0ed05215a372a84fdbc78f2e68", - "d18c2caf3b1072f87064ec5e8953f51301cada03469c640244760328eb5a05cb"}, - {NID_X9_62_prime256v1, NID_sha256, - "dfa6cb9b39adda6c74cc8b2a8b53a12c499ab9dee01b4123642b4f11af336a91a5c9ce05" - "20eb2395a6190ecbf6169c4cba81941de8e76c9c908eb843b98ce95e0da29c5d43880402" - "64e05e07030a577cc5d176387154eabae2af52a83e85c61c7c61da930c9b19e45d7e34c8" - "516dc3c238fddd6e450a77455d534c48a152010b", - "78dfaa09f1076850b3e206e477494cddcfb822aaa0128475053592c48ebaf4ab", - "048bcfe2a721ca6d753968f564ec4315be4857e28bef1908f61a366b1f03c974790f6757" - "6a30b8e20d4232d8530b52fb4c89cbc589ede291e499ddd15fe870ab96", - "295544dbb2da3da170741c9b2c6551d40af7ed4e891445f11a02b66a5c258a77", - "c5a186d72df452015480f7f338970bfe825087f05c0088d95305f87aacc9b254", - "84a58f9e9d9e735344b316b1aa1ab5185665b85147dc82d92e969d7bee31ca30"}, - {NID_X9_62_prime256v1, NID_sha256, - "51d2547cbff92431174aa7fc7302139519d98071c755ff1c92e4694b58587ea560f72f32" - "fc6dd4dee7d22bb7387381d0256e2862d0644cdf2c277c5d740fa089830eb52bf79d1e75" - "b8596ecf0ea58a0b9df61e0c9754bfcd62efab6ea1bd216bf181c5593da79f10135a9bc6" - "e164f1854bc8859734341aad237ba29a81a3fc8b", - "80e692e3eb9fcd8c7d44e7de9f7a5952686407f90025a1d87e52c7096a62618a", - "04a88bc8430279c8c0400a77d751f26c0abc93e5de4ad9a4166357952fe041e7672d365a" - "1eef25ead579cc9a069b6abc1b16b81c35f18785ce26a10ba6d1381185", - "7c80fd66d62cc076cef2d030c17c0a69c99611549cb32c4ff662475adbe84b22", - "9d0c6afb6df3bced455b459cc21387e14929392664bb8741a3693a1795ca6902", - "d7f9ddd191f1f412869429209ee3814c75c72fa46a9cccf804a2f5cc0b7e739f"}, - {NID_X9_62_prime256v1, NID_sha256, - "558c2ac13026402bad4a0a83ebc9468e50f7ffab06d6f981e5db1d082098065bcff6f21a" - "7a74558b1e8612914b8b5a0aa28ed5b574c36ac4ea5868432a62bb8ef0695d27c1e3ceaf" - "75c7b251c65ddb268696f07c16d2767973d85beb443f211e6445e7fe5d46f0dce70d58a4" - "cd9fe70688c035688ea8c6baec65a5fc7e2c93e8", - "5e666c0db0214c3b627a8e48541cc84a8b6fd15f300da4dff5d18aec6c55b881", - "041bc487570f040dc94196c9befe8ab2b6de77208b1f38bdaae28f9645c4d2bc3aec8160" - "2abd8345e71867c8210313737865b8aa186851e1b48eaca140320f5d8f", - "2e7625a48874d86c9e467f890aaa7cd6ebdf71c0102bfdcfa24565d6af3fdce9", - "2f9e2b4e9f747c657f705bffd124ee178bbc5391c86d056717b140c153570fd9", - "f5413bfd85949da8d83de83ab0d19b2986613e224d1901d76919de23ccd03199"}, - {NID_X9_62_prime256v1, NID_sha256, - "4d55c99ef6bd54621662c3d110c3cb627c03d6311393b264ab97b90a4b15214a5593ba25" - "10a53d63fb34be251facb697c973e11b665cb7920f1684b0031b4dd370cb927ca7168b0b" - "f8ad285e05e9e31e34bc24024739fdc10b78586f29eff94412034e3b606ed850ec2c1900" - "e8e68151fc4aee5adebb066eb6da4eaa5681378e", - "f73f455271c877c4d5334627e37c278f68d143014b0a05aa62f308b2101c5308", - "04b8188bd68701fc396dab53125d4d28ea33a91daf6d21485f4770f6ea8c565dde423f05" - "8810f277f8fe076f6db56e9285a1bf2c2a1dae145095edd9c04970bc4a", - "62f8665fd6e26b3fa069e85281777a9b1f0dfd2c0b9f54a086d0c109ff9fd615", - "1cc628533d0004b2b20e7f4baad0b8bb5e0673db159bbccf92491aef61fc9620", - "880e0bbf82a8cf818ed46ba03cf0fc6c898e36fca36cc7fdb1d2db7503634430"}, - {NID_X9_62_prime256v1, NID_sha256, - "f8248ad47d97c18c984f1f5c10950dc1404713c56b6ea397e01e6dd925e903b4fadfe2c9" - "e877169e71ce3c7fe5ce70ee4255d9cdc26f6943bf48687874de64f6cf30a012512e787b" - "88059bbf561162bdcc23a3742c835ac144cc14167b1bd6727e940540a9c99f3cbb41fb1d" - "cb00d76dda04995847c657f4c19d303eb09eb48a", - "b20d705d9bd7c2b8dc60393a5357f632990e599a0975573ac67fd89b49187906", - "0451f99d2d52d4a6e734484a018b7ca2f895c2929b6754a3a03224d07ae61166ce4737da" - "963c6ef7247fb88d19f9b0c667cac7fe12837fdab88c66f10d3c14cad1", - "72b656f6b35b9ccbc712c9f1f3b1a14cbbebaec41c4bca8da18f492a062d6f6f", - "9886ae46c1415c3bc959e82b760ad760aab66885a84e620aa339fdf102465c42", - "2bf3a80bc04faa35ebecc0f4864ac02d349f6f126e0f988501b8d3075409a26c"}, - {NID_X9_62_prime256v1, NID_sha256, - "3b6ee2425940b3d240d35b97b6dcd61ed3423d8e71a0ada35d47b322d17b35ea0472f35e" - "dd1d252f87b8b65ef4b716669fc9ac28b00d34a9d66ad118c9d94e7f46d0b4f6c2b2d339" - "fd6bcd351241a387cc82609057048c12c4ec3d85c661975c45b300cb96930d89370a327c" - "98b67defaa89497aa8ef994c77f1130f752f94a4", - "d4234bebfbc821050341a37e1240efe5e33763cbbb2ef76a1c79e24724e5a5e7", - "048fb287f0202ad57ae841aea35f29b2e1d53e196d0ddd9aec24813d64c0922fb71f6daf" - "f1aa2dd2d6d3741623eecb5e7b612997a1039aab2e5cf2de969cfea573", - "d926fe10f1bfd9855610f4f5a3d666b1a149344057e35537373372ead8b1a778", - "490efd106be11fc365c7467eb89b8d39e15d65175356775deab211163c2504cb", - "644300fc0da4d40fb8c6ead510d14f0bd4e1321a469e9c0a581464c7186b7aa7"}, - {NID_X9_62_prime256v1, NID_sha256, - "c5204b81ec0a4df5b7e9fda3dc245f98082ae7f4efe81998dcaa286bd4507ca840a53d21" - "b01e904f55e38f78c3757d5a5a4a44b1d5d4e480be3afb5b394a5d2840af42b1b4083d40" - "afbfe22d702f370d32dbfd392e128ea4724d66a3701da41ae2f03bb4d91bb946c7969404" - "cb544f71eb7a49eb4c4ec55799bda1eb545143a7", - "b58f5211dff440626bb56d0ad483193d606cf21f36d9830543327292f4d25d8c", - "0468229b48c2fe19d3db034e4c15077eb7471a66031f28a980821873915298ba76303e8e" - "e3742a893f78b810991da697083dd8f11128c47651c27a56740a80c24c", - "e158bf4a2d19a99149d9cdb879294ccb7aaeae03d75ddd616ef8ae51a6dc1071", - "e67a9717ccf96841489d6541f4f6adb12d17b59a6bef847b6183b8fcf16a32eb", - "9ae6ba6d637706849a6a9fc388cf0232d85c26ea0d1fe7437adb48de58364333"}, - {NID_X9_62_prime256v1, NID_sha256, - "72e81fe221fb402148d8b7ab03549f1180bcc03d41ca59d7653801f0ba853add1f6d29ed" - "d7f9abc621b2d548f8dbf8979bd16608d2d8fc3260b4ebc0dd42482481d548c7075711b5" - "759649c41f439fad69954956c9326841ea6492956829f9e0dc789f73633b40f6ac77bcae" - "6dfc7930cfe89e526d1684365c5b0be2437fdb01", - "54c066711cdb061eda07e5275f7e95a9962c6764b84f6f1f3ab5a588e0a2afb1", - "040a7dbb8bf50cb605eb2268b081f26d6b08e012f952c4b70a5a1e6e7d46af98bbf26dd7" - "d799930062480849962ccf5004edcfd307c044f4e8f667c9baa834eeae", - "646fe933e96c3b8f9f507498e907fdd201f08478d0202c752a7c2cfebf4d061a", - "b53ce4da1aa7c0dc77a1896ab716b921499aed78df725b1504aba1597ba0c64b", - "d7c246dc7ad0e67700c373edcfdd1c0a0495fc954549ad579df6ed1438840851"}, - {NID_X9_62_prime256v1, NID_sha256, - "21188c3edd5de088dacc1076b9e1bcecd79de1003c2414c3866173054dc82dde85169baa" - "77993adb20c269f60a5226111828578bcc7c29e6e8d2dae81806152c8ba0c6ada1986a19" - "83ebeec1473a73a04795b6319d48662d40881c1723a706f516fe75300f92408aa1dc6ae4" - "288d2046f23c1aa2e54b7fb6448a0da922bd7f34", - "34fa4682bf6cb5b16783adcd18f0e6879b92185f76d7c920409f904f522db4b1", - "04105d22d9c626520faca13e7ced382dcbe93498315f00cc0ac39c4821d0d737376c47f3" - "cbbfa97dfcebe16270b8c7d5d3a5900b888c42520d751e8faf3b401ef4", - "a6f463ee72c9492bc792fe98163112837aebd07bab7a84aaed05be64db3086f4", - "542c40a18140a6266d6f0286e24e9a7bad7650e72ef0e2131e629c076d962663", - "4f7f65305e24a6bbb5cff714ba8f5a2cee5bdc89ba8d75dcbf21966ce38eb66f"}, - {NID_X9_62_prime256v1, NID_sha384, - "e0b8596b375f3306bbc6e77a0b42f7469d7e83635990e74aa6d713594a3a24498feff500" - "6790742d9c2e9b47d714bee932435db747c6e733e3d8de41f2f91311f2e9fd8e02565163" - "1ffd84f66732d3473fbd1627e63dc7194048ebec93c95c159b5039ab5e79e42c80b484a9" - "43f125de3da1e04e5bf9c16671ad55a1117d3306", - "b6faf2c8922235c589c27368a3b3e6e2f42eb6073bf9507f19eed0746c79dced", - "04e0e7b99bc62d8dd67883e39ed9fa0657789c5ff556cc1fd8dd1e2a55e9e3f24363fbfd" - "0232b95578075c903a4dbf85ad58f8350516e1ec89b0ee1f5e1362da69", - "9980b9cdfcef3ab8e219b9827ed6afdd4dbf20bd927e9cd01f15762703487007", - "f5087878e212b703578f5c66f434883f3ef414dc23e2e8d8ab6a8d159ed5ad83", - "306b4c6c20213707982dffbb30fba99b96e792163dd59dbe606e734328dd7c8a"}, - {NID_X9_62_prime256v1, NID_sha384, - "099a0131179fff4c6928e49886d2fdb3a9f239b7dd5fa828a52cbbe3fcfabecfbba3e192" - "159b887b5d13aa1e14e6a07ccbb21f6ad8b7e88fee6bea9b86dea40ffb962f38554056fb" - "7c5bb486418915f7e7e9b9033fe3baaf9a069db98bc02fa8af3d3d1859a11375d6f98aa2" - "ce632606d0800dff7f55b40f971a8586ed6b39e9", - "118958fd0ff0f0b0ed11d3cf8fa664bc17cdb5fed1f4a8fc52d0b1ae30412181", - "04afda82260c9f42122a3f11c6058839488f6d7977f6f2a263c67d06e27ea2c3550ae2bb" - "dd2207c590332c5bfeb4c8b5b16622134bd4dc55382ae806435468058b", - "23129a99eeda3d99a44a5778a46e8e7568b91c31fb7a8628c5d9820d4bed4a6b", - "e446600cab1286ebc3bb332012a2f5cc33b0a5ef7291d5a62a84de5969d77946", - "cf89b12793ee1792eb26283b48fa0bdcb45ae6f6ad4b02564bf786bb97057d5a"}, - {NID_X9_62_prime256v1, NID_sha384, - "0fbc07ea947c946bea26afa10c51511039b94ddbc4e2e4184ca3559260da24a14522d149" - "7ca5e77a5d1a8e86583aeea1f5d4ff9b04a6aa0de79cd88fdb85e01f171143535f2f7c23" - "b050289d7e05cebccdd131888572534bae0061bdcc3015206b9270b0d5af9f1da2f9de91" - "772d178a632c3261a1e7b3fb255608b3801962f9", - "3e647357cd5b754fad0fdb876eaf9b1abd7b60536f383c81ce5745ec80826431", - "04702b2c94d039e590dd5c8f9736e753cf5824aacf33ee3de74fe1f5f7c858d5ed0c2889" - "4e907af99fb0d18c9e98f19ac80dd77abfa4bebe45055c0857b82a0f4d", - "9beab7722f0bcb468e5f234e074170a60225255de494108459abdf603c6e8b35", - "c4021fb7185a07096547af1fb06932e37cf8bd90cf593dea48d48614fa237e5e", - "7fb45d09e2172bec8d3e330aa06c43fbb5f625525485234e7714b7f6e92ba8f1"}, - {NID_X9_62_prime256v1, NID_sha384, - "1e38d750d936d8522e9db1873fb4996bef97f8da3c6674a1223d29263f1234a90b751785" - "316444e9ba698bc8ab6cd010638d182c9adad4e334b2bd7529f0ae8e9a52ad60f59804b2" - "d780ed52bdd33b0bf5400147c28b4304e5e3434505ae7ce30d4b239e7e6f0ecf058badd5" - "b388eddbad64d24d2430dd04b4ddee98f972988f", - "76c17c2efc99891f3697ba4d71850e5816a1b65562cc39a13da4b6da9051b0fd", - "04d12512e934c367e4c4384dbd010e93416840288a0ba00b299b4e7c0d91578b57ebf883" - "5661d9b578f18d14ae4acf9c357c0dc8b7112fc32824a685ed72754e23", - "77cffa6f9a73904306f9fcd3f6bbb37f52d71e39931bb4aec28f9b076e436ccf", - "4d5a9d95b0f09ce8704b0f457b39059ee606092310df65d3f8ae7a2a424cf232", - "7d3c014ca470a73cef1d1da86f2a541148ad542fbccaf9149d1b0b030441a7eb"}, - {NID_X9_62_prime256v1, NID_sha384, - "abcf0e0f046b2e0672d1cc6c0a114905627cbbdefdf9752f0c31660aa95f2d0ede72d179" - "19a9e9b1add3213164e0c9b5ae3c76f1a2f79d3eeb444e6741521019d8bd5ca391b28c10" - "63347f07afcfbb705be4b52261c19ebaf1d6f054a74d86fb5d091fa7f229450996b76f0a" - "da5f977b09b58488eebfb5f5e9539a8fd89662ab", - "67b9dea6a575b5103999efffce29cca688c781782a41129fdecbce76608174de", - "04b4238b029fc0b7d9a5286d8c29b6f3d5a569e9108d44d889cd795c4a385905be8cb3ff" - "f8f6cca7187c6a9ad0a2b1d9f40ae01b32a7e8f8c4ca75d71a1fffb309", - "d02617f26ede3584f0afcfc89554cdfb2ae188c192092fdde3436335fafe43f1", - "26fd9147d0c86440689ff2d75569795650140506970791c90ace0924b44f1586", - "00a34b00c20a8099df4b0a757cbef8fea1cb3ea7ced5fbf7e987f70b25ee6d4f"}, - {NID_X9_62_prime256v1, NID_sha384, - "dc3d4884c741a4a687593c79fb4e35c5c13c781dca16db561d7e393577f7b62ca41a6e25" - "9fc1fb8d0c4e1e062517a0fdf95558b7799f20c211796167953e6372c11829beec64869d" - "67bf3ee1f1455dd87acfbdbcc597056e7fb347a17688ad32fda7ccc3572da7677d7255c2" - "61738f07763cd45973c728c6e9adbeecadc3d961", - "ecf644ea9b6c3a04fdfe2de4fdcb55fdcdfcf738c0b3176575fa91515194b566", - "04c3bdc7c795ec94620a2cfff614c13a3390a5e86c892e53a24d3ed22228bc85bf70480f" - "c5cf4aacd73e24618b61b5c56c1ced8c4f1b869580ea538e68c7a61ca3", - "53291d51f68d9a12d1dcdc58892b2f786cc15f631f16997d2a49bace513557d4", - "a860c8b286edf973ce4ce4cf6e70dc9bbf3818c36c023a845677a9963705df8b", - "5630f986b1c45e36e127dd7932221c4272a8cc6e255e89f0f0ca4ec3a9f76494"}, - {NID_X9_62_prime256v1, NID_sha384, - "719bf1911ae5b5e08f1d97b92a5089c0ab9d6f1c175ac7199086aeeaa416a17e6d6f8486" - "c711d386f284f096296689a54d330c8efb0f5fa1c5ba128d3234a3da856c2a94667ef710" - "3616a64c913135f4e1dc50e38daa60610f732ad1bedfcc396f87169392520314a6b6b9af" - "6793dbabad4599525228cc7c9c32c4d8e097ddf6", - "4961485cbc978f8456ec5ac7cfc9f7d9298f99415ecae69c8491b258c029bfee", - "048d40bf2299e05d758d421972e81cfb0cce68b949240dc30f315836acc70bef035674e6" - "f77f8b46f46cca937d83b128dffbe9bd7e0d3d08aa2cbbfdfb16f72c9a", - "373a825b5a74b7b9e02f8d4d876b577b4c3984168d704ba9f95b19c05ed590af", - "ef6fb386ad044b63feb7445fa16b10319018e9cea9ef42bca83bdad01992234a", - "ac1f42f652eb1786e57be01d847c81f7efa072ba566d4583af4f1551a3f76c65"}, - {NID_X9_62_prime256v1, NID_sha384, - "7cf19f4c851e97c5bca11a39f0074c3b7bd3274e7dd75d0447b7b84995dfc9f716bf08c2" - "5347f56fcc5e5149cb3f9cfb39d408ace5a5c47e75f7a827fa0bb9921bb5b23a6053dbe1" - "fa2bba341ac874d9b1333fc4dc224854949f5c8d8a5fedd02fb26fdfcd3be351aec0fcbe" - "f18972956c6ec0effaf057eb4420b6d28e0c008c", - "587907e7f215cf0d2cb2c9e6963d45b6e535ed426c828a6ea2fb637cca4c5cbd", - "04660da45c413cc9c9526202c16b402af602d30daaa7c342f1e722f15199407f31e6f8cb" - "b06913cc718f2d69ba2fb3137f04a41c27c676d1a80fbf30ea3ca46439", - "6b8eb7c0d8af9456b95dd70561a0e902863e6dfa1c28d0fd4a0509f1c2a647b2", - "08fabf9b57de81875bfa7a4118e3e44cfb38ec6a9b2014940207ba3b1c583038", - "a58d199b1deba7350616230d867b2747a3459421811c291836abee715b8f67b4"}, - {NID_X9_62_prime256v1, NID_sha384, - "b892ffabb809e98a99b0a79895445fc734fa1b6159f9cddb6d21e510708bdab6076633ac" - "30aaef43db566c0d21f4381db46711fe3812c5ce0fb4a40e3d5d8ab24e4e82d3560c6dc7" - "c37794ee17d4a144065ef99c8d1c88bc22ad8c4c27d85ad518fa5747ae35276fc104829d" - "3f5c72fc2a9ea55a1c3a87007cd133263f79e405", - "24b1e5676d1a9d6b645a984141a157c124531feeb92d915110aef474b1e27666", - "04b4909a5bdf25f7659f4ef35e4b811429fb2c59126e3dad09100b46aea6ebe7a6760ae0" - "15fa6af5c9749c4030fdb5de6e58c6b5b1944829105cf7edf7d3a22cfb", - "88794923d8943b5dbcc7a7a76503880ff7da632b0883aaa60a9fcc71bf880fd6", - "6ec9a340b77fae3c7827fa96d997e92722ff2a928217b6dd3c628f3d49ae4ce6", - "637b54bbcfb7e7d8a41ea317fcfca8ad74eb3bb6b778bc7ef9dec009281976f7"}, - {NID_X9_62_prime256v1, NID_sha384, - "8144e37014c95e13231cbd6fa64772771f93b44e37f7b02f592099cc146343edd4f4ec9f" - "a1bc68d7f2e9ee78fc370443aa2803ff4ca52ee49a2f4daf2c8181ea7b8475b3a0f608fc" - "3279d09e2d057fbe3f2ffbe5133796124781299c6da60cfe7ecea3abc30706ded2cdf18f" - "9d788e59f2c31662df3abe01a9b12304fb8d5c8c", - "bce49c7b03dcdc72393b0a67cf5aa5df870f5aaa6137ada1edc7862e0981ec67", - "04c786d9421d67b72b922cf3def2a25eeb5e73f34543eb50b152e738a98afb0ca5679627" - "1e79e2496f9e74b126b1123a3d067de56b5605d6f51c8f6e1d5bb93aba", - "89e690d78a5e0d2b8ce9f7fcbf34e2605fd9584760fa7729043397612dd21f94", - "07e5054c384839584624e8d730454dc27e673c4a90cbf129d88b91250341854d", - "f7e665b88614d0c5cbb3007cafe713763d81831525971f1747d92e4d1ca263a7"}, - {NID_X9_62_prime256v1, NID_sha384, - "a3683d120807f0a030feed679785326698c3702f1983eaba1b70ddfa7f0b3188060b845e" - "2b67ed57ee68087746710450f7427cb34655d719c0acbc09ac696adb4b22aba1b9322b71" - "11076e67053a55f62b501a4bca0ad9d50a868f51aeeb4ef27823236f5267e8da83e14304" - "7422ce140d66e05e44dc84fb3a4506b2a5d7caa8", - "73188a923bc0b289e81c3db48d826917910f1b957700f8925425c1fb27cabab9", - "0486662c014ab666ee770723be8da38c5cd299efc6480fc6f8c3603438fa8397b9f26b33" - "07a650c3863faaa5f642f3ba1384c3d3a02edd3d48c657c269609cc3fc", - "ec90584ab3b383b590626f36ed4f5110e49888aec7ae7a9c5ea62dd2dc378666", - "13e9ad59112fde3af4163eb5c2400b5e9a602576d5869ac1c569075f08c90ff6", - "708ac65ff2b0baaccc6dd954e2a93df46016bd04457636de06798fcc17f02be5"}, - {NID_X9_62_prime256v1, NID_sha384, - "b1df8051b213fc5f636537e37e212eb20b2423e6467a9c7081336a870e6373fc835899d5" - "9e546c0ac668cc81ce4921e88f42e6da2a109a03b4f4e819a17c955b8d099ec6b282fb49" - "5258dca13ec779c459da909475519a3477223c06b99afbd77f9922e7cbef844b93f3ce5f" - "50db816b2e0d8b1575d2e17a6b8db9111d6da578", - "f637d55763fe819541588e0c603f288a693cc66823c6bb7b8e003bd38580ebce", - "0474a4620c578601475fc169a9b84be613b4a16cb6acab8fd98848a6ec9fbd133d42b9e3" - "5d347c107e63bd55f525f915bcf1e3d2b81d002d3c39acf10fc30645a1", - "4d578f5099636234d9c1d566f1215d5d887ae5d47022be17dbf32a11a03f053b", - "113a933ebc4d94ce1cef781e4829df0c493b0685d39fb2048ce01b21c398dbba", - "3005bd4ec63dbd04ce9ff0c6246ad65d27fcf62edb2b7e461589f9f0e7446ffd"}, - {NID_X9_62_prime256v1, NID_sha384, - "0b918ede985b5c491797d0a81446b2933be312f419b212e3aae9ba5914c00af431747a9d" - "287a7c7761e9bcbc8a12aaf9d4a76d13dad59fc742f8f218ef66eb67035220a07acc1a35" - "7c5b562ecb6b895cf725c4230412fefac72097f2c2b829ed58742d7c327cad0f1058df1b" - "ddd4ae9c6d2aba25480424308684cecd6517cdd8", - "2e357d51517ff93b821f895932fddded8347f32596b812308e6f1baf7dd8a47f", - "047e4078a1d50c669fb2996dd9bacb0c3ac7ede4f58fa0fa1222e78dbf5d1f41860014e4" - "6e90cc171fbb83ea34c6b78202ea8137a7d926f0169147ed5ae3d6596f", - "be522b0940b9a40d84bf790fe6abdc252877e671f2efa63a33a65a512fc2aa5c", - "a26b9ad775ac37ff4c7f042cdc4872c5e4e5e800485f488ddfaaed379f468090", - "f88eae2019bebbba62b453b8ee3472ca5c67c267964cffe0cf2d2933c1723dff"}, - {NID_X9_62_prime256v1, NID_sha384, - "0fab26fde1a4467ca930dbe513ccc3452b70313cccde2994eead2fde85c8da1db84d7d06" - "a024c9e88629d5344224a4eae01b21a2665d5f7f36d5524bf5367d7f8b6a71ea05d413d4" - "afde33777f0a3be49c9e6aa29ea447746a9e77ce27232a550b31dd4e7c9bc8913485f2dc" - "83a56298051c92461fd46b14cc895c300a4fb874", - "77d60cacbbac86ab89009403c97289b5900466856887d3e6112af427f7f0f50b", - "04a62032dfdb87e25ed0c70cad20d927c7effeb2638e6c88ddd670f74df16090e544c5ee" - "2cf740ded468f5d2efe13daa7c5234645a37c073af35330d03a4fed976", - "06c1e692b045f425a21347ecf72833d0242906c7c1094f805566cdcb1256e394", - "eb173b51fb0aec318950d097e7fda5c34e529519631c3e2c9b4550b903da417d", - "ca2c13574bf1b7d56e9dc18315036a31b8bceddf3e2c2902dcb40f0cc9e31b45"}, - {NID_X9_62_prime256v1, NID_sha384, - "7843f157ef8566722a7d69da67de7599ee65cb3975508f70c612b3289190e364141781e0" - "b832f2d9627122742f4b5871ceeafcd09ba5ec90cae6bcc01ae32b50f13f63918dfb5177" - "df9797c6273b92d103c3f7a3fc2050d2b196cc872c57b77f9bdb1782d4195445fcc6236d" - "d8bd14c8bcbc8223a6739f6a17c9a861e8c821a6", - "486854e77962117f49e09378de6c9e3b3522fa752b10b2c810bf48db584d7388", - "04760b5624bd64d19c866e54ccd74ad7f98851afdbc3ddeae3ec2c52a135be9cfafeca15" - "ce9350877102eee0f5af18b2fed89dc86b7df0bf7bc2963c1638e36fe8", - "e4f77c6442eca239b01b0254e11a4182782d96f48ab521cc3d1d68df12b5a41a", - "bdff14e4600309c2c77f79a25963a955b5b500a7b2d34cb172cd6acd52905c7b", - "b0479cdb3df79923ec36a104a129534c5d59f622be7d613aa04530ad2507d3a2"}, - {NID_X9_62_prime256v1, NID_sha512, - "6c8572b6a3a4a9e8e03dbeed99334d41661b8a8417074f335ab1845f6cc852adb8c01d98" - "20fcf8e10699cc827a8fbdca2cbd46cc66e4e6b7ba41ec3efa733587e4a30ec552cd8dda" - "b8163e148e50f4d090782897f3ddac84a41e1fcfe8c56b6152c0097b0d634b41011471ff" - "d004f43eb4aafc038197ec6bae2b4470e869bded", - "9dd0d3a3d514c2a8adb162b81e3adfba3299309f7d2018f607bdb15b1a25f499", - "046b738de3398b6ac57b9591f9d7985dd4f32137ad3460dcf8970c1390cb9eaf8d83bc61" - "e26d2bbbd3cf2d2ab445a2bc4ab5dde41f4a13078fd1d3cc36ab596d57", - "9106192170ccb3c64684d48287bb81bbed51b40d503462c900e5c7aae43e380a", - "275fa760878b4dc05e9d157fedfd8e9b1c9c861222a712748cb4b7754c043fb1", - "699d906bb8435a05345af3b37e3b357786939e94caae257852f0503adb1e0f7e"}, - {NID_X9_62_prime256v1, NID_sha512, - "7e3c8fe162d48cc8c5b11b5e5ebc05ebc45c439bdbc0b0902145921b8383037cb0812222" - "031598cd1a56fa71694fbd304cc62938233465ec39c6e49f57dfe823983b6923c4e86563" - "3949183e6b90e9e06d8275f3907d97967d47b6239fe2847b7d49cf16ba69d2862083cf1b" - "ccf7afe34fdc90e21998964107b64abe6b89d126", - "f9bf909b7973bf0e3dad0e43dcb2d7fa8bda49dbe6e5357f8f0e2bd119be30e6", - "04f2a6674d4e86152a527199bed293fa63acde1b4d8a92b62e552210ba45c38792c72565" - "c24f0eee6a094af341ddd8579747b865f91c8ed5b44cda8a19cc93776f", - "e547791f7185850f03d0c58419648f65b9d29cdc22ed1de2a64280220cfcafba", - "4782903d2aaf8b190dab5cae2223388d2d8bd845b3875d37485c54e1ded1d3d8", - "dfb40e406bfa074f0bf832771b2b9f186e2211f0bca279644a0ca8559acf39da"}, - {NID_X9_62_prime256v1, NID_sha512, - "d5aa8ac9218ca661cd177756af6fbb5a40a3fecfd4eea6d5872fbb9a2884784aa9b5f0c0" - "23a6e0da5cf6364754ee6465b4ee2d0ddc745b02994c98427a213c849537da5a4477b3ab" - "fe02648be67f26e80b56a33150490d062aaac137aa47f11cfeddba855bab9e4e028532a5" - "63326d927f9e6e3292b1fb248ee90b6f429798db", - "724567d21ef682dfc6dc4d46853880cfa86fe6fea0efd51fac456f03c3d36ead", - "0470b877b5e365fcf08140b1eca119baba662879f38e059d074a2cb60b03ea5d395f56f9" - "4d591df40b9f3b8763ac4b3dbe622c956d5bd0c55658b6f46fa3deb201", - "79d6c967ed23c763ece9ca4b026218004c84dc2d4ccc86cf05c5d0f791f6279b", - "2ba2ea2d316f8937f184ad3028e364574d20a202e4e7513d7af57ac2456804d1", - "64fe94968d18c5967c799e0349041b9e40e6c6c92ebb475e80dd82f51cf07320"}, - {NID_X9_62_prime256v1, NID_sha512, - "790b06054afc9c3fc4dfe72df19dd5d68d108cfcfca6212804f6d534fd2fbe489bd8f64b" - "f205ce04bcb50124a12ce5238fc3fe7dd76e6fa640206af52549f133d593a1bfd423ab73" - "7f3326fa79433cde293236f90d4238f0dd38ed69492ddbd9c3eae583b6325a95dec3166f" - "e52b21658293d8c137830ef45297d67813b7a508", - "29c5d54d7d1f099d50f949bfce8d6073dae059c5a19cc70834722f18a7199edd", - "043088d4f45d274cc5f418c8ecc4cbcf96be87491f420250f8cbc01cdf2503ec47634db4" - "8198129237ed068c88ff5809f6211921a6258f548f4b64dd125921b78b", - "0508ad7774908b5705895fda5c3b7a3032bf85dab7232bf981177019f3d76460", - "acd9f3b63626c5f32103e90e1dd1695907b1904aa9b14f2132caef331321971b", - "15c04a8bd6c13ed5e9961814b2f406f064670153e4d5465dcef63c1d9dd52a87"}, - {NID_X9_62_prime256v1, NID_sha512, - "6d549aa87afdb8bfa60d22a68e2783b27e8db46041e4df04be0c261c4734b608a96f198d" - "1cdb8d082ae48579ec9defcf21fbc72803764a58c31e5323d5452b9fb57c8991d3174914" - "0da7ef067b18bf0d7dfbae6eefd0d8064f334bf7e9ec1e028daed4e86e17635ec2e409a3" - "ed1238048a45882c5c57501b314e636b9bc81cbe", - "0d8095da1abba06b0d349c226511f642dabbf1043ad41baa4e14297afe8a3117", - "0475a45758ced45ecf55f755cb56ca2601d794ebeaeb2e6107fe2fc443f580e23c5303d4" - "7d5a75ec821d51a2ee7548448208c699eca0cd89810ffc1aa4faf81ead", - "5165c54def4026ab648f7768c4f1488bcb183f6db7ffe02c7022a529a116482a", - "ebc85fc4176b446b3384ccc62fc2526b45665561a0e7e9404ac376c90e450b59", - "8b2c09428e62c5109d17ed0cf8f9fd7c370d018a2a73f701effc9b17d04852c6"}, - {NID_X9_62_prime256v1, NID_sha512, - "1906e48b7f889ee3ff7ab0807a7aa88f53f4018808870bfed6372a77330c737647961324" - "c2b4d46f6ee8b01190474951a701b048ae86579ff8e3fc889fecf926b17f98958ac7534e" - "6e781ca2db2baa380dec766cfb2a3eca2a9d5818967d64dfab84f768d24ec122eebacaab" - "0a4dc3a75f37331bb1c43dd8966cc09ec4945bbd", - "52fe57da3427b1a75cb816f61c4e8e0e0551b94c01382b1a80837940ed579e61", - "042177e20a2092a46667debdcc21e7e45d6da72f124adecbc5ada6a7bcc7b401d5550e46" - "8f2626070a080afeeb98edd75a721eb773c8e62149f3e903cf9c4d7b61", - "0464fe9674b01ff5bd8be21af3399fad66f90ad30f4e8ee6e2eb9bcccfd5185c", - "f8250f073f34034c1cde58f69a85e2f5a030703ebdd4dbfb98d3b3690db7d114", - "a9e83e05f1d6e0fef782f186bedf43684c825ac480174d48b0e4d31505e27498"}, - {NID_X9_62_prime256v1, NID_sha512, - "7b59fef13daf01afec35dea3276541be681c4916767f34d4e874464d20979863ee77ad0f" - "d1635bcdf93e9f62ed69ae52ec90aab5bbf87f8951213747ccec9f38c775c1df1e9d7f73" - "5c2ce39b42edb3b0c5086247556cfea539995c5d9689765288ec600848ecf085c01ca738" - "bbef11f5d12d4457db988b4add90be00781024ad", - "003d91611445919f59bfe3ca71fe0bfdeb0e39a7195e83ac03a37c7eceef0df2", - "047b9c592f61aae0555855d0b9ebb6fd00fb6746e8842e2523565c858630b9ba00d35b2e" - "168b1875bbc563bea5e8d63c4e38957c774a65e762959a349eaf263ba0", - "ef9df291ea27a4b45708f7608723c27d7d56b7df0599a54bc2c2fabbff373b40", - "66d057fd39958b0e4932bacd70a1769bbadcb62e4470937b45497a3d4500fabb", - "6c853b889e18b5a49ee54b54dd1aaedfdd642e30eba171c5cab677f0df9e7318"}, - {NID_X9_62_prime256v1, NID_sha512, - "041a6767a935dc3d8985eb4e608b0cbfebe7f93789d4200bcfe595277ac2b0f402889b58" - "0b72def5da778a680fd380c955421f626d52dd9a83ea180187b850e1b72a4ec6dd63235e" - "598fd15a9b19f8ce9aec1d23f0bd6ea4d92360d50f951152bc9a01354732ba0cf90aaed3" - "3c307c1de8fa3d14f9489151b8377b57c7215f0b", - "48f13d393899cd835c4193670ec62f28e4c4903e0bbe5817bf0996831a720bb7", - "0482a1a96f4648393c5e42633ecdeb1d8245c78c5ea236b5bab460dedcc8924bc0e8cbf0" - "3c34b5154f876de19f3bb6fd43cd2eabf6e7c95467bcfa8c8fc42d76fd", - "efed736e627899fea944007eea39a4a63c0c2e26491cd12adb546be3e5c68f7d", - "cf7fc24bdaa09ac0cca8497e13298b961380668613c7493954048c06385a7044", - "f38b1c8306cf82ab76ee3a772b14416b49993fe11f986e9b0f0593c52ec91525"}, - {NID_X9_62_prime256v1, NID_sha512, - "7905a9036e022c78b2c9efd40b77b0a194fbc1d45462779b0b76ad30dc52c564e48a493d" - "8249a061e62f26f453ba566538a4d43c64fb9fdbd1f36409316433c6f074e1b47b544a84" - "7de25fc67d81ac801ed9f7371a43da39001c90766f943e629d74d0436ba1240c3d7fab99" - "0d586a6d6ef1771786722df56448815f2feda48f", - "95c99cf9ec26480275f23de419e41bb779590f0eab5cf9095d37dd70cb75e870", - "0442c292b0fbcc9f457ae361d940a9d45ad9427431a105a6e5cd90a345fe3507f7313b08" - "fd2fa351908b3178051ee782cc62b9954ad95d4119aa564900f8ade70c", - "4c08dd0f8b72ae9c674e1e448d4e2afe3a1ee69927fa23bbff3716f0b99553b7", - "f2bc35eb1b8488b9e8d4a1dbb200e1abcb855458e1557dc1bf988278a174eb3b", - "ed9a2ec043a1d578e8eba6f57217976310e8674385ad2da08d6146c629de1cd9"}, - {NID_X9_62_prime256v1, NID_sha512, - "cf25e4642d4f39d15afb7aec79469d82fc9aedb8f89964e79b749a852d931d3743650280" - "4e39555f5a3c75dd958fd5291ada647c1a5e38fe7b1048f16f2b711fdd5d39acc0812ca6" - "5bd50d7f8119f2fd195ab16633503a78ee9102c1f9c4c22568e0b54bd4fa3f5ff7b49160" - "bf23e7e2231b1ebebbdaf0e4a7d4484158a87e07", - "e15e835d0e2217bc7c6f05a498f20af1cd56f2f165c23d225eb3360aa2c5cbcf", - "0489dd22052ec3ab4840206a62f2270c21e7836d1a9109a3407dd0974c7802b9aee91609" - "ba35c7008b080c77a9068d97a14ca77b97299e74945217672b2fd5faf0", - "c9f621441c235fc47ec34eef4c08625df1ec74918e1f86075b753f2589f4c60b", - "a70d1a2d555d599bfb8c9b1f0d43725341151d17a8d0845fa56f3563703528a7", - "4e05c45adf41783e394a5312f86e66871c4be4896948c85966879d5c66d54b37"}, - {NID_X9_62_prime256v1, NID_sha512, - "7562c445b35883cc937be6349b4cefc3556a80255d70f09e28c3f393daac19442a7eeced" - "cdfbe8f7628e30cd8939537ec56d5c9645d43340eb4e78fc5dd4322de8a07966b262770d" - "7ff13a071ff3dce560718e60ed3086b7e0003a6abafe91af90af86733ce8689440bf73d2" - "aa0acfe9776036e877599acbabfcb03bb3b50faa", - "808c08c0d77423a6feaaffc8f98a2948f17726e67c15eeae4e672edbe388f98c", - "04b0c0ad5e1f6001d8e9018ec611b2e3b91923e69fa6c98690ab644d650f640c42610539" - "c0b9ed21ac0a2f27527c1a61d9b47cbf033187b1a6ada006eb5b2662ed", - "1f6d4a905c761a53d54c362976717d0d7fc94d222bb5489e4830080a1a67535d", - "83404dcf8320baf206381800071e6a75160342d19743b4f176960d669dd03d07", - "3f75dcf102008b2989f81683ae45e9f1d4b67a6ef6fd5c8af44828af80e1cfb5"}, - {NID_X9_62_prime256v1, NID_sha512, - "051c2db8e71e44653ea1cb0afc9e0abdf12658e9e761bfb767c20c7ab4adfcb18ed9b5c3" - "72a3ac11d8a43c55f7f99b33355437891686d42362abd71db8b6d84dd694d6982f061217" - "8a937aa934b9ac3c0794c39027bdd767841c4370666c80dbc0f8132ca27474f553d266de" - "efd7c9dbad6d734f9006bb557567701bb7e6a7c9", - "f7c6315f0081acd8f09c7a2c3ec1b7ece20180b0a6365a27dcd8f71b729558f9", - "04250f7112d381c1751860045d9bcaf20dbeb25a001431f96ac6f19109362ffebb49fba9" - "efe73546135a5a31ab3753e247034741ce839d3d94bd73936c4a17e4aa", - "68c299be2c0c6d52d208d5d1a9e0ffa2af19b4833271404e5876e0aa93987866", - "7b195e92d2ba95911cda7570607e112d02a1c847ddaa33924734b51f5d81adab", - "10d9f206755cef70ab5143ac43f3f8d38aea2644f31d52eaf3b472ee816e11e5"}, - {NID_X9_62_prime256v1, NID_sha512, - "4dcb7b62ba31b866fce7c1feedf0be1f67bf611dbc2e2e86f004422f67b3bc1839c6958e" - "b1dc3ead137c3d7f88aa97244577a775c8021b1642a8647bba82871e3c15d0749ed343ea" - "6cad38f123835d8ef66b0719273105e924e8685b65fd5dc430efbc35b05a6097f17ebc59" - "43cdcd9abcba752b7f8f37027409bd6e11cd158f", - "f547735a9409386dbff719ce2dae03c50cb437d6b30cc7fa3ea20d9aec17e5a5", - "044ca87c5845fb04c2f76ae3273073b0523e356a445e4e95737260eba9e2d021db0f8647" - "5d07f82655320fdf2cd8db23b21905b1b1f2f9c48e2df87e24119c4880", - "91bd7d97f7ed3253cedefc144771bb8acbbda6eb24f9d752bbe1dd018e1384c7", - "008c1755d3df81e64e25270dbaa9396641556df7ffc7ac9add6739c382705397", - "77df443c729b039aded5b516b1077fecdd9986402d2c4b01734ba91e055e87fc"}, - {NID_X9_62_prime256v1, NID_sha512, - "efe55737771070d5ac79236b04e3fbaf4f2e9bed187d1930680fcf1aba769674bf426310" - "f21245006f528779347d28b8aeacd2b1d5e3456dcbf188b2be8c07f19219e4067c1e7c97" - "14784285d8bac79a76b56f2e2676ea93994f11eb573af1d03fc8ed1118eafc7f07a82f32" - "63c33eb85e497e18f435d4076a774f42d276c323", - "26a1aa4b927a516b661986895aff58f40b78cc5d0c767eda7eaa3dbb835b5628", - "0428afa3b0f81a0e95ad302f487a9b679fcdef8d3f40236ec4d4dbf4bb0cbba8b2bb4ac1" - "be8405cbae8a553fbc28e29e2e689fabe7def26d653a1dafc023f3cecf", - "f98e1933c7fad4acbe94d95c1b013e1d6931fa8f67e6dbb677b564ef7c3e56ce", - "15a9a5412d6a03edd71b84c121ce9a94cdd166e40da9ce4d79f1afff6a395a53", - "86bbc2b6c63bad706ec0b093578e3f064736ec69c0dba59b9e3e7f73762a4dc3"}, - {NID_X9_62_prime256v1, NID_sha512, - "ea95859cc13cccb37198d919803be89c2ee10befdcaf5d5afa09dcc529d333ae1e4ffd3b" - "d8ba8642203badd7a80a3f77eeee9402eed365d53f05c1a995c536f8236ba6b6ff889739" - "3506660cc8ea82b2163aa6a1855251c87d935e23857fe35b889427b449de7274d7754bde" - "ace960b4303c5dd5f745a5cfd580293d6548c832", - "6a5ca39aae2d45aa331f18a8598a3f2db32781f7c92efd4f64ee3bbe0c4c4e49", - "04c62cc4a39ace01006ad48cf49a3e71466955bbeeca5d318d672695df926b3aa4c85ccf" - "517bf2ebd9ad6a9e99254def0d74d1d2fd611e328b4a3988d4f045fe6f", - "dac00c462bc85bf39c31b5e01df33e2ec1569e6efcb334bf18f0951992ac6160", - "6e7ff8ec7a5c48e0877224a9fa8481283de45fcbee23b4c252b0c622442c26ad", - "3dfac320b9c873318117da6bd856000a392b815659e5aa2a6a1852ccb2501df3"}, - {NID_secp384r1, NID_sha224, - "39f0b25d4c15b09a0692b22fbacbb5f8aee184cb75887e2ebe0cd3be5d3815d29f9b587e" - "10b3168c939054a89df11068e5c3fac21af742bf4c3e9512f5569674e7ad8b39042bcd73" - "e4b7ce3e64fbea1c434ed01ad4ad8b5b569f6a0b9a1144f94097925672e59ba97bc4d33b" - "e2fa21b46c3dadbfb3a1f89afa199d4b44189938", - "0af857beff08046f23b03c4299eda86490393bde88e4f74348886b200555276b93b37d4f" - "6fdec17c0ea581a30c59c727", - "0400ea9d109dbaa3900461a9236453952b1f1c2a5aa12f6d500ac774acdff84ab7cb71a0" - "f91bcd55aaa57cb8b4fbb3087d0fc0e3116c9e94be583b02b21b1eb168d8facf39552793" - "60cbcd86e04ee50751054cfaebcf542538ac113d56ccc38b3e", - "e2f0ce83c5bbef3a6eccd1744f893bb52952475d2531a2854a88ff0aa9b12c65961e2e51" - "7fb334ef40e0c0d7a31ed5f5", - "c36e5f0d3de71411e6e519f63e0f56cff432330a04fefef2993fdb56343e49f2f7db5fca" - "b7728acc1e33d4692553c02e", - "0d4064399d58cd771ab9420d438757f5936c3808e97081e457bc862a0c905295dca60ee9" - "4f4537591c6c7d217453909b"}, - {NID_secp384r1, NID_sha224, - "5a3c80e608ed3ac75a6e45f6e94d374271a6d42b67a481860d5d309cc8b37c79cb61f171" - "6dc8aa84cb309ef9d68eb7fc6cf4b42333f316a5c30e74198c8b340926e340c5de47674a" - "707293c4aa2a1a2274a602f01c26b156e895499c60b38ef53fc2032e7485c168d73700d6" - "fa14232596a0e4997854a0b05d02e351b9d3de96", - "047dd5baab23f439ec23b58b7e6ff4cc37813cccb4ea73bb2308e6b82b3170edfe0e131e" - "ca50841bf1b686e651c57246", - "04de92ff09af2950854a70f2178d2ed50cc7042a7188301a1ea81d9629ad3c29795cb7f0" - "d56630a401e4d6e5bed0068d1e6135adbd8624130735e64e65ecbd43770dcc12b28e737b" - "5ed033666f34c918eb5589508e4a13b9243374a118a628dd0b", - "f3922351d14f1e5af84faab12fe57ded30f185afe5547aeb3061104740ecc42a8df0c27f" - "3877b4d855642b78938c4e05", - "38e181870cb797c1f4e6598cfd032add1cb60447d33473038d06df73919f844eddd16f40" - "f911075f8a4bacc0d924e684", - "a58dd1ca18aa31277de66c30c3bb7a14b53705ce6c547ed2cb0e336f63c42809422efffc" - "c722d1155f2254330a02b278"}, - {NID_secp384r1, NID_sha224, - "e7d974c5dbd3bfb8a2fb92fdd782f997d04be79e9713944ce13c5eb6f75dfdec811b7ee4" - "b3859114b07f263846ae13f795eec8f3cb5b7565baff68e0fdd5e09ba8b176d5a71cb03f" - "bc5546e6937fba560acb4db24bd42de1851432b96e8ca4078313cb849bce29c9d8052586" - "01d67cd0259e255f3048682e8fdbdda3398c3e31", - "54ba9c740535574cebc41ca5dc950629674ee94730353ac521aafd1c342d3f8ac52046ed" - "804264e1440d7fe409c45c83", - "043db95ded500b2506b627270bac75688dd7d44f47029adeff99397ab4b6329a38dbb278" - "a0fc58fe4914e6ae31721a6875049288341553a9ac3dc2d9e18e7a92c43dd3c25ca866f0" - "cb4c68127bef6b0e4ba85713d27d45c7d0dc57e5782a6bf733", - "04324bd078807f6b18507a93ee60da02031717217ee5ce569750737be912be72da087ac0" - "0f50e13fdf7249a6ae33f73e", - "b2752aa7abc1e5a29421c9c76620bcc3049ecc97e6bc39fcca126f505a9a1bfae3bde89f" - "b751a1aa7b66fa8db3891ef0", - "f1c69e6d818ca7ae3a477049b46420cebd910c0a9a477fd1a67a38d628d6edaac123aebf" - "ca67c53a5c80fe454dba7a9d"}, - {NID_secp384r1, NID_sha224, - "a670fda4d1d56c70de1d8680328043b2b7029633caf0ee59ffe1421c914bb937133d5a0f" - "9214846b2e0b350455a74c4ab434c56de65a17139bb8212bf1c76071a37536fa29348f87" - "1dbb26baa92eb93d97e923a6d2ffd9be25cbc33075e494e6db657bd8dc053fe4e17148d8" - "cf6e2058164f2b5766750eb01bbe7b361cdb848c", - "dabe87bbe95499bac23bc83c8b7307fe04be198f00059e2bf67c9611feaffb2c8f274f6a" - "a50eb99c3074186d8067d659", - "04c2aa0a695125279705917e02a4f258cade4c3ff9140a071414babf87764f426f7f36ff" - "da9d5f3394375d24864235476f8f9808da0ce0227cf453f9e456f557db9752e23b45cce4" - "baad5fee3844ddd7e1112bcec01ea9d67c7a76f3535bd0cb58", - "65a0305854033cbc6fe3ca139c40ca354d45801ecb59f4a923c251dc6b25d12d452d99b5" - "d6711fdb5efac812aa464cc4", - "c7fc32997d17ac79baf5789e4503f5f1a8863872bc350a91f12dd3ef8cf78c254e829217" - "809e8e00b6b8d4d85be3f1fd", - "1422e1838a22496df93486bce1142961dbd8478ae844b8dda54e210afdae0d9e930d587c" - "91bb600b0bde7237186d94e6"}, - {NID_secp384r1, NID_sha224, - "7843f918fe2588bcfe756e1f05b491d913523255aa006818be20b676c957f4edb8df863c" - "6f5f8c15b3b80c7a2aa277b70d53f210bdfb856337980c406ea140e439dd321471407f37" - "4f69877b2d82367eed51e3c82c13948616dcb301d0c31f8f0352f2846abd9e72071f446a" - "2f1bd3339a09ae41b84e150fd18f4ba5d3c6bfa0", - "df43107a1deb24d02e31d479087bd669e2bc3e50f1f44b7db9484a7143cdca6a3391bddf" - "ea72dc940dbce8ec5efbd718", - "0476bd4be5d520471162cb5c36f80038301b325f845d9642204a84d78b3e721098932827" - "bf872bde0a9f86383953667d29415116b8b878f896a5aa4dbbdc21076f27135d8bbcaaca" - "02489ef639d742bd63f377da0c8e8ab36ff19b4a7cc5d4ceb4", - "798abad5a30d1805794540057388ee05e2422901c6335f985b9d4447b3ef75524751abfe" - "ab6409ad6bf77d4ae3014558", - "98744e5c6742fa5118a74a70db4957647a3cc12add4e876b45974a6a8707809f871daadb" - "fc0b865e01624f706b65f10c", - "9e256e8da8eff5a0c83baaa1ef4f7be798eba9543bf97adb0fff8719f5406ea1207a0cf7" - "03d99aa8f02169724b492273"}, - {NID_secp384r1, NID_sha224, - "caa83d5ab07febbd2e0fe2d63738b9b7b8752594bea7aaf50345b3d2f316653a8c9222f2" - "b7877b64679e9573e81461a426029e45b8873a575094a1d572e0d32a9f0a9c6bcb9a2868" - "543b7d8bbe4a69a09e7321f05f8366cced1b72df526f895b60aed2c39c249653c7839538" - "770d4e5f47d3926ec0d168ab6a1af15bf1dca1f7", - "ea7a563ba2a7f5ab69973dca1f1a0d1572f0c59817cd3b62ad356c2099e2cdca1c553323" - "563f9dfbb333b126d84abc7f", - "04cf4717c5f5de668b785f06bdc9845df5a09e4edd83f4669756407cbb60807305c632bc" - "49f818f4a84b194369aa07736f7391e4982af8a2218f704f627d01f0508bfc8304992a2d" - "598a420bf2eb519f33bd7caf79380793733b3dba0cc5e2b9d8", - "7b9606b3df7b2a340dbc68d9754de0734e1faeb5a0135578a97628d948702235c60b20c8" - "002c8fcf906783e1b389e754", - "0d680010bed373287f9767955b5d2850e150b6713b49e453eb280148e45230c853d99ea2" - "d2f8fcbd3ddcba19aeec0af1", - "64329763a930ab5452afdb0557fef16ff71810d6343dfc9c6ae18905c3d274db6554cdc6" - "9d6078a1ca03284474a94f30"}, - {NID_secp384r1, NID_sha224, - "594603458d6534974aeeafba919c4d0f4cb6843a3af41204bbb88aeb2fca2772d305163d" - "ba863da050aabedbaf89db521955d1715de95bbcef979ecdc0c976181ece00355385f8a8" - "f8cce127c9eac15ce3e958a3ed686184674ec9a50eb63271606ee7fdcb1323da3c3db8e8" - "9cad1fb42139a32d08abcfbf0d4ccfca18c89a86", - "4cc70cb35b3ddeb0df53a6bd7bd05f8ff4392a2db7344f2d443761484b3a468a4ee3d1a8" - "b27113d57283fd18b05f7829", - "0440e1fe21df34bb85a642a0abe819ebd128f7e39b84d8dcc4a9a599b372fb9588da1484" - "600ec28b1297bb685f9ae77831f3aa69ada57879fdcbe8df19cefabc308add7d03b17b1f" - "ac2f7783fece6a8dfe20bc36f518692677d96e3f730a67a671", - "8eda401d98f5688c34d8dbebcd3991c87c0442b0379154eaa2e5287dabe9a9e34cfc1305" - "d11ff68781df25d5611b331d", - "ff2d772786e159448bba26afd8c3281941a4cb0c56fec6f5cccb4c292c4ee0f7af9bd39b" - "be2d88148732585e104fdb30", - "07a1d890770daa949a17797dca7af3e8163da981ec330c03d63d1a8312c152be6a718163" - "205ffa08da7dcc163ba261f4"}, - {NID_secp384r1, NID_sha224, - "733252d2bd35547838be22656cc7aa67eff0af0b13b428f77267a513c6824c3dbae53306" - "8b6817e82665f009560affcfe4b2ddb5b667a644fc1a42d24f24e0947e0dc50fb62c919b" - "c1fe4e7ded5e28f2e6d80fcf66a081fb2763526f8def5a81a4ddd38be0b59ee839da1643" - "eeeaee7b1927cec12cf3da67c02bc5465151e346", - "366d15e4cd7605c71560a418bd0f382fd7cd7ad3090ff1b2dfbed74336166a905e1b760c" - "f0bccee7a0e66c5ebfb831f1", - "04a143f277ab36a10b645ff6c58241ea67ffdc8acf12d60973068390f06b4d8f4d773b10" - "c1ebf6889b1cfa73ebb90f6ca17a17cad29bb507b309021f6f92cb5c10ba535f4a3e317f" - "cc68cfd02d3ccd269f465169c73d30ff308f5350d881b08aec", - "dbe545f920bc3d704c43d834bab21e40df12ec9e16a619a3e6b3f08760c26aae6e4fd91f" - "ad00f745194794b74bb1baee", - "cdc39b12bba30da66fe9554713c05880ddc27afa4d2d151440f124c351fb9496dc950465" - "16b0921083347d64369846ac", - "797d0344e49f9ba87a187c50f664e5015d449e346b1a7bd9427c5be559fc58173651880d" - "5aadf053f81899d3368d6181"}, - {NID_secp384r1, NID_sha224, - "5a182bd174feb038dfae3346267156bf663167f713dea1ce936b0edb815cd9b8c8e4d411" - "c786ba2494a81442617255db7158b142e720d86c9b56680fb9efd4298cdd69079a281534" - "94c42a24251c7ad42ecf7e97eabc1b3997529b2a297cbad2474269b87a0b1e385f2d7f8b" - "6eb8d1cd75eaf7e91d1acbecd45d7b2bfbbe3216", - "e357d869857a52a06e1ece5593d16407022354780eb9a7cb8575cef327f877d22322c006" - "b3c8c11e3d7d296a708bdb6d", - "04ce9a2185a68d6094aa5849a6efe78b349946f7380f0c79aa9664246cfcc71a879e90ad" - "78a0474f58644c6a208168150e8354fa47673cb3e07d446521345706c5515584b2602f92" - "1c3b9c44dded9e2c3f90ce47adb36d7e5f9f95a8c5ad8af397", - "1e77367ac4e10924854d135ad2f2507f39e2bafdbce33ff256bcbe9a7329b8d27185218b" - "cc3550aafbe3390e84c77292", - "df3182d49ad70959fb0c95bc7312750ce70fc87f1a328d39d9b29ac05d31305ce7209d6c" - "24d13225d9567b489f7a187b", - "d812b05abab0e96de13291e1f0da6479444ed5cd9d959b76f6cb43d394769035364f7c83" - "1a104dc7b5bd9b4a8e64df64"}, - {NID_secp384r1, NID_sha224, - "aaa99fb1c71340d785a18f6f668e898c25cf7a0ac31d13c5b388b7233408493a5a109af6" - "d07065376b96f4903df7aba2b2af671a18772bb0472490d1240cde28967680727dd4acd4" - "7e0308920a75da857a6eeedee5b6586d45dff3d8a680599665aa895c89dd7770b824b7de" - "e477ac5e7602d409d3cc553090c970b50811dbab", - "745a18db47324a3710b993d115b2834339315e84e7006eafd889fb49bd3cc5a8b50c9052" - "6e65e6c53bddd2916d14bead", - "04f692578c6f77531210aef55c9e004ce3b66cf268c6900dde31a8bbb76e7562e3fb7624" - "2de34ca330d2501030aa11946640965833b28de926c46de060aa25beaeda98f8415a6b1e" - "3564aa77870cf4c89bd4fde92c8f5d9bf0eb41721586859d8e", - "11b9b36720abcac084efdb44c9f5b7d039e3250cb1e9c47850189ba3cfc1489d858b2a44" - "df357772b61d919c7e729c0f", - "02b252c99820cf50e6ce060ab55bd4f682276e29b4ae4197417432e6a7bfb8cf0bac89df" - "e105456af805d822cee77696", - "8e248bbf7d7028d63177e565c9d1666ee5be4d1ffbfffc9c7814b0cd38f74b98f3f2cd59" - "be42b9f132bfe5ee789cd96c"}, - {NID_secp384r1, NID_sha224, - "1fadfa8254d3a0b82d137cfdd82043d5dc1fef195d5297b09cc5cfb061f59c933451c0dc" - "2a11b4037f34f88dacb803251f8880c4b72585c3c196e6fb23484ca43a191f8e41b9b9a3" - "7e2e6fcaab6738c3c62d1c98e1c620bb788b7b51a04f998a510efdba0d3418622fe8ce20" - "3b3fcd553b9b4206365a39031797ad11e49745ec", - "93f20963ea5011ff4f26481e359309e634195f6289134087bd2e83eee008c962780a6797" - "84ee7ac6acda03d663ed27e0", - "040edcde3533ea019e18f1a3cd97b7962e8823dda36c389f8f9287549f796d11376392b8" - "a01c7a80f127a8f75795e04f5463d7c458dccfc02f5148d755d59f9bbc8e3c3ea3490877" - "7928440747795955741296abcdd5386676419ed8049fedb489", - "3ad308faf04c42ee5ac69d36bc0aa9a96aacf55ea0f27dac4f52e088f023d206340a6324" - "874ffad169ff80624de24c96", - "209b72f9aae72c4339813573c3a8408a9e0be641ca863d81d9d14c48d0bf4cd44a1a7985" - "cff07b5d68f3f9478475645b", - "f6292e599b22a76eda95393cf59f4745fa6c472effd1f781879ad9a4437a98080b0b07da" - "dad0c249631c682d2836a977"}, - {NID_secp384r1, NID_sha224, - "9ecb6f5ed3ba666a8536a81ef65012c2cb8b433508798d84708abb06dfb75503886f7838" - "4fb8c7a4d2d49ef539d9b8a0b60938c7f07471dda91f258b0d99691b38a8403a2bb3f956" - "bdfd09baba16d9b6877097a9b6213481b47a06e139d23ec7abad5668d21f912fdb70d31b" - "b9adf9b3ce80e308252fa81a51674f88d02db72b", - "f175e6ac42fd48ec9d652c10707c039c67c4cc61d8c45a373dcda6e4ca6c53e947e49c24" - "e01b48e7cdf92edfe6d316a1", - "04a40c64f595491ce15790a5a87fbe64c1800247b42acd08fe5257700719f46afc8acce0" - "e4ede0517a312092d5e3d089cdd565df9dc2f381cc0c5d84f382a43a98018524c0b4708a" - "44b3e2817f9719f29fbf9c15803591ed9b4790c5adaba9f433", - "812dcaa6d4f9a43ccc553288065d13761581485aa903a500a690ccafbd330ba4818c977b" - "98c4bb57f8a182a1afacfae9", - "d000f18d3e4c162ff0d16f662e6703e7a6f5bff7a333ed266fa4f44c752415946c34945c" - "342c20f739677186b1d80ab3", - "ae7f1271c89e0aaa238710d039ea73a69110cc28fcf426f2fe6754b63a59e417fa84f903" - "cf7dccb5468b43ff083bbfd5"}, - {NID_secp384r1, NID_sha224, - "e55bfca78d98e68d1b63688db12485578f36c489766f4d0bfaa0088433ff12133aaca455" - "805095f2e655940860958b3ead111d9070778ee3bbf3e47e43d9eba8b8d9b1fdf72f793f" - "cde2bcaa334f3e35fa2cca531ea7cf27fe9ccba741e38ac26129b2d612bf54a34e0ae6c1" - "66c0fef07fcd2b9ac253d7e041a500f7be7b8369", - "46c4f0b228b28aaa0ec8cfdf1d0ed3408b7ae049312fb9eaf5f3892720e68684cc8ad298" - "44a3dc9d110edf6916dfb8bb", - "0413ddec844731b7e30c467451df08ca11d6c581cb64abd8a257671cffd26f5ccad4df7b" - "9ee8924047a88a5d2d7567609cd74ca94f590fd1d13e190cc1e03c3da6c3faab15c7dda0" - "34af3deefee8aeec3628fa8b1978c54cfcd071baa319a46ec0", - "2a9dd520207c40a379cd4036adef9ee60fa8bc8c0d39b3ad91850ac93fd543f218b16885" - "81f23481a090b0e4c73792ac", - "94e08cca20fe3866f643f53ec65faf3f2b4d80cd9bcc8ff8f88bb28da9eada324fc2d048" - "908dd3d08a9e0ebb547731bc", - "8e6f82c4d3069b14f4c844b4ca133a9503493265c9f77a7d4775eda67de76798a23dd7ea" - "48e0ac3c337dd62bf058319d"}, - {NID_secp384r1, NID_sha224, - "02c6b3c83bd34b288d96409162aa4ff114e9d134bf948046eb5ebcc0c7fe9dfceadda83e" - "d69da2fac00c8840f6c702a3fc5e6959d70f7e8af923e99e4937232ae3b841ffefd2e62f" - "ab3671a7c94a0281b8ea5bc176add57c5c9b6893fe7f5d48ce7256b96510810c4e046168" - "a3c5be9843b84d5268a50349b3444341aa5490dd", - "1d7b71ef01d0d33a8513a3aed3cabb83829589c8021087a740ca65b570777089be721a61" - "172b874a22a1f81aef3f8bb6", - "048d2721370df8f097d5a69396249a315f6037dc7045b3da11eacae6d43036f779d5de70" - "53d101768b42cc2b1283a3aaeaa046039ae662141f9954d278183eaa2e03917fe58583e3" - "2d344074d59d60caa5b0949c53066525d5cca923e2f201502e", - "d1b25ad25581cad17e96f1d302251681fee5b2efbb71c3c15ff035b2145d015d18e0e52d" - "c3187ab5a560277b3a3929b0", - "d836f52b14c7391744868daa2d5cf27eb9380b9b6176195573d5b04842e9f2fc3794d6cf" - "877feafee63d11b05f6a6bee", - "8b89042fef2c04d4bd6c9d66a06a010514321d623a5f8d57ba5ac3686872eaabca9e0ba2" - "d058ae7028e870acf03ca32d"}, - {NID_secp384r1, NID_sha224, - "94f8bfbb9dd6c9b6193e84c2023a27dea00fd48356909faec2161972439686c146184f80" - "686bc09e1a698af7df9dea3d24d9e9fd6d7348a146339c839282cf8984345dc6a51096d7" - "4ad238c35233012ad729f262481ec7cd6488f13a6ebac3f3d23438c7ccb5a66e2bf820e9" - "2b71c730bb12fd64ea1770d1f892e5b1e14a9e5c", - "cf53bdd4c91fe5aa4d82f116bd68153c907963fa3c9d478c9462bb03c79039493a8eaeb8" - "55773f2df37e4e551d509dcd", - "043a65b26c08102b44838f8c2327ea080daf1e4fc45bb279ce03af13a2f9575f0fff9e2e" - "4423a58594ce95d1e710b590cefe9dcbcb2ec6e8bd8ed3af3ff0aa619e900cc8bab3f50f" - "6e5f79fac09164fb6a2077cc4f1fed3e9ec6899e91db329bf3", - "df31908c9289d1fe25e055df199591b23e266433ab8657cc82cb3bca96b88720e229f8df" - "d42d8b78af7db69342430bca", - "6770eea9369d6718e60dd0b91aee845ff7ed7e0fcc91675f56d32e5227fd3a4612bbcb15" - "56fe94a989b9e3bcc25bb20e", - "c43072f706c98126d06a82b04251e3ecb0ba66c4bb6cd7c025919b9cc6019cdc635256d2" - "a7fa017b806b1e88649d2c0d"}, - {NID_secp384r1, NID_sha256, - "663b12ebf44b7ed3872b385477381f4b11adeb0aec9e0e2478776313d536376dc8fd5f3c" - "715bb6ddf32c01ee1d6f8b731785732c0d8441df636d8145577e7b3138e43c32a61bc124" - "2e0e73d62d624cdc924856076bdbbf1ec04ad4420732ef0c53d42479a08235fcfc4db4d8" - "69c4eb2828c73928cdc3e3758362d1b770809997", - "c602bc74a34592c311a6569661e0832c84f7207274676cc42a89f058162630184b52f0d9" - "9b855a7783c987476d7f9e6b", - "040400193b21f07cd059826e9453d3e96dd145041c97d49ff6b7047f86bb0b0439e90927" - "4cb9c282bfab88674c0765bc75f70d89c52acbc70468d2c5ae75c76d7f69b76af62dcf95" - "e99eba5dd11adf8f42ec9a425b0c5ec98e2f234a926b82a147", - "c10b5c25c4683d0b7827d0d88697cdc0932496b5299b798c0dd1e7af6cc757ccb30fcd3d" - "36ead4a804877e24f3a32443", - "b11db00cdaf53286d4483f38cd02785948477ed7ebc2ad609054551da0ab0359978c6185" - "1788aa2ec3267946d440e878", - "16007873c5b0604ce68112a8fee973e8e2b6e3319c683a762ff5065a076512d7c98b27e7" - "4b7887671048ac027df8cbf2"}, - {NID_secp384r1, NID_sha256, - "784d7f4686c01bea32cb6cab8c089fb25c341080d9832e04feac6ea63a341079cbd562a7" - "5365c63cf7e63e7e1dddc9e99db75ccee59c5295340c2bba36f457690a8f05c62ab001e3" - "d6b333780117d1456a9c8b27d6c2504db9c1428dad8ba797a4419914fcc636f0f14ede3f" - "ba49b023b12a77a2176b0b8ff55a895dcaf8dbce", - "0287f62a5aa8432ff5e95618ec8f9ccaa870dde99c30b51b7673378efe4ccac598f4bbeb" - "bfd8993f9abb747b6ad638b9", - "04b36418a3014074ec9bbcc6a4b2367a4fb464cca7ec0a324cb68670d5c5e03e7a7eb07d" - "a117c5ea50b665ab62bd02a4914ea299c30e7d76e2c5905babada2d3bb4ee5eb35a5a236" - "05cdb0d5133471a53eb9e6758e49105a4eaf29d2267ba84ef2", - "935eeab3edeb281fbd4eead0d9c0babd4b10ff18a31663ee9de3bfa9ae8f9d266441158e" - "a31c889ded9b3c592da77fd7", - "738f9cb28f3b991335ef17b62559255faf75cad370a222464a492e27bb173c7f16b22100" - "ada6b695875c7e4b1a28f158", - "bc998c30e1491cd5d60dc7d1c38333165efe036b2a78db9b8f0e85ee68619cfba654e11a" - "e5ca5ee5a87099c27cf22442"}, - {NID_secp384r1, NID_sha256, - "45e47fccc5bd6801f237cdbeac8f66ebc75f8b71a6da556d2e002352bd85bf269b6bc7c9" - "28d7bb1b0422601e4dd80b29d5906f8fcac212fe0eaaf52eda552303259cbcbe532e60ab" - "d3d38d786a45e39a2875bce675800a3eaeb9e42983d9fd9031180abd9adccc9ba30c6c19" - "8b4202c4dd70f241e969a3c412724b9b595bc28a", - "d44d3108873977036c9b97e03f914cba2f5775b68c425d550995574081191da764acc501" - "96f6d2508082a150af5cd41f", - "04c703835d723c85c643260379d8445b0c816fe9534351921e14a8e147fe140ec7b0c4d7" - "04f8dc66a232b2333b28f03deec5d0bb054053fd86c26f147c4966757aa04b00513a02d4" - "27b8d06c16055c607955efdc518d338abfe7927c195dc28588", - "c80f63e080650c8a21e4f63a62ec909adfb7d877f365d11ee1cb260baf112eb4730c161c" - "1d99dba98fc0d5bbd00dc97d", - "81de2810cde421997013513951a3d537c51a013110d6dbb29251410bcb5ba001a9686b84" - "90f1e581e282fd2ed0974b22", - "9cab0bbaffe91c7677ec3dd1f17060211a3cc0be574cbca064aa8c4b66ba6e64f3d80e83" - "da895042ca32d311c388d950"}, - {NID_secp384r1, NID_sha256, - "c33ff63b4e6891e00b2349b3f2907c417ca355560544a91e24a7a0ee260d6850aeded29f" - "c0176b6039ca6187e8333391047cceaf14b1077df8f147dad84d36b2dac5666dc2f69dc9" - "b58b88cc73956efdb3b47f91831d5875051c76b0c4e9fc087012a1f03eeee85d6745b46a" - "a50bd9cb0110c2c94508765cec162ee1aa841d73", - "d5b72cbb6ec68aca46b9c27ad992afd8ffa02cb3067b234fcfa6e272e3b31be760695ff7" - "df988b57663057ab19dd65e3", - "04135a6542612f1468d8a4d01ff1914e532b1dd64d3627db9d403dc325651d3f82b0f6f0" - "fd1dbdeca2be967c4fb3793b5fcbbd40f6d3a38d0dfb64582ff4789d7b268241bc0c36de" - "2884bccfaeeff3b7b2b46a30bb35719804e0d11124b4e7f480", - "9da6de7c87c101b68db64fea40d97f8ad974ceb88224c6796c690cbf61b8bd8eede8470b" - "3caf6e6106b66cf3f0eebd55", - "17840911ecdf6ae0428b2634f442163c2c11b8dbf0cc7a5596fbe4d33e3e52f9d99e99ad" - "169867b1f39e89c9180cedc2", - "dd7ed67e480866d0474379ea4afff72870746f4feef2153be42f13bf472b1613d7faa5c0" - "abb7f7464070f94d7cf3f234"}, - {NID_secp384r1, NID_sha256, - "f562f2b9d84b0e96a52532c3b43c39c8018c738bd8dc3797a7de7353971b2729d522d696" - "1b1f2e4df3f6a4bd3653e6d72b74fc0dba92ab939c4b542e994e5db6dd8ed4f56f651e69" - "9052e791237ae1f552f990ad156226ae8f7bf17fcbfa564f749604f97e9df0879d509857" - "47d981422a23040fe52f5ec74caf1d4aaad8a710", - "218ee54a71ef2ccf012aca231fee28a2c665fc395ff5cd20bde9b8df598c282664abf915" - "9c5b3923132983f945056d93", - "0401989ff07a7a452d8084937448be946bfedac4049cea34b3db6f7c91d07d69e926cce0" - "af3d6e88855a28120cf3dba8dfeb064e029d7539d4b301aabafe8de8870162deffe6383b" - "c63cc005add6ee1d5ced4a5761219c60cd58ad5b2a7c74aaa9", - "c5d39b436d851d94691f5f4aa9ef447f7989d984f279ae8b091aef5449ac062bcc056774" - "0f914624ad5b99fc32f9af0b", - "07d5b1b12877e8cb5e0aa5e71eeeb17bf0aa203064c7e98b3a1798a74dc9717252dc47c7" - "f06aaf1d5fe15b868323bbb9", - "69428cf101a7af5d08161a9fd7af212e02e33b6062aebdce4c96bf3a0684b5394cb902ca" - "7c2dec6e2f01f40c4576009d"}, - {NID_secp384r1, NID_sha256, - "ace953ae851f571d71779aa120915f27450b236da23e9106f8d0756abdd2586193794122" - "8d225d5fb1aa1b1ebf759b1e326aeb3b6cd0cd87edd2ab9f6a7ad67b63d2c501d6a550ed" - "b2e7c9d216cc8af78dd33546af64d00abed4d0d2cfc5c9a7b5a055dbe8f7547902d185cf" - "46937314832bc5c602419a82ab83dbd9d3bd5aff", - "e6ab171f6937c000e144950801ad91023ae8e8476856c2592d9f7d5bb7180fd729211803" - "d39a412ead6c0be761cfa5d1", - "0438bc42b8c9d8866d09b214398d584b1b24a488dfacc3420d1e9506aa825b19fdf1ba74" - "e7b8f547f47b571467fe8c4d1f5179d62668d3f6a7ab5c8e3761a685e12008fb87d0529a" - "97645f65cfb5364376c1b6682e0ffcddd0bcd995c41d013ad3", - "05e9718aea9669c9e434f73866da5f252dec6d24c47a1c4ee3233450b6ec626de9746ebe" - "095b285558dfc89fc1b622fe", - "df9bab9dd1f22ec6f27116f38831cb2089aa78aa8c073024a0faddd9a48e810a5e8e2cad" - "d80fbf8dbd6088c71fe30b5b", - "1e0e8718567d12d18558c57f9e87a755c309e4ffb497335a3adfc8d7475ce8fd882d5dc3" - "3a8f5a16274b7ad74bb7862a"}, - {NID_secp384r1, NID_sha256, - "9635ab832240be95301bedb94c5aec169eedc198cbbdfedcf41e9b586143d829b4597a6b" - "2a81902828332825fd84a785f187a3894e21bd99d22c4f94dcf34453fc052f15ec64d144" - "7c932cb38fcdd30b7be851963409c11881438cbaad7e96f9efbde317f2235d66af804477" - "a5dfe9f0c51448383830050ecf228889f83631e1", - "14acd516c7198798fd42ab0684d18df1cd1c99e304312752b3035bed6535a8975dff8acf" - "c2ba1675787c817b5bff6960", - "0429909d143cf7ee9c74b11d52f1a8f3ebd4a720c135612ca5618d3f432f03a95602ee75" - "a2057e1d7aab51d0648ac0b334404b6c5adffbadfa1b0380ae89fed96ec1ca16cc28661e" - "623d0f1c8b130fbaa96dd7257eae2bf03c2d3dcbc3dbc82c58", - "7f623c103eaa9099a0462e55f80519c565adaeffcb57a29993f3a8a92e63a560be8f0fb9" - "d23dc80bff1064bb41abad79", - "932ab291950c16b2b19a8036cd2e905714c6229cb190a73b3ea49c48dd8e76063a453c7c" - "3267a57597d2973678216296", - "d17d4c5ddbb9c27beebf526f113b416c8abfad53d11c4224813c7f351ba41a77dd4e77d6" - "e4a65bef2c9f62cc37a469a5"}, - {NID_secp384r1, NID_sha256, - "d98b9a7d4fe9d0fd95de5056af164a8b7882cd34ab5bde83a2abb32dc361eb56a479a3a6" - "119db3b91dcad26a42d2206749567f0d97c34a981a91fc734921821a429f6a53401743a5" - "c406ba9d560f956203abc9d1f32f1a13e7d7b290f75c95fdbf857ea597021461c06a3aac" - "fa554ede3d69e4ff03bbbee5b7463ec77de2b3b2", - "2e780550984f3a00cb1e412429b33493c6eb6cd86d12f9d80588c247dcf567bd04296d2d" - "4b24b889d9c54954b7f38f57", - "0437dac42ef04663238443ef33e8addee2e78c40d50a1751913a7f5c37d1f23a26c7f86e" - "16055c788b8ca9554f06b2f2efbbed1549652904e3d00c39b01cc0460dbaf3185e6190c2" - "705677a9701de1fe56dff4f4d8418ee15059ff8fc36800982d", - "b788ca82811b0d4e4841765c71eafaa1e575378beedcd3860d8b92db3d070ac5aef7c425" - "067860fbee6c50cf0c642bbb", - "7292b3851870daeb2555a8a2fb198ead78739fcfb75327e5c32a82c6b77d58983e5ad548" - "ccb75dcf9411039c9576d9b9", - "a378c61802d9f1dd062b6e18f16416a954018f77df4df95ad1b983570377d5cfce4cc786" - "1759e802c52f81abc4f49aac"}, - {NID_secp384r1, NID_sha256, - "1b4c754ac1c28dc415a71eac816bde68de7e8db66409af835838c5bb2c605111108a3bf1" - "3606ed5d8ade5ed72e50503e0de664416393d178ea4eec834d8d6f15039847b410080fd5" - "529b426e5aadd8451c20ebd92d787921f33e147bcbeb327b104d4aab1157fc1df33e4d76" - "8404b5ccb7110055c2508c600f429fd0c21b5784", - "a24d0fe90808aecc5d90626d7e6da7c9be5dfd4e1233c7f0f71f1b7c1c6fd318fafe1855" - "9c94718f044cf02ed5107cb1", - "04ec8ae1fb9bb88589d27d6f27d790392853396f37bc0c381631d85800fc668eea0886bf" - "1c6cff801147df19778d5b16041e1a8336c1e2506f8ee388b55cc648ae73b9295ea78467" - "979d2affb364536fad28120f51ec62a67cbb6ce7784780389f", - "755d025509b73cf1ea8817beb772ad150b4c17a52378be187daffe3db0158921e5e552d1" - "ca3c85df28519939f3cb794d", - "23ff2ffa62bbd427d49995d9c9950116e0d5a06ef076a4553448bc109e6482c5e87d4c83" - "3bc88de0bc722bc98cae2e61", - "9aea13d487c3ea6917e16374caafcf0321c12a80d28902dd8cd81909bb04b8c439e2491e" - "504756742d0d0bfb15a9c34c"}, - {NID_secp384r1, NID_sha256, - "3cd8c053741dd9f974c6c5dbf8a1e5728e9b5eafb1cbcfc3452f5fbbda32a8c7564dee15" - "7e8d902c52514361da6d972934a56b3276e2a9379e328e24282e0db697c5bc29090fc489" - "ec46b7b188325dd4e96494c250de0f4a89fe2ccf919eaefcfb50c288113e6df92714feb7" - "f46e0822478c796d0f4ff3447a32997e892693ce", - "1c172e25732555afee7ded67a496f3f11babc0875898619f4519c29321e201e8ba1149f2" - "c20b48e5efba235d58fea7c3", - "0413e9e2c8bbcfe26e8f5f43c86268c5980ee693236a6b8777f3a7323718baa21005b482" - "d08aafc6fa6e3667d91353544c9ba181b3ee505be030f87ecd249b00670a791489b42af0" - "4976013483ff95b630c91c01e95757e906129f2f9b4ce719a8", - "08aec9a9e58bdc028805eb5dc86073d05fff1f5fb3fd17f510fc08f9272d84ba7aa66b6f" - "77d84fe6360bd538192bf01a", - "2b4337c3dfbc886ffad7858ae2480cb62227e12205a70361c42f1a5ca9e658ee30fc3cf4" - "030d85bd065edad83b99821f", - "2550cef8574bf17fb3d6b0c9d04ab266962bac3621bac233ff2e4989712d2a4a07171c0a" - "ebd3040cd6a32c3bd3efb8b5"}, - {NID_secp384r1, NID_sha256, - "ed955dda6d9650124804d3deb6aeef900e520faf98b1ef6f14efcada7ca2433f09329b70" - "897305e59c89024d76e466b28fe02cb2a9b12e2478c66470259d7c282137a19e5a04ffad" - "ea55245c0f34a681593fedc42931d8b3321b3d82e9cc102cd00540ad311ec7bd8c9d06db" - "21bea4ca3dc74d98931ae0d40494aefc2345132c", - "5b96555dbd602e71d4d5d3aee19fd1ea084ee23d4f55c10937056762bc2015cbded2e898" - "a487f5482ab7e1e971245907", - "046e14c17bb831b0112d7f3543c5fd17c78379a516c9e0539b03b8b4bfdead2820343fc8" - "4b0382807573ded6c4d97b70037f60021d2de77546db666721c9aec84c3e2ba8de0ba774" - "43600dc77e6839bbf9316271adb22d4cb47d08f745ecb1dafd", - "7ad6f4ffd2b429ba10c6f112f800cacf1ad508cf8eba880893bb9659c1ddaaec57dcdc09" - "3a114500460d457bdde324f2", - "faea950ca513806bc59028c638d6302ffc86978c3ff1f06db015dd7c4777050186cb8dd8" - "71f5e926e1416539c1939c2f", - "2c592240eabb8a1f9878e1b5c9d5d3ced7b3a7ae571f5a86494ed2ca567a36eb72e7bea8" - "934bded29594bccf67ca84bd"}, - {NID_secp384r1, NID_sha256, - "ce395b001da2a58e49691605d44af4206306f62f561bf2394060d2a5591a350277166bed" - "043819035f1e60b5b3fb5ae113ddd0473f8ef6b2b050c472c2a264e1d8b3ca82a4f158c4" - "0f2d78d9ce5e5ea6de243f2e1f13f47f6c6f403b270912c81c636be35b396ca58468b3fb" - "60aa83911d61441a0528d973bc31f965d4059080", - "8df9c3c710a25192f3dea970910bb3784e3509874cccf4334823eb9f7a8d05b067f2d812" - "d61e878e24b093089a0b8245", - "0492c9e32b20cbe6d4ed0727c6c942cf804a72031d6dfd69078b5e78ebce2d192268f1f5" - "e2abce5aaf1f8d6a35f136837fd5167905fa7689e03b9fb1487c566f62b36f2bc1c4a2bf" - "b6a836113b5c8d46f7c1ca51b628b14397fbc06ec9a07f4849", - "258dd05919735cd48627c9fe9fac5c252604aa7c2ae0460d7c1149cd96b7bd2ba195ad39" - "3bf392a2499f06aead5ba050", - "413793bcce52eda0f5b675a8d687cce86d5c9e1659b38a89e96246b5e05f8b0934d17dbb" - "a3b2ea44c838aa5fd87125d1", - "ce7309fc2d6e3438818a1a29a997410b025b0403de20795b97c86c46034a6b02afeed279" - "aeb06522d4de941bfdf50469"}, - {NID_secp384r1, NID_sha256, - "ffefe316455ae4ffdb890bb804bf7d31424ea060ecacff419d0f7134ff76ad434063c0ec" - "0f8bb7059584d3a03f3625bb9e9f66ace1a47ac4b8f3e76fc7c420c55edb1427d1fa15b3" - "87ad73d02b0595c4e74321be8822752230a0dcfb85d60bfa186da7623a8ec3eb1633f0a2" - "94b23ae87216b14ccee9ef56418dcfab9427371e", - "6002cb01ad2ce6e7101665d47729c863b6435c3875de57a93f99da834f73e3e6e2b3880e" - "06de3e6bd1d51ea1807ab0d7", - "04e4216e1a20af8e8e3e74653ac016545001066e53e64af679ad1c85841bb475aed3e00e" - "ad052ae9955f48d675ff4ace568804c17641be21d4c6386902c9c5c888af25d97ca38370" - "3ea4a85cf93bbab360c0bbd2993374da499a303778650270b9", - "6b9507fd2844df0949f8b67b6fde986e50173713ac03df2edf65cb339859321cd3a2b9aa" - "b8356f95dec62460ab19c822", - "018891f6381ed358b422f79a299cf0789cee783ba388af4d82cbbe17f3709751b7fd9400" - "e9702820c28b9afc62fdf489", - "aef73bd590802b2fd2a65c4f7fec89f9b24ecc199a69254785925f334cd1977c5e1f858b" - "d9830d7d7d243ea707b1af0b"}, - {NID_secp384r1, NID_sha256, - "304bccb718b3a9e12669913490cc5bcc1979287b56c628fad706c354241e88d10e81445a" - "2853e3fc32ece094ba1abc3fdcab61da27f9a0fca739371049fed462ee6b08fa31cde127" - "20f8144a6f00ce9b1a7a6eadd231f126717074b4efb5c72ce673ca5859000a436f67a338" - "d698759f12c461247c45a361fb6cb661fdbe6714", - "d8559c3543afc6f7b3dc037a687bad2630283757ba7862fd23ed14e2151a4cf5fed3d249" - "268f780e0b96b6b46274a2d5", - "045f94223918f2ec9f0a08342cb99e724881c92453957c59672860f69daac01b660331a0" - "f5845e50f1f27766b219c89e7ed76d83396130d10d1168d76c7fc83742ffffbe66d9f4da" - "4ca3f95f5ad6dac8cc7bb65d16d317d37aa99fdbf30ec7439c", - "4ad5a92b5b8e170b71c8a7ed419dc624c7680004562b8d16a37b6e639f581ce81d5f0d98" - "cce44d54c4e7136229148340", - "f7baa6a5488ab462ea59aa31a36402b15880c68110b6069f51ede0c3b52a7b1e5bf926fd" - "be95768931b7d5f87058835c", - "28b1c4ef448a432f7c91b98b0c6471691e888211b6af907369a8930859b8cdb2e94f466a" - "44f4e52f46df9b0d65e35de6"}, - {NID_secp384r1, NID_sha256, - "64f9f05c2805acf59c047b5f5d2e20c39277b6d6380f70f87b72327a76170b872bfe4b25" - "c451602acfb6a631bb885e2655aee8abe44f69c90fb21ffde03cef2a452c468c6369867d" - "fd8aa26ac24e16aa53b292375a8d8fbf988e302bf00088e4c061aa12c421d8fe3cbd7273" - "b0e8993701df1c59431f436a08b8e15bd123d133", - "b9208cbfd186ddfa3efd5b71342ae1efb01a13ebc4c2a992a2cbee7254b7846a4252ece1" - "104b89d13d835911f8511224", - "04166e6d96cb60d916fd19888a2dd945a3306ff0d7b0a5e30729f47d3dac3de2be3fd5cd" - "7437e9a80d6c48cf960d2d36f8e6b2b70f131092ae210f29cc6bad701318bddb31bddf92" - "1695855c6208941100d0cee5d10799f8b835afe3ea510e8229", - "da706ab5f61531f2378b3c0a2b342108cd119eadaa88b859df64923bccfb0ec2393fd312" - "826f65c15a6587d1d460015b", - "d9124c42858080c62400e4d4d8136304e03d910cbe9b9b3487f4d27c7e0540a314d34bef" - "8c850045c8746ca631c11c42", - "bbf6424a3b70166fa799f49e918439d515327039258ef9bd88435a59c9c19659f8ec3c86" - "60720b0c08354ff60e0f5a76"}, - {NID_secp384r1, NID_sha384, - "6b45d88037392e1371d9fd1cd174e9c1838d11c3d6133dc17e65fa0c485dcca9f52d41b6" - "0161246039e42ec784d49400bffdb51459f5de654091301a09378f93464d52118b48d44b" - "30d781eb1dbed09da11fb4c818dbd442d161aba4b9edc79f05e4b7e401651395b53bd8b5" - "bd3f2aaa6a00877fa9b45cadb8e648550b4c6cbe", - "201b432d8df14324182d6261db3e4b3f46a8284482d52e370da41e6cbdf45ec2952f5db7" - "ccbce3bc29449f4fb080ac97", - "04c2b47944fb5de342d03285880177ca5f7d0f2fcad7678cce4229d6e1932fcac11bfc3c" - "3e97d942a3c56bf34123013dbf37257906a8223866eda0743c519616a76a758ae58aee81" - "c5fd35fbf3a855b7754a36d4a0672df95d6c44a81cf7620c2d", - "dcedabf85978e090f733c6e16646fa34df9ded6e5ce28c6676a00f58a25283db8885e16c" - "e5bf97f917c81e1f25c9c771", - "50835a9251bad008106177ef004b091a1e4235cd0da84fff54542b0ed755c1d6f251609d" - "14ecf18f9e1ddfe69b946e32", - "0475f3d30c6463b646e8d3bf2455830314611cbde404be518b14464fdb195fdcc92eb222" - "e61f426a4a592c00a6a89721"}, - {NID_secp384r1, NID_sha384, - "d768f41e6e8ec2125d6cf5786d1ba96668ac6566c5cdbbe407f7f2051f3ad6b1acdbfe13" - "edf0d0a86fa110f405406b69085219b5a234ebdb93153241f785d45811b3540d1c37424c" - "c7194424787a51b79679266484c787fb1ded6d1a26b9567d5ea68f04be416caf3be9bd2c" - "afa208fe2a9e234d3ae557c65d3fe6da4cb48da4", - "23d9f4ea6d87b7d6163d64256e3449255db14786401a51daa7847161bf56d494325ad2ac" - "8ba928394e01061d882c3528", - "045d42d6301c54a438f65970bae2a098cbc567e98840006e356221966c86d82e8eca515b" - "ca850eaa3cd41f175f03a0cbfd4aef5a0ceece95d382bd70ab5ce1cb77408bae42b51a08" - "816d5e5e1d3da8c18fcc95564a752730b0aabea983ccea4e2e", - "67ba379366049008593eac124f59ab017358892ee0c063d38f3758bb849fd25d867c3561" - "563cac1532a323b228dc0890", - "fb318f4cb1276282bb43f733a7fb7c567ce94f4d02924fc758635ab2d1107108bf159b85" - "db080cdc3b30fbb5400016f3", - "588e3d7af5da03eae255ecb1813100d95edc243476b724b22db8e85377660d7645ddc1c2" - "c2ee4eaea8b683dbe22f86ca"}, - {NID_secp384r1, NID_sha384, - "6af6652e92a17b7898e40b6776fabaf0d74cf88d8f0ebfa6088309cbe09fac472eeac2aa" - "8ea96b8c12e993d14c93f8ef4e8b547afe7ae5e4f3973170b35deb3239898918c70c1056" - "332c3f894cd643d2d9b93c2561aac069577bbab45803250a31cd62226cab94d8cba7261d" - "ce9fe88c210c212b54329d76a273522c8ba91ddf", - "b5f670e98d8befc46f6f51fb2997069550c2a52ebfb4e5e25dd905352d9ef89eed5c2ecd" - "16521853aadb1b52b8c42ae6", - "0444ffb2a3a95e12d87c72b5ea0a8a7cb89f56b3bd46342b2303608d7216301c21b5d292" - "1d80b6628dc512ccb84e2fc278e4c1002f1828abaec768cadcb7cf42fbf93b1709ccae6d" - "f5b134c41fae2b9a188bfbe1eccff0bd348517d7227f2071a6", - "229e67638f712f57bea4c2b02279d5ccad1e7c9e201c77f6f01aeb81ea90e62b44b2d210" - "7fd66d35e56608fff65e28e4", - "b11db592e4ebc75b6472b879b1d8ce57452c615aef20f67a280f8bca9b11a30ad4ac9d69" - "541258c7dd5d0b4ab8dd7d49", - "4eb51db8004e46d438359abf060a9444616cb46b4f99c9a05b53ba6df02e914c9c0b6cc3" - "a9791d804d2e4c0984dab1cc"}, - {NID_secp384r1, NID_sha384, - "b96d74b2265dd895d94e25092fb9262dc4f2f7a328a3c0c3da134b2d0a4e2058ca994e34" - "45c5ff4f812738e1b0c0f7a126486942a12e674a21f22d0886d68df2375f41685d694d48" - "7a718024933a7c4306f33f1a4267d469c530b0fed4e7dea520a19dd68bf0203cc87cad65" - "2260ed43b7b23f6ed140d3085875190191a0381a", - "de5975d8932533f092e76295ed6b23f10fc5fba48bfb82c6cc714826baf0126813247f8b" - "d51d5738503654ab22459976", - "04f1fabafc01fec7e96d982528d9ef3a2a18b7fe8ae0fa0673977341c7ae4ae8d8d3d674" - "20343d013a984f5f61da29ae381a31cf902c46343d01b2ebb614bc789c313b5f91f9302a" - "d9418e9c797563e2fa3d44500f47b4e26ad8fdec1a816d1dcf", - "fc5940e661542436f9265c34bce407eff6364bd471aa79b90c906d923e15c9ed96eea4e8" - "6f3238ea86161d13b7d9359d", - "c2fbdd6a56789024082173725d797ef9fd6accb6ae664b7260f9e83cb8ab2490428c8b9c" - "52e153612295432fec4d59cd", - "8056c5bb57f41f73082888b234fcda320a33250b5da012ba1fdb4924355ae679012d81d2" - "c08fc0f8634c708a4833232f"}, - {NID_secp384r1, NID_sha384, - "7cec7480a037ff40c232c1d2d6e8cd4c080bbeecdaf3886fccc9f129bb6d202c316eca76" - "c8ad4e76079afe622f833a16f4907e817260c1fa68b10c7a151a37eb8c036b057ed4652c" - "353db4b4a34b37c9a2b300fb5f5fcfb8aa8adae13db359160f70a9241546140e550af007" - "3468683377e6771b6508327408c245d78911c2cc", - "11e0d470dc31fab0f5722f87b74a6c8d7414115e58ceb38bfcdced367beac3adbf1fe9ba" - "5a04f72e978b1eb54597eabc", - "041950166989164cbfd97968c7e8adb6fbca1873ebef811ea259eb48b7d584627f0e6d6c" - "64defe23cbc95236505a252aa141ef424b5cb076d4e32accd9250ea75fcf4ffd81814040" - "c050d58c0a29b06be11edf67c911b403e418b7277417e52906", - "e56904028226eb04f8d071e3f9cefec91075a81ca0fa87b44cae148fe1ce9827b5d1910d" - "b2336d0eb9813ddba3e4d7b5", - "c38ef30f55624e8935680c29f8c24824877cf48ffc0ef015e62de1068893353030d1193b" - "f9d34237d7ce6ba92c98b0fe", - "651b8c3d5c9d5b936d300802a06d82ad54f7b1ba4327b2f031c0c5b0cb215ad4354edc7f" - "932d934e877dfa1cf51b13fe"}, - {NID_secp384r1, NID_sha384, - "00ce978603229710345c9ad7c1c2dba3596b196528eea25bd822d43ca8f76a024e292177" - "03dd0652c8a615284fc3edcc1c5ad1c8d5a8521c8e104c016a24e50c2e25066dcb56596f" - "913b872767e3627aa3e55ec812e9fdac7c2f1beade83aef093e24c9c953982adf431a776" - "880ae4583be158e11cdab1cbca3ad3a66900213d", - "5c6bbf9fbcbb7b97c9535f57b431ed1ccae1945b7e8a4f1b032016b07810bd24a9e20055" - "c0e9306650df59ef7e2cd8c2", - "042e01c5b59e619e00b79060a1e8ef695472e23bf9a511fc3d5ed77a334a242557098e40" - "972713732c5291c97adf9cf2cf563e3fe4ad807e803b9e961b08da4dde4cea8925649da0" - "d93221ce4cdceabc6a1db7612180a8c6bef3579c65539b97e9", - "03d23f1277b949cb6380211ad9d338e6f76c3eedac95989b91d0243cfb734a54b19bca45" - "a5d13d6a4b9f815d919eea77", - "abab65308f0b79c4f3a9ff28dd490acb0c320434094cef93e75adfe17e5820dc1f77544c" - "faaacdc8cf9ac8b38e174bef", - "11b783d879a6de054b316af7d56e526c3dce96c85289122e3ad927cfa77bfc50b4a96c97" - "f85b1b8221be2df083ff58fb"}, - {NID_secp384r1, NID_sha384, - "54a255c18692c6162a46add176a0ae8361dcb8948f092d8d7bac83e160431794d3b98128" - "49bf1994bcdcfba56e8540c8a9ee5b93414548f2a653191b6bb28bda8dc70d45cc1b92a4" - "89f58a2d54f85766cb3c90de7dd88e690d8ebc9a79987eee1989df35af5e35522f83d85c" - "48dda89863171c8b0bf4853ae28c2ac45c764416", - "ffc7dedeff8343721f72046bc3c126626c177b0e48e247f44fd61f8469d4d5f0a74147fa" - "baa334495cc1f986ebc5f0b1", - "0451c78c979452edd53b563f63eb3e854a5b23e87f1b2103942b65f77d024471f75c8ce1" - "cc0dfef83292b368112aa5126e313e6aaf09caa3ba30f13072b2134878f14a4a01ee8632" - "6cccbff3d079b4df097dc57985e8c8c834a10cb9d766169366", - "c3de91dbe4f777698773da70dd610ef1a7efe4dc00d734399c7dd100728006a502822a5a" - "7ff9129ffd8adf6c1fc1211a", - "f4f477855819ad8b1763f53691b76afbc4a31a638b1e08c293f9bcd55decf797f9913ca1" - "28d4b45b2e2ea3e82c6cf565", - "7c26be29569ef95480a6d0c1af49dc10a51a0a8931345e48c0c39498bfb94d62962980b5" - "6143a7b41a2fddc8794c1b7f"}, - {NID_secp384r1, NID_sha384, - "692a78f90d4f9d5aee5da536314a78d68c1feabbfe5d1ccea7f6059a66c4b310f8051c41" - "1c409ccf6e19a0cbd8b8e100c48317fe8c6d4f8a638b9551ce7ee178020f04f7da3001a0" - "e6855225fb3c9b375e4ed964588a1a41a095f3f476c42d52ffd23ce1702c93b56d4425d3" - "befcf75d0951b6fd5c05b05455bdaf205fe70ca2", - "adca364ef144a21df64b163615e8349cf74ee9dbf728104215c532073a7f74e2f6738577" - "9f7f74ab344cc3c7da061cf6", - "04ef948daae68242330a7358ef73f23b56c07e37126266db3fa6eea233a04a9b3e491523" - "3dd6754427cd4b71b75854077d009453ef1828eaff9e17c856d4fc1895ab60051312c3e1" - "db1e3766566438b2990cbf9945c2545619e3e0145bc6a79004", - "a2da3fae2e6da3cf11b49861afb34fba357fea89f54b35ce5ed7434ae09103fe53e2be75" - "b93fc579fedf919f6d5e407e", - "dda994b9c428b57e9f8bbaebba0d682e3aac6ed828e3a1e99a7fc4c804bff8df151137f5" - "39c7389d80e23d9f3ee497bf", - "a0d6b10ceffd0e1b29cf784476f9173ba6ecd2cfc7929725f2d6e24e0db5a4721683640e" - "aa2bbe151fb57560f9ce594b"}, - {NID_secp384r1, NID_sha384, - "3b309bb912ab2a51681451ed18ad79e95d968abc35423a67036a02af92f575a0c89f1b66" - "8afe22c7037ad1199e757a8f06b281c33e9a40bab69c9874e0bb680b905d909b9dc24a9f" - "e89bb3d7f7d47082b25093c59754f8c19d1f81f30334a8cdd50a3cb72f96d4b3c305e60a" - "439a7e93aeb640dd3c8de37d63c60fb469c2d3ed", - "39bea008ec8a217866dcbdb1b93da34d1d3e851d011df9ef44b7828b3453a54aa70f1df9" - "932170804eacd207e4f7e91d", - "045709ec4305a9c3271c304face6c148142490b827a73a4c17affcfd01fffd7eaa65d2fd" - "edfa2419fc64ed910823513fafb083cda1cf3be6371b6c06e729ea6299213428db571193" - "47247ec1fcd44204386cc0bca3f452d9d864b39efbfc89d6b2", - "3c90cc7b6984056f570542a51cbe497ce4c11aeae8fc35e8fd6a0d9adeb650e8644f9d1d" - "5e4341b5adc81e27f284c08f", - "d13646895afb1bfd1953551bb922809c95ad65d6abe94eb3719c899aa1f6dba6b01222c7" - "f283900fe98628b7597b6ea6", - "4a9a38afda04c0a6b0058943b679bd02205b14d0f3d49b8f31aac289129780cdb1c555de" - "f8c3f9106b478729e0c7efaa"}, - {NID_secp384r1, NID_sha384, - "f072b72b8783289463da118613c43824d11441dba364c289de03ff5fab3a6f60e85957d8" - "ff211f1cb62fa90216fb727106f692e5ae0844b11b710e5a12c69df3ed895b94e8769ecd" - "15ff433762d6e8e94d8e6a72645b213b0231344e2c968056766c5dd6b5a5df41971858b8" - "5e99afbf859400f839b42cd129068efabeea4a26", - "e849cf948b241362e3e20c458b52df044f2a72deb0f41c1bb0673e7c04cdd70811215059" - "032b5ca3cc69c345dcce4cf7", - "0406c037a0cbf43fdf335dff33de06d34348405353f9fdf2ce1361efba30fb204aea9dbd" - "2e30da0a10fd2d876188371be6360d38f3940e34679204b98fbf70b8a4d97f25443e46d0" - "807ab634ed5891ad864dd7703557aa933cd380e26eea662a43", - "32386b2593c85e877b70e5e5495936f65dc49553caef1aa6cc14d9cd370c442a0ccfab4c" - "0da9ec311b67913b1b575a9d", - "5886078d3495767e330c7507b7ca0fa07a50e59912a416d89f0ab1aa4e88153d6eaf0088" - "2d1b4aa64153153352d853b5", - "2cc10023bf1bf8ccfd14b06b82cc2114449a352389c8ff9f6f78cdc4e32bde69f3869da0" - "e17f691b329682ae7a36e1aa"}, - {NID_secp384r1, NID_sha384, - "cf4945350be8133b575c4ad6c9585e0b83ff1ed17989b6cd6c71b41b5264e828b4e11599" - "5b1ae77528e7e9002ac1b5669064442645929f9d7dd70927cb93f95edeb73e8624f4bc89" - "7ec4c2c7581cb626916f29b2d6e6c2fba8c59a71e30754b459d81b912a12798182bcff40" - "19c7bdfe929cc769bcc2414befe7d2906add4271", - "d89607475d509ef23dc9f476eae4280c986de741b63560670fa2bd605f5049f1972792c0" - "413a5b3b4b34e7a38b70b7ca", - "0449a1c631f31cf5c45b2676b1f130cbf9be683d0a50dffae0d147c1e9913ab1090c6529" - "a84f47ddc7cf025921b771355a1e207eece62f2bcc6bdabc1113158145170be97469a290" - "4eaaa93aad85b86a19719207f3e423051f5b9cbbe2754eefcb", - "78613c570c8d33b7dd1bd1561d87e36282e8cf4843e7c344a2b2bb6a0da94756d670eeaf" - "fe434f7ae7c780f7cf05ca08", - "66f92b39aa3f4aeb9e2dc03ac3855406fa3ebbab0a6c88a78d7a03482f0c9868d7b78bc0" - "81ede0947c7f37bf193074ba", - "e5c64ed98d7f3701193f25dd237d59c91c0da6e26215e0889d82e6d3e416693f8d58843c" - "f30ab10ab8d0edd9170b53ad"}, - {NID_secp384r1, NID_sha384, - "d9b5cf0b50416573ff3c63133275a18394dd4326be2041e8d97e6e4e3855a4a177e9d26d" - "fd223fe8aa74564edb49bd72de19916fb6f001f44530d5c18e2c332bce1b7415df5927ec" - "e5f3824f34d174b963136b53aef1fb78fb0c06a201a40b2db38e4d8216fc1e392a798c8a" - "b4b3a314496b7f1087804ebfa89bf96e9cdb80c0", - "083e7152734adf342520ae377087a223688de2899b10cfcb34a0b36bca500a4dfa530e23" - "43e6a39da7ae1eb0862b4a0d", - "0470a0f16b6c61172659b027ed19b18fd8f57bd28dc0501f207bd6b0bb065b5671cf3dd1" - "ed13d388dcf6ccc766597aa6044f845bf01c3c3f6126a7368c3454f51425801ee0b72e63" - "fb6799b4420bfdebe3e37c7246db627cc82c09654979c700bb", - "28096ababe29a075fbdf894709a20d0fdedb01ed3eeacb642a33a0da6aed726e13caf6cf" - "206792ec359f0c9f9b567552", - "ee2923f9b9999ea05b5e57f505bed5c6ba0420def42c6fa90eef7a6ef770786525546de2" - "7cdeb2f8586f8f29fb4ee67c", - "50ef923fb217c4cf65a48b94412fda430fac685f0da7bd574557c6c50f5b22e0c8354d99" - "f2c2f2c2691f252f93c7d84a"}, - {NID_secp384r1, NID_sha384, - "9e4042d8438a405475b7dab1cd783eb6ce1d1bffa46ac9dfda622b23ac31057b922eced8" - "e2ed7b3241efeafd7c9ab372bf16230f7134647f2956fb793989d3c885a5ae064e85ed97" - "1b64f5f561e7ddb79d49aa6ebe727c671c67879b794554c04de0e05d68264855745ef3c9" - "567bd646d5c5f8728b797c181b6b6a876e167663", - "63578d416215aff2cc78f9b926d4c7740a77c142944e104aa7422b19a616898262d46a8a" - "942d5e8d5db135ee8b09a368", - "04cadbacef4406099316db2ce3206adc636c2bb0a835847ed7941efb02862472f3150338" - "f13f4860d47f39b7e098f0a390752ad0f22c9c264336cde11bbc95d1816ed4d1b1500db6" - "b8dce259a42832e613c31178c2c7995206a62e201ba108f570", - "7b69c5d5b4d05c9950dc94c27d58403b4c52c004b80a80418ad3a89aabc5d34f21926729" - "e76afd280cc8ee88c9805a2a", - "db054addb6161ee49c6ce2e4d646d7670754747b6737ca8516e9d1e87859937c3ef9b1d2" - "663e10d7e4bd00ec85b7a97a", - "fcc504e0f00ef29587e4bc22faada4db30e2cb1ac552680a65785ae87beb666c792513f2" - "be7a3180fc544296841a0e27"}, - {NID_secp384r1, NID_sha384, - "0b14a7484a40b68a3ce1273b8a48b8fdb65ba900d98541c4bbd07b97e31bcc4c85545a03" - "e9deab3c563f47a036ff60d0361684ba241b5aa68bb46f440da22181ee328a011de98eff" - "34ba235ec10612b07bdfa6b3dc4ccc5e82d3a8d057e1862fef3def5a1804696f84699fda" - "2ec4175a54a4d08bcb4f0406fdac4eddadf5e29b", - "ed4df19971658b74868800b3b81bc877807743b25c65740f1d6377542afe2c6427612c84" - "0ada31a8eb794718f37c7283", - "0433093a0568757e8b58df5b72ea5fe5bf26e6f7aeb541b4c6a8c189c93721749bcacecc" - "f2982a2f0702586a9f812fc66febe320d09e1f0662189d50b85a20403b821ac0d000afdb" - "f66a0a33f304726c69e354d81c50b94ba3a5250efc31319cd1", - "d9b4cd1bdfa83e608289634dbfcee643f07315baf743fc91922880b55a2feda3b38ddf60" - "40d3ba10985cd1285fc690d5", - "009c74063e206a4259b53decff5445683a03f44fa67252b76bd3581081c714f882f882df" - "915e97dbeab061fa8b3cc4e7", - "d40e09d3468b46699948007e8f59845766dbf694b9c62066890dd055c0cb9a0caf0aa611" - "fb9f466ad0bbb00dbe29d7eb"}, - {NID_secp384r1, NID_sha384, - "0e646c6c3cc0f9fdedef934b7195fe3837836a9f6f263968af95ef84cd035750f3cdb649" - "de745c874a6ef66b3dd83b66068b4335bc0a97184182e3965c722b3b1aee488c3620adb8" - "35a8140e199f4fc83a88b02881816b366a09316e25685217f9221157fc05b2d8d2bc8553" - "72183da7af3f0a14148a09def37a332f8eb40dc9", - "e9c7e9a79618d6ff3274da1abd0ff3ed0ec1ae3b54c3a4fd8d68d98fb04326b7633fc637" - "e0b195228d0edba6bb1468fb", - "04a39ac353ca787982c577aff1e8601ce192aa90fd0de4c0ed627f66a8b6f02ae5131554" - "3f72ffc1c48a7269b25e7c289a9064a507b66b340b6e0e0d5ffaa67dd20e6dafc0ea6a6f" - "aee1635177af256f9108a22e9edf736ab4ae8e96dc207b1fa9", - "b094cb3a5c1440cfab9dc56d0ec2eff00f2110dea203654c70757254aa5912a7e73972e6" - "07459b1f4861e0b08a5cc763", - "ee82c0f90501136eb0dc0e459ad17bf3be1b1c8b8d05c60068a9306a346326ff7344776a" - "95f1f7e2e2cf9477130e735c", - "af10b90f203af23b7500e070536e64629ba19245d6ef39aab57fcdb1b73c4c6bf7070c62" - "63544633d3d358c12a178138"}, - {NID_secp384r1, NID_sha512, - "67d9eb88f289454d61def4764d1573db49b875cfb11e139d7eacc4b7a79d3db3bf720819" - "1b2b2078cbbcc974ec0da1ed5e0c10ec37f6181bf81c0f32972a125df64e3b3e1d838ec7" - "da8dfe0b7fcc911e43159a79c73df5fa252b98790be511d8a732fcbf011aacc7d45d8027" - "d50a347703d613ceda09f650c6104c9459537c8f", - "217afba406d8ab32ee07b0f27eef789fc201d121ffab76c8fbe3c2d352c594909abe591c" - "6f86233992362c9d631baf7c", - "04fb937e4a303617b71b6c1a25f2ac786087328a3e26bdef55e52d46ab5e69e5411bf9fc" - "55f5df9994d2bf82e8f39a153ea97d9075e92fa5bfe67e6ec18e21cc4d11fde59a68aef7" - "2c0e46a28f31a9d60385f41f39da468f4e6c3d3fbac9046765", - "90338a7f6ffce541366ca2987c3b3ca527992d1efcf1dd2723fbd241a24cff19990f2af5" - "fd6419ed2104b4a59b5ae631", - "c269d9c4619aafdf5f4b3100211dddb14693abe25551e04f9499c91152a296d7449c08b3" - "6f87d1e16e8e15fee4a7f5c8", - "77ffed5c61665152d52161dc13ac3fbae5786928a3d736f42d34a9e4d6d4a70a02d5af90" - "fa37a23a318902ae2656c071"}, - {NID_secp384r1, NID_sha512, - "45db86829c363c80160659e3c5c7d7971abb1f6f0d495709bba908d7aa99c9df64b3408a" - "51bd69aba8870e2aaff488ef138f3123cf94391d081f357e21906a4e2f311defe527c55e" - "0231579957c51def507f835cceb466eb2593a509dcbee2f09e0dde6693b2bfe17697c9e8" - "6dd672f5797339cbe9ea8a7c6309b061eca7aef5", - "0a3f45a28a355381a919372f60320d6610cfb69c3e318eb1607db3cadfc42b728b77a6a9" - "e9e333de9183c58933daf60f", - "04832cbb7061a719a316e73dbad348fa67cd17c33f40b9000a3d3b691a2a2cd821052566" - "717c3ead01089b56086af1366f1e15a048d1dce642d9ebcbfac7f92b1bcee90fd0240cc7" - "9abd29e32e0e655c4ee1fd34fb88178bba92aca100e7794ed0", - "2a78e651623ba604c42cf094fc7d046629306f508853427ba091448800d1092c041bb232" - "3035fc9d19a8d44950f7dcc3", - "0db0cc9a2bda8dd7e565ad36f91b1c5756d78164dc8a72a5bee4b6bc45ea38c7a16b01d0" - "5b1893d4e06b62db24c30385", - "abd383edaeda7d0b8de1b54fcd3c28874fed62ab266f1f84c8ba796a7b54e5e0695fdb43" - "ce7fe90ed00fa468d87bca64"}, - {NID_secp384r1, NID_sha512, - "4672fce0721d37c5be166bffa4b30d753bcf104b9b414db994b3ed33f36af4935ea59a0b" - "b92db66448b3f57dad4fc67cef10ce141bf82c536be604b89a0bc0e8bca605b867880049" - "d97142d30538fc543bd9d4fab7fdbe2f703815cdb6361beb66acff764bc275f910d16624" - "45b07b92830db69a5994857f53657ed5ca282648", - "2e408c57921939f0e0fe2e80ce74a4fa4a1b4fa7ab070206298fe894d655be50e2583af9" - "e45544b5d69c73dce8a2c8e7", - "04a2b24a5ad4a2e91f12199ed7699e3f297e27bf8b8ea8fbe7ed28366f3544cd8e680c23" - "8450f8a6422b40829d6647b25c2732be0075536e6519f6a099b975a40f8e0de337fa4d48" - "bd0762b43f41cab8deafdef9cfbb9973e457801e3bf9c93304", - "b10b6258afdde81f9c971cc1526d942e20cafac02f59fee10f98e99b8674636bff1d84a6" - "eaa49c0de8d8cfdc90d8ce84", - "be428a8de89a364a134719141ee8d776a3a8338f1132b07e01b28573d8eaf3b9008b6330" - "4c48821e53638b6141f9660b", - "866181dbef5c147d391bed6adcee408c339982c307adc718c2b9ab9e5642d8dedc36dd64" - "02559a3ab614c99c1e56b529"}, - {NID_secp384r1, NID_sha512, - "9ae48fdd9bfc5cb0f4d4761e28b2073bda05a3e3fe82c212e66701dc4573cc67a829b0f8" - "2d7520b1bf11db0c6d1743822bbe41bb0adbd7222aa5fae70fbd1a31f2d4453a01c81e06" - "4d775388468be96f6063f8673b7b8d4455fe1bd4c801ad5e625a015eaa4a1a18da490d2a" - "f8642201eaba3c611cbd65f861d8e19ca82a1ee6", - "1c285da72a8eb1c3c38faab8d3bb4e68dc95c797082b9a3991a21c1de54759071ecf2265" - "fb1eff504ab24174bc6710cf", - "0411acb1b5cc59a4f1df1913a8d6e91cbdafb8206dc44aff7d9da45906b664fc33194d99" - "35a82aa4d62f39618897c86025832ed0b9575fff52a3603bfe89f312751b4c396da98324" - "117a61b3f525d27b2266f6cfb22be07e50b6874435e380ed62", - "2513075e02cc7fb3cff7b7adde46da31c5493749b5cf02758bd5b098a838bfd4d5e4c7fb" - "8268bdc37e219c30efebe878", - "b3d638b3be45f14f170da5bdc22d2114deac93ab340a25b3af2b5c18584bb9147e00dc6c" - "67a2274f79aa4838793eb63f", - "876112bdca2c725eb2f6dbd76d07710a31f0c16d38430cb0817f320a25a9ecfec8a66137" - "d0304612ae29a6a484fd3319"}, - {NID_secp384r1, NID_sha512, - "817d6a110a8fd0ca7b4d565558f68b59a156744d4c5aac5c6610c95451793de2a756f774" - "558c61d21818d3ebeeeb71d132da1c23a02f4b305eccc5cd46bd21dfc173a8a91098354f" - "10ffbb21bf63d9f4c3feb231c736504549a78fd76d39f3ad35c36178f5c233742d2917d5" - "611d2073124845f1e3615b2ef25199a7a547e882", - "9da37e104938019fbdcf247e3df879a282c45f8fb57e6655e36b47723af42bec3b820f66" - "0436deb3de123a21de0ca37b", - "04722d0ea6891d509b18b85ca56f74deb5c3030d2a30433824123d430d03c99279572c3b" - "28ecf01e747b9db8acc55d0ba37e2605ea7092214f366f3639037bffd89fe103c646e990" - "839d3a1ced8d78edb5b9bc60d834fd8e2a3c17e920bdae023a", - "c8c18e53a9aa5915288c33132bd09323638f7995cd89162073984ed84e72e07a37e18c4c" - "023933eace92c35d10e6b1b6", - "6512a8a2be731e301dcf4803764297862bbfa0ac8daed64d8e98b34618ecb20520fc5d3c" - "f890b7783edf86e7ea407541", - "4ff10301f7b4168fae066361376007c1d7aa89a75c87719d0b54711ffef5ef3726f3eef8" - "4f7ebc025c110bde511b17f6"}, - {NID_secp384r1, NID_sha512, - "464f10ec6fb229a51db5fd0e122f2cb8a9a022117e2987f4007bf5565b2c16aba0714e2e" - "3cdd0c100d55ac3017e36fc7501ad8309ab9572aa65424c9eb2e580a119c55777676ec49" - "8df53ef6ae78fd8a988130ee0e6082bf1ef71cd4c946021018a8ca7154d13b174c638912" - "613b0bdb9001c302bf7e443ad2124ab2c1cce212", - "0661ab3bf9f7bef51bec7dff758de289154557beb9ce18cc4b8cc09a871e8322af259cf1" - "88b593dc62f03a19e75f7f69", - "04b4f100558043858efa728082d9b99ad5192b59b0947434f5ba7ff2514508a6d71ba54e" - "7221c31cb0712103272b3f6fa434f6df4eeb2da11498044635067c2715ed15ae251c78ff" - "b9030d87909ea8539b66394e93109ca54c0406cf99960c3e93", - "84a87137edb6894f96c5a8e94a3765162034feb84dfea94e1c71411170c285a80321ec79" - "99e25861844143209804882c", - "4dc9d1b949b36e3c3847ac1c7ed114e1bc9cbe76119cf6fcd3f1b69ee6ee54e3255f1bb2" - "88fe2f8bd6d4049a21793c27", - "56a561d647b62ccae1e6df818b1a6fbde66c82ef0ff69ee415f183e7daf76be22630c7e0" - "2cd3fd729dfa490f26824584"}, - {NID_secp384r1, NID_sha512, - "4e3e0fb96320ddccde8b463c273654c4f7164920b1d63430921d2e808dee403e6420eedd" - "a0a557b911d00736a4f8798dd4ef26673efd6d190988ad4929ec64f8685cfb76070a36cd" - "6a3a4bf2f54fb08a349d44642b6f614043fef9b2813b63457c76537d23da7b37310334f7" - "ba76edf1999dad86f72aa3446445a65952ac4e50", - "66e7cfdeb7f264cf786e35210f458c32223c3a12a3bc4b63d53a5776bc9b069928452484" - "f6241caa3781fd1a4109d4db", - "043c7682de540ab231daf21bf9fc80bda6abf7e17dcc79d476c7b7c3bd4d42d386877fd8" - "ba495c1b0333e04fb5fd2a15050a1582e4f4d72abea9d3476aff8369c41261f0c5dddf2c" - "a82e10f7a163f73df09473d9e5e2552187104e4cc7c6d83611", - "2fa266f5cce190eb77614933ca6a55121ad8bae168ff7a9043d96d13b5ca2fe70101ff9f" - "e1e2b2cd7413e6aa8f49abde", - "e7ecda9da0c52d0474a9f70094dc8f061d7d6a22210d3b69a7be8f389aa666f256322099" - "b87d16ad35357ea856574dba", - "ba348eb40a2830ec5a1130264ac0a8675420b1ae243e808a778135809ece21f42c0c8811" - "66321102b4f02df4c5c7ed9d"}, - {NID_secp384r1, NID_sha512, - "c466b6b6baf7e6ffa876ec06105e2d43534e0517c07b1c4c9fb67ba81ce09525a7721ec3" - "c290f2b1f65b6463d41598e7a25b2238501629953a5ca955b644354fb6856733a2e5bb8f" - "5bc21a0c803493f5539f9fb83aab3dba2c982989c2270c61ab244b68bfe1b948d00c2ed9" - "75e09c29b5f8a7effcad8652a148cc880d503217", - "92c2f7ee64af86d003ab484e12b82fcf245fc330761057fec5b7af8f7e0a2d85b468c21d" - "171460fcb829cae7b986316d", - "04ca43a306479bf8fb537d4b9ff9d635bbb2a0d60d9e854d5b7e269d09d91f78c6b90b61" - "6e4c931629453645a2bb371e14356c4d7f10e690614eaf7f82ba0f9dc1aad98130c0ad9f" - "e353deec565cc04bef789a0a4242322e0058b46cd02f2de77d", - "6ec81fb74f8725ba225f317264460ee300cfd2f02092000989acbdad4799cf55c244a65c" - "557113328fe20282e6badb55", - "cd7a4309bcebc25a8e10899fe2eda5f8b2dbcf329cd2f3d65befd67393e83fba2f8a67a1" - "5c01a6ac8314f9f5e87a9dca", - "6dcfc0426bc148e67e91d4784e3d7e9bc3b7ce3676be62daa7f3f55dfdff6d9dc735b5e3" - "e0bbd0785db1f76f7ac065f3"}, - {NID_secp384r1, NID_sha512, - "feac892b7720af80b3c9eede51e923f18d3d0c5de4c31f4aa75e36df7c7c2fd8f4177885" - "1a24b69e67dccb65e159dd5c383243bad7cfedcc5e85c8a01c34b0b94ba8e07e4c024c09" - "d279b3731e8b62f9562d3c4f5042567efe42a9d0eaaabab28bc6f11232fc8ceaaf4518d9" - "f3b2bebf020294496b7f6b879e69503f75fecd3d", - "15347caaad1067f1848a676bd0a8c52021ae604b79d02775a0459226e0391a3acd26653c" - "916fcfe86149fb0ee0904476", - "04e5a0463163964d984f5bad0072d45bc2059939e60a826ccca36c151460ae360f5d6679" - "f60fe43e999b6da5841c96e48a30f2dd425a3fa2c95d34124217250b39e3b4a14f3e6e41" - "5ae8e5b0409eb72f43f78b64d0ce6f2d49980d6f04cd1391db", - "1a2d224db4bb9c241ca5cab18920fad615fa25c1db0de0f024cb3ace0d11ef72b0568854" - "46659f67650fdff692517b1c", - "87b4de0fb21df38dfc9a4b1e350da67547e307f55b5b9dd6615e408afe7c3553a6e02722" - "847367439e636074faa2182b", - "375d965753b9ed6c6c08576726f8308c2f8dbd2737824464e71265d47907e26f615bbeb8" - "203ec617520d4ecd1851dc44"}, - {NID_secp384r1, NID_sha512, - "cf2982e3bf174ce547741b969403cd11e9553067e6af8177d89511a0eb040db924530bdb" - "a65d8b1ff714228db0737c1756f509e1506014a10736e65be2f91980a73891496e90ff27" - "14a3601c7565cdcef5a395e2e0e1652f138d90d61eaa9cba993b823245647f6e07cec9b8" - "b4449cd68a29741cd1579c66e548ca0d0acf33aa", - "ac1cb5e59bda2eff3413a3bab80308f9fb32c595283c795de4c17fdae8d4647b5f108fd0" - "801aee22adb7db129283b5aa", - "04bc6b1a718284803553c173089c397870aaaecca579bb8e81a8cfa12473cd2057567fa8" - "726a19ed427cc035baeec2c55114f82997d1129b669f0015350e47ad561b1b13441af4fb" - "44656f15ed0c5706984d66655accc52f2e943eef39cb1cdc21", - "8053a46e875f446056b06d4318fa3e8977622de7207cbf0996bf35b0e9b19aaa507f642b" - "cf0be9f048f1af09806f6946", - "a994eb15b64114ce8a9342d18b5edda96a6d76314a5ac03da723699177d352a4a9f3b712" - "1b11a91e43a6af4025da51d6", - "8183ae33a888e99aa76882da0a6705ad102f2bbd9572fad0d2e4d6d70151970469e00c52" - "20e59c14724d771c1384b302"}, - {NID_secp384r1, NID_sha512, - "bf9fdd4107ef5a6070108771ac9eee4f0c8043bf0d04db772a47294f4137e2439d94b337" - "114b074e57e0cb78d0ccf352a2833e9788ee2a1a9ffeacd34f38fcefb86653d70c7dadd4" - "cf6548d608e70acdef6c7530974b92c813798add659752a8c72b05e1ad9c65c21834ce6f" - "be49d8a1426b5a54270794436d284364fac6ec1a", - "205f1eb3dfacff2bdd8590e43e613b92512d6a415c5951bda7a6c37db3aae39b9b7ec6ed" - "d256609e75373419087fa71f", - "04c9f1f63a18c761b077a1ec35fbb2de635db9b8592c36194a01769b57728c7755d4c79b" - "3d5b97a1a4631e30c86d03f13cf8c4a38770054d5cc9bb9182e6d4638242c4fd16e869ac" - "22e44c4b9402d594e0c6f5df6a9a7de32a4893d9f6588f1950", - "ecd395c5d8b7d6e6b2b19644e0d2e6086c912c6a0f5b8ed4b94b7290b65852c9741ce8ee" - "b08d8751ead8a183e17d76c6", - "e81331d78b438b0b8d98c1be03385ba5d614af182f1677f259126cc3de7eaac6c19b02be" - "955d936b6bf9c27c6796e6f0", - "17c2b7a8e0fc93909762aa9f86f9561e759ecb88f02337b2018363be6095d9e4324a6d32" - "96046686624b5efad6b52878"}, - {NID_secp384r1, NID_sha512, - "5d634fb39a2239256107dc68db19751540b4badac9ecf2fce644724401d6d632b3ae3b2e" - "6d05746b77ddc0c899878032248c263eda08d3d004d35952ad7a9cfe19343d14b37f9f63" - "2245e7b7b5fae3cb31c5231f82b9f1884f2de7578fbf156c430257031ba97bc6579843bc" - "7f59fcb9a6449a4cd942dffa6adb929cf219f0ad", - "e21e3a739e7ded418df5d3e7bc2c4ae8da76266a1fc4c89e5b09923db80a72217f1e9615" - "8031be42914cf3ee725748c1", - "040f753171922b5334f3dd2778a64ce2da8295121939beae71ad85e5344e893be0fd03cf" - "14e1f031adec098e0c4409449c45c10a0ffc0eb2f1cec5c89b698061108313ee7d449ad5" - "80efad344f0e7cf35be8a18fca620f112e57bdc746abdace55", - "d06bea06b25e6c30e866b1eb0657b45673e37b709013fb28fd7373afc8277cbc861354f8" - "21d0bd1927e52ec083a0f41f", - "e8d4a31dd0e7d2522be62a32608e744c3775ceb606dc897899f0c73f1a40ce9a8be854cd" - "506e65cd81fd7fa2c616cb7b", - "8151b681b6b6046d3c36f332d06d9ba7751e740631cdb759f88c50a25a8e950d5023df8a" - "15c77243743733c4feaf21d5"}, - {NID_secp384r1, NID_sha512, - "c9b4ff721b3e886f0dc05856ffff0aabb64a8504b1746a47fdd73e6b7ebc068f06ac7ffa" - "44c757e4de207fc3cbfaf0469d3ac6795d40630bcafe8c658627e4bc6b86fd6a2135afbc" - "18ccc8e6d0e1e86016930ca92edc5aa3fbe2c57de136d0ea5f41642b6a5d0ddeb380f245" - "4d76a16639d663687f2a2e29fb9304243900d26d", - "93434d3c03ec1da8510b74902c3b3e0cb9e8d7dccad37594d28b93e065b468d9af4892a0" - "3763a63eae060c769119c23c", - "04a52c25f2af70e5bc6a992ecef4ea54e831ed5b9453747d28aec5cffb2fcfee05be80c5" - "cbab21606b5507aa23878adee12cf2a9afeff83f3041dc8a05f016ccae58aa1a0e0dc6be" - "9d928e97f2598c9ba5e9718d5eb74c9cfb516fd8c09f55f5b9", - "13d047708ae5228d6e3bbada0e385afdb3b735b31123454fdf40afe3c36efed563fd2cce" - "84dcc45c553b0993d9ca9ec3", - "a0203f6f2c456baac03538ed506a182e57a25151802cf4b2557613b2fb615ebd4c50ddc5" - "05f87c048a45bad3b2fc371c", - "0eab56457c4080400fa3af124761d5a01fef35f9649edba8b97d22116386f3b8b363e97e" - "f3f82616d5d825df1cf865ef"}, - {NID_secp384r1, NID_sha512, - "db2ad659cf21bc9c1f7e6469c5f262b73261d49f7b1755fc137636e8ce0202f929dca446" - "6c422284c10be8f351f36333ebc04b1888cba217c0fec872b2dfc3aa0d544e5e06a9518a" - "8cfe3df5b20fbcb14a9bf218e3bf6a8e024530a17bab50906be34d9f9bba69af0b11d8ed" - "426b9ec75c3bd1f2e5b8756e4a72ff846bc9e498", - "e36339ddbe8787062a9bc4e1540690915dd2a2f11b3fe9ee946e281a0a2cbed426df405e" - "d9cb0eca42f85443efd09e0c", - "04a1ffb4b790d1593e907369b69de10b93cddbb02c6131f787422364d9d692768ef80979" - "70306cce16c97f2b10c538efa7d0692028601ea794d2563ffe9facc7273938fab47dd00b" - "8960be15549a9c2b3f8552583eb4c6cd212fe486c159c79153", - "2226f7329378cecd697f36ae151546643d67760856854661e31d424fae662da910e2157d" - "a9bb6dfbe3622296e0b5710c", - "20dcc25b67dd997621f437f65d78347fb57f8295b1b14453b1128203cda892bcfe726a2f" - "107d30975d63172e56f11d76", - "51cff592cbef75ef8321c8fa1e4229c4298b8180e427bee4e91d1e24fc28a729cf296beb" - "728960d2a58cf26773d8e2e2"}, - {NID_secp384r1, NID_sha512, - "dbd8ddc02771a5ff7359d5216536b2e524a2d0b6ff180fa29a41a8847b6f45f1b1d52344" - "d32aea62a23ea3d8584deaaea38ee92d1314fdb4fbbecdad27ac810f02de0452332939f6" - "44aa9fe526d313cea81b9c3f6a8dbbeafc899d0cdaeb1dca05160a8a039662c4c845a3db" - "b07be2bc8c9150e344103e404411668c48aa7792", - "5da87be7af63fdaf40662bd2ba87597f54d7d52fae4b298308956cddbe5664f1e3c48cc6" - "fd3c99291b0ce7a62a99a855", - "0454c79da7f8faeeee6f3a1fdc664e405d5c0fb3b904715f3a9d89d6fda7eabe6cee86ef" - "82c19fca0d1a29e09c1acfcf18926c17d68778eb066c2078cdb688b17399e54bde5a79ef" - "1852352a58967dff02c17a792d39f95c76d146fdc086fe26b0", - "1b686b45a31b31f6de9ed5362e18a3f8c8feded3d3b251b134835843b7ae8ede57c61dc6" - "1a30993123ac7699de4b6eac", - "9dbfa147375767dde81b014f1e3bf579c44dd22486998a9b6f9e0920e53faa11eed29a4e" - "2356e393afd1f5c1b060a958", - "e4d318391f7cbfe70da78908d42db85225c85f4f2ff413ecad50aad5833abe91bdd5f6d6" - "4b0cd281398eab19452087dd"}, - {NID_secp521r1, NID_sha224, - "58ec2b2ceb80207ff51b17688bd5850f9388ce0b4a4f7316f5af6f52cfc4dde4192b6dbd" - "97b56f93d1e4073517ac6c6140429b5484e266d07127e28b8e613ddf65888cbd5242b2f0" - "eee4d5754eb11f25dfa5c3f87c790de371856c882731a157083a00d8eae29a57884dbbfc" - "d98922c12cf5d73066daabe3bf3f42cfbdb9d853", - "1d7bb864c5b5ecae019296cf9b5c63a166f5f1113942819b1933d889a96d12245777a994" - "28f93de4fc9a18d709bf91889d7f8dddd522b4c364aeae13c983e9fae46", - "0401a7596d38aac7868327ddc1ef5e8178cf052b7ebc512828e8a45955d85bef49494d15" - "278198bbcc5454358c12a2af9a3874e7002e1a2f02fcb36ff3e3b4bc0c69e70184902e51" - "5982bb225b8c84f245e61b327c08e94d41c07d0b4101a963e02fe52f6a9f33e8b1de2394" - "e0cb74c40790b4e489b5500e6804cabed0fe8c192443d4027b", - "141f679033b27ec29219afd8aa123d5e535c227badbe2c86ff6eafa5116e9778000f5385" - "79a80ca4739b1675b8ff8b6245347852aa524fe9aad781f9b672e0bb3ff", - "06b973a638bde22d8c1c0d804d94e40538526093705f92c0c4dac2c72e7db013a9c89ffc" - "5b12a396886305ddf0cbaa7f10cdd4cd8866334c8abfc800e5cca365391", - "0b0a01eca07a3964dd27d9ba6f3750615ea36434979dc73e153cd8ed1dbcde2885ead575" - "7ebcabba117a64fcff9b5085d848f107f0c9ecc83dfa2fa09ada3503028"}, - {NID_secp521r1, NID_sha224, - "2449a53e0581f1b56d1e463b1c1686d33b3491efe1f3cc0443ba05d65694597cc7a2595b" - "da9cae939166eb03cec624a788c9bbab69a39fb6554649131a56b26295683d8ac1aea969" - "040413df405325425146c1e3a138d2f4f772ae2ed917cc36465acd66150058622440d7e7" - "7b3ad621e1c43a3f277da88d850d608079d9b911", - "17e49b8ea8f9d1b7c0378e378a7a42e68e12cf78779ed41dcd29a090ae7e0f883b0d0f2c" - "bc8f0473c0ad6732bea40d371a7f363bc6537d075bd1a4c23e558b0bc73", - "0400156cd2c485012ea5d5aadad724fb87558637de37b34485c4cf7c8cbc3e4f106cb1ef" - "d3e64f0adf99ddb51e3ac991bdd90785172386cdaf2c582cc46d6c99b0fed101edeeda71" - "7554252b9f1e13553d4af028ec9e158dbe12332684fc1676dc731f39138a5d301376505a" - "9ab04d562cc1659b0be9cb2b5e03bad8b412f2699c245b0ba2", - "1dc3e60a788caa5f62cb079f332d7e5c918974643dca3ab3566a599642cd84964fbef43c" - "e94290041fe3d2c8c26104d9c73a57a7d4724613242531083b49e255f33", - "12592c0be6cce18efb2b972cd193d036dcb850f2390fa8b9b86b2f876548bc424fb3bc13" - "c1e5c415fa09d0ecfcae5bf76fb23e8322d7eecb264a2ae6d20ef50d405", - "11bc9713be88e3b9912a3e5f5d7b56f20573e979b1a75d04ce339f724bddffa4665d2599" - "5fe24d32507d8a07c5e10169f5338ef2827737f7b0291752b21237217e3"}, - {NID_secp521r1, NID_sha224, - "7ba05797b5b67e1adfafb7fae20c0c0abe1543c94cee92d5021e1abc57720a6107999c70" - "eacf3d4a79702cd4e6885fa1b7155398ac729d1ed6b45e51fe114c46caf444b20b406ad9" - "cde6b9b2687aa645b46b51ab790b67047219e7290df1a797f35949aaf912a0a8556bb210" - "18e7f70427c0fc018e461755378b981d0d9df3a9", - "135ea346852f837d10c1b2dfb8012ae8215801a7e85d4446dadd993c68d1e9206e1d8651" - "b7ed763b95f707a52410eeef4f21ae9429828289eaea1fd9caadf826ace", - "04018d40cc4573892b3e467d314c39c95615ee0510e3e4dbc9fa28f6cd1f73e7acde15ad" - "7c8c5339df9a7774f8155130e7d1f8de9139ddd6dfe1841c1e64c38ea98243017021782d" - "33dc513716c83afe7ba5e7abef9cb25b31f483661115b8d6b5ae469aaf6f3d54baa3b658" - "a9af9b6249fd4d5ea7a07cb8b600f1df72b81dac614cfc384a", - "0c24acc1edb3777212e5b0bac744eadf4eda11fa150753b355bf96b189e6f57fc02284bb" - "22d8b3cd8bba7a09aae9f4ea955b382063425a6f8da2f99b9647b147172", - "183da7b8a9f9d5f08903359c1a2435b085fcf26a2ed09ab71357bb7634054acc569535e6" - "fe81d28233e4703005fc4bf83ce794d9463d575795aa0f03398e854cefd", - "0b3621145b9866ab7809139795cc30cd0404127a7f0fafa793660491009f6c53724fdb0b" - "1ffbf0fd51c131180b8a957fe66e76d2970247c024261c768dee9abbfb9"}, - {NID_secp521r1, NID_sha224, - "716dabdb22a1c854ec60420249905a1d7ca68dd573efaff7542e76f0eae54a1828db69a3" - "9a1206cd05e10e681f24881b131e042ed9e19f5995c253840e937b809dfb8027fed71d54" - "1860f318691c13a2eb514daa5889410f256305f3b5b47cc16f7a7dad6359589b5f4568de" - "4c4aae2357a8ea5e0ebaa5b89063eb3aa44eb952", - "1393cb1ee9bfd7f7b9c057ecc66b43e807e12515f66ed7e9c9210ba1514693965988e567" - "fbad7c3f17231aacee0e9b9a4b1940504b1cd4fd5edfaa62ba4e3e476fc", - "0401e855c935139c8092092cfa733db1292530506eeb2bbb1687f9602c36d97a6714e998" - "892d5d3b842d1896a6ece9d549e9792881a256256137b3dff180c96cc5d07b018d83b6e9" - "3cd287311f7bf7c1d7f9eeabcf0b69c12f2d8f40e333e81e956d968532a37a4c04d76187" - "4df293b484cd7053b03fdbc2fdcd3b4c412d6f272fb7c93fe6", - "1d98619bdc04735d30c222fc67da82c069aea5f449af5e8c4db10c1786c0cb9e6f2cc0bb" - "66fa6be18c485570d648dafcd0a973c43d5c94e9a9dacbd3170e53fa2a0", - "0bf47fabe107ce0ec03e2ad60a79b058e1bebb18568b6a8cdbe86032e71aa30c15766105" - "b2ea952cfa79bcab046df601159f96e179bbcf252dc68ac73d31481fdae", - "1f918fec69cd07d90f9d892b7117e7519c3224947f4262f1fd97077dd5386a6c78aeddff" - "3ee97e59ea353f06029f1336f0d6ef5c0f4b17ca59343a55319b7bfc3db"}, - {NID_secp521r1, NID_sha224, - "9cc9c2f131fe3ac7ea91ae6d832c7788cbbf34f68e839269c336ceef7bef6f20c0a62ea8" - "cc340a333a3002145d07eba4cf4026a0c4b26b0217a0046701de92d573d7c87a386a1ea6" - "8dc80525b7dcc9be41b451ad9f3d16819e2a0a0b5a0c56736da3709e64761f97cae2399d" - "e2a4022dc4c3d73c7a1735c36dbde86c4bc5b6f7", - "179fa164e051c5851e8a37d82c181e809a05fea9a3f083299b22684f59aa27e40dc5a33b" - "3f7949338764d46bfe1f355134750518b856d98d9167ef07aac3092c549", - "0401857cc7bbed20e87b3fd9a104956aa20c6502192910e0e7598410526ebfe1c99397b8" - "5189612a60c51fb8f4dd5cb08a8cd2e702563062dcb043410715c5323a004601fce8d135" - "284310d2f38c216030634b32cd223222f0d9d8d2b7c55477c4b8b74fc6c96a6092f34b05" - "ca44d3633a5037c2166c479a032bb4f949f89fc1ba5236d07d", - "16d9704c0cee791f2938bb2a8a595752a3635c2f557efeecefd719414b5f2aaf846080f5" - "82c76eae7a8fddf81859b49d0131c212524d55defa67dca1a9a28ca400f", - "1c9a4e51774384e8362876a87c572e6463a54413c7c6252c552ebb182f83e45ace436ade" - "4ca373d8a7216e83efb62c8b41c4d5132a0afa65078f16d189baca39187", - "1e92a7dd5fea29a666398e1df5775cbb5664fe6943fe4c1d2bba516b7543c84df584458e" - "53919c4ffab579a26fb3c892a5d1a77b0a07428c89350f8b559e627b014"}, - {NID_secp521r1, NID_sha224, - "14c69f8d660f7a6b37b13a6d9788eff16311b67598ab8368039ea1d9146e54f55a83b3d1" - "3d7ac9652135933c68fafd993a582253be0deea282d86046c2fb6fd3a7b2c80874ced28d" - "8bed791bd4134c796bb7baf195bdd0dc6fa03fdb7f98755ca063fb1349e56fd0375cf947" - "74df4203b34495404ebb86f1c7875b85174c574c", - "13dabca37130ba278eae2b3d106b5407711b0d3b437fbf1c952f0773571570764d2c7cb8" - "896a8815f3f1975b21adc6697898e5c0a4242092fc1b80db819a4702df4", - "0400bc2aebf40cd435bc37d73c09d05f2fd71321111a767c2b0d446f90dd4a186839c694" - "ceb734e027e7ee948f0f63e4d3f1656d3d543df23c342a599306909b34710901f4c98ac0" - "3f0718e58d5d1762c920445b11dbdd60ec7f60095809204e14965a4ecb0be6fea06adbac" - "8ba431d6f144c75c199225df2a619a34be99897125b3a10af8", - "0401187c8b89945a1e48cda9ee52167789f4121e67482a7ac797899f5d3d2e623aed31e4" - "adae08a8d43e69028fa074d2650317cbc765f6ed191cf0317b4bae57881", - "1e572afed754016fba43fc33e352932c4db65efcb84e2bd159b40fc5925893b161effc40" - "240be28d8c07154d2615f605c6f0451b976522d95afd37f46602df7a12a", - "030370c1c5352c2b663ac1858b42f69545b2f58ed5b2c007f303726977d3c756b5d644ec" - "6788f94c886f78269aa190a3d8d1ae10e4fd24d937c4556fb9e1953fd6d"}, - {NID_secp521r1, NID_sha224, - "8d8e75df200c177dbfe61be61567b82177ea5ec58e2781168d2277d2fd42668f01248ca3" - "eb29ffa2689b12ae40f9c429532b6d2e1f15891322b825a0a072a1c68fa09e78cfdef3e9" - "5ed6fdf7233a43cb68236560d49a3278f0b3f47cb08f475bd9ab2f60755ea4a1767de931" - "3b71a1b9ea87ef33f34682efbda263b0f8cc2f52", - "198681adbde7840d7ccd9cf1fb82056433fb4dd26bddf909af7b3b99da1ca2c05c8d4560" - "ecd80ba68f376f8b487897e374e99a9288ed7e3645cc0d00a478aae8d16", - "040057ce3777af7032f1f82308682e71fe09f88bf29dacd5018a725e1caa4b1e2bfdd894" - "fe618f9266f31ba089856dc9c1b70e4a2faa08b4b744d1aafcd5ae99e2c7360199bcfef2" - "021bc5890d7d39ec5dc0c26956801e84cae742cf6c50386eb289b6e97754dd25a94abf81" - "f1cb1b36935b5eb29f4b32a6516d2ff6a7d23064a0daec94b3", - "19d2d74ad8ee2d85048f386998a71899ef6c960b4ab324e5fd1c0a076c5a632fd0009500" - "076522e052c5c9806eef7056da48df6b16eb71cdf0f1838b0e21715fce0", - "18ecacbcffd5414bbb96728e5f2d4c90178e27733d13617e134ec788022db124374bbaa1" - "1e2c77fe3f38d1af6e998e1b0266b77380984c423e80ffa6ff2bcafd57a", - "1c727f34b6a378f3087721a54e9796499b597ecf6666b8f18312d67e1190a8a66e878efc" - "2367b551267494e0245979ef4deed6d2cbf2c3711af6d82ccfeb101a377"}, - {NID_secp521r1, NID_sha224, - "10631c3d438870f311c905e569a58e56d20a2a560e857f0f9bac2bb7233ec40c79de1452" - "94da0937e6b5e5c34fff4e6270823e5c8553c07d4adf25f614845b2eac731c5773ebbd71" - "6ab45698d156d043859945de57473389954d223522fbafecf560b07ef9ba861bcc1df9a7" - "a89cdd6debf4cd9bf2cf28c193393569ccbd0398", - "08c4c0fd9696d86e99a6c1c32349a89a0b0c8384f2829d1281730d4e9af1df1ad5a0bcfc" - "cc6a03a703b210defd5d49a6fb82536f88b885776f0f7861c6fc010ef37", - "040164ac88ed9afe137f648dd89cdd9956682830cac5f7c1a06d19a1b19f82bb1d22dfee" - "fea30d35c11202fed93fd5ce64835d27c6564d6e181287fa04a2d20994986b005cb83669" - "265f5380ccefe6b4f85fdf0049e6703f6f378a0b2e52ed0fbbcf300afebb722f4ed48e38" - "19cb976c1d60e2ba05646b478f6dfecfbae730e9644c297f00", - "189801432cba9bf8c0763d43b6ec3b8636e62324587a4e27905b09a58e4aa66d07d096db" - "ce87824e837be1c243dd741f983c535a5dd2f077aac8beee9918258d3cb", - "0917723f7241e8dc7cd746b699ab621d068dd3a90e906aaf0a4862744b96fd4e5ccdb9c7" - "796c27f7196e693d06ec209464c3ea60ad6313e9b77cceaa14767e6651c", - "0957b0ecdc3668f6efa5d0957615bcfffd6419c5e57579b74f960f65ae3fb9e8284322ff" - "710b066f7e0959ac926d3cf9a594bdb70bbec756c96910b26a2486dee9e"}, - {NID_secp521r1, NID_sha224, - "80aad6d696cbe654faa0d0a24d2f50d46e4f00a1b488ea1a98ed06c44d1d0c568beb4ab3" - "674fc2b1d2d3da1053f28940e89ba1244899e8515cabdd66e99a77df31e90d93e37a8a24" - "0e803a998209988fc829e239150da058a300489e33bf3dcdaf7d06069e74569fee77f4e3" - "875d0a713ccd2b7e9d7be62b34b6e375e84209ef", - "1466d14f8fbe25544b209c5e6a000b771ef107867e28ed489a42015119d1aa64bff51d6b" - "7a0ac88673bbc3618c917561cff4a41cdb7c2833dab5ebb9d0ddf2ca256", - "0401dc8b71d55700573a26af6698b92b66180cf43e153edadb720780321dbb4e71d28e0a" - "488e4201d207fc4848fe9dd10dcabec44492656a3ff7a665fe932445c82d0b01920b1633" - "1b7abeb3db883a31288ef66f80b7728b008b3cc33e03a68f68d9e653a86e3177bbc00014" - "fa5ea4c1608c0d455c2e2ac7bd8ab8519ebf19955edf1baf8d", - "160d04420e0d31b0df476f83393b1f9aff68389cc3299e42ef348d97646f7531a722b66d" - "dfb9501bbb5c4a41d84c78be7233b11489bceb817d23060e6017433fab8", - "08077aabd0a342f03f912007c586cfedfc63f93d1118f720d5b62b3ce141a60f86f111df" - "d8fc2e31a6778981f1a5e28f29a7369bd7897bb41240c8d3a9c170e0ee0", - "00abc75fc154b93840579457820957e89d1260fee0a4b9bb1946f61ca1e71afd76bb5e10" - "77b3e38ceb39d1fac5ef8b217c4110617b3ad118e02b3fcc2a39ef38613"}, - {NID_secp521r1, NID_sha224, - "8a7792a2870d2dd341cd9c4a2a9ec2da753dcb0f692b70b64cef2e22071389c70b3b188d" - "ea5f409fb435cbd09082f59de6bc2ff9e65f91b7acc51e6e7f8e513148cb3c7c4664f227" - "d5c704626b0fda447aa87b9d47cd99789b88628eb642ed250312de5ba6b25f3d5342a3cb" - "b7ebd69b0044ee2b4c9ba5e3f5195afb6bea823d", - "01a99fcf54c9b85010f20dc4e48199266c70767e18b2c618044542cd0e23733817776a1a" - "45dbd74a8e8244a313d96c779f723013cd88886cb7a08ef7ee8fdd862e7", - "0401912d33b01d51e2f777bdbd1ada23f2b1a9faf2be2f2a3b152547db9b149b697dd718" - "24ca96547462e347bc4ef9530e7466318c25338c7e04323b1ba5fd25ea716200bbe9b1e3" - "a84accd69b76b253f556c63e3f374e3de0d1f5e3600fc19215533b2e40d6b32c3af33314" - "d223ea2366a51d1a337af858f69326389276f91be5c466e649", - "14fafd60cb026f50c23481867772411bb426ec6b97054e025b35db74fe8ea8f74faa2d36" - "e7d40b4652d1f61794878510b49b7b4fe4349afccd24fc45fec2fd9e9e7", - "18b1df1b6d7030a23a154cacce4a2e3761cc6251ff8bf6c9f6c89d0a15123baef9b338ad" - "a59728349ce685c03109fcde512ed01a40afd2ca34e1bc02ecf2871d45c", - "0a399f9b9e21aeddf450429fec2dc5749e4a4c7e4f94cee736004dcc089c47635da22845" - "992cd076a4f0a01d2cc1b0af6e17b81a802361699b862157ad6cad8bd1d"}, - {NID_secp521r1, NID_sha224, - "f971bcd396efb8392207b5ca72ac62649b47732fba8feaa8e84f7fb36b3edb5d7b5333fb" - "fa39a4f882cb42fe57cd1ace43d06aaad33d0603741a18bc261caa14f29ead389f7c2053" - "6d406e9d39c34079812ba26b39baedf5feb1ef1f79990496dd019c87e38c38c486ec1c25" - "1da2a8a9a57854b80fcd513285e8dee8c43a9890", - "1b6015d898611fbaf0b66a344fa18d1d488564352bf1c2da40f52cd997952f8ccb436b69" - "3851f9ccb69c519d8a033cf27035c27233324f10e9969a3b384e1c1dc73", - "040110c6177ceb44b0aec814063f297c0c890671220413dbd900e4f037a67d87583eaf4b" - "6a9a1d2092472c17641362313c6a96f19829bb982e76e3a993932b848c7a9700f6e566c4" - "e49b2ee70a900dc53295640f3a4a66732df80b29f497f4ae2fa61d0949f7f4b12556967b" - "b92201a4f5d1384d741120c95b617b99c47a61e11c93a482d6", - "1a88667b9bdfe72fb87a6999a59b8b139e18ef9273261549bc394d884db5aa64a0bc7c7d" - "38a8ef17333478d2119d826e2540560d65f52b9a6dc91be1340cfd8f8f8", - "015f73def52ea47ddb03e0a5d154999642202e06e6734ac930c1dc84756c67bbb1cca9f2" - "1f92d61bfdb2052c5dd2833349610f68139393d77250a7662ef7bd17cbe", - "155c744a729f83b27d1f325a91e63a0d564fe96ff91eaa1bad3bff17d2abffa065d14a1d" - "20a04dd993f6ed3260b60bcc6401e31f6bc75aaafe03e8c1a9cd14d2708"}, - {NID_secp521r1, NID_sha224, - "ec0d468447222506b4ead04ea1a17e2aa96eeb3e5f066367975dbaea426104f2111c45e2" - "06752896e5fa7594d74ed184493598783cb8079e0e915b638d5c317fa978d9011b44a76b" - "28d752462adf305bde321431f7f34b017c9a35bae8786755a62e746480fa3524d398a6ff" - "5fdc6cec54c07221cce61e46fd0a1af932fa8a33", - "05e0d47bf37f83bcc9cd834245c42420b68751ac552f8a4aae8c24b6064ae3d33508ecd2" - "c17ec391558ec79c8440117ad80e5e22770dac7f2017b755255000c853c", - "0401a6effc96a7f23a44bf9988f64e5cfafdae23fa14e4bee530af35d7a4ddf6b80dcd0d" - "937be9dd2db3adcda2f5216fecbce867ee67e7e3773082f255156e31358c2f01e7760190" - "dfbe07ec2df87067597087de262c1e0a12355456faba91b2e7277050d73b924e14c0e93b" - "8457a8b3e1f4207ce6e754274f88ad75c000d1b2977edc9c1a", - "18afea9a6a408db1e7a7bb1437a3d276f231eacfc57678bfa229d78681cbe4e800e60653" - "32a3128db65d3aa446bb35b517dca26b02e106e1311881a95b0302d15e8", - "01c49b3c1d21f1678bdbe1ac12167e95e06617190bdee1a729c1c649210da19e2e210f66" - "89e1310513bfe2ac6c0f4ee5f324f344b31b18df341eaadb826d07adc9b", - "129d4931ba457443012f6ffecd002f2abc3a4b65a58fee8457917ebcf24b29a1d3055b7f" - "c62939a74ebb0c3582172ee7c3c75e0b2fa2367c6e04df63a7a91d593ad"}, - {NID_secp521r1, NID_sha224, - "d891da97d2b612fa6483ee7870e0f10fc12a89f9e33d636f587f72e0049f5888782ccde3" - "ea737e2abca41492bac291e20de5b84157a43c5ea900aef761006a4471072ab6ae6d515f" - "fe227695d3ff2341355b8398f72a723ae947f9618237c4b6642a36974860b452c0c62026" - "88bc0814710cbbff4b8e0d1395e8671ae67ada01", - "1804ab8f90ff518b58019a0b30c9ed8e00326d42671b71b067e6f815ac6752fa35016bd3" - "3455ab51ad4550424034419db8314a91362c28e29a80fbd193670f56ace", - "0400a79529d23a832412825c3c2ad5f121c436af0f29990347ecfa586ce2e57fd3c7e062" - "4d8db1f099c53473dbc2578f85416ad2ac958a162051014fb96bf07f9e1d17017c0750f2" - "6df0c621d2d243c6c99f195f0086947b1bf0f43731555f5d677e2d4a082fb5fe8da87e15" - "92a5fa31777da3299cede5a6f756edf81c85b77853388bb3ab", - "042d7c36fec0415bc875deb0fab0c64548554062e618aee3aa6670ffd68ab579fe620d3a" - "9316357267fd3111c0ed567dca663acd94b646d2ba0771953cd9690ef42", - "0d01dfbef126febbdfa03ef43603fd73bc7d2296dce052216e965fed7bb8cbbc24142bfc" - "ddb60c2e0bef185833a225daa0c91a2d9665176d4ad9986da785f4bfcf0", - "16627e2614dbcd371693c10bbf579c90c31a46c8d88adf59912c0c529047b053a7c77151" - "42f64dcf5945dbc69ff5b706c4b0f5448d04dd1f0b5a4c3765148bf253d"}, - {NID_secp521r1, NID_sha224, - "924e4afc979d1fd1ec8ab17e02b69964a1f025882611d9ba57c772175926944e42c68422" - "d15f9326285538a348f9301e593e02c35a9817b160c05e21003d202473db69df695191be" - "22db05615561951867f8425f88c29ba8997a41a2f96b5cee791307369671543373ea91d5" - "ed9d6a34794d33305db8975b061864e6b0fe775f", - "0159bff3a4e42b133e20148950452d99681de6649a56b904ee3358d6dd01fb6c76ea0534" - "5cb9ea216e5f5db9ecec201880bdff0ed02ac28a6891c164036c538b8a8", - "04012d7f260e570cf548743d0557077139d65245c7b854ca58c85920ac2b290f2abfeccd" - "3bb4217ee4a29b92513ddce3b5cbf7488fb65180bb74aeb7575f8682337ef50175601862" - "30c7e8bff0bffce1272afcd37534f317b453b40716436a44e4731a3ec90a8f17c53357bc" - "54e6ff22fc5b4ca892321aa7891252d140ece88e25258b63d5", - "14b8a30f988cefdc0edec59537264edb0b697d8c4f9e8507cf72bc01c761304bd2019da1" - "d67e577b84c1c43dd034b7569f16635a771542b0399737025b8d817e1c3", - "0fc50939ebca4f4daa83e7eaf6907cb08f330c01d6ea497b86becda43dfcad47cb5c48f5" - "eb2cc924228628070bcd144088c449a7873242ba86badf796097dbecd6d", - "0ccb6463c4301ba5c043e47ed508d57dd908fd0d533af89fd3b11e76343a1cf2954ce90b" - "0eb18cbc36acd6d76b3906612d8a0feec6ebed13d88650ed9c708b28a11"}, - {NID_secp521r1, NID_sha224, - "c64319c8aa1c1ae676630045ae488aedebca19d753704182c4bf3b306b75db98e9be4382" - "34233c2f14e3b97c2f55236950629885ac1e0bd015db0f912913ffb6f1361c4cc25c3cd4" - "34583b0f7a5a9e1a549aa523614268037973b65eb59c0c16a19a49bfaa13d507b29d5c7a" - "146cd8da2917665100ac9de2d75fa48cb708ac79", - "17418dfc0fc3d38f02aa06b7df6afa9e0d08540fc40da2b459c727cff052eb0827bdb3d5" - "3f61eb3033eb083c224086e48e3eea7e85e31428ffe517328e253f166ad", - "04000188366b9419a900ab0ed9633426d51e25e8dc03f4f0e7549904243981ec469c8d6d" - "938f6714ee620e63bb0ec536376a73d24d40e58ad9eb44d1e6063f2eb4c51d009889b920" - "3d52b9243fd515294a674afd6b81df4637ffdddc43a7414741eda78d8aa862c9cbbb618a" - "cec55bb9a29aac59616fc804a52a97a9fc4d03254f4469effe", - "1211c8824dcbfa0e1e15a04779c9068aed2431daeac298260795e6a80401f11f6d52d36b" - "cee3cfa36627989c49d11475163aa201d2cd4c5394144a6bb500bbaf02b", - "1d59401b8ac438855d545a699991142685077a409de2418c7ccfe01a4771b3870e76287a" - "9654c209b58a12b0f51e8dc568e33140a6b630324f7ef17caa64bf4c139", - "143af360b7971095b3b50679a13cd49217189eaee4713f4201720175216573c68f7ac6f6" - "88bfe6eb940a2d971809bf36c0a77decc553b025ed41935a3898685183b"}, - {NID_secp521r1, NID_sha256, - "8ab8176b16278db54f84328ae0b75ef8f0cd18afdf40c04ad0927ed0f6d9e47470396c8e" - "87cde7a9be2ffbfe6c9658c88b7de4d582111119c433b2e4a504493f0a1166e3a3ea0d7b" - "93358f4a297d63f65a5e752f94e2ee7f49ebcc742fa3eb03a617d00c574245b77a200338" - "54d82964b2949e2247637239ab00baf4d170d97c", - "1e8c05996b85e6f3f875712a09c1b40672b5e7a78d5852de01585c5fb990bf3812c32455" - "34a714389ae9014d677a449efd658254e610da8e6cad33414b9d33e0d7a", - "04007d042ca19408524e68b981f1419351e3b84736c77fe58fee7d11317df2e850d960c7" - "dd10d10ba714c8a609d163502b79d682e8bbecd4f52591d2748533e45a867a0197ac6416" - "111ccf987d290459ebc8ad9ec56e49059c992155539a36a626631f4a2d89164b985154f2" - "dddc0281ee5b5178271f3a76a0914c3fcd1f97be8e8376efb3", - "0dc8daaacddb8fd2ff5c34a5ce183a42261ad3c64dbfc095e58924364dc47ea1c05e2599" - "aae917c2c95f47d6bb37da008af9f55730ddbe4d8ded24f9e8daa46db6a", - "09dd1f2a716843eedec7a6645ac834d4336e7b18e35701f06cae9d6b290d41491424735f" - "3b57e829ad5de055eaeef1778f051c1ee152bf2131a081e53df2a567a8a", - "02148e8428d70a72bc9fa986c38c2c97deda0420f222f9dc99d32c0acba699dc7ba0a2b7" - "9ce5999ff61bd0b233c744a893bc105bca5c235423e531612da65d72e62"}, - {NID_secp521r1, NID_sha256, - "c4bc2cec829036469e55acdd277745034e4e3cc4fcd2f50ec8bd89055c19795a1e051ccf" - "9aa178e12f9beab6a016a7257e391faa536eaa5c969396d4e1ade36795a82ebc709d9422" - "de8497e5b68e7292538d4ccdc6dd66d27a3ece6a2844962b77db073df9489c9710585ba0" - "3d53fa430dbc6626dc03b61d53fc180b9af5dea6", - "0b65bf33b2f27d52cbfabcadce741e691bf4762089afd37964de1a0deda98331bf8c7402" - "0a14b52d44d26e2f6fa7bcddbe83be7db17a0c8a1b376469cf92c6da27c", - "04010038bb9a7aea626de68c14c64243150e72c69e2f8a1ab922bfbdaa6f33d24fb4542c" - "0324357b0dd640bbcd07632ecd253f64ca2bfbfbf3de9b24fffd0568ab82da00faf867d9" - "5308cc36d6f46844a0f535dc70f9768eed011a2464d2f308fa1d8e72c3616aec7e705169" - "08183ffce7fdd36984a15f73efaa3858c2edf16a784d40e6c2", - "14aeb96c57d99677a1f5e4588064215e7e9af4027bfb8f31ff6126dbf341b8e6f719465e" - "4273e91ba32670feca802549808322b7ee108bb20653cf20f93284d365f", - "075ead62edf7d86c5d1bc2443d1aeb5dc034fd999e6ea012cef7499d9d050cd97d262095" - "884e9fc89a42e15bd3dee80fe3c1ba10f4caabc4aabb86347023028b663", - "129a992a6ff66d41948d11fa680f732b1a74315b804c982805190ed9d2fae223f2b14998" - "0b9241998cdea0c5672595a8a49d5186a0ef7a46c0a376f925bdda81726"}, - {NID_secp521r1, NID_sha256, - "1c1b641d0511a0625a4b33e7639d7a057e27f3a7f818e67f593286c8a4c827bb1f3e4f39" - "9027e57f18a45403a310c785b50e5a03517c72b45ef8c242a57b162debf2e80c1cf6c7b9" - "0237aede5f4ab1fcaf8187be3beb524c223cc0ceff24429eb181a5eea364a748c7132148" - "80d976c2cd497fd65ab3854ad0d6c2c1913d3a06", - "02c4e660609e99becd61c14d043e8b419a663010cc1d8f9469897d7d0a4f076a619a7214" - "a2a9d07957b028f7d8539ba7430d0b9a7de08beeeae8452d7bb0eac669d", - "0400fb3868238ca840dbb36ecc6cf04f5f773ea0ab8e8b0fdcf779dc4039a8d7146a4175" - "04e953c0cb5e7f4e599cc2c168deda8b7f16084b5582f89f2ece4cae5167f701f90b5c15" - "eeda48e747cf3ee8183166a49dbfac6161cbd09d29d40a6854f4c495e88a435892a920cd" - "aad20d41985890b648badd4f0a858ffcbd9afdfc23134ede18", - "1f875bbf882cd6dd034a87916c7b3ba54b41b2ea2ce84ebaf4e393fcf7291fee09dec2b5" - "bb8b6490997c9e62f077c34f0947fe14cec99b906dd6bf0b5d301e75ca1", - "07aa70425697736b298233249f5d0cf25c99e640c9ff88035ef1804820e1bfe7d043755f" - "02d7a079494f7fa6dc26740c4e6b7b430c63f29c67bbd3a5c88d2f0e8d1", - "0e0d42e4ff11cf5be37a9fda348514d5097a662f214687cbfb28ff42d635b13029871ca4" - "f464bb1fbce02d5da4d5fb61b2a071844259fc863d136197bec3a61e7c7"}, - {NID_secp521r1, NID_sha256, - "adb5f069b2b501a3ebb83d4f1808eb07710ac4a7b12532996855a20bcc54b2f76812915f" - "632163c3654ff13d187d007152617cf859200194b59c5e81fc6cc9eb1ceb75d654050f26" - "0caa79c265254089270ccd02607fdcf3246119738c496dc3a4bd5d3be15789fc3d29a08d" - "6d921febe2f40aef286d5d4330b07198c7f4588e", - "17c3522007a90357ff0bda7d3a36e66df88ca9721fb80e8f63f50255d47ee819068d018f" - "14c6dd7c6ad176f69a4500e6f63caf5cf780531004f85009c69b9c1230c", - "04013a4bea0eed80c66ea973a9d3d4a90b6abbb5dee57d8affaf93390a8783a20982eba6" - "44d2e2809f66530adeeee7f9a1da7515447e9ba118999f76f170c375f621f7012f9dfaee" - "40a75d8442b39b37a5c19ea124b464236e9b9a31bae6780cfd50f7ea4a700154b5ea0fee" - "b64e9b35a1b0e33e46900cca1f34d13bb17e5017769841af27", - "18388a49caeda35859ef02702c1fd45ff26991998bd9d5e189c12c36cdae3f642ddd4a79" - "561bd1d3e1cd9359de8f5c9e1604a312d207a27b08a6033f2741794ced5", - "15c6264795837dfea19f91876455f564f073c5c84a3c9d76e67872ae0447ba0d4850d872" - "1302b25bec7ebfedd2721de140b2f3dead547042b24b0876117e7093cc1", - "060eb74236c189a28ed20bd0822eb22d75f7d97c9043a3c8e3f6d4c90bc8ca02ac4d37c1" - "171c799a1c7dfd2fcbf83406b5e48c051e0fbf0fd937bfe6c3db4e18154"}, - {NID_secp521r1, NID_sha256, - "f253484d121d1ce8a88def6a3e9e78c47f4025ead6f73285bf90647102645b0c32d4d867" - "42a50b8b7a42d5f6156a6faf588212b7dc72c3ffd13973bdba732b554d8bffc57d04f816" - "7aef21ee941ee6ffb6cce0f49445bd707da8deb35dca650aaf761c3aa66a5ebccddd15ae" - "e21293f63061a7f4bfc3787c2cd62c806a1a9985", - "0c4dad55871d3bd65b016d143ddd7a195cc868b3048c8bbcb1435622036bdb5e0dec7178" - "ca0138c610238e0365968f6ddd191bbfacc91948088044d9966f652ff25", - "040014858a3b9bd426b678fdcf93fc53d17e7a9e8fe022442aaaba65399d12fd3a6a3819" - "58fb0f07ac6088f4e490506ec0f1ab4d0dbd461126f7eb46ff69cfa8bd88af018c18ce29" - "ecc6d79d26a2de0cd31c4b32e84b5e90f6ba748f86c5afbd89618aceb9079460cbd1a826" - "1ed5476973e61bf1d17ea78b022387443800c9247d21dde550", - "05577108f4187a173e5c29e927a8fc8f5ffd37e184254a6e381ff1018955aec91a35f300" - "85e8cee6a7555c10f9efdce26d62f2b4b52dfdbaeafc3a30983e2d50d5b", - "0344375ae7c804cbe32ced7a20976efae5d9c19eb88b6e24514d1d0cfb728b0f4601098b" - "18b2e98f42b5222dd5237d4d87767007bf5acb185c5526d72047e2cb1a1", - "02de4cfa908c73c1102d6fb7062baf54a056a9517701e036c9c51e09899d60051612d593" - "48945f845dffebec5aa395b2fac7229929033615788777306ccad96d0a3"}, - {NID_secp521r1, NID_sha256, - "33bab1c369c495db1610965bc0b0546a216e8dd00cd0e602a605d40bc8812bbf1ffa6714" - "3f896c436b8f7cf0bed308054f1e1ff77f4d0a13c1e831efbd0e2fcfb3eadab9f755f070" - "ba9aeaceb0a5110f2f8b0c1f7b1aa96a7f2d038a1b72e26400819b1f73d925ea4e34d6ac" - "af59d0a461a34ce5d65c9c937a80e844e323a16d", - "03d4749fadcc2008f098de70545a669133c548ce0e32eec1276ff531bcff535331445557" - "28ad8906d17f091cc0514571691107350b6561858e90dbe19633aaf31bf", - "04010fe5986b65f6e65d13c88c4d2aed781a91026904f82129d46779bdadaf6b733c845a" - "934e941ab4a285efdea9c96ecc9dc784d87e4d937b42c337b3a9cb111a96000077853768" - "a2a4d6f596f57414e57ec60b76d3cd5ece8351cd1f335ebcb8801a3d91fb82c65caaeb5c" - "31eea9918367bb5906863ff3ccaf7a6cee415e0d75c15ac2e0", - "1fbb4de337b09e935a6dc6215ffcfcb85d236cc490585e73251a8b8bac37cfa36c5d1df5" - "f4536d33659be1e7a442529a783452f7efda74a4f661b6a127f9248aaf7", - "09d8f10eeff6178594c89d6e8184f9502117384813243ddf9ccf3c8eac5dc6502c472dfc" - "1487a5caffc569f7dedd14a8ebcb310e9bacdb79fb6655aba026cdf87f2", - "0f74236c7915d638708d17c9f10e39dda358faf9bbb821d8dcda0d151aac143bfb165ad0" - "a23a65cd3de532e32cad928728f5ae1c16f58fc16577f3ca8e36f9e708b"}, - {NID_secp521r1, NID_sha256, - "08c8b7faaac8e1154042d162dca1df0f66e0001b3c5ecf49b6a4334ce4e8a754a1a8e4da" - "f8ec09cf1e521c96547aed5172ef852e82c03cddd851a9f992183ac5199594f288dbcc53" - "a9bb6128561ff3236a7b4b0dce8eaf7d45e64e782955ee1b690ce6a73ece47dc4409b690" - "de6b7928cbe60c42fc6a5ddf1d729faf1cc3885e", - "096a77b591bba65023ba92f8a51029725b555caf6eff129879d28f6400e760439d6e69ce" - "662f6f1aecf3869f7b6057b530a3c6ff8ed9e86d5944f583ee0b3fbb570", - "0400fdf6aed933dba73913142ef8bdcd4b760db8500831cd11d7707ab852a6372c05d112" - "a1e7fbc7b514c42142c7370d9f4129493cd75cc6f2daf83747078f15229db600ef91dffb" - "3c43080a59534b95ca585ee87f6145f6a0199b2b82c89f456d8bd8e6ac71c78039c08177" - "184484eb2ebd372f189db3a58fab961a75a18afec1ee32764a", - "13aa7b0471317a2a139c2f90df1c40d75e5a8a830fbaf87030fffdb2ef6f2c93d1310c9e" - "d7fe9d7bcd4fe46537ff2495bc9c4f0aaff11461f5e4bebbfbce9a8740a", - "1c7a21800962c91d4651553633b18612d931bb88bff8b743ed595b4e869437e50f8e84fb" - "f334c99061db123a1c40b73b07e203790561a37df65a660355ba2017d78", - "1301e1782559a38f1ca0eebe9bed0f5c7c33103d506a24f8a688f500ee1fe37f97b66853" - "19279e82e6fe43cfd823ccbc123309974cffa76c4f8d41ec02a3cbc45f1"}, - {NID_secp521r1, NID_sha256, - "ba74eed74282811631bd2069e862381e4e2a1e4e9a357b1c159a9ce69786f864b60fe90e" - "eb32d8b72b099986fc594965a33285f7185b415df58fead7b8b50fc60d073680881d7435" - "609ad1d22fd21e789b6730e232b0d2e888889fb82d6ad0337ab909308676164d4f47df44" - "b21190eca8ba0f94995e60ad9bb02938461eee61", - "015152382bfd4f7932a8668026e705e9e73daa8bade21e80ea62cf91bd2448ebc4487b50" - "8ca2bdaaf072e3706ba87252d64761c6885a65dcafa64c5573c224ae9e6", - "04000b8c7c0186a77dc6e9addd2018188a6a40c3e2ba396f30bbd9293dba2841d57d6086" - "6b37f587432719b544d8bf7eb06d90a8c0dc9c93b0c53d53b2f667077228ca01dd2e5c73" - "ab908ae34f701689f1cd3cf5186d3a2bc941e208bf3ef970e5e429ee9b154d73286b2e5d" - "a423e75b7c7b78c7bdf915da92279db43265a0cdefca51f86a", - "0d03506999f5cc9ec3304072984a20a9c64a22ad9b418495ca904f4bbddc96e76d34672c" - "b52763339d3f3bc5b1701c00a675b972797e3a086314da1a8d338436566", - "085406c0ff5ec91f598bb579ad8714ad718c3e133d5dcc2e67c5d2339c146b69919cac07" - "f3bc2bda218f4c7c8be04855e2ca6fff7fbdc4fc0fda87c8c3081cad4f5", - "1b45f2066e583636215ae135afc202b8bf3f301eccff2e1c0198b9aeddf695fa8179488e" - "7b622fc307f601e2f6551815117cc836bb09ef888f8e64a45d9c84ad30c"}, - {NID_secp521r1, NID_sha256, - "dc71f171a28bdc30968c39f08f999b88dc04c550e261ecf1124d67f05edeae7e87fe9b81" - "35a96fe2bc3996a4f47213d9d191184a76bd6310e1ee5cb67ea7fc3ef6f641a0ba165198" - "040fa668192b75a4754fc02c224bd4a74aade5a8c814adf151c2bfeda65165a04ef359e3" - "9847c84e312afb66d4cd1db50d41ef3fe5f31296", - "1750ff0ca0c166560b2034bc5760fe0b3915340bc43216e9de0c1d4a76550e8b2036e8b8" - "74230f8d29354aed43e183610f24fd4abd4b0be2f111dae942bd7a121f7", - "0401b4b8947192a7c0166c0e0b2791e217370836283e805f3ee11cfb78445aba3c5bc39f" - "e594e01916617ad59e7c8e740d8f2d07d88905d3f33bd5e51aafd4943c5dc601175d1172" - "32836c28e717ce2a55e59f4ec550effde30d18e3d99e42c6aa2283c7b3e7f2f6ff1fca60" - "5dde78c3a5bffa689347b4c93f51ba59a1787bb7d5e43861dc", - "023645023d6bdf20652cdce1185c4ef225c66d54f18632d99ccf743bf554d04c214c88ce" - "52a4f71ec75c899ad1b3c07c34112ca20b55c217ff1d72c9528e2774ce8", - "1e933f68ce0f8403cb16822b8e0564b1d39a35f27b53e4ae0bcdff3e051759464afbc349" - "98ba7c8a7ee34ef6c1aaa722cffe48356fd0b738058358d4c768b3186c1", - "0a67368a305508ce6d25d29c84f552a4a513998990fef4936244f891a2909c30d5fdc9e8" - "a267ecbf3c597138f4a08f7e92bee57d5420eadd700fee864bf78b2614b"}, - {NID_secp521r1, NID_sha256, - "b895788d7828aaeace4f6b61a072ffa344d8ea324962ba6dab5efda93f65bf64a0f2ac6d" - "5721d03ee70e2aef21cdba69fd29040199160e3a293b772ffb961ed694a8dc82800dab79" - "367a4809a864e4aff6bc837aaa868e952b771b76591c0bb82249034e3208e593d85973d3" - "fea753a95b16e221b2561644535c0131fe834ae7", - "023048bc16e00e58c4a4c7cc62ee80ea57f745bda35715510ed0fc29f62359ff60b0cf85" - "b673383b87a6e1a792d93ab8549281515850fa24d6a2d93a20a2fff3d6e", - "0400ba3dc98326a15999351a2ec6c59e221d7d9e7ee7152a6f71686c9797f3f330d31501" - "23620d547813ba9d7cc6c6d35cc9a087d07dff780e4821e74ad05f3762efd6018b051af9" - "824b5f614d23ecadd591e38edbfe910ad6cbebc3e8a6bec11ea90691c17deb3bc5f34a4a" - "3acd90b7b10f521f6ee7b3cfbfdc03b72d5a8783a4a77c3e4c", - "06099d2667f06c58798757632d07d8b3efbe9c1323efb0c244be6b12b3b163ba1b7cf524" - "6c98dcc0771665a66696d687af5f28ed664fd87d5093df6427523d4db84", - "10dc80ea853064a2ba5a781f108aca3785c5ec0aa45aa05ba31d4de671170797589e863d" - "54a3a986aadf6f670277f50355713dfb27d4ec7e348f787910b3cd668cd", - "018572bfad4f62e3694d1f2e6ffd432faed2e2b9d7e3611a07138212f1e79e6c394839f7" - "cfae96bc368422630016fb9346681eadc5f9699e7331c3b5fde6d65e4c6"}, - {NID_secp521r1, NID_sha256, - "2c5bd848c476e34b427cfe5676692e588e1957957db7b5704492bd02104a38216535607f" - "5d092dc40020130c04a3aaf0f1c52409834926d69a05d3f3188187a71d402a10ba34eac8" - "629b4c6359b1095f30f710219298bf06b9f19bfc299981d7e251ca232a0a85338a7e0246" - "4731d1b25d4a1f68baf97064516590644820c998", - "02b8b866ce4503bb40ffc2c3c990465c72473f901d6ebe6a119ca49fcec8221b3b4fa7ec" - "4e8e9a10dbd90c739065ad6a3a0dd98d1d6f6dcb0720f25a99357a40938", - "0401b8c7a169d5455f16bfe5df1ba5d6ec9c76e4bad9968d4f5f96be5878a7b6f71d74bf" - "ac0076dd278bc4630629f3294646f17d6b6c712b0087e2c4d576039cfdc8b9018faffd54" - "22dfd1b61432fa77b9a288b2b7d546656c0dcca3032179e6f45ee3cf61d6a447fc51731c" - "b54457343a41569fcf78cef42895f4da5efcb14ea1fc065f8d", - "0ac89e813f94042292aa1e77c73773c85cf881a9343b3f50711f13fa17b50f4e5cb04ac5" - "f6fc3106a6ef4c9732016c4e08e301eefac19199459129a41a7589e0628", - "05bc7a253a028ee8b7253979b8d689d41d8df6fae7736341f22e28b6faf0cbbdebbd2ef4" - "d73e56d2021af2c646dc15539a7c1e1c4dc9c7674808bd7968d8a66f947", - "0fd71575837a43a4cf1c47d0485cfd503c2cf36ebcea0fdef946ad29acb7fb2e7c6daf6b" - "4eb741eb211081aed6207d02569f1518988f275ad94c7fd4735cb18a92e"}, - {NID_secp521r1, NID_sha256, - "65a0b97048067a0c9040acbb5d7f6e2e6ac462e1e0064a8ce5b5bbf8e57059e25a3ef8c8" - "0fc9037ae08f63e63f5bdb9378c322ad9b2daf839fad7a75b1027abb6f70f110247da7e9" - "71c7c52914e5a4f7761854432fa16b2a521e7bcaee2c735a87cad20c535bf6d04a87340c" - "229bf9af8647eedca9e2dc0b5aa90f7fea3cdc0a", - "0a43b32ad7327ec92c0a67279f417c8ada6f40d6282fe79d6dc23b8702147a31162e6462" - "91e8df460d39d7cdbdd7b2e7c6c89509b7ed3071b68d4a518ba48e63662", - "040172fb25a3e22c2a88975d7a814f3e02d5bb74cfb0aaa082c5af580019b429fddd8c7f" - "9e09b6938f62e8c31019b25571aaceef3c0d479079db9a9b533ee8e1670abd00ff551622" - "3b6cc7c711705f15b91db559014e96d3839249c5c849f2aced228a8998177a1e91177abb" - "b24b57a8ea84d944e0c95da860ae0925f1b40c0e1b7c9e0a46", - "0383eda042e06c0297fbd279a2ad40559c5c12ad458f73458eebcc92b308d3c4fcec20a5" - "b59f698e16fa6ea02dba8661b6955f67c052f67b0a56460869f24cfdf7d", - "1b9c35356b9d068f33aa22a61370dae44a6cb030497a34fb52af23c6b684677370268f06" - "bb4433be6795a71de570088aec17ce0c9933d2f76c7edce7f406f62fedd", - "06f07ea453cfa20ad604ba855332f62834657b0b795684d50c1562a675456e37f4dae45f" - "0df47d8e27e47bc9ce9c9cbba1554c5b94b0b17401b73c8d0c0902c6cc4"}, - {NID_secp521r1, NID_sha256, - "d6e366a87808eea5d39fe77cac4b8c754e865a796062e2ec89f72165cd41fe04c4814806" - "8c570e0d29afe9011e7e7a2461f4d9897d8c1fa14b4ff88cab40059d17ab724f4039244e" - "97fcecb07f9ffeec2fb9d6b1896700fe374104a8c44af01a10e93b268d25367bf2bef488" - "b8abcc1ef0e14c3e6e1621b2d58753f21e28b86f", - "03c08fdccb089faee91dac3f56f556654a153cebb32f238488d925afd4c7027707118a37" - "2f2a2db132516e12ec25f1664953f123ac2ac8f12e0dcbbb61ff40fb721", - "040193301fc0791996ca29e2350723bd9aa0991ddbb4a78348ee72bdcd9ed63ce110ba34" - "96f2ce0331b5c00d4d674c1b70114e17ce44a73c3e16bab14ed1ee924202e400aea9b288" - "cfb2933ec0a40efa8e2108774e09b3863b3193d0dac6cc16ccaa5bd5f9ce133aec5cd3b6" - "2cbaeec04703e4b61b19572705db38cfaa1907c3d7c785b0cd", - "0d0e90d5ee7b5036655ad5c8f6a112c4b21c9449ca91c5c78421e364a2160bbac4428303" - "657bc11ea69f59fb0fe85a41b8f155a362343094456fd2a39f2a79e4804", - "1a8c23a2965d365a4c2ffd0802ae8b3a69c6b84a1ba77fd8a5f2f61e8ec3a1dcb336f136" - "e2a997252eaa94caf9b5ad6c9ecff5bf33abf547ca84985bb89908a11d7", - "1cc42a2dd97aa42b9df5ea430e0d4cb13106dd6da6e8c9315c96ed7b052db365bbde6960" - "c9a965954a4398c18ea7db9593bbfc3c3b6b3466ff806fccac3de6424ab"}, - {NID_secp521r1, NID_sha256, - "f99e1d272d0f5fb9c4f986e873d070ec638422bc04b47c715595e2cf1a701cdf88bc6c4b" - "20085b357bad12ccba67cac8a5ca07f31ba432f9154ff1fadefd487a83a9c37e49fb70a2" - "f170e58889cab0552e0a3806ccfa2a60d96e346851d84b7de6d1a4b8cf37567dc161a84f" - "13421e3412457d4bc27f6213453c8519a2d7daa2", - "0969b515f356f8bb605ee131e80e8831e340902f3c6257270f7dedb2ba9d876a2ae55b4a" - "17f5d9acd46c1b26366c7e4e4e90a0ee5cff69ed9b278e5b1156a435f7e", - "0400fc7ae62b05ed6c34077cbcbb869629528a1656e2e6d403884e79a21f5f612e91fc83" - "c3a8ac1478d58852f0e8ba120d5855983afd1a719949afa8a21aec407516c300aa705da6" - "459a90eaa2c057f2e6614fb72fc730d6fdebe70e968c93dbc9858534768ea2666553cd01" - "db132331441823950a17e8d2345a3cab039c22b21bfe7bd3b9", - "19029260f88e19360b70c11107a92f06faa64524cfbd9f70fecf02bd5a94f390582a7f4c" - "92c5313bb91dc881596768d86f75a0d6f452094adbe11d6643d1a0b2135", - "07f2158e9b9fa995199608263969498923cf918fdc736427c72ce27ce4a3540dce2e8e5e" - "63a8fc7ba46f7fa42480efbf79c6ed39521f6e6ec056079e453e80a89d9", - "08e349eed6f1e28b0dbf0a8aeb1d67e59a95b54a699f083db885f50d702f3c6a4069591a" - "faa5b80b3c75efb1674ebd32c7ead0040d115945f9a52ee3a51806cad45"}, - {NID_secp521r1, NID_sha256, - "91f1ca8ce6681f4e1f117b918ae787a888798a9df3afc9d0e922f51cdd6e7f7e55da996f" - "7e3615f1d41e4292479859a44fa18a5a006662610f1aaa2884f843c2e73d441753e0ead5" - "1dffc366250616c706f07128940dd6312ff3eda6f0e2b4e441b3d74c592b97d9cd910f97" - "9d7f39767b379e7f36a7519f2a4a251ef5e8aae1", - "013be0bf0cb060dbba02e90e43c6ba6022f201de35160192d33574a67f3f79df969d3ae8" - "7850071aac346b5f386fc645ed1977bea2e8446e0c5890784e369124418", - "040167d8b8308259c730931db828a5f69697ec0773a79bdedbaaf15114a4937011c5ae36" - "ab0503957373fee6b1c4650f91a3b0c92c2d604a3559dd2e856a9a84f551d9019d2c1346" - "aadaa3090b5981f5353243300a4ff0ab961c4ee530f4133fe85e6aab5bad42e747eee029" - "8c2b8051c8be7049109ad3e1b572dda1cac4a03010f99f206e", - "1a363a344996aac9a3ac040066a65856edfb36f10bb687d4821a2e0299b329c6b60e3547" - "dde03bdbd1afa98b0b75d79cf5aac0ef7a3116266cadf3dfbd46f8a4bfc", - "1ff097485faf32ce9e0c557ee064587c12c4834e7f0988cf181d07ba9ee15ae85a8208b6" - "1850080fc4bbedbd82536181d43973459f0d696ac5e6b8f2330b179d180", - "0306dc3c382af13c99d44db7a84ed813c8719c6ed3bbe751ead0d487b5a4aa018129862b" - "7d282cce0bc2059a56d7722f4b226f9deb85da12d5b40648bf6ec568128"}, - {NID_secp521r1, NID_sha384, - "dbc094402c5b559d53168c6f0c550d827499c6fb2186ae2db15b89b4e6f46220386d6f01" - "bebde91b6ceb3ec7b4696e2cbfd14894dd0b7d656d23396ce920044f9ca514bf115cf98e" - "caa55b950a9e49365c2f3a05be5020e93db92c37437513044973e792af814d0ffad2c8ec" - "c89ae4b35ccb19318f0b988a7d33ec5a4fe85dfe", - "095976d387d814e68aeb09abecdbf4228db7232cd3229569ade537f33e07ed0da0abdee8" - "4ab057c9a00049f45250e2719d1ecaccf91c0e6fcdd4016b75bdd98a950", - "04013b4ab7bc1ddf7fd74ca6f75ac560c94169f435361e74eba1f8e759ac70ab3af138d8" - "807aca3d8e73b5c2eb787f6dcca2718122bd94f08943a686b115d869d3f40600f293c1d6" - "27b44e7954d0546270665888144a94d437679d074787959d0d944d8223b9d4b5d068b4fb" - "bd1176a004b476810475cd2a200b83eccd226d08b444a71e71", - "0a8d90686bd1104627836afe698effe22c51aa3b651737a940f2b0f9cd72c594575e550a" - "db142e467a3f631f4429514df8296d8f5144df86faa9e3a8f13939ad5b3", - "02128f77df66d16a604ffcd1a515e039d49bf6b91a215b814b2a1c88d32039521fbd142f" - "717817b838450229025670d99c1fd5ab18bd965f093cae7accff0675aae", - "008dc65a243700a84619dce14e44ea8557e36631db1a55de15865497dbfd66e76a7471f7" - "8e510c04e613ced332aa563432a1017da8b81c146059ccc7930153103a6"}, - {NID_secp521r1, NID_sha384, - "114187efd1f6d6c46473fed0c1922987c79be2144439c6f61183caf2045bfb419f8cddc8" - "2267d14540624975f27232117729ccfeacccc7ecd5b71473c69d128152931865a60e6a10" - "4b67afe5ed443bdbcdc45372f1a85012bbc4614d4c0c534aacd9ab78664dda9b1f1e2558" - "78e8ac59e23c56a686f567e4b15c66f0e7c0931e", - "04ceb9896da32f2df630580de979515d698fbf1dd96bea889b98fc0efd0751ed35e6bcf7" - "5bc5d99172b0960ffd3d8b683fbffd4174b379fbdecd7b138bb9025574b", - "0400e7a3d30d5bd443549d50e9b297aaa87bc80b5c9e94169602d9d43d6d0c490c0bed8c" - "c2170288b106bdbf4c9f1ce53fd699af0b4c64b494b08520e57dc01ab9a8b001d81056d3" - "7aec8a75d588f6d05977416e6f24ad0117a7f4450036d695612e7bc2771caed80e580314" - "eebc88c8fc51c453f066e752481f212b57165d67f8a44f375a", - "046639c5a3ec15afae5e4a7a418ac760846512d880c359bc2c751b199ce43b10887e861b" - "14127809754dbea47f6cc0140d2817e3f5b9a80ce01abd81f81b748433a", - "0f913de91e19bd8f943d542ae357bacc942a0967abc9be6c06239a379db8cc733fa50013" - "e0b0f088bce9d630262feaa33b30d84f91bcf5ce9976e4e740fcb112f84", - "08a73a5c9c24235e0d9cecaac653f68ce5a6fb186ce67fa058d6ddbbd4d0a8c4d194e571" - "148e8ad6c8882b4e33d2f60fb23dd7d07a1ae60864e8277918f592b3dc6"}, - {NID_secp521r1, NID_sha384, - "6744b69fc2420fe00f2352399bd58719e4ecdd6d602e2c80f194d607e58b27a0854745bf" - "d6d504de2eb30b04cee0f44af710dd77e2f816ac3ac5692fad2d1d417893bb0edba2707a" - "4c146a486f8728ca696d35cc52e9c7187c82d4bdb92eb954794e5ad15133f6bfea1f025d" - "a32ada710a3014cf11095b3ff69a94d087f17753", - "00a8db566bd771a9689ea5188c63d586b9c8b576dbe74c06d618576f61365e90b843d003" - "47fdd084fec4ba229fe671ccdd5d9a3afee821a84af9560cd455ed72e8f", - "04004f5b790cbe2984b71d41af5efed6c6893d15e13f31816d55a9c2926a104eee66f1ad" - "a83115d1388551218773b8b9d1138e3e3f027bb4392c90c14fd232580b4a1100660eb160" - "e9bfc8c5619e70e948e238c6fd37739bc1bb657b8e8436e63628f91992be7e63d9a73596" - "23a1340642777b22026feb51116a6c50c54c3589b9bd39b6cb", - "1e7b5e53571a24bd102dd7ad44a4b8d8a4e60e5957bc3c4e5d3c73109f55233f072e572c" - "7892f425ba5e64d3cb7966096bb34a47e26cd5b3e3b44108b310d9f681b", - "1a88bcd7e2bdff6e497d943dde432fb3f855a7177c466319cb53b701230c299db0302762" - "69685857d1e3f28110e690f2f529c8d18115eb381f313bc891d92ad278e", - "146f1984ea879274dfd5e86ad92e564a4de081523ddbb1c397b8f9595911ef2e6501bc08" - "1584d5340f7aa47e1af036234ac6f27a5ac31f78dd3b0ff1a62693c630d"}, - {NID_secp521r1, NID_sha384, - "16001f4dcf9e76aa134b12b867f252735144e523e40fba9b4811b07448a24ef4ccf3e81f" - "e9d7f8097ae1d216a51b6eefc83880885e5b14a5eeee025c4232319c4b8bce26807d1b38" - "6ad6a964deb3bdca30ee196cfdd717facfad5c77d9b1d05fdd96875e9675e85029ecbf4f" - "94c524624746b7c42870c14a9a1454acf3354474", - "1a300b8bf028449344d0e736145d9dd7c4075a783cb749e1ec7988d60440a07021a25a3d" - "e74ea5e3d7bd4ab774d8ad6163adae31877ef0b2bd50e26e9e4be8a7b66", - "04005055b9ad726ba8a48219b0ecbfffb89f8428de895b231f676705b7de9f2022d9ff4e" - "0114ebb52dea342f9bf76b2fb060c020e29d92074ebb1fbfe5290a58c8bc1000415af7f2" - "0a6e945315adbf757316bb486c80780a0a3a15b4b9609f126d7341053a2b726ab63cb46f" - "eee527b0bf532b32b477e5671aea23d9b3c3e604b9029954b5", - "05a2e92717bb4dab3ee76724d4d9c2d58a32b873e491e36127985f0c9960c610962ca1c4" - "510dba75c98d83beebdc58b1d8678e054640951d11db1bd2d8a4ab8476b", - "104a78ce94f878822daaf00ee527fbdbf6cceb3cbb23a2caa485e4109466de8910252f92" - "379ab292cac8d1eda164f880c0067696e733fc8588a27703a3e1f5b8f1f", - "1ffe23e8ab5a31668a81161a234ea14879771fe9866f8872eb6edb672e0fe91d2bb75c97" - "67a2dfbac7c15c802211236b22ea41ecd055a0b8b311ffc4255f86d5c67"}, - {NID_secp521r1, NID_sha384, - "a9824a7b810aa16690083a00d422842971baf400c3563baa789c5653fc13416111c0236c" - "67c68e95a13cec0df50324dcc9ae780ce4232607cb57dd9b2c61b382f0fa51fd4e283e2c" - "55ffe272597651659fbd88cd03bfa9652cd54b01a7034c83a602709879e1325c77969beb" - "fd93932ce09a23eae607374602201614ff84b141", - "06a253acd79912a74270fc0703ed6507ab20a970f2bc2277f782062092cf0e60ae1ca1bb" - "44dec003169bc25ef6e7123dd04692f77b181a6d7e692e66b09d35a540c", - "0401f15c6b1df156fdd8381cd7446e039435e445f8f36f0247475058da0e371bf72753f6" - "e39f98066bc79370b038c39687ba18e16cb118fe6538b7568c5403c251f6b7012d2b4f46" - "b854eeae75f1c63f55b76bf0c604d47f870c28a50ecdeb52bba1dd9a0ff12e680804ff86" - "4111207652da7dd10b49edf66bb86be00bc06672de91982457", - "165faf3727e42fd61345cfa7b93e55fb4bf583b24bdc14ce635b6c99dbd788012f14da9a" - "210b677c44acdd851e672f1a48188d6b8946c0efeebfe8a597ba0090a2c", - "1ad9463d2759abd568626548578deefdcd8b2d050ce6d9c7ed05feca20167484b86e89bd" - "cc936fd647e0f8aedd7b6add2b8cf13ff6ff013c2b5540c6c56fda97a0c", - "1645a7d0e11015256cfb034adca198695eea6aedd44d9fbf496850ccfed950f43fffd8db" - "f41e113f2d3837d8a5dd62b2ed580112ff05800b1f73196e5576810e15b"}, - {NID_secp521r1, NID_sha384, - "90d8bbf714fd2120d2144022bf29520842d9fbd2dc8bb734b3e892ba0285c6a342d6e1e3" - "7cc11a62083566e45b039cc65506d20a7d8b51d763d25f0d9eaf3d38601af612c5798a8a" - "2c712d968592b6ed689b88bbab95259ad34da26af9dda80f2f8a02960370bdb7e7595c0a" - "4fffb465d7ad0c4665b5ec0e7d50c6a8238c7f53", - "0d5a5d3ddfd2170f9d2653b91967efc8a5157f8720d740dd974e272aab000cc1a4e6c630" - "348754ab923cafb5056fc584b3706628051c557fce67744ee58ba7a56d0", - "040128a4da5fc995678e457ceb3929adee93c280f851abe900fa21f4f809dafad4e33b38" - "1e0cd49ce8dd50e2e281cea162bfd60a1d6a1c0ee2228e6a011e171b559ab8006eb0917c" - "d72256992c49ea527f6bb0315f13d8047794a0f1da1e93737703b1c2a74a00441ef3b47b" - "6a2ff789c49ae32d91cabe7b29247aeec44f6c40a76597a2ca", - "03269983a5c2bcc98e9476f5abf82424566b1f08b17204d29e310ece88f99eb677a537f8" - "6fe2529e409cfef2c12929644100099e0de2f27c0f0ac11105a4dca935b", - "1a5257ae1e8187ba954f535b86ff9b8d6a181a3b95c250d090cb4e9c3bfbd03aa64696a7" - "6c569728ef67780d6338d70ce46da40b87a3e49bfe154b93930890dfa93", - "05b6ccdfd5c63c7db76d3a0478064a2a376e0e050cb093be795a72a549247c2e4adba918" - "3145c63d46479dbbdcf09986a6f64c09c7e16abc4853f6376c9558b014a"}, - {NID_secp521r1, NID_sha384, - "09952b1e09995e95bf0022e911c6ab1a463b0a1fdd0eec69117b34af1103c720b5760021" - "7de7cd178fef92de5391e550af72a8dcf7badf25b06dd039417f9a7d0f5be88fcd4e9655" - "931d5b605452a667c9d1bae91d3476e7d51cff4108f116a49966fb3a7cff8df1c09734ce" - "5620faf2dccb3dc5d94e7e9ac812da31f6d07a38", - "1bcedf920fa148361671b43c64e3186e1937eb1bd4b28cbd84c421472394552889bc0550" - "9aa732ef69d732b21b750523fdfd811f36467690fe94e01e64c9d5cbbe9", - "0400d33c151d202a5d4d831348e940b027ee32e4b0b9b48d823a05c67ff3bdaee0189fc6" - "680565f352c062e99968afc643208b4f9c7af185b861658a88c4ad0fcc8ba200e4441ddb" - "546468ad8ffa6074f137edfbb81e82e0e7d8f05c4c54598aa996a9cde54cb371f642bfdd" - "4ae7eca5b769696030027129a4183da93567ad142a2dff5183", - "046e619b83aac868b26d0b3cbfab55e630e0b55c461985b5d00f94ff3a5ce90ff412cebf" - "46bbd84550d2031d573ca27d924624428360708c8d8491c29eb01d30f2e", - "08427c0f0ac0263472cd423c0fb554bf3c851b9c775c566ab0f6878717bd57665830767b" - "05b7789c5c0b078195bd943dc737325552d32877ecb04a7c41bd07cd80c", - "10bb6652d6a624c40a7dd06828f15774130d02369ceb1a7d03b553e16e17b7fa5b5401f1" - "5885d5e4fc2e55c0c7a1b97871ab02f76386b93a16aa6e7eb65debac6dd"}, - {NID_secp521r1, NID_sha384, - "0bb0f80cff309c65ff7729c59c517d50fc0ed5be405ef70cb910c3f62c328c90853d4473" - "530b654dda6156e149bc2222a8a7f9be665240e2fbe9d03f78a2356af0bacd1edb84c480" - "1adc8293a8a0bd6123d1cf6ba216aca807a7eb4dca76b493eb6e3dbb69d36f0f00f85622" - "2f24d9b93ec34c3b261be2fca0451c00571928e5", - "03789e04b3a2a0254ade3380172c150d2fad033885e02ea8bea5b92db3f4adbab190ae42" - "3080a1154dfedec694c25eab46ce638be3db4e4cba67bc39f62d6e7db2d", - "0401dbc2cf19627bdccf02432b1761f296275230c150cdde823ce3141ec315d7d05e16b2" - "c29e2a67491078d5316883e933d85b4b10d4f64c477d3c4e0442dc928983a2007562e720" - "807dd118d3d8b265b3abc61a71fce43e3dce0e7b5ae18b7a4cb01ecc00d39c1f22e150a9" - "a8728997e502144f5b3f6fa9b4cb8a4136212b082ca394e3f6", - "0fbccd8d7804bdd1d1d721b5ec74d4ba37603bc306f9fce2ec241853d8e07334e6b4b12c" - "4ecca0c54bd71193dd7146507933a20737c5f3e15085830fab9b30ca57b", - "181915a3998d8fa214f9715f4ca928d09c36de168dc15c6970a8a062b5cea2dc969b2437" - "ca17b684f78a1fd583aad8e6c762c8f4ab0c91b86a497145e3ca440d307", - "15a6c18c5c77f5470b27d061eafdc26b78561941a3b2ab0f5c81d40899fc053c3d9ed12d" - "7d61e298abbae470009c7b2157731c58d7b16a66fa5abaf5e8a1b8ed394"}, - {NID_secp521r1, NID_sha384, - "7efacf213382ce30804e78b7256854d759147dba9729c51b2759465715bf2c421034c23d" - "c651c13d6cce95f71fe6a84dfbee5768163ac5789ac0474c5ddf4115684683c5f7c204b3" - "3b8bcc0c03ac58f66cef2f53b721fe2fac91ad841126101a88f512a7c2ded38549d9f050" - "d4b7961dda48a1489f026c5d111701762418cfe3", - "124700aa9186353e298edefc57bec0c7d0201cca10c1d80dd408d5d71040592b0ac59fac" - "dadfa8712445f5977ef8d4854022720c3f02d60e0732dbb2f171fcf1490", - "0400c80fc4cecae5d53348524ddba6a160b735c75b22fdb39af17e2a613d09246e3bb0fd" - "3f2978577f6db5d2118e05c7898024808f8eb8e021d7969cdcf7fc981200bb01a880c939" - "43fd446d4b3923b574d2221c1bb7b645fb5534dda60e827b497666ff586b77921f7e7f60" - "5147947194cffd2fef0678880b89cc0bc7fb74fa96d4b112d7", - "01a05238d595ded5c61d3bf6fde257dbf13095af8a5cb3a2e579e8e4c550fe31d12b71cc" - "2dbcb295e6c4fd0fb8c22d1b741c097cc59d826ced1a8771f09983143c4", - "132762bc81e9922a8d642e3a9d0218affa21fa2331cfcb9e452545c5981c64a8f7e4cc8e" - "68056023b2aa78bead59061d19c7f646c931163a91e544b106b3be8de9e", - "0c3a1b0b000c3169984132add51d611e2cb7069a262a6983d2ae72b459c36e6469509bdb" - "0f473600b8686700b08910779dee9ba83f82e755d4a4ef5f124eb09397f"}, - {NID_secp521r1, NID_sha384, - "28edff8b9d85f5f58499cc11f492abdfab25e8945975bbaeee910afa2b8fc1295ec61406" - "309ce4e09f4ab4f462959fc2a2786802466eb26d3b01be6919893ae75d0fdc2dc8a82e66" - "2550f9fce9627dd364188aaba5c6faa1b2d8a2235adfa5ad0dc140f88a2b2f103f5690e8" - "77d07fe8fd30d02d2b2729bd3d8eb5b23a21f54c", - "1f532d01af885cb4ad5c329ca5d421c5c021883bd5404c798d617679bb8b094cbb7e15c8" - "32fb436325c5302313ce5e496f9513455e7021ffad75777a19b226acfa1", - "0400c0bd76b0027b85bdd879052220da1494d503f6a4bb972105a48ae98e7dda8c2d9fd9" - "336f5646385b961ef68e8464e3a95b00f96614b1a408ceaa2c87b077b6a8fb017eb7eb5c" - "78db7819af92e8537d110d9f05a5e24f954f4dde21c224d4040f059ec99e051702f39041" - "3d2708d18f84d82998c61847475250fb844b20082cbe651a6b", - "14e66853e0f7cd3300ebcae06048532e19cbb95bee140edc1c867ce7310637651445b6df" - "eb1d99d2e32f2ffb787ebe3fe35032277f185d3dad84f95806924550abe", - "0c5b3a57161098e2e8e16e0a5ae8ecf4a14df14927eea18ed4925d11dc429dda14515932" - "3ba970174b194b9b4608a8fa2373b7a825c5e8bd80574e49698285c2c82", - "1a0c038a51796158b42eb5b0dac37aff9ab93b903a47e06ebbdd15946e4bcc9a3b3875b1" - "8cf6294c33fc6c3693cef04ed1a43d08951e664c760e2cf3fb4e47490d2"}, - {NID_secp521r1, NID_sha384, - "bae2a8897c742fd99fbf813351cd009d3f2e18d825ca22e115276484bce8f82f8c7c0c21" - "dd2af208404d8ef45bb5a6c41693912b630897d5246801bf0775aa9bbac8be98cb861d17" - "2c3563dc59e78a58ed13c66dea496471b3ad0eeae8995293e4ab97373edc1837ffc95ff1" - "cc0c1e90e64ea8680b2ca5f1e09bf86b99b343b6", - "11abf508bca68a85a54bc0659e77efad3c86112c9db04db2883e76144aa446918bb4bb07" - "84b0b6a0e9aa47399fe3de5aaecfd8894a0d130bb0c366c40d9d5050745", - "04005c0ea363a3a12633ea39d564587ebdd3a22a175ef32b9ebfc7311304b19cb3a62b5a" - "dc36f6afb6a6f7fabbf810ee89fdb72854fefd613e7798e9b9ff5938ea54c600bd06a85e" - "47b885c08124b55a3fcc07ca61647cda6efbfdbd21b24d1ea7a4c7300d46cd798e76063a" - "a979adef6f0698b15e5b7ae8a2ab39ab4f50b2d20614db6317", - "19cadb8c7eb10565aa4567e0709873918720f0e4b42b4817afb0b0547c70cd1100229dea" - "e97a276b9c98ea58b01d4839fee86336d749d123b03e8b1a31166acc110", - "0667448a8bbef1c810d40646977dc22f3dfb52a4d80928ded5e976e199cbed02fbd5a085" - "46756ece14548d721a6eb380d0e1a71ad0660dbcac6163c776eedd3e249", - "0ae7f0a238daaddb7fb4a1707fe5132daf653f8e19f732347134c96f1dd798f867c479a4" - "a4609a568a15b61afed70790adbde13ac5f68c468d0230852c1a2c22581"}, - {NID_secp521r1, NID_sha384, - "d57a26a9593e72bfc87322524639bcaae5f2252d18b99cdaa03b14445b0b8a4dd53928f6" - "6a2e4f202fb25b19cad0eb2f1bfda2ab9b0eb668cdcd0fe72f5d9ef2e45e0218590f7ab9" - "d2c9342202610c698bc786cce108a7d4a6730a13e9ea1b470e781f1237d3f84f44abde80" - "8516975546bd89075ef9a9732bfd7ee33b6f4399", - "18dbf520d58177e4b7a0627674d220137983f486dd2fd3639f19751804e80df0655db6af" - "d829cdf75238de525e1a7a9f048049b593dd64b4b96cc013f970c05ea1f", - "04018b872690c37995be324ddb5c2bd5462841bb062f8e63da248a853de79c3d6bb9a2eb" - "1e6933afda0998ca43491cc807b08ace2d5336a43d0ab50563a2d3d98755f00002ff3122" - "1aa32aa6546f35e8fe5b9361f938362a5e89e77ae130ba8bce3729e912dfac35a2fd21ef" - "e84b45b8be2a340850e4b574e1885b35c2afbe196b57c6cf4c", - "098faeb73054639cb2e4442cd68e7b3a13f4b3f397a7b26f303afa40789f8ddd3d918f1c" - "e4f0be53c8cb69c380744e2297d7fc01e2b3daef4ce64dd3a2644234753", - "09c0e7649f814f70a8416cb78bc4601472a363fe97f5c587305778169677860dd97f87b5" - "ab07c3a953bc4615fc34634509d6a25621bdded33ed42446d059509c190", - "120b90e1cfb8a1b5e530df7b17d1128bc051ca4f1a65dd9c9d9d3c59d2f00c7c1e994c52" - "b8671d40294b4d574d2c04475d5bebeacd3a0d3870a54dc7a4805614f40"}, - {NID_secp521r1, NID_sha384, - "8fdcf5084b12cfc043dd3416b46274e021bbed95d341d3c500c102a5609d3a34de29f8fa" - "9f0adb611a1f47a97ad981f8129d718fc0d6c709eab1a3490db8d550f34eb905b9e00663" - "543afc5bc155e368e0bc919a8b8c9fa42093603537a5614927efa6be819ed42ececbf1a8" - "0a61e6e0a7f9b5bc43b9238e62d5df0571fea152", - "002764f5696aa813cd55d30948585f86288ae05aeb264ca157cd09e1d09a10515a849b07" - "91b755ccc656a34707be9e52f5762d290a7d2bcd6de52c600ff862eaf4e", - "040127279c88719dc614db387f102e55104ea1c704ac7f57f3bca936f728439b76556730" - "dd7cde2ac1ad0a4c2c2f036ab6f00cf34cb87ea36113571f300713044106d20134a0786c" - "31f5f2291b83c50fb579ae4c620b95e5a8bdc0c7e1ee6b996c89d764f1b20403e7faa203" - "f397425ada297045dd8ba0e4b155d4900da249e934faab7991", - "08bffb0778cbb06466cecc114b9e89ca243a2b2b5e2597db920bc73a8bbcbe3f57144ad3" - "3409ef7faaab430e13f4c42d304d11347360c84972ca20b1539cce3a288", - "1f8f504e64a502e51e7c129517931c3b71f0d8a63b19cfe01ff7c951c6525249608b3ef5" - "d00061d77eb6b3d69581adeaa3732c773bbb9b919c3e7c71fdc09f44d06", - "058044fc64b340604ffd02a5b2918d76fd6fb59ea895feab7aa218e6f1e8c8f226eb9ee3" - "45ef8140183a69272582005077b008006aab11597e808d7ff1e8382c924"}, - {NID_secp521r1, NID_sha384, - "00669f433934992257bed55861df679804107d7fa491672574a7624949c60049b0533383" - "c88d6896c8de860704c3e6a6aefce83efa57c4d57e9ab253da5d15e1f53ab6dce218b592" - "772ab0bc01fee8e63368e85c0639301456fe2d44cd5396a7f2b22761cd03b80eba7883ee" - "de8249a2f5db2183bf00550c5c002f45a5e4fb31", - "1b0c9acd3eeb618b4b0de4db402206f0f29adc69d7ad324b6db6601b351f723ac8fe949e" - "eacd34228649bf0126276e5aceb0137d00c30dd858aef2d6b6449de2e89", - "0401811c8884486aaa083ddee1c51cb6e861cb830bd5eaa929f72efadbbd1286566ae7e7" - "ba7fde7e02529900d35ee64591652d28798bfc1bed0d192602a9cf5a7d22e3006d7fc9dd" - "494816cfd29613d4689af67f7d0a2e6fbad5d4d6e0130189172a1ab601c5ca71deaa8bfc" - "b5a190d49da191672ff6fc048e146cb902acec5eae6d87e60a", - "1fdc4f108070af3c66c9ba7b6c1f2603a19ceb4760399df81228cfc7eafde1082b5a0716" - "a3ff82fbe84726f14dd0db3376ca184a78c3c60679bab6cd45f77f9b9ce", - "1ec310339ff056faeb341c4499c43782078b04be1725ae9a6cdcb6011c46d1a4eb3d75c3" - "58225e4ec142fd1cd344186f5eb597f7ba559ddfa954824365d5b6edaec", - "005b679a33fdb7e04834f071cd0ac514c04add9f2614ab9bbd9b407b1420fed3f3e02a10" - "8e7e279899e43dcf64ae4083c289a87cd7d2103bdc036a95d36800ac7c6"}, - {NID_secp521r1, NID_sha384, - "4be81dcfab39a64d6f00c0d7fff94dabdf3473dc49f0e12900df328d6584b854fbaebaf3" - "194c433e9e21743342e2dd056b445c8aa7d30a38504b366a8fa889dc8ecec35b31300707" - "87e7bf0f22fab5bea54a07d3a75368605397ba74dbf2923ef20c37a0d9c64caebcc93157" - "456b57b98d4becb13fecb7cc7f3740a6057af287", - "181e1037bbec7ca2f271343e5f6e9125162c8a8a46ae8baa7ca7296602ae9d56c994b3b9" - "4d359f2b3b3a01deb7a123f07d9e0c2e729d37cc5abdec0f5281931308a", - "0400cfa5a8a3f15eb8c419095673f1d0bd63b396ff9813c18dfe5aa31f40b50b82481f9e" - "d2edd47ae5ea6a48ea01f7e0ad0000edf7b66f8909ee94f141d5a07efe315c018af728f7" - "318b96d57f19c1104415c8d5989565465e429bc30cf65ced12a1c5856ac86fca02388bc1" - "51cf89959a4f048597a9e728f3034aa39259b59870946187bf", - "09078beaba465ba7a8b3624e644ac1e97c654533a58ac755e90bd606e2214f11a48cb51f" - "9007865a0f569d967ea0370801421846a89f3d09eb0a481289270919f14", - "19cf91a38cc20b9269e7467857b1fc7eabb8cea915a3135f727d471e5bfcfb66d321fabe" - "283a2cf38d4c5a6ecb6e8cbee1030474373bb87fcdfcc95cf857a8d25d0", - "1cf9acd9449c57589c950f287842f9e2487c5610955b2b5035f6aacfd2402f511998a1a9" - "42b39c307fc2bcab2c8d0dae94b5547ddccfb1012ca985b3edf42bbba8b"}, - {NID_secp521r1, NID_sha512, - "9ecd500c60e701404922e58ab20cc002651fdee7cbc9336adda33e4c1088fab1964ecb79" - "04dc6856865d6c8e15041ccf2d5ac302e99d346ff2f686531d25521678d4fd3f76bbf2c8" - "93d246cb4d7693792fe18172108146853103a51f824acc621cb7311d2463c3361ea70725" - "4f2b052bc22cb8012873dcbb95bf1a5cc53ab89f", - "0f749d32704bc533ca82cef0acf103d8f4fba67f08d2678e515ed7db886267ffaf02fab0" - "080dca2359b72f574ccc29a0f218c8655c0cccf9fee6c5e567aa14cb926", - "040061387fd6b95914e885f912edfbb5fb274655027f216c4091ca83e19336740fd81aed" - "fe047f51b42bdf68161121013e0d55b117a14e4303f926c8debb77a7fdaad100e7d0c75c" - "38626e895ca21526b9f9fdf84dcecb93f2b233390550d2b1463b7ee3f58df7346435ff04" - "34199583c97c665a97f12f706f2357da4b40288def888e59e6", - "03af5ab6caa29a6de86a5bab9aa83c3b16a17ffcd52b5c60c769be3053cdddeac60812d1" - "2fecf46cfe1f3db9ac9dcf881fcec3f0aa733d4ecbb83c7593e864c6df1", - "04de826ea704ad10bc0f7538af8a3843f284f55c8b946af9235af5af74f2b76e099e4bc7" - "2fd79d28a380f8d4b4c919ac290d248c37983ba05aea42e2dd79fdd33e8", - "087488c859a96fea266ea13bf6d114c429b163be97a57559086edb64aed4a18594b46fb9" - "efc7fd25d8b2de8f09ca0587f54bd287299f47b2ff124aac566e8ee3b43"}, - {NID_secp521r1, NID_sha512, - "b3c63e5f5a21c4bfe3dbc644354d9a949186d6a9e1dd873828782aa6a0f1df2f64114a43" - "0b1c13fe8a2e09099e1ed05ef70de698161039ded73bcb50b312673bb073f8a792ac140a" - "78a8b7f3586dffb1fc8be4f54516d57418ccc9945025ce3acf1eb84f69ceee5e9bd10c18" - "c251dbc481562cd3aae54b54ab618cb1eeda33cf", - "1a4d2623a7d59c55f408331ba8d1523b94d6bf8ac83375ceb57a2b395a5bcf977cfc1623" - "4d4a97d6f6ee25a99aa5bff15ff535891bcb7ae849a583e01ac49e0e9b6", - "04004d5c8afee038984d2ea96681ec0dccb6b52dfa4ee2e2a77a23c8cf43ef19905a34d6" - "f5d8c5cf0981ed804d89d175b17d1a63522ceb1e785c0f5a1d2f3d15e513520014368b8e" - "746807b2b68f3615cd78d761a464ddd7918fc8df51d225962fdf1e3dc243e265100ff0ec" - "133359e332e44dd49afd8e5f38fe86133573432d33c02fa0a3", - "0bc2c0f37155859303de6fa539a39714e195c37c6ea826e224c8218584ae09cd0d1cc14d" - "94d93f2d83c96e4ef68517fdb3f383da5404e5a426bfc5d424e253c181b", - "1a3c4a6386c4fb614fba2cb9e74201e1aaa0001aa931a2a939c92e04b8344535a20f53c6" - "e3c69c75c2e5d2fe3549ed27e6713cb0f4a9a94f6189eb33bff7d453fce", - "16a997f81aa0bea2e1469c8c1dab7df02a8b2086ba482c43af04f2174831f2b176165879" - "5adfbdd44190a9b06fe10e578987369f3a2eced147cff89d8c2818f7471"}, - {NID_secp521r1, NID_sha512, - "6e0f96d56505ffd2d005d5677dbf926345f0ff0a5da456bbcbcfdc2d33c8d878b0bc8511" - "401c73168d161c23a88b04d7a9629a7a6fbcff241071b0d212248fcc2c94fa5c086909ad" - "b8f4b9772b4293b4acf5215ea2fc72f8cec57b5a13792d7859b6d40348fc3ba3f5e7062a" - "19075a9edb713ddcd391aefc90f46bbd81e2557b", - "14787f95fb1057a2f3867b8407e54abb91740c097dac5024be92d5d65666bb16e4879f3d" - "3904d6eab269cf5e7b632ab3c5f342108d1d4230c30165fba3a1bf1c66f", - "0400c2d540a7557f4530de35bbd94da8a6defbff783f54a65292f8f76341c996cea38795" - "805a1b97174a9147a8644282e0d7040a6f83423ef2a0453248156393a1782e0119f746c5" - "df8cec24e4849ac1870d0d8594c799d2ceb6c3bdf891dfbd2242e7ea24d6aec316621473" - "4acc4cbf4da8f71e2429c5c187b2b3a048527c861f58a9b97f", - "186cd803e6e0c9925022e41cb68671adba3ead5548c2b1cd09348ab19612b7af3820fd14" - "da5fe1d7b550ed1a3c8d2f30592cd7745a3c09ee7b5dcfa9ed31bdd0f1f", - "10ed3ab6d07a15dc3376494501c27ce5f78c8a2b30cc809d3f9c3bf1aef437e590ef66ab" - "ae4e49065ead1af5f752ec145acfa98329f17bca9991a199579c41f9229", - "08c3457fe1f93d635bb52df9218bf3b49a7a345b8a8a988ac0a254340546752cddf02e6c" - "e47eee58ea398fdc9130e55a4c09f5ae548c715f5bcd539f07a34034d78"}, - {NID_secp521r1, NID_sha512, - "3f12ab17af3c3680aad22196337cedb0a9dba22387a7c555b46e84176a6f841800455238" - "6ada4deec59fdabb0d25e1c6668a96f100b352f8dabd24b2262bd2a3d0f825602d54150b" - "dc4bcbd5b8e0ca52bc8d2c70ff2af9b03e20730d6bd9ec1d091a3e5c877259bcff4fd2c1" - "7a12bfc4b08117ec39fe4762be128d0883a37e9d", - "15807c101099c8d1d3f24b212af2c0ce525432d7779262eed0709275de9a1d8a8eeeadf2" - "f909cf08b4720815bc1205a23ad1f825618cb78bde747acad8049ca9742", - "040160d7ea2e128ab3fabd1a3ad5455cb45e2f977c2354a1345d4ae0c7ce4e492fb9ff95" - "8eddc2aa61735e5c1971fa6c99beda0f424a20c3ce969380aaa52ef5f5daa8014e4c83f9" - "0d196945fb4fe1e41913488aa53e24c1d2142d35a1eed69fed784c0ef44d71bc21afe0a0" - "065b3b87069217a5abab4355cf8f4ceae5657cd4b9c8008f1f", - "096731f8c52e72ffcc095dd2ee4eec3da13c628f570dba169b4a7460ab471149abdede0b" - "63e4f96faf57eab809c7d2f203fd5ab406c7bd79869b7fae9c62f97c794", - "1e2bf98d1186d7bd3509f517c220de51c9200981e9b344b9fb0d36f34d969026c80311e7" - "e73bb13789a99e0d59e82ebe0e9595d9747204c5f5550c30d934aa30c05", - "12fed45cc874dc3ed3a11dd70f7d5c61451fbea497dd63e226e10364e0718d3722c27c7b" - "4e5027051d54b8f2a57fc58bc070a55b1a5877b0f388d768837ef2e9cec"}, - {NID_secp521r1, NID_sha512, - "a1eed24b3b7c33296c2491d6ee092ec6124f85cf566bb5bc35bffb5c734e34547242e575" - "93e962fb76aee9e800eed2d702cc301499060b76406b347f3d1c86456978950737703c81" - "59001e6778f69c734a56e5ce5938bd0e0de0877d55adeee48b0d8dfa4ac65fd2d3ce3e12" - "878bac5c7014f9284d161b2a3e7d5c88569a45f6", - "18692def0b516edcdd362f42669999cf27a65482f9358fcab312c6869e22ac469b82ca90" - "36fe123935b8b9ed064acb347227a6e377fb156ec833dab9f170c2ac697", - "0401ceee0be3293d8c0fc3e38a78df55e85e6b4bbce0b9995251f0ac55234140f82ae0a4" - "34b2bb41dc0aa5ecf950d4628f82c7f4f67651b804d55d844a02c1da6606f701f775eb6b" - "3c5e43fc754052d1f7fc5b99137afc15d231a0199a702fc065c917e628a54e038cbfebe0" - "5c90988b65183b368a2061e5b5c1b025bbf2b748fae00ba297", - "161cf5d37953e09e12dc0091dc35d5fb3754c5c874e474d2b4a4f1a90b870dff6d99fb15" - "6498516e25b9a6a0763170702bb8507fdba4a6131c7258f6ffc3add81fd", - "14dfa43046302b81fd9a34a454dea25ccb594ace8df4f9d98556ca5076bcd44b2a9775df" - "aca50282b2c8988868e5a31d9eb08e794016996942088d43ad3379eb9a1", - "120be63bd97691f6258b5e78817f2dd6bf5a7bf79d01b8b1c3382860c4b00f89894c72f9" - "3a69f3119cb74c90b03e9ede27bd298b357b9616a7282d176f3899aaa24"}, - {NID_secp521r1, NID_sha512, - "9aace26837695e6596007a54e4bccdd5ffb16dc6844140e2eeeb584b15acb2bbffd203c7" - "4440b6ee8db676fd200b4186a8c3e957c19e74d4d865ada83f80655323dfa3570907ed3c" - "e853b6e8cc375ed2d758a2f5ad265dd3b47650517a49b3d02df9e0c60c21576378c2b3a0" - "8481eec129b2a75608e13e6420127a3a63c8a3f1", - "0a63f9cdefbccdd0d5c9630b309027fa139c31e39ca26686d76c22d4093a2a5e5ec4e230" - "8ce43eb8e563187b5bd811cc6b626eace4063047ac0420c3fdcff5bdc04", - "04014cab9759d4487987b8a00afd16d7199585b730fb0bfe63796272dde9135e7cb9e27c" - "ec51207c876d9214214b8c76f82e7363f5086902a577e1c50b4fbf35ce996601a83f0caa" - "01ca2166e1206292342f47f358009e8b891d3cb817aec290e0cf2f47e7fc637e39dca039" - "49391839684f76b94d34e5abc7bb750cb44486cce525eb0093", - "01e51fd877dbbcd2ab138fd215d508879298d10c7fcbdcc918802407088eb6ca0f18976a" - "13f2c0a57867b0298512fc85515b209c4435e9ef30ab01ba649838bc7a0", - "11a1323f6132d85482d9b0f73be838d8f9e78647934f2570fededca7c234cc46aa1b97da" - "5ac1b27b714f7a171dc4209cbb0d90e4f793c4c192dc039c31310d6d99b", - "0386a5a0fc55d36ca7231a9537fee6b9e51c2255363d9c9e7cb7185669b302660e23133e" - "b21eb56d305d36e69a79f5b6fa25b46ec61b7f699e1e9e927fb0bceca06"}, - {NID_secp521r1, NID_sha512, - "ac2175940545d4fbab6e2e651c6830aba562e0c11c919e797c43eff9f187a68a9e5a128e" - "3e2a330b955a3f4577d3f826529ad1b03d7b60f7ad678f005053b41dc0f8d267f3685c6a" - "be1a0e9a733c44b2f3ca48b90806f935141c842e3a6c06a58f5343d75e3585971a734f4a" - "e1074ce5b54f74bd9342f4bbca738d260393f43e", - "024f7d67dfc0d43a26cc7c19cb511d30a097a1e27e5efe29e9e76e43849af170fd9ad57d" - "5b22b1c8840b59ebf562371871e12d2c1baefc1abaedc872ed5d2666ad6", - "04009da1536154b46e3169265ccba2b4da9b4b06a7462a067c6909f6c0dd8e19a7bc2ac1" - "a47763ec4be06c1bec57d28c55ee936cb19588cc1398fe4ea3bd07e6676b7f014150cdf2" - "5da0925926422e1fd4dcfcffb05bdf8682c54d67a9bd438d21de5af43a15d979b320a847" - "683b6d12ac1383a7183095e9da491c3b4a7c28874625e70f87", - "1c1308f31716d85294b3b5f1dc87d616093b7654907f55289499b419f38ceeb906d2c9fe" - "4cc3d80c5a38c53f9739311b0b198111fede72ebde3b0d2bc4c2ef090d2", - "00dbf787ce07c453c6c6a67b0bf6850c8d6ca693a3e9818d7453487844c9048a7a2e48ff" - "982b64eb9712461b26b5127c4dc57f9a6ad1e15d8cd56d4fd6da7186429", - "0c6f1c7774caf198fc189beb7e21ca92ceccc3f9875f0e2d07dc1d15bcc8f210b6dd376b" - "f65bb6a454bf563d7f563c1041d62d6078828a57538b25ba54723170665"}, - {NID_secp521r1, NID_sha512, - "6266f09710e2434cb3da3b15396556765db2ddcd221dce257eab7399c7c4901359251129" - "32716af1434053b8b9fe340563e57a0b9776f9ac92cbb5fba18b05c0a2fafbed7240b3f9" - "3cd1780c980ff5fe92610e36c0177cabe82367c84cee9020cf26c1d74ae3eb9b9b512cb8" - "b3cb3d81b17cf20dc76591b2b394ef1c62ac12ee", - "0349471460c205d836aa37dcd6c7322809e4e8ef81501e5da87284b267d843897746b330" - "16f50a7b702964910361ed51d0afd9d8559a47f0b7c25b2bc952ce8ed9e", - "04000bbd4e8a016b0c254e754f68f0f4ed081320d529ecdc7899cfb5a67dd04bc85b3aa6" - "891a3ed2c9861ae76c3847d81780c23ad84153ea2042d7fd5d517a26ff3ce400645953af" - "c3c1b3b74fdf503e7d3f982d7ee17611d60f8eb42a4bddbec2b67db1f09b54440c30b44e" - "8071d404658285cb571462001218fc8c5e5b98b9fae28272e6", - "00eb2bd8bb56b9d2e97c51247baf734cc655c39e0bfda35375f0ac2fe82fad699bf19895" - "77e24afb33c3868f91111e24fefe7dec802f3323ac013bec6c048fe5568", - "14bf63bdbc014aa352544bd1e83ede484807ed760619fa6bc38c4f8640840195e1f2f149" - "b29903ca4b6934404fb1f7de5e39b1ea04dba42819c75dbef6a93ebe269", - "05d1bcf2295240ce4415042306abd494b4bda7cf36f2ee2931518d2454faa01c606be120" - "b057062f2f3a174cb09c14f57ab6ef41cb3802140da22074d0e46f908d4"}, - {NID_secp521r1, NID_sha512, - "3de9e617a6868dca1a1432d503f923535da3f9b34426b2a4822174399c73b1c1ee673114" - "10a58c17202ac767844b2024d8aa21a205707d93865693ac25a24fc87034fa3a7a7e27c3" - "344cb03b87602c15180a5fe6a9dd90cd11af4a0f150207bf2d83f55b12c088adae99aa8c" - "fa659311b3a25beb99056643760d6a282126b9b2", - "07788d34758b20efc330c67483be3999d1d1a16fd0da81ed28895ebb35ee21093d37ea1a" - "c808946c275c44454a216195eb3eb3aea1b53a329eca4eb82dd48c784f5", - "0400157d80bd426f6c3cee903c24b73faa02e758607c3e102d6e643b7269c299684fdaba" - "1acddb83ee686a60acca53cddb2fe976149205c8b8ab6ad1458bc00993cc43016e33cbed" - "05721b284dacc8c8fbe2d118c347fc2e2670e691d5d53daf6ef2dfec464a5fbf46f8efce" - "81ac226915e11d43c11c8229fca2327815e1f8da5fe95021fc", - "0a73477264a9cc69d359464abb1ac098a18c0fb3ea35e4f2e6e1b060dab05bef1255d9f9" - "c9b9fbb89712e5afe13745ae6fd5917a9aedb0f2860d03a0d8f113ea10c", - "07e315d8d958b8ce27eaf4f3782294341d2a46fb1457a60eb9fe93a9ae86f3764716c4f5" - "f124bd6b114781ed59c3f24e18aa35c903211b2f2039d85862932987d68", - "1bcc1d211ebc120a97d465b603a1bb1e470109e0a55d2f1b5c597803931bd6d7718f010d" - "7d289b31533e9fcef3d141974e5955bc7f0ee342b9cad05e29a3dded30e"}, - {NID_secp521r1, NID_sha512, - "aa48851af7ef17abe233163b7185130f4646203c205e22bcc2a5a3697bcab998c73a9ffe" - "1d3ea0b7978ce7df937a72586eb5ca60b0d939a7d1c115c820171c89c8116b7e2c7b98cf" - "0f14e4c4df3cb2f319ad3ab0ea25ff14526ddc037469f000bf82100acd4cdf94feb4eba4" - "ea1726f0569336604a473aee67d71afebb569209", - "1f98696772221e6cccd5569ed8aed3c435ee86a04689c7a64d20c30f6fe1c59cc10c6d29" - "10261d30c3b96117a669e19cfe5b696b68feeacf61f6a3dea55e6e5837a", - "04007002872c200e16d57e8e53f7bce6e9a7832c387f6f9c29c6b75526262c57bc2b56d6" - "3e9558c5761c1d62708357f586d3aab41c6a7ca3bf6c32d9c3ca40f9a2796a01fe3e5247" - "2ef224fb38d5a0a14875b52c2f50b82b99eea98d826c77e6a9ccf798de5ffa92a0d65965" - "f740c702a3027be66b9c844f1b2e96c134eb3fdf3edddcf11c", - "1a277cf0414c6adb621d1cc0311ec908401ce040c6687ed45a0cdf2910c42c9f1954a457" - "2d8e659733d5e26cbd35e3260be40017b2f5d38ec42315f5c0b056c596d", - "0d732ba8b3e9c9e0a495249e152e5bee69d94e9ff012d001b140d4b5d082aa9df77e10b6" - "5f115a594a50114722db42fa5fbe457c5bd05e7ac7ee510aa68fe7b1e7f", - "134ac5e1ee339727df80c35ff5b2891596dd14d6cfd137bafd50ab98e2c1ab4008a0bd03" - "552618d217912a9ec502a902f2353e757c3b5776309f7f2cfebf913e9cd"}, - {NID_secp521r1, NID_sha512, - "b0d5d52259af364eb2d1a5027e5f7d0afe4b999cc5dd2268cfe76f51d2f17b541bdd7867" - "e23a1bb897705153d9432a24012108979c6a2c9e2567c9531d012f9e4be764419491a52e" - "ae2e127430b0ab58cb8e216515a821b3db206447c235bf44ee304201b483b2a88844abaa" - "18bca0147dfff7e502397dd62e15524f67eb2df2", - "13c3852a6bc8825b45fd7da1754078913d77f4e586216a6eb08b6f03adce7464f5dbc2be" - "a0eb7b12d103870ef045f53d67e3600d7eba07aac5db03f71b64db1cceb", - "0400c97a4ebcbbe701c9f7be127e87079edf479b76d3c14bfbee693e1638e5bff8d4705a" - "c0c14597529dbe13356ca85eb03a418edfe144ce6cbf3533016d4efc29dbd4011c75b7a8" - "894ef64109ac2dea972e7fd5f79b75dab1bf9441a5b8b86f1dc1324426fa6cf4e7b973b4" - "4e3d0576c52e5c9edf8ce2fc18cb3c28742d44419f044667f8", - "1e25b86db041f21c2503d547e2b1b655f0b99d5b6c0e1cf2bdbd8a8c6a053f5d79d78c55" - "b4ef75bff764a74edc920b35536e3c470b6f6b8fd53898f3bbc467539ef", - "1dce45ea592b34d016497882c48dc0c7afb1c8e0f81a051800d7ab8da9d237efd892207b" - "c9401f1d30650f66af8d5349fc5b19727756270722d5a8adb0a49b72d0a", - "0b79ffcdc33e028b1ab894cb751ec792a69e3011b201a76f3b878655bc31efd1c0bf3b98" - "aea2b14f262c19d142e008b98e890ebbf464d3b025764dd2f73c4251b1a"}, - {NID_secp521r1, NID_sha512, - "9599788344976779383a7a0812a096943a1f771ee484d586af1a06207478e4c0be9c200d" - "42460fe837e24b266c8852d80d3c53cc52ffb1913fc3261145fc6da575611efd16c02605" - "9a2e64f802517ffd1b6b34de10ad2909c65c2155e8d939b8115400c1d793d23955b15f5d" - "1c13c962ff92b4a815cee0e10f8e14e1f6e6cd38", - "1654eaa1f6eec7159ee2d36fb24d15d6d33a128f36c52e2437f7d1b5a44ea4fa965c0a26" - "d0066f92c8b82bd136491e929686c8bde61b7c704daab54ed1e1bdf6b77", - "0401f269692c47a55242bb08731ff920f4915bfcecf4d4431a8b487c90d08565272c52ca" - "90c47397f7604bc643982e34d05178e979c2cff7ea1b9eaec18d69ca7382de00750bdd86" - "6fba3e92c29599c002ac6f9e2bf39af8521b7b133f70510e9918a94d3c279edec97ab75e" - "cda95e3dd7861af84c543371c055dc74eeeff7061726818327", - "1b7519becd00d750459d63a72f13318b6ac61b8c8e7077cf9415c9b4b924f35514c9c28a" - "0fae43d06e31c670a873716156aa7bc744577d62476e038b116576a9e53", - "183bddb46c249e868ef231a1ebd85d0773bf8105a092ab7d884d677a1e9b7d6014d6358c" - "09538a99d9dca8f36f163ac1827df420c3f9360cc66900a9737a7f756f3", - "0d05ee3e64bac4e56d9d8bd511c8a43941e953cba4e5d83c0553acb87091ff54f3aad4d6" - "9d9f15e520a2551cc14f2c86bb45513fef0295e381a7635486bd3917b50"}, - {NID_secp521r1, NID_sha512, - "fdde51acfd04eb0ad892ce9d6c0f90eb91ce765cbe3ce9d3f2defe8f691324d26b968b8b" - "90e77706b068585f2a3ee7bf3e910528f7403c5af745a6f9d7ba6c53abd885c3b1be5834" - "15b128f4d3f224daf8563476bd9aa61e9c8518c144335f8f879c03696bddbe3ac37a8fbe" - "de29861611feaa87e325e2f60278b4893ed57fb0", - "1cba5d561bf18656991eba9a1dde8bde547885ea1f0abe7f2837e569ca52f53df5e64e4a" - "547c4f26458b5d9626ed6d702e5ab1dd585cf36a0c84f768fac946cfd4c", - "04012857c2244fa04db3b73db4847927db63cce2fa6cb22724466d3e20bc950a9250a15e" - "afd99f236a801e5271e8f90d9e8a97f37c12f7da65bce8a2c93bcd2552620500f394e37c" - "17d5b8e35b488fa05a607dbc74264965043a1fb60e92edc212296ae72d7d6fe2e3457e67" - "be853664e1da64f57e44bd259076b3bb2b06a2c604fea1be9d", - "0e790238796fee7b5885dc0784c7041a4cc7ca4ba757d9f7906ad1fcbab5667e3734bc23" - "09a48047442535ff89144b518f730ff55c0c67eeb4c880c2dfd2fb60d69", - "1d7ce382295a2a109064ea03f0ad8761dd60eefb9c207a20e3c5551e82ac6d2ee5922b3e" - "9655a65ba6c359dcbf8fa843fbe87239a5c3e3eaecec0407d2fcdb687c2", - "161963a6237b8955a8a756d8df5dbd303140bb90143b1da5f07b32f9cb64733dc6316080" - "924733f1e2c81ade9d0be71b5b95b55666026a035a93ab3004d0bc0b19f"}, - {NID_secp521r1, NID_sha512, - "beb34c997f905c77451ac392f7957a0ab8b23325bd5c63ca31c109ac8f655a1e3094240c" - "b8a99284f8091de2ab9a7db2504d16251980b86be89ec3a3f41162698bab51848880633e" - "0b71a38f8896335853d8e836a2454ecab2acdcc052c8f659be1d703b13ae1b090334ac50" - "ab0137ddb5e8b924c0e3d2e5789daaef2fdd4a1e", - "0972e7ff25adf8a032535e5b19463cfe306b90803bf27fabc6046ae0807d2312fbab85d1" - "da61b80b2d5d48f4e5886f27fca050b84563aee1926ae6b2564cd756d63", - "0401d7f1e9e610619daa9d2efa563610a371677fe8b58048fdc55a98a49970f6afa6649c" - "516f9c72085ca3722aa595f45f2803402b01c832d28aac63d9941f1a25dfea01571facce" - "3fcfe733a8eef4e8305dfe99103a370f82b3f8d75085414f2592ad44969a2ef8196c8b98" - "09f0eca2f7ddc71c47879e3f37a40b9fecf97992b97af29721", - "0517f6e4002479dc89e8cbb55b7c426d128776ca82cf81be8c1da9557178783f40e3d047" - "db7e77867f1af030a51de470ee3128c22e9c2d642d71e4904ab5a76edfa", - "1c3262a3a3fb74fa5124b71a6c7f7b7e6d56738eabaf7666b372b299b0c99ee8a16be3df" - "88dd955de093fc8c049f76ee83a4138cee41e5fe94755d27a52ee44032f", - "072fd88bb1684c4ca9531748dfce4c161037fcd6ae5c2803b7117fb60d3db5df7df38059" - "1aaf3073a3031306b76f062dcc547ded23f6690293c34a710e7e9a226c3"}, - {NID_secp521r1, NID_sha512, - "543c374af90c34f50ee195006d5f9d8dd986d09ad182fcbefa085567275eee1e742bfe0a" - "f3d058675adeb5b9f87f248b00a9fbd2aa779129123a5b983f2f26fc3caf2ea34277550c" - "22fe8c814c739b46972d50232993cddd63a3c99e20f5c5067d9b57e2d5db94317a5a16b5" - "c12b5c4cafbc79cbc2f9940f074bbc7d0dc71e90", - "1f0ec8da29295394f2f072672db014861be33bfd9f91349dad5566ff396bea055e53b1d6" - "1c8c4e5c9f6e129ed75a49f91cce1d5530ad4e78c2b793a63195eb9f0da", - "04009ec1a3761fe3958073b9647f34202c5e8ca2428d056facc4f3fedc7077fa87f1d1eb" - "30cc74f6e3ff3d3f82df2641cea1eb3ff1529e8a3866ae2055aacec0bf68c400bed0261b" - "91f664c3ff53e337d8321cb988c3edc03b46754680097e5a8585245d80d0b7045c75a9c5" - "be7f599d3b5eea08d828acb6294ae515a3df57a37f903ef62e", - "0ac3b6d61ebda99e23301fa198d686a13c0832af594b289c9a55669ce6d6201138476901" - "3748b68465527a597ed6858a06a99d50493562b3a7dbcee975ad34657d8", - "0cef3f4babe6f9875e5db28c27d6a197d607c3641a90f10c2cc2cb302ba658aa151dc76c" - "507488b99f4b3c8bb404fb5c852f959273f412cbdd5e713c5e3f0e67f94", - "0097ed9e005416fc944e26bcc3661a09b35c128fcccdc2742739c8a301a338dd77d9d135" - "71612a3b9524a6164b09fe73643bbc31447ee31ef44a490843e4e7db23f"} -# ifndef OPENSSL_NO_EC2M + { NID_secp224r1, NID_sha224, + "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" + "9495df081c3fc60245b9f25fc9e301b845b3d703a694986e4641ae3c7e5a19e6d6edbf1d" + "61e535f49a8fad5f4ac26397cfec682f161a5fcd32c5e780668b0181a91955157635536a" + "22367308036e2070f544ad4fff3d5122c76fad5d", + "16797b5c0c7ed5461e2ff1b88e6eafa03c0f46bf072000dfc830d615", + "04605495756e6e88f1d07ae5f98787af9b4da8a641d1a9492a12174eabf5cc733b17decc" + "806ef1df861a42505d0af9ef7c3df3959b8dfc6669", + "d9a5a7328117f48b4b8dd8c17dae722e756b3ff64bd29a527137eec0", + "2fc2cff8cdd4866b1d74e45b07d333af46b7af0888049d0fdbc7b0d6", + "8d9cc4c8ea93e0fd9d6431b9a1fd99b88f281793396321b11dac41eb" }, + { NID_secp224r1, NID_sha224, + "7de42b44db0aa8bfdcdac9add227e8f0cc7ad1d94693beb5e1d325e5f3f85b3bd033fc25" + "e9469a89733a65d1fa641f7e67d668e7c71d736233c4cba20eb83c368c506affe77946b5" + "e2ec693798aecd7ff943cd8fab90affddf5ad5b8d1af332e6c5fe4a2df16837700b2781e" + "08821d4fbdd8373517f5b19f9e63b89cfeeeef6f", + "cf020a1ff36c28511191482ed1e5259c60d383606c581948c3fbe2c5", + "04fa21f85b99d3dc18c6d53351fbcb1e2d029c00fa7d1663a3dd94695ee9e79578f8988b" + "168edff1a8b34a5ed9598cc20acd1f0aed36715d88", + "c780d047454824af98677cf310117e5f9e99627d02414f136aed8e83", + "45145f06b566ec9fd0fee1b6c6551a4535c7a3bbfc0fede45f4f5038", + "7302dff12545b069cf27df49b26e4781270585463656f2834917c3ca" }, + { NID_secp224r1, NID_sha224, + "af0da3adab82784909e2b3dadcecba21eced3c60d7572023dea171044d9a10e8ba67d31b" + "04904541b87fff32a10ccc6580869055fec6216a00320a28899859a6b61faba58a0bc10c" + "2ba07ea16f214c3ddcc9fc5622ad1253b63fe7e95227ae3c9caa9962cffc8b1c4e826003" + "6469d25ab0c8e3643a820b8b3a4d8d43e4b728f9", + "dde6f173fa9f307d206ce46b4f02851ebce9638a989330249fd30b73", + "04fc21a99b060afb0d9dbf3250ea3c4da10be94ce627a65874d8e4a630e8373ab7190890" + "326aac4aacca3eba89e15d1086a05434dd033fd3f3", + "6629366a156840477df4875cfba4f8faa809e394893e1f5525326d07", + "41f8e2b1ae5add7c24da8725a067585a3ad6d5a9ed9580beb226f23a", + "a5d71bff02dce997305dd337128046f36714398f4ef6647599712fae" }, + { NID_secp224r1, NID_sha224, + "cfa56ae89727df6b7266f69d6636bf738f9e4f15f49c42a0123edac4b3743f32ea52389f" + "919ceb90575c4184897773b2f2fc5b3fcb354880f15c93383215d3c2551fcc1b4180a1ac" + "0f69c969bbc306acd115ce3976eff518540f43ad4076dbb5fbad9ce9b3234f1148b8f5e0" + "59192ff480fc4bcbd00d25f4d9f5ed4ba5693b6c", + "aeee9071248f077590ac647794b678ad371f8e0f1e14e9fbff49671e", + "04fad0a34991bbf89982ad9cf89337b4bd2565f84d5bdd004289fc1cc35d8b6764f28c81" + "63a12855a5c266efeb9388df4994b85a8b4f1bd3bc", + "1d35d027cd5a569e25c5768c48ed0c2b127c0f99cb4e52ea094fe689", + "2258184ef9f0fa698735379972ce9adf034af76017668bfcdab978de", + "866fb8e505dea6c909c2c9143ec869d1bac2282cf12366130ff2146c" }, + { NID_secp224r1, NID_sha224, + "c223c8009018321b987a615c3414d2bb15954933569ca989de32d6bf11107bc47a330ab6" + "d88d9b50d106cf5777d1b736b14bc48deda1bc573a9a7dd42cd061860645306dce7a5ba8" + "c60f135a6a21999421ce8c4670fe7287a7e9ea3aa1e0fa82721f33e6e823957fe86e2283" + "c89ef92b13cd0333c4bb70865ae1919bf538ea34", + "29c204b2954e1406a015020f9d6b3d7c00658298feb2d17440b2c1a4", + "040e0fc15e775a75d45f872e5021b554cc0579da19125e1a49299c7630cb64fe462d025a" + "e2a1394746bdbf8251f7ca5a1d6bb13e0edf6b7b09", + "39547c10bb947d69f6c3af701f2528e011a1e80a6d04cc5a37466c02", + "86622c376d326cdf679bcabf8eb034bf49f0c188f3fc3afd0006325d", + "26613d3b33c70e635d7a998f254a5b15d2a3642bf321e8cff08f1e84" }, + { NID_secp224r1, NID_sha224, + "1c27273d95182c74c100d85b5c08f4b26874c2abc87f127f304aedbf52ef6540eba16dd6" + "64ae1e9e30ea1e66ff9cc9ab5a80b5bcbd19dde88a29ff10b50a6abd73388e8071306c68" + "d0c9f6caa26b7e68de29312be959b9f4a5481f5a2ad2070a396ed3de21096541cf58c4a1" + "3308e08867565bf2df9d649357a83cdcf18d2cd9", + "8986a97b24be042a1547642f19678de4e281a68f1e794e343dabb131", + "042c070e68e8478341938f3d5026a1fe01e778cdffbebbdd7a4cd29209cde21c9c7c6590" + "ba300715a7adac278385a5175b6b4ea749c4b6a681", + "509712f9c0f3370f6a09154159975945f0107dd1cee7327c68eaa90b", + "57afda5139b180de96373c3d649700682e37efd56ae182335f081013", + "eb6cd58650cfb26dfdf21de32fa17464a6efc46830eedc16977342e6" }, + { NID_secp224r1, NID_sha224, + "069ae374971627f6b8503f3aa63ab52bcf4f3fcae65b98cdbbf917a5b08a10dc76005671" + "4db279806a8d43485320e6fee0f1e0562e077ee270ace8d3c478d79bcdff9cf8b92fdea6" + "8421d4a276f8e62ae379387ae06b60af9eb3c40bd7a768aeffccdc8a08bc78ca2eca1806" + "1058043a0e441209c5c594842838a4d9d778a053", + "d9aa95e14cb34980cfddadddfa92bde1310acaff249f73ff5b09a974", + "043a0d4b8e5fad1ea1abb8d3fb742cd45cd0b76d136e5bbb33206ad120c90ac83276b2fa" + "3757b0f226cd7360a313bc96fd8329c76a7306cc7d", + "1f1739af68a3cee7c5f09e9e09d6485d9cd64cc4085bc2bc89795aaf", + "09bbdd003532d025d7c3204c00747cd52ecdfbc7ce3dde8ffbea23e1", + "1e745e80948779a5cc8dc5cb193beebb550ec9c2647f4948bf58ba7d" }, + { NID_secp224r1, NID_sha224, + "d0d5ae3e33600aa21c1606caec449eee678c87cb593594be1fbb048cc7cfd076e5cc7132" + "ebe290c4c014e7a517a0d5972759acfa1438d9d2e5d236d19ac92136f6252b7e5bea7588" + "dcba6522b6b18128f003ecab5cb4908832fb5a375cf820f8f0e9ee870653a73dc2282f2d" + "45622a2f0e85cba05c567baf1b9862b79a4b244e", + "380fb6154ad3d2e755a17df1f047f84712d4ec9e47d34d4054ea29a8", + "044772c27cca3348b1801ae87b01cb564c8cf9b81c23cc74468a907927de9d253935b096" + "17a1655c42d385bf48504e06fa386f5fa533a21dcb", + "14dbdffa326ba2f3d64f79ff966d9ee6c1aba0d51e9a8e59f5686dc1", + "ff6d52a09ca4c3b82da0440864d6717e1be0b50b6dcf5e1d74c0ff56", + "09490be77bc834c1efaa23410dcbf800e6fae40d62a737214c5a4418" }, + { NID_secp224r1, NID_sha224, + "79b7375ae7a4f2e4adad8765d14c1540cd9979db38076c157c1837c760ca6febbb18fd42" + "152335929b735e1a08041bd38d315cd4c6b7dd2729de8752f531f07fe4ddc4f1899debc0" + "311eef0019170b58e08895b439ddf09fbf0aeb1e2fd35c2ef7ae402308c3637733802601" + "dd218fb14c22f57870835b10818369d57d318405", + "6b98ec50d6b7f7ebc3a2183ff9388f75e924243827ddded8721186e2", + "041f249911b125348e6e0a473479105cc4b8cfb4fa32d897810fc69ffea17db03b9877d1" + "b6328329061ea67aec5a38a884362e9e5b7d7642dc", + "ab3a41fedc77d1f96f3103cc7dce215bf45054a755cf101735fef503", + "70ccc0824542e296d17a79320d422f1edcf9253840dafe4427033f40", + "e3823699c355b61ab1894be3371765fae2b720405a7ce5e790ca8c00" }, + { NID_secp224r1, NID_sha224, + "8c7de96e6880d5b6efc19646b9d3d56490775cb3faab342e64db2e388c4bd9e94c4e69a6" + "3ccdb7e007a19711e69c06f106b71c983a6d97c4589045666c6ab5ea7b5b6d096ddf6fd3" + "5b819f1506a3c37ddd40929504f9f079c8d83820fc8493f97b2298aebe48fdb4ff472b29" + "018fc2b1163a22bfbb1de413e8645e871291a9f6", + "8dda0ef4170bf73077d685e7709f6f747ced08eb4cde98ef06ab7bd7", + "047df67b960ee7a2cb62b22932457360ab1e046c1ec84b91ae65642003c764ca9fc1b0cc" + "2233fa57bdcfedaab0131fb7b5f557d6ca57f4afe0", + "9ef6ebd178a76402968bc8ec8b257174a04fb5e2d65c1ab34ab039b9", + "eef9e8428105704133e0f19636c89e570485e577786df2b09f99602a", + "8c01f0162891e4b9536243cb86a6e5c177323cca09777366caf2693c" }, + { NID_secp224r1, NID_sha224, + "c89766374c5a5ccef5823e7a9b54af835ac56afbbb517bd77bfecf3fea876bd0cc9ea486" + "e3d685cfe3fb05f25d9c67992cd7863c80a55c7a263249eb3996c4698ad7381131bf3700" + "b7b24d7ca281a100cf2b750e7f0f933e662a08d9f9e47d779fb03754bd20931262ff381a" + "2fe7d1dc94f4a0520de73fa72020494d3133ecf7", + "3dbe18cd88fa49febfcb60f0369a67b2379a466d906ac46a8b8d522b", + "04b10150fd797eb870d377f1dbfa197f7d0f0ad29965af573ec13cc42a17b63ccefbe27f" + "b2a1139e5757b1082aeaa564f478c23a8f631eed5c", + "385803b262ee2ee875838b3a645a745d2e199ae112ef73a25d68d15f", + "1d293b697f297af77872582eb7f543dc250ec79ad453300d264a3b70", + "517a91b89c4859fcc10834242e710c5f0fed90ac938aa5ccdb7c66de" }, + { NID_secp224r1, NID_sha224, + "30f0e3b502eec5646929d48fd46aa73991d82079c7bd50a38b38ec0bd84167c8cf5ba39b" + "ec26999e70208af9b445046cd9d20c82b7629ca1e51bdd00daddbc35f9eb036a15ac5789" + "8642d9db09479a38cc80a2e41e380c8a766b2d623de2de798e1eabc02234b89b85d60154" + "460c3bf12764f3fbf17fcccc82df516a2fbe4ecf", + "c906b667f38c5135ea96c95722c713dbd125d61156a546f49ddaadc6", + "043c9b4ef1748a1925578658d3af51995b989ad760790157b25fe0982655648f4ff4edfb" + "899e9a13bd8d20f5c24b35dc6a6a4e42ed5983b4a0", + "b04d78d8ac40fefadb99f389a06d93f6b5b72198c1be02dbff6195f0", + "4bdd3c84647bad93dcaffd1b54eb87fc61a5704b19d7e6d756d11ad0", + "fdd81e5dca54158514f44ba2330271eff4c618330328451e2d93b9fb" }, + { NID_secp224r1, NID_sha224, + "6bbb4bf987c8e5069e47c1a541b48b8a3e6d14bfd9ac6dfaa7503b64ab5e1a55f63e91cf" + "5c3e703ac27ad88756dd7fb2d73b909fc15302d0592b974d47e72e60ed339a40b34d39a4" + "9b69ea4a5d26ce86f3ca00a70f1cd416a6a5722e8f39d1f0e966981803d6f46dac34e4c7" + "640204cd0d9f1e53fc3acf30096cd00fa80b3ae9", + "3456745fbd51eac9b8095cd687b112f93d1b58352dbe02c66bb9b0cc", + "04f0acdfbc75a748a4a0ac55281754b5c4a364b7d61c5390b334daae1086587a6768f235" + "bf523fbfc6e062c7401ac2b0242cfe4e5fb34f4057", + "854b20c61bcdf7a89959dbf0985880bb14b628f01c65ef4f6446f1c1", + "a2601fbb9fe89f39814735febb349143baa934170ffb91c6448a7823", + "bf90f9305616020a0e34ef30803fc15fa97dffc0948452bbf6cb5f66" }, + { NID_secp224r1, NID_sha224, + "05b8f8e56214d4217323f2066f974f638f0b83689fc4ed1201848230efdc1fbca8f70359" + "cecc921050141d3b02c2f17aa306fc2ce5fc06e7d0f4be162fcd985a0b687b4ba09b681c" + "b52ffe890bf5bb4a104cb2e770c04df433013605eb8c72a09902f4246d6c22b8c191ef1b" + "0bece10d5ce2744fc7345307dd1b41b6eff0ca89", + "2c522af64baaca7b7a08044312f5e265ec6e09b2272f462cc705e4c3", + "045fad3c047074b5de1960247d0cc216b4e3fb7f3b9cd960575c8479fce4fc9c7f05ff0b" + "040eb171fdd2a1dfe2572c564c2003a08c3179a422", + "9267763383f8db55eed5b1ca8f4937dc2e0ca6175066dc3d4a4586af", + "422e2e9fe535eb62f11f5f8ce87cf2e9ec65e61c06737cf6a0019ae6", + "116cfcf0965b7bc63aecade71d189d7e98a0434b124f2afbe3ccf0a9" }, + { NID_secp224r1, NID_sha224, + "e5c979f0832242b143077bce6ef146a53bb4c53abfc033473c59f3c4095a68b7a504b609" + "f2ab163b5f88f374f0f3bff8762278b1f1c37323b9ed448e3de33e6443796a9ecaa466aa" + "75175375418186c352018a57ce874e44ae72401d5c0f401b5a51804724c10653fded9066" + "e8994d36a137fdeb9364601daeef09fd174dde4a", + "3eff7d07edda14e8beba397accfee060dbe2a41587a703bbe0a0b912", + "046dd84f4d66f362844e41a7913c40b4aad5fa9ba56bb44c2d2ed9efac15f65ebcdf2fd9" + "f8035385a330bdabec0f1cd9cc7bc31d2fadbe7cda", + "7bb48839d7717bab1fdde89bf4f7b4509d1c2c12510925e13655dead", + "127051d85326049115f307af2bc426f6c2d08f4774a0b496fb6982b1", + "6857e84418c1d1179333b4e5307e92abade0b74f7521ad78044bf597" }, + { NID_secp224r1, NID_sha256, + "2b49de971bb0f705a3fb5914eb7638d72884a6c3550667dbfdf301adf26bde02f387fd42" + "6a31be6c9ff8bfe8690c8113c88576427f1466508458349fc86036afcfb66448b947707e" + "791e71f558b2bf4e7e7507773aaf4e9af51eda95cbce0a0f752b216f8a54a045d47801ff" + "410ee411a1b66a516f278327df2462fb5619470e", + "888fc992893bdd8aa02c80768832605d020b81ae0b25474154ec89aa", + "044c741e4d20103670b7161ae72271082155838418084335338ac38fa4db7919151ac285" + "87b72bad7ab180ec8e95ab9e2c8d81d9b9d7e2e383", + "06f7a56007825433c4c61153df1a135eee2f38ec687b492ed40d9c90", + "0909c9b9cae8d2790e29db6afdb45c04f5b072c4c20410c7dc9b6772", + "298f4fcae1fe271da1e0345d11d07a1fca43f58af4c113b909eedea0" }, + { NID_secp224r1, NID_sha256, + "1fa7201d96ad4d190415f2656d1387fa886afc38e5cd18b8c60da367acf32c627d2c9ea1" + "9ef3f030e559fc2a21695cdbb65ddf6ba36a70af0d3fa292a32de31da6acc6108ab2be8b" + "d37843338f0c37c2d62648d3d49013edeb9e179dadf78bf885f95e712fcdfcc8a172e47c" + "09ab159f3a00ed7b930f628c3c48257e92fc7407", + "5b5a3e186e7d5b9b0fbdfc74a05e0a3d85dc4be4c87269190c839972", + "04897089f4ef05b943eeac06589f0e09ccc571a6add3eb1610a2fc830f62ba3f6b3e6f0f" + "062058b93e6f25b6041246c5be13584a41cae7e244", + "5b6f7eca2bcc5899fce41b8169d48cd57cf0c4a1b66a30a150072676", + "f12c9985d454ffbc899ebbbb6cf43e3debcac7f19029f8f2f35cce31", + "12fcb848adbd8b1b4c72b2b54a04d936e4a5f480ae2a3ea2e3c1baae" }, + { NID_secp224r1, NID_sha256, + "74715fe10748a5b98b138f390f7ca9629c584c5d6ad268fc455c8de2e800b73fa1ea9aae" + "e85de58baa2ce9ce68d822fc31842c6b153baef3a12bf6b4541f74af65430ae931a64c8b" + "4950ad1c76b31aea8c229b3623390e233c112586aa5907bbe419841f54f0a7d6d19c003b" + "91dc84bbb59b14ec477a1e9d194c137e21c75bbb", + "f60b3a4d4e31c7005a3d2d0f91cb096d016a8ddb5ab10ecb2a549170", + "0440a4ab1e6a9f84b4dedb81795e6a7124d1cfdfd7ec64c5d4b9e3266683aa32a3c2fc06" + "8e62626f2dafce5d7f050e826e5c145cd2d13d1b27", + "c31150420dfb38ba8347e29add189ec3e38c14b0c541497fb90bf395", + "bf6c6daa89b21211ea2c9f45192d91603378d46b1a5057962dafaf12", + "cb6b237950e0f0369323055cd1f643528c7a64616f75b11c4ddd63c7" }, + { NID_secp224r1, NID_sha256, + "d10131982dd1a1d839aba383cd72855bf41061c0cb04dfa1acad3181f240341d744ca600" + "2b52f25fb3c63f16d050c4a4ef2c0ebf5f16ce987558f4b9d4a5ad3c6b81b617de00e04b" + "a32282d8bf223bfedbb325b741dfdc8f56fa85c65d42f05f6a1330d8cc6664ad32050dd7" + "b9e3993f4d6c91e5e12cbd9e82196e009ad22560", + "c8fc474d3b1cba5981348de5aef0839e376f9f18e7588f1eed7c8c85", + "0466f49457ed15f67ed4042195856f052fe774077f61cebcb9efddc3653a6e3f3423eec7" + "308a69eb1b0416d67cc3b84d24f251d7cbdb45c079", + "5e5405ae9ab6164bb476c1bb021ec78480e0488736e4f8222920fbd9", + "7b7beaf9f696ca1a8051527478c4c075ab45aa4768937886dbf38618", + "93d4cf110a37c5a6f15c4e6024822118539e860dee2f60b8c3f462f6" }, + { NID_secp224r1, NID_sha256, + "ef9dbd90ded96ad627a0a987ab90537a3e7acc1fdfa991088e9d999fd726e3ce1e1bd89a" + "7df08d8c2bf51085254c89dc67bc21e8a1a93f33a38c18c0ce3880e958ac3e3dbe8aec49" + "f981821c4ac6812dd29fab3a9ebe7fbd799fb50f12021b48d1d9abca8842547b3b99befa" + "612cc8b4ca5f9412e0352e72ab1344a0ac2913db", + "04ef5d2a45341e2ace9af8a6ebd25f6cde45453f55b7a724eb6c21f6", + "048d642868e4d0f55ee62a2052e6b806b566d2ac79dbde7939fe72577379505a57cd5690" + "4d2523b3e1281e9021167657d38aeb7d42fc8ec849", + "ec60ea6f3d6b74d102e5574182566b7e79a69699a307fee70a2d0d22", + "2fd7fcbb7832c97ce325301dd338b279a9e28b8933284d49c6eabcf6", + "550b2f1efc312805a6ed8f252e692d8ee19eaa5bcd5d0cda63a1a3f0" }, + { NID_secp224r1, NID_sha256, + "4cc91f744ac858d3577e48813219aa3538dd813b186b42d1e6218376f07cc1cc448ddd6b" + "37240e98bf953f49cf54d65c12878b33c0bf6eb1c60254f0b6fa974f847e53abc56773ee" + "f6f29885dfc619e6a48fc15a667ca94001a0c945b6357a53221b0f4b266181456b0d2d25" + "e90708777f1a6f85971c00140c631c1991e0fd06", + "35d4bbe77d149812339e85c79483cb270bdac56bbf30b5ef3d1f4d39", + "047924b1d7f5920cce98e25094e40f2eb3eb80d70b17e14b3d36c3671c26c5af35f71e61" + "858582b7cc2b41790597c53ee514ffdf7a289d108c", + "751869c1d0e79eb30aae8fbfb6d97bfa332123fd6b6c72c9cd3c1796", + "26bb1b92b0f01e94eba5fa429271371db527ce857abba13bd1103f64", + "836aba9c63e1252c2b2d72a21e6a41b82241ebe32647e7f814652bcb" }, + { NID_secp224r1, NID_sha256, + "58f43cc1924de4bc5867664adbc9d26b4f096a43aca47c27c52851b006dc2a658919ef9c" + "e5b5ac48372703be15ac51631c2bd84b88f479f113b0569a9a09e230ec1e8e573474c607" + "5284d3e57d973829af35325d9e7dab4a5f9b065155bbcaff3642a82ef4c9b9e127d3575c" + "050721653da3b087d3fa394192897a5519527d19", + "2c291a393281b75264c9b8817af684fa86a1cdc900822f74039dc5d6", + "0418cb5826ad60e6696bf07655032a3749f6577ca36da3ccd6e66a137c194e14820fe02d" + "784fd1363ff7a30399518309765bd3f4412d646da2", + "e2a860416229dfd3f5a5cc92344ca015093a543943a0d8f73bf2b2fd", + "00e300c1ef4a8c4ca5da6413856f8981db49de29bdf03f32ffc3ceab", + "f250f18a51ba5f63e1584097841099fa6ae4e98ee458c061d1d5aed7" }, + { NID_secp224r1, NID_sha256, + "113a2806b052fde683ee09453098e402204155afb3776fd1cad3a9103421d327eab8f9ec" + "0dd050ffcc83f93b34ea707705fabeccfe43ab1a71c95298fd3ec769d99ead1066950eee" + "677d225816e0faad19cf69e1b35d16771689e2092cafe16d7c0dd7b0db73fffb8d0f3eae" + "d83004dd21e753530ec939c89ba25578fa5f785b", + "831ea25dbeda33d272a1382c5def0e83929170ab06a629eed6ee244b", + "04076518e393940d42dfd09819409d66966d8c9189c83d554a9cc8a08244d0ceaf4c0f50" + "e46bea4a52e30423ce3ada19edd363ac5694c65cb8", + "6be6dd9f6a083915ccba54626caf12d246d3aece0a7eda7d8d85599c", + "ff1460946e06fb6f5d35e8d2625ca70ffb9b45308e3fabf6ad8351b1", + "6029aa3990918e8cb8a388d53b0772e5cdfff49c3405fe0d3a95933a" }, + { NID_secp224r1, NID_sha256, + "64cbfc8f2e2149a31b3e8a80c4a552f6c62aaeb7990b6e0ee55500a9d17be04213406578" + "caf315951086dff5c2af3b5ce17d425d185101ef26f86396ba3a129a4f3f8e2dd595f59e" + "fb6c0f5c2dcc394569d7268695e9ac7daa84203f1f1895f1f9e4b514a5c9cd23baa63454" + "710144fe735ad9b8f42d8c43267aa434a26d7e5f", + "70f74c7324ef137318b610ead8ddc5b964e0eed3750b20612fc2e67b", + "04279649e2a2918e683520cde3fc98b0ae58a7100e8de35e7c9cc797b6aa4de6be34be61" + "f02880139787b9038f4554a8ef1c994b887c2974b5", + "8e984864f86f7a2a73f3edda17dbccd13fac8fa4b872814abf223b1b", + "3b18736fa11d04e27e2614cda03a63ec11a180f357b0b3192920d09c", + "2f0f3dbd570727b14fbb29155538e62c930dd51c4035275c1365dc60" }, + { NID_secp224r1, NID_sha256, + "a10a11c8e30fff118d371daf824f16c08200b83ea059436466a4611ccac93b2dea2de8c1" + "006f946196aef7fe9b0c251a391b0340f21797798278b412ff2b53842eec6450728e2bca" + "062f8337a2c204b9ea04ff660cd4d4db559f2f11c4d8ef199021339fcc82396f7a93926c" + "f5f247e37d8067fe50692de54f102bd5ab51925c", + "026be5789886d25039c11d7d58a11a6e1d52cb1d5657561f2165b8a8", + "043fa617c50b177da1a2bdb98b780ad21ad1195c4bd24465f6187de3c9e3fd8d8876dfd0" + "3a4a4e31a1acad3a08d983826d286c250c4e5620c1", + "0128b8e3f50731eb5fcc223517fc0cf6b96cd1d2807eb4524bc46f77", + "3a6b633f96f3d0b6d54f7fb29ac33709e4f0dd8fa0e51606ed9765ca", + "63e8c119dfa51784decd864f6911f2210a80f8f02d472d88df10d119" }, + { NID_secp224r1, NID_sha256, + "b3f720bf566ffa369259f4361959ae0641d2755ec264a4c4349981df2b02563275b2b9ad" + "b5aee47f7a456760a971991ffed6b17809bb9694138d1677fa916123795239353158fc6b" + "22d10f20d26f5d2dcd8c56c44373eea5b93067dba2d7c5318dac2e9e8714873cb1b37f58" + "c011fd14fa1e535554efe05f468bfc8e11cd8b99", + "e79c18d935c2839644762867aa793201f96a3cde080c5968412ce784", + "04b7ae1e992b1c7fde1141f40bd913358538ca0f07f62b729f13cea327811252d12120e0" + "4805fc171a439d382c43b68a21e1a0bdf5e4ec1da4", + "7abedab1d36f4f0959a03d968b27dd5708223b66e0fc48594d827361", + "d35047d74e1e7305bb8c1a94e8ae47cb1591c3437a3e185e00afe710", + "d9c425c9d5feb776ac8952e6c4eee0ecd68aef2f0e7bff2e49c9185e" }, + { NID_secp224r1, NID_sha256, + "0a398a46df7ccc48d1e7833f8bbc67100f1ef77a62dc78bbc115b2a662f9591fbaaa91ad" + "3d788e2fdd1b3164e45293d4f5686c151296901768028ac80ded4bf89c647ad35f0c7c4c" + "b318c0c757c1d83c44d850e5fd4677281b3f13b1ee54de79c8c042813f9d3312dcc6111a" + "68299cb7e829557d7f3d96e702f65aefc6499415", + "0d087f9d1f8ae29c9cf791490efc4a5789a9d52038c4b1d22494ad8c", + "04cd95cf8fb1cd21690f40d647f2353672a1076cc6c46bddaad2d0fc56934262f74d9ee0" + "f8a2754f64cb7415923d64bf00c94a39b52803f577", + "557d0e3995dc6377b3911546dd7aeaeec62a6d8f2af6a274382fc37f", + "56df0ea6afdcc232ceb41729eec00cf906b69b6e28423a36d3c92cc5", + "f4f70fd948c9a147f55317fdea7b8a84c33e721014552d5800d63edc" }, + { NID_secp224r1, NID_sha256, + "8c33616821a6038b448d8918668977fcf1ef5aa0cf7c341837b39bbcc9bca875a3757f4b" + "392630e9995b9bbe4eb66978b877586adaa02f99d2344dae082a7603351d8ffcfca081ab" + "403cd0acb90d078dd1d0789c2eb3185c62bff2d9f04cd38e509e3b83c12ed0a5c6808fc4" + "2f7ba5b06acdc496c8ad9be648ee6a4505f8560f", + "0830aebb6577d3a3be3ba54a4501c987b0e0bb593267b9bbadb66583", + "04b88652020e083ccc1c43dc83d1881884dd4c7e3b4e3460b344b1ea6422b69b517f86d7" + "c26dc37c0f8feb4bb07fe876149fbcc3334fd2805b", + "e4f4a3280574c704c2fde47ca81ec883d27f2c5a961a294db7cda9d2", + "b30b8a0079d9a134b5e1618c2ac63e3fbe0e95866b9dbc5f423f2707", + "3dc36746610271ef66e0aa52cc2ccadc5c9b08dc769e4dc4f6538c11" }, + { NID_secp224r1, NID_sha256, + "94d56535fd4edfe67a0daa6579f9d53bf6b7b8830ae2aeb62892ff59f18756ddf2811b44" + "9c7d20d65d54f8507de4e7c50eaa084830637812aa4b250a4d61ab67845be36e4a41cdc0" + "a70f8d6e3a63d4514f0dc197e6486015046a316153d5f3a3a4a0ae1ed7ea5fa55e12e73d" + "333333685c02e0eb636234ea7e6d4b76b4b76b5a", + "2acc9b97e625263e8e4cd164302c7d1e078bfcdd706111a13ccda5b2", + "04ce1a06f82df874dded37cca03b56c0648e4e8917ecd40ee73ee61588ceb6177b8f1ac7" + "c5c6e6e1f7737cc3026952ee392badd2cd7af32f9d", + "e401fa80f96480d437ed4f61a783888062ec33d530b188fd48016a6d", + "28674f447c4742e4087bbccfb522fbad4e18b56031d2ce8f532b078a", + "a5a7a13d15b423dd17771f73cea98d89dbffa846cc209b45c0e29b76" }, + { NID_secp224r1, NID_sha256, + "5d8ebdf9eb28b47bdafaa36bf0b66a9eaf99b6c83959da4f2b1151b4f4ecd28fb115a64c" + "0cb9491093a7e9b9c53ec423e4c72e7765bb9c818da0e8c428667e44474a71db4867130c" + "77c40bfd8544b2d7b9d6464d2b8e6a48482153256a32437c3a747231f51134dd14c70340" + "7e31146a6fcde23bededcf16950486e90ca69ac0", + "f4e873d4fb944fb52323406f933815092b7672221de4d1c45917f3fc", + "040dc2cdddb990341adb1de73f02d87fc3822485a659a15145f4251d5fcf78b2a83c7352" + "eda1af2c74e1804ea04b35f76c04e89d90281dc2bb", + "5d1476c682a64162fd2fdc82696fc8cab1469a86f707ea2757416e40", + "82982b38ed465138df4018d7cfb835edcb591cb57446ca49d163782b", + "8ef1d7b326cabee7f7ab95b7b98d3c27a069c0fd95a1599c0ccb422b" }, + { NID_secp224r1, NID_sha384, + "25e4416695f77551fdce276355528ccf1ddc2483821c5d22d751d50111ca2fadc6593b52" + "c74f4b5957494f1df25b0b2f86950d0d19229ec6506fee8581d2dd09d48418b146ff16bd" + "84a17ca0dc83b1888eb407376da6c8a88fa1e60b8c2a2471dfde4b3996ef673d5bde3d70" + "c434dc9f2488e9de16ae657d29e5e59ec922a1ec", + "62c572ee0d6f81b27e591d788bfc2f42b5105d2663078dfb58069ebd", + "04bd6ba605639b98fa8113a16a3bb004ddfaec901c98a931206165f4a5a3190b10ef39e8" + "8abd60b2293b4707512b45c6c5ed5794cc11454427", + "0f0bb1e428bcdebf4dc62a5278068efc0f8ce75f89e89b3630f102b2", + "aac0ea27e129f544abcc77f110e70bbdd5aa3e425dc39d5e8887025d", + "10e5dd06aee6b8419a04aa33d9d5678b0039c3acc3c4b61fe106bfdc" }, + { NID_secp224r1, NID_sha384, + "9164d633a553deccf3cbd2effccf1387fa3177cd28c95d94a7d1a3e159c5e5c027758cc2" + "6493301b2f4d141d8d07a5fe5fead987ce5f30abeafcb48c302afc6c2309f0e93d9b6818" + "cbb6972d222cb7b01302dfe202ae83b89f53150ae4a0e2b8fc0fd1091f19b4ab2e6ab213" + "ab322d04f2c5f57113bfad3c5675227237abf773", + "e2f86bf73ba9336fa023343060f038e9ad41e5fe868e9f80574619a3", + "04f5d5346f17898ea6bbdfff19c216a8757a5dc37b95315f5481628381ae61fd172ac8b7" + "a4f13870a932dece465834cbd4f50bbcfb802c824e", + "35724ac043e3b44b73b5a7919cf675190306d26aa67c27c28c873534", + "535147c265af138eec50c7fb570bcc8d2e6f675597b0fcc034e536bc", + "743812c188a1dddf9fb34b90738f8b2e58760d6cd20ccceb1bb9c516" }, + { NID_secp224r1, NID_sha384, + "019df05929321ecea7ee1de4f412aba1c8d3c24437db04b194a68a0a59dd871be10bd3a4" + "be6edf551350ea49fc7155a4d887e1221486291abe77a30633a4c4f7868fe2df24311cba" + "0c73804883954460e122387ed414111ff96ff1aebac8b6a6491d8a0d16e48a63bf3d027c" + "0f68ee4a4b234d73b412196706af8ea022b4dcef", + "b0a203438e2586d7575bc417a4a798e47abc22aa3955b58fc2789f17", + "04dc5d217862a1e5b00c95affa9d8b925a72b9beaeb7a86dc397e788d85f05f8e976ae1e" + "b1036eca6d683a82850795bf9127dee5f8b2859445", + "408e9c8b1f33136d6ddb93ff3a498bc09d4eee99bf69cdd5af0aa5a2", + "1b5a964c8b1fc634c6e2b82322499df1d7f0c12a4d2a77723c816ab8", + "cf54599a36ca064fae0aa936de5266f87704409d22a15d28c01b7f2a" }, + { NID_secp224r1, NID_sha384, + "5d09d2b1d3fa6e12c10d8b26dc9aabc8dc02bd06e63ff33f8bb91ede4b8694592a69e4ed" + "4cdf6820069e2b9c7803658949e877ffe23bf90bcf5ce1409c06c71d86885a94048b05ac" + "0ec9db193e489a5a2bfa367caf6aa8ecdb032be366174343f6875d2fe1785e8d77334f5f" + "469cec64998e08d3303e5c9a1923b34fdc105d65", + "efcfa50fad6fb2065f9a55f28c0c42fa24c809ccb19b6fc6d8ffb085", + "0461521a0cfb72be77ba33cb3b8e022743cd9130ff49e97093b71aa178ce0819aedaf6fc" + "e639d0e593f8ab0147eeb6058f5f2b448231584ea9", + "d1eea821f286eae6ebc1f61b08f9ad4323a3787e94af4c32cd31351b", + "b37caaa71103752ac559f9eb4943324409ebfa8b585f684dcaa5c411", + "7c28e7619e2944ab4b7be022878c8052ebdf2cae5dff4f976c49686a" }, + { NID_secp224r1, NID_sha384, + "50f6dfc81c6cf189e0a310f992907fe93356cee9dea9a41c7671a8daf3f4cfe0c459ce61" + "22c1e731dbf7593419d7114cb73b46956158a982c5d52c72f43f0f822046093c69aeff1f" + "7e4cd8af00ba655c5baa2e7b6a400b4be1f6fd51b3e4cfb35a69c80a28c5cafb771b6c2e" + "52e0aeef0e3fd045e8d40745f3f8b74fd969f816", + "61a17816937987764cdc064dc7b5b4f5b16db1023acdfe25902957dd", + "04a7e975c0a8f87c683bb8e31bc160843a7b69c945f4850bd60e1c08c08930a454dcc2aa" + "13bed7ea89368b2c9d689d816b2acf4e52585ee9c4", + "44b1fdec2629f9075f89c134ac28ff19bfddaa9db02a5d7f853582b4", + "b0f5635d8bc9c53a1d54a3ec63de59ed66e6b2358d4ab79755414326", + "67c68fe265c7e5aba4232deeafb88545a2aa266fb9f2c2bb3f3ae8d2" }, + { NID_secp224r1, NID_sha384, + "e90129ac6672c85bb7b6b18e9dc199c96c81fd65034b53c77818364d512366fb9cd1bc7c" + "82404c451e561fc1ed916c0948f6ac561b33a1ccca093f07684b8c2bafa9e966377bd208" + "556018a5bafb9edcecf70498c7140fe9c8cf3ad8b8c3b0aa489df797944465047465415b" + "b0e24333235fcdd59a98829a3941eaaf62033e82", + "79d5367314ec664aa0f6ca36f95549502a05bf8400bf532d669fab8d", + "043191f0237102dac159032ab2dde53cf56c9ec827b5caddfe9e83c02ab496b1bdcca443" + "4ac0d0d91ea38ff3bc33f9f54095bfe17796d5a9e2", + "da529c52f5cc1f435d873109cd991d6cd7e1631d9ff1dd9521dd5db6", + "8e0ac63903f4921755430572c3f08bc272790639bdf1009fe2a9a714", + "6278c841a2d0a270791fe54b36c49d426d67907aa4e4f59c8638ad97" }, + { NID_secp224r1, NID_sha384, + "3c9a483c9bee33b601549c592a82e95b4319b1e74b777877f0971bcb4273716b268e8f99" + "f876e42f942f4cf08284896bbc1ffbf094ac0956c3cedfc3580cffa8c74fc6db29a371f2" + "da2d05edb9185ece741fe0d3fabfe9d5b4d373755ebed13dc6840cfa3283b9ea46ec8b95" + "c434f253ae86998182e9cc0e95ee64f323fc74b0", + "1320eedad4745121793a7eaf732b0b4498f7cb456cac8cf45a1f66f0", + "049fdd99906ab77fd29e9021bde947d05a7a9eb153612269bfb0899bc9681b65b9ac8e4c" + "2899bb622dafb253b7bf5a6e38e5f6595f997c291a", + "66ed8d8934633f4125f593cf1b1d3745c4db1f15dde60cf46ca1c7f2", + "80199485a3a96447b39f7679cd47412a78675ba17dcbd10465dc5b48", + "a251fd9f136a3cb0dd0bc80659ae032e4a761ba7045da0034553fb8c" }, + { NID_secp224r1, NID_sha384, + "bfc073fdda63c5fccaa0ca8770c293e8154e7aec56128bbac4fdbd541d602216ebf7ca1e" + "02b514d6e396f20683802ba3f334310a9226576926e3bb19ceee27738d13377cbafeb09d" + "091043501702a07aa31d1f29d50ddc55adcf16ffd40578e734a4e6cb6535f26ad48e0c62" + "ad90e79720000e87d419e92dca3e11f943655b03", + "e18821329447d3f65ba7279e96bd4624ffa1b32b90f6e8331b1e876d", + "0446c9ed837232c47022df2f1a1578fbe65ac9f2e81c98a74cc22ea31a6fc5e9568ae62b" + "31412a0b0b367242e9fd7e518c83aa06a069e1d90d", + "a4c1eb402a2fb3af26e0e14a3d2fc8ed3bc1a8b2475270356a79fdd3", + "d478b68733d8ad44be46766e7b66af782fbdc7ff7ed0b191176da98a", + "5eae9160ccf71fd1d359d89cecce72ef8afaeee2365f6ba828aa450a" }, + { NID_secp224r1, NID_sha384, + "08079955d1a1f33728128c73673ec9f21a6ce138dcab5adc4dc068e6ab57314b9fbd8b01" + "3123b2fdafa9524fbdd0288777a233de8055cccfad83046ada6a19f01c47817496667bba" + "8fc8b9456fc0e044a562d931dab1adcb66af8b66325bdf28d83ded3e2937958ccd19da54" + "0d70ef2c189f55a506c9c0d63406394c5bd3823b", + "f73e030d5a696b358986d3efaca121cf71f775f8835a21e6135145d7", + "049ca2c6ea87ac8dd3a23a5b4010841a7c8af309038882ae44634bcf55b0a347dbd5ded3" + "b8702ac5a457e8b32bd4de06fd315095fa1b7d5fe1", + "e3cc786c1288ea567836c51d6d69dd0cab5c015987d936ccc3a4beb3", + "f1234da71761b7a0f49e661a419d2a739bdc4544bf87690e3d2f96db", + "096d16bf8020c3d3c233894ad8eb81206010e62c6e692a215e088fd4" }, + { NID_secp224r1, NID_sha384, + "23900b768f6cd42b8a8df0dcbc9cb5daec8de36b9d5c619adcc1ba2b649103d5af123746" + "cdf19c3fd0665a6fb9338156182aa06181e3c6e37ce56979612af2927440424f89cef43f" + "c754854b8a5c43370808cf5f9929cf47712512ce2f8a2a20d2e9f568c2848b27dfbe0914" + "2843c83905ffa5da3b15501761b03dbc2c5398b6", + "7a0789323f8741c157a1753ae165ecaf8e8b03a60561f8b80cee467c", + "04101271a9addd4bd1f19d00bf116c8524f52cefd598e85dc381597acb2f17d14f4d8ccb" + "28b216553718152ba7c104646d8eca986dd9ddea39", + "d169f04f05b60c625cda864d187938863964dab7bb3b9dfc04b05519", + "e4a51be686a764b709da23ab48b1985e153c6ee238d945e743907afc", + "118a8f1ffe3cd556ce6345bd1a398dd9cc3729b7fd6d8af9bfd82f40" }, + { NID_secp224r1, NID_sha384, + "1eb28c0bcdd18f73e347f957ece15b4cc83a771b0877e1feaac38e24028fb38ccea8b54e" + "e017dc7c3d5a1327bc6f40b294aa65d7dc487f278846cd101ee84202f14b38aa2c275046" + "aa2577f65ebaea41cd383e8def2fd0b4444dcf426fa75c4082cd7fa035cdb1e0d34a3c79" + "d42130f5b0273eae75bc701dda3aebe7358f41b5", + "78e795d0edb11fd9e28dc26b21e751aa89bea0d87932ef11c95c0e18", + "049edd544107977134bf6360d43ccabb3c94d627c03963c0a04b439627ece4c61d319a0e" + "41f3de7863e7c355bac94395aaa74cdb5f74a87a5b", + "36f7c0f76808b826a0a974a1fd6e155e00a73f1d34674a8f88be405a", + "3e319444438bc2cc92f323ea842cb402b3c3c2448c89869ef7998edb", + "3420cc38f058f41c31e71f4b1ad488f801111c73541de69fcee60695" }, + { NID_secp224r1, NID_sha384, + "efab51855407438fd5c250670366bca3c026ecec4a59394f00d8a4b51746d0c456436665" + "6d507e3e13e62fe7abeb976b8859895848dbaecf6582f1898ea06f00d4247702ed9721bd" + "375aa83ae4c67c2eaa6e080777ea5ecf2cf787d785389560ac91cf63a52f0373c3185e18" + "a3b8a466e21b61a239f1b77624eb1acacc76c4e1", + "bee02d8bc5bffb3fd3b4c9d6f686409f02662d10150d1e58d689966a", + "048848f964c847fe9dddc774618d4588c9cd56bbe588d7b1fb369c8bfaebbb699fbd0dc0" + "8859fe9132285fe20dff3b9d561c0640b6e0717607", + "59f1450d857b40e5552a4b8cd4ab0df2f01716635d172c1106840f21", + "a206d8398a16a991bc217f77f23c6f648384f254f255a8a876404444", + "eb1169cb5b1423dc0bfaffe565ae57f986e00de06405e3e7b605862e" }, + { NID_secp224r1, NID_sha384, + "31c29ca10279a417f0cc9b1382cf54dbfdfc89f2e6ef08c403c11f580cbf8674b141ed1a" + "417563282d99a55fc616d836421cde9424815c95e7fb7668bf3f137b29937f14882d74e0" + "34b732d78d91af7721aac4950734f5fa5d4b4d35534974f8cab6d2e6dca75ddb57e99148" + "c8a59df9fc5bcd723e546e8356f671cf2f65640a", + "dc0ddf6e501418bb8eafc5d7ccc143369e2aa441df8fc57d5f94a738", + "04063a5d632f4144376e14cfb03ad8ccf1489b613acd184d20dff66545e77727f057b043" + "d8a0f7458196b72e92d11f85b0891c6aaa9d915f58", + "ff0e5cae2671db7a1b90e22c63e7570bdd27352d45bac31e338debe0", + "5bc0b4998481ecbd3b6609184a84ca41d69b08c37138097f559259f8", + "0df8828eb1ca85e46405b94e1a2972c34c5e620a54e2f640f04aecc5" }, + { NID_secp224r1, NID_sha384, + "8db476f92e332519c1a0ece5d8deded6efbd2d8e8784eea0a6b4c3b4296c35f5f8de4317" + "e5c1627b91fb1973fee86c06e4992aa5a20cb7475c8808ff1da354d07a488dffa7838c6e" + "c1e3f99e3acba831f27bee8434eeda3eb36d0c6df3658883cd40068b1bed841310f6eb38" + "d4a3d07d85848770ff7933c054cd8b34662660b1", + "229d89b2fcf8441ffc95ebb2ac2ef156e25825782044b2b8bd6a3e01", + "04de616848d8044a44789ef1ba3a6dd66fe9257ddc57f7534e59a701be26cbf74a6d25e5" + "b34b96d30f327abd574cff7f7dbe6686573a7d6c5c", + "3b18ca6ec8e8e255ac88f64302745ca0b73ff94b2b2d48be95b4aaee", + "fa94fd8b827c06115c1eefd50afc02ce5926ee0e789667783c01c34b", + "edf766a66973cfc33e4159966c07321a7f6549c3c60e8586ef41402b" }, + { NID_secp224r1, NID_sha384, + "fcb272c828fe8fd3c6f8de9410c7b6e2b36717c1b0e5e359e9109bd7fc378978aa98182a" + "9d99961898ed88999b050d3b64d1457d7a899d6d273b9f4dde2aafa36d76329d62509043" + "c338f265fc4c7d938459b7fa3b230a9f6cb632b61489546bb4181a5ad7f0d7369b8caced" + "48eb374b075b2b325bc86add0f3b680cd9e80acd", + "97d747068147c0393a0bb5c159e2c9f1bd538f6204823294883abe28", + "043858a576eef2ce24d01766997fb81b3f3f78b6104cd188610be221d795ffc677ac7bfe" + "3e0bb4cffb17355a964c8356a807151b3cba5d1f4e", + "c1a2ec1ef16cfd5107c892790daefbed061be78bd8576696b60f64d5", + "18c908541843fcdac99b9ff6bb397f3f8094d16b42670216e4eaa2d7", + "c107a8a508ff57c5d4f78f86cc37e129c864d1c44ed5e73909613b74" }, + { NID_secp224r1, NID_sha512, + "7522492bdb916a597b8121f3e5c273b1d2800ef8c1db4f7dcbae633b60d7da5193ba53a6" + "3d7a377b351897c3b24903ae1cd1994211b259be3e6ae2cbc8970e4957fdf782c7d1bc7a" + "91c80c8ef65468d4ef35428f26e2940ae8b0bd9b8074236bf6c00d0ebe83f9ddb2ade0f8" + "35138d39f33b59f244e0037c171f1ba7045a96f5", + "ba5374541c13597bded6880849184a593d69d3d4f0b1cb4d0919cbd6", + "04ac635fe00e8b7a3c8ef5655bdfb7f83e8532e59c0cc0b6534d810ffa1d067aebeba66e" + "79b28ecfe59ac6fdf5e1970dc3a84499c9d90cd8e2", + "187ed1f45c466cbafcd4b9577fb222408c011225dcccfd20f08b8d89", + "f83d54945997584c923c09662c34cf9ad1e987da8bfd9be600e7a098", + "4ff2dba9dba992c98a095b1144a539310e1a570e20c88b7d0aa1955c" }, + { NID_secp224r1, NID_sha512, + "61097114ff855c3e34a62d9b853f8982d35f29cfa4a89893badbca7849e5fb437a1a38d6" + "451bf0ca5a0d528e352b8e4b57f2ea359a7fc8841d49dd3e570f9b016f14156b0bbc4be8" + "22e260bd147ec081454969e11cb0034b7450ef4deb7ed6edb977e2f4ed60121aa095fb0a" + "b40240dc329ecc917f5c64b4410612af065ee9dd", + "1e27187134d0a63542adf4665fba22f00cfc7b0a1e02effe913ceedc", + "04ecaea8ceea55c3bd418fd34a4ff2499e25e66a104eed846bc00c31d23933a356ab1f2d" + "abc303ff0a5d076131e77032e6f502336883bf78a7", + "34cb597deae9a3b1cada937abcd247161b19b2b336b20e2e42ae01f1", + "58177ba46fb291490b39368774accf72736412c1fb5ee0f27b9b1e02", + "58337d78b95a080bfcabb5809bee012501b4da84b8ef310a4628f11c" }, + { NID_secp224r1, NID_sha512, + "dd09ae6c982bb1440ca175a87766fefeacc49393ff797c446200662744f37a6e30c5d33b" + "a70cbd8f12277fd6cc0704c17478bbab2a3047469e9618e3c340a9c8caaff5ce7c8a4d90" + "ecae6a9b84b813419dec14460298e7521c9b7fdb7a2089328005bd51d57f92a1bcbeecd3" + "4aa40482b549e006bbf6c4ce66d34a22dda4e0e0", + "0905b40e6c29bfcbf55e04266f68f10ca8d3905001d68bb61a27749b", + "04d656b73b131aa4c6336a57849ce0d3682b6ab2113d013711e8c297626328335ffc2029" + "afbfe2a15cc5636978778c3f9dab84840b05f2e705", + "dc82840d147f893497a82f023d7d2cbf0a3a5b2ac6cc1b9b23e504be", + "583af080e0ec7c1ba5a491a84889b7b7b11ccfe18927c7c219b11757", + "b23700035349df25d839f0973bef78a7515287de6c83707907074fa6" }, + { NID_secp224r1, NID_sha512, + "37a73e2774d3b274db426c89b945696daa96035031f72cea01894b24508c7f81961ec254" + "d36ed6a0f448e11cf7950af769dc6cd2c47e52c6caf0ea92c270974f0214b4db436c36a6" + "0fb722060a6bb544462a82e1714f5906ec32886f7d59ebf289541c3a00ec1e004892ef2b" + "1286a0194f55d083c6ec92c64b8fd1452e1c68ba", + "afbaede5d75e4f241dd5b53220f3f5b9c1aa1d5d298e2d43236452dc", + "04fe83e59fc8ea8b939355d3258fe53a64d45f63031a0716b7cc416173f151d23060f1c8" + "56eb7f1f58be72a7228c3af89e43b56e9695b558c7", + "0fbbe7b40136c81a8fb894498d5502157a1cf5a89d0643de92cd38f6", + "24f3f457c7b72b7e759d5a8afbf330e31c5d8d2e36f92c0e79c5d87d", + "36fd1193def34f12a960740fd79fb38bf2b480726ccad540eb42cdf8" }, + { NID_secp224r1, NID_sha512, + "9dc2046ffdc6804544db964481abe5d2d276a2a9eeec4c7ad40215b1de23561d402db69b" + "d0f6eec2254711eea4487c64d9a6b62c3ebaf5ffa8db6e7e3a6e17154d126967a47a853a" + "6f8339bdca9be306a13c7f992ded7619b0da59909a49b1e0930360e05b47f18628a36d69" + "b2f87f2bfddd6a5d4a72f84dc76dbdd43f3a6a35", + "950b07b0c2b7539a21b5135bfede214733f2e009647d38d8b21d760c", + "04f43d13bbfcee3b724063b3910fea49fd591b81e86fdb813b1a492d0c6b4c8d6fa5dc66" + "1889e3cf5ec64997a78222837885f85d2fe9b684fb", + "83e110d0d1e700d2f36543028737d2a2f1474aa3b4b28998a39e4793", + "2685265bc878e85d10ab13293dec190881a57c4a467f8fc2170432ea", + "80a347bb49036522369339bd6485a967cdda818915d8eb947302fcf9" }, + { NID_secp224r1, NID_sha512, + "d9c6847fce688c5e7525a1098b545cb6c15dcd21a02761fc82fc664372a667390680135f" + "91c01a2fa5430c634b1a6d1cd6002d8aa021e7bf5956a7901c2f81bc25d502ba5f55a55f" + "30c0323dc68205cbefec0538e68654e7b327ac1743641896c3e740d8f66f400902b304ea" + "faa4e0d8cffae140536f0922444cc3216a675697", + "015bd9f5dfef393b431c3c7fced24385d861ccb563542574a5d2a9bc", + "04e868690641e2cda13b289a6c5d2fb175940396044d9cf27b4f2240af4c78c9abdf2b7f" + "c67ed4497001d7bcf1daca1739dc14a661f91d7c40", + "e2374350f47c08f3c1359d4edf87e61d1ba4e7dd1540d8d9062efa79", + "e12dc088d2bc032bb214c77d0e0fb749fc8e61ebe1ed72996f1084b6", + "0ab58aa31e0bba5fbc76855e6549f1036fba0a589aeab978ab01b8fb" }, + { NID_secp224r1, NID_sha512, + "69df8a01b66f04930efd2012ff2243874f256ca8758145d2a9e4ecc84d0dbdbd0dc494ae" + "06db0ccbe819918137c90957114558580d6623efbafdd342b38dad9f08708084d32f874f" + "ba04782ce26aaab78de2102ad171f8a8f2b30b5bd3d55fdac5fa3acd6f7def7e61c25339" + "38572b331ba6d1c02bd74bfdbf7337ade8f4a190", + "0a3c259df933247445acffb6d8265b601d597fb9997dc2a1eb4deef4", + "04e67f4385a9da54253cc371ee9bc6739ae6385a4b87669c7baf0c460d2bb00b6ddd7b67" + "d9ac5653ec04ca8529fbf16f815c04da3c2e58e82d", + "8bf5859665b6a23e6b05a311580f60187ba1c4ae89e44877fb48af66", + "653675fb993c3fa9e57b32e33029ec230b966e8077c72c1ec90ddefc", + "792723bf87e315147cd4303de7f1dfe95cd7658ebb95c38c1a196140" }, + { NID_secp224r1, NID_sha512, + "927524982b8d60777c1105c86fac05f634abf58c73f84fb95d81ba0b86e1e43592c4fcad" + "2e395a40fbe7005697d86088e2fb3bb7287eb3f917d4f2dc281f5cbe65d05b4f9623bca8" + "49b10a03beca6aa2056a12ebb91cf257ac448c5e9a78f8349a6a29b17c8978bef43a443c" + "bb8a149eb23f794844fc41693f2dbb97181444be", + "a1c8ef463f9e7e3dd63e677412f87cf9ea4ac9a6a2dae629da5b9916", + "04400e5cd4b315ceb309545cd3277acb70bdae2073fda6ad896ea14b27fbe1d2466cd2e1" + "16f38248bd5cabaa6cbe6c4a2694d998abd7b0c991", + "82f55a25d3ed6e47c22a6eed0fa52ed0818b87d6ea7950281dfefc09", + "16305a46a3f6f9e216ef8f6a6f5f0760d064a885657c864e1c1ea035", + "58fd97050bfbca6f87e64e1458c4ad80bae26e280356da344ad3b25d" }, + { NID_secp224r1, NID_sha512, + "5f9042283561e7f19a436d01c7ef5a950a6d77ede5629cd7e43c0a5d58e8c5673c37945a" + "453291d12938253c71dbe12c8b022ba7276eda6be034ef5ec1ec77dbd1e08f0d7b8e7725" + "b7ec671c075e008a20f77f4ab266f97079b0aa6337df59a33b881954084057b21f294dd1" + "4bcb0869a4a6f1f597955ec7bf9d19bb3537a66a", + "fa511dbf6fef7e5e9c73e4555eb75d435f7884322d9faf5d78cacc0b", + "04e8dccd706c31f895f2f261ab979cbab51b8ae28196bcc12a42046380ec246be8e71ea3" + "859cb717a59990fe22e4b76858ff49becd70739a01", + "a37d665fe4314aa4cd03eb8e6a1f366b43e11fdb419c96b48f787b62", + "05e4909bcc172ab4140be291aad4660e375032bce2d762b6269ba764", + "e347a1c9d3670690e1d8d1d4cd9579848f442199c10526488da5cebf" }, + { NID_secp224r1, NID_sha512, + "c2ae5573d3bf396523bfb703db8502fd0760cd1be528f6ddbfb95aad399e0b19f3bd9e0f" + "abdb05d49e3f893dffec5b627c9c2f7ad5f32e92e4e27a38cb5c28657657377fdfa1b66c" + "d7ac3d15c6d49df92d284db99f69744f37dc7cb4e7d52920fdb200a7942623a7057ba82e" + "467dcccaa5da416b48510d8364446a6a5e2a5aa8", + "a58bd53646400a646f0e4208320dc679a9664d1c6bfb27fdc8eac7ea", + "04e22e0dc4ecd96eb0071b72ba4b4988bf784f3fe73cb81bfb93d9ac4fb3e213e518bee1" + "367a4fb3703b9008bac9d95a1fc4aa61225fff9f3c", + "42c5b6f87d3bb1ed74f5ee8398d8f8c61e9e50ffa7a1da12d39893f9", + "5c0e5c6f057de1e99ef5d237a60d7a07fa9a42b120a82f573d9fb7b2", + "2fffc0bf550bd2f650fed085a84501cacfa6a1bb984df1f9237eaa59" }, + { NID_secp224r1, NID_sha512, + "03c1a1cd30a039d0dcb22fee2450a7fa79495a0d0f4f43d2de4d75bce003c0334a8860f5" + "c164dbd94888a9f751235a3e570d31070e3e1293a7be616af7176600585d36ac01360015" + "7d2569d491da4b8a3bf3630c26e0b9925412189f50b0ae6f04c86477932e2ecd8c354610" + "6ae1ebc684cc3adb27ed665eddece886adea4ce3", + "64bd4452b572cc95510ac2e572f41136299ff17f6e8448f4ffb571d0", + "0492521fa25c2e034d127e0921efdb167f0b2ff8b20504487ed87fa264e72c770e37375a" + "d7dc2c4e63e5701826f6606f6ffb9461ee61b4e872", + "eaf76ee4d7e00d13d8a6d03dffd07ad9a8bb6dc8176c9f93059b1b7f", + "cf5058e2a6cf5e61a138b013eb292f38a1b9f07239ae5941dbce8919", + "d14198621650d985d270bc997da6e78588fd0ef843b874c66a3de3c3" }, + { NID_secp224r1, NID_sha512, + "888f6d9bc7c86c0079fbfd42d8c08d6958f40f6e570fb0b1f03d2f8f8a63df4fcc87b379" + "a222cf835820a999d34996e08961f13b86b075e7fd1c303cd3baa44de42168561589012f" + "7e5300da4f8bdf470c07119a5d9f7ba7293568cd7c6a1b7fc1e41cda40bed7d46e5a28af" + "67ae2aabfefe67a86a1c601e6f5ee543e09bd7b6", + "7f3edb710df9d982f486233d0c176aa88f5a0ee81efa9b8145020294", + "04e7611e013e7b43ff5b8b57ad83333bffcc9e469ad23070b5791dc5947784da0a11dbe1" + "6208c6e0b6d5029e71fbec4dffc9fa046d3eeb71c9", + "94db7ef9a232593091eb9a74f289529c7e0d7fef21f80b3c8556b75e", + "a971f45bab10b1d16d7234ca8e4ec987da20d9e867f28aa063296e23", + "e38c538d65a7e1a28fd3ec53f015a7e5beb60e9d309f1e3ba4b2c3d2" }, + { NID_secp224r1, NID_sha512, + "48453340f1317769e6ee6e103153714365731163dc18f84e9f2fa4b120f9c5a9645ee2f9" + "b66c84c26d95912b422b009b64af96aa418b2427a4209f2e7513ba8e43ec8cf20b34e752" + "9b22eb1199545afe9a9f7d9bcb320aec9ee0162f91c0d1dd9674c9c284f25199c5e109f6" + "f84d7ed0d269cc6413edb81bc2c83e37d644d8b9", + "b569f8296ff1d9cc01fffd9919016e5730c1858bdb7b99527153751a", + "04242f34959516a4706172f7dede23110efa314bff22eb320ab88feeff45e3227710900a" + "8acfc9bcce728119d042f64ca40876c2b380ee46e0", + "ae61523866a8f43e6cdd42ba27a34ed06527e8a5842901a64c393f76", + "c2732a4e0815f9f785500e80147e9486994446beccf8a6a352b97585", + "6ecaece6487d7920e398f7f951ab7c7aba5832dabf03704106ad1244" }, + { NID_secp224r1, NID_sha512, + "4bdfd3b91d83108409ad765b256e0c9b9937ecf647f8e6f9fc807e2e72af8246178b3fe0" + "46b4ea10170450d71a4eec790ecb05f03d7077341de26c4db7eeae24d55c9a9093e837df" + "db38168fe8230cb9605825a1282fecd741989bfcdb34678fe077477927f66bd26d003e5d" + "da22043341a14dd31841ba483ad5ce2701e0f68e", + "41a4dd8eee39232b728516e2f21e66011e7426a6b25986c3ffa237e4", + "04c32988171caab178bf50dc7310bc7f604df5a9d19a8e602519c72d8af8985d112ad9de" + "05969e5364d943c1cc5cd198359f4c62b19da0e117", + "827d4999da81fa920c8492ccc1e2d5cdafed9754cf7382a859952071", + "89c61da7422ccd676baec07e2185c12e947a2374eede87847304be6c", + "2685379624717ea28422e8d001c090405a130b4ef9f1ac726c3ca502" }, + { NID_secp224r1, NID_sha512, + "e6cdee8558bc1eacc24e82f0624ce8d02cc8d925b4dd3dec3a72f4a4e0fb76076bfa3ef2" + "e2c33bdd7c27b322bdc09bbfee8fe46f75dbd7bbd2af09690b7137943efe21706e0a1b6d" + "3089540fc58d85ddb55ea836616db573e36c521be008893f40a0a7c349602cc178ea43be" + "59d31ec6449e7ff2c5379379f7d7645134df1bc3", + "67fa50569257c8cc89ac0325db4902003a62f30b917f53e4035a7e04", + "046773a0436a9c42635730413b19aa4166f08c69c0e5002953da42253b555138290b093b" + "f2fe79acda9131d920cd1e7ac43fb8775776cd713c", + "557cb45fd3a30b3bdbf08c56eabbd4478736024aaa52bf8448096453", + "8e92cf7a674aa5f7542dd95c695589a05747431692edd04804299b8f", + "af4908b41f8180b71a6ff10fd51f3d143147af6ddddf7534d3284ed9" }, + { NID_X9_62_prime256v1, NID_sha224, + "ff624d0ba02c7b6370c1622eec3fa2186ea681d1659e0a845448e777b75a8e77a77bb26e" + "5733179d58ef9bc8a4e8b6971aef2539f77ab0963a3415bbd6258339bd1bf55de65db520" + "c63f5b8eab3d55debd05e9494212170f5d65b3286b8b668705b1e2b2b5568610617abb51" + "d2dd0cb450ef59df4b907da90cfa7b268de8c4c2", + "708309a7449e156b0db70e5b52e606c7e094ed676ce8953bf6c14757c826f590", + "0429578c7ab6ce0d11493c95d5ea05d299d536801ca9cbd50e9924e43b733b83ab08c804" + "9879c6278b2273348474158515accaa38344106ef96803c5a05adc4800", + "58f741771620bdc428e91a32d86d230873e9140336fcfb1e122892ee1d501bdc", + "4a19274429e40522234b8785dc25fc524f179dcc95ff09b3c9770fc71f54ca0d", + "58982b79a65b7320f5b92d13bdaecdd1259e760f0f718ba933fd098f6f75d4b7" }, + { NID_X9_62_prime256v1, NID_sha224, + "9155e91fd9155eeed15afd83487ea1a3af04c5998b77c0fe8c43dcc479440a8a9a89efe8" + "83d9385cb9edfde10b43bce61fb63669935ad39419cf29ef3a936931733bfc2378e253e7" + "3b7ae9a3ec7a6a7932ab10f1e5b94d05160c053988f3bdc9167155d069337d42c9a70566" + "19efc031fa5ec7310d29bd28980b1e3559757578", + "90c5386100b137a75b0bb495002b28697a451add2f1f22cb65f735e8aaeace98", + "044a92396ff7930b1da9a873a479a28a9896af6cc3d39345b949b726dc3cd978b5475abb" + "18eaed948879b9c1453e3ef2755dd90f77519ec7b6a30297aad08e4931", + "36f853b5c54b1ec61588c9c6137eb56e7a708f09c57513093e4ecf6d739900e5", + "38b29558511061cfabdc8e5bb65ac2976d1aa2ba9a5deab8074097b2172bb9ad", + "0de2cde610502b6e03c0b23602eafbcd3faf886c81d111d156b7aa550f5bcd51" }, + { NID_X9_62_prime256v1, NID_sha224, + "b242a7586a1383368a33c88264889adfa3be45422fbef4a2df4e3c5325a9c7757017e0d5" + "cf4bbf4de7f99d189f81f1fd2f0dd645574d1eb0d547eead9375677819297c1abe62526a" + "e29fc54cdd11bfe17714f2fbd2d0d0e8d297ff98535980482dd5c1ebdc5a7274aabf1382" + "c9f2315ca61391e3943856e4c5e616c2f1f7be0d", + "a3a43cece9c1abeff81099fb344d01f7d8df66447b95a667ee368f924bccf870", + "045775174deb0248112e069cb86f1546ac7a78bc2127d0cb953bad46384dd6be5ba27020" + "952971cc0b0c3abd06e9ca3e141a4943f560564eba31e5288928bc7ce7", + "a0d9a7a245bd9b9aa86cecb89341c9de2e4f9b5d095a8150826c7ba7fb3e7df7", + "b02a440add66a9ff9c3c0e9acf1be678f6bd48a10cbdec2ad6d186ffe05f3f2a", + "a98bea42aec56a1fcecec00a1cc69b01fcbcf5de7ac1b2f2dcc09b6db064f92b" }, + { NID_X9_62_prime256v1, NID_sha224, + "b64005da76b24715880af94dba379acc25a047b06066c9bedc8f17b8c74e74f4fc720d9f" + "4ef0e2a659e0756931c080587ebdcd0f85e819aea6dacb327a9d96496da53ea21aef3b2e" + "793a9c0def5196acec99891f46ead78a85bc7ab644765781d3543da9fbf9fec916dca975" + "ef3b4271e50ecc68bf79b2d8935e2b25fc063358", + "7bbc8ff13f6f921f21e949b224c16b7176c5984d312b671cf6c2e4841135fc7f", + "04f888e913ec6f3cd8b31eb89e4f8aaa8887d30ae5348ed7118696949d5b8cc7c108895d" + "09620500d244e5035e262dea3f2867cd8967b226324d5c05220d8b410c", + "21c942f3b487accbf7fadc1c4b7a6c7567ce876c195022459fa1ebf6d04ffbaa", + "2e6cc883b8acc904ee9691ef4a9f1f5a9e5fbfde847cda3be833f949fb9c7182", + "2ac48f7a930912131a8b4e3ab495307817c465d638c2a9ea5ae9e2808806e20a" }, + { NID_X9_62_prime256v1, NID_sha224, + "fe6e1ea477640655eaa1f6e3352d4bce53eb3d95424df7f238e93d8531da8f36bc35fa6b" + "e4bf5a6a382e06e855139eb617a9cc9376b4dafacbd80876343b12628619d7cbe1bff675" + "7e3706111ed53898c0219823adbc044eaf8c6ad449df8f6aab9d444dadb5c3380eec0d91" + "694df5fc4b30280d4b87d27e67ae58a1df828963", + "daf5ec7a4eebc20d9485796c355b4a65ad254fe19b998d0507e91ea24135f45d", + "04137c465085c1b1b8cccbe9fccbe9d0295a331aaf332f3ed2e285d16e574b943bd3e8d5" + "a24cd218c19760b0e85b35a8569945aa857cbf0fd6a3ce127581b217b6", + "343251dffa56e6a612fec7b078f9c3819eab402a72686b894a47a08fd97e6c23", + "775e25a296bd259510ae9375f548997bec8a744900022945281dc8c4d94f2b5b", + "d87592ceab773ae103daebbb56a04144aaccb1e14efc1024dc36c0e382df1f70" }, + { NID_X9_62_prime256v1, NID_sha224, + "907c0c00dc080a688548957b5b8b1f33ba378de1368023dcad43242411f554eb7d392d3e" + "5c1668fad3944ff9634105343d83b8c85d2a988da5f5dc60ee0518327caed6dd5cf4e9bc" + "6222deb46d00abde745f9b71d6e7aee6c7fdfc9ed053f2c0b611d4c6863088bd012ea981" + "0ee94f8e58905970ebd07353f1f409a371ed03e3", + "8729a8396f262dabd991aa404cc1753581cea405f0d19222a0b3f210de8ee3c5", + "0482b1f1a7af9b48ca8452613d7032beb0e4f28fe710306aeccc959e4d03662a355e39f3" + "3574097b8d32b471a591972496f5d44db344c037d13f06fafc75f016fd", + "6de9e21f0b2cacc1762b3558fd44d3cf156b85dbef430dd28d59713bfb9cfa0b", + "a754b42720e71925d51fcef76151405a3696cc8f9fc9ca7b46d0b16edd7fb699", + "603924780439cc16ac4cf97c2c3065bc95353aa9179d0ab5f0322ca82f851cf2" }, + { NID_X9_62_prime256v1, NID_sha224, + "771c4d7bce05610a3e71b272096b57f0d1efcce33a1cb4f714d6ebc0865b2773ec5eedc2" + "5fae81dee1d256474dbd9676623614c150916e6ed92ce4430b26037d28fa5252ef6b10c0" + "9dc2f7ee5a36a1ea7897b69f389d9f5075e271d92f4eb97b148f3abcb1e5be0b4feb8278" + "613d18abf6da60bfe448238aa04d7f11b71f44c5", + "f1b62413935fc589ad2280f6892599ad994dae8ca3655ed4f7318cc89b61aa96", + "04e0bbfe4016eea93e6f509518cbffc25d492de6ebbf80465a461caa5bdc0181593231ee" + "7a119d84fa56e3034d50fea85929aec2eb437abc7646821e1bf805fb50", + "7a33eeb9f469afd55de2fb786847a1d3e7797929305c0f90d953b6f143bb8fc6", + "96d1c9399948254ea381631fc0f43ea808110506db8aacf081df5535ac5eb8ad", + "73bf3691260dddd9997c97313f2a70783eacf8d15bdfb34bb13025cdfae72f70" }, + { NID_X9_62_prime256v1, NID_sha224, + "a3b2825235718fc679b942e8ac38fb4f54415a213c65875b5453d18ca012320ddfbbc58b" + "991eaebadfc2d1a28d4f0cd82652b12e4d5bfda89eda3be12ac52188e38e8cce32a264a3" + "00c0e463631f525ae501348594f980392c76b4a12ddc88e5ca086cb8685d03895919a862" + "7725a3e00c4728e2b7c6f6a14fc342b2937fc3dd", + "4caaa26f93f009682bbba6db6b265aec17b7ec1542bda458e8550b9e68eed18d", + "04e3c58c1c254d11c7e781ad133e4c36dd1b5de362120d336a58e7b68813f3fbee59760d" + "b66120afe0d962c81a8e5586588fd19de2f40556371611c73af22c8a68", + "c0d37142dc8b0d614fad20c4d35af6eb819e259e513ddeac1e1c273e7e1dc1bb", + "25dd8e4086c62a40d2a310e2f90f6af5cb7e677b4dfdb4dc4e99e23ea2f0e6dc", + "90ad62c179b0c9d61f521dde1cd762bfd224b5525c39c3706f2549313ddb4f39" }, + { NID_X9_62_prime256v1, NID_sha224, + "3e6e2a9bffd729ee5d4807849cd4250021d8184cda723df6ab0e5c939d39237c8e58af9d" + "869fe62d3c97b3298a99e891e5e11aa68b11a087573a40a3e83c7965e7910d72f81cad0f" + "42accc5c25a4fd3cdd8cee63757bbbfbdae98be2bc867d3bcb1333c4632cb0a55dffeb77" + "d8b119c466cd889ec468454fabe6fbee7102deaf", + "7af4b150bb7167cb68037f280d0823ce5320c01a92b1b56ee1b88547481b1de9", + "04cb3634ec4f0cbb99986be788f889e586026d5a851e80d15382f1bdb1bda2bc7551e4e4" + "3bc16fb114896b18198a1aebe6054ba20ed0c0317c1b8776158c0e6bfb", + "98edd59fafbcaee5f64e84eb5ed59fff45d14aabada47cee2fa674377173627a", + "261a1cdb0fd93c0fb06ea6068b6b03c330a12f621a7eba76682a1d152c0e8d08", + "7ca049bad54feee101d6db807635ffb8bdb05a38e445c8c3d65d60df143514c5" }, + { NID_X9_62_prime256v1, NID_sha224, + "52e5c308e70329a17c71eaedb66bbee303c8ec48a6f1a2efb235d308563cd58553d434e1" + "2f353227a9ea28608ec9c820ed83c95124e7a886f7e832a2de1032e78dc059208f9ec354" + "170b2b1cab992b52ac01e6c0e4e1b0112686962edc53ab226dafcc9fc7baed2cd9307160" + "e8572edb125935db49289b178f35a8ad23f4f801", + "52ad53e849e30bec0e6345c3e9d98ebc808b19496c1ef16d72ab4a00bbb8c634", + "047cca1334bfc2a78728c50b370399be3f9690d445aa03c701da643eeb0b0f7fa83f7522" + "238668e615405e49b2f63faee58286000a30cdb4b564ac0df99bc8950f", + "8650c30712fc253610884fbba4a332a4574d4b7822f7776cab1df8f5fa05442a", + "a18194c7ac5829afc408d78dde19542837e7be82706c3941b2d9c5e036bb51e0", + "188ead1cdf7c1d21114ff56d0421ffd501ab978ef58337462c0fa736d86299af" }, + { NID_X9_62_prime256v1, NID_sha224, + "d3e9e82051d4c84d699453c9ff44c7c09f6523bb92232bcf30bf3c380224249de2964e87" + "1d56a364d6955c81ef91d06482a6c7c61bc70f66ef22fad128d15416e7174312619134f9" + "68f1009f92cbf99248932efb533ff113fb6d949e21d6b80dfbbe69010c8d1ccb0f3808ea" + "309bb0bac1a222168c95b088847e613749b19d04", + "80754962a864be1803bc441fa331e126005bfc6d8b09ed38b7e69d9a030a5d27", + "040aaeed6dd1ae020d6eefc98ec4241ac93cbd3c8afed05bb28007e7da5727571b2dda1d" + "5b7872eb94dfffb456115037ff8d3e72f8ebdd8fcfc42391f96809be69", + "738e050aeefe54ecba5be5f93a97bbcb7557d701f9da2d7e88483454b97b55a8", + "8cb9f41dfdcb9604e0725ac9b78fc0db916dc071186ee982f6dba3da36f02efa", + "5c87fe868fd4282fb114f5d70e9590a10a5d35cedf3ff6402ba5c4344738a32e" }, + { NID_X9_62_prime256v1, NID_sha224, + "968951c2c1918436fe19fa2fe2152656a08f9a6b8aa6201920f1b424da98cee71928897f" + "f087620cc5c551320b1e75a1e98d7d98a5bd5361c9393759614a6087cc0f7fb01fcb1737" + "83eb4c4c23961a8231ac4a07d72e683b0c1bd4c51ef1b031df875e7b8d5a6e0628949f5b" + "8f157f43dccaea3b2a4fc11181e6b451e06ceb37", + "cfa8c8bd810eb0d73585f36280ecdd296ee098511be8ad5eac68984eca8eb19d", + "04c227a2af15dfa8734e11c0c50f77e24e77ed58dd8cccf1b0e9fa06bee1c64766b68659" + "2ce3745eb300d2704083db55e1fa8274e4cb7e256889ccc0bb34a60570", + "2d6b449bb38b543d6b6d34ff8cb053f5e5b337f949b069b21f421995ebb28823", + "5e89d3c9b103c2fa3cb8cebeec23640acda0257d63ffbe2d509bfc49fab1dca6", + "d70c5b1eeb29e016af9925798d24e166c23d58fedd2f1a3bbdb1ef78cdbfb63a" }, + { NID_X9_62_prime256v1, NID_sha224, + "78048628932e1c1cdd1e70932bd7b76f704ba08d7e7d825d3de763bf1a062315f4af16ec" + "cefe0b6ebadccaf403d013f50833ce2c54e24eea8345e25f93b69bb048988d102240225c" + "eacf5003e2abdcc90299f4bf2c101585d36ecdd7a155953c674789d070480d1ef47cc785" + "8e97a6d87c41c6922a00ea12539f251826e141b4", + "b2021e2665ce543b7feadd0cd5a4bd57ffcc5b32deb860b4d736d9880855da3c", + "04722e0abad4504b7832a148746153777694714eca220eced2b2156ca64cfed3ddf0351b" + "357b3081e859c46cad5328c5afa10546e92bc6c3fd541796ac30397a75", + "b15bbce4b382145de7ecd670d947e77555ef7cd1693bd53c694e2b52b04d10e1", + "9d086dcd22da165a43091991bede9c1c14515e656633cb759ec2c17f51c35253", + "23595ad1cb714559faaecaf946beb9a71e584616030ceaed8a8470f4bf62768f" }, + { NID_X9_62_prime256v1, NID_sha224, + "9b0800c443e693067591737fdbcf0966fdfa50872d41d0c189d87cbc34c2771ee5e1255f" + "d604f09fcf167fda16437c245d299147299c69046895d22482db29aba37ff57f756716cd" + "3d6223077f747c4caffbecc0a7c9dfaaafd9a9817470ded8777e6355838ac54d11b2f0fc" + "3f43668ff949cc31de0c2d15af5ef17884e4d66a", + "0c9bce6a568ca239395fc3552755575cbcdddb1d89f6f5ab354517a057b17b48", + "044814d454495df7103e2da383aba55f7842fd84f1750ee5801ad32c10d0be6c7da0bd03" + "9d5097c8f0770477f6b18d247876e88e528bf0453eab515ffab8a9eda3", + "d414f1525cdcc41eba1652de017c034ebcc7946cb2efe4713d09f67c85b83153", + "84db02c678f9a21208cec8564d145a35ba8c6f26b4eb7e19522e439720dae44c", + "537c564da0d2dc5ac4376c5f0ca3b628d01d48df47a83d842c927e4d6db1e16d" }, + { NID_X9_62_prime256v1, NID_sha224, + "fc3b8291c172dae635a6859f525beaf01cf683765d7c86f1a4d768df7cae055f639eccc0" + "8d7a0272394d949f82d5e12d69c08e2483e11a1d28a4c61f18193106e12e5de4a9d0b4bf" + "341e2acd6b715dc83ae5ff63328f8346f35521ca378b311299947f63ec593a5e32e6bd11" + "ec4edb0e75302a9f54d21226d23314729e061016", + "1daa385ec7c7f8a09adfcaea42801a4de4c889fb5c6eb4e92bc611d596d68e3f", + "04f04e9f2831d9697ae146c7d4552e5f91085cc46778400b75b76f00205252941dbd2671" + "48174cd0c2b019cd0a5256e2f3f889d1e597160372b5a1339c8d787f10", + "7707db348ee6f60365b43a2a994e9b40ed56fe03c2c31c7e781bc4ffadcba760", + "5d95c385eeba0f15db0b80ae151912409128c9c80e554246067b8f6a36d85ea5", + "db5d8a1e345f883e4fcb3871276f170b783c1a1e9da6b6615913368a8526f1c3" }, + { NID_X9_62_prime256v1, NID_sha256, + "5905238877c77421f73e43ee3da6f2d9e2ccad5fc942dcec0cbd25482935faaf416983fe" + "165b1a045ee2bcd2e6dca3bdf46c4310a7461f9a37960ca672d3feb5473e253605fb1ddf" + "d28065b53cb5858a8ad28175bf9bd386a5e471ea7a65c17cc934a9d791e91491eb3754d0" + "3799790fe2d308d16146d5c9b0d0debd97d79ce8", + "519b423d715f8b581f4fa8ee59f4771a5b44c8130b4e3eacca54a56dda72b464", + "041ccbe91c075fc7f4f033bfa248db8fccd3565de94bbfb12f3c59ff46c271bf83ce4014" + "c68811f9a21a1fdb2c0e6113e06db7ca93b7404e78dc7ccd5ca89a4ca9", + "94a1bbb14b906a61a280f245f9e93c7f3b4a6247824f5d33b9670787642a68de", + "f3ac8061b514795b8843e3d6629527ed2afd6b1f6a555a7acabb5e6f79c8c2ac", + "8bf77819ca05a6b2786c76262bf7371cef97b218e96f175a3ccdda2acc058903" }, + { NID_X9_62_prime256v1, NID_sha256, + "c35e2f092553c55772926bdbe87c9796827d17024dbb9233a545366e2e5987dd344deb72" + "df987144b8c6c43bc41b654b94cc856e16b96d7a821c8ec039b503e3d86728c494a967d8" + "3011a0e090b5d54cd47f4e366c0912bc808fbb2ea96efac88fb3ebec9342738e225f7c7c" + "2b011ce375b56621a20642b4d36e060db4524af1", + "0f56db78ca460b055c500064824bed999a25aaf48ebb519ac201537b85479813", + "04e266ddfdc12668db30d4ca3e8f7749432c416044f2d2b8c10bf3d4012aeffa8abfa864" + "04a2e9ffe67d47c587ef7a97a7f456b863b4d02cfc6928973ab5b1cb39", + "6d3e71882c3b83b156bb14e0ab184aa9fb728068d3ae9fac421187ae0b2f34c6", + "976d3a4e9d23326dc0baa9fa560b7c4e53f42864f508483a6473b6a11079b2db", + "1b766e9ceb71ba6c01dcd46e0af462cd4cfa652ae5017d4555b8eeefe36e1932" }, + { NID_X9_62_prime256v1, NID_sha256, + "3c054e333a94259c36af09ab5b4ff9beb3492f8d5b4282d16801daccb29f70fe61a0b37f" + "fef5c04cd1b70e85b1f549a1c4dc672985e50f43ea037efa9964f096b5f62f7ffdf8d6bf" + "b2cc859558f5a393cb949dbd48f269343b5263dcdb9c556eca074f2e98e6d94c2c29a677" + "afaf806edf79b15a3fcd46e7067b7669f83188ee", + "e283871239837e13b95f789e6e1af63bf61c918c992e62bca040d64cad1fc2ef", + "0474ccd8a62fba0e667c50929a53f78c21b8ff0c3c737b0b40b1750b2302b0bde829074e" + "21f3a0ef88b9efdf10d06aa4c295cc1671f758ca0e4cd108803d0f2614", + "ad5e887eb2b380b8d8280ad6e5ff8a60f4d26243e0124c2f31a297b5d0835de2", + "35fb60f5ca0f3ca08542fb3cc641c8263a2cab7a90ee6a5e1583fac2bb6f6bd1", + "ee59d81bc9db1055cc0ed97b159d8784af04e98511d0a9a407b99bb292572e96" }, + { NID_X9_62_prime256v1, NID_sha256, + "0989122410d522af64ceb07da2c865219046b4c3d9d99b01278c07ff63eaf1039cb787ae" + "9e2dd46436cc0415f280c562bebb83a23e639e476a02ec8cff7ea06cd12c86dcc3adefbf" + "1a9e9a9b6646c7599ec631b0da9a60debeb9b3e19324977f3b4f36892c8a38671c8e1cc8" + "e50fcd50f9e51deaf98272f9266fc702e4e57c30", + "a3d2d3b7596f6592ce98b4bfe10d41837f10027a90d7bb75349490018cf72d07", + "04322f80371bf6e044bc49391d97c1714ab87f990b949bc178cb7c43b7c22d89e13c15d5" + "4a5cc6b9f09de8457e873eb3deb1fceb54b0b295da6050294fae7fd999", + "24fc90e1da13f17ef9fe84cc96b9471ed1aaac17e3a4bae33a115df4e5834f18", + "d7c562370af617b581c84a2468cc8bd50bb1cbf322de41b7887ce07c0e5884ca", + "b46d9f2d8c4bf83546ff178f1d78937c008d64e8ecc5cbb825cb21d94d670d89" }, + { NID_X9_62_prime256v1, NID_sha256, + "dc66e39f9bbfd9865318531ffe9207f934fa615a5b285708a5e9c46b7775150e818d7f24" + "d2a123df3672fff2094e3fd3df6fbe259e3989dd5edfcccbe7d45e26a775a5c4329a084f" + "057c42c13f3248e3fd6f0c76678f890f513c32292dd306eaa84a59abe34b16cb5e38d0e8" + "85525d10336ca443e1682aa04a7af832b0eee4e7", + "53a0e8a8fe93db01e7ae94e1a9882a102ebd079b3a535827d583626c272d280d", + "041bcec4570e1ec2436596b8ded58f60c3b1ebc6a403bc5543040ba829630572448af62a" + "4c683f096b28558320737bf83b9959a46ad2521004ef74cf85e67494e1", + "5d833e8d24cc7a402d7ee7ec852a3587cddeb48358cea71b0bedb8fabe84e0c4", + "18caaf7b663507a8bcd992b836dec9dc5703c080af5e51dfa3a9a7c387182604", + "77c68928ac3b88d985fb43fb615fb7ff45c18ba5c81af796c613dfa98352d29c" }, + { NID_X9_62_prime256v1, NID_sha256, + "600974e7d8c5508e2c1aab0783ad0d7c4494ab2b4da265c2fe496421c4df238b0be25f25" + "659157c8a225fb03953607f7df996acfd402f147e37aee2f1693e3bf1c35eab3ae360a2b" + "d91d04622ea47f83d863d2dfecb618e8b8bdc39e17d15d672eee03bb4ce2cc5cf6b217e5" + "faf3f336fdd87d972d3a8b8a593ba85955cc9d71", + "4af107e8e2194c830ffb712a65511bc9186a133007855b49ab4b3833aefc4a1d", + "04a32e50be3dae2c8ba3f5e4bdae14cf7645420d425ead94036c22dd6c4fc59e00d623bf" + "641160c289d6742c6257ae6ba574446dd1d0e74db3aaa80900b78d4ae9", + "e18f96f84dfa2fd3cdfaec9159d4c338cd54ad314134f0b31e20591fc238d0ab", + "8524c5024e2d9a73bde8c72d9129f57873bbad0ed05215a372a84fdbc78f2e68", + "d18c2caf3b1072f87064ec5e8953f51301cada03469c640244760328eb5a05cb" }, + { NID_X9_62_prime256v1, NID_sha256, + "dfa6cb9b39adda6c74cc8b2a8b53a12c499ab9dee01b4123642b4f11af336a91a5c9ce05" + "20eb2395a6190ecbf6169c4cba81941de8e76c9c908eb843b98ce95e0da29c5d43880402" + "64e05e07030a577cc5d176387154eabae2af52a83e85c61c7c61da930c9b19e45d7e34c8" + "516dc3c238fddd6e450a77455d534c48a152010b", + "78dfaa09f1076850b3e206e477494cddcfb822aaa0128475053592c48ebaf4ab", + "048bcfe2a721ca6d753968f564ec4315be4857e28bef1908f61a366b1f03c974790f6757" + "6a30b8e20d4232d8530b52fb4c89cbc589ede291e499ddd15fe870ab96", + "295544dbb2da3da170741c9b2c6551d40af7ed4e891445f11a02b66a5c258a77", + "c5a186d72df452015480f7f338970bfe825087f05c0088d95305f87aacc9b254", + "84a58f9e9d9e735344b316b1aa1ab5185665b85147dc82d92e969d7bee31ca30" }, + { NID_X9_62_prime256v1, NID_sha256, + "51d2547cbff92431174aa7fc7302139519d98071c755ff1c92e4694b58587ea560f72f32" + "fc6dd4dee7d22bb7387381d0256e2862d0644cdf2c277c5d740fa089830eb52bf79d1e75" + "b8596ecf0ea58a0b9df61e0c9754bfcd62efab6ea1bd216bf181c5593da79f10135a9bc6" + "e164f1854bc8859734341aad237ba29a81a3fc8b", + "80e692e3eb9fcd8c7d44e7de9f7a5952686407f90025a1d87e52c7096a62618a", + "04a88bc8430279c8c0400a77d751f26c0abc93e5de4ad9a4166357952fe041e7672d365a" + "1eef25ead579cc9a069b6abc1b16b81c35f18785ce26a10ba6d1381185", + "7c80fd66d62cc076cef2d030c17c0a69c99611549cb32c4ff662475adbe84b22", + "9d0c6afb6df3bced455b459cc21387e14929392664bb8741a3693a1795ca6902", + "d7f9ddd191f1f412869429209ee3814c75c72fa46a9cccf804a2f5cc0b7e739f" }, + { NID_X9_62_prime256v1, NID_sha256, + "558c2ac13026402bad4a0a83ebc9468e50f7ffab06d6f981e5db1d082098065bcff6f21a" + "7a74558b1e8612914b8b5a0aa28ed5b574c36ac4ea5868432a62bb8ef0695d27c1e3ceaf" + "75c7b251c65ddb268696f07c16d2767973d85beb443f211e6445e7fe5d46f0dce70d58a4" + "cd9fe70688c035688ea8c6baec65a5fc7e2c93e8", + "5e666c0db0214c3b627a8e48541cc84a8b6fd15f300da4dff5d18aec6c55b881", + "041bc487570f040dc94196c9befe8ab2b6de77208b1f38bdaae28f9645c4d2bc3aec8160" + "2abd8345e71867c8210313737865b8aa186851e1b48eaca140320f5d8f", + "2e7625a48874d86c9e467f890aaa7cd6ebdf71c0102bfdcfa24565d6af3fdce9", + "2f9e2b4e9f747c657f705bffd124ee178bbc5391c86d056717b140c153570fd9", + "f5413bfd85949da8d83de83ab0d19b2986613e224d1901d76919de23ccd03199" }, + { NID_X9_62_prime256v1, NID_sha256, + "4d55c99ef6bd54621662c3d110c3cb627c03d6311393b264ab97b90a4b15214a5593ba25" + "10a53d63fb34be251facb697c973e11b665cb7920f1684b0031b4dd370cb927ca7168b0b" + "f8ad285e05e9e31e34bc24024739fdc10b78586f29eff94412034e3b606ed850ec2c1900" + "e8e68151fc4aee5adebb066eb6da4eaa5681378e", + "f73f455271c877c4d5334627e37c278f68d143014b0a05aa62f308b2101c5308", + "04b8188bd68701fc396dab53125d4d28ea33a91daf6d21485f4770f6ea8c565dde423f05" + "8810f277f8fe076f6db56e9285a1bf2c2a1dae145095edd9c04970bc4a", + "62f8665fd6e26b3fa069e85281777a9b1f0dfd2c0b9f54a086d0c109ff9fd615", + "1cc628533d0004b2b20e7f4baad0b8bb5e0673db159bbccf92491aef61fc9620", + "880e0bbf82a8cf818ed46ba03cf0fc6c898e36fca36cc7fdb1d2db7503634430" }, + { NID_X9_62_prime256v1, NID_sha256, + "f8248ad47d97c18c984f1f5c10950dc1404713c56b6ea397e01e6dd925e903b4fadfe2c9" + "e877169e71ce3c7fe5ce70ee4255d9cdc26f6943bf48687874de64f6cf30a012512e787b" + "88059bbf561162bdcc23a3742c835ac144cc14167b1bd6727e940540a9c99f3cbb41fb1d" + "cb00d76dda04995847c657f4c19d303eb09eb48a", + "b20d705d9bd7c2b8dc60393a5357f632990e599a0975573ac67fd89b49187906", + "0451f99d2d52d4a6e734484a018b7ca2f895c2929b6754a3a03224d07ae61166ce4737da" + "963c6ef7247fb88d19f9b0c667cac7fe12837fdab88c66f10d3c14cad1", + "72b656f6b35b9ccbc712c9f1f3b1a14cbbebaec41c4bca8da18f492a062d6f6f", + "9886ae46c1415c3bc959e82b760ad760aab66885a84e620aa339fdf102465c42", + "2bf3a80bc04faa35ebecc0f4864ac02d349f6f126e0f988501b8d3075409a26c" }, + { NID_X9_62_prime256v1, NID_sha256, + "3b6ee2425940b3d240d35b97b6dcd61ed3423d8e71a0ada35d47b322d17b35ea0472f35e" + "dd1d252f87b8b65ef4b716669fc9ac28b00d34a9d66ad118c9d94e7f46d0b4f6c2b2d339" + "fd6bcd351241a387cc82609057048c12c4ec3d85c661975c45b300cb96930d89370a327c" + "98b67defaa89497aa8ef994c77f1130f752f94a4", + "d4234bebfbc821050341a37e1240efe5e33763cbbb2ef76a1c79e24724e5a5e7", + "048fb287f0202ad57ae841aea35f29b2e1d53e196d0ddd9aec24813d64c0922fb71f6daf" + "f1aa2dd2d6d3741623eecb5e7b612997a1039aab2e5cf2de969cfea573", + "d926fe10f1bfd9855610f4f5a3d666b1a149344057e35537373372ead8b1a778", + "490efd106be11fc365c7467eb89b8d39e15d65175356775deab211163c2504cb", + "644300fc0da4d40fb8c6ead510d14f0bd4e1321a469e9c0a581464c7186b7aa7" }, + { NID_X9_62_prime256v1, NID_sha256, + "c5204b81ec0a4df5b7e9fda3dc245f98082ae7f4efe81998dcaa286bd4507ca840a53d21" + "b01e904f55e38f78c3757d5a5a4a44b1d5d4e480be3afb5b394a5d2840af42b1b4083d40" + "afbfe22d702f370d32dbfd392e128ea4724d66a3701da41ae2f03bb4d91bb946c7969404" + "cb544f71eb7a49eb4c4ec55799bda1eb545143a7", + "b58f5211dff440626bb56d0ad483193d606cf21f36d9830543327292f4d25d8c", + "0468229b48c2fe19d3db034e4c15077eb7471a66031f28a980821873915298ba76303e8e" + "e3742a893f78b810991da697083dd8f11128c47651c27a56740a80c24c", + "e158bf4a2d19a99149d9cdb879294ccb7aaeae03d75ddd616ef8ae51a6dc1071", + "e67a9717ccf96841489d6541f4f6adb12d17b59a6bef847b6183b8fcf16a32eb", + "9ae6ba6d637706849a6a9fc388cf0232d85c26ea0d1fe7437adb48de58364333" }, + { NID_X9_62_prime256v1, NID_sha256, + "72e81fe221fb402148d8b7ab03549f1180bcc03d41ca59d7653801f0ba853add1f6d29ed" + "d7f9abc621b2d548f8dbf8979bd16608d2d8fc3260b4ebc0dd42482481d548c7075711b5" + "759649c41f439fad69954956c9326841ea6492956829f9e0dc789f73633b40f6ac77bcae" + "6dfc7930cfe89e526d1684365c5b0be2437fdb01", + "54c066711cdb061eda07e5275f7e95a9962c6764b84f6f1f3ab5a588e0a2afb1", + "040a7dbb8bf50cb605eb2268b081f26d6b08e012f952c4b70a5a1e6e7d46af98bbf26dd7" + "d799930062480849962ccf5004edcfd307c044f4e8f667c9baa834eeae", + "646fe933e96c3b8f9f507498e907fdd201f08478d0202c752a7c2cfebf4d061a", + "b53ce4da1aa7c0dc77a1896ab716b921499aed78df725b1504aba1597ba0c64b", + "d7c246dc7ad0e67700c373edcfdd1c0a0495fc954549ad579df6ed1438840851" }, + { NID_X9_62_prime256v1, NID_sha256, + "21188c3edd5de088dacc1076b9e1bcecd79de1003c2414c3866173054dc82dde85169baa" + "77993adb20c269f60a5226111828578bcc7c29e6e8d2dae81806152c8ba0c6ada1986a19" + "83ebeec1473a73a04795b6319d48662d40881c1723a706f516fe75300f92408aa1dc6ae4" + "288d2046f23c1aa2e54b7fb6448a0da922bd7f34", + "34fa4682bf6cb5b16783adcd18f0e6879b92185f76d7c920409f904f522db4b1", + "04105d22d9c626520faca13e7ced382dcbe93498315f00cc0ac39c4821d0d737376c47f3" + "cbbfa97dfcebe16270b8c7d5d3a5900b888c42520d751e8faf3b401ef4", + "a6f463ee72c9492bc792fe98163112837aebd07bab7a84aaed05be64db3086f4", + "542c40a18140a6266d6f0286e24e9a7bad7650e72ef0e2131e629c076d962663", + "4f7f65305e24a6bbb5cff714ba8f5a2cee5bdc89ba8d75dcbf21966ce38eb66f" }, + { NID_X9_62_prime256v1, NID_sha384, + "e0b8596b375f3306bbc6e77a0b42f7469d7e83635990e74aa6d713594a3a24498feff500" + "6790742d9c2e9b47d714bee932435db747c6e733e3d8de41f2f91311f2e9fd8e02565163" + "1ffd84f66732d3473fbd1627e63dc7194048ebec93c95c159b5039ab5e79e42c80b484a9" + "43f125de3da1e04e5bf9c16671ad55a1117d3306", + "b6faf2c8922235c589c27368a3b3e6e2f42eb6073bf9507f19eed0746c79dced", + "04e0e7b99bc62d8dd67883e39ed9fa0657789c5ff556cc1fd8dd1e2a55e9e3f24363fbfd" + "0232b95578075c903a4dbf85ad58f8350516e1ec89b0ee1f5e1362da69", + "9980b9cdfcef3ab8e219b9827ed6afdd4dbf20bd927e9cd01f15762703487007", + "f5087878e212b703578f5c66f434883f3ef414dc23e2e8d8ab6a8d159ed5ad83", + "306b4c6c20213707982dffbb30fba99b96e792163dd59dbe606e734328dd7c8a" }, + { NID_X9_62_prime256v1, NID_sha384, + "099a0131179fff4c6928e49886d2fdb3a9f239b7dd5fa828a52cbbe3fcfabecfbba3e192" + "159b887b5d13aa1e14e6a07ccbb21f6ad8b7e88fee6bea9b86dea40ffb962f38554056fb" + "7c5bb486418915f7e7e9b9033fe3baaf9a069db98bc02fa8af3d3d1859a11375d6f98aa2" + "ce632606d0800dff7f55b40f971a8586ed6b39e9", + "118958fd0ff0f0b0ed11d3cf8fa664bc17cdb5fed1f4a8fc52d0b1ae30412181", + "04afda82260c9f42122a3f11c6058839488f6d7977f6f2a263c67d06e27ea2c3550ae2bb" + "dd2207c590332c5bfeb4c8b5b16622134bd4dc55382ae806435468058b", + "23129a99eeda3d99a44a5778a46e8e7568b91c31fb7a8628c5d9820d4bed4a6b", + "e446600cab1286ebc3bb332012a2f5cc33b0a5ef7291d5a62a84de5969d77946", + "cf89b12793ee1792eb26283b48fa0bdcb45ae6f6ad4b02564bf786bb97057d5a" }, + { NID_X9_62_prime256v1, NID_sha384, + "0fbc07ea947c946bea26afa10c51511039b94ddbc4e2e4184ca3559260da24a14522d149" + "7ca5e77a5d1a8e86583aeea1f5d4ff9b04a6aa0de79cd88fdb85e01f171143535f2f7c23" + "b050289d7e05cebccdd131888572534bae0061bdcc3015206b9270b0d5af9f1da2f9de91" + "772d178a632c3261a1e7b3fb255608b3801962f9", + "3e647357cd5b754fad0fdb876eaf9b1abd7b60536f383c81ce5745ec80826431", + "04702b2c94d039e590dd5c8f9736e753cf5824aacf33ee3de74fe1f5f7c858d5ed0c2889" + "4e907af99fb0d18c9e98f19ac80dd77abfa4bebe45055c0857b82a0f4d", + "9beab7722f0bcb468e5f234e074170a60225255de494108459abdf603c6e8b35", + "c4021fb7185a07096547af1fb06932e37cf8bd90cf593dea48d48614fa237e5e", + "7fb45d09e2172bec8d3e330aa06c43fbb5f625525485234e7714b7f6e92ba8f1" }, + { NID_X9_62_prime256v1, NID_sha384, + "1e38d750d936d8522e9db1873fb4996bef97f8da3c6674a1223d29263f1234a90b751785" + "316444e9ba698bc8ab6cd010638d182c9adad4e334b2bd7529f0ae8e9a52ad60f59804b2" + "d780ed52bdd33b0bf5400147c28b4304e5e3434505ae7ce30d4b239e7e6f0ecf058badd5" + "b388eddbad64d24d2430dd04b4ddee98f972988f", + "76c17c2efc99891f3697ba4d71850e5816a1b65562cc39a13da4b6da9051b0fd", + "04d12512e934c367e4c4384dbd010e93416840288a0ba00b299b4e7c0d91578b57ebf883" + "5661d9b578f18d14ae4acf9c357c0dc8b7112fc32824a685ed72754e23", + "77cffa6f9a73904306f9fcd3f6bbb37f52d71e39931bb4aec28f9b076e436ccf", + "4d5a9d95b0f09ce8704b0f457b39059ee606092310df65d3f8ae7a2a424cf232", + "7d3c014ca470a73cef1d1da86f2a541148ad542fbccaf9149d1b0b030441a7eb" }, + { NID_X9_62_prime256v1, NID_sha384, + "abcf0e0f046b2e0672d1cc6c0a114905627cbbdefdf9752f0c31660aa95f2d0ede72d179" + "19a9e9b1add3213164e0c9b5ae3c76f1a2f79d3eeb444e6741521019d8bd5ca391b28c10" + "63347f07afcfbb705be4b52261c19ebaf1d6f054a74d86fb5d091fa7f229450996b76f0a" + "da5f977b09b58488eebfb5f5e9539a8fd89662ab", + "67b9dea6a575b5103999efffce29cca688c781782a41129fdecbce76608174de", + "04b4238b029fc0b7d9a5286d8c29b6f3d5a569e9108d44d889cd795c4a385905be8cb3ff" + "f8f6cca7187c6a9ad0a2b1d9f40ae01b32a7e8f8c4ca75d71a1fffb309", + "d02617f26ede3584f0afcfc89554cdfb2ae188c192092fdde3436335fafe43f1", + "26fd9147d0c86440689ff2d75569795650140506970791c90ace0924b44f1586", + "00a34b00c20a8099df4b0a757cbef8fea1cb3ea7ced5fbf7e987f70b25ee6d4f" }, + { NID_X9_62_prime256v1, NID_sha384, + "dc3d4884c741a4a687593c79fb4e35c5c13c781dca16db561d7e393577f7b62ca41a6e25" + "9fc1fb8d0c4e1e062517a0fdf95558b7799f20c211796167953e6372c11829beec64869d" + "67bf3ee1f1455dd87acfbdbcc597056e7fb347a17688ad32fda7ccc3572da7677d7255c2" + "61738f07763cd45973c728c6e9adbeecadc3d961", + "ecf644ea9b6c3a04fdfe2de4fdcb55fdcdfcf738c0b3176575fa91515194b566", + "04c3bdc7c795ec94620a2cfff614c13a3390a5e86c892e53a24d3ed22228bc85bf70480f" + "c5cf4aacd73e24618b61b5c56c1ced8c4f1b869580ea538e68c7a61ca3", + "53291d51f68d9a12d1dcdc58892b2f786cc15f631f16997d2a49bace513557d4", + "a860c8b286edf973ce4ce4cf6e70dc9bbf3818c36c023a845677a9963705df8b", + "5630f986b1c45e36e127dd7932221c4272a8cc6e255e89f0f0ca4ec3a9f76494" }, + { NID_X9_62_prime256v1, NID_sha384, + "719bf1911ae5b5e08f1d97b92a5089c0ab9d6f1c175ac7199086aeeaa416a17e6d6f8486" + "c711d386f284f096296689a54d330c8efb0f5fa1c5ba128d3234a3da856c2a94667ef710" + "3616a64c913135f4e1dc50e38daa60610f732ad1bedfcc396f87169392520314a6b6b9af" + "6793dbabad4599525228cc7c9c32c4d8e097ddf6", + "4961485cbc978f8456ec5ac7cfc9f7d9298f99415ecae69c8491b258c029bfee", + "048d40bf2299e05d758d421972e81cfb0cce68b949240dc30f315836acc70bef035674e6" + "f77f8b46f46cca937d83b128dffbe9bd7e0d3d08aa2cbbfdfb16f72c9a", + "373a825b5a74b7b9e02f8d4d876b577b4c3984168d704ba9f95b19c05ed590af", + "ef6fb386ad044b63feb7445fa16b10319018e9cea9ef42bca83bdad01992234a", + "ac1f42f652eb1786e57be01d847c81f7efa072ba566d4583af4f1551a3f76c65" }, + { NID_X9_62_prime256v1, NID_sha384, + "7cf19f4c851e97c5bca11a39f0074c3b7bd3274e7dd75d0447b7b84995dfc9f716bf08c2" + "5347f56fcc5e5149cb3f9cfb39d408ace5a5c47e75f7a827fa0bb9921bb5b23a6053dbe1" + "fa2bba341ac874d9b1333fc4dc224854949f5c8d8a5fedd02fb26fdfcd3be351aec0fcbe" + "f18972956c6ec0effaf057eb4420b6d28e0c008c", + "587907e7f215cf0d2cb2c9e6963d45b6e535ed426c828a6ea2fb637cca4c5cbd", + "04660da45c413cc9c9526202c16b402af602d30daaa7c342f1e722f15199407f31e6f8cb" + "b06913cc718f2d69ba2fb3137f04a41c27c676d1a80fbf30ea3ca46439", + "6b8eb7c0d8af9456b95dd70561a0e902863e6dfa1c28d0fd4a0509f1c2a647b2", + "08fabf9b57de81875bfa7a4118e3e44cfb38ec6a9b2014940207ba3b1c583038", + "a58d199b1deba7350616230d867b2747a3459421811c291836abee715b8f67b4" }, + { NID_X9_62_prime256v1, NID_sha384, + "b892ffabb809e98a99b0a79895445fc734fa1b6159f9cddb6d21e510708bdab6076633ac" + "30aaef43db566c0d21f4381db46711fe3812c5ce0fb4a40e3d5d8ab24e4e82d3560c6dc7" + "c37794ee17d4a144065ef99c8d1c88bc22ad8c4c27d85ad518fa5747ae35276fc104829d" + "3f5c72fc2a9ea55a1c3a87007cd133263f79e405", + "24b1e5676d1a9d6b645a984141a157c124531feeb92d915110aef474b1e27666", + "04b4909a5bdf25f7659f4ef35e4b811429fb2c59126e3dad09100b46aea6ebe7a6760ae0" + "15fa6af5c9749c4030fdb5de6e58c6b5b1944829105cf7edf7d3a22cfb", + "88794923d8943b5dbcc7a7a76503880ff7da632b0883aaa60a9fcc71bf880fd6", + "6ec9a340b77fae3c7827fa96d997e92722ff2a928217b6dd3c628f3d49ae4ce6", + "637b54bbcfb7e7d8a41ea317fcfca8ad74eb3bb6b778bc7ef9dec009281976f7" }, + { NID_X9_62_prime256v1, NID_sha384, + "8144e37014c95e13231cbd6fa64772771f93b44e37f7b02f592099cc146343edd4f4ec9f" + "a1bc68d7f2e9ee78fc370443aa2803ff4ca52ee49a2f4daf2c8181ea7b8475b3a0f608fc" + "3279d09e2d057fbe3f2ffbe5133796124781299c6da60cfe7ecea3abc30706ded2cdf18f" + "9d788e59f2c31662df3abe01a9b12304fb8d5c8c", + "bce49c7b03dcdc72393b0a67cf5aa5df870f5aaa6137ada1edc7862e0981ec67", + "04c786d9421d67b72b922cf3def2a25eeb5e73f34543eb50b152e738a98afb0ca5679627" + "1e79e2496f9e74b126b1123a3d067de56b5605d6f51c8f6e1d5bb93aba", + "89e690d78a5e0d2b8ce9f7fcbf34e2605fd9584760fa7729043397612dd21f94", + "07e5054c384839584624e8d730454dc27e673c4a90cbf129d88b91250341854d", + "f7e665b88614d0c5cbb3007cafe713763d81831525971f1747d92e4d1ca263a7" }, + { NID_X9_62_prime256v1, NID_sha384, + "a3683d120807f0a030feed679785326698c3702f1983eaba1b70ddfa7f0b3188060b845e" + "2b67ed57ee68087746710450f7427cb34655d719c0acbc09ac696adb4b22aba1b9322b71" + "11076e67053a55f62b501a4bca0ad9d50a868f51aeeb4ef27823236f5267e8da83e14304" + "7422ce140d66e05e44dc84fb3a4506b2a5d7caa8", + "73188a923bc0b289e81c3db48d826917910f1b957700f8925425c1fb27cabab9", + "0486662c014ab666ee770723be8da38c5cd299efc6480fc6f8c3603438fa8397b9f26b33" + "07a650c3863faaa5f642f3ba1384c3d3a02edd3d48c657c269609cc3fc", + "ec90584ab3b383b590626f36ed4f5110e49888aec7ae7a9c5ea62dd2dc378666", + "13e9ad59112fde3af4163eb5c2400b5e9a602576d5869ac1c569075f08c90ff6", + "708ac65ff2b0baaccc6dd954e2a93df46016bd04457636de06798fcc17f02be5" }, + { NID_X9_62_prime256v1, NID_sha384, + "b1df8051b213fc5f636537e37e212eb20b2423e6467a9c7081336a870e6373fc835899d5" + "9e546c0ac668cc81ce4921e88f42e6da2a109a03b4f4e819a17c955b8d099ec6b282fb49" + "5258dca13ec779c459da909475519a3477223c06b99afbd77f9922e7cbef844b93f3ce5f" + "50db816b2e0d8b1575d2e17a6b8db9111d6da578", + "f637d55763fe819541588e0c603f288a693cc66823c6bb7b8e003bd38580ebce", + "0474a4620c578601475fc169a9b84be613b4a16cb6acab8fd98848a6ec9fbd133d42b9e3" + "5d347c107e63bd55f525f915bcf1e3d2b81d002d3c39acf10fc30645a1", + "4d578f5099636234d9c1d566f1215d5d887ae5d47022be17dbf32a11a03f053b", + "113a933ebc4d94ce1cef781e4829df0c493b0685d39fb2048ce01b21c398dbba", + "3005bd4ec63dbd04ce9ff0c6246ad65d27fcf62edb2b7e461589f9f0e7446ffd" }, + { NID_X9_62_prime256v1, NID_sha384, + "0b918ede985b5c491797d0a81446b2933be312f419b212e3aae9ba5914c00af431747a9d" + "287a7c7761e9bcbc8a12aaf9d4a76d13dad59fc742f8f218ef66eb67035220a07acc1a35" + "7c5b562ecb6b895cf725c4230412fefac72097f2c2b829ed58742d7c327cad0f1058df1b" + "ddd4ae9c6d2aba25480424308684cecd6517cdd8", + "2e357d51517ff93b821f895932fddded8347f32596b812308e6f1baf7dd8a47f", + "047e4078a1d50c669fb2996dd9bacb0c3ac7ede4f58fa0fa1222e78dbf5d1f41860014e4" + "6e90cc171fbb83ea34c6b78202ea8137a7d926f0169147ed5ae3d6596f", + "be522b0940b9a40d84bf790fe6abdc252877e671f2efa63a33a65a512fc2aa5c", + "a26b9ad775ac37ff4c7f042cdc4872c5e4e5e800485f488ddfaaed379f468090", + "f88eae2019bebbba62b453b8ee3472ca5c67c267964cffe0cf2d2933c1723dff" }, + { NID_X9_62_prime256v1, NID_sha384, + "0fab26fde1a4467ca930dbe513ccc3452b70313cccde2994eead2fde85c8da1db84d7d06" + "a024c9e88629d5344224a4eae01b21a2665d5f7f36d5524bf5367d7f8b6a71ea05d413d4" + "afde33777f0a3be49c9e6aa29ea447746a9e77ce27232a550b31dd4e7c9bc8913485f2dc" + "83a56298051c92461fd46b14cc895c300a4fb874", + "77d60cacbbac86ab89009403c97289b5900466856887d3e6112af427f7f0f50b", + "04a62032dfdb87e25ed0c70cad20d927c7effeb2638e6c88ddd670f74df16090e544c5ee" + "2cf740ded468f5d2efe13daa7c5234645a37c073af35330d03a4fed976", + "06c1e692b045f425a21347ecf72833d0242906c7c1094f805566cdcb1256e394", + "eb173b51fb0aec318950d097e7fda5c34e529519631c3e2c9b4550b903da417d", + "ca2c13574bf1b7d56e9dc18315036a31b8bceddf3e2c2902dcb40f0cc9e31b45" }, + { NID_X9_62_prime256v1, NID_sha384, + "7843f157ef8566722a7d69da67de7599ee65cb3975508f70c612b3289190e364141781e0" + "b832f2d9627122742f4b5871ceeafcd09ba5ec90cae6bcc01ae32b50f13f63918dfb5177" + "df9797c6273b92d103c3f7a3fc2050d2b196cc872c57b77f9bdb1782d4195445fcc6236d" + "d8bd14c8bcbc8223a6739f6a17c9a861e8c821a6", + "486854e77962117f49e09378de6c9e3b3522fa752b10b2c810bf48db584d7388", + "04760b5624bd64d19c866e54ccd74ad7f98851afdbc3ddeae3ec2c52a135be9cfafeca15" + "ce9350877102eee0f5af18b2fed89dc86b7df0bf7bc2963c1638e36fe8", + "e4f77c6442eca239b01b0254e11a4182782d96f48ab521cc3d1d68df12b5a41a", + "bdff14e4600309c2c77f79a25963a955b5b500a7b2d34cb172cd6acd52905c7b", + "b0479cdb3df79923ec36a104a129534c5d59f622be7d613aa04530ad2507d3a2" }, + { NID_X9_62_prime256v1, NID_sha512, + "6c8572b6a3a4a9e8e03dbeed99334d41661b8a8417074f335ab1845f6cc852adb8c01d98" + "20fcf8e10699cc827a8fbdca2cbd46cc66e4e6b7ba41ec3efa733587e4a30ec552cd8dda" + "b8163e148e50f4d090782897f3ddac84a41e1fcfe8c56b6152c0097b0d634b41011471ff" + "d004f43eb4aafc038197ec6bae2b4470e869bded", + "9dd0d3a3d514c2a8adb162b81e3adfba3299309f7d2018f607bdb15b1a25f499", + "046b738de3398b6ac57b9591f9d7985dd4f32137ad3460dcf8970c1390cb9eaf8d83bc61" + "e26d2bbbd3cf2d2ab445a2bc4ab5dde41f4a13078fd1d3cc36ab596d57", + "9106192170ccb3c64684d48287bb81bbed51b40d503462c900e5c7aae43e380a", + "275fa760878b4dc05e9d157fedfd8e9b1c9c861222a712748cb4b7754c043fb1", + "699d906bb8435a05345af3b37e3b357786939e94caae257852f0503adb1e0f7e" }, + { NID_X9_62_prime256v1, NID_sha512, + "7e3c8fe162d48cc8c5b11b5e5ebc05ebc45c439bdbc0b0902145921b8383037cb0812222" + "031598cd1a56fa71694fbd304cc62938233465ec39c6e49f57dfe823983b6923c4e86563" + "3949183e6b90e9e06d8275f3907d97967d47b6239fe2847b7d49cf16ba69d2862083cf1b" + "ccf7afe34fdc90e21998964107b64abe6b89d126", + "f9bf909b7973bf0e3dad0e43dcb2d7fa8bda49dbe6e5357f8f0e2bd119be30e6", + "04f2a6674d4e86152a527199bed293fa63acde1b4d8a92b62e552210ba45c38792c72565" + "c24f0eee6a094af341ddd8579747b865f91c8ed5b44cda8a19cc93776f", + "e547791f7185850f03d0c58419648f65b9d29cdc22ed1de2a64280220cfcafba", + "4782903d2aaf8b190dab5cae2223388d2d8bd845b3875d37485c54e1ded1d3d8", + "dfb40e406bfa074f0bf832771b2b9f186e2211f0bca279644a0ca8559acf39da" }, + { NID_X9_62_prime256v1, NID_sha512, + "d5aa8ac9218ca661cd177756af6fbb5a40a3fecfd4eea6d5872fbb9a2884784aa9b5f0c0" + "23a6e0da5cf6364754ee6465b4ee2d0ddc745b02994c98427a213c849537da5a4477b3ab" + "fe02648be67f26e80b56a33150490d062aaac137aa47f11cfeddba855bab9e4e028532a5" + "63326d927f9e6e3292b1fb248ee90b6f429798db", + "724567d21ef682dfc6dc4d46853880cfa86fe6fea0efd51fac456f03c3d36ead", + "0470b877b5e365fcf08140b1eca119baba662879f38e059d074a2cb60b03ea5d395f56f9" + "4d591df40b9f3b8763ac4b3dbe622c956d5bd0c55658b6f46fa3deb201", + "79d6c967ed23c763ece9ca4b026218004c84dc2d4ccc86cf05c5d0f791f6279b", + "2ba2ea2d316f8937f184ad3028e364574d20a202e4e7513d7af57ac2456804d1", + "64fe94968d18c5967c799e0349041b9e40e6c6c92ebb475e80dd82f51cf07320" }, + { NID_X9_62_prime256v1, NID_sha512, + "790b06054afc9c3fc4dfe72df19dd5d68d108cfcfca6212804f6d534fd2fbe489bd8f64b" + "f205ce04bcb50124a12ce5238fc3fe7dd76e6fa640206af52549f133d593a1bfd423ab73" + "7f3326fa79433cde293236f90d4238f0dd38ed69492ddbd9c3eae583b6325a95dec3166f" + "e52b21658293d8c137830ef45297d67813b7a508", + "29c5d54d7d1f099d50f949bfce8d6073dae059c5a19cc70834722f18a7199edd", + "043088d4f45d274cc5f418c8ecc4cbcf96be87491f420250f8cbc01cdf2503ec47634db4" + "8198129237ed068c88ff5809f6211921a6258f548f4b64dd125921b78b", + "0508ad7774908b5705895fda5c3b7a3032bf85dab7232bf981177019f3d76460", + "acd9f3b63626c5f32103e90e1dd1695907b1904aa9b14f2132caef331321971b", + "15c04a8bd6c13ed5e9961814b2f406f064670153e4d5465dcef63c1d9dd52a87" }, + { NID_X9_62_prime256v1, NID_sha512, + "6d549aa87afdb8bfa60d22a68e2783b27e8db46041e4df04be0c261c4734b608a96f198d" + "1cdb8d082ae48579ec9defcf21fbc72803764a58c31e5323d5452b9fb57c8991d3174914" + "0da7ef067b18bf0d7dfbae6eefd0d8064f334bf7e9ec1e028daed4e86e17635ec2e409a3" + "ed1238048a45882c5c57501b314e636b9bc81cbe", + "0d8095da1abba06b0d349c226511f642dabbf1043ad41baa4e14297afe8a3117", + "0475a45758ced45ecf55f755cb56ca2601d794ebeaeb2e6107fe2fc443f580e23c5303d4" + "7d5a75ec821d51a2ee7548448208c699eca0cd89810ffc1aa4faf81ead", + "5165c54def4026ab648f7768c4f1488bcb183f6db7ffe02c7022a529a116482a", + "ebc85fc4176b446b3384ccc62fc2526b45665561a0e7e9404ac376c90e450b59", + "8b2c09428e62c5109d17ed0cf8f9fd7c370d018a2a73f701effc9b17d04852c6" }, + { NID_X9_62_prime256v1, NID_sha512, + "1906e48b7f889ee3ff7ab0807a7aa88f53f4018808870bfed6372a77330c737647961324" + "c2b4d46f6ee8b01190474951a701b048ae86579ff8e3fc889fecf926b17f98958ac7534e" + "6e781ca2db2baa380dec766cfb2a3eca2a9d5818967d64dfab84f768d24ec122eebacaab" + "0a4dc3a75f37331bb1c43dd8966cc09ec4945bbd", + "52fe57da3427b1a75cb816f61c4e8e0e0551b94c01382b1a80837940ed579e61", + "042177e20a2092a46667debdcc21e7e45d6da72f124adecbc5ada6a7bcc7b401d5550e46" + "8f2626070a080afeeb98edd75a721eb773c8e62149f3e903cf9c4d7b61", + "0464fe9674b01ff5bd8be21af3399fad66f90ad30f4e8ee6e2eb9bcccfd5185c", + "f8250f073f34034c1cde58f69a85e2f5a030703ebdd4dbfb98d3b3690db7d114", + "a9e83e05f1d6e0fef782f186bedf43684c825ac480174d48b0e4d31505e27498" }, + { NID_X9_62_prime256v1, NID_sha512, + "7b59fef13daf01afec35dea3276541be681c4916767f34d4e874464d20979863ee77ad0f" + "d1635bcdf93e9f62ed69ae52ec90aab5bbf87f8951213747ccec9f38c775c1df1e9d7f73" + "5c2ce39b42edb3b0c5086247556cfea539995c5d9689765288ec600848ecf085c01ca738" + "bbef11f5d12d4457db988b4add90be00781024ad", + "003d91611445919f59bfe3ca71fe0bfdeb0e39a7195e83ac03a37c7eceef0df2", + "047b9c592f61aae0555855d0b9ebb6fd00fb6746e8842e2523565c858630b9ba00d35b2e" + "168b1875bbc563bea5e8d63c4e38957c774a65e762959a349eaf263ba0", + "ef9df291ea27a4b45708f7608723c27d7d56b7df0599a54bc2c2fabbff373b40", + "66d057fd39958b0e4932bacd70a1769bbadcb62e4470937b45497a3d4500fabb", + "6c853b889e18b5a49ee54b54dd1aaedfdd642e30eba171c5cab677f0df9e7318" }, + { NID_X9_62_prime256v1, NID_sha512, + "041a6767a935dc3d8985eb4e608b0cbfebe7f93789d4200bcfe595277ac2b0f402889b58" + "0b72def5da778a680fd380c955421f626d52dd9a83ea180187b850e1b72a4ec6dd63235e" + "598fd15a9b19f8ce9aec1d23f0bd6ea4d92360d50f951152bc9a01354732ba0cf90aaed3" + "3c307c1de8fa3d14f9489151b8377b57c7215f0b", + "48f13d393899cd835c4193670ec62f28e4c4903e0bbe5817bf0996831a720bb7", + "0482a1a96f4648393c5e42633ecdeb1d8245c78c5ea236b5bab460dedcc8924bc0e8cbf0" + "3c34b5154f876de19f3bb6fd43cd2eabf6e7c95467bcfa8c8fc42d76fd", + "efed736e627899fea944007eea39a4a63c0c2e26491cd12adb546be3e5c68f7d", + "cf7fc24bdaa09ac0cca8497e13298b961380668613c7493954048c06385a7044", + "f38b1c8306cf82ab76ee3a772b14416b49993fe11f986e9b0f0593c52ec91525" }, + { NID_X9_62_prime256v1, NID_sha512, + "7905a9036e022c78b2c9efd40b77b0a194fbc1d45462779b0b76ad30dc52c564e48a493d" + "8249a061e62f26f453ba566538a4d43c64fb9fdbd1f36409316433c6f074e1b47b544a84" + "7de25fc67d81ac801ed9f7371a43da39001c90766f943e629d74d0436ba1240c3d7fab99" + "0d586a6d6ef1771786722df56448815f2feda48f", + "95c99cf9ec26480275f23de419e41bb779590f0eab5cf9095d37dd70cb75e870", + "0442c292b0fbcc9f457ae361d940a9d45ad9427431a105a6e5cd90a345fe3507f7313b08" + "fd2fa351908b3178051ee782cc62b9954ad95d4119aa564900f8ade70c", + "4c08dd0f8b72ae9c674e1e448d4e2afe3a1ee69927fa23bbff3716f0b99553b7", + "f2bc35eb1b8488b9e8d4a1dbb200e1abcb855458e1557dc1bf988278a174eb3b", + "ed9a2ec043a1d578e8eba6f57217976310e8674385ad2da08d6146c629de1cd9" }, + { NID_X9_62_prime256v1, NID_sha512, + "cf25e4642d4f39d15afb7aec79469d82fc9aedb8f89964e79b749a852d931d3743650280" + "4e39555f5a3c75dd958fd5291ada647c1a5e38fe7b1048f16f2b711fdd5d39acc0812ca6" + "5bd50d7f8119f2fd195ab16633503a78ee9102c1f9c4c22568e0b54bd4fa3f5ff7b49160" + "bf23e7e2231b1ebebbdaf0e4a7d4484158a87e07", + "e15e835d0e2217bc7c6f05a498f20af1cd56f2f165c23d225eb3360aa2c5cbcf", + "0489dd22052ec3ab4840206a62f2270c21e7836d1a9109a3407dd0974c7802b9aee91609" + "ba35c7008b080c77a9068d97a14ca77b97299e74945217672b2fd5faf0", + "c9f621441c235fc47ec34eef4c08625df1ec74918e1f86075b753f2589f4c60b", + "a70d1a2d555d599bfb8c9b1f0d43725341151d17a8d0845fa56f3563703528a7", + "4e05c45adf41783e394a5312f86e66871c4be4896948c85966879d5c66d54b37" }, + { NID_X9_62_prime256v1, NID_sha512, + "7562c445b35883cc937be6349b4cefc3556a80255d70f09e28c3f393daac19442a7eeced" + "cdfbe8f7628e30cd8939537ec56d5c9645d43340eb4e78fc5dd4322de8a07966b262770d" + "7ff13a071ff3dce560718e60ed3086b7e0003a6abafe91af90af86733ce8689440bf73d2" + "aa0acfe9776036e877599acbabfcb03bb3b50faa", + "808c08c0d77423a6feaaffc8f98a2948f17726e67c15eeae4e672edbe388f98c", + "04b0c0ad5e1f6001d8e9018ec611b2e3b91923e69fa6c98690ab644d650f640c42610539" + "c0b9ed21ac0a2f27527c1a61d9b47cbf033187b1a6ada006eb5b2662ed", + "1f6d4a905c761a53d54c362976717d0d7fc94d222bb5489e4830080a1a67535d", + "83404dcf8320baf206381800071e6a75160342d19743b4f176960d669dd03d07", + "3f75dcf102008b2989f81683ae45e9f1d4b67a6ef6fd5c8af44828af80e1cfb5" }, + { NID_X9_62_prime256v1, NID_sha512, + "051c2db8e71e44653ea1cb0afc9e0abdf12658e9e761bfb767c20c7ab4adfcb18ed9b5c3" + "72a3ac11d8a43c55f7f99b33355437891686d42362abd71db8b6d84dd694d6982f061217" + "8a937aa934b9ac3c0794c39027bdd767841c4370666c80dbc0f8132ca27474f553d266de" + "efd7c9dbad6d734f9006bb557567701bb7e6a7c9", + "f7c6315f0081acd8f09c7a2c3ec1b7ece20180b0a6365a27dcd8f71b729558f9", + "04250f7112d381c1751860045d9bcaf20dbeb25a001431f96ac6f19109362ffebb49fba9" + "efe73546135a5a31ab3753e247034741ce839d3d94bd73936c4a17e4aa", + "68c299be2c0c6d52d208d5d1a9e0ffa2af19b4833271404e5876e0aa93987866", + "7b195e92d2ba95911cda7570607e112d02a1c847ddaa33924734b51f5d81adab", + "10d9f206755cef70ab5143ac43f3f8d38aea2644f31d52eaf3b472ee816e11e5" }, + { NID_X9_62_prime256v1, NID_sha512, + "4dcb7b62ba31b866fce7c1feedf0be1f67bf611dbc2e2e86f004422f67b3bc1839c6958e" + "b1dc3ead137c3d7f88aa97244577a775c8021b1642a8647bba82871e3c15d0749ed343ea" + "6cad38f123835d8ef66b0719273105e924e8685b65fd5dc430efbc35b05a6097f17ebc59" + "43cdcd9abcba752b7f8f37027409bd6e11cd158f", + "f547735a9409386dbff719ce2dae03c50cb437d6b30cc7fa3ea20d9aec17e5a5", + "044ca87c5845fb04c2f76ae3273073b0523e356a445e4e95737260eba9e2d021db0f8647" + "5d07f82655320fdf2cd8db23b21905b1b1f2f9c48e2df87e24119c4880", + "91bd7d97f7ed3253cedefc144771bb8acbbda6eb24f9d752bbe1dd018e1384c7", + "008c1755d3df81e64e25270dbaa9396641556df7ffc7ac9add6739c382705397", + "77df443c729b039aded5b516b1077fecdd9986402d2c4b01734ba91e055e87fc" }, + { NID_X9_62_prime256v1, NID_sha512, + "efe55737771070d5ac79236b04e3fbaf4f2e9bed187d1930680fcf1aba769674bf426310" + "f21245006f528779347d28b8aeacd2b1d5e3456dcbf188b2be8c07f19219e4067c1e7c97" + "14784285d8bac79a76b56f2e2676ea93994f11eb573af1d03fc8ed1118eafc7f07a82f32" + "63c33eb85e497e18f435d4076a774f42d276c323", + "26a1aa4b927a516b661986895aff58f40b78cc5d0c767eda7eaa3dbb835b5628", + "0428afa3b0f81a0e95ad302f487a9b679fcdef8d3f40236ec4d4dbf4bb0cbba8b2bb4ac1" + "be8405cbae8a553fbc28e29e2e689fabe7def26d653a1dafc023f3cecf", + "f98e1933c7fad4acbe94d95c1b013e1d6931fa8f67e6dbb677b564ef7c3e56ce", + "15a9a5412d6a03edd71b84c121ce9a94cdd166e40da9ce4d79f1afff6a395a53", + "86bbc2b6c63bad706ec0b093578e3f064736ec69c0dba59b9e3e7f73762a4dc3" }, + { NID_X9_62_prime256v1, NID_sha512, + "ea95859cc13cccb37198d919803be89c2ee10befdcaf5d5afa09dcc529d333ae1e4ffd3b" + "d8ba8642203badd7a80a3f77eeee9402eed365d53f05c1a995c536f8236ba6b6ff889739" + "3506660cc8ea82b2163aa6a1855251c87d935e23857fe35b889427b449de7274d7754bde" + "ace960b4303c5dd5f745a5cfd580293d6548c832", + "6a5ca39aae2d45aa331f18a8598a3f2db32781f7c92efd4f64ee3bbe0c4c4e49", + "04c62cc4a39ace01006ad48cf49a3e71466955bbeeca5d318d672695df926b3aa4c85ccf" + "517bf2ebd9ad6a9e99254def0d74d1d2fd611e328b4a3988d4f045fe6f", + "dac00c462bc85bf39c31b5e01df33e2ec1569e6efcb334bf18f0951992ac6160", + "6e7ff8ec7a5c48e0877224a9fa8481283de45fcbee23b4c252b0c622442c26ad", + "3dfac320b9c873318117da6bd856000a392b815659e5aa2a6a1852ccb2501df3" }, + { NID_secp384r1, NID_sha224, + "39f0b25d4c15b09a0692b22fbacbb5f8aee184cb75887e2ebe0cd3be5d3815d29f9b587e" + "10b3168c939054a89df11068e5c3fac21af742bf4c3e9512f5569674e7ad8b39042bcd73" + "e4b7ce3e64fbea1c434ed01ad4ad8b5b569f6a0b9a1144f94097925672e59ba97bc4d33b" + "e2fa21b46c3dadbfb3a1f89afa199d4b44189938", + "0af857beff08046f23b03c4299eda86490393bde88e4f74348886b200555276b93b37d4f" + "6fdec17c0ea581a30c59c727", + "0400ea9d109dbaa3900461a9236453952b1f1c2a5aa12f6d500ac774acdff84ab7cb71a0" + "f91bcd55aaa57cb8b4fbb3087d0fc0e3116c9e94be583b02b21b1eb168d8facf39552793" + "60cbcd86e04ee50751054cfaebcf542538ac113d56ccc38b3e", + "e2f0ce83c5bbef3a6eccd1744f893bb52952475d2531a2854a88ff0aa9b12c65961e2e51" + "7fb334ef40e0c0d7a31ed5f5", + "c36e5f0d3de71411e6e519f63e0f56cff432330a04fefef2993fdb56343e49f2f7db5fca" + "b7728acc1e33d4692553c02e", + "0d4064399d58cd771ab9420d438757f5936c3808e97081e457bc862a0c905295dca60ee9" + "4f4537591c6c7d217453909b" }, + { NID_secp384r1, NID_sha224, + "5a3c80e608ed3ac75a6e45f6e94d374271a6d42b67a481860d5d309cc8b37c79cb61f171" + "6dc8aa84cb309ef9d68eb7fc6cf4b42333f316a5c30e74198c8b340926e340c5de47674a" + "707293c4aa2a1a2274a602f01c26b156e895499c60b38ef53fc2032e7485c168d73700d6" + "fa14232596a0e4997854a0b05d02e351b9d3de96", + "047dd5baab23f439ec23b58b7e6ff4cc37813cccb4ea73bb2308e6b82b3170edfe0e131e" + "ca50841bf1b686e651c57246", + "04de92ff09af2950854a70f2178d2ed50cc7042a7188301a1ea81d9629ad3c29795cb7f0" + "d56630a401e4d6e5bed0068d1e6135adbd8624130735e64e65ecbd43770dcc12b28e737b" + "5ed033666f34c918eb5589508e4a13b9243374a118a628dd0b", + "f3922351d14f1e5af84faab12fe57ded30f185afe5547aeb3061104740ecc42a8df0c27f" + "3877b4d855642b78938c4e05", + "38e181870cb797c1f4e6598cfd032add1cb60447d33473038d06df73919f844eddd16f40" + "f911075f8a4bacc0d924e684", + "a58dd1ca18aa31277de66c30c3bb7a14b53705ce6c547ed2cb0e336f63c42809422efffc" + "c722d1155f2254330a02b278" }, + { NID_secp384r1, NID_sha224, + "e7d974c5dbd3bfb8a2fb92fdd782f997d04be79e9713944ce13c5eb6f75dfdec811b7ee4" + "b3859114b07f263846ae13f795eec8f3cb5b7565baff68e0fdd5e09ba8b176d5a71cb03f" + "bc5546e6937fba560acb4db24bd42de1851432b96e8ca4078313cb849bce29c9d8052586" + "01d67cd0259e255f3048682e8fdbdda3398c3e31", + "54ba9c740535574cebc41ca5dc950629674ee94730353ac521aafd1c342d3f8ac52046ed" + "804264e1440d7fe409c45c83", + "043db95ded500b2506b627270bac75688dd7d44f47029adeff99397ab4b6329a38dbb278" + "a0fc58fe4914e6ae31721a6875049288341553a9ac3dc2d9e18e7a92c43dd3c25ca866f0" + "cb4c68127bef6b0e4ba85713d27d45c7d0dc57e5782a6bf733", + "04324bd078807f6b18507a93ee60da02031717217ee5ce569750737be912be72da087ac0" + "0f50e13fdf7249a6ae33f73e", + "b2752aa7abc1e5a29421c9c76620bcc3049ecc97e6bc39fcca126f505a9a1bfae3bde89f" + "b751a1aa7b66fa8db3891ef0", + "f1c69e6d818ca7ae3a477049b46420cebd910c0a9a477fd1a67a38d628d6edaac123aebf" + "ca67c53a5c80fe454dba7a9d" }, + { NID_secp384r1, NID_sha224, + "a670fda4d1d56c70de1d8680328043b2b7029633caf0ee59ffe1421c914bb937133d5a0f" + "9214846b2e0b350455a74c4ab434c56de65a17139bb8212bf1c76071a37536fa29348f87" + "1dbb26baa92eb93d97e923a6d2ffd9be25cbc33075e494e6db657bd8dc053fe4e17148d8" + "cf6e2058164f2b5766750eb01bbe7b361cdb848c", + "dabe87bbe95499bac23bc83c8b7307fe04be198f00059e2bf67c9611feaffb2c8f274f6a" + "a50eb99c3074186d8067d659", + "04c2aa0a695125279705917e02a4f258cade4c3ff9140a071414babf87764f426f7f36ff" + "da9d5f3394375d24864235476f8f9808da0ce0227cf453f9e456f557db9752e23b45cce4" + "baad5fee3844ddd7e1112bcec01ea9d67c7a76f3535bd0cb58", + "65a0305854033cbc6fe3ca139c40ca354d45801ecb59f4a923c251dc6b25d12d452d99b5" + "d6711fdb5efac812aa464cc4", + "c7fc32997d17ac79baf5789e4503f5f1a8863872bc350a91f12dd3ef8cf78c254e829217" + "809e8e00b6b8d4d85be3f1fd", + "1422e1838a22496df93486bce1142961dbd8478ae844b8dda54e210afdae0d9e930d587c" + "91bb600b0bde7237186d94e6" }, + { NID_secp384r1, NID_sha224, + "7843f918fe2588bcfe756e1f05b491d913523255aa006818be20b676c957f4edb8df863c" + "6f5f8c15b3b80c7a2aa277b70d53f210bdfb856337980c406ea140e439dd321471407f37" + "4f69877b2d82367eed51e3c82c13948616dcb301d0c31f8f0352f2846abd9e72071f446a" + "2f1bd3339a09ae41b84e150fd18f4ba5d3c6bfa0", + "df43107a1deb24d02e31d479087bd669e2bc3e50f1f44b7db9484a7143cdca6a3391bddf" + "ea72dc940dbce8ec5efbd718", + "0476bd4be5d520471162cb5c36f80038301b325f845d9642204a84d78b3e721098932827" + "bf872bde0a9f86383953667d29415116b8b878f896a5aa4dbbdc21076f27135d8bbcaaca" + "02489ef639d742bd63f377da0c8e8ab36ff19b4a7cc5d4ceb4", + "798abad5a30d1805794540057388ee05e2422901c6335f985b9d4447b3ef75524751abfe" + "ab6409ad6bf77d4ae3014558", + "98744e5c6742fa5118a74a70db4957647a3cc12add4e876b45974a6a8707809f871daadb" + "fc0b865e01624f706b65f10c", + "9e256e8da8eff5a0c83baaa1ef4f7be798eba9543bf97adb0fff8719f5406ea1207a0cf7" + "03d99aa8f02169724b492273" }, + { NID_secp384r1, NID_sha224, + "caa83d5ab07febbd2e0fe2d63738b9b7b8752594bea7aaf50345b3d2f316653a8c9222f2" + "b7877b64679e9573e81461a426029e45b8873a575094a1d572e0d32a9f0a9c6bcb9a2868" + "543b7d8bbe4a69a09e7321f05f8366cced1b72df526f895b60aed2c39c249653c7839538" + "770d4e5f47d3926ec0d168ab6a1af15bf1dca1f7", + "ea7a563ba2a7f5ab69973dca1f1a0d1572f0c59817cd3b62ad356c2099e2cdca1c553323" + "563f9dfbb333b126d84abc7f", + "04cf4717c5f5de668b785f06bdc9845df5a09e4edd83f4669756407cbb60807305c632bc" + "49f818f4a84b194369aa07736f7391e4982af8a2218f704f627d01f0508bfc8304992a2d" + "598a420bf2eb519f33bd7caf79380793733b3dba0cc5e2b9d8", + "7b9606b3df7b2a340dbc68d9754de0734e1faeb5a0135578a97628d948702235c60b20c8" + "002c8fcf906783e1b389e754", + "0d680010bed373287f9767955b5d2850e150b6713b49e453eb280148e45230c853d99ea2" + "d2f8fcbd3ddcba19aeec0af1", + "64329763a930ab5452afdb0557fef16ff71810d6343dfc9c6ae18905c3d274db6554cdc6" + "9d6078a1ca03284474a94f30" }, + { NID_secp384r1, NID_sha224, + "594603458d6534974aeeafba919c4d0f4cb6843a3af41204bbb88aeb2fca2772d305163d" + "ba863da050aabedbaf89db521955d1715de95bbcef979ecdc0c976181ece00355385f8a8" + "f8cce127c9eac15ce3e958a3ed686184674ec9a50eb63271606ee7fdcb1323da3c3db8e8" + "9cad1fb42139a32d08abcfbf0d4ccfca18c89a86", + "4cc70cb35b3ddeb0df53a6bd7bd05f8ff4392a2db7344f2d443761484b3a468a4ee3d1a8" + "b27113d57283fd18b05f7829", + "0440e1fe21df34bb85a642a0abe819ebd128f7e39b84d8dcc4a9a599b372fb9588da1484" + "600ec28b1297bb685f9ae77831f3aa69ada57879fdcbe8df19cefabc308add7d03b17b1f" + "ac2f7783fece6a8dfe20bc36f518692677d96e3f730a67a671", + "8eda401d98f5688c34d8dbebcd3991c87c0442b0379154eaa2e5287dabe9a9e34cfc1305" + "d11ff68781df25d5611b331d", + "ff2d772786e159448bba26afd8c3281941a4cb0c56fec6f5cccb4c292c4ee0f7af9bd39b" + "be2d88148732585e104fdb30", + "07a1d890770daa949a17797dca7af3e8163da981ec330c03d63d1a8312c152be6a718163" + "205ffa08da7dcc163ba261f4" }, + { NID_secp384r1, NID_sha224, + "733252d2bd35547838be22656cc7aa67eff0af0b13b428f77267a513c6824c3dbae53306" + "8b6817e82665f009560affcfe4b2ddb5b667a644fc1a42d24f24e0947e0dc50fb62c919b" + "c1fe4e7ded5e28f2e6d80fcf66a081fb2763526f8def5a81a4ddd38be0b59ee839da1643" + "eeeaee7b1927cec12cf3da67c02bc5465151e346", + "366d15e4cd7605c71560a418bd0f382fd7cd7ad3090ff1b2dfbed74336166a905e1b760c" + "f0bccee7a0e66c5ebfb831f1", + "04a143f277ab36a10b645ff6c58241ea67ffdc8acf12d60973068390f06b4d8f4d773b10" + "c1ebf6889b1cfa73ebb90f6ca17a17cad29bb507b309021f6f92cb5c10ba535f4a3e317f" + "cc68cfd02d3ccd269f465169c73d30ff308f5350d881b08aec", + "dbe545f920bc3d704c43d834bab21e40df12ec9e16a619a3e6b3f08760c26aae6e4fd91f" + "ad00f745194794b74bb1baee", + "cdc39b12bba30da66fe9554713c05880ddc27afa4d2d151440f124c351fb9496dc950465" + "16b0921083347d64369846ac", + "797d0344e49f9ba87a187c50f664e5015d449e346b1a7bd9427c5be559fc58173651880d" + "5aadf053f81899d3368d6181" }, + { NID_secp384r1, NID_sha224, + "5a182bd174feb038dfae3346267156bf663167f713dea1ce936b0edb815cd9b8c8e4d411" + "c786ba2494a81442617255db7158b142e720d86c9b56680fb9efd4298cdd69079a281534" + "94c42a24251c7ad42ecf7e97eabc1b3997529b2a297cbad2474269b87a0b1e385f2d7f8b" + "6eb8d1cd75eaf7e91d1acbecd45d7b2bfbbe3216", + "e357d869857a52a06e1ece5593d16407022354780eb9a7cb8575cef327f877d22322c006" + "b3c8c11e3d7d296a708bdb6d", + "04ce9a2185a68d6094aa5849a6efe78b349946f7380f0c79aa9664246cfcc71a879e90ad" + "78a0474f58644c6a208168150e8354fa47673cb3e07d446521345706c5515584b2602f92" + "1c3b9c44dded9e2c3f90ce47adb36d7e5f9f95a8c5ad8af397", + "1e77367ac4e10924854d135ad2f2507f39e2bafdbce33ff256bcbe9a7329b8d27185218b" + "cc3550aafbe3390e84c77292", + "df3182d49ad70959fb0c95bc7312750ce70fc87f1a328d39d9b29ac05d31305ce7209d6c" + "24d13225d9567b489f7a187b", + "d812b05abab0e96de13291e1f0da6479444ed5cd9d959b76f6cb43d394769035364f7c83" + "1a104dc7b5bd9b4a8e64df64" }, + { NID_secp384r1, NID_sha224, + "aaa99fb1c71340d785a18f6f668e898c25cf7a0ac31d13c5b388b7233408493a5a109af6" + "d07065376b96f4903df7aba2b2af671a18772bb0472490d1240cde28967680727dd4acd4" + "7e0308920a75da857a6eeedee5b6586d45dff3d8a680599665aa895c89dd7770b824b7de" + "e477ac5e7602d409d3cc553090c970b50811dbab", + "745a18db47324a3710b993d115b2834339315e84e7006eafd889fb49bd3cc5a8b50c9052" + "6e65e6c53bddd2916d14bead", + "04f692578c6f77531210aef55c9e004ce3b66cf268c6900dde31a8bbb76e7562e3fb7624" + "2de34ca330d2501030aa11946640965833b28de926c46de060aa25beaeda98f8415a6b1e" + "3564aa77870cf4c89bd4fde92c8f5d9bf0eb41721586859d8e", + "11b9b36720abcac084efdb44c9f5b7d039e3250cb1e9c47850189ba3cfc1489d858b2a44" + "df357772b61d919c7e729c0f", + "02b252c99820cf50e6ce060ab55bd4f682276e29b4ae4197417432e6a7bfb8cf0bac89df" + "e105456af805d822cee77696", + "8e248bbf7d7028d63177e565c9d1666ee5be4d1ffbfffc9c7814b0cd38f74b98f3f2cd59" + "be42b9f132bfe5ee789cd96c" }, + { NID_secp384r1, NID_sha224, + "1fadfa8254d3a0b82d137cfdd82043d5dc1fef195d5297b09cc5cfb061f59c933451c0dc" + "2a11b4037f34f88dacb803251f8880c4b72585c3c196e6fb23484ca43a191f8e41b9b9a3" + "7e2e6fcaab6738c3c62d1c98e1c620bb788b7b51a04f998a510efdba0d3418622fe8ce20" + "3b3fcd553b9b4206365a39031797ad11e49745ec", + "93f20963ea5011ff4f26481e359309e634195f6289134087bd2e83eee008c962780a6797" + "84ee7ac6acda03d663ed27e0", + "040edcde3533ea019e18f1a3cd97b7962e8823dda36c389f8f9287549f796d11376392b8" + "a01c7a80f127a8f75795e04f5463d7c458dccfc02f5148d755d59f9bbc8e3c3ea3490877" + "7928440747795955741296abcdd5386676419ed8049fedb489", + "3ad308faf04c42ee5ac69d36bc0aa9a96aacf55ea0f27dac4f52e088f023d206340a6324" + "874ffad169ff80624de24c96", + "209b72f9aae72c4339813573c3a8408a9e0be641ca863d81d9d14c48d0bf4cd44a1a7985" + "cff07b5d68f3f9478475645b", + "f6292e599b22a76eda95393cf59f4745fa6c472effd1f781879ad9a4437a98080b0b07da" + "dad0c249631c682d2836a977" }, + { NID_secp384r1, NID_sha224, + "9ecb6f5ed3ba666a8536a81ef65012c2cb8b433508798d84708abb06dfb75503886f7838" + "4fb8c7a4d2d49ef539d9b8a0b60938c7f07471dda91f258b0d99691b38a8403a2bb3f956" + "bdfd09baba16d9b6877097a9b6213481b47a06e139d23ec7abad5668d21f912fdb70d31b" + "b9adf9b3ce80e308252fa81a51674f88d02db72b", + "f175e6ac42fd48ec9d652c10707c039c67c4cc61d8c45a373dcda6e4ca6c53e947e49c24" + "e01b48e7cdf92edfe6d316a1", + "04a40c64f595491ce15790a5a87fbe64c1800247b42acd08fe5257700719f46afc8acce0" + "e4ede0517a312092d5e3d089cdd565df9dc2f381cc0c5d84f382a43a98018524c0b4708a" + "44b3e2817f9719f29fbf9c15803591ed9b4790c5adaba9f433", + "812dcaa6d4f9a43ccc553288065d13761581485aa903a500a690ccafbd330ba4818c977b" + "98c4bb57f8a182a1afacfae9", + "d000f18d3e4c162ff0d16f662e6703e7a6f5bff7a333ed266fa4f44c752415946c34945c" + "342c20f739677186b1d80ab3", + "ae7f1271c89e0aaa238710d039ea73a69110cc28fcf426f2fe6754b63a59e417fa84f903" + "cf7dccb5468b43ff083bbfd5" }, + { NID_secp384r1, NID_sha224, + "e55bfca78d98e68d1b63688db12485578f36c489766f4d0bfaa0088433ff12133aaca455" + "805095f2e655940860958b3ead111d9070778ee3bbf3e47e43d9eba8b8d9b1fdf72f793f" + "cde2bcaa334f3e35fa2cca531ea7cf27fe9ccba741e38ac26129b2d612bf54a34e0ae6c1" + "66c0fef07fcd2b9ac253d7e041a500f7be7b8369", + "46c4f0b228b28aaa0ec8cfdf1d0ed3408b7ae049312fb9eaf5f3892720e68684cc8ad298" + "44a3dc9d110edf6916dfb8bb", + "0413ddec844731b7e30c467451df08ca11d6c581cb64abd8a257671cffd26f5ccad4df7b" + "9ee8924047a88a5d2d7567609cd74ca94f590fd1d13e190cc1e03c3da6c3faab15c7dda0" + "34af3deefee8aeec3628fa8b1978c54cfcd071baa319a46ec0", + "2a9dd520207c40a379cd4036adef9ee60fa8bc8c0d39b3ad91850ac93fd543f218b16885" + "81f23481a090b0e4c73792ac", + "94e08cca20fe3866f643f53ec65faf3f2b4d80cd9bcc8ff8f88bb28da9eada324fc2d048" + "908dd3d08a9e0ebb547731bc", + "8e6f82c4d3069b14f4c844b4ca133a9503493265c9f77a7d4775eda67de76798a23dd7ea" + "48e0ac3c337dd62bf058319d" }, + { NID_secp384r1, NID_sha224, + "02c6b3c83bd34b288d96409162aa4ff114e9d134bf948046eb5ebcc0c7fe9dfceadda83e" + "d69da2fac00c8840f6c702a3fc5e6959d70f7e8af923e99e4937232ae3b841ffefd2e62f" + "ab3671a7c94a0281b8ea5bc176add57c5c9b6893fe7f5d48ce7256b96510810c4e046168" + "a3c5be9843b84d5268a50349b3444341aa5490dd", + "1d7b71ef01d0d33a8513a3aed3cabb83829589c8021087a740ca65b570777089be721a61" + "172b874a22a1f81aef3f8bb6", + "048d2721370df8f097d5a69396249a315f6037dc7045b3da11eacae6d43036f779d5de70" + "53d101768b42cc2b1283a3aaeaa046039ae662141f9954d278183eaa2e03917fe58583e3" + "2d344074d59d60caa5b0949c53066525d5cca923e2f201502e", + "d1b25ad25581cad17e96f1d302251681fee5b2efbb71c3c15ff035b2145d015d18e0e52d" + "c3187ab5a560277b3a3929b0", + "d836f52b14c7391744868daa2d5cf27eb9380b9b6176195573d5b04842e9f2fc3794d6cf" + "877feafee63d11b05f6a6bee", + "8b89042fef2c04d4bd6c9d66a06a010514321d623a5f8d57ba5ac3686872eaabca9e0ba2" + "d058ae7028e870acf03ca32d" }, + { NID_secp384r1, NID_sha224, + "94f8bfbb9dd6c9b6193e84c2023a27dea00fd48356909faec2161972439686c146184f80" + "686bc09e1a698af7df9dea3d24d9e9fd6d7348a146339c839282cf8984345dc6a51096d7" + "4ad238c35233012ad729f262481ec7cd6488f13a6ebac3f3d23438c7ccb5a66e2bf820e9" + "2b71c730bb12fd64ea1770d1f892e5b1e14a9e5c", + "cf53bdd4c91fe5aa4d82f116bd68153c907963fa3c9d478c9462bb03c79039493a8eaeb8" + "55773f2df37e4e551d509dcd", + "043a65b26c08102b44838f8c2327ea080daf1e4fc45bb279ce03af13a2f9575f0fff9e2e" + "4423a58594ce95d1e710b590cefe9dcbcb2ec6e8bd8ed3af3ff0aa619e900cc8bab3f50f" + "6e5f79fac09164fb6a2077cc4f1fed3e9ec6899e91db329bf3", + "df31908c9289d1fe25e055df199591b23e266433ab8657cc82cb3bca96b88720e229f8df" + "d42d8b78af7db69342430bca", + "6770eea9369d6718e60dd0b91aee845ff7ed7e0fcc91675f56d32e5227fd3a4612bbcb15" + "56fe94a989b9e3bcc25bb20e", + "c43072f706c98126d06a82b04251e3ecb0ba66c4bb6cd7c025919b9cc6019cdc635256d2" + "a7fa017b806b1e88649d2c0d" }, + { NID_secp384r1, NID_sha256, + "663b12ebf44b7ed3872b385477381f4b11adeb0aec9e0e2478776313d536376dc8fd5f3c" + "715bb6ddf32c01ee1d6f8b731785732c0d8441df636d8145577e7b3138e43c32a61bc124" + "2e0e73d62d624cdc924856076bdbbf1ec04ad4420732ef0c53d42479a08235fcfc4db4d8" + "69c4eb2828c73928cdc3e3758362d1b770809997", + "c602bc74a34592c311a6569661e0832c84f7207274676cc42a89f058162630184b52f0d9" + "9b855a7783c987476d7f9e6b", + "040400193b21f07cd059826e9453d3e96dd145041c97d49ff6b7047f86bb0b0439e90927" + "4cb9c282bfab88674c0765bc75f70d89c52acbc70468d2c5ae75c76d7f69b76af62dcf95" + "e99eba5dd11adf8f42ec9a425b0c5ec98e2f234a926b82a147", + "c10b5c25c4683d0b7827d0d88697cdc0932496b5299b798c0dd1e7af6cc757ccb30fcd3d" + "36ead4a804877e24f3a32443", + "b11db00cdaf53286d4483f38cd02785948477ed7ebc2ad609054551da0ab0359978c6185" + "1788aa2ec3267946d440e878", + "16007873c5b0604ce68112a8fee973e8e2b6e3319c683a762ff5065a076512d7c98b27e7" + "4b7887671048ac027df8cbf2" }, + { NID_secp384r1, NID_sha256, + "784d7f4686c01bea32cb6cab8c089fb25c341080d9832e04feac6ea63a341079cbd562a7" + "5365c63cf7e63e7e1dddc9e99db75ccee59c5295340c2bba36f457690a8f05c62ab001e3" + "d6b333780117d1456a9c8b27d6c2504db9c1428dad8ba797a4419914fcc636f0f14ede3f" + "ba49b023b12a77a2176b0b8ff55a895dcaf8dbce", + "0287f62a5aa8432ff5e95618ec8f9ccaa870dde99c30b51b7673378efe4ccac598f4bbeb" + "bfd8993f9abb747b6ad638b9", + "04b36418a3014074ec9bbcc6a4b2367a4fb464cca7ec0a324cb68670d5c5e03e7a7eb07d" + "a117c5ea50b665ab62bd02a4914ea299c30e7d76e2c5905babada2d3bb4ee5eb35a5a236" + "05cdb0d5133471a53eb9e6758e49105a4eaf29d2267ba84ef2", + "935eeab3edeb281fbd4eead0d9c0babd4b10ff18a31663ee9de3bfa9ae8f9d266441158e" + "a31c889ded9b3c592da77fd7", + "738f9cb28f3b991335ef17b62559255faf75cad370a222464a492e27bb173c7f16b22100" + "ada6b695875c7e4b1a28f158", + "bc998c30e1491cd5d60dc7d1c38333165efe036b2a78db9b8f0e85ee68619cfba654e11a" + "e5ca5ee5a87099c27cf22442" }, + { NID_secp384r1, NID_sha256, + "45e47fccc5bd6801f237cdbeac8f66ebc75f8b71a6da556d2e002352bd85bf269b6bc7c9" + "28d7bb1b0422601e4dd80b29d5906f8fcac212fe0eaaf52eda552303259cbcbe532e60ab" + "d3d38d786a45e39a2875bce675800a3eaeb9e42983d9fd9031180abd9adccc9ba30c6c19" + "8b4202c4dd70f241e969a3c412724b9b595bc28a", + "d44d3108873977036c9b97e03f914cba2f5775b68c425d550995574081191da764acc501" + "96f6d2508082a150af5cd41f", + "04c703835d723c85c643260379d8445b0c816fe9534351921e14a8e147fe140ec7b0c4d7" + "04f8dc66a232b2333b28f03deec5d0bb054053fd86c26f147c4966757aa04b00513a02d4" + "27b8d06c16055c607955efdc518d338abfe7927c195dc28588", + "c80f63e080650c8a21e4f63a62ec909adfb7d877f365d11ee1cb260baf112eb4730c161c" + "1d99dba98fc0d5bbd00dc97d", + "81de2810cde421997013513951a3d537c51a013110d6dbb29251410bcb5ba001a9686b84" + "90f1e581e282fd2ed0974b22", + "9cab0bbaffe91c7677ec3dd1f17060211a3cc0be574cbca064aa8c4b66ba6e64f3d80e83" + "da895042ca32d311c388d950" }, + { NID_secp384r1, NID_sha256, + "c33ff63b4e6891e00b2349b3f2907c417ca355560544a91e24a7a0ee260d6850aeded29f" + "c0176b6039ca6187e8333391047cceaf14b1077df8f147dad84d36b2dac5666dc2f69dc9" + "b58b88cc73956efdb3b47f91831d5875051c76b0c4e9fc087012a1f03eeee85d6745b46a" + "a50bd9cb0110c2c94508765cec162ee1aa841d73", + "d5b72cbb6ec68aca46b9c27ad992afd8ffa02cb3067b234fcfa6e272e3b31be760695ff7" + "df988b57663057ab19dd65e3", + "04135a6542612f1468d8a4d01ff1914e532b1dd64d3627db9d403dc325651d3f82b0f6f0" + "fd1dbdeca2be967c4fb3793b5fcbbd40f6d3a38d0dfb64582ff4789d7b268241bc0c36de" + "2884bccfaeeff3b7b2b46a30bb35719804e0d11124b4e7f480", + "9da6de7c87c101b68db64fea40d97f8ad974ceb88224c6796c690cbf61b8bd8eede8470b" + "3caf6e6106b66cf3f0eebd55", + "17840911ecdf6ae0428b2634f442163c2c11b8dbf0cc7a5596fbe4d33e3e52f9d99e99ad" + "169867b1f39e89c9180cedc2", + "dd7ed67e480866d0474379ea4afff72870746f4feef2153be42f13bf472b1613d7faa5c0" + "abb7f7464070f94d7cf3f234" }, + { NID_secp384r1, NID_sha256, + "f562f2b9d84b0e96a52532c3b43c39c8018c738bd8dc3797a7de7353971b2729d522d696" + "1b1f2e4df3f6a4bd3653e6d72b74fc0dba92ab939c4b542e994e5db6dd8ed4f56f651e69" + "9052e791237ae1f552f990ad156226ae8f7bf17fcbfa564f749604f97e9df0879d509857" + "47d981422a23040fe52f5ec74caf1d4aaad8a710", + "218ee54a71ef2ccf012aca231fee28a2c665fc395ff5cd20bde9b8df598c282664abf915" + "9c5b3923132983f945056d93", + "0401989ff07a7a452d8084937448be946bfedac4049cea34b3db6f7c91d07d69e926cce0" + "af3d6e88855a28120cf3dba8dfeb064e029d7539d4b301aabafe8de8870162deffe6383b" + "c63cc005add6ee1d5ced4a5761219c60cd58ad5b2a7c74aaa9", + "c5d39b436d851d94691f5f4aa9ef447f7989d984f279ae8b091aef5449ac062bcc056774" + "0f914624ad5b99fc32f9af0b", + "07d5b1b12877e8cb5e0aa5e71eeeb17bf0aa203064c7e98b3a1798a74dc9717252dc47c7" + "f06aaf1d5fe15b868323bbb9", + "69428cf101a7af5d08161a9fd7af212e02e33b6062aebdce4c96bf3a0684b5394cb902ca" + "7c2dec6e2f01f40c4576009d" }, + { NID_secp384r1, NID_sha256, + "ace953ae851f571d71779aa120915f27450b236da23e9106f8d0756abdd2586193794122" + "8d225d5fb1aa1b1ebf759b1e326aeb3b6cd0cd87edd2ab9f6a7ad67b63d2c501d6a550ed" + "b2e7c9d216cc8af78dd33546af64d00abed4d0d2cfc5c9a7b5a055dbe8f7547902d185cf" + "46937314832bc5c602419a82ab83dbd9d3bd5aff", + "e6ab171f6937c000e144950801ad91023ae8e8476856c2592d9f7d5bb7180fd729211803" + "d39a412ead6c0be761cfa5d1", + "0438bc42b8c9d8866d09b214398d584b1b24a488dfacc3420d1e9506aa825b19fdf1ba74" + "e7b8f547f47b571467fe8c4d1f5179d62668d3f6a7ab5c8e3761a685e12008fb87d0529a" + "97645f65cfb5364376c1b6682e0ffcddd0bcd995c41d013ad3", + "05e9718aea9669c9e434f73866da5f252dec6d24c47a1c4ee3233450b6ec626de9746ebe" + "095b285558dfc89fc1b622fe", + "df9bab9dd1f22ec6f27116f38831cb2089aa78aa8c073024a0faddd9a48e810a5e8e2cad" + "d80fbf8dbd6088c71fe30b5b", + "1e0e8718567d12d18558c57f9e87a755c309e4ffb497335a3adfc8d7475ce8fd882d5dc3" + "3a8f5a16274b7ad74bb7862a" }, + { NID_secp384r1, NID_sha256, + "9635ab832240be95301bedb94c5aec169eedc198cbbdfedcf41e9b586143d829b4597a6b" + "2a81902828332825fd84a785f187a3894e21bd99d22c4f94dcf34453fc052f15ec64d144" + "7c932cb38fcdd30b7be851963409c11881438cbaad7e96f9efbde317f2235d66af804477" + "a5dfe9f0c51448383830050ecf228889f83631e1", + "14acd516c7198798fd42ab0684d18df1cd1c99e304312752b3035bed6535a8975dff8acf" + "c2ba1675787c817b5bff6960", + "0429909d143cf7ee9c74b11d52f1a8f3ebd4a720c135612ca5618d3f432f03a95602ee75" + "a2057e1d7aab51d0648ac0b334404b6c5adffbadfa1b0380ae89fed96ec1ca16cc28661e" + "623d0f1c8b130fbaa96dd7257eae2bf03c2d3dcbc3dbc82c58", + "7f623c103eaa9099a0462e55f80519c565adaeffcb57a29993f3a8a92e63a560be8f0fb9" + "d23dc80bff1064bb41abad79", + "932ab291950c16b2b19a8036cd2e905714c6229cb190a73b3ea49c48dd8e76063a453c7c" + "3267a57597d2973678216296", + "d17d4c5ddbb9c27beebf526f113b416c8abfad53d11c4224813c7f351ba41a77dd4e77d6" + "e4a65bef2c9f62cc37a469a5" }, + { NID_secp384r1, NID_sha256, + "d98b9a7d4fe9d0fd95de5056af164a8b7882cd34ab5bde83a2abb32dc361eb56a479a3a6" + "119db3b91dcad26a42d2206749567f0d97c34a981a91fc734921821a429f6a53401743a5" + "c406ba9d560f956203abc9d1f32f1a13e7d7b290f75c95fdbf857ea597021461c06a3aac" + "fa554ede3d69e4ff03bbbee5b7463ec77de2b3b2", + "2e780550984f3a00cb1e412429b33493c6eb6cd86d12f9d80588c247dcf567bd04296d2d" + "4b24b889d9c54954b7f38f57", + "0437dac42ef04663238443ef33e8addee2e78c40d50a1751913a7f5c37d1f23a26c7f86e" + "16055c788b8ca9554f06b2f2efbbed1549652904e3d00c39b01cc0460dbaf3185e6190c2" + "705677a9701de1fe56dff4f4d8418ee15059ff8fc36800982d", + "b788ca82811b0d4e4841765c71eafaa1e575378beedcd3860d8b92db3d070ac5aef7c425" + "067860fbee6c50cf0c642bbb", + "7292b3851870daeb2555a8a2fb198ead78739fcfb75327e5c32a82c6b77d58983e5ad548" + "ccb75dcf9411039c9576d9b9", + "a378c61802d9f1dd062b6e18f16416a954018f77df4df95ad1b983570377d5cfce4cc786" + "1759e802c52f81abc4f49aac" }, + { NID_secp384r1, NID_sha256, + "1b4c754ac1c28dc415a71eac816bde68de7e8db66409af835838c5bb2c605111108a3bf1" + "3606ed5d8ade5ed72e50503e0de664416393d178ea4eec834d8d6f15039847b410080fd5" + "529b426e5aadd8451c20ebd92d787921f33e147bcbeb327b104d4aab1157fc1df33e4d76" + "8404b5ccb7110055c2508c600f429fd0c21b5784", + "a24d0fe90808aecc5d90626d7e6da7c9be5dfd4e1233c7f0f71f1b7c1c6fd318fafe1855" + "9c94718f044cf02ed5107cb1", + "04ec8ae1fb9bb88589d27d6f27d790392853396f37bc0c381631d85800fc668eea0886bf" + "1c6cff801147df19778d5b16041e1a8336c1e2506f8ee388b55cc648ae73b9295ea78467" + "979d2affb364536fad28120f51ec62a67cbb6ce7784780389f", + "755d025509b73cf1ea8817beb772ad150b4c17a52378be187daffe3db0158921e5e552d1" + "ca3c85df28519939f3cb794d", + "23ff2ffa62bbd427d49995d9c9950116e0d5a06ef076a4553448bc109e6482c5e87d4c83" + "3bc88de0bc722bc98cae2e61", + "9aea13d487c3ea6917e16374caafcf0321c12a80d28902dd8cd81909bb04b8c439e2491e" + "504756742d0d0bfb15a9c34c" }, + { NID_secp384r1, NID_sha256, + "3cd8c053741dd9f974c6c5dbf8a1e5728e9b5eafb1cbcfc3452f5fbbda32a8c7564dee15" + "7e8d902c52514361da6d972934a56b3276e2a9379e328e24282e0db697c5bc29090fc489" + "ec46b7b188325dd4e96494c250de0f4a89fe2ccf919eaefcfb50c288113e6df92714feb7" + "f46e0822478c796d0f4ff3447a32997e892693ce", + "1c172e25732555afee7ded67a496f3f11babc0875898619f4519c29321e201e8ba1149f2" + "c20b48e5efba235d58fea7c3", + "0413e9e2c8bbcfe26e8f5f43c86268c5980ee693236a6b8777f3a7323718baa21005b482" + "d08aafc6fa6e3667d91353544c9ba181b3ee505be030f87ecd249b00670a791489b42af0" + "4976013483ff95b630c91c01e95757e906129f2f9b4ce719a8", + "08aec9a9e58bdc028805eb5dc86073d05fff1f5fb3fd17f510fc08f9272d84ba7aa66b6f" + "77d84fe6360bd538192bf01a", + "2b4337c3dfbc886ffad7858ae2480cb62227e12205a70361c42f1a5ca9e658ee30fc3cf4" + "030d85bd065edad83b99821f", + "2550cef8574bf17fb3d6b0c9d04ab266962bac3621bac233ff2e4989712d2a4a07171c0a" + "ebd3040cd6a32c3bd3efb8b5" }, + { NID_secp384r1, NID_sha256, + "ed955dda6d9650124804d3deb6aeef900e520faf98b1ef6f14efcada7ca2433f09329b70" + "897305e59c89024d76e466b28fe02cb2a9b12e2478c66470259d7c282137a19e5a04ffad" + "ea55245c0f34a681593fedc42931d8b3321b3d82e9cc102cd00540ad311ec7bd8c9d06db" + "21bea4ca3dc74d98931ae0d40494aefc2345132c", + "5b96555dbd602e71d4d5d3aee19fd1ea084ee23d4f55c10937056762bc2015cbded2e898" + "a487f5482ab7e1e971245907", + "046e14c17bb831b0112d7f3543c5fd17c78379a516c9e0539b03b8b4bfdead2820343fc8" + "4b0382807573ded6c4d97b70037f60021d2de77546db666721c9aec84c3e2ba8de0ba774" + "43600dc77e6839bbf9316271adb22d4cb47d08f745ecb1dafd", + "7ad6f4ffd2b429ba10c6f112f800cacf1ad508cf8eba880893bb9659c1ddaaec57dcdc09" + "3a114500460d457bdde324f2", + "faea950ca513806bc59028c638d6302ffc86978c3ff1f06db015dd7c4777050186cb8dd8" + "71f5e926e1416539c1939c2f", + "2c592240eabb8a1f9878e1b5c9d5d3ced7b3a7ae571f5a86494ed2ca567a36eb72e7bea8" + "934bded29594bccf67ca84bd" }, + { NID_secp384r1, NID_sha256, + "ce395b001da2a58e49691605d44af4206306f62f561bf2394060d2a5591a350277166bed" + "043819035f1e60b5b3fb5ae113ddd0473f8ef6b2b050c472c2a264e1d8b3ca82a4f158c4" + "0f2d78d9ce5e5ea6de243f2e1f13f47f6c6f403b270912c81c636be35b396ca58468b3fb" + "60aa83911d61441a0528d973bc31f965d4059080", + "8df9c3c710a25192f3dea970910bb3784e3509874cccf4334823eb9f7a8d05b067f2d812" + "d61e878e24b093089a0b8245", + "0492c9e32b20cbe6d4ed0727c6c942cf804a72031d6dfd69078b5e78ebce2d192268f1f5" + "e2abce5aaf1f8d6a35f136837fd5167905fa7689e03b9fb1487c566f62b36f2bc1c4a2bf" + "b6a836113b5c8d46f7c1ca51b628b14397fbc06ec9a07f4849", + "258dd05919735cd48627c9fe9fac5c252604aa7c2ae0460d7c1149cd96b7bd2ba195ad39" + "3bf392a2499f06aead5ba050", + "413793bcce52eda0f5b675a8d687cce86d5c9e1659b38a89e96246b5e05f8b0934d17dbb" + "a3b2ea44c838aa5fd87125d1", + "ce7309fc2d6e3438818a1a29a997410b025b0403de20795b97c86c46034a6b02afeed279" + "aeb06522d4de941bfdf50469" }, + { NID_secp384r1, NID_sha256, + "ffefe316455ae4ffdb890bb804bf7d31424ea060ecacff419d0f7134ff76ad434063c0ec" + "0f8bb7059584d3a03f3625bb9e9f66ace1a47ac4b8f3e76fc7c420c55edb1427d1fa15b3" + "87ad73d02b0595c4e74321be8822752230a0dcfb85d60bfa186da7623a8ec3eb1633f0a2" + "94b23ae87216b14ccee9ef56418dcfab9427371e", + "6002cb01ad2ce6e7101665d47729c863b6435c3875de57a93f99da834f73e3e6e2b3880e" + "06de3e6bd1d51ea1807ab0d7", + "04e4216e1a20af8e8e3e74653ac016545001066e53e64af679ad1c85841bb475aed3e00e" + "ad052ae9955f48d675ff4ace568804c17641be21d4c6386902c9c5c888af25d97ca38370" + "3ea4a85cf93bbab360c0bbd2993374da499a303778650270b9", + "6b9507fd2844df0949f8b67b6fde986e50173713ac03df2edf65cb339859321cd3a2b9aa" + "b8356f95dec62460ab19c822", + "018891f6381ed358b422f79a299cf0789cee783ba388af4d82cbbe17f3709751b7fd9400" + "e9702820c28b9afc62fdf489", + "aef73bd590802b2fd2a65c4f7fec89f9b24ecc199a69254785925f334cd1977c5e1f858b" + "d9830d7d7d243ea707b1af0b" }, + { NID_secp384r1, NID_sha256, + "304bccb718b3a9e12669913490cc5bcc1979287b56c628fad706c354241e88d10e81445a" + "2853e3fc32ece094ba1abc3fdcab61da27f9a0fca739371049fed462ee6b08fa31cde127" + "20f8144a6f00ce9b1a7a6eadd231f126717074b4efb5c72ce673ca5859000a436f67a338" + "d698759f12c461247c45a361fb6cb661fdbe6714", + "d8559c3543afc6f7b3dc037a687bad2630283757ba7862fd23ed14e2151a4cf5fed3d249" + "268f780e0b96b6b46274a2d5", + "045f94223918f2ec9f0a08342cb99e724881c92453957c59672860f69daac01b660331a0" + "f5845e50f1f27766b219c89e7ed76d83396130d10d1168d76c7fc83742ffffbe66d9f4da" + "4ca3f95f5ad6dac8cc7bb65d16d317d37aa99fdbf30ec7439c", + "4ad5a92b5b8e170b71c8a7ed419dc624c7680004562b8d16a37b6e639f581ce81d5f0d98" + "cce44d54c4e7136229148340", + "f7baa6a5488ab462ea59aa31a36402b15880c68110b6069f51ede0c3b52a7b1e5bf926fd" + "be95768931b7d5f87058835c", + "28b1c4ef448a432f7c91b98b0c6471691e888211b6af907369a8930859b8cdb2e94f466a" + "44f4e52f46df9b0d65e35de6" }, + { NID_secp384r1, NID_sha256, + "64f9f05c2805acf59c047b5f5d2e20c39277b6d6380f70f87b72327a76170b872bfe4b25" + "c451602acfb6a631bb885e2655aee8abe44f69c90fb21ffde03cef2a452c468c6369867d" + "fd8aa26ac24e16aa53b292375a8d8fbf988e302bf00088e4c061aa12c421d8fe3cbd7273" + "b0e8993701df1c59431f436a08b8e15bd123d133", + "b9208cbfd186ddfa3efd5b71342ae1efb01a13ebc4c2a992a2cbee7254b7846a4252ece1" + "104b89d13d835911f8511224", + "04166e6d96cb60d916fd19888a2dd945a3306ff0d7b0a5e30729f47d3dac3de2be3fd5cd" + "7437e9a80d6c48cf960d2d36f8e6b2b70f131092ae210f29cc6bad701318bddb31bddf92" + "1695855c6208941100d0cee5d10799f8b835afe3ea510e8229", + "da706ab5f61531f2378b3c0a2b342108cd119eadaa88b859df64923bccfb0ec2393fd312" + "826f65c15a6587d1d460015b", + "d9124c42858080c62400e4d4d8136304e03d910cbe9b9b3487f4d27c7e0540a314d34bef" + "8c850045c8746ca631c11c42", + "bbf6424a3b70166fa799f49e918439d515327039258ef9bd88435a59c9c19659f8ec3c86" + "60720b0c08354ff60e0f5a76" }, + { NID_secp384r1, NID_sha384, + "6b45d88037392e1371d9fd1cd174e9c1838d11c3d6133dc17e65fa0c485dcca9f52d41b6" + "0161246039e42ec784d49400bffdb51459f5de654091301a09378f93464d52118b48d44b" + "30d781eb1dbed09da11fb4c818dbd442d161aba4b9edc79f05e4b7e401651395b53bd8b5" + "bd3f2aaa6a00877fa9b45cadb8e648550b4c6cbe", + "201b432d8df14324182d6261db3e4b3f46a8284482d52e370da41e6cbdf45ec2952f5db7" + "ccbce3bc29449f4fb080ac97", + "04c2b47944fb5de342d03285880177ca5f7d0f2fcad7678cce4229d6e1932fcac11bfc3c" + "3e97d942a3c56bf34123013dbf37257906a8223866eda0743c519616a76a758ae58aee81" + "c5fd35fbf3a855b7754a36d4a0672df95d6c44a81cf7620c2d", + "dcedabf85978e090f733c6e16646fa34df9ded6e5ce28c6676a00f58a25283db8885e16c" + "e5bf97f917c81e1f25c9c771", + "50835a9251bad008106177ef004b091a1e4235cd0da84fff54542b0ed755c1d6f251609d" + "14ecf18f9e1ddfe69b946e32", + "0475f3d30c6463b646e8d3bf2455830314611cbde404be518b14464fdb195fdcc92eb222" + "e61f426a4a592c00a6a89721" }, + { NID_secp384r1, NID_sha384, + "d768f41e6e8ec2125d6cf5786d1ba96668ac6566c5cdbbe407f7f2051f3ad6b1acdbfe13" + "edf0d0a86fa110f405406b69085219b5a234ebdb93153241f785d45811b3540d1c37424c" + "c7194424787a51b79679266484c787fb1ded6d1a26b9567d5ea68f04be416caf3be9bd2c" + "afa208fe2a9e234d3ae557c65d3fe6da4cb48da4", + "23d9f4ea6d87b7d6163d64256e3449255db14786401a51daa7847161bf56d494325ad2ac" + "8ba928394e01061d882c3528", + "045d42d6301c54a438f65970bae2a098cbc567e98840006e356221966c86d82e8eca515b" + "ca850eaa3cd41f175f03a0cbfd4aef5a0ceece95d382bd70ab5ce1cb77408bae42b51a08" + "816d5e5e1d3da8c18fcc95564a752730b0aabea983ccea4e2e", + "67ba379366049008593eac124f59ab017358892ee0c063d38f3758bb849fd25d867c3561" + "563cac1532a323b228dc0890", + "fb318f4cb1276282bb43f733a7fb7c567ce94f4d02924fc758635ab2d1107108bf159b85" + "db080cdc3b30fbb5400016f3", + "588e3d7af5da03eae255ecb1813100d95edc243476b724b22db8e85377660d7645ddc1c2" + "c2ee4eaea8b683dbe22f86ca" }, + { NID_secp384r1, NID_sha384, + "6af6652e92a17b7898e40b6776fabaf0d74cf88d8f0ebfa6088309cbe09fac472eeac2aa" + "8ea96b8c12e993d14c93f8ef4e8b547afe7ae5e4f3973170b35deb3239898918c70c1056" + "332c3f894cd643d2d9b93c2561aac069577bbab45803250a31cd62226cab94d8cba7261d" + "ce9fe88c210c212b54329d76a273522c8ba91ddf", + "b5f670e98d8befc46f6f51fb2997069550c2a52ebfb4e5e25dd905352d9ef89eed5c2ecd" + "16521853aadb1b52b8c42ae6", + "0444ffb2a3a95e12d87c72b5ea0a8a7cb89f56b3bd46342b2303608d7216301c21b5d292" + "1d80b6628dc512ccb84e2fc278e4c1002f1828abaec768cadcb7cf42fbf93b1709ccae6d" + "f5b134c41fae2b9a188bfbe1eccff0bd348517d7227f2071a6", + "229e67638f712f57bea4c2b02279d5ccad1e7c9e201c77f6f01aeb81ea90e62b44b2d210" + "7fd66d35e56608fff65e28e4", + "b11db592e4ebc75b6472b879b1d8ce57452c615aef20f67a280f8bca9b11a30ad4ac9d69" + "541258c7dd5d0b4ab8dd7d49", + "4eb51db8004e46d438359abf060a9444616cb46b4f99c9a05b53ba6df02e914c9c0b6cc3" + "a9791d804d2e4c0984dab1cc" }, + { NID_secp384r1, NID_sha384, + "b96d74b2265dd895d94e25092fb9262dc4f2f7a328a3c0c3da134b2d0a4e2058ca994e34" + "45c5ff4f812738e1b0c0f7a126486942a12e674a21f22d0886d68df2375f41685d694d48" + "7a718024933a7c4306f33f1a4267d469c530b0fed4e7dea520a19dd68bf0203cc87cad65" + "2260ed43b7b23f6ed140d3085875190191a0381a", + "de5975d8932533f092e76295ed6b23f10fc5fba48bfb82c6cc714826baf0126813247f8b" + "d51d5738503654ab22459976", + "04f1fabafc01fec7e96d982528d9ef3a2a18b7fe8ae0fa0673977341c7ae4ae8d8d3d674" + "20343d013a984f5f61da29ae381a31cf902c46343d01b2ebb614bc789c313b5f91f9302a" + "d9418e9c797563e2fa3d44500f47b4e26ad8fdec1a816d1dcf", + "fc5940e661542436f9265c34bce407eff6364bd471aa79b90c906d923e15c9ed96eea4e8" + "6f3238ea86161d13b7d9359d", + "c2fbdd6a56789024082173725d797ef9fd6accb6ae664b7260f9e83cb8ab2490428c8b9c" + "52e153612295432fec4d59cd", + "8056c5bb57f41f73082888b234fcda320a33250b5da012ba1fdb4924355ae679012d81d2" + "c08fc0f8634c708a4833232f" }, + { NID_secp384r1, NID_sha384, + "7cec7480a037ff40c232c1d2d6e8cd4c080bbeecdaf3886fccc9f129bb6d202c316eca76" + "c8ad4e76079afe622f833a16f4907e817260c1fa68b10c7a151a37eb8c036b057ed4652c" + "353db4b4a34b37c9a2b300fb5f5fcfb8aa8adae13db359160f70a9241546140e550af007" + "3468683377e6771b6508327408c245d78911c2cc", + "11e0d470dc31fab0f5722f87b74a6c8d7414115e58ceb38bfcdced367beac3adbf1fe9ba" + "5a04f72e978b1eb54597eabc", + "041950166989164cbfd97968c7e8adb6fbca1873ebef811ea259eb48b7d584627f0e6d6c" + "64defe23cbc95236505a252aa141ef424b5cb076d4e32accd9250ea75fcf4ffd81814040" + "c050d58c0a29b06be11edf67c911b403e418b7277417e52906", + "e56904028226eb04f8d071e3f9cefec91075a81ca0fa87b44cae148fe1ce9827b5d1910d" + "b2336d0eb9813ddba3e4d7b5", + "c38ef30f55624e8935680c29f8c24824877cf48ffc0ef015e62de1068893353030d1193b" + "f9d34237d7ce6ba92c98b0fe", + "651b8c3d5c9d5b936d300802a06d82ad54f7b1ba4327b2f031c0c5b0cb215ad4354edc7f" + "932d934e877dfa1cf51b13fe" }, + { NID_secp384r1, NID_sha384, + "00ce978603229710345c9ad7c1c2dba3596b196528eea25bd822d43ca8f76a024e292177" + "03dd0652c8a615284fc3edcc1c5ad1c8d5a8521c8e104c016a24e50c2e25066dcb56596f" + "913b872767e3627aa3e55ec812e9fdac7c2f1beade83aef093e24c9c953982adf431a776" + "880ae4583be158e11cdab1cbca3ad3a66900213d", + "5c6bbf9fbcbb7b97c9535f57b431ed1ccae1945b7e8a4f1b032016b07810bd24a9e20055" + "c0e9306650df59ef7e2cd8c2", + "042e01c5b59e619e00b79060a1e8ef695472e23bf9a511fc3d5ed77a334a242557098e40" + "972713732c5291c97adf9cf2cf563e3fe4ad807e803b9e961b08da4dde4cea8925649da0" + "d93221ce4cdceabc6a1db7612180a8c6bef3579c65539b97e9", + "03d23f1277b949cb6380211ad9d338e6f76c3eedac95989b91d0243cfb734a54b19bca45" + "a5d13d6a4b9f815d919eea77", + "abab65308f0b79c4f3a9ff28dd490acb0c320434094cef93e75adfe17e5820dc1f77544c" + "faaacdc8cf9ac8b38e174bef", + "11b783d879a6de054b316af7d56e526c3dce96c85289122e3ad927cfa77bfc50b4a96c97" + "f85b1b8221be2df083ff58fb" }, + { NID_secp384r1, NID_sha384, + "54a255c18692c6162a46add176a0ae8361dcb8948f092d8d7bac83e160431794d3b98128" + "49bf1994bcdcfba56e8540c8a9ee5b93414548f2a653191b6bb28bda8dc70d45cc1b92a4" + "89f58a2d54f85766cb3c90de7dd88e690d8ebc9a79987eee1989df35af5e35522f83d85c" + "48dda89863171c8b0bf4853ae28c2ac45c764416", + "ffc7dedeff8343721f72046bc3c126626c177b0e48e247f44fd61f8469d4d5f0a74147fa" + "baa334495cc1f986ebc5f0b1", + "0451c78c979452edd53b563f63eb3e854a5b23e87f1b2103942b65f77d024471f75c8ce1" + "cc0dfef83292b368112aa5126e313e6aaf09caa3ba30f13072b2134878f14a4a01ee8632" + "6cccbff3d079b4df097dc57985e8c8c834a10cb9d766169366", + "c3de91dbe4f777698773da70dd610ef1a7efe4dc00d734399c7dd100728006a502822a5a" + "7ff9129ffd8adf6c1fc1211a", + "f4f477855819ad8b1763f53691b76afbc4a31a638b1e08c293f9bcd55decf797f9913ca1" + "28d4b45b2e2ea3e82c6cf565", + "7c26be29569ef95480a6d0c1af49dc10a51a0a8931345e48c0c39498bfb94d62962980b5" + "6143a7b41a2fddc8794c1b7f" }, + { NID_secp384r1, NID_sha384, + "692a78f90d4f9d5aee5da536314a78d68c1feabbfe5d1ccea7f6059a66c4b310f8051c41" + "1c409ccf6e19a0cbd8b8e100c48317fe8c6d4f8a638b9551ce7ee178020f04f7da3001a0" + "e6855225fb3c9b375e4ed964588a1a41a095f3f476c42d52ffd23ce1702c93b56d4425d3" + "befcf75d0951b6fd5c05b05455bdaf205fe70ca2", + "adca364ef144a21df64b163615e8349cf74ee9dbf728104215c532073a7f74e2f6738577" + "9f7f74ab344cc3c7da061cf6", + "04ef948daae68242330a7358ef73f23b56c07e37126266db3fa6eea233a04a9b3e491523" + "3dd6754427cd4b71b75854077d009453ef1828eaff9e17c856d4fc1895ab60051312c3e1" + "db1e3766566438b2990cbf9945c2545619e3e0145bc6a79004", + "a2da3fae2e6da3cf11b49861afb34fba357fea89f54b35ce5ed7434ae09103fe53e2be75" + "b93fc579fedf919f6d5e407e", + "dda994b9c428b57e9f8bbaebba0d682e3aac6ed828e3a1e99a7fc4c804bff8df151137f5" + "39c7389d80e23d9f3ee497bf", + "a0d6b10ceffd0e1b29cf784476f9173ba6ecd2cfc7929725f2d6e24e0db5a4721683640e" + "aa2bbe151fb57560f9ce594b" }, + { NID_secp384r1, NID_sha384, + "3b309bb912ab2a51681451ed18ad79e95d968abc35423a67036a02af92f575a0c89f1b66" + "8afe22c7037ad1199e757a8f06b281c33e9a40bab69c9874e0bb680b905d909b9dc24a9f" + "e89bb3d7f7d47082b25093c59754f8c19d1f81f30334a8cdd50a3cb72f96d4b3c305e60a" + "439a7e93aeb640dd3c8de37d63c60fb469c2d3ed", + "39bea008ec8a217866dcbdb1b93da34d1d3e851d011df9ef44b7828b3453a54aa70f1df9" + "932170804eacd207e4f7e91d", + "045709ec4305a9c3271c304face6c148142490b827a73a4c17affcfd01fffd7eaa65d2fd" + "edfa2419fc64ed910823513fafb083cda1cf3be6371b6c06e729ea6299213428db571193" + "47247ec1fcd44204386cc0bca3f452d9d864b39efbfc89d6b2", + "3c90cc7b6984056f570542a51cbe497ce4c11aeae8fc35e8fd6a0d9adeb650e8644f9d1d" + "5e4341b5adc81e27f284c08f", + "d13646895afb1bfd1953551bb922809c95ad65d6abe94eb3719c899aa1f6dba6b01222c7" + "f283900fe98628b7597b6ea6", + "4a9a38afda04c0a6b0058943b679bd02205b14d0f3d49b8f31aac289129780cdb1c555de" + "f8c3f9106b478729e0c7efaa" }, + { NID_secp384r1, NID_sha384, + "f072b72b8783289463da118613c43824d11441dba364c289de03ff5fab3a6f60e85957d8" + "ff211f1cb62fa90216fb727106f692e5ae0844b11b710e5a12c69df3ed895b94e8769ecd" + "15ff433762d6e8e94d8e6a72645b213b0231344e2c968056766c5dd6b5a5df41971858b8" + "5e99afbf859400f839b42cd129068efabeea4a26", + "e849cf948b241362e3e20c458b52df044f2a72deb0f41c1bb0673e7c04cdd70811215059" + "032b5ca3cc69c345dcce4cf7", + "0406c037a0cbf43fdf335dff33de06d34348405353f9fdf2ce1361efba30fb204aea9dbd" + "2e30da0a10fd2d876188371be6360d38f3940e34679204b98fbf70b8a4d97f25443e46d0" + "807ab634ed5891ad864dd7703557aa933cd380e26eea662a43", + "32386b2593c85e877b70e5e5495936f65dc49553caef1aa6cc14d9cd370c442a0ccfab4c" + "0da9ec311b67913b1b575a9d", + "5886078d3495767e330c7507b7ca0fa07a50e59912a416d89f0ab1aa4e88153d6eaf0088" + "2d1b4aa64153153352d853b5", + "2cc10023bf1bf8ccfd14b06b82cc2114449a352389c8ff9f6f78cdc4e32bde69f3869da0" + "e17f691b329682ae7a36e1aa" }, + { NID_secp384r1, NID_sha384, + "cf4945350be8133b575c4ad6c9585e0b83ff1ed17989b6cd6c71b41b5264e828b4e11599" + "5b1ae77528e7e9002ac1b5669064442645929f9d7dd70927cb93f95edeb73e8624f4bc89" + "7ec4c2c7581cb626916f29b2d6e6c2fba8c59a71e30754b459d81b912a12798182bcff40" + "19c7bdfe929cc769bcc2414befe7d2906add4271", + "d89607475d509ef23dc9f476eae4280c986de741b63560670fa2bd605f5049f1972792c0" + "413a5b3b4b34e7a38b70b7ca", + "0449a1c631f31cf5c45b2676b1f130cbf9be683d0a50dffae0d147c1e9913ab1090c6529" + "a84f47ddc7cf025921b771355a1e207eece62f2bcc6bdabc1113158145170be97469a290" + "4eaaa93aad85b86a19719207f3e423051f5b9cbbe2754eefcb", + "78613c570c8d33b7dd1bd1561d87e36282e8cf4843e7c344a2b2bb6a0da94756d670eeaf" + "fe434f7ae7c780f7cf05ca08", + "66f92b39aa3f4aeb9e2dc03ac3855406fa3ebbab0a6c88a78d7a03482f0c9868d7b78bc0" + "81ede0947c7f37bf193074ba", + "e5c64ed98d7f3701193f25dd237d59c91c0da6e26215e0889d82e6d3e416693f8d58843c" + "f30ab10ab8d0edd9170b53ad" }, + { NID_secp384r1, NID_sha384, + "d9b5cf0b50416573ff3c63133275a18394dd4326be2041e8d97e6e4e3855a4a177e9d26d" + "fd223fe8aa74564edb49bd72de19916fb6f001f44530d5c18e2c332bce1b7415df5927ec" + "e5f3824f34d174b963136b53aef1fb78fb0c06a201a40b2db38e4d8216fc1e392a798c8a" + "b4b3a314496b7f1087804ebfa89bf96e9cdb80c0", + "083e7152734adf342520ae377087a223688de2899b10cfcb34a0b36bca500a4dfa530e23" + "43e6a39da7ae1eb0862b4a0d", + "0470a0f16b6c61172659b027ed19b18fd8f57bd28dc0501f207bd6b0bb065b5671cf3dd1" + "ed13d388dcf6ccc766597aa6044f845bf01c3c3f6126a7368c3454f51425801ee0b72e63" + "fb6799b4420bfdebe3e37c7246db627cc82c09654979c700bb", + "28096ababe29a075fbdf894709a20d0fdedb01ed3eeacb642a33a0da6aed726e13caf6cf" + "206792ec359f0c9f9b567552", + "ee2923f9b9999ea05b5e57f505bed5c6ba0420def42c6fa90eef7a6ef770786525546de2" + "7cdeb2f8586f8f29fb4ee67c", + "50ef923fb217c4cf65a48b94412fda430fac685f0da7bd574557c6c50f5b22e0c8354d99" + "f2c2f2c2691f252f93c7d84a" }, + { NID_secp384r1, NID_sha384, + "9e4042d8438a405475b7dab1cd783eb6ce1d1bffa46ac9dfda622b23ac31057b922eced8" + "e2ed7b3241efeafd7c9ab372bf16230f7134647f2956fb793989d3c885a5ae064e85ed97" + "1b64f5f561e7ddb79d49aa6ebe727c671c67879b794554c04de0e05d68264855745ef3c9" + "567bd646d5c5f8728b797c181b6b6a876e167663", + "63578d416215aff2cc78f9b926d4c7740a77c142944e104aa7422b19a616898262d46a8a" + "942d5e8d5db135ee8b09a368", + "04cadbacef4406099316db2ce3206adc636c2bb0a835847ed7941efb02862472f3150338" + "f13f4860d47f39b7e098f0a390752ad0f22c9c264336cde11bbc95d1816ed4d1b1500db6" + "b8dce259a42832e613c31178c2c7995206a62e201ba108f570", + "7b69c5d5b4d05c9950dc94c27d58403b4c52c004b80a80418ad3a89aabc5d34f21926729" + "e76afd280cc8ee88c9805a2a", + "db054addb6161ee49c6ce2e4d646d7670754747b6737ca8516e9d1e87859937c3ef9b1d2" + "663e10d7e4bd00ec85b7a97a", + "fcc504e0f00ef29587e4bc22faada4db30e2cb1ac552680a65785ae87beb666c792513f2" + "be7a3180fc544296841a0e27" }, + { NID_secp384r1, NID_sha384, + "0b14a7484a40b68a3ce1273b8a48b8fdb65ba900d98541c4bbd07b97e31bcc4c85545a03" + "e9deab3c563f47a036ff60d0361684ba241b5aa68bb46f440da22181ee328a011de98eff" + "34ba235ec10612b07bdfa6b3dc4ccc5e82d3a8d057e1862fef3def5a1804696f84699fda" + "2ec4175a54a4d08bcb4f0406fdac4eddadf5e29b", + "ed4df19971658b74868800b3b81bc877807743b25c65740f1d6377542afe2c6427612c84" + "0ada31a8eb794718f37c7283", + "0433093a0568757e8b58df5b72ea5fe5bf26e6f7aeb541b4c6a8c189c93721749bcacecc" + "f2982a2f0702586a9f812fc66febe320d09e1f0662189d50b85a20403b821ac0d000afdb" + "f66a0a33f304726c69e354d81c50b94ba3a5250efc31319cd1", + "d9b4cd1bdfa83e608289634dbfcee643f07315baf743fc91922880b55a2feda3b38ddf60" + "40d3ba10985cd1285fc690d5", + "009c74063e206a4259b53decff5445683a03f44fa67252b76bd3581081c714f882f882df" + "915e97dbeab061fa8b3cc4e7", + "d40e09d3468b46699948007e8f59845766dbf694b9c62066890dd055c0cb9a0caf0aa611" + "fb9f466ad0bbb00dbe29d7eb" }, + { NID_secp384r1, NID_sha384, + "0e646c6c3cc0f9fdedef934b7195fe3837836a9f6f263968af95ef84cd035750f3cdb649" + "de745c874a6ef66b3dd83b66068b4335bc0a97184182e3965c722b3b1aee488c3620adb8" + "35a8140e199f4fc83a88b02881816b366a09316e25685217f9221157fc05b2d8d2bc8553" + "72183da7af3f0a14148a09def37a332f8eb40dc9", + "e9c7e9a79618d6ff3274da1abd0ff3ed0ec1ae3b54c3a4fd8d68d98fb04326b7633fc637" + "e0b195228d0edba6bb1468fb", + "04a39ac353ca787982c577aff1e8601ce192aa90fd0de4c0ed627f66a8b6f02ae5131554" + "3f72ffc1c48a7269b25e7c289a9064a507b66b340b6e0e0d5ffaa67dd20e6dafc0ea6a6f" + "aee1635177af256f9108a22e9edf736ab4ae8e96dc207b1fa9", + "b094cb3a5c1440cfab9dc56d0ec2eff00f2110dea203654c70757254aa5912a7e73972e6" + "07459b1f4861e0b08a5cc763", + "ee82c0f90501136eb0dc0e459ad17bf3be1b1c8b8d05c60068a9306a346326ff7344776a" + "95f1f7e2e2cf9477130e735c", + "af10b90f203af23b7500e070536e64629ba19245d6ef39aab57fcdb1b73c4c6bf7070c62" + "63544633d3d358c12a178138" }, + { NID_secp384r1, NID_sha512, + "67d9eb88f289454d61def4764d1573db49b875cfb11e139d7eacc4b7a79d3db3bf720819" + "1b2b2078cbbcc974ec0da1ed5e0c10ec37f6181bf81c0f32972a125df64e3b3e1d838ec7" + "da8dfe0b7fcc911e43159a79c73df5fa252b98790be511d8a732fcbf011aacc7d45d8027" + "d50a347703d613ceda09f650c6104c9459537c8f", + "217afba406d8ab32ee07b0f27eef789fc201d121ffab76c8fbe3c2d352c594909abe591c" + "6f86233992362c9d631baf7c", + "04fb937e4a303617b71b6c1a25f2ac786087328a3e26bdef55e52d46ab5e69e5411bf9fc" + "55f5df9994d2bf82e8f39a153ea97d9075e92fa5bfe67e6ec18e21cc4d11fde59a68aef7" + "2c0e46a28f31a9d60385f41f39da468f4e6c3d3fbac9046765", + "90338a7f6ffce541366ca2987c3b3ca527992d1efcf1dd2723fbd241a24cff19990f2af5" + "fd6419ed2104b4a59b5ae631", + "c269d9c4619aafdf5f4b3100211dddb14693abe25551e04f9499c91152a296d7449c08b3" + "6f87d1e16e8e15fee4a7f5c8", + "77ffed5c61665152d52161dc13ac3fbae5786928a3d736f42d34a9e4d6d4a70a02d5af90" + "fa37a23a318902ae2656c071" }, + { NID_secp384r1, NID_sha512, + "45db86829c363c80160659e3c5c7d7971abb1f6f0d495709bba908d7aa99c9df64b3408a" + "51bd69aba8870e2aaff488ef138f3123cf94391d081f357e21906a4e2f311defe527c55e" + "0231579957c51def507f835cceb466eb2593a509dcbee2f09e0dde6693b2bfe17697c9e8" + "6dd672f5797339cbe9ea8a7c6309b061eca7aef5", + "0a3f45a28a355381a919372f60320d6610cfb69c3e318eb1607db3cadfc42b728b77a6a9" + "e9e333de9183c58933daf60f", + "04832cbb7061a719a316e73dbad348fa67cd17c33f40b9000a3d3b691a2a2cd821052566" + "717c3ead01089b56086af1366f1e15a048d1dce642d9ebcbfac7f92b1bcee90fd0240cc7" + "9abd29e32e0e655c4ee1fd34fb88178bba92aca100e7794ed0", + "2a78e651623ba604c42cf094fc7d046629306f508853427ba091448800d1092c041bb232" + "3035fc9d19a8d44950f7dcc3", + "0db0cc9a2bda8dd7e565ad36f91b1c5756d78164dc8a72a5bee4b6bc45ea38c7a16b01d0" + "5b1893d4e06b62db24c30385", + "abd383edaeda7d0b8de1b54fcd3c28874fed62ab266f1f84c8ba796a7b54e5e0695fdb43" + "ce7fe90ed00fa468d87bca64" }, + { NID_secp384r1, NID_sha512, + "4672fce0721d37c5be166bffa4b30d753bcf104b9b414db994b3ed33f36af4935ea59a0b" + "b92db66448b3f57dad4fc67cef10ce141bf82c536be604b89a0bc0e8bca605b867880049" + "d97142d30538fc543bd9d4fab7fdbe2f703815cdb6361beb66acff764bc275f910d16624" + "45b07b92830db69a5994857f53657ed5ca282648", + "2e408c57921939f0e0fe2e80ce74a4fa4a1b4fa7ab070206298fe894d655be50e2583af9" + "e45544b5d69c73dce8a2c8e7", + "04a2b24a5ad4a2e91f12199ed7699e3f297e27bf8b8ea8fbe7ed28366f3544cd8e680c23" + "8450f8a6422b40829d6647b25c2732be0075536e6519f6a099b975a40f8e0de337fa4d48" + "bd0762b43f41cab8deafdef9cfbb9973e457801e3bf9c93304", + "b10b6258afdde81f9c971cc1526d942e20cafac02f59fee10f98e99b8674636bff1d84a6" + "eaa49c0de8d8cfdc90d8ce84", + "be428a8de89a364a134719141ee8d776a3a8338f1132b07e01b28573d8eaf3b9008b6330" + "4c48821e53638b6141f9660b", + "866181dbef5c147d391bed6adcee408c339982c307adc718c2b9ab9e5642d8dedc36dd64" + "02559a3ab614c99c1e56b529" }, + { NID_secp384r1, NID_sha512, + "9ae48fdd9bfc5cb0f4d4761e28b2073bda05a3e3fe82c212e66701dc4573cc67a829b0f8" + "2d7520b1bf11db0c6d1743822bbe41bb0adbd7222aa5fae70fbd1a31f2d4453a01c81e06" + "4d775388468be96f6063f8673b7b8d4455fe1bd4c801ad5e625a015eaa4a1a18da490d2a" + "f8642201eaba3c611cbd65f861d8e19ca82a1ee6", + "1c285da72a8eb1c3c38faab8d3bb4e68dc95c797082b9a3991a21c1de54759071ecf2265" + "fb1eff504ab24174bc6710cf", + "0411acb1b5cc59a4f1df1913a8d6e91cbdafb8206dc44aff7d9da45906b664fc33194d99" + "35a82aa4d62f39618897c86025832ed0b9575fff52a3603bfe89f312751b4c396da98324" + "117a61b3f525d27b2266f6cfb22be07e50b6874435e380ed62", + "2513075e02cc7fb3cff7b7adde46da31c5493749b5cf02758bd5b098a838bfd4d5e4c7fb" + "8268bdc37e219c30efebe878", + "b3d638b3be45f14f170da5bdc22d2114deac93ab340a25b3af2b5c18584bb9147e00dc6c" + "67a2274f79aa4838793eb63f", + "876112bdca2c725eb2f6dbd76d07710a31f0c16d38430cb0817f320a25a9ecfec8a66137" + "d0304612ae29a6a484fd3319" }, + { NID_secp384r1, NID_sha512, + "817d6a110a8fd0ca7b4d565558f68b59a156744d4c5aac5c6610c95451793de2a756f774" + "558c61d21818d3ebeeeb71d132da1c23a02f4b305eccc5cd46bd21dfc173a8a91098354f" + "10ffbb21bf63d9f4c3feb231c736504549a78fd76d39f3ad35c36178f5c233742d2917d5" + "611d2073124845f1e3615b2ef25199a7a547e882", + "9da37e104938019fbdcf247e3df879a282c45f8fb57e6655e36b47723af42bec3b820f66" + "0436deb3de123a21de0ca37b", + "04722d0ea6891d509b18b85ca56f74deb5c3030d2a30433824123d430d03c99279572c3b" + "28ecf01e747b9db8acc55d0ba37e2605ea7092214f366f3639037bffd89fe103c646e990" + "839d3a1ced8d78edb5b9bc60d834fd8e2a3c17e920bdae023a", + "c8c18e53a9aa5915288c33132bd09323638f7995cd89162073984ed84e72e07a37e18c4c" + "023933eace92c35d10e6b1b6", + "6512a8a2be731e301dcf4803764297862bbfa0ac8daed64d8e98b34618ecb20520fc5d3c" + "f890b7783edf86e7ea407541", + "4ff10301f7b4168fae066361376007c1d7aa89a75c87719d0b54711ffef5ef3726f3eef8" + "4f7ebc025c110bde511b17f6" }, + { NID_secp384r1, NID_sha512, + "464f10ec6fb229a51db5fd0e122f2cb8a9a022117e2987f4007bf5565b2c16aba0714e2e" + "3cdd0c100d55ac3017e36fc7501ad8309ab9572aa65424c9eb2e580a119c55777676ec49" + "8df53ef6ae78fd8a988130ee0e6082bf1ef71cd4c946021018a8ca7154d13b174c638912" + "613b0bdb9001c302bf7e443ad2124ab2c1cce212", + "0661ab3bf9f7bef51bec7dff758de289154557beb9ce18cc4b8cc09a871e8322af259cf1" + "88b593dc62f03a19e75f7f69", + "04b4f100558043858efa728082d9b99ad5192b59b0947434f5ba7ff2514508a6d71ba54e" + "7221c31cb0712103272b3f6fa434f6df4eeb2da11498044635067c2715ed15ae251c78ff" + "b9030d87909ea8539b66394e93109ca54c0406cf99960c3e93", + "84a87137edb6894f96c5a8e94a3765162034feb84dfea94e1c71411170c285a80321ec79" + "99e25861844143209804882c", + "4dc9d1b949b36e3c3847ac1c7ed114e1bc9cbe76119cf6fcd3f1b69ee6ee54e3255f1bb2" + "88fe2f8bd6d4049a21793c27", + "56a561d647b62ccae1e6df818b1a6fbde66c82ef0ff69ee415f183e7daf76be22630c7e0" + "2cd3fd729dfa490f26824584" }, + { NID_secp384r1, NID_sha512, + "4e3e0fb96320ddccde8b463c273654c4f7164920b1d63430921d2e808dee403e6420eedd" + "a0a557b911d00736a4f8798dd4ef26673efd6d190988ad4929ec64f8685cfb76070a36cd" + "6a3a4bf2f54fb08a349d44642b6f614043fef9b2813b63457c76537d23da7b37310334f7" + "ba76edf1999dad86f72aa3446445a65952ac4e50", + "66e7cfdeb7f264cf786e35210f458c32223c3a12a3bc4b63d53a5776bc9b069928452484" + "f6241caa3781fd1a4109d4db", + "043c7682de540ab231daf21bf9fc80bda6abf7e17dcc79d476c7b7c3bd4d42d386877fd8" + "ba495c1b0333e04fb5fd2a15050a1582e4f4d72abea9d3476aff8369c41261f0c5dddf2c" + "a82e10f7a163f73df09473d9e5e2552187104e4cc7c6d83611", + "2fa266f5cce190eb77614933ca6a55121ad8bae168ff7a9043d96d13b5ca2fe70101ff9f" + "e1e2b2cd7413e6aa8f49abde", + "e7ecda9da0c52d0474a9f70094dc8f061d7d6a22210d3b69a7be8f389aa666f256322099" + "b87d16ad35357ea856574dba", + "ba348eb40a2830ec5a1130264ac0a8675420b1ae243e808a778135809ece21f42c0c8811" + "66321102b4f02df4c5c7ed9d" }, + { NID_secp384r1, NID_sha512, + "c466b6b6baf7e6ffa876ec06105e2d43534e0517c07b1c4c9fb67ba81ce09525a7721ec3" + "c290f2b1f65b6463d41598e7a25b2238501629953a5ca955b644354fb6856733a2e5bb8f" + "5bc21a0c803493f5539f9fb83aab3dba2c982989c2270c61ab244b68bfe1b948d00c2ed9" + "75e09c29b5f8a7effcad8652a148cc880d503217", + "92c2f7ee64af86d003ab484e12b82fcf245fc330761057fec5b7af8f7e0a2d85b468c21d" + "171460fcb829cae7b986316d", + "04ca43a306479bf8fb537d4b9ff9d635bbb2a0d60d9e854d5b7e269d09d91f78c6b90b61" + "6e4c931629453645a2bb371e14356c4d7f10e690614eaf7f82ba0f9dc1aad98130c0ad9f" + "e353deec565cc04bef789a0a4242322e0058b46cd02f2de77d", + "6ec81fb74f8725ba225f317264460ee300cfd2f02092000989acbdad4799cf55c244a65c" + "557113328fe20282e6badb55", + "cd7a4309bcebc25a8e10899fe2eda5f8b2dbcf329cd2f3d65befd67393e83fba2f8a67a1" + "5c01a6ac8314f9f5e87a9dca", + "6dcfc0426bc148e67e91d4784e3d7e9bc3b7ce3676be62daa7f3f55dfdff6d9dc735b5e3" + "e0bbd0785db1f76f7ac065f3" }, + { NID_secp384r1, NID_sha512, + "feac892b7720af80b3c9eede51e923f18d3d0c5de4c31f4aa75e36df7c7c2fd8f4177885" + "1a24b69e67dccb65e159dd5c383243bad7cfedcc5e85c8a01c34b0b94ba8e07e4c024c09" + "d279b3731e8b62f9562d3c4f5042567efe42a9d0eaaabab28bc6f11232fc8ceaaf4518d9" + "f3b2bebf020294496b7f6b879e69503f75fecd3d", + "15347caaad1067f1848a676bd0a8c52021ae604b79d02775a0459226e0391a3acd26653c" + "916fcfe86149fb0ee0904476", + "04e5a0463163964d984f5bad0072d45bc2059939e60a826ccca36c151460ae360f5d6679" + "f60fe43e999b6da5841c96e48a30f2dd425a3fa2c95d34124217250b39e3b4a14f3e6e41" + "5ae8e5b0409eb72f43f78b64d0ce6f2d49980d6f04cd1391db", + "1a2d224db4bb9c241ca5cab18920fad615fa25c1db0de0f024cb3ace0d11ef72b0568854" + "46659f67650fdff692517b1c", + "87b4de0fb21df38dfc9a4b1e350da67547e307f55b5b9dd6615e408afe7c3553a6e02722" + "847367439e636074faa2182b", + "375d965753b9ed6c6c08576726f8308c2f8dbd2737824464e71265d47907e26f615bbeb8" + "203ec617520d4ecd1851dc44" }, + { NID_secp384r1, NID_sha512, + "cf2982e3bf174ce547741b969403cd11e9553067e6af8177d89511a0eb040db924530bdb" + "a65d8b1ff714228db0737c1756f509e1506014a10736e65be2f91980a73891496e90ff27" + "14a3601c7565cdcef5a395e2e0e1652f138d90d61eaa9cba993b823245647f6e07cec9b8" + "b4449cd68a29741cd1579c66e548ca0d0acf33aa", + "ac1cb5e59bda2eff3413a3bab80308f9fb32c595283c795de4c17fdae8d4647b5f108fd0" + "801aee22adb7db129283b5aa", + "04bc6b1a718284803553c173089c397870aaaecca579bb8e81a8cfa12473cd2057567fa8" + "726a19ed427cc035baeec2c55114f82997d1129b669f0015350e47ad561b1b13441af4fb" + "44656f15ed0c5706984d66655accc52f2e943eef39cb1cdc21", + "8053a46e875f446056b06d4318fa3e8977622de7207cbf0996bf35b0e9b19aaa507f642b" + "cf0be9f048f1af09806f6946", + "a994eb15b64114ce8a9342d18b5edda96a6d76314a5ac03da723699177d352a4a9f3b712" + "1b11a91e43a6af4025da51d6", + "8183ae33a888e99aa76882da0a6705ad102f2bbd9572fad0d2e4d6d70151970469e00c52" + "20e59c14724d771c1384b302" }, + { NID_secp384r1, NID_sha512, + "bf9fdd4107ef5a6070108771ac9eee4f0c8043bf0d04db772a47294f4137e2439d94b337" + "114b074e57e0cb78d0ccf352a2833e9788ee2a1a9ffeacd34f38fcefb86653d70c7dadd4" + "cf6548d608e70acdef6c7530974b92c813798add659752a8c72b05e1ad9c65c21834ce6f" + "be49d8a1426b5a54270794436d284364fac6ec1a", + "205f1eb3dfacff2bdd8590e43e613b92512d6a415c5951bda7a6c37db3aae39b9b7ec6ed" + "d256609e75373419087fa71f", + "04c9f1f63a18c761b077a1ec35fbb2de635db9b8592c36194a01769b57728c7755d4c79b" + "3d5b97a1a4631e30c86d03f13cf8c4a38770054d5cc9bb9182e6d4638242c4fd16e869ac" + "22e44c4b9402d594e0c6f5df6a9a7de32a4893d9f6588f1950", + "ecd395c5d8b7d6e6b2b19644e0d2e6086c912c6a0f5b8ed4b94b7290b65852c9741ce8ee" + "b08d8751ead8a183e17d76c6", + "e81331d78b438b0b8d98c1be03385ba5d614af182f1677f259126cc3de7eaac6c19b02be" + "955d936b6bf9c27c6796e6f0", + "17c2b7a8e0fc93909762aa9f86f9561e759ecb88f02337b2018363be6095d9e4324a6d32" + "96046686624b5efad6b52878" }, + { NID_secp384r1, NID_sha512, + "5d634fb39a2239256107dc68db19751540b4badac9ecf2fce644724401d6d632b3ae3b2e" + "6d05746b77ddc0c899878032248c263eda08d3d004d35952ad7a9cfe19343d14b37f9f63" + "2245e7b7b5fae3cb31c5231f82b9f1884f2de7578fbf156c430257031ba97bc6579843bc" + "7f59fcb9a6449a4cd942dffa6adb929cf219f0ad", + "e21e3a739e7ded418df5d3e7bc2c4ae8da76266a1fc4c89e5b09923db80a72217f1e9615" + "8031be42914cf3ee725748c1", + "040f753171922b5334f3dd2778a64ce2da8295121939beae71ad85e5344e893be0fd03cf" + "14e1f031adec098e0c4409449c45c10a0ffc0eb2f1cec5c89b698061108313ee7d449ad5" + "80efad344f0e7cf35be8a18fca620f112e57bdc746abdace55", + "d06bea06b25e6c30e866b1eb0657b45673e37b709013fb28fd7373afc8277cbc861354f8" + "21d0bd1927e52ec083a0f41f", + "e8d4a31dd0e7d2522be62a32608e744c3775ceb606dc897899f0c73f1a40ce9a8be854cd" + "506e65cd81fd7fa2c616cb7b", + "8151b681b6b6046d3c36f332d06d9ba7751e740631cdb759f88c50a25a8e950d5023df8a" + "15c77243743733c4feaf21d5" }, + { NID_secp384r1, NID_sha512, + "c9b4ff721b3e886f0dc05856ffff0aabb64a8504b1746a47fdd73e6b7ebc068f06ac7ffa" + "44c757e4de207fc3cbfaf0469d3ac6795d40630bcafe8c658627e4bc6b86fd6a2135afbc" + "18ccc8e6d0e1e86016930ca92edc5aa3fbe2c57de136d0ea5f41642b6a5d0ddeb380f245" + "4d76a16639d663687f2a2e29fb9304243900d26d", + "93434d3c03ec1da8510b74902c3b3e0cb9e8d7dccad37594d28b93e065b468d9af4892a0" + "3763a63eae060c769119c23c", + "04a52c25f2af70e5bc6a992ecef4ea54e831ed5b9453747d28aec5cffb2fcfee05be80c5" + "cbab21606b5507aa23878adee12cf2a9afeff83f3041dc8a05f016ccae58aa1a0e0dc6be" + "9d928e97f2598c9ba5e9718d5eb74c9cfb516fd8c09f55f5b9", + "13d047708ae5228d6e3bbada0e385afdb3b735b31123454fdf40afe3c36efed563fd2cce" + "84dcc45c553b0993d9ca9ec3", + "a0203f6f2c456baac03538ed506a182e57a25151802cf4b2557613b2fb615ebd4c50ddc5" + "05f87c048a45bad3b2fc371c", + "0eab56457c4080400fa3af124761d5a01fef35f9649edba8b97d22116386f3b8b363e97e" + "f3f82616d5d825df1cf865ef" }, + { NID_secp384r1, NID_sha512, + "db2ad659cf21bc9c1f7e6469c5f262b73261d49f7b1755fc137636e8ce0202f929dca446" + "6c422284c10be8f351f36333ebc04b1888cba217c0fec872b2dfc3aa0d544e5e06a9518a" + "8cfe3df5b20fbcb14a9bf218e3bf6a8e024530a17bab50906be34d9f9bba69af0b11d8ed" + "426b9ec75c3bd1f2e5b8756e4a72ff846bc9e498", + "e36339ddbe8787062a9bc4e1540690915dd2a2f11b3fe9ee946e281a0a2cbed426df405e" + "d9cb0eca42f85443efd09e0c", + "04a1ffb4b790d1593e907369b69de10b93cddbb02c6131f787422364d9d692768ef80979" + "70306cce16c97f2b10c538efa7d0692028601ea794d2563ffe9facc7273938fab47dd00b" + "8960be15549a9c2b3f8552583eb4c6cd212fe486c159c79153", + "2226f7329378cecd697f36ae151546643d67760856854661e31d424fae662da910e2157d" + "a9bb6dfbe3622296e0b5710c", + "20dcc25b67dd997621f437f65d78347fb57f8295b1b14453b1128203cda892bcfe726a2f" + "107d30975d63172e56f11d76", + "51cff592cbef75ef8321c8fa1e4229c4298b8180e427bee4e91d1e24fc28a729cf296beb" + "728960d2a58cf26773d8e2e2" }, + { NID_secp384r1, NID_sha512, + "dbd8ddc02771a5ff7359d5216536b2e524a2d0b6ff180fa29a41a8847b6f45f1b1d52344" + "d32aea62a23ea3d8584deaaea38ee92d1314fdb4fbbecdad27ac810f02de0452332939f6" + "44aa9fe526d313cea81b9c3f6a8dbbeafc899d0cdaeb1dca05160a8a039662c4c845a3db" + "b07be2bc8c9150e344103e404411668c48aa7792", + "5da87be7af63fdaf40662bd2ba87597f54d7d52fae4b298308956cddbe5664f1e3c48cc6" + "fd3c99291b0ce7a62a99a855", + "0454c79da7f8faeeee6f3a1fdc664e405d5c0fb3b904715f3a9d89d6fda7eabe6cee86ef" + "82c19fca0d1a29e09c1acfcf18926c17d68778eb066c2078cdb688b17399e54bde5a79ef" + "1852352a58967dff02c17a792d39f95c76d146fdc086fe26b0", + "1b686b45a31b31f6de9ed5362e18a3f8c8feded3d3b251b134835843b7ae8ede57c61dc6" + "1a30993123ac7699de4b6eac", + "9dbfa147375767dde81b014f1e3bf579c44dd22486998a9b6f9e0920e53faa11eed29a4e" + "2356e393afd1f5c1b060a958", + "e4d318391f7cbfe70da78908d42db85225c85f4f2ff413ecad50aad5833abe91bdd5f6d6" + "4b0cd281398eab19452087dd" }, + { NID_secp521r1, NID_sha224, + "58ec2b2ceb80207ff51b17688bd5850f9388ce0b4a4f7316f5af6f52cfc4dde4192b6dbd" + "97b56f93d1e4073517ac6c6140429b5484e266d07127e28b8e613ddf65888cbd5242b2f0" + "eee4d5754eb11f25dfa5c3f87c790de371856c882731a157083a00d8eae29a57884dbbfc" + "d98922c12cf5d73066daabe3bf3f42cfbdb9d853", + "1d7bb864c5b5ecae019296cf9b5c63a166f5f1113942819b1933d889a96d12245777a994" + "28f93de4fc9a18d709bf91889d7f8dddd522b4c364aeae13c983e9fae46", + "0401a7596d38aac7868327ddc1ef5e8178cf052b7ebc512828e8a45955d85bef49494d15" + "278198bbcc5454358c12a2af9a3874e7002e1a2f02fcb36ff3e3b4bc0c69e70184902e51" + "5982bb225b8c84f245e61b327c08e94d41c07d0b4101a963e02fe52f6a9f33e8b1de2394" + "e0cb74c40790b4e489b5500e6804cabed0fe8c192443d4027b", + "141f679033b27ec29219afd8aa123d5e535c227badbe2c86ff6eafa5116e9778000f5385" + "79a80ca4739b1675b8ff8b6245347852aa524fe9aad781f9b672e0bb3ff", + "06b973a638bde22d8c1c0d804d94e40538526093705f92c0c4dac2c72e7db013a9c89ffc" + "5b12a396886305ddf0cbaa7f10cdd4cd8866334c8abfc800e5cca365391", + "0b0a01eca07a3964dd27d9ba6f3750615ea36434979dc73e153cd8ed1dbcde2885ead575" + "7ebcabba117a64fcff9b5085d848f107f0c9ecc83dfa2fa09ada3503028" }, + { NID_secp521r1, NID_sha224, + "2449a53e0581f1b56d1e463b1c1686d33b3491efe1f3cc0443ba05d65694597cc7a2595b" + "da9cae939166eb03cec624a788c9bbab69a39fb6554649131a56b26295683d8ac1aea969" + "040413df405325425146c1e3a138d2f4f772ae2ed917cc36465acd66150058622440d7e7" + "7b3ad621e1c43a3f277da88d850d608079d9b911", + "17e49b8ea8f9d1b7c0378e378a7a42e68e12cf78779ed41dcd29a090ae7e0f883b0d0f2c" + "bc8f0473c0ad6732bea40d371a7f363bc6537d075bd1a4c23e558b0bc73", + "0400156cd2c485012ea5d5aadad724fb87558637de37b34485c4cf7c8cbc3e4f106cb1ef" + "d3e64f0adf99ddb51e3ac991bdd90785172386cdaf2c582cc46d6c99b0fed101edeeda71" + "7554252b9f1e13553d4af028ec9e158dbe12332684fc1676dc731f39138a5d301376505a" + "9ab04d562cc1659b0be9cb2b5e03bad8b412f2699c245b0ba2", + "1dc3e60a788caa5f62cb079f332d7e5c918974643dca3ab3566a599642cd84964fbef43c" + "e94290041fe3d2c8c26104d9c73a57a7d4724613242531083b49e255f33", + "12592c0be6cce18efb2b972cd193d036dcb850f2390fa8b9b86b2f876548bc424fb3bc13" + "c1e5c415fa09d0ecfcae5bf76fb23e8322d7eecb264a2ae6d20ef50d405", + "11bc9713be88e3b9912a3e5f5d7b56f20573e979b1a75d04ce339f724bddffa4665d2599" + "5fe24d32507d8a07c5e10169f5338ef2827737f7b0291752b21237217e3" }, + { NID_secp521r1, NID_sha224, + "7ba05797b5b67e1adfafb7fae20c0c0abe1543c94cee92d5021e1abc57720a6107999c70" + "eacf3d4a79702cd4e6885fa1b7155398ac729d1ed6b45e51fe114c46caf444b20b406ad9" + "cde6b9b2687aa645b46b51ab790b67047219e7290df1a797f35949aaf912a0a8556bb210" + "18e7f70427c0fc018e461755378b981d0d9df3a9", + "135ea346852f837d10c1b2dfb8012ae8215801a7e85d4446dadd993c68d1e9206e1d8651" + "b7ed763b95f707a52410eeef4f21ae9429828289eaea1fd9caadf826ace", + "04018d40cc4573892b3e467d314c39c95615ee0510e3e4dbc9fa28f6cd1f73e7acde15ad" + "7c8c5339df9a7774f8155130e7d1f8de9139ddd6dfe1841c1e64c38ea98243017021782d" + "33dc513716c83afe7ba5e7abef9cb25b31f483661115b8d6b5ae469aaf6f3d54baa3b658" + "a9af9b6249fd4d5ea7a07cb8b600f1df72b81dac614cfc384a", + "0c24acc1edb3777212e5b0bac744eadf4eda11fa150753b355bf96b189e6f57fc02284bb" + "22d8b3cd8bba7a09aae9f4ea955b382063425a6f8da2f99b9647b147172", + "183da7b8a9f9d5f08903359c1a2435b085fcf26a2ed09ab71357bb7634054acc569535e6" + "fe81d28233e4703005fc4bf83ce794d9463d575795aa0f03398e854cefd", + "0b3621145b9866ab7809139795cc30cd0404127a7f0fafa793660491009f6c53724fdb0b" + "1ffbf0fd51c131180b8a957fe66e76d2970247c024261c768dee9abbfb9" }, + { NID_secp521r1, NID_sha224, + "716dabdb22a1c854ec60420249905a1d7ca68dd573efaff7542e76f0eae54a1828db69a3" + "9a1206cd05e10e681f24881b131e042ed9e19f5995c253840e937b809dfb8027fed71d54" + "1860f318691c13a2eb514daa5889410f256305f3b5b47cc16f7a7dad6359589b5f4568de" + "4c4aae2357a8ea5e0ebaa5b89063eb3aa44eb952", + "1393cb1ee9bfd7f7b9c057ecc66b43e807e12515f66ed7e9c9210ba1514693965988e567" + "fbad7c3f17231aacee0e9b9a4b1940504b1cd4fd5edfaa62ba4e3e476fc", + "0401e855c935139c8092092cfa733db1292530506eeb2bbb1687f9602c36d97a6714e998" + "892d5d3b842d1896a6ece9d549e9792881a256256137b3dff180c96cc5d07b018d83b6e9" + "3cd287311f7bf7c1d7f9eeabcf0b69c12f2d8f40e333e81e956d968532a37a4c04d76187" + "4df293b484cd7053b03fdbc2fdcd3b4c412d6f272fb7c93fe6", + "1d98619bdc04735d30c222fc67da82c069aea5f449af5e8c4db10c1786c0cb9e6f2cc0bb" + "66fa6be18c485570d648dafcd0a973c43d5c94e9a9dacbd3170e53fa2a0", + "0bf47fabe107ce0ec03e2ad60a79b058e1bebb18568b6a8cdbe86032e71aa30c15766105" + "b2ea952cfa79bcab046df601159f96e179bbcf252dc68ac73d31481fdae", + "1f918fec69cd07d90f9d892b7117e7519c3224947f4262f1fd97077dd5386a6c78aeddff" + "3ee97e59ea353f06029f1336f0d6ef5c0f4b17ca59343a55319b7bfc3db" }, + { NID_secp521r1, NID_sha224, + "9cc9c2f131fe3ac7ea91ae6d832c7788cbbf34f68e839269c336ceef7bef6f20c0a62ea8" + "cc340a333a3002145d07eba4cf4026a0c4b26b0217a0046701de92d573d7c87a386a1ea6" + "8dc80525b7dcc9be41b451ad9f3d16819e2a0a0b5a0c56736da3709e64761f97cae2399d" + "e2a4022dc4c3d73c7a1735c36dbde86c4bc5b6f7", + "179fa164e051c5851e8a37d82c181e809a05fea9a3f083299b22684f59aa27e40dc5a33b" + "3f7949338764d46bfe1f355134750518b856d98d9167ef07aac3092c549", + "0401857cc7bbed20e87b3fd9a104956aa20c6502192910e0e7598410526ebfe1c99397b8" + "5189612a60c51fb8f4dd5cb08a8cd2e702563062dcb043410715c5323a004601fce8d135" + "284310d2f38c216030634b32cd223222f0d9d8d2b7c55477c4b8b74fc6c96a6092f34b05" + "ca44d3633a5037c2166c479a032bb4f949f89fc1ba5236d07d", + "16d9704c0cee791f2938bb2a8a595752a3635c2f557efeecefd719414b5f2aaf846080f5" + "82c76eae7a8fddf81859b49d0131c212524d55defa67dca1a9a28ca400f", + "1c9a4e51774384e8362876a87c572e6463a54413c7c6252c552ebb182f83e45ace436ade" + "4ca373d8a7216e83efb62c8b41c4d5132a0afa65078f16d189baca39187", + "1e92a7dd5fea29a666398e1df5775cbb5664fe6943fe4c1d2bba516b7543c84df584458e" + "53919c4ffab579a26fb3c892a5d1a77b0a07428c89350f8b559e627b014" }, + { NID_secp521r1, NID_sha224, + "14c69f8d660f7a6b37b13a6d9788eff16311b67598ab8368039ea1d9146e54f55a83b3d1" + "3d7ac9652135933c68fafd993a582253be0deea282d86046c2fb6fd3a7b2c80874ced28d" + "8bed791bd4134c796bb7baf195bdd0dc6fa03fdb7f98755ca063fb1349e56fd0375cf947" + "74df4203b34495404ebb86f1c7875b85174c574c", + "13dabca37130ba278eae2b3d106b5407711b0d3b437fbf1c952f0773571570764d2c7cb8" + "896a8815f3f1975b21adc6697898e5c0a4242092fc1b80db819a4702df4", + "0400bc2aebf40cd435bc37d73c09d05f2fd71321111a767c2b0d446f90dd4a186839c694" + "ceb734e027e7ee948f0f63e4d3f1656d3d543df23c342a599306909b34710901f4c98ac0" + "3f0718e58d5d1762c920445b11dbdd60ec7f60095809204e14965a4ecb0be6fea06adbac" + "8ba431d6f144c75c199225df2a619a34be99897125b3a10af8", + "0401187c8b89945a1e48cda9ee52167789f4121e67482a7ac797899f5d3d2e623aed31e4" + "adae08a8d43e69028fa074d2650317cbc765f6ed191cf0317b4bae57881", + "1e572afed754016fba43fc33e352932c4db65efcb84e2bd159b40fc5925893b161effc40" + "240be28d8c07154d2615f605c6f0451b976522d95afd37f46602df7a12a", + "030370c1c5352c2b663ac1858b42f69545b2f58ed5b2c007f303726977d3c756b5d644ec" + "6788f94c886f78269aa190a3d8d1ae10e4fd24d937c4556fb9e1953fd6d" }, + { NID_secp521r1, NID_sha224, + "8d8e75df200c177dbfe61be61567b82177ea5ec58e2781168d2277d2fd42668f01248ca3" + "eb29ffa2689b12ae40f9c429532b6d2e1f15891322b825a0a072a1c68fa09e78cfdef3e9" + "5ed6fdf7233a43cb68236560d49a3278f0b3f47cb08f475bd9ab2f60755ea4a1767de931" + "3b71a1b9ea87ef33f34682efbda263b0f8cc2f52", + "198681adbde7840d7ccd9cf1fb82056433fb4dd26bddf909af7b3b99da1ca2c05c8d4560" + "ecd80ba68f376f8b487897e374e99a9288ed7e3645cc0d00a478aae8d16", + "040057ce3777af7032f1f82308682e71fe09f88bf29dacd5018a725e1caa4b1e2bfdd894" + "fe618f9266f31ba089856dc9c1b70e4a2faa08b4b744d1aafcd5ae99e2c7360199bcfef2" + "021bc5890d7d39ec5dc0c26956801e84cae742cf6c50386eb289b6e97754dd25a94abf81" + "f1cb1b36935b5eb29f4b32a6516d2ff6a7d23064a0daec94b3", + "19d2d74ad8ee2d85048f386998a71899ef6c960b4ab324e5fd1c0a076c5a632fd0009500" + "076522e052c5c9806eef7056da48df6b16eb71cdf0f1838b0e21715fce0", + "18ecacbcffd5414bbb96728e5f2d4c90178e27733d13617e134ec788022db124374bbaa1" + "1e2c77fe3f38d1af6e998e1b0266b77380984c423e80ffa6ff2bcafd57a", + "1c727f34b6a378f3087721a54e9796499b597ecf6666b8f18312d67e1190a8a66e878efc" + "2367b551267494e0245979ef4deed6d2cbf2c3711af6d82ccfeb101a377" }, + { NID_secp521r1, NID_sha224, + "10631c3d438870f311c905e569a58e56d20a2a560e857f0f9bac2bb7233ec40c79de1452" + "94da0937e6b5e5c34fff4e6270823e5c8553c07d4adf25f614845b2eac731c5773ebbd71" + "6ab45698d156d043859945de57473389954d223522fbafecf560b07ef9ba861bcc1df9a7" + "a89cdd6debf4cd9bf2cf28c193393569ccbd0398", + "08c4c0fd9696d86e99a6c1c32349a89a0b0c8384f2829d1281730d4e9af1df1ad5a0bcfc" + "cc6a03a703b210defd5d49a6fb82536f88b885776f0f7861c6fc010ef37", + "040164ac88ed9afe137f648dd89cdd9956682830cac5f7c1a06d19a1b19f82bb1d22dfee" + "fea30d35c11202fed93fd5ce64835d27c6564d6e181287fa04a2d20994986b005cb83669" + "265f5380ccefe6b4f85fdf0049e6703f6f378a0b2e52ed0fbbcf300afebb722f4ed48e38" + "19cb976c1d60e2ba05646b478f6dfecfbae730e9644c297f00", + "189801432cba9bf8c0763d43b6ec3b8636e62324587a4e27905b09a58e4aa66d07d096db" + "ce87824e837be1c243dd741f983c535a5dd2f077aac8beee9918258d3cb", + "0917723f7241e8dc7cd746b699ab621d068dd3a90e906aaf0a4862744b96fd4e5ccdb9c7" + "796c27f7196e693d06ec209464c3ea60ad6313e9b77cceaa14767e6651c", + "0957b0ecdc3668f6efa5d0957615bcfffd6419c5e57579b74f960f65ae3fb9e8284322ff" + "710b066f7e0959ac926d3cf9a594bdb70bbec756c96910b26a2486dee9e" }, + { NID_secp521r1, NID_sha224, + "80aad6d696cbe654faa0d0a24d2f50d46e4f00a1b488ea1a98ed06c44d1d0c568beb4ab3" + "674fc2b1d2d3da1053f28940e89ba1244899e8515cabdd66e99a77df31e90d93e37a8a24" + "0e803a998209988fc829e239150da058a300489e33bf3dcdaf7d06069e74569fee77f4e3" + "875d0a713ccd2b7e9d7be62b34b6e375e84209ef", + "1466d14f8fbe25544b209c5e6a000b771ef107867e28ed489a42015119d1aa64bff51d6b" + "7a0ac88673bbc3618c917561cff4a41cdb7c2833dab5ebb9d0ddf2ca256", + "0401dc8b71d55700573a26af6698b92b66180cf43e153edadb720780321dbb4e71d28e0a" + "488e4201d207fc4848fe9dd10dcabec44492656a3ff7a665fe932445c82d0b01920b1633" + "1b7abeb3db883a31288ef66f80b7728b008b3cc33e03a68f68d9e653a86e3177bbc00014" + "fa5ea4c1608c0d455c2e2ac7bd8ab8519ebf19955edf1baf8d", + "160d04420e0d31b0df476f83393b1f9aff68389cc3299e42ef348d97646f7531a722b66d" + "dfb9501bbb5c4a41d84c78be7233b11489bceb817d23060e6017433fab8", + "08077aabd0a342f03f912007c586cfedfc63f93d1118f720d5b62b3ce141a60f86f111df" + "d8fc2e31a6778981f1a5e28f29a7369bd7897bb41240c8d3a9c170e0ee0", + "00abc75fc154b93840579457820957e89d1260fee0a4b9bb1946f61ca1e71afd76bb5e10" + "77b3e38ceb39d1fac5ef8b217c4110617b3ad118e02b3fcc2a39ef38613" }, + { NID_secp521r1, NID_sha224, + "8a7792a2870d2dd341cd9c4a2a9ec2da753dcb0f692b70b64cef2e22071389c70b3b188d" + "ea5f409fb435cbd09082f59de6bc2ff9e65f91b7acc51e6e7f8e513148cb3c7c4664f227" + "d5c704626b0fda447aa87b9d47cd99789b88628eb642ed250312de5ba6b25f3d5342a3cb" + "b7ebd69b0044ee2b4c9ba5e3f5195afb6bea823d", + "01a99fcf54c9b85010f20dc4e48199266c70767e18b2c618044542cd0e23733817776a1a" + "45dbd74a8e8244a313d96c779f723013cd88886cb7a08ef7ee8fdd862e7", + "0401912d33b01d51e2f777bdbd1ada23f2b1a9faf2be2f2a3b152547db9b149b697dd718" + "24ca96547462e347bc4ef9530e7466318c25338c7e04323b1ba5fd25ea716200bbe9b1e3" + "a84accd69b76b253f556c63e3f374e3de0d1f5e3600fc19215533b2e40d6b32c3af33314" + "d223ea2366a51d1a337af858f69326389276f91be5c466e649", + "14fafd60cb026f50c23481867772411bb426ec6b97054e025b35db74fe8ea8f74faa2d36" + "e7d40b4652d1f61794878510b49b7b4fe4349afccd24fc45fec2fd9e9e7", + "18b1df1b6d7030a23a154cacce4a2e3761cc6251ff8bf6c9f6c89d0a15123baef9b338ad" + "a59728349ce685c03109fcde512ed01a40afd2ca34e1bc02ecf2871d45c", + "0a399f9b9e21aeddf450429fec2dc5749e4a4c7e4f94cee736004dcc089c47635da22845" + "992cd076a4f0a01d2cc1b0af6e17b81a802361699b862157ad6cad8bd1d" }, + { NID_secp521r1, NID_sha224, + "f971bcd396efb8392207b5ca72ac62649b47732fba8feaa8e84f7fb36b3edb5d7b5333fb" + "fa39a4f882cb42fe57cd1ace43d06aaad33d0603741a18bc261caa14f29ead389f7c2053" + "6d406e9d39c34079812ba26b39baedf5feb1ef1f79990496dd019c87e38c38c486ec1c25" + "1da2a8a9a57854b80fcd513285e8dee8c43a9890", + "1b6015d898611fbaf0b66a344fa18d1d488564352bf1c2da40f52cd997952f8ccb436b69" + "3851f9ccb69c519d8a033cf27035c27233324f10e9969a3b384e1c1dc73", + "040110c6177ceb44b0aec814063f297c0c890671220413dbd900e4f037a67d87583eaf4b" + "6a9a1d2092472c17641362313c6a96f19829bb982e76e3a993932b848c7a9700f6e566c4" + "e49b2ee70a900dc53295640f3a4a66732df80b29f497f4ae2fa61d0949f7f4b12556967b" + "b92201a4f5d1384d741120c95b617b99c47a61e11c93a482d6", + "1a88667b9bdfe72fb87a6999a59b8b139e18ef9273261549bc394d884db5aa64a0bc7c7d" + "38a8ef17333478d2119d826e2540560d65f52b9a6dc91be1340cfd8f8f8", + "015f73def52ea47ddb03e0a5d154999642202e06e6734ac930c1dc84756c67bbb1cca9f2" + "1f92d61bfdb2052c5dd2833349610f68139393d77250a7662ef7bd17cbe", + "155c744a729f83b27d1f325a91e63a0d564fe96ff91eaa1bad3bff17d2abffa065d14a1d" + "20a04dd993f6ed3260b60bcc6401e31f6bc75aaafe03e8c1a9cd14d2708" }, + { NID_secp521r1, NID_sha224, + "ec0d468447222506b4ead04ea1a17e2aa96eeb3e5f066367975dbaea426104f2111c45e2" + "06752896e5fa7594d74ed184493598783cb8079e0e915b638d5c317fa978d9011b44a76b" + "28d752462adf305bde321431f7f34b017c9a35bae8786755a62e746480fa3524d398a6ff" + "5fdc6cec54c07221cce61e46fd0a1af932fa8a33", + "05e0d47bf37f83bcc9cd834245c42420b68751ac552f8a4aae8c24b6064ae3d33508ecd2" + "c17ec391558ec79c8440117ad80e5e22770dac7f2017b755255000c853c", + "0401a6effc96a7f23a44bf9988f64e5cfafdae23fa14e4bee530af35d7a4ddf6b80dcd0d" + "937be9dd2db3adcda2f5216fecbce867ee67e7e3773082f255156e31358c2f01e7760190" + "dfbe07ec2df87067597087de262c1e0a12355456faba91b2e7277050d73b924e14c0e93b" + "8457a8b3e1f4207ce6e754274f88ad75c000d1b2977edc9c1a", + "18afea9a6a408db1e7a7bb1437a3d276f231eacfc57678bfa229d78681cbe4e800e60653" + "32a3128db65d3aa446bb35b517dca26b02e106e1311881a95b0302d15e8", + "01c49b3c1d21f1678bdbe1ac12167e95e06617190bdee1a729c1c649210da19e2e210f66" + "89e1310513bfe2ac6c0f4ee5f324f344b31b18df341eaadb826d07adc9b", + "129d4931ba457443012f6ffecd002f2abc3a4b65a58fee8457917ebcf24b29a1d3055b7f" + "c62939a74ebb0c3582172ee7c3c75e0b2fa2367c6e04df63a7a91d593ad" }, + { NID_secp521r1, NID_sha224, + "d891da97d2b612fa6483ee7870e0f10fc12a89f9e33d636f587f72e0049f5888782ccde3" + "ea737e2abca41492bac291e20de5b84157a43c5ea900aef761006a4471072ab6ae6d515f" + "fe227695d3ff2341355b8398f72a723ae947f9618237c4b6642a36974860b452c0c62026" + "88bc0814710cbbff4b8e0d1395e8671ae67ada01", + "1804ab8f90ff518b58019a0b30c9ed8e00326d42671b71b067e6f815ac6752fa35016bd3" + "3455ab51ad4550424034419db8314a91362c28e29a80fbd193670f56ace", + "0400a79529d23a832412825c3c2ad5f121c436af0f29990347ecfa586ce2e57fd3c7e062" + "4d8db1f099c53473dbc2578f85416ad2ac958a162051014fb96bf07f9e1d17017c0750f2" + "6df0c621d2d243c6c99f195f0086947b1bf0f43731555f5d677e2d4a082fb5fe8da87e15" + "92a5fa31777da3299cede5a6f756edf81c85b77853388bb3ab", + "042d7c36fec0415bc875deb0fab0c64548554062e618aee3aa6670ffd68ab579fe620d3a" + "9316357267fd3111c0ed567dca663acd94b646d2ba0771953cd9690ef42", + "0d01dfbef126febbdfa03ef43603fd73bc7d2296dce052216e965fed7bb8cbbc24142bfc" + "ddb60c2e0bef185833a225daa0c91a2d9665176d4ad9986da785f4bfcf0", + "16627e2614dbcd371693c10bbf579c90c31a46c8d88adf59912c0c529047b053a7c77151" + "42f64dcf5945dbc69ff5b706c4b0f5448d04dd1f0b5a4c3765148bf253d" }, + { NID_secp521r1, NID_sha224, + "924e4afc979d1fd1ec8ab17e02b69964a1f025882611d9ba57c772175926944e42c68422" + "d15f9326285538a348f9301e593e02c35a9817b160c05e21003d202473db69df695191be" + "22db05615561951867f8425f88c29ba8997a41a2f96b5cee791307369671543373ea91d5" + "ed9d6a34794d33305db8975b061864e6b0fe775f", + "0159bff3a4e42b133e20148950452d99681de6649a56b904ee3358d6dd01fb6c76ea0534" + "5cb9ea216e5f5db9ecec201880bdff0ed02ac28a6891c164036c538b8a8", + "04012d7f260e570cf548743d0557077139d65245c7b854ca58c85920ac2b290f2abfeccd" + "3bb4217ee4a29b92513ddce3b5cbf7488fb65180bb74aeb7575f8682337ef50175601862" + "30c7e8bff0bffce1272afcd37534f317b453b40716436a44e4731a3ec90a8f17c53357bc" + "54e6ff22fc5b4ca892321aa7891252d140ece88e25258b63d5", + "14b8a30f988cefdc0edec59537264edb0b697d8c4f9e8507cf72bc01c761304bd2019da1" + "d67e577b84c1c43dd034b7569f16635a771542b0399737025b8d817e1c3", + "0fc50939ebca4f4daa83e7eaf6907cb08f330c01d6ea497b86becda43dfcad47cb5c48f5" + "eb2cc924228628070bcd144088c449a7873242ba86badf796097dbecd6d", + "0ccb6463c4301ba5c043e47ed508d57dd908fd0d533af89fd3b11e76343a1cf2954ce90b" + "0eb18cbc36acd6d76b3906612d8a0feec6ebed13d88650ed9c708b28a11" }, + { NID_secp521r1, NID_sha224, + "c64319c8aa1c1ae676630045ae488aedebca19d753704182c4bf3b306b75db98e9be4382" + "34233c2f14e3b97c2f55236950629885ac1e0bd015db0f912913ffb6f1361c4cc25c3cd4" + "34583b0f7a5a9e1a549aa523614268037973b65eb59c0c16a19a49bfaa13d507b29d5c7a" + "146cd8da2917665100ac9de2d75fa48cb708ac79", + "17418dfc0fc3d38f02aa06b7df6afa9e0d08540fc40da2b459c727cff052eb0827bdb3d5" + "3f61eb3033eb083c224086e48e3eea7e85e31428ffe517328e253f166ad", + "04000188366b9419a900ab0ed9633426d51e25e8dc03f4f0e7549904243981ec469c8d6d" + "938f6714ee620e63bb0ec536376a73d24d40e58ad9eb44d1e6063f2eb4c51d009889b920" + "3d52b9243fd515294a674afd6b81df4637ffdddc43a7414741eda78d8aa862c9cbbb618a" + "cec55bb9a29aac59616fc804a52a97a9fc4d03254f4469effe", + "1211c8824dcbfa0e1e15a04779c9068aed2431daeac298260795e6a80401f11f6d52d36b" + "cee3cfa36627989c49d11475163aa201d2cd4c5394144a6bb500bbaf02b", + "1d59401b8ac438855d545a699991142685077a409de2418c7ccfe01a4771b3870e76287a" + "9654c209b58a12b0f51e8dc568e33140a6b630324f7ef17caa64bf4c139", + "143af360b7971095b3b50679a13cd49217189eaee4713f4201720175216573c68f7ac6f6" + "88bfe6eb940a2d971809bf36c0a77decc553b025ed41935a3898685183b" }, + { NID_secp521r1, NID_sha256, + "8ab8176b16278db54f84328ae0b75ef8f0cd18afdf40c04ad0927ed0f6d9e47470396c8e" + "87cde7a9be2ffbfe6c9658c88b7de4d582111119c433b2e4a504493f0a1166e3a3ea0d7b" + "93358f4a297d63f65a5e752f94e2ee7f49ebcc742fa3eb03a617d00c574245b77a200338" + "54d82964b2949e2247637239ab00baf4d170d97c", + "1e8c05996b85e6f3f875712a09c1b40672b5e7a78d5852de01585c5fb990bf3812c32455" + "34a714389ae9014d677a449efd658254e610da8e6cad33414b9d33e0d7a", + "04007d042ca19408524e68b981f1419351e3b84736c77fe58fee7d11317df2e850d960c7" + "dd10d10ba714c8a609d163502b79d682e8bbecd4f52591d2748533e45a867a0197ac6416" + "111ccf987d290459ebc8ad9ec56e49059c992155539a36a626631f4a2d89164b985154f2" + "dddc0281ee5b5178271f3a76a0914c3fcd1f97be8e8376efb3", + "0dc8daaacddb8fd2ff5c34a5ce183a42261ad3c64dbfc095e58924364dc47ea1c05e2599" + "aae917c2c95f47d6bb37da008af9f55730ddbe4d8ded24f9e8daa46db6a", + "09dd1f2a716843eedec7a6645ac834d4336e7b18e35701f06cae9d6b290d41491424735f" + "3b57e829ad5de055eaeef1778f051c1ee152bf2131a081e53df2a567a8a", + "02148e8428d70a72bc9fa986c38c2c97deda0420f222f9dc99d32c0acba699dc7ba0a2b7" + "9ce5999ff61bd0b233c744a893bc105bca5c235423e531612da65d72e62" }, + { NID_secp521r1, NID_sha256, + "c4bc2cec829036469e55acdd277745034e4e3cc4fcd2f50ec8bd89055c19795a1e051ccf" + "9aa178e12f9beab6a016a7257e391faa536eaa5c969396d4e1ade36795a82ebc709d9422" + "de8497e5b68e7292538d4ccdc6dd66d27a3ece6a2844962b77db073df9489c9710585ba0" + "3d53fa430dbc6626dc03b61d53fc180b9af5dea6", + "0b65bf33b2f27d52cbfabcadce741e691bf4762089afd37964de1a0deda98331bf8c7402" + "0a14b52d44d26e2f6fa7bcddbe83be7db17a0c8a1b376469cf92c6da27c", + "04010038bb9a7aea626de68c14c64243150e72c69e2f8a1ab922bfbdaa6f33d24fb4542c" + "0324357b0dd640bbcd07632ecd253f64ca2bfbfbf3de9b24fffd0568ab82da00faf867d9" + "5308cc36d6f46844a0f535dc70f9768eed011a2464d2f308fa1d8e72c3616aec7e705169" + "08183ffce7fdd36984a15f73efaa3858c2edf16a784d40e6c2", + "14aeb96c57d99677a1f5e4588064215e7e9af4027bfb8f31ff6126dbf341b8e6f719465e" + "4273e91ba32670feca802549808322b7ee108bb20653cf20f93284d365f", + "075ead62edf7d86c5d1bc2443d1aeb5dc034fd999e6ea012cef7499d9d050cd97d262095" + "884e9fc89a42e15bd3dee80fe3c1ba10f4caabc4aabb86347023028b663", + "129a992a6ff66d41948d11fa680f732b1a74315b804c982805190ed9d2fae223f2b14998" + "0b9241998cdea0c5672595a8a49d5186a0ef7a46c0a376f925bdda81726" }, + { NID_secp521r1, NID_sha256, + "1c1b641d0511a0625a4b33e7639d7a057e27f3a7f818e67f593286c8a4c827bb1f3e4f39" + "9027e57f18a45403a310c785b50e5a03517c72b45ef8c242a57b162debf2e80c1cf6c7b9" + "0237aede5f4ab1fcaf8187be3beb524c223cc0ceff24429eb181a5eea364a748c7132148" + "80d976c2cd497fd65ab3854ad0d6c2c1913d3a06", + "02c4e660609e99becd61c14d043e8b419a663010cc1d8f9469897d7d0a4f076a619a7214" + "a2a9d07957b028f7d8539ba7430d0b9a7de08beeeae8452d7bb0eac669d", + "0400fb3868238ca840dbb36ecc6cf04f5f773ea0ab8e8b0fdcf779dc4039a8d7146a4175" + "04e953c0cb5e7f4e599cc2c168deda8b7f16084b5582f89f2ece4cae5167f701f90b5c15" + "eeda48e747cf3ee8183166a49dbfac6161cbd09d29d40a6854f4c495e88a435892a920cd" + "aad20d41985890b648badd4f0a858ffcbd9afdfc23134ede18", + "1f875bbf882cd6dd034a87916c7b3ba54b41b2ea2ce84ebaf4e393fcf7291fee09dec2b5" + "bb8b6490997c9e62f077c34f0947fe14cec99b906dd6bf0b5d301e75ca1", + "07aa70425697736b298233249f5d0cf25c99e640c9ff88035ef1804820e1bfe7d043755f" + "02d7a079494f7fa6dc26740c4e6b7b430c63f29c67bbd3a5c88d2f0e8d1", + "0e0d42e4ff11cf5be37a9fda348514d5097a662f214687cbfb28ff42d635b13029871ca4" + "f464bb1fbce02d5da4d5fb61b2a071844259fc863d136197bec3a61e7c7" }, + { NID_secp521r1, NID_sha256, + "adb5f069b2b501a3ebb83d4f1808eb07710ac4a7b12532996855a20bcc54b2f76812915f" + "632163c3654ff13d187d007152617cf859200194b59c5e81fc6cc9eb1ceb75d654050f26" + "0caa79c265254089270ccd02607fdcf3246119738c496dc3a4bd5d3be15789fc3d29a08d" + "6d921febe2f40aef286d5d4330b07198c7f4588e", + "17c3522007a90357ff0bda7d3a36e66df88ca9721fb80e8f63f50255d47ee819068d018f" + "14c6dd7c6ad176f69a4500e6f63caf5cf780531004f85009c69b9c1230c", + "04013a4bea0eed80c66ea973a9d3d4a90b6abbb5dee57d8affaf93390a8783a20982eba6" + "44d2e2809f66530adeeee7f9a1da7515447e9ba118999f76f170c375f621f7012f9dfaee" + "40a75d8442b39b37a5c19ea124b464236e9b9a31bae6780cfd50f7ea4a700154b5ea0fee" + "b64e9b35a1b0e33e46900cca1f34d13bb17e5017769841af27", + "18388a49caeda35859ef02702c1fd45ff26991998bd9d5e189c12c36cdae3f642ddd4a79" + "561bd1d3e1cd9359de8f5c9e1604a312d207a27b08a6033f2741794ced5", + "15c6264795837dfea19f91876455f564f073c5c84a3c9d76e67872ae0447ba0d4850d872" + "1302b25bec7ebfedd2721de140b2f3dead547042b24b0876117e7093cc1", + "060eb74236c189a28ed20bd0822eb22d75f7d97c9043a3c8e3f6d4c90bc8ca02ac4d37c1" + "171c799a1c7dfd2fcbf83406b5e48c051e0fbf0fd937bfe6c3db4e18154" }, + { NID_secp521r1, NID_sha256, + "f253484d121d1ce8a88def6a3e9e78c47f4025ead6f73285bf90647102645b0c32d4d867" + "42a50b8b7a42d5f6156a6faf588212b7dc72c3ffd13973bdba732b554d8bffc57d04f816" + "7aef21ee941ee6ffb6cce0f49445bd707da8deb35dca650aaf761c3aa66a5ebccddd15ae" + "e21293f63061a7f4bfc3787c2cd62c806a1a9985", + "0c4dad55871d3bd65b016d143ddd7a195cc868b3048c8bbcb1435622036bdb5e0dec7178" + "ca0138c610238e0365968f6ddd191bbfacc91948088044d9966f652ff25", + "040014858a3b9bd426b678fdcf93fc53d17e7a9e8fe022442aaaba65399d12fd3a6a3819" + "58fb0f07ac6088f4e490506ec0f1ab4d0dbd461126f7eb46ff69cfa8bd88af018c18ce29" + "ecc6d79d26a2de0cd31c4b32e84b5e90f6ba748f86c5afbd89618aceb9079460cbd1a826" + "1ed5476973e61bf1d17ea78b022387443800c9247d21dde550", + "05577108f4187a173e5c29e927a8fc8f5ffd37e184254a6e381ff1018955aec91a35f300" + "85e8cee6a7555c10f9efdce26d62f2b4b52dfdbaeafc3a30983e2d50d5b", + "0344375ae7c804cbe32ced7a20976efae5d9c19eb88b6e24514d1d0cfb728b0f4601098b" + "18b2e98f42b5222dd5237d4d87767007bf5acb185c5526d72047e2cb1a1", + "02de4cfa908c73c1102d6fb7062baf54a056a9517701e036c9c51e09899d60051612d593" + "48945f845dffebec5aa395b2fac7229929033615788777306ccad96d0a3" }, + { NID_secp521r1, NID_sha256, + "33bab1c369c495db1610965bc0b0546a216e8dd00cd0e602a605d40bc8812bbf1ffa6714" + "3f896c436b8f7cf0bed308054f1e1ff77f4d0a13c1e831efbd0e2fcfb3eadab9f755f070" + "ba9aeaceb0a5110f2f8b0c1f7b1aa96a7f2d038a1b72e26400819b1f73d925ea4e34d6ac" + "af59d0a461a34ce5d65c9c937a80e844e323a16d", + "03d4749fadcc2008f098de70545a669133c548ce0e32eec1276ff531bcff535331445557" + "28ad8906d17f091cc0514571691107350b6561858e90dbe19633aaf31bf", + "04010fe5986b65f6e65d13c88c4d2aed781a91026904f82129d46779bdadaf6b733c845a" + "934e941ab4a285efdea9c96ecc9dc784d87e4d937b42c337b3a9cb111a96000077853768" + "a2a4d6f596f57414e57ec60b76d3cd5ece8351cd1f335ebcb8801a3d91fb82c65caaeb5c" + "31eea9918367bb5906863ff3ccaf7a6cee415e0d75c15ac2e0", + "1fbb4de337b09e935a6dc6215ffcfcb85d236cc490585e73251a8b8bac37cfa36c5d1df5" + "f4536d33659be1e7a442529a783452f7efda74a4f661b6a127f9248aaf7", + "09d8f10eeff6178594c89d6e8184f9502117384813243ddf9ccf3c8eac5dc6502c472dfc" + "1487a5caffc569f7dedd14a8ebcb310e9bacdb79fb6655aba026cdf87f2", + "0f74236c7915d638708d17c9f10e39dda358faf9bbb821d8dcda0d151aac143bfb165ad0" + "a23a65cd3de532e32cad928728f5ae1c16f58fc16577f3ca8e36f9e708b" }, + { NID_secp521r1, NID_sha256, + "08c8b7faaac8e1154042d162dca1df0f66e0001b3c5ecf49b6a4334ce4e8a754a1a8e4da" + "f8ec09cf1e521c96547aed5172ef852e82c03cddd851a9f992183ac5199594f288dbcc53" + "a9bb6128561ff3236a7b4b0dce8eaf7d45e64e782955ee1b690ce6a73ece47dc4409b690" + "de6b7928cbe60c42fc6a5ddf1d729faf1cc3885e", + "096a77b591bba65023ba92f8a51029725b555caf6eff129879d28f6400e760439d6e69ce" + "662f6f1aecf3869f7b6057b530a3c6ff8ed9e86d5944f583ee0b3fbb570", + "0400fdf6aed933dba73913142ef8bdcd4b760db8500831cd11d7707ab852a6372c05d112" + "a1e7fbc7b514c42142c7370d9f4129493cd75cc6f2daf83747078f15229db600ef91dffb" + "3c43080a59534b95ca585ee87f6145f6a0199b2b82c89f456d8bd8e6ac71c78039c08177" + "184484eb2ebd372f189db3a58fab961a75a18afec1ee32764a", + "13aa7b0471317a2a139c2f90df1c40d75e5a8a830fbaf87030fffdb2ef6f2c93d1310c9e" + "d7fe9d7bcd4fe46537ff2495bc9c4f0aaff11461f5e4bebbfbce9a8740a", + "1c7a21800962c91d4651553633b18612d931bb88bff8b743ed595b4e869437e50f8e84fb" + "f334c99061db123a1c40b73b07e203790561a37df65a660355ba2017d78", + "1301e1782559a38f1ca0eebe9bed0f5c7c33103d506a24f8a688f500ee1fe37f97b66853" + "19279e82e6fe43cfd823ccbc123309974cffa76c4f8d41ec02a3cbc45f1" }, + { NID_secp521r1, NID_sha256, + "ba74eed74282811631bd2069e862381e4e2a1e4e9a357b1c159a9ce69786f864b60fe90e" + "eb32d8b72b099986fc594965a33285f7185b415df58fead7b8b50fc60d073680881d7435" + "609ad1d22fd21e789b6730e232b0d2e888889fb82d6ad0337ab909308676164d4f47df44" + "b21190eca8ba0f94995e60ad9bb02938461eee61", + "015152382bfd4f7932a8668026e705e9e73daa8bade21e80ea62cf91bd2448ebc4487b50" + "8ca2bdaaf072e3706ba87252d64761c6885a65dcafa64c5573c224ae9e6", + "04000b8c7c0186a77dc6e9addd2018188a6a40c3e2ba396f30bbd9293dba2841d57d6086" + "6b37f587432719b544d8bf7eb06d90a8c0dc9c93b0c53d53b2f667077228ca01dd2e5c73" + "ab908ae34f701689f1cd3cf5186d3a2bc941e208bf3ef970e5e429ee9b154d73286b2e5d" + "a423e75b7c7b78c7bdf915da92279db43265a0cdefca51f86a", + "0d03506999f5cc9ec3304072984a20a9c64a22ad9b418495ca904f4bbddc96e76d34672c" + "b52763339d3f3bc5b1701c00a675b972797e3a086314da1a8d338436566", + "085406c0ff5ec91f598bb579ad8714ad718c3e133d5dcc2e67c5d2339c146b69919cac07" + "f3bc2bda218f4c7c8be04855e2ca6fff7fbdc4fc0fda87c8c3081cad4f5", + "1b45f2066e583636215ae135afc202b8bf3f301eccff2e1c0198b9aeddf695fa8179488e" + "7b622fc307f601e2f6551815117cc836bb09ef888f8e64a45d9c84ad30c" }, + { NID_secp521r1, NID_sha256, + "dc71f171a28bdc30968c39f08f999b88dc04c550e261ecf1124d67f05edeae7e87fe9b81" + "35a96fe2bc3996a4f47213d9d191184a76bd6310e1ee5cb67ea7fc3ef6f641a0ba165198" + "040fa668192b75a4754fc02c224bd4a74aade5a8c814adf151c2bfeda65165a04ef359e3" + "9847c84e312afb66d4cd1db50d41ef3fe5f31296", + "1750ff0ca0c166560b2034bc5760fe0b3915340bc43216e9de0c1d4a76550e8b2036e8b8" + "74230f8d29354aed43e183610f24fd4abd4b0be2f111dae942bd7a121f7", + "0401b4b8947192a7c0166c0e0b2791e217370836283e805f3ee11cfb78445aba3c5bc39f" + "e594e01916617ad59e7c8e740d8f2d07d88905d3f33bd5e51aafd4943c5dc601175d1172" + "32836c28e717ce2a55e59f4ec550effde30d18e3d99e42c6aa2283c7b3e7f2f6ff1fca60" + "5dde78c3a5bffa689347b4c93f51ba59a1787bb7d5e43861dc", + "023645023d6bdf20652cdce1185c4ef225c66d54f18632d99ccf743bf554d04c214c88ce" + "52a4f71ec75c899ad1b3c07c34112ca20b55c217ff1d72c9528e2774ce8", + "1e933f68ce0f8403cb16822b8e0564b1d39a35f27b53e4ae0bcdff3e051759464afbc349" + "98ba7c8a7ee34ef6c1aaa722cffe48356fd0b738058358d4c768b3186c1", + "0a67368a305508ce6d25d29c84f552a4a513998990fef4936244f891a2909c30d5fdc9e8" + "a267ecbf3c597138f4a08f7e92bee57d5420eadd700fee864bf78b2614b" }, + { NID_secp521r1, NID_sha256, + "b895788d7828aaeace4f6b61a072ffa344d8ea324962ba6dab5efda93f65bf64a0f2ac6d" + "5721d03ee70e2aef21cdba69fd29040199160e3a293b772ffb961ed694a8dc82800dab79" + "367a4809a864e4aff6bc837aaa868e952b771b76591c0bb82249034e3208e593d85973d3" + "fea753a95b16e221b2561644535c0131fe834ae7", + "023048bc16e00e58c4a4c7cc62ee80ea57f745bda35715510ed0fc29f62359ff60b0cf85" + "b673383b87a6e1a792d93ab8549281515850fa24d6a2d93a20a2fff3d6e", + "0400ba3dc98326a15999351a2ec6c59e221d7d9e7ee7152a6f71686c9797f3f330d31501" + "23620d547813ba9d7cc6c6d35cc9a087d07dff780e4821e74ad05f3762efd6018b051af9" + "824b5f614d23ecadd591e38edbfe910ad6cbebc3e8a6bec11ea90691c17deb3bc5f34a4a" + "3acd90b7b10f521f6ee7b3cfbfdc03b72d5a8783a4a77c3e4c", + "06099d2667f06c58798757632d07d8b3efbe9c1323efb0c244be6b12b3b163ba1b7cf524" + "6c98dcc0771665a66696d687af5f28ed664fd87d5093df6427523d4db84", + "10dc80ea853064a2ba5a781f108aca3785c5ec0aa45aa05ba31d4de671170797589e863d" + "54a3a986aadf6f670277f50355713dfb27d4ec7e348f787910b3cd668cd", + "018572bfad4f62e3694d1f2e6ffd432faed2e2b9d7e3611a07138212f1e79e6c394839f7" + "cfae96bc368422630016fb9346681eadc5f9699e7331c3b5fde6d65e4c6" }, + { NID_secp521r1, NID_sha256, + "2c5bd848c476e34b427cfe5676692e588e1957957db7b5704492bd02104a38216535607f" + "5d092dc40020130c04a3aaf0f1c52409834926d69a05d3f3188187a71d402a10ba34eac8" + "629b4c6359b1095f30f710219298bf06b9f19bfc299981d7e251ca232a0a85338a7e0246" + "4731d1b25d4a1f68baf97064516590644820c998", + "02b8b866ce4503bb40ffc2c3c990465c72473f901d6ebe6a119ca49fcec8221b3b4fa7ec" + "4e8e9a10dbd90c739065ad6a3a0dd98d1d6f6dcb0720f25a99357a40938", + "0401b8c7a169d5455f16bfe5df1ba5d6ec9c76e4bad9968d4f5f96be5878a7b6f71d74bf" + "ac0076dd278bc4630629f3294646f17d6b6c712b0087e2c4d576039cfdc8b9018faffd54" + "22dfd1b61432fa77b9a288b2b7d546656c0dcca3032179e6f45ee3cf61d6a447fc51731c" + "b54457343a41569fcf78cef42895f4da5efcb14ea1fc065f8d", + "0ac89e813f94042292aa1e77c73773c85cf881a9343b3f50711f13fa17b50f4e5cb04ac5" + "f6fc3106a6ef4c9732016c4e08e301eefac19199459129a41a7589e0628", + "05bc7a253a028ee8b7253979b8d689d41d8df6fae7736341f22e28b6faf0cbbdebbd2ef4" + "d73e56d2021af2c646dc15539a7c1e1c4dc9c7674808bd7968d8a66f947", + "0fd71575837a43a4cf1c47d0485cfd503c2cf36ebcea0fdef946ad29acb7fb2e7c6daf6b" + "4eb741eb211081aed6207d02569f1518988f275ad94c7fd4735cb18a92e" }, + { NID_secp521r1, NID_sha256, + "65a0b97048067a0c9040acbb5d7f6e2e6ac462e1e0064a8ce5b5bbf8e57059e25a3ef8c8" + "0fc9037ae08f63e63f5bdb9378c322ad9b2daf839fad7a75b1027abb6f70f110247da7e9" + "71c7c52914e5a4f7761854432fa16b2a521e7bcaee2c735a87cad20c535bf6d04a87340c" + "229bf9af8647eedca9e2dc0b5aa90f7fea3cdc0a", + "0a43b32ad7327ec92c0a67279f417c8ada6f40d6282fe79d6dc23b8702147a31162e6462" + "91e8df460d39d7cdbdd7b2e7c6c89509b7ed3071b68d4a518ba48e63662", + "040172fb25a3e22c2a88975d7a814f3e02d5bb74cfb0aaa082c5af580019b429fddd8c7f" + "9e09b6938f62e8c31019b25571aaceef3c0d479079db9a9b533ee8e1670abd00ff551622" + "3b6cc7c711705f15b91db559014e96d3839249c5c849f2aced228a8998177a1e91177abb" + "b24b57a8ea84d944e0c95da860ae0925f1b40c0e1b7c9e0a46", + "0383eda042e06c0297fbd279a2ad40559c5c12ad458f73458eebcc92b308d3c4fcec20a5" + "b59f698e16fa6ea02dba8661b6955f67c052f67b0a56460869f24cfdf7d", + "1b9c35356b9d068f33aa22a61370dae44a6cb030497a34fb52af23c6b684677370268f06" + "bb4433be6795a71de570088aec17ce0c9933d2f76c7edce7f406f62fedd", + "06f07ea453cfa20ad604ba855332f62834657b0b795684d50c1562a675456e37f4dae45f" + "0df47d8e27e47bc9ce9c9cbba1554c5b94b0b17401b73c8d0c0902c6cc4" }, + { NID_secp521r1, NID_sha256, + "d6e366a87808eea5d39fe77cac4b8c754e865a796062e2ec89f72165cd41fe04c4814806" + "8c570e0d29afe9011e7e7a2461f4d9897d8c1fa14b4ff88cab40059d17ab724f4039244e" + "97fcecb07f9ffeec2fb9d6b1896700fe374104a8c44af01a10e93b268d25367bf2bef488" + "b8abcc1ef0e14c3e6e1621b2d58753f21e28b86f", + "03c08fdccb089faee91dac3f56f556654a153cebb32f238488d925afd4c7027707118a37" + "2f2a2db132516e12ec25f1664953f123ac2ac8f12e0dcbbb61ff40fb721", + "040193301fc0791996ca29e2350723bd9aa0991ddbb4a78348ee72bdcd9ed63ce110ba34" + "96f2ce0331b5c00d4d674c1b70114e17ce44a73c3e16bab14ed1ee924202e400aea9b288" + "cfb2933ec0a40efa8e2108774e09b3863b3193d0dac6cc16ccaa5bd5f9ce133aec5cd3b6" + "2cbaeec04703e4b61b19572705db38cfaa1907c3d7c785b0cd", + "0d0e90d5ee7b5036655ad5c8f6a112c4b21c9449ca91c5c78421e364a2160bbac4428303" + "657bc11ea69f59fb0fe85a41b8f155a362343094456fd2a39f2a79e4804", + "1a8c23a2965d365a4c2ffd0802ae8b3a69c6b84a1ba77fd8a5f2f61e8ec3a1dcb336f136" + "e2a997252eaa94caf9b5ad6c9ecff5bf33abf547ca84985bb89908a11d7", + "1cc42a2dd97aa42b9df5ea430e0d4cb13106dd6da6e8c9315c96ed7b052db365bbde6960" + "c9a965954a4398c18ea7db9593bbfc3c3b6b3466ff806fccac3de6424ab" }, + { NID_secp521r1, NID_sha256, + "f99e1d272d0f5fb9c4f986e873d070ec638422bc04b47c715595e2cf1a701cdf88bc6c4b" + "20085b357bad12ccba67cac8a5ca07f31ba432f9154ff1fadefd487a83a9c37e49fb70a2" + "f170e58889cab0552e0a3806ccfa2a60d96e346851d84b7de6d1a4b8cf37567dc161a84f" + "13421e3412457d4bc27f6213453c8519a2d7daa2", + "0969b515f356f8bb605ee131e80e8831e340902f3c6257270f7dedb2ba9d876a2ae55b4a" + "17f5d9acd46c1b26366c7e4e4e90a0ee5cff69ed9b278e5b1156a435f7e", + "0400fc7ae62b05ed6c34077cbcbb869629528a1656e2e6d403884e79a21f5f612e91fc83" + "c3a8ac1478d58852f0e8ba120d5855983afd1a719949afa8a21aec407516c300aa705da6" + "459a90eaa2c057f2e6614fb72fc730d6fdebe70e968c93dbc9858534768ea2666553cd01" + "db132331441823950a17e8d2345a3cab039c22b21bfe7bd3b9", + "19029260f88e19360b70c11107a92f06faa64524cfbd9f70fecf02bd5a94f390582a7f4c" + "92c5313bb91dc881596768d86f75a0d6f452094adbe11d6643d1a0b2135", + "07f2158e9b9fa995199608263969498923cf918fdc736427c72ce27ce4a3540dce2e8e5e" + "63a8fc7ba46f7fa42480efbf79c6ed39521f6e6ec056079e453e80a89d9", + "08e349eed6f1e28b0dbf0a8aeb1d67e59a95b54a699f083db885f50d702f3c6a4069591a" + "faa5b80b3c75efb1674ebd32c7ead0040d115945f9a52ee3a51806cad45" }, + { NID_secp521r1, NID_sha256, + "91f1ca8ce6681f4e1f117b918ae787a888798a9df3afc9d0e922f51cdd6e7f7e55da996f" + "7e3615f1d41e4292479859a44fa18a5a006662610f1aaa2884f843c2e73d441753e0ead5" + "1dffc366250616c706f07128940dd6312ff3eda6f0e2b4e441b3d74c592b97d9cd910f97" + "9d7f39767b379e7f36a7519f2a4a251ef5e8aae1", + "013be0bf0cb060dbba02e90e43c6ba6022f201de35160192d33574a67f3f79df969d3ae8" + "7850071aac346b5f386fc645ed1977bea2e8446e0c5890784e369124418", + "040167d8b8308259c730931db828a5f69697ec0773a79bdedbaaf15114a4937011c5ae36" + "ab0503957373fee6b1c4650f91a3b0c92c2d604a3559dd2e856a9a84f551d9019d2c1346" + "aadaa3090b5981f5353243300a4ff0ab961c4ee530f4133fe85e6aab5bad42e747eee029" + "8c2b8051c8be7049109ad3e1b572dda1cac4a03010f99f206e", + "1a363a344996aac9a3ac040066a65856edfb36f10bb687d4821a2e0299b329c6b60e3547" + "dde03bdbd1afa98b0b75d79cf5aac0ef7a3116266cadf3dfbd46f8a4bfc", + "1ff097485faf32ce9e0c557ee064587c12c4834e7f0988cf181d07ba9ee15ae85a8208b6" + "1850080fc4bbedbd82536181d43973459f0d696ac5e6b8f2330b179d180", + "0306dc3c382af13c99d44db7a84ed813c8719c6ed3bbe751ead0d487b5a4aa018129862b" + "7d282cce0bc2059a56d7722f4b226f9deb85da12d5b40648bf6ec568128" }, + { NID_secp521r1, NID_sha384, + "dbc094402c5b559d53168c6f0c550d827499c6fb2186ae2db15b89b4e6f46220386d6f01" + "bebde91b6ceb3ec7b4696e2cbfd14894dd0b7d656d23396ce920044f9ca514bf115cf98e" + "caa55b950a9e49365c2f3a05be5020e93db92c37437513044973e792af814d0ffad2c8ec" + "c89ae4b35ccb19318f0b988a7d33ec5a4fe85dfe", + "095976d387d814e68aeb09abecdbf4228db7232cd3229569ade537f33e07ed0da0abdee8" + "4ab057c9a00049f45250e2719d1ecaccf91c0e6fcdd4016b75bdd98a950", + "04013b4ab7bc1ddf7fd74ca6f75ac560c94169f435361e74eba1f8e759ac70ab3af138d8" + "807aca3d8e73b5c2eb787f6dcca2718122bd94f08943a686b115d869d3f40600f293c1d6" + "27b44e7954d0546270665888144a94d437679d074787959d0d944d8223b9d4b5d068b4fb" + "bd1176a004b476810475cd2a200b83eccd226d08b444a71e71", + "0a8d90686bd1104627836afe698effe22c51aa3b651737a940f2b0f9cd72c594575e550a" + "db142e467a3f631f4429514df8296d8f5144df86faa9e3a8f13939ad5b3", + "02128f77df66d16a604ffcd1a515e039d49bf6b91a215b814b2a1c88d32039521fbd142f" + "717817b838450229025670d99c1fd5ab18bd965f093cae7accff0675aae", + "008dc65a243700a84619dce14e44ea8557e36631db1a55de15865497dbfd66e76a7471f7" + "8e510c04e613ced332aa563432a1017da8b81c146059ccc7930153103a6" }, + { NID_secp521r1, NID_sha384, + "114187efd1f6d6c46473fed0c1922987c79be2144439c6f61183caf2045bfb419f8cddc8" + "2267d14540624975f27232117729ccfeacccc7ecd5b71473c69d128152931865a60e6a10" + "4b67afe5ed443bdbcdc45372f1a85012bbc4614d4c0c534aacd9ab78664dda9b1f1e2558" + "78e8ac59e23c56a686f567e4b15c66f0e7c0931e", + "04ceb9896da32f2df630580de979515d698fbf1dd96bea889b98fc0efd0751ed35e6bcf7" + "5bc5d99172b0960ffd3d8b683fbffd4174b379fbdecd7b138bb9025574b", + "0400e7a3d30d5bd443549d50e9b297aaa87bc80b5c9e94169602d9d43d6d0c490c0bed8c" + "c2170288b106bdbf4c9f1ce53fd699af0b4c64b494b08520e57dc01ab9a8b001d81056d3" + "7aec8a75d588f6d05977416e6f24ad0117a7f4450036d695612e7bc2771caed80e580314" + "eebc88c8fc51c453f066e752481f212b57165d67f8a44f375a", + "046639c5a3ec15afae5e4a7a418ac760846512d880c359bc2c751b199ce43b10887e861b" + "14127809754dbea47f6cc0140d2817e3f5b9a80ce01abd81f81b748433a", + "0f913de91e19bd8f943d542ae357bacc942a0967abc9be6c06239a379db8cc733fa50013" + "e0b0f088bce9d630262feaa33b30d84f91bcf5ce9976e4e740fcb112f84", + "08a73a5c9c24235e0d9cecaac653f68ce5a6fb186ce67fa058d6ddbbd4d0a8c4d194e571" + "148e8ad6c8882b4e33d2f60fb23dd7d07a1ae60864e8277918f592b3dc6" }, + { NID_secp521r1, NID_sha384, + "6744b69fc2420fe00f2352399bd58719e4ecdd6d602e2c80f194d607e58b27a0854745bf" + "d6d504de2eb30b04cee0f44af710dd77e2f816ac3ac5692fad2d1d417893bb0edba2707a" + "4c146a486f8728ca696d35cc52e9c7187c82d4bdb92eb954794e5ad15133f6bfea1f025d" + "a32ada710a3014cf11095b3ff69a94d087f17753", + "00a8db566bd771a9689ea5188c63d586b9c8b576dbe74c06d618576f61365e90b843d003" + "47fdd084fec4ba229fe671ccdd5d9a3afee821a84af9560cd455ed72e8f", + "04004f5b790cbe2984b71d41af5efed6c6893d15e13f31816d55a9c2926a104eee66f1ad" + "a83115d1388551218773b8b9d1138e3e3f027bb4392c90c14fd232580b4a1100660eb160" + "e9bfc8c5619e70e948e238c6fd37739bc1bb657b8e8436e63628f91992be7e63d9a73596" + "23a1340642777b22026feb51116a6c50c54c3589b9bd39b6cb", + "1e7b5e53571a24bd102dd7ad44a4b8d8a4e60e5957bc3c4e5d3c73109f55233f072e572c" + "7892f425ba5e64d3cb7966096bb34a47e26cd5b3e3b44108b310d9f681b", + "1a88bcd7e2bdff6e497d943dde432fb3f855a7177c466319cb53b701230c299db0302762" + "69685857d1e3f28110e690f2f529c8d18115eb381f313bc891d92ad278e", + "146f1984ea879274dfd5e86ad92e564a4de081523ddbb1c397b8f9595911ef2e6501bc08" + "1584d5340f7aa47e1af036234ac6f27a5ac31f78dd3b0ff1a62693c630d" }, + { NID_secp521r1, NID_sha384, + "16001f4dcf9e76aa134b12b867f252735144e523e40fba9b4811b07448a24ef4ccf3e81f" + "e9d7f8097ae1d216a51b6eefc83880885e5b14a5eeee025c4232319c4b8bce26807d1b38" + "6ad6a964deb3bdca30ee196cfdd717facfad5c77d9b1d05fdd96875e9675e85029ecbf4f" + "94c524624746b7c42870c14a9a1454acf3354474", + "1a300b8bf028449344d0e736145d9dd7c4075a783cb749e1ec7988d60440a07021a25a3d" + "e74ea5e3d7bd4ab774d8ad6163adae31877ef0b2bd50e26e9e4be8a7b66", + "04005055b9ad726ba8a48219b0ecbfffb89f8428de895b231f676705b7de9f2022d9ff4e" + "0114ebb52dea342f9bf76b2fb060c020e29d92074ebb1fbfe5290a58c8bc1000415af7f2" + "0a6e945315adbf757316bb486c80780a0a3a15b4b9609f126d7341053a2b726ab63cb46f" + "eee527b0bf532b32b477e5671aea23d9b3c3e604b9029954b5", + "05a2e92717bb4dab3ee76724d4d9c2d58a32b873e491e36127985f0c9960c610962ca1c4" + "510dba75c98d83beebdc58b1d8678e054640951d11db1bd2d8a4ab8476b", + "104a78ce94f878822daaf00ee527fbdbf6cceb3cbb23a2caa485e4109466de8910252f92" + "379ab292cac8d1eda164f880c0067696e733fc8588a27703a3e1f5b8f1f", + "1ffe23e8ab5a31668a81161a234ea14879771fe9866f8872eb6edb672e0fe91d2bb75c97" + "67a2dfbac7c15c802211236b22ea41ecd055a0b8b311ffc4255f86d5c67" }, + { NID_secp521r1, NID_sha384, + "a9824a7b810aa16690083a00d422842971baf400c3563baa789c5653fc13416111c0236c" + "67c68e95a13cec0df50324dcc9ae780ce4232607cb57dd9b2c61b382f0fa51fd4e283e2c" + "55ffe272597651659fbd88cd03bfa9652cd54b01a7034c83a602709879e1325c77969beb" + "fd93932ce09a23eae607374602201614ff84b141", + "06a253acd79912a74270fc0703ed6507ab20a970f2bc2277f782062092cf0e60ae1ca1bb" + "44dec003169bc25ef6e7123dd04692f77b181a6d7e692e66b09d35a540c", + "0401f15c6b1df156fdd8381cd7446e039435e445f8f36f0247475058da0e371bf72753f6" + "e39f98066bc79370b038c39687ba18e16cb118fe6538b7568c5403c251f6b7012d2b4f46" + "b854eeae75f1c63f55b76bf0c604d47f870c28a50ecdeb52bba1dd9a0ff12e680804ff86" + "4111207652da7dd10b49edf66bb86be00bc06672de91982457", + "165faf3727e42fd61345cfa7b93e55fb4bf583b24bdc14ce635b6c99dbd788012f14da9a" + "210b677c44acdd851e672f1a48188d6b8946c0efeebfe8a597ba0090a2c", + "1ad9463d2759abd568626548578deefdcd8b2d050ce6d9c7ed05feca20167484b86e89bd" + "cc936fd647e0f8aedd7b6add2b8cf13ff6ff013c2b5540c6c56fda97a0c", + "1645a7d0e11015256cfb034adca198695eea6aedd44d9fbf496850ccfed950f43fffd8db" + "f41e113f2d3837d8a5dd62b2ed580112ff05800b1f73196e5576810e15b" }, + { NID_secp521r1, NID_sha384, + "90d8bbf714fd2120d2144022bf29520842d9fbd2dc8bb734b3e892ba0285c6a342d6e1e3" + "7cc11a62083566e45b039cc65506d20a7d8b51d763d25f0d9eaf3d38601af612c5798a8a" + "2c712d968592b6ed689b88bbab95259ad34da26af9dda80f2f8a02960370bdb7e7595c0a" + "4fffb465d7ad0c4665b5ec0e7d50c6a8238c7f53", + "0d5a5d3ddfd2170f9d2653b91967efc8a5157f8720d740dd974e272aab000cc1a4e6c630" + "348754ab923cafb5056fc584b3706628051c557fce67744ee58ba7a56d0", + "040128a4da5fc995678e457ceb3929adee93c280f851abe900fa21f4f809dafad4e33b38" + "1e0cd49ce8dd50e2e281cea162bfd60a1d6a1c0ee2228e6a011e171b559ab8006eb0917c" + "d72256992c49ea527f6bb0315f13d8047794a0f1da1e93737703b1c2a74a00441ef3b47b" + "6a2ff789c49ae32d91cabe7b29247aeec44f6c40a76597a2ca", + "03269983a5c2bcc98e9476f5abf82424566b1f08b17204d29e310ece88f99eb677a537f8" + "6fe2529e409cfef2c12929644100099e0de2f27c0f0ac11105a4dca935b", + "1a5257ae1e8187ba954f535b86ff9b8d6a181a3b95c250d090cb4e9c3bfbd03aa64696a7" + "6c569728ef67780d6338d70ce46da40b87a3e49bfe154b93930890dfa93", + "05b6ccdfd5c63c7db76d3a0478064a2a376e0e050cb093be795a72a549247c2e4adba918" + "3145c63d46479dbbdcf09986a6f64c09c7e16abc4853f6376c9558b014a" }, + { NID_secp521r1, NID_sha384, + "09952b1e09995e95bf0022e911c6ab1a463b0a1fdd0eec69117b34af1103c720b5760021" + "7de7cd178fef92de5391e550af72a8dcf7badf25b06dd039417f9a7d0f5be88fcd4e9655" + "931d5b605452a667c9d1bae91d3476e7d51cff4108f116a49966fb3a7cff8df1c09734ce" + "5620faf2dccb3dc5d94e7e9ac812da31f6d07a38", + "1bcedf920fa148361671b43c64e3186e1937eb1bd4b28cbd84c421472394552889bc0550" + "9aa732ef69d732b21b750523fdfd811f36467690fe94e01e64c9d5cbbe9", + "0400d33c151d202a5d4d831348e940b027ee32e4b0b9b48d823a05c67ff3bdaee0189fc6" + "680565f352c062e99968afc643208b4f9c7af185b861658a88c4ad0fcc8ba200e4441ddb" + "546468ad8ffa6074f137edfbb81e82e0e7d8f05c4c54598aa996a9cde54cb371f642bfdd" + "4ae7eca5b769696030027129a4183da93567ad142a2dff5183", + "046e619b83aac868b26d0b3cbfab55e630e0b55c461985b5d00f94ff3a5ce90ff412cebf" + "46bbd84550d2031d573ca27d924624428360708c8d8491c29eb01d30f2e", + "08427c0f0ac0263472cd423c0fb554bf3c851b9c775c566ab0f6878717bd57665830767b" + "05b7789c5c0b078195bd943dc737325552d32877ecb04a7c41bd07cd80c", + "10bb6652d6a624c40a7dd06828f15774130d02369ceb1a7d03b553e16e17b7fa5b5401f1" + "5885d5e4fc2e55c0c7a1b97871ab02f76386b93a16aa6e7eb65debac6dd" }, + { NID_secp521r1, NID_sha384, + "0bb0f80cff309c65ff7729c59c517d50fc0ed5be405ef70cb910c3f62c328c90853d4473" + "530b654dda6156e149bc2222a8a7f9be665240e2fbe9d03f78a2356af0bacd1edb84c480" + "1adc8293a8a0bd6123d1cf6ba216aca807a7eb4dca76b493eb6e3dbb69d36f0f00f85622" + "2f24d9b93ec34c3b261be2fca0451c00571928e5", + "03789e04b3a2a0254ade3380172c150d2fad033885e02ea8bea5b92db3f4adbab190ae42" + "3080a1154dfedec694c25eab46ce638be3db4e4cba67bc39f62d6e7db2d", + "0401dbc2cf19627bdccf02432b1761f296275230c150cdde823ce3141ec315d7d05e16b2" + "c29e2a67491078d5316883e933d85b4b10d4f64c477d3c4e0442dc928983a2007562e720" + "807dd118d3d8b265b3abc61a71fce43e3dce0e7b5ae18b7a4cb01ecc00d39c1f22e150a9" + "a8728997e502144f5b3f6fa9b4cb8a4136212b082ca394e3f6", + "0fbccd8d7804bdd1d1d721b5ec74d4ba37603bc306f9fce2ec241853d8e07334e6b4b12c" + "4ecca0c54bd71193dd7146507933a20737c5f3e15085830fab9b30ca57b", + "181915a3998d8fa214f9715f4ca928d09c36de168dc15c6970a8a062b5cea2dc969b2437" + "ca17b684f78a1fd583aad8e6c762c8f4ab0c91b86a497145e3ca440d307", + "15a6c18c5c77f5470b27d061eafdc26b78561941a3b2ab0f5c81d40899fc053c3d9ed12d" + "7d61e298abbae470009c7b2157731c58d7b16a66fa5abaf5e8a1b8ed394" }, + { NID_secp521r1, NID_sha384, + "7efacf213382ce30804e78b7256854d759147dba9729c51b2759465715bf2c421034c23d" + "c651c13d6cce95f71fe6a84dfbee5768163ac5789ac0474c5ddf4115684683c5f7c204b3" + "3b8bcc0c03ac58f66cef2f53b721fe2fac91ad841126101a88f512a7c2ded38549d9f050" + "d4b7961dda48a1489f026c5d111701762418cfe3", + "124700aa9186353e298edefc57bec0c7d0201cca10c1d80dd408d5d71040592b0ac59fac" + "dadfa8712445f5977ef8d4854022720c3f02d60e0732dbb2f171fcf1490", + "0400c80fc4cecae5d53348524ddba6a160b735c75b22fdb39af17e2a613d09246e3bb0fd" + "3f2978577f6db5d2118e05c7898024808f8eb8e021d7969cdcf7fc981200bb01a880c939" + "43fd446d4b3923b574d2221c1bb7b645fb5534dda60e827b497666ff586b77921f7e7f60" + "5147947194cffd2fef0678880b89cc0bc7fb74fa96d4b112d7", + "01a05238d595ded5c61d3bf6fde257dbf13095af8a5cb3a2e579e8e4c550fe31d12b71cc" + "2dbcb295e6c4fd0fb8c22d1b741c097cc59d826ced1a8771f09983143c4", + "132762bc81e9922a8d642e3a9d0218affa21fa2331cfcb9e452545c5981c64a8f7e4cc8e" + "68056023b2aa78bead59061d19c7f646c931163a91e544b106b3be8de9e", + "0c3a1b0b000c3169984132add51d611e2cb7069a262a6983d2ae72b459c36e6469509bdb" + "0f473600b8686700b08910779dee9ba83f82e755d4a4ef5f124eb09397f" }, + { NID_secp521r1, NID_sha384, + "28edff8b9d85f5f58499cc11f492abdfab25e8945975bbaeee910afa2b8fc1295ec61406" + "309ce4e09f4ab4f462959fc2a2786802466eb26d3b01be6919893ae75d0fdc2dc8a82e66" + "2550f9fce9627dd364188aaba5c6faa1b2d8a2235adfa5ad0dc140f88a2b2f103f5690e8" + "77d07fe8fd30d02d2b2729bd3d8eb5b23a21f54c", + "1f532d01af885cb4ad5c329ca5d421c5c021883bd5404c798d617679bb8b094cbb7e15c8" + "32fb436325c5302313ce5e496f9513455e7021ffad75777a19b226acfa1", + "0400c0bd76b0027b85bdd879052220da1494d503f6a4bb972105a48ae98e7dda8c2d9fd9" + "336f5646385b961ef68e8464e3a95b00f96614b1a408ceaa2c87b077b6a8fb017eb7eb5c" + "78db7819af92e8537d110d9f05a5e24f954f4dde21c224d4040f059ec99e051702f39041" + "3d2708d18f84d82998c61847475250fb844b20082cbe651a6b", + "14e66853e0f7cd3300ebcae06048532e19cbb95bee140edc1c867ce7310637651445b6df" + "eb1d99d2e32f2ffb787ebe3fe35032277f185d3dad84f95806924550abe", + "0c5b3a57161098e2e8e16e0a5ae8ecf4a14df14927eea18ed4925d11dc429dda14515932" + "3ba970174b194b9b4608a8fa2373b7a825c5e8bd80574e49698285c2c82", + "1a0c038a51796158b42eb5b0dac37aff9ab93b903a47e06ebbdd15946e4bcc9a3b3875b1" + "8cf6294c33fc6c3693cef04ed1a43d08951e664c760e2cf3fb4e47490d2" }, + { NID_secp521r1, NID_sha384, + "bae2a8897c742fd99fbf813351cd009d3f2e18d825ca22e115276484bce8f82f8c7c0c21" + "dd2af208404d8ef45bb5a6c41693912b630897d5246801bf0775aa9bbac8be98cb861d17" + "2c3563dc59e78a58ed13c66dea496471b3ad0eeae8995293e4ab97373edc1837ffc95ff1" + "cc0c1e90e64ea8680b2ca5f1e09bf86b99b343b6", + "11abf508bca68a85a54bc0659e77efad3c86112c9db04db2883e76144aa446918bb4bb07" + "84b0b6a0e9aa47399fe3de5aaecfd8894a0d130bb0c366c40d9d5050745", + "04005c0ea363a3a12633ea39d564587ebdd3a22a175ef32b9ebfc7311304b19cb3a62b5a" + "dc36f6afb6a6f7fabbf810ee89fdb72854fefd613e7798e9b9ff5938ea54c600bd06a85e" + "47b885c08124b55a3fcc07ca61647cda6efbfdbd21b24d1ea7a4c7300d46cd798e76063a" + "a979adef6f0698b15e5b7ae8a2ab39ab4f50b2d20614db6317", + "19cadb8c7eb10565aa4567e0709873918720f0e4b42b4817afb0b0547c70cd1100229dea" + "e97a276b9c98ea58b01d4839fee86336d749d123b03e8b1a31166acc110", + "0667448a8bbef1c810d40646977dc22f3dfb52a4d80928ded5e976e199cbed02fbd5a085" + "46756ece14548d721a6eb380d0e1a71ad0660dbcac6163c776eedd3e249", + "0ae7f0a238daaddb7fb4a1707fe5132daf653f8e19f732347134c96f1dd798f867c479a4" + "a4609a568a15b61afed70790adbde13ac5f68c468d0230852c1a2c22581" }, + { NID_secp521r1, NID_sha384, + "d57a26a9593e72bfc87322524639bcaae5f2252d18b99cdaa03b14445b0b8a4dd53928f6" + "6a2e4f202fb25b19cad0eb2f1bfda2ab9b0eb668cdcd0fe72f5d9ef2e45e0218590f7ab9" + "d2c9342202610c698bc786cce108a7d4a6730a13e9ea1b470e781f1237d3f84f44abde80" + "8516975546bd89075ef9a9732bfd7ee33b6f4399", + "18dbf520d58177e4b7a0627674d220137983f486dd2fd3639f19751804e80df0655db6af" + "d829cdf75238de525e1a7a9f048049b593dd64b4b96cc013f970c05ea1f", + "04018b872690c37995be324ddb5c2bd5462841bb062f8e63da248a853de79c3d6bb9a2eb" + "1e6933afda0998ca43491cc807b08ace2d5336a43d0ab50563a2d3d98755f00002ff3122" + "1aa32aa6546f35e8fe5b9361f938362a5e89e77ae130ba8bce3729e912dfac35a2fd21ef" + "e84b45b8be2a340850e4b574e1885b35c2afbe196b57c6cf4c", + "098faeb73054639cb2e4442cd68e7b3a13f4b3f397a7b26f303afa40789f8ddd3d918f1c" + "e4f0be53c8cb69c380744e2297d7fc01e2b3daef4ce64dd3a2644234753", + "09c0e7649f814f70a8416cb78bc4601472a363fe97f5c587305778169677860dd97f87b5" + "ab07c3a953bc4615fc34634509d6a25621bdded33ed42446d059509c190", + "120b90e1cfb8a1b5e530df7b17d1128bc051ca4f1a65dd9c9d9d3c59d2f00c7c1e994c52" + "b8671d40294b4d574d2c04475d5bebeacd3a0d3870a54dc7a4805614f40" }, + { NID_secp521r1, NID_sha384, + "8fdcf5084b12cfc043dd3416b46274e021bbed95d341d3c500c102a5609d3a34de29f8fa" + "9f0adb611a1f47a97ad981f8129d718fc0d6c709eab1a3490db8d550f34eb905b9e00663" + "543afc5bc155e368e0bc919a8b8c9fa42093603537a5614927efa6be819ed42ececbf1a8" + "0a61e6e0a7f9b5bc43b9238e62d5df0571fea152", + "002764f5696aa813cd55d30948585f86288ae05aeb264ca157cd09e1d09a10515a849b07" + "91b755ccc656a34707be9e52f5762d290a7d2bcd6de52c600ff862eaf4e", + "040127279c88719dc614db387f102e55104ea1c704ac7f57f3bca936f728439b76556730" + "dd7cde2ac1ad0a4c2c2f036ab6f00cf34cb87ea36113571f300713044106d20134a0786c" + "31f5f2291b83c50fb579ae4c620b95e5a8bdc0c7e1ee6b996c89d764f1b20403e7faa203" + "f397425ada297045dd8ba0e4b155d4900da249e934faab7991", + "08bffb0778cbb06466cecc114b9e89ca243a2b2b5e2597db920bc73a8bbcbe3f57144ad3" + "3409ef7faaab430e13f4c42d304d11347360c84972ca20b1539cce3a288", + "1f8f504e64a502e51e7c129517931c3b71f0d8a63b19cfe01ff7c951c6525249608b3ef5" + "d00061d77eb6b3d69581adeaa3732c773bbb9b919c3e7c71fdc09f44d06", + "058044fc64b340604ffd02a5b2918d76fd6fb59ea895feab7aa218e6f1e8c8f226eb9ee3" + "45ef8140183a69272582005077b008006aab11597e808d7ff1e8382c924" }, + { NID_secp521r1, NID_sha384, + "00669f433934992257bed55861df679804107d7fa491672574a7624949c60049b0533383" + "c88d6896c8de860704c3e6a6aefce83efa57c4d57e9ab253da5d15e1f53ab6dce218b592" + "772ab0bc01fee8e63368e85c0639301456fe2d44cd5396a7f2b22761cd03b80eba7883ee" + "de8249a2f5db2183bf00550c5c002f45a5e4fb31", + "1b0c9acd3eeb618b4b0de4db402206f0f29adc69d7ad324b6db6601b351f723ac8fe949e" + "eacd34228649bf0126276e5aceb0137d00c30dd858aef2d6b6449de2e89", + "0401811c8884486aaa083ddee1c51cb6e861cb830bd5eaa929f72efadbbd1286566ae7e7" + "ba7fde7e02529900d35ee64591652d28798bfc1bed0d192602a9cf5a7d22e3006d7fc9dd" + "494816cfd29613d4689af67f7d0a2e6fbad5d4d6e0130189172a1ab601c5ca71deaa8bfc" + "b5a190d49da191672ff6fc048e146cb902acec5eae6d87e60a", + "1fdc4f108070af3c66c9ba7b6c1f2603a19ceb4760399df81228cfc7eafde1082b5a0716" + "a3ff82fbe84726f14dd0db3376ca184a78c3c60679bab6cd45f77f9b9ce", + "1ec310339ff056faeb341c4499c43782078b04be1725ae9a6cdcb6011c46d1a4eb3d75c3" + "58225e4ec142fd1cd344186f5eb597f7ba559ddfa954824365d5b6edaec", + "005b679a33fdb7e04834f071cd0ac514c04add9f2614ab9bbd9b407b1420fed3f3e02a10" + "8e7e279899e43dcf64ae4083c289a87cd7d2103bdc036a95d36800ac7c6" }, + { NID_secp521r1, NID_sha384, + "4be81dcfab39a64d6f00c0d7fff94dabdf3473dc49f0e12900df328d6584b854fbaebaf3" + "194c433e9e21743342e2dd056b445c8aa7d30a38504b366a8fa889dc8ecec35b31300707" + "87e7bf0f22fab5bea54a07d3a75368605397ba74dbf2923ef20c37a0d9c64caebcc93157" + "456b57b98d4becb13fecb7cc7f3740a6057af287", + "181e1037bbec7ca2f271343e5f6e9125162c8a8a46ae8baa7ca7296602ae9d56c994b3b9" + "4d359f2b3b3a01deb7a123f07d9e0c2e729d37cc5abdec0f5281931308a", + "0400cfa5a8a3f15eb8c419095673f1d0bd63b396ff9813c18dfe5aa31f40b50b82481f9e" + "d2edd47ae5ea6a48ea01f7e0ad0000edf7b66f8909ee94f141d5a07efe315c018af728f7" + "318b96d57f19c1104415c8d5989565465e429bc30cf65ced12a1c5856ac86fca02388bc1" + "51cf89959a4f048597a9e728f3034aa39259b59870946187bf", + "09078beaba465ba7a8b3624e644ac1e97c654533a58ac755e90bd606e2214f11a48cb51f" + "9007865a0f569d967ea0370801421846a89f3d09eb0a481289270919f14", + "19cf91a38cc20b9269e7467857b1fc7eabb8cea915a3135f727d471e5bfcfb66d321fabe" + "283a2cf38d4c5a6ecb6e8cbee1030474373bb87fcdfcc95cf857a8d25d0", + "1cf9acd9449c57589c950f287842f9e2487c5610955b2b5035f6aacfd2402f511998a1a9" + "42b39c307fc2bcab2c8d0dae94b5547ddccfb1012ca985b3edf42bbba8b" }, + { NID_secp521r1, NID_sha512, + "9ecd500c60e701404922e58ab20cc002651fdee7cbc9336adda33e4c1088fab1964ecb79" + "04dc6856865d6c8e15041ccf2d5ac302e99d346ff2f686531d25521678d4fd3f76bbf2c8" + "93d246cb4d7693792fe18172108146853103a51f824acc621cb7311d2463c3361ea70725" + "4f2b052bc22cb8012873dcbb95bf1a5cc53ab89f", + "0f749d32704bc533ca82cef0acf103d8f4fba67f08d2678e515ed7db886267ffaf02fab0" + "080dca2359b72f574ccc29a0f218c8655c0cccf9fee6c5e567aa14cb926", + "040061387fd6b95914e885f912edfbb5fb274655027f216c4091ca83e19336740fd81aed" + "fe047f51b42bdf68161121013e0d55b117a14e4303f926c8debb77a7fdaad100e7d0c75c" + "38626e895ca21526b9f9fdf84dcecb93f2b233390550d2b1463b7ee3f58df7346435ff04" + "34199583c97c665a97f12f706f2357da4b40288def888e59e6", + "03af5ab6caa29a6de86a5bab9aa83c3b16a17ffcd52b5c60c769be3053cdddeac60812d1" + "2fecf46cfe1f3db9ac9dcf881fcec3f0aa733d4ecbb83c7593e864c6df1", + "04de826ea704ad10bc0f7538af8a3843f284f55c8b946af9235af5af74f2b76e099e4bc7" + "2fd79d28a380f8d4b4c919ac290d248c37983ba05aea42e2dd79fdd33e8", + "087488c859a96fea266ea13bf6d114c429b163be97a57559086edb64aed4a18594b46fb9" + "efc7fd25d8b2de8f09ca0587f54bd287299f47b2ff124aac566e8ee3b43" }, + { NID_secp521r1, NID_sha512, + "b3c63e5f5a21c4bfe3dbc644354d9a949186d6a9e1dd873828782aa6a0f1df2f64114a43" + "0b1c13fe8a2e09099e1ed05ef70de698161039ded73bcb50b312673bb073f8a792ac140a" + "78a8b7f3586dffb1fc8be4f54516d57418ccc9945025ce3acf1eb84f69ceee5e9bd10c18" + "c251dbc481562cd3aae54b54ab618cb1eeda33cf", + "1a4d2623a7d59c55f408331ba8d1523b94d6bf8ac83375ceb57a2b395a5bcf977cfc1623" + "4d4a97d6f6ee25a99aa5bff15ff535891bcb7ae849a583e01ac49e0e9b6", + "04004d5c8afee038984d2ea96681ec0dccb6b52dfa4ee2e2a77a23c8cf43ef19905a34d6" + "f5d8c5cf0981ed804d89d175b17d1a63522ceb1e785c0f5a1d2f3d15e513520014368b8e" + "746807b2b68f3615cd78d761a464ddd7918fc8df51d225962fdf1e3dc243e265100ff0ec" + "133359e332e44dd49afd8e5f38fe86133573432d33c02fa0a3", + "0bc2c0f37155859303de6fa539a39714e195c37c6ea826e224c8218584ae09cd0d1cc14d" + "94d93f2d83c96e4ef68517fdb3f383da5404e5a426bfc5d424e253c181b", + "1a3c4a6386c4fb614fba2cb9e74201e1aaa0001aa931a2a939c92e04b8344535a20f53c6" + "e3c69c75c2e5d2fe3549ed27e6713cb0f4a9a94f6189eb33bff7d453fce", + "16a997f81aa0bea2e1469c8c1dab7df02a8b2086ba482c43af04f2174831f2b176165879" + "5adfbdd44190a9b06fe10e578987369f3a2eced147cff89d8c2818f7471" }, + { NID_secp521r1, NID_sha512, + "6e0f96d56505ffd2d005d5677dbf926345f0ff0a5da456bbcbcfdc2d33c8d878b0bc8511" + "401c73168d161c23a88b04d7a9629a7a6fbcff241071b0d212248fcc2c94fa5c086909ad" + "b8f4b9772b4293b4acf5215ea2fc72f8cec57b5a13792d7859b6d40348fc3ba3f5e7062a" + "19075a9edb713ddcd391aefc90f46bbd81e2557b", + "14787f95fb1057a2f3867b8407e54abb91740c097dac5024be92d5d65666bb16e4879f3d" + "3904d6eab269cf5e7b632ab3c5f342108d1d4230c30165fba3a1bf1c66f", + "0400c2d540a7557f4530de35bbd94da8a6defbff783f54a65292f8f76341c996cea38795" + "805a1b97174a9147a8644282e0d7040a6f83423ef2a0453248156393a1782e0119f746c5" + "df8cec24e4849ac1870d0d8594c799d2ceb6c3bdf891dfbd2242e7ea24d6aec316621473" + "4acc4cbf4da8f71e2429c5c187b2b3a048527c861f58a9b97f", + "186cd803e6e0c9925022e41cb68671adba3ead5548c2b1cd09348ab19612b7af3820fd14" + "da5fe1d7b550ed1a3c8d2f30592cd7745a3c09ee7b5dcfa9ed31bdd0f1f", + "10ed3ab6d07a15dc3376494501c27ce5f78c8a2b30cc809d3f9c3bf1aef437e590ef66ab" + "ae4e49065ead1af5f752ec145acfa98329f17bca9991a199579c41f9229", + "08c3457fe1f93d635bb52df9218bf3b49a7a345b8a8a988ac0a254340546752cddf02e6c" + "e47eee58ea398fdc9130e55a4c09f5ae548c715f5bcd539f07a34034d78" }, + { NID_secp521r1, NID_sha512, + "3f12ab17af3c3680aad22196337cedb0a9dba22387a7c555b46e84176a6f841800455238" + "6ada4deec59fdabb0d25e1c6668a96f100b352f8dabd24b2262bd2a3d0f825602d54150b" + "dc4bcbd5b8e0ca52bc8d2c70ff2af9b03e20730d6bd9ec1d091a3e5c877259bcff4fd2c1" + "7a12bfc4b08117ec39fe4762be128d0883a37e9d", + "15807c101099c8d1d3f24b212af2c0ce525432d7779262eed0709275de9a1d8a8eeeadf2" + "f909cf08b4720815bc1205a23ad1f825618cb78bde747acad8049ca9742", + "040160d7ea2e128ab3fabd1a3ad5455cb45e2f977c2354a1345d4ae0c7ce4e492fb9ff95" + "8eddc2aa61735e5c1971fa6c99beda0f424a20c3ce969380aaa52ef5f5daa8014e4c83f9" + "0d196945fb4fe1e41913488aa53e24c1d2142d35a1eed69fed784c0ef44d71bc21afe0a0" + "065b3b87069217a5abab4355cf8f4ceae5657cd4b9c8008f1f", + "096731f8c52e72ffcc095dd2ee4eec3da13c628f570dba169b4a7460ab471149abdede0b" + "63e4f96faf57eab809c7d2f203fd5ab406c7bd79869b7fae9c62f97c794", + "1e2bf98d1186d7bd3509f517c220de51c9200981e9b344b9fb0d36f34d969026c80311e7" + "e73bb13789a99e0d59e82ebe0e9595d9747204c5f5550c30d934aa30c05", + "12fed45cc874dc3ed3a11dd70f7d5c61451fbea497dd63e226e10364e0718d3722c27c7b" + "4e5027051d54b8f2a57fc58bc070a55b1a5877b0f388d768837ef2e9cec" }, + { NID_secp521r1, NID_sha512, + "a1eed24b3b7c33296c2491d6ee092ec6124f85cf566bb5bc35bffb5c734e34547242e575" + "93e962fb76aee9e800eed2d702cc301499060b76406b347f3d1c86456978950737703c81" + "59001e6778f69c734a56e5ce5938bd0e0de0877d55adeee48b0d8dfa4ac65fd2d3ce3e12" + "878bac5c7014f9284d161b2a3e7d5c88569a45f6", + "18692def0b516edcdd362f42669999cf27a65482f9358fcab312c6869e22ac469b82ca90" + "36fe123935b8b9ed064acb347227a6e377fb156ec833dab9f170c2ac697", + "0401ceee0be3293d8c0fc3e38a78df55e85e6b4bbce0b9995251f0ac55234140f82ae0a4" + "34b2bb41dc0aa5ecf950d4628f82c7f4f67651b804d55d844a02c1da6606f701f775eb6b" + "3c5e43fc754052d1f7fc5b99137afc15d231a0199a702fc065c917e628a54e038cbfebe0" + "5c90988b65183b368a2061e5b5c1b025bbf2b748fae00ba297", + "161cf5d37953e09e12dc0091dc35d5fb3754c5c874e474d2b4a4f1a90b870dff6d99fb15" + "6498516e25b9a6a0763170702bb8507fdba4a6131c7258f6ffc3add81fd", + "14dfa43046302b81fd9a34a454dea25ccb594ace8df4f9d98556ca5076bcd44b2a9775df" + "aca50282b2c8988868e5a31d9eb08e794016996942088d43ad3379eb9a1", + "120be63bd97691f6258b5e78817f2dd6bf5a7bf79d01b8b1c3382860c4b00f89894c72f9" + "3a69f3119cb74c90b03e9ede27bd298b357b9616a7282d176f3899aaa24" }, + { NID_secp521r1, NID_sha512, + "9aace26837695e6596007a54e4bccdd5ffb16dc6844140e2eeeb584b15acb2bbffd203c7" + "4440b6ee8db676fd200b4186a8c3e957c19e74d4d865ada83f80655323dfa3570907ed3c" + "e853b6e8cc375ed2d758a2f5ad265dd3b47650517a49b3d02df9e0c60c21576378c2b3a0" + "8481eec129b2a75608e13e6420127a3a63c8a3f1", + "0a63f9cdefbccdd0d5c9630b309027fa139c31e39ca26686d76c22d4093a2a5e5ec4e230" + "8ce43eb8e563187b5bd811cc6b626eace4063047ac0420c3fdcff5bdc04", + "04014cab9759d4487987b8a00afd16d7199585b730fb0bfe63796272dde9135e7cb9e27c" + "ec51207c876d9214214b8c76f82e7363f5086902a577e1c50b4fbf35ce996601a83f0caa" + "01ca2166e1206292342f47f358009e8b891d3cb817aec290e0cf2f47e7fc637e39dca039" + "49391839684f76b94d34e5abc7bb750cb44486cce525eb0093", + "01e51fd877dbbcd2ab138fd215d508879298d10c7fcbdcc918802407088eb6ca0f18976a" + "13f2c0a57867b0298512fc85515b209c4435e9ef30ab01ba649838bc7a0", + "11a1323f6132d85482d9b0f73be838d8f9e78647934f2570fededca7c234cc46aa1b97da" + "5ac1b27b714f7a171dc4209cbb0d90e4f793c4c192dc039c31310d6d99b", + "0386a5a0fc55d36ca7231a9537fee6b9e51c2255363d9c9e7cb7185669b302660e23133e" + "b21eb56d305d36e69a79f5b6fa25b46ec61b7f699e1e9e927fb0bceca06" }, + { NID_secp521r1, NID_sha512, + "ac2175940545d4fbab6e2e651c6830aba562e0c11c919e797c43eff9f187a68a9e5a128e" + "3e2a330b955a3f4577d3f826529ad1b03d7b60f7ad678f005053b41dc0f8d267f3685c6a" + "be1a0e9a733c44b2f3ca48b90806f935141c842e3a6c06a58f5343d75e3585971a734f4a" + "e1074ce5b54f74bd9342f4bbca738d260393f43e", + "024f7d67dfc0d43a26cc7c19cb511d30a097a1e27e5efe29e9e76e43849af170fd9ad57d" + "5b22b1c8840b59ebf562371871e12d2c1baefc1abaedc872ed5d2666ad6", + "04009da1536154b46e3169265ccba2b4da9b4b06a7462a067c6909f6c0dd8e19a7bc2ac1" + "a47763ec4be06c1bec57d28c55ee936cb19588cc1398fe4ea3bd07e6676b7f014150cdf2" + "5da0925926422e1fd4dcfcffb05bdf8682c54d67a9bd438d21de5af43a15d979b320a847" + "683b6d12ac1383a7183095e9da491c3b4a7c28874625e70f87", + "1c1308f31716d85294b3b5f1dc87d616093b7654907f55289499b419f38ceeb906d2c9fe" + "4cc3d80c5a38c53f9739311b0b198111fede72ebde3b0d2bc4c2ef090d2", + "00dbf787ce07c453c6c6a67b0bf6850c8d6ca693a3e9818d7453487844c9048a7a2e48ff" + "982b64eb9712461b26b5127c4dc57f9a6ad1e15d8cd56d4fd6da7186429", + "0c6f1c7774caf198fc189beb7e21ca92ceccc3f9875f0e2d07dc1d15bcc8f210b6dd376b" + "f65bb6a454bf563d7f563c1041d62d6078828a57538b25ba54723170665" }, + { NID_secp521r1, NID_sha512, + "6266f09710e2434cb3da3b15396556765db2ddcd221dce257eab7399c7c4901359251129" + "32716af1434053b8b9fe340563e57a0b9776f9ac92cbb5fba18b05c0a2fafbed7240b3f9" + "3cd1780c980ff5fe92610e36c0177cabe82367c84cee9020cf26c1d74ae3eb9b9b512cb8" + "b3cb3d81b17cf20dc76591b2b394ef1c62ac12ee", + "0349471460c205d836aa37dcd6c7322809e4e8ef81501e5da87284b267d843897746b330" + "16f50a7b702964910361ed51d0afd9d8559a47f0b7c25b2bc952ce8ed9e", + "04000bbd4e8a016b0c254e754f68f0f4ed081320d529ecdc7899cfb5a67dd04bc85b3aa6" + "891a3ed2c9861ae76c3847d81780c23ad84153ea2042d7fd5d517a26ff3ce400645953af" + "c3c1b3b74fdf503e7d3f982d7ee17611d60f8eb42a4bddbec2b67db1f09b54440c30b44e" + "8071d404658285cb571462001218fc8c5e5b98b9fae28272e6", + "00eb2bd8bb56b9d2e97c51247baf734cc655c39e0bfda35375f0ac2fe82fad699bf19895" + "77e24afb33c3868f91111e24fefe7dec802f3323ac013bec6c048fe5568", + "14bf63bdbc014aa352544bd1e83ede484807ed760619fa6bc38c4f8640840195e1f2f149" + "b29903ca4b6934404fb1f7de5e39b1ea04dba42819c75dbef6a93ebe269", + "05d1bcf2295240ce4415042306abd494b4bda7cf36f2ee2931518d2454faa01c606be120" + "b057062f2f3a174cb09c14f57ab6ef41cb3802140da22074d0e46f908d4" }, + { NID_secp521r1, NID_sha512, + "3de9e617a6868dca1a1432d503f923535da3f9b34426b2a4822174399c73b1c1ee673114" + "10a58c17202ac767844b2024d8aa21a205707d93865693ac25a24fc87034fa3a7a7e27c3" + "344cb03b87602c15180a5fe6a9dd90cd11af4a0f150207bf2d83f55b12c088adae99aa8c" + "fa659311b3a25beb99056643760d6a282126b9b2", + "07788d34758b20efc330c67483be3999d1d1a16fd0da81ed28895ebb35ee21093d37ea1a" + "c808946c275c44454a216195eb3eb3aea1b53a329eca4eb82dd48c784f5", + "0400157d80bd426f6c3cee903c24b73faa02e758607c3e102d6e643b7269c299684fdaba" + "1acddb83ee686a60acca53cddb2fe976149205c8b8ab6ad1458bc00993cc43016e33cbed" + "05721b284dacc8c8fbe2d118c347fc2e2670e691d5d53daf6ef2dfec464a5fbf46f8efce" + "81ac226915e11d43c11c8229fca2327815e1f8da5fe95021fc", + "0a73477264a9cc69d359464abb1ac098a18c0fb3ea35e4f2e6e1b060dab05bef1255d9f9" + "c9b9fbb89712e5afe13745ae6fd5917a9aedb0f2860d03a0d8f113ea10c", + "07e315d8d958b8ce27eaf4f3782294341d2a46fb1457a60eb9fe93a9ae86f3764716c4f5" + "f124bd6b114781ed59c3f24e18aa35c903211b2f2039d85862932987d68", + "1bcc1d211ebc120a97d465b603a1bb1e470109e0a55d2f1b5c597803931bd6d7718f010d" + "7d289b31533e9fcef3d141974e5955bc7f0ee342b9cad05e29a3dded30e" }, + { NID_secp521r1, NID_sha512, + "aa48851af7ef17abe233163b7185130f4646203c205e22bcc2a5a3697bcab998c73a9ffe" + "1d3ea0b7978ce7df937a72586eb5ca60b0d939a7d1c115c820171c89c8116b7e2c7b98cf" + "0f14e4c4df3cb2f319ad3ab0ea25ff14526ddc037469f000bf82100acd4cdf94feb4eba4" + "ea1726f0569336604a473aee67d71afebb569209", + "1f98696772221e6cccd5569ed8aed3c435ee86a04689c7a64d20c30f6fe1c59cc10c6d29" + "10261d30c3b96117a669e19cfe5b696b68feeacf61f6a3dea55e6e5837a", + "04007002872c200e16d57e8e53f7bce6e9a7832c387f6f9c29c6b75526262c57bc2b56d6" + "3e9558c5761c1d62708357f586d3aab41c6a7ca3bf6c32d9c3ca40f9a2796a01fe3e5247" + "2ef224fb38d5a0a14875b52c2f50b82b99eea98d826c77e6a9ccf798de5ffa92a0d65965" + "f740c702a3027be66b9c844f1b2e96c134eb3fdf3edddcf11c", + "1a277cf0414c6adb621d1cc0311ec908401ce040c6687ed45a0cdf2910c42c9f1954a457" + "2d8e659733d5e26cbd35e3260be40017b2f5d38ec42315f5c0b056c596d", + "0d732ba8b3e9c9e0a495249e152e5bee69d94e9ff012d001b140d4b5d082aa9df77e10b6" + "5f115a594a50114722db42fa5fbe457c5bd05e7ac7ee510aa68fe7b1e7f", + "134ac5e1ee339727df80c35ff5b2891596dd14d6cfd137bafd50ab98e2c1ab4008a0bd03" + "552618d217912a9ec502a902f2353e757c3b5776309f7f2cfebf913e9cd" }, + { NID_secp521r1, NID_sha512, + "b0d5d52259af364eb2d1a5027e5f7d0afe4b999cc5dd2268cfe76f51d2f17b541bdd7867" + "e23a1bb897705153d9432a24012108979c6a2c9e2567c9531d012f9e4be764419491a52e" + "ae2e127430b0ab58cb8e216515a821b3db206447c235bf44ee304201b483b2a88844abaa" + "18bca0147dfff7e502397dd62e15524f67eb2df2", + "13c3852a6bc8825b45fd7da1754078913d77f4e586216a6eb08b6f03adce7464f5dbc2be" + "a0eb7b12d103870ef045f53d67e3600d7eba07aac5db03f71b64db1cceb", + "0400c97a4ebcbbe701c9f7be127e87079edf479b76d3c14bfbee693e1638e5bff8d4705a" + "c0c14597529dbe13356ca85eb03a418edfe144ce6cbf3533016d4efc29dbd4011c75b7a8" + "894ef64109ac2dea972e7fd5f79b75dab1bf9441a5b8b86f1dc1324426fa6cf4e7b973b4" + "4e3d0576c52e5c9edf8ce2fc18cb3c28742d44419f044667f8", + "1e25b86db041f21c2503d547e2b1b655f0b99d5b6c0e1cf2bdbd8a8c6a053f5d79d78c55" + "b4ef75bff764a74edc920b35536e3c470b6f6b8fd53898f3bbc467539ef", + "1dce45ea592b34d016497882c48dc0c7afb1c8e0f81a051800d7ab8da9d237efd892207b" + "c9401f1d30650f66af8d5349fc5b19727756270722d5a8adb0a49b72d0a", + "0b79ffcdc33e028b1ab894cb751ec792a69e3011b201a76f3b878655bc31efd1c0bf3b98" + "aea2b14f262c19d142e008b98e890ebbf464d3b025764dd2f73c4251b1a" }, + { NID_secp521r1, NID_sha512, + "9599788344976779383a7a0812a096943a1f771ee484d586af1a06207478e4c0be9c200d" + "42460fe837e24b266c8852d80d3c53cc52ffb1913fc3261145fc6da575611efd16c02605" + "9a2e64f802517ffd1b6b34de10ad2909c65c2155e8d939b8115400c1d793d23955b15f5d" + "1c13c962ff92b4a815cee0e10f8e14e1f6e6cd38", + "1654eaa1f6eec7159ee2d36fb24d15d6d33a128f36c52e2437f7d1b5a44ea4fa965c0a26" + "d0066f92c8b82bd136491e929686c8bde61b7c704daab54ed1e1bdf6b77", + "0401f269692c47a55242bb08731ff920f4915bfcecf4d4431a8b487c90d08565272c52ca" + "90c47397f7604bc643982e34d05178e979c2cff7ea1b9eaec18d69ca7382de00750bdd86" + "6fba3e92c29599c002ac6f9e2bf39af8521b7b133f70510e9918a94d3c279edec97ab75e" + "cda95e3dd7861af84c543371c055dc74eeeff7061726818327", + "1b7519becd00d750459d63a72f13318b6ac61b8c8e7077cf9415c9b4b924f35514c9c28a" + "0fae43d06e31c670a873716156aa7bc744577d62476e038b116576a9e53", + "183bddb46c249e868ef231a1ebd85d0773bf8105a092ab7d884d677a1e9b7d6014d6358c" + "09538a99d9dca8f36f163ac1827df420c3f9360cc66900a9737a7f756f3", + "0d05ee3e64bac4e56d9d8bd511c8a43941e953cba4e5d83c0553acb87091ff54f3aad4d6" + "9d9f15e520a2551cc14f2c86bb45513fef0295e381a7635486bd3917b50" }, + { NID_secp521r1, NID_sha512, + "fdde51acfd04eb0ad892ce9d6c0f90eb91ce765cbe3ce9d3f2defe8f691324d26b968b8b" + "90e77706b068585f2a3ee7bf3e910528f7403c5af745a6f9d7ba6c53abd885c3b1be5834" + "15b128f4d3f224daf8563476bd9aa61e9c8518c144335f8f879c03696bddbe3ac37a8fbe" + "de29861611feaa87e325e2f60278b4893ed57fb0", + "1cba5d561bf18656991eba9a1dde8bde547885ea1f0abe7f2837e569ca52f53df5e64e4a" + "547c4f26458b5d9626ed6d702e5ab1dd585cf36a0c84f768fac946cfd4c", + "04012857c2244fa04db3b73db4847927db63cce2fa6cb22724466d3e20bc950a9250a15e" + "afd99f236a801e5271e8f90d9e8a97f37c12f7da65bce8a2c93bcd2552620500f394e37c" + "17d5b8e35b488fa05a607dbc74264965043a1fb60e92edc212296ae72d7d6fe2e3457e67" + "be853664e1da64f57e44bd259076b3bb2b06a2c604fea1be9d", + "0e790238796fee7b5885dc0784c7041a4cc7ca4ba757d9f7906ad1fcbab5667e3734bc23" + "09a48047442535ff89144b518f730ff55c0c67eeb4c880c2dfd2fb60d69", + "1d7ce382295a2a109064ea03f0ad8761dd60eefb9c207a20e3c5551e82ac6d2ee5922b3e" + "9655a65ba6c359dcbf8fa843fbe87239a5c3e3eaecec0407d2fcdb687c2", + "161963a6237b8955a8a756d8df5dbd303140bb90143b1da5f07b32f9cb64733dc6316080" + "924733f1e2c81ade9d0be71b5b95b55666026a035a93ab3004d0bc0b19f" }, + { NID_secp521r1, NID_sha512, + "beb34c997f905c77451ac392f7957a0ab8b23325bd5c63ca31c109ac8f655a1e3094240c" + "b8a99284f8091de2ab9a7db2504d16251980b86be89ec3a3f41162698bab51848880633e" + "0b71a38f8896335853d8e836a2454ecab2acdcc052c8f659be1d703b13ae1b090334ac50" + "ab0137ddb5e8b924c0e3d2e5789daaef2fdd4a1e", + "0972e7ff25adf8a032535e5b19463cfe306b90803bf27fabc6046ae0807d2312fbab85d1" + "da61b80b2d5d48f4e5886f27fca050b84563aee1926ae6b2564cd756d63", + "0401d7f1e9e610619daa9d2efa563610a371677fe8b58048fdc55a98a49970f6afa6649c" + "516f9c72085ca3722aa595f45f2803402b01c832d28aac63d9941f1a25dfea01571facce" + "3fcfe733a8eef4e8305dfe99103a370f82b3f8d75085414f2592ad44969a2ef8196c8b98" + "09f0eca2f7ddc71c47879e3f37a40b9fecf97992b97af29721", + "0517f6e4002479dc89e8cbb55b7c426d128776ca82cf81be8c1da9557178783f40e3d047" + "db7e77867f1af030a51de470ee3128c22e9c2d642d71e4904ab5a76edfa", + "1c3262a3a3fb74fa5124b71a6c7f7b7e6d56738eabaf7666b372b299b0c99ee8a16be3df" + "88dd955de093fc8c049f76ee83a4138cee41e5fe94755d27a52ee44032f", + "072fd88bb1684c4ca9531748dfce4c161037fcd6ae5c2803b7117fb60d3db5df7df38059" + "1aaf3073a3031306b76f062dcc547ded23f6690293c34a710e7e9a226c3" }, + { NID_secp521r1, NID_sha512, + "543c374af90c34f50ee195006d5f9d8dd986d09ad182fcbefa085567275eee1e742bfe0a" + "f3d058675adeb5b9f87f248b00a9fbd2aa779129123a5b983f2f26fc3caf2ea34277550c" + "22fe8c814c739b46972d50232993cddd63a3c99e20f5c5067d9b57e2d5db94317a5a16b5" + "c12b5c4cafbc79cbc2f9940f074bbc7d0dc71e90", + "1f0ec8da29295394f2f072672db014861be33bfd9f91349dad5566ff396bea055e53b1d6" + "1c8c4e5c9f6e129ed75a49f91cce1d5530ad4e78c2b793a63195eb9f0da", + "04009ec1a3761fe3958073b9647f34202c5e8ca2428d056facc4f3fedc7077fa87f1d1eb" + "30cc74f6e3ff3d3f82df2641cea1eb3ff1529e8a3866ae2055aacec0bf68c400bed0261b" + "91f664c3ff53e337d8321cb988c3edc03b46754680097e5a8585245d80d0b7045c75a9c5" + "be7f599d3b5eea08d828acb6294ae515a3df57a37f903ef62e", + "0ac3b6d61ebda99e23301fa198d686a13c0832af594b289c9a55669ce6d6201138476901" + "3748b68465527a597ed6858a06a99d50493562b3a7dbcee975ad34657d8", + "0cef3f4babe6f9875e5db28c27d6a197d607c3641a90f10c2cc2cb302ba658aa151dc76c" + "507488b99f4b3c8bb404fb5c852f959273f412cbdd5e713c5e3f0e67f94", + "0097ed9e005416fc944e26bcc3661a09b35c128fcccdc2742739c8a301a338dd77d9d135" + "71612a3b9524a6164b09fe73643bbc31447ee31ef44a490843e4e7db23f" } +#ifndef OPENSSL_NO_EC2M /* binary KATs from NIST CAVP */ - , {NID_sect233k1, NID_sha224, - "f23f784fe136c9fc0d169503d361e9c6148b0f1fbdcae0a97fae1af7033ddef25cb7489c" - "9963cfcb009a8cbfe44a8510a64a073eb1deae4c324ceb9302008c92c69b2dafcc9077fd" - "3cc3c7c119edc3ced36d176ceaa55ac036bf7f07f6fa215e8bb8196e59a5e1c9af4f98b9" - "0ab4970885bd7015fa26a09e03c7cf6b4b23d929", - "04c1d414696cc3657dd9df73ace56eda2636769ce7082e064c260be45a5", - "0401f228c0a75b057eb07fe7ce8223ed4163148c1fdab61e0f787271f836a900cdfa5655" - "d96ffd5ffb6027bfaa04da7b5d8fbdbb6202c8bb79f056ce43", - "058f8511089fcd59324469f6736b92693afe26bd4719e198f1f2287dc5f", - "016bafefb4933ffd00bd1db6d6c4fac8a06375603adc0aa2a5664083ff4", - "03bcb84b8f1990cfc7b88f2b8cc817105cd8e150808e7c87b310cdc47e3"}, - {NID_sect233k1, NID_sha224, - "400bcb297552bb37f2f8135a9314a35f5126788bb6fa4dc74152731ff64c5dab4b902103" - "d85443dec20e16b1d6629930cdc2bd183d4099f0e96295a63c2fe266f5e9d050c401a868" - "1b4a438efe53cbd8f2f43e2a31e9f88926a9c82917d873f6e8cd5ff5eb8c1ca36126b0bf" - "c8c2b0e85a7c9e7a45f1875ca9c82019ebedb729", - "027cb1d84865a16992476c9e353283d5d6a40c349a8e9179d1b1f403531", - "0401191227d064176f4ab020faea61330df5eb59163ecb4ea59c23e6f1f6c8012dbfbf85" - "b3624b9f56446f840602f9b839bab1368295b3ae919cb07c07", - "01a41af270269be052a62a9879638e3432a1479b05776ce61f45c0c361b", - "041a5f1d28b70bfa2925b9428ab8bac9fa174d88ae27d754824c7d16ead", - "044d359065672b3d3dfe8389fbc6fc751ca6a46820626c466174fb9b922"}, - {NID_sect233k1, NID_sha224, - "5f74d4b35c49fa454c97c05fdb6b9f6822cf1a2295f15bd766dbcb413d77c910bd8f4147" - "e8f317fac2300fa21cb80134d1b6f8ae8e50518c1f648a28506e419f5a6e8f05abffdb3d" - "d2587606c7e9c223ecff4f46b121216730ea13202b59128a7616bb2fd23a7e4a5aa08641" - "cc07b669641313febfc88d64d99447353dae3f06", - "031b443f46c4b5224237fac1022ee1570173f664aba0c84dbaa4246bdc1", - "04005f57b0e5f2e175006f4058cbb4ca9a0cac912c551ef1b94e97498fcc5a00f3a554d0" - "77b751478f8a2b7c2a9cf15effed958e0ac1a9e3db1e023c5f", - "07ff6ef3026c5a960e632beeb7313b3bca0baec76cea1fd9b82cedc3245", - "0099741698549c32a4e86aab6194527cea703ff869849c538a938585a83", - "02ad706c6f5dcff512498d84f1877eb997dfbe9b3d13b339917632d3cb1"}, - {NID_sect233k1, NID_sha224, - "8f92096876d9f81bcd992369d42d0b5877ac969004d17c8627c58d8b8b7bbf7a37e8cb6a" - "fa962b9b043bbbaa5bef4a5ee38d8bd31cb5866b828265a2f4102a616f87009cd346fcb8" - "af5519fb577c60d8792472232f33dc615655e53d2b715b15a2697b492f108b7906e1e359" - "7c6911f8cc30c7121ae338a6b747ec368f8e4a36", - "048f6ca29f35f253a4962734357c995920967b9eeff1ba5fd2080bfede5", - "04012b7ca7c21292f8795b2fbfd63a28c5a4ec8c850d6240f973c903bc817001be9855e5" - "c5a5064c27d1862010b2fd0d7be5a0180c861a288ceac89d6d", - "07dcb9725323fd7668991ce9a907b7129d53fae9016e253c53d057d195d", - "0498c4fca6ed7c2998347b464d3e562a74b0e4f3a6c1dc453aaa61bb710", - "03a77a13f011404d5c5341dcd2ca44dc2b08f21f09f524045c281fb221e"}, - {NID_sect233k1, NID_sha224, - "3d275dbde44494c45fc15fe89e2ae32aa26426a17e923e895c7941a5582fb95df4d49873" - "ab1bde358017f336b911b886b626b744806ab8113418473c441f1964159ded1b12122d53" - "ac56573167588e4b55f36b8bca8c67823883a51fb6e7f204d1c6b07ea49b577bfab9ca6b" - "8d51f72268b022e3a4db6f9d265ee8382f9b7b66", - "019b940eabbe682f961d9f3d90432e347fef3910e641656825d775705b1", - "0401efcc9f4576047c43eab1c13e0547b1c5ec1cd2afd2345fda72b5e1b50f00c7b5968a" - "f47e58f4ec15c0cd82ccd0b9f5bfde06c7f86fe5cd0105d693", - "03f783a94d1de73e4593f5d6d02238cfa0486e3ddf2bc0b95a528038e3c", - "013c467531f3f6508534ad072edb210e4182ce5a798d8a46674e92a0b4d", - "0685982aa8e2f3e46ecc03e00e7323f3b891da437235cfe9800139ee8d7"}, - {NID_sect233k1, NID_sha224, - "d2fa68e1f7dad02916b12fa38f1849d6d409dbad0344438520b4dd9b77d62d39ac9ae3cd" - "eab03ccbcfd4de703c6e798873671731c108f322b9f2a68145e3e210c9b15b879798e5c5" - "3c5022742e9819b99edabb2f44d89ae221f7a99dc84421a6905695ff91928db608f86174" - "5f17584d56e34b75c47281435b1b0b34e490692d", - "07a884b22e29fa9fe945e9ba13c0df8d786dc87cef0f77f069e182dd56c", - "04011e831647d0ffd53d75e44abceda753ab470b3cc93b457590617d925a19003db5bd0a" - "ecd6504d904bcf9dcce131abd239aeadb9a64a9811eac823cc", - "00241b763c6245b83afe61762b161c41467ef35b7f27a9c1066f02babd3", - "0514adca3481ac5f99287e6e966a5c223296b07a9456eb582ec5568688c", - "07ff6a2f7cb1d2594a11d8d0adb6fe50b4e740f025e7b4333ee26163d92"}, - {NID_sect233k1, NID_sha224, - "3830f75cf9df4eb2998c7c1b5fe11c1476bcf849c3a8fa7d3d0b5bc2292e5d07465ab8cc" - "9381c575d909e509c5dac49c78817c04e4bef18bd51bb09aa5897f21634633a5ce6d20bb" - "4638cb6c3927351eaec7b62cf4a33956916045c392f325adafb10a88a5f86d7e41dd7790" - "8fa7284210071c22aa40ef40da6339c02da05392", - "05da61f881d5a0dc085bb93764f584352882923cd237d878220ec624c1a", - "04018d740441eff1f785a14d04da4ba69540cbb469780ffd36e1dfae4f1de2018072ab30" - "e999ae26b872ef46a9a0604296d02c08fba9477d9e03f0f75d", - "000f95c5678fd08dda790cc60bfa578118f8687228a2ef5f31e71a6884b", - "074a6599b8cab75e0cf752e3f41288fbc673d52074950edb14f76524949", - "03523804351e3224e816cd4fb7191f332585f68053ddb32a85cc0fadc03"}, - {NID_sect233k1, NID_sha224, - "65b9fe15e6c35d453caa6bad39ee78a720a04b60d8a0a0f049186d2f777e48ae2d657e17" - "4df53edb7beb9f7d8f21904ed674add0cda5b62a7308de76c324a144021e8c6d387daaba" - "4ce48bf7dfe9c8aeee2c64e434ece1fa5ddcafcf3e5d0013a1eeec1742a00d384cc2ec0d" - "7eda83bb4dccfb0e57045ebfc27a4f404d03da37", - "03fe9f04647f6d82b13ec1ae5a8c2e49bc66b05649ad778eb16149ad83a", - "040158eecc6b8918e7813ef990217c603b28ed1774c740382a8af5c9af613301bbffeccd" - "41107c7e6f83e24c822d634a7ec064fae125dc8a3ecc4fc9b3", - "07731edfb3ef523a165a1b5817ab2805a5cf88043c98ea2393898e19551", - "01fa44fa18ebafee6f419fdb9de0e8365520617558b57e9ee89f2c8fc88", - "053f1b2da4cabad04fea1111d525f341417587823fce71e5bfd2353c2f1"}, - {NID_sect233k1, NID_sha224, - "d26521fd41eb5d46ece6836e188bf9cb1b461d011c41e002a935d256654d01725378e845" - "920ec4a7fd3f379df54772493df50d312c7c6aa4e909e7b83f2442c3a5e85c37d68aa015" - "098ecfb0a5e077370f4576f4bc63bf37e1dee06d780a3b6949af5e21c2a0960fcd20821e" - "f5f17bebf5fd5b3bdda260842cbbfad45667287a", - "05ebce648ace4cd555413de6a456fc487d14bf4b0b9a72311ef480d2f26", - "040020b46ecbdc36b4dc01111932090ba185eab2cdc4fa89775f2a6177c5920104cac1c8" - "00103c79642321a216bcfae497b037b29888cf9f70c507114e", - "027733120626e564b06ba71c4946c9c8bfae43f88511ec6352d2a52f407", - "0592de5184510e6ecb7be8a011f862470b918354a1ad82458cf716137fe", - "010a9c5fb6e4b70571a35c56744b57baf0108728bea2bf639af1960d1dc"}, - {NID_sect233k1, NID_sha224, - "b778c021b1a92c41dbd09963da07018075d73e54d62df5c2b7bf8abe137151650d1c1c6a" - "bce7eebd8f32e8c3e6d1433773f257bb3ba4a4fb6a02c0db1e47d03c27d3a90898ebd192" - "7c21df24c4c5443ca5b81f8ef2cc0f5e8b3d08f472bf07085df737adaedec63d99acd77b" - "87ba98225f198b791124ac2d9b191cb9251b4b00", - "056653c2f85593f789a926ba49fa3da9d7f946d8f1020508c5a527ce813", - "04010d65f6f5415dd86a83bb10118abfc1b1670a1664eb6dae99fb68b85019012c1e673e" - "575086ec1e76b90d59c2cbd2727f726f88298552b678ba7e60", - "021e26c098c9f9da9c782857fe640ff6abb21caf20a093f2277845bd10d", - "01d67cbc8209494dca1a74cee5d9894f98f03728214f7bbdac29b0c0e78", - "02215f758fcf0d8dd603e79658a8061ab45bfe6d854e52ea7074fd5654e"}, - {NID_sect233k1, NID_sha224, - "ec14e07f615960015a489ef999e308b42a4c571473b9bd64b433dabd9a1b1ad02e33eee9" - "100064405175928a94543a80f440040afa2965b4e5f95f768e7fab6d3c0a5f5e1bf1df78" - "22f78384e80f2955ea85f044ac60537d895747979f935bb0cd3673193c4a32dd7803e48d" - "7daf70a71bc2aa97236615b6411e28fc9a652145", - "049a91d320783cc70a5952c32036cfc75d41f1aa84127db2dc759fb291c", - "040190528df8fc3ae4db6e12930f176ec9c833d1668ac5808f1046366445a401f647d55c" - "e80b18a9add47fd1a8e4aa725297d9da03246f5c1ce503dd56", - "01eb80e2596d6c01431e7a4fd9e22903ea85547a31d675ff157a789a137", - "04523776d88199ebac2f96f9faa434bd81bde770ad4458ef126fde9198a", - "054665f31f92f8897482d34fcb63141a7539577037c84496167e9d3389f"}, - {NID_sect233k1, NID_sha224, - "89c645339ad0eb850e4e2fe583cee175b35feb02ed7541d7e9aace24cdd3939584f73ad3" - "9526de6399c86b36de77a018e2c70b532bd0f032f9137d10480acc30c49f9baaa86f9df0" - "033b77e98b485bf7a69cb5c281e527d3ccd1fce2415f0dda4a268ce68a0a34b16afda54e" - "d922cd6810ac8dc766df2a3a6c5e55972e9786fc", - "016a20016602fc7088a60469843e1d29ad67e3c3cb9500b1e2a00d4050a", - "04004f157541dc3a8bc8a2ad4dfb3933039b67e331b7353a2fa9ede322f4ad01348a7b8c" - "9495bcbecd556870715faf3d543cb8f2368805473bca17b82e", - "01df1ee39217d7f0d838e8b2d30a1159d8003b06e50a00d637edf08d6d1", - "045d16826bbc425637e7a05b826bc907f7453c70141d1bbd2cda63dd490", - "01ae1703cf179dfd1d5407ba2b7324cc7cac15235ee9c3756177444e122"}, - {NID_sect233k1, NID_sha224, - "ace14c4b101d2d8453c2bc22b756af016b5de537df9c3e639d208ad04ae0bf6232dc90b9" - "0c33228dc85de956db771ffde05fb4d0b15e4f218ed2771d703ae5bf981252a5bcd60c16" - "f14483131a481cbe04dc0adb1fb8aa32cb48bb5008e8a8e5c7b7465be2fd7afbc811cf5e" - "a6293b1a464669b49f55f57b93a8707e6042fda6", - "00ba922149bada2551b7be1c3df076f3f97ce93c13c50c285fef3f42363", - "04012daff2cfab994b9d1d1ba73bd2f8e7883b2d92f760b0d16351ec125fd40115666f7c" - "65b95ec2d713c5ab1a3eeaaf0f931b1859733416c3c778aa2a", - "07fc7c9503fabba0972e0e8892ec6331e0812c6452d211c5561fde79048", - "06477ec9d8d8d45418b9efe7ae47c0863ff94c43d8f392c079b870a7cf4", - "06b5a5d020b3d980b9d7880130802435ddb4e7362e36a70d193f18a7fe6"}, - {NID_sect233k1, NID_sha224, - "cec2ba0d1772c87e87d5bbbd67220692bea4301aa1a66e8dbdd7e651d45c26dc2a0d45cf" - "c32c34d76ae3e1c61db7b0fe1863457b93937d929e6ece7462ebd16adfd708353d6f7c27" - "aafe06593c76da7149b0cc574a4290b0d8fe219f3eada7082aca38dba3f78ed0d5942d09" - "5fa5556fc8bcef331ff0a6d5d1f4e6c51d4ff5af", - "02d635e12a58cc6dea44e71e87c37f91e8d08659f0b7955d24f65ab55ba", - "0401dd33d8224ffe63a32f2de5d4fcb0e5f1fca7ca2ade5b35ffbe75cdc65800bfbe9dfe" - "13f99258c787af82631ce2133dc73207c579b29869c7463943", - "04ef333049c575d6688aa04f87a6162185e4a57bb752a7f903e3aff86ff", - "01ade04af08ea1c1877779fbf6335156b1a1437f3e449f07458d700c67e", - "010fa82467d39e5ad51cda8fcedc72ee6a78dccd0c90544814e53ba9cb4"}, - {NID_sect233k1, NID_sha224, - "ffa13cd0f51ae2643d5d4edecb493ddd653e9faddcffc370e7e958abf726a5d67a2ab36c" - "ef42ea8ebe22a6f01b9c31f6ffad01e6894487d979acb5e618f765ac0ec3550ac5dbbced" - "e8f9fdbe52fbaba5c087ff382b6d7a09b2b5084227d324d98ff98793040884799b96d2ca" - "593201f4414f18c43b51c53c5e5059e0641aca02", - "0073883e5064e06814fc4de32e15f7a6cf825d2daf6eb1df8c83e25d80a", - "04000d3c79d627ee0d2d88f2de2dd082112c20dbc5ed66089454f7b8fd9f8101a2580e77" - "9753bcb023acba1b0852492b989c767f664c7047de8e6689fb", - "020231e05166271f47a91dd883c580ee313e9a07195ae511f0ee62173ec", - "0303eb4a0df97577c4cff531b3f54aa282e76669c0c5ebf4c9779c9bb82", - "0692432a7dfde09db7743f08130b3d3327dd98cbdc323627603518f70d7"}, - {NID_sect233k1, NID_sha256, - "c73e3dbac9513d0361dabe94071faf03a11cba18c06d131a172d5f0125b01a5eeb6055bf" - "72c7106fe3f4be3bd2b1771cbe7f85366dccfbc3bac20538510c3f51179cc540ddafb2f3" - "b05a0d276899674ab1d7d8fb4f6838f04e4f9e26b8c6af31540f63f4953c85840af4c57d" - "fa78c704f637dfc8dd750fe45e2c1e149986d127", - "01532271bfae8d4dfe60f69b88d3006d58e28aacfa701861cde8d624db6", - "040041c1ca965338976b4c45c28b1cb64836b3b4d3e7ba2b1323ea26fbcca201a177d042" - "fba7903007db122eabc459e37c2c7fe82e42752b267fafe4b0", - "06a54894825644901baf2ec3681ce5aaf93a18757d93ec9cbce7ccd9d65", - "03edb77fc7686b520493604db18fc69edb4cad8195a958e27ef289c4bac", - "004337ecfac57abb9271909aa43ff4e32851df7818dcd87216d051189c0"}, - {NID_sect233k1, NID_sha256, - "d00dcd0f3212a3167403abed91c20e76f5e7a7678a4fd970f944d11e6a8cd149d0aa6fd3" - "164c5a74c0f55193a4fa3d8ba6f99cabed10544625a7bd92b3e0b46edbd4a269bbc10518" - "c5268c3910a2aea567ccd32d4c7a0cbef09ea42c20b636d1f711d220e23dacdb9d1146e0" - "494401349749e5ed88e38295232a7effbae3aed6", - "0550406c0db882c6aee6cf3b6baf377375208c3e90cc44a067cee43efcf", - "040073348eaa8f2885fca3baf31830a2b28bfe983e3046418561f62ac5d24700033de5ae" - "e6d0bd4de286f1de1e80bf72e5e17083032bd4dc24577b6d2d", - "05c0e7ad0f9bbd522c862326a5734a766423fff7efbe57c51c315fa574c", - "02103f1a0200883850b6476c7d7e7d2b3e2f60923d028ee6f8227b1ec48", - "007cbbc3c6295ceafb3d9cf8411f85a045b11ef8472c5ed45346d26192a"}, - {NID_sect233k1, NID_sha256, - "3d36221f87157ca4db84884b8666660c4e2b6af330480c516cded9f3bfe132543626a39b" - "b6aed1964eb5c33ea0b95b9841665417679fceb95d199d55accfce35dd3f2283c1a7ced5" - "7d0c4b9ebe3da6e1ff2f979b6440db27caf9f6a4bbfa47e20d29ae304f4d0551fce9cc40" - "97eb2fbedb9b24680bb17d207bdccdbe799d5b0d", - "0257dc63752920b6854d6c2d1cca68589a38418c3d036e73760a12214ab", - "04011a42e9f66ecf030d0446cfb751136347d4df0ee4e031058ebdcc04df8000fb7161fa" - "c8cc5ad7bc4477a39350e419776f76f184e28abce886ae9cc5", - "00391d36c4044896ddcd68604d5f677d1df298f46abc00eb12f1165e8a1", - "04e19bdc6755a603085b66355256bce98d5fdd49b4f06b628e3e185574a", - "07697b29ce5546de969c9c4bbb5ea65f712d6cda3410f3dbfa0cd5b1a8c"}, - {NID_sect233k1, NID_sha256, - "033d82a42d0eddf58fbe3e91ddff7190e3f9fc2b1e2eede977d2c0473b358b5fce1f981c" - "a6f88fd61ce2f79e453e3a2b77d1baab2b970ed28d5dcff58873a620e195085e61c4b848" - "0d829525a1a944e8a4b63352f0291f0311f1f98ceb262804beec1c74947618f8e3b06786" - "6255878c2502966cefcdda4f5fa2b13d92ce7840", - "029025352297a7be850f8852411c09259b83219135e0e8949c1bd5b94c1", - "040184345e37f07077cc8df5947c1b1fcd8404b3c31586d6ebd91b240cf42b019dbc9091" - "a5d282fd6e62c34676a06a425e098567b990c47e61ef14d77e", - "02b2663a449ead3f8cce2459e04cf84333376624d994fd9312401ae57f1", - "03af223fd3a6b6b240e59dca83ce2477a577494438ddee3fd09632ea67f", - "0606576d89f2094572f0bbcb58a15d9a4bf10ae3667d4e35cdd8da32102"}, - {NID_sect233k1, NID_sha256, - "671a7c81b64b2919722d7b258bdbd90165bb757b53106e0af03d0eef27452942f40cf52b" - "c95cc7f6567df2613cce795f8bcfc723b2735efc35375c001d37c58480d89343697146b5" - "24835df3dbd333f7c06c98e36d3c4592ecd1f34ab57c341bb0f4c785f5b8372775f74b4b" - "ce60763fad1788e77ea158d735a64861320b36c6", - "02dc82d0e69e498528925c0e62a13fda9af8cefd047c10c3ffc2e41da3e", - "0400e5463926235ce53a85b489c3c278320ed986003962a5fc7ad4cbab0d9f01453e6edd" - "e95670a4653186ebd8246c28a94dd84f5a669bd3293176f1f0", - "034a8dfbbdc98bb1d9b175600bffd866306dffadcc4bbb6f24e7f918da5", - "03cf1407445cf1a619a280e139242056c23c58979f0b3f0aa7e1fc074e2", - "02e55f27593f2c76fafccb71493f14daf50073b35cc85f002528cc6d691"}, - {NID_sect233k1, NID_sha256, - "0ef677f4799298f4aab73b7393598041f56e902ced1726af49657b6601a06186212e3ee8" - "cd4bd33b760dfa2ea3c38884f94358d51dd479f2ccc8b0b352fa4e44fcfdcfbb24919d04" - "e6ee1108527b8e8d60e8d1b467c30c18c5455e5835d483161d3fc26b4a67d6df9e3ddd93" - "31247cb18450188752a1ca219f3396a872cb13d8", - "041535fff5d279bcd744b04e643458ce20b81df8a9e01b1181d52bb14e4", - "040021e1227457be78e49db22335139a136ba290d34871f90ab5e6a8db6ac100df43b381" - "a4d757864c39ce8d0b64d6a32e9e8be30f92a10a252d46a2e2", - "03019bd459b34133dc7331caa8976bee67f76db3a45b1793cb545e26c68", - "0025611bd4e3473aaea85228b2bf37eb1b4458d8166012aa098d9c1cab8", - "07acd38506e984fb7f1607b50837018f9b4246623dcfc9d7aceb486e76d"}, - {NID_sect233k1, NID_sha256, - "9290df0cc50c3cab6655f3a6de1f4cf613d9bc06ea7c99f38038369ff2fadefa57a3c7ae" - "7940c1b98bb1d03503cc271f7a891bf38eec93c31dcec7892dfd2e1ab337bedde3e5325e" - "d8d9cb7fa3096f6fafc3beb3a66cba66ba826d1032debfb4908cc9dded8c0099c85072da" - "ac4373fbc428fcaa9a6da02181ebc33f0cf926fb", - "000ecfe580a624df66c25e87e7689fc3b471d205970ff9ab51a64aa12ed", - "04002ca7b9c98bb8106ae14a87d5f9f7ae1f99a5524992116e68af89da6daa00a2fbee76" - "9eec313cf3c8519d3f96167477f0f06dcc470408e3f637b6c2", - "044f065c49bb7ff0772d628104bc2e222f1fde42aaa8b9345d324d7f936", - "046301f3f07922d338d5b7d82104597fc50941e4bc0a15ab5e0408f9fa1", - "03495e335905b4842b97f00b344313ca7d6a4ff60cfeaa5d589e0a31782"}, - {NID_sect233k1, NID_sha256, - "855c7be75fda372f062709827f333630acf28954a62a5193ff675f0dfeb63f32bca418f7" - "cbdb346bf388d62315b19a592267ca407120db93d4e3d7125b867c4c4670b7a57a76f617" - "34cead2caf2425eb9ff0a63293e8cd6defc9648257b401463f4533a2425e0024f1ea9336" - "5eeee3c6da20d25928602ec8b426f9b39f97f3fe", - "013c72c73358ffa168423149ecdd897f0a5f75a641de008649f00134944", - "0401c70e1b6c01477f95e718f193e13c093b101e9f16024082ac699ed6ebb601f8013a88" - "264266cb5cc5bd38e477fe0a1aa49ae4a5ff94cb58439a7c1b", - "07ad8a117f34bf2fcf7d689b8124e08118e28ebd172f8c220d57d3f0b88", - "012bc7d380192f2efe55625e39927ef799993af9451c662b562a239dfe7", - "035961b27e88d6731220f70e96d555f63853d14149df7bf6d24fc29441d"}, - {NID_sect233k1, NID_sha256, - "9c896f800281812ed57d31623d563377a5c725cec84313472b90e73f77d400f5d4fb2362" - "55741b73d46f7e5254d04099bec274db8a9af5fc7cc220d42cc172cbd3c3595c49ff74bf" - "aab7b5e46c90855b611f74753ccdbbabf92e011d52e9ba753b83ed2a251a632e1bd5c6d3" - "46e38e743950c8ce0f394a837028575fa44bcc26", - "00ac60e2e70b7c4cda64071c7738f68773c94df9456a8ec3bbb468fa7f8", - "04000109614a2ca27b7a749e53777e0f3ee2f57013ee83ea539ada6d98d8a9005668f4b2" - "7213a8a024455b398de2cd7635cb620d7401f5deb4fa9ab2f4", - "00098489f0966e27555268a94378b7b8685ac610fb0964694aae9aa716d", - "06d151437a0aac232a472af038b0fac095d224ce0e5487510e30c31d605", - "0563dbfd021c1b77f980530d0120e93c9ee4f1f092a268bd8aba7d3110e"}, - {NID_sect233k1, NID_sha256, - "139a14ead998d1a962fa47c47ef2953aa136bd912fe940709b8c560bc2a0c4bf8f3aab30" - "a8e21b7d5f487d30b0097e3da723f11b5cb4e8c5724f5a2fe0d68ee4bacbb85e5eacf180" - "94d2a8ec4506cf8497836a4a905059a998ea750adc54c27c69cbd0b0c1f9743a62f3d988" - "f3fa0a9865a73fc071f526623085a2ef12838888", - "060bf720052e8b9508a801340c213cf53bbecf4975faee63d4b44fc647a", - "040196e37671def44b35c9e8c719130389b40c7ebc0ed5ae354dc73e0c40c700d3fa0a45" - "a3cc5dfb61085290f6d18d710ad5d0d3ab31ce65b0e6915a72", - "0729c7e1de10e92634857a65a2ed75103df6bd4bf63b1ad6383c37a0435", - "06808491ffebf088476de7daf541bca3fd943d4c2089b848a130abdc0d3", - "02c0dcfff06a07e928c15a1fc2aceaa4b4dd6fe8eb67ccd4d01240f249f"}, - {NID_sect233k1, NID_sha256, - "cf4a8e754b23d0fffc1c5c80b0cb11deeaba3064b315bc2cee96db5b9881baf90d30af4b" - "69066f757b3020706def77a5fc1632d96bafba22a9c8cd3b52d535d941b3c7cc02b7fe6b" - "51639d5e2084478ab3a29d2f5e0e16639fc2833a47b58e2c3fb5b2ea1830fe2ff68e571a" - "8f281617a23d9a28db1c64ddfb1083d055030e5a", - "07cf3c216592febd8630a478b5b3e3a605084020322adb13ac0a626bc7b", - "04008eee2ea13a08d4e4d71ecd2547f6d80b8f88879c9edfab5a675831fef2005117c0d8" - "a0442ad7b95cac1a984dfb9efbb7eb3c3866955da60e6cea8a", - "038de0be25c23cbde9ed9fb259cd9a06b69bf15dafed723970dfcb91307", - "051c9c5fe50eb81a11c8e7b2db145c6b5dbff2c51def56f4981774c357c", - "053887c6cc2f21bff461c9182c17f634ee2b301c3cc4af0bb1d3075f74e"}, - {NID_sect233k1, NID_sha256, - "ae64030d4af9b36c8d3a6af0aff34e5ab201df04274691fb420b7d5c40c401ed7f3ade96" - "065d34f2490d17943e27156e7bed83cd7222d0d5a73d167855fbe7ff6c3ed87f20986ad8" - "bbbd80fed5f9705c6c783b423f641d40ff1f367f9648af5a79ea3cea0236997558bd9dcb" - "011ea4dc64d61ea1e1f85b4f696ed586bc7705be", - "061eda5999e5a9ed4485d2a0ac5510549b76ca37df858ea5d95aeed571b", - "0401642d56359cc0a5f261fdc405030d45b0d6f9c08a182d354bf2687dd9d5011bf0dcbf" - "62749a99e4b02b284aa7a6479b59b363d25319a5315423a589", - "03094fac5381a1b31e53f43a537d9e22ebe6bd2c149f2f69d792bd56f53", - "053c8c4f9a30e0500e01100bb97c00ce98f5cc6578686daa1bdbd679373", - "047086a88ea014f06d6345608bd0a6010e650b9f6f984b6efea9a4fb277"}, - {NID_sect233k1, NID_sha256, - "94a9d9cd9efa3e4ccf2a37f904dd9cab5624ec9393cf8816ea591c5e70cccd2f105388ae" - "133708fb974998ae61d218c71785f9eb808d1c28d953cc7eed00dd9854b6b4568c5ed5ee" - "3df3b58a1e04c64f1c87fee4365ec9aa41b08a6bae234dc43a0bf2f61420acdb891a40f1" - "7f246972afee75a4c0b249dee0fc8f9b9c8a243d", - "07e7e73171e4d2f2989dc024757c186485435b82544a448f5cfca05f281", - "040181c8cf579d9259020461184979757b097d5a94245a2b9a1f8a6931ee0a014baf1b76" - "1a0af3dd9c0521c6489f9a778da824283c94087698daa7cf78", - "02b57fabe6b866fd25ad8802c6b02b680c137ea9b623457b35a24d5a5f3", - "07421dbfa83859354345b9c3f1ce6242605094d924a4d38c7bd952e3910", - "05ee48a3a5119bb3433b53a625101492216421ce67fc04dacf947ec600e"}, - {NID_sect233k1, NID_sha256, - "4db998df7b90678b8aa4ec6233c9b4629800ad1f3e2cf8f7afcac62fc6982dcb290e4458" - "7015eca8dfe77dbb4a80f9bffe75b11e961e70deed14555db6dae47d49e73004f000eb86" - "77c18f7e8234bf0a5a104266167a05ef07152e7acc2f0368b37efe69c0c2feb51eedf733" - "8cf9ed398f066cf1f66bacd89ab9376d41da35a2", - "05f7270764a0444c7159d2db867930fdb0fb9fa6b8fc80ca02e11753095", - "04006806c7164a09e11629e16608b7312d9d988acefa626fe8e34e03203d11019c4200c9" - "522618dab8a16e217beb3011599ed6cc09291fe9d451f0cf02", - "04a8958c80481a18c6e0893da9ab2d48fa6ae30a0f1d0512196e658eba0", - "01d301da51eccd15e09ce0bc2d0bdcb215a43ed13792084e2969260d46f", - "031f96a2f322d27d0bef23ba7c457fdc45a6e612f7d13e9277d36c8def3"}, - {NID_sect233k1, NID_sha256, - "dbf9b8a4ae316bd2df0c80db1cb5d7038364a2634925ff957d7c03511b57d486274b2ecf" - "191746827c325a14dc94daacd66ad86d369e3f598f176c4f0eadec7e9edd13e34043efbe" - "0a801b75b8186b4a6d89ceae4fb250ab570d65b6dd7c04382738fe3f6f6c867a7d84b35b" - "20720cb0036a5d81a87126f236833831d9ff00b1", - "0179b924afa4acf30ecbe2b3c12de533a1f9675687876a7e5e5ddc8e03b", - "040175bf95ac8e768727d3b4a74c2b8a04b221247a3b8386ddf35fc39976ad0122f32f94" - "1066150c151b9db92b86f86a10cab0828a77e4f0d5c4026540", - "0210c75a63699b424585f65497c6e46988c28eff3e0977e3ade599581dc", - "06087e46c0677e3ca64a0cf030236583935d0dc03c896685dc6e446d9e2", - "0252e42b8f03b085f38c6849bd420837d985c9fe14750a654b584c4cc5d"}, - {NID_sect233k1, NID_sha384, - "986d9e5d636526f4deb7545c037fe81b09c74496ddb8e42e61650c74b6fe348593f0cf8f" - "8eca5e839baf62f17bf6ad96ec0c71dc44fdf11259dbfe7499157e402f6bd50769723541" - "50723afb632799a990c44cd0a4fa9609ec4db133e3b4700be3ea4a338e8ba1873d345e80" - "163ed60d0de274d7617a8382980bc2138b0a2a01", - "02c9eb4d392d7f2eef606e1861183acb1fc753d666225f0f154d9eda147", - "0400d58fd7b5aa570b1c4b2190ec413fbcc9ef44d33ef191b6e23abcb386900173e85377" - "bdd8dac58222cd1d0f7ed98d73d6fb6c2eaf34819b08ececa9", - "064f9fb13784c99185f334700ccfcc4ff60b7f4d613c3de6dc5d1b8dd5a", - "03bff54e3610ade656bbe002867168db1b521c49225eb9662950b01955c", - "01da3fd8c08d8e17692059c669da3c7c4c146df6d3cbeaf34598d28eaae"}, - {NID_sect233k1, NID_sha384, - "68d0be2883598bfb1433886aff118349157708690380c42b8919859d96db069c7fde6e11" - "7a3669f2cff94a0f1b66b27b09e3f1b24d26299e11552a084be428446f3174da2e041465" - "5bdceb38e58fcb065b6661190862db39c6545dead34a03584632e988d0459659dc7c7c78" - "d4d00fc2aa10465cf24b2410f14e2a62173c9962", - "024661c89b77b2c743cc175a6130904461138ddc4ef771ffb9fc2c8679a", - "040090383de7ca48f1e71a43845565a9f0c53d2c9f8c2e0f6c4ec7eb6437fc0167658227" - "2e7ebc9fd56e1010a570d744ae4fa70eed3e6eeaeb0e0eda7c", - "05cc5b36c7300a1cc3f624e9e663861b4e296f7e7a27e8f8f0a2d54eecd", - "039c6f5b484411c434ee161ebeda7aa21b7bb26bde0301d9ff92921337e", - "02aaae737aedecfd5d53af56ef154ac6430a45ff03a3495a34a5fe0e97e"}, - {NID_sect233k1, NID_sha384, - "f0ba0407485fecd7337f4b22236533a926cc744a5f06dd08276750196f1bf7ea7984278f" - "789f92dd07e36895a8bfe297ea43d4a1177c0368900e3b969d3083cbe626f0e27e7ab38e" - "185c923dff46d9ba187b2acb9cf4b23ec8eedbb8044b96b5263d956e50cd6240c66d5d96" - "517130c743752404ed09473f05d0004dc5971ff5", - "0065e20e5ce534576d7c17616cd4ede3bf4f500894850723bcc9f895f4b", - "04001413f6dd5349e94311f1d25e400b69c0f0ea446294eba4bbeb10278b850066a05055" - "d856621161d4f0e33dac82e5c0cd91ed8aa56e9abba9ec80cb", - "07377147b59dba008ed0e6b366e511f94c7f7c9088615c6d46f46736b97", - "05515a6bdfde3b4b78489194d39f4bb439f58a6b3c3f9e16c8a71590b14", - "00778f79083d11efc8ff959f607c4cee7cc8f38b855028ea248fe291adc"}, - {NID_sect233k1, NID_sha384, - "3827276694e413c886129c452c9a66e7d09dee84f5f09bf34e4baa308b4627e096c7d45c" - "f6ef45ba1d9a4019a60399feec10fa80e333e2aff1251c85ca48574d9b9e1affb9666828" - "dff5afcef3edaf5e8cae823505a0c73afe76c1bf130399fb06b092ba34ab0ae15ac6c682" - "f9ee8479b065ce75b57213b8aae0f55e4e386de5", - "014c85f66fbbd653f1e4e590cffe62c343ba6062df4b271fbd02e5d42f7", - "04018930b4a59a1c0e92febe650347c49e29a4e83cb8c507e30ad835dbc94b00a237bcd1" - "30235e34b4439293f15e7a3913d659089e38e5619fa52e3c0c", - "03c1f8d076fb4fbea91a97800607b2db3fb5a45149c0d30dce79f07e963", - "04b9d2c66d8cc55b64f3f62dc629ce8e50ae0bad8a4d14e8b6567fc87e4", - "00b9dfdbeecb061a455dd052258f3828d4b7174af972c65bd0043a9776f"}, - {NID_sect233k1, NID_sha384, - "d1afb8965b48d66b9acb1ece674d9548f83395275f2d8135554cfcc7ceb96450d850dd87" - "4529433883709483d0743798db5e0dee955a4f30ba328c7934b8dd9207f3c336cf89141a" - "175ebe23d2faed629eb4236a8aea8300604c3eb7704512f240fda66acedf1494a85058dc" - "6a31bf9531958c332b93cfe5545046876c6b99e0", - "030ac7a78593b570b29f6d3d267abb6ba7e5870ee1c8ee4f1ab2f141051", - "0400a409e90eb4314f95967607ea3de9817a0fdb439cf406135262624e7fac004b1dd719" - "434e8dfa5861887736f32ecd635878ed4b9e290c423da09059", - "027c4987ff872fe499039b4432dc889960ea8e3f07be42e36a5827b3964", - "06829b5e02b5849689d152ceacdddbfa8f68d782b3ae8da23ea48b1acbd", - "03dba0d2b4400495ee098325ae4450b32b83689349e82a69b799dac2cbc"}, - {NID_sect233k1, NID_sha384, - "4f95b71669fdfe5dc46d4b951b085e099de349fc740535175337127910acf24e9a0e4b2f" - "23196ad23880da47b740d77d74fe9bcfdcc44dd7d8d1a181ac290de5cf4da22d5034cda3" - "d8020bcc776dde8cef1786c9ce4d2c2cfb035da61406af745efb7ef1a55f2eccc5000319" - "cf1d6380963025dcea641cfd15a3106751fec286", - "06d7516aa040f7d559cae248e485834e8d9bb608279ed4d4f7e1dbcd2b3", - "040127a92888fdac8d4ba9c0243c9aca516bcb431911254bc2cf51883623a100606c30fb" - "b9958fb1140643f32c5dd582c2319f71bff197d58ba3e598bb", - "01104b6ad82327b0445e75cff0efa1281d266a9dfe4019ba2ed22dd6976", - "01f247b2850463e362ff8879054d3459b2cbae84b9d4bc005a2ccf4736b", - "05b3dbdf04758d546e54c43ca5973bd8ceba646a4dd5d17ae5d2f8ec516"}, - {NID_sect233k1, NID_sha384, - "2ad9e17780c824c4f2d1e1cbf19ab85638f2f71cb4fa3518f08085b8b358f54d4f08394a" - "5ac29cbb3cab828c5f07f41eec51e6cd61a5f2cf44dbfa46834370cebdeb328fd3bf681e" - "61011b5c2ebc8945ac7a2a8467606051008b15c89390e111999255bfe28634ce9bc2850a" - "2b55a4af1c4c2f94403c78aba1ebc87386ab7b32", - "0137050d7b455f43a8dc2516cfff5a91062c1a2727b27df41488f3dcf18", - "04015ccc90a5f3906469e3ecf7a70c429f5b50fd0ce74065d41f1bd6dccc1f00fe5611b8" - "b1b35a907bc188ad2b1fb7507d1043d148283911af3ad782e9", - "04881e879d7c76eb2ee61fe1844567316d7efaef047b96979e6dceb7858", - "03799e90bc64cfd7d0246a7fc89a4d8ed0399277cab2af40fa2ec8196d8", - "067e8728f4d8398e4e1c25775620865bcc2d4cfe635a1f4c6b7306f6d9f"}, - {NID_sect233k1, NID_sha384, - "958773c37d3eba003aa5c489f72118b3022c52b93399e9d8001695664918b86893f4922c" - "7b6e55b1855ed0fd1d8de5dc61af403ad660fec60d7c44bd0102c069957ed804d0d416fa" - "cdc1a95355ef58554606579ef89b1842f1055cfa2ae118abbc485356824cc09dddb77d06" - "71cb3011b33bc86cac526e3f6bb3293c7bdca1ff", - "001fd447b33a2ee3595b9f885c290d241422afdd74c3dc4981955a7e9ad", - "0400e706408803188263cb149428c60de57ac757f0776e5b27a2d5a859f58c0153b5e13f" - "17f0178cd90427f7d608a5659b9e03effebc89da65d59698d5", - "0339300c00cf7e8c6195ffb71e509613018e6a417782e4f52704026a510", - "0227c80e36e3571e1c783358c9ffed237b251332e8ed05a8d3b454c53b5", - "0679a32cee8ae001a18d9a9d0ed7e99e5ae67ffcd54de7b48c62e76ac8c"}, - {NID_sect233k1, NID_sha384, - "9cb2c496b1bc7f040228571e005e7e936e48e8f469e295edf914f5648701249a20bff6b9" - "8b5e862603dd9f12bb71c160aafe9df02e2e383e9b8a9a9d700f4425ce408feabbf754be" - "543f52204c849fed6c9d3e36e03dfbd9e35c18d7bb2295f1c484a66e73440a0a5aece5fe" - "80b9ade9321ef18cde3eb2db15e4b18e788b0441", - "06a061e10b4a6e7001d95411cb31bdea9c84670a59ed61b14fbbb05c8e7", - "04000ad2b726b805919cabc90d058c78896d2dd8a78484c1fec5bd5fb0e07b007e048ddb" - "487f667633d6d030338ded21a2ac5f65373ddcfe1e4a3424ae", - "013b4a86b70f0e4de6efdafd7ecc993f0d6f231b3d743ee5adf82db1515", - "0541c2d3b2c6f0655dd415e327f0ef07b03356f8047117c41e704169698", - "00300f45026200b8cc84fd564778281bd1d7e03727c242a249d9ad33338"}, - {NID_sect233k1, NID_sha384, - "9a4bc0a029e97742ed3bca207d5912cb568e4403cda106b00247520ea02008b14c041b8c" - "9b976294252da835f4ff27456039d79d90315abcb0b9b6958a22352672e229665457ec79" - "571ca80447c8ff2a86e6af3dabe7427c8bdcae65e3c6746a56079ce2cf8d22235180f466" - "46a21cd9e86032cfad874cb9c67f882fb037a13f", - "027ec31ca31acb4d2fbacb49fc085f1261b0042cc755cc97f9b199e7a37", - "0401d521f7abc2fd3b0a10732ed641cc1b7fdd7b49cf61909b215220c5253e0019e9095c" - "67af1b89ae6c486c4f9889c3f2994743eafe55bd9eafe438d9", - "0151aa44fd97be14578d68f87dbb884c960ab59d950c392e607ecae6bac", - "07be427f46958538004186d52aa50a0f83d184a9d2f4da2974163854eec", - "029d4ea73ab5b336ed44556f6944e734e531a5c71dc6c929e7253323906"}, - {NID_sect233k1, NID_sha384, - "8d89e22cf802dc68ff22d43c436c79311e705ff6fd845e77c880f399f403e6d5e9e2b355" - "11553c978171189e288cb2200fd95f84ec5ee9865c0eb9190aff6dacf783ef200e82027f" - "a992741876456472bdf27f2bd8ee55db15408c957a120eb64cd24d299818726a73fbb069" - "7eba726a326719765735b37a2dcff0c853c906bd", - "04c6f4d88e5a4f4f83196f2dda9dcf2a66eaf94d50c851f59bfcea1d876", - "0401e2677c1305f545472e373615d195d1f7a315f592e26fbbf44c4255805001638140f4" - "8bad525625a87d0e537db5500f034e71e60e8a8c48eea04108", - "02185d8ec6f35d5c3f965cd00597d93caf45bbe186d4128bf877ec304eb", - "075199f4d8af090e4666754a7dac0c1599c207735c0f54c9f11e305727c", - "008cadf59a224f812d64c2f492e7ad4a923f3463b878dffc75eca5f8fb2"}, - {NID_sect233k1, NID_sha384, - "aa1bf5a79e5339fb9ef6c2817bd95725551d064bc5064d6586c5a879901adf808dc2ef7c" - "78ec3b434b84569988db58b5e8e9782b1cbc2cc7c9b68e66f32d4ac4ebe7e75b345f654c" - "7b8a5e650acc9f170f75b7aaa3957cce248cc69cf93faf8d72abc6fc1cfa9ae2d18a7b31" - "ce720147e88e84f6563b2197882fe302449ac5ce", - "01aa169ea84365c22981bb766bfdad27e373440850569957544b0f9332a", - "0401f97d91302c70798e2278348e36bbe01587e0031ac3c422141e3d4c150400a95108f6" - "b7ff41546c98f4ea4d1b587a3280e49c6cd0d33abdebf9a1e7", - "03c9efc0f72d88168c2b1f7fa1c6e275839303c2bddca136dd19ef446c9", - "0639d1a1066465b4b2f443cd9677cfe3bf5bb33e3e9b14cab2d37f4a859", - "04582792ba78f782f112711ceaf36f5f0774b92a6fcaee327d687658835"}, - {NID_sect233k1, NID_sha384, - "475664d5e22cbe0da0d0289ca9a666a37270dc71c81cffac91f6229fa39315c1d55f7e0a" - "89b6a7a07df7d391dbdf8fb7af63d2da46ecc3b60110dbcd842da97f98d2b67f562b0364" - "ef8e1c589519024177c8ea079794f271f6d35554c0e9d0a39062383c95721b72f4e74eaa" - "fb6fbfbda02cb670a7c4c94f67b8ebc6442e84e3", - "04a665b92c0c33a3f8b9eb4b0ec061d40b603de36c87096455102ffe57b", - "0400f0ac5238553f0cd74e6f34f7f82563cb01138e5c9bac6d5e7b8b7ad4fe01903e9fd8" - "a5a2aa32913b18bddef20667061f919f8d61a5b3c814ba4aab", - "070ef25950a795b5e22fe4cf5402f49029c5d97cf9f57f0806c0bbb5855", - "01248dcf1993ac2eeacd062f853ebb4b2072357e728f0589258399ea95a", - "069800eb2e2b3a9162196dbaaf67cab4ae123ea817f223acb6e889f6d7b"}, - {NID_sect233k1, NID_sha384, - "9e5397d94465390a82a3c07e3ebf21b515776d18b4463aa5810e6b2f96ca61e92d13e034" - "fa853c3fa45411f51f79df6f799a2c6906e6a5b7896a4576a4464f9e0be2b529a43e1f50" - "3fb640d79db6b68f3a3a7deac1b5832fbe86673784ff6db1f8438f7dd332cdd1e7ad9df8" - "b6731aad1b6a72bde52e6bc62d80b8da57822c48", - "00531540d94823e19ab2b95cbc6e7492e1effcbabce875de6ba96f53aa9", - "040031ba225249916a5380235220b9657162eef43d59ccab507639e19bcd6c0062e85d61" - "366a73b62255c741a065708701c8fa024a15401a4cd58640b0", - "05375df0a23646e8033ec9e3ad269e7167a663b97b4f52cf18fbb5f50f4", - "05bdf7d643ffde5ea191553a9c99eb42fba9a8b6e2013dcc520298d224d", - "06cdd9e0d58bd4c5cfe66589ed7c7d15331f3e164dff562b6971af1a41d"}, - {NID_sect233k1, NID_sha384, - "3cc4c4192f317e52df6f8cefba6d4cd823c942aaee11b9a0ef5de5c2d181073b7085a558" - "05e9554def8dc13eb978e7396044d4f4a14be2c7605998c062095c929b9c23b2b1b2fa73" - "dd19a0c0af44ca4789f9841fa62dee8a5f91b3cc4b3264f5f67334c3f0772b30bd7431c3" - "fbbf1f34318ce1889b6e8a76ce6d42079a451e56", - "022a89addd8b85809e87e0aa2c038593ec277054842854de1197833a51c", - "04008e760b282d0ae4eeb2fcbbfdec851468fd8e04c4dec71fc2d5d3a98a1300849a56b9" - "b0b0a1ede6b9f9522685e7ace3baa57f72709aba705814d138", - "05515b025d6196ffdc8bf275479d72b29a752eb3e70ebf07d4c4e7bf74d", - "041902f9b7bc81d3a88066b03e4111ad8ff4d99dd868d5608d1f43eead4", - "059adb96af9f404d2f04d89fb39cf38ba5689f47bda749ae9aa1ecb097a"}, - {NID_sect233k1, NID_sha512, - "72cdef5bdf710978e0aa334b86b8ff4a58630da314eabe98b4d611aab56f55c526983d54" - "d19bbbf9ddba30a84b18aa0bae9f9503e9b222f842f084db83aa39625403213ca321cc0d" - "9c8a136c826e6ea4ec108b913dd0a9ce9d5b8c7e3af53c3876e56a2037ebd6d99f037a09" - "7111c837647bedfe4c494e4288ed6427c15969e3", - "01df252a11ff97b4421b3a2361db94e908e8243cd50d9179f9e03e331f1", - "040129f011fd5fedf3526f0437ae800a110435db907af60e16912d58523202008026ed86" - "afa7ec80277f322dfc8cf693089968ed9ceb8c95c930415a23", - "04fce14bc83be6f862f06680a32e9a51d1a569fdf1d9b10a89eb9fef4bf", - "04d7b8d19dd9cabc3c2245a9d2c8431c3151eeb6f49676a865e78c26c2f", - "0373e69da1fe35ce41ff344447fa7ffe6fc71e28dc68244372745739fc2"}, - {NID_sect233k1, NID_sha512, - "8e4eb88c0b2d525b2c58b8e00f32def90e6dd382301de49e0ac053dbc6b61afe926d8519" - "3e2c4948f7402a3d7c614cb2c58e060362b0516a1ba4a7425f1b3d09aa20d4c3c8993a38" - "7a3248aeec51e6efa8f558dbdcfcaa13ee08413227c8351e3107e9a3e3ac124224aaea91" - "bfe50c11c1c8ae582e718f50bc5d5c06076517d6", - "01d7125c299ebd0dbcc050f07de931c7ad0450af590d0a2d0228a66ac5d", - "04013ebde8790a113bdde87c11ccdcbc39e354b193d772921b86657f53f74a00aae910b0" - "e22f1a2505f55fef2eae47ab6d47db6e49190a5469b4b6dce5", - "0113d1737bee59f9f477f71f77a0ac1aea86aa67002c34a1b31c421cd7c", - "066f9871da9a22f07c9b2a44fb6c01ac74ba17649cecc33b729afcb488b", - "037fad90c288510d0cd8e99e5d930f4fe197df779dfd6088da48986c601"}, - {NID_sect233k1, NID_sha512, - "370fdd80f330311dbb3959666001bba61cdacf20f72f78953d946fa6cba02d24b5003f54" - "52d535609e489b9434f192011f99f918defe877d51349870e7e75502f61145f7c261dbd2" - "a0840926d824ebe9be3c5a77a3a84340aea930378367ed3615a47e3f792c7773f83f91eb" - "ea718a05fc62e9ed1d78629b2c27ae44fe8f8d4e", - "021238e66119844b146d40e48341f522f6ac2f9c8a0b33aaf95a3099a41", - "0401dc3ac1ecb670f867337b752cdbf48bed9f32589366f7c6ba7424af1d6601e3a38ded" - "8148bf45484ab6b77e0beff759812493347e32d2d54a322a2a", - "03626adf8e70506e74ea27ce740f7eed1c8b37d50415be6a2681c67ad2b", - "07a9c9056b51f1fe3e7733c6f54ed96662aa7f5a08a961f91fd6d0276df", - "05e7600e9fda45bb966fbbb5a9404af961058a128824b6d84d9d47ebdbf"}, - {NID_sect233k1, NID_sha512, - "f86c4433787c3ec3cb1663389ccf53d62f9425274ccef05fd14b1b8fef676208867764eb" - "98d16d006ee6ebdc27b8d9a8ddd303d941fdd82b630694cdc698bbe6bd52441190783428" - "6c94b24ee199fe6d646064277f244b7df3ea2d9d52a9dc6a33d7c8d6dbc919da0fa987a6" - "7621ef0829e48310e0ea2bb86fedcf4effc0b94b", - "015e1bdfdacd87c42ed439f3e243abf27fd42e54f3ebdfb47f60dbae5fe", - "0400fb7fa51c1a96baab65fc85c3b769ac84ca7b63a1fe9f507a2ee0c49395005d450aed" - "449f8f1aeaa9df0131f696c2bcd4528808d2f52b6a73f72811", - "070ca3f5dc30c70e576e2d2b30935b05b6e68598eeaafa1bfcb9e156e05", - "07e3cdc4207456773aa52b44156801b316a7ac850b3a9e717a9ae7fcdb0", - "07ad6de3ba8730ac887f045cae80fe2fb5237a8594e7125c4792d478594"}, - {NID_sect233k1, NID_sha512, - "4117d593aa92e3eae1124ec7482737cd3573fe5f0f2a5051a7ce86946a2abb9e47a0c6ea" - "75b262689b0b486476d2ab09a20efc2fb921419b1811b51a2e15891ae9e45a17ab4b96c6" - "65c6c423fc00e2d66df5804a164f0f3c958df6f25d7da6829b1fe162a0a8cf130858c83f" - "3555d6ad627db70cb41303cc6380f7b3fed2563e", - "00e09410548c17bbbf28a68c3963a52d39743a4f1ac28e6dfe7a6ede281", - "0401f5f36a21a3b7fc5ea37528566da695922d7d9b7e6800af9c1a00f68242003df4e2ba" - "0c8648cb1fa19663f31786b850e6b80068b8c007f41de08608", - "03c0a2a4bea270eaf66adfb297c0e3213254cd87b11edcd90cfcd6f3104", - "07b684e337d6778f84bdb7a6835e91877b41d6af4b76311258fbb8339d8", - "064a0c22057a858b153ecdf4d275cf5523dacafdfcb46423b5613c85691"}, - {NID_sect233k1, NID_sha512, - "882ecaff3ec8f4023df5397167f238869f78a5c499be19aea85c7486e73f66f0e08e71cf" - "85f3f1b6f6a70796bf46a18e6b555a0a87c2088640ca73051b3dd59ebfef922be0372208" - "fce602d8001681297b285701dbbe24ccb42541b5db4aac1a1c7f407e11c83db15b38cdbc" - "25e930fdc6558f64d9503e214571a435d890169b", - "049f5bea6e72d98579b78cb07d89f64503f8759dd7a73cd73713c120428", - "0400974dcd68cd85117f363812a0473e972c89551e31c74c8d99f1073eaafc00f306c905" - "1cf3b84803307beb3dc0d34a9758a4f535100e846462a49053", - "022a5564b468e706762e3ff934aa22d9aea0bf2b116b61182c9f7be19fe", - "02e050afb84e1b0591fb64d46dd7d4a939552d68bdb4213f16c5d7ec5ec", - "063225df0057d5368b2e103eb2181ff5760e6b2a9c13c83da042722c3e4"}, - {NID_sect233k1, NID_sha512, - "99b3b8f876f8359bd6369ce84f9261581c52d744b90261a1427ab9e447e6d833b6b3e89a" - "f8dc770f1dd55692d01c8bbc4277a729fddfa7cbdb2ec99133201dde44ac691a77904ca8" - "16feb0a1aaacbb9fba85048bc63d73506eb908ecd697caf582747051a3a38ac8930c9a43" - "65f407ed94ca7f2d26913c53f4c010c7ed9d7ca4", - "005eaa818690d1ca4838f0bc667be5721d178c3869884260fb230277c3b", - "0401f7b3b50167cb2ff7482240bade95f2850a02805742e6e29eabf7f9ad3400f8038a8c" - "ffa0f798a01e333251996662bc3c0ee56d94c392269b63edb7", - "064d518f7b8c87325d8edfd42a52793d87ef8db283606dd676be8584562", - "07128123004a515e277dd5b571e31bbc877cc966e27ed5b2ab2c16e881b", - "051d70485148996ec30f92097e4a12b5edf804e03e312072336bd912268"}, - {NID_sect233k1, NID_sha512, - "8c1a83023930a85c5b2f9930521b8b8963d5523a3323d87f862a17d3505ccee01246ee10" - "29b8b8c2b608772c4096d1e914cb398f027d91184a8e94e4feeae121eabb504a2a35c8bc" - "9294edd15ddd979946c14c792ad787dc2d4deffa284830fc90b3f8c0ced6a99fc6de7c41" - "b9ed261402a6b3d702ff86a9392731ecc37430c0", - "0603d89cd2f741d734587e77554fe6bbb1e5739d5ff73084d4de8ed69c4", - "040122f2b7802917e4164ac2f54033621c78cbc7040217e5ded6b9217f95bb01f867df74" - "3e73806957066c2ab45c04bf1af158e146a9d1eda9e974e0d4", - "076850b8ca9e454bdb320da624c0dc63e14ad279185e4f8c9e49905666c", - "04bc63bafd5bad022fe5db246680a0a0ccd0b50ff50482d3849c92eec7e", - "07b6d8a8446ddfc64392af0aa1763d45877023c0be9ec78db47efd3c366"}, - {NID_sect233k1, NID_sha512, - "f3c9dedd7115339dd3ede7d8d06a44de66bf80b4888ab7bc386cd40a92789042440a13d2" - "cc90dbcacca5feeec1e0e3c51724146e2c4904ed6b05c7b4e9b49d7f458ada695c5d2fc3" - "6f1193329b87c1268aa38eda9151430aa0bc004e5d2a61b9390accfc699f2efabfec785e" - "b34f52b1beff1e4c5492e922acc348667d2a3986", - "07977b3aba53616dac27b4d74930da23966a88ad98f1769674789c0be3d", - "0400aa61b4bd2fa9c61914ae306d69d3ade7d6cf621399e5791dda8a054dcd012e8d9274" - "d5593f5074c49ca34a7e2d64f9d9ccdf42df6087134b811762", - "03b8ee56bebb59207e107bb0c16938cab707e425f38b70f0bc918fc1b8a", - "068502a3e5e51f5481aad31eb6614152f4957eef1becfe3a297b023a94c", - "07b6b43be63aa79c10876179703b69caf9b03c5401b999a3c5be4737999"}, - {NID_sect233k1, NID_sha512, - "d878c4ee0bd6c84652d7f9e68df7b90cc78776d8d1b60f3e4d7465032bf401f1527ca7bf" - "d4a3dd916e13e93fadaa5e5f20c9f47d12f8fc922a9a3aaeeeef294c221ca1adf7df85b8" - "88faec8002f17ff202da1be837827619904121167bee2d2cd694a263d9a99062cada3399" - "dcbfcb283597a96ebec129c65e0850ec4cb4e2d7", - "050cd20e7eabd29008cc977d0a17e1195d79587b8f15ac2447e15daafc0", - "04001ff23ff4ea1f30663b17d8f1c67ea37b8c5df7009d0c0301db483803a400ec6bde92" - "921b83d4d84be8a67a23e1718e575101b93d9a800550a20e7d", - "041ba36d2e810e47c3de583772e9b5908c257b2aec232d855669d4dae2e", - "079e96ed1dfc4e31774159ef311805b5f8001203cf37a72921efaf5cbe5", - "00b8abcd623b17357f65ac365301a8823365ab948ae3f7fc6a4a0b8ab5d"}, - {NID_sect233k1, NID_sha512, - "ac3c118cc9cbc8eb3b74d8ccc9ecbd81d1996fb25ca43c8a43bffeb244f722b93c9e9692" - "41d45d5b81fda0b399f1e3623687190e428dae077e54cad1eff75ec2f7fbb9434bf71683" - "3421bc2634885677579c237340f76787b2eb19b446d56c0f2206099b81493349f4db0eca" - "d0e2dbe85dbff7d7070abb3d3b12ef0cec828af4", - "02dbb24fcaf9f3cd5d50d209937f0e2d134fa20ee3c9c2f1fff3dfbf302", - "0400a07240c52e385ecf75525201f9810859123bfd8ce04a5e8f4dc4ec88b2009bd81119" - "6ca9ac45b28031b9f65f9a5c4ec497d995f7dec6eb06dd2874", - "05785beb1ff70c7bea89b1fa14be09332ef94b09eebcc9fb1150bfe0d55", - "05279bb1b1ad8174e88bec4c723d65eda768c1d08d1c64c332a240a284f", - "015a90383c2c40ddcf721067b3435915a843f9c4708cc133fd1ee53f442"}, - {NID_sect233k1, NID_sha512, - "700313698cdfdcf0044ca07bf9e5f0702ece7cc66e35decb28d5f8cb7e7e5367a95cc172" - "8a90cc9a53a2b5fcd4702028b742538e9b386f5d8b4a2411579ed9553021a95bd00a73f0" - "3c4184a6145aaa367e3af76659d677fe7a2e98f9ddf4aa20eb8d1a1db72c3f5590598801" - "be7ebf44255fd7376d89d998b7068bd1296fdc38", - "0047142197d3d43fa46545b547968680ec81688589d1ec8d7c7e90eb969", - "040179450d83cd6dd1609830ec78011143eb64d2d1509ed1adfa085a58d786003ee40673" - "ac564c6b5732868d0f8a57727150a23c484228890d768dae54", - "064f8892245a198c9c819152edc168e69dc7b562ef1f54dcc1960cc7db1", - "0293f2f989fb6b6e7cf304faf3f63eef61ab89a626cf8152e15f38bf93b", - "04948643075cea6413b1c88a9bf11aa176611f56d027f2b165d00d46e87"}, - {NID_sect233k1, NID_sha512, - "0374673e1a685bdee55504ce3cd333f70084dd4ae685464a16924eccea34531663fda602" - "29166478b30193459a3113253cd6494dc26154156252dc6e822552c7c04d790eb9f8fcef" - "2ea8dd79e72f881f7f20fff93cd73ad303c0918ec27c6486c4da61f82bcd55422d16650c" - "c68bfd4b0132c1e7075bbf17dad919095860d445", - "031352b49ecde5434aac05f898e6ce4337304845d748f114c14319fe97f", - "040187ae6bc9167d9c69ce5544ad650055cb9a4e69c1772322d5722e68e7e000042187e9" - "d11a921adafc694b5cc8da9226ddad1b65f764274954b17333", - "0761189e63fc0c3b5db92b281e5a4bc0d6fdb30bd14f8e69ca85a211bc7", - "0453560e6e725a2bfe0383884ba3b3dd0816d8522d9e0762f781f6b6340", - "01aaec4bd98c765e4830de6593280779d1222918d4acf08c8fc3d0aa351"}, - {NID_sect233k1, NID_sha512, - "8b237085f135d6e94592f8d855ca397c8c1028236a3b412adefdac888245874f586d0695" - "0ee18118f751bfe26f4c31465ec34b578caa44cf1b7109ac4f6eab7f97ff9699b34271df" - "035d3bf58a2ed4bcbf7577cf8e5792b1945ebb9389b680baeb8518c8fdc5540e192aa4fd" - "e0eed0d7c82be2e362b286f582d65752c8db7038", - "0176f124c24e4420f6e726a6ca25f09dfa0c5a37e5bf879e7bdd36c3b65", - "040098c37cbd44aac5d5c749524b840fd849652349fb3e02cc8f8fd0a237900151a9a88d" - "a407ae41e52b3dad1ea6031c7a36bd834007c0cb1e2c2f2f0f", - "022e299985cf289f2fbe2b1b270fbf12ba818cd2b506f642e659cd541bf", - "0686ac0c09f90a077cb446c910e07fdf23e845487d0333efc65b9b84147", - "01688b18cb42082bea69f18511b0fd9fa35da83d738763cf13ef92a119b"}, - {NID_sect233k1, NID_sha512, - "e3a086ec15574f7017b3cd5f5a47ab7a73980f11074333490dfe9f8ad8926f9ea7c82271" - "aaa74e77133b1025b0b22a6900fbb71251bb6549341a23d194e79d03462cdad52ee0d1b6" - "f5d0d14e1136026961fa3467ccf0864bf7ae3fcc3b68cb35df7324bd9bbe58fc8aa9f63c" - "19feedf19d935b71bf5981c74fb2a487f84e453c", - "0755c48c3dbaf71042c58cb137f3632e3cf9d90b7b9a58fd378feef3d19", - "0400bd9a720553afbfc5349e4a65a21fed0444c30304f7018ec1ff6fc8d1f90109a1d6b9" - "cc4fbd0e888d0a2b6883fd06a5da347c0d4f7882fd29eabcf0", - "04fedf8785c6648798748504b1c9b6a066ab6606bc9a69534f93e908f4f", - "001e71744a1b683858444da0d270f43b0d5644424f2b38ef48a639685b3", - "07ff8199ffe723abacf1947a828e8596dc49ce655319087e4aca6ca34ee"}, - {NID_sect283k1, NID_sha224, - "ef90f85fbda05e693006e4c64e1dac56223becaf0890f73b5274e6e289a5a1de2c141b82" - "5c24d595b3fd18ca855b5c1aa60dac6b5356275b11be670692cdbe5f282f93ac7b2e410a" - "96cb9e9f80defcde98f3449f99e192bfd62040421a0ab8f99acb85369f25e5efbf81439e" - "fa8a5e1d9cf781355a0f47b037b09fe4086389a0", - "1e846c830a8ec04e8572d1a9d2df044ab47352fb346f67403a3bf87243871b164511c53", - "04012e43e20941f2641154bb66a56f2e0428a7ad22d607fb8af658df0b382bedc7d5ae22" - "cc022f226cd65052071066963b112aa302973fe2b5fdd7bb827d13da7634dd2fb9e3852d" - "db", - "03a76f87ede2b5d40a0f10e15e90e29198fc3a03943efea39ddf7afc37ed4e18832af8b", - "1be2c776c707098438fbd0561de578e4b9449f955a25626f2fbea257fc578ffa1bbbb70", - "1aeef69983da1a535b10a47e66d890c4413c7a8cd6a2511a1a670a4c573d4808f46e23a"}, - {NID_sect283k1, NID_sha224, - "a3ebc17c867cc9c7c28797f6364f6574b80c7ec5b2d8e1542a6f5db8568c15032f92cfbc" - "eefa3fe4ee654f690b0455ee5d38dd84bb8665ffc1ff8c849bdbc4aa0ddfdbbca4eb3797" - "2fcbcee8cecc1aae21ec736ef61781716b60247b7551ec4e552d0b59a53cec5964c67cf7" - "988787cedf769eabcc9cd5243f58034d96f0e43d", - "101c5ed48231a56ca0ea85eb45de0e395e6df2efd4987a226ae36489dd8b2dfbf7c465c", - "0407011260f504d809baefb54af48c890f94fa5984c8bf228baa4b6ea14d46372390d1a8" - "ac02bbfabb680659aa2611435c4058ed773467a41cdda8250f3490e4f491f1bbae452c5c" - "36", - "12a3c7f0b3d64614ff97133873d75c7c1406e316e8cf60d22139dba462055baffe6c8f5", - "0a9933496d60716a39e1c3f3bf22a7da546eafebef80dc6f25d0c109ecbc430fdb3e80a", - "0be56197a0098b022a7914c10f40207da58403d6c7d04edaf7efc96de740cd71f67e0de"}, - {NID_sect283k1, NID_sha224, - "60269efa4d0ffafbbc655f6f00578eadce7fc0a7eb7db923dca49b6f2bf3e13f7f829cc6" - "133e022c3c92143c075ab9ced0531a91e6e79848194ab98bb852f40c84e7aebe71fb8bc0" - "fd1f97ed5bb6bad6783d8dc048df42738e841d978456e055e1b8a781dfecfce2218701c7" - "af77e7894ccac5bfff360aab0b6136b978bc39c4", - "019679dc589440b11f82b3716e5b2a2bd42c3b1c83e88a28e304cf5148877faf760b4de", - "040743ae04e4b07d154ca0749a011c97a31ac68d8e1da3491f331136873598896e5320dd" - "cf0776c05891c27fd912267ac166bc9acbaecbf80ccdd887aded2d7b8c2a4a5d139833aa" - "d3", - "099ad7fba5284e406f6cf200a39e398aa0426448c09b95e691f653d6096a63adbd39965", - "0285a82340d9a6d96ed9ad0fd0916216fd20edf979df41a55835ef8fafa00d242ef6f11", - "0a8548b405c171d2a428507f7adda4944bade7cda6dc580b1d3f94e15d7e10f0a08e008"}, - {NID_sect283k1, NID_sha224, - "59d704d5b1f3a0605f1497f22f71b8f45b26138bc86371f00a4517554e7f6e7fa5d35189" - "fc656ce68bd2cb8510fa3e3c3df815dfdd749b2b6ac997d443f3954c7a927e138b579801" - "ffd035cea90840733e7884ccfe43d8d3a4a26b430673274aae312abe4ac1e1d7c67b7358" - "0fedf2d8de46572493c9205ebf0e8b4d75ccc88c", - "1703c21fb1e09f8947e12fddf166fda6f685221fbd803d75a0ae377a54a1e494e6c5e7b", - "040767564e13ae544dab22c3763c5d330a5571e07ff8f2f5ba3fd729379709b1fb184f99" - "0c027f9e5efbd1ff6ac53a6174670eb463b12f70a603354e25c577ea292b13b8e5f022ac" - "9c", - "10d875acb4d0dc211a82e78c0249e74de16768003b53830bf5648cf911fef6a57f8f048", - "02af92243b9dadcf21561ce32ca0744810478f8d5be8e0f83d9632ecd8e86ff467268b6", - "1f6c50fb3bdea228a6b623be9e2ea2c371dcfeb0e604ef1029b6766c43b193d86c02f27"}, - {NID_sect283k1, NID_sha224, - "12c8fdba3bc5f68e13f7ff8e7bee876fa68a970afc6924314dae0c2482763ced8d4752ce" - "c29ea288d350acd8a06c69289ae41ad345a1b88bcccaac903f2bff39015c289a8ad60860" - "6bfd65270a7bcdb5fb10c89bbc2d16dcb91fc9735d66103f6b1f3575622cf4d820929031" - "5b033ee1f79968939410f465a2d37add46af2d59", - "071de8eb14cbfb88e61b908990ce08b81e624ef4f2cd9cdf3dd7ca9097d5ffed9ae9a71", - "040136d50e1aa8203a0cd2c2d545b81d00b95c6b43b74b1fba3a6402abf756d38087affd" - "49046bec77240de7bde85ca4345f27c6df341c72a4eccd2cd495e86376c183ccb34f271c" - "d6", - "1d80734927505d8d4818b3bdf1aa2e5c557e5f717a5b3fb856ca9a2161bfd74a130ee38", - "07894bf10885a698899b118f57e7da22222e3d187a0aabfb99fac0ce0e134b6b44a5f90", - "07b4a87592004d6ef8345415064b4b4672db2943c7e6098a9e6d59ee3324847e753703e"}, - {NID_sect283k1, NID_sha224, - "26013a3ddf687bb2f37d9700923906f118d5cba5d8ed5113a0e3e84cff00918125108f74" - "f4b243e351aa5d07fa7c6ece29f5700f23e50286447883d2a058c3258a12e4ed8770cabe" - "627ebea7ef6e8c77811ed7d9a19c53287093e39226236587ddbc63b7ad5e7ad9895c64d1" - "d03ee432d45a067afe27d4cca920ae88a7a68db1", - "1d156eb15762ed00c4021884adbfc2426e910b18a5bc474268196f4b74e593a8f38702b", - "0400a99b45860615d7caab2f4e9bc01196a61f52f95c6c7fef615a4746d48553692d5fcf" - "13056f81a0088dec1382f8a3a863901d3443c8792cd13ce13a8f63b02d107b66d9d23bc4" - "92", - "1999524ce9525d85b562fd13634fd9ac50fb76d83b9d72d6976d6fbc47af7e1f354eee7", - "067748d49389c9b87a85b518f84f41b18f52569ba531985b8fe5e1f0cf9cffa958da3f0", - "00c44a583c704f69160c6258332f3121b022759b163c74c7c96058fa8e3a9928afee948"}, - {NID_sect283k1, NID_sha224, - "c4dbf70b9a2165e7279122460d05ceb8e43e03fbe2ae7c314007fe2b1d8567cac727a10f" - "ba5cbead0ddb167d387da8e8f3d6bc0ad851cc32885809d07a776fd4a95a979fe3833610" - "af89df0f454d9edfabe12495a118fe83add5eabb2acf54ba7ba7c4be20fc77478c0a0f07" - "26c4e60317422a612a234a7567648603b63f1c12", - "17d6eb1219cab8577168be86b61f372b27ca70fb1f1a767947895c185344e966db17aea", - "04065d8e43a290a6957230501509b95a208a6c37ddcacd1e882d97c73c38b2a256caef5e" - "8b002169cefa6ce170ce20a0b5463f5bd146224e0813acff304307da88830b0777b86cd3" - "d2", - "1519e37a66b4e665b2e3e59b8e836869a886c879aa1ed47901a6c8a8f365efbc67fb410", - "1734a8bc9a13f51d921a297bc6b2d38610c20b32b0adfd5efdd01a4db5084f3b0697904", - "0f9f00b25a33b166f09e2a819dfda80d87f6a2419a7b4162e435ee02c0fc10a669df6d4"}, - {NID_sect283k1, NID_sha224, - "b1d53b6af1face9b59af11c726b0099111d1adb3666209ba46b1744a528ed0f72be5a1b8" - "2423153b896384faebef0362343e2a4599803c08b8513708938aa8a498145fca1c63ba41" - "aff06d1a18aa2a045fce7fcd7e5552a2b98d0df97b6876f06a9cf52a7a40fb737996adda" - "97c3cedf7fe421235ac6951060eba9c0377e72a2", - "10ede9be6615b3b2a294d67da78127ffbf3a15bdba6f4fd78be7a60415b5d1a097c0cff", - "0406418eac385ce94c1982c216ffeb0b26f9c061ccdfd785ded75efc6a329385898331fd" - "a307d41f9cf1248a37fb8baea7f3545bbca707a903966019ad56e4dc810b6863e243968b" - "48", - "134ac4de6ed71106d11fa736960eef2873223aa87b1c5bf5c823de6c78092cba4726ec8", - "12a37587ddf224faaf8dab61210310792d4ccef650c98155a227bf468b7f323575115cd", - "10982c965331cf8529ef6adfe17dc3fde63dc2a557cab451d7c9408a089229e22b73d43"}, - {NID_sect283k1, NID_sha224, - "e78f538b1ac21602b00a09e3db243ef4803b447329c94a1476cd91a88ff790da71421b60" - "092c8a6e55327c7982e7655eb1fd6e40fa9b9fd2f10107dfc585994dfc5bc2143d18794a" - "39f7f69ae679b27dd11ed22040d5e93aa83f71783525a4db0c3fd7b43e57dafd0033d531" - "7680df19c2ecaadcb37ef896c61a758a5e455206", - "14f237cface123b64e8578ff33f86bfd2a8181b9c81f36b9ca31e2a446f0d91dbbe2249", - "0407aa347c03d8845f1566bbc3fa1d66ecb41ed1dab0a402405d8300591a1f3078f9fa53" - "2c063bd10274437c2690ed6df60ea632f3d4faefcc07a72ae8d85c2f999bafd373053265" - "dd", - "0570bf3b42aa44c11603d94e14b524b8cb1363306196924082ae71021707c3138503031", - "10f7f4af1c1e3f9e8e0c95f991c348bce6725f60aa12ee7b398be64728242088a469a58", - "17145a39fa4dd237e31a98daf3974138638b9462a31b87ada3eade6bf7f597195eb28b6"}, - {NID_sect283k1, NID_sha224, - "8a6ca8ec436d2c706fcbec6486b5665b21c174edee7ebe108211c388b1219a8224179f74" - "38e0bb7d6e41ac4a67337b52d4cd9a069fe6c88960ae20be29c8060efd7c62cb7a9a3713" - "6a250e68f253e7f27755df53ce7c570135641ad49b43507e5483e17b919cedffdc0d4913" - "b1d5e0ca0629876c0a551841a0fc2090d2857cce", - "08dbecb26587cb2ed7df2404e680fcfa5bf8cf6a58e87a350a1600211b3c844ca86daa5", - "04066610ce348821a77e8a6eb74a675ad9312b2622ad2e1e6d8dcd0be8b27d8384844a72" - "340014c15776bbd144c0c24bf419237db9401fb7f97a7c4c0ef50a9afd27c3964088f796" - "43", - "0204586a9314bc14bef8ccce8b9ca3874572b375d01c6b4a41c743c16502a27e91a9fb4", - "0fabfeb17bb8c1a57af7af81d99cfb7b0ecbf4e5e4a6ed483aee4be8ee4c70c2ef23941", - "08071e162dfeb068e3cad256c3603e07ae48b35f1bafdb726cf4ce32844e1a2181f23f9"}, - {NID_sect283k1, NID_sha224, - "95bee02b423d2c6e60252da4632f693a2d8f6597b4f9c6e356f670c3a9e4e80063e92fac" - "b6421d0325b99dc150464ed2ec1d0bac72a042b35d56d33d2fda686a75d582d475652221" - "8b4ddd25ed45503d90d3d185cba6cf0ac211b22aa4e1318a8316c369186f7130446dafad" - "64f7966f5414f43af37a87127534060a23c6165f", - "191badec2d28cbbe62c072c6b57eb5d4644d0c0b3283951bb66096cd15edd43a1bbde53", - "040020224b00428031056ed370147c51e68ffc02e7fe269ca15b22310a2974d383c6c83f" - "cc01686568fc4768158e75b4ef0427d8e262cd0638801ab158311749e0f432d5b69a667f" - "0d", - "03b1b6ca5e627f00176b599b68fe54e1b5a272c323a06b55e4871875c0e729c4c79326a", - "1ade251b9360a6ca1b48c2fce0768a01193a415bd23956fee1e5c4c5076b3571abae082", - "0adff25020af4e2b4908a33ce1d75c793934921267b6c4a0542924300fce40fc0031021"}, - {NID_sect283k1, NID_sha224, - "ccd7f7c0e04d1ef9a3c5617d77480bc624beed6582bc28e9e3a369b12144fcd96b735ee4" - "1713f4173b64b28c6102d82dcfc7876e06e76fc497d1d238bf6d85bb5feca630bbd0c0f0" - "fa7c0c72e28e9259087698973ac66244bc6e69c04deb22eaeaee7b20da239ab6333576f0" - "1349c76f594498620933b8969450ac2bae66db8b", - "0ff5e3d66eb57fd35ba4472effd6e7a016ca461e39000a7125e99080f6ab6ef4380dd7a", - "04019d8c1d9aca39de0e627981d21e35a628c35fd4096aaa86f61625fcd078f0400f615c" - "d5052ba2854ccd64407f6779c5e259917b251c9e34ec0d95c05488f30802b82cf4b25b53" - "89", - "16c9cabed653c57676ee46c8912cbc507b246078834f1667d0708e4c666346299c1fc03", - "12ac0ec9501ac91a2b57220e9c00ec6e815399ede94a658c36f9e89bbf1674316d65dc4", - "0c9480160c4e9db4e82b4ad26cb79e083e9e2056e68a2ea554aca45802bbb188389bc4f"}, - {NID_sect283k1, NID_sha224, - "65e9124a2606c8784c9489add2999f4cbe6186395df20838d653b263a207ec46995d2685" - "b55d1874e7ef05a6a3bb5b60a7be6751ad568cef1bcea2debfc494d1e2ece0dc8028c88f" - "1b2c6e4ee26b639c5e81f6448bd25b73ec4608a8e8cf4e0155c29b6f0a62781493b03bb7" - "384c9808529d5f87da6564ae196a365bd282f46f", - "1f3591eec4a8a3fe6ae6debe230d238a6b73cf3791cb735add1abee64239bb100f15166", - "040483e7e2b8f7ff95b86008c3042ab83a4b6a48f15ce1cedbaf3b586b56ab606e6f23a4" - "ef0287cbc8c609426f1665976e8120afb8de96b43978762ed44bea5aa1418b9af6922c60" - "66", - "08165da5f5427b38c447382c8dd0940c3bddf8f048185e6cad260031f7c0a2ffb83027e", - "09034633dbd735cec6208bb6f4455b295b7d730c9301bbd1c0e9f101399f2b3425a13fd", - "0204ec149b416ca3467e92194449cf2ca0f41ca1fde79145f3af856085b298149a3253b"}, - {NID_sect283k1, NID_sha224, - "e793c60fc725fd537d5fd38e9b4fb52e268722ae6bde5a058de8d20db301f5e8d8e1ad85" - "532198835a04b76f27ca3c972be5617a55677cffa8219eb64fe53ced242efe1b88999097" - "9227dbaaa15ed39d3b6be8c5a3237ebe12bd96f333d947f80048463d3859e34f865d83fa" - "f03894c2243a06cc96788ed952e606c2d8948271", - "05af03cdb45961e7ff35fb0146904ddd6c2bfd3cce814073d3aa56eaa9f13b4f7423926", - "04070bf676b9b0db558eeb8bb94a1248bcb599d1e8975ee13cd37dcb78af19307d1b7e57" - "d506ed9bf30c627062b99ff9d05ca03441b6194c34364cbe7b73b46ec9716ad8a9970cbc" - "99", - "192c7b1fa8f221edecbeaa51447818474dd9fc89e962e8e87400938ef0dff432a6c4b86", - "1df1a4f9578e9cae8102aab5eac70eddbabe4ced99b5bab1b1dee59c41b81e392968c14", - "0f2b1319335ee497fe3ebf1891a71cded59704365774e1ed9950f79100e70950783bc7c"}, - {NID_sect283k1, NID_sha224, - "a57682d21cebb48190199e9f57493696eae3a59acd22f64d5ef4729decf6c2615b326817" - "a6bc118bb7234bebfc7276dd998838c009a7348e46431574638dadc48538d6048d572e50" - "d9c5974d2049ebe1837dd857bcd1447b1514b62808a4e7a88162ae1bb08a0f6d3db6f258" - "74c6cd0cd4ca6333f1bd57bd192ef67e4616d182", - "1ec9710ada06e6270720692a06d488ae2ba863b905dd2fc323e7ce68dedacb35fc8c7d8", - "0405cda72b5b068f70b3c431def41b8ca1d4381e8c2fdf0821cfc17eceadf5e3eabf7987" - "b7079ae508354fe31899cda71e01cbc80e5192d24f1f13c954208d2ab8412802407ae376" - "3f", - "04f7b9372a8fed536396f0b87d4b20494786bdb8db77200c1aac1896486a05d3c940cb5", - "072ecde2a8f506f0fef273c8915a9edc29e440d48fc6cefb50e7117492fb4a13e123bed", - "0010dbd6229d770c468f5d8bd20edd6928bd8824b7fc2b10dc45fbd3242191e7557b984"}, - {NID_sect283k1, NID_sha256, - "f646e7334e191c2bf0056d3bfd23f03ef7f0777b923f962519a8399d311b8f68414c689c" - "a34b96871fae99eb7ea534fcd83e788e56eeef817cbfe33677283c736b99bf6a626f9515" - "291e842bf99f694e4e8aa7c9911c591a87d5f112b3d96b064594e2b368e6d1bf1a1cd343" - "d54916a66da22c26355266aa2884120fffb8b94d", - "0668de088c6913640fbefbe6d2c44ab26e481802dbf957044a4957c3c5d0a0fde331501", - "0400d3a50cb9d347cfe45d2a313813fec8b928a9b1defca6ff4b89c4787717f275c6b733" - "7f0762e47b0669f625c39c74d50e2b46875ef366b7c3b005c16ede69a2fba161faf6b3d0" - "db", - "0b24bf54795fa02eb9527f21ead5497a6db2bcc7849a16d206239f830df313dfb7a2716", - "0852d8b6fe93b0b36af5d99530eed08669eb9a25972fbea59f32dafe88b722bada98ab5", - "0e5b08d410f2252f724dfcecaedb37b92a6c09cde646ff6237007f4199068f945ebebe2"}, - {NID_sect283k1, NID_sha256, - "a2d7e69ea381d3edfde4664c56c4cb140d01cc4425df757975cedc995b89640dc016ab41" - "9b137ff25a6a6d64a309b23890439d2ba157262393cf93d15ca1b1ffd19373ef12367f88" - "98aaf56d5544c2f019a4854f69b3d8d320e03135bb7b675e588a5c3fe4b703938fa0f964" - "916501297cee2fd04af767155c7739419f9dbb7b", - "0e6af57cf47de1e6f07041eb5e1a413fb7ddd82f8c7f7ce957eb28a118004930bec4dbd", - "04021e31c4e4d412a261e40483b9106bbc1b0d7e7414e53d7b9fd84175229c8cefbbf6de" - "fc046ff2dc601dd407883af7dc71a6ef4286cd3b1b6ccee4fd861865bff8fb38ad51b63d" - "49", - "08f9e2113d0b223c04e678e8ebdd3aab4816681a9ef08b18a38afecc57d79c971421469", - "0d2c9113a18bd51008fd327a55c214c9584b6f1b816cf3b95e7346080da2cb07dcef8aa", - "19167051872759c36ba9eeb5d620cafd3289e8b7660fc847ff385b5143b3aca38780639"}, - {NID_sect283k1, NID_sha256, - "7088f60e9375ec6a42f705f851fc76cc833c4dcbb3352adcce9f59197c1b7121e7aa661c" - "4f8ad9f4ef280af3a2981e90c01291f7d1cf7d3ae2d96b37fe6975e11b7c6c02b8ef044d" - "1470b1a26b9c72e8c4e7b1dd83c8acc9542e2fc7d211b87841dcceea2ab8128d0ff7bb62" - "2b60faa4a89ea7008f7d55f8f9de675bc4596fd8", - "19f9b63fde8c6aa6177f2a38981505d04f8ac62bcc21007b05615d028cfe851ab9cbbc6", - "0405a3e567b227869f948180547c2713703c90698dc04864140d22b24bdf81b3996829ac" - "a505b2ba535040afed0bf6f9d850713e54013729bc6dcbaa336ebbfb9c461f7ac61af480" - "01", - "051e20545a0a98dc3fec59e4ebdf101c6aa2768f344c1e19424c1eaae4aaf7ffeb5205f", - "05fb3329f63587e8febcdec49f92de88366a9f75d0b9a0f374dadc6e7a62b833753e990", - "12edfabf1ce434c850b58804f1f31f8afb20fbb36ee69b68668e231e4c04fa75e658478"}, - {NID_sect283k1, NID_sha256, - "ffd6044ab991849939e8a29184b4d0ac3e07acb63c7e6b886df9e8254073fa800d5910b9" - "fe34fceb547565a2344eed4de394ce2251ed51ec882ee9207eb7340464c742d9d140fa09" - "64f6bcb1efcc2d13919af4f727953de41b20728ab975c1ae0ce784865f23ed1325c68daa" - "95ed5c932893610179be94f13b9a4149f09833b3", - "17704c1f436beb52f7ec97192e23e206ec09f9e8986e06bef71467c192bad6f0066b3c2", - "040329294a36ceae2b2c56bb6e21e52ec32af11aca9ab7785be9c2d79652e7960c0cf7a8" - "ae0658a89a48fb95cb7028252fa9792d91b989d7cef3fda8ba9c8e4ffaf19269f2a69f0a" - "24", - "0aa8d2e210ae40ba1f9f051ad85d37f7cdea43aad890ef802519cc5773e9a0984fe5d6b", - "1908e3a2740fa04ec0b23c964c4c3cca51c4603e7553461dd02f8319a7ca2ca09d0aef5", - "12d7860d7b438df4653fe40fb9e986cb035b1384464e061bc4ee3bb29aec74d16b0a694"}, - {NID_sect283k1, NID_sha256, - "c9f81c9ff7d80011fd41f2de97a6c1e6a22cc2da7b2b9e4c50e1354c3e139b44529ac786" - "ce795fc501dcbf11a935d4728a7bba44b4e86b5e5990fed4d3e24fa5ab6f303e1842918f" - "156e00dccebed6897c852207ae5941c630014a41696882066c2b296d39cd8658cb5830ee" - "e78e29a00335a99a0ba90722ceca5a2e9a99a2c6", - "0c7d1ac8faa689698f5c6325a3b3f35e7730bdbddabd0693f2bfdc5c838bd62f84508d4", - "040095a930071ce56f28a79a66b751283c756c4f2566ebc2a10770ca60cced6914bc9a0d" - "77046f70021e7a949c7f55b059d4c8e81ee23b13809a35932d83b8398fc8684c5a90f3ec" - "71", - "038ae832c25dcd30c1ee3f5fbe84bd8779c876c0641907695aa598132b0e581ea528332", - "0eb27c86d3ca86ef53aef0465d257e6b681f891a6357cfbf51260dc6e35a82799de0e97", - "0e8207959e8be94e7407543df80d38d9e662106ed68e1456dd1826602c5b73f27ddc901"}, - {NID_sect283k1, NID_sha256, - "a60de761eb32490184dc1d29e21fa33889295ca587b994746874c7289eb9c83e9c7bacbb" - "4066c761a06b65ecd78d701bd41f305cd7eb258c630f3febfbb0a367ad16737b146fd793" - "dab23562e8001cd113135b1c981d1ca23eb3be0fe3e24fe3fe1089caf9fd8f4f0d1f90dc" - "c7dbea4a9e2357793b65daf342b8e6d109c6dd10", - "1a173d158866db0ec665ee632b5fc397893f6a44ee17c348e7452800aadd8ce676e7fdc", - "0406a9369a93e0b5165ac6e692db035495c5cdd6df243d9756098385ad616374ac1e1efe" - "e2032f72a02c36954cd8221126e4eaec02668f454214e4508cf72b6d945e14d9b7c5d404" - "c8", - "0200713a78f58c755db4897f9b7e52057a087816a07fc388d66d34ea9e0bcf2f47e182a", - "11a26ee24610e705a42329f86aaa80d78934b4bbf19314f06eec46067d85c8377e04d91", - "077e35add124574e98e0056bbb106cd28ba8c3bc0c47063ceebbbf2684983a2a0061950"}, - {NID_sect283k1, NID_sha256, - "2cd0320cc73120ef13e83c8144b270c9a1f2049a9250ef7ee83ccc7584025140a51e2227" - "a5ebb824deff55b3affcda63ecb1fd3f337c67c08054dc82fdace0c4bb9cef1bea9dd792" - "635f655363d05903cd6b5ed50ee669bcd8157509366cd85aa40d19593265da26e5641590" - "ccf04672a6df52badd4b99964a8643d9687b499d", - "05523cfacf4ed3b74ebc30f608292e45173001d80cc801f729c5f71fc213b243f041ad5", - "040410751ae7d8bb2295f584ba3d55eda41a80b8520b02bb4e5ca669a1003d6f2829e0a0" - "1e05fe16244f76f0c8b24bd3ca3b53c697097e3ab0e2b44962ea534a655d6c7d80b857c2" - "1e", - "0a634f4cef0ba37c9ab211c57fe6574c67933280c91c8b175fa4164755bcde867fe1772", - "0b9f6946a578ee38433e98478a4c31b67e838939cbf128f023090c4848471482fd1dec7", - "157159e15a2d16da2e913c5ef00833a8e5513ee4e7d6cdc849fd822c59886d0ca3695ec"}, - {NID_sect283k1, NID_sha256, - "a743d8337bdefc4753f937e869a36439da1f8c75e1278c3f6a4a969d93787dac93293818" - "b1cbef5b8636e1a6cb3acaac1e15dbe0841c8001512b689292f3f4805997ae26ff52f7fe" - "1842512a020c448ed01af2a061f3638689446ed5f6bed9fc70726ce4104bc11142de6387" - "3fa7039830223e8f152996388417c48e0c1fa81b", - "09f6bd008c04b8823ccc3ee7d5aca535c211f35e9d9e7cfaec518b98647fbe6d28283de", - "04070019957dac0e9be0fce6abdfc00ca737096ba2d2bea9ba570acab6d73eae2132d7eb" - "060559545f82741ddd1cbb9dab0cd06454fda8abbd9d1eca752e57ec05498b14e4189f1b" - "9e", - "0fe407c226fb15bc63d37cc9840a1a1fb0ac4fc2939fbbcb6e1236831379d367669ffd9", - "0e96e301bf1193dfdd2815597e016e0a282d6e8f9d1d67a7f7e7d05288594f1ea92584e", - "07488687f13c3a2b9ae90536db7868f2bde1529ccdc0c84eb85c53ea979228d1fda7c94"}, - {NID_sect283k1, NID_sha256, - "6a7a3ad614a3a09d2dc5a80204815d0c6471057acc0fa73f3cbbf1801902c3e1cba3c113" - "4a79a8ce61994a94a5afa85ae1a44b2cdcf5153f8625713c872da36aba0afcc5c2f26636" - "dc3f60e04c256a5b023e20e2e7a3f7305bd5b3033fcf05368589f19021f8c9096a886799" - "04b657bbe5b9bee67d6e53d176fce1de9e54c64b", - "150d2812505c82584201e93f6e0cb875d29dc7bd99d9c0f98e0ed20128886e67e1f1071", - "04012c7750172bea15487a05580891aed51bf81548f4b65c51c6c54b990bae8857a20115" - "b003db9e7a17dc8b24ff080d80842f0488f17f7d43a40ce6ffad52c65f5a875b4b33efe3" - "fd", - "0c5c52dfb50b210ae13c2f664d958b2491bfa91ced638f925941234bcc4d66de1eeeb73", - "03887a270eeb515a59a7387d8acbb4e72dcdf13f317a6a93ace5cc98d69a79c64a9e7ea", - "0e922b2d021cd71e213bdb36ce3ebf56a34617d4dcca30fc05f238a1c097e38d7cbcf91"}, - {NID_sect283k1, NID_sha256, - "65bcd77a3ab345cc99b9c1300755288102a6ccf140bc7d1ad25df246ef01fd57a8614b35" - "2033b88cc6ffffe5b38b99ecf03baa365ab5529d6751a3c020d0198561969aade0909143" - "4d84ffe13b46df043d0a61e20a08e9c32b646771fea1b29e202d40aae1c7079873c3af49" - "4ecf6ef5eda855736c9338b4a5c29a086a8266fa", - "1b3fb9e1ff70f94bc9d7742ea535ca982215af3df381b5ebdf1db40c7c849a7978ceb98", - "040769a897a443c41ae7a8c1e45290ef39c40887ab8f4aa3f9ee8f3096921222ed7de457" - "39072621bfa30973da61fb6d363d66db25daf818ce79dd3268ac0520fc99ca7917fa3a23" - "60", - "03fa84ee38587f9c848b65b07c47551e27f15e7a87ed0ab705c99c8b7a4ee9e86a8e4ea", - "11b214ebe67eda2bd6e84c33be05c4373d2536e2cccf152e56b1569cc96d261e50910cd", - "0e100646cbffa016664bb57c1a67108645238573867c0b595c46e6053f844e5482a993a"}, - {NID_sect283k1, NID_sha256, - "ed1acc360d02ee6c36bbc223d91bc1d2009a3e8f8dfc4c3796cd8555b0d2b46716f4c805" - "8bf34c2d4954e098274ab9c2cbacff46a0578a14e77fe104196cbc6d2753e3bb5422b8b7" - "9fd004ac0aa920eea94925c016ece16ed4dea916fd92563ec65692a61b28ee84bef00071" - "20bb1e31bb75b8ecf68406a71af9a18b4edf5320", - "147fa46fccf0805d14c1b84ea59bb8b8283d54ca0ceefb29b5585e7141340c55b7232f7", - "0404ace4c65ce07fe5ec22c560bc553bd791434a691c2d865c52b5e38d541ef191ef4190" - "67076250c829de137b6549d22a12f196629d9d34cdd83758e5daf45fae41872c9b15190c" - "e5", - "18c4f89cc022236a0da6105f19c6661a8325d36fa285e3ca71c1a4af3dccb016cac186a", - "0271b421fd572de8a71d1b18ad2325bc0fb58cabaabacc1f015ee6b14bec49762f1f8ce", - "12e679010ccb143b7de0c3f6c82cf99a961a4f154be6c87abb111cde2d721d864d7a1bf"}, - {NID_sect283k1, NID_sha256, - "2debdb95a21d72b69c545988727366a42b819ca6398a82129c5e3772aea93fac0aae9a27" - "b11969ff0ffb9dc0301132ca2452cd863316cf24ae7696422d4dc68e37316161abc146e8" - "6f04b72d9a27a350d8545cca245b2be43c33bb822dd813d13e08a718f784845df8a4ef49" - "b02529871ec76bb3fc1ba31089359f2ede73e767", - "0fae097ea56b35a517be5480802f450eb832b244558d0cc922cd4a5b40b84d02ef11216", - "0404f6bda2dcb9560174ffa54f13fa5edf17bebd41399a1dce1fe13e82a2b487eddfe25a" - "19076dd375f2c5f24c342a8e2491271cebf5b97ac666aacecc8d693a85ebd2a93eaccd40" - "59", - "05e3a67091b9e10c7fd20fd70d51162e5d78555059802d0c3b133f49b89f37be6a119ad", - "0ddf93ef8797571af3cc9a66660c569445a2b5384f95a12d680c570694bce49bf2264cf", - "02f50d68bda006b88798d87c232f5ed1796c841074f063da03a471e0c00f08b10f410b3"}, - {NID_sect283k1, NID_sha256, - "e4e0c6c8fc01244abf81e139c961b6a6e2d95de5dff1083e8a48b40e3e5b9ed909152c92" - "b1cf2263179629cdf76ae553b58bb2e9223ce4f9ffb5f170f5f0c5ec97294c34a7529a89" - "7e9397f71198cbcd68bb4055cb8cd6b690290761b3b73303f82788379df145358afe28f2" - "997d191d968929b7a4b9a0f6228797dfaa17c613", - "026cd72e6ae19b3f4c53493fba1e8082a8df1fb7da6dc111b47a41f713f49b33f618d0c", - "0401c411f5e298c9b61023fb26765cf4132cc78ed77c07c3e815fd43032cdf0ae8b8920f" - "96035647b4c0807b287014043560d70c9b14651cddff4bdf6d44ead5e87720294ff89544" - "06", - "10e9bc449e8480474afffd20b8acd6dd08344981c4a6cc789c5338ad7e486c526d6c4fa", - "0e81594f1064e018aa3504bac75946d77f9e745673043417a47c0c82488e224cc4104d7", - "111bf8635b1bc3f6cb7f9b685077b38d67160d143ede2bd8b6ae93327d7f55c5317f00f"}, - {NID_sect283k1, NID_sha256, - "04710947b7c90855ba4e59107b919d4a1df22b503c5c4c33b286b6b08e451e6fbef8ba40" - "852f9f0ee62c9217abe6156bed46ad6f0e25f70f528f3a73d099338c578bebd6879d810e" - "6e173c2b0af1f7caacb3531ff0e6a7856e4c84db355d110febdb21c683223eb5990ef203" - "8d462ddb7962bc0feea5f850954943d53041f66a", - "198e13c7d95bbbb6e226688719639bda988867764ffa9b029018b5547850daecf58fe1f", - "04030b511d719217c485866273ffe2996a19e0a670b7a3fb077944a21f63ca2f22fe5a52" - "4a03a4d9a808e8d77c9dfcec6d033139fc33e67d7c8dfd7329c895bfb77f565391c37c8d" - "8f", - "1721f1ad4adf3c32614feb7f8df3374e24f76a32e27854a57dcafcbaaa3082b13e461ce", - "14b2622432adcfed7c2ecd2b52e43be7f611680ceb4bedbfa9dd9af54532911a07440de", - "0ece991128b10399188b18933c0d185e85d111ad401baee5ac376b84c523f130f70fee2"}, - {NID_sect283k1, NID_sha256, - "c62d07bb1ef756b6b2fad355c66b5be086b6dc387b37cbc4a63c841dba3fce65b09d3de8" - "f239e3649382d172f065b78f8a53e0283cf345de06b4ee0b4b7d8611bfce92a7d993b193" - "8419afe817611bc6df3ef74191e7e39ca2339fcb5b5cfee3166d09cd52a1a7d3779722ae" - "c328d326a11bbafb6aa417920225ac453146b9b7", - "19098a39956747de24ded56435fa1e6c30cc2b8088fe9a75f5d07b2f5939c7a60db64ad", - "04068cf5a2023753717d89d12d6861c8411e6081c3158339573dc5598b1700148d00b39d" - "c5076a22dcd4ff4f062eeff83a58d2ce6a1808af8733ae254f5157efa8ea35a85cc74469" - "2b", - "142e4907ce239cdaba562d1fa7305bacff05a75e2927800c7b7ea322b47c9ea47846e12", - "104620d752b73379e1e5d35e5b24a793d7a309685c00f8bdb97bba9876999ed9c763d0b", - "059cab3abb0738d8af4ea6dcbfca6d0ef11b6e591ca109b040347d7d4736724953cd9fa"}, - {NID_sect283k1, NID_sha384, - "e4d8d49c9bc566261d9134d5e237d9cbd6b67d2619a9bd06b7c9c139e091aa10682cbede" - "114e1d4777d9cd67a16b7d64278e99eed62bbf25ec5a5a8fabcb0a3468b0e73fd02ac653" - "3e04b1110d29da3e34f33eaa228b78341b357a5d892a61beb2168c3bd5e66bffe3f2080a" - "1e246f55a41ebf9d579e188d16991aa060460d6a", - "1636bd2be121e07ee83ac5e880cfdfca6a56f2b9d0badff003e872348368c7c2cd96b6c", - "040007acf46ab68744a9baaa33ebf6be20c1c093242b0056bb9885d93a4a9bb4640f17b2" - "ef015415c1b671e98f00c1fa364bd69cf998c0ae140485159b0a341994a4e27000e108f4" - "fb", - "0d0d4886c3500bff68455c41f5840d0313f33ac0155a693d27c66fbdb12791c2b5f8552", - "0256b8ff7d37fff7dcc8cc4461984a9bd9661643fd3a68d07fd30d426d10b8c7f4dfa34", - "1f516f8ed4372780380a798d2da04d691aec379483bc0d10560ca79edaab453d3e77585"}, - {NID_sect283k1, NID_sha384, - "2d1358fdffc14630fbc421b443d3c22ba10ef34f15c6c5bb3c73a9b8714e4c411de69b9c" - "d6628fe2eba5efc4862af66ff916505023e0514f564164b389ea422d0f1beb92adcd65ba" - "f43556614eba25e43852ba65af78f62d64b36696519ef8284ef7316ea52c365b99f63a39" - "e6701f81ad520d7445cfc0113c38ecdad4bf5b7a", - "15e5f555119c19b055b15b0c0d2813068bfc184f864e250b202384f5728bbbda1cb0f5a", - "04013cae2f0c3ba04d039c42cae27de4cf5842a3e24be35d7a3cc7f05083f02951cbeaa6" - "3b05d69ad5b7d64d6b19772a1794562b1fa5c2fea03909bc509e7d47b0e8144acb3c26fd" - "dd", - "1b881d95b7de9aed9fb5ff0085ca4da2fbd413b9b947066c98aa0257142c9000bbb30e2", - "176f9e3c9e9f98b2f5f352ca74310badf9f598f4d42cd2b26e5ea0999ae31e3c678fad2", - "1f2dba4e17470cdf7e1815d30771f352807b38080d44465f86044f5969b017c9059daf3"}, - {NID_sect283k1, NID_sha384, - "d6336faa5c3e838f4fa58626eb353d4cff9ba8f0aa0e6c3d0d850e8b22f5b0f047afc977" - "67f1afe2040b85d4e401ba688a4da7a0caca7fac450899092c4fea789231ba9b07782010" - "720f45d16d353798867dd7fef4a324520014ad5cb32684ec50cab742b750e05db040ff51" - "140e8d740f6774a059feeb493b10d8ac722f23fa", - "190c8f17bdd38669e345440d2c7631d67cee9c6548c4e7b9452377adb9303430efeda0e", - "0403235a8b7981b3ff376b6b0959a42cb56631fbb9f82f1694b9e273e6b7131e758fa0d3" - "700444e5747420d7f5ffd6119ef43b998d4ea4a58da13ff6fe7f241ccdfd4b6fd33aa93e" - "3d", - "0b2a690793107257d7bdc37c492eca48c4c9650ba0d657e6eb62042b16169fbe27f8984", - "168a83fcc67e0c155f1fa2329363729872e254f2e0c3ef85f3b3c84fa3406de4191b6e8", - "18c0f8e6b486e6d7d16b4103506d74bb2021232c0b1638858295a63ca35e0d6d26a6266"}, - {NID_sect283k1, NID_sha384, - "07384a3f650bd270b14ca388a441af201b7767a2d47e9033f50cefd3af8257ecb38f5267" - "e141cbbb2ab7327d8fc78cf27198ca3543d39553e178390bf1b921618432ad895e4f8153" - "783a7ac22f4ca3cad4560e64f1ee4a7bcad05df98ea49a3847dc2143b27c243e48be59c8" - "69a547988e2205358e8db98b635ca21b745df4d2", - "0dbbc2a0409ca58a9e39e33b95fdd15080443c1dbdb5874bee991bd1b127047f08ec9f3", - "0405a687605e54e49e3c40fc5ee8fc014a62d72e8595280a66ce7d367aac2df4d16b98de" - "b3030abd03dfc224f459dccd1606287cc30016be317c6207532a0725c957ca5fde692a9c" - "43", - "16bc5aa29cea64ce3297172f36fe4ce820c943908c21c9967697db0cd93bb8a12e42348", - "1b1fdf26a6eb2d736b8c1ab165af2ac31a4c206c5410f61ac7805a68992dbd62b457708", - "14e9a22ce703d942a4fe2e84a4c1c1b44538a33fbfe904bfbb17af6490d372acae4668e"}, - {NID_sect283k1, NID_sha384, - "824f26dcb4ce0ca020982814d5c727e629cbeeaa818c49668f8f6d743f0d0ad362b24cba" - "c48027898f386889ca5411d7d1f9afc69493b1d9ae4d7b695c9fa0a30bb59e6be2cbff79" - "231767e96cd8bba349fa2f97955d56f05430ab4ebd007064e3d5add94dfe255b6deff196" - "50883ce9966e1a2affaf84d9540f65c87ab1f936", - "05495e6c59ca1873f36b756579632fd47f9fb95b64f52589d70f2739aa6a3bf8cf8c198", - "0406df40d8259be64c8ac64a28359290bd52e843f330a68c2b605ba4f777d7bd7a798e93" - "440458667cd7021b291c3415d64f9b054db71d3fe20f232f2a2286aede89ddaf1ee8c68a" - "a0", - "138f05303ea63bad47c4c9a9d43c52c264725a668db5b631d9892daa1b71f62656cbf73", - "05e35c1f3b30b43cc9d60bf8779f3b31e053de0a390da50ea676dc9722a17ef00d68aec", - "1691ecfb826fef1ea0895242129cc3e9a14e1f84fac49d62ffc0a3455ad9c97becd5980"}, - {NID_sect283k1, NID_sha384, - "07de1e4bb9be15a710a74806d4447b093bc08ed04392d1bd5abb414f5f4b4d9d43520d0e" - "46fc81c2a97e71086b28e53242449ed37fd7ed1c5772dbabc430fcf82ad20437b38eac15" - "820421e51912325c872894452c3f8a10ddb040b35308e583c155c3707b52df467c4945f4" - "e1071126ed46611a3253c297f5cbca9e27f58448", - "1724987c9b698519b6c225cf1261b77d0300045e5fd774dcbf13f285e6bd74512cb7edf", - "04046adc9bd5f0cc0d8bc64f4ba491eae3b7f6fb4229bf94b804807c6137787adc0fed4b" - "2f041375e2c89da41af84529811ce7aef26b983ea8add6e37c32f2b00bd47f23f25e5fe1" - "94", - "02ea4ed0e87687a50dc3acc7f4c089040ddd367d1a3f470a711501ccaad63c201b87ea6", - "1be198a1b6e91453018513902f0a8a085c76a2798a2a0538ede30dab65afb6b9b0496d7", - "16342f87a813780aec006ee218a615c4e1c78c0c759d48d4094639b5b4c32a9658c4d9a"}, - {NID_sect283k1, NID_sha384, - "1edbbbe71057bf7d0bfda922be21a3a4dff57b017ebf6fa99651246cd173bdc9b11eefd0" - "48ea599c1f98e907932aa04f64ed0a007831f30daf186c88807400970904d6090b2cf181" - "e0f65f03b4234aceeb420867812562e47f452152bb1ddaaa48487170d06e47c5e9a7c0fa" - "a4fe494663d2fec22f7665ceffffc214b21c6b8f", - "1a5489091cfd51a0970508ee3e8449081ed175928ff8386592c83043a7911bbc2f8778b", - "0400aa1562c94bd16a3f8a1d6c465908ce3b83ba6711e7d8b0b9353d3c55d13dee213aba" - "700103a789854f63a139e31348f1b2608f1e71c88b5d42809f2460642ff46a470ad85735" - "43", - "18435a6d3bc02b3019e1b156ddd6f3e1bb9c5af70d1a2cd2089e677cbacc21624ec8947", - "031f561b668aeeb4df43a3a34716c4e67232f56959104b7237b26e3c95dd40e15eb076b", - "0f2ddb6e6d18a7393425c16b3e5a5aa232cc48198d63e46a601cd3ed221a8427178a0bb"}, - {NID_sect283k1, NID_sha384, - "db5cf1de38a5187af11c1f0f19a36db52f8417de997229e83072fb51a3b7152a3b383e99" - "19c1b8427582e53d4e7e25433d46cdf01492021c237ea0a87d38c71634743115a6b2aba6" - "6d3faa8003158340a5078171e0bd55a6e5d8c7fb2631a31c1204e1479bbfe79ac70d5e58" - "23af502922a900576f0088a33e42ec3e26c0089e", - "1a45ecda0788fbd7cb7a716dcf4c6e83d4148bf63ed58078690ebd238c00329c462590a", - "0407a1e2fb4e8e79e3946086fa65042362418db0dce51541121c73972a435aecb99f6340" - "23006bb02df9899ac3f207732fa7cdbc36a60c17592af7ce06b8df4255110e26a02b2318" - "00", - "1c986f88ba3d5109c0afa2c213dda8df462282f024cc8efc758a5342a0de91c40452443", - "1efbd9e0d912e170c9c55bfbdfa6106fea4a4e013e7dc26628a1aea4f6b806a51866003", - "0b1347f4f85adef612f5c3a436cfa59eaced5c7cfdbb69444936d71812a2ab2461bbb5b"}, - {NID_sect283k1, NID_sha384, - "4adaa850eec8272d25d76600aacf2cf66e754f6c5efa65c55a2a31b7bc69437d9a7e47c6" - "f51c5da93895a45221f5f92c2e20ee6a95eed3cc7249688261a35d82872284900eb54dd1" - "df6024ec48963ce43e8ed8b8cca8ed22beee8f0aadeae53726cca05443316537840ab824" - "cd1b595f36064e9a19333748d4f4972178e7f5ae", - "11461776c33f20b176dc8f2b0cb2446a9b69e55b6c7bc7457a7fb4639116b452b79661a", - "040043ba7157559659954ac58b44f19262bef9e3a00829c70af66d07cef08ad899d7f8ec" - "2301e8dd9c947b5a6decd1a26fc5d0eecc9605d22abda747fca038571bb37036d9034e80" - "61", - "18b231de7fc499b461afed9b80f4405bc005011865cdfeb25570b7c0ff79b6ae94b6ce9", - "0fb203f47a4e2e9365ce070ee7fd4540f3f7e9ecf69b4400eeded0f5a7bf6e5a5c6d004", - "0e635dc65233f27b8350db22b90a3b8611e6fd1b3e0f515e42fe8788b1376079816308e"}, - {NID_sect283k1, NID_sha384, - "11d212a99c39fb5e4ca0096bbe6c81ae1490e1b8e07374b4e773bee4fdd24a3c13d65391" - "9db663d2c32aa4db140c4ae2d472d4f878946e527ad33b3dc93012d97458f96cb622ddb5" - "6f1ce7c2474ad0d5291dc35545de47b7053d137a8e79dabe06757ab53e26eaf751111bd2" - "7690e57ffdab5337eb6f81889e9d1b1ac729012f", - "025a65f627db2b4d6cf83c5b0c00265b9b63f7656c5e3382139e4992bcdf3cab502844a", - "0405a35e7e0b914a3e01ce3a885192d2ecd27418e09898631de122db0c48e8b58658720f" - "cc0009eab47197d5f56927848855b6ff96db7c36f810ee7c89b305ef780ba8c993d65537" - "ab", - "18516ceafb61cf2c7e7c511a8918bfe394c7fb2fbc40fb3052e156cd4020fc674684f84", - "1892ac13b86ad00e38ce2427c8c78c93b08605a75ca22b3658132dcf9d9df7c4b5540a0", - "0437b33615c16a85ccb8c4769ee7c5f94122d31e2b5fe66291b401fd90257ebefe33818"}, - {NID_sect283k1, NID_sha384, - "9e4ec74c09528fdf3153a0f6955f20c70915ff524b2e19c991ec4c5b41ea9185e3e876a0" - "2ed6f27c9b3479dba951bee8680c4c99be1a626808114408856994be7444ccbd5ef9859f" - "a479b1050bb836034e20c531b4d618f5843fe1d4b613a731895b489a2363f3f5397d5ff9" - "64cf037e9b11e3ff5e1c3d403e5a46b8387c1241", - "173b28fc29f10245221a907778708b3ee62e0480aa9051d4c3eb4e8d552e6aad5509943", - "04024bb9bdef975af892ddc1bbd31314926a9c81f8f1864829edafdfe2744e793c100c04" - "83028ddde61b4361ced9c391c86c28ece9b902c48d14c61684962007dfd69d0468dfd65e" - "7f", - "199af64f79ebbc5b789d4676a07c224e4f6fd33285e5a555ac90cf65d0b669bc58ced4f", - "137d746d515b90890a413685bd9b26a1c05efee4c11a4b40bb621c9fa2580c46c20a687", - "1647f70ab7c68a0f522420893a466940ccf79067b323d940369f8b8694ccc3fc0daccad"}, - {NID_sect283k1, NID_sha384, - "5fe8253d2134c434cb0866796013722e82184638b024a5a30938039929ccd8415c71f71f" - "239c5c5a81f7a9cb493dde209f189bcf766c17c6d9589cd0c7de7f07ff9f24d2320669b5" - "89d084f8a8ea71127b9760b7355b162616afb34bcdcd416f1a062035102e29b70069b2b4" - "dbf70179b8d60bc2ee5a455efd40194533bf560a", - "0624616adcd45e1fdc6cfeab2b17230d73d91fe0b39f4664f3c6891554f9b8e238257f7", - "04010917ef84bd5c0b36c97cb5586d3057a34f2827f239cab2af2e6081c5bdffd48dccb0" - "b2078ab47fe1bd3e28055c688c78e617ddcf6c5060123e9d65c562df2e94cac973ab3b18" - "07", - "0795e229185bc1b3d6d69b08189fdd7a822cd18ac55971e4b35e51838bf12eacbc50e2e", - "185483378a162b8edd6a12f44e3aa4ff829630fe3a1c9ccc66e34775f69bb6a94282489", - "01662cde6cd497be7966a0a77b0626ba3c4b82e20bb3f2e839178a31aaf440aa0e059cd"}, - {NID_sect283k1, NID_sha384, - "db49891838fe23f0530abd4a4fbba5ea970afa5747f6a0a10d2cf4d841581ea2178705c1" - "203f00cafec91d0a72d25448072c9cf7d7ca5580b39f8589ec63128faa95cb0689574a6b" - "ebd515049a1eb9699922cde0366b5cd58aa8f3d3e847706896f7e1cac667fbfe94b2eca9" - "e7be79a810806ca4bf53f219bb30532ca2254c11", - "199757ffaa2c59e198d66824eaad37cc42d49b2e241b6a60382d05e425e800eaaf32470", - "0406ad18bdb3e51cc053f56b9f9c35e2d6eaecbc9749f41a9ffbf54634838d7745ca0648" - "9005dd77c42b31aebbbb46277176df08d81919ee0d9ddf14c3e4c0cccb207bf649c48fc8" - "b9", - "109d6332ceec5ea211f642a746a6ce055986b4a2feeed7e847904f7f411bf8361318d92", - "1a49fe690a34151056d290790a6bfa7b70958e69e9baeb30c55efc61dc5dc4934f2fc95", - "1710a4ba5b404d65f66a8fca2751a920224db0cc0266f7b0bc054069ea4cc51b1f017bb"}, - {NID_sect283k1, NID_sha384, - "29d385d09c1142a7c181fe4b6e6132e414c15aa8605b44208c0399464613b966edcc2d46" - "cf203a3f85d943d8eae658695dac74366224a0d0348083bec0106f5eb8809ae8d07f792f" - "dd7c48fb1a25d5ef3bb9acd40b20c61c821024a9acb2ede321bd2d0dda849c22d76f421c" - "bd8d51565d3c4266f666455ca1c0c3777aa44107", - "06e51381dcf21050aef2e9b97e35303cf3bd91956854ecf9b6b9827871d2efbe8201c5e", - "04052fee805d7938b8b97459b9fcb4b80cbe29f20a9aaebc07ac019539a4a966c5ee4175" - "1d078aaae02974de6530f285b4bbe87fd5d0c9a2ecfde5fdc9a3303e4b988f673c778004" - "bc", - "0b426ebda6628125d73efd84e6bbab6c4c8fcf7fa29ffb3c8d6b0a861dbf81cd18d088f", - "1270045e963b59e4a4f1237c2240a5b26a7ba8e28ea01326fbec00e5d95d40e859d88b3", - "1d721477ee1df1388e1b7f92c048e5759c060ce1291098a2fa647974a62a258a189b4cd"}, - {NID_sect283k1, NID_sha384, - "774c1cb8fb4f69ecfb5c7857d46415568d88f1f9f05a4bf64a1e1ff6d64aec16e1d09292" - "010d1f067c68dddbcde06ea49be2ad3838053f0b9c0c2383edc451ef0188565118e7b3c6" - "6a4fa372b96633dc8a753106283b02d0322df273d58cc9bd061ec219f1e1a9c8ca1400e5" - "e39c1b2c254273377dc98a1a2c44e5c2a5b89167", - "018adcc22cb9a2db64bad3d60f1608c353e091637b948914115ebd43679904f955c8732", - "0400630bdd8937e961d5396f9ea5310123a340ba316fbb7d79bf8573f27a0065c6fd6f88" - "900737a0ac1116e0e2979f973cd705588a71cec5e2a9f22e7e81fc61a4375624f55a6182" - "bc", - "10a0c04762d02f9d3014bbff287864743426cee14daa43b22149ce73d1ba609c0ba6be6", - "0ac29b041a6b95f9ab685470f50445d416df5f7ee06313185794f2b542fcc00606bed69", - "00a4241b97b6ccf0dcd533a15867f5889349ec353395d47e31c9eb6b8785736b3e285cf"}, - {NID_sect283k1, NID_sha512, - "c406aa4295f85c854b4db2de5a7a2defae53a319866921a3673af5b48c85ef22f6eb4cef" - "892c790d8e64530fc20c729b2821b5f5e515560b1ac764106560c3a6a05657e34cd6dead" - "fe2884bd288cef4ca92e1f25adde7d68a30fb0a1b3678156ced62e466718e68e9d67099a" - "d82613b8d06bdda1a7b867c2455422818ae9eeac", - "1898276f159c10d92d8d4b6ae214d68c72792a4b5f1f79936ca3c063dc8d9a88be439e2", - "040394cf9bb273923c88be7a1c49412ab8599e0cc5509926102c122326bc0b34243f7d1c" - "f3072330906f47e8fe95f63d0f0aca1115e77fc702a923c32a16505bcd9021da05fd9cf6" - "3b", - "058772fbb30227a136de616ace4a0334be0996d60e9772ae9bf672b7c38fe3ee1b24f98", - "10e0cd3fccd1728e99e2294efd6dd4797b6492ad95a789aab7fbd177475a047f1e5d38f", - "0c5e0b2d1991718355be14bc57e2d6ff9fa63e0812b9adae69f64da610cc6cbe36fe4c5"}, - {NID_sect283k1, NID_sha512, - "cb2809152f8258660933472c06ddcdb65f6d5221fa29d5b0efec9c2a7914dbbf9ce0a468" - "ce146fb333d26f510a87a6bb01bf8816756a1b5df81c5f65360957cae84ba038e37e8877" - "7580e91c34e2f5aef4fb55af7b81ad28aeba05e0b1c64a15381a6719fd2c16e38a441516" - "e1b394952d984baf9e051b1dc1bda2e12f8ba5b8", - "12ff37c808c3cc029a9cfbb67a5ed21f3bf362b49270d4ed0f1e38fad25ebd79f112a50", - "0400cc00fb36bf62e777a9f6048761e53633b92866158200c43900db95aa1342b5760290" - "90055d7e57221ad939f5639282cbfc203114ee69baab4fdf194f4d2a937d8a57b70b54a9" - "07", - "163d8eec726d01a1bbb19995777919f68689f7c2920f3549fef966593c4fb012a5c3a1e", - "0cbf5c3bf1ee58869e1d3c15a05c23217f1c252da97f79334bc79efe3f5c62164669ac9", - "1fd51644f471ea497b0560b65fdfa2fd0a6cef469021303f97753d22ce1993d1ae5b96f"}, - {NID_sect283k1, NID_sha512, - "e060af96d4a7fe512bbf26be9a27bb6a8ff37547d4a7bbbfa710db24cffcfc760dac120f" - "89f642880db2df6307f9ea5441d5932d49762d182b29d8e7fb067a61ab0df622f75cecc9" - "17e27d0326085d34581e052c85f50a37713e27518aed7c4434f86970e00a0a4b8503989e" - "72614131b7164c1bdc82d2b6aeac0787f9838476", - "02b8c1fef9c6def32b5f4127273ce384b6add4aecec957c1662f52334f5ee97f49852d4", - "04036a4fe1d77bc431012d25ff49fb5468f975353be70e7507d71966a0ef433df51dc323" - "24058d705cc883a690641f0ab85af4959ef4258a7ba9cde36dab77c125a1de1d39536658" - "4b", - "0865f59502382b324e1dbd75db150f342336fb19145fb43a733971da555ac5828a3457f", - "1ccb2e56c02cbe8038bf78dea256704ee6e51054668ba8c2ba11aef4ac6f9320d46ee8d", - "030e662c0e7d47cb3b835c63599d0c9c2e77ca47dbecd7ac834c2babeb039eb630cd0ef"}, - {NID_sect283k1, NID_sha512, - "d235c31f0a82957a087c7597673970aa39321d4c2640685a03df8388b5eae4825d1fee29" - "926f416d5e62a2e9ca1ea7cefffd31607e750fa9675983608e0f8dc895371b190574d065" - "c5c0c23ffdaf49e65362914363a3fffbc2c1bb487cbd4f69ec22dda5c7dc3bbab805c81f" - "aa85787cc176bc0e5703924f395d8c9e7e7701e2", - "0afb1c45e9a9f02942b8e04da4b815498454dde6643de186625a98b3c1c6993abc8bba4", - "04002fed49c59e9d5c09202a5dc29d8dd527a870a180feded66ea6fc94ee094122ae9765" - "6b03620820bdd5910037f5877649be38db3571a9c6ac632602d2013d0d5abe1f00133f6c" - "de", - "1fe749d9916f11100af525ee343b3b74a493f92339e432a482dc8e86ffb5affc4630037", - "120f6f13331cd4d1a5b9707483c74dc0722452062cd4534e94cf40840d22ae263244a51", - "0bc2e37a481478f879de612cf4a833f7e12b8df33f5b0d6ac5f5aa431678ff053e2bc1a"}, - {NID_sect283k1, NID_sha512, - "1a2559777a5fd8f269048feda82c4d9fceca95803f84a813789d6ed070422240e443789c" - "5231d63d5268ddebc060dfb99c4eff2ff115d2984d8bbc5c05314562ea6864fd543e7e0a" - "3b8572c017d8ae3563027d79bbe164d40a5bab354720e45094b9b26391ceb55339592fc2" - "f10b97dc9c2649f7227648f5cd2fc46d78d31c0e", - "0ff537d73a4da0ae3a4894016b71dccef3bc886f3d24a5abb7dd96cf8fdcbdf0fdc5e51", - "04001bd0537dfb29f727f91fb469c31164e1bb0ee192a5b89b880f3fa40e3e5437f0d2f9" - "e106df9bab2f9198494094a63f2ea091f60108449f0741806400694a93702f61fb0351a8" - "1e", - "0bbc511c6e1772ca6cd1cd308126c18c5db498055a4b3f1cb0dba3285f6d38b083e647f", - "1ba756f3c89b732398b90bfa2f92b2a77159c530a8020b75cdb9697c6d75c18d36040b4", - "18207cf326bfe97d657ac4197ee5c20c75431ee552681a92a5815db0d984fe597700bbf"}, - {NID_sect283k1, NID_sha512, - "658c0d3f764bbc952fa55a258bac16a5bb5184bfa76cee06baf9ee6b9ac3f116e08bb240" - "6b1dd4be487b057f3b29c2043ebc33019b2017c4deccb86f50ff15fc9248ea5fb6426112" - "0b1960525aec3cc18827c23291722c5add8a3761ff8516c61956c62b8cbb13f3d92bf3eb" - "45a70704c01bb3625d21c38ffa83a6db086ee968", - "16000d2e879906d1040b32eb6ba3caff700e5565871ac75f10c5c15b509964bbe5e14c7", - "0402ba89255d1c89e42518662611e2efe3b5e3b8043926ae9c43974ee2986185269246a4" - "3302b87762b9ada81bde958d1f9b81246f49098695391ba3b4b3b9ac5727f19fe42fd079" - "46", - "14e837476e628007b2df21b5035a39c24cd4869bb52dbbe13c9666ddd8a7e3eeae29f65", - "1b5091fc755c0f908ee13ef9bee40dd16a5710befd1e265a312e595842d52cc135fd722", - "0fa25f43c3c074d702e45d216e3704d942e9d67b3c0728645ac6c53b9be7300061e5fe5"}, - {NID_sect283k1, NID_sha512, - "4f10001e3517c2c1f973b555f4827681e096d860c4db08f1f4aef8000c9c24bebe59f8bf" - "3d7d3cac959a1a5477bb0ea43f2e746b5d14ed48a58ef35484b0ac786d2fec669f945e84" - "6ad73e6b77a9e47012a951b398941566330d89125eb3c1fbb2f06adb951ff5f047d102fd" - "f28b5cadb4a3e1a10412eb3474d2ed5c3fce78f5", - "019528d505bf0584628d0214bc857150a929d3f59619bf8f3acab545fff0977c9bcdc97", - "0400cc8863e1443e61fedc61abaff87d80450345489728d78c333b36fa28d8754a29cf3b" - "a100205ae70c35396c07f9f96aa7c59cf8a28aa2a365b4a1b68e7414d8c4ae5220c8bae9" - "ae", - "13d555426101fa3c239b7830fe0b6cf08a1c01f9a991f806c84baae20daddf5dec8f868", - "0af8bd9856dfd783217cf81b09b464614aa824b0298f35308e6427c679607853eb66c7d", - "0e6c1933d6ce25d0a00effbaf1db2cb2542cbe7521330c34286cf3bdffc20c001cd7722"}, - {NID_sect283k1, NID_sha512, - "c43ec3c3232cae59bdea7cfaf18a4672035dbd2b8b6b1b44ede376b36cc2d8baeb921e41" - "6aa177f5977da8bf1d713509e5251278b6622790056271715cd5feac58bee5baf50b216e" - "8eb886279c5a384cdb696470275b7487fe9ac4c506706f6b0f9809d1ccb102546a4297d2" - "017c2a8df9f02f30d3d1bd9aebf6a92a02e0d202", - "067795ce117bc0a389397fc22a01cfd9422cfbfb5aa44131938a8c45e48e1d5a718539c", - "04007924de08acfae6260009cc2f02daa2fc2a809e6ab4cd8858a9e9c2c15b17e29f1bc5" - "ee004f36cc2d36df63474a579b96f6e59b890782ad8fa865efd80abd798ca2938bacbf82" - "12", - "1bf3242e75f8331fe70113ec8e14ad0814850bb8cb262c7d0a44ca69de52d32dfcabd0c", - "145148d59c5be2b6d39dfa33e904c161456822ec0ad64b9dc52befbd6496c9303fc062f", - "0b75c3c404d694e086c0f5aafd534e7d8596601f675b2fac9384fca6084711e35149f9c"}, - {NID_sect283k1, NID_sha512, - "9b7d675a3d2cdeb280ea28289b5fc2a3ef6b535ebee8ad242fb031e2e1f364e8ee806568" - "b2f8627c5a5b4f51f4f65c71acdc1152c08b9211b81907b551e0ff47f5a6aca45dcfa06f" - "09bf195d19d7b165b52111b601fbd97b192f62465f8ba20773b1599c8041e91448eac7a5" - "763ca0628f40768324c5304e1119ca6a1fdb0778", - "19269dbfe4184249952a651a507584746c5b62c64cb3b17e0158aaf4d086a4afb0330c1", - "0406c60a475f2a3635fa523e1b138edc36f51e94a34e75989c2cacdf8949115d96f11ae7" - "520494d5e23ba9071b3e52c58b1d0740cf90cee7b084b9ef7a4a7be8aa47ce7b3d97c8c5" - "1d", - "111f4dc771b6ce5cc2f42172d3d70fe77c73683bdd2ea331ff711b7e9d8c3e4f2d7d6cb", - "027f224c01847c52ebc180ae81009923ae3453be1e0d94b5c2934603577f36653ecfccb", - "1e7b771631e5e72b7ddfb9c73f684b93270269ba4216cf3926e43b2ceb49756e7e7e0e6"}, - {NID_sect283k1, NID_sha512, - "f4a08daf8f66ce57a986f14b918099bcadcc4308bcde7c169ce8536a40d94a928cfc0968" - "180a2c2a242c59df73ff79a03687998c421cf9a0e661630378779a4744ae2a6cd24ff61d" - "7fcd6c11a4c8bcaf358075e96f864df0998ee98ee393b37bb38747b70bb7a208740959b4" - "5174a60153ee566e0f62528e9a5e4466186fa650", - "03835814de0d6441cd80a44e40350cc8bd62ffcc81e939a4410bb9c9259e30463c453b5", - "0405ce9f6c979bc1d6bc41f41095b7677cc184da8918265a7f0e5b9dbece2ca9e0667cfb" - "ad039a395aeaa04f5168de809164285974d306e474a610d89fd401c375c9b73f0d23dbbc" - "f0", - "0b714d734d063aa81a389be69c56dcc23bcced3517e330572f79c769645e7dd2fd55c20", - "0e4d4494f91e79f2b1d1c0e22ebf744ef448f57c951f1b5f4da3592fe60008ab00f5f7e", - "02edaa4d8731b598c24b993dc5bb4888ea3c2dfe2807daf88170982667e69b76a8ecfe0"}, - {NID_sect283k1, NID_sha512, - "864647405c70939fdb4c026bcad53218ba1d438d82c9138f0f0ecac815dbfb242307cca5" - "2c84826cf6556c51082a23f14252dfaea43ba229f7493db2bf8ae9cdb0228dab9e25cf38" - "5b504b92cca94f813acceaa1f18de851b8936c4dfe9e4e17002f02dded6b4c231ea5e614" - "ab46fcdd637b8c6193e8d0c2df1b3d883b97e1e8", - "0aee83dbed3b703cb6e60d51e373eb20e298ac005fa6a572d02fa1e6da0345558ad2a46", - "0400dc25760af992a8ecc108373281bd0d246f95933ec943f6346c1b2b941a03b33951f6" - "2206e35f02d225ba11d2ed7ea392898f78ca0deb2a47871eba6cd2be7440a410d910097d" - "e2", - "1df142187f8b27f4888075a3784aebe0fb7d80b0b6d3497a7adbb88cb6bd26cb82109c4", - "05a530bf1135ea6d599928cb0383f5d391d19be333b1577ee4eb6f2a78b54e4aac0e09b", - "06f3033cf392f698d1a1141cabf138c411f4e20687920f2915e17e805e8657a887c7953"}, - {NID_sect283k1, NID_sha512, - "c87c8f3ad5c28a027b28ae5021dbe8d425f74181d519451f1fead7a1f9dd102fa6785b14" - "7b610610cb59bfa91fa363bb79ea602a7d7e1439f874c5dce748e5c320560c2d9676f3a9" - "48754c72b6db249478b7e19c9829ab4de2e344535d3e0b7c20c272f82556a280ef491524" - "b255c4fafb9c8ecb87b0149ddd9d7bf6159e3337", - "17b65c66514019ff935e9d571a4e68e9ee4463b7b9a754b93f4f7741693f4399879fa8a", - "0405bfb704629596ed05096783e49864a11874f319b4020917f1ba700ddb0606e6e72c17" - "93069194592be64c33c2f63771af0e4100d060e9750031048002680541815b311ba8f7ff" - "a9", - "171b5c698175300b95dfd5ed8d3fd7cf4e19105ed7193b6013103555808743501ee8c46", - "13f001f287dd5c7ad9af8d0105b47caed66ede41dc1e121a602610ce20e41af91cbe586", - "1433d5263d5233c40c0ca526b3657fcce8cb88ee65105b5f5ec82b26e12bfff11c8812a"}, - {NID_sect283k1, NID_sha512, - "ac7da7611e2ade20aad64b418a16e02e79ab4894d758550210eb10013a9b5533132be701" - "f8843c840807c4167c38d21dff168d3baa65d5bcf285b73dcbb75819f8d7a20a849de335" - "e19bae2aab2ca560b93d340731f291599a5b28afd7737460d291105cbba6d0290e836f6f" - "6c1113d1b2faf90ac5de7c64e25206d79380a4ed", - "17d2071f39ba35515a8ec977ddd36ca15983e15bcda626f15af61d87d58114f4c80a8be", - "0406f09c255fdaf78d7d341fde4586526fcdec34a28448c7fe65685a67b6c33564ce9249" - "a3024ae4483fcbe3f823a7ce53db96ef2f6c68670e107e68cee4f358dfa844112d6b2144" - "e1", - "1403078da10f55724fe7b56dfc55990507307386ba82ca8f6340d33769ab1f6ca894bdd", - "0a54a35767a1cc77b2332b04694404fe5a31ed8851ccc2abfa5542b0f5acd9be9b1f02e", - "0577e0a1937172a6d45177c2b328d72f75a08a8a774a31151b89fd451d531348695d870"}, - {NID_sect283k1, NID_sha512, - "5757c472fa2f81430dd920f39b61066a28c870b80e6c96f822f8f19b398c3574d159cc22" - "120454dcd7e97be8211916e4bc8db365b2dbb99a6e597d06e6645046a0abdccbd06741e9" - "c0eedf33cb78d78a540c2a390719acc498331e694e6b0118cf4f787b51c7b7237458a614" - "9d6dbd0a08bae8097e919f970fde920485e9a0ac", - "11504659e12235855fe55220287a101e511d39a627f8a0d414446385d4a88f31507fe74", - "040192fb9bcd157c7ef385d48470c3173ccf1ef9650da7d680d8473d45ab2064a073232a" - "c3014ddf872b711157d121b0a61b88a7eeb7cd260f1f82ec5f62fa2681e28c7f2640e305" - "e7", - "17e10962721f041946bb5ffcce724c9f284b1c8970f974a069c36dd4391adb8cecb8bde", - "1546450d25e2536aa14b8751e3b3e7eeec8a6c1cd967ba0f03e6bfe64c0a59072280636", - "0159c8d6499fcfe8ac7b2e84990a714d7888d883c16c016c4b165f36d62c3493afa67f1"}, - {NID_sect283k1, NID_sha512, - "e350383d04af0f4081bf09b95d1d53040e7acc64e56b13b653df31dd119617b800e0cdfe" - "b935dfa5d94f1d7814688d8ce41021810958759cec76560e1e5c0581456acd1a02016584" - "9b2203f1c11d318d816697f36a86b59f160faeac7dba71682d3c031d0d547725ef69cbaa" - "28345512e38b75ab011911d8924b2d17a857a96b", - "16e4cbabb03215767249ba2a608708b78d7387be9e77f5efd2462467fa05e8dcde2c036", - "040112b7ea5d21df8ce52772a1b76a52ef6f0da62cb7718a467a034618b7ce701a05cd24" - "670649e0ad181437b4eeec87e202d8fab1c240f9dd9b31311284c24d89160b1895be5413" - "19", - "120e4bce412311d3e7adb36dc11d4cc1da8a4b9d6cd5219e772b3dc2b2b8ce08833748f", - "1ff2d53a8e6c1c23807eee681156a146e8f2cc1a8c262850dc69dece31860bf094e7f73", - "1e8906c0bf2a5f922ca271def90d704a1425e5cacc64bc5761b000c7df0f8f9fab51f2c"}, - {NID_sect409k1, NID_sha224, - "f153cc61981a46d8a47d17d29ec157fa93fcf644beb84558db7c99c57fb131dcbc5b6558" - "1ced5ff0b29bfdc66ff703ecdd4290f7c353c02a3e6d6867f33f3dccd1a0b6752b8a35fa" - "143f8921a5078af9c85b212564c5b795da9858c7955095938fcd10c21e35e1abe905e84c" - "8b4bc05f2a06091ce876d9519b96951d08c7ac9e", - "011c6528939672bed3e8c905b7ba594c3ce95f37fb28044f210cccd01dfdb42c10e8e1a0" - "b5d6fc757834ca7f08e98cbc52b0edd", - "04000b570ec1fd09d7b4d102f83cf37129d94c9cf2f982b702c5d1172bae2df558008518" - "493c08dac6f76a6646156f123c4f33e79800e3cfe1aafbf25a5a4536d6c0cfe13a540b4a" - "3c97d4e7bc6c0346addb4b0c32dce089a7a5385e8a3e67606b45e2062c642bbbad", - "027cecbe83853037cf46aa98e1e1e552a96af0bb24e57756d8239fea5d769b51b83f195b" - "7801b562259ee644ab4047764d130a0", - "06a1601e07dfdff9d3b4ffdbff124b717403490853099fb4a00ea98f84ddd64e908f99b4" - "0a2ba6ab88b2491a8d948fcc2f207db", - "0741d27c0dddca3641b56ba1e9bacb0da1fcee46b9e33ecc6990b98cf0db74668ef1009a" - "50e5d55f80e6642ea48689a529c8a08"}, - {NID_sect409k1, NID_sha224, - "258c91524423b5c876432b1930c7b07b56eb5e3945f1e2296a4e5bfb9b9123f800ad195d" - "6104641b1f1970bca553c2032f83d17252e52403a9381c1fc18eaffdf026f7537aa27d84" - "c5e3d6e39e651a92a41139cec5181fe794457f556b390943093be719acd23fa1ddf7ff0a" - "af0479484a381a309b4f681af74bf97caef08c22", - "07e3b714496dd118d8f3f597961eec5c43d0265bf85723b0b9b0616977e0acc2cf686cb6" - "afa6cdc19114e27ab000e762dfe467b", - "04007dea0ceb73b9bfaff7147a36436cfa7955eab02ce7fe9b60dcff3e088c5c9281be59" - "07de3e06ebb2e21dce8bf3ff85feeed50001cfa9b30af20612666e5df798f91eb4647d8f" - "5e1747c1b18adc6b73a848d987434c56d13ad78b775c4096e9f20d4878bbd9572c", - "028a8353c05129dcaa7caf0343130bf2e2186b9cb5ed0a27a565e1c24eb882617cc299d4" - "86be76fe0f8f3c52678b6992288d7c8", - "034299ca2aaaad51f12c90e8205da305523713516ba6e7d245eed8ef94a1b2409b98ae93" - "476aed6c9b9aef50406860b4e490db6", - "01a1adc76c65d77ea686d769dcd007c0101b4cdd0934402fa47dac22f8ecac28fc05c2f6" - "763a6781655ed5e7d84c41157255a4c"}, - {NID_sect409k1, NID_sha224, - "a16a0d6fd57240fe88c7c36b9f7f9040cfcaa9afc4beeb8300818c5f90cce73b819a12c3" - "1d42af33146399cdfa4ed4954d068dbb0f1f342269dd29f1fe357e7224304b67b0f924b7" - "94780fe7e6aa9dfa3380252fe7177b43e7b1789718949b9ec1b943c83ed4399491482f0f" - "59d2cb8050ab6f8b5854d76c50651428cd29c40a", - "0182d1e937b037bf7f84144f7d4c94c935269c9aae7d500aa459a7a0ec113b232dcf2829" - "08eee4c84b8106cd38cdc41db3f89e1", - "0400bd4f1ee6a967123d70d488dbf0fb43aa5e93dee5794b4492277fe559776f74075485" - "0477e275cee9f1c375403a4933dc9869200191a544b98ba954cc6e060ba26a52fecbd1f0" - "dc7c15381004cccb799a9f7960a3cedd02d36fcaeb0ceb844bb4683998d776dc5b", - "07904af733742716366f8ba07086f924697ac8a01bb4895bdb5715081ee89eaeafbff4ce" - "c44eb0ce14e774dba71bb9b091d2594", - "0723b2068957c4f2ac1df69378fc013797a3b071de30b514c3e610002dc8bfced32bd2f9" - "e8f692b653e736696cf818b0ecc1e10", - "058455b8f9abd5fcc28a4ef839ac0245c3feda1fdcbc3c171b6928c6abc931e8b0ec3438" - "2d63e414657e9319d2965fdc9eb74cc"}, - {NID_sect409k1, NID_sha224, - "d02ff569828fd1add21f6bd1c50cbdcd09222e458ee79fd5dfdba3cbb84e9d926fcf196c" - "ccedece77d5aa17f8c8cbf3a9facf0f02c71d5c1c8aeda9d75f6fd7b6f2c5c70dff992ef" - "6e02c438fb3c66da5a503b3c39acbe2a069da457595b542190d818015d462670b0807c40" - "1e36b1bfe05baff3a8ccf8d1f5f8de7840e87993", - "07ed09428f460724c8a5225a31151e031d9949493fff5703369c401762345d002c4ce424" - "294baab22d9e71edc4f854510cf0e6a", - "04007fcd003a8cde5503f5582a42738738ac7efc6cdb3813a00c072fc114006be9881c0a" - "881ca35988dcfb8088f3d07a03943cf23000e7041e666c1bed3b80a691ecff60ad4afe3a" - "544ce58030bbbcc130045e2c611d65f322ec78aff6757cb5df8ad54ee8a09616ea", - "02828c8c4bb1722b0f03262de32ca8a605c4046badb20d8eb9f19aecc5c69f199aa48d09" - "b61f285254425cb4bb5e0763dd471bb", - "06c99d796c5d4fa21c5cb7cee0b7570edc9d7e9d7c3604f5ca3766b17e44bc71d8a74ac2" - "68b8713cc2ea0adc3dc1971c062b4a1", - "075962e0ccbda2280e502559f48c8d37704964f67f8cd3b443b89be740976f1bd929c175" - "560fc8cfb282661c0fa792a5b200401"}, - {NID_sect409k1, NID_sha224, - "57befce973b225cfce7f996fa5a1a43acd160681b88a87b7de04544eb7b6a719718f1ca7" - "f559b6531bfc18fca3836d2be7f7a6e48387b7579a6845796d30e46f0dda9d82680f8c96" - "c5f0989741adef9762c3db763cae2699cb6c112543635e20ed5cfb4b55ca2ccb32d2d139" - "36085a8ff95ed658a54be73f80c912ccfe5f0ca0", - "0390f05b9619c27b800e99aeaf61ef7f6249367d5cfaeae3c7b523a8b29153eb8a77132f" - "6c4412545a842d6deb7b7aea7e2bda5", - "0401cbcfc492a2a6bb8a7341df67ef2bcdcd706afabad5e7ed1d63387ad9b0dbc47ed17b" - "82de6de936752632e43c393a93fc5cec0e0111768994b2dfe9677d9dbc45d4b55fbbafda" - "aa2b2638ba1605c35301fa557d628a87d0a7febcad9f8eb4b51fc9c807652579f6", - "00b8d236a9f8edba7b5207b4c7848807b933b214fa25cfc5a0e73f750d30051264bb9f67" - "02837b0f65a451d4ef24f047ec4e9dd", - "076bd4755427fda22a0f177624477c59de12a12621aac274b980b5e1ce5dc700591eec13" - "dc5bb48c5c8643de287a07a48a6a7fd", - "065a5b0a00548bcd7f59518f122d79c7552ca6097f3867604b462201add5f326807f0e87" - "79f2177f277e5ed25253885ca81220b"}, - {NID_sect409k1, NID_sha224, - "4277ba40cb462860ca722cb4ee71c61836d2ceba18bc91f3fad7dea478972c6da0ebc028" - "15eaaada1d1a5e93d7ab353855ccfdfc94a5742fe18daee2328871e06c1ab0a9a989d123" - "9df2d2d27f96c415e7ef9a941f06c6790675361173cc229aac7045f49eaca207f59c4976" - "19ba32e932b5c1c6576812ee5b146e2cc7de5e62", - "007d18652732596add3db31f7a0ce6020d03f3df58131b0c7c633faf619b8210cd309d6c" - "0c4083aef1a1b6d2a756adad0bfe344", - "04015ad0682962b4dfc8901a0dc77d548ed616286733cd9b3ede937cdf4401ab8b3e3516" - "d466ba43b6ab5356c4e72845767d55d27c017e4de3288ed44b48e7c47b16e2afb513c976" - "3d5bf4cbf9a357c128c94a758e3ff946957df461531def2b8d8411b81f45f0c2dd", - "01a896c30fcfdbe583d6b0119f467f47758ee01d4d601eb698f444ed0f76515c2b8053b1" - "1ae7abd0eef7aa61145a53d12d560d7", - "053b1cd57dfdd8d1802f3e295e450a155c366bdc2bd222d18a4d08369c25e53f1f633958" - "b22d80755ecaf8362d548b28dff1ba8", - "069339fc6058762a99576a96e76f75275f848102bcbc281e59fda26c98fc48a3f1061755" - "e80740a233e03287f510f4549bb1874"}, - {NID_sect409k1, NID_sha224, - "57ff6792ed4b12220d179bc0ea57ff217f322c85bd3676a681d32d7e4a3e0c8e891fd267" - "df17caba5992f68c35ff670b60b4bbdfff82404f6ed996c30539bc395120f97d4d7a652e" - "aee82bd8f9360bf8bb73748b8bbda9f9480eb54f7eaf2609d4259329e8a5ea020521e7db" - "d3ec56f23c849932cbdf2875f5d5c774a9d6b0c9", - "02a91244ea4623b63403dba807d60b914ca3b901a2523244c322f2f11251446d3f15e869" - "d086ebecfa1a39ce304e8b5c8de23e2", - "0400b7ad8f0a52ec21e54e28ef603d76652dbfecc7dd2427cfaaff3d280f0d1f62187d77" - "effcb433b5bd44c3d0c0d26c38d3f5930e0080641bb0163130be4444f79c500ceb8d6a9b" - "2cac42d21d31b2fb29da075bd41c6613f278944adfe92d3c99d494be9d4714e9b6", - "070125c89a1262a88f22e874c55ed149de6d961d6abaab2d13db9174e3cecb8f49752995" - "7058a0afe5361ddf9d3a5a3b923c7ef", - "01a28cfad13969c6449e5a0f879e01ef7dc1cdcd0bc77d20f3989c588a9cad12a4b52743" - "c12f4f6e2154ad963bf234ec96263f5", - "066d7f0b364a640c6c620e3d030448d155cffc9ffd46a6adfa1c13e1b01892463a472446" - "5aba3eb07009fa604f3af18109cb72b"}, - {NID_sect409k1, NID_sha224, - "f85113eda64478f460b60f8084220134933de049200a5f37884da7901471542e26690a5f" - "abc3cbf9e679ade71b6e54d869bc136c3d34cc4a9efcafb777abf046b5ae5429136112a9" - "a36a475121eb1f33f1f43481286fc1ada98a41064a1fa38c89e99a93065bb2a119348a9e" - "452497fd5a0d2b83a66b09da9f47a0583732adf4", - "0068c56c6b5d50d1d4e13d3837d8c5e8ba2f825e121b63e97603fdfe78bb6899600ff0dc" - "87b6b3b6868ad0d2f62b7b7a31603ff", - "0400d9a4f5992308013573f97864c23b98d276975d80cd6455e9f0d8a62d6674f3aee3d2" - "7dec15903da4e9d5908cebeb765ee02c80001f61189caacb05dfb982bcccd603a769d0e1" - "be8f9223288b5426e7f88854356fe825f11a88918085692f33b0f4c61ab09a861f", - "02ea7f0d81fbe3d4c865ff5315d1cc38f9e9a8653fc91dbdf445b62fe09b30ccddf50878" - "3ad87c8a48a6ccd5c9e817fe2977f90", - "02d7847479c16c4cba834ce5962724f185be06cc04a9a8d710cc72e6063a7b64fbf2694f" - "5b62de65d3d347d34c0dbfd5a4d93b7", - "069e32bb19d20e873d0e62b306db4d5663576e4b2fe75e8ec79b7a63f38c8f1007a817ce" - "30612e8578d48c63b04b1d34904010f"}, - {NID_sect409k1, NID_sha224, - "42811e9ee6dc509572e1cddbe5baf00afeb0c5c13e3755b922eee9e210001676082bc9ed" - "c3d78db2b5bebea7a2c0cd2b369226c2b8f83b28f33fb513407ab9d287d14b112d6c3be2" - "493805ace5cf6fd366d03cfb28f4ce3f0f060880db64d6962e997463ba7c05b6fcd1e66b" - "abe4b94afc5c2d38c7050c69571d27b66ef0090b", - "03c88084f8b78446db431bd6e240a0c050813d2a763675b0ea869cbe183df697146cf29c" - "03479af3d34587a95cd257027fbeed8", - "04015a09436de00d8d129e297ea60e04b704c0a8183d64a77d1c527189e25e21d6bb62be" - "8ef5eb2dbd833e5f9c7d5c3e69c9c018820001c32ba376d2e9de28fca644b0d567ce1f4e" - "f0aaddb2adec6213d03bc8cc99f9140005bed3cb6c3c0f5533275734aaec47404c", - "0132f4763959863a32919eb591799ffb8613797bd0b617c73654ec9eb32e2fb86631b66e" - "28e1b4cc4aeba65ba8c75aa1cfacd73", - "05fe0ccbd430d9459e0093cfe2c1d1d3edff8c1ae7111299d2e04f414c46ed2cc88ce9cc" - "9e23e187e87ef551de993f52214d609", - "0557acfe6347baafe031dc16032c45559693e2793d9b6d372670b09757c6f4a3e5ae5e55" - "264137d1859c8d9f8f03c25de409bf9"}, - {NID_sect409k1, NID_sha224, - "b38f76ede7441ae0887e689d556f43155b38dab7cde487ce9ef9a46f2957c830d4d28006" - "873fe2368197a6931f6fcaad755102686a457a7edccc8d344e2d2a9162e3d71d41c09a02" - "2539ae6d404955a6ad748231aee1f974d4f159940532fb3b1fa0254bfc5805d2fc686968" - "56fadea386c542d3cefd1be3af04ca595e54be25", - "051af7b63bf3297ae20517faaa1552f4fde65819dbbff6a52721611e5b7dc1242ed6e697" - "68cdc37ea8cdfd1a5971f06b84b5803", - "04009cd1280a2a79b182ddbd1712dbfd12cee3345a89636d7673a5fc3e1e51400603176e" - "27d538e90005625aacf5cadcc8a8c25532008b5aabedce498476b4c65ab3cdc81f819c2d" - "b670a7236c0357a86f9087b83e7568cc6e5139fb92f81975756d7dc4f48be87df2", - "00bba308a3eee9e3ab6d2482bb728bf44cde9eedde15af7300c57c2c1e6fed2ee4e404ae" - "ee3923e7871a2ff4ba6df64f9d01a87", - "07a9e69664b7b81edc5d47c014696d194b2ca4705b2e79af692b285ec476169d041dd9ee" - "f20f7d496fc49b8597574d2602757ca", - "01521d7cf6aeaf1c8dd54a7776cfac02967983083770346d9768a2629d606be90d58ea82" - "377413a0fcc3e4e66f05a0d05d933ef"}, - {NID_sect409k1, NID_sha224, - "356dc86cef7979148e995fc5abe2b14a7d5e4e42c9b3509b4363bb80c581a66f4e7e4aa5" - "3a4bfd37f9a7eccf75fdd726f348f6a3f779e6599f61bd1d668517f40453b39bcf35db08" - "52a6a6218198f52b7ceda2ec55fca5abe8e5d93af9a42b9ae4de9530c5870211bacc27c3" - "9aa094013db703de2fd3121f08d7e97dbd4e8946", - "03d65bdec48972d03811b78150a06956eb22d337dbec5416bbd8185a6322cd8c0ff80002" - "10dbd1326422289071cab65175f5d10", - "04000c9c1bb0a80c4b4863d78003e21ee60fc553ff72968c165f6eb6940250a6cb7d545c" - "6aed3760e42370df79b0d37c2d1433c486001a9d994828ac09a86c18b9758b3f6b91a577" - "5931a7a6e4d8b052204c972b993a3b420eb8ff7e91df77253a9f5847c5968b5636", - "0156d12708324cd30037753c78225d183723d3f15930f23bae854f121094bfffb5d7dece" - "1fca93bbe7457a2237760aef3db8e3f", - "071466e80e2a7cd8e6cb6dfde259a08619f880a71899c58bd4cd33c29f7b321d26953372" - "0101f2ef70f5b8e8f05c9cbe1ebc303", - "077330e08712ad709f855d92355cfb7d565efd806c6a853712916f7c943bfc79e496366d" - "eba79ef7491abad23086db341f339e5"}, - {NID_sect409k1, NID_sha224, - "06fd39a50bf25e89f1071ff81fec5d1e35b6dd68990414ee403dfdebb792627b6a4ae3d2" - "236c159e4441ff90b61ec87b1592c538515f0486b19e58583394a05e6411e69b4285d6d6" - "589982ac0eeb2c912c4948789cad741183663fc070943389d4e9a1150b8f6088fc506059" - "15e9e24b2d98a1f539024770e4820e14ae42ea8e", - "01f1a8b5f35dbbf82c102df550c72216a243f986f0325920f6186a16d1da74228cc02be6" - "024c7411160c183c923c743354f9438", - "040157ae8d90fe2416f70a7ce0669acdc0b5064ba650cb5416e59e6672e45b591774ebb2" - "f793c3a58e953da1ac08272d0b949e7b50006d49b9784f8423812967b857e25dc3af1312" - "a6ff29579f6acb6e155b6848ffac6fbce51bd2d41a22ef955f690e2487a4bbff00", - "04cc45e00847818397c6abb3d176cb8bd77814abfc253e3b0d799dff2c3e09a5195ed5e6" - "232873f2783c8e670b52a839e06bc30", - "067b418a5395216b83ab00d5568eeb62ae0693af2b0e4d052c6feb70562dcc06ef852002" - "687099dda114477871b924775e8460a", - "061d1e4d713689b2036272ad41571759b52a78e0f8a84d1f3a277aaa33ad558f0b71f3c5" - "a99d403e49df1afab66059db20f9f32"}, - {NID_sect409k1, NID_sha224, - "6daaa41150ea252a3e966a338377307d909b95080e006f13027f2be5059d9208930c5a32" - "9994c0b794ef50eb059bc6c215f68cf42260bd410f9bd86d2ad5ab7179c7c92de4a93a5f" - "6aa17de5aefea815e7c0b78a8cc53c21dc4dee037b29c9df4e12343109283ffd5d8a3b81" - "fba1b5e95506c7e01ac056c86dd0ee23bc21af0a", - "031dc621200cd174193d95e9092ffb86189c52cdbb9ed937593f2cde7c4a0264b9100e1b" - "8407336c8dfb5520d28a18dc4e39a89", - "0400904bb904d50bff09bae5dd21f425c808b41001ac917b022f7e1cda6e46504781a69b" - "aab4a6f0f100c4fff9ced26f871159cd30015cc300b0efbac707635c72bf855de4290f1b" - "8b70c16f9bd0cb771ed5c760ada04d0ff648f118d64e0aff6a6de16def15cf7437", - "07e32b1fc1cebeec3d84f56a67c8ea2b78723e7010a725ca4745e849e573e8e4a4ce11d1" - "af4ee508b80fb5336de3cb53161bf44", - "071cd81dfbacbb67be5903cbcbe402c0420adfa9d14148bea600b178fd06278572d34eb4" - "6d857085a2a4f48cd4ee9109d607dae", - "0347b1029e67a6ea2a45af1f7410dc951db813eabfd3c7f3e2c294b81e1c54fa8c98569e" - "fc580b68007bfa316424ac6eb353ac2"}, - {NID_sect409k1, NID_sha224, - "6378dd1c12c5197b57d47dc46a67949bdd1e0809004e94d49b0234126a08ad5bf8723ebf" - "d132145813136d8b7dd096f56c34248f09a65c34f60c2f80f9a51b3795f3d2518b11aaea" - "f6dd45a323794080b78f85d629e5fa719b6ab0b14c78cd908befeaef0dbfaa08cec9318b" - "bcb376d48b11b68735c9554a45293db5e9239ae1", - "016e6750245a88340b0f0665b890459f8038e9b1366f2fc1326245a88d4c523ec94429f2" - "1869ce3dbf75126e58f77241c99efaa", - "04010184fd47e8e1e4d534ca1cf67f15bc8a80921b07e251c22eb88f25395e08d7a92837" - "74aed204fb5c14aa13c63a94ee691b4ff401252ad972bb8c0b286c222f42f7d42ca6561b" - "ac5e517921bda53e51043f13e711da8a813bb6880678e4d6a16820bab819d62e59", - "07f18539d00152f5b9a75d4f114812b87024e8a8f9c9a8d12139d0a74d87986f4305bde6" - "0375918ff2dfdb88b6deda640e17364", - "0735a15e7bd1f69f4e90739d42ae239a8e9238ad28b63ce291b57cb5b99922fbd5dbb7f7" - "4fcc23117243efbd036eded6ee0f28b", - "07bb3dc77cdd4138a02e2d5fd4f6ff8516b4c95b8255c629132ea8705c399fc60f8fb660" - "ed3aae52db283aabc3626a5559dfe85"}, - {NID_sect409k1, NID_sha224, - "b898d0f9bd80e083fa541f457d14d853bba55b120424a95e1d9511c8833f48444329e034" - "9d68204c4b4581ef1c4dee23ed0a4445727a72e1e6cde422f7c10ae132a3fe681f9d741f" - "da263e73f7cdf10759467c9d76164086abf6780ad474772771eee22d195339bb8f6235e0" - "d992bbe282b13ce4fe01417f507a2c4fa155e108", - "0788fabdafeebb72f6385301e30024b56639e629a400f9c50d402cfc9b5817844f06a451" - "fbda29c7ece41dc9ffcfc625fe0ff0a", - "04009b2c36d221d18189e1617cb2f2ddcd64cdf8a42ba6acc55f04e9722b11588f7fa861" - "a3940820d9dabbab631d7fd4106c60f37e00da099cdb10dfe2d7c0a16ed332b459e7be31" - "f44b0b2d595dc948f0b073ac4e439f24f215fba5ed50aef3702731d6561eee1986", - "00581369aca680beb705f52b6bef075de83ad29034c3d6b2949b551a0bbd100897a079b4" - "9d41d5030e1a6950fdb14d70dbbdb41", - "04f62415c99c8e6750f9c41c31cf050eb58f61f62eb0b0023d61dfc30e7879d4f5a87e88" - "faf55522631a29fb69d16e15c354323", - "06df238f34b5ae664860b43ea11defe3120591cfa371367096006c03e83d372bfb70da6f" - "789665136b7dd1c59894a2fc5038c4b"}, - {NID_sect409k1, NID_sha256, - "dbe04561ea8579672a2b3afa94426a3cbc274b55263989d41a778bcb082da797d84d930c" - "a847a481789524940701cd5f1d11b460bdac0bffb0b3a3abe1ab689c519700de85a0a571" - "494ba0cfc3c865450eba7a9e916b7fa9df55e8a1c246c992e6a0b44b78274e008472bed8" - "d8411633e6520e1a906c5d0c8aafd572fe6f1f64", - "01b8dfd64563dc219d6eeb53f2e3ad1d771140d0960b211dc1f757af5e297dc7548d6133" - "ddb574711d466688f80dbd65a7bbcdc", - "0401ec530638ea0663cd3a9b237dd66402adf50d3094391f2343d7d6c52c1d14145c2454" - "64a3b771e4b1894462fbfaf440e53eef7e018349e244b24c8353811c29a60d8e02caf195" - "a424aeafdfd0361846d5ce5eb83da1901700f00fcb85a0c2543b49a8a3ccbac157", - "026a26cd09c9329cd45ceb4c798846dd81af67759794f5cadab84de19a835f8a0ae49b12" - "853b1e92822477a73891f85acce4216", - "04d83a5f9dad246717135bec6e386ec6b73be9ea6d1a17334ea2003a723d510914167d13" - "6254d6cb64b16ef7eec5044b8f2ba28", - "03e81601d0c66b507a491c530075edc5b09d770633a4c2355b3b1c7df9b200ebc7dcb706" - "be1696aab70d4c6e1c4a7e532284670"}, - {NID_sect409k1, NID_sha256, - "48a8300820fea2ad83c83f7d6b24192715329c3f159d56644e11ed25efcbd3d31600a813" - "b909812987b97d1087e74a63b4494cc031c63492b6615e9d6e5b36f62cb2ef88b9f73659" - "5800de465789f43811165a5fc093ee6d776008739de8de2a84e878748641be8bd52e5b89" - "1c4145f52bbd46644852a43108e93d86352b2a3c", - "0422131829608ff730c24ddf7e8b4a2600eaa9681eaf45432daa7d41fe2fb488fd0199d4" - "31a1ed823801ce21f4f01a4dd4248ca", - "04006ff24eb0ab812303bdc9a23719caa789eb75775e686b9511bf6e07d60447d1601a48" - "ae7f3041cef5aaf3ed2adb6feb422fbc54009a351fdc9422a81ebef5407d0d74b52a348c" - "af3cf6e1c6c2af722c408941de154619a1d54bc23a9dfc0c4964f3936d62daa6a4", - "0313ec63c34ed325d770664aed3bfd1a16eb636516eb686e806b0acf6f0d117998b30fd5" - "2068a36f03d0db3ec13e6989c6f196a", - "0088167f96d807bdd61e65fadaf0c56b623db42b831909d12641e4d00e7bca6077b36cfa" - "759fcbbf087c31f294f20a09e0bdc96", - "01cbd06232b4c73cdd13208dd254ebf9351745ee6196e3a94b9213e931f141e4cc71f3d3" - "18a67e7b8060e11e88783fca0be41cb"}, - {NID_sect409k1, NID_sha256, - "276e3a986ce33256014aaa3e55cc1f4c75fe831746b342eadb017676b0cba7c353b3a2b5" - "54522c12e6aeaf1364cd2eb765a404b3d0aa61258194a30219d76d2bfa98ad20e7e91756" - "cf65e50d7914157f283f2ba3930c0ad3a97532cc747b1cb9c806fff497f0322025a3d02f" - "f407fc7b5808585b91d95523c9d5864efdf7d983", - "0095ae8e4c7e55eb5da01acc05ecfe72a4dcd8ec152f1c8dc165014f70eb4e4a7861aeb2" - "b96c418b2d4db58659e76184e013a49", - "0400a3987d7262dc30e8ec11458ff7091ca993bc61f142ee535d544a2c88a47f96011076" - "19617a5e65cdd6d5e1a034aaa22304434201fc8af29d5134ca9baf92041b6d6aefabccac" - "a4013c55c1581ac05db6141290235ea09650a289907785d282cef1b9efb381ae66", - "066015a77c99015ed6983bb379772bd90e03b9c010e695853ebf8e461a20fc12b20bdda4" - "7eef856f162dfbd9fd4fc1ec49105d3", - "067c49b96e5bfb6a6d625346c3ecff13b8c8b7e59c764b73b256ac970aa4056460000e59" - "9a8195f2d235a75cee8e5634acfa7ed", - "03ce25ef1af0784645f0579da381542f5b8aef377e5b79193314f84853e2a07a4f1aaa4d" - "8210f3a3c249a879cfa3ea8af43a929"}, - {NID_sect409k1, NID_sha256, - "6a4fc1827c3a7256faa8ec6a0f3d23559d6949f8cc20e7f76111dc4ebd59213951cbf0ea" - "dacaeb8862d6baa0cb298645e4314b1c303bd0d5e9893304d4b7fbd36ab05fb6a5edc3fe" - "f763e3a4124d61539eb616b359c5cb55b5e2bec50c91dd95fc39ddf521aa854216eb5a70" - "7819fa6f067b316a17a3b146e7cc2dd517f7d63f", - "006f2075bd730f34df111ebda919167b1d3358ada32cd6747cb3353bcfb814a77ac70cd5" - "1b31a0e538539453bf9eaf9d8b384c9", - "0400bbc153deaec0bcc36c03d24afd20dacd9e78d104d94c279278d04b597ccccae43cd3" - "e64c9e1e58fb5408f376dd7827ede9dc3a015ae0d803acf12d9d3fd41f74357b1c93cec0" - "480f2e586d0e18f15e569d27d3d106e192ee0c1c570351eff1f463dc07d3bea933", - "0314330098250e38145d11a48f5043190c6b44f8572ae57cf83b1f3c4c03ce38b90ed5e1" - "57464c2613c82943d78c938fcde89d7", - "0160b20c370ef4b9cca3f7dd3c23f70efe6bd80751ca021731bdfb0f45ae07e5f2144c77" - "795aafdb0c3a92ebbef75fb2d334dee", - "045188dd2402ad36ae4278a9910648ed5e71d64737651c133aa89850e3bef2207d58ba41" - "69e471a4737962f5fafd50a37a28e1b"}, - {NID_sect409k1, NID_sha256, - "4b088199bd8c94775d8ee508377d672dbf50f6d2c7370e99821ec8f9387492fb2eebdbea" - "473ea18465565f79e2af418555f10c4a527e05a9e20c9c00b807dc8b350cd4ccc2d87e91" - "f66addf02ce4f43597aa258ac6fbe9365cc2c8e8bbe5c884abc929710e8423cd6722a8f4" - "73bb55804159a92a3d8b6661a536b4fb9293bb0a", - "03887d284e9ad17d38bc6da9d83c192a434c509340a7f233cebb032b09ab7c4c6e8730b4" - "a80844898616c9abcd16b753c6bb4c5", - "04012a6d5c5690ebf14ecfa54ac97b73e88e16e757c34c6bbfdc9a3a119f298860d330af" - "295756dec41eedeadc5257b202451faa06019f40ff28bb72af659d5319286fe21f018199" - "52d471ce2433ade745042a47c2dae798199c364ceb99029c2dd5cf57ef5daa2b00", - "035945b45221300f83c5fafbaf0645a7386e209d025b3e1dc367819728f630663fb732b2" - "51a019e08dde0f64dd3f60a10065c50", - "00c323c86e8cc548123d1337936d4be948bd4bce4631a2194c2bf04e1fd714df2c90e368" - "1e41a21d58d9567a5df9fc478dca8e8", - "0493d3f4d22cf8517c301f15bde52cef17c05fed2482f3ef15cdbe32c5f0975e054d45b1" - "3faf906896201942f29e5693bfbb229"}, - {NID_sect409k1, NID_sha256, - "848a13465ddcfb2dc14f7bc0db0756832c22dde1e31e4d8b3ae0dd1aafbdf15e954889e9" - "5d3bdfd6e5ebb6171fad62592c23277a89e8ba53978c9b1afedfef7e1c3f6d9f31077530" - "460b47834b30bbd84a4da601be988738aa815d3d7e72043243a5288751ee08b4815a017f" - "b5d9bd55833698a0d526b1ed79da35ef0fac93da", - "02ea5430610864257c9dc393c3addcd0d8d5bc8aab1067643b08857210464428aa85cf1a" - "e6c743fd2682255d4c8eaa46ca21e73", - "0401e502d3f47823ac7207861855fe6f6aad1fa4f2149bff2643b079da23fb270599f744" - "669b3c8ceb4cb0989aabd43d26d93c814600cdcfc138451bb59f34dc82b8128088b5ae0c" - "b8a77dce1895d5ffdfc8b4be24a206b9856954508b82b80d0163b276683489074a", - "0426b90275d720d19c6ef5c8c74c568a636257740530e3ad10de0d518c4eaad8bc58cf45" - "06cf5cdf7f2b03edd1caadb28fa3787", - "0123ad87c094c4ccfe4346dadad54a6b1ee1bffaa1b7b9094fe2e6ae785a2b77ce3f5e56" - "8e43e8b7fa997206262645f56078657", - "00d56cd5cc64736ff7ea0d9840916b1e1c94e11611f93b1b11c2ee98c79d92a8af1a560c" - "9938dc4bdd0b84252e259ae5669d1c3"}, - {NID_sect409k1, NID_sha256, - "d1850545c04ea65528849973c220205c35eae98826d169348970d1420b4d872ce233af1d" - "aa9e62f6a562544ae3a0633a954a493e9766dd5d87e47486559fdf86229a7c9e1726de21" - "895abdcf2422d438f4ad98d88b45c56742694ad5e11894253270997c049f0f419842482f" - "21c792fbe5613e2defecd485585f1835b6f4c578", - "062c757c92eaef41f5d81169ec4968145b5aa2bc1d2a3a5fd000634777748ecb93677b3d" - "a12e3be33272a8f0a52300f4a5a37c4", - "040139660fb8bbba59e8f4e95e5ee5b97227220f0e1b293901fedcc6dab86e7c5a9d20c1" - "a097ee2e926a934cce679fb8dcd8d2ed6c008ac510ddf735184e8fa9693da264194fb78d" - "a5d1cdc0bf5faadb33950ca191fe233eb8dac8adcbfe15b4f7c09d5ddeef6bcd1a", - "026868bf1764993d650aaebf117521cd146ea20067cc14a5843f726a3d68e41c3fba82a8" - "3d406b2275b3459748b3bd1a8d32f1a", - "05b17d13ae4d9535d062a2653bae4d15b9b859a87c33e175adc3ef04781bced888f3e93e" - "9804b2251a40b9344c0f8c6bd5be0ba", - "01ec3322c5beba4423b13a0528c71739a6b39f7b0e0e58a8274a8386167cadef51e5560a" - "3e9d97447e3d3c06288459fe6569345"}, - {NID_sect409k1, NID_sha256, - "421c9784d6fd507c82904e1054edf9bdd1efb58a0b211340086069ad38b7b0dd15c2345f" - "a8767ef71254ed1bd5c35f742b1d3f4765ff9007a5477ba9e5d3d5a5cb5fab4efc1cad73" - "701d4776c6c4343f42b5d94a9eb78ae428dfe5fbdd8e6ece09d5b75cf4346cf27db85635" - "2225ab04e6ea56661554fbc39916accebecb3935", - "048a313c0c11489939fc0cffc6ccb9f179093c4e13141b92dbbaac441b7ae878c9d41206" - "6e95615174a24692555cbbe904a14cf", - "0400677c2d364fa86b8b0c79af754e675ea3e806d5583e62087e01590b824d2730e31326" - "591167f02bdd29f8178787c4e1ba9d249600e7f78c423baeebf6defe9feb8ada8874ceca" - "b083ca2e71d9d8a3fbe846eda69262a1f5b4a3baccaaa4f2cc87220edb1fa6b6bf", - "012b8df87dd935775b80c62ed6c76974fa5772939a9e7372cb74e033fbae4f78d75b8bfb" - "b82240cf91009b5bef4d63ded04cbc9", - "000590a9e8de60b5cb181a1c11c2f6115c66b05e71e0c558ae203ee18e54de68016f4c7e" - "d2f01cb0cbaf1bdc45218c0fe2b1552", - "0521844eee9168a501e235de5fd19c84f052445fb0e68bba687ace45d8630070ddd3b730" - "34d1d65788a51acf91273fd187a24ed"}, - {NID_sect409k1, NID_sha256, - "7910bab15b6429947655e33a67f41b76f1d7b71534f8904d6a0472c2faded038565272d0" - "b5f51aa915e0d624e9ff48d50ebfa2f09324864f26c29ab73eb39b436c5c459c7cff4d2b" - "62992e3489cb4ddfc05d7366b161a463aa1b782641d93507de43c8cd0a0a0a9d1c644f45" - "54e3edaf7fd794248110ca9387e73ae5d00d299e", - "046e2adfe5d3549e1e6fa1fe69a7cbb4ac9b111c8903d544268f8318b0b47d4b78fe3e56" - "eb5e639ad5382e7cd5bd4b2c3e70ef6", - "04012902439be50c97aae7b40328984934d6c843415f76f3821c8e8323aba96ee41359e2" - "ce5ad3179063ea5e2c7deeda4d728d585201eb59fe96b269cc973b1fe1f3720aa9aa6ec4" - "cf303c5cccbaaebe6ef7c9f5356ec5e76b26b09479d9831d9f5aa41ae1d61f4c47", - "031893aef1baee0e21b50cff7002435b058d73dc4d8301ffdcf1e0c315d18c2b16f282e5" - "b294dc88369b25e2a1a19abffb578ab", - "039281ef10b9a2664b755a2db67b3c410276a424edf7681a5c97244eaac5826368a8095f" - "1b9b76f8e490e2783694d5bcf3565ea", - "039edd50721dd35d1704167e8cb609f309b9ed73d3c1eece181f9582aabc647c5ec8bd25" - "8e5802fb0647372e4c3929cf59ae2d5"}, - {NID_sect409k1, NID_sha256, - "e6fc96e060b956c25d50ad25443f3c30a12d199a47451a49ce88307201dfb15ed816982e" - "8888a28daa92eaf3c5584ca6ab2ca9e14577f84396de2e0ac214b24a2279f5e7b344fb73" - "87e9afc8f0a2b77a4d024a20ce6183499b17096947444bbb753d9b39e5c694239d28f9c4" - "54bb05468d17ab564ee6cea3741747ccb7f108af", - "0480103fd6180a431c837643566706e2b9597de0a1346a224d176a5b2c54aa4d064418ed" - "654a5d39f4773fb509f86473ebb373f", - "0401d39e2772ff3d26c5936ab347bd5a2940ece42b1964f030c59ab453acd7f44716ba9d" - "88f0828de1a4e730ab27fe1859915818c60140b1b66b0a87de29ba2cfa799d944b3b898f" - "e7ac43de68b01fb41464506e2f014e0d11bbc0c24996428c93bc1a5ecee5956bb2", - "06e9bd0290548d35168f7db7fc292bc161a7710b78ac49ec6a42c9423afea1310597e597" - "8b22b4dfa192489323b2317e4714d37", - "055dbf88b6221dff098345226d59d396b6773611ca6e747d26d5d758760d830693df0f5c" - "602859f9caffd0dc3790dfa08c527c2", - "03e679447b622c4b06871f2337f5a24150e76efcef9698c6fd463867508e9d7b803667c3" - "2989a881c98a90998944c070aa58b17"}, - {NID_sect409k1, NID_sha256, - "c8a8a0d41f35537e6fd523ee099eb45e1ad6ab54bed4d3e315e20227db03292e39dc1a91" - "bab439c0d20e36e7fea6ef08983f390a6b5551ac3b4f1895220b2867fab95552cef9bd87" - "02962839bd9b2c72772640e7d3be3c5889d226acbefdcb448432bc503e5a5fe7ae9ae769" - "6c720a799f9882c64ae0385f656074dd8a6821f5", - "013c489e8311c6bef02c8f58903b2ba2a98a27cb935d75a30d320af9a14fa3cbc6adcce0" - "9235a9eaf333dd05f4b2f1694985dc4", - "040046a1c0e7753cb499d19b2805df770ba54f1c6e03611c302c73c72902867c51c1cf9e" - "d154b8f30f72002421029de7ba2d8fad22002aef9c34c7c8216a805a58dd88185f404930" - "86213cb4c85e4d226bb5e892aa37be353d9123e9900f8b0790a43d55a19d78c48a", - "0491dcc881731112ad5e9e1df459c27381a7bf8270f97743466e178bf5ca903971b362b7" - "3fdbef8a75d4292e63e225396c7b32f", - "048425b76147427b8b1969bba3809dd70f0fda24cfb0e92509a7824f027b61cd38441a69" - "1efe213f3c331da8c82f94bbde511d9", - "00df36683f22e9e86c88097d75409ea297d391550440e4327f67b7af1b09141a0e7a1db4" - "0c4b0bf4d60376a6636dbeeff0b6b91"}, - {NID_sect409k1, NID_sha256, - "3407cd6d2845197cd7414a30fc3df7184da204222ffd65c4d16a12cadabf603de8043ea1" - "4f5e6ddcc22d3572dc06dec1a23cd924e1847ae285ecf01754e2d1247876431eb98e897e" - "47412a2330bb32990f9714122109e94b38f82cfdbbf2eeb4c6f88f5dbf9f0ccb47939df8" - "be321dcd9bfd9bb99cac9f94885fee7d443fbd87", - "02419bd2200f8e1d87db848b0379741685e680d9affe693eed49d82931030b6cb05d21a4" - "965f4e1df2045c8513a8f574ca9f2e7", - "0400641a6ac72455ceb142e00d6854acc5f8b86db7bb239a5054c1ed48dffb6d050458ff" - "ea8adb68613ad3cf5977ea7330268abaa201a954ab7d62796e5aed370285d3bf91ddd34e" - "ff3b995d04967db41c2171cb2157d85032c998795ed476c891702d63ff0108f45a", - "02e9928f427a86c4491a47b31454ea7d497435af81c07bc96fa61f4507494fbe4ffc1fff" - "a8faadc2a44c7e69c4f976661750f8b", - "01e8ff4cb8c58fa48aaf61488cc4118df90e8c06cbd88234cc920e5795597ffdc0ab967f" - "a7461082a49de56f02f84cd9d564316", - "06e77ac43fc7af3c126f997fe15011fa87a27479fbd5af48e28ccc2c1bedb6c0695291dd" - "67beeec3f17cbfecefbea46b6325fdd"}, - {NID_sect409k1, NID_sha256, - "ad43f8440071285d01fd79244907803601aff4bc5d14c77483a87cd742144d41c68269d7" - "6c9a83c09d2178bbcbdf99f927b378497ffdc907a75a3b0ad019e69758dfffa480871eb6" - "e1e17c8539373de611a557fad120d0bd147f8debe5f09a02e56fb607e9c1253ed592071f" - "042e42fee39775b407225a2b86a950d81bb7d7ef", - "0722951879a65bfcb414e11712ee9431eeb32319e0ff28601112f89276ffc2b96eb65c7f" - "d77d023f09914a53e2aae2c84652bad", - "0400a0304caec1b68b34c822a2a031145677fe515dda977f6932ea2a3291c6bb4fe8f297" - "b7d3c632f9b3806a8cd26e32403c27fc7a00012d4c3231898a4202f3f251802c690353ae" - "9cc28ae5089e259149bce444d31a38927dcb42ed613d4818e235884749057ebd02", - "0331611e81d3e6e3a24cc829c1cb9087a8c6f64c286e5f1acfb1ba764eea5ca55be544d3" - "cb95fb98407fb6c8f9eb1b3f7ae7386", - "056901f11ec69f91b31f7f41f7856752568b7d34ff3af1a2259fe15ae0b01391eeaffb62" - "9976525fce5d182663b7b23a8001bb3", - "04e89c3155afda2e64c749536392554cc299b70020362e6701e3a649f0a63ae5a5da4efe" - "d5c73b5e8098c0cf47d6f4c45c6fab9"}, - {NID_sect409k1, NID_sha256, - "d61a3765229dcd0b4fa6c57280f851ec2bd54d3ee2436935cd6d94e0120d0844adda1639" - "95fbc4cd9d7275da859ad8ebf30af9efbdcfc31c7c9ef42bce9011d37cf9d15fb018e117" - "bbc102f7d05750e5072f73d02c2f45509a55627a78cbd9082cbf36807759d1fe2ecbb92a" - "b30cf28434941712d38bdd100955d611987b5968", - "03f5b5a772d24bd5454bf26759dbd433fcc7bae4f5c593664c4d75da0cdf9430d7d9162b" - "ce3d7f6e13a344259da5a7d6a1635bb", - "0401ca1441b1f6e13138880196e69743206ce09c439a507a11c0fed069d4ed23676b27a3" - "a337c976c276809ae725229c9001708742013c47b14e3069af070869c12f0f39e35a6f33" - "4d98210d33c9da01ac80057911f5a392fb5c8cafeea01c1953e97d47e744160243", - "01484461d02c0337e8113e51aa7d46330f57d423b79b580a544d372524a853db9dac0c0d" - "16f733b273bf888271135a5162e70f2", - "0256d7ab133904a792987f8cea69e8e3cc674cd3c577f40ef6f12b31f52ac6366a2a3ea2" - "b2272c7bab8be00ca0d17989b6801a5", - "020d82cb9b3b1f25d993fc18b7303db4cfab91c03a97b249176f9bb2aa5ae7f589c74060" - "d25058c7acb6de1e888ff44481185b1"}, - {NID_sect409k1, NID_sha256, - "1f3c23636414ced48fab6763eed5b22537968e6bf08c178b3d31fb1f6ea773c697975970" - "1d94bc1bee7c354272811edec58eff50c93331b22723d460e56dbee90466b894354777b2" - "3b13a37d15a84c762caca70c01518bf34d0c2f072145d274b3b6c932b48bd815fe81161d" - "8507ffbc2f783bd212c29b2887af6d2ffa9d2b4d", - "046bb4a141c9099d531dd23ac440eff1f5b10f7cf34920b6b702311d490d25344c665ed5" - "211d401def24986c8094165d10f8934", - "04013db47ac0e33af0cc7d74f6ce647fd80cdc1849b15c349bf501c95893be5a440f85b9" - "b029713339fb888d7a93632ea4e0bd813601f26f7009cede02e054d6499c9280794184e2" - "12e3e1091032fe0e3c189de26d04aa8a5909569017cf06ac2a20acf579ca81f3fd", - "046e55a908f13441bab63e5327ac346781399d5a9035a72aa21df708b814b67e420b455e" - "1410014cb53e6ab00f526ceb396bcf6", - "06db7a7b03d6a85069a943fcc332cb8c54ac978810374b12eaed4a5fa5342c8eabaec238" - "bfc6107fd03d75dc2c6d258c218a186", - "010a4115161765dd0c22a0915a0d8cc01905de91d3f08c6d2d85a6a92e1dc00904f3be67" - "fef000ce19f57157deb9afba7582b59"}, - {NID_sect409k1, NID_sha384, - "ec69f2937ec793aaa3486d59d0c960ee50f640a9ce98a3becffc12d6a6c1c6c2f255d37d" - "29f9b4d068373a96beadac98fd5203a9f229bfc70bcd449640165ae5128e3f8d057769e2" - "8356e73e35d8e9af7876f608390090892c67391ddfcc1c332aa61efbf72d54bc615998b3" - "be8ab0a9d372784bea48c9fab244482c75cb2de3", - "06f2c6e9ea8109223d9a349fce14927618fc4fa95e05ecf9aba1546619eaeaca7b5815cc" - "07e97ae8cd1e9973ac603f84d838393", - "0401f5a9824584cbb0d5ed57f677caf62df77933ce19495d2df86855fb16456a50f157d1" - "8f35ff79b8a841a44ee821b36ea93b4f4001a88299000c07a9ad0e57c22fa8f15218cd90" - "ea1de5b8c56d69506ad0fd12b513ffbd224cb6ad590b79c7677a8eda47a8bdc484", - "042325aded3f71fc3ff0c84106f80a10af08d76d5e710a35d462e880e015a36d06359957" - "3ce2044537b9f62b51ed4fd2ed8b860", - "0667c74ee2d632aed13cad47e0b46a5176940652d7da613e4965876e7e22d89994bdeadd" - "6b5d9361c516fd51a4fb6b60b537e9c", - "026a01220a1166a4d0172428753e98caf0aaac5b0a09c5a3f11b2645d243991d141f59d6" - "cc502ac44b70e7c48d6b0d7b6ec4869"}, - {NID_sect409k1, NID_sha384, - "70e11efc78d7f079ae41ac3c31c96d3220f4abfe23814a2a4a78d9b1a25e838c3408bd41" - "6062e4b0a5cdadf0c6e16a11e00f59711b417751f5e4b43ecad99efbdb2a81c91a034e89" - "edc94eb552c3eba62808563cdf64453a1db07daff8742aea4a9fa738e1322da316b26dbc" - "a2954b2bc0de6da7518d28e6677dec6ba8af4285", - "004212b7fd913d794fc6bb33e0276e349c052c969ecbf6afc89b28f75a599a9242acf74d" - "ec9f374361ba296ba42a38407f9b7d6", - "04019220ebacedc60762877881262c0c3dc0c8a709fe2ea16cdaad3b680d7cc8aae8617f" - "0acc9b5c9861ede651481f39927a24ecb2018afd77bc7fe54266275fcadc0fe8d4c0dba7" - "a1264c79bc31479f4bcd02245cde991791a7b7e65fbfa907457fb6d450c0985ae4", - "04c01ff477786304b24cb9c95ed70ba376ed6e4f6b3ab2f99ac575c92d3801e7f43bab07" - "2268705d61d3e2fd881f754b9c84235", - "00987cf8ef2b382fb25a6a542e688aa96c098f5d16be0c7d46e961b4a4152c372cc06839" - "93843bf5a04f81e6068843582fca48c", - "036fba32f80cd2e66bf31baf87616027c5b107f72f11fc766b42e2774e29e10e860577c0" - "d3a27a3b49754e6a189680b7a638408"}, - {NID_sect409k1, NID_sha384, - "d922fa515e3bed60b517a2d37cafe4c041e5ab4b5c8d8d4011bf9fc4013dd8abf7add71f" - "cfde5e71d6abe76bd0f749e960cbed55711c87b5629a2c39cff48ed7d0feaf5cc4765e57" - "6a4959521f9a45fcba0dc65ae618826447e02ce6e1cab5ce8d6c96c3211adbb0660de7df" - "7453f3aa726016941d00d8ee536cc106a603d126", - "06baeebb5ffc89c94c3e8b37b9b0904e7c4b251d204894655bf3b1235710215c29820b9d" - "401c9ca7df1404d2d62d708aafe208a", - "0400a0b2a185ad7ddcaa0d8d21b643a14948d3552e25875506d64e236a90d274ad1ca678" - "e628acc208bfe6b56c02df9f5a36aa94ec00fef210c7137237da8ecfc2f069cb9390c132" - "d1c6ce961f2bb3ca925ee727c967f8a46727c8811c94ef66f20836c661a5cd1c59", - "02185be104ad16abfe4fb83de5db067d37ca58510b786b109514debef56cceb4dd6ebe53" - "b25127b85faf9c28b56d6586c26d60e", - "0404831192b4bd453c0a7e850815ac3fad88c7a2da27d29e83ca6f22213635a366018ac0" - "038b1fb1e4c512cac15b614fb69b3e2", - "06f677c361547c91428d0e200dd00777262a138afcd828238d132c56b2c232e2b446cc69" - "3fdc4013f05ce7021aea5b5b2f1b34f"}, - {NID_sect409k1, NID_sha384, - "4f64d0f6bfc542a0d4347576935bd68ca88524ead03b8d2c494061d0658e6c3e14576b5b" - "cea5f2f992f54cfb52b5c7cf1dfc517205e0454510eef1b7054a8cd06ab53ed2468193f9" - "8ff0dd62faf076549ab2a270f259276d5729996c120792c6f466a74ab65035bf38ff2c05" - "5b43e2a8b8e2449a2375ddbfc18242157bd905f8", - "008e5f66ba53e7caad1feda122a80c32c82d2c32a7237b8ee8ead44ea8f2f01d77c7056b" - "9dd60b92d051f060da8532c1fd0e8f4", - "0401a3d020a0c7e3f3fe5b3d9fa6b6148cd0c481b4f9e14dc85aeffff35e62545654fc31" - "3f930ca2e33dced28ec28d0fce6ceaeaa2013c1ac166c3c088e8a4a9d44556e3344e52e8" - "741ed1a8b526a45268086e2fe54c24d398553d509439ad4957454eb68af594e683", - "0095caaf063abba5073aa7123b2c0e1666d29bfdfdfb0c484e18931d756ed0845ea15dee" - "1e9abcbbe4576113a8806aab9476b16", - "04d6e33001933221e9eaa78da5874f639749c7396dae90f2da4ccfca15b50ee9e50521cd" - "84d78a098e0c383fab0186b3dfe1b3e", - "001e17cc7baa3e9ff4d882da970caf7d55b4e0fb7f0cdaaaa8290fe2fc9cc31d51b34b5d" - "cc825bf6799ce22fc95382d46f3f98c"}, - {NID_sect409k1, NID_sha384, - "7047d478ec5282d55db8c19c97af10951982d908c759ff590f27d57e2664f08d526cbb2b" - "fde39bdbb1aa3dca5a8d3feb50b868be6651f197abccc9d8040b623de367e2ea1d20ecd3" - "02afb9e273f4be9f3f64f2c2eb3f92d5e0e375db6549da2a589f0604bc7146562ccefd15" - "995a7c4208f640e7a17afbca69cda4e173380523", - "04ecb22b44e809f89b16abb10be062c89b41ee34e110403e42a20ce59a99afdc22f6f6dd" - "a56e1d9d1b8ce1d057f390db111def3", - "0400dbb4a6ed11f36eb78417269c1b1e9725eba1666591afaffb5582c8b4d5bee1d73922" - "b0164a05bf21a12052171abbdd3130555201eb385afe8588ceaac9f39a5cb4455e02bca4" - "8f3d2242730e0f9e06ff1db24344379f96356531676cd5af234a120f4b61f7e041", - "01cc97a718ebeffed4ca7a9a4389d6b0fafb73ab000463b68b5580267aec203b6231cfb5" - "afbf7ad8192f0947c7f40d9e060ab32", - "021a29f56c31227daf0dc5dc919434978943b80f4b18748bb5f7d6702153b966a0a4af6f" - "209ecfa3aae0e4f32a1b7c6ae58a55f", - "06921b2e2ab81517a0785c4ac3be3d7d4b4c917d7a1e4313b123ae96056a2a4a66d9e008" - "19d8c1cca5bc0d75e4e05477c1fcbff"}, - {NID_sect409k1, NID_sha384, - "1a8384b4771a410663e56eb36c5d9ede8d161a8fb0e31d3f74bcb017b9e31232bb2e2f4c" - "65a2d85bcd1cedd93ef08d4bb4af0095731574ab3f2762788a1ba3bf0ee46684da8d9dd3" - "84432fee99ed3c69213d790a5d81b351063eaf2bda71ca4868ac36be1b571024a8bf0903" - "9b347fa996d5d161078314e24b7d073e05cb3d48", - "051f9500c15ae73d6d479b9f3d2caccc2039d8d03820befc2aae3bbaf65d59bd9cb3c4e3" - "aa8bed5b3acb70a5566047ffad80729", - "0400ee8ca7f55225760c515bae053ebbf4ab23567f95c7091fee2acfff079eda297ec6a7" - "e9d526e12e5976431f9d7e52a2318ddcd80185e2c17705a2555fbb8afbe8e41ced8ace95" - "c83e198be3c7dcdeac8c2c5bdd988800f1194e553bd0348ebe6c29c16f35d50895", - "073f96451cab2d3ca9810e265b3461e0fbe7f32fd6702f06891b97969b133eafd68e53b5" - "26b5e32b0d06ab61ecd75e1bbb21b7c", - "067d55e709f6966cb2082d8021a313850c53305a3bcc926b6f9a122181665328fdc8e05a" - "88de812357be85d22c61c919876fec3", - "063d5ee4a63b1fae39f266a9f826754f5bca4d7bd414dedd16858b5c6ac2d4162e28ab57" - "215c6713320d3d6960f6b55e3f1897b"}, - {NID_sect409k1, NID_sha384, - "43513d6dd8bb0af7a6f5a2b35f99957d335a48d54f2c4019ce9518b35441d4935518976a" - "b1df37110b5b53532cd9e2c66d9f87ae7f683d7efdbe1775a6c15eecee84c6f879999d07" - "06f6779dc158c111fe8d7201983883bc8334f51dec60004eb1087347bfdab20f8f2f2605" - "56681e05fdbb8a6139857fd3bb2df5bc1f2dc143", - "00cf01dc4462cca764f4f8cbef48c51980737b9b98d1384b8de9f4c733829db7718a9b5e" - "aa46a8475c2144fe4454cb8eeb0a443", - "0400806457fbb7fc577497c937600c5a9c4df2c20cf7dad4510e5ad617fb2849bfe6956c" - "3efeab6b805cb7b63bf5d1c94e5ddb456e00915071cee2094efdcc155f893da8d83d9a5c" - "234d0f04f738b7af5b8fddaf1d3aa152fc11894a13caee0009bc106a64323e9dda", - "024968902b50febf13be11821d0d316f2daaa07737af45ce2e855aea6ed58f226d2279eb" - "e4295c5d7674104bff75b899609561a", - "0549f18f1d654f26ca134df4707694e5d9b3693bb34ab5123ce4d9e4c2b2d9756ddad957" - "a4169fc9bcea29944903080f6f5d01b", - "021887355c6360bc4ee59f1badb5325763e9428e60b31a7abed06ef03bff0b1265662d60" - "4dd2e0140c355c70fce1b56ab143201"}, - {NID_sect409k1, NID_sha384, - "752300bc5066d0efaf807183a41725e349907b7339d77c79921ead3c685b616b0eb97e70" - "8f3880fce0136c510c8cb53b22cb424af6f1c34633600939a0647c02d8f9601f9416f1d2" - "4a51657241fb559c25dfba91402cea43bca1a13718b3945b048725f3df560e6717cfc6eb" - "d894e29bff1e0c7763f15b8ea93e67385f059598", - "063a9a565497974c6dd459bea0d1196d74f263f333c31b7e8591499960e1cd79e2ef4cc8" - "709f6d54713f873b16e7b0be42f71c8", - "04018872e9d9410dbde671fc050ab88101f01d146a72d62b630b29790b20fc02cb62cd0e" - "bb5b453a46c60ec2d2c66de8715c32057801b6af51db1c42b743b89be0900d23f7da80b1" - "5f2e7a2a965c7bc13800bf58589560af4697f873b6155194badf5a19a653e63da3", - "01d3278e6e78386146fc15006258d7a62a1345db3c2e44fb8d3bf8101727bef254a9fbff" - "157072326a85b5ef4e17c5b0212bedd", - "07bd5b54d9c6d6f9c87f4a66472be2c4bb7f521ae56c1dd71781d95440b0a151d206ddf6" - "27e5ed3f9c7df2fc914a78454e97616", - "075e39ff66ab0e0d1b46f9679b95d10b692874d45fd6898c569aac28a53569646bb29f85" - "56e529ef83a15c574ad5e1c82878154"}, - {NID_sect409k1, NID_sha384, - "f620603489944769c02e2f902c2299dd5f32b5fb463c841b7e1fc0249a85d2c31684bd3d" - "aacd97de8291c5d39e84d6e59d3dde1b30c181bfe8d31b8d8e080bd191690a67fa00024a" - "c8c1b10981b40d4f88789ecc58fc69b15417fff34834e23453bb9933a43d08afab74d056" - "f366b40ad167b51ee5f008db151a12b467d3eaa2", - "041074dc186193d30aac7cc6d269b938ab40b257d095e54ba79967a377a91b8f73671470" - "cd07f0a3d1db7cf0a31ba9070625e43", - "04018fe9848dc599a759d90530480a6f11d052d2ce21a7275769ba02a61658c3b69ecc54" - "6aa6599e6699353ee1d65ce533c69fb2180192b9c41bfeb2af4f29dcd1c43d3fe72a070b" - "5d085d070acdb8c02f0dba00c9471df1dcca1006709676bc08b8ddad97310e25bc", - "036447681292dc781f7f4ed60126945354ad1df5987266038c5049d698b2ae12965b6fc5" - "8f3e944c4751406087859973d8afcd2", - "0541c22a6cb984cafddb3269ba3ee56af64cb36d03b7cd1693b112a7df20f0422219f85c" - "6820130ad53ef69fb66f3326bb863a9", - "00fa66b163ec3582760b048ba9a0fba9443d7e908b67d749d732ac9b6e89c1fcbc6d3ff4" - "e02a43ee41414b15ead0cb83749e0a9"}, - {NID_sect409k1, NID_sha384, - "5575f610762b42ce4e98d7bcf45a7a6a0d66ec7f27d6b8b17f1961249d905bc7e58e2ce0" - "806d467f106b16285dce4544c72666d08b5e2276cd0c4e13187cbda8aecf57b1855afedf" - "8fad39ee4fe009f204e60bdbec79b123456ec2d85631d382b8a2f2c7634af3992e4707f7" - "b4215e2c9d3b0aa8fb08267953883a4213669d33", - "010820db54ccf0226161aeaee79cfd2797f87702b4ee91adf8543b3c9e79579d0df8a889" - "e366ec1e0718e039b87a37c24d620e9", - "04002eb4e313f158ba7497130e2d64804ac45a7db207c55d41f39979e0303dd2641c8105" - "0fb7f24f2fd2485b90f60985cbb15d56be00a190fb6c81c104164578da6bd4f2b193cd11" - "935e1f87f14e824c2bf8c82c39f0be1a6de3dfc6dd68af8cb14f6a78f38773a7ca", - "0118e911f676f004fe581d1855e5795e5f4ddb33fb8d409d557aeea87895b7c23a513ca0" - "010f98b3a63f2c65da5e3b6c37cf5f0", - "060c7f7c47c16b294867cee3e65eac8fc828229a5d3adf8e68e14dee620e9d4e7b78c8b9" - "02b5042b5f19c94e621c52836c95ba8", - "008d036087b23319553faf835b793c73204cdbe2c1c2463e74de8f404e66ff15ce9384d2" - "6149e7300ed1a109afd1f915edef912"}, - {NID_sect409k1, NID_sha384, - "81cf067411dde2d0ab04fe5fa1e28e6975cdcc571588de60a35bd956a535fbbda4affd08" - "03d244f3f7e6902a2c9a7ef2488691b6bef7f8ffb33be09ccae4c5285265e4957f7928ea" - "5cbabd6823297f59a7cfc9939a49f26bde74c4c69e2d38c1efbacbcfdef0112138431580" - "72be84ed3c1781f67a0e2d4e9ba76a585c17fc0a", - "059d2a06e8bfd5e14a9bc8777958b85be5e97af892d2cdeb0ecbd2d5017952b5042349db" - "5fedba2e26e7b85bbb31ad313d99434", - "0400af276952a1216ac88ca7a194f5b27b7c98c78c42f852dfc1a2cd4c1a477ed16eebfd" - "c90f613b6e264576a35c45f49aef8a564c00639625074b69346dc6c617d624d63ce415a3" - "6154a817f4e18c59a3b09e01589407077b19bbbdd57b04ef8fc2cc23c673d52910", - "002728f7e9b4772ab790af0be9ed5b3eab697c4710249169d2a5782ab3797b8fa21bf8c1" - "de659e3060af5a286353402ab982320", - "02a7027c6f94cc236dc8cbae35f9c38102a663b84f66143e2fbf9a152b1a6478bd803bf3" - "171f933f63509d539a54dd348002ef5", - "0549ecf85ca1bae6d9f0038dcef90c93121a654552780f5583a7d44a73a9360c6799e76a" - "632bc8907ce4626c0439f1518e3a250"}, - {NID_sect409k1, NID_sha384, - "8ea18387940035cff2f37278d321b344231075db43c7fa7fee9bd3fdefe5e8f03e7af9de" - "afa1022eb108e19ec11fae34536a4fbac2e8c8139a081a997c080cbe8f3e2d2a72ff26ed" - "cc5338b21372fa1498e439e4d9bb12d51cc539f859047957b1b1f1fc30b90231eb06b365" - "a4d404a1fd5a0e5cef171fc95b04d0b557d78ebf", - "0405590893cbbe18f4ad99df28b5f9d17f8f1882269aff0b7eee9392859d68927a99c942" - "a3075269ddec6d69c0df2d76ab9d801", - "04006ce67ace45a9cfa0cb45e8e1d0eeb44e94bd7527fed6b563f1069140a3f36e010f85" - "e1ae5ef14d626c78465cae43230090baa601a66a58d87621b63ca662130ea342db029acc" - "2d99bf76cf6ec4e53ba71bde4b00e508d332081055a65fc6f44a96f4e947d729dd", - "0035f09e0c15b41c958596ad3f5c4bd4a3685ac94f19fb97503fb5fa29115cb18fdff4bd" - "104535847ff36650b7461550dacf2a3", - "051775fe1503ce80b3d581ea3e5ba761665568ce0eb7d6a7163d8d025d76002ca7bcf6d6" - "88b6477ae85d09c0d4017aba5ea8019", - "035cbe69edfb6fb99c9e45240b7a587c3805ab2ed6b0399c7dd8dd76187363b2ba1def66" - "b2c3dae4bc2e40d164bf0f4837798d8"}, - {NID_sect409k1, NID_sha384, - "6a253c1aa17b2b1e6624afc8e7456d366ef5b1bd78e740538260f395481148a64da0b6a5" - "8cd53d7e06c691beae1a616547cd95c4d259a371e51c2c0e334c8a5311ae31e4c7af3256" - "86ff9f7a36f731010ee1a9b8a29169ceac36a060dd23611dc9713c615424888bb574ad5f" - "5755d7311bd169336ae986c977a394bf16487c4e", - "062bbb4f565aa0f23b88ab9029d33b995729d10fcfc33ba7c4051e2fbc72f15636a834e3" - "ebfe604b927cdfc89f53c57f36890db", - "040125242acf14c7e08e9f2f0194f734841758b1eea1e37ba80b9855a14100a5f0b57bc5" - "2a0200cb640121d96769e9cabc45362f5600dcf52cb899470943a37d260aa85fe83c3869" - "c862001021660ad09b4d73f7739ad331b3566bffad590534207c6db9acf98399b5", - "06095b4ed8d51e37f6c723648af4cd4585d9d250d7519139f58a93c75f197c4bbd1142da" - "59769a5fe178415c677caed1c3da667", - "041b212a54d4396ddea2898dadc363ac3ec5385c9b3b8ef1ea17c3d2f751d4f791372385" - "48ad759b5e1700d7d78072df3bf84e3", - "0149242afc524b0c3583037da153f539aad85aa0c19c6c70852e3c3923df8c3abd0189a2" - "abba872932eee2e6f45e02f98e810bf"}, - {NID_sect409k1, NID_sha384, - "0f91d0f0139faf3b90a3d4bebd7e96ff6bb6f90f6c68321fb392637d8ab2a60d649a7b73" - "64ee6e4e274e1a8d342caee36cc11c56c54247fb0a8e8ef81ac4322b454dc9a195dc5456" - "7bf47ec8d4fa4cd32e76d78ea2d08bcbce3edbb68fd8597e56d5a9f2df4e47b2701046df" - "89615961db601bd8204584a6a6cfbb627e2a1190", - "03fad7031cf8810544a3e4bd1382c0a2e22c5a9fe4804ce67b27591fc516ee81dbac841d" - "399327168aa6abd79e2b5ef85df1528", - "0401ef0f918c683be57eeab95d5d1850bd492ace7f4b37785863647774a028e963ee2c0e" - "ea801838aa8217fad75c5780f1c36e8d4c01d5dfc69bcad46bde5539c58ebc89e1db2a3f" - "65069ed963280cc2cf228b2568bd53c6e0e164d6b63a5d3c2b8e3be9d5139a62ef", - "00eb16d784e2aed724cf1e4b72fe76b00dc80948c07f9c7524eb0e83bc59c12a8ed16fa7" - "ff21dffb8bbaa82925848a19c93884b", - "04a07e79b4f771363ad4c46cde0aadf3df4a233740a89168c97b54559029c51dc2c79b7c" - "c94a0e4e3d2f94e376fe47993da28bb", - "0360f559d37a777119b2aeebf00cc17e2edf04a2cbdf74366f5d34368d2eb2c92958e4dc" - "2b7453d5a509407a4d4643cc0235f57"}, - {NID_sect409k1, NID_sha384, - "50c17c1fe4dc84648e5c3c3ab8f7c971d4c58d8d56d2b5ddd92e35e6792111ed8dac7644" - "ac8a07ca8bb4e38e071aa47b22ffe495e9083f9bf781ac1b5fba571862c909c7aaa7b8d0" - "5ddfb7ef61c99700de734d5658f44ae9fc908c85a2dac8e7f854d6d24be805fcd7f873a9" - "1252985c5c73129c60177ba8fd99daa87b25a073", - "03db41b4f637fe7977c90e4f1a21799baaddd1826c667102414877138436cfae1b995984" - "2b8097b5276f15f2b982ee59df263c8", - "04018eb25bbdeb41c5d14edc675fcac8a523acbfadd6456632bd593ab5f694a7734b163a" - "ceb6e6b3d8ed83fa1cf7b5adb9871a6626014975abca1cb769a243936e65123167e53527" - "9197a37d8c92c7b138f31cad4e95c5f62b06f438f94c1a61634b34be7b96f09fbb", - "055fce73c9c385f007256253281c6b9d0930d127939026495d0a30f25f77fdb6b334043c" - "39fad4223852f7101fce72746ea205c", - "01d7c26e0236afeac032fc5f3dbffc8c03b04417b514adc26d6a4f697b4e87a008d5ae97" - "544a274c25ff66b98111d7c651c9381", - "07954191fad321e7f2de95a87d5a9c4527e658ef85faa6622d5f34f8bc2b84c881ededbe" - "0281456e9b70eaf7a207e253d216533"}, - {NID_sect409k1, NID_sha512, - "3583a3226e2dc463a462fefa97024e6e969c1b13bdc1d228e2d7823d9f7c09012390c253" - "5baf086588000e908309090daac6e6d2b06d2ede6fae838ed47f30b5b481185f607a3586" - "f6dea47c8f84e9d3b96d5b0ebae2462fde1e49d84d36658e87dccf5e30c0937feefd8862" - "dcdb1a1ca373f6ae41641502ac54df6633a8cec1", - "065b76c6093d9c49591293471286df1a4444e60d9d06cfa114e175afb5f119d2abeb273b" - "0596019a0ec5db5b5869f2cc827b364", - "0400266321fd15bf6b1af862496f467069819e3860f74a07825e68f3d023985bfbb838a4" - "9b6a41b6515cacf404ebf12ce0bd3d6d70001593c7a8e629599e63d3282cbea780235182" - "77e6731fe8d88cbe525ded554b51a7f8803ab9e330f210619dd07df8f67e1066a4", - "035682af873829e16b72bb86f3ee99b5d9f052e4a631b07f87d3b361c8d8260a877231db" - "cb3f4d461b4a1d4467824a26a5a6414", - "00a483dc2dc6408c256fdf63b04d71d3c58a08db7167da217f466cbbfb2d68444c10e87a" - "9a1bb04efd71135c00226e58414d407", - "078acfad2f2492f74b0281d53e4224c7544588ca9ceaeb16bf759b20c2f3d3ed69c64615" - "c247213d51800569dc8b00078de68ef"}, - {NID_sect409k1, NID_sha512, - "60ca58462d53d074b370127132f4e59f5eb8d15594dc721a94286afd082a8934e52462c9" - "c1c3910f8b50d7aa3671dafa5972958d876d7992467b2fee3795a6f9d8a7bd3003a8582e" - "a8c003aa1e02c08ab6804d85bcfa13a815d75c938671f0af0706c68bc70a6155708ca755" - "cac2fbb68b2952208d63e0e2e3d816f04c61bc03", - "07e9993f3fc1fdc4c376ef77ecded96006ac1159740bd1b2dc6ae3d97e15a67383f1fc93" - "1e460b9af3fe14a54e47919667ed06c", - "040189b82003b546f94c066963239c7a590e064b88bb4548678853545920e413f2be3212" - "5e40efb82d2c9582d2d8269c1d408a7ff0011583b267727ba6c1e17a244ba7acdcd83698" - "6089860ee312b6dc2d88a984b1fa232eb0419730db8fb94a5e077009c1d55979bf", - "07574dbe04e1ac2bb34e40f32d6f6db364a95cc5770b79888d72b74bd4dbce9fd91136e9" - "e1152424d76688dc995bbf2bea34175", - "009e42a63b41877e200829356a2191fbb6f2a9a234be58c76b0852e4f348ca61e7492f90" - "a37feb8b95a6dd6df9d1a2e61c63b4b", - "01499fdcc804fee8193de080b085b7513eb8022503de5f64dc12c04c0ba24af30e30f63f" - "0e3eac2c82eb20c6672336f8732ec5a"}, - {NID_sect409k1, NID_sha512, - "c749f9bb92ca9957ca6d0124206ebf65e860ff38a225e241950bf4526cef3f4fa9184ec8" - "3f71f813fe852dc08eca6b45b14fc7f2c6a19296529bfda007efe9d0d26492de2a902b45" - "ed39603e22f0a763dfa5deadd97ef6feb859d860baa2cfd1d066c0be0f9f4e0e2fafa69c" - "c51b12e814ad2e33b0acc0bcbe1df8cf018dcd4f", - "00c11e2979498695c660a2bdfd105b115bc4ff8664ea15cfb40c725406c6fc9a13027bd1" - "d72ffff6258f29e4e19b845243444a7", - "0400904a9bfebc23607c7c89b7aa89315343852cb894f54fe42ba4225285e58c6bc318b5" - "5691aa6a6ef22eb11f44cbda89f157d7a8019cc1826280e54832b455f0ce0cf89bdb62e9" - "73a8e819fb776b1a202b4f207b8baf9072929c9e3f6a8ff996d6d529de899b024e", - "070fe023c9341df9348f08882bef47bd8dd7f13db7215d1cd52cdbe7919031a62455ca96" - "9a8cc6db0a05a0b4befb47c142c4f34", - "035e7130d59d92ff8c4f264fb2c346e052bc305c7f57549a0fe43cc7cdac6aadf2ce1939" - "222decef4e1f900e3c2fb2c52bf53f5", - "0008d5ec1ed2091309ac11eb88157ba5122bb9b5c858a46769a130f7a941818445664ac7" - "8325e0b6d2a11bc89d08fe0e87a5bcf"}, - {NID_sect409k1, NID_sha512, - "4de8414780ea20f7943b1f1adae5e3962d96e828fee43bdbf2831bd71bd25df2976a3be3" - "7a7a667c7fbe1200de578920090d131a750c9bc09bd95b261234ea8cc25423c4ddfff565" - "6d6b32da6e2f6f530e6673a8660aeca31273bb9a3a21bbd7031a2fa71ba37c004d3d1c64" - "b2c0798783e47b2efe1a208959ac16e35d444245", - "068dfc23c6635bd1fa1076dcbd456ad6e8df7ce7c1370fe275803befc4ffad007fd062a6" - "1cf1d50b93aeb9afe1aab47a65af82a", - "04005591f8cb59ccea17bfbcb74e69f05218d16175f0547ab95f507ef8d7426c077b52b8" - "2dcd06baf6eae7a66bc72422236e589e420126a01d5c2331a2d00949e07ea9242ebb50d8" - "30b0aaa74bce841d4e43bbaa9e9aaa01ba25db7a8a2f4d72977c0f016f625cdebb", - "070682c9659089a703dd9fcdf2f3fa0c1d1ef5fae3f8f1b3dda55d9b611770244f892689" - "8c904f6952c1847d287bca21db4dd59", - "02734111e3b736ae795929f835701bf290dd50c0fd625738ab2769242c1403197a3f4dc2" - "9ca618c2e292c6bec6dccff71adb698", - "0755292cc5363fa74e0193a806879d3a275b4beebc97250fb230efbb8364b2a30098c048" - "8bcc6e20449622d6a5fd2ae24d7abe0"}, - {NID_sect409k1, NID_sha512, - "a081d54232f84bb19dbd52ec3812748e2e6486f6cf1b177b27929504ca878036547eb435" - "31bb5b3edc81bfe105370427e92831d2239cca0106d031d9fa8da9cf89c6fb6401377d59" - "36b6329ccad854e5567181b8f16a37c35f333eaa0ffe91d727d183fbab935fdac2d5670d" - "afb3fba59e4fa2df1746c58dd8360fa08af7f4e6", - "040807fb888e1d9fd33604546656a493629d94d4a0a9de2608962225ed158167f9e2438a" - "be2d12a11e2adb6c2b66ed78215b0b1", - "0401787c0e6c55acd69bde9b0a84d6022796d5b5c60fe5357bc0fa4386c16f61b38bfead" - "b6cfebee7e7701bde24418b8b5642afefa00d9579d271ba3d5e2327eb863cfdca3970700" - "55b97714e385ffc2fc23528f696dac1a4d0e535641f6c876f1819f2672a8c31cdb", - "010b8f5356d8a029659492c444876f1d274b82681d4f600cdb5fb2afde13598ddb71676d" - "9ed86e83351c70678886e8237a865d1", - "0304f43f9705d189f47ee09a079494030b0756993a93e4c6ee6b5e664f63431f99e50574" - "7c24377e5930f13492483e6cd06ebdc", - "0580d4707c97f0330f908042a6cb2a2b313f07bab34774ee03bbee63a4ff881b68def47c" - "d300fb49deb49829bf486d1efad39b8"}, - {NID_sect409k1, NID_sha512, - "ea60266f1538565b3ff42fa4bbfe319be070329059c52c8bc04a7da2824f209c1145a05e" - "551ea59ded8ca8439c328f6907da4e81d658937df614be98c7b8648818ea80ef40e49aaa" - "4431f4a211d62acf2611f5d60c446b2b25745078c643859be1b12b3141a09ab765dd63ea" - "1f2a2df015eca0840087a5db378c4c4cce76cba7", - "033bda0a02badae08fe40c239b9d59e5bfe1c4d4b9b7a5acda6790bfd77ad08dde5e93a2" - "da80ec54a7f88146d72218bbb88aa10", - "04002dec536832c8acf007daa66a47e4eeecfb6991a359f8c412299ef56c6ca2faaf18c4" - "db708493e84786a7837ab74c5fe0644cee00906c8f603b579cc2384e0803d31d577f7c91" - "c55406db3b2db91bbca323fdf3cb6d010617ad1aae7bf414c4d974f22e6f05af53", - "051e8d027e62db2397e4a807d98a24455a76eff6dc259ada89e794dec1484b44724894ee" - "ba842f60b73287642570460896dbe77", - "031769e6777444095d934d05dcdf82405c43ae91ad5fa9201568ae2aba25712717f1af2b" - "8f49f6eef373237bd70c34889d0d271", - "0023498aa50ee095f33a4081bfd70a9484089c85fc7a4569f560ed67243745c823cc0217" - "d29e2938f06ba9c8790650d10fa5b1e"}, - {NID_sect409k1, NID_sha512, - "82f38c9405ef0d26bcdd5b3fce4fb0060c3095f61403418e17c337933f0563c03691fabd" - "32ab5e896c593439e7492a9970ae325c67196d9e83fe0f9780409a930326f7e6efae035e" - "f8c321cb9ad12461edd5cde66c04739fe079db65406b3c2d22f2d04b1a4335285513d4ce" - "b901d2ca2ad10c508302266c2cd6079ff14eff4b", - "04ff431769d26b8837d3e1295f5464fe82be29edefba76323e92078a6483ea0daa962215" - "49102509a1bdcfd46a5a2e5de10c39f", - "0401beb74d427d849705cf26e26312446f27a7c5ff26ea9dc1aadca763254fe53a622de2" - "9cba4fa81ee2f9e0319e752f72be46cc7e008dfcda35a00ab77c3c47dbc05b0678cf561f" - "575369507097833e86e523dec879e0ae9583b4261f7a73c9dbd417accd4ae6688f", - "005aff3ad332af23e0dc38c16853252825076d602ed4c6d947be751af5dff3f59611e616" - "6c31740b5e5a167260adf2a5466289f", - "035c4e8e1858b9694cfef3e864ed959638ba309ba2066a28fb9d0e02a66cd4c187dc6fd8" - "ca5fabe68acbc2074168157b685aa6c", - "04ec2db89645018f9845b7ae31b8418a767e3570d401f41db18e424fe861bf09114d7860" - "6a056617613447d125a283be5bdb6ae"}, - {NID_sect409k1, NID_sha512, - "d8506fab4f681ba4ae86066aed447571eba4fe04e6585fe3be6af2ab1000a3da68c5b0c7" - "11a85ddf3a40cb7c8944eef81f2094650459e14f5b848e6add7e580b0198070f873eb3ed" - "5d0728eabd92bc1398764b94cbb4cdd7cc2027b9762dd10782658cd9e8a5022ac062fec5" - "35d892198c8a387b3d2b6f7c92b1af6ab7dd9e4a", - "03f85ca1169ca7e9df44cbc6bc7d2868c9d94e8f8b699a42ca492dca0914eb5789a90322" - "18dcef7f95f959c9554a1cd83360439", - "0400aa3c77dd4324258bebe7da5338c772d3496e3fd0e57f455459542f1a1c5b47692f51" - "c3815c9549d0c23fdc1ff610fff6847ea8005e626d6aeb86dc51f3b359b10862cd33ac99" - "27e38127f7f17426f2369d62132a2a62fb6b8354c5ca0b3e5c7c87117b4f777a0e", - "0495099cc73c9930333ae3f9d0b7057d7c70e2bc7c805c0c6a44404739b3fb68f9fafa53" - "033b54b7ad7bfaf4bbf7baba0dd5a0f", - "005612fe87c6a3a164d269da902aa43c5a4e0333770ea6334f05750be3f31ee758d16929" - "1e15b1540d40b60d1bda279599f254e", - "011a633bbc058550a597585bbc9f33099eb517795600b019255f649493d4a6dd533be8b0" - "965d9f9d9698677491bf929198ff34a"}, - {NID_sect409k1, NID_sha512, - "b3f30d34f252a4c26f396079e773142bf61c0981d912333ade3de4e27cbc72cd8a16b318" - "07f0c46116f87accb854487d83ec8c6a61565e6fca145eab70048245db08616779d7047d" - "b63aabd90dd15acbb05eaa510072c151c0518f1b34582b95f43ec7b9484b2993c176de79" - "e84566764467f72392ef31619426d159c91816d4", - "03a97deb36d68f81f50c8829d412ee5de7f9d775633cb69c09dac558182039e275fc2582" - "40517a7c4aa592e364765321f27cb12", - "04013f0f4c16a47ec3a46e7a088c1b6a63ef61eaea46aa9b2c532d8df84dbf64991bdc2c" - "81ced3635e562d1403dbcf6aab2f8aa9da003aaded3b99a454b820fed989dbf6430ddcda" - "67db58e356397d06aa137fbdb365ec43994abd9c0a9fadd2887da9539bb4ab3c44", - "06620ad14a5835b9e9e104607c317cc599416683a60ed8865acf78ae1e861246567cf9d9" - "1f759c2d4c82cec835a4784d3c231f4", - "068faabcb7c716fd73f129ebc6625f5b4660a88e47dc7dbcebab321051a61e46b74409e2" - "b0af420e1671ef4efe04973c43471ff", - "06851e5da033da0f28a89dbbdabe93ef11331c55cc03d5b096c0522370be681241fbe71d" - "1349f219ce57761c85fbe208ac36a36"}, - {NID_sect409k1, NID_sha512, - "0fb13b7c09467ad203852738eda5ddd25b17d330e82c279630b0e1f0c86681f67f6e537f" - "b00da9419114973c8559306de58b0387d86e52d821d982a60769d2f15fd5ac2ee6dc55d8" - "ac04ee247282cb2866b8cb8b4d7b4b6cfb33bfefdff09a73d727193e5fb939ff66ac5fcb" - "644a44f9083a790888cc538c5eb435243c6a34a8", - "03b1da0ffed24e1a3b5ba22bd684337f6b08053591620541bdad50c761d66201a2cf21a4" - "cc636426456525b598e96baf97d9851", - "0400116a1790e621272b56cb4579ffe6ab629a2d077b779b73e039d74f58c476283c110b" - "b18b9c9ed63de7288dd678064de68b7df60122b43afccb88982f2e07ff35468178572bd7" - "2b644322d9e1ee68f78880169a83a5bb88c6c994762a7e8d80e09333487ac30fa4", - "06d7a24f0fcad549e9c36dbc70ce264a75eb37b74db98b1f6a824ad1e5635be9818f45c7" - "544927807dc0fb3bb5fd38556e8656e", - "0232339b50bdb772d15f2cb8973f6dd9397af45cebb69adfc089bb802e9c4029dfb2078a" - "8a26d7197de10638ce512e5904ccc5d", - "056add03244174966d53105c570e8fa660ae8c5d53316a24cd26f24e29e4b7459f4c9dae" - "f07442247b63665f97a3c07d91a8706"}, - {NID_sect409k1, NID_sha512, - "f9b8124281628cf4e1da0cb4f021c8d19d815644cd80c7c8de4cc62722904ec4cddd26cc" - "4891f30b15098a25ba6923c6abf4774deb6e1883fbb409862f94467e75a725e7154be860" - "fd58347577c83adbf18535c54b102220197afa062cc1c84f6094490ce488af4a08d2c5b8" - "08a2572e18a59de96c87162f88413795351cedc1", - "040bac7e0d3b54c7753c79d43469e310d876015d948fac4e3a9765444754476af72330e8" - "8d79ee6119697aafac8435ab5690754", - "0400bd4fe8daffe47bfdfc43deca20b15da7c999084bee8983c62e3dd33740143c38d8f4" - "32cbacea51e6f53994265b2d8f4c393f6e006d88c33c31f4e143b13bedd5738bc1191fe6" - "815a099fb7b44617fdeb08daa0cb74edab7f9a8c67ac1e9c0f0fb21a9f02ef4b6b", - "020f2f6fcb3e471d47f21fb15301784f7cf3632dad3627a9ebfce587c0097871eca580bd" - "a051b100f991aa6de5edd3a7684e839", - "014f8884b5107e9ee5cf6f5d137ec9d59a85a6fa0431053d58a1400fbf0d518e8910179d" - "a1160de2c6cc8ea8ba8f3af8e0e1f6a", - "019aa8d55c8d876989f9b9559db0576f91c4610dc9187c74aae2d4f212cd94d90dd81ee4" - "483d88d866aec1ed469c5e3eed7d90c"}, - {NID_sect409k1, NID_sha512, - "4e3cd6100520db050af0daa69fe3cfe6603a223d4f2a6318fc5836db8640d4c7fb80bb78" - "1302036d2d6fb8e552b4eaef3133b98ba2d36b9ef0b86243b0391413c73d48ecbf1d1917" - "0f1b3b781b35ffd316afb1d55d1dda8e91eed5553780cb2714a93e7ece698b832e853e25" - "89c5ba2b8a997bbbbf625071ded66762af8cad42", - "025b7eb3bdefba3c5134438caf968f615b315204f348006f82e8d61057a8a8a853230cf0" - "500f9d0b8c1551a59b9184862dd2ed9", - "04017d2029cb711e52df416c54b63a95a66602a1d15c3761d91071964e0128c91ea766b3" - "d409f72d9fbb5161a459c3fd7990f87d8801e71a9c66a4d4dcf199aa329e44b99f80640f" - "c760fa7326f29c273aa13b153df5277feb3c049e407630173fdc9f735d7aee4e10", - "0575aade2692534b5a1a17d36c36973d24dc501c75c3b0b497a3d2fec80c67be7107988e" - "47199d4863044fe9176762497b5aff3", - "024c6004fa92cad446b8339917f517f04d22db47b3f9bdb83d863dadb5431866ce21b13e" - "780495bd66152ab33eeff8830cf8538", - "034aa568aca7be851d276d2235e42b6624df1cce2b97f6413dd3fc506f0f18483f95f911" - "feb0eb220415ac593f2c93dca0808fb"}, - {NID_sect409k1, NID_sha512, - "5411708381a65bef4381c9e13a04cdd5ba0c15829f7f25ccadf695f635384d8e4704cb56" - "2741747831b33852567f42fedbd190d2980f1bc921ce01c17d659d4bdd7eb787b3927fce" - "e659dd3b65132496c687f2249272a473d46326e66b3cb78dafbb522390162c168f73bdec" - "88adb145e6afecd561979846ea4c8cee38dc1686", - "0673b3a2985c95904732632e5d988d8d437a60db13215bb6aa880b348f011c609a1e8604" - "61427a8cf0d622abc47f910f5c97ffa", - "0400c4f1c0cdc44d867ed38d093eb967bfe285df897868c83ffcc0c53463e3852a1b2039" - "506d9508bf01d0d79ae537e42fa2070a5e00c2bd9343041c2c4100c5d795ef355c796a6e" - "a7954cd729e11063b14a27fc2c3a9ffdb3647613b44238eee17d9cc49e8c5dfbe0", - "019a9509f5f6d947532638a3c80782b556c553edaee9ade91e457f7b5d2c9055572fb116" - "f52cf4d3a2a0eca72fcb32b2f58e952", - "02def440e968d17d9904c5640619af2f447f74b7c067537db4a15be87df4fe68f4489704" - "7fa8af146462ceed4beae36d54e1aaa", - "013d5b00fef639c556d66420090c2cab1edc57b7257dc35addd62a5337300e94ea7ee116" - "e06b744da1b575d90da81e8ae2cd424"}, - {NID_sect409k1, NID_sha512, - "23757fa60fcabf543e603d8b31ef0cc99b3ed16b4816a84e01dbfc858872fcb79fd03d2f" - "8a1d4f28c25dc42a39e20c34f81ebccda1682ee9bd22fe323e7f8ea90cf4a2a6ebb634cd" - "1153cdc35f7306f28a2efd822bf23131baa1543d0ed5ab4c8168d3199983fbee117085f9" - "0550ec3ffa2b06070d3add1d707fc2593285ff58", - "00db7dcac414010b816236cad584dabeaec1da76c97182d1b62f87bb7fe2946a64d10430" - "571b2b29ccf2ef72c969a9f045f1f3b", - "0401f2a6cbb9c1fabc8db2848c74d918312267888d822b7dfd1634a543dcca4be7c99723" - "9f6281d1d8b5da9adc694706b7b19cfb0c01bde57a2ac15f4e6b26a373a624588a3379c8" - "eec758f3c68695e2eb1856075d90085f43283d982526c5e57913cca5e2b4169f8f", - "05a3d856ad1d6164993cc59e70f8551e2408da92c7e6cd52df51b37dc22e9ebc42fbe6b8" - "3c332eedffd4086a382056175ad7009", - "0489b0344ae4278a0376dcc64ef9ba8595bc2fd62ad22d42fb431d2863d8ca353cd9e59d" - "e4ac10108fc247d6ee9ef643f6bdb3f", - "06aa27335e15dc910515385764387798cd4a9b4cd6d99d7c42e07fc04e2bfedf8dfaa7bd" - "a396f88253357d3e2545e895d9aa3b8"}, - {NID_sect409k1, NID_sha512, - "b976314d2f066f8893307a726f450dcf2cf865c170e90e6908ce9787eec48e1e2119a731" - "b2bec3c12fd4e6282a393774251bcaef91af6ce57c63a8b45bedd72ab862cd169b7c84b8" - "f6a72084ff823a96f2f8eff3483a7ebfabdabf0998377c5a6836d88135cf61c65a0ca7ca" - "57727da68047dc635c17ad13731035fe9a6402af", - "04717efef16e1ae267e155aa1daabafc68515aa391dfeb73c13d01f3132bd22c984228dd" - "dc4dff4c39979e7585acd3f730cfcfa", - "0401526c58a3de46c95cb0527869f7d637f9441cb5504e6a01f339907c6df3d079361a41" - "571cf0a0f11996028a41682dab5decf78601581903be8a19bf8bde1d89bee0d436f061ca" - "1a3ddded4b7793fbc32ff852671103f34e16d469eacdbfa457643d1b18dd1c4107", - "05c846bf61c068b421efc472469ab1ff8d9f34847ae0065ba6f4a000be53727b3fcf97a7" - "80362566e13ebab84b9ed5f0cbbc225", - "00aa138e742ae81eafa820632f31e87bdcfce6b909d85805e46d87d1cdb8b968907470c7" - "ef5806accbf6245628c70d264fdd95d", - "04df507115384327f7b8311dfd1227c19a6124cb9bb5901bed45d8d5ca45db0903f53e7b" - "bf136350e66bf2b4f3d978f8bc546a5"}, - {NID_sect571k1, NID_sha224, - "964ad0b5acc1c4db6674e86035139f179a9d5ec711b5bae57d2988456bb136d3aade7ac9" - "ef10813e651ae4b9602308b071d75a934a6c012eb90c5eb9b2947b50fc97b1d36c5bf9eb" - "13a7b06c94212c3dcdab402a563262298defff62b836ead1f78f9d20713710fb48115cc5" - "045ba15140fbb4bdf516e4150d830d02cf30963d", - "19cf4f4d06825499949f9e0b442586fe1bfe3459813a2b92cd8de0f775a4735e02655702" - "ead8e60824180761808d9e816d60bdb0238e1e8039ca7bb63c92e1cf8433ef447e64ead", - "04007b9cb1728cba80367b62872a986e4fc7f90f269453634d9946f79b1fedf42ca67af9" - "3e97ee0601bb3166e85357e8b044e39dcc19e608eaaa8a0066ffc48aa480c0e1e8d5569c" - "bf0580858ab9223c2b2ea58df506d703d64b387a78ef43846894e7a2e47c02252bd2c1e3" - "d21ada7c21d50a08cef0f9a189c4e850c058cc57c37918251b5aaaff2321d7355b6b5556" - "44", - "0726d5e317f888dddc94c73acb14b320ff509908052868f8c6b14e531ca467c1f7c82874" - "76674efd0d636ca94c24a69d15210bb43a368a11d3453d69ca80430cbfb8b6e45d8f21a", - "04ec6205bdd8f7eab414110ed620dd3fbbda4cb3ad9e5559a114ca9344782847621961a3" - "577cbbe43d94eff6ffc8dd7dd09c049239f026a928301ffcddcc910bf196853edc86d31", - "16535b1af98a75b9bc0f122ca3ce23a01800fa33b43584a94fd8a8d6f40077eb739f07c9" - "f0e179a157a28023735fc8da2e2ebbee5f7308925900e657fae7c3b321f14fc45346f89"}, - {NID_sect571k1, NID_sha224, - "baddec4794effa668cde267016dda67bc70b847919a9aa595f93ba9dc27354399ef7a607" - "fbead31e57a8ce698beabb10f313d393980425e67cf95be45d512f00e950c0c5409573dd" - "c3d556f23daf056259ee8914e860562a674311452fed780b3e0317a7fe93baa81fb98df3" - "ae4328b28ad0ac8f8ea33efe24faee658ad026f6", - "098521a732e72ed945a549afc92318fef7156ed1d1ed9bab93b581478cb2339eb32bcef7" - "05c9bf61cf2873ddbadff8ff3806740a2e30ce67d1807a8179dfd5d952e6f8a583baf81", - "0401e09410bf4f84d53a2abf8d106fc64e643edefaea263dc98c308aea16ec75f083b3e6" - "b442ab261226c59ca5fa622db68f5cb5f2d1d465b01d0048554b0ccbf67c0aaf934d2365" - "f60361e5b43d313a62c7b3897c7db8a42116127138a1009f0bf9892981fb4fd6ae231b89" - "40e7509f96e2a49285143010dfb4516ff810a91a4d9d2974c522ff343e93e8aad00aaa78" - "b9", - "128056de96666acd09b93c5db7ba1b8fabf57251ec480d42b702940b5847d2a59b04eb51" - "01bb3990c3ae2a41181f19a2afcf08424f8b922a95df6b292b1856dc4a9dbb1c717ba5d", - "163483a7e0d1012695ce0c113ec8fae3694bccd40fc038d4038f81bd39e71c969cc7f0af" - "8313a9fdd3d028ab24a43279569dcba73fd78ad74897964ae715928b1cf7fcb779b12af", - "10aac6929432a6bc7e12ffa86e4d2421e0535fc44a1160fcfbee477c29a987e783a7f753" - "eb2278ce08954c7e90284d2ce7c42de103a9c59d8e4c459b457688ad515cf156cfc56f8"}, - {NID_sect571k1, NID_sha224, - "7ef7138fc657492d229054f8a50dcafcfcd1dc06f1c16640af3f658907e2969248b54416" - "066eb119adbfa23b8dc578aef18bba79610b9cc109394b900a25e55a779230bb858b2ddd" - "9499a7775d392328db9177aa9571c2f61dd52010b48502154e914a0c55a54edcc04a6713" - "cf7bda8744a893926118b09df877d1a4f3d95e8c", - "0336fb21549e397a190beac38a1ee10f0551952da15f71e11dfda415e5ee08da2356f114" - "d450c661f52b2b32cfc7b9be61732672691a079f0927989b7e9f4efe6095a242155b641", - "040316800fa2d8f8f3f9aa87ffb628dd7b2f63d4d8389ee86ed41bd4c3eecd3f3836ba92" - "e2ff7ee5626213f9ddb41b43561c5dc0bcc3df0a872e4b8026c09c7b52b89b4975a43f60" - "b00207f956df58f75286232967dc1d3e6507634f45c0014c48b42868fecce5b9434463ab" - "fcd2b3722a7f5ed25607270148466f6ffad6a8c86e538640ece80e84f7368d33c68807fe" - "d6", - "1517b3524b6d43dcf3964f7c35c89bf14dd1542c37606452e2035ff0bd0cd1edd6d7b801" - "ecb1f573e957131c0b3f30d5006f6e4748a11b9db10fad41961f4ae53e848c6dc6e1a52", - "1ffd4865dae7387ed797c5ffe58a929cffeab521e48284bd7d4427d5856e9d2582b91363" - "f1d353a0ab1aabfc132a778a516d4033c64cbc991d724115d72ff8e94ab4f95a9514843", - "10f010aaf1bb714042fb8cf06a9501dfd1ffa598d6b3e68e7addefe00e18f3a5db8414d6" - "25e374d9ae70bea43b57c6be4a590c28e50a548cdb2e30dd9d6e3ed1d9cdada9f8b0049"}, - {NID_sect571k1, NID_sha224, - "d58e1ff1d49a471d0567ecf8f29173dab5fe5f6184ab4cdd095c231fa7b82551f99a4829" - "94a46c3d8ebc07297fc9e952a5dee7d5f199b119f6f8b250f8fba45701ac252db725e75c" - "4da27ad77d59a4eac448e54a277986740dfee6596811e59afc9755e53d24b826c09e497e" - "29e69a22bbc85be11763064e9ecad7ae66458ca0", - "0e287ebfd9ba294128cbd484fc5121d271cd33e685bb1804f09b40aaacf64b5a9f2cde9b" - "30a4a02d3a9bda97d92f46bb8787b3c61f280b1e1a0680f1f0679d3bb34d53725d62e52", - "04052903a7afc17cce078b4b658766a67f2f75ac04e296757fd762fc05d6a7b4e4151598" - "a872eb4618efcd06c43cdc3e54f437c0ef1b091ab5e4927d3ab4227fb24d4413e0327abb" - "840385e808bee8dad1a1b84d644aa29fec324dac2242709421479fa7a712d18b54db5977" - "8724ccaf4e51a27da090c6dd0b7967024db0a8684944b77295c9624ce3aba24ff48c86ac" - "85", - "15e8cb22e371965801d99407d96200015ba58fd7eaea52c03269d8a374fc7aef17fbfd44" - "80d29b781292e179936a68ed175802f34043018ed1d6b5a4df667d859cd2ae53ed3cfcf", - "0d3a57af73b7504ef18c03ed2c52aefe1d1a3f0e27f78c11d45e9825647d5ff6e97af51a" - "5e366e52e01e5e832e4264a1d5b6967cd9debda59c955568e4c8bf804d843a49a0c5401", - "064fd7ecf4470f07b4df3b3046041e49f310a463210571606f00a1915c5220a27bb7a28c" - "d0bcdbe374651aac06d4d9e017e31879b7819301eabfe3a7afe4b53f75ccc465815b4cb"}, - {NID_sect571k1, NID_sha224, - "4949ba765c14c31f68ee0ca26bb42ba2edee63537de4a6f5c42bbd862c21288d6ff48145" - "260365193c6fd2b56dfb014da26b8a483776b717c6874f627c9a622154b824565b23e178" - "240f53ee9748c45759ba5c035b584df0f09504e95eb9bce0301653aadb860bb25e6ea6b9" - "606e0ec3bdb8089e6aa0d5763d331757490715f9", - "149de496fa8f88b2741864d0c35b3df666b87179b7bd06cd426a45f13bc87ea9f50dea85" - "e1fd02a532630e0e3a231cc3e7fbb7c7ba85b40cff1124e72c677c6a3ea6aa40ffc64b7", - "0400bb610e4308e229e4b4ddddff5c4633ef2ab40bf74514433bd068c7d59a6260ac7936" - "6dcdc039d5585e660a4cbee990a2cb55a99ea3d26dd9df856b0f3ee5b968bcc349240a9a" - "2d03e3ef4be63fde6ca09f12f8220e1d9b5016f267ca5aa09a2dca8a0e0feda9647fe0e1" - "f7ecae7147a10ff893f69a4f74172c6e9a62f0c5bd96d49b47379c9c84f5ef8e59dea104" - "bb", - "1cffdb963c2c8b8609809e998075299776b44d2808df509773f310124b5f318d7431f1ef" - "8b38fac5cd5580348abc41e6e6396767f4780656361dc9a71dcc8e7c9239d6eec5cdb94", - "0982b9989c92e1a5d25dce832bd8a3f602f0eaea69abcfda285cb3841fe3f019503e6faf" - "8a693712380a48a6af8844b6bd718f0edf3b57662a4fe82ee28d036ecc4cfc7310871c0", - "1678bec58d69def3fe35a64810b27fd06bc29d165593990f6f42c4c7676fd5d4a965fc92" - "cf20ab8616c7ac7b4b308ce6290c5e8b4edf6859fd6f6f01878f2601e22acaeb5ce1f36"}, - {NID_sect571k1, NID_sha224, - "5bc63e5c50b1650f0ed4a599960f1e4e11f6c151b2123fd71d9e3c44662312a74b685429" - "0628e20b30eaba81555acb2fb49b640bdab2528619c7fcad0f2a2880c7ea232d427d7c93" - "5fba2313370fda8863a7e7e203d63ea15d0cfa083e716ce6068c63fa616ddc225c9e413e" - "694cdf6b355cb1293af5d6cdea51168f5634e878", - "17605d7c5873d870462375d741b4bc6375f3d47f7f5e9d998917adf2137a81e63b66917b" - "3dda8968930c4b850f2270eb3187fc756e2beeaa67fe0d73053e6cc0ff0004a21250551", - "0400d8ac3e76c25cdf4902426569763f4ae0638ebb1fbcee6e12a4e0b89d6d451cf420d1" - "0441a0a9984710dcac13bfd7ba70370afdfb58e2d982ac367e178f6834b4cd2d232e7f24" - "6e012b5fd5b686e58df08b695fc333937eafad6006be5a7bfb1426206102a79bc32fd9ef" - "46e19869448fed0e917fe059b76c8b5a9c403c3921ad07e6c19ca7bbfeff5491b22f8bb9" - "61", - "09179b3ea906137dcdbb97b27f3690bbe3bc4f1f57c46ed60b8503cae97602717a0724e0" - "55a5c52199ae3f08f1586b87fbbe514667d2eef2fe44092f3c916976c7b71eed67e8fb5", - "05b28342703c83ec2df898458fea6f71030e4e9c567d140ab09cc95df29ccfe199837cd5" - "8ed00d07241988bf3c863504d065ebbeb8ed11cdcb02da0a945ff38ca58d629f76832f1", - "01442a5606791569749b5a9f20ba8eaaedd1a2ceaab2ef55d5d41271ba23f6a5b6a33c76" - "763fc99b291b07283122596a3331fcc9ac038447f3e0cb54872c140300fea65d7809191"}, - {NID_sect571k1, NID_sha224, - "610f6633718e49d232b3798654095e2efa0de11f41258b27aa01956480c870d901efa77e" - "109d5f95f1f5101d3c90fc51312d9b3019d2e42e0067eed7b457dc7fbe5466923b62c83d" - "7347e4dada571b57813bb9c21d5e308519b8eedb7a7706508ad04aa69698e03636eb30fd" - "9fb363ef3a185756494ee01175b16847f5b68076", - "09214dc2da0967912c31995cb8f5bcf4bfa832c5a2d3610f3a9857e5eee7c77100d599d9" - "ed003b4106013155dffd6c48859b846e45e0ddbc5fe24f4891c9b2df51407e9cddbd974", - "04064376a92c1227c1c479260c7497147760c103bfa5be95ca1593f29a851daf2e5c3a5c" - "73c1fe3e6e2506fcea710254ab5eb2daf8aaefc19cbce7b1c4afbaa2fcda1ef85750fc0a" - "3e070638482e5c7c17a82980b863cde11294c0df717bfa4b9f884cbbbbf80a64dd2cc7c7" - "d89ed21e10561260d372da2fb726de71863f0f60e8ad0fa5e74fb5d29bae0cbe8ad6b32f" - "6b", - "0621176102c6ebc2c810eabab9f60feb71083c07751c66f719370713ec2de9ee3957bba8" - "d768b076885db1f226a9d37588abf1b141d81b70f0af711c52edd30e92e34a1d3ed214f", - "1a21d460ae85d0703b4b10a2f77547e45135048ffea590ce86e0a1c049f8a4aa7b395f72" - "3b7480cc84e33f4772df8f181f3919f3c0b0b4f276b0f855174103a2f7bd757584425cf", - "0b56bbdf6e2be1b9e754f9b48b3ba9a13403c17c5cfcc4910112704aceea9a34209df406" - "ee40e0a10cbc26d03839f95e775e80ec5e29b156fa277a5ac68abd99c7005ea6ba2695b"}, - {NID_sect571k1, NID_sha224, - "c548f0546cee0c0400401cd540a0aa9377f27ac64492e6baaf38e794db4df83e64ca3d83" - "b67bbb46a6c269c04c2725287cce0dee984a0d468c9ce495a7e554a6835d72c7493bfe88" - "dbd5a044a148c89001b8087fb03e57c2b7212d0b175d616333a9affd8a1802dd49ba9be3" - "ab6c6d9f99a5578d26cc4707a5860c6c804d69ce", - "042f2682e9ac8b76f3c0880e12c292524601dce9ea6982dcf68bfdb0d3fbfb50dc9229e5" - "4149ef09b95bbf624eb04ce1427077f30d8536be9f69970ddb449ca22ab8368d2689ed4", - "040116135b273ef876453b9c4c39e4be5a815874857f4a72602f0d03b4ecd9a4ad73b906" - "00c71111e317df0782fc92e6ce2b194c204340bc11e68cc22ced38e99f90dbaf0f917e97" - "0d036dfa65a6e9d0ba521ade7daa2f6b01e1d14fbe7b5abd29ae71c4eff66c390914bf46" - "f09f4ab8a06dc0fad6fa257a85f993d6829b5e0add5086b8fe2ecb8027d08eec1bea981c" - "c4", - "0bf116711b31ca347d41a6cee5aa13a74e042ffbf79d2ae9448598e6950d721b3773ae6f" - "25d7b49ca9dbcd62feb011d5d556bb9f8a55a7acc9a3a166a4169351bc31a293db68eed", - "11dcb7f4103e814439df22764f776a74aa86ce9717585712b224803f0ff193d5f541d941" - "42812c726b75e8c2c37f2a4c33db6af118af73d3ec4fda49cfc911fef1eda9a470ff200", - "15fa4ada3a6e95164aa8972f14ab7572a3b898feb6cde160b8f25094f67343d35e6efdfa" - "b18793f77e09e5a42f56bae747b2b66fa9fe1e4a97e5e05ca743c058b1024cc848393b8"}, - {NID_sect571k1, NID_sha224, - "9431c6c5237f6b4b35682a0c32f68752035c8b295a1763c5dbdfd73466cea64a00ecc113" - "56d02d2a9211dc54548f5db1651e4471898402c887fbf45005a3bda271df0158c98319d4" - "d6751b8ca6b07100182957d5fe0d97c4e2294406f83e9afcae4850bb089f2252490417b5" - "afd8f07f4c795fa84c9c7cdcce26bd97273c0072", - "17ed9a9c75cf66528428e85b0f019e3488af8b893b12023ff1b4ca9c3691b74e594539af" - "a0f4d7c3863d15399b862f15e27bb077392d6bbd546ddfd46728c75177338466eb2f4ff", - "040760779389124c702686d8d7c25dccfa74fb333317bdb414965d2c271ca5e687c4cca5" - "7e6f6149e1714551761abd4d651e7b04451d8be8e58c0c9e361fe0c6771e3d547d6ac3e8" - "cd052d5725d14b9aef93b83d638377f5a19e3cd6e3584121fdfc2c3ba1a588491d7e9892" - "be081c9e7585a15b37a9cd4c204054dadf06a9f4ebe98f95f6554941982faf109c2af98c" - "65", - "104ba3049a642d9b49c4302e9173a9efaf215b67e060c5e9673521641c9c2a5b14bad25a" - "448e46faf73810979a3a50104ec8c5230a909ae588213161fbc10381d7c75b35c84046e", - "1bf3e89fb0beb1ab854a5513278dbd8b9c6b05c94ab67145ceb1ffcd93d1a2aa374db46e" - "f327043518a7f272b957dbbf9d6cbd6708f4c89f05865932b7e816b12a59647d972f6e5", - "13a8c121c9c170b244ae3a55aa2d53f4ae5af91b1f72c066207e3f52e44723bd4ae419d2" - "4821b83648cd64fa70536605912a5a9319dc446a6b2b639cb99ed2485271acafc2bc988"}, - {NID_sect571k1, NID_sha224, - "417cd5f60416f17081d2c70e9a510114e08be83573bf9deae75fbc3095dffc8a7f7325f6" - "1f9d6565381710eda871388cb17619e4448836076338ee309a2bba5f737319002e259b4a" - "875cce1bb97996101c9a7abe0278dcac203a712f0809eb3c4b85a9c380550ab0bbc5067a" - "8edfa78abf03c09b5c08f21714e1022ebfcada4a", - "1bcc09b3f2f1d26ab9955bff7e8c0f85c8a61293511a196b53d7963f4a4503849c96fb4d" - "aa68c9852ad9185e01a35f0bf298e34a09ec352cb6da34f89a1f23e8ea27712a8f43aa7", - "0401326341764a4aea222e7413a4a6f7bdc0c35ba246e3c68728ce06bdb19f2e1b9102ad" - "d88a8511130ff48c0cbe4012ab52de93329670a319f6b1e7e7dbf177667d4a98d3891ec1" - "4707a4aaa73713bf8fb3907d49e5653cf82a9587518c2f8269cd1e556a3be3589dad4c23" - "8e4c80681e141be93c318f0efddee3e378cd46512d778b9033dc8706bb843a3c3546e76e" - "4a", - "13412a98a2c14a9672ecd42db9c079a689b147ad91869c3d45a7046aa9dfd3f31edb43ce" - "6b84e9edcd7e3ac6b96d89f13878cf5befb052a6f8a4e5577bdf916adb10d908d5e99b0", - "11c8a92044a30be397007a71d9af3e4222556a10f3a07a1521c1bcef73b4ddb94fefdebb" - "a5944d5bd91313560718a8f520bb5cd5666539756a5e9b66a1b2d18fde5ae72e61d584c", - "1ea510e23ccc7596db529dfbea78c99fc78ae53da32ad7c7bdb1df01039310988ea60182" - "8fdfc59a0cd237110cfee9de8711c073be44dd4d04bca4b1cbec278b1a9ef175d93f70e"}, - {NID_sect571k1, NID_sha224, - "eced8c412a153a643ccd69596389f83b6a36880286f8aeede503452bef8305942d95734f" - "b5733f37ffeceb1c2dae7b1396c3323de11089082745c28a1756f784423fa7ad68bbfbf0" - "d93ff8b7ad62220500df6d6895788402c1f5c69c06dd9ef55e2401cf297184e411be87c1" - "bba657f847208c0e750f94a3df92f253b377b4da", - "0ec52fc3d9c272ca80623e06b15c35f349b13548ef7ee400bbfa04196850b3b8cc7b2392" - "38c827f9b0a3160cd97969ce21d66752791f5896e0385b0527d4d77e4b9fc70f04d73b2", - "0405cd2e63dcd48fc793c18776d030398dfe3f8b6978eec6d23f49240581fe1e141f6674" - "98421f4c40a9430587fa282441a78bb641894cb79d929c299f1aede218a0078c247f7402" - "5200cd2843ca87d98f6336c0adb97bbb9c5293a03e5b86d5534e2849ebbd73dff837ffa4" - "88fad7d134908234d0d7fdac8c7fafb4729ecf0516c42995fc9337f60db2f36eeac69a4e" - "42", - "1c40a15fca0c959852afcb4ca6cbcc99fb680950c64ba18ae5388bf783052b6ef3730b1f" - "b1487189ad983b6a68bcfbb707466092da52ea8893d8bc4898eb133fd771e78379b9c13", - "14485cb1caf1527350587d6695ee3df2b21c13084df0c093ca5109d7c192e7e5df2232ed" - "e11dbe5ff2f46b13dc2dedb709a0fc1641c1f32857040147599d8f179fea6b2f2417646", - "1a16ebf12c11d2d0a64b7ea124623ffdfe2650fc9603ded571e76dbd7e3b27cd32fcb709" - "e2ba04aee0e8e1b942a4e829cd0c9683aee67eec27d4244a2cefc36f84f7de209e22a62"}, - {NID_sect571k1, NID_sha224, - "30e83ea39a92036e22b7bed7639eab5e5be1d00c20b4a9b9afa9a0d1653369cbef363c11" - "9cc6f921c8f84663949c8b8dc9b743ac2b1861a480476e9b64c8f333f34b6fa0e1ddf09d" - "49618ee4f3c1f46751b5595f0aea413d4ca46f3c26b974b112cbe99c813a96a4423764c0" - "69454946f213c5f066ec38108f947abeeeb02fb8", - "06403de7627de22d1dcf6b8da5af62f9ec59ec065cc1ca1311bb98aa439a6d5985619b17" - "c17a70f59e17cf180ea6828ef57f5f1f8ef05680a9fc12ab7faad5af61e4e11fb45d341", - "0405575c329d73f261ab6897153d7261f87e9730eb5dad49c05d782cb02e483fac4a9ddf" - "f31d2fb695a62cdc44edef6398be8f4f84aea1d63d0b3a771fe91889dfac4780063d2583" - "250183e63ee783abbd00547567bb99e9b578ad8ce63d229db41c6877534487568c423d4c" - "389154af9627708d8d8f863597bc668e88f9412b21a6696d07bba06fe7aef93b26950c69" - "ed", - "0e751a4918643ba3e68bd9406a4386e876d0d66342aefb4ef75bc4dcb8cb2e2d9f8378bd" - "02c388c776535ba85d24b206f5bef4b2f23a1c99fe2f2e8ea201009ca468e5b2e21dcda", - "0ad6792fdff4c621219549834cf03808645171d944088f5a6d3cf1bd826b5588544a32f2" - "31e8428a03ec02d6c1c1243fb6b79b1cc6d732be5be8f2cedf03c1e5588822eec559b7c", - "178b64bc5f9fcedab17822e831fa52d49ed10afef1c5912893df4bd8dc960b474ed25883" - "ddc343341b696fdebd06e177f234ea45553cc83920a8c799ada2deccf1ddf1dd9aed863"}, - {NID_sect571k1, NID_sha224, - "3ed244dc16a5cb292db4b1433b0ca3226913f07377faa20c6c1402cb4d026de808ca74a6" - "d4ecdd7c4e662105bff6edb9fae0117c50aa053aef677c0750c7a446edbb879110030758" - "912e8fa666489d702d8fceb719963b24a256429bbcc869a1f4ab9de9db89263e3684d4da" - "a1df2ed94bb59dde2abba63793e5f82aa2e4db83", - "01fb980aef64254aeb9bb613ff2fc6967503db4bc1f337882f1566cbeb57489cf32e34f3" - "10549f41cba1b951f487453c29753a184e33330e90d4b973d2e406c99a239a5c3f96233", - "04036ea761ccc71ba55aeab229aaf874a7c2d1ec15d821401e2988dccf02798c4e7bea80" - "d9fb8d30be213fc80475a17f45d60c53249b66858d29c73e73117162934dd71096d74674" - "2e049bc28f4d45d29c3560915698d03271028f56c29f0ead0608cb72dd0b62490f95bbd6" - "7145a6c0adff0d6ef396b4deea6a5e2a33f242bf17e907b136c039c127d6012c88b76aab" - "3d", - "0ed404ee6b59ffc445b16f11b9b1471249443f8a7309ad8a662b7cb44c94866828c906fd" - "64784c699cd29d3d972e5db3d42157452630f14536eca23cbbdd1d37e199e5a586fc352", - "1056938496df511d745f2cb88acad279ec2d58bb36498fcd8139d426d596de6d145b765a" - "5b3e8366845fceae91d14075356a32515134e577937ce2af7e732b4e89a9164d083adaa", - "0d5156c776f2184babd69c1f200b8bd94289d45a2f8b7cd8e8afb1455e8901d8c3ed14b7" - "a23b0976b85a22b86f3ccff4ae91e286f696f39646188b675895684f33f0368098fa7ca"}, - {NID_sect571k1, NID_sha224, - "40343935d9423ad30f3fb1832bb08a5d20ddb3a55b59057cd275320db4a5835471c96cfb" - "7d67f41ef860cf5879897b8dcf307bd1a52a6226847b768ea38ff1858f59e64cd635b51e" - "6863773cc6c64b363ec47ca39266422406264668415c189e2f92447ac4c63ee5d74e95d1" - "e6af05016917ad237f482ea0b02aecadd370a8bb", - "1d96dc09dfaf602789c1dffa5c9ba130832badcf180429660daadf4cf1be5cca92fe9713" - "173861670eebfe3a0ba25bcc76aecac60a756f07b69687e05c7e25984a39556469f62b4", - "040452b1cd70e3c88bec1fd0e4b8f8e9bd5f844ffc12f3d6769eeb1c9ea90e5996199086" - "82eb5e43b1d6eea63ba9353fb64b59d6549d19cd95f2f54156c81fba53aa0dc91244e7ab" - "8b020926ca366dc657d133f0ff9149738738ce68f3cc2f61dad590e2502e8fea714b8954" - "3f43d97b46b7075c58375efa379cde208ce769a16be9a377a111a8ac51459840a223f346" - "95", - "1dfd064dbe64c25a832faea1819cd836d22583fc40b2ecbc19b1f5173c25f33ca8cb7f30" - "bcd619ef73a4c14c46e610c8996059612728f508bf7db7ab3191ad61955e8b1ba409692", - "03cbb0ae5f7c0978ad8c10c4ff099767465ed6fefb7358f3eb58a79366707107cc88b305" - "661526f2972bd16923375dd898ae72e81f290b86cf9a4dec086d7ef04d7a7bba5087f8e", - "09f77a86f0da4e35c395978603cbb9c4dcccf126b7cc924cf62732593bb1aff0dabb6d58" - "321debad4410dbfa1fb8fe249bfc336db7669e4ee13485ccf8dbde01ca4cdb9acfe5e74"}, - {NID_sect571k1, NID_sha224, - "274567f8841183e68c4f6c6b36c5a52fb0e88492e4076b9cd768bf571facf39dad6affeb" - "68941ee326ee461ce1f33c26e4bfb3c9e0cae8241fbcc14cc69c1af68701fd0be3def1e8" - "7b7d52b682ebbe1cc225c1bd177b0886e3698a06d0e410a1f92c9bdf7239189f6acde0d0" - "653815a72987671b415d1e8a70e685d6e5b14c33", - "09d98b32c8eacd135ffb8e13223690ef02c0c1f29ea8b4da193502c8cb3f39f9eed608c0" - "2fd457f2fb685ec4595e8fc8f388d26778d225d2b18c9bc8b199d8b65c0d1a6af33854a", - "040775560724ab7d98407e20af12b03634a757037f8b3854957e11900d58460ca20d93ef" - "06436921f8d4481ff9123a9eff3973e17d441511df3cd88d0d6dfc8016d2cbfb89633784" - "6303082aa4a81d4e6f0ffc94511327202f2baed72c08026e05a288eaaeaa36a1a4961f40" - "0b4712ce68778ff38be43adc2222a986ef0fecde62f861575842429816c8fc77797af018" - "c6", - "1f4acd3430931ecba5e9d986c6712467526ed94a0bfff36135da3ba7dd9870ceb38fa0b6" - "58dd391ce658774c6725360dc20e5ef41daa9cf52fa863840ca91053e7287ed29ac69f5", - "0502abe544fc3262663524cf88a5bc256b20829b7bed3e2779f559506adce3c4f3a89e18" - "bfd31819f78ae3809d9d0710c6591b2fc90039328678aed9df2fae38a74b66f69295d82", - "0b2f055248d9633cafa4db3b3cef0b76ee02f6bda3d508e19c68870e76a02c69dd1013a0" - "3fd741e854cb34f815432bf48138203177141be7209e957f4db1a958fcd45421a213c98"}, - {NID_sect571k1, NID_sha256, - "d9c99b8da92d3c2e40dea3c4025dc37770e867c4d2746c4d726b6de24250591a586c166c" - "88acb8ed340e161d4c81b9d14c919a1b06f1feb22c5ce5fca2693bdaf4994ac72c8983c8" - "7f331473fd094eccb3d5f3528e69d487562fb5a65c150a8217192f8aabfa7adcfd0b6916" - "d5000248fbbddf1ca2f38e3d9ed2b388998b7cfc", - "04d873ac744c4f68bb044783ad69e1a733cb8b8f483f2695bbd90c4211282036ad7914a5" - "3b25c3e890c6824643cffbdc4138d7ff457e3fbb99387494eb5cf2bdf1ad243a3a1e644", - "0404644456a4e5c543af7a086640fa9ff6627c2d9f17066d255c3e805db31fb1ba895682" - "e94f6ab96d6ca449b0c3f76bfd6593d182f422689b31d9dc3bc0b70df210a96d19af9ec2" - "ac01d38f8572a06ce22c1586a8329f9421414b334352f1e8b961f7e0732ee01e838eb975" - "bfb2f62132bbfd9acc6ef8899b4fd388c2b59e564fc3670da7a008ca016de678d6dded13" - "7c", - "0b050aa7266201a42dbee063ae2a21398ee1d2a190de9fbbce2468836e416b3ec18d7340" - "c81fd2a5283713f9aba33e8cbb105eaa2abbf0b687fe2713921bcbc02a4b77df21f762f", - "08351115714bc8f29b84a6e3f0a23bdc219d4271a9ee18bdab54c3acc9cb3468beb1f89b" - "0f981da5aa7d7ec7ad451bc5e91bc98440fe20f5877a4e73614820b9ab6f2bad3e2e609", - "0c64baaeed68178f5a1d8f095b0932fb73f9a02462df5e8378746ecf17d05971a0a287d5" - "a8e0317db055b02d4f4b5864597d0f9a9cb1ae68577dcaf7db09c55bf3d3575197295c9"}, - {NID_sect571k1, NID_sha256, - "d2b88a01fa17703c99e5b867c645e98feec0d6d1afaa20a97b5fce9c23f0594460142af4" - "e36a5739b8d26d3ba35a0263caa5429b4abba157f359fce701c43372500fd2ae1bc2ed80" - "bfcaf8cab7016ff93d4a27f565b7e67fe7dde22bf02c48be12114fbff2421517c825019c" - "0ccc72d927bef156140d7f0e9b6ee37af78c3efa", - "18d2eb947297a054f8a789771dd875b12b26ef057fb91235dff3b062916f85aab3365609" - "bd2a38a861439c8514e33f174c198139354e63766942f605107cb1b9709b782622b295a", - "0403f6454f1dd032a925c6bc3e1c62892c1dfaa700d3badf83f07c1185c31ea817641865" - "a129572f3351340fec331f5ed466db7bea3ffa9723c951b518ce6f3c9263a7bd6866c8b0" - "b40188877b68c10cd6ee543cc5638bf0f82db25b9327b2d81269dc61250eecb976d6568a" - "9df29277836b97973e3615e0a4345e610b33909c2340a23c61dcc6e2baf2bc363a333818" - "02", - "0ec6af799d92ab52c51cebda61ab642d4876f374edb17253a1de3e880048355e58367096" - "d3bc0402e4b93fa6a6c8d55c529b9fd68a27962c19274393ebe1bd0b1197a28125275bf", - "095c42b3ef01c0f9ab96693526e903ef3ccf0d843776089d15e77093fa9d010872d65cee" - "1801f821bcce747ddc5875eaa462b00424e6cdf0995b87c6cf33c37d4463848a6ad7fee", - "0c4f0edd4b2dff4f9fd1fea5addef6d483bb51c27bf5c7aa13f9482243e5ed5571bbe0a6" - "58543c69b731de56b6b34de27795095b3676375cb4686b45d48010fe8c941208cffded3"}, - {NID_sect571k1, NID_sha256, - "a704a1428cc894f958774368979fe075353b56790555386e3b043dc6a2919b94a11c7f85" - "883f46b4d47b324d349c28c667bf9a000daaca1d7191f2a0fd97a4867aa9f72422134a69" - "0625408a9ea4b723704690b69152655f9e9dd5fa3dd94814d97dd4f13e85c3f9bca76949" - "1c2461fbd17e28afac00bfa81371d5039013da8c", - "0594fc0b7a5cc0216d2e78eeeb6394c8225de795f4b73bec48b2f4ede185ba622b59a16d" - "d3eedf8cf2c94f2ccd6dcd205f64c97cf1b7f1e34129e94b5129502909f43940dba0746", - "040271cbd3e0d73ac19b975559450d686ed67eeaab4175435b2801e8989966d7c5ba81ee" - "7d749e43dffa12efba820462bdb274a57d04cd7e92c180cdf555686c78aad58444d5f171" - "2907c407b46e93d4c2b12c967cd3e41320ea8535a2ff24372a5791fac9e95865e14d545d" - "d3627dcb4aad2350db248ef49469ff4d59a879a84a19d1c0e5d7ad3db432af927c88aa5d" - "48", - "1e730d50a9747c7c1ce2918fda7575bb81a74757cf9625d0f0619aab7f1eb6954dbaab74" - "9e573290406e599eddd7d3376dcb3fb98c116ed7b65729dd04ece3eab1d7b4bed52326c", - "00d59ebcfb30d7b27c87d56ec2fc9286b04b39e68dc49b395f374e19647bcc58f2fdce1c" - "0dc815cb2aad55cf863a4786efd6c3a0ce56c1d92aa20a19245e74550c17fdaf7a08340", - "134e80d63c9b328e02ebafb75eabf0fafba886f48b25206cca9086e03658ce2047c94a52" - "22a206c6c5a57ddb8f59c5ba1408fc56668066fef4557124c430cbd1267455e0b31a8bb"}, - {NID_sect571k1, NID_sha256, - "f8a87c4acadee27a908718461e3b45060ae4ebb009b10a15926460bf219cb7e75dc3a993" - "fb9a741b94e2fd71615c50f6df958568f452b2cc284f0516816bc0d2e2d45f663155660a" - "26326f63f4aa42a6e1cc8462a2ec620a365257ec042f55e4047b62af689592a1a072553f" - "f174dd629a4f51837780ca232cf479a68c1ebdda", - "0f000631106c5851e8ae0802b01e7a8a8540b427a8a3956a1d36f0600be89318032320cc" - "420931d825cc964e823745c60aad3437ebc1c91d32004472e9677605fb708e5a71a0d83", - "04034136cc7b8e2dcade5cbb9b3d0e0857c485ee791f862273749b5d3757d072bbeccdd8" - "eb81c67fa6927c1aa54d823193c370fc596d0d903214d7967b905292f4b96549b3dbc9b4" - "7d056f69b42b29ea82b9f2fc377e874b58ee785010bb7f5814907fb5531789606810b716" - "13a36035cd257864e414fe0e6ea353f398745df87ccf25b3a25cce1c78f61f5039d66241" - "e6", - "009781f5d960870a289cc20f6b1af56602e5e12d9a7353e81b89a90b0a9675686f155111" - "57d9fb70b82e8b2e25534f8ad22e14ed518e62a88f1ae21c56d4ab7763808851762d3ec", - "0f3eba5ddbb8c127419fe5e8cc1aae2239bfbcd2ab43a006020b96c9e7db832fb09e0bc8" - "87aaf24848491d4de935b78141f426875f7dcf2937748afb303ec5eebd01b6a82a8c4df", - "17acc35bd81cf24f983072585ee1e096459b408da909fd82b5ea86b77154ecfbffa7fe97" - "271f50b67ca3c29ce704b28186b831300db0aa0dd6147d2d160e4aff14348ba76e6f711"}, - {NID_sect571k1, NID_sha256, - "10b5438294a77c7e517ecfe8f8cd58d75297b14116aa93e574996ec4acb21837e6297cc0" - "e7e7b5861e862062f192f2206a01b1caf42c6d7181d02c7d62b76c2881f8479449b02d32" - "c6f792714d8f70f0c75e81c7d9abb996be87f5ad9a01fe42b75855558d5f00df392b62ae" - "0d258f3f67dbeaf07208952e679a2c573aca941b", - "1023997206341c6147c536d034a9c38b4012035dc2c9b7ef0bb9cfe65e7d788296f055d5" - "08a1fd957b2dc7f9eb10c27790f15f30d81670945e54a508c57b70b46b4a09f4c769289", - "04066bd3f503cf42a20cea4a55cab75940907f38fac7fb024c55245f02d72d80336574a7" - "2fb248b1b61e3205b31489ed789ee78d88e487db3f5a1cd48efa1487916b8707e72e4be7" - "e6010b6e4330af0270abeccf0901dad2f8f64f4993ca93a7c5281dfd71c6ec405f9a9bd7" - "8008fd22fef76fb79e20a571df16c4d97244c7356e3ad16cc489d3a9b2e3fdcd5f23b48e" - "26", - "09137bd8436dd126924943e8599c87f64564297117766580e6344aa3c02056c811fb996f" - "264ac4f8f0cb33eaed5ef8f120d43a1d2b3e5e34697765ff9db4b4683ce5c1596d74723", - "03b684a66e92d352847f63196181160db3de7a304b6e43679340eaa9fc828322b5b9c16a" - "1772c981ff0febb474488daf998d4acd867e78019b61804bb675a98cef24fdad088afcb", - "02649a94d2bc243e997bdf27be7d6364459c38845c3bc8d1c8b549ad4689c8a4b4fd5519" - "3ac769b1da607dc96458e2f6abc602bb4048cf6b0933da6785795d04d10f22e439748a8"}, - {NID_sect571k1, NID_sha256, - "d83a52d43216fdb16b1b40469863ca8eff4df9fa358deccb5ffd18b3e22a9d654aedc98f" - "3dbdc4f5b4e56b4299e25d8a5a38d01b34eb93de382df1ae4d1c7f966e84b84c393d167a" - "ecc6f1192c4b42cae83748b1ee3d9147ce7de74cebd122695b455e8082f86e3e488fb0f5" - "1b3b7edcd579940d1cb9d045296e5e38f201b7ef", - "11ebf320ecf6a908ea5b868afb8e22246ce84e743e1076d6185ec65dd79043380708bf8d" - "a4ba802c3b93b8d15509bb7d7de9dc29f1e9fb0f0f2cb97a26698f955b1f7ef668122be", - "04038b2760315b0999f9629922bcdff65cfdee4938d4aab8cc3d200aa9c1db843fcbfeb9" - "da10afbf10280110c49f0c18f15c2aac4f39af35a79557c68eb6cf6afaab973538b98b0a" - "6c07da55796396e919f9b5967608af06bd01e8870354317e76bcb8597a379129e35bcb69" - "bbf6b38911a03c3076f7fbbe9b179e078b442c604519e330282f6f6c21aba515d6d73c02" - "57", - "1c219274e54a4c5e1e1aee3bf805a7002bbfe1c030cd4c8a1617dcea2a14b1d537a64cb0" - "7c5a1385edd76f3e4ea9a38e38b458d2c7bf8eb56a57fd33166bf59a8af2e9639106929", - "08677167a7ea1aec4de76d1c5effdb5a1655965850bd6498aaa4fb3fa50f213fa4d99caf" - "4145b4ba87e34797babfe614dce6ac21d9c13dd0fcd9802b1414aa92dfa18318c7e57eb", - "048d6161a3739fbb3ee1c223bc82a46255d10a86a605f6c8e1934b13f1a8662f30f8e95f" - "53848119c61f08037ee5a2440c8faa11a6b1800078ed476b2a3f4cfdb25367c8dc2989f"}, - {NID_sect571k1, NID_sha256, - "eddf5553ed4db6e8ce72cbcb59fb1eb80671c884ebd68e24bd7abe98bb1f40806de646f4" - "d509be50a3fabfa85c5630905ce81abfad8a55f4cd80208afffb9056bc67d9dd7f4660a5" - "f924af2a3745eec2daec39a3fe36131fe9eea444b92d31f6a125f12125159ba095f89968" - "a7028549466f41ad45668a861f671050d2a6f343", - "0746d5c824d78f42a1fd63d8fcca61f154ba3e75788b7a0b87f53e5420e23a935b02eaf6" - "7bace8dd8a8e7c1caee30154c2428e0a437cf12e235f41c416f92fb54528865fd4766d1", - "04063645fd3810e2458d15b43287f329c354b07324c0707f19847c544f129e4de1799996" - "f805fab7dd356567970e10eb21d875e8ee7bbce56c666511f9b4a4cca986683e937d6f0b" - "3e0595485c9a7f2a97fa7f8453df13b75682931fae10f3441042199fedba91a58c105df5" - "7b83d2a3911a2d34a2d41e451d0d2549b0a0a65b42aca40aaa618c252baec171da7937d8" - "12", - "0674788e75eb9d5ceaadad9fae036f129178fde1a584d73cf284acae3b4cbcc208ae7a5d" - "35aa473f4e1201c19ee5bbe685ff9218a8e2188f3428ab45bf09b6b600fcf81fadd8d69", - "060d6dc42329687012a93ffc5b846b4dce3df46ad12eb61437832f81f4fcdea7392582fd" - "75e701e106e5b83521759da6a22a21addb63b73783592d3f29347f3d484e05c19db148e", - "197f3b2d4f3e10425f4cb60dd1ae84fd8c87f62a2cc822342d5f0be4f0841623227c5cb0" - "f8bf83fef483a061e30ecac86cea0210036083a99fa1247b49e19a7f401a815cb68ab3b"}, - {NID_sect571k1, NID_sha256, - "3db94335f6d1a125309622c0a9d71bde1da09371f0285a93bd0aac255fa8f10a56074e0f" - "6057f1b1aecf2d86a2319590ead96a2ad1336fe844e09339b456be32374ba2e659fbe9d0" - "f2cdd83444d117d2ce3204ce4b4294dd05405634b84747ffb4227160c4e5c2c9da9815b0" - "c6d20f55705f16cdbaa13d107ae666d707ccbe6c", - "00670e72ac2de50dd2cdd975a6cdab10ac45e37ef7a28c685d77447051496b5e161f8b1b" - "93f6c7f32fce8ea05e94ed35fd7cb28c44bf51ea29cbaf5aaa31d6abca30a89430323dc", - "04054db4acd0815aa7ebec4f7661d80465c64f1fd4147507549352bc07dfcc6041ad309b" - "fb1434b60f73b3d61ebde91f849004d55257e98b6ebbbeeabe960f9429a55a36ff75c112" - "4e05b6f36f76b3b3c780b6a70bb8ea150e9cd6895ff6a6765a3516acbb4f5efa91434def" - "52dd0ab81f618ff28db10fcf39264be8e7ea76e06516335ac5ae33ba5393080f11418911" - "0c", - "0f74a0ec1a7496043d78891e308c82b4660606642ea669e4406683d44b79dd6e6a1b8102" - "92bcd6a9f59bcc2e590518bdf2e9224755654026d85cf2a3d9768d909278448f0d63fe3", - "047d808febc1065646e6a5608d62d1445d922084487a64e9ced5fafff2977eb3a7e29984" - "230946e3fc77a766820747122fdbbb9100c591ad7c9dd29d07efa2e8a43357e3c47762d", - "04dd6c8ce75bf2792ef227cd5a3102d30a9a31690ff5c21354f8dac9f826c86ebfaa0465" - "3f0ead103b1c8ea59f0a78f5d4e8eab597ec6c028ebcc57f4ce4103ac14579bd6e15166"}, - {NID_sect571k1, NID_sha256, - "69166ba40768d0a3930325405edfd85f3272f7b8e600b0b319f070274c91f9f03d0e6ec4" - "bfc7b4445e91b87cecabfecf5e77c7301ee3c6b0affca2fa02c92216698705eb75443eec" - "c25438db2d2fb4b24f4195d6b9c05c53e0868d3e58477100607ffdc31b18c40b4ad7202b" - "b034e58653daec0f6b33c024d42a3fc84bd8f86b", - "0369a3bb96f884983c23281bcd04e24a3e5f6359f81e3c8e46f3f6b865eb6bdf98a630e9" - "0646275c587e41b546d3ca7688cc207afda15cf9b25cf83bd6ad27908647f3f9de59de7", - "0400eb02f6e741b3f83a9dc50853828b8a6e0861ffc644162515a264730c662ba388ac0d" - "705f8b36f5388894df5c1bbc3582c85de141abb7712caadd2d616da589bdffdd9258808a" - "4105dbf831f450da6f8e503c19a7788c1317ebe556a458e2bfbf3137f986c9c966a14ca9" - "0344be1b76457159c9d70f13af7fe0013cf605010a8a3b84bc0fe187c7d93e4cfb2639de" - "57", - "0ce22f7f2f01355280ba2d2cda06a55771e66f598bf79c65171e08a98f1d954e4beb3ec7" - "7ab06ee60c5fd156a7098023558e3d630641579cc179739bda6d860f8ba1d5ef717ebb2", - "0ae86b40d10ca45c20bdb3db55a6dc12e9b75754679eccb44c40fa57351c23c062282e1d" - "a9e1703176e4b8f7f224982f2474494772a20269c43a18a7a03fd12d8ebb975b83ade0f", - "15ff7b34c3316d9e7ee3d7b48ebf97d98453ca32f3fc67fd08761d93cf34cfa5a2314fd0" - "752d263c3eb7cf842aeac395d41ad3c04c1a9d3808b4fb7489e880d130c35a26b702952"}, - {NID_sect571k1, NID_sha256, - "f64cb668b72f1e6dd026a478505c0eb33446ae9a2993bc7648aaed02e172fa9a0e05eeec" - "61e756ba246c1dad7e85d3f01baf734b1905c5bbd1b08d833c2cf1e079eca75b866d705c" - "407eea8618d23ebbaf269c7185984b3bd4117ecfb295ee6b47eecc8d3a78bb96552f6be3" - "14656f91caff793838226662c75cd7804b6bef79", - "026717b039df834855511815d5665ff9b654facab469390ae257b7f0eb4dfe66ea0dc037" - "242ed0c13bf229b8f7ff26da9b55fe4750d3451c62804aad493c179ae45d08ece5af085", - "040191a6d1ab9cdda2d593d5598a966efff829c04c421804c2297e658adc5c9a6092e146" - "b25c730ff7ee65cb9812ac9ea0c18dc6b60deda948b4b7568e8b8e14411a6969d7764652" - "ae03744af98387421d958b26971d21928b73bbf5b0f0ef183e9f606d0348fa715f153a60" - "b6c7991dcefead2ebb875d0c1dbd3665dc42a241c565ea0fb0e6349b4319c3de633883a5" - "16", - "0dcd28cdfe9028a4a6df1d41019bc58e4a1540ca94b717d258f2afe8bec560f3028e15ec" - "1e8bfd422415961516659fa2b006256745e85e488c359e8cbc94cd2592bbb892a19c45e", - "07ba5911415a3d21a3d98b400f61eb63ddda689bfff0c8c3ab83668b1e4bf8a703c853d3" - "585b8bdc29aa2fdc41d5e7534850f4656ec949f0a13fd18295b662c9829723e5a7fe3a1", - "1b027e38283d74c962fe0e7b58dfbf5e21ce1d9c91651bc98284008f44fddfe4cec94419" - "94e690d72a8ff3ba2b538718aa678e7de046b653403f3b7c064ee07c9c3c6d23e1b068f"}, - {NID_sect571k1, NID_sha256, - "51ee0b98eb6a3e3c1afcb35a33697c048dbf61374629ac5702a57801fafbea4d6fa5a26c" - "9d1b79d1c58257ac0106387fab2d4a1b7f8c0dadcbe7c830613531b3c209bc17f792bdba" - "1c1fae1b7528aac53dc86c2094b40194577325c05d2258303a2d17c854e7449489c43991" - "b6877a50692a6340a528a6b188440ac0cddd4c4b", - "1d642f2d393ed4abea37173e4a79534af87adf534ead4a0a1c46fb047619221e3577e6b8" - "bcc776114d01159c736ab78af3e53feac339d7afe58be8e7a8ed290f1dad960f1b5de94", - "04023d1ea50229b70b46578df6904fd528e9930985426eb2f1ce10eecbc0c16583959483" - "80c4047d67bc4072be2a2624d62a301da41a5265f040642d1937fbbb7cbd205e1db85b86" - "850625c82ccff6047b1ef4b08f1913f7366c4f6c0312c21e5ab01b598d1a9618cf5c22cd" - "dc64a4732b477dd5c06e332b846c8015a2e5a195326bca46c29cedcc2f24d37ebdb7c2ea" - "ee", - "0c9066831d61a4192ad9de23efcaf578a5d5774960a2b3e3e292e0decaef62d1701b86ec" - "6183d8e17a699d418ef9d084b982c97a55bd76c8b038ac5c639451096ca4d331f070ad8", - "005778acb38b1961195d38463abd9c19d9e07dcd997f19676633fa3c44caa44ad1a9bd63" - "435f3138ad8f22a731e749a81161c5448eb462fcbcd69ec2255cc2923ac697ed319316c", - "1a1aa90113952608dd17dbf391ed56231ecfa7d649f3274774ed2b6034a2207c05c6d8b6" - "cec480ae27b58495a50b1e5b74a17ce6cf2e43aa273c2b813c0e6c79976882b7e4b1c93"}, - {NID_sect571k1, NID_sha256, - "feee50aeacaccb6b1c3d95c6524044edb78322ee836d8159c4a4c2cc6982480567c4c6cc" - "4806a564876622266e1ebd45f2f4be851b79da025bd57d0e6acce1ec1c8c255eb89713a1" - "e4897d4ee0f7a248b9d4bd3ad5dc0e57f60ebfb65691e164bc908956a019083e923cfd33" - "dcf37c735af3462768a1e14a8051d7aee74d5228", - "08cb70be29e83f697a3e2f67d86f1c1ec9a163b5335cb4a06004b6634948bf60b8ad9df9" - "b27d2bedc4975265ce44a7884e57082d521320ca4372d38fc77b18d3fa05ad8aa5c43d6", - "0404c042bde9e90b38b48e60551d832a7c80377a81e8c5b010d0e491cf765c432b5edb07" - "71aaa5f672edf3ba108dc71459d245ad60f3884b8cf33f8cf797f36b20e4be39c8389e66" - "b4075f2454c41c0323ee1a640755077d36a65be7c2a014db36719ec217e21a9c004bae5b" - "efb499bf6be67e82d3da70475abf9dfb751c84c409fe838cf1c6ae109d27f24d75c02cc5" - "b3", - "186f16dfdd7a71f20a5e634ffc465356914bb52286d3d5ac00f3ebc02497112fcd592e1e" - "cb2ebbc819e07ea092e465e66f3e58da7a2ddd41c8787f57c135ba4c168539b4743c3a5", - "1c2140d294fafe3d9effb33ce73bb7e5485c93c7aa9d33b7535c7053831a1dbe79075713" - "794c87e52bc887ded969d2dfa6a1e2630cff96760310e04cd2a75be6fa020a12fc84d3b", - "110aa165707b7de1b3a8e05e4502701abb5ade0a27deb04fd93c6eb24ed2b67ade6c49d7" - "8e874d25247e948f704d3c5b925f84c5b07c9b289c4f8507e75d0f8927c6dad6dbce885"}, - {NID_sect571k1, NID_sha256, - "b115f7370d6a93a90fd9dfdfb292956be34b61992ce1fa5627c5e928d74bcdeea66d4040" - "c473306a0070fa8363c4303bea32f73ea3639b5c6676fa5a1d68a2cc1f91f00580d7453a" - "23ae70af4cb1f1657aa82c5b305374effe5d67d559e46a6cee6360503d21070506f1af30" - "bb000d2f2f85caa6465810f89968f33abae81cb3", - "1eef463771f9c6285f3257691dea0844687606d4dd00b6020517f190891cc1be97cfad21" - "d147ed8881b5a6e19b22ceeae30e1132476325f2de0e9af2e14c80b8c780a9d2d6c96de", - "04024de3ebe03d2d91b88794a77635aae6743e597410ae10c356a51e3af88fa7f9c4d648" - "c7d1fdb887c8313914ed554eede282b24a2e66aeafcc0cc96907bb2f3877eeb97df491be" - "f301ce1f9fd4d7d3870997f34f54f2ba8f08ac94ea94f74a766f2dbc02e4d5149802e313" - "5a2d762e3b8abb01461968f1e88cfc8c7fda49c099e392e80d57f0c14de9c4fa1eea2573" - "2b", - "026b545702baa340fb6d1bc2bb96f7fb1a77a2428cc122ea380a258c747d4e0625bbf4e3" - "dbc2ca2f15bcfea92f2417cd5d22f2bb5f38a9ba313b3bded506d3e570dcbcb86c2debd", - "091c162d040a12f08a416296a43501d92e2ecd6be302b5e1754b9ec119fb8a572626c509" - "855c7c868a07b263f66070ac986f95e4c83150a5a492d5ea8a7f8ebf556c17ad2bcc996", - "00c217fee7bb202d6399f6b1ae4e5811d9361573ed4fe1b3fe5d474cf06d0236d59dd358" - "0145dc0bc7632c721b6463c69490a67d1be1fae99e34318af6df939f9f7f36a9bb8d5e9"}, - {NID_sect571k1, NID_sha256, - "726782eb0d9720daa64e4a77b5d8dd67a1a193f15eb6b5162e3d89c925ba63b7c7e1c4bf" - "c8d6f11915b0e14d16ab53ab015317bd5958b0beb6074199e05181915496575768d026c2" - "3e92e06016598de008c3718aaabcda8b68bebca0a73ecfc7327e8d3646106b7d114dabc4" - "6cfe56265c326ee56fd2ca87abb5bed8f997c735", - "13bd452b0880b101df1aa65724fb60d5d85b37ed5419027481661a3617e0fb37bda1151b" - "9b5b41f908ba832011f7850b75a07b678e5b8cb35c5fc8b94a625e4398cd5ada2b04cc9", - "04031d88b62d2edd5f6ed29258c143bbcb3d29413afd8f86873698a9efb8d2021186415d" - "301599232989a0df5ea91ca222c5781314f200c708de30751feadc277d50e64842dd355b" - "a501c76f19ceb1be48f5540265b8b018da62fc225cc0d2d1675bf7df71456cc8e35b002a" - "220e2e80691600a2c1ae31e980d0cd22b4741c25bfbd413f10b375a4d8adf70a65c48ff0" - "06", - "1b9235221a6df49e39b4cde6650e994f624fcb5084daaa62aef54bc154949f4da9074636" - "c44f50ea40da1a3f01bf67e9b62a725ac0537a4e37ba33fdea8ba8b2286bf82901a933b", - "01dffcb5b5eb23694da4978419110ed2bc7961c571a2e68daebe21e598c8b483b34f3178" - "978708db6d78455cc1fb4f73c5ab7607cbb4f05d4d008c7bbeac88562fdaf7a370ba394", - "057018fc97d7b16d69af2b7dd4a859f09dc178a6025e1bd6839ec7c75c0383c59eee7079" - "fe61aa6bfb3e2c780d4ac0ee074e6b13223c239aa60ea1187ca4937864f89e2c65056b9"}, - {NID_sect571k1, NID_sha256, - "1c2418243fcd89c6382b7c3b2a8c341f26d08174a9e9296c4a5c98c5793a0fa48dce51e3" - "0811a96b515aa22bf9af89a43de06d696be1e531c5dece1f69fa6ecb7f20be063c602a16" - "454ddafb14385ae3f8246c3f989d0566e06e7ed1864502896ea19df8393259c4dab3b338" - "0a4a80b4103cbef4f38cb69198b7cf74ce94883b", - "1288141ec2244e4bb3f62daf4ee588aed09ce22be55e3d42e9085a947c1f8cd16533635d" - "170bd64ae0b417346fa4670c25d41387acb2a8e14407a1931d9f7c5358a14eca40974bb", - "0407ccb7b12a7d6997ed2a11eead3278a3f45ea284dfda8e17f6d926ddd6881a44d02a0f" - "7504dadbbcb0cbd6b85c113aa0d3b4efef1ca151cc38cab1aa8360a6d22e3d6fbc0ed980" - "d3031b85dc2d2096bbba6c465629ea09ae3421cacc5581770ce3479070f23b3aa938333c" - "7c691d9cb93a4533b2ce389ae34dbebe8f333cef530abe17cd21448f701608febd42d9bd" - "c0", - "1e411ab53c48cfc1ef9eda97002dc9181a78352de13fbee3bed86cb00c10e7406033fa0e" - "a97b50764b0eb2dc6eb8ea83e47bb3150ecb9437179c124f15fac6ac19b0c8bc324f171", - "14420d78f2f9f1010018848b0442ff6e6203c1dc06a4d523802190f462ed3c11c7aa7678" - "bd03ba27df01cacf4121309551877d3a2bbcfee116c59926daafce55a4e0a7d69c5c938", - "16de0b369c28ffa0bd6ed8802a503929cebb5c0a4bf0c0e99b14659b48aabfd08bcb64bc" - "2e39855d7d514d7525b3c4dfd2244f37019b5f86254cdda599bb144c8fdbaad5525cfad"}, - {NID_sect571k1, NID_sha384, - "1de4b642ec7220c64b91561caed7832044d6e811ac909f3b199cceb0d8a7db91bcdc8014" - "12044f5c34b355b95a2c6170fe497f6d5259bc20715a38cb0341c88e93029137e94d895b" - "ab464bca6568b852340a5c5d6a225475f6eefe2fc71ffa42f857d9bab768ccaf4793c80c" - "4751a5583269ddcfccf8283c46a1b34d84463e61", - "01fe06b94a27d551d409b0eb9db0b163fadcf0486e2a6074bafe167f9a3b4ce8ac11f42c" - "f72f9a1833a126b9473163d29bca2ad139dd1a5e7fedf54798bf56507326fae73a3e9a2", - "04038d4dce42bf8fffc39a5b6583a1a1864de288ef8479449d599115bfa35b37954ab288" - "ffbe81e69d58693e2c8c81639df12e4b36f62b2ab042e92a0715b518c63d0ec630051d4b" - "e1059c72c0bfb0ea1ac5e2fdd4fc380d08037a3d0eeed4990ff02e6cf5a16817ea598085" - "e28f8269da86c547e7b34e16a06724ee73776529c5b5dea4ce3321fb168827ca1cbdf885" - "6d", - "0a3b18c8c9f17badd123c674869ff428d533d2ecb8c74f9784220be7a90dda591003df52" - "59c5dfb612ac7398aa04cc9e82863eb0cbe66b6e7f45dd15dad252f74a538d5f4354c96", - "09c368c80f697c1718c55482b2c6c5c0edd7257a3a53f7193515629aa40a9716cc889d41" - "c120516b54f3a106a171082364886e5d3a1e9482a103f072988f61de68f034d658bd976", - "0e782ef47b250f40c56e3ac4de112347174bd59fd4cc991a2b538ca90cdb222d048fec62" - "e2773492a1d327152d1d6591740706fe2f8e1d65de888d47fdf173b2645813ac0fc3078"}, - {NID_sect571k1, NID_sha384, - "70279be7d7ac72a32606642ecd81b5d4d0f95fbc3c0b07d85c16adf2788601e44dedb8e5" - "5e0f9e0b4ca3ca35f5be7511b0e69224a05204af67aae11ce154af6d594d47f6e3142ad1" - "83969544aa95cae1edf42bc699137f60178c12b10a67698e37ab9f3edbfb3acdf1b3513d" - "62fe3db33b16cbb4e1f9dfe732c107f9d0c953f6", - "09cdc7e4945c485a41728f83d5188f539e372ff4fe38fffcaacbcb4522428e4f93ef4972" - "556f4398fe17bdd885768f0fb5590df495badc794d4d274e22f2f4a2535555922fa43f9", - "0403c6f046aa3007ba7f883bc1e0bb43a9a0a1daecdea3e2b6c10b2481d11a834af241d6" - "0cad7cab27b677c9ac11f2e5b5226c0a3de13029229af00e5a092340af9b230e0ed992ac" - "f406326ffcd62e1a68b63ac680a743130b1440bbcd3966207dbc8a8f4336eb6a7986aa53" - "cfa4fd7bf363b30706b4fae01568020b41caa70ee3d51db982de66b0ee39777da3fecf5b" - "01", - "0c717523a308418eeb2aeb816346b74149d56b9620774cab582f01681bec73adb779bcc7" - "462fff35685a4e1e114c8fba474c68fe2650344fc9cf610908966a9dd1779f76bce0cdd", - "0061067f377bff6a9be30c9c79d8abb7f54cc8f09eaacdc190beb27b1e6d297cd32b043b" - "31feb49958745b78e42ac074b8722e1a7653bf03611d87c44fd3891ae410b23a2140b83", - "00edbe756a5dc78c8a29baac9e2059154294e3adac9a5adeb7b27ac6e4d4086821cbd554" - "67266946ed8f6f03abff35b59434afe84067c1daa1e0bb62ee7c56b85e7f831eea99047"}, - {NID_sect571k1, NID_sha384, - "4d7e0ad520445b6a5cb46b7c77fbd367614044ae6004494c2b3a89089287e2836c73b799" - "cd8c90139eac427ebe335804c3788f3728ffb8edd7f49a4bcc76a9e24ce3c2299cea88c0" - "4645b82033115380f81b0c1d823e470631008d350cf0c0dba1915519985b8a389ccd8c80" - "9dbd5bb5051a79e631916e0d052d9b6cca18e0ef", - "02bc753d007c4491cfb8ce0a6c96455acd16d37e02c982db216b8cc1afd6d10c6be4e15a" - "3988b8b8b86b2b5b59a5c1939889024849317f27ee08a06bd8e7524d4ad83a1de208564", - "0400ea922b09e902ce3847f14d3b3afc5562dddf15811cb2e7b9e06e1b919d795f8451a3" - "dffcb92b418d30bbbd1a7ccf827ea0f1f6554387fa2fc51755799040133d7a655c7800b7" - "1301f12439a0c0df9f6ef08e89eb1a62e2cedafc0460030810b2483ad9427c48dc061e46" - "40ebbd9b4a398841c863a6e3d510e5c66934d66b317b1640bd05018a35677c6ac2c78397" - "06", - "0385f9caee4731627276875dd8d725fe79626c18841562e8a13fa7531c7be9adca565c22" - "459d519d643ea22478d7c51b4c286920b050bfa54ab7d42966e389c485b52cdb4fa1a0e", - "02ac84262fd121bbec43e81021c0f0610fd2fc0b26d66581ddaa78714ce58be469652838" - "51241d792ad6bc79af39f09d2d4bda83996ab41f1fd206b8293cdb6c4eb9d96f39efa25", - "1d9c9bc330adeee8f58ebfe8c1ba401d4433efa04a44185b0e8e20b634691bfe058770d0" - "74289e636af3e96c118edf31d72b5766c30f6fe84ade42f284fc7f2707bf27b3a309638"}, - {NID_sect571k1, NID_sha384, - "d49903f38b5c9b17542310425e59377f61f5b4f4740cd97371ee2116083f7758e69e7e2c" - "1b0950ec6b76f96e3c91c721d6f2843afde8c7505a559c8a64bca2e665aa1131b75bdf86" - "fb5b90581c7d3b61c2cff88f3fccf356ddf5ed282e27727be061b6925c51ea7f1a495f47" - "1dc8a5ca1a88bbe29e92338d3c9361460398965a", - "02082c6e61d0d72f040905d8c1c20d47b029f41ec68d6cbf43ce97c3b2a0a770557a33cb" - "803c432cfbd3958fda30ec1bba77a6613c318597a85ad02b26c44bb77ca96d9cc1194ea", - "04059ff339d505b307e05adb45aa314d47f2450e1b1aad840b5550a67c11940d0e786547" - "55a8e28fb651e12e48c66cc1ce0338114bc1ffb00965b342ef3a3caf495f1d73a69c3f3d" - "170724e9474e6de57b9f8cbf6f6bb4f73f5769e6cb0e006a34c2510b379995c9e054cc49" - "81c709ca85a3aebdf29090ca07dce5bd3c313c6153b551012d72a8f84600350e8754bc4a" - "bd", - "18d65ca6c2ef1fb32dddfb9ad4603e03c7cb1791a9ec7b41266cb68b6048aa111f5971f3" - "cbef3f0dbb9ce409b59c31cc59bd6f100ee5247f8c36f26ca77cb252331fc3be7346b5b", - "12853f9d695b8ac4431c1ccc8498f3fc4916eb6a5e66b3795a3693f3f5a29ad13e58dcda" - "ca5774f1f295e2d2d3c63c69abbcd9f388a3383371028fdcc8bd77f7554d6aa3f0431e8", - "0d1c324afdf01ea19e9453d2b7397584d773716d6a08b6e38f9a9fb104122ecfcc9de7bf" - "1e5a6cfd52a08b7cecb002ebc21798d474f035fe7d4554bf632f237bce14aad88b47d4d"}, - {NID_sect571k1, NID_sha384, - "0e3f4afc3e7b25c1bf2d98098a5a87db1224d9bb45adc6e434732b8722a708ab80a1f3f6" - "ef3c5aa70d2e1dad3e4416b12cc59171f05736c4b58bd084602c344f2f0bf3cfdcfe04c6" - "4e87597a99de23ded64b33607f7c273ec321f6462518715b11e91361e89ce5415bfc2ef5" - "20bfec378244a3bd2a4b9b6b3d68815f2f75baf6", - "0e298c93351323e2c5304015a4878997ae4e79d1c32f1dc64262e534d4f2c4b3e222356f" - "fce746763373fdfb936fd330d3214a18c07f1205b20c9a941331cd676040ba1fe3dbce7", - "0406ee4952a83477d89ea05ae63d5169cb0f7c7ff22f15728c6d69dfb30d1f28158e2667" - "f9342cfd9b32f2fd537dad47c190d82f72c03043f2a9c5d97cd09d07ed4c35b961040425" - "54026d5935dcebc0ed5a07b7ffa50de3c8aac309dddb61b8c560230379696d81d72bda3c" - "819c46387e7f026b384bb0f7b2ca90c402bb67b5e37d343cc21a8d1a0f822dbb2766030d" - "73", - "12d23969d230e0e2712f96b11e196202dd3e6ac755c824f92b9c765e3fc808d4e7236c8a" - "3c06ca2c8272c7ac953fdb936db30d892246cbdcb7f98c43177e1c30afcc162af511364", - "022f6dff5bc1eac1ef568588e2e512103cf56ebcb610e124a125fb004064a28291c19e83" - "ea08171bd1b14ac729392c7c46354e795d63e3bb087fd100642465efd817b79924408a1", - "1785e1fd773446e3b90b8704cc2723b8da2f99d1d699e817c3c4622015d178b0cebc19b3" - "a6dd972f75eb3828a386973c0a5e67ca192d69f1a84c825d1253f1062a990c3f1a947c7"}, - {NID_sect571k1, NID_sha384, - "8fe32671f6927272fd3cd8dd4e34d44d27fac8c88b41bf9a48039e914990bf06d1633b38" - "b9200ce1c2a275b9c55498e5da2d0707322c3ea0a0fd7aff598fb801628264e13047c800" - "8153e8595a0dc95d54e70b882ac2ac9314d2b78e7b93922da818d7075215e354708994af" - "66958954c92c074d132dbb2488e5a531c755a8e2", - "104f4ad56594c5cec2a988c5596d73adaa5a81802b40110dbae698ddb1f0b271fd1479c3" - "8abcdb9b234e69cd0da8a0328d2135c287d5b130a09fa0b899058e7800eb2dfcee95c1a", - "0404e8151aaf2aa6a6159622baad134be41c404982bb0101e820eac8f0a52166546c5392" - "7d9b419604e9b025757eaffac526d4fbebde5fba0841c6812dff2e9bab5054d4074a125f" - "fa04413639ad72d6eba870e1760c71966544f3f881f88880fdef1edeff47cf6c235e8dfe" - "f1eb1d8df51f9c48b985912f1f70b61fd3d4b859e052887560872fe6e95db0f435778d5c" - "4c", - "0cccd1bf3424d8bb0513fda3db93e81bd34175d84aefafd26b37eda9e767618247bdc94e" - "d2b1882bcae4c83eafc30a7a4a80806fda10a5e70b8827287eed8eac2721939a63c2175", - "05b1460e856548287683dfbb93efc869e80333a9ddcf292e2fa3b3c8d430563a01340685" - "c6db1059aaa8b298c8db9e8281f36e3a9664faa17f413cb439ef24cbdc1a4d58872ff6b", - "0c6faac191c95738f7c6ad0eceb035e5d22ae85e4bd0e27f2e65ab293717c0491be3d1b5" - "ace80f4cb4bac7e33258706010c2aa48d84c9e39c95e30805fa7669c42bad84386f7754"}, - {NID_sect571k1, NID_sha384, - "a8fa01136a0a78313a5d160c32fe5d1805eeb3730c18ca0c47818e82c48eb4c9e5b2dfe3" - "ee5facef9ec59b68f4e6f3213f77fba9f8ba06dcde546ae348d343233883894f4423331b" - "536f62373a495852977a51cb192cfbec04b5582b4ece69f345979e234de32da7a120138a" - "057a7119735c4cb19099bf48bb202e7ffac04def", - "0c4989bf33b3136bcb4ba67906eaff2bcbc6567635aa4b057acb7353ee87ba3cb4cb9838" - "f8f679729d5c6ed98e6c4199cf58605f009c6873a1b8321f83cd3c0973b7a3cfd9dbaa5", - "0403871c7781f2b4f653f0d49a224576bd1e5363d5171bd21da89f590f49fc212d8a57ac" - "8a140d923c2949ca287bea803afd763f15f909c099a07297e8ba1b37c70e1e8f0fd1fe9d" - "1c05806bd5b4858ba0814da2167d232d55bb5c41ea0a36fb28a0a151c1b79b22cb16613c" - "cd9dbf92174e42578ef88f4da6eb44918acf427fb7e4022da3376243e75410ba6ae012dd" - "fe", - "0a9eb767077886c48bc54503a0d2d62f0192d3581bd9ec253107092c22f68a15293d7c3e" - "7aff56282f0cd35e86a2b3c55c9eec079201d99b5f49946780ce6aa18b225c2dfd72cf8", - "03eec6ffb390ecb2af4f5ca17fa8a7fd6938667b319f0f61e5c7523efb77afccddddb511" - "4ca8c461b1c28dfe7eb85ab156e24e891cc6f9511d703e8b3c8443d04fd8de80f5d65f9", - "10cf3156cf71dafea6a0d6abbd503d72b13e6a684076ac900f390059cf3fc325966b3548" - "b58e14a82bf291d9689783b899db7d4baba524b0b63d31f9900a84fbabc2ccad95742f3"}, - {NID_sect571k1, NID_sha384, - "ba2d83b21c783d6ef2f3b7b10e910a418a9b9f49ae0fd37990335b3a3d15627846c9a12a" - "1f31a3d0e062ad1bec5650606ed4dd06c30e50c1e8761a29f4ea1a20f74635d5dac22e5b" - "787ac10f4ee82b338a641484f91771c128c84d31cdab0a6b9616078c898665655ee9dd4a" - "e73d33b94bf091b064928b959623aa71ff73b4db", - "1a96f2ad56e31397e236cafc108087479c9823589a5fbc3dc7488d0e5d1199cf245d7f21" - "f524cc0e8b47feca14c93fb760e631434a91188b32965053942f3bd39b3714f9d6f1a11", - "0400195bfb66e20ae295cd22d59b27b3880a890fc44ef5c720b568bf7f72266293841dcf" - "0572063a96c62736d9d4a9cce31b10c03016305a409858a79070477d3e989481ec555c81" - "460491122a199176e2492e07fae4ddbf02d2a40a21bbd99b8f742b546db2018cac27fb4b" - "1c03cff55f61b7caf13b0f3b097ffc8e1549eacab89225e0cf1e96b268eab7f9a1a69258" - "f1", - "097e28225aee5bc9a970a150502dd14bee900d3b040b0da9cb52f5824e66af46a991bbf6" - "423fe1e089cba47593af555b07b45e47b0f4141b0412ddf6e91153213c5b8645ae7bab2", - "1439928b55917e93d59341532cd1f9d09de1f6e0d9a04514bd4b692603f2cfb75a579301" - "b39b8cd92fbfc8832839691c23e0ad3efd3b4c7c3e9a366c1554c6dd13c50dd087b3055", - "1fb432e72be6fc524a7106b21d03fa71852c18c67edcb8b265db3b144214e7e6d10caad9" - "1f81616e03ae7913fea1e8d11e90d54b17705e8d04c8c20f0f4f46f117cc423ca178ff5"}, - {NID_sect571k1, NID_sha384, - "ea2d5f4e9797bfc2f33f0fccaf530db2bdf8abcec00f09a0338eefdba318221ec0e050ca" - "d1a85c3f76b784c6e8c18da2b062f333eeff18b7b781e67d6d0a4368b8231a892e0f4103" - "012348e5df53ac745e4d34e2cd1ee9369f97d4801ff485fc144b2007008036bbc07cb1c3" - "02a00054b54f3713919191e1d5052978c9c2895e", - "0c08ed8e0e0f8b0d0714b46a2164b933f8147692f18da97e5a108c44d5a5cf221cb50536" - "e41832b83bff4026c6df156386235cf5e3e9a67b7cf9b2fa7707c5e0ff33a91601b8e34", - "0402d516bdd1914c83aec1cb242710ed79efa61cbb31dcf8d238d8f5e089158b2ee2bab4" - "07e01996a1621b1a869a98227c12296cc2a71c1ef2d0f26bd6614f2ac77008048abeedaf" - "cf0151474bef5965c455eb95ca2ffe1d589107dc251d22635f4a9fc7270358b64e4d2b81" - "666b60c4a5c49902b0fa9963197b22f90a09cab97007842816f64fc49e351710db849800" - "32", - "01125bde6086753b3bcf29b7d5a4fb0a8abffa6503b4f0b39960eba226062bdade57e4d7" - "3e8c1621792626203e83fd5c231a53b0ce10890881460802788d481f233466060f73359", - "199a1e40229786b966592ae6e275874ace23d5605d0c3371a4f9eca7ce4858927958bc1c" - "2780e9f2f79767c1c72117c79c408f972006841cb621837ac002cc6510e0432d99a1f64", - "17f4e5e23e494ef149e4abce2d8a1ab10e3e6c2cc93998fc63baed6565ed350b220b2828" - "55e2824f398ae76b8679201b43450f62237f6fec643ea659e6c86abc24a63d82d9bf219"}, - {NID_sect571k1, NID_sha384, - "b2293b0a09f41decd9d8e637b1b08c2efe612f33c9c0beebb6e05033c6103b958f8aacd1" - "25d7c810b4c287349f5f922d2c6ed554be597fb8b3ba0e5a8c385ed8ae70d5ae19685298" - "f20e8d844fb5ad98db12ba7e5f45baed9045c3e86b3cac9bd55b614b82fd075954fc59bf" - "c6124cbd68edae988596575f379d8921b594c75d", - "144090a0ee38cfa21fabcc24d35139a99656911ad4f6dbffb77dbe74e7993edfa9fd63d2" - "c4f6bbdbc8ec21ba13c9f4a3576b5d6e3abeab5af5ac81b1f2bb6d4c42dde645d854d9c", - "040208729b3c7abadfc221cfad8be642588d5d1c20989fea731cfccef25886905e4b1e61" - "cf9548d89c24f5706f5243dc8aa7d5b2675c2c6d2755ce6a12e5b12c28a2cd9c597b7dac" - "b303db73ee445ffc0f6c77467f3add3b1e97061117e221687f5589a030f5248bb959bc2e" - "d98c9fb66da8679dea3949b77652dcf83ab9c50a00f6a9c22bd8d16e093b2deca4b0c759" - "6a", - "0adcadb26626eb9f8db9ae98c6808840b65d6f886a3f0c45f0b993a8bc62bb5c08dcd879" - "40dfef4f220f5e50234fba3a55e7127fcbb967ff78ce4fd6938a9bb653747116541cb85", - "18f7fb6ee028c3dd754d6e7b687560fa269b5a5fabb1d98529e0a27dc66bdb1ed79b7b5c" - "64fb71e767d9497b9255f26b8150b9903caedb25f51594f5b7ec2870515f701bd68faf5", - "09ca9519388402d5d96dd9ef2d4ebfd0ebcfa58bf8c1970d04851b2409671c9d5e4aa833" - "555df374469a4d277aab93b8df8d553399908c930f81c2d9769f1b30a13f61c02b16852"}, - {NID_sect571k1, NID_sha384, - "acce54270252e7d9e983c08c993cd6b7e3caf482a9149036afe4665bd3d0662a68180471" - "87872862d5718b8ac063477f693caf1a9baa8bdf2f36d411a796f2b46ab56f66bc949242" - "29f8264016d6769c85d9bbb7d6bb042fefdb8fde1be026b86af2017aacfe38c97309b468" - "9b23fff94f1de880064f1d3ad9d74dc804c41f41", - "1df26b672b2e3617b6b6c631d3c6be0cb49c0a690de49643e0f416215bcdaefc03fa9c70" - "8471f1d87476d58c8f147517ec8a14aa945ef001fa01984d5c3d81f7083ea500558fef4", - "040767ca8fe8f3a7addf01b230b99499b33c83db95db05e1956fb1891fed60406865291d" - "79b0daca0c307a3ec8b1bf2ac2cbab728c6ec65c013e01775ee21a29305e9403f72883a1" - "3800acfb786b09e5185dbd8abf831d12967107dc57a040d7c800d904b530eed1e19a8e52" - "e653fe8bb824cc424d7254532d0fee62e8ee7ce8e871cbf6e4ca3bc040444585b9a4e397" - "cc", - "13e5e47048122c8301258c638bc0f00f8f9646cba927335535f68f4f4f51f23ac5398ecc" - "21eb0bfe8fa6a2084e11fe67587bfa791cfbe2527797a4d98046f9df37662cb7e86a5a7", - "164b3500ad14063101b6c5ebabba53dc5acb4d6771d3b05a505e6a67727ca8ff73d996e1" - "329c0f6d8f738237ee0f0be415003e2db515ef93931e09bdd853b9497826929eac9e9a8", - "06b65511990c061a6d2a97fe2a5053c775ce2bc5471865abb7261d0436a04b79baf41a0a" - "852a57600cd4c6a114b3a8466f721a684aac2592640bc149980545daa271fa9b146f2fd"}, - {NID_sect571k1, NID_sha384, - "e25274ded4840df0d71d3369007118f002b83e2d375c78f7e29ade067db15cce21842611" - "f3f015db2efec57da77cb9d16eb1e00a8c1444d48dfda569e29fca1ebf40a22fc646a9fd" - "44460f0e473bde487634bfbdac2c312f66a1c2982c6fe76c54ac72b6c8cc9345e47cb319" - "a974b3cc4bb40634df74b4ad7e18adfa9a71ddd5", - "189918b832e9fa30161fdd927bfc267f6405335df3d66d225e17173af52a671138883bcb" - "94c4403ca3e001fcf09ef4c6488934d6775af2b1da30a8f331579af2d0fbb530298d8f9", - "04053e6b43c0551f32b7b34467d188985600c5c0ed12448f2e763609f40039f92002bc8e" - "70d8dd3e337c3507fc996a1557d5f2fb3132507e49ce653482cdc86f6ca5903b77fa1619" - "d904a9ac78a2c23be0841b96cdb1d55862e4854b530f1fa3f469ba9f7185e3f91c28d03c" - "27d9666345bdbc7a44764595b303f49cc43bc2d0e944862913d280273cfd00e15b6b55f8" - "5b", - "0b47a185140b583c330c64a10d50748e019134bacf153cb4a23753f140a4d607d5771a8f" - "0f535f9c35baae5ab6c37a55f38acd12f15be18d5bd9662383b30e4d0ce487e8cb553e9", - "1a2ae62cc9560590177aa544945377ff6ab1b34e7e32a25140f99996c130e17001563664" - "7756a5e8522c936eb1389c206ac74c012941269165f3772373047521f69510c7f3e6acf", - "1d86f4a6ab2bba7f6305c2df754652bad40d7c273ba2aadfbbe65c07ede4ac0e65fc0a37" - "a0139a6ecab296f58c6c2532701bb008bd9e1ecac2771d9384aca094537fcab47f3ef06"}, - {NID_sect571k1, NID_sha384, - "d8a4aed87c316012482819b03a1d91691f2ad11a2f46082497ea8f64880d686891f7da55" - "0b2ac17199c657d4eb9d04d5cb8eaa180f743b87d23b1c86103f9e9bb60f4e19f0ff9d16" - "0f180aed7735130c03adb62502e69be5c624ed7bda2301f30580ae0921b02e103a638f56" - "23c02c186e3bfe6ff134c762a2bcac1f879a9353", - "0bdcc175eca3a399b944eb0334ff33c4fd130999c8ac0e7b52ac5b774fbad53ccc3a3102" - "4f5262b2eecfeb2104b14bb244307effe3dbe8ed25686dbf46a42c4b6f8e34010ad826a", - "0407ab1a9279a8408828c2bd21ae6c643ad82633d636d36fd91498cfee49c8a635313f56" - "993d02cc46da3f5b78fd243516cd23c14a4c8d79cf27dfcb05f52f0cee59cad5646a9389" - "b80799beb1ada93a48819ab70b74c36d2dcc3c5cca1f7a57ec58e643924c3ceb7a90c9cd" - "9bf7ec762a2c428d16ef431a45cd5d069cd828601f903cb0a28182af2392b5ad12ac3a24" - "c6", - "04ad8d2759df82dd70ebe9f3402d3d533a1b4635dfd0024deeee52b32373550f550b9fd4" - "126aaa6c3a9b1f352c40c86e13f78e259abb17f85f0041e0cca9e2ae59f4ee3ba2fbc83", - "1cf9ce41dd5dbc3bee9f46f82e4bef10cefe79a87e8e00d002097045b9acd46364560e0f" - "d27b0be6655e73b5cff272c8764b4c80ce0e1c91a94b8d05209a28b553f589ee2fa1b11", - "149fe587b144c37df2c48c2b7749c509421cfebab734003e51383cfb773c3ef5a24fbac0" - "255cb807f5b95607121c5848d3f9656227b61d5a14042351de084d9b88745be242b6158"}, - {NID_sect571k1, NID_sha384, - "acbaa5ffc4eee0850075c0e502a70cc7a897a919f5e7bca4e798385601a26f411fdae546" - "6ba9f6b6d8d7f819a749b799fbf4a3bda9105063e74914e8583ed8b31ea4d22164bee6f1" - "4bf53afca269b901c80cb3265be32ffd4ca4bc4ddb83e11eff82ead6d75dc4aec8e5c67f" - "35d58a8a156cd1c0351abdccc0c5396c8fbe6920", - "007ab5a55a1d8ecb7f5dca2afdf9ef465569a4b0374716f604ad42a6e0271e934b09655e" - "8e2529784b69b2894bb399b02aeeae30e9e7ae70a2a8e56b9e775bd978a04c728e3951e", - "0402df88e368c8162c1dcea5ceee3a4c52cfc8d6121eb81c31236ba26dfd1874c61586d2" - "daacd96cb5ebc7053be57641bf53bf2651cfacf370cf470db86e1470bf285c7166c197e0" - "94030067763f9fa6a9082ea16dcbf53c2b6f11c9ba1817198e5a4e189dd98141ab682ba4" - "de0b3f873ae54efc080a2a03f755efeba3c0ade8ea67228b1a5a11d730302f1eb7c6bc37" - "37", - "0d3dd75ec61e0f87737812fe1ac86ba336b1512bb9f7ceac2c7d1a5b4d5dbafca57a5209" - "028cef9468ebdacb2a35988531baa094a1c901d9650f2c5d8e03a1621fb33ea85e2b506", - "184a98dec91b9afe52d4dd6b2d9f2d7e3c42e8e614332080aafd2621136ac7965beb4e8f" - "97b222c1b2e5448b79534db4e710331a2f877f8fc2a9259129f0b24d24289495da22542", - "0fa384a04c4b0b0745abea373aabc09404a6037f302e234e7a2840ff39c2b86ae37c814e" - "8bf3f3f7cf743748f2b88d02d66a3adef2028de94013c07075fb73f00555aa900337149"}, - {NID_sect571k1, NID_sha384, - "9a57b63a4f418404e8f5dcf3052b9bc04a4f6d2c33bde8651506d9cbc5542ffb9023292d" - "ea463111fb78913ccdcd182faabbff9164219b8900c7f9fb394f7d9678f77b18f8d58526" - "ec64d7c1328953b983a7c416583e05a069cd76aefe26e5f5687b70abfbf9f58f052dc086" - "3b4fc3bef805cc3bb05bf76a83235af9d6adfe66", - "1e7d4da72b1d82e17a066fe387f2a0a7fa4c60ab993ee09710531789186077f2f32b42dd" - "da497d5fb57356383e1f96973df043307f0b6519430c3f0d40d62954032872fceb7dce9", - "04037c59e95132f0027f661511d1bedc3018bffa62aad7f44d7370f5b169d683882fca3d" - "d0c4260fa8f72a47a44fb0fdcf0d7776ff0632378022bdd223753c66f98dc04904344ac7" - "4102d7f19468b8e4f32eeeaabd6e402a35f38dbb9f2476cf07881d8bcff170b0a6e1ff8c" - "b1bfdcaff734a32ae9bf34a909ae7fee689e3f1ae777812a45dd46ce13fe648016353c6b" - "b7", - "18ad70fb9c5673e5a39b3a1655ff76eb84519555a6cd88e86a26f9448a54f04516c2449b" - "ab3f75e74a8d15c69926ac43fe01ebbe7e1c97e73870e3cc4c0ca431cf614f35659e3eb", - "12abdbfb2eb08e326289fdf5615057d912749db4f17848c1ac73bf6a51fbe3e1b2732d4e" - "b656715a6c459c6c3065b67b577f21b8eaca7d657c3b3171e8a4849f55024c69487e50d", - "09609da5049092e0aa8ebcf10c204de54c968b09b9bfb3eff90b80bc675d557967b35f52" - "e459f37fd198a83a858e5d7f9f5aff8b2ef7272b236dba5857e88515ed471a60bf6da49"}, - {NID_sect571k1, NID_sha512, - "97b79c76d9c637f51294369e0bb52c4189f2fd3bd0607f91834aa71b3555605a89ff68e8" - "4fb5bda603f502f620e14e8b0c7affefafa2f0b303009ee99653ae4550a05315e551dd12" - "a4d8328279b8150d030b03c5650ed4f8d3ba7c3a5361f472f436b200b321e7863c771e20" - "ddd7bdf739c51de3676f953a5501e4477aed1bd8", - "15b7271d4319db5743119c8103a7d4c6d57e9c62f3eb93762156d2ebd159980aa57cea94" - "8e416717d715a2e458851f1b2e9ad4172bbcc53861db29c3ee0ba8e82617a5866170847", - "04003a5b9559b2058299161770166766aa65e151ac6a22a90205afd27de5eb99c5b1db36" - "9ad52f09141d3bf08884b96414c283b2669ec2a2a60c960a2f03d425dc4c229c0bb369d9" - "0f0024f3a9cf3dd257043dceefe6617a98e222e1cc820f3e19e63c64fdcf7ce8d9c7af73" - "23c9aaaef4df02e498597581082fa3767c8a38f508f4ca2c1eed6f298dc8142668a00274" - "90", - "0c585e425ae4a34f9b7b9205f095ea07599716f1eab1a8bbd934219ad760c4606ebbeb06" - "cbfd3952e045a040b8ce20603aea4f965d1b6e87eac7a61672823fb2de7767e3466c730", - "129162cce6fb05e1fc8630ec6c3a16d108bcd251719d89631497177e6fe6d1373f114ad9" - "dde6e04a4ee0b4747f91c78703012e5a058c132d54f2ccccfc0f9326b27d60322b497e4", - "140163edb5f3c4b49228e4614bfc6da9f73674eab82678ad9947b2a635f733dbce99ce32" - "09f613e2a75e62ed84db4d7d13de6d789b7cfedc0cb6a028d8316db8831db66c91791c5"}, - {NID_sect571k1, NID_sha512, - "564ad0e37c9c37a60872a4780a723d08d1159ddc77bd834d74c1025cdf3cbd5338c3fc07" - "a904fcad9b979b2a2ceb1a0139af35e5112305fd662a57af6312624b9bdd3a64849f95f5" - "9a46ca8feb2ed56f87f258518947474c1729275c4d89b7dd286ed65f286cbac76002cc63" - "b92a73ab6bd13c4adef282f32297e441bdd8fd36", - "07219ea7917d174a5386df985d0dca798ac9f8e215ab2f0003aee929a2dbd91e37fedead" - "0ed95b1e8aabcf516bdf54337b4aff7ace4c6b3179f2e919a49db50a41c9d4d58d4f636", - "0402fd7f6ea770e0a6f1eeb3318b6b609c0e76ffeaa34e75f56910e8f658b70940cd7a59" - "18328473b279f882816955b2e3702c22e0b3e03863f8d99c64f3a2c9d1c68f59a28eaf25" - "ad06c2cca84218aa019326cadae9639069dd27df4d1e95a4c8e7d7cb426e70e2d38650b3" - "82e325dc3835afa719145d16a29e4ff67de37ac8949641f0d140072f59718450a6699732" - "06", - "03413376b32f18385cced4549e231e514eadfe05fffa0b252732f5c88d13d9c6e0c35be3" - "dbf72029be5e4573b8f8829f6efbf58a12b5c161bb7055d1944eecc93f82c12c5c56d9e", - "1c45c25f3e8eef9b92142f12e4119842122ed7672fdd82c14b3c34ade3243a4c50495c06" - "b5984d0260376c4fa44c60b2e34b0084066d693943071bb663a44884927352668efcc62", - "08cdac0f4498173bf4e59de98ac9a26fc2c752cfea7a5b75141d4e1d019e25d70a717ac3" - "ebb82884436ebe1007b0488c4ff29fa31fdf02f77fd99535c99b69c9d4e5f432516da77"}, - {NID_sect571k1, NID_sha512, - "072ed5b14754fddaf54e20da42432df49bef38f4a3b1841b2db457ff86c44880727aca94" - "5770adb41269df41fc17f6a687bcaffaa45a3e59070526ed53b8dc3b78cf9a80a85461ea" - "f4b477e44d5ec4c2bab9c05aa747a5a520b35fd09e8b44539d060ba1c3470267e0dda111" - "b15dbb587614a46e1e477127f963a16cf3a43ee5", - "0bc623152253da24bf8d752bd78aedf7d5f6a2f889453ccdec14e10753335ea8bea83fd1" - "81a1f3680ed50f2324fbeaadae160cc85831750e021f3e44121ea1b1efc29a7d0069479", - "040003f3a6cc6964ab2f6da95c0a2a7b75afe4f77faff16fa28aa67809afd9495cde1f5d" - "ce079ec4e15ec8c1a2095a12e8adc409fe8729d865f50ff31ee75d7d807afd2c15cb142b" - "e9076b15c1ce931ba06dd56dd8e4f544425fba4f37f951a188c8e7eb13a2850c93b8ce60" - "f10b3783647a2d053e2764a957656a184a385e95c2013685d4954a2b2aa20e4a15dbc43b" - "78", - "1e091f4febd694879f78e83842572280daa48db65c463e66d9a7ea57b82fda531f116800" - "530a03cef2cf7e5be5eeb6e420213ff757c27b8e8a94513e417f4acc62adc02a76a4fdd", - "0264c499f7daa6ccaaf191d3502e86458ef088c9bf2ad989851c221364b24a1a3f4404fb" - "d0eb44a41938ac6ab67002faba0bdde7f44ffe6bc10def8317c4e2807c3ca711cb6cd33", - "1b91c18fc55635c5e3cff70503e7a49572ba52b11bac193230c88d6eb65eff6b2d9a01f5" - "3ab0eb34f5e208538136811157f872a8255b4d249b6ffe021b0c0763cde4d7a7e72b0b3"}, - {NID_sect571k1, NID_sha512, - "e660dbdf3e61af39b83b95d3f1970f66d616f03273f7dddb98f768452b21cd39604a31cf" - "80590d4a5e4b0d4917519e10fd325dd4ab7a52d70d154506329baefe0d5816f514ae1094" - "83122b4fa8fa1ebd7fdf1fc4e21e8d278a50c05d81c8f489596633d949c6c8fea96fe914" - "30c01522a5afbd5042be8aa47da04581b2bd21cc", - "0645947d981d258f2954558c31022a3b6ba5fa7b675312f794cb61bfff1d9ce87267e4a1" - "dacb7c8fc58624d31c85ebe22f80d26a620fed5df5bf38515e0903f0b69a606048197d8", - "0402d03e05c4b555943fd69a299249e7148e99633b286da69bbcda64e7b06ce9321d62be" - "ad7b8d095a68d9a3ab9e9cf1aeb1d8c4904a073c21806830451a79fe7a907b32df15ea45" - "67023cba4f6f1815cbe1934734a901206596c6f482011f6cb6d452329f9412d2ef456642" - "9e7d35f2d247eaa7849ee141bb16914b64920fffe6b7923cfb19759fed6e1f80d6c40a0a" - "e5", - "18955bb752f0af7d7aaccd0628dcf1f52d836fb91dc78b0fecf21ff5992d9c1f891f0eb3" - "c139803b88736ce10ba4733a523854c4ae9ac35421beff9b20e0c8daf90bece46737579", - "110a428aa96277c9a13d4529f58ecc57cd7209a7340b4a78694dd9ec800f36c9c306221f" - "a110e0b3fd65b9dcb67307b7d7678997a3143c04ba96d72be83a1cd6b01ef22acd0f82c", - "0b7ae2da5cd36006a92a5b2e6369afc2728a93edc845ccb1500e551be361f8658819f7d3" - "eb82ad41d7f2beea1a1cab6f103238a6025acbf03a2b08339841694022c17db8c6c6886"}, - {NID_sect571k1, NID_sha512, - "8c9acbdc431565feae60e08bc7da113e12372ed373f1e1fdd581f98c8a7b0c79ac4aa42c" - "7ffbc963fb4970fe26c5b5dd314b7051fe971c1186ebcb5650f7f7011a924de893f06961" - "b8c75da7bff331847feead4abd2e8b9d6ecbedac18f4eac207b948e6e4215e4d5cb483e5" - "c66ce7ad788cb89604d3a3e051539094079e7bdb", - "14cf93ca69d94ee8fbea0c8da9d76aea092b73073d8f5385b65c6dd4d567fe86bc2cfb8e" - "8be890c3c6cd9abf7dc3a17eaecee3d7a9455887863e496c48dc3e47821bd3d825b6bed", - "0403dfd1fac02ac4bd3e3017a3d94f29575238937824f80ba0b2eec185ce8c641e9fc721" - "94323c779dde8c4fd6e748e09d66e82c82add75106a0e1739f2b977d40ecd3cb15a1eca4" - "2006a73dd31226adba7ed8d08476b5af10a806fe8de72251400a83f6c9f6edf5e0cd6bd1" - "fa8f3595c3ab32b4c4548729c455e4eaf83230e1335cf181cfea6b6bfa6cd4ad75ac3278" - "cf", - "176972d9402d5d6c9753532e5ea907f256a872c100f87bd390c4d610bc00c408a97bd55d" - "ff2de1ef2fa8b9716e33a5a39bb6ed2ab541848685040656ad0468b360f42c3742c1fd0", - "00be28427524a3b0979cd82fea407463647a77ac45c489744a9998b545a13516abb9213a" - "b0d89a2f5f872d927ad48dfa502de95524f94f34b174933f3faa7b554a1c2c3a688a0ed", - "1d49594454516c1876f23f2ba0b1fa4dd8bee028bed5524b7635a2df5b8459f4832b3db5" - "f6074cf07c169cbfd9099a85ec2f5c42043c5b851c81a71c87affba34b11eda67e0ab69"}, - {NID_sect571k1, NID_sha512, - "53ef87d6ac7b9698f40b3ea9f3442e7b64207b140b7f66f73fb7d5f8f98452d30a4e493b" - "6c0e3268371e88e612b818d4d847f032ed4983817d020411a52d81fd2a17b58ebdec199d" - "817c2a8ba77042bbd747a6fd4bcc7e844ea829fd8461b389aa0b5957d92962b6d4e86385" - "a8fbca90b8fac40944607117e9a4ef6dccb8fc1e", - "033feeaaaa28f16bfaf5ea9c7319cf4561ba4fc55327a8477b6cd58ef6ccad3962ee1f3e" - "db243f3a04e7e49c8e23509fa2d63252adb186b8bc7e9255cd61fa9bc45242d42da3a68", - "0406fc62c39bdd41ef7083ae10dad59e38dad217c55864a55a6a80bffe2f5e7da977d79d" - "b9ed8c9ac22d6f096129a0c680ac93fd77da4ad96e292a19b48454f91c93a3132559fecf" - "07066f1f737ad3af3df674637aa5efbb844bbc441966bae73973481628e5c2c67cb74553" - "a7c8f2c5fc478edd8265bd6c99d6ce122a245e46fbfc21992b950f04cbda5eb220261316" - "c5", - "0a5b86b76f98310a25111cc3d1b0b70fd0c20208cd0bfd8007cb569a187c3a97edd8e716" - "aac938900c3ad8ed3a0d091a18555ab532b50f25184454d84af2beafadf754862b8ec74", - "0de2eade32f537727eeb82dce610b48106b277d15d8fbdb77cd312ab9983ab21bed05f05" - "186a5cb2b530ba72c8c68b768c26d942f9224c6e6b9e7827c48e129833cb679c70aeb29", - "15e4fb92190bbf8dcf7548057d1bd5e5ec54a6edf54f6b88f50e96ac87ed7a7b7c0fe1e1" - "174ba3e822fb7e7c083948296cdcdcfbdc4bde036a07f84d210001ded91c554ace71efe"}, - {NID_sect571k1, NID_sha512, - "dca1b7a9a313ead11c2d54739d9017ae27f9d08b3544e418aee862bb57e427636cb6aedd" - "a28e10f12aa15d2355f4f8ef112a86fec5dc46e6acef693cb8fc37c3e4885f3be3d3ab31" - "ea4d73a0de904e95c7135a149f77b621d642f9bd8ba192d39cfc58b6f19a797c4f3b4f3a" - "87054298e3ce5eda0ff7f44f8134c9a108285dfa", - "05613dfb53149bf5fdc4e08ccc1c752b0b66ab43aef2d008ed40f3df40fcbb2938d2c41e" - "3ea2dd4428aeba9059a97efe5593119673866a19d27a2ee37dd357e22b6bc849e7e22cc", - "0407ef12ccf6b64c7ca64b5da45937281ec770ede572b9a8eb685f3614bc358ce550195e" - "74666af9bb54379c1fe1304b76430d1e51a9976bba02e5781154c9bc187a31201ad99cb4" - "8e043d4ca20f06b26d75be1454e96f0568bd740165a2bc6e5b8429d557a79666bb7b9cfa" - "597d392cc5b8ecd180c37f9fe2088d7908e59ff644ab05568d974ab42ec9e01676e1b241" - "69", - "10b4b67007af35942216e9aab1d6561bf7684f334a80c7d909a6154cfde8ef06a148af10" - "4d534d7dda59b5cec7949de4086ae669edcc4d68b88347d2445edd3037525c97564ce78", - "15bfb47a27c6970fbb3256410d5c2f6c04eb308569a966790636899fdb3122f9e3015455" - "c4b50a6bd8cf519afc22ea845794f51e6994214feacf48322af48590d02cc9812960917", - "090c61f6c64381845491dac81d5273d58c59d9cfeed214527a52c8f23b0146431692a25c" - "bfd77abba22d4bc61ef24093c593c827ef645853bc8deef7c3b07bae919152b90c17f4d"}, - {NID_sect571k1, NID_sha512, - "aff61d62c8f5c31bbb7d0a64a6ac589e918bbf2f13e7ad13abb9ac26405e267249a7c992" - "2139bc28140833e10976b87e91cf28285274b2b48b63d24ac94c85c70fafa78f8ad05955" - "c0ce6c02b841ee196dab12306e3e3d6138371217e2b474f7e67a80bbb78a47e374ffe2c9" - "f86292e471c551da50d46e7b5c8331029f369767", - "11b92c8b72b86c51903387a65aa206988d443d1988253329ad3a89c902ff1ef8cf73b7f2" - "e4aaa352443bcb833712d94c3e637ec12cbe4c2d4606878576b17fae1512fc77785b737", - "04022440b63bb4557996b63faf19d9f391c5085cdc2cda3755622a6cedc676222ceb5a56" - "ec36e220e507973c0f07e4b2e2d565a69967804ad311f0658a9854b1eddfb5270f4a86b7" - "69050199c9e443555123f153249cf7256dc3e82c5d8cb611adca0cd4fbb0a9a90296bfa7" - "70c1b0c0b43e4363b0227273a9ec9f00ecf83afc605b0dd2e5e24f739dd0b4ef6bb11950" - "a0", - "0e5ebd85f5fd9a9a81067fdf51b1906023e68672d160ddcedeb35787688dcdc314359ff5" - "347907b685a718ce38a69be17de292eaef189fb9ee8c63271bd6818904cd246503dd227", - "051387b0d057985dce86cb962bbca7d9a047f70d96c20539ae7d6b7cb8bffff606f03b83" - "15f15a53049c6c1c227f86d395c2217d32aec32bbd406c790a6cd2706775ed8a0ba1ebe", - "0c7f3b7e4a8b65a58c1280110f6c2486cd2d2df7d48b49074e98accdfca4a72fa7d43bc2" - "5c6576279f4a70f22c98135ba79158bcc3452940963b556304da8e1ae88973d827bee32"}, - {NID_sect571k1, NID_sha512, - "721017294f17ef351e41256b57a64a79f3636628c4bcbe676ac9a2d96076b913dc4b246c" - "9945183ec9bd2d251441b5101eac44e2fa1bef59dec03ccd7fa5accf3b7d094d68dcf78c" - "8de4e2f19f56bf0dcb3b66b9421ec3f8b353b9fd74feb2e9affe0bf9aa421b6f03eeba3f" - "fd58fba56b3ebd094880e50de01ee62a108a24cf", - "0c3c90d5ce4375a08b85575faa78ee6bbd9e5571ce5a90582042617b807339c282cdc3b0" - "03d82006264b1c08c20af4ad4549fbde53d262facb98d923d81b8eb6093374b6a1e84cb", - "0401d900b4f64c07cb959049f2bfa18012f9bc2dccec5a73e9a48a9d5d65499e31ec4a16" - "15c4c50177c032d388263eba1a90e07ea68f081e10272e88a41389bd2626961b646c76ed" - "8e05c094fedfb5b118accd64d5d46ca2ed92b3123a62042a556ffee9e3bf709092fff882" - "31a26917d368db51d1959ad3285c7faac16ca57677651b070aa0abad96f07d35c5fb8a0e" - "e0", - "14d4070307cd269cc1a3c048ec0847edbff46f64c1ba5b734d8a800e50a0a02af57cf247" - "50d292e2c247ef1b860a9d7b5069a32f5b0546fe9e019e04af62316eb79507281fbef6d", - "1cda7f743c47ae93a9fa533145feab4c46252afabe3d54990663b5891b4979c645ccaa05" - "c744420ed6fa235952f370f5aa187250d7b069aea1123f19f0f18da18fde98100ff6ff0", - "180b4163f2eba6e3769d8345dd8cb003ea120164442efa885eda5bacd75f8d705b7f1bae" - "2976f67cdfe984430e36f93455ee7528fa6febfe92e42a002da165c63dba8fc589e7851"}, - {NID_sect571k1, NID_sha512, - "e2d1f33681759adb7954bb5248b0db3c3885fea0d4c1c0c226eb1e6d2d3ef1b9ac281a0f" - "1c2fe5175b67114b6a501e2426d1454bd5790dcbc4c232cf06b017de8a9bb39e6033f1ed" - "b5003e8de3b44cc3d6150c3c952afb442952483cc688908337b7c1a8b5c9da70937ccfa9" - "8b2b0098c530ff848010b8e8ee0a8d65283481a8", - "10f184c16228d9034271332178ed485d10b6aa76003efc160d63fea26fbbdf5552205ac7" - "df0d8c852a1210cf0ba512f20b798827b36ad56b12a826fa7dc1db45aed264ca6822659", - "0402637543ed8a11271bbbabb2cf72999f65df0104758c2fd6fbf3e1c5132ff1c1111fa5" - "504ee86bed8f219d5025f8ae07055a7849314d2d439408ea2b2ddc40320c57f5d41255d0" - "a6014e360137ae33ce6930b844d42bcda4050b25f349e9e19fc4fe82f5e4f73cf9bb5021" - "2ea875a5735faaa1d5494f1685d6c8177448dbf356b408ffc2ba0726c9befb9de9f0cebe" - "32", - "1146574a96394c82972eed1ab7ec98bd08f27653c565f0626fecb431ee4fc6f830554df3" - "5fa62b5f82eaad49524d3d4b0598cc7a2181ce9860e271812373d21be9536fc181c3f12", - "0dbf465de2c5242fb527f6e4a4188adb96a2030ed8417cd9431365173f569bfdd3e420f8" - "6947da10a703370d7f38dc43e2249a2476690829545992645c9c83d82af8adae893780d", - "1499782e0163f80de68e3a580ed08fdec8d6552ec69f186a74be89480be28a0df6acdf7c" - "65a72f115f8a59fbc28bb94af64cb3bb3cab20bd25265237a010370d9a5c781c1e26f3c"}, - {NID_sect571k1, NID_sha512, - "414fc5d2bd56b30040e105cb891788792da595583b11b8fcc7320f40dbf64d9263532dc5" - "7344dd17573c95eedf851668b5d552e8796af205f3a0043af1a829fabc2e93d9af9091fd" - "d9e0fcbcc9d6d9ec960aa60e4e2964c29a2f375400366480e513f63d124db7745847310e" - "69a38c8455e4e602056a6a4a14a8694155e0a9bf", - "181baf9d497159f837cba58a11ca435c442e5ca792ea559bff9f6a1f562c05bf6bb5914a" - "fbd1bcaea75b35f88bdd832314b249a5298622c89462344d3f28a44ba3d059df432fc71", - "0406f3915f884e250034db97327470197d13f0716d1d810e43055757460dc252f5281717" - "b3ef3fdd51085e65a0e073e78b697a21bc33137213981fc05d9b34caf7dca7a4f99be785" - "96047a96ab5ebec6201b7c65ce7a6e70effeaeea1c095a0172e9e2c7bfc88f7b05ea5750" - "76caeab189f810258373cff2484f4fb9c8167989f61aa61ae27113b5140c95f7faa505d2" - "d0", - "10e9e6047651362accc816389b26ea6befb0e34fe7363126f8c4ff9333266f46d63c4d45" - "075480da9ebdd0f8da7224b470d914ea1d68cd821f563b574bdeffdd0b3ed73ecb9133a", - "00e36644cf0861f45b333092d44fdd99f56e89bf3607f75a06920dfab0ccb1831208296a" - "a2431bdb75c5d50f15bbea2e13d185db6d7175c221858fd2b22afbeca7431c290b15d3f", - "023ee3b9ce817eb0a6733c85062cc3bc5f1ae62bdf3a74e3ec704baab05784dbb5ed01a6" - "a2a73c80a3e754c013ba886108d9eed2bc210f29a4774bfe5508ecd876ab47a8527c530"}, - {NID_sect571k1, NID_sha512, - "3b592cc8972a4782870e079b82a50f84b4c2d8ca90bd500d1ce5678982e266c391c556d8" - "162ac3aab967154d072dbc0ba1dab5545cf2651753dee2881eca5abd412fe624bf3f9d17" - "d33692d21ce23ad15ccffdfd250cb1949e73c9e40a64ebebb03852e92692dad1d7baef97" - "fe109f35b7a492b343d4b643a4a7b1723eaecb64", - "083fae86ab96bce99a53e50b7eecff38e4e25b21c4b0f6a4986915de245eae24f16b6a00" - "a4db159ebc27f5a6a072da94ab6be5bf75f5eb3f75c4452bf4ea7014392eb1e02706fb4", - "04078003779e0287bee54df31f64c58951df7999b48b647a6bac416f844485a4cd7a53a6" - "4170f9d2d31fdef0194a0c262b90e5bd33a1782d2ad56c210cf80abb5fb118cffd71ad79" - "c1073f89ebdf0e255205a7525cc12b7e1c58303ac3b3417183179c216ab8e47f33d0af32" - "38e3ae64d418ee89ef3a2cb4bc67a1d2fb1923947b9dbf3f4fa39ff82327d0ce3db24d23" - "24", - "13d126fc4033f537b00a81372031026f6a7a2062863a68e36c6909c548833d1a8f5fb5fe" - "25c7d9f2c65b1dfa974630204f71e96d657095b93cb54b00cb88f32adc08eeff4036654", - "09be9f4bcd7b8ef111337fb665379509b8b17a2212a80d5fecc685f1f362c45f930acaef" - "9df47c33c6028cf7aae424264575b4635a11edd6b005ad26cf2021051501fdd1b77d2dd", - "0dd196343ef76bec527c5929e02fbd5d02d5b0a4b5f2c8561978e600856de56d42943f1d" - "74cb81b67010bae98de0efddfcddea5d354c60c1fa76138801f6cdc5bc932c136309b6c"}, - {NID_sect571k1, NID_sha512, - "0079a02cbab3dc02601fcb5c8607d555beef7cd71a66911ab6514a4ae21c5a9c0e166f8c" - "f5fb198ec5a49a96e17cf041f35f00406b79270ebfe56dc6b8417d2529fd625686ffbc8f" - "69685aefa2fd30a937c02f25b48be4679e6fde821de928b33b12470867def874bb8c7c80" - "38ab6594346a2c44b39210d3610994ba60a05e06", - "1a663efa7bf4d8479bc535fad71e9b5e4f4281aec55967baa008ba17ac2f89cc3398d305" - "73edef29d590fddce8cb157f655e92779f59e7a18d0327d02e7daf4c1216143b3688fed", - "0406b4bb31856dc516be60a0d2d9f42508738edd4f925eca9c72a13cf136720867babb38" - "622fe97df70a1edb35735365f34c74baef9aca539aa1dfdead3324f41a16ca69bdf86b43" - "f706c4a91d3fac9e7647a6aec6e4369158bdcca2275866bcdc5a09b2f0f1eba10551da96" - "13eeb1e8d3233316b62a5f4641d6aaf669b975dfc511f2437d43c9eebe53c5115fb4741b" - "80", - "0a843d0cf776878fa9ceb163d7aaebd29ba3aea0808c3459036b258b99ccae4e2444bc32" - "11b5898c0769b7d7e036c07803497e13803132b3c6301412af3be8eb4a853e939a247a7", - "00356e282c096fe1690fdac4c0c66eda155ec42356dfc4783cff0160e1d76b33a99442d4" - "ee0e3f6e1c5bde4a16c8e18bd18f98a178c3fa4a560d8fb8b4b1d72663576f8baf8672f", - "0c5018c1383fc3847819726e1e940028892e1abd164b413293fe50f219f2059105218e4e" - "3b952b912a3258c4ae52dcc03ac5f027fdfa448a8d58e3aa5c21e790b3b47bdfbf21175"}, - {NID_sect571k1, NID_sha512, - "88573bd94ef50459814806efa868ebf92b066fbc2f7a4be9d2fa06b9dc1a72f72d783a6b" - "cbc107b18a6314511bff217037a2252e7a5cd34cf9d5b2fe9c7846931f0133b2e95876cb" - "800dc4ed7c4a4e4cc4f1195acf99fb0ec224b1f8fa8af71f72d390eca9d6be3879032a31" - "8734a63fec336c79035a43f70271def10c4955d3", - "0088d1a2c0219696a94337cd56516252b74139ea0733b17fdcbf7692c3e5f6c3989e5da2" - "aaed7468e65a5d578571928ca273ec3b6aa72cd196f560f05095cdc8346e5d31c4c2e0c", - "040357801cec0888461ffde22d83afa9ca008ac88518f4b09074d29a846f5900e024a8e5" - "947bc25ed0e5c980a58fd5e9aadfbfab31db8bec575fe886deda80134d91b3de96254653" - "020710806c7ed33f6879374c59ea144326f5948980c8013144345c5070122c0ddb7e18e9" - "f752eadf2a9b0854dfb7d9b2f0d80ff0ba46197ce6017885939e9f59b642a8fa41639ea7" - "5e", - "16940f69013026bafb6f400c037272176b04e35e9f1563d382dc9982968a186e3e152577" - "5d27150b34b8ce5e70b537f0149ce1a521d056b52e75da7e39ee8a529ed987c70b8234d", - "199058e36449ee1a3388d7357c9c1020b2e4c02144aea14b041bc584a752c94fb6e47495" - "9b24bd2c0c104f5ecfe223ebdede672298c29195033aaad5db1852ce4dc3185ba2409a6", - "11f3defd9b442378c461e2c68b239d2e4afaed691238c5ac4e0be46ebd461639a60176f9" - "884133900f988e2d730d34df5e2bd8a14681014c0a213f8d233b3c50ae3064fc38d1a19"}, - {NID_sect571k1, NID_sha512, - "d0e02045ece6e338cc8ab41d4a064c982ccb1748c48fc2fe0a6f10bdc876094358a6a90a" - "45facec798a83cc95c6795cf0f0d7c66b77e22cb114c1432bfdaa1485ff35b6a58107cac" - "3b7e58cb4f6c87c68db60b751e78f1fdfa54b8923b98caad0a4f31226956d065c083ace5" - "f1e9e91944dcca51879d782e40358d58ca758750", - "16cc8a0fd59455ed8d4de561fd518df2e008f7dfaa5f7f29ac2489a411e233917b43eb3e" - "be2596fc824be58871949545e667dbcf240dfb5e0c615ade0179d9ea2a1b1ebb8ab9384", - "0402477e678793593e2abe837961895c7ecef71af1feb882ff27cfbabfa0ba3ed771b792" - "23e7b2d2388efd371d5c325854cd60e48484f818e1a8146fbb780cd6ce06ba63c0db67df" - "8a001b696114838bb972ec6d536abd809d3a436650191c43b2bfeefab2b400d5921a7eb7" - "8e307266acc190e05f3869017f0a66f886bd6556c58aafb1042478cc768a4f86758e9f4c" - "32", - "1e1b851bb95d2913d6d35b756d49fba6f4c127dbed80fe4068260cab89c1d42f7a6843f7" - "31e83b379ccd8a4915d2e29550f3f6ccde607cd0b066dd5fa41ac2bf37bdcfc26cd4d04", - "10d4291346685fe070b267edad91154df83664dc115f058ea036c712929634d53662586b" - "b50cb6473c2170db5d4ee43be0c50532015937202e193d15d5189870691ba65aead7f3e", - "0b2a15f1ef00204bcfb5108d8f1da96ac3297aa041074b68989ff5b6b276380de7887753" - "fe3d416ba691ba0b2ad7fc065ace02815b2323fe17f6445b0fa66dba5d99d8e7d557cd5"}, - {NID_sect233r1, NID_sha224, - "f1b67fde01e60e4bb7904d906e9436a330c5cb5721fd4e0a3c75b83dade868736bb1d21c" - "fb1b5c6407c373e386ee68ec2239b700e763728eb675a153b8ac44cf2a87be85fe8ed668" - "3430cf4b7d718891cbf8d583d0a37cc952cc25fe803a7aa4fda80f05541a2f1f2601cdd0" - "c095f7110f2a84f7d641b8531572269b21cbe77b", - "056673197bfeea9bd7a8b820b4ae51a50411bf118a692bb9ed3d304da53", - "04003489be62e53910c20cb508de019c3e326f65051f26749944b4454f156a00f775ac38" - "baf19499675725e8190aeea16f52346b1c890d9583b38c7521", - "0a6c9914a55ef763913273b062475fd0188eb2d5af9c8c1dd97cb3cefc3", - "08601a42d7f7eb047e8ed9820ddce665c7277f8ef38c880b57109b7160d", - "026d6f50f0508953657df5d753c595ffb8e1c19f8d092f8ce8db54f76d0"}, - {NID_sect233r1, NID_sha224, - "1d496d96b533c632ed6a91f6e3653cdffaa5b8cc0008b35e49b2dd52fe261105c2ec7ee7" - "1a4ad5d51fdc3d36d688a3b7ccb3b3b0c3a65be17b8d8aa172e3005cfbf37a2d1b1a6e26" - "8c090c6f318e7e96f9ec9b9f5a8fbcc7558d89e840f7e76e44bed91c26ca48e6f5cbc253" - "ca2fe8cb81c484cabd24070e488f9c00cd96ad4f", - "0468f01d483144e514ec257f2e5fdee28a927f2adb19714c1f3524dd0d3", - "04016b3cad89cc42b80bb730431963526e26ae3b415b421575dfb6ed973e1701acaf7de0" - "6e20262efae01fc80969cdc1a281f68e8c8bc0d2d4fbba3a3d", - "04d261304678301985f5bb3f6ae465f11c9fe0e5031b31f194969252703", - "0878a87b2867c03f55726ea2a6db822788f4aa4e9ef609997940ee8c8b6", - "03545153f0554a8f55301d4b948043de3057cace62c8032c8ef8a11dbf8"}, - {NID_sect233r1, NID_sha224, - "723400655027f474446843645757f7e2cd466bf97275067b4bc4c9d79bb3b19b2421835d" - "69db916f24b77c381fa771fc1e7a19d2b4d09411ae55acccc615b16fd24705762b441ab6" - "7083a921fd4ae569ce0de69449aa96f5b977ac7dc022fdc8335656853796f54b3fbd1185" - "77f98920624eb0a00204f1ef83827245c06646cc", - "074052d027f05465a8083a59cdbf32600224e1f563f653b34314651517f", - "04006999290db440eb5b3291bd4bb4a1af6386654fc4d275ef136c0e03dbca01fed0b1f9" - "284e488c7fa2a010766c340bc25dc132c7679c2598e423c3c6", - "06e38460379ac3fb13f64d4de654d4fa30bd8178da0bfc29fab2a1e2e39", - "01b18bafe55e5c24fa2df4c09112b44d24e78dd09557349ceb1b916d280", - "0ad7cfa003267a6b7a99894f75720cedc9cbf820d355a6b840709f42f62"}, - {NID_sect233r1, NID_sha224, - "155860cb31a142082bcc0bad828d747e916392d21f1873b3a3c1d28ca3ff9d45ddb66a71" - "2e3856b6afd07c8d2b2a7badab296a9775b03f6fec0befa2d8d6d00fe3938df244ab46e8" - "36a3e686c8b4f918da49f0bb3940bba34a9aa22c7caf02df7758b0de01d9f47af6146344" - "b9be3842d9c055eaf0fb399cd8db95c544a62d8a", - "01856e7544223f55f80de72a6ef3822fa8fbd68eb397d06e2d76ddd35e0", - "0401a117e52f09080625f85fbaad8ebe0d3ad410f034242bf48365e88ff7350008b8bb79" - "58d191265901a3f15b2919142505efeea13df6e42da8b0dc1d", - "0aa106ad1461353865706bee9aa092b00fcf1b0108ecc1266ad5d8b6579", - "0bd6fcf49029df32fe0fa47f39cb9428d95d00a84a5afb392d7b4b365e0", - "0b17734befefebf03d1c79e59c12ed3c57e7d120dfd993bf276de559588"}, - {NID_sect233r1, NID_sha224, - "cbd6e305cc9f0dc90caee6e65a74582e9357bd25c78e33a7b14e1ac7e9397ff4466f192f" - "b432143e6df6d61a0ab808ec0a361a6d95a357a38cd3e241fe03ed883ccc364b248ee2a0" - "8702110745c2688bdcefa33c1a45b9c8b200e45cddf3e3f66b8d37eff07fbb3366ea1558" - "ef304085613c56707095724b3e134c7a7d3f8dbf", - "0860aa2b589f2defc617be73e191502e5d9952bf60547fef19eeccbca26", - "04006abc5619422b7d548c612e54df0385c293632d4d97c21e2e15ad98d0c5006c36c072" - "603681c1b03f6a023c8e987f39d931bc2a200eff82239ee38f", - "084fb252dae9a96a44212d18e15cc52d179cd5e3392ab9da57d04cd5a9d", - "037cd554e7815699f033ca9187ddb116777ef847b92353f613152c4216b", - "05f806dd062043420dd056998bdb9822b3177406a536d766c4aacdeee81"}, - {NID_sect233r1, NID_sha224, - "812a218ff1ee1472c189f63386e5b8ab341671c3a4dad27a8c6249d1c0f9a29338b471b6" - "179f17a078b6504e804ac55ca3b13e68a623041bc1a092ea2adf3fa1124bbfeb161e6d7c" - "483433f1548763b84da00352a6386e1339f674d45dab13898147ede468e0e01d2c4e0ed6" - "6b395a16cc3ded3e952ac739205f35a83376cbce", - "0d0dec052a00ccebd0c0c5d9a08272f75744a2582cec7ddd924a2b022b2", - "04016bb8c3d319b93731f1055756e57bd56d50b6b9ffbe42735925cf6f7675009dad7b87" - "a749df130b45d9cac8011101c15abb7e64bd4fbdd94107fa31", - "04098547601430c723ebcb04b23e0f1ce8b1f79ff7ed3d05ba130922b01", - "070ea6221c0d62930b019faaa856ad2c84c3989ec54040bffc42d8dadb8", - "0aa20fc58beae8ccc880e7fcb48a471faa5baeb36bbe5aee71ed9f8adb9"}, - {NID_sect233r1, NID_sha224, - "0204b1fca831919e89e108cf140b3770f531a696b1d9a4d1fb68809eb10afccc257cc90c" - "d36717c02b2f3d6d3d1d8a93cc5c48aa7ab9f9fddfe121ce9143376535a0c65e247c6558" - "eac49fd1d6d1bf431ba918c471cb3d536ad485ec51f6471a340ac75f160c4c54cd3ffb9d" - "cc123124b42df1fd2eaa005e3377c5d2d55938c6", - "08a017d717d6d1213f2b74c53281b07258738c0c7db649ea1ac46b9a3b6", - "0401eb379e27de6c04c5320cbc18e79ed9e8993710ac70ce823f1ab5762b6700f5521926" - "45d350361762aae79ffba39c33c2c5c0df208219f1b339016a", - "00e4822b2cffa327a8396301b21554da6fa52f418d67114bd58e850d935", - "0d64dbdadb4ada2d3a8892049f7fda3c733030522b44cd72ab850b77bd0", - "06fbae2d8e4fc04abd8a6e9cb011974ac851ec108e38f9c72603f7a04fc"}, - {NID_sect233r1, NID_sha224, - "2033eb48756638cb56e2cc39a3e775cfa11fce86cf71f04487dcdbc7f262bc8350a30ced" - "54d1fcb697b28a6e96f88f782947c997872307ed963e1d68985f756435af77f57755cacb" - "b4c6b50ed419deec9f39f0a549a13e54254fa0a5832dba2d943ad4aed8688889a2dd29dc" - "b4ea12abd6a6c50eabcb3981c3a0c1ca5f0b9629", - "01b56c14442b084cfd22aeef0f8028ec57c8b571c9fc1e43de05c45e47f", - "0400d450c533b13b211b8c91dad0738402a5c811460426ee2f35ae068f2c12015e1c9f9d" - "398925c619f8aa0bac746eb7907d3d510814cea185a7efe771", - "0dca09773730a2758b7f4d9257a8e6bd942c141e46bde5ca54a79468c4f", - "0379773ebb7a2860f3422d8f8f714b234e5abd8860defb19c659c9c6179", - "0cb9272a27661604425ab84632f586048483b9f9cb80b9697898e745117"}, - {NID_sect233r1, NID_sha224, - "2986ab1cfe8873009e932dc68d4727d77ccbbf378e43fe4aa7c54416346b036b89c0aad1" - "b82977c9fbc39a00f1dc916c0561d8dd70298c02b6cbfe572e0ef2058641e841c6875e85" - "15f3c1082765e046c90c956d984b76e0e8e6eb433ce26c1757ac5b13422479141971c201" - "02e9621d18f51096ae3173c2753facee2862d66e", - "05afce37c5594586ac46a34ae291f591eacb9880a7de92701977f447fbf", - "04002a069ef14f2989d2b715c5006642ba966cc84df88bbc27e713e15c47bd00f001f60b" - "8a8102a971faa2c42d3ea9cec37b49c7e6ec0cae9f7fb35713", - "09756db630ed9b708bf1ab8aae6a7559bc235c4e9f4002ed26e2f019aa1", - "06b9b2c1d214373647d9a2d24ba69741218064004614368915d5cfaacaf", - "090dd607329c27483fe43b7be137c3f51c23217c939baae40b53e65af2f"}, - {NID_sect233r1, NID_sha224, - "aabf5aa90ceef91c2155f90660adbcb0eedb996f5242cee15468ae217058ebeaad8cd4ff" - "8cdc754a8ab85ba43c59fbab6386686fad5e27ad3848fe52191c7e4b203720841501792a" - "625aef2acb6e36493b792fa55f253effca682946ad8c77e01f44e92ec3c258d0dd98d318" - "3f4dc4a0bd3eca183794abd6232a6f9e4add8f57", - "00696df05dc7a54a9908a73eb18416a155cc8df4ab26032539d86eae537", - "04008f9f494ddf8d0030746a8c0b8d215dda6cc2724f411a7ea407629294c301ea2e9f85" - "f06412d29c677aecf624a83c2fbd86482dc0d564906a91d97d", - "0d62b06628d3884f0a329a7b6b4f832fabea4ebc85ee03e63f2967e7810", - "02e39824f272d4b74810594810957963c777207217e53a672010605b9de", - "0e64bc44af64b6f879f0d32f814acfbb98795ef7b2f246b3f91cacb55cc"}, - {NID_sect233r1, NID_sha224, - "29ff209eabbde02b10b3fd559671fa53e418750c32c4a18d31cc0186d1077581bbefb877" - "0ed079f536e866414a07431ae6633955bf42a2389b6f8a565d6e4ffb4444336e00300938" - "76a26d4e3106e9ac697788e41f8a21c755eeb86a7c60f18e5e1069f16408a4c375a6a68d" - "42959f2fab7ac09736c7b37c80c05897d8566ce8", - "05ca31e88c5b2e96e433af2023a66095161710628e7bfa428944d6676b8", - "04008232d4bbe25536ea7f83c145a8d2b1cd72c383eefc2adaa1ce72c7dd9a0100b738c6" - "f1551b3240293ee8e8ec29fad0cc485ffc2cfded96b68162bb", - "0df9e1b418ca1d41d749ee998446ba1cc54bc8bf72eac6f30929b40b5c9", - "0d4248e0bb60fe46abf7bdb2effe804b9d394d8a5514a5791e149d435d3", - "0b89a459fb99cccebda754c4b2ae264c9aef7b5b610427f42c35dbe7d3a"}, - {NID_sect233r1, NID_sha224, - "97765d876c80819f4004a36d09ccba78e600efc71eb7e869d3a00f658d2ace6769c7ab1e" - "f590f41fb070aa8e08615e138df45ffbb6473d4a86ba5fdf17dd6dc9ea9ee19c0332563c" - "99e6a3451c211d286d69102b47bfa6e07d468d9bde82e5c2063fb1ebbbed6086f542cf68" - "ba46d4f214634afb1146dd5a6f3d50912ef5b824", - "0ef8fe84727a2ad8bf4e646ef28a492adfaf785a3a2ba6e6f985c649a8c", - "04003435eb25ce9891a78c120098992c666940103eefd80d9bd64f1d4ba37b00ddd6a4a0" - "1e443c92afbc247f634b85f1c858a2aaad35a26f57ad4c9126", - "09753a236759eb32e13f19b9d2ad06f7b4db4ac7b1df96813463d0cd557", - "08408fc46149dcce0753d7cae0f50c8c5fcc97acf7a1a02a9f68c0b80c7", - "0b5ffba104acc6d0cba87523382ff928859718122c4d0d2298e74985d89"}, - {NID_sect233r1, NID_sha224, - "21cf768d087d1e4eaa8a05e2008020e243116206d675c09be42ef2bc93617ecbb0575c87" - "3c6510ede9979215531b62126552738862fc4323d487992754e39d8f0d7e111e165ff254" - "200e05082f59a57ef649bccaef6f980094fad3b7ef93bceb161760e200f0a2e396fbb6b6" - "142dc84d872311bf932b84616b22231747937d58", - "03edb94b8c62f9af30c14a790c0f5d65e362a21cd8569b9725916d534c0", - "040065133691b888cd2513964b5a905ed9334cff6367e25c09db1743045d5801408e1ac7" - "21bfe2198086c1834d484b6e5692c037e09928cff87f4b5a88", - "01d8f800ba05d8173b0f1bb3aac0aff68c6b24cf98c28f5a69b0b5a52cf", - "097c07d4352e39e1878c42fe97ebd4c3ba5098706879fad9be4bb2dc2f7", - "0bc669db3a488e613665cd26da7927c6b6a073ba6b0951c00d22ab1ffd1"}, - {NID_sect233r1, NID_sha224, - "7b8e58eecdab3e40212bba6bf284f9379265b3d2baec3e4625aa08d0ced851da193c292e" - "c793dab42732c07b4e94d8b19c83aed796a7e3a6c2b954a7a9a1ff9b2bd4ca62592c8b68" - "f709f1ad38a5c8033ebb3f33d176945bfc68e9ef2b0cee2d45a13ce89d238a33c09ce2c0" - "c63c4233aba5717b85c4c161dd7648a41a5e39d8", - "00a7519be62562318da1b67d22cf8e720353d22641e0cee11c7a352bb93", - "04013b63dd8ca9044a3e518a67999a781a5b62994b6e20454003a9bdb8715c01a2f9bfaf" - "528b7f5bc8c3b02eccb71666c83e4a598b4077de999d90fe27", - "0992ba1a8331bc4d88be7dee06f96098bc2ea56668f345e187f32f38171", - "0c55b45bc7bc3092ffa82234b06ad45525b45f8904011f1bd6cd356f0cc", - "0e6163e70ab56d43fa27211b98b48f1cade127237bec1c6556020d39990"}, - {NID_sect233r1, NID_sha224, - "f8f268d2b04fe47e5052c8d0d653787384b9654f0bd2138a6f52b80713feeed452b976a9" - "0eea4edcfbb62d04f3eafe172ddebd7cdc3701ecd6008e3d82e8eb217b13b5228839f610" - "75159f3bd1e1409c08903874b6dfee2789dd72c208ae769ec8c7d52552a2b1fd73dad24d" - "e8b571f88e2184d0ee7d063a121187f97e746f2f", - "0264022fd7dc2328a6436b522793ad9406d7a586667a0daaf1bce927338", - "04012d7e7f8519a7e357510adfca2f50182dc5fa12fb2a77409fb781ed500d00ceaa9a22" - "b7ef9febd8a9962ce21d83fd2a2a938b9d7a78d669dd233974", - "026fb8fa6e746106500dd29ee32bbd03b94302ec3a123356b23b3055e51", - "0f416418f7aa4d437e7606afedf961b968a67d9a1524d60fe3f6df4d3d0", - "08d3afc975a8147fa8230fef4b16e3024180a9768702038f955357ce8df"}, - {NID_sect233r1, NID_sha256, - "d288768cbd066fad4bb2500b5683fa9e4eaedfb3dbb519b083f6b802efda0a022355565c" - "5fc6babeccb22f3adbbda450ce5d633193d1431e40c0fe631a295cf85965cd3f5937b318" - "66bd6a5300eaef9941daf54d49832acfceed90e572ef34ccc94eacd0fd6b903fee3c572b" - "963d21e2881656a214d2a4c125778dbe3bbeebca", - "0da43214e2efb7892cc1ccde6723946d2a8248a6b4d6c8872fad525ec3b", - "0400db09738bf0a0dd777f67e82be50dc8c2d8e91598bc0b8d4486f67c04a5008ef463e2" - "f37ac7c3d276676cbedf17ae11e767ec577da7ccd90cde3b74", - "0249cbd55e307a0fd10a0c70b1c0d5e2416f4d7f144779ddc11911f4a08", - "04d1c99f9d486fb92b132d68c0173df891ca757572f7acc03cb41d46bbf", - "07de2deeb58d55d65fb37f600d916cfa49f889f02ef53dcce412703d1c9"}, - {NID_sect233r1, NID_sha256, - "bf0ab46e0a756c11229b0ea961f8d57218be5b00ab8b0e91d7664cdf5e0341c412c0e992" - "d26ab12115197db39df2d1a6e18ed26a91be461432a2dfc21d98cb16003e339b0b0b1f10" - "0e4e6f4824ddac5442f22a1fac26326ed8a89cc91343d7223986d485cc8c64424e84d56b" - "e536c57e4dc5faee459b1958efd79e07e90a9811", - "0aeafa49d776b61f6a30d66ff64bd40dd8d79891dd5293c1b5cd3b46a7c", - "0401ba1b87b16122e6939da5dcadb8902177a9f9ef09194c8695008b80b588008f51ee5c" - "ea1f4fc9c44c70df57326ff121268bf4e02cd9b2626fe7c1ed", - "09d640ede5bb60b9aa78e393ed453b1643f6dade4aa20e994db53e81fac", - "0277bbfb7479077d5fb6813670fbc7f46055718199550130b122a7cb8b3", - "0f8dd350bc0bd2d84cdd374c56ff2341de4102269a1e80df7e35969d4cf"}, - {NID_sect233r1, NID_sha256, - "c7b1eeb7c19eb16e7f42b61d79e421b71de797a6cab4e0baee522fee7acdb533f7bbf585" - "5316544e1b82b4f2a18ad0a2311e7622549332122171f32fc62a90e408207e0fb90d1b05" - "2821dede9c41b15b6e07d84d5d7b9e31e6396a8ed229fb6232b3051298dc5321aa589f4e" - "289d27169f14c8cc93644916d9b72dbc92c43488", - "0e95db309f4305b621f51f93588a2678cb19aad0932f365fa0aaa3a3895", - "0401177eefc44b6070e2c41537e75c91e2f08908c0d950bc90cd2f4720b33500f751312d" - "de55b1bcabf31665deb6c12d043d5ccc89800622a557a7ed37", - "00015798ef57a771d62d194389817c93de1b225398fcc0d2b81d94054a0", - "0eef7161a167f69a6c89b0f173db2c4a7033b5d801c0d89642ce65e377b", - "04043f8985bbe0221fd595f9355c33e1930b5e10a1452e81c31259e1e3d"}, - {NID_sect233r1, NID_sha256, - "a738eb074e1f277dc665118ca055e6328059ab26da188c16f56384c566e43df8cff3d2a1" - "0d2d15c3c1406de8f734b20be5dd1ce937a4289f0ddfd7bddabd03586556eb8233b8feef" - "edaa1f49bdec6d45fd562c2a83fa9fcfc2013bdd77900857199e51fa9c7cbeab925ba8f6" - "c3c5fae46bf8e9c574b302f1e5f9c44400152a78", - "0d4319cc8e409b8755880827f3200d3f0f1c64d6356fe74eb1f5aa42499", - "0400bf65953f2d08477f7fd0428c31125184e3bad4d5da00c91991949e056200f1669d0d" - "116817d625128ae764b3fde956432552d24d98f08a12925afc", - "05e8704febc38bb8ea76f3c6433c1f0421dc5e5af959723a5a2f0e9a970", - "0307c0b838c65d1a47792cb367253bf7c9f627435f1c7ed74494b318446", - "00031a9b35e935be6620243f4878a38d4e617fb25f7a4883893366f39cd"}, - {NID_sect233r1, NID_sha256, - "b28103d77e5457c42e026e713ea6ff03722a36512da17197140117442a976f9e2139c54a" - "759fc26af5811b455e5a0d3a95362d9939c1e738045be9237b469ae2106ceed7e7842b44" - "cc0a475d5af6d781e32ff1dd1f4e1833dbc7f82b27dc7e1562d0e29213fd8911105104a7" - "a16f665b926aa137f70d868c90e72f8ee2c95b64", - "09e556c945052e5954915c773b2d47970c521fcc99139269c3ef46093b7", - "0400db68c16ffe64bede4a849812df0b8e202f74500cb7d5349aacf7f3f0260084b5892e" - "a74835e96e9dfb1bb201a4dcaf32da25dc00dca019d806f5c9", - "0d0c9e0b6d4526d5f6494d2c72f812fb8d26e17c7a44f6b5e3f9e684cad", - "0a379ac253f3aaf94cc49e91fe3f2908107a9e1a4d102e02395eb18cf08", - "0854c2f6ecbfe95cfd14045faf71ad47561e365c1dd5f515d8817c3198e"}, - {NID_sect233r1, NID_sha256, - "463d04c84521ae671bb35c0a7acb3ae509b1b0470f39b8fe7ae5f3c9fbadbeb2bcc3a87e" - "284cbdff07407a351f7ba743aeac50c4a1fef7375b90eb4af8ea2df040776bbf3e4389e7" - "a80bea40530842642b9895ab9ef5ac8ed6c9ce7917d7b3ebcf80b801da845943313988c1" - "970e7748cc306f914c37414f8247d648b580000f", - "0becc76f8a77615c4f92ae1f91645bf5bb908e75ef22fd544aae63a3c8e", - "04018cd93bfe8fc8ceef2b9be14fa947b60fb122f5099cb5bcfad0cdc601e8016de11e67" - "3011e30f6fd92025a60d7938412ac63b19d23e45bbf53c6c4a", - "04e75a7b92c42ba0581eb1201fa5b3fb2ac82460e953c26ce6bc60e145f", - "067bad23ecac0883d218b1368d822b3bf9b82453c0e5f3e336777c6a507", - "03788a331249463533384a61c47232aee6f057634c37560ee25895b2a03"}, - {NID_sect233r1, NID_sha256, - "8b2379b5553ae7db6023cb010e26ae91322bc3f94dbaa369481936f90a886e5d3827d995" - "ccf03ca59f46805fbac0337d31a8f117cc7044218a934d5bf507090e7e21178a7162c8fc" - "b39111e6967803dbf9d752f3ae737ba024d0f4f7627e08be58efbe997a164106bfe37f67" - "d2f19c0fcc7a6c7eebd96a72582a9c7bdf881896", - "020572c2a3dc3ea430cd8cde9d642081c21658e8bda165550cd9a5d37d9", - "04016117486794f14d171dfc3ccffef0396cc9fe5aa45d6d39ce0f252c416801b6a12fe2" - "adb279dbbefa4eafa273a2ddbafb2c6401067a5ef5e859fdcc", - "0edc8d0b64496da309b10630e9e5917c9a807ccd7cc7bab14360873eeab", - "0e1fdd3b7849806fe587ad93aef737ba0472409b7239981f0d325785fa2", - "0829449a0c39071a832664e8148e762efc36fda9e030e0d062458728273"}, - {NID_sect233r1, NID_sha256, - "3090bf7373731cc44c00372c1ac59280b0f36e627ccf763fa68a7be37bb0ac8cbd4f70db" - "54fc652566c78ad268f78f015e4bb1e41516fa56ac303a3bb4a52e1fe897d8338db5a6e3" - "7cad685e704b994504bd231c7dec0002dbd907a7ebfa809833e32eb23fffdb44fe4a18e1" - "1fa19d67356cfd703cf39a75b1a290b8a7c73afb", - "0769cfbf2dd8248ea1e0ac9b275c9d6ddcf923fe762079b9ed62ccbaa89", - "0401aadeee0e31ba9505da3e195d883643d260dac9fe5e86102c8ed7f88eef00d925bd5f" - "d700fcdec60cef9c9fdd304faa102d9d721b4f21291f8c96a4", - "0f2e203410107c075e25c4adc2f55dcc277883d679ea307df7d52060fa3", - "02fc0975c2e70328da4a0ad2b8bd344a8171c2c500c55b1c92270230c27", - "08871b6791f7d03796a3aa537fa820f0eac8f2463c9f918468e7588b784"}, - {NID_sect233r1, NID_sha256, - "c37389cbe3f46eeebdda343e354ccd543e96b0c2a87e057aa6b9c4895a403de706d658bb" - "c9066c140e50fef4b56af2db1f42efb70b8021254649983f1e11d04d6b10169d5a1c2093" - "b6ab89227b88a30537c776bb7575749c3ed87bcb29effd8e4f17915b4d5dff6cab9678d8" - "8f33abead1e73dbdc5c3307ff3d3b2d5fd7bfa83", - "040ea4a37b388f0cc464f7e2bf92173107b268ff77a8acf5f517b4ec0e4", - "04008acee84d29638a7285654d20f8e0653c7386140aba0bd2fc157d51764301482ba5eb" - "b82ba46654aa1eaa6a5f01e030177318921a0c99fa3f6eee9f", - "0a6fbf938e9cdd009c838196ffeb61f7f545f7e7e9a6cb18d1f595a87b1", - "096a80172a7b3b65c0a8acfa8b89cedf9cb19f6eaa5d38436c300b7c0f4", - "0b7bb96ddfc9d1324bea96836c557cf88d6ede9a93ada8fbfdfcfe56244"}, - {NID_sect233r1, NID_sha256, - "8884def8c3b9c5f856b9c2352c85ea71aae3c8d0e84ca74e70e404a21467159fc9826548" - "d16dd1ec5a75dc2c23ca37b30312f25e1194e0f9385a0499db34c855412bbf58979ffce7" - "fc3afeb7b8dbf9898df44023200d809f520db99eae315b5cf85674fab008a20340fae8f6" - "974034fd3e55bf08c5522a460680218f9757e368", - "037fc7898df9b37b5390537352f5c0b8de22659166c19d7d4df31c3938d", - "040198674b40d2a68ed94d5b2c51102393d1332404f75187130669b9de0df9013ee77d85" - "4a60f1aa74041ef1fb58727c09f13039bb4b33a818dfe9af2a", - "0cf92eebec59605b1d45848f5d06e93ff2767dfa282929208ba801a9fec", - "0f7bd93dd4df06219fb974a4e85030840c7d4877f131adccbd98cbd25de", - "0c2c4a864459488eb5498a06b0b56ce7fc98fb29b1eb9b6238da8cc8f52"}, - {NID_sect233r1, NID_sha256, - "f1fc154d469433f56c2bd42aa52237a4a4bfc08fb6d2f3f0da70a62f54e94e3f29c629c8" - "37e7adf0474fa8f23251b9b349a16848942c0d9cf5db1d0fd99527020dbe21cf0b94a9aa" - "21f376bf74da72d36f87b306b0696771efa7250c6182b426a4500ac14de4a1804b38db8d" - "4f3beefb8c9bb619ac82cb63fb37c2e1d22951f7", - "05d5069425e7a9925d2cfc6360a708147b2c1b55ede243591885147ef3b", - "0401f35f161ce0963dca70066b3a6de2a74ea1941a27cdfabd9e433d8084c701d5d9cca5" - "b741b2321d8511a777fcc2515c99ff8d13ff20266a163c94b9", - "01b9c83d36ada7e9367790ee850163ef4420104e0dd3299ef6d65191d7c", - "0dca4e804bf74aa496c15025acb4232c637c9b81e9e26d6f2065d6be21d", - "012014f77a4ddb7b266abf2c65a653988ee6f913e700f3f83f3e78c88ab"}, - {NID_sect233r1, NID_sha256, - "885cd348f7983a0721f96c0e866821223d3e5a95178b16d18652b4062b1b2278aed6f54a" - "b06f7e37ae6ce1020aa3eb812d215194bcd212302da5b971fd86aee1dcb23057dbedb569" - "bd0bbef80df538da69ae2358cb03bb77c64d3ead475c8c5ae5bfbdd75684b421a26f1a7b" - "0c37548fa32d805acdc91230dd70a48232a12846", - "0ffe3e7b82ca62b96e057ee072a4718ca20a6cc9a3e51e4fe8ed7b4b9f9", - "04010f774adc83c1893894855366f1db1962bc697b8e1d047a01a08b12da4a0078c6ff63" - "4d5dc8ffc4d8b1a53bbf94046023095a8c2b41618c4330a4de", - "005a4a50de4e97280d6ed1324214d91b271deb649a2dae18d21a0182022", - "04bc8ba9ffbca81b5f19f0d8b1306900ee642bc5cd9a9dc9867a4531b04", - "0353567acc062b83459017c70cff4f3b8ef0925032b51d7300261408549"}, - {NID_sect233r1, NID_sha256, - "ca3b0e2f1c7db4e73c699f06e432bb0f63705ba66954bec4a259bf31c161bb4861476e2f" - "2f7dde9d841d1ea6bd0990cc793cd7a10432e38735c3eeda7a0d786e8821239bdd6c4972" - "c96c2cf68ec5b935391f963a50fe16af2719c9029943b539ff0f1f5645962a6ac46c75d2" - "037fa0c7cd46deadcdfc66e1ddcaada3a376acbf", - "007a9cb5ce27c763646de414ca2a4dcdb774d69ed2bde7a817baddbc9de", - "040086d4ac1e3d54f7c154c5370f5c9a2d22cbe8f794df68974706bdc9172c017770a2cc" - "ac923423137731a14e97f6ca65a8cb3642eceb4e70c78ee929", - "0538b86e0a899281ab56d28f40bf3b7435f9a57e334a3269233766049a6", - "007ceaac3aa0e260c371843104f5cb91a057741b38889ee796e69f920e9", - "035eedd44b036b843deadb8e8df9d96b16e719ba350a634553457ae71a1"}, - {NID_sect233r1, NID_sha256, - "4b0a31b746763beee77cecd318b90acf50fac4172cf4bfb354e5a440f651cb89d7a515e0" - "9ab19e9850803ab9167c2aee3b395a5da10dc9aff799d73756dfb0a9961d93bc32f15a96" - "bf13962a03d5bd42ddc8b5928def7fc48fb063f42866fc5f96cf88fe0eb125b7c01906ad" - "6a7fdade28ccb0a421ceff50ae03a974671b2c27", - "0c03fa9e38dc1c697f70bc6381f2bacaf860bb5632fc837f728da959ac9", - "040195f386c7efe108fd1d580f0a77031e180e45a23911ba983217207a904b01a6837095" - "a64f71ec53ab1c0d9a3a39d69a514065d83f1af26870e41741", - "0d4f48085b367787a614b57c06ee8018b2e95e989c2e8cf355e71db1091", - "0391710f815babf07b6287b7aab8b9d2ce04bee2a144f4d4a46fd17cf77", - "0ef29cbd771b8a6f414ecb73b7937ffe0a108593ffc6899f28d4030a9eb"}, - {NID_sect233r1, NID_sha256, - "3011d42792b21c0f1719faf6f744d576f72c5fdfd22b1a520d0e8d47e8c2b06823d853b1" - "3c9fa039fa30a6f2e3e27bb2100c6a35f55703806bbf0f79b09d0f629f8042ec63fa0406" - "2f15f2edb92b19237980005566f02bb12a40b4ec66e4ba6c599d928b33f72d7437c0e399" - "a8e6a9068d1fef24917fc4f9ab5464ea6684dde9", - "087dba00e3fe4802e01718017510094924496bd2785d4ac1a352c530473", - "0401198518db2d1255aef955b9b80471aba60cf6d8fd1feae6d8e048ab140301833332a1" - "16214e4d9fb37c8e0ab7552b87348434a67a0c41f73972dc9c", - "0378578acdfa572b1de4e032158b28bcf00ab7dbaf07b0e772c39603216", - "0be2cb45d527a7685139290f1098de975b69957fff2c5c29059ce417950", - "06abf4afdcd2990121723b94ab8145d01cc4917cd70416620ef100c67bd"}, - {NID_sect233r1, NID_sha384, - "05a5d3a3b79f4e51b722e513620c88092a9bb02408f5f52a32e782fd4923f4fd3094fc55" - "36caf4b645d830260eba91b5173f3833dd65600fb9e246aec968b1f6ebdfddb4059fb2de" - "7e636ed60bb7affdb74aefd158e54485d5f26be373cf944c6570daf8fd7e4b77fad57300" - "667d6decf5c65db99ab8763bb4ecbb09fdf47e3a", - "05a387e7affc54a8fbb9157b5ebd400c98e2d7bd5c3e095538987d4f8d9", - "0401a97224cafc063967b25cd1a43283daa5411f3eabe9386b8b14c9768c29002cefaec5" - "141bcb084cbc9aebf28fc59780897ad1424fd439eb43eb911e", - "0fb7ec3804654b9c3675f7b3c427f6d01f83872e96de2742e59c93151fd", - "0808d829d78e65eea47122c92f8c2cbf5a8d6717a057ef1659fb6f8cd3c", - "0ef338e09dac0b12fa6109d15924efb694a0b672afb4ef05f4e6f2f7b88"}, - {NID_sect233r1, NID_sha384, - "247a101c8196eb93a440280650ad463795690bc620e46e8118db6900a71eb493d03fbcf2" - "f73a79bb47aa8e2d8c87ef70e4cfae36fae5c45fe247d8cd0f7d0718dad106526945014b" - "4f3bec324897d8e1fa2f457b8a68e61873b7fa0350fde3b87b7b001c13953c2050a24f71" - "fb77eb455053e49200ebcbba7299485c0f1a40db", - "0adae709a930d6f5a5c0e3d8ef4aab004d741d23f0ffb8287f7059890c0", - "0401541eaf3dca942957c48d693d2eaf2a456646d2fb3eb8df1779b917a9b00097379582" - "76dc31852e57063119f1d2d061616b6a2fd35b4a1a3f046954", - "0390d5ed395f8ee3478c2765525c235587dbf5bb2316df3a1e8c664185b", - "0ebcc4f84bf2deb9b3d669158998fc96d7516580675e24348ca58d70d2c", - "0b99462b85e6ce6b46e5aca221250ac9de7ccf3e63b38919b61700be866"}, - {NID_sect233r1, NID_sha384, - "a16678c71976a3ce3362ca379b3272b92e8ca7085b43752473db34e4d6b61eeed3875f49" - "f3328366fc9d0644824e0104817de458e4c1036636b18b83dbaf063f2f99818959224906" - "571c7b28873d9c702360888df151e9ad1a7003e6130033203acf8a69889be6ebd90816f2" - "abf0764f10be68653b1e56766ecc3150bef8b042", - "035d391411e6d679751092c4ea5a079c591e77ebdcb57c1d9006ae70d90", - "04001298e6f1612f90dbd2eedadfa8ecce22dff1da2d1cf057c41bd37d4b060073136a1c" - "af7dae2aaaac571a900135a51ef031643e9d5f01934333b864", - "09e343003670f61db85aedc0249db21953d232bc45488c3d6ceaa6072bb", - "04ac435e88f8e487b9b217e7d68fbba9bdea0b9685769878818f25e661c", - "074d8f4dd58c922d7e79f30950bd54c10c1cc52ae3b8d00b675c8e501a4"}, - {NID_sect233r1, NID_sha384, - "bc2f080a7f0b69a6b142b8f3fb481a43bd71d07418df4f3b802568073c1a8d35729ad197" - "f34a4e941a6dd511c63f201d1f6c34a1b66545bd5f43508c10bda1d6ef60ee5bdd25dde9" - "75e50c61f76cd36d50ee3bd8dfa2dff59524db9ef12f1e28d109b552cb42f021963f559c" - "843476b5c889fc567b7840297c5a480e18c221dc", - "084e79093f1947d6ab9cf399782436e36ef87c59a4c090930c9a74ddb10", - "04008e756774def210e2d6f76d6e4b0b43d86adca0880f017abfc911bafb5a0147e6a20c" - "1aad897829339630c5edd327ef9a7e40795630504318cb71d6", - "0ce780ea99a344d67de7921feba6ae062817101068266d5d1a140d2b49e", - "0fb2474b854b8e5d6920ed90e69b5b386a1b26a947b1cf28a13f7c5d3ac", - "072722017a67ea6754873f833fc51318d41d6ef598d3ec2d3e0eb5bf41d"}, - {NID_sect233r1, NID_sha384, - "ea71cede8b63ddc5648eb244184bae265cd65d50f77a9e25ff93f02b132487c08732544c" - "b88936d4fff7c0fedb39685822dd1c9be1158f647c605c9bb5f6a1ae34722fa08882c14b" - "36b6c93cab33c9a269c7c10f755b6453ed045ea3e56f29e95a9404ba189a0b4884812039" - "2b4dcac43148b706c3d9e4c03db410cbe5dca3da", - "079b6be015b8006f86fd81c2792bec6b42c08bee2d295cf9dc214c326ab", - "0400e24338d5e33ad12d41eb623ad0905f64d5b75835fec4e693eebf9bba100101b4297b" - "5b62fcca7c61637a2a57365e911d3bc7eb0fc7adb0a9dc7bad", - "0f06b001e5f874d16632e3c8d49f13d70f48ed4eecaff9d3b741f9d02e6", - "0de16d8fd7bb1783a2cc4b9ac1563eff3f87e4e6d75e6a32a4aed1ecb02", - "040bdb1197ee8ee51e4ecccb8d42dd985913809c131aa9224049425a052"}, - {NID_sect233r1, NID_sha384, - "319b41d16e18059a1324c37161c937e882192cd949c420ce9c59208a0ac208ebb06f894a" - "7fd78df2a3c5f23f25dee6595d3dacb25a699f115dd482ccd36fc54ba29dda279335424c" - "86b07a1b1fa76a5411bcecaf4d37065b229cdce0bac75b666c6626ec37a716e9841be93c" - "907f87453ad91d36846561f284421a89013b88c3", - "0ca9d751a060fde64336cdc88122819f4b3cd1b4e7df42d495197787894", - "04009549785f4f9c71f20133f5a1d409b244df55445beec404cf8cd4d2cadb01b246647d" - "7570f052840d4cc01182d1dc3bf357b25e5966434e1c3c2a30", - "09e99fe741cb23f7eb039f5df8414d069b5c2e3c144dcd6cbc6da56ef43", - "0cf00f519c18e7a0fcc84c1e338158399f16929ad89842ba97a4afb5bf2", - "05854ee1a6aa5a6a74bec0b4696e80aa275210183c86f45dde7002d7ae3"}, - {NID_sect233r1, NID_sha384, - "aebeee215e7b3d4c3b82db243a47506ffbf2263f6fe9de5b69286e8649d9218367c36ba9" - "5f55e48eebcbc99de3e652b0fecc4099714ee147d71b393de14a13e5044b1251e40c6791" - "f533b310df9e70a746f4c68c604b41752eca9ce5ce67cdc574a742c694ada8f20b34d0eb" - "467dce5566023f8533abfa9688d782646420c77b", - "01dde4b2d49338a10c8ebf475b3697e8480227b39bc04253a0055839e9e", - "0400504bd3a97baf9852d6d46ef3db78ee7555db752120d020cd056b1b4e50018dd305f6" - "a15e91fa46d2a6d30f2ec8fbe2baec491e26d9a2ac81155c85", - "03b78d2772b8ce01a00ffe2e6be2f9e2ca2c89ea3b29bec6d6cf31afe33", - "0c0c51fba155f98900eaa2d2935acd615e917f9dd979dc8d92f1d6e00c9", - "08c8354f95e24ed13d8ff3755e1122dbb4117c76b21b3bdc7f4dd856f8d"}, - {NID_sect233r1, NID_sha384, - "8d353a6b6f35590baef59b638914d3e934d0145b045d221d846517ceddc8ff5e3d28826d" - "3459f8ce1260f705e80923f39abc73d5949aa7aa8ad1734be0e992bff0c9a8f4cc9bdfa4" - "30d4cf52e29d3737b0cd3231b72b16e15e1a9040b832e4a920b4a1d94c4964ac6c8abb75" - "bbbdb10825f882ae44c534c7154c446421a04d87", - "02c8bea2803fd746c874fa110a716538c179c82712f38d33d0f6d037e7a", - "0400a034560353561cde19db89dbcad5c9dcb74e239efc604e86ff38a0577e0185e0b02c" - "48be2e90c916a7c8ef2b41a57ea8d4f21d8cd3a0878a03875b", - "02e39f851c57643bd799c4f3b2fcc5eec8ff7f9e9e279efa647f969cc6a", - "09b2ad7efc7ed60d9cd3dedbd4159b1e05f05ce5ec2d2cdf7a0e0657482", - "03fcbd4ace6a140c8bfebe36ff30848966bb0d3eec323cc8ddda55faf00"}, - {NID_sect233r1, NID_sha384, - "847f134b90f10ba3636ec24f36a94111f26d58428fda5bba4501e58c7bb55809f52320cb" - "e9e0df55af1e40bbac9f3eaa26a55d78b60621d4356d090d98363662f406367601eaa9eb" - "9568b1a1b319730bad7bf6a7ddf1b45eb6922faf8d065c540b671c50df758ebf8c4aca6f" - "01878e5e0012dd038c58833e2b13ebdb9a9f3fc3", - "0b9119b3b4b30cbfb98ddf0a4f6953417e515fcf0e5a94e83ebc1d1d14d", - "0401be65d340f7e99067bbbf961c2b357e1fd47a74393cae5f93a40c5dc28000c04cd8ca" - "3ee253b99e44ee6bc0e52d2f016b16f59c738b9f2bd8c1b9d8", - "02c851ba0123ff0543808931ab3857b5c15d7c10c343f232913f6e0c92e", - "0ba2b33550878e223cacb80e45e382dae84e76bca5a2ef8371b84d08572", - "08c370f82506e97cc15837f59e9779448decbd87bde0a463bc14b18edca"}, - {NID_sect233r1, NID_sha384, - "99d23950493bdd931915e9f9b65e4cd1329866c0071a19d4f7d6fd190689275b7b10fc07" - "503dd1c27a4da274dbeb3aa5cb0e71e9b7b03fc2697729b7be913756e6760098951d7015" - "df181cf14b1e0b954e6260276af553e3e59907794b863e941950718ef154669c5c262946" - "ba120892e0239e05910c2194f712db46e37e53b7", - "0f4ab2a573f3771d1e4222e251faf14e06cefed544e804c299c9a8395f5", - "0400b1f973d6495d277e24320622b9b99fccef8eb5c1c6952f35b82d4479ef0161dceea4" - "d3c9caa4f640f51b37fcbd5b8932642a94c8e7aaed5db17fdd", - "034ff28a5ed6958514c603b3af5a991e2e9b4cc2c0a7aa73ab2d70bd05d", - "01abe4a7b27395a37089f91eab27ccf29001ced1bb3348a6f919d466477", - "057449e55d3f2a4004d647ad6e8fbbd516adbb4de40b1a872ad8ecf67e2"}, - {NID_sect233r1, NID_sha384, - "7bef2487bc2bbbcbcc1570bbd4ed437c0dbcbbf63f666a3355aec49ea6ef593da25aefe9" - "ae0d94db50692475425dee3c88cdea975794ac69142c25732f3541457d68d9101c8be069" - "f2b515aadadea2019dc7abefa6c12cb3f76d9f4b5e46546f77eaf636aa8f232913092211" - "1151a4df913d18b7cf9d0308f01ad84d878adde7", - "0f4649cf30d4a5269296a45977de2652cb06d3ca2aff4475bb24517b927", - "040100ddcc8e09ba2122a6535c6a0a2dae83abf9e17687b5f6aae7ec6a2df10048f55873" - "60ee251925b7ed02de82307ba219a707705623727f98346a26", - "0a38b2bd0e9a5044db19d4312ec88d19ce1a9bf0eede8c357f898b0bc67", - "0d0ebabc8761ea215808a2c3035b14b614f64be0c2741b3d7789a8659ff", - "0f9e742bdca44c11bcab196f910c0d887e90f250817ee7027f6df8207a0"}, - {NID_sect233r1, NID_sha384, - "87c717eef6dd3c7434b2c91de05723783bef603d170f654b49a04b067b077c405d2d757c" - "e780101b930196ca4261efcfbd3fc1ebb762cc0eecf101072988aca508c41581936526d3" - "f337053000dcf77b16172492c5d654c6612bbd2523a6ad5966d7091697a29ce882fe331f" - "79a7eb59e5a3fe536263083cc59b8133bfd33c1d", - "0cca24ad914c24c011f41f80d27ea41caf41fcc8dc9dc6dff5248b2b474", - "0400175b73db13324a678b8afe086944a7ad257cd33fe9538c59b9177d1064016a98ac9e" - "0ff59de1ad94b50f8c709ccf4342f983c7530be64c3f1548fc", - "029c83def3a5c386b0bc3cf2663b8f4b02f26c6e3e14fcb17e9460087f3", - "061df783609ceb355aba3b1753d38f42434bd75c8354029966e7a788be0", - "01e8a093f53a1d73d5a994b97f2b2f210125ecd3dcdf77c68ea3199856c"}, - {NID_sect233r1, NID_sha384, - "9bf48c2aebf473b3a4a928b3b6a4d2fb7e9193c9e60bc2067f9f03083a8cc7b892bdbf05" - "601118bcc34dd283e7be996bf19b0bd36727eb9d65276b6517bf0c77ae0a9091e7a9e461" - "82a2586eb22324939801034e5ba94ba30d1bde7d8fed51eb71036fab6224f8ff30a00842" - "2efcff7ea239ff23b9f462777e62b41b396c5dc5", - "0f5e12d536ef327e3b0ba65ac5fc3f7f4880f5968f3340eb8868c1d47da", - "0400b2910f5de9475486b3975ce91c02187e8803e68586f3a1df14df67648e00f28af536" - "3ed851c42daaa810afa1fd0d2e001da7764671fd44fb6737c5", - "02a018753965bdfda98512c7f9da3e9235a4a77aab9804437b652182347", - "0b6fd02b2d84b7baf1a5eb592cde667ed6d4c2c821ca336027a72d9abdf", - "02253faa5935885945121a374010b2257123cd5db4c54a2aa0e08c8197b"}, - {NID_sect233r1, NID_sha384, - "716d25519ae8f3717da269902be4a7566d6f62b68cd0faae94bce98c8a4ac6f66215ebac" - "5407d6f64adf9d53f79f02e50921b6f0e8c805926a839443d30d9294eaa802faa7c5471d" - "81fd1db148cdc621a8dd0c096e06fb0b71943337d5325e1bca77062684873fe904ed9012" - "474ceae5b138e079f941a665a995026d13d7eed9", - "08c30d93536b8cb132277645021775d86c2ba8f199816c7539d560ac6de", - "0400d69332763cf533d48e56065e1b5255790f8c0eb23471fac9b945e6219500292df8c7" - "7d9a6803f60bf0722ed57ae2aa3bc816403b000fe2940e02dd", - "050967928d6089da5b16c88b7927de210325c8d8f5e727fa1ba3bd95b5e", - "02434697cb5c2ad95721943154bc81e2ae16332fa6629788f505bbc1522", - "09a5a6792b1b9c2e200ace5a3d50c04f69084dd9222c021ef5fce14d4b6"}, - {NID_sect233r1, NID_sha384, - "01e76755007b2ee5ac9e1d4c8adabad6d0f9c1c08ac6e2622b7c1ead89bd3ad0921b9525" - "b49a780a262fe8fc0904a80391717ad7cac9607de55f7c744af8a132ec45ce79723f4a4a" - "8c8b9ef658b360bd3890df164c9f1cd74eafb74feea251a34514ff2a57ae7a6d4bec2067" - "cbf6ee4fdaabf13721bf9ae178b9034ac5e9665b", - "0fa3f15a506ccf7b50bbbad0a54d3223f5a95eb54f0d1f4e5d0cc21469b", - "0400e797527d57fb3a18c71d1e82e7935e37e719439952d4b972f0c1e0c83500a345bef4" - "c5015e97a148b8991bed4b7ef48947b12f316b5621e94d49d5", - "075afdc12d4d50a7495f5a7d309696dca23e9356a0cab11c3b3d7b8c54d", - "0960ef460000fe8c761038bab7e29d665100494d0874b6556862c2808aa", - "08d3c004426dde6c18b1c9ae00a44ac947e36755d8c40eecf47bfa963fe"}, - {NID_sect233r1, NID_sha512, - "e95abeeb2c51a8cb75ab74253dbe130b5560cd52e2a63d501d26e1458aa568aca6694be9" - "1eee5fdfcf582c47c1c727084ee2b2c810281cf9b095808bf7e7c668eff00a6e48b06df3" - "fe6a445e092c24d5687d7d89acc8063275caac186c441bc697b2f67aa71b03294e1adeb7" - "e557c296dd91304ba0587cda3c984619f1eb4f2b", - "06400a4830889115aa88b860b3fb65905b01fd126c4aec2785518c2543a", - "0401a2051662c1681bbbf6bccbd33c44c7c7fc80b81a1bce14caa36a73f7a8011583d3ba" - "8f22080488471d8103f868100a97af94809b58bff1435b16a9", - "0ceac6e5d10c55888b9ecab8d3f6ada7f4d0bde2f109699157d194efa42", - "0c148f2337008ccc3e61501dc5df3ec95d3596d97eae96a7ab085a915d8", - "036d1debebaaef50243005e25c791b9674cd6fa986dc3d32e089fbfb2ec"}, - {NID_sect233r1, NID_sha512, - "bb8d8515365d240b2071daef0d80558fd3d0e059be9f6abb7b7a0a5f47e2ddca7d1b3b51" - "01d5c583143258520ce8db0a87f877a395615c9bf879ef46f2f20f68bbc9706f82781fad" - "69019396b27f292cdc70fff1772e90205a2225f80889f9daece1d03914d8776ac5bad24d" - "8fb190ba10a2ca17768b918c2e079d83734eb372", - "0c7b73c324250f14fac0edc941f79bdbc6933ee8f64bf94b847bee5eef6", - "0401af7266ee56bf0518f2875d4f4d9ec508a01769d9c1fd0a885a48bbd80c0084167ada" - "99502475478465315bf8163870a9ec1b43f15d68f0304ab03c", - "03badc9b8098c3b4d7e943a2365093028b579519031a8643b50c0f81eec", - "07ad4fc96c21963395f56eb63e1b0b4d2c93d827626e7bd4448697ded97", - "0e7504e6a9f662472e3e6f18a40f7645922fad2ef7313d600a5a6ee314d"}, - {NID_sect233r1, NID_sha512, - "cd8b2403435fac9caeffa21b55eaba52d7efee0f89df7142340cdffeb89556303ca01a80" - "0429397e2ff6c746743b6bc60a87133274282d4cac02e4ca90ad95d80c93b84163b96296" - "f67d40b2a1124b2b6534ab6b60fdee312fbcdf468d0e84eb85fce4ff360136bb31ced399" - "8d29cfaa3ae685e638ee272058f123c4f35f8b6b", - "03db7f28e161abf52ab0adc8c4c8544fc989af081303b8688f22b7b2eb7", - "0400ab94312e53832265b929f3d529bec33dbcc5c17b969e0afbe2d559ec3901d53b2c1b" - "e229e2c224e6e9fcb8bb0f044f3f9f5677c60bc9454f36eb06", - "034a8f980896284fe6d28b0b49703f1384d799e3f11a04b1e62da12965c", - "0e374fb355f30d7e427bc5db99ed76a914d6e286099c72f28c07302c741", - "08d5ffd41f8a1fd3de6c433635fddcfc2b21809d91496ac17571afbb856"}, - {NID_sect233r1, NID_sha512, - "4bb08eeb202564efb5bda40777d71f1bcc4c7c10b611e803e5c570876f3e319e9e2bc2d3" - "2031c56a32fc0d1fcf620d4e4377d881e9e1695bcdb78acba370b849115b86c1c4b83edf" - "a03299da8e7fd14c7cadb81a8e4911c8e427e32c8c9b67e317575331967cf58085cff0c0" - "d48ee0b8e7dc0b49687bb1c70c703a5dad08ec81", - "07e9d2fdd017d6da6029e88f78927d9ac9437f542db1f1fa99e32bfcf1a", - "04018429bf08752aa470a8f0801170a7ab96adfb168ee8212d76ab0b994e460072a5071c" - "e308d7daefb3e8f4da4681842ffe0f35dd8b071f0775c83f82", - "0a0f330e011d34714875500b70c881ff6b1c9e96da930eef75ec78ac120", - "0439bcdb86d40e8f64db5dbead95d85d6a771d811480c5765ffcbf75422", - "06c01f64e2812d18b0946ea4e6599e8cfca0a2b606c3c35c803ef2cfed3"}, - {NID_sect233r1, NID_sha512, - "0bce683d835fe64e6484328aa13e18b0956f6887b5e4442fce36ff09aed015889794e79d" - "a8aa60b4be565c78685674c51e1e7ac60db6a763c777198a56e382a03aff8b40862f961a" - "e23e8b8683b76a5577769422418972ab0049119382edde9e752b42e8b93f403c1ef8665d" - "7ce8530ce4ed9ebf6d397827cba6b7645e177231", - "0c94052760fc74c2b405ee4dd5dd2a7d38ebc16df9cc32df706075450b5", - "0401d2a5ee02d97f82ea9c8833b825cc57b0cb51d3f2a2cfa7577eba676eca0149c68d98" - "d0e9cb242962326a26164f3e3cb6d81b51f281474b0f8d333b", - "0fdd3ade90da682676d40008cebeadb9b2378d8a821e9e9428018cdc768", - "0f6d244daea95002daff2ff6513da694eee58f8b6c2d47ad121be87559a", - "0b04788fbb5655a053d0fb7a38c39e1fef68ff17860442ec8b8ad049842"}, - {NID_sect233r1, NID_sha512, - "a6defc770426daad4dafba3bbd2a69881334f7c31269b297e440926db54cdad3fd7ad200" - "f5ada2b72ad221ad99a06ecac9c2563a8deed89f0d0896991d1a652f6fa282affefbdb1c" - "1985652300d1792725071631d75a182b683a48448063c7d2563ec3d430e0fd3acea33a35" - "cd38ec0b5b07af96af71d0bfcd879d9864ededf3", - "04076b93487c2da8aeaeb4725fb53b7b41b465315335c18c6ca041175b4", - "040158755fd290910498f6c8eed83bcebcd1fcafef4878c860da118efa250c01781fdae5" - "01c2c147eca2c6c809d9428fff2f853b57c7d6add70fcfaa0e", - "07debe933553ba3420aa06e1bc52a1653f8a19b59c0bc9c47212389442e", - "09e09c6d96e33c845535468ec7f5b79cf30123538011d0b5ffd935d168f", - "0963bbae921317666f5852759e9ebf05cd026a5d9f026942835ff0daeb2"}, - {NID_sect233r1, NID_sha512, - "7803cdf4758c199962b62943f475c6c31356f5d9b997a12e21146a2399cd0dd3b97a860b" - "2ce639e2801571599136d4a8cdbfb12fd1a5ce22374991e090533ff42823a2c58d2076b7" - "72814eea7fd7a1fde68263ef912681c72c7aa3e5a7cc44ee8c65e72228b7631e600121ea" - "35bfbbc783b6ae3c0c8f80198ada218be533760b", - "076ddd73ee4fc1f5e6766e229cc7236cdfce312417ea291f7c3328d5ab1", - "04015185e029c0d4eb5102e0fe900ef3c921acc744feb44570a288015d090800ed56bf93" - "394a434cd84b521040d40452bb39755da5e273a05e8c0ba792", - "084e9e4a9c84a602c18bbb6b183d06969c8b8538e2ff901f1c2794d5eb5", - "0fde8e9b1959477ddb3423661df1e7182e4b583849d6d17fafd7dc5406c", - "01a12bd30e9c8b74912c670c0845ff5ecc77f29797160bd4992efa61f4c"}, - {NID_sect233r1, NID_sha512, - "e789461e1dad0b6e21abeb6ae2e96385549d1bae39415188c8f833233da6a3328144c97d" - "db36e0ff4d9e19d84f869e79e609c51b32de59892fb0446dd28cc164a3e53534c950d26f" - "87fb74e682db2038cde778bde06c3ee2eca2a077d8fcc2b0332e352e0e7e6487444a8ad6" - "0e78ff213b16fda9faf374dc6d27b7a3c4c6d196", - "07e1f8988ad804aae7d09a99be19384cc599e7652c02c391542be74b17b", - "0401fa4751e507740a7345e06a8964022fc6caa901cf0c2077a2c0fb86be8a00683c593a" - "0bcd123d958deb6b430d49d5a2386d44706f4149dc526ad896", - "01d288de55b90dbe72cd8f1f86a3ffbc2902f4b5f0cf4e641d32aec6f20", - "0048d16d87dbf4fb8e994dd874c10d5d16846b9ce2cbd43d09df62ca970", - "0e2ee47f422095d629c188df97e2839fc6239b9e2dc26baf8161b037236"}, - {NID_sect233r1, NID_sha512, - "9b58c145d1b6c887f2b25fb672cd49c3a1117224be697c15182d4048be92968a6500f8bc" - "f747fcf33145c13a8d72e891a6e0c4c7310c2b62f3181bf586fe32f1ecf4feee8c2c8bf6" - "c2bfdf9d5f88981ce080095c93e49a772d8e7b59f9cffccec3ca2f212ef4c6748f64e224" - "f4f098334d83108bf6f8c7b43c5eb549f1526897", - "09b2292b0244c2aabe8b43d95039984d504ebe05eaff318760e4dee739f", - "04012618d89f50b7f83ac470705dbe9ed81beb03929732a3f2aa7a636eaf59015f0f70c8" - "08e053b112a8c32ee422aac2b926c5b6a279a787fddf819990", - "0fb38174a83ceb9236fec8ea39be2b3c77c3dd2cf42d140e27838202d08", - "084941856a387a56022727f81a939d77d12b01dab603ea0cdef6d9cd6c0", - "0bb9fc30595f94d664a590ed4f163e4526809819baf96bbee629ff86bd9"}, - {NID_sect233r1, NID_sha512, - "52310a901fe9681a23dd6e02f12974d57f2c4f653322d9a0ff8b338cc6c2bd9f4765c90c" - "6b3c9fb17df3f492e67d204e39d81a8fdeb92c852a1dcc6151ed6c63049037235c6751c9" - "a902748163a567b714725b4d3995e0edbde03215c645b1a1da3147f7406245432800c50f" - "823a1f991c863427ff4c68e4e16d1b106ee40dd9", - "07ca463b50fdd92d9163f1c2bdfce2ee45ba1437b79162e3e959b814cab", - "04008eeeb146216c73ccff0096e1100008f8b1f3f0c5754c0abc4ed39f7f63018c9228b1" - "1888edd66b2e661284f583a0e8d3c3e922932cd9fc1568f959", - "0025291ec0dc2b0c709c5e69695980564552545c2497636b814aa049ccd", - "098dc98457ce6e69f77123d5d2460ff569786dd60fe07e847ed5bc14da9", - "0cd320afad2a4247fea5b74d78dc3df8967ab3159b4c8b191814d368dc2"}, - {NID_sect233r1, NID_sha512, - "ff419c011601cfaf833067cf28dbe6e935ebeddf8b5111a97f6eebf3bb28376334f329cd" - "877a134b074790a073db766efe018fce666a34650cbac285ae856fb6b3b8b96877282bc1" - "1cd9f9c8e510ed1f69bc2725a44a1d2b35de1edfd8bc9d20c7525ab0bbc27662a7cfc1bb" - "d1e0f4fce5b88411521e3893e027cc8c73acdabd", - "0c3844750f63fe0c2e930bc38fe88522f4e72a2fd0db9778ade20e939b3", - "040075acb00b5999f8b272a15a2cbdf8cb630dc3eeb1e78e58f58e467396f2016711aca4" - "24ca335878d273eca75d804d3f009a1f3628568530ef265eaa", - "0a63e7a20d100f14b8b709f0a6c383166c2151a36dc471f061b0f20dac6", - "04063be9d8e4f0f9afe0c79374c69b36910b5d2b1010e0f4db2e4cd23da", - "06a6eb90659aa79e4a2360ea9ffb99a415175dac6c3efef104bef6fd57e"}, - {NID_sect233r1, NID_sha512, - "05a89c4824c5de66587875011e704bc6e06e991ba8f3aed331cfffe55aa266a08c729f77" - "b8d082dca4d286b2d451ea838d726cc2cf298fddf2d7376714c5e37b64506f353917caec" - "525a1209391449c078c5197a371feade74f8fc8a1a1d67576edfda13c14ad324342fc0b0" - "9277941dc072ec0d39434ff1cb91fc59478fcde7", - "0a3bea235dea86506be4476eb7999dcb8e584a34238c4a894ad6823b93f", - "04014093a072c21c44d1c4beddc5c8dd9a2845db0935bbb4e1c4edb0aee032013286ed58" - "4deb744c9c35d7ae7eb9cad1c7ba2b670642de0399b230716d", - "078eda19f0cced2f84c1a7b354e5a79bec035b8bb279473f32d60f5d17f", - "0964e817f0cdc251eede4157a9bd830c476627c3f27d2931b4f593b0178", - "08dbf34e597ae06ad92b13900a4944e54a5bf0f16f586baad157da6dc96"}, - {NID_sect233r1, NID_sha512, - "13e6b5241365d9d0ef9e8b05cabb3248afd221ec02eab92284b98bda3d9272184bfe5251" - "d35705defba5085381430e99b33a3ab77d7870e5102757d065862372df2434a25556b76e" - "54ebc39d4e6c3aba5cd6acf0c335756f7d9385c1068d4cfa37526a9a58c0ccc7f87a8189" - "176c5d4f201499236058ec061357dcdb5acdba40", - "09a367cd1cffd8dfcca179e167ea437ee48e9b6f42559dda9224701d3f6", - "0401052d751901f6f8e61858d3b15eb59dedd21e4e997531ef65622d5750290112737be6" - "7ec621509d73cd613d7b448035397fa66eb881f90a6d531ea4", - "0d8dd8f1cab623ba6a4e840962fb31de97a4d14aa6dd34dd21154105030", - "0a8276d0f069f34c60b26a55d47df69e4c9ae2981afc59e14b5bfcaa498", - "09351c4b3a06b839eb2e9f450d9c3d15efa45509886ea3f2610ee1dd156"}, - {NID_sect233r1, NID_sha512, - "139a1a5090b97afb8fecfff8745efacf7dcf91a4393a7b629564e598d58d5be39c05c583" - "0d4c8ca85d29e9e2c31ad0447864e867d0ef4788ac734f8d871daebceda98d449308c2af" - "be97724c3af8a468f1925065f39e52ba4b7d15728a744b1252a20476dcfff7bcb82aa72c" - "209e72abb3c24419bc26191390ffed340c1b9c6f", - "046f4ad2522e78b9b35297d28f361fb0ce82306322aedc119251d8241be", - "0400b976c53a966e0834d5f6bc3af10a5f12cb6d16cb2303a3c6cee7d35f2201a1097cb5" - "6662265f4f2f52df375d70af086264752477c34c6af522f1ec", - "06a0d21e5aadcb0c9e3f9fedd2d896b0236dc90e33778fb114e970122bc", - "068063fe0a31b7e7925cf8959c3486985d98f58224d5f67cd0218af192b", - "0f11a22ced98173040062ff9e69d1b2a1b5a939eda0a6944e96fc62fa4a"}, - {NID_sect233r1, NID_sha512, - "3315e5cda5f252e3291b61e493ab919c20a8af1286d9660cfa2f5ca38b6defe19ebecf82" - "0787fe692d04eae8a5f5d37abfb593309569cedf45efd0cecef6951b718924c8380ba52e" - "8ab8c9bfb2261ed5f01cc5a5f9fc5fcdd269a0f122c597afdd9a836cf8f96838c3e8962c" - "1788c3ce4128719b3ef4fc88569643dcad6da16f", - "0ac82137e9c7a5ecfb8b1a7df9ab50732934566a392a6c8915ee8ca8144", - "04000f7f835f8223fa6c49eaf6650e33dc9d09e1d2bb098925d908606570b2006e659ce8" - "623767e8214b076d7588746bfdcbbed59b75bb19477366cc78", - "080655784e3e31c6a498a63d4d84f7e5a353a66641ca17d4e223441bb1d", - "07faf31d1d31ef4edac1c63072350536df84c417e0ef808c6be39617e74", - "089023aeb53ddd3e475d11c53479863739e62dd64348646581012784689"}, - {NID_sect283r1, NID_sha224, - "067f27bbcecbad85277fa3629da11a24b2f19ba1e65a69d827fad430346c9d102e1b4452" - "d04147c8133acc1e268490cd342a54065a1bd6470aabbad42fbddc54a9a76c68aceba397" - "cb350327c5e6f5a6df0b5b5560f04700d536b384dd4b412e74fd1b8f782611e9426bf8ca" - "77b2448d9a9f415bcfee30dda1ccb49737994f2d", - "299ff06e019b5f78a1aec39706b22213abb601bd62b9979bf9bc89fb702e724e3ada994", - "040405030ce5c073702cffd2d273a3799a91ef916fcd35dfadcdcd7111c2315eba8ca4c5" - "e3075988c6602a132fa0541c5fda62617c65cfa17062a1c72b17c975199ca05ab72e5fe9" - "c6", - "2af633ac1aee8993fc951712866d629b43ed4d568afa70287f971e8320fe17b69b34b5d", - "165ce308157f6ed7b5de4e2ffcaf5f7eff6cc2264f9234c61950ad7ac9e9d53b32f5b40", - "06e30c3406781f63d0fc5596331d476da0c038904a0aa181208052dc2ffbdb298568565"}, - {NID_sect283r1, NID_sha224, - "44adcb7e2462247b44c59608cbe228ada574ecb9f6f38baf30e42b589fb9b157bb0560e5" - "a2aa5523b71cc0d7f583b502bec45d9b8352f29ee1842f42a17a5b16136feaa2efa4a0ae" - "306402940ecd6b71e57d1467c98e7960de2a97f88b43487e4f4016af1292381d70c18c7e" - "6eed99a14cdeb5b3caf73688658e4c5b54c81e08", - "09c2804f8cab768248fb3fff8a055b3f4585c00de5c1615a19f9425b9432ea09afba8f2", - "0402570ff62b03a5124f08f752aa71ddc57944cd94197fd286d5a2a107b116d7b8ff1b04" - "21037714d9abe9aa0a9668fce89a3fcd5cf2e4548102a181a777c9b3f1008ac6e8d3a31a" - "2f", - "0dab5ef658ae3e2ce2bc5c88a8b8022a0ca5eb8524815ffae414327e3afaea5fcb8a7cf", - "2d99f82d92c9554722bb793988af0fd0bea776c5608f5939db7c8634eeb24ffd381dbef", - "27ceb1d01ec9a3ec0e74d79e08024359e117488020de6458fbbcad28b173918fc7d129c"}, - {NID_sect283r1, NID_sha224, - "cffee6252c7eb6d91d8fe100a1e62f0ad9f862d78ca2b747a6c17b8c9ea8980dc239b3b6" - "73310e6e7483582399163e39d889abc1a613fe77849ebc09b4f7f4fe0688b8a9869ae918" - "a88294c7ee199be50ee9460db14725ae70b449d0cb48f30e7d817ec02c0cd586119341db" - "a0b74f0279330807cfccc99c8c340b72c1764a45", - "2e625a6bc6d0ce7c06231de827068bdb0abc8ffb57c82b35ee3a0f873b9473905974d34", - "0400458bf39974812a4e0964c31f40083300454104c0d65f22c5688bfff3c256b7ea9589" - "000738dd33e32b9af93ade2dddf4147187a9270543afdfd66a0f2a53d6d3d815ef59795f" - "60", - "0a9388815c528fdadcc5d3b125c7a38db57fa8c163ba795ee00e8e307bf760619e705c9", - "2481571400ecf9dd31dbd9c905fa1006cd5bc7afae759da3312ead8d5a7dd0c25a37ab9", - "13952fa427d348b6347b9e93d4cb2c4cae3429dbea6aafd1e58d5a34805098722b3b8da"}, - {NID_sect283r1, NID_sha224, - "d058ab5dc07228253707ef224897ea0fcd09c3d5cc91fdce9e03c1c59c53fb4596be2ed9" - "29c7455e67ac7f4891aed3eb06ad88f2c4aaaabff045b959f900d1019d706b6052637585" - "1bb891494e99995928e4cd51c9616aa651ec77bd7e398916bb9ed3156391bf7fb1e29181" - "e2b011dae2edaf803607def2ac6b194929a57f45", - "376ac24e1b86f8a55c052d92a0bdc6472fa03acdcdbccbf7c321ec0ccd97aa0a66b4181", - "0407247c755b23bddf944e29348da82495b4f61d02a482c6111d8698cc77e8dda4c341f2" - "0b00f8c199138e1f4f8344facd90ac62d55f3c9a15ba7a672ce40241aa26419af790cf7d" - "d6", - "25d07c7afc5a335c2bd7863c1965a48c12f2687b2a365a7c2700b008ee8a0e8e35a68a1", - "23fc2837a879b79e470305088acf596eb0159edc2008478cc4c3841a1bd66fab34bbb5e", - "0a909b83bf77e74511063366ea1d1308a8a544864783459a60fb2669785ab1af8f4cb06"}, - {NID_sect283r1, NID_sha224, - "c86f2cc7ab5df5cf1a236fd83792769474cef464032800ffe98a44cf29dbfb6f24088160" - "eb31a11a382ff2a49f3e05e983462f5304272f96c0a002b69af3d233aebe867ee63fa466" - "66760a6889d022c18645b491f8d71b6a3b6b4ef058e280cf625198715b64b025bf044944" - "5d3dd7e1f27153926e617bd2c96638345431d1ed", - "2b50a6395fc02b9ac1841323de4520292f913519bc0d6a471aa28021322fc4dbcd7b802", - "040696d5ac4bc40e679524e246210b7bb0f93ccfe7dc506ba87be3fd018f829c93e62ad1" - "d8065953e01d9db8fc5d64516d864a33aa14af023e601d69875ac0f7af92a1e78aff0e47" - "5d", - "0aa25b43329de4e7739fd9134e4f4b3d68a64e55af47a2f6ccf71f518f19059b68d34cc", - "1338a5dda5fa09667604a6a7666b0e54e6b688b98b31c25d037ddf55ee6bee7565dad09", - "00aec025232c16e778f90785ded5348f3d5345b8344b2a762480383777328e0a0b11cb3"}, - {NID_sect283r1, NID_sha224, - "c1328d8d2e5b6ffc850a9600bd6482518ddd9cee3fc9140febb72bcd444b0cd7e8074587" - "d51b62cce4b3d4f34ad3355353fabe363369cf790db2df9fdac3a0ec4757e2dfb3b683ea" - "a3e26531691ce765742e1c0bdc0e1028d347b6085fc459df0989c6a144271454eaffe413" - "cae2ad7c8b2371fd2df1afffe56df727009765a2", - "24e5889722f6c35e18ca47effa9e415b1ba790066a91fb3c9f7b001ce28fc732b09bc23", - "0407d4a57e6aaec6b51dce5408f6a7fbe9ba9d55f5abe2da55fcf015ca25dd74eb61c155" - "6c02123390178b2992059151afb51ac652b364f562c65451eccc65d968e9e7210921c93c" - "9c", - "320d2a7f48cf3583e8d7e712b330d40ddbe4b6c128be5a43d72bf57d4227603762de7f0", - "09806a8e70742c6c4a9ee6f77fe7a36489e1fe8c442ddf9cdcfa61f019ab9b41241d949", - "061fda247ba7c198aa532906bc01d509088d6c2ba0f14ca3ecc5ba36f3595db1df3e64c"}, - {NID_sect283r1, NID_sha224, - "7176b7013ea27e94281977eacb976bb31c753bf80fa09680a29128a6fc15234f79f0e990" - "0aff3217ce9be72c378042c6c34fced0158740073d1a985fa25987fb218002e425868fda" - "5a47de51abfd04de34e2b8634cebfbdc98e80f93d94096193eaa82dc8778fc23f3765c7a" - "cdad94fdaa272df0ff0f28190c10a462ee78ac92", - "056d15b81f40b6378588a5efe43e21b95e18120d514bfdda0e7759a1d0766a8a35ce5ac", - "040306cb78fa576bdd2f43cf7b71d7e66a98b850d87ac087dd2e1ff62596a2e8d4cfff13" - "4403b1e3b12db842e00c2faef04d3e39cdb71546e4e3ecf21eacb6131c3501fa30edcc0b" - "70", - "1e8969d6cad41a40d8306d2a8db3290d547106eb59f661e0d0eeb163044a92aee4483fc", - "06786637c3bd5a95eba5ce015f151d99845255175ebb9e593d912c75cc45723612c4ed5", - "384471c17c45ddcf62b588993835bb913be88f7a8e46e52e211972ffb3b7768410bcb7a"}, - {NID_sect283r1, NID_sha224, - "4c3642ba040a9955b9d50dcd1c936688c17c363854358afa8ca49c6abd906dfdc4d89bb4" - "cab0bbc363fb5b74e1f004d4b09ec9dfeed4c0bfb482a9061a1f487a3d79195ff7b65a05" - "04bced3a28db0ebe8fcf8ab1ee4a3ae91324d15d890ac4c479144dd5538d2e36d3a58776" - "9ee9cd2d5c6f85a03362a022fe0efc4a3902b71a", - "12fb2fb5bf5f7e42a500154823a174ba2d05af71e3b0cf47fab46e673ea1822f1563def", - "0402414d172d74a6281169835d18bfaae91f1f1cdfa9ed451884466e63160ecdd4a2c790" - "6f02d892bb19b47a4fd9d851d3b101ba99acf6d11345596635cedd5d7557427a2896a913" - "c9", - "20786f42d77195bea5761f86dbed8b452f858b447d2f3775ba2a4865d738122363b50e3", - "334507412368f08bd0992a5d56581ea7139e8adc88abe4bd80dfeefdc7a37a481b18609", - "0fd8404df06a02618cdbf6c28610d5dfac9907635d9e5f2887f11a7f18cb8b7ac95b5d5"}, - {NID_sect283r1, NID_sha224, - "e471f39c18b081362adc7da47dec254dab8d765f005ac574640d78c14222639245563912" - "d942f3be212ee3cef134407334c8fe3602fa0e1629de5331643d76715dc1b0ffcebd484d" - "86c5211be4b285a31688b205fa988e6c15b36daf396ccdcc209c7dde2a732f5c31c84c7e" - "a041408ebf15e56632583af0131bd7f531b5fc45", - "30096c54fd480647e017f8cdbbdef292e799f054e3279d228b09816a757566a744a8266", - "0402d4b28fec18cd888017fd5a27a375131bec3aa7195c0a4f255eeb3616437079e356a6" - "cc027c607dcf0b068418eaa7de8da6f9707650e8d95aec571f7ec794415fc175061b4515" - "19", - "36880905a376faa594978713c2de1a90c8e27baee65bc60b1fa6508fab5abf843f66ecf", - "295193f1c64181bdf749987bbc8ff2a188126131f8f932bb8ca952ffa201f109762e18a", - "381c496b4035bba880225dcfe74fcf101103e38f9518d9427c74a5ec86ebf8f7183694e"}, - {NID_sect283r1, NID_sha224, - "8a93fe53e83075c4025228540af7e96a588520da34e3eadeb99a4ab2f3dbbb8f85fe63a3" - "b86c1f4ec912e665ca05b43e869985eae3791b91205afb1380e16c25b74e6793fa63e4a5" - "5dcf25dc22d03f09deddeb9042b620434111afe08c5657c7d754af66ad91a1b5423301b1" - "e8e6389a1404060d1b6a99fe0f89598482979e42", - "0a1b7e9c8c2dc25b494b5ef3195b294e41cd3c2c35235ab42542bd3e2a52d5826662bf9", - "0406232063dbb66a56e2a92dbdfd9b3c136eade9c214d831691d9b49c56a3962d20f14b8" - "a901b47b85bc223fde1918abf6308b74dff7f3e686af9c9d7a1855a1b77984d258c1f9ae" - "da", - "29b4221eebe151fe758218138535d81182c991c3b7fed93f9a6117e98c1c2f97e546937", - "1f8040fad671e2f32a1094413ee955ea5426bc906b8e034d87d7408e63db173b05afbfa", - "22a353c431a9e9315ff69facfa4e15f6e6ee1be2750472823db31b49b17fc759e6b94db"}, - {NID_sect283r1, NID_sha224, - "e193a8ef6f454ca1aed38bb67aca6d08280d421b196d89938c0582b7cde74dafd71716f3" - "818940af412d4a7ff3960a8517aee108ae03576b68ee7557d35e6f1ab823d124de7243dd" - "02b542591f62c80d822608572889573e4c9dc62f99d68e07800da6f83cb6f5e03d1f2ac1" - "5f90e38b4f25e0a75e354e4b60cc81c0bbe81d39", - "059b1a8fb84530bba7a607ee88310e31bc6ea6a6881603567a1081a05a3a9ff87e719ef", - "0400b9a71aa3cb4cff37586b1e522b0e332ad5962eec3dfeffcef3851976baadf611ae52" - "2606b1bf0b43b406b5edc6782fd391d9fb070fa3570d3cd5b2b66d7a95dbc45ccb162617" - "2c", - "00a77307da9845ec4572a24c9e74a17b76b6393da87a9d7b1b8456235473ff39d243ec7", - "36721835be490b5ffc4a42bee3c6d231417f7038c367efd9ecaf7fb3618ae8492906de0", - "237833bcc3e4a721e2079e579d1aaf2519c01cc238056fe0c0990dac7fe50e75eaf6f96"}, - {NID_sect283r1, NID_sha224, - "8a99b9db191f6cabc88b430bc2293e6774d5180f019d871839289e25aec29379f14606e7" - "42190b7aa062e3b29fe0254146d9614856c5140c7315015abb98ac00da2c7e33cbcc82c2" - "4b797366f12767322c4381454d9d1eeaedb616b0ea5c66d1422da459f18081f4f966d05c" - "e279c6ee69b1bf94b8388d38d4b770d9ed69025f", - "30ddc2c7a4ce300cc2b75f0f977033f16c1f8bb13aae3d494c381f9a6dc8622499ae4df", - "04047bdfd7c77ae0c53e327c15c30d90ab1c9b670fe2241dc0ffa939fec3cf6d3c1f493f" - "3a06a286aa2310a4d0468b62f3144a9da2e66d15bf86f60045824278e8986ff87a276119" - "20", - "38afc3d11c66eba3441a5ea298fa593eec57b84ea29973c306ac9d46bb8d8e2f4c8b049", - "06c830f6c0be99fea4712f1c75f5a4e439800dcf062a16d93135c3255d3cd04bef5bc7b", - "1eddfda0d0e02d382ae243e604f76939dc21f3ce106243b2d20aa562b78e620fb456428"}, - {NID_sect283r1, NID_sha224, - "5c437b331831530aa94623b1736f00b986172699f0a02a5e5df0008bf25341787e2e6604" - "6f2c929dfe0058c3cb89fc5bebbe1025bb1edd1ee31522ed568e7b5b4ca3991afdc76a68" - "cbc2c4f81863e27fdaf6a564fab2c6354e5c657de81390f8a4132669fd24a48580c716b5" - "b7961a9c091f614d11cf45dfdaec8946a54a11d8", - "07899928922fbfdb5407517725edf231d15a8b62d90b7fb6d8c8d20424850dc44f797ed", - "040614257f54514cf37df2cd78850658a85ee362764ab8186423aa0f9a1ff486557f8f16" - "7f03ceae9d1370df045d20f576931ca63bdba8885f463d5c82e5edca5116ed3d2c2b0c48" - "61", - "3395493478e69e6e1088166f622a4f9ec7feb998aa552b54bcf0fc67c06079f45a14993", - "3f31ad171dd59c9deb21851e631f223584b17f72a6807d5239ae31373512def954d5ebe", - "28f095ae43ba5bdd899573ce6823eccd8e127c6c03cb59dff43c087ca24e1ce5504d1ed"}, - {NID_sect283r1, NID_sha224, - "91aa08567d8da4c90684dc06068f69deae240212842ff1786f04ec41b40d9187aa92c764" - "01f9fcedced62876a34df82ad7c1e63b68bb2a972257ea8542bda6a7f1a020c9b122943b" - "6d651abda8b8d322a8fb762eee376daa2d3637a71ed6c4f5cf96f61c0da2d6e1dda3370d" - "80e51da2cbd8aef3267168c67359523faf910dfb", - "2a2af63d1171930758bd3e5bfdac62cca1a83a3b55a49b3f80cf0d9ee4b2082757beac0", - "0407dd6fd0868ec478e7e5c08965fa4f1efe8db4d0c04f0b6c63b5dfa397607a0d9d5ce9" - "09054ff4fba9058179a2c61951fb4955cb637b01267f8f08b3aad614738c562f602d498f" - "04", - "179482dddd033e8849abfd4991304137044d7433d7bf858a794340ea1cd66e736b821fb", - "071f4cb000ca1c51c698c867a78961e6d7defbd60109f79d1d165ed045a653ddebabd10", - "1e2975f4a1fce0b3b0e13c3f50005fa664ee9319cf774d2e107c406d36158bcecb0e5bc"}, - {NID_sect283r1, NID_sha224, - "eb5297bf408c1a55e400a20a3c10acbc5c2bc6d6ccfcc0941fb7a6fd4d2834415a6df86c" - "3a6c4b867d1215aeb8222153da8cbbb1576c92c07ca2c36d8f243fd911f9a057e39ee258" - "32454e28d7ed52a8d04169b9b9677a16b32d5d211b8573a8986e9bf36d7206417ad2771d" - "aa11bc21fd7ee1029b65ff7c9b2705a6dc9cf9cb", - "35994e89e13916ad82608f74a639e6aceb756ff913aec440519946d6434af9a60a6af49", - "0401f7805dfc9f90d4f8a1b241dc9d68aa41cb77b63d530cb3733cede23bb87ee5118e5b" - "be01c3f1aa3a1218de78a94ee8f88d3f787fdc68674e31792d919dbca681a6db1dabe89b" - "61", - "2116684a4307c67a3d8c1014b33b928a962a8daf86c4031b0c1d47315d74bad7dab2aad", - "33cab952e9382dc074d666f1f2ab2bd72ba394a404ce2fd02a6f7a4dc096d713827c94b", - "33b2886738d882146c0cd715701fe4e8b94b0d28c73a6b79d2899391119ba910bcbe3be"}, - {NID_sect283r1, NID_sha256, - "f415d0adcd533dd8318b94560f86732c262ad2c6dff9dc83e2435543f429a2158cd2fbab" - "0d96c027f71008c4895ecc644c2ceaefa80937f6cc6338d15d36e459a16bd9387a361a6d" - "800acfd834ad5aecf442e30b70f5bfa164747cf9f89325b80976052a83a5e896c00c54f8" - "1472b14329cf23bec10a8e693005de2a506ba83d", - "29639da33f48e4fb0d9efdf50bba550e739f0d2476385cba09d926e789191b6fb0a73ff", - "040770f9693777e261db9c700eb1af0b9e9d837ce5eabd8ed7864580bfb7672ced8ffca5" - "98068aef01c8126889204aaca8f3ccb089596f85e2aca773634bc5775ee4d27c77f2af83" - "e7", - "32a930fdb1ba2338554a252d1bf7f0169d18750a4ec4878d2968c5e735f98b9d0c25edb", - "30cd65f1097d3fa0d05e1d6072675f1377a883b683c54b8a1f4960f90d68f3ee8c7bd98", - "15c61ddf43386a2b8cf557760200ac06a480797e21c92e45e6a311e1a508b03c4d9632e"}, - {NID_sect283r1, NID_sha256, - "b178d86c9335b85e02178fc4551769db589ab91d823fac219c7e14e2f029753b20396238" - "9476723832f8d9631dd7764e6dd35da290afa42a794476f5c7727b3688aced848dabc995" - "4201578cc7b25801710931f45cba1199d3788d64dc0188412e70723fb25b8ecb67183581" - "50c4037b5b81466dac1686cb5270bb1c72d34bb1", - "0583a7ecbf2a975a32d07428d27ac82e5dc13d1466c4fdfc1e6a05a8d9a289f1010617d", - "0403775ec793ee4bff15027c70d9bb5dedfb7d2e41af8895faddddd4589cc5a00bd222b3" - "bb0300f7cd572d82f2f0a2d99a83977ed2034e03fdd76a0267455a524bd8199424ae5b81" - "ca", - "1e58b1f66c927f4ae16143856d67193d889debdac8eb03936f1b36d550c2f2639e13f8f", - "0f897dbc8ea12f4370fcd08e8700e5e4c68dff97495f401d01b782f2ebbe259bc0dcf25", - "3c32424fdcca39f411663284658b8f0c1f950f0cea4354f02f4b359f18e3fefac0976e1"}, - {NID_sect283r1, NID_sha256, - "c8bfe9fa7c848531aa2762d48c153cd091100858aa0d79f994fd0e31b495ec662209a9c8" - "761cd1d40c3d8c4262cf4dc83c4a2549a5cd477726ab6268b4b94a78b1c4a7e700812872" - "d7f41912a723dd9abc305420ea1e1fb1fee41bf643f3a24abd6e8fbf6fde2475e2905277" - "24a6f99fd75374bf7cb01b34d3e60d8db33c4de1", - "0f817ab1b49131fb9bbe8c112c25a36f064efa85de7506fb9cd29d81b326bf276277f7f", - "0402b3a06e07fce1848494d3227ff77d1c43f4ec3c037ad73ffebfebeeae87d3bff7f7e5" - "9a075df52e6a34229266ff28b1c217538ae23b3912e4bae8de5cad9b57b7c1c9ca8aabb2" - "e8", - "0ac57fbb899193b88fbf4ff2c502af72943b133e8d40459a833275212f6644f566f5c58", - "3e13307d5fc2b7ad24e9422355150578c78e1c99a6f9a24f9ca2e8bc6856936c5c4af2d", - "05e8b77b580cdacc2660e6f8a1877d93c5983d135d63ca0e0b06aa8daedf855c9f661fa"}, - {NID_sect283r1, NID_sha256, - "9a5f563d0f9fd1f31f3a822de628ae970954f4e71292492d727109036491c29e66b9b0f2" - "c90c26abe94c08502f5e923a9ddaf6a7d91e9541ce90d0a49f03ce4e4769753d5b7d922e" - "1ceaac4b4cfa4262732a09550aa076b8ff9d46a50fa17de17e3b6bd606698464d116fcd5" - "f1ae11bf45b0c48d3b738427cb47b0d1272b03cc", - "2782af76ffebf3e2bfc0576b70e4f4bb87c762e2bb230d278ce776310a14f5b678f29af", - "04000dc21b3be7efaba5c7f9f22591327f0f97083d4d844415d3148d227931256d026ec9" - "d401276f1d9e131f13bb129a1192fa24602fb508c9679ad2124e49c70a891777cd601955" - "fe", - "0255972b5329863f380de945574793beb0430dc416a8f2543330a125ce8d69f72dbdddf", - "25bcb54e188aef6e362a62fd88daaacc8e697dceadc8a6b6f804ce4a36856c8da6de97b", - "1e12e18e1e281606c16ed1f49804f8cfb33c29b0ae92c072d5c41ee3e6836cf1813d722"}, - {NID_sect283r1, NID_sha256, - "3d6b065721da9de82cb33ec2c27107eb399b1e69ac8fa51145ed4147e20d72e27434104e" - "76af988a3bc94f55e36677a05182fe2376dbe38195fc6a30673a4dca87336c7304f3f31d" - "49216fbdfea00fd1e105d8b0c13ab11f8892e0045e915c17dfaab07b24ed21b06af5a8ca" - "d4f45fbee5a25bb6e87466a7bc422c0bb896440b", - "31b827b88f14d3822244809096157df3c0aa99da90c00cd9f0b18dfe306f6881834e6b6", - "0407b3ed076a2901ab2625bf05fa6db10a8c156412fd2d26741738f5eeb6a91891575269" - "4606a8cc2061352c36f264d23dc2857fbe02af34397ae5130c582e885f50f2c112f141c0" - "7f", - "0b36f5d6da409c4a27f38ff9686cbf5f4714f4e17234fbee6e6deec97c9f0d4c585d42d", - "356911114c9ff9ae4f3a4fcc5379c987b9d298554cdd39ce124f04707e7fd1ea25231e9", - "13c0a321c4c5a1e89dacddae38a9b3dda32a20627e53dcdf28ee26a550797c255eefe6c"}, - {NID_sect283r1, NID_sha256, - "d125f0e2e6135567adec9e77da2afc6862e28d618416632ced829d14ee8b61116da59dfb" - "44098a40a0b927731125617e3d2f32cfbd1546a6e758c1ab6597e75db07add52ecb61d37" - "da2e9ed04df95b36ac249f4cbd794cb561655cbbe4b34834c497b3d392d78ed0db8db683" - "aff0076fb6e43acba3fa2b91210cc6cf3fa594b0", - "27da4916f1c471cff80bfa14d12aa10270fc3b26caed010c0111f6e5a40d914a3927763", - "0407d8202c88fb915446c521884fb756375a2b8d178f6a87306c1c8b67b926e830c8285c" - "150224dcebb8a7c46902532870ff855c780b2884dbce2956cd34dd6ffef8dc365b967534" - "49", - "3fcb1e759418e4539f9be76354cc1914ccf9a111338890eef723431925fa132ebad8695", - "0d4d4f23408db58a72495aaec6dc335ce85309fedccb6ade053c23347abdc9e77a81aa1", - "129b6b322573dcc79704d08921cb54f31c571573da78cb09d0aab40c4036ee8f195d88a"}, - {NID_sect283r1, NID_sha256, - "b380f97687ba24d617a42df1b14e5506edc4b62dfec35ed9fd886bb769832cec7f9adae1" - "0c21b7cd9152588797b4efc6b2b30a873d3f25e683ea9be070dd69731949a51121e534fa" - "bfa3a2eae0ee90a454182248bedf2595cd47ad08614177d58f7a773f5023b538f5f56868" - "2c83fb60e3fb1aa859948d01bf7b214e7f2dc719", - "10608eb51dc0ee97d6e488a23c582ecf0ea1df9a24db77094d87b3fb6ca98507280a934", - "040399b3e571caecdfa1efb243323159a45618702600b870954cd614e494bccd70e381f6" - "8a02e2fc57721a500611badf48fb435a6e399cea356d281e853f55ef2cf9fc5f70dc8b3d" - "a2", - "0a8045b4f55115dedd8d742545f9f2bd6e5ab81cdbd318747aebfe9f74b0cbc964b6040", - "2d022631bb7e05d316a1b130faaca5af5eac67dd25ad609e6e2a067ff74fd4ba534db2b", - "04595f184068433962d250394680701fbd2e2bd613a47e5de68fa1eb83cb08fb425571f"}, - {NID_sect283r1, NID_sha256, - "3f9ec57e4228e1a6ec49df02c58d756515305e48763ba1dc67298be9a1548576c28c82b4" - "e9b3f62357d9b3c522b16d5c496a39effbdc8290edd2cadc0019e6b9fae1e61238b13b62" - "65ad2ff413a5a0684babdb0013e7632051455e6fd943815213c555dba96cba8911e006bf" - "ddec6c3353065004538f37e48df9e339498d85c6", - "123f9eb8babed548df08cc3afc1d3b3bbed52b538d4654f2088fe76062fbea75b85a560", - "0403b2e980ae7a847394720a9cb982fc1e41f9381b0f2e08b87fdff1bf891b9637cb2248" - "5e04a367d593edfaa4e17113b6b1ea3ad185b3155b1bcbd9f00f4482e509b43bf7eb67a4" - "48", - "2adaba166d703d4d2d431a26200acea7fb47216fd04882f91c5730a55c349770d58a452", - "2c83e6a7b4fd48e1ba4fda8ed7891425213764078926d8862d0eb64765ee2900b3deccd", - "3561a949d583b7de9263d07ac427bc175b75dc52f43f3ebedf996218c94e51684ed5f9f"}, - {NID_sect283r1, NID_sha256, - "bdbd7b7bf3337bd9d21a3c6db379f95408c17e49dd394e94737ceae889f45dc0ff5d48ca" - "dc53703a16b5589939506b548f8dfd34c577c084f372166cbea320c8fd07c809b211e074" - "9ea639e68f890affa1569b66bd763c7c710989e491011371eb1d93ed9479ff0216b7f79c" - "901a2023e2cf80b565d1c0517e73117190cd2f02", - "06a18e626452111922e02e31d662f4301319946a204ae8a34f06b91dd1b5b96456365e3", - "04077c1fbe6a645b85fa0316ae412e8dc558c7c066d9aba900650749eb7b14a149ee57a2" - "5901b2f3002ff4936653412c8ccb8a67dcae18d78dcf6dcaaa75061013d2134af2c3fa0e" - "69", - "21bf4ca10d03a93d4675baa26285aaa554836bd0bab6e7fe42600ffe9137d5e304847e1", - "20702aa5b5cb45cbe8025b4ddda0a42a1ab746117d45382d018b2055b62791ad91abf54", - "12c31f9bdc096236d3ec46c4e6cdbcea47e4fba0e28d4df0fbc19e8740ce6dc0577b242"}, - {NID_sect283r1, NID_sha256, - "436b288512ea57bc24f84fdd117da9dc1858bae8c11637f99295d88fa9d05e3c053a2584" - "a6fe200ad190b3077d9a1608f660349dda405066c1562f6897ef69b6b674d6bc11fa470d" - "0b96a7cf8f6e098c9ac03b0ef415aa045867ac7c11d16cee78ecf08850ccabf70f761682" - "b561d0d0e4a889d840dc74932648ca2fb58259f7", - "3307fd717015b12a2dc76ada21442ac1d97519f66898b214c2ea317ab0f0905e819e4e9", - "0404ff9b8d60ed177df635a3953c0f5f5c0254224bc48d34329136706d6e8fa1b16ba091" - "6a02e50ef73f43ea9a5ad07c6bd68a82b7239534e195ee929aae7788c073dbe9e968c282" - "8b", - "14d8339f610b348f4639ac20dfe2b525517218f0c71b1908d407603b25f19971a1b5b4d", - "2acf3dc4e3569e5038fe97920de626ddb36bf213afa0f939785dec8319eb8321234c574", - "01db40fa416527266a3949211fd9fec158412c447c392ed6a7c7f159a1129da864d33be"}, - {NID_sect283r1, NID_sha256, - "672faa156dc188bf16bf8933d65e091c633f294486049ce96a4a403dca28a149f4f840e8" - "bef47412285363e9e89006614b013a41baad9885f1d9980cc897ffbd5f8a7d0e63feaeb4" - "2c07776efb307ed680ba1cebf470dd9bd8a2a9efc2b1daa569524394f9a50398add1a5bd" - "2f7c263f9e63c2d49461acf98444fd23341ce78d", - "14f9f412e3c7d770626e800d43cfcbba3ae6aec8563af748e8a97b67d244334b6e6d2b3", - "0402293b37c84e7514564635e517bbdb9bda0b4a41217ca64c38e94a4bd00753255b4cc3" - "890088c10bd909964ecfe10c373214544c6f60ab85b8f5545afb0fd2ac03d036db7ea9e6" - "7a", - "19b21a4d73012dd2a2ec3ee280a9b855b89e6ad53438431cdb5d2cec0e5ba21300e9bd6", - "3baaac69d182bf1a12a024dbc9a52ba244a654716e2756c36ddf8ca634129cf9d2b23b2", - "13ed92730d0a6d75f2a4a56b39f82d063e1be988dc58f0ba5f553fa88b6510116005727"}, - {NID_sect283r1, NID_sha256, - "4321334cc8ee44f1cb392a4b280a95561809dd3639ddf43b6e11cb73067597988d95b864" - "3d86c76c3c6b932d9262b9b8b55a04fba0666dd8b8ff1e8fdf799ae3945b6e30d3af3966" - "f1a6d634d5e012710d66cb447fc3375130968a2e1e647780aada2609d87247c90338dd71" - "c3bcc3902311caba27d5d4ea4d73ccea960d4bfa", - "3091a6a8bdac1e43542dce752694972e734dca31c061c7d1000754296d0748055db3f09", - "0405c0761d01020a30c478617313c67008a1332a0e6f295c5a9f01b3411eef585a9dafc6" - "9300eadfc6f7bb9986b0dd221b77b54287042ae8d1ae5788706b79a354fe785c66145bfe" - "81", - "0afb2e2e29b26a686368b127e38c2f5726fd55a13e9f87cf00e831d3fe19d9511d07e81", - "2685f634a8c16ee79acf62b7a1fb3acaec0db47c6ff5f2c97a804e9550494b128b2287b", - "12b545bd76b8d2cdfc5452291d5e4748a5e981c400daeb65c20812a65bbe936bc613219"}, - {NID_sect283r1, NID_sha256, - "2087e22094570d39fa937f15a3ef0601709a66666344186a33b487d041793fbb9709a95a" - "f250b1df0762ea98e911aeb3ff1fa19f0aca53fd4179e454e0e91636e55cc5b17cad9e15" - "75c82ad265dc34c4a66b7a31ecb9ef9dc756f2ac1d9dab35369a6bad4a0f47e629daab91" - "addc6d297d1e5d81477b3966d8c3b607ed194d88", - "1195921b91353db9bcd00510efffe009c94f6bd8d790f5fb3e5a0101c9ca5d21c6ef2eb", - "0405dd8aa95e24c054d508bc5081546677b9a8e8dad40d3f8a184af7cf07cdb09ffa2e04" - "9805032f208dc3bbad6aaab63211e13e17656c750c6c2a6e3caaf55a7c30ae5ba241d864" - "1b", - "3223c6439db7255e89c28aeb046e906ba79f4e9b8222ba5ec201b964d3666301f74967b", - "0fb7e194dae6420ac447e7d4f882da3c4859f53a948833a0a08f918acbe03c2e915d1eb", - "2336f1206b46b3166b28918bdc1c817b22ab16b355030cfd635ab3dade20d2dbde08b6a"}, - {NID_sect283r1, NID_sha256, - "15c7bca449a73b03bbfa783f5a91ca0b7916889a5d99d541e2e8593c3b176a5b634ba20b" - "34407fbd94ae1c1398f5313cab7402f3bcd7ad277a8c66d09a6df5dd086b20a0a3823fbb" - "b80980cd86bd13e527eee15656cc977103e80113539e26695addd9eef6a1f56986168d9a" - "53f8b5de833f8962c3826cca106ae9e8c00208d2", - "29dc20446e9abacb43823e12a83737b46e6e577466b5a3925e0f9d496824dadb4d4b50c", - "0404b3c1d41d8172ba15fc92d9586f29716821ea82274ac8e4fb3452ccca3e34925f1e73" - "6c023e22cec962d759bc659841f259de954911aa289e9994bd76a30149a73711bc41b299" - "04", - "0931ef56f08c379d1ddce0649f45ec21eccf3dcfa178616f45b200a06f82172b91bffe1", - "178348d533217543af694c8d3cee8177e22740b657bc6ce6df9e57f0c1f14fc9407c440", - "3eb25dc4ed42495b54679653ab1cd4d61c854207994a7318026afdfd44c89cda9247388"}, - {NID_sect283r1, NID_sha256, - "d12fbb82ee7a57eaf76b63fd6bc6c0a65c85f135f019d43ff7bc295cad15d53729d904fe" - "d63d69d3ffe8b82c0ebaf0399e2717ece40e011f710b5db46aa457c23b85545953398b81" - "4816a1e7a8ab5b0b14c4a0451b0bda9d0d2ec4a374bcaae208b7fe8056bfa17d6b7ffd4b" - "a2e9179f49b9cd781b0c06f6ce3eec26cd428cb6", - "3b9b77d19a42e9a555da8ab70aa5638890b2ed21daefa28ca6323fc658662dabcbfaf52", - "040632fdf8ebbb755c960ebf8fa5d6b679416e488faeeb021c0782352279a7ae00eed330" - "94041aa517eff6854ba04e2de6794848823e53ca580353f2b25e45fd4efd3a369cf80fbe" - "57", - "2450beeca6f1ebac3e82e3aa3239a5031f54ffe65fa6a45e2bf2ccbda448a2cf6988141", - "28664212774e23b6513f73a9b2da97f5eeafd10efe742e314f6913a6d0c0e3e581cc6cb", - "025bc733edffbc1330689e7aee0dc121b64a72dff19e1d7c5990206d6daae5bae75d0b9"}, - {NID_sect283r1, NID_sha384, - "eab0a37915c6b43b0d1e3ef92e6317b3afc8b8301b22f6059da8271fc5fe0e419ca6097d" - "aba213915855631af64e10d8382d70599d903d1535e25cbf74da3a12ba2f13c33a8562e0" - "db03edce791f1d39af8850fd1feff0eb25f9ad0a86dfab627b96e65831bffc5f6d9693d2" - "0493bc9dd6eb3e9325dea50b055768e8aa30d49c", - "0b9f8f3e89e9c1ef835390612bfe26d714e878c1c864f0a50190e5d2281081c5083923b", - "040542ea231974c079be966cf320073b0c045a2181698ae0d36a90f206ce37fa10fb9051" - "8607e6eccfe1303e218b26a9f008b8b7d0c755b3c6e0892a5f572cdc16897dcf18433f9a" - "10", - "31789e96e2ae53de7a7dbc3e46e9252015306d88af6bd62508554f89bb390a78fdbaf6b", - "0fba3bd1953a9c4cf7ce37b0cd32c0f4da0396c9f347ee2dba18d636f5c3ab058907e3e", - "15d1c9f7302731f8fcdc363ed2285be492cc03dd642335139ba71fbf962991bc7e45369"}, - {NID_sect283r1, NID_sha384, - "fdb93afd5dd1e3eaf72c7ea9a6cddb07fc2054499ffe152cb2870163eee71ace5bd420b8" - "98cb4fa80ea53fbbaece2a1eef6427b632320e9c97e38acb16b62fdbf6585b54fabf0a70" - "3307ca50f86387bed1815a05b0c8991e0743d10cdf49c8facfd7ddeb8d4a7b706b5a29e1" - "d00ac88b0ee88b3153185495ac8388cc70104154", - "3a30a1c15b9ed71e102341f97c223a9b5ea3e6a335861c3cf407ef691a18cc639dbe74c", - "04040937b263c87461eb5d409008255d4e14c54d7a86d6e3eaf2ad9c559f7a6b9d258254" - "2b07562e3a04f22ad37a1df0250215c163b45a6bd04a4b96c30fe2e2b7ded5486b172ef0" - "9d", - "13e745c76b33e6e91f47f8423653b0056014841f4df890121655ac2044f3a6d58b9e213", - "22467497bf1b5d29476f24aaf5f88d905be7900406c64033913fc88601c62063a924456", - "19cb024c7d6be51d15337a207e66fb0e473956932faf6d755393dd5a899bf63610ff887"}, - {NID_sect283r1, NID_sha384, - "c78e35d1a5b1bbb0ec21e7ba7b7c74c859d88f3e100e40ae34128cf093885dae4e87cd09" - "f3239dd8e79e25305220880dd352a650225d9bd193b9b84e488c458b0b5fde1af941c0c9" - "fdf952d2fa41f665918dccae27ab7923da4710f8c27ac8ed424992568dd6f0a6c3ecead2" - "1650ed162e0292104eef3c2d8551be866a88d279", - "083330123cc64c11888c1fd388629d0b329a50ef31a476b909a182c930ff02d0c389b93", - "0402e3a3e712676bede22893a8911ad6a683306e86487d24585bd6fe4f2657281f0bae2d" - "c80773889a95e9bd579be379fbf84dc8d26d47335253356e5b01c09eb8ed57474d6c0b04" - "91", - "0d630f20623e93c274239200393cc552d03da6bb9e74f4a44a518e2642e84e761dff7a9", - "27b8997fb98ad04488f5dc8ae5dc88b2a3231fca76d7320550c74cc540110c0cee5d8fc", - "1824f1050e85d527847faff236b7195965e7b93343ebac889b23425dc27226d50a5266c"}, - {NID_sect283r1, NID_sha384, - "e05435f695997229cce314e50065f3c5f71981988dddccaae6efb81f936b22cb48813f50" - "6d1edf5ebd69b0be34f278592c5935f0f6db0cca1ef9d62834fbf3c4c03f4da0596cb4d6" - "7b7b767e85dde7b7c6fbef7d89babe6f97b876b33594a9e36ab87079861ee556fb03274a" - "d4af527342a4794192b8933f28c6220f954c77de", - "1dc2b656c207eabc9e0d6272099babca8d149c9c4258b779c2f06de75f76d77505271c0", - "0402b03407b65809825a32ab50f1b556a65c3bbbd65cfcec898514637ce606182517fa1a" - "4d021c97e293ec74dee17c89b962356b7bd50c7b23fcc30ec7fdd0a629d11373e28380a8" - "c8", - "2d0dc9317a2af5a7d0a23c00d126b7fae4c06bda0a5c50462ba26bddf575adb091d0e50", - "211c396875b5dc71ba87ff2483b0ffbff60cc3656132fda7422a81964f1bfbcb5ecca23", - "0a0ed7bf1ca853b9b19924c706eff373b97585b692b4b535ad71cc4362073caf8f61a3f"}, - {NID_sect283r1, NID_sha384, - "0f9f36477076c4b5a7d1ceb314a397fb14646695b0803e36e98908c8a978770269f165a1" - "fed8f4b655d4efd6ad283d7f5d51b6e1e302d360e8ebf4e887c7523a757ffd55384e114b" - "bfc6b7a0ec8511079507b919065ca018573418f9e394854c5704227772161707b4d0246e" - "bceb91192f0eb2ea994ce61fd98a6d14cc8246c5", - "0081772348ff2d7a3fd57fe703555ab2e14f5d203c4cf0292f944e827e884d95f3b1d83", - "0403f7174e88ffa8bc0a770fffa4bc30a436fce331dbe7154f6e2fc0cdd09e76840f089b" - "3f0561e6aa3feffb2033ea716ae94b9a7402bccfed1fc4a137cb96fcdfe4685314f73a8b" - "b5", - "3a8c40754ef7ddd0e289b2cdac5e06c72dc3d6ae9d0351d9295aedfd6f0e88809674bae", - "1443b46c0e6bce31642dcf3037e25b6ba2b42daa9a83f5c0bbfb2487ce717c37b91f46b", - "3f59d5a925fe19c795b4992c265a3c61b2452237eb34efb9aba30208ce07d1ad47e2279"}, - {NID_sect283r1, NID_sha384, - "1d38b1c342b6611dbaf412a66c1c0b8397692755f576df33b31c2bd12b7f0707cc423376" - "391f7b00aa4e7b7fe54532e2b39c3c5284b9c8ccce48eaf9308ed338992f1d4ecde6cbe3" - "52e46339d7d602942158387881d9b493fd40cc59d4f9b53ee4191d42352c6f7bf32c331f" - "0c5afbd44a92901a4b713c7cf6ccddf7de4cc6e4", - "1eb6bf2ca1b5ffe6f6a795733eaeed12de6e87c53571e702635b9dbd0d96b47df4a005b", - "0400e64dbc1a08acf6ff0e820593cad79a46e3bd818ddef5ca0960fde799abacc7b840ed" - "db06115d3de2bdd011ad053550471368581a5f125eb0d32090646fe4407980a42988e551" - "aa", - "3b28fc6d0e4a7fc449b811b78900fb9f89885f4d4f70cb5a2b3d4f8ab87bd5448f4bfd2", - "2601923909c8c953087b0c0acda57d8c01f814dc9722171d8409d0acd2fa4d9c1314693", - "3eb316cacba93bd473a4b4acae4f2b5a5b2ac9856519032e63a0c718698956e8f35673b"}, - {NID_sect283r1, NID_sha384, - "3353ad05ef90e9762bcfedd6ef44a1e8ea0392ebef30cffd48ae620f3e567e1cd44882d5" - "14e7c6759200d4bcab18afd3038c3d3f8c50f7bba32a04eee5a4b1cfb8c349939e4efe0a" - "46fd047d02ed000d8fa1b98b0af5586f120d9ad174b3aea33905b979ece1eb3660b1e070" - "c8821b32df41904ad68bbd8ed247aabd94066f16", - "3b2a3e65e5a306bf8e3955b60e856dfa9bf68c1275a678ca056207a0ec67c96eb3f8309", - "0402c542cef892b06372af7d9c321ed5309995c1cbbf1a466e70bd30f3856ab7c5d18f4e" - "3d02a8acdc12a7cc0b54f4dec9cf61c484a5cf86c4cf6cb5ed615479123ef1c6ecbb6c7a" - "e4", - "09bb5e49188621466440a0841b007525000c2203d9821f4c6afab63ac2b97cb5e2e3dcf", - "00a09da1c4bedff47945898f4f4ee9a0857bb56be535544aff9d729ae44e23d678fc71f", - "2390be08ba0861b32ca35ba27a0c8dd1a4e96d28cb007133a096b52afa0126bf2a2abee"}, - {NID_sect283r1, NID_sha384, - "e7ec162185fe9a5803c6b03d98041422315ccdac67e48fbd07a1ef3c5661158710abc679" - "1bd0a75d56791b4ac0e7695d53c5989d9fa6a3b037583b2a80d2b154b024f1c36b63548b" - "e9afe1d51f2f68b2ba94d4ca1e69a35ac10e15ba72242aac20f7526b12ff9d3cde9a9bfd" - "70d55adf9bd92c66d092d7d08e9764c84bf7f329", - "1fd4d1af0bb7c79ed5fea7bb45574e46534387bd916649485ef15207352d7302e81dc01", - "04077057d3f93011440a78718a3cfded73e4196e7fde96e794465c51be8b679f912c10ed" - "cf059873441c590c43e0f00f80afad5b0166f94b62214ea45da29174874e44356b29eda6" - "b9", - "3f224b35737e78ec5bc9b081a601d8fe19e33b4787449d3353d2ad225358211cf9f7f0c", - "1a7bfe92c30ed1af478282786bdf7b5b89cd0fdba5e534bdf13899dab5af108803d73f6", - "2ba14810de4f5cf48b56e94bd6c439d230dfced3cb698c77627f59faff0ac5a42c43067"}, - {NID_sect283r1, NID_sha384, - "87c8f2e3f4fdebce0ca9300fc1ebcaa934f51a12b6b8f2cb6bb6eb77965468663044afeb" - "2a1334cb5a81e74b8427267f8b34b5e9ff0cf157a9f18be2b1942e32ca61dc23ea13c3f9" - "fcfa16df8fe05e067938b6994982676463fb12842d4ec532cb904cf222aa805dd0d86ab9" - "a33a83e294c6d81e8dfa273835e62e9041dc8ff6", - "20380b1136b5283e9b7f54b7535ebda33b129ceb177bf5d3d07b1daed5edd9fb3862530", - "0405e7d0931db006c6abe04671d1aede760f2b1ac5c866570f8e5a24ed356fdab49cc5cd" - "ea07004920fdb0a744cc545068bf82bc5d7a46edf9265fd7c5979b9559f5421c9a98f6db" - "89", - "3cfbb1204caf6011fceb8d4be987d9a41b81bcdd95b94919b220647d0e7a18feef4cd01", - "07096beda28c20d2e62d9b0750142d3d21b54c38c7fad1ed65e4f9b386f3dcfcc43a3c2", - "3d0af02aa39e329e4c39f2a1d6797f0e3d14554dedbcab9abbd158273a3c7116225abab"}, - {NID_sect283r1, NID_sha384, - "2ac53e8a50c4afe3b38904255b7cbf150c5f79dc15932dc0ac9aa631521f68a0d4b6bc5a" - "04d55c99a36531fd4886a23a8d99f262ecd2a9feea925d7a96ebe9b6979a207b7f9378af" - "be404fc8e959b0333572a2c911f8743c0ba64eebc7ef12fe5435d2cb0e5091ae518b6e42" - "33489efe3c16c6f21abf4e2c6808b733914e5a7d", - "19f815b98836948e0a0dc9c30828c31b13e175f1e79f23d084ae1bbe64823f4866214b5", - "0405109d8ce934972f5520101730d0a14b99213ea17772e3e7637d622a5de13fd2ffe3bf" - "fa0502927e0c7baedc4bb3ed2bd1b15fd2d06dd43424393b246dd530d5d8598b56dfcb3c" - "b7", - "10359d5cd8a9b7532c9902bbf1cb83d0d34bf37e73e7c0f5729b62a10bd4d8faa0f53a3", - "3503410a6feec71fde2feb14375d50f99ff9a2c8bef47e676bcc6c3045efa9948891ab4", - "159b1f65fd566ecfdc08b87e4ecf99ceea3088a750e2c3c9d868bb432de6a61f289d06f"}, - {NID_sect283r1, NID_sha384, - "0b201469cac4c078f587edecdcdb6efd5752cb4a3f43ab540463c4d908c27527aa3592f2" - "f9acad85dd94a3c056bd28618317ebdf2e7dd6c5ad26fa3c31dd8e5c50c60418d91c93bc" - "bb59ec1adb1db791f485ded78a5cdcddd23dd1cfa4f13443468d8a5f2d648059b9c4470d" - "0f4fe7733d56a28a2c24456b6923703ef32cf0b8", - "01854e954654e726cf4bebc0e5a840e8809fd716059211c6ffeaed36829808363164684", - "0407a6e7c542860e815d3fa24fbaf99989e8b9c812b08399056ae4f9a850a6711a7385b6" - "2200dde6bff33891a64744dce6456600f5a6a11049906608e77f8afc38b922972c805af2" - "58", - "2c9cfd376903122625c7fdca50e93d4c216f0c7d07f33b3b51e54e666e13b67dc89d290", - "18321f9ee35d47648060213df1275ae89c2ec7d17abe8093d8a431ced23aa61d3f8df4f", - "09e5a05a62b006a7787c97be38df6fb9fbc1433aa2241b5a788fa727229a18e07d7a8aa"}, - {NID_sect283r1, NID_sha384, - "fc5e4dddf4c4a328b685035ee79069770fbebcc56c14e31afb4bbcdd5220e025f31eba79" - "4fd6c05e64f19678dab33ce4f084bc32790392f14bf35669d75b6466b4214ec30d58ca90" - "ae285c9058f5804a1fc9d7a995958f2a0e84ee52e8a78b601bec04ab607ffc2091749cc5" - "48c6754ed14e2e5f92315bdacaa7a12823ef76bf", - "3548f8020819588b3202f4c1ac62eaec6a47c2a19b2900c5a3cf5b4ba5804231141c647", - "04038563f2482a399bf1c13f42f8b85ef64a3599c22da9688b97530718bfefdabca3ae86" - "3705c4aabf6d8a90af345008d5a244d0671cbe1afd08000c4eb37702a9bcba6dbc058ba6" - "da", - "32649876d776117003305f0ec9cdab5cd84bbdc747d3dad5d8d54a8fdc84d519d50df45", - "1f5160851981772c502088eef209f7f89a7c8ab35e630d16330bec7723e398fb37c84b1", - "073a7333a7037e1257d4d70be87c30bef770f9d728dd7e2615d47b399ec650aedc867c4"}, - {NID_sect283r1, NID_sha384, - "284cad790e6207e451a6a469cee3befc3ec43e047cf91b9dff1485718aa29de36a43f7c5" - "1eacd8589f0c3a96ec18e8ccfa92941b50b2132e3612d5b45e16f60d411d1c53e373e1ba" - "451352e28970ada9dcb9802102518a385dc571dcf6900971b00346098a58042e0d1d129b" - "d6801fa640a895a458a45b31318fe63ebb30c6e3", - "3cc4505005c41142308f1489226b7b542e2e7f24f1d3089ff6b92a4b0013f490ad52e60", - "040280b77ddc6648d9cc3f5557d406ea2a089c8179d4320781b2eb76ab07fcafd2535b91" - "de005f23bf4171aabbf0fd50049aa017c0dae70b065964c685bc03b958cee2fc3249149d" - "31", - "2ef488215648524f6caf85233736eddcd9d1d838c6a2799c3a68580492d40f9800bd119", - "3e8e13db22c97281307edd4037f0a75d2c70a070614e94e02c860f36a53aa738fa0db2f", - "356f2651b51a6be0c697300a8c2641bfaa1795397eac208385c3729248e36baefc173ae"}, - {NID_sect283r1, NID_sha384, - "6d46e57abea9d115deda48b69fe8e0b36144df2f6a659509ce1b514c8cc4769d46e5f71d" - "f2a084f1db4a22fdd3ef0c2f90394f2898ce291b9f279c0664aa01419f5f6bee1fc12998" - "71b27ecd57a5ac548f99d01871b8c238a6b46044c953b2e78e22346a0c7663af4db62799" - "038ffb5c21ee512e26d01e70a4ed967377ab8405", - "144a2fc8e0aa63506e14e4307df36416f963dd9da78655832f5b991af8c3eb97df78efc", - "0403fe8867b560bfb21dda517b8f4d50578a11e1d0ab7ed4ab3796580d31bdf710e8e222" - "8405a302baa3795e2d132c55d90858d14d4b17aea0ab70632b135f94bb23112d163357f8" - "ca", - "0b5225132f19419715170f5a3f26919b4127a05b4f0406f895af1e4bba95786daf95259", - "0651d17b00ed9a06bfc6a913883b5cdf51bd5f2dd22307cc5ad3bb545f623516232bb6e", - "01128d4784fc0fc050af0b97f859616d764b22f40734ba65aa15e2cf80e7bba3d15f42f"}, - {NID_sect283r1, NID_sha384, - "dd750b39bd8753f4e473c4484e2b36ce2da7576813ebe05861c339ffae1d029bc793173e" - "d394091c00685ad82f0550cb21ed1c68f0c27cb7396922239cfb886647af204e88a9101b" - "7453a8ab662e270b87a8a13f2fe61d695597382cabeb781933bebfd7d0dcd33f77266e43" - "e32d937f2dc89f67525e522977ce73e9ad36c8e1", - "24ffeaf139043ff25a395e4c560c7680c1c2155191378917eb25194136b4a69597dc277", - "0400402bf61c0e36385e5fa8371a553ed8652466fdc3ed9d4a3ce1bcc567d1f451f6703d" - "d104dbea6f67e1117116f30fe42e84383768b0da770f8a2b4cd8a4fec330a0034554a138" - "08", - "3e4e78f012eaf1778c086a3bbd9e996da0ddde651236ebdb6348062f56b36f63a901561", - "1e2312720f6fbf44d7a6449a7f30019c38e69f2e6424d4bd1054f40798e9fe58d080b86", - "379d1b610a976730dfdf3300280f1c61109ad13c788e8f8f9a8d5e0130ca9482ee417da"}, - {NID_sect283r1, NID_sha512, - "4736e59fe5812f63737eed57a570182c065538abd9fb0a1c9c2059199e7052ba57d84b5f" - "a1cda2ad9f216610361ce1dfb9334816b6bea509283756a03aaae2e5b0597f492d078b6b" - "015a40c9785dcc5d2ae266176980db04f5cffef40e16661a50ef871c5f531d73fd5d114f" - "a19bae9dd2da4267a131fc31849da38c2b78d1af", - "1d1f2e0f044a416e1087d645f60c53cb67be2efe7944b29ac832142f13d39b08ac52931", - "04010b2d7b00182ee9666a6a2bf039c4358683f234ae41a9e5485fd6594e3daa880c0dfe" - "0f00a419b2f40e573dc2dae4b22e6f56e842e50d631b6126153178585bd05a8b9e6e87e4" - "c8", - "3e4d36b479773e7a01e57c88306404a46b6e62bf494b0966b4ed57e8a16169b9a1bbfe3", - "30513169c8874141cdf05a51f20273ac6b55fe12fa345609a2fede6acbeb110f98471af", - "33fd50b214f402deed1e20bd22eba71b156305e4f5a41ab9374b481ee344ab3f27f4bcd"}, - {NID_sect283r1, NID_sha512, - "e573fa7d4bf5a5601e320130de91f4ad87eb7ca6b8998488afcef69c215b0cccd221b8b6" - "6eb0af9d699af9ad6c4b4a580e82941f31e4c0a9bd83995dd076c5ac9bebb34481061e7c" - "b1b26f6e8c6b26ee4bdf9887f7ae2eb9fad3115a21dcc96acce85d23a040c0ebbe0a56e7" - "5714dbfa803d6e279b2f4280bcb993f96ba321e1", - "1337362609df74d25f7adee382225e6a04dd6ee4c6b45fa31499ce9edb0ec046325caf9", - "040287b288ce6f65fed9f95c99fa4b8c1aaf6de65ca563df30ac67c1066d2ba2f5a554e0" - "9c025567fe183dd400d256c333da92dda2e364afe84492ede9fa0e913ca7f12069b5a44b" - "48", - "31b84ec438302155f2e84dd118c0d8479267f8d19c8c5d96d21177e20b23e0180dd6d33", - "08133e49644044bf9ba3b4c8bdc3973647d650c58fae4a7ea5a5fffabafed56e759010a", - "1d8cc410cd04b188418b20cebc8f66ab0dc29a42f9067aa2926dbadee39abce79deb396"}, - {NID_sect283r1, NID_sha512, - "7862864d0d78b44e2a28af44a0a16d8e9b1b8c4b794db0410c0a863ba011018ef43e1e11" - "f2fcda2f56fdb2a69cc817df425c9cb3b458922ba00d710190cae16d61af3c304a42fbb3" - "d0c4a74a297253fccd70aca414865b41f68b01c561be281265fa89f63f975d3101334886" - "e85929a5a47fa8dc459b663548faf8ed7484958d", - "1be00aa0afdfe92e24a2536594d4b41701ad4dfb223aab35ff49310bdba7566057fe8ac", - "04013583d8cd163fdef7c11e91f36c1d3eb2f7957d219244db883708a7c5777611b00668" - "1207a1f4df45073b838277d8da7daa7147b0f10aa98b5ec02fbbf97c89ee17f3a7ab4f3f" - "27", - "26b42f369ff9b2740147914a2698cf1ec9bab44caa3b5f05957ceb9a32073729aef0fc3", - "37640dcfa11483b3754ea027f5f239500894dda4f4c8308f0623db256eba2113c41ae61", - "2096767a1f8210b175334fad61b4c7fb4e2d6c7811b5d22521af7750f101077e2fd4e44"}, - {NID_sect283r1, NID_sha512, - "e73c96d1a84cf7cc96065b3c6a45db9531cd86a397e434072a38d5eeb9a90f62bf5d20ba" - "e22b926cfe967647d2bbb5dd1f59d6d58183f2cf8d06f4ac002ead026409ca6a1f868b40" - "6c84ff8887d737f65f9664f94801b2cd1f11aec336c0dbd4ec236d1cc4fc257489dc9709" - "dfa64eae3653ac66ab32344936c03eeb06d5852d", - "12ad0aa248db4fbc649f503e93f86104cb705d88c58e01d3ae0099590a69aa006aa7efb", - "04008d262f57f9528d55cc03c10bd63ded536bee9ecc617221d9892ae1a75b7cdee175cb" - "330754e40e8823e89fe23dd2748fb74e9e93c3b33f188f80377a32bc66f6a92da1804c04" - "cd", - "2405a351a3bf9a6dd548e8477452c4d9d719e32762754cd807a90abddd3ad380e197137", - "28c5d807ea1c3ddb7f2c90f3af644c5d6a2757336ae46c2c148752a2fc150e8183cfd83", - "397c8c52fd67b99792229194a787518db5be8e8c291b1a30e105b00f108ce41f8ec8fa9"}, - {NID_sect283r1, NID_sha512, - "a73fb0aaec838d011110d49c5e94395ce07408917bacf7689d2cfe0948c582214b263c6b" - "80e0a55f1e159086817605723740569eeaa1bae96b979679165c5c35ef2142525e943e59" - "5e6b4b160acd7ebe41de19775346363f779b1f80b6d5f0785b92a648028e456af8496102" - "d19dc6526247a654bdae3368f075fa9ee92b2f4a", - "2cfbb8f340cae8e2e2322829148981cd9e509b0c65497fd8d9da5dee9dcfd39b0f7556c", - "040260bb17da74429f049f3a7eb73fea9cbeb5b14ce553d7772a365376d0114ed2ef3087" - "d005889e41bca54c09be20dd406a6e1f11f9d31d720e0c4e2e88f381ba89a97f12fa9faf" - "f0", - "3fd7cb455cd97f7f9cb888444f39569114589612b108657ac59178ffe31a33569c9f0bb", - "048a10915fd3bf9ffab1cb13632359466ccc539128cd98c6273d5d8d26c64d57520394a", - "2d0f67f9baffbb34094c5fce36f47cb73a537ff984c89e38d073678c21148056bdd6893"}, - {NID_sect283r1, NID_sha512, - "eda775984c7c9f7db47af30dab314d070fb77e9b623baa6b73e2cbda800f167b20fdc2e7" - "219391efacf908f4ceed9b9b6bd3541b52ea087177e18c97391214758cf6455311fad336" - "ab56cfdce57a18add8cf85b0a0bd6fa7297dbaa34bfc8585b0f06a0aae055186658c227e" - "19cddb65de88d260f09f805c2e8854dcc524189d", - "070e82a1f3fa6158d15b7346dd56150faee5c98c9d07c996e01a06dc9b211b12ff62d60", - "0403d3ca5fe316a0820e84a8bb5d231bb14c810a87c7392d7f960e7cecacc56c337f88b0" - "ea027ac0ded5633a98ec5734db9de1399c83a181d522037266d856c83e5c8047c4eff2c4" - "e3", - "311b23487750c3c4b23b28424c33328c39d6f594d2a9b459a883508b985d8aca039a2b5", - "1465736c3c9e30e895b1544690e05108ca221cf2352ee4af1b5ee4130029a82b277b076", - "2819b94dca3a58cc5a96790871640fe0fae38883de6fb4712126c1c1cbfcb0c005c5af0"}, - {NID_sect283r1, NID_sha512, - "a4a13e0bfa761b9bf37fade6570d41c161e20558874911ff3bee38e5649849b159beccf3" - "21c6bc7243f99c01a2fadbab9e157e9952ca65d8ea676c74fdc976d00501c626b8465c6c" - "f0e4fd1a7d1260aea987161b821528b0b423e62ecc5193a0a49442b0c3e4ec9c4786a3a8" - "6b199c07dd3a17033d430d2c83c100f54e0a7c31", - "0b471bbc5f7a07996e370da4a09e71e2119ab3a562a273f079401951fbe4df39a4493da", - "040333e9d5e077bc64d022e49d5d207385a19282aff1b73b307523b0f861b4ce4219308c" - "8205414e431f3b90a2d4a454d073cdd81f8b224180ac4139104166ec33ab33d079dd147e" - "bf", - "3e431c39ef6f4b7674a1bf414460b58998ed7aa5b1af7ddab746cbcd2ed9f42ae3827d8", - "151df78c0f453d396d71528032933566e176eb7f6910fa9df2e9b2f5ebb6038777ef209", - "08a1c4a1e21cc63fc15a78f0a11a1bc7a59a5a31f57091a12896fa670dfdc05c04053b7"}, - {NID_sect283r1, NID_sha512, - "7ceda7a7248640f7055309ae712c19d741375d6a7e0608e07f0135bb830dc3e8863ee9e7" - "a75331a5e1bd38c42cdd484d4f45a26c2c1d4e05ce0d0ca941f4e94ecc6b371102f31633" - "629e9861de558bcb6407d66eb91f1062ac0e0409db68b9f2855296a7f42fc92359a7dae1" - "6c73fd2dddea52bd866a4d501aedd8fe3b3ea733", - "3c65cf80bfb507dff52f9bf2f93df0642020d41619b3990009409e7210fd7130ac44ffe", - "0403beb5b9b8785c5601093086b709c0a05955be42eca3d217e625349e5a875efa82d75e" - "d4007cd4e64475d628e6f562f0ac9c3f91075626063a52c2b621796e557799ab2f1ebf8d" - "bb", - "16212ce91eed7153fef806d2561912be1d988410641d5eb72d586cd4e6782deae4538a0", - "26ea04dded2cbeca81e75503932982c7fb5cc7d38a45a3fff8c4ed7f844dc759d8da302", - "061d3756e3da1c7816f0d72a8c84dd1f3b93624b631f5051c801af4e472fcf82d896c18"}, - {NID_sect283r1, NID_sha512, - "609815edfd58c0e26a4b06dded831d2f33466a130754b96d8d7c3b4d99fd4b0789ec719b" - "c25338d0ae8c5880560c02687d352d77c291e406eae865c3b26d00f2e63dc644ce7e01d6" - "e96ceeac8bc1eeb257d36cbb25d89b5fff6e30b6051506a0ae54cfaf6214f30985d54cab" - "78f708029c1fc0175bc58e888db89dea8d300abc", - "0f4d33a9c7e6744ab3c441828bf0f1866ae1c042cc54abc754e3801263a96cbb3955dfc", - "0404b925b97bbe67adbb6e918acbcae0ced8dcf11d012e1a97875b750bbb7d01945bd64d" - "f304591cc9caabc0db8fe9047e6b1f8d850ac4389fe67bb84f6846b631dc3524c8dbe6a0" - "6d", - "0483aefcad5e382351125b333dcede8ef50914b1d1f1843b075f242acba18c290c742cb", - "1fb791c288e2cd52d3837c56b02fc99f53a6ee27ad6dd9c0a31ca08d8fa64eefccc5c87", - "0a041ca35422d8985c1c706dcb0b8ece64b65285bd0a934cdb41fc08223885147281869"}, - {NID_sect283r1, NID_sha512, - "82d8ebba707b72655497320200ce719520c1ae7f46f38122958fd99322c25c9f4d4344bc" - "b77a6658df0eece5df163412ecdca58475d56b0c2d14a0361e4cef458df146925d473a43" - "692b15e9bbec550f1bde3444f2a5b2ecb55d2abd273ae999f16a32333529d94455e485ca" - "4585e6b07bedbfc2bd1eb766abf0d28bdb1ae6ec", - "3a4824bdcea6a144d85f1b194431724cc49849b6cb949b4766d641ae95477d1ec3d1464", - "0402c9eb36eca01dc2fe921933f4cebe8046b3679abed80d2f8fbcf8f254bf17be3d551a" - "56034c836aa4e946425fc9f49f3f62e33d8a0afd320292a34d0ef8bde8ad79a10e3f95f2" - "f1", - "23d8725af57d835018e8737fb4e8b2eed3ec5a83fda137c710fc1df875416ff82fba90a", - "0d9f57ba8b6a9a1cbba67adfbb938211ed2d267468f79ad39ea1eca7271d135bb67c18c", - "0f09a600d97c69ab521bd1ed6bcf0c0f69255c334e0aea06c68bba81d53e810cc553c9d"}, - {NID_sect283r1, NID_sha512, - "9c6fce18a6a96349b10c9f2f5f1505c8ab727a650b44bc0782a5f39fcb48b45fc7c1b821" - "80d5f229b8abfc807071f931d333d265fc940c93fae7520d8d40ef59d7c6e3678c6a2ecd" - "e52b6a8827b1ffc6ed269cb9832feb20e593a7e3d4708309342875199eb2ffceba7ecd70" - "7b122516c815e83e27872eda812e3ea52ee3c4a8", - "27ba543ea785df1d53d4ae4c1bd0a3a994cddf0c25d2b4e8ff17ea7aa00619e858da1a5", - "0407d375a9e78ccee85fd795e3fe6bc07f50af3456edda1ab00303f6de6b5b02fe09859c" - "63008d0d54ab9a239b5ff955452b32bfd2372fe095751bea4b56d52f79b4fda0fa635f57" - "f9", - "00ee7010af4a517502cc5d5433d98916f6750e8a9009ea04b8132268673d4a02a3e2031", - "3c147b66efa47a842eb90371eeae907f0c813ca0937e488da95ff8ee16d389f3ab902ff", - "01469d005eacd9ac84a140c93ed0aee09083a4822730a28df35058cad29267eacf03968"}, - {NID_sect283r1, NID_sha512, - "5eac15a64c7653d125605869012b8f036804817aedacbb5a5248a595ee0c12329f91e817" - "9c187192d3ed0d4ca2e202d8d4d9c93ad3f3ed931121c193af5b47a8a5dc39775b6c2d70" - "2708e5134f77a31bd62eaf87e39e6fd3f2b9f782c3057e162dd53b3addf92bf0ab99835c" - "7f6649abd1c5322a1ebb2ba313df9464a74c14d3", - "0708d0907d14dcd5f40e2903e1e90e48a0ffaa6d4d9b84ca14df4e985c294f74eb9f2d2", - "0406fb0fe1c3d5bfee5399c98518bc3ff135e0c351243fa0540717a9b1f7990eb8cf4359" - "7f05212fd4d6a50c08cd99ee5988103fa639b1123c878d416cc553639bdcee1f8e927bdc" - "8f", - "151465f40204d76f3bfc2e4052549869c19da82c678c332f536ef24567ea034358866c8", - "0803d3e8c876d46a9198f2f769faa76c4f66bc5ff4298b9640ccb8e67ff8d10f86342c4", - "00da3344354114d163d14d4c288785adbf9a8b31371c6e4420383c80ba0a430019c6acf"}, - {NID_sect283r1, NID_sha512, - "df735a7e60bc267b18f313ad56bff830be5ef119baf43ce27c6368ff1dd89f010afd4f48" - "740b11c12101c5903bfa71d6cb3d6462cf875bbd55a570ffedf3564088dfe8c8d3148231" - "b78b5adaa6c53696737d4704daa59eab8d986fc6e519e81540f201e77b923a6a4af65d71" - "73635b3b19b2023022186a7b8e869e1ed51717ab", - "21fb0a6b94080da8b8299b87457dc09d21bc430ba5f3359d92aacc1151be9941739567e", - "040179831c55ead3d11844fea2e18d25cd4d658822e626550aef1afe37d88aadbcc9bfd6" - "66075f8087d759ede340157667c1bb12be272b8318aedf2e8f8b487f4bcd12a50ca66f92" - "81", - "37833e9aab843a6b967264fdb705b419ed63fbb09c12170491019acc7c21b9ee28a00ba", - "1c9601440d109a3f4eb69a1a669bdaab9f4222a34a04ace8ae313b10bbb66811bea7d5b", - "3d2f9ad7595dcff69b65f035ce600f2667f8499d3bd25f789d3f3c1bf83d2855f68eafc"}, - {NID_sect283r1, NID_sha512, - "bb107b0eeaf175a786a61db923bc6d51dad5e922e85e57536118e032167b197b1a1f62d9" - "bbcde04922fde781665c1094181c16ac914cf6fbbfb27bb8346b2134f05c55a8c6b9b481" - "273758e380666d6e22c28577c29446cecc5c3df9ed9f1be060ca55ab2b7fda36a147aeb4" - "6df0275bb923e0876b703452fab42f6b7ad2ceb0", - "2c80151f91301fb6b0c7685bd172f20515b46bf94dbc4160d0720fbaedd40ec00084447", - "0404a62b0c9749ae9ff00dc1d50d2b4a4941741abfdf13c8e416549ea27fc26b14f191f2" - "4302c9cdab7c6512c322bd200167eb9657f8e8c84864b57480a80a3c6efbaa289ab8cbe4" - "d8", - "3df951f8c4490fc7c2d50a72a93e0e82c5a20be8d91afd890d6846bfd146169ab58b382", - "1f2accc7f7c4b5f877e12cc17b227e1ba110577c9f4e1785e6dacd8491bc6017129d798", - "27a167e6f2b43ce9663b810ed4f8ef15029fb6f2be2ddf25c014d844953f501d1dcf6d6"}, - {NID_sect283r1, NID_sha512, - "f47e49ae30b09b7666600b7a95e81b0afa1553da5e01fd917e4ce1b58dfaddb8dc8c03c0" - "f5591f533610deb6a7bb5faf5dd1ec4103a587a1a4c58a110a706b0f301a5c408b3d984c" - "210d5b4a0b347d2b5447271f25b527b3c7864f7cdfa735dfded47c63b723fa0f0413c57a" - "24ffde9a95c35f743f892ab1ed1df704cde82d9c", - "1538abd7ce8a6028d01604b1b87db3aaf720e04220edf4d1d28c2d731aa25f509e58f2f", - "0403076b5c3a12b8a2e1368c7e3458458dd7ba6c5a6dda8c82cc6b30d1ef767d36e01520" - "7f0369c7a80cf01e9f32c08f9924db08a7d0dfa5e9a8e0e29b57f5eea8506841e6e3da04" - "f0", - "3f0052ba6ae6bd7a7aeb077a764d21caced6b241f63616ae4e4f0d98d2bfc0e44dca592", - "01281bc0bd36ba1f3e1c262d98ddf4e9bf1d80dbf97db02089fdf1d2e625abb5733ec3d", - "076db2215d9f33054efb397c449f05db198d38a24749f046ee20032f5899dc142052e37"}, - {NID_sect409r1, NID_sha224, - "f2380acb0d869d1cf2e25a6bd46ebe49d1c9270624c5507be4299fe773749596d07d10f7" - "c2be1c0b27e86f27b4a6f8dff68cfe5c0b4c58dad1b4ebec7bd00ab195fdd635d9fa8a15" - "acf81816868d737b8922379648ed70022b98c388ede5355e4d50e6bc9ec57737d8843fab" - "da78054e92777c4b90466a5af35dd79e5d7a81ce", - "0beb0df3b0e05a4b5cf67abef2b1827f5f3ada4a0e6c3f23d698f15a3176cb40e85bf741" - "c9fbc78c9e207fa7302657527fd92fb", - "0401da1761981a65cb5c77ec50ebf7acc11eaf44bdd2f70242340ec26ffada7a4b5f661e" - "13d6e7ad341cd7dd1ca491cb7a0b580be3019ba11e4c4f2f5507d6bd2aa2f96b03510a03" - "d5f8c38bcc8acd08080d9effd1f8ae5a5586603b2e112964514c831bf786b2fcb2", - "091e575fc79444fd2d9021bc267a1a076438d73464726bd0fe4ac2884a374e71bd462b15" - "16b3e97c3202854bd0a286214b9e92c", - "057ab9d5cf4d18f05eaf17d3b5a4af96c3eda8ee48acf5e02eefdfe2f542cde32a37c04f" - "285794ddccbb14383a645db040bda81", - "05275de4157b32723366a0d63831e6512241e3e4416f3af02e22da8faeabbddd76116030" - "4927a71cfff4d6e8937347c9b78cd3b"}, - {NID_sect409r1, NID_sha224, - "22a97fc0a9694dabc6f274ab52eb592dbbe8beeb646ebe6cef60eff341a13017eef980ab" - "a6d24ab3afd976e2f6a84cf652654d4a54a36b2f2f62fab8858f8b0479a48fe9f47f8fd5" - "a4a1f3141a91cbca186507b2bbfef5e4c4d2df525f04ef7c4720fb443ccad540f03a2be4" - "68d88c9545d1dad579fd7cbcd103bbebc9e9f961", - "0504865a30984a9b273d1bc289d734d10e0aa56e93ab14720f1a42a27d8cc932cb8804b9" - "63175de6fe57d8eafa8ab7ea0592dfa", - "04002de5872c40a79d5238722fcb94d5158009e28fb41ea012e92028dc3c87855fba71f5" - "0e6d0dff709867de185f9a9671e7a91e2f00fbf607f69609ae96982bda3f0317fe46ad1e" - "0207030fdca702cd97fb5d5732f3abab24b10669875a64bd2a74c8603897c78d22", - "032d0f950d10d028db6e9115e9944e7c768e2da731df49dc9128bf145a747662de08cbe0" - "517fca6fa185abdfcc4e3ab604e196f", - "0e7d16daa689ddeb08074285f5293bd9f1c051ca5589e69e4b62c32af110b6f3981d9624" - "df15c7cac0ddd62aee9c41c7b6d690b", - "02f6bdcc551aef0e4e8da2df38288dcc29fe600de2f8b6cd8149f88146150790915148f0" - "69372151c3bdc4d719526eff252e610"}, - {NID_sect409r1, NID_sha224, - "af36c04af0e3fd64bf52dedf52fb788d2d1bd67fe05d98880cc7ad3c20436abf02f637fc" - "ec209fbf888903fdec8682717299f8a4386768153b7faeb6581db57fb9aaf4615b4ea8d9" - "24198fdd158363a1f40312527d6bd14c13d19985b668c6b88a7548104b1ff057d07082ee" - "a421f50062a315bc3866378f2d2d634f03fbc0cf", - "0cc08a4ea5ebe32027885a8c212870e7c45b6c610117994d6a42a284c05199414a3a0e8e" - "6645ac5c2ebf21c505a601f69c62b85", - "04009d2beb607f2bab64451327e1dc67f04f7569ffc0c67b410c6db06dc04edddb1362ce" - "8d8b8220be77c447640e7d0c676e5ad1d500ab813e800e75b6012faea43be56fe9d5a22c" - "d46fb1f4f1ba65eab19f75f2ce9d8187e4940fddc485c42cd18d40d47415a80b02", - "0cfcc307f847eb696f16af32502690711ffbaa2e60e75f80cbcf7704152d5eeb9ddeb701" - "952dd58fefb159926a83245fefa6196", - "068d1c646dca56393caf3239d9fb30d1dc56f991a8dfdbc0a7b69d273aec69a53056d955" - "3e105c7917e522ffe446cbea23227c8", - "01db30aceed2b126cf45163b9d878a6590e9ac8284a31ccb0faeba2202679f181eaebb66" - "4b5537f408b693800f24da590082dfe"}, - {NID_sect409r1, NID_sha224, - "6bd6f52a6204b60f37929aeff28c87ef61ddeecc231e52a7772275f9329add899c130956" - "f8c50ac2698aad3654fdb49b74a6427a62a11eca0a8ee8b719b8c0df7b9f0bb0af5fef49" - "18a8c83367d29fddd04b6a1ecad904471e5b59c8fe3cdb06b4f8f96419518dda960845d8" - "3c49a49f1b1f2fd1d2682a9d60c25fe3ce982cf7", - "07156ef0a74ee1119532a2a7e8c02be1559c3c21897af9d5b34553c3d0feca4a8d5929d1" - "945df824478e0c0b92a6fac8c84f639", - "04001df419310cf133408e9bdb32fd85f8f0950263e1886f2e2e108a596e7e76153ec47b" - "f9b33f69c1128dfbf52557f3c382de85f1016a15517a811c77cc67ec4fe2bcba1290e498" - "1880c071318aee28e30854692ed2d6bfb71e6e74fa97af750889ae8d010189733c", - "063f127c38160e85acdd4d5dee1db1c32cd9da6075b2d2f46b010636e374e0262a045339" - "4aaa8bbb5fe7b2dbcbcd62ad601cf51", - "0250cf50d52a5950999b9c0ddef219218f76dd9f22a2213def9ba98d258c2f8359d08d0e" - "fc208e23ea3614c9e27b2e4576b9c12", - "063479550873dea8a3ec0306ffa9252739c34c87bbac56d3d9138764347d5220bea9c27d" - "6a308dc2ec53724d6d3ac4862d1735a"}, - {NID_sect409r1, NID_sha224, - "0eb8de25f63abc9cba16823270e9b6f3fdedf0fb90f6652a34688970932e3ae98f6d3bf0" - "fefc5f247f72960a6975bff1f1acc2188a1775fe8974b2bb2b4c8d226ceb735113a14009" - "e8ce66d58808fada4e6f697fd016829913352c0f659b6be354a067df00cf74919580750a" - "a6064f21264d89dcb28b3b2d4d699115c36d1310", - "0a95c7abffa92e2c637611ccba66ff9d2ab121b40a85c5b71454cb0dca1f098ce1be8d9e" - "a4933d1a91bcd270c5a33687835d6e4", - "040048e6b8614c0c7156dc41884e17e36ef528a493c28c9e6275c3454d83beb939ccc749" - "52732c18424ba21b8ea9c528966c692141000ef9efe1145029d8d60d14dcf079d43e3cea" - "0e18010f680bddc2729ffbff9a981cef2cb595a69142b25a0a39863a929adb635a", - "0f43af45b0dd631bfe38d85979ff1612140b9cf80b4504857df17279d9d8ea12d5bcd292" - "0fcec81326f15832df6774b9c4bf5b9", - "099f403ced566fde4d9755258445b6d6c2a4e234f99425aaa78ef118321f8579fb513ccb" - "b71cc2732e31668a6a6bb0fdc7f4018", - "0d8568971a4f219d6d3d8bea6aecb4bf7de53886d2e6bbb0f71d054c63768c34d4d18830" - "00019c59168fbb32f4317330084f979"}, - {NID_sect409r1, NID_sha224, - "cad58ca7a3b9967dc0ab62a43037764f8074ef9177d60bd98f623d693333971c24a575ed" - "03cb61f4dc2e3d6285fb1204502a540f3c0bbbf23f5bbbd1544f322ce35d949d8b1d8ede" - "b82e90927ac67ad49c91007056bf5096bd690d15ac00e1874fe33293d8003a4a2b094078" - "cf09af799dde384143350c54a99e1f99cc31f2d1", - "02c438b07c6e0685d1f94a4bbafc013f8f21265d893f54e54c3ac2071606ad1ffacace0b" - "8367aad724b1d9508c65ce52282e397", - "0401fca66bdddefcc3c2072ea32f026c975a2c392dd7ed7e93e94a810e1125ec161bed69" - "8d8305830eb66fca5eeb71934ab3fd79b10189c22a2c9f1fd7624f805fdf4faeeb931709" - "d745a3feaa3cf04824f5fa58bbda144d4e96d83ce1e3282bd5fc9c50bcd68f5408", - "09230aa7b58505e2dc2f205b70a09cb9f4d8272f465b7380195ede0f7770af2a33f7623c" - "310a0520e7436835cfcaf32467f154e", - "013d0e70d8f4b1563efbd3c46feee15b88358562f769046f39df6d00477815e6b8763c02" - "3807eda87a86338c7b64214784fa2cb", - "0662f43fabd03a0c05ebba700203fa2188e16504f8655bfd0fd090b109e68220122dff7a" - "6cbb8bae08612e0d516e9f95ac15368"}, - {NID_sect409r1, NID_sha224, - "281ce2643799bbfacc7d5993683a4fa656040517854f3c2dc7c4f8848dc305382e34e894" - "d433caf12d8b493020a6a08d1fa05b08bf6c53127ad5f33bbe75b9db0615e3dd94408d02" - "8dcf3cb7598f6e7cb4c787681dabac7cba2cc06fccb7506fece6c7c1c1bf622d525ae973" - "7085ab4ac578905950002024f30159cf0d99f50c", - "09e8658f8f9e6cd98c0f4f0fd20d64d725653aeba339504def17f3ad12a63dc6157d8080" - "4e5f43f4ff48fc5573fde2c615ed31b", - "04015088531d914113a25f1598ba1d3cc611e27ea92ce8dc807fe8d446db14ef62ae2f06" - "c293bcdd739f916cfedfc481fd941b4feb00a9135dc1b0384e7169fb4648973559e50831" - "9235a3f41ba174d5f58307448671cf22a3649168495c36b0bced09ac6df98f14db", - "0d398fbed52228fe16d32a6ef539e4ee3858a1df327bec999ca25cdbc357de5a75903909" - "973bbb0a5d0269862a74623a38da515", - "0e38910abb3d84b2b26ed17d2124f4787dc5612942e98521d9f94baac3d14159eeef9e09" - "b9b20c807b479ba84640730a4ced4c8", - "0e370e575302ab0d8d08d5270fe89ba524b5bf21e43e70c4d335ec1525ff5696ced37f0d" - "e17e109fd833e5d179bcd4df42d7882"}, - {NID_sect409r1, NID_sha224, - "0c061da1a16f2be130ae3b20b89745e840bee09633fb49671db28ec9a051545f57ee07e2" - "410ae7ebc61c9af79868d3047705bfc64ac0c04ef0b286e579b650c7165443631e49e6a5" - "3c84cefa5625b1e1035a6ed89b8e839540040151132a937666524265e099272c1849f806" - "db0fdf2be64960d5b5853965099459968e5beb32", - "0c4c13f65eacce85a51881caa6f82d9e48ec2ac574947d2751823a7f072d38bd9da0cdf3" - "0b6f19084a6d291052e7bbc2e1349e1", - "0400af93430dd77e6016d1b076a52126a729f77e34bb3db11328d9edd56e29a7a09a7b6a" - "54f72076fcba886ea78ab6ad81de43a82101419e1bc339c03a8b4413ff009d76f9a19e20" - "1876ebbfbb3dc771b7df07bc19eb893ce23e40c679d7909c33af2bcd7d6306c0bc", - "0889be0918e7ef34d3ed226f967301a10fc30111b3559e37f5fa5a57dd5c73ff672c5279" - "d096c5b04c68b71d55e549d019281a5", - "0a4bddba9b7a402b584ceb82a54baab61e81973b7347e6dc9e3ce0f1e50dc21c9569d8ec" - "f8a7da97c38e92e52636eb13d3b4c02", - "063c7291656466f7bd647073a50f410a2cd9e8c938aa1fd3b28ddc1cbdd7b78b757689dd" - "661f5173f79896780ac3fdd4f3171ac"}, - {NID_sect409r1, NID_sha224, - "74ac2e1303297efc3ed8e624722df505df55b7f33964cc0d270604cc48b58205d8a11952" - "232a8feb0079baa30d7d33660268b56a5a3dd90105f0703abef8f6636a99bc63bd47d9df" - "100351bee32d8205dab0dbd2af36fd173409ff8d1fb7b24570f3c1e968458f58aea5aa2f" - "46731ee91ffd6d3a060af6b3d5020daf1362af3e", - "0da591461791ae7847e6d8dd8df46a63d3021644abe9520e158406c96540d8fd82ecfb1c" - "3f6f5cfd7688c7656cc3e3dc94e586e", - "0401f48c95301956c62e2fd931df49953519b88ec3915c8de495dcb4ccba97bee023b1a6" - "cd9a66dca29aeef8f4f1117eb954e47cdb010db6bf78cfeb92d29a922c4b05daa3cdff39" - "17ba6978fe738296956ed141c749a938ca9f8f13f711aec930e0f1948ce7daf9f6", - "00576a91862cd63acc067563626977fee6f074d5726cf4f68e80d25029d4b8efe5ea8457" - "45c45e4cd42879e52854c3f385a10b1", - "0806435400248ec38a6d362e8b2cafc3f3bd46ba5baf538cd97683f76a733ba2b4ca85fa" - "7d13b99f4076e7616e68d66f05ebd8b", - "00ecae395fb324b4366f238f0df22d011bde5db6b0cf4189e3ad47101067ba87336ca47d" - "637f09f7a40a1bc64de8c4aef7f497c"}, - {NID_sect409r1, NID_sha224, - "2afd17344552ccc577b0118caeb7dd56a0766e25f84df17c0505f9798931374b48df89a4" - "8c64e199108c36e00c0bf00a97ccde55787bb97c6765601765ab5417f3e75e35a9fe5e0f" - "85a721d9f08440ed617afcdc200b318940a1e496040a6ad9090476b0fb4fcceee77b3fea" - "11de09e7fb14853d1fff8ab12d66c101257e2d4f", - "0b5eb943f0dd390b737510e2bb703a67f2dd89dc9f6dca6790bc7a260cb2d0fb8e1a81ad" - "6009ed51010e7686d5b48233c6c1686", - "04001ac00da454bc329f7c13950c848392cb4f31594fb7837f0986f61601fe244eca3db6" - "c4f92accc2fbd1a4b8597b70e72d88b103009a364065a9f67a0aa7518b75a0b4a9140787" - "a67f852fa31342d6275c14713d484dec3116b9dbbb8af1d4945639997ded09cbc7", - "049176093dcde8549f95a8f1d1c87230046fd4b18a73243c3599815d4df8387a843bc8fe" - "1fd67f3c6bbe394547e11866f41acaf", - "09d7c4ddee55f61c5c4c2ac6efbba6164900344004976381c7b18c1de541a97cb58e14d1" - "4b6e433c4eb6d4bfe6d3e0a4e457469", - "0a9acf355bad544b3b120522365bcaa1e1dc6f1d3df1e30d3beb94f639e26147a81d154a" - "684bbafac965bc39974c505fd0f811d"}, - {NID_sect409r1, NID_sha224, - "174b2b083541f8284645a810801e72631a11bd7bb805f684a7159e055afc44357f2c80df" - "2b7853678d34a04144e0ede2327d03db6df23769ec41194a8d9d86af74d51c5bc11ea878" - "c6a80689af71d3fdaf1c651003385332a512e03dd040c33d9c328ca89ec7ee9026bbacf3" - "0a7f3a68e0d894fb9f7100ffbc64bf17679dedd1", - "09cc63f32152284fca27ab2837bf1343144336a1fdf15b9727c47e877ac69ac9cf4c97b4" - "bf42f1ab10d73de8597a554ed099efa", - "040044e655ad66ca9af330c33bc6d00ccbe4533a4c6a44a3f23c921b62eeec8cc1918e19" - "956f3ed848fed93a7fd7ddea57096d1f23003a71b221c85607821cd864af6f533f216b64" - "1ceae104b8e16dbfdfe7edcb2cf9ee0dc1679b696149ff42a051c51c861a3c7530", - "0db9bfe4c2e659006d31a7b44eb7bcd6dd23810f27c74dd587ab9af23aa5962dd18aef1e" - "95da4ebf4aabfd558cbf72d2951bd44", - "0c3b91bf0794eca7faf227c4ee4085eac6d6918803242bff4da9c5dbac2e23fc32a4d4a1" - "92d7737be22810812558f820b0a2c13", - "03120a558c0edb58ae7ba36e886084801e7604558238c85a199af6c9e7506ea4e748791b" - "04f3a92354a4f1407837d87faab66ad"}, - {NID_sect409r1, NID_sha224, - "758df71a952cdcffdc417b9fffdfb57582ab5c5473a8bdf0c2101953b023b77824263353" - "dea0e2ede1f800a5757ec6ac0e1e4e3ab5a4cd85567d2d19acc6b7069a6e7368401cba2b" - "6e642373654bec0ddd19fbf032794c15b7ef7e714e13e36875262c01e77766ed53cbcf73" - "5936dc9b33eaf2152a396349c82ca0297dbae4a5", - "09950355e8667bea8bbe3a2c4988436ab5394551b375e27fdc0c1a1d1b07ae957932f428" - "f1aca0a486e54cd0b5bb0a5c5650641", - "04002f623f81fb9a299b71ea8c58d5bd7d89e7be66ed8cfd7370de515eaceac903644383" - "38a3fcf9981f1b6f0b30bc61c4b7c15791016130b7c4061422d70b21251fa9c3d4e9636f" - "5a08cea794a0fddf74ff5ab1b750cce0f2768d54fb2fb75e2851c2296b39c0ddd2", - "038e8c70cd35591012f45f27980095c4bcbb3bd36bec594927968d3747618c7f5810ea9e" - "0a126e4d3e1e08185b031dbe0b37e5c", - "0cf957d59b03aed0e48189d2b9256b5472c8a48b4911f9cec14adce5c6b4aa22d093a116" - "364bcae01c1a739a4023da12a29c058", - "04cc2c22b243064758f52264ed84e757ff67c4f6596edcfe956b70f777d865d01e529f0a" - "8a9a6e1895168780ab60950a62d2d2c"}, - {NID_sect409r1, NID_sha224, - "b96d9f66b2000e9408d602096f032b112f0e05ea874229ab9daf6e05bee49b4722e4f2d8" - "bf2eeaab9dad94438c76b7cc64dcbb59cb4e03f9ac70487a1d24d8d6b72d7462fe738a17" - "edf381d52179b3acc0c0177c113eb4d10e8e78041deac1d56abda0ddf892edb8be956d28" - "5e7236bc6794168f8a180f622dd5f2b9e690c275", - "0a995493d6971c2d7e8fac3da9f8c0b5afd877cfb94924cfecc167f9d87002136ab253e3" - "a4f9ddf5c9c99bb1dc1af0c6a3a3c4c", - "0400ac0e558dbca0fa6f013b7282e02717e91eb73304b4f7ac5e04f12f55824c441faebe" - "5bb5af82189044827007bffb1e2655794101178bb726242c718b416b21cdc9fd90b31ba6" - "a8350f9b4ce3a188b1b5dffd0e8894ae6a417c4d74c920fda585624eed4c1d3f99", - "0d581293ab1e509baa50852bd3f21f6493cc524a2c16206e461e320c7f2c1c201b9d2a1d" - "d4207227592a6457670a67cb72eeb58", - "022624cbbae5214d2c29e273c334b9ea78e10c7efff3611574d5fdf6f67a81472b606e02" - "36aa47106097b9147fc1b56d062966e", - "08895d107ba789d88a17c30a537402591ed788206487697a72f69285ee5eb4f03cdad6c2" - "604e174ef4b9bb919d8b39bee6231c7"}, - {NID_sect409r1, NID_sha224, - "e7ae60ac55e6ba62a75d5328bbc15269d4638764169de0bf0df043d15f9152bed909b1fb" - "8c7a8d8e88ac4f552c1092b62db00958a3a827f64896f6de4bbd8fa5258d6c36e3904d82" - "d3eacf6eedba50b0242eb6b01212288448c3a9821c4fa493869c01149ff1850e8115cf9d" - "e1618cb8744626b1951d1de305745507c8b21045", - "070daf435cdc26ad66c3186267ad12d10f28d32d863f950cbfcf042fe9dfce553750ad09" - "8f82f7f1650c1126b3e4451bee6e11f", - "04019b41af3b557c274cf117d501ce7ccd04d8bff2dfc737d7efcd7888f2dda24737a678" - "8f16b3b6cd589d3f65bd95194799d65659011983077a2c371fcadbf47b10494f6ffc7ca8" - "873b3d812c45a87c48e1b49edacc0ac37e5038cf1aba20360b74c0903c23a62331", - "043fb8cb87591747d12f4897dfbbc79644b87907bdefdbd7ff0f6f2e7970c7d40bb2fc08" - "c17443d029a92487869f640607af460", - "05ea3493a8c04723de9de2cbd523481e3a8593ae8f010ecbd5add6db5a82d9b13ee7d24e" - "cb417419639d0e9f4e68d14f6799829", - "0a9bbaded0a2894e384184e166bc06e1b2fabdc70536caeb3d0cd46b955743cfa8ac6edd" - "03760d1b613fb445367734fa4270139"}, - {NID_sect409r1, NID_sha224, - "666b0dc2ddffaa7ffd57ea3b2768f02d4b77c16fa007c6d1918400d195f068cae2dcaa69" - "817e6e4c70d5b29c5598efe2d957bd12d0fafdcf5ac52dee80a2d46e77fc18cce2a49bfd" - "787ff77b942c753974d22434742bdb494590d17c42af725b1309e54566276af3bcfbf5e1" - "74d3cf191b85903faafa1583282c97e66c5da6c4", - "0f8121980dfbe9ad0bf92383c7cab95fb72d5caba96e1de7772c6a179e85414802fbb86d" - "725401451329287305570ec7fdd873a", - "0400c62f4e7eaf3f1bbae71734c86b8a40ed1297b9ba1151729f9363824425193e8605c2" - "bcd6094aecc9d7ef2a41aa6b12877291cd01882a45555b68596dbc8bb093dbf1aab9900c" - "f46653c58f5656f3688fbc72c5236297be2f0586a4031279b9014f2d3655adef41", - "0b4b5b19922bf6a34a00454374589f9c89745eb194b0352061a79401e23c0c0e1fecd759" - "7b5a7cc1c463b76cce7ab921867de00", - "0f1fcb80a4fb49348fb326e808d8ed8c21c376f0713429a22bfe16d68cab0295b21d4402" - "9083769761c4fb853662d440eba4cfa", - "0252a94a40008cc2c1a69113d8e14e989e7fe13918a2852de6930973a91784eb35e20d8a" - "e150a88c459167f8ece998cbf6c5eb7"}, - {NID_sect409r1, NID_sha256, - "3e967cbc2bd936e0b6125dc5cf885735bdcd2d95b2f764de6931c4578ac8e0e87abdf963" - "75481df67dbe1b6c43537e84ec62bfca6672cc5f3ea4125abd4a4119edffe04e42411d33" - "8e8b10abb1f1f818c50a9631a3f89feb5be5367bdcb0a8a82c96a427ba6ce99f9631d441" - "1a2b7f5b14d32cb3901dc9d285e4cf5508940942", - "047682b2e3bcb5800a531858e8137692a9b1ee98ea74e929ce4c919c26ae3b3f1d4122d0" - "7fd9a70d8315fab727ccb67004187a3", - "04017ffffc1d2009e844f8e625a3bf11749a8b4ea0b0fe3532d124112edddf72d518ef57" - "7f160962b88ee38b11445fdd356a26bcc500ca356fa8e90325aafb1826a694a55a80b2af" - "52e70ad8d507d48946392da8b9fa27b8ff6927fe5130c69809d9a2c4b1d7eff309", - "058edc8f3665ff9166af55e69aab9d468f576bcc8f652e950082a48224b4923cb9396ed4" - "ae06f05bcf7797352035484fdc501fe", - "09b46600fb3b8204d4cb63ddfaad1482dd8cf8652f63c926895b8b8ebfe27295c052b3bb" - "81dddd8687f4864f258a433010c89d0", - "0832f7674eea791b5f17db7cf9e2ab13253d870c6ab46ad01cdda30e78db8b8f51fd377d" - "d55ec7786ccc92b17364a3c17ad5be4"}, - {NID_sect409r1, NID_sha256, - "ca1c90012eba4e7c5f01d8cb3814c58f48c03a16be6ed86934014365eee547070b870d1d" - "26a872cfd28b60d9ee0a66dea223e9eaa90ee28076188d6091f26f665684f4b486af7066" - "9555db9058d485c677b2a34d4a98aa8d6f43bf6f44aff2a23c5d765e98f0438ab81be058" - "5a5be29daece5d4116f44ce6062753a3ddc505f3", - "040cd1a06233ac27f3ddd108de7c6c0982793ee620d71982697713be9fd5143658929924" - "cc88747a680779bb00da8a44e1e7d3f", - "040164e518a6719b1ad61a38a214ebb06dfb0553bc760799e668b1d0d098ae3f06dffd9b" - "84c16de90db19043d72bed2601fda14b1d018e022ceb850eb1db59e6cf63c4a7c73bea0b" - "70448a7dea77d5ee8a2e1a36cbc46454bacd5954792de82f3ec21ca6a509b0c7aa", - "04a936fccec003bd9e8eb45d27c0eaedbd452e6fe99abaa62cbd0739bcf259cfb6884d1e" - "60b82522c6146f081663f6f863576c9", - "0dec1635f2698d4666df2c217fbe3e644d27592c5607a5549c877257cba7bee29a8cac75" - "a044e72d039747d0d18de1c34acf072", - "0138493216ffc3b8aa2e0c26f4fafaccd6609e6b15f767da7c907db64b5181bfdb447d73" - "ede786144c70ddce7df7eff46dee4f2"}, - {NID_sect409r1, NID_sha256, - "a54c4351ebdb075d6a42a787647390f864b2bbfd8bb3d0e0ea9d767200fa344d1a9ff091" - "bddb186acd69bcaecd767068efe4d752d185bfe63f6674279d0e7192d2077c400bbc0d55" - "99ee28507c1253f05eae0687b965a015e1f3a292b4650106765266f5c95b77ad2d82a6a6" - "e012f233169eb6b8d83576901cfd4a927c54d7f4", - "01ca6f752aae4eb7fc9c73a08d6fbd96bfde5030d759a2507bd45b6e1d1487e53abbe98f" - "ad4f41976364e0a1d830910ccf97abc", - "0400f6b7220bd24652572b37a0ff25e75f72d583c71c159857482ca9944b956a117a6b2f" - "f96614898757b8a587e3c2b78d9943003d0118fe425768bbf3a4acade281c41c745c9ac9" - "46c2f8b95d65787fb6b64deb71e6b38fd8c721e01c87efc7c2a6d8066fe3b35a0c", - "04963aa161b5ffbe5d7e5058f0b1457ca1b9cd61d731a0470beefe5f8998904cf4594f98" - "dcb41283f66e2b07c5c5d6a6c587826", - "0abf824d43d993107b552d7ded13f49ea0ae7bb845e56ad7e53cc5f9d64f99f9f250e430" - "5ccd9f6594c92defa7f6860fab1c349", - "090a541f1844357f618e5ea34c0398ccbdab0cb363e266980ad304dfd675bc81c0345a4d" - "723fbcc76ab5ed4cb0ba0af1b71bcd9"}, - {NID_sect409r1, NID_sha256, - "6723dbddc8720feeb75e2a061b7fc49079f999fbc79ec8a8e01ab8d35b438b7049da5a23" - "c49a58101742791f84f45d5f5cf551cd7de6926a0e2c4ffa1e378f038da597368c62df8c" - "d8349bf046de46d02183dc05b3a3575f5f232dd2970057200e2c9cb60eaa6b4d72f8b73d" - "4d40b98d1cc801d1a69cb5ed780a75a4064623b2", - "0fb9b1a9597d216028902abf743d25944258b48c9762d4589fe660396130b75f6006cacf" - "de60f6204463cb8c18b032de1dd68d2", - "04019b07f7f4ba100aa9e749bcf93a2c9955c442730c5e1f6f72c1b1d132b780d92f414a" - "533282f7b66677c8cc8a3d5ba8b3cd3cf7006ec6e9c495ccf600f8c19597e9cfdb639406" - "b04f57a29dcd1a7a843c2c44e8321bb8508953e9c0503f77d36bdef24d5d39f85b", - "0757f6acf74eb02b7ff3161b476dfd8349854154186c959179f11b9a15da3dface40ae6e" - "d771096e053976866433382e640283a", - "08fe276e7f63ce5f85fce19d1739a8a9986cd3c3fbe26fd59324efd98826f9db3b228321" - "b3ad1d96145ca23cc02616d9e9d7aa6", - "016e06de8e3e0abf4a4f52bd2f827ca4c57412adcce3271fb4014069713f3723a038bf56" - "0788d8dd48430d3b30faf15ad9c0d69"}, - {NID_sect409r1, NID_sha256, - "ed53cec5e5500d62d38c829002916c657674ede4439c6f405ba672327ec677490e656bdd" - "698f114c2ab5e6a1fc94a1a8d64466cfe9eaabd23a8b5c37f76a3c0decdef73b3e7b751c" - "bf3b0817f4079560b5ea34cead88ba374201236bffc48eaf289bbaa4e828afa7d732473c" - "228ad00588c9b443d65b998f21c3d7a9e9196c08", - "032109202d754da290c266f74f47805a06e6b5c3f721a72fc97a3bffeb8887e0c642d49a" - "6bd034847d0a5ba09239c5dfdf0772d", - "0400f4dc8b94dfe0a27d4d41399005b242c3e5b14bc7cec55ff3a1561c894d73f365fa8f" - "a2ccde1fd7bf3760b96ab2db78d2d50b03013ac66e95c335b71fd1a98f101a392dd4696a" - "806239fbdd0708acc69333febb48d4b649f14f42841d66ce03f1fb557a361c12c1", - "0b010ef786c13ece3a10eaff79b93ef3899aa385dcc1914e16abba90de0ca6389d664082" - "fa727fa7c7907dc4c88bd621e6124c1", - "0488b8956c5999c317830206fc8b9f6760845c31bc4ba77584925dfe25c05a1e7d298a62" - "e9748c7278eba622713df59accdd78c", - "082701053ddfaa376c99cc42ad4587d84a358d9d8a9533888cc382623114aef51170de77" - "ecf64af02e09bee203851abb22f5d11"}, - {NID_sect409r1, NID_sha256, - "13829401bd41e9fe01329e9f5a002f90f1a6ecbf25fc63e7c1345f265ff02e496230f706" - "c6ab377ea52d8707b54f8fc5c7f089044e2bec1dfc66a07da76ee12fb9ea0697d87706b0" - "ebf677600bd2fe117f6cdefb8bd636a1b6b97549ee78f992c24acdf3a946053f06fd012a" - "9c703efb8bd929a66aa74b05d61bff0395232b00", - "080536e820fac59b3203aea928475043b2576446619001647e35693a9e65d15236c3cbc1" - "2e1bbe0eb305973535c882b70197a92", - "04016d7448c0afe992f8c59b19d6cec64d8fc5b10026a806760bbdbbf0012063f46d31e5" - "21a34771f826669c4d1ddd58d3aa13ebc901a3742a6f231546f0704345b9b83c72d50365" - "22449cf60c1b3bdfa4c8d36e499d4ce62e6e7bb05c6132bed1ae44eed17414d2da", - "042753a515e607cf9992dd1f249820dafe53993b59b1e57d8f2f9100f609cc15713d27f5" - "dff4007e078d6da1061ddd36c169c21", - "07eeb1cc19ac45f52c0b63ff8ecf4f4f35958e86cc3e3a071a35446d490a426b48b6c287" - "027b003488573a4834a06dad48520c3", - "01410d85f3f2adf065b60a126170c43e34e0883338118cd33b0b3eafea1d142480b236ce" - "49d35fefd1ce4ad3d25e0cc9268b1d2"}, - {NID_sect409r1, NID_sha256, - "e696acdfcc96a6c088069b7595ea9516a36d8fe04dedeb789fbd965db0cc64b7017a8210" - "15f6210b6989e515def5a9605fec0d337e4ac59f3101a505168bf72ab6d98ec62a71d2f9" - "4071fc05b95e98d4efc59fedc138e3e49c5d0b44d1f48f7b1e7c1944ee189b242950d2bc" - "804d31c7eeb45283c84638f043ab9533976433a4", - "0b05e5f0dad9583ea18fb8fc4d8c75fd2e3cf9e92cdd9b737485c953620d345006c31c28" - "8b380258b6500b84f729ce6730e5303", - "040157c083ad9789966905c212dcfd7c049a8ba3863fd4886e4b118b3f06445fb0d4745c" - "2a8a1193dc68915722089d0d382253b67500867e8efb575800f834c978ee2ecf0f84f72e" - "75dbbac86926b73fab8b47f38eee17a63baa02e3edb9d4f6b2fd2afc88b6de36bb", - "0c72eb08acb1d422999ee8d51f9ddef9f897dccfafd886998edd3ddf30a638dbd0ed59d6" - "8885ce242fb838f022bccd4f3b5f854", - "01f4dddcacb088f6e24d331e8b111e390735a41e1fc29da8f5ffdbf7342f4b9056786f2a" - "67159d1e57570bd69d69235ec562416", - "0809840df1ef8fce9b2edf8f970c07bdb5fb755e9d5bacd7996275c4f890173142c39299" - "ce9eeb51d21a32acfc7761d5a2cd7ef"}, - {NID_sect409r1, NID_sha256, - "4058b9a8cc15ac148909eb97fa32aafbb6077b168dde91a411dbc973df7db056dc57ff78" - "f0abcb70f70f800bd752197d681f44df4a7817c0e7f60f8f65489ecb6167c14b525e91fd" - "2cc5d8b80ba380a83d031d5827c8b1262c687c90ef0e62723d9b565557f9f6fed0db48f3" - "799274c2cd60a14303406c35802cba6261121296", - "0be1d277813e79051ca1611c783d66003ef759b9e104f32298017fb97667b94dcee1ce80" - "7dc6b4d62416e65d4120523bf6a4edc", - "0401fed0171b5b3c6d9092a6592944680a08a0d4f99f08a3ad1c22b5bbf11c0e4ab3cdae" - "9526b0ca2b1bbd961362faccd5caeb1d3701ae7d57db848e5c86c31f542f1995c76e916d" - "ea9aba882865febca630bc6a10ceb6732bd5f07f51bf2f37ecae7b7fbbca618ae0", - "09e3585213c6d6706524e3c8e753a2eb0edced626498eacd842d44a73c602d801a079f94" - "b781ae1ac5d44209e8e3c729ed4e820", - "01098d98cf83c705515494cdef8c3f50ea8316d95b3ca5f9a1296f09021de57930184ee4" - "b9f563aebf5fd0d5abc0885cd24c0f2", - "0d9706f4474a8fb0c701505516699025fde546a21a3fe519a173a3ac01f683d40b4db264" - "2330bcdfe188693b15a476cd9339ae7"}, - {NID_sect409r1, NID_sha256, - "e793237d46e265ab84ba9929b196405faa3b0e4686e8693567e53f68e6991e5767797467" - "7682a2510c4c35b1968a90b32c4941af7813775c061c008a60f9f671cf7419c94253d610" - "6b61e65034497f2d273a5058379bd986e3d917f708f0a2bebdba150f6d78a3af9c722a24" - "30ab0f4bad602e91e18aaf258e3785fee78e4502", - "073c807bd7e07379782ab790720de4ae5106f16d34e80ed70da5b1594e660c9b775db940" - "66b93e74f855f57d88b6ecc6228aace", - "0400301526b630ac3fca5085f633deadec27af353233e6f241772c7fdbfa42e47a04b0d3" - "ae38c04eef2109390a71fa9fda652343cf0137eacd97a8449ce83f19a13a248af52e512c" - "fab3e2ce1ceb789874cb08757dd9e47ac21b5c0846498d8d7cd90122c437602d52", - "09245ba1873114ee2a3e642c5b15049a3566a2f003cb3d25250028655fba98203feef5f3" - "07a9f4c77f232976d83723f2621eaa6", - "0c8136d4b998ca0544ca1430abf55601f259aac7756c75d1371de63d1471053c789833c5" - "cc257e323a71f80e21783df4efa169a", - "0e2ecc6f0a418bee5de7c2418c4ad85d981b18048f94865821de696488ee19291912ae7d" - "a1cf5fe9708e2beb18e6cad4e3f7849"}, - {NID_sect409r1, NID_sha256, - "ffb8bc80e7619a562d8506eba7658bef0c25ace3dc1d01bdc2ef00933d4fa07b80364e5e" - "5826074edd46a707dbc3b0ab19eec7ea8990839d7fc0a80b70661204c52bcbef57c1a7bd" - "c861c10766033a82dafbead283d911a9502d5f9ef0a39d35ef26f3616212d4bafcd413ff" - "d18b424fe09b48ba02ca5d97ec996205cd49d22e", - "0a68379b2296a6c944ad5dacb593b302d8ef0b05873ce12bbc371d705f308c739d21f343" - "349524aa72f05341e64f7435daef112", - "04007fa0f698535b011833dac1ac96f3739ecf0c29f7fc1f8bd635f4f98daa70a3931061" - "1ef51b2fdc8b37eee3573dc34cd2528d3900be1a9dc30dabee3403da4f2dac6622e6fb84" - "96e72f3f17c169e7b554efd84ac655e727ae9520feaecc752601d5391270cf0cfc", - "0630547017103c3f97de48ab6b942db94b2db9ed7dab0391ea9e71c1b788c547abc90088" - "de5b3e36c9ee4280bb454c7c3710999", - "0916aac91ad329d6f330cb051941c781b9e59bfbfe45c4d4f6ce0d1aca982e1c612952bc" - "ea06784c57c121b14cc0dcca783d0c2", - "06a83d93f9bb81c61ac290906d74e2d3b964c39b4e96370f19cfb4a55a3f7901bca3deef" - "4bb79ca6a798fb9b3a9b0137c5a9324"}, - {NID_sect409r1, NID_sha256, - "946bde90a5b903dd281a51d7fa93d80f3fed07eaf50c18fe9fac5acf67326bb18effa314" - "4e25c151efc006a50a274ec6c6a5d573051c4e2d117ceb0fa125acad07a10fb6534a8e5f" - "5b3da2a1136779c51377bf76c3a4a93c0c6158f729f2293e414fcb952c9509f228c804f0" - "adc1daa327a8991d48ccf4f3957c5f8ccbe3ad4a", - "026046bbb269ddb1ec14ade56175482343a21b7c265026cef3c7d6a1ae0f6a68166b9e6c" - "49a6e733ad2ad64df7137ef230038fb", - "0400d09d8118519f9d00df7514d2ff99483473f680b750604580b61017513870a3cf1c40" - "3495cba488309e2c084079d53139a3695300d25e41038c18e4ba6f4e9d14f210b71f27b8" - "ef2c1d4cdd5f63edf8fe11d548d070177e9ddae382fed2b163ff2b58546f10a99a", - "0d6b0e5d83155a035248ccea95feb0b4d1af818e5ac6d5f41f1a255dd8b482a94de0f4e0" - "37b10339d1805dbb6b22af6ba834219", - "08059524790304a37f2a0d57bb2b93cec79a827b1fdc9ce2d7dfd4d277e0f71844d33531" - "4a30bbec5598a399e197a852b5528dd", - "0e7870e2a0ed16cf340a04fed4d2048e4e231cb8918345e1852bcd3e30413a2219864851" - "121a34fc98dd99976e2b20cf1d1bf2e"}, - {NID_sect409r1, NID_sha256, - "07f3fe1369ebfcbcacd66675bd4ab22edbbff72e68709cb57d4f590e49440f01691f490c" - "58b5117bd24aa2fe2101b59c61c417c918ea08ea34bbb9b8aa17491ae5d9329affe894f4" - "2d7586017877fae3ce35bb80c97f92a004380374ec91e151995166e14ac00505fd1fa810" - "cf02981bacbcebf5f81b2e633d3a3db6737890f4", - "0bbcda66978ea526f7bd867c3303b625f11b94dd9ee6e2c2f8688ff07f2bba83c662949d" - "47ad47fa882cb7d203a7f0ef5dbc52a", - "04004cf5bc624553e833ffbee05ab863e5def062e0d57c28e71d758d6ffd3839504d7ed9" - "d3b1a040bdce8e187ae0b4ca23aa565b0100fc1a15b4f273737eb92a56928395f6518e05" - "bf946afb65ebca3787f7f8bb3d946dfd26c4831cfd171b4c66c2237409ebf224d9", - "0a2cd205d957a20c79699e91684cd22746c476a79245f11e7cdf7e6b74f07cf2fd9eea65" - "eda97e8994aaf51942e15695545abc3", - "0aa1da120fc19523e8162e6018e4ee053eb680ebc7e31d00db34f7b177c74c5e6ea344bb" - "a3c39ab7ebcd92996a1c156180b7dc9", - "071aa4588741208344b323642fe03f1cea73865ba645169df9c84bdbf7488829b83b8da1" - "72f1927de1c8cc318ede545c748c782"}, - {NID_sect409r1, NID_sha256, - "3a1cb13438e3bac9ad4ab1d319e90e2c9f118dcf1eb54d6333c674a665d41451f93cd4a9" - "334cd057a44c010edb668254517a63700a31eb0ca474c84873e486f2f8e158a1a7735362" - "ea0cff8ef17d959ffd851b21a91412709b3c729474d2cb40f6ca0e397030eb2611b40291" - "6e4b656f0fd868247d80be3ce33d52054b7661f0", - "09be3dd3442e0330750f0a6252bf9cb317f32f942ae516a4038dea2c40ca6484fb33611b" - "ef016cc64baf166c122e87c15466fd8", - "0400f05a6fdbe6f80c0f5ef3322d8accda4b9ae28c91b6198b888be713afa5e652e907e5" - "ca9aff5fe77b6546115b4c732bbd4010fd000923d07aeb8c947688e7d3dcb16ca69440e2" - "a89539a41b8fbb797523d3b766b46d257b87472f5084992422cebdc4e45556f5e4", - "094fe051a13ea8dbc89c4cc5511881a48ef5554de265f0badf8741ae5027eef25c617bb6" - "a3f454a992fc68f5a548903809de09f", - "0162687730f0ab2f57e348476d1fa4eaf13199ee44f44dad5807bbea4e5ba79e92556f28" - "7cacbbf1fdec9a8b78f37e78e52dc1c", - "01acc734e2d0c81a56ee8c0465661c365edae56228ca43184ea1d7503da3d38e7607b159" - "0f59f5190e5c7264cd0d7a39be71069"}, - {NID_sect409r1, NID_sha256, - "e58e7b881a563d54772125b2863718690a5276c93d9e1c5feabbdb5d6f7c7293ff0f8980" - "5b53663bb417fdd46874b8e6a466e7e3ff6737930a0662af1d5879b071b0dc4d014778df" - "f26a2eca5992e763bf4c4698c382ac947215aa116515876008a56e5bf547857049c38a2d" - "3737ed3393705fd346897c3beb80caab88e5b8cf", - "0ed321fa283c662e87eaab99b7715e6cdc9b42e14fa5bbe2c56fdfb381369191a42da7e5" - "74839f90a85577485f19446fccaf6cd", - "0401bbb34e6bfb1c1335c48e8b44cddd8a46486fad4313581df216002b382db1d58adcae" - "74af0d38445cac2f6cd9e2b439d106f5950084473a5da9f910b4807ec5ff450be353a187" - "af6ace821b18e096c47752b6336dbedfc4b481e356e689fd9c03ffcdbf3e4ea39f", - "06ae69e55ac1f7b0f844f5ee0b583e652e0e5bbfa4eae85c59eea1485148e34f4d33c9dd" - "d7ac071a28ac0a6191d5ed03e88bb86", - "0c3509b6c0356e4a30a82fa7411d1fe17ed190b7eebf9310c44fd568494c894a4f4a1a09" - "e58a4d030d47227e54f7220f3f79f4d", - "0d44ccff47d9fe82627393c03f882d4b98633961a897381ce8b2cd18f38d69742802d18e" - "6c988a23eb425b294f2c1b84cf42cd1"}, - {NID_sect409r1, NID_sha256, - "8889ea1da1cbed98963941f6ac24f47253ff6af52de920765214f2024aeb04f7ad469368" - "30a8eb04d95aba64ed7cda6ef242f454b67bc2de38a46b6524bd5c96739c4b580e89829a" - "61a8249ec8dc27a50f43b8554cfb6f4fa4ca6875983d4b60a1c6b49f32ddff6fac0cafb6" - "4d55c6f594b195c207a9bd920dcf20e0080920bf", - "0396b805073f3c3b552b1024dcf35559ac44f255b688871a3c6657f727a4b09f3806cbb7" - "5d26a00ae1728be632387e804775a8c", - "04009957f897a17241eec5b8415ed7ec1bde5df11583255e0a8136d076d72ef377ab3f55" - "3d6f56c054332a24098aed6d12878abbd301f58eee295765e8a55e388e235e833bc5cdc5" - "d51a1d98e13429bcb7891b25487b7fd8ed804b1856cb6071cc28756bf00924bf1e", - "021959970a6ad070d1ac518493e309289f3d9d6e2a8933bca715f53cee4ab9000ba2d014" - "7282495e15e63f258dca87a5db7eaca", - "0d1ca34413341c115f780e647519547602e0361ed4d70402f42d735353696eac6e4024ed" - "2eacf9577252d40c27297e9389d1f7e", - "08cd5bd43794b32d5bd2ccf7ae4deafffa0e0deb92b1eef9d3ef807d456e459f92e9f106" - "27b7e7574ebe3c2faa858bd3e62e187"}, - {NID_sect409r1, NID_sha384, - "55053af9370901e38622734a5bc5589f6a20e258627f381fb0c366f3dbe58394e5997e97" - "8eb7ebbc530f6e6186f48294149b8594fb551c31c50521a8c4d67e5862921695604afb23" - "977b6a69b21abe75966fdd11bfbdb6b51ab0a474c5fa07c4de7872a3bd81acc417655090" - "558dfcd5af449b3347e61fa9e839bb9457de64c1", - "0a8fe323f6736bcabe971c7d964e75dece70cb54561da48a11c40027ebddb23e41c7b486" - "00f569500fe8ea2abebdf480171dde4", - "040020f2dfee967949643b6cb8a3810524044a4b873a4984e9795e4dd7976536a2d748b8" - "cc636ef5c8fc92aba5677c4a0951a3332700956ec5433d73162c9683558f0dfe8870cfe6" - "6575f2c34c765372c7c3bc3b291e95c4e3665e4ec5e72131975f0b1f5f30b0c844", - "013f26e13d43ba05e01f92457374fe2ad1ccf94ebf22334447f9360f7f9748bf3665ec30" - "58ff6184fbfdbf7de9e1e2131cd3991", - "013c4c290cf89789bd6dc523deffa20c94e92e88a76eebe88457e30cddb066c7a43aadeb" - "0493b264cdae67532db7dadf879d991", - "043bb7a8db3d79938beedcd6ce02f375e26ce807a2afd4fc446f372fb09a69fb34734df5" - "dc8f6393f86577a8d29014494379624"}, - {NID_sect409r1, NID_sha384, - "c4264330534a6c2bbd8a3b757e0912558302ce302f835ad8c5474993832fd30036fdef40" - "b10ee37293e871db5b0b149654f9e543e22111f9709ef45732125f713c031ccfbc9a2f3a" - "ba160c241d27be4dab87ab2fa9a795752ab2daf20f9d06a98d90d01c07133adfe83cb11d" - "5176525e1bba6a9ba70ea48b224d46ddd8103f65", - "0105938ba9f25034da3e032dee121bdb192ac2128b50a2ed4bca042e96cfaf4660c9d35f" - "3e67bafd4c99f9447e6dc408e0c4471", - "0400f1a9243920d7cc26741eb828bb55e34c140b0e52837792ed6274a9aa6b5534cdc5c5" - "96a1141a746dee380c0d9c2f77094c36ef01393ed8c609751550ffd077347712f3b27a86" - "9cfb1b532c5b19c381365ae5dc8fbffcb2182777a17690616d71c66524017d861b", - "0fc52aa8c590aa28c5353568c9dc69734adfae840f1e0642b57863dc7f4faa37bf3ca789" - "a3d7afb32c57f66a61780e253f50af4", - "0c45b1629bbf3273c0e785a28cb8187ef387502ac4438a3372a5c72206a15d7c5ecf9203" - "ecfd7e0ac910b6ceee3be50c6664f81", - "0a0c2d31a47ad5f9dc2d42dc36714cdce47666f6e2f05ce0e7136f166647540d1e5fbdc7" - "c9fa0def8962f44f2f8bc9addc10057"}, - {NID_sect409r1, NID_sha384, - "3236f1ad164e1b25d828f5202e3513c80c72a577aa9af56f041fd96cf5a3363f4b827723" - "b1511a2f16360e32eac90ac55f4ee1146791420ef9e2af333c17d157b00e43992ef6f2be" - "2d2f211361e468413dd93fb69232f0a0d110bc5fff361c0410344aa0636bf809062c73a7" - "ac7c142063912b6ad7e1626fd2a384f35faffaad", - "0ce11677ca818537dbaeb880fc967dc8bead203a2538a55e756679c4a9e7975b9b3e6aba" - "4e6c6eab4152d0c0939027e9b0bd92a", - "040023c78eda396efa28c92b120c4ca1e19dc6c467234f9f73701d8966bd0826c20122af" - "5f7c9ad5a5b855b6dc517c22131fb0b5af01ea47619f91ed4a010dd49ece7ec78c5e9829" - "7220b4c239ff4a8c29aaec008011acbf7e4f985c02311ca703bf4ce4ba43412ecd", - "0dae763fced0e498e3efa1c6c412a25774c9bd6cd4bce25ab0a7266705cdd54040ec55bd" - "7e6708e71b09ffe9c19af9a1ed9c878", - "0a70694fe5da7646184b23b4b434bca1b754257b8e7fa9994dce4a7a92b7ec8c7f8cc69f" - "18d17915c6bbca24f6621f9563f7c35", - "009e6ba97ac2be8537afe7f8f8b9cde8841323b5cc63cf2ed46a7913096ff8d96040296a" - "1bf9aad691b60e1f18233964a421fe1"}, - {NID_sect409r1, NID_sha384, - "6c400ed098d8369dab6fde3553afbbd4d47836d0d12dd16015f15cb8d067a39391c85ca4" - "e78c62b8b72c1592349ff8dc52db8ccb7fd80c085fae456dba6f4a2378e184dd59238c92" - "cf04e40d43a66b342d2a1325a0bab12b1ac857f0564c27b35e6abed02ff5bbbdc3770ddb" - "b2ee0513df48bcba925da6d61583076cd3129603", - "05a239ae0f40d76d8d3589f1662b5ca12176a4b2784faa8339b54e96a1e1294433a4d83b" - "f904196f939bd8b33bdb4be340ec703", - "04009d03b7985647027a17c06b30ce9fa1b43d0484195f584fc347f7003802613b524cb5" - "641db3425ab4b3839e12c012853ea8384300818f5e270baf5a771627b098a6f9ad8a8262" - "e331c299fa0722a0df6ca09bdb9c92d22d72a73567cd5497d06639aa47349df207", - "0c22251c73998a3a49b3fc65acf01438941a8885d1c5072a5d41d779af70c044153fed40" - "80151b524af402a4e8ede4448b717d4", - "02d3a7ebe5de23e0e601c6e41616bf2a9a7fb6193fef8e3f0a7fb8128a925f7bec383366" - "9d1a304652b7bb1af5186b2f612da1e", - "0b7bb17155068a8d9b3412d04d407556ee133e1a704ec5da87ed19dfde60517501af345e" - "2e744d35d844f8ac8ad08b13b17c498"}, - {NID_sect409r1, NID_sha384, - "039a149eaef2de30b0ae457b376ce6fbf88afd4cfdec02d3c5e00400d3b0484c1cd6ba74" - "db5de65d6f2fe39871349b30fdf1ef29bcbb9e182eb3ec5629d07d98354a5dfa82d7f0db" - "3dd10d1510c0dce086848a198893ca5ad24a663494f0596b4eee86199ea85e7e8f2f76e7" - "a6bd4a052c54287f61b391f1e52f96b606151c34", - "0077390c62ac41aca995640fde0c79c76f4ea8a8dbb22323ed812bee837ab8798c5d0ba9" - "76c7aa634d4b1c2c155de2709e7352c", - "0401a9357770270c528f2af991c447bed86194d458f693a871ca38f271a9e6a566f5b9ba" - "3ef3d2f9bde959e42934c95867b280e9d1001f3a0516fed36d3622fae3f44d87c4bc67ce" - "e0a995cea242e530451d43781f2ebd163f6f521497fd7a1a6c7b93d33b77083a5c", - "02555cc113c8516d741b47ca41f53ed07d509845f140dfe7dffbd01a3f751ea9f22e12c9" - "39a2ecb1827c0e56b1b1c5459b66aa2", - "0e88333875a507520d0b62b35146e37e7ce4e2f2478a61adfcbc6e1aa9fd0195a4960c63" - "3d9d6aa9a79323b7ee00ab802768436", - "094595255e8862d14980893c095608113737f42b05b561771f56ac1d54eb521bcefeb392" - "8917c07c1bae74cb9aa80dbd34962d0"}, - {NID_sect409r1, NID_sha384, - "08617d04fffd6644c40f7dd57919f7dcf3c888f4147535d12ca658302305bb8e220bb17c" - "cdc480254004b9035b357120580882ef86aa5a061b2850100285b7d61588a664dd4f5394" - "f5478e68a80f610c9204d056009c1c9e902161eda33ef61aa902e96b6f094a9f05313569" - "2182943d38b9763055a38739a2a2d133c5dbee89", - "08bf23b09fbbed1b55769907aafb97f4759cec98649b2c9da5157517d4f85bb70157076b" - "5e4aaa7a940af042302f8be06a84ab6", - "0400883c31c474333f74ab2b86f3eac865c4b2b54975ce19c5cfd23682d041ef3deaa43c" - "9f9e2c194ccd3add6677de31fc9e07dfad00a5a36b54f4eea6b300491ca22054280b3f09" - "b202b2a6b55df9e3271c763b6d8360a330c16f936d69fa463bc0c4071707c9cf95", - "0812c83aa9dc4139f8c3f7c55509f9e10e6cceed30e16afc028b1904b4d260ed0e77acc2" - "6e711a7a8e24c75fd780ed893c0bbca", - "0fce07c6f791a05de29609b59d55b7062e82fb554341b2b2a8187baecb9c95b01ca5dbf8" - "ac88c60babe10af2edf5985b35e10db", - "02bd026a3e45ac439647a483261107829411c1b4a9ab603c080b92f605cf742754b65498" - "1460cf7aa72b5186b59d224dd015314"}, - {NID_sect409r1, NID_sha384, - "34c959f549a307f21b850ae105f41299b8bc94fc292aefc61aefbe0a1bf57576ba8d9b80" - "caac635e4edeb22530163fa9629665fcd43959f68eee32482f1845a78ed7278e6e43d09e" - "d6fedf465001afc0d61f1d2e1d747623e82a762576b879c7024e34f43104593cdd691d53" - "bccaeb8f212dc29bec6bc94cf69d0a8491db124a", - "0082ad05d19b8e16f80e53a4cccf6869ab5128c5e622ed146fa8555985ccd2aa3b9957dd" - "374586115d4d75b1c01cf98ecfc3646", - "04004428d05366b0a46e6578fc7528d185a3f85da06c4179e9c9055dc0a7fb4afbc53c94" - "954f268e36d2ba8731882bdd27d9684c810136ba6048ec672601987e9b7402fea24f88c1" - "a94717ed5a83794add0f31680592d6cafdec147dfbc400e73a6ba1d23d4cb0d707", - "0c00c897edea7bbfe1913e3da303d64d0d657a83c1eac9c111722b17c65391f2cf67b782" - "19e748ceb269d6c65f01e92e6952979", - "0624c5bcfd8e0ef22ee6b34a8b26bc051912cabac102cbf56c364a743e8150195fc55a3f" - "ec90a8fabed5eacc1799b565745bfd1", - "0cddd4937da8176ddf0de7f52a4babb1f6fccf861533f796a487f35d060ad9ed4435e5a6" - "7166782b53c20bc06fd1b36c265c1b0"}, - {NID_sect409r1, NID_sha384, - "514f4de08a6f49edbb6797c9dad6d33bfa367cc1a1b58a5becfe646c7f3352d5c5d95f74" - "56e7112c4ddc746b9076b9756ae3916c07bbe6d3823895774a42d25d44b3309d18bfe7e3" - "ccb1f85dacfec1654778c19e2981a853c1f40a7eafd16d331093110698c957fe9f1d8658" - "2706a6885543248b944bb70cdf9d2ea89190cb02", - "0af7e581aa4f9be5815f0c447e39de00da9194eee5e5f609668b9b69930b5b48a948614c" - "2250260d1917f0ebcb00ebda4bb52f8", - "040044703e0b49437315a64e397085ea2ba3f2e2c383b168f31a922e5916d590344906bd" - "2a911074b7481aae7f3f8f4807b110f2e1005a13607a3bb89a2a88e27d5eb5cac4eb498d" - "34e6ea861c80271ed0c73e1fa893adce0c1982b8a8af6a0249796e5276d369c3f7", - "08e7fcadc844456f14ce9354b218d519d86c0c5211d62904c937d6fbe8cb16264d7d41d9" - "8a15e9f73a636ac3739770738d6b46d", - "07aebfd1681bd5a2f995ad4a709e8681da742649c0530684fac251494263e98d67247e1e" - "4fc174b409e7e24a7b055500920cc82", - "07b83b9b5133aec165316021472307b8b481e6381754a9d0b4f9d683c2ee7cac94ed4d8a" - "72cef61fa1f6349b6c4a54ec38975cf"}, - {NID_sect409r1, NID_sha384, - "4e5d16cb1dcaa1abab1e371e1de02f31ef4e0944dfe1fdec45ab64326435b2af9aaf1a6e" - "d8fdf1a6ab1182bb53a844c7cfd66da30aec0d41757f5988ada0017c4ca752597a9fd363" - "7668bc1a92bb1556553f28d66805bb47f1ef91908ce098d452872da9800e77e1fbd43ffb" - "0ed6fe6a62185d4be73ae96c9241b82cefb2da22", - "06d14107b08354e6a41d7d7d50c004419db8bdc50db43428df5e86084551237223c498bc" - "e71a17e25695bc438c5c09e009c60e2", - "040088c1517355cd417a698b648508fd07a457ac13a49d1bad17dbfbc9735ee58343316e" - "3eca570bca130c753e17a69fe5bd7baff301397a697d2113d94daefe6be491ed3edce944" - "9c707a57af3a164d172cafece564d686fe0d25725c2919c60889af4d0354b05117", - "0f3bb2dd9eece25c56159f501af8b619a8c279d7ecbc08ee2af6b82ead80375e9c07227b" - "73a10918d8c89d1a2b12cb76427a7b4", - "0407b224d8d9c0f11a8e09ac8d654dc6e1119e2c2804510a84ec61f9017899f9613e37d8" - "166e0fcaae16c3cc11e9f739968c687", - "08c2bd7d02c4c537a308fa40db786ec64fbc2dd4c142b18cf9bcad66199afd4f44cbf221" - "adb3837e84173d174e9c0d534720ad3"}, - {NID_sect409r1, NID_sha384, - "e29e75269754ec1194270f5c9e8267dfdd8c696008b5ebc92bb840981fd065672f07f6a0" - "f1b19841adfc51b478371e1a0db9c3346a9f0a4ccbdecb7040191a00ddfd0a8faa0e69fc" - "f544319c0155d02797eeef99fabbc55078f9d852927c23fd931685424249b87ed0c70a4a" - "3e2d3b9a2f92830e7d8f7650c0bffa8f8986b7d5", - "099d96d2dc9c79549f031bd5346cf6a8544c312a3fbfc560dc8e378efdfe025b0e6e61e0" - "9c04c8bf4133396f993b0906c33dd30", - "0400883e00d72c60f22ab085a90901ba3e8a510f19c3d62dcb3ee5066e0be094cceb30bf" - "bed7068d0bfdf634a53e2fd002dc9e454d0194baa5d7ae2399965fc4009ea83273676e66" - "a56fd35a5939c26ccaf85633adf78b33dbed6da305979077418c625354c7fb6283", - "0c213540a452c4f2ef275dd844402dd5ea590f7df41ad35523edff09b7fbb096f8ae8a4b" - "aee95428fee03a9e6f6a14ceb90e289", - "071779b477245007ba1ef5f05446c4a08d1c2eab550db9c053e4588c9935f07ba87764f0" - "fce14d4a7b982ebba89cb056aad8cec", - "08174bb56cc85ebe7bca1de1f44cf93cf478d7fe59001c5947c66b837bd3a6d116f99dc4" - "f9acb4f378b0321228518e1ba0057e2"}, - {NID_sect409r1, NID_sha384, - "1a538eb447c18494ad5a5ad27be67fa60eb2c5cb2404eec1dbd7244cd802b17ca5497e77" - "9d5f779b981b165dab53ad19fd7bf2ea7dbb9b4baea782a43d758202f147e59d6b6b8ed5" - "4f4ea084bc18519943f6894d603e253ba3e8e339a6933bc3a0a47126087038e1c813c3f2" - "997aae321b7c95a802b4b73fc7db95897b7c91e3", - "049f347dfd361a65910e97fcefbf60013a54837f2ae657d65e02397f59dc6bca27704fed" - "3affdc3d833fdc621cc5e5f99b92a63", - "04017942b58d42da750a366d7e4cf4cf465c856cd911e5352b50bc8a12704c1ac6ad54f9" - "465e4fc5402b373d8bd4e4f8519341f133010abcea49c66730ddad7734eb1311b2626b75" - "ebbb299a28c9d60937e6833a9b3dda052379fbcf7875f18680924274fa1764158c", - "0134c70f031648bf470ccca4ec19c837051bf700c851df564ef3ceb99d7d41439293bcea" - "0c656c0e5361db92a03def51d7e4f26", - "06c0f9935abc5034a8b0a05e8d04de699b5916cb367e834f13642f0003510bfb68714be7" - "5c9e35b5e593eba45fe151d1df56d40", - "0930baf426b33eb4afbed64869a22712591db11acee7c4d3a221a1e98048f05900fe1481" - "6006854cb90631de5797f91176fdcd7"}, - {NID_sect409r1, NID_sha384, - "7502c755bbd385079a4001b8cd653287dc3054f3b57de19d0ff8f63c0308c64c56f03511" - "7a8971d43654f89b52e923947e4760ac72be073136da70c5ad7ca1658cc0a2d2a880d3a0" - "c0fe636fdb27b77ff260c4c1ef8a18da8e9fd777d732a37ae9906e6c4f381f0a3d941048" - "d5a1f6f2cb8593873fa4bb1621a44bc2bebfbcd1", - "0dd226de602af4e9f8e25784bd1bbd4cadb0a8aef525d5e2d57b9f3555feb698765672c5" - "099a7d6dd5faaded69d8d68b4804f26", - "04007ee34cc7a24e2e693f9409f52796427ed86fa71bf88c923db305ebd5a83bf3b6f761" - "2847f16d00f4a25614299a2df92bb693c301f63f177b54f8dd5c907ff318b66c2bfc1cee" - "09348c035a4413fa3cf5acde0db1c8af4fb8deaaf8a3a6f8f06b0acfd20c6f0049", - "0e19c21b05c82dd8c873e5f30c1e3aa9348327f959a4dbd9c741e233c649a426cf7bd9d8" - "e93232e496d0b93ce835f80fbcfdb2d", - "042a3907a480329a6169b439a6945cdbe8e4572779c43fa6cd1f15062559dae9eda27124" - "02ccbdf03d88a8a68b691f1f16f8f52", - "0d09fa4966d171a662a9ba6827fda830b5404f96f635edd8482ee009ec5c7b64a2a6c177" - "93993610ae8297efa9fe4c35ceb5001"}, - {NID_sect409r1, NID_sha384, - "95eca932d03f1df2e8bc90a27b9a1846963437cdafc49116ccf52e71e5a434cdb0aad5ec" - "cb2b692ca76e94f43a9f11fa2bdf94fe74af5c40e6bfd067a719523eea6b4e65730365ee" - "498ac84c46e1588b9b954f1c218920cbf71b167fc977ee2a89429590f43bf637eecd91b0" - "ce3be2d66bac5847205f76c06b914a970f543e59", - "0b6fdbc9c8c76cb2b822a940d8675889ca6f5132429da795462381ce29313a23bc132976" - "fbeb346ed4c691e651028f873ce7971", - "040147647d267afb4bdadf54baa3f5131e79dae8103f5b2ddf70e4652f9fc5495123be97" - "215b811554241c53023a247936053288bd015205cd5bf0c5154b2dad8367e1b487689b89" - "8acbbf44f9ed67a37babbec739804dfe737b324ad663cd2cad79274344397099e7", - "07321d12d616dd2ee5f843d6ed7e92d18968b3a76c0e4ccc167790afabad1b7c0dd53d82" - "aacac93d98679b203bad88d5ef0cd75", - "0672c5607acc646c67456ee77f2c02117cabd241f728ace5117626bdf91662323e756543" - "8f46a3e25c048a8e2130e27fa1fa2d3", - "064aaebf9f2fcbc843ae1128eb6c7e7d1fce2b9901dae0f60afbcb08c7f2ea1b550e1599" - "47deb87dd8959921846e2923880db6c"}, - {NID_sect409r1, NID_sha384, - "8ff68cb00d03e730dddb05fe0b2344689529096c3da6eeecaf097f22c7fa340593106b1f" - "6726f06b7ce7358edbcf801ead959438a42f94cdb467b3cd5b17fbbcf75739805f9eadc8" - "69c33c604cc58f81591b0b8bf4d42bd53a801f0f829a31af6c129fb4f20f1250f959754e" - "ff8c629b85a716b6a18465b6495798c0c5166c8c", - "0203d77fac64591eb9a18de20a9d5eacaa1c3ec58a5ecdb3008c2d642e197141d16b3a9f" - "dffe61429264f5b420f5e9926659a4c", - "04000f66ca09d15d0991b48ce7afde9a148565b73807e435ae0f16c14cd439454745f8ae" - "153786d7c40cce3f43a8aa4f0564cdcbc3000f4c919b7a97beba2559a8ad0f85dee40e8d" - "f28e23732d7de655262209a5170f94791e255e77e8c8cd64c8c9900092e0ff9d5c", - "0859bc752300d4ba5014e302aa4cd2a979b3097dcfde5c59f4bafc5bc8a99411174d2ef3" - "f7377df5a09269e3d9461be61801942", - "0691ea76acbd5e8137924bee13326ceac8231688af8595718e210bb857d6619c152e1fb4" - "6e03fa83bd6b5d81e2463f9260407eb", - "054df52eb86c679d8f8514a09f5a3062d2424cdc19fbf6927f744aaa8c444223f1c28ddc" - "84b1d135a886eb7ac7eab3c7b0a42e7"}, - {NID_sect409r1, NID_sha384, - "01451c4f09720cd53377a5ed04c907a735477378ed960235a833049d6bad6e6e89958b4c" - "4249bf0f6d4f043530c9e5426deb0ec3a12b7feb4860757b41bf602ca95655155356ec35" - "a2db8e2657998f56529be4b714364f83a140846308a2973907ed7b08e935173ebbce5e29" - "afe1444cd51c92824ede960056439555e7e74450", - "057a2e6a59d4871c3d547690237dd9846d6d5dc4ec0678aafc9c8669af8a641eed67bfea" - "4b05fd6b3b5357ec4d0caf352691ea4", - "0400351aaee4207bdac826ba17e3b08dd7f94c0c8ba0d9829d7bf0eeee7e6375458b5457" - "bd787f0ff38564734b3a0412bbddd7c37100e09c4dfbc33d61d69b5a8517baf5e4e16149" - "20cbdd89bb05f0420be757253fb92308dfe1de8db822f57b67b393d8a70d989b26", - "0fbe560003dc220e4c966b21c874b828874a33a93bb69c49909376df67e5df1652fd91a1" - "d73c7733f26c121e7a3b2d1246c9a61", - "08b85cf3a14fdfc69cd42750baf362286940994479f6ed7ce1d87af12c5ae075b311754f" - "1d37d8ed10bea092bd3d9f7afd2f1e2", - "02360bc1f7a98cc87ee2a4feadb98554cce59aa0fbfc087747c7253e54c38815cf91c851" - "7f5692f95bc7c3a713fb6ac43a34f7d"}, - {NID_sect409r1, NID_sha512, - "ccd494ca005ad706db03a3df6d5c6e876ef859ec77a54de11fe20d104377df1900b6b192" - "126c598944d19a2364b2ae87ad7fd32265d59e1f22be5833f20767793677b628f18e9619" - "f8ca32f3af3b41c31e87a98d1527e5e781bff33c1a8be3a82ea503e76afec5768d7f7dd1" - "f17dc98a9e7f92fd8c96fca0db518bd143d82e6d", - "00a3da7a6633608fcee9ce4253bbcec08d41ee6b00178ceb017de74e24d48fd89107c9f2" - "db3556063abe3cb011938f4b4871795", - "0400a6123b122d7d0d766897b15ba6b18b3a975d3d8058c9d359c6c6594cc0dc07d9ef60" - "33224b4aed63d319cc2747c0660e38897b01ab5fad5e78f380aeffca8d15e60731720184" - "ed456800967b2ca47d482957d38409ca07ea798bd892b529774e44080eb8510e6a", - "0da042642b3117f30ea5f4b354047b164bd128696b8c00cc6fcc767246daf7483284e411" - "009e05218246830940178cb4ebabf1b", - "0e4ce613e6976e9e1c30c0c93214a0a37f0632de85eaa25464b69a251d592560b2039fc5" - "9b15ed7045c29c268693d7c9e06d8ce", - "0ff3ad5ca70aac94facd842fecdf6a28afbceab80b549507954b7dea6da06d1facd11e0a" - "88e9c2a549e6971a08d1af75aba8363"}, - {NID_sect409r1, NID_sha512, - "5719e50d939a8d74efb444eb5a77cda48cbb59e7f976cdb2ea2848bfc558718b39ce27b8" - "93c229db94bf77992222d1746f8f52f858f85124a28193ae0da039c53d484681785f3367" - "f6516fbb8a86560aea9e3428551facc98cdb1e9df8e2f37db823a7abc589f667b5c93c4c" - "47061400220a2014197d514217fc252cef5a2433", - "0384723c8b4a316b450d1fce0b2645912b8acaeb3cad50860cca43bdc0206ed5b3b60ebd" - "c29b3eda305d0d60eeaec261edc24d5", - "0400fb89d87ca4282ccd048606e4d321e7ca73244b4d0c9d3df87d54e038a14939138bff" - "33c81a9ddd64abdfd698bf103e45c96f97004ff7e1706688a53a5544f4ed0f3f5e1f0fbd" - "6f21174166d25a690f260766646cc6fb39020de9327199225e44f3d95c5984fda9", - "03a9f5f26eac81dc8ca0a17acc44322d43bfd18edcbafe24113f5e5fad0ef0a3db75ad1b" - "2422c7321593e41e76eb2a767a14268", - "0c311000c27539247059e4a8d789ed4db93fbaea021272a90045bf6fdd70f4f32cd1e195" - "b99ee6f03f4fb57c3a115ffeb459af1", - "00db8bb46fe0f99b4e6e1394a5db283e310b24d6006319986dd2c4cc169c775c89d4ad98" - "d0fdbc3c0bef6b7fb6b43ef21049bd8"}, - {NID_sect409r1, NID_sha512, - "c84e5702a339259a61b5ba8ec1957f23ffc4f1eeef3a58f383d3731bbaabfcf49ce2ebb5" - "97960ac5115a2af1c62b193d4ab6c24433d5f168a1752e40145f19aeb6dee889a53a4fad" - "d13eef60e28fcc7ed6a9b8b0ca286c1b3d66a4b2c327a629d15c148049e3a0ccdccf05cf" - "22c31956014595e417060627c8125bd7c00f8850", - "0bd3136647572fef3de51b12e64b36460bd3a27dc660c164fc705417339cab21f9e1f9be" - "0f3da926df459c5ba58b701d306e67a", - "0400f45e18834d1933a2a26e95467b6db85d8c3da372e607907798745cd9847bb8f8b51f" - "996c7293b51550144f227933ba26722685005d8b108eb3591b164745d116c80afdd48701" - "87061c75af9b0c3e87dc8262586af14f4d6b1504d274c07c8e89247196d8ce8166", - "047a494645b99a3469369b72cc918708ebf453957b49ac4e209f2edd7a4861d014543754" - "e37e1d1a0f477951a0ac2b5826a470a", - "09de9e0147e1a268f80836d7db43779ce12e7947caa851d109273ba7e7dc7fc52c601f5b" - "f69cffd5adf0695cd7db8de2a64781f", - "0561aa76e1e9f2c1d4aaf6e2da143f67166f09199e1705b631d650528e94d643768cd611" - "467284a9f543e50520e3e738e5d56b9"}, - {NID_sect409r1, NID_sha512, - "c90bf11d04a708e64b6f94d4cca64b92463eae878c377b188c82c1c5f05a038be20eca2e" - "18034d46f00d9a6fc73c4084981748ee9d2915d87aee4e2321f4f9e11c176f01281913e3" - "24700d9cb474b7134fcc408fb4a7006acd9e63d4578ed4c2729d8e0d01b1e6174a43a024" - "ad261eb644ae98979c3cdab75af357f6dbdf5db1", - "0495be0b0a9d357f6155fac008cec90442200bb842d89292fde38b7256e4117284a60249" - "b3101b3f19f778b680c0d1d7422b84a", - "04011119cd910d4e962f54c9776c9180e7eac2f71cb9748ace4b7dfd2d2b3caef4964c7a" - "55caa9763e008de600b727068eda9b98650000b48246cfb7c86e9dff4ba77a3a53dbb1ce" - "fa168026b8929c42c3b0251fee5746897916e50f07dfe8b57baab7964447a2fea9", - "0ad4ab5ecb84118c33a4b06d1a9f5d2c4f1f3dd1cf71af596eea771f851d0371d2d72593" - "c926d7b69b39cdf72931f6bb11d10cb", - "0e959201622673d81ca16ed94e9e5be3f38bb8db48f9c09a585aa31ff39f14128d79d604" - "a5f93c80aa961c85bbf99e276937f4d", - "083099697856c780936ac01aea5e3a4d9b6e183639cd200464a5cc05232df30ff5220dce" - "4e2af714c580d561b72dc4969166a6a"}, - {NID_sect409r1, NID_sha512, - "e9b2a33906a1079280100039787377c2971c378b92e70a38ab41dc23979d6fb0c41e53a2" - "1b37632407adac6f212341cf6af8605b4978c85c9c16960e1674247f1795cd73b99ff28c" - "dca024f5078490513c77114c2f52288f5376872c331151d7b2c08f7794f2c1f9e0d849d3" - "2d73636f0aa899988ca561a76f74543b37cbf3a3", - "079626354dfc4eeeb51fcf232ee9e6b0130c9bd40f15ed45606bb7faeca8f359e0c3e18b" - "f12769254522fd4077eb24bd5454871", - "04007ad047bb38bde6ae2593e1e41c36b7efbce1e0ad08def9b23d25b7ea9aa336eaf102" - "17df16d32ada4af03dc193d44e6c77e67700d2b9466ecf321605b9f4f952812410800720" - "3ac32cfdc7cb87e1790ebf4bae497fb87011e0a81068e66a840d29583bb970e24c", - "0074548d1a3df580e45babda6096f4c78cd70945ff190d9da463fbb03a511c45d45dd1c4" - "6dc0b9521579fb506bf015f8b835680", - "09e04e9ffc2cafdefb600cf61e803eb78cb416304210165fa7c93c1bfefb02cd4a255512" - "622d524141de02c2cbd193991dcef67", - "01a7960232455f27768acd825b8ef91d4efacc38684d05a900a8512682ce19787033cd08" - "c1f2412b481b88ad02dacc0ddaa0ec2"}, - {NID_sect409r1, NID_sha512, - "672db3fb8cc8e5f831be700498d3ab3aef14b7548e8011b21351215fb6dfa09460d18f52" - "c02c8815baf396d856a429bb9afd602a10c213af34db80447f4c06ab4bd28873c88eb963" - "9b199042d4b2cb13cc364f734fd4ab7bebede7dd4da63decc0cc1f84e34d760013f66d71" - "641073f16c08078880b67230f2d6c6bfe17d206b", - "0ab42bc7d0e3c23f8bcf928e25f9f027b56f270398a1d37bea0ee5426b944a9c9ba6d0d7" - "796899543feedb470f70b2ab148234f", - "0401415fe81100f208ec8afd5e882e5773a0c1d46e44627732900c7e1722cd77b3ae2443" - "8a8463bf571fd6bb422d7c583439c07cff019c3ef3688ed397640e873dcb20cee9755437" - "d0023646d05612e8c360717a2e80e80f2b85860d71f9876f3a68548da7099f601d", - "08b44ec25214602de46046b2c94a45f64e9d0903f6148dfedb76a80b8e6314e87bf7dce8" - "e73b14bb274a88fa39136a00537779b", - "00ec4c5bc88a959a1234413026700bf5d4287a0263fe75daa16693bf74cb5071a64eb187" - "78da0a31210347aaa33130602f6b597", - "0b6c29b9177e89880f3eee3aff204b866020b3bf77d7c31204af383d9770804660711a85" - "79a3f1ffe325f225fc7e7894ecc601f"}, - {NID_sect409r1, NID_sha512, - "d7fd06b89226cfd66671ce5b4b656228c52d986afa7f6f30161680eb0c9cca177992a8a8" - "c40167a64165c518c55f678702125709361b536bd928567c97737bd750d0e2e6e0c00296" - "a6ca565f7c05cc8c54ae7a4e0c334c6a968fc18a959c18ebbd924457701316a4e999fb11" - "084520dac68dc2d69187134c40891af0355ba89b", - "07f7aa2216164ba689459ee5d5ca29e70ef75a5b2a4416ab588df1dcb9164330c0b405a9" - "d80c3acc41c19f58e24e17ecbc0fa7b", - "0401decae837c7258ea9d90314ac87c57aa6d49828787054cc068edc1955245271acae72" - "dce5c9cba422bee54f22e11810721c1ed50024cdc9e1b27e5d4bd024654df000bc9a0181" - "f7c0f4a90572c75e16b679f4362446993f9920e2244527801e8f6b1e9398bd8382", - "0463202dff25e6b9c633b60a3edcffc1a22031cff44dc1b0a5769214693ba02038fe5dcf" - "b4a48db7ec49b33068061616daf2fa9", - "08c06b72b73dc2655645892447fc0c0f8055838b194e8fad99fc6bd50774e1ed08313eba" - "4141018af33af95a3faa20b69bcc0bb", - "0958f104326df6008135bfbaf5c2980cba2833af1b4f04b5918bb51ab0a0df637d6a4af9" - "02a5e07db3022c134c72315f25972c2"}, - {NID_sect409r1, NID_sha512, - "83b7e9d3ec638fef51d2885fff5490c94e2509c126608f82660e5fc523032f3e85d69d9b" - "76af145f6bd916dda35775abbb6d1902bf38880f8b9259822055c5b1bc726c51029972cf" - "7474cf2a812f3251aa71813476bff55598d079f075a40c6c41498bd865ce960c518bef75" - "a873b9d010965f342dc4b35ef5c5972efe6fdd18", - "021d84f070c6823a70f1a74225a472118c93ce9dc509aa6064051ca4574939dcfa96be86" - "2069424bdf1a23f62f2868326422e64", - "0400f568f018b0dc4400bca3e9e4b0e5bd5245f15dc7acbcf4360b0be2ea5abbb87a3cd7" - "6aa653d32858438051cbefbcc4feee6f6b01fdf1e1bd7a2d3825df14f8bf8d5de8250956" - "63c3014f2eeedb9bed3c3416d56f805b623f40b847090d6b4b3bd5abc98ea55e48", - "03344dc1cd950a9c3d039b6fb6af8c5745395d2a3343d86dc6670580e331d59f6c003436" - "7a6df52423a625d70292893961ceddc", - "0fb010ba41d651fcc854762fa1437262eadfcabb95b9502a40b50f20cb34fa19ec570dad" - "2e0521809ecdb2bff3f4e7055c02bec", - "05a9c2dc0c1f946ce33f2f434c156c236b09098365a7f31e238b4685e7cd8c86a0b2455e" - "5c83907167c1324bbb37e66e0b2768d"}, - {NID_sect409r1, NID_sha512, - "c62c7bcc860f0e175128e1127dacf935ce62ae794cc4a0ce7966bceb023ac0498641d728" - "1fbc86f9ef470bbc77f608f83f8d0dd6299cf08f2cdacc7a9642e4246df131820220e5c0" - "5d0dbfceda7f16b86add4793e9b6244d96b5c07cfa23574ceb43e8e8b5483192a92b301a" - "a3b37702b8f94f0129d8af1617896b34990c9b02", - "0b6645344d17528968c719091b6e2072388881dc10bdb4c7fbf41906cadf3699b30f9c1d" - "bfb4796d009480664e6276c0359e5db", - "0400b164b075b80fc8b8ec785d5c2ef84d49f2f4d276546c9cf2e17ea4d367828e9aaab9" - "85c5cd0882204e293dba0359d47d9bdc0500a0c61f181d5d06ff20d0c41cf6d6cf7fea86" - "0075cdcbbab2efa0950e2276dafd4258a39c0fe4c45f3c04f76efa7d41392b4d34", - "0c497c621c5cd230fb1e4a4cb3af1cc9d8edf4af5c4af7f15c4ad0a8835b54de52d83bdb" - "3433808a67628912a85c5d00aa222c9", - "00b22e5773aca4d97d2da846c3947bf9cf2474101a6f0d39d31629a6aa2a4c3a77076a67" - "1e37aeb4cee0a94e82e914c8c553e04", - "06ccd79ab93e344e6f112c1e4a39e8505a2aaf5cf85595cadc6ddd1afb0b1583d9334cf1" - "c48f26e5baa38e05b6b52f9f12c141f"}, - {NID_sect409r1, NID_sha512, - "b5bf38fd9e822925254418475a1ce762a94e336f12b156b1625a4574fee11ee472d537ef" - "94b4a4b1c0a73b0140d0b818cd06636653e6c07f0f100118242a7703756f1cb1119b3477" - "c4ced99cf45e07e83b7f2749c1a5f8d8c9272d221fe17f7c6a5fb0f8a16af46f232ce406" - "aaf565c6b2766a2f6528c82e74fa1c0a7fcfd49e", - "0f8c2f770cf5f8e1f900e996ecdcd84fcff5cd959777fd005d721a419123221a3237e398" - "34b270d37752470deaa6cea023c5058", - "0401f861984fa06f15b801216a1c33672cff43740f0f736b4f4abed5656a1bee33a2aec4" - "31680942f2b0b0dce9a9196b49263fe183018633f4e057bb6d70a434f919b9ce4b7d9e61" - "fbf46c1d9638100d77881755fe9829a69d696d555b1a26e25ac1a1c27b40f909a2", - "0bdd99022dd964306955c57b226aef036527eca481622618fa7395f53e60aa95a275f1f2" - "d6e7354d8b55d3e83c85819e818199d", - "02f1330f41a86c09205004215c24f42fe582da189906fb23fbcc52136fcb4970a33b8961" - "13eeabcec8151cf3b150eaf1ec2dd88", - "0439507edbd36ebe4fa5df34d220c1441e1a4175c9b0373fc85669facebb5bda7a4b415c" - "269a7add207b461525c6cc94b7f7b22"}, - {NID_sect409r1, NID_sha512, - "6d3474770933ec01b76be789304b6fda423b12a0ae8c87a5ea8d7ee9f71300f39440e1c7" - "f5aa4b47c1a8628cfc3a490b15ef292a741344f40a8fcdd02cf3863bf3e32d53031f5037" - "03deab17fc52b3d4032f4e237dcc27231b85d3fd60b49ed7ee40c3344948d87c3f47564d" - "20a11d50e4e520bd16c8701694fc70901a5da625", - "0144adae951fe897d5812ee4a16c0be4c86c5e57e615c398f5768a1223a9be20fa82cecc" - "f8a16a31432bbfd17e594a4cd8a6a07", - "0400bce072255f7cbaf565f82db122e9c582ffcfbefadab6d79680b2506792028b200ca7" - "732a98322c290916c66c8a8ef77df6a2e501b4b6f65e678223bdbe5f8ecb68573ae3d7f1" - "11dac37d4fe3c0eb768c461187fc5859b13452381fe676257aa445bc7f38b4919d", - "0128c12479b7f0630374880b214aa26e4e8626deca57148a6c6a0e37a97e89da8acbadbb" - "fe7db28a0c5bd17303e1342af711f25", - "0a95124ec95e35747fb568e6659ff31867a4cb7c00985b36584201d1bac0775653e0a8b5" - "4cd9a9067ab3de434bc2cdf29ae287b", - "0257e5410a6f0bd94fb3b5b10500fb45b501a3734f0c718035a9a1516d2f88e10d1e38b7" - "0c791028e262e0c3128cb84e6064ea3"}, - {NID_sect409r1, NID_sha512, - "92ba7aaf71f625f7a2e024058dc8739da3567c306da4a812ed9e1542b7d1e982c1608216" - "6a59720203f4524c3bd463a662c26a82ec7b4376545206e650eed0d3dd7909dfe3810981" - "393070d15c45dc4a75a8c5bdeba533cad1ec34fd20466a61e4cde3b25af9a80a9a54afdd" - "7de1cf2a74ba32d4ea0082a037775413c61a8d1f", - "0a51f065fb32c55bf4ff6f18ba9d488d35d9f8da593adb0ab1632533284e0adc43ccdbda" - "9d9507b9862ac63b5ae7b0f78b479bb", - "040080e2f7ef17a11ae66172cf1c18eab12aca4c2ae06b8106aa1066677a93538e3dca06" - "26e836249eb884a382c3b726736565c3c301e98d37a17ea736ae58eab093fa7dce3f1079" - "1ee9ef5ec00bfb27bf3c705dd633badc94642c385dcc276f9b1fd5e01dd76ce944", - "0d5cf7b3d28459db8dd69c314f6464f770c31f239a12656368c84c64693f23733661081d" - "20dca9bec9c9659a8124b57a71ffd55", - "072ba8c1b4bfeca62e96a5649e851e9a311d7685603a11c1c299f5ed8605adaf27cae656" - "cd31335a7ae363cbae5dc7a39512c1b", - "01bb9819d25a211548461de4ff973ffbf475230baa161558d9cb7ee6f2e682dad21a465f" - "c2ae058121224f8680296d30e3692cc"}, - {NID_sect409r1, NID_sha512, - "b3fb9e48c333201324755a81f3ae5d4f0e2ae7cd24238fcc66d858e3aeb1ee03328660d6" - "399676eb1b7d8285ba571e214d935bb45516fccfab57b8eb4c3d5f1d7357c768eb7b5e7b" - "5710f599614bd4e92706eaba31f8a5e7e57af7ed13066af50b4540ccdc126b677789920c" - "ef8543907f0ba9dc92aae343d3425bd784ef483d", - "095351c0bc07acfabe6477fe85f97eab520dc96bdd58b44b036328ceadaa56a1904d2217" - "c5fd25155ff2aaf9005a3e2687fec81", - "0401c1311230cfdf5824323448c68ead5e5885ba540a21ff90b951f85d84d78e26da035b" - "fd99341b5901e1ebb18648a8dbb996fc9d0017a037929496e560cd1c936d9eb15f79fbff" - "737201dd880a69dfec31209faf5bd2846e3e664c668ad3d6500c5ed620f1bcc970", - "02234bafb54cad0d0d51f4b8508dbc8d014c303d90d21bc3f749ed7acc42f0335c5ab6d6" - "0002d3bb57cf07018e9c13b92c0a39f", - "04d0609f06320d69870a3e66f19cd46a2e0e3e13fb8b7785163a7b567bf2c0f437b4e30c" - "c67da288a3b34ce3110f6d87affe0f5", - "06c46d0248f7c309c1e5b80ac4b1459bf897e42f8f037031f5bbce0fde50af50cfdc4f60" - "d5ad3d1af152298cfe77dcab287874d"}, - {NID_sect409r1, NID_sha512, - "9ec5f7d65082264b8a50be772c44277a73ed19199eb275fe5976f9799d8629fcb4a59a8d" - "55074cd2eb2a0e02062d3f7cdeb05e62931a24fd1aaf14c257944d1b42eebd52726d6fe2" - "81211b39038e52baae077ea4df89675d860d6ba5a0f998d049614201b872e134367acc90" - "066ac602e478ac3e43c3ddf4b0ca0aac1a68591a", - "050245c1682344fef23bd549ac8d1e8e44b2840c43eec1cecd33daa4e9ef6b53f496104d" - "7432e14248682cfd6f5b4853b65adac", - "0400d2f8fe524b2108e375c9603598b555d6c4c7724c7d11039178037b3a4dc82b66c3ae" - "ffcccd89cc34dc2b2f6695892323bdd80501f98df95fc1837ec4d5239cf55e97d6b489b0" - "a8d7bf12c1ccf95f689ad23e46dcf20dbb531f5179e754f0c29c8757a1dc67493b", - "0c683f98253406c6587d87c57991fe5caa3f43b451875859feeb81176b732f1c1eed0ee4" - "4d1905d41922878617e03dac53562a7", - "00cdc9bc7d670a1b6794fd7da82d2ad1a0e92b82ae32656ddec3aca4de75f407f20fe782" - "daa0004317fa3f12cefc48518298d5d", - "03ee7c75810c2c05946b53e2f24feaa697af35174402c069b9fb03d89d73964c997eca4a" - "5d6f9482cb23c8ce337a374ffc3e186"}, - {NID_sect409r1, NID_sha512, - "61d657bf472676301503f6784b7286fb39fb4186bb88abf1edacb4a2693d0a1e2b77bbf2" - "758c84f2cbfd1753e20841b1cd4b456400d53f4d686e666943f9b6ffcdb77f510be97536" - "e9698fc84ae347d483bc8984548d1cf86b9b40d360f9c0dc5bd1c55868e26fce1460ba94" - "ef5e94eb63c9f0776a0f446c0cfd4106d9f36352", - "08d3b0277f0e9fe54581d3a9499ccd7f015c08339591326859af969d2a26284e3b3beac4" - "a0b74d324ce5cb5f38c7995e4e3a41f", - "0400ae18564ac04b54769e17df84aa54903df58decb870591dad73dbd712693d901f3f9a" - "d43a71f23b77705de2b4ec1c3bc616356f019810f92e80560979ac6e72bee505dcdef15b" - "4146185d2f8f5a955a4555523d982c34bbfc1326024410dbad3349e4c4e01c242d", - "0e52dea77fc59298cb06fb1401d11c662a04500f0470965c4cfaded13b339bde52f4fa04" - "c76a955faac16784f443b1ad9dfa0bc", - "00c917d487d2aae1651d76147de2a706a01c8b3d223afde7d20c9dd77cc2329bd3e0e4fc" - "01255b7c4ed1baae7d26667bc2e9ec6", - "0058c766fd514a405de91a4b9e99fc0b0146d954dc2e2decc2f3f066d0fe192832ad37a9" - "40949ca4e9abae0602248b3b56100ce"}, - {NID_sect571r1, NID_sha224, - "8e14f713a2c427b1f79491033994f76acbead614d12e73ac6f3f518f2052a10c1273aabe" - "628ab38e0d3d5f8ff254802e9f44a51367bf80325b6fc39d907a37f731372864747b1074" - "9ea5cb3d3a83da39c21a7b02885a8c1770e4397cedc958e4baa21d5007569dc9dd1e45d2" - "181709d900a394454090badbd0cd9c2cd2369aad", - "0f42afce7f7b3d45f3f925ab29fc3882a89c9f585177887584703cf8bd8fc572e677adfa" - "55b402446fe1e90dc855358d92c3267c35be9674b40c2ad5ce8dbe6a533c44b0ad8d2b2", - "04063dbcfc2d9171a7cc1835c1f56ecadcb59aa6d5852fde264ab25603f06817a20f2787" - "446445be8b2ba05c70fa25d9b9e34d5374febffeb536facd3da52d43d69fa7af4d4792c7" - "9207686e0629de47916af19f9013f65fa3b5f9d196916cab2f765aff31adb5a959515e83" - "fe3e00e91843c532041ba15f047e978bf2fc69627bb5cd7f3ecd74cdf1a8d623c1efd23f" - "c0", - "3fae665eb7a54f51c522ad5721d9e2648f13f3d84e3d64c8148d59c662872b5cb7d911c2" - "7bf45884f2ef717d72bd0569d9901f2308d9a68d128c042effea148cc963a8252f1426e", - "1df705ef13ce900ed61babed02e121dacd55a881ae32bd4f834fa8e362d059223b29ff3d" - "b835fa2b2db8fdb98c21dda5ef744cf24d0a798f501afa3a720a238ebd4fe3976a179b8", - "1b1e98db422fd48f1dfa049f38865f8bf9ec5618fdbfb50f21cc838051a1493e4b1e4f9e" - "a81156481e5fd84124fbab740421173862c63920e3a833aebf0762e7b5b39a1591d27c8"}, - {NID_sect571r1, NID_sha224, - "38b60d27ff08fb191811036dbfd5b39e1cc3427ff70efb67c851e9cb407f9fac6f348d28" - "9df98d055eec73299fcac068bd0fd9ffa3c5d244659e4f714a58d79f6727f323a7ee2636" - "9000e90e34e106f99f5ae2ae1b64ee89e5a1d304ef20c071a7773e9b977ed3d49f467d30" - "0a881c8371041394910f9c366942449045568f01", - "2f36613043cbf53ad36e2b38998bb867503359ae082d07d040e5a10a43e06ba9c91e7c73" - "308e41e2391b65e634f83b162cbdf4e7a44ad818fb93a978af00f06be06731d8c5886c6", - "0400fe1afd356670e1dc6bc195f9513f1dc6b03017416b5252c7b56153da538422e557d9" - "918298ba6c78283efa0288c0ac61298846a6f8adf74df21747cbe7c18a2b825a330e843c" - "d8018b7659f0a7e8e7ae5d636ea4d1d5f3a1f846d4bf3dfbd96c6ae874354db6faedf02f" - "75c4d1d8bd6a3b61e70ce58e38ea5de8cc16828f87a0667614f6640a3023b7f4aa93fba5" - "77", - "3fe351ff6ddf50752f7dfd8e5a72c9faad77dbea303fd97dc939eaad3aa7fed466fc8939" - "a7a6bb7abee63455284a5338e59dc067236dd699bdeeae1424d993a9c76fb2fe9595423", - "04a0e13a9fde9f2fef417199f8584d0f60b2f04aa6b7524cd2a2826d63043b2188ca977c" - "9567fc1ff292ed480dabc01589db8734c15aadb4ff54a552a7d9e66829fec1dc919dae6", - "01bc7d2c4ca9300d7a3001755ef25231d2852a7b9a3e91baf21f2a2bd2ff305be8a9de1d" - "1bcd7bd9eac4ce12ecf8a91c0a409726085382fb8d2428adf1b42b37b50c9e8e0535d7e"}, - {NID_sect571r1, NID_sha224, - "21709eeaf9e1953822294a478dfacfb205fc25f447a73a76a32601c00784cbf2f9ebd41c" - "22721d70cdb3842dcaff4a4f208d41c0816990e421cc4b8538ac2f347cdd0aa2a39f1aa2" - "6ace8cb6a606b23f6244894d4594a0f6a5b8f6a695fd66e1a41e2eb6a377017177fec56b" - "b58c837e311cd04c5b50575faee32606b9636ec1", - "2e74948c46930cbcd9dbe2325539c7dfdd910f309fd610e6599d425aad9ae230a8d46819" - "70a14f2a71fd08030d0a40ff40dade7de1b06a80441bbf7e2fcf1809cff39c7ef88bf9f", - "0401b75f2d281592c288fe6d5479a4e21ef626471819850cbbdf814593bae7e6ce2a35a9" - "78aea354649d979f161543fd4c12dae0efcdc2d95e82ae5874b9c04a2143535097b8a17c" - "6800c7160c2efa3aea1d18afc1a00b47209dfc750a5317ddebff04bc4d181f238d339a76" - "90c24e55be2cb0c01719d34ec986a07727f2e412aa72434efef4d64ecf7c16e2e75ebd7a" - "d8", - "0d3ae3d8e5e01ad838a7cc9a4d9b3e41eaf9894aed1d1ba597458391d4a2ae38c5d6efdb" - "4d91761a415812d77fd9ceaebbf1ad49c282e693d71d89f0e2d1bbd94698a47f1f30890", - "1e2e9e2633885c85f70208de30ae9b7f72950e2de980607f6d0e73fc1fb2a4a8afc63882" - "06c11b081540bb528a94e5386ce77a2d5c7830fca19223d57c1efe7ac488e69ae07e660", - "1250d1b920324919ef81865513db461409f6f8ad82f658dbfccfae4425906da306ba10ca" - "c84cf5379b6c1d8b252f3c6f86439413c617deadfad38a234bf2b0050fdabf7719bcc9e"}, - {NID_sect571r1, NID_sha224, - "3a131fabf3dc97334f212fce41c44300440d16de1d6060450875f7276f53c026e2a51168" - "1b5a8d75fc0d578546339542833145f7ee13c708df33e584445a75a5538829286480d339" - "be7c777c03c998a6d3f037b25799ab2d541021502a0b02a9b9c337a8b176c4f30e5b1864" - "85a6103b1d1563ad4ae73ca806a5e4daa92e9100", - "1b5fab1d36f6f6d559f65d8b01edba610620fc3a38307b1fb1c5bd63e7ffbd4a9098cb8b" - "df50975a873f5d047ee2b627b090897a7fb5f56d3f4a0f3528179e7c969926fc0d3b0e5", - "0405eb8c5a2bfc86aa9a82830d665296f74aeffa9c5b38750d0ff51d01c2dd0fb6f2209f" - "8ba89ff07297ab9b1b06168757f48cb6eee618a7b44f1b3902187c33208288f35a066659" - "2005334c203f4ee44fdfd5f99686b18696b3433f203dd148324dcfaa03a0a250cf606486" - "ef11ebcc1ed1839a76ad70909d835a4b30a014104a6ecbb284b33f50bfec33d8b5ede85a" - "c5", - "243889e7ad32076a3ea436356eb572c1b4ae402d0218d3ee43927eca0b4fc21a19926eea" - "35c37f09de4766f54e6079c34fb3c174afb953be1aac46d675bd300e717dfc2d0c3fae7", - "1d87b52dde9f502f02a502e7a331ca6dfc6204922fb94886efbe3013446d08240f6dba12" - "10a76eaf804562aa92a14d220d59b6310d6caea0274a5e1e8aa3c6b57f239191a71fe3d", - "2a5342df6908841b719f80ff905cee0ec3fd8be46396922c3f2f142393714b97128e0839" - "07a3a2343f0cf9aac73313279ed29eb44017e2a1cdd0fc86e4b7c536e9f7eb1bbd192a7"}, - {NID_sect571r1, NID_sha224, - "679d85a762f2574b0b31b516270b7d33d5e166c83e91a0f48e0f3db20b52f42f9e6ee964" - "8cf58267ffe3b713723cf3df52b5fab5c14db1e7189f7cb7170bc6ec7cc71946745e152b" - "39180f828688a5b6c0b2957ab94283b90052a3c6e36843c391aa8810f9253b639a8d5a69" - "aec10070603ad7a99dcedb544858d057a1d66b89", - "383e70c71b431eedd4574f65d01fb0304f7744d668408c847f7899eae44770a7f3243109" - "740f177d7146a27748886b7b77ecf3792b512e8d8e37c3bf4ecef2b1253df7066498f01", - "040769dd91fad550980225877d98f7c86963c88be141f91f7a3f1607e0cc6dab767aaa6c" - "eabaf46b65a7c80b6a494b0dac1da5d2fc8c5b07ef7085ed1bbdf4273da3665a6517ea1e" - "5a0282fb94b4726472248f01ee43607f7ef969446313e849998fbf0058c8ad5e24457006" - "b84fc0460b74d86ca281caa174e69fbb68673e1d28ccba17eae045eabc1839870831246a" - "14", - "336909099a1540e6f69172d55e0c88a1afa99808005bf09cc803ae1e4e4fbeac2f77f984" - "bddb482f1f13e4430e25e36962b1a4cae00f1fcd7f2c7a17372c91673d8286f9829bbdc", - "290055d578012a5b7d88fe2f70581a0fff976756b4581875cf5db07e01f09c0bdf6ab70f" - "fb5839567583d53c68e31a27c3fde12bd4f1e1315af2f742746277b1fb1349141ed3043", - "1480c63c8b90c7b51e092597fd8391a237b07f0ff7dbf615e6bdddd5aa880db29c9b9add" - "5bde7e0e81d9a37f852c26f21d750cd2f95520d16da7404c2c3feee1489aff09f298d7f"}, - {NID_sect571r1, NID_sha224, - "236152ad31ce2ffc0dead3c142cf6c770672cd2e75af4a82fda1a72e1c775cec9b481c6f" - "3e411644df7e7ee901c501405620af4b6e9667dfd46091788daa95ef2c6c9f5c240c06b1" - "5cb0df51f5f058d8a7934bd7845f007a35f99fa97200b20f3b5b14fbf1e372507f3b2f37" - "7e8d07d30fd3e222f398f26d8f428e320327f901", - "02261d4ead21f02fab19bbb0da8c272286704c8f0c6842ba47ded121e5cddef79fb34e6b" - "9694f725ca502949faecfb21e3cc062a2b4c654bd542d9a1fe8d97bdd0905c510aa0999", - "0403ef03980ea9b754b655948da63469fe526ff0ba2c0f572981d02f5693bff620b55b8e" - "9e9f9d553a78a0138072369775c7976f028631e65887cbed62fb447c9f41da86022f4b41" - "ef04446eed90f2716a7aedefa1385db9f5f803434517fcd80571adc9b7f086c9787b7630" - "6380a375668b05fbed30922746fecc0cc16f189dddab676516ed1fe4d02855a34a909753" - "89", - "0b309f6c53dee8a8956358df45e72126ec76266d38babff185d4db1d449c8fa9baa4b065" - "1af5f5b0aa70dee3dd55623060097e2f94ed12636961a7c0744b38f2f137bca239f974b", - "2b42395206ae79bd9df1c729856101ec3c4a719616701f836c9d69b542b59ce973d91951" - "853f89a0717abd4b929bc69e59cc379c941349dfb4f98d49f9dff572c614242fd370e56", - "1ecad482a8eadec6800a9d876a382125eafaa7bbd950fe5f0588126764126eb1b3844240" - "15c52ed6a335668506f25124aa78d98ec5739fe282af0c143c07da0fca53b9733e159b8"}, - {NID_sect571r1, NID_sha224, - "ba3f02c4847fae035d747db246fe4e82fb9224ff9cf568a6ae548f5dc2befb2079541d2c" - "f9aaa6b18c281a05e7ddfcdbcefb25f41dd91cb3092b3343e16985e91c912215cd99ae4a" - "099baf628e33a7b277e3c36a13aaef85418fca99f64d73b789f23ecbb76c3095ade0a5f7" - "f34836a98c5be933b44a94a2eaa3f99b1d8e7937", - "316c78f289e1860bb623082be9d9238b88e38c5e978a868bb90f776235bdff4eff591877" - "b7f350cf14c40356922b2b6aa51d64990360b2b0e44d6941b5dd9492b4f4e1f42ca163a", - "0406f4137a2c63b6b79138027464135021b034f97bcb2493943df6be844f1657a97632ac" - "80541a3b43ccc828789517efdd9f86ba171c1262a07a6b337bdb0c8d5f018302a8046a1a" - "8c0425cf553554d18f6cc97f0caca2a7eebbf266d57030014273f701562d5b1444240b9d" - "22060ac9bebb37deec393cebdad21ec7f13fe5c7f1752b4261cc2feddeb737284a6eec36" - "63", - "1e0321344bf364f1ede39a49c8051f36875ad78e4b080ece9088111739041b121f3f334c" - "6e923777fd716a52be669d6e45f381da11262fb4d09ad66dea74ca115838e19fe94b7f9", - "04f24ec978c52ffc7675a09334a895e044eb8eaf04d26c094d7607b77ac4168a02a972f5" - "77880a0d0c73f218815e3a7a70c91c50734c08d374a15fb42fd13367dbbe08fe9c2d4b5", - "060740270df0e1fdfb8e829c9601b9901223b19d07e9d7d422b9bade88a50fd6d4ec9684" - "2afc45900a0107ce85ea6d083d66ae202dba3a32e50c7c3af951cac7acdc6f4c406740b"}, - {NID_sect571r1, NID_sha224, - "6d0372b40559e075af56af853cbe18ba2d471b0fc8917764abcc69102b03d5bbe1fc1245" - "8215be66409c26c89f67c72a8933677a07f88993af6918acb074fa915fe883b24bc3d191" - "ff1b08852f07eda98977e70eba072d8bf189cd545230f59559ac05f1fa3f4e65886d0bc2" - "74a6e02e2399812b2bf91abae81e21279c5de996", - "2c1bc13f8320d97a82f3d9354e195481902214e16a4fd89332a0499208e91d50e5cabeb4" - "927ba030cb42f5bc53b10f500fa646a8c88508cb0d63ebfce5c4bd574c527d686c735ce", - "0402210791ca48aafed20de84ef9896a9c7584081f850b75884908c7b3dccc94e221401a" - "6ffd982f292a9d5f9c1d066ed493da948ac7e93977dabd7b820bfc0fd21cd8d99c072bb6" - "9c033574c6ce7da749ceb480b4e00bb1a58203bbbca5c16923992cc9767aba5483e4d46e" - "d39e71000a1fe920a4c1c211a14e63ace03635a2d77e72808e0664334890b819b3caff64" - "a3", - "2e3db2d82c4b9de2bc0dd0a93c1c5b385f75ad03d0da527a034da2876b42e43cd88dc648" - "33efef54af902d85c568bb8e71684bb16b28c32d80bb3e9911cb1b74be6ec520d99b381", - "065f4715e87ca3541ea695878ed5ccb7d2ea6eed5d6fc5ec29f9aa8deb4001cc7c06185d" - "6ab2dde4347344d44f8300a1e92513af4690d713762336d2e6a94d3324a224f06eeadeb", - "20104e0767530ce2f4351af4977b52339f34d13e458de0482bcd58ab38ee041c9adc7b05" - "650260d919b2648e2f820407fd60a8d6b4b991b86eaf29c2c4d12d3b0b45cac2ab22c5a"}, - {NID_sect571r1, NID_sha224, - "bbfe66c82bc060bd14fd0e40769d9b3a026eb447550dd9f118c30d8448f725f8366edef0" - "42447962ba7f7f833b9e9094d0ff600714697e632626e7d12a592e040bdcee166dcda939" - "52323191021bd12f3b1647d0f25a41739994659dcbb19333ca30f46f539c6f0a5c354cda" - "8969a1eda572a309950c84c7607eb8ac20163912", - "13bd80eafa67663e75d7ae139bf285d2b9f1e03d8e32153c73e26d06e86d7acad22bde9f" - "121a3f1ea674dcc1fe67bc7f5398d5e92555056bc046a02b0ba86c2a0dfe32e91add5b6", - "0404c01fef7f2fd8ee61726af1a2d046c7ac67716403b99e021082e96d733368c6c64d04" - "6986fb01a6b55cc930517762387eb2fa4a8eda23c700d88065bced8595188760170881a3" - "290189bfdc8e7a710522ab5416182c9579ca255c5009e6ee6604ab033c1388639c0f7aad" - "84642290954db9f4f7fbffd17481eabed38151160457d68ebdfd8695b5035e4e6e06532c" - "0d", - "3c5868345c5314aad5ed3a74488a85b2f049396022cdd1de855a0b33c2877f72e871805a" - "f3ed8fd7e7a392c4ff63acac6a6f0c431ce7af680984e8c81d0350abe491a01f0f9268f", - "0c7e96b9e9a5935ccd51b901aadab6e01ebde44f57e6f0b84e7b58ab4f62ffc0f3f3f980" - "665c581ee3de233ee49d11599529348f1ad3d362837c041cf98192bb324f577e973e1c7", - "2226922271fe8307bf597742618ea9c1c271c22c25b49aaa7c9292a81ecce2a55250415e" - "a2ec8ffec54bf0508e64426cb9cd7177265fecc40e056e96cab661485e789f0c435b72b"}, - {NID_sect571r1, NID_sha224, - "b35e9bf686717ce3b16a59963a32a2116130453b161a4e7ceb27b755856add836d779696" - "edcaee3b5c986523891c8836109d431e55c23afbca022437ad19e6777efabb6da3bba1f5" - "f44f905395b4cc7c9210590fd38da621582d059598e5e4569e904358e0dfc0dbfda4ce75" - "538aa97480912852bccd433a9b96c9c66e9597d2", - "30834b0a4284097cdda2ada6947c6c281f7290a49b56becefea1e2788ea3ef78fb968076" - "33c47c25138341768b241164ce0d42f7301728b928be2c047f2eb60fc2f844ab77306d2", - "04003a21f0d8e01a64b235cc455c291e3fec8de12682f05544de207d910c7c24c4cd56f3" - "354500d994380ebaa0b49a7604c6233a9aa24934c550c0e609f65fd4073cd6c1ee4170d7" - "7e067c83513e4acbdeb8343b3add40261edbf7c8fe0af7417264830edabfc40200283b92" - "484630741378b997c3f8bed7285decc6ef8633aa804b3846d3b4517e5ad836dbb1df4758" - "18", - "0031afb24fbc52b01480754837cd84a5165d5f2ad1a1d572b92ab546c049413806f0f523" - "9a77c751af4d57a84786ed1c11bc76123a82e7db3c0495b2fdc5fb9c8720eb7afb640c1", - "07a222cddfaea617f1190a0bd88af4d1983d2543dfba25c5036fe24529bbe2e382de89dc" - "1e36c1f6df59c8291d1c4277198084902e5619b64128c265bcf03b7d8cd6b663c225f11", - "1ca84c146ebbd16300b813621d503d8c754e4b11446d5ee31cbebc71f4b85ed09c5c94bb" - "dfc3570e8882ef790393234c5ee9e52f7d5b74ff4171d930af817eafc40ef203a1ce613"}, - {NID_sect571r1, NID_sha224, - "57b5ae7e95c638b258d1e09b3fcb4341e203f5706862e199b103c8fdac72cbc5155e5cf8" - "b300a0b3fb0ce1f897c45f7aefcc528182f73dd450cd84d5fe9eadff3f704dc2a01b4e84" - "7c22df430efd1c66b0199f3e5b59348af5386962a5ef25204fd230b54d58d7fae801c086" - "f8f405d3d0aa7a9a9da15c22b868817cd897d853", - "0c81a79ced1eaaafc31b69a40d9939f4e484d625db6364a8e589b6b4d336d458b44287ea" - "6c6aa7661113fc07806b147ff98216fa0c08708dc9d651821b922741deda522b4e436ad", - "04025f9b767b8796466c1cc8a1fe6286d591c04a0d115133fc7910640032b898a5c86547" - "f57794e5aac0148996151d3ecbe0d5939dbff5722679ecff378e3f21bbf1354b1eb294d1" - "a30074c2b91ef3472e60426d2fe182ccc678aa0abb8dda15a428e4f6f1ac401b015b2b7d" - "83535a0a92770cff7666659e1cd33941bea1168cffde82db0ea83668c2d387e6f4bdf28c" - "c5", - "27b407a29553203b829a87eb25d6d140e41184634ae1c64c6ec38e9012d0b06a1f4ad987" - "7d7ac4236a22145095990233e6c102a0052ba18cf6e47e289cce4f2ca21514d8868bd68", - "02416e11fe2f8e4738ecff1710dc827f4e03c8e7f04a4f52e755f0c1676abbd122eb9751" - "ec1fdf6c7ba04b4e29f8dee52bff7e9e726e28cb3de6f9abf2dbf58c0519ccc7d70f076", - "0b96f107a26097a468c1d410bf90e223cd72c5ec98d4ee4ec2e32259d7670d7e7689e62d" - "36549086139f6111884530e20f908d7be1edab75180c81a70ece341f7eda6e4a43a5ad3"}, - {NID_sect571r1, NID_sha224, - "daebfef74b452f039c999ba0528be3bd9e16deb5f46f6eae87b63db8b89952c949fd7db0" - "8311871eb2596865eed107aa065f030226ea675ee3256c31a3f85ddf4c21760582144e07" - "af208f33c5f47cc026db5403186a65a47940691ea2d74ffb1245676260ef5717dd879d8b" - "5b72d96f87fef5f762d4fd17454cb5ed83d8a11f", - "2f24670c0f77d2ca0266a743023d2c7413d56d0b5ec77b454ac59087efc4ea4d46179e10" - "278e4ba416ffd8c3f9786ed202faf8251c0ef5a9ea5371fbb35b7afe3d15a9cb4bad975", - "0402da72b8ae64c5ee717c33758ec26153a342936f9d41dcbb136590e1303b0e220ee84c" - "8a06b83d4d9fc924b8808de94dbd780cc8243bc4448efd27dfaa1572aae6abe574be6649" - "3903b3a95d962c48a81c48713247801e4ee630ec7956c9989023ba16f02f5bd1ef2edcdd" - "1c8d314be933225c64b7f8a80542b209b944e1f3fab95795ffa134e7e28e82307dc62c29" - "62", - "2bbb9abd2732994011c8d294c5342e8b1f7f3c1f5718187e9f75832604b43bf75abad5dd" - "c85e8d92cdc42656cc9f3349afad3f9022ccbb4937d9ffa9cf48314b604e82bda13475e", - "3986059f2e096a3675215698e23b53f471c578891f6d721a34a0d231d16348d5bf9853c7" - "9c4f4aa94642ad06cb7bfd11f724800cb5477636b6fc0586fb6efb8eb9bbef62329a884", - "2beda064eb3ffa1c3b5336613704b3bc3d4ff7b0e977df16477c7e33d480d678804bbdc0" - "8088186fbc4764be398a26c13f88bdd23e844be0d7ce598bb87c1b3430da02ae96b3767"}, - {NID_sect571r1, NID_sha224, - "62af0493ae79d71b552c4647d1fb7ab2f282a91cd44aebd8ef344dfd77b521b0c0a3f72e" - "4513c8ecc0e4b84efef3df9482a07ccc1b740c571c5e69cb913740a792aa231b9dc87edf" - "b72bac188293c6c6e788cb3dff32e8f483f8f34e21ee7efec71302cc3bdbfa47908a135f" - "6ef3ff179dcef26d1a3987f7be967a6c0f799b0c", - "20985f2c6fe3ea04bdbab66a8b6167e5969c073b9d53cf3c77cebbf73f4dbf75e601620e" - "c9c3107bf3fbfc6c79f8f063409bf8fe1d14b19e323d857e23dc05157d270c7514137e4", - "040010712d50ba7752962b140cfb943d9e8dc3bfa497bfe81c42606f4da5157656fe2ba5" - "cfd33ddffa0f27fabef8e267688943514df45e642ee0454e05b49f7c00f5785777897d22" - "5b01a2c7db6595c6d4c55110210c564cf102739760e7f5a29706fcb2515d99ca00949d5b" - "4f291716d0aa1e3a47efb9632410f60e2fee1ada47171f902f632bee85da75c7f3c895c2" - "4e", - "2f26eaba6452e687af452d5e1208fa011e4c84ada92a38f0a204a254641c23ffe1c184fa" - "8bfaff047db590ab40accda408717e4f30811b75cf3a5877ef99279476ab924d92565bf", - "1280adcac1c79352635f4165f9c5c1b6e1e6e33bd74d781773f483f637462f80340f8d22" - "cb24c9db5e49ace95a676df3dde53c8721f672006382ff806410bfcdbceda50e53285e6", - "07dd52973ef30dbd480047732622fb1b695fe3cfd080264d2aa30a6ff3dab4ab362518c4" - "f3de4fae042fce78c0c8fa0e763eb187eae2ff8f2e79b3f38cc3c1aea897e1f28b71a19"}, - {NID_sect571r1, NID_sha224, - "566f17851951777ebea3f8285610cd8ee5f882a68e7a4205e6fc9e2d66d210ee2505ee73" - "d6503169f7b903012d43e7e99efa493a8e6ef926b16b9ad8f52156840ab561fc6b680120" - "a88714fd66d1d0742189bf06c155e1138ee5314707173f7352e2cea0fc26e1553643f249" - "0428718e44afd8372cbb7bf5b88234318ebf4355", - "2b3d641607b8a141f876f6d285ee46aea543880e772dadd5dd83d595b9643191d9597218" - "e1d6adb081df133304037bcd2c05c24a54e6c4cca64fb2cc4569d6882315360059496d8", - "04042f2bffe25142ac6c1af26643b0f1c317b34950a8a0f112a0cd4ea4131303674328e0" - "bed5d9bc7ffcbb9712387cf67129365b4fa8a9e785b787c170463b24f6a7962c1e003c87" - "320070962ac4d3220f367f18caa7ceaadcb82fdba45cd2c034a97aab71f7f7546c09736c" - "b080c10d9a95a5f984aa4a3ed32d22636a7b3d5ab29c86d85db59f6f17ba29eb220bb141" - "b5", - "23d7021f5376e7b11be07288a0e47b4326c026df80d7e08c9a0fff11deccdadd479dad50" - "3ef2d4fa3f0ab2aada604b57fa7e09dbf5c8d493070b5faebb27cf68ad0b78bb6f3a9aa", - "3059720e7a2dfff03789e7a514f75f2af5ed18cf1568fa2a5354dcddc9d3c7a90605e9b9" - "a3d0d6fbfebddd615cdd52845ff922873079e06c4f349f7798410ee18e0c69045193668", - "1cc40209692cf5f8ed8b82372c95033e4199d378a28b9edcba516820ba21af1bcf5c5df2" - "ef4146b91fd37dff89ec8f9962eecce5c5e285d76a5f03eaf99fa132e98cc40ad66c296"}, - {NID_sect571r1, NID_sha224, - "25155825fc4f9a1c4dd1db837008e7e2594a879052431f5bfc76d0d2565b8fa726008bef" - "aeddceef73f3c60fa2cdf6d9a70e56d27210bd013034b38861ae49640ef208d3fe294ac4" - "362f8eea44f58af3af8a9167a36b5acafb7ec95652d5885a0e08067ce1dfbb45a0c89ad1" - "acb53eb404bf88fa5c3c463a0f912b5a2522a0d9", - "1afeb5ca87c81025ddf09c2b2c5ee22ba0105c0e619b67a324467485bd839030d149fee4" - "4d8bac6f5902a1245a50c3437046b7c89a84116b2147cddc645b6d2fd24d68e8d53bf5b", - "040119c46988a79e3ae8833ef096b0a1e2886c4b114ccfe881886859abc031df2b1e7581" - "8c82be8c5abafcbc5d7b3b8344e98e3f413d737938845e6eab5aec7e507f7baf0d339a36" - "2f03190912dfb5a1a31fbbbb50784b18051489a3cc0f44c42c71d3a54886ecf40507c324" - "0395e8ced37b5253b915fdedd38f75bb26df2a0a8edba865f898a15f2d96f632f7f06388" - "64", - "1facccc127c856db1994c4d9e9c76de6bffff81a88d7aa0ca1645e250e07674fba734479" - "11c5b47a1aae815d5e96164854636d3168d0344b2d2d913127011b6434d5a5e545d3bcd", - "21da49326f39577ee9f65cee64006525de88a834365a00f4f8cfb9a01dcfd6349a3d06bf" - "95990a2c17b7e95cc0589714b7a795c7016b29bc844ae9031488ca354548976eed68415", - "3364def38a8ee3116cbd971794c859776107154234d8b198efb19655647bb9228c7c6be2" - "e703672f795ed37481e994b6764d0b7c1bbeb2bd1db90b34f460278a54bd480bf4e9adf"}, - {NID_sect571r1, NID_sha256, - "29acb0fca27e2a10d7b9e7e84a79af73e420abdb0f80dd2665696638951b52dd39ca0281" - "66b47a3b6a2eaeceb1a11c152383f0bec64e862db1c249672b3770909f775b794e0b9b28" - "a5ec8635a996d912d837a5f22471b40ec2e84701a8804127a9f1a0b3c96ff654700bad31" - "67240c2518fb5dedcc1be9f56a807083e587bc56", - "32c97639b69c7cdbf419286d0a1b406d9b1f2886521a8b979a36118d2a368aace5b02dd8" - "c515f2041e6fb9f026d1e82e789dc826a56d2ef732b1bb0f49be2b696ab5d3d5694a2de", - "0400087ff1d8a4644edebd43c2d43d49e140940d215f272676fdfb72ccf58a12021de3d6" - "68f2766848044ac404fb45cf6e18fc6700f87aa53b4fac1e35e1731814f8a9d0233e2942" - "d7029fad3638177541d8392111064837bfa77b4455c21c5f7652e3fb302f4bff4a35b74d" - "e8aff3806538ef9ac86964cff755a81cb3002b6fb241ffcae8ac9621b8e034967d650836" - "ee", - "16a06e3d25873f6dae16bb2e569720ee9c6ae7b5ba36854c321a80be8b4be502b895e1a3" - "d161b001f6cbcf53d164b5485d8a5efa0476f581f9c79b3a291025be01a435e2fc5ded3", - "347138a43f3ed1a1a26f5f11549eb8a41f64aad302b6383879886216ebb6d08a4ce270d0" - "7a5bec6018eb313430ff017c1bbf78556436d9255e97aba1481f0f16b85e7320df79d69", - "28f35e1aeae288122b043deff9ac87d39478607da60cc33d999b6add6209f452f631c6ce" - "896afd92ab871387f5ea0eae5f6d5cf532e7a6ab44dcf44acb1fd1daafaf1ad5423d8e8"}, - {NID_sect571r1, NID_sha256, - "c92d67cf6536f5046e15b02158da698bcbba4ff1e4e9e9c882cda67f817210402ef917ae" - "93682c9c3dd817b21b73c6c00b7bf92ea80ecbbef2e67f4f4379d078a2b0f297742b2bb9" - "c3fa3297a7e8079f488555bd37715eec92b4b1cbf897640ae8a1d2a0fbcee5423ab31a37" - "629f98630275e35094a896cc574be0a449bb1bc3", - "0f93672159276c5a293582b9f49607bbdb970112f6c63b2b3b5d32ad3c8240c86b1af13a" - "8dff6502c6b6a17712cfd988f8cd23a60693d64104143b3f91adb37f852e9e11a0ef110", - "04019dda59a839aa2ed28f69a62a3e3a753c6fc789fe0d8551bf59095f009d0327386e6d" - "f5437846c6803df2442e0359a367d04f117e3965397576d4287398b4b8c92ad278df4a44" - "7f04159ced60503f7cfcfcd587bb3608699f54693068101a838d575715de02fff81058d0" - "25dbdda430e176f60e423e6fcbba889914f6409ce51d51e89e4cd7bbde6d24404e5b043e" - "79", - "10dd216d4b3da2fa6a75de60f722f1f128776741cba002c055d1445581242a175318291f" - "ae313eea11fd905b20d26cec845f57a3d5bf23ae4dc93d886c0594f1cf7be4f59f3e3eb", - "128d5c00a48c7352eb980d9c80781f8abcfdc1ddae415b7ac94b4d85c3d7d4f7316e2b33" - "44ca50c6ae82938bc728e640e59e2d733f0c7f7025e66c15c81e98a845c1ed4843b589d", - "1ab59ce5e54bffc68fda96c920b839fe03d1976ab36978bedd973715ed631bfc8e3edd10" - "0043ac527aeb5ca121da848bce4ec9799f55b22454e9af32848943058b257e815b04056"}, - {NID_sect571r1, NID_sha256, - "15413f614c4551e3b138b64f66d15f8964c40326a42b0afce820778eee4a88edb127fbf5" - "75da5263e5a2627b5461d311813ea868e6417615e7c4938313675009caac28bc7a2f4c0b" - "c37572d9bf36a3b1794294e09c0121ceecaa4b916df45b0dd31225415e6c87cfeeb092a0" - "08fce2c543cd62365779ae28f29fa02a15d9dcd5", - "3db080bc99c5fe7e06d5032167af56783cb423fae59fb5b3c6bce5fbedf56b7b39b17810" - "e48ea9a172881aa1f42f5e267349b60294d4a208b4437666b44abcfee5a1829e9467908", - "04059d1b3f680da784b49dde3b361eee819d67339447d7bdf7965550264eb63bcc7674b0" - "921f02e15d45466dee52b4c0a50c2bbbdf226af1662086476a9eb1236e3d4c2b6219af1b" - "db04e3466200dd6ecbc268cdc1937ac5123cbe33f32110cfdb8b7536987ddf5c9ef2464d" - "2334f315b9b489cf227a6300b6e054fe40d36c057a692f2fd3e762624069e2adefb65d24" - "d7", - "37fb32a902eae0c5d7cc9f9018a5d1a906a3d1b9adf5bfb696ff63f105cb2e736d9bc196" - "1677fc897fd3a9e9bedd370be6f25a03fad425b5a293c66180df78db33aec4a188d3db6", - "3aa8ab9fc9073429e52469088aea91f00cfba271b9dbb84818460883effa0c51d6a48c19" - "05d6f58d1312af073dc8735c29957f30324b467797acf86e028410de016338b972013ab", - "198a746411333172daef76359e7ad23035a0f5d14c283cb268828bd876b96b5f767e0c1e" - "2796def7a51429f39ab2332ac25d8e4f263f8dfb9c4c98da2ccc398fb3bb9a6b28ca28b"}, - {NID_sect571r1, NID_sha256, - "9f901557451ae2f8ec79b6d4adc794cbfd9b2e6d28f19409532d91682820205308b41498" - "a4e1ca247a2baa8da93de95e3c0f7afd6ca46bafdbdcc6d3374a12684676a50988b86a96" - "0a82180648c8c1e38f8fd9af604c7be3be4b24799f4544ac96d6360cdb83d1d0847fda21" - "642934fd6cf65385b50d86d4656987901fb88d0c", - "06ee767f6f36bb8f364f324d8346455c899a49237d759003dd52cfa13b9baa4c71347b13" - "4b24ecaee32d247c34e3787a0c64bc5d299b55c86f64b47521d22f2c09db225b0c84cc6", - "0403f971125860f4598fa310eb7a8c6b4e0c31bb721fdc17ce6df9af557beded6006b8ea" - "b10ebe7f3c4f3d759d4a87dcfc1fb767ef87beb1f5c845e3f41503a33b28b2b5aa1644dd" - "1a03296062514d4e89d2105dda5bd65a315b9770c45afe4050d8c3d15001405b1e32be58" - "67ee90cafbe4e239dd44d030b4fda855182f1fcf80963c1300cb842459aaa8c282737187" - "6c", - "2b247e2dd0024f534ed2797110df6ea4ba166c34d91c94e43b045c0ff80f124bfec1cf3b" - "e3da7c58389d352c8c5c1bc2a2e876a7e56301b1e688a085ea0222697fc63141564365c", - "2858eadd14373aeca65ee5a2cbbaceae4b54a50e0941a696406dd86d05c07c5599379c06" - "6b2288d01b2a43c9ae34bcb8c36f59d490aa8d066fd3d7e539ebc620a7176507ccfb232", - "33c20d26dca20af2c56982fcfa6f085bc5c317d01f3b1dfe0ade1ef6e3e960b18b626d17" - "d6696c936f04090ecd9606c2a6ecea1cd1883bbbca8b3dce3b0acb2688fb2834aaf922a"}, - {NID_sect571r1, NID_sha256, - "959fe5a19d7aea2ba611c7203e19f8e3f3cc101e03a98f91adfef602c424c580d5a86865" - "9368a930f9883d699fc633bd07f6cf8de474937db0bea86fa7cd140ec2f202663813033a" - "757b93bd72afba15be5e47a4eb93e8a666aa1c72c241ca3922547d63fa3732fec54afea7" - "ade84302e2f044275bb67433fb6b125b7913143c", - "38e2571d9f22309a636586d62863ed67a70538287f3ef88b88c3c2fa1a2900d48c342b6f" - "15c26b8e7fb4875cda4093b7de7ceda48fe1e2cc2975afe958040881de61f309931e48d", - "0405a221634ca85059543e2caf8bdf79c43bb78deb35e9c89e07d553bafb6b31750a1d85" - "ffa7689e528c11d8a3dae442b4fb2a4a21238d636eb04ccc04c8b5d794b0a213fe0480b1" - "d20225ff457b6cbc12d152b08025cdb7e1e921ee553add9cbf83228d678d5a9f5d3d1fb4" - "327a74c1dcb5d69a5b98f3ed1aebef0af09bd49d253a903636ef5a66844c500fa221470f" - "2f", - "3b4de49d57040141f3584ff596eda457e2835085d350b75391d90abe728723e1d1ac6413" - "979d4fc3eba98d72a01248e6510c722df15df876da881ad50539e4248facafcf311b464", - "00f259038b4d3d036bde101aab29f4558e88e604c62f967bc7a35eeacc6a56294268f8ab" - "00a34f9a0319b07754f502c98718e8b5c91093cdbff2c8496fd63d6fc2c50a35f87f423", - "2350d5406922e8822a91f7c95cfe8524f017a14cf7174ce534c60aeb351510d06ac20dc1" - "249129247b21c72c14b02b710c26c10899bcf995143aee632e294176e903645b660e998"}, - {NID_sect571r1, NID_sha256, - "97b9688d9ed5101b8cfb19e84b89cd644262ca1c7ee18944e29ddd3b4cca78e06338b270" - "385b00a5e8b91ca5e628de3bba50e36ecc695b3ea737a9cf8b36871c473a54ba17819f49" - "e730c0f253b0c769aefa6c16366fd2dd612f330e95fb119fcf3bf7f3e254438c0ab635ec" - "04a8b2424a05b483ecf65b74a93636fbab7bf1d8", - "0c8f5736f1ae65592f3ca850f43d06441aaad8c03820f3b08d8a6db46488dcfb828459f8" - "b3f34af73cce8dc7a5e3834e085a64523d890028e194214cef4003210e6eb530005b01a", - "040667ce3db45b8772f717ce20755ffaba968aa1314d75c84073042436823fb54bf8dda3" - "4a6bb45a61d610745b1fc10eb0eef71c4f55b26acceb442d822d6e2a27761c73b740f472" - "89056035da1adaae894e361f5283b3ea07b7d9f64a298be11de9fb487c2479b120381f1c" - "60cefe5d32d37e4644ac86a170f82b1c4443eb71b940b21c7a016b559c6c79835532c276" - "fd", - "190468668989a607a3aa966cad071ca8e8eb152b0dfca9205bc9417a3d612ca1105c7b90" - "340b04acd96a5223658adda16bf6b598ea9f32a2f8d1b61c2c2bdc08d6a49de246240b3", - "291e1fb18edb7a93badd6fab6f56ee0d390f3b6d298e97312d5277358511fc7621534ac0" - "35f3518cb140fa4ad5ef7d889c0d5f3f52a4e4d06bc9f647f99695531f85a4b76cb1184", - "2d916734e02b0a98406bb5a9723486a7ed40bdd0b39c4cb802af4bafd519803d23c6bed5" - "9a80c256a14eb878229942f67e0b8159d5cbf24b719043171b3958fd669adfc72eb7289"}, - {NID_sect571r1, NID_sha256, - "f08b250bf4a3980cb455338b3f4173723b3f44c97bacc9cf550149794a71426e398cb4a7" - "4bde141d8b7b4a72942f1c069676a9918e27792cb8f085ee037c78e3c468adea5123c4c6" - "4d8ca6a39f2f90140c5d2d80b669cbf0d1ccb466b18ded83a1d5f042c36188a04111c34f" - "f769abba9aedda40a87be1e24b700225e2078056", - "1ee68c3994adaaa9e0d61bfcd3bc1cdf198d3fbfe28a44e5dd518867ea04b20e795eadac" - "c48bfcf8e8216dceeaa069b756e8e99ed87b6b1d31154cc9310bc3b4555162a890b0c6c", - "0403efc83ad15d9bf889c9afbd769bdd1dc8925b0462c93868d85ca7554b540d8c3ef7b9" - "a63becc85981972eee8a70b7f948098ac050ad594ef2ec249cc3b557844bae9cb2cacbf3" - "97042a012b3a1d9e46cece4fc3460a2bedc9af4ce0289e95f69550eb3544f7c105b5769f" - "a52234ac88f9045ea5cdd4937664846d26deecf511ba6996ce4072e763e8ebdfe7096608" - "88", - "031df03a6cec2346b92d9ae7d3d983edf577d9a1bb88098f886f38536d8d8cf25def5772" - "6790604e674d036cbcb864bdedf8475ba9c850d510ef93b844c037e04348d5f48098c20", - "112dcafb63bb125d9610e59883df481bfde43589e46656b5952cdd72238cfbcfee79e916" - "5e3c9b89c9ffed12d303225ba2af19e00048e20e4edd3968807e4885003d148403321ef", - "2ded1456df54a24214d8c1d3fb314db52b046ca31458bed69bb3aeb6a9ece509ee521fb8" - "046ed43accc7e605440a09fd96db659c98a7dd606758c0c47e47acfa326b9ed73ba4b28"}, - {NID_sect571r1, NID_sha256, - "1cabd16fc29d7d919622810dc8b23c770b790b98b119eeab1b20900fa94fc2ebaf76be4f" - "5eea91fc5276c5621c8677d4d117c4a5a782ee2ca1d5b0db997fdc8a05b6b3fbb833d7a7" - "b81c3c615c2a662929760a96feefcf89e46b563314c9b77c86bf34438458b43b694ceba7" - "41b97dfcdacc0ed57652ae62856ce10ed2690770", - "3a6fbf66ebc1365ea7699c72cdac2dd85907ec59cd26e2d18713354b619ccb83b7fc0db9" - "193aa8493c1855f1a83fd987cbbb65de17c59fbe79256aa5392f4eba045346e9ba26592", - "040559dd556241f9b11d0f91c5458ef6adb783f9f5051bc12cac9f0b214f836f7b149d00" - "ba8218e873410a50445da9fbf68673f3282d783988981fb221d0579341892ba6824e0cf4" - "a5005dd0e594ce41122882538e51e9bf29d159fcbb8b29b97c5546582390ad5c59c97527" - "1c58ba1e75d70c3898fea929ef7316ee830eeefbdc69bd80d7b0e8133b977cd573a3b422" - "ee", - "1c5a193179ab859ec1166575007c3cacb30d31f341a0e82ed6d4ddb32da909dce08acfa1" - "0fb14183258caa743010fac6f7d0fb1f8c8f55c246e49a97f2bf571129144c23de8d68c", - "2625d0bdf37396585d22811a12ae7e0c3f512ffdd0bf4d048379434af46c03c6067dbe7c" - "271c417ac5307123bf58a9f2064bd2b3a2d4b4efa3027959bfe63e13a851f46a21da6e6", - "13f16b211b314a7e9918f3254da2f1aceb5340713985610f03ec1d0a33ecf9217d61076e" - "b153d8f27aa31aed3c9b165be52f8d857de362b2c88db5dccfd708a996a46b76b4ebd09"}, - {NID_sect571r1, NID_sha256, - "7bc8bbf5ebeacf40b3c82eb6eba5d994dcc6a3f2e12ef741f90f90e176d20c21e006ecda" - "f14cb5beef35bff46b2c374d9ee224516679b1a9e9255cd8ad8e60ed234f8ee7e0fc53c9" - "021488158217d4b4369cc597d6053746efa1e73340bdd73c1bd2eed57b92426fd4d278d6" - "a86e8be0f0a66ab3dfadefca8831b2f488636251", - "145748871a0b5c1cee628de04a12fd68ff2b154fda96e47afaa96389d66d22802968584f" - "6753d36618d49ed205260f09d3f5ccc2b27a34390ce58179b9834ff92a86d66ea0a97ca", - "0406cc7ce2782dd67cf1fc16f1b24ae46fd085b969d936fefc409a9bde354cfd33a154a3" - "113e837cfb88284d75a96f5fbe85274fdd0990af4a033a6c40b904a5e0f666e4d8b8bc35" - "3207adfea166087502657bf9e2c437beb2f62dab041553a06411f6c9dae83a2a2749a4e5" - "a2a36fbe23d40816b1b8d206b9f5cea20ef200b9150061ca22fee2076e31c88d60a006ef" - "4c", - "26c820dc92f97dbf545f51db7d5ba649333dde38eaa47d8a7edad9a3cf3e6780442db234" - "632458ff17e1d7b70019916708c128601ff547ac84dfb0173cf0a3c5d69ac96c3d7d395", - "338c88d1bbd0b93f3f1fe1ccfcbda65fa1667ec471730a40eda87f57b3eb63d979d8d6d8" - "19b974619799c90b09f33c051b8b522c3a1acede101857265ce1b58cc7eb5698049f494", - "3637bf89f9b66c7ebd8f91a8324eb70a510284b39f0f2e45578f26f5f1e4504ad70a3894" - "27f4d58960cbd918c2f8279de52096e25a1b0b0c3929fd5ef56bab6cde7c0d8e9d2fb30"}, - {NID_sect571r1, NID_sha256, - "0cd2a45392871c0c262e7e6f036946354bb41f9c2187b8c4d399231280682f3e0a09731f" - "bfd52c76ee63b9828c2d731f4cefee0a8c46419c398205b2ff80c67d7756db300a0a8385" - "fa287dd37d9126f75998ae1cbab5136560592118db52fbf102b7ff0a1ed45b8a91a7d99d" - "13a0f7fd4366392264aa1248d7324901467457ca", - "3c71911d24ad19c20fc1d8a044d63c9bb417abc3778d7e6234c6af79b898cbfc2f278724" - "4708d2fe203be786edbdc4c9b12b413156b7b0bab0be8af895d191d853cd58aafe1ccce", - "0406cc47aa586a73acddbc91398ff5782457e6da2b10e265153c678789d3d7fcfc485b03" - "b089eb67e6d6955d5c8c7ed5f933d84853576e76fc60332e5f0a62c3ab23690317bf1b42" - "3e015604d94ab9f2ae1d74fe46b1a070160513709de2ba8e74fbf9922e9bbe7f6e743b25" - "701a13f73eae0db0c98dc80c5f8528e16610fcf18f60eda3357ad5878add2554a6befc9d" - "39", - "3681fcc5fc1f0d7d413abf2e44cb5cce9a4a252ec449ec4f550df4a172305eecc072454e" - "fe2040aabaf4fee58ed19c9090061d3c4835c5fec38996f013e5512c0147cb14a4f0fe7", - "0d3c26796bb86b1a20ed4935bc3824bcb9742513ce91a66dd523a3c0d8a5abe63488aabb" - "806b5b113e90d3f3c80e3ffa01ad051e6b0d4edfc641689953ed65fafbaf3e554be31ff", - "2e3129ff95b06c274f7ac08882dc1da6660269f3dbd21a3e48377a628f6d81326084bbb8" - "d32b794fcbde8e574f853636fbbaba480fb36960b0994210bea319a99a46e29b79217b3"}, - {NID_sect571r1, NID_sha256, - "e97092625b09c9ae6e152e1cbee207d83361f34cb9b0e727c816a5ed851f12f91fbf88ad" - "9d4c8f9d07350f5d828fd8574eafc768bc72a2b18aaf4d2b48fb10f7c3431137b5185015" - "4de9706487d69a40a8f4cb2c799f48c5d8f518aff752500de93cbb94ab04ae1e0c7183a3" - "2d79a27291dd07b5fb6e6a4fab76e85c3a8607e2", - "18bd74698bac36ef11add6b3e3fad227ecd868f370ec04569462565d2f0af2340bf79348" - "6953a7b79ab04f0ab1f0e4fd16bf6b576cce677d543e73aa8edb0e50372f24ddfbff966", - "040231f891e63bc1c43377faa56c5799eb1c877954ca2cafdeb4883ae40bd78816ca5634" - "f48f5ef5c22dc7d3d0df208bab4149815274d7b134cadb700d166a5e3fc73e9be1bab725" - "220469ea29ef860adf24afdd386347763008ef6fe2488d902c4d513bc0183fc52742782a" - "6fe500d6b581902ccd4f9bf077f975bd5fa89bf240723b99f726c9fab4f953380745ff9e" - "17", - "1590570de563ea96eddd900e4a0a7efa2e4a0b389854e96af32bb7555f098a8cb52d160a" - "bcfbde65998c34f91338a40d40cc03e4a9a241d3b16b0e893d3f7ffdbf8912f35c7f538", - "32402fbee4831b16d762ea2cb218279f4db5e20bc8b6e2e53e89a2ef3646cfb0abbac361" - "16c8c708a1342db2fa0abd39d149e09db57aef65ad8092f37f7962f98c28331f0f20b64", - "2d1e38f40965e2697abc7df5896cf051ce5646f135d1ea0bb470a43250af8df0abf2a04c" - "a1e0f1f31013025b4136a8a6bdaa474bf50752c571f883829bc3a5482ec20e2b4a72c90"}, - {NID_sect571r1, NID_sha256, - "ae6723b8df5d6ab5fcfaa22d32fdf106d211514cb1892c7c43ca6cd85c2532f85929c8a2" - "59ed251215063cf92e1502528d1e22d5cf67efa0b8ef21e8eb2f5dff881ba1433e8bcf2b" - "6af8742ecb2bccde081e534615a305562cc22d3398f61f277d8ca785842bda85d8a40438" - "d9bf1aceaedcfc22c85533794a69cfc320931d3f", - "335699bfd058ee2e6163f55d1816bf3669acea8b73be9c4ddfe775230925e6093cff7a66" - "813adf22222c8376faa106d85ac9f3c67929bc58d8986795b6d35d5b9fa546dceabbedc", - "0407995e02dd3d40f9bc2e6f4cb1c0d29923c9022169e64532d1b357f36264d18059c44a" - "8617a6f1136e72648c9051a27714a0dc833428762275a1b5635a3ad91e65d2713236c20f" - "5006167d5839cd4476a638c50db218979a93da44dbf97281d90daa8b9b530960c689279f" - "ff6c342af97880db1e9c5ae57b91d7be727fd1c6210ec59416d1b675f4dd666e0b121d14" - "4b", - "3f037ebe0e4c3910953e123becc09c0862490e7f590245c4cdf9ea5fce930a7d7ca5d17f" - "5689edae1ce706b90efdf84cd82e06e4ab95e9e2368db91d50110eb91cf44e50cdce2cc", - "2baaf025290897a5d68c5e63543256523fb086a6f1166ddfd3d50fb307e0f0cf78b5fa89" - "5f8b71944a7b67b8afe5f3e10f2d248aedf573860c42cd7aff258055ee7cce472e8efb1", - "0f4d239f5af023ff6c94ad7f66d43201c7e40262cd92467c4ab54be8d2b8e6577d143750" - "64fbd00a6327da62f03f75262392add0ec119d820205065aa6238433fadc8d1734b8481"}, - {NID_sect571r1, NID_sha256, - "ee20c6b61886e02ed94359dff3559522ff550ca126fed4b2240ea7d999a182b7bb618c50" - "528fcbd261d5e497a991fbac0cf4c105c0f664d6a00a9001c1ed522962fb44dd4159677c" - "e8f1531019f86457c055c9cea6247086cdfe0442485cbbc4386ad002b4bd39a1a1877524" - "37f04569705cb7adc0c68f0fd059d946deb63f0b", - "2c3eaf801330b3f1b0504f2399f1d24455db29911f750c246ba0a134c3b59da8b3562911" - "197764699a92ea1d95a2aac587e24f743df1dad3e1cf7edf955203e24a0225717f8d2df", - "040703d69e2dfb13fb6e695b0b30b31d89c8789e8523a7eea15673aeb4f1909192c06c27" - "558eb55f0315f395b1f3ce84d9c304905cfda1d119bec33af9ade4420de2edbe75cc5460" - "e3075e35b2d6a8550969d49ac5d656afacf68d3a1dc6d17666f46ce3413c855b627f0891" - "912e373af2ba91211c20f067d66056e6bbc0814ff3921d944008b25d8772cc8d696bfe1d" - "09", - "0a9ebaea478893aa0e3bbfd5d007bcec5ad787d9bb5a8e9b8b79865c584966f0bf040d36" - "f62a8e97c123d2adb7f38eb49a86e9c2ce1294d04fef1b6fec7908c4ca1a70bd1699a9e", - "2d495eb5f6fb187a0ee1fa772ccefbb969e854abb445ec19ac3860f40ee65f53b92f6a79" - "7003574bccf0b9de8014ad4e5745ed264eb3ae88040ef6518809b4c66f691d496a85d51", - "1840b2977ff137f2a8f2f7c25e347cf1262fd128e008e30e4752315deb5231098c65e9a5" - "85496a9d6b5b56cd0b6d7dcb7150a077fd199be2d2de0262aa84dad414e100ac6162346"}, - {NID_sect571r1, NID_sha256, - "734a9eb8288e32f5a67cc1d88704523ca2c68b798d90e188d871d9f50d2da2063baf1ee6" - "685c45832a1818aabc9afc0bc935e97969dc983a484f16d2bedb3c7c0b8221408be2480a" - "5562d5d1e5d8763d1e474bf2826aa93a68c3b870e3bf34f4941cf590d88e1f5a8cd782a3" - "3992213f3f6b4b4f6dbfb3c3c8f21f5eaf4ef609", - "1c3ff067497e5d387f31f0ecc9c67b3c0dd6ec8c81318c492aad83c9dec6c99e4fa47447" - "f6f7082d636c2591d0df940b947d0a4ae3778e2b7cc8fb92214638399def894ada276b8", - "0402e56655e37b3e753f35eedca95f8ec07b7a3d3e14e365ec041cd9003bdb78a7a8b8ad" - "277a67da5d63dcdeb0ee8d8efb68fe61aad9b1fbef4373ab13c44efacf68cc499faf5b5d" - "be047bbec643d74874b77f0fdbbd2df3f3ff0d35f4b3e1534b2c4d5c76b8cc51693a70e1" - "7d1d4cd64713c5c05966c826458fb5411ac840ab5998bf3cd64a0769c3e075259a70aaf9" - "4d", - "149848f4534eeeb45fc38ddeace59e8f83f0bfb4cfcd2b8b7acd0bf19303051a6a8fe75d" - "4cdec1be036645beb075c772aef4a58785c16d984eb43b9b0317446bc3b3abfe7ec2cb7", - "17eb68556224f995733077501ed295088cc1184fa3872f5f11e97cf67c7bc1febebd3120" - "6a406c4479b60246a517cada5859d4f1aeb98dfc108e96e9898c6e71e59e39b6284895e", - "22904497dc7a98fbe117e4427d74f4ecfc4e14d4467c99227427e3abb8d3dcc406f3704a" - "7783d822ec1118a1d91d5945d5b902a2ad325bcc9c17c68ddf8b5323df9c2bde392710d"}, - {NID_sect571r1, NID_sha256, - "68e27cc72fec8f3f1f3882c6efa08efdf21d74d13be5171da35ef2855666ad2ea6919d21" - "dbc1cb6d296663dcbceeba2fe47a2c6507d3d4a67a61b55b0f81c93412d7e1fbe15a590e" - "342a05f55daa55f8591171303154e615e81189a523b855829a5c96621ad118f522e397e2" - "eea05c2603eeae6e3591215e29b2289bc384d8d4", - "04b4e04281b210fe78d516a5b69f878b7fa058941ee9ae8cc63b061d1eb9e12c3e0ecb87" - "17ff4623ff5bbbcdb53c48adbd9c69636506ab929c5507d7ebafae5654aad65a263e48d", - "040538049d071158c62f0102fb664a47431afe320474a173463819d5f83f6737b43880ed" - "378470d774d32ad59cd9d75e5bb06b118f1297af3f6fa910f40aaffe11e46cd56cbd29aa" - "5100a4a843af9841e2427357bdf26817656637bf4650e443ef303dd458ed092dca3cacf2" - "857d10aa190c256467ff834bc804f8557f6c3bdde89927a5f2bd55bb9d9f1f08a044cbc2" - "08", - "1191110485f56335f0e65fe04b9ad8fac1c3573cb4690db3e9f62086312d394b0e354890" - "c0f74e3df7c43e718ecf18caf6904e03bd6c0912f906de1d2bb4c49823bc6c0dbfe37f4", - "0dff371ac365cb7de248ddb2b2fdee624c527c6c1908dd287a294bb43a4be94c130bfa83" - "710b0655f21695dd91703acca64fe2e7927eaf9c2b9b230de8002798224f9505379bf34", - "2f30f31c863bdd68fae16f97fba756e033eada18cb0a23d7d4b2c9ea3c832e61b52185fc" - "d654d9eb281b92a9b102c3b17ebf02422a0e4a7a56a73974208371ef65434c38f4d7d1d"}, - {NID_sect571r1, NID_sha384, - "e67cecedf35058b80787589514a9c81c6b9f4bced4260411d2af75bc46b8b2c962dc9d26" - "0dc99ebbf8ee64950766efc0e394184bdc8e2891d66bd3300ecc880e9d6a3d0eb6153223" - "78afc3dba89938704e9a8d0c949d4bae9838805c00377e3fe5ec6a1a98ad7eaaba6b5009" - "73dac48b26b7fb2e1b9889f8c387de535d4b2363", - "30f2849a713aeac95fde5ce3af853e9d070ee60709eccf35a076567be2c43f0fa34420b0" - "fc097ff577221275a3a56e759efc32183be2d76058a7d20e5dd59f00415114d73a15b8f", - "0406d4ed3cf180e0e307745faa49247f269c3fa0a69042b3b78ad645f43eaa50d479622e" - "27429a6b6b1889944f85975fec8018d3321ed38f6c7d91f2efc98467a027ba4a02c7f231" - "b405f2ebf6abf7d53fa32865a9b6ada9bee51c1fe26cad74dd6ef78f13872f340d641700" - "31becb5073001fbca373be4e32ac3425d705ee942e6c4e639bf72379e34776680a387a0c" - "6d", - "0da9d8647d0950f558a3831b47858168b3379656e603f2bd44046ac7546892d1a7318c5a" - "9873c6ff85683edd3881a0f1af5501d17939f0825ed37bfc9a2d95faf43d3be92b237ef", - "0fc7eaeef74806606fe51882c6928a06bf552d18dcc4d326d44a540abb728146657048b2" - "0e5fe2868beb5f04f32d43e9ac23a7f22c6bf325bca24f5e3161c868911ee61baa8a3c6", - "33d63693268f3762635373fc901fd72e525965ac17e2cc009177f03bd3524107b30e4c6d" - "80bbc4f87fb1f288ed56812994541fe063f1d91afa7213bed8be5693dc6c17ec9a0714f"}, - {NID_sect571r1, NID_sha384, - "2baa1ac3f07e34b67b6af087400f261e138b070c8475378063286c16fa73578303380236" - "a4af2484ea01ba56c1c619f6ae4e5e6ac2594c8e5aae7e7f196f96fc5d0f507bebedd4d8" - "18e77b9120e5b4bc01c7ab6339e88b71d0886631cc7fd89659bf513faf149c61eb14d550" - "60c8dfc7e6e4c2b4ec8edaaa6bc36eca50a6feef", - "2ebb73d04e6e5361e20629e3ad119b33db5163ed91fd9a8aec4b774898784b6822a08992" - "118a8fe6013094bad0be1e9bf01b27c069e4335bff7e0abd28a10443818f6b825e9cef1", - "04001710eb0167e8c948d381e3a75aa1e036b70c414f69260aab434ee20b6724dd7393fc" - "487b5b3822e5e8065b06d0785a4a7be7193352d5b9eee66755ba106ba6e40f98a08c730a" - "0c06006f98fc25a641a7c6e67fedd37aaad77a9102be3e1e7d32dcb4c68029e623a42f4c" - "a7d1ea725bfd475756b80e18904107c460fc03b9bd68aa46f9dfbd60618670c4d9a68a32" - "87", - "1861e2a356a6fa8096418cde7fa17f1b893a7b63810f3fd807a82bf4c745aafdc4963eb7" - "a0ad0488a776e915b64d2b684e46d244703eb63b77835167908f2d6b06a2ed7b53f0717", - "046688e12d26cd96bb05d3f418d8ec34f4426f594acd2bfd8e9abd79405e612d60737007" - "440424bc4f546c54b7402d11880f68edd996f49277b729450f7dda5d05986b014b5244f", - "341a80e74f3a69b966ef81ae95dbdd60ed5a0446416653c4df431ff7c4b4272665a52337" - "9d76725e9fbe196018f0e747100084c823b95d7c7b1785d3623e52e9adbe773b81b49d3"}, - {NID_sect571r1, NID_sha384, - "0e640581f573068d8ebd2899a6aaeed0bf987ee11e22b05d25e88e9a1c3451f45ee3800d" - "976f4603c18a041febef07a01086832a6f7ecd5d498d52e796a9d90758c87c36f4a5b704" - "a39c456aaee2d5278183d5815d619c193da9fbc427d701bab0874bded848cb4bb066f56e" - "119b637c78aeb6eaa387c41bec6cdd4bf7b2061a", - "1bfab717d6f6e16d9bc6e89d2ffac7cbe0f808cc8ca2eb515af7ecce5f3b230303775710" - "a21bd25c2cc4566bb53c78c78e3774a9f306c751cc6e149929e45eef60f56c1d2388c6d", - "0406935c3e8b58f7bacd045e745054c227687800ddd86d6e0c8b1e426f4df0e4b71feede" - "fa9172c43becebbeee8ee382a75396fc5f29ef3d2cc55f8afa9232038609b5034513b222" - "cf0138463efe3b32259dd90b759062f848deda84f2bcc0d687c410f1ad2dd745517c96c3" - "451432b1e490902208cabb68bb872ec493eabdf1f3b07595d23a54c53e512777abffb7fc" - "65", - "00025bd48e2dbbf1ed8bd9c1514303dc503dd0799c7815870b902249cd1d7368380853d3" - "6f7fdefad973700ded1e0d66950181b0aeac73eb622c880571315f09504ed26e28e85a1", - "1b9d6ccb19b208022d3a579a66957429682517e84a71be42fd571fbbd0247609d0b5b338" - "08189efb52d21e6421d3b08821d82900577791b1c54e239b0d908bfbcdc060cfedaefb2", - "3356320389ffde577496c5b46a0de6d53005f5ae3489c0d292c5f460a3b7adc5bd204bc5" - "0a3bcc8538e0f8319c79b9024b065223b7ed9b0f211c5c224d363f5bdfe04db97f99e19"}, - {NID_sect571r1, NID_sha384, - "51a2a560ba226d629127ce1ea7e812219ceaddd23561256331458c9f11fe73990f21d0dc" - "d974a3773040090cfdc8e0f01692d951a0cbb60f8448a016c67abf46a9c150466ac77e65" - "6ea827b0ea7d1e77ea32071ba8314fc8a2edf69008f498bd1c18061d7d00f3340a7e2cd7" - "3e9766862378d8702e804a1870b442beb2d0aa14", - "00cc53bf7f1cad5e3dede4b4f4b082831604c92dd2b147869cdf1107259305b1d5035964" - "7f9f3d7d4e1e608865c65dc7c9ea46bc324dcb8423b554dc369d621743cbfb592b70eb5", - "04020187d7de90652caf1210703ef65cada3b88f978e14ce6055847be7127602ba7a5391" - "cef0fc9b009134105da7b09b49beb7ba2f961b84e6d66bd818ea99ec106c6e8428b17394" - "a60197aef36e47b571ccc0b41f948392d6061060063137d8c3b999ae507b76132fea1563" - "775be555616cb5816b9b19e42b34f9673aab833f4beb9d1a0848a4bbf2f6f44cd0398274" - "8c", - "08acd0f8f9660d21d62f391112908be73a4342767328d3375a8806dffd2598b6d77fcb47" - "93e69f2390389a78c2b11866cf0f03666a60ad088d2c77bbc49fff6efc5b7283d02bf36", - "1004bfb78dc0e4fc0f2624bec6893d717a476fc76bb5c1d94c1dbf157aab5d1dc80f98a3" - "aeabaac94d9cf9e26e1dd172f5d8fcd5b2d48cb3b7f0a4863813357b5cf8eae84478e44", - "30b1c8857977181d12c53cc2efc53a427801cde2890cf2ea2c99c6958b6869d0ac78ee2c" - "846c241362c885835af49c47d20c30f3cbfab27d9cfeaa6d858694bab059229e30bf845"}, - {NID_sect571r1, NID_sha384, - "90eeecff0a2e37df318c441df220dfea013ef29774ee92a56b213e13a798858f31e52b6c" - "cb7599e7314f12b48a89884b113c1ba0526a54f3e9a33c940944319e084bff320cf5f391" - "c02c731c4c4f8b05afa273374a1705d6c85337782ba7d36b9c00767180cad6422c11c581" - "672ff631fa4c49d41b02481568ec87ea97220400", - "2b009530cb9d586e35dd8951ccb686833afb7a37ec253e547e85b253ba999f0f186b6d4b" - "a41091615fe57678e9801b4dc94fa683511da25637b2acc9fe60936be15af16234c4ee7", - "0405913ab6a2287d946b5b6d1e6c3d64117e085da7cf6388e333cf58d22494f4b067c684" - "dca770ddbcea5db73f048b296e9c17284a8912b3cb722d9eaa17b6b1209311fb8e8757cb" - "f50007124ac6c48ac56746563db247bcfe6b20215ccc5cfb1d43c923daa07d429c8f0513" - "bd1ff1180ef0f7927fa23fda1af25d20b22c935c426f9ccb402c358b57b812516c431117" - "79", - "27a80a19e9c320b57146845fcf97d6debcffbcae877c33c62aec62a3351ef40bd90ef4c2" - "ca39f9e51086931d82eec4ee7870365cb14e9c54ae735069801ef12c571bf1c7c1cf6e6", - "1de22c8984c593a0948164e6cc8631489133972482f6a7fb1c3c13f97e4584604930d369" - "224850a1d24f267f41bc6fca04ad79326aef61f0d429e0e1b9e9d9686ee10f2bc52b104", - "085c6b34687081e280a180cd0c4ffe95cebbb0ad6d3b20a7341e467812f88c23973701cb" - "f3cd2bcd2811415d0bf0cd9df229a88754f4cb0c225a2d11f57369a29edfd7b04639055"}, - {NID_sect571r1, NID_sha384, - "d3740cad41e2e365d80ae81da97fdf06d8b6c278b505e34cb683fb55ddc5189da5435409" - "14c0accd405dbf0063f6222885fda4b316dad4a83fd03e8d7b7e936f87fc0a5b095defc8" - "a4b22fa97f00b394e672d5efd3e0a230c7e44dfeebda88641143502a400ed62e2a51f956" - "1e5d652a43d616f16699e875deb9610c77de8e1c", - "2cc2d0d7189cc8fb3565a039aee7633ddc00ff427cafad32fd2010b10fe249c9724d9178" - "5e7080203626038109158e3a61a3970aa3e51688aa7f5184b22f63af63f80d3540ec023", - "0405fe95a030efac2e5d9522680da58606e3e7544a317a3f24d726b69238367d30fa5868" - "64d8c143c3695126ce8dffbc7e7fb789f956dbf53aabbc38af988ce50f1fb30294ea3e2d" - "480193d1e745d82781ae5c3b3d2233e502959d6862fa7987c6416584504f65639ca76557" - "8378b75d3844df179cefdeccff3c4c43aeb8865063e176fd43a27c93e329f8d4f6fd5bad" - "21", - "02df3920fe4d328315353ff11b0264045248b32f48e860dc59d931ad65f39e97e3a683c7" - "b5c64b21c3fa50a9685fa11f49df9b14ddaae03eb02754b01e03f60fc6aef1e5d6d7d3c", - "1b91c4217b1580cfab56812c16bb5aefc1534ee8d049aa2e1d52a5bfc11519ff89f0d36e" - "a2bfdfce8b5d3cf1527dcf700c0208a70595e9ebe4feafd0eb597e05df54212fd6eca3e", - "21ce52440267fb16e713eabb8bf2d502c81939799f9d09cf48a50dce5da999f3b457dcd7" - "3c212d5d070056b1f373b07ad06e90d96febb7f8cdb4c423ef946f0799c038a3ee68ff4"}, - {NID_sect571r1, NID_sha384, - "5eb53b5f92121396c5ff30e0c92da48db4fbbdbf27297f9bc82614ab78f7fd863e34096c" - "615a02e349d8bc7ae4b0700130704bedf32756b5ee6af10da1cd717d624fadc57a9aa6db" - "4a6c5d6254c0e8f8c3c0d4d03c264eeeafd52cac2c1968d9d85b106167a49d0ccdbefb20" - "bdc10a2555f8149203af52853169a02db94e5e2a", - "3d8936c00c131e38c6566d2464c4e207c878070bbf681695a6cd98cab2c6e80fe98cda80" - "c66a5cf584e90a071144dda59c07b8fc7bb42464dbee5b6f739b0f2ee5fdff7e5a4e7cf", - "0400fc3a8a320e816305772bd5116cec2795d58633a9f490be8a1a360f21d2aebed6038c" - "a4a5081288b6bdb1066307c26897ce38c24f8ccc98a63e371ff6b54f6016917b430c267a" - "f7069719c868d8fd25a38a7338811904e3330a7b2289a8384bf24f6dad5312160f0093bf" - "556fa061ca5e52d6676a8f1a3e4656740c82d3cddf0ac4f903ea885d42610bf1b45d9e57" - "a1", - "050da632cd7aa58340adeb20389a2cb9897b8ec944c47e7177da65d9386a9dec5d63be7b" - "b2d0f5b4943932e1fd7d87d5d7a80bc50a63dfd101a6a28005c894c6a6fa4c652dc519c", - "0e6152b9050127bf306662f6beee81d024492b91efe87a56e70596a4a72cd02dd2f10b97" - "0c9a69909f85bf4783dcd3c32505d7c148166ab43b503ab098b6d95ef09a7932359f60e", - "1f7d68d53ba161b61eeb17139eeae1587a6bd148e288c1f73a6bfb3a0d1f6dd8f9cdc27f" - "a9e8c7a681410500c097ad01f320303421f1239b4a9c4d5446562b5b3cb2fc45a6fe239"}, - {NID_sect571r1, NID_sha384, - "5aced64f702a57ed7fabd045a40c967a485d2a70b0a5e82561d5141ef329469b2da5964a" - "34df203a980111a77adca376c643b9030aa74516f054648c1534d912ea66582adf3c655d" - "bd71ca55e47412315df5e2893e43b2e2dfe6e4dedf426f11846ebef34a99f5615460ce04" - "75f7bc54b4a4fd99e83c982097c3136ac6188a5c", - "3dc7de970bce28a943d7599f2a9010fc99435b93bc4ba884d42503ac2941aa63fd07db34" - "bcbb1127d56d6a4e277d6ca32051ea3467e376f74f98c3999d2f276b282ef8a28cf0cbc", - "0402066a50b9f961a58620f473fcf7d5eb635da47f4ce362f428669ea578d50d1c1513c1" - "45adcc03ba98f3d67bb422141c73e2f94ef9559ccfdc0be20eb206d3d114a5db302bd075" - "1f04437e655bd255e7f013d197210bed70c5c1a6cc1daccb96145c9c438c8a44b4074629" - "830d8df9914166c9378b33040d71918cdd0f47fa64b7c69f43eee0f34414b8f64882f90a" - "c3", - "3b2e20f4e258b7f0cf69a460fece9b4794a12a37c0f8e7aa6f4f51dbfaf508f6f1e0160a" - "b4388891efb09f0ca1f73178f0e8598750c9debd3ff856cb3a2872762ef9e16487a9513", - "2f265aa99ff806ffeacbf9ef7be575ce5300d3cfd4225b1835774ee075d7e530c9fdcd68" - "1584223f84a497119b4eb1fe34cd31d654c2fa262d7549acc251cece9530b26cfa3ab35", - "2c05ce4b35544bd1f20a68eae7f3483e0a0628dbb53f0466166257f69a7a110d2838a76d" - "204e7a955a8977508e65f2ef6d7deee13e4e2ec0f2b9a8b4bedc26b3502813b0334a1b0"}, - {NID_sect571r1, NID_sha384, - "43c24aea343d4e088bea25be69a332c631275c36677093e057de69cc83a4c5e70ab270e5" - "a8930f55846f1a22ec10e03007dcf0942c6761e89c65c6a4f032eed97dc3a2c7f7ed1e82" - "552fe48828a132ba16c41f6bd82a49335428a24fa1679522000e6a1d12c646e0e4b4c584" - "398577ea9493bb334fa3cee8bfdb6c2e66f46436", - "2de6ee12eefa7a4a736484b19b42a513dfc059a060976edc3b0aa4b50e98d72df6506fed" - "0499ff8480986748e938289e54a5e86c0c29733a9bcf5985aa63d8a2b57933a04a8e8e0", - "040073fa1b62d469f2991d54f1472b60da87ba51be0a9dea361d417b91a4a75373695e9f" - "27b3c672322315d7b566b1f22b96c54adce3e958080fa8a02836955f6264dad3a87fd11f" - "060452c0a07ff65fff741c96851657a5afc7eeca239622e1260414ed736a04e487157c52" - "da98a7845bcf6f311e0f2e59bb92248b6d47dcb93da6f7e0af644b7aec7603a01950293d" - "8c", - "1c87653066057636f9a98a7c69a84e103df480a92739abc4d5ba53891591e3aaaef6ef3e" - "f5e89213abbf71af9c84d3b30898580e782f557a03694446492afb05ab801d7dd631c8c", - "086d539546c61e82d74319f0180411172acaf08b5296dc6435d4ed7bd50cf23d3a071deb" - "3be01f74408e64ad244f069cd41227ba127145df5a357489f944b61606ec75e8377db81", - "0a34d9975fbd601614d04aa41506b03fc15189ee8102c0431272d691a322f3e77bcfd19d" - "8bddd19b307012b6c6349f5ecf88b5a69e83588b0e18096117f207304b38c16a9a8592b"}, - {NID_sect571r1, NID_sha384, - "e89210565959d93b483659e62cf41f0a0147ea23890c2f1a694c377a826165e363860e4b" - "084016cda878a43eb68465f81f397ecd50087a25215ce7c4ededa3552218071fa3acd7ae" - "380655fc8fa884998209ffc8a2c26f1ca19dfcfee455dad35a4e72caecd8da47eb9ee21b" - "889162f5d3032724abfd1a31e68612e18bfa9006", - "05468f0df2c9854f5f655743e79c750fd8812db28b096d97207bae7f5aafc6b6090c9c63" - "6ead9e0fde32a1ff8d539b53813733ca812b41b58ff85a941abe4f128d59fdf9847baa4", - "0406591750fbc104f82c213fe88aa620e8a960fd6140598e2e6282e0d5c5ecffd09d22ed" - "94166109561a7f4f694e171189056d8b300b54c8134485500effc7123aaa23862e897912" - "42005bf8ec10a9ac6a92c54e7fb2135e2aa4f84da571d33227bde0aa2e6c153207488223" - "5f3103d9a51e80b7a9a19067f35047ddc52462db7c634c291e8fc5eb2154f6913bd0846b" - "88", - "242308c430de514be1b9084a7e6c96894cd5615a7c71ea22316e539986e9702080ff6cee" - "f2980144c55d9749830c20c9ea90b93dfcdd28fd862b6a15748dbb3d982e4a275129c75", - "361e1b7a0f981bcc65480b370c5e09b1c2e2a67cf41646f6a3d829f663c0911589223740" - "0317601fcee78a04269411d267dad3e8fc6f069529fbdf0bcf9b5f13c9c6de1681e8b0a", - "2620c29f86cbf698cca5f79de364ae131345a802c0cccfaefdd7375dcc9ba6ccac91f709" - "43eb606506e51e2ced50491eb8f48769810b6dc178d56702838f1c2f0930f2a9e4f1db6"}, - {NID_sect571r1, NID_sha384, - "48629ec97f56273599cd9903f8a84ac2ba74275b40e1e42fa47649568babe05cf63c8417" - "d828251acc2eec525b56dc9082b68d51b0c2bbaa7389fbee15d058cf482993b2bedc5a91" - "01f1afdc79989a812478245d191550109fc17215679553c508c84e3d4cfdea377088d09e" - "b214e6f92410facee4790beeecafe72b2e3ed192", - "3d3c6a7ab9450c94aa3b8a1ffb678e5b647af24cbfd66ee3944e6f264f406295b8037674" - "71fc67936fdfed1714b4b8761a07eec86543b7c4da6bd2fcb33fa8cda4077737f398e18", - "04042d536f1b15a22f4ba80066798d8d1c2704988eeb9423319c1850a1ae6bba4097307b" - "515640ed3112e93f1f6ae67c60a4b0d2b6634aa7038a60b52b2b447fd1651857b71711c9" - "75079eb18cc7493a1c7f2f9b621969b9ce9ee37fc0701f6cf56f5d5dc6efb13a384517a3" - "87f253aae1e93bb0a919b0c22e4d6cbc79b449b268a068b7eb2853324b96715d75b8c26f" - "27", - "23ce112d60a2f7c29d77d64acd9f587e0eb75ef8e739b8548e154681efc24243594eef5e" - "33d845b1e4e89bac56f2e9586e042e0fff38bcf79c73fc9aa5fc908261df5cd2c6cb821", - "3a770df8a2bc35e122c1bd551c38400be47f2499ff57618ccd01e14a2e35e87a67b0e40f" - "9a10eee7efcc3d37b474f2840fb8c24a9adf93734680ae6b25818369c8608a2f8f338f1", - "0728a4eae5f5638a51579e224a24ecd4c997001bb8681e23a7476fbf78b4fab84497000f" - "20c1e67e8a4e4116498bcee49ff00026009af31c1037172188aacd264fde8db15c97167"}, - {NID_sect571r1, NID_sha384, - "aa3a9fe467b1ca638dd0622c9ea235a418b39b2e15ad81fee01b6892b240783d8db3c72e" - "16c13df8016dac6addbfb85232158325bd7432fca3b8bf5db3abd0b4c5ccd0999609dc42" - "199ca4680692a0805cdd68108bcb493a558ab507cec0a2782a9e976928985352edb2abc0" - "c07078b59d2fd86fda7fc76cfe573181d934c46c", - "01ce010ea8e6e1a0c26ab22eb90f0700dc73b232c429d36371e68e429792afb7223f1032" - "7708bcff779ea55fb5f22ad87aa054e84d10f5450f1bc9a89279062ea2173f55ab0f76c", - "0404b2b5acef5921e691f10ade81b91ba8e68e73b33a2494cf4ca6617707861f334eb07c" - "a96dfd681dd63f78102f8d792d66102117b739d477e431d9a3efd79bfcc18cea156db58a" - "0e07e421337d4cb7a98cf9c9c6fdf9fa242904d9906d8a6759ef64a82cbf923b2a57073e" - "a0eabd14aa4295bec84d50a1722fecad3e5f064bd3171facdfff45b170e49f185a3c193f" - "2a", - "326b62065b7c779dc398ee03a8332cfb940b0f24a7d3de4a90323d9e390ad3fb1f0036ab" - "f6f525d8d88ab6641302d10db447b78780d366f32ce36ae571e323124b21984c48aea7d", - "3d2b207b428829ed5100a92f7276e16978e374c734834b0d627cddf6aff5cab72dafefc6" - "c038a91426e35ee0f2c1acc11c55a34a89874100b89588aba7b02e19490e66eb49ef6ed", - "3259fef5c2a0779ae408b26e6c7d581fa973156cdb07c329dde0c12b6c498e7a94577719" - "865b7fcc0db078ba72a27bf338ec6b8aa41c15963538c329c55dee67833faebe3b643ad"}, - {NID_sect571r1, NID_sha384, - "6c3937014361799f1461f652841b5137eb0dcaf01dd293298d002f27e9a770b9e1a30367" - "e35c04603881f0c814cf8ecfbe1619cc49cd516b1d60d27de37ed52a5e1cc300e2face46" - "69f308ebe6747255a3d386f16778e494a7cdd10b45171b2bfcdabd91b805bf24857708c1" - "b75e368edb2874321324f83a19154d3a1578c767", - "1e7410d012aeef02b3723346d24ebafd684c99087ecccaea1cf3735d52c4c81dda41812c" - "09f1e874dc964d858ca240a19963d5dc89451f5dd6764426ae41cb23f19cbfdca0fc562", - "040400a3bb3ff07a339ff98f7c45fe032cf42c0e25de8dee2934ce42dfb0c9894f4fce27" - "fef299b41beb8579270efc7b01c0663c3f72d7bdd9f6ff5186eca9c42d15faaef8784211" - "a5006fe998f7a0db06efed050d178865a2b7de6ca7c789cedff7f2158a5e07ac1d335ec0" - "dbd213fc9465399028fad8b7f4d2cd16fb8ceae4d3d53abefd2b4037efd7f7245296bfdf" - "9d", - "2bb0fb9c428e42482d5dbdb35157ad0fa713fe732dac8604c0194e3f9738fac5cf3874bd" - "863718712a3da45b7c4612c8685465ecaec0930d9fec32ab25818d2f25fad580009b698", - "1062386d3e77043298eb88be46bd4e6f33c83a7358926b30ca06a6b7139815f6e1630f73" - "d352a2cb9bc0619d08a89d4bde1636c74b6580543ed743073eec2ae0037bea2b3c9228e", - "1ceef759d804ff7de526559636d0bc7930c096c7b959f04f8fec5d7e96129fba14c8341b" - "0ed84a64c6cce7cd5b058fab7f44dcf3e714544c9b6f9c1d46ce512870deb51856e9dec"}, - {NID_sect571r1, NID_sha384, - "12fea55ffda15db902aa6a4388b9807c89c193cbf75b5d2a4c95206fa43dedc45974c800" - "79933451bdc5b3ea015ed3ca2c54156dc61afb1bc82adefed1491302a48b9d3d2f474ab4" - "5343c611677d360515b93fb36da7a1c1b2341c9cce185c881c0beef33d43967134a190c0" - "9034ae3261f3295b79aebd3fe123616f73cf2089", - "2139839ce38eb879d266065dde5e5ea227244323b330e3ad5a0bc690f3c210f794cf18f0" - "d730693887548bfbc434f48ee10ed34cb41d52172b06e448df938170a5e17311cab8e88", - "0402ecf46b90616b534ea25cc9993942fd7576a1c4f2f443d3b1f56d4490bf0af669c9eb" - "9d110fe2a65609875e1a924bc4b9ed2ed2315047bbaeadaa1029b38a7a87dd8751d4128e" - "8002aec3a2f2557c7152a4907af68aa39485274f20927b2da70823440fbd09cbc308d46e" - "30bd6b705f615b7074fe5421ca36b4aa53861983eceae9a69649495952e75b0f060b5d26" - "e4", - "2e3412b61eb23d33ca2910dc25dd14c04d2c8b403d8077a72b9511d71ee9da6d7e1db093" - "b92287f8fb00aea0576f6712c56d80cc4e3554e0faa9c7d911e3d17682de831bf649bd9", - "06a3075efec81a86175cd1dc2bfe82e83aff1db640184a6a3ed7a0dcdef51aa0be0005c5" - "4ac05f9b65af265af7f2ec3d1d7c137184b0d695d701ff1aed194faf2efa98ce6c5e502", - "237d7ff92480fa7d6d1f5a0564a2608afe5e95ce2c29dd88853d1ad9d4d2beb8d1f0423e" - "db883faadd592394f52048bf2dc26d2dc19279477ed86621c7a5960ee3c3e2d345fda29"}, - {NID_sect571r1, NID_sha384, - "c8395546842ddb545d8ea3db4efe970453dcb06025ac3b7a25aa5ef62070f3021b9a1fea" - "91ff7055b6c398073e7886a6f71afe53c82c47b71377dfe291972503bbeb25bd477bf0e7" - "adc8a5d3f8b34ccd0080d61e121214e1b29802b711cdd8a6bb2275a2395c467ec2c15719" - "52992e448d736d8bd70ee629c75b5e32b8323a00", - "274f70fe69e4dbb55c5d404e39f5196335047113087f8711f2f67f2be4964e4fbcb86568" - "0758df1c401cd677b0971654b7a6aeb7bee0d6d80ac0de14d4f46f356b2d5545c185aa6", - "0402b2321e0a1df083919628dd8b4c318b9ded8a3e660ce5585b21e46843228b4d32da76" - "5a3776c181654aad0ce90724bf85b01b051d236342b48d41a1dbda1e9904d659c98a039a" - "97020227182fcf099d46d9882c0b0f26b0595a2a3166248898df2f3fd27c78e7c0b8b59e" - "f0ed6745660c0dea1acb567f9d943928864dd1e94f8eb6b5b8473c0c91485643189cf679" - "d2", - "2f234066c936625fca10dd080cbbb1228c4d2054cbdeafc8a0a248c0d22807fc92c661b4" - "f69586ecf9469bc4c22895cc73ecf492fb2165a12b027194d409677e7185de24f6870a3", - "3a48daa8e379b3b2f377049a4d462530c9ea67019752f4af4b4192b02d6e028386dcb9ef" - "95c8019e90e09dfc8dff5e6f6812df491906ced39befedf16caef614d8c174e7ea95fc1", - "33f18738cb26d88c8c048c58a210c7be70c71636dc62c022df1bd7747d8c67bfcf5ff2fb" - "3990ed35becf6c77755ac62aed480df55efea578671bd8d50536a10e2c0192bd42d78e2"}, - {NID_sect571r1, NID_sha512, - "10d2e00ae57176c79cdfc746c0c887abe799ee445b151b008e3d9f81eb69be40298ddf37" - "b5c45a9b6e5ff83785d8c140cf11e6a4c3879a2845796872363da24b10f1f8d9cc48f8af" - "20681dceb60dd62095d6d3b1779a4a805de3d74e38983b24c0748618e2f92ef7cac257ff" - "4bd1f41113f2891eb13c47930e69ddbe91f270fb", - "03e1b03ffca4399d5b439fac8f87a5cb06930f00d304193d7daf83d5947d0c1e293f74ae" - "f8e56849f16147133c37a6b3d1b1883e5d61d6b871ea036c5291d9a74541f28878cb986", - "0403b236fc135d849d50140fdaae1045e6ae35ef61091e98f5059b30eb16acdd0deb2bc0" - "d3544bc3a666e0014e50030134fe5466a9e4d3911ed580e28851f3747c0010888e819d3d" - "1f03a8b6627a587d289032bd76374d16771188d7ff281c39542c8977f6872fa932e5daa1" - "4e13792dea9ffe8e9f68d6b525ec99b81a5a60cfb0590cc6f297cfff8d7ba1a8bb81fe2e" - "16", - "2e56a94cfbbcd293e242f0c2a2e9df289a9480e6ba52e0f00fa19bcf2a7769bd155e6b79" - "ddbd6a8646b0e69c8baea27f8034a18796e8eb4fe6e0e2358c383521d9375d2b6b437f9", - "2eb1c5c1fc93cf3c8babed12c031cf1504e094174fd335104cbe4a2abd210b5a14b1c3a4" - "55579f1ed0517c31822340e4dd3c1f967e1b4b9d071a1072afc1a199f8c548cd449a634", - "22f97bb48641235826cf4e597fa8de849402d6bd6114ad2d7fbcf53a08247e5ee921f1bd" - "5994dffee36eedff5592bb93b8bb148214da3b7baebffbd96b4f86c55b3f6bbac142442"}, - {NID_sect571r1, NID_sha512, - "b61a0849a28672cb536fcf61ea2eb389d02ff7a09aa391744cae6597bd56703c40c50ca2" - "dee5f7ee796acfd47322f03d8dbe4d99dc8eec588b4e5467f123075b2d74b2a0b0bbfd3a" - "c5487a905fad6d6ac1421c2e564c0cf15e1f0f10bc31c249b7b46edd2462a55f85560d99" - "bde9d5b06b97817d1dbe0a67c701d6e6e7878272", - "2e09ffd8b434bb7f67d1d3ccf482164f1653c6e4ec64dec2517aa21b7a93b2b21ea1eebb" - "54734882f29303e489f02e3b741a87287e2dcdf3858eb6d2ec668f8b5b26f442ce513a2", - "04036f1be8738dd7dae4486b86a08fe90424f3673e76b10e739442e15f3bfafaf841842a" - "c98e490521b7e7bb94c127529f6ec6a42cc6f06fc80606f1210fe020ff508148f93301c9" - "d304d39666ebe99fe214336ad440d776c88eb916f2f4a3433548b87d2aebed840b424d15" - "c8341b4a0a657bf6a234d4fe78631c8e07ac1f4dc7474cd6b4545d536b7b17c160db4562" - "d9", - "378e7801566d7b77db7a474717ab2195b02957cc264a9449d4126a7cc574728ed5a4769a" - "bd5dde987ca66cfe3d45b5fc52ffd266acb8a8bb3fcb4b60f7febbf48aebe33bd3efbdd", - "3d8105f87fe3166046c08e80a28acc98a80b8b7a729623053c2a9e80afd06756edfe09bd" - "cf3035f6829ede041b745955d219dc5d30ddd8b37f6ba0f6d2857504cdc68a1ed812a10", - "34db9998dc53527114518a7ce3783d674ca8cced823fa05e2942e7a0a20b3cc583dcd930" - "c43f9b93079c5ee18a1f5a66e7c3527c18610f9b47a4da7e245ef803e0662e4d2ad721c"}, - {NID_sect571r1, NID_sha512, - "ba6be551bc60653192401ed8ff9e1acd9013d8811a7a1389528bf07438366f5772cd7aed" - "ad010c19c47622cec03a4d35b8003b39ed901b720629ab59de55a03c1ca50a62987f8da1" - "59e356245df58d5ae1936e65f3cd3acbe03ad1d0fcab4aaf2a7a947549ae776772201efb" - "c6fab1aebfa1d99994d4f43dc28f39c0f279b992", - "2a69bc1df069c6e89722521a63675f318252be629e7558f3716917998e660ac960b0b750" - "562846fe6c12ef492951e51e224754bab84a6eacd4147a5f26ae85ee4381bb14ec2a8c7", - "0404685c0358ca31883cdfd7d609afa8b1e47540a97f473e0ebe98b0aaaab9418877aeea" - "d3a26fb01a4725fda20e7223a4fe7de0df6891c0812555b8b146918d3b80edd11615d95b" - "77067c92736447946c7577965b613e18950d813a4df049a6000895f9dac34d73ea46a83c" - "6a4e7c83831af0d33026825664c44090953521175b9da2a7ac563a0fc5e13c85d34aaf49" - "f2", - "1700d9ac00a987ff3a1d0be4290979317fe60f4f8ce1e0e72a026fc89e28c0070b76ada1" - "4f7a1a66ac2e8aef17eec18b568ada4fd59c05414e55356fc17d9e5079e6cabfc1f220d", - "23a279662efec48f6cf8c7334862525b52ac37a9b03da6a063da2849f878015632427834" - "34fca02fa23e32249666ddc6f596e07750ed21de303f4f10de56f1d37101cb0826bb8bf", - "3b449467b150cba0d7c2b44280c5ac452f1217384ce121c979625d313394f6cef501b819" - "80a02567ca55da2bc313dc0754b5256b08d8e3b63ea033253b205cc5dcb014574b8e9a0"}, - {NID_sect571r1, NID_sha512, - "295720a79ac8201f40a66b06ae5d970afb15f36582897eed25cd92edcd00f70ac8e31c55" - "6eed4375ea044c2e8b227a8e02c0a3e996c9272d52ac7b3ad43b80f217295dddc84b177c" - "f1e800ad08bf7fdd021fb2f49b54162092f8d628679c4ee335abbc90c027264c8b288c6e" - "16eca3172eaa297ba50626b00fe0a0ad3a9dbeeb", - "0d11ed1b78b22b3420df4ddc4acc7c2286d9569dd6dd88e0fa3ecae69bcced68bb81bbb4" - "ca6e9b54e67856e7fdf39155aa27aecb9cc827ccb9cdcf9ac633561b27d8eebfc261aee", - "0401868a1335058a69e3ce24ea4e6e8dc25851777bb28d3a5da67b741ec9c46e26f2d2ae" - "70a48c3e4feabb3b15b3c3ebd561f667ef3b95a587621de6073b9c8a904755566c5f7a3b" - "4206365a03c3f3066eca1af17bbbd08cd52e89f8095075b415cd4b82f3364cbff008fe36" - "42fe71e8a8c634ad0e5d9979251e6cedd42cb97c2203f743210051f5ee1b70c861d2a72c" - "00", - "075e49d2ff6f2aa8b44fad90446474ee0e72323a3c39e731b6c2b075cce0cb9d193bc335" - "6f8fdae0e0143603a57028836ee6451cab101a6eb550042cb41b5c4233d3ad3e87034d1", - "207a8eed0b87efe65ec558a0ccbecb13b9215e176abd93c1a4803fcae713927ece70ec6c" - "41c621357d78a13a950958871a52621f1de7ab74befd964a0e8f4820b84af3e0811bc67", - "2f02017714f54089652e02af36ac5165e44ac4a83747c805a9e003fde4bdb29561dcead2" - "c76b02c195074396a2dcc1b93a256c721716f8eeda8dae443c3eea446118fec3cebc4dc"}, - {NID_sect571r1, NID_sha512, - "a9cff41c6dfdc4a12f31dc375a5455950077ae323d0b7a3d9a8dde73b76e9d7b94ddf9c8" - "8ae8e6c262d704052ac47681fc35adfc56c904baaa6e146eb653984369d76a85596cb744" - "941aa7b558c945ff2e81bd5ef7f00ecb4f43af23b4cea3bd4ba7b1899f1868a0c0ecfc62" - "ccb1d588955597ffbbaf34cab2838efc2b866669", - "2c36ef754b5bd065e9eadde684750acc52795be80f54dd3d7a7d743d968a18f7e404bd71" - "f8a76eb0395f396df5a7c2ff7e0ab6de35df34282fda6ee01fe5b9b68ecb4e378dbe32e", - "0404805e1a23b6eadcf91647b40903bc1fd3b9921861c942fc24d2c03d0544e7c01f004c" - "aeed04b5c4ebbce366a098a878c322cbebe7910bfb0f91b284ac1aef344152fc5831669b" - "7904f589ddb4da482ba1e9a59241b1dfbc7e9b9b69e8f69f8e90460ad58fdecc48a56842" - "ea6aa0537abec0a605ebfb713e588685a98f62e05a7d52082bfd57e3d68fb7851b37ec55" - "67", - "2f2002bdde0c0b0fd92e96abe76c0858e42fd7d94a181c711fc6753572539e18effa8155" - "cde7b1e9ceab2394f9eba874b7ea257d7c308c8ac08500f4944af5f33057650608db8fe", - "27f9109799bced42730faecdeea68259383a45033c6d5dc8d87adf994b46beb34177e013" - "700b13f1253cf756a8866218e9c8adc180f3c242c56b3de28405b36940d53c2aab24f1a", - "20a762ffb2f5a88b0e1356964fb558b555c424946109d16c7548f41a33cfe41da1f48327" - "6a27b188faf948a56670716ddf3b187570c9f514869c4492d7773d6ce453a075f9bc64f"}, - {NID_sect571r1, NID_sha512, - "efa6c582d7fcf5e431aa89b3b00180c0e78efd7ccb0384d90b80e59a115a13e55001d951" - "528c42860132531c9b8ab29dda7a657c53c2ce96fd85549f6f1810e121eb89961295335e" - "aa0e40532d85814a4206e6fffdf9bff76599da9b2e71a22ed572910b0e3bae38ad72c704" - "2579f106739a8628dea5a745168bd918736e488a", - "19ffee50be5496507e3ef5c40ee88a49625e46d1dd1686a52b09ad4a8e3ee9ef364f953b" - "fcd97c52104eecb6138067192997cd4ebadaccb73c7b2560879289a46353a756b73cc43", - "04077dca410e722009ef11b37742c2c003ab3015d0ca0328a70d9d41aae04cb64f7746f1" - "c348b08458eb3bb1788f9ffe7d0570a9b689a9b7aca43e05400bace7630d598f5b484d13" - "c407291f74cddd9ff69470cf0d92afaaddcc4c8c274d4a7a64fd94292ddc8bf080606795" - "376bb725ab4d32c72ef77dff34cfedd34aff2f463d635bfcd7e1fd002d84383dc5bf8d5d" - "23", - "2ea37750fc3bbdeec100694068d55f92fdf35bff9ed49251c4b8bbfb2dec2dd4446999af" - "8848e05c7b819aeb1864430ab4e8c1d684e1cf78947a71b04d5ab8ad61cc7e3e4e24205", - "12ff1852eaff37fee997531039adb1fb2f9b4f4199670c022e8534625fff1fa93390ee9b" - "c7204ad2ba3efc2233260943f1d2381a3cc025b78c6d1f660a7bd6f42e5ed3c123055a9", - "1b4d8abb28ef1a9d77066921ed50eba64b8433cf00c66b8467269a4a914f568cdb86c766" - "a7a6a52437c5d98cfc9a2130dfaba20f3c2001f31bba7071647d51fb9fbd5fc67ee120f"}, - {NID_sect571r1, NID_sha512, - "211acebfaf13bba33a9dd16722ec53baab92a140127d61372cbf1850f2fc894e942e25d7" - "80778235f880743953d04eca7a9205602e388172aec2abf35412b483490751f93b51239b" - "6701cb0aab14e5179b0d7f55d8586358381dd83e3e436bf69a6820317d1701750cb1fea1" - "293467ba589eec5f5779c2dbf2a9b8f28c4dc239", - "3129e96fd28c4198cc5242c1e3531a3979fae643d527044e98d7721aa56b5b4b45dfddfa" - "17a4115e10a2b4f46d92f81cbdd7e86e588a4c6d8c2b3a83f54cebcee1d1dd33e85d81a", - "04073a92abcc991e3f89d82c47fa0fec48e3e7c4d97e2525f8dc2d24da39f616af4a5a80" - "4d2603703f6db7cc9324c5b56a21009373f6605f561c8503394e7746e51273b5722ffbc2" - "3d00684c842f03a53a60cce087f4fcdbf23b7a28c48b6b6544f583342a65d97dd87037c6" - "fef176a1f00513713468273494a5be683b68c5e75bc08995fde763bb6f965da1acb7e894" - "f1", - "0165e52640fcaf8cbdbfe73cb8058c53045e7670aafb2def28d2c9eceb5ed1634b5339cc" - "47ba981eb6eb03ba714c7717e9ed5acc15c8f304702a0409bd4508015d4626cfc5484b1", - "27dcdf16b7156a7a05a752da28b5bd6b233e8a7c16eb7f9030f29c4352e6508f8424d1b5" - "ba789dac4152ac4812ff7975cce69908371a81a4d7d9dd70a8dabebdc4e3af27234f0d0", - "32a654a31f09a9803e502a1440c2bcf122780f4f47aa37e15991d9a548583fdca4880080" - "4712816b212cd3c657e6bd4cb7443a0288592541473c5086e1277250612c21346538374"}, - {NID_sect571r1, NID_sha512, - "ee592e20e0a45c18089c2e41460e65a7d22ed9714379f095d43a308bdd383128aaa6fb24" - "e9d35fd28fc95c5b792ad75c980d2cdf0f460ac60b12c5919d3cb28dac4d488196be6c2d" - "fe462b1b0ce59f8501692255840f5215c0fd8b74b1996a267a5e3b22d2841cf0a0b6315e" - "f4ec7180f1c8494f4c07d5869c01fa2711739efc", - "3d723d2697cd07dd8444f992f2ab4a063db334034c25ea9be99fd7a1f495e3a644e5ea03" - "3a41264e0d24a911e55741d0cab80a0bd678eaec2bd1e60424d4491eb86d664900d907e", - "0400c7a229b5fb9fc774c1b6250f3bba2f0972d1aada7080641c014d012db0637a0656a4" - "3024ec0ea25ff70012646dc19eeb1033aebcc96a001ba876b2f5def6e198b8d4a53f7c7f" - "4a009228a68eafaac214fdfa19923a0c19629de31ac0967c9d02c53dbf221f9affb735d3" - "bad732f381f1ca414d70920231a78f742254d895a33ffab492f8e6094a542e77962a324b" - "a4", - "3b3724a5933353bb9ff5f742f59385e780caa517a963590b7fc89882bed95cf90ca6365c" - "e8b882f2d96e56bd866a5c437733b681308c570c51ec893ea95fede66c7aaf4561173f7", - "2a487c1fc29426e8e85f0a35c177cd168a444959b2f5cd4519b9edd52af3ea829cfe964a" - "c2b59198af8e2d3859ebdf9885ebf57bdf5767da1611d3958de286f91ef397230d65599", - "10fc01efcb22b982f992efb71887bc79c3f32a9088bc2011c269924cee0f47c36452399d" - "499f2933587081b872e9fd2191c20cd5cd94927839228ebcf22cf7acdf4608a2fa66310"}, - {NID_sect571r1, NID_sha512, - "fffca41927debbd53455821441d9115db99fb31bfc69752a382f57bc7abe021f148346ee" - "29e17512c64b4918ab2391d12d6e5643bee6b5682885dc28177b292e23a37ff99b359b9c" - "f7578432af56e0ad1028a6cce7428980654c145af8daf09addbb3be11228d3c742defca9" - "d3b1667f48c63091fe3307ecf72667b02e008f24", - "1999ab45d66cd1d3a0fe6aa43bf5ef1e2a67637d53674f6fbbfb9b582be91fc42a12cdca" - "d94b50b0fc7ac55030de24a0b99fbc4314fa743ef4b5198bcc5f54d8b669fbed78e2e91", - "0400cbf3b0bb4a2e6c225aa922bea3b233da4661df5da7e0a1cd343a9b6655ee87fc60cd" - "763dee21eaa2b81c4dd5af6f4fadc3ceea643b37a6b17a6501e1b9b689fb0c4716911c1f" - "10014b5a9ae025f09066fffa6797ddf95f27eeade06b8ca5be5738f770362d5213c46ecf" - "ca58e3c60cb2bae1f8ab1bf0577c80b4fdad02819fc174cafb33df64fc0ec79713f7b252" - "09", - "253b533d3ad1c7095363e3fc80cb32471061e44dab3f9ae0ea6252f6ef169cee8badd3ec" - "cb77096ae9224f89baeee7e183058579680661655fb689419e36a61e8573de5ecb4cd09", - "3ba94f7682fb61de725a35caf1d4d799c4b05a1d1c44eb1c251dd8efab6b7d713c3fb917" - "776902a1bb202f9226558f4c1e75964349717e6dff938d0befea07a9ca1bbd429dd6318", - "226f43be8e24062180c726b5cb721cc04ffd3acd82183925523ff9e8631aecbec2c224d5" - "a291bb225f0da726d256aa822ee7cc2c7d69df3f2a5beb21132d91bea22e4c5db900cec"}, - {NID_sect571r1, NID_sha512, - "a2f71619ea04f7057e6943c2cece8594b341ec3b96c3915d924f94ba13fd7aaeed41ffa0" - "e842ade414784f1ef825fcf2dbcf7bd8263b802def45f94de596aec0c121fc06558c7bb0" - "6b9f27a9bf56c42090b5dc344e82b69c4f528d33be166764a593483f6fda0cf56e6000ff" - "363ba220f5ea0ea2c3191615c7ae3bb4fa575324", - "2ce1cae0716205330d730e6bc6dbfb6b951dc83ee3b4a7dae75d057e32e8a46e22be75b5" - "f09135452b29c34dfe81a9be2e8dcd243fbd946a0ed14a832a7802e20cfe1abfd3d6e4b", - "04075971399fa621ce535144ec1d57f544d798a0a59207166c3d657e5a80ac00e8f5b643" - "448e3546064d68ae624aaabf36face3016561a248256ff9131950ab8b04710551e12222d" - "0c0224a50f321647f47de3db4fbe1bf1e3a3dce8a834312779f66037315e3326721e3fd6" - "3d4d6ef92b7ba1fa9aeb70f92e2a6701458ac8da49ac386491f2306adcd8dd781fe75e99" - "e1", - "0ad95aa69cf9f40e13f8a72ed6d93388168abc8001670ee4d95fb4b726b1f958205ab2f4" - "58df8bb9ccf2405680d0e6951abbb922cc11d47cfded93c0efdb70caf0c54e7ae96d7e5", - "09ce019161bf29eeaf323933045f59d2efc372904ba50c4a6602b8305234a851d95f06a5" - "b56193ad5d28488102ec25e3f421a5f5c4626b435b423d612e6ab60e0a4fe5d4952e2c5", - "04f7b7ac787b361c2bdfa767da9c22152e402184a7ac133f651fdcd928239215dc917401" - "122a6d41e78299b4235e085399e594465b7f8dbfaae9bf302d83470b4295ea06bb9bd1e"}, - {NID_sect571r1, NID_sha512, - "b60415a831eca2cf60c79a334ef2f327a76d290846ee588d5d33d0a826bb0c7ec3e11dbb" - "384a7f89c8d180425dfae7463e0ea6497d2eec1dde112f1c1efccb532a2e2b66a28e2d36" - "d4252a4c3b12850d465fe21bddc441b92e6a7b0f67744f7f6e7812a0603211a26518b311" - "a5b190ed890ad852bed4f6ed13377cab3eebedf4", - "2c9d0fcfcee7e75c3245ba955ae04188b1033c55ec9c821d8de7685276bda3e9a93c3ae1" - "b003e5ea722913e7b169d67b1aa2dc8cd42adbd9368672a3f81a6817bf3e5529dcb0c8b", - "04019cba4c8ddadb596d7303331f2a22461849ebfbc78ea69277f72dcfe23d08397025ff" - "6691c61ed9958d68a9c5dd8a32048a89a2553afb9077ec43358763756b1473ab2cd8f25b" - "530319eeaa78444b7cc5d8cff4e9199ddd2c6dc7bd935a1be1d8b1c657dd5ac49bc92b0c" - "d91304ef44ddb7ecac05518301bfa0e533402043533f99549621e31dcc282a52186478df" - "2b", - "385e12170ed0b23c9c65ff7edd413145fd343dd841e85c498fae5f36e577641688999028" - "17d4dc39127010faa1da68000a511ac69f80708be5afe1631432f3bab7aaec2bdeb11b4", - "231ef400c6a3a0c7b26ba1b92341b72e138ca62d04ea2172854631c40c48081a18a57e9f" - "055748245d3e83d10d21af39935b0e50c9c86956ac46c1ea03ac4ae023d84b24f830973", - "24d37d67afafb0676cd7b5da2960cabfc804b0b3244b5e6739f8fe43d0841693d28c61b8" - "e76181f8aa24940d76fc5ea8ef3a95f72f67303e1ed85ad6e83cd2c44fd0e0f3f2f44f4"}, - {NID_sect571r1, NID_sha512, - "5d15a08226cc74cf495be681b795d0bde26b19f29aca1a8c6ef77d50271ebdcb4e5fa2df" - "23961fe11620b1c6580183f6ebdceb2c09516c8127be576496fb71449bbbf0a9d3d1c48a" - "25024619b97c3e0d8b165897db96ae9758d13ac28441d7cbfb75b23cb423e0002046358b" - "b6d64779974a5995dfe54b398f95f7d64fc52d96", - "10c057bbaa44ef0f565edc288bfe66d4f6acd8686899359bca418ba89fb690429489a37b" - "d3c6c9f3a8714b2ca225868c6a45fee360e378a676f7ea39321790f32a4b005b81dce43", - "04043b1e7d7b2aee3563813a6692f0b4b61ba82b801697c3e23724a2fbab2af80a2c56be" - "55af41def0a90cbfce7a45ec61629906055a8b2a5013740e96859e580c444ae9f0ddf73a" - "fe06742f13244f1bf156d321eab2c3095ca548c3182c405187c3de2fbcb01d0e16e1fef2" - "46012c87d4d32378629a75b694572ec8583ae0cc813ac64f10bb05a9e52e4805590482f2" - "89", - "2b8076102a6448bd4c4e192e93cdb96ea9a6c7f6753818267ee9e67644df1a4a6c9ff64b" - "be9f64904648cc640fb7f0cce69f9e02878ee950b91ad559a9ec0ae15b676d933f1620f", - "1ad97f4997037adfe306f3859d550f9fd89bce8b566e657d5742feb17466b6b8d507d581" - "0a8cbba44d671b043ddb557df084bf5d1de74ef8bbd6a93690459fc16a17b80dd6c0f28", - "3262ef6e4175e7afe095d18157f67b3d12564d54954e9964e991c31bcfe1dee7e86b3549" - "1ce818400cc0f83b819f478f2f2c2d21c6c7a6be43938841559e09bce70b0d61fe51245"}, - {NID_sect571r1, NID_sha512, - "9eca4bd88200baf61b901fca53dc1f1e7e3f83b94d58a6cc6a2adbc9b1a35fe3f8ec6178" - "7c76ed9a0d696167cd4fe46e1a0883fda564666131753c576a720125e0b712db1da02780" - "67cb899bdb14eec08737e864544663abb1d62f34a2114be07e8e3cf56e2d17099299ce6b" - "6d83b1a34e6153d7c6a32a72c7b1bf4583fcbcf7", - "2c182df7976ea93d996f3ba5d2221f3cb755cc7847bc3fe9e022fa4285046f5bfb426baf" - "a3580beea206de36f87593ae561b4b74a03fcd61fbd0e8d6fd5668f2148819a88a650aa", - "0406004b26a184ed710a5fb67e9d042f7fb9c8f5584b1f70a91b0b3be41c3fd2cd1a537e" - "962fdac8756df33f80fce2bb1bc7241d325bfc36dbaef7cf625918d589b6352fa7447189" - "10036a29b04a494abfe809d956c3cd6f84ea51a7fa28cb39a52f16137a13f72f0726a84f" - "6ae53ae24f5b468733f4cbfa0ce5bbbc1cc7b348fb996d33a45ff656a6a7557619f598a6" - "b7", - "2ab349232bcb4f4816b26bd0049e130fffc90ca0b9308edd50fb9055358a87fe798d0014" - "0b0ae01ed8b1f6bb9bfb726b253c3d4949ce9eecaa6c7fa84d1ef812669fa929f26be0f", - "0bbf2f9765b12742224ba7d064358c0305fb63e9b54a831e302a4546aa02cace798d82a1" - "88d2f536d78544c1571f481289d6ec69d117648026490e781f1eb9fca59bee05234ba7e", - "27e07ee0a1a99c90753cdc8c0291da25a82c116e62ec58b93f91086ac1cc039b35ce7d8b" - "53cdaa92a5ade65a7684b6e7ab79873dce33dcd467c39d0c764ee390b7fb25ca18912c3"}, - {NID_sect571r1, NID_sha512, - "707450bd84141f3b61beb12ffa5ae89d812dd11badcdf6a88a2d50fc70e23f6d822ff447" - "7047abc58cdfa28f97ad7f4911ae0773c04ebed1f51bb2308cf6e5712c4aaed461edd698" - "7fdd1796aab70198276b601241f6a14225dce575830ff60f935fd9f567d1d210652e4710" - "922fa793da78c8fdc30c273cb08365c9fc887f50", - "2d3a65bbe133cc98cf0eb56ee1362195968b4eab960a1d55d8b762f1361fc21348d6f275" - "d4bea1de7158fb97c995e20b92a9c887a3e332d154667ad167acc632eb88a0ead6113a2", - "04034355b54d00c3df7c2762ee2982cb777491aaf78e550c4d2ff5d5a893416eb3517671" - "dbe522b8c553fd71edfe0306cd7628324f4f748091fc5d84ad8af33b896985674649a6f4" - "e507e322a04eb600a3faf3e045959f1e9f798e1c965ced40fd4c0383c0d4e79a96bf693a" - "91d7662780990d0c9dfca77a9bc0e13551d2ab35af8a153fa34ea903961fe66996ca053b" - "64", - "0a59ac1240bcefc52456486ce23b780cc92c8b89314b8442a6898c373bd0adc3725e3eba" - "c580546d1ec82ebfb2e04c608441d962d759ab5f5af1596c6623487e1347537a3c35bf4", - "0c47ef55d93ac36cee537160bbe39c3d4504184188533edfe589a5ab6e5a3e06ef413aa4" - "8710d304f0b2bc380fd69a34aa0b8e2e9466fd8a131cb056dffe4b809a59fd83e594483", - "2d8de1e8e2a52dd1be08435cda69e673b328573edeb1767849536e6f2d5fc8f18f7bfde9" - "36d8c32ecbfa97bf976133d65641320ca1c41e81c388fd6088884bbd89274b1976470fc"}, - {NID_sect571r1, NID_sha512, - "d5ce9d59391cdc47ef942dd2a818d024ae3917deea8a5a4214e4db6a0c5e6b0936f3e632" - "fdb68a3f0006e05c44b7232013e1da5f877cd197f44fd6f60c1fd2378995e9a47534948c" - "5a09e33750f07a7165072ab38095373b07a50bc1391eb6b650ee13acd63d0352e7d9c316" - "95ea1ec6323f9b5f57b426ace56aa7fdbf419be0", - "2a920e8dc928acdd56e3655b2340d4371c793e66f67405fb7a90f31e9c4ef466cc44331d" - "1d2fe3ff7391d2576dc6640772166ef8c154a5ff1808f5dab2f03061070ec8b3f786c36", - "0405edc0fb974314e21ad40d73524d5620b7279084e3ecb9e58b06340ae53d2383efd206" - "b8b1eb3dd60c38f593efc05e2ba5fb8989472bac7db60fcada2d18d4108ab36e8c20cc71" - "0d00444cf65175f6bbaf647739cfd8407e7036fc6cc6208ccb9d776eb13e13b377136c68" - "3e108775d85b6bc5638926432a17344de965d45e042a0a8e0b63c7fc3a36fc15cf718f3b" - "af", - "35a0215892d0c52ece29559ebfa061011da8d597af6b3d1ee988ea4819be194c79a42681" - "476140738b1b5dc191485bd20c96c282ab38ddbc3987343155366b6a5d1ce7053efcd83", - "1a69a9a51f6b0dc196b2a8db2e8bf61764d4c65b038f43b5ed6b5dc2673971c32928606f" - "92b7caafb4dab3cd61ee724bba71a0d5c788cde4b96ef6b453f2a69126dafc20dbc7c82", - "13b5463636b8462cd9f479de8d114e29e7011489bcb9735ffe9ca0707a07df3c0aba0504" - "3eab387bfedd9fe982fbf04968f2be200e9e052cb4b02223b8579913d713acf94e7dc80"}, + , + { NID_sect233k1, NID_sha224, + "f23f784fe136c9fc0d169503d361e9c6148b0f1fbdcae0a97fae1af7033ddef25cb7489c" + "9963cfcb009a8cbfe44a8510a64a073eb1deae4c324ceb9302008c92c69b2dafcc9077fd" + "3cc3c7c119edc3ced36d176ceaa55ac036bf7f07f6fa215e8bb8196e59a5e1c9af4f98b9" + "0ab4970885bd7015fa26a09e03c7cf6b4b23d929", + "04c1d414696cc3657dd9df73ace56eda2636769ce7082e064c260be45a5", + "0401f228c0a75b057eb07fe7ce8223ed4163148c1fdab61e0f787271f836a900cdfa5655" + "d96ffd5ffb6027bfaa04da7b5d8fbdbb6202c8bb79f056ce43", + "058f8511089fcd59324469f6736b92693afe26bd4719e198f1f2287dc5f", + "016bafefb4933ffd00bd1db6d6c4fac8a06375603adc0aa2a5664083ff4", + "03bcb84b8f1990cfc7b88f2b8cc817105cd8e150808e7c87b310cdc47e3" }, + { NID_sect233k1, NID_sha224, + "400bcb297552bb37f2f8135a9314a35f5126788bb6fa4dc74152731ff64c5dab4b902103" + "d85443dec20e16b1d6629930cdc2bd183d4099f0e96295a63c2fe266f5e9d050c401a868" + "1b4a438efe53cbd8f2f43e2a31e9f88926a9c82917d873f6e8cd5ff5eb8c1ca36126b0bf" + "c8c2b0e85a7c9e7a45f1875ca9c82019ebedb729", + "027cb1d84865a16992476c9e353283d5d6a40c349a8e9179d1b1f403531", + "0401191227d064176f4ab020faea61330df5eb59163ecb4ea59c23e6f1f6c8012dbfbf85" + "b3624b9f56446f840602f9b839bab1368295b3ae919cb07c07", + "01a41af270269be052a62a9879638e3432a1479b05776ce61f45c0c361b", + "041a5f1d28b70bfa2925b9428ab8bac9fa174d88ae27d754824c7d16ead", + "044d359065672b3d3dfe8389fbc6fc751ca6a46820626c466174fb9b922" }, + { NID_sect233k1, NID_sha224, + "5f74d4b35c49fa454c97c05fdb6b9f6822cf1a2295f15bd766dbcb413d77c910bd8f4147" + "e8f317fac2300fa21cb80134d1b6f8ae8e50518c1f648a28506e419f5a6e8f05abffdb3d" + "d2587606c7e9c223ecff4f46b121216730ea13202b59128a7616bb2fd23a7e4a5aa08641" + "cc07b669641313febfc88d64d99447353dae3f06", + "031b443f46c4b5224237fac1022ee1570173f664aba0c84dbaa4246bdc1", + "04005f57b0e5f2e175006f4058cbb4ca9a0cac912c551ef1b94e97498fcc5a00f3a554d0" + "77b751478f8a2b7c2a9cf15effed958e0ac1a9e3db1e023c5f", + "07ff6ef3026c5a960e632beeb7313b3bca0baec76cea1fd9b82cedc3245", + "0099741698549c32a4e86aab6194527cea703ff869849c538a938585a83", + "02ad706c6f5dcff512498d84f1877eb997dfbe9b3d13b339917632d3cb1" }, + { NID_sect233k1, NID_sha224, + "8f92096876d9f81bcd992369d42d0b5877ac969004d17c8627c58d8b8b7bbf7a37e8cb6a" + "fa962b9b043bbbaa5bef4a5ee38d8bd31cb5866b828265a2f4102a616f87009cd346fcb8" + "af5519fb577c60d8792472232f33dc615655e53d2b715b15a2697b492f108b7906e1e359" + "7c6911f8cc30c7121ae338a6b747ec368f8e4a36", + "048f6ca29f35f253a4962734357c995920967b9eeff1ba5fd2080bfede5", + "04012b7ca7c21292f8795b2fbfd63a28c5a4ec8c850d6240f973c903bc817001be9855e5" + "c5a5064c27d1862010b2fd0d7be5a0180c861a288ceac89d6d", + "07dcb9725323fd7668991ce9a907b7129d53fae9016e253c53d057d195d", + "0498c4fca6ed7c2998347b464d3e562a74b0e4f3a6c1dc453aaa61bb710", + "03a77a13f011404d5c5341dcd2ca44dc2b08f21f09f524045c281fb221e" }, + { NID_sect233k1, NID_sha224, + "3d275dbde44494c45fc15fe89e2ae32aa26426a17e923e895c7941a5582fb95df4d49873" + "ab1bde358017f336b911b886b626b744806ab8113418473c441f1964159ded1b12122d53" + "ac56573167588e4b55f36b8bca8c67823883a51fb6e7f204d1c6b07ea49b577bfab9ca6b" + "8d51f72268b022e3a4db6f9d265ee8382f9b7b66", + "019b940eabbe682f961d9f3d90432e347fef3910e641656825d775705b1", + "0401efcc9f4576047c43eab1c13e0547b1c5ec1cd2afd2345fda72b5e1b50f00c7b5968a" + "f47e58f4ec15c0cd82ccd0b9f5bfde06c7f86fe5cd0105d693", + "03f783a94d1de73e4593f5d6d02238cfa0486e3ddf2bc0b95a528038e3c", + "013c467531f3f6508534ad072edb210e4182ce5a798d8a46674e92a0b4d", + "0685982aa8e2f3e46ecc03e00e7323f3b891da437235cfe9800139ee8d7" }, + { NID_sect233k1, NID_sha224, + "d2fa68e1f7dad02916b12fa38f1849d6d409dbad0344438520b4dd9b77d62d39ac9ae3cd" + "eab03ccbcfd4de703c6e798873671731c108f322b9f2a68145e3e210c9b15b879798e5c5" + "3c5022742e9819b99edabb2f44d89ae221f7a99dc84421a6905695ff91928db608f86174" + "5f17584d56e34b75c47281435b1b0b34e490692d", + "07a884b22e29fa9fe945e9ba13c0df8d786dc87cef0f77f069e182dd56c", + "04011e831647d0ffd53d75e44abceda753ab470b3cc93b457590617d925a19003db5bd0a" + "ecd6504d904bcf9dcce131abd239aeadb9a64a9811eac823cc", + "00241b763c6245b83afe61762b161c41467ef35b7f27a9c1066f02babd3", + "0514adca3481ac5f99287e6e966a5c223296b07a9456eb582ec5568688c", + "07ff6a2f7cb1d2594a11d8d0adb6fe50b4e740f025e7b4333ee26163d92" }, + { NID_sect233k1, NID_sha224, + "3830f75cf9df4eb2998c7c1b5fe11c1476bcf849c3a8fa7d3d0b5bc2292e5d07465ab8cc" + "9381c575d909e509c5dac49c78817c04e4bef18bd51bb09aa5897f21634633a5ce6d20bb" + "4638cb6c3927351eaec7b62cf4a33956916045c392f325adafb10a88a5f86d7e41dd7790" + "8fa7284210071c22aa40ef40da6339c02da05392", + "05da61f881d5a0dc085bb93764f584352882923cd237d878220ec624c1a", + "04018d740441eff1f785a14d04da4ba69540cbb469780ffd36e1dfae4f1de2018072ab30" + "e999ae26b872ef46a9a0604296d02c08fba9477d9e03f0f75d", + "000f95c5678fd08dda790cc60bfa578118f8687228a2ef5f31e71a6884b", + "074a6599b8cab75e0cf752e3f41288fbc673d52074950edb14f76524949", + "03523804351e3224e816cd4fb7191f332585f68053ddb32a85cc0fadc03" }, + { NID_sect233k1, NID_sha224, + "65b9fe15e6c35d453caa6bad39ee78a720a04b60d8a0a0f049186d2f777e48ae2d657e17" + "4df53edb7beb9f7d8f21904ed674add0cda5b62a7308de76c324a144021e8c6d387daaba" + "4ce48bf7dfe9c8aeee2c64e434ece1fa5ddcafcf3e5d0013a1eeec1742a00d384cc2ec0d" + "7eda83bb4dccfb0e57045ebfc27a4f404d03da37", + "03fe9f04647f6d82b13ec1ae5a8c2e49bc66b05649ad778eb16149ad83a", + "040158eecc6b8918e7813ef990217c603b28ed1774c740382a8af5c9af613301bbffeccd" + "41107c7e6f83e24c822d634a7ec064fae125dc8a3ecc4fc9b3", + "07731edfb3ef523a165a1b5817ab2805a5cf88043c98ea2393898e19551", + "01fa44fa18ebafee6f419fdb9de0e8365520617558b57e9ee89f2c8fc88", + "053f1b2da4cabad04fea1111d525f341417587823fce71e5bfd2353c2f1" }, + { NID_sect233k1, NID_sha224, + "d26521fd41eb5d46ece6836e188bf9cb1b461d011c41e002a935d256654d01725378e845" + "920ec4a7fd3f379df54772493df50d312c7c6aa4e909e7b83f2442c3a5e85c37d68aa015" + "098ecfb0a5e077370f4576f4bc63bf37e1dee06d780a3b6949af5e21c2a0960fcd20821e" + "f5f17bebf5fd5b3bdda260842cbbfad45667287a", + "05ebce648ace4cd555413de6a456fc487d14bf4b0b9a72311ef480d2f26", + "040020b46ecbdc36b4dc01111932090ba185eab2cdc4fa89775f2a6177c5920104cac1c8" + "00103c79642321a216bcfae497b037b29888cf9f70c507114e", + "027733120626e564b06ba71c4946c9c8bfae43f88511ec6352d2a52f407", + "0592de5184510e6ecb7be8a011f862470b918354a1ad82458cf716137fe", + "010a9c5fb6e4b70571a35c56744b57baf0108728bea2bf639af1960d1dc" }, + { NID_sect233k1, NID_sha224, + "b778c021b1a92c41dbd09963da07018075d73e54d62df5c2b7bf8abe137151650d1c1c6a" + "bce7eebd8f32e8c3e6d1433773f257bb3ba4a4fb6a02c0db1e47d03c27d3a90898ebd192" + "7c21df24c4c5443ca5b81f8ef2cc0f5e8b3d08f472bf07085df737adaedec63d99acd77b" + "87ba98225f198b791124ac2d9b191cb9251b4b00", + "056653c2f85593f789a926ba49fa3da9d7f946d8f1020508c5a527ce813", + "04010d65f6f5415dd86a83bb10118abfc1b1670a1664eb6dae99fb68b85019012c1e673e" + "575086ec1e76b90d59c2cbd2727f726f88298552b678ba7e60", + "021e26c098c9f9da9c782857fe640ff6abb21caf20a093f2277845bd10d", + "01d67cbc8209494dca1a74cee5d9894f98f03728214f7bbdac29b0c0e78", + "02215f758fcf0d8dd603e79658a8061ab45bfe6d854e52ea7074fd5654e" }, + { NID_sect233k1, NID_sha224, + "ec14e07f615960015a489ef999e308b42a4c571473b9bd64b433dabd9a1b1ad02e33eee9" + "100064405175928a94543a80f440040afa2965b4e5f95f768e7fab6d3c0a5f5e1bf1df78" + "22f78384e80f2955ea85f044ac60537d895747979f935bb0cd3673193c4a32dd7803e48d" + "7daf70a71bc2aa97236615b6411e28fc9a652145", + "049a91d320783cc70a5952c32036cfc75d41f1aa84127db2dc759fb291c", + "040190528df8fc3ae4db6e12930f176ec9c833d1668ac5808f1046366445a401f647d55c" + "e80b18a9add47fd1a8e4aa725297d9da03246f5c1ce503dd56", + "01eb80e2596d6c01431e7a4fd9e22903ea85547a31d675ff157a789a137", + "04523776d88199ebac2f96f9faa434bd81bde770ad4458ef126fde9198a", + "054665f31f92f8897482d34fcb63141a7539577037c84496167e9d3389f" }, + { NID_sect233k1, NID_sha224, + "89c645339ad0eb850e4e2fe583cee175b35feb02ed7541d7e9aace24cdd3939584f73ad3" + "9526de6399c86b36de77a018e2c70b532bd0f032f9137d10480acc30c49f9baaa86f9df0" + "033b77e98b485bf7a69cb5c281e527d3ccd1fce2415f0dda4a268ce68a0a34b16afda54e" + "d922cd6810ac8dc766df2a3a6c5e55972e9786fc", + "016a20016602fc7088a60469843e1d29ad67e3c3cb9500b1e2a00d4050a", + "04004f157541dc3a8bc8a2ad4dfb3933039b67e331b7353a2fa9ede322f4ad01348a7b8c" + "9495bcbecd556870715faf3d543cb8f2368805473bca17b82e", + "01df1ee39217d7f0d838e8b2d30a1159d8003b06e50a00d637edf08d6d1", + "045d16826bbc425637e7a05b826bc907f7453c70141d1bbd2cda63dd490", + "01ae1703cf179dfd1d5407ba2b7324cc7cac15235ee9c3756177444e122" }, + { NID_sect233k1, NID_sha224, + "ace14c4b101d2d8453c2bc22b756af016b5de537df9c3e639d208ad04ae0bf6232dc90b9" + "0c33228dc85de956db771ffde05fb4d0b15e4f218ed2771d703ae5bf981252a5bcd60c16" + "f14483131a481cbe04dc0adb1fb8aa32cb48bb5008e8a8e5c7b7465be2fd7afbc811cf5e" + "a6293b1a464669b49f55f57b93a8707e6042fda6", + "00ba922149bada2551b7be1c3df076f3f97ce93c13c50c285fef3f42363", + "04012daff2cfab994b9d1d1ba73bd2f8e7883b2d92f760b0d16351ec125fd40115666f7c" + "65b95ec2d713c5ab1a3eeaaf0f931b1859733416c3c778aa2a", + "07fc7c9503fabba0972e0e8892ec6331e0812c6452d211c5561fde79048", + "06477ec9d8d8d45418b9efe7ae47c0863ff94c43d8f392c079b870a7cf4", + "06b5a5d020b3d980b9d7880130802435ddb4e7362e36a70d193f18a7fe6" }, + { NID_sect233k1, NID_sha224, + "cec2ba0d1772c87e87d5bbbd67220692bea4301aa1a66e8dbdd7e651d45c26dc2a0d45cf" + "c32c34d76ae3e1c61db7b0fe1863457b93937d929e6ece7462ebd16adfd708353d6f7c27" + "aafe06593c76da7149b0cc574a4290b0d8fe219f3eada7082aca38dba3f78ed0d5942d09" + "5fa5556fc8bcef331ff0a6d5d1f4e6c51d4ff5af", + "02d635e12a58cc6dea44e71e87c37f91e8d08659f0b7955d24f65ab55ba", + "0401dd33d8224ffe63a32f2de5d4fcb0e5f1fca7ca2ade5b35ffbe75cdc65800bfbe9dfe" + "13f99258c787af82631ce2133dc73207c579b29869c7463943", + "04ef333049c575d6688aa04f87a6162185e4a57bb752a7f903e3aff86ff", + "01ade04af08ea1c1877779fbf6335156b1a1437f3e449f07458d700c67e", + "010fa82467d39e5ad51cda8fcedc72ee6a78dccd0c90544814e53ba9cb4" }, + { NID_sect233k1, NID_sha224, + "ffa13cd0f51ae2643d5d4edecb493ddd653e9faddcffc370e7e958abf726a5d67a2ab36c" + "ef42ea8ebe22a6f01b9c31f6ffad01e6894487d979acb5e618f765ac0ec3550ac5dbbced" + "e8f9fdbe52fbaba5c087ff382b6d7a09b2b5084227d324d98ff98793040884799b96d2ca" + "593201f4414f18c43b51c53c5e5059e0641aca02", + "0073883e5064e06814fc4de32e15f7a6cf825d2daf6eb1df8c83e25d80a", + "04000d3c79d627ee0d2d88f2de2dd082112c20dbc5ed66089454f7b8fd9f8101a2580e77" + "9753bcb023acba1b0852492b989c767f664c7047de8e6689fb", + "020231e05166271f47a91dd883c580ee313e9a07195ae511f0ee62173ec", + "0303eb4a0df97577c4cff531b3f54aa282e76669c0c5ebf4c9779c9bb82", + "0692432a7dfde09db7743f08130b3d3327dd98cbdc323627603518f70d7" }, + { NID_sect233k1, NID_sha256, + "c73e3dbac9513d0361dabe94071faf03a11cba18c06d131a172d5f0125b01a5eeb6055bf" + "72c7106fe3f4be3bd2b1771cbe7f85366dccfbc3bac20538510c3f51179cc540ddafb2f3" + "b05a0d276899674ab1d7d8fb4f6838f04e4f9e26b8c6af31540f63f4953c85840af4c57d" + "fa78c704f637dfc8dd750fe45e2c1e149986d127", + "01532271bfae8d4dfe60f69b88d3006d58e28aacfa701861cde8d624db6", + "040041c1ca965338976b4c45c28b1cb64836b3b4d3e7ba2b1323ea26fbcca201a177d042" + "fba7903007db122eabc459e37c2c7fe82e42752b267fafe4b0", + "06a54894825644901baf2ec3681ce5aaf93a18757d93ec9cbce7ccd9d65", + "03edb77fc7686b520493604db18fc69edb4cad8195a958e27ef289c4bac", + "004337ecfac57abb9271909aa43ff4e32851df7818dcd87216d051189c0" }, + { NID_sect233k1, NID_sha256, + "d00dcd0f3212a3167403abed91c20e76f5e7a7678a4fd970f944d11e6a8cd149d0aa6fd3" + "164c5a74c0f55193a4fa3d8ba6f99cabed10544625a7bd92b3e0b46edbd4a269bbc10518" + "c5268c3910a2aea567ccd32d4c7a0cbef09ea42c20b636d1f711d220e23dacdb9d1146e0" + "494401349749e5ed88e38295232a7effbae3aed6", + "0550406c0db882c6aee6cf3b6baf377375208c3e90cc44a067cee43efcf", + "040073348eaa8f2885fca3baf31830a2b28bfe983e3046418561f62ac5d24700033de5ae" + "e6d0bd4de286f1de1e80bf72e5e17083032bd4dc24577b6d2d", + "05c0e7ad0f9bbd522c862326a5734a766423fff7efbe57c51c315fa574c", + "02103f1a0200883850b6476c7d7e7d2b3e2f60923d028ee6f8227b1ec48", + "007cbbc3c6295ceafb3d9cf8411f85a045b11ef8472c5ed45346d26192a" }, + { NID_sect233k1, NID_sha256, + "3d36221f87157ca4db84884b8666660c4e2b6af330480c516cded9f3bfe132543626a39b" + "b6aed1964eb5c33ea0b95b9841665417679fceb95d199d55accfce35dd3f2283c1a7ced5" + "7d0c4b9ebe3da6e1ff2f979b6440db27caf9f6a4bbfa47e20d29ae304f4d0551fce9cc40" + "97eb2fbedb9b24680bb17d207bdccdbe799d5b0d", + "0257dc63752920b6854d6c2d1cca68589a38418c3d036e73760a12214ab", + "04011a42e9f66ecf030d0446cfb751136347d4df0ee4e031058ebdcc04df8000fb7161fa" + "c8cc5ad7bc4477a39350e419776f76f184e28abce886ae9cc5", + "00391d36c4044896ddcd68604d5f677d1df298f46abc00eb12f1165e8a1", + "04e19bdc6755a603085b66355256bce98d5fdd49b4f06b628e3e185574a", + "07697b29ce5546de969c9c4bbb5ea65f712d6cda3410f3dbfa0cd5b1a8c" }, + { NID_sect233k1, NID_sha256, + "033d82a42d0eddf58fbe3e91ddff7190e3f9fc2b1e2eede977d2c0473b358b5fce1f981c" + "a6f88fd61ce2f79e453e3a2b77d1baab2b970ed28d5dcff58873a620e195085e61c4b848" + "0d829525a1a944e8a4b63352f0291f0311f1f98ceb262804beec1c74947618f8e3b06786" + "6255878c2502966cefcdda4f5fa2b13d92ce7840", + "029025352297a7be850f8852411c09259b83219135e0e8949c1bd5b94c1", + "040184345e37f07077cc8df5947c1b1fcd8404b3c31586d6ebd91b240cf42b019dbc9091" + "a5d282fd6e62c34676a06a425e098567b990c47e61ef14d77e", + "02b2663a449ead3f8cce2459e04cf84333376624d994fd9312401ae57f1", + "03af223fd3a6b6b240e59dca83ce2477a577494438ddee3fd09632ea67f", + "0606576d89f2094572f0bbcb58a15d9a4bf10ae3667d4e35cdd8da32102" }, + { NID_sect233k1, NID_sha256, + "671a7c81b64b2919722d7b258bdbd90165bb757b53106e0af03d0eef27452942f40cf52b" + "c95cc7f6567df2613cce795f8bcfc723b2735efc35375c001d37c58480d89343697146b5" + "24835df3dbd333f7c06c98e36d3c4592ecd1f34ab57c341bb0f4c785f5b8372775f74b4b" + "ce60763fad1788e77ea158d735a64861320b36c6", + "02dc82d0e69e498528925c0e62a13fda9af8cefd047c10c3ffc2e41da3e", + "0400e5463926235ce53a85b489c3c278320ed986003962a5fc7ad4cbab0d9f01453e6edd" + "e95670a4653186ebd8246c28a94dd84f5a669bd3293176f1f0", + "034a8dfbbdc98bb1d9b175600bffd866306dffadcc4bbb6f24e7f918da5", + "03cf1407445cf1a619a280e139242056c23c58979f0b3f0aa7e1fc074e2", + "02e55f27593f2c76fafccb71493f14daf50073b35cc85f002528cc6d691" }, + { NID_sect233k1, NID_sha256, + "0ef677f4799298f4aab73b7393598041f56e902ced1726af49657b6601a06186212e3ee8" + "cd4bd33b760dfa2ea3c38884f94358d51dd479f2ccc8b0b352fa4e44fcfdcfbb24919d04" + "e6ee1108527b8e8d60e8d1b467c30c18c5455e5835d483161d3fc26b4a67d6df9e3ddd93" + "31247cb18450188752a1ca219f3396a872cb13d8", + "041535fff5d279bcd744b04e643458ce20b81df8a9e01b1181d52bb14e4", + "040021e1227457be78e49db22335139a136ba290d34871f90ab5e6a8db6ac100df43b381" + "a4d757864c39ce8d0b64d6a32e9e8be30f92a10a252d46a2e2", + "03019bd459b34133dc7331caa8976bee67f76db3a45b1793cb545e26c68", + "0025611bd4e3473aaea85228b2bf37eb1b4458d8166012aa098d9c1cab8", + "07acd38506e984fb7f1607b50837018f9b4246623dcfc9d7aceb486e76d" }, + { NID_sect233k1, NID_sha256, + "9290df0cc50c3cab6655f3a6de1f4cf613d9bc06ea7c99f38038369ff2fadefa57a3c7ae" + "7940c1b98bb1d03503cc271f7a891bf38eec93c31dcec7892dfd2e1ab337bedde3e5325e" + "d8d9cb7fa3096f6fafc3beb3a66cba66ba826d1032debfb4908cc9dded8c0099c85072da" + "ac4373fbc428fcaa9a6da02181ebc33f0cf926fb", + "000ecfe580a624df66c25e87e7689fc3b471d205970ff9ab51a64aa12ed", + "04002ca7b9c98bb8106ae14a87d5f9f7ae1f99a5524992116e68af89da6daa00a2fbee76" + "9eec313cf3c8519d3f96167477f0f06dcc470408e3f637b6c2", + "044f065c49bb7ff0772d628104bc2e222f1fde42aaa8b9345d324d7f936", + "046301f3f07922d338d5b7d82104597fc50941e4bc0a15ab5e0408f9fa1", + "03495e335905b4842b97f00b344313ca7d6a4ff60cfeaa5d589e0a31782" }, + { NID_sect233k1, NID_sha256, + "855c7be75fda372f062709827f333630acf28954a62a5193ff675f0dfeb63f32bca418f7" + "cbdb346bf388d62315b19a592267ca407120db93d4e3d7125b867c4c4670b7a57a76f617" + "34cead2caf2425eb9ff0a63293e8cd6defc9648257b401463f4533a2425e0024f1ea9336" + "5eeee3c6da20d25928602ec8b426f9b39f97f3fe", + "013c72c73358ffa168423149ecdd897f0a5f75a641de008649f00134944", + "0401c70e1b6c01477f95e718f193e13c093b101e9f16024082ac699ed6ebb601f8013a88" + "264266cb5cc5bd38e477fe0a1aa49ae4a5ff94cb58439a7c1b", + "07ad8a117f34bf2fcf7d689b8124e08118e28ebd172f8c220d57d3f0b88", + "012bc7d380192f2efe55625e39927ef799993af9451c662b562a239dfe7", + "035961b27e88d6731220f70e96d555f63853d14149df7bf6d24fc29441d" }, + { NID_sect233k1, NID_sha256, + "9c896f800281812ed57d31623d563377a5c725cec84313472b90e73f77d400f5d4fb2362" + "55741b73d46f7e5254d04099bec274db8a9af5fc7cc220d42cc172cbd3c3595c49ff74bf" + "aab7b5e46c90855b611f74753ccdbbabf92e011d52e9ba753b83ed2a251a632e1bd5c6d3" + "46e38e743950c8ce0f394a837028575fa44bcc26", + "00ac60e2e70b7c4cda64071c7738f68773c94df9456a8ec3bbb468fa7f8", + "04000109614a2ca27b7a749e53777e0f3ee2f57013ee83ea539ada6d98d8a9005668f4b2" + "7213a8a024455b398de2cd7635cb620d7401f5deb4fa9ab2f4", + "00098489f0966e27555268a94378b7b8685ac610fb0964694aae9aa716d", + "06d151437a0aac232a472af038b0fac095d224ce0e5487510e30c31d605", + "0563dbfd021c1b77f980530d0120e93c9ee4f1f092a268bd8aba7d3110e" }, + { NID_sect233k1, NID_sha256, + "139a14ead998d1a962fa47c47ef2953aa136bd912fe940709b8c560bc2a0c4bf8f3aab30" + "a8e21b7d5f487d30b0097e3da723f11b5cb4e8c5724f5a2fe0d68ee4bacbb85e5eacf180" + "94d2a8ec4506cf8497836a4a905059a998ea750adc54c27c69cbd0b0c1f9743a62f3d988" + "f3fa0a9865a73fc071f526623085a2ef12838888", + "060bf720052e8b9508a801340c213cf53bbecf4975faee63d4b44fc647a", + "040196e37671def44b35c9e8c719130389b40c7ebc0ed5ae354dc73e0c40c700d3fa0a45" + "a3cc5dfb61085290f6d18d710ad5d0d3ab31ce65b0e6915a72", + "0729c7e1de10e92634857a65a2ed75103df6bd4bf63b1ad6383c37a0435", + "06808491ffebf088476de7daf541bca3fd943d4c2089b848a130abdc0d3", + "02c0dcfff06a07e928c15a1fc2aceaa4b4dd6fe8eb67ccd4d01240f249f" }, + { NID_sect233k1, NID_sha256, + "cf4a8e754b23d0fffc1c5c80b0cb11deeaba3064b315bc2cee96db5b9881baf90d30af4b" + "69066f757b3020706def77a5fc1632d96bafba22a9c8cd3b52d535d941b3c7cc02b7fe6b" + "51639d5e2084478ab3a29d2f5e0e16639fc2833a47b58e2c3fb5b2ea1830fe2ff68e571a" + "8f281617a23d9a28db1c64ddfb1083d055030e5a", + "07cf3c216592febd8630a478b5b3e3a605084020322adb13ac0a626bc7b", + "04008eee2ea13a08d4e4d71ecd2547f6d80b8f88879c9edfab5a675831fef2005117c0d8" + "a0442ad7b95cac1a984dfb9efbb7eb3c3866955da60e6cea8a", + "038de0be25c23cbde9ed9fb259cd9a06b69bf15dafed723970dfcb91307", + "051c9c5fe50eb81a11c8e7b2db145c6b5dbff2c51def56f4981774c357c", + "053887c6cc2f21bff461c9182c17f634ee2b301c3cc4af0bb1d3075f74e" }, + { NID_sect233k1, NID_sha256, + "ae64030d4af9b36c8d3a6af0aff34e5ab201df04274691fb420b7d5c40c401ed7f3ade96" + "065d34f2490d17943e27156e7bed83cd7222d0d5a73d167855fbe7ff6c3ed87f20986ad8" + "bbbd80fed5f9705c6c783b423f641d40ff1f367f9648af5a79ea3cea0236997558bd9dcb" + "011ea4dc64d61ea1e1f85b4f696ed586bc7705be", + "061eda5999e5a9ed4485d2a0ac5510549b76ca37df858ea5d95aeed571b", + "0401642d56359cc0a5f261fdc405030d45b0d6f9c08a182d354bf2687dd9d5011bf0dcbf" + "62749a99e4b02b284aa7a6479b59b363d25319a5315423a589", + "03094fac5381a1b31e53f43a537d9e22ebe6bd2c149f2f69d792bd56f53", + "053c8c4f9a30e0500e01100bb97c00ce98f5cc6578686daa1bdbd679373", + "047086a88ea014f06d6345608bd0a6010e650b9f6f984b6efea9a4fb277" }, + { NID_sect233k1, NID_sha256, + "94a9d9cd9efa3e4ccf2a37f904dd9cab5624ec9393cf8816ea591c5e70cccd2f105388ae" + "133708fb974998ae61d218c71785f9eb808d1c28d953cc7eed00dd9854b6b4568c5ed5ee" + "3df3b58a1e04c64f1c87fee4365ec9aa41b08a6bae234dc43a0bf2f61420acdb891a40f1" + "7f246972afee75a4c0b249dee0fc8f9b9c8a243d", + "07e7e73171e4d2f2989dc024757c186485435b82544a448f5cfca05f281", + "040181c8cf579d9259020461184979757b097d5a94245a2b9a1f8a6931ee0a014baf1b76" + "1a0af3dd9c0521c6489f9a778da824283c94087698daa7cf78", + "02b57fabe6b866fd25ad8802c6b02b680c137ea9b623457b35a24d5a5f3", + "07421dbfa83859354345b9c3f1ce6242605094d924a4d38c7bd952e3910", + "05ee48a3a5119bb3433b53a625101492216421ce67fc04dacf947ec600e" }, + { NID_sect233k1, NID_sha256, + "4db998df7b90678b8aa4ec6233c9b4629800ad1f3e2cf8f7afcac62fc6982dcb290e4458" + "7015eca8dfe77dbb4a80f9bffe75b11e961e70deed14555db6dae47d49e73004f000eb86" + "77c18f7e8234bf0a5a104266167a05ef07152e7acc2f0368b37efe69c0c2feb51eedf733" + "8cf9ed398f066cf1f66bacd89ab9376d41da35a2", + "05f7270764a0444c7159d2db867930fdb0fb9fa6b8fc80ca02e11753095", + "04006806c7164a09e11629e16608b7312d9d988acefa626fe8e34e03203d11019c4200c9" + "522618dab8a16e217beb3011599ed6cc09291fe9d451f0cf02", + "04a8958c80481a18c6e0893da9ab2d48fa6ae30a0f1d0512196e658eba0", + "01d301da51eccd15e09ce0bc2d0bdcb215a43ed13792084e2969260d46f", + "031f96a2f322d27d0bef23ba7c457fdc45a6e612f7d13e9277d36c8def3" }, + { NID_sect233k1, NID_sha256, + "dbf9b8a4ae316bd2df0c80db1cb5d7038364a2634925ff957d7c03511b57d486274b2ecf" + "191746827c325a14dc94daacd66ad86d369e3f598f176c4f0eadec7e9edd13e34043efbe" + "0a801b75b8186b4a6d89ceae4fb250ab570d65b6dd7c04382738fe3f6f6c867a7d84b35b" + "20720cb0036a5d81a87126f236833831d9ff00b1", + "0179b924afa4acf30ecbe2b3c12de533a1f9675687876a7e5e5ddc8e03b", + "040175bf95ac8e768727d3b4a74c2b8a04b221247a3b8386ddf35fc39976ad0122f32f94" + "1066150c151b9db92b86f86a10cab0828a77e4f0d5c4026540", + "0210c75a63699b424585f65497c6e46988c28eff3e0977e3ade599581dc", + "06087e46c0677e3ca64a0cf030236583935d0dc03c896685dc6e446d9e2", + "0252e42b8f03b085f38c6849bd420837d985c9fe14750a654b584c4cc5d" }, + { NID_sect233k1, NID_sha384, + "986d9e5d636526f4deb7545c037fe81b09c74496ddb8e42e61650c74b6fe348593f0cf8f" + "8eca5e839baf62f17bf6ad96ec0c71dc44fdf11259dbfe7499157e402f6bd50769723541" + "50723afb632799a990c44cd0a4fa9609ec4db133e3b4700be3ea4a338e8ba1873d345e80" + "163ed60d0de274d7617a8382980bc2138b0a2a01", + "02c9eb4d392d7f2eef606e1861183acb1fc753d666225f0f154d9eda147", + "0400d58fd7b5aa570b1c4b2190ec413fbcc9ef44d33ef191b6e23abcb386900173e85377" + "bdd8dac58222cd1d0f7ed98d73d6fb6c2eaf34819b08ececa9", + "064f9fb13784c99185f334700ccfcc4ff60b7f4d613c3de6dc5d1b8dd5a", + "03bff54e3610ade656bbe002867168db1b521c49225eb9662950b01955c", + "01da3fd8c08d8e17692059c669da3c7c4c146df6d3cbeaf34598d28eaae" }, + { NID_sect233k1, NID_sha384, + "68d0be2883598bfb1433886aff118349157708690380c42b8919859d96db069c7fde6e11" + "7a3669f2cff94a0f1b66b27b09e3f1b24d26299e11552a084be428446f3174da2e041465" + "5bdceb38e58fcb065b6661190862db39c6545dead34a03584632e988d0459659dc7c7c78" + "d4d00fc2aa10465cf24b2410f14e2a62173c9962", + "024661c89b77b2c743cc175a6130904461138ddc4ef771ffb9fc2c8679a", + "040090383de7ca48f1e71a43845565a9f0c53d2c9f8c2e0f6c4ec7eb6437fc0167658227" + "2e7ebc9fd56e1010a570d744ae4fa70eed3e6eeaeb0e0eda7c", + "05cc5b36c7300a1cc3f624e9e663861b4e296f7e7a27e8f8f0a2d54eecd", + "039c6f5b484411c434ee161ebeda7aa21b7bb26bde0301d9ff92921337e", + "02aaae737aedecfd5d53af56ef154ac6430a45ff03a3495a34a5fe0e97e" }, + { NID_sect233k1, NID_sha384, + "f0ba0407485fecd7337f4b22236533a926cc744a5f06dd08276750196f1bf7ea7984278f" + "789f92dd07e36895a8bfe297ea43d4a1177c0368900e3b969d3083cbe626f0e27e7ab38e" + "185c923dff46d9ba187b2acb9cf4b23ec8eedbb8044b96b5263d956e50cd6240c66d5d96" + "517130c743752404ed09473f05d0004dc5971ff5", + "0065e20e5ce534576d7c17616cd4ede3bf4f500894850723bcc9f895f4b", + "04001413f6dd5349e94311f1d25e400b69c0f0ea446294eba4bbeb10278b850066a05055" + "d856621161d4f0e33dac82e5c0cd91ed8aa56e9abba9ec80cb", + "07377147b59dba008ed0e6b366e511f94c7f7c9088615c6d46f46736b97", + "05515a6bdfde3b4b78489194d39f4bb439f58a6b3c3f9e16c8a71590b14", + "00778f79083d11efc8ff959f607c4cee7cc8f38b855028ea248fe291adc" }, + { NID_sect233k1, NID_sha384, + "3827276694e413c886129c452c9a66e7d09dee84f5f09bf34e4baa308b4627e096c7d45c" + "f6ef45ba1d9a4019a60399feec10fa80e333e2aff1251c85ca48574d9b9e1affb9666828" + "dff5afcef3edaf5e8cae823505a0c73afe76c1bf130399fb06b092ba34ab0ae15ac6c682" + "f9ee8479b065ce75b57213b8aae0f55e4e386de5", + "014c85f66fbbd653f1e4e590cffe62c343ba6062df4b271fbd02e5d42f7", + "04018930b4a59a1c0e92febe650347c49e29a4e83cb8c507e30ad835dbc94b00a237bcd1" + "30235e34b4439293f15e7a3913d659089e38e5619fa52e3c0c", + "03c1f8d076fb4fbea91a97800607b2db3fb5a45149c0d30dce79f07e963", + "04b9d2c66d8cc55b64f3f62dc629ce8e50ae0bad8a4d14e8b6567fc87e4", + "00b9dfdbeecb061a455dd052258f3828d4b7174af972c65bd0043a9776f" }, + { NID_sect233k1, NID_sha384, + "d1afb8965b48d66b9acb1ece674d9548f83395275f2d8135554cfcc7ceb96450d850dd87" + "4529433883709483d0743798db5e0dee955a4f30ba328c7934b8dd9207f3c336cf89141a" + "175ebe23d2faed629eb4236a8aea8300604c3eb7704512f240fda66acedf1494a85058dc" + "6a31bf9531958c332b93cfe5545046876c6b99e0", + "030ac7a78593b570b29f6d3d267abb6ba7e5870ee1c8ee4f1ab2f141051", + "0400a409e90eb4314f95967607ea3de9817a0fdb439cf406135262624e7fac004b1dd719" + "434e8dfa5861887736f32ecd635878ed4b9e290c423da09059", + "027c4987ff872fe499039b4432dc889960ea8e3f07be42e36a5827b3964", + "06829b5e02b5849689d152ceacdddbfa8f68d782b3ae8da23ea48b1acbd", + "03dba0d2b4400495ee098325ae4450b32b83689349e82a69b799dac2cbc" }, + { NID_sect233k1, NID_sha384, + "4f95b71669fdfe5dc46d4b951b085e099de349fc740535175337127910acf24e9a0e4b2f" + "23196ad23880da47b740d77d74fe9bcfdcc44dd7d8d1a181ac290de5cf4da22d5034cda3" + "d8020bcc776dde8cef1786c9ce4d2c2cfb035da61406af745efb7ef1a55f2eccc5000319" + "cf1d6380963025dcea641cfd15a3106751fec286", + "06d7516aa040f7d559cae248e485834e8d9bb608279ed4d4f7e1dbcd2b3", + "040127a92888fdac8d4ba9c0243c9aca516bcb431911254bc2cf51883623a100606c30fb" + "b9958fb1140643f32c5dd582c2319f71bff197d58ba3e598bb", + "01104b6ad82327b0445e75cff0efa1281d266a9dfe4019ba2ed22dd6976", + "01f247b2850463e362ff8879054d3459b2cbae84b9d4bc005a2ccf4736b", + "05b3dbdf04758d546e54c43ca5973bd8ceba646a4dd5d17ae5d2f8ec516" }, + { NID_sect233k1, NID_sha384, + "2ad9e17780c824c4f2d1e1cbf19ab85638f2f71cb4fa3518f08085b8b358f54d4f08394a" + "5ac29cbb3cab828c5f07f41eec51e6cd61a5f2cf44dbfa46834370cebdeb328fd3bf681e" + "61011b5c2ebc8945ac7a2a8467606051008b15c89390e111999255bfe28634ce9bc2850a" + "2b55a4af1c4c2f94403c78aba1ebc87386ab7b32", + "0137050d7b455f43a8dc2516cfff5a91062c1a2727b27df41488f3dcf18", + "04015ccc90a5f3906469e3ecf7a70c429f5b50fd0ce74065d41f1bd6dccc1f00fe5611b8" + "b1b35a907bc188ad2b1fb7507d1043d148283911af3ad782e9", + "04881e879d7c76eb2ee61fe1844567316d7efaef047b96979e6dceb7858", + "03799e90bc64cfd7d0246a7fc89a4d8ed0399277cab2af40fa2ec8196d8", + "067e8728f4d8398e4e1c25775620865bcc2d4cfe635a1f4c6b7306f6d9f" }, + { NID_sect233k1, NID_sha384, + "958773c37d3eba003aa5c489f72118b3022c52b93399e9d8001695664918b86893f4922c" + "7b6e55b1855ed0fd1d8de5dc61af403ad660fec60d7c44bd0102c069957ed804d0d416fa" + "cdc1a95355ef58554606579ef89b1842f1055cfa2ae118abbc485356824cc09dddb77d06" + "71cb3011b33bc86cac526e3f6bb3293c7bdca1ff", + "001fd447b33a2ee3595b9f885c290d241422afdd74c3dc4981955a7e9ad", + "0400e706408803188263cb149428c60de57ac757f0776e5b27a2d5a859f58c0153b5e13f" + "17f0178cd90427f7d608a5659b9e03effebc89da65d59698d5", + "0339300c00cf7e8c6195ffb71e509613018e6a417782e4f52704026a510", + "0227c80e36e3571e1c783358c9ffed237b251332e8ed05a8d3b454c53b5", + "0679a32cee8ae001a18d9a9d0ed7e99e5ae67ffcd54de7b48c62e76ac8c" }, + { NID_sect233k1, NID_sha384, + "9cb2c496b1bc7f040228571e005e7e936e48e8f469e295edf914f5648701249a20bff6b9" + "8b5e862603dd9f12bb71c160aafe9df02e2e383e9b8a9a9d700f4425ce408feabbf754be" + "543f52204c849fed6c9d3e36e03dfbd9e35c18d7bb2295f1c484a66e73440a0a5aece5fe" + "80b9ade9321ef18cde3eb2db15e4b18e788b0441", + "06a061e10b4a6e7001d95411cb31bdea9c84670a59ed61b14fbbb05c8e7", + "04000ad2b726b805919cabc90d058c78896d2dd8a78484c1fec5bd5fb0e07b007e048ddb" + "487f667633d6d030338ded21a2ac5f65373ddcfe1e4a3424ae", + "013b4a86b70f0e4de6efdafd7ecc993f0d6f231b3d743ee5adf82db1515", + "0541c2d3b2c6f0655dd415e327f0ef07b03356f8047117c41e704169698", + "00300f45026200b8cc84fd564778281bd1d7e03727c242a249d9ad33338" }, + { NID_sect233k1, NID_sha384, + "9a4bc0a029e97742ed3bca207d5912cb568e4403cda106b00247520ea02008b14c041b8c" + "9b976294252da835f4ff27456039d79d90315abcb0b9b6958a22352672e229665457ec79" + "571ca80447c8ff2a86e6af3dabe7427c8bdcae65e3c6746a56079ce2cf8d22235180f466" + "46a21cd9e86032cfad874cb9c67f882fb037a13f", + "027ec31ca31acb4d2fbacb49fc085f1261b0042cc755cc97f9b199e7a37", + "0401d521f7abc2fd3b0a10732ed641cc1b7fdd7b49cf61909b215220c5253e0019e9095c" + "67af1b89ae6c486c4f9889c3f2994743eafe55bd9eafe438d9", + "0151aa44fd97be14578d68f87dbb884c960ab59d950c392e607ecae6bac", + "07be427f46958538004186d52aa50a0f83d184a9d2f4da2974163854eec", + "029d4ea73ab5b336ed44556f6944e734e531a5c71dc6c929e7253323906" }, + { NID_sect233k1, NID_sha384, + "8d89e22cf802dc68ff22d43c436c79311e705ff6fd845e77c880f399f403e6d5e9e2b355" + "11553c978171189e288cb2200fd95f84ec5ee9865c0eb9190aff6dacf783ef200e82027f" + "a992741876456472bdf27f2bd8ee55db15408c957a120eb64cd24d299818726a73fbb069" + "7eba726a326719765735b37a2dcff0c853c906bd", + "04c6f4d88e5a4f4f83196f2dda9dcf2a66eaf94d50c851f59bfcea1d876", + "0401e2677c1305f545472e373615d195d1f7a315f592e26fbbf44c4255805001638140f4" + "8bad525625a87d0e537db5500f034e71e60e8a8c48eea04108", + "02185d8ec6f35d5c3f965cd00597d93caf45bbe186d4128bf877ec304eb", + "075199f4d8af090e4666754a7dac0c1599c207735c0f54c9f11e305727c", + "008cadf59a224f812d64c2f492e7ad4a923f3463b878dffc75eca5f8fb2" }, + { NID_sect233k1, NID_sha384, + "aa1bf5a79e5339fb9ef6c2817bd95725551d064bc5064d6586c5a879901adf808dc2ef7c" + "78ec3b434b84569988db58b5e8e9782b1cbc2cc7c9b68e66f32d4ac4ebe7e75b345f654c" + "7b8a5e650acc9f170f75b7aaa3957cce248cc69cf93faf8d72abc6fc1cfa9ae2d18a7b31" + "ce720147e88e84f6563b2197882fe302449ac5ce", + "01aa169ea84365c22981bb766bfdad27e373440850569957544b0f9332a", + "0401f97d91302c70798e2278348e36bbe01587e0031ac3c422141e3d4c150400a95108f6" + "b7ff41546c98f4ea4d1b587a3280e49c6cd0d33abdebf9a1e7", + "03c9efc0f72d88168c2b1f7fa1c6e275839303c2bddca136dd19ef446c9", + "0639d1a1066465b4b2f443cd9677cfe3bf5bb33e3e9b14cab2d37f4a859", + "04582792ba78f782f112711ceaf36f5f0774b92a6fcaee327d687658835" }, + { NID_sect233k1, NID_sha384, + "475664d5e22cbe0da0d0289ca9a666a37270dc71c81cffac91f6229fa39315c1d55f7e0a" + "89b6a7a07df7d391dbdf8fb7af63d2da46ecc3b60110dbcd842da97f98d2b67f562b0364" + "ef8e1c589519024177c8ea079794f271f6d35554c0e9d0a39062383c95721b72f4e74eaa" + "fb6fbfbda02cb670a7c4c94f67b8ebc6442e84e3", + "04a665b92c0c33a3f8b9eb4b0ec061d40b603de36c87096455102ffe57b", + "0400f0ac5238553f0cd74e6f34f7f82563cb01138e5c9bac6d5e7b8b7ad4fe01903e9fd8" + "a5a2aa32913b18bddef20667061f919f8d61a5b3c814ba4aab", + "070ef25950a795b5e22fe4cf5402f49029c5d97cf9f57f0806c0bbb5855", + "01248dcf1993ac2eeacd062f853ebb4b2072357e728f0589258399ea95a", + "069800eb2e2b3a9162196dbaaf67cab4ae123ea817f223acb6e889f6d7b" }, + { NID_sect233k1, NID_sha384, + "9e5397d94465390a82a3c07e3ebf21b515776d18b4463aa5810e6b2f96ca61e92d13e034" + "fa853c3fa45411f51f79df6f799a2c6906e6a5b7896a4576a4464f9e0be2b529a43e1f50" + "3fb640d79db6b68f3a3a7deac1b5832fbe86673784ff6db1f8438f7dd332cdd1e7ad9df8" + "b6731aad1b6a72bde52e6bc62d80b8da57822c48", + "00531540d94823e19ab2b95cbc6e7492e1effcbabce875de6ba96f53aa9", + "040031ba225249916a5380235220b9657162eef43d59ccab507639e19bcd6c0062e85d61" + "366a73b62255c741a065708701c8fa024a15401a4cd58640b0", + "05375df0a23646e8033ec9e3ad269e7167a663b97b4f52cf18fbb5f50f4", + "05bdf7d643ffde5ea191553a9c99eb42fba9a8b6e2013dcc520298d224d", + "06cdd9e0d58bd4c5cfe66589ed7c7d15331f3e164dff562b6971af1a41d" }, + { NID_sect233k1, NID_sha384, + "3cc4c4192f317e52df6f8cefba6d4cd823c942aaee11b9a0ef5de5c2d181073b7085a558" + "05e9554def8dc13eb978e7396044d4f4a14be2c7605998c062095c929b9c23b2b1b2fa73" + "dd19a0c0af44ca4789f9841fa62dee8a5f91b3cc4b3264f5f67334c3f0772b30bd7431c3" + "fbbf1f34318ce1889b6e8a76ce6d42079a451e56", + "022a89addd8b85809e87e0aa2c038593ec277054842854de1197833a51c", + "04008e760b282d0ae4eeb2fcbbfdec851468fd8e04c4dec71fc2d5d3a98a1300849a56b9" + "b0b0a1ede6b9f9522685e7ace3baa57f72709aba705814d138", + "05515b025d6196ffdc8bf275479d72b29a752eb3e70ebf07d4c4e7bf74d", + "041902f9b7bc81d3a88066b03e4111ad8ff4d99dd868d5608d1f43eead4", + "059adb96af9f404d2f04d89fb39cf38ba5689f47bda749ae9aa1ecb097a" }, + { NID_sect233k1, NID_sha512, + "72cdef5bdf710978e0aa334b86b8ff4a58630da314eabe98b4d611aab56f55c526983d54" + "d19bbbf9ddba30a84b18aa0bae9f9503e9b222f842f084db83aa39625403213ca321cc0d" + "9c8a136c826e6ea4ec108b913dd0a9ce9d5b8c7e3af53c3876e56a2037ebd6d99f037a09" + "7111c837647bedfe4c494e4288ed6427c15969e3", + "01df252a11ff97b4421b3a2361db94e908e8243cd50d9179f9e03e331f1", + "040129f011fd5fedf3526f0437ae800a110435db907af60e16912d58523202008026ed86" + "afa7ec80277f322dfc8cf693089968ed9ceb8c95c930415a23", + "04fce14bc83be6f862f06680a32e9a51d1a569fdf1d9b10a89eb9fef4bf", + "04d7b8d19dd9cabc3c2245a9d2c8431c3151eeb6f49676a865e78c26c2f", + "0373e69da1fe35ce41ff344447fa7ffe6fc71e28dc68244372745739fc2" }, + { NID_sect233k1, NID_sha512, + "8e4eb88c0b2d525b2c58b8e00f32def90e6dd382301de49e0ac053dbc6b61afe926d8519" + "3e2c4948f7402a3d7c614cb2c58e060362b0516a1ba4a7425f1b3d09aa20d4c3c8993a38" + "7a3248aeec51e6efa8f558dbdcfcaa13ee08413227c8351e3107e9a3e3ac124224aaea91" + "bfe50c11c1c8ae582e718f50bc5d5c06076517d6", + "01d7125c299ebd0dbcc050f07de931c7ad0450af590d0a2d0228a66ac5d", + "04013ebde8790a113bdde87c11ccdcbc39e354b193d772921b86657f53f74a00aae910b0" + "e22f1a2505f55fef2eae47ab6d47db6e49190a5469b4b6dce5", + "0113d1737bee59f9f477f71f77a0ac1aea86aa67002c34a1b31c421cd7c", + "066f9871da9a22f07c9b2a44fb6c01ac74ba17649cecc33b729afcb488b", + "037fad90c288510d0cd8e99e5d930f4fe197df779dfd6088da48986c601" }, + { NID_sect233k1, NID_sha512, + "370fdd80f330311dbb3959666001bba61cdacf20f72f78953d946fa6cba02d24b5003f54" + "52d535609e489b9434f192011f99f918defe877d51349870e7e75502f61145f7c261dbd2" + "a0840926d824ebe9be3c5a77a3a84340aea930378367ed3615a47e3f792c7773f83f91eb" + "ea718a05fc62e9ed1d78629b2c27ae44fe8f8d4e", + "021238e66119844b146d40e48341f522f6ac2f9c8a0b33aaf95a3099a41", + "0401dc3ac1ecb670f867337b752cdbf48bed9f32589366f7c6ba7424af1d6601e3a38ded" + "8148bf45484ab6b77e0beff759812493347e32d2d54a322a2a", + "03626adf8e70506e74ea27ce740f7eed1c8b37d50415be6a2681c67ad2b", + "07a9c9056b51f1fe3e7733c6f54ed96662aa7f5a08a961f91fd6d0276df", + "05e7600e9fda45bb966fbbb5a9404af961058a128824b6d84d9d47ebdbf" }, + { NID_sect233k1, NID_sha512, + "f86c4433787c3ec3cb1663389ccf53d62f9425274ccef05fd14b1b8fef676208867764eb" + "98d16d006ee6ebdc27b8d9a8ddd303d941fdd82b630694cdc698bbe6bd52441190783428" + "6c94b24ee199fe6d646064277f244b7df3ea2d9d52a9dc6a33d7c8d6dbc919da0fa987a6" + "7621ef0829e48310e0ea2bb86fedcf4effc0b94b", + "015e1bdfdacd87c42ed439f3e243abf27fd42e54f3ebdfb47f60dbae5fe", + "0400fb7fa51c1a96baab65fc85c3b769ac84ca7b63a1fe9f507a2ee0c49395005d450aed" + "449f8f1aeaa9df0131f696c2bcd4528808d2f52b6a73f72811", + "070ca3f5dc30c70e576e2d2b30935b05b6e68598eeaafa1bfcb9e156e05", + "07e3cdc4207456773aa52b44156801b316a7ac850b3a9e717a9ae7fcdb0", + "07ad6de3ba8730ac887f045cae80fe2fb5237a8594e7125c4792d478594" }, + { NID_sect233k1, NID_sha512, + "4117d593aa92e3eae1124ec7482737cd3573fe5f0f2a5051a7ce86946a2abb9e47a0c6ea" + "75b262689b0b486476d2ab09a20efc2fb921419b1811b51a2e15891ae9e45a17ab4b96c6" + "65c6c423fc00e2d66df5804a164f0f3c958df6f25d7da6829b1fe162a0a8cf130858c83f" + "3555d6ad627db70cb41303cc6380f7b3fed2563e", + "00e09410548c17bbbf28a68c3963a52d39743a4f1ac28e6dfe7a6ede281", + "0401f5f36a21a3b7fc5ea37528566da695922d7d9b7e6800af9c1a00f68242003df4e2ba" + "0c8648cb1fa19663f31786b850e6b80068b8c007f41de08608", + "03c0a2a4bea270eaf66adfb297c0e3213254cd87b11edcd90cfcd6f3104", + "07b684e337d6778f84bdb7a6835e91877b41d6af4b76311258fbb8339d8", + "064a0c22057a858b153ecdf4d275cf5523dacafdfcb46423b5613c85691" }, + { NID_sect233k1, NID_sha512, + "882ecaff3ec8f4023df5397167f238869f78a5c499be19aea85c7486e73f66f0e08e71cf" + "85f3f1b6f6a70796bf46a18e6b555a0a87c2088640ca73051b3dd59ebfef922be0372208" + "fce602d8001681297b285701dbbe24ccb42541b5db4aac1a1c7f407e11c83db15b38cdbc" + "25e930fdc6558f64d9503e214571a435d890169b", + "049f5bea6e72d98579b78cb07d89f64503f8759dd7a73cd73713c120428", + "0400974dcd68cd85117f363812a0473e972c89551e31c74c8d99f1073eaafc00f306c905" + "1cf3b84803307beb3dc0d34a9758a4f535100e846462a49053", + "022a5564b468e706762e3ff934aa22d9aea0bf2b116b61182c9f7be19fe", + "02e050afb84e1b0591fb64d46dd7d4a939552d68bdb4213f16c5d7ec5ec", + "063225df0057d5368b2e103eb2181ff5760e6b2a9c13c83da042722c3e4" }, + { NID_sect233k1, NID_sha512, + "99b3b8f876f8359bd6369ce84f9261581c52d744b90261a1427ab9e447e6d833b6b3e89a" + "f8dc770f1dd55692d01c8bbc4277a729fddfa7cbdb2ec99133201dde44ac691a77904ca8" + "16feb0a1aaacbb9fba85048bc63d73506eb908ecd697caf582747051a3a38ac8930c9a43" + "65f407ed94ca7f2d26913c53f4c010c7ed9d7ca4", + "005eaa818690d1ca4838f0bc667be5721d178c3869884260fb230277c3b", + "0401f7b3b50167cb2ff7482240bade95f2850a02805742e6e29eabf7f9ad3400f8038a8c" + "ffa0f798a01e333251996662bc3c0ee56d94c392269b63edb7", + "064d518f7b8c87325d8edfd42a52793d87ef8db283606dd676be8584562", + "07128123004a515e277dd5b571e31bbc877cc966e27ed5b2ab2c16e881b", + "051d70485148996ec30f92097e4a12b5edf804e03e312072336bd912268" }, + { NID_sect233k1, NID_sha512, + "8c1a83023930a85c5b2f9930521b8b8963d5523a3323d87f862a17d3505ccee01246ee10" + "29b8b8c2b608772c4096d1e914cb398f027d91184a8e94e4feeae121eabb504a2a35c8bc" + "9294edd15ddd979946c14c792ad787dc2d4deffa284830fc90b3f8c0ced6a99fc6de7c41" + "b9ed261402a6b3d702ff86a9392731ecc37430c0", + "0603d89cd2f741d734587e77554fe6bbb1e5739d5ff73084d4de8ed69c4", + "040122f2b7802917e4164ac2f54033621c78cbc7040217e5ded6b9217f95bb01f867df74" + "3e73806957066c2ab45c04bf1af158e146a9d1eda9e974e0d4", + "076850b8ca9e454bdb320da624c0dc63e14ad279185e4f8c9e49905666c", + "04bc63bafd5bad022fe5db246680a0a0ccd0b50ff50482d3849c92eec7e", + "07b6d8a8446ddfc64392af0aa1763d45877023c0be9ec78db47efd3c366" }, + { NID_sect233k1, NID_sha512, + "f3c9dedd7115339dd3ede7d8d06a44de66bf80b4888ab7bc386cd40a92789042440a13d2" + "cc90dbcacca5feeec1e0e3c51724146e2c4904ed6b05c7b4e9b49d7f458ada695c5d2fc3" + "6f1193329b87c1268aa38eda9151430aa0bc004e5d2a61b9390accfc699f2efabfec785e" + "b34f52b1beff1e4c5492e922acc348667d2a3986", + "07977b3aba53616dac27b4d74930da23966a88ad98f1769674789c0be3d", + "0400aa61b4bd2fa9c61914ae306d69d3ade7d6cf621399e5791dda8a054dcd012e8d9274" + "d5593f5074c49ca34a7e2d64f9d9ccdf42df6087134b811762", + "03b8ee56bebb59207e107bb0c16938cab707e425f38b70f0bc918fc1b8a", + "068502a3e5e51f5481aad31eb6614152f4957eef1becfe3a297b023a94c", + "07b6b43be63aa79c10876179703b69caf9b03c5401b999a3c5be4737999" }, + { NID_sect233k1, NID_sha512, + "d878c4ee0bd6c84652d7f9e68df7b90cc78776d8d1b60f3e4d7465032bf401f1527ca7bf" + "d4a3dd916e13e93fadaa5e5f20c9f47d12f8fc922a9a3aaeeeef294c221ca1adf7df85b8" + "88faec8002f17ff202da1be837827619904121167bee2d2cd694a263d9a99062cada3399" + "dcbfcb283597a96ebec129c65e0850ec4cb4e2d7", + "050cd20e7eabd29008cc977d0a17e1195d79587b8f15ac2447e15daafc0", + "04001ff23ff4ea1f30663b17d8f1c67ea37b8c5df7009d0c0301db483803a400ec6bde92" + "921b83d4d84be8a67a23e1718e575101b93d9a800550a20e7d", + "041ba36d2e810e47c3de583772e9b5908c257b2aec232d855669d4dae2e", + "079e96ed1dfc4e31774159ef311805b5f8001203cf37a72921efaf5cbe5", + "00b8abcd623b17357f65ac365301a8823365ab948ae3f7fc6a4a0b8ab5d" }, + { NID_sect233k1, NID_sha512, + "ac3c118cc9cbc8eb3b74d8ccc9ecbd81d1996fb25ca43c8a43bffeb244f722b93c9e9692" + "41d45d5b81fda0b399f1e3623687190e428dae077e54cad1eff75ec2f7fbb9434bf71683" + "3421bc2634885677579c237340f76787b2eb19b446d56c0f2206099b81493349f4db0eca" + "d0e2dbe85dbff7d7070abb3d3b12ef0cec828af4", + "02dbb24fcaf9f3cd5d50d209937f0e2d134fa20ee3c9c2f1fff3dfbf302", + "0400a07240c52e385ecf75525201f9810859123bfd8ce04a5e8f4dc4ec88b2009bd81119" + "6ca9ac45b28031b9f65f9a5c4ec497d995f7dec6eb06dd2874", + "05785beb1ff70c7bea89b1fa14be09332ef94b09eebcc9fb1150bfe0d55", + "05279bb1b1ad8174e88bec4c723d65eda768c1d08d1c64c332a240a284f", + "015a90383c2c40ddcf721067b3435915a843f9c4708cc133fd1ee53f442" }, + { NID_sect233k1, NID_sha512, + "700313698cdfdcf0044ca07bf9e5f0702ece7cc66e35decb28d5f8cb7e7e5367a95cc172" + "8a90cc9a53a2b5fcd4702028b742538e9b386f5d8b4a2411579ed9553021a95bd00a73f0" + "3c4184a6145aaa367e3af76659d677fe7a2e98f9ddf4aa20eb8d1a1db72c3f5590598801" + "be7ebf44255fd7376d89d998b7068bd1296fdc38", + "0047142197d3d43fa46545b547968680ec81688589d1ec8d7c7e90eb969", + "040179450d83cd6dd1609830ec78011143eb64d2d1509ed1adfa085a58d786003ee40673" + "ac564c6b5732868d0f8a57727150a23c484228890d768dae54", + "064f8892245a198c9c819152edc168e69dc7b562ef1f54dcc1960cc7db1", + "0293f2f989fb6b6e7cf304faf3f63eef61ab89a626cf8152e15f38bf93b", + "04948643075cea6413b1c88a9bf11aa176611f56d027f2b165d00d46e87" }, + { NID_sect233k1, NID_sha512, + "0374673e1a685bdee55504ce3cd333f70084dd4ae685464a16924eccea34531663fda602" + "29166478b30193459a3113253cd6494dc26154156252dc6e822552c7c04d790eb9f8fcef" + "2ea8dd79e72f881f7f20fff93cd73ad303c0918ec27c6486c4da61f82bcd55422d16650c" + "c68bfd4b0132c1e7075bbf17dad919095860d445", + "031352b49ecde5434aac05f898e6ce4337304845d748f114c14319fe97f", + "040187ae6bc9167d9c69ce5544ad650055cb9a4e69c1772322d5722e68e7e000042187e9" + "d11a921adafc694b5cc8da9226ddad1b65f764274954b17333", + "0761189e63fc0c3b5db92b281e5a4bc0d6fdb30bd14f8e69ca85a211bc7", + "0453560e6e725a2bfe0383884ba3b3dd0816d8522d9e0762f781f6b6340", + "01aaec4bd98c765e4830de6593280779d1222918d4acf08c8fc3d0aa351" }, + { NID_sect233k1, NID_sha512, + "8b237085f135d6e94592f8d855ca397c8c1028236a3b412adefdac888245874f586d0695" + "0ee18118f751bfe26f4c31465ec34b578caa44cf1b7109ac4f6eab7f97ff9699b34271df" + "035d3bf58a2ed4bcbf7577cf8e5792b1945ebb9389b680baeb8518c8fdc5540e192aa4fd" + "e0eed0d7c82be2e362b286f582d65752c8db7038", + "0176f124c24e4420f6e726a6ca25f09dfa0c5a37e5bf879e7bdd36c3b65", + "040098c37cbd44aac5d5c749524b840fd849652349fb3e02cc8f8fd0a237900151a9a88d" + "a407ae41e52b3dad1ea6031c7a36bd834007c0cb1e2c2f2f0f", + "022e299985cf289f2fbe2b1b270fbf12ba818cd2b506f642e659cd541bf", + "0686ac0c09f90a077cb446c910e07fdf23e845487d0333efc65b9b84147", + "01688b18cb42082bea69f18511b0fd9fa35da83d738763cf13ef92a119b" }, + { NID_sect233k1, NID_sha512, + "e3a086ec15574f7017b3cd5f5a47ab7a73980f11074333490dfe9f8ad8926f9ea7c82271" + "aaa74e77133b1025b0b22a6900fbb71251bb6549341a23d194e79d03462cdad52ee0d1b6" + "f5d0d14e1136026961fa3467ccf0864bf7ae3fcc3b68cb35df7324bd9bbe58fc8aa9f63c" + "19feedf19d935b71bf5981c74fb2a487f84e453c", + "0755c48c3dbaf71042c58cb137f3632e3cf9d90b7b9a58fd378feef3d19", + "0400bd9a720553afbfc5349e4a65a21fed0444c30304f7018ec1ff6fc8d1f90109a1d6b9" + "cc4fbd0e888d0a2b6883fd06a5da347c0d4f7882fd29eabcf0", + "04fedf8785c6648798748504b1c9b6a066ab6606bc9a69534f93e908f4f", + "001e71744a1b683858444da0d270f43b0d5644424f2b38ef48a639685b3", + "07ff8199ffe723abacf1947a828e8596dc49ce655319087e4aca6ca34ee" }, + { NID_sect283k1, NID_sha224, + "ef90f85fbda05e693006e4c64e1dac56223becaf0890f73b5274e6e289a5a1de2c141b82" + "5c24d595b3fd18ca855b5c1aa60dac6b5356275b11be670692cdbe5f282f93ac7b2e410a" + "96cb9e9f80defcde98f3449f99e192bfd62040421a0ab8f99acb85369f25e5efbf81439e" + "fa8a5e1d9cf781355a0f47b037b09fe4086389a0", + "1e846c830a8ec04e8572d1a9d2df044ab47352fb346f67403a3bf87243871b164511c53", + "04012e43e20941f2641154bb66a56f2e0428a7ad22d607fb8af658df0b382bedc7d5ae22" + "cc022f226cd65052071066963b112aa302973fe2b5fdd7bb827d13da7634dd2fb9e3852d" + "db", + "03a76f87ede2b5d40a0f10e15e90e29198fc3a03943efea39ddf7afc37ed4e18832af8b", + "1be2c776c707098438fbd0561de578e4b9449f955a25626f2fbea257fc578ffa1bbbb70", + "1aeef69983da1a535b10a47e66d890c4413c7a8cd6a2511a1a670a4c573d4808f46e23a" }, + { NID_sect283k1, NID_sha224, + "a3ebc17c867cc9c7c28797f6364f6574b80c7ec5b2d8e1542a6f5db8568c15032f92cfbc" + "eefa3fe4ee654f690b0455ee5d38dd84bb8665ffc1ff8c849bdbc4aa0ddfdbbca4eb3797" + "2fcbcee8cecc1aae21ec736ef61781716b60247b7551ec4e552d0b59a53cec5964c67cf7" + "988787cedf769eabcc9cd5243f58034d96f0e43d", + "101c5ed48231a56ca0ea85eb45de0e395e6df2efd4987a226ae36489dd8b2dfbf7c465c", + "0407011260f504d809baefb54af48c890f94fa5984c8bf228baa4b6ea14d46372390d1a8" + "ac02bbfabb680659aa2611435c4058ed773467a41cdda8250f3490e4f491f1bbae452c5c" + "36", + "12a3c7f0b3d64614ff97133873d75c7c1406e316e8cf60d22139dba462055baffe6c8f5", + "0a9933496d60716a39e1c3f3bf22a7da546eafebef80dc6f25d0c109ecbc430fdb3e80a", + "0be56197a0098b022a7914c10f40207da58403d6c7d04edaf7efc96de740cd71f67e0de" }, + { NID_sect283k1, NID_sha224, + "60269efa4d0ffafbbc655f6f00578eadce7fc0a7eb7db923dca49b6f2bf3e13f7f829cc6" + "133e022c3c92143c075ab9ced0531a91e6e79848194ab98bb852f40c84e7aebe71fb8bc0" + "fd1f97ed5bb6bad6783d8dc048df42738e841d978456e055e1b8a781dfecfce2218701c7" + "af77e7894ccac5bfff360aab0b6136b978bc39c4", + "019679dc589440b11f82b3716e5b2a2bd42c3b1c83e88a28e304cf5148877faf760b4de", + "040743ae04e4b07d154ca0749a011c97a31ac68d8e1da3491f331136873598896e5320dd" + "cf0776c05891c27fd912267ac166bc9acbaecbf80ccdd887aded2d7b8c2a4a5d139833aa" + "d3", + "099ad7fba5284e406f6cf200a39e398aa0426448c09b95e691f653d6096a63adbd39965", + "0285a82340d9a6d96ed9ad0fd0916216fd20edf979df41a55835ef8fafa00d242ef6f11", + "0a8548b405c171d2a428507f7adda4944bade7cda6dc580b1d3f94e15d7e10f0a08e008" }, + { NID_sect283k1, NID_sha224, + "59d704d5b1f3a0605f1497f22f71b8f45b26138bc86371f00a4517554e7f6e7fa5d35189" + "fc656ce68bd2cb8510fa3e3c3df815dfdd749b2b6ac997d443f3954c7a927e138b579801" + "ffd035cea90840733e7884ccfe43d8d3a4a26b430673274aae312abe4ac1e1d7c67b7358" + "0fedf2d8de46572493c9205ebf0e8b4d75ccc88c", + "1703c21fb1e09f8947e12fddf166fda6f685221fbd803d75a0ae377a54a1e494e6c5e7b", + "040767564e13ae544dab22c3763c5d330a5571e07ff8f2f5ba3fd729379709b1fb184f99" + "0c027f9e5efbd1ff6ac53a6174670eb463b12f70a603354e25c577ea292b13b8e5f022ac" + "9c", + "10d875acb4d0dc211a82e78c0249e74de16768003b53830bf5648cf911fef6a57f8f048", + "02af92243b9dadcf21561ce32ca0744810478f8d5be8e0f83d9632ecd8e86ff467268b6", + "1f6c50fb3bdea228a6b623be9e2ea2c371dcfeb0e604ef1029b6766c43b193d86c02f27" }, + { NID_sect283k1, NID_sha224, + "12c8fdba3bc5f68e13f7ff8e7bee876fa68a970afc6924314dae0c2482763ced8d4752ce" + "c29ea288d350acd8a06c69289ae41ad345a1b88bcccaac903f2bff39015c289a8ad60860" + "6bfd65270a7bcdb5fb10c89bbc2d16dcb91fc9735d66103f6b1f3575622cf4d820929031" + "5b033ee1f79968939410f465a2d37add46af2d59", + "071de8eb14cbfb88e61b908990ce08b81e624ef4f2cd9cdf3dd7ca9097d5ffed9ae9a71", + "040136d50e1aa8203a0cd2c2d545b81d00b95c6b43b74b1fba3a6402abf756d38087affd" + "49046bec77240de7bde85ca4345f27c6df341c72a4eccd2cd495e86376c183ccb34f271c" + "d6", + "1d80734927505d8d4818b3bdf1aa2e5c557e5f717a5b3fb856ca9a2161bfd74a130ee38", + "07894bf10885a698899b118f57e7da22222e3d187a0aabfb99fac0ce0e134b6b44a5f90", + "07b4a87592004d6ef8345415064b4b4672db2943c7e6098a9e6d59ee3324847e753703e" }, + { NID_sect283k1, NID_sha224, + "26013a3ddf687bb2f37d9700923906f118d5cba5d8ed5113a0e3e84cff00918125108f74" + "f4b243e351aa5d07fa7c6ece29f5700f23e50286447883d2a058c3258a12e4ed8770cabe" + "627ebea7ef6e8c77811ed7d9a19c53287093e39226236587ddbc63b7ad5e7ad9895c64d1" + "d03ee432d45a067afe27d4cca920ae88a7a68db1", + "1d156eb15762ed00c4021884adbfc2426e910b18a5bc474268196f4b74e593a8f38702b", + "0400a99b45860615d7caab2f4e9bc01196a61f52f95c6c7fef615a4746d48553692d5fcf" + "13056f81a0088dec1382f8a3a863901d3443c8792cd13ce13a8f63b02d107b66d9d23bc4" + "92", + "1999524ce9525d85b562fd13634fd9ac50fb76d83b9d72d6976d6fbc47af7e1f354eee7", + "067748d49389c9b87a85b518f84f41b18f52569ba531985b8fe5e1f0cf9cffa958da3f0", + "00c44a583c704f69160c6258332f3121b022759b163c74c7c96058fa8e3a9928afee948" }, + { NID_sect283k1, NID_sha224, + "c4dbf70b9a2165e7279122460d05ceb8e43e03fbe2ae7c314007fe2b1d8567cac727a10f" + "ba5cbead0ddb167d387da8e8f3d6bc0ad851cc32885809d07a776fd4a95a979fe3833610" + "af89df0f454d9edfabe12495a118fe83add5eabb2acf54ba7ba7c4be20fc77478c0a0f07" + "26c4e60317422a612a234a7567648603b63f1c12", + "17d6eb1219cab8577168be86b61f372b27ca70fb1f1a767947895c185344e966db17aea", + "04065d8e43a290a6957230501509b95a208a6c37ddcacd1e882d97c73c38b2a256caef5e" + "8b002169cefa6ce170ce20a0b5463f5bd146224e0813acff304307da88830b0777b86cd3" + "d2", + "1519e37a66b4e665b2e3e59b8e836869a886c879aa1ed47901a6c8a8f365efbc67fb410", + "1734a8bc9a13f51d921a297bc6b2d38610c20b32b0adfd5efdd01a4db5084f3b0697904", + "0f9f00b25a33b166f09e2a819dfda80d87f6a2419a7b4162e435ee02c0fc10a669df6d4" }, + { NID_sect283k1, NID_sha224, + "b1d53b6af1face9b59af11c726b0099111d1adb3666209ba46b1744a528ed0f72be5a1b8" + "2423153b896384faebef0362343e2a4599803c08b8513708938aa8a498145fca1c63ba41" + "aff06d1a18aa2a045fce7fcd7e5552a2b98d0df97b6876f06a9cf52a7a40fb737996adda" + "97c3cedf7fe421235ac6951060eba9c0377e72a2", + "10ede9be6615b3b2a294d67da78127ffbf3a15bdba6f4fd78be7a60415b5d1a097c0cff", + "0406418eac385ce94c1982c216ffeb0b26f9c061ccdfd785ded75efc6a329385898331fd" + "a307d41f9cf1248a37fb8baea7f3545bbca707a903966019ad56e4dc810b6863e243968b" + "48", + "134ac4de6ed71106d11fa736960eef2873223aa87b1c5bf5c823de6c78092cba4726ec8", + "12a37587ddf224faaf8dab61210310792d4ccef650c98155a227bf468b7f323575115cd", + "10982c965331cf8529ef6adfe17dc3fde63dc2a557cab451d7c9408a089229e22b73d43" }, + { NID_sect283k1, NID_sha224, + "e78f538b1ac21602b00a09e3db243ef4803b447329c94a1476cd91a88ff790da71421b60" + "092c8a6e55327c7982e7655eb1fd6e40fa9b9fd2f10107dfc585994dfc5bc2143d18794a" + "39f7f69ae679b27dd11ed22040d5e93aa83f71783525a4db0c3fd7b43e57dafd0033d531" + "7680df19c2ecaadcb37ef896c61a758a5e455206", + "14f237cface123b64e8578ff33f86bfd2a8181b9c81f36b9ca31e2a446f0d91dbbe2249", + "0407aa347c03d8845f1566bbc3fa1d66ecb41ed1dab0a402405d8300591a1f3078f9fa53" + "2c063bd10274437c2690ed6df60ea632f3d4faefcc07a72ae8d85c2f999bafd373053265" + "dd", + "0570bf3b42aa44c11603d94e14b524b8cb1363306196924082ae71021707c3138503031", + "10f7f4af1c1e3f9e8e0c95f991c348bce6725f60aa12ee7b398be64728242088a469a58", + "17145a39fa4dd237e31a98daf3974138638b9462a31b87ada3eade6bf7f597195eb28b6" }, + { NID_sect283k1, NID_sha224, + "8a6ca8ec436d2c706fcbec6486b5665b21c174edee7ebe108211c388b1219a8224179f74" + "38e0bb7d6e41ac4a67337b52d4cd9a069fe6c88960ae20be29c8060efd7c62cb7a9a3713" + "6a250e68f253e7f27755df53ce7c570135641ad49b43507e5483e17b919cedffdc0d4913" + "b1d5e0ca0629876c0a551841a0fc2090d2857cce", + "08dbecb26587cb2ed7df2404e680fcfa5bf8cf6a58e87a350a1600211b3c844ca86daa5", + "04066610ce348821a77e8a6eb74a675ad9312b2622ad2e1e6d8dcd0be8b27d8384844a72" + "340014c15776bbd144c0c24bf419237db9401fb7f97a7c4c0ef50a9afd27c3964088f796" + "43", + "0204586a9314bc14bef8ccce8b9ca3874572b375d01c6b4a41c743c16502a27e91a9fb4", + "0fabfeb17bb8c1a57af7af81d99cfb7b0ecbf4e5e4a6ed483aee4be8ee4c70c2ef23941", + "08071e162dfeb068e3cad256c3603e07ae48b35f1bafdb726cf4ce32844e1a2181f23f9" }, + { NID_sect283k1, NID_sha224, + "95bee02b423d2c6e60252da4632f693a2d8f6597b4f9c6e356f670c3a9e4e80063e92fac" + "b6421d0325b99dc150464ed2ec1d0bac72a042b35d56d33d2fda686a75d582d475652221" + "8b4ddd25ed45503d90d3d185cba6cf0ac211b22aa4e1318a8316c369186f7130446dafad" + "64f7966f5414f43af37a87127534060a23c6165f", + "191badec2d28cbbe62c072c6b57eb5d4644d0c0b3283951bb66096cd15edd43a1bbde53", + "040020224b00428031056ed370147c51e68ffc02e7fe269ca15b22310a2974d383c6c83f" + "cc01686568fc4768158e75b4ef0427d8e262cd0638801ab158311749e0f432d5b69a667f" + "0d", + "03b1b6ca5e627f00176b599b68fe54e1b5a272c323a06b55e4871875c0e729c4c79326a", + "1ade251b9360a6ca1b48c2fce0768a01193a415bd23956fee1e5c4c5076b3571abae082", + "0adff25020af4e2b4908a33ce1d75c793934921267b6c4a0542924300fce40fc0031021" }, + { NID_sect283k1, NID_sha224, + "ccd7f7c0e04d1ef9a3c5617d77480bc624beed6582bc28e9e3a369b12144fcd96b735ee4" + "1713f4173b64b28c6102d82dcfc7876e06e76fc497d1d238bf6d85bb5feca630bbd0c0f0" + "fa7c0c72e28e9259087698973ac66244bc6e69c04deb22eaeaee7b20da239ab6333576f0" + "1349c76f594498620933b8969450ac2bae66db8b", + "0ff5e3d66eb57fd35ba4472effd6e7a016ca461e39000a7125e99080f6ab6ef4380dd7a", + "04019d8c1d9aca39de0e627981d21e35a628c35fd4096aaa86f61625fcd078f0400f615c" + "d5052ba2854ccd64407f6779c5e259917b251c9e34ec0d95c05488f30802b82cf4b25b53" + "89", + "16c9cabed653c57676ee46c8912cbc507b246078834f1667d0708e4c666346299c1fc03", + "12ac0ec9501ac91a2b57220e9c00ec6e815399ede94a658c36f9e89bbf1674316d65dc4", + "0c9480160c4e9db4e82b4ad26cb79e083e9e2056e68a2ea554aca45802bbb188389bc4f" }, + { NID_sect283k1, NID_sha224, + "65e9124a2606c8784c9489add2999f4cbe6186395df20838d653b263a207ec46995d2685" + "b55d1874e7ef05a6a3bb5b60a7be6751ad568cef1bcea2debfc494d1e2ece0dc8028c88f" + "1b2c6e4ee26b639c5e81f6448bd25b73ec4608a8e8cf4e0155c29b6f0a62781493b03bb7" + "384c9808529d5f87da6564ae196a365bd282f46f", + "1f3591eec4a8a3fe6ae6debe230d238a6b73cf3791cb735add1abee64239bb100f15166", + "040483e7e2b8f7ff95b86008c3042ab83a4b6a48f15ce1cedbaf3b586b56ab606e6f23a4" + "ef0287cbc8c609426f1665976e8120afb8de96b43978762ed44bea5aa1418b9af6922c60" + "66", + "08165da5f5427b38c447382c8dd0940c3bddf8f048185e6cad260031f7c0a2ffb83027e", + "09034633dbd735cec6208bb6f4455b295b7d730c9301bbd1c0e9f101399f2b3425a13fd", + "0204ec149b416ca3467e92194449cf2ca0f41ca1fde79145f3af856085b298149a3253b" }, + { NID_sect283k1, NID_sha224, + "e793c60fc725fd537d5fd38e9b4fb52e268722ae6bde5a058de8d20db301f5e8d8e1ad85" + "532198835a04b76f27ca3c972be5617a55677cffa8219eb64fe53ced242efe1b88999097" + "9227dbaaa15ed39d3b6be8c5a3237ebe12bd96f333d947f80048463d3859e34f865d83fa" + "f03894c2243a06cc96788ed952e606c2d8948271", + "05af03cdb45961e7ff35fb0146904ddd6c2bfd3cce814073d3aa56eaa9f13b4f7423926", + "04070bf676b9b0db558eeb8bb94a1248bcb599d1e8975ee13cd37dcb78af19307d1b7e57" + "d506ed9bf30c627062b99ff9d05ca03441b6194c34364cbe7b73b46ec9716ad8a9970cbc" + "99", + "192c7b1fa8f221edecbeaa51447818474dd9fc89e962e8e87400938ef0dff432a6c4b86", + "1df1a4f9578e9cae8102aab5eac70eddbabe4ced99b5bab1b1dee59c41b81e392968c14", + "0f2b1319335ee497fe3ebf1891a71cded59704365774e1ed9950f79100e70950783bc7c" }, + { NID_sect283k1, NID_sha224, + "a57682d21cebb48190199e9f57493696eae3a59acd22f64d5ef4729decf6c2615b326817" + "a6bc118bb7234bebfc7276dd998838c009a7348e46431574638dadc48538d6048d572e50" + "d9c5974d2049ebe1837dd857bcd1447b1514b62808a4e7a88162ae1bb08a0f6d3db6f258" + "74c6cd0cd4ca6333f1bd57bd192ef67e4616d182", + "1ec9710ada06e6270720692a06d488ae2ba863b905dd2fc323e7ce68dedacb35fc8c7d8", + "0405cda72b5b068f70b3c431def41b8ca1d4381e8c2fdf0821cfc17eceadf5e3eabf7987" + "b7079ae508354fe31899cda71e01cbc80e5192d24f1f13c954208d2ab8412802407ae376" + "3f", + "04f7b9372a8fed536396f0b87d4b20494786bdb8db77200c1aac1896486a05d3c940cb5", + "072ecde2a8f506f0fef273c8915a9edc29e440d48fc6cefb50e7117492fb4a13e123bed", + "0010dbd6229d770c468f5d8bd20edd6928bd8824b7fc2b10dc45fbd3242191e7557b984" }, + { NID_sect283k1, NID_sha256, + "f646e7334e191c2bf0056d3bfd23f03ef7f0777b923f962519a8399d311b8f68414c689c" + "a34b96871fae99eb7ea534fcd83e788e56eeef817cbfe33677283c736b99bf6a626f9515" + "291e842bf99f694e4e8aa7c9911c591a87d5f112b3d96b064594e2b368e6d1bf1a1cd343" + "d54916a66da22c26355266aa2884120fffb8b94d", + "0668de088c6913640fbefbe6d2c44ab26e481802dbf957044a4957c3c5d0a0fde331501", + "0400d3a50cb9d347cfe45d2a313813fec8b928a9b1defca6ff4b89c4787717f275c6b733" + "7f0762e47b0669f625c39c74d50e2b46875ef366b7c3b005c16ede69a2fba161faf6b3d0" + "db", + "0b24bf54795fa02eb9527f21ead5497a6db2bcc7849a16d206239f830df313dfb7a2716", + "0852d8b6fe93b0b36af5d99530eed08669eb9a25972fbea59f32dafe88b722bada98ab5", + "0e5b08d410f2252f724dfcecaedb37b92a6c09cde646ff6237007f4199068f945ebebe2" }, + { NID_sect283k1, NID_sha256, + "a2d7e69ea381d3edfde4664c56c4cb140d01cc4425df757975cedc995b89640dc016ab41" + "9b137ff25a6a6d64a309b23890439d2ba157262393cf93d15ca1b1ffd19373ef12367f88" + "98aaf56d5544c2f019a4854f69b3d8d320e03135bb7b675e588a5c3fe4b703938fa0f964" + "916501297cee2fd04af767155c7739419f9dbb7b", + "0e6af57cf47de1e6f07041eb5e1a413fb7ddd82f8c7f7ce957eb28a118004930bec4dbd", + "04021e31c4e4d412a261e40483b9106bbc1b0d7e7414e53d7b9fd84175229c8cefbbf6de" + "fc046ff2dc601dd407883af7dc71a6ef4286cd3b1b6ccee4fd861865bff8fb38ad51b63d" + "49", + "08f9e2113d0b223c04e678e8ebdd3aab4816681a9ef08b18a38afecc57d79c971421469", + "0d2c9113a18bd51008fd327a55c214c9584b6f1b816cf3b95e7346080da2cb07dcef8aa", + "19167051872759c36ba9eeb5d620cafd3289e8b7660fc847ff385b5143b3aca38780639" }, + { NID_sect283k1, NID_sha256, + "7088f60e9375ec6a42f705f851fc76cc833c4dcbb3352adcce9f59197c1b7121e7aa661c" + "4f8ad9f4ef280af3a2981e90c01291f7d1cf7d3ae2d96b37fe6975e11b7c6c02b8ef044d" + "1470b1a26b9c72e8c4e7b1dd83c8acc9542e2fc7d211b87841dcceea2ab8128d0ff7bb62" + "2b60faa4a89ea7008f7d55f8f9de675bc4596fd8", + "19f9b63fde8c6aa6177f2a38981505d04f8ac62bcc21007b05615d028cfe851ab9cbbc6", + "0405a3e567b227869f948180547c2713703c90698dc04864140d22b24bdf81b3996829ac" + "a505b2ba535040afed0bf6f9d850713e54013729bc6dcbaa336ebbfb9c461f7ac61af480" + "01", + "051e20545a0a98dc3fec59e4ebdf101c6aa2768f344c1e19424c1eaae4aaf7ffeb5205f", + "05fb3329f63587e8febcdec49f92de88366a9f75d0b9a0f374dadc6e7a62b833753e990", + "12edfabf1ce434c850b58804f1f31f8afb20fbb36ee69b68668e231e4c04fa75e658478" }, + { NID_sect283k1, NID_sha256, + "ffd6044ab991849939e8a29184b4d0ac3e07acb63c7e6b886df9e8254073fa800d5910b9" + "fe34fceb547565a2344eed4de394ce2251ed51ec882ee9207eb7340464c742d9d140fa09" + "64f6bcb1efcc2d13919af4f727953de41b20728ab975c1ae0ce784865f23ed1325c68daa" + "95ed5c932893610179be94f13b9a4149f09833b3", + "17704c1f436beb52f7ec97192e23e206ec09f9e8986e06bef71467c192bad6f0066b3c2", + "040329294a36ceae2b2c56bb6e21e52ec32af11aca9ab7785be9c2d79652e7960c0cf7a8" + "ae0658a89a48fb95cb7028252fa9792d91b989d7cef3fda8ba9c8e4ffaf19269f2a69f0a" + "24", + "0aa8d2e210ae40ba1f9f051ad85d37f7cdea43aad890ef802519cc5773e9a0984fe5d6b", + "1908e3a2740fa04ec0b23c964c4c3cca51c4603e7553461dd02f8319a7ca2ca09d0aef5", + "12d7860d7b438df4653fe40fb9e986cb035b1384464e061bc4ee3bb29aec74d16b0a694" }, + { NID_sect283k1, NID_sha256, + "c9f81c9ff7d80011fd41f2de97a6c1e6a22cc2da7b2b9e4c50e1354c3e139b44529ac786" + "ce795fc501dcbf11a935d4728a7bba44b4e86b5e5990fed4d3e24fa5ab6f303e1842918f" + "156e00dccebed6897c852207ae5941c630014a41696882066c2b296d39cd8658cb5830ee" + "e78e29a00335a99a0ba90722ceca5a2e9a99a2c6", + "0c7d1ac8faa689698f5c6325a3b3f35e7730bdbddabd0693f2bfdc5c838bd62f84508d4", + "040095a930071ce56f28a79a66b751283c756c4f2566ebc2a10770ca60cced6914bc9a0d" + "77046f70021e7a949c7f55b059d4c8e81ee23b13809a35932d83b8398fc8684c5a90f3ec" + "71", + "038ae832c25dcd30c1ee3f5fbe84bd8779c876c0641907695aa598132b0e581ea528332", + "0eb27c86d3ca86ef53aef0465d257e6b681f891a6357cfbf51260dc6e35a82799de0e97", + "0e8207959e8be94e7407543df80d38d9e662106ed68e1456dd1826602c5b73f27ddc901" }, + { NID_sect283k1, NID_sha256, + "a60de761eb32490184dc1d29e21fa33889295ca587b994746874c7289eb9c83e9c7bacbb" + "4066c761a06b65ecd78d701bd41f305cd7eb258c630f3febfbb0a367ad16737b146fd793" + "dab23562e8001cd113135b1c981d1ca23eb3be0fe3e24fe3fe1089caf9fd8f4f0d1f90dc" + "c7dbea4a9e2357793b65daf342b8e6d109c6dd10", + "1a173d158866db0ec665ee632b5fc397893f6a44ee17c348e7452800aadd8ce676e7fdc", + "0406a9369a93e0b5165ac6e692db035495c5cdd6df243d9756098385ad616374ac1e1efe" + "e2032f72a02c36954cd8221126e4eaec02668f454214e4508cf72b6d945e14d9b7c5d404" + "c8", + "0200713a78f58c755db4897f9b7e52057a087816a07fc388d66d34ea9e0bcf2f47e182a", + "11a26ee24610e705a42329f86aaa80d78934b4bbf19314f06eec46067d85c8377e04d91", + "077e35add124574e98e0056bbb106cd28ba8c3bc0c47063ceebbbf2684983a2a0061950" }, + { NID_sect283k1, NID_sha256, + "2cd0320cc73120ef13e83c8144b270c9a1f2049a9250ef7ee83ccc7584025140a51e2227" + "a5ebb824deff55b3affcda63ecb1fd3f337c67c08054dc82fdace0c4bb9cef1bea9dd792" + "635f655363d05903cd6b5ed50ee669bcd8157509366cd85aa40d19593265da26e5641590" + "ccf04672a6df52badd4b99964a8643d9687b499d", + "05523cfacf4ed3b74ebc30f608292e45173001d80cc801f729c5f71fc213b243f041ad5", + "040410751ae7d8bb2295f584ba3d55eda41a80b8520b02bb4e5ca669a1003d6f2829e0a0" + "1e05fe16244f76f0c8b24bd3ca3b53c697097e3ab0e2b44962ea534a655d6c7d80b857c2" + "1e", + "0a634f4cef0ba37c9ab211c57fe6574c67933280c91c8b175fa4164755bcde867fe1772", + "0b9f6946a578ee38433e98478a4c31b67e838939cbf128f023090c4848471482fd1dec7", + "157159e15a2d16da2e913c5ef00833a8e5513ee4e7d6cdc849fd822c59886d0ca3695ec" }, + { NID_sect283k1, NID_sha256, + "a743d8337bdefc4753f937e869a36439da1f8c75e1278c3f6a4a969d93787dac93293818" + "b1cbef5b8636e1a6cb3acaac1e15dbe0841c8001512b689292f3f4805997ae26ff52f7fe" + "1842512a020c448ed01af2a061f3638689446ed5f6bed9fc70726ce4104bc11142de6387" + "3fa7039830223e8f152996388417c48e0c1fa81b", + "09f6bd008c04b8823ccc3ee7d5aca535c211f35e9d9e7cfaec518b98647fbe6d28283de", + "04070019957dac0e9be0fce6abdfc00ca737096ba2d2bea9ba570acab6d73eae2132d7eb" + "060559545f82741ddd1cbb9dab0cd06454fda8abbd9d1eca752e57ec05498b14e4189f1b" + "9e", + "0fe407c226fb15bc63d37cc9840a1a1fb0ac4fc2939fbbcb6e1236831379d367669ffd9", + "0e96e301bf1193dfdd2815597e016e0a282d6e8f9d1d67a7f7e7d05288594f1ea92584e", + "07488687f13c3a2b9ae90536db7868f2bde1529ccdc0c84eb85c53ea979228d1fda7c94" }, + { NID_sect283k1, NID_sha256, + "6a7a3ad614a3a09d2dc5a80204815d0c6471057acc0fa73f3cbbf1801902c3e1cba3c113" + "4a79a8ce61994a94a5afa85ae1a44b2cdcf5153f8625713c872da36aba0afcc5c2f26636" + "dc3f60e04c256a5b023e20e2e7a3f7305bd5b3033fcf05368589f19021f8c9096a886799" + "04b657bbe5b9bee67d6e53d176fce1de9e54c64b", + "150d2812505c82584201e93f6e0cb875d29dc7bd99d9c0f98e0ed20128886e67e1f1071", + "04012c7750172bea15487a05580891aed51bf81548f4b65c51c6c54b990bae8857a20115" + "b003db9e7a17dc8b24ff080d80842f0488f17f7d43a40ce6ffad52c65f5a875b4b33efe3" + "fd", + "0c5c52dfb50b210ae13c2f664d958b2491bfa91ced638f925941234bcc4d66de1eeeb73", + "03887a270eeb515a59a7387d8acbb4e72dcdf13f317a6a93ace5cc98d69a79c64a9e7ea", + "0e922b2d021cd71e213bdb36ce3ebf56a34617d4dcca30fc05f238a1c097e38d7cbcf91" }, + { NID_sect283k1, NID_sha256, + "65bcd77a3ab345cc99b9c1300755288102a6ccf140bc7d1ad25df246ef01fd57a8614b35" + "2033b88cc6ffffe5b38b99ecf03baa365ab5529d6751a3c020d0198561969aade0909143" + "4d84ffe13b46df043d0a61e20a08e9c32b646771fea1b29e202d40aae1c7079873c3af49" + "4ecf6ef5eda855736c9338b4a5c29a086a8266fa", + "1b3fb9e1ff70f94bc9d7742ea535ca982215af3df381b5ebdf1db40c7c849a7978ceb98", + "040769a897a443c41ae7a8c1e45290ef39c40887ab8f4aa3f9ee8f3096921222ed7de457" + "39072621bfa30973da61fb6d363d66db25daf818ce79dd3268ac0520fc99ca7917fa3a23" + "60", + "03fa84ee38587f9c848b65b07c47551e27f15e7a87ed0ab705c99c8b7a4ee9e86a8e4ea", + "11b214ebe67eda2bd6e84c33be05c4373d2536e2cccf152e56b1569cc96d261e50910cd", + "0e100646cbffa016664bb57c1a67108645238573867c0b595c46e6053f844e5482a993a" }, + { NID_sect283k1, NID_sha256, + "ed1acc360d02ee6c36bbc223d91bc1d2009a3e8f8dfc4c3796cd8555b0d2b46716f4c805" + "8bf34c2d4954e098274ab9c2cbacff46a0578a14e77fe104196cbc6d2753e3bb5422b8b7" + "9fd004ac0aa920eea94925c016ece16ed4dea916fd92563ec65692a61b28ee84bef00071" + "20bb1e31bb75b8ecf68406a71af9a18b4edf5320", + "147fa46fccf0805d14c1b84ea59bb8b8283d54ca0ceefb29b5585e7141340c55b7232f7", + "0404ace4c65ce07fe5ec22c560bc553bd791434a691c2d865c52b5e38d541ef191ef4190" + "67076250c829de137b6549d22a12f196629d9d34cdd83758e5daf45fae41872c9b15190c" + "e5", + "18c4f89cc022236a0da6105f19c6661a8325d36fa285e3ca71c1a4af3dccb016cac186a", + "0271b421fd572de8a71d1b18ad2325bc0fb58cabaabacc1f015ee6b14bec49762f1f8ce", + "12e679010ccb143b7de0c3f6c82cf99a961a4f154be6c87abb111cde2d721d864d7a1bf" }, + { NID_sect283k1, NID_sha256, + "2debdb95a21d72b69c545988727366a42b819ca6398a82129c5e3772aea93fac0aae9a27" + "b11969ff0ffb9dc0301132ca2452cd863316cf24ae7696422d4dc68e37316161abc146e8" + "6f04b72d9a27a350d8545cca245b2be43c33bb822dd813d13e08a718f784845df8a4ef49" + "b02529871ec76bb3fc1ba31089359f2ede73e767", + "0fae097ea56b35a517be5480802f450eb832b244558d0cc922cd4a5b40b84d02ef11216", + "0404f6bda2dcb9560174ffa54f13fa5edf17bebd41399a1dce1fe13e82a2b487eddfe25a" + "19076dd375f2c5f24c342a8e2491271cebf5b97ac666aacecc8d693a85ebd2a93eaccd40" + "59", + "05e3a67091b9e10c7fd20fd70d51162e5d78555059802d0c3b133f49b89f37be6a119ad", + "0ddf93ef8797571af3cc9a66660c569445a2b5384f95a12d680c570694bce49bf2264cf", + "02f50d68bda006b88798d87c232f5ed1796c841074f063da03a471e0c00f08b10f410b3" }, + { NID_sect283k1, NID_sha256, + "e4e0c6c8fc01244abf81e139c961b6a6e2d95de5dff1083e8a48b40e3e5b9ed909152c92" + "b1cf2263179629cdf76ae553b58bb2e9223ce4f9ffb5f170f5f0c5ec97294c34a7529a89" + "7e9397f71198cbcd68bb4055cb8cd6b690290761b3b73303f82788379df145358afe28f2" + "997d191d968929b7a4b9a0f6228797dfaa17c613", + "026cd72e6ae19b3f4c53493fba1e8082a8df1fb7da6dc111b47a41f713f49b33f618d0c", + "0401c411f5e298c9b61023fb26765cf4132cc78ed77c07c3e815fd43032cdf0ae8b8920f" + "96035647b4c0807b287014043560d70c9b14651cddff4bdf6d44ead5e87720294ff89544" + "06", + "10e9bc449e8480474afffd20b8acd6dd08344981c4a6cc789c5338ad7e486c526d6c4fa", + "0e81594f1064e018aa3504bac75946d77f9e745673043417a47c0c82488e224cc4104d7", + "111bf8635b1bc3f6cb7f9b685077b38d67160d143ede2bd8b6ae93327d7f55c5317f00f" }, + { NID_sect283k1, NID_sha256, + "04710947b7c90855ba4e59107b919d4a1df22b503c5c4c33b286b6b08e451e6fbef8ba40" + "852f9f0ee62c9217abe6156bed46ad6f0e25f70f528f3a73d099338c578bebd6879d810e" + "6e173c2b0af1f7caacb3531ff0e6a7856e4c84db355d110febdb21c683223eb5990ef203" + "8d462ddb7962bc0feea5f850954943d53041f66a", + "198e13c7d95bbbb6e226688719639bda988867764ffa9b029018b5547850daecf58fe1f", + "04030b511d719217c485866273ffe2996a19e0a670b7a3fb077944a21f63ca2f22fe5a52" + "4a03a4d9a808e8d77c9dfcec6d033139fc33e67d7c8dfd7329c895bfb77f565391c37c8d" + "8f", + "1721f1ad4adf3c32614feb7f8df3374e24f76a32e27854a57dcafcbaaa3082b13e461ce", + "14b2622432adcfed7c2ecd2b52e43be7f611680ceb4bedbfa9dd9af54532911a07440de", + "0ece991128b10399188b18933c0d185e85d111ad401baee5ac376b84c523f130f70fee2" }, + { NID_sect283k1, NID_sha256, + "c62d07bb1ef756b6b2fad355c66b5be086b6dc387b37cbc4a63c841dba3fce65b09d3de8" + "f239e3649382d172f065b78f8a53e0283cf345de06b4ee0b4b7d8611bfce92a7d993b193" + "8419afe817611bc6df3ef74191e7e39ca2339fcb5b5cfee3166d09cd52a1a7d3779722ae" + "c328d326a11bbafb6aa417920225ac453146b9b7", + "19098a39956747de24ded56435fa1e6c30cc2b8088fe9a75f5d07b2f5939c7a60db64ad", + "04068cf5a2023753717d89d12d6861c8411e6081c3158339573dc5598b1700148d00b39d" + "c5076a22dcd4ff4f062eeff83a58d2ce6a1808af8733ae254f5157efa8ea35a85cc74469" + "2b", + "142e4907ce239cdaba562d1fa7305bacff05a75e2927800c7b7ea322b47c9ea47846e12", + "104620d752b73379e1e5d35e5b24a793d7a309685c00f8bdb97bba9876999ed9c763d0b", + "059cab3abb0738d8af4ea6dcbfca6d0ef11b6e591ca109b040347d7d4736724953cd9fa" }, + { NID_sect283k1, NID_sha384, + "e4d8d49c9bc566261d9134d5e237d9cbd6b67d2619a9bd06b7c9c139e091aa10682cbede" + "114e1d4777d9cd67a16b7d64278e99eed62bbf25ec5a5a8fabcb0a3468b0e73fd02ac653" + "3e04b1110d29da3e34f33eaa228b78341b357a5d892a61beb2168c3bd5e66bffe3f2080a" + "1e246f55a41ebf9d579e188d16991aa060460d6a", + "1636bd2be121e07ee83ac5e880cfdfca6a56f2b9d0badff003e872348368c7c2cd96b6c", + "040007acf46ab68744a9baaa33ebf6be20c1c093242b0056bb9885d93a4a9bb4640f17b2" + "ef015415c1b671e98f00c1fa364bd69cf998c0ae140485159b0a341994a4e27000e108f4" + "fb", + "0d0d4886c3500bff68455c41f5840d0313f33ac0155a693d27c66fbdb12791c2b5f8552", + "0256b8ff7d37fff7dcc8cc4461984a9bd9661643fd3a68d07fd30d426d10b8c7f4dfa34", + "1f516f8ed4372780380a798d2da04d691aec379483bc0d10560ca79edaab453d3e77585" }, + { NID_sect283k1, NID_sha384, + "2d1358fdffc14630fbc421b443d3c22ba10ef34f15c6c5bb3c73a9b8714e4c411de69b9c" + "d6628fe2eba5efc4862af66ff916505023e0514f564164b389ea422d0f1beb92adcd65ba" + "f43556614eba25e43852ba65af78f62d64b36696519ef8284ef7316ea52c365b99f63a39" + "e6701f81ad520d7445cfc0113c38ecdad4bf5b7a", + "15e5f555119c19b055b15b0c0d2813068bfc184f864e250b202384f5728bbbda1cb0f5a", + "04013cae2f0c3ba04d039c42cae27de4cf5842a3e24be35d7a3cc7f05083f02951cbeaa6" + "3b05d69ad5b7d64d6b19772a1794562b1fa5c2fea03909bc509e7d47b0e8144acb3c26fd" + "dd", + "1b881d95b7de9aed9fb5ff0085ca4da2fbd413b9b947066c98aa0257142c9000bbb30e2", + "176f9e3c9e9f98b2f5f352ca74310badf9f598f4d42cd2b26e5ea0999ae31e3c678fad2", + "1f2dba4e17470cdf7e1815d30771f352807b38080d44465f86044f5969b017c9059daf3" }, + { NID_sect283k1, NID_sha384, + "d6336faa5c3e838f4fa58626eb353d4cff9ba8f0aa0e6c3d0d850e8b22f5b0f047afc977" + "67f1afe2040b85d4e401ba688a4da7a0caca7fac450899092c4fea789231ba9b07782010" + "720f45d16d353798867dd7fef4a324520014ad5cb32684ec50cab742b750e05db040ff51" + "140e8d740f6774a059feeb493b10d8ac722f23fa", + "190c8f17bdd38669e345440d2c7631d67cee9c6548c4e7b9452377adb9303430efeda0e", + "0403235a8b7981b3ff376b6b0959a42cb56631fbb9f82f1694b9e273e6b7131e758fa0d3" + "700444e5747420d7f5ffd6119ef43b998d4ea4a58da13ff6fe7f241ccdfd4b6fd33aa93e" + "3d", + "0b2a690793107257d7bdc37c492eca48c4c9650ba0d657e6eb62042b16169fbe27f8984", + "168a83fcc67e0c155f1fa2329363729872e254f2e0c3ef85f3b3c84fa3406de4191b6e8", + "18c0f8e6b486e6d7d16b4103506d74bb2021232c0b1638858295a63ca35e0d6d26a6266" }, + { NID_sect283k1, NID_sha384, + "07384a3f650bd270b14ca388a441af201b7767a2d47e9033f50cefd3af8257ecb38f5267" + "e141cbbb2ab7327d8fc78cf27198ca3543d39553e178390bf1b921618432ad895e4f8153" + "783a7ac22f4ca3cad4560e64f1ee4a7bcad05df98ea49a3847dc2143b27c243e48be59c8" + "69a547988e2205358e8db98b635ca21b745df4d2", + "0dbbc2a0409ca58a9e39e33b95fdd15080443c1dbdb5874bee991bd1b127047f08ec9f3", + "0405a687605e54e49e3c40fc5ee8fc014a62d72e8595280a66ce7d367aac2df4d16b98de" + "b3030abd03dfc224f459dccd1606287cc30016be317c6207532a0725c957ca5fde692a9c" + "43", + "16bc5aa29cea64ce3297172f36fe4ce820c943908c21c9967697db0cd93bb8a12e42348", + "1b1fdf26a6eb2d736b8c1ab165af2ac31a4c206c5410f61ac7805a68992dbd62b457708", + "14e9a22ce703d942a4fe2e84a4c1c1b44538a33fbfe904bfbb17af6490d372acae4668e" }, + { NID_sect283k1, NID_sha384, + "824f26dcb4ce0ca020982814d5c727e629cbeeaa818c49668f8f6d743f0d0ad362b24cba" + "c48027898f386889ca5411d7d1f9afc69493b1d9ae4d7b695c9fa0a30bb59e6be2cbff79" + "231767e96cd8bba349fa2f97955d56f05430ab4ebd007064e3d5add94dfe255b6deff196" + "50883ce9966e1a2affaf84d9540f65c87ab1f936", + "05495e6c59ca1873f36b756579632fd47f9fb95b64f52589d70f2739aa6a3bf8cf8c198", + "0406df40d8259be64c8ac64a28359290bd52e843f330a68c2b605ba4f777d7bd7a798e93" + "440458667cd7021b291c3415d64f9b054db71d3fe20f232f2a2286aede89ddaf1ee8c68a" + "a0", + "138f05303ea63bad47c4c9a9d43c52c264725a668db5b631d9892daa1b71f62656cbf73", + "05e35c1f3b30b43cc9d60bf8779f3b31e053de0a390da50ea676dc9722a17ef00d68aec", + "1691ecfb826fef1ea0895242129cc3e9a14e1f84fac49d62ffc0a3455ad9c97becd5980" }, + { NID_sect283k1, NID_sha384, + "07de1e4bb9be15a710a74806d4447b093bc08ed04392d1bd5abb414f5f4b4d9d43520d0e" + "46fc81c2a97e71086b28e53242449ed37fd7ed1c5772dbabc430fcf82ad20437b38eac15" + "820421e51912325c872894452c3f8a10ddb040b35308e583c155c3707b52df467c4945f4" + "e1071126ed46611a3253c297f5cbca9e27f58448", + "1724987c9b698519b6c225cf1261b77d0300045e5fd774dcbf13f285e6bd74512cb7edf", + "04046adc9bd5f0cc0d8bc64f4ba491eae3b7f6fb4229bf94b804807c6137787adc0fed4b" + "2f041375e2c89da41af84529811ce7aef26b983ea8add6e37c32f2b00bd47f23f25e5fe1" + "94", + "02ea4ed0e87687a50dc3acc7f4c089040ddd367d1a3f470a711501ccaad63c201b87ea6", + "1be198a1b6e91453018513902f0a8a085c76a2798a2a0538ede30dab65afb6b9b0496d7", + "16342f87a813780aec006ee218a615c4e1c78c0c759d48d4094639b5b4c32a9658c4d9a" }, + { NID_sect283k1, NID_sha384, + "1edbbbe71057bf7d0bfda922be21a3a4dff57b017ebf6fa99651246cd173bdc9b11eefd0" + "48ea599c1f98e907932aa04f64ed0a007831f30daf186c88807400970904d6090b2cf181" + "e0f65f03b4234aceeb420867812562e47f452152bb1ddaaa48487170d06e47c5e9a7c0fa" + "a4fe494663d2fec22f7665ceffffc214b21c6b8f", + "1a5489091cfd51a0970508ee3e8449081ed175928ff8386592c83043a7911bbc2f8778b", + "0400aa1562c94bd16a3f8a1d6c465908ce3b83ba6711e7d8b0b9353d3c55d13dee213aba" + "700103a789854f63a139e31348f1b2608f1e71c88b5d42809f2460642ff46a470ad85735" + "43", + "18435a6d3bc02b3019e1b156ddd6f3e1bb9c5af70d1a2cd2089e677cbacc21624ec8947", + "031f561b668aeeb4df43a3a34716c4e67232f56959104b7237b26e3c95dd40e15eb076b", + "0f2ddb6e6d18a7393425c16b3e5a5aa232cc48198d63e46a601cd3ed221a8427178a0bb" }, + { NID_sect283k1, NID_sha384, + "db5cf1de38a5187af11c1f0f19a36db52f8417de997229e83072fb51a3b7152a3b383e99" + "19c1b8427582e53d4e7e25433d46cdf01492021c237ea0a87d38c71634743115a6b2aba6" + "6d3faa8003158340a5078171e0bd55a6e5d8c7fb2631a31c1204e1479bbfe79ac70d5e58" + "23af502922a900576f0088a33e42ec3e26c0089e", + "1a45ecda0788fbd7cb7a716dcf4c6e83d4148bf63ed58078690ebd238c00329c462590a", + "0407a1e2fb4e8e79e3946086fa65042362418db0dce51541121c73972a435aecb99f6340" + "23006bb02df9899ac3f207732fa7cdbc36a60c17592af7ce06b8df4255110e26a02b2318" + "00", + "1c986f88ba3d5109c0afa2c213dda8df462282f024cc8efc758a5342a0de91c40452443", + "1efbd9e0d912e170c9c55bfbdfa6106fea4a4e013e7dc26628a1aea4f6b806a51866003", + "0b1347f4f85adef612f5c3a436cfa59eaced5c7cfdbb69444936d71812a2ab2461bbb5b" }, + { NID_sect283k1, NID_sha384, + "4adaa850eec8272d25d76600aacf2cf66e754f6c5efa65c55a2a31b7bc69437d9a7e47c6" + "f51c5da93895a45221f5f92c2e20ee6a95eed3cc7249688261a35d82872284900eb54dd1" + "df6024ec48963ce43e8ed8b8cca8ed22beee8f0aadeae53726cca05443316537840ab824" + "cd1b595f36064e9a19333748d4f4972178e7f5ae", + "11461776c33f20b176dc8f2b0cb2446a9b69e55b6c7bc7457a7fb4639116b452b79661a", + "040043ba7157559659954ac58b44f19262bef9e3a00829c70af66d07cef08ad899d7f8ec" + "2301e8dd9c947b5a6decd1a26fc5d0eecc9605d22abda747fca038571bb37036d9034e80" + "61", + "18b231de7fc499b461afed9b80f4405bc005011865cdfeb25570b7c0ff79b6ae94b6ce9", + "0fb203f47a4e2e9365ce070ee7fd4540f3f7e9ecf69b4400eeded0f5a7bf6e5a5c6d004", + "0e635dc65233f27b8350db22b90a3b8611e6fd1b3e0f515e42fe8788b1376079816308e" }, + { NID_sect283k1, NID_sha384, + "11d212a99c39fb5e4ca0096bbe6c81ae1490e1b8e07374b4e773bee4fdd24a3c13d65391" + "9db663d2c32aa4db140c4ae2d472d4f878946e527ad33b3dc93012d97458f96cb622ddb5" + "6f1ce7c2474ad0d5291dc35545de47b7053d137a8e79dabe06757ab53e26eaf751111bd2" + "7690e57ffdab5337eb6f81889e9d1b1ac729012f", + "025a65f627db2b4d6cf83c5b0c00265b9b63f7656c5e3382139e4992bcdf3cab502844a", + "0405a35e7e0b914a3e01ce3a885192d2ecd27418e09898631de122db0c48e8b58658720f" + "cc0009eab47197d5f56927848855b6ff96db7c36f810ee7c89b305ef780ba8c993d65537" + "ab", + "18516ceafb61cf2c7e7c511a8918bfe394c7fb2fbc40fb3052e156cd4020fc674684f84", + "1892ac13b86ad00e38ce2427c8c78c93b08605a75ca22b3658132dcf9d9df7c4b5540a0", + "0437b33615c16a85ccb8c4769ee7c5f94122d31e2b5fe66291b401fd90257ebefe33818" }, + { NID_sect283k1, NID_sha384, + "9e4ec74c09528fdf3153a0f6955f20c70915ff524b2e19c991ec4c5b41ea9185e3e876a0" + "2ed6f27c9b3479dba951bee8680c4c99be1a626808114408856994be7444ccbd5ef9859f" + "a479b1050bb836034e20c531b4d618f5843fe1d4b613a731895b489a2363f3f5397d5ff9" + "64cf037e9b11e3ff5e1c3d403e5a46b8387c1241", + "173b28fc29f10245221a907778708b3ee62e0480aa9051d4c3eb4e8d552e6aad5509943", + "04024bb9bdef975af892ddc1bbd31314926a9c81f8f1864829edafdfe2744e793c100c04" + "83028ddde61b4361ced9c391c86c28ece9b902c48d14c61684962007dfd69d0468dfd65e" + "7f", + "199af64f79ebbc5b789d4676a07c224e4f6fd33285e5a555ac90cf65d0b669bc58ced4f", + "137d746d515b90890a413685bd9b26a1c05efee4c11a4b40bb621c9fa2580c46c20a687", + "1647f70ab7c68a0f522420893a466940ccf79067b323d940369f8b8694ccc3fc0daccad" }, + { NID_sect283k1, NID_sha384, + "5fe8253d2134c434cb0866796013722e82184638b024a5a30938039929ccd8415c71f71f" + "239c5c5a81f7a9cb493dde209f189bcf766c17c6d9589cd0c7de7f07ff9f24d2320669b5" + "89d084f8a8ea71127b9760b7355b162616afb34bcdcd416f1a062035102e29b70069b2b4" + "dbf70179b8d60bc2ee5a455efd40194533bf560a", + "0624616adcd45e1fdc6cfeab2b17230d73d91fe0b39f4664f3c6891554f9b8e238257f7", + "04010917ef84bd5c0b36c97cb5586d3057a34f2827f239cab2af2e6081c5bdffd48dccb0" + "b2078ab47fe1bd3e28055c688c78e617ddcf6c5060123e9d65c562df2e94cac973ab3b18" + "07", + "0795e229185bc1b3d6d69b08189fdd7a822cd18ac55971e4b35e51838bf12eacbc50e2e", + "185483378a162b8edd6a12f44e3aa4ff829630fe3a1c9ccc66e34775f69bb6a94282489", + "01662cde6cd497be7966a0a77b0626ba3c4b82e20bb3f2e839178a31aaf440aa0e059cd" }, + { NID_sect283k1, NID_sha384, + "db49891838fe23f0530abd4a4fbba5ea970afa5747f6a0a10d2cf4d841581ea2178705c1" + "203f00cafec91d0a72d25448072c9cf7d7ca5580b39f8589ec63128faa95cb0689574a6b" + "ebd515049a1eb9699922cde0366b5cd58aa8f3d3e847706896f7e1cac667fbfe94b2eca9" + "e7be79a810806ca4bf53f219bb30532ca2254c11", + "199757ffaa2c59e198d66824eaad37cc42d49b2e241b6a60382d05e425e800eaaf32470", + "0406ad18bdb3e51cc053f56b9f9c35e2d6eaecbc9749f41a9ffbf54634838d7745ca0648" + "9005dd77c42b31aebbbb46277176df08d81919ee0d9ddf14c3e4c0cccb207bf649c48fc8" + "b9", + "109d6332ceec5ea211f642a746a6ce055986b4a2feeed7e847904f7f411bf8361318d92", + "1a49fe690a34151056d290790a6bfa7b70958e69e9baeb30c55efc61dc5dc4934f2fc95", + "1710a4ba5b404d65f66a8fca2751a920224db0cc0266f7b0bc054069ea4cc51b1f017bb" }, + { NID_sect283k1, NID_sha384, + "29d385d09c1142a7c181fe4b6e6132e414c15aa8605b44208c0399464613b966edcc2d46" + "cf203a3f85d943d8eae658695dac74366224a0d0348083bec0106f5eb8809ae8d07f792f" + "dd7c48fb1a25d5ef3bb9acd40b20c61c821024a9acb2ede321bd2d0dda849c22d76f421c" + "bd8d51565d3c4266f666455ca1c0c3777aa44107", + "06e51381dcf21050aef2e9b97e35303cf3bd91956854ecf9b6b9827871d2efbe8201c5e", + "04052fee805d7938b8b97459b9fcb4b80cbe29f20a9aaebc07ac019539a4a966c5ee4175" + "1d078aaae02974de6530f285b4bbe87fd5d0c9a2ecfde5fdc9a3303e4b988f673c778004" + "bc", + "0b426ebda6628125d73efd84e6bbab6c4c8fcf7fa29ffb3c8d6b0a861dbf81cd18d088f", + "1270045e963b59e4a4f1237c2240a5b26a7ba8e28ea01326fbec00e5d95d40e859d88b3", + "1d721477ee1df1388e1b7f92c048e5759c060ce1291098a2fa647974a62a258a189b4cd" }, + { NID_sect283k1, NID_sha384, + "774c1cb8fb4f69ecfb5c7857d46415568d88f1f9f05a4bf64a1e1ff6d64aec16e1d09292" + "010d1f067c68dddbcde06ea49be2ad3838053f0b9c0c2383edc451ef0188565118e7b3c6" + "6a4fa372b96633dc8a753106283b02d0322df273d58cc9bd061ec219f1e1a9c8ca1400e5" + "e39c1b2c254273377dc98a1a2c44e5c2a5b89167", + "018adcc22cb9a2db64bad3d60f1608c353e091637b948914115ebd43679904f955c8732", + "0400630bdd8937e961d5396f9ea5310123a340ba316fbb7d79bf8573f27a0065c6fd6f88" + "900737a0ac1116e0e2979f973cd705588a71cec5e2a9f22e7e81fc61a4375624f55a6182" + "bc", + "10a0c04762d02f9d3014bbff287864743426cee14daa43b22149ce73d1ba609c0ba6be6", + "0ac29b041a6b95f9ab685470f50445d416df5f7ee06313185794f2b542fcc00606bed69", + "00a4241b97b6ccf0dcd533a15867f5889349ec353395d47e31c9eb6b8785736b3e285cf" }, + { NID_sect283k1, NID_sha512, + "c406aa4295f85c854b4db2de5a7a2defae53a319866921a3673af5b48c85ef22f6eb4cef" + "892c790d8e64530fc20c729b2821b5f5e515560b1ac764106560c3a6a05657e34cd6dead" + "fe2884bd288cef4ca92e1f25adde7d68a30fb0a1b3678156ced62e466718e68e9d67099a" + "d82613b8d06bdda1a7b867c2455422818ae9eeac", + "1898276f159c10d92d8d4b6ae214d68c72792a4b5f1f79936ca3c063dc8d9a88be439e2", + "040394cf9bb273923c88be7a1c49412ab8599e0cc5509926102c122326bc0b34243f7d1c" + "f3072330906f47e8fe95f63d0f0aca1115e77fc702a923c32a16505bcd9021da05fd9cf6" + "3b", + "058772fbb30227a136de616ace4a0334be0996d60e9772ae9bf672b7c38fe3ee1b24f98", + "10e0cd3fccd1728e99e2294efd6dd4797b6492ad95a789aab7fbd177475a047f1e5d38f", + "0c5e0b2d1991718355be14bc57e2d6ff9fa63e0812b9adae69f64da610cc6cbe36fe4c5" }, + { NID_sect283k1, NID_sha512, + "cb2809152f8258660933472c06ddcdb65f6d5221fa29d5b0efec9c2a7914dbbf9ce0a468" + "ce146fb333d26f510a87a6bb01bf8816756a1b5df81c5f65360957cae84ba038e37e8877" + "7580e91c34e2f5aef4fb55af7b81ad28aeba05e0b1c64a15381a6719fd2c16e38a441516" + "e1b394952d984baf9e051b1dc1bda2e12f8ba5b8", + "12ff37c808c3cc029a9cfbb67a5ed21f3bf362b49270d4ed0f1e38fad25ebd79f112a50", + "0400cc00fb36bf62e777a9f6048761e53633b92866158200c43900db95aa1342b5760290" + "90055d7e57221ad939f5639282cbfc203114ee69baab4fdf194f4d2a937d8a57b70b54a9" + "07", + "163d8eec726d01a1bbb19995777919f68689f7c2920f3549fef966593c4fb012a5c3a1e", + "0cbf5c3bf1ee58869e1d3c15a05c23217f1c252da97f79334bc79efe3f5c62164669ac9", + "1fd51644f471ea497b0560b65fdfa2fd0a6cef469021303f97753d22ce1993d1ae5b96f" }, + { NID_sect283k1, NID_sha512, + "e060af96d4a7fe512bbf26be9a27bb6a8ff37547d4a7bbbfa710db24cffcfc760dac120f" + "89f642880db2df6307f9ea5441d5932d49762d182b29d8e7fb067a61ab0df622f75cecc9" + "17e27d0326085d34581e052c85f50a37713e27518aed7c4434f86970e00a0a4b8503989e" + "72614131b7164c1bdc82d2b6aeac0787f9838476", + "02b8c1fef9c6def32b5f4127273ce384b6add4aecec957c1662f52334f5ee97f49852d4", + "04036a4fe1d77bc431012d25ff49fb5468f975353be70e7507d71966a0ef433df51dc323" + "24058d705cc883a690641f0ab85af4959ef4258a7ba9cde36dab77c125a1de1d39536658" + "4b", + "0865f59502382b324e1dbd75db150f342336fb19145fb43a733971da555ac5828a3457f", + "1ccb2e56c02cbe8038bf78dea256704ee6e51054668ba8c2ba11aef4ac6f9320d46ee8d", + "030e662c0e7d47cb3b835c63599d0c9c2e77ca47dbecd7ac834c2babeb039eb630cd0ef" }, + { NID_sect283k1, NID_sha512, + "d235c31f0a82957a087c7597673970aa39321d4c2640685a03df8388b5eae4825d1fee29" + "926f416d5e62a2e9ca1ea7cefffd31607e750fa9675983608e0f8dc895371b190574d065" + "c5c0c23ffdaf49e65362914363a3fffbc2c1bb487cbd4f69ec22dda5c7dc3bbab805c81f" + "aa85787cc176bc0e5703924f395d8c9e7e7701e2", + "0afb1c45e9a9f02942b8e04da4b815498454dde6643de186625a98b3c1c6993abc8bba4", + "04002fed49c59e9d5c09202a5dc29d8dd527a870a180feded66ea6fc94ee094122ae9765" + "6b03620820bdd5910037f5877649be38db3571a9c6ac632602d2013d0d5abe1f00133f6c" + "de", + "1fe749d9916f11100af525ee343b3b74a493f92339e432a482dc8e86ffb5affc4630037", + "120f6f13331cd4d1a5b9707483c74dc0722452062cd4534e94cf40840d22ae263244a51", + "0bc2e37a481478f879de612cf4a833f7e12b8df33f5b0d6ac5f5aa431678ff053e2bc1a" }, + { NID_sect283k1, NID_sha512, + "1a2559777a5fd8f269048feda82c4d9fceca95803f84a813789d6ed070422240e443789c" + "5231d63d5268ddebc060dfb99c4eff2ff115d2984d8bbc5c05314562ea6864fd543e7e0a" + "3b8572c017d8ae3563027d79bbe164d40a5bab354720e45094b9b26391ceb55339592fc2" + "f10b97dc9c2649f7227648f5cd2fc46d78d31c0e", + "0ff537d73a4da0ae3a4894016b71dccef3bc886f3d24a5abb7dd96cf8fdcbdf0fdc5e51", + "04001bd0537dfb29f727f91fb469c31164e1bb0ee192a5b89b880f3fa40e3e5437f0d2f9" + "e106df9bab2f9198494094a63f2ea091f60108449f0741806400694a93702f61fb0351a8" + "1e", + "0bbc511c6e1772ca6cd1cd308126c18c5db498055a4b3f1cb0dba3285f6d38b083e647f", + "1ba756f3c89b732398b90bfa2f92b2a77159c530a8020b75cdb9697c6d75c18d36040b4", + "18207cf326bfe97d657ac4197ee5c20c75431ee552681a92a5815db0d984fe597700bbf" }, + { NID_sect283k1, NID_sha512, + "658c0d3f764bbc952fa55a258bac16a5bb5184bfa76cee06baf9ee6b9ac3f116e08bb240" + "6b1dd4be487b057f3b29c2043ebc33019b2017c4deccb86f50ff15fc9248ea5fb6426112" + "0b1960525aec3cc18827c23291722c5add8a3761ff8516c61956c62b8cbb13f3d92bf3eb" + "45a70704c01bb3625d21c38ffa83a6db086ee968", + "16000d2e879906d1040b32eb6ba3caff700e5565871ac75f10c5c15b509964bbe5e14c7", + "0402ba89255d1c89e42518662611e2efe3b5e3b8043926ae9c43974ee2986185269246a4" + "3302b87762b9ada81bde958d1f9b81246f49098695391ba3b4b3b9ac5727f19fe42fd079" + "46", + "14e837476e628007b2df21b5035a39c24cd4869bb52dbbe13c9666ddd8a7e3eeae29f65", + "1b5091fc755c0f908ee13ef9bee40dd16a5710befd1e265a312e595842d52cc135fd722", + "0fa25f43c3c074d702e45d216e3704d942e9d67b3c0728645ac6c53b9be7300061e5fe5" }, + { NID_sect283k1, NID_sha512, + "4f10001e3517c2c1f973b555f4827681e096d860c4db08f1f4aef8000c9c24bebe59f8bf" + "3d7d3cac959a1a5477bb0ea43f2e746b5d14ed48a58ef35484b0ac786d2fec669f945e84" + "6ad73e6b77a9e47012a951b398941566330d89125eb3c1fbb2f06adb951ff5f047d102fd" + "f28b5cadb4a3e1a10412eb3474d2ed5c3fce78f5", + "019528d505bf0584628d0214bc857150a929d3f59619bf8f3acab545fff0977c9bcdc97", + "0400cc8863e1443e61fedc61abaff87d80450345489728d78c333b36fa28d8754a29cf3b" + "a100205ae70c35396c07f9f96aa7c59cf8a28aa2a365b4a1b68e7414d8c4ae5220c8bae9" + "ae", + "13d555426101fa3c239b7830fe0b6cf08a1c01f9a991f806c84baae20daddf5dec8f868", + "0af8bd9856dfd783217cf81b09b464614aa824b0298f35308e6427c679607853eb66c7d", + "0e6c1933d6ce25d0a00effbaf1db2cb2542cbe7521330c34286cf3bdffc20c001cd7722" }, + { NID_sect283k1, NID_sha512, + "c43ec3c3232cae59bdea7cfaf18a4672035dbd2b8b6b1b44ede376b36cc2d8baeb921e41" + "6aa177f5977da8bf1d713509e5251278b6622790056271715cd5feac58bee5baf50b216e" + "8eb886279c5a384cdb696470275b7487fe9ac4c506706f6b0f9809d1ccb102546a4297d2" + "017c2a8df9f02f30d3d1bd9aebf6a92a02e0d202", + "067795ce117bc0a389397fc22a01cfd9422cfbfb5aa44131938a8c45e48e1d5a718539c", + "04007924de08acfae6260009cc2f02daa2fc2a809e6ab4cd8858a9e9c2c15b17e29f1bc5" + "ee004f36cc2d36df63474a579b96f6e59b890782ad8fa865efd80abd798ca2938bacbf82" + "12", + "1bf3242e75f8331fe70113ec8e14ad0814850bb8cb262c7d0a44ca69de52d32dfcabd0c", + "145148d59c5be2b6d39dfa33e904c161456822ec0ad64b9dc52befbd6496c9303fc062f", + "0b75c3c404d694e086c0f5aafd534e7d8596601f675b2fac9384fca6084711e35149f9c" }, + { NID_sect283k1, NID_sha512, + "9b7d675a3d2cdeb280ea28289b5fc2a3ef6b535ebee8ad242fb031e2e1f364e8ee806568" + "b2f8627c5a5b4f51f4f65c71acdc1152c08b9211b81907b551e0ff47f5a6aca45dcfa06f" + "09bf195d19d7b165b52111b601fbd97b192f62465f8ba20773b1599c8041e91448eac7a5" + "763ca0628f40768324c5304e1119ca6a1fdb0778", + "19269dbfe4184249952a651a507584746c5b62c64cb3b17e0158aaf4d086a4afb0330c1", + "0406c60a475f2a3635fa523e1b138edc36f51e94a34e75989c2cacdf8949115d96f11ae7" + "520494d5e23ba9071b3e52c58b1d0740cf90cee7b084b9ef7a4a7be8aa47ce7b3d97c8c5" + "1d", + "111f4dc771b6ce5cc2f42172d3d70fe77c73683bdd2ea331ff711b7e9d8c3e4f2d7d6cb", + "027f224c01847c52ebc180ae81009923ae3453be1e0d94b5c2934603577f36653ecfccb", + "1e7b771631e5e72b7ddfb9c73f684b93270269ba4216cf3926e43b2ceb49756e7e7e0e6" }, + { NID_sect283k1, NID_sha512, + "f4a08daf8f66ce57a986f14b918099bcadcc4308bcde7c169ce8536a40d94a928cfc0968" + "180a2c2a242c59df73ff79a03687998c421cf9a0e661630378779a4744ae2a6cd24ff61d" + "7fcd6c11a4c8bcaf358075e96f864df0998ee98ee393b37bb38747b70bb7a208740959b4" + "5174a60153ee566e0f62528e9a5e4466186fa650", + "03835814de0d6441cd80a44e40350cc8bd62ffcc81e939a4410bb9c9259e30463c453b5", + "0405ce9f6c979bc1d6bc41f41095b7677cc184da8918265a7f0e5b9dbece2ca9e0667cfb" + "ad039a395aeaa04f5168de809164285974d306e474a610d89fd401c375c9b73f0d23dbbc" + "f0", + "0b714d734d063aa81a389be69c56dcc23bcced3517e330572f79c769645e7dd2fd55c20", + "0e4d4494f91e79f2b1d1c0e22ebf744ef448f57c951f1b5f4da3592fe60008ab00f5f7e", + "02edaa4d8731b598c24b993dc5bb4888ea3c2dfe2807daf88170982667e69b76a8ecfe0" }, + { NID_sect283k1, NID_sha512, + "864647405c70939fdb4c026bcad53218ba1d438d82c9138f0f0ecac815dbfb242307cca5" + "2c84826cf6556c51082a23f14252dfaea43ba229f7493db2bf8ae9cdb0228dab9e25cf38" + "5b504b92cca94f813acceaa1f18de851b8936c4dfe9e4e17002f02dded6b4c231ea5e614" + "ab46fcdd637b8c6193e8d0c2df1b3d883b97e1e8", + "0aee83dbed3b703cb6e60d51e373eb20e298ac005fa6a572d02fa1e6da0345558ad2a46", + "0400dc25760af992a8ecc108373281bd0d246f95933ec943f6346c1b2b941a03b33951f6" + "2206e35f02d225ba11d2ed7ea392898f78ca0deb2a47871eba6cd2be7440a410d910097d" + "e2", + "1df142187f8b27f4888075a3784aebe0fb7d80b0b6d3497a7adbb88cb6bd26cb82109c4", + "05a530bf1135ea6d599928cb0383f5d391d19be333b1577ee4eb6f2a78b54e4aac0e09b", + "06f3033cf392f698d1a1141cabf138c411f4e20687920f2915e17e805e8657a887c7953" }, + { NID_sect283k1, NID_sha512, + "c87c8f3ad5c28a027b28ae5021dbe8d425f74181d519451f1fead7a1f9dd102fa6785b14" + "7b610610cb59bfa91fa363bb79ea602a7d7e1439f874c5dce748e5c320560c2d9676f3a9" + "48754c72b6db249478b7e19c9829ab4de2e344535d3e0b7c20c272f82556a280ef491524" + "b255c4fafb9c8ecb87b0149ddd9d7bf6159e3337", + "17b65c66514019ff935e9d571a4e68e9ee4463b7b9a754b93f4f7741693f4399879fa8a", + "0405bfb704629596ed05096783e49864a11874f319b4020917f1ba700ddb0606e6e72c17" + "93069194592be64c33c2f63771af0e4100d060e9750031048002680541815b311ba8f7ff" + "a9", + "171b5c698175300b95dfd5ed8d3fd7cf4e19105ed7193b6013103555808743501ee8c46", + "13f001f287dd5c7ad9af8d0105b47caed66ede41dc1e121a602610ce20e41af91cbe586", + "1433d5263d5233c40c0ca526b3657fcce8cb88ee65105b5f5ec82b26e12bfff11c8812a" }, + { NID_sect283k1, NID_sha512, + "ac7da7611e2ade20aad64b418a16e02e79ab4894d758550210eb10013a9b5533132be701" + "f8843c840807c4167c38d21dff168d3baa65d5bcf285b73dcbb75819f8d7a20a849de335" + "e19bae2aab2ca560b93d340731f291599a5b28afd7737460d291105cbba6d0290e836f6f" + "6c1113d1b2faf90ac5de7c64e25206d79380a4ed", + "17d2071f39ba35515a8ec977ddd36ca15983e15bcda626f15af61d87d58114f4c80a8be", + "0406f09c255fdaf78d7d341fde4586526fcdec34a28448c7fe65685a67b6c33564ce9249" + "a3024ae4483fcbe3f823a7ce53db96ef2f6c68670e107e68cee4f358dfa844112d6b2144" + "e1", + "1403078da10f55724fe7b56dfc55990507307386ba82ca8f6340d33769ab1f6ca894bdd", + "0a54a35767a1cc77b2332b04694404fe5a31ed8851ccc2abfa5542b0f5acd9be9b1f02e", + "0577e0a1937172a6d45177c2b328d72f75a08a8a774a31151b89fd451d531348695d870" }, + { NID_sect283k1, NID_sha512, + "5757c472fa2f81430dd920f39b61066a28c870b80e6c96f822f8f19b398c3574d159cc22" + "120454dcd7e97be8211916e4bc8db365b2dbb99a6e597d06e6645046a0abdccbd06741e9" + "c0eedf33cb78d78a540c2a390719acc498331e694e6b0118cf4f787b51c7b7237458a614" + "9d6dbd0a08bae8097e919f970fde920485e9a0ac", + "11504659e12235855fe55220287a101e511d39a627f8a0d414446385d4a88f31507fe74", + "040192fb9bcd157c7ef385d48470c3173ccf1ef9650da7d680d8473d45ab2064a073232a" + "c3014ddf872b711157d121b0a61b88a7eeb7cd260f1f82ec5f62fa2681e28c7f2640e305" + "e7", + "17e10962721f041946bb5ffcce724c9f284b1c8970f974a069c36dd4391adb8cecb8bde", + "1546450d25e2536aa14b8751e3b3e7eeec8a6c1cd967ba0f03e6bfe64c0a59072280636", + "0159c8d6499fcfe8ac7b2e84990a714d7888d883c16c016c4b165f36d62c3493afa67f1" }, + { NID_sect283k1, NID_sha512, + "e350383d04af0f4081bf09b95d1d53040e7acc64e56b13b653df31dd119617b800e0cdfe" + "b935dfa5d94f1d7814688d8ce41021810958759cec76560e1e5c0581456acd1a02016584" + "9b2203f1c11d318d816697f36a86b59f160faeac7dba71682d3c031d0d547725ef69cbaa" + "28345512e38b75ab011911d8924b2d17a857a96b", + "16e4cbabb03215767249ba2a608708b78d7387be9e77f5efd2462467fa05e8dcde2c036", + "040112b7ea5d21df8ce52772a1b76a52ef6f0da62cb7718a467a034618b7ce701a05cd24" + "670649e0ad181437b4eeec87e202d8fab1c240f9dd9b31311284c24d89160b1895be5413" + "19", + "120e4bce412311d3e7adb36dc11d4cc1da8a4b9d6cd5219e772b3dc2b2b8ce08833748f", + "1ff2d53a8e6c1c23807eee681156a146e8f2cc1a8c262850dc69dece31860bf094e7f73", + "1e8906c0bf2a5f922ca271def90d704a1425e5cacc64bc5761b000c7df0f8f9fab51f2c" }, + { NID_sect409k1, NID_sha224, + "f153cc61981a46d8a47d17d29ec157fa93fcf644beb84558db7c99c57fb131dcbc5b6558" + "1ced5ff0b29bfdc66ff703ecdd4290f7c353c02a3e6d6867f33f3dccd1a0b6752b8a35fa" + "143f8921a5078af9c85b212564c5b795da9858c7955095938fcd10c21e35e1abe905e84c" + "8b4bc05f2a06091ce876d9519b96951d08c7ac9e", + "011c6528939672bed3e8c905b7ba594c3ce95f37fb28044f210cccd01dfdb42c10e8e1a0" + "b5d6fc757834ca7f08e98cbc52b0edd", + "04000b570ec1fd09d7b4d102f83cf37129d94c9cf2f982b702c5d1172bae2df558008518" + "493c08dac6f76a6646156f123c4f33e79800e3cfe1aafbf25a5a4536d6c0cfe13a540b4a" + "3c97d4e7bc6c0346addb4b0c32dce089a7a5385e8a3e67606b45e2062c642bbbad", + "027cecbe83853037cf46aa98e1e1e552a96af0bb24e57756d8239fea5d769b51b83f195b" + "7801b562259ee644ab4047764d130a0", + "06a1601e07dfdff9d3b4ffdbff124b717403490853099fb4a00ea98f84ddd64e908f99b4" + "0a2ba6ab88b2491a8d948fcc2f207db", + "0741d27c0dddca3641b56ba1e9bacb0da1fcee46b9e33ecc6990b98cf0db74668ef1009a" + "50e5d55f80e6642ea48689a529c8a08" }, + { NID_sect409k1, NID_sha224, + "258c91524423b5c876432b1930c7b07b56eb5e3945f1e2296a4e5bfb9b9123f800ad195d" + "6104641b1f1970bca553c2032f83d17252e52403a9381c1fc18eaffdf026f7537aa27d84" + "c5e3d6e39e651a92a41139cec5181fe794457f556b390943093be719acd23fa1ddf7ff0a" + "af0479484a381a309b4f681af74bf97caef08c22", + "07e3b714496dd118d8f3f597961eec5c43d0265bf85723b0b9b0616977e0acc2cf686cb6" + "afa6cdc19114e27ab000e762dfe467b", + "04007dea0ceb73b9bfaff7147a36436cfa7955eab02ce7fe9b60dcff3e088c5c9281be59" + "07de3e06ebb2e21dce8bf3ff85feeed50001cfa9b30af20612666e5df798f91eb4647d8f" + "5e1747c1b18adc6b73a848d987434c56d13ad78b775c4096e9f20d4878bbd9572c", + "028a8353c05129dcaa7caf0343130bf2e2186b9cb5ed0a27a565e1c24eb882617cc299d4" + "86be76fe0f8f3c52678b6992288d7c8", + "034299ca2aaaad51f12c90e8205da305523713516ba6e7d245eed8ef94a1b2409b98ae93" + "476aed6c9b9aef50406860b4e490db6", + "01a1adc76c65d77ea686d769dcd007c0101b4cdd0934402fa47dac22f8ecac28fc05c2f6" + "763a6781655ed5e7d84c41157255a4c" }, + { NID_sect409k1, NID_sha224, + "a16a0d6fd57240fe88c7c36b9f7f9040cfcaa9afc4beeb8300818c5f90cce73b819a12c3" + "1d42af33146399cdfa4ed4954d068dbb0f1f342269dd29f1fe357e7224304b67b0f924b7" + "94780fe7e6aa9dfa3380252fe7177b43e7b1789718949b9ec1b943c83ed4399491482f0f" + "59d2cb8050ab6f8b5854d76c50651428cd29c40a", + "0182d1e937b037bf7f84144f7d4c94c935269c9aae7d500aa459a7a0ec113b232dcf2829" + "08eee4c84b8106cd38cdc41db3f89e1", + "0400bd4f1ee6a967123d70d488dbf0fb43aa5e93dee5794b4492277fe559776f74075485" + "0477e275cee9f1c375403a4933dc9869200191a544b98ba954cc6e060ba26a52fecbd1f0" + "dc7c15381004cccb799a9f7960a3cedd02d36fcaeb0ceb844bb4683998d776dc5b", + "07904af733742716366f8ba07086f924697ac8a01bb4895bdb5715081ee89eaeafbff4ce" + "c44eb0ce14e774dba71bb9b091d2594", + "0723b2068957c4f2ac1df69378fc013797a3b071de30b514c3e610002dc8bfced32bd2f9" + "e8f692b653e736696cf818b0ecc1e10", + "058455b8f9abd5fcc28a4ef839ac0245c3feda1fdcbc3c171b6928c6abc931e8b0ec3438" + "2d63e414657e9319d2965fdc9eb74cc" }, + { NID_sect409k1, NID_sha224, + "d02ff569828fd1add21f6bd1c50cbdcd09222e458ee79fd5dfdba3cbb84e9d926fcf196c" + "ccedece77d5aa17f8c8cbf3a9facf0f02c71d5c1c8aeda9d75f6fd7b6f2c5c70dff992ef" + "6e02c438fb3c66da5a503b3c39acbe2a069da457595b542190d818015d462670b0807c40" + "1e36b1bfe05baff3a8ccf8d1f5f8de7840e87993", + "07ed09428f460724c8a5225a31151e031d9949493fff5703369c401762345d002c4ce424" + "294baab22d9e71edc4f854510cf0e6a", + "04007fcd003a8cde5503f5582a42738738ac7efc6cdb3813a00c072fc114006be9881c0a" + "881ca35988dcfb8088f3d07a03943cf23000e7041e666c1bed3b80a691ecff60ad4afe3a" + "544ce58030bbbcc130045e2c611d65f322ec78aff6757cb5df8ad54ee8a09616ea", + "02828c8c4bb1722b0f03262de32ca8a605c4046badb20d8eb9f19aecc5c69f199aa48d09" + "b61f285254425cb4bb5e0763dd471bb", + "06c99d796c5d4fa21c5cb7cee0b7570edc9d7e9d7c3604f5ca3766b17e44bc71d8a74ac2" + "68b8713cc2ea0adc3dc1971c062b4a1", + "075962e0ccbda2280e502559f48c8d37704964f67f8cd3b443b89be740976f1bd929c175" + "560fc8cfb282661c0fa792a5b200401" }, + { NID_sect409k1, NID_sha224, + "57befce973b225cfce7f996fa5a1a43acd160681b88a87b7de04544eb7b6a719718f1ca7" + "f559b6531bfc18fca3836d2be7f7a6e48387b7579a6845796d30e46f0dda9d82680f8c96" + "c5f0989741adef9762c3db763cae2699cb6c112543635e20ed5cfb4b55ca2ccb32d2d139" + "36085a8ff95ed658a54be73f80c912ccfe5f0ca0", + "0390f05b9619c27b800e99aeaf61ef7f6249367d5cfaeae3c7b523a8b29153eb8a77132f" + "6c4412545a842d6deb7b7aea7e2bda5", + "0401cbcfc492a2a6bb8a7341df67ef2bcdcd706afabad5e7ed1d63387ad9b0dbc47ed17b" + "82de6de936752632e43c393a93fc5cec0e0111768994b2dfe9677d9dbc45d4b55fbbafda" + "aa2b2638ba1605c35301fa557d628a87d0a7febcad9f8eb4b51fc9c807652579f6", + "00b8d236a9f8edba7b5207b4c7848807b933b214fa25cfc5a0e73f750d30051264bb9f67" + "02837b0f65a451d4ef24f047ec4e9dd", + "076bd4755427fda22a0f177624477c59de12a12621aac274b980b5e1ce5dc700591eec13" + "dc5bb48c5c8643de287a07a48a6a7fd", + "065a5b0a00548bcd7f59518f122d79c7552ca6097f3867604b462201add5f326807f0e87" + "79f2177f277e5ed25253885ca81220b" }, + { NID_sect409k1, NID_sha224, + "4277ba40cb462860ca722cb4ee71c61836d2ceba18bc91f3fad7dea478972c6da0ebc028" + "15eaaada1d1a5e93d7ab353855ccfdfc94a5742fe18daee2328871e06c1ab0a9a989d123" + "9df2d2d27f96c415e7ef9a941f06c6790675361173cc229aac7045f49eaca207f59c4976" + "19ba32e932b5c1c6576812ee5b146e2cc7de5e62", + "007d18652732596add3db31f7a0ce6020d03f3df58131b0c7c633faf619b8210cd309d6c" + "0c4083aef1a1b6d2a756adad0bfe344", + "04015ad0682962b4dfc8901a0dc77d548ed616286733cd9b3ede937cdf4401ab8b3e3516" + "d466ba43b6ab5356c4e72845767d55d27c017e4de3288ed44b48e7c47b16e2afb513c976" + "3d5bf4cbf9a357c128c94a758e3ff946957df461531def2b8d8411b81f45f0c2dd", + "01a896c30fcfdbe583d6b0119f467f47758ee01d4d601eb698f444ed0f76515c2b8053b1" + "1ae7abd0eef7aa61145a53d12d560d7", + "053b1cd57dfdd8d1802f3e295e450a155c366bdc2bd222d18a4d08369c25e53f1f633958" + "b22d80755ecaf8362d548b28dff1ba8", + "069339fc6058762a99576a96e76f75275f848102bcbc281e59fda26c98fc48a3f1061755" + "e80740a233e03287f510f4549bb1874" }, + { NID_sect409k1, NID_sha224, + "57ff6792ed4b12220d179bc0ea57ff217f322c85bd3676a681d32d7e4a3e0c8e891fd267" + "df17caba5992f68c35ff670b60b4bbdfff82404f6ed996c30539bc395120f97d4d7a652e" + "aee82bd8f9360bf8bb73748b8bbda9f9480eb54f7eaf2609d4259329e8a5ea020521e7db" + "d3ec56f23c849932cbdf2875f5d5c774a9d6b0c9", + "02a91244ea4623b63403dba807d60b914ca3b901a2523244c322f2f11251446d3f15e869" + "d086ebecfa1a39ce304e8b5c8de23e2", + "0400b7ad8f0a52ec21e54e28ef603d76652dbfecc7dd2427cfaaff3d280f0d1f62187d77" + "effcb433b5bd44c3d0c0d26c38d3f5930e0080641bb0163130be4444f79c500ceb8d6a9b" + "2cac42d21d31b2fb29da075bd41c6613f278944adfe92d3c99d494be9d4714e9b6", + "070125c89a1262a88f22e874c55ed149de6d961d6abaab2d13db9174e3cecb8f49752995" + "7058a0afe5361ddf9d3a5a3b923c7ef", + "01a28cfad13969c6449e5a0f879e01ef7dc1cdcd0bc77d20f3989c588a9cad12a4b52743" + "c12f4f6e2154ad963bf234ec96263f5", + "066d7f0b364a640c6c620e3d030448d155cffc9ffd46a6adfa1c13e1b01892463a472446" + "5aba3eb07009fa604f3af18109cb72b" }, + { NID_sect409k1, NID_sha224, + "f85113eda64478f460b60f8084220134933de049200a5f37884da7901471542e26690a5f" + "abc3cbf9e679ade71b6e54d869bc136c3d34cc4a9efcafb777abf046b5ae5429136112a9" + "a36a475121eb1f33f1f43481286fc1ada98a41064a1fa38c89e99a93065bb2a119348a9e" + "452497fd5a0d2b83a66b09da9f47a0583732adf4", + "0068c56c6b5d50d1d4e13d3837d8c5e8ba2f825e121b63e97603fdfe78bb6899600ff0dc" + "87b6b3b6868ad0d2f62b7b7a31603ff", + "0400d9a4f5992308013573f97864c23b98d276975d80cd6455e9f0d8a62d6674f3aee3d2" + "7dec15903da4e9d5908cebeb765ee02c80001f61189caacb05dfb982bcccd603a769d0e1" + "be8f9223288b5426e7f88854356fe825f11a88918085692f33b0f4c61ab09a861f", + "02ea7f0d81fbe3d4c865ff5315d1cc38f9e9a8653fc91dbdf445b62fe09b30ccddf50878" + "3ad87c8a48a6ccd5c9e817fe2977f90", + "02d7847479c16c4cba834ce5962724f185be06cc04a9a8d710cc72e6063a7b64fbf2694f" + "5b62de65d3d347d34c0dbfd5a4d93b7", + "069e32bb19d20e873d0e62b306db4d5663576e4b2fe75e8ec79b7a63f38c8f1007a817ce" + "30612e8578d48c63b04b1d34904010f" }, + { NID_sect409k1, NID_sha224, + "42811e9ee6dc509572e1cddbe5baf00afeb0c5c13e3755b922eee9e210001676082bc9ed" + "c3d78db2b5bebea7a2c0cd2b369226c2b8f83b28f33fb513407ab9d287d14b112d6c3be2" + "493805ace5cf6fd366d03cfb28f4ce3f0f060880db64d6962e997463ba7c05b6fcd1e66b" + "abe4b94afc5c2d38c7050c69571d27b66ef0090b", + "03c88084f8b78446db431bd6e240a0c050813d2a763675b0ea869cbe183df697146cf29c" + "03479af3d34587a95cd257027fbeed8", + "04015a09436de00d8d129e297ea60e04b704c0a8183d64a77d1c527189e25e21d6bb62be" + "8ef5eb2dbd833e5f9c7d5c3e69c9c018820001c32ba376d2e9de28fca644b0d567ce1f4e" + "f0aaddb2adec6213d03bc8cc99f9140005bed3cb6c3c0f5533275734aaec47404c", + "0132f4763959863a32919eb591799ffb8613797bd0b617c73654ec9eb32e2fb86631b66e" + "28e1b4cc4aeba65ba8c75aa1cfacd73", + "05fe0ccbd430d9459e0093cfe2c1d1d3edff8c1ae7111299d2e04f414c46ed2cc88ce9cc" + "9e23e187e87ef551de993f52214d609", + "0557acfe6347baafe031dc16032c45559693e2793d9b6d372670b09757c6f4a3e5ae5e55" + "264137d1859c8d9f8f03c25de409bf9" }, + { NID_sect409k1, NID_sha224, + "b38f76ede7441ae0887e689d556f43155b38dab7cde487ce9ef9a46f2957c830d4d28006" + "873fe2368197a6931f6fcaad755102686a457a7edccc8d344e2d2a9162e3d71d41c09a02" + "2539ae6d404955a6ad748231aee1f974d4f159940532fb3b1fa0254bfc5805d2fc686968" + "56fadea386c542d3cefd1be3af04ca595e54be25", + "051af7b63bf3297ae20517faaa1552f4fde65819dbbff6a52721611e5b7dc1242ed6e697" + "68cdc37ea8cdfd1a5971f06b84b5803", + "04009cd1280a2a79b182ddbd1712dbfd12cee3345a89636d7673a5fc3e1e51400603176e" + "27d538e90005625aacf5cadcc8a8c25532008b5aabedce498476b4c65ab3cdc81f819c2d" + "b670a7236c0357a86f9087b83e7568cc6e5139fb92f81975756d7dc4f48be87df2", + "00bba308a3eee9e3ab6d2482bb728bf44cde9eedde15af7300c57c2c1e6fed2ee4e404ae" + "ee3923e7871a2ff4ba6df64f9d01a87", + "07a9e69664b7b81edc5d47c014696d194b2ca4705b2e79af692b285ec476169d041dd9ee" + "f20f7d496fc49b8597574d2602757ca", + "01521d7cf6aeaf1c8dd54a7776cfac02967983083770346d9768a2629d606be90d58ea82" + "377413a0fcc3e4e66f05a0d05d933ef" }, + { NID_sect409k1, NID_sha224, + "356dc86cef7979148e995fc5abe2b14a7d5e4e42c9b3509b4363bb80c581a66f4e7e4aa5" + "3a4bfd37f9a7eccf75fdd726f348f6a3f779e6599f61bd1d668517f40453b39bcf35db08" + "52a6a6218198f52b7ceda2ec55fca5abe8e5d93af9a42b9ae4de9530c5870211bacc27c3" + "9aa094013db703de2fd3121f08d7e97dbd4e8946", + "03d65bdec48972d03811b78150a06956eb22d337dbec5416bbd8185a6322cd8c0ff80002" + "10dbd1326422289071cab65175f5d10", + "04000c9c1bb0a80c4b4863d78003e21ee60fc553ff72968c165f6eb6940250a6cb7d545c" + "6aed3760e42370df79b0d37c2d1433c486001a9d994828ac09a86c18b9758b3f6b91a577" + "5931a7a6e4d8b052204c972b993a3b420eb8ff7e91df77253a9f5847c5968b5636", + "0156d12708324cd30037753c78225d183723d3f15930f23bae854f121094bfffb5d7dece" + "1fca93bbe7457a2237760aef3db8e3f", + "071466e80e2a7cd8e6cb6dfde259a08619f880a71899c58bd4cd33c29f7b321d26953372" + "0101f2ef70f5b8e8f05c9cbe1ebc303", + "077330e08712ad709f855d92355cfb7d565efd806c6a853712916f7c943bfc79e496366d" + "eba79ef7491abad23086db341f339e5" }, + { NID_sect409k1, NID_sha224, + "06fd39a50bf25e89f1071ff81fec5d1e35b6dd68990414ee403dfdebb792627b6a4ae3d2" + "236c159e4441ff90b61ec87b1592c538515f0486b19e58583394a05e6411e69b4285d6d6" + "589982ac0eeb2c912c4948789cad741183663fc070943389d4e9a1150b8f6088fc506059" + "15e9e24b2d98a1f539024770e4820e14ae42ea8e", + "01f1a8b5f35dbbf82c102df550c72216a243f986f0325920f6186a16d1da74228cc02be6" + "024c7411160c183c923c743354f9438", + "040157ae8d90fe2416f70a7ce0669acdc0b5064ba650cb5416e59e6672e45b591774ebb2" + "f793c3a58e953da1ac08272d0b949e7b50006d49b9784f8423812967b857e25dc3af1312" + "a6ff29579f6acb6e155b6848ffac6fbce51bd2d41a22ef955f690e2487a4bbff00", + "04cc45e00847818397c6abb3d176cb8bd77814abfc253e3b0d799dff2c3e09a5195ed5e6" + "232873f2783c8e670b52a839e06bc30", + "067b418a5395216b83ab00d5568eeb62ae0693af2b0e4d052c6feb70562dcc06ef852002" + "687099dda114477871b924775e8460a", + "061d1e4d713689b2036272ad41571759b52a78e0f8a84d1f3a277aaa33ad558f0b71f3c5" + "a99d403e49df1afab66059db20f9f32" }, + { NID_sect409k1, NID_sha224, + "6daaa41150ea252a3e966a338377307d909b95080e006f13027f2be5059d9208930c5a32" + "9994c0b794ef50eb059bc6c215f68cf42260bd410f9bd86d2ad5ab7179c7c92de4a93a5f" + "6aa17de5aefea815e7c0b78a8cc53c21dc4dee037b29c9df4e12343109283ffd5d8a3b81" + "fba1b5e95506c7e01ac056c86dd0ee23bc21af0a", + "031dc621200cd174193d95e9092ffb86189c52cdbb9ed937593f2cde7c4a0264b9100e1b" + "8407336c8dfb5520d28a18dc4e39a89", + "0400904bb904d50bff09bae5dd21f425c808b41001ac917b022f7e1cda6e46504781a69b" + "aab4a6f0f100c4fff9ced26f871159cd30015cc300b0efbac707635c72bf855de4290f1b" + "8b70c16f9bd0cb771ed5c760ada04d0ff648f118d64e0aff6a6de16def15cf7437", + "07e32b1fc1cebeec3d84f56a67c8ea2b78723e7010a725ca4745e849e573e8e4a4ce11d1" + "af4ee508b80fb5336de3cb53161bf44", + "071cd81dfbacbb67be5903cbcbe402c0420adfa9d14148bea600b178fd06278572d34eb4" + "6d857085a2a4f48cd4ee9109d607dae", + "0347b1029e67a6ea2a45af1f7410dc951db813eabfd3c7f3e2c294b81e1c54fa8c98569e" + "fc580b68007bfa316424ac6eb353ac2" }, + { NID_sect409k1, NID_sha224, + "6378dd1c12c5197b57d47dc46a67949bdd1e0809004e94d49b0234126a08ad5bf8723ebf" + "d132145813136d8b7dd096f56c34248f09a65c34f60c2f80f9a51b3795f3d2518b11aaea" + "f6dd45a323794080b78f85d629e5fa719b6ab0b14c78cd908befeaef0dbfaa08cec9318b" + "bcb376d48b11b68735c9554a45293db5e9239ae1", + "016e6750245a88340b0f0665b890459f8038e9b1366f2fc1326245a88d4c523ec94429f2" + "1869ce3dbf75126e58f77241c99efaa", + "04010184fd47e8e1e4d534ca1cf67f15bc8a80921b07e251c22eb88f25395e08d7a92837" + "74aed204fb5c14aa13c63a94ee691b4ff401252ad972bb8c0b286c222f42f7d42ca6561b" + "ac5e517921bda53e51043f13e711da8a813bb6880678e4d6a16820bab819d62e59", + "07f18539d00152f5b9a75d4f114812b87024e8a8f9c9a8d12139d0a74d87986f4305bde6" + "0375918ff2dfdb88b6deda640e17364", + "0735a15e7bd1f69f4e90739d42ae239a8e9238ad28b63ce291b57cb5b99922fbd5dbb7f7" + "4fcc23117243efbd036eded6ee0f28b", + "07bb3dc77cdd4138a02e2d5fd4f6ff8516b4c95b8255c629132ea8705c399fc60f8fb660" + "ed3aae52db283aabc3626a5559dfe85" }, + { NID_sect409k1, NID_sha224, + "b898d0f9bd80e083fa541f457d14d853bba55b120424a95e1d9511c8833f48444329e034" + "9d68204c4b4581ef1c4dee23ed0a4445727a72e1e6cde422f7c10ae132a3fe681f9d741f" + "da263e73f7cdf10759467c9d76164086abf6780ad474772771eee22d195339bb8f6235e0" + "d992bbe282b13ce4fe01417f507a2c4fa155e108", + "0788fabdafeebb72f6385301e30024b56639e629a400f9c50d402cfc9b5817844f06a451" + "fbda29c7ece41dc9ffcfc625fe0ff0a", + "04009b2c36d221d18189e1617cb2f2ddcd64cdf8a42ba6acc55f04e9722b11588f7fa861" + "a3940820d9dabbab631d7fd4106c60f37e00da099cdb10dfe2d7c0a16ed332b459e7be31" + "f44b0b2d595dc948f0b073ac4e439f24f215fba5ed50aef3702731d6561eee1986", + "00581369aca680beb705f52b6bef075de83ad29034c3d6b2949b551a0bbd100897a079b4" + "9d41d5030e1a6950fdb14d70dbbdb41", + "04f62415c99c8e6750f9c41c31cf050eb58f61f62eb0b0023d61dfc30e7879d4f5a87e88" + "faf55522631a29fb69d16e15c354323", + "06df238f34b5ae664860b43ea11defe3120591cfa371367096006c03e83d372bfb70da6f" + "789665136b7dd1c59894a2fc5038c4b" }, + { NID_sect409k1, NID_sha256, + "dbe04561ea8579672a2b3afa94426a3cbc274b55263989d41a778bcb082da797d84d930c" + "a847a481789524940701cd5f1d11b460bdac0bffb0b3a3abe1ab689c519700de85a0a571" + "494ba0cfc3c865450eba7a9e916b7fa9df55e8a1c246c992e6a0b44b78274e008472bed8" + "d8411633e6520e1a906c5d0c8aafd572fe6f1f64", + "01b8dfd64563dc219d6eeb53f2e3ad1d771140d0960b211dc1f757af5e297dc7548d6133" + "ddb574711d466688f80dbd65a7bbcdc", + "0401ec530638ea0663cd3a9b237dd66402adf50d3094391f2343d7d6c52c1d14145c2454" + "64a3b771e4b1894462fbfaf440e53eef7e018349e244b24c8353811c29a60d8e02caf195" + "a424aeafdfd0361846d5ce5eb83da1901700f00fcb85a0c2543b49a8a3ccbac157", + "026a26cd09c9329cd45ceb4c798846dd81af67759794f5cadab84de19a835f8a0ae49b12" + "853b1e92822477a73891f85acce4216", + "04d83a5f9dad246717135bec6e386ec6b73be9ea6d1a17334ea2003a723d510914167d13" + "6254d6cb64b16ef7eec5044b8f2ba28", + "03e81601d0c66b507a491c530075edc5b09d770633a4c2355b3b1c7df9b200ebc7dcb706" + "be1696aab70d4c6e1c4a7e532284670" }, + { NID_sect409k1, NID_sha256, + "48a8300820fea2ad83c83f7d6b24192715329c3f159d56644e11ed25efcbd3d31600a813" + "b909812987b97d1087e74a63b4494cc031c63492b6615e9d6e5b36f62cb2ef88b9f73659" + "5800de465789f43811165a5fc093ee6d776008739de8de2a84e878748641be8bd52e5b89" + "1c4145f52bbd46644852a43108e93d86352b2a3c", + "0422131829608ff730c24ddf7e8b4a2600eaa9681eaf45432daa7d41fe2fb488fd0199d4" + "31a1ed823801ce21f4f01a4dd4248ca", + "04006ff24eb0ab812303bdc9a23719caa789eb75775e686b9511bf6e07d60447d1601a48" + "ae7f3041cef5aaf3ed2adb6feb422fbc54009a351fdc9422a81ebef5407d0d74b52a348c" + "af3cf6e1c6c2af722c408941de154619a1d54bc23a9dfc0c4964f3936d62daa6a4", + "0313ec63c34ed325d770664aed3bfd1a16eb636516eb686e806b0acf6f0d117998b30fd5" + "2068a36f03d0db3ec13e6989c6f196a", + "0088167f96d807bdd61e65fadaf0c56b623db42b831909d12641e4d00e7bca6077b36cfa" + "759fcbbf087c31f294f20a09e0bdc96", + "01cbd06232b4c73cdd13208dd254ebf9351745ee6196e3a94b9213e931f141e4cc71f3d3" + "18a67e7b8060e11e88783fca0be41cb" }, + { NID_sect409k1, NID_sha256, + "276e3a986ce33256014aaa3e55cc1f4c75fe831746b342eadb017676b0cba7c353b3a2b5" + "54522c12e6aeaf1364cd2eb765a404b3d0aa61258194a30219d76d2bfa98ad20e7e91756" + "cf65e50d7914157f283f2ba3930c0ad3a97532cc747b1cb9c806fff497f0322025a3d02f" + "f407fc7b5808585b91d95523c9d5864efdf7d983", + "0095ae8e4c7e55eb5da01acc05ecfe72a4dcd8ec152f1c8dc165014f70eb4e4a7861aeb2" + "b96c418b2d4db58659e76184e013a49", + "0400a3987d7262dc30e8ec11458ff7091ca993bc61f142ee535d544a2c88a47f96011076" + "19617a5e65cdd6d5e1a034aaa22304434201fc8af29d5134ca9baf92041b6d6aefabccac" + "a4013c55c1581ac05db6141290235ea09650a289907785d282cef1b9efb381ae66", + "066015a77c99015ed6983bb379772bd90e03b9c010e695853ebf8e461a20fc12b20bdda4" + "7eef856f162dfbd9fd4fc1ec49105d3", + "067c49b96e5bfb6a6d625346c3ecff13b8c8b7e59c764b73b256ac970aa4056460000e59" + "9a8195f2d235a75cee8e5634acfa7ed", + "03ce25ef1af0784645f0579da381542f5b8aef377e5b79193314f84853e2a07a4f1aaa4d" + "8210f3a3c249a879cfa3ea8af43a929" }, + { NID_sect409k1, NID_sha256, + "6a4fc1827c3a7256faa8ec6a0f3d23559d6949f8cc20e7f76111dc4ebd59213951cbf0ea" + "dacaeb8862d6baa0cb298645e4314b1c303bd0d5e9893304d4b7fbd36ab05fb6a5edc3fe" + "f763e3a4124d61539eb616b359c5cb55b5e2bec50c91dd95fc39ddf521aa854216eb5a70" + "7819fa6f067b316a17a3b146e7cc2dd517f7d63f", + "006f2075bd730f34df111ebda919167b1d3358ada32cd6747cb3353bcfb814a77ac70cd5" + "1b31a0e538539453bf9eaf9d8b384c9", + "0400bbc153deaec0bcc36c03d24afd20dacd9e78d104d94c279278d04b597ccccae43cd3" + "e64c9e1e58fb5408f376dd7827ede9dc3a015ae0d803acf12d9d3fd41f74357b1c93cec0" + "480f2e586d0e18f15e569d27d3d106e192ee0c1c570351eff1f463dc07d3bea933", + "0314330098250e38145d11a48f5043190c6b44f8572ae57cf83b1f3c4c03ce38b90ed5e1" + "57464c2613c82943d78c938fcde89d7", + "0160b20c370ef4b9cca3f7dd3c23f70efe6bd80751ca021731bdfb0f45ae07e5f2144c77" + "795aafdb0c3a92ebbef75fb2d334dee", + "045188dd2402ad36ae4278a9910648ed5e71d64737651c133aa89850e3bef2207d58ba41" + "69e471a4737962f5fafd50a37a28e1b" }, + { NID_sect409k1, NID_sha256, + "4b088199bd8c94775d8ee508377d672dbf50f6d2c7370e99821ec8f9387492fb2eebdbea" + "473ea18465565f79e2af418555f10c4a527e05a9e20c9c00b807dc8b350cd4ccc2d87e91" + "f66addf02ce4f43597aa258ac6fbe9365cc2c8e8bbe5c884abc929710e8423cd6722a8f4" + "73bb55804159a92a3d8b6661a536b4fb9293bb0a", + "03887d284e9ad17d38bc6da9d83c192a434c509340a7f233cebb032b09ab7c4c6e8730b4" + "a80844898616c9abcd16b753c6bb4c5", + "04012a6d5c5690ebf14ecfa54ac97b73e88e16e757c34c6bbfdc9a3a119f298860d330af" + "295756dec41eedeadc5257b202451faa06019f40ff28bb72af659d5319286fe21f018199" + "52d471ce2433ade745042a47c2dae798199c364ceb99029c2dd5cf57ef5daa2b00", + "035945b45221300f83c5fafbaf0645a7386e209d025b3e1dc367819728f630663fb732b2" + "51a019e08dde0f64dd3f60a10065c50", + "00c323c86e8cc548123d1337936d4be948bd4bce4631a2194c2bf04e1fd714df2c90e368" + "1e41a21d58d9567a5df9fc478dca8e8", + "0493d3f4d22cf8517c301f15bde52cef17c05fed2482f3ef15cdbe32c5f0975e054d45b1" + "3faf906896201942f29e5693bfbb229" }, + { NID_sect409k1, NID_sha256, + "848a13465ddcfb2dc14f7bc0db0756832c22dde1e31e4d8b3ae0dd1aafbdf15e954889e9" + "5d3bdfd6e5ebb6171fad62592c23277a89e8ba53978c9b1afedfef7e1c3f6d9f31077530" + "460b47834b30bbd84a4da601be988738aa815d3d7e72043243a5288751ee08b4815a017f" + "b5d9bd55833698a0d526b1ed79da35ef0fac93da", + "02ea5430610864257c9dc393c3addcd0d8d5bc8aab1067643b08857210464428aa85cf1a" + "e6c743fd2682255d4c8eaa46ca21e73", + "0401e502d3f47823ac7207861855fe6f6aad1fa4f2149bff2643b079da23fb270599f744" + "669b3c8ceb4cb0989aabd43d26d93c814600cdcfc138451bb59f34dc82b8128088b5ae0c" + "b8a77dce1895d5ffdfc8b4be24a206b9856954508b82b80d0163b276683489074a", + "0426b90275d720d19c6ef5c8c74c568a636257740530e3ad10de0d518c4eaad8bc58cf45" + "06cf5cdf7f2b03edd1caadb28fa3787", + "0123ad87c094c4ccfe4346dadad54a6b1ee1bffaa1b7b9094fe2e6ae785a2b77ce3f5e56" + "8e43e8b7fa997206262645f56078657", + "00d56cd5cc64736ff7ea0d9840916b1e1c94e11611f93b1b11c2ee98c79d92a8af1a560c" + "9938dc4bdd0b84252e259ae5669d1c3" }, + { NID_sect409k1, NID_sha256, + "d1850545c04ea65528849973c220205c35eae98826d169348970d1420b4d872ce233af1d" + "aa9e62f6a562544ae3a0633a954a493e9766dd5d87e47486559fdf86229a7c9e1726de21" + "895abdcf2422d438f4ad98d88b45c56742694ad5e11894253270997c049f0f419842482f" + "21c792fbe5613e2defecd485585f1835b6f4c578", + "062c757c92eaef41f5d81169ec4968145b5aa2bc1d2a3a5fd000634777748ecb93677b3d" + "a12e3be33272a8f0a52300f4a5a37c4", + "040139660fb8bbba59e8f4e95e5ee5b97227220f0e1b293901fedcc6dab86e7c5a9d20c1" + "a097ee2e926a934cce679fb8dcd8d2ed6c008ac510ddf735184e8fa9693da264194fb78d" + "a5d1cdc0bf5faadb33950ca191fe233eb8dac8adcbfe15b4f7c09d5ddeef6bcd1a", + "026868bf1764993d650aaebf117521cd146ea20067cc14a5843f726a3d68e41c3fba82a8" + "3d406b2275b3459748b3bd1a8d32f1a", + "05b17d13ae4d9535d062a2653bae4d15b9b859a87c33e175adc3ef04781bced888f3e93e" + "9804b2251a40b9344c0f8c6bd5be0ba", + "01ec3322c5beba4423b13a0528c71739a6b39f7b0e0e58a8274a8386167cadef51e5560a" + "3e9d97447e3d3c06288459fe6569345" }, + { NID_sect409k1, NID_sha256, + "421c9784d6fd507c82904e1054edf9bdd1efb58a0b211340086069ad38b7b0dd15c2345f" + "a8767ef71254ed1bd5c35f742b1d3f4765ff9007a5477ba9e5d3d5a5cb5fab4efc1cad73" + "701d4776c6c4343f42b5d94a9eb78ae428dfe5fbdd8e6ece09d5b75cf4346cf27db85635" + "2225ab04e6ea56661554fbc39916accebecb3935", + "048a313c0c11489939fc0cffc6ccb9f179093c4e13141b92dbbaac441b7ae878c9d41206" + "6e95615174a24692555cbbe904a14cf", + "0400677c2d364fa86b8b0c79af754e675ea3e806d5583e62087e01590b824d2730e31326" + "591167f02bdd29f8178787c4e1ba9d249600e7f78c423baeebf6defe9feb8ada8874ceca" + "b083ca2e71d9d8a3fbe846eda69262a1f5b4a3baccaaa4f2cc87220edb1fa6b6bf", + "012b8df87dd935775b80c62ed6c76974fa5772939a9e7372cb74e033fbae4f78d75b8bfb" + "b82240cf91009b5bef4d63ded04cbc9", + "000590a9e8de60b5cb181a1c11c2f6115c66b05e71e0c558ae203ee18e54de68016f4c7e" + "d2f01cb0cbaf1bdc45218c0fe2b1552", + "0521844eee9168a501e235de5fd19c84f052445fb0e68bba687ace45d8630070ddd3b730" + "34d1d65788a51acf91273fd187a24ed" }, + { NID_sect409k1, NID_sha256, + "7910bab15b6429947655e33a67f41b76f1d7b71534f8904d6a0472c2faded038565272d0" + "b5f51aa915e0d624e9ff48d50ebfa2f09324864f26c29ab73eb39b436c5c459c7cff4d2b" + "62992e3489cb4ddfc05d7366b161a463aa1b782641d93507de43c8cd0a0a0a9d1c644f45" + "54e3edaf7fd794248110ca9387e73ae5d00d299e", + "046e2adfe5d3549e1e6fa1fe69a7cbb4ac9b111c8903d544268f8318b0b47d4b78fe3e56" + "eb5e639ad5382e7cd5bd4b2c3e70ef6", + "04012902439be50c97aae7b40328984934d6c843415f76f3821c8e8323aba96ee41359e2" + "ce5ad3179063ea5e2c7deeda4d728d585201eb59fe96b269cc973b1fe1f3720aa9aa6ec4" + "cf303c5cccbaaebe6ef7c9f5356ec5e76b26b09479d9831d9f5aa41ae1d61f4c47", + "031893aef1baee0e21b50cff7002435b058d73dc4d8301ffdcf1e0c315d18c2b16f282e5" + "b294dc88369b25e2a1a19abffb578ab", + "039281ef10b9a2664b755a2db67b3c410276a424edf7681a5c97244eaac5826368a8095f" + "1b9b76f8e490e2783694d5bcf3565ea", + "039edd50721dd35d1704167e8cb609f309b9ed73d3c1eece181f9582aabc647c5ec8bd25" + "8e5802fb0647372e4c3929cf59ae2d5" }, + { NID_sect409k1, NID_sha256, + "e6fc96e060b956c25d50ad25443f3c30a12d199a47451a49ce88307201dfb15ed816982e" + "8888a28daa92eaf3c5584ca6ab2ca9e14577f84396de2e0ac214b24a2279f5e7b344fb73" + "87e9afc8f0a2b77a4d024a20ce6183499b17096947444bbb753d9b39e5c694239d28f9c4" + "54bb05468d17ab564ee6cea3741747ccb7f108af", + "0480103fd6180a431c837643566706e2b9597de0a1346a224d176a5b2c54aa4d064418ed" + "654a5d39f4773fb509f86473ebb373f", + "0401d39e2772ff3d26c5936ab347bd5a2940ece42b1964f030c59ab453acd7f44716ba9d" + "88f0828de1a4e730ab27fe1859915818c60140b1b66b0a87de29ba2cfa799d944b3b898f" + "e7ac43de68b01fb41464506e2f014e0d11bbc0c24996428c93bc1a5ecee5956bb2", + "06e9bd0290548d35168f7db7fc292bc161a7710b78ac49ec6a42c9423afea1310597e597" + "8b22b4dfa192489323b2317e4714d37", + "055dbf88b6221dff098345226d59d396b6773611ca6e747d26d5d758760d830693df0f5c" + "602859f9caffd0dc3790dfa08c527c2", + "03e679447b622c4b06871f2337f5a24150e76efcef9698c6fd463867508e9d7b803667c3" + "2989a881c98a90998944c070aa58b17" }, + { NID_sect409k1, NID_sha256, + "c8a8a0d41f35537e6fd523ee099eb45e1ad6ab54bed4d3e315e20227db03292e39dc1a91" + "bab439c0d20e36e7fea6ef08983f390a6b5551ac3b4f1895220b2867fab95552cef9bd87" + "02962839bd9b2c72772640e7d3be3c5889d226acbefdcb448432bc503e5a5fe7ae9ae769" + "6c720a799f9882c64ae0385f656074dd8a6821f5", + "013c489e8311c6bef02c8f58903b2ba2a98a27cb935d75a30d320af9a14fa3cbc6adcce0" + "9235a9eaf333dd05f4b2f1694985dc4", + "040046a1c0e7753cb499d19b2805df770ba54f1c6e03611c302c73c72902867c51c1cf9e" + "d154b8f30f72002421029de7ba2d8fad22002aef9c34c7c8216a805a58dd88185f404930" + "86213cb4c85e4d226bb5e892aa37be353d9123e9900f8b0790a43d55a19d78c48a", + "0491dcc881731112ad5e9e1df459c27381a7bf8270f97743466e178bf5ca903971b362b7" + "3fdbef8a75d4292e63e225396c7b32f", + "048425b76147427b8b1969bba3809dd70f0fda24cfb0e92509a7824f027b61cd38441a69" + "1efe213f3c331da8c82f94bbde511d9", + "00df36683f22e9e86c88097d75409ea297d391550440e4327f67b7af1b09141a0e7a1db4" + "0c4b0bf4d60376a6636dbeeff0b6b91" }, + { NID_sect409k1, NID_sha256, + "3407cd6d2845197cd7414a30fc3df7184da204222ffd65c4d16a12cadabf603de8043ea1" + "4f5e6ddcc22d3572dc06dec1a23cd924e1847ae285ecf01754e2d1247876431eb98e897e" + "47412a2330bb32990f9714122109e94b38f82cfdbbf2eeb4c6f88f5dbf9f0ccb47939df8" + "be321dcd9bfd9bb99cac9f94885fee7d443fbd87", + "02419bd2200f8e1d87db848b0379741685e680d9affe693eed49d82931030b6cb05d21a4" + "965f4e1df2045c8513a8f574ca9f2e7", + "0400641a6ac72455ceb142e00d6854acc5f8b86db7bb239a5054c1ed48dffb6d050458ff" + "ea8adb68613ad3cf5977ea7330268abaa201a954ab7d62796e5aed370285d3bf91ddd34e" + "ff3b995d04967db41c2171cb2157d85032c998795ed476c891702d63ff0108f45a", + "02e9928f427a86c4491a47b31454ea7d497435af81c07bc96fa61f4507494fbe4ffc1fff" + "a8faadc2a44c7e69c4f976661750f8b", + "01e8ff4cb8c58fa48aaf61488cc4118df90e8c06cbd88234cc920e5795597ffdc0ab967f" + "a7461082a49de56f02f84cd9d564316", + "06e77ac43fc7af3c126f997fe15011fa87a27479fbd5af48e28ccc2c1bedb6c0695291dd" + "67beeec3f17cbfecefbea46b6325fdd" }, + { NID_sect409k1, NID_sha256, + "ad43f8440071285d01fd79244907803601aff4bc5d14c77483a87cd742144d41c68269d7" + "6c9a83c09d2178bbcbdf99f927b378497ffdc907a75a3b0ad019e69758dfffa480871eb6" + "e1e17c8539373de611a557fad120d0bd147f8debe5f09a02e56fb607e9c1253ed592071f" + "042e42fee39775b407225a2b86a950d81bb7d7ef", + "0722951879a65bfcb414e11712ee9431eeb32319e0ff28601112f89276ffc2b96eb65c7f" + "d77d023f09914a53e2aae2c84652bad", + "0400a0304caec1b68b34c822a2a031145677fe515dda977f6932ea2a3291c6bb4fe8f297" + "b7d3c632f9b3806a8cd26e32403c27fc7a00012d4c3231898a4202f3f251802c690353ae" + "9cc28ae5089e259149bce444d31a38927dcb42ed613d4818e235884749057ebd02", + "0331611e81d3e6e3a24cc829c1cb9087a8c6f64c286e5f1acfb1ba764eea5ca55be544d3" + "cb95fb98407fb6c8f9eb1b3f7ae7386", + "056901f11ec69f91b31f7f41f7856752568b7d34ff3af1a2259fe15ae0b01391eeaffb62" + "9976525fce5d182663b7b23a8001bb3", + "04e89c3155afda2e64c749536392554cc299b70020362e6701e3a649f0a63ae5a5da4efe" + "d5c73b5e8098c0cf47d6f4c45c6fab9" }, + { NID_sect409k1, NID_sha256, + "d61a3765229dcd0b4fa6c57280f851ec2bd54d3ee2436935cd6d94e0120d0844adda1639" + "95fbc4cd9d7275da859ad8ebf30af9efbdcfc31c7c9ef42bce9011d37cf9d15fb018e117" + "bbc102f7d05750e5072f73d02c2f45509a55627a78cbd9082cbf36807759d1fe2ecbb92a" + "b30cf28434941712d38bdd100955d611987b5968", + "03f5b5a772d24bd5454bf26759dbd433fcc7bae4f5c593664c4d75da0cdf9430d7d9162b" + "ce3d7f6e13a344259da5a7d6a1635bb", + "0401ca1441b1f6e13138880196e69743206ce09c439a507a11c0fed069d4ed23676b27a3" + "a337c976c276809ae725229c9001708742013c47b14e3069af070869c12f0f39e35a6f33" + "4d98210d33c9da01ac80057911f5a392fb5c8cafeea01c1953e97d47e744160243", + "01484461d02c0337e8113e51aa7d46330f57d423b79b580a544d372524a853db9dac0c0d" + "16f733b273bf888271135a5162e70f2", + "0256d7ab133904a792987f8cea69e8e3cc674cd3c577f40ef6f12b31f52ac6366a2a3ea2" + "b2272c7bab8be00ca0d17989b6801a5", + "020d82cb9b3b1f25d993fc18b7303db4cfab91c03a97b249176f9bb2aa5ae7f589c74060" + "d25058c7acb6de1e888ff44481185b1" }, + { NID_sect409k1, NID_sha256, + "1f3c23636414ced48fab6763eed5b22537968e6bf08c178b3d31fb1f6ea773c697975970" + "1d94bc1bee7c354272811edec58eff50c93331b22723d460e56dbee90466b894354777b2" + "3b13a37d15a84c762caca70c01518bf34d0c2f072145d274b3b6c932b48bd815fe81161d" + "8507ffbc2f783bd212c29b2887af6d2ffa9d2b4d", + "046bb4a141c9099d531dd23ac440eff1f5b10f7cf34920b6b702311d490d25344c665ed5" + "211d401def24986c8094165d10f8934", + "04013db47ac0e33af0cc7d74f6ce647fd80cdc1849b15c349bf501c95893be5a440f85b9" + "b029713339fb888d7a93632ea4e0bd813601f26f7009cede02e054d6499c9280794184e2" + "12e3e1091032fe0e3c189de26d04aa8a5909569017cf06ac2a20acf579ca81f3fd", + "046e55a908f13441bab63e5327ac346781399d5a9035a72aa21df708b814b67e420b455e" + "1410014cb53e6ab00f526ceb396bcf6", + "06db7a7b03d6a85069a943fcc332cb8c54ac978810374b12eaed4a5fa5342c8eabaec238" + "bfc6107fd03d75dc2c6d258c218a186", + "010a4115161765dd0c22a0915a0d8cc01905de91d3f08c6d2d85a6a92e1dc00904f3be67" + "fef000ce19f57157deb9afba7582b59" }, + { NID_sect409k1, NID_sha384, + "ec69f2937ec793aaa3486d59d0c960ee50f640a9ce98a3becffc12d6a6c1c6c2f255d37d" + "29f9b4d068373a96beadac98fd5203a9f229bfc70bcd449640165ae5128e3f8d057769e2" + "8356e73e35d8e9af7876f608390090892c67391ddfcc1c332aa61efbf72d54bc615998b3" + "be8ab0a9d372784bea48c9fab244482c75cb2de3", + "06f2c6e9ea8109223d9a349fce14927618fc4fa95e05ecf9aba1546619eaeaca7b5815cc" + "07e97ae8cd1e9973ac603f84d838393", + "0401f5a9824584cbb0d5ed57f677caf62df77933ce19495d2df86855fb16456a50f157d1" + "8f35ff79b8a841a44ee821b36ea93b4f4001a88299000c07a9ad0e57c22fa8f15218cd90" + "ea1de5b8c56d69506ad0fd12b513ffbd224cb6ad590b79c7677a8eda47a8bdc484", + "042325aded3f71fc3ff0c84106f80a10af08d76d5e710a35d462e880e015a36d06359957" + "3ce2044537b9f62b51ed4fd2ed8b860", + "0667c74ee2d632aed13cad47e0b46a5176940652d7da613e4965876e7e22d89994bdeadd" + "6b5d9361c516fd51a4fb6b60b537e9c", + "026a01220a1166a4d0172428753e98caf0aaac5b0a09c5a3f11b2645d243991d141f59d6" + "cc502ac44b70e7c48d6b0d7b6ec4869" }, + { NID_sect409k1, NID_sha384, + "70e11efc78d7f079ae41ac3c31c96d3220f4abfe23814a2a4a78d9b1a25e838c3408bd41" + "6062e4b0a5cdadf0c6e16a11e00f59711b417751f5e4b43ecad99efbdb2a81c91a034e89" + "edc94eb552c3eba62808563cdf64453a1db07daff8742aea4a9fa738e1322da316b26dbc" + "a2954b2bc0de6da7518d28e6677dec6ba8af4285", + "004212b7fd913d794fc6bb33e0276e349c052c969ecbf6afc89b28f75a599a9242acf74d" + "ec9f374361ba296ba42a38407f9b7d6", + "04019220ebacedc60762877881262c0c3dc0c8a709fe2ea16cdaad3b680d7cc8aae8617f" + "0acc9b5c9861ede651481f39927a24ecb2018afd77bc7fe54266275fcadc0fe8d4c0dba7" + "a1264c79bc31479f4bcd02245cde991791a7b7e65fbfa907457fb6d450c0985ae4", + "04c01ff477786304b24cb9c95ed70ba376ed6e4f6b3ab2f99ac575c92d3801e7f43bab07" + "2268705d61d3e2fd881f754b9c84235", + "00987cf8ef2b382fb25a6a542e688aa96c098f5d16be0c7d46e961b4a4152c372cc06839" + "93843bf5a04f81e6068843582fca48c", + "036fba32f80cd2e66bf31baf87616027c5b107f72f11fc766b42e2774e29e10e860577c0" + "d3a27a3b49754e6a189680b7a638408" }, + { NID_sect409k1, NID_sha384, + "d922fa515e3bed60b517a2d37cafe4c041e5ab4b5c8d8d4011bf9fc4013dd8abf7add71f" + "cfde5e71d6abe76bd0f749e960cbed55711c87b5629a2c39cff48ed7d0feaf5cc4765e57" + "6a4959521f9a45fcba0dc65ae618826447e02ce6e1cab5ce8d6c96c3211adbb0660de7df" + "7453f3aa726016941d00d8ee536cc106a603d126", + "06baeebb5ffc89c94c3e8b37b9b0904e7c4b251d204894655bf3b1235710215c29820b9d" + "401c9ca7df1404d2d62d708aafe208a", + "0400a0b2a185ad7ddcaa0d8d21b643a14948d3552e25875506d64e236a90d274ad1ca678" + "e628acc208bfe6b56c02df9f5a36aa94ec00fef210c7137237da8ecfc2f069cb9390c132" + "d1c6ce961f2bb3ca925ee727c967f8a46727c8811c94ef66f20836c661a5cd1c59", + "02185be104ad16abfe4fb83de5db067d37ca58510b786b109514debef56cceb4dd6ebe53" + "b25127b85faf9c28b56d6586c26d60e", + "0404831192b4bd453c0a7e850815ac3fad88c7a2da27d29e83ca6f22213635a366018ac0" + "038b1fb1e4c512cac15b614fb69b3e2", + "06f677c361547c91428d0e200dd00777262a138afcd828238d132c56b2c232e2b446cc69" + "3fdc4013f05ce7021aea5b5b2f1b34f" }, + { NID_sect409k1, NID_sha384, + "4f64d0f6bfc542a0d4347576935bd68ca88524ead03b8d2c494061d0658e6c3e14576b5b" + "cea5f2f992f54cfb52b5c7cf1dfc517205e0454510eef1b7054a8cd06ab53ed2468193f9" + "8ff0dd62faf076549ab2a270f259276d5729996c120792c6f466a74ab65035bf38ff2c05" + "5b43e2a8b8e2449a2375ddbfc18242157bd905f8", + "008e5f66ba53e7caad1feda122a80c32c82d2c32a7237b8ee8ead44ea8f2f01d77c7056b" + "9dd60b92d051f060da8532c1fd0e8f4", + "0401a3d020a0c7e3f3fe5b3d9fa6b6148cd0c481b4f9e14dc85aeffff35e62545654fc31" + "3f930ca2e33dced28ec28d0fce6ceaeaa2013c1ac166c3c088e8a4a9d44556e3344e52e8" + "741ed1a8b526a45268086e2fe54c24d398553d509439ad4957454eb68af594e683", + "0095caaf063abba5073aa7123b2c0e1666d29bfdfdfb0c484e18931d756ed0845ea15dee" + "1e9abcbbe4576113a8806aab9476b16", + "04d6e33001933221e9eaa78da5874f639749c7396dae90f2da4ccfca15b50ee9e50521cd" + "84d78a098e0c383fab0186b3dfe1b3e", + "001e17cc7baa3e9ff4d882da970caf7d55b4e0fb7f0cdaaaa8290fe2fc9cc31d51b34b5d" + "cc825bf6799ce22fc95382d46f3f98c" }, + { NID_sect409k1, NID_sha384, + "7047d478ec5282d55db8c19c97af10951982d908c759ff590f27d57e2664f08d526cbb2b" + "fde39bdbb1aa3dca5a8d3feb50b868be6651f197abccc9d8040b623de367e2ea1d20ecd3" + "02afb9e273f4be9f3f64f2c2eb3f92d5e0e375db6549da2a589f0604bc7146562ccefd15" + "995a7c4208f640e7a17afbca69cda4e173380523", + "04ecb22b44e809f89b16abb10be062c89b41ee34e110403e42a20ce59a99afdc22f6f6dd" + "a56e1d9d1b8ce1d057f390db111def3", + "0400dbb4a6ed11f36eb78417269c1b1e9725eba1666591afaffb5582c8b4d5bee1d73922" + "b0164a05bf21a12052171abbdd3130555201eb385afe8588ceaac9f39a5cb4455e02bca4" + "8f3d2242730e0f9e06ff1db24344379f96356531676cd5af234a120f4b61f7e041", + "01cc97a718ebeffed4ca7a9a4389d6b0fafb73ab000463b68b5580267aec203b6231cfb5" + "afbf7ad8192f0947c7f40d9e060ab32", + "021a29f56c31227daf0dc5dc919434978943b80f4b18748bb5f7d6702153b966a0a4af6f" + "209ecfa3aae0e4f32a1b7c6ae58a55f", + "06921b2e2ab81517a0785c4ac3be3d7d4b4c917d7a1e4313b123ae96056a2a4a66d9e008" + "19d8c1cca5bc0d75e4e05477c1fcbff" }, + { NID_sect409k1, NID_sha384, + "1a8384b4771a410663e56eb36c5d9ede8d161a8fb0e31d3f74bcb017b9e31232bb2e2f4c" + "65a2d85bcd1cedd93ef08d4bb4af0095731574ab3f2762788a1ba3bf0ee46684da8d9dd3" + "84432fee99ed3c69213d790a5d81b351063eaf2bda71ca4868ac36be1b571024a8bf0903" + "9b347fa996d5d161078314e24b7d073e05cb3d48", + "051f9500c15ae73d6d479b9f3d2caccc2039d8d03820befc2aae3bbaf65d59bd9cb3c4e3" + "aa8bed5b3acb70a5566047ffad80729", + "0400ee8ca7f55225760c515bae053ebbf4ab23567f95c7091fee2acfff079eda297ec6a7" + "e9d526e12e5976431f9d7e52a2318ddcd80185e2c17705a2555fbb8afbe8e41ced8ace95" + "c83e198be3c7dcdeac8c2c5bdd988800f1194e553bd0348ebe6c29c16f35d50895", + "073f96451cab2d3ca9810e265b3461e0fbe7f32fd6702f06891b97969b133eafd68e53b5" + "26b5e32b0d06ab61ecd75e1bbb21b7c", + "067d55e709f6966cb2082d8021a313850c53305a3bcc926b6f9a122181665328fdc8e05a" + "88de812357be85d22c61c919876fec3", + "063d5ee4a63b1fae39f266a9f826754f5bca4d7bd414dedd16858b5c6ac2d4162e28ab57" + "215c6713320d3d6960f6b55e3f1897b" }, + { NID_sect409k1, NID_sha384, + "43513d6dd8bb0af7a6f5a2b35f99957d335a48d54f2c4019ce9518b35441d4935518976a" + "b1df37110b5b53532cd9e2c66d9f87ae7f683d7efdbe1775a6c15eecee84c6f879999d07" + "06f6779dc158c111fe8d7201983883bc8334f51dec60004eb1087347bfdab20f8f2f2605" + "56681e05fdbb8a6139857fd3bb2df5bc1f2dc143", + "00cf01dc4462cca764f4f8cbef48c51980737b9b98d1384b8de9f4c733829db7718a9b5e" + "aa46a8475c2144fe4454cb8eeb0a443", + "0400806457fbb7fc577497c937600c5a9c4df2c20cf7dad4510e5ad617fb2849bfe6956c" + "3efeab6b805cb7b63bf5d1c94e5ddb456e00915071cee2094efdcc155f893da8d83d9a5c" + "234d0f04f738b7af5b8fddaf1d3aa152fc11894a13caee0009bc106a64323e9dda", + "024968902b50febf13be11821d0d316f2daaa07737af45ce2e855aea6ed58f226d2279eb" + "e4295c5d7674104bff75b899609561a", + "0549f18f1d654f26ca134df4707694e5d9b3693bb34ab5123ce4d9e4c2b2d9756ddad957" + "a4169fc9bcea29944903080f6f5d01b", + "021887355c6360bc4ee59f1badb5325763e9428e60b31a7abed06ef03bff0b1265662d60" + "4dd2e0140c355c70fce1b56ab143201" }, + { NID_sect409k1, NID_sha384, + "752300bc5066d0efaf807183a41725e349907b7339d77c79921ead3c685b616b0eb97e70" + "8f3880fce0136c510c8cb53b22cb424af6f1c34633600939a0647c02d8f9601f9416f1d2" + "4a51657241fb559c25dfba91402cea43bca1a13718b3945b048725f3df560e6717cfc6eb" + "d894e29bff1e0c7763f15b8ea93e67385f059598", + "063a9a565497974c6dd459bea0d1196d74f263f333c31b7e8591499960e1cd79e2ef4cc8" + "709f6d54713f873b16e7b0be42f71c8", + "04018872e9d9410dbde671fc050ab88101f01d146a72d62b630b29790b20fc02cb62cd0e" + "bb5b453a46c60ec2d2c66de8715c32057801b6af51db1c42b743b89be0900d23f7da80b1" + "5f2e7a2a965c7bc13800bf58589560af4697f873b6155194badf5a19a653e63da3", + "01d3278e6e78386146fc15006258d7a62a1345db3c2e44fb8d3bf8101727bef254a9fbff" + "157072326a85b5ef4e17c5b0212bedd", + "07bd5b54d9c6d6f9c87f4a66472be2c4bb7f521ae56c1dd71781d95440b0a151d206ddf6" + "27e5ed3f9c7df2fc914a78454e97616", + "075e39ff66ab0e0d1b46f9679b95d10b692874d45fd6898c569aac28a53569646bb29f85" + "56e529ef83a15c574ad5e1c82878154" }, + { NID_sect409k1, NID_sha384, + "f620603489944769c02e2f902c2299dd5f32b5fb463c841b7e1fc0249a85d2c31684bd3d" + "aacd97de8291c5d39e84d6e59d3dde1b30c181bfe8d31b8d8e080bd191690a67fa00024a" + "c8c1b10981b40d4f88789ecc58fc69b15417fff34834e23453bb9933a43d08afab74d056" + "f366b40ad167b51ee5f008db151a12b467d3eaa2", + "041074dc186193d30aac7cc6d269b938ab40b257d095e54ba79967a377a91b8f73671470" + "cd07f0a3d1db7cf0a31ba9070625e43", + "04018fe9848dc599a759d90530480a6f11d052d2ce21a7275769ba02a61658c3b69ecc54" + "6aa6599e6699353ee1d65ce533c69fb2180192b9c41bfeb2af4f29dcd1c43d3fe72a070b" + "5d085d070acdb8c02f0dba00c9471df1dcca1006709676bc08b8ddad97310e25bc", + "036447681292dc781f7f4ed60126945354ad1df5987266038c5049d698b2ae12965b6fc5" + "8f3e944c4751406087859973d8afcd2", + "0541c22a6cb984cafddb3269ba3ee56af64cb36d03b7cd1693b112a7df20f0422219f85c" + "6820130ad53ef69fb66f3326bb863a9", + "00fa66b163ec3582760b048ba9a0fba9443d7e908b67d749d732ac9b6e89c1fcbc6d3ff4" + "e02a43ee41414b15ead0cb83749e0a9" }, + { NID_sect409k1, NID_sha384, + "5575f610762b42ce4e98d7bcf45a7a6a0d66ec7f27d6b8b17f1961249d905bc7e58e2ce0" + "806d467f106b16285dce4544c72666d08b5e2276cd0c4e13187cbda8aecf57b1855afedf" + "8fad39ee4fe009f204e60bdbec79b123456ec2d85631d382b8a2f2c7634af3992e4707f7" + "b4215e2c9d3b0aa8fb08267953883a4213669d33", + "010820db54ccf0226161aeaee79cfd2797f87702b4ee91adf8543b3c9e79579d0df8a889" + "e366ec1e0718e039b87a37c24d620e9", + "04002eb4e313f158ba7497130e2d64804ac45a7db207c55d41f39979e0303dd2641c8105" + "0fb7f24f2fd2485b90f60985cbb15d56be00a190fb6c81c104164578da6bd4f2b193cd11" + "935e1f87f14e824c2bf8c82c39f0be1a6de3dfc6dd68af8cb14f6a78f38773a7ca", + "0118e911f676f004fe581d1855e5795e5f4ddb33fb8d409d557aeea87895b7c23a513ca0" + "010f98b3a63f2c65da5e3b6c37cf5f0", + "060c7f7c47c16b294867cee3e65eac8fc828229a5d3adf8e68e14dee620e9d4e7b78c8b9" + "02b5042b5f19c94e621c52836c95ba8", + "008d036087b23319553faf835b793c73204cdbe2c1c2463e74de8f404e66ff15ce9384d2" + "6149e7300ed1a109afd1f915edef912" }, + { NID_sect409k1, NID_sha384, + "81cf067411dde2d0ab04fe5fa1e28e6975cdcc571588de60a35bd956a535fbbda4affd08" + "03d244f3f7e6902a2c9a7ef2488691b6bef7f8ffb33be09ccae4c5285265e4957f7928ea" + "5cbabd6823297f59a7cfc9939a49f26bde74c4c69e2d38c1efbacbcfdef0112138431580" + "72be84ed3c1781f67a0e2d4e9ba76a585c17fc0a", + "059d2a06e8bfd5e14a9bc8777958b85be5e97af892d2cdeb0ecbd2d5017952b5042349db" + "5fedba2e26e7b85bbb31ad313d99434", + "0400af276952a1216ac88ca7a194f5b27b7c98c78c42f852dfc1a2cd4c1a477ed16eebfd" + "c90f613b6e264576a35c45f49aef8a564c00639625074b69346dc6c617d624d63ce415a3" + "6154a817f4e18c59a3b09e01589407077b19bbbdd57b04ef8fc2cc23c673d52910", + "002728f7e9b4772ab790af0be9ed5b3eab697c4710249169d2a5782ab3797b8fa21bf8c1" + "de659e3060af5a286353402ab982320", + "02a7027c6f94cc236dc8cbae35f9c38102a663b84f66143e2fbf9a152b1a6478bd803bf3" + "171f933f63509d539a54dd348002ef5", + "0549ecf85ca1bae6d9f0038dcef90c93121a654552780f5583a7d44a73a9360c6799e76a" + "632bc8907ce4626c0439f1518e3a250" }, + { NID_sect409k1, NID_sha384, + "8ea18387940035cff2f37278d321b344231075db43c7fa7fee9bd3fdefe5e8f03e7af9de" + "afa1022eb108e19ec11fae34536a4fbac2e8c8139a081a997c080cbe8f3e2d2a72ff26ed" + "cc5338b21372fa1498e439e4d9bb12d51cc539f859047957b1b1f1fc30b90231eb06b365" + "a4d404a1fd5a0e5cef171fc95b04d0b557d78ebf", + "0405590893cbbe18f4ad99df28b5f9d17f8f1882269aff0b7eee9392859d68927a99c942" + "a3075269ddec6d69c0df2d76ab9d801", + "04006ce67ace45a9cfa0cb45e8e1d0eeb44e94bd7527fed6b563f1069140a3f36e010f85" + "e1ae5ef14d626c78465cae43230090baa601a66a58d87621b63ca662130ea342db029acc" + "2d99bf76cf6ec4e53ba71bde4b00e508d332081055a65fc6f44a96f4e947d729dd", + "0035f09e0c15b41c958596ad3f5c4bd4a3685ac94f19fb97503fb5fa29115cb18fdff4bd" + "104535847ff36650b7461550dacf2a3", + "051775fe1503ce80b3d581ea3e5ba761665568ce0eb7d6a7163d8d025d76002ca7bcf6d6" + "88b6477ae85d09c0d4017aba5ea8019", + "035cbe69edfb6fb99c9e45240b7a587c3805ab2ed6b0399c7dd8dd76187363b2ba1def66" + "b2c3dae4bc2e40d164bf0f4837798d8" }, + { NID_sect409k1, NID_sha384, + "6a253c1aa17b2b1e6624afc8e7456d366ef5b1bd78e740538260f395481148a64da0b6a5" + "8cd53d7e06c691beae1a616547cd95c4d259a371e51c2c0e334c8a5311ae31e4c7af3256" + "86ff9f7a36f731010ee1a9b8a29169ceac36a060dd23611dc9713c615424888bb574ad5f" + "5755d7311bd169336ae986c977a394bf16487c4e", + "062bbb4f565aa0f23b88ab9029d33b995729d10fcfc33ba7c4051e2fbc72f15636a834e3" + "ebfe604b927cdfc89f53c57f36890db", + "040125242acf14c7e08e9f2f0194f734841758b1eea1e37ba80b9855a14100a5f0b57bc5" + "2a0200cb640121d96769e9cabc45362f5600dcf52cb899470943a37d260aa85fe83c3869" + "c862001021660ad09b4d73f7739ad331b3566bffad590534207c6db9acf98399b5", + "06095b4ed8d51e37f6c723648af4cd4585d9d250d7519139f58a93c75f197c4bbd1142da" + "59769a5fe178415c677caed1c3da667", + "041b212a54d4396ddea2898dadc363ac3ec5385c9b3b8ef1ea17c3d2f751d4f791372385" + "48ad759b5e1700d7d78072df3bf84e3", + "0149242afc524b0c3583037da153f539aad85aa0c19c6c70852e3c3923df8c3abd0189a2" + "abba872932eee2e6f45e02f98e810bf" }, + { NID_sect409k1, NID_sha384, + "0f91d0f0139faf3b90a3d4bebd7e96ff6bb6f90f6c68321fb392637d8ab2a60d649a7b73" + "64ee6e4e274e1a8d342caee36cc11c56c54247fb0a8e8ef81ac4322b454dc9a195dc5456" + "7bf47ec8d4fa4cd32e76d78ea2d08bcbce3edbb68fd8597e56d5a9f2df4e47b2701046df" + "89615961db601bd8204584a6a6cfbb627e2a1190", + "03fad7031cf8810544a3e4bd1382c0a2e22c5a9fe4804ce67b27591fc516ee81dbac841d" + "399327168aa6abd79e2b5ef85df1528", + "0401ef0f918c683be57eeab95d5d1850bd492ace7f4b37785863647774a028e963ee2c0e" + "ea801838aa8217fad75c5780f1c36e8d4c01d5dfc69bcad46bde5539c58ebc89e1db2a3f" + "65069ed963280cc2cf228b2568bd53c6e0e164d6b63a5d3c2b8e3be9d5139a62ef", + "00eb16d784e2aed724cf1e4b72fe76b00dc80948c07f9c7524eb0e83bc59c12a8ed16fa7" + "ff21dffb8bbaa82925848a19c93884b", + "04a07e79b4f771363ad4c46cde0aadf3df4a233740a89168c97b54559029c51dc2c79b7c" + "c94a0e4e3d2f94e376fe47993da28bb", + "0360f559d37a777119b2aeebf00cc17e2edf04a2cbdf74366f5d34368d2eb2c92958e4dc" + "2b7453d5a509407a4d4643cc0235f57" }, + { NID_sect409k1, NID_sha384, + "50c17c1fe4dc84648e5c3c3ab8f7c971d4c58d8d56d2b5ddd92e35e6792111ed8dac7644" + "ac8a07ca8bb4e38e071aa47b22ffe495e9083f9bf781ac1b5fba571862c909c7aaa7b8d0" + "5ddfb7ef61c99700de734d5658f44ae9fc908c85a2dac8e7f854d6d24be805fcd7f873a9" + "1252985c5c73129c60177ba8fd99daa87b25a073", + "03db41b4f637fe7977c90e4f1a21799baaddd1826c667102414877138436cfae1b995984" + "2b8097b5276f15f2b982ee59df263c8", + "04018eb25bbdeb41c5d14edc675fcac8a523acbfadd6456632bd593ab5f694a7734b163a" + "ceb6e6b3d8ed83fa1cf7b5adb9871a6626014975abca1cb769a243936e65123167e53527" + "9197a37d8c92c7b138f31cad4e95c5f62b06f438f94c1a61634b34be7b96f09fbb", + "055fce73c9c385f007256253281c6b9d0930d127939026495d0a30f25f77fdb6b334043c" + "39fad4223852f7101fce72746ea205c", + "01d7c26e0236afeac032fc5f3dbffc8c03b04417b514adc26d6a4f697b4e87a008d5ae97" + "544a274c25ff66b98111d7c651c9381", + "07954191fad321e7f2de95a87d5a9c4527e658ef85faa6622d5f34f8bc2b84c881ededbe" + "0281456e9b70eaf7a207e253d216533" }, + { NID_sect409k1, NID_sha512, + "3583a3226e2dc463a462fefa97024e6e969c1b13bdc1d228e2d7823d9f7c09012390c253" + "5baf086588000e908309090daac6e6d2b06d2ede6fae838ed47f30b5b481185f607a3586" + "f6dea47c8f84e9d3b96d5b0ebae2462fde1e49d84d36658e87dccf5e30c0937feefd8862" + "dcdb1a1ca373f6ae41641502ac54df6633a8cec1", + "065b76c6093d9c49591293471286df1a4444e60d9d06cfa114e175afb5f119d2abeb273b" + "0596019a0ec5db5b5869f2cc827b364", + "0400266321fd15bf6b1af862496f467069819e3860f74a07825e68f3d023985bfbb838a4" + "9b6a41b6515cacf404ebf12ce0bd3d6d70001593c7a8e629599e63d3282cbea780235182" + "77e6731fe8d88cbe525ded554b51a7f8803ab9e330f210619dd07df8f67e1066a4", + "035682af873829e16b72bb86f3ee99b5d9f052e4a631b07f87d3b361c8d8260a877231db" + "cb3f4d461b4a1d4467824a26a5a6414", + "00a483dc2dc6408c256fdf63b04d71d3c58a08db7167da217f466cbbfb2d68444c10e87a" + "9a1bb04efd71135c00226e58414d407", + "078acfad2f2492f74b0281d53e4224c7544588ca9ceaeb16bf759b20c2f3d3ed69c64615" + "c247213d51800569dc8b00078de68ef" }, + { NID_sect409k1, NID_sha512, + "60ca58462d53d074b370127132f4e59f5eb8d15594dc721a94286afd082a8934e52462c9" + "c1c3910f8b50d7aa3671dafa5972958d876d7992467b2fee3795a6f9d8a7bd3003a8582e" + "a8c003aa1e02c08ab6804d85bcfa13a815d75c938671f0af0706c68bc70a6155708ca755" + "cac2fbb68b2952208d63e0e2e3d816f04c61bc03", + "07e9993f3fc1fdc4c376ef77ecded96006ac1159740bd1b2dc6ae3d97e15a67383f1fc93" + "1e460b9af3fe14a54e47919667ed06c", + "040189b82003b546f94c066963239c7a590e064b88bb4548678853545920e413f2be3212" + "5e40efb82d2c9582d2d8269c1d408a7ff0011583b267727ba6c1e17a244ba7acdcd83698" + "6089860ee312b6dc2d88a984b1fa232eb0419730db8fb94a5e077009c1d55979bf", + "07574dbe04e1ac2bb34e40f32d6f6db364a95cc5770b79888d72b74bd4dbce9fd91136e9" + "e1152424d76688dc995bbf2bea34175", + "009e42a63b41877e200829356a2191fbb6f2a9a234be58c76b0852e4f348ca61e7492f90" + "a37feb8b95a6dd6df9d1a2e61c63b4b", + "01499fdcc804fee8193de080b085b7513eb8022503de5f64dc12c04c0ba24af30e30f63f" + "0e3eac2c82eb20c6672336f8732ec5a" }, + { NID_sect409k1, NID_sha512, + "c749f9bb92ca9957ca6d0124206ebf65e860ff38a225e241950bf4526cef3f4fa9184ec8" + "3f71f813fe852dc08eca6b45b14fc7f2c6a19296529bfda007efe9d0d26492de2a902b45" + "ed39603e22f0a763dfa5deadd97ef6feb859d860baa2cfd1d066c0be0f9f4e0e2fafa69c" + "c51b12e814ad2e33b0acc0bcbe1df8cf018dcd4f", + "00c11e2979498695c660a2bdfd105b115bc4ff8664ea15cfb40c725406c6fc9a13027bd1" + "d72ffff6258f29e4e19b845243444a7", + "0400904a9bfebc23607c7c89b7aa89315343852cb894f54fe42ba4225285e58c6bc318b5" + "5691aa6a6ef22eb11f44cbda89f157d7a8019cc1826280e54832b455f0ce0cf89bdb62e9" + "73a8e819fb776b1a202b4f207b8baf9072929c9e3f6a8ff996d6d529de899b024e", + "070fe023c9341df9348f08882bef47bd8dd7f13db7215d1cd52cdbe7919031a62455ca96" + "9a8cc6db0a05a0b4befb47c142c4f34", + "035e7130d59d92ff8c4f264fb2c346e052bc305c7f57549a0fe43cc7cdac6aadf2ce1939" + "222decef4e1f900e3c2fb2c52bf53f5", + "0008d5ec1ed2091309ac11eb88157ba5122bb9b5c858a46769a130f7a941818445664ac7" + "8325e0b6d2a11bc89d08fe0e87a5bcf" }, + { NID_sect409k1, NID_sha512, + "4de8414780ea20f7943b1f1adae5e3962d96e828fee43bdbf2831bd71bd25df2976a3be3" + "7a7a667c7fbe1200de578920090d131a750c9bc09bd95b261234ea8cc25423c4ddfff565" + "6d6b32da6e2f6f530e6673a8660aeca31273bb9a3a21bbd7031a2fa71ba37c004d3d1c64" + "b2c0798783e47b2efe1a208959ac16e35d444245", + "068dfc23c6635bd1fa1076dcbd456ad6e8df7ce7c1370fe275803befc4ffad007fd062a6" + "1cf1d50b93aeb9afe1aab47a65af82a", + "04005591f8cb59ccea17bfbcb74e69f05218d16175f0547ab95f507ef8d7426c077b52b8" + "2dcd06baf6eae7a66bc72422236e589e420126a01d5c2331a2d00949e07ea9242ebb50d8" + "30b0aaa74bce841d4e43bbaa9e9aaa01ba25db7a8a2f4d72977c0f016f625cdebb", + "070682c9659089a703dd9fcdf2f3fa0c1d1ef5fae3f8f1b3dda55d9b611770244f892689" + "8c904f6952c1847d287bca21db4dd59", + "02734111e3b736ae795929f835701bf290dd50c0fd625738ab2769242c1403197a3f4dc2" + "9ca618c2e292c6bec6dccff71adb698", + "0755292cc5363fa74e0193a806879d3a275b4beebc97250fb230efbb8364b2a30098c048" + "8bcc6e20449622d6a5fd2ae24d7abe0" }, + { NID_sect409k1, NID_sha512, + "a081d54232f84bb19dbd52ec3812748e2e6486f6cf1b177b27929504ca878036547eb435" + "31bb5b3edc81bfe105370427e92831d2239cca0106d031d9fa8da9cf89c6fb6401377d59" + "36b6329ccad854e5567181b8f16a37c35f333eaa0ffe91d727d183fbab935fdac2d5670d" + "afb3fba59e4fa2df1746c58dd8360fa08af7f4e6", + "040807fb888e1d9fd33604546656a493629d94d4a0a9de2608962225ed158167f9e2438a" + "be2d12a11e2adb6c2b66ed78215b0b1", + "0401787c0e6c55acd69bde9b0a84d6022796d5b5c60fe5357bc0fa4386c16f61b38bfead" + "b6cfebee7e7701bde24418b8b5642afefa00d9579d271ba3d5e2327eb863cfdca3970700" + "55b97714e385ffc2fc23528f696dac1a4d0e535641f6c876f1819f2672a8c31cdb", + "010b8f5356d8a029659492c444876f1d274b82681d4f600cdb5fb2afde13598ddb71676d" + "9ed86e83351c70678886e8237a865d1", + "0304f43f9705d189f47ee09a079494030b0756993a93e4c6ee6b5e664f63431f99e50574" + "7c24377e5930f13492483e6cd06ebdc", + "0580d4707c97f0330f908042a6cb2a2b313f07bab34774ee03bbee63a4ff881b68def47c" + "d300fb49deb49829bf486d1efad39b8" }, + { NID_sect409k1, NID_sha512, + "ea60266f1538565b3ff42fa4bbfe319be070329059c52c8bc04a7da2824f209c1145a05e" + "551ea59ded8ca8439c328f6907da4e81d658937df614be98c7b8648818ea80ef40e49aaa" + "4431f4a211d62acf2611f5d60c446b2b25745078c643859be1b12b3141a09ab765dd63ea" + "1f2a2df015eca0840087a5db378c4c4cce76cba7", + "033bda0a02badae08fe40c239b9d59e5bfe1c4d4b9b7a5acda6790bfd77ad08dde5e93a2" + "da80ec54a7f88146d72218bbb88aa10", + "04002dec536832c8acf007daa66a47e4eeecfb6991a359f8c412299ef56c6ca2faaf18c4" + "db708493e84786a7837ab74c5fe0644cee00906c8f603b579cc2384e0803d31d577f7c91" + "c55406db3b2db91bbca323fdf3cb6d010617ad1aae7bf414c4d974f22e6f05af53", + "051e8d027e62db2397e4a807d98a24455a76eff6dc259ada89e794dec1484b44724894ee" + "ba842f60b73287642570460896dbe77", + "031769e6777444095d934d05dcdf82405c43ae91ad5fa9201568ae2aba25712717f1af2b" + "8f49f6eef373237bd70c34889d0d271", + "0023498aa50ee095f33a4081bfd70a9484089c85fc7a4569f560ed67243745c823cc0217" + "d29e2938f06ba9c8790650d10fa5b1e" }, + { NID_sect409k1, NID_sha512, + "82f38c9405ef0d26bcdd5b3fce4fb0060c3095f61403418e17c337933f0563c03691fabd" + "32ab5e896c593439e7492a9970ae325c67196d9e83fe0f9780409a930326f7e6efae035e" + "f8c321cb9ad12461edd5cde66c04739fe079db65406b3c2d22f2d04b1a4335285513d4ce" + "b901d2ca2ad10c508302266c2cd6079ff14eff4b", + "04ff431769d26b8837d3e1295f5464fe82be29edefba76323e92078a6483ea0daa962215" + "49102509a1bdcfd46a5a2e5de10c39f", + "0401beb74d427d849705cf26e26312446f27a7c5ff26ea9dc1aadca763254fe53a622de2" + "9cba4fa81ee2f9e0319e752f72be46cc7e008dfcda35a00ab77c3c47dbc05b0678cf561f" + "575369507097833e86e523dec879e0ae9583b4261f7a73c9dbd417accd4ae6688f", + "005aff3ad332af23e0dc38c16853252825076d602ed4c6d947be751af5dff3f59611e616" + "6c31740b5e5a167260adf2a5466289f", + "035c4e8e1858b9694cfef3e864ed959638ba309ba2066a28fb9d0e02a66cd4c187dc6fd8" + "ca5fabe68acbc2074168157b685aa6c", + "04ec2db89645018f9845b7ae31b8418a767e3570d401f41db18e424fe861bf09114d7860" + "6a056617613447d125a283be5bdb6ae" }, + { NID_sect409k1, NID_sha512, + "d8506fab4f681ba4ae86066aed447571eba4fe04e6585fe3be6af2ab1000a3da68c5b0c7" + "11a85ddf3a40cb7c8944eef81f2094650459e14f5b848e6add7e580b0198070f873eb3ed" + "5d0728eabd92bc1398764b94cbb4cdd7cc2027b9762dd10782658cd9e8a5022ac062fec5" + "35d892198c8a387b3d2b6f7c92b1af6ab7dd9e4a", + "03f85ca1169ca7e9df44cbc6bc7d2868c9d94e8f8b699a42ca492dca0914eb5789a90322" + "18dcef7f95f959c9554a1cd83360439", + "0400aa3c77dd4324258bebe7da5338c772d3496e3fd0e57f455459542f1a1c5b47692f51" + "c3815c9549d0c23fdc1ff610fff6847ea8005e626d6aeb86dc51f3b359b10862cd33ac99" + "27e38127f7f17426f2369d62132a2a62fb6b8354c5ca0b3e5c7c87117b4f777a0e", + "0495099cc73c9930333ae3f9d0b7057d7c70e2bc7c805c0c6a44404739b3fb68f9fafa53" + "033b54b7ad7bfaf4bbf7baba0dd5a0f", + "005612fe87c6a3a164d269da902aa43c5a4e0333770ea6334f05750be3f31ee758d16929" + "1e15b1540d40b60d1bda279599f254e", + "011a633bbc058550a597585bbc9f33099eb517795600b019255f649493d4a6dd533be8b0" + "965d9f9d9698677491bf929198ff34a" }, + { NID_sect409k1, NID_sha512, + "b3f30d34f252a4c26f396079e773142bf61c0981d912333ade3de4e27cbc72cd8a16b318" + "07f0c46116f87accb854487d83ec8c6a61565e6fca145eab70048245db08616779d7047d" + "b63aabd90dd15acbb05eaa510072c151c0518f1b34582b95f43ec7b9484b2993c176de79" + "e84566764467f72392ef31619426d159c91816d4", + "03a97deb36d68f81f50c8829d412ee5de7f9d775633cb69c09dac558182039e275fc2582" + "40517a7c4aa592e364765321f27cb12", + "04013f0f4c16a47ec3a46e7a088c1b6a63ef61eaea46aa9b2c532d8df84dbf64991bdc2c" + "81ced3635e562d1403dbcf6aab2f8aa9da003aaded3b99a454b820fed989dbf6430ddcda" + "67db58e356397d06aa137fbdb365ec43994abd9c0a9fadd2887da9539bb4ab3c44", + "06620ad14a5835b9e9e104607c317cc599416683a60ed8865acf78ae1e861246567cf9d9" + "1f759c2d4c82cec835a4784d3c231f4", + "068faabcb7c716fd73f129ebc6625f5b4660a88e47dc7dbcebab321051a61e46b74409e2" + "b0af420e1671ef4efe04973c43471ff", + "06851e5da033da0f28a89dbbdabe93ef11331c55cc03d5b096c0522370be681241fbe71d" + "1349f219ce57761c85fbe208ac36a36" }, + { NID_sect409k1, NID_sha512, + "0fb13b7c09467ad203852738eda5ddd25b17d330e82c279630b0e1f0c86681f67f6e537f" + "b00da9419114973c8559306de58b0387d86e52d821d982a60769d2f15fd5ac2ee6dc55d8" + "ac04ee247282cb2866b8cb8b4d7b4b6cfb33bfefdff09a73d727193e5fb939ff66ac5fcb" + "644a44f9083a790888cc538c5eb435243c6a34a8", + "03b1da0ffed24e1a3b5ba22bd684337f6b08053591620541bdad50c761d66201a2cf21a4" + "cc636426456525b598e96baf97d9851", + "0400116a1790e621272b56cb4579ffe6ab629a2d077b779b73e039d74f58c476283c110b" + "b18b9c9ed63de7288dd678064de68b7df60122b43afccb88982f2e07ff35468178572bd7" + "2b644322d9e1ee68f78880169a83a5bb88c6c994762a7e8d80e09333487ac30fa4", + "06d7a24f0fcad549e9c36dbc70ce264a75eb37b74db98b1f6a824ad1e5635be9818f45c7" + "544927807dc0fb3bb5fd38556e8656e", + "0232339b50bdb772d15f2cb8973f6dd9397af45cebb69adfc089bb802e9c4029dfb2078a" + "8a26d7197de10638ce512e5904ccc5d", + "056add03244174966d53105c570e8fa660ae8c5d53316a24cd26f24e29e4b7459f4c9dae" + "f07442247b63665f97a3c07d91a8706" }, + { NID_sect409k1, NID_sha512, + "f9b8124281628cf4e1da0cb4f021c8d19d815644cd80c7c8de4cc62722904ec4cddd26cc" + "4891f30b15098a25ba6923c6abf4774deb6e1883fbb409862f94467e75a725e7154be860" + "fd58347577c83adbf18535c54b102220197afa062cc1c84f6094490ce488af4a08d2c5b8" + "08a2572e18a59de96c87162f88413795351cedc1", + "040bac7e0d3b54c7753c79d43469e310d876015d948fac4e3a9765444754476af72330e8" + "8d79ee6119697aafac8435ab5690754", + "0400bd4fe8daffe47bfdfc43deca20b15da7c999084bee8983c62e3dd33740143c38d8f4" + "32cbacea51e6f53994265b2d8f4c393f6e006d88c33c31f4e143b13bedd5738bc1191fe6" + "815a099fb7b44617fdeb08daa0cb74edab7f9a8c67ac1e9c0f0fb21a9f02ef4b6b", + "020f2f6fcb3e471d47f21fb15301784f7cf3632dad3627a9ebfce587c0097871eca580bd" + "a051b100f991aa6de5edd3a7684e839", + "014f8884b5107e9ee5cf6f5d137ec9d59a85a6fa0431053d58a1400fbf0d518e8910179d" + "a1160de2c6cc8ea8ba8f3af8e0e1f6a", + "019aa8d55c8d876989f9b9559db0576f91c4610dc9187c74aae2d4f212cd94d90dd81ee4" + "483d88d866aec1ed469c5e3eed7d90c" }, + { NID_sect409k1, NID_sha512, + "4e3cd6100520db050af0daa69fe3cfe6603a223d4f2a6318fc5836db8640d4c7fb80bb78" + "1302036d2d6fb8e552b4eaef3133b98ba2d36b9ef0b86243b0391413c73d48ecbf1d1917" + "0f1b3b781b35ffd316afb1d55d1dda8e91eed5553780cb2714a93e7ece698b832e853e25" + "89c5ba2b8a997bbbbf625071ded66762af8cad42", + "025b7eb3bdefba3c5134438caf968f615b315204f348006f82e8d61057a8a8a853230cf0" + "500f9d0b8c1551a59b9184862dd2ed9", + "04017d2029cb711e52df416c54b63a95a66602a1d15c3761d91071964e0128c91ea766b3" + "d409f72d9fbb5161a459c3fd7990f87d8801e71a9c66a4d4dcf199aa329e44b99f80640f" + "c760fa7326f29c273aa13b153df5277feb3c049e407630173fdc9f735d7aee4e10", + "0575aade2692534b5a1a17d36c36973d24dc501c75c3b0b497a3d2fec80c67be7107988e" + "47199d4863044fe9176762497b5aff3", + "024c6004fa92cad446b8339917f517f04d22db47b3f9bdb83d863dadb5431866ce21b13e" + "780495bd66152ab33eeff8830cf8538", + "034aa568aca7be851d276d2235e42b6624df1cce2b97f6413dd3fc506f0f18483f95f911" + "feb0eb220415ac593f2c93dca0808fb" }, + { NID_sect409k1, NID_sha512, + "5411708381a65bef4381c9e13a04cdd5ba0c15829f7f25ccadf695f635384d8e4704cb56" + "2741747831b33852567f42fedbd190d2980f1bc921ce01c17d659d4bdd7eb787b3927fce" + "e659dd3b65132496c687f2249272a473d46326e66b3cb78dafbb522390162c168f73bdec" + "88adb145e6afecd561979846ea4c8cee38dc1686", + "0673b3a2985c95904732632e5d988d8d437a60db13215bb6aa880b348f011c609a1e8604" + "61427a8cf0d622abc47f910f5c97ffa", + "0400c4f1c0cdc44d867ed38d093eb967bfe285df897868c83ffcc0c53463e3852a1b2039" + "506d9508bf01d0d79ae537e42fa2070a5e00c2bd9343041c2c4100c5d795ef355c796a6e" + "a7954cd729e11063b14a27fc2c3a9ffdb3647613b44238eee17d9cc49e8c5dfbe0", + "019a9509f5f6d947532638a3c80782b556c553edaee9ade91e457f7b5d2c9055572fb116" + "f52cf4d3a2a0eca72fcb32b2f58e952", + "02def440e968d17d9904c5640619af2f447f74b7c067537db4a15be87df4fe68f4489704" + "7fa8af146462ceed4beae36d54e1aaa", + "013d5b00fef639c556d66420090c2cab1edc57b7257dc35addd62a5337300e94ea7ee116" + "e06b744da1b575d90da81e8ae2cd424" }, + { NID_sect409k1, NID_sha512, + "23757fa60fcabf543e603d8b31ef0cc99b3ed16b4816a84e01dbfc858872fcb79fd03d2f" + "8a1d4f28c25dc42a39e20c34f81ebccda1682ee9bd22fe323e7f8ea90cf4a2a6ebb634cd" + "1153cdc35f7306f28a2efd822bf23131baa1543d0ed5ab4c8168d3199983fbee117085f9" + "0550ec3ffa2b06070d3add1d707fc2593285ff58", + "00db7dcac414010b816236cad584dabeaec1da76c97182d1b62f87bb7fe2946a64d10430" + "571b2b29ccf2ef72c969a9f045f1f3b", + "0401f2a6cbb9c1fabc8db2848c74d918312267888d822b7dfd1634a543dcca4be7c99723" + "9f6281d1d8b5da9adc694706b7b19cfb0c01bde57a2ac15f4e6b26a373a624588a3379c8" + "eec758f3c68695e2eb1856075d90085f43283d982526c5e57913cca5e2b4169f8f", + "05a3d856ad1d6164993cc59e70f8551e2408da92c7e6cd52df51b37dc22e9ebc42fbe6b8" + "3c332eedffd4086a382056175ad7009", + "0489b0344ae4278a0376dcc64ef9ba8595bc2fd62ad22d42fb431d2863d8ca353cd9e59d" + "e4ac10108fc247d6ee9ef643f6bdb3f", + "06aa27335e15dc910515385764387798cd4a9b4cd6d99d7c42e07fc04e2bfedf8dfaa7bd" + "a396f88253357d3e2545e895d9aa3b8" }, + { NID_sect409k1, NID_sha512, + "b976314d2f066f8893307a726f450dcf2cf865c170e90e6908ce9787eec48e1e2119a731" + "b2bec3c12fd4e6282a393774251bcaef91af6ce57c63a8b45bedd72ab862cd169b7c84b8" + "f6a72084ff823a96f2f8eff3483a7ebfabdabf0998377c5a6836d88135cf61c65a0ca7ca" + "57727da68047dc635c17ad13731035fe9a6402af", + "04717efef16e1ae267e155aa1daabafc68515aa391dfeb73c13d01f3132bd22c984228dd" + "dc4dff4c39979e7585acd3f730cfcfa", + "0401526c58a3de46c95cb0527869f7d637f9441cb5504e6a01f339907c6df3d079361a41" + "571cf0a0f11996028a41682dab5decf78601581903be8a19bf8bde1d89bee0d436f061ca" + "1a3ddded4b7793fbc32ff852671103f34e16d469eacdbfa457643d1b18dd1c4107", + "05c846bf61c068b421efc472469ab1ff8d9f34847ae0065ba6f4a000be53727b3fcf97a7" + "80362566e13ebab84b9ed5f0cbbc225", + "00aa138e742ae81eafa820632f31e87bdcfce6b909d85805e46d87d1cdb8b968907470c7" + "ef5806accbf6245628c70d264fdd95d", + "04df507115384327f7b8311dfd1227c19a6124cb9bb5901bed45d8d5ca45db0903f53e7b" + "bf136350e66bf2b4f3d978f8bc546a5" }, + { NID_sect571k1, NID_sha224, + "964ad0b5acc1c4db6674e86035139f179a9d5ec711b5bae57d2988456bb136d3aade7ac9" + "ef10813e651ae4b9602308b071d75a934a6c012eb90c5eb9b2947b50fc97b1d36c5bf9eb" + "13a7b06c94212c3dcdab402a563262298defff62b836ead1f78f9d20713710fb48115cc5" + "045ba15140fbb4bdf516e4150d830d02cf30963d", + "19cf4f4d06825499949f9e0b442586fe1bfe3459813a2b92cd8de0f775a4735e02655702" + "ead8e60824180761808d9e816d60bdb0238e1e8039ca7bb63c92e1cf8433ef447e64ead", + "04007b9cb1728cba80367b62872a986e4fc7f90f269453634d9946f79b1fedf42ca67af9" + "3e97ee0601bb3166e85357e8b044e39dcc19e608eaaa8a0066ffc48aa480c0e1e8d5569c" + "bf0580858ab9223c2b2ea58df506d703d64b387a78ef43846894e7a2e47c02252bd2c1e3" + "d21ada7c21d50a08cef0f9a189c4e850c058cc57c37918251b5aaaff2321d7355b6b5556" + "44", + "0726d5e317f888dddc94c73acb14b320ff509908052868f8c6b14e531ca467c1f7c82874" + "76674efd0d636ca94c24a69d15210bb43a368a11d3453d69ca80430cbfb8b6e45d8f21a", + "04ec6205bdd8f7eab414110ed620dd3fbbda4cb3ad9e5559a114ca9344782847621961a3" + "577cbbe43d94eff6ffc8dd7dd09c049239f026a928301ffcddcc910bf196853edc86d31", + "16535b1af98a75b9bc0f122ca3ce23a01800fa33b43584a94fd8a8d6f40077eb739f07c9" + "f0e179a157a28023735fc8da2e2ebbee5f7308925900e657fae7c3b321f14fc45346f89" }, + { NID_sect571k1, NID_sha224, + "baddec4794effa668cde267016dda67bc70b847919a9aa595f93ba9dc27354399ef7a607" + "fbead31e57a8ce698beabb10f313d393980425e67cf95be45d512f00e950c0c5409573dd" + "c3d556f23daf056259ee8914e860562a674311452fed780b3e0317a7fe93baa81fb98df3" + "ae4328b28ad0ac8f8ea33efe24faee658ad026f6", + "098521a732e72ed945a549afc92318fef7156ed1d1ed9bab93b581478cb2339eb32bcef7" + "05c9bf61cf2873ddbadff8ff3806740a2e30ce67d1807a8179dfd5d952e6f8a583baf81", + "0401e09410bf4f84d53a2abf8d106fc64e643edefaea263dc98c308aea16ec75f083b3e6" + "b442ab261226c59ca5fa622db68f5cb5f2d1d465b01d0048554b0ccbf67c0aaf934d2365" + "f60361e5b43d313a62c7b3897c7db8a42116127138a1009f0bf9892981fb4fd6ae231b89" + "40e7509f96e2a49285143010dfb4516ff810a91a4d9d2974c522ff343e93e8aad00aaa78" + "b9", + "128056de96666acd09b93c5db7ba1b8fabf57251ec480d42b702940b5847d2a59b04eb51" + "01bb3990c3ae2a41181f19a2afcf08424f8b922a95df6b292b1856dc4a9dbb1c717ba5d", + "163483a7e0d1012695ce0c113ec8fae3694bccd40fc038d4038f81bd39e71c969cc7f0af" + "8313a9fdd3d028ab24a43279569dcba73fd78ad74897964ae715928b1cf7fcb779b12af", + "10aac6929432a6bc7e12ffa86e4d2421e0535fc44a1160fcfbee477c29a987e783a7f753" + "eb2278ce08954c7e90284d2ce7c42de103a9c59d8e4c459b457688ad515cf156cfc56f8" }, + { NID_sect571k1, NID_sha224, + "7ef7138fc657492d229054f8a50dcafcfcd1dc06f1c16640af3f658907e2969248b54416" + "066eb119adbfa23b8dc578aef18bba79610b9cc109394b900a25e55a779230bb858b2ddd" + "9499a7775d392328db9177aa9571c2f61dd52010b48502154e914a0c55a54edcc04a6713" + "cf7bda8744a893926118b09df877d1a4f3d95e8c", + "0336fb21549e397a190beac38a1ee10f0551952da15f71e11dfda415e5ee08da2356f114" + "d450c661f52b2b32cfc7b9be61732672691a079f0927989b7e9f4efe6095a242155b641", + "040316800fa2d8f8f3f9aa87ffb628dd7b2f63d4d8389ee86ed41bd4c3eecd3f3836ba92" + "e2ff7ee5626213f9ddb41b43561c5dc0bcc3df0a872e4b8026c09c7b52b89b4975a43f60" + "b00207f956df58f75286232967dc1d3e6507634f45c0014c48b42868fecce5b9434463ab" + "fcd2b3722a7f5ed25607270148466f6ffad6a8c86e538640ece80e84f7368d33c68807fe" + "d6", + "1517b3524b6d43dcf3964f7c35c89bf14dd1542c37606452e2035ff0bd0cd1edd6d7b801" + "ecb1f573e957131c0b3f30d5006f6e4748a11b9db10fad41961f4ae53e848c6dc6e1a52", + "1ffd4865dae7387ed797c5ffe58a929cffeab521e48284bd7d4427d5856e9d2582b91363" + "f1d353a0ab1aabfc132a778a516d4033c64cbc991d724115d72ff8e94ab4f95a9514843", + "10f010aaf1bb714042fb8cf06a9501dfd1ffa598d6b3e68e7addefe00e18f3a5db8414d6" + "25e374d9ae70bea43b57c6be4a590c28e50a548cdb2e30dd9d6e3ed1d9cdada9f8b0049" }, + { NID_sect571k1, NID_sha224, + "d58e1ff1d49a471d0567ecf8f29173dab5fe5f6184ab4cdd095c231fa7b82551f99a4829" + "94a46c3d8ebc07297fc9e952a5dee7d5f199b119f6f8b250f8fba45701ac252db725e75c" + "4da27ad77d59a4eac448e54a277986740dfee6596811e59afc9755e53d24b826c09e497e" + "29e69a22bbc85be11763064e9ecad7ae66458ca0", + "0e287ebfd9ba294128cbd484fc5121d271cd33e685bb1804f09b40aaacf64b5a9f2cde9b" + "30a4a02d3a9bda97d92f46bb8787b3c61f280b1e1a0680f1f0679d3bb34d53725d62e52", + "04052903a7afc17cce078b4b658766a67f2f75ac04e296757fd762fc05d6a7b4e4151598" + "a872eb4618efcd06c43cdc3e54f437c0ef1b091ab5e4927d3ab4227fb24d4413e0327abb" + "840385e808bee8dad1a1b84d644aa29fec324dac2242709421479fa7a712d18b54db5977" + "8724ccaf4e51a27da090c6dd0b7967024db0a8684944b77295c9624ce3aba24ff48c86ac" + "85", + "15e8cb22e371965801d99407d96200015ba58fd7eaea52c03269d8a374fc7aef17fbfd44" + "80d29b781292e179936a68ed175802f34043018ed1d6b5a4df667d859cd2ae53ed3cfcf", + "0d3a57af73b7504ef18c03ed2c52aefe1d1a3f0e27f78c11d45e9825647d5ff6e97af51a" + "5e366e52e01e5e832e4264a1d5b6967cd9debda59c955568e4c8bf804d843a49a0c5401", + "064fd7ecf4470f07b4df3b3046041e49f310a463210571606f00a1915c5220a27bb7a28c" + "d0bcdbe374651aac06d4d9e017e31879b7819301eabfe3a7afe4b53f75ccc465815b4cb" }, + { NID_sect571k1, NID_sha224, + "4949ba765c14c31f68ee0ca26bb42ba2edee63537de4a6f5c42bbd862c21288d6ff48145" + "260365193c6fd2b56dfb014da26b8a483776b717c6874f627c9a622154b824565b23e178" + "240f53ee9748c45759ba5c035b584df0f09504e95eb9bce0301653aadb860bb25e6ea6b9" + "606e0ec3bdb8089e6aa0d5763d331757490715f9", + "149de496fa8f88b2741864d0c35b3df666b87179b7bd06cd426a45f13bc87ea9f50dea85" + "e1fd02a532630e0e3a231cc3e7fbb7c7ba85b40cff1124e72c677c6a3ea6aa40ffc64b7", + "0400bb610e4308e229e4b4ddddff5c4633ef2ab40bf74514433bd068c7d59a6260ac7936" + "6dcdc039d5585e660a4cbee990a2cb55a99ea3d26dd9df856b0f3ee5b968bcc349240a9a" + "2d03e3ef4be63fde6ca09f12f8220e1d9b5016f267ca5aa09a2dca8a0e0feda9647fe0e1" + "f7ecae7147a10ff893f69a4f74172c6e9a62f0c5bd96d49b47379c9c84f5ef8e59dea104" + "bb", + "1cffdb963c2c8b8609809e998075299776b44d2808df509773f310124b5f318d7431f1ef" + "8b38fac5cd5580348abc41e6e6396767f4780656361dc9a71dcc8e7c9239d6eec5cdb94", + "0982b9989c92e1a5d25dce832bd8a3f602f0eaea69abcfda285cb3841fe3f019503e6faf" + "8a693712380a48a6af8844b6bd718f0edf3b57662a4fe82ee28d036ecc4cfc7310871c0", + "1678bec58d69def3fe35a64810b27fd06bc29d165593990f6f42c4c7676fd5d4a965fc92" + "cf20ab8616c7ac7b4b308ce6290c5e8b4edf6859fd6f6f01878f2601e22acaeb5ce1f36" }, + { NID_sect571k1, NID_sha224, + "5bc63e5c50b1650f0ed4a599960f1e4e11f6c151b2123fd71d9e3c44662312a74b685429" + "0628e20b30eaba81555acb2fb49b640bdab2528619c7fcad0f2a2880c7ea232d427d7c93" + "5fba2313370fda8863a7e7e203d63ea15d0cfa083e716ce6068c63fa616ddc225c9e413e" + "694cdf6b355cb1293af5d6cdea51168f5634e878", + "17605d7c5873d870462375d741b4bc6375f3d47f7f5e9d998917adf2137a81e63b66917b" + "3dda8968930c4b850f2270eb3187fc756e2beeaa67fe0d73053e6cc0ff0004a21250551", + "0400d8ac3e76c25cdf4902426569763f4ae0638ebb1fbcee6e12a4e0b89d6d451cf420d1" + "0441a0a9984710dcac13bfd7ba70370afdfb58e2d982ac367e178f6834b4cd2d232e7f24" + "6e012b5fd5b686e58df08b695fc333937eafad6006be5a7bfb1426206102a79bc32fd9ef" + "46e19869448fed0e917fe059b76c8b5a9c403c3921ad07e6c19ca7bbfeff5491b22f8bb9" + "61", + "09179b3ea906137dcdbb97b27f3690bbe3bc4f1f57c46ed60b8503cae97602717a0724e0" + "55a5c52199ae3f08f1586b87fbbe514667d2eef2fe44092f3c916976c7b71eed67e8fb5", + "05b28342703c83ec2df898458fea6f71030e4e9c567d140ab09cc95df29ccfe199837cd5" + "8ed00d07241988bf3c863504d065ebbeb8ed11cdcb02da0a945ff38ca58d629f76832f1", + "01442a5606791569749b5a9f20ba8eaaedd1a2ceaab2ef55d5d41271ba23f6a5b6a33c76" + "763fc99b291b07283122596a3331fcc9ac038447f3e0cb54872c140300fea65d7809191" }, + { NID_sect571k1, NID_sha224, + "610f6633718e49d232b3798654095e2efa0de11f41258b27aa01956480c870d901efa77e" + "109d5f95f1f5101d3c90fc51312d9b3019d2e42e0067eed7b457dc7fbe5466923b62c83d" + "7347e4dada571b57813bb9c21d5e308519b8eedb7a7706508ad04aa69698e03636eb30fd" + "9fb363ef3a185756494ee01175b16847f5b68076", + "09214dc2da0967912c31995cb8f5bcf4bfa832c5a2d3610f3a9857e5eee7c77100d599d9" + "ed003b4106013155dffd6c48859b846e45e0ddbc5fe24f4891c9b2df51407e9cddbd974", + "04064376a92c1227c1c479260c7497147760c103bfa5be95ca1593f29a851daf2e5c3a5c" + "73c1fe3e6e2506fcea710254ab5eb2daf8aaefc19cbce7b1c4afbaa2fcda1ef85750fc0a" + "3e070638482e5c7c17a82980b863cde11294c0df717bfa4b9f884cbbbbf80a64dd2cc7c7" + "d89ed21e10561260d372da2fb726de71863f0f60e8ad0fa5e74fb5d29bae0cbe8ad6b32f" + "6b", + "0621176102c6ebc2c810eabab9f60feb71083c07751c66f719370713ec2de9ee3957bba8" + "d768b076885db1f226a9d37588abf1b141d81b70f0af711c52edd30e92e34a1d3ed214f", + "1a21d460ae85d0703b4b10a2f77547e45135048ffea590ce86e0a1c049f8a4aa7b395f72" + "3b7480cc84e33f4772df8f181f3919f3c0b0b4f276b0f855174103a2f7bd757584425cf", + "0b56bbdf6e2be1b9e754f9b48b3ba9a13403c17c5cfcc4910112704aceea9a34209df406" + "ee40e0a10cbc26d03839f95e775e80ec5e29b156fa277a5ac68abd99c7005ea6ba2695b" }, + { NID_sect571k1, NID_sha224, + "c548f0546cee0c0400401cd540a0aa9377f27ac64492e6baaf38e794db4df83e64ca3d83" + "b67bbb46a6c269c04c2725287cce0dee984a0d468c9ce495a7e554a6835d72c7493bfe88" + "dbd5a044a148c89001b8087fb03e57c2b7212d0b175d616333a9affd8a1802dd49ba9be3" + "ab6c6d9f99a5578d26cc4707a5860c6c804d69ce", + "042f2682e9ac8b76f3c0880e12c292524601dce9ea6982dcf68bfdb0d3fbfb50dc9229e5" + "4149ef09b95bbf624eb04ce1427077f30d8536be9f69970ddb449ca22ab8368d2689ed4", + "040116135b273ef876453b9c4c39e4be5a815874857f4a72602f0d03b4ecd9a4ad73b906" + "00c71111e317df0782fc92e6ce2b194c204340bc11e68cc22ced38e99f90dbaf0f917e97" + "0d036dfa65a6e9d0ba521ade7daa2f6b01e1d14fbe7b5abd29ae71c4eff66c390914bf46" + "f09f4ab8a06dc0fad6fa257a85f993d6829b5e0add5086b8fe2ecb8027d08eec1bea981c" + "c4", + "0bf116711b31ca347d41a6cee5aa13a74e042ffbf79d2ae9448598e6950d721b3773ae6f" + "25d7b49ca9dbcd62feb011d5d556bb9f8a55a7acc9a3a166a4169351bc31a293db68eed", + "11dcb7f4103e814439df22764f776a74aa86ce9717585712b224803f0ff193d5f541d941" + "42812c726b75e8c2c37f2a4c33db6af118af73d3ec4fda49cfc911fef1eda9a470ff200", + "15fa4ada3a6e95164aa8972f14ab7572a3b898feb6cde160b8f25094f67343d35e6efdfa" + "b18793f77e09e5a42f56bae747b2b66fa9fe1e4a97e5e05ca743c058b1024cc848393b8" }, + { NID_sect571k1, NID_sha224, + "9431c6c5237f6b4b35682a0c32f68752035c8b295a1763c5dbdfd73466cea64a00ecc113" + "56d02d2a9211dc54548f5db1651e4471898402c887fbf45005a3bda271df0158c98319d4" + "d6751b8ca6b07100182957d5fe0d97c4e2294406f83e9afcae4850bb089f2252490417b5" + "afd8f07f4c795fa84c9c7cdcce26bd97273c0072", + "17ed9a9c75cf66528428e85b0f019e3488af8b893b12023ff1b4ca9c3691b74e594539af" + "a0f4d7c3863d15399b862f15e27bb077392d6bbd546ddfd46728c75177338466eb2f4ff", + "040760779389124c702686d8d7c25dccfa74fb333317bdb414965d2c271ca5e687c4cca5" + "7e6f6149e1714551761abd4d651e7b04451d8be8e58c0c9e361fe0c6771e3d547d6ac3e8" + "cd052d5725d14b9aef93b83d638377f5a19e3cd6e3584121fdfc2c3ba1a588491d7e9892" + "be081c9e7585a15b37a9cd4c204054dadf06a9f4ebe98f95f6554941982faf109c2af98c" + "65", + "104ba3049a642d9b49c4302e9173a9efaf215b67e060c5e9673521641c9c2a5b14bad25a" + "448e46faf73810979a3a50104ec8c5230a909ae588213161fbc10381d7c75b35c84046e", + "1bf3e89fb0beb1ab854a5513278dbd8b9c6b05c94ab67145ceb1ffcd93d1a2aa374db46e" + "f327043518a7f272b957dbbf9d6cbd6708f4c89f05865932b7e816b12a59647d972f6e5", + "13a8c121c9c170b244ae3a55aa2d53f4ae5af91b1f72c066207e3f52e44723bd4ae419d2" + "4821b83648cd64fa70536605912a5a9319dc446a6b2b639cb99ed2485271acafc2bc988" }, + { NID_sect571k1, NID_sha224, + "417cd5f60416f17081d2c70e9a510114e08be83573bf9deae75fbc3095dffc8a7f7325f6" + "1f9d6565381710eda871388cb17619e4448836076338ee309a2bba5f737319002e259b4a" + "875cce1bb97996101c9a7abe0278dcac203a712f0809eb3c4b85a9c380550ab0bbc5067a" + "8edfa78abf03c09b5c08f21714e1022ebfcada4a", + "1bcc09b3f2f1d26ab9955bff7e8c0f85c8a61293511a196b53d7963f4a4503849c96fb4d" + "aa68c9852ad9185e01a35f0bf298e34a09ec352cb6da34f89a1f23e8ea27712a8f43aa7", + "0401326341764a4aea222e7413a4a6f7bdc0c35ba246e3c68728ce06bdb19f2e1b9102ad" + "d88a8511130ff48c0cbe4012ab52de93329670a319f6b1e7e7dbf177667d4a98d3891ec1" + "4707a4aaa73713bf8fb3907d49e5653cf82a9587518c2f8269cd1e556a3be3589dad4c23" + "8e4c80681e141be93c318f0efddee3e378cd46512d778b9033dc8706bb843a3c3546e76e" + "4a", + "13412a98a2c14a9672ecd42db9c079a689b147ad91869c3d45a7046aa9dfd3f31edb43ce" + "6b84e9edcd7e3ac6b96d89f13878cf5befb052a6f8a4e5577bdf916adb10d908d5e99b0", + "11c8a92044a30be397007a71d9af3e4222556a10f3a07a1521c1bcef73b4ddb94fefdebb" + "a5944d5bd91313560718a8f520bb5cd5666539756a5e9b66a1b2d18fde5ae72e61d584c", + "1ea510e23ccc7596db529dfbea78c99fc78ae53da32ad7c7bdb1df01039310988ea60182" + "8fdfc59a0cd237110cfee9de8711c073be44dd4d04bca4b1cbec278b1a9ef175d93f70e" }, + { NID_sect571k1, NID_sha224, + "eced8c412a153a643ccd69596389f83b6a36880286f8aeede503452bef8305942d95734f" + "b5733f37ffeceb1c2dae7b1396c3323de11089082745c28a1756f784423fa7ad68bbfbf0" + "d93ff8b7ad62220500df6d6895788402c1f5c69c06dd9ef55e2401cf297184e411be87c1" + "bba657f847208c0e750f94a3df92f253b377b4da", + "0ec52fc3d9c272ca80623e06b15c35f349b13548ef7ee400bbfa04196850b3b8cc7b2392" + "38c827f9b0a3160cd97969ce21d66752791f5896e0385b0527d4d77e4b9fc70f04d73b2", + "0405cd2e63dcd48fc793c18776d030398dfe3f8b6978eec6d23f49240581fe1e141f6674" + "98421f4c40a9430587fa282441a78bb641894cb79d929c299f1aede218a0078c247f7402" + "5200cd2843ca87d98f6336c0adb97bbb9c5293a03e5b86d5534e2849ebbd73dff837ffa4" + "88fad7d134908234d0d7fdac8c7fafb4729ecf0516c42995fc9337f60db2f36eeac69a4e" + "42", + "1c40a15fca0c959852afcb4ca6cbcc99fb680950c64ba18ae5388bf783052b6ef3730b1f" + "b1487189ad983b6a68bcfbb707466092da52ea8893d8bc4898eb133fd771e78379b9c13", + "14485cb1caf1527350587d6695ee3df2b21c13084df0c093ca5109d7c192e7e5df2232ed" + "e11dbe5ff2f46b13dc2dedb709a0fc1641c1f32857040147599d8f179fea6b2f2417646", + "1a16ebf12c11d2d0a64b7ea124623ffdfe2650fc9603ded571e76dbd7e3b27cd32fcb709" + "e2ba04aee0e8e1b942a4e829cd0c9683aee67eec27d4244a2cefc36f84f7de209e22a62" }, + { NID_sect571k1, NID_sha224, + "30e83ea39a92036e22b7bed7639eab5e5be1d00c20b4a9b9afa9a0d1653369cbef363c11" + "9cc6f921c8f84663949c8b8dc9b743ac2b1861a480476e9b64c8f333f34b6fa0e1ddf09d" + "49618ee4f3c1f46751b5595f0aea413d4ca46f3c26b974b112cbe99c813a96a4423764c0" + "69454946f213c5f066ec38108f947abeeeb02fb8", + "06403de7627de22d1dcf6b8da5af62f9ec59ec065cc1ca1311bb98aa439a6d5985619b17" + "c17a70f59e17cf180ea6828ef57f5f1f8ef05680a9fc12ab7faad5af61e4e11fb45d341", + "0405575c329d73f261ab6897153d7261f87e9730eb5dad49c05d782cb02e483fac4a9ddf" + "f31d2fb695a62cdc44edef6398be8f4f84aea1d63d0b3a771fe91889dfac4780063d2583" + "250183e63ee783abbd00547567bb99e9b578ad8ce63d229db41c6877534487568c423d4c" + "389154af9627708d8d8f863597bc668e88f9412b21a6696d07bba06fe7aef93b26950c69" + "ed", + "0e751a4918643ba3e68bd9406a4386e876d0d66342aefb4ef75bc4dcb8cb2e2d9f8378bd" + "02c388c776535ba85d24b206f5bef4b2f23a1c99fe2f2e8ea201009ca468e5b2e21dcda", + "0ad6792fdff4c621219549834cf03808645171d944088f5a6d3cf1bd826b5588544a32f2" + "31e8428a03ec02d6c1c1243fb6b79b1cc6d732be5be8f2cedf03c1e5588822eec559b7c", + "178b64bc5f9fcedab17822e831fa52d49ed10afef1c5912893df4bd8dc960b474ed25883" + "ddc343341b696fdebd06e177f234ea45553cc83920a8c799ada2deccf1ddf1dd9aed863" }, + { NID_sect571k1, NID_sha224, + "3ed244dc16a5cb292db4b1433b0ca3226913f07377faa20c6c1402cb4d026de808ca74a6" + "d4ecdd7c4e662105bff6edb9fae0117c50aa053aef677c0750c7a446edbb879110030758" + "912e8fa666489d702d8fceb719963b24a256429bbcc869a1f4ab9de9db89263e3684d4da" + "a1df2ed94bb59dde2abba63793e5f82aa2e4db83", + "01fb980aef64254aeb9bb613ff2fc6967503db4bc1f337882f1566cbeb57489cf32e34f3" + "10549f41cba1b951f487453c29753a184e33330e90d4b973d2e406c99a239a5c3f96233", + "04036ea761ccc71ba55aeab229aaf874a7c2d1ec15d821401e2988dccf02798c4e7bea80" + "d9fb8d30be213fc80475a17f45d60c53249b66858d29c73e73117162934dd71096d74674" + "2e049bc28f4d45d29c3560915698d03271028f56c29f0ead0608cb72dd0b62490f95bbd6" + "7145a6c0adff0d6ef396b4deea6a5e2a33f242bf17e907b136c039c127d6012c88b76aab" + "3d", + "0ed404ee6b59ffc445b16f11b9b1471249443f8a7309ad8a662b7cb44c94866828c906fd" + "64784c699cd29d3d972e5db3d42157452630f14536eca23cbbdd1d37e199e5a586fc352", + "1056938496df511d745f2cb88acad279ec2d58bb36498fcd8139d426d596de6d145b765a" + "5b3e8366845fceae91d14075356a32515134e577937ce2af7e732b4e89a9164d083adaa", + "0d5156c776f2184babd69c1f200b8bd94289d45a2f8b7cd8e8afb1455e8901d8c3ed14b7" + "a23b0976b85a22b86f3ccff4ae91e286f696f39646188b675895684f33f0368098fa7ca" }, + { NID_sect571k1, NID_sha224, + "40343935d9423ad30f3fb1832bb08a5d20ddb3a55b59057cd275320db4a5835471c96cfb" + "7d67f41ef860cf5879897b8dcf307bd1a52a6226847b768ea38ff1858f59e64cd635b51e" + "6863773cc6c64b363ec47ca39266422406264668415c189e2f92447ac4c63ee5d74e95d1" + "e6af05016917ad237f482ea0b02aecadd370a8bb", + "1d96dc09dfaf602789c1dffa5c9ba130832badcf180429660daadf4cf1be5cca92fe9713" + "173861670eebfe3a0ba25bcc76aecac60a756f07b69687e05c7e25984a39556469f62b4", + "040452b1cd70e3c88bec1fd0e4b8f8e9bd5f844ffc12f3d6769eeb1c9ea90e5996199086" + "82eb5e43b1d6eea63ba9353fb64b59d6549d19cd95f2f54156c81fba53aa0dc91244e7ab" + "8b020926ca366dc657d133f0ff9149738738ce68f3cc2f61dad590e2502e8fea714b8954" + "3f43d97b46b7075c58375efa379cde208ce769a16be9a377a111a8ac51459840a223f346" + "95", + "1dfd064dbe64c25a832faea1819cd836d22583fc40b2ecbc19b1f5173c25f33ca8cb7f30" + "bcd619ef73a4c14c46e610c8996059612728f508bf7db7ab3191ad61955e8b1ba409692", + "03cbb0ae5f7c0978ad8c10c4ff099767465ed6fefb7358f3eb58a79366707107cc88b305" + "661526f2972bd16923375dd898ae72e81f290b86cf9a4dec086d7ef04d7a7bba5087f8e", + "09f77a86f0da4e35c395978603cbb9c4dcccf126b7cc924cf62732593bb1aff0dabb6d58" + "321debad4410dbfa1fb8fe249bfc336db7669e4ee13485ccf8dbde01ca4cdb9acfe5e74" }, + { NID_sect571k1, NID_sha224, + "274567f8841183e68c4f6c6b36c5a52fb0e88492e4076b9cd768bf571facf39dad6affeb" + "68941ee326ee461ce1f33c26e4bfb3c9e0cae8241fbcc14cc69c1af68701fd0be3def1e8" + "7b7d52b682ebbe1cc225c1bd177b0886e3698a06d0e410a1f92c9bdf7239189f6acde0d0" + "653815a72987671b415d1e8a70e685d6e5b14c33", + "09d98b32c8eacd135ffb8e13223690ef02c0c1f29ea8b4da193502c8cb3f39f9eed608c0" + "2fd457f2fb685ec4595e8fc8f388d26778d225d2b18c9bc8b199d8b65c0d1a6af33854a", + "040775560724ab7d98407e20af12b03634a757037f8b3854957e11900d58460ca20d93ef" + "06436921f8d4481ff9123a9eff3973e17d441511df3cd88d0d6dfc8016d2cbfb89633784" + "6303082aa4a81d4e6f0ffc94511327202f2baed72c08026e05a288eaaeaa36a1a4961f40" + "0b4712ce68778ff38be43adc2222a986ef0fecde62f861575842429816c8fc77797af018" + "c6", + "1f4acd3430931ecba5e9d986c6712467526ed94a0bfff36135da3ba7dd9870ceb38fa0b6" + "58dd391ce658774c6725360dc20e5ef41daa9cf52fa863840ca91053e7287ed29ac69f5", + "0502abe544fc3262663524cf88a5bc256b20829b7bed3e2779f559506adce3c4f3a89e18" + "bfd31819f78ae3809d9d0710c6591b2fc90039328678aed9df2fae38a74b66f69295d82", + "0b2f055248d9633cafa4db3b3cef0b76ee02f6bda3d508e19c68870e76a02c69dd1013a0" + "3fd741e854cb34f815432bf48138203177141be7209e957f4db1a958fcd45421a213c98" }, + { NID_sect571k1, NID_sha256, + "d9c99b8da92d3c2e40dea3c4025dc37770e867c4d2746c4d726b6de24250591a586c166c" + "88acb8ed340e161d4c81b9d14c919a1b06f1feb22c5ce5fca2693bdaf4994ac72c8983c8" + "7f331473fd094eccb3d5f3528e69d487562fb5a65c150a8217192f8aabfa7adcfd0b6916" + "d5000248fbbddf1ca2f38e3d9ed2b388998b7cfc", + "04d873ac744c4f68bb044783ad69e1a733cb8b8f483f2695bbd90c4211282036ad7914a5" + "3b25c3e890c6824643cffbdc4138d7ff457e3fbb99387494eb5cf2bdf1ad243a3a1e644", + "0404644456a4e5c543af7a086640fa9ff6627c2d9f17066d255c3e805db31fb1ba895682" + "e94f6ab96d6ca449b0c3f76bfd6593d182f422689b31d9dc3bc0b70df210a96d19af9ec2" + "ac01d38f8572a06ce22c1586a8329f9421414b334352f1e8b961f7e0732ee01e838eb975" + "bfb2f62132bbfd9acc6ef8899b4fd388c2b59e564fc3670da7a008ca016de678d6dded13" + "7c", + "0b050aa7266201a42dbee063ae2a21398ee1d2a190de9fbbce2468836e416b3ec18d7340" + "c81fd2a5283713f9aba33e8cbb105eaa2abbf0b687fe2713921bcbc02a4b77df21f762f", + "08351115714bc8f29b84a6e3f0a23bdc219d4271a9ee18bdab54c3acc9cb3468beb1f89b" + "0f981da5aa7d7ec7ad451bc5e91bc98440fe20f5877a4e73614820b9ab6f2bad3e2e609", + "0c64baaeed68178f5a1d8f095b0932fb73f9a02462df5e8378746ecf17d05971a0a287d5" + "a8e0317db055b02d4f4b5864597d0f9a9cb1ae68577dcaf7db09c55bf3d3575197295c9" }, + { NID_sect571k1, NID_sha256, + "d2b88a01fa17703c99e5b867c645e98feec0d6d1afaa20a97b5fce9c23f0594460142af4" + "e36a5739b8d26d3ba35a0263caa5429b4abba157f359fce701c43372500fd2ae1bc2ed80" + "bfcaf8cab7016ff93d4a27f565b7e67fe7dde22bf02c48be12114fbff2421517c825019c" + "0ccc72d927bef156140d7f0e9b6ee37af78c3efa", + "18d2eb947297a054f8a789771dd875b12b26ef057fb91235dff3b062916f85aab3365609" + "bd2a38a861439c8514e33f174c198139354e63766942f605107cb1b9709b782622b295a", + "0403f6454f1dd032a925c6bc3e1c62892c1dfaa700d3badf83f07c1185c31ea817641865" + "a129572f3351340fec331f5ed466db7bea3ffa9723c951b518ce6f3c9263a7bd6866c8b0" + "b40188877b68c10cd6ee543cc5638bf0f82db25b9327b2d81269dc61250eecb976d6568a" + "9df29277836b97973e3615e0a4345e610b33909c2340a23c61dcc6e2baf2bc363a333818" + "02", + "0ec6af799d92ab52c51cebda61ab642d4876f374edb17253a1de3e880048355e58367096" + "d3bc0402e4b93fa6a6c8d55c529b9fd68a27962c19274393ebe1bd0b1197a28125275bf", + "095c42b3ef01c0f9ab96693526e903ef3ccf0d843776089d15e77093fa9d010872d65cee" + "1801f821bcce747ddc5875eaa462b00424e6cdf0995b87c6cf33c37d4463848a6ad7fee", + "0c4f0edd4b2dff4f9fd1fea5addef6d483bb51c27bf5c7aa13f9482243e5ed5571bbe0a6" + "58543c69b731de56b6b34de27795095b3676375cb4686b45d48010fe8c941208cffded3" }, + { NID_sect571k1, NID_sha256, + "a704a1428cc894f958774368979fe075353b56790555386e3b043dc6a2919b94a11c7f85" + "883f46b4d47b324d349c28c667bf9a000daaca1d7191f2a0fd97a4867aa9f72422134a69" + "0625408a9ea4b723704690b69152655f9e9dd5fa3dd94814d97dd4f13e85c3f9bca76949" + "1c2461fbd17e28afac00bfa81371d5039013da8c", + "0594fc0b7a5cc0216d2e78eeeb6394c8225de795f4b73bec48b2f4ede185ba622b59a16d" + "d3eedf8cf2c94f2ccd6dcd205f64c97cf1b7f1e34129e94b5129502909f43940dba0746", + "040271cbd3e0d73ac19b975559450d686ed67eeaab4175435b2801e8989966d7c5ba81ee" + "7d749e43dffa12efba820462bdb274a57d04cd7e92c180cdf555686c78aad58444d5f171" + "2907c407b46e93d4c2b12c967cd3e41320ea8535a2ff24372a5791fac9e95865e14d545d" + "d3627dcb4aad2350db248ef49469ff4d59a879a84a19d1c0e5d7ad3db432af927c88aa5d" + "48", + "1e730d50a9747c7c1ce2918fda7575bb81a74757cf9625d0f0619aab7f1eb6954dbaab74" + "9e573290406e599eddd7d3376dcb3fb98c116ed7b65729dd04ece3eab1d7b4bed52326c", + "00d59ebcfb30d7b27c87d56ec2fc9286b04b39e68dc49b395f374e19647bcc58f2fdce1c" + "0dc815cb2aad55cf863a4786efd6c3a0ce56c1d92aa20a19245e74550c17fdaf7a08340", + "134e80d63c9b328e02ebafb75eabf0fafba886f48b25206cca9086e03658ce2047c94a52" + "22a206c6c5a57ddb8f59c5ba1408fc56668066fef4557124c430cbd1267455e0b31a8bb" }, + { NID_sect571k1, NID_sha256, + "f8a87c4acadee27a908718461e3b45060ae4ebb009b10a15926460bf219cb7e75dc3a993" + "fb9a741b94e2fd71615c50f6df958568f452b2cc284f0516816bc0d2e2d45f663155660a" + "26326f63f4aa42a6e1cc8462a2ec620a365257ec042f55e4047b62af689592a1a072553f" + "f174dd629a4f51837780ca232cf479a68c1ebdda", + "0f000631106c5851e8ae0802b01e7a8a8540b427a8a3956a1d36f0600be89318032320cc" + "420931d825cc964e823745c60aad3437ebc1c91d32004472e9677605fb708e5a71a0d83", + "04034136cc7b8e2dcade5cbb9b3d0e0857c485ee791f862273749b5d3757d072bbeccdd8" + "eb81c67fa6927c1aa54d823193c370fc596d0d903214d7967b905292f4b96549b3dbc9b4" + "7d056f69b42b29ea82b9f2fc377e874b58ee785010bb7f5814907fb5531789606810b716" + "13a36035cd257864e414fe0e6ea353f398745df87ccf25b3a25cce1c78f61f5039d66241" + "e6", + "009781f5d960870a289cc20f6b1af56602e5e12d9a7353e81b89a90b0a9675686f155111" + "57d9fb70b82e8b2e25534f8ad22e14ed518e62a88f1ae21c56d4ab7763808851762d3ec", + "0f3eba5ddbb8c127419fe5e8cc1aae2239bfbcd2ab43a006020b96c9e7db832fb09e0bc8" + "87aaf24848491d4de935b78141f426875f7dcf2937748afb303ec5eebd01b6a82a8c4df", + "17acc35bd81cf24f983072585ee1e096459b408da909fd82b5ea86b77154ecfbffa7fe97" + "271f50b67ca3c29ce704b28186b831300db0aa0dd6147d2d160e4aff14348ba76e6f711" }, + { NID_sect571k1, NID_sha256, + "10b5438294a77c7e517ecfe8f8cd58d75297b14116aa93e574996ec4acb21837e6297cc0" + "e7e7b5861e862062f192f2206a01b1caf42c6d7181d02c7d62b76c2881f8479449b02d32" + "c6f792714d8f70f0c75e81c7d9abb996be87f5ad9a01fe42b75855558d5f00df392b62ae" + "0d258f3f67dbeaf07208952e679a2c573aca941b", + "1023997206341c6147c536d034a9c38b4012035dc2c9b7ef0bb9cfe65e7d788296f055d5" + "08a1fd957b2dc7f9eb10c27790f15f30d81670945e54a508c57b70b46b4a09f4c769289", + "04066bd3f503cf42a20cea4a55cab75940907f38fac7fb024c55245f02d72d80336574a7" + "2fb248b1b61e3205b31489ed789ee78d88e487db3f5a1cd48efa1487916b8707e72e4be7" + "e6010b6e4330af0270abeccf0901dad2f8f64f4993ca93a7c5281dfd71c6ec405f9a9bd7" + "8008fd22fef76fb79e20a571df16c4d97244c7356e3ad16cc489d3a9b2e3fdcd5f23b48e" + "26", + "09137bd8436dd126924943e8599c87f64564297117766580e6344aa3c02056c811fb996f" + "264ac4f8f0cb33eaed5ef8f120d43a1d2b3e5e34697765ff9db4b4683ce5c1596d74723", + "03b684a66e92d352847f63196181160db3de7a304b6e43679340eaa9fc828322b5b9c16a" + "1772c981ff0febb474488daf998d4acd867e78019b61804bb675a98cef24fdad088afcb", + "02649a94d2bc243e997bdf27be7d6364459c38845c3bc8d1c8b549ad4689c8a4b4fd5519" + "3ac769b1da607dc96458e2f6abc602bb4048cf6b0933da6785795d04d10f22e439748a8" }, + { NID_sect571k1, NID_sha256, + "d83a52d43216fdb16b1b40469863ca8eff4df9fa358deccb5ffd18b3e22a9d654aedc98f" + "3dbdc4f5b4e56b4299e25d8a5a38d01b34eb93de382df1ae4d1c7f966e84b84c393d167a" + "ecc6f1192c4b42cae83748b1ee3d9147ce7de74cebd122695b455e8082f86e3e488fb0f5" + "1b3b7edcd579940d1cb9d045296e5e38f201b7ef", + "11ebf320ecf6a908ea5b868afb8e22246ce84e743e1076d6185ec65dd79043380708bf8d" + "a4ba802c3b93b8d15509bb7d7de9dc29f1e9fb0f0f2cb97a26698f955b1f7ef668122be", + "04038b2760315b0999f9629922bcdff65cfdee4938d4aab8cc3d200aa9c1db843fcbfeb9" + "da10afbf10280110c49f0c18f15c2aac4f39af35a79557c68eb6cf6afaab973538b98b0a" + "6c07da55796396e919f9b5967608af06bd01e8870354317e76bcb8597a379129e35bcb69" + "bbf6b38911a03c3076f7fbbe9b179e078b442c604519e330282f6f6c21aba515d6d73c02" + "57", + "1c219274e54a4c5e1e1aee3bf805a7002bbfe1c030cd4c8a1617dcea2a14b1d537a64cb0" + "7c5a1385edd76f3e4ea9a38e38b458d2c7bf8eb56a57fd33166bf59a8af2e9639106929", + "08677167a7ea1aec4de76d1c5effdb5a1655965850bd6498aaa4fb3fa50f213fa4d99caf" + "4145b4ba87e34797babfe614dce6ac21d9c13dd0fcd9802b1414aa92dfa18318c7e57eb", + "048d6161a3739fbb3ee1c223bc82a46255d10a86a605f6c8e1934b13f1a8662f30f8e95f" + "53848119c61f08037ee5a2440c8faa11a6b1800078ed476b2a3f4cfdb25367c8dc2989f" }, + { NID_sect571k1, NID_sha256, + "eddf5553ed4db6e8ce72cbcb59fb1eb80671c884ebd68e24bd7abe98bb1f40806de646f4" + "d509be50a3fabfa85c5630905ce81abfad8a55f4cd80208afffb9056bc67d9dd7f4660a5" + "f924af2a3745eec2daec39a3fe36131fe9eea444b92d31f6a125f12125159ba095f89968" + "a7028549466f41ad45668a861f671050d2a6f343", + "0746d5c824d78f42a1fd63d8fcca61f154ba3e75788b7a0b87f53e5420e23a935b02eaf6" + "7bace8dd8a8e7c1caee30154c2428e0a437cf12e235f41c416f92fb54528865fd4766d1", + "04063645fd3810e2458d15b43287f329c354b07324c0707f19847c544f129e4de1799996" + "f805fab7dd356567970e10eb21d875e8ee7bbce56c666511f9b4a4cca986683e937d6f0b" + "3e0595485c9a7f2a97fa7f8453df13b75682931fae10f3441042199fedba91a58c105df5" + "7b83d2a3911a2d34a2d41e451d0d2549b0a0a65b42aca40aaa618c252baec171da7937d8" + "12", + "0674788e75eb9d5ceaadad9fae036f129178fde1a584d73cf284acae3b4cbcc208ae7a5d" + "35aa473f4e1201c19ee5bbe685ff9218a8e2188f3428ab45bf09b6b600fcf81fadd8d69", + "060d6dc42329687012a93ffc5b846b4dce3df46ad12eb61437832f81f4fcdea7392582fd" + "75e701e106e5b83521759da6a22a21addb63b73783592d3f29347f3d484e05c19db148e", + "197f3b2d4f3e10425f4cb60dd1ae84fd8c87f62a2cc822342d5f0be4f0841623227c5cb0" + "f8bf83fef483a061e30ecac86cea0210036083a99fa1247b49e19a7f401a815cb68ab3b" }, + { NID_sect571k1, NID_sha256, + "3db94335f6d1a125309622c0a9d71bde1da09371f0285a93bd0aac255fa8f10a56074e0f" + "6057f1b1aecf2d86a2319590ead96a2ad1336fe844e09339b456be32374ba2e659fbe9d0" + "f2cdd83444d117d2ce3204ce4b4294dd05405634b84747ffb4227160c4e5c2c9da9815b0" + "c6d20f55705f16cdbaa13d107ae666d707ccbe6c", + "00670e72ac2de50dd2cdd975a6cdab10ac45e37ef7a28c685d77447051496b5e161f8b1b" + "93f6c7f32fce8ea05e94ed35fd7cb28c44bf51ea29cbaf5aaa31d6abca30a89430323dc", + "04054db4acd0815aa7ebec4f7661d80465c64f1fd4147507549352bc07dfcc6041ad309b" + "fb1434b60f73b3d61ebde91f849004d55257e98b6ebbbeeabe960f9429a55a36ff75c112" + "4e05b6f36f76b3b3c780b6a70bb8ea150e9cd6895ff6a6765a3516acbb4f5efa91434def" + "52dd0ab81f618ff28db10fcf39264be8e7ea76e06516335ac5ae33ba5393080f11418911" + "0c", + "0f74a0ec1a7496043d78891e308c82b4660606642ea669e4406683d44b79dd6e6a1b8102" + "92bcd6a9f59bcc2e590518bdf2e9224755654026d85cf2a3d9768d909278448f0d63fe3", + "047d808febc1065646e6a5608d62d1445d922084487a64e9ced5fafff2977eb3a7e29984" + "230946e3fc77a766820747122fdbbb9100c591ad7c9dd29d07efa2e8a43357e3c47762d", + "04dd6c8ce75bf2792ef227cd5a3102d30a9a31690ff5c21354f8dac9f826c86ebfaa0465" + "3f0ead103b1c8ea59f0a78f5d4e8eab597ec6c028ebcc57f4ce4103ac14579bd6e15166" }, + { NID_sect571k1, NID_sha256, + "69166ba40768d0a3930325405edfd85f3272f7b8e600b0b319f070274c91f9f03d0e6ec4" + "bfc7b4445e91b87cecabfecf5e77c7301ee3c6b0affca2fa02c92216698705eb75443eec" + "c25438db2d2fb4b24f4195d6b9c05c53e0868d3e58477100607ffdc31b18c40b4ad7202b" + "b034e58653daec0f6b33c024d42a3fc84bd8f86b", + "0369a3bb96f884983c23281bcd04e24a3e5f6359f81e3c8e46f3f6b865eb6bdf98a630e9" + "0646275c587e41b546d3ca7688cc207afda15cf9b25cf83bd6ad27908647f3f9de59de7", + "0400eb02f6e741b3f83a9dc50853828b8a6e0861ffc644162515a264730c662ba388ac0d" + "705f8b36f5388894df5c1bbc3582c85de141abb7712caadd2d616da589bdffdd9258808a" + "4105dbf831f450da6f8e503c19a7788c1317ebe556a458e2bfbf3137f986c9c966a14ca9" + "0344be1b76457159c9d70f13af7fe0013cf605010a8a3b84bc0fe187c7d93e4cfb2639de" + "57", + "0ce22f7f2f01355280ba2d2cda06a55771e66f598bf79c65171e08a98f1d954e4beb3ec7" + "7ab06ee60c5fd156a7098023558e3d630641579cc179739bda6d860f8ba1d5ef717ebb2", + "0ae86b40d10ca45c20bdb3db55a6dc12e9b75754679eccb44c40fa57351c23c062282e1d" + "a9e1703176e4b8f7f224982f2474494772a20269c43a18a7a03fd12d8ebb975b83ade0f", + "15ff7b34c3316d9e7ee3d7b48ebf97d98453ca32f3fc67fd08761d93cf34cfa5a2314fd0" + "752d263c3eb7cf842aeac395d41ad3c04c1a9d3808b4fb7489e880d130c35a26b702952" }, + { NID_sect571k1, NID_sha256, + "f64cb668b72f1e6dd026a478505c0eb33446ae9a2993bc7648aaed02e172fa9a0e05eeec" + "61e756ba246c1dad7e85d3f01baf734b1905c5bbd1b08d833c2cf1e079eca75b866d705c" + "407eea8618d23ebbaf269c7185984b3bd4117ecfb295ee6b47eecc8d3a78bb96552f6be3" + "14656f91caff793838226662c75cd7804b6bef79", + "026717b039df834855511815d5665ff9b654facab469390ae257b7f0eb4dfe66ea0dc037" + "242ed0c13bf229b8f7ff26da9b55fe4750d3451c62804aad493c179ae45d08ece5af085", + "040191a6d1ab9cdda2d593d5598a966efff829c04c421804c2297e658adc5c9a6092e146" + "b25c730ff7ee65cb9812ac9ea0c18dc6b60deda948b4b7568e8b8e14411a6969d7764652" + "ae03744af98387421d958b26971d21928b73bbf5b0f0ef183e9f606d0348fa715f153a60" + "b6c7991dcefead2ebb875d0c1dbd3665dc42a241c565ea0fb0e6349b4319c3de633883a5" + "16", + "0dcd28cdfe9028a4a6df1d41019bc58e4a1540ca94b717d258f2afe8bec560f3028e15ec" + "1e8bfd422415961516659fa2b006256745e85e488c359e8cbc94cd2592bbb892a19c45e", + "07ba5911415a3d21a3d98b400f61eb63ddda689bfff0c8c3ab83668b1e4bf8a703c853d3" + "585b8bdc29aa2fdc41d5e7534850f4656ec949f0a13fd18295b662c9829723e5a7fe3a1", + "1b027e38283d74c962fe0e7b58dfbf5e21ce1d9c91651bc98284008f44fddfe4cec94419" + "94e690d72a8ff3ba2b538718aa678e7de046b653403f3b7c064ee07c9c3c6d23e1b068f" }, + { NID_sect571k1, NID_sha256, + "51ee0b98eb6a3e3c1afcb35a33697c048dbf61374629ac5702a57801fafbea4d6fa5a26c" + "9d1b79d1c58257ac0106387fab2d4a1b7f8c0dadcbe7c830613531b3c209bc17f792bdba" + "1c1fae1b7528aac53dc86c2094b40194577325c05d2258303a2d17c854e7449489c43991" + "b6877a50692a6340a528a6b188440ac0cddd4c4b", + "1d642f2d393ed4abea37173e4a79534af87adf534ead4a0a1c46fb047619221e3577e6b8" + "bcc776114d01159c736ab78af3e53feac339d7afe58be8e7a8ed290f1dad960f1b5de94", + "04023d1ea50229b70b46578df6904fd528e9930985426eb2f1ce10eecbc0c16583959483" + "80c4047d67bc4072be2a2624d62a301da41a5265f040642d1937fbbb7cbd205e1db85b86" + "850625c82ccff6047b1ef4b08f1913f7366c4f6c0312c21e5ab01b598d1a9618cf5c22cd" + "dc64a4732b477dd5c06e332b846c8015a2e5a195326bca46c29cedcc2f24d37ebdb7c2ea" + "ee", + "0c9066831d61a4192ad9de23efcaf578a5d5774960a2b3e3e292e0decaef62d1701b86ec" + "6183d8e17a699d418ef9d084b982c97a55bd76c8b038ac5c639451096ca4d331f070ad8", + "005778acb38b1961195d38463abd9c19d9e07dcd997f19676633fa3c44caa44ad1a9bd63" + "435f3138ad8f22a731e749a81161c5448eb462fcbcd69ec2255cc2923ac697ed319316c", + "1a1aa90113952608dd17dbf391ed56231ecfa7d649f3274774ed2b6034a2207c05c6d8b6" + "cec480ae27b58495a50b1e5b74a17ce6cf2e43aa273c2b813c0e6c79976882b7e4b1c93" }, + { NID_sect571k1, NID_sha256, + "feee50aeacaccb6b1c3d95c6524044edb78322ee836d8159c4a4c2cc6982480567c4c6cc" + "4806a564876622266e1ebd45f2f4be851b79da025bd57d0e6acce1ec1c8c255eb89713a1" + "e4897d4ee0f7a248b9d4bd3ad5dc0e57f60ebfb65691e164bc908956a019083e923cfd33" + "dcf37c735af3462768a1e14a8051d7aee74d5228", + "08cb70be29e83f697a3e2f67d86f1c1ec9a163b5335cb4a06004b6634948bf60b8ad9df9" + "b27d2bedc4975265ce44a7884e57082d521320ca4372d38fc77b18d3fa05ad8aa5c43d6", + "0404c042bde9e90b38b48e60551d832a7c80377a81e8c5b010d0e491cf765c432b5edb07" + "71aaa5f672edf3ba108dc71459d245ad60f3884b8cf33f8cf797f36b20e4be39c8389e66" + "b4075f2454c41c0323ee1a640755077d36a65be7c2a014db36719ec217e21a9c004bae5b" + "efb499bf6be67e82d3da70475abf9dfb751c84c409fe838cf1c6ae109d27f24d75c02cc5" + "b3", + "186f16dfdd7a71f20a5e634ffc465356914bb52286d3d5ac00f3ebc02497112fcd592e1e" + "cb2ebbc819e07ea092e465e66f3e58da7a2ddd41c8787f57c135ba4c168539b4743c3a5", + "1c2140d294fafe3d9effb33ce73bb7e5485c93c7aa9d33b7535c7053831a1dbe79075713" + "794c87e52bc887ded969d2dfa6a1e2630cff96760310e04cd2a75be6fa020a12fc84d3b", + "110aa165707b7de1b3a8e05e4502701abb5ade0a27deb04fd93c6eb24ed2b67ade6c49d7" + "8e874d25247e948f704d3c5b925f84c5b07c9b289c4f8507e75d0f8927c6dad6dbce885" }, + { NID_sect571k1, NID_sha256, + "b115f7370d6a93a90fd9dfdfb292956be34b61992ce1fa5627c5e928d74bcdeea66d4040" + "c473306a0070fa8363c4303bea32f73ea3639b5c6676fa5a1d68a2cc1f91f00580d7453a" + "23ae70af4cb1f1657aa82c5b305374effe5d67d559e46a6cee6360503d21070506f1af30" + "bb000d2f2f85caa6465810f89968f33abae81cb3", + "1eef463771f9c6285f3257691dea0844687606d4dd00b6020517f190891cc1be97cfad21" + "d147ed8881b5a6e19b22ceeae30e1132476325f2de0e9af2e14c80b8c780a9d2d6c96de", + "04024de3ebe03d2d91b88794a77635aae6743e597410ae10c356a51e3af88fa7f9c4d648" + "c7d1fdb887c8313914ed554eede282b24a2e66aeafcc0cc96907bb2f3877eeb97df491be" + "f301ce1f9fd4d7d3870997f34f54f2ba8f08ac94ea94f74a766f2dbc02e4d5149802e313" + "5a2d762e3b8abb01461968f1e88cfc8c7fda49c099e392e80d57f0c14de9c4fa1eea2573" + "2b", + "026b545702baa340fb6d1bc2bb96f7fb1a77a2428cc122ea380a258c747d4e0625bbf4e3" + "dbc2ca2f15bcfea92f2417cd5d22f2bb5f38a9ba313b3bded506d3e570dcbcb86c2debd", + "091c162d040a12f08a416296a43501d92e2ecd6be302b5e1754b9ec119fb8a572626c509" + "855c7c868a07b263f66070ac986f95e4c83150a5a492d5ea8a7f8ebf556c17ad2bcc996", + "00c217fee7bb202d6399f6b1ae4e5811d9361573ed4fe1b3fe5d474cf06d0236d59dd358" + "0145dc0bc7632c721b6463c69490a67d1be1fae99e34318af6df939f9f7f36a9bb8d5e9" }, + { NID_sect571k1, NID_sha256, + "726782eb0d9720daa64e4a77b5d8dd67a1a193f15eb6b5162e3d89c925ba63b7c7e1c4bf" + "c8d6f11915b0e14d16ab53ab015317bd5958b0beb6074199e05181915496575768d026c2" + "3e92e06016598de008c3718aaabcda8b68bebca0a73ecfc7327e8d3646106b7d114dabc4" + "6cfe56265c326ee56fd2ca87abb5bed8f997c735", + "13bd452b0880b101df1aa65724fb60d5d85b37ed5419027481661a3617e0fb37bda1151b" + "9b5b41f908ba832011f7850b75a07b678e5b8cb35c5fc8b94a625e4398cd5ada2b04cc9", + "04031d88b62d2edd5f6ed29258c143bbcb3d29413afd8f86873698a9efb8d2021186415d" + "301599232989a0df5ea91ca222c5781314f200c708de30751feadc277d50e64842dd355b" + "a501c76f19ceb1be48f5540265b8b018da62fc225cc0d2d1675bf7df71456cc8e35b002a" + "220e2e80691600a2c1ae31e980d0cd22b4741c25bfbd413f10b375a4d8adf70a65c48ff0" + "06", + "1b9235221a6df49e39b4cde6650e994f624fcb5084daaa62aef54bc154949f4da9074636" + "c44f50ea40da1a3f01bf67e9b62a725ac0537a4e37ba33fdea8ba8b2286bf82901a933b", + "01dffcb5b5eb23694da4978419110ed2bc7961c571a2e68daebe21e598c8b483b34f3178" + "978708db6d78455cc1fb4f73c5ab7607cbb4f05d4d008c7bbeac88562fdaf7a370ba394", + "057018fc97d7b16d69af2b7dd4a859f09dc178a6025e1bd6839ec7c75c0383c59eee7079" + "fe61aa6bfb3e2c780d4ac0ee074e6b13223c239aa60ea1187ca4937864f89e2c65056b9" }, + { NID_sect571k1, NID_sha256, + "1c2418243fcd89c6382b7c3b2a8c341f26d08174a9e9296c4a5c98c5793a0fa48dce51e3" + "0811a96b515aa22bf9af89a43de06d696be1e531c5dece1f69fa6ecb7f20be063c602a16" + "454ddafb14385ae3f8246c3f989d0566e06e7ed1864502896ea19df8393259c4dab3b338" + "0a4a80b4103cbef4f38cb69198b7cf74ce94883b", + "1288141ec2244e4bb3f62daf4ee588aed09ce22be55e3d42e9085a947c1f8cd16533635d" + "170bd64ae0b417346fa4670c25d41387acb2a8e14407a1931d9f7c5358a14eca40974bb", + "0407ccb7b12a7d6997ed2a11eead3278a3f45ea284dfda8e17f6d926ddd6881a44d02a0f" + "7504dadbbcb0cbd6b85c113aa0d3b4efef1ca151cc38cab1aa8360a6d22e3d6fbc0ed980" + "d3031b85dc2d2096bbba6c465629ea09ae3421cacc5581770ce3479070f23b3aa938333c" + "7c691d9cb93a4533b2ce389ae34dbebe8f333cef530abe17cd21448f701608febd42d9bd" + "c0", + "1e411ab53c48cfc1ef9eda97002dc9181a78352de13fbee3bed86cb00c10e7406033fa0e" + "a97b50764b0eb2dc6eb8ea83e47bb3150ecb9437179c124f15fac6ac19b0c8bc324f171", + "14420d78f2f9f1010018848b0442ff6e6203c1dc06a4d523802190f462ed3c11c7aa7678" + "bd03ba27df01cacf4121309551877d3a2bbcfee116c59926daafce55a4e0a7d69c5c938", + "16de0b369c28ffa0bd6ed8802a503929cebb5c0a4bf0c0e99b14659b48aabfd08bcb64bc" + "2e39855d7d514d7525b3c4dfd2244f37019b5f86254cdda599bb144c8fdbaad5525cfad" }, + { NID_sect571k1, NID_sha384, + "1de4b642ec7220c64b91561caed7832044d6e811ac909f3b199cceb0d8a7db91bcdc8014" + "12044f5c34b355b95a2c6170fe497f6d5259bc20715a38cb0341c88e93029137e94d895b" + "ab464bca6568b852340a5c5d6a225475f6eefe2fc71ffa42f857d9bab768ccaf4793c80c" + "4751a5583269ddcfccf8283c46a1b34d84463e61", + "01fe06b94a27d551d409b0eb9db0b163fadcf0486e2a6074bafe167f9a3b4ce8ac11f42c" + "f72f9a1833a126b9473163d29bca2ad139dd1a5e7fedf54798bf56507326fae73a3e9a2", + "04038d4dce42bf8fffc39a5b6583a1a1864de288ef8479449d599115bfa35b37954ab288" + "ffbe81e69d58693e2c8c81639df12e4b36f62b2ab042e92a0715b518c63d0ec630051d4b" + "e1059c72c0bfb0ea1ac5e2fdd4fc380d08037a3d0eeed4990ff02e6cf5a16817ea598085" + "e28f8269da86c547e7b34e16a06724ee73776529c5b5dea4ce3321fb168827ca1cbdf885" + "6d", + "0a3b18c8c9f17badd123c674869ff428d533d2ecb8c74f9784220be7a90dda591003df52" + "59c5dfb612ac7398aa04cc9e82863eb0cbe66b6e7f45dd15dad252f74a538d5f4354c96", + "09c368c80f697c1718c55482b2c6c5c0edd7257a3a53f7193515629aa40a9716cc889d41" + "c120516b54f3a106a171082364886e5d3a1e9482a103f072988f61de68f034d658bd976", + "0e782ef47b250f40c56e3ac4de112347174bd59fd4cc991a2b538ca90cdb222d048fec62" + "e2773492a1d327152d1d6591740706fe2f8e1d65de888d47fdf173b2645813ac0fc3078" }, + { NID_sect571k1, NID_sha384, + "70279be7d7ac72a32606642ecd81b5d4d0f95fbc3c0b07d85c16adf2788601e44dedb8e5" + "5e0f9e0b4ca3ca35f5be7511b0e69224a05204af67aae11ce154af6d594d47f6e3142ad1" + "83969544aa95cae1edf42bc699137f60178c12b10a67698e37ab9f3edbfb3acdf1b3513d" + "62fe3db33b16cbb4e1f9dfe732c107f9d0c953f6", + "09cdc7e4945c485a41728f83d5188f539e372ff4fe38fffcaacbcb4522428e4f93ef4972" + "556f4398fe17bdd885768f0fb5590df495badc794d4d274e22f2f4a2535555922fa43f9", + "0403c6f046aa3007ba7f883bc1e0bb43a9a0a1daecdea3e2b6c10b2481d11a834af241d6" + "0cad7cab27b677c9ac11f2e5b5226c0a3de13029229af00e5a092340af9b230e0ed992ac" + "f406326ffcd62e1a68b63ac680a743130b1440bbcd3966207dbc8a8f4336eb6a7986aa53" + "cfa4fd7bf363b30706b4fae01568020b41caa70ee3d51db982de66b0ee39777da3fecf5b" + "01", + "0c717523a308418eeb2aeb816346b74149d56b9620774cab582f01681bec73adb779bcc7" + "462fff35685a4e1e114c8fba474c68fe2650344fc9cf610908966a9dd1779f76bce0cdd", + "0061067f377bff6a9be30c9c79d8abb7f54cc8f09eaacdc190beb27b1e6d297cd32b043b" + "31feb49958745b78e42ac074b8722e1a7653bf03611d87c44fd3891ae410b23a2140b83", + "00edbe756a5dc78c8a29baac9e2059154294e3adac9a5adeb7b27ac6e4d4086821cbd554" + "67266946ed8f6f03abff35b59434afe84067c1daa1e0bb62ee7c56b85e7f831eea99047" }, + { NID_sect571k1, NID_sha384, + "4d7e0ad520445b6a5cb46b7c77fbd367614044ae6004494c2b3a89089287e2836c73b799" + "cd8c90139eac427ebe335804c3788f3728ffb8edd7f49a4bcc76a9e24ce3c2299cea88c0" + "4645b82033115380f81b0c1d823e470631008d350cf0c0dba1915519985b8a389ccd8c80" + "9dbd5bb5051a79e631916e0d052d9b6cca18e0ef", + "02bc753d007c4491cfb8ce0a6c96455acd16d37e02c982db216b8cc1afd6d10c6be4e15a" + "3988b8b8b86b2b5b59a5c1939889024849317f27ee08a06bd8e7524d4ad83a1de208564", + "0400ea922b09e902ce3847f14d3b3afc5562dddf15811cb2e7b9e06e1b919d795f8451a3" + "dffcb92b418d30bbbd1a7ccf827ea0f1f6554387fa2fc51755799040133d7a655c7800b7" + "1301f12439a0c0df9f6ef08e89eb1a62e2cedafc0460030810b2483ad9427c48dc061e46" + "40ebbd9b4a398841c863a6e3d510e5c66934d66b317b1640bd05018a35677c6ac2c78397" + "06", + "0385f9caee4731627276875dd8d725fe79626c18841562e8a13fa7531c7be9adca565c22" + "459d519d643ea22478d7c51b4c286920b050bfa54ab7d42966e389c485b52cdb4fa1a0e", + "02ac84262fd121bbec43e81021c0f0610fd2fc0b26d66581ddaa78714ce58be469652838" + "51241d792ad6bc79af39f09d2d4bda83996ab41f1fd206b8293cdb6c4eb9d96f39efa25", + "1d9c9bc330adeee8f58ebfe8c1ba401d4433efa04a44185b0e8e20b634691bfe058770d0" + "74289e636af3e96c118edf31d72b5766c30f6fe84ade42f284fc7f2707bf27b3a309638" }, + { NID_sect571k1, NID_sha384, + "d49903f38b5c9b17542310425e59377f61f5b4f4740cd97371ee2116083f7758e69e7e2c" + "1b0950ec6b76f96e3c91c721d6f2843afde8c7505a559c8a64bca2e665aa1131b75bdf86" + "fb5b90581c7d3b61c2cff88f3fccf356ddf5ed282e27727be061b6925c51ea7f1a495f47" + "1dc8a5ca1a88bbe29e92338d3c9361460398965a", + "02082c6e61d0d72f040905d8c1c20d47b029f41ec68d6cbf43ce97c3b2a0a770557a33cb" + "803c432cfbd3958fda30ec1bba77a6613c318597a85ad02b26c44bb77ca96d9cc1194ea", + "04059ff339d505b307e05adb45aa314d47f2450e1b1aad840b5550a67c11940d0e786547" + "55a8e28fb651e12e48c66cc1ce0338114bc1ffb00965b342ef3a3caf495f1d73a69c3f3d" + "170724e9474e6de57b9f8cbf6f6bb4f73f5769e6cb0e006a34c2510b379995c9e054cc49" + "81c709ca85a3aebdf29090ca07dce5bd3c313c6153b551012d72a8f84600350e8754bc4a" + "bd", + "18d65ca6c2ef1fb32dddfb9ad4603e03c7cb1791a9ec7b41266cb68b6048aa111f5971f3" + "cbef3f0dbb9ce409b59c31cc59bd6f100ee5247f8c36f26ca77cb252331fc3be7346b5b", + "12853f9d695b8ac4431c1ccc8498f3fc4916eb6a5e66b3795a3693f3f5a29ad13e58dcda" + "ca5774f1f295e2d2d3c63c69abbcd9f388a3383371028fdcc8bd77f7554d6aa3f0431e8", + "0d1c324afdf01ea19e9453d2b7397584d773716d6a08b6e38f9a9fb104122ecfcc9de7bf" + "1e5a6cfd52a08b7cecb002ebc21798d474f035fe7d4554bf632f237bce14aad88b47d4d" }, + { NID_sect571k1, NID_sha384, + "0e3f4afc3e7b25c1bf2d98098a5a87db1224d9bb45adc6e434732b8722a708ab80a1f3f6" + "ef3c5aa70d2e1dad3e4416b12cc59171f05736c4b58bd084602c344f2f0bf3cfdcfe04c6" + "4e87597a99de23ded64b33607f7c273ec321f6462518715b11e91361e89ce5415bfc2ef5" + "20bfec378244a3bd2a4b9b6b3d68815f2f75baf6", + "0e298c93351323e2c5304015a4878997ae4e79d1c32f1dc64262e534d4f2c4b3e222356f" + "fce746763373fdfb936fd330d3214a18c07f1205b20c9a941331cd676040ba1fe3dbce7", + "0406ee4952a83477d89ea05ae63d5169cb0f7c7ff22f15728c6d69dfb30d1f28158e2667" + "f9342cfd9b32f2fd537dad47c190d82f72c03043f2a9c5d97cd09d07ed4c35b961040425" + "54026d5935dcebc0ed5a07b7ffa50de3c8aac309dddb61b8c560230379696d81d72bda3c" + "819c46387e7f026b384bb0f7b2ca90c402bb67b5e37d343cc21a8d1a0f822dbb2766030d" + "73", + "12d23969d230e0e2712f96b11e196202dd3e6ac755c824f92b9c765e3fc808d4e7236c8a" + "3c06ca2c8272c7ac953fdb936db30d892246cbdcb7f98c43177e1c30afcc162af511364", + "022f6dff5bc1eac1ef568588e2e512103cf56ebcb610e124a125fb004064a28291c19e83" + "ea08171bd1b14ac729392c7c46354e795d63e3bb087fd100642465efd817b79924408a1", + "1785e1fd773446e3b90b8704cc2723b8da2f99d1d699e817c3c4622015d178b0cebc19b3" + "a6dd972f75eb3828a386973c0a5e67ca192d69f1a84c825d1253f1062a990c3f1a947c7" }, + { NID_sect571k1, NID_sha384, + "8fe32671f6927272fd3cd8dd4e34d44d27fac8c88b41bf9a48039e914990bf06d1633b38" + "b9200ce1c2a275b9c55498e5da2d0707322c3ea0a0fd7aff598fb801628264e13047c800" + "8153e8595a0dc95d54e70b882ac2ac9314d2b78e7b93922da818d7075215e354708994af" + "66958954c92c074d132dbb2488e5a531c755a8e2", + "104f4ad56594c5cec2a988c5596d73adaa5a81802b40110dbae698ddb1f0b271fd1479c3" + "8abcdb9b234e69cd0da8a0328d2135c287d5b130a09fa0b899058e7800eb2dfcee95c1a", + "0404e8151aaf2aa6a6159622baad134be41c404982bb0101e820eac8f0a52166546c5392" + "7d9b419604e9b025757eaffac526d4fbebde5fba0841c6812dff2e9bab5054d4074a125f" + "fa04413639ad72d6eba870e1760c71966544f3f881f88880fdef1edeff47cf6c235e8dfe" + "f1eb1d8df51f9c48b985912f1f70b61fd3d4b859e052887560872fe6e95db0f435778d5c" + "4c", + "0cccd1bf3424d8bb0513fda3db93e81bd34175d84aefafd26b37eda9e767618247bdc94e" + "d2b1882bcae4c83eafc30a7a4a80806fda10a5e70b8827287eed8eac2721939a63c2175", + "05b1460e856548287683dfbb93efc869e80333a9ddcf292e2fa3b3c8d430563a01340685" + "c6db1059aaa8b298c8db9e8281f36e3a9664faa17f413cb439ef24cbdc1a4d58872ff6b", + "0c6faac191c95738f7c6ad0eceb035e5d22ae85e4bd0e27f2e65ab293717c0491be3d1b5" + "ace80f4cb4bac7e33258706010c2aa48d84c9e39c95e30805fa7669c42bad84386f7754" }, + { NID_sect571k1, NID_sha384, + "a8fa01136a0a78313a5d160c32fe5d1805eeb3730c18ca0c47818e82c48eb4c9e5b2dfe3" + "ee5facef9ec59b68f4e6f3213f77fba9f8ba06dcde546ae348d343233883894f4423331b" + "536f62373a495852977a51cb192cfbec04b5582b4ece69f345979e234de32da7a120138a" + "057a7119735c4cb19099bf48bb202e7ffac04def", + "0c4989bf33b3136bcb4ba67906eaff2bcbc6567635aa4b057acb7353ee87ba3cb4cb9838" + "f8f679729d5c6ed98e6c4199cf58605f009c6873a1b8321f83cd3c0973b7a3cfd9dbaa5", + "0403871c7781f2b4f653f0d49a224576bd1e5363d5171bd21da89f590f49fc212d8a57ac" + "8a140d923c2949ca287bea803afd763f15f909c099a07297e8ba1b37c70e1e8f0fd1fe9d" + "1c05806bd5b4858ba0814da2167d232d55bb5c41ea0a36fb28a0a151c1b79b22cb16613c" + "cd9dbf92174e42578ef88f4da6eb44918acf427fb7e4022da3376243e75410ba6ae012dd" + "fe", + "0a9eb767077886c48bc54503a0d2d62f0192d3581bd9ec253107092c22f68a15293d7c3e" + "7aff56282f0cd35e86a2b3c55c9eec079201d99b5f49946780ce6aa18b225c2dfd72cf8", + "03eec6ffb390ecb2af4f5ca17fa8a7fd6938667b319f0f61e5c7523efb77afccddddb511" + "4ca8c461b1c28dfe7eb85ab156e24e891cc6f9511d703e8b3c8443d04fd8de80f5d65f9", + "10cf3156cf71dafea6a0d6abbd503d72b13e6a684076ac900f390059cf3fc325966b3548" + "b58e14a82bf291d9689783b899db7d4baba524b0b63d31f9900a84fbabc2ccad95742f3" }, + { NID_sect571k1, NID_sha384, + "ba2d83b21c783d6ef2f3b7b10e910a418a9b9f49ae0fd37990335b3a3d15627846c9a12a" + "1f31a3d0e062ad1bec5650606ed4dd06c30e50c1e8761a29f4ea1a20f74635d5dac22e5b" + "787ac10f4ee82b338a641484f91771c128c84d31cdab0a6b9616078c898665655ee9dd4a" + "e73d33b94bf091b064928b959623aa71ff73b4db", + "1a96f2ad56e31397e236cafc108087479c9823589a5fbc3dc7488d0e5d1199cf245d7f21" + "f524cc0e8b47feca14c93fb760e631434a91188b32965053942f3bd39b3714f9d6f1a11", + "0400195bfb66e20ae295cd22d59b27b3880a890fc44ef5c720b568bf7f72266293841dcf" + "0572063a96c62736d9d4a9cce31b10c03016305a409858a79070477d3e989481ec555c81" + "460491122a199176e2492e07fae4ddbf02d2a40a21bbd99b8f742b546db2018cac27fb4b" + "1c03cff55f61b7caf13b0f3b097ffc8e1549eacab89225e0cf1e96b268eab7f9a1a69258" + "f1", + "097e28225aee5bc9a970a150502dd14bee900d3b040b0da9cb52f5824e66af46a991bbf6" + "423fe1e089cba47593af555b07b45e47b0f4141b0412ddf6e91153213c5b8645ae7bab2", + "1439928b55917e93d59341532cd1f9d09de1f6e0d9a04514bd4b692603f2cfb75a579301" + "b39b8cd92fbfc8832839691c23e0ad3efd3b4c7c3e9a366c1554c6dd13c50dd087b3055", + "1fb432e72be6fc524a7106b21d03fa71852c18c67edcb8b265db3b144214e7e6d10caad9" + "1f81616e03ae7913fea1e8d11e90d54b17705e8d04c8c20f0f4f46f117cc423ca178ff5" }, + { NID_sect571k1, NID_sha384, + "ea2d5f4e9797bfc2f33f0fccaf530db2bdf8abcec00f09a0338eefdba318221ec0e050ca" + "d1a85c3f76b784c6e8c18da2b062f333eeff18b7b781e67d6d0a4368b8231a892e0f4103" + "012348e5df53ac745e4d34e2cd1ee9369f97d4801ff485fc144b2007008036bbc07cb1c3" + "02a00054b54f3713919191e1d5052978c9c2895e", + "0c08ed8e0e0f8b0d0714b46a2164b933f8147692f18da97e5a108c44d5a5cf221cb50536" + "e41832b83bff4026c6df156386235cf5e3e9a67b7cf9b2fa7707c5e0ff33a91601b8e34", + "0402d516bdd1914c83aec1cb242710ed79efa61cbb31dcf8d238d8f5e089158b2ee2bab4" + "07e01996a1621b1a869a98227c12296cc2a71c1ef2d0f26bd6614f2ac77008048abeedaf" + "cf0151474bef5965c455eb95ca2ffe1d589107dc251d22635f4a9fc7270358b64e4d2b81" + "666b60c4a5c49902b0fa9963197b22f90a09cab97007842816f64fc49e351710db849800" + "32", + "01125bde6086753b3bcf29b7d5a4fb0a8abffa6503b4f0b39960eba226062bdade57e4d7" + "3e8c1621792626203e83fd5c231a53b0ce10890881460802788d481f233466060f73359", + "199a1e40229786b966592ae6e275874ace23d5605d0c3371a4f9eca7ce4858927958bc1c" + "2780e9f2f79767c1c72117c79c408f972006841cb621837ac002cc6510e0432d99a1f64", + "17f4e5e23e494ef149e4abce2d8a1ab10e3e6c2cc93998fc63baed6565ed350b220b2828" + "55e2824f398ae76b8679201b43450f62237f6fec643ea659e6c86abc24a63d82d9bf219" }, + { NID_sect571k1, NID_sha384, + "b2293b0a09f41decd9d8e637b1b08c2efe612f33c9c0beebb6e05033c6103b958f8aacd1" + "25d7c810b4c287349f5f922d2c6ed554be597fb8b3ba0e5a8c385ed8ae70d5ae19685298" + "f20e8d844fb5ad98db12ba7e5f45baed9045c3e86b3cac9bd55b614b82fd075954fc59bf" + "c6124cbd68edae988596575f379d8921b594c75d", + "144090a0ee38cfa21fabcc24d35139a99656911ad4f6dbffb77dbe74e7993edfa9fd63d2" + "c4f6bbdbc8ec21ba13c9f4a3576b5d6e3abeab5af5ac81b1f2bb6d4c42dde645d854d9c", + "040208729b3c7abadfc221cfad8be642588d5d1c20989fea731cfccef25886905e4b1e61" + "cf9548d89c24f5706f5243dc8aa7d5b2675c2c6d2755ce6a12e5b12c28a2cd9c597b7dac" + "b303db73ee445ffc0f6c77467f3add3b1e97061117e221687f5589a030f5248bb959bc2e" + "d98c9fb66da8679dea3949b77652dcf83ab9c50a00f6a9c22bd8d16e093b2deca4b0c759" + "6a", + "0adcadb26626eb9f8db9ae98c6808840b65d6f886a3f0c45f0b993a8bc62bb5c08dcd879" + "40dfef4f220f5e50234fba3a55e7127fcbb967ff78ce4fd6938a9bb653747116541cb85", + "18f7fb6ee028c3dd754d6e7b687560fa269b5a5fabb1d98529e0a27dc66bdb1ed79b7b5c" + "64fb71e767d9497b9255f26b8150b9903caedb25f51594f5b7ec2870515f701bd68faf5", + "09ca9519388402d5d96dd9ef2d4ebfd0ebcfa58bf8c1970d04851b2409671c9d5e4aa833" + "555df374469a4d277aab93b8df8d553399908c930f81c2d9769f1b30a13f61c02b16852" }, + { NID_sect571k1, NID_sha384, + "acce54270252e7d9e983c08c993cd6b7e3caf482a9149036afe4665bd3d0662a68180471" + "87872862d5718b8ac063477f693caf1a9baa8bdf2f36d411a796f2b46ab56f66bc949242" + "29f8264016d6769c85d9bbb7d6bb042fefdb8fde1be026b86af2017aacfe38c97309b468" + "9b23fff94f1de880064f1d3ad9d74dc804c41f41", + "1df26b672b2e3617b6b6c631d3c6be0cb49c0a690de49643e0f416215bcdaefc03fa9c70" + "8471f1d87476d58c8f147517ec8a14aa945ef001fa01984d5c3d81f7083ea500558fef4", + "040767ca8fe8f3a7addf01b230b99499b33c83db95db05e1956fb1891fed60406865291d" + "79b0daca0c307a3ec8b1bf2ac2cbab728c6ec65c013e01775ee21a29305e9403f72883a1" + "3800acfb786b09e5185dbd8abf831d12967107dc57a040d7c800d904b530eed1e19a8e52" + "e653fe8bb824cc424d7254532d0fee62e8ee7ce8e871cbf6e4ca3bc040444585b9a4e397" + "cc", + "13e5e47048122c8301258c638bc0f00f8f9646cba927335535f68f4f4f51f23ac5398ecc" + "21eb0bfe8fa6a2084e11fe67587bfa791cfbe2527797a4d98046f9df37662cb7e86a5a7", + "164b3500ad14063101b6c5ebabba53dc5acb4d6771d3b05a505e6a67727ca8ff73d996e1" + "329c0f6d8f738237ee0f0be415003e2db515ef93931e09bdd853b9497826929eac9e9a8", + "06b65511990c061a6d2a97fe2a5053c775ce2bc5471865abb7261d0436a04b79baf41a0a" + "852a57600cd4c6a114b3a8466f721a684aac2592640bc149980545daa271fa9b146f2fd" }, + { NID_sect571k1, NID_sha384, + "e25274ded4840df0d71d3369007118f002b83e2d375c78f7e29ade067db15cce21842611" + "f3f015db2efec57da77cb9d16eb1e00a8c1444d48dfda569e29fca1ebf40a22fc646a9fd" + "44460f0e473bde487634bfbdac2c312f66a1c2982c6fe76c54ac72b6c8cc9345e47cb319" + "a974b3cc4bb40634df74b4ad7e18adfa9a71ddd5", + "189918b832e9fa30161fdd927bfc267f6405335df3d66d225e17173af52a671138883bcb" + "94c4403ca3e001fcf09ef4c6488934d6775af2b1da30a8f331579af2d0fbb530298d8f9", + "04053e6b43c0551f32b7b34467d188985600c5c0ed12448f2e763609f40039f92002bc8e" + "70d8dd3e337c3507fc996a1557d5f2fb3132507e49ce653482cdc86f6ca5903b77fa1619" + "d904a9ac78a2c23be0841b96cdb1d55862e4854b530f1fa3f469ba9f7185e3f91c28d03c" + "27d9666345bdbc7a44764595b303f49cc43bc2d0e944862913d280273cfd00e15b6b55f8" + "5b", + "0b47a185140b583c330c64a10d50748e019134bacf153cb4a23753f140a4d607d5771a8f" + "0f535f9c35baae5ab6c37a55f38acd12f15be18d5bd9662383b30e4d0ce487e8cb553e9", + "1a2ae62cc9560590177aa544945377ff6ab1b34e7e32a25140f99996c130e17001563664" + "7756a5e8522c936eb1389c206ac74c012941269165f3772373047521f69510c7f3e6acf", + "1d86f4a6ab2bba7f6305c2df754652bad40d7c273ba2aadfbbe65c07ede4ac0e65fc0a37" + "a0139a6ecab296f58c6c2532701bb008bd9e1ecac2771d9384aca094537fcab47f3ef06" }, + { NID_sect571k1, NID_sha384, + "d8a4aed87c316012482819b03a1d91691f2ad11a2f46082497ea8f64880d686891f7da55" + "0b2ac17199c657d4eb9d04d5cb8eaa180f743b87d23b1c86103f9e9bb60f4e19f0ff9d16" + "0f180aed7735130c03adb62502e69be5c624ed7bda2301f30580ae0921b02e103a638f56" + "23c02c186e3bfe6ff134c762a2bcac1f879a9353", + "0bdcc175eca3a399b944eb0334ff33c4fd130999c8ac0e7b52ac5b774fbad53ccc3a3102" + "4f5262b2eecfeb2104b14bb244307effe3dbe8ed25686dbf46a42c4b6f8e34010ad826a", + "0407ab1a9279a8408828c2bd21ae6c643ad82633d636d36fd91498cfee49c8a635313f56" + "993d02cc46da3f5b78fd243516cd23c14a4c8d79cf27dfcb05f52f0cee59cad5646a9389" + "b80799beb1ada93a48819ab70b74c36d2dcc3c5cca1f7a57ec58e643924c3ceb7a90c9cd" + "9bf7ec762a2c428d16ef431a45cd5d069cd828601f903cb0a28182af2392b5ad12ac3a24" + "c6", + "04ad8d2759df82dd70ebe9f3402d3d533a1b4635dfd0024deeee52b32373550f550b9fd4" + "126aaa6c3a9b1f352c40c86e13f78e259abb17f85f0041e0cca9e2ae59f4ee3ba2fbc83", + "1cf9ce41dd5dbc3bee9f46f82e4bef10cefe79a87e8e00d002097045b9acd46364560e0f" + "d27b0be6655e73b5cff272c8764b4c80ce0e1c91a94b8d05209a28b553f589ee2fa1b11", + "149fe587b144c37df2c48c2b7749c509421cfebab734003e51383cfb773c3ef5a24fbac0" + "255cb807f5b95607121c5848d3f9656227b61d5a14042351de084d9b88745be242b6158" }, + { NID_sect571k1, NID_sha384, + "acbaa5ffc4eee0850075c0e502a70cc7a897a919f5e7bca4e798385601a26f411fdae546" + "6ba9f6b6d8d7f819a749b799fbf4a3bda9105063e74914e8583ed8b31ea4d22164bee6f1" + "4bf53afca269b901c80cb3265be32ffd4ca4bc4ddb83e11eff82ead6d75dc4aec8e5c67f" + "35d58a8a156cd1c0351abdccc0c5396c8fbe6920", + "007ab5a55a1d8ecb7f5dca2afdf9ef465569a4b0374716f604ad42a6e0271e934b09655e" + "8e2529784b69b2894bb399b02aeeae30e9e7ae70a2a8e56b9e775bd978a04c728e3951e", + "0402df88e368c8162c1dcea5ceee3a4c52cfc8d6121eb81c31236ba26dfd1874c61586d2" + "daacd96cb5ebc7053be57641bf53bf2651cfacf370cf470db86e1470bf285c7166c197e0" + "94030067763f9fa6a9082ea16dcbf53c2b6f11c9ba1817198e5a4e189dd98141ab682ba4" + "de0b3f873ae54efc080a2a03f755efeba3c0ade8ea67228b1a5a11d730302f1eb7c6bc37" + "37", + "0d3dd75ec61e0f87737812fe1ac86ba336b1512bb9f7ceac2c7d1a5b4d5dbafca57a5209" + "028cef9468ebdacb2a35988531baa094a1c901d9650f2c5d8e03a1621fb33ea85e2b506", + "184a98dec91b9afe52d4dd6b2d9f2d7e3c42e8e614332080aafd2621136ac7965beb4e8f" + "97b222c1b2e5448b79534db4e710331a2f877f8fc2a9259129f0b24d24289495da22542", + "0fa384a04c4b0b0745abea373aabc09404a6037f302e234e7a2840ff39c2b86ae37c814e" + "8bf3f3f7cf743748f2b88d02d66a3adef2028de94013c07075fb73f00555aa900337149" }, + { NID_sect571k1, NID_sha384, + "9a57b63a4f418404e8f5dcf3052b9bc04a4f6d2c33bde8651506d9cbc5542ffb9023292d" + "ea463111fb78913ccdcd182faabbff9164219b8900c7f9fb394f7d9678f77b18f8d58526" + "ec64d7c1328953b983a7c416583e05a069cd76aefe26e5f5687b70abfbf9f58f052dc086" + "3b4fc3bef805cc3bb05bf76a83235af9d6adfe66", + "1e7d4da72b1d82e17a066fe387f2a0a7fa4c60ab993ee09710531789186077f2f32b42dd" + "da497d5fb57356383e1f96973df043307f0b6519430c3f0d40d62954032872fceb7dce9", + "04037c59e95132f0027f661511d1bedc3018bffa62aad7f44d7370f5b169d683882fca3d" + "d0c4260fa8f72a47a44fb0fdcf0d7776ff0632378022bdd223753c66f98dc04904344ac7" + "4102d7f19468b8e4f32eeeaabd6e402a35f38dbb9f2476cf07881d8bcff170b0a6e1ff8c" + "b1bfdcaff734a32ae9bf34a909ae7fee689e3f1ae777812a45dd46ce13fe648016353c6b" + "b7", + "18ad70fb9c5673e5a39b3a1655ff76eb84519555a6cd88e86a26f9448a54f04516c2449b" + "ab3f75e74a8d15c69926ac43fe01ebbe7e1c97e73870e3cc4c0ca431cf614f35659e3eb", + "12abdbfb2eb08e326289fdf5615057d912749db4f17848c1ac73bf6a51fbe3e1b2732d4e" + "b656715a6c459c6c3065b67b577f21b8eaca7d657c3b3171e8a4849f55024c69487e50d", + "09609da5049092e0aa8ebcf10c204de54c968b09b9bfb3eff90b80bc675d557967b35f52" + "e459f37fd198a83a858e5d7f9f5aff8b2ef7272b236dba5857e88515ed471a60bf6da49" }, + { NID_sect571k1, NID_sha512, + "97b79c76d9c637f51294369e0bb52c4189f2fd3bd0607f91834aa71b3555605a89ff68e8" + "4fb5bda603f502f620e14e8b0c7affefafa2f0b303009ee99653ae4550a05315e551dd12" + "a4d8328279b8150d030b03c5650ed4f8d3ba7c3a5361f472f436b200b321e7863c771e20" + "ddd7bdf739c51de3676f953a5501e4477aed1bd8", + "15b7271d4319db5743119c8103a7d4c6d57e9c62f3eb93762156d2ebd159980aa57cea94" + "8e416717d715a2e458851f1b2e9ad4172bbcc53861db29c3ee0ba8e82617a5866170847", + "04003a5b9559b2058299161770166766aa65e151ac6a22a90205afd27de5eb99c5b1db36" + "9ad52f09141d3bf08884b96414c283b2669ec2a2a60c960a2f03d425dc4c229c0bb369d9" + "0f0024f3a9cf3dd257043dceefe6617a98e222e1cc820f3e19e63c64fdcf7ce8d9c7af73" + "23c9aaaef4df02e498597581082fa3767c8a38f508f4ca2c1eed6f298dc8142668a00274" + "90", + "0c585e425ae4a34f9b7b9205f095ea07599716f1eab1a8bbd934219ad760c4606ebbeb06" + "cbfd3952e045a040b8ce20603aea4f965d1b6e87eac7a61672823fb2de7767e3466c730", + "129162cce6fb05e1fc8630ec6c3a16d108bcd251719d89631497177e6fe6d1373f114ad9" + "dde6e04a4ee0b4747f91c78703012e5a058c132d54f2ccccfc0f9326b27d60322b497e4", + "140163edb5f3c4b49228e4614bfc6da9f73674eab82678ad9947b2a635f733dbce99ce32" + "09f613e2a75e62ed84db4d7d13de6d789b7cfedc0cb6a028d8316db8831db66c91791c5" }, + { NID_sect571k1, NID_sha512, + "564ad0e37c9c37a60872a4780a723d08d1159ddc77bd834d74c1025cdf3cbd5338c3fc07" + "a904fcad9b979b2a2ceb1a0139af35e5112305fd662a57af6312624b9bdd3a64849f95f5" + "9a46ca8feb2ed56f87f258518947474c1729275c4d89b7dd286ed65f286cbac76002cc63" + "b92a73ab6bd13c4adef282f32297e441bdd8fd36", + "07219ea7917d174a5386df985d0dca798ac9f8e215ab2f0003aee929a2dbd91e37fedead" + "0ed95b1e8aabcf516bdf54337b4aff7ace4c6b3179f2e919a49db50a41c9d4d58d4f636", + "0402fd7f6ea770e0a6f1eeb3318b6b609c0e76ffeaa34e75f56910e8f658b70940cd7a59" + "18328473b279f882816955b2e3702c22e0b3e03863f8d99c64f3a2c9d1c68f59a28eaf25" + "ad06c2cca84218aa019326cadae9639069dd27df4d1e95a4c8e7d7cb426e70e2d38650b3" + "82e325dc3835afa719145d16a29e4ff67de37ac8949641f0d140072f59718450a6699732" + "06", + "03413376b32f18385cced4549e231e514eadfe05fffa0b252732f5c88d13d9c6e0c35be3" + "dbf72029be5e4573b8f8829f6efbf58a12b5c161bb7055d1944eecc93f82c12c5c56d9e", + "1c45c25f3e8eef9b92142f12e4119842122ed7672fdd82c14b3c34ade3243a4c50495c06" + "b5984d0260376c4fa44c60b2e34b0084066d693943071bb663a44884927352668efcc62", + "08cdac0f4498173bf4e59de98ac9a26fc2c752cfea7a5b75141d4e1d019e25d70a717ac3" + "ebb82884436ebe1007b0488c4ff29fa31fdf02f77fd99535c99b69c9d4e5f432516da77" }, + { NID_sect571k1, NID_sha512, + "072ed5b14754fddaf54e20da42432df49bef38f4a3b1841b2db457ff86c44880727aca94" + "5770adb41269df41fc17f6a687bcaffaa45a3e59070526ed53b8dc3b78cf9a80a85461ea" + "f4b477e44d5ec4c2bab9c05aa747a5a520b35fd09e8b44539d060ba1c3470267e0dda111" + "b15dbb587614a46e1e477127f963a16cf3a43ee5", + "0bc623152253da24bf8d752bd78aedf7d5f6a2f889453ccdec14e10753335ea8bea83fd1" + "81a1f3680ed50f2324fbeaadae160cc85831750e021f3e44121ea1b1efc29a7d0069479", + "040003f3a6cc6964ab2f6da95c0a2a7b75afe4f77faff16fa28aa67809afd9495cde1f5d" + "ce079ec4e15ec8c1a2095a12e8adc409fe8729d865f50ff31ee75d7d807afd2c15cb142b" + "e9076b15c1ce931ba06dd56dd8e4f544425fba4f37f951a188c8e7eb13a2850c93b8ce60" + "f10b3783647a2d053e2764a957656a184a385e95c2013685d4954a2b2aa20e4a15dbc43b" + "78", + "1e091f4febd694879f78e83842572280daa48db65c463e66d9a7ea57b82fda531f116800" + "530a03cef2cf7e5be5eeb6e420213ff757c27b8e8a94513e417f4acc62adc02a76a4fdd", + "0264c499f7daa6ccaaf191d3502e86458ef088c9bf2ad989851c221364b24a1a3f4404fb" + "d0eb44a41938ac6ab67002faba0bdde7f44ffe6bc10def8317c4e2807c3ca711cb6cd33", + "1b91c18fc55635c5e3cff70503e7a49572ba52b11bac193230c88d6eb65eff6b2d9a01f5" + "3ab0eb34f5e208538136811157f872a8255b4d249b6ffe021b0c0763cde4d7a7e72b0b3" }, + { NID_sect571k1, NID_sha512, + "e660dbdf3e61af39b83b95d3f1970f66d616f03273f7dddb98f768452b21cd39604a31cf" + "80590d4a5e4b0d4917519e10fd325dd4ab7a52d70d154506329baefe0d5816f514ae1094" + "83122b4fa8fa1ebd7fdf1fc4e21e8d278a50c05d81c8f489596633d949c6c8fea96fe914" + "30c01522a5afbd5042be8aa47da04581b2bd21cc", + "0645947d981d258f2954558c31022a3b6ba5fa7b675312f794cb61bfff1d9ce87267e4a1" + "dacb7c8fc58624d31c85ebe22f80d26a620fed5df5bf38515e0903f0b69a606048197d8", + "0402d03e05c4b555943fd69a299249e7148e99633b286da69bbcda64e7b06ce9321d62be" + "ad7b8d095a68d9a3ab9e9cf1aeb1d8c4904a073c21806830451a79fe7a907b32df15ea45" + "67023cba4f6f1815cbe1934734a901206596c6f482011f6cb6d452329f9412d2ef456642" + "9e7d35f2d247eaa7849ee141bb16914b64920fffe6b7923cfb19759fed6e1f80d6c40a0a" + "e5", + "18955bb752f0af7d7aaccd0628dcf1f52d836fb91dc78b0fecf21ff5992d9c1f891f0eb3" + "c139803b88736ce10ba4733a523854c4ae9ac35421beff9b20e0c8daf90bece46737579", + "110a428aa96277c9a13d4529f58ecc57cd7209a7340b4a78694dd9ec800f36c9c306221f" + "a110e0b3fd65b9dcb67307b7d7678997a3143c04ba96d72be83a1cd6b01ef22acd0f82c", + "0b7ae2da5cd36006a92a5b2e6369afc2728a93edc845ccb1500e551be361f8658819f7d3" + "eb82ad41d7f2beea1a1cab6f103238a6025acbf03a2b08339841694022c17db8c6c6886" }, + { NID_sect571k1, NID_sha512, + "8c9acbdc431565feae60e08bc7da113e12372ed373f1e1fdd581f98c8a7b0c79ac4aa42c" + "7ffbc963fb4970fe26c5b5dd314b7051fe971c1186ebcb5650f7f7011a924de893f06961" + "b8c75da7bff331847feead4abd2e8b9d6ecbedac18f4eac207b948e6e4215e4d5cb483e5" + "c66ce7ad788cb89604d3a3e051539094079e7bdb", + "14cf93ca69d94ee8fbea0c8da9d76aea092b73073d8f5385b65c6dd4d567fe86bc2cfb8e" + "8be890c3c6cd9abf7dc3a17eaecee3d7a9455887863e496c48dc3e47821bd3d825b6bed", + "0403dfd1fac02ac4bd3e3017a3d94f29575238937824f80ba0b2eec185ce8c641e9fc721" + "94323c779dde8c4fd6e748e09d66e82c82add75106a0e1739f2b977d40ecd3cb15a1eca4" + "2006a73dd31226adba7ed8d08476b5af10a806fe8de72251400a83f6c9f6edf5e0cd6bd1" + "fa8f3595c3ab32b4c4548729c455e4eaf83230e1335cf181cfea6b6bfa6cd4ad75ac3278" + "cf", + "176972d9402d5d6c9753532e5ea907f256a872c100f87bd390c4d610bc00c408a97bd55d" + "ff2de1ef2fa8b9716e33a5a39bb6ed2ab541848685040656ad0468b360f42c3742c1fd0", + "00be28427524a3b0979cd82fea407463647a77ac45c489744a9998b545a13516abb9213a" + "b0d89a2f5f872d927ad48dfa502de95524f94f34b174933f3faa7b554a1c2c3a688a0ed", + "1d49594454516c1876f23f2ba0b1fa4dd8bee028bed5524b7635a2df5b8459f4832b3db5" + "f6074cf07c169cbfd9099a85ec2f5c42043c5b851c81a71c87affba34b11eda67e0ab69" }, + { NID_sect571k1, NID_sha512, + "53ef87d6ac7b9698f40b3ea9f3442e7b64207b140b7f66f73fb7d5f8f98452d30a4e493b" + "6c0e3268371e88e612b818d4d847f032ed4983817d020411a52d81fd2a17b58ebdec199d" + "817c2a8ba77042bbd747a6fd4bcc7e844ea829fd8461b389aa0b5957d92962b6d4e86385" + "a8fbca90b8fac40944607117e9a4ef6dccb8fc1e", + "033feeaaaa28f16bfaf5ea9c7319cf4561ba4fc55327a8477b6cd58ef6ccad3962ee1f3e" + "db243f3a04e7e49c8e23509fa2d63252adb186b8bc7e9255cd61fa9bc45242d42da3a68", + "0406fc62c39bdd41ef7083ae10dad59e38dad217c55864a55a6a80bffe2f5e7da977d79d" + "b9ed8c9ac22d6f096129a0c680ac93fd77da4ad96e292a19b48454f91c93a3132559fecf" + "07066f1f737ad3af3df674637aa5efbb844bbc441966bae73973481628e5c2c67cb74553" + "a7c8f2c5fc478edd8265bd6c99d6ce122a245e46fbfc21992b950f04cbda5eb220261316" + "c5", + "0a5b86b76f98310a25111cc3d1b0b70fd0c20208cd0bfd8007cb569a187c3a97edd8e716" + "aac938900c3ad8ed3a0d091a18555ab532b50f25184454d84af2beafadf754862b8ec74", + "0de2eade32f537727eeb82dce610b48106b277d15d8fbdb77cd312ab9983ab21bed05f05" + "186a5cb2b530ba72c8c68b768c26d942f9224c6e6b9e7827c48e129833cb679c70aeb29", + "15e4fb92190bbf8dcf7548057d1bd5e5ec54a6edf54f6b88f50e96ac87ed7a7b7c0fe1e1" + "174ba3e822fb7e7c083948296cdcdcfbdc4bde036a07f84d210001ded91c554ace71efe" }, + { NID_sect571k1, NID_sha512, + "dca1b7a9a313ead11c2d54739d9017ae27f9d08b3544e418aee862bb57e427636cb6aedd" + "a28e10f12aa15d2355f4f8ef112a86fec5dc46e6acef693cb8fc37c3e4885f3be3d3ab31" + "ea4d73a0de904e95c7135a149f77b621d642f9bd8ba192d39cfc58b6f19a797c4f3b4f3a" + "87054298e3ce5eda0ff7f44f8134c9a108285dfa", + "05613dfb53149bf5fdc4e08ccc1c752b0b66ab43aef2d008ed40f3df40fcbb2938d2c41e" + "3ea2dd4428aeba9059a97efe5593119673866a19d27a2ee37dd357e22b6bc849e7e22cc", + "0407ef12ccf6b64c7ca64b5da45937281ec770ede572b9a8eb685f3614bc358ce550195e" + "74666af9bb54379c1fe1304b76430d1e51a9976bba02e5781154c9bc187a31201ad99cb4" + "8e043d4ca20f06b26d75be1454e96f0568bd740165a2bc6e5b8429d557a79666bb7b9cfa" + "597d392cc5b8ecd180c37f9fe2088d7908e59ff644ab05568d974ab42ec9e01676e1b241" + "69", + "10b4b67007af35942216e9aab1d6561bf7684f334a80c7d909a6154cfde8ef06a148af10" + "4d534d7dda59b5cec7949de4086ae669edcc4d68b88347d2445edd3037525c97564ce78", + "15bfb47a27c6970fbb3256410d5c2f6c04eb308569a966790636899fdb3122f9e3015455" + "c4b50a6bd8cf519afc22ea845794f51e6994214feacf48322af48590d02cc9812960917", + "090c61f6c64381845491dac81d5273d58c59d9cfeed214527a52c8f23b0146431692a25c" + "bfd77abba22d4bc61ef24093c593c827ef645853bc8deef7c3b07bae919152b90c17f4d" }, + { NID_sect571k1, NID_sha512, + "aff61d62c8f5c31bbb7d0a64a6ac589e918bbf2f13e7ad13abb9ac26405e267249a7c992" + "2139bc28140833e10976b87e91cf28285274b2b48b63d24ac94c85c70fafa78f8ad05955" + "c0ce6c02b841ee196dab12306e3e3d6138371217e2b474f7e67a80bbb78a47e374ffe2c9" + "f86292e471c551da50d46e7b5c8331029f369767", + "11b92c8b72b86c51903387a65aa206988d443d1988253329ad3a89c902ff1ef8cf73b7f2" + "e4aaa352443bcb833712d94c3e637ec12cbe4c2d4606878576b17fae1512fc77785b737", + "04022440b63bb4557996b63faf19d9f391c5085cdc2cda3755622a6cedc676222ceb5a56" + "ec36e220e507973c0f07e4b2e2d565a69967804ad311f0658a9854b1eddfb5270f4a86b7" + "69050199c9e443555123f153249cf7256dc3e82c5d8cb611adca0cd4fbb0a9a90296bfa7" + "70c1b0c0b43e4363b0227273a9ec9f00ecf83afc605b0dd2e5e24f739dd0b4ef6bb11950" + "a0", + "0e5ebd85f5fd9a9a81067fdf51b1906023e68672d160ddcedeb35787688dcdc314359ff5" + "347907b685a718ce38a69be17de292eaef189fb9ee8c63271bd6818904cd246503dd227", + "051387b0d057985dce86cb962bbca7d9a047f70d96c20539ae7d6b7cb8bffff606f03b83" + "15f15a53049c6c1c227f86d395c2217d32aec32bbd406c790a6cd2706775ed8a0ba1ebe", + "0c7f3b7e4a8b65a58c1280110f6c2486cd2d2df7d48b49074e98accdfca4a72fa7d43bc2" + "5c6576279f4a70f22c98135ba79158bcc3452940963b556304da8e1ae88973d827bee32" }, + { NID_sect571k1, NID_sha512, + "721017294f17ef351e41256b57a64a79f3636628c4bcbe676ac9a2d96076b913dc4b246c" + "9945183ec9bd2d251441b5101eac44e2fa1bef59dec03ccd7fa5accf3b7d094d68dcf78c" + "8de4e2f19f56bf0dcb3b66b9421ec3f8b353b9fd74feb2e9affe0bf9aa421b6f03eeba3f" + "fd58fba56b3ebd094880e50de01ee62a108a24cf", + "0c3c90d5ce4375a08b85575faa78ee6bbd9e5571ce5a90582042617b807339c282cdc3b0" + "03d82006264b1c08c20af4ad4549fbde53d262facb98d923d81b8eb6093374b6a1e84cb", + "0401d900b4f64c07cb959049f2bfa18012f9bc2dccec5a73e9a48a9d5d65499e31ec4a16" + "15c4c50177c032d388263eba1a90e07ea68f081e10272e88a41389bd2626961b646c76ed" + "8e05c094fedfb5b118accd64d5d46ca2ed92b3123a62042a556ffee9e3bf709092fff882" + "31a26917d368db51d1959ad3285c7faac16ca57677651b070aa0abad96f07d35c5fb8a0e" + "e0", + "14d4070307cd269cc1a3c048ec0847edbff46f64c1ba5b734d8a800e50a0a02af57cf247" + "50d292e2c247ef1b860a9d7b5069a32f5b0546fe9e019e04af62316eb79507281fbef6d", + "1cda7f743c47ae93a9fa533145feab4c46252afabe3d54990663b5891b4979c645ccaa05" + "c744420ed6fa235952f370f5aa187250d7b069aea1123f19f0f18da18fde98100ff6ff0", + "180b4163f2eba6e3769d8345dd8cb003ea120164442efa885eda5bacd75f8d705b7f1bae" + "2976f67cdfe984430e36f93455ee7528fa6febfe92e42a002da165c63dba8fc589e7851" }, + { NID_sect571k1, NID_sha512, + "e2d1f33681759adb7954bb5248b0db3c3885fea0d4c1c0c226eb1e6d2d3ef1b9ac281a0f" + "1c2fe5175b67114b6a501e2426d1454bd5790dcbc4c232cf06b017de8a9bb39e6033f1ed" + "b5003e8de3b44cc3d6150c3c952afb442952483cc688908337b7c1a8b5c9da70937ccfa9" + "8b2b0098c530ff848010b8e8ee0a8d65283481a8", + "10f184c16228d9034271332178ed485d10b6aa76003efc160d63fea26fbbdf5552205ac7" + "df0d8c852a1210cf0ba512f20b798827b36ad56b12a826fa7dc1db45aed264ca6822659", + "0402637543ed8a11271bbbabb2cf72999f65df0104758c2fd6fbf3e1c5132ff1c1111fa5" + "504ee86bed8f219d5025f8ae07055a7849314d2d439408ea2b2ddc40320c57f5d41255d0" + "a6014e360137ae33ce6930b844d42bcda4050b25f349e9e19fc4fe82f5e4f73cf9bb5021" + "2ea875a5735faaa1d5494f1685d6c8177448dbf356b408ffc2ba0726c9befb9de9f0cebe" + "32", + "1146574a96394c82972eed1ab7ec98bd08f27653c565f0626fecb431ee4fc6f830554df3" + "5fa62b5f82eaad49524d3d4b0598cc7a2181ce9860e271812373d21be9536fc181c3f12", + "0dbf465de2c5242fb527f6e4a4188adb96a2030ed8417cd9431365173f569bfdd3e420f8" + "6947da10a703370d7f38dc43e2249a2476690829545992645c9c83d82af8adae893780d", + "1499782e0163f80de68e3a580ed08fdec8d6552ec69f186a74be89480be28a0df6acdf7c" + "65a72f115f8a59fbc28bb94af64cb3bb3cab20bd25265237a010370d9a5c781c1e26f3c" }, + { NID_sect571k1, NID_sha512, + "414fc5d2bd56b30040e105cb891788792da595583b11b8fcc7320f40dbf64d9263532dc5" + "7344dd17573c95eedf851668b5d552e8796af205f3a0043af1a829fabc2e93d9af9091fd" + "d9e0fcbcc9d6d9ec960aa60e4e2964c29a2f375400366480e513f63d124db7745847310e" + "69a38c8455e4e602056a6a4a14a8694155e0a9bf", + "181baf9d497159f837cba58a11ca435c442e5ca792ea559bff9f6a1f562c05bf6bb5914a" + "fbd1bcaea75b35f88bdd832314b249a5298622c89462344d3f28a44ba3d059df432fc71", + "0406f3915f884e250034db97327470197d13f0716d1d810e43055757460dc252f5281717" + "b3ef3fdd51085e65a0e073e78b697a21bc33137213981fc05d9b34caf7dca7a4f99be785" + "96047a96ab5ebec6201b7c65ce7a6e70effeaeea1c095a0172e9e2c7bfc88f7b05ea5750" + "76caeab189f810258373cff2484f4fb9c8167989f61aa61ae27113b5140c95f7faa505d2" + "d0", + "10e9e6047651362accc816389b26ea6befb0e34fe7363126f8c4ff9333266f46d63c4d45" + "075480da9ebdd0f8da7224b470d914ea1d68cd821f563b574bdeffdd0b3ed73ecb9133a", + "00e36644cf0861f45b333092d44fdd99f56e89bf3607f75a06920dfab0ccb1831208296a" + "a2431bdb75c5d50f15bbea2e13d185db6d7175c221858fd2b22afbeca7431c290b15d3f", + "023ee3b9ce817eb0a6733c85062cc3bc5f1ae62bdf3a74e3ec704baab05784dbb5ed01a6" + "a2a73c80a3e754c013ba886108d9eed2bc210f29a4774bfe5508ecd876ab47a8527c530" }, + { NID_sect571k1, NID_sha512, + "3b592cc8972a4782870e079b82a50f84b4c2d8ca90bd500d1ce5678982e266c391c556d8" + "162ac3aab967154d072dbc0ba1dab5545cf2651753dee2881eca5abd412fe624bf3f9d17" + "d33692d21ce23ad15ccffdfd250cb1949e73c9e40a64ebebb03852e92692dad1d7baef97" + "fe109f35b7a492b343d4b643a4a7b1723eaecb64", + "083fae86ab96bce99a53e50b7eecff38e4e25b21c4b0f6a4986915de245eae24f16b6a00" + "a4db159ebc27f5a6a072da94ab6be5bf75f5eb3f75c4452bf4ea7014392eb1e02706fb4", + "04078003779e0287bee54df31f64c58951df7999b48b647a6bac416f844485a4cd7a53a6" + "4170f9d2d31fdef0194a0c262b90e5bd33a1782d2ad56c210cf80abb5fb118cffd71ad79" + "c1073f89ebdf0e255205a7525cc12b7e1c58303ac3b3417183179c216ab8e47f33d0af32" + "38e3ae64d418ee89ef3a2cb4bc67a1d2fb1923947b9dbf3f4fa39ff82327d0ce3db24d23" + "24", + "13d126fc4033f537b00a81372031026f6a7a2062863a68e36c6909c548833d1a8f5fb5fe" + "25c7d9f2c65b1dfa974630204f71e96d657095b93cb54b00cb88f32adc08eeff4036654", + "09be9f4bcd7b8ef111337fb665379509b8b17a2212a80d5fecc685f1f362c45f930acaef" + "9df47c33c6028cf7aae424264575b4635a11edd6b005ad26cf2021051501fdd1b77d2dd", + "0dd196343ef76bec527c5929e02fbd5d02d5b0a4b5f2c8561978e600856de56d42943f1d" + "74cb81b67010bae98de0efddfcddea5d354c60c1fa76138801f6cdc5bc932c136309b6c" }, + { NID_sect571k1, NID_sha512, + "0079a02cbab3dc02601fcb5c8607d555beef7cd71a66911ab6514a4ae21c5a9c0e166f8c" + "f5fb198ec5a49a96e17cf041f35f00406b79270ebfe56dc6b8417d2529fd625686ffbc8f" + "69685aefa2fd30a937c02f25b48be4679e6fde821de928b33b12470867def874bb8c7c80" + "38ab6594346a2c44b39210d3610994ba60a05e06", + "1a663efa7bf4d8479bc535fad71e9b5e4f4281aec55967baa008ba17ac2f89cc3398d305" + "73edef29d590fddce8cb157f655e92779f59e7a18d0327d02e7daf4c1216143b3688fed", + "0406b4bb31856dc516be60a0d2d9f42508738edd4f925eca9c72a13cf136720867babb38" + "622fe97df70a1edb35735365f34c74baef9aca539aa1dfdead3324f41a16ca69bdf86b43" + "f706c4a91d3fac9e7647a6aec6e4369158bdcca2275866bcdc5a09b2f0f1eba10551da96" + "13eeb1e8d3233316b62a5f4641d6aaf669b975dfc511f2437d43c9eebe53c5115fb4741b" + "80", + "0a843d0cf776878fa9ceb163d7aaebd29ba3aea0808c3459036b258b99ccae4e2444bc32" + "11b5898c0769b7d7e036c07803497e13803132b3c6301412af3be8eb4a853e939a247a7", + "00356e282c096fe1690fdac4c0c66eda155ec42356dfc4783cff0160e1d76b33a99442d4" + "ee0e3f6e1c5bde4a16c8e18bd18f98a178c3fa4a560d8fb8b4b1d72663576f8baf8672f", + "0c5018c1383fc3847819726e1e940028892e1abd164b413293fe50f219f2059105218e4e" + "3b952b912a3258c4ae52dcc03ac5f027fdfa448a8d58e3aa5c21e790b3b47bdfbf21175" }, + { NID_sect571k1, NID_sha512, + "88573bd94ef50459814806efa868ebf92b066fbc2f7a4be9d2fa06b9dc1a72f72d783a6b" + "cbc107b18a6314511bff217037a2252e7a5cd34cf9d5b2fe9c7846931f0133b2e95876cb" + "800dc4ed7c4a4e4cc4f1195acf99fb0ec224b1f8fa8af71f72d390eca9d6be3879032a31" + "8734a63fec336c79035a43f70271def10c4955d3", + "0088d1a2c0219696a94337cd56516252b74139ea0733b17fdcbf7692c3e5f6c3989e5da2" + "aaed7468e65a5d578571928ca273ec3b6aa72cd196f560f05095cdc8346e5d31c4c2e0c", + "040357801cec0888461ffde22d83afa9ca008ac88518f4b09074d29a846f5900e024a8e5" + "947bc25ed0e5c980a58fd5e9aadfbfab31db8bec575fe886deda80134d91b3de96254653" + "020710806c7ed33f6879374c59ea144326f5948980c8013144345c5070122c0ddb7e18e9" + "f752eadf2a9b0854dfb7d9b2f0d80ff0ba46197ce6017885939e9f59b642a8fa41639ea7" + "5e", + "16940f69013026bafb6f400c037272176b04e35e9f1563d382dc9982968a186e3e152577" + "5d27150b34b8ce5e70b537f0149ce1a521d056b52e75da7e39ee8a529ed987c70b8234d", + "199058e36449ee1a3388d7357c9c1020b2e4c02144aea14b041bc584a752c94fb6e47495" + "9b24bd2c0c104f5ecfe223ebdede672298c29195033aaad5db1852ce4dc3185ba2409a6", + "11f3defd9b442378c461e2c68b239d2e4afaed691238c5ac4e0be46ebd461639a60176f9" + "884133900f988e2d730d34df5e2bd8a14681014c0a213f8d233b3c50ae3064fc38d1a19" }, + { NID_sect571k1, NID_sha512, + "d0e02045ece6e338cc8ab41d4a064c982ccb1748c48fc2fe0a6f10bdc876094358a6a90a" + "45facec798a83cc95c6795cf0f0d7c66b77e22cb114c1432bfdaa1485ff35b6a58107cac" + "3b7e58cb4f6c87c68db60b751e78f1fdfa54b8923b98caad0a4f31226956d065c083ace5" + "f1e9e91944dcca51879d782e40358d58ca758750", + "16cc8a0fd59455ed8d4de561fd518df2e008f7dfaa5f7f29ac2489a411e233917b43eb3e" + "be2596fc824be58871949545e667dbcf240dfb5e0c615ade0179d9ea2a1b1ebb8ab9384", + "0402477e678793593e2abe837961895c7ecef71af1feb882ff27cfbabfa0ba3ed771b792" + "23e7b2d2388efd371d5c325854cd60e48484f818e1a8146fbb780cd6ce06ba63c0db67df" + "8a001b696114838bb972ec6d536abd809d3a436650191c43b2bfeefab2b400d5921a7eb7" + "8e307266acc190e05f3869017f0a66f886bd6556c58aafb1042478cc768a4f86758e9f4c" + "32", + "1e1b851bb95d2913d6d35b756d49fba6f4c127dbed80fe4068260cab89c1d42f7a6843f7" + "31e83b379ccd8a4915d2e29550f3f6ccde607cd0b066dd5fa41ac2bf37bdcfc26cd4d04", + "10d4291346685fe070b267edad91154df83664dc115f058ea036c712929634d53662586b" + "b50cb6473c2170db5d4ee43be0c50532015937202e193d15d5189870691ba65aead7f3e", + "0b2a15f1ef00204bcfb5108d8f1da96ac3297aa041074b68989ff5b6b276380de7887753" + "fe3d416ba691ba0b2ad7fc065ace02815b2323fe17f6445b0fa66dba5d99d8e7d557cd5" }, + { NID_sect233r1, NID_sha224, + "f1b67fde01e60e4bb7904d906e9436a330c5cb5721fd4e0a3c75b83dade868736bb1d21c" + "fb1b5c6407c373e386ee68ec2239b700e763728eb675a153b8ac44cf2a87be85fe8ed668" + "3430cf4b7d718891cbf8d583d0a37cc952cc25fe803a7aa4fda80f05541a2f1f2601cdd0" + "c095f7110f2a84f7d641b8531572269b21cbe77b", + "056673197bfeea9bd7a8b820b4ae51a50411bf118a692bb9ed3d304da53", + "04003489be62e53910c20cb508de019c3e326f65051f26749944b4454f156a00f775ac38" + "baf19499675725e8190aeea16f52346b1c890d9583b38c7521", + "0a6c9914a55ef763913273b062475fd0188eb2d5af9c8c1dd97cb3cefc3", + "08601a42d7f7eb047e8ed9820ddce665c7277f8ef38c880b57109b7160d", + "026d6f50f0508953657df5d753c595ffb8e1c19f8d092f8ce8db54f76d0" }, + { NID_sect233r1, NID_sha224, + "1d496d96b533c632ed6a91f6e3653cdffaa5b8cc0008b35e49b2dd52fe261105c2ec7ee7" + "1a4ad5d51fdc3d36d688a3b7ccb3b3b0c3a65be17b8d8aa172e3005cfbf37a2d1b1a6e26" + "8c090c6f318e7e96f9ec9b9f5a8fbcc7558d89e840f7e76e44bed91c26ca48e6f5cbc253" + "ca2fe8cb81c484cabd24070e488f9c00cd96ad4f", + "0468f01d483144e514ec257f2e5fdee28a927f2adb19714c1f3524dd0d3", + "04016b3cad89cc42b80bb730431963526e26ae3b415b421575dfb6ed973e1701acaf7de0" + "6e20262efae01fc80969cdc1a281f68e8c8bc0d2d4fbba3a3d", + "04d261304678301985f5bb3f6ae465f11c9fe0e5031b31f194969252703", + "0878a87b2867c03f55726ea2a6db822788f4aa4e9ef609997940ee8c8b6", + "03545153f0554a8f55301d4b948043de3057cace62c8032c8ef8a11dbf8" }, + { NID_sect233r1, NID_sha224, + "723400655027f474446843645757f7e2cd466bf97275067b4bc4c9d79bb3b19b2421835d" + "69db916f24b77c381fa771fc1e7a19d2b4d09411ae55acccc615b16fd24705762b441ab6" + "7083a921fd4ae569ce0de69449aa96f5b977ac7dc022fdc8335656853796f54b3fbd1185" + "77f98920624eb0a00204f1ef83827245c06646cc", + "074052d027f05465a8083a59cdbf32600224e1f563f653b34314651517f", + "04006999290db440eb5b3291bd4bb4a1af6386654fc4d275ef136c0e03dbca01fed0b1f9" + "284e488c7fa2a010766c340bc25dc132c7679c2598e423c3c6", + "06e38460379ac3fb13f64d4de654d4fa30bd8178da0bfc29fab2a1e2e39", + "01b18bafe55e5c24fa2df4c09112b44d24e78dd09557349ceb1b916d280", + "0ad7cfa003267a6b7a99894f75720cedc9cbf820d355a6b840709f42f62" }, + { NID_sect233r1, NID_sha224, + "155860cb31a142082bcc0bad828d747e916392d21f1873b3a3c1d28ca3ff9d45ddb66a71" + "2e3856b6afd07c8d2b2a7badab296a9775b03f6fec0befa2d8d6d00fe3938df244ab46e8" + "36a3e686c8b4f918da49f0bb3940bba34a9aa22c7caf02df7758b0de01d9f47af6146344" + "b9be3842d9c055eaf0fb399cd8db95c544a62d8a", + "01856e7544223f55f80de72a6ef3822fa8fbd68eb397d06e2d76ddd35e0", + "0401a117e52f09080625f85fbaad8ebe0d3ad410f034242bf48365e88ff7350008b8bb79" + "58d191265901a3f15b2919142505efeea13df6e42da8b0dc1d", + "0aa106ad1461353865706bee9aa092b00fcf1b0108ecc1266ad5d8b6579", + "0bd6fcf49029df32fe0fa47f39cb9428d95d00a84a5afb392d7b4b365e0", + "0b17734befefebf03d1c79e59c12ed3c57e7d120dfd993bf276de559588" }, + { NID_sect233r1, NID_sha224, + "cbd6e305cc9f0dc90caee6e65a74582e9357bd25c78e33a7b14e1ac7e9397ff4466f192f" + "b432143e6df6d61a0ab808ec0a361a6d95a357a38cd3e241fe03ed883ccc364b248ee2a0" + "8702110745c2688bdcefa33c1a45b9c8b200e45cddf3e3f66b8d37eff07fbb3366ea1558" + "ef304085613c56707095724b3e134c7a7d3f8dbf", + "0860aa2b589f2defc617be73e191502e5d9952bf60547fef19eeccbca26", + "04006abc5619422b7d548c612e54df0385c293632d4d97c21e2e15ad98d0c5006c36c072" + "603681c1b03f6a023c8e987f39d931bc2a200eff82239ee38f", + "084fb252dae9a96a44212d18e15cc52d179cd5e3392ab9da57d04cd5a9d", + "037cd554e7815699f033ca9187ddb116777ef847b92353f613152c4216b", + "05f806dd062043420dd056998bdb9822b3177406a536d766c4aacdeee81" }, + { NID_sect233r1, NID_sha224, + "812a218ff1ee1472c189f63386e5b8ab341671c3a4dad27a8c6249d1c0f9a29338b471b6" + "179f17a078b6504e804ac55ca3b13e68a623041bc1a092ea2adf3fa1124bbfeb161e6d7c" + "483433f1548763b84da00352a6386e1339f674d45dab13898147ede468e0e01d2c4e0ed6" + "6b395a16cc3ded3e952ac739205f35a83376cbce", + "0d0dec052a00ccebd0c0c5d9a08272f75744a2582cec7ddd924a2b022b2", + "04016bb8c3d319b93731f1055756e57bd56d50b6b9ffbe42735925cf6f7675009dad7b87" + "a749df130b45d9cac8011101c15abb7e64bd4fbdd94107fa31", + "04098547601430c723ebcb04b23e0f1ce8b1f79ff7ed3d05ba130922b01", + "070ea6221c0d62930b019faaa856ad2c84c3989ec54040bffc42d8dadb8", + "0aa20fc58beae8ccc880e7fcb48a471faa5baeb36bbe5aee71ed9f8adb9" }, + { NID_sect233r1, NID_sha224, + "0204b1fca831919e89e108cf140b3770f531a696b1d9a4d1fb68809eb10afccc257cc90c" + "d36717c02b2f3d6d3d1d8a93cc5c48aa7ab9f9fddfe121ce9143376535a0c65e247c6558" + "eac49fd1d6d1bf431ba918c471cb3d536ad485ec51f6471a340ac75f160c4c54cd3ffb9d" + "cc123124b42df1fd2eaa005e3377c5d2d55938c6", + "08a017d717d6d1213f2b74c53281b07258738c0c7db649ea1ac46b9a3b6", + "0401eb379e27de6c04c5320cbc18e79ed9e8993710ac70ce823f1ab5762b6700f5521926" + "45d350361762aae79ffba39c33c2c5c0df208219f1b339016a", + "00e4822b2cffa327a8396301b21554da6fa52f418d67114bd58e850d935", + "0d64dbdadb4ada2d3a8892049f7fda3c733030522b44cd72ab850b77bd0", + "06fbae2d8e4fc04abd8a6e9cb011974ac851ec108e38f9c72603f7a04fc" }, + { NID_sect233r1, NID_sha224, + "2033eb48756638cb56e2cc39a3e775cfa11fce86cf71f04487dcdbc7f262bc8350a30ced" + "54d1fcb697b28a6e96f88f782947c997872307ed963e1d68985f756435af77f57755cacb" + "b4c6b50ed419deec9f39f0a549a13e54254fa0a5832dba2d943ad4aed8688889a2dd29dc" + "b4ea12abd6a6c50eabcb3981c3a0c1ca5f0b9629", + "01b56c14442b084cfd22aeef0f8028ec57c8b571c9fc1e43de05c45e47f", + "0400d450c533b13b211b8c91dad0738402a5c811460426ee2f35ae068f2c12015e1c9f9d" + "398925c619f8aa0bac746eb7907d3d510814cea185a7efe771", + "0dca09773730a2758b7f4d9257a8e6bd942c141e46bde5ca54a79468c4f", + "0379773ebb7a2860f3422d8f8f714b234e5abd8860defb19c659c9c6179", + "0cb9272a27661604425ab84632f586048483b9f9cb80b9697898e745117" }, + { NID_sect233r1, NID_sha224, + "2986ab1cfe8873009e932dc68d4727d77ccbbf378e43fe4aa7c54416346b036b89c0aad1" + "b82977c9fbc39a00f1dc916c0561d8dd70298c02b6cbfe572e0ef2058641e841c6875e85" + "15f3c1082765e046c90c956d984b76e0e8e6eb433ce26c1757ac5b13422479141971c201" + "02e9621d18f51096ae3173c2753facee2862d66e", + "05afce37c5594586ac46a34ae291f591eacb9880a7de92701977f447fbf", + "04002a069ef14f2989d2b715c5006642ba966cc84df88bbc27e713e15c47bd00f001f60b" + "8a8102a971faa2c42d3ea9cec37b49c7e6ec0cae9f7fb35713", + "09756db630ed9b708bf1ab8aae6a7559bc235c4e9f4002ed26e2f019aa1", + "06b9b2c1d214373647d9a2d24ba69741218064004614368915d5cfaacaf", + "090dd607329c27483fe43b7be137c3f51c23217c939baae40b53e65af2f" }, + { NID_sect233r1, NID_sha224, + "aabf5aa90ceef91c2155f90660adbcb0eedb996f5242cee15468ae217058ebeaad8cd4ff" + "8cdc754a8ab85ba43c59fbab6386686fad5e27ad3848fe52191c7e4b203720841501792a" + "625aef2acb6e36493b792fa55f253effca682946ad8c77e01f44e92ec3c258d0dd98d318" + "3f4dc4a0bd3eca183794abd6232a6f9e4add8f57", + "00696df05dc7a54a9908a73eb18416a155cc8df4ab26032539d86eae537", + "04008f9f494ddf8d0030746a8c0b8d215dda6cc2724f411a7ea407629294c301ea2e9f85" + "f06412d29c677aecf624a83c2fbd86482dc0d564906a91d97d", + "0d62b06628d3884f0a329a7b6b4f832fabea4ebc85ee03e63f2967e7810", + "02e39824f272d4b74810594810957963c777207217e53a672010605b9de", + "0e64bc44af64b6f879f0d32f814acfbb98795ef7b2f246b3f91cacb55cc" }, + { NID_sect233r1, NID_sha224, + "29ff209eabbde02b10b3fd559671fa53e418750c32c4a18d31cc0186d1077581bbefb877" + "0ed079f536e866414a07431ae6633955bf42a2389b6f8a565d6e4ffb4444336e00300938" + "76a26d4e3106e9ac697788e41f8a21c755eeb86a7c60f18e5e1069f16408a4c375a6a68d" + "42959f2fab7ac09736c7b37c80c05897d8566ce8", + "05ca31e88c5b2e96e433af2023a66095161710628e7bfa428944d6676b8", + "04008232d4bbe25536ea7f83c145a8d2b1cd72c383eefc2adaa1ce72c7dd9a0100b738c6" + "f1551b3240293ee8e8ec29fad0cc485ffc2cfded96b68162bb", + "0df9e1b418ca1d41d749ee998446ba1cc54bc8bf72eac6f30929b40b5c9", + "0d4248e0bb60fe46abf7bdb2effe804b9d394d8a5514a5791e149d435d3", + "0b89a459fb99cccebda754c4b2ae264c9aef7b5b610427f42c35dbe7d3a" }, + { NID_sect233r1, NID_sha224, + "97765d876c80819f4004a36d09ccba78e600efc71eb7e869d3a00f658d2ace6769c7ab1e" + "f590f41fb070aa8e08615e138df45ffbb6473d4a86ba5fdf17dd6dc9ea9ee19c0332563c" + "99e6a3451c211d286d69102b47bfa6e07d468d9bde82e5c2063fb1ebbbed6086f542cf68" + "ba46d4f214634afb1146dd5a6f3d50912ef5b824", + "0ef8fe84727a2ad8bf4e646ef28a492adfaf785a3a2ba6e6f985c649a8c", + "04003435eb25ce9891a78c120098992c666940103eefd80d9bd64f1d4ba37b00ddd6a4a0" + "1e443c92afbc247f634b85f1c858a2aaad35a26f57ad4c9126", + "09753a236759eb32e13f19b9d2ad06f7b4db4ac7b1df96813463d0cd557", + "08408fc46149dcce0753d7cae0f50c8c5fcc97acf7a1a02a9f68c0b80c7", + "0b5ffba104acc6d0cba87523382ff928859718122c4d0d2298e74985d89" }, + { NID_sect233r1, NID_sha224, + "21cf768d087d1e4eaa8a05e2008020e243116206d675c09be42ef2bc93617ecbb0575c87" + "3c6510ede9979215531b62126552738862fc4323d487992754e39d8f0d7e111e165ff254" + "200e05082f59a57ef649bccaef6f980094fad3b7ef93bceb161760e200f0a2e396fbb6b6" + "142dc84d872311bf932b84616b22231747937d58", + "03edb94b8c62f9af30c14a790c0f5d65e362a21cd8569b9725916d534c0", + "040065133691b888cd2513964b5a905ed9334cff6367e25c09db1743045d5801408e1ac7" + "21bfe2198086c1834d484b6e5692c037e09928cff87f4b5a88", + "01d8f800ba05d8173b0f1bb3aac0aff68c6b24cf98c28f5a69b0b5a52cf", + "097c07d4352e39e1878c42fe97ebd4c3ba5098706879fad9be4bb2dc2f7", + "0bc669db3a488e613665cd26da7927c6b6a073ba6b0951c00d22ab1ffd1" }, + { NID_sect233r1, NID_sha224, + "7b8e58eecdab3e40212bba6bf284f9379265b3d2baec3e4625aa08d0ced851da193c292e" + "c793dab42732c07b4e94d8b19c83aed796a7e3a6c2b954a7a9a1ff9b2bd4ca62592c8b68" + "f709f1ad38a5c8033ebb3f33d176945bfc68e9ef2b0cee2d45a13ce89d238a33c09ce2c0" + "c63c4233aba5717b85c4c161dd7648a41a5e39d8", + "00a7519be62562318da1b67d22cf8e720353d22641e0cee11c7a352bb93", + "04013b63dd8ca9044a3e518a67999a781a5b62994b6e20454003a9bdb8715c01a2f9bfaf" + "528b7f5bc8c3b02eccb71666c83e4a598b4077de999d90fe27", + "0992ba1a8331bc4d88be7dee06f96098bc2ea56668f345e187f32f38171", + "0c55b45bc7bc3092ffa82234b06ad45525b45f8904011f1bd6cd356f0cc", + "0e6163e70ab56d43fa27211b98b48f1cade127237bec1c6556020d39990" }, + { NID_sect233r1, NID_sha224, + "f8f268d2b04fe47e5052c8d0d653787384b9654f0bd2138a6f52b80713feeed452b976a9" + "0eea4edcfbb62d04f3eafe172ddebd7cdc3701ecd6008e3d82e8eb217b13b5228839f610" + "75159f3bd1e1409c08903874b6dfee2789dd72c208ae769ec8c7d52552a2b1fd73dad24d" + "e8b571f88e2184d0ee7d063a121187f97e746f2f", + "0264022fd7dc2328a6436b522793ad9406d7a586667a0daaf1bce927338", + "04012d7e7f8519a7e357510adfca2f50182dc5fa12fb2a77409fb781ed500d00ceaa9a22" + "b7ef9febd8a9962ce21d83fd2a2a938b9d7a78d669dd233974", + "026fb8fa6e746106500dd29ee32bbd03b94302ec3a123356b23b3055e51", + "0f416418f7aa4d437e7606afedf961b968a67d9a1524d60fe3f6df4d3d0", + "08d3afc975a8147fa8230fef4b16e3024180a9768702038f955357ce8df" }, + { NID_sect233r1, NID_sha256, + "d288768cbd066fad4bb2500b5683fa9e4eaedfb3dbb519b083f6b802efda0a022355565c" + "5fc6babeccb22f3adbbda450ce5d633193d1431e40c0fe631a295cf85965cd3f5937b318" + "66bd6a5300eaef9941daf54d49832acfceed90e572ef34ccc94eacd0fd6b903fee3c572b" + "963d21e2881656a214d2a4c125778dbe3bbeebca", + "0da43214e2efb7892cc1ccde6723946d2a8248a6b4d6c8872fad525ec3b", + "0400db09738bf0a0dd777f67e82be50dc8c2d8e91598bc0b8d4486f67c04a5008ef463e2" + "f37ac7c3d276676cbedf17ae11e767ec577da7ccd90cde3b74", + "0249cbd55e307a0fd10a0c70b1c0d5e2416f4d7f144779ddc11911f4a08", + "04d1c99f9d486fb92b132d68c0173df891ca757572f7acc03cb41d46bbf", + "07de2deeb58d55d65fb37f600d916cfa49f889f02ef53dcce412703d1c9" }, + { NID_sect233r1, NID_sha256, + "bf0ab46e0a756c11229b0ea961f8d57218be5b00ab8b0e91d7664cdf5e0341c412c0e992" + "d26ab12115197db39df2d1a6e18ed26a91be461432a2dfc21d98cb16003e339b0b0b1f10" + "0e4e6f4824ddac5442f22a1fac26326ed8a89cc91343d7223986d485cc8c64424e84d56b" + "e536c57e4dc5faee459b1958efd79e07e90a9811", + "0aeafa49d776b61f6a30d66ff64bd40dd8d79891dd5293c1b5cd3b46a7c", + "0401ba1b87b16122e6939da5dcadb8902177a9f9ef09194c8695008b80b588008f51ee5c" + "ea1f4fc9c44c70df57326ff121268bf4e02cd9b2626fe7c1ed", + "09d640ede5bb60b9aa78e393ed453b1643f6dade4aa20e994db53e81fac", + "0277bbfb7479077d5fb6813670fbc7f46055718199550130b122a7cb8b3", + "0f8dd350bc0bd2d84cdd374c56ff2341de4102269a1e80df7e35969d4cf" }, + { NID_sect233r1, NID_sha256, + "c7b1eeb7c19eb16e7f42b61d79e421b71de797a6cab4e0baee522fee7acdb533f7bbf585" + "5316544e1b82b4f2a18ad0a2311e7622549332122171f32fc62a90e408207e0fb90d1b05" + "2821dede9c41b15b6e07d84d5d7b9e31e6396a8ed229fb6232b3051298dc5321aa589f4e" + "289d27169f14c8cc93644916d9b72dbc92c43488", + "0e95db309f4305b621f51f93588a2678cb19aad0932f365fa0aaa3a3895", + "0401177eefc44b6070e2c41537e75c91e2f08908c0d950bc90cd2f4720b33500f751312d" + "de55b1bcabf31665deb6c12d043d5ccc89800622a557a7ed37", + "00015798ef57a771d62d194389817c93de1b225398fcc0d2b81d94054a0", + "0eef7161a167f69a6c89b0f173db2c4a7033b5d801c0d89642ce65e377b", + "04043f8985bbe0221fd595f9355c33e1930b5e10a1452e81c31259e1e3d" }, + { NID_sect233r1, NID_sha256, + "a738eb074e1f277dc665118ca055e6328059ab26da188c16f56384c566e43df8cff3d2a1" + "0d2d15c3c1406de8f734b20be5dd1ce937a4289f0ddfd7bddabd03586556eb8233b8feef" + "edaa1f49bdec6d45fd562c2a83fa9fcfc2013bdd77900857199e51fa9c7cbeab925ba8f6" + "c3c5fae46bf8e9c574b302f1e5f9c44400152a78", + "0d4319cc8e409b8755880827f3200d3f0f1c64d6356fe74eb1f5aa42499", + "0400bf65953f2d08477f7fd0428c31125184e3bad4d5da00c91991949e056200f1669d0d" + "116817d625128ae764b3fde956432552d24d98f08a12925afc", + "05e8704febc38bb8ea76f3c6433c1f0421dc5e5af959723a5a2f0e9a970", + "0307c0b838c65d1a47792cb367253bf7c9f627435f1c7ed74494b318446", + "00031a9b35e935be6620243f4878a38d4e617fb25f7a4883893366f39cd" }, + { NID_sect233r1, NID_sha256, + "b28103d77e5457c42e026e713ea6ff03722a36512da17197140117442a976f9e2139c54a" + "759fc26af5811b455e5a0d3a95362d9939c1e738045be9237b469ae2106ceed7e7842b44" + "cc0a475d5af6d781e32ff1dd1f4e1833dbc7f82b27dc7e1562d0e29213fd8911105104a7" + "a16f665b926aa137f70d868c90e72f8ee2c95b64", + "09e556c945052e5954915c773b2d47970c521fcc99139269c3ef46093b7", + "0400db68c16ffe64bede4a849812df0b8e202f74500cb7d5349aacf7f3f0260084b5892e" + "a74835e96e9dfb1bb201a4dcaf32da25dc00dca019d806f5c9", + "0d0c9e0b6d4526d5f6494d2c72f812fb8d26e17c7a44f6b5e3f9e684cad", + "0a379ac253f3aaf94cc49e91fe3f2908107a9e1a4d102e02395eb18cf08", + "0854c2f6ecbfe95cfd14045faf71ad47561e365c1dd5f515d8817c3198e" }, + { NID_sect233r1, NID_sha256, + "463d04c84521ae671bb35c0a7acb3ae509b1b0470f39b8fe7ae5f3c9fbadbeb2bcc3a87e" + "284cbdff07407a351f7ba743aeac50c4a1fef7375b90eb4af8ea2df040776bbf3e4389e7" + "a80bea40530842642b9895ab9ef5ac8ed6c9ce7917d7b3ebcf80b801da845943313988c1" + "970e7748cc306f914c37414f8247d648b580000f", + "0becc76f8a77615c4f92ae1f91645bf5bb908e75ef22fd544aae63a3c8e", + "04018cd93bfe8fc8ceef2b9be14fa947b60fb122f5099cb5bcfad0cdc601e8016de11e67" + "3011e30f6fd92025a60d7938412ac63b19d23e45bbf53c6c4a", + "04e75a7b92c42ba0581eb1201fa5b3fb2ac82460e953c26ce6bc60e145f", + "067bad23ecac0883d218b1368d822b3bf9b82453c0e5f3e336777c6a507", + "03788a331249463533384a61c47232aee6f057634c37560ee25895b2a03" }, + { NID_sect233r1, NID_sha256, + "8b2379b5553ae7db6023cb010e26ae91322bc3f94dbaa369481936f90a886e5d3827d995" + "ccf03ca59f46805fbac0337d31a8f117cc7044218a934d5bf507090e7e21178a7162c8fc" + "b39111e6967803dbf9d752f3ae737ba024d0f4f7627e08be58efbe997a164106bfe37f67" + "d2f19c0fcc7a6c7eebd96a72582a9c7bdf881896", + "020572c2a3dc3ea430cd8cde9d642081c21658e8bda165550cd9a5d37d9", + "04016117486794f14d171dfc3ccffef0396cc9fe5aa45d6d39ce0f252c416801b6a12fe2" + "adb279dbbefa4eafa273a2ddbafb2c6401067a5ef5e859fdcc", + "0edc8d0b64496da309b10630e9e5917c9a807ccd7cc7bab14360873eeab", + "0e1fdd3b7849806fe587ad93aef737ba0472409b7239981f0d325785fa2", + "0829449a0c39071a832664e8148e762efc36fda9e030e0d062458728273" }, + { NID_sect233r1, NID_sha256, + "3090bf7373731cc44c00372c1ac59280b0f36e627ccf763fa68a7be37bb0ac8cbd4f70db" + "54fc652566c78ad268f78f015e4bb1e41516fa56ac303a3bb4a52e1fe897d8338db5a6e3" + "7cad685e704b994504bd231c7dec0002dbd907a7ebfa809833e32eb23fffdb44fe4a18e1" + "1fa19d67356cfd703cf39a75b1a290b8a7c73afb", + "0769cfbf2dd8248ea1e0ac9b275c9d6ddcf923fe762079b9ed62ccbaa89", + "0401aadeee0e31ba9505da3e195d883643d260dac9fe5e86102c8ed7f88eef00d925bd5f" + "d700fcdec60cef9c9fdd304faa102d9d721b4f21291f8c96a4", + "0f2e203410107c075e25c4adc2f55dcc277883d679ea307df7d52060fa3", + "02fc0975c2e70328da4a0ad2b8bd344a8171c2c500c55b1c92270230c27", + "08871b6791f7d03796a3aa537fa820f0eac8f2463c9f918468e7588b784" }, + { NID_sect233r1, NID_sha256, + "c37389cbe3f46eeebdda343e354ccd543e96b0c2a87e057aa6b9c4895a403de706d658bb" + "c9066c140e50fef4b56af2db1f42efb70b8021254649983f1e11d04d6b10169d5a1c2093" + "b6ab89227b88a30537c776bb7575749c3ed87bcb29effd8e4f17915b4d5dff6cab9678d8" + "8f33abead1e73dbdc5c3307ff3d3b2d5fd7bfa83", + "040ea4a37b388f0cc464f7e2bf92173107b268ff77a8acf5f517b4ec0e4", + "04008acee84d29638a7285654d20f8e0653c7386140aba0bd2fc157d51764301482ba5eb" + "b82ba46654aa1eaa6a5f01e030177318921a0c99fa3f6eee9f", + "0a6fbf938e9cdd009c838196ffeb61f7f545f7e7e9a6cb18d1f595a87b1", + "096a80172a7b3b65c0a8acfa8b89cedf9cb19f6eaa5d38436c300b7c0f4", + "0b7bb96ddfc9d1324bea96836c557cf88d6ede9a93ada8fbfdfcfe56244" }, + { NID_sect233r1, NID_sha256, + "8884def8c3b9c5f856b9c2352c85ea71aae3c8d0e84ca74e70e404a21467159fc9826548" + "d16dd1ec5a75dc2c23ca37b30312f25e1194e0f9385a0499db34c855412bbf58979ffce7" + "fc3afeb7b8dbf9898df44023200d809f520db99eae315b5cf85674fab008a20340fae8f6" + "974034fd3e55bf08c5522a460680218f9757e368", + "037fc7898df9b37b5390537352f5c0b8de22659166c19d7d4df31c3938d", + "040198674b40d2a68ed94d5b2c51102393d1332404f75187130669b9de0df9013ee77d85" + "4a60f1aa74041ef1fb58727c09f13039bb4b33a818dfe9af2a", + "0cf92eebec59605b1d45848f5d06e93ff2767dfa282929208ba801a9fec", + "0f7bd93dd4df06219fb974a4e85030840c7d4877f131adccbd98cbd25de", + "0c2c4a864459488eb5498a06b0b56ce7fc98fb29b1eb9b6238da8cc8f52" }, + { NID_sect233r1, NID_sha256, + "f1fc154d469433f56c2bd42aa52237a4a4bfc08fb6d2f3f0da70a62f54e94e3f29c629c8" + "37e7adf0474fa8f23251b9b349a16848942c0d9cf5db1d0fd99527020dbe21cf0b94a9aa" + "21f376bf74da72d36f87b306b0696771efa7250c6182b426a4500ac14de4a1804b38db8d" + "4f3beefb8c9bb619ac82cb63fb37c2e1d22951f7", + "05d5069425e7a9925d2cfc6360a708147b2c1b55ede243591885147ef3b", + "0401f35f161ce0963dca70066b3a6de2a74ea1941a27cdfabd9e433d8084c701d5d9cca5" + "b741b2321d8511a777fcc2515c99ff8d13ff20266a163c94b9", + "01b9c83d36ada7e9367790ee850163ef4420104e0dd3299ef6d65191d7c", + "0dca4e804bf74aa496c15025acb4232c637c9b81e9e26d6f2065d6be21d", + "012014f77a4ddb7b266abf2c65a653988ee6f913e700f3f83f3e78c88ab" }, + { NID_sect233r1, NID_sha256, + "885cd348f7983a0721f96c0e866821223d3e5a95178b16d18652b4062b1b2278aed6f54a" + "b06f7e37ae6ce1020aa3eb812d215194bcd212302da5b971fd86aee1dcb23057dbedb569" + "bd0bbef80df538da69ae2358cb03bb77c64d3ead475c8c5ae5bfbdd75684b421a26f1a7b" + "0c37548fa32d805acdc91230dd70a48232a12846", + "0ffe3e7b82ca62b96e057ee072a4718ca20a6cc9a3e51e4fe8ed7b4b9f9", + "04010f774adc83c1893894855366f1db1962bc697b8e1d047a01a08b12da4a0078c6ff63" + "4d5dc8ffc4d8b1a53bbf94046023095a8c2b41618c4330a4de", + "005a4a50de4e97280d6ed1324214d91b271deb649a2dae18d21a0182022", + "04bc8ba9ffbca81b5f19f0d8b1306900ee642bc5cd9a9dc9867a4531b04", + "0353567acc062b83459017c70cff4f3b8ef0925032b51d7300261408549" }, + { NID_sect233r1, NID_sha256, + "ca3b0e2f1c7db4e73c699f06e432bb0f63705ba66954bec4a259bf31c161bb4861476e2f" + "2f7dde9d841d1ea6bd0990cc793cd7a10432e38735c3eeda7a0d786e8821239bdd6c4972" + "c96c2cf68ec5b935391f963a50fe16af2719c9029943b539ff0f1f5645962a6ac46c75d2" + "037fa0c7cd46deadcdfc66e1ddcaada3a376acbf", + "007a9cb5ce27c763646de414ca2a4dcdb774d69ed2bde7a817baddbc9de", + "040086d4ac1e3d54f7c154c5370f5c9a2d22cbe8f794df68974706bdc9172c017770a2cc" + "ac923423137731a14e97f6ca65a8cb3642eceb4e70c78ee929", + "0538b86e0a899281ab56d28f40bf3b7435f9a57e334a3269233766049a6", + "007ceaac3aa0e260c371843104f5cb91a057741b38889ee796e69f920e9", + "035eedd44b036b843deadb8e8df9d96b16e719ba350a634553457ae71a1" }, + { NID_sect233r1, NID_sha256, + "4b0a31b746763beee77cecd318b90acf50fac4172cf4bfb354e5a440f651cb89d7a515e0" + "9ab19e9850803ab9167c2aee3b395a5da10dc9aff799d73756dfb0a9961d93bc32f15a96" + "bf13962a03d5bd42ddc8b5928def7fc48fb063f42866fc5f96cf88fe0eb125b7c01906ad" + "6a7fdade28ccb0a421ceff50ae03a974671b2c27", + "0c03fa9e38dc1c697f70bc6381f2bacaf860bb5632fc837f728da959ac9", + "040195f386c7efe108fd1d580f0a77031e180e45a23911ba983217207a904b01a6837095" + "a64f71ec53ab1c0d9a3a39d69a514065d83f1af26870e41741", + "0d4f48085b367787a614b57c06ee8018b2e95e989c2e8cf355e71db1091", + "0391710f815babf07b6287b7aab8b9d2ce04bee2a144f4d4a46fd17cf77", + "0ef29cbd771b8a6f414ecb73b7937ffe0a108593ffc6899f28d4030a9eb" }, + { NID_sect233r1, NID_sha256, + "3011d42792b21c0f1719faf6f744d576f72c5fdfd22b1a520d0e8d47e8c2b06823d853b1" + "3c9fa039fa30a6f2e3e27bb2100c6a35f55703806bbf0f79b09d0f629f8042ec63fa0406" + "2f15f2edb92b19237980005566f02bb12a40b4ec66e4ba6c599d928b33f72d7437c0e399" + "a8e6a9068d1fef24917fc4f9ab5464ea6684dde9", + "087dba00e3fe4802e01718017510094924496bd2785d4ac1a352c530473", + "0401198518db2d1255aef955b9b80471aba60cf6d8fd1feae6d8e048ab140301833332a1" + "16214e4d9fb37c8e0ab7552b87348434a67a0c41f73972dc9c", + "0378578acdfa572b1de4e032158b28bcf00ab7dbaf07b0e772c39603216", + "0be2cb45d527a7685139290f1098de975b69957fff2c5c29059ce417950", + "06abf4afdcd2990121723b94ab8145d01cc4917cd70416620ef100c67bd" }, + { NID_sect233r1, NID_sha384, + "05a5d3a3b79f4e51b722e513620c88092a9bb02408f5f52a32e782fd4923f4fd3094fc55" + "36caf4b645d830260eba91b5173f3833dd65600fb9e246aec968b1f6ebdfddb4059fb2de" + "7e636ed60bb7affdb74aefd158e54485d5f26be373cf944c6570daf8fd7e4b77fad57300" + "667d6decf5c65db99ab8763bb4ecbb09fdf47e3a", + "05a387e7affc54a8fbb9157b5ebd400c98e2d7bd5c3e095538987d4f8d9", + "0401a97224cafc063967b25cd1a43283daa5411f3eabe9386b8b14c9768c29002cefaec5" + "141bcb084cbc9aebf28fc59780897ad1424fd439eb43eb911e", + "0fb7ec3804654b9c3675f7b3c427f6d01f83872e96de2742e59c93151fd", + "0808d829d78e65eea47122c92f8c2cbf5a8d6717a057ef1659fb6f8cd3c", + "0ef338e09dac0b12fa6109d15924efb694a0b672afb4ef05f4e6f2f7b88" }, + { NID_sect233r1, NID_sha384, + "247a101c8196eb93a440280650ad463795690bc620e46e8118db6900a71eb493d03fbcf2" + "f73a79bb47aa8e2d8c87ef70e4cfae36fae5c45fe247d8cd0f7d0718dad106526945014b" + "4f3bec324897d8e1fa2f457b8a68e61873b7fa0350fde3b87b7b001c13953c2050a24f71" + "fb77eb455053e49200ebcbba7299485c0f1a40db", + "0adae709a930d6f5a5c0e3d8ef4aab004d741d23f0ffb8287f7059890c0", + "0401541eaf3dca942957c48d693d2eaf2a456646d2fb3eb8df1779b917a9b00097379582" + "76dc31852e57063119f1d2d061616b6a2fd35b4a1a3f046954", + "0390d5ed395f8ee3478c2765525c235587dbf5bb2316df3a1e8c664185b", + "0ebcc4f84bf2deb9b3d669158998fc96d7516580675e24348ca58d70d2c", + "0b99462b85e6ce6b46e5aca221250ac9de7ccf3e63b38919b61700be866" }, + { NID_sect233r1, NID_sha384, + "a16678c71976a3ce3362ca379b3272b92e8ca7085b43752473db34e4d6b61eeed3875f49" + "f3328366fc9d0644824e0104817de458e4c1036636b18b83dbaf063f2f99818959224906" + "571c7b28873d9c702360888df151e9ad1a7003e6130033203acf8a69889be6ebd90816f2" + "abf0764f10be68653b1e56766ecc3150bef8b042", + "035d391411e6d679751092c4ea5a079c591e77ebdcb57c1d9006ae70d90", + "04001298e6f1612f90dbd2eedadfa8ecce22dff1da2d1cf057c41bd37d4b060073136a1c" + "af7dae2aaaac571a900135a51ef031643e9d5f01934333b864", + "09e343003670f61db85aedc0249db21953d232bc45488c3d6ceaa6072bb", + "04ac435e88f8e487b9b217e7d68fbba9bdea0b9685769878818f25e661c", + "074d8f4dd58c922d7e79f30950bd54c10c1cc52ae3b8d00b675c8e501a4" }, + { NID_sect233r1, NID_sha384, + "bc2f080a7f0b69a6b142b8f3fb481a43bd71d07418df4f3b802568073c1a8d35729ad197" + "f34a4e941a6dd511c63f201d1f6c34a1b66545bd5f43508c10bda1d6ef60ee5bdd25dde9" + "75e50c61f76cd36d50ee3bd8dfa2dff59524db9ef12f1e28d109b552cb42f021963f559c" + "843476b5c889fc567b7840297c5a480e18c221dc", + "084e79093f1947d6ab9cf399782436e36ef87c59a4c090930c9a74ddb10", + "04008e756774def210e2d6f76d6e4b0b43d86adca0880f017abfc911bafb5a0147e6a20c" + "1aad897829339630c5edd327ef9a7e40795630504318cb71d6", + "0ce780ea99a344d67de7921feba6ae062817101068266d5d1a140d2b49e", + "0fb2474b854b8e5d6920ed90e69b5b386a1b26a947b1cf28a13f7c5d3ac", + "072722017a67ea6754873f833fc51318d41d6ef598d3ec2d3e0eb5bf41d" }, + { NID_sect233r1, NID_sha384, + "ea71cede8b63ddc5648eb244184bae265cd65d50f77a9e25ff93f02b132487c08732544c" + "b88936d4fff7c0fedb39685822dd1c9be1158f647c605c9bb5f6a1ae34722fa08882c14b" + "36b6c93cab33c9a269c7c10f755b6453ed045ea3e56f29e95a9404ba189a0b4884812039" + "2b4dcac43148b706c3d9e4c03db410cbe5dca3da", + "079b6be015b8006f86fd81c2792bec6b42c08bee2d295cf9dc214c326ab", + "0400e24338d5e33ad12d41eb623ad0905f64d5b75835fec4e693eebf9bba100101b4297b" + "5b62fcca7c61637a2a57365e911d3bc7eb0fc7adb0a9dc7bad", + "0f06b001e5f874d16632e3c8d49f13d70f48ed4eecaff9d3b741f9d02e6", + "0de16d8fd7bb1783a2cc4b9ac1563eff3f87e4e6d75e6a32a4aed1ecb02", + "040bdb1197ee8ee51e4ecccb8d42dd985913809c131aa9224049425a052" }, + { NID_sect233r1, NID_sha384, + "319b41d16e18059a1324c37161c937e882192cd949c420ce9c59208a0ac208ebb06f894a" + "7fd78df2a3c5f23f25dee6595d3dacb25a699f115dd482ccd36fc54ba29dda279335424c" + "86b07a1b1fa76a5411bcecaf4d37065b229cdce0bac75b666c6626ec37a716e9841be93c" + "907f87453ad91d36846561f284421a89013b88c3", + "0ca9d751a060fde64336cdc88122819f4b3cd1b4e7df42d495197787894", + "04009549785f4f9c71f20133f5a1d409b244df55445beec404cf8cd4d2cadb01b246647d" + "7570f052840d4cc01182d1dc3bf357b25e5966434e1c3c2a30", + "09e99fe741cb23f7eb039f5df8414d069b5c2e3c144dcd6cbc6da56ef43", + "0cf00f519c18e7a0fcc84c1e338158399f16929ad89842ba97a4afb5bf2", + "05854ee1a6aa5a6a74bec0b4696e80aa275210183c86f45dde7002d7ae3" }, + { NID_sect233r1, NID_sha384, + "aebeee215e7b3d4c3b82db243a47506ffbf2263f6fe9de5b69286e8649d9218367c36ba9" + "5f55e48eebcbc99de3e652b0fecc4099714ee147d71b393de14a13e5044b1251e40c6791" + "f533b310df9e70a746f4c68c604b41752eca9ce5ce67cdc574a742c694ada8f20b34d0eb" + "467dce5566023f8533abfa9688d782646420c77b", + "01dde4b2d49338a10c8ebf475b3697e8480227b39bc04253a0055839e9e", + "0400504bd3a97baf9852d6d46ef3db78ee7555db752120d020cd056b1b4e50018dd305f6" + "a15e91fa46d2a6d30f2ec8fbe2baec491e26d9a2ac81155c85", + "03b78d2772b8ce01a00ffe2e6be2f9e2ca2c89ea3b29bec6d6cf31afe33", + "0c0c51fba155f98900eaa2d2935acd615e917f9dd979dc8d92f1d6e00c9", + "08c8354f95e24ed13d8ff3755e1122dbb4117c76b21b3bdc7f4dd856f8d" }, + { NID_sect233r1, NID_sha384, + "8d353a6b6f35590baef59b638914d3e934d0145b045d221d846517ceddc8ff5e3d28826d" + "3459f8ce1260f705e80923f39abc73d5949aa7aa8ad1734be0e992bff0c9a8f4cc9bdfa4" + "30d4cf52e29d3737b0cd3231b72b16e15e1a9040b832e4a920b4a1d94c4964ac6c8abb75" + "bbbdb10825f882ae44c534c7154c446421a04d87", + "02c8bea2803fd746c874fa110a716538c179c82712f38d33d0f6d037e7a", + "0400a034560353561cde19db89dbcad5c9dcb74e239efc604e86ff38a0577e0185e0b02c" + "48be2e90c916a7c8ef2b41a57ea8d4f21d8cd3a0878a03875b", + "02e39f851c57643bd799c4f3b2fcc5eec8ff7f9e9e279efa647f969cc6a", + "09b2ad7efc7ed60d9cd3dedbd4159b1e05f05ce5ec2d2cdf7a0e0657482", + "03fcbd4ace6a140c8bfebe36ff30848966bb0d3eec323cc8ddda55faf00" }, + { NID_sect233r1, NID_sha384, + "847f134b90f10ba3636ec24f36a94111f26d58428fda5bba4501e58c7bb55809f52320cb" + "e9e0df55af1e40bbac9f3eaa26a55d78b60621d4356d090d98363662f406367601eaa9eb" + "9568b1a1b319730bad7bf6a7ddf1b45eb6922faf8d065c540b671c50df758ebf8c4aca6f" + "01878e5e0012dd038c58833e2b13ebdb9a9f3fc3", + "0b9119b3b4b30cbfb98ddf0a4f6953417e515fcf0e5a94e83ebc1d1d14d", + "0401be65d340f7e99067bbbf961c2b357e1fd47a74393cae5f93a40c5dc28000c04cd8ca" + "3ee253b99e44ee6bc0e52d2f016b16f59c738b9f2bd8c1b9d8", + "02c851ba0123ff0543808931ab3857b5c15d7c10c343f232913f6e0c92e", + "0ba2b33550878e223cacb80e45e382dae84e76bca5a2ef8371b84d08572", + "08c370f82506e97cc15837f59e9779448decbd87bde0a463bc14b18edca" }, + { NID_sect233r1, NID_sha384, + "99d23950493bdd931915e9f9b65e4cd1329866c0071a19d4f7d6fd190689275b7b10fc07" + "503dd1c27a4da274dbeb3aa5cb0e71e9b7b03fc2697729b7be913756e6760098951d7015" + "df181cf14b1e0b954e6260276af553e3e59907794b863e941950718ef154669c5c262946" + "ba120892e0239e05910c2194f712db46e37e53b7", + "0f4ab2a573f3771d1e4222e251faf14e06cefed544e804c299c9a8395f5", + "0400b1f973d6495d277e24320622b9b99fccef8eb5c1c6952f35b82d4479ef0161dceea4" + "d3c9caa4f640f51b37fcbd5b8932642a94c8e7aaed5db17fdd", + "034ff28a5ed6958514c603b3af5a991e2e9b4cc2c0a7aa73ab2d70bd05d", + "01abe4a7b27395a37089f91eab27ccf29001ced1bb3348a6f919d466477", + "057449e55d3f2a4004d647ad6e8fbbd516adbb4de40b1a872ad8ecf67e2" }, + { NID_sect233r1, NID_sha384, + "7bef2487bc2bbbcbcc1570bbd4ed437c0dbcbbf63f666a3355aec49ea6ef593da25aefe9" + "ae0d94db50692475425dee3c88cdea975794ac69142c25732f3541457d68d9101c8be069" + "f2b515aadadea2019dc7abefa6c12cb3f76d9f4b5e46546f77eaf636aa8f232913092211" + "1151a4df913d18b7cf9d0308f01ad84d878adde7", + "0f4649cf30d4a5269296a45977de2652cb06d3ca2aff4475bb24517b927", + "040100ddcc8e09ba2122a6535c6a0a2dae83abf9e17687b5f6aae7ec6a2df10048f55873" + "60ee251925b7ed02de82307ba219a707705623727f98346a26", + "0a38b2bd0e9a5044db19d4312ec88d19ce1a9bf0eede8c357f898b0bc67", + "0d0ebabc8761ea215808a2c3035b14b614f64be0c2741b3d7789a8659ff", + "0f9e742bdca44c11bcab196f910c0d887e90f250817ee7027f6df8207a0" }, + { NID_sect233r1, NID_sha384, + "87c717eef6dd3c7434b2c91de05723783bef603d170f654b49a04b067b077c405d2d757c" + "e780101b930196ca4261efcfbd3fc1ebb762cc0eecf101072988aca508c41581936526d3" + "f337053000dcf77b16172492c5d654c6612bbd2523a6ad5966d7091697a29ce882fe331f" + "79a7eb59e5a3fe536263083cc59b8133bfd33c1d", + "0cca24ad914c24c011f41f80d27ea41caf41fcc8dc9dc6dff5248b2b474", + "0400175b73db13324a678b8afe086944a7ad257cd33fe9538c59b9177d1064016a98ac9e" + "0ff59de1ad94b50f8c709ccf4342f983c7530be64c3f1548fc", + "029c83def3a5c386b0bc3cf2663b8f4b02f26c6e3e14fcb17e9460087f3", + "061df783609ceb355aba3b1753d38f42434bd75c8354029966e7a788be0", + "01e8a093f53a1d73d5a994b97f2b2f210125ecd3dcdf77c68ea3199856c" }, + { NID_sect233r1, NID_sha384, + "9bf48c2aebf473b3a4a928b3b6a4d2fb7e9193c9e60bc2067f9f03083a8cc7b892bdbf05" + "601118bcc34dd283e7be996bf19b0bd36727eb9d65276b6517bf0c77ae0a9091e7a9e461" + "82a2586eb22324939801034e5ba94ba30d1bde7d8fed51eb71036fab6224f8ff30a00842" + "2efcff7ea239ff23b9f462777e62b41b396c5dc5", + "0f5e12d536ef327e3b0ba65ac5fc3f7f4880f5968f3340eb8868c1d47da", + "0400b2910f5de9475486b3975ce91c02187e8803e68586f3a1df14df67648e00f28af536" + "3ed851c42daaa810afa1fd0d2e001da7764671fd44fb6737c5", + "02a018753965bdfda98512c7f9da3e9235a4a77aab9804437b652182347", + "0b6fd02b2d84b7baf1a5eb592cde667ed6d4c2c821ca336027a72d9abdf", + "02253faa5935885945121a374010b2257123cd5db4c54a2aa0e08c8197b" }, + { NID_sect233r1, NID_sha384, + "716d25519ae8f3717da269902be4a7566d6f62b68cd0faae94bce98c8a4ac6f66215ebac" + "5407d6f64adf9d53f79f02e50921b6f0e8c805926a839443d30d9294eaa802faa7c5471d" + "81fd1db148cdc621a8dd0c096e06fb0b71943337d5325e1bca77062684873fe904ed9012" + "474ceae5b138e079f941a665a995026d13d7eed9", + "08c30d93536b8cb132277645021775d86c2ba8f199816c7539d560ac6de", + "0400d69332763cf533d48e56065e1b5255790f8c0eb23471fac9b945e6219500292df8c7" + "7d9a6803f60bf0722ed57ae2aa3bc816403b000fe2940e02dd", + "050967928d6089da5b16c88b7927de210325c8d8f5e727fa1ba3bd95b5e", + "02434697cb5c2ad95721943154bc81e2ae16332fa6629788f505bbc1522", + "09a5a6792b1b9c2e200ace5a3d50c04f69084dd9222c021ef5fce14d4b6" }, + { NID_sect233r1, NID_sha384, + "01e76755007b2ee5ac9e1d4c8adabad6d0f9c1c08ac6e2622b7c1ead89bd3ad0921b9525" + "b49a780a262fe8fc0904a80391717ad7cac9607de55f7c744af8a132ec45ce79723f4a4a" + "8c8b9ef658b360bd3890df164c9f1cd74eafb74feea251a34514ff2a57ae7a6d4bec2067" + "cbf6ee4fdaabf13721bf9ae178b9034ac5e9665b", + "0fa3f15a506ccf7b50bbbad0a54d3223f5a95eb54f0d1f4e5d0cc21469b", + "0400e797527d57fb3a18c71d1e82e7935e37e719439952d4b972f0c1e0c83500a345bef4" + "c5015e97a148b8991bed4b7ef48947b12f316b5621e94d49d5", + "075afdc12d4d50a7495f5a7d309696dca23e9356a0cab11c3b3d7b8c54d", + "0960ef460000fe8c761038bab7e29d665100494d0874b6556862c2808aa", + "08d3c004426dde6c18b1c9ae00a44ac947e36755d8c40eecf47bfa963fe" }, + { NID_sect233r1, NID_sha512, + "e95abeeb2c51a8cb75ab74253dbe130b5560cd52e2a63d501d26e1458aa568aca6694be9" + "1eee5fdfcf582c47c1c727084ee2b2c810281cf9b095808bf7e7c668eff00a6e48b06df3" + "fe6a445e092c24d5687d7d89acc8063275caac186c441bc697b2f67aa71b03294e1adeb7" + "e557c296dd91304ba0587cda3c984619f1eb4f2b", + "06400a4830889115aa88b860b3fb65905b01fd126c4aec2785518c2543a", + "0401a2051662c1681bbbf6bccbd33c44c7c7fc80b81a1bce14caa36a73f7a8011583d3ba" + "8f22080488471d8103f868100a97af94809b58bff1435b16a9", + "0ceac6e5d10c55888b9ecab8d3f6ada7f4d0bde2f109699157d194efa42", + "0c148f2337008ccc3e61501dc5df3ec95d3596d97eae96a7ab085a915d8", + "036d1debebaaef50243005e25c791b9674cd6fa986dc3d32e089fbfb2ec" }, + { NID_sect233r1, NID_sha512, + "bb8d8515365d240b2071daef0d80558fd3d0e059be9f6abb7b7a0a5f47e2ddca7d1b3b51" + "01d5c583143258520ce8db0a87f877a395615c9bf879ef46f2f20f68bbc9706f82781fad" + "69019396b27f292cdc70fff1772e90205a2225f80889f9daece1d03914d8776ac5bad24d" + "8fb190ba10a2ca17768b918c2e079d83734eb372", + "0c7b73c324250f14fac0edc941f79bdbc6933ee8f64bf94b847bee5eef6", + "0401af7266ee56bf0518f2875d4f4d9ec508a01769d9c1fd0a885a48bbd80c0084167ada" + "99502475478465315bf8163870a9ec1b43f15d68f0304ab03c", + "03badc9b8098c3b4d7e943a2365093028b579519031a8643b50c0f81eec", + "07ad4fc96c21963395f56eb63e1b0b4d2c93d827626e7bd4448697ded97", + "0e7504e6a9f662472e3e6f18a40f7645922fad2ef7313d600a5a6ee314d" }, + { NID_sect233r1, NID_sha512, + "cd8b2403435fac9caeffa21b55eaba52d7efee0f89df7142340cdffeb89556303ca01a80" + "0429397e2ff6c746743b6bc60a87133274282d4cac02e4ca90ad95d80c93b84163b96296" + "f67d40b2a1124b2b6534ab6b60fdee312fbcdf468d0e84eb85fce4ff360136bb31ced399" + "8d29cfaa3ae685e638ee272058f123c4f35f8b6b", + "03db7f28e161abf52ab0adc8c4c8544fc989af081303b8688f22b7b2eb7", + "0400ab94312e53832265b929f3d529bec33dbcc5c17b969e0afbe2d559ec3901d53b2c1b" + "e229e2c224e6e9fcb8bb0f044f3f9f5677c60bc9454f36eb06", + "034a8f980896284fe6d28b0b49703f1384d799e3f11a04b1e62da12965c", + "0e374fb355f30d7e427bc5db99ed76a914d6e286099c72f28c07302c741", + "08d5ffd41f8a1fd3de6c433635fddcfc2b21809d91496ac17571afbb856" }, + { NID_sect233r1, NID_sha512, + "4bb08eeb202564efb5bda40777d71f1bcc4c7c10b611e803e5c570876f3e319e9e2bc2d3" + "2031c56a32fc0d1fcf620d4e4377d881e9e1695bcdb78acba370b849115b86c1c4b83edf" + "a03299da8e7fd14c7cadb81a8e4911c8e427e32c8c9b67e317575331967cf58085cff0c0" + "d48ee0b8e7dc0b49687bb1c70c703a5dad08ec81", + "07e9d2fdd017d6da6029e88f78927d9ac9437f542db1f1fa99e32bfcf1a", + "04018429bf08752aa470a8f0801170a7ab96adfb168ee8212d76ab0b994e460072a5071c" + "e308d7daefb3e8f4da4681842ffe0f35dd8b071f0775c83f82", + "0a0f330e011d34714875500b70c881ff6b1c9e96da930eef75ec78ac120", + "0439bcdb86d40e8f64db5dbead95d85d6a771d811480c5765ffcbf75422", + "06c01f64e2812d18b0946ea4e6599e8cfca0a2b606c3c35c803ef2cfed3" }, + { NID_sect233r1, NID_sha512, + "0bce683d835fe64e6484328aa13e18b0956f6887b5e4442fce36ff09aed015889794e79d" + "a8aa60b4be565c78685674c51e1e7ac60db6a763c777198a56e382a03aff8b40862f961a" + "e23e8b8683b76a5577769422418972ab0049119382edde9e752b42e8b93f403c1ef8665d" + "7ce8530ce4ed9ebf6d397827cba6b7645e177231", + "0c94052760fc74c2b405ee4dd5dd2a7d38ebc16df9cc32df706075450b5", + "0401d2a5ee02d97f82ea9c8833b825cc57b0cb51d3f2a2cfa7577eba676eca0149c68d98" + "d0e9cb242962326a26164f3e3cb6d81b51f281474b0f8d333b", + "0fdd3ade90da682676d40008cebeadb9b2378d8a821e9e9428018cdc768", + "0f6d244daea95002daff2ff6513da694eee58f8b6c2d47ad121be87559a", + "0b04788fbb5655a053d0fb7a38c39e1fef68ff17860442ec8b8ad049842" }, + { NID_sect233r1, NID_sha512, + "a6defc770426daad4dafba3bbd2a69881334f7c31269b297e440926db54cdad3fd7ad200" + "f5ada2b72ad221ad99a06ecac9c2563a8deed89f0d0896991d1a652f6fa282affefbdb1c" + "1985652300d1792725071631d75a182b683a48448063c7d2563ec3d430e0fd3acea33a35" + "cd38ec0b5b07af96af71d0bfcd879d9864ededf3", + "04076b93487c2da8aeaeb4725fb53b7b41b465315335c18c6ca041175b4", + "040158755fd290910498f6c8eed83bcebcd1fcafef4878c860da118efa250c01781fdae5" + "01c2c147eca2c6c809d9428fff2f853b57c7d6add70fcfaa0e", + "07debe933553ba3420aa06e1bc52a1653f8a19b59c0bc9c47212389442e", + "09e09c6d96e33c845535468ec7f5b79cf30123538011d0b5ffd935d168f", + "0963bbae921317666f5852759e9ebf05cd026a5d9f026942835ff0daeb2" }, + { NID_sect233r1, NID_sha512, + "7803cdf4758c199962b62943f475c6c31356f5d9b997a12e21146a2399cd0dd3b97a860b" + "2ce639e2801571599136d4a8cdbfb12fd1a5ce22374991e090533ff42823a2c58d2076b7" + "72814eea7fd7a1fde68263ef912681c72c7aa3e5a7cc44ee8c65e72228b7631e600121ea" + "35bfbbc783b6ae3c0c8f80198ada218be533760b", + "076ddd73ee4fc1f5e6766e229cc7236cdfce312417ea291f7c3328d5ab1", + "04015185e029c0d4eb5102e0fe900ef3c921acc744feb44570a288015d090800ed56bf93" + "394a434cd84b521040d40452bb39755da5e273a05e8c0ba792", + "084e9e4a9c84a602c18bbb6b183d06969c8b8538e2ff901f1c2794d5eb5", + "0fde8e9b1959477ddb3423661df1e7182e4b583849d6d17fafd7dc5406c", + "01a12bd30e9c8b74912c670c0845ff5ecc77f29797160bd4992efa61f4c" }, + { NID_sect233r1, NID_sha512, + "e789461e1dad0b6e21abeb6ae2e96385549d1bae39415188c8f833233da6a3328144c97d" + "db36e0ff4d9e19d84f869e79e609c51b32de59892fb0446dd28cc164a3e53534c950d26f" + "87fb74e682db2038cde778bde06c3ee2eca2a077d8fcc2b0332e352e0e7e6487444a8ad6" + "0e78ff213b16fda9faf374dc6d27b7a3c4c6d196", + "07e1f8988ad804aae7d09a99be19384cc599e7652c02c391542be74b17b", + "0401fa4751e507740a7345e06a8964022fc6caa901cf0c2077a2c0fb86be8a00683c593a" + "0bcd123d958deb6b430d49d5a2386d44706f4149dc526ad896", + "01d288de55b90dbe72cd8f1f86a3ffbc2902f4b5f0cf4e641d32aec6f20", + "0048d16d87dbf4fb8e994dd874c10d5d16846b9ce2cbd43d09df62ca970", + "0e2ee47f422095d629c188df97e2839fc6239b9e2dc26baf8161b037236" }, + { NID_sect233r1, NID_sha512, + "9b58c145d1b6c887f2b25fb672cd49c3a1117224be697c15182d4048be92968a6500f8bc" + "f747fcf33145c13a8d72e891a6e0c4c7310c2b62f3181bf586fe32f1ecf4feee8c2c8bf6" + "c2bfdf9d5f88981ce080095c93e49a772d8e7b59f9cffccec3ca2f212ef4c6748f64e224" + "f4f098334d83108bf6f8c7b43c5eb549f1526897", + "09b2292b0244c2aabe8b43d95039984d504ebe05eaff318760e4dee739f", + "04012618d89f50b7f83ac470705dbe9ed81beb03929732a3f2aa7a636eaf59015f0f70c8" + "08e053b112a8c32ee422aac2b926c5b6a279a787fddf819990", + "0fb38174a83ceb9236fec8ea39be2b3c77c3dd2cf42d140e27838202d08", + "084941856a387a56022727f81a939d77d12b01dab603ea0cdef6d9cd6c0", + "0bb9fc30595f94d664a590ed4f163e4526809819baf96bbee629ff86bd9" }, + { NID_sect233r1, NID_sha512, + "52310a901fe9681a23dd6e02f12974d57f2c4f653322d9a0ff8b338cc6c2bd9f4765c90c" + "6b3c9fb17df3f492e67d204e39d81a8fdeb92c852a1dcc6151ed6c63049037235c6751c9" + "a902748163a567b714725b4d3995e0edbde03215c645b1a1da3147f7406245432800c50f" + "823a1f991c863427ff4c68e4e16d1b106ee40dd9", + "07ca463b50fdd92d9163f1c2bdfce2ee45ba1437b79162e3e959b814cab", + "04008eeeb146216c73ccff0096e1100008f8b1f3f0c5754c0abc4ed39f7f63018c9228b1" + "1888edd66b2e661284f583a0e8d3c3e922932cd9fc1568f959", + "0025291ec0dc2b0c709c5e69695980564552545c2497636b814aa049ccd", + "098dc98457ce6e69f77123d5d2460ff569786dd60fe07e847ed5bc14da9", + "0cd320afad2a4247fea5b74d78dc3df8967ab3159b4c8b191814d368dc2" }, + { NID_sect233r1, NID_sha512, + "ff419c011601cfaf833067cf28dbe6e935ebeddf8b5111a97f6eebf3bb28376334f329cd" + "877a134b074790a073db766efe018fce666a34650cbac285ae856fb6b3b8b96877282bc1" + "1cd9f9c8e510ed1f69bc2725a44a1d2b35de1edfd8bc9d20c7525ab0bbc27662a7cfc1bb" + "d1e0f4fce5b88411521e3893e027cc8c73acdabd", + "0c3844750f63fe0c2e930bc38fe88522f4e72a2fd0db9778ade20e939b3", + "040075acb00b5999f8b272a15a2cbdf8cb630dc3eeb1e78e58f58e467396f2016711aca4" + "24ca335878d273eca75d804d3f009a1f3628568530ef265eaa", + "0a63e7a20d100f14b8b709f0a6c383166c2151a36dc471f061b0f20dac6", + "04063be9d8e4f0f9afe0c79374c69b36910b5d2b1010e0f4db2e4cd23da", + "06a6eb90659aa79e4a2360ea9ffb99a415175dac6c3efef104bef6fd57e" }, + { NID_sect233r1, NID_sha512, + "05a89c4824c5de66587875011e704bc6e06e991ba8f3aed331cfffe55aa266a08c729f77" + "b8d082dca4d286b2d451ea838d726cc2cf298fddf2d7376714c5e37b64506f353917caec" + "525a1209391449c078c5197a371feade74f8fc8a1a1d67576edfda13c14ad324342fc0b0" + "9277941dc072ec0d39434ff1cb91fc59478fcde7", + "0a3bea235dea86506be4476eb7999dcb8e584a34238c4a894ad6823b93f", + "04014093a072c21c44d1c4beddc5c8dd9a2845db0935bbb4e1c4edb0aee032013286ed58" + "4deb744c9c35d7ae7eb9cad1c7ba2b670642de0399b230716d", + "078eda19f0cced2f84c1a7b354e5a79bec035b8bb279473f32d60f5d17f", + "0964e817f0cdc251eede4157a9bd830c476627c3f27d2931b4f593b0178", + "08dbf34e597ae06ad92b13900a4944e54a5bf0f16f586baad157da6dc96" }, + { NID_sect233r1, NID_sha512, + "13e6b5241365d9d0ef9e8b05cabb3248afd221ec02eab92284b98bda3d9272184bfe5251" + "d35705defba5085381430e99b33a3ab77d7870e5102757d065862372df2434a25556b76e" + "54ebc39d4e6c3aba5cd6acf0c335756f7d9385c1068d4cfa37526a9a58c0ccc7f87a8189" + "176c5d4f201499236058ec061357dcdb5acdba40", + "09a367cd1cffd8dfcca179e167ea437ee48e9b6f42559dda9224701d3f6", + "0401052d751901f6f8e61858d3b15eb59dedd21e4e997531ef65622d5750290112737be6" + "7ec621509d73cd613d7b448035397fa66eb881f90a6d531ea4", + "0d8dd8f1cab623ba6a4e840962fb31de97a4d14aa6dd34dd21154105030", + "0a8276d0f069f34c60b26a55d47df69e4c9ae2981afc59e14b5bfcaa498", + "09351c4b3a06b839eb2e9f450d9c3d15efa45509886ea3f2610ee1dd156" }, + { NID_sect233r1, NID_sha512, + "139a1a5090b97afb8fecfff8745efacf7dcf91a4393a7b629564e598d58d5be39c05c583" + "0d4c8ca85d29e9e2c31ad0447864e867d0ef4788ac734f8d871daebceda98d449308c2af" + "be97724c3af8a468f1925065f39e52ba4b7d15728a744b1252a20476dcfff7bcb82aa72c" + "209e72abb3c24419bc26191390ffed340c1b9c6f", + "046f4ad2522e78b9b35297d28f361fb0ce82306322aedc119251d8241be", + "0400b976c53a966e0834d5f6bc3af10a5f12cb6d16cb2303a3c6cee7d35f2201a1097cb5" + "6662265f4f2f52df375d70af086264752477c34c6af522f1ec", + "06a0d21e5aadcb0c9e3f9fedd2d896b0236dc90e33778fb114e970122bc", + "068063fe0a31b7e7925cf8959c3486985d98f58224d5f67cd0218af192b", + "0f11a22ced98173040062ff9e69d1b2a1b5a939eda0a6944e96fc62fa4a" }, + { NID_sect233r1, NID_sha512, + "3315e5cda5f252e3291b61e493ab919c20a8af1286d9660cfa2f5ca38b6defe19ebecf82" + "0787fe692d04eae8a5f5d37abfb593309569cedf45efd0cecef6951b718924c8380ba52e" + "8ab8c9bfb2261ed5f01cc5a5f9fc5fcdd269a0f122c597afdd9a836cf8f96838c3e8962c" + "1788c3ce4128719b3ef4fc88569643dcad6da16f", + "0ac82137e9c7a5ecfb8b1a7df9ab50732934566a392a6c8915ee8ca8144", + "04000f7f835f8223fa6c49eaf6650e33dc9d09e1d2bb098925d908606570b2006e659ce8" + "623767e8214b076d7588746bfdcbbed59b75bb19477366cc78", + "080655784e3e31c6a498a63d4d84f7e5a353a66641ca17d4e223441bb1d", + "07faf31d1d31ef4edac1c63072350536df84c417e0ef808c6be39617e74", + "089023aeb53ddd3e475d11c53479863739e62dd64348646581012784689" }, + { NID_sect283r1, NID_sha224, + "067f27bbcecbad85277fa3629da11a24b2f19ba1e65a69d827fad430346c9d102e1b4452" + "d04147c8133acc1e268490cd342a54065a1bd6470aabbad42fbddc54a9a76c68aceba397" + "cb350327c5e6f5a6df0b5b5560f04700d536b384dd4b412e74fd1b8f782611e9426bf8ca" + "77b2448d9a9f415bcfee30dda1ccb49737994f2d", + "299ff06e019b5f78a1aec39706b22213abb601bd62b9979bf9bc89fb702e724e3ada994", + "040405030ce5c073702cffd2d273a3799a91ef916fcd35dfadcdcd7111c2315eba8ca4c5" + "e3075988c6602a132fa0541c5fda62617c65cfa17062a1c72b17c975199ca05ab72e5fe9" + "c6", + "2af633ac1aee8993fc951712866d629b43ed4d568afa70287f971e8320fe17b69b34b5d", + "165ce308157f6ed7b5de4e2ffcaf5f7eff6cc2264f9234c61950ad7ac9e9d53b32f5b40", + "06e30c3406781f63d0fc5596331d476da0c038904a0aa181208052dc2ffbdb298568565" }, + { NID_sect283r1, NID_sha224, + "44adcb7e2462247b44c59608cbe228ada574ecb9f6f38baf30e42b589fb9b157bb0560e5" + "a2aa5523b71cc0d7f583b502bec45d9b8352f29ee1842f42a17a5b16136feaa2efa4a0ae" + "306402940ecd6b71e57d1467c98e7960de2a97f88b43487e4f4016af1292381d70c18c7e" + "6eed99a14cdeb5b3caf73688658e4c5b54c81e08", + "09c2804f8cab768248fb3fff8a055b3f4585c00de5c1615a19f9425b9432ea09afba8f2", + "0402570ff62b03a5124f08f752aa71ddc57944cd94197fd286d5a2a107b116d7b8ff1b04" + "21037714d9abe9aa0a9668fce89a3fcd5cf2e4548102a181a777c9b3f1008ac6e8d3a31a" + "2f", + "0dab5ef658ae3e2ce2bc5c88a8b8022a0ca5eb8524815ffae414327e3afaea5fcb8a7cf", + "2d99f82d92c9554722bb793988af0fd0bea776c5608f5939db7c8634eeb24ffd381dbef", + "27ceb1d01ec9a3ec0e74d79e08024359e117488020de6458fbbcad28b173918fc7d129c" }, + { NID_sect283r1, NID_sha224, + "cffee6252c7eb6d91d8fe100a1e62f0ad9f862d78ca2b747a6c17b8c9ea8980dc239b3b6" + "73310e6e7483582399163e39d889abc1a613fe77849ebc09b4f7f4fe0688b8a9869ae918" + "a88294c7ee199be50ee9460db14725ae70b449d0cb48f30e7d817ec02c0cd586119341db" + "a0b74f0279330807cfccc99c8c340b72c1764a45", + "2e625a6bc6d0ce7c06231de827068bdb0abc8ffb57c82b35ee3a0f873b9473905974d34", + "0400458bf39974812a4e0964c31f40083300454104c0d65f22c5688bfff3c256b7ea9589" + "000738dd33e32b9af93ade2dddf4147187a9270543afdfd66a0f2a53d6d3d815ef59795f" + "60", + "0a9388815c528fdadcc5d3b125c7a38db57fa8c163ba795ee00e8e307bf760619e705c9", + "2481571400ecf9dd31dbd9c905fa1006cd5bc7afae759da3312ead8d5a7dd0c25a37ab9", + "13952fa427d348b6347b9e93d4cb2c4cae3429dbea6aafd1e58d5a34805098722b3b8da" }, + { NID_sect283r1, NID_sha224, + "d058ab5dc07228253707ef224897ea0fcd09c3d5cc91fdce9e03c1c59c53fb4596be2ed9" + "29c7455e67ac7f4891aed3eb06ad88f2c4aaaabff045b959f900d1019d706b6052637585" + "1bb891494e99995928e4cd51c9616aa651ec77bd7e398916bb9ed3156391bf7fb1e29181" + "e2b011dae2edaf803607def2ac6b194929a57f45", + "376ac24e1b86f8a55c052d92a0bdc6472fa03acdcdbccbf7c321ec0ccd97aa0a66b4181", + "0407247c755b23bddf944e29348da82495b4f61d02a482c6111d8698cc77e8dda4c341f2" + "0b00f8c199138e1f4f8344facd90ac62d55f3c9a15ba7a672ce40241aa26419af790cf7d" + "d6", + "25d07c7afc5a335c2bd7863c1965a48c12f2687b2a365a7c2700b008ee8a0e8e35a68a1", + "23fc2837a879b79e470305088acf596eb0159edc2008478cc4c3841a1bd66fab34bbb5e", + "0a909b83bf77e74511063366ea1d1308a8a544864783459a60fb2669785ab1af8f4cb06" }, + { NID_sect283r1, NID_sha224, + "c86f2cc7ab5df5cf1a236fd83792769474cef464032800ffe98a44cf29dbfb6f24088160" + "eb31a11a382ff2a49f3e05e983462f5304272f96c0a002b69af3d233aebe867ee63fa466" + "66760a6889d022c18645b491f8d71b6a3b6b4ef058e280cf625198715b64b025bf044944" + "5d3dd7e1f27153926e617bd2c96638345431d1ed", + "2b50a6395fc02b9ac1841323de4520292f913519bc0d6a471aa28021322fc4dbcd7b802", + "040696d5ac4bc40e679524e246210b7bb0f93ccfe7dc506ba87be3fd018f829c93e62ad1" + "d8065953e01d9db8fc5d64516d864a33aa14af023e601d69875ac0f7af92a1e78aff0e47" + "5d", + "0aa25b43329de4e7739fd9134e4f4b3d68a64e55af47a2f6ccf71f518f19059b68d34cc", + "1338a5dda5fa09667604a6a7666b0e54e6b688b98b31c25d037ddf55ee6bee7565dad09", + "00aec025232c16e778f90785ded5348f3d5345b8344b2a762480383777328e0a0b11cb3" }, + { NID_sect283r1, NID_sha224, + "c1328d8d2e5b6ffc850a9600bd6482518ddd9cee3fc9140febb72bcd444b0cd7e8074587" + "d51b62cce4b3d4f34ad3355353fabe363369cf790db2df9fdac3a0ec4757e2dfb3b683ea" + "a3e26531691ce765742e1c0bdc0e1028d347b6085fc459df0989c6a144271454eaffe413" + "cae2ad7c8b2371fd2df1afffe56df727009765a2", + "24e5889722f6c35e18ca47effa9e415b1ba790066a91fb3c9f7b001ce28fc732b09bc23", + "0407d4a57e6aaec6b51dce5408f6a7fbe9ba9d55f5abe2da55fcf015ca25dd74eb61c155" + "6c02123390178b2992059151afb51ac652b364f562c65451eccc65d968e9e7210921c93c" + "9c", + "320d2a7f48cf3583e8d7e712b330d40ddbe4b6c128be5a43d72bf57d4227603762de7f0", + "09806a8e70742c6c4a9ee6f77fe7a36489e1fe8c442ddf9cdcfa61f019ab9b41241d949", + "061fda247ba7c198aa532906bc01d509088d6c2ba0f14ca3ecc5ba36f3595db1df3e64c" }, + { NID_sect283r1, NID_sha224, + "7176b7013ea27e94281977eacb976bb31c753bf80fa09680a29128a6fc15234f79f0e990" + "0aff3217ce9be72c378042c6c34fced0158740073d1a985fa25987fb218002e425868fda" + "5a47de51abfd04de34e2b8634cebfbdc98e80f93d94096193eaa82dc8778fc23f3765c7a" + "cdad94fdaa272df0ff0f28190c10a462ee78ac92", + "056d15b81f40b6378588a5efe43e21b95e18120d514bfdda0e7759a1d0766a8a35ce5ac", + "040306cb78fa576bdd2f43cf7b71d7e66a98b850d87ac087dd2e1ff62596a2e8d4cfff13" + "4403b1e3b12db842e00c2faef04d3e39cdb71546e4e3ecf21eacb6131c3501fa30edcc0b" + "70", + "1e8969d6cad41a40d8306d2a8db3290d547106eb59f661e0d0eeb163044a92aee4483fc", + "06786637c3bd5a95eba5ce015f151d99845255175ebb9e593d912c75cc45723612c4ed5", + "384471c17c45ddcf62b588993835bb913be88f7a8e46e52e211972ffb3b7768410bcb7a" }, + { NID_sect283r1, NID_sha224, + "4c3642ba040a9955b9d50dcd1c936688c17c363854358afa8ca49c6abd906dfdc4d89bb4" + "cab0bbc363fb5b74e1f004d4b09ec9dfeed4c0bfb482a9061a1f487a3d79195ff7b65a05" + "04bced3a28db0ebe8fcf8ab1ee4a3ae91324d15d890ac4c479144dd5538d2e36d3a58776" + "9ee9cd2d5c6f85a03362a022fe0efc4a3902b71a", + "12fb2fb5bf5f7e42a500154823a174ba2d05af71e3b0cf47fab46e673ea1822f1563def", + "0402414d172d74a6281169835d18bfaae91f1f1cdfa9ed451884466e63160ecdd4a2c790" + "6f02d892bb19b47a4fd9d851d3b101ba99acf6d11345596635cedd5d7557427a2896a913" + "c9", + "20786f42d77195bea5761f86dbed8b452f858b447d2f3775ba2a4865d738122363b50e3", + "334507412368f08bd0992a5d56581ea7139e8adc88abe4bd80dfeefdc7a37a481b18609", + "0fd8404df06a02618cdbf6c28610d5dfac9907635d9e5f2887f11a7f18cb8b7ac95b5d5" }, + { NID_sect283r1, NID_sha224, + "e471f39c18b081362adc7da47dec254dab8d765f005ac574640d78c14222639245563912" + "d942f3be212ee3cef134407334c8fe3602fa0e1629de5331643d76715dc1b0ffcebd484d" + "86c5211be4b285a31688b205fa988e6c15b36daf396ccdcc209c7dde2a732f5c31c84c7e" + "a041408ebf15e56632583af0131bd7f531b5fc45", + "30096c54fd480647e017f8cdbbdef292e799f054e3279d228b09816a757566a744a8266", + "0402d4b28fec18cd888017fd5a27a375131bec3aa7195c0a4f255eeb3616437079e356a6" + "cc027c607dcf0b068418eaa7de8da6f9707650e8d95aec571f7ec794415fc175061b4515" + "19", + "36880905a376faa594978713c2de1a90c8e27baee65bc60b1fa6508fab5abf843f66ecf", + "295193f1c64181bdf749987bbc8ff2a188126131f8f932bb8ca952ffa201f109762e18a", + "381c496b4035bba880225dcfe74fcf101103e38f9518d9427c74a5ec86ebf8f7183694e" }, + { NID_sect283r1, NID_sha224, + "8a93fe53e83075c4025228540af7e96a588520da34e3eadeb99a4ab2f3dbbb8f85fe63a3" + "b86c1f4ec912e665ca05b43e869985eae3791b91205afb1380e16c25b74e6793fa63e4a5" + "5dcf25dc22d03f09deddeb9042b620434111afe08c5657c7d754af66ad91a1b5423301b1" + "e8e6389a1404060d1b6a99fe0f89598482979e42", + "0a1b7e9c8c2dc25b494b5ef3195b294e41cd3c2c35235ab42542bd3e2a52d5826662bf9", + "0406232063dbb66a56e2a92dbdfd9b3c136eade9c214d831691d9b49c56a3962d20f14b8" + "a901b47b85bc223fde1918abf6308b74dff7f3e686af9c9d7a1855a1b77984d258c1f9ae" + "da", + "29b4221eebe151fe758218138535d81182c991c3b7fed93f9a6117e98c1c2f97e546937", + "1f8040fad671e2f32a1094413ee955ea5426bc906b8e034d87d7408e63db173b05afbfa", + "22a353c431a9e9315ff69facfa4e15f6e6ee1be2750472823db31b49b17fc759e6b94db" }, + { NID_sect283r1, NID_sha224, + "e193a8ef6f454ca1aed38bb67aca6d08280d421b196d89938c0582b7cde74dafd71716f3" + "818940af412d4a7ff3960a8517aee108ae03576b68ee7557d35e6f1ab823d124de7243dd" + "02b542591f62c80d822608572889573e4c9dc62f99d68e07800da6f83cb6f5e03d1f2ac1" + "5f90e38b4f25e0a75e354e4b60cc81c0bbe81d39", + "059b1a8fb84530bba7a607ee88310e31bc6ea6a6881603567a1081a05a3a9ff87e719ef", + "0400b9a71aa3cb4cff37586b1e522b0e332ad5962eec3dfeffcef3851976baadf611ae52" + "2606b1bf0b43b406b5edc6782fd391d9fb070fa3570d3cd5b2b66d7a95dbc45ccb162617" + "2c", + "00a77307da9845ec4572a24c9e74a17b76b6393da87a9d7b1b8456235473ff39d243ec7", + "36721835be490b5ffc4a42bee3c6d231417f7038c367efd9ecaf7fb3618ae8492906de0", + "237833bcc3e4a721e2079e579d1aaf2519c01cc238056fe0c0990dac7fe50e75eaf6f96" }, + { NID_sect283r1, NID_sha224, + "8a99b9db191f6cabc88b430bc2293e6774d5180f019d871839289e25aec29379f14606e7" + "42190b7aa062e3b29fe0254146d9614856c5140c7315015abb98ac00da2c7e33cbcc82c2" + "4b797366f12767322c4381454d9d1eeaedb616b0ea5c66d1422da459f18081f4f966d05c" + "e279c6ee69b1bf94b8388d38d4b770d9ed69025f", + "30ddc2c7a4ce300cc2b75f0f977033f16c1f8bb13aae3d494c381f9a6dc8622499ae4df", + "04047bdfd7c77ae0c53e327c15c30d90ab1c9b670fe2241dc0ffa939fec3cf6d3c1f493f" + "3a06a286aa2310a4d0468b62f3144a9da2e66d15bf86f60045824278e8986ff87a276119" + "20", + "38afc3d11c66eba3441a5ea298fa593eec57b84ea29973c306ac9d46bb8d8e2f4c8b049", + "06c830f6c0be99fea4712f1c75f5a4e439800dcf062a16d93135c3255d3cd04bef5bc7b", + "1eddfda0d0e02d382ae243e604f76939dc21f3ce106243b2d20aa562b78e620fb456428" }, + { NID_sect283r1, NID_sha224, + "5c437b331831530aa94623b1736f00b986172699f0a02a5e5df0008bf25341787e2e6604" + "6f2c929dfe0058c3cb89fc5bebbe1025bb1edd1ee31522ed568e7b5b4ca3991afdc76a68" + "cbc2c4f81863e27fdaf6a564fab2c6354e5c657de81390f8a4132669fd24a48580c716b5" + "b7961a9c091f614d11cf45dfdaec8946a54a11d8", + "07899928922fbfdb5407517725edf231d15a8b62d90b7fb6d8c8d20424850dc44f797ed", + "040614257f54514cf37df2cd78850658a85ee362764ab8186423aa0f9a1ff486557f8f16" + "7f03ceae9d1370df045d20f576931ca63bdba8885f463d5c82e5edca5116ed3d2c2b0c48" + "61", + "3395493478e69e6e1088166f622a4f9ec7feb998aa552b54bcf0fc67c06079f45a14993", + "3f31ad171dd59c9deb21851e631f223584b17f72a6807d5239ae31373512def954d5ebe", + "28f095ae43ba5bdd899573ce6823eccd8e127c6c03cb59dff43c087ca24e1ce5504d1ed" }, + { NID_sect283r1, NID_sha224, + "91aa08567d8da4c90684dc06068f69deae240212842ff1786f04ec41b40d9187aa92c764" + "01f9fcedced62876a34df82ad7c1e63b68bb2a972257ea8542bda6a7f1a020c9b122943b" + "6d651abda8b8d322a8fb762eee376daa2d3637a71ed6c4f5cf96f61c0da2d6e1dda3370d" + "80e51da2cbd8aef3267168c67359523faf910dfb", + "2a2af63d1171930758bd3e5bfdac62cca1a83a3b55a49b3f80cf0d9ee4b2082757beac0", + "0407dd6fd0868ec478e7e5c08965fa4f1efe8db4d0c04f0b6c63b5dfa397607a0d9d5ce9" + "09054ff4fba9058179a2c61951fb4955cb637b01267f8f08b3aad614738c562f602d498f" + "04", + "179482dddd033e8849abfd4991304137044d7433d7bf858a794340ea1cd66e736b821fb", + "071f4cb000ca1c51c698c867a78961e6d7defbd60109f79d1d165ed045a653ddebabd10", + "1e2975f4a1fce0b3b0e13c3f50005fa664ee9319cf774d2e107c406d36158bcecb0e5bc" }, + { NID_sect283r1, NID_sha224, + "eb5297bf408c1a55e400a20a3c10acbc5c2bc6d6ccfcc0941fb7a6fd4d2834415a6df86c" + "3a6c4b867d1215aeb8222153da8cbbb1576c92c07ca2c36d8f243fd911f9a057e39ee258" + "32454e28d7ed52a8d04169b9b9677a16b32d5d211b8573a8986e9bf36d7206417ad2771d" + "aa11bc21fd7ee1029b65ff7c9b2705a6dc9cf9cb", + "35994e89e13916ad82608f74a639e6aceb756ff913aec440519946d6434af9a60a6af49", + "0401f7805dfc9f90d4f8a1b241dc9d68aa41cb77b63d530cb3733cede23bb87ee5118e5b" + "be01c3f1aa3a1218de78a94ee8f88d3f787fdc68674e31792d919dbca681a6db1dabe89b" + "61", + "2116684a4307c67a3d8c1014b33b928a962a8daf86c4031b0c1d47315d74bad7dab2aad", + "33cab952e9382dc074d666f1f2ab2bd72ba394a404ce2fd02a6f7a4dc096d713827c94b", + "33b2886738d882146c0cd715701fe4e8b94b0d28c73a6b79d2899391119ba910bcbe3be" }, + { NID_sect283r1, NID_sha256, + "f415d0adcd533dd8318b94560f86732c262ad2c6dff9dc83e2435543f429a2158cd2fbab" + "0d96c027f71008c4895ecc644c2ceaefa80937f6cc6338d15d36e459a16bd9387a361a6d" + "800acfd834ad5aecf442e30b70f5bfa164747cf9f89325b80976052a83a5e896c00c54f8" + "1472b14329cf23bec10a8e693005de2a506ba83d", + "29639da33f48e4fb0d9efdf50bba550e739f0d2476385cba09d926e789191b6fb0a73ff", + "040770f9693777e261db9c700eb1af0b9e9d837ce5eabd8ed7864580bfb7672ced8ffca5" + "98068aef01c8126889204aaca8f3ccb089596f85e2aca773634bc5775ee4d27c77f2af83" + "e7", + "32a930fdb1ba2338554a252d1bf7f0169d18750a4ec4878d2968c5e735f98b9d0c25edb", + "30cd65f1097d3fa0d05e1d6072675f1377a883b683c54b8a1f4960f90d68f3ee8c7bd98", + "15c61ddf43386a2b8cf557760200ac06a480797e21c92e45e6a311e1a508b03c4d9632e" }, + { NID_sect283r1, NID_sha256, + "b178d86c9335b85e02178fc4551769db589ab91d823fac219c7e14e2f029753b20396238" + "9476723832f8d9631dd7764e6dd35da290afa42a794476f5c7727b3688aced848dabc995" + "4201578cc7b25801710931f45cba1199d3788d64dc0188412e70723fb25b8ecb67183581" + "50c4037b5b81466dac1686cb5270bb1c72d34bb1", + "0583a7ecbf2a975a32d07428d27ac82e5dc13d1466c4fdfc1e6a05a8d9a289f1010617d", + "0403775ec793ee4bff15027c70d9bb5dedfb7d2e41af8895faddddd4589cc5a00bd222b3" + "bb0300f7cd572d82f2f0a2d99a83977ed2034e03fdd76a0267455a524bd8199424ae5b81" + "ca", + "1e58b1f66c927f4ae16143856d67193d889debdac8eb03936f1b36d550c2f2639e13f8f", + "0f897dbc8ea12f4370fcd08e8700e5e4c68dff97495f401d01b782f2ebbe259bc0dcf25", + "3c32424fdcca39f411663284658b8f0c1f950f0cea4354f02f4b359f18e3fefac0976e1" }, + { NID_sect283r1, NID_sha256, + "c8bfe9fa7c848531aa2762d48c153cd091100858aa0d79f994fd0e31b495ec662209a9c8" + "761cd1d40c3d8c4262cf4dc83c4a2549a5cd477726ab6268b4b94a78b1c4a7e700812872" + "d7f41912a723dd9abc305420ea1e1fb1fee41bf643f3a24abd6e8fbf6fde2475e2905277" + "24a6f99fd75374bf7cb01b34d3e60d8db33c4de1", + "0f817ab1b49131fb9bbe8c112c25a36f064efa85de7506fb9cd29d81b326bf276277f7f", + "0402b3a06e07fce1848494d3227ff77d1c43f4ec3c037ad73ffebfebeeae87d3bff7f7e5" + "9a075df52e6a34229266ff28b1c217538ae23b3912e4bae8de5cad9b57b7c1c9ca8aabb2" + "e8", + "0ac57fbb899193b88fbf4ff2c502af72943b133e8d40459a833275212f6644f566f5c58", + "3e13307d5fc2b7ad24e9422355150578c78e1c99a6f9a24f9ca2e8bc6856936c5c4af2d", + "05e8b77b580cdacc2660e6f8a1877d93c5983d135d63ca0e0b06aa8daedf855c9f661fa" }, + { NID_sect283r1, NID_sha256, + "9a5f563d0f9fd1f31f3a822de628ae970954f4e71292492d727109036491c29e66b9b0f2" + "c90c26abe94c08502f5e923a9ddaf6a7d91e9541ce90d0a49f03ce4e4769753d5b7d922e" + "1ceaac4b4cfa4262732a09550aa076b8ff9d46a50fa17de17e3b6bd606698464d116fcd5" + "f1ae11bf45b0c48d3b738427cb47b0d1272b03cc", + "2782af76ffebf3e2bfc0576b70e4f4bb87c762e2bb230d278ce776310a14f5b678f29af", + "04000dc21b3be7efaba5c7f9f22591327f0f97083d4d844415d3148d227931256d026ec9" + "d401276f1d9e131f13bb129a1192fa24602fb508c9679ad2124e49c70a891777cd601955" + "fe", + "0255972b5329863f380de945574793beb0430dc416a8f2543330a125ce8d69f72dbdddf", + "25bcb54e188aef6e362a62fd88daaacc8e697dceadc8a6b6f804ce4a36856c8da6de97b", + "1e12e18e1e281606c16ed1f49804f8cfb33c29b0ae92c072d5c41ee3e6836cf1813d722" }, + { NID_sect283r1, NID_sha256, + "3d6b065721da9de82cb33ec2c27107eb399b1e69ac8fa51145ed4147e20d72e27434104e" + "76af988a3bc94f55e36677a05182fe2376dbe38195fc6a30673a4dca87336c7304f3f31d" + "49216fbdfea00fd1e105d8b0c13ab11f8892e0045e915c17dfaab07b24ed21b06af5a8ca" + "d4f45fbee5a25bb6e87466a7bc422c0bb896440b", + "31b827b88f14d3822244809096157df3c0aa99da90c00cd9f0b18dfe306f6881834e6b6", + "0407b3ed076a2901ab2625bf05fa6db10a8c156412fd2d26741738f5eeb6a91891575269" + "4606a8cc2061352c36f264d23dc2857fbe02af34397ae5130c582e885f50f2c112f141c0" + "7f", + "0b36f5d6da409c4a27f38ff9686cbf5f4714f4e17234fbee6e6deec97c9f0d4c585d42d", + "356911114c9ff9ae4f3a4fcc5379c987b9d298554cdd39ce124f04707e7fd1ea25231e9", + "13c0a321c4c5a1e89dacddae38a9b3dda32a20627e53dcdf28ee26a550797c255eefe6c" }, + { NID_sect283r1, NID_sha256, + "d125f0e2e6135567adec9e77da2afc6862e28d618416632ced829d14ee8b61116da59dfb" + "44098a40a0b927731125617e3d2f32cfbd1546a6e758c1ab6597e75db07add52ecb61d37" + "da2e9ed04df95b36ac249f4cbd794cb561655cbbe4b34834c497b3d392d78ed0db8db683" + "aff0076fb6e43acba3fa2b91210cc6cf3fa594b0", + "27da4916f1c471cff80bfa14d12aa10270fc3b26caed010c0111f6e5a40d914a3927763", + "0407d8202c88fb915446c521884fb756375a2b8d178f6a87306c1c8b67b926e830c8285c" + "150224dcebb8a7c46902532870ff855c780b2884dbce2956cd34dd6ffef8dc365b967534" + "49", + "3fcb1e759418e4539f9be76354cc1914ccf9a111338890eef723431925fa132ebad8695", + "0d4d4f23408db58a72495aaec6dc335ce85309fedccb6ade053c23347abdc9e77a81aa1", + "129b6b322573dcc79704d08921cb54f31c571573da78cb09d0aab40c4036ee8f195d88a" }, + { NID_sect283r1, NID_sha256, + "b380f97687ba24d617a42df1b14e5506edc4b62dfec35ed9fd886bb769832cec7f9adae1" + "0c21b7cd9152588797b4efc6b2b30a873d3f25e683ea9be070dd69731949a51121e534fa" + "bfa3a2eae0ee90a454182248bedf2595cd47ad08614177d58f7a773f5023b538f5f56868" + "2c83fb60e3fb1aa859948d01bf7b214e7f2dc719", + "10608eb51dc0ee97d6e488a23c582ecf0ea1df9a24db77094d87b3fb6ca98507280a934", + "040399b3e571caecdfa1efb243323159a45618702600b870954cd614e494bccd70e381f6" + "8a02e2fc57721a500611badf48fb435a6e399cea356d281e853f55ef2cf9fc5f70dc8b3d" + "a2", + "0a8045b4f55115dedd8d742545f9f2bd6e5ab81cdbd318747aebfe9f74b0cbc964b6040", + "2d022631bb7e05d316a1b130faaca5af5eac67dd25ad609e6e2a067ff74fd4ba534db2b", + "04595f184068433962d250394680701fbd2e2bd613a47e5de68fa1eb83cb08fb425571f" }, + { NID_sect283r1, NID_sha256, + "3f9ec57e4228e1a6ec49df02c58d756515305e48763ba1dc67298be9a1548576c28c82b4" + "e9b3f62357d9b3c522b16d5c496a39effbdc8290edd2cadc0019e6b9fae1e61238b13b62" + "65ad2ff413a5a0684babdb0013e7632051455e6fd943815213c555dba96cba8911e006bf" + "ddec6c3353065004538f37e48df9e339498d85c6", + "123f9eb8babed548df08cc3afc1d3b3bbed52b538d4654f2088fe76062fbea75b85a560", + "0403b2e980ae7a847394720a9cb982fc1e41f9381b0f2e08b87fdff1bf891b9637cb2248" + "5e04a367d593edfaa4e17113b6b1ea3ad185b3155b1bcbd9f00f4482e509b43bf7eb67a4" + "48", + "2adaba166d703d4d2d431a26200acea7fb47216fd04882f91c5730a55c349770d58a452", + "2c83e6a7b4fd48e1ba4fda8ed7891425213764078926d8862d0eb64765ee2900b3deccd", + "3561a949d583b7de9263d07ac427bc175b75dc52f43f3ebedf996218c94e51684ed5f9f" }, + { NID_sect283r1, NID_sha256, + "bdbd7b7bf3337bd9d21a3c6db379f95408c17e49dd394e94737ceae889f45dc0ff5d48ca" + "dc53703a16b5589939506b548f8dfd34c577c084f372166cbea320c8fd07c809b211e074" + "9ea639e68f890affa1569b66bd763c7c710989e491011371eb1d93ed9479ff0216b7f79c" + "901a2023e2cf80b565d1c0517e73117190cd2f02", + "06a18e626452111922e02e31d662f4301319946a204ae8a34f06b91dd1b5b96456365e3", + "04077c1fbe6a645b85fa0316ae412e8dc558c7c066d9aba900650749eb7b14a149ee57a2" + "5901b2f3002ff4936653412c8ccb8a67dcae18d78dcf6dcaaa75061013d2134af2c3fa0e" + "69", + "21bf4ca10d03a93d4675baa26285aaa554836bd0bab6e7fe42600ffe9137d5e304847e1", + "20702aa5b5cb45cbe8025b4ddda0a42a1ab746117d45382d018b2055b62791ad91abf54", + "12c31f9bdc096236d3ec46c4e6cdbcea47e4fba0e28d4df0fbc19e8740ce6dc0577b242" }, + { NID_sect283r1, NID_sha256, + "436b288512ea57bc24f84fdd117da9dc1858bae8c11637f99295d88fa9d05e3c053a2584" + "a6fe200ad190b3077d9a1608f660349dda405066c1562f6897ef69b6b674d6bc11fa470d" + "0b96a7cf8f6e098c9ac03b0ef415aa045867ac7c11d16cee78ecf08850ccabf70f761682" + "b561d0d0e4a889d840dc74932648ca2fb58259f7", + "3307fd717015b12a2dc76ada21442ac1d97519f66898b214c2ea317ab0f0905e819e4e9", + "0404ff9b8d60ed177df635a3953c0f5f5c0254224bc48d34329136706d6e8fa1b16ba091" + "6a02e50ef73f43ea9a5ad07c6bd68a82b7239534e195ee929aae7788c073dbe9e968c282" + "8b", + "14d8339f610b348f4639ac20dfe2b525517218f0c71b1908d407603b25f19971a1b5b4d", + "2acf3dc4e3569e5038fe97920de626ddb36bf213afa0f939785dec8319eb8321234c574", + "01db40fa416527266a3949211fd9fec158412c447c392ed6a7c7f159a1129da864d33be" }, + { NID_sect283r1, NID_sha256, + "672faa156dc188bf16bf8933d65e091c633f294486049ce96a4a403dca28a149f4f840e8" + "bef47412285363e9e89006614b013a41baad9885f1d9980cc897ffbd5f8a7d0e63feaeb4" + "2c07776efb307ed680ba1cebf470dd9bd8a2a9efc2b1daa569524394f9a50398add1a5bd" + "2f7c263f9e63c2d49461acf98444fd23341ce78d", + "14f9f412e3c7d770626e800d43cfcbba3ae6aec8563af748e8a97b67d244334b6e6d2b3", + "0402293b37c84e7514564635e517bbdb9bda0b4a41217ca64c38e94a4bd00753255b4cc3" + "890088c10bd909964ecfe10c373214544c6f60ab85b8f5545afb0fd2ac03d036db7ea9e6" + "7a", + "19b21a4d73012dd2a2ec3ee280a9b855b89e6ad53438431cdb5d2cec0e5ba21300e9bd6", + "3baaac69d182bf1a12a024dbc9a52ba244a654716e2756c36ddf8ca634129cf9d2b23b2", + "13ed92730d0a6d75f2a4a56b39f82d063e1be988dc58f0ba5f553fa88b6510116005727" }, + { NID_sect283r1, NID_sha256, + "4321334cc8ee44f1cb392a4b280a95561809dd3639ddf43b6e11cb73067597988d95b864" + "3d86c76c3c6b932d9262b9b8b55a04fba0666dd8b8ff1e8fdf799ae3945b6e30d3af3966" + "f1a6d634d5e012710d66cb447fc3375130968a2e1e647780aada2609d87247c90338dd71" + "c3bcc3902311caba27d5d4ea4d73ccea960d4bfa", + "3091a6a8bdac1e43542dce752694972e734dca31c061c7d1000754296d0748055db3f09", + "0405c0761d01020a30c478617313c67008a1332a0e6f295c5a9f01b3411eef585a9dafc6" + "9300eadfc6f7bb9986b0dd221b77b54287042ae8d1ae5788706b79a354fe785c66145bfe" + "81", + "0afb2e2e29b26a686368b127e38c2f5726fd55a13e9f87cf00e831d3fe19d9511d07e81", + "2685f634a8c16ee79acf62b7a1fb3acaec0db47c6ff5f2c97a804e9550494b128b2287b", + "12b545bd76b8d2cdfc5452291d5e4748a5e981c400daeb65c20812a65bbe936bc613219" }, + { NID_sect283r1, NID_sha256, + "2087e22094570d39fa937f15a3ef0601709a66666344186a33b487d041793fbb9709a95a" + "f250b1df0762ea98e911aeb3ff1fa19f0aca53fd4179e454e0e91636e55cc5b17cad9e15" + "75c82ad265dc34c4a66b7a31ecb9ef9dc756f2ac1d9dab35369a6bad4a0f47e629daab91" + "addc6d297d1e5d81477b3966d8c3b607ed194d88", + "1195921b91353db9bcd00510efffe009c94f6bd8d790f5fb3e5a0101c9ca5d21c6ef2eb", + "0405dd8aa95e24c054d508bc5081546677b9a8e8dad40d3f8a184af7cf07cdb09ffa2e04" + "9805032f208dc3bbad6aaab63211e13e17656c750c6c2a6e3caaf55a7c30ae5ba241d864" + "1b", + "3223c6439db7255e89c28aeb046e906ba79f4e9b8222ba5ec201b964d3666301f74967b", + "0fb7e194dae6420ac447e7d4f882da3c4859f53a948833a0a08f918acbe03c2e915d1eb", + "2336f1206b46b3166b28918bdc1c817b22ab16b355030cfd635ab3dade20d2dbde08b6a" }, + { NID_sect283r1, NID_sha256, + "15c7bca449a73b03bbfa783f5a91ca0b7916889a5d99d541e2e8593c3b176a5b634ba20b" + "34407fbd94ae1c1398f5313cab7402f3bcd7ad277a8c66d09a6df5dd086b20a0a3823fbb" + "b80980cd86bd13e527eee15656cc977103e80113539e26695addd9eef6a1f56986168d9a" + "53f8b5de833f8962c3826cca106ae9e8c00208d2", + "29dc20446e9abacb43823e12a83737b46e6e577466b5a3925e0f9d496824dadb4d4b50c", + "0404b3c1d41d8172ba15fc92d9586f29716821ea82274ac8e4fb3452ccca3e34925f1e73" + "6c023e22cec962d759bc659841f259de954911aa289e9994bd76a30149a73711bc41b299" + "04", + "0931ef56f08c379d1ddce0649f45ec21eccf3dcfa178616f45b200a06f82172b91bffe1", + "178348d533217543af694c8d3cee8177e22740b657bc6ce6df9e57f0c1f14fc9407c440", + "3eb25dc4ed42495b54679653ab1cd4d61c854207994a7318026afdfd44c89cda9247388" }, + { NID_sect283r1, NID_sha256, + "d12fbb82ee7a57eaf76b63fd6bc6c0a65c85f135f019d43ff7bc295cad15d53729d904fe" + "d63d69d3ffe8b82c0ebaf0399e2717ece40e011f710b5db46aa457c23b85545953398b81" + "4816a1e7a8ab5b0b14c4a0451b0bda9d0d2ec4a374bcaae208b7fe8056bfa17d6b7ffd4b" + "a2e9179f49b9cd781b0c06f6ce3eec26cd428cb6", + "3b9b77d19a42e9a555da8ab70aa5638890b2ed21daefa28ca6323fc658662dabcbfaf52", + "040632fdf8ebbb755c960ebf8fa5d6b679416e488faeeb021c0782352279a7ae00eed330" + "94041aa517eff6854ba04e2de6794848823e53ca580353f2b25e45fd4efd3a369cf80fbe" + "57", + "2450beeca6f1ebac3e82e3aa3239a5031f54ffe65fa6a45e2bf2ccbda448a2cf6988141", + "28664212774e23b6513f73a9b2da97f5eeafd10efe742e314f6913a6d0c0e3e581cc6cb", + "025bc733edffbc1330689e7aee0dc121b64a72dff19e1d7c5990206d6daae5bae75d0b9" }, + { NID_sect283r1, NID_sha384, + "eab0a37915c6b43b0d1e3ef92e6317b3afc8b8301b22f6059da8271fc5fe0e419ca6097d" + "aba213915855631af64e10d8382d70599d903d1535e25cbf74da3a12ba2f13c33a8562e0" + "db03edce791f1d39af8850fd1feff0eb25f9ad0a86dfab627b96e65831bffc5f6d9693d2" + "0493bc9dd6eb3e9325dea50b055768e8aa30d49c", + "0b9f8f3e89e9c1ef835390612bfe26d714e878c1c864f0a50190e5d2281081c5083923b", + "040542ea231974c079be966cf320073b0c045a2181698ae0d36a90f206ce37fa10fb9051" + "8607e6eccfe1303e218b26a9f008b8b7d0c755b3c6e0892a5f572cdc16897dcf18433f9a" + "10", + "31789e96e2ae53de7a7dbc3e46e9252015306d88af6bd62508554f89bb390a78fdbaf6b", + "0fba3bd1953a9c4cf7ce37b0cd32c0f4da0396c9f347ee2dba18d636f5c3ab058907e3e", + "15d1c9f7302731f8fcdc363ed2285be492cc03dd642335139ba71fbf962991bc7e45369" }, + { NID_sect283r1, NID_sha384, + "fdb93afd5dd1e3eaf72c7ea9a6cddb07fc2054499ffe152cb2870163eee71ace5bd420b8" + "98cb4fa80ea53fbbaece2a1eef6427b632320e9c97e38acb16b62fdbf6585b54fabf0a70" + "3307ca50f86387bed1815a05b0c8991e0743d10cdf49c8facfd7ddeb8d4a7b706b5a29e1" + "d00ac88b0ee88b3153185495ac8388cc70104154", + "3a30a1c15b9ed71e102341f97c223a9b5ea3e6a335861c3cf407ef691a18cc639dbe74c", + "04040937b263c87461eb5d409008255d4e14c54d7a86d6e3eaf2ad9c559f7a6b9d258254" + "2b07562e3a04f22ad37a1df0250215c163b45a6bd04a4b96c30fe2e2b7ded5486b172ef0" + "9d", + "13e745c76b33e6e91f47f8423653b0056014841f4df890121655ac2044f3a6d58b9e213", + "22467497bf1b5d29476f24aaf5f88d905be7900406c64033913fc88601c62063a924456", + "19cb024c7d6be51d15337a207e66fb0e473956932faf6d755393dd5a899bf63610ff887" }, + { NID_sect283r1, NID_sha384, + "c78e35d1a5b1bbb0ec21e7ba7b7c74c859d88f3e100e40ae34128cf093885dae4e87cd09" + "f3239dd8e79e25305220880dd352a650225d9bd193b9b84e488c458b0b5fde1af941c0c9" + "fdf952d2fa41f665918dccae27ab7923da4710f8c27ac8ed424992568dd6f0a6c3ecead2" + "1650ed162e0292104eef3c2d8551be866a88d279", + "083330123cc64c11888c1fd388629d0b329a50ef31a476b909a182c930ff02d0c389b93", + "0402e3a3e712676bede22893a8911ad6a683306e86487d24585bd6fe4f2657281f0bae2d" + "c80773889a95e9bd579be379fbf84dc8d26d47335253356e5b01c09eb8ed57474d6c0b04" + "91", + "0d630f20623e93c274239200393cc552d03da6bb9e74f4a44a518e2642e84e761dff7a9", + "27b8997fb98ad04488f5dc8ae5dc88b2a3231fca76d7320550c74cc540110c0cee5d8fc", + "1824f1050e85d527847faff236b7195965e7b93343ebac889b23425dc27226d50a5266c" }, + { NID_sect283r1, NID_sha384, + "e05435f695997229cce314e50065f3c5f71981988dddccaae6efb81f936b22cb48813f50" + "6d1edf5ebd69b0be34f278592c5935f0f6db0cca1ef9d62834fbf3c4c03f4da0596cb4d6" + "7b7b767e85dde7b7c6fbef7d89babe6f97b876b33594a9e36ab87079861ee556fb03274a" + "d4af527342a4794192b8933f28c6220f954c77de", + "1dc2b656c207eabc9e0d6272099babca8d149c9c4258b779c2f06de75f76d77505271c0", + "0402b03407b65809825a32ab50f1b556a65c3bbbd65cfcec898514637ce606182517fa1a" + "4d021c97e293ec74dee17c89b962356b7bd50c7b23fcc30ec7fdd0a629d11373e28380a8" + "c8", + "2d0dc9317a2af5a7d0a23c00d126b7fae4c06bda0a5c50462ba26bddf575adb091d0e50", + "211c396875b5dc71ba87ff2483b0ffbff60cc3656132fda7422a81964f1bfbcb5ecca23", + "0a0ed7bf1ca853b9b19924c706eff373b97585b692b4b535ad71cc4362073caf8f61a3f" }, + { NID_sect283r1, NID_sha384, + "0f9f36477076c4b5a7d1ceb314a397fb14646695b0803e36e98908c8a978770269f165a1" + "fed8f4b655d4efd6ad283d7f5d51b6e1e302d360e8ebf4e887c7523a757ffd55384e114b" + "bfc6b7a0ec8511079507b919065ca018573418f9e394854c5704227772161707b4d0246e" + "bceb91192f0eb2ea994ce61fd98a6d14cc8246c5", + "0081772348ff2d7a3fd57fe703555ab2e14f5d203c4cf0292f944e827e884d95f3b1d83", + "0403f7174e88ffa8bc0a770fffa4bc30a436fce331dbe7154f6e2fc0cdd09e76840f089b" + "3f0561e6aa3feffb2033ea716ae94b9a7402bccfed1fc4a137cb96fcdfe4685314f73a8b" + "b5", + "3a8c40754ef7ddd0e289b2cdac5e06c72dc3d6ae9d0351d9295aedfd6f0e88809674bae", + "1443b46c0e6bce31642dcf3037e25b6ba2b42daa9a83f5c0bbfb2487ce717c37b91f46b", + "3f59d5a925fe19c795b4992c265a3c61b2452237eb34efb9aba30208ce07d1ad47e2279" }, + { NID_sect283r1, NID_sha384, + "1d38b1c342b6611dbaf412a66c1c0b8397692755f576df33b31c2bd12b7f0707cc423376" + "391f7b00aa4e7b7fe54532e2b39c3c5284b9c8ccce48eaf9308ed338992f1d4ecde6cbe3" + "52e46339d7d602942158387881d9b493fd40cc59d4f9b53ee4191d42352c6f7bf32c331f" + "0c5afbd44a92901a4b713c7cf6ccddf7de4cc6e4", + "1eb6bf2ca1b5ffe6f6a795733eaeed12de6e87c53571e702635b9dbd0d96b47df4a005b", + "0400e64dbc1a08acf6ff0e820593cad79a46e3bd818ddef5ca0960fde799abacc7b840ed" + "db06115d3de2bdd011ad053550471368581a5f125eb0d32090646fe4407980a42988e551" + "aa", + "3b28fc6d0e4a7fc449b811b78900fb9f89885f4d4f70cb5a2b3d4f8ab87bd5448f4bfd2", + "2601923909c8c953087b0c0acda57d8c01f814dc9722171d8409d0acd2fa4d9c1314693", + "3eb316cacba93bd473a4b4acae4f2b5a5b2ac9856519032e63a0c718698956e8f35673b" }, + { NID_sect283r1, NID_sha384, + "3353ad05ef90e9762bcfedd6ef44a1e8ea0392ebef30cffd48ae620f3e567e1cd44882d5" + "14e7c6759200d4bcab18afd3038c3d3f8c50f7bba32a04eee5a4b1cfb8c349939e4efe0a" + "46fd047d02ed000d8fa1b98b0af5586f120d9ad174b3aea33905b979ece1eb3660b1e070" + "c8821b32df41904ad68bbd8ed247aabd94066f16", + "3b2a3e65e5a306bf8e3955b60e856dfa9bf68c1275a678ca056207a0ec67c96eb3f8309", + "0402c542cef892b06372af7d9c321ed5309995c1cbbf1a466e70bd30f3856ab7c5d18f4e" + "3d02a8acdc12a7cc0b54f4dec9cf61c484a5cf86c4cf6cb5ed615479123ef1c6ecbb6c7a" + "e4", + "09bb5e49188621466440a0841b007525000c2203d9821f4c6afab63ac2b97cb5e2e3dcf", + "00a09da1c4bedff47945898f4f4ee9a0857bb56be535544aff9d729ae44e23d678fc71f", + "2390be08ba0861b32ca35ba27a0c8dd1a4e96d28cb007133a096b52afa0126bf2a2abee" }, + { NID_sect283r1, NID_sha384, + "e7ec162185fe9a5803c6b03d98041422315ccdac67e48fbd07a1ef3c5661158710abc679" + "1bd0a75d56791b4ac0e7695d53c5989d9fa6a3b037583b2a80d2b154b024f1c36b63548b" + "e9afe1d51f2f68b2ba94d4ca1e69a35ac10e15ba72242aac20f7526b12ff9d3cde9a9bfd" + "70d55adf9bd92c66d092d7d08e9764c84bf7f329", + "1fd4d1af0bb7c79ed5fea7bb45574e46534387bd916649485ef15207352d7302e81dc01", + "04077057d3f93011440a78718a3cfded73e4196e7fde96e794465c51be8b679f912c10ed" + "cf059873441c590c43e0f00f80afad5b0166f94b62214ea45da29174874e44356b29eda6" + "b9", + "3f224b35737e78ec5bc9b081a601d8fe19e33b4787449d3353d2ad225358211cf9f7f0c", + "1a7bfe92c30ed1af478282786bdf7b5b89cd0fdba5e534bdf13899dab5af108803d73f6", + "2ba14810de4f5cf48b56e94bd6c439d230dfced3cb698c77627f59faff0ac5a42c43067" }, + { NID_sect283r1, NID_sha384, + "87c8f2e3f4fdebce0ca9300fc1ebcaa934f51a12b6b8f2cb6bb6eb77965468663044afeb" + "2a1334cb5a81e74b8427267f8b34b5e9ff0cf157a9f18be2b1942e32ca61dc23ea13c3f9" + "fcfa16df8fe05e067938b6994982676463fb12842d4ec532cb904cf222aa805dd0d86ab9" + "a33a83e294c6d81e8dfa273835e62e9041dc8ff6", + "20380b1136b5283e9b7f54b7535ebda33b129ceb177bf5d3d07b1daed5edd9fb3862530", + "0405e7d0931db006c6abe04671d1aede760f2b1ac5c866570f8e5a24ed356fdab49cc5cd" + "ea07004920fdb0a744cc545068bf82bc5d7a46edf9265fd7c5979b9559f5421c9a98f6db" + "89", + "3cfbb1204caf6011fceb8d4be987d9a41b81bcdd95b94919b220647d0e7a18feef4cd01", + "07096beda28c20d2e62d9b0750142d3d21b54c38c7fad1ed65e4f9b386f3dcfcc43a3c2", + "3d0af02aa39e329e4c39f2a1d6797f0e3d14554dedbcab9abbd158273a3c7116225abab" }, + { NID_sect283r1, NID_sha384, + "2ac53e8a50c4afe3b38904255b7cbf150c5f79dc15932dc0ac9aa631521f68a0d4b6bc5a" + "04d55c99a36531fd4886a23a8d99f262ecd2a9feea925d7a96ebe9b6979a207b7f9378af" + "be404fc8e959b0333572a2c911f8743c0ba64eebc7ef12fe5435d2cb0e5091ae518b6e42" + "33489efe3c16c6f21abf4e2c6808b733914e5a7d", + "19f815b98836948e0a0dc9c30828c31b13e175f1e79f23d084ae1bbe64823f4866214b5", + "0405109d8ce934972f5520101730d0a14b99213ea17772e3e7637d622a5de13fd2ffe3bf" + "fa0502927e0c7baedc4bb3ed2bd1b15fd2d06dd43424393b246dd530d5d8598b56dfcb3c" + "b7", + "10359d5cd8a9b7532c9902bbf1cb83d0d34bf37e73e7c0f5729b62a10bd4d8faa0f53a3", + "3503410a6feec71fde2feb14375d50f99ff9a2c8bef47e676bcc6c3045efa9948891ab4", + "159b1f65fd566ecfdc08b87e4ecf99ceea3088a750e2c3c9d868bb432de6a61f289d06f" }, + { NID_sect283r1, NID_sha384, + "0b201469cac4c078f587edecdcdb6efd5752cb4a3f43ab540463c4d908c27527aa3592f2" + "f9acad85dd94a3c056bd28618317ebdf2e7dd6c5ad26fa3c31dd8e5c50c60418d91c93bc" + "bb59ec1adb1db791f485ded78a5cdcddd23dd1cfa4f13443468d8a5f2d648059b9c4470d" + "0f4fe7733d56a28a2c24456b6923703ef32cf0b8", + "01854e954654e726cf4bebc0e5a840e8809fd716059211c6ffeaed36829808363164684", + "0407a6e7c542860e815d3fa24fbaf99989e8b9c812b08399056ae4f9a850a6711a7385b6" + "2200dde6bff33891a64744dce6456600f5a6a11049906608e77f8afc38b922972c805af2" + "58", + "2c9cfd376903122625c7fdca50e93d4c216f0c7d07f33b3b51e54e666e13b67dc89d290", + "18321f9ee35d47648060213df1275ae89c2ec7d17abe8093d8a431ced23aa61d3f8df4f", + "09e5a05a62b006a7787c97be38df6fb9fbc1433aa2241b5a788fa727229a18e07d7a8aa" }, + { NID_sect283r1, NID_sha384, + "fc5e4dddf4c4a328b685035ee79069770fbebcc56c14e31afb4bbcdd5220e025f31eba79" + "4fd6c05e64f19678dab33ce4f084bc32790392f14bf35669d75b6466b4214ec30d58ca90" + "ae285c9058f5804a1fc9d7a995958f2a0e84ee52e8a78b601bec04ab607ffc2091749cc5" + "48c6754ed14e2e5f92315bdacaa7a12823ef76bf", + "3548f8020819588b3202f4c1ac62eaec6a47c2a19b2900c5a3cf5b4ba5804231141c647", + "04038563f2482a399bf1c13f42f8b85ef64a3599c22da9688b97530718bfefdabca3ae86" + "3705c4aabf6d8a90af345008d5a244d0671cbe1afd08000c4eb37702a9bcba6dbc058ba6" + "da", + "32649876d776117003305f0ec9cdab5cd84bbdc747d3dad5d8d54a8fdc84d519d50df45", + "1f5160851981772c502088eef209f7f89a7c8ab35e630d16330bec7723e398fb37c84b1", + "073a7333a7037e1257d4d70be87c30bef770f9d728dd7e2615d47b399ec650aedc867c4" }, + { NID_sect283r1, NID_sha384, + "284cad790e6207e451a6a469cee3befc3ec43e047cf91b9dff1485718aa29de36a43f7c5" + "1eacd8589f0c3a96ec18e8ccfa92941b50b2132e3612d5b45e16f60d411d1c53e373e1ba" + "451352e28970ada9dcb9802102518a385dc571dcf6900971b00346098a58042e0d1d129b" + "d6801fa640a895a458a45b31318fe63ebb30c6e3", + "3cc4505005c41142308f1489226b7b542e2e7f24f1d3089ff6b92a4b0013f490ad52e60", + "040280b77ddc6648d9cc3f5557d406ea2a089c8179d4320781b2eb76ab07fcafd2535b91" + "de005f23bf4171aabbf0fd50049aa017c0dae70b065964c685bc03b958cee2fc3249149d" + "31", + "2ef488215648524f6caf85233736eddcd9d1d838c6a2799c3a68580492d40f9800bd119", + "3e8e13db22c97281307edd4037f0a75d2c70a070614e94e02c860f36a53aa738fa0db2f", + "356f2651b51a6be0c697300a8c2641bfaa1795397eac208385c3729248e36baefc173ae" }, + { NID_sect283r1, NID_sha384, + "6d46e57abea9d115deda48b69fe8e0b36144df2f6a659509ce1b514c8cc4769d46e5f71d" + "f2a084f1db4a22fdd3ef0c2f90394f2898ce291b9f279c0664aa01419f5f6bee1fc12998" + "71b27ecd57a5ac548f99d01871b8c238a6b46044c953b2e78e22346a0c7663af4db62799" + "038ffb5c21ee512e26d01e70a4ed967377ab8405", + "144a2fc8e0aa63506e14e4307df36416f963dd9da78655832f5b991af8c3eb97df78efc", + "0403fe8867b560bfb21dda517b8f4d50578a11e1d0ab7ed4ab3796580d31bdf710e8e222" + "8405a302baa3795e2d132c55d90858d14d4b17aea0ab70632b135f94bb23112d163357f8" + "ca", + "0b5225132f19419715170f5a3f26919b4127a05b4f0406f895af1e4bba95786daf95259", + "0651d17b00ed9a06bfc6a913883b5cdf51bd5f2dd22307cc5ad3bb545f623516232bb6e", + "01128d4784fc0fc050af0b97f859616d764b22f40734ba65aa15e2cf80e7bba3d15f42f" }, + { NID_sect283r1, NID_sha384, + "dd750b39bd8753f4e473c4484e2b36ce2da7576813ebe05861c339ffae1d029bc793173e" + "d394091c00685ad82f0550cb21ed1c68f0c27cb7396922239cfb886647af204e88a9101b" + "7453a8ab662e270b87a8a13f2fe61d695597382cabeb781933bebfd7d0dcd33f77266e43" + "e32d937f2dc89f67525e522977ce73e9ad36c8e1", + "24ffeaf139043ff25a395e4c560c7680c1c2155191378917eb25194136b4a69597dc277", + "0400402bf61c0e36385e5fa8371a553ed8652466fdc3ed9d4a3ce1bcc567d1f451f6703d" + "d104dbea6f67e1117116f30fe42e84383768b0da770f8a2b4cd8a4fec330a0034554a138" + "08", + "3e4e78f012eaf1778c086a3bbd9e996da0ddde651236ebdb6348062f56b36f63a901561", + "1e2312720f6fbf44d7a6449a7f30019c38e69f2e6424d4bd1054f40798e9fe58d080b86", + "379d1b610a976730dfdf3300280f1c61109ad13c788e8f8f9a8d5e0130ca9482ee417da" }, + { NID_sect283r1, NID_sha512, + "4736e59fe5812f63737eed57a570182c065538abd9fb0a1c9c2059199e7052ba57d84b5f" + "a1cda2ad9f216610361ce1dfb9334816b6bea509283756a03aaae2e5b0597f492d078b6b" + "015a40c9785dcc5d2ae266176980db04f5cffef40e16661a50ef871c5f531d73fd5d114f" + "a19bae9dd2da4267a131fc31849da38c2b78d1af", + "1d1f2e0f044a416e1087d645f60c53cb67be2efe7944b29ac832142f13d39b08ac52931", + "04010b2d7b00182ee9666a6a2bf039c4358683f234ae41a9e5485fd6594e3daa880c0dfe" + "0f00a419b2f40e573dc2dae4b22e6f56e842e50d631b6126153178585bd05a8b9e6e87e4" + "c8", + "3e4d36b479773e7a01e57c88306404a46b6e62bf494b0966b4ed57e8a16169b9a1bbfe3", + "30513169c8874141cdf05a51f20273ac6b55fe12fa345609a2fede6acbeb110f98471af", + "33fd50b214f402deed1e20bd22eba71b156305e4f5a41ab9374b481ee344ab3f27f4bcd" }, + { NID_sect283r1, NID_sha512, + "e573fa7d4bf5a5601e320130de91f4ad87eb7ca6b8998488afcef69c215b0cccd221b8b6" + "6eb0af9d699af9ad6c4b4a580e82941f31e4c0a9bd83995dd076c5ac9bebb34481061e7c" + "b1b26f6e8c6b26ee4bdf9887f7ae2eb9fad3115a21dcc96acce85d23a040c0ebbe0a56e7" + "5714dbfa803d6e279b2f4280bcb993f96ba321e1", + "1337362609df74d25f7adee382225e6a04dd6ee4c6b45fa31499ce9edb0ec046325caf9", + "040287b288ce6f65fed9f95c99fa4b8c1aaf6de65ca563df30ac67c1066d2ba2f5a554e0" + "9c025567fe183dd400d256c333da92dda2e364afe84492ede9fa0e913ca7f12069b5a44b" + "48", + "31b84ec438302155f2e84dd118c0d8479267f8d19c8c5d96d21177e20b23e0180dd6d33", + "08133e49644044bf9ba3b4c8bdc3973647d650c58fae4a7ea5a5fffabafed56e759010a", + "1d8cc410cd04b188418b20cebc8f66ab0dc29a42f9067aa2926dbadee39abce79deb396" }, + { NID_sect283r1, NID_sha512, + "7862864d0d78b44e2a28af44a0a16d8e9b1b8c4b794db0410c0a863ba011018ef43e1e11" + "f2fcda2f56fdb2a69cc817df425c9cb3b458922ba00d710190cae16d61af3c304a42fbb3" + "d0c4a74a297253fccd70aca414865b41f68b01c561be281265fa89f63f975d3101334886" + "e85929a5a47fa8dc459b663548faf8ed7484958d", + "1be00aa0afdfe92e24a2536594d4b41701ad4dfb223aab35ff49310bdba7566057fe8ac", + "04013583d8cd163fdef7c11e91f36c1d3eb2f7957d219244db883708a7c5777611b00668" + "1207a1f4df45073b838277d8da7daa7147b0f10aa98b5ec02fbbf97c89ee17f3a7ab4f3f" + "27", + "26b42f369ff9b2740147914a2698cf1ec9bab44caa3b5f05957ceb9a32073729aef0fc3", + "37640dcfa11483b3754ea027f5f239500894dda4f4c8308f0623db256eba2113c41ae61", + "2096767a1f8210b175334fad61b4c7fb4e2d6c7811b5d22521af7750f101077e2fd4e44" }, + { NID_sect283r1, NID_sha512, + "e73c96d1a84cf7cc96065b3c6a45db9531cd86a397e434072a38d5eeb9a90f62bf5d20ba" + "e22b926cfe967647d2bbb5dd1f59d6d58183f2cf8d06f4ac002ead026409ca6a1f868b40" + "6c84ff8887d737f65f9664f94801b2cd1f11aec336c0dbd4ec236d1cc4fc257489dc9709" + "dfa64eae3653ac66ab32344936c03eeb06d5852d", + "12ad0aa248db4fbc649f503e93f86104cb705d88c58e01d3ae0099590a69aa006aa7efb", + "04008d262f57f9528d55cc03c10bd63ded536bee9ecc617221d9892ae1a75b7cdee175cb" + "330754e40e8823e89fe23dd2748fb74e9e93c3b33f188f80377a32bc66f6a92da1804c04" + "cd", + "2405a351a3bf9a6dd548e8477452c4d9d719e32762754cd807a90abddd3ad380e197137", + "28c5d807ea1c3ddb7f2c90f3af644c5d6a2757336ae46c2c148752a2fc150e8183cfd83", + "397c8c52fd67b99792229194a787518db5be8e8c291b1a30e105b00f108ce41f8ec8fa9" }, + { NID_sect283r1, NID_sha512, + "a73fb0aaec838d011110d49c5e94395ce07408917bacf7689d2cfe0948c582214b263c6b" + "80e0a55f1e159086817605723740569eeaa1bae96b979679165c5c35ef2142525e943e59" + "5e6b4b160acd7ebe41de19775346363f779b1f80b6d5f0785b92a648028e456af8496102" + "d19dc6526247a654bdae3368f075fa9ee92b2f4a", + "2cfbb8f340cae8e2e2322829148981cd9e509b0c65497fd8d9da5dee9dcfd39b0f7556c", + "040260bb17da74429f049f3a7eb73fea9cbeb5b14ce553d7772a365376d0114ed2ef3087" + "d005889e41bca54c09be20dd406a6e1f11f9d31d720e0c4e2e88f381ba89a97f12fa9faf" + "f0", + "3fd7cb455cd97f7f9cb888444f39569114589612b108657ac59178ffe31a33569c9f0bb", + "048a10915fd3bf9ffab1cb13632359466ccc539128cd98c6273d5d8d26c64d57520394a", + "2d0f67f9baffbb34094c5fce36f47cb73a537ff984c89e38d073678c21148056bdd6893" }, + { NID_sect283r1, NID_sha512, + "eda775984c7c9f7db47af30dab314d070fb77e9b623baa6b73e2cbda800f167b20fdc2e7" + "219391efacf908f4ceed9b9b6bd3541b52ea087177e18c97391214758cf6455311fad336" + "ab56cfdce57a18add8cf85b0a0bd6fa7297dbaa34bfc8585b0f06a0aae055186658c227e" + "19cddb65de88d260f09f805c2e8854dcc524189d", + "070e82a1f3fa6158d15b7346dd56150faee5c98c9d07c996e01a06dc9b211b12ff62d60", + "0403d3ca5fe316a0820e84a8bb5d231bb14c810a87c7392d7f960e7cecacc56c337f88b0" + "ea027ac0ded5633a98ec5734db9de1399c83a181d522037266d856c83e5c8047c4eff2c4" + "e3", + "311b23487750c3c4b23b28424c33328c39d6f594d2a9b459a883508b985d8aca039a2b5", + "1465736c3c9e30e895b1544690e05108ca221cf2352ee4af1b5ee4130029a82b277b076", + "2819b94dca3a58cc5a96790871640fe0fae38883de6fb4712126c1c1cbfcb0c005c5af0" }, + { NID_sect283r1, NID_sha512, + "a4a13e0bfa761b9bf37fade6570d41c161e20558874911ff3bee38e5649849b159beccf3" + "21c6bc7243f99c01a2fadbab9e157e9952ca65d8ea676c74fdc976d00501c626b8465c6c" + "f0e4fd1a7d1260aea987161b821528b0b423e62ecc5193a0a49442b0c3e4ec9c4786a3a8" + "6b199c07dd3a17033d430d2c83c100f54e0a7c31", + "0b471bbc5f7a07996e370da4a09e71e2119ab3a562a273f079401951fbe4df39a4493da", + "040333e9d5e077bc64d022e49d5d207385a19282aff1b73b307523b0f861b4ce4219308c" + "8205414e431f3b90a2d4a454d073cdd81f8b224180ac4139104166ec33ab33d079dd147e" + "bf", + "3e431c39ef6f4b7674a1bf414460b58998ed7aa5b1af7ddab746cbcd2ed9f42ae3827d8", + "151df78c0f453d396d71528032933566e176eb7f6910fa9df2e9b2f5ebb6038777ef209", + "08a1c4a1e21cc63fc15a78f0a11a1bc7a59a5a31f57091a12896fa670dfdc05c04053b7" }, + { NID_sect283r1, NID_sha512, + "7ceda7a7248640f7055309ae712c19d741375d6a7e0608e07f0135bb830dc3e8863ee9e7" + "a75331a5e1bd38c42cdd484d4f45a26c2c1d4e05ce0d0ca941f4e94ecc6b371102f31633" + "629e9861de558bcb6407d66eb91f1062ac0e0409db68b9f2855296a7f42fc92359a7dae1" + "6c73fd2dddea52bd866a4d501aedd8fe3b3ea733", + "3c65cf80bfb507dff52f9bf2f93df0642020d41619b3990009409e7210fd7130ac44ffe", + "0403beb5b9b8785c5601093086b709c0a05955be42eca3d217e625349e5a875efa82d75e" + "d4007cd4e64475d628e6f562f0ac9c3f91075626063a52c2b621796e557799ab2f1ebf8d" + "bb", + "16212ce91eed7153fef806d2561912be1d988410641d5eb72d586cd4e6782deae4538a0", + "26ea04dded2cbeca81e75503932982c7fb5cc7d38a45a3fff8c4ed7f844dc759d8da302", + "061d3756e3da1c7816f0d72a8c84dd1f3b93624b631f5051c801af4e472fcf82d896c18" }, + { NID_sect283r1, NID_sha512, + "609815edfd58c0e26a4b06dded831d2f33466a130754b96d8d7c3b4d99fd4b0789ec719b" + "c25338d0ae8c5880560c02687d352d77c291e406eae865c3b26d00f2e63dc644ce7e01d6" + "e96ceeac8bc1eeb257d36cbb25d89b5fff6e30b6051506a0ae54cfaf6214f30985d54cab" + "78f708029c1fc0175bc58e888db89dea8d300abc", + "0f4d33a9c7e6744ab3c441828bf0f1866ae1c042cc54abc754e3801263a96cbb3955dfc", + "0404b925b97bbe67adbb6e918acbcae0ced8dcf11d012e1a97875b750bbb7d01945bd64d" + "f304591cc9caabc0db8fe9047e6b1f8d850ac4389fe67bb84f6846b631dc3524c8dbe6a0" + "6d", + "0483aefcad5e382351125b333dcede8ef50914b1d1f1843b075f242acba18c290c742cb", + "1fb791c288e2cd52d3837c56b02fc99f53a6ee27ad6dd9c0a31ca08d8fa64eefccc5c87", + "0a041ca35422d8985c1c706dcb0b8ece64b65285bd0a934cdb41fc08223885147281869" }, + { NID_sect283r1, NID_sha512, + "82d8ebba707b72655497320200ce719520c1ae7f46f38122958fd99322c25c9f4d4344bc" + "b77a6658df0eece5df163412ecdca58475d56b0c2d14a0361e4cef458df146925d473a43" + "692b15e9bbec550f1bde3444f2a5b2ecb55d2abd273ae999f16a32333529d94455e485ca" + "4585e6b07bedbfc2bd1eb766abf0d28bdb1ae6ec", + "3a4824bdcea6a144d85f1b194431724cc49849b6cb949b4766d641ae95477d1ec3d1464", + "0402c9eb36eca01dc2fe921933f4cebe8046b3679abed80d2f8fbcf8f254bf17be3d551a" + "56034c836aa4e946425fc9f49f3f62e33d8a0afd320292a34d0ef8bde8ad79a10e3f95f2" + "f1", + "23d8725af57d835018e8737fb4e8b2eed3ec5a83fda137c710fc1df875416ff82fba90a", + "0d9f57ba8b6a9a1cbba67adfbb938211ed2d267468f79ad39ea1eca7271d135bb67c18c", + "0f09a600d97c69ab521bd1ed6bcf0c0f69255c334e0aea06c68bba81d53e810cc553c9d" }, + { NID_sect283r1, NID_sha512, + "9c6fce18a6a96349b10c9f2f5f1505c8ab727a650b44bc0782a5f39fcb48b45fc7c1b821" + "80d5f229b8abfc807071f931d333d265fc940c93fae7520d8d40ef59d7c6e3678c6a2ecd" + "e52b6a8827b1ffc6ed269cb9832feb20e593a7e3d4708309342875199eb2ffceba7ecd70" + "7b122516c815e83e27872eda812e3ea52ee3c4a8", + "27ba543ea785df1d53d4ae4c1bd0a3a994cddf0c25d2b4e8ff17ea7aa00619e858da1a5", + "0407d375a9e78ccee85fd795e3fe6bc07f50af3456edda1ab00303f6de6b5b02fe09859c" + "63008d0d54ab9a239b5ff955452b32bfd2372fe095751bea4b56d52f79b4fda0fa635f57" + "f9", + "00ee7010af4a517502cc5d5433d98916f6750e8a9009ea04b8132268673d4a02a3e2031", + "3c147b66efa47a842eb90371eeae907f0c813ca0937e488da95ff8ee16d389f3ab902ff", + "01469d005eacd9ac84a140c93ed0aee09083a4822730a28df35058cad29267eacf03968" }, + { NID_sect283r1, NID_sha512, + "5eac15a64c7653d125605869012b8f036804817aedacbb5a5248a595ee0c12329f91e817" + "9c187192d3ed0d4ca2e202d8d4d9c93ad3f3ed931121c193af5b47a8a5dc39775b6c2d70" + "2708e5134f77a31bd62eaf87e39e6fd3f2b9f782c3057e162dd53b3addf92bf0ab99835c" + "7f6649abd1c5322a1ebb2ba313df9464a74c14d3", + "0708d0907d14dcd5f40e2903e1e90e48a0ffaa6d4d9b84ca14df4e985c294f74eb9f2d2", + "0406fb0fe1c3d5bfee5399c98518bc3ff135e0c351243fa0540717a9b1f7990eb8cf4359" + "7f05212fd4d6a50c08cd99ee5988103fa639b1123c878d416cc553639bdcee1f8e927bdc" + "8f", + "151465f40204d76f3bfc2e4052549869c19da82c678c332f536ef24567ea034358866c8", + "0803d3e8c876d46a9198f2f769faa76c4f66bc5ff4298b9640ccb8e67ff8d10f86342c4", + "00da3344354114d163d14d4c288785adbf9a8b31371c6e4420383c80ba0a430019c6acf" }, + { NID_sect283r1, NID_sha512, + "df735a7e60bc267b18f313ad56bff830be5ef119baf43ce27c6368ff1dd89f010afd4f48" + "740b11c12101c5903bfa71d6cb3d6462cf875bbd55a570ffedf3564088dfe8c8d3148231" + "b78b5adaa6c53696737d4704daa59eab8d986fc6e519e81540f201e77b923a6a4af65d71" + "73635b3b19b2023022186a7b8e869e1ed51717ab", + "21fb0a6b94080da8b8299b87457dc09d21bc430ba5f3359d92aacc1151be9941739567e", + "040179831c55ead3d11844fea2e18d25cd4d658822e626550aef1afe37d88aadbcc9bfd6" + "66075f8087d759ede340157667c1bb12be272b8318aedf2e8f8b487f4bcd12a50ca66f92" + "81", + "37833e9aab843a6b967264fdb705b419ed63fbb09c12170491019acc7c21b9ee28a00ba", + "1c9601440d109a3f4eb69a1a669bdaab9f4222a34a04ace8ae313b10bbb66811bea7d5b", + "3d2f9ad7595dcff69b65f035ce600f2667f8499d3bd25f789d3f3c1bf83d2855f68eafc" }, + { NID_sect283r1, NID_sha512, + "bb107b0eeaf175a786a61db923bc6d51dad5e922e85e57536118e032167b197b1a1f62d9" + "bbcde04922fde781665c1094181c16ac914cf6fbbfb27bb8346b2134f05c55a8c6b9b481" + "273758e380666d6e22c28577c29446cecc5c3df9ed9f1be060ca55ab2b7fda36a147aeb4" + "6df0275bb923e0876b703452fab42f6b7ad2ceb0", + "2c80151f91301fb6b0c7685bd172f20515b46bf94dbc4160d0720fbaedd40ec00084447", + "0404a62b0c9749ae9ff00dc1d50d2b4a4941741abfdf13c8e416549ea27fc26b14f191f2" + "4302c9cdab7c6512c322bd200167eb9657f8e8c84864b57480a80a3c6efbaa289ab8cbe4" + "d8", + "3df951f8c4490fc7c2d50a72a93e0e82c5a20be8d91afd890d6846bfd146169ab58b382", + "1f2accc7f7c4b5f877e12cc17b227e1ba110577c9f4e1785e6dacd8491bc6017129d798", + "27a167e6f2b43ce9663b810ed4f8ef15029fb6f2be2ddf25c014d844953f501d1dcf6d6" }, + { NID_sect283r1, NID_sha512, + "f47e49ae30b09b7666600b7a95e81b0afa1553da5e01fd917e4ce1b58dfaddb8dc8c03c0" + "f5591f533610deb6a7bb5faf5dd1ec4103a587a1a4c58a110a706b0f301a5c408b3d984c" + "210d5b4a0b347d2b5447271f25b527b3c7864f7cdfa735dfded47c63b723fa0f0413c57a" + "24ffde9a95c35f743f892ab1ed1df704cde82d9c", + "1538abd7ce8a6028d01604b1b87db3aaf720e04220edf4d1d28c2d731aa25f509e58f2f", + "0403076b5c3a12b8a2e1368c7e3458458dd7ba6c5a6dda8c82cc6b30d1ef767d36e01520" + "7f0369c7a80cf01e9f32c08f9924db08a7d0dfa5e9a8e0e29b57f5eea8506841e6e3da04" + "f0", + "3f0052ba6ae6bd7a7aeb077a764d21caced6b241f63616ae4e4f0d98d2bfc0e44dca592", + "01281bc0bd36ba1f3e1c262d98ddf4e9bf1d80dbf97db02089fdf1d2e625abb5733ec3d", + "076db2215d9f33054efb397c449f05db198d38a24749f046ee20032f5899dc142052e37" }, + { NID_sect409r1, NID_sha224, + "f2380acb0d869d1cf2e25a6bd46ebe49d1c9270624c5507be4299fe773749596d07d10f7" + "c2be1c0b27e86f27b4a6f8dff68cfe5c0b4c58dad1b4ebec7bd00ab195fdd635d9fa8a15" + "acf81816868d737b8922379648ed70022b98c388ede5355e4d50e6bc9ec57737d8843fab" + "da78054e92777c4b90466a5af35dd79e5d7a81ce", + "0beb0df3b0e05a4b5cf67abef2b1827f5f3ada4a0e6c3f23d698f15a3176cb40e85bf741" + "c9fbc78c9e207fa7302657527fd92fb", + "0401da1761981a65cb5c77ec50ebf7acc11eaf44bdd2f70242340ec26ffada7a4b5f661e" + "13d6e7ad341cd7dd1ca491cb7a0b580be3019ba11e4c4f2f5507d6bd2aa2f96b03510a03" + "d5f8c38bcc8acd08080d9effd1f8ae5a5586603b2e112964514c831bf786b2fcb2", + "091e575fc79444fd2d9021bc267a1a076438d73464726bd0fe4ac2884a374e71bd462b15" + "16b3e97c3202854bd0a286214b9e92c", + "057ab9d5cf4d18f05eaf17d3b5a4af96c3eda8ee48acf5e02eefdfe2f542cde32a37c04f" + "285794ddccbb14383a645db040bda81", + "05275de4157b32723366a0d63831e6512241e3e4416f3af02e22da8faeabbddd76116030" + "4927a71cfff4d6e8937347c9b78cd3b" }, + { NID_sect409r1, NID_sha224, + "22a97fc0a9694dabc6f274ab52eb592dbbe8beeb646ebe6cef60eff341a13017eef980ab" + "a6d24ab3afd976e2f6a84cf652654d4a54a36b2f2f62fab8858f8b0479a48fe9f47f8fd5" + "a4a1f3141a91cbca186507b2bbfef5e4c4d2df525f04ef7c4720fb443ccad540f03a2be4" + "68d88c9545d1dad579fd7cbcd103bbebc9e9f961", + "0504865a30984a9b273d1bc289d734d10e0aa56e93ab14720f1a42a27d8cc932cb8804b9" + "63175de6fe57d8eafa8ab7ea0592dfa", + "04002de5872c40a79d5238722fcb94d5158009e28fb41ea012e92028dc3c87855fba71f5" + "0e6d0dff709867de185f9a9671e7a91e2f00fbf607f69609ae96982bda3f0317fe46ad1e" + "0207030fdca702cd97fb5d5732f3abab24b10669875a64bd2a74c8603897c78d22", + "032d0f950d10d028db6e9115e9944e7c768e2da731df49dc9128bf145a747662de08cbe0" + "517fca6fa185abdfcc4e3ab604e196f", + "0e7d16daa689ddeb08074285f5293bd9f1c051ca5589e69e4b62c32af110b6f3981d9624" + "df15c7cac0ddd62aee9c41c7b6d690b", + "02f6bdcc551aef0e4e8da2df38288dcc29fe600de2f8b6cd8149f88146150790915148f0" + "69372151c3bdc4d719526eff252e610" }, + { NID_sect409r1, NID_sha224, + "af36c04af0e3fd64bf52dedf52fb788d2d1bd67fe05d98880cc7ad3c20436abf02f637fc" + "ec209fbf888903fdec8682717299f8a4386768153b7faeb6581db57fb9aaf4615b4ea8d9" + "24198fdd158363a1f40312527d6bd14c13d19985b668c6b88a7548104b1ff057d07082ee" + "a421f50062a315bc3866378f2d2d634f03fbc0cf", + "0cc08a4ea5ebe32027885a8c212870e7c45b6c610117994d6a42a284c05199414a3a0e8e" + "6645ac5c2ebf21c505a601f69c62b85", + "04009d2beb607f2bab64451327e1dc67f04f7569ffc0c67b410c6db06dc04edddb1362ce" + "8d8b8220be77c447640e7d0c676e5ad1d500ab813e800e75b6012faea43be56fe9d5a22c" + "d46fb1f4f1ba65eab19f75f2ce9d8187e4940fddc485c42cd18d40d47415a80b02", + "0cfcc307f847eb696f16af32502690711ffbaa2e60e75f80cbcf7704152d5eeb9ddeb701" + "952dd58fefb159926a83245fefa6196", + "068d1c646dca56393caf3239d9fb30d1dc56f991a8dfdbc0a7b69d273aec69a53056d955" + "3e105c7917e522ffe446cbea23227c8", + "01db30aceed2b126cf45163b9d878a6590e9ac8284a31ccb0faeba2202679f181eaebb66" + "4b5537f408b693800f24da590082dfe" }, + { NID_sect409r1, NID_sha224, + "6bd6f52a6204b60f37929aeff28c87ef61ddeecc231e52a7772275f9329add899c130956" + "f8c50ac2698aad3654fdb49b74a6427a62a11eca0a8ee8b719b8c0df7b9f0bb0af5fef49" + "18a8c83367d29fddd04b6a1ecad904471e5b59c8fe3cdb06b4f8f96419518dda960845d8" + "3c49a49f1b1f2fd1d2682a9d60c25fe3ce982cf7", + "07156ef0a74ee1119532a2a7e8c02be1559c3c21897af9d5b34553c3d0feca4a8d5929d1" + "945df824478e0c0b92a6fac8c84f639", + "04001df419310cf133408e9bdb32fd85f8f0950263e1886f2e2e108a596e7e76153ec47b" + "f9b33f69c1128dfbf52557f3c382de85f1016a15517a811c77cc67ec4fe2bcba1290e498" + "1880c071318aee28e30854692ed2d6bfb71e6e74fa97af750889ae8d010189733c", + "063f127c38160e85acdd4d5dee1db1c32cd9da6075b2d2f46b010636e374e0262a045339" + "4aaa8bbb5fe7b2dbcbcd62ad601cf51", + "0250cf50d52a5950999b9c0ddef219218f76dd9f22a2213def9ba98d258c2f8359d08d0e" + "fc208e23ea3614c9e27b2e4576b9c12", + "063479550873dea8a3ec0306ffa9252739c34c87bbac56d3d9138764347d5220bea9c27d" + "6a308dc2ec53724d6d3ac4862d1735a" }, + { NID_sect409r1, NID_sha224, + "0eb8de25f63abc9cba16823270e9b6f3fdedf0fb90f6652a34688970932e3ae98f6d3bf0" + "fefc5f247f72960a6975bff1f1acc2188a1775fe8974b2bb2b4c8d226ceb735113a14009" + "e8ce66d58808fada4e6f697fd016829913352c0f659b6be354a067df00cf74919580750a" + "a6064f21264d89dcb28b3b2d4d699115c36d1310", + "0a95c7abffa92e2c637611ccba66ff9d2ab121b40a85c5b71454cb0dca1f098ce1be8d9e" + "a4933d1a91bcd270c5a33687835d6e4", + "040048e6b8614c0c7156dc41884e17e36ef528a493c28c9e6275c3454d83beb939ccc749" + "52732c18424ba21b8ea9c528966c692141000ef9efe1145029d8d60d14dcf079d43e3cea" + "0e18010f680bddc2729ffbff9a981cef2cb595a69142b25a0a39863a929adb635a", + "0f43af45b0dd631bfe38d85979ff1612140b9cf80b4504857df17279d9d8ea12d5bcd292" + "0fcec81326f15832df6774b9c4bf5b9", + "099f403ced566fde4d9755258445b6d6c2a4e234f99425aaa78ef118321f8579fb513ccb" + "b71cc2732e31668a6a6bb0fdc7f4018", + "0d8568971a4f219d6d3d8bea6aecb4bf7de53886d2e6bbb0f71d054c63768c34d4d18830" + "00019c59168fbb32f4317330084f979" }, + { NID_sect409r1, NID_sha224, + "cad58ca7a3b9967dc0ab62a43037764f8074ef9177d60bd98f623d693333971c24a575ed" + "03cb61f4dc2e3d6285fb1204502a540f3c0bbbf23f5bbbd1544f322ce35d949d8b1d8ede" + "b82e90927ac67ad49c91007056bf5096bd690d15ac00e1874fe33293d8003a4a2b094078" + "cf09af799dde384143350c54a99e1f99cc31f2d1", + "02c438b07c6e0685d1f94a4bbafc013f8f21265d893f54e54c3ac2071606ad1ffacace0b" + "8367aad724b1d9508c65ce52282e397", + "0401fca66bdddefcc3c2072ea32f026c975a2c392dd7ed7e93e94a810e1125ec161bed69" + "8d8305830eb66fca5eeb71934ab3fd79b10189c22a2c9f1fd7624f805fdf4faeeb931709" + "d745a3feaa3cf04824f5fa58bbda144d4e96d83ce1e3282bd5fc9c50bcd68f5408", + "09230aa7b58505e2dc2f205b70a09cb9f4d8272f465b7380195ede0f7770af2a33f7623c" + "310a0520e7436835cfcaf32467f154e", + "013d0e70d8f4b1563efbd3c46feee15b88358562f769046f39df6d00477815e6b8763c02" + "3807eda87a86338c7b64214784fa2cb", + "0662f43fabd03a0c05ebba700203fa2188e16504f8655bfd0fd090b109e68220122dff7a" + "6cbb8bae08612e0d516e9f95ac15368" }, + { NID_sect409r1, NID_sha224, + "281ce2643799bbfacc7d5993683a4fa656040517854f3c2dc7c4f8848dc305382e34e894" + "d433caf12d8b493020a6a08d1fa05b08bf6c53127ad5f33bbe75b9db0615e3dd94408d02" + "8dcf3cb7598f6e7cb4c787681dabac7cba2cc06fccb7506fece6c7c1c1bf622d525ae973" + "7085ab4ac578905950002024f30159cf0d99f50c", + "09e8658f8f9e6cd98c0f4f0fd20d64d725653aeba339504def17f3ad12a63dc6157d8080" + "4e5f43f4ff48fc5573fde2c615ed31b", + "04015088531d914113a25f1598ba1d3cc611e27ea92ce8dc807fe8d446db14ef62ae2f06" + "c293bcdd739f916cfedfc481fd941b4feb00a9135dc1b0384e7169fb4648973559e50831" + "9235a3f41ba174d5f58307448671cf22a3649168495c36b0bced09ac6df98f14db", + "0d398fbed52228fe16d32a6ef539e4ee3858a1df327bec999ca25cdbc357de5a75903909" + "973bbb0a5d0269862a74623a38da515", + "0e38910abb3d84b2b26ed17d2124f4787dc5612942e98521d9f94baac3d14159eeef9e09" + "b9b20c807b479ba84640730a4ced4c8", + "0e370e575302ab0d8d08d5270fe89ba524b5bf21e43e70c4d335ec1525ff5696ced37f0d" + "e17e109fd833e5d179bcd4df42d7882" }, + { NID_sect409r1, NID_sha224, + "0c061da1a16f2be130ae3b20b89745e840bee09633fb49671db28ec9a051545f57ee07e2" + "410ae7ebc61c9af79868d3047705bfc64ac0c04ef0b286e579b650c7165443631e49e6a5" + "3c84cefa5625b1e1035a6ed89b8e839540040151132a937666524265e099272c1849f806" + "db0fdf2be64960d5b5853965099459968e5beb32", + "0c4c13f65eacce85a51881caa6f82d9e48ec2ac574947d2751823a7f072d38bd9da0cdf3" + "0b6f19084a6d291052e7bbc2e1349e1", + "0400af93430dd77e6016d1b076a52126a729f77e34bb3db11328d9edd56e29a7a09a7b6a" + "54f72076fcba886ea78ab6ad81de43a82101419e1bc339c03a8b4413ff009d76f9a19e20" + "1876ebbfbb3dc771b7df07bc19eb893ce23e40c679d7909c33af2bcd7d6306c0bc", + "0889be0918e7ef34d3ed226f967301a10fc30111b3559e37f5fa5a57dd5c73ff672c5279" + "d096c5b04c68b71d55e549d019281a5", + "0a4bddba9b7a402b584ceb82a54baab61e81973b7347e6dc9e3ce0f1e50dc21c9569d8ec" + "f8a7da97c38e92e52636eb13d3b4c02", + "063c7291656466f7bd647073a50f410a2cd9e8c938aa1fd3b28ddc1cbdd7b78b757689dd" + "661f5173f79896780ac3fdd4f3171ac" }, + { NID_sect409r1, NID_sha224, + "74ac2e1303297efc3ed8e624722df505df55b7f33964cc0d270604cc48b58205d8a11952" + "232a8feb0079baa30d7d33660268b56a5a3dd90105f0703abef8f6636a99bc63bd47d9df" + "100351bee32d8205dab0dbd2af36fd173409ff8d1fb7b24570f3c1e968458f58aea5aa2f" + "46731ee91ffd6d3a060af6b3d5020daf1362af3e", + "0da591461791ae7847e6d8dd8df46a63d3021644abe9520e158406c96540d8fd82ecfb1c" + "3f6f5cfd7688c7656cc3e3dc94e586e", + "0401f48c95301956c62e2fd931df49953519b88ec3915c8de495dcb4ccba97bee023b1a6" + "cd9a66dca29aeef8f4f1117eb954e47cdb010db6bf78cfeb92d29a922c4b05daa3cdff39" + "17ba6978fe738296956ed141c749a938ca9f8f13f711aec930e0f1948ce7daf9f6", + "00576a91862cd63acc067563626977fee6f074d5726cf4f68e80d25029d4b8efe5ea8457" + "45c45e4cd42879e52854c3f385a10b1", + "0806435400248ec38a6d362e8b2cafc3f3bd46ba5baf538cd97683f76a733ba2b4ca85fa" + "7d13b99f4076e7616e68d66f05ebd8b", + "00ecae395fb324b4366f238f0df22d011bde5db6b0cf4189e3ad47101067ba87336ca47d" + "637f09f7a40a1bc64de8c4aef7f497c" }, + { NID_sect409r1, NID_sha224, + "2afd17344552ccc577b0118caeb7dd56a0766e25f84df17c0505f9798931374b48df89a4" + "8c64e199108c36e00c0bf00a97ccde55787bb97c6765601765ab5417f3e75e35a9fe5e0f" + "85a721d9f08440ed617afcdc200b318940a1e496040a6ad9090476b0fb4fcceee77b3fea" + "11de09e7fb14853d1fff8ab12d66c101257e2d4f", + "0b5eb943f0dd390b737510e2bb703a67f2dd89dc9f6dca6790bc7a260cb2d0fb8e1a81ad" + "6009ed51010e7686d5b48233c6c1686", + "04001ac00da454bc329f7c13950c848392cb4f31594fb7837f0986f61601fe244eca3db6" + "c4f92accc2fbd1a4b8597b70e72d88b103009a364065a9f67a0aa7518b75a0b4a9140787" + "a67f852fa31342d6275c14713d484dec3116b9dbbb8af1d4945639997ded09cbc7", + "049176093dcde8549f95a8f1d1c87230046fd4b18a73243c3599815d4df8387a843bc8fe" + "1fd67f3c6bbe394547e11866f41acaf", + "09d7c4ddee55f61c5c4c2ac6efbba6164900344004976381c7b18c1de541a97cb58e14d1" + "4b6e433c4eb6d4bfe6d3e0a4e457469", + "0a9acf355bad544b3b120522365bcaa1e1dc6f1d3df1e30d3beb94f639e26147a81d154a" + "684bbafac965bc39974c505fd0f811d" }, + { NID_sect409r1, NID_sha224, + "174b2b083541f8284645a810801e72631a11bd7bb805f684a7159e055afc44357f2c80df" + "2b7853678d34a04144e0ede2327d03db6df23769ec41194a8d9d86af74d51c5bc11ea878" + "c6a80689af71d3fdaf1c651003385332a512e03dd040c33d9c328ca89ec7ee9026bbacf3" + "0a7f3a68e0d894fb9f7100ffbc64bf17679dedd1", + "09cc63f32152284fca27ab2837bf1343144336a1fdf15b9727c47e877ac69ac9cf4c97b4" + "bf42f1ab10d73de8597a554ed099efa", + "040044e655ad66ca9af330c33bc6d00ccbe4533a4c6a44a3f23c921b62eeec8cc1918e19" + "956f3ed848fed93a7fd7ddea57096d1f23003a71b221c85607821cd864af6f533f216b64" + "1ceae104b8e16dbfdfe7edcb2cf9ee0dc1679b696149ff42a051c51c861a3c7530", + "0db9bfe4c2e659006d31a7b44eb7bcd6dd23810f27c74dd587ab9af23aa5962dd18aef1e" + "95da4ebf4aabfd558cbf72d2951bd44", + "0c3b91bf0794eca7faf227c4ee4085eac6d6918803242bff4da9c5dbac2e23fc32a4d4a1" + "92d7737be22810812558f820b0a2c13", + "03120a558c0edb58ae7ba36e886084801e7604558238c85a199af6c9e7506ea4e748791b" + "04f3a92354a4f1407837d87faab66ad" }, + { NID_sect409r1, NID_sha224, + "758df71a952cdcffdc417b9fffdfb57582ab5c5473a8bdf0c2101953b023b77824263353" + "dea0e2ede1f800a5757ec6ac0e1e4e3ab5a4cd85567d2d19acc6b7069a6e7368401cba2b" + "6e642373654bec0ddd19fbf032794c15b7ef7e714e13e36875262c01e77766ed53cbcf73" + "5936dc9b33eaf2152a396349c82ca0297dbae4a5", + "09950355e8667bea8bbe3a2c4988436ab5394551b375e27fdc0c1a1d1b07ae957932f428" + "f1aca0a486e54cd0b5bb0a5c5650641", + "04002f623f81fb9a299b71ea8c58d5bd7d89e7be66ed8cfd7370de515eaceac903644383" + "38a3fcf9981f1b6f0b30bc61c4b7c15791016130b7c4061422d70b21251fa9c3d4e9636f" + "5a08cea794a0fddf74ff5ab1b750cce0f2768d54fb2fb75e2851c2296b39c0ddd2", + "038e8c70cd35591012f45f27980095c4bcbb3bd36bec594927968d3747618c7f5810ea9e" + "0a126e4d3e1e08185b031dbe0b37e5c", + "0cf957d59b03aed0e48189d2b9256b5472c8a48b4911f9cec14adce5c6b4aa22d093a116" + "364bcae01c1a739a4023da12a29c058", + "04cc2c22b243064758f52264ed84e757ff67c4f6596edcfe956b70f777d865d01e529f0a" + "8a9a6e1895168780ab60950a62d2d2c" }, + { NID_sect409r1, NID_sha224, + "b96d9f66b2000e9408d602096f032b112f0e05ea874229ab9daf6e05bee49b4722e4f2d8" + "bf2eeaab9dad94438c76b7cc64dcbb59cb4e03f9ac70487a1d24d8d6b72d7462fe738a17" + "edf381d52179b3acc0c0177c113eb4d10e8e78041deac1d56abda0ddf892edb8be956d28" + "5e7236bc6794168f8a180f622dd5f2b9e690c275", + "0a995493d6971c2d7e8fac3da9f8c0b5afd877cfb94924cfecc167f9d87002136ab253e3" + "a4f9ddf5c9c99bb1dc1af0c6a3a3c4c", + "0400ac0e558dbca0fa6f013b7282e02717e91eb73304b4f7ac5e04f12f55824c441faebe" + "5bb5af82189044827007bffb1e2655794101178bb726242c718b416b21cdc9fd90b31ba6" + "a8350f9b4ce3a188b1b5dffd0e8894ae6a417c4d74c920fda585624eed4c1d3f99", + "0d581293ab1e509baa50852bd3f21f6493cc524a2c16206e461e320c7f2c1c201b9d2a1d" + "d4207227592a6457670a67cb72eeb58", + "022624cbbae5214d2c29e273c334b9ea78e10c7efff3611574d5fdf6f67a81472b606e02" + "36aa47106097b9147fc1b56d062966e", + "08895d107ba789d88a17c30a537402591ed788206487697a72f69285ee5eb4f03cdad6c2" + "604e174ef4b9bb919d8b39bee6231c7" }, + { NID_sect409r1, NID_sha224, + "e7ae60ac55e6ba62a75d5328bbc15269d4638764169de0bf0df043d15f9152bed909b1fb" + "8c7a8d8e88ac4f552c1092b62db00958a3a827f64896f6de4bbd8fa5258d6c36e3904d82" + "d3eacf6eedba50b0242eb6b01212288448c3a9821c4fa493869c01149ff1850e8115cf9d" + "e1618cb8744626b1951d1de305745507c8b21045", + "070daf435cdc26ad66c3186267ad12d10f28d32d863f950cbfcf042fe9dfce553750ad09" + "8f82f7f1650c1126b3e4451bee6e11f", + "04019b41af3b557c274cf117d501ce7ccd04d8bff2dfc737d7efcd7888f2dda24737a678" + "8f16b3b6cd589d3f65bd95194799d65659011983077a2c371fcadbf47b10494f6ffc7ca8" + "873b3d812c45a87c48e1b49edacc0ac37e5038cf1aba20360b74c0903c23a62331", + "043fb8cb87591747d12f4897dfbbc79644b87907bdefdbd7ff0f6f2e7970c7d40bb2fc08" + "c17443d029a92487869f640607af460", + "05ea3493a8c04723de9de2cbd523481e3a8593ae8f010ecbd5add6db5a82d9b13ee7d24e" + "cb417419639d0e9f4e68d14f6799829", + "0a9bbaded0a2894e384184e166bc06e1b2fabdc70536caeb3d0cd46b955743cfa8ac6edd" + "03760d1b613fb445367734fa4270139" }, + { NID_sect409r1, NID_sha224, + "666b0dc2ddffaa7ffd57ea3b2768f02d4b77c16fa007c6d1918400d195f068cae2dcaa69" + "817e6e4c70d5b29c5598efe2d957bd12d0fafdcf5ac52dee80a2d46e77fc18cce2a49bfd" + "787ff77b942c753974d22434742bdb494590d17c42af725b1309e54566276af3bcfbf5e1" + "74d3cf191b85903faafa1583282c97e66c5da6c4", + "0f8121980dfbe9ad0bf92383c7cab95fb72d5caba96e1de7772c6a179e85414802fbb86d" + "725401451329287305570ec7fdd873a", + "0400c62f4e7eaf3f1bbae71734c86b8a40ed1297b9ba1151729f9363824425193e8605c2" + "bcd6094aecc9d7ef2a41aa6b12877291cd01882a45555b68596dbc8bb093dbf1aab9900c" + "f46653c58f5656f3688fbc72c5236297be2f0586a4031279b9014f2d3655adef41", + "0b4b5b19922bf6a34a00454374589f9c89745eb194b0352061a79401e23c0c0e1fecd759" + "7b5a7cc1c463b76cce7ab921867de00", + "0f1fcb80a4fb49348fb326e808d8ed8c21c376f0713429a22bfe16d68cab0295b21d4402" + "9083769761c4fb853662d440eba4cfa", + "0252a94a40008cc2c1a69113d8e14e989e7fe13918a2852de6930973a91784eb35e20d8a" + "e150a88c459167f8ece998cbf6c5eb7" }, + { NID_sect409r1, NID_sha256, + "3e967cbc2bd936e0b6125dc5cf885735bdcd2d95b2f764de6931c4578ac8e0e87abdf963" + "75481df67dbe1b6c43537e84ec62bfca6672cc5f3ea4125abd4a4119edffe04e42411d33" + "8e8b10abb1f1f818c50a9631a3f89feb5be5367bdcb0a8a82c96a427ba6ce99f9631d441" + "1a2b7f5b14d32cb3901dc9d285e4cf5508940942", + "047682b2e3bcb5800a531858e8137692a9b1ee98ea74e929ce4c919c26ae3b3f1d4122d0" + "7fd9a70d8315fab727ccb67004187a3", + "04017ffffc1d2009e844f8e625a3bf11749a8b4ea0b0fe3532d124112edddf72d518ef57" + "7f160962b88ee38b11445fdd356a26bcc500ca356fa8e90325aafb1826a694a55a80b2af" + "52e70ad8d507d48946392da8b9fa27b8ff6927fe5130c69809d9a2c4b1d7eff309", + "058edc8f3665ff9166af55e69aab9d468f576bcc8f652e950082a48224b4923cb9396ed4" + "ae06f05bcf7797352035484fdc501fe", + "09b46600fb3b8204d4cb63ddfaad1482dd8cf8652f63c926895b8b8ebfe27295c052b3bb" + "81dddd8687f4864f258a433010c89d0", + "0832f7674eea791b5f17db7cf9e2ab13253d870c6ab46ad01cdda30e78db8b8f51fd377d" + "d55ec7786ccc92b17364a3c17ad5be4" }, + { NID_sect409r1, NID_sha256, + "ca1c90012eba4e7c5f01d8cb3814c58f48c03a16be6ed86934014365eee547070b870d1d" + "26a872cfd28b60d9ee0a66dea223e9eaa90ee28076188d6091f26f665684f4b486af7066" + "9555db9058d485c677b2a34d4a98aa8d6f43bf6f44aff2a23c5d765e98f0438ab81be058" + "5a5be29daece5d4116f44ce6062753a3ddc505f3", + "040cd1a06233ac27f3ddd108de7c6c0982793ee620d71982697713be9fd5143658929924" + "cc88747a680779bb00da8a44e1e7d3f", + "040164e518a6719b1ad61a38a214ebb06dfb0553bc760799e668b1d0d098ae3f06dffd9b" + "84c16de90db19043d72bed2601fda14b1d018e022ceb850eb1db59e6cf63c4a7c73bea0b" + "70448a7dea77d5ee8a2e1a36cbc46454bacd5954792de82f3ec21ca6a509b0c7aa", + "04a936fccec003bd9e8eb45d27c0eaedbd452e6fe99abaa62cbd0739bcf259cfb6884d1e" + "60b82522c6146f081663f6f863576c9", + "0dec1635f2698d4666df2c217fbe3e644d27592c5607a5549c877257cba7bee29a8cac75" + "a044e72d039747d0d18de1c34acf072", + "0138493216ffc3b8aa2e0c26f4fafaccd6609e6b15f767da7c907db64b5181bfdb447d73" + "ede786144c70ddce7df7eff46dee4f2" }, + { NID_sect409r1, NID_sha256, + "a54c4351ebdb075d6a42a787647390f864b2bbfd8bb3d0e0ea9d767200fa344d1a9ff091" + "bddb186acd69bcaecd767068efe4d752d185bfe63f6674279d0e7192d2077c400bbc0d55" + "99ee28507c1253f05eae0687b965a015e1f3a292b4650106765266f5c95b77ad2d82a6a6" + "e012f233169eb6b8d83576901cfd4a927c54d7f4", + "01ca6f752aae4eb7fc9c73a08d6fbd96bfde5030d759a2507bd45b6e1d1487e53abbe98f" + "ad4f41976364e0a1d830910ccf97abc", + "0400f6b7220bd24652572b37a0ff25e75f72d583c71c159857482ca9944b956a117a6b2f" + "f96614898757b8a587e3c2b78d9943003d0118fe425768bbf3a4acade281c41c745c9ac9" + "46c2f8b95d65787fb6b64deb71e6b38fd8c721e01c87efc7c2a6d8066fe3b35a0c", + "04963aa161b5ffbe5d7e5058f0b1457ca1b9cd61d731a0470beefe5f8998904cf4594f98" + "dcb41283f66e2b07c5c5d6a6c587826", + "0abf824d43d993107b552d7ded13f49ea0ae7bb845e56ad7e53cc5f9d64f99f9f250e430" + "5ccd9f6594c92defa7f6860fab1c349", + "090a541f1844357f618e5ea34c0398ccbdab0cb363e266980ad304dfd675bc81c0345a4d" + "723fbcc76ab5ed4cb0ba0af1b71bcd9" }, + { NID_sect409r1, NID_sha256, + "6723dbddc8720feeb75e2a061b7fc49079f999fbc79ec8a8e01ab8d35b438b7049da5a23" + "c49a58101742791f84f45d5f5cf551cd7de6926a0e2c4ffa1e378f038da597368c62df8c" + "d8349bf046de46d02183dc05b3a3575f5f232dd2970057200e2c9cb60eaa6b4d72f8b73d" + "4d40b98d1cc801d1a69cb5ed780a75a4064623b2", + "0fb9b1a9597d216028902abf743d25944258b48c9762d4589fe660396130b75f6006cacf" + "de60f6204463cb8c18b032de1dd68d2", + "04019b07f7f4ba100aa9e749bcf93a2c9955c442730c5e1f6f72c1b1d132b780d92f414a" + "533282f7b66677c8cc8a3d5ba8b3cd3cf7006ec6e9c495ccf600f8c19597e9cfdb639406" + "b04f57a29dcd1a7a843c2c44e8321bb8508953e9c0503f77d36bdef24d5d39f85b", + "0757f6acf74eb02b7ff3161b476dfd8349854154186c959179f11b9a15da3dface40ae6e" + "d771096e053976866433382e640283a", + "08fe276e7f63ce5f85fce19d1739a8a9986cd3c3fbe26fd59324efd98826f9db3b228321" + "b3ad1d96145ca23cc02616d9e9d7aa6", + "016e06de8e3e0abf4a4f52bd2f827ca4c57412adcce3271fb4014069713f3723a038bf56" + "0788d8dd48430d3b30faf15ad9c0d69" }, + { NID_sect409r1, NID_sha256, + "ed53cec5e5500d62d38c829002916c657674ede4439c6f405ba672327ec677490e656bdd" + "698f114c2ab5e6a1fc94a1a8d64466cfe9eaabd23a8b5c37f76a3c0decdef73b3e7b751c" + "bf3b0817f4079560b5ea34cead88ba374201236bffc48eaf289bbaa4e828afa7d732473c" + "228ad00588c9b443d65b998f21c3d7a9e9196c08", + "032109202d754da290c266f74f47805a06e6b5c3f721a72fc97a3bffeb8887e0c642d49a" + "6bd034847d0a5ba09239c5dfdf0772d", + "0400f4dc8b94dfe0a27d4d41399005b242c3e5b14bc7cec55ff3a1561c894d73f365fa8f" + "a2ccde1fd7bf3760b96ab2db78d2d50b03013ac66e95c335b71fd1a98f101a392dd4696a" + "806239fbdd0708acc69333febb48d4b649f14f42841d66ce03f1fb557a361c12c1", + "0b010ef786c13ece3a10eaff79b93ef3899aa385dcc1914e16abba90de0ca6389d664082" + "fa727fa7c7907dc4c88bd621e6124c1", + "0488b8956c5999c317830206fc8b9f6760845c31bc4ba77584925dfe25c05a1e7d298a62" + "e9748c7278eba622713df59accdd78c", + "082701053ddfaa376c99cc42ad4587d84a358d9d8a9533888cc382623114aef51170de77" + "ecf64af02e09bee203851abb22f5d11" }, + { NID_sect409r1, NID_sha256, + "13829401bd41e9fe01329e9f5a002f90f1a6ecbf25fc63e7c1345f265ff02e496230f706" + "c6ab377ea52d8707b54f8fc5c7f089044e2bec1dfc66a07da76ee12fb9ea0697d87706b0" + "ebf677600bd2fe117f6cdefb8bd636a1b6b97549ee78f992c24acdf3a946053f06fd012a" + "9c703efb8bd929a66aa74b05d61bff0395232b00", + "080536e820fac59b3203aea928475043b2576446619001647e35693a9e65d15236c3cbc1" + "2e1bbe0eb305973535c882b70197a92", + "04016d7448c0afe992f8c59b19d6cec64d8fc5b10026a806760bbdbbf0012063f46d31e5" + "21a34771f826669c4d1ddd58d3aa13ebc901a3742a6f231546f0704345b9b83c72d50365" + "22449cf60c1b3bdfa4c8d36e499d4ce62e6e7bb05c6132bed1ae44eed17414d2da", + "042753a515e607cf9992dd1f249820dafe53993b59b1e57d8f2f9100f609cc15713d27f5" + "dff4007e078d6da1061ddd36c169c21", + "07eeb1cc19ac45f52c0b63ff8ecf4f4f35958e86cc3e3a071a35446d490a426b48b6c287" + "027b003488573a4834a06dad48520c3", + "01410d85f3f2adf065b60a126170c43e34e0883338118cd33b0b3eafea1d142480b236ce" + "49d35fefd1ce4ad3d25e0cc9268b1d2" }, + { NID_sect409r1, NID_sha256, + "e696acdfcc96a6c088069b7595ea9516a36d8fe04dedeb789fbd965db0cc64b7017a8210" + "15f6210b6989e515def5a9605fec0d337e4ac59f3101a505168bf72ab6d98ec62a71d2f9" + "4071fc05b95e98d4efc59fedc138e3e49c5d0b44d1f48f7b1e7c1944ee189b242950d2bc" + "804d31c7eeb45283c84638f043ab9533976433a4", + "0b05e5f0dad9583ea18fb8fc4d8c75fd2e3cf9e92cdd9b737485c953620d345006c31c28" + "8b380258b6500b84f729ce6730e5303", + "040157c083ad9789966905c212dcfd7c049a8ba3863fd4886e4b118b3f06445fb0d4745c" + "2a8a1193dc68915722089d0d382253b67500867e8efb575800f834c978ee2ecf0f84f72e" + "75dbbac86926b73fab8b47f38eee17a63baa02e3edb9d4f6b2fd2afc88b6de36bb", + "0c72eb08acb1d422999ee8d51f9ddef9f897dccfafd886998edd3ddf30a638dbd0ed59d6" + "8885ce242fb838f022bccd4f3b5f854", + "01f4dddcacb088f6e24d331e8b111e390735a41e1fc29da8f5ffdbf7342f4b9056786f2a" + "67159d1e57570bd69d69235ec562416", + "0809840df1ef8fce9b2edf8f970c07bdb5fb755e9d5bacd7996275c4f890173142c39299" + "ce9eeb51d21a32acfc7761d5a2cd7ef" }, + { NID_sect409r1, NID_sha256, + "4058b9a8cc15ac148909eb97fa32aafbb6077b168dde91a411dbc973df7db056dc57ff78" + "f0abcb70f70f800bd752197d681f44df4a7817c0e7f60f8f65489ecb6167c14b525e91fd" + "2cc5d8b80ba380a83d031d5827c8b1262c687c90ef0e62723d9b565557f9f6fed0db48f3" + "799274c2cd60a14303406c35802cba6261121296", + "0be1d277813e79051ca1611c783d66003ef759b9e104f32298017fb97667b94dcee1ce80" + "7dc6b4d62416e65d4120523bf6a4edc", + "0401fed0171b5b3c6d9092a6592944680a08a0d4f99f08a3ad1c22b5bbf11c0e4ab3cdae" + "9526b0ca2b1bbd961362faccd5caeb1d3701ae7d57db848e5c86c31f542f1995c76e916d" + "ea9aba882865febca630bc6a10ceb6732bd5f07f51bf2f37ecae7b7fbbca618ae0", + "09e3585213c6d6706524e3c8e753a2eb0edced626498eacd842d44a73c602d801a079f94" + "b781ae1ac5d44209e8e3c729ed4e820", + "01098d98cf83c705515494cdef8c3f50ea8316d95b3ca5f9a1296f09021de57930184ee4" + "b9f563aebf5fd0d5abc0885cd24c0f2", + "0d9706f4474a8fb0c701505516699025fde546a21a3fe519a173a3ac01f683d40b4db264" + "2330bcdfe188693b15a476cd9339ae7" }, + { NID_sect409r1, NID_sha256, + "e793237d46e265ab84ba9929b196405faa3b0e4686e8693567e53f68e6991e5767797467" + "7682a2510c4c35b1968a90b32c4941af7813775c061c008a60f9f671cf7419c94253d610" + "6b61e65034497f2d273a5058379bd986e3d917f708f0a2bebdba150f6d78a3af9c722a24" + "30ab0f4bad602e91e18aaf258e3785fee78e4502", + "073c807bd7e07379782ab790720de4ae5106f16d34e80ed70da5b1594e660c9b775db940" + "66b93e74f855f57d88b6ecc6228aace", + "0400301526b630ac3fca5085f633deadec27af353233e6f241772c7fdbfa42e47a04b0d3" + "ae38c04eef2109390a71fa9fda652343cf0137eacd97a8449ce83f19a13a248af52e512c" + "fab3e2ce1ceb789874cb08757dd9e47ac21b5c0846498d8d7cd90122c437602d52", + "09245ba1873114ee2a3e642c5b15049a3566a2f003cb3d25250028655fba98203feef5f3" + "07a9f4c77f232976d83723f2621eaa6", + "0c8136d4b998ca0544ca1430abf55601f259aac7756c75d1371de63d1471053c789833c5" + "cc257e323a71f80e21783df4efa169a", + "0e2ecc6f0a418bee5de7c2418c4ad85d981b18048f94865821de696488ee19291912ae7d" + "a1cf5fe9708e2beb18e6cad4e3f7849" }, + { NID_sect409r1, NID_sha256, + "ffb8bc80e7619a562d8506eba7658bef0c25ace3dc1d01bdc2ef00933d4fa07b80364e5e" + "5826074edd46a707dbc3b0ab19eec7ea8990839d7fc0a80b70661204c52bcbef57c1a7bd" + "c861c10766033a82dafbead283d911a9502d5f9ef0a39d35ef26f3616212d4bafcd413ff" + "d18b424fe09b48ba02ca5d97ec996205cd49d22e", + "0a68379b2296a6c944ad5dacb593b302d8ef0b05873ce12bbc371d705f308c739d21f343" + "349524aa72f05341e64f7435daef112", + "04007fa0f698535b011833dac1ac96f3739ecf0c29f7fc1f8bd635f4f98daa70a3931061" + "1ef51b2fdc8b37eee3573dc34cd2528d3900be1a9dc30dabee3403da4f2dac6622e6fb84" + "96e72f3f17c169e7b554efd84ac655e727ae9520feaecc752601d5391270cf0cfc", + "0630547017103c3f97de48ab6b942db94b2db9ed7dab0391ea9e71c1b788c547abc90088" + "de5b3e36c9ee4280bb454c7c3710999", + "0916aac91ad329d6f330cb051941c781b9e59bfbfe45c4d4f6ce0d1aca982e1c612952bc" + "ea06784c57c121b14cc0dcca783d0c2", + "06a83d93f9bb81c61ac290906d74e2d3b964c39b4e96370f19cfb4a55a3f7901bca3deef" + "4bb79ca6a798fb9b3a9b0137c5a9324" }, + { NID_sect409r1, NID_sha256, + "946bde90a5b903dd281a51d7fa93d80f3fed07eaf50c18fe9fac5acf67326bb18effa314" + "4e25c151efc006a50a274ec6c6a5d573051c4e2d117ceb0fa125acad07a10fb6534a8e5f" + "5b3da2a1136779c51377bf76c3a4a93c0c6158f729f2293e414fcb952c9509f228c804f0" + "adc1daa327a8991d48ccf4f3957c5f8ccbe3ad4a", + "026046bbb269ddb1ec14ade56175482343a21b7c265026cef3c7d6a1ae0f6a68166b9e6c" + "49a6e733ad2ad64df7137ef230038fb", + "0400d09d8118519f9d00df7514d2ff99483473f680b750604580b61017513870a3cf1c40" + "3495cba488309e2c084079d53139a3695300d25e41038c18e4ba6f4e9d14f210b71f27b8" + "ef2c1d4cdd5f63edf8fe11d548d070177e9ddae382fed2b163ff2b58546f10a99a", + "0d6b0e5d83155a035248ccea95feb0b4d1af818e5ac6d5f41f1a255dd8b482a94de0f4e0" + "37b10339d1805dbb6b22af6ba834219", + "08059524790304a37f2a0d57bb2b93cec79a827b1fdc9ce2d7dfd4d277e0f71844d33531" + "4a30bbec5598a399e197a852b5528dd", + "0e7870e2a0ed16cf340a04fed4d2048e4e231cb8918345e1852bcd3e30413a2219864851" + "121a34fc98dd99976e2b20cf1d1bf2e" }, + { NID_sect409r1, NID_sha256, + "07f3fe1369ebfcbcacd66675bd4ab22edbbff72e68709cb57d4f590e49440f01691f490c" + "58b5117bd24aa2fe2101b59c61c417c918ea08ea34bbb9b8aa17491ae5d9329affe894f4" + "2d7586017877fae3ce35bb80c97f92a004380374ec91e151995166e14ac00505fd1fa810" + "cf02981bacbcebf5f81b2e633d3a3db6737890f4", + "0bbcda66978ea526f7bd867c3303b625f11b94dd9ee6e2c2f8688ff07f2bba83c662949d" + "47ad47fa882cb7d203a7f0ef5dbc52a", + "04004cf5bc624553e833ffbee05ab863e5def062e0d57c28e71d758d6ffd3839504d7ed9" + "d3b1a040bdce8e187ae0b4ca23aa565b0100fc1a15b4f273737eb92a56928395f6518e05" + "bf946afb65ebca3787f7f8bb3d946dfd26c4831cfd171b4c66c2237409ebf224d9", + "0a2cd205d957a20c79699e91684cd22746c476a79245f11e7cdf7e6b74f07cf2fd9eea65" + "eda97e8994aaf51942e15695545abc3", + "0aa1da120fc19523e8162e6018e4ee053eb680ebc7e31d00db34f7b177c74c5e6ea344bb" + "a3c39ab7ebcd92996a1c156180b7dc9", + "071aa4588741208344b323642fe03f1cea73865ba645169df9c84bdbf7488829b83b8da1" + "72f1927de1c8cc318ede545c748c782" }, + { NID_sect409r1, NID_sha256, + "3a1cb13438e3bac9ad4ab1d319e90e2c9f118dcf1eb54d6333c674a665d41451f93cd4a9" + "334cd057a44c010edb668254517a63700a31eb0ca474c84873e486f2f8e158a1a7735362" + "ea0cff8ef17d959ffd851b21a91412709b3c729474d2cb40f6ca0e397030eb2611b40291" + "6e4b656f0fd868247d80be3ce33d52054b7661f0", + "09be3dd3442e0330750f0a6252bf9cb317f32f942ae516a4038dea2c40ca6484fb33611b" + "ef016cc64baf166c122e87c15466fd8", + "0400f05a6fdbe6f80c0f5ef3322d8accda4b9ae28c91b6198b888be713afa5e652e907e5" + "ca9aff5fe77b6546115b4c732bbd4010fd000923d07aeb8c947688e7d3dcb16ca69440e2" + "a89539a41b8fbb797523d3b766b46d257b87472f5084992422cebdc4e45556f5e4", + "094fe051a13ea8dbc89c4cc5511881a48ef5554de265f0badf8741ae5027eef25c617bb6" + "a3f454a992fc68f5a548903809de09f", + "0162687730f0ab2f57e348476d1fa4eaf13199ee44f44dad5807bbea4e5ba79e92556f28" + "7cacbbf1fdec9a8b78f37e78e52dc1c", + "01acc734e2d0c81a56ee8c0465661c365edae56228ca43184ea1d7503da3d38e7607b159" + "0f59f5190e5c7264cd0d7a39be71069" }, + { NID_sect409r1, NID_sha256, + "e58e7b881a563d54772125b2863718690a5276c93d9e1c5feabbdb5d6f7c7293ff0f8980" + "5b53663bb417fdd46874b8e6a466e7e3ff6737930a0662af1d5879b071b0dc4d014778df" + "f26a2eca5992e763bf4c4698c382ac947215aa116515876008a56e5bf547857049c38a2d" + "3737ed3393705fd346897c3beb80caab88e5b8cf", + "0ed321fa283c662e87eaab99b7715e6cdc9b42e14fa5bbe2c56fdfb381369191a42da7e5" + "74839f90a85577485f19446fccaf6cd", + "0401bbb34e6bfb1c1335c48e8b44cddd8a46486fad4313581df216002b382db1d58adcae" + "74af0d38445cac2f6cd9e2b439d106f5950084473a5da9f910b4807ec5ff450be353a187" + "af6ace821b18e096c47752b6336dbedfc4b481e356e689fd9c03ffcdbf3e4ea39f", + "06ae69e55ac1f7b0f844f5ee0b583e652e0e5bbfa4eae85c59eea1485148e34f4d33c9dd" + "d7ac071a28ac0a6191d5ed03e88bb86", + "0c3509b6c0356e4a30a82fa7411d1fe17ed190b7eebf9310c44fd568494c894a4f4a1a09" + "e58a4d030d47227e54f7220f3f79f4d", + "0d44ccff47d9fe82627393c03f882d4b98633961a897381ce8b2cd18f38d69742802d18e" + "6c988a23eb425b294f2c1b84cf42cd1" }, + { NID_sect409r1, NID_sha256, + "8889ea1da1cbed98963941f6ac24f47253ff6af52de920765214f2024aeb04f7ad469368" + "30a8eb04d95aba64ed7cda6ef242f454b67bc2de38a46b6524bd5c96739c4b580e89829a" + "61a8249ec8dc27a50f43b8554cfb6f4fa4ca6875983d4b60a1c6b49f32ddff6fac0cafb6" + "4d55c6f594b195c207a9bd920dcf20e0080920bf", + "0396b805073f3c3b552b1024dcf35559ac44f255b688871a3c6657f727a4b09f3806cbb7" + "5d26a00ae1728be632387e804775a8c", + "04009957f897a17241eec5b8415ed7ec1bde5df11583255e0a8136d076d72ef377ab3f55" + "3d6f56c054332a24098aed6d12878abbd301f58eee295765e8a55e388e235e833bc5cdc5" + "d51a1d98e13429bcb7891b25487b7fd8ed804b1856cb6071cc28756bf00924bf1e", + "021959970a6ad070d1ac518493e309289f3d9d6e2a8933bca715f53cee4ab9000ba2d014" + "7282495e15e63f258dca87a5db7eaca", + "0d1ca34413341c115f780e647519547602e0361ed4d70402f42d735353696eac6e4024ed" + "2eacf9577252d40c27297e9389d1f7e", + "08cd5bd43794b32d5bd2ccf7ae4deafffa0e0deb92b1eef9d3ef807d456e459f92e9f106" + "27b7e7574ebe3c2faa858bd3e62e187" }, + { NID_sect409r1, NID_sha384, + "55053af9370901e38622734a5bc5589f6a20e258627f381fb0c366f3dbe58394e5997e97" + "8eb7ebbc530f6e6186f48294149b8594fb551c31c50521a8c4d67e5862921695604afb23" + "977b6a69b21abe75966fdd11bfbdb6b51ab0a474c5fa07c4de7872a3bd81acc417655090" + "558dfcd5af449b3347e61fa9e839bb9457de64c1", + "0a8fe323f6736bcabe971c7d964e75dece70cb54561da48a11c40027ebddb23e41c7b486" + "00f569500fe8ea2abebdf480171dde4", + "040020f2dfee967949643b6cb8a3810524044a4b873a4984e9795e4dd7976536a2d748b8" + "cc636ef5c8fc92aba5677c4a0951a3332700956ec5433d73162c9683558f0dfe8870cfe6" + "6575f2c34c765372c7c3bc3b291e95c4e3665e4ec5e72131975f0b1f5f30b0c844", + "013f26e13d43ba05e01f92457374fe2ad1ccf94ebf22334447f9360f7f9748bf3665ec30" + "58ff6184fbfdbf7de9e1e2131cd3991", + "013c4c290cf89789bd6dc523deffa20c94e92e88a76eebe88457e30cddb066c7a43aadeb" + "0493b264cdae67532db7dadf879d991", + "043bb7a8db3d79938beedcd6ce02f375e26ce807a2afd4fc446f372fb09a69fb34734df5" + "dc8f6393f86577a8d29014494379624" }, + { NID_sect409r1, NID_sha384, + "c4264330534a6c2bbd8a3b757e0912558302ce302f835ad8c5474993832fd30036fdef40" + "b10ee37293e871db5b0b149654f9e543e22111f9709ef45732125f713c031ccfbc9a2f3a" + "ba160c241d27be4dab87ab2fa9a795752ab2daf20f9d06a98d90d01c07133adfe83cb11d" + "5176525e1bba6a9ba70ea48b224d46ddd8103f65", + "0105938ba9f25034da3e032dee121bdb192ac2128b50a2ed4bca042e96cfaf4660c9d35f" + "3e67bafd4c99f9447e6dc408e0c4471", + "0400f1a9243920d7cc26741eb828bb55e34c140b0e52837792ed6274a9aa6b5534cdc5c5" + "96a1141a746dee380c0d9c2f77094c36ef01393ed8c609751550ffd077347712f3b27a86" + "9cfb1b532c5b19c381365ae5dc8fbffcb2182777a17690616d71c66524017d861b", + "0fc52aa8c590aa28c5353568c9dc69734adfae840f1e0642b57863dc7f4faa37bf3ca789" + "a3d7afb32c57f66a61780e253f50af4", + "0c45b1629bbf3273c0e785a28cb8187ef387502ac4438a3372a5c72206a15d7c5ecf9203" + "ecfd7e0ac910b6ceee3be50c6664f81", + "0a0c2d31a47ad5f9dc2d42dc36714cdce47666f6e2f05ce0e7136f166647540d1e5fbdc7" + "c9fa0def8962f44f2f8bc9addc10057" }, + { NID_sect409r1, NID_sha384, + "3236f1ad164e1b25d828f5202e3513c80c72a577aa9af56f041fd96cf5a3363f4b827723" + "b1511a2f16360e32eac90ac55f4ee1146791420ef9e2af333c17d157b00e43992ef6f2be" + "2d2f211361e468413dd93fb69232f0a0d110bc5fff361c0410344aa0636bf809062c73a7" + "ac7c142063912b6ad7e1626fd2a384f35faffaad", + "0ce11677ca818537dbaeb880fc967dc8bead203a2538a55e756679c4a9e7975b9b3e6aba" + "4e6c6eab4152d0c0939027e9b0bd92a", + "040023c78eda396efa28c92b120c4ca1e19dc6c467234f9f73701d8966bd0826c20122af" + "5f7c9ad5a5b855b6dc517c22131fb0b5af01ea47619f91ed4a010dd49ece7ec78c5e9829" + "7220b4c239ff4a8c29aaec008011acbf7e4f985c02311ca703bf4ce4ba43412ecd", + "0dae763fced0e498e3efa1c6c412a25774c9bd6cd4bce25ab0a7266705cdd54040ec55bd" + "7e6708e71b09ffe9c19af9a1ed9c878", + "0a70694fe5da7646184b23b4b434bca1b754257b8e7fa9994dce4a7a92b7ec8c7f8cc69f" + "18d17915c6bbca24f6621f9563f7c35", + "009e6ba97ac2be8537afe7f8f8b9cde8841323b5cc63cf2ed46a7913096ff8d96040296a" + "1bf9aad691b60e1f18233964a421fe1" }, + { NID_sect409r1, NID_sha384, + "6c400ed098d8369dab6fde3553afbbd4d47836d0d12dd16015f15cb8d067a39391c85ca4" + "e78c62b8b72c1592349ff8dc52db8ccb7fd80c085fae456dba6f4a2378e184dd59238c92" + "cf04e40d43a66b342d2a1325a0bab12b1ac857f0564c27b35e6abed02ff5bbbdc3770ddb" + "b2ee0513df48bcba925da6d61583076cd3129603", + "05a239ae0f40d76d8d3589f1662b5ca12176a4b2784faa8339b54e96a1e1294433a4d83b" + "f904196f939bd8b33bdb4be340ec703", + "04009d03b7985647027a17c06b30ce9fa1b43d0484195f584fc347f7003802613b524cb5" + "641db3425ab4b3839e12c012853ea8384300818f5e270baf5a771627b098a6f9ad8a8262" + "e331c299fa0722a0df6ca09bdb9c92d22d72a73567cd5497d06639aa47349df207", + "0c22251c73998a3a49b3fc65acf01438941a8885d1c5072a5d41d779af70c044153fed40" + "80151b524af402a4e8ede4448b717d4", + "02d3a7ebe5de23e0e601c6e41616bf2a9a7fb6193fef8e3f0a7fb8128a925f7bec383366" + "9d1a304652b7bb1af5186b2f612da1e", + "0b7bb17155068a8d9b3412d04d407556ee133e1a704ec5da87ed19dfde60517501af345e" + "2e744d35d844f8ac8ad08b13b17c498" }, + { NID_sect409r1, NID_sha384, + "039a149eaef2de30b0ae457b376ce6fbf88afd4cfdec02d3c5e00400d3b0484c1cd6ba74" + "db5de65d6f2fe39871349b30fdf1ef29bcbb9e182eb3ec5629d07d98354a5dfa82d7f0db" + "3dd10d1510c0dce086848a198893ca5ad24a663494f0596b4eee86199ea85e7e8f2f76e7" + "a6bd4a052c54287f61b391f1e52f96b606151c34", + "0077390c62ac41aca995640fde0c79c76f4ea8a8dbb22323ed812bee837ab8798c5d0ba9" + "76c7aa634d4b1c2c155de2709e7352c", + "0401a9357770270c528f2af991c447bed86194d458f693a871ca38f271a9e6a566f5b9ba" + "3ef3d2f9bde959e42934c95867b280e9d1001f3a0516fed36d3622fae3f44d87c4bc67ce" + "e0a995cea242e530451d43781f2ebd163f6f521497fd7a1a6c7b93d33b77083a5c", + "02555cc113c8516d741b47ca41f53ed07d509845f140dfe7dffbd01a3f751ea9f22e12c9" + "39a2ecb1827c0e56b1b1c5459b66aa2", + "0e88333875a507520d0b62b35146e37e7ce4e2f2478a61adfcbc6e1aa9fd0195a4960c63" + "3d9d6aa9a79323b7ee00ab802768436", + "094595255e8862d14980893c095608113737f42b05b561771f56ac1d54eb521bcefeb392" + "8917c07c1bae74cb9aa80dbd34962d0" }, + { NID_sect409r1, NID_sha384, + "08617d04fffd6644c40f7dd57919f7dcf3c888f4147535d12ca658302305bb8e220bb17c" + "cdc480254004b9035b357120580882ef86aa5a061b2850100285b7d61588a664dd4f5394" + "f5478e68a80f610c9204d056009c1c9e902161eda33ef61aa902e96b6f094a9f05313569" + "2182943d38b9763055a38739a2a2d133c5dbee89", + "08bf23b09fbbed1b55769907aafb97f4759cec98649b2c9da5157517d4f85bb70157076b" + "5e4aaa7a940af042302f8be06a84ab6", + "0400883c31c474333f74ab2b86f3eac865c4b2b54975ce19c5cfd23682d041ef3deaa43c" + "9f9e2c194ccd3add6677de31fc9e07dfad00a5a36b54f4eea6b300491ca22054280b3f09" + "b202b2a6b55df9e3271c763b6d8360a330c16f936d69fa463bc0c4071707c9cf95", + "0812c83aa9dc4139f8c3f7c55509f9e10e6cceed30e16afc028b1904b4d260ed0e77acc2" + "6e711a7a8e24c75fd780ed893c0bbca", + "0fce07c6f791a05de29609b59d55b7062e82fb554341b2b2a8187baecb9c95b01ca5dbf8" + "ac88c60babe10af2edf5985b35e10db", + "02bd026a3e45ac439647a483261107829411c1b4a9ab603c080b92f605cf742754b65498" + "1460cf7aa72b5186b59d224dd015314" }, + { NID_sect409r1, NID_sha384, + "34c959f549a307f21b850ae105f41299b8bc94fc292aefc61aefbe0a1bf57576ba8d9b80" + "caac635e4edeb22530163fa9629665fcd43959f68eee32482f1845a78ed7278e6e43d09e" + "d6fedf465001afc0d61f1d2e1d747623e82a762576b879c7024e34f43104593cdd691d53" + "bccaeb8f212dc29bec6bc94cf69d0a8491db124a", + "0082ad05d19b8e16f80e53a4cccf6869ab5128c5e622ed146fa8555985ccd2aa3b9957dd" + "374586115d4d75b1c01cf98ecfc3646", + "04004428d05366b0a46e6578fc7528d185a3f85da06c4179e9c9055dc0a7fb4afbc53c94" + "954f268e36d2ba8731882bdd27d9684c810136ba6048ec672601987e9b7402fea24f88c1" + "a94717ed5a83794add0f31680592d6cafdec147dfbc400e73a6ba1d23d4cb0d707", + "0c00c897edea7bbfe1913e3da303d64d0d657a83c1eac9c111722b17c65391f2cf67b782" + "19e748ceb269d6c65f01e92e6952979", + "0624c5bcfd8e0ef22ee6b34a8b26bc051912cabac102cbf56c364a743e8150195fc55a3f" + "ec90a8fabed5eacc1799b565745bfd1", + "0cddd4937da8176ddf0de7f52a4babb1f6fccf861533f796a487f35d060ad9ed4435e5a6" + "7166782b53c20bc06fd1b36c265c1b0" }, + { NID_sect409r1, NID_sha384, + "514f4de08a6f49edbb6797c9dad6d33bfa367cc1a1b58a5becfe646c7f3352d5c5d95f74" + "56e7112c4ddc746b9076b9756ae3916c07bbe6d3823895774a42d25d44b3309d18bfe7e3" + "ccb1f85dacfec1654778c19e2981a853c1f40a7eafd16d331093110698c957fe9f1d8658" + "2706a6885543248b944bb70cdf9d2ea89190cb02", + "0af7e581aa4f9be5815f0c447e39de00da9194eee5e5f609668b9b69930b5b48a948614c" + "2250260d1917f0ebcb00ebda4bb52f8", + "040044703e0b49437315a64e397085ea2ba3f2e2c383b168f31a922e5916d590344906bd" + "2a911074b7481aae7f3f8f4807b110f2e1005a13607a3bb89a2a88e27d5eb5cac4eb498d" + "34e6ea861c80271ed0c73e1fa893adce0c1982b8a8af6a0249796e5276d369c3f7", + "08e7fcadc844456f14ce9354b218d519d86c0c5211d62904c937d6fbe8cb16264d7d41d9" + "8a15e9f73a636ac3739770738d6b46d", + "07aebfd1681bd5a2f995ad4a709e8681da742649c0530684fac251494263e98d67247e1e" + "4fc174b409e7e24a7b055500920cc82", + "07b83b9b5133aec165316021472307b8b481e6381754a9d0b4f9d683c2ee7cac94ed4d8a" + "72cef61fa1f6349b6c4a54ec38975cf" }, + { NID_sect409r1, NID_sha384, + "4e5d16cb1dcaa1abab1e371e1de02f31ef4e0944dfe1fdec45ab64326435b2af9aaf1a6e" + "d8fdf1a6ab1182bb53a844c7cfd66da30aec0d41757f5988ada0017c4ca752597a9fd363" + "7668bc1a92bb1556553f28d66805bb47f1ef91908ce098d452872da9800e77e1fbd43ffb" + "0ed6fe6a62185d4be73ae96c9241b82cefb2da22", + "06d14107b08354e6a41d7d7d50c004419db8bdc50db43428df5e86084551237223c498bc" + "e71a17e25695bc438c5c09e009c60e2", + "040088c1517355cd417a698b648508fd07a457ac13a49d1bad17dbfbc9735ee58343316e" + "3eca570bca130c753e17a69fe5bd7baff301397a697d2113d94daefe6be491ed3edce944" + "9c707a57af3a164d172cafece564d686fe0d25725c2919c60889af4d0354b05117", + "0f3bb2dd9eece25c56159f501af8b619a8c279d7ecbc08ee2af6b82ead80375e9c07227b" + "73a10918d8c89d1a2b12cb76427a7b4", + "0407b224d8d9c0f11a8e09ac8d654dc6e1119e2c2804510a84ec61f9017899f9613e37d8" + "166e0fcaae16c3cc11e9f739968c687", + "08c2bd7d02c4c537a308fa40db786ec64fbc2dd4c142b18cf9bcad66199afd4f44cbf221" + "adb3837e84173d174e9c0d534720ad3" }, + { NID_sect409r1, NID_sha384, + "e29e75269754ec1194270f5c9e8267dfdd8c696008b5ebc92bb840981fd065672f07f6a0" + "f1b19841adfc51b478371e1a0db9c3346a9f0a4ccbdecb7040191a00ddfd0a8faa0e69fc" + "f544319c0155d02797eeef99fabbc55078f9d852927c23fd931685424249b87ed0c70a4a" + "3e2d3b9a2f92830e7d8f7650c0bffa8f8986b7d5", + "099d96d2dc9c79549f031bd5346cf6a8544c312a3fbfc560dc8e378efdfe025b0e6e61e0" + "9c04c8bf4133396f993b0906c33dd30", + "0400883e00d72c60f22ab085a90901ba3e8a510f19c3d62dcb3ee5066e0be094cceb30bf" + "bed7068d0bfdf634a53e2fd002dc9e454d0194baa5d7ae2399965fc4009ea83273676e66" + "a56fd35a5939c26ccaf85633adf78b33dbed6da305979077418c625354c7fb6283", + "0c213540a452c4f2ef275dd844402dd5ea590f7df41ad35523edff09b7fbb096f8ae8a4b" + "aee95428fee03a9e6f6a14ceb90e289", + "071779b477245007ba1ef5f05446c4a08d1c2eab550db9c053e4588c9935f07ba87764f0" + "fce14d4a7b982ebba89cb056aad8cec", + "08174bb56cc85ebe7bca1de1f44cf93cf478d7fe59001c5947c66b837bd3a6d116f99dc4" + "f9acb4f378b0321228518e1ba0057e2" }, + { NID_sect409r1, NID_sha384, + "1a538eb447c18494ad5a5ad27be67fa60eb2c5cb2404eec1dbd7244cd802b17ca5497e77" + "9d5f779b981b165dab53ad19fd7bf2ea7dbb9b4baea782a43d758202f147e59d6b6b8ed5" + "4f4ea084bc18519943f6894d603e253ba3e8e339a6933bc3a0a47126087038e1c813c3f2" + "997aae321b7c95a802b4b73fc7db95897b7c91e3", + "049f347dfd361a65910e97fcefbf60013a54837f2ae657d65e02397f59dc6bca27704fed" + "3affdc3d833fdc621cc5e5f99b92a63", + "04017942b58d42da750a366d7e4cf4cf465c856cd911e5352b50bc8a12704c1ac6ad54f9" + "465e4fc5402b373d8bd4e4f8519341f133010abcea49c66730ddad7734eb1311b2626b75" + "ebbb299a28c9d60937e6833a9b3dda052379fbcf7875f18680924274fa1764158c", + "0134c70f031648bf470ccca4ec19c837051bf700c851df564ef3ceb99d7d41439293bcea" + "0c656c0e5361db92a03def51d7e4f26", + "06c0f9935abc5034a8b0a05e8d04de699b5916cb367e834f13642f0003510bfb68714be7" + "5c9e35b5e593eba45fe151d1df56d40", + "0930baf426b33eb4afbed64869a22712591db11acee7c4d3a221a1e98048f05900fe1481" + "6006854cb90631de5797f91176fdcd7" }, + { NID_sect409r1, NID_sha384, + "7502c755bbd385079a4001b8cd653287dc3054f3b57de19d0ff8f63c0308c64c56f03511" + "7a8971d43654f89b52e923947e4760ac72be073136da70c5ad7ca1658cc0a2d2a880d3a0" + "c0fe636fdb27b77ff260c4c1ef8a18da8e9fd777d732a37ae9906e6c4f381f0a3d941048" + "d5a1f6f2cb8593873fa4bb1621a44bc2bebfbcd1", + "0dd226de602af4e9f8e25784bd1bbd4cadb0a8aef525d5e2d57b9f3555feb698765672c5" + "099a7d6dd5faaded69d8d68b4804f26", + "04007ee34cc7a24e2e693f9409f52796427ed86fa71bf88c923db305ebd5a83bf3b6f761" + "2847f16d00f4a25614299a2df92bb693c301f63f177b54f8dd5c907ff318b66c2bfc1cee" + "09348c035a4413fa3cf5acde0db1c8af4fb8deaaf8a3a6f8f06b0acfd20c6f0049", + "0e19c21b05c82dd8c873e5f30c1e3aa9348327f959a4dbd9c741e233c649a426cf7bd9d8" + "e93232e496d0b93ce835f80fbcfdb2d", + "042a3907a480329a6169b439a6945cdbe8e4572779c43fa6cd1f15062559dae9eda27124" + "02ccbdf03d88a8a68b691f1f16f8f52", + "0d09fa4966d171a662a9ba6827fda830b5404f96f635edd8482ee009ec5c7b64a2a6c177" + "93993610ae8297efa9fe4c35ceb5001" }, + { NID_sect409r1, NID_sha384, + "95eca932d03f1df2e8bc90a27b9a1846963437cdafc49116ccf52e71e5a434cdb0aad5ec" + "cb2b692ca76e94f43a9f11fa2bdf94fe74af5c40e6bfd067a719523eea6b4e65730365ee" + "498ac84c46e1588b9b954f1c218920cbf71b167fc977ee2a89429590f43bf637eecd91b0" + "ce3be2d66bac5847205f76c06b914a970f543e59", + "0b6fdbc9c8c76cb2b822a940d8675889ca6f5132429da795462381ce29313a23bc132976" + "fbeb346ed4c691e651028f873ce7971", + "040147647d267afb4bdadf54baa3f5131e79dae8103f5b2ddf70e4652f9fc5495123be97" + "215b811554241c53023a247936053288bd015205cd5bf0c5154b2dad8367e1b487689b89" + "8acbbf44f9ed67a37babbec739804dfe737b324ad663cd2cad79274344397099e7", + "07321d12d616dd2ee5f843d6ed7e92d18968b3a76c0e4ccc167790afabad1b7c0dd53d82" + "aacac93d98679b203bad88d5ef0cd75", + "0672c5607acc646c67456ee77f2c02117cabd241f728ace5117626bdf91662323e756543" + "8f46a3e25c048a8e2130e27fa1fa2d3", + "064aaebf9f2fcbc843ae1128eb6c7e7d1fce2b9901dae0f60afbcb08c7f2ea1b550e1599" + "47deb87dd8959921846e2923880db6c" }, + { NID_sect409r1, NID_sha384, + "8ff68cb00d03e730dddb05fe0b2344689529096c3da6eeecaf097f22c7fa340593106b1f" + "6726f06b7ce7358edbcf801ead959438a42f94cdb467b3cd5b17fbbcf75739805f9eadc8" + "69c33c604cc58f81591b0b8bf4d42bd53a801f0f829a31af6c129fb4f20f1250f959754e" + "ff8c629b85a716b6a18465b6495798c0c5166c8c", + "0203d77fac64591eb9a18de20a9d5eacaa1c3ec58a5ecdb3008c2d642e197141d16b3a9f" + "dffe61429264f5b420f5e9926659a4c", + "04000f66ca09d15d0991b48ce7afde9a148565b73807e435ae0f16c14cd439454745f8ae" + "153786d7c40cce3f43a8aa4f0564cdcbc3000f4c919b7a97beba2559a8ad0f85dee40e8d" + "f28e23732d7de655262209a5170f94791e255e77e8c8cd64c8c9900092e0ff9d5c", + "0859bc752300d4ba5014e302aa4cd2a979b3097dcfde5c59f4bafc5bc8a99411174d2ef3" + "f7377df5a09269e3d9461be61801942", + "0691ea76acbd5e8137924bee13326ceac8231688af8595718e210bb857d6619c152e1fb4" + "6e03fa83bd6b5d81e2463f9260407eb", + "054df52eb86c679d8f8514a09f5a3062d2424cdc19fbf6927f744aaa8c444223f1c28ddc" + "84b1d135a886eb7ac7eab3c7b0a42e7" }, + { NID_sect409r1, NID_sha384, + "01451c4f09720cd53377a5ed04c907a735477378ed960235a833049d6bad6e6e89958b4c" + "4249bf0f6d4f043530c9e5426deb0ec3a12b7feb4860757b41bf602ca95655155356ec35" + "a2db8e2657998f56529be4b714364f83a140846308a2973907ed7b08e935173ebbce5e29" + "afe1444cd51c92824ede960056439555e7e74450", + "057a2e6a59d4871c3d547690237dd9846d6d5dc4ec0678aafc9c8669af8a641eed67bfea" + "4b05fd6b3b5357ec4d0caf352691ea4", + "0400351aaee4207bdac826ba17e3b08dd7f94c0c8ba0d9829d7bf0eeee7e6375458b5457" + "bd787f0ff38564734b3a0412bbddd7c37100e09c4dfbc33d61d69b5a8517baf5e4e16149" + "20cbdd89bb05f0420be757253fb92308dfe1de8db822f57b67b393d8a70d989b26", + "0fbe560003dc220e4c966b21c874b828874a33a93bb69c49909376df67e5df1652fd91a1" + "d73c7733f26c121e7a3b2d1246c9a61", + "08b85cf3a14fdfc69cd42750baf362286940994479f6ed7ce1d87af12c5ae075b311754f" + "1d37d8ed10bea092bd3d9f7afd2f1e2", + "02360bc1f7a98cc87ee2a4feadb98554cce59aa0fbfc087747c7253e54c38815cf91c851" + "7f5692f95bc7c3a713fb6ac43a34f7d" }, + { NID_sect409r1, NID_sha512, + "ccd494ca005ad706db03a3df6d5c6e876ef859ec77a54de11fe20d104377df1900b6b192" + "126c598944d19a2364b2ae87ad7fd32265d59e1f22be5833f20767793677b628f18e9619" + "f8ca32f3af3b41c31e87a98d1527e5e781bff33c1a8be3a82ea503e76afec5768d7f7dd1" + "f17dc98a9e7f92fd8c96fca0db518bd143d82e6d", + "00a3da7a6633608fcee9ce4253bbcec08d41ee6b00178ceb017de74e24d48fd89107c9f2" + "db3556063abe3cb011938f4b4871795", + "0400a6123b122d7d0d766897b15ba6b18b3a975d3d8058c9d359c6c6594cc0dc07d9ef60" + "33224b4aed63d319cc2747c0660e38897b01ab5fad5e78f380aeffca8d15e60731720184" + "ed456800967b2ca47d482957d38409ca07ea798bd892b529774e44080eb8510e6a", + "0da042642b3117f30ea5f4b354047b164bd128696b8c00cc6fcc767246daf7483284e411" + "009e05218246830940178cb4ebabf1b", + "0e4ce613e6976e9e1c30c0c93214a0a37f0632de85eaa25464b69a251d592560b2039fc5" + "9b15ed7045c29c268693d7c9e06d8ce", + "0ff3ad5ca70aac94facd842fecdf6a28afbceab80b549507954b7dea6da06d1facd11e0a" + "88e9c2a549e6971a08d1af75aba8363" }, + { NID_sect409r1, NID_sha512, + "5719e50d939a8d74efb444eb5a77cda48cbb59e7f976cdb2ea2848bfc558718b39ce27b8" + "93c229db94bf77992222d1746f8f52f858f85124a28193ae0da039c53d484681785f3367" + "f6516fbb8a86560aea9e3428551facc98cdb1e9df8e2f37db823a7abc589f667b5c93c4c" + "47061400220a2014197d514217fc252cef5a2433", + "0384723c8b4a316b450d1fce0b2645912b8acaeb3cad50860cca43bdc0206ed5b3b60ebd" + "c29b3eda305d0d60eeaec261edc24d5", + "0400fb89d87ca4282ccd048606e4d321e7ca73244b4d0c9d3df87d54e038a14939138bff" + "33c81a9ddd64abdfd698bf103e45c96f97004ff7e1706688a53a5544f4ed0f3f5e1f0fbd" + "6f21174166d25a690f260766646cc6fb39020de9327199225e44f3d95c5984fda9", + "03a9f5f26eac81dc8ca0a17acc44322d43bfd18edcbafe24113f5e5fad0ef0a3db75ad1b" + "2422c7321593e41e76eb2a767a14268", + "0c311000c27539247059e4a8d789ed4db93fbaea021272a90045bf6fdd70f4f32cd1e195" + "b99ee6f03f4fb57c3a115ffeb459af1", + "00db8bb46fe0f99b4e6e1394a5db283e310b24d6006319986dd2c4cc169c775c89d4ad98" + "d0fdbc3c0bef6b7fb6b43ef21049bd8" }, + { NID_sect409r1, NID_sha512, + "c84e5702a339259a61b5ba8ec1957f23ffc4f1eeef3a58f383d3731bbaabfcf49ce2ebb5" + "97960ac5115a2af1c62b193d4ab6c24433d5f168a1752e40145f19aeb6dee889a53a4fad" + "d13eef60e28fcc7ed6a9b8b0ca286c1b3d66a4b2c327a629d15c148049e3a0ccdccf05cf" + "22c31956014595e417060627c8125bd7c00f8850", + "0bd3136647572fef3de51b12e64b36460bd3a27dc660c164fc705417339cab21f9e1f9be" + "0f3da926df459c5ba58b701d306e67a", + "0400f45e18834d1933a2a26e95467b6db85d8c3da372e607907798745cd9847bb8f8b51f" + "996c7293b51550144f227933ba26722685005d8b108eb3591b164745d116c80afdd48701" + "87061c75af9b0c3e87dc8262586af14f4d6b1504d274c07c8e89247196d8ce8166", + "047a494645b99a3469369b72cc918708ebf453957b49ac4e209f2edd7a4861d014543754" + "e37e1d1a0f477951a0ac2b5826a470a", + "09de9e0147e1a268f80836d7db43779ce12e7947caa851d109273ba7e7dc7fc52c601f5b" + "f69cffd5adf0695cd7db8de2a64781f", + "0561aa76e1e9f2c1d4aaf6e2da143f67166f09199e1705b631d650528e94d643768cd611" + "467284a9f543e50520e3e738e5d56b9" }, + { NID_sect409r1, NID_sha512, + "c90bf11d04a708e64b6f94d4cca64b92463eae878c377b188c82c1c5f05a038be20eca2e" + "18034d46f00d9a6fc73c4084981748ee9d2915d87aee4e2321f4f9e11c176f01281913e3" + "24700d9cb474b7134fcc408fb4a7006acd9e63d4578ed4c2729d8e0d01b1e6174a43a024" + "ad261eb644ae98979c3cdab75af357f6dbdf5db1", + "0495be0b0a9d357f6155fac008cec90442200bb842d89292fde38b7256e4117284a60249" + "b3101b3f19f778b680c0d1d7422b84a", + "04011119cd910d4e962f54c9776c9180e7eac2f71cb9748ace4b7dfd2d2b3caef4964c7a" + "55caa9763e008de600b727068eda9b98650000b48246cfb7c86e9dff4ba77a3a53dbb1ce" + "fa168026b8929c42c3b0251fee5746897916e50f07dfe8b57baab7964447a2fea9", + "0ad4ab5ecb84118c33a4b06d1a9f5d2c4f1f3dd1cf71af596eea771f851d0371d2d72593" + "c926d7b69b39cdf72931f6bb11d10cb", + "0e959201622673d81ca16ed94e9e5be3f38bb8db48f9c09a585aa31ff39f14128d79d604" + "a5f93c80aa961c85bbf99e276937f4d", + "083099697856c780936ac01aea5e3a4d9b6e183639cd200464a5cc05232df30ff5220dce" + "4e2af714c580d561b72dc4969166a6a" }, + { NID_sect409r1, NID_sha512, + "e9b2a33906a1079280100039787377c2971c378b92e70a38ab41dc23979d6fb0c41e53a2" + "1b37632407adac6f212341cf6af8605b4978c85c9c16960e1674247f1795cd73b99ff28c" + "dca024f5078490513c77114c2f52288f5376872c331151d7b2c08f7794f2c1f9e0d849d3" + "2d73636f0aa899988ca561a76f74543b37cbf3a3", + "079626354dfc4eeeb51fcf232ee9e6b0130c9bd40f15ed45606bb7faeca8f359e0c3e18b" + "f12769254522fd4077eb24bd5454871", + "04007ad047bb38bde6ae2593e1e41c36b7efbce1e0ad08def9b23d25b7ea9aa336eaf102" + "17df16d32ada4af03dc193d44e6c77e67700d2b9466ecf321605b9f4f952812410800720" + "3ac32cfdc7cb87e1790ebf4bae497fb87011e0a81068e66a840d29583bb970e24c", + "0074548d1a3df580e45babda6096f4c78cd70945ff190d9da463fbb03a511c45d45dd1c4" + "6dc0b9521579fb506bf015f8b835680", + "09e04e9ffc2cafdefb600cf61e803eb78cb416304210165fa7c93c1bfefb02cd4a255512" + "622d524141de02c2cbd193991dcef67", + "01a7960232455f27768acd825b8ef91d4efacc38684d05a900a8512682ce19787033cd08" + "c1f2412b481b88ad02dacc0ddaa0ec2" }, + { NID_sect409r1, NID_sha512, + "672db3fb8cc8e5f831be700498d3ab3aef14b7548e8011b21351215fb6dfa09460d18f52" + "c02c8815baf396d856a429bb9afd602a10c213af34db80447f4c06ab4bd28873c88eb963" + "9b199042d4b2cb13cc364f734fd4ab7bebede7dd4da63decc0cc1f84e34d760013f66d71" + "641073f16c08078880b67230f2d6c6bfe17d206b", + "0ab42bc7d0e3c23f8bcf928e25f9f027b56f270398a1d37bea0ee5426b944a9c9ba6d0d7" + "796899543feedb470f70b2ab148234f", + "0401415fe81100f208ec8afd5e882e5773a0c1d46e44627732900c7e1722cd77b3ae2443" + "8a8463bf571fd6bb422d7c583439c07cff019c3ef3688ed397640e873dcb20cee9755437" + "d0023646d05612e8c360717a2e80e80f2b85860d71f9876f3a68548da7099f601d", + "08b44ec25214602de46046b2c94a45f64e9d0903f6148dfedb76a80b8e6314e87bf7dce8" + "e73b14bb274a88fa39136a00537779b", + "00ec4c5bc88a959a1234413026700bf5d4287a0263fe75daa16693bf74cb5071a64eb187" + "78da0a31210347aaa33130602f6b597", + "0b6c29b9177e89880f3eee3aff204b866020b3bf77d7c31204af383d9770804660711a85" + "79a3f1ffe325f225fc7e7894ecc601f" }, + { NID_sect409r1, NID_sha512, + "d7fd06b89226cfd66671ce5b4b656228c52d986afa7f6f30161680eb0c9cca177992a8a8" + "c40167a64165c518c55f678702125709361b536bd928567c97737bd750d0e2e6e0c00296" + "a6ca565f7c05cc8c54ae7a4e0c334c6a968fc18a959c18ebbd924457701316a4e999fb11" + "084520dac68dc2d69187134c40891af0355ba89b", + "07f7aa2216164ba689459ee5d5ca29e70ef75a5b2a4416ab588df1dcb9164330c0b405a9" + "d80c3acc41c19f58e24e17ecbc0fa7b", + "0401decae837c7258ea9d90314ac87c57aa6d49828787054cc068edc1955245271acae72" + "dce5c9cba422bee54f22e11810721c1ed50024cdc9e1b27e5d4bd024654df000bc9a0181" + "f7c0f4a90572c75e16b679f4362446993f9920e2244527801e8f6b1e9398bd8382", + "0463202dff25e6b9c633b60a3edcffc1a22031cff44dc1b0a5769214693ba02038fe5dcf" + "b4a48db7ec49b33068061616daf2fa9", + "08c06b72b73dc2655645892447fc0c0f8055838b194e8fad99fc6bd50774e1ed08313eba" + "4141018af33af95a3faa20b69bcc0bb", + "0958f104326df6008135bfbaf5c2980cba2833af1b4f04b5918bb51ab0a0df637d6a4af9" + "02a5e07db3022c134c72315f25972c2" }, + { NID_sect409r1, NID_sha512, + "83b7e9d3ec638fef51d2885fff5490c94e2509c126608f82660e5fc523032f3e85d69d9b" + "76af145f6bd916dda35775abbb6d1902bf38880f8b9259822055c5b1bc726c51029972cf" + "7474cf2a812f3251aa71813476bff55598d079f075a40c6c41498bd865ce960c518bef75" + "a873b9d010965f342dc4b35ef5c5972efe6fdd18", + "021d84f070c6823a70f1a74225a472118c93ce9dc509aa6064051ca4574939dcfa96be86" + "2069424bdf1a23f62f2868326422e64", + "0400f568f018b0dc4400bca3e9e4b0e5bd5245f15dc7acbcf4360b0be2ea5abbb87a3cd7" + "6aa653d32858438051cbefbcc4feee6f6b01fdf1e1bd7a2d3825df14f8bf8d5de8250956" + "63c3014f2eeedb9bed3c3416d56f805b623f40b847090d6b4b3bd5abc98ea55e48", + "03344dc1cd950a9c3d039b6fb6af8c5745395d2a3343d86dc6670580e331d59f6c003436" + "7a6df52423a625d70292893961ceddc", + "0fb010ba41d651fcc854762fa1437262eadfcabb95b9502a40b50f20cb34fa19ec570dad" + "2e0521809ecdb2bff3f4e7055c02bec", + "05a9c2dc0c1f946ce33f2f434c156c236b09098365a7f31e238b4685e7cd8c86a0b2455e" + "5c83907167c1324bbb37e66e0b2768d" }, + { NID_sect409r1, NID_sha512, + "c62c7bcc860f0e175128e1127dacf935ce62ae794cc4a0ce7966bceb023ac0498641d728" + "1fbc86f9ef470bbc77f608f83f8d0dd6299cf08f2cdacc7a9642e4246df131820220e5c0" + "5d0dbfceda7f16b86add4793e9b6244d96b5c07cfa23574ceb43e8e8b5483192a92b301a" + "a3b37702b8f94f0129d8af1617896b34990c9b02", + "0b6645344d17528968c719091b6e2072388881dc10bdb4c7fbf41906cadf3699b30f9c1d" + "bfb4796d009480664e6276c0359e5db", + "0400b164b075b80fc8b8ec785d5c2ef84d49f2f4d276546c9cf2e17ea4d367828e9aaab9" + "85c5cd0882204e293dba0359d47d9bdc0500a0c61f181d5d06ff20d0c41cf6d6cf7fea86" + "0075cdcbbab2efa0950e2276dafd4258a39c0fe4c45f3c04f76efa7d41392b4d34", + "0c497c621c5cd230fb1e4a4cb3af1cc9d8edf4af5c4af7f15c4ad0a8835b54de52d83bdb" + "3433808a67628912a85c5d00aa222c9", + "00b22e5773aca4d97d2da846c3947bf9cf2474101a6f0d39d31629a6aa2a4c3a77076a67" + "1e37aeb4cee0a94e82e914c8c553e04", + "06ccd79ab93e344e6f112c1e4a39e8505a2aaf5cf85595cadc6ddd1afb0b1583d9334cf1" + "c48f26e5baa38e05b6b52f9f12c141f" }, + { NID_sect409r1, NID_sha512, + "b5bf38fd9e822925254418475a1ce762a94e336f12b156b1625a4574fee11ee472d537ef" + "94b4a4b1c0a73b0140d0b818cd06636653e6c07f0f100118242a7703756f1cb1119b3477" + "c4ced99cf45e07e83b7f2749c1a5f8d8c9272d221fe17f7c6a5fb0f8a16af46f232ce406" + "aaf565c6b2766a2f6528c82e74fa1c0a7fcfd49e", + "0f8c2f770cf5f8e1f900e996ecdcd84fcff5cd959777fd005d721a419123221a3237e398" + "34b270d37752470deaa6cea023c5058", + "0401f861984fa06f15b801216a1c33672cff43740f0f736b4f4abed5656a1bee33a2aec4" + "31680942f2b0b0dce9a9196b49263fe183018633f4e057bb6d70a434f919b9ce4b7d9e61" + "fbf46c1d9638100d77881755fe9829a69d696d555b1a26e25ac1a1c27b40f909a2", + "0bdd99022dd964306955c57b226aef036527eca481622618fa7395f53e60aa95a275f1f2" + "d6e7354d8b55d3e83c85819e818199d", + "02f1330f41a86c09205004215c24f42fe582da189906fb23fbcc52136fcb4970a33b8961" + "13eeabcec8151cf3b150eaf1ec2dd88", + "0439507edbd36ebe4fa5df34d220c1441e1a4175c9b0373fc85669facebb5bda7a4b415c" + "269a7add207b461525c6cc94b7f7b22" }, + { NID_sect409r1, NID_sha512, + "6d3474770933ec01b76be789304b6fda423b12a0ae8c87a5ea8d7ee9f71300f39440e1c7" + "f5aa4b47c1a8628cfc3a490b15ef292a741344f40a8fcdd02cf3863bf3e32d53031f5037" + "03deab17fc52b3d4032f4e237dcc27231b85d3fd60b49ed7ee40c3344948d87c3f47564d" + "20a11d50e4e520bd16c8701694fc70901a5da625", + "0144adae951fe897d5812ee4a16c0be4c86c5e57e615c398f5768a1223a9be20fa82cecc" + "f8a16a31432bbfd17e594a4cd8a6a07", + "0400bce072255f7cbaf565f82db122e9c582ffcfbefadab6d79680b2506792028b200ca7" + "732a98322c290916c66c8a8ef77df6a2e501b4b6f65e678223bdbe5f8ecb68573ae3d7f1" + "11dac37d4fe3c0eb768c461187fc5859b13452381fe676257aa445bc7f38b4919d", + "0128c12479b7f0630374880b214aa26e4e8626deca57148a6c6a0e37a97e89da8acbadbb" + "fe7db28a0c5bd17303e1342af711f25", + "0a95124ec95e35747fb568e6659ff31867a4cb7c00985b36584201d1bac0775653e0a8b5" + "4cd9a9067ab3de434bc2cdf29ae287b", + "0257e5410a6f0bd94fb3b5b10500fb45b501a3734f0c718035a9a1516d2f88e10d1e38b7" + "0c791028e262e0c3128cb84e6064ea3" }, + { NID_sect409r1, NID_sha512, + "92ba7aaf71f625f7a2e024058dc8739da3567c306da4a812ed9e1542b7d1e982c1608216" + "6a59720203f4524c3bd463a662c26a82ec7b4376545206e650eed0d3dd7909dfe3810981" + "393070d15c45dc4a75a8c5bdeba533cad1ec34fd20466a61e4cde3b25af9a80a9a54afdd" + "7de1cf2a74ba32d4ea0082a037775413c61a8d1f", + "0a51f065fb32c55bf4ff6f18ba9d488d35d9f8da593adb0ab1632533284e0adc43ccdbda" + "9d9507b9862ac63b5ae7b0f78b479bb", + "040080e2f7ef17a11ae66172cf1c18eab12aca4c2ae06b8106aa1066677a93538e3dca06" + "26e836249eb884a382c3b726736565c3c301e98d37a17ea736ae58eab093fa7dce3f1079" + "1ee9ef5ec00bfb27bf3c705dd633badc94642c385dcc276f9b1fd5e01dd76ce944", + "0d5cf7b3d28459db8dd69c314f6464f770c31f239a12656368c84c64693f23733661081d" + "20dca9bec9c9659a8124b57a71ffd55", + "072ba8c1b4bfeca62e96a5649e851e9a311d7685603a11c1c299f5ed8605adaf27cae656" + "cd31335a7ae363cbae5dc7a39512c1b", + "01bb9819d25a211548461de4ff973ffbf475230baa161558d9cb7ee6f2e682dad21a465f" + "c2ae058121224f8680296d30e3692cc" }, + { NID_sect409r1, NID_sha512, + "b3fb9e48c333201324755a81f3ae5d4f0e2ae7cd24238fcc66d858e3aeb1ee03328660d6" + "399676eb1b7d8285ba571e214d935bb45516fccfab57b8eb4c3d5f1d7357c768eb7b5e7b" + "5710f599614bd4e92706eaba31f8a5e7e57af7ed13066af50b4540ccdc126b677789920c" + "ef8543907f0ba9dc92aae343d3425bd784ef483d", + "095351c0bc07acfabe6477fe85f97eab520dc96bdd58b44b036328ceadaa56a1904d2217" + "c5fd25155ff2aaf9005a3e2687fec81", + "0401c1311230cfdf5824323448c68ead5e5885ba540a21ff90b951f85d84d78e26da035b" + "fd99341b5901e1ebb18648a8dbb996fc9d0017a037929496e560cd1c936d9eb15f79fbff" + "737201dd880a69dfec31209faf5bd2846e3e664c668ad3d6500c5ed620f1bcc970", + "02234bafb54cad0d0d51f4b8508dbc8d014c303d90d21bc3f749ed7acc42f0335c5ab6d6" + "0002d3bb57cf07018e9c13b92c0a39f", + "04d0609f06320d69870a3e66f19cd46a2e0e3e13fb8b7785163a7b567bf2c0f437b4e30c" + "c67da288a3b34ce3110f6d87affe0f5", + "06c46d0248f7c309c1e5b80ac4b1459bf897e42f8f037031f5bbce0fde50af50cfdc4f60" + "d5ad3d1af152298cfe77dcab287874d" }, + { NID_sect409r1, NID_sha512, + "9ec5f7d65082264b8a50be772c44277a73ed19199eb275fe5976f9799d8629fcb4a59a8d" + "55074cd2eb2a0e02062d3f7cdeb05e62931a24fd1aaf14c257944d1b42eebd52726d6fe2" + "81211b39038e52baae077ea4df89675d860d6ba5a0f998d049614201b872e134367acc90" + "066ac602e478ac3e43c3ddf4b0ca0aac1a68591a", + "050245c1682344fef23bd549ac8d1e8e44b2840c43eec1cecd33daa4e9ef6b53f496104d" + "7432e14248682cfd6f5b4853b65adac", + "0400d2f8fe524b2108e375c9603598b555d6c4c7724c7d11039178037b3a4dc82b66c3ae" + "ffcccd89cc34dc2b2f6695892323bdd80501f98df95fc1837ec4d5239cf55e97d6b489b0" + "a8d7bf12c1ccf95f689ad23e46dcf20dbb531f5179e754f0c29c8757a1dc67493b", + "0c683f98253406c6587d87c57991fe5caa3f43b451875859feeb81176b732f1c1eed0ee4" + "4d1905d41922878617e03dac53562a7", + "00cdc9bc7d670a1b6794fd7da82d2ad1a0e92b82ae32656ddec3aca4de75f407f20fe782" + "daa0004317fa3f12cefc48518298d5d", + "03ee7c75810c2c05946b53e2f24feaa697af35174402c069b9fb03d89d73964c997eca4a" + "5d6f9482cb23c8ce337a374ffc3e186" }, + { NID_sect409r1, NID_sha512, + "61d657bf472676301503f6784b7286fb39fb4186bb88abf1edacb4a2693d0a1e2b77bbf2" + "758c84f2cbfd1753e20841b1cd4b456400d53f4d686e666943f9b6ffcdb77f510be97536" + "e9698fc84ae347d483bc8984548d1cf86b9b40d360f9c0dc5bd1c55868e26fce1460ba94" + "ef5e94eb63c9f0776a0f446c0cfd4106d9f36352", + "08d3b0277f0e9fe54581d3a9499ccd7f015c08339591326859af969d2a26284e3b3beac4" + "a0b74d324ce5cb5f38c7995e4e3a41f", + "0400ae18564ac04b54769e17df84aa54903df58decb870591dad73dbd712693d901f3f9a" + "d43a71f23b77705de2b4ec1c3bc616356f019810f92e80560979ac6e72bee505dcdef15b" + "4146185d2f8f5a955a4555523d982c34bbfc1326024410dbad3349e4c4e01c242d", + "0e52dea77fc59298cb06fb1401d11c662a04500f0470965c4cfaded13b339bde52f4fa04" + "c76a955faac16784f443b1ad9dfa0bc", + "00c917d487d2aae1651d76147de2a706a01c8b3d223afde7d20c9dd77cc2329bd3e0e4fc" + "01255b7c4ed1baae7d26667bc2e9ec6", + "0058c766fd514a405de91a4b9e99fc0b0146d954dc2e2decc2f3f066d0fe192832ad37a9" + "40949ca4e9abae0602248b3b56100ce" }, + { NID_sect571r1, NID_sha224, + "8e14f713a2c427b1f79491033994f76acbead614d12e73ac6f3f518f2052a10c1273aabe" + "628ab38e0d3d5f8ff254802e9f44a51367bf80325b6fc39d907a37f731372864747b1074" + "9ea5cb3d3a83da39c21a7b02885a8c1770e4397cedc958e4baa21d5007569dc9dd1e45d2" + "181709d900a394454090badbd0cd9c2cd2369aad", + "0f42afce7f7b3d45f3f925ab29fc3882a89c9f585177887584703cf8bd8fc572e677adfa" + "55b402446fe1e90dc855358d92c3267c35be9674b40c2ad5ce8dbe6a533c44b0ad8d2b2", + "04063dbcfc2d9171a7cc1835c1f56ecadcb59aa6d5852fde264ab25603f06817a20f2787" + "446445be8b2ba05c70fa25d9b9e34d5374febffeb536facd3da52d43d69fa7af4d4792c7" + "9207686e0629de47916af19f9013f65fa3b5f9d196916cab2f765aff31adb5a959515e83" + "fe3e00e91843c532041ba15f047e978bf2fc69627bb5cd7f3ecd74cdf1a8d623c1efd23f" + "c0", + "3fae665eb7a54f51c522ad5721d9e2648f13f3d84e3d64c8148d59c662872b5cb7d911c2" + "7bf45884f2ef717d72bd0569d9901f2308d9a68d128c042effea148cc963a8252f1426e", + "1df705ef13ce900ed61babed02e121dacd55a881ae32bd4f834fa8e362d059223b29ff3d" + "b835fa2b2db8fdb98c21dda5ef744cf24d0a798f501afa3a720a238ebd4fe3976a179b8", + "1b1e98db422fd48f1dfa049f38865f8bf9ec5618fdbfb50f21cc838051a1493e4b1e4f9e" + "a81156481e5fd84124fbab740421173862c63920e3a833aebf0762e7b5b39a1591d27c8" }, + { NID_sect571r1, NID_sha224, + "38b60d27ff08fb191811036dbfd5b39e1cc3427ff70efb67c851e9cb407f9fac6f348d28" + "9df98d055eec73299fcac068bd0fd9ffa3c5d244659e4f714a58d79f6727f323a7ee2636" + "9000e90e34e106f99f5ae2ae1b64ee89e5a1d304ef20c071a7773e9b977ed3d49f467d30" + "0a881c8371041394910f9c366942449045568f01", + "2f36613043cbf53ad36e2b38998bb867503359ae082d07d040e5a10a43e06ba9c91e7c73" + "308e41e2391b65e634f83b162cbdf4e7a44ad818fb93a978af00f06be06731d8c5886c6", + "0400fe1afd356670e1dc6bc195f9513f1dc6b03017416b5252c7b56153da538422e557d9" + "918298ba6c78283efa0288c0ac61298846a6f8adf74df21747cbe7c18a2b825a330e843c" + "d8018b7659f0a7e8e7ae5d636ea4d1d5f3a1f846d4bf3dfbd96c6ae874354db6faedf02f" + "75c4d1d8bd6a3b61e70ce58e38ea5de8cc16828f87a0667614f6640a3023b7f4aa93fba5" + "77", + "3fe351ff6ddf50752f7dfd8e5a72c9faad77dbea303fd97dc939eaad3aa7fed466fc8939" + "a7a6bb7abee63455284a5338e59dc067236dd699bdeeae1424d993a9c76fb2fe9595423", + "04a0e13a9fde9f2fef417199f8584d0f60b2f04aa6b7524cd2a2826d63043b2188ca977c" + "9567fc1ff292ed480dabc01589db8734c15aadb4ff54a552a7d9e66829fec1dc919dae6", + "01bc7d2c4ca9300d7a3001755ef25231d2852a7b9a3e91baf21f2a2bd2ff305be8a9de1d" + "1bcd7bd9eac4ce12ecf8a91c0a409726085382fb8d2428adf1b42b37b50c9e8e0535d7e" }, + { NID_sect571r1, NID_sha224, + "21709eeaf9e1953822294a478dfacfb205fc25f447a73a76a32601c00784cbf2f9ebd41c" + "22721d70cdb3842dcaff4a4f208d41c0816990e421cc4b8538ac2f347cdd0aa2a39f1aa2" + "6ace8cb6a606b23f6244894d4594a0f6a5b8f6a695fd66e1a41e2eb6a377017177fec56b" + "b58c837e311cd04c5b50575faee32606b9636ec1", + "2e74948c46930cbcd9dbe2325539c7dfdd910f309fd610e6599d425aad9ae230a8d46819" + "70a14f2a71fd08030d0a40ff40dade7de1b06a80441bbf7e2fcf1809cff39c7ef88bf9f", + "0401b75f2d281592c288fe6d5479a4e21ef626471819850cbbdf814593bae7e6ce2a35a9" + "78aea354649d979f161543fd4c12dae0efcdc2d95e82ae5874b9c04a2143535097b8a17c" + "6800c7160c2efa3aea1d18afc1a00b47209dfc750a5317ddebff04bc4d181f238d339a76" + "90c24e55be2cb0c01719d34ec986a07727f2e412aa72434efef4d64ecf7c16e2e75ebd7a" + "d8", + "0d3ae3d8e5e01ad838a7cc9a4d9b3e41eaf9894aed1d1ba597458391d4a2ae38c5d6efdb" + "4d91761a415812d77fd9ceaebbf1ad49c282e693d71d89f0e2d1bbd94698a47f1f30890", + "1e2e9e2633885c85f70208de30ae9b7f72950e2de980607f6d0e73fc1fb2a4a8afc63882" + "06c11b081540bb528a94e5386ce77a2d5c7830fca19223d57c1efe7ac488e69ae07e660", + "1250d1b920324919ef81865513db461409f6f8ad82f658dbfccfae4425906da306ba10ca" + "c84cf5379b6c1d8b252f3c6f86439413c617deadfad38a234bf2b0050fdabf7719bcc9e" }, + { NID_sect571r1, NID_sha224, + "3a131fabf3dc97334f212fce41c44300440d16de1d6060450875f7276f53c026e2a51168" + "1b5a8d75fc0d578546339542833145f7ee13c708df33e584445a75a5538829286480d339" + "be7c777c03c998a6d3f037b25799ab2d541021502a0b02a9b9c337a8b176c4f30e5b1864" + "85a6103b1d1563ad4ae73ca806a5e4daa92e9100", + "1b5fab1d36f6f6d559f65d8b01edba610620fc3a38307b1fb1c5bd63e7ffbd4a9098cb8b" + "df50975a873f5d047ee2b627b090897a7fb5f56d3f4a0f3528179e7c969926fc0d3b0e5", + "0405eb8c5a2bfc86aa9a82830d665296f74aeffa9c5b38750d0ff51d01c2dd0fb6f2209f" + "8ba89ff07297ab9b1b06168757f48cb6eee618a7b44f1b3902187c33208288f35a066659" + "2005334c203f4ee44fdfd5f99686b18696b3433f203dd148324dcfaa03a0a250cf606486" + "ef11ebcc1ed1839a76ad70909d835a4b30a014104a6ecbb284b33f50bfec33d8b5ede85a" + "c5", + "243889e7ad32076a3ea436356eb572c1b4ae402d0218d3ee43927eca0b4fc21a19926eea" + "35c37f09de4766f54e6079c34fb3c174afb953be1aac46d675bd300e717dfc2d0c3fae7", + "1d87b52dde9f502f02a502e7a331ca6dfc6204922fb94886efbe3013446d08240f6dba12" + "10a76eaf804562aa92a14d220d59b6310d6caea0274a5e1e8aa3c6b57f239191a71fe3d", + "2a5342df6908841b719f80ff905cee0ec3fd8be46396922c3f2f142393714b97128e0839" + "07a3a2343f0cf9aac73313279ed29eb44017e2a1cdd0fc86e4b7c536e9f7eb1bbd192a7" }, + { NID_sect571r1, NID_sha224, + "679d85a762f2574b0b31b516270b7d33d5e166c83e91a0f48e0f3db20b52f42f9e6ee964" + "8cf58267ffe3b713723cf3df52b5fab5c14db1e7189f7cb7170bc6ec7cc71946745e152b" + "39180f828688a5b6c0b2957ab94283b90052a3c6e36843c391aa8810f9253b639a8d5a69" + "aec10070603ad7a99dcedb544858d057a1d66b89", + "383e70c71b431eedd4574f65d01fb0304f7744d668408c847f7899eae44770a7f3243109" + "740f177d7146a27748886b7b77ecf3792b512e8d8e37c3bf4ecef2b1253df7066498f01", + "040769dd91fad550980225877d98f7c86963c88be141f91f7a3f1607e0cc6dab767aaa6c" + "eabaf46b65a7c80b6a494b0dac1da5d2fc8c5b07ef7085ed1bbdf4273da3665a6517ea1e" + "5a0282fb94b4726472248f01ee43607f7ef969446313e849998fbf0058c8ad5e24457006" + "b84fc0460b74d86ca281caa174e69fbb68673e1d28ccba17eae045eabc1839870831246a" + "14", + "336909099a1540e6f69172d55e0c88a1afa99808005bf09cc803ae1e4e4fbeac2f77f984" + "bddb482f1f13e4430e25e36962b1a4cae00f1fcd7f2c7a17372c91673d8286f9829bbdc", + "290055d578012a5b7d88fe2f70581a0fff976756b4581875cf5db07e01f09c0bdf6ab70f" + "fb5839567583d53c68e31a27c3fde12bd4f1e1315af2f742746277b1fb1349141ed3043", + "1480c63c8b90c7b51e092597fd8391a237b07f0ff7dbf615e6bdddd5aa880db29c9b9add" + "5bde7e0e81d9a37f852c26f21d750cd2f95520d16da7404c2c3feee1489aff09f298d7f" }, + { NID_sect571r1, NID_sha224, + "236152ad31ce2ffc0dead3c142cf6c770672cd2e75af4a82fda1a72e1c775cec9b481c6f" + "3e411644df7e7ee901c501405620af4b6e9667dfd46091788daa95ef2c6c9f5c240c06b1" + "5cb0df51f5f058d8a7934bd7845f007a35f99fa97200b20f3b5b14fbf1e372507f3b2f37" + "7e8d07d30fd3e222f398f26d8f428e320327f901", + "02261d4ead21f02fab19bbb0da8c272286704c8f0c6842ba47ded121e5cddef79fb34e6b" + "9694f725ca502949faecfb21e3cc062a2b4c654bd542d9a1fe8d97bdd0905c510aa0999", + "0403ef03980ea9b754b655948da63469fe526ff0ba2c0f572981d02f5693bff620b55b8e" + "9e9f9d553a78a0138072369775c7976f028631e65887cbed62fb447c9f41da86022f4b41" + "ef04446eed90f2716a7aedefa1385db9f5f803434517fcd80571adc9b7f086c9787b7630" + "6380a375668b05fbed30922746fecc0cc16f189dddab676516ed1fe4d02855a34a909753" + "89", + "0b309f6c53dee8a8956358df45e72126ec76266d38babff185d4db1d449c8fa9baa4b065" + "1af5f5b0aa70dee3dd55623060097e2f94ed12636961a7c0744b38f2f137bca239f974b", + "2b42395206ae79bd9df1c729856101ec3c4a719616701f836c9d69b542b59ce973d91951" + "853f89a0717abd4b929bc69e59cc379c941349dfb4f98d49f9dff572c614242fd370e56", + "1ecad482a8eadec6800a9d876a382125eafaa7bbd950fe5f0588126764126eb1b3844240" + "15c52ed6a335668506f25124aa78d98ec5739fe282af0c143c07da0fca53b9733e159b8" }, + { NID_sect571r1, NID_sha224, + "ba3f02c4847fae035d747db246fe4e82fb9224ff9cf568a6ae548f5dc2befb2079541d2c" + "f9aaa6b18c281a05e7ddfcdbcefb25f41dd91cb3092b3343e16985e91c912215cd99ae4a" + "099baf628e33a7b277e3c36a13aaef85418fca99f64d73b789f23ecbb76c3095ade0a5f7" + "f34836a98c5be933b44a94a2eaa3f99b1d8e7937", + "316c78f289e1860bb623082be9d9238b88e38c5e978a868bb90f776235bdff4eff591877" + "b7f350cf14c40356922b2b6aa51d64990360b2b0e44d6941b5dd9492b4f4e1f42ca163a", + "0406f4137a2c63b6b79138027464135021b034f97bcb2493943df6be844f1657a97632ac" + "80541a3b43ccc828789517efdd9f86ba171c1262a07a6b337bdb0c8d5f018302a8046a1a" + "8c0425cf553554d18f6cc97f0caca2a7eebbf266d57030014273f701562d5b1444240b9d" + "22060ac9bebb37deec393cebdad21ec7f13fe5c7f1752b4261cc2feddeb737284a6eec36" + "63", + "1e0321344bf364f1ede39a49c8051f36875ad78e4b080ece9088111739041b121f3f334c" + "6e923777fd716a52be669d6e45f381da11262fb4d09ad66dea74ca115838e19fe94b7f9", + "04f24ec978c52ffc7675a09334a895e044eb8eaf04d26c094d7607b77ac4168a02a972f5" + "77880a0d0c73f218815e3a7a70c91c50734c08d374a15fb42fd13367dbbe08fe9c2d4b5", + "060740270df0e1fdfb8e829c9601b9901223b19d07e9d7d422b9bade88a50fd6d4ec9684" + "2afc45900a0107ce85ea6d083d66ae202dba3a32e50c7c3af951cac7acdc6f4c406740b" }, + { NID_sect571r1, NID_sha224, + "6d0372b40559e075af56af853cbe18ba2d471b0fc8917764abcc69102b03d5bbe1fc1245" + "8215be66409c26c89f67c72a8933677a07f88993af6918acb074fa915fe883b24bc3d191" + "ff1b08852f07eda98977e70eba072d8bf189cd545230f59559ac05f1fa3f4e65886d0bc2" + "74a6e02e2399812b2bf91abae81e21279c5de996", + "2c1bc13f8320d97a82f3d9354e195481902214e16a4fd89332a0499208e91d50e5cabeb4" + "927ba030cb42f5bc53b10f500fa646a8c88508cb0d63ebfce5c4bd574c527d686c735ce", + "0402210791ca48aafed20de84ef9896a9c7584081f850b75884908c7b3dccc94e221401a" + "6ffd982f292a9d5f9c1d066ed493da948ac7e93977dabd7b820bfc0fd21cd8d99c072bb6" + "9c033574c6ce7da749ceb480b4e00bb1a58203bbbca5c16923992cc9767aba5483e4d46e" + "d39e71000a1fe920a4c1c211a14e63ace03635a2d77e72808e0664334890b819b3caff64" + "a3", + "2e3db2d82c4b9de2bc0dd0a93c1c5b385f75ad03d0da527a034da2876b42e43cd88dc648" + "33efef54af902d85c568bb8e71684bb16b28c32d80bb3e9911cb1b74be6ec520d99b381", + "065f4715e87ca3541ea695878ed5ccb7d2ea6eed5d6fc5ec29f9aa8deb4001cc7c06185d" + "6ab2dde4347344d44f8300a1e92513af4690d713762336d2e6a94d3324a224f06eeadeb", + "20104e0767530ce2f4351af4977b52339f34d13e458de0482bcd58ab38ee041c9adc7b05" + "650260d919b2648e2f820407fd60a8d6b4b991b86eaf29c2c4d12d3b0b45cac2ab22c5a" }, + { NID_sect571r1, NID_sha224, + "bbfe66c82bc060bd14fd0e40769d9b3a026eb447550dd9f118c30d8448f725f8366edef0" + "42447962ba7f7f833b9e9094d0ff600714697e632626e7d12a592e040bdcee166dcda939" + "52323191021bd12f3b1647d0f25a41739994659dcbb19333ca30f46f539c6f0a5c354cda" + "8969a1eda572a309950c84c7607eb8ac20163912", + "13bd80eafa67663e75d7ae139bf285d2b9f1e03d8e32153c73e26d06e86d7acad22bde9f" + "121a3f1ea674dcc1fe67bc7f5398d5e92555056bc046a02b0ba86c2a0dfe32e91add5b6", + "0404c01fef7f2fd8ee61726af1a2d046c7ac67716403b99e021082e96d733368c6c64d04" + "6986fb01a6b55cc930517762387eb2fa4a8eda23c700d88065bced8595188760170881a3" + "290189bfdc8e7a710522ab5416182c9579ca255c5009e6ee6604ab033c1388639c0f7aad" + "84642290954db9f4f7fbffd17481eabed38151160457d68ebdfd8695b5035e4e6e06532c" + "0d", + "3c5868345c5314aad5ed3a74488a85b2f049396022cdd1de855a0b33c2877f72e871805a" + "f3ed8fd7e7a392c4ff63acac6a6f0c431ce7af680984e8c81d0350abe491a01f0f9268f", + "0c7e96b9e9a5935ccd51b901aadab6e01ebde44f57e6f0b84e7b58ab4f62ffc0f3f3f980" + "665c581ee3de233ee49d11599529348f1ad3d362837c041cf98192bb324f577e973e1c7", + "2226922271fe8307bf597742618ea9c1c271c22c25b49aaa7c9292a81ecce2a55250415e" + "a2ec8ffec54bf0508e64426cb9cd7177265fecc40e056e96cab661485e789f0c435b72b" }, + { NID_sect571r1, NID_sha224, + "b35e9bf686717ce3b16a59963a32a2116130453b161a4e7ceb27b755856add836d779696" + "edcaee3b5c986523891c8836109d431e55c23afbca022437ad19e6777efabb6da3bba1f5" + "f44f905395b4cc7c9210590fd38da621582d059598e5e4569e904358e0dfc0dbfda4ce75" + "538aa97480912852bccd433a9b96c9c66e9597d2", + "30834b0a4284097cdda2ada6947c6c281f7290a49b56becefea1e2788ea3ef78fb968076" + "33c47c25138341768b241164ce0d42f7301728b928be2c047f2eb60fc2f844ab77306d2", + "04003a21f0d8e01a64b235cc455c291e3fec8de12682f05544de207d910c7c24c4cd56f3" + "354500d994380ebaa0b49a7604c6233a9aa24934c550c0e609f65fd4073cd6c1ee4170d7" + "7e067c83513e4acbdeb8343b3add40261edbf7c8fe0af7417264830edabfc40200283b92" + "484630741378b997c3f8bed7285decc6ef8633aa804b3846d3b4517e5ad836dbb1df4758" + "18", + "0031afb24fbc52b01480754837cd84a5165d5f2ad1a1d572b92ab546c049413806f0f523" + "9a77c751af4d57a84786ed1c11bc76123a82e7db3c0495b2fdc5fb9c8720eb7afb640c1", + "07a222cddfaea617f1190a0bd88af4d1983d2543dfba25c5036fe24529bbe2e382de89dc" + "1e36c1f6df59c8291d1c4277198084902e5619b64128c265bcf03b7d8cd6b663c225f11", + "1ca84c146ebbd16300b813621d503d8c754e4b11446d5ee31cbebc71f4b85ed09c5c94bb" + "dfc3570e8882ef790393234c5ee9e52f7d5b74ff4171d930af817eafc40ef203a1ce613" }, + { NID_sect571r1, NID_sha224, + "57b5ae7e95c638b258d1e09b3fcb4341e203f5706862e199b103c8fdac72cbc5155e5cf8" + "b300a0b3fb0ce1f897c45f7aefcc528182f73dd450cd84d5fe9eadff3f704dc2a01b4e84" + "7c22df430efd1c66b0199f3e5b59348af5386962a5ef25204fd230b54d58d7fae801c086" + "f8f405d3d0aa7a9a9da15c22b868817cd897d853", + "0c81a79ced1eaaafc31b69a40d9939f4e484d625db6364a8e589b6b4d336d458b44287ea" + "6c6aa7661113fc07806b147ff98216fa0c08708dc9d651821b922741deda522b4e436ad", + "04025f9b767b8796466c1cc8a1fe6286d591c04a0d115133fc7910640032b898a5c86547" + "f57794e5aac0148996151d3ecbe0d5939dbff5722679ecff378e3f21bbf1354b1eb294d1" + "a30074c2b91ef3472e60426d2fe182ccc678aa0abb8dda15a428e4f6f1ac401b015b2b7d" + "83535a0a92770cff7666659e1cd33941bea1168cffde82db0ea83668c2d387e6f4bdf28c" + "c5", + "27b407a29553203b829a87eb25d6d140e41184634ae1c64c6ec38e9012d0b06a1f4ad987" + "7d7ac4236a22145095990233e6c102a0052ba18cf6e47e289cce4f2ca21514d8868bd68", + "02416e11fe2f8e4738ecff1710dc827f4e03c8e7f04a4f52e755f0c1676abbd122eb9751" + "ec1fdf6c7ba04b4e29f8dee52bff7e9e726e28cb3de6f9abf2dbf58c0519ccc7d70f076", + "0b96f107a26097a468c1d410bf90e223cd72c5ec98d4ee4ec2e32259d7670d7e7689e62d" + "36549086139f6111884530e20f908d7be1edab75180c81a70ece341f7eda6e4a43a5ad3" }, + { NID_sect571r1, NID_sha224, + "daebfef74b452f039c999ba0528be3bd9e16deb5f46f6eae87b63db8b89952c949fd7db0" + "8311871eb2596865eed107aa065f030226ea675ee3256c31a3f85ddf4c21760582144e07" + "af208f33c5f47cc026db5403186a65a47940691ea2d74ffb1245676260ef5717dd879d8b" + "5b72d96f87fef5f762d4fd17454cb5ed83d8a11f", + "2f24670c0f77d2ca0266a743023d2c7413d56d0b5ec77b454ac59087efc4ea4d46179e10" + "278e4ba416ffd8c3f9786ed202faf8251c0ef5a9ea5371fbb35b7afe3d15a9cb4bad975", + "0402da72b8ae64c5ee717c33758ec26153a342936f9d41dcbb136590e1303b0e220ee84c" + "8a06b83d4d9fc924b8808de94dbd780cc8243bc4448efd27dfaa1572aae6abe574be6649" + "3903b3a95d962c48a81c48713247801e4ee630ec7956c9989023ba16f02f5bd1ef2edcdd" + "1c8d314be933225c64b7f8a80542b209b944e1f3fab95795ffa134e7e28e82307dc62c29" + "62", + "2bbb9abd2732994011c8d294c5342e8b1f7f3c1f5718187e9f75832604b43bf75abad5dd" + "c85e8d92cdc42656cc9f3349afad3f9022ccbb4937d9ffa9cf48314b604e82bda13475e", + "3986059f2e096a3675215698e23b53f471c578891f6d721a34a0d231d16348d5bf9853c7" + "9c4f4aa94642ad06cb7bfd11f724800cb5477636b6fc0586fb6efb8eb9bbef62329a884", + "2beda064eb3ffa1c3b5336613704b3bc3d4ff7b0e977df16477c7e33d480d678804bbdc0" + "8088186fbc4764be398a26c13f88bdd23e844be0d7ce598bb87c1b3430da02ae96b3767" }, + { NID_sect571r1, NID_sha224, + "62af0493ae79d71b552c4647d1fb7ab2f282a91cd44aebd8ef344dfd77b521b0c0a3f72e" + "4513c8ecc0e4b84efef3df9482a07ccc1b740c571c5e69cb913740a792aa231b9dc87edf" + "b72bac188293c6c6e788cb3dff32e8f483f8f34e21ee7efec71302cc3bdbfa47908a135f" + "6ef3ff179dcef26d1a3987f7be967a6c0f799b0c", + "20985f2c6fe3ea04bdbab66a8b6167e5969c073b9d53cf3c77cebbf73f4dbf75e601620e" + "c9c3107bf3fbfc6c79f8f063409bf8fe1d14b19e323d857e23dc05157d270c7514137e4", + "040010712d50ba7752962b140cfb943d9e8dc3bfa497bfe81c42606f4da5157656fe2ba5" + "cfd33ddffa0f27fabef8e267688943514df45e642ee0454e05b49f7c00f5785777897d22" + "5b01a2c7db6595c6d4c55110210c564cf102739760e7f5a29706fcb2515d99ca00949d5b" + "4f291716d0aa1e3a47efb9632410f60e2fee1ada47171f902f632bee85da75c7f3c895c2" + "4e", + "2f26eaba6452e687af452d5e1208fa011e4c84ada92a38f0a204a254641c23ffe1c184fa" + "8bfaff047db590ab40accda408717e4f30811b75cf3a5877ef99279476ab924d92565bf", + "1280adcac1c79352635f4165f9c5c1b6e1e6e33bd74d781773f483f637462f80340f8d22" + "cb24c9db5e49ace95a676df3dde53c8721f672006382ff806410bfcdbceda50e53285e6", + "07dd52973ef30dbd480047732622fb1b695fe3cfd080264d2aa30a6ff3dab4ab362518c4" + "f3de4fae042fce78c0c8fa0e763eb187eae2ff8f2e79b3f38cc3c1aea897e1f28b71a19" }, + { NID_sect571r1, NID_sha224, + "566f17851951777ebea3f8285610cd8ee5f882a68e7a4205e6fc9e2d66d210ee2505ee73" + "d6503169f7b903012d43e7e99efa493a8e6ef926b16b9ad8f52156840ab561fc6b680120" + "a88714fd66d1d0742189bf06c155e1138ee5314707173f7352e2cea0fc26e1553643f249" + "0428718e44afd8372cbb7bf5b88234318ebf4355", + "2b3d641607b8a141f876f6d285ee46aea543880e772dadd5dd83d595b9643191d9597218" + "e1d6adb081df133304037bcd2c05c24a54e6c4cca64fb2cc4569d6882315360059496d8", + "04042f2bffe25142ac6c1af26643b0f1c317b34950a8a0f112a0cd4ea4131303674328e0" + "bed5d9bc7ffcbb9712387cf67129365b4fa8a9e785b787c170463b24f6a7962c1e003c87" + "320070962ac4d3220f367f18caa7ceaadcb82fdba45cd2c034a97aab71f7f7546c09736c" + "b080c10d9a95a5f984aa4a3ed32d22636a7b3d5ab29c86d85db59f6f17ba29eb220bb141" + "b5", + "23d7021f5376e7b11be07288a0e47b4326c026df80d7e08c9a0fff11deccdadd479dad50" + "3ef2d4fa3f0ab2aada604b57fa7e09dbf5c8d493070b5faebb27cf68ad0b78bb6f3a9aa", + "3059720e7a2dfff03789e7a514f75f2af5ed18cf1568fa2a5354dcddc9d3c7a90605e9b9" + "a3d0d6fbfebddd615cdd52845ff922873079e06c4f349f7798410ee18e0c69045193668", + "1cc40209692cf5f8ed8b82372c95033e4199d378a28b9edcba516820ba21af1bcf5c5df2" + "ef4146b91fd37dff89ec8f9962eecce5c5e285d76a5f03eaf99fa132e98cc40ad66c296" }, + { NID_sect571r1, NID_sha224, + "25155825fc4f9a1c4dd1db837008e7e2594a879052431f5bfc76d0d2565b8fa726008bef" + "aeddceef73f3c60fa2cdf6d9a70e56d27210bd013034b38861ae49640ef208d3fe294ac4" + "362f8eea44f58af3af8a9167a36b5acafb7ec95652d5885a0e08067ce1dfbb45a0c89ad1" + "acb53eb404bf88fa5c3c463a0f912b5a2522a0d9", + "1afeb5ca87c81025ddf09c2b2c5ee22ba0105c0e619b67a324467485bd839030d149fee4" + "4d8bac6f5902a1245a50c3437046b7c89a84116b2147cddc645b6d2fd24d68e8d53bf5b", + "040119c46988a79e3ae8833ef096b0a1e2886c4b114ccfe881886859abc031df2b1e7581" + "8c82be8c5abafcbc5d7b3b8344e98e3f413d737938845e6eab5aec7e507f7baf0d339a36" + "2f03190912dfb5a1a31fbbbb50784b18051489a3cc0f44c42c71d3a54886ecf40507c324" + "0395e8ced37b5253b915fdedd38f75bb26df2a0a8edba865f898a15f2d96f632f7f06388" + "64", + "1facccc127c856db1994c4d9e9c76de6bffff81a88d7aa0ca1645e250e07674fba734479" + "11c5b47a1aae815d5e96164854636d3168d0344b2d2d913127011b6434d5a5e545d3bcd", + "21da49326f39577ee9f65cee64006525de88a834365a00f4f8cfb9a01dcfd6349a3d06bf" + "95990a2c17b7e95cc0589714b7a795c7016b29bc844ae9031488ca354548976eed68415", + "3364def38a8ee3116cbd971794c859776107154234d8b198efb19655647bb9228c7c6be2" + "e703672f795ed37481e994b6764d0b7c1bbeb2bd1db90b34f460278a54bd480bf4e9adf" }, + { NID_sect571r1, NID_sha256, + "29acb0fca27e2a10d7b9e7e84a79af73e420abdb0f80dd2665696638951b52dd39ca0281" + "66b47a3b6a2eaeceb1a11c152383f0bec64e862db1c249672b3770909f775b794e0b9b28" + "a5ec8635a996d912d837a5f22471b40ec2e84701a8804127a9f1a0b3c96ff654700bad31" + "67240c2518fb5dedcc1be9f56a807083e587bc56", + "32c97639b69c7cdbf419286d0a1b406d9b1f2886521a8b979a36118d2a368aace5b02dd8" + "c515f2041e6fb9f026d1e82e789dc826a56d2ef732b1bb0f49be2b696ab5d3d5694a2de", + "0400087ff1d8a4644edebd43c2d43d49e140940d215f272676fdfb72ccf58a12021de3d6" + "68f2766848044ac404fb45cf6e18fc6700f87aa53b4fac1e35e1731814f8a9d0233e2942" + "d7029fad3638177541d8392111064837bfa77b4455c21c5f7652e3fb302f4bff4a35b74d" + "e8aff3806538ef9ac86964cff755a81cb3002b6fb241ffcae8ac9621b8e034967d650836" + "ee", + "16a06e3d25873f6dae16bb2e569720ee9c6ae7b5ba36854c321a80be8b4be502b895e1a3" + "d161b001f6cbcf53d164b5485d8a5efa0476f581f9c79b3a291025be01a435e2fc5ded3", + "347138a43f3ed1a1a26f5f11549eb8a41f64aad302b6383879886216ebb6d08a4ce270d0" + "7a5bec6018eb313430ff017c1bbf78556436d9255e97aba1481f0f16b85e7320df79d69", + "28f35e1aeae288122b043deff9ac87d39478607da60cc33d999b6add6209f452f631c6ce" + "896afd92ab871387f5ea0eae5f6d5cf532e7a6ab44dcf44acb1fd1daafaf1ad5423d8e8" }, + { NID_sect571r1, NID_sha256, + "c92d67cf6536f5046e15b02158da698bcbba4ff1e4e9e9c882cda67f817210402ef917ae" + "93682c9c3dd817b21b73c6c00b7bf92ea80ecbbef2e67f4f4379d078a2b0f297742b2bb9" + "c3fa3297a7e8079f488555bd37715eec92b4b1cbf897640ae8a1d2a0fbcee5423ab31a37" + "629f98630275e35094a896cc574be0a449bb1bc3", + "0f93672159276c5a293582b9f49607bbdb970112f6c63b2b3b5d32ad3c8240c86b1af13a" + "8dff6502c6b6a17712cfd988f8cd23a60693d64104143b3f91adb37f852e9e11a0ef110", + "04019dda59a839aa2ed28f69a62a3e3a753c6fc789fe0d8551bf59095f009d0327386e6d" + "f5437846c6803df2442e0359a367d04f117e3965397576d4287398b4b8c92ad278df4a44" + "7f04159ced60503f7cfcfcd587bb3608699f54693068101a838d575715de02fff81058d0" + "25dbdda430e176f60e423e6fcbba889914f6409ce51d51e89e4cd7bbde6d24404e5b043e" + "79", + "10dd216d4b3da2fa6a75de60f722f1f128776741cba002c055d1445581242a175318291f" + "ae313eea11fd905b20d26cec845f57a3d5bf23ae4dc93d886c0594f1cf7be4f59f3e3eb", + "128d5c00a48c7352eb980d9c80781f8abcfdc1ddae415b7ac94b4d85c3d7d4f7316e2b33" + "44ca50c6ae82938bc728e640e59e2d733f0c7f7025e66c15c81e98a845c1ed4843b589d", + "1ab59ce5e54bffc68fda96c920b839fe03d1976ab36978bedd973715ed631bfc8e3edd10" + "0043ac527aeb5ca121da848bce4ec9799f55b22454e9af32848943058b257e815b04056" }, + { NID_sect571r1, NID_sha256, + "15413f614c4551e3b138b64f66d15f8964c40326a42b0afce820778eee4a88edb127fbf5" + "75da5263e5a2627b5461d311813ea868e6417615e7c4938313675009caac28bc7a2f4c0b" + "c37572d9bf36a3b1794294e09c0121ceecaa4b916df45b0dd31225415e6c87cfeeb092a0" + "08fce2c543cd62365779ae28f29fa02a15d9dcd5", + "3db080bc99c5fe7e06d5032167af56783cb423fae59fb5b3c6bce5fbedf56b7b39b17810" + "e48ea9a172881aa1f42f5e267349b60294d4a208b4437666b44abcfee5a1829e9467908", + "04059d1b3f680da784b49dde3b361eee819d67339447d7bdf7965550264eb63bcc7674b0" + "921f02e15d45466dee52b4c0a50c2bbbdf226af1662086476a9eb1236e3d4c2b6219af1b" + "db04e3466200dd6ecbc268cdc1937ac5123cbe33f32110cfdb8b7536987ddf5c9ef2464d" + "2334f315b9b489cf227a6300b6e054fe40d36c057a692f2fd3e762624069e2adefb65d24" + "d7", + "37fb32a902eae0c5d7cc9f9018a5d1a906a3d1b9adf5bfb696ff63f105cb2e736d9bc196" + "1677fc897fd3a9e9bedd370be6f25a03fad425b5a293c66180df78db33aec4a188d3db6", + "3aa8ab9fc9073429e52469088aea91f00cfba271b9dbb84818460883effa0c51d6a48c19" + "05d6f58d1312af073dc8735c29957f30324b467797acf86e028410de016338b972013ab", + "198a746411333172daef76359e7ad23035a0f5d14c283cb268828bd876b96b5f767e0c1e" + "2796def7a51429f39ab2332ac25d8e4f263f8dfb9c4c98da2ccc398fb3bb9a6b28ca28b" }, + { NID_sect571r1, NID_sha256, + "9f901557451ae2f8ec79b6d4adc794cbfd9b2e6d28f19409532d91682820205308b41498" + "a4e1ca247a2baa8da93de95e3c0f7afd6ca46bafdbdcc6d3374a12684676a50988b86a96" + "0a82180648c8c1e38f8fd9af604c7be3be4b24799f4544ac96d6360cdb83d1d0847fda21" + "642934fd6cf65385b50d86d4656987901fb88d0c", + "06ee767f6f36bb8f364f324d8346455c899a49237d759003dd52cfa13b9baa4c71347b13" + "4b24ecaee32d247c34e3787a0c64bc5d299b55c86f64b47521d22f2c09db225b0c84cc6", + "0403f971125860f4598fa310eb7a8c6b4e0c31bb721fdc17ce6df9af557beded6006b8ea" + "b10ebe7f3c4f3d759d4a87dcfc1fb767ef87beb1f5c845e3f41503a33b28b2b5aa1644dd" + "1a03296062514d4e89d2105dda5bd65a315b9770c45afe4050d8c3d15001405b1e32be58" + "67ee90cafbe4e239dd44d030b4fda855182f1fcf80963c1300cb842459aaa8c282737187" + "6c", + "2b247e2dd0024f534ed2797110df6ea4ba166c34d91c94e43b045c0ff80f124bfec1cf3b" + "e3da7c58389d352c8c5c1bc2a2e876a7e56301b1e688a085ea0222697fc63141564365c", + "2858eadd14373aeca65ee5a2cbbaceae4b54a50e0941a696406dd86d05c07c5599379c06" + "6b2288d01b2a43c9ae34bcb8c36f59d490aa8d066fd3d7e539ebc620a7176507ccfb232", + "33c20d26dca20af2c56982fcfa6f085bc5c317d01f3b1dfe0ade1ef6e3e960b18b626d17" + "d6696c936f04090ecd9606c2a6ecea1cd1883bbbca8b3dce3b0acb2688fb2834aaf922a" }, + { NID_sect571r1, NID_sha256, + "959fe5a19d7aea2ba611c7203e19f8e3f3cc101e03a98f91adfef602c424c580d5a86865" + "9368a930f9883d699fc633bd07f6cf8de474937db0bea86fa7cd140ec2f202663813033a" + "757b93bd72afba15be5e47a4eb93e8a666aa1c72c241ca3922547d63fa3732fec54afea7" + "ade84302e2f044275bb67433fb6b125b7913143c", + "38e2571d9f22309a636586d62863ed67a70538287f3ef88b88c3c2fa1a2900d48c342b6f" + "15c26b8e7fb4875cda4093b7de7ceda48fe1e2cc2975afe958040881de61f309931e48d", + "0405a221634ca85059543e2caf8bdf79c43bb78deb35e9c89e07d553bafb6b31750a1d85" + "ffa7689e528c11d8a3dae442b4fb2a4a21238d636eb04ccc04c8b5d794b0a213fe0480b1" + "d20225ff457b6cbc12d152b08025cdb7e1e921ee553add9cbf83228d678d5a9f5d3d1fb4" + "327a74c1dcb5d69a5b98f3ed1aebef0af09bd49d253a903636ef5a66844c500fa221470f" + "2f", + "3b4de49d57040141f3584ff596eda457e2835085d350b75391d90abe728723e1d1ac6413" + "979d4fc3eba98d72a01248e6510c722df15df876da881ad50539e4248facafcf311b464", + "00f259038b4d3d036bde101aab29f4558e88e604c62f967bc7a35eeacc6a56294268f8ab" + "00a34f9a0319b07754f502c98718e8b5c91093cdbff2c8496fd63d6fc2c50a35f87f423", + "2350d5406922e8822a91f7c95cfe8524f017a14cf7174ce534c60aeb351510d06ac20dc1" + "249129247b21c72c14b02b710c26c10899bcf995143aee632e294176e903645b660e998" }, + { NID_sect571r1, NID_sha256, + "97b9688d9ed5101b8cfb19e84b89cd644262ca1c7ee18944e29ddd3b4cca78e06338b270" + "385b00a5e8b91ca5e628de3bba50e36ecc695b3ea737a9cf8b36871c473a54ba17819f49" + "e730c0f253b0c769aefa6c16366fd2dd612f330e95fb119fcf3bf7f3e254438c0ab635ec" + "04a8b2424a05b483ecf65b74a93636fbab7bf1d8", + "0c8f5736f1ae65592f3ca850f43d06441aaad8c03820f3b08d8a6db46488dcfb828459f8" + "b3f34af73cce8dc7a5e3834e085a64523d890028e194214cef4003210e6eb530005b01a", + "040667ce3db45b8772f717ce20755ffaba968aa1314d75c84073042436823fb54bf8dda3" + "4a6bb45a61d610745b1fc10eb0eef71c4f55b26acceb442d822d6e2a27761c73b740f472" + "89056035da1adaae894e361f5283b3ea07b7d9f64a298be11de9fb487c2479b120381f1c" + "60cefe5d32d37e4644ac86a170f82b1c4443eb71b940b21c7a016b559c6c79835532c276" + "fd", + "190468668989a607a3aa966cad071ca8e8eb152b0dfca9205bc9417a3d612ca1105c7b90" + "340b04acd96a5223658adda16bf6b598ea9f32a2f8d1b61c2c2bdc08d6a49de246240b3", + "291e1fb18edb7a93badd6fab6f56ee0d390f3b6d298e97312d5277358511fc7621534ac0" + "35f3518cb140fa4ad5ef7d889c0d5f3f52a4e4d06bc9f647f99695531f85a4b76cb1184", + "2d916734e02b0a98406bb5a9723486a7ed40bdd0b39c4cb802af4bafd519803d23c6bed5" + "9a80c256a14eb878229942f67e0b8159d5cbf24b719043171b3958fd669adfc72eb7289" }, + { NID_sect571r1, NID_sha256, + "f08b250bf4a3980cb455338b3f4173723b3f44c97bacc9cf550149794a71426e398cb4a7" + "4bde141d8b7b4a72942f1c069676a9918e27792cb8f085ee037c78e3c468adea5123c4c6" + "4d8ca6a39f2f90140c5d2d80b669cbf0d1ccb466b18ded83a1d5f042c36188a04111c34f" + "f769abba9aedda40a87be1e24b700225e2078056", + "1ee68c3994adaaa9e0d61bfcd3bc1cdf198d3fbfe28a44e5dd518867ea04b20e795eadac" + "c48bfcf8e8216dceeaa069b756e8e99ed87b6b1d31154cc9310bc3b4555162a890b0c6c", + "0403efc83ad15d9bf889c9afbd769bdd1dc8925b0462c93868d85ca7554b540d8c3ef7b9" + "a63becc85981972eee8a70b7f948098ac050ad594ef2ec249cc3b557844bae9cb2cacbf3" + "97042a012b3a1d9e46cece4fc3460a2bedc9af4ce0289e95f69550eb3544f7c105b5769f" + "a52234ac88f9045ea5cdd4937664846d26deecf511ba6996ce4072e763e8ebdfe7096608" + "88", + "031df03a6cec2346b92d9ae7d3d983edf577d9a1bb88098f886f38536d8d8cf25def5772" + "6790604e674d036cbcb864bdedf8475ba9c850d510ef93b844c037e04348d5f48098c20", + "112dcafb63bb125d9610e59883df481bfde43589e46656b5952cdd72238cfbcfee79e916" + "5e3c9b89c9ffed12d303225ba2af19e00048e20e4edd3968807e4885003d148403321ef", + "2ded1456df54a24214d8c1d3fb314db52b046ca31458bed69bb3aeb6a9ece509ee521fb8" + "046ed43accc7e605440a09fd96db659c98a7dd606758c0c47e47acfa326b9ed73ba4b28" }, + { NID_sect571r1, NID_sha256, + "1cabd16fc29d7d919622810dc8b23c770b790b98b119eeab1b20900fa94fc2ebaf76be4f" + "5eea91fc5276c5621c8677d4d117c4a5a782ee2ca1d5b0db997fdc8a05b6b3fbb833d7a7" + "b81c3c615c2a662929760a96feefcf89e46b563314c9b77c86bf34438458b43b694ceba7" + "41b97dfcdacc0ed57652ae62856ce10ed2690770", + "3a6fbf66ebc1365ea7699c72cdac2dd85907ec59cd26e2d18713354b619ccb83b7fc0db9" + "193aa8493c1855f1a83fd987cbbb65de17c59fbe79256aa5392f4eba045346e9ba26592", + "040559dd556241f9b11d0f91c5458ef6adb783f9f5051bc12cac9f0b214f836f7b149d00" + "ba8218e873410a50445da9fbf68673f3282d783988981fb221d0579341892ba6824e0cf4" + "a5005dd0e594ce41122882538e51e9bf29d159fcbb8b29b97c5546582390ad5c59c97527" + "1c58ba1e75d70c3898fea929ef7316ee830eeefbdc69bd80d7b0e8133b977cd573a3b422" + "ee", + "1c5a193179ab859ec1166575007c3cacb30d31f341a0e82ed6d4ddb32da909dce08acfa1" + "0fb14183258caa743010fac6f7d0fb1f8c8f55c246e49a97f2bf571129144c23de8d68c", + "2625d0bdf37396585d22811a12ae7e0c3f512ffdd0bf4d048379434af46c03c6067dbe7c" + "271c417ac5307123bf58a9f2064bd2b3a2d4b4efa3027959bfe63e13a851f46a21da6e6", + "13f16b211b314a7e9918f3254da2f1aceb5340713985610f03ec1d0a33ecf9217d61076e" + "b153d8f27aa31aed3c9b165be52f8d857de362b2c88db5dccfd708a996a46b76b4ebd09" }, + { NID_sect571r1, NID_sha256, + "7bc8bbf5ebeacf40b3c82eb6eba5d994dcc6a3f2e12ef741f90f90e176d20c21e006ecda" + "f14cb5beef35bff46b2c374d9ee224516679b1a9e9255cd8ad8e60ed234f8ee7e0fc53c9" + "021488158217d4b4369cc597d6053746efa1e73340bdd73c1bd2eed57b92426fd4d278d6" + "a86e8be0f0a66ab3dfadefca8831b2f488636251", + "145748871a0b5c1cee628de04a12fd68ff2b154fda96e47afaa96389d66d22802968584f" + "6753d36618d49ed205260f09d3f5ccc2b27a34390ce58179b9834ff92a86d66ea0a97ca", + "0406cc7ce2782dd67cf1fc16f1b24ae46fd085b969d936fefc409a9bde354cfd33a154a3" + "113e837cfb88284d75a96f5fbe85274fdd0990af4a033a6c40b904a5e0f666e4d8b8bc35" + "3207adfea166087502657bf9e2c437beb2f62dab041553a06411f6c9dae83a2a2749a4e5" + "a2a36fbe23d40816b1b8d206b9f5cea20ef200b9150061ca22fee2076e31c88d60a006ef" + "4c", + "26c820dc92f97dbf545f51db7d5ba649333dde38eaa47d8a7edad9a3cf3e6780442db234" + "632458ff17e1d7b70019916708c128601ff547ac84dfb0173cf0a3c5d69ac96c3d7d395", + "338c88d1bbd0b93f3f1fe1ccfcbda65fa1667ec471730a40eda87f57b3eb63d979d8d6d8" + "19b974619799c90b09f33c051b8b522c3a1acede101857265ce1b58cc7eb5698049f494", + "3637bf89f9b66c7ebd8f91a8324eb70a510284b39f0f2e45578f26f5f1e4504ad70a3894" + "27f4d58960cbd918c2f8279de52096e25a1b0b0c3929fd5ef56bab6cde7c0d8e9d2fb30" }, + { NID_sect571r1, NID_sha256, + "0cd2a45392871c0c262e7e6f036946354bb41f9c2187b8c4d399231280682f3e0a09731f" + "bfd52c76ee63b9828c2d731f4cefee0a8c46419c398205b2ff80c67d7756db300a0a8385" + "fa287dd37d9126f75998ae1cbab5136560592118db52fbf102b7ff0a1ed45b8a91a7d99d" + "13a0f7fd4366392264aa1248d7324901467457ca", + "3c71911d24ad19c20fc1d8a044d63c9bb417abc3778d7e6234c6af79b898cbfc2f278724" + "4708d2fe203be786edbdc4c9b12b413156b7b0bab0be8af895d191d853cd58aafe1ccce", + "0406cc47aa586a73acddbc91398ff5782457e6da2b10e265153c678789d3d7fcfc485b03" + "b089eb67e6d6955d5c8c7ed5f933d84853576e76fc60332e5f0a62c3ab23690317bf1b42" + "3e015604d94ab9f2ae1d74fe46b1a070160513709de2ba8e74fbf9922e9bbe7f6e743b25" + "701a13f73eae0db0c98dc80c5f8528e16610fcf18f60eda3357ad5878add2554a6befc9d" + "39", + "3681fcc5fc1f0d7d413abf2e44cb5cce9a4a252ec449ec4f550df4a172305eecc072454e" + "fe2040aabaf4fee58ed19c9090061d3c4835c5fec38996f013e5512c0147cb14a4f0fe7", + "0d3c26796bb86b1a20ed4935bc3824bcb9742513ce91a66dd523a3c0d8a5abe63488aabb" + "806b5b113e90d3f3c80e3ffa01ad051e6b0d4edfc641689953ed65fafbaf3e554be31ff", + "2e3129ff95b06c274f7ac08882dc1da6660269f3dbd21a3e48377a628f6d81326084bbb8" + "d32b794fcbde8e574f853636fbbaba480fb36960b0994210bea319a99a46e29b79217b3" }, + { NID_sect571r1, NID_sha256, + "e97092625b09c9ae6e152e1cbee207d83361f34cb9b0e727c816a5ed851f12f91fbf88ad" + "9d4c8f9d07350f5d828fd8574eafc768bc72a2b18aaf4d2b48fb10f7c3431137b5185015" + "4de9706487d69a40a8f4cb2c799f48c5d8f518aff752500de93cbb94ab04ae1e0c7183a3" + "2d79a27291dd07b5fb6e6a4fab76e85c3a8607e2", + "18bd74698bac36ef11add6b3e3fad227ecd868f370ec04569462565d2f0af2340bf79348" + "6953a7b79ab04f0ab1f0e4fd16bf6b576cce677d543e73aa8edb0e50372f24ddfbff966", + "040231f891e63bc1c43377faa56c5799eb1c877954ca2cafdeb4883ae40bd78816ca5634" + "f48f5ef5c22dc7d3d0df208bab4149815274d7b134cadb700d166a5e3fc73e9be1bab725" + "220469ea29ef860adf24afdd386347763008ef6fe2488d902c4d513bc0183fc52742782a" + "6fe500d6b581902ccd4f9bf077f975bd5fa89bf240723b99f726c9fab4f953380745ff9e" + "17", + "1590570de563ea96eddd900e4a0a7efa2e4a0b389854e96af32bb7555f098a8cb52d160a" + "bcfbde65998c34f91338a40d40cc03e4a9a241d3b16b0e893d3f7ffdbf8912f35c7f538", + "32402fbee4831b16d762ea2cb218279f4db5e20bc8b6e2e53e89a2ef3646cfb0abbac361" + "16c8c708a1342db2fa0abd39d149e09db57aef65ad8092f37f7962f98c28331f0f20b64", + "2d1e38f40965e2697abc7df5896cf051ce5646f135d1ea0bb470a43250af8df0abf2a04c" + "a1e0f1f31013025b4136a8a6bdaa474bf50752c571f883829bc3a5482ec20e2b4a72c90" }, + { NID_sect571r1, NID_sha256, + "ae6723b8df5d6ab5fcfaa22d32fdf106d211514cb1892c7c43ca6cd85c2532f85929c8a2" + "59ed251215063cf92e1502528d1e22d5cf67efa0b8ef21e8eb2f5dff881ba1433e8bcf2b" + "6af8742ecb2bccde081e534615a305562cc22d3398f61f277d8ca785842bda85d8a40438" + "d9bf1aceaedcfc22c85533794a69cfc320931d3f", + "335699bfd058ee2e6163f55d1816bf3669acea8b73be9c4ddfe775230925e6093cff7a66" + "813adf22222c8376faa106d85ac9f3c67929bc58d8986795b6d35d5b9fa546dceabbedc", + "0407995e02dd3d40f9bc2e6f4cb1c0d29923c9022169e64532d1b357f36264d18059c44a" + "8617a6f1136e72648c9051a27714a0dc833428762275a1b5635a3ad91e65d2713236c20f" + "5006167d5839cd4476a638c50db218979a93da44dbf97281d90daa8b9b530960c689279f" + "ff6c342af97880db1e9c5ae57b91d7be727fd1c6210ec59416d1b675f4dd666e0b121d14" + "4b", + "3f037ebe0e4c3910953e123becc09c0862490e7f590245c4cdf9ea5fce930a7d7ca5d17f" + "5689edae1ce706b90efdf84cd82e06e4ab95e9e2368db91d50110eb91cf44e50cdce2cc", + "2baaf025290897a5d68c5e63543256523fb086a6f1166ddfd3d50fb307e0f0cf78b5fa89" + "5f8b71944a7b67b8afe5f3e10f2d248aedf573860c42cd7aff258055ee7cce472e8efb1", + "0f4d239f5af023ff6c94ad7f66d43201c7e40262cd92467c4ab54be8d2b8e6577d143750" + "64fbd00a6327da62f03f75262392add0ec119d820205065aa6238433fadc8d1734b8481" }, + { NID_sect571r1, NID_sha256, + "ee20c6b61886e02ed94359dff3559522ff550ca126fed4b2240ea7d999a182b7bb618c50" + "528fcbd261d5e497a991fbac0cf4c105c0f664d6a00a9001c1ed522962fb44dd4159677c" + "e8f1531019f86457c055c9cea6247086cdfe0442485cbbc4386ad002b4bd39a1a1877524" + "37f04569705cb7adc0c68f0fd059d946deb63f0b", + "2c3eaf801330b3f1b0504f2399f1d24455db29911f750c246ba0a134c3b59da8b3562911" + "197764699a92ea1d95a2aac587e24f743df1dad3e1cf7edf955203e24a0225717f8d2df", + "040703d69e2dfb13fb6e695b0b30b31d89c8789e8523a7eea15673aeb4f1909192c06c27" + "558eb55f0315f395b1f3ce84d9c304905cfda1d119bec33af9ade4420de2edbe75cc5460" + "e3075e35b2d6a8550969d49ac5d656afacf68d3a1dc6d17666f46ce3413c855b627f0891" + "912e373af2ba91211c20f067d66056e6bbc0814ff3921d944008b25d8772cc8d696bfe1d" + "09", + "0a9ebaea478893aa0e3bbfd5d007bcec5ad787d9bb5a8e9b8b79865c584966f0bf040d36" + "f62a8e97c123d2adb7f38eb49a86e9c2ce1294d04fef1b6fec7908c4ca1a70bd1699a9e", + "2d495eb5f6fb187a0ee1fa772ccefbb969e854abb445ec19ac3860f40ee65f53b92f6a79" + "7003574bccf0b9de8014ad4e5745ed264eb3ae88040ef6518809b4c66f691d496a85d51", + "1840b2977ff137f2a8f2f7c25e347cf1262fd128e008e30e4752315deb5231098c65e9a5" + "85496a9d6b5b56cd0b6d7dcb7150a077fd199be2d2de0262aa84dad414e100ac6162346" }, + { NID_sect571r1, NID_sha256, + "734a9eb8288e32f5a67cc1d88704523ca2c68b798d90e188d871d9f50d2da2063baf1ee6" + "685c45832a1818aabc9afc0bc935e97969dc983a484f16d2bedb3c7c0b8221408be2480a" + "5562d5d1e5d8763d1e474bf2826aa93a68c3b870e3bf34f4941cf590d88e1f5a8cd782a3" + "3992213f3f6b4b4f6dbfb3c3c8f21f5eaf4ef609", + "1c3ff067497e5d387f31f0ecc9c67b3c0dd6ec8c81318c492aad83c9dec6c99e4fa47447" + "f6f7082d636c2591d0df940b947d0a4ae3778e2b7cc8fb92214638399def894ada276b8", + "0402e56655e37b3e753f35eedca95f8ec07b7a3d3e14e365ec041cd9003bdb78a7a8b8ad" + "277a67da5d63dcdeb0ee8d8efb68fe61aad9b1fbef4373ab13c44efacf68cc499faf5b5d" + "be047bbec643d74874b77f0fdbbd2df3f3ff0d35f4b3e1534b2c4d5c76b8cc51693a70e1" + "7d1d4cd64713c5c05966c826458fb5411ac840ab5998bf3cd64a0769c3e075259a70aaf9" + "4d", + "149848f4534eeeb45fc38ddeace59e8f83f0bfb4cfcd2b8b7acd0bf19303051a6a8fe75d" + "4cdec1be036645beb075c772aef4a58785c16d984eb43b9b0317446bc3b3abfe7ec2cb7", + "17eb68556224f995733077501ed295088cc1184fa3872f5f11e97cf67c7bc1febebd3120" + "6a406c4479b60246a517cada5859d4f1aeb98dfc108e96e9898c6e71e59e39b6284895e", + "22904497dc7a98fbe117e4427d74f4ecfc4e14d4467c99227427e3abb8d3dcc406f3704a" + "7783d822ec1118a1d91d5945d5b902a2ad325bcc9c17c68ddf8b5323df9c2bde392710d" }, + { NID_sect571r1, NID_sha256, + "68e27cc72fec8f3f1f3882c6efa08efdf21d74d13be5171da35ef2855666ad2ea6919d21" + "dbc1cb6d296663dcbceeba2fe47a2c6507d3d4a67a61b55b0f81c93412d7e1fbe15a590e" + "342a05f55daa55f8591171303154e615e81189a523b855829a5c96621ad118f522e397e2" + "eea05c2603eeae6e3591215e29b2289bc384d8d4", + "04b4e04281b210fe78d516a5b69f878b7fa058941ee9ae8cc63b061d1eb9e12c3e0ecb87" + "17ff4623ff5bbbcdb53c48adbd9c69636506ab929c5507d7ebafae5654aad65a263e48d", + "040538049d071158c62f0102fb664a47431afe320474a173463819d5f83f6737b43880ed" + "378470d774d32ad59cd9d75e5bb06b118f1297af3f6fa910f40aaffe11e46cd56cbd29aa" + "5100a4a843af9841e2427357bdf26817656637bf4650e443ef303dd458ed092dca3cacf2" + "857d10aa190c256467ff834bc804f8557f6c3bdde89927a5f2bd55bb9d9f1f08a044cbc2" + "08", + "1191110485f56335f0e65fe04b9ad8fac1c3573cb4690db3e9f62086312d394b0e354890" + "c0f74e3df7c43e718ecf18caf6904e03bd6c0912f906de1d2bb4c49823bc6c0dbfe37f4", + "0dff371ac365cb7de248ddb2b2fdee624c527c6c1908dd287a294bb43a4be94c130bfa83" + "710b0655f21695dd91703acca64fe2e7927eaf9c2b9b230de8002798224f9505379bf34", + "2f30f31c863bdd68fae16f97fba756e033eada18cb0a23d7d4b2c9ea3c832e61b52185fc" + "d654d9eb281b92a9b102c3b17ebf02422a0e4a7a56a73974208371ef65434c38f4d7d1d" }, + { NID_sect571r1, NID_sha384, + "e67cecedf35058b80787589514a9c81c6b9f4bced4260411d2af75bc46b8b2c962dc9d26" + "0dc99ebbf8ee64950766efc0e394184bdc8e2891d66bd3300ecc880e9d6a3d0eb6153223" + "78afc3dba89938704e9a8d0c949d4bae9838805c00377e3fe5ec6a1a98ad7eaaba6b5009" + "73dac48b26b7fb2e1b9889f8c387de535d4b2363", + "30f2849a713aeac95fde5ce3af853e9d070ee60709eccf35a076567be2c43f0fa34420b0" + "fc097ff577221275a3a56e759efc32183be2d76058a7d20e5dd59f00415114d73a15b8f", + "0406d4ed3cf180e0e307745faa49247f269c3fa0a69042b3b78ad645f43eaa50d479622e" + "27429a6b6b1889944f85975fec8018d3321ed38f6c7d91f2efc98467a027ba4a02c7f231" + "b405f2ebf6abf7d53fa32865a9b6ada9bee51c1fe26cad74dd6ef78f13872f340d641700" + "31becb5073001fbca373be4e32ac3425d705ee942e6c4e639bf72379e34776680a387a0c" + "6d", + "0da9d8647d0950f558a3831b47858168b3379656e603f2bd44046ac7546892d1a7318c5a" + "9873c6ff85683edd3881a0f1af5501d17939f0825ed37bfc9a2d95faf43d3be92b237ef", + "0fc7eaeef74806606fe51882c6928a06bf552d18dcc4d326d44a540abb728146657048b2" + "0e5fe2868beb5f04f32d43e9ac23a7f22c6bf325bca24f5e3161c868911ee61baa8a3c6", + "33d63693268f3762635373fc901fd72e525965ac17e2cc009177f03bd3524107b30e4c6d" + "80bbc4f87fb1f288ed56812994541fe063f1d91afa7213bed8be5693dc6c17ec9a0714f" }, + { NID_sect571r1, NID_sha384, + "2baa1ac3f07e34b67b6af087400f261e138b070c8475378063286c16fa73578303380236" + "a4af2484ea01ba56c1c619f6ae4e5e6ac2594c8e5aae7e7f196f96fc5d0f507bebedd4d8" + "18e77b9120e5b4bc01c7ab6339e88b71d0886631cc7fd89659bf513faf149c61eb14d550" + "60c8dfc7e6e4c2b4ec8edaaa6bc36eca50a6feef", + "2ebb73d04e6e5361e20629e3ad119b33db5163ed91fd9a8aec4b774898784b6822a08992" + "118a8fe6013094bad0be1e9bf01b27c069e4335bff7e0abd28a10443818f6b825e9cef1", + "04001710eb0167e8c948d381e3a75aa1e036b70c414f69260aab434ee20b6724dd7393fc" + "487b5b3822e5e8065b06d0785a4a7be7193352d5b9eee66755ba106ba6e40f98a08c730a" + "0c06006f98fc25a641a7c6e67fedd37aaad77a9102be3e1e7d32dcb4c68029e623a42f4c" + "a7d1ea725bfd475756b80e18904107c460fc03b9bd68aa46f9dfbd60618670c4d9a68a32" + "87", + "1861e2a356a6fa8096418cde7fa17f1b893a7b63810f3fd807a82bf4c745aafdc4963eb7" + "a0ad0488a776e915b64d2b684e46d244703eb63b77835167908f2d6b06a2ed7b53f0717", + "046688e12d26cd96bb05d3f418d8ec34f4426f594acd2bfd8e9abd79405e612d60737007" + "440424bc4f546c54b7402d11880f68edd996f49277b729450f7dda5d05986b014b5244f", + "341a80e74f3a69b966ef81ae95dbdd60ed5a0446416653c4df431ff7c4b4272665a52337" + "9d76725e9fbe196018f0e747100084c823b95d7c7b1785d3623e52e9adbe773b81b49d3" }, + { NID_sect571r1, NID_sha384, + "0e640581f573068d8ebd2899a6aaeed0bf987ee11e22b05d25e88e9a1c3451f45ee3800d" + "976f4603c18a041febef07a01086832a6f7ecd5d498d52e796a9d90758c87c36f4a5b704" + "a39c456aaee2d5278183d5815d619c193da9fbc427d701bab0874bded848cb4bb066f56e" + "119b637c78aeb6eaa387c41bec6cdd4bf7b2061a", + "1bfab717d6f6e16d9bc6e89d2ffac7cbe0f808cc8ca2eb515af7ecce5f3b230303775710" + "a21bd25c2cc4566bb53c78c78e3774a9f306c751cc6e149929e45eef60f56c1d2388c6d", + "0406935c3e8b58f7bacd045e745054c227687800ddd86d6e0c8b1e426f4df0e4b71feede" + "fa9172c43becebbeee8ee382a75396fc5f29ef3d2cc55f8afa9232038609b5034513b222" + "cf0138463efe3b32259dd90b759062f848deda84f2bcc0d687c410f1ad2dd745517c96c3" + "451432b1e490902208cabb68bb872ec493eabdf1f3b07595d23a54c53e512777abffb7fc" + "65", + "00025bd48e2dbbf1ed8bd9c1514303dc503dd0799c7815870b902249cd1d7368380853d3" + "6f7fdefad973700ded1e0d66950181b0aeac73eb622c880571315f09504ed26e28e85a1", + "1b9d6ccb19b208022d3a579a66957429682517e84a71be42fd571fbbd0247609d0b5b338" + "08189efb52d21e6421d3b08821d82900577791b1c54e239b0d908bfbcdc060cfedaefb2", + "3356320389ffde577496c5b46a0de6d53005f5ae3489c0d292c5f460a3b7adc5bd204bc5" + "0a3bcc8538e0f8319c79b9024b065223b7ed9b0f211c5c224d363f5bdfe04db97f99e19" }, + { NID_sect571r1, NID_sha384, + "51a2a560ba226d629127ce1ea7e812219ceaddd23561256331458c9f11fe73990f21d0dc" + "d974a3773040090cfdc8e0f01692d951a0cbb60f8448a016c67abf46a9c150466ac77e65" + "6ea827b0ea7d1e77ea32071ba8314fc8a2edf69008f498bd1c18061d7d00f3340a7e2cd7" + "3e9766862378d8702e804a1870b442beb2d0aa14", + "00cc53bf7f1cad5e3dede4b4f4b082831604c92dd2b147869cdf1107259305b1d5035964" + "7f9f3d7d4e1e608865c65dc7c9ea46bc324dcb8423b554dc369d621743cbfb592b70eb5", + "04020187d7de90652caf1210703ef65cada3b88f978e14ce6055847be7127602ba7a5391" + "cef0fc9b009134105da7b09b49beb7ba2f961b84e6d66bd818ea99ec106c6e8428b17394" + "a60197aef36e47b571ccc0b41f948392d6061060063137d8c3b999ae507b76132fea1563" + "775be555616cb5816b9b19e42b34f9673aab833f4beb9d1a0848a4bbf2f6f44cd0398274" + "8c", + "08acd0f8f9660d21d62f391112908be73a4342767328d3375a8806dffd2598b6d77fcb47" + "93e69f2390389a78c2b11866cf0f03666a60ad088d2c77bbc49fff6efc5b7283d02bf36", + "1004bfb78dc0e4fc0f2624bec6893d717a476fc76bb5c1d94c1dbf157aab5d1dc80f98a3" + "aeabaac94d9cf9e26e1dd172f5d8fcd5b2d48cb3b7f0a4863813357b5cf8eae84478e44", + "30b1c8857977181d12c53cc2efc53a427801cde2890cf2ea2c99c6958b6869d0ac78ee2c" + "846c241362c885835af49c47d20c30f3cbfab27d9cfeaa6d858694bab059229e30bf845" }, + { NID_sect571r1, NID_sha384, + "90eeecff0a2e37df318c441df220dfea013ef29774ee92a56b213e13a798858f31e52b6c" + "cb7599e7314f12b48a89884b113c1ba0526a54f3e9a33c940944319e084bff320cf5f391" + "c02c731c4c4f8b05afa273374a1705d6c85337782ba7d36b9c00767180cad6422c11c581" + "672ff631fa4c49d41b02481568ec87ea97220400", + "2b009530cb9d586e35dd8951ccb686833afb7a37ec253e547e85b253ba999f0f186b6d4b" + "a41091615fe57678e9801b4dc94fa683511da25637b2acc9fe60936be15af16234c4ee7", + "0405913ab6a2287d946b5b6d1e6c3d64117e085da7cf6388e333cf58d22494f4b067c684" + "dca770ddbcea5db73f048b296e9c17284a8912b3cb722d9eaa17b6b1209311fb8e8757cb" + "f50007124ac6c48ac56746563db247bcfe6b20215ccc5cfb1d43c923daa07d429c8f0513" + "bd1ff1180ef0f7927fa23fda1af25d20b22c935c426f9ccb402c358b57b812516c431117" + "79", + "27a80a19e9c320b57146845fcf97d6debcffbcae877c33c62aec62a3351ef40bd90ef4c2" + "ca39f9e51086931d82eec4ee7870365cb14e9c54ae735069801ef12c571bf1c7c1cf6e6", + "1de22c8984c593a0948164e6cc8631489133972482f6a7fb1c3c13f97e4584604930d369" + "224850a1d24f267f41bc6fca04ad79326aef61f0d429e0e1b9e9d9686ee10f2bc52b104", + "085c6b34687081e280a180cd0c4ffe95cebbb0ad6d3b20a7341e467812f88c23973701cb" + "f3cd2bcd2811415d0bf0cd9df229a88754f4cb0c225a2d11f57369a29edfd7b04639055" }, + { NID_sect571r1, NID_sha384, + "d3740cad41e2e365d80ae81da97fdf06d8b6c278b505e34cb683fb55ddc5189da5435409" + "14c0accd405dbf0063f6222885fda4b316dad4a83fd03e8d7b7e936f87fc0a5b095defc8" + "a4b22fa97f00b394e672d5efd3e0a230c7e44dfeebda88641143502a400ed62e2a51f956" + "1e5d652a43d616f16699e875deb9610c77de8e1c", + "2cc2d0d7189cc8fb3565a039aee7633ddc00ff427cafad32fd2010b10fe249c9724d9178" + "5e7080203626038109158e3a61a3970aa3e51688aa7f5184b22f63af63f80d3540ec023", + "0405fe95a030efac2e5d9522680da58606e3e7544a317a3f24d726b69238367d30fa5868" + "64d8c143c3695126ce8dffbc7e7fb789f956dbf53aabbc38af988ce50f1fb30294ea3e2d" + "480193d1e745d82781ae5c3b3d2233e502959d6862fa7987c6416584504f65639ca76557" + "8378b75d3844df179cefdeccff3c4c43aeb8865063e176fd43a27c93e329f8d4f6fd5bad" + "21", + "02df3920fe4d328315353ff11b0264045248b32f48e860dc59d931ad65f39e97e3a683c7" + "b5c64b21c3fa50a9685fa11f49df9b14ddaae03eb02754b01e03f60fc6aef1e5d6d7d3c", + "1b91c4217b1580cfab56812c16bb5aefc1534ee8d049aa2e1d52a5bfc11519ff89f0d36e" + "a2bfdfce8b5d3cf1527dcf700c0208a70595e9ebe4feafd0eb597e05df54212fd6eca3e", + "21ce52440267fb16e713eabb8bf2d502c81939799f9d09cf48a50dce5da999f3b457dcd7" + "3c212d5d070056b1f373b07ad06e90d96febb7f8cdb4c423ef946f0799c038a3ee68ff4" }, + { NID_sect571r1, NID_sha384, + "5eb53b5f92121396c5ff30e0c92da48db4fbbdbf27297f9bc82614ab78f7fd863e34096c" + "615a02e349d8bc7ae4b0700130704bedf32756b5ee6af10da1cd717d624fadc57a9aa6db" + "4a6c5d6254c0e8f8c3c0d4d03c264eeeafd52cac2c1968d9d85b106167a49d0ccdbefb20" + "bdc10a2555f8149203af52853169a02db94e5e2a", + "3d8936c00c131e38c6566d2464c4e207c878070bbf681695a6cd98cab2c6e80fe98cda80" + "c66a5cf584e90a071144dda59c07b8fc7bb42464dbee5b6f739b0f2ee5fdff7e5a4e7cf", + "0400fc3a8a320e816305772bd5116cec2795d58633a9f490be8a1a360f21d2aebed6038c" + "a4a5081288b6bdb1066307c26897ce38c24f8ccc98a63e371ff6b54f6016917b430c267a" + "f7069719c868d8fd25a38a7338811904e3330a7b2289a8384bf24f6dad5312160f0093bf" + "556fa061ca5e52d6676a8f1a3e4656740c82d3cddf0ac4f903ea885d42610bf1b45d9e57" + "a1", + "050da632cd7aa58340adeb20389a2cb9897b8ec944c47e7177da65d9386a9dec5d63be7b" + "b2d0f5b4943932e1fd7d87d5d7a80bc50a63dfd101a6a28005c894c6a6fa4c652dc519c", + "0e6152b9050127bf306662f6beee81d024492b91efe87a56e70596a4a72cd02dd2f10b97" + "0c9a69909f85bf4783dcd3c32505d7c148166ab43b503ab098b6d95ef09a7932359f60e", + "1f7d68d53ba161b61eeb17139eeae1587a6bd148e288c1f73a6bfb3a0d1f6dd8f9cdc27f" + "a9e8c7a681410500c097ad01f320303421f1239b4a9c4d5446562b5b3cb2fc45a6fe239" }, + { NID_sect571r1, NID_sha384, + "5aced64f702a57ed7fabd045a40c967a485d2a70b0a5e82561d5141ef329469b2da5964a" + "34df203a980111a77adca376c643b9030aa74516f054648c1534d912ea66582adf3c655d" + "bd71ca55e47412315df5e2893e43b2e2dfe6e4dedf426f11846ebef34a99f5615460ce04" + "75f7bc54b4a4fd99e83c982097c3136ac6188a5c", + "3dc7de970bce28a943d7599f2a9010fc99435b93bc4ba884d42503ac2941aa63fd07db34" + "bcbb1127d56d6a4e277d6ca32051ea3467e376f74f98c3999d2f276b282ef8a28cf0cbc", + "0402066a50b9f961a58620f473fcf7d5eb635da47f4ce362f428669ea578d50d1c1513c1" + "45adcc03ba98f3d67bb422141c73e2f94ef9559ccfdc0be20eb206d3d114a5db302bd075" + "1f04437e655bd255e7f013d197210bed70c5c1a6cc1daccb96145c9c438c8a44b4074629" + "830d8df9914166c9378b33040d71918cdd0f47fa64b7c69f43eee0f34414b8f64882f90a" + "c3", + "3b2e20f4e258b7f0cf69a460fece9b4794a12a37c0f8e7aa6f4f51dbfaf508f6f1e0160a" + "b4388891efb09f0ca1f73178f0e8598750c9debd3ff856cb3a2872762ef9e16487a9513", + "2f265aa99ff806ffeacbf9ef7be575ce5300d3cfd4225b1835774ee075d7e530c9fdcd68" + "1584223f84a497119b4eb1fe34cd31d654c2fa262d7549acc251cece9530b26cfa3ab35", + "2c05ce4b35544bd1f20a68eae7f3483e0a0628dbb53f0466166257f69a7a110d2838a76d" + "204e7a955a8977508e65f2ef6d7deee13e4e2ec0f2b9a8b4bedc26b3502813b0334a1b0" }, + { NID_sect571r1, NID_sha384, + "43c24aea343d4e088bea25be69a332c631275c36677093e057de69cc83a4c5e70ab270e5" + "a8930f55846f1a22ec10e03007dcf0942c6761e89c65c6a4f032eed97dc3a2c7f7ed1e82" + "552fe48828a132ba16c41f6bd82a49335428a24fa1679522000e6a1d12c646e0e4b4c584" + "398577ea9493bb334fa3cee8bfdb6c2e66f46436", + "2de6ee12eefa7a4a736484b19b42a513dfc059a060976edc3b0aa4b50e98d72df6506fed" + "0499ff8480986748e938289e54a5e86c0c29733a9bcf5985aa63d8a2b57933a04a8e8e0", + "040073fa1b62d469f2991d54f1472b60da87ba51be0a9dea361d417b91a4a75373695e9f" + "27b3c672322315d7b566b1f22b96c54adce3e958080fa8a02836955f6264dad3a87fd11f" + "060452c0a07ff65fff741c96851657a5afc7eeca239622e1260414ed736a04e487157c52" + "da98a7845bcf6f311e0f2e59bb92248b6d47dcb93da6f7e0af644b7aec7603a01950293d" + "8c", + "1c87653066057636f9a98a7c69a84e103df480a92739abc4d5ba53891591e3aaaef6ef3e" + "f5e89213abbf71af9c84d3b30898580e782f557a03694446492afb05ab801d7dd631c8c", + "086d539546c61e82d74319f0180411172acaf08b5296dc6435d4ed7bd50cf23d3a071deb" + "3be01f74408e64ad244f069cd41227ba127145df5a357489f944b61606ec75e8377db81", + "0a34d9975fbd601614d04aa41506b03fc15189ee8102c0431272d691a322f3e77bcfd19d" + "8bddd19b307012b6c6349f5ecf88b5a69e83588b0e18096117f207304b38c16a9a8592b" }, + { NID_sect571r1, NID_sha384, + "e89210565959d93b483659e62cf41f0a0147ea23890c2f1a694c377a826165e363860e4b" + "084016cda878a43eb68465f81f397ecd50087a25215ce7c4ededa3552218071fa3acd7ae" + "380655fc8fa884998209ffc8a2c26f1ca19dfcfee455dad35a4e72caecd8da47eb9ee21b" + "889162f5d3032724abfd1a31e68612e18bfa9006", + "05468f0df2c9854f5f655743e79c750fd8812db28b096d97207bae7f5aafc6b6090c9c63" + "6ead9e0fde32a1ff8d539b53813733ca812b41b58ff85a941abe4f128d59fdf9847baa4", + "0406591750fbc104f82c213fe88aa620e8a960fd6140598e2e6282e0d5c5ecffd09d22ed" + "94166109561a7f4f694e171189056d8b300b54c8134485500effc7123aaa23862e897912" + "42005bf8ec10a9ac6a92c54e7fb2135e2aa4f84da571d33227bde0aa2e6c153207488223" + "5f3103d9a51e80b7a9a19067f35047ddc52462db7c634c291e8fc5eb2154f6913bd0846b" + "88", + "242308c430de514be1b9084a7e6c96894cd5615a7c71ea22316e539986e9702080ff6cee" + "f2980144c55d9749830c20c9ea90b93dfcdd28fd862b6a15748dbb3d982e4a275129c75", + "361e1b7a0f981bcc65480b370c5e09b1c2e2a67cf41646f6a3d829f663c0911589223740" + "0317601fcee78a04269411d267dad3e8fc6f069529fbdf0bcf9b5f13c9c6de1681e8b0a", + "2620c29f86cbf698cca5f79de364ae131345a802c0cccfaefdd7375dcc9ba6ccac91f709" + "43eb606506e51e2ced50491eb8f48769810b6dc178d56702838f1c2f0930f2a9e4f1db6" }, + { NID_sect571r1, NID_sha384, + "48629ec97f56273599cd9903f8a84ac2ba74275b40e1e42fa47649568babe05cf63c8417" + "d828251acc2eec525b56dc9082b68d51b0c2bbaa7389fbee15d058cf482993b2bedc5a91" + "01f1afdc79989a812478245d191550109fc17215679553c508c84e3d4cfdea377088d09e" + "b214e6f92410facee4790beeecafe72b2e3ed192", + "3d3c6a7ab9450c94aa3b8a1ffb678e5b647af24cbfd66ee3944e6f264f406295b8037674" + "71fc67936fdfed1714b4b8761a07eec86543b7c4da6bd2fcb33fa8cda4077737f398e18", + "04042d536f1b15a22f4ba80066798d8d1c2704988eeb9423319c1850a1ae6bba4097307b" + "515640ed3112e93f1f6ae67c60a4b0d2b6634aa7038a60b52b2b447fd1651857b71711c9" + "75079eb18cc7493a1c7f2f9b621969b9ce9ee37fc0701f6cf56f5d5dc6efb13a384517a3" + "87f253aae1e93bb0a919b0c22e4d6cbc79b449b268a068b7eb2853324b96715d75b8c26f" + "27", + "23ce112d60a2f7c29d77d64acd9f587e0eb75ef8e739b8548e154681efc24243594eef5e" + "33d845b1e4e89bac56f2e9586e042e0fff38bcf79c73fc9aa5fc908261df5cd2c6cb821", + "3a770df8a2bc35e122c1bd551c38400be47f2499ff57618ccd01e14a2e35e87a67b0e40f" + "9a10eee7efcc3d37b474f2840fb8c24a9adf93734680ae6b25818369c8608a2f8f338f1", + "0728a4eae5f5638a51579e224a24ecd4c997001bb8681e23a7476fbf78b4fab84497000f" + "20c1e67e8a4e4116498bcee49ff00026009af31c1037172188aacd264fde8db15c97167" }, + { NID_sect571r1, NID_sha384, + "aa3a9fe467b1ca638dd0622c9ea235a418b39b2e15ad81fee01b6892b240783d8db3c72e" + "16c13df8016dac6addbfb85232158325bd7432fca3b8bf5db3abd0b4c5ccd0999609dc42" + "199ca4680692a0805cdd68108bcb493a558ab507cec0a2782a9e976928985352edb2abc0" + "c07078b59d2fd86fda7fc76cfe573181d934c46c", + "01ce010ea8e6e1a0c26ab22eb90f0700dc73b232c429d36371e68e429792afb7223f1032" + "7708bcff779ea55fb5f22ad87aa054e84d10f5450f1bc9a89279062ea2173f55ab0f76c", + "0404b2b5acef5921e691f10ade81b91ba8e68e73b33a2494cf4ca6617707861f334eb07c" + "a96dfd681dd63f78102f8d792d66102117b739d477e431d9a3efd79bfcc18cea156db58a" + "0e07e421337d4cb7a98cf9c9c6fdf9fa242904d9906d8a6759ef64a82cbf923b2a57073e" + "a0eabd14aa4295bec84d50a1722fecad3e5f064bd3171facdfff45b170e49f185a3c193f" + "2a", + "326b62065b7c779dc398ee03a8332cfb940b0f24a7d3de4a90323d9e390ad3fb1f0036ab" + "f6f525d8d88ab6641302d10db447b78780d366f32ce36ae571e323124b21984c48aea7d", + "3d2b207b428829ed5100a92f7276e16978e374c734834b0d627cddf6aff5cab72dafefc6" + "c038a91426e35ee0f2c1acc11c55a34a89874100b89588aba7b02e19490e66eb49ef6ed", + "3259fef5c2a0779ae408b26e6c7d581fa973156cdb07c329dde0c12b6c498e7a94577719" + "865b7fcc0db078ba72a27bf338ec6b8aa41c15963538c329c55dee67833faebe3b643ad" }, + { NID_sect571r1, NID_sha384, + "6c3937014361799f1461f652841b5137eb0dcaf01dd293298d002f27e9a770b9e1a30367" + "e35c04603881f0c814cf8ecfbe1619cc49cd516b1d60d27de37ed52a5e1cc300e2face46" + "69f308ebe6747255a3d386f16778e494a7cdd10b45171b2bfcdabd91b805bf24857708c1" + "b75e368edb2874321324f83a19154d3a1578c767", + "1e7410d012aeef02b3723346d24ebafd684c99087ecccaea1cf3735d52c4c81dda41812c" + "09f1e874dc964d858ca240a19963d5dc89451f5dd6764426ae41cb23f19cbfdca0fc562", + "040400a3bb3ff07a339ff98f7c45fe032cf42c0e25de8dee2934ce42dfb0c9894f4fce27" + "fef299b41beb8579270efc7b01c0663c3f72d7bdd9f6ff5186eca9c42d15faaef8784211" + "a5006fe998f7a0db06efed050d178865a2b7de6ca7c789cedff7f2158a5e07ac1d335ec0" + "dbd213fc9465399028fad8b7f4d2cd16fb8ceae4d3d53abefd2b4037efd7f7245296bfdf" + "9d", + "2bb0fb9c428e42482d5dbdb35157ad0fa713fe732dac8604c0194e3f9738fac5cf3874bd" + "863718712a3da45b7c4612c8685465ecaec0930d9fec32ab25818d2f25fad580009b698", + "1062386d3e77043298eb88be46bd4e6f33c83a7358926b30ca06a6b7139815f6e1630f73" + "d352a2cb9bc0619d08a89d4bde1636c74b6580543ed743073eec2ae0037bea2b3c9228e", + "1ceef759d804ff7de526559636d0bc7930c096c7b959f04f8fec5d7e96129fba14c8341b" + "0ed84a64c6cce7cd5b058fab7f44dcf3e714544c9b6f9c1d46ce512870deb51856e9dec" }, + { NID_sect571r1, NID_sha384, + "12fea55ffda15db902aa6a4388b9807c89c193cbf75b5d2a4c95206fa43dedc45974c800" + "79933451bdc5b3ea015ed3ca2c54156dc61afb1bc82adefed1491302a48b9d3d2f474ab4" + "5343c611677d360515b93fb36da7a1c1b2341c9cce185c881c0beef33d43967134a190c0" + "9034ae3261f3295b79aebd3fe123616f73cf2089", + "2139839ce38eb879d266065dde5e5ea227244323b330e3ad5a0bc690f3c210f794cf18f0" + "d730693887548bfbc434f48ee10ed34cb41d52172b06e448df938170a5e17311cab8e88", + "0402ecf46b90616b534ea25cc9993942fd7576a1c4f2f443d3b1f56d4490bf0af669c9eb" + "9d110fe2a65609875e1a924bc4b9ed2ed2315047bbaeadaa1029b38a7a87dd8751d4128e" + "8002aec3a2f2557c7152a4907af68aa39485274f20927b2da70823440fbd09cbc308d46e" + "30bd6b705f615b7074fe5421ca36b4aa53861983eceae9a69649495952e75b0f060b5d26" + "e4", + "2e3412b61eb23d33ca2910dc25dd14c04d2c8b403d8077a72b9511d71ee9da6d7e1db093" + "b92287f8fb00aea0576f6712c56d80cc4e3554e0faa9c7d911e3d17682de831bf649bd9", + "06a3075efec81a86175cd1dc2bfe82e83aff1db640184a6a3ed7a0dcdef51aa0be0005c5" + "4ac05f9b65af265af7f2ec3d1d7c137184b0d695d701ff1aed194faf2efa98ce6c5e502", + "237d7ff92480fa7d6d1f5a0564a2608afe5e95ce2c29dd88853d1ad9d4d2beb8d1f0423e" + "db883faadd592394f52048bf2dc26d2dc19279477ed86621c7a5960ee3c3e2d345fda29" }, + { NID_sect571r1, NID_sha384, + "c8395546842ddb545d8ea3db4efe970453dcb06025ac3b7a25aa5ef62070f3021b9a1fea" + "91ff7055b6c398073e7886a6f71afe53c82c47b71377dfe291972503bbeb25bd477bf0e7" + "adc8a5d3f8b34ccd0080d61e121214e1b29802b711cdd8a6bb2275a2395c467ec2c15719" + "52992e448d736d8bd70ee629c75b5e32b8323a00", + "274f70fe69e4dbb55c5d404e39f5196335047113087f8711f2f67f2be4964e4fbcb86568" + "0758df1c401cd677b0971654b7a6aeb7bee0d6d80ac0de14d4f46f356b2d5545c185aa6", + "0402b2321e0a1df083919628dd8b4c318b9ded8a3e660ce5585b21e46843228b4d32da76" + "5a3776c181654aad0ce90724bf85b01b051d236342b48d41a1dbda1e9904d659c98a039a" + "97020227182fcf099d46d9882c0b0f26b0595a2a3166248898df2f3fd27c78e7c0b8b59e" + "f0ed6745660c0dea1acb567f9d943928864dd1e94f8eb6b5b8473c0c91485643189cf679" + "d2", + "2f234066c936625fca10dd080cbbb1228c4d2054cbdeafc8a0a248c0d22807fc92c661b4" + "f69586ecf9469bc4c22895cc73ecf492fb2165a12b027194d409677e7185de24f6870a3", + "3a48daa8e379b3b2f377049a4d462530c9ea67019752f4af4b4192b02d6e028386dcb9ef" + "95c8019e90e09dfc8dff5e6f6812df491906ced39befedf16caef614d8c174e7ea95fc1", + "33f18738cb26d88c8c048c58a210c7be70c71636dc62c022df1bd7747d8c67bfcf5ff2fb" + "3990ed35becf6c77755ac62aed480df55efea578671bd8d50536a10e2c0192bd42d78e2" }, + { NID_sect571r1, NID_sha512, + "10d2e00ae57176c79cdfc746c0c887abe799ee445b151b008e3d9f81eb69be40298ddf37" + "b5c45a9b6e5ff83785d8c140cf11e6a4c3879a2845796872363da24b10f1f8d9cc48f8af" + "20681dceb60dd62095d6d3b1779a4a805de3d74e38983b24c0748618e2f92ef7cac257ff" + "4bd1f41113f2891eb13c47930e69ddbe91f270fb", + "03e1b03ffca4399d5b439fac8f87a5cb06930f00d304193d7daf83d5947d0c1e293f74ae" + "f8e56849f16147133c37a6b3d1b1883e5d61d6b871ea036c5291d9a74541f28878cb986", + "0403b236fc135d849d50140fdaae1045e6ae35ef61091e98f5059b30eb16acdd0deb2bc0" + "d3544bc3a666e0014e50030134fe5466a9e4d3911ed580e28851f3747c0010888e819d3d" + "1f03a8b6627a587d289032bd76374d16771188d7ff281c39542c8977f6872fa932e5daa1" + "4e13792dea9ffe8e9f68d6b525ec99b81a5a60cfb0590cc6f297cfff8d7ba1a8bb81fe2e" + "16", + "2e56a94cfbbcd293e242f0c2a2e9df289a9480e6ba52e0f00fa19bcf2a7769bd155e6b79" + "ddbd6a8646b0e69c8baea27f8034a18796e8eb4fe6e0e2358c383521d9375d2b6b437f9", + "2eb1c5c1fc93cf3c8babed12c031cf1504e094174fd335104cbe4a2abd210b5a14b1c3a4" + "55579f1ed0517c31822340e4dd3c1f967e1b4b9d071a1072afc1a199f8c548cd449a634", + "22f97bb48641235826cf4e597fa8de849402d6bd6114ad2d7fbcf53a08247e5ee921f1bd" + "5994dffee36eedff5592bb93b8bb148214da3b7baebffbd96b4f86c55b3f6bbac142442" }, + { NID_sect571r1, NID_sha512, + "b61a0849a28672cb536fcf61ea2eb389d02ff7a09aa391744cae6597bd56703c40c50ca2" + "dee5f7ee796acfd47322f03d8dbe4d99dc8eec588b4e5467f123075b2d74b2a0b0bbfd3a" + "c5487a905fad6d6ac1421c2e564c0cf15e1f0f10bc31c249b7b46edd2462a55f85560d99" + "bde9d5b06b97817d1dbe0a67c701d6e6e7878272", + "2e09ffd8b434bb7f67d1d3ccf482164f1653c6e4ec64dec2517aa21b7a93b2b21ea1eebb" + "54734882f29303e489f02e3b741a87287e2dcdf3858eb6d2ec668f8b5b26f442ce513a2", + "04036f1be8738dd7dae4486b86a08fe90424f3673e76b10e739442e15f3bfafaf841842a" + "c98e490521b7e7bb94c127529f6ec6a42cc6f06fc80606f1210fe020ff508148f93301c9" + "d304d39666ebe99fe214336ad440d776c88eb916f2f4a3433548b87d2aebed840b424d15" + "c8341b4a0a657bf6a234d4fe78631c8e07ac1f4dc7474cd6b4545d536b7b17c160db4562" + "d9", + "378e7801566d7b77db7a474717ab2195b02957cc264a9449d4126a7cc574728ed5a4769a" + "bd5dde987ca66cfe3d45b5fc52ffd266acb8a8bb3fcb4b60f7febbf48aebe33bd3efbdd", + "3d8105f87fe3166046c08e80a28acc98a80b8b7a729623053c2a9e80afd06756edfe09bd" + "cf3035f6829ede041b745955d219dc5d30ddd8b37f6ba0f6d2857504cdc68a1ed812a10", + "34db9998dc53527114518a7ce3783d674ca8cced823fa05e2942e7a0a20b3cc583dcd930" + "c43f9b93079c5ee18a1f5a66e7c3527c18610f9b47a4da7e245ef803e0662e4d2ad721c" }, + { NID_sect571r1, NID_sha512, + "ba6be551bc60653192401ed8ff9e1acd9013d8811a7a1389528bf07438366f5772cd7aed" + "ad010c19c47622cec03a4d35b8003b39ed901b720629ab59de55a03c1ca50a62987f8da1" + "59e356245df58d5ae1936e65f3cd3acbe03ad1d0fcab4aaf2a7a947549ae776772201efb" + "c6fab1aebfa1d99994d4f43dc28f39c0f279b992", + "2a69bc1df069c6e89722521a63675f318252be629e7558f3716917998e660ac960b0b750" + "562846fe6c12ef492951e51e224754bab84a6eacd4147a5f26ae85ee4381bb14ec2a8c7", + "0404685c0358ca31883cdfd7d609afa8b1e47540a97f473e0ebe98b0aaaab9418877aeea" + "d3a26fb01a4725fda20e7223a4fe7de0df6891c0812555b8b146918d3b80edd11615d95b" + "77067c92736447946c7577965b613e18950d813a4df049a6000895f9dac34d73ea46a83c" + "6a4e7c83831af0d33026825664c44090953521175b9da2a7ac563a0fc5e13c85d34aaf49" + "f2", + "1700d9ac00a987ff3a1d0be4290979317fe60f4f8ce1e0e72a026fc89e28c0070b76ada1" + "4f7a1a66ac2e8aef17eec18b568ada4fd59c05414e55356fc17d9e5079e6cabfc1f220d", + "23a279662efec48f6cf8c7334862525b52ac37a9b03da6a063da2849f878015632427834" + "34fca02fa23e32249666ddc6f596e07750ed21de303f4f10de56f1d37101cb0826bb8bf", + "3b449467b150cba0d7c2b44280c5ac452f1217384ce121c979625d313394f6cef501b819" + "80a02567ca55da2bc313dc0754b5256b08d8e3b63ea033253b205cc5dcb014574b8e9a0" }, + { NID_sect571r1, NID_sha512, + "295720a79ac8201f40a66b06ae5d970afb15f36582897eed25cd92edcd00f70ac8e31c55" + "6eed4375ea044c2e8b227a8e02c0a3e996c9272d52ac7b3ad43b80f217295dddc84b177c" + "f1e800ad08bf7fdd021fb2f49b54162092f8d628679c4ee335abbc90c027264c8b288c6e" + "16eca3172eaa297ba50626b00fe0a0ad3a9dbeeb", + "0d11ed1b78b22b3420df4ddc4acc7c2286d9569dd6dd88e0fa3ecae69bcced68bb81bbb4" + "ca6e9b54e67856e7fdf39155aa27aecb9cc827ccb9cdcf9ac633561b27d8eebfc261aee", + "0401868a1335058a69e3ce24ea4e6e8dc25851777bb28d3a5da67b741ec9c46e26f2d2ae" + "70a48c3e4feabb3b15b3c3ebd561f667ef3b95a587621de6073b9c8a904755566c5f7a3b" + "4206365a03c3f3066eca1af17bbbd08cd52e89f8095075b415cd4b82f3364cbff008fe36" + "42fe71e8a8c634ad0e5d9979251e6cedd42cb97c2203f743210051f5ee1b70c861d2a72c" + "00", + "075e49d2ff6f2aa8b44fad90446474ee0e72323a3c39e731b6c2b075cce0cb9d193bc335" + "6f8fdae0e0143603a57028836ee6451cab101a6eb550042cb41b5c4233d3ad3e87034d1", + "207a8eed0b87efe65ec558a0ccbecb13b9215e176abd93c1a4803fcae713927ece70ec6c" + "41c621357d78a13a950958871a52621f1de7ab74befd964a0e8f4820b84af3e0811bc67", + "2f02017714f54089652e02af36ac5165e44ac4a83747c805a9e003fde4bdb29561dcead2" + "c76b02c195074396a2dcc1b93a256c721716f8eeda8dae443c3eea446118fec3cebc4dc" }, + { NID_sect571r1, NID_sha512, + "a9cff41c6dfdc4a12f31dc375a5455950077ae323d0b7a3d9a8dde73b76e9d7b94ddf9c8" + "8ae8e6c262d704052ac47681fc35adfc56c904baaa6e146eb653984369d76a85596cb744" + "941aa7b558c945ff2e81bd5ef7f00ecb4f43af23b4cea3bd4ba7b1899f1868a0c0ecfc62" + "ccb1d588955597ffbbaf34cab2838efc2b866669", + "2c36ef754b5bd065e9eadde684750acc52795be80f54dd3d7a7d743d968a18f7e404bd71" + "f8a76eb0395f396df5a7c2ff7e0ab6de35df34282fda6ee01fe5b9b68ecb4e378dbe32e", + "0404805e1a23b6eadcf91647b40903bc1fd3b9921861c942fc24d2c03d0544e7c01f004c" + "aeed04b5c4ebbce366a098a878c322cbebe7910bfb0f91b284ac1aef344152fc5831669b" + "7904f589ddb4da482ba1e9a59241b1dfbc7e9b9b69e8f69f8e90460ad58fdecc48a56842" + "ea6aa0537abec0a605ebfb713e588685a98f62e05a7d52082bfd57e3d68fb7851b37ec55" + "67", + "2f2002bdde0c0b0fd92e96abe76c0858e42fd7d94a181c711fc6753572539e18effa8155" + "cde7b1e9ceab2394f9eba874b7ea257d7c308c8ac08500f4944af5f33057650608db8fe", + "27f9109799bced42730faecdeea68259383a45033c6d5dc8d87adf994b46beb34177e013" + "700b13f1253cf756a8866218e9c8adc180f3c242c56b3de28405b36940d53c2aab24f1a", + "20a762ffb2f5a88b0e1356964fb558b555c424946109d16c7548f41a33cfe41da1f48327" + "6a27b188faf948a56670716ddf3b187570c9f514869c4492d7773d6ce453a075f9bc64f" }, + { NID_sect571r1, NID_sha512, + "efa6c582d7fcf5e431aa89b3b00180c0e78efd7ccb0384d90b80e59a115a13e55001d951" + "528c42860132531c9b8ab29dda7a657c53c2ce96fd85549f6f1810e121eb89961295335e" + "aa0e40532d85814a4206e6fffdf9bff76599da9b2e71a22ed572910b0e3bae38ad72c704" + "2579f106739a8628dea5a745168bd918736e488a", + "19ffee50be5496507e3ef5c40ee88a49625e46d1dd1686a52b09ad4a8e3ee9ef364f953b" + "fcd97c52104eecb6138067192997cd4ebadaccb73c7b2560879289a46353a756b73cc43", + "04077dca410e722009ef11b37742c2c003ab3015d0ca0328a70d9d41aae04cb64f7746f1" + "c348b08458eb3bb1788f9ffe7d0570a9b689a9b7aca43e05400bace7630d598f5b484d13" + "c407291f74cddd9ff69470cf0d92afaaddcc4c8c274d4a7a64fd94292ddc8bf080606795" + "376bb725ab4d32c72ef77dff34cfedd34aff2f463d635bfcd7e1fd002d84383dc5bf8d5d" + "23", + "2ea37750fc3bbdeec100694068d55f92fdf35bff9ed49251c4b8bbfb2dec2dd4446999af" + "8848e05c7b819aeb1864430ab4e8c1d684e1cf78947a71b04d5ab8ad61cc7e3e4e24205", + "12ff1852eaff37fee997531039adb1fb2f9b4f4199670c022e8534625fff1fa93390ee9b" + "c7204ad2ba3efc2233260943f1d2381a3cc025b78c6d1f660a7bd6f42e5ed3c123055a9", + "1b4d8abb28ef1a9d77066921ed50eba64b8433cf00c66b8467269a4a914f568cdb86c766" + "a7a6a52437c5d98cfc9a2130dfaba20f3c2001f31bba7071647d51fb9fbd5fc67ee120f" }, + { NID_sect571r1, NID_sha512, + "211acebfaf13bba33a9dd16722ec53baab92a140127d61372cbf1850f2fc894e942e25d7" + "80778235f880743953d04eca7a9205602e388172aec2abf35412b483490751f93b51239b" + "6701cb0aab14e5179b0d7f55d8586358381dd83e3e436bf69a6820317d1701750cb1fea1" + "293467ba589eec5f5779c2dbf2a9b8f28c4dc239", + "3129e96fd28c4198cc5242c1e3531a3979fae643d527044e98d7721aa56b5b4b45dfddfa" + "17a4115e10a2b4f46d92f81cbdd7e86e588a4c6d8c2b3a83f54cebcee1d1dd33e85d81a", + "04073a92abcc991e3f89d82c47fa0fec48e3e7c4d97e2525f8dc2d24da39f616af4a5a80" + "4d2603703f6db7cc9324c5b56a21009373f6605f561c8503394e7746e51273b5722ffbc2" + "3d00684c842f03a53a60cce087f4fcdbf23b7a28c48b6b6544f583342a65d97dd87037c6" + "fef176a1f00513713468273494a5be683b68c5e75bc08995fde763bb6f965da1acb7e894" + "f1", + "0165e52640fcaf8cbdbfe73cb8058c53045e7670aafb2def28d2c9eceb5ed1634b5339cc" + "47ba981eb6eb03ba714c7717e9ed5acc15c8f304702a0409bd4508015d4626cfc5484b1", + "27dcdf16b7156a7a05a752da28b5bd6b233e8a7c16eb7f9030f29c4352e6508f8424d1b5" + "ba789dac4152ac4812ff7975cce69908371a81a4d7d9dd70a8dabebdc4e3af27234f0d0", + "32a654a31f09a9803e502a1440c2bcf122780f4f47aa37e15991d9a548583fdca4880080" + "4712816b212cd3c657e6bd4cb7443a0288592541473c5086e1277250612c21346538374" }, + { NID_sect571r1, NID_sha512, + "ee592e20e0a45c18089c2e41460e65a7d22ed9714379f095d43a308bdd383128aaa6fb24" + "e9d35fd28fc95c5b792ad75c980d2cdf0f460ac60b12c5919d3cb28dac4d488196be6c2d" + "fe462b1b0ce59f8501692255840f5215c0fd8b74b1996a267a5e3b22d2841cf0a0b6315e" + "f4ec7180f1c8494f4c07d5869c01fa2711739efc", + "3d723d2697cd07dd8444f992f2ab4a063db334034c25ea9be99fd7a1f495e3a644e5ea03" + "3a41264e0d24a911e55741d0cab80a0bd678eaec2bd1e60424d4491eb86d664900d907e", + "0400c7a229b5fb9fc774c1b6250f3bba2f0972d1aada7080641c014d012db0637a0656a4" + "3024ec0ea25ff70012646dc19eeb1033aebcc96a001ba876b2f5def6e198b8d4a53f7c7f" + "4a009228a68eafaac214fdfa19923a0c19629de31ac0967c9d02c53dbf221f9affb735d3" + "bad732f381f1ca414d70920231a78f742254d895a33ffab492f8e6094a542e77962a324b" + "a4", + "3b3724a5933353bb9ff5f742f59385e780caa517a963590b7fc89882bed95cf90ca6365c" + "e8b882f2d96e56bd866a5c437733b681308c570c51ec893ea95fede66c7aaf4561173f7", + "2a487c1fc29426e8e85f0a35c177cd168a444959b2f5cd4519b9edd52af3ea829cfe964a" + "c2b59198af8e2d3859ebdf9885ebf57bdf5767da1611d3958de286f91ef397230d65599", + "10fc01efcb22b982f992efb71887bc79c3f32a9088bc2011c269924cee0f47c36452399d" + "499f2933587081b872e9fd2191c20cd5cd94927839228ebcf22cf7acdf4608a2fa66310" }, + { NID_sect571r1, NID_sha512, + "fffca41927debbd53455821441d9115db99fb31bfc69752a382f57bc7abe021f148346ee" + "29e17512c64b4918ab2391d12d6e5643bee6b5682885dc28177b292e23a37ff99b359b9c" + "f7578432af56e0ad1028a6cce7428980654c145af8daf09addbb3be11228d3c742defca9" + "d3b1667f48c63091fe3307ecf72667b02e008f24", + "1999ab45d66cd1d3a0fe6aa43bf5ef1e2a67637d53674f6fbbfb9b582be91fc42a12cdca" + "d94b50b0fc7ac55030de24a0b99fbc4314fa743ef4b5198bcc5f54d8b669fbed78e2e91", + "0400cbf3b0bb4a2e6c225aa922bea3b233da4661df5da7e0a1cd343a9b6655ee87fc60cd" + "763dee21eaa2b81c4dd5af6f4fadc3ceea643b37a6b17a6501e1b9b689fb0c4716911c1f" + "10014b5a9ae025f09066fffa6797ddf95f27eeade06b8ca5be5738f770362d5213c46ecf" + "ca58e3c60cb2bae1f8ab1bf0577c80b4fdad02819fc174cafb33df64fc0ec79713f7b252" + "09", + "253b533d3ad1c7095363e3fc80cb32471061e44dab3f9ae0ea6252f6ef169cee8badd3ec" + "cb77096ae9224f89baeee7e183058579680661655fb689419e36a61e8573de5ecb4cd09", + "3ba94f7682fb61de725a35caf1d4d799c4b05a1d1c44eb1c251dd8efab6b7d713c3fb917" + "776902a1bb202f9226558f4c1e75964349717e6dff938d0befea07a9ca1bbd429dd6318", + "226f43be8e24062180c726b5cb721cc04ffd3acd82183925523ff9e8631aecbec2c224d5" + "a291bb225f0da726d256aa822ee7cc2c7d69df3f2a5beb21132d91bea22e4c5db900cec" }, + { NID_sect571r1, NID_sha512, + "a2f71619ea04f7057e6943c2cece8594b341ec3b96c3915d924f94ba13fd7aaeed41ffa0" + "e842ade414784f1ef825fcf2dbcf7bd8263b802def45f94de596aec0c121fc06558c7bb0" + "6b9f27a9bf56c42090b5dc344e82b69c4f528d33be166764a593483f6fda0cf56e6000ff" + "363ba220f5ea0ea2c3191615c7ae3bb4fa575324", + "2ce1cae0716205330d730e6bc6dbfb6b951dc83ee3b4a7dae75d057e32e8a46e22be75b5" + "f09135452b29c34dfe81a9be2e8dcd243fbd946a0ed14a832a7802e20cfe1abfd3d6e4b", + "04075971399fa621ce535144ec1d57f544d798a0a59207166c3d657e5a80ac00e8f5b643" + "448e3546064d68ae624aaabf36face3016561a248256ff9131950ab8b04710551e12222d" + "0c0224a50f321647f47de3db4fbe1bf1e3a3dce8a834312779f66037315e3326721e3fd6" + "3d4d6ef92b7ba1fa9aeb70f92e2a6701458ac8da49ac386491f2306adcd8dd781fe75e99" + "e1", + "0ad95aa69cf9f40e13f8a72ed6d93388168abc8001670ee4d95fb4b726b1f958205ab2f4" + "58df8bb9ccf2405680d0e6951abbb922cc11d47cfded93c0efdb70caf0c54e7ae96d7e5", + "09ce019161bf29eeaf323933045f59d2efc372904ba50c4a6602b8305234a851d95f06a5" + "b56193ad5d28488102ec25e3f421a5f5c4626b435b423d612e6ab60e0a4fe5d4952e2c5", + "04f7b7ac787b361c2bdfa767da9c22152e402184a7ac133f651fdcd928239215dc917401" + "122a6d41e78299b4235e085399e594465b7f8dbfaae9bf302d83470b4295ea06bb9bd1e" }, + { NID_sect571r1, NID_sha512, + "b60415a831eca2cf60c79a334ef2f327a76d290846ee588d5d33d0a826bb0c7ec3e11dbb" + "384a7f89c8d180425dfae7463e0ea6497d2eec1dde112f1c1efccb532a2e2b66a28e2d36" + "d4252a4c3b12850d465fe21bddc441b92e6a7b0f67744f7f6e7812a0603211a26518b311" + "a5b190ed890ad852bed4f6ed13377cab3eebedf4", + "2c9d0fcfcee7e75c3245ba955ae04188b1033c55ec9c821d8de7685276bda3e9a93c3ae1" + "b003e5ea722913e7b169d67b1aa2dc8cd42adbd9368672a3f81a6817bf3e5529dcb0c8b", + "04019cba4c8ddadb596d7303331f2a22461849ebfbc78ea69277f72dcfe23d08397025ff" + "6691c61ed9958d68a9c5dd8a32048a89a2553afb9077ec43358763756b1473ab2cd8f25b" + "530319eeaa78444b7cc5d8cff4e9199ddd2c6dc7bd935a1be1d8b1c657dd5ac49bc92b0c" + "d91304ef44ddb7ecac05518301bfa0e533402043533f99549621e31dcc282a52186478df" + "2b", + "385e12170ed0b23c9c65ff7edd413145fd343dd841e85c498fae5f36e577641688999028" + "17d4dc39127010faa1da68000a511ac69f80708be5afe1631432f3bab7aaec2bdeb11b4", + "231ef400c6a3a0c7b26ba1b92341b72e138ca62d04ea2172854631c40c48081a18a57e9f" + "055748245d3e83d10d21af39935b0e50c9c86956ac46c1ea03ac4ae023d84b24f830973", + "24d37d67afafb0676cd7b5da2960cabfc804b0b3244b5e6739f8fe43d0841693d28c61b8" + "e76181f8aa24940d76fc5ea8ef3a95f72f67303e1ed85ad6e83cd2c44fd0e0f3f2f44f4" }, + { NID_sect571r1, NID_sha512, + "5d15a08226cc74cf495be681b795d0bde26b19f29aca1a8c6ef77d50271ebdcb4e5fa2df" + "23961fe11620b1c6580183f6ebdceb2c09516c8127be576496fb71449bbbf0a9d3d1c48a" + "25024619b97c3e0d8b165897db96ae9758d13ac28441d7cbfb75b23cb423e0002046358b" + "b6d64779974a5995dfe54b398f95f7d64fc52d96", + "10c057bbaa44ef0f565edc288bfe66d4f6acd8686899359bca418ba89fb690429489a37b" + "d3c6c9f3a8714b2ca225868c6a45fee360e378a676f7ea39321790f32a4b005b81dce43", + "04043b1e7d7b2aee3563813a6692f0b4b61ba82b801697c3e23724a2fbab2af80a2c56be" + "55af41def0a90cbfce7a45ec61629906055a8b2a5013740e96859e580c444ae9f0ddf73a" + "fe06742f13244f1bf156d321eab2c3095ca548c3182c405187c3de2fbcb01d0e16e1fef2" + "46012c87d4d32378629a75b694572ec8583ae0cc813ac64f10bb05a9e52e4805590482f2" + "89", + "2b8076102a6448bd4c4e192e93cdb96ea9a6c7f6753818267ee9e67644df1a4a6c9ff64b" + "be9f64904648cc640fb7f0cce69f9e02878ee950b91ad559a9ec0ae15b676d933f1620f", + "1ad97f4997037adfe306f3859d550f9fd89bce8b566e657d5742feb17466b6b8d507d581" + "0a8cbba44d671b043ddb557df084bf5d1de74ef8bbd6a93690459fc16a17b80dd6c0f28", + "3262ef6e4175e7afe095d18157f67b3d12564d54954e9964e991c31bcfe1dee7e86b3549" + "1ce818400cc0f83b819f478f2f2c2d21c6c7a6be43938841559e09bce70b0d61fe51245" }, + { NID_sect571r1, NID_sha512, + "9eca4bd88200baf61b901fca53dc1f1e7e3f83b94d58a6cc6a2adbc9b1a35fe3f8ec6178" + "7c76ed9a0d696167cd4fe46e1a0883fda564666131753c576a720125e0b712db1da02780" + "67cb899bdb14eec08737e864544663abb1d62f34a2114be07e8e3cf56e2d17099299ce6b" + "6d83b1a34e6153d7c6a32a72c7b1bf4583fcbcf7", + "2c182df7976ea93d996f3ba5d2221f3cb755cc7847bc3fe9e022fa4285046f5bfb426baf" + "a3580beea206de36f87593ae561b4b74a03fcd61fbd0e8d6fd5668f2148819a88a650aa", + "0406004b26a184ed710a5fb67e9d042f7fb9c8f5584b1f70a91b0b3be41c3fd2cd1a537e" + "962fdac8756df33f80fce2bb1bc7241d325bfc36dbaef7cf625918d589b6352fa7447189" + "10036a29b04a494abfe809d956c3cd6f84ea51a7fa28cb39a52f16137a13f72f0726a84f" + "6ae53ae24f5b468733f4cbfa0ce5bbbc1cc7b348fb996d33a45ff656a6a7557619f598a6" + "b7", + "2ab349232bcb4f4816b26bd0049e130fffc90ca0b9308edd50fb9055358a87fe798d0014" + "0b0ae01ed8b1f6bb9bfb726b253c3d4949ce9eecaa6c7fa84d1ef812669fa929f26be0f", + "0bbf2f9765b12742224ba7d064358c0305fb63e9b54a831e302a4546aa02cace798d82a1" + "88d2f536d78544c1571f481289d6ec69d117648026490e781f1eb9fca59bee05234ba7e", + "27e07ee0a1a99c90753cdc8c0291da25a82c116e62ec58b93f91086ac1cc039b35ce7d8b" + "53cdaa92a5ade65a7684b6e7ab79873dce33dcd467c39d0c764ee390b7fb25ca18912c3" }, + { NID_sect571r1, NID_sha512, + "707450bd84141f3b61beb12ffa5ae89d812dd11badcdf6a88a2d50fc70e23f6d822ff447" + "7047abc58cdfa28f97ad7f4911ae0773c04ebed1f51bb2308cf6e5712c4aaed461edd698" + "7fdd1796aab70198276b601241f6a14225dce575830ff60f935fd9f567d1d210652e4710" + "922fa793da78c8fdc30c273cb08365c9fc887f50", + "2d3a65bbe133cc98cf0eb56ee1362195968b4eab960a1d55d8b762f1361fc21348d6f275" + "d4bea1de7158fb97c995e20b92a9c887a3e332d154667ad167acc632eb88a0ead6113a2", + "04034355b54d00c3df7c2762ee2982cb777491aaf78e550c4d2ff5d5a893416eb3517671" + "dbe522b8c553fd71edfe0306cd7628324f4f748091fc5d84ad8af33b896985674649a6f4" + "e507e322a04eb600a3faf3e045959f1e9f798e1c965ced40fd4c0383c0d4e79a96bf693a" + "91d7662780990d0c9dfca77a9bc0e13551d2ab35af8a153fa34ea903961fe66996ca053b" + "64", + "0a59ac1240bcefc52456486ce23b780cc92c8b89314b8442a6898c373bd0adc3725e3eba" + "c580546d1ec82ebfb2e04c608441d962d759ab5f5af1596c6623487e1347537a3c35bf4", + "0c47ef55d93ac36cee537160bbe39c3d4504184188533edfe589a5ab6e5a3e06ef413aa4" + "8710d304f0b2bc380fd69a34aa0b8e2e9466fd8a131cb056dffe4b809a59fd83e594483", + "2d8de1e8e2a52dd1be08435cda69e673b328573edeb1767849536e6f2d5fc8f18f7bfde9" + "36d8c32ecbfa97bf976133d65641320ca1c41e81c388fd6088884bbd89274b1976470fc" }, + { NID_sect571r1, NID_sha512, + "d5ce9d59391cdc47ef942dd2a818d024ae3917deea8a5a4214e4db6a0c5e6b0936f3e632" + "fdb68a3f0006e05c44b7232013e1da5f877cd197f44fd6f60c1fd2378995e9a47534948c" + "5a09e33750f07a7165072ab38095373b07a50bc1391eb6b650ee13acd63d0352e7d9c316" + "95ea1ec6323f9b5f57b426ace56aa7fdbf419be0", + "2a920e8dc928acdd56e3655b2340d4371c793e66f67405fb7a90f31e9c4ef466cc44331d" + "1d2fe3ff7391d2576dc6640772166ef8c154a5ff1808f5dab2f03061070ec8b3f786c36", + "0405edc0fb974314e21ad40d73524d5620b7279084e3ecb9e58b06340ae53d2383efd206" + "b8b1eb3dd60c38f593efc05e2ba5fb8989472bac7db60fcada2d18d4108ab36e8c20cc71" + "0d00444cf65175f6bbaf647739cfd8407e7036fc6cc6208ccb9d776eb13e13b377136c68" + "3e108775d85b6bc5638926432a17344de965d45e042a0a8e0b63c7fc3a36fc15cf718f3b" + "af", + "35a0215892d0c52ece29559ebfa061011da8d597af6b3d1ee988ea4819be194c79a42681" + "476140738b1b5dc191485bd20c96c282ab38ddbc3987343155366b6a5d1ce7053efcd83", + "1a69a9a51f6b0dc196b2a8db2e8bf61764d4c65b038f43b5ed6b5dc2673971c32928606f" + "92b7caafb4dab3cd61ee724bba71a0d5c788cde4b96ef6b453f2a69126dafc20dbc7c82", + "13b5463636b8462cd9f479de8d114e29e7011489bcb9735ffe9ca0707a07df3c0aba0504" + "3eab387bfedd9fe982fbf04968f2be200e9e052cb4b02223b8579913d713acf94e7dc80" }, /* binary KATs from X9.62 */ - {NID_X9_62_c2tnb191v1, NID_sha1, - "616263", /* "abc" */ - "340562e1dda332f9d2aec168249b5696ee39d0ed4d03760f", - "045de37e756bd55d72e3768cb396ffeb962614dea4ce28a2e755c0e0e02f5fb132caf416" - "ef85b229bbb8e1352003125ba1", - "3eeace72b4919d991738d521879f787cb590aff8189d2b69", - "038e5a11fb55e4c65471dcd4998452b1e02d8af7099bb930", - "0c9a08c34468c244b4e5d6b21b3c68362807416020328b6e"}, - {NID_X9_62_c2tnb239v1, NID_sha1, - "616263", /* "abc" */ - "151a30a6d843db3b25063c5108255cc4448ec0f4d426d4ec884502229c96", - "045894609ccecf9a92533f630de713a958e96c97ccb8f5abb5a688a238deed6dc2d9d0c9" - "4ebfb7d526ba6a61764175b99cb6011e2047f9f067293f57f5", - "18d114bdf47e2913463e50375dc92784a14934a124f83d28caf97c5d8aab", - "03210d71ef6c10157c0d1053dff93e8b085f1e9bc22401f7a24798a63c00", - "1c8c4343a8ecbf7c4d4e48f7d76d5658bc027c77086ec8b10097deb307d6"} -# endif /* OPENSSL_NO_EC2M */ + { NID_X9_62_c2tnb191v1, NID_sha1, + "616263", /* "abc" */ + "340562e1dda332f9d2aec168249b5696ee39d0ed4d03760f", + "045de37e756bd55d72e3768cb396ffeb962614dea4ce28a2e755c0e0e02f5fb132caf416" + "ef85b229bbb8e1352003125ba1", + "3eeace72b4919d991738d521879f787cb590aff8189d2b69", + "038e5a11fb55e4c65471dcd4998452b1e02d8af7099bb930", + "0c9a08c34468c244b4e5d6b21b3c68362807416020328b6e" }, + { NID_X9_62_c2tnb239v1, NID_sha1, + "616263", /* "abc" */ + "151a30a6d843db3b25063c5108255cc4448ec0f4d426d4ec884502229c96", + "045894609ccecf9a92533f630de713a958e96c97ccb8f5abb5a688a238deed6dc2d9d0c9" + "4ebfb7d526ba6a61764175b99cb6011e2047f9f067293f57f5", + "18d114bdf47e2913463e50375dc92784a14934a124f83d28caf97c5d8aab", + "03210d71ef6c10157c0d1053dff93e8b085f1e9bc22401f7a24798a63c00", + "1c8c4343a8ecbf7c4d4e48f7d76d5658bc027c77086ec8b10097deb307d6" } +#endif /* OPENSSL_NO_EC2M */ }; -#endif /* OSSL_TEST_ECDSATEST_H */ +#endif /* OSSL_TEST_ECDSATEST_H */ --- crypto/openssl/test/ecstresstest.c.orig +++ crypto/openssl/test/ecstresstest.c @@ -22,16 +22,15 @@ static int print_mode = 0; #ifndef OPENSSL_NO_EC -# include -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include +#include +#include -static const char *kP256DefaultResult = - "A1E24B223B8E81BC1FFF99BAFB909EDB895FACDE7D6DA5EF5E7B3255FB378E0F"; +static const char *kP256DefaultResult = "A1E24B223B8E81BC1FFF99BAFB909EDB895FACDE7D6DA5EF5E7B3255FB378E0F"; /* * Perform a deterministic walk on the curve, by starting from |point| and @@ -40,21 +39,21 @@ * Returns the X-coordinate of the end result or NULL on error. */ static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, - ossl_intmax_t num) + ossl_intmax_t num) { BIGNUM *scalar = NULL; ossl_intmax_t i; if (!TEST_ptr(scalar = BN_new()) - || !TEST_true(EC_POINT_get_affine_coordinates(group, point, scalar, - NULL, NULL))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, point, scalar, + NULL, NULL))) goto err; for (i = 0; i < num; i++) { if (!TEST_true(EC_POINT_mul(group, point, NULL, point, scalar, NULL)) - || !TEST_true(EC_POINT_get_affine_coordinates(group, point, - scalar, - NULL, NULL))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, point, + scalar, + NULL, NULL))) goto err; } return scalar; @@ -76,9 +75,9 @@ * would be straightforward. */ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) - || !TEST_ptr(point = EC_POINT_dup(EC_GROUP_get0_generator(group), - group)) - || !TEST_ptr(result = walk_curve(group, point, num_repeats))) + || !TEST_ptr(point = EC_POINT_dup(EC_GROUP_get0_generator(group), + group)) + || !TEST_ptr(result = walk_curve(group, point, num_repeats))) goto err; if (print_mode) { @@ -87,8 +86,8 @@ ret = 1; } else { if (!TEST_true(BN_hex2bn(&expected_result, kP256DefaultResult)) - || !TEST_ptr(expected_result) - || !TEST_BN_eq(result, expected_result)) + || !TEST_ptr(expected_result) + || !TEST_BN_eq(result, expected_result)) goto err; ret = 1; } @@ -137,12 +136,12 @@ switch (o) { case OPT_NUM_REPEATS: if (!opt_intmax(opt_arg(), &num_repeats) - || num_repeats < 0) + || num_repeats < 0) return 0; print_mode = 1; break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; --- crypto/openssl/test/ectest.c.orig +++ crypto/openssl/test/ectest.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -20,7 +20,7 @@ #include #ifndef OPENSSL_NO_ENGINE -# include +#include #endif #include #include @@ -115,7 +115,7 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 /* Exercise EC_POINTs_mul, including corner cases. */ scalars[0] = scalars[1] = BN_value_one(); - points[0] = points[1] = P; + points[0] = points[1] = P; if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx)) @@ -123,17 +123,17 @@ goto err; scalars[0] = n1; - points[0] = Q; /* => infinity */ + points[0] = Q; /* => infinity */ scalars[1] = n2; - points[1] = P; /* => -P */ + points[1] = P; /* => -P */ scalars[2] = n1; - points[2] = Q; /* => infinity */ + points[2] = Q; /* => infinity */ scalars[3] = n2; - points[3] = Q; /* => infinity */ + points[3] = Q; /* => infinity */ scalars[4] = n1; - points[4] = P; /* => P */ + points[4] = P; /* => P */ scalars[5] = n2; - points[5] = Q; /* => infinity */ + points[5] = Q; /* => infinity */ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; @@ -143,8 +143,7 @@ r = 1; err: if (r == 0 && i != 0) - TEST_info(i == 1 ? "allowing precomputation" : - "without precomputation"); + TEST_info(i == 1 ? "allowing precomputation" : "without precomputation"); EC_POINT_free(P); EC_POINT_free(Q); EC_POINT_free(R); @@ -224,7 +223,7 @@ TEST_note(" point at infinity"); } else { if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, - ctx))) + ctx))) goto err; test_output_bignum("x", x); @@ -241,64 +240,63 @@ || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; - len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, - sizeof(buf), ctx); + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, + sizeof(buf), ctx); if (!TEST_size_t_ne(len, 0) || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) goto err; test_output_memory("Generator as octet string, compressed form:", - buf, len); + buf, len); len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, - buf, sizeof(buf), ctx); + buf, sizeof(buf), ctx); if (!TEST_size_t_ne(len, 0) || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) goto err; test_output_memory("Generator as octet string, uncompressed form:", - buf, len); + buf, len); len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, - buf, sizeof(buf), ctx); + buf, sizeof(buf), ctx); if (!TEST_size_t_ne(len, 0) || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) goto err; test_output_memory("Generator as octet string, hybrid form:", - buf, len); + buf, len); if (!TEST_true(EC_POINT_invert(group, P, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) - /* - * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, - * 2000) -- not a NIST curve, but commonly used - */ + /* + * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, + * 2000) -- not a NIST curve, but commonly used + */ - || !TEST_true(BN_hex2bn(&p, "FFFFFFFF" + || !TEST_true(BN_hex2bn(&p, "FFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "FFFFFFFF" + || !TEST_true(BN_hex2bn(&a, "FFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) - || !TEST_true(BN_hex2bn(&b, "1C97BEFC" + || !TEST_true(BN_hex2bn(&b, "1C97BEFC" "54BD7A8B65ACF89F81D4D4ADC565FA45")) || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - || !TEST_true(BN_hex2bn(&x, "4A96B568" + || !TEST_true(BN_hex2bn(&x, "4A96B568" "8EF573284664698968C38BB913CBFC82")) - || !TEST_true(BN_hex2bn(&y, "23a62855" + || !TEST_true(BN_hex2bn(&y, "23a62855" "3168947d59dcc912042351377ac5fb32")) || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) + ctx)) || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(BN_hex2bn(&z, "0100000000" + || !TEST_true(BN_hex2bn(&z, "0100000000" "000000000001F4C8F927AED3CA752257")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) @@ -307,27 +305,27 @@ test_output_bignum("x", x); test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!TEST_true(BN_hex2bn(&z, "23a62855" + if (!TEST_true(BN_hex2bn(&z, "23a62855" "3168947d59dcc912042351377ac5fb32")) || !TEST_BN_eq(y, z) || !TEST_int_eq(EC_GROUP_get_degree(group), 160) || !group_order_tests(group) - /* Curve P-192 (FIPS PUB 186-2, App. 6) */ + /* Curve P-192 (FIPS PUB 186-2, App. 6) */ - || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF" + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF" + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) - || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" + || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" "0FA7E9AB72243049FEB8DEECC146B9B1")) || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" + || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" "7CBF20EB43A18800F4FF0AFD82FF1012")) || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" "FFFFFFFF99DEF836146BC9B1B4D22831")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) @@ -337,34 +335,34 @@ test_output_bignum("x", x); test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78" + if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78" "631011ED6B24CDD573F977A11E794811")) || !TEST_BN_eq(y, z) || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 192) || !group_order_tests(group) - /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ - || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFF000000000000000000000001")) || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) - || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" + || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" "5044B0B7D7BFD8BA270B39432355FFB4")) || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" + || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" "4A03C1D356C21122343280D6115C1D21")) || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" "FFFF16A2E0B8F03E13DD29455C5C2A3D")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) @@ -374,20 +372,20 @@ test_output_bignum("x", x); test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6" + if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6" "CD4375A05A07476444D5819985007E34")) || !TEST_BN_eq(y, z) || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 224) || !group_order_tests(group) - /* Curve P-256 (FIPS PUB 186-2, App. 6) */ + /* Curve P-256 (FIPS PUB 186-2, App. 6) */ || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000" "00000000FFFFFFFFFFFFFFFFFFFFFFFF")) @@ -416,16 +414,16 @@ "2BCE33576B315ECECBB6406837BF51F5")) || !TEST_BN_eq(y, z) || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 256) || !group_order_tests(group) - /* Curve P-384 (FIPS PUB 186-2, App. 6) */ + /* Curve P-384 (FIPS PUB 186-2, App. 6) */ || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" @@ -460,41 +458,41 @@ "0A60B1CE1D7E819D7A431D7C90EA0E5F")) || !TEST_BN_eq(y, z) || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 384) || !group_order_tests(group) - /* Curve P-521 (FIPS PUB 186-2, App. 6) */ - || !TEST_true(BN_hex2bn(&p, "1FF" + /* Curve P-521 (FIPS PUB 186-2, App. 6) */ + || !TEST_true(BN_hex2bn(&p, "1FF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "1FF" + || !TEST_true(BN_hex2bn(&a, "1FF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC")) - || !TEST_true(BN_hex2bn(&b, "051" + || !TEST_true(BN_hex2bn(&b, "051" "953EB9618E1C9A1F929A21A0B68540EE" "A2DA725B99B315F3B8B489918EF109E1" "56193951EC7E937B1652C0BD3BB1BF07" "3573DF883D2C34F1EF451FD46B503F00")) || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - || !TEST_true(BN_hex2bn(&x, "C6" + || !TEST_true(BN_hex2bn(&x, "C6" "858E06B70404E9CD9E3ECB662395B442" "9C648139053FB521F828AF606B4D3DBA" "A14B5E77EFE75928FE1DC127A2FFA8DE" "3348B3C1856A429BF97E7E31C2E5BD66")) || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(BN_hex2bn(&z, "1FF" + || !TEST_true(BN_hex2bn(&z, "1FF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA" "51868783BF2F966B7FCC0148F709A5D0" @@ -507,34 +505,34 @@ test_output_bignum("x", x); test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!TEST_true(BN_hex2bn(&z, "118" + if (!TEST_true(BN_hex2bn(&z, "118" "39296A789A3BC0045C8A5FB42C7D1BD9" "98F54449579B446817AFBD17273E662C" "97EE72995EF42640C550B9013FAD0761" "353C7086A272C24088BE94769FD16650")) || !TEST_BN_eq(y, z) || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, - ctx)) + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 521) || !group_order_tests(group) - /* more tests using the last curve */ + /* more tests using the last curve */ - /* Restore the point that got mangled in the (x, y + 1) test. */ + /* Restore the point that got mangled in the (x, y + 1) test. */ || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) || !TEST_true(EC_POINT_copy(Q, P)) || !TEST_false(EC_POINT_is_at_infinity(group, Q)) || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ + || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ + || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ || !TEST_false(EC_POINT_is_at_infinity(group, Q))) goto err; @@ -551,7 +549,7 @@ || !TEST_true(BN_rshift1(y, y))) goto err; - scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ scalars[1] = y; /* z is still the group order */ @@ -564,7 +562,7 @@ goto err; BN_set_negative(z, 1); scalars[0] = y; - scalars[1] = z; /* z = -(order + y) */ + scalars[1] = z; /* z = -(order + y) */ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P)) @@ -574,7 +572,7 @@ BN_set_negative(z, 1); scalars[0] = x; scalars[1] = y; - scalars[2] = z; /* z = -(x+y) */ + scalars[2] = z; /* z = -(x+y) */ if (!TEST_ptr(scalar3 = BN_new())) goto err; @@ -626,8 +624,7 @@ "1", "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", "0289070FB05D38FF58321F2E800536D538CCDAA3D9", - 1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163 - }, + 1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163 }, /* Curve B-163 (FIPS PUB 186-2, App. 6) */ { "NIST curve B-163", @@ -636,8 +633,7 @@ "020A601907B8C953CA1481EB10512F78744A3205FD", "03F0EBA16286A2D57EA0991168D4994637E8343E36", "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - 1, "040000000000000000000292FE77E70C12A4234C33", "2", 163 - }, + 1, "040000000000000000000292FE77E70C12A4234C33", "2", 163 }, /* Curve K-233 (FIPS PUB 186-2, App. 6) */ { "NIST curve K-233", @@ -648,8 +644,7 @@ "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", 0, "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", - "4", 233 - }, + "4", 233 }, /* Curve B-233 (FIPS PUB 186-2, App. 6) */ { "NIST curve B-233", @@ -660,120 +655,113 @@ "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", 1, "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", - "2", 233 - }, + "2", 233 }, /* Curve K-283 (FIPS PUB 186-2, App. 6) */ { "NIST curve K-283", - "08000000" + "08000000" "00000000000000000000000000000000000000000000000000000000000010A1", "0", "1", - "0503213F" + "0503213F" "78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", - "01CCDA38" + "01CCDA38" "0F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", 0, - "01FFFFFF" + "01FFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", - "4", 283 - }, + "4", 283 }, /* Curve B-283 (FIPS PUB 186-2, App. 6) */ { "NIST curve B-283", - "08000000" + "08000000" "00000000000000000000000000000000000000000000000000000000000010A1", - "00000000" + "00000000" "0000000000000000000000000000000000000000000000000000000000000001", - "027B680A" + "027B680A" "C8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", - "05F93925" + "05F93925" "8DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", - "03676854" + "03676854" "FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", 1, - "03FFFFFF" + "03FFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", - "2", 283 - }, + "2", 283 }, /* Curve K-409 (FIPS PUB 186-2, App. 6) */ { "NIST curve K-409", - "0200000000000000000000000000000000000000" + "0200000000000000000000000000000000000000" "0000000000000000000000000000000000000000008000000000000000000001", "0", "1", - "0060F05F658F49C1AD3AB1890F7184210EFD0987" + "0060F05F658F49C1AD3AB1890F7184210EFD0987" "E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", - "01E369050B7C4E42ACBA1DACBF04299C3460782F" + "01E369050B7C4E42ACBA1DACBF04299C3460782F" "918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", 1, - "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", - "4", 409 - }, + "4", 409 }, /* Curve B-409 (FIPS PUB 186-2, App. 6) */ { "NIST curve B-409", - "0200000000000000000000000000000000000000" + "0200000000000000000000000000000000000000" "0000000000000000000000000000000000000000008000000000000000000001", - "0000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000" "0000000000000000000000000000000000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422E" + "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422E" "F1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", - "015D4860D088DDB3496B0C6064756260441CDE4A" + "015D4860D088DDB3496B0C6064756260441CDE4A" "F1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", - "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5" + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5" "A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", 1, - "0100000000000000000000000000000000000000" + "0100000000000000000000000000000000000000" "00000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", - "2", 409 - }, + "2", 409 }, /* Curve K-571 (FIPS PUB 186-2, App. 6) */ { "NIST curve K-571", - "800000000000000" + "800000000000000" "0000000000000000000000000000000000000000000000000000000000000000" "0000000000000000000000000000000000000000000000000000000000000425", "0", "1", - "026EB7A859923FBC" + "026EB7A859923FBC" "82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E6" "47DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", - "0349DC807F4FBF37" + "0349DC807F4FBF37" "4F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA7" "4FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", 0, - "0200000000000000" + "0200000000000000" "00000000000000000000000000000000000000000000000000000000131850E1" "F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", - "4", 571 - }, + "4", 571 }, /* Curve B-571 (FIPS PUB 186-2, App. 6) */ { "NIST curve B-571", - "800000000000000" + "800000000000000" "0000000000000000000000000000000000000000000000000000000000000000" "0000000000000000000000000000000000000000000000000000000000000425", - "0000000000000000" + "0000000000000000" "0000000000000000000000000000000000000000000000000000000000000000" "0000000000000000000000000000000000000000000000000000000000000001", - "02F40E7E2221F295" + "02F40E7E2221F295" "DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA5933" "2BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", - "0303001D34B85629" + "0303001D34B85629" "6C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293" "CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", - "037BF27342DA639B" + "037BF27342DA639B" "6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A57" "6291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", 1, - "03FFFFFFFFFFFFFF" + "03FFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18" "FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", - "2", 571 - } + "2", 571 } }; static int char2_curve_test(int n) @@ -784,10 +772,10 @@ BIGNUM *x = NULL, *y = NULL, *z = NULL, *cof = NULL, *yplusone = NULL; EC_GROUP *group = NULL; EC_POINT *P = NULL, *Q = NULL, *R = NULL; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const EC_POINT *points[3]; const BIGNUM *scalars[3]; -# endif +#endif struct c2_curve_test *const test = char2_curve_tests + n; if (!TEST_ptr(ctx = BN_CTX_new()) @@ -811,15 +799,15 @@ goto err; /* Change test based on whether binary point compression is enabled or not. */ -# ifdef OPENSSL_EC_BIN_PT_COMP +#ifdef OPENSSL_EC_BIN_PT_COMP /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ if (!TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, ctx)) || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, - test->y_bit, - ctx)) + test->y_bit, + ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, test->order)) || !TEST_true(BN_hex2bn(&cof, test->cof)) @@ -833,7 +821,7 @@ if (!TEST_true(BN_hex2bn(&z, test->y)) || !TEST_BN_eq(y, z)) goto err; -# else +#else /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. @@ -848,7 +836,7 @@ TEST_info("%s -- Generator:", test->name); test_output_bignum("x", x); test_output_bignum("y", y); -# endif +#endif if (!TEST_int_eq(EC_GROUP_get_degree(group), test->degree) || !group_order_tests(group)) @@ -861,14 +849,14 @@ || !TEST_false(EC_POINT_is_at_infinity(group, Q)) || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) - || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ + || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ + || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ || !TEST_false(EC_POINT_is_at_infinity(group, Q))) goto err; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 TEST_note("combined multiplication ..."); points[0] = Q; points[1] = Q; @@ -878,7 +866,7 @@ || !TEST_BN_even(y) || !TEST_true(BN_rshift1(y, y))) goto err; - scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ scalars[1] = y; /* z is still the group order */ @@ -893,7 +881,7 @@ goto err; BN_set_negative(z, 1); scalars[0] = y; - scalars[1] = z; /* z = -(order + y) */ + scalars[1] = z; /* z = -(order + y) */ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) @@ -905,12 +893,12 @@ BN_set_negative(z, 1); scalars[0] = x; scalars[1] = y; - scalars[2] = z; /* z = -(x+y) */ + scalars[2] = z; /* z = -(x+y) */ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; -# endif +#endif } r = 1; @@ -961,7 +949,7 @@ test_output_bignum("b", b); test_output_bignum("p", p); - if (!TEST_ptr(P = EC_POINT_new(group)) + if (!TEST_ptr(P = EC_POINT_new(group)) || !TEST_ptr(Q = EC_POINT_new(group)) || !TEST_ptr(R = EC_POINT_new(group)) || !TEST_true(EC_POINT_set_to_infinity(group, P)) @@ -979,20 +967,20 @@ || !TEST_ptr(yplusone = BN_new()) || !TEST_true(BN_hex2bn(&x, "6")) /* Change test based on whether binary point compression is enabled or not. */ -# ifdef OPENSSL_EC_BIN_PT_COMP +#ifdef OPENSSL_EC_BIN_PT_COMP || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx)) -# else +#else || !TEST_true(BN_hex2bn(&y, "8")) || !TEST_true(EC_POINT_set_affine_coordinates(group, Q, x, y, ctx)) -# endif - ) +#endif + ) goto err; if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) { /* Change test based on whether binary point compression is enabled or not. */ -# ifdef OPENSSL_EC_BIN_PT_COMP +#ifdef OPENSSL_EC_BIN_PT_COMP if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))) goto err; -# endif +#endif TEST_info("Point is not on curve"); test_output_bignum("x", x); test_output_bignum("y", y); @@ -1009,7 +997,7 @@ TEST_note(" point at infinity"); else { if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, - ctx))) + ctx))) goto err; test_output_bignum("x", x); @@ -1019,46 +1007,44 @@ if (!TEST_true(EC_POINT_copy(R, P)) || !TEST_true(EC_POINT_add(group, P, P, Q, ctx))) goto err; - } - while (!EC_POINT_is_at_infinity(group, P)); + } while (!EC_POINT_is_at_infinity(group, P)); if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; /* Change test based on whether binary point compression is enabled or not. */ -# ifdef OPENSSL_EC_BIN_PT_COMP +#ifdef OPENSSL_EC_BIN_PT_COMP len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, - buf, sizeof(buf), ctx); + buf, sizeof(buf), ctx); if (!TEST_size_t_ne(len, 0) || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) goto err; test_output_memory("Generator as octet string, compressed form:", - buf, len); -# endif + buf, len); +#endif len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, - buf, sizeof(buf), ctx); + buf, sizeof(buf), ctx); if (!TEST_size_t_ne(len, 0) || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) goto err; test_output_memory("Generator as octet string, uncompressed form:", - buf, len); + buf, len); /* Change test based on whether binary point compression is enabled or not. */ -# ifdef OPENSSL_EC_BIN_PT_COMP - len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), - ctx); +#ifdef OPENSSL_EC_BIN_PT_COMP + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), + ctx); if (!TEST_size_t_ne(len, 0) || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) goto err; test_output_memory("Generator as octet string, hybrid form:", - buf, len); -# endif + buf, len); +#endif if (!TEST_true(EC_POINT_invert(group, P, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))) @@ -1098,19 +1084,9 @@ || !TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_sect571k1)) || !TEST_ptr(point = EC_POINT_new(group)) || !TEST_true(EC_POINT_set_affine_coordinates(group, point, x, y, NULL)) - || !TEST_size_t_ne(0, (len = EC_POINT_point2oct(group, - point, - POINT_CONVERSION_HYBRID, - NULL, - 0, - NULL))) + || !TEST_size_t_ne(0, (len = EC_POINT_point2oct(group, point, POINT_CONVERSION_HYBRID, NULL, 0, NULL))) || !TEST_ptr(buf = OPENSSL_malloc(len)) - || !TEST_size_t_eq(len, EC_POINT_point2oct(group, - point, - POINT_CONVERSION_HYBRID, - buf, - len, - NULL))) + || !TEST_size_t_eq(len, EC_POINT_point2oct(group, point, POINT_CONVERSION_HYBRID, buf, len, NULL))) goto err; r = 1; @@ -1141,7 +1117,7 @@ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n", - OBJ_nid2sn(nid)); + OBJ_nid2sn(nid)); return 0; } if (!TEST_true(EC_GROUP_check(group, NULL))) { @@ -1176,26 +1152,25 @@ EC_GROUP *sect163r2_group = NULL; BN_hex2bn(&secp521r1_field, - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFF"); - + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF"); BN_hex2bn(§163r2_field, - "08000000000000000000000000000000" - "00000000C9"); + "08000000000000000000000000000000" + "00000000C9"); secp521r1_group = EC_GROUP_new_by_curve_name(NID_secp521r1); if (BN_cmp(secp521r1_field, EC_GROUP_get0_field(secp521r1_group))) - r = 0; + r = 0; - # ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M sect163r2_group = EC_GROUP_new_by_curve_name(NID_sect163r2); if (BN_cmp(sect163r2_field, EC_GROUP_get0_field(sect163r2_group))) - r = 0; - # endif + r = 0; +#endif EC_GROUP_free(secp521r1_group); EC_GROUP_free(sect163r2_group); @@ -1221,92 +1196,92 @@ static const struct nistp_test_params nistp_tests_params[] = { { - /* P-224 */ - NID_secp224r1, - 224, - /* p */ - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - /* a */ - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - /* b */ - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - /* Qx */ - "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", - /* Qy */ - "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", - /* Gx */ - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - /* Gy */ - "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", - /* order */ - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", - /* d */ - "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", - }, + /* P-224 */ + NID_secp224r1, + 224, + /* p */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + /* a */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + /* b */ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + /* Qx */ + "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", + /* Qy */ + "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", + /* Gx */ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + /* Gy */ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + /* order */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + /* d */ + "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", + }, { - /* P-256 */ - NID_X9_62_prime256v1, - 256, - /* p */ - "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", - /* a */ - "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", - /* b */ - "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", - /* Qx */ - "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", - /* Qy */ - "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", - /* Gx */ - "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", - /* Gy */ - "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", - /* order */ - "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", - /* d */ - "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", - }, + /* P-256 */ + NID_X9_62_prime256v1, + 256, + /* p */ + "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + /* a */ + "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", + /* b */ + "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", + /* Qx */ + "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", + /* Qy */ + "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", + /* Gx */ + "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + /* Gy */ + "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + /* order */ + "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + /* d */ + "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", + }, { - /* P-521 */ - NID_secp521r1, - 521, - /* p */ - "1ff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - /* a */ - "1ff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", - /* b */ - "051" - "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1" - "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", - /* Qx */ - "0098" - "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e" - "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", - /* Qy */ - "0164" - "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8" - "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", - /* Gx */ - "c6" - "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba" - "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", - /* Gy */ - "118" - "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c" - "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", - /* order */ - "1ff" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa" - "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", - /* d */ - "0100" - "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee" - "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", - }, + /* P-521 */ + NID_secp521r1, + 521, + /* p */ + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + /* a */ + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", + /* b */ + "051" + "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1" + "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", + /* Qx */ + "0098" + "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e" + "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", + /* Qy */ + "0164" + "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8" + "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", + /* Gx */ + "c6" + "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba" + "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + /* Gy */ + "118" + "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c" + "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + /* order */ + "1ff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa" + "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", + /* d */ + "0100" + "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee" + "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", + }, }; static int nistp_single_test(int idx) @@ -1320,7 +1295,7 @@ int r = 0; TEST_note("NIST curve P-%d (optimised implementation):", - test->degree); + test->degree); if (!TEST_ptr(ctx = BN_CTX_new()) || !TEST_ptr(p = BN_new()) || !TEST_ptr(a = BN_new()) @@ -1345,14 +1320,14 @@ || !TEST_true(BN_hex2bn(&x, test->Qx)) || !TEST_true(BN_hex2bn(&y, test->Qy)) || !TEST_true(BN_add(yplusone, y, BN_value_one())) - /* - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, - * and therefore setting the coordinates should fail. - */ + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, - yplusone, ctx)) + yplusone, ctx)) || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y, - ctx)) + ctx)) || !TEST_true(BN_hex2bn(&x, test->Gx)) || !TEST_true(BN_hex2bn(&y, test->Gy)) || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx)) @@ -1393,7 +1368,7 @@ /* now repeat all tests with precomputation */ || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) #endif - ) + ) goto err; /* fixed point multiplication */ @@ -1404,7 +1379,7 @@ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - /* reset generator */ + /* reset generator */ || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))) goto err; /* fixed point multiplication */ @@ -1423,7 +1398,7 @@ || !TEST_true(EC_POINT_invert(NISTP, P, ctx)) || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx)) || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) - goto err; + goto err; r = 1; err: @@ -1446,48 +1421,471 @@ } static const unsigned char p521_named[] = { - 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, + 0x06, + 0x05, + 0x2b, + 0x81, + 0x04, + 0x00, + 0x23, }; static const unsigned char p521_explicit[] = { - 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a, - 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, - 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72, - 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09, - 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, - 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, - 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00, - 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17, - 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04, - 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, - 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, - 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, - 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, - 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, - 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, - 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, - 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, - 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, - 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, - 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, - 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, - 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, - 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, - 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, + 0x30, + 0x82, + 0x01, + 0xc3, + 0x02, + 0x01, + 0x01, + 0x30, + 0x4d, + 0x06, + 0x07, + 0x2a, + 0x86, + 0x48, + 0xce, + 0x3d, + 0x01, + 0x01, + 0x02, + 0x42, + 0x01, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0x30, + 0x81, + 0x9f, + 0x04, + 0x42, + 0x01, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xfc, + 0x04, + 0x42, + 0x00, + 0x51, + 0x95, + 0x3e, + 0xb9, + 0x61, + 0x8e, + 0x1c, + 0x9a, + 0x1f, + 0x92, + 0x9a, + 0x21, + 0xa0, + 0xb6, + 0x85, + 0x40, + 0xee, + 0xa2, + 0xda, + 0x72, + 0x5b, + 0x99, + 0xb3, + 0x15, + 0xf3, + 0xb8, + 0xb4, + 0x89, + 0x91, + 0x8e, + 0xf1, + 0x09, + 0xe1, + 0x56, + 0x19, + 0x39, + 0x51, + 0xec, + 0x7e, + 0x93, + 0x7b, + 0x16, + 0x52, + 0xc0, + 0xbd, + 0x3b, + 0xb1, + 0xbf, + 0x07, + 0x35, + 0x73, + 0xdf, + 0x88, + 0x3d, + 0x2c, + 0x34, + 0xf1, + 0xef, + 0x45, + 0x1f, + 0xd4, + 0x6b, + 0x50, + 0x3f, + 0x00, + 0x03, + 0x15, + 0x00, + 0xd0, + 0x9e, + 0x88, + 0x00, + 0x29, + 0x1c, + 0xb8, + 0x53, + 0x96, + 0xcc, + 0x67, + 0x17, + 0x39, + 0x32, + 0x84, + 0xaa, + 0xa0, + 0xda, + 0x64, + 0xba, + 0x04, + 0x81, + 0x85, + 0x04, + 0x00, + 0xc6, + 0x85, + 0x8e, + 0x06, + 0xb7, + 0x04, + 0x04, + 0xe9, + 0xcd, + 0x9e, + 0x3e, + 0xcb, + 0x66, + 0x23, + 0x95, + 0xb4, + 0x42, + 0x9c, + 0x64, + 0x81, + 0x39, + 0x05, + 0x3f, + 0xb5, + 0x21, + 0xf8, + 0x28, + 0xaf, + 0x60, + 0x6b, + 0x4d, + 0x3d, + 0xba, + 0xa1, + 0x4b, + 0x5e, + 0x77, + 0xef, + 0xe7, + 0x59, + 0x28, + 0xfe, + 0x1d, + 0xc1, + 0x27, + 0xa2, + 0xff, + 0xa8, + 0xde, + 0x33, + 0x48, + 0xb3, + 0xc1, + 0x85, + 0x6a, + 0x42, + 0x9b, + 0xf9, + 0x7e, + 0x7e, + 0x31, + 0xc2, + 0xe5, + 0xbd, + 0x66, + 0x01, + 0x18, + 0x39, + 0x29, + 0x6a, + 0x78, + 0x9a, + 0x3b, + 0xc0, + 0x04, + 0x5c, + 0x8a, + 0x5f, + 0xb4, + 0x2c, + 0x7d, + 0x1b, + 0xd9, + 0x98, + 0xf5, + 0x44, + 0x49, + 0x57, + 0x9b, + 0x44, + 0x68, + 0x17, + 0xaf, + 0xbd, + 0x17, + 0x27, + 0x3e, + 0x66, + 0x2c, + 0x97, + 0xee, + 0x72, + 0x99, + 0x5e, + 0xf4, + 0x26, + 0x40, + 0xc5, + 0x50, + 0xb9, + 0x01, + 0x3f, + 0xad, + 0x07, + 0x61, + 0x35, + 0x3c, + 0x70, + 0x86, + 0xa2, + 0x72, + 0xc2, + 0x40, + 0x88, + 0xbe, + 0x94, + 0x76, + 0x9f, + 0xd1, + 0x66, + 0x50, + 0x02, + 0x42, + 0x01, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xff, + 0xfa, + 0x51, + 0x86, + 0x87, + 0x83, + 0xbf, + 0x2f, + 0x96, + 0x6b, + 0x7f, + 0xcc, + 0x01, + 0x48, + 0xf7, + 0x09, + 0xa5, + 0xd0, + 0x3b, + 0xb5, + 0xc9, + 0xb8, + 0x89, + 0x9c, + 0x47, + 0xae, + 0xbb, + 0x6f, + 0xb7, + 0x1e, + 0x91, + 0x38, + 0x64, + 0x09, + 0x02, + 0x01, + 0x01, }; /* @@ -1551,9 +1949,7 @@ * nist prime. So only select one of these as an alternate prime. */ if (!TEST_ptr(BN_copy(other_p, - BN_ucmp(BN_get0_nist_prime_192(), other_p) == 0 ? - BN_get0_nist_prime_256() : - BN_get0_nist_prime_192()))) + BN_ucmp(BN_get0_nist_prime_192(), other_p) == 0 ? BN_get0_nist_prime_256() : BN_get0_nist_prime_192()))) goto err; } @@ -1561,7 +1957,7 @@ if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid) /* Only NIST curves pass */ || !TEST_int_eq(EC_GROUP_check_named_curve(group, 1, NULL), - EC_curve_nid2nist(nid) != NULL ? nid : NID_undef)) + EC_curve_nid2nist(nid) != NULL ? nid : NID_undef)) goto err; /* Fail if the curve name doesn't match the parameters */ @@ -1577,7 +1973,7 @@ goto err; if (!TEST_int_eq(EC_GROUP_set_seed(group, invalid_seed, invalid_seed_len), - invalid_seed_len)) + invalid_seed_len)) goto err; if (has_seed) { @@ -1606,24 +2002,24 @@ /* check that changing any generator parameter fails */ if (!TEST_true(EC_GROUP_set_generator(gtest, other_gen, group_order, - group_cofactor)) + group_cofactor)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, other_order, - group_cofactor)) + group_cofactor)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) /* The order is not an optional field, so this should fail */ || !TEST_false(EC_GROUP_set_generator(gtest, group_gen, NULL, - group_cofactor)) + group_cofactor)) || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, - other_cofactor)) + other_cofactor)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) /* Check that if the cofactor is not set then it still passes */ || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, - NULL)) + NULL)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid) /* check that restoring the generator passes */ || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, - group_cofactor)) + group_cofactor)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) goto err; @@ -1694,7 +2090,7 @@ static int check_named_curve_lookup_test(int id) { int ret = 0, nid, rv = 0; - EC_GROUP *g = NULL , *ga = NULL; + EC_GROUP *g = NULL, *ga = NULL; ECPARAMETERS *p = NULL, *pa = NULL; BN_CTX *ctx = NULL; @@ -1723,19 +2119,19 @@ * EC_METHODs. */ if (!TEST_ptr(ga = EC_GROUP_new_by_curve_name(rv)) - || !TEST_ptr(pa = EC_GROUP_get_ecparameters(ga, NULL))) + || !TEST_ptr(pa = EC_GROUP_get_ecparameters(ga, NULL))) goto err; /* replace with group from explicit parameters, then compare */ EC_GROUP_free(ga); if (!TEST_ptr(ga = EC_GROUP_new_from_ecparameters(pa)) - || !TEST_int_eq(EC_GROUP_cmp(g, ga, ctx), 0)) + || !TEST_int_eq(EC_GROUP_cmp(g, ga, ctx), 0)) goto err; } ret = 1; - err: +err: EC_GROUP_free(g); EC_GROUP_free(ga); ECPARAMETERS_free(p); @@ -1752,59 +2148,58 @@ * This function returns TRUE (1) if the checked nids are identical, or if they * alias to the same curve. FALSE (0) otherwise. */ -static ossl_inline -int are_ec_nids_compatible(int n1d, int n2d) +static ossl_inline int are_ec_nids_compatible(int n1d, int n2d) { int ret = 0; switch (n1d) { #ifndef OPENSSL_NO_EC2M - case NID_sect113r1: - case NID_wap_wsg_idm_ecid_wtls4: - ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); - break; - case NID_sect163k1: - case NID_wap_wsg_idm_ecid_wtls3: - ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3); - break; - case NID_sect233k1: - case NID_wap_wsg_idm_ecid_wtls10: - ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10); - break; - case NID_sect233r1: - case NID_wap_wsg_idm_ecid_wtls11: - ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11); - break; - case NID_X9_62_c2pnb163v1: - case NID_wap_wsg_idm_ecid_wtls5: - ret = (n2d == NID_X9_62_c2pnb163v1 - || n2d == NID_wap_wsg_idm_ecid_wtls5); - break; + case NID_sect113r1: + case NID_wap_wsg_idm_ecid_wtls4: + ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); + break; + case NID_sect163k1: + case NID_wap_wsg_idm_ecid_wtls3: + ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3); + break; + case NID_sect233k1: + case NID_wap_wsg_idm_ecid_wtls10: + ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10); + break; + case NID_sect233r1: + case NID_wap_wsg_idm_ecid_wtls11: + ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11); + break; + case NID_X9_62_c2pnb163v1: + case NID_wap_wsg_idm_ecid_wtls5: + ret = (n2d == NID_X9_62_c2pnb163v1 + || n2d == NID_wap_wsg_idm_ecid_wtls5); + break; #endif /* OPENSSL_NO_EC2M */ - case NID_secp112r1: - case NID_wap_wsg_idm_ecid_wtls6: - ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); - break; - case NID_secp160r2: - case NID_wap_wsg_idm_ecid_wtls7: - ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); - break; + case NID_secp112r1: + case NID_wap_wsg_idm_ecid_wtls6: + ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); + break; + case NID_secp160r2: + case NID_wap_wsg_idm_ecid_wtls7: + ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); + break; #ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 - case NID_secp224r1: - case NID_wap_wsg_idm_ecid_wtls12: - ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); - break; + case NID_secp224r1: + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); + break; #else - /* - * For SEC P-224 we want to ensure that the SECP nid is returned, as - * that is associated with a specialized method. - */ - case NID_wap_wsg_idm_ecid_wtls12: - ret = (n2d == NID_secp224r1); - break; + /* + * For SEC P-224 we want to ensure that the SECP nid is returned, as + * that is associated with a specialized method. + */ + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1); + break; #endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ - default: - ret = (n1d == n2d); + default: + ret = (n1d == n2d); } return ret; } @@ -1832,9 +2227,9 @@ static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; static size_t invalid_seed_len = sizeof(invalid_seed); ECPARAMETERS *params = NULL, *other_params = NULL; - EC_GROUP *g_ary[8] = {NULL}; + EC_GROUP *g_ary[8] = { NULL }; EC_GROUP **g_next = &g_ary[0]; - ECPARAMETERS *p_ary[8] = {NULL}; + ECPARAMETERS *p_ary[8] = { NULL }; ECPARAMETERS **p_next = &p_ary[0]; /* Do some setup */ @@ -1861,7 +2256,7 @@ || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) || !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen, - other_gen_x, other_gen_y, bn_ctx)) + other_gen_x, other_gen_y, bn_ctx)) || !TEST_true(BN_copy(other_order, group_order)) || !TEST_true(BN_add_word(other_order, 1)) || !TEST_true(BN_copy(other_cofactor, group_cofactor)) @@ -1873,8 +2268,8 @@ if (!TEST_ptr(other_gen = EC_POINT_new(tmpg)) || !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen, - other_gen_x, other_gen_y, - bn_ctx))) + other_gen_x, other_gen_y, + bn_ctx))) goto err; /* @@ -1907,15 +2302,13 @@ * group. */ if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len), - invalid_seed_len) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - || !TEST_true(are_ec_nids_compatible(nid, tnid)) - || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE)) { + invalid_seed_len) + || !TEST_ptr(other_params = *p_next++ = EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); goto err; } @@ -1925,14 +2318,12 @@ * expect a "named" group. */ if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) - || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) - || !TEST_true(are_ec_nids_compatible(nid, tnid)) - || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE)) { + || !TEST_ptr(other_params = *p_next++ = EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); goto err; } @@ -1943,56 +2334,46 @@ */ if (/* Other gen, same group order & cofactor */ !TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order, - group_cofactor)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(other_params)) || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) /* Same gen & cofactor, different order */ || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order, - group_cofactor)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(other_params)) || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) /* The order is not an optional field, so this should fail */ || !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL, - group_cofactor)) + group_cofactor)) /* Check that a wrong cofactor is ignored, and we still match */ || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, - other_cofactor)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) + other_cofactor)) + || !TEST_ptr(other_params = *p_next++ = EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(other_params)) || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) || !TEST_true(are_ec_nids_compatible(nid, tnid)) || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE) + OPENSSL_EC_EXPLICIT_CURVE) /* Check that if the cofactor is not set then it still matches */ || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, - NULL)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) + NULL)) + || !TEST_ptr(other_params = *p_next++ = EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(other_params)) || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) || !TEST_true(are_ec_nids_compatible(nid, tnid)) || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE) + OPENSSL_EC_EXPLICIT_CURVE) /* check that restoring the generator passes */ || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, - group_cofactor)) - || !TEST_ptr(other_params = *p_next++ = - EC_GROUP_get_ecparameters(tmpg, NULL)) - || !TEST_ptr(tgroup = *g_next++ = - EC_GROUP_new_from_ecparameters(other_params)) + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(other_params)) || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) || !TEST_true(are_ec_nids_compatible(nid, tnid)) || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), - OPENSSL_EC_EXPLICIT_CURVE)) + OPENSSL_EC_EXPLICIT_CURVE)) goto err; ret = 1; @@ -2010,7 +2391,6 @@ return ret; } - static int parameter_test(void) { EC_GROUP *group = NULL, *group2 = NULL; @@ -2133,12 +2513,12 @@ if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail))) || !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group)) || !TEST_ptr(group = d2i_ECPKParameters(&group, &b2, - sizeof(params_cf_pass))) + sizeof(params_cf_pass))) || !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0) || !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group))) goto err; ret = 1; - err: +err: BN_free(cf); EC_GROUP_free(group); return ret; @@ -2183,14 +2563,12 @@ /* pull out the explicit curve parameters */ || !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx)) || !TEST_true(EC_POINT_get_affine_coordinates(g1, - EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx)) + EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx)) || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) - /* construct g2 manually with g1 parameters */ + /* construct g2 manually with g1 parameters */ #ifndef OPENSSL_NO_EC2M - || !TEST_ptr(g2 = (is_binary) ? - EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) : - EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) + || !TEST_ptr(g2 = (is_binary) ? EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) : EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) #else || !TEST_int_eq(0, is_binary) || !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) @@ -2224,7 +2602,7 @@ || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) goto err; ret = 1; - err: +err: EC_POINT_free(g2_gen); EC_GROUP_free(g1); EC_GROUP_free(g2); @@ -2243,15 +2621,16 @@ EC_KEY *key = NULL; if (!TEST_ptr(x = BN_new()) - || !TEST_ptr(y = BN_new()) - || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) - || !TEST_ptr(group = EC_KEY_get0_group(key)) - || !TEST_ptr(field = EC_GROUP_get0_field(group)) - || !TEST_int_gt(EC_KEY_generate_key(key), 0) - || !TEST_int_gt(EC_KEY_check_key(key), 0) - || !TEST_ptr(pub = EC_KEY_get0_public_key(key)) - || !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, - NULL), 0)) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) + || !TEST_ptr(group = EC_KEY_get0_group(key)) + || !TEST_ptr(field = EC_GROUP_get0_field(group)) + || !TEST_int_gt(EC_KEY_generate_key(key), 0) + || !TEST_int_gt(EC_KEY_check_key(key), 0) + || !TEST_ptr(pub = EC_KEY_get0_public_key(key)) + || !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, + NULL), + 0)) goto err; /* @@ -2266,7 +2645,7 @@ goto err; } else #endif - if (type == NID_X9_62_prime_field) { + if (type == NID_X9_62_prime_field) { /* test for prime curves */ if (!TEST_true(BN_add(x, x, field))) goto err; @@ -2294,10 +2673,9 @@ * * If P is NULL use point at infinity. */ -static ossl_inline -int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P, - point_conversion_form_t form, - BN_CTX *bnctx) +static ossl_inline int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P, + point_conversion_form_t form, + BN_CTX *bnctx) { int ret = 0; EC_POINT *Q = NULL, *Pinf = NULL; @@ -2306,14 +2684,14 @@ if (P == NULL) { /* If P is NULL use point at infinity. */ if (!TEST_ptr(Pinf = EC_POINT_new(group)) - || !TEST_true(EC_POINT_set_to_infinity(group, Pinf))) + || !TEST_true(EC_POINT_set_to_infinity(group, Pinf))) goto err; P = Pinf; } if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx)) - || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx))) + || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx))) goto err; /* @@ -2323,12 +2701,12 @@ * so we include it anyway! */ if (Pinf != NULL - && !TEST_true(EC_POINT_is_at_infinity(group, Q))) + && !TEST_true(EC_POINT_is_at_infinity(group, Q))) goto err; ret = 1; - err: +err: EC_POINT_free(Pinf); OPENSSL_free(hex); EC_POINT_free(Q); @@ -2345,39 +2723,39 @@ EC_GROUP *group = NULL; const EC_POINT *G = NULL; EC_POINT *P = NULL; - BN_CTX * bnctx = NULL; + BN_CTX *bnctx = NULL; /* Do some setup */ nid = curves[id].nid; if (!TEST_ptr(bnctx = BN_CTX_new()) - || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) - || !TEST_ptr(G = EC_GROUP_get0_generator(group)) - || !TEST_ptr(P = EC_POINT_dup(G, group))) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(G = EC_GROUP_get0_generator(group)) + || !TEST_ptr(P = EC_POINT_dup(G, group))) goto err; if (!TEST_true(ec_point_hex2point_test_helper(group, P, - POINT_CONVERSION_COMPRESSED, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, NULL, - POINT_CONVERSION_COMPRESSED, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, P, - POINT_CONVERSION_UNCOMPRESSED, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, NULL, - POINT_CONVERSION_UNCOMPRESSED, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, P, - POINT_CONVERSION_HYBRID, - bnctx)) - || !TEST_true(ec_point_hex2point_test_helper(group, NULL, - POINT_CONVERSION_HYBRID, - bnctx))) + POINT_CONVERSION_COMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_COMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, P, + POINT_CONVERSION_UNCOMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_UNCOMPRESSED, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, P, + POINT_CONVERSION_HYBRID, + bnctx)) + || !TEST_true(ec_point_hex2point_test_helper(group, NULL, + POINT_CONVERSION_HYBRID, + bnctx))) goto err; ret = 1; - err: +err: EC_POINT_free(P); EC_GROUP_free(group); BN_CTX_free(bnctx); @@ -2386,7 +2764,7 @@ } static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, - unsigned char *gen, int gen_size) + unsigned char *gen, int gen_size) { int ret = 0, i_out; EVP_PKEY_CTX *pctx = NULL; @@ -2432,7 +2810,7 @@ } if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, field_name, 0)) + OSSL_PKEY_PARAM_EC_FIELD_TYPE, field_name, 0)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, p)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))) @@ -2440,131 +2818,132 @@ if (EC_GROUP_get0_seed(group) != NULL) { if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_EC_SEED, EC_GROUP_get0_seed(group), - EC_GROUP_get_seed_len(group)))) + OSSL_PKEY_PARAM_EC_SEED, EC_GROUP_get0_seed(group), + EC_GROUP_get_seed_len(group)))) goto err; } if (EC_GROUP_get0_cofactor(group) != NULL) { if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, - EC_GROUP_get0_cofactor(group)))) + EC_GROUP_get0_cofactor(group)))) goto err; } if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_size)) + OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_size)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_ORDER, - EC_GROUP_get0_order(group)))) + EC_GROUP_get0_order(group)))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, - EVP_PKEY_KEY_PARAMETERS, params), 0)) + EVP_PKEY_KEY_PARAMETERS, params), + 0)) goto err; /*- Check that all the set values are retrievable -*/ /* There should be no match to a group name since the generator changed */ if (!TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_GROUP_NAME, name, sizeof(name), - &name_len))) + OSSL_PKEY_PARAM_GROUP_NAME, name, sizeof(name), + &name_len))) goto err; /* The encoding should be explicit as it has no group */ if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_ENCODING, - name, sizeof(name), &name_len)) + OSSL_PKEY_PARAM_EC_ENCODING, + name, sizeof(name), &name_len)) || !TEST_str_eq(name, OSSL_PKEY_EC_ENCODING_EXPLICIT)) goto err; if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, name, sizeof(name), - &name_len)) + OSSL_PKEY_PARAM_EC_FIELD_TYPE, name, sizeof(name), + &name_len)) || !TEST_str_eq(name, field_name)) goto err; if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_GENERATOR, buf, sizeof(buf), &buf_len)) + OSSL_PKEY_PARAM_EC_GENERATOR, buf, sizeof(buf), &buf_len)) || !TEST_mem_eq(buf, (int)buf_len, gen, gen_size)) goto err; if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_P, &p_out)) || !TEST_BN_eq(p_out, p) || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_A, - &a_out)) + &a_out)) || !TEST_BN_eq(a_out, a) || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_B, - &b_out)) + &b_out)) || !TEST_BN_eq(b_out, b) || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_ORDER, - &order_out)) + &order_out)) || !TEST_BN_eq(order_out, EC_GROUP_get0_order(group))) goto err; if (EC_GROUP_get0_cofactor(group) != NULL) { if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, - OSSL_PKEY_PARAM_EC_COFACTOR, &cofactor_out)) + OSSL_PKEY_PARAM_EC_COFACTOR, &cofactor_out)) || !TEST_BN_eq(cofactor_out, EC_GROUP_get0_cofactor(group))) goto err; } if (EC_GROUP_get0_seed(group) != NULL) { if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_SEED, buf, sizeof(buf), &buf_len)) + OSSL_PKEY_PARAM_EC_SEED, buf, sizeof(buf), &buf_len)) || !TEST_mem_eq(buf, buf_len, EC_GROUP_get0_seed(group), - EC_GROUP_get_seed_len(group))) + EC_GROUP_get_seed_len(group))) goto err; } if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { /* No extra fields should be set for a prime field */ if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) || !TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), - &name_len))) + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), + &name_len))) goto err; } else { #ifndef OPENSSL_NO_EC2M if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) || !TEST_int_eq(EC_GROUP_get_degree(group), i_out) || !TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), - &name_len)) + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), + &name_len)) || !TEST_str_eq(name, basis_name)) goto err; if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) || !TEST_int_eq(k1, i_out) || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out))) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out))) goto err; } else { if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) || !TEST_int_eq(k1, i_out) || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) || !TEST_int_eq(k2, i_out) || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, - OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) || !TEST_int_eq(k3, i_out)) goto err; } @@ -2589,7 +2968,7 @@ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K2)) || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K3)) #endif - ) + ) goto err; ret = 1; err: @@ -2635,7 +3014,7 @@ if (!TEST_ptr(k = BN_CTX_get(ctx)) /* fetch a testing scalar k != 0,1 */ || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, - BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) /* make k even */ || !TEST_true(BN_clear_bit(k, 0)) || !TEST_ptr(G2 = EC_POINT_new(group)) @@ -2644,29 +3023,33 @@ || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) /* pull out the bytes of that */ || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, NULL, - 0, ctx), bsize) + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), + bsize) || !TEST_ptr(b1 = OPENSSL_malloc(bsize)) || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, b1, - bsize, ctx), bsize) + POINT_CONVERSION_UNCOMPRESSED, b1, + bsize, ctx), + bsize) /* new generator is G2 := 2G */ || !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group), - ctx)) + ctx)) || !TEST_true(EC_GROUP_set_generator(group, G2, - EC_GROUP_get0_order(group), - EC_GROUP_get0_cofactor(group))) + EC_GROUP_get0_order(group), + EC_GROUP_get0_cofactor(group))) || !TEST_ptr(Q2 = EC_POINT_new(group)) || !TEST_true(BN_rshift1(k, k)) /* Q2 := k/2 G2 */ || !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx)) || !TEST_int_eq(EC_POINT_point2oct(group, Q2, - POINT_CONVERSION_UNCOMPRESSED, NULL, - 0, ctx), bsize) + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), + bsize) || !TEST_ptr(b2 = OPENSSL_malloc(bsize)) || !TEST_int_eq(EC_POINT_point2oct(group, Q2, - POINT_CONVERSION_UNCOMPRESSED, b2, - bsize, ctx), bsize) + POINT_CONVERSION_UNCOMPRESSED, b2, + bsize, ctx), + bsize) /* Q1 = kG = k/2 G2 = Q2 should hold */ || !TEST_mem_eq(b1, bsize, b2, bsize)) goto err; @@ -2676,7 +3059,7 @@ ret = 1; - err: +err: EC_POINT_free(Q1); EC_POINT_free(Q2); EC_POINT_free(G2); @@ -2707,9 +3090,9 @@ int is_prime = 0; EC_KEY *eckey1 = NULL, *eckey2 = NULL; EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; - EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL; + EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL, *dctx = NULL; size_t sslen, t; - unsigned char *pub1 = NULL , *pub2 = NULL; + unsigned char *pub1 = NULL, *pub2 = NULL; OSSL_PARAM_BLD *param_bld = NULL; OSSL_PARAM *params1 = NULL, *params2 = NULL; @@ -2726,9 +3109,9 @@ BN_CTX_start(ctx); if (!TEST_ptr(p = BN_CTX_get(ctx)) - || !TEST_ptr(a = BN_CTX_get(ctx)) - || !TEST_ptr(b = BN_CTX_get(ctx)) - || !TEST_ptr(k = BN_CTX_get(ctx))) + || !TEST_ptr(a = BN_CTX_get(ctx)) + || !TEST_ptr(b = BN_CTX_get(ctx)) + || !TEST_ptr(k = BN_CTX_get(ctx))) goto err; if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) @@ -2748,21 +3131,22 @@ /* extract parameters from built-in curve */ if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) - || !TEST_ptr(G2 = EC_POINT_new(group)) - /* new generator is G2 := 2G */ - || !TEST_true(EC_POINT_dbl(group, G2, - EC_GROUP_get0_generator(group), ctx)) - /* pull out the bytes of that */ - || !TEST_int_eq(EC_POINT_point2oct(group, G2, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_ptr(buf1 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(group, G2, - POINT_CONVERSION_UNCOMPRESSED, - buf1, bsize, ctx), bsize) - || !TEST_ptr(z = EC_GROUP_get0_order(group)) - || !TEST_ptr(cof = EC_GROUP_get0_cofactor(group)) - ) + || !TEST_ptr(G2 = EC_POINT_new(group)) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, + EC_GROUP_get0_generator(group), ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), + bsize) + || !TEST_ptr(buf1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), + bsize) + || !TEST_ptr(z = EC_GROUP_get0_order(group)) + || !TEST_ptr(cof = EC_GROUP_get0_cofactor(group))) goto err; /* create a new group using same params (but different generator) */ @@ -2780,53 +3164,56 @@ /* set 2*G as the generator of altgroup */ EC_POINT_free(G2); /* discard G2 as it refers to the original group */ if (!TEST_ptr(G2 = EC_POINT_new(altgroup)) - || !TEST_true(EC_POINT_oct2point(altgroup, G2, buf1, bsize, ctx)) - || !TEST_int_eq(EC_POINT_is_on_curve(altgroup, G2, ctx), 1) - || !TEST_true(EC_GROUP_set_generator(altgroup, G2, z, cof)) - ) + || !TEST_true(EC_POINT_oct2point(altgroup, G2, buf1, bsize, ctx)) + || !TEST_int_eq(EC_POINT_is_on_curve(altgroup, G2, ctx), 1) + || !TEST_true(EC_GROUP_set_generator(altgroup, G2, z, cof))) goto err; /* verify math checks out */ if (/* allocate temporary points on group and altgroup */ - !TEST_ptr(Q1 = EC_POINT_new(group)) - || !TEST_ptr(Q2 = EC_POINT_new(altgroup)) - /* fetch a testing scalar k != 0,1 */ - || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, - BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) - /* make k even */ - || !TEST_true(BN_clear_bit(k, 0)) - /* Q1 := kG on group */ - || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) - /* pull out the bytes of that */ - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, - buf1, bsize, ctx), bsize) - /* k := k/2 */ - || !TEST_true(BN_rshift1(k, k)) - /* Q2 := k/2 G2 on altgroup */ - || !TEST_true(EC_POINT_mul(altgroup, Q2, k, NULL, NULL, ctx)) - /* pull out the bytes of that */ - || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_ptr(buf2 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, - POINT_CONVERSION_UNCOMPRESSED, - buf2, bsize, ctx), bsize) - /* Q1 = kG = k/2 G2 = Q2 should hold */ - || !TEST_mem_eq(buf1, bsize, buf2, bsize)) + !TEST_ptr(Q1 = EC_POINT_new(group)) + || !TEST_ptr(Q2 = EC_POINT_new(altgroup)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + /* Q1 := kG on group */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), + bsize) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), + bsize) + /* k := k/2 */ + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 on altgroup */ + || !TEST_true(EC_POINT_mul(altgroup, Q2, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), + bsize) + || !TEST_ptr(buf2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + buf2, bsize, ctx), + bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_mem_eq(buf1, bsize, buf2, bsize)) goto err; /* create two `EC_KEY`s on altgroup */ if (!TEST_ptr(eckey1 = EC_KEY_new()) - || !TEST_true(EC_KEY_set_group(eckey1, altgroup)) - || !TEST_true(EC_KEY_generate_key(eckey1)) - || !TEST_ptr(eckey2 = EC_KEY_new()) - || !TEST_true(EC_KEY_set_group(eckey2, altgroup)) - || !TEST_true(EC_KEY_generate_key(eckey2))) + || !TEST_true(EC_KEY_set_group(eckey1, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey1)) + || !TEST_ptr(eckey2 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey2, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey2))) goto err; /* retrieve priv1 for later */ @@ -2840,51 +3227,55 @@ * define a provider key in the built-in group. */ if (!TEST_true(EC_POINT_mul(group, Q1, priv1, NULL, NULL, ctx)) - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_ptr(pub1 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(group, Q1, - POINT_CONVERSION_UNCOMPRESSED, - pub1, bsize, ctx), bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), + bsize) + || !TEST_ptr(pub1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + pub1, bsize, ctx), + bsize)) goto err; /* retrieve bytes for pub2 for later */ if (!TEST_ptr(Q = EC_KEY_get0_public_key(eckey2)) - || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, ctx), bsize) - || !TEST_ptr(pub2 = OPENSSL_malloc(bsize)) - || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, - POINT_CONVERSION_UNCOMPRESSED, - pub2, bsize, ctx), bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), + bsize) + || !TEST_ptr(pub2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + pub2, bsize, ctx), + bsize)) goto err; /* create two `EVP_PKEY`s from the `EC_KEY`s */ - if(!TEST_ptr(pkey1 = EVP_PKEY_new()) - || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1)) + if (!TEST_ptr(pkey1 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1)) goto err; eckey1 = NULL; /* ownership passed to pkey1 */ - if(!TEST_ptr(pkey2 = EVP_PKEY_new()) - || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1)) + if (!TEST_ptr(pkey2 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1)) goto err; eckey2 = NULL; /* ownership passed to pkey2 */ /* Compute keyexchange in both directions */ if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) - || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) - || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) - || !TEST_int_gt(bsize, sslen) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) + || !TEST_int_gt(bsize, sslen) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) goto err; if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) - || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) - || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) - || !TEST_int_gt(bsize, t) - || !TEST_int_le(sslen, t) - || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) goto err; /* Both sides should expect the same shared secret */ @@ -2893,55 +3284,58 @@ /* Build parameters for provider-native keys */ if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) - || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, - OSSL_PKEY_PARAM_GROUP_NAME, - curve_name, 0)) - || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, - OSSL_PKEY_PARAM_PUB_KEY, - pub1, bsize)) - || !TEST_true(OSSL_PARAM_BLD_push_BN(param_bld, - OSSL_PKEY_PARAM_PRIV_KEY, - priv1)) - || !TEST_ptr(params1 = OSSL_PARAM_BLD_to_param(param_bld))) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub1, bsize)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PRIV_KEY, + priv1)) + || !TEST_ptr(params1 = OSSL_PARAM_BLD_to_param(param_bld))) goto err; OSSL_PARAM_BLD_free(param_bld); if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) - || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, - OSSL_PKEY_PARAM_GROUP_NAME, - curve_name, 0)) - || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, - OSSL_PKEY_PARAM_PUB_KEY, - pub2, bsize)) - || !TEST_ptr(params2 = OSSL_PARAM_BLD_to_param(param_bld))) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub2, bsize)) + || !TEST_ptr(params2 = OSSL_PARAM_BLD_to_param(param_bld))) goto err; /* create two new provider-native `EVP_PKEY`s */ EVP_PKEY_CTX_free(pctx2); if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) - || !TEST_int_eq(EVP_PKEY_fromdata_init(pctx2), 1) - || !TEST_int_eq(EVP_PKEY_fromdata(pctx2, &pkey1, EVP_PKEY_KEYPAIR, - params1), 1) - || !TEST_int_eq(EVP_PKEY_fromdata(pctx2, &pkey2, EVP_PKEY_PUBLIC_KEY, - params2), 1)) + || !TEST_int_eq(EVP_PKEY_fromdata_init(pctx2), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(pctx2, &pkey1, EVP_PKEY_KEYPAIR, + params1), + 1) + || !TEST_int_eq(EVP_PKEY_fromdata(pctx2, &pkey2, EVP_PKEY_PUBLIC_KEY, + params2), + 1)) goto err; /* compute keyexchange once more using the provider keys */ EVP_PKEY_CTX_free(pctx1); if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) - || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) - || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1) - || !TEST_int_gt(bsize, t) - || !TEST_int_le(sslen, t) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1) - /* compare with previous result */ - || !TEST_mem_eq(buf1, t, buf2, sslen)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx1)) + || !TEST_int_eq(EVP_PKEY_derive_set_peer_ex(dctx, pkey2, 1), 1) + || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(dctx, buf1, &t), 1) + /* compare with previous result */ + || !TEST_mem_eq(buf1, t, buf2, sslen)) goto err; ret = 1; - err: +err: BN_CTX_end(ctx); BN_CTX_free(ctx); OSSL_PARAM_BLD_free(param_bld); @@ -2962,49 +3356,50 @@ EVP_PKEY_free(pkey2); EVP_PKEY_CTX_free(pctx1); EVP_PKEY_CTX_free(pctx2); + EVP_PKEY_CTX_free(dctx); return ret; } static int ec_d2i_publickey_test(void) { - unsigned char buf[1000]; - unsigned char *pubkey_enc = buf; - const unsigned char *pk_enc = pubkey_enc; - EVP_PKEY *gen_key = NULL, *decoded_key = NULL; - EVP_PKEY_CTX *pctx = NULL; - int pklen, ret = 0; - OSSL_PARAM params[2]; - - if (!TEST_ptr(gen_key = EVP_EC_gen("P-256"))) - goto err; - - if (!TEST_int_gt(pklen = i2d_PublicKey(gen_key, &pubkey_enc), 0)) - goto err; - - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - "P-256", 0); - params[1] = OSSL_PARAM_construct_end(); - - if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) - || !TEST_true(EVP_PKEY_fromdata_init(pctx)) - || !TEST_true(EVP_PKEY_fromdata(pctx, &decoded_key, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - params)) - || !TEST_ptr(decoded_key) - || !TEST_ptr(decoded_key = d2i_PublicKey(EVP_PKEY_EC, &decoded_key, - &pk_enc, pklen))) - goto err; - - if (!TEST_true(EVP_PKEY_eq(gen_key, decoded_key))) - goto err; - ret = 1; - - err: - EVP_PKEY_CTX_free(pctx); - EVP_PKEY_free(gen_key); - EVP_PKEY_free(decoded_key); - return ret; + unsigned char buf[1000]; + unsigned char *pubkey_enc = buf; + const unsigned char *pk_enc = pubkey_enc; + EVP_PKEY *gen_key = NULL, *decoded_key = NULL; + EVP_PKEY_CTX *pctx = NULL; + int pklen, ret = 0; + OSSL_PARAM params[2]; + + if (!TEST_ptr(gen_key = EVP_EC_gen("P-256"))) + goto err; + + if (!TEST_int_gt(pklen = i2d_PublicKey(gen_key, &pubkey_enc), 0)) + goto err; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + "P-256", 0); + params[1] = OSSL_PARAM_construct_end(); + + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_true(EVP_PKEY_fromdata_init(pctx)) + || !TEST_true(EVP_PKEY_fromdata(pctx, &decoded_key, + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + params)) + || !TEST_ptr(decoded_key) + || !TEST_ptr(decoded_key = d2i_PublicKey(EVP_PKEY_EC, &decoded_key, + &pk_enc, pklen))) + goto err; + + if (!TEST_true(EVP_PKEY_eq(gen_key, decoded_key))) + goto err; + ret = 1; + +err: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(gen_key); + EVP_PKEY_free(decoded_key); + return ret; } int setup_tests(void) --- crypto/openssl/test/endecode_test.c.orig +++ crypto/openssl/test/endecode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,26 +19,26 @@ #include #include -#include "internal/cryptlib.h" /* ossl_assert */ -#include "crypto/pem.h" /* For PVK and "blob" PEM headers */ -#include "crypto/evp.h" /* For evp_pkey_is_provided() */ +#include "internal/cryptlib.h" /* ossl_assert */ +#include "crypto/pem.h" /* For PVK and "blob" PEM headers */ +#include "crypto/evp.h" /* For evp_pkey_is_provided() */ #include "helpers/predefined_dhparams.h" #include "testutil.h" /* Extended test macros to allow passing file & line number */ -#define TEST_FL_ptr(a) test_ptr(file, line, #a, a) -#define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n) -#define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n) +#define TEST_FL_ptr(a) test_ptr(file, line, #a, a) +#define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n) +#define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n) #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n) -#define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b) -#define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b) -#define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b) -#define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b) -#define TEST_FL_true(a) test_true(file, line, #a, (a) != 0) +#define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b) +#define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b) +#define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b) +#define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b) +#define TEST_FL_true(a) test_true(file, line, #a, (a) != 0) #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) -# define OPENSSL_NO_KEYPARAMS +#define OPENSSL_NO_KEYPARAMS #endif static int default_libctx = 1; @@ -60,12 +60,12 @@ static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M static OSSL_PARAM_BLD *bld_tri_nc = NULL; static OSSL_PARAM_BLD *bld_tri = NULL; static OSSL_PARAM *ec_explicit_tri_params_nc = NULL; static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL; -# endif +#endif #endif #ifndef OPENSSL_NO_KEYPARAMS @@ -74,7 +74,7 @@ EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH /* * Use 512-bit DH(X) keys with predetermined parameters for efficiency, * for testing only. Use a minimum key size of 2048 for security purposes. @@ -84,17 +84,17 @@ if (strcmp(type, "X9.42 DH") == 0) return get_dhx512(keyctx); -# endif +#endif /* * No real need to check the errors other than for the cascade * effect. |pkey| will simply remain NULL if something goes wrong. */ (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL - && EVP_PKEY_paramgen_init(ctx) > 0 - && (genparams == NULL - || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) - && EVP_PKEY_generate(ctx, &pkey) > 0); + && EVP_PKEY_paramgen_init(ctx) > 0 + && (genparams == NULL + || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) + && EVP_PKEY_generate(ctx, &pkey) > 0); EVP_PKEY_CTX_free(ctx); return pkey; @@ -103,11 +103,10 @@ #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, - OSSL_PARAM *genparams) + OSSL_PARAM *genparams) { EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = - template != NULL + EVP_PKEY_CTX *ctx = template != NULL ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq) : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq); @@ -116,10 +115,10 @@ * effect. |pkey| will simply remain NULL if something goes wrong. */ (void)(ctx != NULL - && EVP_PKEY_keygen_init(ctx) > 0 - && (genparams == NULL - || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) - && EVP_PKEY_keygen(ctx, &pkey) > 0); + && EVP_PKEY_keygen_init(ctx) > 0 + && (genparams == NULL + || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) + && EVP_PKEY_keygen(ctx, &pkey) > 0); EVP_PKEY_CTX_free(ctx); return pkey; } @@ -127,33 +126,33 @@ /* Main test driver */ -typedef int (encoder)(const char *file, const int line, - void **encoded, long *encoded_len, - void *object, int selection, - const char *output_type, const char *output_structure, - const char *pass, const char *pcipher); -typedef int (decoder)(const char *file, const int line, - void **object, void *encoded, long encoded_len, - const char *input_type, const char *structure_type, - const char *keytype, int selection, const char *pass); -typedef int (tester)(const char *file, const int line, - const void *data1, size_t data1_len, - const void *data2, size_t data2_len); -typedef int (checker)(const char *file, const int line, - const char *type, const void *data, size_t data_len); -typedef void (dumper)(const char *label, const void *data, size_t data_len); - -#define FLAG_DECODE_WITH_TYPE 0x0001 -#define FLAG_FAIL_IF_FIPS 0x0002 +typedef int(encoder)(const char *file, const int line, + void **encoded, long *encoded_len, + void *object, int selection, + const char *output_type, const char *output_structure, + const char *pass, const char *pcipher); +typedef int(decoder)(const char *file, const int line, + void **object, void *encoded, long encoded_len, + const char *input_type, const char *structure_type, + const char *keytype, int selection, const char *pass); +typedef int(tester)(const char *file, const int line, + const void *data1, size_t data1_len, + const void *data2, size_t data2_len); +typedef int(checker)(const char *file, const int line, + const char *type, const void *data, size_t data_len); +typedef void(dumper)(const char *label, const void *data, size_t data_len); + +#define FLAG_DECODE_WITH_TYPE 0x0001 +#define FLAG_FAIL_IF_FIPS 0x0002 static int test_encode_decode(const char *file, const int line, - const char *type, EVP_PKEY *pkey, - int selection, const char *output_type, - const char *output_structure, - const char *pass, const char *pcipher, - encoder *encode_cb, decoder *decode_cb, - tester *test_cb, checker *check_cb, - dumper *dump_cb, int flags) + const char *type, EVP_PKEY *pkey, + int selection, const char *output_type, + const char *output_structure, + const char *pass, const char *pcipher, + encoder *encode_cb, decoder *decode_cb, + tester *test_cb, checker *check_cb, + dumper *dump_cb, int flags) { void *encoded = NULL; long encoded_len = 0; @@ -169,31 +168,31 @@ * dumping purposes. */ if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, - output_type, output_structure, pass, pcipher))) + output_type, output_structure, pass, pcipher))) goto end; if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) { if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, - encoded_len, output_type, output_structure, - (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), - selection, pass))) + encoded_len, output_type, output_structure, + (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), + selection, pass))) ok = 1; goto end; } if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, - output_type, output_structure, - (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), - selection, pass)) + output_type, output_structure, + (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), + selection, pass)) || ((output_structure == NULL - || strcmp(output_structure, "type-specific") != 0) + || strcmp(output_structure, "type-specific") != 0) && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len, - output_type, output_structure, - (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), - 0, pass))) + output_type, output_structure, + (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), + 0, pass))) || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection, - output_type, output_structure, pass, pcipher))) + output_type, output_structure, pass, pcipher))) goto end; if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { @@ -218,7 +217,7 @@ goto end; ok = 1; - end: +end: if (!ok) { if (encoded != NULL && encoded_len != 0) dump_cb("|pkey| encoded", encoded, encoded_len); @@ -236,11 +235,11 @@ /* Encoding and decoding methods */ static int encode_EVP_PKEY_prov(const char *file, const int line, - void **encoded, long *encoded_len, - void *object, int selection, - const char *output_type, - const char *output_structure, - const char *pass, const char *pcipher) + void **encoded, long *encoded_len, + void *object, int selection, + const char *output_type, + const char *output_structure, + const char *pass, const char *pcipher) { EVP_PKEY *pkey = object; OSSL_ENCODER_CTX *ectx = NULL; @@ -250,13 +249,13 @@ int ok = 0; if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, - output_type, - output_structure, - testpropq)) + output_type, + output_structure, + testpropq)) || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0) || (pass != NULL && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass, - strlen(pass)))) + strlen(pass)))) || (pcipher != NULL && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL))) || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) @@ -270,18 +269,18 @@ mem_buf->data = NULL; mem_buf->length = 0; ok = 1; - end: +end: BIO_free(mem_ser); OSSL_ENCODER_CTX_free(ectx); return ok; } static int decode_EVP_PKEY_prov(const char *file, const int line, - void **object, void *encoded, long encoded_len, - const char *input_type, - const char *structure_type, - const char *keytype, int selection, - const char *pass) + void **object, void *encoded, long encoded_len, + const char *input_type, + const char *structure_type, + const char *keytype, int selection, + const char *pass) { EVP_PKEY *pkey = NULL, *testpkey = NULL; OSSL_DECODER_CTX *dctx = NULL; @@ -311,17 +310,17 @@ : ((i == 1) ? NULL : badtype); if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey, - testtype, - structure_type, - keytype, - selection, - testctx, testpropq)) + testtype, + structure_type, + keytype, + selection, + testctx, testpropq)) || (pass != NULL && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass))) || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0) - /* We expect to fail when using a bad input type */ + /* We expect to fail when using a bad input type */ || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio), - (i == 2) ? 0 : 1)) + (i == 2) ? 0 : 1)) goto end; OSSL_DECODER_CTX_free(dctx); dctx = NULL; @@ -343,7 +342,7 @@ *object = pkey; pkey = NULL; - end: +end: EVP_PKEY_free(pkey); EVP_PKEY_free(testpkey); BIO_free(encoded_bio); @@ -352,11 +351,11 @@ } static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line, - void **encoded, long *encoded_len, - void *object, ossl_unused int selection, - ossl_unused const char *output_type, - ossl_unused const char *output_structure, - const char *pass, const char *pcipher) + void **encoded, long *encoded_len, + void *object, ossl_unused int selection, + ossl_unused const char *output_type, + ossl_unused const char *output_structure, + const char *pass, const char *pcipher) { EVP_PKEY *pkey = object; EVP_CIPHER *cipher = NULL; @@ -373,9 +372,9 @@ } if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey, - cipher, - upass, passlen, - NULL, NULL)) + cipher, + upass, passlen, + NULL, NULL)) || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) || !TEST_FL_ptr(*encoded = mem_buf->data) || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) @@ -385,19 +384,19 @@ mem_buf->data = NULL; mem_buf->length = 0; ok = 1; - end: +end: BIO_free(mem_ser); EVP_CIPHER_free(cipher); return ok; } static int encode_EVP_PKEY_MSBLOB(const char *file, const int line, - void **encoded, long *encoded_len, - void *object, int selection, - ossl_unused const char *output_type, - ossl_unused const char *output_structure, - ossl_unused const char *pass, - ossl_unused const char *pcipher) + void **encoded, long *encoded_len, + void *object, int selection, + ossl_unused const char *output_type, + ossl_unused const char *output_structure, + ossl_unused const char *pass, + ossl_unused const char *pcipher) { EVP_PKEY *pkey = object; BIO *mem_ser = NULL; @@ -424,7 +423,7 @@ mem_buf->data = NULL; mem_buf->length = 0; ok = 1; - end: +end: BIO_free(mem_ser); return ok; } @@ -437,12 +436,12 @@ } static int encode_EVP_PKEY_PVK(const char *file, const int line, - void **encoded, long *encoded_len, - void *object, int selection, - ossl_unused const char *output_type, - ossl_unused const char *output_structure, - const char *pass, - ossl_unused const char *pcipher) + void **encoded, long *encoded_len, + void *object, int selection, + ossl_unused const char *output_type, + ossl_unused const char *output_structure, + const char *pass, + ossl_unused const char *pcipher) { EVP_PKEY *pkey = object; BIO *mem_ser = NULL; @@ -451,10 +450,12 @@ int ok = 0; if (!TEST_FL_true(ossl_assert((selection - & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)) + & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) + != 0)) || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc, - pass_pw, (void *)pass, testctx, testpropq), 0) + pass_pw, (void *)pass, testctx, testpropq), + 0) || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) || !TEST_FL_ptr(*encoded = mem_buf->data) || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) @@ -464,21 +465,21 @@ mem_buf->data = NULL; mem_buf->length = 0; ok = 1; - end: +end: BIO_free(mem_ser); return ok; } static int test_text(const char *file, const int line, - const void *data1, size_t data1_len, - const void *data2, size_t data2_len) + const void *data1, size_t data1_len, + const void *data2, size_t data2_len) { return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len); } static int test_mem(const char *file, const int line, - const void *data1, size_t data1_len, - const void *data2, size_t data2_len) + const void *data1, size_t data1_len, + const void *data2, size_t data2_len) { return TEST_FL_mem_eq(data1, data1_len, data2, data2_len); } @@ -519,12 +520,11 @@ } static int check_unprotected_PKCS8_DER(const char *file, const int line, - const char *type, - const void *data, size_t data_len) + const char *type, + const void *data, size_t data_len) { const unsigned char *datap = data; - PKCS8_PRIV_KEY_INFO *p8inf = - d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len); + PKCS8_PRIV_KEY_INFO *p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len); int ok = 0; if (TEST_FL_ptr(p8inf)) { @@ -549,39 +549,38 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "DER", "PrivateKeyInfo", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_mem, check_unprotected_PKCS8_DER, - dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, + "DER", "PrivateKeyInfo", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_unprotected_PKCS8_DER, + dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_unprotected_PKCS8_PEM(const char *file, const int line, - const char *type, - const void *data, size_t data_len) + const char *type, + const void *data, size_t data_len) { - static const char expected_pem_header[] = - "-----BEGIN " PEM_STRING_PKCS8INF "-----"; + static const char expected_pem_header[] = "-----BEGIN " PEM_STRING_PKCS8INF "-----"; return TEST_FL_strn_eq(data, expected_pem_header, - sizeof(expected_pem_header) - 1); + sizeof(expected_pem_header) - 1); } static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "PEM", "PrivateKeyInfo", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_text, check_unprotected_PKCS8_PEM, - dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, + "PEM", "PrivateKeyInfo", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_unprotected_PKCS8_PEM, + dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); } #ifndef OPENSSL_NO_KEYPARAMS static int check_params_DER(const char *file, const int line, - const char *type, const void *data, size_t data_len) + const char *type, const void *data, size_t data_len) { const unsigned char *datap = data; int ok = 0; @@ -592,9 +591,9 @@ itype = EVP_PKEY_DH; else if (strcmp(type, "X9.42 DH") == 0) itype = EVP_PKEY_DHX; - else if (strcmp(type, "DSA") == 0) + else if (strcmp(type, "DSA") == 0) itype = EVP_PKEY_DSA; - else if (strcmp(type, "EC") == 0) + else if (strcmp(type, "EC") == 0) itype = EVP_PKEY_EC; if (itype != NID_undef) { @@ -607,47 +606,47 @@ } static int check_params_PEM(const char *file, const int line, - const char *type, - const void *data, size_t data_len) + const char *type, + const void *data, size_t data_len) { static char expected_pem_header[80]; - return - TEST_FL_int_gt(BIO_snprintf(expected_pem_header, - sizeof(expected_pem_header), - "-----BEGIN %s PARAMETERS-----", type), 0) + return TEST_FL_int_gt(BIO_snprintf(expected_pem_header, + sizeof(expected_pem_header), + "-----BEGIN %s PARAMETERS-----", type), + 0) && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); } static int test_params_via_DER(const char *type, EVP_PKEY *key) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "DER", "type-specific", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_mem, check_params_DER, - dump_der, FLAG_DECODE_WITH_TYPE); + "DER", "type-specific", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_params_DER, + dump_der, FLAG_DECODE_WITH_TYPE); } static int test_params_via_PEM(const char *type, EVP_PKEY *key) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "PEM", "type-specific", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_text, check_params_PEM, - dump_pem, 0); + "PEM", "type-specific", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_params_PEM, + dump_pem, 0); } #endif /* !OPENSSL_NO_KEYPARAMS */ static int check_unprotected_legacy_PEM(const char *file, const int line, - const char *type, - const void *data, size_t data_len) + const char *type, + const void *data, size_t data_len) { static char expected_pem_header[80]; - return - TEST_FL_int_gt(BIO_snprintf(expected_pem_header, - sizeof(expected_pem_header), - "-----BEGIN %s PRIVATE KEY-----", type), 0) + return TEST_FL_int_gt(BIO_snprintf(expected_pem_header, + sizeof(expected_pem_header), + "-----BEGIN %s PRIVATE KEY-----", type), + 0) && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); } @@ -657,16 +656,16 @@ return TEST_skip("Test not available if using a non-default library context or FIPS provider"); return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "PEM", "type-specific", NULL, NULL, - encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, - test_text, check_unprotected_legacy_PEM, - dump_pem, 0); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + "PEM", "type-specific", NULL, NULL, + encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, + test_text, check_unprotected_legacy_PEM, + dump_pem, 0); } static int check_MSBLOB(const char *file, const int line, - const char *type, const void *data, size_t data_len) + const char *type, const void *data, size_t data_len) { const unsigned char *datap = data; EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len); @@ -679,16 +678,16 @@ static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key) { return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "MSBLOB", NULL, NULL, NULL, - encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, - test_mem, check_MSBLOB, - dump_der, 0); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + "MSBLOB", NULL, NULL, NULL, + encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, + test_mem, check_MSBLOB, + dump_der, 0); } static int check_PVK(const char *file, const int line, - const char *type, const void *data, size_t data_len) + const char *type, const void *data, size_t data_len) { const unsigned char *in = data; unsigned int saltlen = 0, keylen = 0; @@ -700,20 +699,20 @@ static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key) { return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "PVK", NULL, NULL, NULL, - encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, - test_mem, check_PVK, - dump_der, 0); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + "PVK", NULL, NULL, NULL, + encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, + test_mem, check_PVK, + dump_der, 0); } static const char *pass_cipher = "AES-256-CBC"; static const char *pass = "the holy handgrenade of antioch"; static int check_protected_PKCS8_DER(const char *file, const int line, - const char *type, - const void *data, size_t data_len) + const char *type, + const void *data, size_t data_len) { const unsigned char *datap = data; X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len); @@ -726,48 +725,47 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "DER", "EncryptedPrivateKeyInfo", - pass, pass_cipher, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_mem, check_protected_PKCS8_DER, - dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + "DER", "EncryptedPrivateKeyInfo", + pass, pass_cipher, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_protected_PKCS8_DER, + dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_protected_PKCS8_PEM(const char *file, const int line, - const char *type, - const void *data, size_t data_len) + const char *type, + const void *data, size_t data_len) { - static const char expected_pem_header[] = - "-----BEGIN " PEM_STRING_PKCS8 "-----"; + static const char expected_pem_header[] = "-----BEGIN " PEM_STRING_PKCS8 "-----"; return TEST_FL_strn_eq(data, expected_pem_header, - sizeof(expected_pem_header) - 1); + sizeof(expected_pem_header) - 1); } static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "PEM", "EncryptedPrivateKeyInfo", - pass, pass_cipher, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_text, check_protected_PKCS8_PEM, - dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + "PEM", "EncryptedPrivateKeyInfo", + pass, pass_cipher, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_protected_PKCS8_PEM, + dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_protected_legacy_PEM(const char *file, const int line, - const char *type, - const void *data, size_t data_len) + const char *type, + const void *data, size_t data_len) { static char expected_pem_header[80]; - return - TEST_FL_int_gt(BIO_snprintf(expected_pem_header, - sizeof(expected_pem_header), - "-----BEGIN %s PRIVATE KEY-----", type), 0) + return TEST_FL_int_gt(BIO_snprintf(expected_pem_header, + sizeof(expected_pem_header), + "-----BEGIN %s PRIVATE KEY-----", type), + 0) && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)) && TEST_FL_ptr(strstr(data, "\nDEK-Info: ")); } @@ -778,12 +776,12 @@ return TEST_skip("Test not available if using a non-default library context or FIPS provider"); return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "PEM", "type-specific", pass, pass_cipher, - encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, - test_text, check_protected_legacy_PEM, - dump_pem, 0); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + "PEM", "type-specific", pass, pass_cipher, + encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, + test_text, check_protected_legacy_PEM, + dump_pem, 0); } #ifndef OPENSSL_NO_RC4 @@ -795,18 +793,18 @@ return TEST_skip("Legacy provider not available"); ret = test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "PVK", NULL, pass, NULL, - encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, - test_mem, check_PVK, dump_der, 0); + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + "PVK", NULL, pass, NULL, + encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, + test_mem, check_PVK, dump_der, 0); OSSL_PROVIDER_unload(lgcyprov); return ret; } #endif static int check_public_DER(const char *file, const int line, - const char *type, const void *data, size_t data_len) + const char *type, const void *data, size_t data_len) { const unsigned char *datap = data; EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq); @@ -819,39 +817,37 @@ static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_PUBLIC_KEY - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "DER", "SubjectPublicKeyInfo", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_mem, check_public_DER, dump_der, - fips ? 0 : FLAG_FAIL_IF_FIPS); + OSSL_KEYMGMT_SELECT_PUBLIC_KEY + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, + "DER", "SubjectPublicKeyInfo", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_mem, check_public_DER, dump_der, + fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_public_PEM(const char *file, const int line, - const char *type, const void *data, size_t data_len) + const char *type, const void *data, size_t data_len) { - static const char expected_pem_header[] = - "-----BEGIN " PEM_STRING_PUBLIC "-----"; + static const char expected_pem_header[] = "-----BEGIN " PEM_STRING_PUBLIC "-----"; - return - TEST_FL_strn_eq(data, expected_pem_header, - sizeof(expected_pem_header) - 1); + return TEST_FL_strn_eq(data, expected_pem_header, + sizeof(expected_pem_header) - 1); } static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_PUBLIC_KEY - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "PEM", "SubjectPublicKeyInfo", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_text, check_public_PEM, dump_pem, - fips ? 0 : FLAG_FAIL_IF_FIPS); + OSSL_KEYMGMT_SELECT_PUBLIC_KEY + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, + "PEM", "SubjectPublicKeyInfo", NULL, NULL, + encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, + test_text, check_public_PEM, dump_pem, + fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_public_MSBLOB(const char *file, const int line, - const char *type, - const void *data, size_t data_len) + const char *type, + const void *data, size_t data_len) { const unsigned char *datap = data; EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len); @@ -863,126 +859,121 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) { - return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "MSBLOB", NULL, NULL, NULL, - encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, - test_mem, check_public_MSBLOB, dump_der, 0); + return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + "MSBLOB", NULL, NULL, NULL, + encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, + test_mem, check_public_MSBLOB, dump_der, 0); } -#define KEYS(KEYTYPE) \ +#define KEYS(KEYTYPE) \ static EVP_PKEY *key_##KEYTYPE = NULL -#define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \ - ok = ok \ +#define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \ + ok = ok \ && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params)) -#define FREE_KEYS(KEYTYPE) \ - EVP_PKEY_free(key_##KEYTYPE); \ +#define FREE_KEYS(KEYTYPE) \ + EVP_PKEY_free(key_##KEYTYPE); #define DOMAIN_KEYS(KEYTYPE) \ static EVP_PKEY *template_##KEYTYPE = NULL; \ static EVP_PKEY *key_##KEYTYPE = NULL -#define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \ - ok = ok \ - && TEST_ptr(template_##KEYTYPE = \ - make_template(KEYTYPEstr, params)) \ - && TEST_ptr(key_##KEYTYPE = \ - make_key(KEYTYPEstr, template_##KEYTYPE, NULL)) -#define FREE_DOMAIN_KEYS(KEYTYPE) \ - EVP_PKEY_free(template_##KEYTYPE); \ +#define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \ + ok = ok \ + && TEST_ptr(template_##KEYTYPE = make_template(KEYTYPEstr, params)) \ + && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, template_##KEYTYPE, NULL)) +#define FREE_DOMAIN_KEYS(KEYTYPE) \ + EVP_PKEY_free(template_##KEYTYPE); \ EVP_PKEY_free(key_##KEYTYPE) -#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ - static int test_unprotected_##KEYTYPE##_via_DER(void) \ - { \ +#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ + static int test_unprotected_##KEYTYPE##_via_DER(void) \ + { \ return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_unprotected_##KEYTYPE##_via_PEM(void) \ - { \ + } \ + static int test_unprotected_##KEYTYPE##_via_PEM(void) \ + { \ return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_protected_##KEYTYPE##_via_DER(void) \ - { \ - return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_protected_##KEYTYPE##_via_PEM(void) \ - { \ - return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_public_##KEYTYPE##_via_DER(void) \ - { \ - return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_public_##KEYTYPE##_via_PEM(void) \ - { \ - return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_protected_##KEYTYPE##_via_DER(void) \ + { \ + return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_protected_##KEYTYPE##_via_PEM(void) \ + { \ + return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_public_##KEYTYPE##_via_DER(void) \ + { \ + return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ + } \ + static int test_public_##KEYTYPE##_via_PEM(void) \ + { \ + return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ } -#define ADD_TEST_SUITE(KEYTYPE) \ - ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \ - ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \ - ADD_TEST(test_protected_##KEYTYPE##_via_DER); \ - ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \ - ADD_TEST(test_public_##KEYTYPE##_via_DER); \ +#define ADD_TEST_SUITE(KEYTYPE) \ + ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \ + ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \ + ADD_TEST(test_protected_##KEYTYPE##_via_DER); \ + ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \ + ADD_TEST(test_public_##KEYTYPE##_via_DER); \ ADD_TEST(test_public_##KEYTYPE##_via_PEM) -#define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \ - static int test_params_##KEYTYPE##_via_DER(void) \ - { \ - return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \ - } \ - static int test_params_##KEYTYPE##_via_PEM(void) \ - { \ - return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ +#define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \ + static int test_params_##KEYTYPE##_via_DER(void) \ + { \ + return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \ + } \ + static int test_params_##KEYTYPE##_via_PEM(void) \ + { \ + return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ } -#define ADD_TEST_SUITE_PARAMS(KEYTYPE) \ - ADD_TEST(test_params_##KEYTYPE##_via_DER); \ +#define ADD_TEST_SUITE_PARAMS(KEYTYPE) \ + ADD_TEST(test_params_##KEYTYPE##_via_DER); \ ADD_TEST(test_params_##KEYTYPE##_via_PEM) -#define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \ - static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \ - { \ - return \ - test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ - } \ - static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \ - { \ - return \ - test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ +#define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \ + static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \ + { \ + return test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ + } \ + static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \ + { \ + return test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ } -#define ADD_TEST_SUITE_LEGACY(KEYTYPE) \ - ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \ +#define ADD_TEST_SUITE_LEGACY(KEYTYPE) \ + ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \ ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM) -#define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \ - static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \ - { \ - return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ - } \ - static int test_public_##KEYTYPE##_via_MSBLOB(void) \ - { \ - return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ +#define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \ + static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \ + { \ + return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ + } \ + static int test_public_##KEYTYPE##_via_MSBLOB(void) \ + { \ + return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ } -#define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \ - ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \ +#define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \ + ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \ ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB) -#define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ - static int test_unprotected_##KEYTYPE##_via_PVK(void) \ - { \ - return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ +#define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ + static int test_unprotected_##KEYTYPE##_via_PVK(void) \ + { \ + return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ } -# define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \ +#define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \ ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK) #ifndef OPENSSL_NO_RC4 -# define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ - static int test_protected_##KEYTYPE##_via_PVK(void) \ - { \ - return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ +#define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ + static int test_protected_##KEYTYPE##_via_PVK(void) \ + { \ + return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ } -# define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \ +#define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \ ADD_TEST(test_protected_##KEYTYPE##_via_PVK) #endif @@ -1005,9 +996,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA") -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") -# endif +#endif #endif #ifndef OPENSSL_NO_EC DOMAIN_KEYS(EC); @@ -1020,18 +1011,18 @@ DOMAIN_KEYS(ECExplicitPrime2G); IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") DOMAIN_KEYS(ECExplicitTri2G); IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") -# endif -# ifndef OPENSSL_NO_SM2 +#endif +#ifndef OPENSSL_NO_SM2 KEYS(SM2); IMPLEMENT_TEST_SUITE(SM2, "SM2", 0) -# endif +#endif KEYS(ED25519); IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) KEYS(ED448); @@ -1063,8 +1054,8 @@ #ifndef OPENSSL_NO_EC /* Explicit parameters that match a named curve */ static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld, - const unsigned char *gen, - size_t gen_len) + const unsigned char *gen, + size_t gen_len) { BIGNUM *a, *b, *prime, *order; @@ -1101,27 +1092,27 @@ 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51 }; return TEST_ptr(a = BN_CTX_get(bnctx)) - && TEST_ptr(b = BN_CTX_get(bnctx)) - && TEST_ptr(prime = BN_CTX_get(bnctx)) - && TEST_ptr(order = BN_CTX_get(bnctx)) - && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime)) - && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) - && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) - && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) - && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field, - 0)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, - OSSL_PKEY_PARAM_EC_ORDER, order)) - && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) - && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed))) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, - BN_value_one())); + && TEST_ptr(b = BN_CTX_get(bnctx)) + && TEST_ptr(prime = BN_CTX_get(bnctx)) + && TEST_ptr(order = BN_CTX_get(bnctx)) + && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime)) + && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) + && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) + && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) + && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field, + 0)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, + OSSL_PKEY_PARAM_EC_ORDER, order)) + && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) + && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed))) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, + BN_value_one())); } static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld) @@ -1138,7 +1129,7 @@ 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 }; return do_create_ec_explicit_prime_params(bld, prime256v1_gen, - sizeof(prime256v1_gen)); + sizeof(prime256v1_gen)); } static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld) @@ -1156,20 +1147,47 @@ 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55 }; return do_create_ec_explicit_prime_params(bld, prime256v1_gen2, - sizeof(prime256v1_gen2)); + sizeof(prime256v1_gen2)); } -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld, - const unsigned char *gen, - size_t gen_len) + const unsigned char *gen, + size_t gen_len) { BIGNUM *a, *b, *poly, *order, *cofactor; /* sect233k1 characteristic-two-field tpBasis */ static const unsigned char poly_data[] = { - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x02, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x04, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x01, }; static const unsigned char a_data[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1186,31 +1204,31 @@ 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF }; - static const unsigned char cofactor_data[]= { + static const unsigned char cofactor_data[] = { 0x4 }; return TEST_ptr(a = BN_CTX_get(bnctx)) - && TEST_ptr(b = BN_CTX_get(bnctx)) - && TEST_ptr(poly = BN_CTX_get(bnctx)) - && TEST_ptr(order = BN_CTX_get(bnctx)) - && TEST_ptr(cofactor = BN_CTX_get(bnctx)) - && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly)) - && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) - && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) - && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) - && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor)) - && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, - SN_X9_62_characteristic_two_field, 0)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, - OSSL_PKEY_PARAM_EC_ORDER, order)) - && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) - && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, - cofactor)); + && TEST_ptr(b = BN_CTX_get(bnctx)) + && TEST_ptr(poly = BN_CTX_get(bnctx)) + && TEST_ptr(order = BN_CTX_get(bnctx)) + && TEST_ptr(cofactor = BN_CTX_get(bnctx)) + && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly)) + && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) + && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) + && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) + && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor)) + && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, + SN_X9_62_characteristic_two_field, 0)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, + OSSL_PKEY_PARAM_EC_ORDER, order)) + && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) + && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, + cofactor)); } static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld) @@ -1240,7 +1258,29 @@ }; return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2)); } -# endif /* OPENSSL_NO_EC2M */ +#endif /* OPENSSL_NO_EC2M */ + +/* + * Test that multiple calls to OSSL_ENCODER_to_data() do not cause side effects + */ +static int ec_encode_to_data_multi(void) +{ + int ret; + OSSL_ENCODER_CTX *ectx = NULL; + EVP_PKEY *key = NULL; + uint8_t *enc = NULL; + size_t enc_len = 0; + + ret = TEST_ptr(key = EVP_PKEY_Q_keygen(testctx, "", "EC", "P-256")) + && TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(key, EVP_PKEY_KEYPAIR, + "DER", NULL, NULL)) + && TEST_int_eq(OSSL_ENCODER_to_data(ectx, NULL, &enc_len), 1) + && TEST_int_eq(OSSL_ENCODER_to_data(ectx, &enc, &enc_len), 1); + OPENSSL_free(enc); + EVP_PKEY_free(key); + OSSL_ENCODER_CTX_free(ectx); + return ret; +} #endif /* OPENSSL_NO_EC */ typedef enum OPTION_choice { @@ -1259,15 +1299,15 @@ static const OPTIONS options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, { "context", OPT_CONTEXT, '-', - "Explicitly use a non-default library context" }, + "Explicitly use a non-default library context" }, { "rsa", OPT_RSA_FILE, '<', - "PEM format RSA key file to encode/decode" }, + "PEM format RSA key file to encode/decode" }, { "pss", OPT_RSA_PSS_FILE, '<', - "PEM format RSA-PSS key file to encode/decode" }, + "PEM format RSA-PSS key file to encode/decode" }, { "config", OPT_CONFIG_FILE, '<', - "The configuration file to use for the library context" }, + "The configuration file to use for the library context" }, { "provider", OPT_PROVIDER_NAME, 's', - "The provider to load (The default value is 'default')" }, + "The provider to load (The default value is 'default')" }, { NULL } }; return options; @@ -1282,7 +1322,7 @@ int ok = 1; #ifndef OPENSSL_NO_DSA - static size_t qbits = 160; /* PVK only tolerates 160 Q bits */ + static size_t qbits = 160; /* PVK only tolerates 160 Q bits */ static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */ OSSL_PARAM DSA_params[] = { OSSL_PARAM_size_t("pbits", &pbits), @@ -1353,15 +1393,15 @@ || !create_ec_explicit_prime_params(bld_prime) || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc) || !create_ec_explicit_trinomial_params(bld_tri) || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc)) || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri)) -# endif - ) +#endif + ) return 0; #endif @@ -1381,13 +1421,13 @@ MAKE_DOMAIN_KEYS(EC, "EC", EC_params); MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); -# endif -# ifndef OPENSSL_NO_SM2 +#endif +#ifndef OPENSSL_NO_SM2 MAKE_KEYS(SM2, "SM2", NULL); -# endif +#endif MAKE_KEYS(ED25519, "ED25519", NULL); MAKE_KEYS(ED448, "ED448", NULL); MAKE_KEYS(X25519, "X25519", NULL); @@ -1416,11 +1456,12 @@ ADD_TEST_SUITE_LEGACY(DSA); ADD_TEST_SUITE_MSBLOB(DSA); ADD_TEST_SUITE_UNPROTECTED_PVK(DSA); -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 ADD_TEST_SUITE_PROTECTED_PVK(DSA); -# endif +#endif #endif #ifndef OPENSSL_NO_EC + ADD_TEST(ec_encode_to_data_multi); ADD_TEST_SUITE(EC); ADD_TEST_SUITE_PARAMS(EC); ADD_TEST_SUITE_LEGACY(EC); @@ -1428,18 +1469,18 @@ ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); ADD_TEST_SUITE(ECExplicitPrime2G); ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M ADD_TEST_SUITE(ECExplicitTriNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); ADD_TEST_SUITE(ECExplicitTri2G); ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); -# endif -# ifndef OPENSSL_NO_SM2 +#endif +#ifndef OPENSSL_NO_SM2 if (!is_fips_3_0_0) { /* 3.0.0 FIPS provider imports explicit EC params and then fails. */ ADD_TEST_SUITE(SM2); } -# endif +#endif ADD_TEST_SUITE(ED25519); ADD_TEST_SUITE(ED448); ADD_TEST_SUITE(X25519); @@ -1458,9 +1499,9 @@ */ ADD_TEST_SUITE_MSBLOB(RSA); ADD_TEST_SUITE_UNPROTECTED_PVK(RSA); -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 ADD_TEST_SUITE_PROTECTED_PVK(RSA); -# endif +#endif } return 1; @@ -1473,12 +1514,12 @@ OSSL_PARAM_free(ec_explicit_prime_params_explicit); OSSL_PARAM_BLD_free(bld_prime_nc); OSSL_PARAM_BLD_free(bld_prime); -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M OSSL_PARAM_free(ec_explicit_tri_params_nc); OSSL_PARAM_free(ec_explicit_tri_params_explicit); OSSL_PARAM_BLD_free(bld_tri_nc); OSSL_PARAM_BLD_free(bld_tri); -# endif +#endif BN_CTX_free(bnctx); #endif /* OPENSSL_NO_EC */ @@ -1493,13 +1534,13 @@ FREE_DOMAIN_KEYS(EC); FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); FREE_DOMAIN_KEYS(ECExplicitPrime2G); -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); FREE_DOMAIN_KEYS(ECExplicitTri2G); -# endif -# ifndef OPENSSL_NO_SM2 +#endif +#ifndef OPENSSL_NO_SM2 FREE_KEYS(SM2); -# endif +#endif FREE_KEYS(ED25519); FREE_KEYS(ED448); FREE_KEYS(X25519); --- crypto/openssl/test/endecoder_legacy_test.c.orig +++ crypto/openssl/test/endecoder_legacy_test.c @@ -51,7 +51,7 @@ #include #include #ifndef OPENSSL_NO_DEPRECATED_3_0 -# include +#include #endif #include "internal/nelem.h" #include "crypto/evp.h" @@ -59,14 +59,14 @@ #include "testutil.h" typedef int PEM_write_bio_of_void_protected(BIO *out, const void *obj, - const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u); + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); typedef int PEM_write_bio_of_void_unprotected(BIO *out, const void *obj); typedef void *PEM_read_bio_of_void(BIO *out, void **obj, - pem_password_cb *cb, void *u); + pem_password_cb *cb, void *u); typedef int EVP_PKEY_print_fn(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); + int indent, ASN1_PCTX *pctx); typedef int EVP_PKEY_eq_fn(const EVP_PKEY *a, const EVP_PKEY *b); static struct test_stanza_st { @@ -94,95 +94,99 @@ } test_stanzas[] = { #ifndef OPENSSL_NO_DH { "DH", { "DH", "type-specific" }, EVP_PKEY_DH, - NULL, /* No i2d_DHPrivateKey */ - NULL, /* No i2d_DHPublicKey */ - (i2d_of_void *)i2d_DHparams, - NULL, /* No i2d_DH_PUBKEY */ - NULL, /* No PEM_write_bio_DHPrivateKey */ - NULL, /* No PEM_write_bio_DHPublicKey */ - (PEM_write_bio_of_void_unprotected *)PEM_write_bio_DHparams, - NULL, /* No PEM_write_bio_DH_PUBKEY */ - NULL, /* No d2i_DHPrivateKey */ - NULL, /* No d2i_DHPublicKey */ - (d2i_of_void *)d2i_DHparams, - NULL, /* No d2i_DH_PUBKEY */ - NULL, /* No PEM_read_bio_DHPrivateKey */ - NULL, /* No PEM_read_bio_DHPublicKey */ - (PEM_read_bio_of_void *)PEM_read_bio_DHparams, - NULL }, /* No PEM_read_bio_DH_PUBKEY */ + NULL, /* No i2d_DHPrivateKey */ + NULL, /* No i2d_DHPublicKey */ + (i2d_of_void *)i2d_DHparams, + NULL, /* No i2d_DH_PUBKEY */ + NULL, /* No PEM_write_bio_DHPrivateKey */ + NULL, /* No PEM_write_bio_DHPublicKey */ + (PEM_write_bio_of_void_unprotected *)PEM_write_bio_DHparams, + NULL, /* No PEM_write_bio_DH_PUBKEY */ + NULL, /* No d2i_DHPrivateKey */ + NULL, /* No d2i_DHPublicKey */ + (d2i_of_void *)d2i_DHparams, + NULL, /* No d2i_DH_PUBKEY */ + NULL, /* No PEM_read_bio_DHPrivateKey */ + NULL, /* No PEM_read_bio_DHPublicKey */ + (PEM_read_bio_of_void *)PEM_read_bio_DHparams, + NULL }, /* No PEM_read_bio_DH_PUBKEY */ { "DHX", { "DHX", "type-specific" }, EVP_PKEY_DHX, - NULL, /* No i2d_DHxPrivateKey */ - NULL, /* No i2d_DHxPublicKey */ - (i2d_of_void *)i2d_DHxparams, - NULL, /* No i2d_DHx_PUBKEY */ - NULL, /* No PEM_write_bio_DHxPrivateKey */ - NULL, /* No PEM_write_bio_DHxPublicKey */ - (PEM_write_bio_of_void_unprotected *)PEM_write_bio_DHxparams, - NULL, /* No PEM_write_bio_DHx_PUBKEY */ - NULL, /* No d2i_DHxPrivateKey */ - NULL, /* No d2i_DHxPublicKey */ - (d2i_of_void *)d2i_DHxparams, - NULL, /* No d2i_DHx_PUBKEY */ - NULL, /* No PEM_read_bio_DHxPrivateKey */ - NULL, /* No PEM_read_bio_DHxPublicKey */ - NULL, /* No PEM_read_bio_DHxparams */ - NULL }, /* No PEM_read_bio_DHx_PUBKEY */ + NULL, /* No i2d_DHxPrivateKey */ + NULL, /* No i2d_DHxPublicKey */ + (i2d_of_void *)i2d_DHxparams, + NULL, /* No i2d_DHx_PUBKEY */ + NULL, /* No PEM_write_bio_DHxPrivateKey */ + NULL, /* No PEM_write_bio_DHxPublicKey */ + (PEM_write_bio_of_void_unprotected *)PEM_write_bio_DHxparams, + NULL, /* No PEM_write_bio_DHx_PUBKEY */ + NULL, /* No d2i_DHxPrivateKey */ + NULL, /* No d2i_DHxPublicKey */ + (d2i_of_void *)d2i_DHxparams, + NULL, /* No d2i_DHx_PUBKEY */ + NULL, /* No PEM_read_bio_DHxPrivateKey */ + NULL, /* No PEM_read_bio_DHxPublicKey */ + NULL, /* No PEM_read_bio_DHxparams */ + NULL }, /* No PEM_read_bio_DHx_PUBKEY */ #endif #ifndef OPENSSL_NO_DSA { "DSA", { "DSA", "type-specific" }, EVP_PKEY_DSA, - (i2d_of_void *)i2d_DSAPrivateKey, - (i2d_of_void *)i2d_DSAPublicKey, - (i2d_of_void *)i2d_DSAparams, - (i2d_of_void *)i2d_DSA_PUBKEY, - (PEM_write_bio_of_void_protected *)PEM_write_bio_DSAPrivateKey, - NULL, /* No PEM_write_bio_DSAPublicKey */ - (PEM_write_bio_of_void_unprotected *)PEM_write_bio_DSAparams, - (PEM_write_bio_of_void_unprotected *)PEM_write_bio_DSA_PUBKEY, - (d2i_of_void *)d2i_DSAPrivateKey, - (d2i_of_void *)d2i_DSAPublicKey, - (d2i_of_void *)d2i_DSAparams, - (d2i_of_void *)d2i_DSA_PUBKEY, - (PEM_read_bio_of_void *)PEM_read_bio_DSAPrivateKey, - NULL, /* No PEM_write_bio_DSAPublicKey */ - (PEM_read_bio_of_void *)PEM_read_bio_DSAparams, - (PEM_read_bio_of_void *)PEM_read_bio_DSA_PUBKEY }, + (i2d_of_void *)i2d_DSAPrivateKey, + (i2d_of_void *)i2d_DSAPublicKey, + (i2d_of_void *)i2d_DSAparams, + (i2d_of_void *)i2d_DSA_PUBKEY, + (PEM_write_bio_of_void_protected *)PEM_write_bio_DSAPrivateKey, + NULL, /* No PEM_write_bio_DSAPublicKey */ + (PEM_write_bio_of_void_unprotected *)PEM_write_bio_DSAparams, + (PEM_write_bio_of_void_unprotected *)PEM_write_bio_DSA_PUBKEY, + (d2i_of_void *)d2i_DSAPrivateKey, + (d2i_of_void *)d2i_DSAPublicKey, + (d2i_of_void *)d2i_DSAparams, + (d2i_of_void *)d2i_DSA_PUBKEY, + (PEM_read_bio_of_void *)PEM_read_bio_DSAPrivateKey, + NULL, /* No PEM_write_bio_DSAPublicKey */ + (PEM_read_bio_of_void *)PEM_read_bio_DSAparams, + (PEM_read_bio_of_void *)PEM_read_bio_DSA_PUBKEY }, #endif #ifndef OPENSSL_NO_EC - { "EC", { "EC", "type-specific" }, EVP_PKEY_EC, - (i2d_of_void *)i2d_ECPrivateKey, - NULL, /* No i2d_ECPublicKey */ - (i2d_of_void *)i2d_ECParameters, - (i2d_of_void *)i2d_EC_PUBKEY, - (PEM_write_bio_of_void_protected *)PEM_write_bio_ECPrivateKey, - NULL, /* No PEM_write_bio_ECPublicKey */ - NULL, /* No PEM_write_bio_ECParameters */ - (PEM_write_bio_of_void_unprotected *)PEM_write_bio_EC_PUBKEY, - (d2i_of_void *)d2i_ECPrivateKey, - NULL, /* No d2i_ECPublicKey */ - (d2i_of_void *)d2i_ECParameters, - (d2i_of_void *)d2i_EC_PUBKEY, - (PEM_read_bio_of_void *)PEM_read_bio_ECPrivateKey, - NULL, /* No PEM_read_bio_ECPublicKey */ - NULL, /* No PEM_read_bio_ECParameters */ - (PEM_read_bio_of_void *)PEM_read_bio_EC_PUBKEY, }, + { + "EC", + { "EC", "type-specific" }, + EVP_PKEY_EC, + (i2d_of_void *)i2d_ECPrivateKey, + NULL, /* No i2d_ECPublicKey */ + (i2d_of_void *)i2d_ECParameters, + (i2d_of_void *)i2d_EC_PUBKEY, + (PEM_write_bio_of_void_protected *)PEM_write_bio_ECPrivateKey, + NULL, /* No PEM_write_bio_ECPublicKey */ + NULL, /* No PEM_write_bio_ECParameters */ + (PEM_write_bio_of_void_unprotected *)PEM_write_bio_EC_PUBKEY, + (d2i_of_void *)d2i_ECPrivateKey, + NULL, /* No d2i_ECPublicKey */ + (d2i_of_void *)d2i_ECParameters, + (d2i_of_void *)d2i_EC_PUBKEY, + (PEM_read_bio_of_void *)PEM_read_bio_ECPrivateKey, + NULL, /* No PEM_read_bio_ECPublicKey */ + NULL, /* No PEM_read_bio_ECParameters */ + (PEM_read_bio_of_void *)PEM_read_bio_EC_PUBKEY, + }, #endif { "RSA", { "RSA", "type-specific" }, EVP_PKEY_RSA, - (i2d_of_void *)i2d_RSAPrivateKey, - (i2d_of_void *)i2d_RSAPublicKey, - NULL, /* No i2d_RSAparams */ - (i2d_of_void *)i2d_RSA_PUBKEY, - (PEM_write_bio_of_void_protected *)PEM_write_bio_RSAPrivateKey, - (PEM_write_bio_of_void_unprotected *)PEM_write_bio_RSAPublicKey, - NULL, /* No PEM_write_bio_RSAparams */ - (PEM_write_bio_of_void_unprotected *)PEM_write_bio_RSA_PUBKEY, - (d2i_of_void *)d2i_RSAPrivateKey, - (d2i_of_void *)d2i_RSAPublicKey, - NULL, /* No d2i_RSAparams */ - (d2i_of_void *)d2i_RSA_PUBKEY, - (PEM_read_bio_of_void *)PEM_read_bio_RSAPrivateKey, - (PEM_read_bio_of_void *)PEM_read_bio_RSAPublicKey, - NULL, /* No PEM_read_bio_RSAparams */ - (PEM_read_bio_of_void *)PEM_read_bio_RSA_PUBKEY } + (i2d_of_void *)i2d_RSAPrivateKey, + (i2d_of_void *)i2d_RSAPublicKey, + NULL, /* No i2d_RSAparams */ + (i2d_of_void *)i2d_RSA_PUBKEY, + (PEM_write_bio_of_void_protected *)PEM_write_bio_RSAPrivateKey, + (PEM_write_bio_of_void_unprotected *)PEM_write_bio_RSAPublicKey, + NULL, /* No PEM_write_bio_RSAparams */ + (PEM_write_bio_of_void_unprotected *)PEM_write_bio_RSA_PUBKEY, + (d2i_of_void *)d2i_RSAPrivateKey, + (d2i_of_void *)d2i_RSAPublicKey, + NULL, /* No d2i_RSAparams */ + (d2i_of_void *)d2i_RSA_PUBKEY, + (PEM_read_bio_of_void *)PEM_read_bio_RSAPrivateKey, + (PEM_read_bio_of_void *)PEM_read_bio_RSAPublicKey, + NULL, /* No PEM_read_bio_RSAparams */ + (PEM_read_bio_of_void *)PEM_read_bio_RSA_PUBKEY } }; /* @@ -196,7 +200,7 @@ static const OSSL_PARAM DHX_params[] = { OSSL_PARAM_END }; #endif #ifndef OPENSSL_NO_DSA -static size_t qbits = 160; /* PVK only tolerates 160 Q bits */ +static size_t qbits = 160; /* PVK only tolerates 160 Q bits */ static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */ static const OSSL_PARAM DSA_params[] = { OSSL_PARAM_size_t("pbits", &pbits), @@ -236,13 +240,12 @@ }; static EVP_PKEY *make_key(const char *type, - const OSSL_PARAM *gen_template_params) + const OSSL_PARAM *gen_template_params) { EVP_PKEY *template = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; - OSSL_PARAM *gen_template_params_noconst = - (OSSL_PARAM *)gen_template_params; + OSSL_PARAM *gen_template_params_noconst = (OSSL_PARAM *)gen_template_params; if (gen_template_params != NULL && ((ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL)) == NULL @@ -257,16 +260,15 @@ * No real need to check the errors other than for the cascade * effect. |pkey| will simply remain NULL if something goes wrong. */ - ctx = - template != NULL + ctx = template != NULL ? EVP_PKEY_CTX_new(template, NULL) : EVP_PKEY_CTX_new_from_name(NULL, type, NULL); (void)(ctx != NULL - && EVP_PKEY_keygen_init(ctx) > 0 - && EVP_PKEY_keygen(ctx, &pkey) > 0); + && EVP_PKEY_keygen_init(ctx) > 0 + && EVP_PKEY_keygen(ctx, &pkey) > 0); - end: +end: EVP_PKEY_free(template); EVP_PKEY_CTX_free(ctx); return pkey; @@ -290,19 +292,19 @@ long len_legacy = BIO_get_mem_data(bio_legacy, &str_legacy); return TEST_long_ge(len_legacy, 0) - && TEST_long_ge(len_provided, 0) - && TEST_strn2_eq(str_provided, len_provided, - str_legacy, len_legacy); + && TEST_long_ge(len_provided, 0) + && TEST_strn2_eq(str_provided, len_provided, + str_legacy, len_legacy); } static int test_protected_PEM(const char *keytype, int evp_type, - const void *legacy_key, - PEM_write_bio_of_void_protected *pem_write_bio, - PEM_read_bio_of_void *pem_read_bio, - EVP_PKEY_eq_fn *evp_pkey_eq, - EVP_PKEY_print_fn *evp_pkey_print, - EVP_PKEY *provided_pkey, int selection, - const char *structure) + const void *legacy_key, + PEM_write_bio_of_void_protected *pem_write_bio, + PEM_read_bio_of_void *pem_read_bio, + EVP_PKEY_eq_fn *evp_pkey_eq, + EVP_PKEY_print_fn *evp_pkey_print, + EVP_PKEY *provided_pkey, int selection, + const char *structure) { int ok = 0; BIO *membio_legacy = NULL; @@ -318,13 +320,12 @@ || !TEST_ptr(membio_provided = BIO_new(BIO_s_mem()))) goto end; - if (!TEST_ptr(ectx = - OSSL_ENCODER_CTX_new_for_pkey(provided_pkey, selection, - "PEM", structure, - NULL)) + if (!TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(provided_pkey, selection, + "PEM", structure, + NULL)) || !TEST_true(OSSL_ENCODER_to_bio(ectx, membio_provided)) || !TEST_true(pem_write_bio(membio_legacy, legacy_key, - NULL, NULL, 0, NULL, NULL)) + NULL, NULL, 0, NULL, NULL)) || !test_membio_str_eq(membio_provided, membio_legacy)) goto end; @@ -332,20 +333,19 @@ /* Now try decoding the results and compare the resulting keys */ if (!TEST_ptr(decoded_legacy_pkey = EVP_PKEY_new()) - || !TEST_ptr(dctx = - OSSL_DECODER_CTX_new_for_pkey(&decoded_provided_pkey, - "PEM", structure, - keytype, selection, - NULL, NULL)) + || !TEST_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&decoded_provided_pkey, + "PEM", structure, + keytype, selection, + NULL, NULL)) || !TEST_true(OSSL_DECODER_from_bio(dctx, membio_provided)) - || !TEST_ptr(decoded_legacy_key = - pem_read_bio(membio_legacy, NULL, NULL, NULL)) + || !TEST_ptr(decoded_legacy_key = pem_read_bio(membio_legacy, NULL, NULL, NULL)) || !TEST_true(EVP_PKEY_assign(decoded_legacy_pkey, evp_type, - decoded_legacy_key))) + decoded_legacy_key))) goto end; if (!TEST_int_gt(evp_pkey_eq(decoded_provided_pkey, - decoded_legacy_pkey), 0)) { + decoded_legacy_pkey), + 0)) { TEST_info("decoded_provided_pkey:"); evp_pkey_print(bio_out, decoded_provided_pkey, 0, NULL); TEST_info("decoded_legacy_pkey:"); @@ -353,7 +353,7 @@ } } ok = 1; - end: +end: EVP_PKEY_free(decoded_legacy_pkey); EVP_PKEY_free(decoded_provided_pkey); OSSL_ENCODER_CTX_free(ectx); @@ -364,13 +364,13 @@ } static int test_unprotected_PEM(const char *keytype, int evp_type, - const void *legacy_key, - PEM_write_bio_of_void_unprotected *pem_write_bio, - PEM_read_bio_of_void *pem_read_bio, - EVP_PKEY_eq_fn *evp_pkey_eq, - EVP_PKEY_print_fn *evp_pkey_print, - EVP_PKEY *provided_pkey, int selection, - const char *structure) + const void *legacy_key, + PEM_write_bio_of_void_unprotected *pem_write_bio, + PEM_read_bio_of_void *pem_read_bio, + EVP_PKEY_eq_fn *evp_pkey_eq, + EVP_PKEY_print_fn *evp_pkey_print, + EVP_PKEY *provided_pkey, int selection, + const char *structure) { int ok = 0; BIO *membio_legacy = NULL; @@ -386,10 +386,9 @@ || !TEST_ptr(membio_provided = BIO_new(BIO_s_mem()))) goto end; - if (!TEST_ptr(ectx = - OSSL_ENCODER_CTX_new_for_pkey(provided_pkey, selection, - "PEM", structure, - NULL)) + if (!TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(provided_pkey, selection, + "PEM", structure, + NULL)) || !TEST_true(OSSL_ENCODER_to_bio(ectx, membio_provided)) || !TEST_true(pem_write_bio(membio_legacy, legacy_key)) || !test_membio_str_eq(membio_provided, membio_legacy)) @@ -399,20 +398,19 @@ /* Now try decoding the results and compare the resulting keys */ if (!TEST_ptr(decoded_legacy_pkey = EVP_PKEY_new()) - || !TEST_ptr(dctx = - OSSL_DECODER_CTX_new_for_pkey(&decoded_provided_pkey, - "PEM", structure, - keytype, selection, - NULL, NULL)) + || !TEST_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&decoded_provided_pkey, + "PEM", structure, + keytype, selection, + NULL, NULL)) || !TEST_true(OSSL_DECODER_from_bio(dctx, membio_provided)) - || !TEST_ptr(decoded_legacy_key = - pem_read_bio(membio_legacy, NULL, NULL, NULL)) + || !TEST_ptr(decoded_legacy_key = pem_read_bio(membio_legacy, NULL, NULL, NULL)) || !TEST_true(EVP_PKEY_assign(decoded_legacy_pkey, evp_type, - decoded_legacy_key))) + decoded_legacy_key))) goto end; if (!TEST_int_gt(evp_pkey_eq(decoded_provided_pkey, - decoded_legacy_pkey), 0)) { + decoded_legacy_pkey), + 0)) { TEST_info("decoded_provided_pkey:"); evp_pkey_print(bio_out, decoded_provided_pkey, 0, NULL); TEST_info("decoded_legacy_pkey:"); @@ -420,7 +418,7 @@ } } ok = 1; - end: +end: EVP_PKEY_free(decoded_legacy_pkey); EVP_PKEY_free(decoded_provided_pkey); OSSL_ENCODER_CTX_free(ectx); @@ -431,11 +429,11 @@ } static int test_DER(const char *keytype, int evp_type, - const void *legacy_key, i2d_of_void *i2d, d2i_of_void *d2i, - EVP_PKEY_eq_fn *evp_pkey_eq, - EVP_PKEY_print_fn *evp_pkey_print, - EVP_PKEY *provided_pkey, int selection, - const char *structure) + const void *legacy_key, i2d_of_void *i2d, d2i_of_void *d2i, + EVP_PKEY_eq_fn *evp_pkey_eq, + EVP_PKEY_print_fn *evp_pkey_print, + EVP_PKEY *provided_pkey, int selection, + const char *structure) { int ok = 0; unsigned char *der_legacy = NULL; @@ -451,39 +449,38 @@ EVP_PKEY *decoded_legacy_pkey = NULL; EVP_PKEY *decoded_provided_pkey = NULL; - if (!TEST_ptr(ectx = - OSSL_ENCODER_CTX_new_for_pkey(provided_pkey, selection, - "DER", structure, - NULL)) + if (!TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(provided_pkey, selection, + "DER", structure, + NULL)) || !TEST_true(OSSL_ENCODER_to_data(ectx, - &der_provided, &der_provided_len)) + &der_provided, &der_provided_len)) || !TEST_size_t_gt(der_legacy_len = i2d(legacy_key, &der_legacy), 0) || !TEST_mem_eq(der_provided, der_provided_len, - der_legacy, der_legacy_len)) + der_legacy, der_legacy_len)) goto end; if (d2i != NULL) { /* Now try decoding the results and compare the resulting keys */ if (!TEST_ptr(decoded_legacy_pkey = EVP_PKEY_new()) - || !TEST_ptr(dctx = - OSSL_DECODER_CTX_new_for_pkey(&decoded_provided_pkey, - "DER", structure, - keytype, selection, - NULL, NULL)) + || !TEST_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&decoded_provided_pkey, + "DER", structure, + keytype, selection, + NULL, NULL)) || !TEST_true((pder_provided = der_provided, - tmp_size = der_provided_len, - OSSL_DECODER_from_data(dctx, &pder_provided, - &tmp_size))) + tmp_size = der_provided_len, + OSSL_DECODER_from_data(dctx, &pder_provided, + &tmp_size))) || !TEST_ptr((pder_legacy = der_legacy, - decoded_legacy_key = d2i(NULL, &pder_legacy, - (long)der_legacy_len))) + decoded_legacy_key = d2i(NULL, &pder_legacy, + (long)der_legacy_len))) || !TEST_true(EVP_PKEY_assign(decoded_legacy_pkey, evp_type, - decoded_legacy_key))) + decoded_legacy_key))) goto end; if (!TEST_int_gt(evp_pkey_eq(decoded_provided_pkey, - decoded_legacy_pkey), 0)) { + decoded_legacy_pkey), + 0)) { TEST_info("decoded_provided_pkey:"); evp_pkey_print(bio_out, decoded_provided_pkey, 0, NULL); TEST_info("decoded_legacy_pkey:"); @@ -491,7 +488,7 @@ } } ok = 1; - end: +end: EVP_PKEY_free(decoded_legacy_pkey); EVP_PKEY_free(decoded_provided_pkey); OSSL_ENCODER_CTX_free(ectx); @@ -533,32 +530,31 @@ const char *structure = test_stanza->structure[i]; TEST_info("Test OSSL_ENCODER against PEM_write_bio_{TYPE}PrivateKey for %s, %s", - test_stanza->keytype, structure); + test_stanza->keytype, structure); if (!test_protected_PEM(key->keytype, key->evp_type, legacy_obj, - test_stanza->pem_write_bio_PrivateKey, - test_stanza->pem_read_bio_PrivateKey, - EVP_PKEY_eq, EVP_PKEY_print_private, - pkey, selection, structure)) + test_stanza->pem_write_bio_PrivateKey, + test_stanza->pem_read_bio_PrivateKey, + EVP_PKEY_eq, EVP_PKEY_print_private, + pkey, selection, structure)) ok = 0; } } /* Test PublicKey to PEM */ if (test_stanza->pem_write_bio_PublicKey != NULL) { - int selection = - OSSL_KEYMGMT_SELECT_PUBLIC_KEY + int selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; for (i = 0; i < OSSL_NELEM(test_stanza->structure); i++) { const char *structure = test_stanza->structure[i]; TEST_info("Test OSSL_ENCODER against PEM_write_bio_{TYPE}PublicKey for %s, %s", - test_stanza->keytype, structure); + test_stanza->keytype, structure); if (!test_unprotected_PEM(key->keytype, key->evp_type, legacy_obj, - test_stanza->pem_write_bio_PublicKey, - test_stanza->pem_read_bio_PublicKey, - EVP_PKEY_eq, EVP_PKEY_print_public, - pkey, selection, structure)) + test_stanza->pem_write_bio_PublicKey, + test_stanza->pem_read_bio_PublicKey, + EVP_PKEY_eq, EVP_PKEY_print_public, + pkey, selection, structure)) ok = 0; } } @@ -571,35 +567,33 @@ const char *structure = test_stanza->structure[i]; TEST_info("Test OSSL_ENCODER against PEM_write_bio_{TYPE}params for %s, %s", - test_stanza->keytype, structure); + test_stanza->keytype, structure); if (!test_unprotected_PEM(key->keytype, key->evp_type, legacy_obj, - test_stanza->pem_write_bio_params, - test_stanza->pem_read_bio_params, - EVP_PKEY_parameters_eq, - EVP_PKEY_print_params, - pkey, selection, structure)) + test_stanza->pem_write_bio_params, + test_stanza->pem_read_bio_params, + EVP_PKEY_parameters_eq, + EVP_PKEY_print_params, + pkey, selection, structure)) ok = 0; } } /* Test PUBKEY to PEM */ if (test_stanza->pem_write_bio_PUBKEY != NULL) { - int selection = - OSSL_KEYMGMT_SELECT_PUBLIC_KEY + int selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; const char *structure = "SubjectPublicKeyInfo"; TEST_info("Test OSSL_ENCODER against PEM_write_bio_{TYPE}_PUBKEY for %s, %s", - test_stanza->keytype, structure); + test_stanza->keytype, structure); if (!test_unprotected_PEM(key->keytype, key->evp_type, legacy_obj, - test_stanza->pem_write_bio_PUBKEY, - test_stanza->pem_read_bio_PUBKEY, - EVP_PKEY_eq, EVP_PKEY_print_public, - pkey, selection, structure)) + test_stanza->pem_write_bio_PUBKEY, + test_stanza->pem_read_bio_PUBKEY, + EVP_PKEY_eq, EVP_PKEY_print_public, + pkey, selection, structure)) ok = 0; } - /* Test PrivateKey to DER */ if (test_stanza->i2d_PrivateKey != NULL) { int selection = OSSL_KEYMGMT_SELECT_ALL; @@ -608,32 +602,31 @@ const char *structure = test_stanza->structure[i]; TEST_info("Test OSSL_ENCODER against i2d_{TYPE}PrivateKey for %s, %s", - test_stanza->keytype, structure); + test_stanza->keytype, structure); if (!test_DER(key->keytype, key->evp_type, legacy_obj, - test_stanza->i2d_PrivateKey, - test_stanza->d2i_PrivateKey, - EVP_PKEY_eq, EVP_PKEY_print_private, - pkey, selection, structure)) + test_stanza->i2d_PrivateKey, + test_stanza->d2i_PrivateKey, + EVP_PKEY_eq, EVP_PKEY_print_private, + pkey, selection, structure)) ok = 0; } } /* Test PublicKey to DER */ if (test_stanza->i2d_PublicKey != NULL) { - int selection = - OSSL_KEYMGMT_SELECT_PUBLIC_KEY + int selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; for (i = 0; i < OSSL_NELEM(test_stanza->structure); i++) { const char *structure = test_stanza->structure[i]; TEST_info("Test OSSL_ENCODER against i2d_{TYPE}PublicKey for %s, %s", - test_stanza->keytype, structure); + test_stanza->keytype, structure); if (!test_DER(key->keytype, key->evp_type, legacy_obj, - test_stanza->i2d_PublicKey, - test_stanza->d2i_PublicKey, - EVP_PKEY_eq, EVP_PKEY_print_public, - pkey, selection, structure)) + test_stanza->i2d_PublicKey, + test_stanza->d2i_PublicKey, + EVP_PKEY_eq, EVP_PKEY_print_public, + pkey, selection, structure)) ok = 0; } } @@ -646,31 +639,30 @@ const char *structure = test_stanza->structure[i]; TEST_info("Test OSSL_ENCODER against i2d_{TYPE}params for %s, %s", - test_stanza->keytype, structure); + test_stanza->keytype, structure); if (!test_DER(key->keytype, key->evp_type, legacy_obj, - test_stanza->i2d_params, test_stanza->d2i_params, - EVP_PKEY_parameters_eq, EVP_PKEY_print_params, - pkey, selection, structure)) + test_stanza->i2d_params, test_stanza->d2i_params, + EVP_PKEY_parameters_eq, EVP_PKEY_print_params, + pkey, selection, structure)) ok = 0; } } /* Test PUBKEY to DER */ if (test_stanza->i2d_PUBKEY != NULL) { - int selection = - OSSL_KEYMGMT_SELECT_PUBLIC_KEY + int selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; const char *structure = "SubjectPublicKeyInfo"; TEST_info("Test OSSL_ENCODER against i2d_{TYPE}_PUBKEY for %s, %s", - test_stanza->keytype, structure); + test_stanza->keytype, structure); if (!test_DER(key->keytype, key->evp_type, legacy_obj, - test_stanza->i2d_PUBKEY, test_stanza->d2i_PUBKEY, - EVP_PKEY_eq, EVP_PKEY_print_public, - pkey, selection, structure)) + test_stanza->i2d_PUBKEY, test_stanza->d2i_PUBKEY, + EVP_PKEY_eq, EVP_PKEY_print_public, + pkey, selection, structure)) ok = 0; } - end: +end: EVP_PKEY_free(downgraded_pkey); return ok; } @@ -696,23 +688,20 @@ for (i = 0; i < OSSL_NELEM(keys); i++) { #ifndef OPENSSL_NO_DH if (strcmp(keys[i].keytype, "DH") == 0) { - if (!TEST_ptr(keys[i].key = - load_pkey_pem(test_get_argument(1), NULL))) - return 0; + if (!TEST_ptr(keys[i].key = load_pkey_pem(test_get_argument(1), NULL))) + return 0; continue; } #endif #ifndef OPENSSL_NO_DEPRECATED_3_0 if (strcmp(keys[i].keytype, "RSA") == 0) { - if (!TEST_ptr(keys[i].key = - load_pkey_pem(test_get_argument(0), NULL))) - return 0; + if (!TEST_ptr(keys[i].key = load_pkey_pem(test_get_argument(0), NULL))) + return 0; continue; } #endif TEST_info("Generating %s key...", keys[i].keytype); - if (!TEST_ptr(keys[i].key = - make_key(keys[i].keytype, keys[i].template_params))) + if (!TEST_ptr(keys[i].key = make_key(keys[i].keytype, keys[i].template_params))) return 0; } --- crypto/openssl/test/enginetest.c.orig +++ crypto/openssl/test/enginetest.c @@ -15,16 +15,16 @@ #include #include -# include "testutil.h" +#include "testutil.h" #ifndef OPENSSL_NO_ENGINE -# include -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include +#include +#include static void display_engine_list(void) { @@ -34,7 +34,7 @@ loop = 0; for (h = ENGINE_get_first(); h != NULL; h = ENGINE_get_next(h)) { TEST_info("#%d: id = \"%s\", name = \"%s\"", - loop++, ENGINE_get_id(h), ENGINE_get_name(h)); + loop++, ENGINE_get_id(h), ENGINE_get_name(h)); } /* @@ -62,17 +62,17 @@ memset(block, 0, sizeof(block)); if (!TEST_ptr(new_h1 = ENGINE_new()) - || !TEST_true(ENGINE_set_id(new_h1, "test_id0")) - || !TEST_true(ENGINE_set_name(new_h1, "First test item")) - || !TEST_ptr(new_h2 = ENGINE_new()) - || !TEST_true(ENGINE_set_id(new_h2, "test_id1")) - || !TEST_true(ENGINE_set_name(new_h2, "Second test item")) - || !TEST_ptr(new_h3 = ENGINE_new()) - || !TEST_true(ENGINE_set_id(new_h3, "test_id2")) - || !TEST_true(ENGINE_set_name(new_h3, "Third test item")) - || !TEST_ptr(new_h4 = ENGINE_new()) - || !TEST_true(ENGINE_set_id(new_h4, "test_id3")) - || !TEST_true(ENGINE_set_name(new_h4, "Fourth test item"))) + || !TEST_true(ENGINE_set_id(new_h1, "test_id0")) + || !TEST_true(ENGINE_set_name(new_h1, "First test item")) + || !TEST_ptr(new_h2 = ENGINE_new()) + || !TEST_true(ENGINE_set_id(new_h2, "test_id1")) + || !TEST_true(ENGINE_set_name(new_h2, "Second test item")) + || !TEST_ptr(new_h3 = ENGINE_new()) + || !TEST_true(ENGINE_set_id(new_h3, "test_id2")) + || !TEST_true(ENGINE_set_name(new_h3, "Third test item")) + || !TEST_ptr(new_h4 = ENGINE_new()) + || !TEST_true(ENGINE_set_id(new_h4, "test_id3")) + || !TEST_true(ENGINE_set_name(new_h4, "Fourth test item"))) goto end; TEST_info("Engines:"); display_engine_list(); @@ -90,7 +90,7 @@ display_engine_list(); if (!TEST_true(ENGINE_add(new_h3)) - || !TEST_true(ENGINE_add(new_h2))) + || !TEST_true(ENGINE_add(new_h2))) goto end; TEST_info("Engines:"); display_engine_list(); @@ -142,7 +142,7 @@ display_engine_list(); if (!TEST_true(ENGINE_add(new_h1)) - || !TEST_true(ENGINE_remove(new_h1))) + || !TEST_true(ENGINE_remove(new_h1))) goto end; TEST_info("About to beef up the engine-type list"); @@ -152,19 +152,19 @@ BIO_snprintf(buf, sizeof(buf), "Fake engine type %d", loop); ename[loop] = OPENSSL_strdup(buf); if (!TEST_ptr(block[loop] = ENGINE_new()) - || !TEST_true(ENGINE_set_id(block[loop], eid[loop])) - || !TEST_true(ENGINE_set_name(block[loop], ename[loop]))) + || !TEST_true(ENGINE_set_id(block[loop], eid[loop])) + || !TEST_true(ENGINE_set_name(block[loop], ename[loop]))) goto end; } for (loop = 0; loop < NUMTOADD; loop++) { if (!TEST_true(ENGINE_add(block[loop]))) { test_note("Adding stopped at %d, (%s,%s)", - loop, ENGINE_get_id(block[loop]), - ENGINE_get_name(block[loop])); + loop, ENGINE_get_id(block[loop]), + ENGINE_get_name(block[loop])); goto cleanup_loop; } } - cleanup_loop: +cleanup_loop: TEST_info("About to empty the engine-type list"); while ((ptr = ENGINE_get_first()) != NULL) { if (!TEST_true(ENGINE_remove(ptr))) @@ -177,7 +177,7 @@ } to_return = 1; - end: +end: ENGINE_free(new_h1); ENGINE_free(new_h2); ENGINE_free(new_h3); @@ -194,14 +194,14 @@ /* Test function to check operation has been redirected */ static int test_encrypt(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, size_t tbslen) + size_t *siglen, const unsigned char *tbs, size_t tbslen) { called_encrypt = 1; return 1; } static int test_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **pnids, int nid) + const int **pnids, int nid) { static const int rnid = EVP_PKEY_RSA; if (pmeth == NULL) { @@ -222,12 +222,11 @@ static EVP_PKEY *get_test_pkey(void) { - static unsigned char n[] = - "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" - "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" - "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" - "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" - "\xF5"; + static unsigned char n[] = "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; static unsigned char e[] = "\x11"; RSA *rsa = RSA_new(); @@ -239,8 +238,8 @@ return NULL; } - if (!RSA_set0_key(rsa, BN_bin2bn(n, sizeof(n)-1, NULL), - BN_bin2bn(e, sizeof(e)-1, NULL), NULL)) { + if (!RSA_set0_key(rsa, BN_bin2bn(n, sizeof(n) - 1, NULL), + BN_bin2bn(e, sizeof(e) - 1, NULL), NULL)) { EVP_PKEY_free(pk); return NULL; } @@ -271,16 +270,16 @@ TEST_info("EVP_PKEY_encrypt test: no redirection"); /* Encrypt some data: should succeed but not be redirected */ if (!TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) - || !TEST_false(called_encrypt)) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_false(called_encrypt)) goto err; EVP_PKEY_CTX_free(ctx); ctx = NULL; /* Create a test ENGINE */ if (!TEST_ptr(e = ENGINE_new()) - || !TEST_true(ENGINE_set_id(e, "Test redirect engine")) - || !TEST_true(ENGINE_set_name(e, "Test redirect engine"))) + || !TEST_true(ENGINE_set_id(e, "Test redirect engine")) + || !TEST_true(ENGINE_set_name(e, "Test redirect engine"))) goto err; /* @@ -289,7 +288,7 @@ * engine has no public key methods. */ if (!TEST_ptr_null(ctx = EVP_PKEY_CTX_new(pkey, e)) - || !TEST_int_le(EVP_PKEY_set1_engine(pkey, e), 0)) + || !TEST_int_le(EVP_PKEY_set1_engine(pkey, e), 0)) goto err; /* Setup an empty test EVP_PKEY_METHOD and set callback to return it */ @@ -314,8 +313,8 @@ goto err; /* Encrypt some data: should succeed and be redirected */ if (!TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) - || !TEST_true(called_encrypt)) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_true(called_encrypt)) goto err; EVP_PKEY_CTX_free(ctx); @@ -324,9 +323,9 @@ /* Create context with default engine: should not be redirected */ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)) - || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) - || !TEST_false(called_encrypt)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_false(called_encrypt)) goto err; EVP_PKEY_CTX_free(ctx); @@ -340,14 +339,14 @@ /* Create context with default engine: should be redirected now */ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)) - || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) - || !TEST_true(called_encrypt)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_true(called_encrypt)) goto err; to_return = 1; - err: +err: EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); ENGINE_free(e); @@ -388,8 +387,8 @@ /* Create a test ENGINE */ if (!TEST_ptr(e = ENGINE_new()) - || !TEST_true(ENGINE_set_id(e, "Test dummy engine")) - || !TEST_true(ENGINE_set_name(e, "Test dummy engine"))) + || !TEST_true(ENGINE_set_id(e, "Test dummy engine")) + || !TEST_true(ENGINE_set_name(e, "Test dummy engine"))) goto err; if (!TEST_ptr(rsameth = RSA_meth_dup(RSA_get_default_method()))) @@ -416,7 +415,7 @@ ret = 1; - err: +err: X509_free(cert); X509_free(dupcert); X509_PUBKEY_free(duppubkey); --- crypto/openssl/test/errtest.c.orig +++ crypto/openssl/test/errtest.c @@ -15,13 +15,13 @@ #include "testutil.h" #if defined(OPENSSL_SYS_WINDOWS) -# include +#include #else -# include +#include #endif #ifndef OPENSSL_NO_DEPRECATED_3_0 -# define IS_HEX(ch) ((ch >= '0' && ch <='9') || (ch >= 'A' && ch <='F')) +#define IS_HEX(ch) ((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'F')) static int test_print_error_format(void) { @@ -29,16 +29,16 @@ char *lib; const char *func = OPENSSL_FUNC; char *reason; -# ifdef OPENSSL_NO_ERR +#ifdef OPENSSL_NO_ERR char reasonbuf[255]; -# endif -# ifndef OPENSSL_NO_FILENAMES +#endif +#ifndef OPENSSL_NO_FILENAMES const char *file = OPENSSL_FILE; const int line = OPENSSL_LINE; -# else +#else const char *file = ""; const int line = 0; -# endif +#endif /* The format for OpenSSL error lines */ const char *expected_format = ":error:%08lX:%s:%s:%s:%s:%d"; /*- @@ -74,21 +74,21 @@ goto err; } -# if !defined(OPENSSL_NO_ERR) -# if defined(OPENSSL_NO_AUTOERRINIT) +#if !defined(OPENSSL_NO_ERR) +#if defined(OPENSSL_NO_AUTOERRINIT) lib = "lib(2)"; -# else +#else lib = "system library"; -# endif +#endif reason = strerror(syserr); -# else +#else lib = "lib(2)"; BIO_snprintf(reasonbuf, sizeof(reasonbuf), "reason(%lu)", reasoncode); reason = reasonbuf; -# endif +#endif BIO_snprintf(expected, sizeof(expected), expected_format, - errorcode, lib, func, reason, file, line); + errorcode, lib, func, reason, file, line); if (!TEST_ptr(bio = BIO_new(BIO_s_mem()))) goto err; @@ -141,30 +141,21 @@ static int raised_error(void) { - const char *f, *data; - int l; + int l, start_line = -1, end_line = -1; + const char *f, *data, *file = NULL; unsigned long e; - /* - * When OPENSSL_NO_ERR or OPENSSL_NO_FILENAMES, no file name or line - * number is saved, so no point checking them. - */ -#if !defined(OPENSSL_NO_FILENAMES) && !defined(OPENSSL_NO_ERR) - const char *file; - int line; - file = __FILE__; - line = __LINE__ + 2; /* The error is generated on the ERR_raise_data line */ -#endif + + start_line = __LINE__ + 1; ERR_raise_data(ERR_LIB_NONE, ERR_R_INTERNAL_ERROR, - "calling exit()"); + "calling exit()"); + end_line = __LINE__ - 1; if (!TEST_ulong_ne(e = ERR_get_error_all(&f, &l, NULL, &data, NULL), 0) - || !TEST_int_eq(ERR_GET_REASON(e), ERR_R_INTERNAL_ERROR) -#if !defined(OPENSSL_NO_FILENAMES) && !defined(OPENSSL_NO_ERR) - || !TEST_int_eq(l, line) - || !TEST_str_eq(f, file) -#endif - || !TEST_str_eq(data, "calling exit()")) + || !TEST_int_eq(ERR_GET_REASON(e), ERR_R_INTERNAL_ERROR) + || (l > 0 && !(TEST_int_eq(l, start_line) || TEST_int_eq(l, end_line))) + || (strlen(f) != 0 && !TEST_str_eq(f, file)) + || !TEST_str_eq(data, "calling exit()")) return 0; return 1; } @@ -181,11 +172,11 @@ /* Setting and clearing a mark should not affect the error */ if (!TEST_true(ERR_set_mark()) - || !TEST_true(ERR_pop_to_mark()) - || !TEST_ulong_eq(mallocfail, ERR_peek_last_error()) - || !TEST_true(ERR_set_mark()) - || !TEST_true(ERR_clear_last_mark()) - || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) + || !TEST_true(ERR_pop_to_mark()) + || !TEST_ulong_eq(mallocfail, ERR_peek_last_error()) + || !TEST_true(ERR_set_mark()) + || !TEST_true(ERR_clear_last_mark()) + || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) return 0; /* Test popping errors */ @@ -193,19 +184,19 @@ return 0; ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); if (!TEST_ulong_ne(mallocfail, ERR_peek_last_error()) - || !TEST_true(ERR_pop_to_mark()) - || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) + || !TEST_true(ERR_pop_to_mark()) + || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) return 0; /* Nested marks should also work */ if (!TEST_true(ERR_set_mark()) - || !TEST_true(ERR_set_mark())) + || !TEST_true(ERR_set_mark())) return 0; ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); if (!TEST_ulong_ne(mallocfail, ERR_peek_last_error()) - || !TEST_true(ERR_pop_to_mark()) - || !TEST_true(ERR_pop_to_mark()) - || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) + || !TEST_true(ERR_pop_to_mark()) + || !TEST_true(ERR_pop_to_mark()) + || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) return 0; if (!TEST_true(ERR_set_mark())) @@ -213,14 +204,14 @@ ERR_raise(ERR_LIB_CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); shouldnot = ERR_peek_last_error(); if (!TEST_ulong_ne(mallocfail, shouldnot) - || !TEST_true(ERR_set_mark())) + || !TEST_true(ERR_set_mark())) return 0; ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); if (!TEST_ulong_ne(shouldnot, ERR_peek_last_error()) - || !TEST_true(ERR_pop_to_mark()) - || !TEST_ulong_eq(shouldnot, ERR_peek_last_error()) - || !TEST_true(ERR_pop_to_mark()) - || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) + || !TEST_true(ERR_pop_to_mark()) + || !TEST_ulong_eq(shouldnot, ERR_peek_last_error()) + || !TEST_true(ERR_pop_to_mark()) + || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) return 0; /* Setting and clearing a mark should not affect the errors on the stack */ @@ -228,7 +219,7 @@ return 0; ERR_raise(ERR_LIB_CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); if (!TEST_true(ERR_clear_last_mark()) - || !TEST_ulong_eq(shouldnot, ERR_peek_last_error())) + || !TEST_ulong_eq(shouldnot, ERR_peek_last_error())) return 0; /* @@ -236,15 +227,15 @@ * a failure result */ if (!TEST_false(ERR_pop_to_mark()) - || !TEST_ulong_eq(0, ERR_peek_last_error())) + || !TEST_ulong_eq(0, ERR_peek_last_error())) return 0; /* Clearing where there is no mark should fail */ ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); if (!TEST_false(ERR_clear_last_mark()) - /* "get" the last error to remove it */ - || !TEST_ulong_eq(mallocfail, ERR_get_error()) - || !TEST_ulong_eq(0, ERR_peek_last_error())) + /* "get" the last error to remove it */ + || !TEST_ulong_eq(mallocfail, ERR_get_error()) + || !TEST_ulong_eq(0, ERR_peek_last_error())) return 0; /* @@ -268,7 +259,7 @@ /* Should be able to "pop" past 2 errors */ if (!TEST_true(ERR_pop_to_mark()) - || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) + || !TEST_ulong_eq(mallocfail, ERR_peek_last_error())) return 0; if (!TEST_true(ERR_set_mark())) @@ -278,7 +269,7 @@ /* Should be able to "clear" past 2 errors */ if (!TEST_true(ERR_clear_last_mark()) - || !TEST_ulong_eq(shouldnot, ERR_peek_last_error())) + || !TEST_ulong_eq(shouldnot, ERR_peek_last_error())) return 0; /* Clear remaining errors from last test */ @@ -297,7 +288,7 @@ ERR_raise_data(0, 0, "hello %s", "world"); ERR_peek_error_data(&data, &flags); if (!TEST_str_eq(data, "hello world") - || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) goto err; ERR_clear_error(); @@ -305,7 +296,7 @@ ERR_raise(0, 0); ERR_peek_error_data(&data, &flags); if (!TEST_str_eq(data, "") - || !TEST_int_eq(flags, ERR_TXT_MALLOCED)) + || !TEST_int_eq(flags, ERR_TXT_MALLOCED)) goto err; ERR_clear_error(); @@ -313,7 +304,7 @@ ERR_raise_data(0, 0, "goodbye %s world", "cruel"); ERR_peek_error_data(&data, &flags); if (!TEST_str_eq(data, "goodbye cruel world") - || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) goto err; ERR_clear_error(); @@ -324,13 +315,13 @@ ERR_raise(0, 0); ERR_peek_error_data(&data, &flags); if (!TEST_str_eq(data, "") - || !TEST_int_eq(flags, ERR_TXT_MALLOCED)) + || !TEST_int_eq(flags, ERR_TXT_MALLOCED)) goto err; ERR_clear_error(); res = 1; - err: - ERR_clear_error(); +err: + ERR_clear_error(); return res; } --- crypto/openssl/test/evp_extra_test.c.orig +++ crypto/openssl/test/evp_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -103,11 +103,11 @@ 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, - 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, + 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf }; /* -* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you + * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you * should never use this key anywhere but in an example. */ #ifndef OPENSSL_NO_DSA @@ -246,7 +246,7 @@ 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, - 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, + 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce }; /* @@ -272,7 +272,7 @@ 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, - 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, + 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42 }; /* @@ -332,7 +332,7 @@ 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, - 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf }; #ifndef OPENSSL_NO_EC @@ -351,7 +351,7 @@ 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, - 0xc1, + 0xc1 }; /* @@ -415,19 +415,19 @@ 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 }; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 static const unsigned char kExampleX25519KeyDER[] = { 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e }; -# endif +#endif #endif /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ #ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH static const unsigned char kExampleDHKeyDER[] = { 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, @@ -455,7 +455,7 @@ 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 0x2e, 0x87, 0x2a, 0x0b, 0x7a }; -# endif +#endif #endif static const unsigned char kCFBDefaultKey[] = { @@ -492,7 +492,7 @@ }; static const unsigned char cfbPlaintext_partial[] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, - 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96 }; static const unsigned char gcmDefaultPlaintext[16] = { 0 }; @@ -573,42 +573,41 @@ } APK_DATA; static APK_DATA keydata[] = { - {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA}, - {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA}, + { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA }, + { kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA }, #ifndef OPENSSL_NO_EC - {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC} + { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC } #endif }; static APK_DATA keycheckdata[] = { - {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, - 0}, - {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, - 0, 1, 1, 0}, - {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, - 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0}, + { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, + 0 }, + { kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, + 0, 1, 1, 0 }, + { kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, + 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0 }, #ifndef OPENSSL_NO_EC - {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0}, + { kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0 }, /* group is also associated in our pub key */ - {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, - 1, 1}, - {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, - 2}, - {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", - EVP_PKEY_ED25519, 1, 1, 1, 0}, - {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", - EVP_PKEY_ED25519, 0, 1, 1, 1}, + { kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, + 1, 1 }, + { pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, + 2 }, + { kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", + EVP_PKEY_ED25519, 1, 1, 1, 0 }, + { kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", + EVP_PKEY_ED25519, 0, 1, 1, 1 }, #endif }; static EVP_PKEY *load_example_key(const char *keytype, - const unsigned char *data, size_t data_len) + const unsigned char *data, size_t data_len) { const unsigned char **pdata = &data; EVP_PKEY *pkey = NULL; - OSSL_DECODER_CTX *dctx = - OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, - testctx, testpropq); + OSSL_DECODER_CTX *dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, + testctx, testpropq); /* |pkey| will be NULL on error */ (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); @@ -619,14 +618,14 @@ static EVP_PKEY *load_example_rsa_key(void) { return load_example_key("RSA", kExampleRSAKeyDER, - sizeof(kExampleRSAKeyDER)); + sizeof(kExampleRSAKeyDER)); } #ifndef OPENSSL_NO_DSA static EVP_PKEY *load_example_dsa_key(void) { return load_example_key("DSA", kExampleDSAKeyDER, - sizeof(kExampleDSAKeyDER)); + sizeof(kExampleDSAKeyDER)); } #endif @@ -634,32 +633,58 @@ static EVP_PKEY *load_example_ec_key(void) { return load_example_key("EC", kExampleECKeyDER, - sizeof(kExampleECKeyDER)); + sizeof(kExampleECKeyDER)); } #endif #ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_DH + +static EVP_PKEY *make_bad_rsa_pubkey(void) +{ + RSA *rsa = NULL; + BIGNUM *n = NULL, *e = NULL; + EVP_PKEY *pkey = NULL; + + /* Deliberately invalid public key: n = 17, e = 17 */ + if (!TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_ptr(rsa = RSA_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_true(BN_set_word(n, 17)) + || !TEST_true(BN_set_word(e, 17)) + || !TEST_true(RSA_set0_key(rsa, n, e, NULL)) + || !EVP_PKEY_assign_RSA(pkey, rsa)) + goto err; + + return pkey; +err: + BN_free(n); + BN_free(e); + RSA_free(rsa); + return NULL; +} + +#ifndef OPENSSL_NO_DH static EVP_PKEY *load_example_dh_key(void) { return load_example_key("DH", kExampleDHKeyDER, - sizeof(kExampleDHKeyDER)); + sizeof(kExampleDHKeyDER)); } -# endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC static EVP_PKEY *load_example_ed25519_key(void) { return load_example_key("ED25519", kExampleED25519KeyDER, - sizeof(kExampleED25519KeyDER)); + sizeof(kExampleED25519KeyDER)); } static EVP_PKEY *load_example_x25519_key(void) { return load_example_key("X25519", kExampleX25519KeyDER, - sizeof(kExampleX25519KeyDER)); + sizeof(kExampleX25519KeyDER)); } -# endif +#endif #endif /* OPENSSL_NO_DEPRECATED_3_0 */ static EVP_PKEY *load_example_hmac_key(void) @@ -672,7 +697,7 @@ }; pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", - NULL, key, sizeof(key)); + NULL, key, sizeof(key)); if (!TEST_ptr(pkey)) return NULL; @@ -686,20 +711,20 @@ int res = 0; if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) - || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) + || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) goto err; EVP_MD_free(md); md = NULL; if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang")) - || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) - || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) + || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) + || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) goto err; EVP_MD_free(md); md = NULL; if (!TEST_true(EVP_set_default_properties(ctx, NULL)) - || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) + || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) goto err; res = 1; err: @@ -716,9 +741,12 @@ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) goto err; - if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) + /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */ + if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0) + || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, - params), 0)) + params), + 0)) goto err; if (!TEST_ptr(tmp_pkey)) @@ -726,7 +754,7 @@ pkey = tmp_pkey; tmp_pkey = NULL; - err: +err: EVP_PKEY_free(tmp_pkey); EVP_PKEY_CTX_free(pctx); return pkey; @@ -747,7 +775,7 @@ goto err; } ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, - testctx, NULL); + testctx, NULL); if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (!TEST_true(ret)) goto err; @@ -757,7 +785,7 @@ } testresult = 1; - err: +err: BIO_free(bio); return testresult; @@ -816,7 +844,7 @@ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, - priv))) + priv))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) @@ -837,7 +865,7 @@ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, - pub))) + pub))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) @@ -858,9 +886,9 @@ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, - pub)) + pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, - priv))) + priv))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) @@ -870,7 +898,7 @@ goto err; ret = 1; - err: +err: OSSL_PARAM_free(params); OSSL_PARAM_BLD_free(bld); EVP_PKEY_free(just_params); @@ -930,8 +958,8 @@ /* Test !priv and !pub */ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_GROUP_NAME, - "P-256", 0))) + OSSL_PKEY_PARAM_GROUP_NAME, + "P-256", 0))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(just_params = make_key_fromdata("EC", params))) @@ -949,10 +977,10 @@ /* Test priv and !pub */ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_GROUP_NAME, - "P-256", 0)) + OSSL_PKEY_PARAM_GROUP_NAME, + "P-256", 0)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, - priv))) + priv))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) @@ -976,11 +1004,11 @@ /* Test !priv and pub */ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_GROUP_NAME, - "P-256", 0)) + OSSL_PKEY_PARAM_GROUP_NAME, + "P-256", 0)) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_PUB_KEY, - ec_pub, sizeof(ec_pub)))) + OSSL_PKEY_PARAM_PUB_KEY, + ec_pub, sizeof(ec_pub)))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) @@ -998,13 +1026,13 @@ /* Test priv and pub */ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_GROUP_NAME, - "P-256", 0)) + OSSL_PKEY_PARAM_GROUP_NAME, + "P-256", 0)) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_PUB_KEY, - ec_pub, sizeof(ec_pub))) + OSSL_PKEY_PARAM_PUB_KEY, + ec_pub, sizeof(ec_pub))) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, - priv))) + priv))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) @@ -1016,11 +1044,11 @@ /* Try key equality */ if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), - 0) + 0) || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), - 0) + 0) || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), - 0) + 0) || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) @@ -1040,26 +1068,29 @@ /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - buffer, sizeof(buffer), &len), 1) + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + buffer, sizeof(buffer), &len), + 1) || !TEST_int_eq(len, 65)) goto err; len = 0; if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - NULL, 0, &len), 1) + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + NULL, 0, &len), + 1) || !TEST_int_eq(len, 65)) goto err; /* too-short buffer len*/ if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - buffer, 10, &len), 0)) + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + buffer, 10, &len), + 0)) goto err; ret = 1; - err: +err: OSSL_PARAM_free(params); OSSL_PARAM_BLD_free(bld); EVP_PKEY_free(just_params); @@ -1072,7 +1103,7 @@ } /* Test that using a legacy EC key with only a private key in it works */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 static int test_EC_priv_only_legacy(void) { BIGNUM *priv = NULL; @@ -1111,7 +1142,7 @@ * provider side which is sufficient for this test. */ if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, - testpropq, pkey, NULL))) + testpropq, pkey, NULL))) goto err; EVP_MD_CTX_free(ctx); ctx = NULL; @@ -1130,7 +1161,7 @@ } ret = 1; - err: +err: EVP_MD_CTX_free(ctx); EVP_PKEY_free(pkey); EC_KEY_free(eckey); @@ -1138,7 +1169,7 @@ return ret; } -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ #endif /* OPENSSL_NO_EC */ static int test_EVP_PKEY_sign(int tst) @@ -1153,7 +1184,7 @@ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }; - if (tst == 0 ) { + if (tst == 0) { if (!TEST_ptr(pkey = load_example_rsa_key())) goto out; } else if (tst == 1) { @@ -1176,25 +1207,27 @@ ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); if (!TEST_ptr(ctx) - || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, - sizeof(tbs)), 0)) + || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, + sizeof(tbs)), + 0)) goto out; sig = OPENSSL_malloc(sig_len); if (!TEST_ptr(sig) - /* Test sending a signature buffer that is too short is rejected */ - || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, - sizeof(tbs)), 0) - || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), - 0) - /* Test the signature round-trips */ - || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), - 0)) + /* Test sending a signature buffer that is too short is rejected */ + || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, + sizeof(tbs)), + 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), + 0) + /* Test the signature round-trips */ + || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), + 0)) goto out; ret = 1; - out: +out: EVP_PKEY_CTX_free(ctx); OPENSSL_free(sig); EVP_PKEY_free(pkey); @@ -1234,7 +1267,7 @@ } else { #ifndef OPENSSL_NO_DSA if (!TEST_ptr(pkey = load_example_dsa_key())) - goto out; + goto out; if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) goto out; @@ -1251,25 +1284,27 @@ ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); if (!TEST_ptr(ctx) - || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, - sizeof(tbs)), 0)) + || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, + sizeof(tbs)), + 0)) goto out; sig = OPENSSL_malloc(sig_len); if (!TEST_ptr(sig) - /* Test sending a signature buffer that is too short is rejected */ - || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, - sizeof(tbs)), 0) - || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), - 0) - /* Test the signature round-trips */ - || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), - 0)) + /* Test sending a signature buffer that is too short is rejected */ + || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, + sizeof(tbs)), + 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), + 0) + /* Test the signature round-trips */ + || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), + 0)) goto out; ret = 1; - out: +out: EVP_PKEY_CTX_free(ctx); OPENSSL_free(sig); EVP_PKEY_free(pkey); @@ -1305,26 +1340,26 @@ if (n == 0) type = (EVP_CIPHER *)EVP_aes_256_cbc(); else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", - testpropq))) + testpropq))) goto err; if (!TEST_ptr(keypair = load_example_rsa_key()) - || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) - || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, - &keypair, 1)) - || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, - msg, sizeof(msg))) - || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, - &len))) + || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, + &keypair, 1)) + || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, + msg, sizeof(msg))) + || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, + &len))) goto err; ciphertext_len += len; if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) - || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, - ciphertext, ciphertext_len)) - || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) + || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, + ciphertext, ciphertext_len)) + || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) goto err; plaintext_len += len; @@ -1391,24 +1426,24 @@ goto out; } else { if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) - || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) + || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) goto out; } if (tst % 3 == 0) { if (!TEST_ptr(pkey = load_example_rsa_key())) - goto out; + goto out; } else if (tst % 3 == 1) { #ifndef OPENSSL_NO_DSA if (!TEST_ptr(pkey = load_example_dsa_key())) - goto out; + goto out; #else ret = 1; goto out; #endif } else { if (!TEST_ptr(pkey = load_example_hmac_key())) - goto out; + goto out; } if (tst >= 3 && tst <= 5) @@ -1433,13 +1468,13 @@ if (tst >= 9) { /* Determine the size of the signature. */ if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, - sizeof(kMsg))) - || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) + sizeof(kMsg))) + || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) goto out; if (tst <= 11) { /* Test that supply a short sig buffer fails */ if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, - sizeof(kMsg)))) + sizeof(kMsg)))) goto out; /* * We end here because once EVP_DigestSign() has failed you should @@ -1449,18 +1484,18 @@ goto out; } if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, - sizeof(kMsg)))) + sizeof(kMsg)))) goto out; } else { /* Determine the size of the signature. */ if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) - || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) - /* - * Trying to create a signature with a deliberately short - * buffer should fail. - */ - || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) - || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) + || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) + /* + * Trying to create a signature with a deliberately short + * buffer should fail. + */ + || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) + || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) goto out; } @@ -1476,7 +1511,7 @@ } if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, - NULL, pkey))) + NULL, pkey))) goto out; if (tst >= 6 && tst <= 8) { @@ -1484,7 +1519,7 @@ goto out; } else { if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, - sizeof(kMsg)))) + sizeof(kMsg)))) goto out; } if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) @@ -1509,7 +1544,7 @@ ret = 1; - out: +out: BIO_free(membio); BIO_free(mdbio); EVP_MD_CTX_free(a_md_ctx); @@ -1532,24 +1567,26 @@ return TEST_skip("Test does not support a non-default library context"); if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) - || !TEST_ptr(pkey = load_example_rsa_key())) + || !TEST_ptr(pkey = load_example_rsa_key())) goto out; if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) - || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) - || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, - sizeof(kSignature)), 0)) + || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) + || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, + sizeof(kSignature)), + 0)) goto out; /* test with reinitialization */ if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) - || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) - || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, - sizeof(kSignature)), 0)) + || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) + || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, + sizeof(kSignature)), + 0)) goto out; ret = 1; - out: +out: EVP_MD_CTX_free(md_ctx); EVP_PKEY_free(pkey); return ret; @@ -1576,7 +1613,7 @@ memset(buf, 0, 8); memset(key, 1, 16); if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, - key, 16))) + key, 16))) goto out; if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) @@ -1585,8 +1622,9 @@ if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) goto out; if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, - EVP_PKEY_CTRL_SET_DIGEST_SIZE, - 8, NULL), 1)) + EVP_PKEY_CTRL_SET_DIGEST_SIZE, + 8, NULL), + 1)) goto out; /* reinitialize */ if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) @@ -1599,7 +1637,7 @@ goto out; ret = 1; - out: +out: EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return ret; @@ -1621,38 +1659,38 @@ goto out; if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) - || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) + || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) goto out; if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) - || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) - || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) - /* EVP_DigestFinal resets the EVP_MD_CTX. */ - || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) + || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) + || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) + /* EVP_DigestFinal resets the EVP_MD_CTX. */ + || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) goto out; if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) - || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) - || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) - /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ - || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) - /* - * EVP_DigestInit_ex with NULL type should work on - * pre-initialized context. - */ - || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) + || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) + || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) + /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ + || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) + /* + * EVP_DigestInit_ex with NULL type should work on + * pre-initialized context. + */ + || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) goto out; if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) - || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) - || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) - /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ - || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) - || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) + || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) + || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) + /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ + || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) + || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) goto out; ret = 1; - out: +out: EVP_MD_CTX_free(md_ctx); EVP_MD_free(sha256); EVP_MD_free(shake256); @@ -1683,7 +1721,7 @@ goto out; ret = 1; - out: +out: EVP_MD_CTX_free(md_ctx); return ret; } @@ -1700,13 +1738,13 @@ p = input; if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) - || !TEST_ptr_eq(p, input + input_len) - || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) goto done; ret = 1; - done: +done: EVP_PKEY_free(pkey); return ret; } @@ -1760,10 +1798,10 @@ EVP_PKEY *pkey; pkey = load_example_key("EC", ec_der_pub_keys[id].der, - ec_der_pub_keys[id].len); + ec_der_pub_keys[id].len); ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) - || TEST_ptr_null(pkey); + || TEST_ptr_null(pkey); EVP_PKEY_free(pkey); return ret; } @@ -1777,11 +1815,11 @@ EVP_PKEY *pkey = NULL; if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, - sizeof(kExampleBadECKeyDER)))) + sizeof(kExampleBadECKeyDER)))) goto done; if (!TEST_ptr_eq(derp, - kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) + kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) goto done; if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) @@ -1789,7 +1827,7 @@ ret = 1; - done: +done: PKCS8_PRIV_KEY_INFO_free(p8inf); EVP_PKEY_free(pkey); @@ -1813,8 +1851,8 @@ if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) || !TEST_ptr(pkey = load_example_rsa_key()) || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, - NULL, 0, NULL, NULL), - 0) + NULL, 0, NULL, NULL), + 0) || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) @@ -1823,7 +1861,7 @@ } ok = 1; - done: +done: EVP_PKEY_free(pkey); EVP_PKEY_free(pkey2); PKCS8_PRIV_KEY_INFO_free(p8inf); @@ -1843,23 +1881,23 @@ if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) || !TEST_ptr(pkey = load_example_rsa_key()) || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, - NULL, 0, NULL, NULL), - 0) + NULL, 0, NULL, NULL), + 0) || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) || !TEST_ptr(membuf) || !TEST_mem_eq(membuf, (size_t)membuf_len, - kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) + kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) /* * We try to write PEM as well, just to see that it doesn't err, but * assume that the result is correct. */ || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, - NULL, 0, NULL, NULL), - 0)) + NULL, 0, NULL, NULL), + 0)) goto done; ok = 1; - done: +done: EVP_PKEY_free(pkey); BIO_free_all(membio); return ok; @@ -1871,7 +1909,7 @@ const char *encoding_name; } ec_encodings[] = { { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, - { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } + { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } }; static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) @@ -1884,7 +1922,7 @@ *enc = -1; if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, - OSSL_PKEY_PARAM_EC_ENCODING)) + OSSL_PKEY_PARAM_EC_ENCODING)) || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) return 0; @@ -1925,12 +1963,12 @@ /* Check that the encoding got all the way into the key */ if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, - ec_export_get_encoding_cb, &enc)) + ec_export_get_encoding_cb, &enc)) || !TEST_int_eq(enc, ec_encodings[idx].encoding)) goto done; ret = 1; - done: +done: EVP_PKEY_free(key); EVP_PKEY_free(params); EVP_PKEY_CTX_free(kctx); @@ -1943,11 +1981,10 @@ static int test_EVP_SM2_verify(void) { - const char *pubkey = - "-----BEGIN PUBLIC KEY-----\n" - "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" - "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" - "-----END PUBLIC KEY-----\n"; + const char *pubkey = "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" + "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" + "-----END PUBLIC KEY-----\n"; const char *msg = "message digest"; const char *id = "ALICE123@YAHOO.COM"; @@ -2004,7 +2041,7 @@ goto done; rc = 1; - done: +done: BIO_free(bio); EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); @@ -2034,15 +2071,15 @@ uint8_t plaintext[8]; size_t ptext_len = sizeof(plaintext); - uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; + uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' }; - OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; - OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; + OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; int i; char mdname[OSSL_MAX_NAME_SIZE]; if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, - "SM2", testpropq))) + "SM2", testpropq))) goto done; if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) @@ -2055,7 +2092,7 @@ goto done; if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, - pkeyparams, testpropq))) + pkeyparams, testpropq))) goto done; if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) @@ -2101,7 +2138,7 @@ /* Ensure that the signature round-trips. */ if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, - pkey))) + pkey))) goto done; if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) @@ -2119,7 +2156,7 @@ */ if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, - pkey))) + pkey))) goto done; if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) @@ -2134,7 +2171,7 @@ /* now check encryption/decryption */ gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, - mdname, sizeof(mdname)); + mdname, sizeof(mdname)); for (i = 0; i < 2; i++) { const char *mdnames[] = { #ifndef OPENSSL_NO_SM3 @@ -2142,18 +2179,18 @@ #else NULL, #endif - "SHA2-256" }; + "SHA2-256" + }; EVP_PKEY_CTX_free(cctx); if (mdnames[i] == NULL) continue; - sparams[0] = - OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, - (char *)mdnames[i], 0); + sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, + (char *)mdnames[i], 0); if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, - pkey, testpropq))) + pkey, testpropq))) goto done; if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) @@ -2163,7 +2200,7 @@ goto done; if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, - sizeof(kMsg)))) + sizeof(kMsg)))) goto done; if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) @@ -2173,7 +2210,8 @@ goto done; if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, - ctext_len), 0)) + ctext_len), + 0)) goto done; if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) @@ -2221,36 +2259,28 @@ char *priv; char *pub; } keys[] = { - { - EVP_PKEY_HMAC, "0123456789", NULL - }, - { - EVP_PKEY_HMAC, "", NULL + { EVP_PKEY_HMAC, "0123456789", NULL }, + { EVP_PKEY_HMAC, "", NULL #ifndef OPENSSL_NO_POLY1305 - }, { - EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL + }, + { EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL #endif #ifndef OPENSSL_NO_SIPHASH - }, { - EVP_PKEY_SIPHASH, "0123456789012345", NULL + }, + { EVP_PKEY_SIPHASH, "0123456789012345", NULL #endif }, #ifndef OPENSSL_NO_EC - { - EVP_PKEY_X25519, "01234567890123456789012345678901", - "abcdefghijklmnopqrstuvwxyzabcdef" - }, { - EVP_PKEY_ED25519, "01234567890123456789012345678901", - "abcdefghijklmnopqrstuvwxyzabcdef" - }, { - EVP_PKEY_X448, + { EVP_PKEY_X25519, "01234567890123456789012345678901", + "abcdefghijklmnopqrstuvwxyzabcdef" }, + { EVP_PKEY_ED25519, "01234567890123456789012345678901", + "abcdefghijklmnopqrstuvwxyzabcdef" }, + { EVP_PKEY_X448, "01234567890123456789012345678901234567890123456789012345", - "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" - }, { - EVP_PKEY_ED448, + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" }, + { EVP_PKEY_ED448, "012345678901234567890123456789012345678901234567890123456", - "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" - } + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" } #endif }; @@ -2274,16 +2304,16 @@ in = (unsigned char *)keys[tst].pub; if (uselibctx) { pkey = EVP_PKEY_new_raw_public_key_ex( - testctx, - OBJ_nid2sn(keys[tst].type), - NULL, - in, - inlen); + testctx, + OBJ_nid2sn(keys[tst].type), + NULL, + in, + inlen); } else { pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, - NULL, - in, - inlen); + NULL, + in, + inlen); } #else return 1; @@ -2293,42 +2323,40 @@ in = (unsigned char *)keys[tst].priv; if (uselibctx) { pkey = EVP_PKEY_new_raw_private_key_ex( - testctx, OBJ_nid2sn(keys[tst].type), - NULL, - in, - inlen); + testctx, OBJ_nid2sn(keys[tst].type), + NULL, + in, + inlen); } else { pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, - NULL, - in, - inlen); + NULL, + in, + inlen); } } if (!TEST_ptr(pkey) - || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) - || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) - || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) - || !TEST_true(len == inlen)) + || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) + || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) + || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) + || !TEST_true(len == inlen)) goto done; if (tst != 1) { /* * Test that supplying a buffer that is too small fails. Doesn't apply * to HMAC with a zero length key */ - if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf, - &shortlen))) - || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf, - &shortlen)))) + if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf, &shortlen))) + || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf, &shortlen)))) goto done; } if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) - || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) - || !TEST_mem_eq(in, inlen, buf, len)) + || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) + || !TEST_mem_eq(in, inlen, buf, len)) goto done; ret = 1; - done: +done: EVP_PKEY_free(pkey); return ret; } @@ -2336,9 +2364,9 @@ static int test_set_get_raw_keys(int tst) { return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) - && test_set_get_raw_keys_int(tst, 0, 1) - && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) - && test_set_get_raw_keys_int(tst, 1, 1); + && test_set_get_raw_keys_int(tst, 0, 1) + && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) + && test_set_get_raw_keys_int(tst, 1, 1); } #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -2413,7 +2441,7 @@ ret = 1; - done: +done: EVP_PKEY_CTX_free(ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 EVP_PKEY_CTX_free(ctx2); @@ -2431,11 +2459,11 @@ int ret = 1; if (!TEST_ptr(mdctx) - || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, - testpropq, pkey, NULL)) - || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) - || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) - || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) + || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, + testpropq, pkey, NULL)) + || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) + || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) + || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) ret = 0; EVP_MD_CTX_free(mdctx); @@ -2453,9 +2481,9 @@ int ret = 0; EVP_PKEY *pkey = NULL; unsigned char mac[AES_BLOCK_SIZE]; -# if !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) unsigned char mac2[AES_BLOCK_SIZE]; -# endif +#endif if (nullprov != NULL) return TEST_skip("Test does not support a non-default library context"); @@ -2468,18 +2496,20 @@ /* Test a CMAC key created using the "generated" method */ if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) - || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_CIPHER, - 0, (void *)EVP_aes_256_ecb()), 0) - || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, - sizeof(key), (void *)key), 0) - || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) - || !TEST_ptr(pkey) - || !TEST_true(get_cmac_val(pkey, mac))) + || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_CIPHER, + 0, (void *)EVP_aes_256_ecb()), + 0) + || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_SET_MAC_KEY, + sizeof(key), (void *)key), + 0) + || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) + || !TEST_ptr(pkey) + || !TEST_true(get_cmac_val(pkey, mac))) goto done; -# if !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) EVP_PKEY_free(pkey); /* @@ -2488,14 +2518,14 @@ */ pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb()); if (!TEST_ptr(pkey) - || !TEST_true(get_cmac_val(pkey, mac2)) - || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) + || !TEST_true(get_cmac_val(pkey, mac2)) + || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) goto done; -# endif +#endif ret = 1; - done: +done: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(kctx); return ret; @@ -2526,21 +2556,24 @@ memset(out, 0, outlen); if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, - sizeof(salt) - 1), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, - sizeof(key) - 1), 0) - || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, - sizeof(info) - 1), 0) - || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) - || !TEST_mem_eq(out, outlen, expected, expectedlen)) + || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, + sizeof(salt) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, + sizeof(info) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) + || !TEST_mem_eq(out, outlen, expected, expectedlen)) goto done; } ret = 1; - done: +done: EVP_PKEY_CTX_free(pctx); return ret; @@ -2568,20 +2601,23 @@ memset(out, 0, outlen); if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, - sizeof(salt) - 1), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, - sizeof(key) - 1), 0) - || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, - sizeof(info) - 1), 0) - || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) - || !TEST_mem_eq(out, outlen, expected, expectedlen)) + || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, + sizeof(salt) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, + sizeof(info) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) + || !TEST_mem_eq(out, outlen, expected, expectedlen)) goto done; ret = 1; - done: +done: EVP_PKEY_CTX_free(pctx); return ret; @@ -2594,11 +2630,12 @@ size_t outlen; int ret = 0; unsigned char salt[] = ""; + unsigned char fake[] = "0123456789"; unsigned char key[] = "012345678901234567890123456789"; unsigned char info[] = ""; const unsigned char expected[] = { - 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, - 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06, + 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, + 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06 }; size_t expectedlen = sizeof(expected); @@ -2609,20 +2646,26 @@ memset(out, 0, outlen); if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, - sizeof(salt) - 1), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, - sizeof(key) - 1), 0) - || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, - sizeof(info) - 1), 0) - || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) - || !TEST_mem_eq(out, outlen, expected, expectedlen)) + || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake, + sizeof(fake) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, + sizeof(salt) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, + sizeof(info) - 1), + 0) + || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) + || !TEST_mem_eq(out, outlen, expected, expectedlen)) goto done; ret = 1; - done: +done: EVP_PKEY_CTX_free(pctx); return ret; @@ -2655,7 +2698,7 @@ ret = 1; - done: +done: X509_PUBKEY_free(xp); return ret; } @@ -2669,14 +2712,14 @@ xp = X509_PUBKEY_new_ex(testctx, testpropq); if (!TEST_ptr(xp) - || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) - || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) - || !TEST_ptr_ne(xp, xq)) + || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) + || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) + || !TEST_ptr_ne(xp, xq)) goto done; if (!TEST_ptr(X509_PUBKEY_get0(xq)) - || !TEST_ptr(X509_PUBKEY_get0(xp)) - || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) + || !TEST_ptr(X509_PUBKEY_get0(xp)) + || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) goto done; X509_PUBKEY_free(xq); @@ -2685,7 +2728,7 @@ input_len = sizeof(kExampleBadECPubKeyDER); if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) - || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) + || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) goto done; X509_PUBKEY_free(xp); @@ -2695,7 +2738,7 @@ ret = 1; - done: +done: X509_PUBKEY_free(xp); X509_PUBKEY_free(xq); return ret; @@ -2717,7 +2760,7 @@ /* Initialise a sign operation */ ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); if (!TEST_ptr(ctx) - || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) + || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) goto err; /* @@ -2726,15 +2769,15 @@ params = EVP_PKEY_CTX_settable_params(ctx); if (!TEST_ptr(params) || !TEST_ptr(OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_DIGEST))) + OSSL_SIGNATURE_PARAM_DIGEST))) goto err; params = EVP_PKEY_CTX_gettable_params(ctx); if (!TEST_ptr(params) || !TEST_ptr(OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) + OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) || !TEST_ptr(OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_DIGEST))) + OSSL_SIGNATURE_PARAM_DIGEST))) goto err; /* @@ -2744,7 +2787,7 @@ strcpy(mdname, "SHA512"); param_md = param; *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, - mdname, 0); + mdname, 0); *param++ = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) @@ -2752,9 +2795,9 @@ mdname[0] = '\0'; *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, - mdname, sizeof(mdname)); + mdname, sizeof(mdname)); if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) - || !TEST_str_eq(mdname, "SHA512")) + || !TEST_str_eq(mdname, "SHA512")) goto err; /* @@ -2762,8 +2805,8 @@ * TEST_PKEY_CTX_get_signature_md() functions */ if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) - || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) - || !TEST_ptr_eq(md, EVP_sha256())) + || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) + || !TEST_ptr_eq(md, EVP_sha256())) goto err; /* @@ -2772,7 +2815,7 @@ mdctx = EVP_MD_CTX_new(); if (!TEST_ptr(mdctx) || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, - pkey, NULL))) + pkey, NULL))) goto err; /* @@ -2781,15 +2824,15 @@ */ params = EVP_MD_CTX_settable_params(mdctx); if (!TEST_ptr(params) - || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) - /* The final key should be NULL */ - || !TEST_ptr_null(params[1].key)) + || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) + /* The final key should be NULL */ + || !TEST_ptr_null(params[1].key)) goto err; param = ourparams; memset(ssl3ms, 0, sizeof(ssl3ms)); *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, - ssl3ms, sizeof(ssl3ms)); + ssl3ms, sizeof(ssl3ms)); *param++ = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) @@ -2797,7 +2840,7 @@ ret = 1; - err: +err: EVP_MD_CTX_free(mdctx); EVP_PKEY_CTX_free(ctx); @@ -2830,16 +2873,17 @@ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, - pub)) + pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, - priv))) + priv))) goto err; if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, - params), 0)) + params), + 0)) goto err; if (!TEST_ptr(pkey)) @@ -2847,7 +2891,7 @@ ret = test_EVP_PKEY_CTX_get_set_params(pkey); - err: +err: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); OSSL_PARAM_free(params); @@ -2900,7 +2944,8 @@ if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, - params), 0)) + params), + 0)) goto err; if (!TEST_ptr(pkey)) @@ -2908,7 +2953,7 @@ ret = test_EVP_PKEY_CTX_get_set_params(pkey); - err: +err: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); OSSL_PARAM_free(params); @@ -2939,12 +2984,12 @@ params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, - OSSL_DIGEST_NAME_SHA2_256, 0); + OSSL_DIGEST_NAME_SHA2_256, 0); params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, - OSSL_DIGEST_NAME_SHA1, 0); + OSSL_DIGEST_NAME_SHA1, 0); params[3] = OSSL_PARAM_construct_end(); - if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0)) + if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params), 0)) goto err; } { @@ -2953,9 +2998,9 @@ char mgf1md[30] = { '\0' }; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, - oaepmd, sizeof(oaepmd)); + oaepmd, sizeof(oaepmd)); params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, - mgf1md, sizeof(mgf1md)); + mgf1md, sizeof(mgf1md)); params[2] = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) @@ -2968,7 +3013,7 @@ ret = 1; - err: +err: EVP_PKEY_free(key); EVP_PKEY_CTX_free(key_ctx); @@ -2998,17 +3043,59 @@ ret = 1; - err: +err: EVP_PKEY_free(key); EVP_PKEY_CTX_free(key_ctx); return ret; } +static int test_RSA_encrypt(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + unsigned char *cbuf = NULL, *pbuf = NULL; + size_t clen = 0, plen = 0; + + if (!TEST_ptr(pkey = load_example_rsa_key()) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, + pkey, testpropq)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0) + || !TEST_ptr(cbuf = OPENSSL_malloc(clen)) + || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)) + goto done; + + /* Require failure when the output buffer is too small */ + plen = clen - 1; + if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0)) + goto done; + /* flush error stack */ + TEST_openssl_errors(); + + /* Check decryption of encrypted result */ + if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) + || !TEST_ptr(pbuf = OPENSSL_malloc(plen)) + || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) + || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)) + goto done; + + ret = 1; +done: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pkey); + OPENSSL_free(cbuf); + OPENSSL_free(pbuf); + return ret; +} + #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) static int test_decrypt_null_chunks(void) { - EVP_CIPHER_CTX* ctx = NULL; + EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER *cipher = NULL; const unsigned char key[32] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, @@ -3027,46 +3114,46 @@ const int enc_offset = 10, dec_offset = 20; if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) - || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, - key, iv)) - || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, - enc_offset)) - /* Deliberate add a zero length update */ - || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, - 0)) - || !TEST_int_eq(tmp, 0) - || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, - msg + enc_offset, - sizeof(msg) - enc_offset)) - || !TEST_int_eq(ctlen += tmp, sizeof(msg)) - || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) - || !TEST_int_eq(tmp, 0)) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, + key, iv)) + || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, + enc_offset)) + /* Deliberate add a zero length update */ + || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, + 0)) + || !TEST_int_eq(tmp, 0) + || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, + msg + enc_offset, + sizeof(msg) - enc_offset)) + || !TEST_int_eq(ctlen += tmp, sizeof(msg)) + || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) + || !TEST_int_eq(tmp, 0)) goto err; /* Deliberately initialise tmp to a non zero value */ tmp = 99; if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) - || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, - dec_offset)) - /* - * Deliberately add a zero length update. We also deliberately do - * this at a different offset than for encryption. - */ - || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, - 0)) - || !TEST_int_eq(tmp, 0) - || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, - ciphertext + dec_offset, - ctlen - dec_offset)) - || !TEST_int_eq(ptlen += tmp, sizeof(msg)) - || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) - || !TEST_int_eq(tmp, 0) - || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) + || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, + dec_offset)) + /* + * Deliberately add a zero length update. We also deliberately do + * this at a different offset than for encryption. + */ + || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, + 0)) + || !TEST_int_eq(tmp, 0) + || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, + ciphertext + dec_offset, + ctlen - dec_offset)) + || !TEST_int_eq(ptlen += tmp, sizeof(msg)) + || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) + || !TEST_int_eq(tmp, 0) + || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) goto err; ret = 1; - err: +err: EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_free(cipher); return ret; @@ -3083,7 +3170,7 @@ return test_EVP_PKEY_ffc_priv_pub("DH"); } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 static int test_EVP_PKEY_set1_DH(void) { DH *x942dh = NULL, *noqdh = NULL; @@ -3095,16 +3182,16 @@ size_t len = 0; if (!TEST_ptr(p = BN_new()) - || !TEST_ptr(g = BN_new()) - || !TEST_ptr(pubkey = BN_new()) - || !TEST_true(BN_set_word(p, 9999)) - || !TEST_true(BN_set_word(g, 2)) - || !TEST_true(BN_set_word(pubkey, 4321)) - || !TEST_ptr(noqdh = DH_new()) - || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) - || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) - || !TEST_ptr(pubkey = BN_new()) - || !TEST_true(BN_set_word(pubkey, 4321))) + || !TEST_ptr(g = BN_new()) + || !TEST_ptr(pubkey = BN_new()) + || !TEST_true(BN_set_word(p, 9999)) + || !TEST_true(BN_set_word(g, 2)) + || !TEST_true(BN_set_word(pubkey, 4321)) + || !TEST_ptr(noqdh = DH_new()) + || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) + || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) + || !TEST_ptr(pubkey = BN_new()) + || !TEST_true(BN_set_word(pubkey, 4321))) goto err; p = g = NULL; @@ -3112,34 +3199,34 @@ pkey1 = EVP_PKEY_new(); pkey2 = EVP_PKEY_new(); if (!TEST_ptr(x942dh) - || !TEST_ptr(noqdh) - || !TEST_ptr(pkey1) - || !TEST_ptr(pkey2) - || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) + || !TEST_ptr(noqdh) + || !TEST_ptr(pkey1) + || !TEST_ptr(pkey2) + || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) goto err; pubkey = NULL; if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) - || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) + || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) goto err; if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, - &pubkey)) - || !TEST_ptr(pubkey)) + &pubkey)) + || !TEST_ptr(pubkey)) goto err; if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) - || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) + || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) goto err; if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, - OSSL_PKEY_PARAM_PUB_KEY, - pub, sizeof(pub), &len)) - || !TEST_size_t_ne(len, 0)) + OSSL_PKEY_PARAM_PUB_KEY, + pub, sizeof(pub), &len)) + || !TEST_size_t_ne(len, 0)) goto err; ret = 1; - err: +err: BN_free(p); BN_free(g); BN_free(pubkey); @@ -3150,7 +3237,7 @@ return ret; } -# endif /* !OPENSSL_NO_DEPRECATED_3_0 */ +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ #endif /* !OPENSSL_NO_DH */ /* @@ -3190,7 +3277,7 @@ goto err; ret = 1; - err: +err: EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); EVP_PKEY_free(tkey); @@ -3223,9 +3310,9 @@ /* * We check for certain algos in the null provider. - * If an algo is expected to have a provider keymgmt, contructing an + * If an algo is expected to have a provider keymgmt, constructing an * EVP_PKEY_CTX is expected to fail (return NULL). - * Otherwise, if it's expected to have legacy support, contructing an + * Otherwise, if it's expected to have legacy support, constructing an * EVP_PKEY_CTX is expected to succeed (return non-NULL). */ switch (tst) { @@ -3255,11 +3342,11 @@ goto err; #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) - end: +end: #endif ret = 1; - err: +err: EVP_PKEY_CTX_free(pctx); OSSL_PROVIDER_unload(tmpnullprov); OSSL_LIB_CTX_free(tmpctx); @@ -3278,7 +3365,7 @@ unsigned char out[sizeof(seed)]; if (!TEST_int_ne(sizeof(seed) % step, 0) - || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) + || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) return 0; ctx = EVP_RAND_CTX_new(rand, NULL); EVP_RAND_free(rand); @@ -3287,12 +3374,12 @@ memset(out, 0, sizeof(out)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, - seed, sizeof(seed)); + seed, sizeof(seed)); *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); *p = OSSL_PARAM_construct_end(); res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) - && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) - && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); + && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) + && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); EVP_RAND_CTX_free(ctx); return res; } @@ -3306,28 +3393,27 @@ { int ret = 0; EVP_CIPHER_CTX *ctx = NULL; - unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, - 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57}; - unsigned char init_iv[EVP_MAX_IV_LENGTH] = - {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, - 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34}; + unsigned char key[16] = { 0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, + 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57 }; + unsigned char init_iv[EVP_MAX_IV_LENGTH] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, + 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 }; static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, - 9, 10, 11, 12, 13, 14, 15, 16 }; + 9, 10, 11, 12, 13, 14, 15, 16 }; unsigned char ciphertext[32], oiv[16], iv[16]; unsigned char *ref_iv; - unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, - 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e}; - - unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, - 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd}; - unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, - 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed}; - unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, - 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; - unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98}; + unsigned char cbc_state[16] = { 0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, + 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e }; + + unsigned char ofb_state[16] = { 0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, + 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd }; + unsigned char cfb_state[16] = { 0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, + 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed }; + unsigned char gcm_state[12] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, + 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 }; + unsigned char ccm_state[7] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98 }; #ifndef OPENSSL_NO_OCB - unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, - 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; + unsigned char ocb_state[12] = { 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, + 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81 }; #endif int len = sizeof(ciphertext); size_t ivlen, ref_len; @@ -3337,13 +3423,12 @@ if (nullprov != NULL && idx < 6) return TEST_skip("Test does not support a non-default library context"); - switch(idx) { + switch (idx) { case 0: type = EVP_aes_128_cbc(); /* FALLTHROUGH */ case 6: - type = (type != NULL) ? type : - EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); + type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); ref_iv = cbc_state; ref_len = sizeof(cbc_state); iv_reset = 1; @@ -3352,8 +3437,7 @@ type = EVP_aes_128_ofb(); /* FALLTHROUGH */ case 7: - type = (type != NULL) ? type : - EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); + type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); ref_iv = ofb_state; ref_len = sizeof(ofb_state); iv_reset = 1; @@ -3362,8 +3446,7 @@ type = EVP_aes_128_cfb(); /* FALLTHROUGH */ case 8: - type = (type != NULL) ? type : - EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); + type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); ref_iv = cfb_state; ref_len = sizeof(cfb_state); iv_reset = 1; @@ -3372,8 +3455,7 @@ type = EVP_aes_128_gcm(); /* FALLTHROUGH */ case 9: - type = (type != NULL) ? type : - EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); + type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); ref_iv = gcm_state; ref_len = sizeof(gcm_state); break; @@ -3381,8 +3463,7 @@ type = EVP_aes_128_ccm(); /* FALLTHROUGH */ case 10: - type = (type != NULL) ? type : - EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); + type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); ref_iv = ccm_state; ref_len = sizeof(ccm_state); break; @@ -3395,8 +3476,7 @@ type = EVP_aes_128_ocb(); /* FALLTHROUGH */ case 11: - type = (type != NULL) ? type : - EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); + type = (type != NULL) ? type : EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); ref_iv = ocb_state; ref_len = sizeof(ocb_state); break; @@ -3406,17 +3486,17 @@ } if (!TEST_ptr(type) - || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) - || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) - || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, - (int)sizeof(msg))) - || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) - || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) - || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) + || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) + || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) + || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, + (int)sizeof(msg))) + || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) + || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) + || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) goto err; ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) - || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) + || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) goto err; /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ @@ -3453,7 +3533,7 @@ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, - 9, 10, 11, 12, 13, 14, 15, 16 }; + 9, 10, 11, 12, 13, 14, 15, 16 }; unsigned char ciphertext[32], oiv[8], iv[8]; unsigned const char *ref_iv; static const unsigned char cbc_state_des[8] = { @@ -3481,7 +3561,7 @@ if (lgcyprov == NULL && idx < 3) return TEST_skip("Test requires legacy provider to be loaded"); - switch(idx) { + switch (idx) { case 0: type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); ref_iv = cbc_state_des; @@ -3517,17 +3597,17 @@ } if (!TEST_ptr(type) - || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) - || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) - || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, - (int)sizeof(msg))) - || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) - || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) - || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) + || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) + || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) + || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, + (int)sizeof(msg))) + || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) + || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) + || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) goto err; ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) - || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) + || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) goto err; if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) @@ -3558,8 +3638,8 @@ return TEST_skip("Test requires legacy provider to be loaded"); if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) - || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) - || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) + || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) + || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) goto err; ret = 1; @@ -3573,10 +3653,10 @@ static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M NID_sect233k1, NID_sect233r1, NID_sect283r1, NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, -# endif +#endif NID_brainpoolP384r1, NID_brainpoolP512r1 }; @@ -3588,11 +3668,11 @@ unsigned char *p; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const unsigned char *q; EVP_PKEY *pkey2 = NULL; EC_KEY *ec = NULL; -# endif +#endif if (nullprov != NULL) return TEST_skip("Test does not support a non-default library context"); @@ -3613,15 +3693,15 @@ p = buf; len = i2d_PublicKey(pkey, &p); if (!TEST_int_ge(len, 1) - || !TEST_int_eq(len, savelen)) + || !TEST_int_eq(len, savelen)) goto done; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Now try to decode the just-created DER. */ q = buf; if (!TEST_ptr((pkey2 = EVP_PKEY_new())) - || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) - || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) + || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) + || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) goto done; /* EC_KEY ownership transferred */ ec = NULL; @@ -3630,17 +3710,17 @@ /* The keys should match. */ if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) goto done; -# endif +#endif ret = 1; - done: +done: EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 EVP_PKEY_free(pkey2); EC_KEY_free(ec); -# endif +#endif return ret; } #endif @@ -3734,7 +3814,7 @@ goto err; testresult = 1; - err: +err: EVP_MD_free(sha256); OSSL_LIB_CTX_free(ctx); return testresult; @@ -3757,80 +3837,56 @@ } EVP_INIT_TEST_st; static const EVP_INIT_TEST_st evp_init_tests[] = { - { - "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, + { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), - 0, 1, 0, 1 - }, - { - "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, + 0, 1, 0, 1 }, + { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), - sizeof(gcmDefaultTag), 1, 0, 1 - }, - { - "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, + sizeof(gcmDefaultTag), 1, 0, 1 }, + { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), - 0, 0, 0, 1 - }, - { - "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, + 0, 0, 0, 1 }, + { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), - sizeof(gcmDefaultTag), 0, 0, 1 - }, - { - "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, + sizeof(gcmDefaultTag), 0, 0, 1 }, + { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), - 0, 1, 1, 0 - }, - { - "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, + 0, 1, 1, 0 }, + { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), - sizeof(gcmDefaultTag), 1, 1, 0 - }, - { - "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, + sizeof(gcmDefaultTag), 1, 1, 0 }, + { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), - 0, 0, 1, 0 - }, - { - "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, + 0, 0, 1, 0 }, + { "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), - sizeof(gcmDefaultTag), 0, 1, 0 - } + sizeof(gcmDefaultTag), 0, 1, 0 } }; /* use same key, iv and plaintext for cfb and ofb */ static const EVP_INIT_TEST_st evp_reinit_tests[] = { - { - "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, + { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), - sizeof(cfbCiphertext_partial), 0, 0, 1, 0 - }, - { - "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, + sizeof(cfbCiphertext_partial), 0, 0, 1, 0 }, + { "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), - sizeof(cfbPlaintext_partial), 0, 0, 0, 0 - }, - { - "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, + sizeof(cfbPlaintext_partial), 0, 0, 0, 0 }, + { "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), - sizeof(ofbCiphertext_partial), 0, 0, 1, 0 - }, - { - "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, + sizeof(ofbCiphertext_partial), 0, 0, 1, 0 }, + { "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), - sizeof(cfbPlaintext_partial), 0, 0, 0, 0 - }, + sizeof(cfbPlaintext_partial), 0, 0, 0, 0 }, }; static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) { int res = 0; - + if (t->ivlen != 0) { if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) goto err; @@ -3838,7 +3894,7 @@ if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) goto err; res = 1; - err: +err: return res; } @@ -3884,7 +3940,7 @@ errmsg = "IV_INIT"; goto err; } - if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { + if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { errmsg = "KEY_INIT (after iv)"; goto err; } @@ -3899,7 +3955,8 @@ if (t->finalenc == 0 && t->tag != NULL) { /* Set expected tag */ if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - t->taglen, (void *)t->tag), 0)) { + t->taglen, (void *)t->tag), + 0)) { errmsg = "SET_TAG"; goto err; } @@ -3923,7 +3980,7 @@ } } testresult = 1; - err: +err: if (errmsg != NULL) TEST_info("evp_init_test %d: %s", idx, errmsg); EVP_CIPHER_CTX_free(ctx); @@ -3946,24 +4003,24 @@ EVP_CIPHER *type = NULL; if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) - /* setup cipher context */ - || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) - /* first iteration */ - || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) - || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) - /* check test results iteration 1 */ - || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) - /* now re-init the context (same cipher, key and iv) */ - || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) - /* second iteration */ - || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) - || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) - /* check test results iteration 2 */ - || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) + || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) + /* setup cipher context */ + || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) + /* first iteration */ + || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) + || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) + /* check test results iteration 1 */ + || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) + /* now re-init the context (same cipher, key and iv) */ + || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) + /* second iteration */ + || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) + || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) + /* check test results iteration 2 */ + || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) goto err; testresult = 1; - err: +err: EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_free(type); return testresult; @@ -3978,14 +4035,10 @@ } EVP_RESET_TEST_st; static const EVP_RESET_TEST_st evp_reset_tests[] = { - { - cfbPlaintext, cfbCiphertext, - sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 - }, - { - cfbCiphertext, cfbPlaintext, - sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 - } + { cfbPlaintext, cfbCiphertext, + sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 }, + { cfbCiphertext, cfbPlaintext, + sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 } }; /* @@ -4047,7 +4100,7 @@ goto err; } testresult = 1; - err: +err: if (errmsg != NULL) TEST_info("test_evp_reset %d: %s", idx, errmsg); EVP_CIPHER_CTX_free(ctx); @@ -4061,42 +4114,18 @@ } EVP_UPDATED_IV_TEST_st; static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { - { - "aes-128-cfb", 1 - }, - { - "aes-128-cfb", 0 - }, - { - "aes-128-cfb1", 1 - }, - { - "aes-128-cfb1", 0 - }, - { - "aes-128-cfb8", 1 - }, - { - "aes-128-cfb8", 0 - }, - { - "aes-128-ofb", 1 - }, - { - "aes-128-ofb", 0 - }, - { - "aes-128-ctr", 1 - }, - { - "aes-128-ctr", 0 - }, - { - "aes-128-cbc", 1 - }, - { - "aes-128-cbc", 0 - } + { "aes-128-cfb", 1 }, + { "aes-128-cfb", 0 }, + { "aes-128-cfb1", 1 }, + { "aes-128-cfb1", 0 }, + { "aes-128-cfb8", 1 }, + { "aes-128-cfb8", 0 }, + { "aes-128-ofb", 1 }, + { "aes-128-ofb", 0 }, + { "aes-128-ctr", 1 }, + { "aes-128-ctr", 0 }, + { "aes-128-cbc", 1 }, + { "aes-128-cbc", 0 } }; /* @@ -4152,9 +4181,9 @@ errmsg = "CIPHER_FINAL"; goto err; } - ok: +ok: testresult = 1; - err: +err: if (errmsg != NULL) TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); EVP_CIPHER_CTX_free(ctx); @@ -4176,16 +4205,12 @@ } TEST_GCM_IV_REINIT_st; static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { - { - iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, + { iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), - sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) - }, - { - iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, + sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) }, + { iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), - sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) - } + sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) } }; static int test_gcm_reinit(int idx) @@ -4226,7 +4251,7 @@ } EVP_CIPHER_CTX_set_padding(ctx, 0); if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, - sizeof(gcmResetPlaintext)))) { + sizeof(gcmResetPlaintext)))) { errmsg = "CIPHER_UPDATE1"; goto err; } @@ -4260,7 +4285,7 @@ goto err; } if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, - sizeof(gcmResetPlaintext)))) { + sizeof(gcmResetPlaintext)))) { errmsg = "CIPHER_UPDATE2"; goto err; } @@ -4281,7 +4306,7 @@ goto err; } testresult = 1; - err: +err: if (errmsg != NULL) TEST_info("evp_init_test %d: %s", idx, errmsg); EVP_CIPHER_CTX_free(ctx); @@ -4304,8 +4329,8 @@ int res = 0; unsigned char outbuf[1024]; static const unsigned char iv[] = { - 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, - 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 + 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, + 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 }; EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER *ciph = NULL; @@ -4316,31 +4341,31 @@ goto err; if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], - testpropq))) + testpropq))) goto err; if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) goto err; if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, - sizeof(gcmDefaultPlaintext)))) + sizeof(gcmDefaultPlaintext)))) goto err; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &ivlen); + &ivlen); if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) goto err; ERR_set_mark(); if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, - sizeof(gcmDefaultPlaintext)))) { + sizeof(gcmDefaultPlaintext)))) { ERR_clear_last_mark(); goto err; } ERR_pop_to_mark(); res = 1; - err: +err: EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_free(ciph); return res; @@ -4372,8 +4397,8 @@ int res = 0; unsigned char outbuf[1024]; static const unsigned char key[] = { - 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, - 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 + 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, + 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 }; EVP_CIPHER_CTX *ctx = NULL; EVP_CIPHER *ciph = NULL; @@ -4387,41 +4412,41 @@ goto err; if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], - testpropq))) + testpropq))) goto err; if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) goto err; if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, - sizeof(gcmDefaultPlaintext)))) + sizeof(gcmDefaultPlaintext)))) goto err; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, - &keylen); + &keylen); if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) goto err; ERR_set_mark(); if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, - sizeof(gcmDefaultPlaintext)))) { + sizeof(gcmDefaultPlaintext)))) { ERR_clear_last_mark(); goto err; } ERR_pop_to_mark(); res = 1; - err: +err: EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_free(ciph); return res; } #ifndef OPENSSL_NO_DEPRECATED_3_0 -static EVP_PKEY_METHOD *custom_pmeth = NULL; +static EVP_PKEY_METHOD *custom_pmeth = NULL; static const EVP_PKEY_METHOD *orig_pmeth = NULL; -# define EVP_PKEY_CTRL_MY_COMMAND 9999 +#define EVP_PKEY_CTRL_MY_COMMAND 9999 static int custom_pmeth_init(EVP_PKEY_CTX *ctx) { @@ -4440,29 +4465,29 @@ } static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *in, - size_t inlen) + size_t *outlen, const unsigned char *in, + size_t inlen) { int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); + const unsigned char *tbs, size_t tbslen); EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); return psign(ctx, out, outlen, in, inlen); } static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) + size_t *siglen, const unsigned char *tbs, + size_t tbslen) { int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); + const unsigned char *tbs, size_t tbslen); EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); return pdigestsign(ctx, sig, siglen, tbs, tbslen); } static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) + size_t *keylen) { int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); @@ -4513,7 +4538,7 @@ if (testctx != NULL) return 1; - switch(idx) { + switch (idx) { case 0: case 6: id = EVP_PKEY_RSA; @@ -4521,52 +4546,52 @@ break; case 1: case 7: -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA id = EVP_PKEY_DSA; pkey = load_example_dsa_key(); break; -# else +#else return 1; -# endif +#endif case 2: case 8: -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC id = EVP_PKEY_EC; pkey = load_example_ec_key(); break; -# else +#else return 1; -# endif +#endif case 3: case 9: -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC id = EVP_PKEY_ED25519; md = NULL; pkey = load_example_ed25519_key(); break; -# else +#else return 1; -# endif +#endif case 4: case 10: -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH id = EVP_PKEY_DH; doderive = 1; pkey = load_example_dh_key(); break; -# else +#else return 1; -# endif +#endif case 5: case 11: -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC id = EVP_PKEY_X25519; doderive = 1; pkey = load_example_x25519_key(); break; -# else +#else return 1; -# endif +#endif default: TEST_error("Should not happen"); goto err; @@ -4597,17 +4622,18 @@ } if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) - || !TEST_ptr(pkey)) + || !TEST_ptr(pkey)) goto err; EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); if (!TEST_int_eq(orig_id, id) - || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) + || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) goto err; if (id == EVP_PKEY_ED25519) { EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); - } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { + } + if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); } else { EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); @@ -4624,27 +4650,27 @@ if (doderive) { pctx = EVP_PKEY_CTX_new(pkey, NULL); if (!TEST_ptr(pctx) - || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) - || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, - EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), - 1) - || !TEST_int_eq(ctrl_called, 1) - || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) - || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) - || !TEST_ptr(res = OPENSSL_malloc(reslen)) - || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) + || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, + EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), + 1) + || !TEST_int_eq(ctrl_called, 1) + || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) + || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) + || !TEST_ptr(res = OPENSSL_malloc(reslen)) + || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) goto err; } else { ctx = EVP_MD_CTX_new(); reslen = EVP_PKEY_size(pkey); res = OPENSSL_malloc(reslen); if (!TEST_ptr(ctx) - || !TEST_ptr(res) - || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) - || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, - EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), - 1) - || !TEST_int_eq(ctrl_called, 1)) + || !TEST_ptr(res) + || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) + || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, + EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), + 1) + || !TEST_int_eq(ctrl_called, 1)) goto err; if (id == EVP_PKEY_ED25519) { @@ -4652,13 +4678,13 @@ goto err; } else { if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) - || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) + || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) goto err; } } testresult = 1; - err: +err: OPENSSL_free(res); EVP_MD_CTX_free(ctx); if (doderive) @@ -4681,7 +4707,7 @@ testresult = 1; - err: +err: EVP_MD_meth_free(md); EVP_CIPHER_meth_free(ciph); @@ -4689,7 +4715,7 @@ } typedef struct { - int data; + int data; } custom_dgst_ctx; static int custom_md_init_called = 0; @@ -4745,42 +4771,42 @@ goto err; if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) - || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) - || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, - sizeof(custom_dgst_ctx)))) + || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) + || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, + sizeof(custom_dgst_ctx)))) goto err; mdctx = EVP_MD_CTX_new(); if (!TEST_ptr(mdctx) - /* - * Initing our custom md and then initing another md should - * result in the init and cleanup functions of the custom md - * being called. - */ - || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) - || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) - || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) - || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) - || !TEST_int_eq(custom_md_init_called, 1) - || !TEST_int_eq(custom_md_cleanup_called, 1)) + /* + * Initing our custom md and then initing another md should + * result in the init and cleanup functions of the custom md + * being called. + */ + || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) + || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) + || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) + || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) + || !TEST_int_eq(custom_md_init_called, 1) + || !TEST_int_eq(custom_md_cleanup_called, 1)) goto err; testresult = 1; - err: +err: EVP_MD_CTX_free(mdctx); EVP_MD_meth_free(tmp); return testresult; } typedef struct { - int data; + int data; } custom_ciph_ctx; static int custom_ciph_init_called = 0; static int custom_ciph_cleanup_called = 0; static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *iv, int enc) { custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); @@ -4827,34 +4853,74 @@ goto err; if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) - || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) - || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) - || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, - sizeof(custom_ciph_ctx)))) + || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) + || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) + || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, + sizeof(custom_ciph_ctx)))) goto err; ciphctx = EVP_CIPHER_CTX_new(); if (!TEST_ptr(ciphctx) - /* - * Initing our custom cipher and then initing another cipher - * should result in the init and cleanup functions of the custom - * cipher being called. - */ - || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) - || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, - NULL, NULL, 1)) - || !TEST_int_eq(custom_ciph_init_called, 1) - || !TEST_int_eq(custom_ciph_cleanup_called, 1)) + /* + * Initing our custom cipher and then initing another cipher + * should result in the init and cleanup functions of the custom + * cipher being called. + */ + || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) + || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, + NULL, NULL, 1)) + || !TEST_int_eq(custom_ciph_init_called, 1) + || !TEST_int_eq(custom_ciph_cleanup_called, 1)) goto err; testresult = 1; - err: +err: EVP_CIPHER_CTX_free(ciphctx); EVP_CIPHER_meth_free(tmp); return testresult; } -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +static int test_rsasve_kem_with_invalid_pub_key(void) +{ + RSA *rsa = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + unsigned char *ct = NULL; + unsigned char *secret = NULL; + size_t ctlen = 0, secretlen = 0; + int testresult = 0; + + if (nullprov != NULL) { + testresult = TEST_skip("Test does not support a non-default library context"); + goto err; + } + + if (!TEST_ptr(pkey = make_bad_rsa_pubkey())) + goto err; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL)) + || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1) + || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1) + || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1) + || !TEST_ptr(ct = OPENSSL_malloc(ctlen)) + || !TEST_ptr(secret = OPENSSL_malloc(secretlen))) + goto err; + + if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0)) + goto err; + + testresult = 1; + +err: + OPENSSL_free(secret); + OPENSSL_free(ct); + EVP_PKEY_CTX_free(ctx); + RSA_free(rsa); + EVP_PKEY_free(pkey); + return testresult; +} + +#ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Test we can create a signature keys with an associated ENGINE */ static int test_signatures_with_engine(int tst) { @@ -4878,11 +4944,11 @@ size_t maclen = 0; int ret; -# ifdef OPENSSL_NO_CMAC +#ifdef OPENSSL_NO_CMAC /* Skip CMAC tests in a no-cmac build */ if (tst <= 1) return 1; -# endif +#endif if (!TEST_ptr(e = ENGINE_by_id(engine_id))) return 0; @@ -4895,15 +4961,15 @@ switch (tst) { case 0: pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), - EVP_aes_128_cbc()); + EVP_aes_128_cbc()); break; case 1: pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), - EVP_aes_128_cbc()); + EVP_aes_128_cbc()); break; case 2: pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, - sizeof(ed25519key)); + sizeof(ed25519key)); break; default: TEST_error("Invalid test case"); @@ -4916,13 +4982,13 @@ goto err; ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, - pkey); + pkey); if (tst == 0) { if (!TEST_true(ret)) goto err; if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) - || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) + || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) goto err; if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) @@ -4937,7 +5003,7 @@ } testresult = 1; - err: +err: EVP_MD_CTX_free(ctx); OPENSSL_free(mac); EVP_PKEY_free(pkey); @@ -4970,7 +5036,7 @@ } if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) + || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) goto err; if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) @@ -4981,11 +5047,11 @@ goto err; if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) - || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) + || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) goto err; testresult = 1; - err: +err: EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx2); ENGINE_finish(e); @@ -4993,7 +5059,7 @@ return testresult; } -# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ +#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ #endif /* OPENSSL_NO_DEPRECATED_3_0 */ static int ecxnids[] = { @@ -5009,9 +5075,8 @@ unsigned char ecxkeydata = 1; EVP_PKEY *pkey; - pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), - NULL, &ecxkeydata, 1); + NULL, &ecxkeydata, 1); if (!TEST_ptr_null(pkey)) { EVP_PKEY_free(pkey); return 0; @@ -5065,7 +5130,7 @@ pubkeylen = strlen(keys[tst].pub); pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), - NULL, pubkey, pubkeylen); + NULL, pubkey, pubkeylen); if (!TEST_ptr(pkey)) goto err; @@ -5084,7 +5149,7 @@ if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) goto err; - check_err: +check_err: /* * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, * but we relax the check to allow error also thrown by @@ -5095,7 +5160,7 @@ ERR_clear_error(); } - err: +err: EVP_MD_CTX_free(ctx); OPENSSL_free(mac); EVP_PKEY_free(pkey); @@ -5105,11 +5170,11 @@ #endif /* OPENSSL_NO_EC */ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, - const unsigned char *gcm_iv, size_t gcm_ivlen, - const unsigned char *gcm_pt, size_t gcm_pt_s, - const unsigned char *gcm_aad, size_t gcm_aad_s, - const unsigned char *gcm_ct, size_t gcm_ct_s, - const unsigned char *gcm_tag, size_t gcm_tag_s) + const unsigned char *gcm_iv, size_t gcm_ivlen, + const unsigned char *gcm_pt, size_t gcm_pt_s, + const unsigned char *gcm_aad, size_t gcm_aad_s, + const unsigned char *gcm_ct, size_t gcm_ct_s, + const unsigned char *gcm_tag, size_t gcm_tag_s) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -5122,27 +5187,27 @@ }; if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) goto err; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &gcm_ivlen); + &gcm_ivlen); if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) - || (gcm_aad != NULL - && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, - gcm_aad, gcm_aad_s))) - || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, - gcm_pt, gcm_pt_s)) - || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) + || (gcm_aad != NULL + && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, + gcm_aad, gcm_aad_s))) + || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, + gcm_pt, gcm_pt_s)) + || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) goto err; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - outtag, sizeof(outtag)); + outtag, sizeof(outtag)); if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) - || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) - || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) + || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) + || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) goto err; ret = 1; @@ -5154,11 +5219,11 @@ } static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, - const unsigned char *gcm_iv, size_t gcm_ivlen, - const unsigned char *gcm_pt, size_t gcm_pt_s, - const unsigned char *gcm_aad, size_t gcm_aad_s, - const unsigned char *gcm_ct, size_t gcm_ct_s, - const unsigned char *gcm_tag, size_t gcm_tag_s) + const unsigned char *gcm_iv, size_t gcm_ivlen, + const unsigned char *gcm_pt, size_t gcm_pt_s, + const unsigned char *gcm_aad, size_t gcm_aad_s, + const unsigned char *gcm_ct, size_t gcm_ct_s, + const unsigned char *gcm_tag, size_t gcm_tag_s) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -5176,22 +5241,22 @@ goto err; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &gcm_ivlen); + &gcm_ivlen); if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) - || (gcm_aad != NULL - && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, - gcm_aad, gcm_aad_s))) - || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, - gcm_ct, gcm_ct_s)) - || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) + || (gcm_aad != NULL + && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, + gcm_aad, gcm_aad_s))) + || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, + gcm_ct, gcm_ct_s)) + || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) goto err; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - (void*)gcm_tag, gcm_tag_s); + (void *)gcm_tag, gcm_tag_s); if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) - ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) + || !TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) goto err; ret = 1; @@ -5208,7 +5273,7 @@ static const unsigned char gcm_key[] = { 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, - 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b, + 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b }; static const unsigned char gcm_iv[] = { 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, @@ -5221,33 +5286,33 @@ 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, - 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d, + 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d }; static const unsigned char gcm_pt[] = { 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, - 0x4f, 0xe3, 0x6f, 0x81, + 0x4f, 0xe3, 0x6f, 0x81 }; static const unsigned char gcm_ct[] = { 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, - 0xe2, 0xd0, 0xec, 0xed, + 0xe2, 0xd0, 0xec, 0xed }; static const unsigned char gcm_tag[] = { 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, - 0xdb, 0x99, 0x6c, 0x21, + 0xdb, 0x99, 0x6c, 0x21 }; return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), - gcm_pt, sizeof(gcm_pt), NULL, 0, - gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) + gcm_pt, sizeof(gcm_pt), NULL, 0, + gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), - gcm_pt, sizeof(gcm_pt), NULL, 0, - gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); + gcm_pt, sizeof(gcm_pt), NULL, 0, + gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); } #ifndef OPENSSL_NO_RC4 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, - const unsigned char *rc4_pt, size_t rc4_pt_s, - const unsigned char *rc4_ct, size_t rc4_ct_s) + const unsigned char *rc4_pt, size_t rc4_pt_s, + const unsigned char *rc4_ct, size_t rc4_ct_s) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -5259,16 +5324,16 @@ }; if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) goto err; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, - &rc4_key_s); + &rc4_key_s); if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) - || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, - rc4_pt, rc4_pt_s)) - || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) + || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, + rc4_pt, rc4_pt_s)) + || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) goto err; if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) @@ -5283,8 +5348,8 @@ } static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, - const unsigned char *rc4_pt, size_t rc4_pt_s, - const unsigned char *rc4_ct, size_t rc4_ct_s) + const unsigned char *rc4_pt, size_t rc4_pt_s, + const unsigned char *rc4_ct, size_t rc4_ct_s) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -5302,12 +5367,12 @@ goto err; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, - &rc4_key_s); + &rc4_key_s); if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) - || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, - rc4_ct, rc4_ct_s)) - || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) + || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, + rc4_ct, rc4_ct_s)) + || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) goto err; ret = 1; @@ -5325,12 +5390,10 @@ unsigned char key[5]; unsigned char padding[11]; } rc4_key = { - { /* Five bytes of key material */ - 0x83, 0x32, 0x22, 0x77, 0x2a, - }, - { /* Random padding to 16 bytes */ - 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 - } + { /* Five bytes of key material */ + 0x83, 0x32, 0x22, 0x77, 0x2a }, + { /* Random padding to 16 bytes */ + 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 } }; static const unsigned char rc4_pt[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -5345,9 +5408,9 @@ return TEST_skip("Test requires legacy provider to be loaded"); return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), - rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) + rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), - rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); + rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); } #endif @@ -5370,6 +5433,45 @@ return ret; } +static int test_evp_cipher_negative_length(void) +{ + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *cipher = NULL; + unsigned char key[16] = { 0 }; + unsigned char iv[16] = { 0 }; + unsigned char buffer[32] = { 0 }; + int outl = 0; + int ret = 0; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto end; + + if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-128-CBC", testpropq))) + goto end; + + /* Initialize encryption context */ + if (!TEST_int_eq(EVP_EncryptInit_ex2(ctx, cipher, key, iv, NULL), 1)) + goto end; + + /* Test EVP_EncryptUpdate with negative length - should fail */ + if (!TEST_int_eq(EVP_EncryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0)) + goto end; + + /* Reinitialize for decryption */ + if (!TEST_int_eq(EVP_DecryptInit_ex2(ctx, cipher, key, iv, NULL), 1)) + goto end; + + /* Test EVP_DecryptUpdate with negative length - should fail */ + if (!TEST_int_eq(EVP_DecryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0)) + goto end; + + ret = 1; +end: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + int setup_tests(void) { OPTION_CHOICE o; @@ -5382,13 +5484,13 @@ if (!TEST_ptr(testctx)) return 0; #ifdef STATIC_LEGACY - /* - * This test is always statically linked against libcrypto. We must not - * attempt to load legacy.so that might be dynamically linked against - * libcrypto. Instead we use a built-in version of the legacy provider. - */ - if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) - return 0; + /* + * This test is always statically linked against libcrypto. We must not + * attempt to load legacy.so that might be dynamically linked against + * libcrypto. Instead we use a built-in version of the legacy provider. + */ + if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) + return 0; #endif /* Swap the libctx to test non-default context only */ nullprov = OSSL_PROVIDER_load(NULL, "null"); @@ -5450,7 +5552,7 @@ ADD_TEST(test_X509_PUBKEY_inplace); ADD_TEST(test_X509_PUBKEY_dup); ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, - OSSL_NELEM(ec_der_pub_keys)); + OSSL_NELEM(ec_der_pub_keys)); #endif #ifndef OPENSSL_NO_DSA ADD_TEST(test_DSA_get_set_params); @@ -5459,20 +5561,21 @@ ADD_TEST(test_RSA_get_set_params); ADD_TEST(test_RSA_OAEP_set_get_params); ADD_TEST(test_RSA_OAEP_set_null_label); + ADD_TEST(test_RSA_encrypt); #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) ADD_TEST(test_decrypt_null_chunks); #endif #ifndef OPENSSL_NO_DH ADD_TEST(test_DH_priv_pub); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_TEST(test_EVP_PKEY_set1_DH); -# endif +#endif #endif #ifndef OPENSSL_NO_EC ADD_TEST(test_EC_priv_pub); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_TEST(test_EC_priv_only_legacy); -# endif +#endif #endif ADD_ALL_TESTS(test_keygen_with_empty_template, 2); ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); @@ -5507,18 +5610,19 @@ ADD_TEST(test_evp_md_cipher_meth); ADD_TEST(test_custom_md_meth); ADD_TEST(test_custom_ciph_meth); + ADD_TEST(test_rsasve_kem_with_invalid_pub_key); -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +#ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Tests only support the default libctx */ if (testctx == NULL) { -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_signatures_with_engine, 3); -# else +#else ADD_ALL_TESTS(test_signatures_with_engine, 2); -# endif +#endif ADD_TEST(test_cipher_with_engine); } -# endif +#endif #endif ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); @@ -5535,6 +5639,8 @@ ADD_TEST(test_invalid_ctx_for_digest); + ADD_TEST(test_evp_cipher_negative_length); + return 1; } --- crypto/openssl/test/evp_extra_test2.c.orig +++ crypto/openssl/test/evp_extra_test2.c @@ -36,57 +36,614 @@ * should never use this key anywhere but in an example. */ static const unsigned char kExampleRSAKeyDER[] = { - 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, - 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, - 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, - 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, - 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, - 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, - 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, - 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, - 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, - 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, - 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, - 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, - 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, - 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, - 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, - 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, - 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, - 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, - 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, - 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, - 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, - 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, - 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, - 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, - 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, - 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, - 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, - 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, - 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, - 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, - 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, - 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, - 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, - 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, - 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, - 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, - 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, - 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, - 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, - 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, - 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, - 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, - 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, - 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, - 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, - 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, - 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, - 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, - 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, - 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, + 0x30, + 0x82, + 0x02, + 0x5c, + 0x02, + 0x01, + 0x00, + 0x02, + 0x81, + 0x81, + 0x00, + 0xf8, + 0xb8, + 0x6c, + 0x83, + 0xb4, + 0xbc, + 0xd9, + 0xa8, + 0x57, + 0xc0, + 0xa5, + 0xb4, + 0x59, + 0x76, + 0x8c, + 0x54, + 0x1d, + 0x79, + 0xeb, + 0x22, + 0x52, + 0x04, + 0x7e, + 0xd3, + 0x37, + 0xeb, + 0x41, + 0xfd, + 0x83, + 0xf9, + 0xf0, + 0xa6, + 0x85, + 0x15, + 0x34, + 0x75, + 0x71, + 0x5a, + 0x84, + 0xa8, + 0x3c, + 0xd2, + 0xef, + 0x5a, + 0x4e, + 0xd3, + 0xde, + 0x97, + 0x8a, + 0xdd, + 0xff, + 0xbb, + 0xcf, + 0x0a, + 0xaa, + 0x86, + 0x92, + 0xbe, + 0xb8, + 0x50, + 0xe4, + 0xcd, + 0x6f, + 0x80, + 0x33, + 0x30, + 0x76, + 0x13, + 0x8f, + 0xca, + 0x7b, + 0xdc, + 0xec, + 0x5a, + 0xca, + 0x63, + 0xc7, + 0x03, + 0x25, + 0xef, + 0xa8, + 0x8a, + 0x83, + 0x58, + 0x76, + 0x20, + 0xfa, + 0x16, + 0x77, + 0xd7, + 0x79, + 0x92, + 0x63, + 0x01, + 0x48, + 0x1a, + 0xd8, + 0x7b, + 0x67, + 0xf1, + 0x52, + 0x55, + 0x49, + 0x4e, + 0xd6, + 0x6e, + 0x4a, + 0x5c, + 0xd7, + 0x7a, + 0x37, + 0x36, + 0x0c, + 0xde, + 0xdd, + 0x8f, + 0x44, + 0xe8, + 0xc2, + 0xa7, + 0x2c, + 0x2b, + 0xb5, + 0xaf, + 0x64, + 0x4b, + 0x61, + 0x07, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x81, + 0x80, + 0x74, + 0x88, + 0x64, + 0x3f, + 0x69, + 0x45, + 0x3a, + 0x6d, + 0xc7, + 0x7f, + 0xb9, + 0xa3, + 0xc0, + 0x6e, + 0xec, + 0xdc, + 0xd4, + 0x5a, + 0xb5, + 0x32, + 0x85, + 0x5f, + 0x19, + 0xd4, + 0xf8, + 0xd4, + 0x3f, + 0x3c, + 0xfa, + 0xc2, + 0xf6, + 0x5f, + 0xee, + 0xe6, + 0xba, + 0x87, + 0x74, + 0x2e, + 0xc7, + 0x0c, + 0xd4, + 0x42, + 0xb8, + 0x66, + 0x85, + 0x9c, + 0x7b, + 0x24, + 0x61, + 0xaa, + 0x16, + 0x11, + 0xf6, + 0xb5, + 0xb6, + 0xa4, + 0x0a, + 0xc9, + 0x55, + 0x2e, + 0x81, + 0xa5, + 0x47, + 0x61, + 0xcb, + 0x25, + 0x8f, + 0xc2, + 0x15, + 0x7b, + 0x0e, + 0x7c, + 0x36, + 0x9f, + 0x3a, + 0xda, + 0x58, + 0x86, + 0x1c, + 0x5b, + 0x83, + 0x79, + 0xe6, + 0x2b, + 0xcc, + 0xe6, + 0xfa, + 0x2c, + 0x61, + 0xf2, + 0x78, + 0x80, + 0x1b, + 0xe2, + 0xf3, + 0x9d, + 0x39, + 0x2b, + 0x65, + 0x57, + 0x91, + 0x3d, + 0x71, + 0x99, + 0x73, + 0xa5, + 0xc2, + 0x79, + 0x20, + 0x8c, + 0x07, + 0x4f, + 0xe5, + 0xb4, + 0x60, + 0x1f, + 0x99, + 0xa2, + 0xb1, + 0x4f, + 0x0c, + 0xef, + 0xbc, + 0x59, + 0x53, + 0x00, + 0x7d, + 0xb1, + 0x02, + 0x41, + 0x00, + 0xfc, + 0x7e, + 0x23, + 0x65, + 0x70, + 0xf8, + 0xce, + 0xd3, + 0x40, + 0x41, + 0x80, + 0x6a, + 0x1d, + 0x01, + 0xd6, + 0x01, + 0xff, + 0xb6, + 0x1b, + 0x3d, + 0x3d, + 0x59, + 0x09, + 0x33, + 0x79, + 0xc0, + 0x4f, + 0xde, + 0x96, + 0x27, + 0x4b, + 0x18, + 0xc6, + 0xd9, + 0x78, + 0xf1, + 0xf4, + 0x35, + 0x46, + 0xe9, + 0x7c, + 0x42, + 0x7a, + 0x5d, + 0x9f, + 0xef, + 0x54, + 0xb8, + 0xf7, + 0x9f, + 0xc4, + 0x33, + 0x6c, + 0xf3, + 0x8c, + 0x32, + 0x46, + 0x87, + 0x67, + 0x30, + 0x7b, + 0xa7, + 0xac, + 0xe3, + 0x02, + 0x41, + 0x00, + 0xfc, + 0x2c, + 0xdf, + 0x0c, + 0x0d, + 0x88, + 0xf5, + 0xb1, + 0x92, + 0xa8, + 0x93, + 0x47, + 0x63, + 0x55, + 0xf5, + 0xca, + 0x58, + 0x43, + 0xba, + 0x1c, + 0xe5, + 0x9e, + 0xb6, + 0x95, + 0x05, + 0xcd, + 0xb5, + 0x82, + 0xdf, + 0xeb, + 0x04, + 0x53, + 0x9d, + 0xbd, + 0xc2, + 0x38, + 0x16, + 0xb3, + 0x62, + 0xdd, + 0xa1, + 0x46, + 0xdb, + 0x6d, + 0x97, + 0x93, + 0x9f, + 0x8a, + 0xc3, + 0x9b, + 0x64, + 0x7e, + 0x42, + 0xe3, + 0x32, + 0x57, + 0x19, + 0x1b, + 0xd5, + 0x6e, + 0x85, + 0xfa, + 0xb8, + 0x8d, + 0x02, + 0x41, + 0x00, + 0xbc, + 0x3d, + 0xde, + 0x6d, + 0xd6, + 0x97, + 0xe8, + 0xba, + 0x9e, + 0x81, + 0x37, + 0x17, + 0xe5, + 0xa0, + 0x64, + 0xc9, + 0x00, + 0xb7, + 0xe7, + 0xfe, + 0xf4, + 0x29, + 0xd9, + 0x2e, + 0x43, + 0x6b, + 0x19, + 0x20, + 0xbd, + 0x99, + 0x75, + 0xe7, + 0x76, + 0xf8, + 0xd3, + 0xae, + 0xaf, + 0x7e, + 0xb8, + 0xeb, + 0x81, + 0xf4, + 0x9d, + 0xfe, + 0x07, + 0x2b, + 0x0b, + 0x63, + 0x0b, + 0x5a, + 0x55, + 0x90, + 0x71, + 0x7d, + 0xf1, + 0xdb, + 0xd9, + 0xb1, + 0x41, + 0x41, + 0x68, + 0x2f, + 0x4e, + 0x39, + 0x02, + 0x40, + 0x5a, + 0x34, + 0x66, + 0xd8, + 0xf5, + 0xe2, + 0x7f, + 0x18, + 0xb5, + 0x00, + 0x6e, + 0x26, + 0x84, + 0x27, + 0x14, + 0x93, + 0xfb, + 0xfc, + 0xc6, + 0x0f, + 0x5e, + 0x27, + 0xe6, + 0xe1, + 0xe9, + 0xc0, + 0x8a, + 0xe4, + 0x34, + 0xda, + 0xe9, + 0xa2, + 0x4b, + 0x73, + 0xbc, + 0x8c, + 0xb9, + 0xba, + 0x13, + 0x6c, + 0x7a, + 0x2b, + 0x51, + 0x84, + 0xa3, + 0x4a, + 0xe0, + 0x30, + 0x10, + 0x06, + 0x7e, + 0xed, + 0x17, + 0x5a, + 0x14, + 0x00, + 0xc9, + 0xef, + 0x85, + 0xea, + 0x52, + 0x2c, + 0xbc, + 0x65, + 0x02, + 0x40, + 0x51, + 0xe3, + 0xf2, + 0x83, + 0x19, + 0x9b, + 0xc4, + 0x1e, + 0x2f, + 0x50, + 0x3d, + 0xdf, + 0x5a, + 0xa2, + 0x18, + 0xca, + 0x5f, + 0x2e, + 0x49, + 0xaf, + 0x6f, + 0xcc, + 0xfa, + 0x65, + 0x77, + 0x94, + 0xb5, + 0xa1, + 0x0a, + 0xa9, + 0xd1, + 0x8a, + 0x39, + 0x37, + 0xf4, + 0x0b, + 0xa0, + 0xd7, + 0x82, + 0x27, + 0x5e, + 0xae, + 0x17, + 0x17, + 0xa1, + 0x1e, + 0x54, + 0x34, + 0xbf, + 0x6e, + 0xc4, + 0x8e, + 0x99, + 0x5d, + 0x08, + 0xf1, + 0x2d, + 0x86, + 0x9d, + 0xa5, + 0x20, + 0x1b, + 0xe5, + 0xdf, }; /* @@ -94,59 +651,640 @@ * PrivateKeyInfo. */ static const unsigned char kExampleRSAKeyPKCS8[] = { - 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, - 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, - 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, - 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, - 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, - 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, - 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, - 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, - 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, - 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, - 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, - 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, - 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, - 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, - 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, - 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, - 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, - 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, - 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, - 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, - 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, - 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, - 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, - 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, - 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, - 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, - 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, - 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, - 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, - 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, - 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, - 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, - 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, - 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, - 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, - 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, - 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, - 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, - 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, - 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, - 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, - 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, - 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, - 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, - 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, - 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, - 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, - 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, - 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, - 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, - 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, - 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, + 0x30, + 0x82, + 0x02, + 0x76, + 0x02, + 0x01, + 0x00, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x01, + 0x05, + 0x00, + 0x04, + 0x82, + 0x02, + 0x60, + 0x30, + 0x82, + 0x02, + 0x5c, + 0x02, + 0x01, + 0x00, + 0x02, + 0x81, + 0x81, + 0x00, + 0xf8, + 0xb8, + 0x6c, + 0x83, + 0xb4, + 0xbc, + 0xd9, + 0xa8, + 0x57, + 0xc0, + 0xa5, + 0xb4, + 0x59, + 0x76, + 0x8c, + 0x54, + 0x1d, + 0x79, + 0xeb, + 0x22, + 0x52, + 0x04, + 0x7e, + 0xd3, + 0x37, + 0xeb, + 0x41, + 0xfd, + 0x83, + 0xf9, + 0xf0, + 0xa6, + 0x85, + 0x15, + 0x34, + 0x75, + 0x71, + 0x5a, + 0x84, + 0xa8, + 0x3c, + 0xd2, + 0xef, + 0x5a, + 0x4e, + 0xd3, + 0xde, + 0x97, + 0x8a, + 0xdd, + 0xff, + 0xbb, + 0xcf, + 0x0a, + 0xaa, + 0x86, + 0x92, + 0xbe, + 0xb8, + 0x50, + 0xe4, + 0xcd, + 0x6f, + 0x80, + 0x33, + 0x30, + 0x76, + 0x13, + 0x8f, + 0xca, + 0x7b, + 0xdc, + 0xec, + 0x5a, + 0xca, + 0x63, + 0xc7, + 0x03, + 0x25, + 0xef, + 0xa8, + 0x8a, + 0x83, + 0x58, + 0x76, + 0x20, + 0xfa, + 0x16, + 0x77, + 0xd7, + 0x79, + 0x92, + 0x63, + 0x01, + 0x48, + 0x1a, + 0xd8, + 0x7b, + 0x67, + 0xf1, + 0x52, + 0x55, + 0x49, + 0x4e, + 0xd6, + 0x6e, + 0x4a, + 0x5c, + 0xd7, + 0x7a, + 0x37, + 0x36, + 0x0c, + 0xde, + 0xdd, + 0x8f, + 0x44, + 0xe8, + 0xc2, + 0xa7, + 0x2c, + 0x2b, + 0xb5, + 0xaf, + 0x64, + 0x4b, + 0x61, + 0x07, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x81, + 0x80, + 0x74, + 0x88, + 0x64, + 0x3f, + 0x69, + 0x45, + 0x3a, + 0x6d, + 0xc7, + 0x7f, + 0xb9, + 0xa3, + 0xc0, + 0x6e, + 0xec, + 0xdc, + 0xd4, + 0x5a, + 0xb5, + 0x32, + 0x85, + 0x5f, + 0x19, + 0xd4, + 0xf8, + 0xd4, + 0x3f, + 0x3c, + 0xfa, + 0xc2, + 0xf6, + 0x5f, + 0xee, + 0xe6, + 0xba, + 0x87, + 0x74, + 0x2e, + 0xc7, + 0x0c, + 0xd4, + 0x42, + 0xb8, + 0x66, + 0x85, + 0x9c, + 0x7b, + 0x24, + 0x61, + 0xaa, + 0x16, + 0x11, + 0xf6, + 0xb5, + 0xb6, + 0xa4, + 0x0a, + 0xc9, + 0x55, + 0x2e, + 0x81, + 0xa5, + 0x47, + 0x61, + 0xcb, + 0x25, + 0x8f, + 0xc2, + 0x15, + 0x7b, + 0x0e, + 0x7c, + 0x36, + 0x9f, + 0x3a, + 0xda, + 0x58, + 0x86, + 0x1c, + 0x5b, + 0x83, + 0x79, + 0xe6, + 0x2b, + 0xcc, + 0xe6, + 0xfa, + 0x2c, + 0x61, + 0xf2, + 0x78, + 0x80, + 0x1b, + 0xe2, + 0xf3, + 0x9d, + 0x39, + 0x2b, + 0x65, + 0x57, + 0x91, + 0x3d, + 0x71, + 0x99, + 0x73, + 0xa5, + 0xc2, + 0x79, + 0x20, + 0x8c, + 0x07, + 0x4f, + 0xe5, + 0xb4, + 0x60, + 0x1f, + 0x99, + 0xa2, + 0xb1, + 0x4f, + 0x0c, + 0xef, + 0xbc, + 0x59, + 0x53, + 0x00, + 0x7d, + 0xb1, + 0x02, + 0x41, + 0x00, + 0xfc, + 0x7e, + 0x23, + 0x65, + 0x70, + 0xf8, + 0xce, + 0xd3, + 0x40, + 0x41, + 0x80, + 0x6a, + 0x1d, + 0x01, + 0xd6, + 0x01, + 0xff, + 0xb6, + 0x1b, + 0x3d, + 0x3d, + 0x59, + 0x09, + 0x33, + 0x79, + 0xc0, + 0x4f, + 0xde, + 0x96, + 0x27, + 0x4b, + 0x18, + 0xc6, + 0xd9, + 0x78, + 0xf1, + 0xf4, + 0x35, + 0x46, + 0xe9, + 0x7c, + 0x42, + 0x7a, + 0x5d, + 0x9f, + 0xef, + 0x54, + 0xb8, + 0xf7, + 0x9f, + 0xc4, + 0x33, + 0x6c, + 0xf3, + 0x8c, + 0x32, + 0x46, + 0x87, + 0x67, + 0x30, + 0x7b, + 0xa7, + 0xac, + 0xe3, + 0x02, + 0x41, + 0x00, + 0xfc, + 0x2c, + 0xdf, + 0x0c, + 0x0d, + 0x88, + 0xf5, + 0xb1, + 0x92, + 0xa8, + 0x93, + 0x47, + 0x63, + 0x55, + 0xf5, + 0xca, + 0x58, + 0x43, + 0xba, + 0x1c, + 0xe5, + 0x9e, + 0xb6, + 0x95, + 0x05, + 0xcd, + 0xb5, + 0x82, + 0xdf, + 0xeb, + 0x04, + 0x53, + 0x9d, + 0xbd, + 0xc2, + 0x38, + 0x16, + 0xb3, + 0x62, + 0xdd, + 0xa1, + 0x46, + 0xdb, + 0x6d, + 0x97, + 0x93, + 0x9f, + 0x8a, + 0xc3, + 0x9b, + 0x64, + 0x7e, + 0x42, + 0xe3, + 0x32, + 0x57, + 0x19, + 0x1b, + 0xd5, + 0x6e, + 0x85, + 0xfa, + 0xb8, + 0x8d, + 0x02, + 0x41, + 0x00, + 0xbc, + 0x3d, + 0xde, + 0x6d, + 0xd6, + 0x97, + 0xe8, + 0xba, + 0x9e, + 0x81, + 0x37, + 0x17, + 0xe5, + 0xa0, + 0x64, + 0xc9, + 0x00, + 0xb7, + 0xe7, + 0xfe, + 0xf4, + 0x29, + 0xd9, + 0x2e, + 0x43, + 0x6b, + 0x19, + 0x20, + 0xbd, + 0x99, + 0x75, + 0xe7, + 0x76, + 0xf8, + 0xd3, + 0xae, + 0xaf, + 0x7e, + 0xb8, + 0xeb, + 0x81, + 0xf4, + 0x9d, + 0xfe, + 0x07, + 0x2b, + 0x0b, + 0x63, + 0x0b, + 0x5a, + 0x55, + 0x90, + 0x71, + 0x7d, + 0xf1, + 0xdb, + 0xd9, + 0xb1, + 0x41, + 0x41, + 0x68, + 0x2f, + 0x4e, + 0x39, + 0x02, + 0x40, + 0x5a, + 0x34, + 0x66, + 0xd8, + 0xf5, + 0xe2, + 0x7f, + 0x18, + 0xb5, + 0x00, + 0x6e, + 0x26, + 0x84, + 0x27, + 0x14, + 0x93, + 0xfb, + 0xfc, + 0xc6, + 0x0f, + 0x5e, + 0x27, + 0xe6, + 0xe1, + 0xe9, + 0xc0, + 0x8a, + 0xe4, + 0x34, + 0xda, + 0xe9, + 0xa2, + 0x4b, + 0x73, + 0xbc, + 0x8c, + 0xb9, + 0xba, + 0x13, + 0x6c, + 0x7a, + 0x2b, + 0x51, + 0x84, + 0xa3, + 0x4a, + 0xe0, + 0x30, + 0x10, + 0x06, + 0x7e, + 0xed, + 0x17, + 0x5a, + 0x14, + 0x00, + 0xc9, + 0xef, + 0x85, + 0xea, + 0x52, + 0x2c, + 0xbc, + 0x65, + 0x02, + 0x40, + 0x51, + 0xe3, + 0xf2, + 0x83, + 0x19, + 0x9b, + 0xc4, + 0x1e, + 0x2f, + 0x50, + 0x3d, + 0xdf, + 0x5a, + 0xa2, + 0x18, + 0xca, + 0x5f, + 0x2e, + 0x49, + 0xaf, + 0x6f, + 0xcc, + 0xfa, + 0x65, + 0x77, + 0x94, + 0xb5, + 0xa1, + 0x0a, + 0xa9, + 0xd1, + 0x8a, + 0x39, + 0x37, + 0xf4, + 0x0b, + 0xa0, + 0xd7, + 0x82, + 0x27, + 0x5e, + 0xae, + 0x17, + 0x17, + 0xa1, + 0x1e, + 0x54, + 0x34, + 0xbf, + 0x6e, + 0xc4, + 0x8e, + 0x99, + 0x5d, + 0x08, + 0xf1, + 0x2d, + 0x86, + 0x9d, + 0xa5, + 0x20, + 0x1b, + 0xe5, + 0xdf, }; #ifndef OPENSSL_NO_DH @@ -207,16 +1345,126 @@ * structure. */ static const unsigned char kExampleECKeyDER[] = { - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, - 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, - 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, - 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, - 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, - 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, - 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, - 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, - 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0x30, + 0x77, + 0x02, + 0x01, + 0x01, + 0x04, + 0x20, + 0x07, + 0x0f, + 0x08, + 0x72, + 0x7a, + 0xd4, + 0xa0, + 0x4a, + 0x9c, + 0xdd, + 0x59, + 0xc9, + 0x4d, + 0x89, + 0x68, + 0x77, + 0x08, + 0xb5, + 0x6f, + 0xc9, + 0x5d, + 0x30, + 0x77, + 0x0e, + 0xe8, + 0xd1, + 0xc9, + 0xce, + 0x0a, + 0x8b, + 0xb4, + 0x6a, + 0xa0, + 0x0a, + 0x06, + 0x08, + 0x2a, + 0x86, + 0x48, + 0xce, + 0x3d, + 0x03, + 0x01, + 0x07, + 0xa1, + 0x44, + 0x03, + 0x42, + 0x00, + 0x04, + 0xe6, + 0x2b, + 0x69, + 0xe2, + 0xbf, + 0x65, + 0x9f, + 0x97, + 0xbe, + 0x2f, + 0x1e, + 0x0d, + 0x94, + 0x8a, + 0x4c, + 0xd5, + 0x97, + 0x6b, + 0xb7, + 0xa9, + 0x1e, + 0x0d, + 0x46, + 0xfb, + 0xdd, + 0xa9, + 0xa9, + 0x1e, + 0x9d, + 0xdc, + 0xba, + 0x5a, + 0x01, + 0xe7, + 0xd6, + 0x97, + 0xa8, + 0x0a, + 0x18, + 0xf9, + 0xc3, + 0xc4, + 0xa3, + 0x1e, + 0x56, + 0xe2, + 0x7c, + 0x83, + 0x48, + 0xdb, + 0x16, + 0x1a, + 0x1c, + 0xf5, + 0x1d, + 0x7e, + 0xf1, + 0x94, + 0x2d, + 0x4b, + 0xcf, + 0x72, + 0x22, 0xc1, }; @@ -246,20 +1494,20 @@ } APK_DATA; static APK_DATA keydata[] = { - {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, - {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, + { kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA }, + { kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA }, #ifndef OPENSSL_NO_EC - {kExampleECXKey2DER, sizeof(kExampleECXKey2DER), EVP_PKEY_X25519}, - {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}, - {kExampleECKey2DER, sizeof(kExampleECKey2DER), EVP_PKEY_EC}, + { kExampleECXKey2DER, sizeof(kExampleECXKey2DER), EVP_PKEY_X25519 }, + { kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC }, + { kExampleECKey2DER, sizeof(kExampleECKey2DER), EVP_PKEY_EC }, #endif #ifndef OPENSSL_NO_DH - {kExampleDHPrivateKeyDER, sizeof(kExampleDHPrivateKeyDER), EVP_PKEY_DH}, + { kExampleDHPrivateKeyDER, sizeof(kExampleDHPrivateKeyDER), EVP_PKEY_DH }, #endif }; static int pkey_has_private(EVP_PKEY *key, const char *privtag, - int use_octstring) + int use_octstring) { int ret = 0; @@ -267,7 +1515,7 @@ unsigned char buf[64]; ret = EVP_PKEY_get_octet_string_param(key, privtag, buf, sizeof(buf), - NULL); + NULL); } else { BIGNUM *bn = NULL; @@ -308,7 +1556,8 @@ if (!TEST_ptr(fromctx = EVP_PKEY_CTX_new_from_name(mainctx, keytype, NULL)) || !TEST_int_eq(EVP_PKEY_fromdata_init(fromctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(fromctx, &fromkey, EVP_PKEY_PUBLIC_KEY, - keypair_params), 1) + keypair_params), + 1) || !TEST_false(pkey_has_private(fromkey, privtag, use_octstring))) goto end; /* @@ -316,7 +1565,8 @@ * the resulting key contains a private key. */ if (!TEST_int_eq(EVP_PKEY_fromdata(fromctx, &fromkeypair, - EVP_PKEY_KEYPAIR, keypair_params), 1) + EVP_PKEY_KEYPAIR, keypair_params), + 1) || !TEST_true(pkey_has_private(fromkeypair, privtag, use_octstring))) goto end; ret = 1; @@ -336,23 +1586,23 @@ OSSL_PARAM params[2]; EVP_PKEY *key = NULL; EVP_PKEY_CTX *gctx = NULL; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 const DH *dhkey; const BIGNUM *privkey; -# endif +#endif params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); params[1] = OSSL_PARAM_construct_end(); ret = TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(mainctx, "DHX", NULL)) - && TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0) - && TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) - && TEST_int_gt(EVP_PKEY_generate(gctx, &key), 0) - && TEST_true(do_pkey_tofrom_data_select(key, "DHX")); -# ifndef OPENSSL_NO_DEPRECATED_3_0 + && TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0) + && TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) + && TEST_int_gt(EVP_PKEY_generate(gctx, &key), 0) + && TEST_true(do_pkey_tofrom_data_select(key, "DHX")); +#ifndef OPENSSL_NO_DEPRECATED_3_0 ret = ret && TEST_ptr(dhkey = EVP_PKEY_get0_DH(key)) - && TEST_ptr(privkey = DH_get0_priv_key(dhkey)) - && TEST_int_le(BN_num_bits(privkey), 225); -# endif + && TEST_ptr(privkey = DH_get0_priv_key(dhkey)) + && TEST_int_le(BN_num_bits(privkey), 225); +#endif EVP_PKEY_free(key); EVP_PKEY_CTX_free(gctx); return ret; @@ -368,21 +1618,21 @@ params[0] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_PBITS, &pbits); params[1] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, - "generator", 0); + "generator", 0); params[2] = OSSL_PARAM_construct_end(); ret = TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(mainctx, "DH", NULL)) - && TEST_int_gt(EVP_PKEY_paramgen_init(gctx), 0) - && TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) - && TEST_true(EVP_PKEY_paramgen(gctx, &pkey)) - && TEST_ptr(pkey); + && TEST_int_gt(EVP_PKEY_paramgen_init(gctx), 0) + && TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) + && TEST_true(EVP_PKEY_paramgen(gctx, &pkey)) + && TEST_ptr(pkey); EVP_PKEY_CTX_free(gctx); gctx = NULL; ret = ret && TEST_ptr(gctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, NULL)) - && TEST_int_eq(EVP_PKEY_param_check(gctx), 1) - && TEST_int_eq(EVP_PKEY_param_check_quick(gctx), 1); + && TEST_int_eq(EVP_PKEY_param_check(gctx), 1) + && TEST_int_eq(EVP_PKEY_param_check_quick(gctx), 1); EVP_PKEY_CTX_free(gctx); EVP_PKEY_free(pkey); @@ -398,7 +1648,7 @@ EVP_PKEY *key = NULL; ret = TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "EC", "P-256")) - && TEST_true(do_pkey_tofrom_data_select(key, "EC")); + && TEST_true(do_pkey_tofrom_data_select(key, "EC")); EVP_PKEY_free(key); return ret; } @@ -409,7 +1659,7 @@ EVP_PKEY *key = NULL; ret = TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "X25519")) - && TEST_true(do_pkey_tofrom_data_select(key, "X25519")); + && TEST_true(do_pkey_tofrom_data_select(key, "X25519")); EVP_PKEY_free(key); return ret; } @@ -422,7 +1672,7 @@ EVP_PKEY *key = NULL; ret = TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "SM2")) - && TEST_true(do_pkey_tofrom_data_select(key, "SM2")); + && TEST_true(do_pkey_tofrom_data_select(key, "SM2")); EVP_PKEY_free(key); return ret; } @@ -436,8 +1686,8 @@ int pdata_len = sizeof(kExampleRSAKeyDER); ret = TEST_ptr(key = d2i_AutoPrivateKey_ex(NULL, &pdata, pdata_len, - mainctx, NULL)) - && TEST_true(do_pkey_tofrom_data_select(key, "RSA")); + mainctx, NULL)) + && TEST_true(do_pkey_tofrom_data_select(key, "RSA")); EVP_PKEY_free(key); return ret; } @@ -458,34 +1708,34 @@ p = input; if (!TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &p, input_len, mainctx, - NULL)) - || !TEST_ptr_eq(p, input + input_len) - || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) + NULL)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) goto done; if (ak->evptype == EVP_PKEY_RSA) { if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, - &priv_bn))) + &priv_bn))) goto done; } else if (ak->evptype == EVP_PKEY_X25519) { unsigned char buffer[32]; size_t len; if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey, - OSSL_PKEY_PARAM_PRIV_KEY, - buffer, sizeof(buffer), - &len))) + OSSL_PKEY_PARAM_PRIV_KEY, + buffer, sizeof(buffer), + &len))) goto done; } else { if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, - &priv_bn))) + &priv_bn))) goto done; } if (ak->evptype == EVP_PKEY_DH) { if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p_bn)) || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, - &g_bn))) + &g_bn))) goto done; } @@ -511,17 +1761,18 @@ OSSL_PROVIDER *provider = NULL; ret = TEST_ptr(provider = OSSL_PROVIDER_load(NULL, "default")) - && TEST_ptr(enc_bio = BIO_new(BIO_s_mem())) - && TEST_ptr(in = BIO_new_mem_buf(kExampleRSAKeyPKCS8, - sizeof(kExampleRSAKeyPKCS8))) - && TEST_ptr(pkey = d2i_PrivateKey_ex_bio(in, NULL, NULL, NULL)) - && TEST_int_eq(i2d_PKCS8PrivateKey_nid_bio(enc_bio, pkey, nid, - pwd, sizeof(pwd) - 1, - NULL, NULL), 1) - && TEST_int_gt(enc_datalen = BIO_get_mem_data(enc_bio, &enc_data), 0) - && TEST_ptr(pkey_dec = d2i_PKCS8PrivateKey_bio(enc_bio, NULL, NULL, - (void *)pwd)) - && TEST_true(EVP_PKEY_eq(pkey, pkey_dec)); + && TEST_ptr(enc_bio = BIO_new(BIO_s_mem())) + && TEST_ptr(in = BIO_new_mem_buf(kExampleRSAKeyPKCS8, + sizeof(kExampleRSAKeyPKCS8))) + && TEST_ptr(pkey = d2i_PrivateKey_ex_bio(in, NULL, NULL, NULL)) + && TEST_int_eq(i2d_PKCS8PrivateKey_nid_bio(enc_bio, pkey, nid, + pwd, sizeof(pwd) - 1, + NULL, NULL), + 1) + && TEST_int_gt(enc_datalen = BIO_get_mem_data(enc_bio, &enc_data), 0) + && TEST_ptr(pkey_dec = d2i_PKCS8PrivateKey_bio(enc_bio, NULL, NULL, + (void *)pwd)) + && TEST_true(EVP_PKEY_eq(pkey, pkey_dec)); EVP_PKEY_free(pkey_dec); EVP_PKEY_free(pkey); @@ -564,7 +1815,7 @@ goto err; ok = 1; - err: +err: EVP_MD_free(sha256); return ok; } @@ -599,7 +1850,7 @@ goto err; ok = 1; - err: +err: EVP_MD_free(sha256); OSSL_PROVIDER_unload(provider); return ok; @@ -627,7 +1878,7 @@ TEST_int_eq(ERR_peek_error(), 0); test_openssl_errors(); - err: +err: EVP_PKEY_free(pkey); BIO_free(key_bio); OSSL_PROVIDER_unload(provider); @@ -661,7 +1912,7 @@ ok = 1; - err: +err: test_openssl_errors(); EVP_PKEY_free(pkey); BIO_free(key_bio); @@ -693,7 +1944,7 @@ if (/* Output Encrypted private key in PEM form */ !TEST_true(PEM_write_bio_PrivateKey(key_bio, write_pkey, EVP_aes_256_cbc(), - NULL, 0, NULL, "pass"))) + NULL, 0, NULL, "pass"))) goto err; ERR_clear_error(); @@ -705,7 +1956,7 @@ goto err; ok = 1; - err: +err: test_openssl_errors(); EVP_PKEY_free(read_pkey); EVP_PKEY_free(write_pkey); @@ -717,18 +1968,19 @@ } static int do_fromdata_key_is_equal(const OSSL_PARAM params[], - const EVP_PKEY *expected, const char *type) + const EVP_PKEY *expected, const char *type) { EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *pkey = NULL; int ret; ret = TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(mainctx, type, NULL)) - && TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) - && TEST_int_eq(EVP_PKEY_fromdata(ctx, &pkey, - EVP_PKEY_KEYPAIR, - (OSSL_PARAM *)params), 1) - && TEST_true(EVP_PKEY_eq(pkey, expected)); + && TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + && TEST_int_eq(EVP_PKEY_fromdata(ctx, &pkey, + EVP_PKEY_KEYPAIR, + (OSSL_PARAM *)params), + 1) + && TEST_true(EVP_PKEY_eq(pkey, expected)); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); return ret; @@ -744,77 +1996,856 @@ * -paramfile dsa_param.pem -pkeyopt type:fips186_4 -out dsa_priv.pem */ static const unsigned char dsa_key[] = { - 0x30, 0x82, 0x03, 0x4e, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xda, 0xb3, 0x46, 0x4d, 0x54, 0x57, 0xc7, 0xb4, 0x61, 0xa0, 0x6f, 0x66, - 0x17, 0xda, 0xeb, 0x90, 0xf0, 0xa3, 0xd1, 0x29, 0xc9, 0x5f, 0xf2, 0x21, - 0x3d, 0x85, 0xa3, 0x4a, 0xf0, 0xf8, 0x36, 0x39, 0x1b, 0xe3, 0xee, 0x37, - 0x70, 0x06, 0x9b, 0xe8, 0xe3, 0x0a, 0xd2, 0xf1, 0xf6, 0xc4, 0x42, 0x23, - 0x1f, 0x74, 0x78, 0xc2, 0x16, 0xf5, 0xce, 0xd6, 0xab, 0xa0, 0xc6, 0xe8, - 0x99, 0x3d, 0xf8, 0x8b, 0xfb, 0x47, 0xf8, 0x5e, 0x05, 0x68, 0x6d, 0x8b, - 0xa8, 0xad, 0xa1, 0xc2, 0x3a, 0x4e, 0xe0, 0xad, 0xec, 0x38, 0x75, 0x21, - 0x55, 0x22, 0xce, 0xa2, 0xe9, 0xe5, 0x3b, 0xd7, 0x44, 0xeb, 0x5a, 0x03, - 0x59, 0xa0, 0xc5, 0x7a, 0x92, 0x59, 0x7d, 0x7a, 0x07, 0x80, 0xfc, 0x4e, - 0xf8, 0x56, 0x7e, 0xf1, 0x06, 0xe0, 0xba, 0xb2, 0xe7, 0x5b, 0x22, 0x55, - 0xee, 0x4b, 0x42, 0x61, 0x67, 0x2c, 0x43, 0x9a, 0x38, 0x2b, 0x17, 0xc2, - 0x62, 0x12, 0x8b, 0x0b, 0x22, 0x8c, 0x0c, 0x1c, 0x1c, 0x92, 0xb1, 0xec, - 0x70, 0xce, 0x0f, 0x8c, 0xff, 0x8d, 0x21, 0xf9, 0x19, 0x68, 0x4d, 0x32, - 0x59, 0x78, 0x42, 0x1d, 0x0c, 0xc5, 0x1a, 0xcb, 0x28, 0xe2, 0xc1, 0x1a, - 0x35, 0xf1, 0x42, 0x0a, 0x19, 0x39, 0xfa, 0x83, 0xd1, 0xb4, 0xaa, 0x69, - 0x0f, 0xc2, 0x8e, 0xf9, 0x59, 0x2c, 0xee, 0x11, 0xfc, 0x3e, 0x4b, 0x44, - 0xfb, 0x9a, 0x32, 0xc8, 0x78, 0x23, 0x56, 0x85, 0x49, 0x21, 0x43, 0x12, - 0x79, 0xbd, 0xa0, 0x70, 0x47, 0x2f, 0xae, 0xb6, 0xd7, 0x6c, 0xc6, 0x07, - 0x76, 0xa9, 0x8a, 0xa2, 0x16, 0x02, 0x89, 0x1f, 0x1a, 0xd1, 0xa2, 0x96, - 0x56, 0xd1, 0x1f, 0x10, 0xe1, 0xe5, 0x9f, 0x3f, 0xdd, 0x09, 0x0c, 0x40, - 0x90, 0x71, 0xef, 0x14, 0x41, 0x02, 0x82, 0x3a, 0x6b, 0xe1, 0xf8, 0x2c, - 0x5d, 0xbe, 0xfd, 0x1b, 0x02, 0x1d, 0x00, 0xe0, 0x20, 0xe0, 0x7c, 0x02, - 0x16, 0xa7, 0x6c, 0x6a, 0x19, 0xba, 0xd5, 0x83, 0x73, 0xf3, 0x7d, 0x31, - 0xef, 0xa7, 0xe1, 0x5d, 0x5b, 0x7f, 0xf3, 0xfc, 0xda, 0x84, 0x31, 0x02, - 0x82, 0x01, 0x01, 0x00, 0x83, 0xdb, 0xa1, 0xbc, 0x3e, 0xc7, 0x29, 0xa5, - 0x6a, 0x5c, 0x2c, 0xe8, 0x7a, 0x8c, 0x7e, 0xe8, 0xb8, 0x3e, 0x13, 0x47, - 0xcd, 0x36, 0x7e, 0x79, 0x30, 0x7a, 0x28, 0x03, 0xd3, 0xd4, 0xd2, 0xe3, - 0xee, 0x3b, 0x46, 0xda, 0xe0, 0x71, 0xe6, 0xcf, 0x46, 0x86, 0x0a, 0x37, - 0x57, 0xb6, 0xe9, 0xcf, 0xa1, 0x78, 0x19, 0xb8, 0x72, 0x9f, 0x30, 0x8c, - 0x2a, 0x04, 0x7c, 0x2f, 0x0c, 0x27, 0xa7, 0xb3, 0x23, 0xe0, 0x46, 0xf2, - 0x75, 0x0c, 0x03, 0x4c, 0xad, 0xfb, 0xc1, 0xcb, 0x28, 0xcd, 0xa0, 0x63, - 0xdb, 0x44, 0x88, 0xe0, 0xda, 0x6c, 0x5b, 0x89, 0xb2, 0x5b, 0x40, 0x6d, - 0xeb, 0x78, 0x7a, 0xd5, 0xaf, 0x40, 0x52, 0x46, 0x63, 0x92, 0x13, 0x0d, - 0xee, 0xee, 0xf9, 0x53, 0xca, 0x2d, 0x4e, 0x3b, 0x13, 0xd8, 0x0f, 0x50, - 0xd0, 0x44, 0x57, 0x67, 0x0f, 0x45, 0x8f, 0x21, 0x30, 0x97, 0x9e, 0x80, - 0xd9, 0xd0, 0x91, 0xb7, 0xc9, 0x5a, 0x69, 0xda, 0xeb, 0xd5, 0xea, 0x37, - 0xf6, 0xb3, 0xbe, 0x1f, 0x24, 0xf1, 0x55, 0x14, 0x28, 0x05, 0xb5, 0xd8, - 0x84, 0x0f, 0x62, 0x85, 0xaa, 0xec, 0x77, 0x64, 0xfd, 0x80, 0x7c, 0x41, - 0x00, 0x88, 0xa3, 0x79, 0x7d, 0x4f, 0x6f, 0xe3, 0x76, 0xf4, 0xb5, 0x97, - 0xb7, 0xeb, 0x67, 0x28, 0xba, 0x07, 0x1a, 0x59, 0x32, 0xc1, 0x53, 0xd9, - 0x05, 0x6b, 0x63, 0x93, 0xce, 0xa1, 0xd9, 0x7a, 0xb2, 0xff, 0x1c, 0x12, - 0x0a, 0x9a, 0xe5, 0x51, 0x1e, 0xba, 0xfc, 0x95, 0x2e, 0x28, 0xa9, 0xfc, - 0x4c, 0xed, 0x7b, 0x05, 0xca, 0x67, 0xe0, 0x2d, 0xd7, 0x54, 0xb3, 0x05, - 0x1c, 0x23, 0x2b, 0x35, 0x2e, 0x19, 0x48, 0x59, 0x0e, 0x58, 0xa8, 0x01, - 0x56, 0xfb, 0x78, 0x90, 0xba, 0x08, 0x77, 0x94, 0x45, 0x05, 0x13, 0xc7, - 0x6b, 0x96, 0xd2, 0xa3, 0xa6, 0x01, 0x9f, 0x34, 0x02, 0x82, 0x01, 0x00, - 0x16, 0x1a, 0xb4, 0x6d, 0x9f, 0x16, 0x6c, 0xcc, 0x91, 0x66, 0xfe, 0x30, - 0xeb, 0x8e, 0x44, 0xba, 0x2b, 0x7a, 0xc9, 0xa8, 0x95, 0xf2, 0xa6, 0x38, - 0xd8, 0xaf, 0x3e, 0x91, 0x68, 0xe8, 0x52, 0xf3, 0x97, 0x37, 0x70, 0xf2, - 0x47, 0xa3, 0xf4, 0x62, 0x26, 0xf5, 0x3b, 0x71, 0x52, 0x50, 0x15, 0x9c, - 0x6d, 0xa6, 0x6d, 0x92, 0x4c, 0x48, 0x76, 0x31, 0x54, 0x48, 0xa5, 0x99, - 0x7a, 0xd4, 0x61, 0xf7, 0x21, 0x44, 0xe7, 0xd8, 0x82, 0xc3, 0x50, 0xd3, - 0xd9, 0xd4, 0x66, 0x20, 0xab, 0x70, 0x4c, 0x97, 0x9b, 0x8d, 0xac, 0x1f, - 0x78, 0x27, 0x1e, 0x47, 0xf8, 0x3b, 0xd1, 0x55, 0x73, 0xf3, 0xb4, 0x8e, - 0x6d, 0x45, 0x40, 0x54, 0xc6, 0xd8, 0x95, 0x15, 0x27, 0xb7, 0x5f, 0x65, - 0xaa, 0xcb, 0x24, 0xc9, 0x49, 0x87, 0x32, 0xad, 0xcb, 0xf8, 0x35, 0x63, - 0x56, 0x72, 0x7c, 0x4e, 0x6c, 0xad, 0x5f, 0x26, 0x8c, 0xd2, 0x80, 0x41, - 0xaf, 0x88, 0x23, 0x20, 0x03, 0xa4, 0xd5, 0x3c, 0x53, 0x54, 0xb0, 0x3d, - 0xed, 0x0e, 0x9e, 0x53, 0x0a, 0x63, 0x5f, 0xfd, 0x28, 0x57, 0x09, 0x07, - 0x73, 0xf4, 0x0c, 0xd4, 0x71, 0x5d, 0x6b, 0xa0, 0xd7, 0x86, 0x99, 0x29, - 0x9b, 0xca, 0xfb, 0xcc, 0xd6, 0x2f, 0xfe, 0xbe, 0x94, 0xef, 0x1a, 0x0e, - 0x55, 0x84, 0xa7, 0xaf, 0x7b, 0xfa, 0xed, 0x77, 0x61, 0x28, 0x22, 0xee, - 0x6b, 0x11, 0xdd, 0xb0, 0x17, 0x1e, 0x06, 0xe4, 0x29, 0x4c, 0xc2, 0x3f, - 0xd6, 0x75, 0xb6, 0x08, 0x04, 0x55, 0x13, 0x48, 0x4f, 0x44, 0xea, 0x8d, - 0xaf, 0xcb, 0xac, 0x22, 0xc4, 0x6a, 0xb3, 0x86, 0xe5, 0x47, 0xa9, 0xb5, - 0x72, 0x17, 0x23, 0x11, 0x81, 0x7f, 0x00, 0x00, 0x67, 0x5c, 0xf4, 0x58, - 0xcc, 0xe2, 0x46, 0xce, 0xf5, 0x6d, 0xd8, 0x18, 0x91, 0xc4, 0x20, 0xbf, - 0x07, 0x48, 0x45, 0xfd, 0x02, 0x1c, 0x2f, 0x68, 0x44, 0xcb, 0xfb, 0x6b, - 0xcb, 0x8d, 0x02, 0x49, 0x7c, 0xee, 0xd2, 0xa6, 0xd3, 0x43, 0xb8, 0xa4, - 0x09, 0xb7, 0xc1, 0xd4, 0x4b, 0xc3, 0x66, 0xa7, 0xe0, 0x21, + 0x30, + 0x82, + 0x03, + 0x4e, + 0x02, + 0x01, + 0x00, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0xda, + 0xb3, + 0x46, + 0x4d, + 0x54, + 0x57, + 0xc7, + 0xb4, + 0x61, + 0xa0, + 0x6f, + 0x66, + 0x17, + 0xda, + 0xeb, + 0x90, + 0xf0, + 0xa3, + 0xd1, + 0x29, + 0xc9, + 0x5f, + 0xf2, + 0x21, + 0x3d, + 0x85, + 0xa3, + 0x4a, + 0xf0, + 0xf8, + 0x36, + 0x39, + 0x1b, + 0xe3, + 0xee, + 0x37, + 0x70, + 0x06, + 0x9b, + 0xe8, + 0xe3, + 0x0a, + 0xd2, + 0xf1, + 0xf6, + 0xc4, + 0x42, + 0x23, + 0x1f, + 0x74, + 0x78, + 0xc2, + 0x16, + 0xf5, + 0xce, + 0xd6, + 0xab, + 0xa0, + 0xc6, + 0xe8, + 0x99, + 0x3d, + 0xf8, + 0x8b, + 0xfb, + 0x47, + 0xf8, + 0x5e, + 0x05, + 0x68, + 0x6d, + 0x8b, + 0xa8, + 0xad, + 0xa1, + 0xc2, + 0x3a, + 0x4e, + 0xe0, + 0xad, + 0xec, + 0x38, + 0x75, + 0x21, + 0x55, + 0x22, + 0xce, + 0xa2, + 0xe9, + 0xe5, + 0x3b, + 0xd7, + 0x44, + 0xeb, + 0x5a, + 0x03, + 0x59, + 0xa0, + 0xc5, + 0x7a, + 0x92, + 0x59, + 0x7d, + 0x7a, + 0x07, + 0x80, + 0xfc, + 0x4e, + 0xf8, + 0x56, + 0x7e, + 0xf1, + 0x06, + 0xe0, + 0xba, + 0xb2, + 0xe7, + 0x5b, + 0x22, + 0x55, + 0xee, + 0x4b, + 0x42, + 0x61, + 0x67, + 0x2c, + 0x43, + 0x9a, + 0x38, + 0x2b, + 0x17, + 0xc2, + 0x62, + 0x12, + 0x8b, + 0x0b, + 0x22, + 0x8c, + 0x0c, + 0x1c, + 0x1c, + 0x92, + 0xb1, + 0xec, + 0x70, + 0xce, + 0x0f, + 0x8c, + 0xff, + 0x8d, + 0x21, + 0xf9, + 0x19, + 0x68, + 0x4d, + 0x32, + 0x59, + 0x78, + 0x42, + 0x1d, + 0x0c, + 0xc5, + 0x1a, + 0xcb, + 0x28, + 0xe2, + 0xc1, + 0x1a, + 0x35, + 0xf1, + 0x42, + 0x0a, + 0x19, + 0x39, + 0xfa, + 0x83, + 0xd1, + 0xb4, + 0xaa, + 0x69, + 0x0f, + 0xc2, + 0x8e, + 0xf9, + 0x59, + 0x2c, + 0xee, + 0x11, + 0xfc, + 0x3e, + 0x4b, + 0x44, + 0xfb, + 0x9a, + 0x32, + 0xc8, + 0x78, + 0x23, + 0x56, + 0x85, + 0x49, + 0x21, + 0x43, + 0x12, + 0x79, + 0xbd, + 0xa0, + 0x70, + 0x47, + 0x2f, + 0xae, + 0xb6, + 0xd7, + 0x6c, + 0xc6, + 0x07, + 0x76, + 0xa9, + 0x8a, + 0xa2, + 0x16, + 0x02, + 0x89, + 0x1f, + 0x1a, + 0xd1, + 0xa2, + 0x96, + 0x56, + 0xd1, + 0x1f, + 0x10, + 0xe1, + 0xe5, + 0x9f, + 0x3f, + 0xdd, + 0x09, + 0x0c, + 0x40, + 0x90, + 0x71, + 0xef, + 0x14, + 0x41, + 0x02, + 0x82, + 0x3a, + 0x6b, + 0xe1, + 0xf8, + 0x2c, + 0x5d, + 0xbe, + 0xfd, + 0x1b, + 0x02, + 0x1d, + 0x00, + 0xe0, + 0x20, + 0xe0, + 0x7c, + 0x02, + 0x16, + 0xa7, + 0x6c, + 0x6a, + 0x19, + 0xba, + 0xd5, + 0x83, + 0x73, + 0xf3, + 0x7d, + 0x31, + 0xef, + 0xa7, + 0xe1, + 0x5d, + 0x5b, + 0x7f, + 0xf3, + 0xfc, + 0xda, + 0x84, + 0x31, + 0x02, + 0x82, + 0x01, + 0x01, + 0x00, + 0x83, + 0xdb, + 0xa1, + 0xbc, + 0x3e, + 0xc7, + 0x29, + 0xa5, + 0x6a, + 0x5c, + 0x2c, + 0xe8, + 0x7a, + 0x8c, + 0x7e, + 0xe8, + 0xb8, + 0x3e, + 0x13, + 0x47, + 0xcd, + 0x36, + 0x7e, + 0x79, + 0x30, + 0x7a, + 0x28, + 0x03, + 0xd3, + 0xd4, + 0xd2, + 0xe3, + 0xee, + 0x3b, + 0x46, + 0xda, + 0xe0, + 0x71, + 0xe6, + 0xcf, + 0x46, + 0x86, + 0x0a, + 0x37, + 0x57, + 0xb6, + 0xe9, + 0xcf, + 0xa1, + 0x78, + 0x19, + 0xb8, + 0x72, + 0x9f, + 0x30, + 0x8c, + 0x2a, + 0x04, + 0x7c, + 0x2f, + 0x0c, + 0x27, + 0xa7, + 0xb3, + 0x23, + 0xe0, + 0x46, + 0xf2, + 0x75, + 0x0c, + 0x03, + 0x4c, + 0xad, + 0xfb, + 0xc1, + 0xcb, + 0x28, + 0xcd, + 0xa0, + 0x63, + 0xdb, + 0x44, + 0x88, + 0xe0, + 0xda, + 0x6c, + 0x5b, + 0x89, + 0xb2, + 0x5b, + 0x40, + 0x6d, + 0xeb, + 0x78, + 0x7a, + 0xd5, + 0xaf, + 0x40, + 0x52, + 0x46, + 0x63, + 0x92, + 0x13, + 0x0d, + 0xee, + 0xee, + 0xf9, + 0x53, + 0xca, + 0x2d, + 0x4e, + 0x3b, + 0x13, + 0xd8, + 0x0f, + 0x50, + 0xd0, + 0x44, + 0x57, + 0x67, + 0x0f, + 0x45, + 0x8f, + 0x21, + 0x30, + 0x97, + 0x9e, + 0x80, + 0xd9, + 0xd0, + 0x91, + 0xb7, + 0xc9, + 0x5a, + 0x69, + 0xda, + 0xeb, + 0xd5, + 0xea, + 0x37, + 0xf6, + 0xb3, + 0xbe, + 0x1f, + 0x24, + 0xf1, + 0x55, + 0x14, + 0x28, + 0x05, + 0xb5, + 0xd8, + 0x84, + 0x0f, + 0x62, + 0x85, + 0xaa, + 0xec, + 0x77, + 0x64, + 0xfd, + 0x80, + 0x7c, + 0x41, + 0x00, + 0x88, + 0xa3, + 0x79, + 0x7d, + 0x4f, + 0x6f, + 0xe3, + 0x76, + 0xf4, + 0xb5, + 0x97, + 0xb7, + 0xeb, + 0x67, + 0x28, + 0xba, + 0x07, + 0x1a, + 0x59, + 0x32, + 0xc1, + 0x53, + 0xd9, + 0x05, + 0x6b, + 0x63, + 0x93, + 0xce, + 0xa1, + 0xd9, + 0x7a, + 0xb2, + 0xff, + 0x1c, + 0x12, + 0x0a, + 0x9a, + 0xe5, + 0x51, + 0x1e, + 0xba, + 0xfc, + 0x95, + 0x2e, + 0x28, + 0xa9, + 0xfc, + 0x4c, + 0xed, + 0x7b, + 0x05, + 0xca, + 0x67, + 0xe0, + 0x2d, + 0xd7, + 0x54, + 0xb3, + 0x05, + 0x1c, + 0x23, + 0x2b, + 0x35, + 0x2e, + 0x19, + 0x48, + 0x59, + 0x0e, + 0x58, + 0xa8, + 0x01, + 0x56, + 0xfb, + 0x78, + 0x90, + 0xba, + 0x08, + 0x77, + 0x94, + 0x45, + 0x05, + 0x13, + 0xc7, + 0x6b, + 0x96, + 0xd2, + 0xa3, + 0xa6, + 0x01, + 0x9f, + 0x34, + 0x02, + 0x82, + 0x01, + 0x00, + 0x16, + 0x1a, + 0xb4, + 0x6d, + 0x9f, + 0x16, + 0x6c, + 0xcc, + 0x91, + 0x66, + 0xfe, + 0x30, + 0xeb, + 0x8e, + 0x44, + 0xba, + 0x2b, + 0x7a, + 0xc9, + 0xa8, + 0x95, + 0xf2, + 0xa6, + 0x38, + 0xd8, + 0xaf, + 0x3e, + 0x91, + 0x68, + 0xe8, + 0x52, + 0xf3, + 0x97, + 0x37, + 0x70, + 0xf2, + 0x47, + 0xa3, + 0xf4, + 0x62, + 0x26, + 0xf5, + 0x3b, + 0x71, + 0x52, + 0x50, + 0x15, + 0x9c, + 0x6d, + 0xa6, + 0x6d, + 0x92, + 0x4c, + 0x48, + 0x76, + 0x31, + 0x54, + 0x48, + 0xa5, + 0x99, + 0x7a, + 0xd4, + 0x61, + 0xf7, + 0x21, + 0x44, + 0xe7, + 0xd8, + 0x82, + 0xc3, + 0x50, + 0xd3, + 0xd9, + 0xd4, + 0x66, + 0x20, + 0xab, + 0x70, + 0x4c, + 0x97, + 0x9b, + 0x8d, + 0xac, + 0x1f, + 0x78, + 0x27, + 0x1e, + 0x47, + 0xf8, + 0x3b, + 0xd1, + 0x55, + 0x73, + 0xf3, + 0xb4, + 0x8e, + 0x6d, + 0x45, + 0x40, + 0x54, + 0xc6, + 0xd8, + 0x95, + 0x15, + 0x27, + 0xb7, + 0x5f, + 0x65, + 0xaa, + 0xcb, + 0x24, + 0xc9, + 0x49, + 0x87, + 0x32, + 0xad, + 0xcb, + 0xf8, + 0x35, + 0x63, + 0x56, + 0x72, + 0x7c, + 0x4e, + 0x6c, + 0xad, + 0x5f, + 0x26, + 0x8c, + 0xd2, + 0x80, + 0x41, + 0xaf, + 0x88, + 0x23, + 0x20, + 0x03, + 0xa4, + 0xd5, + 0x3c, + 0x53, + 0x54, + 0xb0, + 0x3d, + 0xed, + 0x0e, + 0x9e, + 0x53, + 0x0a, + 0x63, + 0x5f, + 0xfd, + 0x28, + 0x57, + 0x09, + 0x07, + 0x73, + 0xf4, + 0x0c, + 0xd4, + 0x71, + 0x5d, + 0x6b, + 0xa0, + 0xd7, + 0x86, + 0x99, + 0x29, + 0x9b, + 0xca, + 0xfb, + 0xcc, + 0xd6, + 0x2f, + 0xfe, + 0xbe, + 0x94, + 0xef, + 0x1a, + 0x0e, + 0x55, + 0x84, + 0xa7, + 0xaf, + 0x7b, + 0xfa, + 0xed, + 0x77, + 0x61, + 0x28, + 0x22, + 0xee, + 0x6b, + 0x11, + 0xdd, + 0xb0, + 0x17, + 0x1e, + 0x06, + 0xe4, + 0x29, + 0x4c, + 0xc2, + 0x3f, + 0xd6, + 0x75, + 0xb6, + 0x08, + 0x04, + 0x55, + 0x13, + 0x48, + 0x4f, + 0x44, + 0xea, + 0x8d, + 0xaf, + 0xcb, + 0xac, + 0x22, + 0xc4, + 0x6a, + 0xb3, + 0x86, + 0xe5, + 0x47, + 0xa9, + 0xb5, + 0x72, + 0x17, + 0x23, + 0x11, + 0x81, + 0x7f, + 0x00, + 0x00, + 0x67, + 0x5c, + 0xf4, + 0x58, + 0xcc, + 0xe2, + 0x46, + 0xce, + 0xf5, + 0x6d, + 0xd8, + 0x18, + 0x91, + 0xc4, + 0x20, + 0xbf, + 0x07, + 0x48, + 0x45, + 0xfd, + 0x02, + 0x1c, + 0x2f, + 0x68, + 0x44, + 0xcb, + 0xfb, + 0x6b, + 0xcb, + 0x8d, + 0x02, + 0x49, + 0x7c, + 0xee, + 0xd2, + 0xa6, + 0xd3, + 0x43, + 0xb8, + 0xa4, + 0x09, + 0xb7, + 0xc1, + 0xd4, + 0x4b, + 0xc3, + 0x66, + 0xa7, + 0xe0, + 0x21, }; static const unsigned char dsa_p[] = { 0x00, 0xda, 0xb3, 0x46, 0x4d, 0x54, 0x57, 0xc7, 0xb4, 0x61, 0xa0, 0x6f, 0x66, 0x17, 0xda, @@ -892,12 +2923,13 @@ int ret; ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(mainctx, "DSA", NULL)) - && TEST_int_eq(EVP_PKEY_fromdata_init(gen_ctx), 1) - && TEST_int_eq(EVP_PKEY_fromdata(gen_ctx, &pkey, - EVP_PKEY_KEYPAIR, key_params), 1) - && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, - NULL)) - && TEST_int_eq(EVP_PKEY_param_check(check_ctx), expected); + && TEST_int_eq(EVP_PKEY_fromdata_init(gen_ctx), 1) + && TEST_int_eq(EVP_PKEY_fromdata(gen_ctx, &pkey, + EVP_PKEY_KEYPAIR, key_params), + 1) + && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, + NULL)) + && TEST_int_eq(EVP_PKEY_param_check(check_ctx), expected); EVP_PKEY_CTX_free(check_ctx); EVP_PKEY_CTX_free(gen_ctx); EVP_PKEY_free(pkey); @@ -905,7 +2937,7 @@ } static int do_check_bn(OSSL_PARAM params[], const char *key, - const unsigned char *expected, size_t expected_len) + const unsigned char *expected, size_t expected_len) { OSSL_PARAM *p; BIGNUM *bn = NULL; @@ -913,9 +2945,9 @@ int ret, len; ret = TEST_ptr(p = OSSL_PARAM_locate(params, key)) - && TEST_true(OSSL_PARAM_get_BN(p, &bn)) - && TEST_int_gt(len = BN_bn2binpad(bn, buffer, expected_len), 0) - && TEST_mem_eq(expected, expected_len, buffer, len); + && TEST_true(OSSL_PARAM_get_BN(p, &bn)) + && TEST_int_gt(len = BN_bn2binpad(bn, buffer, expected_len), 0) + && TEST_mem_eq(expected, expected_len, buffer, len); BN_free(bn); return ret; } @@ -926,8 +2958,8 @@ int val = 0; return TEST_ptr(p = OSSL_PARAM_locate(params, key)) - && TEST_true(OSSL_PARAM_get_int(p, &val)) - && TEST_int_eq(val, expected); + && TEST_true(OSSL_PARAM_get_int(p, &val)) + && TEST_int_eq(val, expected); } static int test_dsa_tofrom_data_select(void) @@ -937,8 +2969,8 @@ const unsigned char *pkeydata = dsa_key; ret = TEST_ptr(key = d2i_AutoPrivateKey_ex(NULL, &pkeydata, sizeof(dsa_key), - mainctx, NULL)) - && TEST_true(do_pkey_tofrom_data_select(key, "DSA")); + mainctx, NULL)) + && TEST_true(do_pkey_tofrom_data_select(key, "DSA")); EVP_PKEY_free(key); return ret; @@ -961,24 +2993,24 @@ int dsa_gindex = 5; gen_params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, - (void*)dsa_seed, - sizeof(dsa_seed)); + (void *)dsa_seed, + sizeof(dsa_seed)); gen_params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, - &dsa_gindex); + &dsa_gindex); gen_params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, - &dsa_pcounter); + &dsa_pcounter); gen_params[3] = OSSL_PARAM_construct_end(); if (!TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pkeydata, sizeof(dsa_key), - mainctx, NULL)) + mainctx, NULL)) || !TEST_int_eq(EVP_PKEY_todata(pkey, EVP_PKEY_KEYPAIR, &to_params), 1) || !do_check_bn(to_params, OSSL_PKEY_PARAM_FFC_P, dsa_p, sizeof(dsa_p)) || !do_check_bn(to_params, OSSL_PKEY_PARAM_FFC_Q, dsa_q, sizeof(dsa_q)) || !do_check_bn(to_params, OSSL_PKEY_PARAM_FFC_G, dsa_g, sizeof(dsa_g)) || !do_check_bn(to_params, OSSL_PKEY_PARAM_PUB_KEY, dsa_pub, - sizeof(dsa_pub)) + sizeof(dsa_pub)) || !do_check_bn(to_params, OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv, - sizeof(dsa_priv)) + sizeof(dsa_priv)) || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_GINDEX, -1) || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_PCOUNTER, -1) || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_H, 0) @@ -995,9 +3027,9 @@ || !do_check_params(all_params, 1)) goto err; gen_params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, - &dsa_gindex); + &dsa_gindex); gen_params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, - &dsa_pcounter); + &dsa_pcounter); /* * Check that modifying the shallow copy values used in OSSL_PARAM_merge() * results in an invalid key. This also verifies that the fips186-4 @@ -1032,7 +3064,7 @@ static int test_dsa_fromdata_digest_prop(int tstid) { EVP_PKEY_CTX *ctx = NULL, *gctx = NULL; - EVP_PKEY *pkey = NULL, *pkey2 = NULL; + EVP_PKEY *pkey = NULL, *pkey2 = NULL; OSSL_PARAM params[4], *p = params; int ret = 0; int expected = (tstid == 0 ? 0 : 1); @@ -1042,7 +3074,7 @@ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, "SHA512", 0); /* Setting a bad prop query here should fail during paramgen - when it tries to do a fetch */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, - tstid == 0 ? "provider=unknown" : "provider=default", 0); + tstid == 0 ? "provider=unknown" : "provider=default", 0); *p++ = OSSL_PARAM_construct_end(); if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(mainctx, "DSA", NULL)) @@ -1073,9 +3105,9 @@ const unsigned char *pdata = keydata[0].kder; ret = TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pdata, keydata[0].size, - mainctx, NULL)) - && TEST_int_eq(EVP_PKEY_todata(NULL, EVP_PKEY_KEYPAIR, ¶ms), 0) - && TEST_int_eq(EVP_PKEY_todata(pkey, EVP_PKEY_KEYPAIR, NULL), 0); + mainctx, NULL)) + && TEST_int_eq(EVP_PKEY_todata(NULL, EVP_PKEY_KEYPAIR, ¶ms), 0) + && TEST_int_eq(EVP_PKEY_todata(pkey, EVP_PKEY_KEYPAIR, NULL), 0); EVP_PKEY_free(pkey); return ret; } @@ -1096,10 +3128,11 @@ const unsigned char *pdata = keydata[0].kder; ret = TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pdata, keydata[0].size, - mainctx, NULL)) - && TEST_int_eq(EVP_PKEY_export(NULL, EVP_PKEY_KEYPAIR, - test_pkey_export_cb, NULL), 0) - && TEST_int_eq(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR, NULL, NULL), 0); + mainctx, NULL)) + && TEST_int_eq(EVP_PKEY_export(NULL, EVP_PKEY_KEYPAIR, + test_pkey_export_cb, NULL), + 0) + && TEST_int_eq(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR, NULL, NULL), 0); EVP_PKEY_free(pkey); return ret; } @@ -1115,11 +3148,11 @@ int pdata_len = keydata[0].size; if (!TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pdata, pdata_len, - mainctx, NULL)) + mainctx, NULL)) || !TEST_true(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR, - test_pkey_export_cb, pkey)) + test_pkey_export_cb, pkey)) || !TEST_false(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR, - test_pkey_export_cb, NULL))) + test_pkey_export_cb, NULL))) ret = 0; EVP_PKEY_free(pkey); @@ -1131,9 +3164,9 @@ || !TEST_ptr(pkey = EVP_PKEY_new()) || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) || !TEST_true(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR, - test_pkey_export_cb, pkey)) + test_pkey_export_cb, pkey)) || !TEST_false(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR, - test_pkey_export_cb, NULL))) + test_pkey_export_cb, NULL))) ret = 0; EVP_PKEY_free(pkey); #endif @@ -1154,21 +3187,23 @@ size_t sig_len = 0; sig_params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_PAD_MODE, - &padding); + &padding); sig_params[1] = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); sig_params[2] = OSSL_PARAM_construct_end(); ret = TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pdata, keydata[0].size, - mainctx, NULL)) - && TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, NULL)) - && TEST_int_gt(EVP_PKEY_sign_init_ex(pctx, sig_params), 0) - && TEST_int_gt(EVP_PKEY_sign(pctx, NULL, &sig_len, mdbuf, - sizeof(mdbuf)), 0) - && TEST_int_gt(sig_len, 0) - && TEST_ptr(sig = OPENSSL_malloc(sig_len)) - && TEST_int_gt(EVP_PKEY_sign(pctx, sig, &sig_len, mdbuf, - sizeof(mdbuf)), 0); + mainctx, NULL)) + && TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, NULL)) + && TEST_int_gt(EVP_PKEY_sign_init_ex(pctx, sig_params), 0) + && TEST_int_gt(EVP_PKEY_sign(pctx, NULL, &sig_len, mdbuf, + sizeof(mdbuf)), + 0) + && TEST_int_gt(sig_len, 0) + && TEST_ptr(sig = OPENSSL_malloc(sig_len)) + && TEST_int_gt(EVP_PKEY_sign(pctx, sig, &sig_len, mdbuf, + sizeof(mdbuf)), + 0); EVP_PKEY_CTX_free(pctx); OPENSSL_free(sig); @@ -1185,8 +3220,8 @@ /* test copying freshly initialized context */ ret = TEST_ptr(mdctx = EVP_MD_CTX_new()) - && TEST_ptr(copyctx = EVP_MD_CTX_new()) - && TEST_true(EVP_MD_CTX_copy_ex(copyctx, mdctx)); + && TEST_ptr(copyctx = EVP_MD_CTX_new()) + && TEST_true(EVP_MD_CTX_copy_ex(copyctx, mdctx)); EVP_MD_CTX_free(mdctx); EVP_MD_CTX_free(copyctx); @@ -1202,11 +3237,11 @@ EVP_PBE_KEYGEN *keygen = NULL; if (!TEST_true(EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), - PKCS5_PBE_keyivgen))) + PKCS5_PBE_keyivgen))) goto err; if (!TEST_true(EVP_PBE_find_ex(EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, - &cipher_nid, &md_nid, &keygen, &keygen_ex))) + &cipher_nid, &md_nid, &keygen, &keygen_ex))) goto err; if (!TEST_true(keygen != NULL)) --- crypto/openssl/test/evp_fetch_prov_test.c.orig +++ crypto/openssl/test/evp_fetch_prov_test.c @@ -47,7 +47,7 @@ { "property", OPT_FETCH_PROPERTY, 's', "The fetch property e.g. provider=fips" }, { "fetchfail", OPT_FETCH_FAILURE, '-', "fetch is expected to fail" }, { "defaultctx", OPT_USE_DEFAULTCTX, '-', - "Use the default context if this is set" }, + "Use the default context if this is set" }, { OPT_HELP_STR, 1, '-', "file\tProvider names to explicitly load\n" }, { NULL } }; @@ -55,23 +55,23 @@ } static int calculate_digest(const EVP_MD *md, const char *msg, size_t len, - const unsigned char *exptd) + const unsigned char *exptd) { unsigned char out[SHA256_DIGEST_LENGTH]; EVP_MD_CTX *ctx; int ret = 0; if (!TEST_ptr(ctx = EVP_MD_CTX_new()) - || !TEST_true(EVP_DigestInit_ex(ctx, md, NULL)) - || !TEST_true(EVP_DigestUpdate(ctx, msg, len)) - || !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL)) - || !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd, - SHA256_DIGEST_LENGTH) - || !TEST_true(md == EVP_MD_CTX_get0_md(ctx))) + || !TEST_true(EVP_DigestInit_ex(ctx, md, NULL)) + || !TEST_true(EVP_DigestUpdate(ctx, msg, len)) + || !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL)) + || !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd, + SHA256_DIGEST_LENGTH) + || !TEST_true(md == EVP_MD_CTX_get0_md(ctx))) goto err; ret = 1; - err: +err: EVP_MD_CTX_free(ctx); return ret; } @@ -127,7 +127,7 @@ if (!TEST_ptr(algor = X509_ALGOR_new()) || !TEST_true(X509_ALGOR_set0(algor, OBJ_nid2obj(nid), - V_ASN1_UNDEF, NULL))) { + V_ASN1_UNDEF, NULL))) { X509_ALGOR_free(algor); return NULL; } @@ -141,9 +141,9 @@ { const char testmsg[] = "Hello world"; const unsigned char exptd[] = { - 0x27, 0x51, 0x8b, 0xa9, 0x68, 0x30, 0x11, 0xf6, 0xb3, 0x96, 0x07, 0x2c, - 0x05, 0xf6, 0x65, 0x6d, 0x04, 0xf5, 0xfb, 0xc3, 0x78, 0x7c, 0xf9, 0x24, - 0x90, 0xec, 0x60, 0x6e, 0x50, 0x92, 0xe3, 0x26 + 0x27, 0x51, 0x8b, 0xa9, 0x68, 0x30, 0x11, 0xf6, 0xb3, 0x96, 0x07, 0x2c, + 0x05, 0xf6, 0x65, 0x6d, 0x04, 0xf5, 0xfb, 0xc3, 0x78, 0x7c, 0xf9, 0x24, + 0x90, 0xec, 0x60, 0x6e, 0x50, 0x92, 0xe3, 0x26 }; return TEST_ptr(md) @@ -156,7 +156,7 @@ static int test_implicit_EVP_MD_fetch(void) { OSSL_LIB_CTX *ctx = NULL; - OSSL_PROVIDER *prov[2] = {NULL, NULL}; + OSSL_PROVIDER *prov[2] = { NULL, NULL }; int ret = 0; ret = (use_default_ctx == 0 || load_providers(&ctx, prov)) @@ -170,7 +170,7 @@ { OSSL_LIB_CTX *ctx = NULL; EVP_MD *md = NULL; - OSSL_PROVIDER *prov[2] = {NULL, NULL}; + OSSL_PROVIDER *prov[2] = { NULL, NULL }; int ret = 0; if (use_default_ctx == 0 && !load_providers(&ctx, prov)) @@ -192,7 +192,7 @@ } ret = 1; - err: +err: EVP_MD_free(md); unload_providers(&ctx, prov); return ret; @@ -230,7 +230,7 @@ } ret = test_explicit_EVP_MD_fetch(id); - end: +end: X509_ALGOR_free(algor); return ret; } @@ -239,7 +239,7 @@ * Test EVP_CIPHER_fetch() */ static int encrypt_decrypt(const EVP_CIPHER *cipher, const unsigned char *msg, - size_t len) + size_t len) { int ret = 0, ctlen, ptlen; EVP_CIPHER_CTX *ctx = NULL; @@ -248,13 +248,13 @@ memset(key, 0, sizeof(key)); if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 1)) - || !TEST_true(EVP_CipherUpdate(ctx, ct, &ctlen, msg, len)) - || !TEST_true(EVP_CipherFinal_ex(ctx, ct, &ctlen)) - || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 0)) - || !TEST_true(EVP_CipherUpdate(ctx, pt, &ptlen, ct, ctlen)) - || !TEST_true(EVP_CipherFinal_ex(ctx, pt, &ptlen)) - || !TEST_mem_eq(pt, ptlen, msg, len)) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 1)) + || !TEST_true(EVP_CipherUpdate(ctx, ct, &ctlen, msg, len)) + || !TEST_true(EVP_CipherFinal_ex(ctx, ct, &ctlen)) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 0)) + || !TEST_true(EVP_CipherUpdate(ctx, pt, &ptlen, ct, ctlen)) + || !TEST_true(EVP_CipherFinal_ex(ctx, pt, &ptlen)) + || !TEST_mem_eq(pt, ptlen, msg, len)) goto err; ret = 1; @@ -274,7 +274,7 @@ static int test_implicit_EVP_CIPHER_fetch(void) { OSSL_LIB_CTX *ctx = NULL; - OSSL_PROVIDER *prov[2] = {NULL, NULL}; + OSSL_PROVIDER *prov[2] = { NULL, NULL }; int ret = 0; ret = (use_default_ctx == 0 || load_providers(&ctx, prov)) @@ -288,7 +288,7 @@ { OSSL_LIB_CTX *ctx = NULL; EVP_CIPHER *cipher = NULL; - OSSL_PROVIDER *prov[2] = {NULL, NULL}; + OSSL_PROVIDER *prov[2] = { NULL, NULL }; int ret = 0; if (use_default_ctx == 0 && !load_providers(&ctx, prov)) @@ -346,7 +346,7 @@ } ret = test_explicit_EVP_CIPHER_fetch(id); - end: +end: X509_ALGOR_free(algor); return ret; } @@ -373,7 +373,7 @@ use_default_ctx = 1; break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; --- crypto/openssl/test/evp_kdf_test.c.orig +++ crypto/openssl/test/evp_kdf_test.c @@ -19,7 +19,6 @@ #include "internal/numbers.h" #include "testutil.h" - static EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name) { EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL); @@ -44,13 +43,13 @@ return NULL; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)digest, 0); + (char *)digest, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, - (unsigned char *)secret, - strlen(secret)); + (unsigned char *)secret, + strlen(secret)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (unsigned char *)seed, - strlen(seed)); + (unsigned char *)seed, + strlen(seed)); *p = OSSL_PARAM_construct_end(); return params; @@ -201,17 +200,17 @@ if (digest != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - digest, 0); + digest, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - salt, strlen(salt)); + salt, strlen(salt)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)key, keylen); + (unsigned char *)key, keylen); if (info != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, - info, strlen(info)); + info, strlen(info)); else *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, - "EXTRACT_ONLY", 0); + "EXTRACT_ONLY", 0); *p = OSSL_PARAM_construct_end(); return params; @@ -249,9 +248,9 @@ EVP_KDF_CTX *kctx = NULL; if (!TEST_ptr(params = construct_hkdf_params( - has_digest ? "sha256" : NULL, - "secret", 6, "salt", - expand_only ? NULL : "label")) + has_digest ? "sha256" : NULL, + "secret", 6, "salt", + expand_only ? NULL : "label")) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))) goto err; @@ -348,7 +347,7 @@ if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))) goto end; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, - "BADMODE", 0); + "BADMODE", 0); params[1] = OSSL_PARAM_construct_end(); if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0)) goto end; @@ -390,13 +389,13 @@ static int test_kdf_hkdf_set_ctx_param_fail(void) { return do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_MODE, - OSSL_PARAM_OCTET_STRING) - && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY, - OSSL_PARAM_UTF8_STRING) - && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT, - OSSL_PARAM_UTF8_STRING) - && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO, - OSSL_PARAM_UTF8_STRING); + OSSL_PARAM_OCTET_STRING) + && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY, + OSSL_PARAM_UTF8_STRING) + && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT, + OSSL_PARAM_UTF8_STRING) + && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO, + OSSL_PARAM_UTF8_STRING); } static int test_kdf_hkdf_zero_output_size(void) @@ -483,12 +482,12 @@ return NULL; *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (unsigned char *)pass, strlen(pass)); + (unsigned char *)pass, strlen(pass)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)salt, strlen(salt)); + (unsigned char *)salt, strlen(salt)); *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - digest, 0); + digest, 0); *p = OSSL_PARAM_construct_end(); return params; @@ -524,8 +523,8 @@ goto err; params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - &iterations); + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1)) @@ -569,8 +568,8 @@ goto err; params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - &iterations); + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations); /* * This is the same test sequence as test_kdf_pbkdf1, but we expect @@ -603,12 +602,12 @@ return NULL; *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (unsigned char *)pass, strlen(pass)); + (unsigned char *)pass, strlen(pass)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)salt, strlen(salt)); + (unsigned char *)salt, strlen(salt)); *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - digest, 0); + digest, 0); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode); *p = OSSL_PARAM_construct_end(); @@ -631,8 +630,8 @@ }; params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - &iterations, &mode); + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations, &mode); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) @@ -657,8 +656,8 @@ OSSL_PARAM *params; params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - &iterations, &mode); + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations, &mode); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) @@ -688,8 +687,8 @@ len = SIZE_MAX; params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - &iterations, &mode); + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations, &mode); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) @@ -714,8 +713,8 @@ OSSL_PARAM *params; params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", - "saltSALT", - &iterations, &mode); + "saltSALT", + &iterations, &mode); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) @@ -739,8 +738,8 @@ OSSL_PARAM *params; params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - &iterations, &mode); + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations, &mode); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) @@ -766,8 +765,8 @@ OSSL_PARAM mode_params[2]; params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", - "saltSALT", - &iterations, &mode); + "saltSALT", + &iterations, &mode); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) @@ -803,8 +802,8 @@ OSSL_PARAM mode_params[2]; params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - &iterations, &mode); + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations, &mode); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) @@ -838,8 +837,8 @@ OSSL_PARAM *params; params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - &iterations, &mode); + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations, &mode); if (!TEST_ptr(params) || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) @@ -874,9 +873,9 @@ }; *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (char *)"password", 8); + (char *)"password", 8); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (char *)"NaCl", 4); + (char *)"NaCl", 4); *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu); *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru); *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu); @@ -911,30 +910,29 @@ OSSL_PARAM params[4], *p = params; unsigned char out[14]; static unsigned char z[] = { - 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e, - 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62, - 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4, - 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9 + 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, + 0xba, 0xe1, 0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9, 0x3f, 0xec, 0x6f, 0x62, + 0xec, 0x07, 0xe3, 0x72, 0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2, 0x62, 0xf4, + 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8, 0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9 }; static unsigned char other[] = { - 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e, - 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde, - 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e, - 0xe0,0xec,0x3f,0x8d,0xbe + 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56, 0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, + 0x98, 0x49, 0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6, 0x06, 0xe0, 0x95, 0xde, + 0x3c, 0x26, 0x4a, 0x66, 0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98, 0x9b, 0x1e, + 0xe0, 0xec, 0x3f, 0x8d, 0xbe }; static const unsigned char expected[sizeof(out)] = { - 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8 + 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46, 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8 }; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)"sha224", 0); + (char *)"sha224", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, - sizeof(other)); + sizeof(other)); *p = OSSL_PARAM_construct_end(); - ret = - TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) + ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -980,14 +978,13 @@ }; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)"sha512", 0); + (char *)"sha512", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared, - sizeof(shared)); + sizeof(shared)); *p = OSSL_PARAM_construct_end(); - ret = - TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF)) + ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -1006,8 +1003,22 @@ EVP_KDF_CTX *kctx; OSSL_PARAM params[7]; static unsigned char input_key[] = { - 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3, - 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B, + 0x57, + 0xD0, + 0x29, + 0x72, + 0x98, + 0xFF, + 0xD9, + 0xD3, + 0x5D, + 0xE5, + 0xA4, + 0x7F, + 0xB4, + 0xBD, + 0xE2, + 0x4B, }; static unsigned char constants[][5] = { { 0x00, 0x00, 0x00, 0x02, 0x99 }, @@ -1015,12 +1026,12 @@ { 0x00, 0x00, 0x00, 0x02, 0x55 }, }; static unsigned char outputs[][16] = { - {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0, - 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56}, - {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17, - 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB}, - {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C, - 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35} + { 0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0, + 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56 }, + { 0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17, + 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB }, + { 0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C, + 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35 } }; static unsigned char iv[16] = { 0 }; unsigned char result[16] = { 0 }; @@ -1044,9 +1055,10 @@ kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), - params), 0) + params), + 0) && TEST_mem_eq(result, sizeof(result), outputs[i], - sizeof(outputs[i])); + sizeof(outputs[i])); EVP_KDF_CTX_free(kctx); if (ret != 1) return ret; @@ -1061,10 +1073,38 @@ EVP_KDF_CTX *kctx; OSSL_PARAM params[7]; static unsigned char input_key[] = { - 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE, - 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6, - 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F, - 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C, + 0xB9, + 0xD6, + 0x82, + 0x8B, + 0x20, + 0x56, + 0xB7, + 0xBE, + 0x65, + 0x6D, + 0x88, + 0xA1, + 0x23, + 0xB1, + 0xFA, + 0xC6, + 0x82, + 0x14, + 0xAC, + 0x2B, + 0x72, + 0x7E, + 0xCF, + 0x5F, + 0x69, + 0xAF, + 0xE0, + 0xC4, + 0xDF, + 0x2A, + 0x6D, + 0x2C, }; static unsigned char constants[][5] = { { 0x00, 0x00, 0x00, 0x02, 0x99 }, @@ -1072,20 +1112,107 @@ { 0x00, 0x00, 0x00, 0x02, 0x55 }, }; static unsigned char outputs[][32] = { - {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3, - 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22, - 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6, - 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50, + { + 0xE4, + 0x67, + 0xF9, + 0xA9, + 0x55, + 0x2B, + 0xC7, + 0xD3, + 0x15, + 0x5A, + 0x62, + 0x20, + 0xAF, + 0x9C, + 0x19, + 0x22, + 0x0E, + 0xEE, + 0xD4, + 0xFF, + 0x78, + 0xB0, + 0xD1, + 0xE6, + 0xA1, + 0x54, + 0x49, + 0x91, + 0x46, + 0x1A, + 0x9E, + 0x50, }, - {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F, - 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60, - 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F, - 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04, + { + 0x41, + 0x2A, + 0xEF, + 0xC3, + 0x62, + 0xA7, + 0x28, + 0x5F, + 0xC3, + 0x96, + 0x6C, + 0x6A, + 0x51, + 0x81, + 0xE7, + 0x60, + 0x5A, + 0xE6, + 0x75, + 0x23, + 0x5B, + 0x6D, + 0x54, + 0x9F, + 0xBF, + 0xC9, + 0xAB, + 0x66, + 0x30, + 0xA4, + 0xC6, + 0x04, }, - {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F, - 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB, - 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D, - 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0, + { + 0xFA, + 0x62, + 0x4F, + 0xA0, + 0xE5, + 0x23, + 0x99, + 0x3F, + 0xA3, + 0x88, + 0xAE, + 0xFD, + 0xC6, + 0x7E, + 0x67, + 0xEB, + 0xCD, + 0x8C, + 0x08, + 0xE8, + 0xA0, + 0x24, + 0x6B, + 0x1D, + 0x73, + 0xB0, + 0xD1, + 0xDD, + 0x9F, + 0xC5, + 0x82, + 0xB0, }, }; static unsigned char iv[16] = { 0 }; @@ -1110,9 +1237,10 @@ kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), - params), 0) + params), + 0) && TEST_mem_eq(result, sizeof(result), outputs[i], - sizeof(outputs[i])); + sizeof(outputs[i])); EVP_KDF_CTX_free(kctx); if (ret != 1) return ret; @@ -1154,7 +1282,7 @@ EVP_KDF_CTX *kctx; OSSL_PARAM *params; - static unsigned char key[] = {0x01}; + static unsigned char key[] = { 0x01 }; params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test"); if (!TEST_ptr(params)) @@ -1176,7 +1304,7 @@ EVP_KDF_CTX *kctx; OSSL_PARAM *params; - static unsigned char key[] = {0x01}; + static unsigned char key[] = { 0x01 }; params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test"); if (!TEST_ptr(params)) @@ -1198,7 +1326,7 @@ EVP_KDF_CTX *kctx; OSSL_PARAM *params; - static unsigned char key[] = {0x01}; + static unsigned char key[] = { 0x01 }; unsigned char result[32] = { 0 }; params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test"); @@ -1222,7 +1350,7 @@ EVP_KDF_CTX *kctx; OSSL_PARAM *params; - static unsigned char key[] = {0x01}; + static unsigned char key[] = { 0x01 }; unsigned char result[32] = { 0 }; params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); @@ -1244,7 +1372,7 @@ EVP_KDF_CTX *kctx; OSSL_PARAM *params; - static unsigned char key[] = {0x01}; + static unsigned char key[] = { 0x01 }; unsigned char result[32] = { 0 }; params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); @@ -1270,16 +1398,58 @@ EVP_KDF_CTX *kctx; OSSL_PARAM params[6]; char *label = "prf", *digest = "sha256", *prf_input = "test", - *mac = "HMAC"; + *mac = "HMAC"; static unsigned char input_key[] = { - 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, - 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, + 0x37, + 0x05, + 0xD9, + 0x60, + 0x80, + 0xC1, + 0x77, + 0x28, + 0xA0, + 0xE8, + 0x00, + 0xEA, + 0xB6, + 0xE0, + 0xD2, + 0x3C, }; static unsigned char output[] = { - 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, - 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, - 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, - 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, + 0x9D, + 0x18, + 0x86, + 0x16, + 0xF6, + 0x38, + 0x52, + 0xFE, + 0x86, + 0x91, + 0x5B, + 0xB8, + 0x40, + 0xB4, + 0xA8, + 0x86, + 0xFF, + 0x3E, + 0x6B, + 0xB0, + 0xF8, + 0x19, + 0xB4, + 0x9B, + 0x89, + 0x33, + 0x93, + 0xD3, + 0x93, + 0x85, + 0x42, + 0x95, }; unsigned char result[sizeof(output)] = { 0 }; @@ -1310,20 +1480,90 @@ EVP_KDF_CTX *kctx; OSSL_PARAM params[6]; char *label = "prf", *digest = "sha384", *prf_input = "test", - *mac = "HMAC"; + *mac = "HMAC"; static unsigned char input_key[] = { - 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D, - 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98, - 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0, - 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52, + 0x6D, + 0x40, + 0x4D, + 0x37, + 0xFA, + 0xF7, + 0x9F, + 0x9D, + 0xF0, + 0xD3, + 0x35, + 0x68, + 0xD3, + 0x20, + 0x66, + 0x98, + 0x00, + 0xEB, + 0x48, + 0x36, + 0x47, + 0x2E, + 0xA8, + 0xA0, + 0x26, + 0xD1, + 0x6B, + 0x71, + 0x82, + 0x46, + 0x0C, + 0x52, }; static unsigned char output[] = { - 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6, - 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0, - 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C, - 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D, - 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33, - 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2, + 0x98, + 0x01, + 0xF6, + 0x9A, + 0x36, + 0x8C, + 0x2B, + 0xF6, + 0x75, + 0xE5, + 0x95, + 0x21, + 0xE1, + 0x77, + 0xD9, + 0xA0, + 0x7F, + 0x67, + 0xEF, + 0xE1, + 0xCF, + 0xDE, + 0x8D, + 0x3C, + 0x8D, + 0x6F, + 0x6A, + 0x02, + 0x56, + 0xE3, + 0xB1, + 0x7D, + 0xB3, + 0xC1, + 0xB6, + 0x2A, + 0xD1, + 0xB8, + 0x55, + 0x33, + 0x60, + 0xD1, + 0x73, + 0x67, + 0xEB, + 0x15, + 0x14, + 0xD2, }; unsigned char result[sizeof(output)] = { 0 }; @@ -1367,23 +1607,103 @@ int use_separator = 0; static unsigned char input_key[] = { - 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e, - 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05, + 0xc1, + 0x0b, + 0x15, + 0x2e, + 0x8c, + 0x97, + 0xb7, + 0x7e, + 0x18, + 0x70, + 0x4e, + 0x0f, + 0x0b, + 0xd3, + 0x83, + 0x05, }; static unsigned char fixed_input[] = { - 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1, - 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2, - 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78, - 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03, - 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06, - 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb, - 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06, - 0xb4, 0x8d, 0x36, 0xc4, + 0x98, + 0xcd, + 0x4c, + 0xbb, + 0xbe, + 0xbe, + 0x15, + 0xd1, + 0x7d, + 0xc8, + 0x6e, + 0x6d, + 0xba, + 0xd8, + 0x00, + 0xa2, + 0xdc, + 0xbd, + 0x64, + 0xf7, + 0xc7, + 0xad, + 0x0e, + 0x78, + 0xe9, + 0xcf, + 0x94, + 0xff, + 0xdb, + 0xa8, + 0x9d, + 0x03, + 0xe9, + 0x7e, + 0xad, + 0xf6, + 0xc4, + 0xf7, + 0xb8, + 0x06, + 0xca, + 0xf5, + 0x2a, + 0xa3, + 0x8f, + 0x09, + 0xd0, + 0xeb, + 0x71, + 0xd7, + 0x1f, + 0x49, + 0x7b, + 0xcc, + 0x69, + 0x06, + 0xb4, + 0x8d, + 0x36, + 0xc4, }; static unsigned char output[] = { - 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8, - 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f, + 0x26, + 0xfa, + 0xf6, + 0x19, + 0x08, + 0xad, + 0x9e, + 0xe8, + 0x81, + 0xb8, + 0x30, + 0x5c, + 0x22, + 0x1d, + 0xb5, + 0x3f, }; unsigned char result[sizeof(output)] = { 0 }; @@ -1391,12 +1711,12 @@ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key, - sizeof(input_key)); + sizeof(input_key)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, - fixed_input, sizeof(fixed_input)); + fixed_input, sizeof(fixed_input)); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, - &use_separator); + &use_separator); *p = OSSL_PARAM_construct_end(); kctx = get_kdfbyname("KBKDF"); @@ -1416,33 +1736,32 @@ OSSL_PARAM params[6], *p = params; unsigned char out[16]; static unsigned char z[] = { - 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 + 0xb7, 0x4a, 0x14, 0x9a, 0x16, 0x15, 0x46, 0xf8, 0xc2, 0x0b, 0x06, 0xac, 0x4e, 0xd4 }; static unsigned char other[] = { - 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc + 0x34, 0x8a, 0x37, 0xa2, 0x7e, 0xf1, 0x28, 0x2f, 0x5f, 0x02, 0x0d, 0xcc }; static unsigned char salt[] = { - 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, - 0x3f,0x89 + 0x36, 0x38, 0x27, 0x1c, 0xcd, 0x68, 0xa2, 0x5d, 0xc2, 0x4e, 0xcd, 0xdd, 0x39, 0xef, + 0x3f, 0x89 }; static const unsigned char expected[sizeof(out)] = { - 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63, - 0x1c,0xa3 + 0x44, 0xf6, 0x76, 0xe8, 0x5c, 0x1b, 0x1a, 0x8b, 0xbc, 0x3d, 0x31, 0x92, 0x18, 0x63, + 0x1c, 0xa3 }; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, - (char *)OSSL_MAC_NAME_HMAC, 0); + (char *)OSSL_MAC_NAME_HMAC, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)"sha256", 0); + (char *)"sha256", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, - sizeof(other)); + sizeof(other)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, - sizeof(salt)); + sizeof(salt)); *p = OSSL_PARAM_construct_end(); - ret = - TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) + ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -1458,38 +1777,37 @@ unsigned char out[64]; size_t mac_size = 20; static unsigned char z[] = { - 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 + 0xb7, 0x4a, 0x14, 0x9a, 0x16, 0x15, 0x46, 0xf8, 0xc2, 0x0b, 0x06, 0xac, 0x4e, 0xd4 }; static unsigned char other[] = { - 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc + 0x34, 0x8a, 0x37, 0xa2, 0x7e, 0xf1, 0x28, 0x2f, 0x5f, 0x02, 0x0d, 0xcc }; static unsigned char salt[] = { - 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, - 0x3f,0x89 + 0x36, 0x38, 0x27, 0x1c, 0xcd, 0x68, 0xa2, 0x5d, 0xc2, 0x4e, 0xcd, 0xdd, 0x39, 0xef, + 0x3f, 0x89 }; static const unsigned char expected[sizeof(out)] = { - 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd, - 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2, - 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4, - 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95, - 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03 + 0xe9, 0xc1, 0x84, 0x53, 0xa0, 0x62, 0xb5, 0x3b, 0xdb, 0xfc, 0xbb, 0x5a, 0x34, 0xbd, + 0xb8, 0xe5, 0xe7, 0x07, 0xee, 0xbb, 0x5d, 0xd1, 0x34, 0x42, 0x43, 0xd8, 0xcf, 0xc2, + 0xc2, 0xe6, 0x33, 0x2f, 0x91, 0xbd, 0xa5, 0x86, 0xf3, 0x7d, 0xe4, 0x8a, 0x65, 0xd4, + 0xc5, 0x14, 0xfd, 0xef, 0xaa, 0x1e, 0x67, 0x54, 0xf3, 0x73, 0xd2, 0x38, 0xe1, 0x95, + 0xae, 0x15, 0x7e, 0x1d, 0xe8, 0x14, 0x98, 0x03 }; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, - (char *)OSSL_MAC_NAME_KMAC128, 0); + (char *)OSSL_MAC_NAME_KMAC128, 0); /* The digest parameter is not needed here and should be ignored */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)"SHA256", 0); + (char *)"SHA256", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, - sizeof(other)); + sizeof(other)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, - sizeof(salt)); + sizeof(salt)); *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size); *p = OSSL_PARAM_construct_end(); - ret = - TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) + ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) && TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), 0) && TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1) /* The bug fix for KMAC returning SIZE_MAX was added in 3.0.8 */ @@ -1539,19 +1857,18 @@ }; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)"sha256", 0); + (char *)"sha256", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, - sizeof(key)); + sizeof(key)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, - xcghash, sizeof(xcghash)); + xcghash, sizeof(xcghash)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, - sessid, sizeof(sessid)); + sessid, sizeof(sessid)); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, - &kdftype, sizeof(kdftype)); + &kdftype, sizeof(kdftype)); *p = OSSL_PARAM_construct_end(); - ret = - TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF)) + ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -1559,7 +1876,7 @@ return ret; } -static int test_kdfs_same( EVP_KDF *kdf1, EVP_KDF *kdf2) +static int test_kdfs_same(EVP_KDF *kdf1, EVP_KDF *kdf2) { /* Fast path in case the two are the same algorithm pointer */ if (kdf1 == kdf2) @@ -1571,7 +1888,7 @@ * will result in a different pointer. */ return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2)) - && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2)); + && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2)); } static int test_kdf_get_kdf(void) @@ -1583,7 +1900,7 @@ if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2)) || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL)) || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)), - NULL)) + NULL)) || !test_kdfs_same(kdf1, kdf2)) ok = 0; EVP_KDF_free(kdf1); @@ -1620,25 +1937,24 @@ unsigned char out[24]; /* RFC2631 Section 2.1.6 Test data */ static unsigned char z[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d, - 0x0e,0x0f,0x10,0x11,0x12,0x13 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, + 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }; static const unsigned char expected[sizeof(out)] = { - 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04, - 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46, - 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb + 0xa0, 0x96, 0x61, 0x39, 0x23, 0x76, 0xf7, 0x04, + 0x4d, 0x90, 0x52, 0xa3, 0x97, 0x88, 0x32, 0x46, + 0xb6, 0x7f, 0x5f, 0x1e, 0xf6, 0x3e, 0xb5, 0xfb }; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)"sha1", 0); + (char *)"sha1", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, - sizeof(z)); + sizeof(z)); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, - (char *)cek_alg, 0); + (char *)cek_alg, 0); *p = OSSL_PARAM_construct_end(); - ret = - TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1)) + ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -1666,15 +1982,14 @@ }; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, - (char *)"AES-128-CBC", 0); + (char *)"AES-128-CBC", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, - sizeof(key)); + sizeof(key)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, - constant, sizeof(constant)); + constant, sizeof(constant)); *p = OSSL_PARAM_construct_end(); - ret = - TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF)) + ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); --- crypto/openssl/test/evp_libctx_test.c.orig +++ crypto/openssl/test/evp_libctx_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,12 +32,14 @@ #include #include "testutil.h" #include "internal/nelem.h" -#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ +#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ static OSSL_LIB_CTX *libctx = NULL; static OSSL_PROVIDER *nullprov = NULL; static OSSL_PROVIDER *libprov = NULL; static STACK_OF(OPENSSL_STRING) *cipher_names = NULL; +static int is_fips = 0; +static int is_fips_lt_3_5 = 0; typedef enum OPTION_choice { OPT_ERR = -1, @@ -52,9 +54,9 @@ static const OPTIONS test_options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, { "config", OPT_CONFIG_FILE, '<', - "The configuration file to use for the libctx" }, + "The configuration file to use for the libctx" }, { "provider", OPT_PROVIDER_NAME, 's', - "The provider to load (The default value is 'default')" }, + "The provider to load (The default value is 'default')" }, { NULL } }; return test_options; @@ -63,7 +65,7 @@ #ifndef OPENSSL_NO_DH static const char *getname(int id) { - const char *name[] = {"p", "q", "g" }; + const char *name[] = { "p", "q", "g" }; if (id >= 0 && id < 3) return name[id]; @@ -105,10 +107,10 @@ pind = tstid / 9; qind = (tstid / 3) % 3; gind = tstid % 3; - expected = (pind == 0 && qind == 1 && gind == 2); + expected = (pind == 0 && qind == 1 && gind == 2); TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind), - getname(qind), getname(gind)); + getname(qind), getname(gind)); if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) || !TEST_ptr(dsa = DSA_new()) @@ -168,10 +170,10 @@ pind = tstid / 9; qind = (tstid / 3) % 3; gind = tstid % 3; - expected = (pind == 0 && qind == 1 && gind == 2); + expected = (pind == 0 && qind == 1 && gind == 2); TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind), - getname(qind), getname(gind)); + getname(qind), getname(gind)); if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) || !TEST_ptr(dh = DH_new()) @@ -218,7 +220,7 @@ static int test_dh_safeprime_param_keygen(int tstid) { static const BIGNUM *bn[] = { - &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q, + &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q, &ossl_bignum_const_2 }; return do_dh_param_keygen(tstid, bn); @@ -231,71 +233,71 @@ BIO *bio = NULL; static const unsigned char dhx_cert[] = { - 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00, - 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, - 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55, - 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c, - 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d, - 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f, - 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17, - 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d, - 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31, - 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14, - 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47, - 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54, - 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48, - 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48, - 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c, - 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09, - 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0, - 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42, - 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1, - 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf, - 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95, - 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85, - 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69, - 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9, - 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95, - 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39, - 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99, - 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1, - 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd, - 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61, - 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02, - 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b, - 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde, - 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb, - 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb, - 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0, - 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9, - 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28, - 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3, - 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2, - 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30, - 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30, - 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30, - 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25, - 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f, - 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05, - 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30, - 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82, - 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36, - 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15, - 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2, - 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2, - 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16, - 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3, - 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60, - 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2, - 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d, - 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c, - 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a, - 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3, - 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf, - 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42, - 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e, - 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c, - 0x0e,0x6a,0xb1 + 0x30, 0x82, 0x03, 0xff, 0x30, 0x82, 0x02, 0xe7, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0xdb, 0xf5, 0x4d, 0x22, 0xa0, 0x7a, 0x67, 0xa6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x4b, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x1d, + 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x2f, + 0x4d, 0x49, 0x4d, 0x45, 0x20, 0x52, 0x53, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, + 0x0d, 0x31, 0x33, 0x30, 0x38, 0x30, 0x32, 0x31, 0x34, 0x34, 0x39, 0x32, 0x39, 0x5a, 0x17, 0x0d, + 0x32, 0x33, 0x30, 0x36, 0x31, 0x31, 0x31, 0x34, 0x34, 0x39, 0x32, 0x39, 0x5a, 0x30, 0x44, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x4b, 0x31, 0x16, 0x30, 0x14, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47, + 0x72, 0x6f, 0x75, 0x70, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x54, + 0x65, 0x73, 0x74, 0x20, 0x53, 0x2f, 0x4d, 0x49, 0x4d, 0x45, 0x20, 0x45, 0x45, 0x20, 0x44, 0x48, + 0x20, 0x23, 0x31, 0x30, 0x82, 0x01, 0xb6, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3e, 0x02, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xd4, 0x0c, 0x4a, 0x0c, + 0x04, 0x72, 0x71, 0x19, 0xdf, 0x59, 0x19, 0xc5, 0xaf, 0x44, 0x7f, 0xca, 0x8e, 0x2b, 0xf0, 0x09, + 0xf5, 0xd3, 0x25, 0xb1, 0x73, 0x16, 0x55, 0x89, 0xdf, 0xfd, 0x07, 0xaf, 0x19, 0xd3, 0x7f, 0xd0, + 0x07, 0xa2, 0xfe, 0x3f, 0x5a, 0xf1, 0x01, 0xc6, 0xf8, 0x2b, 0xef, 0x4e, 0x6d, 0x03, 0x38, 0x42, + 0xa1, 0x37, 0xd4, 0x14, 0xb4, 0x00, 0x4a, 0xb1, 0x86, 0x5a, 0x83, 0xce, 0xb9, 0x08, 0x0e, 0xc1, + 0x99, 0x27, 0x47, 0x8d, 0x0b, 0x85, 0xa8, 0x82, 0xed, 0xcc, 0x0d, 0xb9, 0xb0, 0x32, 0x7e, 0xdf, + 0xe8, 0xe4, 0xf6, 0xf6, 0xec, 0xb3, 0xee, 0x7a, 0x11, 0x34, 0x65, 0x97, 0xfc, 0x1a, 0xb0, 0x95, + 0x4b, 0x19, 0xb9, 0xa6, 0x1c, 0xd9, 0x01, 0x32, 0xf7, 0x35, 0x7c, 0x2d, 0x5d, 0xfe, 0xc1, 0x85, + 0x70, 0x49, 0xf8, 0xcc, 0x99, 0xd0, 0xbe, 0xf1, 0x5a, 0x78, 0xc8, 0x03, 0x02, 0x81, 0x80, 0x69, + 0x00, 0xfd, 0x66, 0xf2, 0xfc, 0x15, 0x8b, 0x09, 0xb8, 0xdc, 0x4d, 0xea, 0xaa, 0x79, 0x55, 0xf9, + 0xdf, 0x46, 0xa6, 0x2f, 0xca, 0x2d, 0x8f, 0x59, 0x2a, 0xad, 0x44, 0xa3, 0xc6, 0x18, 0x2f, 0x95, + 0xb6, 0x16, 0x20, 0xe3, 0xd3, 0xd1, 0x8f, 0x03, 0xce, 0x71, 0x7c, 0xef, 0x3a, 0xc7, 0x44, 0x39, + 0x0e, 0xe2, 0x1f, 0xd8, 0xd3, 0x89, 0x2b, 0xe7, 0x51, 0xdc, 0x12, 0x48, 0x4c, 0x18, 0x4d, 0x99, + 0x12, 0x06, 0xe4, 0x17, 0x02, 0x03, 0x8c, 0x24, 0x05, 0x8e, 0xa6, 0x85, 0xf2, 0x69, 0x1b, 0xe1, + 0x6a, 0xdc, 0xe2, 0x04, 0x3a, 0x01, 0x9d, 0x64, 0xbe, 0xfe, 0x45, 0xf9, 0x44, 0x18, 0x71, 0xbd, + 0x2d, 0x3e, 0x7a, 0x6f, 0x72, 0x7d, 0x1a, 0x80, 0x42, 0x57, 0xae, 0x18, 0x6f, 0x91, 0xd6, 0x61, + 0x03, 0x8a, 0x1c, 0x89, 0x73, 0xc7, 0x56, 0x41, 0x03, 0xd3, 0xf8, 0xed, 0x65, 0xe2, 0x85, 0x02, + 0x15, 0x00, 0x89, 0x94, 0xab, 0x10, 0x67, 0x45, 0x41, 0xad, 0x63, 0xc6, 0x71, 0x40, 0x8d, 0x6b, + 0x9e, 0x19, 0x5b, 0xa4, 0xc7, 0xf5, 0x03, 0x81, 0x84, 0x00, 0x02, 0x81, 0x80, 0x2f, 0x5b, 0xde, + 0x72, 0x02, 0x36, 0x6b, 0x00, 0x5e, 0x24, 0x7f, 0x14, 0x2c, 0x18, 0x52, 0x42, 0x97, 0x4b, 0xdb, + 0x6e, 0x15, 0x50, 0x3c, 0x45, 0x3e, 0x25, 0xf3, 0xb7, 0xc5, 0x6e, 0xe5, 0x52, 0xe7, 0xc4, 0xfb, + 0xf4, 0xa5, 0xf0, 0x39, 0x12, 0x7f, 0xbc, 0x54, 0x1c, 0x93, 0xb9, 0x5e, 0xee, 0xe9, 0x14, 0xb0, + 0xdf, 0xfe, 0xfc, 0x36, 0xe4, 0xf2, 0xaf, 0xfb, 0x13, 0xc8, 0xdf, 0x18, 0x94, 0x1d, 0x40, 0xb9, + 0x71, 0xdd, 0x4c, 0x9c, 0xa7, 0x03, 0x52, 0x02, 0xb5, 0xed, 0x71, 0x80, 0x3e, 0x23, 0xda, 0x28, + 0xe5, 0xab, 0xe7, 0x6f, 0xf2, 0x0a, 0x0e, 0x00, 0x5b, 0x7d, 0xc6, 0x4b, 0xd7, 0xc7, 0xb2, 0xc3, + 0xba, 0x62, 0x7f, 0x70, 0x28, 0xa0, 0x9d, 0x71, 0x13, 0x70, 0xd1, 0x9f, 0x32, 0x2f, 0x3e, 0xd2, + 0xcd, 0x1b, 0xa4, 0xc6, 0x72, 0xa0, 0x74, 0x5d, 0x71, 0xef, 0x03, 0x43, 0x6e, 0xa3, 0x60, 0x30, + 0x5e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, 0xe0, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x0b, 0x5a, 0x4d, 0x5f, 0x7d, 0x25, + 0xc7, 0xf2, 0x9d, 0xc1, 0xaa, 0xb7, 0x63, 0x82, 0x2f, 0xfa, 0x8f, 0x32, 0xe7, 0xc0, 0x30, 0x1f, + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xdf, 0x7e, 0x5e, 0x88, 0x05, + 0x24, 0x33, 0x08, 0xdd, 0x22, 0x81, 0x02, 0x97, 0xcc, 0x9a, 0xb7, 0xb1, 0x33, 0x27, 0x30, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x5a, 0xf2, 0x63, 0xef, 0xd3, 0x16, 0xd7, 0xf5, 0xaa, 0xdd, 0x12, 0x00, 0x36, + 0x00, 0x21, 0xa2, 0x7b, 0x08, 0xd6, 0x3b, 0x9f, 0x62, 0xac, 0x53, 0x1f, 0xed, 0x4c, 0xd1, 0x15, + 0x34, 0x65, 0x71, 0xee, 0x96, 0x07, 0xa6, 0xef, 0xb2, 0xde, 0xd8, 0xbb, 0x35, 0x6e, 0x2c, 0xe2, + 0xd1, 0x26, 0xef, 0x7e, 0x94, 0xe2, 0x88, 0x51, 0xa4, 0x6c, 0xaa, 0x27, 0x2a, 0xd3, 0xb6, 0xc2, + 0xf7, 0xea, 0xc3, 0x0b, 0xa9, 0xb5, 0x28, 0x37, 0xa2, 0x63, 0x08, 0xe4, 0x88, 0xc0, 0x1b, 0x16, + 0x1b, 0xca, 0xfd, 0x8a, 0x07, 0x32, 0x29, 0xa7, 0x53, 0xb5, 0x2d, 0x30, 0xe4, 0xf5, 0x16, 0xc3, + 0xe3, 0xc2, 0x4c, 0x30, 0x5d, 0x35, 0x80, 0x1c, 0xa2, 0xdb, 0xe3, 0x4b, 0x51, 0x0d, 0x4c, 0x60, + 0x5f, 0xb9, 0x46, 0xac, 0xa8, 0x46, 0xa7, 0x32, 0xa7, 0x9c, 0x76, 0xf8, 0xe9, 0xb5, 0x19, 0xe2, + 0x0c, 0xe1, 0x0f, 0xc6, 0x46, 0xe2, 0x38, 0xa7, 0x87, 0x72, 0x6d, 0x6c, 0xbc, 0x88, 0x2f, 0x9d, + 0x2d, 0xe5, 0xd0, 0x7d, 0x1e, 0xc7, 0x5d, 0xf8, 0x7e, 0xb4, 0x0b, 0xa6, 0xf9, 0x6c, 0xe3, 0x7c, + 0xb2, 0x70, 0x6e, 0x75, 0x9b, 0x1e, 0x63, 0xe1, 0x4d, 0xb2, 0x81, 0xd3, 0x55, 0x38, 0x94, 0x1a, + 0x7a, 0xfa, 0xbf, 0x01, 0x18, 0x70, 0x2d, 0x35, 0xd3, 0xe3, 0x10, 0x7a, 0x9a, 0xa7, 0x8f, 0xf3, + 0xbd, 0x56, 0x55, 0x5e, 0xd8, 0xbd, 0x4e, 0x16, 0x76, 0xd0, 0x48, 0x4c, 0xf9, 0x51, 0x54, 0xdf, + 0x2d, 0xb0, 0xc9, 0xaa, 0x5e, 0x42, 0x38, 0x50, 0xbf, 0x0f, 0xc0, 0xd9, 0x84, 0x44, 0x4b, 0x42, + 0x24, 0xec, 0x14, 0xa3, 0xde, 0x11, 0xdf, 0x58, 0x7f, 0xc2, 0x4d, 0xb2, 0xd5, 0x42, 0x78, 0x6e, + 0x52, 0x3e, 0xad, 0xc3, 0x5f, 0x04, 0xc4, 0xe6, 0x31, 0xaa, 0x81, 0x06, 0x8b, 0x13, 0x4b, 0x3c, + 0x0e, 0x6a, 0xb1 }; if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert))) @@ -325,14 +327,70 @@ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 }; unsigned char key[64] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, + 0x01, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, + 0x02, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, + 0x03, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, }; unsigned char iv[16] = { 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, @@ -358,8 +416,8 @@ * handle reinit (1.1.1 behaviour). */ no_null_key = EVP_CIPHER_is_a(cipher, "RC4") - || EVP_CIPHER_is_a(cipher, "RC4-40") - || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5"); + || EVP_CIPHER_is_a(cipher, "RC4-40") + || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5"); /* DES3-WRAP uses random every update - so it will give a different value */ diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP"); @@ -368,11 +426,11 @@ || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in))) || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)), - ccm ? 0 : 1) + ccm ? 0 : 1) || (!no_null_key - && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) - || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)), - ccm || siv ? 0 : 1)))) + && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) + || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)), + ccm || siv ? 0 : 1)))) goto err; if (ccm == 0) { @@ -410,20 +468,104 @@ unsigned char out2[256]; unsigned char out3[256]; static const unsigned char in[32] = { - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe, - 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, + 0xba, + 0xbe, + 0xba, + 0xbe, + 0x00, + 0x00, + 0xba, + 0xbe, + 0x01, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, }; static const unsigned char key[64] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, + 0x01, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, + 0x02, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, + 0x03, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f, }; static const unsigned char iv[16] = { 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, @@ -442,7 +584,8 @@ /* skip any ciphers that don't allow partial updates */ if (((EVP_CIPHER_get_flags(cipher) - & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0) + & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) + != 0) || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) { @@ -474,8 +617,7 @@ return ret; } - -static int name_cmp(const char * const *a, const char * const *b) +static int name_cmp(const char *const *a, const char *const *b) { return OPENSSL_strcasecmp(*a, *b); } @@ -502,11 +644,10 @@ OSSL_ENCODER_CTX *ectx = NULL; if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)bits)) - || !TEST_ptr(ectx = - OSSL_ENCODER_CTX_new_for_pkey(*priv, - EVP_PKEY_PUBLIC_KEY, - "DER", "type-specific", - NULL)) + || !TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(*priv, + EVP_PKEY_PUBLIC_KEY, + "DER", "type-specific", + NULL)) || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len))) goto err; pp = pub_der; @@ -525,45 +666,57 @@ EVP_PKEY *pub = NULL; EVP_PKEY *priv = NULL; EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL; - unsigned char secret[256] = { 0, }; - unsigned char ct[256] = { 0, }; - unsigned char unwrap[256] = { 0, }; + unsigned char secret[256] = { + 0, + }; + unsigned char ct[256] = { + 0, + }; + unsigned char unwrap[256] = { + 0, + }; size_t ctlen = 0, unwraplen = 0, secretlen = 0; int bits = 2048; ret = TEST_true(rsa_keygen(bits, &pub, &priv)) - && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) - && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1) - && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx)) - /* Test that providing a NULL wrappedlen fails */ - && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, NULL, NULL, NULL), 0) - && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL, - &secretlen), 1) - && TEST_int_eq(ctlen, secretlen) - && TEST_int_eq(ctlen, bits / 8) - && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, - &secretlen), 1) - && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) - && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1) - /* Test that providing a NULL unwrappedlen fails */ - && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, NULL, ct, ctlen), 0) - && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen, - ct, ctlen), 1) - && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, - ct, ctlen), 1) - && TEST_mem_eq(unwrap, unwraplen, secret, secretlen); + && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) + && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1) + && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx)) + /* Test that providing a NULL wrappedlen fails */ + && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, NULL, NULL, NULL), 0) + && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL, + &secretlen), + 1) + && TEST_int_eq(ctlen, secretlen) + && TEST_int_eq(ctlen, bits / 8) + && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, + &secretlen), + 1) + && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) + && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1) + /* Test that providing a NULL unwrappedlen fails */ + && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, NULL, ct, ctlen), 0) + && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen, + ct, ctlen), + 1) + && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, + ct, ctlen), + 1) + && TEST_mem_eq(unwrap, unwraplen, secret, secretlen); /* Test that providing a too short unwrapped/ctlen fails */ if (fips_provider_version_match(libctx, ">=3.4.0")) { ctlen = 1; if (!TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, - &secretlen), 0)) + &secretlen), + 0)) ret = 0; unwraplen = 1; if (!TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, ct, - ctlen), 0)) + ctlen), + 0)) ret = 0; } @@ -588,12 +741,12 @@ unsigned char key[24] = { 0 }; ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL)) - && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0) - && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL)) - && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0) - && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) - && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1)) - && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0); + && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0) + && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL)) + && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0) + && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1)) + && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0); EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_free(tdes_cipher); @@ -608,8 +761,12 @@ EVP_PKEY *pub = NULL; EVP_PKEY *priv = NULL; EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL; - unsigned char secret[256] = { 0, }; - unsigned char ct[256] = { 0, }; + unsigned char secret[256] = { + 0, + }; + unsigned char ct[256] = { + 0, + }; size_t ctlen = 0, secretlen = 0; ret = TEST_true(rsa_keygen(2048, &pub, &priv)) @@ -629,16 +786,17 @@ && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1) && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct, - sizeof(ct)), 0) + sizeof(ct)), + 0) && TEST_uchar_eq(secret[0], 0) - /* Test encapsulate fails if the mode is not set */ + /* Unless newer FIPS, test encapsulate fails when the mode is not set. */ && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2) + && (!is_fips_lt_3_5 || TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)) /* Test setting a bad kem ops fail */ && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0) && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0) /* Test secretlen is optional */ && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) @@ -733,7 +891,7 @@ config_file = opt_arg(); break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; @@ -743,8 +901,14 @@ if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) return 0; + if (strcmp(prov_name, "fips") == 0) + is_fips = 1; + + is_fips_lt_3_5 = is_fips && fips_provider_version_lt(libctx, 3, 5, 0); + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) - ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); + if (!is_fips || fips_provider_version_lt(libctx, 3, 4, 0)) + ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); #endif #ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); @@ -757,7 +921,7 @@ ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names)); ADD_ALL_TESTS(test_cipher_reinit_partialupdate, - sk_OPENSSL_STRING_num(cipher_names)); + sk_OPENSSL_STRING_num(cipher_names)); ADD_TEST(kem_rsa_gen_recover); ADD_TEST(kem_rsa_params); #ifndef OPENSSL_NO_DH --- crypto/openssl/test/evp_pkey_dparams_test.c.orig +++ crypto/openssl/test/evp_pkey_dparams_test.c @@ -22,7 +22,7 @@ #include "testutil.h" #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) -# define OPENSSL_NO_KEYPARAMS +#define OPENSSL_NO_KEYPARAMS #endif #ifndef OPENSSL_NO_KEYPARAMS @@ -33,25 +33,25 @@ size_t key_bin_len; }; -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH static const unsigned char dhparam_bin[] = { -0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01,0x00,0xc0,0xd1,0x2e,0x14,0x18,0xbd,0x03, -0xfd,0x39,0xe1,0x99,0xf4,0x93,0x06,0x2d,0x49,0xc6,0xb5,0xb9,0xf0,0x91,0xcb,0x2f, -0x48,0x54,0x79,0x7d,0xc4,0x65,0x11,0x55,0xf7,0x99,0xde,0x42,0x83,0x84,0xc0,0xf8, -0x88,0x89,0xa0,0xff,0xff,0x7d,0xe8,0xef,0x9e,0xbc,0xf7,0x1d,0x70,0x6d,0x3a,0x33, -0x49,0x28,0xa1,0xa3,0xe1,0x41,0xc4,0x8b,0x91,0xf9,0xf2,0xb6,0xe2,0x77,0x79,0x38, -0x7d,0x21,0xb3,0xdf,0x79,0x9c,0x5e,0x65,0x16,0x00,0x16,0x82,0xb2,0x36,0x46,0x21, -0xac,0xaf,0x86,0xc7,0xe3,0x10,0x44,0x48,0xfb,0xbd,0xad,0x4e,0x11,0x73,0x4c,0x25, -0xb0,0x8c,0x1c,0x1e,0x8e,0x58,0x50,0x5e,0x43,0x89,0xe4,0xd9,0x34,0xf8,0x3b,0xcc, -0x36,0x2c,0x1b,0xb3,0xb2,0x77,0x0c,0xa5,0x96,0xc1,0x8a,0x38,0xd4,0xe3,0x9c,0x2a, -0xde,0x49,0x46,0xc7,0xd4,0xa2,0x47,0xc9,0x0a,0xbd,0x84,0xd4,0x1c,0xbc,0xb6,0x19, -0x04,0x94,0x64,0xfa,0x8a,0x11,0x9c,0x5f,0x4a,0x4c,0x0f,0x58,0x81,0x02,0xbf,0xcf, -0x87,0x27,0x2b,0xae,0x8e,0xe2,0x61,0x7a,0xdb,0xba,0x23,0x39,0x25,0x44,0xdc,0x22, -0x75,0xc3,0x28,0xd9,0x12,0x33,0x84,0x32,0xd4,0x5d,0xd9,0x77,0xf8,0x04,0x90,0x38, -0x0a,0xec,0x84,0x93,0x43,0xce,0xe7,0x07,0x42,0x7d,0x2d,0xe0,0x21,0x3b,0x19,0x22, -0xa7,0x8f,0x50,0x31,0xda,0xd0,0x0d,0xd3,0x0b,0xdb,0xad,0xed,0x94,0x92,0xff,0x83, -0x06,0x7f,0x7f,0xd7,0x7b,0x42,0x5b,0xba,0x93,0x7a,0xeb,0x43,0x5f,0xce,0x59,0x26, -0xe8,0x76,0xdc,0xee,0xe2,0xbe,0x36,0x7a,0x83,0x02,0x01,0x02 + 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0xd1, 0x2e, 0x14, 0x18, 0xbd, 0x03, + 0xfd, 0x39, 0xe1, 0x99, 0xf4, 0x93, 0x06, 0x2d, 0x49, 0xc6, 0xb5, 0xb9, 0xf0, 0x91, 0xcb, 0x2f, + 0x48, 0x54, 0x79, 0x7d, 0xc4, 0x65, 0x11, 0x55, 0xf7, 0x99, 0xde, 0x42, 0x83, 0x84, 0xc0, 0xf8, + 0x88, 0x89, 0xa0, 0xff, 0xff, 0x7d, 0xe8, 0xef, 0x9e, 0xbc, 0xf7, 0x1d, 0x70, 0x6d, 0x3a, 0x33, + 0x49, 0x28, 0xa1, 0xa3, 0xe1, 0x41, 0xc4, 0x8b, 0x91, 0xf9, 0xf2, 0xb6, 0xe2, 0x77, 0x79, 0x38, + 0x7d, 0x21, 0xb3, 0xdf, 0x79, 0x9c, 0x5e, 0x65, 0x16, 0x00, 0x16, 0x82, 0xb2, 0x36, 0x46, 0x21, + 0xac, 0xaf, 0x86, 0xc7, 0xe3, 0x10, 0x44, 0x48, 0xfb, 0xbd, 0xad, 0x4e, 0x11, 0x73, 0x4c, 0x25, + 0xb0, 0x8c, 0x1c, 0x1e, 0x8e, 0x58, 0x50, 0x5e, 0x43, 0x89, 0xe4, 0xd9, 0x34, 0xf8, 0x3b, 0xcc, + 0x36, 0x2c, 0x1b, 0xb3, 0xb2, 0x77, 0x0c, 0xa5, 0x96, 0xc1, 0x8a, 0x38, 0xd4, 0xe3, 0x9c, 0x2a, + 0xde, 0x49, 0x46, 0xc7, 0xd4, 0xa2, 0x47, 0xc9, 0x0a, 0xbd, 0x84, 0xd4, 0x1c, 0xbc, 0xb6, 0x19, + 0x04, 0x94, 0x64, 0xfa, 0x8a, 0x11, 0x9c, 0x5f, 0x4a, 0x4c, 0x0f, 0x58, 0x81, 0x02, 0xbf, 0xcf, + 0x87, 0x27, 0x2b, 0xae, 0x8e, 0xe2, 0x61, 0x7a, 0xdb, 0xba, 0x23, 0x39, 0x25, 0x44, 0xdc, 0x22, + 0x75, 0xc3, 0x28, 0xd9, 0x12, 0x33, 0x84, 0x32, 0xd4, 0x5d, 0xd9, 0x77, 0xf8, 0x04, 0x90, 0x38, + 0x0a, 0xec, 0x84, 0x93, 0x43, 0xce, 0xe7, 0x07, 0x42, 0x7d, 0x2d, 0xe0, 0x21, 0x3b, 0x19, 0x22, + 0xa7, 0x8f, 0x50, 0x31, 0xda, 0xd0, 0x0d, 0xd3, 0x0b, 0xdb, 0xad, 0xed, 0x94, 0x92, 0xff, 0x83, + 0x06, 0x7f, 0x7f, 0xd7, 0x7b, 0x42, 0x5b, 0xba, 0x93, 0x7a, 0xeb, 0x43, 0x5f, 0xce, 0x59, 0x26, + 0xe8, 0x76, 0xdc, 0xee, 0xe2, 0xbe, 0x36, 0x7a, 0x83, 0x02, 0x01, 0x02 }; static const unsigned char dhkey_1[] = { 0x7a, 0x49, 0xcb, 0xc3, 0x25, 0x67, 0x7a, 0x61, @@ -126,51 +126,51 @@ static const unsigned char dhkey_3[] = { 0x01 }; -# endif +#endif -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA static const unsigned char dsaparam_bin[] = { -0x30,0x82,0x02,0x28,0x02,0x82,0x01,0x01,0x00,0xf2,0x85,0x01,0xa5,0xb9,0x56,0x65, -0x19,0xff,0x9a,0x7d,0xf9,0x90,0xd6,0xaa,0x73,0xac,0xf7,0x94,0xfa,0x8a,0x64,0x6d, -0xa0,0x01,0x42,0xe5,0x45,0xfc,0x53,0x72,0xb0,0x7c,0xe6,0x3b,0xfb,0x09,0x33,0x41, -0x27,0xbd,0x00,0xb5,0x18,0x87,0x62,0xa8,0x2b,0xfc,0xd0,0x52,0x4a,0x14,0x2d,0xaa, -0x36,0xc6,0xf3,0xa9,0xe3,0x90,0x1b,0x74,0xdf,0x0a,0x6d,0x33,0xba,0xf4,0x32,0x6d, -0xba,0x36,0x68,0x1d,0x83,0x36,0x50,0xc6,0x62,0xc0,0x40,0x67,0x0e,0xf6,0x22,0x00, -0x62,0x1b,0x76,0x72,0x62,0x5f,0xa0,0xdf,0x38,0xb1,0x1d,0x26,0x70,0x9b,0x84,0x64, -0xbb,0x16,0x15,0xc2,0x66,0xb9,0x97,0xd0,0x07,0xf1,0x4b,0x70,0x02,0x03,0xf1,0xd2, -0x03,0xdb,0x78,0x8b,0xb4,0xda,0x6f,0x3c,0xe2,0x31,0xa8,0x1c,0x99,0xea,0x9c,0x75, -0x28,0x96,0x82,0x16,0x77,0xac,0x79,0x32,0x61,0x87,0xec,0xb7,0xb4,0xc3,0xea,0x12, -0x62,0x1f,0x08,0xb8,0x16,0xab,0xcc,0xef,0x28,0xdf,0x06,0x07,0xbe,0xb0,0xdc,0x78, -0x83,0x8a,0x70,0x80,0x34,0xe6,0x91,0xe3,0xd3,0x92,0xd9,0xf4,0x56,0x53,0x52,0xb7, -0x35,0xf6,0x2a,0xec,0x4b,0xcb,0xa2,0x3c,0xc3,0x0c,0x94,0xa7,0x4e,0x1c,0x42,0x9c, -0x72,0x99,0x60,0x8c,0xfe,0xfb,0x60,0x57,0x75,0xf5,0x23,0x11,0x12,0xba,0x97,0xcd, -0xad,0x5a,0x0b,0xa6,0x1f,0x6a,0x48,0x2e,0x8d,0xda,0x95,0xc6,0x0e,0x14,0xde,0xf7, -0x22,0x55,0xa8,0x6b,0x25,0xdf,0xa2,0xab,0x33,0x65,0x56,0xfc,0x78,0x4f,0x62,0xdf, -0x48,0xdd,0xce,0x8b,0xe1,0x76,0xf4,0xf6,0x7f,0x02,0x1d,0x00,0xac,0xb0,0xb8,0x92, -0x3b,0x6b,0x61,0xcf,0x36,0x6d,0xf2,0x1e,0x5d,0xe0,0x7b,0xf5,0x73,0x48,0xa3,0x8b, -0x86,0x9e,0x88,0xce,0x40,0xf8,0x27,0x6d,0x02,0x82,0x01,0x00,0x77,0x6b,0x89,0xd6, -0x8f,0x3d,0xce,0x52,0x30,0x74,0xb2,0xa1,0x13,0x96,0xd5,0x92,0xf2,0xf1,0x6b,0x10, -0x31,0x0b,0xf3,0x69,0xaa,0xbf,0x4b,0x6c,0xcb,0x3f,0x6d,0x58,0x76,0x44,0x09,0xf9, -0x28,0xef,0xa0,0xe4,0x55,0x77,0x57,0xe0,0xfb,0xcc,0x9a,0x6a,0x2c,0x90,0xec,0x72, -0x24,0x0b,0x43,0xc5,0xbc,0x31,0xed,0x1a,0x46,0x2c,0x76,0x42,0x9e,0xc0,0x82,0xfc, -0xff,0xf9,0x7e,0xe2,0x1f,0x39,0xf3,0x3b,0xdb,0x27,0x36,0xe7,0xf5,0x3b,0xc2,0x23, -0xb6,0xd0,0xcf,0x5b,0x85,0x2e,0x1b,0x00,0x5b,0x31,0xaa,0x72,0x8f,0x37,0xee,0x56, -0x71,0xc4,0xfd,0x3c,0x8d,0xfa,0x5b,0xab,0xb1,0xa9,0x52,0x76,0xa0,0xe4,0xe3,0x78, -0x83,0x64,0x5d,0xd7,0x6c,0xec,0x9b,0x40,0x65,0xe2,0x0a,0x11,0x19,0x60,0xdd,0xce, -0x29,0x9f,0xc6,0x1d,0x0a,0xab,0x8e,0x59,0x25,0xc5,0x0b,0x9c,0x02,0x45,0xba,0x99, -0x74,0x22,0x1d,0xc1,0x57,0xca,0x50,0x8c,0x5e,0xdf,0xd8,0x5d,0x43,0xae,0x06,0x28, -0x29,0x82,0xf6,0x5a,0xa9,0x51,0xa2,0x04,0x1d,0xbf,0x88,0x15,0x98,0xce,0x8a,0xb4, -0x3b,0xe5,0x30,0x29,0xce,0x0c,0x9b,0xf8,0xdb,0xbf,0x06,0x9f,0xd0,0x59,0x18,0xd4, -0x0b,0x94,0xbf,0xe9,0x67,0x6b,0x9e,0xf0,0x72,0xc6,0xbf,0x79,0x8f,0x1e,0xa3,0x95, -0x24,0xe3,0xcb,0x58,0xb5,0x67,0xd3,0xae,0x79,0xb0,0x28,0x9c,0x9a,0xd0,0xa4,0xe7, -0x22,0x15,0xc1,0x8b,0x04,0xb9,0x8a,0xa8,0xb7,0x1b,0x62,0x44,0xc6,0xef,0x4b,0x74, -0xd0,0xfd,0xa9,0xb4,0x4e,0xdd,0x7d,0x38,0x60,0xd1,0x40,0xcd + 0x30, 0x82, 0x02, 0x28, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf2, 0x85, 0x01, 0xa5, 0xb9, 0x56, 0x65, + 0x19, 0xff, 0x9a, 0x7d, 0xf9, 0x90, 0xd6, 0xaa, 0x73, 0xac, 0xf7, 0x94, 0xfa, 0x8a, 0x64, 0x6d, + 0xa0, 0x01, 0x42, 0xe5, 0x45, 0xfc, 0x53, 0x72, 0xb0, 0x7c, 0xe6, 0x3b, 0xfb, 0x09, 0x33, 0x41, + 0x27, 0xbd, 0x00, 0xb5, 0x18, 0x87, 0x62, 0xa8, 0x2b, 0xfc, 0xd0, 0x52, 0x4a, 0x14, 0x2d, 0xaa, + 0x36, 0xc6, 0xf3, 0xa9, 0xe3, 0x90, 0x1b, 0x74, 0xdf, 0x0a, 0x6d, 0x33, 0xba, 0xf4, 0x32, 0x6d, + 0xba, 0x36, 0x68, 0x1d, 0x83, 0x36, 0x50, 0xc6, 0x62, 0xc0, 0x40, 0x67, 0x0e, 0xf6, 0x22, 0x00, + 0x62, 0x1b, 0x76, 0x72, 0x62, 0x5f, 0xa0, 0xdf, 0x38, 0xb1, 0x1d, 0x26, 0x70, 0x9b, 0x84, 0x64, + 0xbb, 0x16, 0x15, 0xc2, 0x66, 0xb9, 0x97, 0xd0, 0x07, 0xf1, 0x4b, 0x70, 0x02, 0x03, 0xf1, 0xd2, + 0x03, 0xdb, 0x78, 0x8b, 0xb4, 0xda, 0x6f, 0x3c, 0xe2, 0x31, 0xa8, 0x1c, 0x99, 0xea, 0x9c, 0x75, + 0x28, 0x96, 0x82, 0x16, 0x77, 0xac, 0x79, 0x32, 0x61, 0x87, 0xec, 0xb7, 0xb4, 0xc3, 0xea, 0x12, + 0x62, 0x1f, 0x08, 0xb8, 0x16, 0xab, 0xcc, 0xef, 0x28, 0xdf, 0x06, 0x07, 0xbe, 0xb0, 0xdc, 0x78, + 0x83, 0x8a, 0x70, 0x80, 0x34, 0xe6, 0x91, 0xe3, 0xd3, 0x92, 0xd9, 0xf4, 0x56, 0x53, 0x52, 0xb7, + 0x35, 0xf6, 0x2a, 0xec, 0x4b, 0xcb, 0xa2, 0x3c, 0xc3, 0x0c, 0x94, 0xa7, 0x4e, 0x1c, 0x42, 0x9c, + 0x72, 0x99, 0x60, 0x8c, 0xfe, 0xfb, 0x60, 0x57, 0x75, 0xf5, 0x23, 0x11, 0x12, 0xba, 0x97, 0xcd, + 0xad, 0x5a, 0x0b, 0xa6, 0x1f, 0x6a, 0x48, 0x2e, 0x8d, 0xda, 0x95, 0xc6, 0x0e, 0x14, 0xde, 0xf7, + 0x22, 0x55, 0xa8, 0x6b, 0x25, 0xdf, 0xa2, 0xab, 0x33, 0x65, 0x56, 0xfc, 0x78, 0x4f, 0x62, 0xdf, + 0x48, 0xdd, 0xce, 0x8b, 0xe1, 0x76, 0xf4, 0xf6, 0x7f, 0x02, 0x1d, 0x00, 0xac, 0xb0, 0xb8, 0x92, + 0x3b, 0x6b, 0x61, 0xcf, 0x36, 0x6d, 0xf2, 0x1e, 0x5d, 0xe0, 0x7b, 0xf5, 0x73, 0x48, 0xa3, 0x8b, + 0x86, 0x9e, 0x88, 0xce, 0x40, 0xf8, 0x27, 0x6d, 0x02, 0x82, 0x01, 0x00, 0x77, 0x6b, 0x89, 0xd6, + 0x8f, 0x3d, 0xce, 0x52, 0x30, 0x74, 0xb2, 0xa1, 0x13, 0x96, 0xd5, 0x92, 0xf2, 0xf1, 0x6b, 0x10, + 0x31, 0x0b, 0xf3, 0x69, 0xaa, 0xbf, 0x4b, 0x6c, 0xcb, 0x3f, 0x6d, 0x58, 0x76, 0x44, 0x09, 0xf9, + 0x28, 0xef, 0xa0, 0xe4, 0x55, 0x77, 0x57, 0xe0, 0xfb, 0xcc, 0x9a, 0x6a, 0x2c, 0x90, 0xec, 0x72, + 0x24, 0x0b, 0x43, 0xc5, 0xbc, 0x31, 0xed, 0x1a, 0x46, 0x2c, 0x76, 0x42, 0x9e, 0xc0, 0x82, 0xfc, + 0xff, 0xf9, 0x7e, 0xe2, 0x1f, 0x39, 0xf3, 0x3b, 0xdb, 0x27, 0x36, 0xe7, 0xf5, 0x3b, 0xc2, 0x23, + 0xb6, 0xd0, 0xcf, 0x5b, 0x85, 0x2e, 0x1b, 0x00, 0x5b, 0x31, 0xaa, 0x72, 0x8f, 0x37, 0xee, 0x56, + 0x71, 0xc4, 0xfd, 0x3c, 0x8d, 0xfa, 0x5b, 0xab, 0xb1, 0xa9, 0x52, 0x76, 0xa0, 0xe4, 0xe3, 0x78, + 0x83, 0x64, 0x5d, 0xd7, 0x6c, 0xec, 0x9b, 0x40, 0x65, 0xe2, 0x0a, 0x11, 0x19, 0x60, 0xdd, 0xce, + 0x29, 0x9f, 0xc6, 0x1d, 0x0a, 0xab, 0x8e, 0x59, 0x25, 0xc5, 0x0b, 0x9c, 0x02, 0x45, 0xba, 0x99, + 0x74, 0x22, 0x1d, 0xc1, 0x57, 0xca, 0x50, 0x8c, 0x5e, 0xdf, 0xd8, 0x5d, 0x43, 0xae, 0x06, 0x28, + 0x29, 0x82, 0xf6, 0x5a, 0xa9, 0x51, 0xa2, 0x04, 0x1d, 0xbf, 0x88, 0x15, 0x98, 0xce, 0x8a, 0xb4, + 0x3b, 0xe5, 0x30, 0x29, 0xce, 0x0c, 0x9b, 0xf8, 0xdb, 0xbf, 0x06, 0x9f, 0xd0, 0x59, 0x18, 0xd4, + 0x0b, 0x94, 0xbf, 0xe9, 0x67, 0x6b, 0x9e, 0xf0, 0x72, 0xc6, 0xbf, 0x79, 0x8f, 0x1e, 0xa3, 0x95, + 0x24, 0xe3, 0xcb, 0x58, 0xb5, 0x67, 0xd3, 0xae, 0x79, 0xb0, 0x28, 0x9c, 0x9a, 0xd0, 0xa4, 0xe7, + 0x22, 0x15, 0xc1, 0x8b, 0x04, 0xb9, 0x8a, 0xa8, 0xb7, 0x1b, 0x62, 0x44, 0xc6, 0xef, 0x4b, 0x74, + 0xd0, 0xfd, 0xa9, 0xb4, 0x4e, 0xdd, 0x7d, 0x38, 0x60, 0xd1, 0x40, 0xcd }; -# endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC static const unsigned char ecparam_bin[] = { -0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07 + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; static const unsigned char eckey_1[] = { 0x04, 0xc8, 0x65, 0x45, 0x63, 0x73, 0xe5, 0x0a, @@ -207,7 +207,7 @@ 0x83, 0xc5, 0x78, 0xd0, 0x0b, 0x69, 0xb4, 0xb9, 0xf1, 0xaa }; -# endif +#endif #define NUM_KEYS 10 @@ -216,30 +216,26 @@ const unsigned char *param_bin; size_t param_bin_len; struct pubkey keys[NUM_KEYS]; -} pkey_params [] = { -# ifndef OPENSSL_NO_DH +} pkey_params[] = { +#ifndef OPENSSL_NO_DH { EVP_PKEY_DH, dhparam_bin, sizeof(dhparam_bin), { { 0, dhkey_1, sizeof(dhkey_1) }, - { 0, dhkey_2, sizeof(dhkey_2) }, - { 1, dhkey_3, sizeof(dhkey_3) }, - { 1, dhkey_1, 0 }, - { 1, dhparam_bin, sizeof(dhparam_bin) } - } - }, -# endif -# ifndef OPENSSL_NO_DSA + { 0, dhkey_2, sizeof(dhkey_2) }, + { 1, dhkey_3, sizeof(dhkey_3) }, + { 1, dhkey_1, 0 }, + { 1, dhparam_bin, sizeof(dhparam_bin) } } }, +#endif +#ifndef OPENSSL_NO_DSA { EVP_PKEY_DSA, dsaparam_bin, sizeof(dsaparam_bin) }, -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC { EVP_PKEY_EC, ecparam_bin, sizeof(ecparam_bin), { { 0, eckey_1, sizeof(eckey_1) }, - { 1, eckey_2, sizeof(eckey_2) }, - { 1, eckey_3, sizeof(eckey_3) }, - { 1, eckey_1, 0 }, - { 1, eckey_1, sizeof(eckey_1) - 1 } - } - } -# endif + { 1, eckey_2, sizeof(eckey_2) }, + { 1, eckey_3, sizeof(eckey_3) }, + { 1, eckey_1, 0 }, + { 1, eckey_1, sizeof(eckey_1) - 1 } } } +#endif }; static int params_bio_test(int id) @@ -251,7 +247,7 @@ int type = pkey_params[id].type; ret = TEST_ptr(in = BIO_new_mem_buf(pkey_params[id].param_bin, - (int)pkey_params[id].param_bin_len)) + (int)pkey_params[id].param_bin_len)) /* Load in pkey params from binary */ && TEST_ptr(d2i_KeyParams_bio(type, &in_key, in)) && TEST_ptr(out = BIO_new(BIO_s_mem())) @@ -260,8 +256,8 @@ /* test the output binary is the expected value */ && TEST_int_gt(out_len = BIO_get_mem_data(out, &out_bin), 0) && TEST_mem_eq(pkey_params[id].param_bin, - (int)pkey_params[id].param_bin_len, - out_bin, out_len); + (int)pkey_params[id].param_bin_len, + out_bin, out_len); BIO_free(in); BIO_free(out); @@ -282,7 +278,7 @@ return TEST_skip("Not applicable test"); ret = TEST_ptr(in = BIO_new_mem_buf(pkey_params[id].param_bin, - (int)pkey_params[id].param_bin_len)) + (int)pkey_params[id].param_bin_len)) /* Load in pkey params from binary */ && TEST_ptr(d2i_KeyParams_bio(type, &in_key, in)); @@ -291,16 +287,16 @@ ERR_set_mark(); ret = ret && TEST_int_le(EVP_PKEY_set1_encoded_public_key(in_key, - keys[i].key_bin, - keys[i].key_bin_len), - 0); + keys[i].key_bin, + keys[i].key_bin_len), + 0); ERR_pop_to_mark(); } else { ret = ret && TEST_int_gt(EVP_PKEY_set1_encoded_public_key(in_key, - keys[i].key_bin, - keys[i].key_bin_len), - 0); + keys[i].key_bin, + keys[i].key_bin_len), + 0); } if (!ret) TEST_info("Test key index #%d", i); --- crypto/openssl/test/evp_pkey_provided_test.c.orig +++ crypto/openssl/test/evp_pkey_provided_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,8 +16,8 @@ #include #include #include "crypto/ecx.h" -#include "crypto/evp.h" /* For the internal API */ -#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ +#include "crypto/evp.h" /* For the internal API */ +#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ #include "internal/nelem.h" #include "testutil.h" @@ -28,12 +28,12 @@ * update the for loop bounds used inside test_print_key_using_encoder() and * test_print_key_using_encoder_public(). */ -#define PRIV_TEXT 0 -#define PRIV_PEM 1 -#define PRIV_DER 2 -#define PUB_TEXT 3 -#define PUB_PEM 4 -#define PUB_DER 5 +#define PRIV_TEXT 0 +#define PRIV_PEM 1 +#define PRIV_DER 2 +#define PUB_TEXT 3 +#define PUB_PEM 4 +#define PUB_DER 5 static void stripcr(char *buf, size_t *len) { @@ -103,8 +103,8 @@ goto err; if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes)) - || !TEST_true(BIO_eof(file)) - || !TEST_size_t_lt(readbytes, sizeof(buf))) + || !TEST_true(BIO_eof(file)) + || !TEST_size_t_lt(readbytes, sizeof(buf))) goto err; len = BIO_get_mem_data(membio, &memdata); @@ -121,7 +121,7 @@ goto err; ret = 1; - err: +err: OPENSSL_free(fullfile); (void)BIO_reset(membio); BIO_free(file); @@ -148,23 +148,23 @@ if (/* Output Encrypted private key in PEM form */ !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(), - (unsigned char *)"pass", 4, - NULL, NULL)) + (unsigned char *)"pass", 4, + NULL, NULL)) /* Output zero-length passphrase encrypted private key in PEM form */ || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, - EVP_aes_256_cbc(), - (const char *)~0, 0, - NULL, NULL)) + EVP_aes_256_cbc(), + (const char *)~0, 0, + NULL, NULL)) || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, - EVP_aes_256_cbc(), - NULL, 0, NULL, "")) + EVP_aes_256_cbc(), + NULL, 0, NULL, "")) || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, - EVP_aes_256_cbc(), - NULL, 0, pass_cb, NULL)) + EVP_aes_256_cbc(), + NULL, 0, pass_cb, NULL)) || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, - EVP_aes_256_cbc(), - NULL, 0, pass_cb_error, - NULL)) + EVP_aes_256_cbc(), + NULL, 0, pass_cb_error, + NULL)) #ifndef OPENSSL_NO_DES || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, @@ -187,23 +187,23 @@ || !TEST_true(compare_with_file(alg, PUB_PEM, membio)) /* Unencrypted private key in PEM form */ || !TEST_true(PEM_write_bio_PrivateKey(membio, pk, - NULL, NULL, 0, NULL, NULL)) + NULL, NULL, 0, NULL, NULL)) || !TEST_true(compare_with_file(alg, PRIV_PEM, membio)) /* NULL key */ || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL, - NULL, NULL, 0, NULL, NULL)) + NULL, NULL, 0, NULL, NULL)) || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL, - NULL, NULL, 0, NULL, NULL))) + NULL, NULL, 0, NULL, NULL))) goto err; ret = 1; - err: +err: BIO_free(membio); return ret; } static int test_print_key_type_using_encoder(const char *alg, int type, - const EVP_PKEY *pk) + const EVP_PKEY *pk) { const char *output_type, *output_structure; int selection; @@ -265,9 +265,9 @@ /* Make a context, it's valid for several prints */ TEST_note("Setting up a OSSL_ENCODER context with passphrase"); if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection, - output_type, - output_structure, - NULL)) + output_type, + output_structure, + NULL)) /* Check that this operation is supported */ || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0)) goto err; @@ -281,8 +281,8 @@ if (type == PRIV_PEM) { /* Set a passphrase to be used later */ if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx, - (unsigned char *)"pass", - 4))) + (unsigned char *)"pass", + 4))) goto err; /* Use a valid cipher name */ @@ -324,7 +324,7 @@ #ifndef OPENSSL_NO_EC static int test_print_key_using_encoder_public(const char *alg, - const EVP_PKEY *pk) + const EVP_PKEY *pk) { int i; int ret = 1; @@ -337,14 +337,14 @@ #endif /* Array indexes used in test_fromdata_rsa */ -#define N 0 -#define E 1 -#define D 2 -#define P 3 -#define Q 4 -#define DP 5 -#define DQ 6 -#define QINV 7 +#define N 0 +#define E 1 +#define D 2 +#define P 3 +#define Q 4 +#define DP 5 +#define DQ 6 +#define QINV 7 static int test_fromdata_rsa(void) { @@ -358,14 +358,14 @@ * openssl genrsa 32 | openssl rsa -text */ static unsigned long key_numbers[] = { - 0xbc747fc5, /* N */ - 0x10001, /* E */ - 0x7b133399, /* D */ - 0xe963, /* P */ - 0xceb7, /* Q */ - 0x8599, /* DP */ - 0xbd87, /* DQ */ - 0xcc3b, /* QINV */ + 0xbc747fc5, /* N */ + 0x10001, /* E */ + 0x7b133399, /* D */ + 0xe963, /* P */ + 0xceb7, /* Q */ + 0x8599, /* DP */ + 0xbd87, /* DQ */ + 0xcc3b, /* QINV */ }; OSSL_PARAM fromdata_params[] = { OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]), @@ -386,7 +386,8 @@ if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params), 1)) + fromdata_params), + 1)) goto err; for (;;) { @@ -415,7 +416,7 @@ copy_pk = NULL; ret = test_print_key_using_pem("RSA", pk) - && test_print_key_using_encoder("RSA", pk); + && test_print_key_using_encoder("RSA", pk); if (!ret || dup_pk != NULL) break; @@ -428,7 +429,7 @@ if (!ret) goto err; } - err: +err: /* for better diagnostics always compare key params */ for (i = 0; fromdata_params[i].key != NULL; ++i) { if (!TEST_true(BN_set_word(bn_from, key_numbers[i])) @@ -462,8 +463,8 @@ static const unsigned char e_data[] = { 0x1, 0x00, 0x01 }; - static const unsigned char d_data[]= { - 0x99, 0x33, 0x13, 0x7b + static const unsigned char d_data[] = { + 0x99, 0x33, 0x13, 0x7b }; /* N is a large buffer */ @@ -480,13 +481,14 @@ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params), 1) + fromdata_params), + 1) || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out)) || !TEST_BN_eq(n, n_out)) goto err; ret = 1; - err: +err: BN_free(n_out); BN_free(n); BN_free(e); @@ -499,7 +501,6 @@ return ret; } - #ifndef OPENSSL_NO_DH static int test_fromdata_dh_named_group(void) { @@ -522,9 +523,34 @@ * -pkeyopt priv_len:224 -text */ static const unsigned char priv_data[] = { - 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d, - 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa, - 0x87, 0xe8, 0xa9, 0x7b, + 0x88, + 0x85, + 0xe7, + 0x9f, + 0xee, + 0x6d, + 0xc5, + 0x7c, + 0x78, + 0xaf, + 0x63, + 0x5d, + 0x38, + 0x2a, + 0xd0, + 0xed, + 0x56, + 0x4b, + 0x47, + 0x21, + 0x2b, + 0xfa, + 0x55, + 0xfa, + 0x87, + 0xe8, + 0xa9, + 0x7b, }; static const unsigned char pub_data[] = { 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, @@ -557,10 +583,10 @@ || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL)) || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_GROUP_NAME, - group_name, 0)) + OSSL_PKEY_PARAM_GROUP_NAME, + group_name, 0)) || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN, - priv_len)) + priv_len)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))) @@ -571,7 +597,8 @@ if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params), 1)) + fromdata_params), + 1)) goto err; /* @@ -580,29 +607,29 @@ * NUL byte. */ if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, - OSSL_PKEY_PARAM_GROUP_NAME, - NULL, sizeof(name_out), - &len)) + OSSL_PKEY_PARAM_GROUP_NAME, + NULL, sizeof(name_out), + &len)) || !TEST_size_t_eq(len, sizeof(group_name) - 1) /* Just enough space to hold the group name and a terminating NUL */ || !TEST_true(EVP_PKEY_get_utf8_string_param(pk, - OSSL_PKEY_PARAM_GROUP_NAME, - name_out, - sizeof(group_name), - &len)) + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name), + &len)) || !TEST_size_t_eq(len, sizeof(group_name) - 1) /* Too small buffer to hold the terminating NUL byte */ || !TEST_false(EVP_PKEY_get_utf8_string_param(pk, - OSSL_PKEY_PARAM_GROUP_NAME, - name_out, - sizeof(group_name) - 1, - &len)) + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name) - 1, + &len)) /* Too small buffer to hold the whole group name, even! */ || !TEST_false(EVP_PKEY_get_utf8_string_param(pk, - OSSL_PKEY_PARAM_GROUP_NAME, - name_out, - sizeof(group_name) - 2, - &len))) + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name) - 2, + &len))) goto err; for (;;) { @@ -614,17 +641,17 @@ goto err; if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, - OSSL_PKEY_PARAM_GROUP_NAME, - name_out, - sizeof(name_out), - &len)) + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(name_out), + &len)) || !TEST_str_eq(name_out, group_name) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY, - &pub_out)) + &pub_out)) || !TEST_BN_eq(pub, pub_out) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY, - &priv_out)) + &priv_out)) || !TEST_BN_eq(priv, priv_out) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p)) || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p) @@ -633,23 +660,23 @@ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g)) || !TEST_BN_eq(&ossl_bignum_const_2, g) || !TEST_false(EVP_PKEY_get_bn_param(pk, - OSSL_PKEY_PARAM_FFC_COFACTOR, - &j)) + OSSL_PKEY_PARAM_FFC_COFACTOR, + &j)) || !TEST_ptr_null(j) || !TEST_false(EVP_PKEY_get_octet_string_param(pk, - OSSL_PKEY_PARAM_FFC_SEED, - seed_out, - sizeof(seed_out), - &len)) + OSSL_PKEY_PARAM_FFC_SEED, + seed_out, + sizeof(seed_out), + &len)) || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX, - &gindex)) + &gindex)) || !TEST_int_eq(gindex, -1) || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H, - &hindex)) + &hindex)) || !TEST_int_eq(hindex, 0) || !TEST_true(EVP_PKEY_get_int_param(pk, - OSSL_PKEY_PARAM_FFC_PCOUNTER, - &pcounter)) + OSSL_PKEY_PARAM_FFC_PCOUNTER, + &pcounter)) || !TEST_int_eq(pcounter, -1)) goto err; BN_free(p); @@ -683,7 +710,7 @@ copy_pk = NULL; ret = test_print_key_using_pem("DH", pk) - && test_print_key_using_encoder("DH", pk); + && test_print_key_using_encoder("DH", pk); if (!ret || dup_pk != NULL) break; @@ -736,46 +763,70 @@ * -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text */ static const unsigned char priv_data[] = { - 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d, - 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa, - 0x87, 0xe8, 0xa9, 0x7b, + 0x88, + 0x85, + 0xe7, + 0x9f, + 0xee, + 0x6d, + 0xc5, + 0x7c, + 0x78, + 0xaf, + 0x63, + 0x5d, + 0x38, + 0x2a, + 0xd0, + 0xed, + 0x56, + 0x4b, + 0x47, + 0x21, + 0x2b, + 0xfa, + 0x55, + 0xfa, + 0x87, + 0xe8, + 0xa9, + 0x7b, }; static const unsigned char pub_data[] = { - 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82, - 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33, - 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64, - 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9, - 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa, - 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d, - 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e, - 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57, - 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5, - 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a, - 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb, - 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22, - 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c, - 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82, - 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14, - 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e, - 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc, - 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1, - 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1, - 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8, - 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf, - 0x33, 0x42, 0x83, 0x42 + 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82, + 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33, + 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64, + 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9, + 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa, + 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d, + 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e, + 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57, + 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5, + 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a, + 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb, + 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22, + 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c, + 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82, + 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14, + 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e, + 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc, + 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1, + 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1, + 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8, + 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf, + 0x33, 0x42, 0x83, 0x42 }; static const char group_name[] = "ffdhe2048"; static const long priv_len = 224; - if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL)) || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_GROUP_NAME, - group_name, 0)) + OSSL_PKEY_PARAM_GROUP_NAME, + group_name, 0)) || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN, - priv_len)) + priv_len)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))) @@ -786,7 +837,8 @@ if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params), 1)) + fromdata_params), + 1)) goto err; for (;;) { @@ -798,16 +850,16 @@ goto err; if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, - OSSL_PKEY_PARAM_GROUP_NAME, - name_out, - sizeof(name_out), - &len)) + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(name_out), + &len)) || !TEST_str_eq(name_out, group_name) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY, - &pub_out)) + &pub_out)) || !TEST_BN_eq(pub, pub_out) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY, - &priv_out)) + &priv_out)) || !TEST_BN_eq(priv, priv_out) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p)) || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p) @@ -816,24 +868,24 @@ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g)) || !TEST_BN_eq(&ossl_bignum_const_2, g) || !TEST_false(EVP_PKEY_get_bn_param(pk, - OSSL_PKEY_PARAM_FFC_COFACTOR, - &j)) + OSSL_PKEY_PARAM_FFC_COFACTOR, + &j)) || !TEST_ptr_null(j) || !TEST_false(EVP_PKEY_get_octet_string_param(pk, - OSSL_PKEY_PARAM_FFC_SEED, - seed_out, - sizeof(seed_out), - &len)) + OSSL_PKEY_PARAM_FFC_SEED, + seed_out, + sizeof(seed_out), + &len)) || !TEST_true(EVP_PKEY_get_int_param(pk, - OSSL_PKEY_PARAM_FFC_GINDEX, - &gindex)) + OSSL_PKEY_PARAM_FFC_GINDEX, + &gindex)) || !TEST_int_eq(gindex, -1) || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H, - &hindex)) + &hindex)) || !TEST_int_eq(hindex, 0) || !TEST_true(EVP_PKEY_get_int_param(pk, - OSSL_PKEY_PARAM_FFC_PCOUNTER, - &pcounter)) + OSSL_PKEY_PARAM_FFC_PCOUNTER, + &pcounter)) || !TEST_int_eq(pcounter, -1)) goto err; BN_free(p); @@ -861,7 +913,7 @@ key_ctx = NULL; ret = test_print_key_using_pem("DH", pk) - && test_print_key_using_encoder("DH", pk); + && test_print_key_using_encoder("DH", pk); if (!ret || dup_pk != NULL) break; @@ -894,17 +946,15 @@ #endif - - #ifndef OPENSSL_NO_EC /* Array indexes used in test_fromdata_ecx */ -# define PRIV_KEY 0 -# define PUB_KEY 1 +#define PRIV_KEY 0 +#define PUB_KEY 1 -# define X25519_IDX 0 -# define X448_IDX 1 -# define ED25519_IDX 2 -# define ED448_IDX 3 +#define X25519_IDX 0 +#define X448_IDX 1 +#define ED25519_IDX 2 +#define ED448_IDX 3 /* * tst uses indexes 0 ... (3 * 4 - 1) @@ -933,16 +983,13 @@ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, - 0x2c, 0x2a - }, + 0x2c, 0x2a }, /* Public Key */ { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, - 0x4e, 0x6a - } - }, + 0x4e, 0x6a } }, /* X448: Keys from RFC 7748 6.2 */ { /* Private Key */ @@ -952,8 +999,7 @@ 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9, 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91, 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2, - 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b - }, + 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b }, /* Public Key */ { 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22, @@ -961,9 +1007,7 @@ 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5, 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4, 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f, - 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0 - } - }, + 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0 } }, /* ED25519: Keys from RFC 8032 */ { /* Private Key */ @@ -971,16 +1015,13 @@ 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84, 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69, 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae, - 0x7f, 0x60 - }, + 0x7f, 0x60 }, /* Public Key */ { 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b, 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3, 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07, - 0x51, 0x1a - } - }, + 0x51, 0x1a } }, /* ED448: Keys from RFC 8032 */ { /* Private Key */ @@ -990,8 +1031,7 @@ 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e, - 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b - }, + 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b }, /* Public Key */ { 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, @@ -999,44 +1039,42 @@ 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, - 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80 - } - } + 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80 } } }; OSSL_PARAM x25519_fromdata_params[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, - key_numbers[X25519_IDX][PRIV_KEY], - X25519_KEYLEN), + key_numbers[X25519_IDX][PRIV_KEY], + X25519_KEYLEN), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, - key_numbers[X25519_IDX][PUB_KEY], - X25519_KEYLEN), + key_numbers[X25519_IDX][PUB_KEY], + X25519_KEYLEN), OSSL_PARAM_END }; OSSL_PARAM x448_fromdata_params[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, - key_numbers[X448_IDX][PRIV_KEY], - X448_KEYLEN), + key_numbers[X448_IDX][PRIV_KEY], + X448_KEYLEN), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, - key_numbers[X448_IDX][PUB_KEY], - X448_KEYLEN), + key_numbers[X448_IDX][PUB_KEY], + X448_KEYLEN), OSSL_PARAM_END }; OSSL_PARAM ed25519_fromdata_params[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, - key_numbers[ED25519_IDX][PRIV_KEY], - ED25519_KEYLEN), + key_numbers[ED25519_IDX][PRIV_KEY], + ED25519_KEYLEN), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, - key_numbers[ED25519_IDX][PUB_KEY], - ED25519_KEYLEN), + key_numbers[ED25519_IDX][PUB_KEY], + ED25519_KEYLEN), OSSL_PARAM_END }; OSSL_PARAM ed448_fromdata_params[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, - key_numbers[ED448_IDX][PRIV_KEY], - ED448_KEYLEN), + key_numbers[ED448_IDX][PRIV_KEY], + ED448_KEYLEN), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, - key_numbers[ED448_IDX][PUB_KEY], - ED448_KEYLEN), + key_numbers[ED448_IDX][PUB_KEY], + ED448_KEYLEN), OSSL_PARAM_END }; OSSL_PARAM *fromdata_params = NULL; @@ -1096,7 +1134,8 @@ if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params), 1)) + fromdata_params), + 1)) goto err; for (;;) { @@ -1113,17 +1152,17 @@ if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0)) goto err; if (!TEST_true(EVP_PKEY_get_octet_string_param( - pk, orig_fromdata_params[PRIV_KEY].key, - out_priv, sizeof(out_priv), &len)) + pk, orig_fromdata_params[PRIV_KEY].key, + out_priv, sizeof(out_priv), &len)) || !TEST_mem_eq(out_priv, len, - orig_fromdata_params[PRIV_KEY].data, - orig_fromdata_params[PRIV_KEY].data_size) + orig_fromdata_params[PRIV_KEY].data, + orig_fromdata_params[PRIV_KEY].data_size) || !TEST_true(EVP_PKEY_get_octet_string_param( - pk, orig_fromdata_params[PUB_KEY].key, - out_pub, sizeof(out_pub), &len)) + pk, orig_fromdata_params[PUB_KEY].key, + out_pub, sizeof(out_pub), &len)) || !TEST_mem_eq(out_pub, len, - orig_fromdata_params[PUB_KEY].data, - orig_fromdata_params[PUB_KEY].data_size)) + orig_fromdata_params[PUB_KEY].data, + orig_fromdata_params[PUB_KEY].data_size)) goto err; } else { /* The private key check should fail if there is only a public key */ @@ -1136,11 +1175,11 @@ ctx2 = NULL; if (!TEST_ptr(copy_pk = EVP_PKEY_new()) - /* This should succeed because there are no parameters to copy */ + /* This should succeed because there are no parameters to copy */ || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk))) goto err; if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL)) - /* This should fail because copy_pk has no pubkey */ + /* This should fail because copy_pk has no pubkey */ || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0)) goto err; EVP_PKEY_CTX_free(ctx2); @@ -1152,7 +1191,7 @@ ret = test_print_key_using_encoder_public(alg, pk); else ret = test_print_key_using_pem(alg, pk) - && test_print_key_using_encoder(alg, pk); + && test_print_key_using_encoder(alg, pk); if (!ret || dup_pk != NULL) break; @@ -1188,28 +1227,28 @@ const char *curve = "prime256v1"; const char bad_curve[] = "nonexistent-curve"; OSSL_PARAM nokey_params[2] = { - OSSL_PARAM_END, - OSSL_PARAM_END + OSSL_PARAM_END, + OSSL_PARAM_END }; /* UNCOMPRESSED FORMAT */ static const unsigned char ec_pub_keydata[] = { - POINT_CONVERSION_UNCOMPRESSED, - 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, - 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, - 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, - 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2, - 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f, - 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d, - 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, - 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 + POINT_CONVERSION_UNCOMPRESSED, + 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, + 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, + 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, + 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2, + 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f, + 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d, + 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, + 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 }; /* SAME BUT COMPRESSED FORMAT */ static const unsigned char ec_pub_keydata_compressed[] = { - POINT_CONVERSION_COMPRESSED+1, - 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, - 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, - 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, - 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2 + POINT_CONVERSION_COMPRESSED + 1, + 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, + 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, + 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, + 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2 }; static const unsigned char ec_priv_keydata[] = { 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, @@ -1229,15 +1268,15 @@ BIGNUM *b = NULL; BIGNUM *p = NULL; - if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())) goto err; if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata, - sizeof(ec_priv_keydata), NULL))) + sizeof(ec_priv_keydata), NULL))) goto err; if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, - curve, 0) <= 0) + curve, 0) + <= 0) goto err; /* * We intentionally provide the input point in compressed format, @@ -1248,8 +1287,9 @@ * format. */ if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, - ec_pub_keydata_compressed, - sizeof(ec_pub_keydata_compressed)) <= 0) + ec_pub_keydata_compressed, + sizeof(ec_pub_keydata_compressed)) + <= 0) goto err; if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0) goto err; @@ -1260,18 +1300,19 @@ goto err; /* try importing parameters with bad curve first */ - nokey_params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - (char *)bad_curve, sizeof(bad_curve)); + nokey_params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + (char *)bad_curve, sizeof(bad_curve)); if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS, - nokey_params), 0) + nokey_params), + 0) || !TEST_ptr_null(pk)) goto err; if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params), 1)) + fromdata_params), + 1)) goto err; for (;;) { @@ -1290,11 +1331,11 @@ if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk)) || !TEST_ptr(OSSL_PARAM_locate_const(gettable, - OSSL_PKEY_PARAM_GROUP_NAME)) + OSSL_PKEY_PARAM_GROUP_NAME)) || !TEST_ptr(OSSL_PARAM_locate_const(gettable, - OSSL_PKEY_PARAM_PUB_KEY)) + OSSL_PKEY_PARAM_PUB_KEY)) || !TEST_ptr(OSSL_PARAM_locate_const(gettable, - OSSL_PKEY_PARAM_PRIV_KEY))) + OSSL_PKEY_PARAM_PRIV_KEY))) goto err; if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve))) @@ -1323,12 +1364,12 @@ group_b = NULL; if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME, - out_curve_name, - sizeof(out_curve_name), - &len) + out_curve_name, + sizeof(out_curve_name), + &len) || !TEST_str_eq(out_curve_name, curve) || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY, - out_pub, sizeof(out_pub), &len) + out_pub, sizeof(out_pub), &len) /* * Our providers use uncompressed format by default if @@ -1338,17 +1379,17 @@ */ || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED) || !TEST_mem_eq(out_pub + 1, len - 1, - ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1) + ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY, - &bn_priv)) + &bn_priv)) || !TEST_BN_eq(ec_priv_bn, bn_priv)) goto err; BN_free(bn_priv); bn_priv = NULL; ret = test_print_key_using_pem(alg, pk) - && test_print_key_using_encoder(alg, pk); + && test_print_key_using_encoder(alg, pk); if (!ret || dup_pk != NULL) break; @@ -1389,7 +1430,8 @@ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, - NID_X9_62_prime256v1), 0) + NID_X9_62_prime256v1), + 0) || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0) || !TEST_ptr(param)) goto err; @@ -1422,7 +1464,8 @@ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, - NID_X9_62_prime256v1), 0) + NID_X9_62_prime256v1), + 0) || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0) || !TEST_ptr(param)) goto err; @@ -1576,18 +1619,18 @@ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_PKEY_PARAM_FFC_SEED, - seed_data, - sizeof(seed_data))) + OSSL_PKEY_PARAM_FFC_SEED, + seed_data, + sizeof(seed_data))) || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX, - gindex)) + gindex)) || !TEST_true(OSSL_PARAM_BLD_push_int(bld, - OSSL_PKEY_PARAM_FFC_PCOUNTER, - pcounter)) + OSSL_PKEY_PARAM_FFC_PCOUNTER, + pcounter)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, - pub)) + pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, - priv)) + priv)) || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))) goto err; @@ -1596,7 +1639,8 @@ if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params), 1)) + fromdata_params), + 1)) goto err; for (;;) { @@ -1608,44 +1652,44 @@ goto err; if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk, - OSSL_PKEY_PARAM_GROUP_NAME, - name_out, - sizeof(name_out), - &len)) + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(name_out), + &len)) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY, - &pub_out)) + &pub_out)) || !TEST_BN_eq(pub, pub_out) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY, - &priv_out)) + &priv_out)) || !TEST_BN_eq(priv, priv_out) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, - &p_out)) + &p_out)) || !TEST_BN_eq(p, p_out) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, - &q_out)) + &q_out)) || !TEST_BN_eq(q, q_out) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, - &g_out)) + &g_out)) || !TEST_BN_eq(g, g_out) || !TEST_false(EVP_PKEY_get_bn_param(pk, - OSSL_PKEY_PARAM_FFC_COFACTOR, - &j_out)) + OSSL_PKEY_PARAM_FFC_COFACTOR, + &j_out)) || !TEST_ptr_null(j_out) || !TEST_true(EVP_PKEY_get_octet_string_param(pk, - OSSL_PKEY_PARAM_FFC_SEED, - seed_out, - sizeof(seed_out), - &len)) + OSSL_PKEY_PARAM_FFC_SEED, + seed_out, + sizeof(seed_out), + &len)) || !TEST_true(EVP_PKEY_get_int_param(pk, - OSSL_PKEY_PARAM_FFC_GINDEX, - &gindex_out)) + OSSL_PKEY_PARAM_FFC_GINDEX, + &gindex_out)) || !TEST_int_eq(gindex, gindex_out) || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H, - &hindex_out)) + &hindex_out)) || !TEST_int_eq(hindex_out, 0) || !TEST_true(EVP_PKEY_get_int_param(pk, - OSSL_PKEY_PARAM_FFC_PCOUNTER, - &pcounter_out)) + OSSL_PKEY_PARAM_FFC_PCOUNTER, + &pcounter_out)) || !TEST_int_eq(pcounter, pcounter_out)) goto err; BN_free(p_out); @@ -1679,7 +1723,7 @@ copy_pk = NULL; ret = test_print_key_using_pem("DSA", pk) - && test_print_key_using_encoder("DSA", pk); + && test_print_key_using_encoder("DSA", pk); if (!ret || dup_pk != NULL) break; @@ -1693,7 +1737,7 @@ goto err; } - err: +err: OSSL_PARAM_free(fromdata_params); OSSL_PARAM_BLD_free(bld); BN_free(p); @@ -1725,30 +1769,29 @@ || !TEST_int_le(EVP_PKEY_public_check(ctx), 0) || !TEST_int_le(EVP_PKEY_private_check(ctx), 0) || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0)) - goto err; + goto err; ret = 1; - err: +err: EVP_PKEY_CTX_free(ctx); return ret; } #endif /* OPENSSL_NO_DSA */ - static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key, - size_t keylen, char *salt) + size_t keylen, char *salt) { OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5); OSSL_PARAM *p = params; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - salt, strlen(salt)); + salt, strlen(salt)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)key, keylen); + (unsigned char *)key, keylen); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, - "EXTRACT_ONLY", 0); + "EXTRACT_ONLY", 0); *p = OSSL_PARAM_construct_end(); return params; @@ -1763,7 +1806,7 @@ OSSL_PARAM *params = NULL; if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6, - "salt"))) + "salt"))) goto err; if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL))) goto err; @@ -1782,6 +1825,53 @@ return ret; } +static const char *name_dup_algs[] = { +#ifndef OPENSSL_NO_ECX + "ED25519", +#endif +#ifndef OPENSSL_NO_ML_KEM + "ML-KEM-512", +#endif +#ifndef OPENSSL_NO_ML_DSA + "ML-DSA-44", +#endif + NULL +}; + +static int test_name_dup(int idx) +{ + const char *alg = name_dup_algs[idx]; + EVP_PKEY *key = NULL; + EVP_PKEY_CTX *factory = NULL, *ctx = NULL; + int i, ret = 0; + + if (alg == NULL + || (factory = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL)) == NULL) + return 1; + TEST_info("Testing fresh context dup for: %s", alg); + + /* Run twice to check that *repeated* use works */ + for (i = 0; i < 2; ++i) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(key); + key = NULL; + if (!TEST_ptr(ctx = EVP_PKEY_CTX_dup(factory)) + || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_keygen(ctx, &key), 0)) { + ERR_print_errors(bio_err); + goto end; + } + } + ret = 1; + +end: + EVP_PKEY_CTX_free(factory); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(key); + + return ret; +} + int setup_tests(void) { if (!test_skip_common_options()) { @@ -1793,6 +1883,7 @@ return 0; ADD_TEST(test_evp_pkey_ctx_dup_kdf_fail); + ADD_ALL_TESTS(test_name_dup, OSSL_NELEM(name_dup_algs)); ADD_TEST(test_evp_pkey_get_bn_param_large); ADD_TEST(test_fromdata_rsa); #ifndef OPENSSL_NO_DH --- crypto/openssl/test/evp_test.c.orig +++ crypto/openssl/test/evp_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,14 +36,14 @@ /* Structure holding test information */ typedef struct evp_test_st { - STANZA s; /* Common test stanza */ + STANZA s; /* Common test stanza */ char *name; - int skip; /* Current test should be skipped */ - const EVP_TEST_METHOD *meth; /* method for this test */ - const char *err, *aux_err; /* Error string for test */ - char *expected_err; /* Expected error value of test */ - char *reason; /* Expected error reason string */ - void *data; /* test specific data */ + int skip; /* Current test should be skipped */ + const EVP_TEST_METHOD *meth; /* method for this test */ + const char *err, *aux_err; /* Error string for test */ + char *expected_err; /* Expected error value of test */ + char *reason; /* Expected error reason string */ + void *data; /* test specific data */ } EVP_TEST; /* Test method structure */ @@ -51,13 +51,13 @@ /* Name of test as it appears in file */ const char *name; /* Initialise test for "alg" */ - int (*init) (EVP_TEST * t, const char *alg); + int (*init)(EVP_TEST *t, const char *alg); /* Clean up method */ - void (*cleanup) (EVP_TEST * t); + void (*cleanup)(EVP_TEST *t); /* Test specific name value pair processing */ - int (*parse) (EVP_TEST * t, const char *name, const char *value); + int (*parse)(EVP_TEST *t, const char *name, const char *value); /* Run the test itself */ - int (*run_test) (EVP_TEST * t); + int (*run_test)(EVP_TEST *t); }; /* Linked list of named keys. */ @@ -96,8 +96,8 @@ * case without producing unnecessary test framework output. */ static int memory_err_compare(EVP_TEST *t, const char *err, - const void *expected, size_t expected_len, - const void *got, size_t got_len) + const void *expected, size_t expected_len, + const void *got, size_t got_len) { int r; @@ -131,7 +131,7 @@ /* append buffer to a list */ static int evp_test_buffer_append(const char *value, - STACK_OF(EVP_TEST_BUFFER) **sk) + STACK_OF(EVP_TEST_BUFFER) **sk) { EVP_TEST_BUFFER *db = NULL; @@ -157,7 +157,7 @@ /* replace last buffer in list with copies of itself */ static int evp_test_buffer_ncopy(const char *value, - STACK_OF(EVP_TEST_BUFFER) *sk) + STACK_OF(EVP_TEST_BUFFER) *sk) { EVP_TEST_BUFFER *db; unsigned char *tbuf, *p; @@ -185,7 +185,7 @@ /* set repeat count for last buffer in list */ static int evp_test_buffer_set_count(const char *value, - STACK_OF(EVP_TEST_BUFFER) *sk) + STACK_OF(EVP_TEST_BUFFER) *sk) { EVP_TEST_BUFFER *db; int count = atoi(value); @@ -207,10 +207,10 @@ /* call "fn" with each element of the list in turn */ static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk, - int (*fn)(void *ctx, - const unsigned char *buf, - size_t buflen), - void *ctx) + int (*fn)(void *ctx, + const unsigned char *buf, + size_t buflen), + void *ctx) { int i; @@ -231,8 +231,8 @@ * Return an allocated buffer, set |out_len|. If |input_len| * is zero, get an empty buffer but set length to zero. */ -static unsigned char* unescape(const char *input, size_t input_len, - size_t *out_len) +static unsigned char *unescape(const char *input, size_t input_len, + size_t *out_len) { unsigned char *ret, *p; size_t i; @@ -263,7 +263,7 @@ *out_len = p - ret; return ret; - err: +err: OPENSSL_free(ret); return NULL; } @@ -352,8 +352,10 @@ if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, NULL)) == NULL && (digest = EVP_get_digestbyname(alg)) == NULL) return 0; - if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) + if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) { + EVP_MD_free(fetched_digest); return 0; + } t->data = mdat; mdat->digest = digest; mdat->fetched_digest = fetched_digest; @@ -373,7 +375,7 @@ } static int digest_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { DIGEST_DATA *mdata = t->data; @@ -410,8 +412,7 @@ if (!TEST_ptr(mctx = EVP_MD_CTX_new())) goto err; - got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ? - expected->output_len : EVP_MAX_MD_SIZE); + got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ? expected->output_len : EVP_MAX_MD_SIZE); if (!TEST_ptr(got)) goto err; @@ -421,7 +422,7 @@ } if (expected->pad_type > 0) { params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE, - &expected->pad_type); + &expected->pad_type); params[1] = OSSL_PARAM_construct_end(); if (!TEST_int_gt(EVP_MD_CTX_set_params(mctx, params), 0)) { t->err = "PARAMS_ERROR"; @@ -473,31 +474,31 @@ goto err; } if (!memory_err_compare(t, "DIGEST_MISMATCH", - expected->output, expected->output_len, - got, got_len)) + expected->output, expected->output_len, + got, got_len)) goto err; t->err = NULL; /* Test the EVP_Q_digest interface as well */ if (sk_EVP_TEST_BUFFER_num(expected->input) == 1 - && !xof - /* This should never fail but we need the returned pointer now */ - && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0)) - && !inbuf->count_set) { + && !xof + /* This should never fail but we need the returned pointer now */ + && !TEST_ptr(inbuf = sk_EVP_TEST_BUFFER_value(expected->input, 0)) + && !inbuf->count_set) { OPENSSL_cleanse(got, got_len); if (!TEST_true(EVP_Q_digest(libctx, - EVP_MD_get0_name(expected->fetched_digest), - NULL, inbuf->buf, inbuf->buflen, - got, &size)) - || !TEST_mem_eq(got, size, - expected->output, expected->output_len)) { + EVP_MD_get0_name(expected->fetched_digest), + NULL, inbuf->buf, inbuf->buflen, + got, &size)) + || !TEST_mem_eq(got, size, + expected->output, expected->output_len)) { t->err = "EVP_Q_digest failed"; goto err; } } - err: +err: OPENSSL_free(got); EVP_MD_CTX_free(mctx); return 1; @@ -609,7 +610,7 @@ } static int cipher_test_parse(EVP_TEST *t, const char *keyword, - const char *value) + const char *value) { CIPHER_DATA *cdat = t->data; int i; @@ -688,7 +689,7 @@ } static int cipher_test_enc(EVP_TEST *t, int enc, - size_t out_misalign, size_t inp_misalign, int frag) + size_t out_misalign, size_t inp_misalign, int frag) { CIPHER_DATA *expected = t->data; unsigned char *in, *expected_out, *tmp = NULL; @@ -697,8 +698,8 @@ EVP_CIPHER_CTX *ctx_base = NULL; EVP_CIPHER_CTX *ctx = NULL; int fips_dupctx_supported = (fips_provider_version_gt(libctx, 3, 0, 12) - && fips_provider_version_lt(libctx, 3, 1, 0)) - || fips_provider_version_ge(libctx, 3, 1, 3); + && fips_provider_version_lt(libctx, 3, 1, 0)) + || fips_provider_version_ge(libctx, 3, 1, 3); t->err = "TEST_FAILURE"; if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new())) @@ -733,12 +734,10 @@ * past inp_misalign in expression below. Output will be written * past out_misalign... */ - tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + - inp_misalign + in_len); + tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + inp_misalign + in_len); if (!tmp) goto err; - in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + - inp_misalign, in, in_len); + in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + inp_misalign, in, in_len); } if (!EVP_CipherInit_ex(ctx_base, expected->cipher, NULL, NULL, NULL, enc)) { t->err = "CIPHERINIT_ERROR"; @@ -748,8 +747,8 @@ OSSL_PARAM params[2]; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, - (char *)expected->cts_mode, - 0); + (char *)expected->cts_mode, + 0); params[1] = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_set_params(ctx_base, params)) { t->err = "INVALID_CTS_MODE"; @@ -759,7 +758,8 @@ if (expected->iv) { if (expected->aead) { if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_IVLEN, - expected->iv_len, 0) <= 0) { + expected->iv_len, 0) + <= 0) { t->err = "INVALID_IV_LENGTH"; goto err; } @@ -783,13 +783,14 @@ } if (tag || expected->aead != EVP_CIPH_GCM_MODE) { if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_AEAD_SET_TAG, - expected->tag_len, tag) <= 0) + expected->tag_len, tag) + <= 0) goto err; } } if (expected->rounds > 0) { - int rounds = (int)expected->rounds; + int rounds = (int)expected->rounds; if (EVP_CIPHER_CTX_ctrl(ctx_base, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL) <= 0) { t->err = "INVALID_ROUNDS"; @@ -821,7 +822,7 @@ if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv))) || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 && !TEST_mem_eq(expected->iv, expected->iv_len, iv, - expected->iv_len))) { + expected->iv_len))) { t->err = "INVALID_IV"; goto err; } @@ -832,7 +833,7 @@ if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) { if (fips_dupctx_supported) { TEST_info("Doing a copy of Cipher %s Fails!\n", - EVP_CIPHER_get0_name(expected->cipher)); + EVP_CIPHER_get0_name(expected->cipher)); ERR_print_errors_fp(stderr); goto err; } else { @@ -848,8 +849,9 @@ if (expected->mac_key != NULL && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, - (int)expected->mac_key_len, - (void *)expected->mac_key) <= 0) { + (int)expected->mac_key_len, + (void *)expected->mac_key) + <= 0) { t->err = "SET_MAC_KEY_ERROR"; goto err; } @@ -858,7 +860,7 @@ OSSL_PARAM params[2]; params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, - &expected->tls_version); + &expected->tls_version); params[1] = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_set_params(ctx, params)) { t->err = "SET_TLS_VERSION_ERROR"; @@ -877,7 +879,7 @@ if (!frag) { for (i = 0; expected->aad[i] != NULL; i++) { if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad[i], - expected->aad_len[i])) + expected->aad_len[i])) goto err; } } else { @@ -892,14 +894,14 @@ } if (expected->aad_len[i] > 2) { if (!EVP_CipherUpdate(ctx, NULL, &chunklen, - expected->aad[i] + donelen, - expected->aad_len[i] - 2)) + expected->aad[i] + donelen, + expected->aad_len[i] - 2)) goto err; donelen += expected->aad_len[i] - 2; } if (expected->aad_len[i] > 1 && !EVP_CipherUpdate(ctx, NULL, &chunklen, - expected->aad[i] + donelen, 1)) + expected->aad[i] + donelen, 1)) goto err; } } @@ -911,11 +913,12 @@ /* duplicate the aad as the implementation might modify it */ if ((tls_aad = OPENSSL_memdup(expected->aad[0], - expected->aad_len[0])) == NULL) + expected->aad_len[0])) + == NULL) goto err; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, - tls_aad, - expected->aad_len[0]); + tls_aad, + expected->aad_len[0]); params[1] = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_set_params(ctx, params)) { OPENSSL_free(tls_aad); @@ -923,10 +926,10 @@ goto err; } OPENSSL_free(tls_aad); - } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE - || expected->tag_late)) { + } else if (!enc && (expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late)) { if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - expected->tag_len, expected->tag) <= 0) { + expected->tag_len, expected->tag) + <= 0) { t->err = "TAG_SET_ERROR"; goto err; } @@ -950,15 +953,15 @@ } if (in_len > 1) { if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, - in, in_len - 1)) + in, in_len - 1)) goto err; tmplen += chunklen; in += in_len - 1; in_len = 1; } - if (in_len > 0 ) { + if (in_len > 0) { if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, - in, 1)) + in, 1)) goto err; tmplen += chunklen; } @@ -979,7 +982,7 @@ out_len = tmplen + tmpflen; } if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len, - tmp + out_misalign, tmplen + tmpflen)) + tmp + out_misalign, tmplen + tmpflen)) goto err; if (enc && expected->aead && !expected->tls_aad) { unsigned char rtag[16]; @@ -989,13 +992,14 @@ goto err; } if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - expected->tag_len, rtag) <= 0) { + expected->tag_len, rtag) + <= 0) { t->err = "TAG_RETRIEVE_ERROR"; goto err; } if (!memory_err_compare(t, "TAG_VALUE_MISMATCH", - expected->tag, expected->tag_len, - rtag, expected->tag_len)) + expected->tag, expected->tag_len, + rtag, expected->tag_len)) goto err; } /* Check the updated IV */ @@ -1005,7 +1009,7 @@ if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv, - expected->iv_len))) { + expected->iv_len))) { t->err = "INVALID_NEXT_IV"; goto err; } @@ -1013,7 +1017,7 @@ t->err = NULL; ok = 1; - err: +err: OPENSSL_free(tmp); if (ctx != ctx_base) EVP_CIPHER_CTX_free(ctx_base); @@ -1050,15 +1054,15 @@ if (inp_misalign == (size_t)-1) { /* kludge: inp_misalign == -1 means "exercise in-place" */ BIO_snprintf(aux_err, sizeof(aux_err), - "%s in-place, %sfragmented", - out_misalign ? "misaligned" : "aligned", - frag ? "" : "not "); + "%s in-place, %sfragmented", + out_misalign ? "misaligned" : "aligned", + frag ? "" : "not "); } else { BIO_snprintf(aux_err, sizeof(aux_err), - "%s output and %s input, %sfragmented", - out_misalign ? "misaligned" : "aligned", - inp_misalign ? "misaligned" : "aligned", - frag ? "" : "not "); + "%s output and %s input, %sfragmented", + out_misalign ? "misaligned" : "aligned", + inp_misalign ? "misaligned" : "aligned", + frag ? "" : "not "); } if (cdat->enc) { rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag); @@ -1113,7 +1117,6 @@ cipher_test_run }; - /** ** MAC TESTS **/ @@ -1121,8 +1124,8 @@ typedef struct mac_data_st { /* MAC type in one form or another */ char *mac_name; - EVP_MAC *mac; /* for mac_test_run_mac */ - int type; /* for mac_test_run_pkey */ + EVP_MAC *mac; /* for mac_test_run_mac */ + int type; /* for mac_test_run_pkey */ /* Algorithm string for this MAC */ char *alg; /* MAC key */ @@ -1234,7 +1237,7 @@ } static int mac_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { MAC_DATA *mdata = t->data; @@ -1283,7 +1286,7 @@ } static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx, - const char *value) + const char *value) { int rv = 0; char *p, *tmpval; @@ -1325,7 +1328,7 @@ TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type)); else TEST_info("Trying the EVP_PKEY %s test with %s", - OBJ_nid2sn(expected->type), expected->alg); + OBJ_nid2sn(expected->type), expected->alg); if (expected->type == EVP_PKEY_CMAC) { #ifdef OPENSSL_NO_DEPRECATED_3_0 @@ -1348,13 +1351,13 @@ } tmpctx = OSSL_LIB_CTX_set0_default(libctx); key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len, - cipher); + cipher); OSSL_LIB_CTX_set0_default(tmpctx); #endif } else { key = EVP_PKEY_new_raw_private_key_ex(libctx, - OBJ_nid2sn(expected->type), NULL, - expected->key, expected->key_len); + OBJ_nid2sn(expected->type), NULL, + expected->key, expected->key_len); } if (key == NULL) { t->err = "MAC_KEY_CREATE_ERROR"; @@ -1380,8 +1383,8 @@ } for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) if (!mac_test_ctrl_pkey(t, pctx, - sk_OPENSSL_STRING_value(expected->controls, - i))) { + sk_OPENSSL_STRING_value(expected->controls, + i))) { t->err = "EVPPKEYCTXCTRL_ERROR"; goto err; } @@ -1398,14 +1401,14 @@ goto err; } if (!EVP_DigestSignFinal(mctx, got, &got_len) - || !memory_err_compare(t, "TEST_MAC_ERR", - expected->output, expected->output_len, - got, got_len)) { + || !memory_err_compare(t, "TEST_MAC_ERR", + expected->output, expected->output_len, + got, got_len)) { t->err = "TEST_MAC_ERR"; goto err; } t->err = NULL; - err: +err: EVP_CIPHER_free(cipher); EVP_MD_CTX_free(mctx); OPENSSL_free(got); @@ -1425,8 +1428,7 @@ OSSL_PARAM params[21], sizes[3], *psizes = sizes; size_t params_n = 0; size_t params_n_allocstart = 0; - const OSSL_PARAM *defined_params = - EVP_MAC_settable_ctx_params(expected->mac); + const OSSL_PARAM *defined_params = EVP_MAC_settable_ctx_params(expected->mac); int xof; int reinit = 1; @@ -1434,7 +1436,7 @@ TEST_info("Trying the EVP_MAC %s test", expected->mac_name); else TEST_info("Trying the EVP_MAC %s test with %s", - expected->mac_name, expected->alg); + expected->mac_name, expected->alg); if (expected->alg != NULL) { int skip = 0; @@ -1445,21 +1447,21 @@ * should be and bet on that. */ if (OSSL_PARAM_locate_const(defined_params, - OSSL_MAC_PARAM_CIPHER) != NULL) { + OSSL_MAC_PARAM_CIPHER) + != NULL) { if (is_cipher_disabled(expected->alg)) skip = 1; else - params[params_n++] = - OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - expected->alg, 0); + params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, + expected->alg, 0); } else if (OSSL_PARAM_locate_const(defined_params, - OSSL_MAC_PARAM_DIGEST) != NULL) { + OSSL_MAC_PARAM_DIGEST) + != NULL) { if (is_digest_disabled(expected->alg)) skip = 1; else - params[params_n++] = - OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - expected->alg, 0); + params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + expected->alg, 0); } else { t->err = "MAC_BAD_PARAMS"; goto err; @@ -1472,20 +1474,17 @@ } } if (expected->custom != NULL) - params[params_n++] = - OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM, - expected->custom, - expected->custom_len); + params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM, + expected->custom, + expected->custom_len); if (expected->salt != NULL) - params[params_n++] = - OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT, - expected->salt, - expected->salt_len); + params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT, + expected->salt, + expected->salt_len); if (expected->iv != NULL) - params[params_n++] = - OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, - expected->iv, - expected->iv_len); + params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, + expected->iv, + expected->iv_len); /* Unknown controls. They must match parameters that the MAC recognizes */ if (params_n + sk_OPENSSL_STRING_num(expected->controls) @@ -1508,9 +1507,9 @@ if (tmpval == NULL || !OSSL_PARAM_allocate_from_text(¶ms[params_n], - defined_params, - tmpkey, tmpval, - strlen(tmpval), NULL)) { + defined_params, + tmpkey, tmpval, + strlen(tmpval), NULL)) { OPENSSL_free(tmpkey); t->err = "MAC_PARAM_ERROR"; goto err; @@ -1555,10 +1554,10 @@ } if (expected->output_size >= 0) *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, - &output_size); + &output_size); if (expected->block_size >= 0) *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE, - &block_size); + &block_size); if (psizes != sizes) { *psizes = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) { @@ -1566,17 +1565,17 @@ goto err; } if (expected->output_size >= 0 - && !TEST_int_eq(output_size, expected->output_size)) { + && !TEST_int_eq(output_size, expected->output_size)) { t->err = "TEST_FAILURE"; goto err; } if (expected->block_size >= 0 - && !TEST_int_eq(block_size, expected->block_size)) { + && !TEST_int_eq(block_size, expected->block_size)) { t->err = "TEST_FAILURE"; goto err; } } - retry: +retry: if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) { t->err = "MAC_UPDATE_ERROR"; goto err; @@ -1589,8 +1588,8 @@ } if (!EVP_MAC_finalXOF(ctx, got, expected->output_len) || !memory_err_compare(t, "TEST_MAC_ERR", - expected->output, expected->output_len, - got, expected->output_len)) { + expected->output, expected->output_len, + got, expected->output_len)) { t->err = "MAC_FINAL_ERROR"; goto err; } @@ -1605,8 +1604,8 @@ } if (!EVP_MAC_final(ctx, got, &got_len, got_len) || !memory_err_compare(t, "TEST_MAC_ERR", - expected->output, expected->output_len, - got, got_len)) { + expected->output, expected->output_len, + got, got_len)) { t->err = "TEST_MAC_ERR"; goto err; } @@ -1618,10 +1617,9 @@ /* If the MAC uses IV, we have to set it again */ if (expected->iv != NULL) { - ivparams[0] = - OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, - expected->iv, - expected->iv_len); + ivparams[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, + expected->iv, + expected->iv_len); ivparams[1] = OSSL_PARAM_construct_end(); } ERR_set_mark(); @@ -1651,17 +1649,17 @@ if (!xof) { OPENSSL_cleanse(got, got_len); if (!TEST_true(EVP_Q_mac(libctx, expected->mac_name, NULL, - expected->alg, params, - expected->key, expected->key_len, - expected->input, expected->input_len, - got, got_len, &size)) - || !TEST_mem_eq(got, size, - expected->output, expected->output_len)) { + expected->alg, params, + expected->key, expected->key_len, + expected->input, expected->input_len, + got, got_len, &size)) + || !TEST_mem_eq(got, size, + expected->output, expected->output_len)) { t->err = "EVP_Q_mac failed"; goto err; } } - err: +err: while (params_n-- > params_n_allocstart) { OPENSSL_free(params[params_n].data); } @@ -1687,7 +1685,6 @@ mac_test_run }; - /** ** PUBLIC KEY TESTS ** These are all very similar and share much common code. @@ -1697,9 +1694,9 @@ /* Context for this operation */ EVP_PKEY_CTX *ctx; /* Key operation to perform */ - int (*keyop) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); + int (*keyop)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); /* Input to MAC */ unsigned char *input; size_t input_len; @@ -1713,12 +1710,12 @@ * the appropriate initialisation function */ static int pkey_test_init(EVP_TEST *t, const char *name, - int use_public, - int (*keyopinit) (EVP_PKEY_CTX *ctx), - int (*keyop)(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)) + int use_public, + int (*keyopinit)(EVP_PKEY_CTX *ctx), + int (*keyop)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) { PKEY_DATA *kdata; EVP_PKEY *pkey = NULL; @@ -1760,7 +1757,7 @@ } static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, - const char *value) + const char *value) { int rv = 0; char *p, *tmpval; @@ -1790,7 +1787,7 @@ } static int pkey_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { PKEY_DATA *kdata = t->data; if (strcmp(keyword, "Input") == 0) @@ -1810,19 +1807,21 @@ EVP_PKEY_CTX *copy = NULL; if (expected->keyop(expected->ctx, NULL, &got_len, - expected->input, expected->input_len) <= 0 - || !TEST_ptr(got = OPENSSL_malloc(got_len))) { + expected->input, expected->input_len) + <= 0 + || !TEST_ptr(got = OPENSSL_malloc(got_len))) { t->err = "KEYOP_LENGTH_ERROR"; goto err; } if (expected->keyop(expected->ctx, got, &got_len, - expected->input, expected->input_len) <= 0) { + expected->input, expected->input_len) + <= 0) { t->err = "KEYOP_ERROR"; goto err; } if (!memory_err_compare(t, "KEYOP_MISMATCH", - expected->output, expected->output_len, - got, got_len)) + expected->output, expected->output_len, + got, got_len)) goto err; t->err = NULL; @@ -1835,22 +1834,24 @@ goto err; } if (expected->keyop(copy, NULL, &got_len, expected->input, - expected->input_len) <= 0 - || !TEST_ptr(got = OPENSSL_malloc(got_len))) { + expected->input_len) + <= 0 + || !TEST_ptr(got = OPENSSL_malloc(got_len))) { t->err = "KEYOP_LENGTH_ERROR"; goto err; } if (expected->keyop(copy, got, &got_len, expected->input, - expected->input_len) <= 0) { + expected->input_len) + <= 0) { t->err = "KEYOP_ERROR"; goto err; } if (!memory_err_compare(t, "KEYOP_MISMATCH", - expected->output, expected->output_len, - got, got_len)) + expected->output, expected->output_len, + got, got_len)) goto err; - err: +err: OPENSSL_free(got); EVP_PKEY_CTX_free(copy); return 1; @@ -1872,7 +1873,7 @@ static int verify_recover_test_init(EVP_TEST *t, const char *name) { return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init, - EVP_PKEY_verify_recover); + EVP_PKEY_verify_recover); } static const EVP_TEST_METHOD pverify_recover_test_method = { @@ -1886,7 +1887,7 @@ static int decrypt_test_init(EVP_TEST *t, const char *name) { return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init, - EVP_PKEY_decrypt); + EVP_PKEY_decrypt); } static const EVP_TEST_METHOD pdecrypt_test_method = { @@ -1907,7 +1908,8 @@ PKEY_DATA *kdata = t->data; if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, - kdata->input, kdata->input_len) <= 0) + kdata->input, kdata->input_len) + <= 0) t->err = "VERIFY_ERROR"; return 1; } @@ -1926,7 +1928,7 @@ } static int pderive_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { PKEY_DATA *kdata = t->data; int validate = 0; @@ -1953,7 +1955,7 @@ OSSL_PARAM params[2]; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, - (char *)value, 0); + (char *)value, 0); params[1] = OSSL_PARAM_construct_end(); if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) return -1; @@ -1963,7 +1965,7 @@ OSSL_PARAM params[2]; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, - (char *)value, 0); + (char *)value, 0); params[1] = OSSL_PARAM_construct_end(); if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) return -1; @@ -1973,7 +1975,7 @@ OSSL_PARAM params[2]; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, - (char *)value, 0); + (char *)value, 0); params[1] = OSSL_PARAM_construct_end(); if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) return -1; @@ -1988,7 +1990,7 @@ return -1; params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &outlen); + &outlen); params[1] = OSSL_PARAM_construct_end(); if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) return -1; @@ -2023,12 +2025,12 @@ goto err; } if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH", - expected->output, expected->output_len, - got, got_len)) + expected->output, expected->output_len, + got, got_len)) goto err; t->err = NULL; - err: +err: OPENSSL_free(got); EVP_PKEY_CTX_free(dctx); return 1; @@ -2042,30 +2044,31 @@ pderive_test_run }; - /** ** PBE TESTS **/ typedef enum pbe_type_enum { PBE_TYPE_INVALID = 0, - PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12 + PBE_TYPE_SCRYPT, + PBE_TYPE_PBKDF2, + PBE_TYPE_PKCS12 } PBE_TYPE; typedef struct pbe_data_st { PBE_TYPE pbe_type; - /* scrypt parameters */ + /* scrypt parameters */ uint64_t N, r, p, maxmem; - /* PKCS#12 parameters */ + /* PKCS#12 parameters */ int id, iter; const EVP_MD *md; - /* password */ + /* password */ unsigned char *pass; size_t pass_len; - /* salt */ + /* salt */ unsigned char *salt; size_t salt_len; - /* Expected output */ + /* Expected output */ unsigned char *key; size_t key_len; } PBE_DATA; @@ -2080,7 +2083,7 @@ TEST_info("Invalid empty integer value"); return -1; } - for (*pr = 0; *p; ) { + for (*pr = 0; *p;) { if (*pr > UINT64_MAX / 10) { TEST_error("Integer overflow in string %s", value); return -1; @@ -2097,7 +2100,7 @@ } static int scrypt_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { PBE_DATA *pdata = t->data; @@ -2114,7 +2117,7 @@ #endif static int pbkdf2_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { PBE_DATA *pdata = t->data; @@ -2134,7 +2137,7 @@ } static int pkcs12_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { PBE_DATA *pdata = t->data; @@ -2184,7 +2187,7 @@ } static int pbe_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { PBE_DATA *pdata = t->data; @@ -2220,39 +2223,42 @@ } if (expected->pbe_type == PBE_TYPE_PBKDF2) { if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len, - expected->salt, expected->salt_len, - expected->iter, expected->md, - expected->key_len, key) == 0) { + expected->salt, expected->salt_len, + expected->iter, expected->md, + expected->key_len, key) + == 0) { t->err = "PBKDF2_ERROR"; goto err; } #ifndef OPENSSL_NO_SCRYPT } else if (expected->pbe_type == PBE_TYPE_SCRYPT) { if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len, - expected->salt, expected->salt_len, - expected->N, expected->r, expected->p, - expected->maxmem, key, expected->key_len) == 0) { + expected->salt, expected->salt_len, + expected->N, expected->r, expected->p, + expected->maxmem, key, expected->key_len) + == 0) { t->err = "SCRYPT_ERROR"; goto err; } #endif } else if (expected->pbe_type == PBE_TYPE_PKCS12) { fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md), - NULL); + NULL); if (fetched_digest == NULL) { t->err = "PKCS12_ERROR"; goto err; } if (PKCS12_key_gen_uni(expected->pass, expected->pass_len, - expected->salt, expected->salt_len, - expected->id, expected->iter, expected->key_len, - key, fetched_digest) == 0) { + expected->salt, expected->salt_len, + expected->id, expected->iter, expected->key_len, + key, fetched_digest) + == 0) { t->err = "PKCS12_ERROR"; goto err; } } if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len, - key, expected->key_len)) + key, expected->key_len)) goto err; t->err = NULL; @@ -2271,7 +2277,6 @@ pbe_test_run }; - /** ** BASE64 TESTS **/ @@ -2309,7 +2314,7 @@ } else { TEST_error("Bad encoding: %s." " Should be one of {canonical, valid, invalid}", - encoding); + encoding); goto err; } t->data = edata; @@ -2329,7 +2334,7 @@ } static int encode_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { ENCODE_DATA *edata = t->data; @@ -2355,13 +2360,12 @@ if (expected->encoding == BASE64_CANONICAL_ENCODING) { if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new()) - || !TEST_ptr(encode_out = - OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len)))) + || !TEST_ptr(encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len)))) goto err; EVP_EncodeInit(encode_ctx); if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, - expected->input, expected->input_len))) + expected->input, expected->input_len))) goto err; output_len = chunk_len; @@ -2370,18 +2374,18 @@ output_len += chunk_len; if (!memory_err_compare(t, "BAD_ENCODING", - expected->output, expected->output_len, - encode_out, output_len)) + expected->output, expected->output_len, + encode_out, output_len)) goto err; } - if (!TEST_ptr(decode_out = - OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len)))) + if (!TEST_ptr(decode_out = OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len)))) goto err; EVP_DecodeInit(decode_ctx); if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output, - expected->output_len) < 0) { + expected->output_len) + < 0) { t->err = "DECODE_ERROR"; goto err; } @@ -2394,15 +2398,15 @@ output_len += chunk_len; if (expected->encoding != BASE64_INVALID_ENCODING - && !memory_err_compare(t, "BAD_DECODING", - expected->input, expected->input_len, - decode_out, output_len)) { + && !memory_err_compare(t, "BAD_DECODING", + expected->input, expected->input_len, + decode_out, output_len)) { t->err = "BAD_DECODING"; goto err; } t->err = NULL; - err: +err: OPENSSL_free(encode_out); OPENSSL_free(decode_out); EVP_ENCODE_CTX_free(decode_ctx); @@ -2418,11 +2422,10 @@ encode_test_run, }; - /** ** RAND TESTS **/ -#define MAX_RAND_REPEATS 15 +#define MAX_RAND_REPEATS 15 typedef struct rand_data_pass_st { unsigned char *entropy; @@ -2436,8 +2439,8 @@ unsigned char *pr_entropyB; unsigned char *output; size_t entropy_len, nonce_len, pers_len, addinA_len, addinB_len, - pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len, - reseed_addin_len; + pr_entropyA_len, pr_entropyB_len, output_len, reseed_entropy_len, + reseed_addin_len; } RAND_DATA_PASS; typedef struct rand_data_st { @@ -2489,7 +2492,7 @@ rdata->n = -1; t->data = rdata; return 1; - err: +err: EVP_RAND_CTX_free(rdata->parent); OPENSSL_free(rdata); return 0; @@ -2520,7 +2523,7 @@ } static int rand_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { RAND_DATA *rdata = t->data; RAND_DATA_PASS *item; @@ -2538,27 +2541,33 @@ return parse_bin(value, &item->entropy, &item->entropy_len); if (strncmp(keyword, "ReseedEntropy.", sizeof("ReseedEntropy")) == 0) return parse_bin(value, &item->reseed_entropy, - &item->reseed_entropy_len); + &item->reseed_entropy_len); if (strncmp(keyword, "Nonce.", sizeof("Nonce")) == 0) return parse_bin(value, &item->nonce, &item->nonce_len); if (strncmp(keyword, "PersonalisationString.", - sizeof("PersonalisationString")) == 0) + sizeof("PersonalisationString")) + == 0) return parse_bin(value, &item->pers, &item->pers_len); if (strncmp(keyword, "ReseedAdditionalInput.", - sizeof("ReseedAdditionalInput")) == 0) + sizeof("ReseedAdditionalInput")) + == 0) return parse_bin(value, &item->reseed_addin, - &item->reseed_addin_len); + &item->reseed_addin_len); if (strncmp(keyword, "AdditionalInputA.", - sizeof("AdditionalInputA")) == 0) + sizeof("AdditionalInputA")) + == 0) return parse_bin(value, &item->addinA, &item->addinA_len); if (strncmp(keyword, "AdditionalInputB.", - sizeof("AdditionalInputB")) == 0) + sizeof("AdditionalInputB")) + == 0) return parse_bin(value, &item->addinB, &item->addinB_len); if (strncmp(keyword, "EntropyPredictionResistanceA.", - sizeof("EntropyPredictionResistanceA")) == 0) + sizeof("EntropyPredictionResistanceA")) + == 0) return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len); if (strncmp(keyword, "EntropyPredictionResistanceB.", - sizeof("EntropyPredictionResistanceB")) == 0) + sizeof("EntropyPredictionResistanceB")) + == 0) return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len); if (strncmp(keyword, "Output.", sizeof("Output")) == 0) return parse_bin(value, &item->output, &item->output_len); @@ -2602,10 +2611,10 @@ *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &expected->use_df); if (expected->cipher != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, - expected->cipher, 0); + expected->cipher, 0); if (expected->digest != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST, - expected->digest, 0); + expected->digest, 0); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0); *p = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params))) @@ -2618,76 +2627,69 @@ p = params; z = item->entropy != NULL ? item->entropy : (unsigned char *)""; *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, - z, item->entropy_len); + z, item->entropy_len); z = item->nonce != NULL ? item->nonce : (unsigned char *)""; *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, - z, item->nonce_len); + z, item->nonce_len); *p = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_RAND_instantiate(expected->parent, strength, - 0, NULL, 0, params))) + 0, NULL, 0, params))) goto err; z = item->pers != NULL ? item->pers : (unsigned char *)""; - if (!TEST_true(EVP_RAND_instantiate - (expected->ctx, strength, - expected->prediction_resistance, z, - item->pers_len, NULL))) + if (!TEST_true(EVP_RAND_instantiate(expected->ctx, strength, + expected->prediction_resistance, z, + item->pers_len, NULL))) goto err; if (item->reseed_entropy != NULL) { - params[0] = OSSL_PARAM_construct_octet_string - (OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy, - item->reseed_entropy_len); + params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->reseed_entropy, + item->reseed_entropy_len); params[1] = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) goto err; - if (!TEST_true(EVP_RAND_reseed - (expected->ctx, expected->prediction_resistance, - NULL, 0, item->reseed_addin, - item->reseed_addin_len))) + if (!TEST_true(EVP_RAND_reseed(expected->ctx, expected->prediction_resistance, + NULL, 0, item->reseed_addin, + item->reseed_addin_len))) goto err; } if (item->pr_entropyA != NULL) { - params[0] = OSSL_PARAM_construct_octet_string - (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA, - item->pr_entropyA_len); + params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyA, + item->pr_entropyA_len); params[1] = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) goto err; } - if (!TEST_true(EVP_RAND_generate - (expected->ctx, got, got_len, - strength, expected->prediction_resistance, - item->addinA, item->addinA_len))) + if (!TEST_true(EVP_RAND_generate(expected->ctx, got, got_len, + strength, expected->prediction_resistance, + item->addinA, item->addinA_len))) goto err; if (item->pr_entropyB != NULL) { - params[0] = OSSL_PARAM_construct_octet_string - (OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB, - item->pr_entropyB_len); + params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, item->pr_entropyB, + item->pr_entropyB_len); params[1] = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) goto err; } - if (!TEST_true(EVP_RAND_generate - (expected->ctx, got, got_len, - strength, expected->prediction_resistance, - item->addinB, item->addinB_len))) + if (!TEST_true(EVP_RAND_generate(expected->ctx, got, got_len, + strength, expected->prediction_resistance, + item->addinB, item->addinB_len))) goto err; if (!TEST_mem_eq(got, got_len, item->output, item->output_len)) goto err; if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx)) - || !TEST_true(EVP_RAND_uninstantiate(expected->parent)) - || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx)) - || !TEST_int_eq(EVP_RAND_get_state(expected->ctx), - EVP_RAND_STATE_UNINITIALISED)) + || !TEST_true(EVP_RAND_uninstantiate(expected->parent)) + || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx)) + || !TEST_int_eq(EVP_RAND_get_state(expected->ctx), + EVP_RAND_STATE_UNINITIALISED)) goto err; } t->err = NULL; ret = 1; - err: +err: if (ret == 0 && i >= 0) TEST_info("Error in test case %d of %d\n", i, expected->n + 1); OPENSSL_free(got); @@ -2702,7 +2704,6 @@ rand_test_run }; - /** ** KDF TESTS **/ @@ -2763,7 +2764,7 @@ } static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, - const char *value) + const char *value) { KDF_DATA *kdata = t->data; int rv; @@ -2779,7 +2780,7 @@ *p++ = '\0'; rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, - strlen(p), NULL); + strlen(p), NULL); *++kdata->p = OSSL_PARAM_construct_end(); if (!rv) { t->err = "KDF_PARAM_ERROR"; @@ -2794,7 +2795,7 @@ } if ((strcmp(name, "cipher") == 0 - || strcmp(name, "cekalg") == 0) + || strcmp(name, "cekalg") == 0) && is_cipher_disabled(p)) { TEST_info("skipping, '%s' is disabled", p); t->skip = 1; @@ -2805,7 +2806,7 @@ } static int kdf_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { KDF_DATA *kdata = t->data; @@ -2835,13 +2836,13 @@ goto err; } if (!memory_err_compare(t, "KDF_MISMATCH", - expected->output, expected->output_len, - got, got_len)) + expected->output, expected->output_len, + got, got_len)) goto err; t->err = NULL; - err: +err: OPENSSL_free(got); return 1; } @@ -2905,7 +2906,7 @@ } static int pkey_kdf_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { PKEY_KDF_DATA *kdata = t->data; @@ -2957,7 +2958,7 @@ } t->err = NULL; - err: +err: OPENSSL_free(got); return 1; } @@ -2988,7 +2989,7 @@ /* Split private and public names. */ if (!TEST_ptr(priv = OPENSSL_strdup(pair)) - || !TEST_ptr(pub = strchr(priv, ':'))) { + || !TEST_ptr(pub = strchr(priv, ':'))) { t->err = "PARSING_ERROR"; goto end; } @@ -3055,12 +3056,12 @@ goto end; } - if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1 ) { - if ( 0 == rv ) { + if ((rv = EVP_PKEY_eq(pair->privk, pair->pubk)) != 1) { + if (0 == rv) { t->err = "KEYPAIR_MISMATCH"; - } else if ( -1 == rv ) { + } else if (-1 == rv) { t->err = "KEYPAIR_TYPE_MISMATCH"; - } else if ( -2 == rv ) { + } else if (-2 == rv) { t->err = "UNSUPPORTED_KEY_COMPARISON"; } else { TEST_error("Unexpected error in key comparison"); @@ -3143,7 +3144,7 @@ } static int keygen_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { KEYGEN_TEST_DATA *keygen = t->data; @@ -3222,7 +3223,7 @@ } DIGESTSIGN_DATA; static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify, - int is_oneshot) + int is_oneshot) { const EVP_MD *md = NULL; DIGESTSIGN_DATA *mdat; @@ -3267,7 +3268,7 @@ } static int digestsigver_test_parse(EVP_TEST *t, - const char *keyword, const char *value) + const char *keyword, const char *value) { DIGESTSIGN_DATA *mdata = t->data; @@ -3286,12 +3287,12 @@ } if (mdata->is_verify) { if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx, - NULL, pkey, NULL)) + NULL, pkey, NULL)) t->err = "DIGESTVERIFYINIT_ERROR"; return 1; } if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL, - pkey, NULL)) + pkey, NULL)) t->err = "DIGESTSIGNINIT_ERROR"; return 1; } @@ -3319,7 +3320,7 @@ } static int digestsign_update_fn(void *ctx, const unsigned char *buf, - size_t buflen) + size_t buflen) { return EVP_DigestSignUpdate(ctx, buf, buflen); } @@ -3331,7 +3332,7 @@ size_t got_len; if (!evp_test_buffer_do(expected->input, digestsign_update_fn, - expected->ctx)) { + expected->ctx)) { t->err = "DIGESTUPDATE_ERROR"; goto err; } @@ -3350,12 +3351,12 @@ goto err; } if (!memory_err_compare(t, "SIGNATURE_MISMATCH", - expected->output, expected->output_len, - got, got_len)) + expected->output, expected->output_len, + got, got_len)) goto err; t->err = NULL; - err: +err: OPENSSL_free(got); return 1; } @@ -3374,7 +3375,7 @@ } static int digestverify_update_fn(void *ctx, const unsigned char *buf, - size_t buflen) + size_t buflen) { return EVP_DigestVerifyUpdate(ctx, buf, buflen); } @@ -3389,7 +3390,8 @@ } if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output, - mdata->output_len) <= 0) + mdata->output_len) + <= 0) t->err = "VERIFY_ERROR"; return 1; } @@ -3414,7 +3416,7 @@ size_t got_len; if (!EVP_DigestSign(expected->ctx, NULL, &got_len, - expected->osin, expected->osin_len)) { + expected->osin, expected->osin_len)) { t->err = "DIGESTSIGN_LENGTH_ERROR"; goto err; } @@ -3424,17 +3426,17 @@ } got_len *= 2; if (!EVP_DigestSign(expected->ctx, got, &got_len, - expected->osin, expected->osin_len)) { + expected->osin, expected->osin_len)) { t->err = "DIGESTSIGN_ERROR"; goto err; } if (!memory_err_compare(t, "SIGNATURE_MISMATCH", - expected->output, expected->output_len, - got, got_len)) + expected->output, expected->output_len, + got, got_len)) goto err; t->err = NULL; - err: +err: OPENSSL_free(got); return 1; } @@ -3457,7 +3459,8 @@ DIGESTSIGN_DATA *mdata = t->data; if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len, - mdata->osin, mdata->osin_len) <= 0) + mdata->osin, mdata->osin_len) + <= 0) t->err = "VERIFY_ERROR"; return 1; } @@ -3470,7 +3473,6 @@ oneshot_digestverify_test_run }; - /** ** PARSING AND DISPATCH **/ @@ -3541,22 +3543,22 @@ if (t->err != NULL && t->expected_err == NULL) { if (t->aux_err != NULL) { TEST_info("%s:%d: Source of above error (%s); unexpected error %s", - t->s.test_file, t->s.start, t->aux_err, t->err); + t->s.test_file, t->s.start, t->aux_err, t->err); } else { TEST_info("%s:%d: Source of above error; unexpected error %s", - t->s.test_file, t->s.start, t->err); + t->s.test_file, t->s.start, t->err); } return 0; } if (t->err == NULL && t->expected_err != NULL) { TEST_info("%s:%d: Succeeded but was expecting %s", - t->s.test_file, t->s.start, t->expected_err); + t->s.test_file, t->s.start, t->expected_err); return 0; } if (strcmp(t->err, t->expected_err) != 0) { TEST_info("%s:%d: Expected %s got %s", - t->s.test_file, t->s.start, t->expected_err, t->err); + t->s.test_file, t->s.start, t->expected_err, t->err); return 0; } @@ -3565,14 +3567,14 @@ if (t->reason == NULL) { TEST_info("%s:%d: Test is missing function or reason code", - t->s.test_file, t->s.start); + t->s.test_file, t->s.start); return 0; } err = ERR_peek_error(); if (err == 0) { TEST_info("%s:%d: Expected error \"%s\" not set", - t->s.test_file, t->s.start, t->reason); + t->s.test_file, t->s.start, t->reason); return 0; } @@ -3580,7 +3582,7 @@ if (reason == NULL) { TEST_info("%s:%d: Expected error \"%s\", no strings available." " Assuming ok.", - t->s.test_file, t->s.start, t->reason); + t->s.test_file, t->s.start, t->reason); return 1; } @@ -3588,7 +3590,7 @@ return 1; TEST_info("%s:%d: Expected error \"%s\", got \"%s\"", - t->s.test_file, t->s.start, t->reason, reason); + t->s.test_file, t->s.start, t->reason, reason); return 0; } @@ -3605,7 +3607,7 @@ /* run the test */ if (t->err == NULL && t->meth->run_test(t) != 1) { TEST_info("%s:%d %s error", - t->s.test_file, t->s.start, t->meth->name); + t->s.test_file, t->s.start, t->meth->name); return 0; } if (!check_test_error(t)) { @@ -3695,9 +3697,8 @@ prov = OSSL_PROVIDER_load(libctx, "fips"); if (prov != NULL) { - params[0] = - OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS, - &check); + params[0] = OSSL_PARAM_construct_int(OSSL_PROV_PARAM_SECURITY_CHECKS, + &check); params[1] = OSSL_PARAM_construct_end(); OSSL_PROVIDER_get_params(prov, params); OSSL_PROVIDER_unload(prov); @@ -3725,7 +3726,7 @@ for (; isspace((unsigned char)(*providers)); providers++) continue; if (*providers == '\0') - break; /* End of the road */ + break; /* End of the road */ for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++) continue; if (*p == '\0') @@ -3733,7 +3734,7 @@ else *p = '\0'; if (OSSL_PROVIDER_available(libctx, providers)) - return 1; /* Found one */ + return 1; /* Found one */ } return 0; } @@ -3779,7 +3780,7 @@ } klist = &public_keys; } else if (strcmp(pp->key, "PrivateKeyRaw") == 0 - || strcmp(pp->key, "PublicKeyRaw") == 0 ) { + || strcmp(pp->key, "PublicKeyRaw") == 0) { char *strnid = NULL, *keydata = NULL; unsigned char *keybin; size_t keylen; @@ -3813,10 +3814,10 @@ } if (klist == &private_keys) pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin, - keylen); + keylen); else pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin, - keylen); + keylen); if (pkey == NULL && !key_unsupported()) { TEST_info("Can't read %s data", pp->key); OPENSSL_free(keybin); @@ -3827,9 +3828,9 @@ } else if (strcmp(pp->key, "Availablein") == 0) { if (!prov_available(pp->value)) { TEST_info("skipping, '%s' provider not available: %s:%d", - pp->value, t->s.test_file, t->s.start); - t->skip = 1; - return 0; + pp->value, t->s.test_file, t->s.start); + t->skip = 1; + return 0; } skipped++; pp++; @@ -3842,9 +3843,9 @@ return 0; } else if (j == 0) { TEST_info("skipping, FIPS provider incompatible version: %s:%d", - t->s.test_file, t->s.start); - t->skip = 1; - return 0; + t->s.test_file, t->s.start); + t->skip = 1; + return 0; } } skipped++; @@ -3891,13 +3892,13 @@ #endif { TEST_info("skipping, Securitycheck is disabled: %s:%d", - t->s.test_file, t->s.start); + t->s.test_file, t->s.start); t->skip = 1; return 0; } } else if (strcmp(pp->key, "Availablein") == 0) { TEST_info("Line %d: 'Availablein' should be the first option", - t->s.curr); + t->s.curr); return 0; } else if (strcmp(pp->key, "Result") == 0) { if (t->expected_err != NULL) { @@ -3923,7 +3924,7 @@ } if (rv < 0) { TEST_info("Line %d: error processing keyword %s = %s\n", - t->s.curr, pp->key, pp->value); + t->s.curr, pp->key, pp->value); return 0; } } @@ -3960,7 +3961,9 @@ clear_test(t); free_key_list(public_keys); + public_keys = NULL; free_key_list(private_keys); + private_keys = NULL; BIO_free(t->s.key); c = t->s.errors; OPENSSL_free(t); @@ -3972,7 +3975,7 @@ static const OPTIONS test_options[] = { OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), { "config", OPT_CONFIG_FILE, '<', - "The configuration file to use for the libctx" }, + "The configuration file to use for the libctx" }, { OPT_HELP_STR, 1, '-', "file\tFile to run tests on.\n" }, { NULL } }; @@ -3992,7 +3995,7 @@ config_file = opt_arg(); break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; @@ -4022,8 +4025,8 @@ } #define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0 -#define STR_ENDS_WITH(str, pre) \ -strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) +#define STR_ENDS_WITH(str, pre) \ + strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) static int is_digest_disabled(const char *name) { --- crypto/openssl/test/exdatatest.c.orig +++ crypto/openssl/test/exdatatest.c @@ -27,7 +27,7 @@ */ static void exnew(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) + int idx, long argl, void *argp) { if (!TEST_int_eq(idx, saved_idx) || !TEST_long_eq(argl, saved_argl) @@ -37,7 +37,7 @@ } static int exdup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **from_d, int idx, long argl, void *argp) + void **from_d, int idx, long argl, void *argp) { if (!TEST_int_eq(idx, saved_idx) || !TEST_long_eq(argl, saved_argl) @@ -48,7 +48,7 @@ } static void exfree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) + int idx, long argl, void *argp) { if (!TEST_int_eq(idx, saved_idx) || !TEST_long_eq(argl, saved_argl) @@ -69,7 +69,7 @@ } MYOBJ_EX_DATA; static void exnew2(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) + int idx, long argl, void *argp) { MYOBJ_EX_DATA *ex_data = OPENSSL_zalloc(sizeof(*ex_data)); @@ -87,9 +87,9 @@ } static int exdup2(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **from_d, int idx, long argl, void *argp) + void **from_d, int idx, long argl, void *argp) { - MYOBJ_EX_DATA **update_ex_data = (MYOBJ_EX_DATA**)from_d; + MYOBJ_EX_DATA **update_ex_data = (MYOBJ_EX_DATA **)from_d; MYOBJ_EX_DATA *ex_data = NULL; if (!TEST_true(idx == saved_idx2 || idx == saved_idx3) @@ -112,7 +112,7 @@ } static void exfree2(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) + int idx, long argl, void *argp) { MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(ad, idx); @@ -156,7 +156,7 @@ static void MYOBJ_sethello2(MYOBJ *obj, char *cp) { - MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2); + MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2); if (TEST_ptr(ex_data)) ex_data->hello = cp; @@ -166,7 +166,7 @@ static char *MYOBJ_gethello2(MYOBJ *obj) { - MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2); + MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2); if (TEST_ptr(ex_data)) return ex_data->hello; @@ -177,11 +177,11 @@ static void MYOBJ_allochello3(MYOBJ *obj, char *cp) { - MYOBJ_EX_DATA* ex_data = NULL; + MYOBJ_EX_DATA *ex_data = NULL; if (TEST_ptr_null(ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx3)) && TEST_true(CRYPTO_alloc_ex_data(CRYPTO_EX_INDEX_APP, obj, - &obj->ex_data, saved_idx3)) + &obj->ex_data, saved_idx3)) && TEST_ptr(ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx3))) ex_data->hello = cp; else @@ -190,7 +190,7 @@ static char *MYOBJ_gethello3(MYOBJ *obj) { - MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx3); + MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx3); if (TEST_ptr(ex_data)) return ex_data->hello; @@ -213,7 +213,7 @@ if (obj != NULL) obj->st |= CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_APP, &obj->ex_data, - &in->ex_data); + &in->ex_data); return obj; } @@ -233,11 +233,11 @@ if (!TEST_ptr(saved_argp = OPENSSL_malloc(1))) goto err; saved_idx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, - saved_argl, saved_argp, - exnew, exdup, exfree); + saved_argl, saved_argp, + exnew, exdup, exfree); saved_idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, - saved_argl, saved_argp, - exnew2, exdup2, exfree2); + saved_argl, saved_argp, + exnew2, exdup2, exfree2); t1 = MYOBJ_new(); t2 = MYOBJ_new(); if (!TEST_int_eq(t1->st, 1) || !TEST_int_eq(t2->st, 1)) @@ -250,8 +250,8 @@ * was initialized. */ saved_idx3 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, - saved_argl, saved_argp, - exnew2, exdup2, exfree2); + saved_argl, saved_argp, + exnew2, exdup2, exfree2); if (!TEST_ptr_null(CRYPTO_get_ex_data(&t1->ex_data, saved_idx3))) goto err; @@ -302,7 +302,7 @@ if (gbl_result) res = 1; - err: +err: MYOBJ_free(t1); MYOBJ_free(t2); MYOBJ_free(t3); --- crypto/openssl/test/exptest.c.orig +++ crypto/openssl/test/exptest.c @@ -20,7 +20,7 @@ #include "testutil.h" -#define NUM_BITS (BN_BITS2 * 4) +#define NUM_BITS (BN_BITS2 * 4) #define BN_print_var(v) test_output_bignum(#v, v) @@ -29,7 +29,7 @@ * returns zero and prints debug output otherwise. */ static int a_is_zero_mod_one(const char *method, const BIGNUM *r, - const BIGNUM *a) + const BIGNUM *a) { if (!BN_is_zero(r)) { TEST_error("%s failed: a ** 0 mod 1 = r (should be 0)", method); @@ -137,7 +137,7 @@ } ret = !failed; - err: +err: BN_free(r); BN_free(a); BN_free(p); @@ -177,21 +177,21 @@ goto err; c = (c % BN_BITS) - BN_BITS2; if (!TEST_true(BN_rand(a, NUM_BITS + c, BN_RAND_TOP_ONE, - BN_RAND_BOTTOM_ANY))) + BN_RAND_BOTTOM_ANY))) goto err; if (!TEST_int_gt(RAND_bytes(&c, 1), 0)) goto err; c = (c % BN_BITS) - BN_BITS2; if (!TEST_true(BN_rand(b, NUM_BITS + c, BN_RAND_TOP_ONE, - BN_RAND_BOTTOM_ANY))) + BN_RAND_BOTTOM_ANY))) goto err; if (!TEST_int_gt(RAND_bytes(&c, 1), 0)) goto err; c = (c % BN_BITS) - BN_BITS2; if (!TEST_true(BN_rand(m, NUM_BITS + c, BN_RAND_TOP_ONE, - BN_RAND_BOTTOM_ODD))) + BN_RAND_BOTTOM_ODD))) goto err; if (!TEST_true(BN_mod(a, a, m, ctx)) @@ -223,7 +223,7 @@ } ret = 1; - err: +err: BN_free(r_mont); BN_free(r_mont_const); BN_free(r_recp); @@ -287,8 +287,8 @@ || !TEST_true(BN_mod_exp_simple(r_simple1, a1, b1, m1, ctx)) || !TEST_true(BN_mod_exp_simple(r_simple2, a2, b2, m2, ctx)) || !TEST_true(BN_mod_exp_mont_consttime_x2(r_mont_const_x2_1, a1, b1, m1, NULL, - r_mont_const_x2_2, a2, b2, m2, NULL, - ctx))) + r_mont_const_x2_2, a2, b2, m2, NULL, + ctx))) goto err; if (!TEST_BN_eq(r_simple1, r_mont_const_x2_1) @@ -312,7 +312,7 @@ } ret = 1; - err: +err: BN_free(r_mont_const_x2_1); BN_free(r_mont_const_x2_2); BN_free(r_simple1); --- crypto/openssl/test/ext_internal_test.c.orig +++ crypto/openssl/test/ext_internal_test.c @@ -85,14 +85,14 @@ if (!TEST_size_t_eq(i, ext_list[i].idx)) { retval = 0; TEST_error("TLSEXT_IDX_%s=%zd, found at=%zd\n", - ext_list[i].name, ext_list[i].idx, i); + ext_list[i].name, ext_list[i].idx, i); } type = ossl_get_extension_type(ext_list[i].idx); if (!TEST_uint_eq(type, ext_list[i].type)) { retval = 0; TEST_error("TLSEXT_IDX_%s=%zd expected=0x%05X got=0x%05X", - ext_list[i].name, ext_list[i].idx, ext_list[i].type, - type); + ext_list[i].name, ext_list[i].idx, ext_list[i].type, + type); } } return retval; --- crypto/openssl/test/fake_rsaprov.c.orig +++ crypto/openssl/test/fake_rsaprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,6 +31,8 @@ static int exptypes_selection; static int query_id; +unsigned fake_rsa_query_operation_name = 0; + struct fake_rsa_keydata { int selection; int status; @@ -65,17 +67,16 @@ return 1; } - static const char *fake_rsa_keymgmt_query(int id) { /* record global for checking */ query_id = id; - return "RSA"; + return fake_rsa_query_operation_name ? NULL : "RSA"; } static int fake_rsa_keymgmt_import(void *keydata, int selection, - const OSSL_PARAM *p) + const OSSL_PARAM *p) { struct fake_rsa_keydata *fake_rsa_key = keydata; @@ -85,73 +86,66 @@ return 1; } -static unsigned char fake_rsa_n[] = - "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" - "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" - "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" - "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" - "\xF5"; +static unsigned char fake_rsa_n[] = "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; static unsigned char fake_rsa_e[] = "\x11"; -static unsigned char fake_rsa_d[] = - "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" - "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" - "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" - "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; +static unsigned char fake_rsa_d[] = "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" + "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" + "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" + "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; -static unsigned char fake_rsa_p[] = - "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" - "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" - "\x0D"; +static unsigned char fake_rsa_p[] = "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" + "\x0D"; -static unsigned char fake_rsa_q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" - "\x89"; +static unsigned char fake_rsa_q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x89"; -static unsigned char fake_rsa_dmp1[] = - "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" - "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; +static unsigned char fake_rsa_dmp1[] = "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" + "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; -static unsigned char fake_rsa_dmq1[] = - "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" - "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" - "\x51"; +static unsigned char fake_rsa_dmq1[] = "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" + "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" + "\x51"; -static unsigned char fake_rsa_iqmp[] = - "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" - "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; +static unsigned char fake_rsa_iqmp[] = "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" + "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; OSSL_PARAM *fake_rsa_key_params(int priv) { if (priv) { OSSL_PARAM params[] = { OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n, - sizeof(fake_rsa_n) -1), + sizeof(fake_rsa_n) - 1), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e, - sizeof(fake_rsa_e) -1), + sizeof(fake_rsa_e) - 1), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, fake_rsa_d, - sizeof(fake_rsa_d) -1), + sizeof(fake_rsa_d) - 1), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, fake_rsa_p, - sizeof(fake_rsa_p) -1), + sizeof(fake_rsa_p) - 1), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, fake_rsa_q, - sizeof(fake_rsa_q) -1), + sizeof(fake_rsa_q) - 1), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, fake_rsa_dmp1, - sizeof(fake_rsa_dmp1) -1), + sizeof(fake_rsa_dmp1) - 1), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, fake_rsa_dmq1, - sizeof(fake_rsa_dmq1) -1), + sizeof(fake_rsa_dmq1) - 1), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, fake_rsa_iqmp, - sizeof(fake_rsa_iqmp) -1), + sizeof(fake_rsa_iqmp) - 1), OSSL_PARAM_END }; return OSSL_PARAM_dup(params); } else { OSSL_PARAM params[] = { OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n, - sizeof(fake_rsa_n) -1), + sizeof(fake_rsa_n) - 1), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e, - sizeof(fake_rsa_e) -1), + sizeof(fake_rsa_e) - 1), OSSL_PARAM_END }; return OSSL_PARAM_dup(params); @@ -159,7 +153,7 @@ } static int fake_rsa_keymgmt_export(void *keydata, int selection, - OSSL_CALLBACK *param_callback, void *cbarg) + OSSL_CALLBACK *param_callback, void *cbarg) { OSSL_PARAM *params = NULL; int ret; @@ -221,13 +215,13 @@ return NULL; /* detach the reference */ - *(struct fake_rsa_keydata **)reference = NULL; + *(struct fake_rsa_keydata **)reference = NULL; return key; } static void *fake_rsa_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { unsigned char *gctx = NULL; @@ -258,12 +252,12 @@ static void fake_rsa_gen_cleanup(void *genctx) { - OPENSSL_free(genctx); + OPENSSL_free(genctx); } static const OSSL_DISPATCH fake_rsa_keymgmt_funcs[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))fake_rsa_keymgmt_new }, - { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))fake_rsa_keymgmt_free} , + { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))fake_rsa_keymgmt_free }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))fake_rsa_keymgmt_has }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, (void (*)(void))fake_rsa_keymgmt_query }, @@ -305,7 +299,7 @@ } static int fake_rsa_sig_sign_init(void *ctx, void *provkey, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { unsigned char *sigctx = ctx; struct fake_rsa_keydata *keydata = provkey; @@ -324,8 +318,8 @@ } static int fake_rsa_sig_sign(void *ctx, unsigned char *sig, - size_t *siglen, size_t sigsize, - const unsigned char *tbs, size_t tbslen) + size_t *siglen, size_t sigsize, + const unsigned char *tbs, size_t tbslen) { unsigned char *sigctx = ctx; @@ -394,14 +388,14 @@ } static int fake_rsa_st_set_ctx_params(void *loaderctx, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { return 1; } static int fake_rsa_st_load(void *loaderctx, - OSSL_CALLBACK *object_cb, void *object_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { unsigned char *storectx = loaderctx; OSSL_PARAM params[4]; @@ -416,15 +410,12 @@ break; if (!TEST_int_gt(fake_rsa_keymgmt_import(key, 0, NULL), 0)) break; - params[0] = - OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - "RSA", 0); + params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + "RSA", 0); /* The address of the key becomes the octet string */ - params[2] = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, - &key, sizeof(*key)); + params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, + &key, sizeof(*key)); params[3] = OSSL_PARAM_construct_end(); rv = object_cb(params, object_cbarg); *storectx = 1; @@ -465,7 +456,7 @@ static const OSSL_DISPATCH fake_rsa_store_funcs[] = { { OSSL_FUNC_STORE_OPEN, (void (*)(void))fake_rsa_st_open }, { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS, - (void (*)(void))fake_rsa_st_settable_ctx_params }, + (void (*)(void))fake_rsa_st_settable_ctx_params }, { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))fake_rsa_st_set_ctx_params }, { OSSL_FUNC_STORE_LOAD, (void (*)(void))fake_rsa_st_load }, { OSSL_FUNC_STORE_EOF, (void (*)(void))fake_rsa_st_eof }, @@ -479,8 +470,8 @@ }; static const OSSL_ALGORITHM *fake_rsa_query(void *provctx, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { *no_cache = 0; switch (operation_id) { @@ -504,8 +495,8 @@ }; static int fake_rsa_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, void **provctx) { if (!TEST_ptr(*provctx = OSSL_LIB_CTX_new())) return 0; @@ -518,8 +509,8 @@ OSSL_PROVIDER *p; if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "fake-rsa", - fake_rsa_provider_init)) - || !TEST_ptr(p = OSSL_PROVIDER_try_load(libctx, "fake-rsa", 1))) + fake_rsa_provider_init)) + || !TEST_ptr(p = OSSL_PROVIDER_try_load(libctx, "fake-rsa", 1))) return NULL; return p; --- crypto/openssl/test/fake_rsaprov.h.orig +++ crypto/openssl/test/fake_rsaprov.h @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,4 +12,13 @@ /* Fake RSA provider implementation */ OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx); void fake_rsa_finish(OSSL_PROVIDER *p); + OSSL_PARAM *fake_rsa_key_params(int priv); + +/* + * When fake_rsa_query_operation_name is set to a non-zero value, + * query_operation_name() will return NULL. + * + * By default, it is 0, in which case query_operation_name() will return "RSA". + */ +extern unsigned fake_rsa_query_operation_name; --- crypto/openssl/test/fatalerrtest.c.orig +++ crypto/openssl/test/fatalerrtest.c @@ -29,8 +29,8 @@ }; if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_method(), TLS_method(), - TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto err; /* @@ -38,13 +38,13 @@ * to force a handshake failure. */ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA")) - || !TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) - || !TEST_true(SSL_CTX_set_ciphersuites(sctx, - "TLS_AES_128_GCM_SHA256")) - || !TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_256_GCM_SHA384")) - || !TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, - NULL))) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_128_GCM_SHA256")) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_256_GCM_SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, + NULL))) goto err; wbio = SSL_get_wbio(cssl); @@ -73,7 +73,7 @@ goto err; ret = 1; - err: +err: SSL_free(sssl); SSL_free(cssl); SSL_CTX_free(sctx); @@ -92,7 +92,7 @@ } if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1))) + || !TEST_ptr(privkey = test_get_argument(1))) return 0; ADD_TEST(test_fatalerr); --- crypto/openssl/test/ffc_internal_test.c.orig +++ crypto/openssl/test/ffc_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -181,14 +181,14 @@ ossl_ffc_params_init(¶ms); if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p, - sizeof(dsa_2048_224_sha256_p), NULL))) + sizeof(dsa_2048_224_sha256_p), NULL))) goto err; p1 = p; if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q, - sizeof(dsa_2048_224_sha256_q), NULL))) + sizeof(dsa_2048_224_sha256_q), NULL))) goto err; if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g, - sizeof(dsa_2048_224_sha256_g), NULL))) + sizeof(dsa_2048_224_sha256_g), NULL))) goto err; g1 = g; @@ -200,36 +200,36 @@ ossl_ffc_set_digest(¶ms, "SHA256", NULL); if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; ossl_ffc_params_set0_pqg(¶ms, p, q, g); g = NULL; if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* incorrect g */ BN_add_word(g1, 1); if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* fail if g < 2 */ BN_set_word(g1, 1); if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; BN_copy(g1, p1); /* Fail if g >= p */ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; ret = 1; @@ -249,12 +249,12 @@ ossl_ffc_params_init(¶ms); if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p, - sizeof(dsa_2048_224_sha224_p), - NULL))) + sizeof(dsa_2048_224_sha224_p), + NULL))) goto err; if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q, - sizeof(dsa_2048_224_sha224_q), - NULL))) + sizeof(dsa_2048_224_sha224_q), + NULL))) goto err; /* No p */ @@ -264,73 +264,72 @@ ossl_ffc_set_digest(¶ms, "SHA224", NULL); if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* Test valid case */ ossl_ffc_params_set0_pqg(¶ms, p, NULL, NULL); p = NULL; ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, - sizeof(dsa_2048_224_sha224_seed), - dsa_2048_224_sha224_counter); + sizeof(dsa_2048_224_sha224_seed), + dsa_2048_224_sha224_counter); if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* Bad counter - so p is not prime */ ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, - sizeof(dsa_2048_224_sha224_seed), - 1); + sizeof(dsa_2048_224_sha224_seed), + 1); if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* seedlen smaller than N */ ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, - sizeof(dsa_2048_224_sha224_seed)-1, - dsa_2048_224_sha224_counter); + sizeof(dsa_2048_224_sha224_seed) - 1, + dsa_2048_224_sha224_counter); if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; - /* Provided seed doesnt produce a valid prime q */ + /* Provided seed doesn't produce a valid prime q */ ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed, - sizeof(dsa_2048_224_sha224_bad_seed), - dsa_2048_224_sha224_counter); + sizeof(dsa_2048_224_sha224_bad_seed), + dsa_2048_224_sha224_counter); if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p, - sizeof(dsa_3072_256_sha512_p), NULL))) + sizeof(dsa_3072_256_sha512_p), NULL))) goto err; if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q, - sizeof(dsa_3072_256_sha512_q), - NULL))) + sizeof(dsa_3072_256_sha512_q), + NULL))) goto err; - ossl_ffc_params_set0_pqg(¶ms, p, q, NULL); - p = q = NULL; + p = q = NULL; ossl_ffc_set_digest(¶ms, "SHA512", NULL); ossl_ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed, - sizeof(dsa_3072_256_sha512_seed), - dsa_3072_256_sha512_counter); + sizeof(dsa_3072_256_sha512_seed), + dsa_3072_256_sha512_counter); /* Q doesn't div P-1 */ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* Bad L/N for FIPS DH */ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DH, - &res, NULL))) + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; ret = 1; @@ -350,12 +349,12 @@ ossl_ffc_params_init(¶ms); if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms, - FFC_PARAM_TYPE_DH, - 2048, 256, &res, NULL))) + FFC_PARAM_TYPE_DH, + 2048, 256, &res, NULL))) goto err; if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DH, - &res, NULL))) + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; ret = 1; @@ -372,12 +371,12 @@ ossl_ffc_params_init(¶ms); params.gindex = 1; if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms, - FFC_PARAM_TYPE_DH, - 2048, 256, &res, NULL))) + FFC_PARAM_TYPE_DH, + 2048, 256, &res, NULL))) goto err; if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DH, - &res, NULL))) + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4))) @@ -399,12 +398,12 @@ if (!TEST_ptr(bn = BN_new())) goto err; if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, ¶ms, - FFC_PARAM_TYPE_DH, - 1024, 160, &res, NULL))) + FFC_PARAM_TYPE_DH, + 1024, 160, &res, NULL))) goto err; if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DH, - &res, NULL))) + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; /* @@ -412,8 +411,8 @@ * fips 186-4 given the same seed value. So validation of q will fail. */ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL))) + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* As the params are randomly generated the error is one of the following */ if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME)) @@ -422,8 +421,9 @@ ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G); /* Partially valid g test will still pass */ if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, - FFC_PARAM_TYPE_DSA, - &res, NULL), 2)) + FFC_PARAM_TYPE_DSA, + &res, NULL), + 2)) goto err; if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4))) @@ -569,7 +569,7 @@ /* Pass if priv key >= 1 */ if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(), - &res))) + &res))) goto err; if (!TEST_ptr(BN_copy(priv, params->q))) @@ -644,8 +644,8 @@ goto err; /* N is ignored in this case */ if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0, - ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)), - priv))) + ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)), + priv))) goto err; if (!TEST_int_le(BN_num_bits(priv), 225)) goto err; --- crypto/openssl/test/filterprov.c.orig +++ crypto/openssl/test/filterprov.c @@ -19,7 +19,7 @@ #include "testutil.h" #include "filterprov.h" -#define MAX_FILTERS 10 +#define MAX_FILTERS 10 #define MAX_ALG_FILTERS 5 struct filter_prov_globals_st { @@ -68,7 +68,7 @@ } static int filter_get_capabilities(void *provctx, const char *capability, - OSSL_CALLBACK *cb, void *arg) + OSSL_CALLBACK *cb, void *arg) { struct filter_prov_globals_st *globs = get_globals(); @@ -76,8 +76,8 @@ } static const OSSL_ALGORITHM *filter_query(void *provctx, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { struct filter_prov_globals_st *globs = get_globals(); int i; @@ -95,7 +95,7 @@ } static void filter_unquery(void *provctx, int operation_id, - const OSSL_ALGORITHM *algs) + const OSSL_ALGORITHM *algs) { struct filter_prov_globals_st *globs = get_globals(); int i; @@ -132,9 +132,9 @@ }; int filter_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { memset(&ourglobals, 0, sizeof(ourglobals)); ourglobals.libctx = OSSL_LIB_CTX_new(); @@ -149,7 +149,7 @@ *out = filter_dispatch_table; return 1; - err: +err: OSSL_PROVIDER_unload(ourglobals.deflt); OSSL_LIB_CTX_free(ourglobals.libctx); return 0; @@ -170,8 +170,8 @@ char *filterstrtmp = OPENSSL_strdup(filterstr); char *name, *sep; const OSSL_ALGORITHM *provalgs = OSSL_PROVIDER_query_operation(globs->deflt, - operation, - &no_cache); + operation, + &no_cache); const OSSL_ALGORITHM *algs; if (filterstrtmp == NULL) @@ -220,7 +220,7 @@ globs->num_dispatch++; ret = 1; - err: +err: OSSL_PROVIDER_unquery_operation(globs->deflt, operation, provalgs); OPENSSL_free(filterstrtmp); return ret; --- crypto/openssl/test/fips_version_test.c.orig +++ crypto/openssl/test/fips_version_test.c @@ -26,7 +26,7 @@ static const OPTIONS test_options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, { "config", OPT_CONFIG_FILE, '<', - "The configuration file to use for the libctx" }, + "The configuration file to use for the libctx" }, { NULL } }; return test_options; @@ -53,7 +53,7 @@ config_file = opt_arg(); break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; --- crypto/openssl/test/gmdifftest.c.orig +++ crypto/openssl/test/gmdifftest.c @@ -50,11 +50,11 @@ static int test_gmtime(int offset) { return check_time(offset) - && check_time(-offset) - && check_time(offset * 1000L) - && check_time(-offset * 1000L) - && check_time(offset * 1000000L) - && check_time(-offset * 1000000L); + && check_time(-offset) + && check_time(offset * 1000L) + && check_time(-offset * 1000L) + && check_time(offset * 1000000L) + && check_time(-offset * 1000000L); } int setup_tests(void) --- crypto/openssl/test/helpers/cmp_testlib.c.orig +++ crypto/openssl/test/helpers/cmp_testlib.c @@ -75,7 +75,7 @@ } int print_to_bio_out(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) + OSSL_CMP_severity level, const char *msg) { return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg); } --- crypto/openssl/test/helpers/cmp_testlib.h.orig +++ crypto/openssl/test/helpers/cmp_testlib.h @@ -10,23 +10,23 @@ */ #ifndef OSSL_TEST_CMP_TESTLIB_H -# define OSSL_TEST_CMP_TESTLIB_H +#define OSSL_TEST_CMP_TESTLIB_H -# include -# include -# include +#include +#include +#include -# include "../../crypto/cmp/cmp_local.h" -# include "../testutil.h" +#include "../../crypto/cmp/cmp_local.h" +#include "../testutil.h" -# ifndef OPENSSL_NO_CMP -# define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */ +#ifndef OPENSSL_NO_CMP +#define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */ OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx); int valid_asn1_encoding(const OSSL_CMP_MSG *msg); int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2); int STACK_OF_X509_push1(STACK_OF(X509) *sk, X509 *cert); int print_to_bio_out(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg); -# endif + OSSL_CMP_severity level, const char *msg); +#endif #endif /* OSSL_TEST_CMP_TESTLIB_H */ --- crypto/openssl/test/helpers/handshake.c.orig +++ crypto/openssl/test/helpers/handshake.c @@ -80,8 +80,7 @@ static void info_cb(const SSL *s, int where, int ret) { if (where & SSL_CB_ALERT) { - HANDSHAKE_EX_DATA *ex_data = - (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + HANDSHAKE_EX_DATA *ex_data = (HANDSHAKE_EX_DATA *)(SSL_get_ex_data(s, ex_data_idx)); if (where & SSL_CB_WRITE) { ex_data->alert_sent = ret; if (strcmp(SSL_alert_type_string(ret), "F") == 0 @@ -102,8 +101,7 @@ static int select_server_ctx(SSL *s, void *arg, int ignore) { const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - HANDSHAKE_EX_DATA *ex_data = - (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + HANDSHAKE_EX_DATA *ex_data = (HANDSHAKE_EX_DATA *)(SSL_get_ex_data(s, ex_data_idx)); if (servername == NULL) { ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; @@ -111,7 +109,7 @@ } if (strcmp(servername, "server2") == 0) { - SSL_CTX *new_ctx = (SSL_CTX*)arg; + SSL_CTX *new_ctx = (SSL_CTX *)arg; SSL_set_SSL_CTX(s, new_ctx); /* * Copy over all the SSL_CTX options - reasonable behavior @@ -140,16 +138,15 @@ const char *servername; const unsigned char *p; size_t len, remaining; - HANDSHAKE_EX_DATA *ex_data = - (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + HANDSHAKE_EX_DATA *ex_data = (HANDSHAKE_EX_DATA *)(SSL_get_ex_data(s, ex_data_idx)); /* * The server_name extension was given too much extensibility when it * was written, so parsing the normal case is a bit complex. */ if (!SSL_client_hello_get0_ext(s, TLSEXT_TYPE_server_name, &p, - &remaining) || - remaining <= 2) + &remaining) + || remaining <= 2) return 0; /* Extract the length of the supplied list of names. */ len = (*(p++) << 8); @@ -187,8 +184,7 @@ ex_data->servername = SSL_TEST_SERVERNAME_SERVER2; return 1; - } else if (len == strlen("server1") && - strncmp(servername, "server1", len) == 0) { + } else if (len == strlen("server1") && strncmp(servername, "server1", len) == 0) { ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; return 1; } else if (ignore) { @@ -248,10 +244,7 @@ return SSL_CLIENT_HELLO_ERROR; } (void)SSL_client_hello_get0_session_id(s, &p); - if (p == NULL || - SSL_client_hello_get0_random(s, &p) == 0 || - SSL_client_hello_get0_ciphers(s, &p) == 0 || - SSL_client_hello_get0_compression_methods(s, &p) == 0) { + if (p == NULL || SSL_client_hello_get0_random(s, &p) == 0 || SSL_client_hello_get0_ciphers(s, &p) == 0 || SSL_client_hello_get0_compression_methods(s, &p) == 0) { *al = SSL_AD_INTERNAL_ERROR; return SSL_CLIENT_HELLO_ERROR; } @@ -298,13 +291,15 @@ return 1; } -static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) { +static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) +{ X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); return 0; } static int n_retries = 0; -static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg) { +static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg) +{ int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); SSL *ssl; @@ -319,24 +314,24 @@ return SSL_set_retry_verify(ssl); } -static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) { +static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) +{ return 1; } static int broken_session_ticket_cb(SSL *s, unsigned char *key_name, - unsigned char *iv, EVP_CIPHER_CTX *ctx, - EVP_MAC_CTX *hctx, int enc) + unsigned char *iv, EVP_CIPHER_CTX *ctx, + EVP_MAC_CTX *hctx, int enc) { return 0; } static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name, - unsigned char *iv, - EVP_CIPHER_CTX *ctx, - EVP_MAC_CTX *hctx, int enc) + unsigned char *iv, + EVP_CIPHER_CTX *ctx, + EVP_MAC_CTX *hctx, int enc) { - HANDSHAKE_EX_DATA *ex_data = - (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + HANDSHAKE_EX_DATA *ex_data = (HANDSHAKE_EX_DATA *)(SSL_get_ex_data(s, ex_data_idx)); ex_data->session_ticket_do_not_call = 1; return 0; } @@ -356,8 +351,8 @@ /* Should never have reuse. */ if (!TEST_ptr_null(*out) - /* Test values are small, so we omit length limit checks. */ - || !TEST_ptr(*out = OPENSSL_malloc(len + 1))) + /* Test values are small, so we omit length limit checks. */ + || !TEST_ptr(*out = OPENSSL_malloc(len + 1))) return 0; *outlen = len + 1; @@ -397,24 +392,25 @@ * protocol that it supports. */ static int client_npn_cb(SSL *s, unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - void *arg) + const unsigned char *in, unsigned int inlen, + void *arg) { - CTX_DATA *ctx_data = (CTX_DATA*)(arg); + CTX_DATA *ctx_data = (CTX_DATA *)(arg); int ret; ret = SSL_select_next_proto(out, outlen, in, inlen, - ctx_data->npn_protocols, - ctx_data->npn_protocols_len); + ctx_data->npn_protocols, + ctx_data->npn_protocols_len); /* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */ return TEST_true(ret == OPENSSL_NPN_NEGOTIATED || ret == OPENSSL_NPN_NO_OVERLAP) - ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_ALERT_FATAL; + ? SSL_TLSEXT_ERR_OK + : SSL_TLSEXT_ERR_ALERT_FATAL; } static int server_npn_cb(SSL *s, const unsigned char **data, - unsigned int *len, void *arg) + unsigned int *len, void *arg) { - CTX_DATA *ctx_data = (CTX_DATA*)(arg); + CTX_DATA *ctx_data = (CTX_DATA *)(arg); *data = ctx_data->npn_protocols; *len = ctx_data->npn_protocols_len; return SSL_TLSEXT_ERR_OK; @@ -428,10 +424,10 @@ * respond with a fatal "no_application_protocol" alert. */ static int server_alpn_cb(SSL *s, const unsigned char **out, - unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg) + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) { - CTX_DATA *ctx_data = (CTX_DATA*)(arg); + CTX_DATA *ctx_data = (CTX_DATA *)(arg); int ret; /* SSL_select_next_proto isn't const-correct... */ @@ -443,13 +439,13 @@ * so we can return directly without storing a copy. */ ret = SSL_select_next_proto(&tmp_out, outlen, - ctx_data->alpn_protocols, - ctx_data->alpn_protocols_len, in, inlen); + ctx_data->alpn_protocols, + ctx_data->alpn_protocols_len, in, inlen); *out = tmp_out; /* Unlike NPN, we don't tolerate a mismatch. */ return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK - : SSL_TLSEXT_ERR_ALERT_FATAL; + : SSL_TLSEXT_ERR_ALERT_FATAL; } static int generate_session_ticket_cb(SSL *s, void *arg) @@ -465,10 +461,10 @@ } static int decrypt_session_ticket_cb(SSL *s, SSL_SESSION *ss, - const unsigned char *keyname, - size_t keyname_len, - SSL_TICKET_STATUS status, - void *arg) + const unsigned char *keyname, + size_t keyname_len, + SSL_TICKET_STATUS status, + void *arg) { switch (status) { case SSL_TICKET_EMPTY: @@ -489,27 +485,29 @@ * in the server/client CONF. */ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, - SSL_CTX *client_ctx, - const SSL_TEST_CTX *test, - const SSL_TEST_EXTRA_CONF *extra, - CTX_DATA *server_ctx_data, - CTX_DATA *server2_ctx_data, - CTX_DATA *client_ctx_data) + SSL_CTX *client_ctx, + const SSL_TEST_CTX *test, + const SSL_TEST_EXTRA_CONF *extra, + CTX_DATA *server_ctx_data, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data) { unsigned char *ticket_keys; size_t ticket_key_len; if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(server_ctx, - test->max_fragment_size), 1)) + test->max_fragment_size), + 1)) goto err; if (server2_ctx != NULL) { if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(server2_ctx, - test->max_fragment_size), - 1)) + test->max_fragment_size), + 1)) goto err; } if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(client_ctx, - test->max_fragment_size), 1)) + test->max_fragment_size), + 1)) goto err; switch (extra->client.verify_callback) { @@ -534,7 +532,7 @@ case TLSEXT_max_fragment_length_4096: case TLSEXT_max_fragment_length_DISABLED: SSL_CTX_set_tlsext_max_fragment_length( - client_ctx, extra->client.max_fragment_len_mode); + client_ctx, extra->client.max_fragment_len_mode); break; } @@ -571,7 +569,8 @@ SSL_CTX_set_tlsext_status_cb(server_ctx, server_ocsp_cb); SSL_CTX_set_tlsext_status_arg(server_ctx, ((extra->server.cert_status == SSL_TEST_CERT_STATUS_GOOD_RESPONSE) - ? &dummy_ocsp_resp_good_val : &dummy_ocsp_resp_bad_val)); + ? &dummy_ocsp_resp_good_val + : &dummy_ocsp_resp_bad_val)); } /* @@ -581,82 +580,80 @@ */ if (server2_ctx != NULL) SSL_CTX_set_tlsext_ticket_key_evp_cb(server2_ctx, - do_not_call_session_ticket_cb); + do_not_call_session_ticket_cb); if (extra->server.broken_session_ticket) { SSL_CTX_set_tlsext_ticket_key_evp_cb(server_ctx, - broken_session_ticket_cb); + broken_session_ticket_cb); } #ifndef OPENSSL_NO_NEXTPROTONEG if (extra->server.npn_protocols != NULL) { if (!TEST_true(parse_protos(extra->server.npn_protocols, - &server_ctx_data->npn_protocols, - &server_ctx_data->npn_protocols_len))) + &server_ctx_data->npn_protocols, + &server_ctx_data->npn_protocols_len))) goto err; SSL_CTX_set_npn_advertised_cb(server_ctx, server_npn_cb, - server_ctx_data); + server_ctx_data); } if (extra->server2.npn_protocols != NULL) { if (!TEST_true(parse_protos(extra->server2.npn_protocols, - &server2_ctx_data->npn_protocols, - &server2_ctx_data->npn_protocols_len)) - || !TEST_ptr(server2_ctx)) + &server2_ctx_data->npn_protocols, + &server2_ctx_data->npn_protocols_len)) + || !TEST_ptr(server2_ctx)) goto err; SSL_CTX_set_npn_advertised_cb(server2_ctx, server_npn_cb, - server2_ctx_data); + server2_ctx_data); } if (extra->client.npn_protocols != NULL) { if (!TEST_true(parse_protos(extra->client.npn_protocols, - &client_ctx_data->npn_protocols, - &client_ctx_data->npn_protocols_len))) + &client_ctx_data->npn_protocols, + &client_ctx_data->npn_protocols_len))) goto err; SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb, - client_ctx_data); + client_ctx_data); } #endif if (extra->server.alpn_protocols != NULL) { if (!TEST_true(parse_protos(extra->server.alpn_protocols, - &server_ctx_data->alpn_protocols, - &server_ctx_data->alpn_protocols_len))) + &server_ctx_data->alpn_protocols, + &server_ctx_data->alpn_protocols_len))) goto err; SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data); } if (extra->server2.alpn_protocols != NULL) { if (!TEST_ptr(server2_ctx) - || !TEST_true(parse_protos(extra->server2.alpn_protocols, - &server2_ctx_data->alpn_protocols, - &server2_ctx_data->alpn_protocols_len - ))) + || !TEST_true(parse_protos(extra->server2.alpn_protocols, + &server2_ctx_data->alpn_protocols, + &server2_ctx_data->alpn_protocols_len))) goto err; SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, - server2_ctx_data); + server2_ctx_data); } if (extra->client.alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; size_t alpn_protos_len = 0; if (!TEST_true(parse_protos(extra->client.alpn_protocols, - &alpn_protos, &alpn_protos_len)) - /* Reversed return value convention... */ - || !TEST_int_eq(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, - alpn_protos_len), 0)) + &alpn_protos, &alpn_protos_len)) + /* Reversed return value convention... */ + || !TEST_int_eq(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, + alpn_protos_len), + 0)) goto err; OPENSSL_free(alpn_protos); } if (extra->server.session_ticket_app_data != NULL) { - server_ctx_data->session_ticket_app_data = - OPENSSL_strdup(extra->server.session_ticket_app_data); + server_ctx_data->session_ticket_app_data = OPENSSL_strdup(extra->server.session_ticket_app_data); SSL_CTX_set_session_ticket_cb(server_ctx, generate_session_ticket_cb, - decrypt_session_ticket_cb, server_ctx_data); + decrypt_session_ticket_cb, server_ctx_data); } if (extra->server2.session_ticket_app_data != NULL) { if (!TEST_ptr(server2_ctx)) goto err; - server2_ctx_data->session_ticket_app_data = - OPENSSL_strdup(extra->server2.session_ticket_app_data); + server2_ctx_data->session_ticket_app_data = OPENSSL_strdup(extra->server2.session_ticket_app_data); SSL_CTX_set_session_ticket_cb(server2_ctx, NULL, - decrypt_session_ticket_cb, server2_ctx_data); + decrypt_session_ticket_cb, server2_ctx_data); } /* @@ -665,9 +662,10 @@ */ ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0); if (!TEST_ptr(ticket_keys = OPENSSL_zalloc(ticket_key_len)) - || !TEST_int_eq(SSL_CTX_set_tlsext_ticket_keys(server_ctx, - ticket_keys, - ticket_key_len), 1)) { + || !TEST_int_eq(SSL_CTX_set_tlsext_ticket_keys(server_ctx, + ticket_keys, + ticket_key_len), + 1)) { OPENSSL_free(ticket_keys); goto err; } @@ -680,7 +678,7 @@ switch (extra->client.ct_validation) { case SSL_TEST_CT_VALIDATION_PERMISSIVE: if (!TEST_true(SSL_CTX_enable_ct(client_ctx, - SSL_CT_VALIDATION_PERMISSIVE))) + SSL_CT_VALIDATION_PERMISSIVE))) goto err; break; case SSL_TEST_CT_VALIDATION_STRICT: @@ -693,10 +691,10 @@ #endif #ifndef OPENSSL_NO_SRP if (!configure_handshake_ctx_for_srp(server_ctx, server2_ctx, client_ctx, - extra, server_ctx_data, - server2_ctx_data, client_ctx_data)) + extra, server_ctx_data, + server2_ctx_data, client_ctx_data)) goto err; -#endif /* !OPENSSL_NO_SRP */ +#endif /* !OPENSSL_NO_SRP */ return 1; err: return 0; @@ -704,11 +702,11 @@ /* Configure per-SSL callbacks and other properties. */ static void configure_handshake_ssl(SSL *server, SSL *client, - const SSL_TEST_EXTRA_CONF *extra) + const SSL_TEST_EXTRA_CONF *extra) { if (extra->client.servername != SSL_TEST_SERVERNAME_NONE) SSL_set_tlsext_host_name(client, - ssl_servername_name(extra->client.servername)); + ssl_servername_name(extra->client.servername)); if (extra->client.enable_pha) SSL_set_post_handshake_auth(client, 1); } @@ -742,8 +740,8 @@ unsigned char *read_buf = NULL, *write_buf = NULL; if (!TEST_ptr(ssl = SSL_new(ctx)) - || !TEST_ptr(write_buf = OPENSSL_zalloc(peer_buffer_size)) - || !TEST_ptr(read_buf = OPENSSL_zalloc(peer_buffer_size))) + || !TEST_ptr(write_buf = OPENSSL_zalloc(peer_buffer_size)) + || !TEST_ptr(read_buf = OPENSSL_zalloc(peer_buffer_size))) goto err; peer->ssl = ssl; @@ -785,7 +783,7 @@ /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */ if (error != SSL_ERROR_WANT_READ - && error != SSL_ERROR_WANT_RETRY_VERIFY) + && error != SSL_ERROR_WANT_RETRY_VERIFY) peer->status = PEER_ERROR; } } @@ -831,8 +829,7 @@ } /* ... but we only write one write-buffer-full of data. */ - write_bytes = peer->bytes_to_write < peer->write_buf_len ? peer->bytes_to_write : - peer->write_buf_len; + write_bytes = peer->bytes_to_write < peer->write_buf_len ? peer->bytes_to_write : peer->write_buf_len; if (write_bytes) { ret = SSL_write(peer->ssl, peer->write_buf, write_bytes); if (ret > 0) { @@ -880,16 +877,16 @@ } if (!TEST_int_eq(peer->status, PEER_RETRY) - || !TEST_true(test_ctx->handshake_mode - == SSL_TEST_HANDSHAKE_RENEG_SERVER - || test_ctx->handshake_mode - == SSL_TEST_HANDSHAKE_RENEG_CLIENT - || test_ctx->handshake_mode - == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER - || test_ctx->handshake_mode - == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT - || test_ctx->handshake_mode - == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH)) { + || !TEST_true(test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_RENEG_SERVER + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_RENEG_CLIENT + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH)) { peer->status = PEER_TEST_FAILURE; return; } @@ -899,9 +896,9 @@ /* Check if we are the peer that is going to initiate */ if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER - && SSL_is_server(peer->ssl)) - || (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT - && !SSL_is_server(peer->ssl))) { + && SSL_is_server(peer->ssl)) + || (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT + && !SSL_is_server(peer->ssl))) { /* * If we already asked for a renegotiation then fall through to the * SSL_read() below. @@ -923,7 +920,7 @@ } if (test_ctx->extra.client.reneg_ciphers != NULL) { if (!SSL_set_cipher_list(peer->ssl, - test_ctx->extra.client.reneg_ciphers)) { + test_ctx->extra.client.reneg_ciphers)) { peer->status = PEER_ERROR; return; } @@ -956,11 +953,11 @@ return; } } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER - || test_ctx->handshake_mode - == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT) { + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT) { if (SSL_is_server(peer->ssl) - != (test_ctx->handshake_mode - == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)) { + != (test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)) { peer->status = PEER_SUCCESS; return; } @@ -1026,7 +1023,6 @@ peer->status = PEER_SUCCESS; } - /* * RFC 5246 says: * @@ -1072,7 +1068,6 @@ CONNECTION_DONE } connect_phase_t; - static int renegotiate_op(const SSL_TEST_CTX *test_ctx) { switch (test_ctx->handshake_mode) { @@ -1096,7 +1091,7 @@ } static connect_phase_t next_phase(const SSL_TEST_CTX *test_ctx, - connect_phase_t phase) + connect_phase_t phase) { switch (phase) { case HANDSHAKE: @@ -1123,7 +1118,7 @@ } static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, - connect_phase_t phase) + connect_phase_t phase) { switch (phase) { case HANDSHAKE: @@ -1170,8 +1165,8 @@ * client_spoke_last: 1 if the client went last. */ static handshake_status_t handshake_status(peer_status_t last_status, - peer_status_t previous_status, - int client_spoke_last) + peer_status_t previous_status, + int client_spoke_last) { switch (last_status) { case PEER_TEST_FAILURE: @@ -1235,8 +1230,8 @@ return NULL; /* Assert that the string does not contain NUL-bytes. */ - if (TEST_size_t_eq(OPENSSL_strnlen((const char*)(in), len), len)) - TEST_ptr(ret = OPENSSL_strndup((const char*)(in), len)); + if (TEST_size_t_eq(OPENSSL_strnlen((const char *)(in), len), len)) + TEST_ptr(ret = OPENSSL_strndup((const char *)(in), len)); return ret; } @@ -1278,12 +1273,12 @@ rto_info.srto_max = 200; rto_info.srto_min = 50; (void)setsockopt(sock, IPPROTO_SCTP, SCTP_RTOINFO, - (const void *)&rto_info, sizeof(struct sctp_rtoinfo)); + (const void *)&rto_info, sizeof(struct sctp_rtoinfo)); memset(&assocparams, 0, sizeof(struct sctp_assocparams)); assocparams.sasoc_asocmaxrxt = 2; (void)setsockopt(sock, IPPROTO_SCTP, SCTP_ASSOCINFO, - (const void *)&assocparams, - sizeof(struct sctp_assocparams)); + (const void *)&assocparams, + sizeof(struct sctp_assocparams)); /* * For SCTP we have to set various options on the socket prior to @@ -1318,7 +1313,7 @@ * worry about it here. */ if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_SERVER, family, SOCK_STREAM, - IPPROTO_SCTP, &res)) + IPPROTO_SCTP, &res)) return 0; for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { @@ -1332,8 +1327,8 @@ } if (!set_sock_as_sctp(lsock) - || !BIO_listen(lsock, BIO_ADDRINFO_address(ai), - BIO_SOCK_REUSEADDR)) { + || !BIO_listen(lsock, BIO_ADDRINFO_address(ai), + BIO_SOCK_REUSEADDR)) { BIO_closesocket(lsock); lsock = INVALID_SOCKET; continue; @@ -1350,7 +1345,7 @@ res = NULL; if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_CLIENT, family, SOCK_STREAM, - IPPROTO_SCTP, &res)) + IPPROTO_SCTP, &res)) goto err; consock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0); @@ -1358,8 +1353,8 @@ goto err; if (!set_sock_as_sctp(consock) - || !BIO_connect(consock, BIO_ADDRINFO_address(res), 0) - || !BIO_socket_nbio(consock, 1)) + || !BIO_connect(consock, BIO_ADDRINFO_address(res), 0) + || !BIO_socket_nbio(consock, 1)) goto err; asock = BIO_accept_ex(lsock, NULL, BIO_SOCK_NONBLOCK); @@ -1371,7 +1366,7 @@ consock = asock = INVALID_SOCKET; ret = 1; - err: +err: BIO_ADDRINFO_free(res); if (consock != INVALID_SOCKET) BIO_closesocket(consock); @@ -1410,18 +1405,18 @@ int client_turn = 1, client_turn_count = 0, client_wait_count = 0; connect_phase_t phase = HANDSHAKE; handshake_status_t status = HANDSHAKE_RETRY; - const unsigned char* tick = NULL; + const unsigned char *tick = NULL; size_t tick_len = 0; - const unsigned char* sess_id = NULL; + const unsigned char *sess_id = NULL; unsigned int sess_id_len = 0; - SSL_SESSION* sess = NULL; + SSL_SESSION *sess = NULL; const unsigned char *proto = NULL; /* API dictates unsigned int rather than size_t. */ unsigned int proto_len = 0; EVP_PKEY *tmp_key; const STACK_OF(X509_NAME) *names; time_t start; - const char* cipher; + const char *cipher; if (ret == NULL) return NULL; @@ -1435,8 +1430,8 @@ memset(&client_ex_data, 0, sizeof(client_ex_data)); if (!configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, - test_ctx, extra, &server_ctx_data, - &server2_ctx_data, &client_ctx_data)) { + test_ctx, extra, &server_ctx_data, + &server2_ctx_data, &client_ctx_data)) { TEST_note("configure_handshake_ctx"); HANDSHAKE_RESULT_free(ret); return NULL; @@ -1467,9 +1462,9 @@ SSL_SESSION_get_id(serv_sess_in, &sess_id_len); /* In case we're testing resumption without tickets. */ if ((sess_id_len > 0 - && !TEST_true(SSL_CTX_add_session(server_ctx, - serv_sess_in))) - || !TEST_true(SSL_set_session(client.ssl, session_in))) + && !TEST_true(SSL_CTX_add_session(server_ctx, + serv_sess_in))) + || !TEST_true(SSL_set_session(client.ssl, session_in))) goto err; sess_id_len = 0; } @@ -1491,7 +1486,7 @@ } if (!TEST_ptr(client_to_server) - || !TEST_ptr(server_to_client)) + || !TEST_ptr(server_to_client)) goto err; /* Non-blocking bio. */ @@ -1508,15 +1503,15 @@ } else { SSL_set_bio(client.ssl, server_to_client, client_to_server); if (!TEST_int_gt(BIO_up_ref(server_to_client), 0) - || !TEST_int_gt(BIO_up_ref(client_to_server), 0)) + || !TEST_int_gt(BIO_up_ref(client_to_server), 0)) goto err; SSL_set_bio(server.ssl, client_to_server, server_to_client); } ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL); if (!TEST_int_ge(ex_data_idx, 0) - || !TEST_int_eq(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data), 1) - || !TEST_int_eq(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data), 1)) + || !TEST_int_eq(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data), 1) + || !TEST_int_eq(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data), 1)) goto err; SSL_set_info_callback(server.ssl, &info_cb); @@ -1535,17 +1530,17 @@ * The handshake succeeds once both peers have succeeded. If one peer * errors out, we also let the other peer retry (and presumably fail). */ - for(;;) { + for (;;) { if (client_turn) { do_connect_step(test_ctx, &client, phase); status = handshake_status(client.status, server.status, - 1 /* client went last */); + 1 /* client went last */); if (server.status == PEER_WAITING) server.status = PEER_RETRY; } else { do_connect_step(test_ctx, &server, phase); status = handshake_status(server.status, client.status, - 0 /* server went last */); + 0 /* server went last */); } switch (status) { @@ -1590,7 +1585,7 @@ * same endpoint again. */ if ((client_turn && server.status == PEER_RETRY) - || (!client_turn && client.status == PEER_RETRY)) + || (!client_turn && client.status == PEER_RETRY)) client_turn ^= 1; } else { if (client_turn_count++ >= 2000) { @@ -1619,7 +1614,7 @@ break; } } - err: +err: ret->server_alert_sent = server_ex_data.alert_sent; ret->server_num_fatal_alerts_sent = server_ex_data.num_fatal_alerts_sent; ret->server_alert_received = client_ex_data.alert_received; @@ -1638,8 +1633,8 @@ else ret->session_ticket = SSL_TEST_SESSION_TICKET_YES; ret->compression = (SSL_get_current_compression(client.ssl) == NULL) - ? SSL_TEST_COMPRESSION_NO - : SSL_TEST_COMPRESSION_YES; + ? SSL_TEST_COMPRESSION_NO + : SSL_TEST_COMPRESSION_YES; if (sess_id == NULL || sess_id_len == 0) ret->session_id = SSL_TEST_SESSION_ID_NO; else @@ -1647,7 +1642,7 @@ ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call; if (extra->client.verify_callback == SSL_TEST_VERIFY_RETRY_ONCE - && n_retries != -1) + && n_retries != -1) ret->result = SSL_TEST_SERVER_FAIL; #ifndef OPENSSL_NO_NEXTPROTONEG @@ -1665,15 +1660,15 @@ ret->server_alpn_negotiated = dup_str(proto, proto_len); if ((sess = SSL_get0_session(server.ssl)) != NULL) { - SSL_SESSION_get0_ticket_appdata(sess, (void**)&tick, &tick_len); - ret->result_session_ticket_app_data = OPENSSL_strndup((const char*)tick, tick_len); + SSL_SESSION_get0_ticket_appdata(sess, (void **)&tick, &tick_len); + ret->result_session_ticket_app_data = OPENSSL_strndup((const char *)tick, tick_len); } ret->client_resumed = SSL_session_reused(client.ssl); ret->server_resumed = SSL_session_reused(server.ssl); cipher = SSL_CIPHER_get_name(SSL_get_current_cipher(client.ssl)); - ret->cipher = dup_str((const unsigned char*)cipher, strlen(cipher)); + ret->cipher = dup_str((const unsigned char *)cipher, strlen(cipher)); if (session_out != NULL) *session_out = SSL_get1_session(client.ssl); @@ -1724,19 +1719,19 @@ } HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, - SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, - SSL_CTX *resume_client_ctx, - const SSL_TEST_CTX *test_ctx) + SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, + SSL_CTX *resume_client_ctx, + const SSL_TEST_CTX *test_ctx) { HANDSHAKE_RESULT *result; SSL_SESSION *session = NULL, *serv_sess = NULL; result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, - test_ctx, &test_ctx->extra, - NULL, NULL, &session, &serv_sess); + test_ctx, &test_ctx->extra, + NULL, NULL, &session, &serv_sess); if (result == NULL - || test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME - || result->result == SSL_TEST_INTERNAL_ERROR) + || test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME + || result->result == SSL_TEST_INTERNAL_ERROR) goto end; if (result->result != SSL_TEST_SUCCESS) { @@ -1747,9 +1742,9 @@ HANDSHAKE_RESULT_free(result); /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, - test_ctx, &test_ctx->resume_extra, - session, serv_sess, NULL, NULL); - end: + test_ctx, &test_ctx->resume_extra, + session, serv_sess, NULL, NULL); +end: SSL_SESSION_free(session); SSL_SESSION_free(serv_sess); return result; --- crypto/openssl/test/helpers/handshake.h.orig +++ crypto/openssl/test/helpers/handshake.h @@ -84,15 +84,15 @@ /* Do a handshake and report some information about the result. */ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, - SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, - SSL_CTX *resume_client_ctx, - const SSL_TEST_CTX *test_ctx); + SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, + SSL_CTX *resume_client_ctx, + const SSL_TEST_CTX *test_ctx); int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, - SSL_CTX *client_ctx, - const SSL_TEST_EXTRA_CONF *extra, - CTX_DATA *server_ctx_data, - CTX_DATA *server2_ctx_data, - CTX_DATA *client_ctx_data); + SSL_CTX *client_ctx, + const SSL_TEST_EXTRA_CONF *extra, + CTX_DATA *server_ctx_data, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data); -#endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ +#endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ --- crypto/openssl/test/helpers/handshake_srp.c.orig +++ crypto/openssl/test/helpers/handshake_srp.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ /* - * SRP is deprecated and there is no replacent. When SRP is removed, the code in + * SRP is deprecated and there is no replacement. When SRP is removed, the code in * this file can be removed too. Until then we have to use the deprecated APIs. */ #define OPENSSL_SUPPRESS_DEPRECATED @@ -20,18 +20,19 @@ static char *client_srp_cb(SSL *s, void *arg) { - CTX_DATA *ctx_data = (CTX_DATA*)(arg); + CTX_DATA *ctx_data = (CTX_DATA *)(arg); return OPENSSL_strdup(ctx_data->srp_password); } static int server_srp_cb(SSL *s, int *ad, void *arg) { - CTX_DATA *ctx_data = (CTX_DATA*)(arg); + CTX_DATA *ctx_data = (CTX_DATA *)(arg); if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0) return SSL3_AL_FATAL; if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user, - ctx_data->srp_password, - "2048" /* known group */) < 0) { + ctx_data->srp_password, + "2048" /* known group */) + < 0) { *ad = SSL_AD_INTERNAL_ERROR; return SSL3_AL_FATAL; } @@ -39,11 +40,11 @@ } int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, - SSL_CTX *client_ctx, - const SSL_TEST_EXTRA_CONF *extra, - CTX_DATA *server_ctx_data, - CTX_DATA *server2_ctx_data, - CTX_DATA *client_ctx_data) + SSL_CTX *client_ctx, + const SSL_TEST_EXTRA_CONF *extra, + CTX_DATA *server_ctx_data, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data) { if (extra->server.srp_user != NULL) { SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb); @@ -75,7 +76,7 @@ } if (extra->client.srp_user != NULL) { if (!TEST_true(SSL_CTX_set_srp_username(client_ctx, - extra->client.srp_user))) + extra->client.srp_user))) return 0; SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb); client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password); --- crypto/openssl/test/helpers/pkcs12.c.orig +++ crypto/openssl/test/helpers/pkcs12.c @@ -44,7 +44,6 @@ static int check_asn1_string(const ASN1_TYPE *av, const char *txt); static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_ATTR *attrs); - /* -------------------------------------------------------------------------- * Global settings */ @@ -69,7 +68,6 @@ test_propq = propq; } - /* -------------------------------------------------------------------------- * Test data load functions */ @@ -119,13 +117,11 @@ return result; } - void start_pkcs12(PKCS12_BUILDER *pb) { pb->safes = NULL; } - void end_pkcs12(PKCS12_BUILDER *pb) { if (!pb->success) @@ -133,7 +129,6 @@ generate_p12(pb, NULL); } - void end_pkcs12_with_mac(PKCS12_BUILDER *pb, const PKCS12_ENC *mac) { if (!pb->success) @@ -141,7 +136,6 @@ generate_p12(pb, mac); } - /* Generate the PKCS12 encoding and write to memory bio */ static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac) { @@ -173,7 +167,7 @@ md = EVP_MD_fetch(test_ctx, OBJ_nid2sn(mac->nid), test_propq); if (!TEST_true(PKCS12_set_mac(p12, mac->pass, strlen(mac->pass), - NULL, 0, mac->iter, md))) { + NULL, 0, mac->iter, md))) { pb->success = 0; goto err; } @@ -189,7 +183,6 @@ PKCS12_free(p12); } - static int write_p12(PKCS12 *p12, const char *outfile) { int ret = 0; @@ -233,7 +226,6 @@ return NULL; } - /* For use with existing files */ static PKCS12 *read_p12(const char *infile, const PKCS12_ENC *mac) { @@ -265,7 +257,6 @@ && TEST_true(PKCS12_verify_mac(p12, mac->pass, strlen(mac->pass))); } - /* ------------------------------------------------------------------------- * PKCS7 content info builder */ @@ -275,7 +266,6 @@ pb->bags = NULL; } - void end_contentinfo(PKCS12_BUILDER *pb) { if (pb->success && pb->bags != NULL) { @@ -286,18 +276,17 @@ pb->bags = NULL; } - void end_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc) { if (pb->success && pb->bags != NULL) { if (legacy) { if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, enc->nid, - enc->iter, enc->pass))) + enc->iter, enc->pass))) pb->success = 0; } else { if (!TEST_true(PKCS12_add_safe_ex(&pb->safes, pb->bags, enc->nid, - enc->iter, enc->pass, test_ctx, - test_propq))) + enc->iter, enc->pass, test_ctx, + test_propq))) pb->success = 0; } } @@ -305,7 +294,6 @@ pb->bags = NULL; } - static STACK_OF(PKCS12_SAFEBAG) *decode_contentinfo(STACK_OF(PKCS7) *safes, int idx, const PKCS12_ENC *enc) { STACK_OF(PKCS12_SAFEBAG) *bags = NULL; @@ -333,7 +321,6 @@ return NULL; } - /* ------------------------------------------------------------------------- * PKCS12 safeBag/attribute builder */ @@ -356,13 +343,13 @@ goto err; } else if (attr_nid == NID_localKeyID) { if (!TEST_true(PKCS12_add_localkeyid(bag, (unsigned char *)p_attr->value, - strlen(p_attr->value)))) + strlen(p_attr->value)))) goto err; } else { /* Custom attribute values limited to ASCII in these tests */ if (!TEST_true(PKCS12_add1_attr_by_txt(bag, p_attr->oid, MBSTRING_ASC, - (unsigned char *)p_attr->value, - strlen(p_attr->value)))) + (unsigned char *)p_attr->value, + strlen(p_attr->value)))) goto err; } p_attr++; @@ -373,7 +360,7 @@ } void add_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, - const PKCS12_ATTR *attrs) + const PKCS12_ATTR *attrs) { PKCS12_SAFEBAG *bag = NULL; X509 *cert = NULL; @@ -407,7 +394,7 @@ } void add_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, - const PKCS12_ATTR *attrs, const PKCS12_ENC *enc) + const PKCS12_ATTR *attrs, const PKCS12_ENC *enc) { PKCS12_SAFEBAG *bag = NULL; EVP_PKEY *pkey = NULL; @@ -427,7 +414,7 @@ bag = PKCS12_add_key(&pb->bags, pkey, 0 /*keytype*/, enc->iter, enc->nid, enc->pass); else bag = PKCS12_add_key_ex(&pb->bags, pkey, 0 /*keytype*/, enc->iter, enc->nid, enc->pass, - test_ctx, test_propq); + test_ctx, test_propq); if (!TEST_ptr(bag)) { pb->success = 0; goto err; @@ -439,7 +426,7 @@ } void add_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, - const PKCS12_ATTR *attrs) + const PKCS12_ATTR *attrs) { PKCS12_SAFEBAG *bag = NULL; @@ -457,7 +444,6 @@ pb->success = 0; } - /* ------------------------------------------------------------------------- * PKCS12 structure checking */ @@ -473,21 +459,21 @@ switch (av->type) { case V_ASN1_BMPSTRING: value = OPENSSL_uni2asc(av->value.bmpstring->data, - av->value.bmpstring->length); + av->value.bmpstring->length); if (!TEST_str_eq(txt, (char *)value)) goto err; break; case V_ASN1_UTF8STRING: if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data, - av->value.utf8string->length)) + av->value.utf8string->length)) goto err; break; case V_ASN1_OCTET_STRING: if (!TEST_mem_eq(txt, strlen(txt), - (char *)av->value.octet_string->data, - av->value.octet_string->length)) + (char *)av->value.octet_string->data, + av->value.octet_string->length)) goto err; break; @@ -517,14 +503,13 @@ attr_obj = X509_ATTRIBUTE_get0_object(attr); OBJ_obj2txt(attr_txt, 100, attr_obj, 0); - while(p_attr->oid != NULL) { + while (p_attr->oid != NULL) { /* Find a matching attribute type */ if (strcmp(p_attr->oid, attr_txt) == 0) { if (!TEST_int_eq(X509_ATTRIBUTE_count(attr), 1)) goto err; - for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) - { + for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) { av = X509_ATTRIBUTE_get0_type(attr, j); if (!TEST_true(check_asn1_string(av, p_attr->value))) goto err; @@ -540,7 +525,7 @@ } void check_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, - const PKCS12_ATTR *attrs) + const PKCS12_ATTR *attrs) { X509 *x509 = NULL; X509 *ref_x509 = NULL; @@ -565,6 +550,11 @@ pb->success = 0; goto err; } + if (!TEST_ptr_null(PKCS12_SAFEBAG_get0_bag_obj(bag))) { + pb->success = 0; + goto err; + } + ref_x509 = load_cert_asn1(bytes, len); if (!TEST_false(X509_cmp(x509, ref_x509))) pb->success = 0; @@ -574,7 +564,7 @@ } void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, - const PKCS12_ATTR *attrs, const PKCS12_ENC *enc) + const PKCS12_ATTR *attrs, const PKCS12_ENC *enc) { EVP_PKEY *pkey = NULL; EVP_PKEY *ref_pkey = NULL; @@ -626,6 +616,10 @@ pb->success = 0; goto err; } + if (!TEST_ptr_null(PKCS12_SAFEBAG_get0_bag_type(bag))) { + pb->success = 0; + goto err; + } /* PKEY compare returns 1 for match */ ref_pkey = load_pkey_asn1(bytes, len); @@ -656,7 +650,6 @@ pb->success = 0; } - void start_check_pkcs12(PKCS12_BUILDER *pb) { PKCS12 *p12; @@ -745,7 +738,6 @@ sk_PKCS7_pop_free(pb->safes, PKCS7_free); } - void start_check_contentinfo(PKCS12_BUILDER *pb) { if (!pb->success) @@ -774,7 +766,6 @@ TEST_info("Decoding %d bags", sk_PKCS12_SAFEBAG_num(pb->bags)); } - void end_check_contentinfo(PKCS12_BUILDER *pb) { if (!pb->success) @@ -785,5 +776,3 @@ sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free); pb->bags = NULL; } - - --- crypto/openssl/test/helpers/pkcs12.h.orig +++ crypto/openssl/test/helpers/pkcs12.h @@ -20,7 +20,6 @@ #include "../testutil.h" - /* ------------------------------------------------------------------------- * PKCS#12 Test structures */ @@ -31,12 +30,11 @@ char *value; } PKCS12_ATTR; - /* Holds encryption parameters */ typedef struct pkcs12_enc { - int nid; + int nid; const char *pass; - int iter; + int iter; } PKCS12_ENC; /* Set of variables required for constructing the PKCS#12 structure */ @@ -50,7 +48,6 @@ int bag_idx; } PKCS12_BUILDER; - /* ------------------------------------------------------------------------- * PKCS#12 Test function declarations */ @@ -77,11 +74,11 @@ void end_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc); void add_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, - const PKCS12_ATTR *attrs); + const PKCS12_ATTR *attrs); void add_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, - const PKCS12_ATTR *attrs, const PKCS12_ENC *enc); + const PKCS12_ATTR *attrs, const PKCS12_ENC *enc); void add_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, - const PKCS12_ATTR *attrs); + const PKCS12_ATTR *attrs); /* Decode/check functions */ void start_check_pkcs12(PKCS12_BUILDER *pb); @@ -95,9 +92,8 @@ void end_check_contentinfo(PKCS12_BUILDER *pb); void check_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, - const PKCS12_ATTR *attrs); + const PKCS12_ATTR *attrs); void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, - const PKCS12_ATTR *attrs, const PKCS12_ENC *enc); + const PKCS12_ATTR *attrs, const PKCS12_ENC *enc); void check_secretbag(PKCS12_BUILDER *pb, int secret_nid, const char *secret, - const PKCS12_ATTR *attrs); - + const PKCS12_ATTR *attrs); --- crypto/openssl/test/helpers/predefined_dhparams.c.orig +++ crypto/openssl/test/helpers/predefined_dhparams.c @@ -16,7 +16,7 @@ #ifndef OPENSSL_NO_DH static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, const char *type, - BIGNUM *p, BIGNUM *g, BIGNUM *q) + BIGNUM *p, BIGNUM *g, BIGNUM *q) { EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(libctx, type, NULL); OSSL_PARAM_BLD *tmpl = NULL; @@ -27,10 +27,10 @@ goto err; if ((tmpl = OSSL_PARAM_BLD_new()) == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g) - || (q != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q))) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g) + || (q != NULL + && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q))) goto err; params = OSSL_PARAM_BLD_to_param(tmpl); @@ -38,7 +38,7 @@ || EVP_PKEY_fromdata(pctx, &dhpkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) goto err; - err: +err: EVP_PKEY_CTX_free(pctx); OSSL_PARAM_free(params); OSSL_PARAM_BLD_free(tmpl); @@ -46,9 +46,9 @@ } static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, const char *type, - unsigned char *pdata, size_t plen, - unsigned char *gdata, size_t glen, - unsigned char *qdata, size_t qlen) + unsigned char *pdata, size_t plen, + unsigned char *gdata, size_t glen, + unsigned char *qdata, size_t qlen) { EVP_PKEY *dhpkey = NULL; BIGNUM *p = NULL, *g = NULL, *q = NULL; @@ -62,7 +62,7 @@ dhpkey = get_dh_from_pg_bn(libctx, type, p, g, q); - err: +err: BN_free(p); BN_free(g); BN_free(q); @@ -72,81 +72,510 @@ EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx) { static unsigned char dh512_p[] = { - 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, 0xC6, - 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04, 0xB0, - 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9, 0x5F, - 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33, 0xB8, - 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21, 0x33, - 0x02, 0xC5, 0xAE, 0x23, + 0xCB, + 0xC8, + 0xE1, + 0x86, + 0xD0, + 0x1F, + 0x94, + 0x17, + 0xA6, + 0x99, + 0xF0, + 0xC6, + 0x1F, + 0x0D, + 0xAC, + 0xB6, + 0x25, + 0x3E, + 0x06, + 0x39, + 0xCA, + 0x72, + 0x04, + 0xB0, + 0x6E, + 0xDA, + 0xC0, + 0x61, + 0xE6, + 0x7A, + 0x77, + 0x25, + 0xE8, + 0x3B, + 0xB9, + 0x5F, + 0x9A, + 0xB6, + 0xB5, + 0xFE, + 0x99, + 0x0B, + 0xA1, + 0x93, + 0x4E, + 0x35, + 0x33, + 0xB8, + 0xE1, + 0xF1, + 0x13, + 0x4F, + 0x59, + 0x1A, + 0xD2, + 0x57, + 0xC0, + 0x26, + 0x21, + 0x33, + 0x02, + 0xC5, + 0xAE, + 0x23, }; static unsigned char dh512_g[] = { 0x02, }; return get_dh_from_pg(libctx, "DH", dh512_p, sizeof(dh512_p), - dh512_g, sizeof(dh512_g), NULL, 0); + dh512_g, sizeof(dh512_g), NULL, 0); } EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx) { static unsigned char dhx512_p[] = { - 0x00, 0xe8, 0x1a, 0xb7, 0x9a, 0x02, 0x65, 0x64, 0x94, 0x7b, 0xba, 0x09, - 0x1c, 0x12, 0x27, 0x1e, 0xea, 0x89, 0x32, 0x64, 0x78, 0xf8, 0x1c, 0x78, - 0x8e, 0x96, 0xc3, 0xc6, 0x9f, 0x41, 0x05, 0x41, 0x65, 0xae, 0xe3, 0x05, - 0xea, 0x66, 0x21, 0xf7, 0x38, 0xb7, 0x2b, 0x32, 0x40, 0x5a, 0x14, 0x86, - 0x51, 0x94, 0xb1, 0xcf, 0x01, 0xe3, 0x27, 0x28, 0xf6, 0x75, 0xa3, 0x15, - 0xbb, 0x12, 0x4d, 0x99, 0xe7, + 0x00, + 0xe8, + 0x1a, + 0xb7, + 0x9a, + 0x02, + 0x65, + 0x64, + 0x94, + 0x7b, + 0xba, + 0x09, + 0x1c, + 0x12, + 0x27, + 0x1e, + 0xea, + 0x89, + 0x32, + 0x64, + 0x78, + 0xf8, + 0x1c, + 0x78, + 0x8e, + 0x96, + 0xc3, + 0xc6, + 0x9f, + 0x41, + 0x05, + 0x41, + 0x65, + 0xae, + 0xe3, + 0x05, + 0xea, + 0x66, + 0x21, + 0xf7, + 0x38, + 0xb7, + 0x2b, + 0x32, + 0x40, + 0x5a, + 0x14, + 0x86, + 0x51, + 0x94, + 0xb1, + 0xcf, + 0x01, + 0xe3, + 0x27, + 0x28, + 0xf6, + 0x75, + 0xa3, + 0x15, + 0xbb, + 0x12, + 0x4d, + 0x99, + 0xe7, }; static unsigned char dhx512_g[] = { - 0x00, 0x91, 0xc1, 0x43, 0x6d, 0x0d, 0xb0, 0xa4, 0xde, 0x41, 0xb7, 0x93, - 0xad, 0x51, 0x94, 0x1b, 0x43, 0xd8, 0x42, 0xf1, 0x5e, 0x46, 0x83, 0x5d, - 0xf1, 0xd1, 0xf0, 0x41, 0x10, 0xd1, 0x1c, 0x5e, 0xad, 0x9b, 0x68, 0xb1, - 0x6f, 0xf5, 0x8e, 0xaa, 0x6d, 0x71, 0x88, 0x37, 0xdf, 0x05, 0xf7, 0x6e, - 0x7a, 0xb4, 0x25, 0x10, 0x6c, 0x7f, 0x38, 0xb4, 0xc8, 0xfc, 0xcc, 0x0c, - 0x6a, 0x02, 0x08, 0x61, 0xf6, + 0x00, + 0x91, + 0xc1, + 0x43, + 0x6d, + 0x0d, + 0xb0, + 0xa4, + 0xde, + 0x41, + 0xb7, + 0x93, + 0xad, + 0x51, + 0x94, + 0x1b, + 0x43, + 0xd8, + 0x42, + 0xf1, + 0x5e, + 0x46, + 0x83, + 0x5d, + 0xf1, + 0xd1, + 0xf0, + 0x41, + 0x10, + 0xd1, + 0x1c, + 0x5e, + 0xad, + 0x9b, + 0x68, + 0xb1, + 0x6f, + 0xf5, + 0x8e, + 0xaa, + 0x6d, + 0x71, + 0x88, + 0x37, + 0xdf, + 0x05, + 0xf7, + 0x6e, + 0x7a, + 0xb4, + 0x25, + 0x10, + 0x6c, + 0x7f, + 0x38, + 0xb4, + 0xc8, + 0xfc, + 0xcc, + 0x0c, + 0x6a, + 0x02, + 0x08, + 0x61, + 0xf6, }; static unsigned char dhx512_q[] = { - 0x00, 0xdd, 0xf6, 0x35, 0xad, 0xfa, 0x70, 0xc7, 0xe7, 0xa8, 0xf0, 0xe3, - 0xda, 0x79, 0x34, 0x3f, 0x5b, 0xcf, 0x73, 0x82, 0x91, + 0x00, + 0xdd, + 0xf6, + 0x35, + 0xad, + 0xfa, + 0x70, + 0xc7, + 0xe7, + 0xa8, + 0xf0, + 0xe3, + 0xda, + 0x79, + 0x34, + 0x3f, + 0x5b, + 0xcf, + 0x73, + 0x82, + 0x91, }; return get_dh_from_pg(libctx, "X9.42 DH", - dhx512_p, sizeof(dhx512_p), - dhx512_g, sizeof(dhx512_g), - dhx512_q, sizeof(dhx512_q)); + dhx512_p, sizeof(dhx512_p), + dhx512_g, sizeof(dhx512_g), + dhx512_q, sizeof(dhx512_q)); } EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx) { static unsigned char dh1024_p[] = { - 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00, - 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19, - 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2, - 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55, - 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC, - 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97, - 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D, - 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB, - 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6, - 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E, - 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39, + 0xC8, + 0x00, + 0xF7, + 0x08, + 0x07, + 0x89, + 0x4D, + 0x90, + 0x53, + 0xF3, + 0xD5, + 0x00, + 0x21, + 0x1B, + 0xF7, + 0x31, + 0xA6, + 0xA2, + 0xDA, + 0x23, + 0x9A, + 0xC7, + 0x87, + 0x19, + 0x3B, + 0x47, + 0xB6, + 0x8C, + 0x04, + 0x6F, + 0xFF, + 0xC6, + 0x9B, + 0xB8, + 0x65, + 0xD2, + 0xC2, + 0x5F, + 0x31, + 0x83, + 0x4A, + 0xA7, + 0x5F, + 0x2F, + 0x88, + 0x38, + 0xB6, + 0x55, + 0xCF, + 0xD9, + 0x87, + 0x6D, + 0x6F, + 0x9F, + 0xDA, + 0xAC, + 0xA6, + 0x48, + 0xAF, + 0xFC, + 0x33, + 0x84, + 0x37, + 0x5B, + 0x82, + 0x4A, + 0x31, + 0x5D, + 0xE7, + 0xBD, + 0x52, + 0x97, + 0xA1, + 0x77, + 0xBF, + 0x10, + 0x9E, + 0x37, + 0xEA, + 0x64, + 0xFA, + 0xCA, + 0x28, + 0x8D, + 0x9D, + 0x3B, + 0xD2, + 0x6E, + 0x09, + 0x5C, + 0x68, + 0xC7, + 0x45, + 0x90, + 0xFD, + 0xBB, + 0x70, + 0xC9, + 0x3A, + 0xBB, + 0xDF, + 0xD4, + 0x21, + 0x0F, + 0xC4, + 0x6A, + 0x3C, + 0xF6, + 0x61, + 0xCF, + 0x3F, + 0xD6, + 0x13, + 0xF1, + 0x5F, + 0xBC, + 0xCF, + 0xBC, + 0x26, + 0x9E, + 0xBC, + 0x0B, + 0xBD, + 0xAB, + 0x5D, + 0xC9, + 0x54, + 0x39, }; static unsigned char dh1024_g[] = { - 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05, - 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3, - 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9, - 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C, - 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65, - 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60, - 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6, - 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7, - 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1, - 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60, - 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, + 0x3B, + 0x40, + 0x86, + 0xE7, + 0xF3, + 0x6C, + 0xDE, + 0x67, + 0x1C, + 0xCC, + 0x80, + 0x05, + 0x5A, + 0xDF, + 0xFE, + 0xBD, + 0x20, + 0x27, + 0x74, + 0x6C, + 0x24, + 0xC9, + 0x03, + 0xF3, + 0xE1, + 0x8D, + 0xC3, + 0x7D, + 0x98, + 0x27, + 0x40, + 0x08, + 0xB8, + 0x8C, + 0x6A, + 0xE9, + 0xBB, + 0x1A, + 0x3A, + 0xD6, + 0x86, + 0x83, + 0x5E, + 0x72, + 0x41, + 0xCE, + 0x85, + 0x3C, + 0xD2, + 0xB3, + 0xFC, + 0x13, + 0xCE, + 0x37, + 0x81, + 0x9E, + 0x4C, + 0x1C, + 0x7B, + 0x65, + 0xD3, + 0xE6, + 0xA6, + 0x00, + 0xF5, + 0x5A, + 0x95, + 0x43, + 0x5E, + 0x81, + 0xCF, + 0x60, + 0xA2, + 0x23, + 0xFC, + 0x36, + 0xA7, + 0x5D, + 0x7A, + 0x4C, + 0x06, + 0x91, + 0x6E, + 0xF6, + 0x57, + 0xEE, + 0x36, + 0xCB, + 0x06, + 0xEA, + 0xF5, + 0x3D, + 0x95, + 0x49, + 0xCB, + 0xA7, + 0xDD, + 0x81, + 0xDF, + 0x80, + 0x09, + 0x4A, + 0x97, + 0x4D, + 0xA8, + 0x22, + 0x72, + 0xA1, + 0x7F, + 0xC4, + 0x70, + 0x56, + 0x70, + 0xE8, + 0x20, + 0x10, + 0x18, + 0x8F, + 0x2E, + 0x60, + 0x07, + 0xE7, + 0x68, + 0x1A, + 0x82, + 0x5D, + 0x32, + 0xA2, }; return get_dh_from_pg(libctx, "DH", dh1024_p, sizeof(dh1024_p), - dh1024_g, sizeof(dh1024_g), NULL, 0); + dh1024_g, sizeof(dh1024_g), NULL, 0); } EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx) @@ -164,7 +593,7 @@ dhpkey = get_dh_from_pg_bn(libctx, "DH", p, g, NULL); - err: +err: BN_free(p); BN_free(g); return dhpkey; @@ -185,7 +614,7 @@ dhpkey = get_dh_from_pg_bn(libctx, "DH", p, g, NULL); - err: +err: BN_free(p); BN_free(g); return dhpkey; --- crypto/openssl/test/helpers/ssl_test_ctx.c.orig +++ crypto/openssl/test/helpers/ssl_test_ctx.c @@ -25,8 +25,7 @@ if (OPENSSL_strcasecmp(value, "Yes") == 0) { *result = 1; return 1; - } - else if (OPENSSL_strcasecmp(value, "No") == 0) { + } else if (OPENSSL_strcasecmp(value, "No") == 0) { *result = 0; return 1; } @@ -34,25 +33,25 @@ return 0; } -#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \ +#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \ static int parse_##name##_##field(struct_type *ctx, const char *value) \ - { \ - return parse_boolean(value, &ctx->field); \ + { \ + return parse_boolean(value, &ctx->field); \ } -#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \ +#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \ static int parse_##name##_##field(struct_type *ctx, const char *value) \ - { \ - OPENSSL_free(ctx->field); \ - ctx->field = OPENSSL_strdup(value); \ - return TEST_ptr(ctx->field); \ + { \ + OPENSSL_free(ctx->field); \ + ctx->field = OPENSSL_strdup(value); \ + return TEST_ptr(ctx->field); \ } -#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \ +#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \ static int parse_##name##_##field(struct_type *ctx, const char *value) \ - { \ - ctx->field = atoi(value); \ - return 1; \ + { \ + ctx->field = atoi(value); \ + return 1; \ } /* True enums and other test configuration values that map to an int. */ @@ -61,9 +60,8 @@ int value; } test_enum; - __owur static int parse_enum(const test_enum *enums, size_t num_enums, - int *value, const char *name) + int *value, const char *name) { size_t i; for (i = 0; i < num_enums; i++) { @@ -76,7 +74,7 @@ } static const char *enum_name(const test_enum *enums, size_t num_enums, - int value) + int value) { size_t i; for (i = 0; i < num_enums; i++) { @@ -87,22 +85,21 @@ return "InvalidValue"; } - /* ExpectedResult */ static const test_enum ssl_test_results[] = { - {"Success", SSL_TEST_SUCCESS}, - {"ServerFail", SSL_TEST_SERVER_FAIL}, - {"ClientFail", SSL_TEST_CLIENT_FAIL}, - {"InternalError", SSL_TEST_INTERNAL_ERROR}, - {"FirstHandshakeFailed", SSL_TEST_FIRST_HANDSHAKE_FAILED}, + { "Success", SSL_TEST_SUCCESS }, + { "ServerFail", SSL_TEST_SERVER_FAIL }, + { "ClientFail", SSL_TEST_CLIENT_FAIL }, + { "InternalError", SSL_TEST_INTERNAL_ERROR }, + { "FirstHandshakeFailed", SSL_TEST_FIRST_HANDSHAKE_FAILED }, }; __owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value) { int ret_value; if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results), - &ret_value, value)) { + &ret_value, value)) { return 0; } test_ctx->expected_result = ret_value; @@ -117,13 +114,13 @@ /* ExpectedClientAlert / ExpectedServerAlert */ static const test_enum ssl_alerts[] = { - {"UnknownCA", SSL_AD_UNKNOWN_CA}, - {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE}, - {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME}, - {"NoRenegotiation", SSL_AD_NO_RENEGOTIATION}, - {"BadCertificate", SSL_AD_BAD_CERTIFICATE}, - {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL}, - {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED}, + { "UnknownCA", SSL_AD_UNKNOWN_CA }, + { "HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE }, + { "UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME }, + { "NoRenegotiation", SSL_AD_NO_RENEGOTIATION }, + { "BadCertificate", SSL_AD_BAD_CERTIFICATE }, + { "NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL }, + { "CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED }, }; __owur static int parse_alert(int *alert, const char *value) @@ -149,19 +146,19 @@ /* ExpectedProtocol */ static const test_enum ssl_protocols[] = { - {"TLSv1.3", TLS1_3_VERSION}, - {"TLSv1.2", TLS1_2_VERSION}, - {"TLSv1.1", TLS1_1_VERSION}, - {"TLSv1", TLS1_VERSION}, - {"SSLv3", SSL3_VERSION}, - {"DTLSv1", DTLS1_VERSION}, - {"DTLSv1.2", DTLS1_2_VERSION}, + { "TLSv1.3", TLS1_3_VERSION }, + { "TLSv1.2", TLS1_2_VERSION }, + { "TLSv1.1", TLS1_1_VERSION }, + { "TLSv1", TLS1_VERSION }, + { "SSLv3", SSL3_VERSION }, + { "DTLSv1", DTLS1_VERSION }, + { "DTLSv1.2", DTLS1_2_VERSION }, }; __owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value) { return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols), - &test_ctx->expected_protocol, value); + &test_ctx->expected_protocol, value); } const char *ssl_protocol_name(int protocol) @@ -172,19 +169,19 @@ /* VerifyCallback */ static const test_enum ssl_verify_callbacks[] = { - {"None", SSL_TEST_VERIFY_NONE}, - {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL}, - {"RetryOnce", SSL_TEST_VERIFY_RETRY_ONCE}, - {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL}, + { "None", SSL_TEST_VERIFY_NONE }, + { "AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL }, + { "RetryOnce", SSL_TEST_VERIFY_RETRY_ONCE }, + { "RejectAll", SSL_TEST_VERIFY_REJECT_ALL }, }; __owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf, - const char *value) + const char *value) { int ret_value; if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks), - &ret_value, value)) { + &ret_value, value)) { return 0; } client_conf->verify_callback = ret_value; @@ -194,24 +191,24 @@ const char *ssl_verify_callback_name(ssl_verify_callback_t callback) { return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks), - callback); + callback); } /* ServerName */ static const test_enum ssl_servername[] = { - {"None", SSL_TEST_SERVERNAME_NONE}, - {"server1", SSL_TEST_SERVERNAME_SERVER1}, - {"server2", SSL_TEST_SERVERNAME_SERVER2}, - {"invalid", SSL_TEST_SERVERNAME_INVALID}, + { "None", SSL_TEST_SERVERNAME_NONE }, + { "server1", SSL_TEST_SERVERNAME_SERVER1 }, + { "server2", SSL_TEST_SERVERNAME_SERVER2 }, + { "invalid", SSL_TEST_SERVERNAME_INVALID }, }; __owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf, - const char *value) + const char *value) { int ret_value; if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername), - &ret_value, value)) { + &ret_value, value)) { return 0; } client_conf->servername = ret_value; @@ -219,11 +216,11 @@ } __owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { int ret_value; if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername), - &ret_value, value)) { + &ret_value, value)) { return 0; } test_ctx->expected_servername = ret_value; @@ -233,28 +230,28 @@ const char *ssl_servername_name(ssl_servername_t server) { return enum_name(ssl_servername, OSSL_NELEM(ssl_servername), - server); + server); } /* ServerNameCallback */ static const test_enum ssl_servername_callbacks[] = { - {"None", SSL_TEST_SERVERNAME_CB_NONE}, - {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH}, - {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH}, - {"ClientHelloIgnoreMismatch", - SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH}, - {"ClientHelloRejectMismatch", - SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH}, - {"ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12}, + { "None", SSL_TEST_SERVERNAME_CB_NONE }, + { "IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH }, + { "RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH }, + { "ClientHelloIgnoreMismatch", + SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH }, + { "ClientHelloRejectMismatch", + SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH }, + { "ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12 }, }; __owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf, - const char *value) + const char *value) { int ret_value; if (!parse_enum(ssl_servername_callbacks, - OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) { + OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) { return 0; } server_conf->servername_callback = ret_value; @@ -264,22 +261,22 @@ const char *ssl_servername_callback_name(ssl_servername_callback_t callback) { return enum_name(ssl_servername_callbacks, - OSSL_NELEM(ssl_servername_callbacks), callback); + OSSL_NELEM(ssl_servername_callbacks), callback); } /* SessionTicketExpected */ static const test_enum ssl_session_ticket[] = { - {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE}, - {"Yes", SSL_TEST_SESSION_TICKET_YES}, - {"No", SSL_TEST_SESSION_TICKET_NO}, + { "Ignore", SSL_TEST_SESSION_TICKET_IGNORE }, + { "Yes", SSL_TEST_SESSION_TICKET_YES }, + { "No", SSL_TEST_SESSION_TICKET_NO }, }; __owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value) { int ret_value; if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket), - &ret_value, value)) { + &ret_value, value)) { return 0; } test_ctx->session_ticket_expected = ret_value; @@ -289,8 +286,8 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server) { return enum_name(ssl_session_ticket, - OSSL_NELEM(ssl_session_ticket), - server); + OSSL_NELEM(ssl_session_ticket), + server); } /* CompressionExpected */ @@ -300,16 +297,16 @@ /* SessionIdExpected */ static const test_enum ssl_session_id[] = { - {"Ignore", SSL_TEST_SESSION_ID_IGNORE}, - {"Yes", SSL_TEST_SESSION_ID_YES}, - {"No", SSL_TEST_SESSION_ID_NO}, + { "Ignore", SSL_TEST_SESSION_ID_IGNORE }, + { "Yes", SSL_TEST_SESSION_ID_YES }, + { "No", SSL_TEST_SESSION_ID_NO }, }; __owur static int parse_session_id(SSL_TEST_CTX *test_ctx, const char *value) { int ret_value; if (!parse_enum(ssl_session_id, OSSL_NELEM(ssl_session_id), - &ret_value, value)) { + &ret_value, value)) { return 0; } test_ctx->session_id_expected = ret_value; @@ -319,22 +316,22 @@ const char *ssl_session_id_name(ssl_session_id_t server) { return enum_name(ssl_session_id, - OSSL_NELEM(ssl_session_id), - server); + OSSL_NELEM(ssl_session_id), + server); } /* Method */ static const test_enum ssl_test_methods[] = { - {"TLS", SSL_TEST_METHOD_TLS}, - {"DTLS", SSL_TEST_METHOD_DTLS}, + { "TLS", SSL_TEST_METHOD_TLS }, + { "DTLS", SSL_TEST_METHOD_DTLS }, }; __owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value) { int ret_value; if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods), - &ret_value, value)) { + &ret_value, value)) { return 0; } test_ctx->method = ret_value; @@ -368,20 +365,20 @@ /* Handshake mode */ static const test_enum ssl_handshake_modes[] = { - {"Simple", SSL_TEST_HANDSHAKE_SIMPLE}, - {"Resume", SSL_TEST_HANDSHAKE_RESUME}, - {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER}, - {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT}, - {"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER}, - {"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT}, - {"PostHandshakeAuth", SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH}, + { "Simple", SSL_TEST_HANDSHAKE_SIMPLE }, + { "Resume", SSL_TEST_HANDSHAKE_RESUME }, + { "RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER }, + { "RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT }, + { "KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER }, + { "KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT }, + { "PostHandshakeAuth", SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH }, }; __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value) { int ret_value; if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes), - &ret_value, value)) { + &ret_value, value)) { return 0; } test_ctx->handshake_mode = ret_value; @@ -391,7 +388,7 @@ const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode) { return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes), - mode); + mode); } /* Renegotiation Ciphersuites */ @@ -401,15 +398,15 @@ /* KeyUpdateType */ static const test_enum ssl_key_update_types[] = { - {"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED}, - {"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED}, + { "KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED }, + { "KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED }, }; __owur static int parse_key_update_type(SSL_TEST_CTX *test_ctx, const char *value) { int ret_value; if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types), - &ret_value, value)) { + &ret_value, value)) { return 0; } test_ctx->key_update_type = ret_value; @@ -419,17 +416,17 @@ /* CT Validation */ static const test_enum ssl_ct_validation_modes[] = { - {"None", SSL_TEST_CT_VALIDATION_NONE}, - {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE}, - {"Strict", SSL_TEST_CT_VALIDATION_STRICT}, + { "None", SSL_TEST_CT_VALIDATION_NONE }, + { "Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE }, + { "Strict", SSL_TEST_CT_VALIDATION_STRICT }, }; __owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf, - const char *value) + const char *value) { int ret_value; if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes), - &ret_value, value)) { + &ret_value, value)) { return 0; } client_conf->ct_validation = ret_value; @@ -439,7 +436,7 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode) { return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes), - mode); + mode); } IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) @@ -451,17 +448,17 @@ /* CertStatus */ static const test_enum ssl_certstatus[] = { - {"None", SSL_TEST_CERT_STATUS_NONE}, - {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE}, - {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE} + { "None", SSL_TEST_CERT_STATUS_NONE }, + { "GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE }, + { "BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE } }; __owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf, - const char *value) + const char *value) { int ret_value; if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value, - value)) { + value)) { return 0; } server_conf->cert_status = ret_value; @@ -471,34 +468,33 @@ const char *ssl_certstatus_name(ssl_cert_status_t cert_status) { return enum_name(ssl_certstatus, - OSSL_NELEM(ssl_certstatus), cert_status); + OSSL_NELEM(ssl_certstatus), cert_status); } /* ApplicationData */ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size) - /* MaxFragmentSize */ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size) /* Maximum-Fragment-Length TLS extension mode */ static const test_enum ssl_max_fragment_len_mode[] = { - {"None", TLSEXT_max_fragment_length_DISABLED}, - { "512", TLSEXT_max_fragment_length_512}, - {"1024", TLSEXT_max_fragment_length_1024}, - {"2048", TLSEXT_max_fragment_length_2048}, - {"4096", TLSEXT_max_fragment_length_4096} + { "None", TLSEXT_max_fragment_length_DISABLED }, + { "512", TLSEXT_max_fragment_length_512 }, + { "1024", TLSEXT_max_fragment_length_1024 }, + { "2048", TLSEXT_max_fragment_length_2048 }, + { "4096", TLSEXT_max_fragment_length_4096 } }; __owur static int parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF *client_conf, - const char *value) + const char *value) { int ret_value; if (!parse_enum(ssl_max_fragment_len_mode, - OSSL_NELEM(ssl_max_fragment_len_mode), &ret_value, value)) { + OSSL_NELEM(ssl_max_fragment_len_mode), &ret_value, value)) { return 0; } client_conf->max_fragment_len_mode = ret_value; @@ -508,10 +504,9 @@ const char *ssl_max_fragment_len_name(int MFL_mode) { return enum_name(ssl_max_fragment_len_mode, - OSSL_NELEM(ssl_max_fragment_len_mode), MFL_mode); + OSSL_NELEM(ssl_max_fragment_len_mode), MFL_mode); } - /* Expected key and signature types */ __owur static int parse_expected_key_type(int *ptype, const char *value) @@ -539,40 +534,39 @@ } __owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_key_type(&test_ctx->expected_tmp_key_type, value); } __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_key_type(&test_ctx->expected_server_cert_type, - value); + value); } __owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_key_type(&test_ctx->expected_server_sign_type, - value); + value); } __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_key_type(&test_ctx->expected_client_cert_type, - value); + value); } __owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_key_type(&test_ctx->expected_client_sign_type, - value); + value); } - /* Expected signing hash */ __owur static int parse_expected_sign_hash(int *ptype, const char *value) @@ -591,22 +585,22 @@ } __owur static int parse_expected_server_sign_hash(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_sign_hash(&test_ctx->expected_server_sign_hash, - value); + value); } __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_sign_hash(&test_ctx->expected_client_sign_hash, - value); + value); } __owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames, - const char *value, - OSSL_LIB_CTX *libctx) + const char *value, + OSSL_LIB_CTX *libctx) { if (value == NULL) return 0; @@ -617,16 +611,16 @@ return *pnames != NULL; } __owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value, - test_ctx->libctx); + test_ctx->libctx); } __owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx, - const char *value) + const char *value) { return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value, - test_ctx->libctx); + test_ctx->libctx); } /* ExpectedCipher */ @@ -692,7 +686,7 @@ { "NPNProtocols", &parse_client_npn_protocols }, { "ALPNProtocols", &parse_client_alpn_protocols }, { "CTValidation", &parse_ct_validation }, - { "RenegotiateCiphers", &parse_client_reneg_ciphers}, + { "RenegotiateCiphers", &parse_client_reneg_ciphers }, { "SRPUser", &parse_client_srp_user }, { "SRPPassword", &parse_client_srp_password }, { "MaxFragmentLenExt", &parse_max_fragment_len_mode }, @@ -771,7 +765,7 @@ } static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, - const char *client_section) + const char *client_section) { STACK_OF(CONF_VALUE) *sk_conf; int i; @@ -787,7 +781,7 @@ if (strcmp(option->name, ssl_test_client_options[j].name) == 0) { if (!ssl_test_client_options[j].parse(client, option->value)) { TEST_info("Bad value %s for option %s", - option->value, option->name); + option->value, option->name); return 0; } found = 1; @@ -804,7 +798,7 @@ } static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, - const char *server_section) + const char *server_section) { STACK_OF(CONF_VALUE) *sk_conf; int i; @@ -820,7 +814,7 @@ if (strcmp(option->name, ssl_test_server_options[j].name) == 0) { if (!ssl_test_server_options[j].parse(server, option->value)) { TEST_info("Bad value %s for option %s", - option->value, option->name); + option->value, option->name); return 0; } found = 1; @@ -837,7 +831,7 @@ } SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section, - OSSL_LIB_CTX *libctx) + OSSL_LIB_CTX *libctx) { STACK_OF(CONF_VALUE) *sk_conf = NULL; SSL_TEST_CTX *ctx = NULL; @@ -845,7 +839,7 @@ size_t j; if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section)) - || !TEST_ptr(ctx = SSL_TEST_CTX_new(libctx))) + || !TEST_ptr(ctx = SSL_TEST_CTX_new(libctx))) goto err; for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { @@ -864,22 +858,22 @@ goto err; } else if (strcmp(option->name, "resume-client") == 0) { if (!parse_client_options(&ctx->resume_extra.client, conf, - option->value)) + option->value)) goto err; } else if (strcmp(option->name, "resume-server") == 0) { if (!parse_server_options(&ctx->resume_extra.server, conf, - option->value)) + option->value)) goto err; } else if (strcmp(option->name, "resume-server2") == 0) { if (!parse_server_options(&ctx->resume_extra.server2, conf, - option->value)) + option->value)) goto err; } else { for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) { if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) { if (!ssl_test_ctx_options[j].parse(ctx, option->value)) { TEST_info("Bad value %s for option %s", - option->value, option->name); + option->value, option->name); goto err; } found = 1; @@ -895,9 +889,9 @@ goto done; - err: +err: SSL_TEST_CTX_free(ctx); ctx = NULL; - done: +done: return ctx; } --- crypto/openssl/test/helpers/ssl_test_ctx.h.orig +++ crypto/openssl/test/helpers/ssl_test_ctx.h @@ -14,7 +14,7 @@ #include typedef enum { - SSL_TEST_SUCCESS = 0, /* Default */ + SSL_TEST_SUCCESS = 0, /* Default */ SSL_TEST_SERVER_FAIL, SSL_TEST_CLIENT_FAIL, SSL_TEST_INTERNAL_ERROR, @@ -37,7 +37,7 @@ } ssl_servername_t; typedef enum { - SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ + SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ SSL_TEST_SERVERNAME_IGNORE_MISMATCH, SSL_TEST_SERVERNAME_REJECT_MISMATCH, SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH, @@ -236,7 +236,7 @@ const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback); const char *ssl_servername_name(ssl_servername_t server); const char *ssl_servername_callback_name(ssl_servername_callback_t - servername_callback); + servername_callback); const char *ssl_session_ticket_name(ssl_session_ticket_t server); const char *ssl_session_id_name(ssl_session_id_t server); const char *ssl_test_method_name(ssl_test_method_t method); @@ -250,10 +250,10 @@ * See test/README.ssltest.md for details on the conf file format. */ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section, - OSSL_LIB_CTX *libctx); + OSSL_LIB_CTX *libctx); SSL_TEST_CTX *SSL_TEST_CTX_new(OSSL_LIB_CTX *libctx); void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx); -#endif /* OSSL_TEST_SSL_TEST_CTX_H */ +#endif /* OSSL_TEST_SSL_TEST_CTX_H */ --- crypto/openssl/test/helpers/ssltestlib.c.orig +++ crypto/openssl/test/helpers/ssltestlib.c @@ -12,7 +12,7 @@ * when the deprecated calls are not hidden */ #ifndef OPENSSL_NO_DEPRECATED_3_0 -# define OPENSSL_SUPPRESS_DEPRECATED +#define OPENSSL_SUPPRESS_DEPRECATED #endif #include @@ -24,15 +24,15 @@ #include "e_os.h" /* for ossl_sleep() etc. */ #ifdef OPENSSL_SYS_UNIX -# include -# ifndef OPENSSL_NO_KTLS -# include -# include -# include -# include -# include -# include -# endif +#include +#ifndef OPENSSL_NO_KTLS +#include +#include +#include +#include +#include +#include +#endif #endif static int tls_dump_new(BIO *bi); @@ -44,9 +44,9 @@ static int tls_dump_puts(BIO *bp, const char *str); /* Choose a sufficiently large type likely to be unused for this custom BIO */ -#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) -#define BIO_TYPE_MEMPACKET_TEST 0x81 -#define BIO_TYPE_ALWAYS_RETRY 0x82 +#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_MEMPACKET_TEST 0x81 +#define BIO_TYPE_ALWAYS_RETRY 0x82 static BIO_METHOD *method_tls_dump = NULL; static BIO_METHOD *meth_mem = NULL; @@ -58,8 +58,8 @@ { if (method_tls_dump == NULL) { method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER, - "TLS dump filter"); - if ( method_tls_dump == NULL + "TLS dump filter"); + if (method_tls_dump == NULL || !BIO_meth_set_write(method_tls_dump, tls_dump_write) || !BIO_meth_set_read(method_tls_dump, tls_dump_read) || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts) @@ -100,29 +100,28 @@ BIO_set_flags(bio, flags); } -#define RECORD_CONTENT_TYPE 0 -#define RECORD_VERSION_HI 1 -#define RECORD_VERSION_LO 2 -#define RECORD_EPOCH_HI 3 -#define RECORD_EPOCH_LO 4 -#define RECORD_SEQUENCE_START 5 -#define RECORD_SEQUENCE_END 10 -#define RECORD_LEN_HI 11 -#define RECORD_LEN_LO 12 - -#define MSG_TYPE 0 -#define MSG_LEN_HI 1 -#define MSG_LEN_MID 2 -#define MSG_LEN_LO 3 -#define MSG_SEQ_HI 4 -#define MSG_SEQ_LO 5 -#define MSG_FRAG_OFF_HI 6 -#define MSG_FRAG_OFF_MID 7 -#define MSG_FRAG_OFF_LO 8 -#define MSG_FRAG_LEN_HI 9 -#define MSG_FRAG_LEN_MID 10 -#define MSG_FRAG_LEN_LO 11 - +#define RECORD_CONTENT_TYPE 0 +#define RECORD_VERSION_HI 1 +#define RECORD_VERSION_LO 2 +#define RECORD_EPOCH_HI 3 +#define RECORD_EPOCH_LO 4 +#define RECORD_SEQUENCE_START 5 +#define RECORD_SEQUENCE_END 10 +#define RECORD_LEN_HI 11 +#define RECORD_LEN_LO 12 + +#define MSG_TYPE 0 +#define MSG_LEN_HI 1 +#define MSG_LEN_MID 2 +#define MSG_LEN_LO 3 +#define MSG_SEQ_HI 4 +#define MSG_SEQ_LO 5 +#define MSG_FRAG_OFF_HI 6 +#define MSG_FRAG_OFF_MID 7 +#define MSG_FRAG_OFF_LO 8 +#define MSG_FRAG_LEN_HI 9 +#define MSG_FRAG_LEN_MID 10 +#define MSG_FRAG_LEN_LO 11 static void dump_data(const char *data, int len) { @@ -145,7 +144,7 @@ content = rec[RECORD_CONTENT_TYPE]; printf("** Record Content-type: %d\n", content); printf("** Record Version: %02x%02x\n", - rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]); + rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]); epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO]; printf("** Record Epoch: %d\n", epoch); printf("** Record Sequence: "); @@ -162,22 +161,22 @@ if (epoch > 0) { printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n"); } else if (rem < DTLS1_HM_HEADER_LENGTH - || reclen < DTLS1_HM_HEADER_LENGTH) { + || reclen < DTLS1_HM_HEADER_LENGTH) { printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); } else { printf("*** Message Type: %d\n", rec[MSG_TYPE]); msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8) - | rec[MSG_LEN_LO]; + | rec[MSG_LEN_LO]; printf("*** Message Length: %d\n", msglen); printf("*** Message sequence: %d\n", - (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]); + (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]); fragoff = (rec[MSG_FRAG_OFF_HI] << 16) - | (rec[MSG_FRAG_OFF_MID] << 8) - | rec[MSG_FRAG_OFF_LO]; + | (rec[MSG_FRAG_OFF_MID] << 8) + | rec[MSG_FRAG_OFF_LO]; printf("*** Message Fragment offset: %d\n", fragoff); fraglen = (rec[MSG_FRAG_LEN_HI] << 16) - | (rec[MSG_FRAG_LEN_MID] << 8) - | rec[MSG_FRAG_LEN_LO]; + | (rec[MSG_FRAG_LEN_MID] << 8) + | rec[MSG_FRAG_LEN_LO]; printf("*** Message Fragment len: %d\n", fraglen); if (fragoff + fraglen > msglen) printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n"); @@ -256,7 +255,6 @@ return tls_dump_write(bio, str, strlen(str)); } - struct mempacket_st { unsigned char *data; int len; @@ -296,7 +294,7 @@ { if (meth_mem == NULL) { if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, - "Mem Packet Test")) + "Mem Packet Test")) || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) @@ -343,13 +341,13 @@ } /* Record Header values */ -#define EPOCH_HI 3 -#define EPOCH_LO 4 +#define EPOCH_HI 3 +#define EPOCH_LO 4 #define RECORD_SEQUENCE 10 -#define RECORD_LEN_HI 11 -#define RECORD_LEN_LO 12 +#define RECORD_LEN_HI 11 +#define RECORD_LEN_LO 12 -#define STANDARD_PACKET 0 +#define STANDARD_PACKET 0 static int mempacket_test_read(BIO *bio, char *out, int outl) { @@ -373,7 +371,7 @@ outl = thispkt->len; if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ - && (ctx->injected || ctx->droprec >= 0)) { + && (ctx->injected || ctx->droprec >= 0)) { /* * Overwrite the record sequence number. We strictly number them in * the order received. Since we are actually a reliable transport @@ -397,7 +395,7 @@ } while (seq > 0); len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) - + DTLS1_RT_HEADER_LENGTH; + + DTLS1_RT_HEADER_LENGTH; if (rem < (int)len) return -1; if (ctx->droprec == (int)ctx->currrec && ctx->dropepoch == epoch) { @@ -449,7 +447,7 @@ return 0; epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) - + DTLS1_RT_HEADER_LENGTH; + + DTLS1_RT_HEADER_LENGTH; if (rem < len) return 0; @@ -540,14 +538,14 @@ } int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, - int type) + int type) { MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3]; int i, duprec; const unsigned char *inu = (const unsigned char *)in; size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO]) - + DTLS1_RT_HEADER_LENGTH; + + DTLS1_RT_HEADER_LENGTH; if (ctx == NULL) return -1; @@ -568,7 +566,7 @@ if (pktnum >= 0) { if (ctx->noinject) return -1; - ctx->injected = 1; + ctx->injected = 1; } else { ctx->noinject = 1; } @@ -621,7 +619,7 @@ ctx->lastpkt++; else return inl; - } while(1); + } while (1); } else if (looppkt->num == thispkt->num) { if (!ctx->noinject) { /* We injected two packets with the same packet number! */ @@ -646,7 +644,7 @@ return inl; - err: +err: for (i = 0; i < (ctx->duprec > 0 ? 3 : 1); i++) mempacket_free(allpkts[i]); return -1; @@ -732,21 +730,21 @@ { if (meth_always_retry == NULL) { if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY, - "Always Retry")) + "Always Retry")) || !TEST_true(BIO_meth_set_write(meth_always_retry, - always_retry_write)) + always_retry_write)) || !TEST_true(BIO_meth_set_read(meth_always_retry, - always_retry_read)) + always_retry_read)) || !TEST_true(BIO_meth_set_puts(meth_always_retry, - always_retry_puts)) + always_retry_puts)) || !TEST_true(BIO_meth_set_gets(meth_always_retry, - always_retry_gets)) + always_retry_gets)) || !TEST_true(BIO_meth_set_ctrl(meth_always_retry, - always_retry_ctrl)) + always_retry_ctrl)) || !TEST_true(BIO_meth_set_create(meth_always_retry, - always_retry_new)) + always_retry_new)) || !TEST_true(BIO_meth_set_destroy(meth_always_retry, - always_retry_free))) + always_retry_free))) return NULL; } return meth_always_retry; @@ -820,9 +818,9 @@ } int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, - const SSL_METHOD *cm, int min_proto_version, - int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, - char *certfile, char *privkeyfile) + const SSL_METHOD *cm, int min_proto_version, + int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, + char *certfile, char *privkeyfile) { SSL_CTX *serverctx = NULL; SSL_CTX *clientctx = NULL; @@ -832,7 +830,7 @@ serverctx = *sctx; else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)) || !TEST_true(SSL_CTX_set_options(serverctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) + SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) goto err; } @@ -844,41 +842,43 @@ } #if !defined(OPENSSL_NO_TLS1_3) \ - && defined(OPENSSL_NO_EC) \ + && defined(OPENSSL_NO_EC) \ && defined(OPENSSL_NO_DH) /* * There are no usable built-in TLSv1.3 groups if ec and dh are both * disabled */ if (max_proto_version == 0 - && (sm == TLS_server_method() || cm == TLS_client_method())) + && (sm == TLS_server_method() || cm == TLS_client_method())) max_proto_version = TLS1_2_VERSION; #endif if (serverctx != NULL - && ((min_proto_version > 0 - && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, - min_proto_version))) - || (max_proto_version > 0 - && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, - max_proto_version))))) + && ((min_proto_version > 0 + && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, + min_proto_version))) + || (max_proto_version > 0 + && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, + max_proto_version))))) goto err; if (clientctx != NULL && ((min_proto_version > 0 - && !TEST_true(SSL_CTX_set_min_proto_version(clientctx, - min_proto_version))) + && !TEST_true(SSL_CTX_set_min_proto_version(clientctx, + min_proto_version))) || (max_proto_version > 0 && !TEST_true(SSL_CTX_set_max_proto_version(clientctx, - max_proto_version))))) + max_proto_version))))) goto err; if (serverctx != NULL && certfile != NULL && privkeyfile != NULL) { if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, - SSL_FILETYPE_PEM), 1) - || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, - privkeyfile, - SSL_FILETYPE_PEM), 1) - || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) + SSL_FILETYPE_PEM), + 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, + privkeyfile, + SSL_FILETYPE_PEM), + 1) + || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) goto err; } @@ -888,7 +888,7 @@ *cctx = clientctx; return 1; - err: +err: if (sctx != NULL && *sctx == NULL) SSL_CTX_free(serverctx); if (cctx != NULL && *cctx == NULL) @@ -896,14 +896,14 @@ return 0; } -#define MAXLOOPS 1000000 +#define MAXLOOPS 1000000 #if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK) static int set_nb(int fd) { int flags; - flags = fcntl(fd,F_GETFL,0); + flags = fcntl(fd, F_GETFL, 0); if (flags == -1) return flags; flags = fcntl(fd, F_SETFL, flags | O_NONBLOCK); @@ -918,7 +918,7 @@ socklen_t slen = sizeof(sin); int afd = -1, cfd = -1, sfd = -1; - memset ((char *) &sin, 0, sizeof(sin)); + memset((char *)&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = inet_addr(host); @@ -926,10 +926,10 @@ if (afd < 0) return 0; - if (bind(afd, (struct sockaddr*)&sin, sizeof(sin)) < 0) + if (bind(afd, (struct sockaddr *)&sin, sizeof(sin)) < 0) goto out; - if (getsockname(afd, (struct sockaddr*)&sin, &slen) < 0) + if (getsockname(afd, (struct sockaddr *)&sin, &slen) < 0) goto out; if (listen(afd, 1) < 0) @@ -942,12 +942,12 @@ if (set_nb(afd) == -1) goto out; - while (sfd == -1 || !cfd_connected ) { + while (sfd == -1 || !cfd_connected) { sfd = accept(afd, NULL, 0); if (sfd == -1 && errno != EAGAIN) goto out; - if (!cfd_connected && connect(cfd, (struct sockaddr*)&sin, sizeof(sin)) < 0) + if (!cfd_connected && connect(cfd, (struct sockaddr *)&sin, sizeof(sin)) < 0) goto out; else cfd_connected = 1; @@ -972,7 +972,7 @@ } int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, - SSL **cssl, int sfd, int cfd) + SSL **cssl, int sfd, int cfd) { SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; @@ -987,7 +987,7 @@ goto error; if (!TEST_ptr(s_to_c_bio = BIO_new_socket(sfd, BIO_NOCLOSE)) - || !TEST_ptr(c_to_s_bio = BIO_new_socket(cfd, BIO_NOCLOSE))) + || !TEST_ptr(c_to_s_bio = BIO_new_socket(cfd, BIO_NOCLOSE))) goto error; SSL_set_bio(clientssl, c_to_s_bio, c_to_s_bio); @@ -996,7 +996,7 @@ *cssl = clientssl; return 1; - error: +error: SSL_free(serverssl); SSL_free(clientssl); BIO_free(s_to_c_bio); @@ -1009,7 +1009,7 @@ * NOTE: Transfers control of the BIOs - this function will free them on error */ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, - SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) + SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) { SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; @@ -1025,19 +1025,19 @@ if (SSL_is_dtls(clientssl)) { if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) - || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) + || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) goto error; } else { if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) - || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) + || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) goto error; } if (s_to_c_fbio != NULL - && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) + && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) goto error; if (c_to_s_fbio != NULL - && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) + && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) goto error; /* Set Non-blocking IO behaviour */ @@ -1053,7 +1053,7 @@ *cssl = clientssl; return 1; - error: +error: SSL_free(serverssl); SSL_free(clientssl); BIO_free(s_to_c_bio); @@ -1075,7 +1075,7 @@ * attempt could be restarted by a subsequent call to this function. */ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, - int read) + int read) { int retc = -1, rets = -1, err, abortctr = 0; int clienterr = 0, servererr = 0; @@ -1106,8 +1106,8 @@ } if (!servererr && rets <= 0 - && err != SSL_ERROR_WANT_READ - && err != SSL_ERROR_WANT_X509_LOOKUP) { + && err != SSL_ERROR_WANT_READ + && err != SSL_ERROR_WANT_X509_LOOKUP) { TEST_info("SSL_accept() failed %d, %d", rets, err); if (want != SSL_ERROR_SSL) TEST_openssl_errors(); @@ -1148,7 +1148,7 @@ */ ossl_sleep(50); } - } while (retc <=0 || rets <= 0); + } while (retc <= 0 || rets <= 0); return 1; } @@ -1176,7 +1176,7 @@ if (!TEST_ulong_eq(readbytes, 0)) return 0; } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), - SSL_ERROR_WANT_READ)) { + SSL_ERROR_WANT_READ)) { return 0; } } --- crypto/openssl/test/helpers/ssltestlib.h.orig +++ crypto/openssl/test/helpers/ssltestlib.h @@ -8,20 +8,20 @@ */ #ifndef OSSL_TEST_SSLTESTLIB_H -# define OSSL_TEST_SSLTESTLIB_H +#define OSSL_TEST_SSLTESTLIB_H -# include +#include int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, - const SSL_METHOD *cm, int min_proto_version, - int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, - char *certfile, char *privkeyfile); + const SSL_METHOD *cm, int min_proto_version, + int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, + char *certfile, char *privkeyfile); int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, - SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio); + SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio); int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, - int read); + int read); int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, - SSL **cssl, int sfd, int cfd); + SSL **cssl, int sfd, int cfd); int create_test_sockets(int *cfd, int *sfd); int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want); void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl); @@ -38,22 +38,22 @@ void set_always_retry_err_val(int err); /* Packet types - value 0 is reserved */ -#define INJECT_PACKET 1 -#define INJECT_PACKET_IGNORE_REC_SEQ 2 +#define INJECT_PACKET 1 +#define INJECT_PACKET_IGNORE_REC_SEQ 2 /* * Mempacket BIO ctrls. We make them large enough to not clash with standard BIO * ctrl codes. */ -#define MEMPACKET_CTRL_SET_DROP_EPOCH (1 << 15) -#define MEMPACKET_CTRL_SET_DROP_REC (2 << 15) -#define MEMPACKET_CTRL_GET_DROP_REC (3 << 15) -#define MEMPACKET_CTRL_SET_DUPLICATE_REC (4 << 15) +#define MEMPACKET_CTRL_SET_DROP_EPOCH (1 << 15) +#define MEMPACKET_CTRL_SET_DROP_REC (2 << 15) +#define MEMPACKET_CTRL_GET_DROP_REC (3 << 15) +#define MEMPACKET_CTRL_SET_DUPLICATE_REC (4 << 15) int mempacket_swap_epoch(BIO *bio); int mempacket_move_packet(BIO *bio, int d, int s); int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, - int type); + int type); typedef struct mempacket_st MEMPACKET; --- crypto/openssl/test/hexstr_test.c.orig +++ crypto/openssl/test/hexstr_test.c @@ -16,8 +16,7 @@ #include "internal/cryptlib.h" #include "testutil.h" -struct testdata -{ +struct testdata { const char *in; const unsigned char *expected; size_t expected_len; @@ -30,32 +29,38 @@ static struct testdata tbl_testdata[] = { { "AB:CD:EF:F1", - test_1, sizeof(test_1), + test_1, + sizeof(test_1), ':', }, { "AB:CD:EF:76:00", - test_2, sizeof(test_2), + test_2, + sizeof(test_2), ':', }, { "AB_CD_EF_F1", - test_1, sizeof(test_1), + test_1, + sizeof(test_1), '_', }, { "AB_CD_EF_76_00", - test_2, sizeof(test_2), + test_2, + sizeof(test_2), '_', }, { "ABCDEFF1", - test_1, sizeof(test_1), + test_1, + sizeof(test_1), '\0', }, { "ABCDEF7600", - test_2, sizeof(test_2), + test_2, + sizeof(test_2), '\0', }, }; @@ -72,7 +77,7 @@ || !TEST_mem_eq(buf, len, test->expected, test->expected_len) || !TEST_ptr(out = ossl_buf2hexstr_sep(buf, len, test->sep)) || !TEST_str_eq(out, test->in)) - goto err; + goto err; ret = 1; err: @@ -93,7 +98,7 @@ if (!TEST_ptr(buf = OPENSSL_hexstr2buf(test->in, &len)) || !TEST_mem_eq(buf, len, test->expected, test->expected_len) || !TEST_ptr(out = OPENSSL_buf2hexstr(buf, len))) - goto err; + goto err; if (test->sep == ':') { if (!TEST_str_eq(out, test->in)) goto err; @@ -119,15 +124,15 @@ struct testdata *test = &tbl_testdata[test_index]; return TEST_true(OPENSSL_hexstr2buf_ex(buf, sizeof(buf), &len, test->in, ':')) - && TEST_mem_eq(buf, len, test->expected, test->expected_len) - && TEST_false(OPENSSL_buf2hexstr_ex(out, 3 * len - 1, NULL, buf, len, - ':')) - && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, len, - ':')) - && TEST_str_eq(out, test->in) - && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, 0, - ':')) - && TEST_size_t_eq(strlen(out), 0); + && TEST_mem_eq(buf, len, test->expected, test->expected_len) + && TEST_false(OPENSSL_buf2hexstr_ex(out, 3 * len - 1, NULL, buf, len, + ':')) + && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, len, + ':')) + && TEST_str_eq(out, test->in) + && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, 0, + ':')) + && TEST_size_t_eq(strlen(out), 0); } int setup_tests(void) --- crypto/openssl/test/hmactest.c.orig +++ crypto/openssl/test/hmactest.c @@ -19,19 +19,19 @@ #include "internal/nelem.h" -# include -# include -# ifndef OPENSSL_NO_MD5 -# include -# endif +#include +#include +#ifndef OPENSSL_NO_MD5 +#include +#endif -# ifdef CHARSET_EBCDIC -# include -# endif +#ifdef CHARSET_EBCDIC +#include +#endif #include "testutil.h" -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 static struct test_st { const char key[16]; int key_len; @@ -40,69 +40,69 @@ const char *digest; } test[8] = { { - "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, + "", + 0, + "More text test vectors to stuff up EBCDIC machines :-)", + 54, "e9139d1e6ee064ef8cf514fc7dc83e86", }, { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", - 16, "Hi There", 8, + 16, + "Hi There", + 8, "9294727a3638bb1c13f48ef8158bfc9d", }, { - "Jefe", 4, "what do ya want for nothing?", 28, + "Jefe", + 4, + "what do ya want for nothing?", + 28, "750c783e6ab0b503eaa86e310a5db738", }, { "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", - 16, { - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 16, + { 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd - }, 50, "56be34521d144c88dbb8c733f0e8b3f6", - }, - { - "", 0, "My test data", 12, - "61afdecb95429ef494d61fdee15990cabf0826fc" - }, - { - "", 0, "My test data", 12, - "2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776" - }, - { - "123456", 6, "My test data", 12, - "bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd" + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd }, + 50, + "56be34521d144c88dbb8c733f0e8b3f6", }, - { - "12345", 5, "My test data again", 18, - "a12396ceddd2a85f4c656bc1e0aa50c78cffde3e" - } + { "", 0, "My test data", 12, + "61afdecb95429ef494d61fdee15990cabf0826fc" }, + { "", 0, "My test data", 12, + "2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776" }, + { "123456", 6, "My test data", 12, + "bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd" }, + { "12345", 5, "My test data again", 18, + "a12396ceddd2a85f4c656bc1e0aa50c78cffde3e" } }; -# endif +#endif static char *pt(unsigned char *md, unsigned int len); - -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 static int test_hmac_md5(int idx) { char *p; -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); ebcdic2ascii(test[1].data, test[1].data, test[1].data_len); ebcdic2ascii(test[2].key, test[2].key, test[2].key_len); ebcdic2ascii(test[2].data, test[2].data, test[2].data_len); -# endif +#endif p = pt(HMAC(EVP_md5(), - test[idx].key, test[idx].key_len, - test[idx].data, test[idx].data_len, NULL, NULL), - MD5_DIGEST_LENGTH); + test[idx].key, test[idx].key_len, + test[idx].data, test[idx].data_len, NULL, NULL), + MD5_DIGEST_LENGTH); return TEST_ptr(p) && TEST_str_eq(p, test[idx].digest); } -# endif +#endif static int test_hmac_bad(void) { @@ -200,21 +200,20 @@ return ret; } - static int test_hmac_single_shot(void) { char *p; /* Test single-shot with NULL key. */ p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len, - NULL, NULL), SHA_DIGEST_LENGTH); + NULL, NULL), + SHA_DIGEST_LENGTH); if (!TEST_ptr(p) || !TEST_str_eq(p, test[4].digest)) return 0; return 1; } - static int test_hmac_copy(void) { char *p; @@ -247,19 +246,19 @@ static int test_hmac_copy_uninited(void) { - const unsigned char key[24] = {0}; - const unsigned char ct[166] = {0}; + const unsigned char key[24] = { 0 }; + const unsigned char ct[166] = { 0 }; EVP_PKEY *pkey = NULL; EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *ctx_tmp = NULL; int res = 0; if (!TEST_ptr(ctx = EVP_MD_CTX_new()) - || !TEST_ptr(pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, - key, sizeof(key))) - || !TEST_true(EVP_DigestSignInit(ctx, NULL, EVP_sha1(), NULL, pkey)) - || !TEST_ptr(ctx_tmp = EVP_MD_CTX_new()) - || !TEST_true(EVP_MD_CTX_copy(ctx_tmp, ctx))) + || !TEST_ptr(pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + key, sizeof(key))) + || !TEST_true(EVP_DigestSignInit(ctx, NULL, EVP_sha1(), NULL, pkey)) + || !TEST_ptr(ctx_tmp = EVP_MD_CTX_new()) + || !TEST_true(EVP_MD_CTX_copy(ctx_tmp, ctx))) goto err; EVP_MD_CTX_free(ctx); ctx = ctx_tmp; @@ -268,7 +267,7 @@ if (!TEST_true(EVP_DigestSignUpdate(ctx, ct, sizeof(ct)))) goto err; res = 1; - err: +err: EVP_MD_CTX_free(ctx); EVP_MD_CTX_free(ctx_tmp); EVP_PKEY_free(pkey); @@ -276,7 +275,7 @@ } #ifndef OPENSSL_NO_MD5 -# define OSSL_HEX_CHARS_PER_BYTE 2 +#define OSSL_HEX_CHARS_PER_BYTE 2 static char *pt(unsigned char *md, unsigned int len) { unsigned int i; @@ -286,7 +285,7 @@ return NULL; for (i = 0; i < len && (i + 1) * OSSL_HEX_CHARS_PER_BYTE < sizeof(buf); i++) BIO_snprintf(buf + i * OSSL_HEX_CHARS_PER_BYTE, - OSSL_HEX_CHARS_PER_BYTE + 1, "%02x", md[i]); + OSSL_HEX_CHARS_PER_BYTE + 1, "%02x", md[i]); return buf; } #endif @@ -301,4 +300,3 @@ ADD_TEST(test_hmac_copy_uninited); return 1; } - --- crypto/openssl/test/http_test.c.orig +++ crypto/openssl/test/http_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -32,7 +32,7 @@ * Respond with HTTP version 1.'version' and 'keep_alive' (unless implicit). */ static int mock_http_server(BIO *in, BIO *out, char version, int keep_alive, - ASN1_VALUE *rsp, const ASN1_ITEM *it) + ASN1_VALUE *rsp, const ASN1_ITEM *it) { const char *req, *path; long count = BIO_get_mem_data(in, (unsigned char **)&req); @@ -69,20 +69,24 @@ if (!is_get) return 0; return BIO_printf(out, "HTTP/1.%c 301 Moved Permanently\r\n" - "Location: %s\r\n\r\n", - version, RPATH) > 0; /* same server */ + "Location: %s\r\n\r\n", + version, RPATH) + > 0; /* same server */ } if (BIO_printf(out, "HTTP/1.%c 200 OK\r\n", version) <= 0) return 0; if ((version == '0') == keep_alive) /* otherwise, default */ if (BIO_printf(out, "Connection: %s\r\n", - version == '0' ? "keep-alive" : "close") <= 0) + version == '0' ? "keep-alive" : "close") + <= 0) return 0; if (is_get) { /* construct new header and body */ if ((len = ASN1_item_i2d(rsp, NULL, it)) <= 0) return 0; if (BIO_printf(out, "Content-Type: application/x-x509-ca-cert\r\n" - "Content-Length: %d\r\n\r\n", len) <= 0) + "Content-Length: %d\r\n\r\n", + len) + <= 0) return 0; return ASN1_item_i2d_bio(it, out, rsp); } else { @@ -100,13 +104,13 @@ } static long http_bio_cb_ex(BIO *bio, int oper, const char *argp, size_t len, - int cmd, long argl, int ret, size_t *processed) + int cmd, long argl, int ret, size_t *processed) { server_args *args = (server_args *)BIO_get_callback_arg(bio); if (oper == (BIO_CB_CTRL | BIO_CB_RETURN) && cmd == BIO_CTRL_FLUSH) ret = mock_http_server(bio, args->out, args->version, args->keep_alive, - (ASN1_VALUE *)x509, x509_it); + (ASN1_VALUE *)x509, x509_it); return ret; } @@ -127,25 +131,24 @@ BIO_set_callback_ex(wbio, http_bio_cb_ex); BIO_set_callback_arg(wbio, (char *)&mock_args); - rsp = do_get ? - OSSL_HTTP_get("/will-be-redirected", - NULL /* proxy */, NULL /* no_proxy */, - wbio, rbio, NULL /* bio_update_fn */, NULL /* arg */, - 0 /* buf_size */, headers, content_type, - 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */) - : OSSL_HTTP_transfer(NULL, NULL /* host */, NULL /* port */, RPATH, - 0 /* use_ssl */,NULL /* proxy */, NULL /* no_pr */, - wbio, rbio, NULL /* bio_fn */, NULL /* arg */, - 0 /* buf_size */, headers, content_type, - req, content_type, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */, - 0 /* keep_alive */); + rsp = do_get ? OSSL_HTTP_get("/will-be-redirected", + NULL /* proxy */, NULL /* no_proxy */, + wbio, rbio, NULL /* bio_update_fn */, NULL /* arg */, + 0 /* buf_size */, headers, content_type, + 1 /* expect_asn1 */, + OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */) + : OSSL_HTTP_transfer(NULL, NULL /* host */, NULL /* port */, RPATH, + 0 /* use_ssl */, NULL /* proxy */, NULL /* no_pr */, + wbio, rbio, NULL /* bio_fn */, NULL /* arg */, + 0 /* buf_size */, headers, content_type, + req, content_type, 1 /* expect_asn1 */, + OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */, + 0 /* keep_alive */); rcert = d2i_X509_bio(rsp, NULL); BIO_free(rsp); res = TEST_ptr(rcert) && TEST_int_eq(X509_cmp(x509, rcert), 0); - err: +err: X509_free(rcert); BIO_free(req); BIO_free(wbio); @@ -174,14 +177,14 @@ for (res = 1, i = 1; res && i <= 2; i++) { rsp = OSSL_HTTP_transfer(&rctx, NULL /* server */, NULL /* port */, - RPATH, 0 /* use_ssl */, - NULL /* proxy */, NULL /* no_proxy */, - wbio, rbio, NULL /* bio_update_fn */, NULL, - 0 /* buf_size */, NULL /* headers */, - NULL /* content_type */, NULL /* req => GET */, - content_type, 0 /* ASN.1 not expected */, - 0 /* max_resp_len */, 0 /* timeout */, - keep_alive); + RPATH, 0 /* use_ssl */, + NULL /* proxy */, NULL /* no_proxy */, + wbio, rbio, NULL /* bio_update_fn */, NULL, + 0 /* buf_size */, NULL /* headers */, + NULL /* content_type */, NULL /* req => GET */, + content_type, 0 /* ASN.1 not expected */, + 0 /* max_resp_len */, 0 /* timeout */, + keep_alive); if (keep_alive == 2 && kept_alive == 0) res = res && TEST_ptr_null(rsp) && TEST_int_eq(OSSL_HTTP_is_alive(rctx), 0); @@ -194,14 +197,14 @@ } OSSL_HTTP_close(rctx, res); - err: +err: BIO_free(wbio); BIO_free(rbio); return res; } static int test_http_url_ok(const char *url, int exp_ssl, const char *exp_host, - const char *exp_port, const char *exp_path) + const char *exp_port, const char *exp_path) { char *user, *host, *port, *path, *query, *frag; int exp_num, num, ssl; @@ -210,7 +213,7 @@ if (!TEST_int_eq(sscanf(exp_port, "%d", &exp_num), 1)) return 0; res = TEST_true(OSSL_HTTP_parse_url(url, &ssl, &user, &host, &port, &num, - &path, &query, &frag)) + &path, &query, &frag)) && TEST_str_eq(host, exp_host) && TEST_str_eq(port, exp_port) && TEST_int_eq(num, exp_num) @@ -237,7 +240,7 @@ int res; res = TEST_true(OSSL_HTTP_parse_url(url, NULL, NULL, &host, NULL, NULL, - &path, NULL, NULL)) + &path, NULL, NULL)) && TEST_str_eq(host, "host") && TEST_str_eq(path, exp_path_qu); OPENSSL_free(host); @@ -245,6 +248,18 @@ return res; } +static int test_http_url_host_ok(const char *url, const char *exp_host) +{ + char *host; + int res; + + res = TEST_true(OSSL_HTTP_parse_url(url, NULL, NULL, &host, NULL, NULL, + NULL, NULL, NULL)) + && TEST_str_eq(host, exp_host); + OPENSSL_free(host); + return res; +} + static int test_http_url_dns(void) { return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path"); @@ -262,6 +277,13 @@ return test_http_url_ok("user:pass@host/p?q#fr", 0, "host", "80", "/p"); } +static int test_http_url_at_sign_outside_authority(void) +{ + return test_http_url_host_ok("http://host/p@attacker.test", "host") + && test_http_url_host_ok("http://host/p?q=@attacker.test", "host") + && test_http_url_host_ok("http://host/p?q#fr@attacker.test", "host"); +} + static int test_http_url_ipv4(void) { return test_http_url_ok("https://1.2.3.4/p/q", 1, "1.2.3.4", "443", "/p/q"); @@ -279,7 +301,7 @@ int res; res = TEST_false(OSSL_HTTP_parse_url(url, &ssl, NULL, &host, &port, &num, - &path, NULL, NULL)) + &path, NULL, NULL)) && TEST_ptr_null(host) && TEST_ptr_null(port) && TEST_ptr_null(path); @@ -299,7 +321,7 @@ static int test_http_url_invalid_port(void) { return test_http_url_invalid("https://1.2.3.4:65536/pkix") - && test_http_url_invalid("https://1.2.3.4:"); + && test_http_url_invalid("https://1.2.3.4:"); } static int test_http_url_invalid_path(void) @@ -376,6 +398,7 @@ ADD_TEST(test_http_url_dns); ADD_TEST(test_http_url_path_query); ADD_TEST(test_http_url_userinfo_query_fragment); + ADD_TEST(test_http_url_at_sign_outside_authority); ADD_TEST(test_http_url_ipv4); ADD_TEST(test_http_url_ipv6); ADD_TEST(test_http_url_invalid_prefix); --- crypto/openssl/test/ideatest.c.orig +++ crypto/openssl/test/ideatest.c @@ -20,14 +20,14 @@ #include "testutil.h" #ifndef OPENSSL_NO_IDEA -# include +#include static const unsigned char k[16] = { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 }; -static const unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 }; +static const unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 }; static const unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 }; static unsigned char out[80]; @@ -35,13 +35,26 @@ static const unsigned char text[] = "Hello to all people out there"; static const unsigned char cfb_key[16] = { - 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96, - 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e, + 0xe1, + 0xf0, + 0xc3, + 0xd2, + 0xa5, + 0xb4, + 0x87, + 0x96, + 0x69, + 0x78, + 0x4b, + 0x5a, + 0x2d, + 0x3c, + 0x0f, + 0x1e, }; -static const unsigned char cfb_iv[80] = - { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd }; +static const unsigned char cfb_iv[80] = { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd }; static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; -# define CFB_TEST_SIZE 24 +#define CFB_TEST_SIZE 24 static const unsigned char plain[CFB_TEST_SIZE] = { 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, @@ -53,9 +66,9 @@ 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ + /*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; static int test_idea_ecb(void) @@ -98,19 +111,19 @@ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_tmp)); n = 0; IDEA_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks, - cfb_tmp, &n, IDEA_ENCRYPT); + cfb_tmp, &n, IDEA_ENCRYPT); IDEA_cfb64_encrypt(&plain[12], &cfb_buf1[12], - (long)CFB_TEST_SIZE - 12, &eks, - cfb_tmp, &n, IDEA_ENCRYPT); + (long)CFB_TEST_SIZE - 12, &eks, + cfb_tmp, &n, IDEA_ENCRYPT); if (!TEST_mem_eq(cfb_cipher64, CFB_TEST_SIZE, cfb_buf1, CFB_TEST_SIZE)) return 0; memcpy(cfb_tmp, cfb_iv, sizeof(cfb_tmp)); n = 0; IDEA_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)13, &eks, - cfb_tmp, &n, IDEA_DECRYPT); + cfb_tmp, &n, IDEA_DECRYPT); IDEA_cfb64_encrypt(&cfb_buf1[13], &cfb_buf2[13], - (long)CFB_TEST_SIZE - 13, &eks, - cfb_tmp, &n, IDEA_DECRYPT); + (long)CFB_TEST_SIZE - 13, &eks, + cfb_tmp, &n, IDEA_DECRYPT); return TEST_mem_eq(plain, CFB_TEST_SIZE, cfb_buf2, CFB_TEST_SIZE); } #endif --- crypto/openssl/test/igetest.c.orig +++ crypto/openssl/test/igetest.c @@ -20,19 +20,19 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 -# define TEST_SIZE 128 -# define BIG_TEST_SIZE 10240 +#define TEST_SIZE 128 +#define BIG_TEST_SIZE 10240 -# if BIG_TEST_SIZE < TEST_SIZE -# error BIG_TEST_SIZE is smaller than TEST_SIZE -# endif +#if BIG_TEST_SIZE < TEST_SIZE +#error BIG_TEST_SIZE is smaller than TEST_SIZE +#endif static unsigned char rkey[16]; static unsigned char rkey2[16]; static unsigned char plaintext[BIG_TEST_SIZE]; static unsigned char saved_iv[AES_BLOCK_SIZE * 4]; -# define MAX_VECTOR_SIZE 64 +#define MAX_VECTOR_SIZE 64 struct ige_test { const unsigned char key[16]; @@ -44,37 +44,37 @@ }; static struct ige_test const ige_test_vectors[] = { - {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */ - {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52, - 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45, - 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3, - 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */ - 32, AES_ENCRYPT}, /* test vector 0 */ - - {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */ - {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45, - 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f, - 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */ - {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73, - 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65, - 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74, - 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */ - {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13, - 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a, - 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34, - 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */ - 32, AES_DECRYPT}, /* test vector 1 */ + { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */ + { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52, + 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45, + 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3, + 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */ + 32, AES_ENCRYPT }, /* test vector 0 */ + + { { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */ + { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45, + 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */ + { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73, + 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65, + 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74, + 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */ + { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13, + 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a, + 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34, + 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */ + 32, AES_DECRYPT }, /* test vector 1 */ }; struct bi_ige_test { @@ -89,60 +89,60 @@ }; static struct bi_ige_test const bi_ige_test_vectors[] = { - {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */ - {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */ - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */ - {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56, - 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc, - 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16, - 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */ - 16, 32, AES_ENCRYPT}, /* test vector 0 */ - {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c, - 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a, - 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75, - 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */ - {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13, - 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74, - 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21, - 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */ - {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9, - 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70, - 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42, - 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67, - 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a, - 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20, - 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd, - 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */ - {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c, - 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0, - 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f, - 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b, - 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52, - 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a, - 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c, - 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */ - {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23, - 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79, - 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf, - 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92, - 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51, - 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67, - 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76, - 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */ - 32, 64, AES_ENCRYPT}, /* test vector 1 */ + { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */ + { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */ + { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56, + 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc, + 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16, + 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */ + 16, 32, AES_ENCRYPT }, /* test vector 0 */ + { { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c, + 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a, + 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75, + 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */ + { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13, + 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74, + 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21, + 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */ + { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9, + 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70, + 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42, + 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67, + 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a, + 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20, + 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd, + 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */ + { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c, + 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0, + 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f, + 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b, + 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52, + 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a, + 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c, + 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b }, /* in */ + { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23, + 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79, + 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf, + 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92, + 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51, + 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67, + 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76, + 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c }, /* out */ + 32, 64, AES_ENCRYPT }, /* test vector 1 */ }; @@ -195,8 +195,8 @@ AES_KEY key2; unsigned char buf[MAX_VECTOR_SIZE]; - if (!TEST_int_le(v->length, MAX_VECTOR_SIZE)) - return 0; + if (!TEST_int_le(v->length, MAX_VECTOR_SIZE)) + return 0; if (v->encrypt == AES_ENCRYPT) { AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1); @@ -207,7 +207,7 @@ } AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv, - v->encrypt); + v->encrypt); if (!TEST_mem_eq(v->out, v->length, buf, v->length)) { test_output_memory("key 1", v->key1, sizeof(v->key1)); @@ -248,10 +248,10 @@ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, - AES_ENCRYPT); + AES_ENCRYPT); AES_ige_encrypt(plaintext + TEST_SIZE / 2, - ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, - &key, iv, AES_ENCRYPT); + ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, + &key, iv, AES_ENCRYPT); AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); @@ -270,18 +270,18 @@ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, - AES_ENCRYPT); + AES_ENCRYPT); AES_ige_encrypt(plaintext + TEST_SIZE / 2, - ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, - &key, iv, AES_ENCRYPT); + ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, + &key, iv, AES_ENCRYPT); AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv, - AES_DECRYPT); + AES_DECRYPT); AES_ige_encrypt(ciphertext + TEST_SIZE / 2, - checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv, - AES_DECRYPT); + checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv, + AES_DECRYPT); return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE); } @@ -300,14 +300,14 @@ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, - AES_ENCRYPT); + AES_ENCRYPT); /* corrupt halfway through */ ++ciphertext[sizeof(ciphertext) / 2]; AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, - AES_DECRYPT); + AES_DECRYPT); matches = 0; for (n = 0; n < sizeof(checktext); ++n) @@ -335,12 +335,12 @@ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv, - AES_ENCRYPT); + AES_ENCRYPT); AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv, - AES_DECRYPT); + AES_DECRYPT); return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE); } @@ -358,14 +358,14 @@ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, - AES_ENCRYPT); + AES_ENCRYPT); /* corrupt halfway through */ ++ciphertext[sizeof(ciphertext) / 2]; AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, - AES_DECRYPT); + AES_DECRYPT); matches = 0; for (n = 0; n < sizeof(checktext); ++n) @@ -389,14 +389,14 @@ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, - AES_ENCRYPT); + AES_ENCRYPT); /* corrupt right at the end */ ++ciphertext[sizeof(ciphertext) - 1]; AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, - AES_DECRYPT); + AES_DECRYPT); matches = 0; for (n = 0; n < sizeof(checktext); ++n) @@ -420,14 +420,14 @@ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, - AES_ENCRYPT); + AES_ENCRYPT); /* corrupt right at the start */ ++ciphertext[0]; AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, - AES_DECRYPT); + AES_DECRYPT); matches = 0; for (n = 0; n < sizeof(checktext); ++n) --- crypto/openssl/test/keymgmt_internal_test.c.orig +++ crypto/openssl/test/keymgmt_internal_test.c @@ -24,7 +24,7 @@ #include #include "internal/core.h" #include "internal/nelem.h" -#include "crypto/evp.h" /* For the internal API */ +#include "crypto/evp.h" /* For the internal API */ #include "testutil.h" typedef struct { @@ -55,10 +55,10 @@ if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))) || !TEST_ptr(fixture->ctx1 = OSSL_LIB_CTX_new()) || !TEST_ptr(fixture->prov1 = OSSL_PROVIDER_load(fixture->ctx1, - "default")) + "default")) || !TEST_ptr(fixture->ctx2 = OSSL_LIB_CTX_new()) || !TEST_ptr(fixture->prov2 = OSSL_PROVIDER_load(fixture->ctx2, - "default"))) { + "default"))) { tear_down(fixture); return NULL; } @@ -66,17 +66,17 @@ } /* Array indexes */ -#define N 0 -#define E 1 -#define D 2 -#define P 3 -#define Q 4 -#define F3 5 /* Extra factor */ -#define DP 6 -#define DQ 7 -#define E3 8 /* Extra exponent */ -#define QINV 9 -#define C2 10 /* Extra coefficient */ +#define N 0 +#define E 1 +#define D 2 +#define P 3 +#define Q 4 +#define F3 5 /* Extra factor */ +#define DP 6 +#define DQ 7 +#define E3 8 /* Extra exponent */ +#define QINV 9 +#define C2 10 /* Extra coefficient */ /* * We have to do this because OSSL_PARAM_get_ulong() can't handle params @@ -89,7 +89,7 @@ static int get_ulong_via_BN(const OSSL_PARAM *p, unsigned long *goal) { BIGNUM *n = NULL; - int ret = 1; /* Ever so hopeful */ + int ret = 1; /* Ever so hopeful */ if (!TEST_true(OSSL_PARAM_get_BN(p, &n)) || !TEST_int_ge(BN_bn2nativepad(n, (unsigned char *)goal, sizeof(*goal)), 0)) @@ -159,20 +159,22 @@ * openssl genrsa 32 | openssl rsa -text */ static BN_ULONG expected[] = { - 0xbc747fc5, /* N */ - 0x10001, /* E */ - 0x7b133399, /* D */ - 0xe963, /* P */ - 0xceb7, /* Q */ - 1, /* F3 */ - 0x8599, /* DP */ - 0xbd87, /* DQ */ - 2, /* E3 */ - 0xcc3b, /* QINV */ - 3, /* C3 */ - 0 /* Extra, should remain zero */ + 0xbc747fc5, /* N */ + 0x10001, /* E */ + 0x7b133399, /* D */ + 0xe963, /* P */ + 0xceb7, /* Q */ + 1, /* F3 */ + 0x8599, /* DP */ + 0xbd87, /* DQ */ + 2, /* E3 */ + 0xcc3b, /* QINV */ + 3, /* C3 */ + 0 /* Extra, should remain zero */ + }; + static unsigned long keydata[OSSL_NELEM(expected)] = { + 0, }; - static unsigned long keydata[OSSL_NELEM(expected)] = { 0, }; if (!TEST_ptr(rsa = RSA_new())) goto err; @@ -210,7 +212,7 @@ || !TEST_ptr(bn_coeffs[0] = BN_new()) || !TEST_true(BN_set_word(bn_coeffs[0], expected[C2])) || !TEST_true(RSA_set0_multi_prime_params(rsa, bn_primes, bn_exps, - bn_coeffs, 1))) + bn_coeffs, 1))) goto err; if (!TEST_ptr(pk = EVP_PKEY_new()) @@ -229,15 +231,15 @@ km = km3; /* Check that we can't export an RSA key into an RSA-PSS keymanager */ if (!TEST_ptr_null(provkey2 = evp_pkey_export_to_provider(pk, NULL, - &km, - NULL))) + &km, + NULL))) goto err; if (!TEST_ptr(provkey = evp_pkey_export_to_provider(pk, NULL, &km1, - NULL)) + NULL)) || !TEST_true(evp_keymgmt_export(km2, provkey, - OSSL_KEYMGMT_SELECT_KEYPAIR, - &export_cb, keydata))) + OSSL_KEYMGMT_SELECT_KEYPAIR, + &export_cb, keydata))) goto err; /* @@ -269,7 +271,7 @@ goto err; } - err: +err: RSA_free(rsa); BN_free(bn1); BN_free(bn2); @@ -306,7 +308,7 @@ int ret = 0; if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()) - || !TEST_ptr(prov = OSSL_PROVIDER_load(libctx, "default"))) + || !TEST_ptr(prov = OSSL_PROVIDER_load(libctx, "default"))) goto end; if ((bio = BIO_new_file(cert_filename, "r")) == NULL) { @@ -317,7 +319,7 @@ if ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) { TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n", - cert_filename); + cert_filename); TEST_openssl_errors(); goto end; } @@ -327,22 +329,22 @@ if (n == 0) { if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL, - NULL, NULL))) + NULL, NULL))) goto end; } else if (n == 1) { if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL, - &keymgmt, NULL))) + &keymgmt, NULL))) goto end; } else { keymgmt = EVP_KEYMGMT_fetch(libctx, "RSA", NULL); if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL, - &keymgmt, NULL))) + &keymgmt, NULL))) goto end; } ret = 1; - end: +end: BIO_free(bio); X509_free(cert); EVP_KEYMGMT_free(keymgmt); --- crypto/openssl/test/lhash_test.c.orig +++ crypto/openssl/test/lhash_test.c @@ -30,14 +30,14 @@ DEFINE_LHASH_OF(int); static int int_tests[] = { 65537, 13, 1, 3, -5, 6, 7, 4, -10, -12, -14, 22, 9, - -17, 16, 17, -23, 35, 37, 173, 11 }; + -17, 16, 17, -23, 35, 37, 173, 11 }; static const unsigned int n_int_tests = OSSL_NELEM(int_tests); static short int_found[OSSL_NELEM(int_tests)]; static short int_not_found; static unsigned long int int_hash(const int *p) { - return 3 & *p; /* To force collisions */ + return 3 & *p; /* To force collisions */ } static int int_cmp(const int *p, const int *q) @@ -83,12 +83,12 @@ int data; int null; } dels[] = { - { 65537, 0 }, - { 173, 0 }, - { 999, 1 }, - { 37, 0 }, - { 1, 0 }, - { 34, 1 } + { 65537, 0 }, + { 173, 0 }, + { 999, 1 }, + { 37, 0 }, + { 1, 0 }, + { 34, 1 } }; const unsigned int n_dels = OSSL_NELEM(dels); LHASH_OF(int) *h = lh_int_new(&int_hash, &int_cmp); @@ -164,7 +164,7 @@ /* delete */ for (i = 0; i < n_dels; i++) { const int b = lh_int_delete(h, &dels[i].data) == NULL; - if (!TEST_int_eq(b ^ dels[i].null, 0)) { + if (!TEST_int_eq(b ^ dels[i].null, 0)) { TEST_info("lhash int delete %d", i); goto end; } @@ -208,7 +208,7 @@ /* num_items */ if (!TEST_int_eq(lh_int_num_items(h), n)) - goto end; + goto end; TEST_info("hash full statistics:"); OPENSSL_LH_stats_bio((OPENSSL_LHASH *)h, bio_err); --- crypto/openssl/test/localetest.c.orig +++ crypto/openssl/test/localetest.c @@ -16,81 +16,81 @@ #include "testutil/output.h" #ifndef OPENSSL_NO_LOCALE -# include -# ifdef OPENSSL_SYS_MACOSX -# include -# endif +#include +#ifdef OPENSSL_SYS_MACOSX +#include +#endif int setup_tests(void) { - const unsigned char der_bytes[] = { - 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x01, 0xf1, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x08, 0xe0, 0x8c, 0xd3, 0xf3, 0xbf, 0x2c, 0xf2, 0x0d, - 0x0a, 0x75, 0xd1, 0xe8, 0xea, 0xbe, 0x70, 0x61, 0xd9, 0x67, 0xf9, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, - 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x34, - 0x31, 0x39, 0x35, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x31, - 0x31, 0x31, 0x34, 0x31, 0x39, 0x35, 0x37, 0x5a, 0x30, 0x14, 0x31, 0x12, - 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xc3, 0x1f, 0x5c, 0x56, 0x46, 0x8d, 0x69, 0xb6, 0x48, - 0x3c, 0xbf, 0xe2, 0x0f, 0xa7, 0x4a, 0x44, 0x72, 0x74, 0x36, 0xfe, 0xe8, - 0x2f, 0x10, 0x4a, 0xe9, 0x46, 0x45, 0x72, 0x5e, 0x48, 0xdd, 0x75, 0xab, - 0xd9, 0x63, 0x91, 0x37, 0x93, 0x46, 0x28, 0x7e, 0x45, 0x94, 0x4b, 0x8a, - 0xd5, 0x05, 0x2b, 0x9a, 0x01, 0x96, 0x30, 0xde, 0xcc, 0x14, 0x2d, 0x06, - 0x09, 0x1b, 0x7d, 0x50, 0x14, 0x99, 0x36, 0x6b, 0x97, 0x6e, 0xc9, 0xb1, - 0x69, 0x70, 0xcd, 0x9b, 0x74, 0x24, 0x9a, 0xe2, 0xd4, 0xc0, 0x1e, 0xbc, - 0xec, 0xf6, 0x7a, 0xbb, 0xa0, 0x53, 0x93, 0xf8, 0x68, 0x9a, 0x18, 0xa1, - 0xa1, 0x5c, 0x47, 0x93, 0xd1, 0x4c, 0x36, 0x8c, 0x00, 0xb3, 0x66, 0xda, - 0xf1, 0x05, 0xb2, 0x3a, 0xad, 0x7e, 0x4b, 0xf3, 0xd3, 0x93, 0xfa, 0x59, - 0x09, 0x9c, 0x60, 0x37, 0x69, 0x61, 0xe8, 0x5a, 0x33, 0xc6, 0xb2, 0x1a, - 0xba, 0x36, 0xe2, 0xb3, 0x58, 0xe9, 0x73, 0x01, 0x2d, 0x36, 0x48, 0x36, - 0x94, 0xe4, 0xb2, 0xa4, 0x5b, 0xdf, 0x3d, 0x5f, 0x62, 0x9f, 0xd9, 0xf3, - 0x24, 0x0c, 0xf0, 0x2f, 0x71, 0x44, 0x79, 0x13, 0x70, 0x95, 0xa7, 0xbe, - 0xea, 0x0a, 0x08, 0x0a, 0xa6, 0x4b, 0xe9, 0x58, 0x6b, 0xa4, 0xc2, 0xed, - 0x74, 0x1e, 0xb0, 0x3b, 0x59, 0xd5, 0xe6, 0xdb, 0x8f, 0x58, 0x6a, 0xa3, - 0x7d, 0x52, 0x40, 0xec, 0x72, 0xb7, 0xba, 0x7e, 0x30, 0x9d, 0x12, 0x57, - 0xf2, 0x48, 0xae, 0x80, 0x0d, 0x0a, 0xf4, 0xfd, 0x24, 0xed, 0xd8, 0x05, - 0xb2, 0x96, 0x44, 0x02, 0x3e, 0x6e, 0x25, 0xb0, 0xc4, 0x93, 0xda, 0xfe, - 0x78, 0xd9, 0xbb, 0xd2, 0x71, 0x69, 0x70, 0x7f, 0xba, 0xf7, 0xb0, 0x4f, - 0x14, 0xf7, 0x98, 0x71, 0x01, 0x6c, 0xec, 0x6f, 0x76, 0x03, 0x59, 0xff, - 0xe2, 0xba, 0x8d, 0xd9, 0x21, 0x08, 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01, - 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, - 0x16, 0x04, 0x14, 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, - 0x80, 0x87, 0x0f, 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, - 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, 0x80, 0x87, 0x0f, - 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, 0x0f, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, - 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x76, 0x9e, - 0x3c, 0xfc, 0x3f, 0x58, 0xe8, 0xf2, 0x1f, 0x2e, 0x11, 0xa2, 0x59, 0xfa, - 0x27, 0xb5, 0xec, 0x9d, 0x97, 0x05, 0x06, 0x2c, 0x95, 0xa5, 0x28, 0x88, - 0x86, 0xeb, 0x4e, 0x8a, 0x62, 0xe9, 0x87, 0x78, 0xd8, 0x18, 0x22, 0x4e, - 0xb1, 0x8d, 0x46, 0x4a, 0x4c, 0x6e, 0x7c, 0x53, 0x62, 0x2c, 0xf2, 0x7a, - 0x95, 0xa0, 0x1a, 0x30, 0x18, 0x6a, 0x31, 0x6f, 0x3f, 0x55, 0x25, 0x9f, - 0x67, 0x60, 0x68, 0x99, 0x0f, 0x41, 0x09, 0xc8, 0xe2, 0x04, 0x33, 0x22, - 0x1a, 0xe9, 0xf3, 0xae, 0xce, 0xb6, 0x83, 0x64, 0x78, 0x66, 0x14, 0xc9, - 0x54, 0xc8, 0x34, 0x70, 0x96, 0xaf, 0x16, 0xcd, 0xb8, 0xdf, 0x81, 0x7e, - 0xf0, 0xa6, 0x7d, 0xc1, 0x13, 0xb2, 0x76, 0x3a, 0xd5, 0x7e, 0x68, 0x8c, - 0xd5, 0x00, 0x70, 0x82, 0x23, 0x7e, 0x5e, 0xc9, 0x31, 0x2f, 0x33, 0x54, - 0xaa, 0xaf, 0xcd, 0xe9, 0x38, 0x9a, 0x23, 0x53, 0xad, 0x4e, 0x72, 0xa7, - 0x6f, 0x47, 0x60, 0xc9, 0xd3, 0x06, 0x9b, 0x7a, 0x21, 0xc6, 0xe9, 0xdb, - 0x3c, 0xaa, 0xc0, 0x21, 0x29, 0x5f, 0x44, 0x6a, 0x45, 0x90, 0x73, 0x5e, - 0x6d, 0x78, 0x82, 0xcb, 0x42, 0xe6, 0xba, 0x67, 0xb2, 0xe6, 0xa2, 0x15, - 0x04, 0xea, 0x69, 0xae, 0x3e, 0xc0, 0x0c, 0x10, 0x99, 0xec, 0xa9, 0xb0, - 0x7e, 0xe8, 0x94, 0xe2, 0xf3, 0xaf, 0xf7, 0x9f, 0x65, 0xe7, 0xd7, 0xe2, - 0x49, 0xfa, 0x52, 0x7d, 0xb5, 0xfd, 0xa0, 0xa5, 0xe0, 0x49, 0xa7, 0x3d, - 0x94, 0x20, 0x2d, 0xec, 0x8c, 0x22, 0xa5, 0xa4, 0x43, 0xfa, 0x7e, 0xd0, - 0x50, 0x21, 0xb8, 0x67, 0x18, 0x44, 0x69, 0x8f, 0xdd, 0x47, 0x41, 0xc6, - 0x35, 0xe0, 0xe9, 0x2e, 0x41, 0xa9, 0x6f, 0x41, 0xee, 0xb9, 0xbd, 0x45, - 0xf3, 0x88, 0xc1, 0x23, 0x35, 0x96, 0xba, 0xf8, 0xcd, 0x4b, 0x83, 0x73, - 0x5f -}; + const unsigned char der_bytes[] = { + 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x01, 0xf1, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x08, 0xe0, 0x8c, 0xd3, 0xf3, 0xbf, 0x2c, 0xf2, 0x0d, + 0x0a, 0x75, 0xd1, 0xe8, 0xea, 0xbe, 0x70, 0x61, 0xd9, 0x67, 0xf9, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x34, + 0x31, 0x39, 0x35, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x31, + 0x31, 0x31, 0x34, 0x31, 0x39, 0x35, 0x37, 0x5a, 0x30, 0x14, 0x31, 0x12, + 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xc3, 0x1f, 0x5c, 0x56, 0x46, 0x8d, 0x69, 0xb6, 0x48, + 0x3c, 0xbf, 0xe2, 0x0f, 0xa7, 0x4a, 0x44, 0x72, 0x74, 0x36, 0xfe, 0xe8, + 0x2f, 0x10, 0x4a, 0xe9, 0x46, 0x45, 0x72, 0x5e, 0x48, 0xdd, 0x75, 0xab, + 0xd9, 0x63, 0x91, 0x37, 0x93, 0x46, 0x28, 0x7e, 0x45, 0x94, 0x4b, 0x8a, + 0xd5, 0x05, 0x2b, 0x9a, 0x01, 0x96, 0x30, 0xde, 0xcc, 0x14, 0x2d, 0x06, + 0x09, 0x1b, 0x7d, 0x50, 0x14, 0x99, 0x36, 0x6b, 0x97, 0x6e, 0xc9, 0xb1, + 0x69, 0x70, 0xcd, 0x9b, 0x74, 0x24, 0x9a, 0xe2, 0xd4, 0xc0, 0x1e, 0xbc, + 0xec, 0xf6, 0x7a, 0xbb, 0xa0, 0x53, 0x93, 0xf8, 0x68, 0x9a, 0x18, 0xa1, + 0xa1, 0x5c, 0x47, 0x93, 0xd1, 0x4c, 0x36, 0x8c, 0x00, 0xb3, 0x66, 0xda, + 0xf1, 0x05, 0xb2, 0x3a, 0xad, 0x7e, 0x4b, 0xf3, 0xd3, 0x93, 0xfa, 0x59, + 0x09, 0x9c, 0x60, 0x37, 0x69, 0x61, 0xe8, 0x5a, 0x33, 0xc6, 0xb2, 0x1a, + 0xba, 0x36, 0xe2, 0xb3, 0x58, 0xe9, 0x73, 0x01, 0x2d, 0x36, 0x48, 0x36, + 0x94, 0xe4, 0xb2, 0xa4, 0x5b, 0xdf, 0x3d, 0x5f, 0x62, 0x9f, 0xd9, 0xf3, + 0x24, 0x0c, 0xf0, 0x2f, 0x71, 0x44, 0x79, 0x13, 0x70, 0x95, 0xa7, 0xbe, + 0xea, 0x0a, 0x08, 0x0a, 0xa6, 0x4b, 0xe9, 0x58, 0x6b, 0xa4, 0xc2, 0xed, + 0x74, 0x1e, 0xb0, 0x3b, 0x59, 0xd5, 0xe6, 0xdb, 0x8f, 0x58, 0x6a, 0xa3, + 0x7d, 0x52, 0x40, 0xec, 0x72, 0xb7, 0xba, 0x7e, 0x30, 0x9d, 0x12, 0x57, + 0xf2, 0x48, 0xae, 0x80, 0x0d, 0x0a, 0xf4, 0xfd, 0x24, 0xed, 0xd8, 0x05, + 0xb2, 0x96, 0x44, 0x02, 0x3e, 0x6e, 0x25, 0xb0, 0xc4, 0x93, 0xda, 0xfe, + 0x78, 0xd9, 0xbb, 0xd2, 0x71, 0x69, 0x70, 0x7f, 0xba, 0xf7, 0xb0, 0x4f, + 0x14, 0xf7, 0x98, 0x71, 0x01, 0x6c, 0xec, 0x6f, 0x76, 0x03, 0x59, 0xff, + 0xe2, 0xba, 0x8d, 0xd9, 0x21, 0x08, 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01, + 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, + 0x80, 0x87, 0x0f, 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, + 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, + 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, 0x80, 0x87, 0x0f, + 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, 0x0f, 0x06, 0x03, + 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x76, 0x9e, + 0x3c, 0xfc, 0x3f, 0x58, 0xe8, 0xf2, 0x1f, 0x2e, 0x11, 0xa2, 0x59, 0xfa, + 0x27, 0xb5, 0xec, 0x9d, 0x97, 0x05, 0x06, 0x2c, 0x95, 0xa5, 0x28, 0x88, + 0x86, 0xeb, 0x4e, 0x8a, 0x62, 0xe9, 0x87, 0x78, 0xd8, 0x18, 0x22, 0x4e, + 0xb1, 0x8d, 0x46, 0x4a, 0x4c, 0x6e, 0x7c, 0x53, 0x62, 0x2c, 0xf2, 0x7a, + 0x95, 0xa0, 0x1a, 0x30, 0x18, 0x6a, 0x31, 0x6f, 0x3f, 0x55, 0x25, 0x9f, + 0x67, 0x60, 0x68, 0x99, 0x0f, 0x41, 0x09, 0xc8, 0xe2, 0x04, 0x33, 0x22, + 0x1a, 0xe9, 0xf3, 0xae, 0xce, 0xb6, 0x83, 0x64, 0x78, 0x66, 0x14, 0xc9, + 0x54, 0xc8, 0x34, 0x70, 0x96, 0xaf, 0x16, 0xcd, 0xb8, 0xdf, 0x81, 0x7e, + 0xf0, 0xa6, 0x7d, 0xc1, 0x13, 0xb2, 0x76, 0x3a, 0xd5, 0x7e, 0x68, 0x8c, + 0xd5, 0x00, 0x70, 0x82, 0x23, 0x7e, 0x5e, 0xc9, 0x31, 0x2f, 0x33, 0x54, + 0xaa, 0xaf, 0xcd, 0xe9, 0x38, 0x9a, 0x23, 0x53, 0xad, 0x4e, 0x72, 0xa7, + 0x6f, 0x47, 0x60, 0xc9, 0xd3, 0x06, 0x9b, 0x7a, 0x21, 0xc6, 0xe9, 0xdb, + 0x3c, 0xaa, 0xc0, 0x21, 0x29, 0x5f, 0x44, 0x6a, 0x45, 0x90, 0x73, 0x5e, + 0x6d, 0x78, 0x82, 0xcb, 0x42, 0xe6, 0xba, 0x67, 0xb2, 0xe6, 0xa2, 0x15, + 0x04, 0xea, 0x69, 0xae, 0x3e, 0xc0, 0x0c, 0x10, 0x99, 0xec, 0xa9, 0xb0, + 0x7e, 0xe8, 0x94, 0xe2, 0xf3, 0xaf, 0xf7, 0x9f, 0x65, 0xe7, 0xd7, 0xe2, + 0x49, 0xfa, 0x52, 0x7d, 0xb5, 0xfd, 0xa0, 0xa5, 0xe0, 0x49, 0xa7, 0x3d, + 0x94, 0x20, 0x2d, 0xec, 0x8c, 0x22, 0xa5, 0xa4, 0x43, 0xfa, 0x7e, 0xd0, + 0x50, 0x21, 0xb8, 0x67, 0x18, 0x44, 0x69, 0x8f, 0xdd, 0x47, 0x41, 0xc6, + 0x35, 0xe0, 0xe9, 0x2e, 0x41, 0xa9, 0x6f, 0x41, 0xee, 0xb9, 0xbd, 0x45, + 0xf3, 0x88, 0xc1, 0x23, 0x35, 0x96, 0xba, 0xf8, 0xcd, 0x4b, 0x83, 0x73, + 0x5f + }; char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo"; int res; --- crypto/openssl/test/mdc2_internal_test.c.orig +++ crypto/openssl/test/mdc2_internal_test.c @@ -27,7 +27,6 @@ const unsigned char expected[MDC2_DIGEST_LENGTH]; } TESTDATA; - /********************************************************************** * * Test driver @@ -35,13 +34,9 @@ ***/ static TESTDATA tests[] = { - { - "Now is the time for all ", - { - 0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA, - 0x76, 0x0B, 0xDD, 0x2B, 0xD4, 0x09, 0x28, 0x1A - } - } + { "Now is the time for all ", + { 0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA, + 0x76, 0x0B, 0xDD, 0x2B, 0xD4, 0x09, 0x28, 0x1A } } }; /********************************************************************** @@ -58,11 +53,11 @@ MDC2_Init(&c); MDC2_Update(&c, (const unsigned char *)testdata.input, - strlen(testdata.input)); + strlen(testdata.input)); MDC2_Final(&(md[0]), &c); if (!TEST_mem_eq(testdata.expected, MDC2_DIGEST_LENGTH, - md, MDC2_DIGEST_LENGTH)) { + md, MDC2_DIGEST_LENGTH)) { TEST_info("mdc2 test %d: unexpected output", idx); return 0; } --- crypto/openssl/test/mdc2test.c.orig +++ crypto/openssl/test/mdc2test.c @@ -22,16 +22,16 @@ #include "testutil.h" #if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2) -# define OPENSSL_NO_MDC2 +#define OPENSSL_NO_MDC2 #endif #ifndef OPENSSL_NO_MDC2 -# include -# include +#include +#include -# ifdef CHARSET_EBCDIC -# include -# endif +#ifdef CHARSET_EBCDIC +#include +#endif static unsigned char pad1[16] = { 0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA, @@ -55,13 +55,13 @@ OSSL_PARAM params[2]; params[i++] = OSSL_PARAM_construct_uint(OSSL_DIGEST_PARAM_PAD_TYPE, - &pad_type), + &pad_type), params[i++] = OSSL_PARAM_construct_end(); prov = OSSL_PROVIDER_load(NULL, "legacy"); -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC ebcdic2ascii(text, text, tlen); -# endif +#endif c = EVP_MD_CTX_new(); if (!TEST_ptr(c) @@ -79,7 +79,7 @@ goto end; testresult = 1; - end: +end: EVP_MD_CTX_free(c); OSSL_PROVIDER_unload(prov); return testresult; --- crypto/openssl/test/memleaktest.c.orig +++ crypto/openssl/test/memleaktest.c @@ -15,16 +15,16 @@ /* __has_feature is a clang-ism, while __SANITIZE_ADDRESS__ is a gcc-ism */ #if defined(__has_feature) -# if __has_feature(address_sanitizer) -# define __SANITIZE_ADDRESS__ 1 -# endif +#if __has_feature(address_sanitizer) +#define __SANITIZE_ADDRESS__ 1 +#endif #endif /* If __SANITIZE_ADDRESS__ isn't defined, define it to be false */ /* Leak detection is not yet supported with MSVC on Windows, so */ /* set __SANITIZE_ADDRESS__ to false in this case as well. */ #if !defined(__SANITIZE_ADDRESS__) || defined(_MSC_VER) -# undef __SANITIZE_ADDRESS__ -# define __SANITIZE_ADDRESS__ 0 +#undef __SANITIZE_ADDRESS__ +#define __SANITIZE_ADDRESS__ 0 #endif /* --- crypto/openssl/test/modes_internal_test.c.orig +++ crypto/openssl/test/modes_internal_test.c @@ -27,7 +27,7 @@ typedef struct { size_t size; const unsigned char *data; -} SIZED_DATA; +} SIZED_DATA; /********************************************************************** * @@ -37,11 +37,11 @@ /* cts128 test vectors from RFC 3962 */ static const unsigned char cts128_test_key[16] = "chicken teriyaki"; -static const unsigned char cts128_test_input[64] = - "I would like the" " General Gau's C" - "hicken, please, " "and wonton soup."; -static const unsigned char cts128_test_iv[] = - { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; +static const unsigned char cts128_test_input[64] = "I would like the" + " General Gau's C" + "hicken, please, " + "and wonton soup."; +static const unsigned char cts128_test_iv[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; static const unsigned char vector_17[17] = { 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, @@ -92,9 +92,9 @@ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 }; -#define CTS128_TEST_VECTOR(len) \ - { \ - sizeof(vector_##len), vector_##len \ +#define CTS128_TEST_VECTOR(len) \ + { \ + sizeof(vector_##len), vector_##len \ } static const SIZED_DATA aes_cts128_vectors[] = { CTS128_TEST_VECTOR(17), @@ -132,25 +132,25 @@ typedef struct { const char *case_name; size_t (*last_blocks_correction)(const unsigned char *in, - unsigned char *out, size_t len); + unsigned char *out, size_t len); size_t (*encrypt_block)(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], - block128_f block); + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc); + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); size_t (*decrypt_block)(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], - block128_f block); + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc); + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); } CTS128_FIXTURE; static size_t last_blocks_correction(const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { size_t tail; @@ -163,7 +163,7 @@ } static size_t last_blocks_correction_nist(const unsigned char *in, - unsigned char *out, size_t len) + unsigned char *out, size_t len) { size_t tail; @@ -201,40 +201,41 @@ /* test block-based encryption */ memcpy(iv, test_iv, test_iv_len); if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len, - encrypt_key_schedule, iv, - (block128_f)AES_encrypt), len) - || !TEST_mem_eq(ciphertext, len, vector, len) - || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) + encrypt_key_schedule, iv, + (block128_f)AES_encrypt), + len) + || !TEST_mem_eq(ciphertext, len, vector, len) + || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) return 0; /* test block-based decryption */ memcpy(iv, test_iv, test_iv_len); size = fixture->decrypt_block(ciphertext, cleartext, len, - decrypt_key_schedule, iv, - (block128_f)AES_decrypt); + decrypt_key_schedule, iv, + (block128_f)AES_decrypt); if (!TEST_true(len == size || len + 16 == size) - || !TEST_mem_eq(cleartext, len, test_input, len) - || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) + || !TEST_mem_eq(cleartext, len, test_input, len) + || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) return 0; /* test streamed encryption */ memcpy(iv, test_iv, test_iv_len); if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len, - encrypt_key_schedule, iv, - (cbc128_f) AES_cbc_encrypt), - len) - || !TEST_mem_eq(ciphertext, len, vector, len) - || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) + encrypt_key_schedule, iv, + (cbc128_f)AES_cbc_encrypt), + len) + || !TEST_mem_eq(ciphertext, len, vector, len) + || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) return 0; /* test streamed decryption */ memcpy(iv, test_iv, test_iv_len); if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len, - decrypt_key_schedule, iv, - (cbc128_f)AES_cbc_encrypt), - len) - || !TEST_mem_eq(cleartext, len, test_input, len) - || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) + decrypt_key_schedule, iv, + (cbc128_f)AES_cbc_encrypt), + len) + || !TEST_mem_eq(cleartext, len, test_input, len) + || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) return 0; return 1; @@ -276,9 +277,9 @@ }; /* Test Case 2 */ -# define K2 K1 -# define A2 A1 -# define IV2 IV1 +#define K2 K1 +#define A2 A1 +#define IV2 IV1 static const u8 P2[16]; static const u8 C2[] = { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, @@ -291,7 +292,7 @@ }; /* Test Case 3 */ -# define A3 A2 +#define A3 A2 static const u8 K3[] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 @@ -330,8 +331,8 @@ }; /* Test Case 4 */ -# define K4 K3 -# define IV4 IV3 +#define K4 K3 +#define IV4 IV3 static const u8 P4[] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, @@ -366,9 +367,9 @@ }; /* Test Case 5 */ -# define K5 K4 -# define P5 P4 -# define A5 A4 +#define K5 K4 +#define P5 P4 +#define A5 A4 static const u8 IV5[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; @@ -390,9 +391,9 @@ }; /* Test Case 6 */ -# define K6 K5 -# define P6 P5 -# define A6 A5 +#define K6 K5 +#define P6 P5 +#define A6 A5 static const u8 IV6[] = { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, @@ -428,9 +429,9 @@ }; /* Test Case 8 */ -# define K8 K7 -# define IV8 IV7 -# define A8 A7 +#define K8 K7 +#define IV8 IV7 +#define A8 A7 static const u8 P8[16]; static const u8 C8[] = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, @@ -443,7 +444,7 @@ }; /* Test Case 9 */ -# define A9 A8 +#define A9 A8 static const u8 K9[] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, @@ -483,8 +484,8 @@ }; /* Test Case 10 */ -# define K10 K9 -# define IV10 IV9 +#define K10 K9 +#define IV10 IV9 static const u8 P10[] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, @@ -519,9 +520,9 @@ }; /* Test Case 11 */ -# define K11 K10 -# define P11 P10 -# define A11 A10 +#define K11 K10 +#define P11 P10 +#define A11 A10 static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; static const u8 C11[] = { @@ -541,9 +542,9 @@ }; /* Test Case 12 */ -# define K12 K11 -# define P12 P11 -# define A12 A11 +#define K12 K11 +#define P12 P11 +#define A12 A11 static const u8 IV12[] = { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, @@ -579,8 +580,8 @@ }; /* Test Case 14 */ -# define K14 K13 -# define A14 A13 +#define K14 K13 +#define A14 A13 static const u8 P14[16], IV14[12]; static const u8 C14[] = { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, @@ -593,7 +594,7 @@ }; /* Test Case 15 */ -# define A15 A14 +#define A15 A14 static const u8 K15[] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, @@ -634,8 +635,8 @@ }; /* Test Case 16 */ -# define K16 K15 -# define IV16 IV15 +#define K16 K15 +#define IV16 IV15 static const u8 P16[] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, @@ -670,9 +671,9 @@ }; /* Test Case 17 */ -# define K17 K16 -# define P17 P16 -# define A17 A16 +#define K17 K16 +#define P17 P16 +#define A17 A16 static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; static const u8 C17[] = { @@ -692,9 +693,9 @@ }; /* Test Case 18 */ -# define K18 K17 -# define P18 P17 -# define A18 A17 +#define K18 K17 +#define P18 P17 +#define A18 A17 static const u8 IV18[] = { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, @@ -723,10 +724,10 @@ }; /* Test Case 19 */ -# define K19 K1 -# define P19 P1 -# define IV19 IV1 -# define C19 C1 +#define K19 K1 +#define P19 P1 +#define IV19 IV1 +#define C19 C1 static const u8 A19[] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, @@ -752,8 +753,8 @@ }; /* Test Case 20 */ -# define K20 K1 -# define A20 A1 +#define K20 K1 +#define A20 A1 /* this results in 0xff in counter LSB */ static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; @@ -802,14 +803,16 @@ 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f }; -#define GCM128_TEST_VECTOR(n) \ - { \ - {sizeof(K##n), K##n}, \ - {sizeof(IV##n), IV##n}, \ - {sizeof(A##n), A##n}, \ - {sizeof(P##n), P##n}, \ - {sizeof(C##n), C##n}, \ - {sizeof(T##n), T##n} \ +#define GCM128_TEST_VECTOR(n) \ + { \ + { sizeof(K##n), K##n }, \ + { sizeof(IV##n), IV##n }, \ + { sizeof(A##n), A##n }, \ + { sizeof(P##n), P##n }, \ + { sizeof(C##n), C##n }, \ + { \ + sizeof(T##n), T##n \ + } \ } static struct gcm128_data { const SIZED_DATA K; @@ -869,11 +872,11 @@ if (A.data != NULL) CRYPTO_gcm128_aad(&ctx, A.data, A.size); if (P.data != NULL) - if (!TEST_int_ge(CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size), 0)) + if (!TEST_int_ge(CRYPTO_gcm128_encrypt(&ctx, P.data, out, P.size), 0)) return 0; if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) - || (C.data != NULL - && !TEST_mem_eq(out, P.size, C.data, P.size))) + || (C.data != NULL + && !TEST_mem_eq(out, P.size, C.data, P.size))) return 0; CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); @@ -883,8 +886,8 @@ if (C.data != NULL) CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size); if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) - || (P.data != NULL - && !TEST_mem_eq(out, P.size, P.data, P.size))) + || (P.data != NULL + && !TEST_mem_eq(out, P.size, P.data, P.size))) return 0; return 1; --- crypto/openssl/test/namemap_internal_test.c.orig +++ crypto/openssl/test/namemap_internal_test.c @@ -22,10 +22,10 @@ int ok; ok = TEST_int_eq(ossl_namemap_empty(NULL), 1) - && TEST_ptr(nm = ossl_namemap_new()) - && TEST_int_eq(ossl_namemap_empty(nm), 1) - && TEST_int_ne(ossl_namemap_add_name(nm, 0, NAME1), 0) - && TEST_int_eq(ossl_namemap_empty(nm), 0); + && TEST_ptr(nm = ossl_namemap_new()) + && TEST_int_eq(ossl_namemap_empty(nm), 1) + && TEST_int_ne(ossl_namemap_add_name(nm, 0, NAME1), 0) + && TEST_int_eq(ossl_namemap_empty(nm), 0); ossl_namemap_free(nm); return ok; } --- /dev/null +++ crypto/openssl/test/nocache-and-default.cnf @@ -0,0 +1,18 @@ +openssl_conf = openssl_init + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +[openssl_init] +providers = provider_sect + +[provider_sect] +test = test_sect +default = default_sect + +[test_sect] +module = ../test/p_test.so +activate = true + +[default_sect] +activate = true --- crypto/openssl/test/nodefltctxtest.c.orig +++ crypto/openssl/test/nodefltctxtest.c @@ -47,7 +47,7 @@ goto err; testresult = 1; - err: +err: EVP_MD_free(md); OSSL_LIB_CTX_free(ctx); return testresult; --- crypto/openssl/test/ocspapitest.c.orig +++ crypto/openssl/test/ocspapitest.c @@ -41,7 +41,7 @@ *cert_out = cert; *key_out = key; return 1; - end: +end: X509_free(cert); EVP_PKEY_free(key); return 0; @@ -60,7 +60,7 @@ goto end; *cert_out = cert; return 1; - end: +end: X509_free(cert); return 0; } @@ -68,7 +68,7 @@ static OCSP_BASICRESP *make_dummy_resp(void) { const unsigned char namestr[] = "openssl.example.com"; - unsigned char keybytes[128] = {7}; + unsigned char keybytes[128] = { 7 }; OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); OCSP_BASICRESP *bs_out = NULL; OCSP_CERTID *cid = NULL; @@ -82,8 +82,8 @@ || !TEST_ptr(key) || !TEST_ptr(serial) || !TEST_true(X509_NAME_add_entry_by_NID(name, NID_commonName, - MBSTRING_ASC, - namestr, -1, -1, 1)) + MBSTRING_ASC, + namestr, -1, -1, 1)) || !TEST_true(ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))) || !TEST_true(ASN1_INTEGER_set_uint64(serial, (uint64_t)1))) goto err; @@ -93,12 +93,12 @@ || !TEST_ptr(nextupd) || !TEST_ptr(cid) || !TEST_true(OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_UNKNOWN, - 0, NULL, thisupd, nextupd))) + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, thisupd, nextupd))) goto err; bs_out = bs; bs = NULL; - err: +err: ASN1_TIME_free(thisupd); ASN1_TIME_free(nextupd); ASN1_BIT_STRING_free(key); @@ -128,7 +128,7 @@ || !TEST_true(get_cert_and_key(&signer, &key)) || !TEST_true(sk_X509_push(extra_certs, signer)) || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), - NULL, OCSP_NOCERTS))) + NULL, OCSP_NOCERTS))) goto err; if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs)) || !TEST_int_eq(X509_cmp(tmp, signer), 0)) @@ -140,13 +140,13 @@ tmp = NULL; if (!TEST_ptr(bs) || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), - NULL, 0))) + NULL, 0))) goto err; if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL)) || !TEST_int_eq(X509_cmp(tmp, signer), 0)) goto err; ret = 1; - err: +err: OCSP_BASICRESP_free(bs); sk_X509_free(extra_certs); X509_free(signer); @@ -163,15 +163,15 @@ goto err; switch (testcase) { - case 0: /* no change */ + case 0: /* no change */ break; - case 1: /* check and release current location */ + case 1: /* check and release current location */ if (!TEST_ptr(ad->location)) goto err; GENERAL_NAME_free(ad->location); ad->location = NULL; break; - case 2: /* replace current location */ + case 2: /* replace current location */ GENERAL_NAME_free(ad->location); ad->location = GENERAL_NAME_new(); if (!TEST_ptr(ad->location)) @@ -193,7 +193,7 @@ }; X509 *issuer = NULL; - X509_EXTENSION * ext = NULL; + X509_EXTENSION *ext = NULL; int ret = 0; if (!TEST_true(get_cert(&issuer))) --- crypto/openssl/test/ossl_store_test.c.orig +++ crypto/openssl/test/ossl_store_test.c @@ -14,11 +14,11 @@ #include "testutil.h" #ifndef PATH_MAX -# if defined(_WIN32) && defined(_MAX_PATH) -# define PATH_MAX _MAX_PATH -# else -# define PATH_MAX 4096 -# endif +#if defined(_WIN32) && defined(_MAX_PATH) +#define PATH_MAX _MAX_PATH +#else +#define PATH_MAX 4096 +#endif #endif typedef enum OPTION_choice { @@ -45,12 +45,12 @@ char *input = test_mk_file_path(inputdir, infile); ret = TEST_ptr(input) - && TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing")) - && TEST_ptr(ui_method= UI_create_method("DummyUI")) - && TEST_ptr(sctx = OSSL_STORE_open_ex(input, NULL, NULL, ui_method, - NULL, NULL, NULL, NULL)) - && TEST_false(OSSL_STORE_find(sctx, NULL)) - && TEST_true(OSSL_STORE_find(sctx, search)); + && TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing")) + && TEST_ptr(ui_method = UI_create_method("DummyUI")) + && TEST_ptr(sctx = OSSL_STORE_open_ex(input, NULL, NULL, ui_method, + NULL, NULL, NULL, NULL)) + && TEST_false(OSSL_STORE_find(sctx, NULL)) + && TEST_true(OSSL_STORE_find(sctx, search)); UI_destroy_method(ui_method); OSSL_STORE_SEARCH_free(search); OSSL_STORE_close(sctx); @@ -64,7 +64,7 @@ OSSL_STORE_SEARCH *search = NULL; ret = TEST_ptr_null(search = OSSL_STORE_SEARCH_by_key_fingerprint( - EVP_sha256(), NULL, 0)); + EVP_sha256(), NULL, 0)); OSSL_STORE_SEARCH_free(search); return ret; } @@ -81,8 +81,8 @@ goto err; while (!OSSL_STORE_eof(ctx) - && (info = OSSL_STORE_load(ctx)) != NULL - && pkey == NULL) { + && (info = OSSL_STORE_load(ctx)) != NULL + && pkey == NULL) { if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) { pkey = OSSL_STORE_INFO_get1_PARAMS(info); } @@ -94,7 +94,7 @@ ret = EVP_PKEY_is_a(pkey, type); EVP_PKEY_free(pkey); - err: +err: OSSL_STORE_close(ctx); return ret; } @@ -105,7 +105,7 @@ const char *urifmt; char uri[PATH_MAX]; - switch(idx) { + switch (idx) { #ifndef OPENSSL_NO_DH case 0: type = "DH"; @@ -163,14 +163,14 @@ char *input = test_mk_file_path(inputdir, sm2file); ret = TEST_ptr(input) - && TEST_ptr(libctx = OSSL_LIB_CTX_new()) - && TEST_ptr(provider = OSSL_PROVIDER_load(libctx, "default")) - && TEST_ptr(bio = BIO_new_file(input, "r")) - && TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL, - NULL, NULL, NULL, NULL, NULL)) - && TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE) - && TEST_int_ne(ERR_GET_REASON(ERR_peek_error()), - OSSL_STORE_R_UNREGISTERED_SCHEME); + && TEST_ptr(libctx = OSSL_LIB_CTX_new()) + && TEST_ptr(provider = OSSL_PROVIDER_load(libctx, "default")) + && TEST_ptr(bio = BIO_new_file(input, "r")) + && TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL, + NULL, NULL, NULL, NULL, NULL)) + && TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE) + && TEST_int_ne(ERR_GET_REASON(ERR_peek_error()), + OSSL_STORE_R_UNREGISTERED_SCHEME); BIO_free(bio); OSSL_STORE_close(store_ctx); @@ -212,7 +212,7 @@ datadir = opt_arg(); break; case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; --- crypto/openssl/test/p_minimal.c.orig +++ crypto/openssl/test/p_minimal.c @@ -16,9 +16,9 @@ OSSL_provider_init_fn OSSL_provider_init; /* Check the function signature */ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *oin, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *oin, + const OSSL_DISPATCH **out, + void **provctx) { return 1; } --- crypto/openssl/test/p_test.c.orig +++ crypto/openssl/test/p_test.c @@ -25,7 +25,7 @@ * object form. */ #ifdef PROVIDER_INIT_FUNCTION_NAME -# define OSSL_provider_init PROVIDER_INIT_FUNCTION_NAME +#define OSSL_provider_init PROVIDER_INIT_FUNCTION_NAME #endif #include "e_os.h" @@ -53,7 +53,7 @@ /* Tell the core what params we provide and what type they are */ static const OSSL_PARAM p_param_types[] = { { "greeting", OSSL_PARAM_UTF8_STRING, NULL, 0, 0 }, - { "digest-check", OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0}, + { "digest-check", OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0 }, { NULL, 0, NULL, 0, 0 } }; @@ -75,7 +75,7 @@ } static void p_set_error(int lib, int reason, const char *file, int line, - const char *func, const char *fmt, ...) + const char *func, const char *fmt, ...) { va_list ap; @@ -106,13 +106,13 @@ static OSSL_PARAM counter_request[] = { /* Known libcrypto provided parameters */ { "openssl-version", OSSL_PARAM_UTF8_PTR, - &opensslv, sizeof(&opensslv), 0 }, + &opensslv, sizeof(&opensslv), 0 }, { "provider-name", OSSL_PARAM_UTF8_PTR, - &provname, sizeof(&provname), 0}, + &provname, sizeof(&provname), 0 }, /* This might be present, if there's such a configuration */ { "greeting", OSSL_PARAM_UTF8_PTR, - &greeting, sizeof(&greeting), 0 }, + &greeting, sizeof(&greeting), 0 }, { NULL, 0, NULL, 0, 0 } }; @@ -129,7 +129,7 @@ const char *namep = *(void **)counter_request[1].data; local_snprintf(buf, sizeof(buf), "Hello OpenSSL %.20s, greetings from %s!", - versionp, namep); + versionp, namep); } } else { local_snprintf(buf, sizeof(buf), "Howdy stranger..."); @@ -156,15 +156,15 @@ OSSL_PROVIDER *deflt; /* - * "default" has not been loaded into the parent libctx. We should be able - * to explicitly load it as a non-child provider. - */ + * "default" has not been loaded into the parent libctx. We should be able + * to explicitly load it as a non-child provider. + */ deflt = OSSL_PROVIDER_load(ctx->libctx, "default"); if (deflt == NULL - || !OSSL_PROVIDER_available(ctx->libctx, "default")) { + || !OSSL_PROVIDER_available(ctx->libctx, "default")) { /* We set error "3" for a failure to load the default provider */ p_set_error(ERR_LIB_PROV, 3, ctx->thisfile, OPENSSL_LINE, - ctx->thisfunc, NULL); + ctx->thisfunc, NULL); ok = 0; } @@ -175,16 +175,16 @@ * available. */ if (ok - && OSSL_PROVIDER_available(ctx->libctx, "default") - && OSSL_PROVIDER_available(ctx->libctx, "base") - && OSSL_PROVIDER_available(ctx->libctx, "legacy") - && OSSL_PROVIDER_available(ctx->libctx, "p_test") - && md4 != NULL - && mdctx != NULL) { + && OSSL_PROVIDER_available(ctx->libctx, "default") + && OSSL_PROVIDER_available(ctx->libctx, "base") + && OSSL_PROVIDER_available(ctx->libctx, "legacy") + && OSSL_PROVIDER_available(ctx->libctx, "p_test") + && md4 != NULL + && mdctx != NULL) { if (EVP_DigestInit_ex(mdctx, md4, NULL) - && EVP_DigestUpdate(mdctx, (const unsigned char *)msg, - strlen(msg)) - && EVP_DigestFinal(mdctx, out, NULL)) + && EVP_DigestUpdate(mdctx, (const unsigned char *)msg, + strlen(msg)) + && EVP_DigestFinal(mdctx, out, NULL)) digestsuccess = 1; } EVP_MD_CTX_free(mdctx); @@ -221,18 +221,18 @@ static const OSSL_ITEM *p_get_reason_strings(void *_) { static const OSSL_ITEM reason_strings[] = { - {1, "dummy reason string"}, - {2, "Can't create child library context"}, - {3, "Can't load default provider"}, - {0, NULL} + { 1, "dummy reason string" }, + { 2, "Can't create child library context" }, + { 3, "Can't load default provider" }, + { 0, NULL } }; return reason_strings; } static const OSSL_ALGORITHM *p_query(OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { *no_cache = 1; return NULL; @@ -242,16 +242,16 @@ { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params }, { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, - (void (*)(void))p_get_reason_strings}, + (void (*)(void))p_get_reason_strings }, { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, { 0, NULL } }; int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *oin, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *oin, + const OSSL_DISPATCH **out, + void **provctx) { P_TEST_CTX *ctx; const OSSL_DISPATCH *in = oin; @@ -304,7 +304,7 @@ if (ctx->libctx == NULL) { /* We set error "2" for a failure to create the child libctx*/ p_set_error(ERR_LIB_PROV, 2, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc, - NULL); + NULL); p_teardown(ctx); return 0; } --- crypto/openssl/test/packettest.c.orig +++ crypto/openssl/test/packettest.c @@ -19,11 +19,11 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1)) - || !TEST_size_t_eq(PACKET_remaining(&pkt), 1) - || !TEST_true(PACKET_forward(&pkt, 1)) - || !TEST_size_t_eq(PACKET_remaining(&pkt), 0)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), 1) + || !TEST_true(PACKET_forward(&pkt, 1)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), 0)) return 0; return 1; @@ -34,12 +34,12 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) - || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1)) - || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN) - || !TEST_true(PACKET_forward(&pkt, 1)) - || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1)) + || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN) + || !TEST_true(PACKET_forward(&pkt, 1)) + || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN)) return 0; return 1; @@ -51,12 +51,12 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_get_1(&pkt, &i)) - || !TEST_uint_eq(i, 0x02) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 2)) - || !TEST_true(PACKET_get_1(&pkt, &i)) - || !TEST_uint_eq(i, 0xfe) - || !TEST_false(PACKET_get_1(&pkt, &i))) + || !TEST_true(PACKET_get_1(&pkt, &i)) + || !TEST_uint_eq(i, 0x02) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 2)) + || !TEST_true(PACKET_get_1(&pkt, &i)) + || !TEST_uint_eq(i, 0xfe) + || !TEST_false(PACKET_get_1(&pkt, &i))) return 0; return 1; @@ -68,12 +68,12 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_get_4(&pkt, &i)) - || !TEST_ulong_eq(i, 0x08060402UL) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) - || !TEST_true(PACKET_get_4(&pkt, &i)) - || !TEST_ulong_eq(i, 0xfefcfaf8UL) - || !TEST_false(PACKET_get_4(&pkt, &i))) + || !TEST_true(PACKET_get_4(&pkt, &i)) + || !TEST_ulong_eq(i, 0x08060402UL) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_get_4(&pkt, &i)) + || !TEST_ulong_eq(i, 0xfefcfaf8UL) + || !TEST_false(PACKET_get_4(&pkt, &i))) return 0; return 1; @@ -85,12 +85,12 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_get_net_2(&pkt, &i)) - || !TEST_uint_eq(i, 0x0204) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 4)) - || !TEST_true(PACKET_get_net_2(&pkt, &i)) - || !TEST_uint_eq(i, 0xfcfe) - || !TEST_false(PACKET_get_net_2(&pkt, &i))) + || !TEST_true(PACKET_get_net_2(&pkt, &i)) + || !TEST_uint_eq(i, 0x0204) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 4)) + || !TEST_true(PACKET_get_net_2(&pkt, &i)) + || !TEST_uint_eq(i, 0xfcfe) + || !TEST_false(PACKET_get_net_2(&pkt, &i))) return 0; return 1; @@ -102,12 +102,12 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_get_net_3(&pkt, &i)) - || !TEST_ulong_eq(i, 0x020406UL) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 6)) - || !TEST_true(PACKET_get_net_3(&pkt, &i)) - || !TEST_ulong_eq(i, 0xfafcfeUL) - || !TEST_false(PACKET_get_net_3(&pkt, &i))) + || !TEST_true(PACKET_get_net_3(&pkt, &i)) + || !TEST_ulong_eq(i, 0x020406UL) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 6)) + || !TEST_true(PACKET_get_net_3(&pkt, &i)) + || !TEST_ulong_eq(i, 0xfafcfeUL) + || !TEST_false(PACKET_get_net_3(&pkt, &i))) return 0; return 1; @@ -119,12 +119,12 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_get_net_4(&pkt, &i)) - || !TEST_ulong_eq(i, 0x02040608UL) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) - || !TEST_true(PACKET_get_net_4(&pkt, &i)) - || !TEST_ulong_eq(i, 0xf8fafcfeUL) - || !TEST_false(PACKET_get_net_4(&pkt, &i))) + || !TEST_true(PACKET_get_net_4(&pkt, &i)) + || !TEST_ulong_eq(i, 0x02040608UL) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_get_net_4(&pkt, &i)) + || !TEST_ulong_eq(i, 0xf8fafcfeUL) + || !TEST_false(PACKET_get_net_4(&pkt, &i))) return 0; return 1; @@ -136,16 +136,16 @@ unsigned long i = 0; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4)) - || !TEST_true(PACKET_get_net_4(&subpkt, &i)) - || !TEST_ulong_eq(i, 0x02040608UL) - || !TEST_size_t_eq(PACKET_remaining(&subpkt), 0) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) - || !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4)) - || !TEST_true(PACKET_get_net_4(&subpkt, &i)) - || !TEST_ulong_eq(i, 0xf8fafcfeUL) - || !TEST_size_t_eq(PACKET_remaining(&subpkt), 0) - || !TEST_false(PACKET_get_sub_packet(&pkt, &subpkt, 4))) + || !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4)) + || !TEST_true(PACKET_get_net_4(&subpkt, &i)) + || !TEST_ulong_eq(i, 0x02040608UL) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), 0) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4)) + || !TEST_true(PACKET_get_net_4(&subpkt, &i)) + || !TEST_ulong_eq(i, 0xf8fafcfeUL) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), 0) + || !TEST_false(PACKET_get_sub_packet(&pkt, &subpkt, 4))) return 0; return 1; @@ -157,19 +157,19 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4)) - || !TEST_uchar_eq(bytes[0], 2) - || !TEST_uchar_eq(bytes[1], 4) - || !TEST_uchar_eq(bytes[2], 6) - || !TEST_uchar_eq(bytes[3], 8) - || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN -4) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) - || !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4)) - || !TEST_uchar_eq(bytes[0], 0xf8) - || !TEST_uchar_eq(bytes[1], 0xfa) - || !TEST_uchar_eq(bytes[2], 0xfc) - || !TEST_uchar_eq(bytes[3], 0xfe) - || !TEST_false(PACKET_remaining(&pkt))) + || !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4)) + || !TEST_uchar_eq(bytes[0], 2) + || !TEST_uchar_eq(bytes[1], 4) + || !TEST_uchar_eq(bytes[2], 6) + || !TEST_uchar_eq(bytes[3], 8) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN - 4) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4)) + || !TEST_uchar_eq(bytes[0], 0xf8) + || !TEST_uchar_eq(bytes[1], 0xfa) + || !TEST_uchar_eq(bytes[2], 0xfc) + || !TEST_uchar_eq(bytes[3], 0xfe) + || !TEST_false(PACKET_remaining(&pkt))) return 0; return 1; @@ -181,19 +181,19 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_copy_bytes(&pkt, bytes, 4)) - || !TEST_char_eq(bytes[0], 2) - || !TEST_char_eq(bytes[1], 4) - || !TEST_char_eq(bytes[2], 6) - || !TEST_char_eq(bytes[3], 8) - || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN - 4) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) - || !TEST_true(PACKET_copy_bytes(&pkt, bytes, 4)) - || !TEST_uchar_eq(bytes[0], 0xf8) - || !TEST_uchar_eq(bytes[1], 0xfa) - || !TEST_uchar_eq(bytes[2], 0xfc) - || !TEST_uchar_eq(bytes[3], 0xfe) - || !TEST_false(PACKET_remaining(&pkt))) + || !TEST_true(PACKET_copy_bytes(&pkt, bytes, 4)) + || !TEST_char_eq(bytes[0], 2) + || !TEST_char_eq(bytes[1], 4) + || !TEST_char_eq(bytes[2], 6) + || !TEST_char_eq(bytes[3], 8) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN - 4) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_copy_bytes(&pkt, bytes, 4)) + || !TEST_uchar_eq(bytes[0], 0xf8) + || !TEST_uchar_eq(bytes[1], 0xfa) + || !TEST_uchar_eq(bytes[2], 0xfc) + || !TEST_uchar_eq(bytes[3], 0xfe) + || !TEST_false(PACKET_remaining(&pkt))) return 0; return 1; @@ -206,11 +206,11 @@ size_t len; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_copy_all(&pkt, tmp, BUF_LEN, &len)) - || !TEST_size_t_eq(len, BUF_LEN) - || !TEST_mem_eq(smbuf, BUF_LEN, tmp, BUF_LEN) - || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) - || !TEST_false(PACKET_copy_all(&pkt, tmp, BUF_LEN - 1, &len))) + || !TEST_true(PACKET_copy_all(&pkt, tmp, BUF_LEN, &len)) + || !TEST_size_t_eq(len, BUF_LEN) + || !TEST_mem_eq(smbuf, BUF_LEN, tmp, BUF_LEN) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_false(PACKET_copy_all(&pkt, tmp, BUF_LEN - 1, &len))) return 0; return 1; @@ -224,13 +224,13 @@ int result = 0; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_memdup(&pkt, &data, &len)) - || !TEST_size_t_eq(len, BUF_LEN) - || !TEST_mem_eq(data, len, PACKET_data(&pkt), len) - || !TEST_true(PACKET_forward(&pkt, 10)) - || !TEST_true(PACKET_memdup(&pkt, &data, &len)) - || !TEST_size_t_eq(len, BUF_LEN - 10) - || !TEST_mem_eq(data, len, PACKET_data(&pkt), len)) + || !TEST_true(PACKET_memdup(&pkt, &data, &len)) + || !TEST_size_t_eq(len, BUF_LEN) + || !TEST_mem_eq(data, len, PACKET_data(&pkt), len) + || !TEST_true(PACKET_forward(&pkt, 10)) + || !TEST_true(PACKET_memdup(&pkt, &data, &len)) + || !TEST_size_t_eq(len, BUF_LEN - 10) + || !TEST_mem_eq(data, len, PACKET_data(&pkt), len)) goto end; result = 1; end: @@ -249,14 +249,14 @@ memset(buf2, 'y', 10); buf2[5] = '\0'; - if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf1, 10)) - || !TEST_true(PACKET_strndup(&pkt, &data)) - || !TEST_size_t_eq(strlen(data), 10) - || !TEST_strn_eq(data, buf1, 10) - || !TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf2, 10)) - || !TEST_true(PACKET_strndup(&pkt, &data)) - || !TEST_size_t_eq(strlen(data), 5) - || !TEST_str_eq(data, buf2)) + if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)buf1, 10)) + || !TEST_true(PACKET_strndup(&pkt, &data)) + || !TEST_size_t_eq(strlen(data), 10) + || !TEST_strn_eq(data, buf1, 10) + || !TEST_true(PACKET_buf_init(&pkt, (unsigned char *)buf2, 10)) + || !TEST_true(PACKET_strndup(&pkt, &data)) + || !TEST_size_t_eq(strlen(data), 5) + || !TEST_str_eq(data, buf2)) goto end; result = 1; @@ -274,10 +274,10 @@ memset(buf2, 'y', 10); buf2[5] = '\0'; - if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf1, 10)) - || !TEST_false(PACKET_contains_zero_byte(&pkt)) - || !TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf2, 10)) - || !TEST_true(PACKET_contains_zero_byte(&pkt))) + if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)buf1, 10)) + || !TEST_false(PACKET_contains_zero_byte(&pkt)) + || !TEST_true(PACKET_buf_init(&pkt, (unsigned char *)buf2, 10)) + || !TEST_true(PACKET_contains_zero_byte(&pkt))) return 0; return 1; @@ -289,12 +289,12 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_forward(&pkt, 1)) - || !TEST_true(PACKET_get_bytes(&pkt, &byte, 1)) - || !TEST_uchar_eq(byte[0], 4) - || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 3)) - || !TEST_true(PACKET_get_bytes(&pkt, &byte, 1)) - || !TEST_uchar_eq(byte[0], 0xfe)) + || !TEST_true(PACKET_forward(&pkt, 1)) + || !TEST_true(PACKET_get_bytes(&pkt, &byte, 1)) + || !TEST_uchar_eq(byte[0], 4) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 3)) + || !TEST_true(PACKET_get_bytes(&pkt, &byte, 1)) + || !TEST_uchar_eq(byte[0], 0xfe)) return 0; return 1; @@ -307,10 +307,10 @@ /* Also tests PACKET_remaining() */ if (!TEST_true(PACKET_buf_init(&pkt, buf1, 4)) - || !TEST_size_t_eq(PACKET_remaining(&pkt), 4) - || !TEST_true(PACKET_buf_init(&pkt, buf1, BUF_LEN)) - || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) - || !TEST_false(PACKET_buf_init(&pkt, buf1, -1))) + || !TEST_size_t_eq(PACKET_remaining(&pkt), 4) + || !TEST_true(PACKET_buf_init(&pkt, buf1, BUF_LEN)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_false(PACKET_buf_init(&pkt, buf1, -1))) return 0; return 1; @@ -322,7 +322,7 @@ PACKET_null_init(&pkt); if (!TEST_size_t_eq(PACKET_remaining(&pkt), 0) - || !TEST_false(PACKET_forward(&pkt, 1))) + || !TEST_false(PACKET_forward(&pkt, 1))) return 0; return 1; @@ -333,13 +333,13 @@ PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, 4)) - || !TEST_true(PACKET_equal(&pkt, smbuf, 4)) - || !TEST_false(PACKET_equal(&pkt, smbuf + 1, 4)) - || !TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) - || !TEST_true(PACKET_equal(&pkt, smbuf, BUF_LEN)) - || !TEST_false(PACKET_equal(&pkt, smbuf, BUF_LEN - 1)) - || !TEST_false(PACKET_equal(&pkt, smbuf, BUF_LEN + 1)) - || !TEST_false(PACKET_equal(&pkt, smbuf, 0))) + || !TEST_true(PACKET_equal(&pkt, smbuf, 4)) + || !TEST_false(PACKET_equal(&pkt, smbuf + 1, 4)) + || !TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_equal(&pkt, smbuf, BUF_LEN)) + || !TEST_false(PACKET_equal(&pkt, smbuf, BUF_LEN - 1)) + || !TEST_false(PACKET_equal(&pkt, smbuf, BUF_LEN + 1)) + || !TEST_false(PACKET_equal(&pkt, smbuf, 0))) return 0; return 1; @@ -358,13 +358,13 @@ buf1[i] = (i * 2) & 0xff; if (!TEST_true(PACKET_buf_init(&pkt, buf1, BUF_LEN)) - || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) - || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) - || !TEST_true(PACKET_get_net_2(&subpkt, &i)) - || !TEST_uint_eq(i, 0x0204) - || !TEST_false(PACKET_get_length_prefixed_1(&short_pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) + || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) + || !TEST_true(PACKET_get_net_2(&subpkt, &i)) + || !TEST_uint_eq(i, 0x0204) + || !TEST_false(PACKET_get_length_prefixed_1(&short_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) return 0; return 1; @@ -373,7 +373,7 @@ static int test_PACKET_get_length_prefixed_2(void) { unsigned char buf1[1024]; - const size_t len = 516; /* 0x0204 */ + const size_t len = 516; /* 0x0204 */ unsigned int i; PACKET pkt, short_pkt, subpkt; @@ -382,13 +382,13 @@ buf1[i - 1] = (i * 2) & 0xff; if (!TEST_true(PACKET_buf_init(&pkt, buf1, 1024)) - || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) - || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) - || !TEST_true(PACKET_get_net_2(&subpkt, &i)) - || !TEST_uint_eq(i, 0x0608) - || !TEST_false(PACKET_get_length_prefixed_2(&short_pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) + || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) + || !TEST_true(PACKET_get_net_2(&subpkt, &i)) + || !TEST_uint_eq(i, 0x0608) + || !TEST_false(PACKET_get_length_prefixed_2(&short_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) return 0; return 1; @@ -397,7 +397,7 @@ static int test_PACKET_get_length_prefixed_3(void) { unsigned char buf1[1024]; - const size_t len = 516; /* 0x000204 */ + const size_t len = 516; /* 0x000204 */ unsigned int i; PACKET pkt, short_pkt, subpkt; @@ -406,13 +406,13 @@ buf1[i] = (i * 2) & 0xff; if (!TEST_true(PACKET_buf_init(&pkt, buf1, 1024)) - || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) - || !TEST_true(PACKET_get_length_prefixed_3(&pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) - || !TEST_true(PACKET_get_net_2(&subpkt, &i)) - || !TEST_uint_eq(i, 0x0608) - || !TEST_false(PACKET_get_length_prefixed_3(&short_pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) + || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) + || !TEST_true(PACKET_get_length_prefixed_3(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) + || !TEST_true(PACKET_get_net_2(&subpkt, &i)) + || !TEST_uint_eq(i, 0x0608) + || !TEST_false(PACKET_get_length_prefixed_3(&short_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) return 0; return 1; @@ -431,12 +431,12 @@ buf1[i] = (i * 2) & 0xff; if (!TEST_true(PACKET_buf_init(&pkt, buf1, BUF_LEN)) - || !TEST_true(PACKET_buf_init(&exact_pkt, buf1, len + 1)) - || !TEST_false(PACKET_as_length_prefixed_1(&pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) - || !TEST_true(PACKET_as_length_prefixed_1(&exact_pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&exact_pkt), 0) - || !TEST_size_t_eq(PACKET_remaining(&subpkt), len)) + || !TEST_true(PACKET_buf_init(&exact_pkt, buf1, len + 1)) + || !TEST_false(PACKET_as_length_prefixed_1(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_true(PACKET_as_length_prefixed_1(&exact_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&exact_pkt), 0) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len)) return 0; return 1; @@ -445,21 +445,21 @@ static int test_PACKET_as_length_prefixed_2(void) { unsigned char buf[1024]; - const size_t len = 516; /* 0x0204 */ + const size_t len = 516; /* 0x0204 */ unsigned int i; PACKET pkt, exact_pkt, subpkt; memset(&subpkt, 0, sizeof(subpkt)); for (i = 1; i <= 1024; i++) - buf[i-1] = (i * 2) & 0xff; + buf[i - 1] = (i * 2) & 0xff; if (!TEST_true(PACKET_buf_init(&pkt, buf, 1024)) - || !TEST_true(PACKET_buf_init(&exact_pkt, buf, len + 2)) - || !TEST_false(PACKET_as_length_prefixed_2(&pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&pkt), 1024) - || !TEST_true(PACKET_as_length_prefixed_2(&exact_pkt, &subpkt)) - || !TEST_size_t_eq(PACKET_remaining(&exact_pkt), 0) - || !TEST_size_t_eq(PACKET_remaining(&subpkt), len)) + || !TEST_true(PACKET_buf_init(&exact_pkt, buf, len + 2)) + || !TEST_false(PACKET_as_length_prefixed_2(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), 1024) + || !TEST_true(PACKET_as_length_prefixed_2(&exact_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&exact_pkt), 0) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len)) return 0; return 1; --- crypto/openssl/test/param_build_test.c.orig +++ crypto/openssl/test/param_build_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -110,14 +110,14 @@ || !TEST_true(BN_set_word(bn, 1729)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "bignumber", bn)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, "utf8_s", "foo", - sizeof("foo"))) + sizeof("foo"))) || !TEST_true(OSSL_PARAM_BLD_push_utf8_ptr(bld, "utf8_p", "bar-boom", - 0)) + 0)) || !TEST_true(OSSL_PARAM_BLD_push_int(bld, "i", -6)) || !TEST_ptr(params_blt = OSSL_PARAM_BLD_to_param(bld))) goto err; - switch(tstid) { + switch (tstid) { case 0: params = params_blt; break; @@ -234,8 +234,8 @@ int res = 0; if (!TEST_ptr(data1 = OPENSSL_secure_malloc(data1_size)) - || !TEST_ptr(data2 = OPENSSL_secure_malloc(data2_size)) - || !TEST_ptr(bld = OSSL_PARAM_BLD_new())) + || !TEST_ptr(data2 = OPENSSL_secure_malloc(data2_size)) + || !TEST_ptr(bld = OSSL_PARAM_BLD_new())) goto err; for (j = 0; j < data1_num; j++) @@ -254,12 +254,12 @@ || !TEST_true(BN_set_word(bn, 1729)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "bignumber", bn)) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, "oct_s", data1, - data1_size)) + data1_size)) || !TEST_true(OSSL_PARAM_BLD_push_octet_ptr(bld, "oct_p", data2, - data2_size)) + data2_size)) || !TEST_ptr(params_blt = OSSL_PARAM_BLD_to_param(bld))) goto err; - switch(tstid) { + switch (tstid) { case 0: params = params_blt; break; @@ -374,7 +374,7 @@ if (!TEST_ptr(bld)) goto err; - + for (i = 0; i < n; i++) { names[i][0] = 'A' + (i / 26) - 1; names[i][1] = 'a' + (i % 26) - 1; @@ -384,8 +384,9 @@ } if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; - /* Count the elements in the params arrary, expecting n */ - for (i = 0; params[i].key != NULL; i++); + /* Count the elements in the params array, expecting n */ + for (i = 0; params[i].key != NULL; i++) + ; if (!TEST_int_eq(i, n)) goto err; @@ -396,8 +397,9 @@ if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, "g", 2)) || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; - /* Count the elements in the params arrary, expecting 1 */ - for (i = 0; params[i].key != NULL; i++); + /* Count the elements in the params array, expecting 1 */ + for (i = 0; params[i].key != NULL; i++) + ; if (!TEST_int_eq(i, 1)) goto err; res = 1; @@ -437,9 +439,9 @@ if (!TEST_ptr(bld2) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld2, "oct_s", data1, - sizeof(data1))) + sizeof(data1))) || !TEST_true(OSSL_PARAM_BLD_push_octet_ptr(bld2, "oct_p", data2, - sizeof(data2))) + sizeof(data2))) || !TEST_true(OSSL_PARAM_BLD_push_uint32(bld2, "i32", 99)) || !TEST_ptr(bn_pub = BN_new()) || !TEST_true(BN_set_word(bn_pub, 0x42)) @@ -525,7 +527,7 @@ ADD_TEST(template_public_single_zero_test); ADD_ALL_TESTS(template_public_test, 5); /* Only run the secure memory testing if we have secure memory available */ - if (CRYPTO_secure_malloc_init(1<<16, 16)) { + if (CRYPTO_secure_malloc_init(1 << 16, 16)) { ADD_TEST(template_private_single_zero_test); ADD_ALL_TESTS(template_private_test, 5); } --- crypto/openssl/test/params_api_test.c.orig +++ crypto/openssl/test/params_api_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -60,14 +60,12 @@ { 5, { 0xd1, 0x76, 0x01, 0x1b, 0xcd } }, { 8, { 0x59, 0xb2, 0x1a, 0xe9, 0x2a, 0xd8, 0x46, 0x40 } }, { 8, { 0xb4, 0xae, 0xbd, 0xb4, 0xdd, 0x04, 0xb1, 0x4c } }, - { 16, { 0x61, 0xe8, 0x7e, 0x31, 0xe9, 0x33, 0x83, 0x3d, - 0x87, 0x99, 0xc7, 0xd8, 0x5d, 0xa9, 0x8b, 0x42 } }, - { 16, { 0xee, 0x6e, 0x8b, 0xc3, 0xec, 0xcf, 0x37, 0xcc, - 0x89, 0x67, 0xf2, 0x68, 0x33, 0xa0, 0x14, 0xb0 } }, + { 16, { 0x61, 0xe8, 0x7e, 0x31, 0xe9, 0x33, 0x83, 0x3d, 0x87, 0x99, 0xc7, 0xd8, 0x5d, 0xa9, 0x8b, 0x42 } }, + { 16, { 0xee, 0x6e, 0x8b, 0xc3, 0xec, 0xcf, 0x37, 0xcc, 0x89, 0x67, 0xf2, 0x68, 0x33, 0xa0, 0x14, 0xb0 } }, }; static int test_param_type_extra(OSSL_PARAM *param, const unsigned char *cmp, - size_t width) + size_t width) { int32_t i32; int64_t i64; @@ -78,7 +76,7 @@ const int signd = param->data_type == OSSL_PARAM_INTEGER; /* - * Set the unmodified sentinal directly because there is no param array + * Set the unmodified sentinel directly because there is no param array * for these tests. */ param->return_size = OSSL_PARAM_UNMODIFIED; @@ -88,7 +86,7 @@ return 0; } else { if ((bit32 - && !TEST_true(OSSL_PARAM_get_uint32(param, (uint32_t *)&i32))) + && !TEST_true(OSSL_PARAM_get_uint32(param, (uint32_t *)&i32))) || !TEST_true(OSSL_PARAM_get_uint64(param, (uint64_t *)&i64)) || (sizet && !TEST_true(OSSL_PARAM_get_size_t(param, &s)))) return 0; @@ -149,8 +147,7 @@ { int in, out; unsigned char buf[MAX_LEN], cmp[sizeof(int)]; - const size_t len = raw_values[n].len >= sizeof(int) ? - sizeof(int) : raw_values[n].len; + const size_t len = raw_values[n].len >= sizeof(int) ? sizeof(int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int("a", NULL); memset(buf, 0, sizeof(buf)); @@ -177,7 +174,8 @@ long int in, out; unsigned char buf[MAX_LEN], cmp[sizeof(long int)]; const size_t len = raw_values[n].len >= sizeof(long int) - ? sizeof(long int) : raw_values[n].len; + ? sizeof(long int) + : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_long("a", NULL); memset(buf, 0, sizeof(buf)); @@ -230,7 +228,8 @@ unsigned long int in, out; unsigned char buf[MAX_LEN], cmp[sizeof(unsigned long int)]; const size_t len = raw_values[n].len >= sizeof(unsigned long int) - ? sizeof(unsigned long int) : raw_values[n].len; + ? sizeof(unsigned long int) + : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_ulong("a", NULL); memset(buf, 0, sizeof(buf)); @@ -257,7 +256,8 @@ int32_t in, out; unsigned char buf[MAX_LEN], cmp[sizeof(int32_t)]; const size_t len = raw_values[n].len >= sizeof(int32_t) - ? sizeof(int32_t) : raw_values[n].len; + ? sizeof(int32_t) + : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int32("a", NULL); memset(buf, 0, sizeof(buf)); @@ -284,7 +284,8 @@ uint32_t in, out; unsigned char buf[MAX_LEN], cmp[sizeof(uint32_t)]; const size_t len = raw_values[n].len >= sizeof(uint32_t) - ? sizeof(uint32_t) : raw_values[n].len; + ? sizeof(uint32_t) + : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint32("a", NULL); memset(buf, 0, sizeof(buf)); @@ -311,7 +312,8 @@ int64_t in, out; unsigned char buf[MAX_LEN], cmp[sizeof(int64_t)]; const size_t len = raw_values[n].len >= sizeof(int64_t) - ? sizeof(int64_t) : raw_values[n].len; + ? sizeof(int64_t) + : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int64("a", NULL); memset(buf, 0, sizeof(buf)); @@ -338,7 +340,8 @@ uint64_t in, out; unsigned char buf[MAX_LEN], cmp[sizeof(uint64_t)]; const size_t len = raw_values[n].len >= sizeof(uint64_t) - ? sizeof(uint64_t) : raw_values[n].len; + ? sizeof(uint64_t) + : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint64("a", NULL); memset(buf, 0, sizeof(buf)); @@ -365,7 +368,8 @@ size_t in, out; unsigned char buf[MAX_LEN], cmp[sizeof(size_t)]; const size_t len = raw_values[n].len >= sizeof(size_t) - ? sizeof(size_t) : raw_values[n].len; + ? sizeof(size_t) + : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_size_t("a", NULL); memset(buf, 0, sizeof(buf)); @@ -392,7 +396,8 @@ time_t in, out; unsigned char buf[MAX_LEN], cmp[sizeof(time_t)]; const size_t len = raw_values[n].len >= sizeof(time_t) - ? sizeof(time_t) : raw_values[n].len; + ? sizeof(time_t) + : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_time_t("a", NULL); memset(buf, 0, sizeof(buf)); @@ -420,7 +425,7 @@ const size_t len = raw_values[n].len; BIGNUM *b = NULL, *c = NULL; OSSL_PARAM param = OSSL_PARAM_DEFN("bn", OSSL_PARAM_UNSIGNED_INTEGER, - NULL, 0); + NULL, 0); int ret = 0; param.data = bnbuf; @@ -452,7 +457,7 @@ param.data = &p; return TEST_true(OSSL_PARAM_set_double(¶m, 3.14159)) - && TEST_double_eq(p, 3.14159); + && TEST_double_eq(p, 3.14159); } static int test_param_construct(int tstid) @@ -505,7 +510,7 @@ params[n++] = OSSL_PARAM_construct_octet_ptr("octptr", &vp, 0); params[n] = OSSL_PARAM_construct_end(); - switch(tstid) { + switch (tstid) { case 0: p = params; break; @@ -583,7 +588,7 @@ /* OCTET string */ if (!TEST_ptr(cp = OSSL_PARAM_locate(p, "octstr")) || !TEST_true(OSSL_PARAM_set_octet_string(cp, "abcdefghi", - sizeof("abcdefghi"))) + sizeof("abcdefghi"))) || !TEST_size_t_eq(cp->return_size, sizeof("abcdefghi"))) goto err; /* Match the return size to avoid trailing garbage bytes */ @@ -591,13 +596,13 @@ if (!TEST_true(OSSL_PARAM_get_octet_string(cp, &vpn, 0, &s)) || !TEST_size_t_eq(s, sizeof("abcdefghi")) || !TEST_mem_eq(vpn, sizeof("abcdefghi"), - "abcdefghi", sizeof("abcdefghi"))) + "abcdefghi", sizeof("abcdefghi"))) goto err; vp = buf2; if (!TEST_true(OSSL_PARAM_get_octet_string(cp, &vp, sizeof(buf2), &s)) || !TEST_size_t_eq(s, sizeof("abcdefghi")) || !TEST_mem_eq(vp, sizeof("abcdefghi"), - "abcdefghi", sizeof("abcdefghi"))) + "abcdefghi", sizeof("abcdefghi"))) goto err; /* OCTET pointer */ vp = &l; @@ -620,7 +625,7 @@ goto err; /* Match the return size to avoid trailing garbage bytes */ cp->data_size = cp->return_size; - if(!TEST_true(OSSL_PARAM_get_BN(cp, &bn2)) + if (!TEST_true(OSSL_PARAM_get_BN(cp, &bn2)) || !TEST_BN_eq(bn, bn2)) goto err; ret = 1; @@ -637,26 +642,26 @@ static int test_param_modified(void) { OSSL_PARAM param[3] = { OSSL_PARAM_int("a", NULL), - OSSL_PARAM_int("b", NULL), - OSSL_PARAM_END }; + OSSL_PARAM_int("b", NULL), + OSSL_PARAM_END }; int a, b; param->data = &a; param[1].data = &b; if (!TEST_false(OSSL_PARAM_modified(param)) - && !TEST_true(OSSL_PARAM_set_int32(param, 1234)) - && !TEST_true(OSSL_PARAM_modified(param)) - && !TEST_false(OSSL_PARAM_modified(param + 1)) - && !TEST_true(OSSL_PARAM_set_int32(param + 1, 1)) - && !TEST_true(OSSL_PARAM_modified(param + 1))) + && !TEST_true(OSSL_PARAM_set_int32(param, 1234)) + && !TEST_true(OSSL_PARAM_modified(param)) + && !TEST_false(OSSL_PARAM_modified(param + 1)) + && !TEST_true(OSSL_PARAM_set_int32(param + 1, 1)) + && !TEST_true(OSSL_PARAM_modified(param + 1))) return 0; OSSL_PARAM_set_all_unmodified(param); if (!TEST_false(OSSL_PARAM_modified(param)) - && !TEST_true(OSSL_PARAM_set_int32(param, 4321)) - && !TEST_true(OSSL_PARAM_modified(param)) - && !TEST_false(OSSL_PARAM_modified(param + 1)) - && !TEST_true(OSSL_PARAM_set_int32(param + 1, 2)) - && !TEST_true(OSSL_PARAM_modified(param + 1))) + && !TEST_true(OSSL_PARAM_set_int32(param, 4321)) + && !TEST_true(OSSL_PARAM_modified(param)) + && !TEST_false(OSSL_PARAM_modified(param + 1)) + && !TEST_true(OSSL_PARAM_set_int32(param + 1, 2)) + && !TEST_true(OSSL_PARAM_modified(param + 1))) return 0; return 1; } @@ -673,25 +678,52 @@ param[i] = OSSL_PARAM_construct_end(); ret = TEST_ptr_null(OSSL_PARAM_dup(NULL)) - && TEST_ptr(cp1 = OSSL_PARAM_merge(NULL, param)) - && TEST_ptr(p = OSSL_PARAM_locate(cp1, "a")) - && TEST_true(OSSL_PARAM_get_int(p, &val)) - && TEST_int_eq(val, 1) - && TEST_ptr(p = OSSL_PARAM_locate(cp1, "b")) - && TEST_true(OSSL_PARAM_get_int(p, &val)) - && TEST_int_eq(val, 2) - && TEST_ptr(cp2 = OSSL_PARAM_merge(param, NULL)) - && TEST_ptr(p = OSSL_PARAM_locate(cp2, "a")) - && TEST_true(OSSL_PARAM_get_int(p, &val)) - && TEST_int_eq(val, 1) - && TEST_ptr(p = OSSL_PARAM_locate(cp2, "b")) - && TEST_true(OSSL_PARAM_get_int(p, &val)) - && TEST_int_eq(val, 2) - && TEST_ptr_null(OSSL_PARAM_merge(NULL, NULL)); + && TEST_ptr(cp1 = OSSL_PARAM_merge(NULL, param)) + && TEST_ptr(p = OSSL_PARAM_locate(cp1, "a")) + && TEST_true(OSSL_PARAM_get_int(p, &val)) + && TEST_int_eq(val, 1) + && TEST_ptr(p = OSSL_PARAM_locate(cp1, "b")) + && TEST_true(OSSL_PARAM_get_int(p, &val)) + && TEST_int_eq(val, 2) + && TEST_ptr(cp2 = OSSL_PARAM_merge(param, NULL)) + && TEST_ptr(p = OSSL_PARAM_locate(cp2, "a")) + && TEST_true(OSSL_PARAM_get_int(p, &val)) + && TEST_int_eq(val, 1) + && TEST_ptr(p = OSSL_PARAM_locate(cp2, "b")) + && TEST_true(OSSL_PARAM_get_int(p, &val)) + && TEST_int_eq(val, 2) + && TEST_ptr_null(OSSL_PARAM_merge(NULL, NULL)); OSSL_PARAM_free(cp2); OSSL_PARAM_free(cp1); return ret; } +static int test_param_merge(void) +{ + int val, ret; + int values[] = { 1, 2, 3, 4 }; + OSSL_PARAM *p = NULL, *cp = NULL; + OSSL_PARAM param[3], param1[3]; + + param[0] = OSSL_PARAM_construct_int("diff1", &values[0]); + param[1] = OSSL_PARAM_construct_int("same", &values[1]); + param[2] = OSSL_PARAM_construct_end(); + param1[0] = OSSL_PARAM_construct_int("diff2", &values[2]); + param1[1] = OSSL_PARAM_construct_int("same", &values[3]); + param1[2] = OSSL_PARAM_construct_end(); + + ret = TEST_ptr(p = OSSL_PARAM_merge(param, param1)) + && TEST_ptr(cp = OSSL_PARAM_locate(p, "diff1")) + && TEST_true(OSSL_PARAM_get_int(p, &val)) + && TEST_int_eq(val, values[0]) + && TEST_ptr(cp = OSSL_PARAM_locate(p, "diff2")) + && TEST_true(OSSL_PARAM_get_int(cp, &val)) + && TEST_int_eq(val, values[2]) + && TEST_ptr(cp = OSSL_PARAM_locate(p, "same")) + && TEST_true(OSSL_PARAM_get_int(cp, &val)) + && TEST_int_eq(val, values[3]); + OSSL_PARAM_free(p); + return ret; +} int setup_tests(void) { @@ -710,5 +742,6 @@ ADD_ALL_TESTS(test_param_construct, 4); ADD_TEST(test_param_modified); ADD_TEST(test_param_copy_null); + ADD_TEST(test_param_merge); return 1; } --- crypto/openssl/test/params_conversion_test.c.orig +++ crypto/openssl/test/params_conversion_test.c @@ -15,10 +15,10 @@ /* On machines that dont support just disable the tests */ #if !defined(OPENSSL_NO_INTTYPES_H) -# ifdef OPENSSL_SYS_VMS -# define strtoumax strtoull -# define strtoimax strtoll -# endif +#ifdef OPENSSL_SYS_VMS +#define strtoumax strtoull +#define strtoimax strtoll +#endif typedef struct { OSSL_PARAM *param; @@ -41,8 +41,8 @@ static uint64_t datum_u64, ref_u64; static double datum_d, ref_d; static OSSL_PARAM params[] = { - OSSL_PARAM_int32("int32", &datum_i32), - OSSL_PARAM_int64("int64", &datum_i64), + OSSL_PARAM_int32("int32", &datum_i32), + OSSL_PARAM_int64("int64", &datum_i64), OSSL_PARAM_uint32("uint32", &datum_u32), OSSL_PARAM_uint64("uint64", &datum_u64), OSSL_PARAM_double("double", &datum_d), @@ -119,7 +119,7 @@ } if (*p != '\0') { TEST_info("Line %d: extra characters at end '%s' for %s", - s->curr, p, pp->key); + s->curr, p, pp->key); return 0; } } @@ -204,7 +204,7 @@ if (!TEST_true(OSSL_PARAM_set_int32(pc->param, i32)) || !TEST_mem_eq(pc->datum, pc->size, pc->ref, pc->size)) { TEST_note("unexpected valid conversion from int32 on line %d", - line); + line); return 0; } } @@ -224,7 +224,7 @@ if (!TEST_true(OSSL_PARAM_set_int64(pc->param, i64)) || !TEST_mem_eq(pc->datum, pc->size, pc->ref, pc->size)) { TEST_note("unexpected valid conversion from int64 on line %d", - line); + line); return 0; } } @@ -244,7 +244,7 @@ if (!TEST_true(OSSL_PARAM_set_uint32(pc->param, u32)) || !TEST_mem_eq(pc->datum, pc->size, pc->ref, pc->size)) { TEST_note("unexpected valid conversion from uint32 on line %d", - line); + line); return 0; } } @@ -264,7 +264,7 @@ if (!TEST_true(OSSL_PARAM_set_uint64(pc->param, u64)) || !TEST_mem_eq(pc->datum, pc->size, pc->ref, pc->size)) { TEST_note("unexpected valid conversion from uint64 on line %d", - line); + line); return 0; } } @@ -304,7 +304,7 @@ if (!TEST_true(OSSL_PARAM_set_double(pc->param, d)) || !TEST_mem_eq(pc->datum, pc->size, pc->ref, pc->size)) { TEST_note("unexpected valid conversion from double on line %d", - line); + line); return 0; } } --- crypto/openssl/test/params_test.c.orig +++ crypto/openssl/test/params_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -47,7 +47,7 @@ */ double p2; /* - * Documented as an arbitrarly large unsigned integer. + * Documented as an arbitrarily large unsigned integer. * The data size must be large enough to accommodate. * Assumed data type OSSL_PARAM_UNSIGNED_INTEGER */ @@ -73,17 +73,17 @@ size_t p6_l; }; -#define p1_init 42 /* The ultimate answer */ -#define p2_init 6.283 /* Magic number */ +#define p1_init 42 /* The ultimate answer */ +#define p2_init 6.283 /* Magic number */ /* Stolen from evp_data, BLAKE2s256 test */ -#define p3_init \ - "4142434445464748494a4b4c4d4e4f50" \ - "5152535455565758595a616263646566" \ - "6768696a6b6c6d6e6f70717273747576" \ +#define p3_init \ + "4142434445464748494a4b4c4d4e4f50" \ + "5152535455565758595a616263646566" \ + "6768696a6b6c6d6e6f70717273747576" \ "7778797a30313233343536373839" -#define p4_init "BLAKE2s256" /* Random string */ -#define p5_init "Hellow World" /* Random string */ -#define p6_init OPENSSL_FULL_VERSION_STR /* Static string */ +#define p4_init "BLAKE2s256" /* Random string */ +#define p5_init "Hellow World" /* Random string */ /* codespell:ignore */ +#define p6_init OPENSSL_FULL_VERSION_STR /* Static string */ static void cleanup_object(void *vobj) { @@ -113,7 +113,7 @@ obj->p6 = p6_init; return obj; - fail: +fail: cleanup_object(obj); obj = NULL; @@ -139,12 +139,12 @@ } else if (strcmp(params->key, "p3") == 0) { BN_free(obj->p3); if (!TEST_ptr(obj->p3 = BN_native2bn(params->data, - params->data_size, NULL))) + params->data_size, NULL))) return 0; } else if (strcmp(params->key, "p4") == 0) { OPENSSL_free(obj->p4); if (!TEST_ptr(obj->p4 = OPENSSL_strndup(params->data, - params->data_size))) + params->data_size))) return 0; obj->p4_l = strlen(obj->p4); } else if (strcmp(params->key, "p5") == 0) { @@ -152,8 +152,7 @@ * Protect obj->p5 against too much data. This should not * happen, we don't use that long strings. */ - size_t data_length = - OPENSSL_strnlen(params->data, params->data_size); + size_t data_length = OPENSSL_strnlen(params->data, params->data_size); if (!TEST_size_t_lt(data_length, sizeof(obj->p5))) return 0; @@ -302,18 +301,18 @@ * they don't understand (the application may have one big bag of * parameters). */ -static int app_p1; /* "p1" */ -static double app_p2; /* "p2" is ignored */ -static BIGNUM *app_p3 = NULL; /* "p3" */ +static int app_p1; /* "p1" */ +static double app_p2; /* "p2" is ignored */ +static BIGNUM *app_p3 = NULL; /* "p3" */ static unsigned char bignumbin[4096]; /* "p3" */ -static char app_p4[256]; /* "p4" */ -static char app_p5[256]; /* "p5" */ -static const char *app_p6 = NULL; /* "p6" */ -static unsigned char foo[1]; /* "foo" */ - -#define app_p1_init 17 /* A random number */ -#define app_p2_init 47.11 /* Another random number */ -#define app_p3_init "deadbeef" /* Classic */ +static char app_p4[256]; /* "p4" */ +static char app_p5[256]; /* "p5" */ +static const char *app_p6 = NULL; /* "p6" */ +static unsigned char foo[1]; /* "foo" */ + +#define app_p1_init 17 /* A random number */ +#define app_p2_init 47.11 /* Another random number */ +#define app_p3_init "deadbeef" /* Classic */ #define app_p4_init "Hello" #define app_p5_init "World" #define app_p6_init "Cookie" @@ -369,7 +368,7 @@ OSSL_PARAM_DEFN("p5", OSSL_PARAM_UTF8_STRING, &app_p5, sizeof(app_p5)), /* sizeof(app_p6_init), because we know that's what we're using */ OSSL_PARAM_DEFN("p6", OSSL_PARAM_UTF8_PTR, &app_p6, - sizeof(app_p6_init) - 1), + sizeof(app_p6_init) - 1), OSSL_PARAM_DEFN("foo", OSSL_PARAM_OCTET_STRING, &foo, sizeof(foo)), OSSL_PARAM_END }; @@ -386,12 +385,12 @@ params[n++] = OSSL_PARAM_construct_int("p1", &app_p1); params[n++] = OSSL_PARAM_construct_BN("p3", bignumbin, sizeof(bignumbin)); params[n++] = OSSL_PARAM_construct_utf8_string("p4", app_p4, - sizeof(app_p4)); + sizeof(app_p4)); params[n++] = OSSL_PARAM_construct_utf8_string("p5", app_p5, - sizeof(app_p5)); + sizeof(app_p5)); /* sizeof(app_p6_init), because we know that's what we're using */ params[n++] = OSSL_PARAM_construct_utf8_ptr("p6", (char **)&app_p6, - sizeof(app_p6_init)); + sizeof(app_p6_init)); params[n++] = OSSL_PARAM_construct_octet_string("foo", &foo, sizeof(foo)); params[n++] = OSSL_PARAM_construct_end(); @@ -457,21 +456,21 @@ init_app_variables(); if (!TEST_true(prov->get_params(obj, params)) - || !TEST_int_eq(app_p1, p1_init) /* "provider" value */ + || !TEST_int_eq(app_p1, p1_init) /* "provider" value */ || !TEST_double_eq(app_p2, app_p2_init) /* Should remain untouched */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "p3")) || !TEST_ptr(BN_native2bn(bignumbin, p->return_size, app_p3)) - || !TEST_BN_eq(app_p3, verify_p3) /* "provider" value */ - || !TEST_str_eq(app_p4, p4_init) /* "provider" value */ + || !TEST_BN_eq(app_p3, verify_p3) /* "provider" value */ + || !TEST_str_eq(app_p4, p4_init) /* "provider" value */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "p5")) || !TEST_size_t_eq(p->return_size, - sizeof(p5_init) - 1) /* "provider" value */ - || !TEST_str_eq(app_p5, p5_init) /* "provider" value */ + sizeof(p5_init) - 1) /* "provider" value */ + || !TEST_str_eq(app_p5, p5_init) /* "provider" value */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "p6")) || !TEST_size_t_eq(p->return_size, - sizeof(p6_init) - 1) /* "provider" value */ - || !TEST_str_eq(app_p6, p6_init) /* "provider" value */ - || !TEST_char_eq(foo[0], app_foo_init) /* Should remain untouched */ + sizeof(p6_init) - 1) /* "provider" value */ + || !TEST_str_eq(app_p6, p6_init) /* "provider" value */ + || !TEST_char_eq(foo[0], app_foo_init) /* Should remain untouched */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "foo"))) errcnt++; @@ -486,12 +485,12 @@ } else { struct object_st *sneakpeek = obj; - if (!TEST_int_eq(sneakpeek->p1, app_p1) /* app value set */ - || !TEST_double_eq(sneakpeek->p2, p2_init) /* Should remain untouched */ - || !TEST_BN_eq(sneakpeek->p3, app_p3) /* app value set */ - || !TEST_str_eq(sneakpeek->p4, app_p4) /* app value set */ - || !TEST_str_eq(sneakpeek->p5, app_p5) /* app value set */ - || !TEST_str_eq(sneakpeek->p6, app_p6)) /* app value set */ + if (!TEST_int_eq(sneakpeek->p1, app_p1) /* app value set */ + || !TEST_double_eq(sneakpeek->p2, p2_init) /* Should remain untouched */ + || !TEST_BN_eq(sneakpeek->p3, app_p3) /* app value set */ + || !TEST_str_eq(sneakpeek->p4, app_p4) /* app value set */ + || !TEST_str_eq(sneakpeek->p5, app_p5) /* app value set */ + || !TEST_str_eq(sneakpeek->p6, app_p6)) /* app value set */ errcnt++; } @@ -508,25 +507,25 @@ } if (!TEST_true(prov->get_params(obj, params)) - || !TEST_int_eq(app_p1, app_p1_init) /* app value */ + || !TEST_int_eq(app_p1, app_p1_init) /* app value */ || !TEST_double_eq(app_p2, app_p2_init) /* Should remain untouched */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "p3")) || !TEST_ptr(BN_native2bn(bignumbin, p->return_size, app_p3)) - || !TEST_BN_eq(app_p3, verify_p3) /* app value */ - || !TEST_str_eq(app_p4, app_p4_init) /* app value */ + || !TEST_BN_eq(app_p3, verify_p3) /* app value */ + || !TEST_str_eq(app_p4, app_p4_init) /* app value */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "p5")) || !TEST_size_t_eq(p->return_size, - sizeof(app_p5_init) - 1) /* app value */ - || !TEST_str_eq(app_p5, app_p5_init) /* app value */ + sizeof(app_p5_init) - 1) /* app value */ + || !TEST_str_eq(app_p5, app_p5_init) /* app value */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "p6")) || !TEST_size_t_eq(p->return_size, - sizeof(app_p6_init) - 1) /* app value */ - || !TEST_str_eq(app_p6, app_p6_init) /* app value */ - || !TEST_char_eq(foo[0], app_foo_init) /* Should remain untouched */ + sizeof(app_p6_init) - 1) /* app value */ + || !TEST_str_eq(app_p6, app_p6_init) /* app value */ + || !TEST_char_eq(foo[0], app_foo_init) /* Should remain untouched */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "foo"))) errcnt++; - fin: +fin: BN_free(verify_p3); verify_p3 = NULL; cleanup_app_variables(); @@ -540,10 +539,10 @@ TEST_info("Case: %s", test_cases[i].desc); return test_case_variant(test_cases[i].app->static_params, - test_cases[i].prov) + test_cases[i].prov) && (test_cases[i].app->constructed_params == NULL || test_case_variant(test_cases[i].app->constructed_params(), - test_cases[i].prov)); + test_cases[i].prov)); } /*- @@ -572,45 +571,45 @@ }; static struct int_from_text_test_st int_from_text_test_cases[] = { - { "int", "", 0, 0, 0 }, - { "int", "0", 0, 1, 4 }, - { "int", "101", 101, 1, 4 }, - { "int", "-102", -102, 1, 4 }, - { "int", "12A", 12, 1, 4 }, /* incomplete */ - { "int", "0x12B", 0x12B, 1, 4 }, - { "hexint", "12C", 0x12C, 1, 4 }, - { "hexint", "0x12D", 0, 1, 4 }, /* zero */ + { "int", "", 0, 0, 0 }, + { "int", "0", 0, 1, 4 }, + { "int", "101", 101, 1, 4 }, + { "int", "-102", -102, 1, 4 }, + { "int", "12A", 12, 1, 4 }, /* incomplete */ + { "int", "0x12B", 0x12B, 1, 4 }, + { "hexint", "12C", 0x12C, 1, 4 }, + { "hexint", "0x12D", 0, 1, 4 }, /* zero */ /* test check of the target buffer size */ - { "int", "0x7fffffff", INT32_MAX, 1, 4 }, - { "int", "2147483647", INT32_MAX, 1, 4 }, - { "int", "2147483648", 0, 0, 0 }, /* too small buffer */ - { "int", "-2147483648", INT32_MIN, 1, 4 }, - { "int", "-2147483649", 0, 0, 4 }, /* too small buffer */ - { "short", "0x7fff", INT16_MAX, 1, 2 }, - { "short", "32767", INT16_MAX, 1, 2 }, - { "short", "32768", 0, 0, 0 }, /* too small buffer */ - { "ushort", "0xffff", UINT16_MAX, 1, 2 }, - { "ushort", "65535", UINT16_MAX, 1, 2 }, - { "ushort", "65536", 0, 0, 0 }, /* too small buffer */ + { "int", "0x7fffffff", INT32_MAX, 1, 4 }, + { "int", "2147483647", INT32_MAX, 1, 4 }, + { "int", "2147483648", 0, 0, 0 }, /* too small buffer */ + { "int", "-2147483648", INT32_MIN, 1, 4 }, + { "int", "-2147483649", 0, 0, 4 }, /* too small buffer */ + { "short", "0x7fff", INT16_MAX, 1, 2 }, + { "short", "32767", INT16_MAX, 1, 2 }, + { "short", "32768", 0, 0, 0 }, /* too small buffer */ + { "ushort", "0xffff", UINT16_MAX, 1, 2 }, + { "ushort", "65535", UINT16_MAX, 1, 2 }, + { "ushort", "65536", 0, 0, 0 }, /* too small buffer */ /* test check of sign extension in arbitrary size results */ - { "num", "0", 0, 1, 1 }, - { "num", "0", 0, 1, 1 }, - { "num", "0xff", 0xff, 1, 2 }, /* sign extension */ - { "num", "-0xff", -0xff, 1, 2 }, /* sign extension */ - { "num", "0x7f", 0x7f, 1, 1 }, /* no sign extension */ - { "num", "-0x7f", -0x7f, 1, 1 }, /* no sign extension */ - { "num", "0x80", 0x80, 1, 2 }, /* sign extension */ - { "num", "-0x80", -0x80, 1, 1 }, /* no sign extension */ - { "num", "0x81", 0x81, 1, 2 }, /* sign extension */ - { "num", "-0x81", -0x81, 1, 2 }, /* sign extension */ - { "unum", "0xff", 0xff, 1, 1 }, - { "unum", "-0xff", -0xff, 0, 0 }, /* invalid neg number */ - { "unum", "0x7f", 0x7f, 1, 1 }, - { "unum", "-0x7f", -0x7f, 0, 0 }, /* invalid neg number */ - { "unum", "0x80", 0x80, 1, 1 }, - { "unum", "-0x80", -0x80, 0, 0 }, /* invalid neg number */ - { "unum", "0x81", 0x81, 1, 1 }, - { "unum", "-0x81", -0x81, 0, 0 }, /* invalid neg number */ + { "num", "0", 0, 1, 1 }, + { "num", "0", 0, 1, 1 }, + { "num", "0xff", 0xff, 1, 2 }, /* sign extension */ + { "num", "-0xff", -0xff, 1, 2 }, /* sign extension */ + { "num", "0x7f", 0x7f, 1, 1 }, /* no sign extension */ + { "num", "-0x7f", -0x7f, 1, 1 }, /* no sign extension */ + { "num", "0x80", 0x80, 1, 2 }, /* sign extension */ + { "num", "-0x80", -0x80, 1, 1 }, /* no sign extension */ + { "num", "0x81", 0x81, 1, 2 }, /* sign extension */ + { "num", "-0x81", -0x81, 1, 2 }, /* sign extension */ + { "unum", "0xff", 0xff, 1, 1 }, + { "unum", "-0xff", -0xff, 0, 0 }, /* invalid neg number */ + { "unum", "0x7f", 0x7f, 1, 1 }, + { "unum", "-0x7f", -0x7f, 0, 0 }, /* invalid neg number */ + { "unum", "0x80", 0x80, 1, 1 }, + { "unum", "-0x80", -0x80, 0, 0 }, /* invalid neg number */ + { "unum", "0x81", 0x81, 1, 1 }, + { "unum", "-0x81", -0x81, 0, 0 }, /* invalid neg number */ }; static int check_int_from_text(const struct int_from_text_test_st a) @@ -620,10 +619,10 @@ int res; if (!OSSL_PARAM_allocate_from_text(¶m, params_from_text, - a.argname, a.strval, 0, NULL)) { + a.argname, a.strval, 0, NULL)) { if (a.expected_res) TEST_error("unexpected OSSL_PARAM_allocate_from_text() return for %s \"%s\"", - a.argname, a.strval); + a.argname, a.strval); return !a.expected_res; } @@ -631,7 +630,7 @@ if (param.data_size == 0) { OPENSSL_free(param.data); TEST_error("unexpected zero size for %s \"%s\"", - a.argname, a.strval); + a.argname, a.strval); return 0; } res = OSSL_PARAM_get_long(¶m, &val); @@ -639,18 +638,19 @@ if (res ^ a.expected_res) { TEST_error("unexpected OSSL_PARAM_get_long() return for %s \"%s\": " - "%d != %d", a.argname, a.strval, a.expected_res, res); + "%d != %d", + a.argname, a.strval, a.expected_res, res); return 0; } if (val != a.expected_intval) { TEST_error("unexpected result for %s \"%s\": %li != %li", - a.argname, a.strval, a.expected_intval, val); + a.argname, a.strval, a.expected_intval, val); return 0; } if (param.data_size != a.expected_bufsize) { TEST_error("unexpected size for %s \"%s\": %d != %d", - a.argname, a.strval, - (int)a.expected_bufsize, (int)param.data_size); + a.argname, a.strval, + (int)a.expected_bufsize, (int)param.data_size); return 0; } @@ -672,20 +672,18 @@ ERR_clear_error(); memset(¶m, 0, sizeof(param)); if (expected) - result = - TEST_true(OSSL_PARAM_allocate_from_text(¶m, - params_from_text, - "hexoctets", values[i], 0, - NULL)); + result = TEST_true(OSSL_PARAM_allocate_from_text(¶m, + params_from_text, + "hexoctets", values[i], 0, + NULL)); else - result = - TEST_false(OSSL_PARAM_allocate_from_text(¶m, - params_from_text, - "hexoctets", values[i], 0, - NULL)); + result = TEST_false(OSSL_PARAM_allocate_from_text(¶m, + params_from_text, + "hexoctets", values[i], 0, + NULL)); if (!result) { TEST_error("unexpected OSSL_PARAM_allocate_from_text() %s for 'octets' \"%s\"", - (expected ? "failure" : "success"), values[i]); + (expected ? "failure" : "success"), values[i]); errcnt++; } OPENSSL_free(param.data); --- crypto/openssl/test/pbelutest.c.orig +++ crypto/openssl/test/pbelutest.c @@ -34,9 +34,9 @@ /* Error: print out whole table */ for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) { failed = pbe_type < last_type - || (pbe_type == last_type && pbe_nid < last_nid); + || (pbe_type == last_type && pbe_nid < last_nid); TEST_note("PBE type=%d %d (%s): %s\n", pbe_type, pbe_nid, - OBJ_nid2sn(pbe_nid), failed ? "ERROR" : "OK"); + OBJ_nid2sn(pbe_nid), failed ? "ERROR" : "OK"); last_type = pbe_type; last_nid = pbe_nid; } --- crypto/openssl/test/pbetest.c.orig +++ crypto/openssl/test/pbetest.c @@ -23,15 +23,43 @@ static const char pbe_password[] = "MyVoiceIsMyPassport"; static unsigned char pbe_salt[] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, }; static const int pbe_iter = 1000; static unsigned char pbe_plaintext[] = { - 0x57, 0x65, 0x20, 0x61, 0x72, 0x65, 0x20, 0x61, - 0x6c, 0x6c, 0x20, 0x6d, 0x61, 0x64, 0x65, 0x20, - 0x6f, 0x66, 0x20, 0x73, 0x74, 0x61, 0x72, 0x73, + 0x57, + 0x65, + 0x20, + 0x61, + 0x72, + 0x65, + 0x20, + 0x61, + 0x6c, + 0x6c, + 0x20, + 0x6d, + 0x61, + 0x64, + 0x65, + 0x20, + 0x6f, + 0x66, + 0x20, + 0x73, + 0x74, + 0x61, + 0x72, + 0x73, }; #endif @@ -39,25 +67,74 @@ #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5 static const unsigned char pbe_ciphertext_rc4_md5[] = { - 0x21, 0x90, 0xfa, 0xee, 0x95, 0x66, 0x59, 0x45, - 0xfa, 0x1e, 0x9f, 0xe2, 0x25, 0xd2, 0xf9, 0x71, - 0x94, 0xe4, 0x3d, 0xc9, 0x7c, 0xb0, 0x07, 0x23, + 0x21, + 0x90, + 0xfa, + 0xee, + 0x95, + 0x66, + 0x59, + 0x45, + 0xfa, + 0x1e, + 0x9f, + 0xe2, + 0x25, + 0xd2, + 0xf9, + 0x71, + 0x94, + 0xe4, + 0x3d, + 0xc9, + 0x7c, + 0xb0, + 0x07, + 0x23, }; #endif #if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1 static const unsigned char pbe_ciphertext_des_sha1[] = { - 0xce, 0x4b, 0xb0, 0x0a, 0x7b, 0x48, 0xd7, 0xe3, - 0x9a, 0x9f, 0x46, 0xd6, 0x41, 0x42, 0x4b, 0x44, - 0x36, 0x45, 0x5f, 0x60, 0x8f, 0x3c, 0xd0, 0x55, - 0xd0, 0x8d, 0xa9, 0xab, 0x78, 0x5b, 0x63, 0xaf, + 0xce, + 0x4b, + 0xb0, + 0x0a, + 0x7b, + 0x48, + 0xd7, + 0xe3, + 0x9a, + 0x9f, + 0x46, + 0xd6, + 0x41, + 0x42, + 0x4b, + 0x44, + 0x36, + 0x45, + 0x5f, + 0x60, + 0x8f, + 0x3c, + 0xd0, + 0x55, + 0xd0, + 0x8d, + 0xa9, + 0xab, + 0x78, + 0x5b, + 0x63, + 0xaf, }; #endif #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5 \ || !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1 static int test_pkcs5_pbe(const EVP_CIPHER *cipher, const EVP_MD *md, - const unsigned char *exp, const int exp_len) + const unsigned char *exp, const int exp_len) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -74,11 +151,11 @@ goto err; if (!TEST_true(PKCS5_pbe_set0_algor(algor, EVP_CIPHER_nid(cipher), pbe_iter, - pbe_salt, sizeof(pbe_salt))) + pbe_salt, sizeof(pbe_salt))) || !TEST_true(PKCS5_PBE_keyivgen(ctx, pbe_password, strlen(pbe_password), - algor->parameter, cipher, md, 1)) + algor->parameter, cipher, md, 1)) || !TEST_true(EVP_CipherUpdate(ctx, out, &i, pbe_plaintext, - sizeof(pbe_plaintext)))) + sizeof(pbe_plaintext)))) goto err; outlen = i; @@ -92,7 +169,7 @@ /* Decrypt */ if (!TEST_true(PKCS5_PBE_keyivgen(ctx, pbe_password, strlen(pbe_password), - algor->parameter, cipher, md, 0)) + algor->parameter, cipher, md, 0)) || !TEST_true(EVP_CipherUpdate(ctx, out, &i, exp, exp_len))) goto err; --- crypto/openssl/test/pem_read_depr_test.c.orig +++ crypto/openssl/test/pem_read_depr_test.c @@ -32,7 +32,7 @@ goto err; infile = BIO_new_file(paramsfile, "r"); - err: +err: OPENSSL_free(paramsfile); return infile; } @@ -53,7 +53,7 @@ testresult = 1; - err: +err: BIO_free(infile); DH_free(dh); return testresult; @@ -74,7 +74,7 @@ testresult = 1; - err: +err: BIO_free(infile); DH_free(dh); return testresult; @@ -97,7 +97,7 @@ testresult = 1; - err: +err: BIO_free(infile); DSA_free(dsa); return testresult; @@ -118,7 +118,7 @@ testresult = 1; - err: +err: BIO_free(infile); DSA_free(dsa); return testresult; @@ -139,7 +139,7 @@ testresult = 1; - err: +err: BIO_free(infile); DSA_free(dsa); return testresult; @@ -161,7 +161,7 @@ testresult = 1; - err: +err: BIO_free(infile); RSA_free(rsa); return testresult; @@ -182,7 +182,7 @@ testresult = 1; - err: +err: BIO_free(infile); RSA_free(rsa); return testresult; --- crypto/openssl/test/pemtest.c.orig +++ crypto/openssl/test/pemtest.c @@ -21,9 +21,9 @@ static TESTDATA b64_pem_data[] = { { "hello world", - "aGVsbG8gd29ybGQ=" }, + "aGVsbG8gd29ybGQ=" }, { "a very ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong input", - "YSB2ZXJ5IG9vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29uZyBpbnB1dA==" } + "YSB2ZXJ5IG9vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29uZyBpbnB1dA==" } }; static const char *pemtype = "PEMTESTDATA"; @@ -45,14 +45,14 @@ || !TEST_true(BIO_printf(b, "%s\n", encoded)) || !TEST_true(BIO_printf(b, "-----END %s-----\n", pemtype)) || !TEST_true(PEM_read_bio_ex(b, &name, &header, &data, &len, - PEM_FLAG_ONLY_B64))) + PEM_FLAG_ONLY_B64))) goto err; if (!TEST_int_eq(memcmp(pemtype, name, strlen(pemtype)), 0) || !TEST_int_eq(len, strlen(raw)) || !TEST_int_eq(memcmp(data, raw, strlen(raw)), 0)) goto err; ret = 1; - err: +err: BIO_free(b); OPENSSL_free(name); OPENSSL_free(header); @@ -74,7 +74,7 @@ || !TEST_true(BIO_printf(b, "-----END %s-----\n", pemtype)) /* Expected to fail due to non-base64 character */ || TEST_true(PEM_read_bio_ex(b, &name, &header, &data, &len, - PEM_FLAG_ONLY_B64))) { + PEM_FLAG_ONLY_B64))) { BIO_free(b); return 0; } @@ -99,10 +99,9 @@ static int test_empty_payload(void) { BIO *b; - static char *emptypay = - "-----BEGIN CERTIFICATE-----\n" - "-\n" /* Base64 EOF character */ - "-----END CERTIFICATE-----"; + static char *emptypay = "-----BEGIN CERTIFICATE-----\n" + "-\n" /* Base64 EOF character */ + "-----END CERTIFICATE-----"; char *name = NULL, *header = NULL; unsigned char *data = NULL; long len; @@ -117,7 +116,7 @@ goto err; ret = 1; - err: +err: OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(data); @@ -128,13 +127,12 @@ static int test_protected_params(void) { BIO *b; - static char *protectedpay = - "-----BEGIN RSA PRIVATE KEY-----\n" - "Proc-Type: 4,ENCRYPTED\n" - "DEK-Info: AES-256-CBC,4A44448ED28992710556549B35100CEA\n" - "\n" - "Xw3INxKeH+rUUF57mjATpvj6zknVhedwrlRmRvnwlLv5wqIy5Ae4UVLPh7SUswfC\n" - "-----END RSA PRIVATE KEY-----\n"; + static char *protectedpay = "-----BEGIN RSA PRIVATE KEY-----\n" + "Proc-Type: 4,ENCRYPTED\n" + "DEK-Info: AES-256-CBC,4A44448ED28992710556549B35100CEA\n" + "\n" + "Xw3INxKeH+rUUF57mjATpvj6zknVhedwrlRmRvnwlLv5wqIy5Ae4UVLPh7SUswfC\n" + "-----END RSA PRIVATE KEY-----\n"; EVP_PKEY *pkey = NULL; int ret = 0; @@ -148,7 +146,7 @@ goto err; ret = 1; - err: +err: EVP_PKEY_free(pkey); BIO_free(b); return ret; --- crypto/openssl/test/pkcs12_format_test.c.orig +++ crypto/openssl/test/pkcs12_format_test.c @@ -32,165 +32,2229 @@ * PKCS12 component test data */ -static const unsigned char CERT1[] = -{ - 0x30, 0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, - 0x8b, 0x4b, 0x5e, 0x6c, 0x03, 0x28, 0x4e, 0xe6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x0e, 0x50, 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x52, 0x6f, 0x6f, 0x74, - 0x2d, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x39, 0x33, 0x30, 0x30, 0x30, 0x34, 0x36, - 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x39, 0x32, 0x37, 0x30, 0x30, 0x34, 0x36, 0x35, - 0x36, 0x5a, 0x30, 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x10, 0x50, - 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2d, 0x31, 0x30, - 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xbc, 0xdc, 0x6f, 0x8c, - 0x7a, 0x2a, 0x4b, 0xea, 0x66, 0x66, 0x04, 0xa9, 0x05, 0x92, 0x53, 0xd7, 0x13, 0x3c, 0x49, 0xe1, - 0xc8, 0xbb, 0xdf, 0x3d, 0xcb, 0x88, 0x31, 0x07, 0x20, 0x59, 0x93, 0x24, 0x7f, 0x7d, 0xc6, 0x84, - 0x81, 0x16, 0x64, 0x4a, 0x52, 0xa6, 0x30, 0x44, 0xdc, 0x1a, 0x30, 0xde, 0xae, 0x29, 0x18, 0xcf, - 0xc7, 0xf3, 0xcf, 0x0c, 0xb7, 0x8e, 0x2b, 0x1e, 0x21, 0x01, 0x0b, 0xfb, 0xe5, 0xe6, 0xcf, 0x2b, - 0x84, 0xe1, 0x33, 0xf8, 0xba, 0x02, 0xfc, 0x30, 0xfa, 0xc4, 0x33, 0xc7, 0x37, 0xc6, 0x7f, 0x72, - 0x31, 0x92, 0x1d, 0x8f, 0xa0, 0xfb, 0xe5, 0x4a, 0x08, 0x31, 0x78, 0x80, 0x9c, 0x23, 0xb4, 0xe9, - 0x19, 0x56, 0x04, 0xfa, 0x0d, 0x07, 0x04, 0xb7, 0x43, 0xac, 0x4c, 0x49, 0x7c, 0xc2, 0xa1, 0x44, - 0xc1, 0x48, 0x7d, 0x28, 0xe5, 0x23, 0x66, 0x07, 0x22, 0xd5, 0xf0, 0xf1, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xdb, 0xbb, 0xb8, 0x92, 0x4e, 0x24, 0x0b, 0x1b, 0xbb, 0x78, 0x33, 0xf9, 0x01, 0x02, - 0x23, 0x0d, 0x96, 0x18, 0x30, 0x47, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, - 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x04, 0xf0, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x1c, 0x13, 0xdc, 0x02, 0xf1, 0x44, 0x36, 0x65, 0xa9, 0xbe, 0x30, 0x1c, 0x66, 0x14, 0x20, - 0x86, 0x5a, 0xa8, 0x69, 0x25, 0xf8, 0x1a, 0xb6, 0x9e, 0x5e, 0xe9, 0x89, 0xb8, 0x67, 0x70, 0x19, - 0x87, 0x60, 0xeb, 0x4b, 0x11, 0x71, 0x85, 0xf8, 0xe9, 0xa7, 0x3e, 0x20, 0x42, 0xec, 0x43, 0x25, - 0x01, 0x03, 0xe5, 0x4d, 0x83, 0x22, 0xf5, 0x8e, 0x3a, 0x1a, 0x1b, 0xd4, 0x1c, 0xda, 0x6b, 0x9d, - 0x10, 0x1b, 0xee, 0x67, 0x4e, 0x1f, 0x69, 0xab, 0xbc, 0xaa, 0x62, 0x8e, 0x9e, 0xc6, 0xee, 0xd6, - 0x09, 0xc0, 0xca, 0xe0, 0xaa, 0x9f, 0x07, 0xb2, 0xc2, 0xbb, 0x31, 0x96, 0xa2, 0x04, 0x62, 0xd3, - 0x13, 0x32, 0x29, 0x67, 0x6e, 0xad, 0x2e, 0x0b, 0xea, 0x04, 0x7c, 0x8c, 0x5a, 0x5d, 0xac, 0x14, - 0xaa, 0x61, 0x7f, 0x28, 0x6c, 0x2d, 0x64, 0x2d, 0xc3, 0xaf, 0x77, 0x52, 0x90, 0xb4, 0x37, 0xc0, - 0x30, +static const unsigned char CERT1[] = { + 0x30, + 0x82, + 0x01, + 0xed, + 0x30, + 0x82, + 0x01, + 0x56, + 0xa0, + 0x03, + 0x02, + 0x01, + 0x02, + 0x02, + 0x09, + 0x00, + 0x8b, + 0x4b, + 0x5e, + 0x6c, + 0x03, + 0x28, + 0x4e, + 0xe6, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x0b, + 0x05, + 0x00, + 0x30, + 0x19, + 0x31, + 0x17, + 0x30, + 0x15, + 0x06, + 0x03, + 0x55, + 0x04, + 0x03, + 0x0c, + 0x0e, + 0x50, + 0x31, + 0x32, + 0x54, + 0x65, + 0x73, + 0x74, + 0x2d, + 0x52, + 0x6f, + 0x6f, + 0x74, + 0x2d, + 0x41, + 0x30, + 0x1e, + 0x17, + 0x0d, + 0x31, + 0x39, + 0x30, + 0x39, + 0x33, + 0x30, + 0x30, + 0x30, + 0x34, + 0x36, + 0x35, + 0x36, + 0x5a, + 0x17, + 0x0d, + 0x32, + 0x39, + 0x30, + 0x39, + 0x32, + 0x37, + 0x30, + 0x30, + 0x34, + 0x36, + 0x35, + 0x36, + 0x5a, + 0x30, + 0x1b, + 0x31, + 0x19, + 0x30, + 0x17, + 0x06, + 0x03, + 0x55, + 0x04, + 0x03, + 0x0c, + 0x10, + 0x50, + 0x31, + 0x32, + 0x54, + 0x65, + 0x73, + 0x74, + 0x2d, + 0x53, + 0x65, + 0x72, + 0x76, + 0x65, + 0x72, + 0x2d, + 0x31, + 0x30, + 0x81, + 0x9f, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x01, + 0x05, + 0x00, + 0x03, + 0x81, + 0x8d, + 0x00, + 0x30, + 0x81, + 0x89, + 0x02, + 0x81, + 0x81, + 0x00, + 0xbc, + 0xdc, + 0x6f, + 0x8c, + 0x7a, + 0x2a, + 0x4b, + 0xea, + 0x66, + 0x66, + 0x04, + 0xa9, + 0x05, + 0x92, + 0x53, + 0xd7, + 0x13, + 0x3c, + 0x49, + 0xe1, + 0xc8, + 0xbb, + 0xdf, + 0x3d, + 0xcb, + 0x88, + 0x31, + 0x07, + 0x20, + 0x59, + 0x93, + 0x24, + 0x7f, + 0x7d, + 0xc6, + 0x84, + 0x81, + 0x16, + 0x64, + 0x4a, + 0x52, + 0xa6, + 0x30, + 0x44, + 0xdc, + 0x1a, + 0x30, + 0xde, + 0xae, + 0x29, + 0x18, + 0xcf, + 0xc7, + 0xf3, + 0xcf, + 0x0c, + 0xb7, + 0x8e, + 0x2b, + 0x1e, + 0x21, + 0x01, + 0x0b, + 0xfb, + 0xe5, + 0xe6, + 0xcf, + 0x2b, + 0x84, + 0xe1, + 0x33, + 0xf8, + 0xba, + 0x02, + 0xfc, + 0x30, + 0xfa, + 0xc4, + 0x33, + 0xc7, + 0x37, + 0xc6, + 0x7f, + 0x72, + 0x31, + 0x92, + 0x1d, + 0x8f, + 0xa0, + 0xfb, + 0xe5, + 0x4a, + 0x08, + 0x31, + 0x78, + 0x80, + 0x9c, + 0x23, + 0xb4, + 0xe9, + 0x19, + 0x56, + 0x04, + 0xfa, + 0x0d, + 0x07, + 0x04, + 0xb7, + 0x43, + 0xac, + 0x4c, + 0x49, + 0x7c, + 0xc2, + 0xa1, + 0x44, + 0xc1, + 0x48, + 0x7d, + 0x28, + 0xe5, + 0x23, + 0x66, + 0x07, + 0x22, + 0xd5, + 0xf0, + 0xf1, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0xa3, + 0x3b, + 0x30, + 0x39, + 0x30, + 0x1f, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x23, + 0x04, + 0x18, + 0x30, + 0x16, + 0x80, + 0x14, + 0xdb, + 0xbb, + 0xb8, + 0x92, + 0x4e, + 0x24, + 0x0b, + 0x1b, + 0xbb, + 0x78, + 0x33, + 0xf9, + 0x01, + 0x02, + 0x23, + 0x0d, + 0x96, + 0x18, + 0x30, + 0x47, + 0x30, + 0x09, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x13, + 0x04, + 0x02, + 0x30, + 0x00, + 0x30, + 0x0b, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x0f, + 0x04, + 0x04, + 0x03, + 0x02, + 0x04, + 0xf0, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x0b, + 0x05, + 0x00, + 0x03, + 0x81, + 0x81, + 0x00, + 0x1c, + 0x13, + 0xdc, + 0x02, + 0xf1, + 0x44, + 0x36, + 0x65, + 0xa9, + 0xbe, + 0x30, + 0x1c, + 0x66, + 0x14, + 0x20, + 0x86, + 0x5a, + 0xa8, + 0x69, + 0x25, + 0xf8, + 0x1a, + 0xb6, + 0x9e, + 0x5e, + 0xe9, + 0x89, + 0xb8, + 0x67, + 0x70, + 0x19, + 0x87, + 0x60, + 0xeb, + 0x4b, + 0x11, + 0x71, + 0x85, + 0xf8, + 0xe9, + 0xa7, + 0x3e, + 0x20, + 0x42, + 0xec, + 0x43, + 0x25, + 0x01, + 0x03, + 0xe5, + 0x4d, + 0x83, + 0x22, + 0xf5, + 0x8e, + 0x3a, + 0x1a, + 0x1b, + 0xd4, + 0x1c, + 0xda, + 0x6b, + 0x9d, + 0x10, + 0x1b, + 0xee, + 0x67, + 0x4e, + 0x1f, + 0x69, + 0xab, + 0xbc, + 0xaa, + 0x62, + 0x8e, + 0x9e, + 0xc6, + 0xee, + 0xd6, + 0x09, + 0xc0, + 0xca, + 0xe0, + 0xaa, + 0x9f, + 0x07, + 0xb2, + 0xc2, + 0xbb, + 0x31, + 0x96, + 0xa2, + 0x04, + 0x62, + 0xd3, + 0x13, + 0x32, + 0x29, + 0x67, + 0x6e, + 0xad, + 0x2e, + 0x0b, + 0xea, + 0x04, + 0x7c, + 0x8c, + 0x5a, + 0x5d, + 0xac, + 0x14, + 0xaa, + 0x61, + 0x7f, + 0x28, + 0x6c, + 0x2d, + 0x64, + 0x2d, + 0xc3, + 0xaf, + 0x77, + 0x52, + 0x90, + 0xb4, + 0x37, + 0xc0, + 0x30, }; -static const unsigned char CERT2[] = -{ - 0x30, 0x82, 0x01, 0xed, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, - 0x8b, 0x4b, 0x5e, 0x6c, 0x03, 0x28, 0x4e, 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x19, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x0e, 0x50, 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x52, 0x6f, 0x6f, 0x74, - 0x2d, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x39, 0x33, 0x30, 0x30, 0x30, 0x34, 0x36, - 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x39, 0x32, 0x37, 0x30, 0x30, 0x34, 0x36, 0x35, - 0x36, 0x5a, 0x30, 0x1b, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x10, 0x50, - 0x31, 0x32, 0x54, 0x65, 0x73, 0x74, 0x2d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2d, 0x31, 0x30, - 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa8, 0x6e, 0x40, 0x86, - 0x9f, 0x98, 0x59, 0xfb, 0x57, 0xbf, 0xc1, 0x55, 0x12, 0x38, 0xeb, 0xb3, 0x46, 0x34, 0xc9, 0x35, - 0x4d, 0xfd, 0x03, 0xe9, 0x3a, 0x88, 0x9e, 0x97, 0x8f, 0xf4, 0xec, 0x36, 0x7b, 0x3f, 0xba, 0xb8, - 0xa5, 0x96, 0x30, 0x03, 0xc5, 0xc6, 0xd9, 0xa8, 0x4e, 0xbc, 0x23, 0x51, 0xa1, 0x96, 0xd2, 0x03, - 0x98, 0x73, 0xb6, 0x17, 0x9c, 0x77, 0xd4, 0x95, 0x1e, 0x1b, 0xb3, 0x1b, 0xc8, 0x71, 0xd1, 0x2e, - 0x31, 0xc7, 0x6a, 0x75, 0x57, 0x08, 0x7f, 0xba, 0x70, 0x76, 0xf7, 0x67, 0xf4, 0x4e, 0xbe, 0xfc, - 0x70, 0x61, 0x41, 0x07, 0x2b, 0x7c, 0x3c, 0x3b, 0xb3, 0xbc, 0xd5, 0xa8, 0xbd, 0x28, 0xd8, 0x49, - 0xd3, 0xe1, 0x78, 0xc8, 0xc1, 0x42, 0x5e, 0x18, 0x36, 0xa8, 0x41, 0xf7, 0xc8, 0xaa, 0x35, 0xfe, - 0x2d, 0xd1, 0xb4, 0xcc, 0x00, 0x67, 0xae, 0x79, 0xd3, 0x28, 0xd5, 0x5b, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, - 0x80, 0x14, 0xdb, 0xbb, 0xb8, 0x92, 0x4e, 0x24, 0x0b, 0x1b, 0xbb, 0x78, 0x33, 0xf9, 0x01, 0x02, - 0x23, 0x0d, 0x96, 0x18, 0x30, 0x47, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, - 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x04, 0xf0, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x3b, 0xa6, 0x73, 0xbe, 0xe0, 0x28, 0xed, 0x1f, 0x29, 0x78, 0x4c, 0xc0, 0x1f, 0xe9, 0x85, - 0xc6, 0x8f, 0xe3, 0x87, 0x7c, 0xd9, 0xe7, 0x0a, 0x37, 0xe8, 0xaa, 0xb5, 0xd2, 0x7f, 0xf8, 0x90, - 0x20, 0x80, 0x35, 0xa7, 0x79, 0x2b, 0x04, 0xa7, 0xbf, 0xe6, 0x7b, 0x58, 0xcb, 0xec, 0x0e, 0x58, - 0xef, 0x2a, 0x70, 0x8a, 0x56, 0x8a, 0xcf, 0x6b, 0x7a, 0x74, 0x0c, 0xf4, 0x15, 0x37, 0x93, 0xcd, - 0xe6, 0xb2, 0xa1, 0x83, 0x09, 0xdb, 0x9e, 0x4f, 0xff, 0x6a, 0x17, 0x4f, 0x33, 0xc9, 0xcc, 0x90, - 0x2a, 0x67, 0xff, 0x16, 0x78, 0xa8, 0x2c, 0x10, 0xe0, 0x52, 0x8c, 0xe6, 0xe9, 0x90, 0x8d, 0xe0, - 0x62, 0x04, 0x9a, 0x0f, 0x44, 0x01, 0x82, 0x14, 0x92, 0x44, 0x25, 0x69, 0x22, 0xb7, 0xb8, 0xc5, - 0x94, 0x4c, 0x4b, 0x1c, 0x9b, 0x92, 0x60, 0x66, 0x90, 0x4e, 0xb9, 0xa8, 0x4c, 0x89, 0xbb, 0x0f, - 0x0b, +static const unsigned char CERT2[] = { + 0x30, + 0x82, + 0x01, + 0xed, + 0x30, + 0x82, + 0x01, + 0x56, + 0xa0, + 0x03, + 0x02, + 0x01, + 0x02, + 0x02, + 0x09, + 0x00, + 0x8b, + 0x4b, + 0x5e, + 0x6c, + 0x03, + 0x28, + 0x4e, + 0xe7, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x0b, + 0x05, + 0x00, + 0x30, + 0x19, + 0x31, + 0x17, + 0x30, + 0x15, + 0x06, + 0x03, + 0x55, + 0x04, + 0x03, + 0x0c, + 0x0e, + 0x50, + 0x31, + 0x32, + 0x54, + 0x65, + 0x73, + 0x74, + 0x2d, + 0x52, + 0x6f, + 0x6f, + 0x74, + 0x2d, + 0x41, + 0x30, + 0x1e, + 0x17, + 0x0d, + 0x31, + 0x39, + 0x30, + 0x39, + 0x33, + 0x30, + 0x30, + 0x30, + 0x34, + 0x36, + 0x35, + 0x36, + 0x5a, + 0x17, + 0x0d, + 0x32, + 0x39, + 0x30, + 0x39, + 0x32, + 0x37, + 0x30, + 0x30, + 0x34, + 0x36, + 0x35, + 0x36, + 0x5a, + 0x30, + 0x1b, + 0x31, + 0x19, + 0x30, + 0x17, + 0x06, + 0x03, + 0x55, + 0x04, + 0x03, + 0x0c, + 0x10, + 0x50, + 0x31, + 0x32, + 0x54, + 0x65, + 0x73, + 0x74, + 0x2d, + 0x43, + 0x6c, + 0x69, + 0x65, + 0x6e, + 0x74, + 0x2d, + 0x31, + 0x30, + 0x81, + 0x9f, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x01, + 0x05, + 0x00, + 0x03, + 0x81, + 0x8d, + 0x00, + 0x30, + 0x81, + 0x89, + 0x02, + 0x81, + 0x81, + 0x00, + 0xa8, + 0x6e, + 0x40, + 0x86, + 0x9f, + 0x98, + 0x59, + 0xfb, + 0x57, + 0xbf, + 0xc1, + 0x55, + 0x12, + 0x38, + 0xeb, + 0xb3, + 0x46, + 0x34, + 0xc9, + 0x35, + 0x4d, + 0xfd, + 0x03, + 0xe9, + 0x3a, + 0x88, + 0x9e, + 0x97, + 0x8f, + 0xf4, + 0xec, + 0x36, + 0x7b, + 0x3f, + 0xba, + 0xb8, + 0xa5, + 0x96, + 0x30, + 0x03, + 0xc5, + 0xc6, + 0xd9, + 0xa8, + 0x4e, + 0xbc, + 0x23, + 0x51, + 0xa1, + 0x96, + 0xd2, + 0x03, + 0x98, + 0x73, + 0xb6, + 0x17, + 0x9c, + 0x77, + 0xd4, + 0x95, + 0x1e, + 0x1b, + 0xb3, + 0x1b, + 0xc8, + 0x71, + 0xd1, + 0x2e, + 0x31, + 0xc7, + 0x6a, + 0x75, + 0x57, + 0x08, + 0x7f, + 0xba, + 0x70, + 0x76, + 0xf7, + 0x67, + 0xf4, + 0x4e, + 0xbe, + 0xfc, + 0x70, + 0x61, + 0x41, + 0x07, + 0x2b, + 0x7c, + 0x3c, + 0x3b, + 0xb3, + 0xbc, + 0xd5, + 0xa8, + 0xbd, + 0x28, + 0xd8, + 0x49, + 0xd3, + 0xe1, + 0x78, + 0xc8, + 0xc1, + 0x42, + 0x5e, + 0x18, + 0x36, + 0xa8, + 0x41, + 0xf7, + 0xc8, + 0xaa, + 0x35, + 0xfe, + 0x2d, + 0xd1, + 0xb4, + 0xcc, + 0x00, + 0x67, + 0xae, + 0x79, + 0xd3, + 0x28, + 0xd5, + 0x5b, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0xa3, + 0x3b, + 0x30, + 0x39, + 0x30, + 0x1f, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x23, + 0x04, + 0x18, + 0x30, + 0x16, + 0x80, + 0x14, + 0xdb, + 0xbb, + 0xb8, + 0x92, + 0x4e, + 0x24, + 0x0b, + 0x1b, + 0xbb, + 0x78, + 0x33, + 0xf9, + 0x01, + 0x02, + 0x23, + 0x0d, + 0x96, + 0x18, + 0x30, + 0x47, + 0x30, + 0x09, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x13, + 0x04, + 0x02, + 0x30, + 0x00, + 0x30, + 0x0b, + 0x06, + 0x03, + 0x55, + 0x1d, + 0x0f, + 0x04, + 0x04, + 0x03, + 0x02, + 0x04, + 0xf0, + 0x30, + 0x0d, + 0x06, + 0x09, + 0x2a, + 0x86, + 0x48, + 0x86, + 0xf7, + 0x0d, + 0x01, + 0x01, + 0x0b, + 0x05, + 0x00, + 0x03, + 0x81, + 0x81, + 0x00, + 0x3b, + 0xa6, + 0x73, + 0xbe, + 0xe0, + 0x28, + 0xed, + 0x1f, + 0x29, + 0x78, + 0x4c, + 0xc0, + 0x1f, + 0xe9, + 0x85, + 0xc6, + 0x8f, + 0xe3, + 0x87, + 0x7c, + 0xd9, + 0xe7, + 0x0a, + 0x37, + 0xe8, + 0xaa, + 0xb5, + 0xd2, + 0x7f, + 0xf8, + 0x90, + 0x20, + 0x80, + 0x35, + 0xa7, + 0x79, + 0x2b, + 0x04, + 0xa7, + 0xbf, + 0xe6, + 0x7b, + 0x58, + 0xcb, + 0xec, + 0x0e, + 0x58, + 0xef, + 0x2a, + 0x70, + 0x8a, + 0x56, + 0x8a, + 0xcf, + 0x6b, + 0x7a, + 0x74, + 0x0c, + 0xf4, + 0x15, + 0x37, + 0x93, + 0xcd, + 0xe6, + 0xb2, + 0xa1, + 0x83, + 0x09, + 0xdb, + 0x9e, + 0x4f, + 0xff, + 0x6a, + 0x17, + 0x4f, + 0x33, + 0xc9, + 0xcc, + 0x90, + 0x2a, + 0x67, + 0xff, + 0x16, + 0x78, + 0xa8, + 0x2c, + 0x10, + 0xe0, + 0x52, + 0x8c, + 0xe6, + 0xe9, + 0x90, + 0x8d, + 0xe0, + 0x62, + 0x04, + 0x9a, + 0x0f, + 0x44, + 0x01, + 0x82, + 0x14, + 0x92, + 0x44, + 0x25, + 0x69, + 0x22, + 0xb7, + 0xb8, + 0xc5, + 0x94, + 0x4c, + 0x4b, + 0x1c, + 0x9b, + 0x92, + 0x60, + 0x66, + 0x90, + 0x4e, + 0xb9, + 0xa8, + 0x4c, + 0x89, + 0xbb, + 0x0f, + 0x0b, }; -static const unsigned char KEY1[] = -{ - 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbc, 0xdc, 0x6f, 0x8c, 0x7a, - 0x2a, 0x4b, 0xea, 0x66, 0x66, 0x04, 0xa9, 0x05, 0x92, 0x53, 0xd7, 0x13, 0x3c, 0x49, 0xe1, 0xc8, - 0xbb, 0xdf, 0x3d, 0xcb, 0x88, 0x31, 0x07, 0x20, 0x59, 0x93, 0x24, 0x7f, 0x7d, 0xc6, 0x84, 0x81, - 0x16, 0x64, 0x4a, 0x52, 0xa6, 0x30, 0x44, 0xdc, 0x1a, 0x30, 0xde, 0xae, 0x29, 0x18, 0xcf, 0xc7, - 0xf3, 0xcf, 0x0c, 0xb7, 0x8e, 0x2b, 0x1e, 0x21, 0x01, 0x0b, 0xfb, 0xe5, 0xe6, 0xcf, 0x2b, 0x84, - 0xe1, 0x33, 0xf8, 0xba, 0x02, 0xfc, 0x30, 0xfa, 0xc4, 0x33, 0xc7, 0x37, 0xc6, 0x7f, 0x72, 0x31, - 0x92, 0x1d, 0x8f, 0xa0, 0xfb, 0xe5, 0x4a, 0x08, 0x31, 0x78, 0x80, 0x9c, 0x23, 0xb4, 0xe9, 0x19, - 0x56, 0x04, 0xfa, 0x0d, 0x07, 0x04, 0xb7, 0x43, 0xac, 0x4c, 0x49, 0x7c, 0xc2, 0xa1, 0x44, 0xc1, - 0x48, 0x7d, 0x28, 0xe5, 0x23, 0x66, 0x07, 0x22, 0xd5, 0xf0, 0xf1, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6d, 0xf9, 0x8f, 0xf5, 0x5a, 0xa3, 0x50, 0xd9, 0x0d, 0x37, 0xbb, - 0xce, 0x13, 0x94, 0xb8, 0xea, 0x32, 0x7f, 0x0c, 0xf5, 0x46, 0x0b, 0x90, 0x17, 0x7e, 0x5e, 0x63, - 0xbd, 0xa4, 0x78, 0xcd, 0x19, 0x97, 0xd4, 0x92, 0x30, 0x78, 0xaa, 0xb4, 0xa7, 0x9c, 0xc6, 0xdf, - 0x2a, 0x65, 0x0e, 0xb5, 0x9f, 0x9c, 0x84, 0x0d, 0x4d, 0x3a, 0x74, 0xfc, 0xd0, 0xb4, 0x09, 0x74, - 0xc4, 0xb8, 0x24, 0x03, 0xa8, 0xf0, 0xf8, 0x0d, 0x5c, 0x8e, 0xdf, 0x4b, 0xe1, 0x0a, 0x8f, 0x4f, - 0xd5, 0xc7, 0x9b, 0x54, 0x55, 0x8f, 0x00, 0x5c, 0xea, 0x4c, 0x73, 0xf9, 0x1b, 0xbf, 0xb8, 0x93, - 0x33, 0x20, 0xce, 0x45, 0xd9, 0x03, 0x02, 0xb2, 0x36, 0xc5, 0x0a, 0x30, 0x50, 0x78, 0x80, 0x66, - 0x00, 0x22, 0x38, 0x86, 0xcf, 0x63, 0x4a, 0x5c, 0xbf, 0x2b, 0xd9, 0x6e, 0xe6, 0xf0, 0x39, 0xad, - 0x12, 0x25, 0x41, 0xb9, 0x02, 0x41, 0x00, 0xf3, 0x7c, 0x07, 0x99, 0x64, 0x3a, 0x28, 0x8c, 0x8d, - 0x05, 0xfe, 0x32, 0xb5, 0x4c, 0x8c, 0x6d, 0xde, 0x3d, 0x16, 0x08, 0xa0, 0x01, 0x61, 0x4f, 0x8e, - 0xa0, 0xf7, 0x26, 0x26, 0xb5, 0x8e, 0xc0, 0x7a, 0xce, 0x86, 0x34, 0xde, 0xb8, 0xef, 0x86, 0x01, - 0xbe, 0x24, 0xaa, 0x9b, 0x36, 0x93, 0x72, 0x9b, 0xf9, 0xc6, 0xcb, 0x76, 0x84, 0x67, 0x06, 0x06, - 0x30, 0x50, 0xdf, 0x42, 0x17, 0xe0, 0xa7, 0x02, 0x41, 0x00, 0xc6, 0x91, 0xa0, 0x41, 0x34, 0x11, - 0x67, 0x4b, 0x08, 0x0f, 0xda, 0xa7, 0x99, 0xec, 0x58, 0x11, 0xa5, 0x82, 0xdb, 0x50, 0xfe, 0x77, - 0xe2, 0xd1, 0x53, 0x9c, 0x7d, 0xe8, 0xbf, 0xe7, 0x7c, 0xa9, 0x01, 0xb1, 0x87, 0xc3, 0x52, 0x79, - 0x9e, 0x2c, 0xa7, 0x6f, 0x02, 0x37, 0x32, 0xef, 0x24, 0x31, 0x21, 0x0b, 0x86, 0x05, 0x32, 0x4a, - 0x2e, 0x0b, 0x65, 0x05, 0xd3, 0xd6, 0x30, 0xb2, 0xfc, 0xa7, 0x02, 0x41, 0x00, 0xc2, 0xed, 0x31, - 0xdc, 0x40, 0x9c, 0x3a, 0xe8, 0x42, 0xe2, 0x60, 0x5e, 0x52, 0x3c, 0xc5, 0x54, 0x14, 0x0e, 0x8d, - 0x7c, 0x3c, 0x34, 0xbe, 0xa6, 0x05, 0x86, 0xa2, 0x36, 0x5d, 0xd9, 0x0e, 0x3e, 0xd4, 0x52, 0x50, - 0xa9, 0x35, 0x01, 0x93, 0x68, 0x92, 0x2e, 0x9a, 0x86, 0x27, 0x1a, 0xab, 0x32, 0x9e, 0xe2, 0x79, - 0x9f, 0x5b, 0xf3, 0xa5, 0xd2, 0xf1, 0xd3, 0x6e, 0x7b, 0x3e, 0x1b, 0x85, 0x93, 0x02, 0x40, 0x68, - 0xb8, 0xb6, 0x7e, 0x8c, 0xba, 0x3c, 0xf2, 0x8a, 0x2e, 0xea, 0x4f, 0x07, 0xd3, 0x68, 0x62, 0xee, - 0x1a, 0x04, 0x16, 0x44, 0x0d, 0xef, 0xf6, 0x1b, 0x95, 0x65, 0xa5, 0xd1, 0x47, 0x81, 0x2c, 0x14, - 0xb3, 0x8e, 0xf9, 0x08, 0xcf, 0x11, 0x07, 0x55, 0xca, 0x2a, 0xad, 0xf7, 0xd3, 0xbd, 0x0f, 0x97, - 0xf0, 0xde, 0xde, 0x70, 0xb6, 0x44, 0x70, 0x47, 0xf7, 0xf9, 0xcf, 0x75, 0x61, 0x7f, 0xf3, 0x02, - 0x40, 0x38, 0x4a, 0x67, 0xaf, 0xae, 0xb6, 0xb2, 0x6a, 0x00, 0x25, 0x5a, 0xa4, 0x65, 0x20, 0xb1, - 0x13, 0xbd, 0x83, 0xff, 0xb4, 0xbc, 0xf4, 0xdd, 0xa1, 0xbb, 0x1c, 0x96, 0x37, 0x35, 0xf4, 0xbf, - 0xed, 0x4c, 0xed, 0x92, 0xe8, 0xac, 0xc9, 0xc1, 0xa5, 0xa3, 0x23, 0x66, 0x40, 0x8a, 0xa1, 0xe6, - 0xe3, 0x95, 0xfe, 0xc4, 0x53, 0xf5, 0x7d, 0x6e, 0xca, 0x45, 0x42, 0xe4, 0xc2, 0x9f, 0xe5, 0x1e, - 0xb5, +static const unsigned char KEY1[] = { + 0x30, + 0x82, + 0x02, + 0x5d, + 0x02, + 0x01, + 0x00, + 0x02, + 0x81, + 0x81, + 0x00, + 0xbc, + 0xdc, + 0x6f, + 0x8c, + 0x7a, + 0x2a, + 0x4b, + 0xea, + 0x66, + 0x66, + 0x04, + 0xa9, + 0x05, + 0x92, + 0x53, + 0xd7, + 0x13, + 0x3c, + 0x49, + 0xe1, + 0xc8, + 0xbb, + 0xdf, + 0x3d, + 0xcb, + 0x88, + 0x31, + 0x07, + 0x20, + 0x59, + 0x93, + 0x24, + 0x7f, + 0x7d, + 0xc6, + 0x84, + 0x81, + 0x16, + 0x64, + 0x4a, + 0x52, + 0xa6, + 0x30, + 0x44, + 0xdc, + 0x1a, + 0x30, + 0xde, + 0xae, + 0x29, + 0x18, + 0xcf, + 0xc7, + 0xf3, + 0xcf, + 0x0c, + 0xb7, + 0x8e, + 0x2b, + 0x1e, + 0x21, + 0x01, + 0x0b, + 0xfb, + 0xe5, + 0xe6, + 0xcf, + 0x2b, + 0x84, + 0xe1, + 0x33, + 0xf8, + 0xba, + 0x02, + 0xfc, + 0x30, + 0xfa, + 0xc4, + 0x33, + 0xc7, + 0x37, + 0xc6, + 0x7f, + 0x72, + 0x31, + 0x92, + 0x1d, + 0x8f, + 0xa0, + 0xfb, + 0xe5, + 0x4a, + 0x08, + 0x31, + 0x78, + 0x80, + 0x9c, + 0x23, + 0xb4, + 0xe9, + 0x19, + 0x56, + 0x04, + 0xfa, + 0x0d, + 0x07, + 0x04, + 0xb7, + 0x43, + 0xac, + 0x4c, + 0x49, + 0x7c, + 0xc2, + 0xa1, + 0x44, + 0xc1, + 0x48, + 0x7d, + 0x28, + 0xe5, + 0x23, + 0x66, + 0x07, + 0x22, + 0xd5, + 0xf0, + 0xf1, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x81, + 0x81, + 0x00, + 0xa5, + 0x6d, + 0xf9, + 0x8f, + 0xf5, + 0x5a, + 0xa3, + 0x50, + 0xd9, + 0x0d, + 0x37, + 0xbb, + 0xce, + 0x13, + 0x94, + 0xb8, + 0xea, + 0x32, + 0x7f, + 0x0c, + 0xf5, + 0x46, + 0x0b, + 0x90, + 0x17, + 0x7e, + 0x5e, + 0x63, + 0xbd, + 0xa4, + 0x78, + 0xcd, + 0x19, + 0x97, + 0xd4, + 0x92, + 0x30, + 0x78, + 0xaa, + 0xb4, + 0xa7, + 0x9c, + 0xc6, + 0xdf, + 0x2a, + 0x65, + 0x0e, + 0xb5, + 0x9f, + 0x9c, + 0x84, + 0x0d, + 0x4d, + 0x3a, + 0x74, + 0xfc, + 0xd0, + 0xb4, + 0x09, + 0x74, + 0xc4, + 0xb8, + 0x24, + 0x03, + 0xa8, + 0xf0, + 0xf8, + 0x0d, + 0x5c, + 0x8e, + 0xdf, + 0x4b, + 0xe1, + 0x0a, + 0x8f, + 0x4f, + 0xd5, + 0xc7, + 0x9b, + 0x54, + 0x55, + 0x8f, + 0x00, + 0x5c, + 0xea, + 0x4c, + 0x73, + 0xf9, + 0x1b, + 0xbf, + 0xb8, + 0x93, + 0x33, + 0x20, + 0xce, + 0x45, + 0xd9, + 0x03, + 0x02, + 0xb2, + 0x36, + 0xc5, + 0x0a, + 0x30, + 0x50, + 0x78, + 0x80, + 0x66, + 0x00, + 0x22, + 0x38, + 0x86, + 0xcf, + 0x63, + 0x4a, + 0x5c, + 0xbf, + 0x2b, + 0xd9, + 0x6e, + 0xe6, + 0xf0, + 0x39, + 0xad, + 0x12, + 0x25, + 0x41, + 0xb9, + 0x02, + 0x41, + 0x00, + 0xf3, + 0x7c, + 0x07, + 0x99, + 0x64, + 0x3a, + 0x28, + 0x8c, + 0x8d, + 0x05, + 0xfe, + 0x32, + 0xb5, + 0x4c, + 0x8c, + 0x6d, + 0xde, + 0x3d, + 0x16, + 0x08, + 0xa0, + 0x01, + 0x61, + 0x4f, + 0x8e, + 0xa0, + 0xf7, + 0x26, + 0x26, + 0xb5, + 0x8e, + 0xc0, + 0x7a, + 0xce, + 0x86, + 0x34, + 0xde, + 0xb8, + 0xef, + 0x86, + 0x01, + 0xbe, + 0x24, + 0xaa, + 0x9b, + 0x36, + 0x93, + 0x72, + 0x9b, + 0xf9, + 0xc6, + 0xcb, + 0x76, + 0x84, + 0x67, + 0x06, + 0x06, + 0x30, + 0x50, + 0xdf, + 0x42, + 0x17, + 0xe0, + 0xa7, + 0x02, + 0x41, + 0x00, + 0xc6, + 0x91, + 0xa0, + 0x41, + 0x34, + 0x11, + 0x67, + 0x4b, + 0x08, + 0x0f, + 0xda, + 0xa7, + 0x99, + 0xec, + 0x58, + 0x11, + 0xa5, + 0x82, + 0xdb, + 0x50, + 0xfe, + 0x77, + 0xe2, + 0xd1, + 0x53, + 0x9c, + 0x7d, + 0xe8, + 0xbf, + 0xe7, + 0x7c, + 0xa9, + 0x01, + 0xb1, + 0x87, + 0xc3, + 0x52, + 0x79, + 0x9e, + 0x2c, + 0xa7, + 0x6f, + 0x02, + 0x37, + 0x32, + 0xef, + 0x24, + 0x31, + 0x21, + 0x0b, + 0x86, + 0x05, + 0x32, + 0x4a, + 0x2e, + 0x0b, + 0x65, + 0x05, + 0xd3, + 0xd6, + 0x30, + 0xb2, + 0xfc, + 0xa7, + 0x02, + 0x41, + 0x00, + 0xc2, + 0xed, + 0x31, + 0xdc, + 0x40, + 0x9c, + 0x3a, + 0xe8, + 0x42, + 0xe2, + 0x60, + 0x5e, + 0x52, + 0x3c, + 0xc5, + 0x54, + 0x14, + 0x0e, + 0x8d, + 0x7c, + 0x3c, + 0x34, + 0xbe, + 0xa6, + 0x05, + 0x86, + 0xa2, + 0x36, + 0x5d, + 0xd9, + 0x0e, + 0x3e, + 0xd4, + 0x52, + 0x50, + 0xa9, + 0x35, + 0x01, + 0x93, + 0x68, + 0x92, + 0x2e, + 0x9a, + 0x86, + 0x27, + 0x1a, + 0xab, + 0x32, + 0x9e, + 0xe2, + 0x79, + 0x9f, + 0x5b, + 0xf3, + 0xa5, + 0xd2, + 0xf1, + 0xd3, + 0x6e, + 0x7b, + 0x3e, + 0x1b, + 0x85, + 0x93, + 0x02, + 0x40, + 0x68, + 0xb8, + 0xb6, + 0x7e, + 0x8c, + 0xba, + 0x3c, + 0xf2, + 0x8a, + 0x2e, + 0xea, + 0x4f, + 0x07, + 0xd3, + 0x68, + 0x62, + 0xee, + 0x1a, + 0x04, + 0x16, + 0x44, + 0x0d, + 0xef, + 0xf6, + 0x1b, + 0x95, + 0x65, + 0xa5, + 0xd1, + 0x47, + 0x81, + 0x2c, + 0x14, + 0xb3, + 0x8e, + 0xf9, + 0x08, + 0xcf, + 0x11, + 0x07, + 0x55, + 0xca, + 0x2a, + 0xad, + 0xf7, + 0xd3, + 0xbd, + 0x0f, + 0x97, + 0xf0, + 0xde, + 0xde, + 0x70, + 0xb6, + 0x44, + 0x70, + 0x47, + 0xf7, + 0xf9, + 0xcf, + 0x75, + 0x61, + 0x7f, + 0xf3, + 0x02, + 0x40, + 0x38, + 0x4a, + 0x67, + 0xaf, + 0xae, + 0xb6, + 0xb2, + 0x6a, + 0x00, + 0x25, + 0x5a, + 0xa4, + 0x65, + 0x20, + 0xb1, + 0x13, + 0xbd, + 0x83, + 0xff, + 0xb4, + 0xbc, + 0xf4, + 0xdd, + 0xa1, + 0xbb, + 0x1c, + 0x96, + 0x37, + 0x35, + 0xf4, + 0xbf, + 0xed, + 0x4c, + 0xed, + 0x92, + 0xe8, + 0xac, + 0xc9, + 0xc1, + 0xa5, + 0xa3, + 0x23, + 0x66, + 0x40, + 0x8a, + 0xa1, + 0xe6, + 0xe3, + 0x95, + 0xfe, + 0xc4, + 0x53, + 0xf5, + 0x7d, + 0x6e, + 0xca, + 0x45, + 0x42, + 0xe4, + 0xc2, + 0x9f, + 0xe5, + 0x1e, + 0xb5, }; - -static const unsigned char KEY2[] = -{ - 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xa8, 0x6e, 0x40, 0x86, 0x9f, - 0x98, 0x59, 0xfb, 0x57, 0xbf, 0xc1, 0x55, 0x12, 0x38, 0xeb, 0xb3, 0x46, 0x34, 0xc9, 0x35, 0x4d, - 0xfd, 0x03, 0xe9, 0x3a, 0x88, 0x9e, 0x97, 0x8f, 0xf4, 0xec, 0x36, 0x7b, 0x3f, 0xba, 0xb8, 0xa5, - 0x96, 0x30, 0x03, 0xc5, 0xc6, 0xd9, 0xa8, 0x4e, 0xbc, 0x23, 0x51, 0xa1, 0x96, 0xd2, 0x03, 0x98, - 0x73, 0xb6, 0x17, 0x9c, 0x77, 0xd4, 0x95, 0x1e, 0x1b, 0xb3, 0x1b, 0xc8, 0x71, 0xd1, 0x2e, 0x31, - 0xc7, 0x6a, 0x75, 0x57, 0x08, 0x7f, 0xba, 0x70, 0x76, 0xf7, 0x67, 0xf4, 0x4e, 0xbe, 0xfc, 0x70, - 0x61, 0x41, 0x07, 0x2b, 0x7c, 0x3c, 0x3b, 0xb3, 0xbc, 0xd5, 0xa8, 0xbd, 0x28, 0xd8, 0x49, 0xd3, - 0xe1, 0x78, 0xc8, 0xc1, 0x42, 0x5e, 0x18, 0x36, 0xa8, 0x41, 0xf7, 0xc8, 0xaa, 0x35, 0xfe, 0x2d, - 0xd1, 0xb4, 0xcc, 0x00, 0x67, 0xae, 0x79, 0xd3, 0x28, 0xd5, 0x5b, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x00, 0xa6, 0x00, 0x83, 0xf8, 0x2b, 0x33, 0xac, 0xfb, 0xdb, 0xf0, 0x52, 0x4b, - 0xd6, 0x39, 0xe3, 0x94, 0x3d, 0x8d, 0xa9, 0x01, 0xb0, 0x6b, 0xbe, 0x7f, 0x10, 0x01, 0xb6, 0xcd, - 0x0a, 0x45, 0x0a, 0xca, 0x67, 0x8e, 0xd8, 0x29, 0x44, 0x8a, 0x51, 0xa8, 0x66, 0x35, 0x26, 0x30, - 0x8b, 0xe9, 0x41, 0xa6, 0x22, 0xec, 0xd2, 0xf0, 0x58, 0x41, 0x33, 0x26, 0xf2, 0x3f, 0xe8, 0x75, - 0x4f, 0xc7, 0x5d, 0x2e, 0x5a, 0xa8, 0x7a, 0xd2, 0xbf, 0x59, 0xa0, 0x86, 0x79, 0x0b, 0x92, 0x6c, - 0x95, 0x5d, 0x87, 0x63, 0x5c, 0xd6, 0x1a, 0xc0, 0xf6, 0x7a, 0x15, 0x8d, 0xc7, 0x3c, 0xb6, 0x9e, - 0xa6, 0x58, 0x46, 0x9b, 0xbf, 0x3e, 0x28, 0x8c, 0xdf, 0x1a, 0x87, 0xaa, 0x7e, 0xf5, 0xf2, 0xcb, - 0x5e, 0x84, 0x2d, 0xf6, 0x82, 0x7e, 0x89, 0x4e, 0xf5, 0xe6, 0x3c, 0x92, 0x80, 0x1e, 0x98, 0x1c, - 0x6a, 0x7b, 0x57, 0x01, 0x02, 0x41, 0x00, 0xdd, 0x60, 0x95, 0xd7, 0xa1, 0x9d, 0x0c, 0xa1, 0x84, - 0xc5, 0x39, 0xca, 0x67, 0x4c, 0x1c, 0x06, 0x71, 0x5b, 0x5c, 0x2d, 0x8d, 0xce, 0xcd, 0xe2, 0x79, - 0xc8, 0x33, 0xbe, 0x50, 0x37, 0x60, 0x9f, 0x3b, 0xb9, 0x59, 0x55, 0x22, 0x1f, 0xa5, 0x4b, 0x1d, - 0xca, 0x38, 0xa0, 0xab, 0x87, 0x9c, 0x86, 0x0e, 0xdb, 0x1c, 0x4f, 0x4f, 0x07, 0xed, 0x18, 0x3f, - 0x05, 0x3c, 0xec, 0x78, 0x11, 0xf6, 0x99, 0x02, 0x41, 0x00, 0xc2, 0xc5, 0xcf, 0xbe, 0x95, 0x91, - 0xeb, 0xcf, 0x47, 0xf3, 0x33, 0x32, 0xc7, 0x7e, 0x93, 0x56, 0xf7, 0xd8, 0xf9, 0xd4, 0xb6, 0xd6, - 0x20, 0xac, 0xba, 0x8a, 0x20, 0x19, 0x14, 0xab, 0xc5, 0x5d, 0xb2, 0x08, 0xcc, 0x77, 0x7c, 0x65, - 0xa8, 0xdb, 0x66, 0x97, 0x36, 0x44, 0x2c, 0x63, 0xc0, 0x6a, 0x7e, 0xb0, 0x0b, 0x5c, 0x90, 0x12, - 0x50, 0xb4, 0x36, 0x60, 0xc3, 0x1f, 0x22, 0x0c, 0xc8, 0x13, 0x02, 0x40, 0x33, 0xc8, 0x7e, 0x04, - 0x7c, 0x97, 0x61, 0xf6, 0xfe, 0x39, 0xac, 0x34, 0xfe, 0x48, 0xbd, 0x5d, 0x7c, 0x72, 0xa4, 0x73, - 0x3b, 0x72, 0x9e, 0x92, 0x55, 0x6e, 0x51, 0x3c, 0x39, 0x43, 0x5a, 0xe4, 0xa4, 0x71, 0xcc, 0xc5, - 0xaf, 0x3f, 0xbb, 0xc8, 0x80, 0x65, 0x67, 0x2d, 0x9e, 0x32, 0x10, 0x99, 0x03, 0x2c, 0x99, 0xc8, - 0xab, 0x71, 0xed, 0x31, 0xf8, 0xbb, 0xde, 0xee, 0x69, 0x7f, 0xba, 0x31, 0x02, 0x40, 0x7e, 0xbc, - 0x60, 0x55, 0x4e, 0xd5, 0xc8, 0x6e, 0xf4, 0x0e, 0x57, 0xbe, 0x2e, 0xf9, 0x39, 0xbe, 0x59, 0x3f, - 0xa2, 0x30, 0xbb, 0x57, 0xd1, 0xa3, 0x13, 0x2e, 0x55, 0x7c, 0x7c, 0x6a, 0xd8, 0xde, 0x02, 0xbe, - 0x9e, 0xed, 0x10, 0xd0, 0xc5, 0x73, 0x1d, 0xea, 0x3e, 0xb1, 0x55, 0x81, 0x02, 0xef, 0x48, 0xc8, - 0x1c, 0x5c, 0x7a, 0x92, 0xb0, 0x58, 0xd3, 0x19, 0x5b, 0x5d, 0xa2, 0xb6, 0x56, 0x69, 0x02, 0x40, - 0x1e, 0x00, 0x6a, 0x9f, 0xba, 0xee, 0x46, 0x5a, 0xc5, 0xb5, 0x9f, 0x91, 0x33, 0xdd, 0xc9, 0x96, - 0x75, 0xb7, 0x87, 0xcf, 0x18, 0x1c, 0xb7, 0xb9, 0x3f, 0x04, 0x10, 0xb8, 0x75, 0xa9, 0xb8, 0xa0, - 0x31, 0x35, 0x03, 0x30, 0x89, 0xc8, 0x37, 0x68, 0x20, 0x30, 0x99, 0x39, 0x96, 0xd6, 0x2b, 0x3d, - 0x5e, 0x45, 0x84, 0xf7, 0xd2, 0x61, 0x50, 0xc9, 0x50, 0xba, 0x8d, 0x08, 0xaa, 0xd0, 0x08, 0x1e, +static const unsigned char KEY2[] = { + 0x30, + 0x82, + 0x02, + 0x5c, + 0x02, + 0x01, + 0x00, + 0x02, + 0x81, + 0x81, + 0x00, + 0xa8, + 0x6e, + 0x40, + 0x86, + 0x9f, + 0x98, + 0x59, + 0xfb, + 0x57, + 0xbf, + 0xc1, + 0x55, + 0x12, + 0x38, + 0xeb, + 0xb3, + 0x46, + 0x34, + 0xc9, + 0x35, + 0x4d, + 0xfd, + 0x03, + 0xe9, + 0x3a, + 0x88, + 0x9e, + 0x97, + 0x8f, + 0xf4, + 0xec, + 0x36, + 0x7b, + 0x3f, + 0xba, + 0xb8, + 0xa5, + 0x96, + 0x30, + 0x03, + 0xc5, + 0xc6, + 0xd9, + 0xa8, + 0x4e, + 0xbc, + 0x23, + 0x51, + 0xa1, + 0x96, + 0xd2, + 0x03, + 0x98, + 0x73, + 0xb6, + 0x17, + 0x9c, + 0x77, + 0xd4, + 0x95, + 0x1e, + 0x1b, + 0xb3, + 0x1b, + 0xc8, + 0x71, + 0xd1, + 0x2e, + 0x31, + 0xc7, + 0x6a, + 0x75, + 0x57, + 0x08, + 0x7f, + 0xba, + 0x70, + 0x76, + 0xf7, + 0x67, + 0xf4, + 0x4e, + 0xbe, + 0xfc, + 0x70, + 0x61, + 0x41, + 0x07, + 0x2b, + 0x7c, + 0x3c, + 0x3b, + 0xb3, + 0xbc, + 0xd5, + 0xa8, + 0xbd, + 0x28, + 0xd8, + 0x49, + 0xd3, + 0xe1, + 0x78, + 0xc8, + 0xc1, + 0x42, + 0x5e, + 0x18, + 0x36, + 0xa8, + 0x41, + 0xf7, + 0xc8, + 0xaa, + 0x35, + 0xfe, + 0x2d, + 0xd1, + 0xb4, + 0xcc, + 0x00, + 0x67, + 0xae, + 0x79, + 0xd3, + 0x28, + 0xd5, + 0x5b, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x81, + 0x81, + 0x00, + 0xa6, + 0x00, + 0x83, + 0xf8, + 0x2b, + 0x33, + 0xac, + 0xfb, + 0xdb, + 0xf0, + 0x52, + 0x4b, + 0xd6, + 0x39, + 0xe3, + 0x94, + 0x3d, + 0x8d, + 0xa9, + 0x01, + 0xb0, + 0x6b, + 0xbe, + 0x7f, + 0x10, + 0x01, + 0xb6, + 0xcd, + 0x0a, + 0x45, + 0x0a, + 0xca, + 0x67, + 0x8e, + 0xd8, + 0x29, + 0x44, + 0x8a, + 0x51, + 0xa8, + 0x66, + 0x35, + 0x26, + 0x30, + 0x8b, + 0xe9, + 0x41, + 0xa6, + 0x22, + 0xec, + 0xd2, + 0xf0, + 0x58, + 0x41, + 0x33, + 0x26, + 0xf2, + 0x3f, + 0xe8, + 0x75, + 0x4f, + 0xc7, + 0x5d, + 0x2e, + 0x5a, + 0xa8, + 0x7a, + 0xd2, + 0xbf, + 0x59, + 0xa0, + 0x86, + 0x79, + 0x0b, + 0x92, + 0x6c, + 0x95, + 0x5d, + 0x87, + 0x63, + 0x5c, + 0xd6, + 0x1a, + 0xc0, + 0xf6, + 0x7a, + 0x15, + 0x8d, + 0xc7, + 0x3c, + 0xb6, + 0x9e, + 0xa6, + 0x58, + 0x46, + 0x9b, + 0xbf, + 0x3e, + 0x28, + 0x8c, + 0xdf, + 0x1a, + 0x87, + 0xaa, + 0x7e, + 0xf5, + 0xf2, + 0xcb, + 0x5e, + 0x84, + 0x2d, + 0xf6, + 0x82, + 0x7e, + 0x89, + 0x4e, + 0xf5, + 0xe6, + 0x3c, + 0x92, + 0x80, + 0x1e, + 0x98, + 0x1c, + 0x6a, + 0x7b, + 0x57, + 0x01, + 0x02, + 0x41, + 0x00, + 0xdd, + 0x60, + 0x95, + 0xd7, + 0xa1, + 0x9d, + 0x0c, + 0xa1, + 0x84, + 0xc5, + 0x39, + 0xca, + 0x67, + 0x4c, + 0x1c, + 0x06, + 0x71, + 0x5b, + 0x5c, + 0x2d, + 0x8d, + 0xce, + 0xcd, + 0xe2, + 0x79, + 0xc8, + 0x33, + 0xbe, + 0x50, + 0x37, + 0x60, + 0x9f, + 0x3b, + 0xb9, + 0x59, + 0x55, + 0x22, + 0x1f, + 0xa5, + 0x4b, + 0x1d, + 0xca, + 0x38, + 0xa0, + 0xab, + 0x87, + 0x9c, + 0x86, + 0x0e, + 0xdb, + 0x1c, + 0x4f, + 0x4f, + 0x07, + 0xed, + 0x18, + 0x3f, + 0x05, + 0x3c, + 0xec, + 0x78, + 0x11, + 0xf6, + 0x99, + 0x02, + 0x41, + 0x00, + 0xc2, + 0xc5, + 0xcf, + 0xbe, + 0x95, + 0x91, + 0xeb, + 0xcf, + 0x47, + 0xf3, + 0x33, + 0x32, + 0xc7, + 0x7e, + 0x93, + 0x56, + 0xf7, + 0xd8, + 0xf9, + 0xd4, + 0xb6, + 0xd6, + 0x20, + 0xac, + 0xba, + 0x8a, + 0x20, + 0x19, + 0x14, + 0xab, + 0xc5, + 0x5d, + 0xb2, + 0x08, + 0xcc, + 0x77, + 0x7c, + 0x65, + 0xa8, + 0xdb, + 0x66, + 0x97, + 0x36, + 0x44, + 0x2c, + 0x63, + 0xc0, + 0x6a, + 0x7e, + 0xb0, + 0x0b, + 0x5c, + 0x90, + 0x12, + 0x50, + 0xb4, + 0x36, + 0x60, + 0xc3, + 0x1f, + 0x22, + 0x0c, + 0xc8, + 0x13, + 0x02, + 0x40, + 0x33, + 0xc8, + 0x7e, + 0x04, + 0x7c, + 0x97, + 0x61, + 0xf6, + 0xfe, + 0x39, + 0xac, + 0x34, + 0xfe, + 0x48, + 0xbd, + 0x5d, + 0x7c, + 0x72, + 0xa4, + 0x73, + 0x3b, + 0x72, + 0x9e, + 0x92, + 0x55, + 0x6e, + 0x51, + 0x3c, + 0x39, + 0x43, + 0x5a, + 0xe4, + 0xa4, + 0x71, + 0xcc, + 0xc5, + 0xaf, + 0x3f, + 0xbb, + 0xc8, + 0x80, + 0x65, + 0x67, + 0x2d, + 0x9e, + 0x32, + 0x10, + 0x99, + 0x03, + 0x2c, + 0x99, + 0xc8, + 0xab, + 0x71, + 0xed, + 0x31, + 0xf8, + 0xbb, + 0xde, + 0xee, + 0x69, + 0x7f, + 0xba, + 0x31, + 0x02, + 0x40, + 0x7e, + 0xbc, + 0x60, + 0x55, + 0x4e, + 0xd5, + 0xc8, + 0x6e, + 0xf4, + 0x0e, + 0x57, + 0xbe, + 0x2e, + 0xf9, + 0x39, + 0xbe, + 0x59, + 0x3f, + 0xa2, + 0x30, + 0xbb, + 0x57, + 0xd1, + 0xa3, + 0x13, + 0x2e, + 0x55, + 0x7c, + 0x7c, + 0x6a, + 0xd8, + 0xde, + 0x02, + 0xbe, + 0x9e, + 0xed, + 0x10, + 0xd0, + 0xc5, + 0x73, + 0x1d, + 0xea, + 0x3e, + 0xb1, + 0x55, + 0x81, + 0x02, + 0xef, + 0x48, + 0xc8, + 0x1c, + 0x5c, + 0x7a, + 0x92, + 0xb0, + 0x58, + 0xd3, + 0x19, + 0x5b, + 0x5d, + 0xa2, + 0xb6, + 0x56, + 0x69, + 0x02, + 0x40, + 0x1e, + 0x00, + 0x6a, + 0x9f, + 0xba, + 0xee, + 0x46, + 0x5a, + 0xc5, + 0xb5, + 0x9f, + 0x91, + 0x33, + 0xdd, + 0xc9, + 0x96, + 0x75, + 0xb7, + 0x87, + 0xcf, + 0x18, + 0x1c, + 0xb7, + 0xb9, + 0x3f, + 0x04, + 0x10, + 0xb8, + 0x75, + 0xa9, + 0xb8, + 0xa0, + 0x31, + 0x35, + 0x03, + 0x30, + 0x89, + 0xc8, + 0x37, + 0x68, + 0x20, + 0x30, + 0x99, + 0x39, + 0x96, + 0xd6, + 0x2b, + 0x3d, + 0x5e, + 0x45, + 0x84, + 0xf7, + 0xd2, + 0x61, + 0x50, + 0xc9, + 0x50, + 0xba, + 0x8d, + 0x08, + 0xaa, + 0xd0, + 0x08, + 0x1e, }; - static const PKCS12_ATTR ATTRS1[] = { { "friendlyName", "george" }, { "localKeyID", "1234567890" }, @@ -240,21 +2304,21 @@ #endif #ifndef OPENSSL_NO_MD2 -# ifndef OPENSSL_NO_DES +#ifndef OPENSSL_NO_DES NID_pbeWithMD2AndDES_CBC, -# endif -# ifndef OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC2 NID_pbeWithMD2AndRC2_CBC, -# endif +#endif #endif #ifndef OPENSSL_NO_MD5 -# ifndef OPENSSL_NO_DES +#ifndef OPENSSL_NO_DES NID_pbeWithMD5AndDES_CBC, -# endif -# ifndef OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC2 NID_pbeWithMD5AndRC2_CBC, -# endif +#endif #endif #ifndef OPENSSL_NO_DES NID_pbeWithSHA1AndDES_CBC, @@ -306,7 +2370,7 @@ /* -------------------------------------------------------------------------- * Local functions - */ + */ static int get_custom_oid(void) { @@ -319,7 +2383,6 @@ return sec_nid = OBJ_txt2nid("CustomSecretOID"); } - /* -------------------------------------------------------------------------- * PKCS12 format tests */ @@ -331,22 +2394,22 @@ /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_certbag(pb, CERT1, sizeof(CERT1), NULL); + add_certbag(pb, CERT1, sizeof(CERT1), NULL); - end_contentinfo(pb); + end_contentinfo(pb); end_pkcs12(pb); /* Read/decode */ start_check_pkcs12(pb); - start_check_contentinfo(pb); + start_check_contentinfo(pb); - check_certbag(pb, CERT1, sizeof(CERT1), NULL); + check_certbag(pb, CERT1, sizeof(CERT1), NULL); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -359,29 +2422,29 @@ PKCS12_BUILDER *pb; BIO_snprintf(fname, sizeof(fname), "1key_ciph-%s_iter-%d.p12", - OBJ_nid2sn(enc->nid), enc->iter); + OBJ_nid2sn(enc->nid), enc->iter); pb = new_pkcs12_builder(fname); /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_keybag(pb, KEY1, sizeof(KEY1), NULL, enc); + add_keybag(pb, KEY1, sizeof(KEY1), NULL, enc); - end_contentinfo(pb); + end_contentinfo(pb); end_pkcs12(pb); /* Read/decode */ start_check_pkcs12(pb); - start_check_contentinfo(pb); + start_check_contentinfo(pb); - check_keybag(pb, KEY1, sizeof(KEY1), NULL, enc); + check_keybag(pb, KEY1, sizeof(KEY1), NULL, enc); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -427,26 +2490,26 @@ static int test_single_key_with_attrs(void) { PKCS12_BUILDER *pb = new_pkcs12_builder("1keyattrs.p12"); - + /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); + add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); - end_contentinfo(pb); + end_contentinfo(pb); end_pkcs12(pb); /* Read/decode */ start_check_pkcs12(pb); - start_check_contentinfo(pb); + start_check_contentinfo(pb); - check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); + check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -459,29 +2522,29 @@ PKCS12_BUILDER *pb; BIO_snprintf(fname, sizeof(fname), "1cert_mac-%s_iter-%d.p12", - OBJ_nid2sn(mac->nid), mac->iter); + OBJ_nid2sn(mac->nid), mac->iter); pb = new_pkcs12_builder(fname); /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_certbag(pb, CERT1, sizeof(CERT1), NULL); + add_certbag(pb, CERT1, sizeof(CERT1), NULL); - end_contentinfo(pb); + end_contentinfo(pb); end_pkcs12_with_mac(pb, mac); /* Read/decode */ start_check_pkcs12_with_mac(pb, mac); - start_check_contentinfo(pb); + start_check_contentinfo(pb); - check_certbag(pb, CERT1, sizeof(CERT1), NULL); + check_certbag(pb, CERT1, sizeof(CERT1), NULL); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -524,28 +2587,28 @@ static int test_cert_key_with_attrs_and_mac(void) { PKCS12_BUILDER *pb = new_pkcs12_builder("1cert1key.p12"); - + /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); - add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); + add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); + add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); - end_contentinfo(pb); + end_contentinfo(pb); end_pkcs12_with_mac(pb, &mac_default); /* Read/decode */ start_check_pkcs12_with_mac(pb, &mac_default); - start_check_contentinfo(pb); + start_check_contentinfo(pb); - check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); - check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); + check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); + check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -555,28 +2618,28 @@ static int test_cert_key_encrypted_content(void) { PKCS12_BUILDER *pb = new_pkcs12_builder("1cert1key_enc.p12"); - + /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); - add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); + add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); + add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); - end_contentinfo_encrypted(pb, &enc_default); + end_contentinfo_encrypted(pb, &enc_default); end_pkcs12_with_mac(pb, &mac_default); /* Read/decode */ start_check_pkcs12_with_mac(pb, &mac_default); - start_check_contentinfo_encrypted(pb, &enc_default); + start_check_contentinfo_encrypted(pb, &enc_default); - check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); - check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); + check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); + check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -587,26 +2650,26 @@ { PKCS12_BUILDER *pb = new_pkcs12_builder("1secret.p12"); int custom_nid = get_custom_oid(); - + /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1); + add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1); - end_contentinfo_encrypted(pb, &enc_default); + end_contentinfo_encrypted(pb, &enc_default); end_pkcs12_with_mac(pb, &mac_default); /* Read/decode */ start_check_pkcs12_with_mac(pb, &mac_default); - start_check_contentinfo_encrypted(pb, &enc_default); + start_check_contentinfo_encrypted(pb, &enc_default); - check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1); + check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -620,29 +2683,29 @@ PKCS12_BUILDER *pb; BIO_snprintf(fname, sizeof(fname), "1secret_ciph-%s_iter-%d.p12", - OBJ_nid2sn(enc->nid), enc->iter); + OBJ_nid2sn(enc->nid), enc->iter); pb = new_pkcs12_builder(fname); custom_nid = get_custom_oid(); /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1); + add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1); - end_contentinfo_encrypted(pb, enc); + end_contentinfo_encrypted(pb, enc); end_pkcs12_with_mac(pb, &mac_default); /* Read/decode */ start_check_pkcs12_with_mac(pb, &mac_default); - start_check_contentinfo_encrypted(pb, enc); + start_check_contentinfo_encrypted(pb, enc); - check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1); + check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -667,44 +2730,44 @@ { PKCS12_BUILDER *pb = new_pkcs12_builder("multi_contents.p12"); int custom_nid = get_custom_oid(); - + /* Generate/encode */ start_pkcs12(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); - add_certbag(pb, CERT2, sizeof(CERT2), ATTRS2); - add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); - add_keybag(pb, KEY2, sizeof(KEY2), ATTRS2, &enc_default); + add_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); + add_certbag(pb, CERT2, sizeof(CERT2), ATTRS2); + add_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); + add_keybag(pb, KEY2, sizeof(KEY2), ATTRS2, &enc_default); - end_contentinfo(pb); + end_contentinfo(pb); - start_contentinfo(pb); + start_contentinfo(pb); - add_secretbag(pb, custom_nid, "VeryVerySecretMessage", ATTRS1); + add_secretbag(pb, custom_nid, "VeryVerySecretMessage", ATTRS1); - end_contentinfo_encrypted(pb, &enc_default); + end_contentinfo_encrypted(pb, &enc_default); end_pkcs12_with_mac(pb, &mac_default); /* Read/decode */ start_check_pkcs12_with_mac(pb, &mac_default); - start_check_contentinfo(pb); + start_check_contentinfo(pb); - check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); - check_certbag(pb, CERT2, sizeof(CERT2), ATTRS2); - check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); - check_keybag(pb, KEY2, sizeof(KEY2), ATTRS2, &enc_default); + check_certbag(pb, CERT1, sizeof(CERT1), ATTRS1); + check_certbag(pb, CERT2, sizeof(CERT2), ATTRS2); + check_keybag(pb, KEY1, sizeof(KEY1), ATTRS1, &enc_default); + check_keybag(pb, KEY2, sizeof(KEY2), ATTRS2, &enc_default); - end_check_contentinfo(pb); + end_check_contentinfo(pb); - start_check_contentinfo_encrypted(pb, &enc_default); + start_check_contentinfo_encrypted(pb, &enc_default); - check_secretbag(pb, custom_nid, "VeryVerySecretMessage", ATTRS1); + check_secretbag(pb, custom_nid, "VeryVerySecretMessage", ATTRS1); - end_check_contentinfo(pb); + end_check_contentinfo(pb); end_check_pkcs12(pb); @@ -720,68 +2783,626 @@ const unsigned char *p; static const unsigned char rsa_key[] = { - 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbb, - 0x24, 0x7a, 0x09, 0x7e, 0x0e, 0xb2, 0x37, 0x32, 0xcc, 0x39, 0x67, 0xad, - 0xf1, 0x9e, 0x3d, 0x6b, 0x82, 0x83, 0xd1, 0xd0, 0xac, 0xa4, 0xc0, 0x18, - 0xbe, 0x8d, 0x98, 0x00, 0xc0, 0x7b, 0xff, 0x07, 0x44, 0xc9, 0xca, 0x1c, - 0xba, 0x36, 0xe1, 0x27, 0x69, 0xff, 0xb1, 0xe3, 0x8d, 0x8b, 0xee, 0x57, - 0xa9, 0x3a, 0xaa, 0x16, 0x43, 0x39, 0x54, 0x19, 0x7c, 0xae, 0x69, 0x24, - 0x14, 0xf6, 0x64, 0xff, 0xbc, 0x74, 0xc6, 0x67, 0x6c, 0x4c, 0xf1, 0x02, - 0x49, 0x69, 0xc7, 0x2b, 0xe1, 0xe1, 0xa1, 0xa3, 0x43, 0x14, 0xf4, 0x77, - 0x8f, 0xc8, 0xd0, 0x85, 0x5a, 0x35, 0x95, 0xac, 0x62, 0xa9, 0xc1, 0x21, - 0x00, 0x77, 0xa0, 0x8b, 0x97, 0x30, 0xb4, 0x5a, 0x2c, 0xb8, 0x90, 0x2f, - 0x48, 0xa0, 0x05, 0x28, 0x4b, 0xf2, 0x0f, 0x8d, 0xec, 0x8b, 0x4d, 0x03, - 0x42, 0x75, 0xd6, 0xad, 0x81, 0xc0, 0x11, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x00, 0xfc, 0xb9, 0x4a, 0x26, 0x07, 0x89, 0x51, 0x2b, - 0x53, 0x72, 0x91, 0xe0, 0x18, 0x3e, 0xa6, 0x5e, 0x31, 0xef, 0x9c, 0x0c, - 0x16, 0x24, 0x42, 0xd0, 0x28, 0x33, 0xf9, 0xfa, 0xd0, 0x3c, 0x54, 0x04, - 0x06, 0xc0, 0x15, 0xf5, 0x1b, 0x9a, 0xb3, 0x24, 0x31, 0xab, 0x3c, 0x6b, - 0x47, 0x43, 0xb0, 0xd2, 0xa9, 0xdc, 0x05, 0xe1, 0x81, 0x59, 0xb6, 0x04, - 0xe9, 0x66, 0x61, 0xaa, 0xd7, 0x0b, 0x00, 0x8f, 0x3d, 0xe5, 0xbf, 0xa2, - 0xf8, 0x5e, 0x25, 0x6c, 0x1e, 0x22, 0x0f, 0xb4, 0xfd, 0x41, 0xe2, 0x03, - 0x31, 0x5f, 0xda, 0x20, 0xc5, 0xc0, 0xf3, 0x55, 0x0e, 0xe1, 0xc9, 0xec, - 0xd7, 0x3e, 0x2a, 0x0c, 0x01, 0xca, 0x7b, 0x22, 0xcb, 0xac, 0xf4, 0x2b, - 0x27, 0xf0, 0x78, 0x5f, 0xb5, 0xc2, 0xf9, 0xe8, 0x14, 0x5a, 0x6e, 0x7e, - 0x86, 0xbd, 0x6a, 0x9b, 0x20, 0x0c, 0xba, 0xcc, 0x97, 0x20, 0x11, 0x02, - 0x41, 0x00, 0xc9, 0x59, 0x9f, 0x29, 0x8a, 0x5b, 0x9f, 0xe3, 0x2a, 0xd8, - 0x7e, 0xc2, 0x40, 0x9f, 0xa8, 0x45, 0xe5, 0x3e, 0x11, 0x8d, 0x3c, 0xed, - 0x6e, 0xab, 0xce, 0xd0, 0x65, 0x46, 0xd8, 0xc7, 0x07, 0x63, 0xb5, 0x23, - 0x34, 0xf4, 0x9f, 0x7e, 0x1c, 0xc7, 0xc7, 0xf9, 0x65, 0xd1, 0xf4, 0x04, - 0x42, 0x38, 0xbe, 0x3a, 0x0c, 0x9d, 0x08, 0x25, 0xfc, 0xa3, 0x71, 0xd9, - 0xae, 0x0c, 0x39, 0x61, 0xf4, 0x89, 0x02, 0x41, 0x00, 0xed, 0xef, 0xab, - 0xa9, 0xd5, 0x39, 0x9c, 0xee, 0x59, 0x1b, 0xff, 0xcf, 0x48, 0x44, 0x1b, - 0xb6, 0x32, 0xe7, 0x46, 0x24, 0xf3, 0x04, 0x7f, 0xde, 0x95, 0x08, 0x6d, - 0x75, 0x9e, 0x67, 0x17, 0xba, 0x5c, 0xa4, 0xd4, 0xe2, 0xe2, 0x4d, 0x77, - 0xce, 0xeb, 0x66, 0x29, 0xc5, 0x96, 0xe0, 0x62, 0xbb, 0xe5, 0xac, 0xdc, - 0x44, 0x62, 0x54, 0x86, 0xed, 0x64, 0x0c, 0xce, 0xd0, 0x60, 0x03, 0x9d, - 0x49, 0x02, 0x40, 0x54, 0xd9, 0x18, 0x72, 0x27, 0xe4, 0xbe, 0x76, 0xbb, - 0x1a, 0x6a, 0x28, 0x2f, 0x95, 0x58, 0x12, 0xc4, 0x2c, 0xa8, 0xb6, 0xcc, - 0xe2, 0xfd, 0x0d, 0x17, 0x64, 0xc8, 0x18, 0xd7, 0xc6, 0xdf, 0x3d, 0x4c, - 0x1a, 0x9e, 0xf9, 0x2a, 0xb0, 0xb9, 0x2e, 0x12, 0xfd, 0xec, 0xc3, 0x51, - 0xc1, 0xed, 0xa9, 0xfd, 0xb7, 0x76, 0x93, 0x41, 0xd8, 0xc8, 0x22, 0x94, - 0x1a, 0x77, 0xf6, 0x9c, 0xc3, 0xc3, 0x89, 0x02, 0x41, 0x00, 0x8e, 0xf9, - 0xa7, 0x08, 0xad, 0xb5, 0x2a, 0x04, 0xdb, 0x8d, 0x04, 0xa1, 0xb5, 0x06, - 0x20, 0x34, 0xd2, 0xcf, 0xc0, 0x89, 0xb1, 0x72, 0x31, 0xb8, 0x39, 0x8b, - 0xcf, 0xe2, 0x8e, 0xa5, 0xda, 0x4f, 0x45, 0x1e, 0x53, 0x42, 0x66, 0xc4, - 0x30, 0x4b, 0x29, 0x8e, 0xc1, 0x69, 0x17, 0x29, 0x8c, 0x8a, 0xe6, 0x0f, - 0x82, 0x68, 0xa1, 0x41, 0xb3, 0xb6, 0x70, 0x99, 0x75, 0xa9, 0x27, 0x18, - 0xe4, 0xe9, 0x02, 0x41, 0x00, 0x89, 0xea, 0x6e, 0x6d, 0x70, 0xdf, 0x25, - 0x5f, 0x18, 0x3f, 0x48, 0xda, 0x63, 0x10, 0x8b, 0xfe, 0xa8, 0x0c, 0x94, - 0x0f, 0xde, 0x97, 0x56, 0x53, 0x89, 0x94, 0xe2, 0x1e, 0x2c, 0x74, 0x3c, - 0x91, 0x81, 0x34, 0x0b, 0xa6, 0x40, 0xf8, 0xcb, 0x2a, 0x60, 0x8c, 0xe0, - 0x02, 0xb7, 0x89, 0x93, 0xcf, 0x18, 0x9f, 0x49, 0x54, 0xfd, 0x7d, 0x3f, - 0x9a, 0xef, 0xd4, 0xa4, 0x4f, 0xc1, 0x45, 0x99, 0x91, + 0x30, + 0x82, + 0x02, + 0x5d, + 0x02, + 0x01, + 0x00, + 0x02, + 0x81, + 0x81, + 0x00, + 0xbb, + 0x24, + 0x7a, + 0x09, + 0x7e, + 0x0e, + 0xb2, + 0x37, + 0x32, + 0xcc, + 0x39, + 0x67, + 0xad, + 0xf1, + 0x9e, + 0x3d, + 0x6b, + 0x82, + 0x83, + 0xd1, + 0xd0, + 0xac, + 0xa4, + 0xc0, + 0x18, + 0xbe, + 0x8d, + 0x98, + 0x00, + 0xc0, + 0x7b, + 0xff, + 0x07, + 0x44, + 0xc9, + 0xca, + 0x1c, + 0xba, + 0x36, + 0xe1, + 0x27, + 0x69, + 0xff, + 0xb1, + 0xe3, + 0x8d, + 0x8b, + 0xee, + 0x57, + 0xa9, + 0x3a, + 0xaa, + 0x16, + 0x43, + 0x39, + 0x54, + 0x19, + 0x7c, + 0xae, + 0x69, + 0x24, + 0x14, + 0xf6, + 0x64, + 0xff, + 0xbc, + 0x74, + 0xc6, + 0x67, + 0x6c, + 0x4c, + 0xf1, + 0x02, + 0x49, + 0x69, + 0xc7, + 0x2b, + 0xe1, + 0xe1, + 0xa1, + 0xa3, + 0x43, + 0x14, + 0xf4, + 0x77, + 0x8f, + 0xc8, + 0xd0, + 0x85, + 0x5a, + 0x35, + 0x95, + 0xac, + 0x62, + 0xa9, + 0xc1, + 0x21, + 0x00, + 0x77, + 0xa0, + 0x8b, + 0x97, + 0x30, + 0xb4, + 0x5a, + 0x2c, + 0xb8, + 0x90, + 0x2f, + 0x48, + 0xa0, + 0x05, + 0x28, + 0x4b, + 0xf2, + 0x0f, + 0x8d, + 0xec, + 0x8b, + 0x4d, + 0x03, + 0x42, + 0x75, + 0xd6, + 0xad, + 0x81, + 0xc0, + 0x11, + 0x02, + 0x03, + 0x01, + 0x00, + 0x01, + 0x02, + 0x81, + 0x80, + 0x00, + 0xfc, + 0xb9, + 0x4a, + 0x26, + 0x07, + 0x89, + 0x51, + 0x2b, + 0x53, + 0x72, + 0x91, + 0xe0, + 0x18, + 0x3e, + 0xa6, + 0x5e, + 0x31, + 0xef, + 0x9c, + 0x0c, + 0x16, + 0x24, + 0x42, + 0xd0, + 0x28, + 0x33, + 0xf9, + 0xfa, + 0xd0, + 0x3c, + 0x54, + 0x04, + 0x06, + 0xc0, + 0x15, + 0xf5, + 0x1b, + 0x9a, + 0xb3, + 0x24, + 0x31, + 0xab, + 0x3c, + 0x6b, + 0x47, + 0x43, + 0xb0, + 0xd2, + 0xa9, + 0xdc, + 0x05, + 0xe1, + 0x81, + 0x59, + 0xb6, + 0x04, + 0xe9, + 0x66, + 0x61, + 0xaa, + 0xd7, + 0x0b, + 0x00, + 0x8f, + 0x3d, + 0xe5, + 0xbf, + 0xa2, + 0xf8, + 0x5e, + 0x25, + 0x6c, + 0x1e, + 0x22, + 0x0f, + 0xb4, + 0xfd, + 0x41, + 0xe2, + 0x03, + 0x31, + 0x5f, + 0xda, + 0x20, + 0xc5, + 0xc0, + 0xf3, + 0x55, + 0x0e, + 0xe1, + 0xc9, + 0xec, + 0xd7, + 0x3e, + 0x2a, + 0x0c, + 0x01, + 0xca, + 0x7b, + 0x22, + 0xcb, + 0xac, + 0xf4, + 0x2b, + 0x27, + 0xf0, + 0x78, + 0x5f, + 0xb5, + 0xc2, + 0xf9, + 0xe8, + 0x14, + 0x5a, + 0x6e, + 0x7e, + 0x86, + 0xbd, + 0x6a, + 0x9b, + 0x20, + 0x0c, + 0xba, + 0xcc, + 0x97, + 0x20, + 0x11, + 0x02, + 0x41, + 0x00, + 0xc9, + 0x59, + 0x9f, + 0x29, + 0x8a, + 0x5b, + 0x9f, + 0xe3, + 0x2a, + 0xd8, + 0x7e, + 0xc2, + 0x40, + 0x9f, + 0xa8, + 0x45, + 0xe5, + 0x3e, + 0x11, + 0x8d, + 0x3c, + 0xed, + 0x6e, + 0xab, + 0xce, + 0xd0, + 0x65, + 0x46, + 0xd8, + 0xc7, + 0x07, + 0x63, + 0xb5, + 0x23, + 0x34, + 0xf4, + 0x9f, + 0x7e, + 0x1c, + 0xc7, + 0xc7, + 0xf9, + 0x65, + 0xd1, + 0xf4, + 0x04, + 0x42, + 0x38, + 0xbe, + 0x3a, + 0x0c, + 0x9d, + 0x08, + 0x25, + 0xfc, + 0xa3, + 0x71, + 0xd9, + 0xae, + 0x0c, + 0x39, + 0x61, + 0xf4, + 0x89, + 0x02, + 0x41, + 0x00, + 0xed, + 0xef, + 0xab, + 0xa9, + 0xd5, + 0x39, + 0x9c, + 0xee, + 0x59, + 0x1b, + 0xff, + 0xcf, + 0x48, + 0x44, + 0x1b, + 0xb6, + 0x32, + 0xe7, + 0x46, + 0x24, + 0xf3, + 0x04, + 0x7f, + 0xde, + 0x95, + 0x08, + 0x6d, + 0x75, + 0x9e, + 0x67, + 0x17, + 0xba, + 0x5c, + 0xa4, + 0xd4, + 0xe2, + 0xe2, + 0x4d, + 0x77, + 0xce, + 0xeb, + 0x66, + 0x29, + 0xc5, + 0x96, + 0xe0, + 0x62, + 0xbb, + 0xe5, + 0xac, + 0xdc, + 0x44, + 0x62, + 0x54, + 0x86, + 0xed, + 0x64, + 0x0c, + 0xce, + 0xd0, + 0x60, + 0x03, + 0x9d, + 0x49, + 0x02, + 0x40, + 0x54, + 0xd9, + 0x18, + 0x72, + 0x27, + 0xe4, + 0xbe, + 0x76, + 0xbb, + 0x1a, + 0x6a, + 0x28, + 0x2f, + 0x95, + 0x58, + 0x12, + 0xc4, + 0x2c, + 0xa8, + 0xb6, + 0xcc, + 0xe2, + 0xfd, + 0x0d, + 0x17, + 0x64, + 0xc8, + 0x18, + 0xd7, + 0xc6, + 0xdf, + 0x3d, + 0x4c, + 0x1a, + 0x9e, + 0xf9, + 0x2a, + 0xb0, + 0xb9, + 0x2e, + 0x12, + 0xfd, + 0xec, + 0xc3, + 0x51, + 0xc1, + 0xed, + 0xa9, + 0xfd, + 0xb7, + 0x76, + 0x93, + 0x41, + 0xd8, + 0xc8, + 0x22, + 0x94, + 0x1a, + 0x77, + 0xf6, + 0x9c, + 0xc3, + 0xc3, + 0x89, + 0x02, + 0x41, + 0x00, + 0x8e, + 0xf9, + 0xa7, + 0x08, + 0xad, + 0xb5, + 0x2a, + 0x04, + 0xdb, + 0x8d, + 0x04, + 0xa1, + 0xb5, + 0x06, + 0x20, + 0x34, + 0xd2, + 0xcf, + 0xc0, + 0x89, + 0xb1, + 0x72, + 0x31, + 0xb8, + 0x39, + 0x8b, + 0xcf, + 0xe2, + 0x8e, + 0xa5, + 0xda, + 0x4f, + 0x45, + 0x1e, + 0x53, + 0x42, + 0x66, + 0xc4, + 0x30, + 0x4b, + 0x29, + 0x8e, + 0xc1, + 0x69, + 0x17, + 0x29, + 0x8c, + 0x8a, + 0xe6, + 0x0f, + 0x82, + 0x68, + 0xa1, + 0x41, + 0xb3, + 0xb6, + 0x70, + 0x99, + 0x75, + 0xa9, + 0x27, + 0x18, + 0xe4, + 0xe9, + 0x02, + 0x41, + 0x00, + 0x89, + 0xea, + 0x6e, + 0x6d, + 0x70, + 0xdf, + 0x25, + 0x5f, + 0x18, + 0x3f, + 0x48, + 0xda, + 0x63, + 0x10, + 0x8b, + 0xfe, + 0xa8, + 0x0c, + 0x94, + 0x0f, + 0xde, + 0x97, + 0x56, + 0x53, + 0x89, + 0x94, + 0xe2, + 0x1e, + 0x2c, + 0x74, + 0x3c, + 0x91, + 0x81, + 0x34, + 0x0b, + 0xa6, + 0x40, + 0xf8, + 0xcb, + 0x2a, + 0x60, + 0x8c, + 0xe0, + 0x02, + 0xb7, + 0x89, + 0x93, + 0xcf, + 0x18, + 0x9f, + 0x49, + 0x54, + 0xfd, + 0x7d, + 0x3f, + 0x9a, + 0xef, + 0xd4, + 0xa4, + 0x4f, + 0xc1, + 0x45, + 0x99, + 0x91, }; p = rsa_key; if (!TEST_ptr(pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &p, - sizeof(rsa_key), NULL, NULL))) + sizeof(rsa_key), NULL, NULL))) goto err; if (!TEST_int_eq(ERR_peek_error(), 0)) goto err; p12 = PKCS12_create(NULL, NULL, pkey, NULL, NULL, - NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 2, 1, 0); + NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 2, 1, 0); if (!TEST_ptr(p12)) goto err; @@ -816,7 +3437,7 @@ if (!TEST_ptr(pkey)) goto err; p12 = PKCS12_create("pass", NULL, pkey, cert, NULL, NID_aes_256_cbc, - NID_aes_256_cbc, 2, 1, 0); + NID_aes_256_cbc, 2, 1, 0); if (!TEST_ptr(p12)) goto err; if (!TEST_int_eq(ERR_peek_error(), 0)) @@ -834,13 +3455,14 @@ if (!TEST_ptr(p12_parsed)) goto err; if (!TEST_int_eq(PKCS12_parse(p12_parsed, "pass", &pkey_parsed, - &cert_parsed, NULL), 1)) + &cert_parsed, NULL), + 1)) goto err; /* cert_parsed also contains auxiliary data */ p12_recreated = PKCS12_create("new_pass", NULL, pkey_parsed, cert_parsed, - NULL, NID_aes_256_cbc, NID_aes_256_cbc, - 2, 1, 0); + NULL, NID_aes_256_cbc, NID_aes_256_cbc, + 2, 1, 0); if (!TEST_ptr(p12_recreated)) goto err; if (!TEST_int_eq(ERR_peek_error(), 0)) @@ -872,8 +3494,8 @@ { static const OPTIONS options[] = { OPT_TEST_OPTIONS_DEFAULT_USAGE, - { "write", OPT_WRITE, '-', "Write PKCS12 objects to file" }, - { "legacy", OPT_LEGACY, '-', "Test the legacy APIs" }, + { "write", OPT_WRITE, '-', "Write PKCS12 objects to file" }, + { "legacy", OPT_LEGACY, '-', "Test the legacy APIs" }, { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, { NULL } }; @@ -924,7 +3546,7 @@ */ if (!default_libctx) { if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) - || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) + || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) return 0; } --- crypto/openssl/test/pkcs7_test.c.orig +++ crypto/openssl/test/pkcs7_test.c @@ -70,19 +70,19 @@ if (!TEST_ptr(bio = BIO_new(BIO_s_mem()))) goto end; - for (i = 0; i < OSSL_NELEM(sig); ++i) + for (i = 0; i < OSSL_NELEM(sig); ++i) BIO_puts(bio, sig[i]); ret = TEST_ptr(msg_bio = BIO_new_mem_buf(signed_data, strlen(signed_data))) - && TEST_ptr(x509_bio = BIO_new_mem_buf(cert_der, sizeof(cert_der))) - && TEST_ptr(cert = d2i_X509_bio(x509_bio, NULL)) - && TEST_int_eq(ERR_peek_error(), 0) - && TEST_ptr(store = X509_STORE_new()) - && TEST_true(X509_STORE_add_cert(store, cert)) - && TEST_ptr(p7 = SMIME_read_PKCS7(bio, NULL)) - && TEST_int_eq(ERR_peek_error(), 0) - && TEST_true(PKCS7_verify(p7, NULL, store, msg_bio, NULL, PKCS7_TEXT)) - && TEST_int_eq(ERR_peek_error(), 0); + && TEST_ptr(x509_bio = BIO_new_mem_buf(cert_der, sizeof(cert_der))) + && TEST_ptr(cert = d2i_X509_bio(x509_bio, NULL)) + && TEST_int_eq(ERR_peek_error(), 0) + && TEST_ptr(store = X509_STORE_new()) + && TEST_true(X509_STORE_add_cert(store, cert)) + && TEST_ptr(p7 = SMIME_read_PKCS7(bio, NULL)) + && TEST_int_eq(ERR_peek_error(), 0) + && TEST_true(PKCS7_verify(p7, NULL, store, msg_bio, NULL, PKCS7_TEXT)) + && TEST_int_eq(ERR_peek_error(), 0); end: X509_STORE_free(store); X509_free(cert); --- crypto/openssl/test/pkey_meth_kdf_test.c.orig +++ crypto/openssl/test/pkey_meth_kdf_test.c @@ -36,24 +36,28 @@ goto err; } if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, - (unsigned char *)"secret", 6) <= 0) { + (unsigned char *)"secret", 6) + <= 0) { TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); goto err; } if (index == 0) { if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, - (unsigned char *)"seed", 4) <= 0) { + (unsigned char *)"seed", 4) + <= 0) { TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); goto err; } } else { if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, - (unsigned char *)"se", 2) <= 0) { + (unsigned char *)"se", 2) + <= 0) { TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); goto err; } if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, - (unsigned char *)"ed", 2) <= 0) { + (unsigned char *)"ed", 2) + <= 0) { TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); goto err; } @@ -98,12 +102,12 @@ goto err; } if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, (const unsigned char *)"salt", 4) - <= 0) { + <= 0) { TEST_error("EVP_PKEY_CTX_set1_hkdf_salt"); goto err; } if (EVP_PKEY_CTX_set1_hkdf_key(pctx, (const unsigned char *)"secret", 6) - <= 0) { + <= 0) { TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); goto err; } --- crypto/openssl/test/pkey_meth_test.c.orig +++ crypto/openssl/test/pkey_meth_test.c @@ -33,7 +33,6 @@ if (pkey_id < prev) good = 0; prev = pkey_id; - } if (!good) { TEST_error("EVP_PKEY_ASN1_METHOD table out of order"); @@ -66,7 +65,6 @@ if (pkey_id < prev) good = 0; prev = pkey_id; - } if (!good) { TEST_error("EVP_PKEY_METHOD table out of order"); --- crypto/openssl/test/poly1305_internal_test.c.orig +++ crypto/openssl/test/poly1305_internal_test.c @@ -38,117 +38,61 @@ * RFC7539 */ { - { - 34, - { - 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72, + { 34, + { 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f, 0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65, 0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f, - 0x75, 0x70 - } - }, - { - 32, - { - 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, + 0x75, 0x70 } }, + { 32, + { 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, - 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b - } - }, - { - 16, - { - 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, - 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9 - } - } - }, + 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b } }, + { 16, + { 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, + 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9 } } }, /* * test vectors from "The Poly1305-AES message-authentication code" */ { - { - 2, - { - 0xf3, 0xf6 - } - }, - { - 32, - { - 0x85, 0x1f, 0xc4, 0x0c, 0x34, 0x67, 0xac, 0x0b, + { 2, + { 0xf3, 0xf6 } }, + { 32, + { 0x85, 0x1f, 0xc4, 0x0c, 0x34, 0x67, 0xac, 0x0b, 0xe0, 0x5c, 0xc2, 0x04, 0x04, 0xf3, 0xf7, 0x00, 0x58, 0x0b, 0x3b, 0x0f, 0x94, 0x47, 0xbb, 0x1e, - 0x69, 0xd0, 0x95, 0xb5, 0x92, 0x8b, 0x6d, 0xbc - } - }, - { - 16, - { - 0xf4, 0xc6, 0x33, 0xc3, 0x04, 0x4f, 0xc1, 0x45, - 0xf8, 0x4f, 0x33, 0x5c, 0xb8, 0x19, 0x53, 0xde - } - } - }, - { - { - 0, - { - 0 - } - }, - { - 32, - { - 0xa0, 0xf3, 0x08, 0x00, 0x00, 0xf4, 0x64, 0x00, + 0x69, 0xd0, 0x95, 0xb5, 0x92, 0x8b, 0x6d, 0xbc } }, + { 16, + { 0xf4, 0xc6, 0x33, 0xc3, 0x04, 0x4f, 0xc1, 0x45, + 0xf8, 0x4f, 0x33, 0x5c, 0xb8, 0x19, 0x53, 0xde } } }, + { { 0, + { 0 } }, + { 32, + { 0xa0, 0xf3, 0x08, 0x00, 0x00, 0xf4, 0x64, 0x00, 0xd0, 0xc7, 0xe9, 0x07, 0x6c, 0x83, 0x44, 0x03, 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7, - 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7 - } - }, - { - 16, - { - 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7, - 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7 - } - } - }, - { - { - 32, - { - 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, - 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, - 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, - 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 - } - }, - { - 32, - { - 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7 } }, + { 16, + { 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7, + 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7 } } }, + { { 32, + { 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 } }, + { 32, + { 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, - 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef - } - }, - { - 16, - { - 0x0e, 0xe1, 0xc1, 0x6b, 0xb7, 0x3f, 0x0f, 0x4f, - 0xd1, 0x98, 0x81, 0x75, 0x3c, 0x01, 0xcd, 0xbe - } - } - }, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef } }, + { 16, + { 0x0e, 0xe1, 0xc1, 0x6b, 0xb7, 0x3f, 0x0f, 0x4f, + 0xd1, 0x98, 0x81, 0x75, 0x3c, 0x01, 0xcd, 0xbe } } }, { - { - 63, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 63, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -156,35 +100,23 @@ 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, - 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0x51, 0x54, 0xad, 0x0d, 0x2c, 0xb2, 0x6e, 0x01, - 0x27, 0x4f, 0xc5, 0x11, 0x48, 0x49, 0x1f, 0x1b - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0x51, 0x54, 0xad, 0x0d, 0x2c, 0xb2, 0x6e, 0x01, + 0x27, 0x4f, 0xc5, 0x11, 0x48, 0x49, 0x1f, 0x1b } }, }, /* * self-generated vectors exercise "significant" lengths, such that * are handled by different code paths */ { - { - 64, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 64, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -192,62 +124,39 @@ 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, - 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, - 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66 - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, + 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66 } }, }, { - { - 48, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 48, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, - 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, - 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 - } - }, + } }, + { 16, + { 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, + 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 } }, }, { - { - 96, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 96, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -260,31 +169,19 @@ 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, - 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0xbb, 0xb6, 0x13, 0xb2, 0xb6, 0xd7, 0x53, 0xba, - 0x07, 0x39, 0x5b, 0x91, 0x6a, 0xae, 0xce, 0x15 - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0xbb, 0xb6, 0x13, 0xb2, 0xb6, 0xd7, 0x53, 0xba, + 0x07, 0x39, 0x5b, 0x91, 0x6a, 0xae, 0xce, 0x15 } }, }, { - { - 112, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 112, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -300,31 +197,19 @@ 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, - 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0xc7, 0x94, 0xd7, 0x05, 0x7d, 0x17, 0x78, 0xc4, - 0xbb, 0xee, 0x0a, 0x39, 0xb3, 0xd9, 0x73, 0x42 - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0xc7, 0x94, 0xd7, 0x05, 0x7d, 0x17, 0x78, 0xc4, + 0xbb, 0xee, 0x0a, 0x39, 0xb3, 0xd9, 0x73, 0x42 } }, }, { - { - 128, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 128, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -342,31 +227,19 @@ 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, - 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0xff, 0xbc, 0xb9, 0xb3, 0x71, 0x42, 0x31, 0x52, - 0xd7, 0xfc, 0xa5, 0xad, 0x04, 0x2f, 0xba, 0xa9 - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0xff, 0xbc, 0xb9, 0xb3, 0x71, 0x42, 0x31, 0x52, + 0xd7, 0xfc, 0xa5, 0xad, 0x04, 0x2f, 0xba, 0xa9 } }, }, { - { - 144, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 144, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -387,31 +260,19 @@ 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36, 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, - 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0x06, 0x9e, 0xd6, 0xb8, 0xef, 0x0f, 0x20, 0x7b, - 0x3e, 0x24, 0x3b, 0xb1, 0x01, 0x9f, 0xe6, 0x32 - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0x06, 0x9e, 0xd6, 0xb8, 0xef, 0x0f, 0x20, 0x7b, + 0x3e, 0x24, 0x3b, 0xb1, 0x01, 0x9f, 0xe6, 0x32 } }, }, { - { - 160, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 160, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -434,31 +295,19 @@ 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66, 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, - 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0xcc, 0xa3, 0x39, 0xd9, 0xa4, 0x5f, 0xa2, 0x36, - 0x8c, 0x2c, 0x68, 0xb3, 0xa4, 0x17, 0x91, 0x33 - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0xcc, 0xa3, 0x39, 0xd9, 0xa4, 0x5f, 0xa2, 0x36, + 0x8c, 0x2c, 0x68, 0xb3, 0xa4, 0x17, 0x91, 0x33 } }, }, { - { - 288, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 288, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -501,31 +350,19 @@ 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, - 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0x53, 0xf6, 0xe8, 0x28, 0xa2, 0xf0, 0xfe, 0x0e, - 0xe8, 0x15, 0xbf, 0x0b, 0xd5, 0x84, 0x1a, 0x34 - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0x53, 0xf6, 0xe8, 0x28, 0xa2, 0xf0, 0xfe, 0x0e, + 0xe8, 0x15, 0xbf, 0x0b, 0xd5, 0x84, 0x1a, 0x34 } }, }, { - { - 320, - { - 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + { 320, + { 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, @@ -573,34 +410,22 @@ 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66, 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, - 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 - } - }, - { - 32, - { - 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 } }, + { 32, + { 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, - 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 - } - }, - { - 16, - { - 0xb8, 0x46, 0xd4, 0x4e, 0x9b, 0xbd, 0x53, 0xce, - 0xdf, 0xfb, 0xfb, 0xb6, 0xb7, 0xfa, 0x49, 0x33 - } - }, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 } }, + { 16, + { 0xb8, 0x46, 0xd4, 0x4e, 0x9b, 0xbd, 0x53, 0xce, + 0xdf, 0xfb, 0xfb, 0xb6, 0xb7, 0xfa, 0x49, 0x33 } }, }, /* * 4th power of the key spills to 131th bit in SIMD key setup */ { - { - 256, - { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + { 256, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, @@ -638,34 +463,22 @@ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff - } - }, - { - 32, - { - 0xad, 0x62, 0x81, 0x07, 0xe8, 0x35, 0x1d, 0x0f, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }, + { 32, + { 0xad, 0x62, 0x81, 0x07, 0xe8, 0x35, 0x1d, 0x0f, 0x2c, 0x23, 0x1a, 0x05, 0xdc, 0x4a, 0x41, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 16, - { - 0x07, 0x14, 0x5a, 0x4c, 0x02, 0xfe, 0x5f, 0xa3, - 0x20, 0x36, 0xde, 0x68, 0xfa, 0xbe, 0x90, 0x66 - } - }, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 16, + { 0x07, 0x14, 0x5a, 0x4c, 0x02, 0xfe, 0x5f, 0xa3, + 0x20, 0x36, 0xde, 0x68, 0xfa, 0xbe, 0x90, 0x66 } }, }, /* * poly1305_ieee754.c failed this in final stage */ { - { - 252, - { - 0x84, 0x23, 0x64, 0xe1, 0x56, 0x33, 0x6c, 0x09, + { 252, + { 0x84, 0x23, 0x64, 0xe1, 0x56, 0x33, 0x6c, 0x09, 0x98, 0xb9, 0x33, 0xa6, 0x23, 0x77, 0x26, 0x18, 0x0d, 0x9e, 0x3f, 0xdc, 0xbd, 0xe4, 0xcd, 0x5d, 0x17, 0x08, 0x0f, 0xc3, 0xbe, 0xb4, 0x96, 0x14, @@ -703,34 +516,22 @@ 0xda, 0x94, 0x32, 0x1c, 0x5e, 0x44, 0x06, 0x04, 0x89, 0x33, 0x6c, 0xb6, 0x5b, 0xf3, 0x98, 0x9c, 0x36, 0xf7, 0x28, 0x2c, 0x2f, 0x5d, 0x2b, 0x88, - 0x2c, 0x17, 0x1e, 0x74 - } - }, - { - 32, - { - 0x95, 0xd5, 0xc0, 0x05, 0x50, 0x3e, 0x51, 0x0d, + 0x2c, 0x17, 0x1e, 0x74 } }, + { 32, + { 0x95, 0xd5, 0xc0, 0x05, 0x50, 0x3e, 0x51, 0x0d, 0x8c, 0xd0, 0xaa, 0x07, 0x2c, 0x4a, 0x4d, 0x06, 0x6e, 0xab, 0xc5, 0x2d, 0x11, 0x65, 0x3d, 0xf4, - 0x7f, 0xbf, 0x63, 0xab, 0x19, 0x8b, 0xcc, 0x26 - } - }, - { - 16, - { - 0xf2, 0x48, 0x31, 0x2e, 0x57, 0x8d, 0x9d, 0x58, - 0xf8, 0xb7, 0xbb, 0x4d, 0x19, 0x10, 0x54, 0x31 - } - }, + 0x7f, 0xbf, 0x63, 0xab, 0x19, 0x8b, 0xcc, 0x26 } }, + { 16, + { 0xf2, 0x48, 0x31, 0x2e, 0x57, 0x8d, 0x9d, 0x58, + 0xf8, 0xb7, 0xbb, 0x4d, 0x19, 0x10, 0x54, 0x31 } }, }, /* * AVX2 in poly1305-x86.pl failed this with 176+32 split */ { - { - 208, - { - 0x24, 0x8a, 0xc3, 0x10, 0x85, 0xb6, 0xc2, 0xad, + { 208, + { 0x24, 0x8a, 0xc3, 0x10, 0x85, 0xb6, 0xc2, 0xad, 0xaa, 0xa3, 0x82, 0x59, 0xa0, 0xd7, 0x19, 0x2c, 0x5c, 0x35, 0xd1, 0xbb, 0x4e, 0xf3, 0x9a, 0xd9, 0x4c, 0x38, 0xd1, 0xc8, 0x24, 0x79, 0xe2, 0xdd, @@ -761,110 +562,64 @@ 0x71, 0x35, 0x1b, 0x1d, 0x92, 0x1e, 0xa5, 0x51, 0x04, 0x7a, 0xbc, 0xc6, 0xb8, 0x7a, 0x90, 0x1f, 0xde, 0x7d, 0xb7, 0x9f, 0xa1, 0x81, 0x8c, 0x11, - 0x33, 0x6d, 0xbc, 0x07, 0x24, 0x4a, 0x40, 0xeb - } - }, - { - 32, - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x33, 0x6d, 0xbc, 0x07, 0x24, 0x4a, 0x40, 0xeb } }, + { 32, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 16, - { - 0xbc, 0x93, 0x9b, 0xc5, 0x28, 0x14, 0x80, 0xfa, - 0x99, 0xc6, 0xd6, 0x8c, 0x25, 0x8e, 0xc4, 0x2f - } - }, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 16, + { 0xbc, 0x93, 0x9b, 0xc5, 0x28, 0x14, 0x80, 0xfa, + 0x99, 0xc6, 0xd6, 0x8c, 0x25, 0x8e, 0xc4, 0x2f } }, }, /* * test vectors from Google */ { - { - 0, + { 0, { 0x00, - } - }, - { - 32, - { - 0xc8, 0xaf, 0xaa, 0xc3, 0x31, 0xee, 0x37, 0x2c, + } }, + { 32, + { 0xc8, 0xaf, 0xaa, 0xc3, 0x31, 0xee, 0x37, 0x2c, 0xd6, 0x08, 0x2d, 0xe1, 0x34, 0x94, 0x3b, 0x17, 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d, - 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c - } - }, - { - 16, - { - 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d, - 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c - } - }, + 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c } }, + { 16, + { 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d, + 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c } }, }, { - { - 12, - { - 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, - 0x72, 0x6c, 0x64, 0x21 - } - }, - { - 32, - { - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + { 12, + { 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, + 0x72, 0x6c, 0x64, 0x21 } }, + { 32, + { 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20, - 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35 - } - }, - { - 16, - { - 0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16, - 0xa2, 0x0d, 0xcc, 0x74, 0xee, 0xf2, 0xb2, 0xf0 - } - }, + 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35 } }, + { 16, + { 0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16, + 0xa2, 0x0d, 0xcc, 0x74, 0xee, 0xf2, 0xb2, 0xf0 } }, }, { - { - 32, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + { 32, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 32, - { - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 32, + { 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20, - 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35 - } - }, - { - 16, - { - 0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6, - 0xc2, 0x6b, 0x33, 0xb9, 0x1c, 0xcc, 0x03, 0x07 - } - }, + 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35 } }, + { 16, + { 0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6, + 0xc2, 0x6b, 0x33, 0xb9, 0x1c, 0xcc, 0x03, 0x07 } }, }, { - { - 128, - { - 0x89, 0xda, 0xb8, 0x0b, 0x77, 0x17, 0xc1, 0xdb, + { 128, + { 0x89, 0xda, 0xb8, 0x0b, 0x77, 0x17, 0xc1, 0xdb, 0x5d, 0xb4, 0x37, 0x86, 0x0a, 0x3f, 0x70, 0x21, 0x8e, 0x93, 0xe1, 0xb8, 0xf4, 0x61, 0xfb, 0x67, 0x7f, 0x16, 0xf3, 0x5f, 0x6f, 0x87, 0xe2, 0xa9, @@ -882,31 +637,19 @@ 0x41, 0x30, 0x0d, 0xf3, 0x0a, 0xdb, 0xec, 0xa2, 0x8f, 0x64, 0x27, 0xa8, 0xbc, 0x1a, 0x99, 0x9f, 0xd5, 0x1c, 0x55, 0x4a, 0x01, 0x7d, 0x09, 0x5d, - 0x8c, 0x3e, 0x31, 0x27, 0xda, 0xf9, 0xf5, 0x95 - } - }, - { - 32, - { - 0x2d, 0x77, 0x3b, 0xe3, 0x7a, 0xdb, 0x1e, 0x4d, + 0x8c, 0x3e, 0x31, 0x27, 0xda, 0xf9, 0xf5, 0x95 } }, + { 32, + { 0x2d, 0x77, 0x3b, 0xe3, 0x7a, 0xdb, 0x1e, 0x4d, 0x68, 0x3b, 0xf0, 0x07, 0x5e, 0x79, 0xc4, 0xee, 0x03, 0x79, 0x18, 0x53, 0x5a, 0x7f, 0x99, 0xcc, - 0xb7, 0x04, 0x0f, 0xb5, 0xf5, 0xf4, 0x3a, 0xea - } - }, - { - 16, - { - 0xc8, 0x5d, 0x15, 0xed, 0x44, 0xc3, 0x78, 0xd6, - 0xb0, 0x0e, 0x23, 0x06, 0x4c, 0x7b, 0xcd, 0x51 - } - }, + 0xb7, 0x04, 0x0f, 0xb5, 0xf5, 0xf4, 0x3a, 0xea } }, + { 16, + { 0xc8, 0x5d, 0x15, 0xed, 0x44, 0xc3, 0x78, 0xd6, + 0xb0, 0x0e, 0x23, 0x06, 0x4c, 0x7b, 0xcd, 0x51 } }, }, { - { - 528, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, + { 528, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x17, 0x03, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x06, 0xdb, 0x1f, 0x1f, 0x36, 0x8d, 0x69, 0x6a, @@ -987,34 +730,22 @@ 0xdc, 0xb9, 0x9b, 0x1a, 0x6e, 0x69, 0x08, 0x54, 0xce, 0x07, 0x69, 0xcd, 0xe3, 0x97, 0x61, 0xd8, 0x2f, 0xcd, 0xec, 0x15, 0xf0, 0xd9, 0x2d, 0x7d, - 0x8e, 0x94, 0xad, 0xe8, 0xeb, 0x83, 0xfb, 0xe0 - } - }, - { - 32, - { - 0x99, 0xe5, 0x82, 0x2d, 0xd4, 0x17, 0x3c, 0x99, + 0x8e, 0x94, 0xad, 0xe8, 0xeb, 0x83, 0xfb, 0xe0 } }, + { 32, + { 0x99, 0xe5, 0x82, 0x2d, 0xd4, 0x17, 0x3c, 0x99, 0x5e, 0x3d, 0xae, 0x0d, 0xde, 0xfb, 0x97, 0x74, 0x3f, 0xde, 0x3b, 0x08, 0x01, 0x34, 0xb3, 0x9f, - 0x76, 0xe9, 0xbf, 0x8d, 0x0e, 0x88, 0xd5, 0x46 - } - }, - { - 16, - { - 0x26, 0x37, 0x40, 0x8f, 0xe1, 0x30, 0x86, 0xea, - 0x73, 0xf9, 0x71, 0xe3, 0x42, 0x5e, 0x28, 0x20 - } - }, + 0x76, 0xe9, 0xbf, 0x8d, 0x0e, 0x88, 0xd5, 0x46 } }, + { 16, + { 0x26, 0x37, 0x40, 0x8f, 0xe1, 0x30, 0x86, 0xea, + 0x73, 0xf9, 0x71, 0xe3, 0x42, 0x5e, 0x28, 0x20 } }, }, /* * test vectors from Hanno Böck */ { - { - 257, - { - 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + { 257, + { 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x80, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, @@ -1054,84 +785,48 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x71, 0x92, 0x05, 0xa8, 0x52, 0x1d, - 0xfc - } - }, - { - 32, - { - 0x7f, 0x1b, 0x02, 0x64, 0x00, 0x00, 0x00, 0x00, + 0xfc } }, + { 32, + { 0x7f, 0x1b, 0x02, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc - } - }, - { - 16, - { - 0x85, 0x59, 0xb8, 0x76, 0xec, 0xee, 0xd6, 0x6e, - 0xb3, 0x77, 0x98, 0xc0, 0x45, 0x7b, 0xaf, 0xf9 - } - }, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc } }, + { 16, + { 0x85, 0x59, 0xb8, 0x76, 0xec, 0xee, 0xd6, 0x6e, + 0xb3, 0x77, 0x98, 0xc0, 0x45, 0x7b, 0xaf, 0xf9 } }, }, { - { - 39, - { - 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + { 39, + { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x64 - } - }, - { - 32, - { - 0xe0, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x64 } }, + { 32, + { 0xe0, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, - 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa - } - }, - { - 16, - { - 0x00, 0xbd, 0x12, 0x58, 0x97, 0x8e, 0x20, 0x54, - 0x44, 0xc9, 0xaa, 0xaa, 0x82, 0x00, 0x6f, 0xed - } - }, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa } }, + { 16, + { 0x00, 0xbd, 0x12, 0x58, 0x97, 0x8e, 0x20, 0x54, + 0x44, 0xc9, 0xaa, 0xaa, 0x82, 0x00, 0x6f, 0xed } }, }, { - { - 2, - { - 0x02, 0xfc - } - }, - { - 32, - { - 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + { 2, + { 0x02, 0xfc } }, + { 32, + { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, - 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c - } - }, - { - 16, - { - 0x06, 0x12, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, - 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c - } - }, + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c } }, + { 16, + { 0x06, 0x12, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c } }, }, { - { - 415, - { - 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + { 415, + { 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, @@ -1194,31 +889,19 @@ 0x00, 0x09, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc - } - }, - { - 32, - { - 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc } }, + { 32, + { 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, 0x7b - } - }, - { - 16, - { - 0x33, 0x20, 0x5b, 0xbf, 0x9e, 0x9f, 0x8f, 0x72, - 0x12, 0xab, 0x9e, 0x2a, 0xb9, 0xb7, 0xe4, 0xa5 - } - }, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, 0x7b } }, + { 16, + { 0x33, 0x20, 0x5b, 0xbf, 0x9e, 0x9f, 0x8f, 0x72, + 0x12, 0xab, 0x9e, 0x2a, 0xb9, 0xb7, 0xe4, 0xa5 } }, }, { - { - 118, - { - 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + { 118, + { 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, @@ -1235,34 +918,24 @@ 0xec, 0x01, 0x00, 0xac, 0xac, 0xac, 0x2c, 0xac, 0xa2, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, - 0xac, 0xac, 0xac, 0xac, 0x64, 0xf2 - } - }, - { - 32, - { - 0x00, 0x00, 0x00, 0x7f, 0x00, 0x00, 0x00, 0x7f, + 0xac, 0xac, 0xac, 0xac, 0x64, 0xf2 } }, + { 32, + { 0x00, 0x00, 0x00, 0x7f, 0x00, 0x00, 0x00, 0x7f, 0x01, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xcf, 0x77, 0x77, 0x77, 0x77, 0x77, - 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77 - } - }, - { - 16, - { - 0x02, 0xee, 0x7c, 0x8c, 0x54, 0x6d, 0xde, 0xb1, - 0xa4, 0x67, 0xe4, 0xc3, 0x98, 0x11, 0x58, 0xb9 - } - }, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77 } }, + { 16, + { 0x02, 0xee, 0x7c, 0x8c, 0x54, 0x6d, 0xde, 0xb1, + 0xa4, 0x67, 0xe4, 0xc3, 0x98, 0x11, 0x58, 0xb9 } }, }, /* * test vectors from Andrew Moon */ - { /* nacl */ + { + /* nacl */ { 131, - { - 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73, + { 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce, 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4, 0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a, @@ -1282,167 +955,108 @@ 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6, 0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74, - 0xe3, 0x55, 0xa5 - } - }, - { - 32, - { - 0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91, + 0xe3, 0x55, 0xa5 } }, + { 32, + { 0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91, 0x6d, 0x11, 0xc2, 0xcb, 0x21, 0x4d, 0x3c, 0x25, 0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23, 0x4e, 0x65, - 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80 - } - }, - { - 16, - { - 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5, - 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9 - } - }, + 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80 } }, + { 16, + { 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5, + 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9 } }, }, - { /* wrap 2^130-5 */ + { + /* wrap 2^130-5 */ { 16, - { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff - } - }, - { - 32, - { - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }, + { 32, + { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 16, - { - 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 16, + { 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, }, - { /* wrap 2^128 */ + { + /* wrap 2^128 */ { 16, - { - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 32, - { - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 32, + { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff - } - }, - { - 16, - { - 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }, + { 16, + { 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, }, - { /* limb carry */ + { + /* limb carry */ { 48, - { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 32, - { - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 32, + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 16, - { - 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 16, + { 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, }, - { /* 2^130-5 */ + { + /* 2^130-5 */ { 48, - { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfb, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 - } - }, - { - 32, - { - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 } }, + { 32, + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 16, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 16, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, + } }, }, - { /* 2^130-6 */ + { + /* 2^130-6 */ { 16, - { - 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff - } - }, - { - 32, - { - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }, + { 32, + { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 16, - { - 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff - } - }, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 16, + { 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } }, }, - { /* 5*H+L reduction intermediate */ + { + /* 5*H+L reduction intermediate */ { 64, - { - 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9, + { 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1450,31 +1064,20 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 32, - { - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 32, + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 16, - { - 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 16, + { 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, }, { /* 5*H+L reduction final */ { 48, - { - 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9, + { 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1482,25 +1085,15 @@ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 32, - { - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + } }, + { 32, + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - }, - { - 16, - { - 0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - } - } - } + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, + { 16, + { 0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } } } }; static int test_poly1305(int idx) @@ -1529,7 +1122,7 @@ if (inlen > 16) { Poly1305_Init(&poly1305, key); Poly1305_Update(&poly1305, in, 1); - Poly1305_Update(&poly1305, in+1, inlen-1); + Poly1305_Update(&poly1305, in + 1, inlen - 1); Poly1305_Final(&poly1305, out); if (!TEST_mem_eq(out, expectedlen, expected, expectedlen)) { @@ -1543,7 +1136,7 @@ Poly1305_Init(&poly1305, key); Poly1305_Update(&poly1305, in, half); - Poly1305_Update(&poly1305, in+half, inlen-half); + Poly1305_Update(&poly1305, in + half, inlen - half); Poly1305_Final(&poly1305, out); if (!TEST_mem_eq(out, expectedlen, expected, expectedlen)) { @@ -1554,12 +1147,12 @@ for (half = 16; half < inlen; half += 16) { Poly1305_Init(&poly1305, key); Poly1305_Update(&poly1305, in, half); - Poly1305_Update(&poly1305, in+half, inlen-half); + Poly1305_Update(&poly1305, in + half, inlen - half); Poly1305_Final(&poly1305, out); if (!TEST_mem_eq(out, expectedlen, expected, expectedlen)) { TEST_info("Poly1305 test #%d/%zu+%zu failed.", - idx, half, inlen-half); + idx, half, inlen - half); return 0; } } --- crypto/openssl/test/property_test.c.orig +++ crypto/openssl/test/property_test.c @@ -77,7 +77,7 @@ /* Check name and values are distinct */ && TEST_int_eq(ossl_property_value(ctx, "cold", 0), 0) && TEST_int_ne(ossl_property_name(ctx, "fnord", 0), - ossl_property_value(ctx, "fnord", 0))) + ossl_property_value(ctx, "fnord", 0))) res = 1; ossl_method_store_free(store); OSSL_LIB_CTX_free(ctx); @@ -115,7 +115,7 @@ { "n=0x3", "n=-3", -1 }, { "n=0x33", "n=51", 1 }, { "n=0x123456789abcdef", "n=0x123456789abcdef", 1 }, - { "n=0x7fffffffffffffff", "n=0x7fffffffffffffff", 1 }, /* INT64_MAX */ + { "n=0x7fffffffffffffff", "n=0x7fffffffffffffff", 1 }, /* INT64_MAX */ { "n=9223372036854775807", "n=9223372036854775807", 1 }, /* INT64_MAX */ { "n=0777777777777777777777", "n=0777777777777777777777", 1 }, /* INT64_MAX */ { "n=033", "n=27", 1 }, @@ -133,7 +133,7 @@ if (TEST_ptr(store = ossl_method_store_new(NULL)) && add_property_names("sky", "groan", "cold", "today", "tomorrow", "n", - NULL) + NULL) && TEST_ptr(p = ossl_parse_property(NULL, parser_tests[n].defn)) && TEST_ptr(q = ossl_parse_query(NULL, parser_tests[n].query, 0)) && TEST_int_eq(ossl_property_match_count(q, p), parser_tests[n].e)) @@ -170,26 +170,26 @@ int query; const char *ps; } parse_error_tests[] = { - { 0, "n=1, n=1" }, /* duplicate name */ - { 0, "n=1, a=hi, n=1" }, /* duplicate name */ - { 1, "n=1, a=bye, ?n=0" }, /* duplicate name */ - { 0, "a=abc,#@!, n=1" }, /* non-ASCII character located */ - { 1, "a='Hello" }, /* Unterminated string */ - { 0, "a=\"World" }, /* Unterminated string */ - { 0, "a=_abd_" }, /* Unquoted string not starting with alphabetic */ - { 1, "a=2, n=012345678" }, /* Bad octal digit */ - { 0, "n=0x28FG, a=3" }, /* Bad hex digit */ - { 0, "n=145d, a=2" }, /* Bad decimal digit */ - { 0, "n=0x8000000000000000, a=3" }, /* Hex overflow */ - { 0, "n=922337203000000000d, a=2" }, /* Decimal overflow */ + { 0, "n=1, n=1" }, /* duplicate name */ + { 0, "n=1, a=hi, n=1" }, /* duplicate name */ + { 1, "n=1, a=bye, ?n=0" }, /* duplicate name */ + { 0, "a=abc,#@!, n=1" }, /* non-ASCII character located */ + { 1, "a='Hello" }, /* Unterminated string */ + { 0, "a=\"World" }, /* Unterminated string */ + { 0, "a=_abd_" }, /* Unquoted string not starting with alphabetic */ + { 1, "a=2, n=012345678" }, /* Bad octal digit */ + { 0, "n=0x28FG, a=3" }, /* Bad hex digit */ + { 0, "n=145d, a=2" }, /* Bad decimal digit */ + { 0, "n=0x8000000000000000, a=3" }, /* Hex overflow */ + { 0, "n=922337203000000000d, a=2" }, /* Decimal overflow */ { 0, "a=2, n=1000000000000000000000" }, /* Octal overflow */ - { 1, "@='hello'" }, /* Invalid name */ + { 1, "@='hello'" }, /* Invalid name */ { 1, "n0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789=yes" }, /* Name too long */ - { 0, ".n=3" }, /* Invalid name */ - { 1, "fnord.fnord.=3" } /* Invalid name */ + { 0, ".n=3" }, /* Invalid name */ + { 1, "fnord.fnord.=3" } /* Invalid name */ }; static int test_property_parse_error(int n) @@ -210,7 +210,7 @@ goto err; } r = 1; - err: +err: ossl_property_free(p); ossl_method_store_free(store); return r; @@ -251,10 +251,10 @@ if (TEST_ptr(store = ossl_method_store_new(NULL)) && add_property_names("colour", "urn", "clouds", "pot", "day", "night", - NULL) + NULL) && TEST_ptr(prop = ossl_parse_property(NULL, merge_tests[n].prop)) && TEST_ptr(q_global = ossl_parse_query(NULL, merge_tests[n].q_global, - 0)) + 0)) && TEST_ptr(q_local = ossl_parse_query(NULL, merge_tests[n].q_local, 0)) && TEST_ptr(q_combined = ossl_property_merge(q_local, q_global)) && TEST_int_ge(ossl_property_match_count(q_combined, prop), 0)) @@ -280,7 +280,7 @@ && TEST_ptr_ne(red, blue) && TEST_true(ossl_prop_defn_set(NULL, "red", &red)); - if (!r) { + if (!r) { ossl_property_free(red); red = NULL; ossl_property_free(blue); @@ -318,7 +318,7 @@ { "alpha", "alpha=yes", 1 }, { "alpha=no", "alpha", -1 }, { "alpha=1", "alpha=1", 1 }, - { "alpha=2", "alpha=1",-1 }, + { "alpha=2", "alpha=1", -1 }, { "alpha", "omega", -1 }, { "alpha", "?omega", 0 }, { "alpha", "?omega=1", 0 }, @@ -369,8 +369,8 @@ for (i = 0; i < OSSL_NELEM(impls); i++) if (!TEST_true(ossl_method_store_add(store, &prov, impls[i].nid, - impls[i].prop, impls[i].impl, - &up_ref, &down_ref))) { + impls[i].prop, impls[i].impl, + &up_ref, &down_ref))) { TEST_note("iteration %zd", i + 1); goto err; } @@ -443,9 +443,9 @@ for (i = 0; i < OSSL_NELEM(impls); i++) if (!TEST_true(ossl_method_store_add(store, *impls[i].prov, - impls[i].nid, impls[i].prop, - impls[i].impl, - &up_ref, &down_ref))) { + impls[i].nid, impls[i].prop, + impls[i].impl, + &up_ref, &down_ref))) { TEST_note("iteration %zd", i + 1); goto err; } @@ -458,8 +458,8 @@ OSSL_PROPERTY_LIST *pq = NULL; if (!TEST_true(ossl_method_store_fetch(store, - queries[i].nid, queries[i].prop, - &nullprov, &result)) + queries[i].nid, queries[i].prop, + &nullprov, &result)) || !TEST_str_eq((char *)result, queries[i].expected)) { TEST_note("iteration %zd", i + 1); ossl_property_free(pq); @@ -476,9 +476,9 @@ result = NULL; if (queries[i].prov == &fake_prov1) { if (!TEST_true(ossl_method_store_fetch(store, - queries[i].nid, - queries[i].prop, - &fake_prov1, &result)) + queries[i].nid, + queries[i].prop, + &fake_prov1, &result)) || !TEST_ptr_eq(fake_prov1, &fake_provider1) || !TEST_str_eq((char *)result, queries[i].expected)) { TEST_note("iteration %zd", i + 1); @@ -487,9 +487,9 @@ } } else { if (!TEST_false(ossl_method_store_fetch(store, - queries[i].nid, - queries[i].prop, - &fake_prov1, &result)) + queries[i].nid, + queries[i].prop, + &fake_prov1, &result)) || !TEST_ptr_eq(fake_prov1, &fake_provider1) || !TEST_ptr_null(result)) { TEST_note("iteration %zd", i + 1); @@ -508,9 +508,9 @@ result = NULL; if (queries[i].prov == &fake_prov2) { if (!TEST_true(ossl_method_store_fetch(store, - queries[i].nid, - queries[i].prop, - &fake_prov2, &result)) + queries[i].nid, + queries[i].prop, + &fake_prov2, &result)) || !TEST_ptr_eq(fake_prov2, &fake_provider2) || !TEST_str_eq((char *)result, queries[i].expected)) { TEST_note("iteration %zd", i + 1); @@ -519,9 +519,9 @@ } } else { if (!TEST_false(ossl_method_store_fetch(store, - queries[i].nid, - queries[i].prop, - &fake_prov2, &result)) + queries[i].nid, + queries[i].prop, + &fake_prov2, &result)) || !TEST_ptr_eq(fake_prov2, &fake_provider2) || !TEST_ptr_null(result)) { TEST_note("iteration %zd", i + 1); @@ -556,13 +556,13 @@ v[i] = 2 * i; BIO_snprintf(buf, sizeof(buf), "n=%d\n", i); if (!TEST_true(ossl_method_store_add(store, &prov, i, buf, "abc", - &up_ref, &down_ref)) - || !TEST_true(ossl_method_store_cache_set(store, &prov, i, - buf, v + i, - &up_ref, &down_ref)) - || !TEST_true(ossl_method_store_cache_set(store, &prov, i, - "n=1234", "miss", - &up_ref, &down_ref))) { + &up_ref, &down_ref)) + || !TEST_true(ossl_method_store_cache_set(store, &prov, i, + buf, v + i, + &up_ref, &down_ref)) + || !TEST_true(ossl_method_store_cache_set(store, &prov, i, + "n=1234", "miss", + &up_ref, &down_ref))) { TEST_note("iteration %d", i); goto err; } @@ -590,20 +590,20 @@ goto err; ret = TEST_true(EVP_set_default_properties(ctx, "default=yes,fips=yes")) - && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) - && TEST_true(EVP_set_default_properties(ctx, "fips=no,default=yes")) - && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) - && TEST_true(EVP_set_default_properties(ctx, "fips=no")) - && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) - && TEST_true(EVP_set_default_properties(ctx, "fips!=no")) - && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) - && TEST_true(EVP_set_default_properties(ctx, "fips=no")) - && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) - && TEST_true(EVP_set_default_properties(ctx, "fips=no,default=yes")) - && TEST_true(EVP_default_properties_enable_fips(ctx, 1)) - && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) - && TEST_true(EVP_default_properties_enable_fips(ctx, 0)) - && TEST_false(EVP_default_properties_is_fips_enabled(ctx)); + && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips=no,default=yes")) + && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips=no")) + && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips!=no")) + && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips=no")) + && TEST_false(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_set_default_properties(ctx, "fips=no,default=yes")) + && TEST_true(EVP_default_properties_enable_fips(ctx, 1)) + && TEST_true(EVP_default_properties_is_fips_enabled(ctx)) + && TEST_true(EVP_default_properties_enable_fips(ctx, 0)) + && TEST_false(EVP_default_properties_is_fips_enabled(ctx)); err: OSSL_LIB_CTX_free(ctx); return ret; @@ -625,8 +625,8 @@ { "fips=yes,provider!=fips", "fips=yes,provider!=fips" }, { "fips=yes,?provider=fips", "fips=yes,?provider=fips" }, { "fips=yes,-provider", "fips=yes,-provider" }, - /* foo is an unknown internal name */ - { "foo=yes,fips=yes", "fips=yes"}, + /* foo is an unknown internal name */ + { "foo=yes,fips=yes", "fips=yes" }, { "", "" }, { "fips=3", "fips=3" }, { "fips=-3", "fips=-3" }, @@ -644,27 +644,43 @@ char *buf = NULL; if (to_string_tests[i].in != NULL - && !TEST_ptr(pl = ossl_parse_query(NULL, to_string_tests[i].in, 1))) + && !TEST_ptr(pl = ossl_parse_query(NULL, to_string_tests[i].in, 1))) goto err; bufsize = ossl_property_list_to_string(NULL, pl, NULL, 0); if (!TEST_size_t_gt(bufsize, 0)) goto err; buf = OPENSSL_malloc(bufsize); if (!TEST_ptr(buf) - || !TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf, - bufsize), - bufsize) - || !TEST_str_eq(to_string_tests[i].out, buf) - || !TEST_size_t_eq(bufsize, strlen(to_string_tests[i].out) + 1)) + || !TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf, + bufsize), + bufsize) + || !TEST_str_eq(to_string_tests[i].out, buf) + || !TEST_size_t_eq(bufsize, strlen(to_string_tests[i].out) + 1)) goto err; ret = 1; - err: +err: OPENSSL_free(buf); ossl_property_free(pl); return ret; } +static int test_property_list_to_string_bounds(void) +{ + OSSL_PROPERTY_LIST *pl = NULL; + char buf[16]; + int ret = 0; + + if (!TEST_ptr(pl = ossl_parse_query(NULL, "provider='$1'", 1))) + goto err; + if (!TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf, 10), 14)) + goto err; + ret = 1; +err: + ossl_property_free(pl); + return ret; +} + int setup_tests(void) { ADD_TEST(test_property_string); @@ -679,5 +695,6 @@ ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); + ADD_TEST(test_property_list_to_string_bounds); return 1; } --- crypto/openssl/test/prov_config_test.c.orig +++ crypto/openssl/test/prov_config_test.c @@ -40,7 +40,7 @@ goto err; testresult = 1; - err: +err: EVP_MD_free(sha256); OSSL_LIB_CTX_free(ctx); return testresult; @@ -62,7 +62,7 @@ /* We expect to get a recursion error here */ if (ERR_GET_REASON(err) == CONF_R_RECURSIVE_SECTION_REFERENCE) testresult = 1; - err: +err: OSSL_LIB_CTX_free(ctx); return testresult; } @@ -110,7 +110,7 @@ OSSL_PROVIDER_unload(prov); testresult = 1; - err: +err: OSSL_LIB_CTX_free(ctx); return testresult; } --- crypto/openssl/test/provfetchtest.c.orig +++ crypto/openssl/test/provfetchtest.c @@ -17,8 +17,8 @@ #include "testutil.h" static int dummy_decoder_decode(void *ctx, OSSL_CORE_BIO *cin, int selection, - OSSL_CALLBACK *object_cb, void *object_cbarg, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { return 0; } @@ -34,9 +34,9 @@ }; static int dummy_encoder_encode(void *ctx, OSSL_CORE_BIO *out, - const void *obj_raw, - const OSSL_PARAM obj_abstract[], int selection, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) + const void *obj_raw, + const OSSL_PARAM obj_abstract[], int selection, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { return 0; } @@ -56,9 +56,9 @@ return NULL; } -static int dummy_store_load(void *loaderctx, OSSL_CALLBACK *object_cb, - void *object_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, - void *pw_cbarg) +static int dummy_store_load(void *loaderctx, OSSL_CALLBACK *object_cb, + void *object_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, + void *pw_cbarg) { return 0; } @@ -87,7 +87,7 @@ }; static void *dummy_rand_newctx(void *provctx, void *parent, - const OSSL_DISPATCH *parent_calls) + const OSSL_DISPATCH *parent_calls) { return provctx; } @@ -97,9 +97,9 @@ } static int dummy_rand_instantiate(void *vdrbg, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, - const OSSL_PARAM params[]) + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]) { return 1; } @@ -110,12 +110,12 @@ } static int dummy_rand_generate(void *vctx, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *addin, size_t addin_len) + unsigned int strength, int prediction_resistance, + const unsigned char *addin, size_t addin_len) { size_t i; - for (i = 0; i prostnemluvesky */ + 0x0645, 0x0648, 0x0634, 0x0639, 0x0631, 0x0628, 0x064A, 0x061F }, + "egbpdaj6bu4bxfgehfvwxn" }, + { /* Chinese (simplified) */ + { 0x4ED6, 0x4EEC, 0x4E3A, 0x4EC0, 0x4E48, 0x4E0D, 0x8BF4, 0x4E2D, 0x6587 }, + "ihqwcrb4cv8a8dqg056pqjye" }, + { /* Chinese (traditional) */ + { 0x4ED6, 0x5011, 0x7232, 0x4EC0, 0x9EBD, 0x4E0D, 0x8AAA, 0x4E2D, 0x6587 }, + "ihqwctvzc91f659drss3x8bo0yb" }, + { /* Czech: Proprostnemluvesky */ { 0x0050, 0x0072, 0x006F, 0x010D, 0x0070, 0x0072, 0x006F, 0x0073, 0x0074, - 0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D, - 0x0065, 0x0073, 0x006B, 0x0079 - }, - "Proprostnemluvesky-uyb24dma41a" - }, - { /* Hebrew */ + 0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D, + 0x0065, 0x0073, 0x006B, 0x0079 }, + "Proprostnemluvesky-uyb24dma41a" }, + { /* Hebrew */ { 0x05DC, 0x05DE, 0x05D4, 0x05D4, 0x05DD, 0x05E4, 0x05E9, 0x05D5, 0x05D8, - 0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2, - 0x05D1, 0x05E8, 0x05D9, 0x05EA - }, - "4dbcagdahymbxekheh6e0a7fei0b" - }, - { /* Hindi (Devanagari) */ + 0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2, + 0x05D1, 0x05E8, 0x05D9, 0x05EA }, + "4dbcagdahymbxekheh6e0a7fei0b" }, + { /* Hindi (Devanagari) */ { 0x092F, 0x0939, 0x0932, 0x094B, 0x0917, 0x0939, 0x093F, 0x0928, 0x094D, - 0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939, - 0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947, - 0x0939, 0x0948, 0x0902 - }, - "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd" - }, - { /* Japanese (kanji and hiragana) */ + 0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939, + 0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947, + 0x0939, 0x0948, 0x0902 }, + "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd" }, + { /* Japanese (kanji and hiragana) */ { 0x306A, 0x305C, 0x307F, 0x3093, 0x306A, 0x65E5, 0x672C, 0x8A9E, 0x3092, - 0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B - }, - "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa" - }, - { /* Korean (Hangul syllables) */ + 0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B }, + "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa" }, + { /* Korean (Hangul syllables) */ { 0xC138, 0xACC4, 0xC758, 0xBAA8, 0xB4E0, 0xC0AC, 0xB78C, 0xB4E4, 0xC774, - 0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74, - 0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C - }, - "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c" - }, - { /* Russian (Cyrillic) */ + 0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74, + 0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C }, + "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c" }, + { /* Russian (Cyrillic) */ { 0x043F, 0x043E, 0x0447, 0x0435, 0x043C, 0x0443, 0x0436, 0x0435, 0x043E, - 0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440, - 0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A, - 0x0438 - }, - "b1abfaaepdrnnbgefbaDotcwatmq2g4l" - }, - { /* Spanish */ + 0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440, + 0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A, + 0x0438 }, + "b1abfaaepdrnnbgefbaDotcwatmq2g4l" }, + { /* Spanish */ { 0x0050, 0x006F, 0x0072, 0x0071, 0x0075, 0x00E9, 0x006E, 0x006F, 0x0070, - 0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070, - 0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061, - 0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070, - 0x0061, 0x00F1, 0x006F, 0x006C - }, - "PorqunopuedensimplementehablarenEspaol-fmd56a" - }, - { /* Vietnamese */ + 0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070, + 0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061, + 0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070, + 0x0061, 0x00F1, 0x006F, 0x006C }, + "PorqunopuedensimplementehablarenEspaol-fmd56a" }, + { /* Vietnamese */ { 0x0054, 0x1EA1, 0x0069, 0x0073, 0x0061, 0x006F, 0x0068, 0x1ECD, 0x006B, - 0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068, - 0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067, - 0x0056, 0x0069, 0x1EC7, 0x0074 - }, - "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g" - }, - { /* Japanese: 3B */ - { 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F - }, - "3B-ww4c5e180e575a65lsy2b" - }, - { /* Japanese: -with-SUPER-MONKEYS */ + 0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068, + 0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067, + 0x0056, 0x0069, 0x1EC7, 0x0074 }, + "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g" }, + { /* Japanese: 3B */ + { 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F }, + "3B-ww4c5e180e575a65lsy2b" }, + { /* Japanese: -with-SUPER-MONKEYS */ { 0x5B89, 0x5BA4, 0x5948, 0x7F8E, 0x6075, 0x002D, 0x0077, 0x0069, 0x0074, - 0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D, - 0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053 - }, - "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n" - }, - { /* Japanese: Hello-Another-Way- */ + 0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D, + 0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053 }, + "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n" }, + { /* Japanese: Hello-Another-Way- */ { 0x0048, 0x0065, 0x006C, 0x006C, 0x006F, 0x002D, 0x0041, 0x006E, 0x006F, - 0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D, - 0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240 - }, - "Hello-Another-Way--fc4qua05auwb3674vfr0b" - }, - { /* Japanese: 2 */ - { 0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032 - }, - "2-u9tlzr9756bt3uc0v" - }, - { /* Japanese: MajiKoi5 */ + 0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D, + 0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240 }, + "Hello-Another-Way--fc4qua05auwb3674vfr0b" }, + { /* Japanese: 2 */ + { 0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032 }, + "2-u9tlzr9756bt3uc0v" }, + { /* Japanese: MajiKoi5 */ { 0x004D, 0x0061, 0x006A, 0x0069, 0x3067, 0x004B, 0x006F, 0x0069, 0x3059, - 0x308B, 0x0035, 0x79D2, 0x524D - }, - "MajiKoi5-783gue6qz075azm5e" - }, - { /* Japanese: de */ - { 0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0 - }, - "de-jg4avhby1noc0d" - }, - { /* Japanese: */ - { 0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067 - }, - "d9juau41awczczp" - }, - { /* -> $1.00 <- */ + 0x308B, 0x0035, 0x79D2, 0x524D }, + "MajiKoi5-783gue6qz075azm5e" }, + { /* Japanese: de */ + { 0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0 }, + "de-jg4avhby1noc0d" }, + { /* Japanese: */ + { 0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067 }, + "d9juau41awczczp" }, + { /* -> $1.00 <- */ { 0x002D, 0x003E, 0x0020, 0x0024, 0x0031, 0x002E, 0x0030, 0x0030, 0x0020, - 0x003C, 0x002D - }, - "-> $1.00 <--" - } + 0x003C, 0x002D }, + "-> $1.00 <--" } }; static int test_punycode(int n) @@ -152,13 +113,13 @@ size_t i; if (!TEST_true(ossl_punycode_decode(tc->encoded, strlen(tc->encoded), - buffer, &bsize))) + buffer, &bsize))) return 0; for (i = 0; i < OSSL_NELEM(tc->raw); i++) if (tc->raw[i] == 0) break; if (!TEST_mem_eq(buffer, bsize * sizeof(*buffer), - tc->raw, i * sizeof(*tc->raw))) + tc->raw, i * sizeof(*tc->raw))) return 0; return 1; } @@ -174,22 +135,22 @@ * verifying that behaviour here. */ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", NULL, &outlen), 0) - || !TEST_size_t_eq(outlen, 7) - || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)) + || !TEST_size_t_eq(outlen, 7) + || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)) return 0; /* Test that a short input length returns the true length */ outlen = 1; if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) - || !TEST_size_t_eq(outlen, 7) - || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) - || !TEST_str_eq(out,"\xc2\x80.b.c")) + || !TEST_size_t_eq(outlen, 7) + || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) + || !TEST_str_eq(out, "\xc2\x80.b.c")) return 0; /* Test for an off by one on the buffer size works */ outlen = 6; if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) - || !TEST_size_t_eq(outlen, 7) - || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) - || !TEST_str_eq(out,"\xc2\x80.b.c")) + || !TEST_size_t_eq(outlen, 7) + || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) + || !TEST_str_eq(out, "\xc2\x80.b.c")) return 0; return 1; } --- crypto/openssl/test/rand_test.c.orig +++ crypto/openssl/test/rand_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the >License>). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,28 +19,37 @@ OSSL_PARAM params[2], *p = params; unsigned char entropy1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 }; unsigned char entropy2[] = { 0xff, 0xfe, 0xfd }; + unsigned char nonce[] = { 0x00, 0x01, 0x02, 0x03, 0x04 }; unsigned char outbuf[3]; *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, - entropy1, sizeof(entropy1)); + entropy1, sizeof(entropy1)); *p = OSSL_PARAM_construct_end(); if (!TEST_ptr(privctx = RAND_get0_private(NULL)) - || !TEST_true(EVP_RAND_CTX_set_params(privctx, params)) - || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0) - || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy1, sizeof(outbuf)) - || !TEST_int_le(RAND_priv_bytes(outbuf, sizeof(outbuf) + 1), 0) - || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0) - || !TEST_mem_eq(outbuf, sizeof(outbuf), - entropy1 + sizeof(outbuf), sizeof(outbuf))) + || !TEST_true(EVP_RAND_CTX_set_params(privctx, params)) + || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0) + || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy1, sizeof(outbuf)) + || !TEST_int_le(RAND_priv_bytes(outbuf, sizeof(outbuf) + 1), 0) + || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0) + || !TEST_mem_eq(outbuf, sizeof(outbuf), + entropy1 + sizeof(outbuf), sizeof(outbuf))) return 0; *params = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, - entropy2, sizeof(entropy2)); + entropy2, sizeof(entropy2)); if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params)) - || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0) - || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf))) + || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0) + || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf))) return 0; + + *params = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, + nonce, sizeof(nonce)); + if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params)) + || !TEST_true(EVP_RAND_nonce(privctx, outbuf, sizeof(outbuf))) + || !TEST_mem_eq(outbuf, sizeof(outbuf), nonce, sizeof(outbuf))) + return 0; + return 1; } --- crypto/openssl/test/rc2test.c.orig +++ crypto/openssl/test/rc2test.c @@ -17,31 +17,31 @@ #include "testutil.h" #ifndef OPENSSL_NO_RC2 -# include +#include static unsigned char RC2key[4][16] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, }; static unsigned char RC2plain[4][8] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, }; static unsigned char RC2cipher[4][8] = { - {0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7}, - {0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74}, - {0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E}, - {0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31}, + { 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7 }, + { 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74 }, + { 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E }, + { 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31 }, }; static int test_rc2(const int n) @@ -50,7 +50,7 @@ RC2_KEY key; unsigned char buf[8], buf2[8]; - RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */ ); + RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */); RC2_ecb_encrypt(&RC2plain[n][0], buf, &key, RC2_ENCRYPT); if (!TEST_mem_eq(&RC2cipher[n][0], 8, buf, 8)) --- crypto/openssl/test/rc4test.c.orig +++ crypto/openssl/test/rc4test.c @@ -19,46 +19,46 @@ #include "testutil.h" #ifndef OPENSSL_NO_RC4 -# include -# include +#include +#include static unsigned char keys[6][30] = { - {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, - {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, - {8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {4, 0xef, 0x01, 0x23, 0x45}, - {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, - {4, 0xef, 0x01, 0x23, 0x45}, + { 8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }, + { 8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }, + { 8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 4, 0xef, 0x01, 0x23, 0x45 }, + { 8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }, + { 4, 0xef, 0x01, 0x23, 0x45 }, }; static unsigned char data_len[6] = { 8, 8, 8, 20, 28, 10 }; static unsigned char data[6][30] = { - {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xff}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0xff}, - {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, - 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, - 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, - 0x12, 0x34, 0x56, 0x78, 0xff}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xff }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff }, + { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0xff }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff }, }; static unsigned char output[6][30] = { - {0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, 0x00}, - {0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, 0x00}, - {0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, 0x00}, - {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, - 0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba, - 0x36, 0xb6, 0x78, 0x58, 0x00}, - {0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89, - 0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c, - 0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87, - 0x40, 0x01, 0x1e, 0xcf, 0x00}, - {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, 0xbd, 0x61, 0x00}, + { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, 0x00 }, + { 0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, 0x00 }, + { 0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, 0x00 }, + { 0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, + 0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba, + 0x36, 0xb6, 0x78, 0x58, 0x00 }, + { 0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89, + 0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c, + 0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87, + 0x40, 0x01, 0x1e, 0xcf, 0x00 }, + { 0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, 0xbd, 0x61, 0x00 }, }; static int test_rc4_encrypt(const int i) --- crypto/openssl/test/rc5test.c.orig +++ crypto/openssl/test/rc5test.c @@ -19,166 +19,189 @@ #include "testutil.h" #ifndef OPENSSL_NO_RC5 -# include +#include static unsigned char RC5key[5][16] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x91, 0x5f, 0x46, 0x19, 0xbe, 0x41, 0xb2, 0x51, - 0x63, 0x55, 0xa5, 0x01, 0x10, 0xa9, 0xce, 0x91}, - {0x78, 0x33, 0x48, 0xe7, 0x5a, 0xeb, 0x0f, 0x2f, - 0xd7, 0xb1, 0x69, 0xbb, 0x8d, 0xc1, 0x67, 0x87}, - {0xdc, 0x49, 0xdb, 0x13, 0x75, 0xa5, 0x58, 0x4f, - 0x64, 0x85, 0xb4, 0x13, 0xb5, 0xf1, 0x2b, 0xaf}, - {0x52, 0x69, 0xf1, 0x49, 0xd4, 0x1b, 0xa0, 0x15, - 0x24, 0x97, 0x57, 0x4d, 0x7f, 0x15, 0x31, 0x25}, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x91, 0x5f, 0x46, 0x19, 0xbe, 0x41, 0xb2, 0x51, + 0x63, 0x55, 0xa5, 0x01, 0x10, 0xa9, 0xce, 0x91 }, + { 0x78, 0x33, 0x48, 0xe7, 0x5a, 0xeb, 0x0f, 0x2f, + 0xd7, 0xb1, 0x69, 0xbb, 0x8d, 0xc1, 0x67, 0x87 }, + { 0xdc, 0x49, 0xdb, 0x13, 0x75, 0xa5, 0x58, 0x4f, + 0x64, 0x85, 0xb4, 0x13, 0xb5, 0xf1, 0x2b, 0xaf }, + { 0x52, 0x69, 0xf1, 0x49, 0xd4, 0x1b, 0xa0, 0x15, + 0x24, 0x97, 0x57, 0x4d, 0x7f, 0x15, 0x31, 0x25 }, }; static unsigned char RC5plain[5][8] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D}, - {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52}, - {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92}, - {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC}, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D }, + { 0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52 }, + { 0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92 }, + { 0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC }, }; static unsigned char RC5cipher[5][8] = { - {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D}, - {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52}, - {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92}, - {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC}, - {0xEB, 0x44, 0xE4, 0x15, 0xDA, 0x31, 0x98, 0x24}, + { 0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D }, + { 0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52 }, + { 0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92 }, + { 0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC }, + { 0xEB, 0x44, 0xE4, 0x15, 0xDA, 0x31, 0x98, 0x24 }, }; -# define RC5_CBC_NUM 27 +#define RC5_CBC_NUM 27 static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8] = { - {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1e}, - {0x79, 0x7b, 0xba, 0x4d, 0x78, 0x11, 0x1d, 0x1e}, - {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f}, - {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f}, - {0x8b, 0x9d, 0xed, 0x91, 0xce, 0x77, 0x94, 0xa6}, - {0x2f, 0x75, 0x9f, 0xe7, 0xad, 0x86, 0xa3, 0x78}, - {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88}, - {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88}, - {0xdc, 0xfe, 0x09, 0x85, 0x77, 0xec, 0xa5, 0xff}, - {0x96, 0x46, 0xfb, 0x77, 0x63, 0x8f, 0x9c, 0xa8}, - {0xb2, 0xb3, 0x20, 0x9d, 0xb6, 0x59, 0x4d, 0xa4}, - {0x54, 0x5f, 0x7f, 0x32, 0xa5, 0xfc, 0x38, 0x36}, - {0x82, 0x85, 0xe7, 0xc1, 0xb5, 0xbc, 0x74, 0x02}, - {0xfc, 0x58, 0x6f, 0x92, 0xf7, 0x08, 0x09, 0x34}, - {0xcf, 0x27, 0x0e, 0xf9, 0x71, 0x7f, 0xf7, 0xc4}, - {0xe4, 0x93, 0xf1, 0xc1, 0xbb, 0x4d, 0x6e, 0x8c}, - {0x5c, 0x4c, 0x04, 0x1e, 0x0f, 0x21, 0x7a, 0xc3}, - {0x92, 0x1f, 0x12, 0x48, 0x53, 0x73, 0xb4, 0xf7}, - {0x5b, 0xa0, 0xca, 0x6b, 0xbe, 0x7f, 0x5f, 0xad}, - {0xc5, 0x33, 0x77, 0x1c, 0xd0, 0x11, 0x0e, 0x63}, - {0x29, 0x4d, 0xdb, 0x46, 0xb3, 0x27, 0x8d, 0x60}, - {0xda, 0xd6, 0xbd, 0xa9, 0xdf, 0xe8, 0xf7, 0xe8}, - {0x97, 0xe0, 0x78, 0x78, 0x37, 0xed, 0x31, 0x7f}, - {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78}, - {0x8f, 0x34, 0xc3, 0xc6, 0x81, 0xc9, 0x96, 0x95}, - {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11}, - {0x7f, 0xd1, 0xa0, 0x23, 0xa5, 0xbb, 0xa2, 0x17}, + { 0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1e }, + { 0x79, 0x7b, 0xba, 0x4d, 0x78, 0x11, 0x1d, 0x1e }, + { 0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f }, + { 0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f }, + { 0x8b, 0x9d, 0xed, 0x91, 0xce, 0x77, 0x94, 0xa6 }, + { 0x2f, 0x75, 0x9f, 0xe7, 0xad, 0x86, 0xa3, 0x78 }, + { 0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88 }, + { 0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88 }, + { 0xdc, 0xfe, 0x09, 0x85, 0x77, 0xec, 0xa5, 0xff }, + { 0x96, 0x46, 0xfb, 0x77, 0x63, 0x8f, 0x9c, 0xa8 }, + { 0xb2, 0xb3, 0x20, 0x9d, 0xb6, 0x59, 0x4d, 0xa4 }, + { 0x54, 0x5f, 0x7f, 0x32, 0xa5, 0xfc, 0x38, 0x36 }, + { 0x82, 0x85, 0xe7, 0xc1, 0xb5, 0xbc, 0x74, 0x02 }, + { 0xfc, 0x58, 0x6f, 0x92, 0xf7, 0x08, 0x09, 0x34 }, + { 0xcf, 0x27, 0x0e, 0xf9, 0x71, 0x7f, 0xf7, 0xc4 }, + { 0xe4, 0x93, 0xf1, 0xc1, 0xbb, 0x4d, 0x6e, 0x8c }, + { 0x5c, 0x4c, 0x04, 0x1e, 0x0f, 0x21, 0x7a, 0xc3 }, + { 0x92, 0x1f, 0x12, 0x48, 0x53, 0x73, 0xb4, 0xf7 }, + { 0x5b, 0xa0, 0xca, 0x6b, 0xbe, 0x7f, 0x5f, 0xad }, + { 0xc5, 0x33, 0x77, 0x1c, 0xd0, 0x11, 0x0e, 0x63 }, + { 0x29, 0x4d, 0xdb, 0x46, 0xb3, 0x27, 0x8d, 0x60 }, + { 0xda, 0xd6, 0xbd, 0xa9, 0xdf, 0xe8, 0xf7, 0xe8 }, + { 0x97, 0xe0, 0x78, 0x78, 0x37, 0xed, 0x31, 0x7f }, + { 0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78 }, + { 0x8f, 0x34, 0xc3, 0xc6, 0x81, 0xc9, 0x96, 0x95 }, + { 0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11 }, + { 0x7f, 0xd1, 0xa0, 0x23, 0xa5, 0xbb, 0xa2, 0x17 }, }; static unsigned char rc5_cbc_key[RC5_CBC_NUM][17] = { - {1, 0x00}, - {1, 0x00}, - {1, 0x00}, - {1, 0x00}, - {1, 0x00}, - {1, 0x11}, - {1, 0x00}, - {4, 0x00, 0x00, 0x00, 0x00}, - {1, 0x00}, - {1, 0x00}, - {1, 0x00}, - {1, 0x00}, - {4, 0x01, 0x02, 0x03, 0x04}, - {4, 0x01, 0x02, 0x03, 0x04}, - {4, 0x01, 0x02, 0x03, 0x04}, - {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {5, 0x01, 0x02, 0x03, 0x04, 0x05}, - {5, 0x01, 0x02, 0x03, 0x04, 0x05}, - {5, 0x01, 0x02, 0x03, 0x04, 0x05}, - {5, 0x01, 0x02, 0x03, 0x04, 0x05}, - {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + { 1, 0x00 }, + { 1, 0x00 }, + { 1, 0x00 }, + { 1, 0x00 }, + { 1, 0x00 }, + { 1, 0x11 }, + { 1, 0x00 }, + { 4, 0x00, 0x00, 0x00, 0x00 }, + { 1, 0x00 }, + { 1, 0x00 }, + { 1, 0x00 }, + { 1, 0x00 }, + { 4, 0x01, 0x02, 0x03, 0x04 }, + { 4, 0x01, 0x02, 0x03, 0x04 }, + { 4, 0x01, 0x02, 0x03, 0x04 }, + { 8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 5, 0x01, 0x02, 0x03, 0x04, 0x05 }, + { 5, 0x01, 0x02, 0x03, 0x04, 0x05 }, + { 5, 0x01, 0x02, 0x03, 0x04, 0x05 }, + { 5, 0x01, 0x02, 0x03, 0x04, 0x05 }, + { 5, 0x01, 0x02, 0x03, 0x04, 0x05 }, }; static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x01}, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80 }, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x01 }, }; static int rc5_cbc_rounds[RC5_CBC_NUM] = { - 0, 0, 0, 0, 0, 1, 2, 2, - 8, 8, 12, 16, 8, 12, 16, 12, - 8, 12, 16, 8, 12, 16, 12, 8, - 8, 8, 8, + 0, + 0, + 0, + 0, + 0, + 1, + 2, + 2, + 8, + 8, + 12, + 16, + 8, + 12, + 16, + 12, + 8, + 12, + 16, + 8, + 12, + 16, + 12, + 8, + 8, + 8, + 8, }; static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8] = { - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11}, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11 }, }; static int test_rc5_ecb(int n) @@ -211,21 +234,21 @@ i = rc5_cbc_rounds[n]; if (i >= 8) { if (!TEST_true(RC5_32_set_key(&key, rc5_cbc_key[n][0], - &rc5_cbc_key[n][1], i))) + &rc5_cbc_key[n][1], i))) return 0; memcpy(ivb, &rc5_cbc_iv[n][0], 8); RC5_32_cbc_encrypt(&rc5_cbc_plain[n][0], buf, 8, - &key, &ivb[0], RC5_ENCRYPT); + &key, &ivb[0], RC5_ENCRYPT); if (!TEST_mem_eq(&rc5_cbc_cipher[n][0], sizeof(rc5_cbc_cipher[0]), - buf, sizeof(buf))) + buf, sizeof(buf))) testresult = 0; memcpy(ivb, &rc5_cbc_iv[n][0], 8); RC5_32_cbc_encrypt(buf, buf2, 8, &key, &ivb[0], RC5_DECRYPT); if (!TEST_mem_eq(&rc5_cbc_plain[n][0], sizeof(rc5_cbc_plain[0]), - buf2, sizeof(buf2))) + buf2, sizeof(buf2))) testresult = 0; } --- crypto/openssl/test/rdrand_sanitytest.c.orig +++ crypto/openssl/test/rdrand_sanitytest.c @@ -13,9 +13,7 @@ #include "testutil.h" #include "internal/cryptlib.h" -#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) +#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)) && defined(OPENSSL_CPUID_OBJ) size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); @@ -24,7 +22,7 @@ int rounds, int min_failures, int max_retries, int max_zero_words) { int testresult = 0; - unsigned char prior[31] = {0}, buf[31] = {0}, check[7]; + unsigned char prior[31] = { 0 }, buf[31] = { 0 }, check[7]; int failures = 0, zero_words = 0; int i; @@ -46,7 +44,7 @@ */ size_t j; for (j = 0; j < sizeof(buf) - 1; j++) { - if (buf[j] == 0 && buf[j+1] == 0) { + if (buf[j] == 0 && buf[j + 1] == 0) { zero_words++; } } @@ -111,7 +109,6 @@ return 1; } - #else int setup_tests(void) --- crypto/openssl/test/recipes/04-test_asn1_parse.t.orig +++ crypto/openssl/test/recipes/04-test_asn1_parse.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ setup("test_asn1_parse"); -plan tests => 3; +plan tests => 4; $ENV{OPENSSL_CONF} = srctop_file("test", "test_asn1_parse.cnf"); @@ -24,3 +24,6 @@ ok(run(app(([ 'openssl', 'asn1parse', '-genstr', 'OID:1.2.3.4.3'])))); + +ok(run(app(([ 'openssl', 'asn1parse', + '-genconf', srctop_file("test", "test_asn1_genconf.cnf")])))); --- crypto/openssl/test/recipes/10-test_bn_data/bnmod.txt.orig +++ crypto/openssl/test/recipes/10-test_bn_data/bnmod.txt @@ -1,4 +1,4 @@ -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2010,6 +2010,14 @@ B = 8bdfa8fe5ef3b2ad02bc63c4d M = 84daecf412b8c50ad6dfdb546c3eb783dcc6f32003eda914bb +# These test vectors satisfy A ^ 2 = ModSqr (mod M) and 0 <= ModSqr < M. + +Title = ModSqr tests + +# Regression test for https://github.com/openssl/openssl/issues/15587 +ModSqr = 166794ed50cb31b6e6a319f7474416c266d5c3f3115ea2a7ed9638367d1f955f66a7179ee3ce5ee5e04e63c46781f1192beac3abb26ff238f5ed2f5505ae06003ff +A = 1407833bd4c893195cc32f56a507f15140be687a1994febe0bdbe793125f010a3c1c814737b10ab690498b7990ce4e625ad2f32cbf42626cb9649da38a5c9c76a99 +M = 1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff # These test vectors satisfy A ^ E = ModExp (mod M) and 0 <= ModExp < M. --- crypto/openssl/test/recipes/15-test_ec.t.orig +++ crypto/openssl/test/recipes/15-test_ec.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ plan skip_all => 'EC is not supported in this build' if disabled('ec'); -plan tests => 15; +plan tests => 16; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -33,6 +33,16 @@ tconversion( -type => 'ec', -prefix => 'ec-priv', -in => srctop_file("test","testec-p256.pem") ); }; + +SKIP: { + skip "SM2 is not supported by this OpenSSL build", 1 + if disabled("sm2"); + subtest 'EC conversions -- private key' => sub { + tconversion( -type => 'ec', -prefix => 'sm2-priv', + -in => srctop_file("test","testec-sm2.pem") ); + }; +} + subtest 'EC conversions -- private key PKCS#8' => sub { tconversion( -type => 'ec', -prefix => 'ec-pkcs8', -in => srctop_file("test","testec-p256.pem"), --- crypto/openssl/test/recipes/15-test_ecparam.t.orig +++ crypto/openssl/test/recipes/15-test_ecparam.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,6 +25,10 @@ my @noncanon = glob(data_file("noncanon", "*.pem")); my @invalid = glob(data_file("invalid", "*.pem")); +if (disabled("sm2")) { + @valid = grep { !/sm2-.*\.pem/} @valid; +} + plan tests => 12; sub checkload { --- /dev/null +++ crypto/openssl/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN SM2 PARAMETERS----- +MIHgAgEBMCwGByqGSM49AQECIQD////+/////////////////////wAAAAD///// +/////zBEBCD////+/////////////////////wAAAAD//////////AQgKOn6np2f +XjRNWp5Lz2UJp/OXifUVq4+S3by9QU2UDpMEQQQyxK4sHxmBGV+ZBEZqOcmUj+ML +v/JmC+FxWkWJM0x0x7w3NqL09necWb3O42tpIVPQqYd8xipHQALfMuUhOfCgAiEA +/////v///////////////3ID32shxgUrU7v0CTnVQSMCAQE= +-----END SM2 PARAMETERS----- --- /dev/null +++ crypto/openssl/test/recipes/15-test_ecparam_data/valid/sm2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN SM2 PARAMETERS----- +BggqgRzPVQGCLQ== +-----END SM2 PARAMETERS----- --- crypto/openssl/test/recipes/15-test_gensm2.t.orig +++ crypto/openssl/test/recipes/15-test_gensm2.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ # These are special key generation tests for SM2 keys specifically, # as they could be said to be a bit special in their encoding. -# This is an auxilliary test to 15-test_genec.t +# This is an auxiliary test to 15-test_genec.t setup("test_gensm2"); --- /dev/null +++ crypto/openssl/test/recipes/20-test_nocache.t @@ -0,0 +1,34 @@ +#! /usr/bin/env perl +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/; +use OpenSSL::Test::Utils; + +setup("test_nocache"); + +plan tests => 4; + +ok(run(app(["openssl", "list", "-mac-algorithms"], + stdout => "listout.txt")), +"List mac algorithms - default configuration"); +open DATA, "listout.txt"; +my @match = grep /MAC/, ; +close DATA; +ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - default configuration"); + +$ENV{OPENSSL_CONF} = bldtop_file("test", "nocache-and-default.cnf"); +ok(run(app(["openssl", "list", "-mac-algorithms"], + stdout => "listout.txt")), +"List mac algorithms"); +open DATA, "listout.txt"; +my @match = grep /MAC/, ; +close DATA; +ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - nocache-and-default"); --- crypto/openssl/test/recipes/25-test_verify.t.orig +++ crypto/openssl/test/recipes/25-test_verify.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ use strict; use warnings; +use Cwd qw(abs_path); use File::Spec::Functions qw/canonpath/; use File::Copy; use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/; @@ -17,19 +18,19 @@ setup("test_verify"); +my @certspath = qw(test certs); sub verify { my ($cert, $purpose, $trusted, $untrusted, @opts) = @_; - my @path = qw(test certs); my @args = qw(openssl verify -auth_level 1); push(@args, "-purpose", $purpose) if $purpose ne ""; push(@args, @opts); - for (@$trusted) { push(@args, "-trusted", srctop_file(@path, "$_.pem")) } - for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) } - push(@args, srctop_file(@path, "$cert.pem")); + for (@$trusted) { push(@args, "-trusted", srctop_file(@certspath, "$_.pem")) } + for (@$untrusted) { push(@args, "-untrusted", srctop_file(@certspath, "$_.pem")) } + push(@args, srctop_file(@certspath, "$cert.pem")); run(app([@args])); } -plan tests => 166; +plan tests => 176; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -527,3 +528,44 @@ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", "-explicit_policy"), "Bad certificate policy"); + +# CVE-2026-28388 +my $cve_28388_stderr = "cve-2026-28388.err"; +run(app(["openssl", "verify", + "-attime", "1739527200", + "-CAfile", srctop_file(@certspath, "cve-2026-28388-ca.pem"), + "-crl_check", "-use_deltas", + "-CRLfile", srctop_file(@certspath, "cve-2026-28388-crls.pem"), + srctop_file(@certspath, "cve-2026-28388-leaf.pem")], + stderr => $cve_28388_stderr)); +ok(grep(/CRL is not yet valid/, do { open my $fh, '<', $cve_28388_stderr; <$fh> }), + "CVE-2026-28388"); + +# CAstore option +my $rootcertname = "root-cert"; +my $rootcert = srctop_file(@certspath, "${rootcertname}.pem"); +sub vfy_root { verify($rootcertname, "", [], [], @_) } +ok(vfy_root("-CAfile", $rootcert), "CAfile"); +ok(vfy_root("-CAstore", $rootcert), "CAstore"); +ok(vfy_root("-CAstore", $rootcert, "-CAfile", $rootcert), "CAfile and existing CAstore"); +ok(!vfy_root("-CAstore", "non-existing", "-CAfile", $rootcert), "CAfile and non-existing CAstore"); + +SKIP: { + skip "file names with colons aren't supported on Windows and VMS", 1 + if $^O =~ /^(MSWin32|VMS)$/; + my $foo_file = "foo:cert.pem"; + copy($rootcert, $foo_file); + ok(vfy_root("-CAstore", $foo_file), "CAstore foo:file"); +} +my $foo_file = "cert.pem"; +copy($rootcert, $foo_file); +ok(vfy_root("-CAstore", $foo_file), "CAstore file"); +my $abs_cert = abs_path($rootcert); +# Windows file: URIs should have a path part starting with a slash, i.e. +# file://authority/C:/what/ever/foo.pem and file:///C:/what/ever/foo.pem +# file://C:/what/ever/foo.pem is non-standard and may not be accepted. +# See RFC 8089 for details. +$abs_cert = "/" . $abs_cert if ($^O eq "MSWin32"); +ok(vfy_root("-CAstore", "file://".$abs_cert), "CAstore file:///path"); +ok(vfy_root("-CAstore", "file://localhost".$abs_cert), "CAstore file://localhost/path"); +ok(!vfy_root("-CAstore", "file://otherhost".$abs_cert), "CAstore file://otherhost/path"); --- crypto/openssl/test/recipes/30-test_evp_data/evpkdf_krb5.txt.orig +++ crypto/openssl/test/recipes/30-test_evp_data/evpkdf_krb5.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -129,3 +129,11 @@ Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 Ctrl.hexconstant = hexconstant:0000000155 Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705 + +#Erroneous key size for the cipher as XTS has double key size +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-256-XTS +Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 +Ctrl.hexconstant = hexconstant:0000000255 +Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA +Result = KDF_DERIVE_ERROR --- /dev/null +++ crypto/openssl/test/recipes/61-test_bio_pw_callback.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT data_file); + +setup('test_bio_pw_callback'); + +plan tests => 1; + +my $private_key_path = data_file("private_key.pem"); +ok(run(test(["bio_pw_callback_test", "-keyfile", $private_key_path])), + "Running bio_pw_callback_test"); --- /dev/null +++ crypto/openssl/test/recipes/61-test_bio_pw_callback_data/private_key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQmftpln/ZNiEznncq ++u0FuwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEBO5TGcD0mGTfRS8 +HgafEXYEggTQOasEXPm4ChGPzfXACYhaAtMFnfL9qpI1S30bHMUHsWuXLZDFPNty +7KNKWr35woaq3XFEeul7onszcBBRrRwPkTqOifuv/J01s7oS0uC6jwbvSkAFNjHe +jkgvMMQA3y7nwZ2wSwVjO2K91qasTjNivus3ZaCvGqGpgNckEXILPZJEdWteWP+1 +SN9zLxxeHwgt5SrMfylrTghLB8b119/uq4GnOYHZdhMbp4YmneuGqvlZ7nle7qLY +33tuM5deajk9hINLfbYWGwURaOZ+r++Rvrz4OxISfe70uXT+2fcSZPVkNT5a6B5T +9rCwdF69W/+3au50gfc2VEF/xZBajxLI0PBpMSpxNE3a5/3YLKXAs+z0YJdQKNhN +U+SpOUv8D2GraJVfP7MddO2JvETh8w7tGN/a8qSw07Z91SE3Vfuq0l5PheC/vXJq +/xxU3YSbZC7LCSZn1aXBlj9KbTh2o1ARzdJsVYo1xY2OIFtFpncOjQDuaAmsNcZE +CuB9FUcBwwO/bjooIkv4lJU+DWDxrCR7Si8PZ4hHgXCXXKiXA20SBccUYm0Z4HR3 +i2tm9UTwAuCy1BF7hRmPLIyvlgtlKh2V9Cre5j86GoKTmPh/q5DHdSmNAM8Aakct +GdQgscOXRmHq7/1nec28wEhlbqVyYJ45MZbWhBTrycMru/ch9+ZnsIgPXLfbBA+P +6GHK1DF+onKZtMkH0SNMU3X1arlJKRreVQsvkbgL7aw3mI0veYa4/tJUf7hbkPpA +LArQU5wQ+A9mzC+tYMfz3mrIE05FrpYkHRxiB/odeNvCTMR7DhGoghhnYUN/gSSN +qH5EBG2hQ/pJ5ZSawE+P9+vCLlvcc4n00zgi0s3rMN2AntPZoI3sWKZcbbgJoOIH +cbAmBAKCIiwmlPmI0hjEAIXRBixJzHVGNowuSc3jy5pIiSjmDESnARl+n5imqI3D +po9OuCHpo4nRLcAX0GrJqqKxUG+R1A8g/AooIGEPQgkXk/4v9gwd4aBvwT4YxR44 +onAXdyBMM0T8C+8dUmT6OPvU5w6JHFidJfhBgJhDIdj9JM+wWdr1CW94todjEyKY +Xe3NRG1bGbcN6HBVwbe4UZ39A9p4kKGyiXexlsD+DvFxwaGvSy2rp0lLabz19Kkr +fnLU1Ugb38AnEYTGYJMB9nO19lHW62Mk6+9ky42x8X9vBn81Nif/c0kmvEKsZEfw +UM7m0fIWTZOWSH01DGIXqCoCk7vJ1CSm0wUsAvyKFLm1qnM5eJJNMlBbayDDBsnU +Jj9hx7GWjujVKFwFngUOoFpmFWB72bqeBWenaQJhIVydQa1rolny0TECJIkFOsUK +Wa0y52V4h68Ig5G5p2WHG0RlEVtmcgzSoL1mLE5UdOYaH5oB7nTVM+Z0b8HJFrYc +7Xhym8uNq6UHc4Ae6TT8EA3lA3fDttedKzWxlBFXqX9behl2uBnPzCl3cS2G2Uek +xtexjecZINP8L5i6eIL7bPoVMF5CUsUhIWFA0gzIovRBRvVS91HnTrIDLvqF8YgQ +ToctUU/vS8r3x2/TIR60UBvW0vkoFa+lfzHtsxBnT1nMBZNeeHOCM8QtboyI9Ir9 +UkJbTO+QpJQ5A3ELharpcqr7iywDOnLSV9LZSUZr934zOrRl2oAXx/0= +-----END ENCRYPTED PRIVATE KEY----- --- crypto/openssl/test/recipes/61-test_bio_readbuffer.t.orig +++ crypto/openssl/test/recipes/61-test_bio_readbuffer.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ my $pemfile = srctop_file("test", "certs", "leaf.pem"); my $derfile = 'readbuffer_leaf.der'; -plan tests => 3; +plan tests => 4; ok(run(app([ 'openssl', 'x509', '-inform', 'PEM', '-in', $pemfile, '-outform', 'DER', '-out', $derfile])), @@ -27,3 +27,7 @@ ok(run(test(["bio_readbuffer_test", $pemfile])), "Running bio_readbuffer_test $pemfile"); + +ok(run(app([ 'openssl', 'x509', '-inform', 'DER', '-outform', 'PEM', + '-noout' ], stdin => $derfile)), + "Test stdin read buffer in openssl app"); --- crypto/openssl/test/recipes/70-test_sslrecords.t.orig +++ crypto/openssl/test/recipes/70-test_sslrecords.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -88,7 +88,7 @@ }; # The TLSv1.2 in SSLv2 ClientHello need to run at security level 0 -# because in a SSLv2 ClientHello we can't send extentions to indicate +# because in a SSLv2 ClientHello we can't send extensions to indicate # which signature algorithm we want to use, and the default is SHA1. #Test 5: Inject an SSLv2 style record format for a TLSv1.2 ClientHello --- crypto/openssl/test/recipes/70-test_tls13alerts.t.orig +++ crypto/openssl/test/recipes/70-test_tls13alerts.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 1; my $alert = TLSProxy::Message->alert(); -ok(TLSProxy::Message->fail() && !$alert->server() && !$alert->encrypted(), "Client sends an unecrypted alert"); +ok(TLSProxy::Message->fail() && !$alert->server() && !$alert->encrypted(), "Client sends an unencrypted alert"); sub alert_filter { --- crypto/openssl/test/recipes/70-test_tls13downgrade.t.orig +++ crypto/openssl/test/recipes/70-test_tls13downgrade.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -24,9 +24,8 @@ if disabled("sock"); plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled" - if disabled("tls1_3") - || (disabled("ec") && disabled("dh")) - || disabled("tls1_2"); + if disabled("tls1_3") || disabled("tls1_2") + || (disabled("ec") && disabled("dh")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; @@ -41,89 +40,150 @@ DOWNGRADE_TO_TLS_1_2 => 0, DOWNGRADE_TO_TLS_1_1 => 1, FALLBACK_FROM_TLS_1_3 => 2, + DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL => 3, + DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL => 4, }; #Test 1: Downgrade from TLSv1.3 to TLSv1.2 $proxy->filter(\&downgrade_filter); my $testtype = DOWNGRADE_TO_TLS_1_2; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 6; -ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.2"); +plan tests => 8; +ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.3 to TLSv1.2"); -#Test 2: Downgrade from TLSv1.3 to TLSv1.1 +#Test 2: Downgrade from TLSv1.3 to TLSv1.2 (server sends TLSv1.1 signal) $proxy->clear(); -$testtype = DOWNGRADE_TO_TLS_1_1; +$testtype = DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL; $proxy->start(); -ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.1"); +ok(is_illegal_parameter_client_alert(), + "Downgrade from TLSv1.3 to TLSv1.2 (server sends TLSv1.1 signal)"); -#Test 3: Downgrade from TLSv1.2 to TLSv1.1 -$proxy->clear(); -$proxy->clientflags("-no_tls1_3"); -$proxy->serverflags("-no_tls1_3"); -$proxy->start(); -ok(TLSProxy::Message->fail(), "Downgrade TLSv1.2 to TLSv1.1"); - -#Test 4: Client falls back from TLSv1.3 (server does not support the fallback +#Test 3: Client falls back from TLSv1.3 (server does not support the fallback # SCSV) $proxy->clear(); $testtype = FALLBACK_FROM_TLS_1_3; $proxy->clientflags("-fallback_scsv -no_tls1_3"); $proxy->start(); -my $alert = TLSProxy::Message->alert(); -ok(TLSProxy::Message->fail() - && !$alert->server() - && $alert->description() == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER, - "Fallback from TLSv1.3"); +ok(is_illegal_parameter_client_alert(), "Fallback from TLSv1.3"); SKIP: { - skip "TLSv1.1 disabled", 2 if disabled("tls1_1"); - #Test 5: A client side protocol "hole" should not be detected as a downgrade + skip "TLSv1.1 disabled", 5 if disabled("tls1_1"); + + my $client_flags = "-min_protocol TLSv1.1 -cipher DEFAULT:\@SECLEVEL=0"; + my $server_flags = "-min_protocol TLSv1.1"; + my $ciphers = "AES128-SHA:\@SECLEVEL=0"; + + #Test 4: Downgrade from TLSv1.3 to TLSv1.1 + $proxy->clear(); + $testtype = DOWNGRADE_TO_TLS_1_1; + $proxy->clientflags($client_flags); + $proxy->serverflags($server_flags); + $proxy->ciphers($ciphers); + $proxy->start(); + ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.3 to TLSv1.1"); + + #Test 5: Downgrade from TLSv1.3 to TLSv1.1 (server sends TLSv1.2 signal) + $proxy->clear(); + $testtype = DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL; + $proxy->clientflags($client_flags); + $proxy->serverflags($server_flags); + $proxy->ciphers($ciphers); + $proxy->start(); + ok(is_illegal_parameter_client_alert(), + "Downgrade TLSv1.3 to TLSv1.1 (server sends TLSv1.2 signal)"); + + #Test 6: Downgrade from TLSv1.2 to TLSv1.1 + $proxy->clear(); + $testtype = DOWNGRADE_TO_TLS_1_1; + $proxy->clientflags($client_flags." -max_protocol TLSv1.2"); + $proxy->serverflags($server_flags." -max_protocol TLSv1.2"); + $proxy->ciphers($ciphers); + $proxy->start(); + ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.2 to TLSv1.1"); + + #Test 7: A client side protocol "hole" should not be detected as a downgrade $proxy->clear(); $proxy->filter(undef); - $proxy->clientflags("-no_tls1_2"); - $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); + $proxy->clientflags($client_flags." -no_tls1_2"); + $proxy->serverflags($server_flags); + $proxy->ciphers($ciphers); $proxy->start(); ok(TLSProxy::Message->success(), "TLSv1.2 client-side protocol hole"); - #Test 6: A server side protocol "hole" should not be detected as a downgrade + #Test 8: A server side protocol "hole" should not be detected as a downgrade $proxy->clear(); $proxy->filter(undef); - $proxy->serverflags("-no_tls1_2"); + $proxy->clientflags($client_flags); + $proxy->serverflags($server_flags." -no_tls1_2"); + $proxy->ciphers($ciphers); $proxy->start(); ok(TLSProxy::Message->success(), "TLSv1.2 server-side protocol hole"); } +# Validate that the exchange fails with an illegal parameter alert from +# the client +sub is_illegal_parameter_client_alert +{ + return 0 unless TLSProxy::Message->fail(); + my $alert = TLSProxy::Message->alert(); + return 1 if !$alert->server() + && $alert->description() + == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER; + return 0; +} + sub downgrade_filter { my $proxy = shift; - # We're only interested in the initial ClientHello - if ($proxy->flight != 0) { + # We're only interested in the initial ClientHello and ServerHello + if ($proxy->flight > 1) { return; } - my $message = ${$proxy->message_list}[0]; - - my $ext; - if ($testtype == FALLBACK_FROM_TLS_1_3) { - #The default ciphersuite we use for TLSv1.2 without any SCSV - my @ciphersuites = (TLSProxy::Message::CIPHER_RSA_WITH_AES_128_CBC_SHA); - $message->ciphersuite_len(2 * scalar @ciphersuites); - $message->ciphersuites(\@ciphersuites); - } else { - if ($testtype == DOWNGRADE_TO_TLS_1_2) { - $ext = pack "C3", - 0x02, # Length - 0x03, 0x03; #TLSv1.2 - } else { - $ext = pack "C3", - 0x02, # Length - 0x03, 0x02; #TLSv1.1 + my $message = ${$proxy->message_list}[$proxy->flight]; + + # ServerHello + if ($proxy->flight == 1 && defined($message)) { + # Update the last byte of the downgrade signal + if ($testtype == DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL) { + $message->random(substr($message->random, 0, 31) . "\0"); + $message->repack(); + } elsif ($testtype == DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL) { + $message->random(substr($message->random, 0, 31) . "\1"); + $message->repack(); } - $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext); + return; } - $message->repack(); + # ClientHello + if ($proxy->flight == 0) { + my $ext; + if ($testtype == FALLBACK_FROM_TLS_1_3) { + #The default ciphersuite we use for TLSv1.2 without any SCSV + my @ciphersuites = (TLSProxy::Message::CIPHER_RSA_WITH_AES_128_CBC_SHA); + $message->ciphersuite_len(2 * scalar @ciphersuites); + $message->ciphersuites(\@ciphersuites); + } + else { + if ($testtype == DOWNGRADE_TO_TLS_1_2 + || $testtype == DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL) { + $ext = pack "C3", + 0x02, # Length + 0x03, 0x03; #TLSv1.2 + } + else { + $ext = pack "C3", + 0x02, # Length + 0x03, 0x02; #TLSv1.1 + } + + $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + $ext); + } + + $message->repack(); + } } --- crypto/openssl/test/recipes/80-test_ca.t.orig +++ crypto/openssl/test/recipes/80-test_ca.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -21,9 +21,7 @@ $ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1); my $cnf = srctop_file("test","ca-and-certs.cnf"); -my $std_openssl_cnf = '"' - . srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf") - . '"'; +my $std_openssl_cnf = srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf"); rmtree("demoCA", { safe => 0 }); @@ -33,14 +31,14 @@ $ENV{OPENSSL_CONFIG} = qq(-config "$cnf"); skip "failed creating CA structure", 4 if !ok(run(perlapp(["CA.pl","-newca", - "-extra-req", "-key $cakey"], stdin => undef)), + "-extra-req", qq{-key "$cakey"}], stdin => undef)), 'creating CA structure'); my $eekey = srctop_file("test", "certs", "ee-key.pem"); $ENV{OPENSSL_CONFIG} = qq(-config "$cnf"); skip "failed creating new certificate request", 3 if !ok(run(perlapp(["CA.pl","-newreq", - '-extra-req', "-outform DER -section userreq -key $eekey"])), + '-extra-req', qq{-outform DER -section userreq -key "$eekey"}])), 'creating certificate request'); $ENV{OPENSSL_CONFIG} = qq(-rand_serial -inform DER -config "$std_openssl_cnf"); skip "failed to sign certificate request", 2 @@ -55,7 +53,8 @@ my $eekey2 = srctop_file("test", "certs", "ee-key-3072.pem"); $ENV{OPENSSL_CONFIG} = qq(-config "$cnf"); - ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)), + ok(run(perlapp(["CA.pl", "-precert", + '-extra-req', qq{-section userreq -key "$eekey2"}], stderr => undef)), 'creating new pre-certificate'); } --- crypto/openssl/test/recipes/80-test_cmp_http.t.orig +++ crypto/openssl/test/recipes/80-test_cmp_http.t @@ -274,6 +274,7 @@ print "Pid is: $pid\n"; if ($server_port == 0) { # Find out the actual server port + my $pid0 = $pid; while (<$server_fh>) { print "Server output: $_"; next if m/using section/; @@ -281,6 +282,11 @@ ($server_port, $pid) = ($1, $2) if /^ACCEPT\s.*:(\d+) PID=(\d+)$/; last; # Do not loop further to prevent hangs on server misbehavior } + if ($pid0 != $pid) { + # kill the shell process + kill('KILL', $pid0); + waitpid($pid0, 0); + } } unless ($server_port > 0) { stop_mock_server($pid); --- crypto/openssl/test/recipes/80-test_cmp_http_data/test_connection.csv.orig +++ crypto/openssl/test/recipes/80-test_cmp_http_data/test_connection.csv @@ -13,7 +13,7 @@ 0,server missing argument, -section,, -server,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, 0,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, 0,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, -0,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, +0,server port bad syntax: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, 0,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK, TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,,,, --- crypto/openssl/test/recipes/80-test_cms.t.orig +++ crypto/openssl/test/recipes/80-test_cms.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -51,7 +51,7 @@ $no_rc2 = 1 if disabled("legacy"); -plan tests => 20; +plan tests => 23; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -83,6 +83,15 @@ \&final_compare ], + [ "signed text content DER format, RSA key", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", $smroot, "-signer", $smrsa1, "-text", + "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", + "-text", "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], + [ "signed detached content DER format, RSA key", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -216,6 +225,14 @@ \&final_compare ], + [ "enveloped text content streaming S/MIME format, DES, 1 recipient", + [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, + "-stream", "-text", "-out", "{output}.cms", $smrsa1 ], + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1, + "-in", "{output}.cms", "-text", "-out", "{output}.txt" ], + \&final_compare + ], + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", @@ -347,6 +364,16 @@ \&final_compare ], + [ "enveloped content test streaming PEM format, AES-128-CBC cipher, password", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "{output}.cms", + "-pwri_password", "test" ], + [ "{cmd2}", @prov, "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-pwri_password", "test" ], + \&final_compare + ], + [ "data content test streaming PEM format", [ "{cmd1}", @prov, "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach", "-stream", "-out", "{output}.cms" ], @@ -1079,6 +1106,49 @@ "Check for failure when cipher does not have an assigned OID (issue#22225)"); }); +# Test cases for CVE-2026-28389 +my $smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "dh-malformed.der"); +my $smdhcert = srctop_file("test", "recipes", "80-test_cms_data", "dh-cert.pem"); +my $smdhkey = srctop_file("test", "recipes", "80-test_cms_data", "dh-key.pem"); + +with({ exit_checker => sub { return shift == 4; } }, + sub { + SKIP: { + skip "DH is not supported in this build", 1 if $no_dh; + + ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, + "-inform", "DER", "-recip", $smdhcert, "-inkey", $smdhkey])), + "Must not crash on malformed cms inputs with dh key"); + } + }); + +$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-malformed.der"); +my $smecdhcert = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-cert.pem"); +my $smecdhkey = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-key.pem"); + +with({ exit_checker => sub { return shift == 4; } }, + sub { + SKIP: { + skip "EC is not supported in this build", 1 if $no_ec; + + ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, + "-inform", "DER", "-recip", $smecdhcert, "-inkey", $smecdhkey])), + "Must not crash on malformed cms inputs with ecdh key"); + } + }); + +$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "rsa-malformed.der"); +my $smrsacert = catfile($smdir, "smrsa3.pem"); +my $smrsakey = catfile($smdir, "smrsa3-key.pem"); + +# Test case for CVE-2026-28390 +with({ exit_checker => sub { my $ret = shift; return $ret == 4 || $ret == 0; } }, + sub { + ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, "-inform", + "DER", "-recip", $smrsacert, "-inkey", $smrsakey, "-out", "{output}.cms"])), + "Must not crash on malformed cms inputs with RSA key"); + }); + # Test encrypt to three recipients, and decrypt using key-only; # i.e. do not follow the recommended practice of providing the # recipient cert in the decrypt op. --- /dev/null +++ crypto/openssl/test/recipes/80-test_cms_data/dh-cert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFSjCCBDKgAwIBAgIUAV5WB+HkJTxtCmGX88OYfIRfEu8wDQYJKoZIhvcNAQEL +BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGcm9vdENBMB4XDTI2 +MDMzMTA4NDUwOVoXDTI2MDQwMTA4NDUwOVowDjEMMAoGA1UEAwwDcG9jMIIDJzCC +AhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xWICc9PPHYucWD +zi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e1dX9ZWEkM/Uf +XwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFYoTat5zUwrMpP +SDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt52NyuxkLB6fI +7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47G0xvrXM7tfy8 +LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgECAoIBAH////// +////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7nEk2ffL6X8bGx +hjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mvP6vkmswnhjhw +c0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl2WRx/dy1bVuw +a/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJmlBoXsMi5f050 +wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUTYNl3/UQ1oRww +lC5L//////////8DggEGAAKCAQEA8IGxSTAsrdMqlK3rFejocWZ0fmXhLzlhnARX +l3RL+jHyiFoCyCPRLmGBMaL9HqfcVp7E98IvFBxEjtDVc2tcbUJrbv922QaNYqQl +IwuUhdBHDpg0aSbDTV0Vvbny0hDuD7T7VTUO5D7XJammA2hlbpcfO8xuWFmRjdBJ +ctA+MaUbWL21ZzsF8A5rz58mVRHchrAez5ksNb8xaLd0lZqtbiBDntA52XnSp1bO +M2CPlKcb4qMMxVop2DGakChcxu7BUzob22HpRQl+k5K4Tq+kkToHKMR6obpl9Leu +lzJdR8cH9WqF6TE2YFYkpvzE7V7/Rp4uC6UqOGr62oS4thwLtqNTMFEwHwYDVR0j +BBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0wDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUIpXhOwY+ufefb4dBhx3niO/ntO0wDQYJKoZIhvcNAQELBQADggEBABWo +cJfSVwpnYmDHi9U0r0yickvRyFLiOK1vruoKfbkxfYk9J9OwLr4n4S5P5bGXXOSW +AAVXnvYKs6Xn07sg+1X1Sti/1wd/OLOvjaz1ebRqP5MiZRbKIlRHkv2maJEmcdyp +JGR4gHGnu/0I5Zp4DOi+xv1R3vGIkkcl/WIncrJflMJcCRMM4YdMV838kFU2esGm +eB8pTv7acyYsGeSTIk+AYEtS84w3ZQ2sOuGAep0hp9saV/LKiRzNUG0yX2LWP8EO +VMqGSXJqg1TYgAa7lcidtXfQgm+xdTeZzJRbl8Ti3d5YbgXW2vt4vhwkXtPGy5Y3 +NGpnrpeWX4rk4kQmx/I= +-----END CERTIFICATE----- --- /dev/null +++ crypto/openssl/test/recipes/80-test_cms_data/dh-key.pem @@ -0,0 +1,15 @@ +-----BEGIN PRIVATE KEY----- +MIICQAIBADCCAhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xW +ICc9PPHYucWDzi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e +1dX9ZWEkM/UfXwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFY +oTat5zUwrMpPSDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt +52NyuxkLB6fI7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47 +G0xvrXM7tfy8LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgEC +AoIBAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7n +Ek2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mv +P6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl +2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJm +lBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUT +YNl3/UQ1oRwwlC5L//////////8EHgIcJmHQRSrQ2wQnNyMZhx9Xdkf8hro/xi1r +xDHoWg== +-----END PRIVATE KEY----- --- /dev/null +++ crypto/openssl/test/recipes/80-test_cms_data/ecdh-cert.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBcTCCARegAwIBAgIUFyBfipahA11TzFxBhYY2WfTejGswCgYIKoZIzj0EAwIw +DjEMMAoGA1UEAwwDcG9jMB4XDTI2MDMzMTA3MzQyOVoXDTI2MDQwMTA3MzQyOVow +DjEMMAoGA1UEAwwDcG9jMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6iA2FR7s +OgRtpf8cRXDSLSSB5nSzQt2/hzueZTiQXUT1Knto2U5zRqUoioZ/FKsazdhQVQQC +EN0/WYGND+XwmaNTMFEwHwYDVR0jBBgwFoAU+AH0MqgJJ4WYRK+BmEDebmjREYcw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+AH0MqgJJ4WYRK+BmEDebmjREYcw +CgYIKoZIzj0EAwIDSAAwRQIhAPTS8MWoylN+jfLgRfr75WkJqNFlsrfxCDvMtWV+ +NT2yAiBaY72EVG36EP2gGFEhkBaXb0vLx0r7umDgejEwBWQ9mQ== +-----END CERTIFICATE----- --- /dev/null +++ crypto/openssl/test/recipes/80-test_cms_data/ecdh-key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgeDjy2W+FHVPt1Kg1 +unwzzD9yBC+NtbH/UaZ9PY4wZP6hRANCAATqIDYVHuw6BG2l/xxFcNItJIHmdLNC +3b+HO55lOJBdRPUqe2jZTnNGpSiKhn8UqxrN2FBVBAIQ3T9ZgY0P5fCZ +-----END PRIVATE KEY----- --- crypto/openssl/test/recipes/80-test_cmsapi.t.orig +++ crypto/openssl/test/recipes/80-test_cmsapi.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,5 +18,6 @@ ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"), srctop_file("test", "certs", "serverkey.pem"), - srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])), + srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"), + srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])), "running cmsapitest"); --- /dev/null +++ crypto/openssl/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem @@ -0,0 +1,11 @@ +-----BEGIN CMS----- +MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G +A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V +b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV +NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd +sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2 +CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu +GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P +AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl +paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO +-----END CMS----- --- crypto/openssl/test/recipes/80-test_ocsp.t.orig +++ crypto/openssl/test/recipes/80-test_ocsp.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -36,22 +36,24 @@ } my $expected_exit = shift; my $nochecks = shift; + my $opt_untrusted = shift // "-verify_other"; my $outputfile = basename($inputfile, '.ors') . '.dat'; run(app(["openssl", "base64", "-d", "-in", catfile($ocspdir,$inputfile), "-out", $outputfile])); + my @certopt = ($opt_untrusted, catfile($ocspdir, $untrusted)); with({ exit_checker => sub { return shift == $expected_exit; } }, sub { ok(run(app(["openssl", "ocsp", "-respin", $outputfile, "-partial_chain", @check_time, "-CAfile", catfile($ocspdir, $CAfile), - "-verify_other", catfile($ocspdir, $untrusted), + @certopt, "-no-CApath", "-no-CAstore", $nochecks ? "-no_cert_checks" : ()])), $title); }); } -plan tests => 11; +plan tests => 12; subtest "=== VALID OCSP RESPONSES ===" => sub { plan tests => 7; @@ -225,4 +227,12 @@ ok(run(test(["ocspapitest", data_file("cert.pem"), data_file("key.pem")])), "running ocspapitest"); -} +}; + +subtest "=== UNTRUSTED ISSUER HINTS ===" => sub { + plan tests => 1; + + test_ocsp("NON-DELEGATED; invalid issuer via -issuer", + "ND1.ors", "ND1_Cross_Root.pem", + "ISIC_ND1_Issuer_ICA.pem", 1, 0, "-issuer"); +}; --- crypto/openssl/test/recipes/90-test_store_cases.t.orig +++ crypto/openssl/test/recipes/90-test_store_cases.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,9 +18,10 @@ my $test_name = "test_store_cases"; setup($test_name); -plan tests => 2; +plan tests => 3; my $stderr; +my @stdout; # The case of the garbage PKCS#12 DER file where a passphrase was # prompted for. That should not have happened. @@ -34,3 +35,24 @@ close DATA; ok(scalar @match > 0 ? 0 : 1, "checking that storeutl didn't ask for a passphrase"); + + SKIP: { + skip "The objects in test-BER.p12 contain EC keys, which is disabled in this build", 1 + if disabled("ec"); + skip "test-BER.p12 has contents encrypted with DES-EDE3-CBC, which is disabled in this build", 1 + if disabled("des"); + + # The case with a BER-encoded PKCS#12 file, using infinite + EOC + # constructs. There was a bug with those in OpenSSL 3.0 and newer, + # where OSSL_STORE_load() (and by consequence, 'openssl storeutl') + # only extracted the first available object from that file and + # ignored the rest. + # Our test file has a total of four objects, and this should be + # reflected in the total that 'openssl storeutl' outputs + @stdout = run(app(['openssl', 'storeutl', '-passin', 'pass:12345', + data_file('test-BER.p12')]), + capture => 1); + @stdout = map { my $x = $_; $x =~ s/\R$//; $x } @stdout; # Better chomp + ok((grep { $_ eq 'Total found: 4' } @stdout), + "Checking that 'openssl storeutl' with test-BER.p12 returns 4 objects"); +} --- crypto/openssl/test/recipes/90-test_threads.t.orig +++ crypto/openssl/test/recipes/90-test_threads.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -34,7 +34,7 @@ } # Merge the configuration files into one filtering the contents so the failure -# condition is reproducable. A working FIPS configuration without the install +# condition is reproducible. A working FIPS configuration without the install # status is required. open CFGBASE, '<', $config_path; --- /dev/null +++ crypto/openssl/test/recipes/90-test_threads_data/store/8489a545.0 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIwMTIxMjIwMTEzN1oYDzIxMjAxMjEzMjAxMTM3WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo3UwczAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB +BjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3o1IwHwYDVR0jBBgwFoAUjvUl +rx6ba4Q9fICayVOcTXL3o1IwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN +AQELBQADggEBABWUjaqtkdRDhVAJZTxkJVgohjRrBwp86Y0JZWdCDua/sErmEaGu +nQVxWWFWIgu6sb8tyQo3/7dBIQl3Rpij9bsgKhToO1OzoG3Oi3d0+zRDHfY6xNrj +TUE00FeLHGNWsgZSIvu99DrGApT/+uPdWfJgMu5szillqW+4hcCUPLjG9ekVNt1s +KhdEklo6PrP6eMbm6s22EIVUxqGE6xxAmrvyhlY1zJH9BJ23Ps+xabjG6OeMRZzT +0F/fU7XIFieSO7rqUcjgo1eYc3ghsDxNUJ6TPBgv5z4SPnstoOBj59rjpJ7Qkpyd +L17VfEadezat37Cpeha7vGDduCsyMfN4kiw= +-----END CERTIFICATE----- --- crypto/openssl/test/recordlentest.c.orig +++ crypto/openssl/test/recordlentest.c @@ -15,12 +15,12 @@ static char *cert = NULL; static char *privkey = NULL; -#define TEST_PLAINTEXT_OVERFLOW_OK 0 -#define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1 -#define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2 -#define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3 -#define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4 -#define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5 +#define TEST_PLAINTEXT_OVERFLOW_OK 0 +#define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1 +#define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2 +#define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3 +#define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4 +#define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5 #define TOTAL_RECORD_OVERFLOW_TESTS 6 @@ -39,7 +39,7 @@ header[4] = len & 0xff; if (!BIO_write_ex(b, header, SSL3_RT_HEADER_LENGTH, &written) - || written != SSL3_RT_HEADER_LENGTH) + || written != SSL3_RT_HEADER_LENGTH) return 0; while (len > 0) { @@ -51,7 +51,7 @@ outlen = len; if (!BIO_write_ex(b, buf, outlen, &written) - || written != outlen) + || written != outlen) return 0; len -= outlen; @@ -71,7 +71,7 @@ reason = SSL_R_DATA_LENGTH_TOO_LONG; if (ERR_GET_LIB(err) == ERR_LIB_SSL - && ERR_GET_REASON(err) == reason) + && ERR_GET_REASON(err) == reason) return 1; return 0; @@ -91,49 +91,49 @@ #ifdef OPENSSL_NO_TLS1_2 if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK - || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) + || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) return 1; #endif #if defined(OPENSSL_NO_TLS1_3) \ || (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH)) if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK - || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) + || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) return 1; #endif if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK - || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) { + || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) { len = SSL3_RT_MAX_ENCRYPTED_LENGTH; #ifndef OPENSSL_NO_COMP len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION); } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK - || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { + || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; serverbio = SSL_get_rbio(serverssl); if (idx == TEST_PLAINTEXT_OVERFLOW_OK - || idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) { + || idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) { len = SSL3_RT_MAX_PLAIN_LENGTH; if (idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) len++; if (!TEST_true(write_record(serverbio, len, - SSL3_RT_HANDSHAKE, TLS1_VERSION))) + SSL3_RT_HANDSHAKE, TLS1_VERSION))) goto end; if (!TEST_int_le(SSL_accept(serverssl), 0)) @@ -147,11 +147,11 @@ } if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK - || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { + || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { overf_expected = 1; len++; } else { @@ -161,7 +161,7 @@ recversion = TLS1_2_VERSION; if (!TEST_true(write_record(serverbio, len, SSL3_RT_APPLICATION_DATA, - recversion))) + recversion))) goto end; if (!TEST_false(SSL_read_ex(serverssl, &buf, sizeof(buf), &written))) @@ -170,10 +170,10 @@ if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected)) goto end; - success: +success: testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -191,7 +191,7 @@ } if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1))) + || !TEST_ptr(privkey = test_get_argument(1))) return 0; ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS); --- crypto/openssl/test/rsa_complex.c.orig +++ crypto/openssl/test/rsa_complex.c @@ -16,12 +16,12 @@ */ #if !defined(__DJGPP__) -# if defined(__STDC_VERSION__) -# if __STDC_VERSION__ >= 199901L -# include -# endif -# endif -# include +#if defined(__STDC_VERSION__) +#if __STDC_VERSION__ >= 199901L +#include +#endif +#endif +#include #endif #include --- crypto/openssl/test/rsa_mp_test.c.orig +++ crypto/openssl/test/rsa_mp_test.c @@ -34,114 +34,105 @@ DEFINE_STACK_OF(BIGNUM) /* C90 requires string should <= 509 bytes */ -static const unsigned char n[] = - "\x92\x60\xd0\x75\x0a\xe1\x17\xee\xe5\x5c\x3f\x3d\xea\xba\x74\x91" - "\x75\x21\xa2\x62\xee\x76\x00\x7c\xdf\x8a\x56\x75\x5a\xd7\x3a\x15" - "\x98\xa1\x40\x84\x10\xa0\x14\x34\xc3\xf5\xbc\x54\xa8\x8b\x57\xfa" - "\x19\xfc\x43\x28\xda\xea\x07\x50\xa4\xc4\x4e\x88\xcf\xf3\xb2\x38" - "\x26\x21\xb8\x0f\x67\x04\x64\x43\x3e\x43\x36\xe6\xd0\x03\xe8\xcd" - "\x65\xbf\xf2\x11\xda\x14\x4b\x88\x29\x1c\x22\x59\xa0\x0a\x72\xb7" - "\x11\xc1\x16\xef\x76\x86\xe8\xfe\xe3\x4e\x4d\x93\x3c\x86\x81\x87" - "\xbd\xc2\x6f\x7b\xe0\x71\x49\x3c\x86\xf7\xa5\x94\x1c\x35\x10\x80" - "\x6a\xd6\x7b\x0f\x94\xd8\x8f\x5c\xf5\xc0\x2a\x09\x28\x21\xd8\x62" - "\x6e\x89\x32\xb6\x5c\x5b\xd8\xc9\x20\x49\xc2\x10\x93\x2b\x7a\xfa" - "\x7a\xc5\x9c\x0e\x88\x6a\xe5\xc1\xed\xb0\x0d\x8c\xe2\xc5\x76\x33" - "\xdb\x26\xbd\x66\x39\xbf\xf7\x3c\xee\x82\xbe\x92\x75\xc4\x02\xb4" - "\xcf\x2a\x43\x88\xda\x8c\xf8\xc6\x4e\xef\xe1\xc5\xa0\xf5\xab\x80" - "\x57\xc3\x9f\xa5\xc0\x58\x9c\x3e\x25\x3f\x09\x60\x33\x23\x00\xf9" - "\x4b\xea\x44\x87\x7b\x58\x8e\x1e\xdb\xde\x97\xcf\x23\x60\x72\x7a" - "\x09\xb7\x75\x26\x2d\x7e\xe5\x52\xb3\x31\x9b\x92\x66\xf0\x5a\x25"; +static const unsigned char n[] = "\x92\x60\xd0\x75\x0a\xe1\x17\xee\xe5\x5c\x3f\x3d\xea\xba\x74\x91" + "\x75\x21\xa2\x62\xee\x76\x00\x7c\xdf\x8a\x56\x75\x5a\xd7\x3a\x15" + "\x98\xa1\x40\x84\x10\xa0\x14\x34\xc3\xf5\xbc\x54\xa8\x8b\x57\xfa" + "\x19\xfc\x43\x28\xda\xea\x07\x50\xa4\xc4\x4e\x88\xcf\xf3\xb2\x38" + "\x26\x21\xb8\x0f\x67\x04\x64\x43\x3e\x43\x36\xe6\xd0\x03\xe8\xcd" + "\x65\xbf\xf2\x11\xda\x14\x4b\x88\x29\x1c\x22\x59\xa0\x0a\x72\xb7" + "\x11\xc1\x16\xef\x76\x86\xe8\xfe\xe3\x4e\x4d\x93\x3c\x86\x81\x87" + "\xbd\xc2\x6f\x7b\xe0\x71\x49\x3c\x86\xf7\xa5\x94\x1c\x35\x10\x80" + "\x6a\xd6\x7b\x0f\x94\xd8\x8f\x5c\xf5\xc0\x2a\x09\x28\x21\xd8\x62" + "\x6e\x89\x32\xb6\x5c\x5b\xd8\xc9\x20\x49\xc2\x10\x93\x2b\x7a\xfa" + "\x7a\xc5\x9c\x0e\x88\x6a\xe5\xc1\xed\xb0\x0d\x8c\xe2\xc5\x76\x33" + "\xdb\x26\xbd\x66\x39\xbf\xf7\x3c\xee\x82\xbe\x92\x75\xc4\x02\xb4" + "\xcf\x2a\x43\x88\xda\x8c\xf8\xc6\x4e\xef\xe1\xc5\xa0\xf5\xab\x80" + "\x57\xc3\x9f\xa5\xc0\x58\x9c\x3e\x25\x3f\x09\x60\x33\x23\x00\xf9" + "\x4b\xea\x44\x87\x7b\x58\x8e\x1e\xdb\xde\x97\xcf\x23\x60\x72\x7a" + "\x09\xb7\x75\x26\x2d\x7e\xe5\x52\xb3\x31\x9b\x92\x66\xf0\x5a\x25"; static const unsigned char e[] = "\x01\x00\x01"; -static const unsigned char d[] = - "\x6a\x7d\xf2\xca\x63\xea\xd4\xdd\xa1\x91\xd6\x14\xb6\xb3\x85\xe0" - "\xd9\x05\x6a\x3d\x6d\x5c\xfe\x07\xdb\x1d\xaa\xbe\xe0\x22\xdb\x08" - "\x21\x2d\x97\x61\x3d\x33\x28\xe0\x26\x7c\x9d\xd2\x3d\x78\x7a\xbd" - "\xe2\xaf\xcb\x30\x6a\xeb\x7d\xfc\xe6\x92\x46\xcc\x73\xf5\xc8\x7f" - "\xdf\x06\x03\x01\x79\xa2\x11\x4b\x76\x7d\xb1\xf0\x83\xff\x84\x1c" - "\x02\x5d\x7d\xc0\x0c\xd8\x24\x35\xb9\xa9\x0f\x69\x53\x69\xe9\x4d" - "\xf2\x3d\x2c\xe4\x58\xbc\x3b\x32\x83\xad\x8b\xba\x2b\x8f\xa1\xba" - "\x62\xe2\xdc\xe9\xac\xcf\xf3\x79\x9a\xae\x7c\x84\x00\x16\xf3\xba" - "\x8e\x00\x48\xc0\xb6\xcc\x43\x39\xaf\x71\x61\x00\x3a\x5b\xeb\x86" - "\x4a\x01\x64\xb2\xc1\xc9\x23\x7b\x64\xbc\x87\x55\x69\x94\x35\x1b" - "\x27\x50\x6c\x33\xd4\xbc\xdf\xce\x0f\x9c\x49\x1a\x7d\x6b\x06\x28" - "\xc7\xc8\x52\xbe\x4f\x0a\x9c\x31\x32\xb2\xed\x3a\x2c\x88\x81\xe9" - "\xaa\xb0\x7e\x20\xe1\x7d\xeb\x07\x46\x91\xbe\x67\x77\x76\xa7\x8b" - "\x5c\x50\x2e\x05\xd9\xbd\xde\x72\x12\x6b\x37\x38\x69\x5e\x2d\xd1" - "\xa0\xa9\x8a\x14\x24\x7c\x65\xd8\xa7\xee\x79\x43\x2a\x09\x2c\xb0" - "\x72\x1a\x12\xdf\x79\x8e\x44\xf7\xcf\xce\x0c\x49\x81\x47\xa9\xb1"; - -static const unsigned char p[] = - "\x06\x77\xcd\xd5\x46\x9b\xc1\xd5\x58\x00\x81\xe2\xf3\x0a\x36\xb1" - "\x6e\x29\x89\xd5\x2f\x31\x5f\x92\x22\x3b\x9b\x75\x30\x82\xfa\xc5" - "\xf5\xde\x8a\x36\xdb\xc6\xe5\x8f\xef\x14\x37\xd6\x00\xf9\xab\x90" - "\x9b\x5d\x57\x4c\xf5\x1f\x77\xc4\xbb\x8b\xdd\x9b\x67\x11\x45\xb2" - "\x64\xe8\xac\xa8\x03\x0f\x16\x0d\x5d\x2d\x53\x07\x23\xfb\x62\x0d" - "\xe6\x16\xd3\x23\xe8\xb3"; - -static const unsigned char q[] = - "\x06\x66\x9a\x70\x53\xd6\x72\x74\xfd\xea\x45\xc3\xc0\x17\xae\xde" - "\x79\x17\xae\x79\xde\xfc\x0e\xf7\xa4\x3a\x8c\x43\x8f\xc7\x8a\xa2" - "\x2c\x51\xc4\xd0\x72\x89\x73\x5c\x61\xbe\xfd\x54\x3f\x92\x65\xde" - "\x4d\x65\x71\x70\xf6\xf2\xe5\x98\xb9\x0f\xd1\x0b\xe6\x95\x09\x4a" - "\x7a\xdf\xf3\x10\x16\xd0\x60\xfc\xa5\x10\x34\x97\x37\x6f\x0a\xd5" - "\x5d\x8f\xd4\xc3\xa0\x5b"; - -static const unsigned char dmp1[] = - "\x05\x7c\x9e\x1c\xbd\x90\x25\xe7\x40\x86\xf5\xa8\x3b\x7a\x3f\x99" - "\x56\x95\x60\x3a\x7b\x95\x4b\xb8\xa0\xd7\xa5\xf1\xcc\xdc\x5f\xb5" - "\x8c\xf4\x62\x95\x54\xed\x2e\x12\x62\xc2\xe8\xf6\xde\xce\xed\x8e" - "\x77\x6d\xc0\x40\x25\x74\xb3\x5a\x2d\xaa\xe1\xac\x11\xcb\xe2\x2f" - "\x0a\x51\x23\x1e\x47\xb2\x05\x88\x02\xb2\x0f\x4b\xf0\x67\x30\xf0" - "\x0f\x6e\xef\x5f\xf7\xe7"; - -static const unsigned char dmq1[] = - "\x01\xa5\x6b\xbc\xcd\xe3\x0e\x46\xc6\x72\xf5\x04\x56\x28\x01\x22" - "\x58\x74\x5d\xbc\x1c\x3c\x29\x41\x49\x6c\x81\x5c\x72\xe2\xf7\xe5" - "\xa3\x8e\x58\x16\xe0\x0e\x37\xac\x1f\xbb\x75\xfd\xaf\xe7\xdf\xe9" - "\x1f\x70\xa2\x8f\x52\x03\xc0\x46\xd9\xf9\x96\x63\x00\x27\x7e\x5f" - "\x38\x60\xd6\x6b\x61\xe2\xaf\xbe\xea\x58\xd3\x9d\xbc\x75\x03\x8d" - "\x42\x65\xd6\x6b\x85\x97"; - -static const unsigned char iqmp[] = - "\x03\xa1\x8b\x80\xe4\xd8\x87\x25\x17\x5d\xcc\x8d\xa9\x8a\x22\x2b" - "\x6c\x15\x34\x6f\x80\xcc\x1c\x44\x04\x68\xbc\x03\xcd\x95\xbb\x69" - "\x37\x61\x48\xb4\x23\x13\x08\x16\x54\x6a\xa1\x7c\xf5\xd4\x3a\xe1" - "\x4f\xa4\x0c\xf5\xaf\x80\x85\x27\x06\x0d\x70\xc0\xc5\x19\x28\xfe" - "\xee\x8e\x86\x21\x98\x8a\x37\xb7\xe5\x30\x25\x70\x93\x51\x2d\x49" - "\x85\x56\xb3\x0c\x2b\x96"; - -static const unsigned char ex_prime[] = - "\x03\x89\x22\xa0\xb7\x3a\x91\xcb\x5e\x0c\xfd\x73\xde\xa7\x38\xa9" - "\x47\x43\xd6\x02\xbf\x2a\xb9\x3c\x48\xf3\x06\xd6\x58\x35\x50\x56" - "\x16\x5c\x34\x9b\x61\x87\xc8\xaa\x0a\x5d\x8a\x0a\xcd\x9c\x41\xd9" - "\x96\x24\xe0\xa9\x9b\x26\xb7\xa8\x08\xc9\xea\xdc\xa7\x15\xfb\x62" - "\xa0\x2d\x90\xe6\xa7\x55\x6e\xc6\x6c\xff\xd6\x10\x6d\xfa\x2e\x04" - "\x50\xec\x5c\x66\xe4\x05"; - -static const unsigned char ex_exponent[] = - "\x02\x0a\xcd\xc3\x82\xd2\x03\xb0\x31\xac\xd3\x20\x80\x34\x9a\x57" - "\xbc\x60\x04\x57\x25\xd0\x29\x9a\x16\x90\xb9\x1c\x49\x6a\xd1\xf2" - "\x47\x8c\x0e\x9e\xc9\x20\xc2\xd8\xe4\x8f\xce\xd2\x1a\x9c\xec\xb4" - "\x1f\x33\x41\xc8\xf5\x62\xd1\xa5\xef\x1d\xa1\xd8\xbd\x71\xc6\xf7" - "\xda\x89\x37\x2e\xe2\xec\x47\xc5\xb8\xe3\xb4\xe3\x5c\x82\xaa\xdd" - "\xb7\x58\x2e\xaf\x07\x79"; - -static const unsigned char ex_coefficient[] = - "\x00\x9c\x09\x88\x9b\xc8\x57\x08\x69\x69\xab\x2d\x9e\x29\x1c\x3c" - "\x6d\x59\x33\x12\x0d\x2b\x09\x2e\xaf\x01\x2c\x27\x01\xfc\xbd\x26" - "\x13\xf9\x2d\x09\x22\x4e\x49\x11\x03\x82\x88\x87\xf4\x43\x1d\xac" - "\xca\xec\x86\xf7\x23\xf1\x64\xf3\xf5\x81\xf0\x37\x36\xcf\x67\xff" - "\x1a\xff\x7a\xc7\xf9\xf9\x67\x2d\xa0\x9d\x61\xf8\xf6\x47\x5c\x2f" - "\xe7\x66\xe8\x3c\x3a\xe8"; +static const unsigned char d[] = "\x6a\x7d\xf2\xca\x63\xea\xd4\xdd\xa1\x91\xd6\x14\xb6\xb3\x85\xe0" + "\xd9\x05\x6a\x3d\x6d\x5c\xfe\x07\xdb\x1d\xaa\xbe\xe0\x22\xdb\x08" + "\x21\x2d\x97\x61\x3d\x33\x28\xe0\x26\x7c\x9d\xd2\x3d\x78\x7a\xbd" + "\xe2\xaf\xcb\x30\x6a\xeb\x7d\xfc\xe6\x92\x46\xcc\x73\xf5\xc8\x7f" + "\xdf\x06\x03\x01\x79\xa2\x11\x4b\x76\x7d\xb1\xf0\x83\xff\x84\x1c" + "\x02\x5d\x7d\xc0\x0c\xd8\x24\x35\xb9\xa9\x0f\x69\x53\x69\xe9\x4d" + "\xf2\x3d\x2c\xe4\x58\xbc\x3b\x32\x83\xad\x8b\xba\x2b\x8f\xa1\xba" + "\x62\xe2\xdc\xe9\xac\xcf\xf3\x79\x9a\xae\x7c\x84\x00\x16\xf3\xba" + "\x8e\x00\x48\xc0\xb6\xcc\x43\x39\xaf\x71\x61\x00\x3a\x5b\xeb\x86" + "\x4a\x01\x64\xb2\xc1\xc9\x23\x7b\x64\xbc\x87\x55\x69\x94\x35\x1b" + "\x27\x50\x6c\x33\xd4\xbc\xdf\xce\x0f\x9c\x49\x1a\x7d\x6b\x06\x28" + "\xc7\xc8\x52\xbe\x4f\x0a\x9c\x31\x32\xb2\xed\x3a\x2c\x88\x81\xe9" + "\xaa\xb0\x7e\x20\xe1\x7d\xeb\x07\x46\x91\xbe\x67\x77\x76\xa7\x8b" + "\x5c\x50\x2e\x05\xd9\xbd\xde\x72\x12\x6b\x37\x38\x69\x5e\x2d\xd1" + "\xa0\xa9\x8a\x14\x24\x7c\x65\xd8\xa7\xee\x79\x43\x2a\x09\x2c\xb0" + "\x72\x1a\x12\xdf\x79\x8e\x44\xf7\xcf\xce\x0c\x49\x81\x47\xa9\xb1"; + +static const unsigned char p[] = "\x06\x77\xcd\xd5\x46\x9b\xc1\xd5\x58\x00\x81\xe2\xf3\x0a\x36\xb1" + "\x6e\x29\x89\xd5\x2f\x31\x5f\x92\x22\x3b\x9b\x75\x30\x82\xfa\xc5" + "\xf5\xde\x8a\x36\xdb\xc6\xe5\x8f\xef\x14\x37\xd6\x00\xf9\xab\x90" + "\x9b\x5d\x57\x4c\xf5\x1f\x77\xc4\xbb\x8b\xdd\x9b\x67\x11\x45\xb2" + "\x64\xe8\xac\xa8\x03\x0f\x16\x0d\x5d\x2d\x53\x07\x23\xfb\x62\x0d" + "\xe6\x16\xd3\x23\xe8\xb3"; + +static const unsigned char q[] = "\x06\x66\x9a\x70\x53\xd6\x72\x74\xfd\xea\x45\xc3\xc0\x17\xae\xde" + "\x79\x17\xae\x79\xde\xfc\x0e\xf7\xa4\x3a\x8c\x43\x8f\xc7\x8a\xa2" + "\x2c\x51\xc4\xd0\x72\x89\x73\x5c\x61\xbe\xfd\x54\x3f\x92\x65\xde" + "\x4d\x65\x71\x70\xf6\xf2\xe5\x98\xb9\x0f\xd1\x0b\xe6\x95\x09\x4a" + "\x7a\xdf\xf3\x10\x16\xd0\x60\xfc\xa5\x10\x34\x97\x37\x6f\x0a\xd5" + "\x5d\x8f\xd4\xc3\xa0\x5b"; + +static const unsigned char dmp1[] = "\x05\x7c\x9e\x1c\xbd\x90\x25\xe7\x40\x86\xf5\xa8\x3b\x7a\x3f\x99" + "\x56\x95\x60\x3a\x7b\x95\x4b\xb8\xa0\xd7\xa5\xf1\xcc\xdc\x5f\xb5" + "\x8c\xf4\x62\x95\x54\xed\x2e\x12\x62\xc2\xe8\xf6\xde\xce\xed\x8e" + "\x77\x6d\xc0\x40\x25\x74\xb3\x5a\x2d\xaa\xe1\xac\x11\xcb\xe2\x2f" + "\x0a\x51\x23\x1e\x47\xb2\x05\x88\x02\xb2\x0f\x4b\xf0\x67\x30\xf0" + "\x0f\x6e\xef\x5f\xf7\xe7"; + +static const unsigned char dmq1[] = "\x01\xa5\x6b\xbc\xcd\xe3\x0e\x46\xc6\x72\xf5\x04\x56\x28\x01\x22" + "\x58\x74\x5d\xbc\x1c\x3c\x29\x41\x49\x6c\x81\x5c\x72\xe2\xf7\xe5" + "\xa3\x8e\x58\x16\xe0\x0e\x37\xac\x1f\xbb\x75\xfd\xaf\xe7\xdf\xe9" + "\x1f\x70\xa2\x8f\x52\x03\xc0\x46\xd9\xf9\x96\x63\x00\x27\x7e\x5f" + "\x38\x60\xd6\x6b\x61\xe2\xaf\xbe\xea\x58\xd3\x9d\xbc\x75\x03\x8d" + "\x42\x65\xd6\x6b\x85\x97"; + +static const unsigned char iqmp[] = "\x03\xa1\x8b\x80\xe4\xd8\x87\x25\x17\x5d\xcc\x8d\xa9\x8a\x22\x2b" + "\x6c\x15\x34\x6f\x80\xcc\x1c\x44\x04\x68\xbc\x03\xcd\x95\xbb\x69" + "\x37\x61\x48\xb4\x23\x13\x08\x16\x54\x6a\xa1\x7c\xf5\xd4\x3a\xe1" + "\x4f\xa4\x0c\xf5\xaf\x80\x85\x27\x06\x0d\x70\xc0\xc5\x19\x28\xfe" + "\xee\x8e\x86\x21\x98\x8a\x37\xb7\xe5\x30\x25\x70\x93\x51\x2d\x49" + "\x85\x56\xb3\x0c\x2b\x96"; + +static const unsigned char ex_prime[] = "\x03\x89\x22\xa0\xb7\x3a\x91\xcb\x5e\x0c\xfd\x73\xde\xa7\x38\xa9" + "\x47\x43\xd6\x02\xbf\x2a\xb9\x3c\x48\xf3\x06\xd6\x58\x35\x50\x56" + "\x16\x5c\x34\x9b\x61\x87\xc8\xaa\x0a\x5d\x8a\x0a\xcd\x9c\x41\xd9" + "\x96\x24\xe0\xa9\x9b\x26\xb7\xa8\x08\xc9\xea\xdc\xa7\x15\xfb\x62" + "\xa0\x2d\x90\xe6\xa7\x55\x6e\xc6\x6c\xff\xd6\x10\x6d\xfa\x2e\x04" + "\x50\xec\x5c\x66\xe4\x05"; + +static const unsigned char ex_exponent[] = "\x02\x0a\xcd\xc3\x82\xd2\x03\xb0\x31\xac\xd3\x20\x80\x34\x9a\x57" + "\xbc\x60\x04\x57\x25\xd0\x29\x9a\x16\x90\xb9\x1c\x49\x6a\xd1\xf2" + "\x47\x8c\x0e\x9e\xc9\x20\xc2\xd8\xe4\x8f\xce\xd2\x1a\x9c\xec\xb4" + "\x1f\x33\x41\xc8\xf5\x62\xd1\xa5\xef\x1d\xa1\xd8\xbd\x71\xc6\xf7" + "\xda\x89\x37\x2e\xe2\xec\x47\xc5\xb8\xe3\xb4\xe3\x5c\x82\xaa\xdd" + "\xb7\x58\x2e\xaf\x07\x79"; + +static const unsigned char ex_coefficient[] = "\x00\x9c\x09\x88\x9b\xc8\x57\x08\x69\x69\xab\x2d\x9e\x29\x1c\x3c" + "\x6d\x59\x33\x12\x0d\x2b\x09\x2e\xaf\x01\x2c\x27\x01\xfc\xbd\x26" + "\x13\xf9\x2d\x09\x22\x4e\x49\x11\x03\x82\x88\x87\xf4\x43\x1d\xac" + "\xca\xec\x86\xf7\x23\xf1\x64\xf3\xf5\x81\xf0\x37\x36\xcf\x67\xff" + "\x1a\xff\x7a\xc7\xf9\xf9\x67\x2d\xa0\x9d\x61\xf8\xf6\x47\x5c\x2f" + "\xe7\x66\xe8\x3c\x3a\xe8"; static int key2048_key(RSA *key) { if (!TEST_int_eq(RSA_set0_key(key, - BN_bin2bn(n, sizeof(n) - 1, NULL), - BN_bin2bn(e, sizeof(e) - 1, NULL), - BN_bin2bn(d, sizeof(d) - 1, NULL)), 1)) + BN_bin2bn(n, sizeof(n) - 1, NULL), + BN_bin2bn(e, sizeof(e) - 1, NULL), + BN_bin2bn(d, sizeof(d) - 1, NULL)), + 1)) return 0; return RSA_size(key); @@ -152,17 +143,18 @@ BIGNUM **pris = NULL, **exps = NULL, **coeffs = NULL; int rv = RSA_size(key); - if (!TEST_int_eq(RSA_set0_factors(key, - BN_bin2bn(p, sizeof(p) - 1, NULL), - BN_bin2bn(q, sizeof(q) - 1, NULL)), 1)) + BN_bin2bn(p, sizeof(p) - 1, NULL), + BN_bin2bn(q, sizeof(q) - 1, NULL)), + 1)) goto err; if (!TEST_int_eq(RSA_set0_crt_params(key, - BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL), - BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL), - BN_bin2bn(iqmp, sizeof(iqmp) - 1, - NULL)), 1)) + BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL), + BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL), + BN_bin2bn(iqmp, sizeof(iqmp) - 1, + NULL)), + 1)) return 0; pris = OPENSSL_zalloc(sizeof(BIGNUM *)); @@ -178,15 +170,15 @@ goto err; if (!TEST_true(RSA_set0_multi_prime_params(key, pris, exps, - coeffs, NUM_EXTRA_PRIMES))) + coeffs, NUM_EXTRA_PRIMES))) goto err; - ret: +ret: OPENSSL_free(pris); OPENSSL_free(exps); OPENSSL_free(coeffs); return rv; - err: +err: if (pris != NULL) BN_free(pris[0]); if (exps != NULL) @@ -233,12 +225,12 @@ if (!TEST_true(ossl_rsa_set0_all_params(key, primes, exps, coeffs))) goto err; - ret: +ret: sk_BIGNUM_free(primes); sk_BIGNUM_free(exps); sk_BIGNUM_free(coeffs); return rv; - err: +err: sk_BIGNUM_pop_free(primes, BN_free); sk_BIGNUM_pop_free(exps, BN_free); sk_BIGNUM_pop_free(coeffs, BN_free); @@ -275,7 +267,7 @@ goto err; num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_PADDING); + RSA_PKCS1_PADDING); if (!TEST_int_eq(num, clen)) goto err; --- crypto/openssl/test/rsa_sp800_56b_test.c.orig +++ crypto/openssl/test/rsa_sp800_56b_test.c @@ -30,68 +30,68 @@ /* taken from RSA2 cavs data */ static const unsigned char cav_e[] = { - 0x01,0x00,0x01 + 0x01, 0x00, 0x01 }; static const unsigned char cav_p[] = { - 0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0, - 0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02, - 0x81,0xd7,0x0e,0x3f,0x3b,0x34,0xda,0x61,0xc9,0x2d,0x84,0x86,0x62,0x1e,0x3d, - 0x5d,0xbf,0x92,0x2e,0xcd,0x35,0x3d,0x6e,0xb9,0x59,0x16,0xc9,0x82,0x50,0x41, - 0x30,0x45,0x67,0xaa,0xb7,0xbe,0xec,0xea,0x4b,0x9e,0xa0,0xc3,0x05,0xbc,0x4c, - 0x01,0xa5,0x4b,0xbd,0xa4,0x20,0xb5,0x20,0xd5,0x59,0x6f,0x82,0x5c,0x8f,0x4f, - 0xe0,0x3a,0x4e,0x7e,0xfe,0x44,0xf3,0x3c,0xc0,0x0e,0x14,0x2b,0x32,0xe6,0x28, - 0x8b,0x63,0x87,0x00,0xc3,0x53,0x4a,0x5b,0x71,0x7a,0x5b,0x28,0x40,0xc4,0x18, - 0xb6,0x77,0x0b,0xab,0x59,0xa4,0x96,0x7d + 0xcf, 0x72, 0x1b, 0x9a, 0xfd, 0x0d, 0x22, 0x1a, 0x74, 0x50, 0x97, 0x22, 0x76, 0xd8, 0xc0, + 0xc2, 0xfd, 0x08, 0x81, 0x05, 0xdd, 0x18, 0x21, 0x99, 0x96, 0xd6, 0x5c, 0x79, 0xe3, 0x02, + 0x81, 0xd7, 0x0e, 0x3f, 0x3b, 0x34, 0xda, 0x61, 0xc9, 0x2d, 0x84, 0x86, 0x62, 0x1e, 0x3d, + 0x5d, 0xbf, 0x92, 0x2e, 0xcd, 0x35, 0x3d, 0x6e, 0xb9, 0x59, 0x16, 0xc9, 0x82, 0x50, 0x41, + 0x30, 0x45, 0x67, 0xaa, 0xb7, 0xbe, 0xec, 0xea, 0x4b, 0x9e, 0xa0, 0xc3, 0x05, 0xbc, 0x4c, + 0x01, 0xa5, 0x4b, 0xbd, 0xa4, 0x20, 0xb5, 0x20, 0xd5, 0x59, 0x6f, 0x82, 0x5c, 0x8f, 0x4f, + 0xe0, 0x3a, 0x4e, 0x7e, 0xfe, 0x44, 0xf3, 0x3c, 0xc0, 0x0e, 0x14, 0x2b, 0x32, 0xe6, 0x28, + 0x8b, 0x63, 0x87, 0x00, 0xc3, 0x53, 0x4a, 0x5b, 0x71, 0x7a, 0x5b, 0x28, 0x40, 0xc4, 0x18, + 0xb6, 0x77, 0x0b, 0xab, 0x59, 0xa4, 0x96, 0x7d }; static const unsigned char cav_q[] = { - 0xfe,0xab,0xf2,0x7c,0x16,0x4a,0xf0,0x8d,0x31,0xc6,0x0a,0x82,0xe2,0xae,0xbb, - 0x03,0x7e,0x7b,0x20,0x4e,0x64,0xb0,0x16,0xad,0x3c,0x01,0x1a,0xd3,0x54,0xbf, - 0x2b,0xa4,0x02,0x9e,0xc3,0x0d,0x60,0x3d,0x1f,0xb9,0xc0,0x0d,0xe6,0x97,0x68, - 0xbb,0x8c,0x81,0xd5,0xc1,0x54,0x96,0x0f,0x99,0xf0,0xa8,0xa2,0xf3,0xc6,0x8e, - 0xec,0xbc,0x31,0x17,0x70,0x98,0x24,0xa3,0x36,0x51,0xa8,0x54,0xc4,0x44,0xdd, - 0xf7,0x7e,0xda,0x47,0x4a,0x67,0x44,0x5d,0x4e,0x75,0xf0,0x4d,0x00,0x68,0xe1, - 0x4a,0xec,0x1f,0x45,0xf9,0xe6,0xca,0x38,0x95,0x48,0x6f,0xdc,0x9d,0x1b,0xa3, - 0x4b,0xfd,0x08,0x4b,0x54,0xcd,0xeb,0x3d,0xef,0x33,0x11,0x6e,0xce,0xe4,0x5d, - 0xef,0xa9,0x58,0x5c,0x87,0x4d,0xc8,0xcf + 0xfe, 0xab, 0xf2, 0x7c, 0x16, 0x4a, 0xf0, 0x8d, 0x31, 0xc6, 0x0a, 0x82, 0xe2, 0xae, 0xbb, + 0x03, 0x7e, 0x7b, 0x20, 0x4e, 0x64, 0xb0, 0x16, 0xad, 0x3c, 0x01, 0x1a, 0xd3, 0x54, 0xbf, + 0x2b, 0xa4, 0x02, 0x9e, 0xc3, 0x0d, 0x60, 0x3d, 0x1f, 0xb9, 0xc0, 0x0d, 0xe6, 0x97, 0x68, + 0xbb, 0x8c, 0x81, 0xd5, 0xc1, 0x54, 0x96, 0x0f, 0x99, 0xf0, 0xa8, 0xa2, 0xf3, 0xc6, 0x8e, + 0xec, 0xbc, 0x31, 0x17, 0x70, 0x98, 0x24, 0xa3, 0x36, 0x51, 0xa8, 0x54, 0xc4, 0x44, 0xdd, + 0xf7, 0x7e, 0xda, 0x47, 0x4a, 0x67, 0x44, 0x5d, 0x4e, 0x75, 0xf0, 0x4d, 0x00, 0x68, 0xe1, + 0x4a, 0xec, 0x1f, 0x45, 0xf9, 0xe6, 0xca, 0x38, 0x95, 0x48, 0x6f, 0xdc, 0x9d, 0x1b, 0xa3, + 0x4b, 0xfd, 0x08, 0x4b, 0x54, 0xcd, 0xeb, 0x3d, 0xef, 0x33, 0x11, 0x6e, 0xce, 0xe4, 0x5d, + 0xef, 0xa9, 0x58, 0x5c, 0x87, 0x4d, 0xc8, 0xcf }; static const unsigned char cav_n[] = { - 0xce,0x5e,0x8d,0x1a,0xa3,0x08,0x7a,0x2d,0xb4,0x49,0x48,0xf0,0x06,0xb6,0xfe, - 0xba,0x2f,0x39,0x7c,0x7b,0xe0,0x5d,0x09,0x2d,0x57,0x4e,0x54,0x60,0x9c,0xe5, - 0x08,0x4b,0xe1,0x1a,0x73,0xc1,0x5e,0x2f,0xb6,0x46,0xd7,0x81,0xca,0xbc,0x98, - 0xd2,0xf9,0xef,0x1c,0x92,0x8c,0x8d,0x99,0x85,0x28,0x52,0xd6,0xd5,0xab,0x70, - 0x7e,0x9e,0xa9,0x87,0x82,0xc8,0x95,0x64,0xeb,0xf0,0x6c,0x0f,0x3f,0xe9,0x02, - 0x29,0x2e,0x6d,0xa1,0xec,0xbf,0xdc,0x23,0xdf,0x82,0x4f,0xab,0x39,0x8d,0xcc, - 0xac,0x21,0x51,0x14,0xf8,0xef,0xec,0x73,0x80,0x86,0xa3,0xcf,0x8f,0xd5,0xcf, - 0x22,0x1f,0xcc,0x23,0x2f,0xba,0xcb,0xf6,0x17,0xcd,0x3a,0x1f,0xd9,0x84,0xb9, - 0x88,0xa7,0x78,0x0f,0xaa,0xc9,0x04,0x01,0x20,0x72,0x5d,0x2a,0xfe,0x5b,0xdd, - 0x16,0x5a,0xed,0x83,0x02,0x96,0x39,0x46,0x37,0x30,0xc1,0x0d,0x87,0xc2,0xc8, - 0x33,0x38,0xed,0x35,0x72,0xe5,0x29,0xf8,0x1f,0x23,0x60,0xe1,0x2a,0x5b,0x1d, - 0x6b,0x53,0x3f,0x07,0xc4,0xd9,0xbb,0x04,0x0c,0x5c,0x3f,0x0b,0xc4,0xd4,0x61, - 0x96,0x94,0xf1,0x0f,0x4a,0x49,0xac,0xde,0xd2,0xe8,0x42,0xb3,0x4a,0x0b,0x64, - 0x7a,0x32,0x5f,0x2b,0x5b,0x0f,0x8b,0x8b,0xe0,0x33,0x23,0x34,0x64,0xf8,0xb5, - 0x7f,0x69,0x60,0xb8,0x71,0xe9,0xff,0x92,0x42,0xb1,0xf7,0x23,0xa8,0xa7,0x92, - 0x04,0x3d,0x6b,0xff,0xf7,0xab,0xbb,0x14,0x1f,0x4c,0x10,0x97,0xd5,0x6b,0x71, - 0x12,0xfd,0x93,0xa0,0x4a,0x3b,0x75,0x72,0x40,0x96,0x1c,0x5f,0x40,0x40,0x57, + 0xce, 0x5e, 0x8d, 0x1a, 0xa3, 0x08, 0x7a, 0x2d, 0xb4, 0x49, 0x48, 0xf0, 0x06, 0xb6, 0xfe, + 0xba, 0x2f, 0x39, 0x7c, 0x7b, 0xe0, 0x5d, 0x09, 0x2d, 0x57, 0x4e, 0x54, 0x60, 0x9c, 0xe5, + 0x08, 0x4b, 0xe1, 0x1a, 0x73, 0xc1, 0x5e, 0x2f, 0xb6, 0x46, 0xd7, 0x81, 0xca, 0xbc, 0x98, + 0xd2, 0xf9, 0xef, 0x1c, 0x92, 0x8c, 0x8d, 0x99, 0x85, 0x28, 0x52, 0xd6, 0xd5, 0xab, 0x70, + 0x7e, 0x9e, 0xa9, 0x87, 0x82, 0xc8, 0x95, 0x64, 0xeb, 0xf0, 0x6c, 0x0f, 0x3f, 0xe9, 0x02, + 0x29, 0x2e, 0x6d, 0xa1, 0xec, 0xbf, 0xdc, 0x23, 0xdf, 0x82, 0x4f, 0xab, 0x39, 0x8d, 0xcc, + 0xac, 0x21, 0x51, 0x14, 0xf8, 0xef, 0xec, 0x73, 0x80, 0x86, 0xa3, 0xcf, 0x8f, 0xd5, 0xcf, + 0x22, 0x1f, 0xcc, 0x23, 0x2f, 0xba, 0xcb, 0xf6, 0x17, 0xcd, 0x3a, 0x1f, 0xd9, 0x84, 0xb9, + 0x88, 0xa7, 0x78, 0x0f, 0xaa, 0xc9, 0x04, 0x01, 0x20, 0x72, 0x5d, 0x2a, 0xfe, 0x5b, 0xdd, + 0x16, 0x5a, 0xed, 0x83, 0x02, 0x96, 0x39, 0x46, 0x37, 0x30, 0xc1, 0x0d, 0x87, 0xc2, 0xc8, + 0x33, 0x38, 0xed, 0x35, 0x72, 0xe5, 0x29, 0xf8, 0x1f, 0x23, 0x60, 0xe1, 0x2a, 0x5b, 0x1d, + 0x6b, 0x53, 0x3f, 0x07, 0xc4, 0xd9, 0xbb, 0x04, 0x0c, 0x5c, 0x3f, 0x0b, 0xc4, 0xd4, 0x61, + 0x96, 0x94, 0xf1, 0x0f, 0x4a, 0x49, 0xac, 0xde, 0xd2, 0xe8, 0x42, 0xb3, 0x4a, 0x0b, 0x64, + 0x7a, 0x32, 0x5f, 0x2b, 0x5b, 0x0f, 0x8b, 0x8b, 0xe0, 0x33, 0x23, 0x34, 0x64, 0xf8, 0xb5, + 0x7f, 0x69, 0x60, 0xb8, 0x71, 0xe9, 0xff, 0x92, 0x42, 0xb1, 0xf7, 0x23, 0xa8, 0xa7, 0x92, + 0x04, 0x3d, 0x6b, 0xff, 0xf7, 0xab, 0xbb, 0x14, 0x1f, 0x4c, 0x10, 0x97, 0xd5, 0x6b, 0x71, + 0x12, 0xfd, 0x93, 0xa0, 0x4a, 0x3b, 0x75, 0x72, 0x40, 0x96, 0x1c, 0x5f, 0x40, 0x40, 0x57, 0x13 }; static const unsigned char cav_d[] = { - 0x47,0x47,0x49,0x1d,0x66,0x2a,0x4b,0x68,0xf5,0xd8,0x4a,0x24,0xfd,0x6c,0xbf, - 0x56,0xb7,0x70,0xf7,0x9a,0x21,0xc8,0x80,0x9e,0xf4,0x84,0xcd,0x88,0x01,0x28, - 0xea,0x50,0xab,0x13,0x63,0xdf,0xea,0x14,0x38,0xb5,0x07,0x42,0x81,0x2f,0xda, - 0xe9,0x24,0x02,0x7e,0xaf,0xef,0x74,0x09,0x0e,0x80,0xfa,0xfb,0xd1,0x19,0x41, - 0xe5,0xba,0x0f,0x7c,0x0a,0xa4,0x15,0x55,0xa2,0x58,0x8c,0x3a,0x48,0x2c,0xc6, - 0xde,0x4a,0x76,0xfb,0x72,0xb6,0x61,0xe6,0xd2,0x10,0x44,0x4c,0x33,0xb8,0xd2, - 0x74,0xb1,0x9d,0x3b,0xcd,0x2f,0xb1,0x4f,0xc3,0x98,0xbd,0x83,0xb7,0x7e,0x75, - 0xe8,0xa7,0x6a,0xee,0xcc,0x51,0x8c,0x99,0x17,0x67,0x7f,0x27,0xf9,0x0d,0x6a, - 0xb7,0xd4,0x80,0x17,0x89,0x39,0x9c,0xf3,0xd7,0x0f,0xdf,0xb0,0x55,0x80,0x1d, - 0xaf,0x57,0x2e,0xd0,0xf0,0x4f,0x42,0x69,0x55,0xbc,0x83,0xd6,0x97,0x83,0x7a, - 0xe6,0xc6,0x30,0x6d,0x3d,0xb5,0x21,0xa7,0xc4,0x62,0x0a,0x20,0xce,0x5e,0x5a, - 0x17,0x98,0xb3,0x6f,0x6b,0x9a,0xeb,0x6b,0xa3,0xc4,0x75,0xd8,0x2b,0xdc,0x5c, - 0x6f,0xec,0x5d,0x49,0xac,0xa8,0xa4,0x2f,0xb8,0x8c,0x4f,0x2e,0x46,0x21,0xee, - 0x72,0x6a,0x0e,0x22,0x80,0x71,0xc8,0x76,0x40,0x44,0x61,0x16,0xbf,0xa5,0xf8, - 0x89,0xc7,0xe9,0x87,0xdf,0xbd,0x2e,0x4b,0x4e,0xc2,0x97,0x53,0xe9,0x49,0x1c, - 0x05,0xb0,0x0b,0x9b,0x9f,0x21,0x19,0x41,0xe9,0xf5,0x61,0xd7,0x33,0x2e,0x2c, - 0x94,0xb8,0xa8,0x9a,0x3a,0xcc,0x6a,0x24,0x8d,0x19,0x13,0xee,0xb9,0xb0,0x48, + 0x47, 0x47, 0x49, 0x1d, 0x66, 0x2a, 0x4b, 0x68, 0xf5, 0xd8, 0x4a, 0x24, 0xfd, 0x6c, 0xbf, + 0x56, 0xb7, 0x70, 0xf7, 0x9a, 0x21, 0xc8, 0x80, 0x9e, 0xf4, 0x84, 0xcd, 0x88, 0x01, 0x28, + 0xea, 0x50, 0xab, 0x13, 0x63, 0xdf, 0xea, 0x14, 0x38, 0xb5, 0x07, 0x42, 0x81, 0x2f, 0xda, + 0xe9, 0x24, 0x02, 0x7e, 0xaf, 0xef, 0x74, 0x09, 0x0e, 0x80, 0xfa, 0xfb, 0xd1, 0x19, 0x41, + 0xe5, 0xba, 0x0f, 0x7c, 0x0a, 0xa4, 0x15, 0x55, 0xa2, 0x58, 0x8c, 0x3a, 0x48, 0x2c, 0xc6, + 0xde, 0x4a, 0x76, 0xfb, 0x72, 0xb6, 0x61, 0xe6, 0xd2, 0x10, 0x44, 0x4c, 0x33, 0xb8, 0xd2, + 0x74, 0xb1, 0x9d, 0x3b, 0xcd, 0x2f, 0xb1, 0x4f, 0xc3, 0x98, 0xbd, 0x83, 0xb7, 0x7e, 0x75, + 0xe8, 0xa7, 0x6a, 0xee, 0xcc, 0x51, 0x8c, 0x99, 0x17, 0x67, 0x7f, 0x27, 0xf9, 0x0d, 0x6a, + 0xb7, 0xd4, 0x80, 0x17, 0x89, 0x39, 0x9c, 0xf3, 0xd7, 0x0f, 0xdf, 0xb0, 0x55, 0x80, 0x1d, + 0xaf, 0x57, 0x2e, 0xd0, 0xf0, 0x4f, 0x42, 0x69, 0x55, 0xbc, 0x83, 0xd6, 0x97, 0x83, 0x7a, + 0xe6, 0xc6, 0x30, 0x6d, 0x3d, 0xb5, 0x21, 0xa7, 0xc4, 0x62, 0x0a, 0x20, 0xce, 0x5e, 0x5a, + 0x17, 0x98, 0xb3, 0x6f, 0x6b, 0x9a, 0xeb, 0x6b, 0xa3, 0xc4, 0x75, 0xd8, 0x2b, 0xdc, 0x5c, + 0x6f, 0xec, 0x5d, 0x49, 0xac, 0xa8, 0xa4, 0x2f, 0xb8, 0x8c, 0x4f, 0x2e, 0x46, 0x21, 0xee, + 0x72, 0x6a, 0x0e, 0x22, 0x80, 0x71, 0xc8, 0x76, 0x40, 0x44, 0x61, 0x16, 0xbf, 0xa5, 0xf8, + 0x89, 0xc7, 0xe9, 0x87, 0xdf, 0xbd, 0x2e, 0x4b, 0x4e, 0xc2, 0x97, 0x53, 0xe9, 0x49, 0x1c, + 0x05, 0xb0, 0x0b, 0x9b, 0x9f, 0x21, 0x19, 0x41, 0xe9, 0xf5, 0x61, 0xd7, 0x33, 0x2e, 0x2c, + 0x94, 0xb8, 0xa8, 0x9a, 0x3a, 0xcc, 0x6a, 0x24, 0x8d, 0x19, 0x13, 0xee, 0xb9, 0xb0, 0x48, 0x61 }; @@ -111,23 +111,23 @@ BIGNUM *e = NULL; ret = TEST_ptr(e = BN_new()) - /* e is too small will fail */ - && TEST_true(BN_set_word(e, 1)) - && TEST_false(ossl_rsa_check_public_exponent(e)) - /* e is even will fail */ - && TEST_true(BN_set_word(e, 65536)) - && TEST_false(ossl_rsa_check_public_exponent(e)) - /* e is ok */ - && TEST_true(BN_set_word(e, 3)) - && TEST_true(ossl_rsa_check_public_exponent(e)) - && TEST_true(BN_set_word(e, 17)) - && TEST_true(ossl_rsa_check_public_exponent(e)) - && TEST_true(BN_set_word(e, 65537)) - && TEST_true(ossl_rsa_check_public_exponent(e)) - /* e = 2^256 + 1 is ok */ - && TEST_true(BN_lshift(e, BN_value_one(), 256)) - && TEST_true(BN_add(e, e, BN_value_one())) - && TEST_true(ossl_rsa_check_public_exponent(e)); + /* e is too small will fail */ + && TEST_true(BN_set_word(e, 1)) + && TEST_false(ossl_rsa_check_public_exponent(e)) + /* e is even will fail */ + && TEST_true(BN_set_word(e, 65536)) + && TEST_false(ossl_rsa_check_public_exponent(e)) + /* e is ok */ + && TEST_true(BN_set_word(e, 3)) + && TEST_true(ossl_rsa_check_public_exponent(e)) + && TEST_true(BN_set_word(e, 17)) + && TEST_true(ossl_rsa_check_public_exponent(e)) + && TEST_true(BN_set_word(e, 65537)) + && TEST_true(ossl_rsa_check_public_exponent(e)) + /* e = 2^256 + 1 is ok */ + && TEST_true(BN_lshift(e, BN_value_one(), 256)) + && TEST_true(BN_add(e, e, BN_value_one())) + && TEST_true(ossl_rsa_check_public_exponent(e)); BN_free(e); return ret; } @@ -149,25 +149,25 @@ * for 72 bits: 0xB504F333F. <= p <= 0xF_FFFF_FFFF */ ret = TEST_ptr(p = BN_new()) - && TEST_ptr(bn_p1 = bn_load_new(p1, sizeof(p1))) - && TEST_ptr(bn_p2 = bn_load_new(p2, sizeof(p2))) - && TEST_ptr(bn_p3 = bn_load_new(p3, sizeof(p3))) - && TEST_ptr(bn_p4 = bn_load_new(p4, sizeof(p4))) - && TEST_ptr(ctx = BN_CTX_new()) - && TEST_true(BN_set_word(p, 0xA)) - && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) - && TEST_true(BN_set_word(p, 0x10)) - && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) - && TEST_true(BN_set_word(p, 0xB)) - && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) - && TEST_true(BN_set_word(p, 0xC)) - && TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx)) - && TEST_true(BN_set_word(p, 0xF)) - && TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx)) - && TEST_false(ossl_rsa_check_prime_factor_range(bn_p1, 72, ctx)) - && TEST_false(ossl_rsa_check_prime_factor_range(bn_p2, 72, ctx)) - && TEST_true(ossl_rsa_check_prime_factor_range(bn_p3, 72, ctx)) - && TEST_true(ossl_rsa_check_prime_factor_range(bn_p4, 72, ctx)); + && TEST_ptr(bn_p1 = bn_load_new(p1, sizeof(p1))) + && TEST_ptr(bn_p2 = bn_load_new(p2, sizeof(p2))) + && TEST_ptr(bn_p3 = bn_load_new(p3, sizeof(p3))) + && TEST_ptr(bn_p4 = bn_load_new(p4, sizeof(p4))) + && TEST_ptr(ctx = BN_CTX_new()) + && TEST_true(BN_set_word(p, 0xA)) + && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) + && TEST_true(BN_set_word(p, 0x10)) + && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) + && TEST_true(BN_set_word(p, 0xB)) + && TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx)) + && TEST_true(BN_set_word(p, 0xC)) + && TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx)) + && TEST_true(BN_set_word(p, 0xF)) + && TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx)) + && TEST_false(ossl_rsa_check_prime_factor_range(bn_p1, 72, ctx)) + && TEST_false(ossl_rsa_check_prime_factor_range(bn_p2, 72, ctx)) + && TEST_true(ossl_rsa_check_prime_factor_range(bn_p3, 72, ctx)) + && TEST_true(ossl_rsa_check_prime_factor_range(bn_p4, 72, ctx)); BN_free(bn_p4); BN_free(bn_p3); @@ -191,22 +191,22 @@ static const unsigned char p3[] = { 0x0F, 0x50, 0x00, 0x03, 0x75 }; ret = TEST_ptr(p = BN_new()) - && TEST_ptr(bn_p1 = bn_load_new(p1, sizeof(p1))) - && TEST_ptr(bn_p2 = bn_load_new(p2, sizeof(p2))) - && TEST_ptr(bn_p3 = bn_load_new(p3, sizeof(p3))) - && TEST_ptr(e = BN_new()) - && TEST_ptr(ctx = BN_CTX_new()) - /* Fails the prime test */ - && TEST_true(BN_set_word(e, 0x1)) - && TEST_false(ossl_rsa_check_prime_factor(bn_p1, e, 72, ctx)) - /* p is prime and in range and gcd(p-1, e) = 1 */ - && TEST_true(ossl_rsa_check_prime_factor(bn_p2, e, 72, ctx)) - /* gcd(p-1,e) = 1 test fails */ - && TEST_true(BN_set_word(e, 0x2)) - && TEST_false(ossl_rsa_check_prime_factor(p, e, 72, ctx)) - /* p fails the range check */ - && TEST_true(BN_set_word(e, 0x1)) - && TEST_false(ossl_rsa_check_prime_factor(bn_p3, e, 72, ctx)); + && TEST_ptr(bn_p1 = bn_load_new(p1, sizeof(p1))) + && TEST_ptr(bn_p2 = bn_load_new(p2, sizeof(p2))) + && TEST_ptr(bn_p3 = bn_load_new(p3, sizeof(p3))) + && TEST_ptr(e = BN_new()) + && TEST_ptr(ctx = BN_CTX_new()) + /* Fails the prime test */ + && TEST_true(BN_set_word(e, 0x1)) + && TEST_false(ossl_rsa_check_prime_factor(bn_p1, e, 72, ctx)) + /* p is prime and in range and gcd(p-1, e) = 1 */ + && TEST_true(ossl_rsa_check_prime_factor(bn_p2, e, 72, ctx)) + /* gcd(p-1,e) = 1 test fails */ + && TEST_true(BN_set_word(e, 0x2)) + && TEST_false(ossl_rsa_check_prime_factor(p, e, 72, ctx)) + /* p fails the range check */ + && TEST_true(BN_set_word(e, 0x1)) + && TEST_false(ossl_rsa_check_prime_factor(bn_p3, e, 72, ctx)); BN_free(bn_p3); BN_free(bn_p2); @@ -226,13 +226,13 @@ BIGNUM *p = NULL, *q = NULL, *e = NULL, *d = NULL, *n = NULL; ret = TEST_ptr(key = RSA_new()) - && TEST_ptr(ctx = BN_CTX_new()) - && TEST_ptr(p = BN_new()) - && TEST_ptr(q = BN_new()) - /* lcm(15-1,17-1) = 14*16 / 2 = 112 */ - && TEST_true(BN_set_word(p, 15)) - && TEST_true(BN_set_word(q, 17)) - && TEST_true(RSA_set0_factors(key, p, q)); + && TEST_ptr(ctx = BN_CTX_new()) + && TEST_ptr(p = BN_new()) + && TEST_ptr(q = BN_new()) + /* lcm(15-1,17-1) = 14*16 / 2 = 112 */ + && TEST_true(BN_set_word(p, 15)) + && TEST_true(BN_set_word(q, 17)) + && TEST_true(RSA_set0_factors(key, p, q)); if (!ret) { BN_free(p); BN_free(q); @@ -240,12 +240,12 @@ } ret = TEST_ptr(e = BN_new()) - && TEST_ptr(d = BN_new()) - && TEST_ptr(n = BN_new()) - && TEST_true(BN_set_word(e, 5)) - && TEST_true(BN_set_word(d, 157)) - && TEST_true(BN_set_word(n, 15*17)) - && TEST_true(RSA_set0_key(key, n, e, d)); + && TEST_ptr(d = BN_new()) + && TEST_ptr(n = BN_new()) + && TEST_true(BN_set_word(e, 5)) + && TEST_true(BN_set_word(d, 157)) + && TEST_true(BN_set_word(n, 15 * 17)) + && TEST_true(RSA_set0_key(key, n, e, d)); if (!ret) { BN_free(e); BN_free(d); @@ -254,17 +254,17 @@ } /* fails since d >= lcm(p-1, q-1) */ ret = TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx)) - && TEST_true(BN_set_word(d, 45)) - /* d is correct size and 1 = e.d mod lcm(p-1, q-1) */ - && TEST_true(ossl_rsa_check_private_exponent(key, 8, ctx)) - /* d is too small compared to nbits */ - && TEST_false(ossl_rsa_check_private_exponent(key, 16, ctx)) - /* d is too small compared to nbits */ - && TEST_true(BN_set_word(d, 16)) - && TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx)) - /* fail if 1 != e.d mod lcm(p-1, q-1) */ - && TEST_true(BN_set_word(d, 46)) - && TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx)); + && TEST_true(BN_set_word(d, 45)) + /* d is correct size and 1 = e.d mod lcm(p-1, q-1) */ + && TEST_true(ossl_rsa_check_private_exponent(key, 8, ctx)) + /* d is too small compared to nbits */ + && TEST_false(ossl_rsa_check_private_exponent(key, 16, ctx)) + /* d is too small compared to nbits */ + && TEST_true(BN_set_word(d, 16)) + && TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx)) + /* fail if 1 != e.d mod lcm(p-1, q-1) */ + && TEST_true(BN_set_word(d, 46)) + && TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx)); end: RSA_free(key); BN_CTX_free(ctx); @@ -276,7 +276,7 @@ const int P = 15; const int Q = 17; const int E = 5; - const int N = P*Q; + const int N = P * Q; const int DP = 3; const int DQ = 13; const int QINV = 8; @@ -287,57 +287,57 @@ BIGNUM *p = NULL, *q = NULL, *e = NULL; ret = TEST_ptr(key = RSA_new()) - && TEST_ptr(ctx = BN_CTX_new()) - && TEST_ptr(p = BN_new()) - && TEST_ptr(q = BN_new()) - && TEST_ptr(e = BN_new()) - && TEST_true(BN_set_word(p, P)) - && TEST_true(BN_set_word(q, Q)) - && TEST_true(BN_set_word(e, E)) - && TEST_true(RSA_set0_factors(key, p, q)); + && TEST_ptr(ctx = BN_CTX_new()) + && TEST_ptr(p = BN_new()) + && TEST_ptr(q = BN_new()) + && TEST_ptr(e = BN_new()) + && TEST_true(BN_set_word(p, P)) + && TEST_true(BN_set_word(q, Q)) + && TEST_true(BN_set_word(e, E)) + && TEST_true(RSA_set0_factors(key, p, q)); if (!ret) { BN_free(p); BN_free(q); goto end; } ret = TEST_true(ossl_rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx)) - && TEST_BN_eq_word(key->n, N) - && TEST_BN_eq_word(key->dmp1, DP) - && TEST_BN_eq_word(key->dmq1, DQ) - && TEST_BN_eq_word(key->iqmp, QINV) - && TEST_true(ossl_rsa_check_crt_components(key, ctx)) - /* (a) 1 < dP < (p – 1). */ - && TEST_true(BN_set_word(key->dmp1, 1)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->dmp1, P-1)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->dmp1, DP)) - /* (b) 1 < dQ < (q - 1). */ - && TEST_true(BN_set_word(key->dmq1, 1)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->dmq1, Q-1)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->dmq1, DQ)) - /* (c) 1 < qInv < p */ - && TEST_true(BN_set_word(key->iqmp, 1)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->iqmp, P)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->iqmp, QINV)) - /* (d) 1 = (dP . e) mod (p - 1)*/ - && TEST_true(BN_set_word(key->dmp1, DP+1)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->dmp1, DP)) - /* (e) 1 = (dQ . e) mod (q - 1) */ - && TEST_true(BN_set_word(key->dmq1, DQ-1)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->dmq1, DQ)) - /* (f) 1 = (qInv . q) mod p */ - && TEST_true(BN_set_word(key->iqmp, QINV+1)) - && TEST_false(ossl_rsa_check_crt_components(key, ctx)) - && TEST_true(BN_set_word(key->iqmp, QINV)) - /* check defaults are still valid */ - && TEST_true(ossl_rsa_check_crt_components(key, ctx)); + && TEST_BN_eq_word(key->n, N) + && TEST_BN_eq_word(key->dmp1, DP) + && TEST_BN_eq_word(key->dmq1, DQ) + && TEST_BN_eq_word(key->iqmp, QINV) + && TEST_true(ossl_rsa_check_crt_components(key, ctx)) + /* (a) 1 < dP < (p – 1). */ + && TEST_true(BN_set_word(key->dmp1, 1)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->dmp1, P - 1)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->dmp1, DP)) + /* (b) 1 < dQ < (q - 1). */ + && TEST_true(BN_set_word(key->dmq1, 1)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->dmq1, Q - 1)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->dmq1, DQ)) + /* (c) 1 < qInv < p */ + && TEST_true(BN_set_word(key->iqmp, 1)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->iqmp, P)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->iqmp, QINV)) + /* (d) 1 = (dP . e) mod (p - 1)*/ + && TEST_true(BN_set_word(key->dmp1, DP + 1)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->dmp1, DP)) + /* (e) 1 = (dQ . e) mod (q - 1) */ + && TEST_true(BN_set_word(key->dmq1, DQ - 1)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->dmq1, DQ)) + /* (f) 1 = (qInv . q) mod p */ + && TEST_true(BN_set_word(key->iqmp, QINV + 1)) + && TEST_false(ossl_rsa_check_crt_components(key, ctx)) + && TEST_true(BN_set_word(key->iqmp, QINV)) + /* check defaults are still valid */ + && TEST_true(ossl_rsa_check_crt_components(key, ctx)); end: BN_free(e); RSA_free(key); @@ -351,18 +351,18 @@ BIGNUM *tmp = NULL, *p = NULL, *q = NULL; ret = TEST_ptr(tmp = BN_new()) - && TEST_ptr(p = BN_new()) - && TEST_ptr(q = BN_new()) - /* |1-(2+1)| > 2^1 */ - && TEST_true(BN_set_word(p, 1)) - && TEST_true(BN_set_word(q, 1+2)) - && TEST_false(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)) - /* Check |p - q| > 2^(nbits/2 - 100) */ - && TEST_true(BN_set_word(q, 1+3)) - && TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)) - && TEST_true(BN_set_word(p, 1+3)) - && TEST_true(BN_set_word(q, 1)) - && TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)); + && TEST_ptr(p = BN_new()) + && TEST_ptr(q = BN_new()) + /* |1-(2+1)| > 2^1 */ + && TEST_true(BN_set_word(p, 1)) + && TEST_true(BN_set_word(q, 1 + 2)) + && TEST_false(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)) + /* Check |p - q| > 2^(nbits/2 - 100) */ + && TEST_true(BN_set_word(q, 1 + 3)) + && TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)) + && TEST_true(BN_set_word(p, 1 + 3)) + && TEST_true(BN_set_word(q, 1)) + && TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202)); BN_free(p); BN_free(q); BN_free(tmp); @@ -377,13 +377,13 @@ BIGNUM *p = NULL, *q = NULL, *n = NULL, *e = NULL, *d = NULL; ret = TEST_ptr(key = RSA_new()) - && TEST_ptr(ctx = BN_CTX_new()) - /* NULL parameters */ - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) - /* load key */ - && TEST_ptr(p = bn_load_new(cav_p, sizeof(cav_p))) - && TEST_ptr(q = bn_load_new(cav_q, sizeof(cav_q))) - && TEST_true(RSA_set0_factors(key, p, q)); + && TEST_ptr(ctx = BN_CTX_new()) + /* NULL parameters */ + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) + /* load key */ + && TEST_ptr(p = bn_load_new(cav_p, sizeof(cav_p))) + && TEST_ptr(q = bn_load_new(cav_q, sizeof(cav_q))) + && TEST_true(RSA_set0_factors(key, p, q)); if (!ret) { BN_free(p); BN_free(q); @@ -391,55 +391,54 @@ } ret = TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) - && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) - && TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d))) - && TEST_true(RSA_set0_key(key, n, e, d)); + && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) + && TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d))) + && TEST_true(RSA_set0_key(key, n, e, d)); if (!ret) { BN_free(e); BN_free(n); BN_free(d); goto end; } - /* bad strength/key size */ + /* bad strength/key size */ ret = TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 100, 2048)) - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 112, 1024)) - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 128, 2048)) - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 140, 3072)) - /* mismatching exponent */ - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, BN_value_one(), - -1, 2048)) - /* bad exponent */ - && TEST_true(BN_add_word(e, 1)) - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) - && TEST_true(BN_sub_word(e, 1)) - - /* mismatch between bits and modulus */ - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 3072)) - && TEST_true(ossl_rsa_sp800_56b_check_keypair(key, e, 112, 2048)) - /* check n == pq failure */ - && TEST_true(BN_add_word(n, 1)) - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) - && TEST_true(BN_sub_word(n, 1)) - /* check p */ - && TEST_true(BN_sub_word(p, 2)) - && TEST_true(BN_mul(n, p, q, ctx)) - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) - && TEST_true(BN_add_word(p, 2)) - && TEST_true(BN_mul(n, p, q, ctx)) - /* check q */ - && TEST_true(BN_sub_word(q, 2)) - && TEST_true(BN_mul(n, p, q, ctx)) - && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) - && TEST_true(BN_add_word(q, 2)) - && TEST_true(BN_mul(n, p, q, ctx)); + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 112, 1024)) + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 128, 2048)) + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 140, 3072)) + /* mismatching exponent */ + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, BN_value_one(), + -1, 2048)) + /* bad exponent */ + && TEST_true(BN_add_word(e, 1)) + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) + && TEST_true(BN_sub_word(e, 1)) + + /* mismatch between bits and modulus */ + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 3072)) + && TEST_true(ossl_rsa_sp800_56b_check_keypair(key, e, 112, 2048)) + /* check n == pq failure */ + && TEST_true(BN_add_word(n, 1)) + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) + && TEST_true(BN_sub_word(n, 1)) + /* check p */ + && TEST_true(BN_sub_word(p, 2)) + && TEST_true(BN_mul(n, p, q, ctx)) + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) + && TEST_true(BN_add_word(p, 2)) + && TEST_true(BN_mul(n, p, q, ctx)) + /* check q */ + && TEST_true(BN_sub_word(q, 2)) + && TEST_true(BN_mul(n, p, q, ctx)) + && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) + && TEST_true(BN_add_word(q, 2)) + && TEST_true(BN_mul(n, p, q, ctx)); end: RSA_free(key); BN_CTX_free(ctx); return ret; } -static int keygen_size[] = -{ +static int keygen_size[] = { 2048, 3072 }; @@ -450,10 +449,10 @@ int sz = keygen_size[id]; ret = TEST_ptr(key = RSA_new()) - && TEST_true(ossl_rsa_sp800_56b_generate_key(key, sz, NULL, NULL)) - && TEST_true(ossl_rsa_sp800_56b_check_public(key)) - && TEST_true(ossl_rsa_sp800_56b_check_private(key)) - && TEST_true(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, sz)); + && TEST_true(ossl_rsa_sp800_56b_generate_key(key, sz, NULL, NULL)) + && TEST_true(ossl_rsa_sp800_56b_check_public(key)) + && TEST_true(ossl_rsa_sp800_56b_check_private(key)) + && TEST_true(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, sz)); RSA_free(key); return ret; @@ -466,13 +465,13 @@ RSA *key = NULL; ret = TEST_ptr(key = RSA_new()) - /* check NULL pointers fail */ - && TEST_false(ossl_rsa_sp800_56b_check_private(key)) - /* load private key */ - && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) - && TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d))) - && TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) - && TEST_true(RSA_set0_key(key, n, e, d)); + /* check NULL pointers fail */ + && TEST_false(ossl_rsa_sp800_56b_check_private(key)) + /* load private key */ + && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) + && TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d))) + && TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) + && TEST_true(RSA_set0_key(key, n, e, d)); if (!ret) { BN_free(n); BN_free(e); @@ -481,12 +480,12 @@ } /* check d is in range */ ret = TEST_true(ossl_rsa_sp800_56b_check_private(key)) - /* check d is too low */ - && TEST_true(BN_set_word(d, 0)) - && TEST_false(ossl_rsa_sp800_56b_check_private(key)) - /* check d is too high */ - && TEST_ptr(BN_copy(d, n)) - && TEST_false(ossl_rsa_sp800_56b_check_private(key)); + /* check d is too low */ + && TEST_true(BN_set_word(d, 0)) + && TEST_false(ossl_rsa_sp800_56b_check_private(key)) + /* check d is too high */ + && TEST_ptr(BN_copy(d, n)) + && TEST_false(ossl_rsa_sp800_56b_check_private(key)); end: RSA_free(key); return ret; @@ -499,12 +498,12 @@ RSA *key = NULL; ret = TEST_ptr(key = RSA_new()) - /* check NULL pointers fail */ - && TEST_false(ossl_rsa_sp800_56b_check_public(key)) - /* load public key */ - && TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) - && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) - && TEST_true(RSA_set0_key(key, n, e, NULL)); + /* check NULL pointers fail */ + && TEST_false(ossl_rsa_sp800_56b_check_public(key)) + /* load public key */ + && TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e))) + && TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n))) + && TEST_true(RSA_set0_key(key, n, e, NULL)); if (!ret) { BN_free(e); BN_free(n); @@ -512,21 +511,21 @@ } /* check public key is valid */ ret = TEST_true(ossl_rsa_sp800_56b_check_public(key)) - /* check fail if n is even */ - && TEST_true(BN_add_word(n, 1)) - && TEST_false(ossl_rsa_sp800_56b_check_public(key)) - && TEST_true(BN_sub_word(n, 1)) - /* check fail if n is wrong number of bits */ - && TEST_true(BN_lshift1(n, n)) - && TEST_false(ossl_rsa_sp800_56b_check_public(key)) - && TEST_true(BN_rshift1(n, n)) - /* test odd exponent fails */ - && TEST_true(BN_add_word(e, 1)) - && TEST_false(ossl_rsa_sp800_56b_check_public(key)) - && TEST_true(BN_sub_word(e, 1)) - /* modulus fails composite check */ - && TEST_true(BN_add_word(n, 2)) - && TEST_false(ossl_rsa_sp800_56b_check_public(key)); + /* check fail if n is even */ + && TEST_true(BN_add_word(n, 1)) + && TEST_false(ossl_rsa_sp800_56b_check_public(key)) + && TEST_true(BN_sub_word(n, 1)) + /* check fail if n is wrong number of bits */ + && TEST_true(BN_lshift1(n, n)) + && TEST_false(ossl_rsa_sp800_56b_check_public(key)) + && TEST_true(BN_rshift1(n, n)) + /* test odd exponent fails */ + && TEST_true(BN_add_word(e, 1)) + && TEST_false(ossl_rsa_sp800_56b_check_public(key)) + && TEST_true(BN_sub_word(e, 1)) + /* modulus fails composite check */ + && TEST_true(BN_add_word(n, 2)) + && TEST_false(ossl_rsa_sp800_56b_check_public(key)); end: RSA_free(key); return ret; --- crypto/openssl/test/rsa_test.c.orig +++ crypto/openssl/test/rsa_test.c @@ -29,189 +29,165 @@ #include -#define SetKey \ - RSA_set0_key(key, \ - BN_bin2bn(n, sizeof(n)-1, NULL), \ - BN_bin2bn(e, sizeof(e)-1, NULL), \ - BN_bin2bn(d, sizeof(d)-1, NULL)); \ - RSA_set0_factors(key, \ - BN_bin2bn(p, sizeof(p)-1, NULL), \ - BN_bin2bn(q, sizeof(q)-1, NULL)); \ - RSA_set0_crt_params(key, \ - BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \ - BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \ - BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \ - if (c != NULL) \ - memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ +#define SetKey \ + RSA_set0_key(key, \ + BN_bin2bn(n, sizeof(n) - 1, NULL), \ + BN_bin2bn(e, sizeof(e) - 1, NULL), \ + BN_bin2bn(d, sizeof(d) - 1, NULL)); \ + RSA_set0_factors(key, \ + BN_bin2bn(p, sizeof(p) - 1, NULL), \ + BN_bin2bn(q, sizeof(q) - 1, NULL)); \ + RSA_set0_crt_params(key, \ + BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL), \ + BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL), \ + BN_bin2bn(iqmp, sizeof(iqmp) - 1, NULL)); \ + if (c != NULL) \ + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ return sizeof(ctext_ex) - 1; static int key1(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" - "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" - "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" - "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" - "\xF5"; + static unsigned char n[] = "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; static unsigned char e[] = "\x11"; - static unsigned char d[] = - "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" - "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" - "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" - "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; - - static unsigned char p[] = - "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" - "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" - "\x0D"; - - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" - "\x89"; - - static unsigned char dmp1[] = - "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" - "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; - - static unsigned char dmq1[] = - "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" - "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" - "\x51"; - - static unsigned char iqmp[] = - "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" - "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; - - static unsigned char ctext_ex[] = - "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" - "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" - "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" - "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; + static unsigned char d[] = "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" + "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" + "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" + "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; + + static unsigned char p[] = "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" + "\x0D"; + + static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x89"; + + static unsigned char dmp1[] = "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" + "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; + + static unsigned char dmq1[] = "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" + "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" + "\x51"; + + static unsigned char iqmp[] = "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" + "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; + + static unsigned char ctext_ex[] = "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" + "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" + "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" + "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; SetKey; } static int key2(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" - "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" - "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" - "\x34\x77\xCF"; + static unsigned char n[] = "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" + "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" + "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" + "\x34\x77\xCF"; static unsigned char e[] = "\x3"; - static unsigned char d[] = - "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" - "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" - "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" - "\xE5\xEB"; + static unsigned char d[] = "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" + "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" + "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" + "\xE5\xEB"; - static unsigned char p[] = - "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" - "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; + static unsigned char p[] = "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" + "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; + static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; - static unsigned char dmp1[] = - "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" - "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; + static unsigned char dmp1[] = "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" + "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; - static unsigned char dmq1[] = - "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" - "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; + static unsigned char dmq1[] = "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" + "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; - static unsigned char iqmp[] = - "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" - "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; + static unsigned char iqmp[] = "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" + "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; - static unsigned char ctext_ex[] = - "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" - "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" - "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" - "\x62\x51"; + static unsigned char ctext_ex[] = "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" + "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" + "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" + "\x62\x51"; SetKey; } static int key3(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" - "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" - "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" - "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" - "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" - "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" - "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" - "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" - "\xCB"; + static unsigned char n[] = "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" + "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" + "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" + "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" + "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" + "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" + "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" + "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" + "\xCB"; static unsigned char e[] = "\x11"; - static unsigned char d[] = - "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" - "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" - "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" - "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" - "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" - "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" - "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" - "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" - "\xC1"; - - static unsigned char p[] = - "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" - "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" - "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" - "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" - "\x99"; - - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" - "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" - "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" - "\x03"; - - static unsigned char dmp1[] = - "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" - "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" - "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" - "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; - - static unsigned char dmq1[] = - "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" - "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" - "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" - "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; - - static unsigned char iqmp[] = - "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" - "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" - "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" - "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" - "\xF7"; - - static unsigned char ctext_ex[] = - "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" - "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" - "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" - "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" - "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" - "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" - "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" - "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; + static unsigned char d[] = "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" + "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" + "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" + "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" + "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" + "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" + "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" + "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" + "\xC1"; + + static unsigned char p[] = "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" + "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" + "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" + "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" + "\x99"; + + static unsigned char q[] = "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" + "\x03"; + + static unsigned char dmp1[] = "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" + "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" + "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" + "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; + + static unsigned char dmq1[] = "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" + "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" + "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" + "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; + + static unsigned char iqmp[] = "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" + "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" + "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" + "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" + "\xF7"; + + static unsigned char ctext_ex[] = "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" + "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" + "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" + "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" + "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" + "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" + "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" + "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; SetKey; } -static int rsa_setkey(RSA** key, unsigned char *ctext, int idx) +static int rsa_setkey(RSA **key, unsigned char *ctext, int idx) { int clen = 0; @@ -232,8 +208,8 @@ } static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type, - int success, unsigned char *ctext_ex, int *clen, - RSA **retkey) + int success, unsigned char *ctext_ex, int *clen, + RSA **retkey) { int ret = 0; RSA *key; @@ -275,7 +251,7 @@ static int test_rsa_pkcs1(int idx) { return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL, - NULL, NULL); + NULL, NULL); } static int test_rsa_oaep(int idx) @@ -291,14 +267,14 @@ int n; if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1, - ctext_ex, &clen, &key)) + ctext_ex, &clen, &key)) goto err; plen = sizeof(ptext_ex) - 1; /* Different ciphertexts. Try decrypting ctext_ex */ num = RSA_private_decrypt(clen, ctext_ex, ptext, key, - RSA_PKCS1_OAEP_PADDING); + RSA_PKCS1_OAEP_PADDING); if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen)) goto err; @@ -306,7 +282,7 @@ for (n = 0; n < clen; ++n) { ctext_ex[n] ^= 1; num = RSA_private_decrypt(clen, ctext_ex, ptext, key, - RSA_PKCS1_OAEP_PADDING); + RSA_PKCS1_OAEP_PADDING); if (!TEST_int_le(num, 0)) goto err; ctext_ex[n] ^= 1; @@ -315,7 +291,7 @@ /* Test truncated ciphertexts, as well as negative length. */ for (n = -1; n < clen; ++n) { num = RSA_private_decrypt(n, ctext_ex, ptext, key, - RSA_PKCS1_OAEP_PADDING); + RSA_PKCS1_OAEP_PADDING); if (!TEST_int_le(num, 0)) goto err; } @@ -331,27 +307,27 @@ unsigned int r; } rsa_security_bits_cases[] = { /* NIST SP 800-56B rev 2 (draft) Appendix D Table 5 */ - { 2048, 112 }, - { 3072, 128 }, - { 4096, 152 }, - { 6144, 176 }, - { 8192, 200 }, + { 2048, 112 }, + { 3072, 128 }, + { 4096, 152 }, + { 6144, 176 }, + { 8192, 200 }, /* NIST FIPS 140-2 IG 7.5 */ - { 7680, 192 }, - { 15360, 256 }, + { 7680, 192 }, + { 15360, 256 }, /* Older values */ - { 256, 40 }, - { 512, 56 }, - { 1024, 80 }, + { 256, 40 }, + { 512, 56 }, + { 1024, 80 }, /* Some other values */ - { 8888, 208 }, - { 2468, 120 }, - { 13456, 248 }, + { 8888, 208 }, + { 2468, 120 }, + { 13456, 248 }, /* Edge points */ - { 15359, 256 }, - { 15361, 264 }, - { 7679, 192 }, - { 7681, 200 }, + { 15359, 256 }, + { 15361, 264 }, + { 7679, 192 }, + { 7681, 200 }, }; static int test_rsa_security_bit(int n) @@ -383,8 +359,8 @@ * RSA key is not used. The 'd' parameter can be NULL safely. */ if (TEST_true(RSA_set0_key(key, BN_bin2bn(num, bytes, NULL), - BN_bin2bn(num, bytes, NULL), NULL)) - && TEST_uint_eq(RSA_security_bits(key), result)) + BN_bin2bn(num, bytes, NULL), NULL)) + && TEST_uint_eq(RSA_security_bits(key), result)) r = 1; err: RSA_free(key); @@ -409,97 +385,101 @@ EVP_PKEY *pkey = NULL; unsigned char n_data[] = { - 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf, - 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd, - 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6, - 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8, - 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11, - 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b, - 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0, - 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1, - 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99, - 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e, - 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d, - 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f, - 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05, - 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54, - 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc, - 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52, - 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe, - 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55, - 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45, - 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16, - 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97, - 0x2e, 0xf2, 0x8e, 0x7e, 0x13 }; - - unsigned char e_data[] = { 0x01, 0x00, 0x01 }; + 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf, + 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd, + 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6, + 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8, + 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11, + 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b, + 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0, + 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1, + 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99, + 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e, + 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d, + 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f, + 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05, + 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54, + 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc, + 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52, + 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe, + 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55, + 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45, + 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16, + 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97, + 0x2e, 0xf2, 0x8e, 0x7e, 0x13 + }; + + unsigned char e_data[] = { 0x01, 0x00, 0x01 }; unsigned char d_data[] = { - 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a, - 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02, - 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40, - 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01, - 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72, - 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd, - 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38, - 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2, - 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4, - 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27, - 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c, - 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f, - 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e, - 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15, - 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81, - 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22, - 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9, - 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b, - 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4, - 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf, - 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d, - 0xf4, 0xfa, 0x60, 0xc1 }; + 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a, + 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02, + 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40, + 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01, + 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72, + 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd, + 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38, + 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2, + 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4, + 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27, + 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c, + 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f, + 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e, + 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15, + 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81, + 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22, + 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9, + 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b, + 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4, + 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf, + 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d, + 0xf4, 0xfa, 0x60, 0xc1 + }; unsigned char p_data[] = { - 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec, - 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2, - 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9, - 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78, - 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5, - 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3, - 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b, - 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f, - 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e, - 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57, - 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 }; + 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec, + 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2, + 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9, + 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78, + 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5, + 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3, + 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b, + 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f, + 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e, + 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57, + 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 + }; unsigned char q_data[] = { - 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d, - 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7, - 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8, - 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03, - 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03, - 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50, - 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3, - 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a, - 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92, - 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, - 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 }; + 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d, + 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7, + 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8, + 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03, + 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03, + 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50, + 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3, + 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a, + 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92, + 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, + 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 + }; memset(msgbuf, 0xef, 64); ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL))) - && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) - && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL))) - && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL))) - && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL))) - && TEST_ptr((rsa = RSA_new())) - && TEST_ptr((md = EVP_sha256())) - && TEST_ptr((ctx = EVP_MD_CTX_new())) - && TEST_ptr((pkey = EVP_PKEY_new())) - && TEST_true(RSA_set0_factors(rsa, p, q)) - && TEST_true(RSA_set0_key(rsa, n, e, d)) - && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) - && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) - && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen))); + && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) + && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL))) + && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL))) + && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL))) + && TEST_ptr((rsa = RSA_new())) + && TEST_ptr((md = EVP_sha256())) + && TEST_ptr((ctx = EVP_MD_CTX_new())) + && TEST_ptr((pkey = EVP_PKEY_new())) + && TEST_true(RSA_set0_factors(rsa, p, q)) + && TEST_true(RSA_set0_key(rsa, n, e, d)) + && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) + && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) + && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen))); EVP_MD_CTX_free(ctx); EVP_PKEY_free(pkey); --- crypto/openssl/test/sanitytest.c.orig +++ crypto/openssl/test/sanitytest.c @@ -25,20 +25,124 @@ static int test_sanity_enum_size(void) { - enum smallchoices { sa, sb, sc }; - enum medchoices { ma, mb, mc, md, me, mf, mg, mh, mi, mj, mk, ml }; + enum smallchoices { sa, + sb, + sc }; + enum medchoices { ma, + mb, + mc, + md, + me, + mf, + mg, + mh, + mi, + mj, + mk, + ml }; enum largechoices { - a01, b01, c01, d01, e01, f01, g01, h01, i01, j01, - a02, b02, c02, d02, e02, f02, g02, h02, i02, j02, - a03, b03, c03, d03, e03, f03, g03, h03, i03, j03, - a04, b04, c04, d04, e04, f04, g04, h04, i04, j04, - a05, b05, c05, d05, e05, f05, g05, h05, i05, j05, - a06, b06, c06, d06, e06, f06, g06, h06, i06, j06, - a07, b07, c07, d07, e07, f07, g07, h07, i07, j07, - a08, b08, c08, d08, e08, f08, g08, h08, i08, j08, - a09, b09, c09, d09, e09, f09, g09, h09, i09, j09, - a10, b10, c10, d10, e10, f10, g10, h10, i10, j10, - xxx }; + a01, + b01, + c01, + d01, + e01, + f01, + g01, + h01, + i01, + j01, + a02, + b02, + c02, + d02, + e02, + f02, + g02, + h02, + i02, + j02, + a03, + b03, + c03, + d03, + e03, + f03, + g03, + h03, + i03, + j03, + a04, + b04, + c04, + d04, + e04, + f04, + g04, + h04, + i04, + j04, + a05, + b05, + c05, + d05, + e05, + f05, + g05, + h05, + i05, + j05, + a06, + b06, + c06, + d06, + e06, + f06, + g06, + h06, + i06, + j06, + a07, + b07, + c07, + d07, + e07, + f07, + g07, + h07, + i07, + j07, + a08, + b08, + c08, + d08, + e08, + f08, + g08, + h08, + i08, + j08, + a09, + b09, + c09, + d09, + e09, + f09, + g09, + h09, + i09, + j09, + a10, + b10, + c10, + d10, + e10, + f10, + g10, + h10, + i10, + j10, + xxx + }; /* Enum size */ if (!TEST_size_t_eq(sizeof(enum smallchoices), sizeof(int)) @@ -79,24 +183,24 @@ { /* Verify some types are the correct size */ if (!TEST_size_t_eq(sizeof(int8_t), 1) - || !TEST_size_t_eq(sizeof(uint8_t), 1) - || !TEST_size_t_eq(sizeof(int16_t), 2) - || !TEST_size_t_eq(sizeof(uint16_t), 2) - || !TEST_size_t_eq(sizeof(int32_t), 4) - || !TEST_size_t_eq(sizeof(uint32_t), 4) - || !TEST_size_t_eq(sizeof(int64_t), 8) - || !TEST_size_t_eq(sizeof(uint64_t), 8) + || !TEST_size_t_eq(sizeof(uint8_t), 1) + || !TEST_size_t_eq(sizeof(int16_t), 2) + || !TEST_size_t_eq(sizeof(uint16_t), 2) + || !TEST_size_t_eq(sizeof(int32_t), 4) + || !TEST_size_t_eq(sizeof(uint32_t), 4) + || !TEST_size_t_eq(sizeof(int64_t), 8) + || !TEST_size_t_eq(sizeof(uint64_t), 8) #ifdef UINT128_MAX - || !TEST_size_t_eq(sizeof(int128_t), 16) - || !TEST_size_t_eq(sizeof(uint128_t), 16) + || !TEST_size_t_eq(sizeof(int128_t), 16) + || !TEST_size_t_eq(sizeof(uint128_t), 16) #endif - || !TEST_size_t_eq(sizeof(char), 1) - || !TEST_size_t_eq(sizeof(unsigned char), 1)) + || !TEST_size_t_eq(sizeof(char), 1) + || !TEST_size_t_eq(sizeof(unsigned char), 1)) return 0; /* We want our long longs to be at least 64 bits */ if (!TEST_size_t_ge(sizeof(long long int), 8) - || !TEST_size_t_ge(sizeof(unsigned long long int), 8)) + || !TEST_size_t_ge(sizeof(unsigned long long int), 8)) return 0; /* @@ -105,8 +209,8 @@ * an int128_t, so this check is for at least 64 bits. */ if (!TEST_size_t_ge(sizeof(ossl_intmax_t), 8) - || !TEST_size_t_ge(sizeof(ossl_uintmax_t), 8) - || !TEST_size_t_ge(sizeof(ossl_uintmax_t), sizeof(size_t))) + || !TEST_size_t_ge(sizeof(ossl_uintmax_t), 8) + || !TEST_size_t_ge(sizeof(ossl_uintmax_t), sizeof(size_t))) return 0; /* This isn't possible to check using the framework functions */ @@ -140,4 +244,3 @@ ADD_TEST(test_sanity_memcmp); return 1; } - --- crypto/openssl/test/secmemtest.c.orig +++ crypto/openssl/test/secmemtest.c @@ -81,8 +81,7 @@ * If init fails, then initialized should be false, if not, this * could cause an infinite loop secure_malloc, but we don't test it */ - if (TEST_false(CRYPTO_secure_malloc_init(16, 16)) && - !TEST_false(CRYPTO_secure_malloc_initialized())) { + if (TEST_false(CRYPTO_secure_malloc_init(16, 16)) && !TEST_false(CRYPTO_secure_malloc_initialized())) { TEST_true(CRYPTO_secure_malloc_done()); goto end; } @@ -103,7 +102,7 @@ * to make sure that infinite loop is fixed, they can enable the * code below. */ -# if 0 +#if 0 /*- * On Linux and BSD this test has a chance to complete in minimal * time and with minimum side effects, because mlock is likely to @@ -116,11 +115,11 @@ if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, 1<<4) != 0)) TEST_true(CRYPTO_secure_malloc_done()); } -# endif +#endif /* this can complete - it was not really secure */ testresult = 1; - end: +end: OPENSSL_secure_free(p); OPENSSL_free(q); OPENSSL_secure_free(r); @@ -141,7 +140,7 @@ int i, res = 0; if (!TEST_true(CRYPTO_secure_malloc_init(4096, 32)) - || !TEST_ptr(p = OPENSSL_secure_malloc(size))) + || !TEST_ptr(p = OPENSSL_secure_malloc(size))) goto err; for (i = 0; i < size; i++) --- crypto/openssl/test/servername_test.c.orig +++ crypto/openssl/test/servername_test.c @@ -24,15 +24,14 @@ #include "internal/nelem.h" #include "helpers/ssltestlib.h" -#define CLIENT_VERSION_LEN 2 +#define CLIENT_VERSION_LEN 2 static const char *host = "dummy-host"; static char *cert = NULL; static char *privkey = NULL; -#if defined(OPENSSL_NO_TLS1_3) || \ - (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH)) +#if defined(OPENSSL_NO_TLS1_3) || (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH)) static int maxversion = TLS1_2_VERSION; #else static int maxversion = 0; @@ -53,38 +52,37 @@ memset(&pkt5, 0, sizeof(pkt5)); if (!TEST_long_ge(len = BIO_get_mem_data(bio, (char **)&data), 0) - || !TEST_true(PACKET_buf_init(&pkt, data, len)) - /* Skip the record header */ - || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH) - /* Skip the handshake message header */ - || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) - /* Skip client version and random */ - || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN - + SSL3_RANDOM_SIZE)) - /* Skip session id */ - || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) - /* Skip ciphers */ - || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) - /* Skip compression */ - || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) - /* Extensions len */ - || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) + || !TEST_true(PACKET_buf_init(&pkt, data, len)) + /* Skip the record header */ + || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH) + /* Skip the handshake message header */ + || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) + /* Skip client version and random */ + || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE)) + /* Skip session id */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Skip ciphers */ + || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) + /* Skip compression */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Extensions len */ + || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) goto end; /* Loop through all extensions for SNI */ while (PACKET_remaining(&pkt2)) { if (!TEST_true(PACKET_get_net_2(&pkt2, &type)) - || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) goto end; if (type == TLSEXT_TYPE_server_name) { if (!TEST_true(PACKET_get_length_prefixed_2(&pkt3, &pkt4)) - || !TEST_uint_ne(PACKET_remaining(&pkt4), 0) - || !TEST_true(PACKET_get_1(&pkt4, &servname_type)) - || !TEST_uint_eq(servname_type, TLSEXT_NAMETYPE_host_name) - || !TEST_true(PACKET_get_length_prefixed_2(&pkt4, &pkt5)) - || !TEST_uint_le(PACKET_remaining(&pkt5), TLSEXT_MAXLEN_host_name) - || !TEST_false(PACKET_contains_zero_byte(&pkt5)) - || !TEST_true(PACKET_strndup(&pkt5, sni))) + || !TEST_uint_ne(PACKET_remaining(&pkt4), 0) + || !TEST_true(PACKET_get_1(&pkt4, &servname_type)) + || !TEST_uint_eq(servname_type, TLSEXT_NAMETYPE_host_name) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt4, &pkt5)) + || !TEST_uint_le(PACKET_remaining(&pkt5), TLSEXT_MAXLEN_host_name) + || !TEST_false(PACKET_contains_zero_byte(&pkt5)) + || !TEST_true(PACKET_strndup(&pkt5, sni))) goto end; ret = 1; goto end; @@ -109,7 +107,7 @@ goto end; if (maxversion > 0 - && !TEST_true(SSL_CTX_set_max_proto_version(ctx, maxversion))) + && !TEST_true(SSL_CTX_set_max_proto_version(ctx, maxversion))) goto end; con = SSL_new(ctx); @@ -121,7 +119,7 @@ rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); - if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { + if (!TEST_ptr(rbio) || !TEST_ptr(wbio)) { BIO_free(rbio); BIO_free(wbio); goto end; @@ -161,7 +159,7 @@ goto end; if (maxversion > 0 - && !TEST_true(SSL_CTX_set_max_proto_version(ctx, maxversion))) + && !TEST_true(SSL_CTX_set_max_proto_version(ctx, maxversion))) goto end; con = SSL_new(ctx); @@ -170,7 +168,7 @@ rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); - if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { + if (!TEST_ptr(rbio) || !TEST_ptr(wbio)) { BIO_free(rbio); BIO_free(wbio); goto end; @@ -206,11 +204,11 @@ int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + TLS_client_method(), + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) goto end; /* set SNI at server side */ @@ -220,7 +218,7 @@ goto end; if (!TEST_ptr_null(SSL_get_servername(serverssl, - TLSEXT_NAMETYPE_host_name))) { + TLSEXT_NAMETYPE_host_name))) { /* SNI should have been cleared during handshake */ goto end; } @@ -260,7 +258,7 @@ } if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1))) + || !TEST_ptr(privkey = test_get_argument(1))) return 0; ADD_ALL_TESTS(test_servername, OSSL_NELEM(sni_test_fns)); --- crypto/openssl/test/sha_test.c.orig +++ crypto/openssl/test/sha_test.c @@ -12,10 +12,10 @@ #include "testutil.h" static int test_static_sha_common(const char *input, size_t length, - const unsigned char *out, - unsigned char *(*md)(const unsigned char *d, - size_t n, - unsigned char *md)) + const unsigned char *out, + unsigned char *(*md)(const unsigned char *d, + size_t n, + unsigned char *md)) { unsigned char buf[EVP_MAX_MD_SIZE], *sbuf; const unsigned char *in = (unsigned char *)input; @@ -23,13 +23,13 @@ sbuf = (*md)(in, in_len, buf); if (!TEST_ptr(sbuf) - || !TEST_ptr_eq(sbuf, buf) - || !TEST_mem_eq(sbuf, length, out, length)) + || !TEST_ptr_eq(sbuf, buf) + || !TEST_mem_eq(sbuf, length, out, length)) return 0; sbuf = (*md)(in, in_len, NULL); if (!TEST_ptr(sbuf) - || !TEST_ptr_ne(sbuf, buf) - || !TEST_mem_eq(sbuf, length, out, length)) + || !TEST_ptr_ne(sbuf, buf) + || !TEST_mem_eq(sbuf, length, out, length)) return 0; return 1; } --- crypto/openssl/test/shlibloadtest.c.orig +++ crypto/openssl/test/shlibloadtest.c @@ -17,8 +17,8 @@ typedef void DSO; -typedef const SSL_METHOD * (*TLS_method_t)(void); -typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth); +typedef const SSL_METHOD *(*TLS_method_t)(void); +typedef SSL_CTX *(*SSL_CTX_new_t)(const SSL_METHOD *meth); typedef void (*SSL_CTX_free_t)(SSL_CTX *); typedef int (*OPENSSL_init_crypto_t)(uint64_t, void *); typedef int (*OPENSSL_atexit_t)(void (*handler)(void)); @@ -26,7 +26,7 @@ typedef unsigned long (*OPENSSL_version_major_t)(void); typedef unsigned long (*OPENSSL_version_minor_t)(void); typedef unsigned long (*OPENSSL_version_patch_t)(void); -typedef DSO * (*DSO_dsobyaddr_t)(void (*addr)(void), int flags); +typedef DSO *(*DSO_dsobyaddr_t)(void (*addr)(void), int flags); typedef int (*DSO_free_t)(DSO *dso); typedef enum test_types_en { @@ -119,11 +119,11 @@ } if (test_type != JUST_CRYPTO - && test_type != DSO_REFTEST - && test_type != NO_ATEXIT) { + && test_type != DSO_REFTEST + && test_type != NO_ATEXIT) { if (!sd_sym(ssllib, "TLS_method", &symbols[0].sym) - || !sd_sym(ssllib, "SSL_CTX_new", &symbols[1].sym) - || !sd_sym(ssllib, "SSL_CTX_free", &symbols[2].sym)) { + || !sd_sym(ssllib, "SSL_CTX_new", &symbols[1].sym) + || !sd_sym(ssllib, "SSL_CTX_free", &symbols[2].sym)) { fprintf(stderr, "Failed to load libssl symbols\n"); goto end; } @@ -139,10 +139,10 @@ } if (!sd_sym(cryptolib, "ERR_get_error", &symbols[0].sym) - || !sd_sym(cryptolib, "OPENSSL_version_major", &symbols[1].sym) - || !sd_sym(cryptolib, "OPENSSL_version_minor", &symbols[2].sym) - || !sd_sym(cryptolib, "OPENSSL_version_patch", &symbols[3].sym) - || !sd_sym(cryptolib, "OPENSSL_atexit", &symbols[4].sym)) { + || !sd_sym(cryptolib, "OPENSSL_version_major", &symbols[1].sym) + || !sd_sym(cryptolib, "OPENSSL_version_minor", &symbols[2].sym) + || !sd_sym(cryptolib, "OPENSSL_version_patch", &symbols[3].sym) + || !sd_sym(cryptolib, "OPENSSL_atexit", &symbols[4].sym)) { fprintf(stderr, "Failed to load libcrypto symbols\n"); goto end; } @@ -157,8 +157,8 @@ myOPENSSL_version_minor = (OPENSSL_version_minor_t)symbols[2].func; myOPENSSL_version_patch = (OPENSSL_version_patch_t)symbols[3].func; if (myOPENSSL_version_major() != OPENSSL_VERSION_MAJOR - || myOPENSSL_version_minor() != OPENSSL_VERSION_MINOR - || myOPENSSL_version_patch() != OPENSSL_VERSION_PATCH) { + || myOPENSSL_version_minor() != OPENSSL_VERSION_MINOR + || myOPENSSL_version_patch() != OPENSSL_VERSION_PATCH) { fprintf(stderr, "Invalid library version number\n"); goto end; } @@ -170,7 +170,7 @@ } if (test_type == DSO_REFTEST) { -# ifdef DSO_DLFCN +#ifdef DSO_DLFCN DSO_dsobyaddr_t myDSO_dsobyaddr; DSO_free_t myDSO_free; @@ -183,7 +183,7 @@ * implemented there. */ if (!sd_sym(cryptolib, "DSO_dsobyaddr", &symbols[0].sym) - || !sd_sym(cryptolib, "DSO_free", &symbols[1].sym)) { + || !sd_sym(cryptolib, "DSO_free", &symbols[1].sym)) { fprintf(stderr, "Unable to load DSO symbols\n"); goto end; } @@ -201,7 +201,7 @@ } myDSO_free(hndl); } -# endif /* DSO_DLFCN */ +#endif /* DSO_DLFCN */ } if (!sd_close(cryptolib)) { @@ -218,11 +218,11 @@ ssllib = SD_INIT; } -# if defined(OPENSSL_NO_PINSHARED) \ - && defined(__GLIBC__) \ - && defined(__GLIBC_PREREQ) \ +#if defined(OPENSSL_NO_PINSHARED) \ + && defined(__GLIBC__) \ + && defined(__GLIBC_PREREQ) \ && defined(OPENSSL_SYS_LINUX) -# if __GLIBC_PREREQ(2, 3) +#if __GLIBC_PREREQ(2, 3) /* * If we didn't pin the so then we are hopefully on a platform that supports * running atexit() on so unload. If not we might crash. We know this is @@ -232,8 +232,8 @@ fprintf(stderr, "atexit() handler did not run\n"); goto end; } -# endif -# endif +#endif +#endif result = 1; end: @@ -245,7 +245,6 @@ } #endif - /* * shlibloadtest should not use the normal test framework because we don't want * it to link against libcrypto (which the framework uses). The point of the --- crypto/openssl/test/simpledynamic.c.orig +++ crypto/openssl/test/simpledynamic.c @@ -8,8 +8,8 @@ */ #include -#include /* For NULL */ -#include /* For NON_EMPTY_TRANSLATION_UNIT */ +#include /* For NULL */ +#include /* For NON_EMPTY_TRANSLATION_UNIT */ #include #include "simpledynamic.h" @@ -67,7 +67,7 @@ buffer[0] = '\0'; FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), 0, - buffer, sizeof(buffer), NULL); + buffer, sizeof(buffer), NULL); return buffer; } --- crypto/openssl/test/simpledynamic.h.orig +++ crypto/openssl/test/simpledynamic.h @@ -8,44 +8,44 @@ */ #ifndef OSSL_TEST_SIMPLEDYNAMIC_H -# define OSSL_TEST_SIMPLEDYNAMIC_H +#define OSSL_TEST_SIMPLEDYNAMIC_H -# include "crypto/dso_conf.h" +#include "crypto/dso_conf.h" -# if defined(DSO_DLFCN) || defined(DSO_VMS) +#if defined(DSO_DLFCN) || defined(DSO_VMS) -# include +#include -# define SD_INIT NULL -# ifdef DSO_VMS -# define SD_SHLIB 0 -# define SD_MODULE 0 -# else -# define SD_SHLIB (RTLD_GLOBAL|RTLD_LAZY) -# define SD_MODULE (RTLD_LOCAL|RTLD_NOW) -# endif +#define SD_INIT NULL +#ifdef DSO_VMS +#define SD_SHLIB 0 +#define SD_MODULE 0 +#else +#define SD_SHLIB (RTLD_GLOBAL | RTLD_LAZY) +#define SD_MODULE (RTLD_LOCAL | RTLD_NOW) +#endif typedef void *SD; typedef void *SD_SYM; -# elif defined(DSO_WIN32) +#elif defined(DSO_WIN32) -# include +#include -# define SD_INIT 0 -# define SD_SHLIB 0 -# define SD_MODULE 0 +#define SD_INIT 0 +#define SD_SHLIB 0 +#define SD_MODULE 0 typedef HINSTANCE SD; typedef void *SD_SYM; -# endif +#endif -# if defined(DSO_DLFCN) || defined(DSO_WIN32) || defined(DSO_VMS) +#if defined(DSO_DLFCN) || defined(DSO_WIN32) || defined(DSO_VMS) int sd_load(const char *filename, SD *sd, int type); int sd_sym(SD sd, const char *symname, SD_SYM *sym); int sd_close(SD lib); const char *sd_error(void); -# endif +#endif #endif --- crypto/openssl/test/siphash_internal_test.c.orig +++ crypto/openssl/test/siphash_internal_test.c @@ -36,139 +36,1805 @@ /* From C reference: https://131002.net/siphash/ */ static TESTDATA tests[] = { - { 0, { 8, { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, } } }, - { 1, { 8, { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, } } }, - { 2, { 8, { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, } } }, - { 3, { 8, { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, } } }, - { 4, { 8, { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, } } }, - { 5, { 8, { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, } } }, - { 6, { 8, { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, } } }, - { 7, { 8, { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, } } }, - { 8, { 8, { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, } } }, - { 9, { 8, { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, } } }, - { 10, { 8, { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, } } }, - { 11, { 8, { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, } } }, - { 12, { 8, { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, } } }, - { 13, { 8, { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, } } }, - { 14, { 8, { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, } } }, - { 15, { 8, { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, } } }, - { 16, { 8, { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, } } }, - { 17, { 8, { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, } } }, - { 18, { 8, { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, } } }, - { 19, { 8, { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, } } }, - { 20, { 8, { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, } } }, - { 21, { 8, { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, } } }, - { 22, { 8, { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, } } }, - { 23, { 8, { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, } } }, - { 24, { 8, { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, } } }, - { 25, { 8, { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, } } }, - { 26, { 8, { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, } } }, - { 27, { 8, { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, } } }, - { 28, { 8, { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, } } }, - { 29, { 8, { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, } } }, - { 30, { 8, { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, } } }, - { 31, { 8, { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, } } }, - { 32, { 8, { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, } } }, - { 33, { 8, { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, } } }, - { 34, { 8, { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, } } }, - { 35, { 8, { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, } } }, - { 36, { 8, { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, } } }, - { 37, { 8, { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, } } }, - { 38, { 8, { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, } } }, - { 39, { 8, { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, } } }, - { 40, { 8, { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, } } }, - { 41, { 8, { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, } } }, - { 42, { 8, { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, } } }, - { 43, { 8, { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, } } }, - { 44, { 8, { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, } } }, - { 45, { 8, { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, } } }, - { 46, { 8, { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, } } }, - { 47, { 8, { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, } } }, - { 48, { 8, { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, } } }, - { 49, { 8, { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, } } }, - { 50, { 8, { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, } } }, - { 51, { 8, { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, } } }, - { 52, { 8, { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, } } }, - { 53, { 8, { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, } } }, - { 54, { 8, { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, } } }, - { 55, { 8, { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, } } }, - { 56, { 8, { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, } } }, - { 57, { 8, { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, } } }, - { 58, { 8, { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, } } }, - { 59, { 8, { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, } } }, - { 60, { 8, { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, } } }, - { 61, { 8, { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, } } }, - { 62, { 8, { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, } } }, - { 63, { 8, { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, } } }, - { 0, { 16, { 0xa3, 0x81, 0x7f, 0x04, 0xba, 0x25, 0xa8, 0xe6, 0x6d, 0xf6, 0x72, 0x14, 0xc7, 0x55, 0x02, 0x93, } } }, - { 1, { 16, { 0xda, 0x87, 0xc1, 0xd8, 0x6b, 0x99, 0xaf, 0x44, 0x34, 0x76, 0x59, 0x11, 0x9b, 0x22, 0xfc, 0x45, } } }, - { 2, { 16, { 0x81, 0x77, 0x22, 0x8d, 0xa4, 0xa4, 0x5d, 0xc7, 0xfc, 0xa3, 0x8b, 0xde, 0xf6, 0x0a, 0xff, 0xe4, } } }, - { 3, { 16, { 0x9c, 0x70, 0xb6, 0x0c, 0x52, 0x67, 0xa9, 0x4e, 0x5f, 0x33, 0xb6, 0xb0, 0x29, 0x85, 0xed, 0x51, } } }, - { 4, { 16, { 0xf8, 0x81, 0x64, 0xc1, 0x2d, 0x9c, 0x8f, 0xaf, 0x7d, 0x0f, 0x6e, 0x7c, 0x7b, 0xcd, 0x55, 0x79, } } }, - { 5, { 16, { 0x13, 0x68, 0x87, 0x59, 0x80, 0x77, 0x6f, 0x88, 0x54, 0x52, 0x7a, 0x07, 0x69, 0x0e, 0x96, 0x27, } } }, - { 6, { 16, { 0x14, 0xee, 0xca, 0x33, 0x8b, 0x20, 0x86, 0x13, 0x48, 0x5e, 0xa0, 0x30, 0x8f, 0xd7, 0xa1, 0x5e, } } }, - { 7, { 16, { 0xa1, 0xf1, 0xeb, 0xbe, 0xd8, 0xdb, 0xc1, 0x53, 0xc0, 0xb8, 0x4a, 0xa6, 0x1f, 0xf0, 0x82, 0x39, } } }, - { 8, { 16, { 0x3b, 0x62, 0xa9, 0xba, 0x62, 0x58, 0xf5, 0x61, 0x0f, 0x83, 0xe2, 0x64, 0xf3, 0x14, 0x97, 0xb4, } } }, - { 9, { 16, { 0x26, 0x44, 0x99, 0x06, 0x0a, 0xd9, 0xba, 0xab, 0xc4, 0x7f, 0x8b, 0x02, 0xbb, 0x6d, 0x71, 0xed, } } }, - { 10, { 16, { 0x00, 0x11, 0x0d, 0xc3, 0x78, 0x14, 0x69, 0x56, 0xc9, 0x54, 0x47, 0xd3, 0xf3, 0xd0, 0xfb, 0xba, } } }, - { 11, { 16, { 0x01, 0x51, 0xc5, 0x68, 0x38, 0x6b, 0x66, 0x77, 0xa2, 0xb4, 0xdc, 0x6f, 0x81, 0xe5, 0xdc, 0x18, } } }, - { 12, { 16, { 0xd6, 0x26, 0xb2, 0x66, 0x90, 0x5e, 0xf3, 0x58, 0x82, 0x63, 0x4d, 0xf6, 0x85, 0x32, 0xc1, 0x25, } } }, - { 13, { 16, { 0x98, 0x69, 0xe2, 0x47, 0xe9, 0xc0, 0x8b, 0x10, 0xd0, 0x29, 0x93, 0x4f, 0xc4, 0xb9, 0x52, 0xf7, } } }, - { 14, { 16, { 0x31, 0xfc, 0xef, 0xac, 0x66, 0xd7, 0xde, 0x9c, 0x7e, 0xc7, 0x48, 0x5f, 0xe4, 0x49, 0x49, 0x02, } } }, - { 15, { 16, { 0x54, 0x93, 0xe9, 0x99, 0x33, 0xb0, 0xa8, 0x11, 0x7e, 0x08, 0xec, 0x0f, 0x97, 0xcf, 0xc3, 0xd9, } } }, - { 16, { 16, { 0x6e, 0xe2, 0xa4, 0xca, 0x67, 0xb0, 0x54, 0xbb, 0xfd, 0x33, 0x15, 0xbf, 0x85, 0x23, 0x05, 0x77, } } }, - { 17, { 16, { 0x47, 0x3d, 0x06, 0xe8, 0x73, 0x8d, 0xb8, 0x98, 0x54, 0xc0, 0x66, 0xc4, 0x7a, 0xe4, 0x77, 0x40, } } }, - { 18, { 16, { 0xa4, 0x26, 0xe5, 0xe4, 0x23, 0xbf, 0x48, 0x85, 0x29, 0x4d, 0xa4, 0x81, 0xfe, 0xae, 0xf7, 0x23, } } }, - { 19, { 16, { 0x78, 0x01, 0x77, 0x31, 0xcf, 0x65, 0xfa, 0xb0, 0x74, 0xd5, 0x20, 0x89, 0x52, 0x51, 0x2e, 0xb1, } } }, - { 20, { 16, { 0x9e, 0x25, 0xfc, 0x83, 0x3f, 0x22, 0x90, 0x73, 0x3e, 0x93, 0x44, 0xa5, 0xe8, 0x38, 0x39, 0xeb, } } }, - { 21, { 16, { 0x56, 0x8e, 0x49, 0x5a, 0xbe, 0x52, 0x5a, 0x21, 0x8a, 0x22, 0x14, 0xcd, 0x3e, 0x07, 0x1d, 0x12, } } }, - { 22, { 16, { 0x4a, 0x29, 0xb5, 0x45, 0x52, 0xd1, 0x6b, 0x9a, 0x46, 0x9c, 0x10, 0x52, 0x8e, 0xff, 0x0a, 0xae, } } }, - { 23, { 16, { 0xc9, 0xd1, 0x84, 0xdd, 0xd5, 0xa9, 0xf5, 0xe0, 0xcf, 0x8c, 0xe2, 0x9a, 0x9a, 0xbf, 0x69, 0x1c, } } }, - { 24, { 16, { 0x2d, 0xb4, 0x79, 0xae, 0x78, 0xbd, 0x50, 0xd8, 0x88, 0x2a, 0x8a, 0x17, 0x8a, 0x61, 0x32, 0xad, } } }, - { 25, { 16, { 0x8e, 0xce, 0x5f, 0x04, 0x2d, 0x5e, 0x44, 0x7b, 0x50, 0x51, 0xb9, 0xea, 0xcb, 0x8d, 0x8f, 0x6f, } } }, - { 26, { 16, { 0x9c, 0x0b, 0x53, 0xb4, 0xb3, 0xc3, 0x07, 0xe8, 0x7e, 0xae, 0xe0, 0x86, 0x78, 0x14, 0x1f, 0x66, } } }, - { 27, { 16, { 0xab, 0xf2, 0x48, 0xaf, 0x69, 0xa6, 0xea, 0xe4, 0xbf, 0xd3, 0xeb, 0x2f, 0x12, 0x9e, 0xeb, 0x94, } } }, - { 28, { 16, { 0x06, 0x64, 0xda, 0x16, 0x68, 0x57, 0x4b, 0x88, 0xb9, 0x35, 0xf3, 0x02, 0x73, 0x58, 0xae, 0xf4, } } }, - { 29, { 16, { 0xaa, 0x4b, 0x9d, 0xc4, 0xbf, 0x33, 0x7d, 0xe9, 0x0c, 0xd4, 0xfd, 0x3c, 0x46, 0x7c, 0x6a, 0xb7, } } }, - { 30, { 16, { 0xea, 0x5c, 0x7f, 0x47, 0x1f, 0xaf, 0x6b, 0xde, 0x2b, 0x1a, 0xd7, 0xd4, 0x68, 0x6d, 0x22, 0x87, } } }, - { 31, { 16, { 0x29, 0x39, 0xb0, 0x18, 0x32, 0x23, 0xfa, 0xfc, 0x17, 0x23, 0xde, 0x4f, 0x52, 0xc4, 0x3d, 0x35, } } }, - { 32, { 16, { 0x7c, 0x39, 0x56, 0xca, 0x5e, 0xea, 0xfc, 0x3e, 0x36, 0x3e, 0x9d, 0x55, 0x65, 0x46, 0xeb, 0x68, } } }, - { 33, { 16, { 0x77, 0xc6, 0x07, 0x71, 0x46, 0xf0, 0x1c, 0x32, 0xb6, 0xb6, 0x9d, 0x5f, 0x4e, 0xa9, 0xff, 0xcf, } } }, - { 34, { 16, { 0x37, 0xa6, 0x98, 0x6c, 0xb8, 0x84, 0x7e, 0xdf, 0x09, 0x25, 0xf0, 0xf1, 0x30, 0x9b, 0x54, 0xde, } } }, - { 35, { 16, { 0xa7, 0x05, 0xf0, 0xe6, 0x9d, 0xa9, 0xa8, 0xf9, 0x07, 0x24, 0x1a, 0x2e, 0x92, 0x3c, 0x8c, 0xc8, } } }, - { 36, { 16, { 0x3d, 0xc4, 0x7d, 0x1f, 0x29, 0xc4, 0x48, 0x46, 0x1e, 0x9e, 0x76, 0xed, 0x90, 0x4f, 0x67, 0x11, } } }, - { 37, { 16, { 0x0d, 0x62, 0xbf, 0x01, 0xe6, 0xfc, 0x0e, 0x1a, 0x0d, 0x3c, 0x47, 0x51, 0xc5, 0xd3, 0x69, 0x2b, } } }, - { 38, { 16, { 0x8c, 0x03, 0x46, 0x8b, 0xca, 0x7c, 0x66, 0x9e, 0xe4, 0xfd, 0x5e, 0x08, 0x4b, 0xbe, 0xe7, 0xb5, } } }, - { 39, { 16, { 0x52, 0x8a, 0x5b, 0xb9, 0x3b, 0xaf, 0x2c, 0x9c, 0x44, 0x73, 0xcc, 0xe5, 0xd0, 0xd2, 0x2b, 0xd9, } } }, - { 40, { 16, { 0xdf, 0x6a, 0x30, 0x1e, 0x95, 0xc9, 0x5d, 0xad, 0x97, 0xae, 0x0c, 0xc8, 0xc6, 0x91, 0x3b, 0xd8, } } }, - { 41, { 16, { 0x80, 0x11, 0x89, 0x90, 0x2c, 0x85, 0x7f, 0x39, 0xe7, 0x35, 0x91, 0x28, 0x5e, 0x70, 0xb6, 0xdb, } } }, - { 42, { 16, { 0xe6, 0x17, 0x34, 0x6a, 0xc9, 0xc2, 0x31, 0xbb, 0x36, 0x50, 0xae, 0x34, 0xcc, 0xca, 0x0c, 0x5b, } } }, - { 43, { 16, { 0x27, 0xd9, 0x34, 0x37, 0xef, 0xb7, 0x21, 0xaa, 0x40, 0x18, 0x21, 0xdc, 0xec, 0x5a, 0xdf, 0x89, } } }, - { 44, { 16, { 0x89, 0x23, 0x7d, 0x9d, 0xed, 0x9c, 0x5e, 0x78, 0xd8, 0xb1, 0xc9, 0xb1, 0x66, 0xcc, 0x73, 0x42, } } }, - { 45, { 16, { 0x4a, 0x6d, 0x80, 0x91, 0xbf, 0x5e, 0x7d, 0x65, 0x11, 0x89, 0xfa, 0x94, 0xa2, 0x50, 0xb1, 0x4c, } } }, - { 46, { 16, { 0x0e, 0x33, 0xf9, 0x60, 0x55, 0xe7, 0xae, 0x89, 0x3f, 0xfc, 0x0e, 0x3d, 0xcf, 0x49, 0x29, 0x02, } } }, - { 47, { 16, { 0xe6, 0x1c, 0x43, 0x2b, 0x72, 0x0b, 0x19, 0xd1, 0x8e, 0xc8, 0xd8, 0x4b, 0xdc, 0x63, 0x15, 0x1b, } } }, - { 48, { 16, { 0xf7, 0xe5, 0xae, 0xf5, 0x49, 0xf7, 0x82, 0xcf, 0x37, 0x90, 0x55, 0xa6, 0x08, 0x26, 0x9b, 0x16, } } }, - { 49, { 16, { 0x43, 0x8d, 0x03, 0x0f, 0xd0, 0xb7, 0xa5, 0x4f, 0xa8, 0x37, 0xf2, 0xad, 0x20, 0x1a, 0x64, 0x03, } } }, - { 50, { 16, { 0xa5, 0x90, 0xd3, 0xee, 0x4f, 0xbf, 0x04, 0xe3, 0x24, 0x7e, 0x0d, 0x27, 0xf2, 0x86, 0x42, 0x3f, } } }, - { 51, { 16, { 0x5f, 0xe2, 0xc1, 0xa1, 0x72, 0xfe, 0x93, 0xc4, 0xb1, 0x5c, 0xd3, 0x7c, 0xae, 0xf9, 0xf5, 0x38, } } }, - { 52, { 16, { 0x2c, 0x97, 0x32, 0x5c, 0xbd, 0x06, 0xb3, 0x6e, 0xb2, 0x13, 0x3d, 0xd0, 0x8b, 0x3a, 0x01, 0x7c, } } }, - { 53, { 16, { 0x92, 0xc8, 0x14, 0x22, 0x7a, 0x6b, 0xca, 0x94, 0x9f, 0xf0, 0x65, 0x9f, 0x00, 0x2a, 0xd3, 0x9e, } } }, - { 54, { 16, { 0xdc, 0xe8, 0x50, 0x11, 0x0b, 0xd8, 0x32, 0x8c, 0xfb, 0xd5, 0x08, 0x41, 0xd6, 0x91, 0x1d, 0x87, } } }, - { 55, { 16, { 0x67, 0xf1, 0x49, 0x84, 0xc7, 0xda, 0x79, 0x12, 0x48, 0xe3, 0x2b, 0xb5, 0x92, 0x25, 0x83, 0xda, } } }, - { 56, { 16, { 0x19, 0x38, 0xf2, 0xcf, 0x72, 0xd5, 0x4e, 0xe9, 0x7e, 0x94, 0x16, 0x6f, 0xa9, 0x1d, 0x2a, 0x36, } } }, - { 57, { 16, { 0x74, 0x48, 0x1e, 0x96, 0x46, 0xed, 0x49, 0xfe, 0x0f, 0x62, 0x24, 0x30, 0x16, 0x04, 0x69, 0x8e, } } }, - { 58, { 16, { 0x57, 0xfc, 0xa5, 0xde, 0x98, 0xa9, 0xd6, 0xd8, 0x00, 0x64, 0x38, 0xd0, 0x58, 0x3d, 0x8a, 0x1d, } } }, - { 59, { 16, { 0x9f, 0xec, 0xde, 0x1c, 0xef, 0xdc, 0x1c, 0xbe, 0xd4, 0x76, 0x36, 0x74, 0xd9, 0x57, 0x53, 0x59, } } }, - { 60, { 16, { 0xe3, 0x04, 0x0c, 0x00, 0xeb, 0x28, 0xf1, 0x53, 0x66, 0xca, 0x73, 0xcb, 0xd8, 0x72, 0xe7, 0x40, } } }, - { 61, { 16, { 0x76, 0x97, 0x00, 0x9a, 0x6a, 0x83, 0x1d, 0xfe, 0xcc, 0xa9, 0x1c, 0x59, 0x93, 0x67, 0x0f, 0x7a, } } }, - { 62, { 16, { 0x58, 0x53, 0x54, 0x23, 0x21, 0xf5, 0x67, 0xa0, 0x05, 0xd5, 0x47, 0xa4, 0xf0, 0x47, 0x59, 0xbd, } } }, - { 63, { 16, { 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a, 0x50, 0x3e, 0x06, 0x9a, 0x97, 0x3f, 0xbd, 0x7c, } } } + { 0, { 8, { + 0x31, + 0x0e, + 0x0e, + 0xdd, + 0x47, + 0xdb, + 0x6f, + 0x72, + } } }, + { 1, { 8, { + 0xfd, + 0x67, + 0xdc, + 0x93, + 0xc5, + 0x39, + 0xf8, + 0x74, + } } }, + { 2, { 8, { + 0x5a, + 0x4f, + 0xa9, + 0xd9, + 0x09, + 0x80, + 0x6c, + 0x0d, + } } }, + { 3, { 8, { + 0x2d, + 0x7e, + 0xfb, + 0xd7, + 0x96, + 0x66, + 0x67, + 0x85, + } } }, + { 4, { 8, { + 0xb7, + 0x87, + 0x71, + 0x27, + 0xe0, + 0x94, + 0x27, + 0xcf, + } } }, + { 5, { 8, { + 0x8d, + 0xa6, + 0x99, + 0xcd, + 0x64, + 0x55, + 0x76, + 0x18, + } } }, + { 6, { 8, { + 0xce, + 0xe3, + 0xfe, + 0x58, + 0x6e, + 0x46, + 0xc9, + 0xcb, + } } }, + { 7, { 8, { + 0x37, + 0xd1, + 0x01, + 0x8b, + 0xf5, + 0x00, + 0x02, + 0xab, + } } }, + { 8, { 8, { + 0x62, + 0x24, + 0x93, + 0x9a, + 0x79, + 0xf5, + 0xf5, + 0x93, + } } }, + { 9, { 8, { + 0xb0, + 0xe4, + 0xa9, + 0x0b, + 0xdf, + 0x82, + 0x00, + 0x9e, + } } }, + { 10, { 8, { + 0xf3, + 0xb9, + 0xdd, + 0x94, + 0xc5, + 0xbb, + 0x5d, + 0x7a, + } } }, + { 11, { 8, { + 0xa7, + 0xad, + 0x6b, + 0x22, + 0x46, + 0x2f, + 0xb3, + 0xf4, + } } }, + { 12, { 8, { + 0xfb, + 0xe5, + 0x0e, + 0x86, + 0xbc, + 0x8f, + 0x1e, + 0x75, + } } }, + { 13, { 8, { + 0x90, + 0x3d, + 0x84, + 0xc0, + 0x27, + 0x56, + 0xea, + 0x14, + } } }, + { 14, { 8, { + 0xee, + 0xf2, + 0x7a, + 0x8e, + 0x90, + 0xca, + 0x23, + 0xf7, + } } }, + { 15, { 8, { + 0xe5, + 0x45, + 0xbe, + 0x49, + 0x61, + 0xca, + 0x29, + 0xa1, + } } }, + { 16, { 8, { + 0xdb, + 0x9b, + 0xc2, + 0x57, + 0x7f, + 0xcc, + 0x2a, + 0x3f, + } } }, + { 17, { 8, { + 0x94, + 0x47, + 0xbe, + 0x2c, + 0xf5, + 0xe9, + 0x9a, + 0x69, + } } }, + { 18, { 8, { + 0x9c, + 0xd3, + 0x8d, + 0x96, + 0xf0, + 0xb3, + 0xc1, + 0x4b, + } } }, + { 19, { 8, { + 0xbd, + 0x61, + 0x79, + 0xa7, + 0x1d, + 0xc9, + 0x6d, + 0xbb, + } } }, + { 20, { 8, { + 0x98, + 0xee, + 0xa2, + 0x1a, + 0xf2, + 0x5c, + 0xd6, + 0xbe, + } } }, + { 21, { 8, { + 0xc7, + 0x67, + 0x3b, + 0x2e, + 0xb0, + 0xcb, + 0xf2, + 0xd0, + } } }, + { 22, { 8, { + 0x88, + 0x3e, + 0xa3, + 0xe3, + 0x95, + 0x67, + 0x53, + 0x93, + } } }, + { 23, { 8, { + 0xc8, + 0xce, + 0x5c, + 0xcd, + 0x8c, + 0x03, + 0x0c, + 0xa8, + } } }, + { 24, { 8, { + 0x94, + 0xaf, + 0x49, + 0xf6, + 0xc6, + 0x50, + 0xad, + 0xb8, + } } }, + { 25, { 8, { + 0xea, + 0xb8, + 0x85, + 0x8a, + 0xde, + 0x92, + 0xe1, + 0xbc, + } } }, + { 26, { 8, { + 0xf3, + 0x15, + 0xbb, + 0x5b, + 0xb8, + 0x35, + 0xd8, + 0x17, + } } }, + { 27, { 8, { + 0xad, + 0xcf, + 0x6b, + 0x07, + 0x63, + 0x61, + 0x2e, + 0x2f, + } } }, + { 28, { 8, { + 0xa5, + 0xc9, + 0x1d, + 0xa7, + 0xac, + 0xaa, + 0x4d, + 0xde, + } } }, + { 29, { 8, { + 0x71, + 0x65, + 0x95, + 0x87, + 0x66, + 0x50, + 0xa2, + 0xa6, + } } }, + { 30, { 8, { + 0x28, + 0xef, + 0x49, + 0x5c, + 0x53, + 0xa3, + 0x87, + 0xad, + } } }, + { 31, { 8, { + 0x42, + 0xc3, + 0x41, + 0xd8, + 0xfa, + 0x92, + 0xd8, + 0x32, + } } }, + { 32, { 8, { + 0xce, + 0x7c, + 0xf2, + 0x72, + 0x2f, + 0x51, + 0x27, + 0x71, + } } }, + { 33, { 8, { + 0xe3, + 0x78, + 0x59, + 0xf9, + 0x46, + 0x23, + 0xf3, + 0xa7, + } } }, + { 34, { 8, { + 0x38, + 0x12, + 0x05, + 0xbb, + 0x1a, + 0xb0, + 0xe0, + 0x12, + } } }, + { 35, { 8, { + 0xae, + 0x97, + 0xa1, + 0x0f, + 0xd4, + 0x34, + 0xe0, + 0x15, + } } }, + { 36, { 8, { + 0xb4, + 0xa3, + 0x15, + 0x08, + 0xbe, + 0xff, + 0x4d, + 0x31, + } } }, + { 37, { 8, { + 0x81, + 0x39, + 0x62, + 0x29, + 0xf0, + 0x90, + 0x79, + 0x02, + } } }, + { 38, { 8, { + 0x4d, + 0x0c, + 0xf4, + 0x9e, + 0xe5, + 0xd4, + 0xdc, + 0xca, + } } }, + { 39, { 8, { + 0x5c, + 0x73, + 0x33, + 0x6a, + 0x76, + 0xd8, + 0xbf, + 0x9a, + } } }, + { 40, { 8, { + 0xd0, + 0xa7, + 0x04, + 0x53, + 0x6b, + 0xa9, + 0x3e, + 0x0e, + } } }, + { 41, { 8, { + 0x92, + 0x59, + 0x58, + 0xfc, + 0xd6, + 0x42, + 0x0c, + 0xad, + } } }, + { 42, { 8, { + 0xa9, + 0x15, + 0xc2, + 0x9b, + 0xc8, + 0x06, + 0x73, + 0x18, + } } }, + { 43, { 8, { + 0x95, + 0x2b, + 0x79, + 0xf3, + 0xbc, + 0x0a, + 0xa6, + 0xd4, + } } }, + { 44, { 8, { + 0xf2, + 0x1d, + 0xf2, + 0xe4, + 0x1d, + 0x45, + 0x35, + 0xf9, + } } }, + { 45, { 8, { + 0x87, + 0x57, + 0x75, + 0x19, + 0x04, + 0x8f, + 0x53, + 0xa9, + } } }, + { 46, { 8, { + 0x10, + 0xa5, + 0x6c, + 0xf5, + 0xdf, + 0xcd, + 0x9a, + 0xdb, + } } }, + { 47, { 8, { + 0xeb, + 0x75, + 0x09, + 0x5c, + 0xcd, + 0x98, + 0x6c, + 0xd0, + } } }, + { 48, { 8, { + 0x51, + 0xa9, + 0xcb, + 0x9e, + 0xcb, + 0xa3, + 0x12, + 0xe6, + } } }, + { 49, { 8, { + 0x96, + 0xaf, + 0xad, + 0xfc, + 0x2c, + 0xe6, + 0x66, + 0xc7, + } } }, + { 50, { 8, { + 0x72, + 0xfe, + 0x52, + 0x97, + 0x5a, + 0x43, + 0x64, + 0xee, + } } }, + { 51, { 8, { + 0x5a, + 0x16, + 0x45, + 0xb2, + 0x76, + 0xd5, + 0x92, + 0xa1, + } } }, + { 52, { 8, { + 0xb2, + 0x74, + 0xcb, + 0x8e, + 0xbf, + 0x87, + 0x87, + 0x0a, + } } }, + { 53, { 8, { + 0x6f, + 0x9b, + 0xb4, + 0x20, + 0x3d, + 0xe7, + 0xb3, + 0x81, + } } }, + { 54, { 8, { + 0xea, + 0xec, + 0xb2, + 0xa3, + 0x0b, + 0x22, + 0xa8, + 0x7f, + } } }, + { 55, { 8, { + 0x99, + 0x24, + 0xa4, + 0x3c, + 0xc1, + 0x31, + 0x57, + 0x24, + } } }, + { 56, { 8, { + 0xbd, + 0x83, + 0x8d, + 0x3a, + 0xaf, + 0xbf, + 0x8d, + 0xb7, + } } }, + { 57, { 8, { + 0x0b, + 0x1a, + 0x2a, + 0x32, + 0x65, + 0xd5, + 0x1a, + 0xea, + } } }, + { 58, { 8, { + 0x13, + 0x50, + 0x79, + 0xa3, + 0x23, + 0x1c, + 0xe6, + 0x60, + } } }, + { 59, { 8, { + 0x93, + 0x2b, + 0x28, + 0x46, + 0xe4, + 0xd7, + 0x06, + 0x66, + } } }, + { 60, { 8, { + 0xe1, + 0x91, + 0x5f, + 0x5c, + 0xb1, + 0xec, + 0xa4, + 0x6c, + } } }, + { 61, { 8, { + 0xf3, + 0x25, + 0x96, + 0x5c, + 0xa1, + 0x6d, + 0x62, + 0x9f, + } } }, + { 62, { 8, { + 0x57, + 0x5f, + 0xf2, + 0x8e, + 0x60, + 0x38, + 0x1b, + 0xe5, + } } }, + { 63, { 8, { + 0x72, + 0x45, + 0x06, + 0xeb, + 0x4c, + 0x32, + 0x8a, + 0x95, + } } }, + { 0, { 16, { + 0xa3, + 0x81, + 0x7f, + 0x04, + 0xba, + 0x25, + 0xa8, + 0xe6, + 0x6d, + 0xf6, + 0x72, + 0x14, + 0xc7, + 0x55, + 0x02, + 0x93, + } } }, + { 1, { 16, { + 0xda, + 0x87, + 0xc1, + 0xd8, + 0x6b, + 0x99, + 0xaf, + 0x44, + 0x34, + 0x76, + 0x59, + 0x11, + 0x9b, + 0x22, + 0xfc, + 0x45, + } } }, + { 2, { 16, { + 0x81, + 0x77, + 0x22, + 0x8d, + 0xa4, + 0xa4, + 0x5d, + 0xc7, + 0xfc, + 0xa3, + 0x8b, + 0xde, + 0xf6, + 0x0a, + 0xff, + 0xe4, + } } }, + { 3, { 16, { + 0x9c, + 0x70, + 0xb6, + 0x0c, + 0x52, + 0x67, + 0xa9, + 0x4e, + 0x5f, + 0x33, + 0xb6, + 0xb0, + 0x29, + 0x85, + 0xed, + 0x51, + } } }, + { 4, { 16, { + 0xf8, + 0x81, + 0x64, + 0xc1, + 0x2d, + 0x9c, + 0x8f, + 0xaf, + 0x7d, + 0x0f, + 0x6e, + 0x7c, + 0x7b, + 0xcd, + 0x55, + 0x79, + } } }, + { 5, { 16, { + 0x13, + 0x68, + 0x87, + 0x59, + 0x80, + 0x77, + 0x6f, + 0x88, + 0x54, + 0x52, + 0x7a, + 0x07, + 0x69, + 0x0e, + 0x96, + 0x27, + } } }, + { 6, { 16, { + 0x14, + 0xee, + 0xca, + 0x33, + 0x8b, + 0x20, + 0x86, + 0x13, + 0x48, + 0x5e, + 0xa0, + 0x30, + 0x8f, + 0xd7, + 0xa1, + 0x5e, + } } }, + { 7, { 16, { + 0xa1, + 0xf1, + 0xeb, + 0xbe, + 0xd8, + 0xdb, + 0xc1, + 0x53, + 0xc0, + 0xb8, + 0x4a, + 0xa6, + 0x1f, + 0xf0, + 0x82, + 0x39, + } } }, + { 8, { 16, { + 0x3b, + 0x62, + 0xa9, + 0xba, + 0x62, + 0x58, + 0xf5, + 0x61, + 0x0f, + 0x83, + 0xe2, + 0x64, + 0xf3, + 0x14, + 0x97, + 0xb4, + } } }, + { 9, { 16, { + 0x26, + 0x44, + 0x99, + 0x06, + 0x0a, + 0xd9, + 0xba, + 0xab, + 0xc4, + 0x7f, + 0x8b, + 0x02, + 0xbb, + 0x6d, + 0x71, + 0xed, + } } }, + { 10, { 16, { + 0x00, + 0x11, + 0x0d, + 0xc3, + 0x78, + 0x14, + 0x69, + 0x56, + 0xc9, + 0x54, + 0x47, + 0xd3, + 0xf3, + 0xd0, + 0xfb, + 0xba, + } } }, + { 11, { 16, { + 0x01, + 0x51, + 0xc5, + 0x68, + 0x38, + 0x6b, + 0x66, + 0x77, + 0xa2, + 0xb4, + 0xdc, + 0x6f, + 0x81, + 0xe5, + 0xdc, + 0x18, + } } }, + { 12, { 16, { + 0xd6, + 0x26, + 0xb2, + 0x66, + 0x90, + 0x5e, + 0xf3, + 0x58, + 0x82, + 0x63, + 0x4d, + 0xf6, + 0x85, + 0x32, + 0xc1, + 0x25, + } } }, + { 13, { 16, { + 0x98, + 0x69, + 0xe2, + 0x47, + 0xe9, + 0xc0, + 0x8b, + 0x10, + 0xd0, + 0x29, + 0x93, + 0x4f, + 0xc4, + 0xb9, + 0x52, + 0xf7, + } } }, + { 14, { 16, { + 0x31, + 0xfc, + 0xef, + 0xac, + 0x66, + 0xd7, + 0xde, + 0x9c, + 0x7e, + 0xc7, + 0x48, + 0x5f, + 0xe4, + 0x49, + 0x49, + 0x02, + } } }, + { 15, { 16, { + 0x54, + 0x93, + 0xe9, + 0x99, + 0x33, + 0xb0, + 0xa8, + 0x11, + 0x7e, + 0x08, + 0xec, + 0x0f, + 0x97, + 0xcf, + 0xc3, + 0xd9, + } } }, + { 16, { 16, { + 0x6e, + 0xe2, + 0xa4, + 0xca, + 0x67, + 0xb0, + 0x54, + 0xbb, + 0xfd, + 0x33, + 0x15, + 0xbf, + 0x85, + 0x23, + 0x05, + 0x77, + } } }, + { 17, { 16, { + 0x47, + 0x3d, + 0x06, + 0xe8, + 0x73, + 0x8d, + 0xb8, + 0x98, + 0x54, + 0xc0, + 0x66, + 0xc4, + 0x7a, + 0xe4, + 0x77, + 0x40, + } } }, + { 18, { 16, { + 0xa4, + 0x26, + 0xe5, + 0xe4, + 0x23, + 0xbf, + 0x48, + 0x85, + 0x29, + 0x4d, + 0xa4, + 0x81, + 0xfe, + 0xae, + 0xf7, + 0x23, + } } }, + { 19, { 16, { + 0x78, + 0x01, + 0x77, + 0x31, + 0xcf, + 0x65, + 0xfa, + 0xb0, + 0x74, + 0xd5, + 0x20, + 0x89, + 0x52, + 0x51, + 0x2e, + 0xb1, + } } }, + { 20, { 16, { + 0x9e, + 0x25, + 0xfc, + 0x83, + 0x3f, + 0x22, + 0x90, + 0x73, + 0x3e, + 0x93, + 0x44, + 0xa5, + 0xe8, + 0x38, + 0x39, + 0xeb, + } } }, + { 21, { 16, { + 0x56, + 0x8e, + 0x49, + 0x5a, + 0xbe, + 0x52, + 0x5a, + 0x21, + 0x8a, + 0x22, + 0x14, + 0xcd, + 0x3e, + 0x07, + 0x1d, + 0x12, + } } }, + { 22, { 16, { + 0x4a, + 0x29, + 0xb5, + 0x45, + 0x52, + 0xd1, + 0x6b, + 0x9a, + 0x46, + 0x9c, + 0x10, + 0x52, + 0x8e, + 0xff, + 0x0a, + 0xae, + } } }, + { 23, { 16, { + 0xc9, + 0xd1, + 0x84, + 0xdd, + 0xd5, + 0xa9, + 0xf5, + 0xe0, + 0xcf, + 0x8c, + 0xe2, + 0x9a, + 0x9a, + 0xbf, + 0x69, + 0x1c, + } } }, + { 24, { 16, { + 0x2d, + 0xb4, + 0x79, + 0xae, + 0x78, + 0xbd, + 0x50, + 0xd8, + 0x88, + 0x2a, + 0x8a, + 0x17, + 0x8a, + 0x61, + 0x32, + 0xad, + } } }, + { 25, { 16, { + 0x8e, + 0xce, + 0x5f, + 0x04, + 0x2d, + 0x5e, + 0x44, + 0x7b, + 0x50, + 0x51, + 0xb9, + 0xea, + 0xcb, + 0x8d, + 0x8f, + 0x6f, + } } }, + { 26, { 16, { + 0x9c, + 0x0b, + 0x53, + 0xb4, + 0xb3, + 0xc3, + 0x07, + 0xe8, + 0x7e, + 0xae, + 0xe0, + 0x86, + 0x78, + 0x14, + 0x1f, + 0x66, + } } }, + { 27, { 16, { + 0xab, + 0xf2, + 0x48, + 0xaf, + 0x69, + 0xa6, + 0xea, + 0xe4, + 0xbf, + 0xd3, + 0xeb, + 0x2f, + 0x12, + 0x9e, + 0xeb, + 0x94, + } } }, + { 28, { 16, { + 0x06, + 0x64, + 0xda, + 0x16, + 0x68, + 0x57, + 0x4b, + 0x88, + 0xb9, + 0x35, + 0xf3, + 0x02, + 0x73, + 0x58, + 0xae, + 0xf4, + } } }, + { 29, { 16, { + 0xaa, + 0x4b, + 0x9d, + 0xc4, + 0xbf, + 0x33, + 0x7d, + 0xe9, + 0x0c, + 0xd4, + 0xfd, + 0x3c, + 0x46, + 0x7c, + 0x6a, + 0xb7, + } } }, + { 30, { 16, { + 0xea, + 0x5c, + 0x7f, + 0x47, + 0x1f, + 0xaf, + 0x6b, + 0xde, + 0x2b, + 0x1a, + 0xd7, + 0xd4, + 0x68, + 0x6d, + 0x22, + 0x87, + } } }, + { 31, { 16, { + 0x29, + 0x39, + 0xb0, + 0x18, + 0x32, + 0x23, + 0xfa, + 0xfc, + 0x17, + 0x23, + 0xde, + 0x4f, + 0x52, + 0xc4, + 0x3d, + 0x35, + } } }, + { 32, { 16, { + 0x7c, + 0x39, + 0x56, + 0xca, + 0x5e, + 0xea, + 0xfc, + 0x3e, + 0x36, + 0x3e, + 0x9d, + 0x55, + 0x65, + 0x46, + 0xeb, + 0x68, + } } }, + { 33, { 16, { + 0x77, + 0xc6, + 0x07, + 0x71, + 0x46, + 0xf0, + 0x1c, + 0x32, + 0xb6, + 0xb6, + 0x9d, + 0x5f, + 0x4e, + 0xa9, + 0xff, + 0xcf, + } } }, + { 34, { 16, { + 0x37, + 0xa6, + 0x98, + 0x6c, + 0xb8, + 0x84, + 0x7e, + 0xdf, + 0x09, + 0x25, + 0xf0, + 0xf1, + 0x30, + 0x9b, + 0x54, + 0xde, + } } }, + { 35, { 16, { + 0xa7, + 0x05, + 0xf0, + 0xe6, + 0x9d, + 0xa9, + 0xa8, + 0xf9, + 0x07, + 0x24, + 0x1a, + 0x2e, + 0x92, + 0x3c, + 0x8c, + 0xc8, + } } }, + { 36, { 16, { + 0x3d, + 0xc4, + 0x7d, + 0x1f, + 0x29, + 0xc4, + 0x48, + 0x46, + 0x1e, + 0x9e, + 0x76, + 0xed, + 0x90, + 0x4f, + 0x67, + 0x11, + } } }, + { 37, { 16, { + 0x0d, + 0x62, + 0xbf, + 0x01, + 0xe6, + 0xfc, + 0x0e, + 0x1a, + 0x0d, + 0x3c, + 0x47, + 0x51, + 0xc5, + 0xd3, + 0x69, + 0x2b, + } } }, + { 38, { 16, { + 0x8c, + 0x03, + 0x46, + 0x8b, + 0xca, + 0x7c, + 0x66, + 0x9e, + 0xe4, + 0xfd, + 0x5e, + 0x08, + 0x4b, + 0xbe, + 0xe7, + 0xb5, + } } }, + { 39, { 16, { + 0x52, + 0x8a, + 0x5b, + 0xb9, + 0x3b, + 0xaf, + 0x2c, + 0x9c, + 0x44, + 0x73, + 0xcc, + 0xe5, + 0xd0, + 0xd2, + 0x2b, + 0xd9, + } } }, + { 40, { 16, { + 0xdf, + 0x6a, + 0x30, + 0x1e, + 0x95, + 0xc9, + 0x5d, + 0xad, + 0x97, + 0xae, + 0x0c, + 0xc8, + 0xc6, + 0x91, + 0x3b, + 0xd8, + } } }, + { 41, { 16, { + 0x80, + 0x11, + 0x89, + 0x90, + 0x2c, + 0x85, + 0x7f, + 0x39, + 0xe7, + 0x35, + 0x91, + 0x28, + 0x5e, + 0x70, + 0xb6, + 0xdb, + } } }, + { 42, { 16, { + 0xe6, + 0x17, + 0x34, + 0x6a, + 0xc9, + 0xc2, + 0x31, + 0xbb, + 0x36, + 0x50, + 0xae, + 0x34, + 0xcc, + 0xca, + 0x0c, + 0x5b, + } } }, + { 43, { 16, { + 0x27, + 0xd9, + 0x34, + 0x37, + 0xef, + 0xb7, + 0x21, + 0xaa, + 0x40, + 0x18, + 0x21, + 0xdc, + 0xec, + 0x5a, + 0xdf, + 0x89, + } } }, + { 44, { 16, { + 0x89, + 0x23, + 0x7d, + 0x9d, + 0xed, + 0x9c, + 0x5e, + 0x78, + 0xd8, + 0xb1, + 0xc9, + 0xb1, + 0x66, + 0xcc, + 0x73, + 0x42, + } } }, + { 45, { 16, { + 0x4a, + 0x6d, + 0x80, + 0x91, + 0xbf, + 0x5e, + 0x7d, + 0x65, + 0x11, + 0x89, + 0xfa, + 0x94, + 0xa2, + 0x50, + 0xb1, + 0x4c, + } } }, + { 46, { 16, { + 0x0e, + 0x33, + 0xf9, + 0x60, + 0x55, + 0xe7, + 0xae, + 0x89, + 0x3f, + 0xfc, + 0x0e, + 0x3d, + 0xcf, + 0x49, + 0x29, + 0x02, + } } }, + { 47, { 16, { + 0xe6, + 0x1c, + 0x43, + 0x2b, + 0x72, + 0x0b, + 0x19, + 0xd1, + 0x8e, + 0xc8, + 0xd8, + 0x4b, + 0xdc, + 0x63, + 0x15, + 0x1b, + } } }, + { 48, { 16, { + 0xf7, + 0xe5, + 0xae, + 0xf5, + 0x49, + 0xf7, + 0x82, + 0xcf, + 0x37, + 0x90, + 0x55, + 0xa6, + 0x08, + 0x26, + 0x9b, + 0x16, + } } }, + { 49, { 16, { + 0x43, + 0x8d, + 0x03, + 0x0f, + 0xd0, + 0xb7, + 0xa5, + 0x4f, + 0xa8, + 0x37, + 0xf2, + 0xad, + 0x20, + 0x1a, + 0x64, + 0x03, + } } }, + { 50, { 16, { + 0xa5, + 0x90, + 0xd3, + 0xee, + 0x4f, + 0xbf, + 0x04, + 0xe3, + 0x24, + 0x7e, + 0x0d, + 0x27, + 0xf2, + 0x86, + 0x42, + 0x3f, + } } }, + { 51, { 16, { + 0x5f, + 0xe2, + 0xc1, + 0xa1, + 0x72, + 0xfe, + 0x93, + 0xc4, + 0xb1, + 0x5c, + 0xd3, + 0x7c, + 0xae, + 0xf9, + 0xf5, + 0x38, + } } }, + { 52, { 16, { + 0x2c, + 0x97, + 0x32, + 0x5c, + 0xbd, + 0x06, + 0xb3, + 0x6e, + 0xb2, + 0x13, + 0x3d, + 0xd0, + 0x8b, + 0x3a, + 0x01, + 0x7c, + } } }, + { 53, { 16, { + 0x92, + 0xc8, + 0x14, + 0x22, + 0x7a, + 0x6b, + 0xca, + 0x94, + 0x9f, + 0xf0, + 0x65, + 0x9f, + 0x00, + 0x2a, + 0xd3, + 0x9e, + } } }, + { 54, { 16, { + 0xdc, + 0xe8, + 0x50, + 0x11, + 0x0b, + 0xd8, + 0x32, + 0x8c, + 0xfb, + 0xd5, + 0x08, + 0x41, + 0xd6, + 0x91, + 0x1d, + 0x87, + } } }, + { 55, { 16, { + 0x67, + 0xf1, + 0x49, + 0x84, + 0xc7, + 0xda, + 0x79, + 0x12, + 0x48, + 0xe3, + 0x2b, + 0xb5, + 0x92, + 0x25, + 0x83, + 0xda, + } } }, + { 56, { 16, { + 0x19, + 0x38, + 0xf2, + 0xcf, + 0x72, + 0xd5, + 0x4e, + 0xe9, + 0x7e, + 0x94, + 0x16, + 0x6f, + 0xa9, + 0x1d, + 0x2a, + 0x36, + } } }, + { 57, { 16, { + 0x74, + 0x48, + 0x1e, + 0x96, + 0x46, + 0xed, + 0x49, + 0xfe, + 0x0f, + 0x62, + 0x24, + 0x30, + 0x16, + 0x04, + 0x69, + 0x8e, + } } }, + { 58, { 16, { + 0x57, + 0xfc, + 0xa5, + 0xde, + 0x98, + 0xa9, + 0xd6, + 0xd8, + 0x00, + 0x64, + 0x38, + 0xd0, + 0x58, + 0x3d, + 0x8a, + 0x1d, + } } }, + { 59, { 16, { + 0x9f, + 0xec, + 0xde, + 0x1c, + 0xef, + 0xdc, + 0x1c, + 0xbe, + 0xd4, + 0x76, + 0x36, + 0x74, + 0xd9, + 0x57, + 0x53, + 0x59, + } } }, + { 60, { 16, { + 0xe3, + 0x04, + 0x0c, + 0x00, + 0xeb, + 0x28, + 0xf1, + 0x53, + 0x66, + 0xca, + 0x73, + 0xcb, + 0xd8, + 0x72, + 0xe7, + 0x40, + } } }, + { 61, { 16, { + 0x76, + 0x97, + 0x00, + 0x9a, + 0x6a, + 0x83, + 0x1d, + 0xfe, + 0xcc, + 0xa9, + 0x1c, + 0x59, + 0x93, + 0x67, + 0x0f, + 0x7a, + } } }, + { 62, { 16, { + 0x58, + 0x53, + 0x54, + 0x23, + 0x21, + 0xf5, + 0x67, + 0xa0, + 0x05, + 0xd5, + 0x47, + 0xa4, + 0xf0, + 0x47, + 0x59, + 0xbd, + } } }, + { 63, { 16, { + 0x51, + 0x50, + 0xd1, + 0x77, + 0x2f, + 0x50, + 0x83, + 0x4a, + 0x50, + 0x3e, + 0x06, + 0x9a, + 0x97, + 0x3f, + 0xbd, + 0x7c, + } } } }; static int test_siphash(int idx) { - SIPHASH siphash = { 0, }; + SIPHASH siphash = { + 0, + }; TESTDATA test = tests[idx]; unsigned char key[SIPHASH_KEY_SIZE]; unsigned char in[64]; @@ -178,10 +1844,9 @@ unsigned char out[SIPHASH_MAX_DIGEST_SIZE]; size_t i; - if (expectedlen != SIPHASH_MIN_DIGEST_SIZE && - expectedlen != SIPHASH_MAX_DIGEST_SIZE) { + if (expectedlen != SIPHASH_MIN_DIGEST_SIZE && expectedlen != SIPHASH_MAX_DIGEST_SIZE) { TEST_info("size %zu vs %d and %d", expectedlen, - SIPHASH_MIN_DIGEST_SIZE, SIPHASH_MAX_DIGEST_SIZE); + SIPHASH_MIN_DIGEST_SIZE, SIPHASH_MAX_DIGEST_SIZE); return 0; } @@ -208,7 +1873,7 @@ || !TEST_true(SipHash_Init(&siphash, key, 0, 0))) return 0; SipHash_Update(&siphash, in, 1); - SipHash_Update(&siphash, in+1, inlen-1); + SipHash_Update(&siphash, in + 1, inlen - 1); if (!TEST_true(SipHash_Final(&siphash, out, expectedlen))) return 0; @@ -225,7 +1890,7 @@ || !TEST_true(SipHash_Init(&siphash, key, 0, 0))) return 0; SipHash_Update(&siphash, in, half); - SipHash_Update(&siphash, in+half, inlen-half); + SipHash_Update(&siphash, in + half, inlen - half); if (!TEST_true(SipHash_Final(&siphash, out, expectedlen))) return 0; @@ -239,13 +1904,13 @@ || !TEST_true(SipHash_Init(&siphash, key, 0, 0))) return 0; SipHash_Update(&siphash, in, half); - SipHash_Update(&siphash, in+half, inlen-half); + SipHash_Update(&siphash, in + half, inlen - half); if (!TEST_true(SipHash_Final(&siphash, out, expectedlen))) return 0; if (!TEST_mem_eq(out, expectedlen, expected, expectedlen)) { TEST_info("SipHash test #%d/%zu+%zu failed.", - idx, half, inlen-half); + idx, half, inlen - half); return 0; } } @@ -256,31 +1921,33 @@ static int test_siphash_basic(void) { - SIPHASH siphash = { 0, }; - static const unsigned char key[SIPHASH_KEY_SIZE] = {0}; + SIPHASH siphash = { + 0, + }; + static const unsigned char key[SIPHASH_KEY_SIZE] = { 0 }; unsigned char output[SIPHASH_MAX_DIGEST_SIZE]; /* Use invalid hash size */ return TEST_int_eq(SipHash_set_hash_size(&siphash, 4), 0) - && TEST_false(SipHash_Final(&siphash, output, 0)) - /* Use hash size = 8 */ - && TEST_true(SipHash_set_hash_size(&siphash, 8)) - && TEST_false(SipHash_Final(&siphash, output, 8)) - && TEST_true(SipHash_Init(&siphash, key, 0, 0)) - && TEST_true(SipHash_Final(&siphash, output, 8)) - && TEST_int_eq(SipHash_Final(&siphash, output, 16), 0) + && TEST_false(SipHash_Final(&siphash, output, 0)) + /* Use hash size = 8 */ + && TEST_true(SipHash_set_hash_size(&siphash, 8)) + && TEST_false(SipHash_Final(&siphash, output, 8)) + && TEST_true(SipHash_Init(&siphash, key, 0, 0)) + && TEST_true(SipHash_Final(&siphash, output, 8)) + && TEST_int_eq(SipHash_Final(&siphash, output, 16), 0) - /* Use hash size = 16 */ - && TEST_true(SipHash_set_hash_size(&siphash, 16)) - && TEST_true(SipHash_Init(&siphash, key, 0, 0)) - && TEST_int_eq(SipHash_Final(&siphash, output, 8), 0) - && TEST_true(SipHash_Final(&siphash, output, 16)) + /* Use hash size = 16 */ + && TEST_true(SipHash_set_hash_size(&siphash, 16)) + && TEST_true(SipHash_Init(&siphash, key, 0, 0)) + && TEST_int_eq(SipHash_Final(&siphash, output, 8), 0) + && TEST_true(SipHash_Final(&siphash, output, 16)) - /* Use hash size = 0 (default = 16) */ - && TEST_true(SipHash_set_hash_size(&siphash, 0)) - && TEST_true(SipHash_Init(&siphash, key, 0, 0)) - && TEST_int_eq(SipHash_Final(&siphash, output, 8), 0) - && TEST_true(SipHash_Final(&siphash, output, 16)); + /* Use hash size = 0 (default = 16) */ + && TEST_true(SipHash_set_hash_size(&siphash, 0)) + && TEST_true(SipHash_Init(&siphash, key, 0, 0)) + && TEST_int_eq(SipHash_Final(&siphash, output, 8), 0) + && TEST_true(SipHash_Final(&siphash, output, 16)); } int setup_tests(void) --- crypto/openssl/test/sm2_internal_test.c.orig +++ crypto/openssl/test/sm2_internal_test.c @@ -26,7 +26,7 @@ #ifndef OPENSSL_NO_SM2 -# include "crypto/sm2.h" +#include "crypto/sm2.h" static fake_random_generate_cb get_faked_bytes; @@ -36,8 +36,8 @@ static size_t fake_rand_size = 0; static int get_faked_bytes(unsigned char *buf, size_t num, - ossl_unused const char *name, - ossl_unused EVP_RAND_CTX *ctx) + ossl_unused const char *name, + ossl_unused EVP_RAND_CTX *ctx) { if (!TEST_ptr(fake_rand_bytes) || !TEST_size_t_gt(fake_rand_size, 0)) return 0; @@ -62,7 +62,6 @@ /* use own random function */ fake_rand_set_public_private_callbacks(NULL, get_faked_bytes); return 1; - } static void restore_rand(void) @@ -74,9 +73,9 @@ } static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex, - const char *b_hex, const char *x_hex, - const char *y_hex, const char *order_hex, - const char *cof_hex) + const char *b_hex, const char *x_hex, + const char *y_hex, const char *order_hex, + const char *cof_hex) { BIGNUM *p = NULL; BIGNUM *a = NULL; @@ -90,8 +89,8 @@ int ok = 0; if (!TEST_true(BN_hex2bn(&p, p_hex)) - || !TEST_true(BN_hex2bn(&a, a_hex)) - || !TEST_true(BN_hex2bn(&b, b_hex))) + || !TEST_true(BN_hex2bn(&a, a_hex)) + || !TEST_true(BN_hex2bn(&b, b_hex))) goto done; group = EC_GROUP_new_curve_GFp(p, a, b, NULL); @@ -103,14 +102,14 @@ goto done; if (!TEST_true(BN_hex2bn(&g_x, x_hex)) - || !TEST_true(BN_hex2bn(&g_y, y_hex)) - || !TEST_true(EC_POINT_set_affine_coordinates(group, generator, g_x, - g_y, NULL))) + || !TEST_true(BN_hex2bn(&g_y, y_hex)) + || !TEST_true(EC_POINT_set_affine_coordinates(group, generator, g_x, + g_y, NULL))) goto done; if (!TEST_true(BN_hex2bn(&order, order_hex)) - || !TEST_true(BN_hex2bn(&cof, cof_hex)) - || !TEST_true(EC_GROUP_set_generator(group, generator, order, cof))) + || !TEST_true(BN_hex2bn(&cof, cof_hex)) + || !TEST_true(EC_GROUP_set_generator(group, generator, order, cof))) goto done; ok = 1; @@ -132,10 +131,10 @@ } static int test_sm2_crypt(const EC_GROUP *group, - const EVP_MD *digest, - const char *privkey_hex, - const char *message, - const char *k_hex, const char *ctext_hex) + const EVP_MD *digest, + const char *privkey_hex, + const char *message, + const char *k_hex, const char *ctext_hex) { const size_t msg_len = strlen(message); BIGNUM *priv = NULL; @@ -150,21 +149,21 @@ int rc = 0; if (!TEST_ptr(expected) - || !TEST_true(BN_hex2bn(&priv, privkey_hex))) + || !TEST_true(BN_hex2bn(&priv, privkey_hex))) goto done; key = EC_KEY_new(); if (!TEST_ptr(key) - || !TEST_true(EC_KEY_set_group(key, group)) - || !TEST_true(EC_KEY_set_private_key(key, priv))) + || !TEST_true(EC_KEY_set_group(key, group)) + || !TEST_true(EC_KEY_set_private_key(key, priv))) goto done; pt = EC_POINT_new(group); if (!TEST_ptr(pt) - || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) - || !TEST_true(EC_KEY_set_public_key(key, pt)) - || !TEST_true(ossl_sm2_ciphertext_size(key, digest, msg_len, - &ctext_len))) + || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) + || !TEST_true(EC_KEY_set_public_key(key, pt)) + || !TEST_true(ossl_sm2_ciphertext_size(key, digest, msg_len, + &ctext_len))) goto done; ctext = OPENSSL_zalloc(ctext_len); @@ -173,8 +172,8 @@ start_fake_rand(k_hex); if (!TEST_true(ossl_sm2_encrypt(key, digest, - (const uint8_t *)message, msg_len, - ctext, &ctext_len))) { + (const uint8_t *)message, msg_len, + ctext, &ctext_len))) { restore_rand(); goto done; } @@ -184,19 +183,19 @@ goto done; if (!TEST_true(ossl_sm2_plaintext_size(ctext, ctext_len, &ptext_len)) - || !TEST_int_eq(ptext_len, msg_len)) + || !TEST_int_eq(ptext_len, msg_len)) goto done; recovered = OPENSSL_zalloc(ptext_len); if (!TEST_ptr(recovered) - || !TEST_true(ossl_sm2_decrypt(key, digest, ctext, ctext_len, - recovered, &recovered_len)) - || !TEST_int_eq(recovered_len, msg_len) - || !TEST_mem_eq(recovered, recovered_len, message, msg_len)) + || !TEST_true(ossl_sm2_decrypt(key, digest, ctext, ctext_len, + recovered, &recovered_len)) + || !TEST_int_eq(recovered_len, msg_len) + || !TEST_mem_eq(recovered, recovered_len, message, msg_len)) goto done; rc = 1; - done: +done: BN_free(priv); EC_POINT_free(pt); OPENSSL_free(ctext); @@ -210,15 +209,13 @@ { int testresult = 0; EC_GROUP *gm_group = NULL; - EC_GROUP *test_group = - create_EC_group - ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", - "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", - "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", - "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", - "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", - "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", - "1"); + EC_GROUP *test_group = create_EC_group("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", + "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", + "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", + "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", + "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", + "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", + "1"); if (!TEST_ptr(test_group)) goto done; @@ -254,13 +251,13 @@ /* From Annex C in both GM/T0003.5-2012 and GB/T 32918.5-2016.*/ gm_group = create_EC_group( - "fffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff", - "fffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc", - "28e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e93", - "32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7", - "bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0", - "fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123", - "1"); + "fffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff", + "fffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc", + "28e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e93", + "32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7", + "bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0", + "fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123", + "1"); if (!TEST_ptr(gm_group)) goto done; @@ -280,19 +277,19 @@ * in GM/T 0009-2012 (Sec. 7.2). */ "307C" /* SEQUENCE, 0x7c bytes */ - "0220" /* INTEGER, 0x20 bytes */ - "04EBFC718E8D1798620432268E77FEB6415E2EDE0E073C0F4F640ECD2E149A73" - "0221" /* INTEGER, 0x21 bytes */ - "00" /* leading 00 due to DER for pos. int with topmost bit set */ - "E858F9D81E5430A57B36DAAB8F950A3C64E6EE6A63094D99283AFF767E124DF0" - "0420" /* OCTET STRING, 0x20 bytes */ - "59983C18F809E262923C53AEC295D30383B54E39D609D160AFCB1908D0BD8766" - "0413" /* OCTET STRING, 0x13 bytes */ - "21886CA989CA9C7D58087307CA93092D651EFA")) + "0220" /* INTEGER, 0x20 bytes */ + "04EBFC718E8D1798620432268E77FEB6415E2EDE0E073C0F4F640ECD2E149A73" + "0221" /* INTEGER, 0x21 bytes */ + "00" /* leading 00 due to DER for pos. int with topmost bit set */ + "E858F9D81E5430A57B36DAAB8F950A3C64E6EE6A63094D99283AFF767E124DF0" + "0420" /* OCTET STRING, 0x20 bytes */ + "59983C18F809E262923C53AEC295D30383B54E39D609D160AFCB1908D0BD8766" + "0413" /* OCTET STRING, 0x13 bytes */ + "21886CA989CA9C7D58087307CA93092D651EFA")) goto done; testresult = 1; - done: +done: EC_GROUP_free(test_group); EC_GROUP_free(gm_group); @@ -300,13 +297,13 @@ } static int test_sm2_sign(const EC_GROUP *group, - const char *userid, - const char *privkey_hex, - const char *message, - const char *k_hex, - const char *r_hex, - const char *s_hex, - int omit_pubkey) + const char *userid, + const char *privkey_hex, + const char *message, + const char *k_hex, + const char *r_hex, + const char *s_hex, + int omit_pubkey) { const size_t msg_len = strlen(message); int ok = 0; @@ -324,21 +321,21 @@ key = EC_KEY_new(); if (!TEST_ptr(key) - || !TEST_true(EC_KEY_set_group(key, group)) - || !TEST_true(EC_KEY_set_private_key(key, priv))) + || !TEST_true(EC_KEY_set_group(key, group)) + || !TEST_true(EC_KEY_set_private_key(key, priv))) goto done; if (omit_pubkey == 0) { pt = EC_POINT_new(group); if (!TEST_ptr(pt) - || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) - || !TEST_true(EC_KEY_set_public_key(key, pt))) + || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) + || !TEST_true(EC_KEY_set_public_key(key, pt))) goto done; } start_fake_rand(k_hex); sig = ossl_sm2_do_sign(key, EVP_sm3(), (const uint8_t *)userid, - strlen(userid), (const uint8_t *)message, msg_len); + strlen(userid), (const uint8_t *)message, msg_len); if (!TEST_ptr(sig)) { restore_rand(); goto done; @@ -348,18 +345,18 @@ ECDSA_SIG_get0(sig, &sig_r, &sig_s); if (!TEST_true(BN_hex2bn(&r, r_hex)) - || !TEST_true(BN_hex2bn(&s, s_hex)) - || !TEST_BN_eq(r, sig_r) - || !TEST_BN_eq(s, sig_s)) + || !TEST_true(BN_hex2bn(&s, s_hex)) + || !TEST_BN_eq(r, sig_r) + || !TEST_BN_eq(s, sig_s)) goto done; ok = ossl_sm2_do_verify(key, EVP_sm3(), sig, (const uint8_t *)userid, - strlen(userid), (const uint8_t *)message, msg_len); + strlen(userid), (const uint8_t *)message, msg_len); /* We goto done whether this passes or fails */ TEST_true(ok); - done: +done: ECDSA_SIG_free(sig); EC_POINT_free(pt); EC_KEY_free(key); @@ -374,51 +371,49 @@ { int testresult = 0; /* From draft-shen-sm2-ecdsa-02 */ - EC_GROUP *test_group = - create_EC_group - ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", - "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", - "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", - "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", - "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", - "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", - "1"); + EC_GROUP *test_group = create_EC_group("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", + "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", + "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", + "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", + "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", + "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", + "1"); if (!TEST_ptr(test_group)) goto done; if (!TEST_true(test_sm2_sign( - test_group, - "ALICE123@YAHOO.COM", - "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263", - "message digest", - "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F" - "007c47811054c6f99613a578eb8453706ccb96384fe7df5c171671e760bfa8be3a", - "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", - "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7", 0))) + test_group, + "ALICE123@YAHOO.COM", + "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263", + "message digest", + "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F" + "007c47811054c6f99613a578eb8453706ccb96384fe7df5c171671e760bfa8be3a", + "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", + "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7", 0))) goto done; /* Make sure we fail if we omit the public portion of the key */ if (!TEST_false(test_sm2_sign( - test_group, - /* the default ID specified in GM/T 0009-2012 (Sec. 10).*/ - SM2_DEFAULT_USERID, - /* privkey */ - "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8", - /* plaintext message */ - "message digest", - /* ephemeral nonce k */ - "59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21", - /* expected signature, */ - /* signature R, 0x20 bytes */ - "F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3", - /* signature S, 0x20 bytes */ - "B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA", 1))) + test_group, + /* the default ID specified in GM/T 0009-2012 (Sec. 10).*/ + SM2_DEFAULT_USERID, + /* privkey */ + "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8", + /* plaintext message */ + "message digest", + /* ephemeral nonce k */ + "59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21", + /* expected signature, */ + /* signature R, 0x20 bytes */ + "F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3", + /* signature S, 0x20 bytes */ + "B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA", 1))) goto done; testresult = 1; - done: +done: EC_GROUP_free(test_group); return testresult; --- crypto/openssl/test/sm3_internal_test.c.orig +++ crypto/openssl/test/sm3_internal_test.c @@ -17,7 +17,7 @@ #include "testutil.h" #ifndef OPENSSL_NO_SM3 -# include "internal/sm3.h" +#include "internal/sm3.h" static int test_sm3(void) { @@ -60,15 +60,15 @@ unsigned char md1[SM3_DIGEST_LENGTH], md2[SM3_DIGEST_LENGTH]; if (!TEST_true(ossl_sm3_init(&ctx1)) - || !TEST_true(ossl_sm3_update(&ctx1, input1, sizeof(input1))) - || !TEST_true(ossl_sm3_final(md1, &ctx1)) - || !TEST_mem_eq(md1, SM3_DIGEST_LENGTH, expected1, SM3_DIGEST_LENGTH)) + || !TEST_true(ossl_sm3_update(&ctx1, input1, sizeof(input1))) + || !TEST_true(ossl_sm3_final(md1, &ctx1)) + || !TEST_mem_eq(md1, SM3_DIGEST_LENGTH, expected1, SM3_DIGEST_LENGTH)) return 0; if (!TEST_true(ossl_sm3_init(&ctx2)) - || !TEST_true(ossl_sm3_update(&ctx2, input2, sizeof(input2))) - || !TEST_true(ossl_sm3_final(md2, &ctx2)) - || !TEST_mem_eq(md2, SM3_DIGEST_LENGTH, expected2, SM3_DIGEST_LENGTH)) + || !TEST_true(ossl_sm3_update(&ctx2, input2, sizeof(input2))) + || !TEST_true(ossl_sm3_final(md2, &ctx2)) + || !TEST_mem_eq(md2, SM3_DIGEST_LENGTH, expected2, SM3_DIGEST_LENGTH)) return 0; return 1; --- crypto/openssl/test/sm4_internal_test.c.orig +++ crypto/openssl/test/sm4_internal_test.c @@ -17,7 +17,7 @@ #include "testutil.h" #ifndef OPENSSL_NO_SM4 -# include "crypto/sm4.h" +#include "crypto/sm4.h" static int test_sm4_ecb(void) { --- crypto/openssl/test/sparse_array_test.c.orig +++ crypto/openssl/test/sparse_array_test.c @@ -36,14 +36,14 @@ { INT_MAX, "m" }, { 6666666, "d" }, { (ossl_uintmax_t)-1, "H" }, { 99, "e" } }; - SPARSE_ARRAY_OF(char) *sa; + SPARSE_ARRAY_OF(char) * sa; size_t i, j; int res = 0; if (!TEST_ptr(sa = ossl_sa_char_new()) - || !TEST_ptr_null(ossl_sa_char_get(sa, 3)) - || !TEST_ptr_null(ossl_sa_char_get(sa, 0)) - || !TEST_ptr_null(ossl_sa_char_get(sa, UINT_MAX))) + || !TEST_ptr_null(ossl_sa_char_get(sa, 3)) + || !TEST_ptr_null(ossl_sa_char_get(sa, 0)) + || !TEST_ptr_null(ossl_sa_char_get(sa, UINT_MAX))) goto err; for (i = 0; i < OSSL_NELEM(cases); i++) { @@ -81,12 +81,12 @@ int res = 0; if (!TEST_size_t_eq(ossl_sa_char_num(NULL), 0) - || !TEST_ptr(sa = ossl_sa_char_new()) - || !TEST_size_t_eq(ossl_sa_char_num(sa), 0)) + || !TEST_ptr(sa = ossl_sa_char_new()) + || !TEST_size_t_eq(ossl_sa_char_num(sa), 0)) goto err; for (i = 0; i < OSSL_NELEM(cases); i++) if (!TEST_true(ossl_sa_char_set(sa, cases[i].n, cases[i].v)) - || !TEST_size_t_eq(ossl_sa_char_num(sa), cases[i].num)) + || !TEST_size_t_eq(ossl_sa_char_num(sa), cases[i].num)) goto err; res = 1; err: @@ -101,7 +101,7 @@ }; struct doall_st { - SPARSE_ARRAY_OF(char) *sa; + SPARSE_ARRAY_OF(char) * sa; size_t num_cases; const struct index_cases_st *cases; int res; @@ -143,9 +143,14 @@ static int test_sparse_array_doall(void) { static const struct index_cases_st cases[] = { - { 22, "A", 1 }, { 1021, "b", 0 }, { 3, "c", 0 }, { INT_MAX, "d", 1 }, - { (ossl_uintmax_t)-1, "H", 0 }, { (ossl_uintmax_t)-2, "i", 1 }, - { 666666666, "s", 1 }, { 1234567890, "t", 0 }, + { 22, "A", 1 }, + { 1021, "b", 0 }, + { 3, "c", 0 }, + { INT_MAX, "d", 1 }, + { (ossl_uintmax_t)-1, "H", 0 }, + { (ossl_uintmax_t)-2, "i", 1 }, + { 666666666, "s", 1 }, + { 1234567890, "t", 0 }, }; struct doall_st doall_data; size_t i; @@ -158,11 +163,11 @@ doall_data.cases = cases; doall_data.all = 1; doall_data.sa = NULL; - for (i = 0; i < OSSL_NELEM(cases); i++) + for (i = 0; i < OSSL_NELEM(cases); i++) if (!TEST_true(ossl_sa_char_set(sa, cases[i].n, cases[i].v))) { TEST_note("failed at iteration %zu", i + 1); goto err; - } + } ossl_sa_char_doall_arg(sa, &leaf_check_all, &doall_data); if (doall_data.res == 0) { --- crypto/openssl/test/srptest.c.orig +++ crypto/openssl/test/srptest.c @@ -14,20 +14,20 @@ #define OPENSSL_SUPPRESS_DEPRECATED #include -# include "testutil.h" +#include "testutil.h" #ifdef OPENSSL_NO_SRP -# include +#include #else -# include -# include -# include +#include +#include +#include -# define RANDOM_SIZE 32 /* use 256 bits on each side */ +#define RANDOM_SIZE 32 /* use 256 bits on each side */ static int run_srp(const char *username, const char *client_pass, - const char *server_pass) + const char *server_pass) { int ret = 0; BIGNUM *s = NULL; @@ -49,7 +49,7 @@ /* Set up server's password entry */ if (!TEST_true(SRP_create_verifier_BN(username, server_pass, - &s, &v, GN->N, GN->g))) + &s, &v, GN->N, GN->g))) goto end; test_output_bignum("N", GN->N); @@ -154,16 +154,16 @@ BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE"); /* Set up server's password entry */ if (!TEST_true(SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, - GN->g))) + GN->g))) goto err; TEST_info("checking v"); if (!TEST_true(check_bn("v", v, - "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" - "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" - "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" - "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" - "E955A5E29E7AB245DB2BE315E2099AFB"))) + "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" + "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" + "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" + "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" + "E955A5E29E7AB245DB2BE315E2099AFB"))) goto err; TEST_note(" okay"); @@ -178,11 +178,11 @@ TEST_info("checking B"); if (!TEST_true(check_bn("B", Bpub, - "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" - "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" - "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" - "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" - "EB4012B7D7665238A8E3FB004B117B58"))) + "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" + "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" + "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" + "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" + "EB4012B7D7665238A8E3FB004B117B58"))) goto err; TEST_note(" okay"); @@ -197,11 +197,11 @@ TEST_info("checking A"); if (!TEST_true(check_bn("A", Apub, - "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" - "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" - "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" - "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" - "B349EF5D76988A3672FAC47B0769447B"))) + "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" + "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" + "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" + "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" + "B349EF5D76988A3672FAC47B0769447B"))) goto err; TEST_note(" okay"); @@ -209,7 +209,7 @@ u = SRP_Calc_u(Apub, Bpub, GN->N); if (!TEST_true(check_bn("u", u, - "CE38B9593487DA98554ED47D70A7AE5F462EF019"))) + "CE38B9593487DA98554ED47D70A7AE5F462EF019"))) goto err; /* Client's key */ @@ -217,11 +217,11 @@ Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); TEST_info("checking client's key"); if (!TEST_true(check_bn("Client's key", Kclient, - "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" - "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" - "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" - "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" - "C346D7E474B29EDE8A469FFECA686E5A"))) + "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" + "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" + "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" + "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" + "C346D7E474B29EDE8A469FFECA686E5A"))) goto err; TEST_note(" okay"); @@ -229,11 +229,11 @@ Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); TEST_info("checking server's key"); if (!TEST_true(check_bn("Server's key", Kserver, - "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" - "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" - "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" - "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" - "C346D7E474B29EDE8A469FFECA686E5A"))) + "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" + "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" + "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" + "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" + "C346D7E474B29EDE8A469FFECA686E5A"))) goto err; TEST_note(" okay"); --- crypto/openssl/test/ssl-tests/28-seclevel.cnf.in.orig +++ crypto/openssl/test/ssl-tests/28-seclevel.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -36,7 +36,7 @@ { # The Ed448 signature algorithm will not be enabled. # Because of the config order, the certificate is first loaded, and - # then the security level is chaged. If you try this with s_server + # then the security level is changed. If you try this with s_server # the order will be reversed and it will instead fail to load the key. name => "SECLEVEL 5 server with ED448 key", server => { "CipherString" => "DEFAULT:\@SECLEVEL=5", --- crypto/openssl/test/ssl_cert_table_internal_test.c.orig +++ crypto/openssl/test/ssl_cert_table_internal_test.c @@ -22,7 +22,7 @@ do_test_cert_table(nid, amask, idx, #idx) static int do_test_cert_table(int nid, uint32_t amask, size_t idx, - const char *idxname) + const char *idxname) { const SSL_CERT_LOOKUP *clu = &ssl_cert_info[idx]; @@ -30,10 +30,10 @@ return 1; TEST_error("Invalid table entry for certificate type %s, index %zu", - idxname, idx); + idxname, idx); if (clu->nid != nid) TEST_note("Expected %s, got %s\n", OBJ_nid2sn(nid), - OBJ_nid2sn(clu->nid)); + OBJ_nid2sn(clu->nid)); if (clu->amask != amask) TEST_note("Expected auth mask 0x%x, got 0x%x\n", amask, clu->amask); return 0; @@ -44,17 +44,17 @@ static int test_ssl_cert_table(void) { return TEST_size_t_eq(OSSL_NELEM(ssl_cert_info), SSL_PKEY_NUM) - && test_cert_table(EVP_PKEY_RSA, SSL_aRSA, SSL_PKEY_RSA) - && test_cert_table(EVP_PKEY_DSA, SSL_aDSS, SSL_PKEY_DSA_SIGN) - && test_cert_table(EVP_PKEY_EC, SSL_aECDSA, SSL_PKEY_ECC) - && test_cert_table(NID_id_GostR3410_2001, SSL_aGOST01, - SSL_PKEY_GOST01) - && test_cert_table(NID_id_GostR3410_2012_256, SSL_aGOST12, - SSL_PKEY_GOST12_256) - && test_cert_table(NID_id_GostR3410_2012_512, SSL_aGOST12, - SSL_PKEY_GOST12_512) - && test_cert_table(EVP_PKEY_ED25519, SSL_aECDSA, SSL_PKEY_ED25519) - && test_cert_table(EVP_PKEY_ED448, SSL_aECDSA, SSL_PKEY_ED448); + && test_cert_table(EVP_PKEY_RSA, SSL_aRSA, SSL_PKEY_RSA) + && test_cert_table(EVP_PKEY_DSA, SSL_aDSS, SSL_PKEY_DSA_SIGN) + && test_cert_table(EVP_PKEY_EC, SSL_aECDSA, SSL_PKEY_ECC) + && test_cert_table(NID_id_GostR3410_2001, SSL_aGOST01, + SSL_PKEY_GOST01) + && test_cert_table(NID_id_GostR3410_2012_256, SSL_aGOST12, + SSL_PKEY_GOST12_256) + && test_cert_table(NID_id_GostR3410_2012_512, SSL_aGOST12, + SSL_PKEY_GOST12_512) + && test_cert_table(EVP_PKEY_ED25519, SSL_aECDSA, SSL_PKEY_ED25519) + && test_cert_table(EVP_PKEY_ED448, SSL_aECDSA, SSL_PKEY_ED448); } int setup_tests(void) --- crypto/openssl/test/ssl_ctx_test.c.orig +++ crypto/openssl/test/ssl_ctx_test.c @@ -21,11 +21,11 @@ static const version_test version_testdata[] = { /* min max ok expected min expected max */ - {0, 0, 1, 1, 0, 0}, - {TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION}, - {TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION}, - {TLS1_2_VERSION, TLS1_1_VERSION, 1, 1, TLS1_2_VERSION, TLS1_1_VERSION}, - {7, 42, 0, 0, 0, 0}, + { 0, 0, 1, 1, 0, 0 }, + { TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION }, + { TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION }, + { TLS1_2_VERSION, TLS1_1_VERSION, 1, 1, TLS1_2_VERSION, TLS1_1_VERSION }, + { 7, 42, 0, 0, 0, 0 }, }; static int test_set_min_max_version(int idx_tst) @@ -63,7 +63,7 @@ testresult = 1; - end: +end: SSL_free(ssl); SSL_CTX_free(ctx); return testresult; --- crypto/openssl/test/ssl_old_test.c.orig +++ crypto/openssl/test/ssl_old_test.c @@ -13,10 +13,10 @@ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #ifndef _BSD_SOURCE -# define _BSD_SOURCE 1 +#define _BSD_SOURCE 1 #endif #ifndef _DEFAULT_SOURCE -# define _DEFAULT_SOURCE 1 +#define _DEFAULT_SOURCE 1 #endif #include @@ -33,7 +33,7 @@ /* * Or isascii won't be declared properly on VMS (at least with DECompHP C). */ -# define _XOPEN_SOURCE 500 +#define _XOPEN_SOURCE 500 #endif #include @@ -48,11 +48,11 @@ #include #include #ifndef OPENSSL_NO_DSA -# include +#include #endif #include #ifndef OPENSSL_NO_CT -# include +#include #endif #include #include "testutil.h" @@ -63,12 +63,12 @@ * Do not try to put it earlier, or IPv6 includes * get screwed... */ -#define _XOPEN_SOURCE_EXTENDED 1 +#define _XOPEN_SOURCE_EXTENDED 1 #ifdef OPENSSL_SYS_WINDOWS -# include +#include #else -# include +#include #endif #include "helpers/predefined_dhparams.h" @@ -80,7 +80,7 @@ * There is really no standard for this, so let's assign something * only for this test */ -#define COMP_ZLIB 1 +#define COMP_ZLIB 1 static int verify_callback(int ok, X509_STORE_CTX *ctx); static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); @@ -90,16 +90,16 @@ int app_verify; }; -static char *psk_key = NULL; /* by default PSK is not used */ +static char *psk_key = NULL; /* by default PSK is not used */ #ifndef OPENSSL_NO_PSK static unsigned int psk_client_callback(SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); static unsigned int psk_server_callback(SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); + unsigned char *psk, + unsigned int max_psk_len); #endif static BIO *bio_stdout = NULL; @@ -112,8 +112,8 @@ static int npn_server_reject = 0; static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - void *arg) + const unsigned char *in, unsigned int inlen, + void *arg) { /* * This callback only returns the protocol string, rather than a length @@ -126,7 +126,7 @@ } static int cb_server_npn(SSL *s, const unsigned char **data, - unsigned int *len, void *arg) + unsigned int *len, void *arg) { *data = (const unsigned char *)NEXT_PROTO_STRING; *len = sizeof(NEXT_PROTO_STRING) - 1; @@ -134,7 +134,7 @@ } static int cb_server_rejects_npn(SSL *s, const unsigned char **data, - unsigned int *len, void *arg) + unsigned int *len, void *arg) { return SSL_TLSEXT_ERR_NOACK; } @@ -165,11 +165,9 @@ * If an NPN string was returned, it must be the protocol that we * expected to negotiate. */ - if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 || - memcmp(client_s, NEXT_PROTO_STRING + 1, client_len))) + if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 || memcmp(client_s, NEXT_PROTO_STRING + 1, client_len))) return -1; - if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 || - memcmp(server_s, NEXT_PROTO_STRING + 1, server_len))) + if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 || memcmp(server_s, NEXT_PROTO_STRING + 1, server_len))) return -1; if (!npn_client && client_len) @@ -215,8 +213,7 @@ } if (servername) { - if (s_ctx2 != NULL && sn_server2 != NULL && - !OPENSSL_strcasecmp(servername, sn_server2)) { + if (s_ctx2 != NULL && sn_server2 != NULL && !OPENSSL_strcasecmp(servername, sn_server2)) { BIO_printf(bio_stdout, "Switching server context.\n"); SSL_set_SSL_CTX(s, s_ctx2); } @@ -226,7 +223,7 @@ static int verify_servername(SSL *client, SSL *server) { /* just need to see if sn_context is what we expect */ - SSL_CTX* ctx = SSL_get_SSL_CTX(server); + SSL_CTX *ctx = SSL_get_SSL_CTX(server); if (sn_expect == 0) return 0; if (sn_expect == 1 && ctx == s_ctx) @@ -243,7 +240,6 @@ return -1; } - /*- * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. @@ -253,7 +249,7 @@ * returns: a malloced buffer or NULL on failure. */ static unsigned char *next_protos_parse(size_t *outlen, - const char *in) + const char *in) { size_t len; unsigned char *out; @@ -284,23 +280,23 @@ } static int cb_server_alpn(SSL *s, const unsigned char **out, - unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg) + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) { unsigned char *protos; size_t protos_len; - char* alpn_str = arg; + char *alpn_str = arg; protos = next_protos_parse(&protos_len, alpn_str); if (protos == NULL) { fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", - alpn_str); + alpn_str); abort(); } - if (SSL_select_next_proto - ((unsigned char **)out, outlen, protos, protos_len, in, - inlen) != OPENSSL_NPN_NEGOTIATED) { + if (SSL_select_next_proto((unsigned char **)out, outlen, protos, protos_len, in, + inlen) + != OPENSSL_NPN_NEGOTIATED) { OPENSSL_free(protos); return SSL_TLSEXT_ERR_NOACK; } @@ -337,8 +333,7 @@ goto err; } - if (client_proto != NULL && - memcmp(client_proto, server_proto, client_proto_len) != 0) { + if (client_proto != NULL && memcmp(client_proto, server_proto, client_proto_len) != 0) { BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); goto err; } @@ -348,31 +343,29 @@ goto err; } - if (alpn_expected != NULL && - (client_proto_len != strlen(alpn_expected) || - memcmp(client_proto, alpn_expected, client_proto_len) != 0)) { + if (alpn_expected != NULL && (client_proto_len != strlen(alpn_expected) || memcmp(client_proto, alpn_expected, client_proto_len) != 0)) { BIO_printf(bio_stdout, - "ALPN selected protocols not equal to expected protocol: %s\n", - alpn_expected); + "ALPN selected protocols not equal to expected protocol: %s\n", + alpn_expected); goto err; } return 0; - err: +err: BIO_printf(bio_stdout, "ALPN results: client: '"); BIO_write(bio_stdout, client_proto, client_proto_len); BIO_printf(bio_stdout, "', server: '"); BIO_write(bio_stdout, server_proto, server_proto_len); BIO_printf(bio_stdout, "'\n"); BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '", - alpn_client); + alpn_client); if (SSL_get_SSL_CTX(server) == s_ctx2) { BIO_printf(bio_stdout, "%s'\n", - alpn_server2); + alpn_server2); } else { BIO_printf(bio_stdout, "%s'\n", - alpn_server); + alpn_server); } return -1; } @@ -408,8 +401,8 @@ static int custom_ext_error = 0; static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, size_t inlen, - int *al, void *arg) + const unsigned char *in, size_t inlen, + int *al, void *arg) { if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp) serverinfo_sct_seen++; @@ -440,82 +433,82 @@ */ static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) + const unsigned char **out, + size_t *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_0) custom_ext_error = 1; - return 0; /* Don't send an extension */ + return 0; /* Don't send an extension */ } static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { return 1; } static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) + const unsigned char **out, + size_t *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; *out = (const unsigned char *)custom_ext_cli_string; *outlen = strlen(custom_ext_cli_string); - return 1; /* Send "abc" */ + return 1; /* Send "abc" */ } static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { return 1; } static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) + const unsigned char **out, + size_t *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; *out = (const unsigned char *)custom_ext_cli_string; *outlen = strlen(custom_ext_cli_string); - return 1; /* Send "abc" */ + return 1; /* Send "abc" */ } static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; if (inlen != 0) - custom_ext_error = 1; /* Should be empty response */ + custom_ext_error = 1; /* Should be empty response */ return 1; } static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) + const unsigned char **out, + size_t *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; *out = (const unsigned char *)custom_ext_cli_string; *outlen = strlen(custom_ext_cli_string); - return 1; /* Send "abc" */ + return 1; /* Send "abc" */ } static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; if (inlen != strlen(custom_ext_srv_string)) custom_ext_error = 1; if (memcmp(custom_ext_srv_string, in, inlen) != 0) - custom_ext_error = 1; /* Check for "defg" */ + custom_ext_error = 1; /* Check for "defg" */ return 1; } @@ -524,8 +517,8 @@ * for this extension */ static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { custom_ext_error = 1; return 1; @@ -533,17 +526,17 @@ /* 'add' callbacks are only called if the 'parse' callback is called */ static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) + const unsigned char **out, + size_t *outlen, int *al, void *arg) { /* Error: should not have been called */ custom_ext_error = 1; - return 0; /* Don't send an extension */ + return 0; /* Don't send an extension */ } static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; @@ -556,15 +549,15 @@ } static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) + const unsigned char **out, + size_t *outlen, int *al, void *arg) { - return 0; /* Don't send an extension */ + return 0; /* Don't send an extension */ } static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -577,17 +570,17 @@ } static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) + const unsigned char **out, + size_t *outlen, int *al, void *arg) { *out = NULL; *outlen = 0; - return 1; /* Send empty extension */ + return 1; /* Send empty extension */ } static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -600,12 +593,12 @@ } static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) + const unsigned char **out, + size_t *outlen, int *al, void *arg) { *out = (const unsigned char *)custom_ext_srv_string; *outlen = strlen(custom_ext_srv_string); - return 1; /* Send "defg" */ + return 1; /* Send "defg" */ } static char *cipher = NULL; @@ -614,9 +607,9 @@ static int debug = 0; int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, - long bytes, clock_t *s_time, clock_t *c_time); + long bytes, clock_t *s_time, clock_t *c_time); int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, - clock_t *c_time); + clock_t *c_time); int doit(SSL *s_ssl, SSL *c_ssl, long bytes); static void sv_usage(void) @@ -630,16 +623,16 @@ fprintf(stderr, " -reuse - use session-id reuse\n"); fprintf(stderr, " -num - number of connections to perform\n"); fprintf(stderr, - " -bytes - number of bytes to swap between client/server\n"); + " -bytes - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH fprintf(stderr, - " -dhe512 - use 512 bit key for DHE (to test failure)\n"); + " -dhe512 - use 512 bit key for DHE (to test failure)\n"); fprintf(stderr, - " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, - " -dhe2048 - use 2048 bit key (safe prime) for DHE (default, no-op)\n"); + " -dhe2048 - use 2048 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, - " -dhe4096 - use 4096 bit key (safe prime) for DHE\n"); + " -dhe4096 - use 4096 bit key (safe prime) for DHE\n"); #endif fprintf(stderr, " -no_dhe - disable DHE\n"); #ifndef OPENSSL_NO_EC @@ -673,10 +666,10 @@ fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); fprintf(stderr, " -s_cert arg - Server certificate file\n"); fprintf(stderr, - " -s_key arg - Server key file (default: same as -cert)\n"); + " -s_key arg - Server key file (default: same as -cert)\n"); fprintf(stderr, " -c_cert arg - Client certificate file\n"); fprintf(stderr, - " -c_key arg - Client key file (default: same as -c_cert)\n"); + " -c_key arg - Client key file (default: same as -c_cert)\n"); fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n"); fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n"); fprintf(stderr, " -bio_pair - Use BIO pairs\n"); @@ -684,7 +677,7 @@ fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n"); fprintf(stderr, " -f - Test even cases that can't work\n"); fprintf(stderr, - " -time - measure processor time used by client and server\n"); + " -time - measure processor time used by client and server\n"); fprintf(stderr, " -zlib - use zlib compression\n"); #ifndef OPENSSL_NO_NEXTPROTONEG fprintf(stderr, " -npn_client - have client side offer NPN\n"); @@ -694,15 +687,15 @@ fprintf(stderr, " -serverinfo_file file - have server use this file\n"); fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n"); fprintf(stderr, - " -serverinfo_tack - have client offer and expect TACK\n"); + " -serverinfo_tack - have client offer and expect TACK\n"); fprintf(stderr, - " -custom_ext - try various custom extension callbacks\n"); + " -custom_ext - try various custom extension callbacks\n"); fprintf(stderr, " -alpn_client - have client side offer ALPN\n"); fprintf(stderr, " -alpn_server - have server side offer ALPN\n"); fprintf(stderr, " -alpn_server1 - alias for -alpn_server\n"); fprintf(stderr, " -alpn_server2 - have server side context 2 offer ALPN\n"); fprintf(stderr, - " -alpn_expected - the ALPN protocol that should be negotiated\n"); + " -alpn_expected - the ALPN protocol that should be negotiated\n"); fprintf(stderr, " -server_min_proto - Minimum version the server should support\n"); fprintf(stderr, " -server_max_proto - Maximum version the server should support\n"); fprintf(stderr, " -client_min_proto - Minimum version the client should support\n"); @@ -773,12 +766,12 @@ ciph = SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout, "%s%s, cipher %s %s", - prefix, - SSL_get_version(c_ssl), - SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); + prefix, + SSL_get_version(c_ssl), + SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); cert = SSL_get0_peer_certificate(c_ssl); if (cert != NULL) { - EVP_PKEY* pubkey = X509_get0_pubkey(cert); + EVP_PKEY *pubkey = X509_get0_pubkey(cert); if (pubkey != NULL) { BIO_puts(bio_stdout, ", "); @@ -807,13 +800,14 @@ int version; }; static const struct protocol_versions versions[] = { - {"ssl3", SSL3_VERSION}, - {"tls1", TLS1_VERSION}, - {"tls1.1", TLS1_1_VERSION}, - {"tls1.2", TLS1_2_VERSION}, - {"tls1.3", TLS1_3_VERSION}, - {"dtls1", DTLS1_VERSION}, - {"dtls1.2", DTLS1_2_VERSION}}; + { "ssl3", SSL3_VERSION }, + { "tls1", TLS1_VERSION }, + { "tls1.1", TLS1_1_VERSION }, + { "tls1.2", TLS1_2_VERSION }, + { "tls1.3", TLS1_3_VERSION }, + { "dtls1", DTLS1_VERSION }, + { "dtls1.2", DTLS1_2_VERSION } + }; size_t i; size_t n = OSSL_NELEM(versions); @@ -884,14 +878,17 @@ { const char *CApath = NULL, *CAfile = NULL; int badop = 0; - enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; + enum { BIO_MEM, + BIO_PAIR, + BIO_IPV4, + BIO_IPV6 } bio_type + = BIO_MEM; int force = 0; int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0; int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; - struct app_verify_arg app_verify_arg = - { APP_CALLBACK_STRING, 0 }; + struct app_verify_arg app_verify_arg = { APP_CALLBACK_STRING, 0 }; SSL_CTX *c_ctx = NULL; const SSL_METHOD *meth = NULL; SSL *c_ssl = NULL; @@ -946,13 +943,9 @@ } SSL_CONF_CTX_set_flags(s_cctx, - SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER | - SSL_CONF_FLAG_CERTIFICATE | - SSL_CONF_FLAG_REQUIRE_PRIVATE); + SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE); SSL_CONF_CTX_set_flags(s_cctx2, - SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER | - SSL_CONF_FLAG_CERTIFICATE | - SSL_CONF_FLAG_REQUIRE_PRIVATE); + SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE); if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) { ERR_print_errors(bio_err); goto end; @@ -963,9 +956,7 @@ } SSL_CONF_CTX_set_flags(c_cctx, - SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT | - SSL_CONF_FLAG_CERTIFICATE | - SSL_CONF_FLAG_REQUIRE_PRIVATE); + SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE); if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) { ERR_print_errors(bio_err); goto end; @@ -977,7 +968,7 @@ while (argc >= 1) { if (strcmp(*argv, "-F") == 0) { fprintf(stderr, - "not compiled with FIPS support, so exiting without running.\n"); + "not compiled with FIPS support, so exiting without running.\n"); EXIT(0); } else if (strcmp(*argv, "-server_auth") == 0) server_auth = 1; @@ -1015,8 +1006,7 @@ #else no_psk = 1; #endif - } - else if (strcmp(*argv, "-tls1_2") == 0) { + } else if (strcmp(*argv, "-tls1_2") == 0) { tls1_2 = 1; } else if (strcmp(*argv, "-tls1_1") == 0) { tls1_1 = 1; @@ -1081,8 +1071,7 @@ #ifndef OPENSSL_NO_CT else if (strcmp(*argv, "-noct") == 0) { ct_validation = 0; - } - else if (strcmp(*argv, "-ct") == 0) { + } else if (strcmp(*argv, "-ct") == 0) { ct_validation = 1; } #endif @@ -1095,7 +1084,7 @@ app_verify_arg.app_verify = 1; } #ifndef OPENSSL_NO_NEXTPROTONEG - else if (strcmp(*argv, "-npn_client") == 0) { + else if (strcmp(*argv, "-npn_client") == 0) { npn_client = 1; } else if (strcmp(*argv, "-npn_server") == 0) { npn_server = 1; @@ -1117,8 +1106,7 @@ if (--argc < 1) goto bad; alpn_client = *(++argv); - } else if (strcmp(*argv, "-alpn_server") == 0 || - strcmp(*argv, "-alpn_server1") == 0) { + } else if (strcmp(*argv, "-alpn_server") == 0 || strcmp(*argv, "-alpn_server1") == 0) { if (--argc < 1) goto bad; alpn_server = *(++argv); @@ -1237,14 +1225,14 @@ argv++; } if (badop) { - bad: + bad: sv_usage(); goto end; } if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " - "be requested.\n"); + "be requested.\n"); EXIT(1); } @@ -1254,27 +1242,27 @@ else #endif #ifdef OPENSSL_NO_TLS1 - if (tls1) + if (tls1) no_protocol = 1; else #endif #ifdef OPENSSL_NO_TLS1_1 - if (tls1_1) + if (tls1_1) no_protocol = 1; else #endif #ifdef OPENSSL_NO_TLS1_2 - if (tls1_2) + if (tls1_2) no_protocol = 1; else #endif #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1) - if (dtls1) + if (dtls1) no_protocol = 1; else #endif #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2) - if (dtls12) + if (dtls12) no_protocol = 1; else #endif @@ -1287,17 +1275,17 @@ */ if (no_protocol) { fprintf(stderr, "Testing was requested for a disabled protocol. " - "Skipping tests.\n"); + "Skipping tests.\n"); ret = EXIT_SUCCESS; goto end; } if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 - && !reuse && !force) { + && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " - "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" - "to avoid protocol mismatch.\n"); + "the test anyway (and\n-d to see what happens), " + "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" + "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1308,7 +1296,7 @@ } if (number < 50 && !force) fprintf(stderr, - "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); + "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); } #ifndef OPENSSL_NO_COMP @@ -1322,8 +1310,8 @@ } } else { fprintf(stderr, - "Warning: %s compression not supported\n", - comp == COMP_ZLIB ? "zlib" : "unknown"); + "Warning: %s compression not supported\n", + comp == COMP_ZLIB ? "zlib" : "unknown"); ERR_print_errors_fp(stderr); } } @@ -1356,12 +1344,12 @@ max_version = TLS1_2_VERSION; } else { min_version = 0; -# if defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH) +#if defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH) /* We only have ec and dh based built-in groups for TLSv1.3 */ max_version = TLS1_2_VERSION; -# else +#else max_version = 0; -# endif +#endif } #endif #ifndef OPENSSL_NO_DTLS @@ -1381,7 +1369,7 @@ #endif if (provider != NULL - && !test_get_libctx(&libctx, &defctxnull, config, &thisprov, provider)) + && !test_get_libctx(&libctx, &defctxnull, config, &thisprov, provider)) goto end; c_ctx = SSL_CTX_new_ex(libctx, NULL, meth); @@ -1456,8 +1444,8 @@ } } else { if (!SSL_CTX_set_cipher_list(c_ctx, cipher) - || !SSL_CTX_set_cipher_list(s_ctx, cipher) - || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) { + || !SSL_CTX_set_cipher_list(s_ctx, cipher) + || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) { ERR_print_errors(bio_err); goto end; } @@ -1473,8 +1461,7 @@ } #ifndef OPENSSL_NO_CT - if (ct_validation && - !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) { + if (ct_validation && !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) { ERR_print_errors(bio_err); goto end; } @@ -1498,7 +1485,7 @@ } if (rv <= 0) { BIO_printf(bio_err, "Error processing %s %s\n", - arg, argn ? argn : ""); + arg, argn ? argn : ""); ERR_print_errors(bio_err); goto end; } @@ -1534,21 +1521,19 @@ #endif if (!(SSL_CTX_load_verify_file(s_ctx, CAfile) - || SSL_CTX_load_verify_dir(s_ctx, CApath)) + || SSL_CTX_load_verify_dir(s_ctx, CApath)) || !SSL_CTX_set_default_verify_paths(s_ctx) || !(SSL_CTX_load_verify_file(s_ctx2, CAfile) - || SSL_CTX_load_verify_dir(s_ctx2, CApath)) + || SSL_CTX_load_verify_dir(s_ctx2, CApath)) || !SSL_CTX_set_default_verify_paths(s_ctx2) || !(SSL_CTX_load_verify_file(c_ctx, CAfile) - || SSL_CTX_load_verify_dir(c_ctx, CApath)) + || SSL_CTX_load_verify_dir(c_ctx, CApath)) || !SSL_CTX_set_default_verify_paths(c_ctx)) { ERR_print_errors(bio_err); } #ifndef OPENSSL_NO_CT - if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) || - !SSL_CTX_set_default_ctlog_list_file(s_ctx2) || - !SSL_CTX_set_default_ctlog_list_file(c_ctx)) { + if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) || !SSL_CTX_set_default_ctlog_list_file(s_ctx2) || !SSL_CTX_set_default_ctlog_list_file(c_ctx)) { ERR_print_errors(bio_err); } #endif @@ -1556,29 +1541,29 @@ if (client_auth) { printf("client authentication\n"); SSL_CTX_set_verify(s_ctx, - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - verify_callback); + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback); SSL_CTX_set_verify(s_ctx2, - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - verify_callback); + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback); SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, - &app_verify_arg); + &app_verify_arg); SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback, - &app_verify_arg); + &app_verify_arg); } if (server_auth) { printf("server authentication\n"); SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback); SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, - &app_verify_arg); + &app_verify_arg); } { int session_id_context = 0; if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, - sizeof(session_id_context)) || - !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, - sizeof(session_id_context))) { + sizeof(session_id_context)) + || !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, + sizeof(session_id_context))) { ERR_print_errors(bio_err); goto end; } @@ -1603,8 +1588,7 @@ SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback); if (debug) BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n"); - if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") || - !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) { + if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") || !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) { BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n"); ERR_print_errors(bio_err); goto end; @@ -1619,7 +1603,7 @@ if (npn_server) { if (npn_server_reject) { BIO_printf(bio_err, - "Can't have both -npn_server and -npn_server_reject\n"); + "Can't have both -npn_server and -npn_server_reject\n"); goto end; } SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL); @@ -1642,68 +1626,67 @@ } if (serverinfo_tack) { if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE, - NULL, NULL, NULL, - serverinfo_cli_parse_cb, NULL)) { + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL)) { BIO_printf(bio_err, "Error adding TACK extension\n"); goto end; } } if (serverinfo_file) - if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) || - !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) { + if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) || !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) { BIO_printf(bio_err, "missing serverinfo file\n"); goto end; } if (custom_ext) { if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0, - custom_ext_0_cli_add_cb, - NULL, NULL, - custom_ext_0_cli_parse_cb, NULL) + custom_ext_0_cli_add_cb, + NULL, NULL, + custom_ext_0_cli_parse_cb, NULL) || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1, - custom_ext_1_cli_add_cb, - NULL, NULL, - custom_ext_1_cli_parse_cb, NULL) + custom_ext_1_cli_add_cb, + NULL, NULL, + custom_ext_1_cli_parse_cb, NULL) || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2, - custom_ext_2_cli_add_cb, - NULL, NULL, - custom_ext_2_cli_parse_cb, NULL) + custom_ext_2_cli_add_cb, + NULL, NULL, + custom_ext_2_cli_parse_cb, NULL) || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3, - custom_ext_3_cli_add_cb, - NULL, NULL, - custom_ext_3_cli_parse_cb, NULL) + custom_ext_3_cli_add_cb, + NULL, NULL, + custom_ext_3_cli_parse_cb, NULL) || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0, - custom_ext_0_srv_add_cb, - NULL, NULL, - custom_ext_0_srv_parse_cb, NULL) + custom_ext_0_srv_add_cb, + NULL, NULL, + custom_ext_0_srv_parse_cb, NULL) || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0, - custom_ext_0_srv_add_cb, - NULL, NULL, - custom_ext_0_srv_parse_cb, NULL) + custom_ext_0_srv_add_cb, + NULL, NULL, + custom_ext_0_srv_parse_cb, NULL) || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1, - custom_ext_1_srv_add_cb, - NULL, NULL, - custom_ext_1_srv_parse_cb, NULL) + custom_ext_1_srv_add_cb, + NULL, NULL, + custom_ext_1_srv_parse_cb, NULL) || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1, - custom_ext_1_srv_add_cb, - NULL, NULL, - custom_ext_1_srv_parse_cb, NULL) + custom_ext_1_srv_add_cb, + NULL, NULL, + custom_ext_1_srv_parse_cb, NULL) || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2, - custom_ext_2_srv_add_cb, - NULL, NULL, - custom_ext_2_srv_parse_cb, NULL) + custom_ext_2_srv_add_cb, + NULL, NULL, + custom_ext_2_srv_parse_cb, NULL) || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2, - custom_ext_2_srv_add_cb, - NULL, NULL, - custom_ext_2_srv_parse_cb, NULL) + custom_ext_2_srv_add_cb, + NULL, NULL, + custom_ext_2_srv_parse_cb, NULL) || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3, - custom_ext_3_srv_add_cb, - NULL, NULL, - custom_ext_3_srv_parse_cb, NULL) + custom_ext_3_srv_add_cb, + NULL, NULL, + custom_ext_3_srv_parse_cb, NULL) || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3, - custom_ext_3_srv_add_cb, - NULL, NULL, - custom_ext_3_srv_parse_cb, NULL)) { + custom_ext_3_srv_add_cb, + NULL, NULL, + custom_ext_3_srv_parse_cb, NULL)) { BIO_printf(bio_err, "Error setting custom extensions\n"); goto end; } @@ -1812,11 +1795,11 @@ #ifndef OPENSSL_NO_SOCK case BIO_IPV4: ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4, - bytes, &s_time, &c_time); + bytes, &s_time, &c_time); break; case BIO_IPV6: ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6, - bytes, &s_time, &c_time); + bytes, &s_time, &c_time); break; #else case BIO_IPV4: @@ -1829,9 +1812,7 @@ break; } - if (should_negotiate && ret == EXIT_SUCCESS && - strcmp(should_negotiate, "fail-server") != 0 && - strcmp(should_negotiate, "fail-client") != 0) { + if (should_negotiate && ret == EXIT_SUCCESS && strcmp(should_negotiate, "fail-server") != 0 && strcmp(should_negotiate, "fail-client") != 0) { int version = protocol_from_string(should_negotiate); if (version < 0) { BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate); @@ -1840,17 +1821,18 @@ } if (SSL_version(c_ssl) != version) { BIO_printf(bio_err, "Unexpected version negotiated. " - "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl)); + "Expected: %s, got %s\n", + should_negotiate, SSL_get_version(c_ssl)); ret = EXIT_FAILURE; goto end; } } if (should_reuse != -1) { - if (SSL_session_reused(s_ssl) != should_reuse || - SSL_session_reused(c_ssl) != should_reuse) { + if (SSL_session_reused(s_ssl) != should_reuse || SSL_session_reused(c_ssl) != should_reuse) { BIO_printf(bio_err, "Unexpected session reuse state. " - "Expected: %d, server: %d, client: %d\n", should_reuse, + "Expected: %d, server: %d, client: %d\n", + should_reuse, SSL_session_reused(s_ssl), SSL_session_reused(c_ssl)); ret = EXIT_FAILURE; goto end; @@ -1881,18 +1863,18 @@ * CLOCKS_PER_SEC." -- ISO/IEC 9899 */ BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" - "Approximate total client time: %6.2f s\n", - (double)s_time / CLOCKS_PER_SEC, - (double)c_time / CLOCKS_PER_SEC); + "Approximate total client time: %6.2f s\n", + (double)s_time / CLOCKS_PER_SEC, + (double)c_time / CLOCKS_PER_SEC); #else BIO_printf(bio_stdout, - "Approximate total server time: %6.2f units\n" - "Approximate total client time: %6.2f units\n", - (double)s_time, (double)c_time); + "Approximate total server time: %6.2f units\n" + "Approximate total client time: %6.2f units\n", + (double)s_time, (double)c_time); #endif } - end: +end: SSL_free(s_ssl); SSL_free(c_ssl); SSL_CTX_free(s_ctx); @@ -1918,7 +1900,7 @@ #ifndef OPENSSL_NO_SOCK int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, - clock_t *s_time, clock_t *c_time) + clock_t *s_time, clock_t *c_time) { long cw_num = count, cr_num = count, sw_num = count, sr_num = count; BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; @@ -1952,7 +1934,7 @@ { int st_connect = 0, st_accept = 0; - while(!st_connect || !st_accept) { + while (!st_connect || !st_accept) { if (!st_connect) { if (BIO_do_connect(client) <= 0) { if (!BIO_should_retry(client)) @@ -2023,7 +2005,7 @@ if (debug) if (SSL_in_init(c_ssl)) printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); + SSL_state_string_long(c_ssl)); if (cw_num > 0) { /* Write to server. */ @@ -2102,7 +2084,7 @@ if (debug) if (SSL_in_init(s_ssl)) printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); + SSL_state_string_long(s_ssl)); if (sw_num > 0) { /* Write to client. */ @@ -2152,14 +2134,13 @@ *s_time += (clock() - s_clock); } - } - while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); + } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); if (verbose) { print_details(c_ssl, "DONE via TCP connect: "); if (BIO_get_ktls_send(SSL_get_wbio(s_ssl)) - && BIO_get_ktls_recv(SSL_get_rbio(s_ssl))) + && BIO_get_ktls_recv(SSL_get_rbio(s_ssl))) BIO_printf(bio_stdout, "Server using Kernel TLS in both directions\n"); else if (BIO_get_ktls_send(SSL_get_wbio(s_ssl))) BIO_printf(bio_stdout, "Server using Kernel TLS for sending\n"); @@ -2167,23 +2148,23 @@ BIO_printf(bio_stdout, "Server using Kernel TLS for receiving\n"); if (BIO_get_ktls_send(SSL_get_wbio(c_ssl)) - && BIO_get_ktls_recv(SSL_get_rbio(c_ssl))) + && BIO_get_ktls_recv(SSL_get_rbio(c_ssl))) BIO_printf(bio_stdout, "Client using Kernel TLS in both directions\n"); else if (BIO_get_ktls_send(SSL_get_wbio(c_ssl))) BIO_printf(bio_stdout, "Client using Kernel TLS for sending\n"); else if (BIO_get_ktls_recv(SSL_get_rbio(c_ssl))) BIO_printf(bio_stdout, "Client using Kernel TLS for receiving\n"); } -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG if (verify_npn(c_ssl, s_ssl) < 0) goto end; -# endif +#endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); goto err; } if (verify_alpn(c_ssl, s_ssl) < 0 - || verify_servername(c_ssl, s_ssl) < 0) + || verify_servername(c_ssl, s_ssl) < 0) goto err; if (custom_ext_error) { @@ -2191,12 +2172,12 @@ goto err; } -# ifndef OPENSSL_NO_NEXTPROTONEG - end: -# endif +#ifndef OPENSSL_NO_NEXTPROTONEG +end: +#endif ret = EXIT_SUCCESS; - err: +err: ERR_print_errors(bio_err); BIO_free_all(acpt); @@ -2215,7 +2196,7 @@ #endif int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, - clock_t *s_time, clock_t *c_time) + clock_t *s_time, clock_t *c_time) { long cw_num = count, cr_num = count, sw_num = count, sr_num = count; BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; @@ -2224,7 +2205,7 @@ int err_in_client = 0; int err_in_server = 0; - size_t bufsiz = 256; /* small buffer for testing */ + size_t bufsiz = 256; /* small buffer for testing */ if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) goto err; @@ -2302,7 +2283,7 @@ if (debug) if (SSL_in_init(c_ssl)) printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); + SSL_state_string_long(c_ssl)); if (cw_num > 0) { /* Write to server. */ @@ -2381,7 +2362,7 @@ if (debug) if (SSL_in_init(s_ssl)) printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); + SSL_state_string_long(s_ssl)); if (sw_num > 0) { /* Write to client. */ @@ -2472,18 +2453,15 @@ r = BIO_write(io2, dataptr, (int)num); if (r != (int)num) { /* can't happen */ fprintf(stderr, "ERROR: BIO_write could not write " - "BIO_ctrl_get_write_guarantee() bytes"); + "BIO_ctrl_get_write_guarantee() bytes"); goto err; } progress = 1; if (debug) - printf((io1 == client_io) ? - "C->S relaying: %d bytes\n" : - "S->C relaying: %d bytes\n", (int)num); + printf((io1 == client_io) ? "C->S relaying: %d bytes\n" : "S->C relaying: %d bytes\n", (int)num); } - } - while (r1 && r2); + } while (r1 && r2); /* io2 to io1 */ { @@ -2507,7 +2485,7 @@ num = INT_MAX; if (num > 1) - --num; /* test restartability even more thoroughly */ + --num; /* test restartability even more thoroughly */ r = BIO_nwrite0(io1, &dataptr); assert(r > 0); @@ -2516,24 +2494,22 @@ r = BIO_read(io2, dataptr, (int)num); if (r != (int)num) { /* can't happen */ fprintf(stderr, "ERROR: BIO_read could not read " - "BIO_ctrl_pending() bytes"); + "BIO_ctrl_pending() bytes"); goto err; } progress = 1; r = BIO_nwrite(io1, &dataptr, (int)num); if (r != (int)num) { /* can't happen */ fprintf(stderr, "ERROR: BIO_nwrite() did not accept " - "BIO_nwrite0() bytes"); + "BIO_nwrite0() bytes"); goto err; } if (debug) - printf((io2 == client_io) ? - "C->S relaying: %d bytes\n" : - "S->C relaying: %d bytes\n", (int)num); + printf((io2 == client_io) ? "C->S relaying: %d bytes\n" : "S->C relaying: %d bytes\n", (int)num); } - } /* no loop, BIO_ctrl_get_read_request now - * returns 0 anyway */ + } /* no loop, BIO_ctrl_get_read_request now + * returns 0 anyway */ if (!progress && !prev_progress) if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) { @@ -2543,8 +2519,7 @@ } prev_progress = progress; } - } - while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); + } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); if (verbose) print_details(c_ssl, "DONE via BIO pair: "); @@ -2557,7 +2532,7 @@ goto err; } if (verify_alpn(c_ssl, s_ssl) < 0 - || verify_servername(c_ssl, s_ssl) < 0) + || verify_servername(c_ssl, s_ssl) < 0) goto err; if (custom_ext_error) { @@ -2566,11 +2541,11 @@ } #ifndef OPENSSL_NO_NEXTPROTONEG - end: +end: #endif ret = EXIT_SUCCESS; - err: +err: ERR_print_errors(bio_err); BIO_free(server); @@ -2588,10 +2563,10 @@ return ret; } -#define W_READ 1 +#define W_READ 1 #define W_WRITE 2 -#define C_DONE 1 -#define S_DONE 2 +#define C_DONE 1 +#define S_DONE 2 int doit(SSL *s_ssl, SSL *c_ssl, long count) { @@ -2687,13 +2662,13 @@ if (do_server && debug) { if (SSL_in_init(s_ssl)) printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); + SSL_state_string_long(s_ssl)); } if (do_client && debug) { if (SSL_in_init(c_ssl)) printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); + SSL_state_string_long(c_ssl)); } if (!do_client && !do_server) { @@ -2788,7 +2763,7 @@ } else if (i == 0) { ERR_print_errors(bio_err); fprintf(stderr, - "SSL SERVER STARTUP FAILED in SSL_read\n"); + "SSL SERVER STARTUP FAILED in SSL_read\n"); goto err; } else { if (debug) @@ -2824,7 +2799,7 @@ } else if (i == 0) { ERR_print_errors(bio_err); fprintf(stderr, - "SSL SERVER STARTUP FAILED in SSL_write\n"); + "SSL SERVER STARTUP FAILED in SSL_write\n"); goto err; } else { if (debug) @@ -2859,7 +2834,7 @@ goto err; } ret = EXIT_SUCCESS; - err: +err: BIO_free(c_to_s); BIO_free(s_to_c); BIO_free_all(c_bio); @@ -2880,14 +2855,14 @@ char *s, buf[256]; s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), - buf, sizeof(buf)); + buf, sizeof(buf)); if (s != NULL) { if (ok) printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); else { fprintf(stderr, "depth=%d error=%d %s\n", - X509_STORE_CTX_get_error_depth(ctx), - X509_STORE_CTX_get_error(ctx), buf); + X509_STORE_CTX_get_error_depth(ctx), + X509_STORE_CTX_get_error(ctx), buf); } } @@ -2897,7 +2872,7 @@ switch (i) { default: fprintf(stderr, "Error string: %s\n", - X509_verify_cert_error_string(i)); + X509_verify_cert_error_string(i)); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_HAS_EXPIRED: @@ -2922,12 +2897,12 @@ printf("In app_verify_callback, allowing cert. "); printf("Arg is: %s\n", cb_arg->string); printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n", - (void *)ctx, (void *)c); + (void *)ctx, (void *)c); if (c) s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256); if (s != NULL) { printf("cert depth=%d %s\n", - X509_STORE_CTX_get_error_depth(ctx), buf); + X509_STORE_CTX_get_error_depth(ctx), buf); } return 1; } @@ -2940,7 +2915,7 @@ #ifndef OPENSSL_NO_PSK /* convert the PSK key (psk_key) in ascii to binary (psk) */ static int psk_key2bn(const char *pskkey, unsigned char *psk, - unsigned int max_psk_len) + unsigned int max_psk_len) { int ret; BIGNUM *bn = NULL; @@ -2948,14 +2923,14 @@ ret = BN_hex2bn(&bn, pskkey); if (!ret) { BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", - pskkey); + pskkey); BN_free(bn); return 0; } if (BN_num_bytes(bn) > (int)max_psk_len) { BIO_printf(bio_err, - "psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); + "psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); BN_free(bn); return 0; } @@ -2965,10 +2940,10 @@ } static unsigned int psk_client_callback(SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len) + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len) { int ret; unsigned int psk_len = 0; @@ -2978,18 +2953,18 @@ goto out_err; if (debug) fprintf(stderr, "client: created identity '%s' len=%d\n", identity, - ret); + ret); ret = psk_key2bn(psk_key, psk, max_psk_len); if (ret < 0) goto out_err; psk_len = ret; - out_err: +out_err: return psk_len; } static unsigned int psk_server_callback(SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len) + unsigned char *psk, + unsigned int max_psk_len) { unsigned int psk_len = 0; --- crypto/openssl/test/ssl_test.c.orig +++ crypto/openssl/test/ssl_test.c @@ -35,8 +35,8 @@ { if (!TEST_int_eq(result->result, test_ctx->expected_result)) { TEST_info("ExpectedResult mismatch: expected %s, got %s.", - ssl_test_result_name(test_ctx->expected_result), - ssl_test_result_name(result->result)); + ssl_test_result_name(test_ctx->expected_result), + ssl_test_result_name(result->result)); return 0; } return 1; @@ -45,10 +45,10 @@ static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { if (!TEST_int_eq(result->client_alert_sent, - result->client_alert_received)) { + result->client_alert_received)) { TEST_info("Client sent alert %s but server received %s.", - print_alert(result->client_alert_sent), - print_alert(result->client_alert_received)); + print_alert(result->client_alert_sent), + print_alert(result->client_alert_received)); /* * We can't bail here because the peer doesn't always get far enough * to process a received alert. Specifically, in protocol version @@ -64,10 +64,10 @@ } if (!TEST_int_eq(result->server_alert_sent, - result->server_alert_received)) { + result->server_alert_received)) { TEST_info("Server sent alert %s but client received %s.", - print_alert(result->server_alert_sent), - print_alert(result->server_alert_received)); + print_alert(result->server_alert_sent), + print_alert(result->server_alert_received)); /* return 0; */ } @@ -80,16 +80,16 @@ */ && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) { TEST_error("ClientAlert mismatch: expected %s, got %s.", - print_alert(test_ctx->expected_client_alert), - print_alert(result->client_alert_sent)); + print_alert(test_ctx->expected_client_alert), + print_alert(result->client_alert_sent)); return 0; } if (test_ctx->expected_server_alert && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) { TEST_error("ServerAlert mismatch: expected %s, got %s.", - print_alert(test_ctx->expected_server_alert), - print_alert(result->server_alert_sent)); + print_alert(test_ctx->expected_server_alert), + print_alert(result->server_alert_sent)); return 0; } @@ -104,17 +104,17 @@ { if (!TEST_int_eq(result->client_protocol, result->server_protocol)) { TEST_info("Client has protocol %s but server has %s.", - ssl_protocol_name(result->client_protocol), - ssl_protocol_name(result->server_protocol)); + ssl_protocol_name(result->client_protocol), + ssl_protocol_name(result->server_protocol)); return 0; } if (test_ctx->expected_protocol) { if (!TEST_int_eq(result->client_protocol, - test_ctx->expected_protocol)) { + test_ctx->expected_protocol)) { TEST_info("Protocol mismatch: expected %s, got %s.\n", - ssl_protocol_name(test_ctx->expected_protocol), - ssl_protocol_name(result->client_protocol)); + ssl_protocol_name(test_ctx->expected_protocol), + ssl_protocol_name(result->client_protocol)); return 0; } } @@ -124,12 +124,12 @@ static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) { - TEST_info("Client ServerName mismatch, expected %s, got %s.", - ssl_servername_name(test_ctx->expected_servername), - ssl_servername_name(result->servername)); - return 0; + TEST_info("Client ServerName mismatch, expected %s, got %s.", + ssl_servername_name(test_ctx->expected_servername), + ssl_servername_name(result->servername)); + return 0; } - return 1; + return 1; } static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) @@ -137,10 +137,10 @@ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE) return 1; if (!TEST_int_eq(result->session_ticket, - test_ctx->session_ticket_expected)) { + test_ctx->session_ticket_expected)) { TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.", - ssl_session_ticket_name(test_ctx->session_ticket_expected), - ssl_session_ticket_name(result->session_ticket)); + ssl_session_ticket_name(test_ctx->session_ticket_expected), + ssl_session_ticket_name(result->session_ticket)); return 0; } return 1; @@ -152,8 +152,8 @@ return 1; if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) { TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.", - ssl_session_id_name(test_ctx->session_id_expected), - ssl_session_id_name(result->session_id)); + ssl_session_id_name(test_ctx->session_id_expected), + ssl_session_id_name(result->session_id)); return 0; } return 1; @@ -170,10 +170,10 @@ { int ret = 1; if (!TEST_str_eq(result->client_npn_negotiated, - result->server_npn_negotiated)) + result->server_npn_negotiated)) ret = 0; if (!TEST_str_eq(test_ctx->expected_npn_protocol, - result->client_npn_negotiated)) + result->client_npn_negotiated)) ret = 0; return ret; } @@ -183,16 +183,16 @@ { int ret = 1; if (!TEST_str_eq(result->client_alpn_negotiated, - result->server_alpn_negotiated)) + result->server_alpn_negotiated)) ret = 0; if (!TEST_str_eq(test_ctx->expected_alpn_protocol, - result->client_alpn_negotiated)) + result->client_alpn_negotiated)) ret = 0; return ret; } static int check_session_ticket_app_data(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { size_t result_len = 0; size_t expected_len = 0; @@ -206,7 +206,7 @@ return 1; if (!TEST_str_eq(result->result_session_ticket_app_data, - test_ctx->expected_session_ticket_app_data)) + test_ctx->expected_session_ticket_app_data)) return 0; return 1; @@ -226,8 +226,8 @@ if (expected_nid == 0 || expected_nid == nid) return 1; TEST_error("%s type mismatch, %s vs %s\n", - name, OBJ_nid2ln(expected_nid), - nid == NID_undef ? "absent" : OBJ_nid2ln(nid)); + name, OBJ_nid2ln(expected_nid), + nid == NID_undef ? "absent" : OBJ_nid2ln(nid)); return 0; } @@ -241,14 +241,14 @@ } for (i = 0; i < sk_X509_NAME_num(names); i++) { X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4, - XN_FLAG_ONELINE); + XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); } } static int check_ca_names(const char *name, - STACK_OF(X509_NAME) *expected_names, - STACK_OF(X509_NAME) *names) + STACK_OF(X509_NAME) *expected_names, + STACK_OF(X509_NAME) *names) { int i; @@ -263,8 +263,8 @@ goto err; for (i = 0; i < sk_X509_NAME_num(names); i++) { if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i), - sk_X509_NAME_value(expected_names, i)), - 0)) { + sk_X509_NAME_value(expected_names, i)), + 0)) { goto err; } } @@ -281,65 +281,65 @@ static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { return check_nid("Tmp key", test_ctx->expected_tmp_key_type, - result->tmp_key_type); + result->tmp_key_type); } static int check_server_cert_type(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { return check_nid("Server certificate", test_ctx->expected_server_cert_type, - result->server_cert_type); + result->server_cert_type); } static int check_server_sign_hash(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { return check_nid("Server signing hash", test_ctx->expected_server_sign_hash, - result->server_sign_hash); + result->server_sign_hash); } static int check_server_sign_type(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { return check_nid("Server signing", test_ctx->expected_server_sign_type, - result->server_sign_type); + result->server_sign_type); } static int check_server_ca_names(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { return check_ca_names("Server CA names", - test_ctx->expected_server_ca_names, - result->server_ca_names); + test_ctx->expected_server_ca_names, + result->server_ca_names); } static int check_client_cert_type(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { return check_nid("Client certificate", test_ctx->expected_client_cert_type, - result->client_cert_type); + result->client_cert_type); } static int check_client_sign_hash(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { return check_nid("Client signing hash", test_ctx->expected_client_sign_hash, - result->client_sign_hash); + result->client_sign_hash); } static int check_client_sign_type(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { return check_nid("Client signing", test_ctx->expected_client_sign_type, - result->client_sign_type); + result->client_sign_type); } static int check_client_ca_names(HANDSHAKE_RESULT *result, - SSL_TEST_CTX *test_ctx) + SSL_TEST_CTX *test_ctx) { return check_ca_names("Client CA names", - test_ctx->expected_client_ca_names, - result->client_ca_names); + test_ctx->expected_client_ca_names, + result->client_ca_names); } static int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) @@ -349,7 +349,7 @@ if (!TEST_ptr(result->cipher)) return 0; if (!TEST_str_eq(test_ctx->expected_cipher, - result->cipher)) + result->cipher)) return 0; return 1; } @@ -395,7 +395,7 @@ { int ret = 0; SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL, - *resume_server_ctx = NULL, *resume_client_ctx = NULL; + *resume_server_ctx = NULL, *resume_client_ctx = NULL; SSL_TEST_CTX *test_ctx = NULL; HANDSHAKE_RESULT *result = NULL; char test_app[MAX_TESTCASE_NAME_LENGTH]; @@ -410,15 +410,13 @@ if (test_ctx->method == SSL_TEST_METHOD_DTLS) { server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method()); if (!TEST_true(SSL_CTX_set_options(server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION)) - || !TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) + SSL_OP_ALLOW_CLIENT_RENEGOTIATION)) + || !TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) goto err; - if (test_ctx->extra.server.servername_callback != - SSL_TEST_SERVERNAME_CB_NONE) { - if (!TEST_ptr(server2_ctx = - SSL_CTX_new_ex(libctx, NULL, DTLS_server_method())) - || !TEST_true(SSL_CTX_set_options(server2_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) + if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { + if (!TEST_ptr(server2_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method())) + || !TEST_true(SSL_CTX_set_options(server2_ctx, + SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) goto err; } client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method()); @@ -426,24 +424,24 @@ goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, - DTLS_server_method()); + DTLS_server_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)) - || !TEST_true(SSL_CTX_set_options(resume_server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) + || !TEST_true(SSL_CTX_set_options(resume_server_ctx, + SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) goto err; resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, - DTLS_client_method()); + DTLS_client_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0))) goto err; if (!TEST_ptr(resume_server_ctx) - || !TEST_ptr(resume_client_ctx)) + || !TEST_ptr(resume_client_ctx)) goto err; } } #endif if (test_ctx->method == SSL_TEST_METHOD_TLS) { #if !defined(OPENSSL_NO_TLS1_3) \ - && defined(OPENSSL_NO_EC) \ + && defined(OPENSSL_NO_EC) \ && defined(OPENSSL_NO_DH) /* Without ec or dh there are no built-in groups for TLSv1.3 */ int maxversion = TLS1_2_VERSION; @@ -453,19 +451,17 @@ server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, maxversion)) - || !TEST_true(SSL_CTX_set_options(server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) + || !TEST_true(SSL_CTX_set_options(server_ctx, + SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) goto err; /* SNI on resumption isn't supported/tested yet. */ - if (test_ctx->extra.server.servername_callback != - SSL_TEST_SERVERNAME_CB_NONE) { - if (!TEST_ptr(server2_ctx = - SSL_CTX_new_ex(libctx, NULL, TLS_server_method())) - || !TEST_true(SSL_CTX_set_options(server2_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) + if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { + if (!TEST_ptr(server2_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())) + || !TEST_true(SSL_CTX_set_options(server2_ctx, + SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) goto err; if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, - maxversion))) + maxversion))) goto err; } client_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); @@ -474,19 +470,19 @@ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, - TLS_server_method()); + TLS_server_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, - maxversion)) - || !TEST_true(SSL_CTX_set_options(resume_server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) + maxversion)) + || !TEST_true(SSL_CTX_set_options(resume_server_ctx, + SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) goto err; resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, - TLS_client_method()); + TLS_client_method()); if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, - maxversion))) + maxversion))) goto err; if (!TEST_ptr(resume_server_ctx) - || !TEST_ptr(resume_client_ctx)) + || !TEST_ptr(resume_client_ctx)) goto err; } } @@ -497,8 +493,8 @@ #endif if (!TEST_ptr(server_ctx) - || !TEST_ptr(client_ctx) - || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) + || !TEST_ptr(client_ctx) + || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) goto err; if (!SSL_CTX_config(server_ctx, "server") @@ -516,7 +512,7 @@ goto err; result = do_handshake(server_ctx, server2_ctx, client_ctx, - resume_server_ctx, resume_client_ctx, test_ctx); + resume_server_ctx, resume_client_ctx, test_ctx); if (result != NULL) ret = check_test(result, test_ctx); @@ -546,10 +542,11 @@ } if (!TEST_ptr(conf = NCONF_new(NULL)) - /* argv[1] should point to the test conf file */ - || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0) - || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests", - &num_tests), 0)) { + /* argv[1] should point to the test conf file */ + || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0) + || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests", + &num_tests), + 0)) { TEST_error("usage: ssl_test %s", USAGE); return 0; } --- crypto/openssl/test/ssl_test_ctx_test.c.orig +++ crypto/openssl/test/ssl_test_ctx_test.c @@ -32,42 +32,41 @@ SSL_TEST_CTX *expected_ctx; } SSL_TEST_CTX_TEST_FIXTURE; - static int clientconf_eq(SSL_TEST_CLIENT_CONF *conf1, - SSL_TEST_CLIENT_CONF *conf2) + SSL_TEST_CLIENT_CONF *conf2) { if (!TEST_int_eq(conf1->verify_callback, conf2->verify_callback) - || !TEST_int_eq(conf1->servername, conf2->servername) - || !TEST_str_eq(conf1->npn_protocols, conf2->npn_protocols) - || !TEST_str_eq(conf1->alpn_protocols, conf2->alpn_protocols) - || !TEST_int_eq(conf1->ct_validation, conf2->ct_validation) - || !TEST_int_eq(conf1->max_fragment_len_mode, - conf2->max_fragment_len_mode)) + || !TEST_int_eq(conf1->servername, conf2->servername) + || !TEST_str_eq(conf1->npn_protocols, conf2->npn_protocols) + || !TEST_str_eq(conf1->alpn_protocols, conf2->alpn_protocols) + || !TEST_int_eq(conf1->ct_validation, conf2->ct_validation) + || !TEST_int_eq(conf1->max_fragment_len_mode, + conf2->max_fragment_len_mode)) return 0; return 1; } static int serverconf_eq(SSL_TEST_SERVER_CONF *serv, - SSL_TEST_SERVER_CONF *serv2) + SSL_TEST_SERVER_CONF *serv2) { if (!TEST_int_eq(serv->servername_callback, serv2->servername_callback) - || !TEST_str_eq(serv->npn_protocols, serv2->npn_protocols) - || !TEST_str_eq(serv->alpn_protocols, serv2->alpn_protocols) - || !TEST_int_eq(serv->broken_session_ticket, - serv2->broken_session_ticket) - || !TEST_str_eq(serv->session_ticket_app_data, - serv2->session_ticket_app_data) - || !TEST_int_eq(serv->cert_status, serv2->cert_status)) + || !TEST_str_eq(serv->npn_protocols, serv2->npn_protocols) + || !TEST_str_eq(serv->alpn_protocols, serv2->alpn_protocols) + || !TEST_int_eq(serv->broken_session_ticket, + serv2->broken_session_ticket) + || !TEST_str_eq(serv->session_ticket_app_data, + serv2->session_ticket_app_data) + || !TEST_int_eq(serv->cert_status, serv2->cert_status)) return 0; return 1; } static int extraconf_eq(SSL_TEST_EXTRA_CONF *extra, - SSL_TEST_EXTRA_CONF *extra2) + SSL_TEST_EXTRA_CONF *extra2) { if (!TEST_true(clientconf_eq(&extra->client, &extra2->client)) - || !TEST_true(serverconf_eq(&extra->server, &extra2->server)) - || !TEST_true(serverconf_eq(&extra->server2, &extra2->server2))) + || !TEST_true(serverconf_eq(&extra->server, &extra2->server)) + || !TEST_true(serverconf_eq(&extra->server2, &extra2->server2))) return 0; return 1; } @@ -75,34 +74,34 @@ static int testctx_eq(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) { if (!TEST_int_eq(ctx->method, ctx2->method) - || !TEST_int_eq(ctx->handshake_mode, ctx2->handshake_mode) - || !TEST_int_eq(ctx->app_data_size, ctx2->app_data_size) - || !TEST_int_eq(ctx->max_fragment_size, ctx2->max_fragment_size) - || !extraconf_eq(&ctx->extra, &ctx2->extra) - || !extraconf_eq(&ctx->resume_extra, &ctx2->resume_extra) - || !TEST_int_eq(ctx->expected_result, ctx2->expected_result) - || !TEST_int_eq(ctx->expected_client_alert, - ctx2->expected_client_alert) - || !TEST_int_eq(ctx->expected_server_alert, - ctx2->expected_server_alert) - || !TEST_int_eq(ctx->expected_protocol, ctx2->expected_protocol) - || !TEST_int_eq(ctx->expected_servername, ctx2->expected_servername) - || !TEST_int_eq(ctx->session_ticket_expected, - ctx2->session_ticket_expected) - || !TEST_int_eq(ctx->compression_expected, - ctx2->compression_expected) - || !TEST_str_eq(ctx->expected_npn_protocol, - ctx2->expected_npn_protocol) - || !TEST_str_eq(ctx->expected_alpn_protocol, - ctx2->expected_alpn_protocol) - || !TEST_str_eq(ctx->expected_cipher, - ctx2->expected_cipher) - || !TEST_str_eq(ctx->expected_session_ticket_app_data, - ctx2->expected_session_ticket_app_data) - || !TEST_int_eq(ctx->resumption_expected, - ctx2->resumption_expected) - || !TEST_int_eq(ctx->session_id_expected, - ctx2->session_id_expected)) + || !TEST_int_eq(ctx->handshake_mode, ctx2->handshake_mode) + || !TEST_int_eq(ctx->app_data_size, ctx2->app_data_size) + || !TEST_int_eq(ctx->max_fragment_size, ctx2->max_fragment_size) + || !extraconf_eq(&ctx->extra, &ctx2->extra) + || !extraconf_eq(&ctx->resume_extra, &ctx2->resume_extra) + || !TEST_int_eq(ctx->expected_result, ctx2->expected_result) + || !TEST_int_eq(ctx->expected_client_alert, + ctx2->expected_client_alert) + || !TEST_int_eq(ctx->expected_server_alert, + ctx2->expected_server_alert) + || !TEST_int_eq(ctx->expected_protocol, ctx2->expected_protocol) + || !TEST_int_eq(ctx->expected_servername, ctx2->expected_servername) + || !TEST_int_eq(ctx->session_ticket_expected, + ctx2->session_ticket_expected) + || !TEST_int_eq(ctx->compression_expected, + ctx2->compression_expected) + || !TEST_str_eq(ctx->expected_npn_protocol, + ctx2->expected_npn_protocol) + || !TEST_str_eq(ctx->expected_alpn_protocol, + ctx2->expected_alpn_protocol) + || !TEST_str_eq(ctx->expected_cipher, + ctx2->expected_cipher) + || !TEST_str_eq(ctx->expected_session_ticket_app_data, + ctx2->expected_session_ticket_app_data) + || !TEST_int_eq(ctx->resumption_expected, + ctx2->resumption_expected) + || !TEST_int_eq(ctx->session_id_expected, + ctx2->session_id_expected)) return 0; return 1; } @@ -127,12 +126,12 @@ SSL_TEST_CTX *ctx; if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture->test_section, - fixture->expected_ctx->libctx)) - || !testctx_eq(ctx, fixture->expected_ctx)) + fixture->expected_ctx->libctx)) + || !testctx_eq(ctx, fixture->expected_ctx)) goto err; success = 1; - err: +err: SSL_TEST_CTX_free(ctx); return success; } @@ -168,7 +167,7 @@ fixture->expected_ctx->expected_result = SSL_TEST_SERVER_FAIL; fixture->expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA; - fixture->expected_ctx->expected_server_alert = 0; /* No alert. */ + fixture->expected_ctx->expected_server_alert = 0; /* No alert. */ fixture->expected_ctx->expected_protocol = TLS1_1_VERSION; fixture->expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2; fixture->expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; @@ -176,26 +175,21 @@ fixture->expected_ctx->session_id_expected = SSL_TEST_SESSION_ID_IGNORE; fixture->expected_ctx->resumption_expected = 1; - fixture->expected_ctx->extra.client.verify_callback = - SSL_TEST_VERIFY_REJECT_ALL; + fixture->expected_ctx->extra.client.verify_callback = SSL_TEST_VERIFY_REJECT_ALL; fixture->expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2; - fixture->expected_ctx->extra.client.npn_protocols = - OPENSSL_strdup("foo,bar"); + fixture->expected_ctx->extra.client.npn_protocols = OPENSSL_strdup("foo,bar"); if (!TEST_ptr(fixture->expected_ctx->extra.client.npn_protocols)) goto err; fixture->expected_ctx->extra.client.max_fragment_len_mode = 0; - fixture->expected_ctx->extra.server.servername_callback = - SSL_TEST_SERVERNAME_IGNORE_MISMATCH; + fixture->expected_ctx->extra.server.servername_callback = SSL_TEST_SERVERNAME_IGNORE_MISMATCH; fixture->expected_ctx->extra.server.broken_session_ticket = 1; - fixture->expected_ctx->resume_extra.server2.alpn_protocols = - OPENSSL_strdup("baz"); + fixture->expected_ctx->resume_extra.server2.alpn_protocols = OPENSSL_strdup("baz"); if (!TEST_ptr(fixture->expected_ctx->resume_extra.server2.alpn_protocols)) goto err; - fixture->expected_ctx->resume_extra.client.ct_validation = - SSL_TEST_CT_VALIDATION_STRICT; + fixture->expected_ctx->resume_extra.client.ct_validation = SSL_TEST_CT_VALIDATION_STRICT; EXECUTE_SSL_TEST_CTX_TEST(); return result; @@ -229,7 +223,7 @@ SSL_TEST_CTX *ctx; if (!TEST_ptr_null(ctx = SSL_TEST_CTX_create(conf, - bad_configurations[idx], NULL))) { + bad_configurations[idx], NULL))) { SSL_TEST_CTX_free(ctx); return 0; } --- crypto/openssl/test/sslapitest.c.orig +++ crypto/openssl/test/sslapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ * when the deprecated calls are not hidden */ #ifndef OPENSSL_NO_DEPRECATED_3_0 -# define OPENSSL_SUPPRESS_DEPRECATED +#define OPENSSL_SUPPRESS_DEPRECATED #endif #include @@ -50,14 +50,14 @@ * If we don't have ec or dh then there are no built-in groups that are usable * with TLSv1.3 */ -# define OSSL_NO_USABLE_TLS1_3 +#define OSSL_NO_USABLE_TLS1_3 #endif /* Defined in tls-provider.c */ int tls_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx); + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); static OSSL_LIB_CTX *libctx = NULL; static OSSL_PROVIDER *defctxnull = NULL; @@ -70,9 +70,9 @@ static const char *srvid; static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, - size_t *idlen, SSL_SESSION **sess); + size_t *idlen, SSL_SESSION **sess); static int find_session_cb(SSL *ssl, const unsigned char *identity, - size_t identity_len, SSL_SESSION **sess); + size_t identity_len, SSL_SESSION **sess); static int use_session_cb_cnt = 0; static int find_session_cb_cnt = 0; @@ -100,9 +100,9 @@ static int is_fips = 0; #define LOG_BUFFER_SIZE 2048 -static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; +static char server_log_buffer[LOG_BUFFER_SIZE + 1] = { 0 }; static size_t server_log_buffer_index = 0; -static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; +static char client_log_buffer[LOG_BUFFER_SIZE + 1] = { 0 }; static size_t client_log_buffer_index = 0; static int error_writing_log = 0; @@ -116,7 +116,7 @@ #endif #define NUM_EXTRA_CERTS 40 -#define CLIENT_VERSION_LEN 2 +#define CLIENT_VERSION_LEN 2 /* * This structure is used to validate that the correct number of log messages @@ -134,14 +134,12 @@ unsigned int exporter_secret_count; }; - static int hostname_cb(SSL *s, int *al, void *arg) { const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (hostname != NULL && (strcmp(hostname, "goodhost") == 0 - || strcmp(hostname, "altgoodhost") == 0)) - return SSL_TLSEXT_ERR_OK; + if (hostname != NULL && (strcmp(hostname, "goodhost") == 0 || strcmp(hostname, "altgoodhost") == 0)) + return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_NOACK; } @@ -179,9 +177,9 @@ } static int compare_hex_encoded_buffer(const char *hex_encoded, - size_t hex_length, - const uint8_t *raw, - size_t raw_length) + size_t hex_length, + const uint8_t *raw, + size_t raw_length) { size_t i, j; char hexed[3]; @@ -192,7 +190,7 @@ for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) { BIO_snprintf(hexed, sizeof(hexed), "%02x", raw[i]); if (!TEST_int_eq(hexed[0], hex_encoded[j]) - || !TEST_int_eq(hexed[1], hex_encoded[j + 1])) + || !TEST_int_eq(hexed[1], hex_encoded[j + 1])) return 1; } @@ -200,13 +198,13 @@ } static int test_keylog_output(char *buffer, const SSL *ssl, - const SSL_SESSION *session, - struct sslapitest_log_counts *expected) + const SSL_SESSION *session, + struct sslapitest_log_counts *expected) { char *token = NULL; - unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0}; + unsigned char actual_client_random[SSL3_RANDOM_SIZE] = { 0 }; size_t client_random_size = SSL3_RANDOM_SIZE; - unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0}; + unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = { 0 }; size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH; unsigned int rsa_key_exchange_count = 0; unsigned int master_secret_count = 0; @@ -219,7 +217,7 @@ unsigned int exporter_secret_count = 0; for (token = strtok(buffer, " \n"); token != NULL; - token = strtok(NULL, " \n")) { + token = strtok(NULL, " \n")) { if (strcmp(token, "RSA") == 0) { /* * Premaster secret. Tokens should be: 16 ASCII bytes of @@ -244,8 +242,8 @@ * client random, then the hex-encoded master secret. */ client_random_size = SSL_get_client_random(ssl, - actual_client_random, - SSL3_RANDOM_SIZE); + actual_client_random, + SSL3_RANDOM_SIZE); if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE)) return 0; @@ -254,29 +252,29 @@ if (!TEST_size_t_eq(strlen(token), 64)) return 0; if (!TEST_false(compare_hex_encoded_buffer(token, 64, - actual_client_random, - client_random_size))) + actual_client_random, + client_random_size))) return 0; if (!TEST_ptr(token = strtok(NULL, " \n"))) return 0; master_key_size = SSL_SESSION_get_master_key(session, - actual_master_key, - master_key_size); + actual_master_key, + master_key_size); if (!TEST_size_t_ne(master_key_size, 0)) return 0; if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token), - actual_master_key, - master_key_size))) + actual_master_key, + master_key_size))) return 0; master_secret_count++; } else if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0 - || strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0 - || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0 - || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0 - || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0 - || strcmp(token, "EARLY_EXPORTER_SECRET") == 0 - || strcmp(token, "EXPORTER_SECRET") == 0) { + || strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0 + || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0 + || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0 + || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0 + || strcmp(token, "EARLY_EXPORTER_SECRET") == 0 + || strcmp(token, "EXPORTER_SECRET") == 0) { /* * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded * client random, and then the hex-encoded secret. In this case, @@ -299,8 +297,8 @@ exporter_secret_count++; client_random_size = SSL_get_client_random(ssl, - actual_client_random, - SSL3_RANDOM_SIZE); + actual_client_random, + SSL3_RANDOM_SIZE); if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE)) return 0; @@ -309,8 +307,8 @@ if (!TEST_size_t_eq(strlen(token), 64)) return 0; if (!TEST_false(compare_hex_encoded_buffer(token, 64, - actual_client_random, - client_random_size))) + actual_client_random, + client_random_size))) return 0; if (!TEST_ptr(token = strtok(NULL, " \n"))) @@ -323,23 +321,23 @@ /* Got what we expected? */ if (!TEST_size_t_eq(rsa_key_exchange_count, - expected->rsa_key_exchange_count) - || !TEST_size_t_eq(master_secret_count, - expected->master_secret_count) - || !TEST_size_t_eq(client_early_secret_count, - expected->client_early_secret_count) - || !TEST_size_t_eq(client_handshake_secret_count, - expected->client_handshake_secret_count) - || !TEST_size_t_eq(server_handshake_secret_count, - expected->server_handshake_secret_count) - || !TEST_size_t_eq(client_application_secret_count, - expected->client_application_secret_count) - || !TEST_size_t_eq(server_application_secret_count, - expected->server_application_secret_count) - || !TEST_size_t_eq(early_exporter_secret_count, - expected->early_exporter_secret_count) - || !TEST_size_t_eq(exporter_secret_count, - expected->exporter_secret_count)) + expected->rsa_key_exchange_count) + || !TEST_size_t_eq(master_secret_count, + expected->master_secret_count) + || !TEST_size_t_eq(client_early_secret_count, + expected->client_early_secret_count) + || !TEST_size_t_eq(client_handshake_secret_count, + expected->client_handshake_secret_count) + || !TEST_size_t_eq(server_handshake_secret_count, + expected->server_handshake_secret_count) + || !TEST_size_t_eq(client_application_secret_count, + expected->client_application_secret_count) + || !TEST_size_t_eq(server_application_secret_count, + expected->server_application_secret_count) + || !TEST_size_t_eq(early_exporter_secret_count, + expected->early_exporter_secret_count) + || !TEST_size_t_eq(exporter_secret_count, + expected->exporter_secret_count)) return 0; return 1; } @@ -361,9 +359,9 @@ error_writing_log = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) return 0; /* We cannot log the master secret for TLSv1.3, so we should forbid it. */ @@ -375,25 +373,25 @@ goto end; if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) - || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) + || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) goto end; SSL_CTX_set_keylog_callback(cctx, client_keylog_callback); if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) - == client_keylog_callback)) + == client_keylog_callback)) goto end; SSL_CTX_set_keylog_callback(sctx, server_keylog_callback); if (!TEST_true(SSL_CTX_get_keylog_callback(sctx) - == server_keylog_callback)) + == server_keylog_callback)) goto end; /* Now do a handshake and check that the logs have been written to. */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_false(error_writing_log) - || !TEST_int_gt(client_log_buffer_index, 0) - || !TEST_int_gt(server_log_buffer_index, 0)) + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(error_writing_log) + || !TEST_int_gt(client_log_buffer_index, 0) + || !TEST_int_gt(server_log_buffer_index, 0)) goto end; /* @@ -405,12 +403,12 @@ expected.rsa_key_exchange_count = 1; expected.master_secret_count = 1; if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, - SSL_get_session(clientssl), &expected))) + SSL_get_session(clientssl), &expected))) goto end; expected.rsa_key_exchange_count = 0; if (!TEST_true(test_keylog_output(server_log_buffer, serverssl, - SSL_get_session(serverssl), &expected))) + SSL_get_session(serverssl), &expected))) goto end; testresult = 1; @@ -445,32 +443,32 @@ error_writing_log = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey)) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_max_early_data(sctx, - SSL3_RT_MAX_PLAIN_LENGTH))) + SSL3_RT_MAX_PLAIN_LENGTH))) return 0; if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) - || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) + || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) goto end; SSL_CTX_set_keylog_callback(cctx, client_keylog_callback); if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) - == client_keylog_callback)) + == client_keylog_callback)) goto end; SSL_CTX_set_keylog_callback(sctx, server_keylog_callback); if (!TEST_true(SSL_CTX_get_keylog_callback(sctx) - == server_keylog_callback)) + == server_keylog_callback)) goto end; /* Now do a handshake and check that the logs have been written to. */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_false(error_writing_log)) + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(error_writing_log)) goto end; /* @@ -484,10 +482,10 @@ expected.server_application_secret_count = 1; expected.exporter_secret_count = 1; if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, - SSL_get_session(clientssl), &expected)) - || !TEST_true(test_keylog_output(server_log_buffer, serverssl, - SSL_get_session(serverssl), - &expected))) + SSL_get_session(clientssl), &expected)) + || !TEST_true(test_keylog_output(server_log_buffer, serverssl, + SSL_get_session(serverssl), + &expected))) goto end; /* Terminate old session and resume with early data. */ @@ -505,28 +503,28 @@ server_log_buffer_index = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sess)) - /* Here writing 0 length early data is enough. */ - || !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written)) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_ERROR) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_ACCEPTED) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl))) + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess)) + /* Here writing 0 length early data is enough. */ + || !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_ERROR) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) goto end; /* In addition to the previous entries, expect early secrets. */ expected.client_early_secret_count = 1; expected.early_exporter_secret_count = 1; if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, - SSL_get_session(clientssl), &expected)) - || !TEST_true(test_keylog_output(server_log_buffer, serverssl, - SSL_get_session(serverssl), - &expected))) + SSL_get_session(clientssl), &expected)) + || !TEST_true(test_keylog_output(server_log_buffer, serverssl, + SSL_get_session(serverssl), + &expected))) goto end; testresult = 1; @@ -553,8 +551,7 @@ || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) return 0; - if (res == 0 && X509_STORE_CTX_get_error(ctx) == - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) + if (res == 0 && X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) /* indicate SSL_ERROR_WANT_RETRY_VERIFY */ return SSL_set_retry_verify(ssl); @@ -576,25 +573,26 @@ int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, NULL, NULL))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, NULL, NULL))) goto end; if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(sctx, leaf), 1) - || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx, skey, - SSL_FILETYPE_PEM), 1) - || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1)) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx, skey, + SSL_FILETYPE_PEM), + 1) + || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1)) goto end; if (!TEST_true(SSL_CTX_load_verify_locations(cctx, root, NULL))) goto end; SSL_CTX_set_verify(cctx, SSL_VERIFY_PEER, NULL); SSL_CTX_set_cert_verify_callback(cctx, verify_retry_cb, NULL); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; /* attempt SSL_connect() with incomplete server chain */ if (!TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_WANT_RETRY_VERIFY))) + SSL_ERROR_WANT_RETRY_VERIFY))) goto end; /* application provides intermediate certs needed to verify server cert */ @@ -612,7 +610,7 @@ /* continue SSL_connect(), must now succeed with completed server chain */ if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; testresult = 1; @@ -657,8 +655,7 @@ || !TEST_int_eq(SSL_use_PrivateKey_file(ssl, skey, SSL_FILETYPE_PEM), 1) || !TEST_int_eq(SSL_check_private_key(ssl), 1)) goto end; - if (!TEST_true(SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_NO_ROOT - | SSL_BUILD_CHAIN_FLAG_CHECK))) + if (!TEST_true(SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_NO_ROOT | SSL_BUILD_CHAIN_FLAG_CHECK))) goto end; ret = 1; end: @@ -693,11 +690,11 @@ /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(ctx, leaf_chain), 1) || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, skey, - SSL_FILETYPE_PEM), 1) + SSL_FILETYPE_PEM), + 1) || !TEST_int_eq(SSL_CTX_check_private_key(ctx), 1)) goto end; - if (!TEST_true(SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT - | SSL_BUILD_CHAIN_FLAG_CHECK))) + if (!TEST_true(SSL_CTX_build_cert_chain(ctx, SSL_BUILD_CHAIN_FLAG_NO_ROOT | SSL_BUILD_CHAIN_FLAG_CHECK))) goto end; ret = 1; end: @@ -715,16 +712,17 @@ int *exts; /* We only configure two ciphers, but the SCSV is added automatically. */ #ifdef OPENSSL_NO_EC - const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff}; + const unsigned char expected_ciphers[] = { 0x00, 0x9d, 0x00, 0xff }; #else - const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0, - 0x2c, 0x00, 0xff}; + const unsigned char expected_ciphers[] = { 0x00, 0x9d, 0xc0, + 0x2c, 0x00, 0xff }; #endif const int expected_extensions[] = { #ifndef OPENSSL_NO_EC - 11, 10, + 11, 10, #endif - 35, 22, 23, 13}; + 35, 22, 23, 13 + }; size_t len; /* Make sure we can defer processing and get called back. */ @@ -733,14 +731,13 @@ len = SSL_client_hello_get0_ciphers(s, &p); if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers)) - || !TEST_size_t_eq( - SSL_client_hello_get0_compression_methods(s, &p), 1) - || !TEST_int_eq(*p, 0)) + || !TEST_size_t_eq( + SSL_client_hello_get0_compression_methods(s, &p), 1) + || !TEST_int_eq(*p, 0)) return SSL_CLIENT_HELLO_ERROR; if (!SSL_client_hello_get1_extensions_present(s, &exts, &len)) return SSL_CLIENT_HELLO_ERROR; - if (len != OSSL_NELEM(expected_extensions) || - memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) { + if (len != OSSL_NELEM(expected_extensions) || memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) { printf("ClientHello callback expected extensions mismatch\n"); OPENSSL_free(exts); return SSL_CLIENT_HELLO_ERROR; @@ -756,8 +753,8 @@ int testctr = 0, testresult = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr); @@ -765,19 +762,19 @@ SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); if (!TEST_true(SSL_CTX_set_cipher_list(cctx, - "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384")) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_WANT_CLIENT_HELLO_CB)) - /* - * Passing a -1 literal is a hack since - * the real value was lost. - * */ - || !TEST_int_eq(SSL_get_error(serverssl, -1), - SSL_ERROR_WANT_CLIENT_HELLO_CB) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_CLIENT_HELLO_CB)) + /* + * Passing a -1 literal is a hack since + * the real value was lost. + * */ + || !TEST_int_eq(SSL_get_error(serverssl, -1), + SSL_ERROR_WANT_CLIENT_HELLO_CB) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; testresult = 1; @@ -798,8 +795,8 @@ int testresult = 0; if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS1_2_VERSION, - &sctx, &cctx, cert, privkey)) { + TLS1_VERSION, TLS1_2_VERSION, + &sctx, &cctx, cert, privkey)) { printf("Unable to create SSL_CTX pair\n"); goto end; } @@ -853,21 +850,21 @@ size_t readbytes; /* - * Create a conection so we can resume and potentially (but not) use + * Create a connection so we can resume and potentially (but not) use * a different cipher in the second connection. */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, TLS1_2_VERSION, - &sctx, &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_ptr(sesspre = SSL_get0_session(serverssl)) - || !TEST_ptr(sess = SSL_get1_session(clientssl))) + TLS_client_method(), + TLS1_VERSION, TLS1_2_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_ptr(sesspre = SSL_get0_session(serverssl)) + || !TEST_ptr(sess = SSL_get1_session(clientssl))) goto end; shutdown_ssl_connection(serverssl, clientssl); @@ -876,17 +873,17 @@ /* Resume, preferring a different cipher. Our server will force the * same cipher to be used as the initial handshake. */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sess)) - || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384:AES128-GCM-SHA256")) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl)) - || !TEST_true(SSL_session_reused(serverssl)) - || !TEST_ptr(sesspost = SSL_get0_session(serverssl)) - || !TEST_ptr_eq(sesspre, sesspost) - || !TEST_int_eq(TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, - SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl)))) + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess)) + || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384:AES128-GCM-SHA256")) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_true(SSL_session_reused(serverssl)) + || !TEST_ptr(sesspost = SSL_get0_session(serverssl)) + || !TEST_ptr_eq(sesspre, sesspost) + || !TEST_int_eq(TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl)))) goto end; shutdown_ssl_connection(serverssl, clientssl); serverssl = clientssl = NULL; @@ -896,14 +893,14 @@ * cipher on it. */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_ptr(sesspre = SSL_get0_session(serverssl)) - || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")) - || !TEST_true(SSL_renegotiate(clientssl)) - || !TEST_true(SSL_renegotiate_pending(clientssl))) + NULL, NULL)) + || !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256")) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_ptr(sesspre = SSL_get0_session(serverssl)) + || !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")) + || !TEST_true(SSL_renegotiate(clientssl)) + || !TEST_true(SSL_renegotiate_pending(clientssl))) goto end; /* Actually drive the renegotiation. */ for (i = 0; i < 3; i++) { @@ -911,25 +908,25 @@ if (!TEST_ulong_eq(readbytes, 0)) goto end; } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), - SSL_ERROR_WANT_READ)) { + SSL_ERROR_WANT_READ)) { goto end; } if (SSL_read_ex(serverssl, &buf, sizeof(buf), &readbytes) > 0) { if (!TEST_ulong_eq(readbytes, 0)) goto end; } else if (!TEST_int_eq(SSL_get_error(serverssl, 0), - SSL_ERROR_WANT_READ)) { + SSL_ERROR_WANT_READ)) { goto end; } } /* sesspre and sesspost should be different since the cipher changed. */ if (!TEST_false(SSL_renegotiate_pending(clientssl)) - || !TEST_false(SSL_session_reused(clientssl)) - || !TEST_false(SSL_session_reused(serverssl)) - || !TEST_ptr(sesspost = SSL_get0_session(serverssl)) - || !TEST_ptr_ne(sesspre, sesspost) - || !TEST_int_eq(TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, - SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl)))) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl)) + || !TEST_ptr(sesspost = SSL_get0_session(serverssl)) + || !TEST_ptr_ne(sesspre, sesspost) + || !TEST_int_eq(TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl)))) goto end; shutdown_ssl_connection(serverssl, clientssl); @@ -975,8 +972,7 @@ * test we need to have a message larger than that. */ certlen = i2d_X509(chaincert, NULL); - OPENSSL_assert(certlen * NUM_EXTRA_CERTS > - (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); + OPENSSL_assert(certlen * NUM_EXTRA_CERTS > (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); for (i = 0; i < NUM_EXTRA_CERTS; i++) { if (!X509_up_ref(chaincert)) goto end; @@ -987,24 +983,24 @@ } ret = 1; - end: +end: BIO_free(certbio); X509_free(chaincert); return ret; } static int execute_test_large_message(const SSL_METHOD *smeth, - const SSL_METHOD *cmeth, - int min_version, int max_version, - int read_ahead) + const SSL_METHOD *cmeth, + int min_version, int max_version, + int read_ahead) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version, - max_version, &sctx, &cctx, cert, - privkey))) + max_version, &sctx, &cctx, cert, + privkey))) goto end; #ifdef OPENSSL_NO_DTLS1_2 @@ -1014,8 +1010,8 @@ * level 0 */ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) - || !TEST_true(SSL_CTX_set_cipher_list(cctx, - "DEFAULT:@SECLEVEL=0"))) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + "DEFAULT:@SECLEVEL=0"))) goto end; } #endif @@ -1032,9 +1028,9 @@ goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; /* @@ -1045,7 +1041,7 @@ goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -1054,8 +1050,7 @@ return testresult; } -#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_KTLS) && \ - !(defined(OSSL_NO_USABLE_TLS1_3) && defined(OPENSSL_NO_TLS1_2)) +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_KTLS) && !(defined(OSSL_NO_USABLE_TLS1_3) && defined(OPENSSL_NO_TLS1_2)) /* sock must be connected */ static int ktls_chk_platform(int sock) { @@ -1067,7 +1062,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) { static char count = 1; - unsigned char cbuf[16000] = {0}; + unsigned char cbuf[16000] = { 0 }; unsigned char sbuf[16000]; size_t err = 0; char crec_wseq_before[SEQ_NUM_SIZE]; @@ -1118,41 +1113,41 @@ */ if (!BIO_get_ktls_send(clientssl->wbio)) { if (!TEST_mem_ne(crec_wseq_before, SEQ_NUM_SIZE, - crec_wseq_after, SEQ_NUM_SIZE)) + crec_wseq_after, SEQ_NUM_SIZE)) goto end; } else { if (!TEST_mem_eq(crec_wseq_before, SEQ_NUM_SIZE, - crec_wseq_after, SEQ_NUM_SIZE)) + crec_wseq_after, SEQ_NUM_SIZE)) goto end; } if (!BIO_get_ktls_send(serverssl->wbio)) { if (!TEST_mem_ne(srec_wseq_before, SEQ_NUM_SIZE, - srec_wseq_after, SEQ_NUM_SIZE)) + srec_wseq_after, SEQ_NUM_SIZE)) goto end; } else { if (!TEST_mem_eq(srec_wseq_before, SEQ_NUM_SIZE, - srec_wseq_after, SEQ_NUM_SIZE)) + srec_wseq_after, SEQ_NUM_SIZE)) goto end; } if (!BIO_get_ktls_recv(clientssl->wbio)) { if (!TEST_mem_ne(crec_rseq_before, SEQ_NUM_SIZE, - crec_rseq_after, SEQ_NUM_SIZE)) + crec_rseq_after, SEQ_NUM_SIZE)) goto end; } else { if (!TEST_mem_eq(crec_rseq_before, SEQ_NUM_SIZE, - crec_rseq_after, SEQ_NUM_SIZE)) + crec_rseq_after, SEQ_NUM_SIZE)) goto end; } if (!BIO_get_ktls_recv(serverssl->wbio)) { if (!TEST_mem_ne(srec_rseq_before, SEQ_NUM_SIZE, - srec_rseq_after, SEQ_NUM_SIZE)) + srec_rseq_after, SEQ_NUM_SIZE)) goto end; } else { if (!TEST_mem_eq(srec_rseq_before, SEQ_NUM_SIZE, - srec_rseq_after, SEQ_NUM_SIZE)) + srec_rseq_after, SEQ_NUM_SIZE)) goto end; } @@ -1162,7 +1157,7 @@ } static int execute_test_ktls(int cis_ktls, int sis_ktls, - int tls_version, const char *cipher) + int tls_version, const char *cipher) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -1186,9 +1181,9 @@ /* Create a session based on SHA-256 */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - tls_version, tls_version, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + tls_version, tls_version, + &sctx, &cctx, cert, privkey))) goto end; if (tls_version == TLS1_3_VERSION) { @@ -1202,7 +1197,7 @@ } if (!TEST_true(create_ssl_objects2(sctx, cctx, &serverssl, - &clientssl, sfd, cfd))) + &clientssl, sfd, cfd))) goto end; if (cis_ktls) { @@ -1262,8 +1257,7 @@ if ((cis_ktls || sis_ktls) && !ktls_used) { testresult = TEST_skip("KTLS not supported for %s cipher %s", - tls_version == TLS1_3_VERSION ? "TLS 1.3" : - "TLS 1.2", cipher); + tls_version == TLS1_3_VERSION ? "TLS 1.3" : "TLS 1.2", cipher); goto end; } @@ -1290,9 +1284,9 @@ return testresult; } -#define SENDFILE_SZ (16 * 4096) -#define SENDFILE_CHUNK (4 * 4096) -#define min(a,b) ((a) > (b) ? (b) : (a)) +#define SENDFILE_SZ (16 * 4096) +#define SENDFILE_CHUNK (4 * 4096) +#define min(a, b) ((a) > (b) ? (b) : (a)) static int execute_test_ktls_sendfile(int tls_version, const char *cipher) { @@ -1325,9 +1319,9 @@ /* Create a session based on SHA-256 */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - tls_version, tls_version, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + tls_version, tls_version, + &sctx, &cctx, cert, privkey))) goto end; if (tls_version == TLS1_3_VERSION) { @@ -1341,20 +1335,19 @@ } if (!TEST_true(create_ssl_objects2(sctx, cctx, &serverssl, - &clientssl, sfd, cfd))) + &clientssl, sfd, cfd))) goto end; if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; if (!BIO_get_ktls_send(serverssl->wbio)) { testresult = TEST_skip("Failed to enable KTLS for %s cipher %s", - tls_version == TLS1_3_VERSION ? "TLS 1.3" : - "TLS 1.2", cipher); + tls_version == TLS1_3_VERSION ? "TLS 1.3" : "TLS 1.2", cipher); goto end; } @@ -1377,25 +1370,27 @@ while (chunk_off < SENDFILE_SZ) { chunk_size = min(SENDFILE_CHUNK, SENDFILE_SZ - chunk_off); while ((err = SSL_sendfile(serverssl, - ffd, - chunk_off, - chunk_size, - 0)) != chunk_size) { + ffd, + chunk_off, + chunk_size, + 0)) + != chunk_size) { if (SSL_get_error(serverssl, err) != SSL_ERROR_WANT_WRITE) goto end; } while ((err = SSL_read(clientssl, - buf_dst + chunk_off, - chunk_size)) != chunk_size) { + buf_dst + chunk_off, + chunk_size)) + != chunk_size) { if (SSL_get_error(clientssl, err) != SSL_ERROR_WANT_READ) goto end; } /* verify the payload */ if (!TEST_mem_eq(buf_dst + chunk_off, - chunk_size, - buf + chunk_off, - chunk_size)) + chunk_size, + buf + chunk_off, + chunk_size)) goto end; chunk_off += chunk_size; @@ -1429,36 +1424,36 @@ int tls_version; const char *cipher; } ktls_test_ciphers[] = { -# if !defined(OPENSSL_NO_TLS1_2) -# ifdef OPENSSL_KTLS_AES_GCM_128 +#if !defined(OPENSSL_NO_TLS1_2) +#ifdef OPENSSL_KTLS_AES_GCM_128 { TLS1_2_VERSION, "AES128-GCM-SHA256" }, -# endif -# ifdef OPENSSL_KTLS_AES_CCM_128 - { TLS1_2_VERSION, "AES128-CCM"}, -# endif -# ifdef OPENSSL_KTLS_AES_GCM_256 - { TLS1_2_VERSION, "AES256-GCM-SHA384"}, -# endif -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 -# ifndef OPENSSL_NO_EC - { TLS1_2_VERSION, "ECDHE-RSA-CHACHA20-POLY1305"}, -# endif -# endif -# endif -# if !defined(OSSL_NO_USABLE_TLS1_3) -# ifdef OPENSSL_KTLS_AES_GCM_128 +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + { TLS1_2_VERSION, "AES128-CCM" }, +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + { TLS1_2_VERSION, "AES256-GCM-SHA384" }, +#endif +#ifdef OPENSSL_KTLS_CHACHA20_POLY1305 +#ifndef OPENSSL_NO_EC + { TLS1_2_VERSION, "ECDHE-RSA-CHACHA20-POLY1305" }, +#endif +#endif +#endif +#if !defined(OSSL_NO_USABLE_TLS1_3) +#ifdef OPENSSL_KTLS_AES_GCM_128 { TLS1_3_VERSION, "TLS_AES_128_GCM_SHA256" }, -# endif -# ifdef OPENSSL_KTLS_AES_CCM_128 +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 { TLS1_3_VERSION, "TLS_AES_128_CCM_SHA256" }, -# endif -# ifdef OPENSSL_KTLS_AES_GCM_256 +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 { TLS1_3_VERSION, "TLS_AES_256_GCM_SHA384" }, -# endif -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 +#endif +#ifdef OPENSSL_KTLS_CHACHA20_POLY1305 { TLS1_3_VERSION, "TLS_CHACHA20_POLY1305_SHA256" }, -# endif -# endif +#endif +#endif }; #define NUM_KTLS_TEST_CIPHERS \ @@ -1476,7 +1471,7 @@ sis_ktls = (test & 2) != 0; return execute_test_ktls(cis_ktls, sis_ktls, cipher->tls_version, - cipher->cipher); + cipher->cipher); } static int test_ktls_sendfile(int tst) @@ -1493,30 +1488,30 @@ static int test_large_message_tls(void) { return execute_test_large_message(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, 0, 0); + TLS1_VERSION, 0, 0); } static int test_large_message_tls_read_ahead(void) { return execute_test_large_message(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, 0, 1); + TLS1_VERSION, 0, 1); } #ifndef OPENSSL_NO_DTLS static int test_large_message_dtls(void) { -# ifdef OPENSSL_NO_DTLS1_2 +#ifdef OPENSSL_NO_DTLS1_2 /* Not supported in the FIPS provider */ if (is_fips) return 1; -# endif +#endif /* * read_ahead is not relevant to DTLS because DTLS always acts as if * read_ahead is set. */ return execute_test_large_message(DTLS_server_method(), - DTLS_client_method(), - DTLS1_VERSION, 0, 0); + DTLS_client_method(), + DTLS1_VERSION, 0, 0); } #endif @@ -1619,27 +1614,27 @@ memset(buf, 0xff, SSL3_RT_MAX_PLAIN_LENGTH + 1); if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, prot, prot, - &sctx, &cctx, cert, privkey))) + &sctx, &cctx, cert, privkey))) goto end; if (prot < TLS1_2_VERSION || prot == DTLS1_VERSION) { /* Older protocol versions need SECLEVEL=0 due to SHA1 usage */ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "DEFAULT:@SECLEVEL=0")) - || !TEST_true(SSL_CTX_set_cipher_list(sctx, - "DEFAULT:@SECLEVEL=0"))) - goto end; + || !TEST_true(SSL_CTX_set_cipher_list(sctx, + "DEFAULT:@SECLEVEL=0"))) + goto end; } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; if ((tst & 1) != 0) { /* Setting this option gives us a minimally sized underlying buffer */ if (!TEST_true(SSL_set_options(serverssl, - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) - || !TEST_true(SSL_set_options(clientssl, - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))) + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + || !TEST_true(SSL_set_options(clientssl, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))) goto end; } @@ -1649,8 +1644,8 @@ * giving us a larger record for the encryption process */ if (!TEST_true(SSL_set_options(serverssl, SSL_OP_NO_ENCRYPT_THEN_MAC)) - || !TEST_true(SSL_set_options(clientssl, - SSL_OP_NO_ENCRYPT_THEN_MAC))) + || !TEST_true(SSL_set_options(clientssl, + SSL_OP_NO_ENCRYPT_THEN_MAC))) goto end; } @@ -1658,13 +1653,13 @@ goto end; if (!TEST_true(SSL_write_ex(clientssl, msg, SSL3_RT_MAX_PLAIN_LENGTH, - &written)) - || !TEST_size_t_eq(written, SSL3_RT_MAX_PLAIN_LENGTH)) + &written)) + || !TEST_size_t_eq(written, SSL3_RT_MAX_PLAIN_LENGTH)) goto end; /* We provide a buffer slightly larger than what we are actually expecting */ if (!TEST_true(SSL_read_ex(serverssl, buf, SSL3_RT_MAX_PLAIN_LENGTH + 1, - &readbytes))) + &readbytes))) goto end; if (!TEST_mem_eq(msg, written, buf, readbytes)) @@ -1684,8 +1679,8 @@ #if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) \ || !defined(OPENSSL_NO_DTLS) static int execute_cleanse_plaintext(const SSL_METHOD *smeth, - const SSL_METHOD *cmeth, - int min_version, int max_version) + const SSL_METHOD *cmeth, + int min_version, int max_version) { size_t i; SSL_CTX *cctx = NULL, *sctx = NULL; @@ -1698,13 +1693,13 @@ static unsigned char sbuf[16000]; if (!TEST_true(create_ssl_ctx_pair(libctx, - smeth, cmeth, - min_version, max_version, - &sctx, &cctx, cert, - privkey))) + smeth, cmeth, + min_version, max_version, + &sctx, &cctx, cert, + privkey))) goto end; -# ifdef OPENSSL_NO_DTLS1_2 +#ifdef OPENSSL_NO_DTLS1_2 if (smeth == DTLS_server_method()) { /* Not supported in the FIPS provider */ if (is_fips) { @@ -1716,21 +1711,21 @@ * level 0 */ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) - || !TEST_true(SSL_CTX_set_cipher_list(cctx, - "DEFAULT:@SECLEVEL=0"))) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + "DEFAULT:@SECLEVEL=0"))) goto end; } -# endif +#endif if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(SSL_set_options(serverssl, SSL_OP_CLEANSE_PLAINTEXT))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; for (i = 0; i < sizeof(cbuf); i++) { @@ -1776,7 +1771,7 @@ goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -1784,36 +1779,36 @@ return testresult; } -#endif /* - * !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) - * || !defined(OPENSSL_NO_DTLS) +#endif /* \ + * !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) \ + * || !defined(OPENSSL_NO_DTLS) \ */ static int test_cleanse_plaintext(void) { #if !defined(OPENSSL_NO_TLS1_2) if (!TEST_true(execute_cleanse_plaintext(TLS_server_method(), - TLS_client_method(), - TLS1_2_VERSION, - TLS1_2_VERSION))) + TLS_client_method(), + TLS1_2_VERSION, + TLS1_2_VERSION))) return 0; #endif #if !defined(OSSL_NO_USABLE_TLS1_3) if (!TEST_true(execute_cleanse_plaintext(TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, - TLS1_3_VERSION))) + TLS_client_method(), + TLS1_3_VERSION, + TLS1_3_VERSION))) return 0; #endif #if !defined(OPENSSL_NO_DTLS) if (!TEST_true(execute_cleanse_plaintext(DTLS_server_method(), - DTLS_client_method(), - DTLS1_VERSION, - 0))) + DTLS_client_method(), + DTLS1_VERSION, + 0))) return 0; #endif return 1; @@ -1844,7 +1839,7 @@ return SSL_TLSEXT_ERR_ALERT_FATAL; if (!TEST_true(SSL_set_tlsext_status_ocsp_resp(s, copy, - sizeof(orespder)))) { + sizeof(orespder)))) { OPENSSL_free(copy); return SSL_TLSEXT_ERR_ALERT_FATAL; } @@ -1879,8 +1874,8 @@ BIO *certbio = NULL; if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), - TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey)) + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey)) return 0; if (SSL_CTX_get_tlsext_status_type(cctx) != -1) @@ -1890,17 +1885,17 @@ clientssl = SSL_new(cctx); if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1) - || !TEST_true(SSL_set_tlsext_status_type(clientssl, - TLSEXT_STATUSTYPE_ocsp)) - || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl), - TLSEXT_STATUSTYPE_ocsp)) + || !TEST_true(SSL_set_tlsext_status_type(clientssl, + TLSEXT_STATUSTYPE_ocsp)) + || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl), + TLSEXT_STATUSTYPE_ocsp)) goto end; SSL_free(clientssl); clientssl = NULL; if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp) - || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp) + || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp) goto end; clientssl = SSL_new(cctx); @@ -1918,11 +1913,11 @@ SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb); SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(ocsp_client_called) - || !TEST_true(ocsp_server_called)) + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(ocsp_client_called) + || !TEST_true(ocsp_server_called)) goto end; SSL_free(serverssl); SSL_free(clientssl); @@ -1934,12 +1929,12 @@ ocsp_server_called = 0; cdummyarg = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - /* This should fail because the callback will fail */ - || !TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_false(ocsp_client_called) - || !TEST_false(ocsp_server_called)) + &clientssl, NULL, NULL)) + /* This should fail because the callback will fail */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(ocsp_client_called) + || !TEST_false(ocsp_server_called)) goto end; SSL_free(serverssl); SSL_free(clientssl); @@ -1954,7 +1949,7 @@ ocsp_server_called = 0; cdummyarg = 2; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; /* @@ -1962,12 +1957,12 @@ * specific one. We'll use the server cert. */ if (!TEST_ptr(certbio = BIO_new_file(cert, "r")) - || !TEST_ptr(id = OCSP_RESPID_new()) - || !TEST_ptr(ids = sk_OCSP_RESPID_new_null()) - || !TEST_ptr(ocspcert = X509_new_ex(libctx, NULL)) - || !TEST_ptr(PEM_read_bio_X509(certbio, &ocspcert, NULL, NULL)) - || !TEST_true(OCSP_RESPID_set_by_key_ex(id, ocspcert, libctx, NULL)) - || !TEST_true(sk_OCSP_RESPID_push(ids, id))) + || !TEST_ptr(id = OCSP_RESPID_new()) + || !TEST_ptr(ids = sk_OCSP_RESPID_new_null()) + || !TEST_ptr(ocspcert = X509_new_ex(libctx, NULL)) + || !TEST_ptr(PEM_read_bio_X509(certbio, &ocspcert, NULL, NULL)) + || !TEST_true(OCSP_RESPID_set_by_key_ex(id, ocspcert, libctx, NULL)) + || !TEST_true(sk_OCSP_RESPID_push(ids, id))) goto end; id = NULL; SSL_set_tlsext_status_ids(clientssl, ids); @@ -1978,14 +1973,14 @@ certbio = NULL; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(ocsp_client_called) - || !TEST_true(ocsp_server_called)) + SSL_ERROR_NONE)) + || !TEST_true(ocsp_client_called) + || !TEST_true(ocsp_server_called)) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -2022,7 +2017,7 @@ static SSL_SESSION *get_sess_val = NULL; static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len, - int *copy) + int *copy) { get_called++; *copy = 1; @@ -2030,14 +2025,14 @@ } static int execute_test_session(int maxprot, int use_int_cache, - int use_ext_cache, long s_options) + int use_ext_cache, long s_options) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl1 = NULL, *clientssl1 = NULL; SSL *serverssl2 = NULL, *clientssl2 = NULL; -# ifndef OPENSSL_NO_TLS1_1 +#ifndef OPENSSL_NO_TLS1_1 SSL *serverssl3 = NULL, *clientssl3 = NULL; -# endif +#endif SSL_SESSION *sess1 = NULL, *sess2 = NULL; int testresult = 0, numnewsesstick = 1; @@ -2048,8 +2043,8 @@ numnewsesstick = 2; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) return 0; /* @@ -2069,8 +2064,8 @@ SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT); } else { SSL_CTX_set_session_cache_mode(cctx, - SSL_SESS_CACHE_CLIENT - | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); } if (s_options) { @@ -2078,28 +2073,28 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl1, clientssl1, - SSL_ERROR_NONE)) - || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl1, clientssl1, + SSL_ERROR_NONE)) + || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))) goto end; /* Should fail because it should already be in the cache */ if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1))) goto end; if (use_ext_cache - && (!TEST_int_eq(new_called, numnewsesstick) + && (!TEST_int_eq(new_called, numnewsesstick) - || !TEST_int_eq(remove_called, 0))) + || !TEST_int_eq(remove_called, 0))) goto end; new_called = remove_called = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, - &clientssl2, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl2, sess1)) - || !TEST_true(create_ssl_connection(serverssl2, clientssl2, - SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl2))) + &clientssl2, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl2, sess1)) + || !TEST_true(create_ssl_connection(serverssl2, clientssl2, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl2))) goto end; if (maxprot == TLS1_3_VERSION) { @@ -2109,8 +2104,8 @@ * old ticket from the cache so that we try to only use tickets once. */ if (use_ext_cache - && (!TEST_int_eq(new_called, 1) - || !TEST_int_eq(remove_called, 1))) + && (!TEST_int_eq(new_called, 1) + || !TEST_int_eq(remove_called, 1))) goto end; } else { /* @@ -2118,8 +2113,8 @@ * removed. */ if (use_ext_cache - && (!TEST_int_eq(new_called, 0) - || !TEST_int_eq(remove_called, 0))) + && (!TEST_int_eq(new_called, 0) + || !TEST_int_eq(remove_called, 0))) goto end; } @@ -2131,17 +2126,17 @@ new_called = remove_called = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, - &clientssl2, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl2, clientssl2, - SSL_ERROR_NONE))) + &clientssl2, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl2, clientssl2, + SSL_ERROR_NONE))) goto end; if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2))) goto end; if (use_ext_cache - && (!TEST_int_eq(new_called, numnewsesstick) - || !TEST_int_eq(remove_called, 0))) + && (!TEST_int_eq(new_called, numnewsesstick) + || !TEST_int_eq(remove_called, 0))) goto end; new_called = remove_called = 0; @@ -2152,7 +2147,7 @@ if (!TEST_true(SSL_set_session(clientssl2, sess1))) goto end; if (use_ext_cache - && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1)) goto end; @@ -2160,7 +2155,7 @@ if (use_int_cache) { /* Should succeeded because it should not already be in the cache */ if (!TEST_true(SSL_CTX_add_session(cctx, sess2)) - || !TEST_true(SSL_CTX_remove_session(cctx, sess2))) + || !TEST_true(SSL_CTX_remove_session(cctx, sess2))) goto end; } @@ -2170,30 +2165,30 @@ goto end; if (use_ext_cache - && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; -# if !defined(OPENSSL_NO_TLS1_1) +#if !defined(OPENSSL_NO_TLS1_1) new_called = remove_called = 0; /* Force a connection failure */ SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3, - &clientssl3, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl3, sess1)) - /* This should fail because of the mismatched protocol versions */ - || !TEST_false(create_ssl_connection(serverssl3, clientssl3, - SSL_ERROR_NONE))) + &clientssl3, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl3, sess1)) + /* This should fail because of the mismatched protocol versions */ + || !TEST_false(create_ssl_connection(serverssl3, clientssl3, + SSL_ERROR_NONE))) goto end; /* We should have automatically removed the session from the cache */ if (use_ext_cache - && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; /* Should succeed because it should not already be in the cache */ if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2))) goto end; -# endif +#endif /* Now do some tests for server side caching */ if (use_ext_cache) { @@ -2209,8 +2204,8 @@ /* Internal caching is the default on the server side */ if (!use_int_cache) SSL_CTX_set_session_cache_mode(sctx, - SSL_SESS_CACHE_SERVER - | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_SESS_CACHE_SERVER + | SSL_SESS_CACHE_NO_INTERNAL_STORE); SSL_free(serverssl1); SSL_free(clientssl1); @@ -2228,11 +2223,11 @@ SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); new_called = remove_called = get_called = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl1, clientssl1, - SSL_ERROR_NONE)) - || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)) - || !TEST_ptr(sess2 = SSL_get1_session(serverssl1))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl1, clientssl1, + SSL_ERROR_NONE)) + || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)) + || !TEST_ptr(sess2 = SSL_get1_session(serverssl1))) goto end; if (use_int_cache) { @@ -2256,8 +2251,8 @@ SSL_SESSION *tmp = sess2; if (!TEST_int_eq(new_called, numnewsesstick) - || !TEST_int_eq(remove_called, 0) - || !TEST_int_eq(get_called, 0)) + || !TEST_int_eq(remove_called, 0) + || !TEST_int_eq(get_called, 0)) goto end; /* * Delete the session from the internal cache to force a lookup from @@ -2278,11 +2273,11 @@ new_called = remove_called = get_called = 0; get_sess_val = sess2; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, - &clientssl2, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl2, sess1)) - || !TEST_true(create_ssl_connection(serverssl2, clientssl2, - SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl2))) + &clientssl2, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl2, sess1)) + || !TEST_true(create_ssl_connection(serverssl2, clientssl2, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl2))) goto end; if (use_ext_cache) { @@ -2291,11 +2286,11 @@ if (maxprot == TLS1_3_VERSION) { if (!TEST_int_eq(new_called, 1) - || !TEST_int_eq(get_called, 0)) + || !TEST_int_eq(get_called, 0)) goto end; } else { if (!TEST_int_eq(new_called, 0) - || !TEST_int_eq(get_called, 1)) + || !TEST_int_eq(get_called, 1)) goto end; } } @@ -2308,9 +2303,9 @@ /* Make sess1 expire before sess2 */ if (!TEST_long_gt(SSL_SESSION_set_time(sess1, 1000), 0) - || !TEST_long_gt(SSL_SESSION_set_timeout(sess1, 1000), 0) - || !TEST_long_gt(SSL_SESSION_set_time(sess2, 2000), 0) - || !TEST_long_gt(SSL_SESSION_set_timeout(sess2, 2000), 0)) + || !TEST_long_gt(SSL_SESSION_set_timeout(sess1, 1000), 0) + || !TEST_long_gt(SSL_SESSION_set_time(sess2, 2000), 0) + || !TEST_long_gt(SSL_SESSION_set_timeout(sess2, 2000), 0)) goto end; if (!TEST_long_ne(SSL_CTX_sess_set_cache_size(sctx, 1), 0)) @@ -2322,21 +2317,21 @@ /* Now add sess1, and make sure it remains, despite timeout */ if (!TEST_true(SSL_CTX_add_session(sctx, sess1)) - || !TEST_ptr(sess1->owner) - || !TEST_ptr_null(sess2->owner)) + || !TEST_ptr(sess1->owner) + || !TEST_ptr_null(sess2->owner)) goto end; testresult = 1; - end: +end: SSL_free(serverssl1); SSL_free(clientssl1); SSL_free(serverssl2); SSL_free(clientssl2); -# ifndef OPENSSL_NO_TLS1_1 +#ifndef OPENSSL_NO_TLS1_1 SSL_free(serverssl3); SSL_free(clientssl3); -# endif +#endif SSL_SESSION_free(sess1); SSL_SESSION_free(sess2); SSL_CTX_free(sctx); @@ -2427,34 +2422,33 @@ /* Start handshake on the server and client */ if (!TEST_int_eq(SSL_do_handshake(sssl), 1) - || !TEST_int_le(SSL_read(cssl, NULL, 0), 0) - || !TEST_int_le(SSL_read(sssl, NULL, 0), 0) - || !TEST_true(create_ssl_connection(sssl, cssl, - SSL_ERROR_NONE))) + || !TEST_int_le(SSL_read(cssl, NULL, 0), 0) + || !TEST_int_le(SSL_read(sssl, NULL, 0), 0) + || !TEST_true(create_ssl_connection(sssl, cssl, + SSL_ERROR_NONE))) return 0; return 1; } static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx, - SSL_CTX **cctx) + SSL_CTX **cctx) { int sess_id_ctx = 1; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - sctx, cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx)) - || !TEST_true(SSL_CTX_set_session_id_context(*sctx, - (void *)&sess_id_ctx, - sizeof(sess_id_ctx)))) + TLS_client_method(), TLS1_VERSION, 0, + sctx, cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx)) + || !TEST_true(SSL_CTX_set_session_id_context(*sctx, + (void *)&sess_id_ctx, + sizeof(sess_id_ctx)))) return 0; if (stateful) SSL_CTX_set_options(*sctx, SSL_OP_NO_TICKET); - SSL_CTX_set_session_cache_mode(*cctx, SSL_SESS_CACHE_CLIENT - | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_set_session_cache_mode(*cctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE); SSL_CTX_sess_set_new_cb(*cctx, new_cachesession_cb); return 1; @@ -2469,14 +2463,14 @@ for (i = 0; i < idx * 2; i++) { new_called = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sesscache[i]))) + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sesscache[i]))) goto end; SSL_set_post_handshake_auth(clientssl, 1); if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; /* @@ -2485,19 +2479,19 @@ */ if (succ) { if (!TEST_true(SSL_session_reused(clientssl)) - || !TEST_int_eq(new_called, 1)) + || !TEST_int_eq(new_called, 1)) goto end; } else { if (!TEST_false(SSL_session_reused(clientssl)) - || !TEST_int_eq(new_called, idx)) + || !TEST_int_eq(new_called, idx)) goto end; } new_called = 0; /* After a post-handshake authentication we should get 1 new ticket */ if (succ - && (!post_handshake_verify(serverssl, clientssl) - || !TEST_int_eq(new_called, 1))) + && (!post_handshake_verify(serverssl, clientssl) + || !TEST_int_eq(new_called, 1))) goto end; SSL_shutdown(clientssl); @@ -2511,7 +2505,7 @@ return 1; - end: +end: SSL_free(clientssl); SSL_free(serverssl); return 0; @@ -2533,13 +2527,13 @@ goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - /* Check we got the number of tickets we were expecting */ - || !TEST_int_eq(idx, new_called)) + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(idx, new_called)) goto end; SSL_shutdown(clientssl); @@ -2577,20 +2571,20 @@ goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; SSL_set_post_handshake_auth(clientssl, 1); if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - /* Check we got the number of tickets we were expecting */ - || !TEST_int_eq(idx, new_called)) + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(idx, new_called)) goto end; /* After a post-handshake authentication we should get new tickets issued */ if (!post_handshake_verify(serverssl, clientssl) - || !TEST_int_eq(idx * 2, new_called)) + || !TEST_int_eq(idx * 2, new_called)) goto end; SSL_shutdown(clientssl); @@ -2611,7 +2605,7 @@ testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); for (j = 0; j < OSSL_NELEM(sesscache); j++) { @@ -2642,15 +2636,14 @@ int sess_id_ctx = 1; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, NULL, NULL)) - || !TEST_true(SSL_CTX_set_session_id_context(sctx, - (void *)&sess_id_ctx, - sizeof(sess_id_ctx)))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, NULL, NULL)) + || !TEST_true(SSL_CTX_set_session_id_context(sctx, + (void *)&sess_id_ctx, + sizeof(sess_id_ctx)))) goto end; - SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT - | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE); SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb); SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb); SSL_CTX_sess_set_new_cb(cctx, new_session_cb); @@ -2660,7 +2653,7 @@ new_called = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; clientpsk = serverpsk = create_a_psk(clientssl, SHA384_DIGEST_LENGTH); if (!TEST_ptr(clientpsk)) @@ -2668,16 +2661,16 @@ SSL_SESSION_up_ref(clientpsk); if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_int_eq(1, find_session_cb_cnt) - || !TEST_int_eq(1, use_session_cb_cnt) - /* We should always get 1 ticket when using external PSK */ - || !TEST_int_eq(1, new_called)) + SSL_ERROR_NONE)) + || !TEST_int_eq(1, find_session_cb_cnt) + || !TEST_int_eq(1, use_session_cb_cnt) + /* We should always get 1 ticket when using external PSK */ + || !TEST_int_eq(1, new_called)) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -2715,7 +2708,7 @@ SSL_CTX_sess_set_new_cb(cctx, new_session_cb); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; /* @@ -2723,60 +2716,60 @@ * incremented by both client and server. */ if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - /* Check we got the number of tickets we were expecting */ - || !TEST_int_eq(idx * 2, new_called) - || !TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_int_eq(idx * 2, new_called)) + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(idx * 2, new_called) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_int_eq(idx * 2, new_called)) goto end; /* Now try a (real) write to actually send the tickets */ c = '1'; if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) - || !TEST_size_t_eq(1, nbytes) - || !TEST_int_eq(idx * 2 + 2, new_called) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) - || !TEST_int_eq(idx * 2 + 4, new_called) - || !TEST_int_eq(sizeof(buf), nbytes) - || !TEST_int_eq(c, buf[0]) - || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) + || !TEST_size_t_eq(1, nbytes) + || !TEST_int_eq(idx * 2 + 2, new_called) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(idx * 2 + 4, new_called) + || !TEST_int_eq(sizeof(buf), nbytes) + || !TEST_int_eq(c, buf[0]) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) goto end; /* Try with only requesting one new ticket, too */ c = '2'; new_called = 0; if (!TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_true(SSL_write_ex(serverssl, &c, sizeof(c), &nbytes)) - || !TEST_size_t_eq(sizeof(c), nbytes) - || !TEST_int_eq(1, new_called) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) - || !TEST_int_eq(2, new_called) - || !TEST_size_t_eq(sizeof(buf), nbytes) - || !TEST_int_eq(c, buf[0])) + || !TEST_true(SSL_write_ex(serverssl, &c, sizeof(c), &nbytes)) + || !TEST_size_t_eq(sizeof(c), nbytes) + || !TEST_int_eq(1, new_called) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(2, new_called) + || !TEST_size_t_eq(sizeof(buf), nbytes) + || !TEST_int_eq(c, buf[0])) goto end; /* Do it again but use dummy writes to drive the ticket generation */ c = '3'; new_called = 0; if (!TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_true(SSL_write_ex(serverssl, &c, 0, &nbytes)) - || !TEST_size_t_eq(0, nbytes) - || !TEST_int_eq(2, new_called) - || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) - || !TEST_int_eq(4, new_called)) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_true(SSL_write_ex(serverssl, &c, 0, &nbytes)) + || !TEST_size_t_eq(0, nbytes) + || !TEST_int_eq(2, new_called) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(4, new_called)) goto end; /* Once more, but with SSL_do_handshake() to drive the ticket generation */ c = '4'; new_called = 0; if (!TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_true(SSL_do_handshake(serverssl)) - || !TEST_int_eq(2, new_called) - || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) - || !TEST_int_eq(4, new_called)) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_true(SSL_do_handshake(serverssl)) + || !TEST_int_eq(2, new_called) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(4, new_called)) goto end; /* @@ -2793,8 +2786,8 @@ SSL_set0_wbio(serverssl, bretry); bretry = NULL; if (!TEST_false(SSL_write_ex(serverssl, &c, 1, &nbytes)) - || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_WANT_WRITE) - || !TEST_size_t_eq(nbytes, 0)) + || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_WANT_WRITE) + || !TEST_size_t_eq(nbytes, 0)) goto end; /* Restore a BIO that will let the write succeed */ SSL_set0_wbio(serverssl, tmp); @@ -2804,42 +2797,42 @@ * even if we explicitly try to hit the state machine. */ if (!TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_true(SSL_new_session_ticket(serverssl)) - || !TEST_int_eq(0, new_called) - || !TEST_true(SSL_do_handshake(serverssl)) - || !TEST_int_eq(0, new_called)) + || !TEST_true(SSL_new_session_ticket(serverssl)) + || !TEST_int_eq(0, new_called) + || !TEST_true(SSL_do_handshake(serverssl)) + || !TEST_int_eq(0, new_called)) goto end; /* Re-do the write; still no tickets sent */ if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) - || !TEST_size_t_eq(1, nbytes) - || !TEST_int_eq(0, new_called) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) - || !TEST_int_eq(0, new_called) - || !TEST_int_eq(sizeof(buf), nbytes) - || !TEST_int_eq(c, buf[0]) - || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) + || !TEST_size_t_eq(1, nbytes) + || !TEST_int_eq(0, new_called) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(0, new_called) + || !TEST_int_eq(sizeof(buf), nbytes) + || !TEST_int_eq(c, buf[0]) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) goto end; /* Even trying to hit the state machine now will still not send tickets */ if (!TEST_true(SSL_do_handshake(serverssl)) - || !TEST_int_eq(0, new_called)) + || !TEST_int_eq(0, new_called)) goto end; /* Now the *next* write should send the tickets */ c = '6'; if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes)) - || !TEST_size_t_eq(1, nbytes) - || !TEST_int_eq(2, new_called) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) - || !TEST_int_eq(4, new_called) - || !TEST_int_eq(sizeof(buf), nbytes) - || !TEST_int_eq(c, buf[0]) - || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) + || !TEST_size_t_eq(1, nbytes) + || !TEST_int_eq(2, new_called) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)) + || !TEST_int_eq(4, new_called) + || !TEST_int_eq(sizeof(buf), nbytes) + || !TEST_int_eq(c, buf[0]) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))) goto end; SSL_shutdown(clientssl); SSL_shutdown(serverssl); testresult = 1; - end: +end: BIO_free(bretry); BIO_free(tmp); SSL_free(serverssl); @@ -2852,26 +2845,27 @@ } #endif -#define USE_NULL 0 -#define USE_BIO_1 1 -#define USE_BIO_2 2 -#define USE_DEFAULT 3 +#define USE_NULL 0 +#define USE_BIO_1 1 +#define USE_BIO_2 2 +#define USE_DEFAULT 3 -#define CONNTYPE_CONNECTION_SUCCESS 0 -#define CONNTYPE_CONNECTION_FAIL 1 -#define CONNTYPE_NO_CONNECTION 2 +#define CONNTYPE_CONNECTION_SUCCESS 0 +#define CONNTYPE_CONNECTION_FAIL 1 +#define CONNTYPE_NO_CONNECTION 2 -#define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) -#define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2) +#define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) +#define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2) #if !defined(OSSL_NO_USABLE_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) -# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2) +#define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2) #else -# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0 +#define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0 #endif -#define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \ - + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \ - + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS +#define TOTAL_SSL_SET_BIO_TESTS \ + TOTAL_NO_CONN_SSL_SET_BIO_TESTS \ + +TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \ + + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type) { @@ -2888,7 +2882,6 @@ } } - /* * Tests calls to SSL_set_bio() under various conditions. * @@ -2930,8 +2923,8 @@ } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; if (conntype == CONNTYPE_CONNECTION_FAIL) { @@ -2946,21 +2939,21 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (initrbio == USE_BIO_1 - || initwbio == USE_BIO_1 - || newrbio == USE_BIO_1 - || newwbio == USE_BIO_1) { + || initwbio == USE_BIO_1 + || newrbio == USE_BIO_1 + || newwbio == USE_BIO_1) { if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem()))) goto end; } if (initrbio == USE_BIO_2 - || initwbio == USE_BIO_2 - || newrbio == USE_BIO_2 - || newwbio == USE_BIO_2) { + || initwbio == USE_BIO_2 + || newrbio == USE_BIO_2 + || newwbio == USE_BIO_2) { if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem()))) goto end; } @@ -2982,9 +2975,9 @@ } if (conntype != CONNTYPE_NO_CONNECTION - && !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE) - == (conntype == CONNTYPE_CONNECTION_SUCCESS))) + && !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE) + == (conntype == CONNTYPE_CONNECTION_SUCCESS))) goto end; setupbio(&nrbio, bio1, bio2, newrbio); @@ -2996,19 +2989,19 @@ * already been set! */ if (nrbio != NULL - && nrbio != irbio - && (nwbio != iwbio || nrbio != nwbio)) + && nrbio != irbio + && (nwbio != iwbio || nrbio != nwbio)) BIO_up_ref(nrbio); if (nwbio != NULL - && nwbio != nrbio - && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio))) + && nwbio != nrbio + && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio))) BIO_up_ref(nwbio); SSL_set_bio(clientssl, nrbio, nwbio); testresult = 1; - end: +end: BIO_free(bio1); BIO_free(bio2); @@ -3024,7 +3017,9 @@ return testresult; } -typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t; +typedef enum { NO_BIO_CHANGE, + CHANGE_RBIO, + CHANGE_WBIO } bio_change_t; static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio) { @@ -3034,9 +3029,9 @@ int testresult = 0; if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method())) - || !TEST_ptr(ssl = SSL_new(ctx)) - || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl())) - || !TEST_ptr(membio1 = BIO_new(BIO_s_mem()))) + || !TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl())) + || !TEST_ptr(membio1 = BIO_new(BIO_s_mem()))) goto end; BIO_set_ssl(sslbio, ssl, BIO_CLOSE); @@ -3065,7 +3060,7 @@ BIO_pop(membio1); testresult = 1; - end: +end: BIO_free(membio1); BIO_free(sslbio); SSL_free(ssl); @@ -3108,34 +3103,34 @@ int connsuccess; } sigalgs_list; -static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA}; -# ifndef OPENSSL_NO_EC -static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC}; -static const int validlist3[] = {NID_sha512, EVP_PKEY_EC}; -# endif -static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA}; -static const int invalidlist2[] = {NID_sha256, NID_undef}; -static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256}; -static const int invalidlist4[] = {NID_sha256}; +static const int validlist1[] = { NID_sha256, EVP_PKEY_RSA }; +#ifndef OPENSSL_NO_EC +static const int validlist2[] = { NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC }; +static const int validlist3[] = { NID_sha512, EVP_PKEY_EC }; +#endif +static const int invalidlist1[] = { NID_undef, EVP_PKEY_RSA }; +static const int invalidlist2[] = { NID_sha256, NID_undef }; +static const int invalidlist3[] = { NID_sha256, EVP_PKEY_RSA, NID_sha256 }; +static const int invalidlist4[] = { NID_sha256 }; static const sigalgs_list testsigalgs[] = { - {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1}, -# ifndef OPENSSL_NO_EC - {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1}, - {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, -# endif - {NULL, 0, "RSA+SHA256", 1, 1}, -# ifndef OPENSSL_NO_EC - {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, - {NULL, 0, "ECDSA+SHA512", 1, 0}, -# endif - {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0}, - {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0}, - {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0}, - {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0}, - {NULL, 0, "RSA", 0, 0}, - {NULL, 0, "SHA256", 0, 0}, - {NULL, 0, "RSA+SHA256:SHA256", 0, 0}, - {NULL, 0, "Invalid", 0, 0} + { validlist1, OSSL_NELEM(validlist1), NULL, 1, 1 }, +#ifndef OPENSSL_NO_EC + { validlist2, OSSL_NELEM(validlist2), NULL, 1, 1 }, + { validlist3, OSSL_NELEM(validlist3), NULL, 1, 0 }, +#endif + { NULL, 0, "RSA+SHA256", 1, 1 }, +#ifndef OPENSSL_NO_EC + { NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1 }, + { NULL, 0, "ECDSA+SHA512", 1, 0 }, +#endif + { invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0 }, + { invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0 }, + { invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0 }, + { invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0 }, + { NULL, 0, "RSA", 0, 0 }, + { NULL, 0, "SHA256", 0, 0 }, + { NULL, 0, "RSA+SHA256:SHA256", 0, 0 }, + { NULL, 0, "Invalid", 0, 0 } }; static int test_set_sigalgs(int idx) @@ -3155,8 +3150,8 @@ : &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) return 0; SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); @@ -3183,7 +3178,7 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; if (!testctx) { @@ -3205,13 +3200,13 @@ } if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE), - curr->connsuccess)) + SSL_ERROR_NONE), + curr->connsuccess)) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -3226,7 +3221,7 @@ static int psk_server_cb_cnt = 0; static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, - size_t *idlen, SSL_SESSION **sess) + size_t *idlen, SSL_SESSION **sess) { switch (++use_session_cb_cnt) { case 1: @@ -3258,9 +3253,9 @@ #ifndef OPENSSL_NO_PSK static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id, - unsigned int max_id_len, - unsigned char *psk, - unsigned int max_psk_len) + unsigned int max_id_len, + unsigned char *psk, + unsigned int max_psk_len) { unsigned int psklen = 0; @@ -3287,7 +3282,7 @@ #endif /* OPENSSL_NO_PSK */ static int find_session_cb(SSL *ssl, const unsigned char *identity, - size_t identity_len, SSL_SESSION **sess) + size_t identity_len, SSL_SESSION **sess) { find_session_cb_cnt++; @@ -3300,7 +3295,7 @@ /* Identity should match that set by the client */ if (strlen(srvid) != identity_len - || strncmp(srvid, (const char *)identity, identity_len) != 0) { + || strncmp(srvid, (const char *)identity, identity_len) != 0) { /* No PSK found, continue but without a PSK */ *sess = NULL; return 1; @@ -3314,7 +3309,7 @@ #ifndef OPENSSL_NO_PSK static unsigned int psk_server_cb(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len) + unsigned char *psk, unsigned int max_psk_len) { unsigned int psklen = 0; @@ -3341,21 +3336,20 @@ } #endif /* OPENSSL_NO_PSK */ -#define MSG1 "Hello" -#define MSG2 "World." -#define MSG3 "This" -#define MSG4 "is" -#define MSG5 "a" -#define MSG6 "test" -#define MSG7 "message." +#define MSG1 "Hello" +#define MSG2 "World." +#define MSG3 "This" +#define MSG4 "is" +#define MSG5 "a" +#define MSG6 "test" +#define MSG7 "message." -#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") -#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") +#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") +#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") #define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03") #define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04") #define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05") - static SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize) { const SSL_CIPHER *cipher = NULL; @@ -3382,12 +3376,12 @@ } sess = SSL_SESSION_new(); if (!TEST_ptr(sess) - || !TEST_ptr(cipher) - || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize)) - || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)) - || !TEST_true( - SSL_SESSION_set_protocol_version(sess, - TLS1_3_VERSION))) { + || !TEST_ptr(cipher) + || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize)) + || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)) + || !TEST_true( + SSL_SESSION_set_protocol_version(sess, + TLS1_3_VERSION))) { SSL_SESSION_free(sess); return NULL; } @@ -3399,14 +3393,14 @@ * error. */ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, - SSL **serverssl, SSL_SESSION **sess, int idx, - size_t mdsize) + SSL **serverssl, SSL_SESSION **sess, int idx, + size_t mdsize) { if (*sctx == NULL - && !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, 0, - sctx, cctx, cert, privkey))) + && !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, 0, + sctx, cctx, cert, privkey))) return 0; if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH))) @@ -3426,7 +3420,7 @@ } if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl, - NULL, NULL))) + NULL, NULL))) return 0; /* @@ -3436,19 +3430,19 @@ * early_data. */ if (idx == 1 - && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost"))) + && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost"))) return 0; if (idx == 2) { clientpsk = create_a_psk(*clientssl, mdsize); if (!TEST_ptr(clientpsk) - /* - * We just choose an arbitrary value for max_early_data which - * should be big enough for testing purposes. - */ - || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk, - 0x100)) - || !TEST_true(SSL_SESSION_up_ref(clientpsk))) { + /* + * We just choose an arbitrary value for max_early_data which + * should be big enough for testing purposes. + */ + || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk, + 0x100)) + || !TEST_true(SSL_SESSION_up_ref(clientpsk))) { SSL_SESSION_free(clientpsk); clientpsk = NULL; return 0; @@ -3471,7 +3465,7 @@ return 1; if (!TEST_true(create_ssl_connection(*serverssl, *clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) return 0; *sess = SSL_get1_session(*clientssl); @@ -3482,8 +3476,8 @@ *serverssl = *clientssl = NULL; if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, - clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(*clientssl, *sess))) + clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(*clientssl, *sess))) return 0; return 1; @@ -3520,27 +3514,27 @@ time_t timer; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx, - SHA384_DIGEST_LENGTH))) + &serverssl, &sess, idx, + SHA384_DIGEST_LENGTH))) goto end; /* Write and read some early data */ timer = time(NULL); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written)) - || !TEST_size_t_eq(written, strlen(MSG1))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG1))) goto end; if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_SUCCESS)) { + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS)) { testresult = check_early_data_timeout(timer); goto end; } if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_ACCEPTED)) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED)) goto end; /* @@ -3548,31 +3542,31 @@ * read it. */ if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2), - &written)) - || !TEST_size_t_eq(written, strlen(MSG2)) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG2)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; /* Even after reading normal data, client should be able write early data */ if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3), - &written)) - || !TEST_size_t_eq(written, strlen(MSG3))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG3))) goto end; /* Server should still be able read early data after writing data */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3))) + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3))) goto end; /* Write more data from server and read it from client */ if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4), - &written)) - || !TEST_size_t_eq(written, strlen(MSG4)) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG4)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4))) goto end; /* @@ -3580,9 +3574,9 @@ * longer possible. */ if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written)) - || !TEST_size_t_eq(written, strlen(MSG5)) - || !TEST_int_eq(SSL_get_early_data_status(clientssl), - SSL_EARLY_DATA_ACCEPTED)) + || !TEST_size_t_eq(written, strlen(MSG5)) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_ACCEPTED)) goto end; /* @@ -3593,21 +3587,21 @@ */ rbio = SSL_get_rbio(serverssl); if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread)) - || !TEST_size_t_lt(rawread, sizeof(data)) - || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH)) + || !TEST_size_t_lt(rawread, sizeof(data)) + || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH)) goto end; /* Record length is in the 4th and 5th bytes of the record header */ eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]); if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten)) - || !TEST_size_t_eq(rawwritten, eoedlen)) + || !TEST_size_t_eq(rawwritten, eoedlen)) goto end; /* Server should be told that there is no more early data */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_FINISH) - || !TEST_size_t_eq(readbytes, 0)) + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_size_t_eq(readbytes, 0)) goto end; /* @@ -3615,35 +3609,35 @@ * data. */ if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6), - &written)) - || !TEST_size_t_eq(written, strlen(MSG6))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG6))) goto end; /* Push the ClientFinished and the normal data back into the server rbio */ if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen, - &rawwritten)) - || !TEST_size_t_eq(rawwritten, rawread - eoedlen)) + &rawwritten)) + || !TEST_size_t_eq(rawwritten, rawread - eoedlen)) goto end; /* Server should be able to read normal data */ if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_size_t_eq(readbytes, strlen(MSG5))) + || !TEST_size_t_eq(readbytes, strlen(MSG5))) goto end; /* Client and server should not be able to write/read early data now */ if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6), - &written))) + &written))) goto end; ERR_clear_error(); if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_ERROR)) + &readbytes), + SSL_READ_EARLY_DATA_ERROR)) goto end; ERR_clear_error(); /* Client should be able to read the data sent by the server */ if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6))) + || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6))) goto end; /* @@ -3652,15 +3646,15 @@ * data. */ if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) - || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), - &readbytes))) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), + &readbytes))) goto end; /* Server should be able to write normal data */ if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written)) - || !TEST_size_t_eq(written, strlen(MSG7)) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7))) + || !TEST_size_t_eq(written, strlen(MSG7)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7))) goto end; SSL_SESSION_free(sess); @@ -3674,45 +3668,45 @@ SSL_free(clientssl); serverssl = clientssl = NULL; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sess))) + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess))) goto end; /* Write and read some early data */ if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written)) - || !TEST_size_t_eq(written, strlen(MSG1)) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG1)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) goto end; if (!TEST_int_gt(SSL_connect(clientssl), 0) - || !TEST_int_gt(SSL_accept(serverssl), 0)) + || !TEST_int_gt(SSL_accept(serverssl), 0)) goto end; /* Client and server should not be able to write/read early data now */ if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6), - &written))) + &written))) goto end; ERR_clear_error(); if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_ERROR)) + &readbytes), + SSL_READ_EARLY_DATA_ERROR)) goto end; ERR_clear_error(); /* Client and server should be able to write/read normal data */ if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written)) - || !TEST_size_t_eq(written, strlen(MSG5)) - || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_size_t_eq(readbytes, strlen(MSG5))) + || !TEST_size_t_eq(written, strlen(MSG5)) + || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_size_t_eq(readbytes, strlen(MSG5))) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); @@ -3760,8 +3754,8 @@ allow_ed_cb_called = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) return 0; if (usecb > 0) { @@ -3772,11 +3766,10 @@ if (!TEST_ptr(confctx)) goto end; - SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE - | SSL_CONF_FLAG_SERVER); + SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE | SSL_CONF_FLAG_SERVER); SSL_CONF_CTX_set_ssl_ctx(confctx, sctx); if (!TEST_int_eq(SSL_CONF_cmd(confctx, "Options", "-AntiReplay"), - 2)) { + 2)) { SSL_CONF_CTX_free(confctx); goto end; } @@ -3786,8 +3779,8 @@ } if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx, - SHA384_DIGEST_LENGTH))) + &serverssl, &sess, idx, + SHA384_DIGEST_LENGTH))) goto end; /* @@ -3795,7 +3788,7 @@ * "use up" the ticket */ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl))) + || !TEST_true(SSL_session_reused(clientssl))) goto end; SSL_shutdown(clientssl); @@ -3805,59 +3798,59 @@ serverssl = clientssl = NULL; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sess))) + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess))) goto end; /* Write and read some early data */ timer = time(NULL); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written)) - || !TEST_size_t_eq(written, strlen(MSG1))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG1))) goto end; if (usecb <= 1) { if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_FINISH) - /* - * The ticket was reused, so the we should have rejected the - * early data - */ - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_REJECTED)) + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + /* + * The ticket was reused, so the we should have rejected the + * early data + */ + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_REJECTED)) goto end; } else { /* In this case the callback decides to accept the early data */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_SUCCESS)) { + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS)) { testresult = check_early_data_timeout(timer); goto end; } if (!TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) - /* - * Server will have sent its flight so client can now send - * end of early data and complete its half of the handshake - */ - || !TEST_int_gt(SSL_connect(clientssl), 0) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_FINISH) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_ACCEPTED)) + /* + * Server will have sent its flight so client can now send + * end of early data and complete its half of the handshake + */ + || !TEST_int_gt(SSL_connect(clientssl), 0) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED)) goto end; } /* Complete the connection */ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) - || !TEST_int_eq(SSL_session_reused(clientssl), (usecb > 0) ? 1 : 0) - || !TEST_int_eq(allow_ed_cb_called, usecb > 0 ? 1 : 0)) + || !TEST_int_eq(SSL_session_reused(clientssl), (usecb > 0) ? 1 : 0) + || !TEST_int_eq(allow_ed_cb_called, usecb > 0 ? 1 : 0)) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); @@ -3912,9 +3905,9 @@ return 1; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; if (cipher == 0) { @@ -3923,13 +3916,13 @@ } if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, ciphersuites[cipher])) - || !TEST_true(SSL_CTX_set_ciphersuites(cctx, ciphersuites[cipher]))) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, ciphersuites[cipher]))) goto end; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx, - cipher == 2 ? SHA384_DIGEST_LENGTH - : SHA256_DIGEST_LENGTH))) + &serverssl, &sess, idx, + cipher == 2 ? SHA384_DIGEST_LENGTH + : SHA256_DIGEST_LENGTH))) goto end; if (testtype == 1 || testtype == 2) { @@ -3958,22 +3951,22 @@ } if (testtype == 3 - && !TEST_true(SSL_set_recv_max_early_data(serverssl, 0))) + && !TEST_true(SSL_set_recv_max_early_data(serverssl, 0))) goto end; /* Write some early data */ if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written)) - || !TEST_size_t_eq(written, strlen(MSG1))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG1))) goto end; /* Server should reject the early data */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_FINISH) - || !TEST_size_t_eq(readbytes, 0) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_REJECTED)) + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_size_t_eq(readbytes, 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_REJECTED)) goto end; switch (testtype) { @@ -3988,36 +3981,35 @@ * handshake. */ if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) - || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), - &readbytes))) + || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), + &readbytes))) goto end; break; - case 2: - { - BIO *wbio = SSL_get_wbio(clientssl); - /* A record that will appear as bad early_data */ - const unsigned char bad_early_data[] = { - 0x17, 0x03, 0x03, 0x00, 0x01, 0x00 - }; + case 2: { + BIO *wbio = SSL_get_wbio(clientssl); + /* A record that will appear as bad early_data */ + const unsigned char bad_early_data[] = { + 0x17, 0x03, 0x03, 0x00, 0x01, 0x00 + }; - /* - * We force the client to attempt a write. This will fail because - * we're still in the handshake. It will cause the second - * ClientHello to be sent. - */ - if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), - &written))) - goto end; + /* + * We force the client to attempt a write. This will fail because + * we're still in the handshake. It will cause the second + * ClientHello to be sent. + */ + if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), + &written))) + goto end; - /* - * Inject some early_data after the second ClientHello. This should - * cause the server to fail - */ - if (!TEST_true(BIO_write_ex(wbio, bad_early_data, - sizeof(bad_early_data), &written))) - goto end; - } + /* + * Inject some early_data after the second ClientHello. This should + * cause the server to fail + */ + if (!TEST_true(BIO_write_ex(wbio, bad_early_data, + sizeof(bad_early_data), &written))) + goto end; + } /* fallthrough */ case 3: @@ -4027,7 +4019,7 @@ * abort. */ if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL)) + || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL)) goto end; /* Connection has failed - nothing more to do */ @@ -4045,11 +4037,11 @@ * early_data should be skipped. */ if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) - || !TEST_size_t_eq(written, strlen(MSG2)) - || !TEST_int_eq(SSL_get_early_data_status(clientssl), - SSL_EARLY_DATA_REJECTED) - || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + || !TEST_size_t_eq(written, strlen(MSG2)) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_REJECTED) + || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; /* @@ -4061,7 +4053,7 @@ testresult = 1; - end: +end: SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; @@ -4080,8 +4072,8 @@ static int test_early_data_skip(int idx) { return early_data_skip_helper(0, - idx % OSSL_NELEM(ciphersuites), - idx / OSSL_NELEM(ciphersuites)); + idx % OSSL_NELEM(ciphersuites), + idx / OSSL_NELEM(ciphersuites)); } /* @@ -4091,8 +4083,8 @@ static int test_early_data_skip_hrr(int idx) { return early_data_skip_helper(1, - idx % OSSL_NELEM(ciphersuites), - idx / OSSL_NELEM(ciphersuites)); + idx % OSSL_NELEM(ciphersuites), + idx / OSSL_NELEM(ciphersuites)); } /* @@ -4103,8 +4095,8 @@ static int test_early_data_skip_hrr_fail(int idx) { return early_data_skip_helper(2, - idx % OSSL_NELEM(ciphersuites), - idx / OSSL_NELEM(ciphersuites)); + idx % OSSL_NELEM(ciphersuites), + idx / OSSL_NELEM(ciphersuites)); } /* @@ -4114,8 +4106,8 @@ static int test_early_data_skip_abort(int idx) { return early_data_skip_helper(3, - idx % OSSL_NELEM(ciphersuites), - idx / OSSL_NELEM(ciphersuites)); + idx % OSSL_NELEM(ciphersuites), + idx / OSSL_NELEM(ciphersuites)); } /* @@ -4132,8 +4124,8 @@ size_t readbytes, written; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx, - SHA384_DIGEST_LENGTH))) + &serverssl, &sess, idx, + SHA384_DIGEST_LENGTH))) goto end; /* Write some data - should block due to handshake with server */ @@ -4143,31 +4135,31 @@ /* Server should detect that early data has not been sent */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_FINISH) - || !TEST_size_t_eq(readbytes, 0) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_NOT_SENT) - || !TEST_int_eq(SSL_get_early_data_status(clientssl), - SSL_EARLY_DATA_NOT_SENT)) + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_size_t_eq(readbytes, 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_NOT_SENT) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_NOT_SENT)) goto end; /* Continue writing the message we started earlier */ if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)) - || !TEST_size_t_eq(written, strlen(MSG1)) - || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) - || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written) - || !TEST_size_t_eq(written, strlen(MSG2))) + || !TEST_size_t_eq(written, strlen(MSG1)) + || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written) + || !TEST_size_t_eq(written, strlen(MSG2))) goto end; if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); @@ -4182,8 +4174,8 @@ static const char *servalpn; static int alpn_select_cb(SSL *ssl, const unsigned char **out, - unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg) + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) { unsigned int protlen = 0; const unsigned char *prot; @@ -4194,7 +4186,7 @@ return SSL_TLSEXT_ERR_NOACK; if (protlen == strlen(servalpn) - && memcmp(prot, servalpn, protlen) == 0) { + && memcmp(prot, servalpn, protlen) == 0) { *out = prot; *outlen = protlen; return SSL_TLSEXT_ERR_OK; @@ -4215,10 +4207,10 @@ 0x08, 'g', 'o', 'o', 'd', 'a', 'l', 'p', 'n', 0x07, 'b', 'a', 'd', 'a', 'l', 'p', 'n' }; -#define GOODALPNLEN 9 -#define BADALPNLEN 8 -#define GOODALPN (alpnlist) -#define BADALPN (alpnlist + GOODALPNLEN) +#define GOODALPNLEN 9 +#define BADALPNLEN 8 +#define GOODALPN (alpnlist) +#define BADALPN (alpnlist + GOODALPNLEN) int err = 0; unsigned char buf[20]; size_t readbytes, written; @@ -4227,8 +4219,8 @@ /* We always set this up with a final parameter of "2" for PSK */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, 2, - SHA384_DIGEST_LENGTH))) + &serverssl, &sess, 2, + SHA384_DIGEST_LENGTH))) goto end; servalpn = "goodalpn"; @@ -4244,7 +4236,7 @@ /* Set inconsistent SNI (early client detection) */ err = SSL_R_INCONSISTENT_EARLY_DATA_SNI; if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost")) - || !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost"))) + || !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost"))) goto end; break; @@ -4253,9 +4245,9 @@ err = SSL_R_INCONSISTENT_EARLY_DATA_ALPN; /* SSL_set_alpn_protos returns 0 for success and 1 for failure */ if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN, - GOODALPNLEN)) - || !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN, - BADALPNLEN))) + GOODALPNLEN)) + || !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN, + BADALPNLEN))) goto end; break; @@ -4280,15 +4272,15 @@ SSL_SESSION_free(serverpsk); serverpsk = SSL_SESSION_dup(clientpsk); if (!TEST_ptr(serverpsk) - || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost"))) + || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost"))) goto end; /* Fall through */ case 4: /* Set consistent SNI */ if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost")) - || !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost")) - || !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, - hostname_cb))) + || !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost")) + || !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, + hostname_cb))) goto end; break; @@ -4310,9 +4302,9 @@ * prefixed) */ if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN + 1, - GOODALPNLEN - 1)) - || !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN, - GOODALPNLEN))) + GOODALPNLEN - 1)) + || !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN, + GOODALPNLEN))) goto end; SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL); @@ -4323,14 +4315,14 @@ SSL_SESSION_free(serverpsk); serverpsk = SSL_SESSION_dup(clientpsk); if (!TEST_ptr(serverpsk) - || !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk, - BADALPN + 1, - BADALPNLEN - 1)) - || !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk, - GOODALPN + 1, - GOODALPNLEN - 1)) - || !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist, - sizeof(alpnlist)))) + || !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk, + BADALPN + 1, + BADALPNLEN - 1)) + || !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk, + GOODALPN + 1, + GOODALPNLEN - 1)) + || !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist, + sizeof(alpnlist)))) goto end; SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL); edstatus = SSL_EARLY_DATA_ACCEPTED; @@ -4347,33 +4339,34 @@ SSL_set_connect_state(clientssl); if (err != 0) { if (!TEST_false(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written)) - || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL) - || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err)) + &written)) + || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err)) goto end; } else { time_t timer = time(NULL); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written))) + &written))) goto end; if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), readearlyres)) { + &readbytes), + readearlyres)) { testresult = check_early_data_timeout(timer); goto end; } if ((readearlyres == SSL_READ_EARLY_DATA_SUCCESS - && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus) - || !TEST_int_eq(SSL_connect(clientssl), connectres)) + && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus) + || !TEST_int_eq(SSL_connect(clientssl), connectres)) goto end; } testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); @@ -4406,22 +4399,22 @@ const char *cipher_str[] = { TLS1_3_RFC_AES_128_GCM_SHA256, TLS1_3_RFC_AES_256_GCM_SHA384, -# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) TLS1_3_RFC_CHACHA20_POLY1305_SHA256, -# else +#else NULL, -# endif +#endif TLS1_3_RFC_AES_128_CCM_SHA256, TLS1_3_RFC_AES_128_CCM_8_SHA256 }; const unsigned char *cipher_bytes[] = { TLS13_AES_128_GCM_SHA256_BYTES, TLS13_AES_256_GCM_SHA384_BYTES, -# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) TLS13_CHACHA20_POLY1305_SHA256_BYTES, -# else +#else NULL, -# endif +#endif TLS13_AES_128_CCM_SHA256_BYTES, TLS13_AES_128_CCM_8_SHA256_BYTES }; @@ -4434,12 +4427,12 @@ /* We always set this up with a final parameter of "2" for PSK */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, 2, - SHA384_DIGEST_LENGTH))) + &serverssl, &sess, 2, + SHA384_DIGEST_LENGTH))) goto end; if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx])) - || !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx]))) + || !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx]))) goto end; /* @@ -4456,34 +4449,34 @@ SSL_set_connect_state(clientssl); timer = time(NULL); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written))) + &written))) goto end; if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_SUCCESS)) { + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS)) { testresult = check_early_data_timeout(timer); goto end; } if (!TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_ACCEPTED) - || !TEST_int_eq(SSL_connect(clientssl), 1) - || !TEST_int_eq(SSL_accept(serverssl), 1)) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED) + || !TEST_int_eq(SSL_connect(clientssl), 1) + || !TEST_int_eq(SSL_accept(serverssl), 1)) goto end; /* Send some normal data from client to server */ if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) - || !TEST_size_t_eq(written, strlen(MSG2))) + || !TEST_size_t_eq(written, strlen(MSG2))) goto end; if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); @@ -4513,13 +4506,13 @@ size_t readbytes, written; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, idx, - SHA384_DIGEST_LENGTH))) + &serverssl, &sess, idx, + SHA384_DIGEST_LENGTH))) goto end; /* Write some early data */ if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written))) + &written))) goto end; /* @@ -4527,26 +4520,26 @@ * continue handshake */ if (!TEST_int_le(SSL_accept(serverssl), 0) - || !TEST_int_gt(SSL_connect(clientssl), 0) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_REJECTED) - || !TEST_int_gt(SSL_accept(serverssl), 0) - || !TEST_int_eq(SSL_get_early_data_status(clientssl), - SSL_EARLY_DATA_REJECTED)) + || !TEST_int_gt(SSL_connect(clientssl), 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_REJECTED) + || !TEST_int_gt(SSL_accept(serverssl), 0) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_REJECTED)) goto end; /* Send some normal data from client to server */ if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) - || !TEST_size_t_eq(written, strlen(MSG2))) + || !TEST_size_t_eq(written, strlen(MSG2))) goto end; if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); @@ -4558,8 +4551,7 @@ return testresult; } - -# ifndef OPENSSL_NO_TLS1_2 +#ifndef OPENSSL_NO_TLS1_2 /* * Test that a server attempting to read early data can handle a connection * from a TLSv1.2 client. @@ -4573,8 +4565,8 @@ size_t readbytes, written; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, NULL, idx, - SHA384_DIGEST_LENGTH))) + &serverssl, NULL, idx, + SHA384_DIGEST_LENGTH))) goto end; /* Write some data - should block due to handshake with server */ @@ -4589,8 +4581,8 @@ * finish and detect that early data has not been sent */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_ERROR)) + &readbytes), + SSL_READ_EARLY_DATA_ERROR)) goto end; /* @@ -4598,30 +4590,30 @@ * for the CCS/Finished from server */ if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_FINISH) - || !TEST_size_t_eq(readbytes, 0) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_NOT_SENT)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_size_t_eq(readbytes, 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_NOT_SENT)) goto end; /* Continue writing the message we started earlier */ if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)) - || !TEST_size_t_eq(written, strlen(MSG1)) - || !TEST_int_eq(SSL_get_early_data_status(clientssl), - SSL_EARLY_DATA_NOT_SENT) - || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) - || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)) - || !TEST_size_t_eq(written, strlen(MSG2)) - || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes) - || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + || !TEST_size_t_eq(written, strlen(MSG1)) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_NOT_SENT) + || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)) + || !TEST_size_t_eq(written, strlen(MSG2)) + || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; testresult = 1; - end: +end: SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; @@ -4632,7 +4624,7 @@ return testresult; } -# endif /* OPENSSL_NO_TLS1_2 */ +#endif /* OPENSSL_NO_TLS1_2 */ /* * Test configuring the TLSv1.3 ciphersuites @@ -4655,13 +4647,13 @@ int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_ciphersuites(sctx, - "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256"))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256"))) goto end; - if (idx >=4 && idx <= 7) { + if (idx >= 4 && idx <= 7) { /* SSL_CTX explicit cipher list */ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384"))) goto end; @@ -4670,17 +4662,17 @@ if (idx == 0 || idx == 4) { /* Default ciphersuite */ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_128_GCM_SHA256"))) + "TLS_AES_128_GCM_SHA256"))) goto end; } else if (idx == 1 || idx == 5) { /* Non default ciphersuite */ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_128_CCM_SHA256"))) + "TLS_AES_128_CCM_SHA256"))) goto end; } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; if (idx == 8 || idx == 9) { @@ -4692,12 +4684,12 @@ if (idx == 2 || idx == 6 || idx == 8) { /* Default ciphersuite */ if (!TEST_true(SSL_set_ciphersuites(clientssl, - "TLS_AES_128_GCM_SHA256"))) + "TLS_AES_128_GCM_SHA256"))) goto end; } else if (idx == 3 || idx == 7 || idx == 9) { /* Non default ciphersuite */ if (!TEST_true(SSL_set_ciphersuites(clientssl, - "TLS_AES_128_CCM_SHA256"))) + "TLS_AES_128_CCM_SHA256"))) goto end; } @@ -4706,7 +4698,7 @@ testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -4725,18 +4717,18 @@ /* Create a session based on SHA-256 */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_ciphersuites(sctx, - "TLS_AES_128_GCM_SHA256:" - "TLS_AES_256_GCM_SHA384:" - "TLS_AES_128_CCM_SHA256")) - || !TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_128_GCM_SHA256")) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_128_GCM_SHA256:" + "TLS_AES_256_GCM_SHA384:" + "TLS_AES_128_CCM_SHA256")) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_GCM_SHA256")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; clntsess = SSL_get1_session(clientssl); @@ -4750,13 +4742,13 @@ /* Check we can resume a session with a different SHA-256 ciphersuite */ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_128_CCM_SHA256")) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, clntsess)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl))) + "TLS_AES_128_CCM_SHA256")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) goto end; SSL_SESSION_free(clntsess); @@ -4772,12 +4764,12 @@ * succeeds but does not resume. */ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384")) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, clntsess)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_SSL)) - || !TEST_false(SSL_session_reused(clientssl))) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_SSL)) + || !TEST_false(SSL_session_reused(clientssl))) goto end; SSL_SESSION_free(clntsess); @@ -4790,10 +4782,10 @@ /* Create a session based on SHA384 */ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384")) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; clntsess = SSL_get1_session(clientssl); @@ -4804,19 +4796,19 @@ serverssl = clientssl = NULL; if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384")) - || !TEST_true(SSL_CTX_set_ciphersuites(sctx, - "TLS_AES_256_GCM_SHA384")) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, clntsess)) - /* - * We use SSL_ERROR_WANT_READ below so that we can pause the - * connection after the initial ClientHello has been sent to - * enable us to make some session changes. - */ - || !TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_WANT_READ))) + "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384")) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_256_GCM_SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + /* + * We use SSL_ERROR_WANT_READ below so that we can pause the + * connection after the initial ClientHello has been sent to + * enable us to make some session changes. + */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ))) goto end; /* Trick the client into thinking this session is for a different digest */ @@ -4829,14 +4821,14 @@ * bail out. */ if (!TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_SSL)) - || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), - SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED)) + SSL_ERROR_SSL)) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), + SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED)) goto end; testresult = 1; - end: +end: SSL_SESSION_free(clntsess); SSL_free(serverssl); SSL_free(clientssl); @@ -4863,14 +4855,14 @@ * Test 12 = Test all ECDHE with TLSv1.2 client and server * Test 13 = Test all FFDHE with TLSv1.2 client and server */ -# ifndef OPENSSL_NO_EC -static int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1, - NID_secp521r1, NID_X25519, NID_X448}; -# endif -# ifndef OPENSSL_NO_DH -static int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, - NID_ffdhe6144, NID_ffdhe8192}; -# endif +#ifndef OPENSSL_NO_EC +static int ecdhe_kexch_groups[] = { NID_X9_62_prime256v1, NID_secp384r1, + NID_secp521r1, NID_X25519, NID_X448 }; +#endif +#ifndef OPENSSL_NO_DH +static int ffdhe_kexch_groups[] = { NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, + NID_ffdhe6144, NID_ffdhe8192 }; +#endif static int test_key_exchange(int idx) { SSL_CTX *sctx = NULL, *cctx = NULL; @@ -4883,113 +4875,111 @@ char *kexch_name0 = NULL; switch (idx) { -# ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_TLS1_2 - case 12: - max_version = TLS1_2_VERSION; -# endif - /* Fall through */ - case 0: - kexch_groups = ecdhe_kexch_groups; - kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups); - kexch_name0 = "secp256r1"; - break; - case 1: - kexch_alg = NID_X9_62_prime256v1; - kexch_name0 = "secp256r1"; - break; - case 2: - kexch_alg = NID_secp384r1; - kexch_name0 = "secp384r1"; - break; - case 3: - kexch_alg = NID_secp521r1; - kexch_name0 = "secp521r1"; - break; - case 4: - if (is_fips) - return TEST_skip("X25519 might not be supported by fips provider."); - kexch_alg = NID_X25519; - kexch_name0 = "x25519"; - break; - case 5: - if (is_fips) - return TEST_skip("X448 might not be supported by fips provider."); - kexch_alg = NID_X448; - kexch_name0 = "x448"; - break; -# endif -# ifndef OPENSSL_NO_DH -# ifndef OPENSSL_NO_TLS1_2 - case 13: - max_version = TLS1_2_VERSION; - kexch_name0 = "ffdhe2048"; -# endif - /* Fall through */ - case 6: - kexch_groups = ffdhe_kexch_groups; - kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups); - kexch_name0 = "ffdhe2048"; - break; - case 7: - kexch_alg = NID_ffdhe2048; - kexch_name0 = "ffdhe2048"; - break; - case 8: - kexch_alg = NID_ffdhe3072; - kexch_name0 = "ffdhe3072"; - break; - case 9: - kexch_alg = NID_ffdhe4096; - kexch_name0 = "ffdhe4096"; - break; - case 10: - kexch_alg = NID_ffdhe6144; - kexch_name0 = "ffdhe6144"; - break; - case 11: - kexch_alg = NID_ffdhe8192; - kexch_name0 = "ffdhe8192"; - break; -# endif - default: - /* We're skipping this test */ - return 1; +#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_TLS1_2 + case 12: + max_version = TLS1_2_VERSION; +#endif + /* Fall through */ + case 0: + kexch_groups = ecdhe_kexch_groups; + kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups); + kexch_name0 = "secp256r1"; + break; + case 1: + kexch_alg = NID_X9_62_prime256v1; + kexch_name0 = "secp256r1"; + break; + case 2: + kexch_alg = NID_secp384r1; + kexch_name0 = "secp384r1"; + break; + case 3: + kexch_alg = NID_secp521r1; + kexch_name0 = "secp521r1"; + break; + case 4: + if (is_fips) + return TEST_skip("X25519 might not be supported by fips provider."); + kexch_alg = NID_X25519; + kexch_name0 = "x25519"; + break; + case 5: + if (is_fips) + return TEST_skip("X448 might not be supported by fips provider."); + kexch_alg = NID_X448; + kexch_name0 = "x448"; + break; +#endif +#ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_TLS1_2 + case 13: + max_version = TLS1_2_VERSION; + kexch_name0 = "ffdhe2048"; +#endif + /* Fall through */ + case 6: + kexch_groups = ffdhe_kexch_groups; + kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups); + kexch_name0 = "ffdhe2048"; + break; + case 7: + kexch_alg = NID_ffdhe2048; + kexch_name0 = "ffdhe2048"; + break; + case 8: + kexch_alg = NID_ffdhe3072; + kexch_name0 = "ffdhe3072"; + break; + case 9: + kexch_alg = NID_ffdhe4096; + kexch_name0 = "ffdhe4096"; + break; + case 10: + kexch_alg = NID_ffdhe6144; + kexch_name0 = "ffdhe6144"; + break; + case 11: + kexch_alg = NID_ffdhe8192; + kexch_name0 = "ffdhe8192"; + break; +#endif + default: + /* We're skipping this test */ + return 1; } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, - max_version, &sctx, &cctx, cert, - privkey))) + TLS_client_method(), TLS1_VERSION, + max_version, &sctx, &cctx, cert, + privkey))) goto end; if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, - TLS1_3_RFC_AES_128_GCM_SHA256))) + TLS1_3_RFC_AES_128_GCM_SHA256))) goto end; if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, - TLS1_3_RFC_AES_128_GCM_SHA256))) + TLS1_3_RFC_AES_128_GCM_SHA256))) goto end; if (!TEST_true(SSL_CTX_set_cipher_list(sctx, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":" - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256)) - || !TEST_true(SSL_CTX_set_dh_auto(sctx, 1))) + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":" TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256)) + || !TEST_true(SSL_CTX_set_dh_auto(sctx, 1))) goto end; /* * Must include an EC ciphersuite so that we send supported groups in * TLSv1.2 */ -# ifndef OPENSSL_NO_TLS1_2 +#ifndef OPENSSL_NO_TLS1_2 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":" - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256))) + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":" TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256))) goto end; -# endif +#endif if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(SSL_set1_groups(serverssl, kexch_groups, kexch_groups_size)) @@ -5005,11 +4995,11 @@ * TLSv1.3 only so we expect no shared group to exist. */ if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0), - idx == 13 ? 0 : kexch_groups[0])) + idx == 13 ? 0 : kexch_groups[0])) goto end; if (!TEST_str_eq(SSL_group_to_name(serverssl, kexch_groups[0]), - kexch_name0)) + kexch_name0)) goto end; /* We don't implement RFC 7919 named groups for TLS 1.2. */ @@ -5021,7 +5011,7 @@ } testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -5029,11 +5019,11 @@ return testresult; } -# if !defined(OPENSSL_NO_TLS1_2) \ - && !defined(OPENSSL_NO_EC) \ - && !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_TLS1_2) \ + && !defined(OPENSSL_NO_EC) \ + && !defined(OPENSSL_NO_DH) static int set_ssl_groups(SSL *serverssl, SSL *clientssl, int clientmulti, - int isecdhe, int idx) + int isecdhe, int idx) { int kexch_alg; int *kexch_groups = &kexch_alg; @@ -5051,11 +5041,11 @@ return 0; if (isecdhe) { if (!TEST_true(SSL_set1_groups(clientssl, ecdhe_kexch_groups, - numec))) + numec))) return 0; } else { if (!TEST_true(SSL_set1_groups(clientssl, ffdhe_kexch_groups, - numff))) + numff))) return 0; } } else { @@ -5063,11 +5053,11 @@ return 0; if (isecdhe) { if (!TEST_true(SSL_set1_groups(serverssl, ecdhe_kexch_groups, - numec))) + numec))) return 0; } else { if (!TEST_true(SSL_set1_groups(serverssl, ffdhe_kexch_groups, - numff))) + numff))) return 0; } } @@ -5136,9 +5126,9 @@ max_version = TLS1_2_VERSION; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, - max_version, &sctx, &cctx, cert, - privkey))) + TLS_client_method(), TLS1_VERSION, + max_version, &sctx, &cctx, cert, + privkey))) goto end; /* @@ -5146,21 +5136,19 @@ * Be sure to enable auto tmp DH so that FFDHE can succeed. */ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":" - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256)) - || !TEST_true(SSL_CTX_set_dh_auto(sctx, 1))) + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":" TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256)) + || !TEST_true(SSL_CTX_set_dh_auto(sctx, 1))) goto end; if (!TEST_true(SSL_CTX_set_cipher_list(cctx, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":" - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256))) + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":" TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256))) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti, isecdhe, - idx))) + idx))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) @@ -5168,7 +5156,7 @@ /* Initial handshake; always the configured one */ if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid) - || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid)) + || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid)) goto end; if (!TEST_ptr((origsess = SSL_get1_session(clientssl)))) @@ -5182,19 +5170,19 @@ /* First resumption attempt; use the same config as initial handshake */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, origsess)) - || !TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti, - isecdhe, idx))) + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, origsess)) + || !TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti, + isecdhe, idx))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl))) + || !TEST_true(SSL_session_reused(clientssl))) goto end; /* Still had better agree, since nothing changed... */ if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid) - || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid)) + || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid)) goto end; SSL_shutdown(clientssl); @@ -5228,23 +5216,23 @@ expectednid = 0; } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, origsess)) - || !TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti, - isecdhe, idx))) + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, origsess)) + || !TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti, + isecdhe, idx))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl))) + || !TEST_true(SSL_session_reused(clientssl))) goto end; /* Check that we get what we expected */ if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid) - || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid)) + || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid)) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -5252,7 +5240,7 @@ SSL_SESSION_free(origsess); return testresult; } -# endif /* !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) */ +#endif /* !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) */ /* * Test TLSv1.3 Cipher Suite @@ -5272,11 +5260,12 @@ { TLS1_3_RFC_AES_128_GCM_SHA256, 1 }, { TLS1_3_RFC_AES_256_GCM_SHA384, 1 }, { TLS1_3_RFC_AES_128_CCM_SHA256, 1 }, -# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) { TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0 }, { TLS1_3_RFC_AES_256_GCM_SHA384 - ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, 0 }, -# endif + ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + 0 }, +#endif { TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256, 1 } }; const char *t13_cipher = NULL; @@ -5290,35 +5279,35 @@ size_t i; switch (idx) { - case 0: - set_at_ctx = 1; - break; - case 1: - set_at_ssl = 1; - break; - case 2: - set_at_ctx = 1; - t12_cipher = TLS1_TXT_RSA_WITH_AES_128_SHA256; - break; - case 3: - set_at_ssl = 1; - t12_cipher = TLS1_TXT_RSA_WITH_AES_128_SHA256; - break; + case 0: + set_at_ctx = 1; + break; + case 1: + set_at_ssl = 1; + break; + case 2: + set_at_ctx = 1; + t12_cipher = TLS1_TXT_RSA_WITH_AES_128_SHA256; + break; + case 3: + set_at_ssl = 1; + t12_cipher = TLS1_TXT_RSA_WITH_AES_128_SHA256; + break; } for (max_ver = TLS1_2_VERSION; max_ver <= TLS1_3_VERSION; max_ver++) { -# ifdef OPENSSL_NO_TLS1_2 +#ifdef OPENSSL_NO_TLS1_2 if (max_ver == TLS1_2_VERSION) continue; -# endif +#endif for (i = 0; i < OSSL_NELEM(t13_ciphers); i++) { if (is_fips && !t13_ciphers[i].fipscapable) continue; t13_cipher = t13_ciphers[i].ciphername; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, max_ver, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, max_ver, + &sctx, &cctx, cert, privkey))) goto end; if (set_at_ctx) { @@ -5328,13 +5317,13 @@ if (t12_cipher != NULL) { if (!TEST_true(SSL_CTX_set_cipher_list(sctx, t12_cipher)) || !TEST_true(SSL_CTX_set_cipher_list(cctx, - t12_cipher))) + t12_cipher))) goto end; } } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; if (set_at_ssl) { @@ -5344,19 +5333,19 @@ if (t12_cipher != NULL) { if (!TEST_true(SSL_set_cipher_list(serverssl, t12_cipher)) || !TEST_true(SSL_set_cipher_list(clientssl, - t12_cipher))) + t12_cipher))) goto end; } } if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; negotiated_scipher = SSL_CIPHER_get_name(SSL_get_current_cipher( - serverssl)); + serverssl)); negotiated_ccipher = SSL_CIPHER_get_name(SSL_get_current_cipher( - clientssl)); + clientssl)); if (!TEST_str_eq(negotiated_scipher, negotiated_ccipher)) goto end; @@ -5366,15 +5355,15 @@ */ if (max_ver == TLS1_3_VERSION && !TEST_strn_eq(t13_cipher, negotiated_scipher, - strlen(negotiated_scipher))) + strlen(negotiated_scipher))) goto end; -# ifndef OPENSSL_NO_TLS1_2 +#ifndef OPENSSL_NO_TLS1_2 /* Below validation is not done when t12_cipher is NULL */ if (max_ver == TLS1_2_VERSION && t12_cipher != NULL && !TEST_str_eq(t12_cipher, negotiated_scipher)) goto end; -# endif +#endif SSL_free(serverssl); serverssl = NULL; @@ -5388,7 +5377,7 @@ } testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -5417,9 +5406,9 @@ int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, idx == 3 ? NULL : cert, - idx == 3 ? NULL : privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, idx == 3 ? NULL : cert, + idx == 3 ? NULL : privkey))) goto end; if (idx != 3) { @@ -5430,7 +5419,7 @@ * prefer SHA256 automatically. */ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_128_GCM_SHA256"))) + "TLS_AES_128_GCM_SHA256"))) goto end; } else { /* @@ -5439,8 +5428,8 @@ * code works even if we are testing with only the FIPS provider loaded. */ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, - "TLS_AES_256_GCM_SHA384:" - "TLS_AES_128_GCM_SHA256"))) + "TLS_AES_256_GCM_SHA384:" + "TLS_AES_128_GCM_SHA256"))) goto end; } @@ -5471,28 +5460,28 @@ * PSK */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_false(SSL_session_reused(clientssl)) - || !TEST_false(SSL_session_reused(serverssl))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl))) goto end; if (idx == 0 || idx == 1) { if (!TEST_true(use_session_cb_cnt == 1) - || !TEST_true(find_session_cb_cnt == 0) - /* - * If no old style callback then below should be 0 - * otherwise 1 - */ - || !TEST_true(psk_client_cb_cnt == idx) - || !TEST_true(psk_server_cb_cnt == 0)) + || !TEST_true(find_session_cb_cnt == 0) + /* + * If no old style callback then below should be 0 + * otherwise 1 + */ + || !TEST_true(psk_client_cb_cnt == idx) + || !TEST_true(psk_server_cb_cnt == 0)) goto end; } else { if (!TEST_true(use_session_cb_cnt == 0) - || !TEST_true(find_session_cb_cnt == 0) - || !TEST_true(psk_client_cb_cnt == 1) - || !TEST_true(psk_server_cb_cnt == 0)) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 1) + || !TEST_true(psk_server_cb_cnt == 0)) goto end; } @@ -5502,40 +5491,40 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; /* Create the PSK */ cipher = SSL_CIPHER_find(clientssl, TLS13_AES_128_GCM_SHA256_BYTES); clientpsk = SSL_SESSION_new(); if (!TEST_ptr(clientpsk) - || !TEST_ptr(cipher) - || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key, - sizeof(key))) - || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher)) - || !TEST_true(SSL_SESSION_set_protocol_version(clientpsk, - TLS1_3_VERSION)) - || !TEST_true(SSL_SESSION_up_ref(clientpsk))) + || !TEST_ptr(cipher) + || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key, + sizeof(key))) + || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher)) + || !TEST_true(SSL_SESSION_set_protocol_version(clientpsk, + TLS1_3_VERSION)) + || !TEST_true(SSL_SESSION_up_ref(clientpsk))) goto end; serverpsk = clientpsk; /* Check we can create a connection and the PSK is used */ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl)) - || !TEST_true(SSL_session_reused(serverssl))) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_true(SSL_session_reused(serverssl))) goto end; if (idx == 0 || idx == 1) { if (!TEST_true(use_session_cb_cnt == 1) - || !TEST_true(find_session_cb_cnt == 1) - || !TEST_true(psk_client_cb_cnt == 0) - || !TEST_true(psk_server_cb_cnt == 0)) + || !TEST_true(find_session_cb_cnt == 1) + || !TEST_true(psk_client_cb_cnt == 0) + || !TEST_true(psk_server_cb_cnt == 0)) goto end; } else { if (!TEST_true(use_session_cb_cnt == 0) - || !TEST_true(find_session_cb_cnt == 0) - || !TEST_true(psk_client_cb_cnt == 1) - || !TEST_true(psk_server_cb_cnt == 1)) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 1) + || !TEST_true(psk_server_cb_cnt == 1)) goto end; } @@ -5545,7 +5534,7 @@ psk_client_cb_cnt = psk_server_cb_cnt = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; /* Force an HRR */ @@ -5562,21 +5551,21 @@ * called twice. */ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl)) - || !TEST_true(SSL_session_reused(serverssl))) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_true(SSL_session_reused(serverssl))) goto end; if (idx == 0 || idx == 1) { if (!TEST_true(use_session_cb_cnt == 2) - || !TEST_true(find_session_cb_cnt == 2) - || !TEST_true(psk_client_cb_cnt == 0) - || !TEST_true(psk_server_cb_cnt == 0)) + || !TEST_true(find_session_cb_cnt == 2) + || !TEST_true(psk_client_cb_cnt == 0) + || !TEST_true(psk_server_cb_cnt == 0)) goto end; } else { if (!TEST_true(use_session_cb_cnt == 0) - || !TEST_true(find_session_cb_cnt == 0) - || !TEST_true(psk_client_cb_cnt == 2) - || !TEST_true(psk_server_cb_cnt == 2)) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 2) + || !TEST_true(psk_server_cb_cnt == 2)) goto end; } @@ -5592,28 +5581,28 @@ */ srvid = "Dummy Identity"; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_false(SSL_session_reused(clientssl)) - || !TEST_false(SSL_session_reused(serverssl))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl))) goto end; if (idx == 0 || idx == 1) { if (!TEST_true(use_session_cb_cnt == 1) - || !TEST_true(find_session_cb_cnt == 1) - || !TEST_true(psk_client_cb_cnt == 0) - /* - * If no old style callback then below should be 0 - * otherwise 1 - */ - || !TEST_true(psk_server_cb_cnt == idx)) + || !TEST_true(find_session_cb_cnt == 1) + || !TEST_true(psk_client_cb_cnt == 0) + /* + * If no old style callback then below should be 0 + * otherwise 1 + */ + || !TEST_true(psk_server_cb_cnt == idx)) goto end; } else { if (!TEST_true(use_session_cb_cnt == 0) - || !TEST_true(find_session_cb_cnt == 0) - || !TEST_true(psk_client_cb_cnt == 1) - || !TEST_true(psk_server_cb_cnt == 1)) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 1) + || !TEST_true(psk_server_cb_cnt == 1)) goto end; } @@ -5622,7 +5611,7 @@ } testresult = 1; - end: +end: SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; @@ -5636,7 +5625,7 @@ static unsigned char cookie_magic_value[] = "cookie magic"; static int generate_cookie_callback(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len) + unsigned int *cookie_len) { /* * Not suitable as a real cookie generation function but good enough for @@ -5649,7 +5638,7 @@ } static int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len) + unsigned int cookie_len) { if (cookie_len == sizeof(cookie_magic_value) - 1 && memcmp(cookie, cookie_magic_value, cookie_len) == 0) @@ -5659,7 +5648,7 @@ } static int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, - size_t *cookie_len) + size_t *cookie_len) { unsigned int temp; int res = generate_cookie_callback(ssl, cookie, &temp); @@ -5668,7 +5657,7 @@ } static int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, - size_t cookie_len) + size_t cookie_len) { return verify_cookie_callback(ssl, cookie, cookie_len); } @@ -5680,23 +5669,23 @@ int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; /* The arrival of CCS messages can confuse the test */ SSL_CTX_clear_options(cctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - /* Send the first ClientHello */ - || !TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_WANT_READ)) - /* - * This should fail with a -1 return because we have no callbacks - * set up - */ - || !TEST_int_eq(SSL_stateless(serverssl), -1)) + NULL, NULL)) + /* Send the first ClientHello */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ)) + /* + * This should fail with a -1 return because we have no callbacks + * set up + */ + || !TEST_int_eq(SSL_stateless(serverssl), -1)) goto end; /* Fatal error so abandon the connection from this client */ @@ -5712,12 +5701,12 @@ * object). */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - /* Send the first ClientHello */ - || !TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_WANT_READ)) - /* This should fail because there is no cookie */ - || !TEST_int_eq(SSL_stateless(serverssl), 0)) + NULL, NULL)) + /* Send the first ClientHello */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ)) + /* This should fail because there is no cookie */ + || !TEST_int_eq(SSL_stateless(serverssl), 0)) goto end; /* Abandon the connection from this client */ @@ -5729,33 +5718,32 @@ * object */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - /* Send the first ClientHello */ - || !TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_WANT_READ)) - /* This should fail because there is no cookie */ - || !TEST_int_eq(SSL_stateless(serverssl), 0) - /* Send the second ClientHello */ - || !TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_WANT_READ)) - /* This should succeed because a cookie is now present */ - || !TEST_int_eq(SSL_stateless(serverssl), 1) - /* Complete the connection */ - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL, NULL)) + /* Send the first ClientHello */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ)) + /* This should fail because there is no cookie */ + || !TEST_int_eq(SSL_stateless(serverssl), 0) + /* Send the second ClientHello */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ)) + /* This should succeed because a cookie is now present */ + || !TEST_int_eq(SSL_stateless(serverssl), 1) + /* Complete the connection */ + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; shutdown_ssl_connection(serverssl, clientssl); serverssl = clientssl = NULL; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); SSL_CTX_free(cctx); return testresult; - } #endif /* OSSL_NO_USABLE_TLS1_3 */ @@ -5769,10 +5757,10 @@ static int srvparsenewcb = 0; static int snicb = 0; -#define TEST_EXT_TYPE1 0xff00 +#define TEST_EXT_TYPE1 0xff00 static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - size_t *outlen, int *al, void *add_arg) + size_t *outlen, int *al, void *add_arg) { int *server = (int *)add_arg; unsigned char *data; @@ -5783,7 +5771,7 @@ clntaddoldcb++; if (*server != SSL_is_server(s) - || (data = OPENSSL_malloc(sizeof(*data))) == NULL) + || (data = OPENSSL_malloc(sizeof(*data))) == NULL) return -1; *data = 1; @@ -5793,13 +5781,13 @@ } static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out, - void *add_arg) + void *add_arg) { OPENSSL_free((unsigned char *)out); } static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - size_t inlen, int *al, void *parse_arg) + size_t inlen, int *al, void *parse_arg) { int *server = (int *)parse_arg; @@ -5809,16 +5797,16 @@ clntparseoldcb++; if (*server != SSL_is_server(s) - || inlen != sizeof(char) - || *in != 1) + || inlen != sizeof(char) + || *in != 1) return -1; return 1; } static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context, - const unsigned char **out, size_t *outlen, X509 *x, - size_t chainidx, int *al, void *add_arg) + const unsigned char **out, size_t *outlen, X509 *x, + size_t chainidx, int *al, void *add_arg) { int *server = (int *)add_arg; unsigned char *data; @@ -5829,7 +5817,7 @@ clntaddnewcb++; if (*server != SSL_is_server(s) - || (data = OPENSSL_malloc(sizeof(*data))) == NULL) + || (data = OPENSSL_malloc(sizeof(*data))) == NULL) return -1; *data = 1; @@ -5839,14 +5827,14 @@ } static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context, - const unsigned char *out, void *add_arg) + const unsigned char *out, void *add_arg) { OPENSSL_free((unsigned char *)out); } static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context, - const unsigned char *in, size_t inlen, X509 *x, - size_t chainidx, int *al, void *parse_arg) + const unsigned char *in, size_t inlen, X509 *x, + size_t chainidx, int *al, void *parse_arg) { int *server = (int *)parse_arg; @@ -5856,7 +5844,7 @@ clntparsenewcb++; if (*server != SSL_is_server(s) - || inlen != sizeof(char) || *in != 1) + || inlen != sizeof(char) || *in != 1) return -1; return 1; @@ -5910,17 +5898,16 @@ snicb = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; if (tst == 2 - && !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), NULL, - TLS1_VERSION, 0, - &sctx2, NULL, cert, privkey))) + && !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), NULL, + TLS1_VERSION, 0, + &sctx2, NULL, cert, privkey))) goto end; - if (tst < 3) { SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3); SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3); @@ -5930,124 +5917,126 @@ if (tst == 5) { context = SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_CERTIFICATE; + | SSL_EXT_TLS1_3_CERTIFICATE; SSL_CTX_set_verify(sctx, - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - verify_cb); + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_cb); if (!TEST_int_eq(SSL_CTX_use_certificate_file(cctx, cert, - SSL_FILETYPE_PEM), 1) - || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(cctx, privkey, - SSL_FILETYPE_PEM), 1) - || !TEST_int_eq(SSL_CTX_check_private_key(cctx), 1)) + SSL_FILETYPE_PEM), + 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(cctx, privkey, + SSL_FILETYPE_PEM), + 1) + || !TEST_int_eq(SSL_CTX_check_private_key(cctx), 1)) goto end; } else if (tst == 4) { context = SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_3_CERTIFICATE - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET; + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS + | SSL_EXT_TLS1_3_CERTIFICATE + | SSL_EXT_TLS1_3_NEW_SESSION_TICKET; } else { context = SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS; + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS; } /* Create a client side custom extension */ if (tst == 0) { if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, - old_add_cb, old_free_cb, - &client, old_parse_cb, - &client))) + old_add_cb, old_free_cb, + &client, old_parse_cb, + &client))) goto end; } else { if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context, - new_add_cb, new_free_cb, - &client, new_parse_cb, &client))) + new_add_cb, new_free_cb, + &client, new_parse_cb, &client))) goto end; } /* Should not be able to add duplicates */ if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, - old_add_cb, old_free_cb, - &client, old_parse_cb, - &client)) - || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, - context, new_add_cb, - new_free_cb, &client, - new_parse_cb, &client))) + old_add_cb, old_free_cb, + &client, old_parse_cb, + &client)) + || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, + context, new_add_cb, + new_free_cb, &client, + new_parse_cb, &client))) goto end; /* Create a server side custom extension */ if (tst == 0) { if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, - old_add_cb, old_free_cb, - &server, old_parse_cb, - &server))) + old_add_cb, old_free_cb, + &server, old_parse_cb, + &server))) goto end; } else { if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context, - new_add_cb, new_free_cb, - &server, new_parse_cb, &server))) + new_add_cb, new_free_cb, + &server, new_parse_cb, &server))) goto end; if (sctx2 != NULL - && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1, - context, new_add_cb, - new_free_cb, &server, - new_parse_cb, &server))) + && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1, + context, new_add_cb, + new_free_cb, &server, + new_parse_cb, &server))) goto end; } /* Should not be able to add duplicates */ if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, - old_add_cb, old_free_cb, - &server, old_parse_cb, - &server)) - || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, - context, new_add_cb, - new_free_cb, &server, - new_parse_cb, &server))) + old_add_cb, old_free_cb, + &server, old_parse_cb, + &server)) + || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, + context, new_add_cb, + new_free_cb, &server, + new_parse_cb, &server))) goto end; if (tst == 2) { /* Set up SNI */ if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb)) - || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2))) + || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2))) goto end; } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; if (tst == 0) { if (clntaddoldcb != 1 - || clntparseoldcb != 1 - || srvaddoldcb != 1 - || srvparseoldcb != 1) + || clntparseoldcb != 1 + || srvaddoldcb != 1 + || srvparseoldcb != 1) goto end; } else if (tst == 1 || tst == 2 || tst == 3) { if (clntaddnewcb != 1 - || clntparsenewcb != 1 - || srvaddnewcb != 1 - || srvparsenewcb != 1 - || (tst != 2 && snicb != 0) - || (tst == 2 && snicb != 1)) + || clntparsenewcb != 1 + || srvaddnewcb != 1 + || srvparsenewcb != 1 + || (tst != 2 && snicb != 0) + || (tst == 2 && snicb != 1)) goto end; } else if (tst == 5) { if (clntaddnewcb != 1 - || clntparsenewcb != 1 - || srvaddnewcb != 1 - || srvparsenewcb != 1) + || clntparsenewcb != 1 + || srvaddnewcb != 1 + || srvparsenewcb != 1) goto end; } else { /* In this case there 2 NewSessionTicket messages created */ if (clntaddnewcb != 1 - || clntparsenewcb != 5 - || srvaddnewcb != 5 - || srvparsenewcb != 1) + || clntparsenewcb != 5 + || srvaddnewcb != 5 + || srvparsenewcb != 1) goto end; } @@ -6065,10 +6054,10 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sess)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; /* @@ -6079,15 +6068,15 @@ */ if (tst == 0) { if (clntaddoldcb != 2 - || clntparseoldcb != 1 - || srvaddoldcb != 1 - || srvparseoldcb != 1) + || clntparseoldcb != 1 + || srvaddoldcb != 1 + || srvparseoldcb != 1) goto end; } else if (tst == 1 || tst == 2 || tst == 3) { if (clntaddnewcb != 2 - || clntparsenewcb != 2 - || srvaddnewcb != 2 - || srvparsenewcb != 2) + || clntparsenewcb != 2 + || srvaddnewcb != 2 + || srvparsenewcb != 2) goto end; } else { /* @@ -6095,9 +6084,9 @@ * 2 NewSessionTickets in the initial handshake, 1 in the resumption */ if (clntaddnewcb != 2 - || clntparsenewcb != 8 - || srvaddnewcb != 8 - || srvparsenewcb != 2) + || clntparsenewcb != 8 + || srvaddnewcb != 8 + || srvparsenewcb != 2) goto end; } @@ -6115,26 +6104,26 @@ #if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3) -#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ - | SSL_EXT_CLIENT_HELLO \ - | SSL_EXT_TLS1_2_SERVER_HELLO \ - | SSL_EXT_IGNORE_ON_RESUMPTION) +#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ + | SSL_EXT_CLIENT_HELLO \ + | SSL_EXT_TLS1_2_SERVER_HELLO \ + | SSL_EXT_IGNORE_ON_RESUMPTION) #define TLS13CONTEXT (SSL_EXT_TLS1_3_CERTIFICATE \ - | SSL_EXT_TLS1_2_SERVER_HELLO \ - | SSL_EXT_CLIENT_HELLO) + | SSL_EXT_TLS1_2_SERVER_HELLO \ + | SSL_EXT_CLIENT_HELLO) #define SERVERINFO_CUSTOM \ 0x00, (char)TLSEXT_TYPE_signed_certificate_timestamp, \ - 0x00, 0x03, \ - 0x04, 0x05, 0x06 \ + 0x00, 0x03, \ + 0x04, 0x05, 0x06 static const unsigned char serverinfo_custom_tls13[] = { 0x00, 0x00, (TLS13CONTEXT >> 8) & 0xff, TLS13CONTEXT & 0xff, SERVERINFO_CUSTOM }; static const unsigned char serverinfo_custom_v2[] = { - 0x00, 0x00, (SYNTHV1CONTEXT >> 8) & 0xff, SYNTHV1CONTEXT & 0xff, + 0x00, 0x00, (SYNTHV1CONTEXT >> 8) & 0xff, SYNTHV1CONTEXT & 0xff, SERVERINFO_CUSTOM }; static const unsigned char serverinfo_custom_v1[] = { @@ -6145,15 +6134,15 @@ static const size_t serverinfo_custom_v1_len = sizeof(serverinfo_custom_v1); static int serverinfo_custom_parse_cb(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *in, - size_t inlen, X509 *x, - size_t chainidx, int *al, - void *parse_arg) + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, int *al, + void *parse_arg) { const size_t len = serverinfo_custom_v1_len; const unsigned char *si = &serverinfo_custom_v1[len - 3]; - int *p_cb_result = (int*)parse_arg; + int *p_cb_result = (int *)parse_arg; *p_cb_result = TEST_mem_eq(in, inlen, si, 3); return 1; } @@ -6203,16 +6192,16 @@ } if (!TEST_true(create_ssl_ctx_pair(libctx, - TLS_method(), - TLS_method(), - protocol_version, - protocol_version, - &sctx, &cctx, cert, privkey))) + TLS_method(), + TLS_method(), + protocol_version, + protocol_version, + &sctx, &cctx, cert, privkey))) goto end; if (call_use_serverinfo_ex) { if (!TEST_true(SSL_CTX_use_serverinfo_ex(sctx, serverinfo_version, - si, si_len))) + si, si_len))) goto end; } else { if (!TEST_true(SSL_CTX_use_serverinfo(sctx, si, si_len))) @@ -6220,14 +6209,14 @@ } if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TLSEXT_TYPE_signed_certificate_timestamp, - extension_context, - NULL, NULL, NULL, - serverinfo_custom_parse_cb, - &cb_result)) + extension_context, + NULL, NULL, NULL, + serverinfo_custom_parse_cb, + &cb_result)) || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) + NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) + SSL_ERROR_NONE)) || !TEST_int_eq(SSL_do_handshake(clientssl), 1)) goto end; @@ -6236,7 +6225,7 @@ testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -6252,7 +6241,7 @@ * produce the same results for different protocol versions. */ #define SMALL_LABEL_LEN 10 -#define LONG_LABEL_LEN 249 +#define LONG_LABEL_LEN 249 static int test_export_key_mat(int tst) { int testresult = 0; @@ -6292,33 +6281,32 @@ return 1; #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols)); SSL_CTX_set_max_proto_version(cctx, protocols[tst]); SSL_CTX_set_min_proto_version(cctx, protocols[tst]); - if ((protocols[tst] < TLS1_2_VERSION) && - (!SSL_CTX_set_cipher_list(cctx, "DEFAULT:@SECLEVEL=0") - || !SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))) + if ((protocols[tst] < TLS1_2_VERSION) && (!SSL_CTX_set_cipher_list(cctx, "DEFAULT:@SECLEVEL=0") || !SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, - NULL))) + NULL))) goto end; /* * Premature call of SSL_export_keying_material should just fail. */ if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1, - sizeof(ckeymat1), label, - SMALL_LABEL_LEN + 1, context, - sizeof(context) - 1, 1), 0)) + sizeof(ckeymat1), label, + SMALL_LABEL_LEN + 1, context, + sizeof(context) - 1, 1), + 0)) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; if (tst == 5) { @@ -6327,9 +6315,10 @@ * go over that. */ if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1, - sizeof(ckeymat1), label, - LONG_LABEL_LEN + 1, context, - sizeof(context) - 1, 1), 0)) + sizeof(ckeymat1), label, + LONG_LABEL_LEN + 1, context, + sizeof(context) - 1, 1), + 0)) goto end; testresult = 1; @@ -6341,69 +6330,72 @@ } if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1, - sizeof(ckeymat1), label, - labellen, context, - sizeof(context) - 1, 1), 1) - || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2, - sizeof(ckeymat2), label, - labellen, - emptycontext, - 0, 1), 1) - || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3, - sizeof(ckeymat3), label, - labellen, - NULL, 0, 0), 1) - || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1, - sizeof(skeymat1), label, - labellen, - context, - sizeof(context) -1, 1), - 1) - || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2, - sizeof(skeymat2), label, - labellen, - emptycontext, - 0, 1), 1) - || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3, - sizeof(skeymat3), label, - labellen, - NULL, 0, 0), 1) - /* - * Check that both sides created the same key material with the - * same context. - */ - || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1, - sizeof(skeymat1)) - /* - * Check that both sides created the same key material with an - * empty context. - */ - || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2, - sizeof(skeymat2)) - /* - * Check that both sides created the same key material without a - * context. - */ - || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3, - sizeof(skeymat3)) - /* Different contexts should produce different results */ - || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2, - sizeof(ckeymat2))) + sizeof(ckeymat1), label, + labellen, context, + sizeof(context) - 1, 1), + 1) + || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2, + sizeof(ckeymat2), label, + labellen, + emptycontext, + 0, 1), + 1) + || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3, + sizeof(ckeymat3), label, + labellen, + NULL, 0, 0), + 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1, + sizeof(skeymat1), label, + labellen, + context, + sizeof(context) - 1, 1), + 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2, + sizeof(skeymat2), label, + labellen, + emptycontext, + 0, 1), + 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3, + sizeof(skeymat3), label, + labellen, + NULL, 0, 0), + 1) + /* + * Check that both sides created the same key material with the + * same context. + */ + || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1, + sizeof(skeymat1)) + /* + * Check that both sides created the same key material with an + * empty context. + */ + || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2, + sizeof(skeymat2)) + /* + * Check that both sides created the same key material without a + * context. + */ + || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3, + sizeof(skeymat3)) + /* Different contexts should produce different results */ + || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2, + sizeof(ckeymat2))) goto end; /* * Check that an empty context and no context produce different results in * protocols less than TLSv1.3. In TLSv1.3 they should be the same. */ - if ((tst < 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3, - sizeof(ckeymat3))) - || (tst >= 3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3, - sizeof(ckeymat3)))) + if ((tst < 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3, sizeof(ckeymat3))) + || (tst >= 3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3, sizeof(ckeymat3)))) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx2); @@ -6435,50 +6427,54 @@ size_t readbytes, written; if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl, - &sess, idx, SHA384_DIGEST_LENGTH))) + &sess, idx, SHA384_DIGEST_LENGTH))) goto end; /* Here writing 0 length early data is enough. */ if (!TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written)) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_ERROR) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_ACCEPTED)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_ERROR) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED)) goto end; if (!TEST_int_eq(SSL_export_keying_material_early( - clientssl, ckeymat1, sizeof(ckeymat1), label, - sizeof(label) - 1, context, sizeof(context) - 1), 1) - || !TEST_int_eq(SSL_export_keying_material_early( + clientssl, ckeymat1, sizeof(ckeymat1), label, + sizeof(label) - 1, context, sizeof(context) - 1), + 1) + || !TEST_int_eq(SSL_export_keying_material_early( clientssl, ckeymat2, sizeof(ckeymat2), label, - sizeof(label) - 1, emptycontext, 0), 1) - || !TEST_int_eq(SSL_export_keying_material_early( + sizeof(label) - 1, emptycontext, 0), + 1) + || !TEST_int_eq(SSL_export_keying_material_early( serverssl, skeymat1, sizeof(skeymat1), label, - sizeof(label) - 1, context, sizeof(context) - 1), 1) - || !TEST_int_eq(SSL_export_keying_material_early( + sizeof(label) - 1, context, sizeof(context) - 1), + 1) + || !TEST_int_eq(SSL_export_keying_material_early( serverssl, skeymat2, sizeof(skeymat2), label, - sizeof(label) - 1, emptycontext, 0), 1) - /* - * Check that both sides created the same key material with the - * same context. - */ - || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1, - sizeof(skeymat1)) - /* - * Check that both sides created the same key material with an - * empty context. - */ - || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2, - sizeof(skeymat2)) - /* Different contexts should produce different results */ - || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2, - sizeof(ckeymat2))) + sizeof(label) - 1, emptycontext, 0), + 1) + /* + * Check that both sides created the same key material with the + * same context. + */ + || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1, + sizeof(skeymat1)) + /* + * Check that both sides created the same key material with an + * empty context. + */ + || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2, + sizeof(skeymat2)) + /* Different contexts should produce different results */ + || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2, + sizeof(ckeymat2))) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); @@ -6504,42 +6500,42 @@ static char *mess = "A test message"; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, - 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + TLS_client_method(), + TLS1_3_VERSION, + 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; for (j = 0; j < 2; j++) { /* Send lots of KeyUpdate messages */ for (i = 0; i < NUM_KEY_UPDATE_MESSAGES; i++) { if (!TEST_true(SSL_key_update(clientssl, - (j == 0) - ? SSL_KEY_UPDATE_NOT_REQUESTED - : SSL_KEY_UPDATE_REQUESTED)) - || !TEST_true(SSL_do_handshake(clientssl))) + (j == 0) + ? SSL_KEY_UPDATE_NOT_REQUESTED + : SSL_KEY_UPDATE_REQUESTED)) + || !TEST_true(SSL_do_handshake(clientssl))) goto end; } /* Check that sending and receiving app data is ok */ if (!TEST_int_eq(SSL_write(clientssl, mess, strlen(mess)), strlen(mess)) - || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)), - strlen(mess))) + || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)), + strlen(mess))) goto end; if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess)) - || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)), - strlen(mess))) + || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)), + strlen(mess))) goto end; } testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -6566,22 +6562,22 @@ SSL *peerupdate = NULL, *peerwrite = NULL; if (!TEST_ptr(bretry) - || !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, - 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + || !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, + 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; peerupdate = tst == 0 ? clientssl : serverssl; peerwrite = tst == 0 ? serverssl : clientssl; if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED)) - || !TEST_int_eq(SSL_do_handshake(peerupdate), 1)) + || !TEST_int_eq(SSL_do_handshake(peerupdate), 1)) goto end; /* Swap the writing endpoint's write BIO to force a retry */ @@ -6595,7 +6591,7 @@ /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1) - || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE)) + || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE)) goto end; /* Reinstate the original writing endpoint's write BIO */ @@ -6604,7 +6600,7 @@ /* Now read some data - we will read the key update */ if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1) - || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ)) + || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ)) goto end; /* @@ -6612,17 +6608,17 @@ * endpoint */ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess)) - || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) + || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) goto end; /* Write more data to ensure we send the KeyUpdate message back */ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess)) - || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) + || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -6645,20 +6641,20 @@ SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; - char prbuf[515], lwbuf[515] = {0}; + char prbuf[515], lwbuf[515] = { 0 }; static char *mess = "A test message"; BIO *lbio = NULL, *pbio = NULL; SSL *local = NULL, *peer = NULL; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, - 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + TLS_client_method(), + TLS1_3_VERSION, + 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; local = tst == 0 ? clientssl : serverssl; @@ -6677,8 +6673,8 @@ * the bio pair buffer) */ if (!TEST_true(SSL_key_update(local, SSL_KEY_UPDATE_REQUESTED)) - || !TEST_int_eq(SSL_write(local, lwbuf, sizeof(lwbuf)), -1) - || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE)) + || !TEST_int_eq(SSL_write(local, lwbuf, sizeof(lwbuf)), -1) + || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE)) goto end; /* @@ -6686,7 +6682,7 @@ * then read appdata that we know will fail with SSL_ERROR_WANT_READ */ if (!TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), -1) - || !TEST_int_eq(SSL_get_error(peer, -1), SSL_ERROR_WANT_READ)) + || !TEST_int_eq(SSL_get_error(peer, -1), SSL_ERROR_WANT_READ)) goto end; /* Now write some data in peer - we will write the key update */ @@ -6698,17 +6694,17 @@ * read data in peer previously that we will complete */ if (!TEST_int_eq(SSL_write(local, lwbuf, sizeof(lwbuf)), sizeof(lwbuf)) - || !TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), sizeof(prbuf))) + || !TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), sizeof(prbuf))) goto end; /* check that sending and receiving appdata ok */ if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), strlen(mess)) - || !TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), strlen(mess))) + || !TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), strlen(mess))) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -6735,15 +6731,15 @@ SSL *local = NULL, *peer = NULL; if (!TEST_ptr(bretry) - || !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, - 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + || !TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, + 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; local = tst == 0 ? clientssl : serverssl; @@ -6760,7 +6756,7 @@ /* write data in local will fail with SSL_ERROR_WANT_WRITE */ if (!TEST_int_eq(SSL_write(local, mess, strlen(mess)), -1) - || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE)) + || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_WRITE)) goto end; /* Reinstate the original writing endpoint's write BIO */ @@ -6770,7 +6766,7 @@ /* SSL_key_update will fail, because writing in local*/ if (!TEST_false(SSL_key_update(local, SSL_KEY_UPDATE_REQUESTED)) || !TEST_int_eq(ERR_GET_REASON(ERR_peek_error()), SSL_R_BAD_WRITE_RETRY)) - goto end; + goto end; ERR_clear_error(); /* write data in local previously that we will complete */ @@ -6792,12 +6788,12 @@ /* Write more peer more data to ensure we send the keyupdate message back */ if (!TEST_int_eq(SSL_write(peer, mess, strlen(mess)), strlen(mess)) - || !TEST_int_eq(SSL_read(local, buf, sizeof(buf)), strlen(mess))) + || !TEST_int_eq(SSL_read(local, buf, sizeof(buf)), strlen(mess))) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -6819,20 +6815,20 @@ SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; - char lrbuf[515], pwbuf[515] = {0}, prbuf[20]; + char lrbuf[515], pwbuf[515] = { 0 }, prbuf[20]; static char *mess = "A test message"; BIO *lbio = NULL, *pbio = NULL; SSL *local = NULL, *peer = NULL; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, - 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + TLS_client_method(), + TLS1_3_VERSION, + 0, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; local = tst == 0 ? clientssl : serverssl; @@ -6851,12 +6847,12 @@ /* read appdata in local will fail with SSL_ERROR_WANT_READ */ if (!TEST_int_eq(SSL_read(local, lrbuf, sizeof(lrbuf)), -1) - || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_READ)) + || !TEST_int_eq(SSL_get_error(local, -1), SSL_ERROR_WANT_READ)) goto end; /* SSL_do_handshake will send keyupdate msg */ if (!TEST_true(SSL_key_update(local, SSL_KEY_UPDATE_REQUESTED)) - || !TEST_int_eq(SSL_do_handshake(local), 1)) + || !TEST_int_eq(SSL_do_handshake(local), 1)) goto end; /* @@ -6875,14 +6871,14 @@ || !TEST_int_eq(SSL_read(peer, prbuf, sizeof(prbuf)), strlen(mess))) goto end; - /* Write more peer data to ensure we send the keyupdate message back */ + /* Write more peer data to ensure we send the keyupdate message back */ if (!TEST_int_eq(SSL_write(peer, mess, strlen(mess)), strlen(mess)) - || !TEST_int_eq(SSL_read(local, lrbuf, sizeof(lrbuf)), strlen(mess))) + || !TEST_int_eq(SSL_read(local, lrbuf, sizeof(lrbuf)), strlen(mess))) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -6905,15 +6901,15 @@ /* Create an initial connection */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey)) - || (idx == 1 - && !TEST_true(SSL_CTX_set_max_proto_version(cctx, - TLS1_2_VERSION))) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey)) + || (idx == 1 + && !TEST_true(SSL_CTX_set_max_proto_version(cctx, + TLS1_2_VERSION))) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; SSL_shutdown(clientssl); @@ -6926,10 +6922,10 @@ goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) goto end; SSL_shutdown(clientssl); @@ -6937,7 +6933,7 @@ testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -6954,7 +6950,7 @@ PACKET pkt, pkt2, pkt3; unsigned int MFL_code = 0, type = 0; - if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) ) + if (!TEST_uint_gt(len = BIO_get_mem_data(bio, (char **)&data), 0)) goto end; memset(&pkt, 0, sizeof(pkt)); @@ -6962,33 +6958,32 @@ memset(&pkt3, 0, sizeof(pkt3)); if (!TEST_long_gt(len, 0) - || !TEST_true( PACKET_buf_init( &pkt, data, len ) ) - /* Skip the record header */ - || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH) - /* Skip the handshake message header */ - || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) - /* Skip client version and random */ - || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN - + SSL3_RANDOM_SIZE)) - /* Skip session id */ - || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) - /* Skip ciphers */ - || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) - /* Skip compression */ - || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) - /* Extensions len */ - || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) + || !TEST_true(PACKET_buf_init(&pkt, data, len)) + /* Skip the record header */ + || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH) + /* Skip the handshake message header */ + || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) + /* Skip client version and random */ + || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE)) + /* Skip session id */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Skip ciphers */ + || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) + /* Skip compression */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Extensions len */ + || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) goto end; /* Loop through all extensions */ while (PACKET_remaining(&pkt2)) { if (!TEST_true(PACKET_get_net_2(&pkt2, &type)) - || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) goto end; if (type == TLSEXT_TYPE_max_fragment_length) { if (!TEST_uint_ne(PACKET_remaining(&pkt3), 0) - || !TEST_true(PACKET_get_1(&pkt3, &MFL_code))) + || !TEST_true(PACKET_get_1(&pkt3, &MFL_code))) goto end; *mfl_codemfl_code = MFL_code; @@ -6996,7 +6991,7 @@ } } - end: +end: return 0; } @@ -7016,12 +7011,12 @@ BIO *rbio, *wbio; if (!TEST_true(create_ssl_ctx_pair(libctx, NULL, TLS_client_method(), - TLS1_VERSION, 0, NULL, &ctx, NULL, - NULL))) + TLS1_VERSION, 0, NULL, &ctx, NULL, + NULL))) return 0; if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length( - ctx, max_fragment_len_test[idx_tst]))) + ctx, max_fragment_len_test[idx_tst]))) goto end; con = SSL_new(ctx); @@ -7030,7 +7025,7 @@ rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); - if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { + if (!TEST_ptr(rbio) || !TEST_ptr(wbio)) { BIO_free(rbio); BIO_free(wbio); goto end; @@ -7066,8 +7061,8 @@ int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) return 0; if (!TEST_true(SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION)) @@ -7079,11 +7074,11 @@ SSL_CTX_set_post_handshake_auth(cctx, 1); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); @@ -7099,7 +7094,7 @@ /* Starts with SSL_connect(), but it's really just SSL_do_handshake() */ if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; SSL_shutdown(clientssl); @@ -7107,7 +7102,7 @@ testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -7139,14 +7134,15 @@ } if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v, - user->info) <= 0) { + user->info) + <= 0) { *ad = SSL_AD_INTERNAL_ERROR; goto err; } ret = 0; - err: +err: SRP_user_pwd_free(user); return ret; } @@ -7164,7 +7160,7 @@ goto end; gNid = SRP_create_verifier_ex(userid, password, &row[DB_srpsalt], - &row[DB_srpverifier], NULL, NULL, libctx, NULL); + &row[DB_srpverifier], NULL, NULL, libctx, NULL); if (!TEST_ptr(gNid)) goto end; @@ -7185,9 +7181,9 @@ row[DB_srpgN] = OPENSSL_strdup(gNid); if (!TEST_ptr(row[DB_srpid]) - || !TEST_ptr(row[DB_srptype]) - || !TEST_ptr(row[DB_srpgN]) - || !TEST_true(TXT_DB_insert(db, row))) + || !TEST_ptr(row[DB_srptype]) + || !TEST_ptr(row[DB_srpgN]) + || !TEST_true(TXT_DB_insert(db, row))) goto end; row = NULL; @@ -7196,7 +7192,7 @@ goto end; ret = 1; - end: +end: if (row != NULL) { for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); @@ -7221,7 +7217,7 @@ goto end; if (!TEST_true(SRP_create_verifier_BN_ex(userid, password, &salt, &verifier, - lgN->N, lgN->g, libctx, NULL))) + lgN->N, lgN->g, libctx, NULL))) goto end; user_pwd = OPENSSL_zalloc(sizeof(*user_pwd)); @@ -7289,15 +7285,15 @@ } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; if (!TEST_int_gt(SSL_CTX_set_srp_username_callback(sctx, ssl_srp_cb), 0) - || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA")) - || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION)) - || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) - || !TEST_int_gt(SSL_CTX_set_srp_username(cctx, userid), 0)) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA")) + || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION)) + || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) + || !TEST_int_gt(SSL_CTX_set_srp_username(cctx, userid), 0)) goto end; if (tst % 2 == 1) { @@ -7309,7 +7305,7 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); @@ -7323,7 +7319,7 @@ testresult = 1; - end: +end: SRP_VBASE_free(vbase); vbase = NULL; SSL_free(serverssl); @@ -7345,88 +7341,206 @@ } info_cb_states[][60] = { { /* TLSv1.2 server followed by resumption */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, - {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, - {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"}, - {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"}, - {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"}, - {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, - {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, - {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, - {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"}, - {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {0, NULL}, - }, { + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TRCH" }, + { SSL_CB_LOOP, "TWSH" }, + { SSL_CB_LOOP, "TWSC" }, + { SSL_CB_LOOP, "TWSKE" }, + { SSL_CB_LOOP, "TWSD" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TWSD" }, + { SSL_CB_LOOP, "TRCKE" }, + { SSL_CB_LOOP, "TRCCS" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_LOOP, "TWST" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_ALERT, NULL }, + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TRCH" }, + { SSL_CB_LOOP, "TWSH" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_LOOP, "TRCCS" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { 0, NULL }, + }, + { /* TLSv1.2 client followed by resumption */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, - {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, - {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"}, - {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"}, - {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, - {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, - {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, - {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, - {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, - }, { + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_LOOP, "TRSH" }, + { SSL_CB_LOOP, "TRSC" }, + { SSL_CB_LOOP, "TRSKE" }, + { SSL_CB_LOOP, "TRSD" }, + { SSL_CB_LOOP, "TWCKE" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_LOOP, "TRST" }, + { SSL_CB_LOOP, "TRCCS" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_ALERT, NULL }, + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_LOOP, "TRSH" }, + { SSL_CB_LOOP, "TRCCS" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { 0, NULL }, + }, + { /* TLSv1.3 server followed by resumption */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, - {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, - {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"}, - {SSL_CB_LOOP, "TWSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, - {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"}, - {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, - {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, - {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, - {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, - {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, - }, { + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TRCH" }, + { SSL_CB_LOOP, "TWSH" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWEE" }, + { SSL_CB_LOOP, "TWSC" }, + { SSL_CB_LOOP, "TWSCV" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_LOOP, "TED" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TED" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_LOOP, "TWST" }, + { SSL_CB_LOOP, "TWST" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_ALERT, NULL }, + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TRCH" }, + { SSL_CB_LOOP, "TWSH" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWEE" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_LOOP, "TED" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TED" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_LOOP, "TWST" }, + { SSL_CB_EXIT, NULL }, + { 0, NULL }, + }, + { /* TLSv1.3 client followed by resumption */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, - {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, - {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"}, - {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, - {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, - {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, - {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, - {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, - {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, - {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, - {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, - {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, - {SSL_CB_EXIT, NULL}, {0, NULL}, - }, { + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_LOOP, "TRSH" }, + { SSL_CB_LOOP, "TREE" }, + { SSL_CB_LOOP, "TRSC" }, + { SSL_CB_LOOP, "TRSCV" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "SSLOK" }, + { SSL_CB_LOOP, "SSLOK" }, + { SSL_CB_LOOP, "TRST" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "SSLOK" }, + { SSL_CB_LOOP, "SSLOK" }, + { SSL_CB_LOOP, "TRST" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_ALERT, NULL }, + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_LOOP, "TRSH" }, + { SSL_CB_LOOP, "TREE" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "SSLOK" }, + { SSL_CB_LOOP, "SSLOK" }, + { SSL_CB_LOOP, "TRST" }, + { SSL_CB_EXIT, NULL }, + { 0, NULL }, + }, + { /* TLSv1.3 server, early_data */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, - {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, - {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, - {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"}, - {SSL_CB_EXIT, NULL}, {0, NULL}, - }, { + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TRCH" }, + { SSL_CB_LOOP, "TWSH" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_LOOP, "TWEE" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "TED" }, + { SSL_CB_LOOP, "TED" }, + { SSL_CB_LOOP, "TWEOED" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_LOOP, "TWST" }, + { SSL_CB_EXIT, NULL }, + { 0, NULL }, + }, + { /* TLSv1.3 client, early_data */ - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, - {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, - {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, - {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"}, - {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, - {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, - }, { - {0, NULL}, + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "PINIT" }, + { SSL_CB_LOOP, "TWCH" }, + { SSL_CB_LOOP, "TWCCS" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_HANDSHAKE_START, NULL }, + { SSL_CB_LOOP, "TED" }, + { SSL_CB_LOOP, "TED" }, + { SSL_CB_LOOP, "TRSH" }, + { SSL_CB_LOOP, "TREE" }, + { SSL_CB_LOOP, "TRFIN" }, + { SSL_CB_LOOP, "TPEDE" }, + { SSL_CB_LOOP, "TWEOED" }, + { SSL_CB_LOOP, "TWFIN" }, + { SSL_CB_HANDSHAKE_DONE, NULL }, + { SSL_CB_EXIT, NULL }, + { SSL_CB_LOOP, "SSLOK" }, + { SSL_CB_LOOP, "SSLOK" }, + { SSL_CB_LOOP, "TRST" }, + { SSL_CB_EXIT, NULL }, + { 0, NULL }, + }, + { + { 0, NULL }, } }; @@ -7445,8 +7559,8 @@ * test */ if (!TEST_false((SSL_is_server(s) && (where & SSL_ST_CONNECT) != 0)) - || !TEST_false(!SSL_is_server(s) && (where & SSL_ST_ACCEPT) != 0) - || !TEST_int_ne(state[++info_cb_this_state].where, 0)) { + || !TEST_false(!SSL_is_server(s) && (where & SSL_ST_ACCEPT) != 0) + || !TEST_int_ne(state[++info_cb_this_state].where, 0)) { info_cb_failed = 1; return; } @@ -7457,8 +7571,9 @@ return; } if ((where & SSL_CB_LOOP) != 0 - && !TEST_int_eq(strcmp(SSL_state_string(s), - state[info_cb_this_state].statestr), 0)) { + && !TEST_int_eq(strcmp(SSL_state_string(s), + state[info_cb_this_state].statestr), + 0)) { info_cb_failed = 1; return; } @@ -7467,7 +7582,7 @@ * Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */ if ((where & SSL_CB_HANDSHAKE_DONE) - && SSL_in_init((SSL *)s) != 0) { + && SSL_in_init((SSL *)s) != 0) { info_cb_failed = 1; return; } @@ -7493,8 +7608,7 @@ if (tst < 2) { /* We need either ECDHE or DHE for the TLSv1.2 test to work */ -#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \ - || !defined(OPENSSL_NO_DH)) +#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)) tlsvers = TLS1_2_VERSION; #else return 1; @@ -7521,36 +7635,36 @@ /* early_data tests */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, 0, - SHA384_DIGEST_LENGTH))) + &serverssl, &sess, 0, + SHA384_DIGEST_LENGTH))) goto end; /* We don't actually need this reference */ SSL_SESSION_free(sess); SSL_set_info_callback((tst % 2) == 0 ? serverssl : clientssl, - sslapi_info_callback); + sslapi_info_callback); /* Write and read some early data and then complete the connection */ timer = time(NULL); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), - &written)) - || !TEST_size_t_eq(written, strlen(MSG1))) + &written)) + || !TEST_size_t_eq(written, strlen(MSG1))) goto end; if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, - sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS)) { + sizeof(buf), &readbytes), + SSL_READ_EARLY_DATA_SUCCESS)) { testresult = check_early_data_timeout(timer); goto end; } if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) - || !TEST_int_eq(SSL_get_early_data_status(serverssl), - SSL_EARLY_DATA_ACCEPTED) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_false(info_cb_failed)) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(info_cb_failed)) goto end; testresult = 1; @@ -7559,9 +7673,9 @@ #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - tlsvers, tlsvers, &sctx, &cctx, cert, - privkey))) + TLS_client_method(), + tlsvers, tlsvers, &sctx, &cctx, cert, + privkey))) goto end; if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1))) @@ -7572,16 +7686,14 @@ * check the client. */ SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx, - sslapi_info_callback); + sslapi_info_callback); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) + &clientssl, NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) + SSL_ERROR_NONE)) || !TEST_false(info_cb_failed)) - goto end; - - + goto end; clntsess = SSL_get1_session(clientssl); SSL_shutdown(clientssl); @@ -7592,17 +7704,17 @@ /* Now do a resumption */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, - NULL)) - || !TEST_true(SSL_set_session(clientssl, clntsess)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl)) - || !TEST_false(info_cb_failed)) + NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_false(info_cb_failed)) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_SESSION_free(clntsess); @@ -7622,19 +7734,19 @@ if (tst == 0) { if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; } else { #ifndef OPENSSL_NO_DTLS if (!TEST_true(create_ssl_ctx_pair(libctx, DTLS_server_method(), - DTLS_client_method(), - DTLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + DTLS_client_method(), + DTLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) goto end; -# ifdef OPENSSL_NO_DTLS1_2 +#ifdef OPENSSL_NO_DTLS1_2 /* Not supported in the FIPS provider */ if (is_fips) { testresult = 1; @@ -7645,36 +7757,36 @@ * level 0 */ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) - || !TEST_true(SSL_CTX_set_cipher_list(cctx, - "DEFAULT:@SECLEVEL=0"))) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + "DEFAULT:@SECLEVEL=0"))) goto end; -# endif +#endif #else return 1; #endif } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; if (!TEST_int_eq(SSL_pending(clientssl), 0) - || !TEST_false(SSL_has_pending(clientssl)) - || !TEST_int_eq(SSL_pending(serverssl), 0) - || !TEST_false(SSL_has_pending(serverssl)) - || !TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) - || !TEST_size_t_eq(written, sizeof(msg)) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) - || !TEST_size_t_eq(readbytes, sizeof(buf)) - || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes)) - || !TEST_true(SSL_has_pending(clientssl))) + || !TEST_false(SSL_has_pending(clientssl)) + || !TEST_int_eq(SSL_pending(serverssl), 0) + || !TEST_false(SSL_has_pending(serverssl)) + || !TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) + || !TEST_size_t_eq(written, sizeof(msg)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_size_t_eq(readbytes, sizeof(buf)) + || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes)) + || !TEST_true(SSL_has_pending(clientssl))) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -7697,46 +7809,38 @@ * TLSv1.3 is enabled but TLSv1.2 is disabled. */ #if defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) - { - TLS1_2_VERSION, + { TLS1_2_VERSION, "AES128-SHA:AES256-SHA", NULL, "AES256-SHA:DHE-RSA-AES128-SHA", NULL, "AES256-SHA", - "AES256-SHA" - }, -# if !defined(OPENSSL_NO_CHACHA) \ - && !defined(OPENSSL_NO_POLY1305) \ - && !defined(OPENSSL_NO_EC) - { - TLS1_2_VERSION, + "AES256-SHA" }, +#if !defined(OPENSSL_NO_CHACHA) \ + && !defined(OPENSSL_NO_POLY1305) \ + && !defined(OPENSSL_NO_EC) + { TLS1_2_VERSION, "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305", NULL, "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305", NULL, "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305", - "AES128-SHA" - }, -# endif - { - TLS1_2_VERSION, + "AES128-SHA" }, +#endif + { TLS1_2_VERSION, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA", NULL, "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA", NULL, "AES128-SHA:AES256-SHA", - "AES128-SHA:AES256-SHA" - }, - { - TLS1_2_VERSION, + "AES128-SHA:AES256-SHA" }, + { TLS1_2_VERSION, "AES128-SHA:AES256-SHA", NULL, "AES128-SHA:DHE-RSA-AES128-SHA", NULL, "AES128-SHA", - "AES128-SHA" - }, + "AES128-SHA" }, #endif /* * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be @@ -7744,27 +7848,23 @@ */ #if !defined(OSSL_NO_USABLE_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \ && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) - { - TLS1_3_VERSION, + { TLS1_3_VERSION, "AES128-SHA:AES256-SHA", NULL, "AES256-SHA:AES128-SHA256", NULL, "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:" "TLS_AES_128_GCM_SHA256:AES256-SHA", - "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA" - }, + "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA" }, #endif #ifndef OSSL_NO_USABLE_TLS1_3 - { - TLS1_3_VERSION, + { TLS1_3_VERSION, "AES128-SHA", "TLS_AES_256_GCM_SHA384", "AES256-SHA", "TLS_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384", - "TLS_AES_256_GCM_SHA384" - }, + "TLS_AES_256_GCM_SHA384" }, #endif }; @@ -7797,44 +7897,43 @@ } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - shared_ciphers_data[tst].maxprot, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, + shared_ciphers_data[tst].maxprot, + &sctx, &cctx, cert, privkey))) goto end; if (!TEST_true(SSL_CTX_set_cipher_list(cctx, - shared_ciphers_data[tst].clntciphers)) - || (shared_ciphers_data[tst].clnttls13ciphers != NULL - && !TEST_true(SSL_CTX_set_ciphersuites(cctx, - shared_ciphers_data[tst].clnttls13ciphers))) - || !TEST_true(SSL_CTX_set_cipher_list(sctx, - shared_ciphers_data[tst].srvrciphers)) - || (shared_ciphers_data[tst].srvrtls13ciphers != NULL - && !TEST_true(SSL_CTX_set_ciphersuites(sctx, - shared_ciphers_data[tst].srvrtls13ciphers)))) + shared_ciphers_data[tst].clntciphers)) + || (shared_ciphers_data[tst].clnttls13ciphers != NULL + && !TEST_true(SSL_CTX_set_ciphersuites(cctx, + shared_ciphers_data[tst].clnttls13ciphers))) + || !TEST_true(SSL_CTX_set_cipher_list(sctx, + shared_ciphers_data[tst].srvrciphers)) + || (shared_ciphers_data[tst].srvrtls13ciphers != NULL + && !TEST_true(SSL_CTX_set_ciphersuites(sctx, + shared_ciphers_data[tst].srvrtls13ciphers)))) goto end; - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf))) - || !TEST_int_eq(strcmp(buf, - is_fips - ? shared_ciphers_data[tst].fipsshared - : shared_ciphers_data[tst].shared), - 0)) { + || !TEST_int_eq(strcmp(buf, + is_fips + ? shared_ciphers_data[tst].fipsshared + : shared_ciphers_data[tst].shared), + 0)) { TEST_info("Shared ciphers are: %s\n", buf); goto end; } testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -7847,10 +7946,9 @@ static int test_ssl_get_shared_ciphers(int tst) { return int_test_ssl_get_shared_ciphers(tst, 0) - && int_test_ssl_get_shared_ciphers(tst, 1); + && int_test_ssl_get_shared_ciphers(tst, 1); } - static const char *appdata = "Hello World"; static int gen_tick_called, dec_tick_called, tick_key_cb_called; static int tick_key_renew = 0; @@ -7861,14 +7959,14 @@ gen_tick_called = 1; return SSL_SESSION_set1_ticket_appdata(SSL_get_session(s), appdata, - strlen(appdata)); + strlen(appdata)); } static SSL_TICKET_RETURN dec_tick_cb(SSL *s, SSL_SESSION *ss, - const unsigned char *keyname, - size_t keyname_length, - SSL_TICKET_STATUS status, - void *arg) + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg) { void *tickdata; size_t tickdlen; @@ -7879,16 +7977,16 @@ return SSL_TICKET_RETURN_IGNORE_RENEW; if (!TEST_true(status == SSL_TICKET_SUCCESS - || status == SSL_TICKET_SUCCESS_RENEW)) + || status == SSL_TICKET_SUCCESS_RENEW)) return SSL_TICKET_RETURN_ABORT; if (!TEST_true(SSL_SESSION_get0_ticket_appdata(ss, &tickdata, - &tickdlen)) - || !TEST_size_t_eq(tickdlen, strlen(appdata)) - || !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0)) + &tickdlen)) + || !TEST_size_t_eq(tickdlen, strlen(appdata)) + || !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0)) return SSL_TICKET_RETURN_ABORT; - if (tick_key_cb_called) { + if (tick_key_cb_called) { /* Don't change what the ticket key callback wanted to do */ switch (status) { case SSL_TICKET_NO_DECRYPT: @@ -7905,13 +8003,12 @@ } } return tick_dec_ret; - } #ifndef OPENSSL_NO_DEPRECATED_3_0 static int tick_key_cb(SSL *s, unsigned char key_name[16], - unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx, - HMAC_CTX *hctx, int enc) + unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx, + HMAC_CTX *hctx, int enc) { const unsigned char tick_aes_key[16] = "0123456789abcdef"; const unsigned char tick_hmac_key[16] = "0123456789abcdef"; @@ -7936,10 +8033,10 @@ memset(iv, 0, AES_BLOCK_SIZE); memset(key_name, 0, 16); if (aes128cbc == NULL - || sha256 == NULL - || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc) - || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key), sha256, - NULL)) + || sha256 == NULL + || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc) + || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key), sha256, + NULL)) ret = -1; else ret = tick_key_renew ? 2 : 1; @@ -7952,8 +8049,8 @@ #endif static int tick_key_evp_cb(SSL *s, unsigned char key_name[16], - unsigned char iv[EVP_MAX_IV_LENGTH], - EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc) + unsigned char iv[EVP_MAX_IV_LENGTH], + EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc) { const unsigned char tick_aes_key[16] = "0123456789abcdef"; unsigned char tick_hmac_key[16] = "0123456789abcdef"; @@ -7973,12 +8070,12 @@ memset(iv, 0, AES_BLOCK_SIZE); memset(key_name, 0, 16); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - "SHA256", 0); + "SHA256", 0); params[1] = OSSL_PARAM_construct_end(); if (aes128cbc == NULL - || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc) - || !EVP_MAC_init(hctx, tick_hmac_key, sizeof(tick_hmac_key), - params)) + || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc) + || !EVP_MAC_init(hctx, tick_hmac_key, sizeof(tick_hmac_key), + params)) ret = -1; else ret = tick_key_renew ? 2 : 1; @@ -8034,7 +8131,7 @@ gen_tick_called = dec_tick_called = tick_key_cb_called = 0; /* Which tests the ticket key callback should request renewal for */ - + if (tst == 10 || tst == 11 || tst == 16 || tst == 17) tick_key_renew = 1; else if (tst == 12 || tst == 13 || tst == 18 || tst == 19) @@ -8069,11 +8166,11 @@ } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - ((tst % 2) == 0) ? TLS1_2_VERSION - : TLS1_3_VERSION, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, + ((tst % 2) == 0) ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey))) goto end; /* @@ -8084,7 +8181,7 @@ goto end; if (!TEST_true(SSL_CTX_set_session_ticket_cb(sctx, gen_tick_cb, dec_tick_cb, - NULL))) + NULL))) goto end; if (tst >= 14) { @@ -8098,9 +8195,9 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; /* @@ -8111,7 +8208,7 @@ * it is not valid to send empty ticket data in TLSv1.3. */ if (!TEST_int_eq(gen_tick_called, 1) - || !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0)) + || !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0)) goto end; gen_tick_called = dec_tick_called = 0; @@ -8125,15 +8222,15 @@ /* Now do a resumption */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, - NULL)) - || !TEST_true(SSL_set_session(clientssl, clntsess)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE - || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW - || tick_key_renew == -1) { + || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW + || tick_key_renew == -1) { if (!TEST_false(SSL_session_reused(clientssl))) goto end; } else { @@ -8142,17 +8239,18 @@ } if (!TEST_int_eq(gen_tick_called, - (tick_key_renew - || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW - || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW) - ? 1 : 0) - /* There is no ticket to decrypt in tests 13 and 19 */ - || !TEST_int_eq(dec_tick_called, (tst == 13 || tst == 19) ? 0 : 1)) + (tick_key_renew + || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW + || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW) + ? 1 + : 0) + /* There is no ticket to decrypt in tests 13 and 19 */ + || !TEST_int_eq(dec_tick_called, (tst == 13 || tst == 19) ? 0 : 1)) goto end; testresult = 1; - end: +end: SSL_SESSION_free(clntsess); SSL_free(serverssl); SSL_free(clientssl); @@ -8180,19 +8278,19 @@ BIO *c2s; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), 0, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), 0, 0, + &sctx, &cctx, cert, privkey))) goto end; if (tst == 1) SSL_CTX_set_options(sctx, SSL_OP_IGNORE_UNEXPECTED_EOF); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; c2s = SSL_get_rbio(serverssl); @@ -8201,14 +8299,14 @@ if (!TEST_false(SSL_read(serverssl, buf, sizeof(buf)))) goto end; - if (tst == 0 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL) ) + if (tst == 0 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL)) goto end; - if (tst == 1 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_ZERO_RETURN) ) + if (tst == 1 && !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_ZERO_RETURN)) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -8250,30 +8348,30 @@ #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - (tst <= 1) ? TLS1_2_VERSION - : TLS1_3_VERSION, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, + (tst <= 1) ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey))) goto end; if (tst == 5) SSL_CTX_set_post_handshake_auth(cctx, 1); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (tst == 3) { if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE, 1)) - || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) - || !TEST_false(SSL_SESSION_is_resumable(sess))) + SSL_ERROR_NONE, 1)) + || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) + || !TEST_false(SSL_SESSION_is_resumable(sess))) goto end; } else if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) - || !TEST_true(SSL_SESSION_is_resumable(sess))) { + SSL_ERROR_NONE)) + || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) + || !TEST_true(SSL_SESSION_is_resumable(sess))) { goto end; } @@ -8286,19 +8384,19 @@ * fail and provide SSL_ERROR_ZERO_RETURN */ if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) - || !TEST_int_eq(SSL_get_error(serverssl, 0), - SSL_ERROR_ZERO_RETURN) - || !TEST_int_eq(SSL_get_shutdown(serverssl), - SSL_RECEIVED_SHUTDOWN) - /* - * Even though we're shutdown on receive we should still be - * able to write. - */ - || !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) + || !TEST_int_eq(SSL_get_error(serverssl, 0), + SSL_ERROR_ZERO_RETURN) + || !TEST_int_eq(SSL_get_shutdown(serverssl), + SSL_RECEIVED_SHUTDOWN) + /* + * Even though we're shutdown on receive we should still be + * able to write. + */ + || !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) goto end; if (tst == 4 - && !TEST_true(SSL_key_update(serverssl, - SSL_KEY_UPDATE_REQUESTED))) + && !TEST_true(SSL_key_update(serverssl, + SSL_KEY_UPDATE_REQUESTED))) goto end; if (tst == 5) { SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); @@ -8306,20 +8404,20 @@ goto end; } if ((tst == 4 || tst == 5) - && !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) + && !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) goto end; if (!TEST_int_eq(SSL_shutdown(serverssl), 1)) goto end; if (tst == 4 || tst == 5) { /* Should still be able to read data from server */ if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), - &readbytes)) - || !TEST_size_t_eq(readbytes, sizeof(msg)) - || !TEST_int_eq(memcmp(msg, buf, readbytes), 0) - || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), - &readbytes)) - || !TEST_size_t_eq(readbytes, sizeof(msg)) - || !TEST_int_eq(memcmp(msg, buf, readbytes), 0)) + &readbytes)) + || !TEST_size_t_eq(readbytes, sizeof(msg)) + || !TEST_int_eq(memcmp(msg, buf, readbytes), 0) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), + &readbytes)) + || !TEST_size_t_eq(readbytes, sizeof(msg)) + || !TEST_int_eq(memcmp(msg, buf, readbytes), 0)) goto end; } } @@ -8335,15 +8433,15 @@ * yet. */ if (!TEST_int_eq(SSL_shutdown(serverssl), 0) - /* - * Writing on the server after sending close_notify shouldn't - * be possible. - */ - || !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) - || !TEST_int_eq(SSL_shutdown(clientssl), 1) - || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) - || !TEST_true(SSL_SESSION_is_resumable(sess)) - || !TEST_int_eq(SSL_shutdown(serverssl), 1)) + /* + * Writing on the server after sending close_notify shouldn't + * be possible. + */ + || !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) + || !TEST_int_eq(SSL_shutdown(clientssl), 1) + || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) + || !TEST_true(SSL_SESSION_is_resumable(sess)) + || !TEST_int_eq(SSL_shutdown(serverssl), 1)) goto end; } else if (tst == 4 || tst == 5) { /* @@ -8352,8 +8450,8 @@ * client needs to read the close_notify sent by the server. */ if (!TEST_int_eq(SSL_shutdown(clientssl), 1) - || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) - || !TEST_true(SSL_SESSION_is_resumable(sess))) + || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) + || !TEST_true(SSL_SESSION_is_resumable(sess))) goto end; } else { /* @@ -8364,13 +8462,13 @@ * should fail with a fatal error. */ if (!TEST_int_eq(SSL_shutdown(clientssl), -1) - || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL)) + || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL)) goto end; } testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -8405,9 +8503,9 @@ return 0; if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM)) - || !TEST_true(SSL_use_PrivateKey_file(s, privkey, - SSL_FILETYPE_PEM)) - || !TEST_true(SSL_check_private_key(s))) + || !TEST_true(SSL_use_PrivateKey_file(s, privkey, + SSL_FILETYPE_PEM)) + || !TEST_true(SSL_check_private_key(s))) return 0; cert_cb_cnt++; return 1; @@ -8423,24 +8521,24 @@ if (!TEST_ptr(chain)) goto out; if (!TEST_ptr(in = BIO_new(BIO_s_file())) - || !TEST_int_gt(BIO_read_filename(in, rootfile), 0) - || !TEST_ptr(rootx = X509_new_ex(libctx, NULL)) - || !TEST_ptr(PEM_read_bio_X509(in, &rootx, NULL, NULL)) - || !TEST_true(sk_X509_push(chain, rootx))) + || !TEST_int_gt(BIO_read_filename(in, rootfile), 0) + || !TEST_ptr(rootx = X509_new_ex(libctx, NULL)) + || !TEST_ptr(PEM_read_bio_X509(in, &rootx, NULL, NULL)) + || !TEST_true(sk_X509_push(chain, rootx))) goto out; rootx = NULL; BIO_free(in); if (!TEST_ptr(in = BIO_new(BIO_s_file())) - || !TEST_int_gt(BIO_read_filename(in, ecdsacert), 0) - || !TEST_ptr(x509 = X509_new_ex(libctx, NULL)) - || !TEST_ptr(PEM_read_bio_X509(in, &x509, NULL, NULL))) + || !TEST_int_gt(BIO_read_filename(in, ecdsacert), 0) + || !TEST_ptr(x509 = X509_new_ex(libctx, NULL)) + || !TEST_ptr(PEM_read_bio_X509(in, &x509, NULL, NULL))) goto out; BIO_free(in); if (!TEST_ptr(in = BIO_new(BIO_s_file())) - || !TEST_int_gt(BIO_read_filename(in, ecdsakey), 0) - || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(in, NULL, - NULL, NULL, - libctx, NULL))) + || !TEST_int_gt(BIO_read_filename(in, ecdsakey), 0) + || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(in, NULL, + NULL, NULL, + libctx, NULL))) goto out; rv = SSL_check_chain(s, x509, pkey, chain); /* @@ -8450,7 +8548,7 @@ * will cause tls_choose_sigalgs() to fail the connection. */ if ((rv & (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) - == (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) { + == (CERT_PKEY_VALID | CERT_PKEY_CA_SIGNATURE)) { if (!SSL_use_cert_and_key(s, x509, pkey, NULL, 1)) goto out; } @@ -8459,7 +8557,7 @@ } /* Abort the handshake */ - out: +out: OPENSSL_free(ecdsacert); OPENSSL_free(ecdsakey); OPENSSL_free(rootfile); @@ -8494,10 +8592,10 @@ #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - prot, - &sctx, &cctx, NULL, NULL))) + TLS_client_method(), + TLS1_VERSION, + prot, + &sctx, &cctx, NULL, NULL))) goto end; if (tst == 0) @@ -8516,7 +8614,7 @@ SSL_CTX_set_cert_cb(sctx, cert_cb, snictx); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (tst == 4) { @@ -8525,7 +8623,7 @@ * the chain doesn't meet (the root uses an RSA cert) */ if (!TEST_true(SSL_set1_sigalgs_list(clientssl, - "ecdsa_secp256r1_sha256"))) + "ecdsa_secp256r1_sha256"))) goto end; } else if (tst == 5) { /* @@ -8533,20 +8631,20 @@ * the ee cert doesn't meet (the ee uses an ECDSA cert) */ if (!TEST_true(SSL_set1_sigalgs_list(clientssl, - "rsa_pss_rsae_sha256:rsa_pkcs1_sha256"))) + "rsa_pss_rsae_sha256:rsa_pkcs1_sha256"))) goto end; } ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); if (!TEST_true(tst == 0 || tst == 4 || tst == 5 ? !ret : ret) - || (tst > 0 - && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) { + || (tst > 0 + && !TEST_int_eq((cert_cb_cnt - 2) * (cert_cb_cnt - 3), 0))) { goto end; } testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -8587,11 +8685,11 @@ return 0; if (!TEST_ptr(xcert = X509_new_ex(libctx, NULL)) - || !TEST_ptr(PEM_read_bio_X509(in, &xcert, NULL, NULL)) - || !TEST_ptr(priv_in = BIO_new_file(privkey, "r")) - || !TEST_ptr(privpkey = PEM_read_bio_PrivateKey_ex(priv_in, NULL, - NULL, NULL, - libctx, NULL))) + || !TEST_ptr(PEM_read_bio_X509(in, &xcert, NULL, NULL)) + || !TEST_ptr(priv_in = BIO_new_file(privkey, "r")) + || !TEST_ptr(privpkey = PEM_read_bio_PrivateKey_ex(priv_in, NULL, + NULL, NULL, + libctx, NULL))) goto err; *x509 = xcert; @@ -8623,11 +8721,11 @@ #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - tst == 0 ? TLS1_2_VERSION - : TLS1_3_VERSION, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, + tst == 0 ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey))) goto end; /* @@ -8636,18 +8734,18 @@ */ SSL_CTX_set_client_cert_cb(cctx, client_cert_cb); SSL_CTX_set_verify(sctx, - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - verify_cb); + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_cb); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -8678,30 +8776,30 @@ for (i = 0; i < OSSL_NELEM(name); i++) { name[i] = X509_NAME_new(); if (!TEST_ptr(name[i]) - || !TEST_true(X509_NAME_add_entry_by_txt(name[i], "CN", - MBSTRING_ASC, - (unsigned char *) - strnames[i], - -1, -1, 0))) + || !TEST_true(X509_NAME_add_entry_by_txt(name[i], "CN", + MBSTRING_ASC, + (unsigned char *) + strnames[i], + -1, -1, 0))) goto end; } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - prot, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, + prot, + &sctx, &cctx, cert, privkey))) goto end; SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL); if (tst == 0 || tst == 1) { if (!TEST_ptr(sk1 = sk_X509_NAME_new_null()) - || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[0]))) - || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[1]))) - || !TEST_ptr(sk2 = sk_X509_NAME_new_null()) - || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[0]))) - || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[1])))) + || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[0]))) + || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[1]))) + || !TEST_ptr(sk2 = sk_X509_NAME_new_null()) + || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[0]))) + || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[1])))) goto end; SSL_CTX_set0_CA_list(sctx, sk1); @@ -8710,11 +8808,11 @@ } if (tst == 1 || tst == 2) { if (!TEST_ptr(sk1 = sk_X509_NAME_new_null()) - || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[2]))) - || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[3]))) - || !TEST_ptr(sk2 = sk_X509_NAME_new_null()) - || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[2]))) - || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[3])))) + || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[2]))) + || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[3]))) + || !TEST_ptr(sk2 = sk_X509_NAME_new_null()) + || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[2]))) + || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[3])))) goto end; SSL_CTX_set_client_CA_list(sctx, sk1); @@ -8723,9 +8821,9 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; /* @@ -8734,13 +8832,15 @@ */ sktmp = SSL_get0_peer_CA_list(serverssl); if (prot == TLS1_3_VERSION - && (tst == 0 || tst == 1)) { + && (tst == 0 || tst == 1)) { if (!TEST_ptr(sktmp) - || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2) - || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0), - name[0]), 0) - || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1), - name[1]), 0)) + || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2) + || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0), + name[0]), + 0) + || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1), + name[1]), + 0)) goto end; } else if (!TEST_ptr_null(sktmp)) { goto end; @@ -8753,16 +8853,18 @@ */ sktmp = SSL_get0_peer_CA_list(clientssl); if (!TEST_ptr(sktmp) - || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2) - || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0), - name[tst == 0 ? 0 : 2]), 0) - || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1), - name[tst == 0 ? 1 : 3]), 0)) + || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2) + || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0), + name[tst == 0 ? 0 : 2]), + 0) + || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1), + name[tst == 0 ? 1 : 3]), + 0)) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -8791,8 +8893,7 @@ } #ifndef OPENSSL_NO_TLS1_2 -static const char *multiblock_cipherlist_data[]= -{ +static const char *multiblock_cipherlist_data[] = { "AES128-SHA", "AES128-SHA256", "AES256-SHA", @@ -8800,12 +8901,11 @@ }; /* Reduce the fragment size - so the multiblock test buffer can be small */ -# define MULTIBLOCK_FRAGSIZE 512 +#define MULTIBLOCK_FRAGSIZE 512 static int test_multiblock_write(int test_index) { - static const char *fetchable_ciphers[]= - { + static const char *fetchable_ciphers[] = { "AES-128-CBC-HMAC-SHA1", "AES-128-CBC-HMAC-SHA256", "AES-256-CBC-HMAC-SHA1", @@ -8845,21 +8945,21 @@ RAND_bytes(msg, sizeof(msg)); if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version, - max_version, &sctx, &cctx, cert, - privkey))) + max_version, &sctx, &cctx, cert, + privkey))) goto end; if (!TEST_true(SSL_CTX_set_max_send_fragment(sctx, MULTIBLOCK_FRAGSIZE))) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) - goto end; + NULL, NULL))) + goto end; /* settings to force it to use AES-CBC-HMAC_SHA */ SSL_set_options(serverssl, SSL_OP_NO_ENCRYPT_THEN_MAC); if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipherlist))) - goto end; + goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; @@ -8993,8 +9093,7 @@ || !TEST_ptr_null(late->prev)) goto end; - (void)SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_UPDATE_TIME - | SSL_CTX_get_session_cache_mode(ctx)); + (void)SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_UPDATE_TIME | SSL_CTX_get_session_cache_mode(ctx)); /* make sure |now| is NOT equal to the current time */ now -= 10; @@ -9004,7 +9103,7 @@ goto end; testresult = 1; - end: +end: SSL_CTX_free(ctx); SSL_SESSION_free(early); SSL_SESSION_free(middle); @@ -9039,11 +9138,11 @@ #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, - (idx % 2 == 0) ? TLS1_3_VERSION - : TLS1_2_VERSION, - &sctx, &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET))) + TLS_client_method(), TLS1_VERSION, + (idx % 2 == 0) ? TLS1_3_VERSION + : TLS1_2_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET))) goto end; SSL_CTX_sess_set_get_cb(sctx, get_session_cb); @@ -9052,7 +9151,7 @@ SSL_CTX_sess_set_cache_size(sctx, 1); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) @@ -9086,7 +9185,7 @@ */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) @@ -9110,7 +9209,7 @@ serverssl = clientssl = NULL; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(SSL_set_session(clientssl, sess))) @@ -9121,7 +9220,7 @@ testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -9162,18 +9261,18 @@ #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - (tst <= 4) ? TLS1_2_VERSION - : TLS1_3_VERSION, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + TLS_client_method(), + TLS1_VERSION, + (tst <= 4) ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) goto end; if (tst != 1 && tst != 6) { if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, - hostname_cb))) + hostname_cb))) goto end; } @@ -9187,18 +9286,18 @@ goto end; if (!TEST_str_eq(SSL_get_servername(clientssl, TLSEXT_NAMETYPE_host_name), - cexpectedhost) - || !TEST_str_eq(SSL_get_servername(serverssl, - TLSEXT_NAMETYPE_host_name), - sexpectedhost)) + cexpectedhost) + || !TEST_str_eq(SSL_get_servername(serverssl, + TLSEXT_NAMETYPE_host_name), + sexpectedhost)) goto end; /* Now repeat with a resumption handshake */ if (!TEST_int_eq(SSL_shutdown(clientssl), 0) - || !TEST_ptr_ne(sess = SSL_get1_session(clientssl), NULL) - || !TEST_true(SSL_SESSION_is_resumable(sess)) - || !TEST_int_eq(SSL_shutdown(serverssl), 0)) + || !TEST_ptr_ne(sess = SSL_get1_session(clientssl), NULL) + || !TEST_true(SSL_SESSION_is_resumable(sess)) + || !TEST_int_eq(SSL_shutdown(serverssl), 0)) goto end; SSL_free(clientssl); @@ -9206,7 +9305,7 @@ clientssl = serverssl = NULL; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, - NULL))) + NULL))) goto end; if (!TEST_true(SSL_set_session(clientssl, sess))) @@ -9225,8 +9324,8 @@ sexpectedhost = cexpectedhost = "altgoodhost"; if (!TEST_str_eq(SSL_get_servername(clientssl, - TLSEXT_NAMETYPE_host_name), - "altgoodhost")) + TLSEXT_NAMETYPE_host_name), + "altgoodhost")) goto end; } else if (tst == 4 || tst == 9) { /* @@ -9237,8 +9336,8 @@ sexpectedhost = cexpectedhost = NULL; if (!TEST_str_eq(SSL_get_servername(clientssl, - TLSEXT_NAMETYPE_host_name), - cexpectedhost)) + TLSEXT_NAMETYPE_host_name), + cexpectedhost)) goto end; } else { if (!TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost"))) @@ -9256,8 +9355,8 @@ sexpectedhost = NULL; if (!TEST_str_eq(SSL_get_servername(clientssl, - TLSEXT_NAMETYPE_host_name), - "goodhost")) + TLSEXT_NAMETYPE_host_name), + "goodhost")) goto end; } @@ -9265,18 +9364,18 @@ goto end; if (!TEST_true(SSL_session_reused(clientssl)) - || !TEST_true(SSL_session_reused(serverssl)) - || !TEST_str_eq(SSL_get_servername(clientssl, - TLSEXT_NAMETYPE_host_name), - cexpectedhost) - || !TEST_str_eq(SSL_get_servername(serverssl, - TLSEXT_NAMETYPE_host_name), - sexpectedhost)) + || !TEST_true(SSL_session_reused(serverssl)) + || !TEST_str_eq(SSL_get_servername(clientssl, + TLSEXT_NAMETYPE_host_name), + cexpectedhost) + || !TEST_str_eq(SSL_get_servername(serverssl, + TLSEXT_NAMETYPE_host_name), + sexpectedhost)) goto end; testresult = 1; - end: +end: SSL_SESSION_free(sess); SSL_free(serverssl); SSL_free(clientssl); @@ -9313,7 +9412,7 @@ if (idx != 0 && idx != 3) { if (!TEST_true(OSSL_PROVIDER_add_builtin(tmpctx, "filter", - filter_provider_init))) + filter_provider_init))) goto end; filterprov = OSSL_PROVIDER_load(tmpctx, "filter"); @@ -9328,13 +9427,13 @@ * also need SHA1 for our certificate. */ if (!TEST_true(filter_provider_set_filter(OSSL_OP_DIGEST, - "SHA2-256:SHA1"))) + "SHA2-256:SHA1"))) goto end; } else { if (!TEST_true(filter_provider_set_filter(OSSL_OP_SIGNATURE, - "ECDSA")) - || !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT, - "EC:X25519:X448"))) + "ECDSA")) + || !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT, + "EC:X25519:X448"))) goto end; } @@ -9351,57 +9450,59 @@ if (idx != 5) { if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, + 0, + &sctx, &cctx, cert, privkey))) goto end; } else { if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - 0, - &sctx, &cctx, cert2, privkey2))) + TLS_client_method(), + TLS1_VERSION, + 0, + &sctx, &cctx, cert2, privkey2))) goto end; } /* Ensure we only use TLSv1.2 ciphersuites based on SHA256 */ if (idx < 4) { if (!TEST_true(SSL_CTX_set_cipher_list(cctx, - "ECDHE-RSA-AES128-GCM-SHA256"))) + "ECDHE-RSA-AES128-GCM-SHA256"))) goto end; } else { if (!TEST_true(SSL_CTX_set_cipher_list(cctx, - "ECDHE-ECDSA-AES128-GCM-SHA256"))) + "ECDHE-ECDSA-AES128-GCM-SHA256"))) goto end; } if (idx < 3) { if (!SSL_CTX_set1_sigalgs_list(cctx, - "rsa_pss_rsae_sha384" - ":rsa_pss_rsae_sha256") - || !SSL_CTX_set1_sigalgs_list(sctx, - "rsa_pss_rsae_sha384" - ":rsa_pss_rsae_sha256")) + "rsa_pss_rsae_sha384" + ":rsa_pss_rsae_sha256") + || !SSL_CTX_set1_sigalgs_list(sctx, + "rsa_pss_rsae_sha384" + ":rsa_pss_rsae_sha256")) goto end; } else { if (!SSL_CTX_set1_sigalgs_list(cctx, "rsa_pss_rsae_sha256:ECDSA+SHA256") - || !SSL_CTX_set1_sigalgs_list(sctx, - "rsa_pss_rsae_sha256:ECDSA+SHA256")) + || !SSL_CTX_set1_sigalgs_list(sctx, + "rsa_pss_rsae_sha256:ECDSA+SHA256")) goto end; } if (idx != 5 && (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2, - SSL_FILETYPE_PEM), 1) + SSL_FILETYPE_PEM), + 1) || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx, - privkey2, - SSL_FILETYPE_PEM), 1) + privkey2, + SSL_FILETYPE_PEM), + 1) || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1))) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) @@ -9409,20 +9510,19 @@ /* For tests 0 and 3 we expect 2 shared sigalgs, otherwise exactly 1 */ if (!TEST_int_eq(SSL_get_shared_sigalgs(serverssl, 0, &sig, &hash, NULL, - NULL, NULL), - (idx == 0 || idx == 3) ? 2 : 1)) + NULL, NULL), + (idx == 0 || idx == 3) ? 2 : 1)) goto end; if (!TEST_int_eq(hash, idx == 0 ? NID_sha384 : NID_sha256)) goto end; - if (!TEST_int_eq(sig, (idx == 4 || idx == 5) ? EVP_PKEY_EC - : NID_rsassaPss)) + if (!TEST_int_eq(sig, (idx == 4 || idx == 5) ? EVP_PKEY_EC : NID_rsassaPss)) goto end; testresult = filter_provider_check_clean_finish(); - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -9432,9 +9532,9 @@ return testresult; } -#endif /* - * !defined(OPENSSL_NO_EC) \ - * && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) +#endif /* \ + * !defined(OPENSSL_NO_EC) \ + * && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) \ */ #ifndef OPENSSL_NO_TLS1_3 @@ -9453,30 +9553,30 @@ goto end; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, - TLS1_3_VERSION, - &sctx, &cctx, cert, privkey)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + TLS_client_method(), + TLS1_3_VERSION, + TLS1_3_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) goto end; /* ensure GROUPLIST_INCREMENT (=40) logic triggers: */ if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup:xorkemgroup:dummy1:dummy2:dummy3:dummy4:dummy5:dummy6:dummy7:dummy8:dummy9:dummy10:dummy11:dummy12:dummy13:dummy14:dummy15:dummy16:dummy17:dummy18:dummy19:dummy20:dummy21:dummy22:dummy23:dummy24:dummy25:dummy26:dummy27:dummy28:dummy29:dummy30:dummy31:dummy32:dummy33:dummy34:dummy35:dummy36:dummy37:dummy38:dummy39:dummy40:dummy41:dummy42:dummy43")) - /* removing a single algorithm from the list makes the test pass */ - || !TEST_true(SSL_set1_groups_list(clientssl, group_name))) + /* removing a single algorithm from the list makes the test pass */ + || !TEST_true(SSL_set1_groups_list(clientssl, group_name))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; if (!TEST_str_eq(group_name, - SSL_group_to_name(serverssl, SSL_get_shared_group(serverssl, 0)))) + SSL_group_to_name(serverssl, SSL_get_shared_group(serverssl, 0)))) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -9497,24 +9597,24 @@ BIO *rbio = NULL, *wbio = NULL; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - 0, - 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + 0, + 0, + &sctx, &cctx, cert, privkey))) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) - || !TEST_true(SSL_set_max_proto_version(clientssl, TLS1_2_VERSION))) + || !TEST_true(SSL_set_max_proto_version(clientssl, TLS1_2_VERSION))) goto end; client2ssl = SSL_dup(clientssl); rbio = SSL_get_rbio(clientssl); if (!TEST_ptr(rbio) - || !TEST_true(BIO_up_ref(rbio))) + || !TEST_true(BIO_up_ref(rbio))) goto end; SSL_set0_rbio(client2ssl, rbio); rbio = NULL; @@ -9526,12 +9626,12 @@ rbio = NULL; if (!TEST_ptr(client2ssl) - /* Handshake not started so pointers should be different */ - || !TEST_ptr_ne(clientssl, client2ssl)) + /* Handshake not started so pointers should be different */ + || !TEST_ptr_ne(clientssl, client2ssl)) goto end; if (!TEST_int_eq(SSL_get_min_proto_version(client2ssl), TLS1_2_VERSION) - || !TEST_int_eq(SSL_get_max_proto_version(client2ssl), TLS1_2_VERSION)) + || !TEST_int_eq(SSL_get_max_proto_version(client2ssl), TLS1_2_VERSION)) goto end; if (!TEST_true(create_ssl_connection(serverssl, client2ssl, SSL_ERROR_NONE))) @@ -9540,13 +9640,13 @@ SSL_free(clientssl); clientssl = SSL_dup(client2ssl); if (!TEST_ptr(clientssl) - /* Handshake has finished so pointers should be the same */ - || !TEST_ptr_eq(clientssl, client2ssl)) + /* Handshake has finished so pointers should be the same */ + || !TEST_ptr_eq(clientssl, client2ssl)) goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_free(client2ssl); @@ -9556,7 +9656,7 @@ return testresult; } -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH static EVP_PKEY *tmp_dh_params = NULL; @@ -9576,24 +9676,25 @@ pctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL); if (!TEST_ptr(pctx) - || !TEST_int_eq(EVP_PKEY_fromdata_init(pctx), 1)) + || !TEST_int_eq(EVP_PKEY_fromdata_init(pctx), 1)) goto end; tmpl = OSSL_PARAM_BLD_new(); if (!TEST_ptr(tmpl) - || !TEST_true(OSSL_PARAM_BLD_push_BN(tmpl, - OSSL_PKEY_PARAM_FFC_P, - p)) - || !TEST_true(OSSL_PARAM_BLD_push_uint(tmpl, - OSSL_PKEY_PARAM_FFC_G, - 2))) + || !TEST_true(OSSL_PARAM_BLD_push_BN(tmpl, + OSSL_PKEY_PARAM_FFC_P, + p)) + || !TEST_true(OSSL_PARAM_BLD_push_uint(tmpl, + OSSL_PKEY_PARAM_FFC_G, + 2))) goto end; params = OSSL_PARAM_BLD_to_param(tmpl); if (!TEST_ptr(params) - || !TEST_int_eq(EVP_PKEY_fromdata(pctx, &dhpkey, - EVP_PKEY_KEY_PARAMETERS, - params), 1)) + || !TEST_int_eq(EVP_PKEY_fromdata(pctx, &dhpkey, + EVP_PKEY_KEY_PARAMETERS, + params), + 1)) goto end; tmp_dh_params = dhpkey; @@ -9610,7 +9711,7 @@ return tmp_dh_params; } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Callback used by test_set_tmp_dh() */ static DH *tmp_dh_callback(SSL *s, int is_export, int keylen) { @@ -9633,7 +9734,7 @@ return ret; } -# endif +#endif /* * Test the various methods for setting temporary DH parameters @@ -9660,32 +9761,32 @@ int dhauto = (idx == 3 || idx == 4) ? 1 : 0; int expected = (idx <= 2) ? 0 : 1; EVP_PKEY *dhpkey = NULL; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 DH *dh = NULL; -# else +#else if (idx >= 7) return 1; -# endif +#endif if (idx >= 5 && idx <= 8) { dhpkey = get_tmp_dh_params(); if (!TEST_ptr(dhpkey)) goto end; } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (idx == 7 || idx == 8) { dh = EVP_PKEY_get1_DH(dhpkey); if (!TEST_ptr(dh)) goto end; } -# endif +#endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - 0, - 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + 0, + 0, + &sctx, &cctx, cert, privkey))) goto end; if ((idx & 1) == 1) { @@ -9698,17 +9799,17 @@ goto end; dhpkey = NULL; } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 else if (idx == 7) { if (!TEST_true(SSL_CTX_set_tmp_dh(sctx, dh))) goto end; } else if (idx == 9) { SSL_CTX_set_tmp_dh_callback(sctx, tmp_dh_callback); } -# endif +#endif if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if ((idx & 1) == 0 && idx != 0) { @@ -9720,18 +9821,18 @@ goto end; dhpkey = NULL; } -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 else if (idx == 8) { if (!TEST_true(SSL_set_tmp_dh(serverssl, dh))) goto end; } else if (idx == 10) { SSL_set_tmp_dh_callback(serverssl, tmp_dh_callback); } -# endif +#endif if (!TEST_true(SSL_set_min_proto_version(serverssl, TLS1_2_VERSION)) - || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)) - || !TEST_true(SSL_set_cipher_list(serverssl, "DHE-RSA-AES128-SHA"))) + || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_cipher_list(serverssl, "DHE-RSA-AES128-SHA"))) goto end; /* @@ -9739,15 +9840,16 @@ * there are no parameters */ if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE), expected)) + SSL_ERROR_NONE), + expected)) goto end; testresult = 1; - end: -# ifndef OPENSSL_NO_DEPRECATED_3_0 +end: +#ifndef OPENSSL_NO_DEPRECATED_3_0 DH_free(dh); -# endif +#endif SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -9818,21 +9920,21 @@ } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - 0, - 0, - &sctx, &cctx, thiscert, thiskey))) + TLS_client_method(), + 0, + 0, + &sctx, &cctx, thiscert, thiskey))) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + NULL, NULL))) goto end; if (!TEST_true(SSL_set_dh_auto(serverssl, 1)) - || !TEST_true(SSL_set_min_proto_version(serverssl, TLS1_2_VERSION)) - || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)) - || !TEST_true(SSL_set_cipher_list(serverssl, ciphersuite)) - || !TEST_true(SSL_set_cipher_list(clientssl, ciphersuite))) + || !TEST_true(SSL_set_min_proto_version(serverssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_cipher_list(serverssl, ciphersuite)) + || !TEST_true(SSL_set_cipher_list(clientssl, ciphersuite))) goto end; /* @@ -9841,7 +9943,7 @@ * removed, so we cannot test it. */ if (!TEST_int_le(SSL_connect(clientssl), 0) - || !TEST_int_le(SSL_accept(serverssl), 0)) + || !TEST_int_le(SSL_accept(serverssl), 0)) goto end; if (!TEST_int_gt(SSL_get_tmp_key(serverssl, &tmpkey), 0)) @@ -9854,7 +9956,7 @@ testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -9862,9 +9964,8 @@ EVP_PKEY_free(tmpkey); return testresult; - } -# endif /* OPENSSL_NO_DH */ +#endif /* OPENSSL_NO_DH */ #endif /* OPENSSL_NO_TLS1_2 */ #ifndef OSSL_NO_USABLE_TLS1_3 @@ -9888,13 +9989,13 @@ goto end; /* Require TLSv1.3 as a minimum */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_3_VERSION, 0, - &sctx2, &cctx, cert, privkey))) + TLS_client_method(), TLS1_3_VERSION, 0, + &sctx2, &cctx, cert, privkey))) goto end; /* Set up SNI */ if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb)) - || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2))) + || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2))) goto end; /* @@ -9902,9 +10003,9 @@ * certificates configured. */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; /* We should have had the SNI callback called exactly once */ @@ -9946,12 +10047,12 @@ } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), version, version, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), version, version, + &sctx, &cctx, cert, privkey))) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; /* @@ -9959,7 +10060,7 @@ * make sure the returned value is the default */ if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC), - SSL_get_default_timeout(serverssl))) + SSL_get_default_timeout(serverssl))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) @@ -9996,9 +10097,9 @@ unsigned char bad0[] = { 0x00, 'b', 'a', 'd' }; unsigned char good[] = { 0x04, 'g', 'o', 'o', 'd' }; unsigned char bad1[] = { 0x01, 'b', 'a', 'd' }; - unsigned char bad2[] = { 0x03, 'b', 'a', 'd', 0x00}; - unsigned char bad3[] = { 0x03, 'b', 'a', 'd', 0x01, 'b', 'a', 'd'}; - unsigned char bad4[] = { 0x03, 'b', 'a', 'd', 0x06, 'b', 'a', 'd'}; + unsigned char bad2[] = { 0x03, 'b', 'a', 'd', 0x00 }; + unsigned char bad3[] = { 0x03, 'b', 'a', 'd', 0x01, 'b', 'a', 'd' }; + unsigned char bad4[] = { 0x03, 'b', 'a', 'd', 0x06, 'b', 'a', 'd' }; /* Create an initial SSL_CTX with no certificate configured */ ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); @@ -10061,78 +10162,78 @@ */ static int test_set_verify_cert_store_ssl_ctx(void) { - SSL_CTX *ctx = NULL; - int testresult = 0; - X509_STORE *store = NULL, *new_store = NULL, - *cstore = NULL, *new_cstore = NULL; + SSL_CTX *ctx = NULL; + int testresult = 0; + X509_STORE *store = NULL, *new_store = NULL, + *cstore = NULL, *new_cstore = NULL; - /* Create an initial SSL_CTX. */ - ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); - if (!TEST_ptr(ctx)) - goto end; + /* Create an initial SSL_CTX. */ + ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); + if (!TEST_ptr(ctx)) + goto end; - /* Retrieve verify store pointer. */ - if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) - goto end; + /* Retrieve verify store pointer. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; - /* Retrieve chain store pointer. */ - if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) - goto end; + /* Retrieve chain store pointer. */ + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; - /* We haven't set any yet, so this should be NULL. */ - if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) - goto end; + /* We haven't set any yet, so this should be NULL. */ + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; - /* Create stores. We use separate stores so pointers are different. */ - new_store = X509_STORE_new(); - if (!TEST_ptr(new_store)) - goto end; + /* Create stores. We use separate stores so pointers are different. */ + new_store = X509_STORE_new(); + if (!TEST_ptr(new_store)) + goto end; - new_cstore = X509_STORE_new(); - if (!TEST_ptr(new_cstore)) - goto end; + new_cstore = X509_STORE_new(); + if (!TEST_ptr(new_cstore)) + goto end; - /* Set stores. */ - if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, new_store))) - goto end; + /* Set stores. */ + if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, new_store))) + goto end; - if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, new_cstore))) - goto end; + if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, new_cstore))) + goto end; - /* Should be able to retrieve the same pointer. */ - if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) - goto end; + /* Should be able to retrieve the same pointer. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; - if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) - goto end; + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; - if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) - goto end; + if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) + goto end; - /* Should be able to unset again. */ - if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, NULL))) - goto end; + /* Should be able to unset again. */ + if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, NULL))) + goto end; - if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, NULL))) - goto end; + if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, NULL))) + goto end; - /* Should now be NULL. */ - if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) - goto end; + /* Should now be NULL. */ + if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) + goto end; - if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) - goto end; + if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) + goto end; - if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) - goto end; + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; - testresult = 1; + testresult = 1; end: - X509_STORE_free(new_store); - X509_STORE_free(new_cstore); - SSL_CTX_free(ctx); - return testresult; + X509_STORE_free(new_store); + X509_STORE_free(new_cstore); + SSL_CTX_free(ctx); + return testresult; } /* @@ -10140,88 +10241,87 @@ */ static int test_set_verify_cert_store_ssl(void) { - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; - int testresult = 0; - X509_STORE *store = NULL, *new_store = NULL, - *cstore = NULL, *new_cstore = NULL; + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + int testresult = 0; + X509_STORE *store = NULL, *new_store = NULL, + *cstore = NULL, *new_cstore = NULL; - /* Create an initial SSL_CTX. */ - ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); - if (!TEST_ptr(ctx)) - goto end; + /* Create an initial SSL_CTX. */ + ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); + if (!TEST_ptr(ctx)) + goto end; - /* Create an SSL object. */ - ssl = SSL_new(ctx); - if (!TEST_ptr(ssl)) - goto end; + /* Create an SSL object. */ + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl)) + goto end; - /* Retrieve verify store pointer. */ - if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) - goto end; + /* Retrieve verify store pointer. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; - /* Retrieve chain store pointer. */ - if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) - goto end; + /* Retrieve chain store pointer. */ + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; - /* We haven't set any yet, so this should be NULL. */ - if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) - goto end; + /* We haven't set any yet, so this should be NULL. */ + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; - /* Create stores. We use separate stores so pointers are different. */ - new_store = X509_STORE_new(); - if (!TEST_ptr(new_store)) - goto end; + /* Create stores. We use separate stores so pointers are different. */ + new_store = X509_STORE_new(); + if (!TEST_ptr(new_store)) + goto end; - new_cstore = X509_STORE_new(); - if (!TEST_ptr(new_cstore)) - goto end; + new_cstore = X509_STORE_new(); + if (!TEST_ptr(new_cstore)) + goto end; - /* Set stores. */ - if (!TEST_true(SSL_set1_verify_cert_store(ssl, new_store))) - goto end; + /* Set stores. */ + if (!TEST_true(SSL_set1_verify_cert_store(ssl, new_store))) + goto end; - if (!TEST_true(SSL_set1_chain_cert_store(ssl, new_cstore))) - goto end; + if (!TEST_true(SSL_set1_chain_cert_store(ssl, new_cstore))) + goto end; - /* Should be able to retrieve the same pointer. */ - if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) - goto end; + /* Should be able to retrieve the same pointer. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; - if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) - goto end; + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; - if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) - goto end; + if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) + goto end; - /* Should be able to unset again. */ - if (!TEST_true(SSL_set1_verify_cert_store(ssl, NULL))) - goto end; + /* Should be able to unset again. */ + if (!TEST_true(SSL_set1_verify_cert_store(ssl, NULL))) + goto end; - if (!TEST_true(SSL_set1_chain_cert_store(ssl, NULL))) - goto end; + if (!TEST_true(SSL_set1_chain_cert_store(ssl, NULL))) + goto end; - /* Should now be NULL. */ - if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) - goto end; + /* Should now be NULL. */ + if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) + goto end; - if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) - goto end; + if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) + goto end; - if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) - goto end; + if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) + goto end; - testresult = 1; + testresult = 1; end: - X509_STORE_free(new_store); - X509_STORE_free(new_cstore); - SSL_free(ssl); - SSL_CTX_free(ctx); - return testresult; + X509_STORE_free(new_store); + X509_STORE_free(new_cstore); + SSL_free(ssl); + SSL_CTX_free(ctx); + return testresult; } - static int test_inherit_verify_param(void) { int testresult = 0; @@ -10256,7 +10356,7 @@ testresult = 1; - end: +end: SSL_free(ssl); SSL_CTX_free(ctx); @@ -10280,9 +10380,9 @@ SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); SSL_CONF_CTX_set_flags(cctx, - SSL_CONF_FLAG_CERTIFICATE - | SSL_CONF_FLAG_SERVER - | SSL_CONF_FLAG_FILE); + SSL_CONF_FLAG_CERTIFICATE + | SSL_CONF_FLAG_SERVER + | SSL_CONF_FLAG_FILE); if (!TEST_int_eq(SSL_CONF_cmd(cctx, "DHParameters", dhfile), 2)) goto end; @@ -10323,8 +10423,7 @@ SSL *clientssl = NULL, *serverssl = NULL, *peera, *peerb; int testresult = 0, numreads; /* A 55 byte message */ - unsigned char *msg = (unsigned char *) - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123"; + unsigned char *msg = (unsigned char *)"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123"; size_t written, readbytes, offset, msglen, fragsize = 10, numpipes = 5; size_t expectedreads; unsigned char *buf = NULL; @@ -10337,9 +10436,9 @@ } if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), 0, - TLS1_2_VERSION, &sctx, &cctx, cert, - privkey))) + TLS_client_method(), 0, + TLS1_2_VERSION, &sctx, &cctx, cert, + privkey))) goto end; if (idx == 6) { @@ -10351,7 +10450,7 @@ } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; if (!TEST_true(SSL_set_cipher_list(clientssl, "AES128-SHA"))) @@ -10406,7 +10505,7 @@ * but sufficient for our purposes */ if (!TEST_true(SSL_set_max_pipelines(peera, numpipes)) - || !TEST_true(SSL_set_split_send_fragment(peera, fragsize))) + || !TEST_true(SSL_set_split_send_fragment(peera, fragsize))) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) @@ -10427,17 +10526,17 @@ * read for left over data that couldn't fit in the previous pipelines */ for (offset = 0, numreads = 0; - offset < msglen; - offset += readbytes, numreads++) { + offset < msglen; + offset += readbytes, numreads++) { if (!TEST_true(SSL_read_ex(peerb, buf + offset, - msglen - offset, &readbytes))) + msglen - offset, &readbytes))) goto end; } expectedreads = idx == 4 ? numpipes + 1 : (idx == 3 ? numpipes - 1 : numpipes); if (!TEST_mem_eq(msg, msglen, buf, offset) - || !TEST_int_eq(numreads, expectedreads)) + || !TEST_int_eq(numreads, expectedreads)) goto end; /* @@ -10450,7 +10549,7 @@ if (sendlen > fragsize) sendlen = fragsize; if (!TEST_true(SSL_write_ex(peerb, msg + offset, sendlen, &written)) - || !TEST_size_t_eq(written, sendlen)) + || !TEST_size_t_eq(written, sendlen)) goto end; } @@ -10462,14 +10561,14 @@ * call to SSL_read_ex */ if (!TEST_true(SSL_read_ex(peera, buf, msglen, &readbytes)) - || !TEST_size_t_le(readbytes, msglen)) + || !TEST_size_t_le(readbytes, msglen)) goto end; if (idx == 4) { size_t readbytes2; if (!TEST_true(SSL_read_ex(peera, buf + readbytes, - msglen - readbytes, &readbytes2))) + msglen - readbytes, &readbytes2))) goto end; readbytes += readbytes2; if (!TEST_size_t_le(readbytes, msglen)) @@ -10534,8 +10633,8 @@ #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), 0, maxversion, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), 0, maxversion, + &sctx, &cctx, cert, privkey))) goto end; /* @@ -10556,7 +10655,7 @@ set_always_retry_err_val(0); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; tmp = SSL_get_wbio(serverssl); @@ -10571,7 +10670,7 @@ goto end; if (!TEST_int_eq(SSL_accept(serverssl), -1) - || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE)) + || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_WRITE)) goto end; /* Restore a BIO that will let the write succeed */ @@ -10620,8 +10719,8 @@ cbdata->recurse = 1; if (!TEST_true(create_ssl_objects(cbdata->sctx, cbdata->cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, cbdata->sess))) + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, cbdata->sess))) goto end; ERR_set_mark(); @@ -10636,7 +10735,7 @@ ERR_pop_to_mark(); ret = SSL_TLSEXT_ERR_OK; - end: +end: SSL_free(serverssl); SSL_free(clientssl); cbdata->recurse = 0; @@ -10673,16 +10772,16 @@ #endif if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, - max_version, &sctx, &cctx, cert, - privkey))) + TLS_client_method(), TLS1_VERSION, + max_version, &sctx, &cctx, cert, + privkey))) goto end; /* * TLSv1.3 only uses a session cache if either max_early_data > 0 (used for * replay protection), or if SSL_OP_NO_TICKET is in use */ - if (idx == 0 || idx == 2) { + if (idx == 0 || idx == 2) { if (!TEST_true(SSL_CTX_set_max_early_data(sctx, 1024))) goto end; } @@ -10701,8 +10800,8 @@ for (i = 0; i < 30; i++) { if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sess))) + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess))) goto end; /* @@ -10756,7 +10855,7 @@ goto end; testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -10774,90 +10873,35 @@ size_t selectedlen; unsigned char selected[40]; } next_proto_tests[] = { - { - 4, { 3, 'a', 'b', 'c' }, + { 4, { 3, 'a', 'b', 'c' }, 4, { 3, 'a', 'b', 'c' }, OPENSSL_NPN_NEGOTIATED, - 3, { 'a', 'b', 'c' } - }, - { - 7, { 3, 'a', 'b', 'c', 2, 'a', 'b' }, + 3, { 'a', 'b', 'c' } }, + { 7, { 3, 'a', 'b', 'c', 2, 'a', 'b' }, 4, { 3, 'a', 'b', 'c' }, OPENSSL_NPN_NEGOTIATED, - 3, { 'a', 'b', 'c' } - }, - { - 7, { 2, 'a', 'b', 3, 'a', 'b', 'c', }, - 4, { 3, 'a', 'b', 'c' }, - OPENSSL_NPN_NEGOTIATED, - 3, { 'a', 'b', 'c' } - }, - { - 4, { 3, 'a', 'b', 'c' }, - 7, { 3, 'a', 'b', 'c', 2, 'a', 'b', }, - OPENSSL_NPN_NEGOTIATED, - 3, { 'a', 'b', 'c' } - }, - { - 4, { 3, 'a', 'b', 'c' }, - 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, - OPENSSL_NPN_NEGOTIATED, - 3, { 'a', 'b', 'c' } - }, - { - 7, { 2, 'b', 'c', 3, 'a', 'b', 'c' }, - 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, - OPENSSL_NPN_NEGOTIATED, - 3, { 'a', 'b', 'c' } - }, - { - 10, { 2, 'b', 'c', 3, 'a', 'b', 'c', 2, 'a', 'b' }, - 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, - OPENSSL_NPN_NEGOTIATED, - 3, { 'a', 'b', 'c' } - }, - { - 4, { 3, 'b', 'c', 'd' }, - 4, { 3, 'a', 'b', 'c' }, - OPENSSL_NPN_NO_OVERLAP, - 3, { 'a', 'b', 'c' } - }, - { - 0, { 0 }, - 4, { 3, 'a', 'b', 'c' }, - OPENSSL_NPN_NO_OVERLAP, - 3, { 'a', 'b', 'c' } - }, - { - -1, { 0 }, - 4, { 3, 'a', 'b', 'c' }, - OPENSSL_NPN_NO_OVERLAP, - 3, { 'a', 'b', 'c' } - }, - { - 4, { 3, 'a', 'b', 'c' }, - 0, { 0 }, - OPENSSL_NPN_NO_OVERLAP, - 0, { 0 } - }, - { - 4, { 3, 'a', 'b', 'c' }, - -1, { 0 }, - OPENSSL_NPN_NO_OVERLAP, - 0, { 0 } - }, - { - 3, { 3, 'a', 'b', 'c' }, - 4, { 3, 'a', 'b', 'c' }, - OPENSSL_NPN_NO_OVERLAP, - 3, { 'a', 'b', 'c' } - }, - { - 4, { 3, 'a', 'b', 'c' }, - 3, { 3, 'a', 'b', 'c' }, - OPENSSL_NPN_NO_OVERLAP, - 0, { 0 } - } + 3, { 'a', 'b', 'c' } }, + { 7, { + 2, + 'a', + 'b', + 3, + 'a', + 'b', + 'c', + }, + 4, { 3, 'a', 'b', 'c' }, OPENSSL_NPN_NEGOTIATED, 3, { 'a', 'b', 'c' } }, + { 4, { 3, 'a', 'b', 'c' }, 7, { + 3, + 'a', + 'b', + 'c', + 2, + 'a', + 'b', + }, + OPENSSL_NPN_NEGOTIATED, 3, { 'a', 'b', 'c' } }, + { 4, { 3, 'a', 'b', 'c' }, 7, { 2, 'a', 'b', 3, 'a', 'b', 'c' }, OPENSSL_NPN_NEGOTIATED, 3, { 'a', 'b', 'c' } }, { 7, { 2, 'b', 'c', 3, 'a', 'b', 'c' }, 7, { 2, 'a', 'b', 3, 'a', 'b', 'c' }, OPENSSL_NPN_NEGOTIATED, 3, { 'a', 'b', 'c' } }, { 10, { 2, 'b', 'c', 3, 'a', 'b', 'c', 2, 'a', 'b' }, 7, { 2, 'a', 'b', 3, 'a', 'b', 'c' }, OPENSSL_NPN_NEGOTIATED, 3, { 'a', 'b', 'c' } }, { 4, { 3, 'b', 'c', 'd' }, 4, { 3, 'a', 'b', 'c' }, OPENSSL_NPN_NO_OVERLAP, 3, { 'a', 'b', 'c' } }, { 0, { 0 }, 4, { 3, 'a', 'b', 'c' }, OPENSSL_NPN_NO_OVERLAP, 3, { 'a', 'b', 'c' } }, { -1, { 0 }, 4, { 3, 'a', 'b', 'c' }, OPENSSL_NPN_NO_OVERLAP, 3, { 'a', 'b', 'c' } }, { 4, { 3, 'a', 'b', 'c' }, 0, { 0 }, OPENSSL_NPN_NO_OVERLAP, 0, { 0 } }, { 4, { 3, 'a', 'b', 'c' }, -1, { 0 }, OPENSSL_NPN_NO_OVERLAP, 0, { 0 } }, { 3, { 3, 'a', 'b', 'c' }, 4, { 3, 'a', 'b', 'c' }, OPENSSL_NPN_NO_OVERLAP, 3, { 'a', 'b', 'c' } }, { 4, { 3, 'a', 'b', 'c' }, 3, { 3, 'a', 'b', 'c' }, OPENSSL_NPN_NO_OVERLAP, 0, { 0 } } }; static int test_select_next_proto(int idx) @@ -10884,8 +10928,8 @@ } if (!TEST_int_eq(SSL_select_next_proto(&out, &outlen, server, serverlen, - client, clientlen), - np->expected_ret)) + client, clientlen), + np->expected_ret)) goto err; if (np->selectedlen == 0) { @@ -10897,16 +10941,16 @@ } ret = 1; - err: +err: return ret; } -static const unsigned char fooprot[] = {3, 'f', 'o', 'o' }; -static const unsigned char barprot[] = {3, 'b', 'a', 'r' }; +static const unsigned char fooprot[] = { 3, 'f', 'o', 'o' }; +static const unsigned char barprot[] = { 3, 'b', 'a', 'r' }; #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) static int npn_advert_cb(SSL *ssl, const unsigned char **out, - unsigned int *outlen, void *arg) + unsigned int *outlen, void *arg) { int *idx = (int *)arg; @@ -10928,7 +10972,7 @@ } static int npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg) + const unsigned char *in, unsigned int inlen, void *arg) { int *idx = (int *)arg; @@ -10969,28 +11013,28 @@ int testresult = 0; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), 0, TLS1_2_VERSION, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), 0, TLS1_2_VERSION, + &sctx, &cctx, cert, privkey))) goto end; SSL_CTX_set_next_protos_advertised_cb(sctx, npn_advert_cb, &idx); SSL_CTX_set_next_proto_select_cb(cctx, npn_select_cb, &idx); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, - NULL))) + NULL))) goto end; if (idx == 4) { /* We don't allow empty selection of NPN, so this should fail */ if (!TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; } else { const unsigned char *prot; unsigned int protlen; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; SSL_get0_next_proto_negotiated(serverssl, &prot, &protlen); @@ -11015,7 +11059,7 @@ } testresult = 1; - end: +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -11026,8 +11070,8 @@ #endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) */ static int alpn_select_cb2(SSL *ssl, const unsigned char **out, - unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg) + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) { int *idx = (int *)arg; @@ -11069,14 +11113,14 @@ unsigned int protslen = sizeof(fooprot); if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), 0, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), 0, 0, + &sctx, &cctx, cert, privkey))) goto end; SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb2, &idx); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, - NULL))) + NULL))) goto end; if (idx == 1) { @@ -11091,14 +11135,14 @@ if (idx == 2 || idx == 3) { /* We don't allow empty selection of NPN, so this should fail */ if (!TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; } else { const unsigned char *prot; unsigned int protlen; if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; SSL_get0_alpn_selected(clientssl, &prot, &protlen); @@ -11118,7 +11162,80 @@ } testresult = 1; - end: +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_no_renegotiation(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0, ret; + int max_proto; + const SSL_METHOD *sm, *cm; + unsigned char buf[5]; + + if (idx == 0) { +#ifndef OPENSSL_NO_TLS1_2 + max_proto = TLS1_2_VERSION; + sm = TLS_server_method(); + cm = TLS_client_method(); +#else + return TEST_skip("TLSv1.2 is disabled in this build"); +#endif + } else { +#ifndef OPENSSL_NO_DTLS1_2 + max_proto = DTLS1_2_VERSION; + sm = DTLS_server_method(); + cm = DTLS_client_method(); +#else + return TEST_skip("DTLSv1.2 is disabled in this build"); +#endif + } + if (!TEST_true(create_ssl_ctx_pair(libctx, sm, cm, 0, max_proto, + &sctx, &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_options(sctx, SSL_OP_NO_RENEGOTIATION); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (!TEST_true(SSL_renegotiate(clientssl)) + || !TEST_int_le(ret = SSL_connect(clientssl), 0) + || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) + goto end; + + /* + * We've not sent any application data, so we expect this to fail. It should + * also read the renegotiation attempt, and send back a no_renegotiation + * warning alert because we have renegotiation disabled. + */ + if (!TEST_int_le(ret = SSL_read(serverssl, buf, sizeof(buf)), 0)) + goto end; + if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_WANT_READ)) + goto end; + + /* + * The client should now see the no_renegotiation warning and fail the + * connection + */ + if (!TEST_int_le(ret = SSL_connect(clientssl), 0) + || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_SSL) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_RENEGOTIATION)) + goto end; + + testresult = 1; +end: SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -11145,7 +11262,7 @@ * available */ if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) - || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) + || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) return 0; if (!test_skip_common_options()) { @@ -11154,11 +11271,11 @@ } if (!TEST_ptr(certsdir = test_get_argument(0)) - || !TEST_ptr(srpvfile = test_get_argument(1)) - || !TEST_ptr(tmpfilename = test_get_argument(2)) - || !TEST_ptr(modulename = test_get_argument(3)) - || !TEST_ptr(configfile = test_get_argument(4)) - || !TEST_ptr(dhfile = test_get_argument(5))) + || !TEST_ptr(srpvfile = test_get_argument(1)) + || !TEST_ptr(tmpfilename = test_get_argument(2)) + || !TEST_ptr(modulename = test_get_argument(3)) + || !TEST_ptr(configfile = test_get_argument(4)) + || !TEST_ptr(dhfile = test_get_argument(5))) return 0; if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile))) @@ -11170,7 +11287,7 @@ /* Check the default provider is not available */ if (strcmp(modulename, "default") != 0 - && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) + && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) return 0; if (strcmp(modulename, "fips") == 0) @@ -11181,10 +11298,9 @@ * need it. */ if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "tls-provider", - tls_provider_init))) + tls_provider_init))) return 0; - if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) { #ifdef OPENSSL_NO_CRYPTO_MDEBUG TEST_error("not supported in this build"); @@ -11196,7 +11312,7 @@ test_export_key_mat(i); CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount); test_printf_stdout("malloc %d realloc %d free %d\n", - mcount, rcount, fcount); + mcount, rcount, fcount); return 1; #endif } @@ -11250,10 +11366,10 @@ goto err; #if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK) -# if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) ADD_ALL_TESTS(test_ktls, NUM_KTLS_TEST_CIPHERS * 4); ADD_ALL_TESTS(test_ktls_sendfile, NUM_KTLS_TEST_CIPHERS); -# endif +#endif #endif ADD_TEST(test_large_message_tls); ADD_TEST(test_large_message_tls_read_ahead); @@ -11310,31 +11426,30 @@ ADD_ALL_TESTS(test_early_data_psk, 8); ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5); ADD_ALL_TESTS(test_early_data_not_expected, 3); -# ifndef OPENSSL_NO_TLS1_2 +#ifndef OPENSSL_NO_TLS1_2 ADD_ALL_TESTS(test_early_data_tls1_2, 3); -# endif +#endif #endif #ifndef OSSL_NO_USABLE_TLS1_3 ADD_ALL_TESTS(test_set_ciphersuite, 10); ADD_TEST(test_ciphersuite_change); ADD_ALL_TESTS(test_tls13_ciphersuite, 4); -# ifdef OPENSSL_NO_PSK +#ifdef OPENSSL_NO_PSK ADD_ALL_TESTS(test_tls13_psk, 1); -# else +#else ADD_ALL_TESTS(test_tls13_psk, 4); -# endif /* OPENSSL_NO_PSK */ -# ifndef OPENSSL_NO_TLS1_2 +#endif /* OPENSSL_NO_PSK */ +#ifndef OPENSSL_NO_TLS1_2 /* Test with both TLSv1.3 and 1.2 versions */ ADD_ALL_TESTS(test_key_exchange, 14); -# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) ADD_ALL_TESTS(test_negotiated_group, - 4 * (OSSL_NELEM(ecdhe_kexch_groups) - + OSSL_NELEM(ffdhe_kexch_groups))); -# endif -# else + 4 * (OSSL_NELEM(ecdhe_kexch_groups) + OSSL_NELEM(ffdhe_kexch_groups))); +#endif +#else /* Test with only TLSv1.3 versions */ ADD_ALL_TESTS(test_key_exchange, 12); -# endif +#endif ADD_ALL_TESTS(test_custom_exts, 6); ADD_TEST(test_stateless); ADD_TEST(test_pha_key_update); @@ -11377,10 +11492,10 @@ #endif #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_ssl_dup); -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_set_tmp_dh, 11); ADD_ALL_TESTS(test_dh_auto, 7); -# endif +#endif #endif #ifndef OSSL_NO_USABLE_TLS1_3 ADD_TEST(test_sni_tls13); @@ -11408,9 +11523,10 @@ ADD_ALL_TESTS(test_npn, 5); #endif ADD_ALL_TESTS(test_alpn, 4); + ADD_ALL_TESTS(test_no_renegotiation, 2); return 1; - err: +err: OPENSSL_free(cert); OPENSSL_free(privkey); OPENSSL_free(cert2); @@ -11420,7 +11536,7 @@ void cleanup_tests(void) { -# if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DH) EVP_PKEY_free(tmp_dh_params); #endif OPENSSL_free(cert); --- crypto/openssl/test/sslbuffertest.c.orig +++ crypto/openssl/test/sslbuffertest.c @@ -13,7 +13,7 @@ * when the deprecated calls are not hidden */ #ifndef OPENSSL_NO_DEPRECATED_3_0 -# define OPENSSL_SUPPRESS_DEPRECATED +#define OPENSSL_SUPPRESS_DEPRECATED #endif #include @@ -35,8 +35,7 @@ static SSL_CTX *serverctx = NULL; static SSL_CTX *clientctx = NULL; -#define MAX_ATTEMPTS 100 - +#define MAX_ATTEMPTS 100 /* * There are 9 passes in the tests @@ -62,7 +61,7 @@ char buf[sizeof(testdata)]; if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl, - NULL, NULL))) { + NULL, NULL))) { TEST_error("Test %d failed: Create SSL objects failed\n", test); goto end; } @@ -85,7 +84,7 @@ * (the first one might be a retryable fail). */ for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2; - i++) { + i++) { /* test == 0 mean to free/allocate = control */ if (test >= 1 && !TEST_true(SSL_free_buffers(clientssl))) goto end; @@ -98,14 +97,13 @@ goto end; ret = SSL_write(clientssl, testdata + len, - sizeof(testdata) - len); + sizeof(testdata) - len); if (ret > 0) { len += ret; } else { int ssl_error = SSL_get_error(clientssl, ret); - if (ssl_error == SSL_ERROR_SYSCALL || - ssl_error == SSL_ERROR_SSL) { + if (ssl_error == SSL_ERROR_SYSCALL || ssl_error == SSL_ERROR_SSL) { TEST_error("Test %d failed: Failed to write app data\n", test); goto end; } @@ -118,9 +116,7 @@ * it could fail once for each byte read, including all overhead * bytes from the record header/padding etc. */ - for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && - i < MAX_ATTEMPTS; i++) - { + for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < MAX_ATTEMPTS; i++) { if (test >= 5 && !TEST_true(SSL_free_buffers(serverssl))) goto end; /* free a second time */ @@ -137,8 +133,7 @@ } else { int ssl_error = SSL_get_error(serverssl, ret); - if (ssl_error == SSL_ERROR_SYSCALL || - ssl_error == SSL_ERROR_SSL) { + if (ssl_error == SSL_ERROR_SYSCALL || ssl_error == SSL_ERROR_SSL) { TEST_error("Test %d failed: Failed to read app data\n", test); goto end; } @@ -149,7 +144,7 @@ } result = 1; - end: +end: if (!result) ERR_print_errors_fp(stderr); @@ -190,19 +185,19 @@ } if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, - &clientssl, NULL, NULL))) + &clientssl, NULL, NULL))) goto end; if (pipeline) { if (!TEST_true(SSL_set_cipher_list(serverssl, "AES128-SHA")) - || !TEST_true(SSL_set_max_proto_version(serverssl, - TLS1_2_VERSION)) - || !TEST_true(SSL_set_max_pipelines(serverssl, 2))) + || !TEST_true(SSL_set_max_proto_version(serverssl, + TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_pipelines(serverssl, 2))) goto end; } if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + SSL_ERROR_NONE))) goto end; /* @@ -211,7 +206,7 @@ */ for (i = 0; i <= pipeline; i++) { if (!TEST_true(SSL_write_ex(clientssl, testdata, strlen(testdata), - &written))) + &written))) goto end; } @@ -227,7 +222,7 @@ readlen += strlen(testdata); if (!TEST_true(SSL_read_ex(serverssl, buf, readlen, &readbytes)) - || !TEST_size_t_eq(readlen, readbytes)) + || !TEST_size_t_eq(readlen, readbytes)) goto end; } else { BIO *tmp; @@ -236,11 +231,11 @@ /* Remove all the data that is pending for read by the server */ tmp = SSL_get_rbio(serverssl); if (!TEST_true(BIO_read_ex(tmp, buf, sizeof(buf), &readbytes)) - || !TEST_size_t_lt(readbytes, sizeof(buf)) - || !TEST_size_t_gt(readbytes, SSL3_RT_HEADER_LENGTH)) + || !TEST_size_t_lt(readbytes, sizeof(buf)) + || !TEST_size_t_gt(readbytes, SSL3_RT_HEADER_LENGTH)) goto end; - switch(test) { + switch (test) { case 1: partial_len = SSL3_RT_HEADER_LENGTH - 1; break; @@ -284,16 +279,16 @@ * record. */ if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), - &readbytes)) - || !TEST_size_t_eq(readbytes, strlen(testdata))) + &readbytes)) + || !TEST_size_t_eq(readbytes, strlen(testdata))) goto end; } else { /* - * Attempt a read. This should fail because only a partial record is - * available. - */ + * Attempt a read. This should fail because only a partial record is + * available. + */ if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), - &readbytes))) + &readbytes))) goto end; } } @@ -306,7 +301,7 @@ goto end; result = 1; - end: +end: SSL_free(clientssl); SSL_free(serverssl); #ifndef OPENSSL_NO_DYNAMIC_ENGINE @@ -331,12 +326,12 @@ } if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(pkey = test_get_argument(1))) + || !TEST_ptr(pkey = test_get_argument(1))) return 0; if (!create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), - TLS1_VERSION, 0, - &serverctx, &clientctx, cert, pkey)) { + TLS1_VERSION, 0, + &serverctx, &clientctx, cert, pkey)) { TEST_error("Failed to create SSL_CTX pair\n"); return 0; } --- crypto/openssl/test/sslcorrupttest.c.orig +++ crypto/openssl/test/sslcorrupttest.c @@ -44,7 +44,7 @@ if (!TEST_ptr(copy = OPENSSL_memdup(in, inl))) return 0; /* corrupt last bit of application data */ - copy[inl-1] ^= 1; + copy[inl - 1] ^= 1; ret = BIO_write(next, copy, inl); OPENSSL_free(copy); } else { @@ -100,7 +100,7 @@ return 1; } -#define BIO_TYPE_CUSTOM_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_CUSTOM_FILTER (0x80 | BIO_TYPE_FILTER) static BIO_METHOD *method_tls_corrupt = NULL; @@ -109,8 +109,8 @@ { if (method_tls_corrupt == NULL) { method_tls_corrupt = BIO_meth_new(BIO_TYPE_CUSTOM_FILTER, - "TLS corrupt filter"); - if ( method_tls_corrupt == NULL + "TLS corrupt filter"); + if (method_tls_corrupt == NULL || !BIO_meth_set_write(method_tls_corrupt, tls_corrupt_write) || !BIO_meth_set_read(method_tls_corrupt, tls_corrupt_read) || !BIO_meth_set_puts(method_tls_corrupt, tls_corrupt_puts) @@ -145,8 +145,8 @@ int i, j, numciphers = 0; if (!TEST_ptr(ctx = SSL_CTX_new(TLS_server_method())) - || !TEST_ptr(ssl = SSL_new(ctx)) - || !TEST_ptr(sk_ciphers = SSL_get1_supported_ciphers(ssl))) + || !TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(sk_ciphers = SSL_get1_supported_ciphers(ssl))) goto err; /* @@ -154,8 +154,7 @@ * so that some of the allocated space will be wasted, but the loss * is deemed acceptable... */ - cipher_list = OPENSSL_malloc(sk_SSL_CIPHER_num(sk_ciphers) * - sizeof(cipher_list[0])); + cipher_list = OPENSSL_malloc(sk_SSL_CIPHER_num(sk_ciphers) * sizeof(cipher_list[0])); if (!TEST_ptr(cipher_list)) goto err; @@ -195,17 +194,17 @@ TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]); if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey))) + TLS_client_method(), + TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) return 0; if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)) - || !TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) - || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "")) - || !TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx)) - || !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1) - || !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0))) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "")) + || !TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx)) + || !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1) + || !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0))) goto end; /* @@ -220,7 +219,7 @@ /* BIO is freed by create_ssl_connection on error */ if (!TEST_true(create_ssl_objects(sctx, cctx, &server, &client, NULL, - c_to_s_fbio))) + c_to_s_fbio))) goto end; if (!TEST_true(create_ssl_connection(server, client, SSL_ERROR_NONE))) @@ -244,7 +243,7 @@ } while (ERR_GET_REASON(err) != SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); testresult = 1; - end: +end: SSL_free(server); SSL_free(client); SSL_CTX_free(sctx); @@ -264,7 +263,7 @@ } if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1))) + || !TEST_ptr(privkey = test_get_argument(1))) return 0; n = setup_cipher_list(); --- crypto/openssl/test/stack_test.c.orig +++ crypto/openssl/test/stack_test.c @@ -61,23 +61,23 @@ int sorted; int ex; } finds[] = { - { 2, 1, 5, 5 }, - { 9, 7, 6, 6 }, - { -173, 5, 0, 0 }, - { 999, 3, 8, 8 }, - { 0, -1, -1, 1 } + { 2, 1, 5, 5 }, + { 9, 7, 6, 6 }, + { -173, 5, 0, 0 }, + { 999, 3, 8, 8 }, + { 0, -1, -1, 1 } }; const int n_finds = OSSL_NELEM(finds); static struct { int value; int ex; } exfinds[] = { - { 3, 5 }, - { 1000, 8 }, - { 20, 8 }, - { -999, 0 }, - { -5, 0 }, - { 8, 5 } + { 3, 5 }, + { 1000, 8 }, + { 20, 8 }, + { -999, 0 }, + { -5, 0 }, + { 8, 5 } }; const int n_exfinds = OSSL_NELEM(exfinds); STACK_OF(sint) *s = sk_sint_new_null(); @@ -150,7 +150,7 @@ goto end; } for (i = 0; i < n_exfinds; i++) - if (!TEST_int_eq(sk_sint_find_ex(s, &exfinds[i].value), exfinds[i].ex)){ + if (!TEST_int_eq(sk_sint_find_ex(s, &exfinds[i].value), exfinds[i].ex)) { TEST_info("int sorted find_ex absent %d", i); goto end; } @@ -166,7 +166,7 @@ } static int uchar_compare(const unsigned char *const *a, - const unsigned char *const *b) + const unsigned char *const *b) { return **a - (signed int)**b; } @@ -264,7 +264,8 @@ return q; } -static void SS_free(SS *p) { +static void SS_free(SS *p) +{ OPENSSL_free(p); } @@ -329,8 +330,8 @@ SS_free(p); if (!TEST_int_eq(sk_SS_num(s), n - 1)) goto end; - for (i = 0; i < n-1; i++) - if (!TEST_ptr_eq(sk_SS_value(s, i), v[i<3 ? i : 1+i])) { + for (i = 0; i < n - 1; i++) + if (!TEST_ptr_eq(sk_SS_value(s, i), v[i < 3 ? i : 1 + i])) { TEST_info("SS delete ptr item %d", i); goto end; } @@ -367,7 +368,7 @@ /* check the pointers are correct */ for (i = 0; i < n; i++) - if (!TEST_ptr_eq(sk_SU_value(s, i), v + i)) { + if (!TEST_ptr_eq(sk_SU_value(s, i), v + i)) { TEST_info("SU pointer check %d", i); goto end; } --- crypto/openssl/test/sysdefaulttest.c.orig +++ crypto/openssl/test/sysdefaulttest.c @@ -31,7 +31,8 @@ int global_init(void) { if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_LOAD_CONFIG, NULL)) + | OPENSSL_INIT_LOAD_CONFIG, + NULL)) return 0; return 1; } --- /dev/null +++ crypto/openssl/test/test_asn1_genconf.cnf @@ -0,0 +1,5 @@ +asn1=SEQUENCE:seq + +[seq] +impl=IMPLICIT:1,BOOL:true +expl=EXPLICIT:2,BITWRAP,OCT:X --- crypto/openssl/test/test_test.c.orig +++ crypto/openssl/test/test_test.c @@ -392,10 +392,10 @@ "1234567890123456789012345678901234567890123456789012" "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - return TEST(0, TEST_str_eq(p, q)) - & TEST(0, TEST_str_eq(q, r)) - & TEST(0, TEST_str_eq(r, s)) - & TEST(0, TEST_mem_eq(r, strlen(r), s, strlen(s))); + return TEST(0, TEST_str_eq(p, q)) + & TEST(0, TEST_str_eq(q, r)) + & TEST(0, TEST_str_eq(r, s)) + & TEST(0, TEST_mem_eq(r, strlen(r), s, strlen(s))); } static int test_long_bignum(void) @@ -412,11 +412,11 @@ const char bs[] = "1234567890123456789012345678901234567890123456789012" "1234567890123456789012345678901234567890123456789013" "987657"; - const char cs[] = "-" /* 64 characters plus sign */ + const char cs[] = "-" /* 64 characters plus sign */ "123456789012345678901234567890" "123456789012345678901234567890" "ABCD"; - const char ds[] = "-" /* 63 characters plus sign */ + const char ds[] = "-" /* 63 characters plus sign */ "23456789A123456789B123456789C" "123456789D123456789E123456789F" "ABCD"; @@ -455,49 +455,49 @@ size_t st = 1234; char buf[4] = { 0 }, *p = buf; - /* int */ + /* int */ return TEST_int_eq(i++, 4) - && TEST_int_eq(i, 5) - && TEST_int_gt(++i, 5) - && TEST_int_le(5, i++) - && TEST_int_ne(--i, 5) - && TEST_int_eq(12, i *= 2) - /* Long */ - && TEST_long_eq(l--, -9000L) - && TEST_long_eq(++l, -9000L) - && TEST_long_ne(-9000L, l /= 2) - && TEST_long_lt(--l, -4500L) - /* char */ - && TEST_char_eq(++c, 'e') - && TEST_char_eq('e', c--) - && TEST_char_ne('d', --c) - && TEST_char_le('b', --c) - && TEST_char_lt(c++, 'c') - /* unsigned char */ - && TEST_uchar_eq(22, uc++) - && TEST_uchar_eq(uc /= 2, 11) - && TEST_ulong_eq(ul ^= 1, 501) - && TEST_ulong_eq(502, ul ^= 3) - && TEST_ulong_eq(ul = ul * 3 - 6, 1500) - /* size_t */ - && TEST_size_t_eq((--i, st++), 1234) - && TEST_size_t_eq(st, 1235) - && TEST_int_eq(11, i) - /* pointers */ - && TEST_ptr_eq(p++, buf) - && TEST_ptr_eq(buf + 2, ++p) - && TEST_ptr_eq(buf, p -= 2) - && TEST_ptr(++p) - && TEST_ptr_eq(p, buf + 1) - && TEST_ptr_null(p = NULL) - /* strings */ - && TEST_str_eq(p = &("123456"[1]), "23456") - && TEST_str_eq("3456", ++p) - && TEST_str_ne(p++, "456") - /* memory */ - && TEST_mem_eq(--p, sizeof("3456"), "3456", sizeof("3456")) - && TEST_mem_ne(p++, sizeof("456"), "456", sizeof("456")) - && TEST_mem_eq(p--, sizeof("456"), "456", sizeof("456")); + && TEST_int_eq(i, 5) + && TEST_int_gt(++i, 5) + && TEST_int_le(5, i++) + && TEST_int_ne(--i, 5) + && TEST_int_eq(12, i *= 2) + /* Long */ + && TEST_long_eq(l--, -9000L) + && TEST_long_eq(++l, -9000L) + && TEST_long_ne(-9000L, l /= 2) + && TEST_long_lt(--l, -4500L) + /* char */ + && TEST_char_eq(++c, 'e') + && TEST_char_eq('e', c--) + && TEST_char_ne('d', --c) + && TEST_char_le('b', --c) + && TEST_char_lt(c++, 'c') + /* unsigned char */ + && TEST_uchar_eq(22, uc++) + && TEST_uchar_eq(uc /= 2, 11) + && TEST_ulong_eq(ul ^= 1, 501) + && TEST_ulong_eq(502, ul ^= 3) + && TEST_ulong_eq(ul = ul * 3 - 6, 1500) + /* size_t */ + && TEST_size_t_eq((--i, st++), 1234) + && TEST_size_t_eq(st, 1235) + && TEST_int_eq(11, i) + /* pointers */ + && TEST_ptr_eq(p++, buf) + && TEST_ptr_eq(buf + 2, ++p) + && TEST_ptr_eq(buf, p -= 2) + && TEST_ptr(++p) + && TEST_ptr_eq(p, buf + 1) + && TEST_ptr_null(p = NULL) + /* strings */ + && TEST_str_eq(p = &("123456"[1]), "23456") + && TEST_str_eq("3456", ++p) + && TEST_str_ne(p++, "456") + /* memory */ + && TEST_mem_eq(--p, sizeof("3456"), "3456", sizeof("3456")) + && TEST_mem_ne(p++, sizeof("456"), "456", sizeof("456")) + && TEST_mem_eq(p--, sizeof("456"), "456", sizeof("456")); } static int test_output(void) @@ -524,7 +524,7 @@ BIGNUM *b = NULL; if (bn_output_tests[n] != NULL - && !TEST_true(BN_hex2bn(&b, bn_output_tests[n]))) + && !TEST_true(BN_hex2bn(&b, bn_output_tests[n]))) return 0; test_output_bignum(bn_output_tests[n], b); BN_free(b); --- /dev/null +++ crypto/openssl/test/testec-sm2.pem @@ -0,0 +1,5 @@ +-----BEGIN SM2 PRIVATE KEY----- +MHcCAQEEIKPB7gEYKGAwAkz0MfGwQm0BXclgzvSTxQG9bm4RCAxXoAoGCCqBHM9V +AYItoUQDQgAE+FuibOpfjVfj716O3LglhK4HzjUR82mgn8kTZinQsEafw3FFZzZJ +vwHIGHUsSKxVTRIEs+BICQDBg99OA3VU/Q== +-----END SM2 PRIVATE KEY----- --- crypto/openssl/test/testutil.h.orig +++ crypto/openssl/test/testutil.h @@ -8,16 +8,16 @@ */ #ifndef OSSL_TESTUTIL_H -# define OSSL_TESTUTIL_H +#define OSSL_TESTUTIL_H -# include +#include -# include -# include -# include -# include -# include -# include "opt.h" +#include +#include +#include +#include +#include +#include "opt.h" /*- * Simple unit tests should implement setup_tests(). @@ -48,17 +48,17 @@ */ /* Adds a simple test case. */ -# define ADD_TEST(test_function) add_test(#test_function, test_function) +#define ADD_TEST(test_function) add_test(#test_function, test_function) /* * Simple parameterized tests. Calls test_function(idx) for each 0 <= idx < num. */ -# define ADD_ALL_TESTS(test_function, num) \ +#define ADD_ALL_TESTS(test_function, num) \ add_all_tests(#test_function, test_function, num, 1) /* * A variant of the same without TAP output. */ -# define ADD_ALL_TESTS_NOSUBTEST(test_function, num) \ +#define ADD_ALL_TESTS_NOSUBTEST(test_function, num) \ add_all_tests(#test_function, test_function, num, 0) /*- @@ -95,76 +95,74 @@ * EXECUTE_FOOBAR_TEST(); * } */ -# define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up)\ +#define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up) \ TEST_FIXTURE_TYPE *fixture = set_up(TEST_CASE_NAME); \ - int result = 0; \ -\ - if (fixture == NULL) \ - return 0 - - -# define EXECUTE_TEST(execute_func, tear_down)\ - if (fixture != NULL) {\ - result = execute_func(fixture);\ - tear_down(fixture);\ + int result = 0; \ + \ + if (fixture == NULL) \ + return 0 + +#define EXECUTE_TEST(execute_func, tear_down) \ + if (fixture != NULL) { \ + result = execute_func(fixture); \ + tear_down(fixture); \ } /* * TEST_CASE_NAME is defined as the name of the test case function where * possible; otherwise we get by with the file name and line number. */ -# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L -# if defined(_MSC_VER) -# define TEST_CASE_NAME __FUNCTION__ -# else -# define testutil_stringify_helper(s) #s -# define testutil_stringify(s) testutil_stringify_helper(s) -# define TEST_CASE_NAME __FILE__ ":" testutil_stringify(__LINE__) -# endif /* _MSC_VER */ -# else -# define TEST_CASE_NAME __func__ -# endif /* __STDC_VERSION__ */ - +#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L +#if defined(_MSC_VER) +#define TEST_CASE_NAME __FUNCTION__ +#else +#define testutil_stringify_helper(s) #s +#define testutil_stringify(s) testutil_stringify_helper(s) +#define TEST_CASE_NAME __FILE__ ":" testutil_stringify(__LINE__) +#endif /* _MSC_VER */ +#else +#define TEST_CASE_NAME __func__ +#endif /* __STDC_VERSION__ */ /* The default test enum which should be common to all tests */ -# define OPT_TEST_ENUM \ +#define OPT_TEST_ENUM \ OPT_TEST_HELP = 500, \ - OPT_TEST_LIST, \ - OPT_TEST_SINGLE, \ - OPT_TEST_ITERATION, \ - OPT_TEST_INDENT, \ + OPT_TEST_LIST, \ + OPT_TEST_SINGLE, \ + OPT_TEST_ITERATION, \ + OPT_TEST_INDENT, \ OPT_TEST_SEED /* The Default test OPTIONS common to all tests (without a usage string) */ -# define OPT_TEST_OPTIONS \ - { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, \ - { "help", OPT_TEST_HELP, '-', "Display this summary" }, \ - { "list", OPT_TEST_LIST, '-', "Display the list of tests available" }, \ - { "test", OPT_TEST_SINGLE, 's', "Run a single test by id or name" }, \ - { "iter", OPT_TEST_ITERATION, 'n', "Run a single iteration of a test" }, \ - { "indent", OPT_TEST_INDENT,'p', "Number of tabs added to output" }, \ - { "seed", OPT_TEST_SEED, 'n', "Seed value to randomize tests with" } +#define OPT_TEST_OPTIONS \ + { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, \ + { "help", OPT_TEST_HELP, '-', "Display this summary" }, \ + { "list", OPT_TEST_LIST, '-', "Display the list of tests available" }, \ + { "test", OPT_TEST_SINGLE, 's', "Run a single test by id or name" }, \ + { "iter", OPT_TEST_ITERATION, 'n', "Run a single iteration of a test" }, \ + { "indent", OPT_TEST_INDENT, 'p', "Number of tabs added to output" }, \ + { "seed", OPT_TEST_SEED, 'n', "Seed value to randomize tests with" } /* The Default test OPTIONS common to all tests starting with an additional usage string */ -# define OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage) \ +#define OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage) \ { OPT_HELP_STR, 1, '-', "Usage: %s [options] " usage }, \ - OPT_TEST_OPTIONS + OPT_TEST_OPTIONS /* The Default test OPTIONS common to all tests with an default usage string */ -# define OPT_TEST_OPTIONS_DEFAULT_USAGE \ +#define OPT_TEST_OPTIONS_DEFAULT_USAGE \ { OPT_HELP_STR, 1, '-', "Usage: %s [options]\n" }, \ - OPT_TEST_OPTIONS + OPT_TEST_OPTIONS /* * Optional Cases that need to be ignored by the test app when using opt_next(), * (that are handled internally). */ -# define OPT_TEST_CASES \ - OPT_TEST_HELP: \ - case OPT_TEST_LIST: \ - case OPT_TEST_SINGLE: \ +#define OPT_TEST_CASES \ + OPT_TEST_HELP: \ + case OPT_TEST_LIST: \ + case OPT_TEST_SINGLE: \ case OPT_TEST_ITERATION: \ - case OPT_TEST_INDENT: \ + case OPT_TEST_INDENT: \ case OPT_TEST_SEED /* @@ -181,16 +179,16 @@ * well as the additional options that need to be handled. * (3) case OPT_TEST_CASES: break; inside the opt_next() handling code. */ -# define OPT_TEST_DECLARE_USAGE(usage_str) \ -const OPTIONS *test_get_options(void) \ -{ \ - enum { OPT_TEST_ENUM }; \ - static const OPTIONS options[] = { \ - OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage_str), \ - { NULL } \ - }; \ - return options; \ -} +#define OPT_TEST_DECLARE_USAGE(usage_str) \ + const OPTIONS *test_get_options(void) \ + { \ + enum { OPT_TEST_ENUM }; \ + static const OPTIONS options[] = { \ + OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage_str), \ + { NULL } \ + }; \ + return options; \ + } /* * Used to read non optional command line values that follow after the options. @@ -214,19 +212,19 @@ * context. */ int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, - const char *config_file, - OSSL_PROVIDER **provider, const char *module_name); + const char *config_file, + OSSL_PROVIDER **provider, const char *module_name); int test_arg_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, - OSSL_PROVIDER **provider, int argn, const char *usage); + OSSL_PROVIDER **provider, int argn, const char *usage); /* * Internal helpers. Test programs shouldn't use these directly, but should * rather link to one of the helper main() methods. */ -void add_test(const char *test_case_name, int (*test_fn) (void)); +void add_test(const char *test_case_name, int (*test_fn)(void)); void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num, - int subtest); + int subtest); /* * Declarations for user defined functions. @@ -286,31 +284,31 @@ * Test assumption verification helpers. */ -# define PRINTF_FORMAT(a, b) -# if defined(__GNUC__) && defined(__STDC_VERSION__) \ +#define PRINTF_FORMAT(a, b) +#if defined(__GNUC__) && defined(__STDC_VERSION__) \ && !defined(__MINGW32__) && !defined(__MINGW64__) \ && !defined(__APPLE__) - /* - * Because we support the 'z' modifier, which made its appearance in C99, - * we can't use __attribute__ with pre C99 dialects. - */ -# if __STDC_VERSION__ >= 199901L -# undef PRINTF_FORMAT -# define PRINTF_FORMAT(a, b) __attribute__ ((format(printf, a, b))) -# endif -# endif - -# define DECLARE_COMPARISON(type, name, opname) \ - int test_ ## name ## _ ## opname(const char *, int, \ - const char *, const char *, \ - const type, const type); - -# define DECLARE_COMPARISONS(type, name) \ - DECLARE_COMPARISON(type, name, eq) \ - DECLARE_COMPARISON(type, name, ne) \ - DECLARE_COMPARISON(type, name, lt) \ - DECLARE_COMPARISON(type, name, le) \ - DECLARE_COMPARISON(type, name, gt) \ +/* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +#if __STDC_VERSION__ >= 199901L +#undef PRINTF_FORMAT +#define PRINTF_FORMAT(a, b) __attribute__((format(printf, a, b))) +#endif +#endif + +#define DECLARE_COMPARISON(type, name, opname) \ + int test_##name##_##opname(const char *, int, \ + const char *, const char *, \ + const type, const type); + +#define DECLARE_COMPARISONS(type, name) \ + DECLARE_COMPARISON(type, name, eq) \ + DECLARE_COMPARISON(type, name, ne) \ + DECLARE_COMPARISON(type, name, lt) \ + DECLARE_COMPARISON(type, name, le) \ + DECLARE_COMPARISON(type, name, gt) \ DECLARE_COMPARISON(type, name, ge) DECLARE_COMPARISONS(int, int) @@ -326,9 +324,9 @@ * Because this comparison uses a printf format specifier that's not * universally known (yet), we provide an option to not have it declared. */ -# ifndef TESTUTIL_NO_size_t_COMPARISON +#ifndef TESTUTIL_NO_size_t_COMPARISON DECLARE_COMPARISONS(size_t, size_t) -# endif +#endif /* * Pointer comparisons against other pointers and null. @@ -354,9 +352,9 @@ * Same as above, but for strncmp. */ int test_strn_eq(const char *file, int line, const char *, const char *, - const char *a, size_t an, const char *b, size_t bn); + const char *a, size_t an, const char *b, size_t bn); int test_strn_ne(const char *file, int line, const char *, const char *, - const char *a, size_t an, const char *b, size_t bn); + const char *a, size_t an, const char *b, size_t bn); /* * Equality test for memory blocks where NULL is a legitimate value. @@ -365,9 +363,9 @@ * These should not be called directly, use the TEST_xxx macros below instead. */ int test_mem_eq(const char *, int, const char *, const char *, - const void *, size_t, const void *, size_t); + const void *, size_t, const void *, size_t); int test_mem_ne(const char *, int, const char *, const char *, - const void *, size_t, const void *, size_t); + const void *, size_t, const void *, size_t); /* * Check a boolean result for being true or false. @@ -395,9 +393,9 @@ int test_BN_odd(const char *file, int line, const char *s, const BIGNUM *a); int test_BN_even(const char *file, int line, const char *s, const BIGNUM *a); int test_BN_eq_word(const char *file, int line, const char *bns, const char *ws, - const BIGNUM *a, BN_ULONG w); + const BIGNUM *a, BN_ULONG w); int test_BN_abs_eq_word(const char *file, int line, const char *bns, - const char *ws, const BIGNUM *a, BN_ULONG w); + const char *ws, const BIGNUM *a, BN_ULONG w); /* * Pretty print a failure message. @@ -426,121 +424,121 @@ * ptr = OPENSSL_malloc(..); * if (!TEST_ptr(ptr)) */ -# define TEST_int_eq(a, b) test_int_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_int_ne(a, b) test_int_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_int_lt(a, b) test_int_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_int_le(a, b) test_int_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_int_gt(a, b) test_int_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_int_ge(a, b) test_int_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_uint_eq(a, b) test_uint_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uint_ne(a, b) test_uint_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uint_lt(a, b) test_uint_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uint_le(a, b) test_uint_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uint_gt(a, b) test_uint_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uint_ge(a, b) test_uint_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_char_eq(a, b) test_char_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_char_ne(a, b) test_char_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_char_lt(a, b) test_char_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_char_le(a, b) test_char_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_char_gt(a, b) test_char_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_char_ge(a, b) test_char_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_uchar_eq(a, b) test_uchar_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uchar_ne(a, b) test_uchar_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uchar_lt(a, b) test_uchar_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uchar_le(a, b) test_uchar_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uchar_gt(a, b) test_uchar_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_uchar_ge(a, b) test_uchar_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_long_eq(a, b) test_long_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_long_ne(a, b) test_long_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_long_lt(a, b) test_long_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_long_le(a, b) test_long_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_long_gt(a, b) test_long_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_long_ge(a, b) test_long_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_ulong_eq(a, b) test_ulong_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_ulong_ne(a, b) test_ulong_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_ulong_lt(a, b) test_ulong_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_ulong_le(a, b) test_ulong_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_ulong_gt(a, b) test_ulong_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_ulong_ge(a, b) test_ulong_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_size_t_eq(a, b) test_size_t_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_size_t_ne(a, b) test_size_t_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_size_t_lt(a, b) test_size_t_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_size_t_le(a, b) test_size_t_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_size_t_gt(a, b) test_size_t_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_size_t_ge(a, b) test_size_t_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_double_eq(a, b) test_double_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_double_ne(a, b) test_double_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_double_lt(a, b) test_double_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_double_le(a, b) test_double_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_double_gt(a, b) test_double_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_double_ge(a, b) test_double_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_time_t_eq(a, b) test_time_t_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_time_t_ne(a, b) test_time_t_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_time_t_lt(a, b) test_time_t_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_time_t_le(a, b) test_time_t_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_time_t_gt(a, b) test_time_t_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_time_t_ge(a, b) test_time_t_ge(__FILE__, __LINE__, #a, #b, a, b) - -# define TEST_ptr_eq(a, b) test_ptr_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_ptr_ne(a, b) test_ptr_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_ptr(a) test_ptr(__FILE__, __LINE__, #a, a) -# define TEST_ptr_null(a) test_ptr_null(__FILE__, __LINE__, #a, a) - -# define TEST_str_eq(a, b) test_str_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_str_ne(a, b) test_str_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_strn_eq(a, b, n) test_strn_eq(__FILE__, __LINE__, #a, #b, a, n, b, n) -# define TEST_strn_ne(a, b, n) test_strn_ne(__FILE__, __LINE__, #a, #b, a, n, b, n) -# define TEST_strn2_eq(a, m, b, n) test_strn_eq(__FILE__, __LINE__, #a, #b, a, m, b, n) -# define TEST_strn2_ne(a, m, b, n) test_strn_ne(__FILE__, __LINE__, #a, #b, a, m, b, n) - -# define TEST_mem_eq(a, m, b, n) test_mem_eq(__FILE__, __LINE__, #a, #b, a, m, b, n) -# define TEST_mem_ne(a, m, b, n) test_mem_ne(__FILE__, __LINE__, #a, #b, a, m, b, n) - -# define TEST_true(a) test_true(__FILE__, __LINE__, #a, (a) != 0) -# define TEST_false(a) test_false(__FILE__, __LINE__, #a, (a) != 0) - -# define TEST_BN_eq(a, b) test_BN_eq(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_BN_ne(a, b) test_BN_ne(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_BN_lt(a, b) test_BN_lt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_BN_gt(a, b) test_BN_gt(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_BN_le(a, b) test_BN_le(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_BN_ge(a, b) test_BN_ge(__FILE__, __LINE__, #a, #b, a, b) -# define TEST_BN_eq_zero(a) test_BN_eq_zero(__FILE__, __LINE__, #a, a) -# define TEST_BN_ne_zero(a) test_BN_ne_zero(__FILE__, __LINE__, #a, a) -# define TEST_BN_lt_zero(a) test_BN_lt_zero(__FILE__, __LINE__, #a, a) -# define TEST_BN_gt_zero(a) test_BN_gt_zero(__FILE__, __LINE__, #a, a) -# define TEST_BN_le_zero(a) test_BN_le_zero(__FILE__, __LINE__, #a, a) -# define TEST_BN_ge_zero(a) test_BN_ge_zero(__FILE__, __LINE__, #a, a) -# define TEST_BN_eq_one(a) test_BN_eq_one(__FILE__, __LINE__, #a, a) -# define TEST_BN_eq_word(a, w) test_BN_eq_word(__FILE__, __LINE__, #a, #w, a, w) -# define TEST_BN_abs_eq_word(a, w) test_BN_abs_eq_word(__FILE__, __LINE__, #a, #w, a, w) -# define TEST_BN_odd(a) test_BN_odd(__FILE__, __LINE__, #a, a) -# define TEST_BN_even(a) test_BN_even(__FILE__, __LINE__, #a, a) +#define TEST_int_eq(a, b) test_int_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_int_ne(a, b) test_int_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_int_lt(a, b) test_int_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_int_le(a, b) test_int_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_int_gt(a, b) test_int_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_int_ge(a, b) test_int_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_uint_eq(a, b) test_uint_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uint_ne(a, b) test_uint_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uint_lt(a, b) test_uint_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uint_le(a, b) test_uint_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uint_gt(a, b) test_uint_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uint_ge(a, b) test_uint_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_char_eq(a, b) test_char_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_char_ne(a, b) test_char_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_char_lt(a, b) test_char_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_char_le(a, b) test_char_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_char_gt(a, b) test_char_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_char_ge(a, b) test_char_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_uchar_eq(a, b) test_uchar_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uchar_ne(a, b) test_uchar_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uchar_lt(a, b) test_uchar_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uchar_le(a, b) test_uchar_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uchar_gt(a, b) test_uchar_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_uchar_ge(a, b) test_uchar_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_long_eq(a, b) test_long_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_long_ne(a, b) test_long_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_long_lt(a, b) test_long_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_long_le(a, b) test_long_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_long_gt(a, b) test_long_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_long_ge(a, b) test_long_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_ulong_eq(a, b) test_ulong_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_ulong_ne(a, b) test_ulong_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_ulong_lt(a, b) test_ulong_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_ulong_le(a, b) test_ulong_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_ulong_gt(a, b) test_ulong_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_ulong_ge(a, b) test_ulong_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_size_t_eq(a, b) test_size_t_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_size_t_ne(a, b) test_size_t_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_size_t_lt(a, b) test_size_t_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_size_t_le(a, b) test_size_t_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_size_t_gt(a, b) test_size_t_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_size_t_ge(a, b) test_size_t_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_double_eq(a, b) test_double_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_double_ne(a, b) test_double_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_double_lt(a, b) test_double_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_double_le(a, b) test_double_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_double_gt(a, b) test_double_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_double_ge(a, b) test_double_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_time_t_eq(a, b) test_time_t_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_time_t_ne(a, b) test_time_t_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_time_t_lt(a, b) test_time_t_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_time_t_le(a, b) test_time_t_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_time_t_gt(a, b) test_time_t_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_time_t_ge(a, b) test_time_t_ge(__FILE__, __LINE__, #a, #b, a, b) + +#define TEST_ptr_eq(a, b) test_ptr_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_ptr_ne(a, b) test_ptr_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_ptr(a) test_ptr(__FILE__, __LINE__, #a, a) +#define TEST_ptr_null(a) test_ptr_null(__FILE__, __LINE__, #a, a) + +#define TEST_str_eq(a, b) test_str_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_str_ne(a, b) test_str_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_strn_eq(a, b, n) test_strn_eq(__FILE__, __LINE__, #a, #b, a, n, b, n) +#define TEST_strn_ne(a, b, n) test_strn_ne(__FILE__, __LINE__, #a, #b, a, n, b, n) +#define TEST_strn2_eq(a, m, b, n) test_strn_eq(__FILE__, __LINE__, #a, #b, a, m, b, n) +#define TEST_strn2_ne(a, m, b, n) test_strn_ne(__FILE__, __LINE__, #a, #b, a, m, b, n) + +#define TEST_mem_eq(a, m, b, n) test_mem_eq(__FILE__, __LINE__, #a, #b, a, m, b, n) +#define TEST_mem_ne(a, m, b, n) test_mem_ne(__FILE__, __LINE__, #a, #b, a, m, b, n) + +#define TEST_true(a) test_true(__FILE__, __LINE__, #a, (a) != 0) +#define TEST_false(a) test_false(__FILE__, __LINE__, #a, (a) != 0) + +#define TEST_BN_eq(a, b) test_BN_eq(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_BN_ne(a, b) test_BN_ne(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_BN_lt(a, b) test_BN_lt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_BN_gt(a, b) test_BN_gt(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_BN_le(a, b) test_BN_le(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_BN_ge(a, b) test_BN_ge(__FILE__, __LINE__, #a, #b, a, b) +#define TEST_BN_eq_zero(a) test_BN_eq_zero(__FILE__, __LINE__, #a, a) +#define TEST_BN_ne_zero(a) test_BN_ne_zero(__FILE__, __LINE__, #a, a) +#define TEST_BN_lt_zero(a) test_BN_lt_zero(__FILE__, __LINE__, #a, a) +#define TEST_BN_gt_zero(a) test_BN_gt_zero(__FILE__, __LINE__, #a, a) +#define TEST_BN_le_zero(a) test_BN_le_zero(__FILE__, __LINE__, #a, a) +#define TEST_BN_ge_zero(a) test_BN_ge_zero(__FILE__, __LINE__, #a, a) +#define TEST_BN_eq_one(a) test_BN_eq_one(__FILE__, __LINE__, #a, a) +#define TEST_BN_eq_word(a, w) test_BN_eq_word(__FILE__, __LINE__, #a, #w, a, w) +#define TEST_BN_abs_eq_word(a, w) test_BN_abs_eq_word(__FILE__, __LINE__, #a, #w, a, w) +#define TEST_BN_odd(a) test_BN_odd(__FILE__, __LINE__, #a, a) +#define TEST_BN_even(a) test_BN_even(__FILE__, __LINE__, #a, a) /* * TEST_error(desc, ...) prints an informative error message in the standard * format. |desc| is a printf format string. */ -# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L -# define TEST_error test_error_c90 -# define TEST_info test_info_c90 -# define TEST_skip test_skip_c90 -# else -# define TEST_error(...) test_error(__FILE__, __LINE__, __VA_ARGS__) -# define TEST_info(...) test_info(__FILE__, __LINE__, __VA_ARGS__) -# define TEST_skip(...) test_skip(__FILE__, __LINE__, __VA_ARGS__) -# endif -# define TEST_note test_note -# define TEST_openssl_errors test_openssl_errors -# define TEST_perror test_perror +#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L +#define TEST_error test_error_c90 +#define TEST_info test_info_c90 +#define TEST_skip test_skip_c90 +#else +#define TEST_error(...) test_error(__FILE__, __LINE__, __VA_ARGS__) +#define TEST_info(...) test_info(__FILE__, __LINE__, __VA_ARGS__) +#define TEST_skip(...) test_skip(__FILE__, __LINE__, __VA_ARGS__) +#endif +#define TEST_note test_note +#define TEST_openssl_errors test_openssl_errors +#define TEST_perror test_perror extern BIO *bio_out; extern BIO *bio_err; @@ -552,11 +550,10 @@ void test_output_bignum(const char *name, const BIGNUM *bn); void test_output_memory(const char *name, const unsigned char *m, size_t l); - /* * Utilities to parse a test file. */ -# define TESTMAXPAIRS 150 +#define TESTMAXPAIRS 150 typedef struct pair_st { char *key; @@ -564,17 +561,17 @@ } PAIR; typedef struct stanza_st { - const char *test_file; /* Input file name */ - BIO *fp; /* Input file */ - int curr; /* Current line in file */ - int start; /* Line where test starts */ - int errors; /* Error count */ - int numtests; /* Number of tests */ - int numskip; /* Number of skipped tests */ + const char *test_file; /* Input file name */ + BIO *fp; /* Input file */ + int curr; /* Current line in file */ + int start; /* Line where test starts */ + int errors; /* Error count */ + int numtests; /* Number of tests */ + int numskip; /* Number of skipped tests */ int numpairs; PAIR pairs[TESTMAXPAIRS]; - BIO *key; /* temp memory BIO for reading in keys */ - char buff[4096]; /* Input buffer for a single key/value */ + BIO *key; /* temp memory BIO for reading in keys */ + char buff[4096]; /* Input buffer for a single key/value */ } STANZA; /* @@ -613,15 +610,15 @@ /* Fake non-secure random number generator */ typedef int fake_random_generate_cb(unsigned char *out, size_t outlen, - const char *name, EVP_RAND_CTX *ctx); + const char *name, EVP_RAND_CTX *ctx); OSSL_PROVIDER *fake_rand_start(OSSL_LIB_CTX *libctx); void fake_rand_finish(OSSL_PROVIDER *p); void fake_rand_set_callback(EVP_RAND_CTX *ctx, - int (*cb)(unsigned char *out, size_t outlen, - const char *name, EVP_RAND_CTX *ctx)); + int (*cb)(unsigned char *out, size_t outlen, + const char *name, EVP_RAND_CTX *ctx)); void fake_rand_set_public_private_callbacks(OSSL_LIB_CTX *libctx, - fake_random_generate_cb *cb); + fake_random_generate_cb *cb); /* Create a file path from a directory and a filename */ char *test_mk_file_path(const char *dir, const char *file); @@ -632,4 +629,4 @@ STACK_OF(X509) *load_certs_pem(const char *file); X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx); -#endif /* OSSL_TESTUTIL_H */ +#endif /* OSSL_TESTUTIL_H */ --- crypto/openssl/test/testutil/driver.c.orig +++ crypto/openssl/test/testutil/driver.c @@ -17,24 +17,23 @@ #include "internal/nelem.h" #include -#include "platform.h" /* From libapps */ +#include "platform.h" /* From libapps */ #if defined(_WIN32) && !defined(__BORLANDC__) -# define strdup _strdup +#define strdup _strdup #endif - /* * Declares the structures needed to register each test case function. */ typedef struct test_info { const char *test_case_name; - int (*test_fn) (void); + int (*test_fn)(void); int (*param_test_fn)(int idx); int num; /* flags */ - int subtest:1; + int subtest : 1; } TEST_INFO; static TEST_INFO all_tests[1024]; @@ -55,8 +54,7 @@ static int process_shared_options(void); - -void add_test(const char *test_case_name, int (*test_fn) (void)) +void add_test(const char *test_case_name, int (*test_fn)(void)) { assert(num_tests != OSSL_NELEM(all_tests)); all_tests[num_tests].test_case_name = test_case_name; @@ -66,8 +64,8 @@ ++num_test_cases; } -void add_all_tests(const char *test_case_name, int(*test_fn)(int idx), - int num, int subtest) +void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), + int num, int subtest) { assert(num_tests != OSSL_NELEM(all_tests)); all_tests[num_tests].test_case_name = test_case_name; @@ -99,7 +97,6 @@ test_random_seed(seed); } - int setup_test_framework(int argc, char *argv[]) { char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER"); @@ -129,7 +126,6 @@ return 1; } - /* * This can only be called after setup() has run, since num_tests and * all_tests[] are setup at this point @@ -148,7 +144,6 @@ single_test = atoi(name); } - /* if only iteration is specified, assume we want the first test */ if (single_test == -1 && single_iter != -1) single_test = 1; @@ -157,24 +152,24 @@ if (single_test < 1 || single_test > num_tests) { test_printf_stderr("Invalid -%s value " "(Value must be a valid test name OR a value between %d..%d)\n", - testname, 1, num_tests); + testname, 1, num_tests); return 0; } } if (single_iter != -1) { if (all_tests[single_test - 1].num == -1) { test_printf_stderr("-%s option is not valid for test %d:%s\n", - itname, - single_test, - all_tests[single_test - 1].test_case_name); + itname, + single_test, + all_tests[single_test - 1].test_case_name); return 0; } else if (single_iter < 1 - || single_iter > all_tests[single_test - 1].num) { + || single_iter > all_tests[single_test - 1].num) { test_printf_stderr("Invalid -%s value for test %d:%s\t" "(Value must be in the range %d..%d)\n", - itname, single_test, - all_tests[single_test - 1].test_case_name, - 1, all_tests[single_test - 1].num); + itname, single_test, + all_tests[single_test - 1].test_case_name, + 1, all_tests[single_test - 1].num); return 0; } } @@ -233,7 +228,6 @@ return ret; } - int pulldown_test_framework(int ret) { set_test_title(NULL); @@ -256,8 +250,9 @@ test_title = title == NULL ? NULL : strdup(title); } -PRINTF_FORMAT(2, 3) static void test_verdict(int verdict, - const char *description, ...) +PRINTF_FORMAT(2, 3) +static void test_verdict(int verdict, + const char *description, ...) { va_list ap; @@ -316,17 +311,16 @@ for (ii = 0; ii != num_tests; ++ii) { i = permute[ii]; - if (single_test != -1 && ((i+1) != single_test)) { + if (single_test != -1 && ((i + 1) != single_test)) { continue; - } - else if (show_list) { + } else if (show_list) { if (all_tests[i].num != -1) { test_printf_tapout("%d - %s (%d..%d)\n", ii + 1, - all_tests[i].test_case_name, 1, - all_tests[i].num); + all_tests[i].test_case_name, 1, + all_tests[i].num); } else { test_printf_tapout("%d - %s\n", ii + 1, - all_tests[i].test_case_name); + all_tests[i].test_case_name); } test_flush_tapout(); } else if (all_tests[i].num == -1) { @@ -379,11 +373,11 @@ if (all_tests[i].subtest) test_verdict(v, "%d - iteration %d", - subtest_case_count + 1, j + 1); + subtest_case_count + 1, j + 1); else test_verdict(v, "%d - %s - iteration %d", - test_case_count + subtest_case_count + 1, - test_title, j + 1); + test_case_count + subtest_case_count + 1, + test_title, j + 1); subtest_case_count++; } @@ -395,7 +389,7 @@ ++num_failed; if (all_tests[i].num == -1 || all_tests[i].subtest) test_verdict(verdict, "%d - %s", test_case_count + 1, - all_tests[i].test_case_name); + all_tests[i].test_case_name); test_case_count++; } } @@ -431,13 +425,13 @@ char *test_mk_file_path(const char *dir, const char *file) { -# ifndef OPENSSL_SYS_VMS +#ifndef OPENSSL_SYS_VMS const char *sep = "/"; -# else +#else const char *sep = ""; char *dir_end; char dir_end_sep; -# endif +#endif size_t dirlen = dir != NULL ? strlen(dir) : 0; size_t len = dirlen + strlen(sep) + strlen(file) + 1; char *full_file = OPENSSL_zalloc(len); @@ -445,7 +439,7 @@ if (full_file != NULL) { if (dir != NULL && dirlen > 0) { OPENSSL_strlcpy(full_file, dir, len); -# ifdef OPENSSL_SYS_VMS +#ifdef OPENSSL_SYS_VMS /* * If |file| contains a directory spec, we need to do some * careful merging. --- crypto/openssl/test/testutil/fake_random.c.orig +++ crypto/openssl/test/testutil/fake_random.c @@ -33,7 +33,7 @@ static OSSL_FUNC_rand_enable_locking_fn fake_rand_enable_locking; static void *fake_rand_newctx(void *provctx, void *parent, - const OSSL_DISPATCH *parent_dispatch) + const OSSL_DISPATCH *parent_dispatch) { FAKE_RAND *r = OPENSSL_zalloc(sizeof(*r)); @@ -48,10 +48,10 @@ } static int fake_rand_instantiate(void *vrng, ossl_unused unsigned int strength, - ossl_unused int prediction_resistance, - ossl_unused const unsigned char *pstr, - size_t pstr_len, - ossl_unused const OSSL_PARAM params[]) + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *pstr, + size_t pstr_len, + ossl_unused const OSSL_PARAM params[]) { FAKE_RAND *frng = (FAKE_RAND *)vrng; @@ -68,8 +68,8 @@ } static int fake_rand_generate(void *vrng, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *adin, size_t adinlen) + unsigned int strength, int prediction_resistance, + const unsigned char *adin, size_t adinlen) { FAKE_RAND *frng = (FAKE_RAND *)vrng; size_t l; @@ -113,7 +113,7 @@ } static const OSSL_PARAM *fake_rand_gettable_ctx_params(ossl_unused void *vrng, - ossl_unused void *provctx) + ossl_unused void *provctx) { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), @@ -132,8 +132,8 @@ { OSSL_FUNC_RAND_GENERATE, (void (*)(void))fake_rand_generate }, { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))fake_rand_enable_locking }, { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, - (void(*)(void))fake_rand_gettable_ctx_params }, - { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))fake_rand_get_ctx_params }, + (void (*)(void))fake_rand_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void (*)(void))fake_rand_get_ctx_params }, { 0, NULL } }; @@ -143,8 +143,8 @@ }; static const OSSL_ALGORITHM *fake_rand_query(void *provctx, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { *no_cache = 0; switch (operation_id) { @@ -162,8 +162,8 @@ }; static int fake_rand_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, void **provctx) { if (!TEST_ptr(*provctx = OSSL_LIB_CTX_new())) return 0; @@ -190,15 +190,15 @@ OSSL_PROVIDER *p; if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "fake-rand", - fake_rand_provider_init)) - || !TEST_true(RAND_set_DRBG_type(libctx, "fake", NULL, NULL, NULL)) - || !TEST_ptr(p = OSSL_PROVIDER_try_load(libctx, "fake-rand", 1))) + fake_rand_provider_init)) + || !TEST_true(RAND_set_DRBG_type(libctx, "fake", NULL, NULL, NULL)) + || !TEST_ptr(p = OSSL_PROVIDER_try_load(libctx, "fake-rand", 1))) return NULL; /* Ensure that the fake rand is initialized. */ if (!TEST_true(check_rng(RAND_get0_primary(libctx), "primary")) - || !TEST_true(check_rng(RAND_get0_private(libctx), "private")) - || !TEST_true(check_rng(RAND_get0_public(libctx), "public"))) { + || !TEST_true(check_rng(RAND_get0_private(libctx), "private")) + || !TEST_true(check_rng(RAND_get0_public(libctx), "public"))) { OSSL_PROVIDER_unload(p); return NULL; } @@ -212,20 +212,19 @@ } void fake_rand_set_callback(EVP_RAND_CTX *rng, - int (*cb)(unsigned char *out, size_t outlen, - const char *name, EVP_RAND_CTX *ctx)) + int (*cb)(unsigned char *out, size_t outlen, + const char *name, EVP_RAND_CTX *ctx)) { if (rng != NULL) ((FAKE_RAND *)rng->algctx)->cb = cb; } void fake_rand_set_public_private_callbacks(OSSL_LIB_CTX *libctx, - int (*cb)(unsigned char *out, - size_t outlen, - const char *name, - EVP_RAND_CTX *ctx)) + int (*cb)(unsigned char *out, + size_t outlen, + const char *name, + EVP_RAND_CTX *ctx)) { fake_rand_set_callback(RAND_get0_private(libctx), cb); fake_rand_set_callback(RAND_get0_public(libctx), cb); } - --- crypto/openssl/test/testutil/format_output.c.orig +++ crypto/openssl/test/testutil/format_output.c @@ -16,9 +16,9 @@ #include "internal/nelem.h" /* The size of memory buffers to display on failure */ -#define MEM_BUFFER_SIZE (2000) -#define MAX_STRING_WIDTH (80) -#define BN_OUTPUT_SIZE (8) +#define MEM_BUFFER_SIZE (2000) +#define MAX_STRING_WIDTH (80) +#define BN_OUTPUT_SIZE (8) /* Output a diff header */ static void test_diff_header(const char *left, const char *right) @@ -37,13 +37,12 @@ } static void test_fail_string_common(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, const char *m1, size_t l1, - const char *m2, size_t l2) + int line, const char *type, + const char *left, const char *right, + const char *op, const char *m1, size_t l1, + const char *m2, size_t l2) { - const size_t width = - (MAX_STRING_WIDTH - BIO_get_indent(bio_err) - 12) / 16 * 16; + const size_t width = (MAX_STRING_WIDTH - BIO_get_indent(bio_err) - 12) / 16 * 16; char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1]; char bdiff[MAX_STRING_WIDTH + 1]; size_t n1, n2, i; @@ -102,7 +101,7 @@ else if (n1 > 0) test_printf_stderr("%4u:- '%s'\n", cnt, b1); if (cnt == 0 && (m2 == NULL || *m2 == '\0')) - test_string_null_empty(m2, '+'); + test_string_null_empty(m2, '+'); else if (n2 > 0) test_printf_stderr("%4u:+ '%s'\n", cnt, b2); if (diff && i > 0) @@ -126,20 +125,20 @@ * fails. The second is the user's call to dump a string. */ void test_fail_string_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, const char *m1, size_t l1, - const char *m2, size_t l2) + int line, const char *type, + const char *left, const char *right, + const char *op, const char *m1, size_t l1, + const char *m2, size_t l2) { test_fail_string_common(prefix, file, line, type, left, right, op, - m1, l1, m2, l2); + m1, l1, m2, l2); test_printf_stderr("\n"); } void test_output_string(const char *name, const char *m, size_t l) { test_fail_string_common("string", NULL, 0, NULL, NULL, NULL, name, - m, l, m, l); + m, l, m, l); } /* BIGNUM formatted output routines */ @@ -149,7 +148,7 @@ * every so often. */ static void hex_convert_memory(const unsigned char *m, size_t n, char *b, - size_t width) + size_t width) { size_t i; @@ -169,9 +168,10 @@ * of characters these take. */ static const int bn_bytes = (MAX_STRING_WIDTH - 9) / (BN_OUTPUT_SIZE * 2 + 1) - * BN_OUTPUT_SIZE; + * BN_OUTPUT_SIZE; static const int bn_chars = (MAX_STRING_WIDTH - 9) / (BN_OUTPUT_SIZE * 2 + 1) - * (BN_OUTPUT_SIZE * 2 + 1) - 1; + * (BN_OUTPUT_SIZE * 2 + 1) + - 1; /* * Output the header line for the bignum @@ -205,7 +205,7 @@ * string with appropriate visual aid spaces inserted. */ static int convert_bn_memory(const unsigned char *in, size_t bytes, - char *out, int *lz, const BIGNUM *bn) + char *out, int *lz, const BIGNUM *bn) { int n = bytes * 2, i; char *p = out, *q = NULL; @@ -242,7 +242,7 @@ } } } - return n; + return n; } for (i = 0; i < n; i++) { @@ -264,10 +264,10 @@ * pointers for changes (only when there are two). */ static void test_fail_bignum_common(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, - const BIGNUM *bn1, const BIGNUM *bn2) + int line, const char *type, + const char *left, const char *right, + const char *op, + const BIGNUM *bn1, const BIGNUM *bn2) { const size_t bytes = bn_bytes; char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1]; @@ -323,7 +323,7 @@ diff = real_diff = 0; i = 0; p = bdiff; - for (i=0; b1[i] != '\0'; i++) + for (i = 0; b1[i] != '\0'; i++) if (b1[i] == b2[i] || b1[i] == ' ' || b2[i] == ' ') { *p++ = ' '; diff |= b1[i] != b2[i]; @@ -344,7 +344,7 @@ else if (cnt == 0 || n2 > 0) test_printf_stderr("+%s:% 5d\n", b2, cnt); if (real_diff && (cnt == 0 || (n1 > 0 && n2 > 0)) - && bn1 != NULL && bn2 != NULL) + && bn1 != NULL && bn2 != NULL) test_printf_stderr(" %s\n", bdiff); } if (m1 != NULL) @@ -365,19 +365,19 @@ * fails. The third is the user's call to dump a bignum. */ void test_fail_bignum_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, - const BIGNUM *bn1, const BIGNUM *bn2) + int line, const char *type, + const char *left, const char *right, + const char *op, + const BIGNUM *bn1, const BIGNUM *bn2) { test_fail_bignum_common(prefix, file, line, type, left, right, op, bn1, bn2); test_printf_stderr("\n"); } void test_fail_bignum_mono_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, const BIGNUM *bn) + int line, const char *type, + const char *left, const char *right, + const char *op, const BIGNUM *bn) { test_fail_bignum_common(prefix, file, line, type, left, right, op, bn, bn); test_printf_stderr("\n"); @@ -387,7 +387,7 @@ { if (bn == NULL || BN_is_zero(bn)) { test_printf_stderr("bignum: '%s' = %s\n", name, - test_bignum_zero_null(bn)); + test_bignum_zero_null(bn)); } else if (BN_num_bytes(bn) <= BN_OUTPUT_SIZE) { unsigned char buf[BN_OUTPUT_SIZE]; char out[2 * sizeof(buf) + 1]; @@ -398,10 +398,10 @@ while (*p == '0' && *++p != '\0') ; test_printf_stderr("bignum: '%s' = %s0x%s\n", name, - BN_is_negative(bn) ? "-" : "", p); + BN_is_negative(bn) ? "-" : "", p); } else { test_fail_bignum_common("bignum", NULL, 0, NULL, NULL, NULL, name, - bn, bn); + bn, bn); } } @@ -422,11 +422,11 @@ * Common code to display one or two blocks of memory. */ static void test_fail_memory_common(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, - const unsigned char *m1, size_t l1, - const unsigned char *m2, size_t l2) + int line, const char *type, + const char *left, const char *right, + const char *op, + const unsigned char *m1, size_t l1, + const unsigned char *m2, size_t l2) { const size_t bytes = (MAX_STRING_WIDTH - 9) / 17 * 8; char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1]; @@ -517,19 +517,19 @@ * fails. The second is the user's call to dump memory. */ void test_fail_memory_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, - const unsigned char *m1, size_t l1, - const unsigned char *m2, size_t l2) + int line, const char *type, + const char *left, const char *right, + const char *op, + const unsigned char *m1, size_t l1, + const unsigned char *m2, size_t l2) { test_fail_memory_common(prefix, file, line, type, left, right, op, - m1, l1, m2, l2); + m1, l1, m2, l2); test_printf_stderr("\n"); } void test_output_memory(const char *name, const unsigned char *m, size_t l) { test_fail_memory_common("memory", NULL, 0, NULL, NULL, NULL, name, - m, l, m, l); + m, l, m, l); } --- crypto/openssl/test/testutil/load.c.orig +++ crypto/openssl/test/testutil/load.c @@ -23,7 +23,7 @@ if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new(BIO_s_file()))) return NULL; if (TEST_int_gt(BIO_read_filename(bio, file), 0) - && TEST_ptr(cert = X509_new_ex(libctx, NULL))) + && TEST_ptr(cert = X509_new_ex(libctx, NULL))) (void)TEST_ptr(cert = PEM_read_bio_X509(bio, &cert, NULL, NULL)); BIO_free(bio); @@ -77,7 +77,7 @@ unsigned long err = ERR_peek_error(); if (TEST_ptr(key = PEM_read_bio_PrivateKey_ex(bio, NULL, NULL, NULL, - libctx, NULL)) + libctx, NULL)) && err != ERR_peek_error()) { TEST_info("Spurious error from reading PEM"); EVP_PKEY_free(key); --- crypto/openssl/test/testutil/main.c.orig +++ crypto/openssl/test/testutil/main.c @@ -11,7 +11,6 @@ #include "output.h" #include "tu_local.h" - int main(int argc, char *argv[]) { int ret = EXIT_FAILURE; --- crypto/openssl/test/testutil/options.c.orig +++ crypto/openssl/test/testutil/options.c @@ -12,7 +12,6 @@ #include "tu_local.h" #include "output.h" - static int used[100] = { 0 }; int test_skip_common_options(void) @@ -22,7 +21,7 @@ while ((o = (OPTION_CHOICE_DEFAULT)opt_next()) != OPT_EOF) { switch (o) { case OPT_TEST_CASES: - break; + break; default: case OPT_ERR: return 0; @@ -60,7 +59,7 @@ for (i = 0; i < n; i++) { if (used[i] == 0) test_printf_stderr("Warning ignored command-line argument %d: %s\n", - i, argv[i]); + i, argv[i]); } if (i < arg_count) test_printf_stderr("Warning arguments %d and later unchecked\n", i); @@ -76,4 +75,3 @@ va_end(ap); return ret; } - --- crypto/openssl/test/testutil/output.h.orig +++ crypto/openssl/test/testutil/output.h @@ -8,28 +8,28 @@ */ #ifndef OSSL_TESTUTIL_OUTPUT_H -# define OSSL_TESTUTIL_OUTPUT_H +#define OSSL_TESTUTIL_OUTPUT_H -# include +#include -# define ossl_test__attr__(x) -# if defined(__GNUC__) && defined(__STDC_VERSION__) \ +#define ossl_test__attr__(x) +#if defined(__GNUC__) && defined(__STDC_VERSION__) \ && !defined(__MINGW32__) && !defined(__MINGW64__) \ && !defined(__APPLE__) - /* - * Because we support the 'z' modifier, which made its appearance in C99, - * we can't use __attribute__ with pre C99 dialects. - */ -# if __STDC_VERSION__ >= 199901L -# undef ossl_test__attr__ -# define ossl_test__attr__ __attribute__ -# if __GNUC__*10 + __GNUC_MINOR__ >= 44 -# define ossl_test__printf__ __gnu_printf__ -# else -# define ossl_test__printf__ __printf__ -# endif -# endif -# endif +/* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +#if __STDC_VERSION__ >= 199901L +#undef ossl_test__attr__ +#define ossl_test__attr__ __attribute__ +#if __GNUC__ * 10 + __GNUC_MINOR__ >= 44 +#define ossl_test__printf__ __gnu_printf__ +#else +#define ossl_test__printf__ __printf__ +#endif +#endif +#endif /* * The basic I/O functions used internally by the test framework. These * can be overridden when needed. Note that if one is, then all must be. @@ -62,7 +62,7 @@ int test_printf_taperr(const char *fmt, ...) ossl_test__attr__((__format__(ossl_test__printf__, 1, 2))); -# undef ossl_test__printf__ -# undef ossl_test__attr__ +#undef ossl_test__printf__ +#undef ossl_test__attr__ -#endif /* OSSL_TESTUTIL_OUTPUT_H */ +#endif /* OSSL_TESTUTIL_OUTPUT_H */ --- crypto/openssl/test/testutil/provider.c.orig +++ crypto/openssl/test/testutil/provider.c @@ -14,8 +14,8 @@ #include int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, - const char *config_file, - OSSL_PROVIDER **provider, const char *module_name) + const char *config_file, + OSSL_PROVIDER **provider, const char *module_name) { OSSL_LIB_CTX *new_libctx = NULL; @@ -33,25 +33,25 @@ } if (config_file != NULL - && !OSSL_LIB_CTX_load_config(new_libctx, config_file)) { + && !OSSL_LIB_CTX_load_config(new_libctx, config_file)) { opt_printf_stderr("Error loading config from file %s\n", config_file); goto err; } if (provider != NULL && module_name != NULL - && (*provider = OSSL_PROVIDER_load(new_libctx, module_name)) == NULL) { + && (*provider = OSSL_PROVIDER_load(new_libctx, module_name)) == NULL) { opt_printf_stderr("Failed to load provider %s\n", module_name); goto err; } return 1; - err: +err: ERR_print_errors_fp(stderr); return 0; } int test_arg_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, - OSSL_PROVIDER **provider, int argn, const char *usage) + OSSL_PROVIDER **provider, int argn, const char *usage) { const char *module_name; @@ -62,7 +62,7 @@ if (strcmp(module_name, "none") == 0) return 1; return test_get_libctx(libctx, default_null_prov, - test_get_argument(argn + 1), provider, module_name); + test_get_argument(argn + 1), provider, module_name); } typedef struct { @@ -86,12 +86,12 @@ if ((fips_prov = OSSL_PROVIDER_load(libctx, "fips")) == NULL) return -1; if (!OSSL_PROVIDER_get_params(fips_prov, params) - || sscanf(vs, "%d.%d.%d", &vers->major, &vers->minor, &vers->patch) != 3) + || sscanf(vs, "%d.%d.%d", &vers->major, &vers->minor, &vers->patch) != 3) goto err; if (!OSSL_PROVIDER_unload(fips_prov)) return -1; return 1; - err: +err: OSSL_PROVIDER_unload(fips_prov); return -1; } @@ -124,9 +124,9 @@ if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return prov.major < major - || (prov.major == major - && (prov.minor < minor - || (prov.minor == minor && prov.patch <= patch))); + || (prov.major == major + && (prov.minor < minor + || (prov.minor == minor && prov.patch <= patch))); } int fips_provider_version_lt(OSSL_LIB_CTX *libctx, int major, int minor, int patch) @@ -137,9 +137,9 @@ if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return prov.major < major - || (prov.major == major - && (prov.minor < minor - || (prov.minor == minor && prov.patch < patch))); + || (prov.major == major + && (prov.minor < minor + || (prov.minor == minor && prov.patch < patch))); } int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch) @@ -150,9 +150,9 @@ if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return prov.major > major - || (prov.major == major - && (prov.minor > minor - || (prov.minor == minor && prov.patch > patch))); + || (prov.major == major + && (prov.minor > minor + || (prov.minor == minor && prov.patch > patch))); } int fips_provider_version_ge(OSSL_LIB_CTX *libctx, int major, int minor, int patch) @@ -163,9 +163,9 @@ if ((res = fips_provider_version(libctx, &prov)) <= 0) return res == 0; return prov.major > major - || (prov.major == major - && (prov.minor > minor - || (prov.minor == minor && prov.patch >= patch))); + || (prov.major == major + && (prov.minor > minor + || (prov.minor == minor && prov.patch >= patch))); } int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions) @@ -173,7 +173,12 @@ const char *p; int major, minor, patch, r; enum { - MODE_EQ, MODE_NE, MODE_LE, MODE_LT, MODE_GT, MODE_GE + MODE_EQ, + MODE_NE, + MODE_LE, + MODE_LT, + MODE_GT, + MODE_GE } mode; while (*versions != '\0') { --- crypto/openssl/test/testutil/random.c.orig +++ crypto/openssl/test/testutil/random.c @@ -16,7 +16,8 @@ */ static uint32_t test_random_state[31]; -uint32_t test_random(void) { +uint32_t test_random(void) +{ static unsigned int pos = 3; if (pos == 31) @@ -25,7 +26,8 @@ return test_random_state[pos++] / 2; } -void test_random_seed(uint32_t sd) { +void test_random_seed(uint32_t sd) +{ int i; int32_t s; const unsigned int mod = (1u << 31) - 1; --- crypto/openssl/test/testutil/stanza.c.orig +++ crypto/openssl/test/testutil/stanza.c @@ -30,7 +30,7 @@ int test_end_file(STANZA *s) { TEST_info("Completed %d tests with %d errors and %d skipped", - s->numtests, s->errors, s->numskip); + s->numtests, s->errors, s->numskip); BIO_free(s->fp); return 1; } @@ -61,7 +61,6 @@ return 0; } - /* * Delete leading and trailing spaces from a string */ @@ -75,7 +74,7 @@ if (*p == '\0') return NULL; - for (q = p + strlen(p) - 1; q != p && isspace((unsigned char)*q); ) + for (q = p + strlen(p) - 1; q != p && isspace((unsigned char)*q);) *q-- = '\0'; return *p ? p : NULL; } @@ -89,7 +88,7 @@ char *p, *equals, *key; const char *value; - for (s->numpairs = 0; BIO_gets(s->fp, s->buff, sizeof(s->buff)); ) { + for (s->numpairs = 0; BIO_gets(s->fp, s->buff, sizeof(s->buff));) { s->curr++; if (!TEST_ptr(p = strchr(s->buff, '\n'))) { TEST_info("Line %d too long", s->curr); @@ -136,8 +135,8 @@ } if (!TEST_int_lt(s->numpairs++, TESTMAXPAIRS) - || !TEST_ptr(pp->key = OPENSSL_strdup(key)) - || !TEST_ptr(pp->value = OPENSSL_strdup(value))) + || !TEST_ptr(pp->key = OPENSSL_strdup(key)) + || !TEST_ptr(pp->value = OPENSSL_strdup(value))) return 0; pp++; } @@ -151,7 +150,7 @@ PAIR *pp = s->pairs; int i = s->numpairs; - for ( ; --i >= 0; pp++) { + for (; --i >= 0; pp++) { OPENSSL_free(pp->key); OPENSSL_free(pp->value); } --- crypto/openssl/test/testutil/tests.c.orig +++ crypto/openssl/test/testutil/tests.c @@ -24,9 +24,9 @@ * and right where a non-failure message is produced if either is NULL. */ void test_fail_message_prefix(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op) + int line, const char *type, + const char *left, const char *right, + const char *op) { test_printf_stderr("%s: ", prefix != NULL ? prefix : "ERROR"); if (type) @@ -67,15 +67,15 @@ * FAIL oops: (int) value 3 is not 6\n */ static void test_fail_message(const char *prefix, const char *file, int line, - const char *type, const char *left, - const char *right, const char *op, - const char *fmt, ...) - PRINTF_FORMAT(8, 9); + const char *type, const char *left, + const char *right, const char *op, + const char *fmt, ...) + PRINTF_FORMAT(8, 9); static void test_fail_message_va(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, const char *fmt, va_list ap) + int line, const char *type, + const char *left, const char *right, + const char *op, const char *fmt, va_list ap) { test_fail_message_prefix(prefix, file, line, type, left, right, op); if (fmt != NULL) { @@ -86,9 +86,9 @@ } static void test_fail_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, const char *fmt, ...) + int line, const char *type, + const char *left, const char *right, + const char *op, const char *fmt, ...) { va_list ap; @@ -158,7 +158,6 @@ test_flush_stderr(); } - int test_skip(const char *file, int line, const char *desc, ...) { va_list ap; @@ -180,7 +179,6 @@ return TEST_SKIP_CODE; } - void test_openssl_errors(void) { ERR_print_errors_cb(openssl_error_cb, NULL); @@ -209,25 +207,25 @@ * The desc argument is a printf format string followed by its arguments and * this is included in the output if the condition being tested for is false. */ -#define DEFINE_COMPARISON(type, name, opname, op, fmt) \ - int test_ ## name ## _ ## opname(const char *file, int line, \ - const char *s1, const char *s2, \ - const type t1, const type t2) \ - { \ - if (t1 op t2) \ - return 1; \ - test_fail_message(NULL, file, line, #type, s1, s2, #op, \ - "[" fmt "] compared to [" fmt "]", \ - t1, t2); \ - return 0; \ +#define DEFINE_COMPARISON(type, name, opname, op, fmt) \ + int test_##name##_##opname(const char *file, int line, \ + const char *s1, const char *s2, \ + const type t1, const type t2) \ + { \ + if (t1 op t2) \ + return 1; \ + test_fail_message(NULL, file, line, #type, s1, s2, #op, \ + "[" fmt "] compared to [" fmt "]", \ + t1, t2); \ + return 0; \ } -#define DEFINE_COMPARISONS(type, name, fmt) \ - DEFINE_COMPARISON(type, name, eq, ==, fmt) \ - DEFINE_COMPARISON(type, name, ne, !=, fmt) \ - DEFINE_COMPARISON(type, name, lt, <, fmt) \ - DEFINE_COMPARISON(type, name, le, <=, fmt) \ - DEFINE_COMPARISON(type, name, gt, >, fmt) \ +#define DEFINE_COMPARISONS(type, name, fmt) \ + DEFINE_COMPARISON(type, name, eq, ==, fmt) \ + DEFINE_COMPARISON(type, name, ne, !=, fmt) \ + DEFINE_COMPARISON(type, name, lt, <, fmt) \ + DEFINE_COMPARISON(type, name, le, <=, fmt) \ + DEFINE_COMPARISON(type, name, gt, >, fmt) \ DEFINE_COMPARISON(type, name, ge, >=, fmt) DEFINE_COMPARISONS(int, int, "%d") @@ -275,76 +273,76 @@ } int test_str_eq(const char *file, int line, const char *st1, const char *st2, - const char *s1, const char *s2) + const char *s1, const char *s2) { if (s1 == NULL && s2 == NULL) - return 1; + return 1; if (s1 == NULL || s2 == NULL || strcmp(s1, s2) != 0) { test_fail_string_message(NULL, file, line, "string", st1, st2, "==", - s1, s1 == NULL ? 0 : strlen(s1), - s2, s2 == NULL ? 0 : strlen(s2)); + s1, s1 == NULL ? 0 : strlen(s1), + s2, s2 == NULL ? 0 : strlen(s2)); return 0; } return 1; } int test_str_ne(const char *file, int line, const char *st1, const char *st2, - const char *s1, const char *s2) + const char *s1, const char *s2) { if ((s1 == NULL) ^ (s2 == NULL)) - return 1; + return 1; if (s1 == NULL || strcmp(s1, s2) == 0) { test_fail_string_message(NULL, file, line, "string", st1, st2, "!=", - s1, s1 == NULL ? 0 : strlen(s1), - s2, s2 == NULL ? 0 : strlen(s2)); + s1, s1 == NULL ? 0 : strlen(s1), + s2, s2 == NULL ? 0 : strlen(s2)); return 0; } return 1; } int test_strn_eq(const char *file, int line, const char *st1, const char *st2, - const char *s1, size_t n1, const char *s2, size_t n2) + const char *s1, size_t n1, const char *s2, size_t n2) { if (s1 == NULL && s2 == NULL) - return 1; + return 1; if (n1 != n2 || s1 == NULL || s2 == NULL || strncmp(s1, s2, n1) != 0) { test_fail_string_message(NULL, file, line, "string", st1, st2, "==", - s1, s1 == NULL ? 0 : OPENSSL_strnlen(s1, n1), - s2, s2 == NULL ? 0 : OPENSSL_strnlen(s2, n2)); + s1, s1 == NULL ? 0 : OPENSSL_strnlen(s1, n1), + s2, s2 == NULL ? 0 : OPENSSL_strnlen(s2, n2)); return 0; } return 1; } int test_strn_ne(const char *file, int line, const char *st1, const char *st2, - const char *s1, size_t n1, const char *s2, size_t n2) + const char *s1, size_t n1, const char *s2, size_t n2) { if ((s1 == NULL) ^ (s2 == NULL)) - return 1; + return 1; if (n1 != n2 || s1 == NULL || strncmp(s1, s2, n1) == 0) { test_fail_string_message(NULL, file, line, "string", st1, st2, "!=", - s1, s1 == NULL ? 0 : OPENSSL_strnlen(s1, n1), - s2, s2 == NULL ? 0 : OPENSSL_strnlen(s2, n2)); + s1, s1 == NULL ? 0 : OPENSSL_strnlen(s1, n1), + s2, s2 == NULL ? 0 : OPENSSL_strnlen(s2, n2)); return 0; } return 1; } int test_mem_eq(const char *file, int line, const char *st1, const char *st2, - const void *s1, size_t n1, const void *s2, size_t n2) + const void *s1, size_t n1, const void *s2, size_t n2) { if (s1 == NULL && s2 == NULL) return 1; if (n1 != n2 || s1 == NULL || s2 == NULL || memcmp(s1, s2, n1) != 0) { test_fail_memory_message(NULL, file, line, "memory", st1, st2, "==", - s1, n1, s2, n2); + s1, n1, s2, n2); return 0; } return 1; } int test_mem_ne(const char *file, int line, const char *st1, const char *st2, - const void *s1, size_t n1, const void *s2, size_t n2) + const void *s1, size_t n1, const void *s2, size_t n2) { if ((s1 == NULL) ^ (s2 == NULL)) return 1; @@ -352,38 +350,38 @@ return 1; if (s1 == NULL || memcmp(s1, s2, n1) == 0) { test_fail_memory_message(NULL, file, line, "memory", st1, st2, "!=", - s1, n1, s2, n2); + s1, n1, s2, n2); return 0; } return 1; } -#define DEFINE_BN_COMPARISONS(opname, op, zero_cond) \ - int test_BN_ ## opname(const char *file, int line, \ - const char *s1, const char *s2, \ - const BIGNUM *t1, const BIGNUM *t2) \ - { \ - if (BN_cmp(t1, t2) op 0) \ - return 1; \ - test_fail_bignum_message(NULL, file, line, "BIGNUM", s1, s2, \ - #op, t1, t2); \ - return 0; \ - } \ - int test_BN_ ## opname ## _zero(const char *file, int line, \ - const char *s, const BIGNUM *a) \ - { \ - if (a != NULL &&(zero_cond)) \ - return 1; \ - test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", \ - s, "0", #op, a); \ - return 0; \ +#define DEFINE_BN_COMPARISONS(opname, op, zero_cond) \ + int test_BN_##opname(const char *file, int line, \ + const char *s1, const char *s2, \ + const BIGNUM *t1, const BIGNUM *t2) \ + { \ + if (BN_cmp(t1, t2) op 0) \ + return 1; \ + test_fail_bignum_message(NULL, file, line, "BIGNUM", s1, s2, \ + #op, t1, t2); \ + return 0; \ + } \ + int test_BN_##opname##_zero(const char *file, int line, \ + const char *s, const BIGNUM *a) \ + { \ + if (a != NULL && (zero_cond)) \ + return 1; \ + test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", \ + s, "0", #op, a); \ + return 0; \ } DEFINE_BN_COMPARISONS(eq, ==, BN_is_zero(a)) DEFINE_BN_COMPARISONS(ne, !=, !BN_is_zero(a)) -DEFINE_BN_COMPARISONS(gt, >, !BN_is_negative(a) && !BN_is_zero(a)) +DEFINE_BN_COMPARISONS(gt, >, !BN_is_negative(a) && !BN_is_zero(a)) DEFINE_BN_COMPARISONS(ge, >=, !BN_is_negative(a) || BN_is_zero(a)) -DEFINE_BN_COMPARISONS(lt, <, BN_is_negative(a) && !BN_is_zero(a)) +DEFINE_BN_COMPARISONS(lt, <, BN_is_negative(a) && !BN_is_zero(a)) DEFINE_BN_COMPARISONS(le, <=, BN_is_negative(a) || BN_is_zero(a)) int test_BN_eq_one(const char *file, int line, const char *s, const BIGNUM *a) @@ -407,12 +405,12 @@ if (a != NULL && !BN_is_odd(a)) return 1; test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", "EVEN(", ")", s, - a); + a); return 0; } int test_BN_eq_word(const char *file, int line, const char *bns, const char *ws, - const BIGNUM *a, BN_ULONG w) + const BIGNUM *a, BN_ULONG w) { BIGNUM *bw; @@ -426,7 +424,7 @@ } int test_BN_abs_eq_word(const char *file, int line, const char *bns, - const char *ws, const BIGNUM *a, BN_ULONG w) + const char *ws, const BIGNUM *a, BN_ULONG w) { BIGNUM *bw, *aa; @@ -437,7 +435,7 @@ if ((bw = BN_new()) != NULL) BN_set_word(bw, w); test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "abs==", - aa, bw); + aa, bw); BN_free(bw); BN_free(aa); return 0; @@ -448,22 +446,22 @@ return t == NULL ? "" : (const char *)ASN1_STRING_get0_data(t); } -#define DEFINE_TIME_T_COMPARISON(opname, op) \ - int test_time_t_ ## opname(const char *file, int line, \ - const char *s1, const char *s2, \ - const time_t t1, const time_t t2) \ - { \ - ASN1_TIME *at1 = ASN1_TIME_set(NULL, t1); \ - ASN1_TIME *at2 = ASN1_TIME_set(NULL, t2); \ - int r = at1 != NULL && at2 != NULL \ - && ASN1_TIME_compare(at1, at2) op 0; \ - if (!r) \ - test_fail_message(NULL, file, line, "time_t", s1, s2, #op, \ - "[%s] compared to [%s]", \ - print_time(at1), print_time(at2)); \ - ASN1_STRING_free(at1); \ - ASN1_STRING_free(at2); \ - return r; \ +#define DEFINE_TIME_T_COMPARISON(opname, op) \ + int test_time_t_##opname(const char *file, int line, \ + const char *s1, const char *s2, \ + const time_t t1, const time_t t2) \ + { \ + ASN1_TIME *at1 = ASN1_TIME_set(NULL, t1); \ + ASN1_TIME *at2 = ASN1_TIME_set(NULL, t2); \ + int r = at1 != NULL && at2 != NULL \ + && ASN1_TIME_compare(at1, at2) op 0; \ + if (!r) \ + test_fail_message(NULL, file, line, "time_t", s1, s2, #op, \ + "[%s] compared to [%s]", \ + print_time(at1), print_time(at2)); \ + ASN1_STRING_free(at1); \ + ASN1_STRING_free(at2); \ + return r; \ } DEFINE_TIME_T_COMPARISON(eq, ==) DEFINE_TIME_T_COMPARISON(ne, !=) --- crypto/openssl/test/testutil/testutil_init.c.orig +++ crypto/openssl/test/testutil/testutil_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,11 +16,11 @@ #ifndef OPENSSL_NO_TRACE typedef struct tracedata_st { BIO *bio; - unsigned int ingroup:1; + unsigned int ingroup : 1; } tracedata; static size_t internal_trace_cb(const char *buf, size_t cnt, - int category, int cmd, void *vdata) + int category, int cmd, void *vdata) { int ret = 0; tracedata *trace_data = vdata; @@ -34,7 +34,7 @@ tid = CRYPTO_THREAD_get_current_id(); hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid)); BIO_snprintf(buffer, sizeof(buffer), "TRACE[%s]:%s: ", - hex, OSSL_trace_get_category_name(category)); + hex, OSSL_trace_get_category_name(category)); OPENSSL_free(hex); BIO_set_prefix(trace_data->bio, buffer); break; @@ -78,20 +78,22 @@ bio = BIO_new(BIO_f_prefix()); channel = BIO_push(bio, - BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT)); + BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT)); trace_data = OPENSSL_zalloc(sizeof(*trace_data)); if (trace_data == NULL || bio == NULL || (trace_data->bio = channel) == NULL || OSSL_trace_set_callback(category, internal_trace_cb, - trace_data) == 0 + trace_data) + == 0 || sk_tracedata_push(trace_data_stack, trace_data) == 0) { fprintf(stderr, - "warning: unable to setup trace callback for category '%s'.\n", - OSSL_trace_get_category_name(category)); + "warning: unable to setup trace callback for category '%s'.\n", + OSSL_trace_get_category_name(category)); + OPENSSL_free(trace_data); OSSL_trace_set_callback(category, NULL, NULL); BIO_free_all(channel); } @@ -126,7 +128,7 @@ setup_trace_category(category); } else { fprintf(stderr, - "warning: unknown trace category: '%s'.\n", item); + "warning: unknown trace category: '%s'.\n", item); } } } --- crypto/openssl/test/testutil/tu_local.h.orig +++ crypto/openssl/test/testutil/tu_local.h @@ -7,44 +7,44 @@ * https://www.openssl.org/source/license.html */ -#include /* size_t */ +#include /* size_t */ #include #include #include "../testutil.h" -#define TEST_SKIP_CODE 123 +#define TEST_SKIP_CODE 123 int subtest_level(void); int openssl_error_cb(const char *str, size_t len, void *u); const BIO_METHOD *BIO_f_tap(void); void test_fail_message_prefix(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op); + int line, const char *type, + const char *left, const char *right, + const char *op); void test_fail_string_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, const char *m1, size_t l1, - const char *m2, size_t l2); + int line, const char *type, + const char *left, const char *right, + const char *op, const char *m1, size_t l1, + const char *m2, size_t l2); void test_fail_bignum_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, - const BIGNUM *bn1, const BIGNUM *bn2); + int line, const char *type, + const char *left, const char *right, + const char *op, + const BIGNUM *bn1, const BIGNUM *bn2); void test_fail_bignum_mono_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, const BIGNUM *bn); + int line, const char *type, + const char *left, const char *right, + const char *op, const BIGNUM *bn); void test_fail_memory_message(const char *prefix, const char *file, - int line, const char *type, - const char *left, const char *right, - const char *op, - const unsigned char *m1, size_t l1, - const unsigned char *m2, size_t l2); + int line, const char *type, + const char *left, const char *right, + const char *op, + const unsigned char *m1, size_t l1, + const unsigned char *m2, size_t l2); __owur int setup_test_framework(int argc, char *argv[]); __owur int pulldown_test_framework(int ret); @@ -58,4 +58,3 @@ OPT_TEST_ENUM } OPTION_CHOICE_DEFAULT; void opt_check_usage(void); - --- crypto/openssl/test/threadstest.c.orig +++ crypto/openssl/test/threadstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #define OPENSSL_SUPPRESS_DEPRECATED #if defined(_WIN32) -# include +#include #endif #include @@ -23,13 +23,14 @@ #include "threadstest.h" /* Limit the maximum number of threads */ -#define MAXIMUM_THREADS 10 +#define MAXIMUM_THREADS 10 /* Limit the maximum number of providers loaded into a library context */ -#define MAXIMUM_PROVIDERS 4 +#define MAXIMUM_PROVIDERS 4 static int do_fips = 0; static char *privkey; +static char *storedir; static char *config_file = NULL; static int multidefault_run = 0; static const char *default_provider[] = { "default", NULL }; @@ -40,9 +41,9 @@ int res; res = TEST_true(CRYPTO_THREAD_read_lock(lock)) - && TEST_true(CRYPTO_THREAD_unlock(lock)) - && TEST_true(CRYPTO_THREAD_write_lock(lock)) - && TEST_true(CRYPTO_THREAD_unlock(lock)); + && TEST_true(CRYPTO_THREAD_unlock(lock)) + && TEST_true(CRYPTO_THREAD_write_lock(lock)) + && TEST_true(CRYPTO_THREAD_unlock(lock)); CRYPTO_THREAD_lock_free(lock); @@ -97,7 +98,7 @@ ptr = CRYPTO_THREAD_get_local(&thread_local_key); if (!TEST_ptr_null(ptr) || !TEST_true(CRYPTO_THREAD_set_local(&thread_local_key, - &destructor_run_count))) + &destructor_run_count))) return; ptr = CRYPTO_THREAD_get_local(&thread_local_key); @@ -113,7 +114,7 @@ void *ptr = NULL; if (!TEST_true(CRYPTO_THREAD_init_local(&thread_local_key, - thread_local_destructor))) + thread_local_destructor))) return 0; ptr = CRYPTO_THREAD_get_local(&thread_local_key); @@ -129,10 +130,10 @@ if (!TEST_ptr_null(ptr)) return 0; -# if !defined(OPENSSL_SYS_WINDOWS) +#if !defined(OPENSSL_SYS_WINDOWS) if (!TEST_int_eq(destructor_run_count, 1)) return 0; -# endif +#endif #endif if (!TEST_true(CRYPTO_THREAD_cleanup_local(&thread_local_key))) @@ -169,12 +170,12 @@ if (CRYPTO_atomic_or(&val64, 2, &ret64, NULL)) { /* This succeeds therefore we're on a platform with lockless atomics */ if (!TEST_uint_eq((unsigned int)val64, 3) - || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) + || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) goto err; } else { /* This failed therefore we're on a platform without lockless atomics */ if (!TEST_uint_eq((unsigned int)val64, 1) - || !TEST_int_eq((unsigned int)ret64, 0)) + || !TEST_int_eq((unsigned int)ret64, 0)) goto err; } val64 = 1; @@ -184,19 +185,19 @@ goto err; if (!TEST_uint_eq((unsigned int)val64, 3) - || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) + || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) goto err; ret64 = 0; if (CRYPTO_atomic_load(&val64, &ret64, NULL)) { /* This succeeds therefore we're on a platform with lockless atomics */ if (!TEST_uint_eq((unsigned int)val64, 3) - || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) + || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) goto err; } else { /* This failed therefore we're on a platform without lockless atomics */ if (!TEST_uint_eq((unsigned int)val64, 3) - || !TEST_int_eq((unsigned int)ret64, 0)) + || !TEST_int_eq((unsigned int)ret64, 0)) goto err; } @@ -205,11 +206,11 @@ goto err; if (!TEST_uint_eq((unsigned int)val64, 3) - || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) + || !TEST_uint_eq((unsigned int)val64, (unsigned int)ret64)) goto err; testresult = 1; - err: +err: CRYPTO_THREAD_lock_free(lock); return testresult; } @@ -243,15 +244,14 @@ { size_t n; - if (libctx && !TEST_true(test_get_libctx(&multi_libctx, NULL, config_file, - NULL, NULL))) + if (libctx && !TEST_true(test_get_libctx(&multi_libctx, NULL, config_file, NULL, NULL))) return 0; if (providers != NULL) for (n = 0; providers[n] != NULL; n++) if (!TEST_size_t_lt(n, MAXIMUM_PROVIDERS) || !TEST_ptr(multi_provider[n] = OSSL_PROVIDER_load(multi_libctx, - providers[n]))) { + providers[n]))) { thead_teardown_libctx(); return 0; } @@ -275,7 +275,7 @@ if (!TEST_size_t_le(multi_num_threads + n, MAXIMUM_THREADS)) return 0; - for (i = 0 ; i < n; i++) + for (i = 0; i < n; i++) if (!TEST_true(run_thread(multi_threads + multi_num_threads++, thread_func))) return 0; return 1; @@ -283,24 +283,24 @@ /* Template multi-threaded test function */ static int thread_run_test(void (*main_func)(void), - size_t num_threads, void (*thread_func)(void), - int libctx, const char *providers[]) + size_t num_threads, void (*thread_func)(void), + int libctx, const char *providers[]) { int testresult = 0; multi_intialise(); if (!thread_setup_libctx(libctx, providers) - || !start_threads(num_threads, thread_func)) + || !start_threads(num_threads, thread_func)) goto err; if (main_func != NULL) main_func(); if (!teardown_threads() - || !TEST_true(multi_success)) + || !TEST_true(multi_success)) goto err; testresult = 1; - err: +err: thead_teardown_libctx(); return testresult; } @@ -332,24 +332,24 @@ isfips = OSSL_PROVIDER_available(multi_libctx, "fips"); if (!TEST_ptr(mdctx) - || !TEST_ptr(md) - || !TEST_ptr(cipherctx) - || !TEST_ptr(ciph)) + || !TEST_ptr(md) + || !TEST_ptr(cipherctx) + || !TEST_ptr(ciph)) goto err; /* Do some work */ for (i = 0; i < 5; i++) { if (!TEST_true(EVP_DigestInit_ex(mdctx, md, NULL)) - || !TEST_true(EVP_DigestUpdate(mdctx, message, messlen)) - || !TEST_true(EVP_DigestFinal(mdctx, out, &mdoutl))) + || !TEST_true(EVP_DigestUpdate(mdctx, message, messlen)) + || !TEST_true(EVP_DigestFinal(mdctx, out, &mdoutl))) goto err; } for (i = 0; i < 5; i++) { if (!TEST_true(EVP_EncryptInit_ex(cipherctx, ciph, NULL, key, iv)) - || !TEST_true(EVP_EncryptUpdate(cipherctx, out, &ciphoutl, - (unsigned char *)message, - messlen)) - || !TEST_true(EVP_EncryptFinal(cipherctx, out, &ciphoutl))) + || !TEST_true(EVP_EncryptUpdate(cipherctx, out, &ciphoutl, + (unsigned char *)message, + messlen)) + || !TEST_true(EVP_EncryptFinal(cipherctx, out, &ciphoutl))) goto err; } @@ -363,7 +363,7 @@ goto err; testresult = 1; - err: +err: EVP_MD_CTX_free(mdctx); EVP_MD_free(md); EVP_CIPHER_CTX_free(cipherctx); @@ -399,15 +399,15 @@ if (i > 0) EVP_PKEY_CTX_free(ctx); ctx = EVP_PKEY_CTX_new_from_pkey(multi_libctx, shared_evp_pkey, - i == 0 ? "provider=default" - : "provider=fips"); + i == 0 ? "provider=default" + : "provider=fips"); if (!TEST_ptr(ctx)) goto err; if (!TEST_int_ge(EVP_PKEY_encrypt_init(ctx), 0) - || !TEST_int_ge(EVP_PKEY_encrypt(ctx, ctbuf, &ctlen, - (unsigned char *)msg, strlen(msg)), - 0)) + || !TEST_int_ge(EVP_PKEY_encrypt(ctx, ctbuf, &ctlen, + (unsigned char *)msg, strlen(msg)), + 0)) goto err; EVP_PKEY_CTX_free(ctx); @@ -418,15 +418,15 @@ ptlen = sizeof(ptbuf); if (!TEST_int_ge(EVP_PKEY_decrypt_init(ctx), 0) - || !TEST_int_gt(EVP_PKEY_decrypt(ctx, ptbuf, &ptlen, ctbuf, ctlen), - 0) - || !TEST_mem_eq(msg, strlen(msg), ptbuf, ptlen)) + || !TEST_int_gt(EVP_PKEY_decrypt(ctx, ptbuf, &ptlen, ctbuf, ctlen), + 0) + || !TEST_mem_eq(msg, strlen(msg), ptbuf, ptlen)) goto err; } success = 1; - err: +err: EVP_PKEY_CTX_free(ctx); if (!success) multi_success = 0; @@ -452,7 +452,7 @@ OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(multi_libctx, "default"); if (!TEST_ptr(deflt) - || !TEST_true(OSSL_PROVIDER_available(multi_libctx, "default"))) + || !TEST_true(OSSL_PROVIDER_available(multi_libctx, "default"))) multi_success = 0; OSSL_PROVIDER_unload(deflt); @@ -481,12 +481,12 @@ #ifdef OPENSSL_NO_DEPRECATED_3_0 if (idx == 3) - return TEST_skip("Skipping tests for deprected functions"); + return TEST_skip("Skipping tests for deprecated functions"); #endif multi_success = 1; if (!TEST_true(test_get_libctx(&multi_libctx, NULL, config_file, - NULL, NULL))) + NULL, NULL))) return 0; prov = OSSL_PROVIDER_load(multi_libctx, (idx == 1) ? "fips" : "default"); @@ -510,7 +510,7 @@ * test */ if (do_fips - && !TEST_ptr(prov2 = OSSL_PROVIDER_load(multi_libctx, "fips"))) + && !TEST_ptr(prov2 = OSSL_PROVIDER_load(multi_libctx, "fips"))) goto err; if (!TEST_ptr(shared_evp_pkey = load_pkey_pem(privkey, multi_libctx))) goto err; @@ -535,7 +535,7 @@ worker2 = worker; if (!TEST_true(run_thread(&thread1, worker)) - || !TEST_true(run_thread(&thread2, worker2))) + || !TEST_true(run_thread(&thread2, worker2))) goto err; worker(); @@ -551,7 +551,7 @@ if (!TEST_true(multi_success)) testresult = 0; - err: +err: EVP_MD_free(sha256); OSSL_PROVIDER_unload(prov); OSSL_PROVIDER_unload(prov2); @@ -574,7 +574,7 @@ OSSL_PROVIDER *prov; if (!TEST_ptr(prov = OSSL_PROVIDER_load(NULL, multi_load_provider)) - || !TEST_true(OSSL_PROVIDER_unload(prov))) + || !TEST_true(OSSL_PROVIDER_unload(prov))) multi_success = 0; } @@ -582,7 +582,6 @@ { thread_t thread1, thread2; int testresult = 0; - OSSL_PROVIDER *prov = NULL; /* Avoid running this test twice */ if (multidefault_run) { @@ -593,25 +592,21 @@ multi_success = 1; multi_libctx = NULL; - prov = OSSL_PROVIDER_load(multi_libctx, "default"); - if (!TEST_ptr(prov)) - goto err; if (!TEST_true(run_thread(&thread1, thread_multi_simple_fetch)) - || !TEST_true(run_thread(&thread2, thread_multi_simple_fetch))) + || !TEST_true(run_thread(&thread2, thread_multi_simple_fetch))) goto err; thread_multi_simple_fetch(); if (!TEST_true(wait_for_thread(thread1)) - || !TEST_true(wait_for_thread(thread2)) - || !TEST_true(multi_success)) + || !TEST_true(wait_for_thread(thread2)) + || !TEST_true(multi_success)) goto err; testresult = 1; - err: - OSSL_PROVIDER_unload(prov); +err: return testresult; } @@ -659,14 +654,71 @@ static int test_lib_ctx_load_config(void) { return thread_run_test(&test_lib_ctx_load_config_worker, - MAXIMUM_THREADS, &test_lib_ctx_load_config_worker, - 1, default_provider); + MAXIMUM_THREADS, &test_lib_ctx_load_config_worker, + 1, default_provider); +} + +static X509_STORE *store = NULL; + +static void test_x509_store_by_subject(void) +{ + X509_STORE_CTX *ctx; + X509_OBJECT *obj = NULL; + X509_NAME *name = NULL; + int success = 0; + + ctx = X509_STORE_CTX_new(); + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_true(X509_STORE_CTX_init(ctx, store, NULL, NULL))) + goto err; + + name = X509_NAME_new(); + if (!TEST_ptr(name)) + goto err; + if (!TEST_true(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, + (unsigned char *)"Root CA", + -1, -1, 0))) + goto err; + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, name); + if (!TEST_ptr(obj)) + goto err; + + success = 1; +err: + X509_OBJECT_free(obj); + X509_STORE_CTX_free(ctx); + X509_NAME_free(name); + if (!success) + multi_success = 0; +} + +/* Test accessing an X509_STORE from multiple threads */ +static int test_x509_store(void) +{ + int ret = 0; + + store = X509_STORE_new(); + if (!TEST_ptr(store)) + return 0; + if (!TEST_true(X509_STORE_load_store(store, storedir))) + goto err; + + ret = thread_run_test(&test_x509_store_by_subject, MAXIMUM_THREADS, + &test_x509_store_by_subject, 0, NULL); + +err: + X509_STORE_free(store); + store = NULL; + return ret; } typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, - OPT_FIPS, OPT_CONFIG_FILE, + OPT_FIPS, + OPT_CONFIG_FILE, OPT_TEST_ENUM } OPTION_CHOICE; @@ -676,7 +728,7 @@ OPT_TEST_OPTIONS_DEFAULT_USAGE, { "fips", OPT_FIPS, '-', "Test the FIPS provider" }, { "config", OPT_CONFIG_FILE, '<', - "The configuration file to use for the libctx" }, + "The configuration file to use for the libctx" }, { NULL } }; return options; @@ -709,20 +761,24 @@ if (!TEST_ptr(privkey)) return 0; + storedir = test_mk_file_path(datadir, "store"); + /* Keep first to validate auto creation of default library context */ ADD_TEST(test_multi_default); - ADD_TEST(test_lock); ADD_TEST(test_once); ADD_TEST(test_thread_local); ADD_TEST(test_atomic); ADD_TEST(test_multi_load); + ADD_ALL_TESTS(test_multi, 6); ADD_TEST(test_lib_ctx_load_config); + ADD_TEST(test_x509_store); return 1; } void cleanup_tests(void) { OPENSSL_free(privkey); + OPENSSL_free(storedir); } --- crypto/openssl/test/threadstest.h.orig +++ crypto/openssl/test/threadstest.h @@ -8,7 +8,7 @@ */ #if defined(_WIN32) -# include +#include #endif #include @@ -37,7 +37,7 @@ { void (*f)(void); - *(void **) (&f) = arg; + *(void **)(&f) = arg; f(); return 0; @@ -45,7 +45,7 @@ static int run_thread(thread_t *t, void (*f)(void)) { - *t = CreateThread(NULL, 0, thread_run, *(void **) &f, 0, NULL); + *t = CreateThread(NULL, 0, thread_run, *(void **)&f, 0, NULL); return *t != NULL; } @@ -62,7 +62,7 @@ { void (*f)(void); - *(void **) (&f) = arg; + *(void **)(&f) = arg; f(); return NULL; @@ -70,7 +70,7 @@ static int run_thread(thread_t *t, void (*f)(void)) { - return pthread_create(t, NULL, thread_run, *(void **) &f) == 0; + return pthread_create(t, NULL, thread_run, *(void **)&f) == 0; } static int wait_for_thread(thread_t thread) @@ -79,4 +79,3 @@ } #endif - --- crypto/openssl/test/threadstest_fips.c.orig +++ crypto/openssl/test/threadstest_fips.c @@ -8,7 +8,7 @@ */ #if defined(_WIN32) -# include +#include #endif #include "testutil.h" --- crypto/openssl/test/time_offset_test.c.orig +++ crypto/openssl/test/time_offset_test.c @@ -24,7 +24,6 @@ int type; } TESTDATA; - /********************************************************************** * * Test driver @@ -32,35 +31,35 @@ ***/ static TESTDATA tests[] = { - { "20001201000000Z", 0, V_ASN1_GENERALIZEDTIME }, - { "20001201010000+0100", 0, V_ASN1_GENERALIZEDTIME }, - { "20001201050000+0500", 0, V_ASN1_GENERALIZEDTIME }, - { "20001130230000-0100", 0, V_ASN1_GENERALIZEDTIME }, - { "20001130190000-0500", 0, V_ASN1_GENERALIZEDTIME }, - { "20001130190001-0500", 1, V_ASN1_GENERALIZEDTIME }, /* +1 second */ + { "20001201000000Z", 0, V_ASN1_GENERALIZEDTIME }, + { "20001201010000+0100", 0, V_ASN1_GENERALIZEDTIME }, + { "20001201050000+0500", 0, V_ASN1_GENERALIZEDTIME }, + { "20001130230000-0100", 0, V_ASN1_GENERALIZEDTIME }, + { "20001130190000-0500", 0, V_ASN1_GENERALIZEDTIME }, + { "20001130190001-0500", 1, V_ASN1_GENERALIZEDTIME }, /* +1 second */ { "20001130185959-0500", -1, V_ASN1_GENERALIZEDTIME }, /* -1 second */ - { "001201000000Z", 0, V_ASN1_UTCTIME }, - { "001201010000+0100", 0, V_ASN1_UTCTIME }, - { "001201050000+0500", 0, V_ASN1_UTCTIME }, - { "001130230000-0100", 0, V_ASN1_UTCTIME }, - { "001130190000-0500", 0, V_ASN1_UTCTIME }, - { "001201000000-0000", 0, V_ASN1_UTCTIME }, - { "001201000001-0000", 1, V_ASN1_UTCTIME }, /* +1 second */ - { "001130235959-0000", -1, V_ASN1_UTCTIME }, /* -1 second */ - { "20001201000000+0000", 0, V_ASN1_GENERALIZEDTIME }, + { "001201000000Z", 0, V_ASN1_UTCTIME }, + { "001201010000+0100", 0, V_ASN1_UTCTIME }, + { "001201050000+0500", 0, V_ASN1_UTCTIME }, + { "001130230000-0100", 0, V_ASN1_UTCTIME }, + { "001130190000-0500", 0, V_ASN1_UTCTIME }, + { "001201000000-0000", 0, V_ASN1_UTCTIME }, + { "001201000001-0000", 1, V_ASN1_UTCTIME }, /* +1 second */ + { "001130235959-0000", -1, V_ASN1_UTCTIME }, /* -1 second */ + { "20001201000000+0000", 0, V_ASN1_GENERALIZEDTIME }, { "20001201000000+0100", -1, V_ASN1_GENERALIZEDTIME }, - { "001201000000+0100", -1, V_ASN1_UTCTIME }, - { "20001201000000-0100", 1, V_ASN1_GENERALIZEDTIME }, - { "001201000000-0100", 1, V_ASN1_UTCTIME }, - { "20001201123400+1234", 0, V_ASN1_GENERALIZEDTIME }, - { "20001130112600-1234", 0, V_ASN1_GENERALIZEDTIME }, + { "001201000000+0100", -1, V_ASN1_UTCTIME }, + { "20001201000000-0100", 1, V_ASN1_GENERALIZEDTIME }, + { "001201000000-0100", 1, V_ASN1_UTCTIME }, + { "20001201123400+1234", 0, V_ASN1_GENERALIZEDTIME }, + { "20001130112600-1234", 0, V_ASN1_GENERALIZEDTIME }, }; static time_t the_time = 975628800; static ASN1_TIME the_asn1_time = { 15, V_ASN1_GENERALIZEDTIME, - (unsigned char*)"20001201000000Z", + (unsigned char *)"20001201000000Z", 0 }; @@ -71,7 +70,7 @@ int ret = -2; int day, sec; - at.data = (unsigned char*)testdata->data; + at.data = (unsigned char *)testdata->data; at.length = strlen(testdata->data); at.type = testdata->type; at.flags = 0; --- crypto/openssl/test/tls-provider.c.orig +++ crypto/openssl/test/tls-provider.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,16 +22,16 @@ static OSSL_FUNC_keymgmt_export_types_fn xor_export_types; int tls_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx); + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); #define XOR_KEY_SIZE 32 /* * Top secret. This algorithm only works if no one knows what this number is. * Please don't tell anyone what it is. - * + * * This algorithm is for testing only - don't really use it! */ static const unsigned char private_constant[XOR_KEY_SIZE] = { @@ -47,7 +47,6 @@ int haspubkey; } XORKEY; - /* Key Management for the dummy XOR KEX and KEM algorithms */ static OSSL_FUNC_keymgmt_new_fn xor_newdata; @@ -89,7 +88,6 @@ static OSSL_FUNC_kem_decapsulate_init_fn xor_init; static OSSL_FUNC_kem_decapsulate_fn xor_decapsulate; - /* * We define 2 dummy TLS groups called "xorgroup" and "xorkemgroup" for test * purposes @@ -107,40 +105,40 @@ #define XORGROUP_NAME "xorgroup" #define XORGROUP_NAME_INTERNAL "xorgroup-int" static struct tls_group_st xor_group = { - 0, /* group_id, set by randomize_tls_group_id() */ - 128, /* secbits */ - TLS1_3_VERSION, /* mintls */ - 0, /* maxtls */ - -1, /* mindtls */ - -1, /* maxdtls */ - 0 /* is_kem */ + 0, /* group_id, set by randomize_tls_group_id() */ + 128, /* secbits */ + TLS1_3_VERSION, /* mintls */ + 0, /* maxtls */ + -1, /* mindtls */ + -1, /* maxdtls */ + 0 /* is_kem */ }; #define XORKEMGROUP_NAME "xorkemgroup" #define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int" static struct tls_group_st xor_kemgroup = { - 0, /* group_id, set by randomize_tls_group_id() */ - 128, /* secbits */ - TLS1_3_VERSION, /* mintls */ - 0, /* maxtls */ - -1, /* mindtls */ - -1, /* maxdtls */ - 1 /* is_kem */ + 0, /* group_id, set by randomize_tls_group_id() */ + 128, /* secbits */ + TLS1_3_VERSION, /* mintls */ + 0, /* maxtls */ + -1, /* mindtls */ + -1, /* maxdtls */ + 1 /* is_kem */ }; #define ALGORITHM "XOR" static const OSSL_PARAM xor_group_params[] = { OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, - XORGROUP_NAME, sizeof(XORGROUP_NAME)), + XORGROUP_NAME, sizeof(XORGROUP_NAME)), OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, - XORGROUP_NAME_INTERNAL, - sizeof(XORGROUP_NAME_INTERNAL)), + XORGROUP_NAME_INTERNAL, + sizeof(XORGROUP_NAME_INTERNAL)), OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM, - sizeof(ALGORITHM)), + sizeof(ALGORITHM)), OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_group.group_id), OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, - &xor_group.secbits), + &xor_group.secbits), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_group.mintls), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls), @@ -151,15 +149,15 @@ static const OSSL_PARAM xor_kemgroup_params[] = { OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, - XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)), + XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)), OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, - XORKEMGROUP_NAME_INTERNAL, - sizeof(XORKEMGROUP_NAME_INTERNAL)), + XORKEMGROUP_NAME_INTERNAL, + sizeof(XORKEMGROUP_NAME_INTERNAL)), OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM, - sizeof(ALGORITHM)), + sizeof(ALGORITHM)), OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_kemgroup.group_id), OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, - &xor_kemgroup.secbits), + &xor_kemgroup.secbits), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_kemgroup.mintls), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls), @@ -172,7 +170,7 @@ static char *dummy_group_names[NUM_DUMMY_GROUPS]; static int tls_prov_get_capabilities(void *provctx, const char *capability, - OSSL_CALLBACK *cb, void *arg) + OSSL_CALLBACK *cb, void *arg) { int ret; int i; @@ -186,7 +184,7 @@ /* Register our 2 groups */ OPENSSL_assert(xor_group.group_id >= 65024 - && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS); + && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS); ret = cb(xor_group_params, arg); ret &= cb(xor_kemgroup_params, arg); @@ -208,14 +206,14 @@ if (dummy_group_names[i] == NULL) return 0; BIO_snprintf(dummy_group_names[i], - dummy_name_max_size, - "%s%d", dummy_base, i); + dummy_name_max_size, + "%s%d", dummy_base, i); } dummygroup[0].data = dummy_group_names[i]; dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1; /* assign unique group IDs also to dummy groups for registration */ dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i; - dummygroup[3].data = (unsigned char*)&dummygroup_id; + dummygroup[3].data = (unsigned char *)&dummygroup_id; ret &= cb(dummygroup, arg); } @@ -246,7 +244,7 @@ } static int xor_init(void *vpxorctx, void *vkey, - ossl_unused const OSSL_PARAM params[]) + ossl_unused const OSSL_PARAM params[]) { PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx; @@ -267,7 +265,7 @@ } static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen, - size_t outlen) + size_t outlen) { PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx; int i; @@ -319,7 +317,7 @@ static const OSSL_ALGORITHM tls_prov_keyexch[] = { /* - * Obviously this is not FIPS approved, but in order to test in conjuction + * Obviously this is not FIPS approved, but in order to test in conjunction * with the FIPS provider we pretend that it is. */ { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions }, @@ -332,8 +330,8 @@ */ static int xor_encapsulate(void *vpxorctx, - unsigned char *ct, size_t *ctlen, - unsigned char *ss, size_t *sslen) + unsigned char *ct, size_t *ctlen, + unsigned char *ss, size_t *sslen) { /* * We are building this around a KEX: @@ -375,14 +373,14 @@ /* 3. Derive ss via KEX */ derivectx = xor_newctx(pxorctx->provctx); if (derivectx == NULL - || !xor_init(derivectx, ourkey, NULL) - || !xor_set_peer(derivectx, pxorctx->key) - || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE)) + || !xor_init(derivectx, ourkey, NULL) + || !xor_set_peer(derivectx, pxorctx->key) + || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE)) goto end; rv = 1; - end: +end: xor_gen_cleanup(genctx); xor_freedata(ourkey); xor_freectx(derivectx); @@ -390,8 +388,8 @@ } static int xor_decapsulate(void *vpxorctx, - unsigned char *ss, size_t *sslen, - const unsigned char *ct, size_t ctlen) + unsigned char *ss, size_t *sslen, + const unsigned char *ct, size_t ctlen) { /* * We are building this around a KEX: @@ -422,14 +420,14 @@ /* Derive ss via KEX */ derivectx = xor_newctx(pxorctx->provctx); if (derivectx == NULL - || !xor_init(derivectx, pxorctx->key, NULL) - || !xor_set_peer(derivectx, peerkey) - || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE)) + || !xor_init(derivectx, pxorctx->key, NULL) + || !xor_set_peer(derivectx, peerkey) + || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE)) goto end; rv = 1; - end: +end: xor_freedata(peerkey); xor_freectx(derivectx); return rv; @@ -448,7 +446,7 @@ static const OSSL_ALGORITHM tls_prov_kem[] = { /* - * Obviously this is not FIPS approved, but in order to test in conjuction + * Obviously this is not FIPS approved, but in order to test in conjunction * with the FIPS provider we pretend that it is. */ { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions }, @@ -530,7 +528,8 @@ return 0; if ((p = OSSL_PARAM_locate(params, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) + != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; p->return_size = XOR_KEY_SIZE; @@ -561,7 +560,7 @@ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING - || p->data_size != XOR_KEY_SIZE) + || p->data_size != XOR_KEY_SIZE) return 0; memcpy(key->pubkey, p->data, XOR_KEY_SIZE); key->haspubkey = 1; @@ -586,17 +585,17 @@ }; static void *xor_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { struct xor_gen_ctx *gctx = NULL; - if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) + if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) return NULL; - if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) - gctx->selection = selection; + if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL) + return NULL; + gctx->selection = selection; /* Our provctx is really just an OSSL_LIB_CTX */ gctx->libctx = (OSSL_LIB_CTX *)provctx; @@ -618,8 +617,8 @@ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING - || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0 - && strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0)) + || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0 + && strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0)) return 0; } @@ -627,7 +626,7 @@ } static const OSSL_PARAM *xor_gen_settable_params(ossl_unused void *genctx, - ossl_unused void *provctx) + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), @@ -680,11 +679,11 @@ param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); if ((param_priv_key != NULL - && !OSSL_PARAM_get_octet_string(param_priv_key, &pprivkey, - sizeof(privkey), &priv_len)) + && !OSSL_PARAM_get_octet_string(param_priv_key, &pprivkey, + sizeof(privkey), &priv_len)) || (param_pub_key != NULL && !OSSL_PARAM_get_octet_string(param_pub_key, &ppubkey, - sizeof(pubkey), &pub_len))) + sizeof(pubkey), &pub_len))) goto err; if (priv_len > 0) { @@ -696,12 +695,12 @@ key->haspubkey = 1; } res = 1; - err: +err: return res; } static int xor_export(void *vkey, int select, OSSL_CALLBACK *param_cb, - void *cbarg) + void *cbarg) { XORKEY *key = vkey; OSSL_PARAM params[3], *p = params; @@ -710,10 +709,10 @@ return 0; *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, - key->privkey, - sizeof(key->privkey)); + key->privkey, + sizeof(key->privkey)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, - key->pubkey, sizeof(key->pubkey)); + key->pubkey, sizeof(key->pubkey)); *p++ = OSSL_PARAM_construct_end(); return param_cb(params, cbarg); @@ -745,13 +744,13 @@ { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, - (void (*)(void))xor_gen_settable_params }, + (void (*)(void))xor_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, - { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params }, - { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params }, - { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params }, - { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))xor_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))xor_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))xor_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))xor_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata }, @@ -764,7 +763,7 @@ static const OSSL_ALGORITHM tls_prov_keymgmt[] = { /* - * Obviously this is not FIPS approved, but in order to test in conjuction + * Obviously this is not FIPS approved, but in order to test in conjunction * with the FIPS provider we pretend that it is. */ { "XOR", "provider=tls-provider,fips=yes", xor_keymgmt_functions }, @@ -772,7 +771,7 @@ }; static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id, - int *no_cache) + int *no_cache) { *no_cache = 0; switch (operation_id) { @@ -806,8 +805,7 @@ { 0, NULL } }; -static -unsigned int randomize_tls_group_id(OSSL_LIB_CTX *libctx) +static unsigned int randomize_tls_group_id(OSSL_LIB_CTX *libctx) { /* * Randomise the group_id we're going to use to ensure we don't interoperate @@ -818,7 +816,7 @@ static int in_mem = 0; int i; - retry: +retry: if (RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id), 0) <= 0) return 0; /* @@ -841,9 +839,9 @@ } int tls_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); --- crypto/openssl/test/tls13ccstest.c.orig +++ crypto/openssl/test/tls13ccstest.c @@ -33,7 +33,7 @@ static int watchccs_puts(BIO *bp, const char *str); /* Choose a sufficiently large type likely to be unused for this custom BIO */ -# define BIO_TYPE_WATCHCCS_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_WATCHCCS_FILTER (0x80 | BIO_TYPE_FILTER) static BIO_METHOD *method_watchccs = NULL; @@ -41,8 +41,8 @@ { if (method_watchccs == NULL) { method_watchccs = BIO_meth_new(BIO_TYPE_WATCHCCS_FILTER, - "Watch CCS filter"); - if ( method_watchccs == NULL + "Watch CCS filter"); + if (method_watchccs == NULL || !BIO_meth_set_write(method_watchccs, watchccs_write) || !BIO_meth_set_read(method_watchccs, watchccs_read) || !BIO_meth_set_puts(method_watchccs, watchccs_puts) @@ -106,15 +106,15 @@ /* We assume that we always write complete records each time */ while (PACKET_remaining(&pkt)) { if (!PACKET_get_1(&pkt, &rectype) - || !PACKET_get_net_2(&pkt, &recvers) - || !PACKET_get_length_prefixed_2(&pkt, &msg)) + || !PACKET_get_net_2(&pkt, &recvers) + || !PACKET_get_length_prefixed_2(&pkt, &msg)) return 0; expectedrecvers = TLS1_2_VERSION; if (rectype == SSL3_RT_HANDSHAKE) { if (!PACKET_get_1(&msg, &msgtype) - || !PACKET_get_length_prefixed_3(&msg, &msgbody)) + || !PACKET_get_length_prefixed_3(&msg, &msgbody)) return 0; if (msgtype == SSL3_MT_CLIENT_HELLO) { chseen++; @@ -124,7 +124,7 @@ * session_id. */ if (!PACKET_forward(&msgbody, 34) - || !PACKET_get_length_prefixed_1(&msgbody, &sessionid)) + || !PACKET_get_length_prefixed_1(&msgbody, &sessionid)) return 0; if (chseen == 1) { @@ -140,9 +140,10 @@ * same as the first one. */ if (PACKET_remaining(&sessionid) != chsessidlen - || (chsessidlen > 0 - && memcmp(chsessid, PACKET_data(&sessionid), - chsessidlen) != 0)) + || (chsessidlen > 0 + && memcmp(chsessid, PACKET_data(&sessionid), + chsessidlen) + != 0)) badsessid = 1; } } else if (msgtype == SSL3_MT_SERVER_HELLO) { @@ -152,7 +153,7 @@ * session_id. */ if (!PACKET_forward(&msgbody, 34) - || !PACKET_get_length_prefixed_1(&msgbody, &sessionid)) + || !PACKET_get_length_prefixed_1(&msgbody, &sessionid)) return 0; /* @@ -160,9 +161,10 @@ * ClientHello */ if (PACKET_remaining(&sessionid) != chsessidlen - || (chsessidlen > 0 - && memcmp(chsessid, PACKET_data(&sessionid), - chsessidlen) != 0)) + || (chsessidlen > 0 + && memcmp(chsessid, PACKET_data(&sessionid), + chsessidlen) + != 0)) badsessid = 1; } } else if (rectype == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -173,9 +175,9 @@ * ServerHello */ if (!sappdataseen - && chseen == 1 - && shseen == 1 - && !sccsseen) + && chseen == 1 + && shseen == 1 + && !sccsseen) sccsseen = 1; else badccs = 1; @@ -193,7 +195,7 @@ } else { badccs = 1; } - } else if(rectype == SSL3_RT_APPLICATION_DATA) { + } else if (rectype == SSL3_RT_APPLICATION_DATA) { if (bio == s_to_c_fbio) sappdataseen = 1; else @@ -255,10 +257,10 @@ chsessidlen = 0; if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, - &sctx, &cctx, cert, privkey)) + TLS_client_method(), TLS1_VERSION, 0, + &sctx, &cctx, cert, privkey)) || !TEST_true(SSL_CTX_set_max_early_data(sctx, - SSL3_RT_MAX_PLAIN_LENGTH))) + SSL3_RT_MAX_PLAIN_LENGTH))) goto err; /* @@ -301,7 +303,7 @@ if (tst >= 6) { /* Get a session suitable for early_data */ if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL)) - || !TEST_true(create_ssl_connection(sssl, cssl, SSL_ERROR_NONE))) + || !TEST_true(create_ssl_connection(sssl, cssl, SSL_ERROR_NONE))) goto err; sess = SSL_get1_session(cssl); if (!TEST_ptr(sess)) @@ -316,10 +318,10 @@ if ((tst >= 3 && tst <= 5) || tst >= 9) { /* HRR handshake */ #if defined(OPENSSL_NO_EC) -# if !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_DH) if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "ffdhe3072"))) goto err; -# endif +#endif #else if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "P-256"))) goto err; @@ -329,7 +331,7 @@ s_to_c_fbio = BIO_new(bio_f_watchccs_filter()); c_to_s_fbio = BIO_new(bio_f_watchccs_filter()); if (!TEST_ptr(s_to_c_fbio) - || !TEST_ptr(c_to_s_fbio)) { + || !TEST_ptr(c_to_s_fbio)) { BIO_free(s_to_c_fbio); BIO_free(c_to_s_fbio); goto err; @@ -337,18 +339,18 @@ /* BIOs get freed on error */ if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, s_to_c_fbio, - c_to_s_fbio))) + c_to_s_fbio))) goto err; if (tst >= 6) { /* Early data */ if (!TEST_true(SSL_set_session(cssl, sess)) - || !TEST_true(SSL_write_early_data(cssl, msg, strlen(msg), - &written)) - || (tst <= 8 - && !TEST_int_eq(SSL_read_early_data(sssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_SUCCESS))) + || !TEST_true(SSL_write_early_data(cssl, msg, strlen(msg), + &written)) + || (tst <= 8 + && !TEST_int_eq(SSL_read_early_data(sssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS))) goto err; if (tst <= 8) { if (!TEST_int_gt(SSL_connect(cssl), 0)) @@ -357,9 +359,9 @@ if (!TEST_int_le(SSL_connect(cssl), 0)) goto err; } - if (!TEST_int_eq(SSL_read_early_data(sssl, buf, sizeof(buf), - &readbytes), - SSL_READ_EARLY_DATA_FINISH)) + if (!TEST_int_eq(SSL_read_early_data(sssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH)) goto err; } @@ -378,97 +380,97 @@ switch (tst) { case 0: if (!TEST_true(sccsseen) - || !TEST_true(ccsaftersh) - || !TEST_false(ccsbeforesh) - || !TEST_size_t_gt(chsessidlen, 0)) + || !TEST_true(ccsaftersh) + || !TEST_false(ccsbeforesh) + || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; case 1: if (!TEST_true(sccsseen) - || !TEST_false(ccsaftersh) - || !TEST_false(ccsbeforesh) - || !TEST_size_t_eq(chsessidlen, 0)) + || !TEST_false(ccsaftersh) + || !TEST_false(ccsbeforesh) + || !TEST_size_t_eq(chsessidlen, 0)) goto err; break; case 2: if (!TEST_false(sccsseen) - || !TEST_true(ccsaftersh) - || !TEST_false(ccsbeforesh) - || !TEST_size_t_gt(chsessidlen, 0)) + || !TEST_true(ccsaftersh) + || !TEST_false(ccsbeforesh) + || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; case 3: if (!TEST_true(sccsseen) - || !TEST_true(ccsaftersh) - || !TEST_false(ccsbeforesh) - || !TEST_size_t_gt(chsessidlen, 0)) + || !TEST_true(ccsaftersh) + || !TEST_false(ccsbeforesh) + || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; case 4: if (!TEST_true(sccsseen) - || !TEST_false(ccsaftersh) - || !TEST_false(ccsbeforesh) - || !TEST_size_t_eq(chsessidlen, 0)) + || !TEST_false(ccsaftersh) + || !TEST_false(ccsbeforesh) + || !TEST_size_t_eq(chsessidlen, 0)) goto err; break; case 5: if (!TEST_false(sccsseen) - || !TEST_true(ccsaftersh) - || !TEST_false(ccsbeforesh) - || !TEST_size_t_gt(chsessidlen, 0)) + || !TEST_true(ccsaftersh) + || !TEST_false(ccsbeforesh) + || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; case 6: if (!TEST_true(sccsseen) - || !TEST_false(ccsaftersh) - || !TEST_true(ccsbeforesh) - || !TEST_size_t_gt(chsessidlen, 0)) + || !TEST_false(ccsaftersh) + || !TEST_true(ccsbeforesh) + || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; case 7: if (!TEST_true(sccsseen) - || !TEST_false(ccsaftersh) - || !TEST_false(ccsbeforesh) - || !TEST_size_t_eq(chsessidlen, 0)) + || !TEST_false(ccsaftersh) + || !TEST_false(ccsbeforesh) + || !TEST_size_t_eq(chsessidlen, 0)) goto err; break; case 8: if (!TEST_false(sccsseen) - || !TEST_false(ccsaftersh) - || !TEST_true(ccsbeforesh) - || !TEST_size_t_gt(chsessidlen, 0)) + || !TEST_false(ccsaftersh) + || !TEST_true(ccsbeforesh) + || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; case 9: if (!TEST_true(sccsseen) - || !TEST_false(ccsaftersh) - || !TEST_true(ccsbeforesh) - || !TEST_size_t_gt(chsessidlen, 0)) + || !TEST_false(ccsaftersh) + || !TEST_true(ccsbeforesh) + || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; case 10: if (!TEST_true(sccsseen) - || !TEST_false(ccsaftersh) - || !TEST_false(ccsbeforesh) - || !TEST_size_t_eq(chsessidlen, 0)) + || !TEST_false(ccsaftersh) + || !TEST_false(ccsbeforesh) + || !TEST_size_t_eq(chsessidlen, 0)) goto err; break; case 11: if (!TEST_false(sccsseen) - || !TEST_false(ccsaftersh) - || !TEST_true(ccsbeforesh) - || !TEST_size_t_gt(chsessidlen, 0)) + || !TEST_false(ccsaftersh) + || !TEST_true(ccsbeforesh) + || !TEST_size_t_gt(chsessidlen, 0)) goto err; break; @@ -478,7 +480,7 @@ } ret = 1; - err: +err: SSL_SESSION_free(sess); SSL_free(sssl); SSL_free(cssl); @@ -498,7 +500,7 @@ } if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1))) + || !TEST_ptr(privkey = test_get_argument(1))) return 0; ADD_ALL_TESTS(test_tls13ccs, 12); --- crypto/openssl/test/tls13encryptiontest.c.orig +++ crypto/openssl/test/tls13encryptiontest.c @@ -39,11 +39,10 @@ * Note 2: These are the vectors for the "Simple 1-RTT Handshake" */ static RECORD_DATA refdata[] = { - { - /* - * Server: EncryptedExtensions, Certificate, CertificateVerify and - * Finished - */ + { /* + * Server: EncryptedExtensions, Certificate, CertificateVerify and + * Finished + */ { "080000240022000a00140012001d00170018001901000101010201030104001c" "00024001000000000b0001b9000001b50001b0308201ac30820115a003020102" @@ -65,16 +64,14 @@ "f642d733be2eb27484ad8a8c8eb3516a7ac57f2625e2b5c0888a8541f4e734f7" "3d054761df1dd02f0e3e9a33cfa10b6e3eb4ebf7ac053b01fdabbddfc54133bc" "d24c8bbdceb223b2aa03452a2914000020ac86acbc9cd25a45b57ad5b64db15d" - "4405cf8c80e314583ebf3283ef9a99310c16" - }, - { - "f10b26d8fcaf67b5b828f712122216a1cd14187465b77637cbcd78539128bb93" - "246dcca1af56f1eaa271666077455bc54965d85f05f9bd36d6996171eb536aff" - "613eeddc42bad5a2d2227c4606f1215f980e7afaf56bd3b85a51be130003101a" - "758d077b1c891d8e7a22947e5a229851fd42a9dd422608f868272abf92b3d43f" - "b46ac420259346067f66322fd708885680f4b4433c29116f2dfa529e09bba53c" - "7cd920121724809eaddcc84307ef46fc51a0b33d99d39db337fcd761ce0f2b02" - "dc73dedb6fddb77c4f8099bde93d5bee08bcf2131f29a2a37ff07949e8f8bcdd", + "4405cf8c80e314583ebf3283ef9a99310c16" }, + { "f10b26d8fcaf67b5b828f712122216a1cd14187465b77637cbcd78539128bb93" + "246dcca1af56f1eaa271666077455bc54965d85f05f9bd36d6996171eb536aff" + "613eeddc42bad5a2d2227c4606f1215f980e7afaf56bd3b85a51be130003101a" + "758d077b1c891d8e7a22947e5a229851fd42a9dd422608f868272abf92b3d43f" + "b46ac420259346067f66322fd708885680f4b4433c29116f2dfa529e09bba53c" + "7cd920121724809eaddcc84307ef46fc51a0b33d99d39db337fcd761ce0f2b02" + "dc73dedb6fddb77c4f8099bde93d5bee08bcf2131f29a2a37ff07949e8f8bcdd", "3e8310b8bf8b3444c85aaf0d2aeb2d4f36fd14d5cb51fcebff418b3827136ab9" "529e9a3d3f35e4c0ae749ea2dbc94982a1281d3e6daab719aa4460889321a008" "bf10fa06ac0c61cc122cc90d5e22c0030c986ae84a33a0c47df174bcfbd50bf7" @@ -89,28 +86,22 @@ "4058399b8db9075f2dcc8216194e503b6652d87d2cb41f99adfdcc5be5ec7e1e" "6326ac22d70bd3ba652827532d669aff005173597f8039c3ea4922d3ec757670" "222f6ac29b93e90d7ad3f6dd96328e429cfcfd5cca22707fe2d86ad1dcb0be75" - "6e8e" - }, + "6e8e" }, "c66cb1aec519df44c91e10995511ac8b", "f7f6884c4981716c2d0d29a4", - "0000000000000000" - }, - { - /* Client: Finished */ + "0000000000000000" }, + { /* Client: Finished */ { "14000020b9027a0204b972b52cdefa58950fa1580d68c9cb124dbe691a7178f2" - "5c554b2316", "", "" - }, - { - "9539b4ae2f87fd8e616b295628ea953d9e3858db274970d19813ec136cae7d96" - "e0417775fcabd3d8858fdc60240912d218f5afb21c", "", "" - }, + "5c554b2316", + "", "" }, + { "9539b4ae2f87fd8e616b295628ea953d9e3858db274970d19813ec136cae7d96" + "e0417775fcabd3d8858fdc60240912d218f5afb21c", + "", "" }, "2679a43e1d76784034ea1797d5ad2649", "5482405290dd0d2f81c0d942", - "0000000000000000" - }, - { - /* Server: NewSessionTicket */ + "0000000000000000" }, + { /* Server: NewSessionTicket */ { "040000c90000001e2fd3992f02000000b2ff099f9676cdff8b0bf8825d000000" "007905a9d28efeef4a47c6f9b06a0cecdb0070d920b898997c75b79636943ed4" @@ -118,81 +109,64 @@ "769129b740ce38090842b828c27fd729f59737ba98aa7b42e043c5da28f8dca8" "590b2df410d5134fd6c4cacad8b30370602afa35d265bf4d127976bb36dbda6a" "626f0270e20eebc73d6fcae2b1a0da122ee9042f76be56ebf41aa469c3d2c9da" - "9197d80008002a00040000040016", "", "" - }, - { - "3680c2b2109d25caa26c3b06eea9fdc5cb31613ba702176596da2e886bf6af93" - "507bd68161ad9cb4780653842e1041ecbf0088a65ac4ef438419dd1d95ddd9bd" - "2ad4484e7e167d0e6c008448ae58a0418713b6fc6c51e4bb23a537fb75a74f73" - "de31fe6aa0bc522515f8b25f8955428b5de5ac06762cec22b0aa78c94385ef8e" - "70fa24945b7c1f268510871689bbbbfaf2e7f4a19277024f95f1143ab12a31ec" - "63adb128cb390711fd6d06a498df3e98615d8eb102e23353b480efcca5e8e026" - "7a6d0fe2441f14c8c9664aefb2cfff6ae9e0442728b6a0940c1e824fda06", + "9197d80008002a00040000040016", + "", "" }, + { "3680c2b2109d25caa26c3b06eea9fdc5cb31613ba702176596da2e886bf6af93" + "507bd68161ad9cb4780653842e1041ecbf0088a65ac4ef438419dd1d95ddd9bd" + "2ad4484e7e167d0e6c008448ae58a0418713b6fc6c51e4bb23a537fb75a74f73" + "de31fe6aa0bc522515f8b25f8955428b5de5ac06762cec22b0aa78c94385ef8e" + "70fa24945b7c1f268510871689bbbbfaf2e7f4a19277024f95f1143ab12a31ec" + "63adb128cb390711fd6d06a498df3e98615d8eb102e23353b480efcca5e8e026" + "7a6d0fe2441f14c8c9664aefb2cfff6ae9e0442728b6a0940c1e824fda06", "", "" }, "a688ebb5ac826d6f42d45c0cc44b9b7d", "c1cad4425a438b5de714830a", - "0000000000000000" - }, - { - /* Client: Application Data */ + "0000000000000000" }, + { /* Client: Application Data */ { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" - "202122232425262728292a2b2c2d2e2f303117", "", "" - }, - { - "8c3497da00ae023e53c01b4324b665404c1b49e78fe2bf4d17f6348ae8340551" - "e363a0cd05f2179c4fef5ad689b5cae0bae94adc63632e571fb79aa91544c639" - "4d28a1", "", "" + "202122232425262728292a2b2c2d2e2f303117", + "", "" }, + { "8c3497da00ae023e53c01b4324b665404c1b49e78fe2bf4d17f6348ae8340551" + "e363a0cd05f2179c4fef5ad689b5cae0bae94adc63632e571fb79aa91544c639" + "4d28a1", + "", "" }, "88b96ad686c84be55ace18a59cce5c87", "b99dc58cd5ff5ab082fdad19", - "0000000000000000" - }, + "0000000000000000" }, - - { - /* Server: Application Data */ + { /* Server: Application Data */ { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" - "202122232425262728292a2b2c2d2e2f303117", "", "" - }, - { - "f65f49fd2df6cd2347c3d30166e3cfddb6308a5906c076112c6a37ff1dbd406b" - "5813c0abd734883017a6b2833186b13c14da5d75f33d8760789994e27d82043a" - "b88d65", "", "" - }, + "202122232425262728292a2b2c2d2e2f303117", + "", "" }, + { "f65f49fd2df6cd2347c3d30166e3cfddb6308a5906c076112c6a37ff1dbd406b" + "5813c0abd734883017a6b2833186b13c14da5d75f33d8760789994e27d82043a" + "b88d65", + "", "" }, "a688ebb5ac826d6f42d45c0cc44b9b7d", "c1cad4425a438b5de714830a", - "0000000000000001" - }, - { - /* Client: CloseNotify */ - { - "010015", "", "" - }, + "0000000000000001" }, + { /* Client: CloseNotify */ { - "2c2148163d7938a35f6acf2a6606f8cbd1d9f2", "", "" - }, + "010015", "", "" }, + { "2c2148163d7938a35f6acf2a6606f8cbd1d9f2", "", "" }, "88b96ad686c84be55ace18a59cce5c87", "b99dc58cd5ff5ab082fdad19", - "0000000000000001" - }, - { - /* Server: CloseNotify */ + "0000000000000001" }, + { /* Server: CloseNotify */ { - "010015", "", "" - }, - { - "f8141ebdb5eda511e0bce639a56ff9ea825a21", "", "" + "010015", "", "" }, + { "f8141ebdb5eda511e0bce639a56ff9ea825a21", "", "" }, "a688ebb5ac826d6f42d45c0cc44b9b7d", "c1cad4425a438b5de714830a", - "0000000000000002" - } + "0000000000000002" } }; /* @@ -237,7 +211,7 @@ } static int load_record(SSL3_RECORD *rec, RECORD_DATA *recd, unsigned char **key, - unsigned char *iv, size_t ivlen, unsigned char *seq) + unsigned char *iv, size_t ivlen, unsigned char *seq) { unsigned char *pt = NULL, *sq = NULL, *ivtmp = NULL; size_t ptlen; @@ -264,7 +238,7 @@ OPENSSL_free(ivtmp); return 1; - err: +err: OPENSSL_free(*key); *key = NULL; OPENSSL_free(ivtmp); @@ -294,12 +268,12 @@ ret = 1; - err: +err: OPENSSL_free(refd); return ret; } -#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") +#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") static int test_tls13_encryption(void) { @@ -349,20 +323,20 @@ /* Load the record */ ivlen = EVP_CIPHER_get_iv_length(ciph); if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen, - RECORD_LAYER_get_read_sequence(&s->rlayer))) { + RECORD_LAYER_get_read_sequence(&s->rlayer))) { TEST_error("Failed loading key into EVP_CIPHER_CTX"); goto err; } /* Set up the read/write sequences */ memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), - RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE); + RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE); memcpy(s->write_iv, s->read_iv, ivlen); /* Load the key into the EVP_CIPHER_CTXs */ if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0 - || EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0) - <= 0) { + || EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0) + <= 0) { TEST_error("Failed loading key into EVP_CIPHER_CTX\n"); goto err; } @@ -400,7 +374,7 @@ TEST_note("PASS: %zu records tested", ctr); ret = 1; - err: +err: OPENSSL_free(rec.data); OPENSSL_free(key); OPENSSL_free(iv); --- crypto/openssl/test/tls13secretstest.c.orig +++ crypto/openssl/test/tls13secretstest.c @@ -13,8 +13,8 @@ #include "../ssl/ssl_local.h" #include "testutil.h" -#define IVLEN 12 -#define KEYLEN 16 +#define IVLEN 12 +#define KEYLEN 16 /* * Based on the test vectors available in: @@ -22,107 +22,107 @@ */ static unsigned char hs_start_hash[] = { -0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16, -0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7, -0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d + 0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16, + 0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7, + 0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d }; static unsigned char hs_full_hash[] = { -0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56, -0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0, -0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf + 0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56, + 0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0, + 0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf }; static unsigned char early_secret[] = { -0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93, -0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2, -0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a + 0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93, + 0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2, + 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a }; static unsigned char ecdhe_secret[] = { -0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24, -0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0, -0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42 + 0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24, + 0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0, + 0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42 }; static unsigned char handshake_secret[] = { -0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3, -0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05, -0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06 + 0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3, + 0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05, + 0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06 }; static const char *client_hts_label = "c hs traffic"; static unsigned char client_hts[] = { -0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a, -0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75, -0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03 + 0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a, + 0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75, + 0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03 }; static unsigned char client_hts_key[] = { -0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5, -0xad, 0x26, 0x49 + 0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5, + 0xad, 0x26, 0x49 }; static unsigned char client_hts_iv[] = { -0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42 + 0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42 }; static const char *server_hts_label = "s hs traffic"; static unsigned char server_hts[] = { -0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0, -0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3, -0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79 + 0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0, + 0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3, + 0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79 }; static unsigned char server_hts_key[] = { -0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55, -0x11, 0xac, 0x8b + 0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55, + 0x11, 0xac, 0x8b }; static unsigned char server_hts_iv[] = { -0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4 + 0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4 }; static unsigned char master_secret[] = { -0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b, -0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37, -0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7 + 0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b, + 0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37, + 0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7 }; static const char *client_ats_label = "c ap traffic"; static unsigned char client_ats[] = { -0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89, -0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa, -0x78, 0x22, 0x26, 0xb2, 0x36, 0x26 + 0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89, + 0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa, + 0x78, 0x22, 0x26, 0xb2, 0x36, 0x26 }; static unsigned char client_ats_key[] = { -0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c, -0xce, 0x5c, 0x87 + 0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c, + 0xce, 0x5c, 0x87 }; static unsigned char client_ats_iv[] = { -0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19 + 0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19 }; static const char *server_ats_label = "s ap traffic"; static unsigned char server_ats[] = { -0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39, -0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec, -0x11, 0x43, 0x5d, 0x30, 0x57, 0x19 + 0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39, + 0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec, + 0x11, 0x43, 0x5d, 0x30, 0x57, 0x19 }; static unsigned char server_ats_key[] = { -0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4, -0x4b, 0x9b, 0x7d + 0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4, + 0x4b, 0x9b, 0x7d }; static unsigned char server_ats_iv[] = { -0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a + 0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a }; /* Mocked out implementations of various functions */ @@ -135,10 +135,10 @@ /* Give a hash of the currently set handshake */ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, - size_t *hashlen) + size_t *hashlen) { if (sizeof(hs_start_hash) > outlen - || sizeof(hs_full_hash) != sizeof(hs_start_hash)) + || sizeof(hs_full_hash) != sizeof(hs_start_hash)) return 0; if (full_hash) { @@ -166,15 +166,15 @@ } int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, - const EVP_CIPHER **enc) + const EVP_CIPHER **enc) { return 0; } int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, - const EVP_CIPHER **enc, const EVP_MD **md, - int *mac_pkey_type, size_t *mac_secret_size, - SSL_COMP **comp, int use_etm) + const EVP_CIPHER **enc, const EVP_MD **md, + int *mac_pkey_type, size_t *mac_secret_size, + SSL_COMP **comp, int use_etm) { return 0; @@ -186,9 +186,9 @@ } int ssl_log_secret(SSL *ssl, - const char *label, - const uint8_t *secret, - size_t secret_len) + const char *label, + const uint8_t *secret, + size_t secret_len) { return 1; } @@ -227,9 +227,9 @@ /* End of mocked out code */ static int test_secret(SSL *s, unsigned char *prk, - const unsigned char *label, size_t labellen, - const unsigned char *ref_secret, - const unsigned char *ref_key, const unsigned char *ref_iv) + const unsigned char *label, size_t labellen, + const unsigned char *ref_secret, + const unsigned char *ref_key, const unsigned char *ref_iv) { size_t hashsize; unsigned char gensecret[EVP_MAX_MD_SIZE]; @@ -244,7 +244,7 @@ } if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize, - gensecret, hashsize, 1)) { + gensecret, hashsize, 1)) { TEST_error("Secret generation failed"); return 0; } @@ -285,7 +285,7 @@ goto err; s = SSL_new(ctx); - if (!TEST_ptr(s )) + if (!TEST_ptr(s)) goto err; s->session = SSL_SESSION_new(); @@ -293,25 +293,25 @@ goto err; if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0, - (unsigned char *)&s->early_secret))) { + (unsigned char *)&s->early_secret))) { TEST_info("Early secret generation failed"); goto err; } if (!TEST_mem_eq(s->early_secret, sizeof(early_secret), - early_secret, sizeof(early_secret))) { + early_secret, sizeof(early_secret))) { TEST_info("Early secret does not match"); goto err; } if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret, - sizeof(ecdhe_secret)))) { + sizeof(ecdhe_secret)))) { TEST_info("Handshake secret generation failed"); goto err; } if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret), - handshake_secret, sizeof(handshake_secret))) + handshake_secret, sizeof(handshake_secret))) goto err; hashsize = EVP_MD_get_size(ssl_handshake_md(s)); @@ -323,9 +323,9 @@ goto err; if (!TEST_true(test_secret(s, s->handshake_secret, - (unsigned char *)client_hts_label, - strlen(client_hts_label), client_hts, - client_hts_key, client_hts_iv))) { + (unsigned char *)client_hts_label, + strlen(client_hts_label), client_hts, + client_hts_key, client_hts_iv))) { TEST_info("Client handshake secret test failed"); goto err; } @@ -338,9 +338,9 @@ goto err; if (!TEST_true(test_secret(s, s->handshake_secret, - (unsigned char *)server_hts_label, - strlen(server_hts_label), server_hts, - server_hts_key, server_hts_iv))) { + (unsigned char *)server_hts_label, + strlen(server_hts_label), server_hts, + server_hts_key, server_hts_iv))) { TEST_info("Server handshake secret test failed"); goto err; } @@ -352,14 +352,14 @@ full_hash = 1; if (!TEST_true(tls13_generate_master_secret(s, out_master_secret, - s->handshake_secret, hashsize, - &master_secret_length))) { + s->handshake_secret, hashsize, + &master_secret_length))) { TEST_info("Master secret generation failed"); goto err; } if (!TEST_mem_eq(out_master_secret, master_secret_length, - master_secret, sizeof(master_secret))) { + master_secret, sizeof(master_secret))) { TEST_info("Master secret does not match"); goto err; } @@ -372,9 +372,9 @@ goto err; if (!TEST_true(test_secret(s, out_master_secret, - (unsigned char *)client_ats_label, - strlen(client_ats_label), client_ats, - client_ats_key, client_ats_iv))) { + (unsigned char *)client_ats_label, + strlen(client_ats_label), client_ats, + client_ats_key, client_ats_iv))) { TEST_info("Client application data secret test failed"); goto err; } @@ -387,15 +387,15 @@ goto err; if (!TEST_true(test_secret(s, out_master_secret, - (unsigned char *)server_ats_label, - strlen(server_ats_label), server_ats, - server_ats_key, server_ats_iv))) { + (unsigned char *)server_ats_label, + strlen(server_ats_label), server_ats, + server_ats_key, server_ats_iv))) { TEST_info("Server application data secret test failed"); goto err; } ret = 1; - err: +err: SSL_free(s); SSL_CTX_free(ctx); return ret; --- crypto/openssl/test/trace_api_test.c.orig +++ crypto/openssl/test/trace_api_test.c @@ -22,29 +22,29 @@ int expected_ret; switch (cat_num) { -#define CASE(name) \ - case OSSL_TRACE_CATEGORY_##name: \ - is_cat_name_eq = TEST_str_eq(cat_name, #name); \ - break - - CASE(ALL); - CASE(TRACE); - CASE(INIT); - CASE(TLS); - CASE(TLS_CIPHER); - CASE(CONF); - CASE(ENGINE_TABLE); - CASE(ENGINE_REF_COUNT); - CASE(PKCS5V2); - CASE(PKCS12_KEYGEN); - CASE(PKCS12_DECRYPT); - CASE(X509V3_POLICY); - CASE(BN_CTX); - CASE(CMP); - CASE(STORE); - CASE(DECODER); - CASE(ENCODER); - CASE(REF_COUNT); +#define CASE(name) \ + case OSSL_TRACE_CATEGORY_##name: \ + is_cat_name_eq = TEST_str_eq(cat_name, #name); \ + break + + CASE(ALL); + CASE(TRACE); + CASE(INIT); + CASE(TLS); + CASE(TLS_CIPHER); + CASE(CONF); + CASE(ENGINE_TABLE); + CASE(ENGINE_REF_COUNT); + CASE(PKCS5V2); + CASE(PKCS12_KEYGEN); + CASE(PKCS12_DECRYPT); + CASE(X509V3_POLICY); + CASE(BN_CTX); + CASE(CMP); + CASE(STORE); + CASE(DECODER); + CASE(ENCODER); + CASE(REF_COUNT); #undef CASE default: is_cat_name_eq = TEST_ptr_null(cat_name); @@ -53,8 +53,7 @@ if (!TEST_true(is_cat_name_eq)) return 0; - ret_cat_num = - OSSL_trace_get_category_num(cat_name); + ret_cat_num = OSSL_trace_get_category_num(cat_name); expected_ret = cat_name != NULL ? cat_num : -1; if (!TEST_int_eq(expected_ret, ret_cat_num)) return 0; @@ -66,10 +65,12 @@ #ifndef OPENSSL_NO_TRACE static void put_trace_output(void) { - OSSL_TRACE_BEGIN(REF_COUNT) { + OSSL_TRACE_BEGIN(REF_COUNT) + { BIO_printf(trc_out, "Hello World\n"); BIO_printf(trc_out, "Good Bye Universe\n"); - } OSSL_TRACE_END(REF_COUNT); + } + OSSL_TRACE_END(REF_COUNT); } static int test_trace_channel(void) @@ -105,7 +106,7 @@ bio = NULL; ret = 1; - end: +end: BIO_free(bio); return ret; } @@ -114,7 +115,7 @@ static int trace_cb_called; static size_t trace_cb(const char *buffer, size_t count, - int category, int cmd, void *data) + int category, int cmd, void *data) { trace_cb_called = 1; if (!TEST_true(category == OSSL_TRACE_CATEGORY_TRACE)) @@ -127,7 +128,7 @@ int ret = 0; if (!TEST_true(OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_TRACE, trace_cb, - NULL))) + NULL))) goto end; put_trace_output(); @@ -136,7 +137,7 @@ goto end; ret = 1; - end: +end: return ret; } #endif --- crypto/openssl/test/uitest.c.orig +++ crypto/openssl/test/uitest.c @@ -14,7 +14,6 @@ #include "apps_ui.h" #include "testutil.h" - #include /* Old style PEM password callback */ @@ -36,16 +35,16 @@ char pass[16]; int ok = 0; - if (!TEST_ptr(ui_method = - UI_UTIL_wrap_read_pem_callback( test_pem_password_cb, 0)) - || !TEST_ptr(ui = UI_new_method(ui_method))) + if (!TEST_ptr(ui_method = UI_UTIL_wrap_read_pem_callback(test_pem_password_cb, 0)) + || !TEST_ptr(ui = UI_new_method(ui_method))) goto err; /* The wrapper passes the UI userdata as the callback userdata param */ UI_add_user_data(ui, defpass); if (UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD, - pass, 0, sizeof(pass) - 1) <= 0) + pass, 0, sizeof(pass) - 1) + <= 0) goto err; switch (UI_process(ui)) { @@ -61,7 +60,7 @@ if (TEST_str_eq(pass, defpass)) ok = 1; - err: +err: UI_free(ui); UI_destroy_method(ui_method); @@ -80,7 +79,7 @@ (void)setup_ui_method(); if (TEST_int_gt(password_callback(pass, sizeof(pass), 0, &cb_data), 0) - && TEST_str_eq(pass, cb_data.password)) + && TEST_str_eq(pass, cb_data.password)) ok = 1; destroy_ui_method(); return ok; --- crypto/openssl/test/upcallstest.c.orig +++ crypto/openssl/test/upcallstest.c @@ -13,7 +13,7 @@ #include "testutil.h" static const OSSL_ALGORITHM *obj_query(void *provctx, int operation_id, - int *no_cache) + int *no_cache) { *no_cache = 0; return NULL; @@ -38,14 +38,14 @@ #define SIGALG_LN "my-sigalg-long" static int obj_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { *provctx = (void *)handle; *out = obj_dispatch_table; - for (; in->function_id != 0; in++) { + for (; in->function_id != 0; in++) { switch (in->function_id) { case OSSL_FUNC_CORE_OBJ_ADD_SIGID: c_obj_add_sigid = OSSL_FUNC_core_obj_add_sigid(in); @@ -61,8 +61,8 @@ } if (!c_obj_create(handle, DIGEST_OID, DIGEST_SN, DIGEST_LN) - || !c_obj_create(handle, SIG_OID, SIG_SN, SIG_LN) - || !c_obj_create(handle, SIGALG_OID, SIGALG_SN, SIGALG_LN)) + || !c_obj_create(handle, SIG_OID, SIG_SN, SIG_LN) + || !c_obj_create(handle, SIGALG_OID, SIGALG_SN, SIGALG_LN)) return 0; if (!c_obj_add_sigid(handle, SIGALG_OID, DIGEST_SN, SIG_LN)) @@ -91,22 +91,22 @@ goto err; if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "obj-prov", - obj_provider_init)) - || !TEST_ptr(objprov = OSSL_PROVIDER_load(libctx, "obj-prov"))) + obj_provider_init)) + || !TEST_ptr(objprov = OSSL_PROVIDER_load(libctx, "obj-prov"))) goto err; /* Check that the provider created the OIDs/NIDs we expected */ sigalgnid = OBJ_txt2nid(SIGALG_OID); if (!TEST_int_ne(sigalgnid, NID_undef) - || !TEST_true(OBJ_find_sigid_algs(sigalgnid, &digestnid, &signid)) - || !TEST_int_ne(digestnid, NID_undef) - || !TEST_int_ne(signid, NID_undef) - || !TEST_int_eq(digestnid, OBJ_sn2nid(DIGEST_SN)) - || !TEST_int_eq(signid, OBJ_ln2nid(SIG_LN))) + || !TEST_true(OBJ_find_sigid_algs(sigalgnid, &digestnid, &signid)) + || !TEST_int_ne(digestnid, NID_undef) + || !TEST_int_ne(signid, NID_undef) + || !TEST_int_eq(digestnid, OBJ_sn2nid(DIGEST_SN)) + || !TEST_int_eq(signid, OBJ_ln2nid(SIG_LN))) goto err; testresult = 1; - err: +err: OSSL_PROVIDER_unload(objprov); OSSL_LIB_CTX_free(libctx); return testresult; --- crypto/openssl/test/user_property_test.c.orig +++ crypto/openssl/test/user_property_test.c @@ -37,7 +37,7 @@ } static int tmpmd_digest(void *provctx, const unsigned char *in, size_t inl, - unsigned char *out, size_t *outl, size_t outsz) + unsigned char *out, size_t *outl, size_t outsz) { return 0; } @@ -54,8 +54,8 @@ }; static const OSSL_ALGORITHM *testprov_query(void *provctx, - int operation_id, - int *no_cache) + int operation_id, + int *no_cache) { *no_cache = 0; return operation_id == OSSL_OP_DIGEST ? testprov_digests : NULL; @@ -67,9 +67,9 @@ }; static int testprov_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { *provctx = (void *)handle; *out = testprov_dispatch_table; @@ -91,19 +91,19 @@ int res = 0; if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()) - || !TEST_true(OSSL_PROVIDER_add_builtin(libctx, "testprov", - testprov_provider_init))) + || !TEST_true(OSSL_PROVIDER_add_builtin(libctx, "testprov", + testprov_provider_init))) goto err; if (propsorder == DEFAULT_PROPS_FIRST - && !TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES))) + && !TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES))) goto err; if (!TEST_ptr(testprov = OSSL_PROVIDER_load(libctx, "testprov"))) goto err; if (propsorder == DEFAULT_PROPS_AFTER_LOAD - && !TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES))) + && !TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES))) goto err; if (!TEST_ptr(testprovmd = EVP_MD_fetch(libctx, "testprovmd", NULL))) @@ -118,7 +118,7 @@ } res = 1; - err: +err: EVP_MD_free(testprovmd); OSSL_PROVIDER_unload(testprov); OSSL_LIB_CTX_free(libctx); --- crypto/openssl/test/v3ext.c.orig +++ crypto/openssl/test/v3ext.c @@ -27,8 +27,8 @@ int ret = 0; if (!TEST_ptr(b = BIO_new_file(infile, "r")) - || !TEST_ptr(x = PEM_read_bio_X509(b, NULL, NULL, NULL)) - || !TEST_int_eq(pathlen = X509_get_pathlen(x), 6)) + || !TEST_ptr(x = PEM_read_bio_X509(b, NULL, NULL, NULL)) + || !TEST_int_eq(pathlen = X509_get_pathlen(x), 6)) goto end; ret = 1; @@ -48,12 +48,12 @@ int testresult = 0; if (!TEST_ptr(asid1) - || !TEST_ptr(asid2) - || !TEST_ptr(asid3)) + || !TEST_ptr(asid2) + || !TEST_ptr(asid3)) goto err; if (!TEST_ptr(val1 = ASN1_INTEGER_new()) - || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))) + || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))) goto err; if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL))) @@ -61,7 +61,7 @@ val1 = NULL; if (!TEST_ptr(val2 = ASN1_INTEGER_new()) - || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) + || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) goto err; if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL))) @@ -69,9 +69,9 @@ val2 = NULL; if (!TEST_ptr(val1 = ASN1_INTEGER_new()) - || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)) - || !TEST_ptr(val2 = ASN1_INTEGER_new()) - || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) + || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)) + || !TEST_ptr(val2 = ASN1_INTEGER_new()) + || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) goto err; /* @@ -84,30 +84,30 @@ /* Actual subsets */ if (!TEST_true(X509v3_asid_subset(NULL, NULL)) - || !TEST_true(X509v3_asid_subset(NULL, asid1)) - || !TEST_true(X509v3_asid_subset(asid1, asid1)) - || !TEST_true(X509v3_asid_subset(asid2, asid2)) - || !TEST_true(X509v3_asid_subset(asid1, asid3)) - || !TEST_true(X509v3_asid_subset(asid2, asid3)) - || !TEST_true(X509v3_asid_subset(asid3, asid3)) - || !TEST_true(X509v3_asid_subset(asid4, asid1)) - || !TEST_true(X509v3_asid_subset(asid4, asid2)) - || !TEST_true(X509v3_asid_subset(asid4, asid3))) + || !TEST_true(X509v3_asid_subset(NULL, asid1)) + || !TEST_true(X509v3_asid_subset(asid1, asid1)) + || !TEST_true(X509v3_asid_subset(asid2, asid2)) + || !TEST_true(X509v3_asid_subset(asid1, asid3)) + || !TEST_true(X509v3_asid_subset(asid2, asid3)) + || !TEST_true(X509v3_asid_subset(asid3, asid3)) + || !TEST_true(X509v3_asid_subset(asid4, asid1)) + || !TEST_true(X509v3_asid_subset(asid4, asid2)) + || !TEST_true(X509v3_asid_subset(asid4, asid3))) goto err; /* Not subsets */ if (!TEST_false(X509v3_asid_subset(asid1, NULL)) - || !TEST_false(X509v3_asid_subset(asid1, asid2)) - || !TEST_false(X509v3_asid_subset(asid2, asid1)) - || !TEST_false(X509v3_asid_subset(asid3, asid1)) - || !TEST_false(X509v3_asid_subset(asid3, asid2)) - || !TEST_false(X509v3_asid_subset(asid1, asid4)) - || !TEST_false(X509v3_asid_subset(asid2, asid4)) - || !TEST_false(X509v3_asid_subset(asid3, asid4))) + || !TEST_false(X509v3_asid_subset(asid1, asid2)) + || !TEST_false(X509v3_asid_subset(asid2, asid1)) + || !TEST_false(X509v3_asid_subset(asid3, asid1)) + || !TEST_false(X509v3_asid_subset(asid3, asid2)) + || !TEST_false(X509v3_asid_subset(asid1, asid4)) + || !TEST_false(X509v3_asid_subset(asid2, asid4)) + || !TEST_false(X509v3_asid_subset(asid3, asid4))) goto err; testresult = 1; - err: +err: ASN1_INTEGER_free(val1); ASN1_INTEGER_free(val2); ASIdentifiers_free(asid1); @@ -123,24 +123,24 @@ const char *ip2; int rorp; } ranges[] = { - { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.1", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.2", IPAddressOrRange_addressRange}, - { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.3", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.254", IPAddressOrRange_addressRange}, - { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.255", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV4, "192.168.0.1", "192.168.0.255", IPAddressOrRange_addressRange}, - { IANA_AFI_IPV4, "192.168.0.1", "192.168.0.1", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV4, "192.168.0.0", "192.168.255.255", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV4, "192.168.1.0", "192.168.255.255", IPAddressOrRange_addressRange}, - { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::1", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::2", IPAddressOrRange_addressRange}, - { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::3", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::fffe", IPAddressOrRange_addressRange}, - { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::ffff", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::ffff", IPAddressOrRange_addressRange}, - { IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::1", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV6, "2001:0db8::0:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressPrefix}, - { IANA_AFI_IPV6, "2001:0db8::1:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressRange} + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.1", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.2", IPAddressOrRange_addressRange }, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.3", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.254", IPAddressOrRange_addressRange }, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.255", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV4, "192.168.0.1", "192.168.0.255", IPAddressOrRange_addressRange }, + { IANA_AFI_IPV4, "192.168.0.1", "192.168.0.1", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV4, "192.168.0.0", "192.168.255.255", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV4, "192.168.1.0", "192.168.255.255", IPAddressOrRange_addressRange }, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::1", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::2", IPAddressOrRange_addressRange }, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::3", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::fffe", IPAddressOrRange_addressRange }, + { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::ffff", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::ffff", IPAddressOrRange_addressRange }, + { IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::1", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV6, "2001:0db8::0:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressPrefix }, + { IANA_AFI_IPV6, "2001:0db8::1:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressRange } }; static int check_addr(IPAddrBlocks *addr, int type) @@ -219,7 +219,7 @@ } testresult = 1; - end: +end: sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); ASN1_OCTET_STRING_free(ip1); ASN1_OCTET_STRING_free(ip2); @@ -261,11 +261,9 @@ keylen = 6; if ((f1 = IPAddressFamily_new()) == NULL) goto end; - if (f1->ipAddressChoice == NULL && - (f1->ipAddressChoice = IPAddressChoice_new()) == NULL) + if (f1->ipAddressChoice == NULL && (f1->ipAddressChoice = IPAddressChoice_new()) == NULL) goto end; - if (f1->addressFamily == NULL && - (f1->addressFamily = ASN1_OCTET_STRING_new()) == NULL) + if (f1->addressFamily == NULL && (f1->addressFamily = ASN1_OCTET_STRING_new()) == NULL) goto end; if (!ASN1_OCTET_STRING_set(f1->addressFamily, key, keylen)) goto end; @@ -289,11 +287,9 @@ keylen = 3; if ((f1 = IPAddressFamily_new()) == NULL) goto end; - if (f1->ipAddressChoice == NULL && - (f1->ipAddressChoice = IPAddressChoice_new()) == NULL) + if (f1->ipAddressChoice == NULL && (f1->ipAddressChoice = IPAddressChoice_new()) == NULL) goto end; - if (f1->addressFamily == NULL && - (f1->addressFamily = ASN1_OCTET_STRING_new()) == NULL) + if (f1->addressFamily == NULL && (f1->addressFamily = ASN1_OCTET_STRING_new()) == NULL) goto end; if (!ASN1_OCTET_STRING_set(f1->addressFamily, key, keylen)) goto end; @@ -311,7 +307,7 @@ goto end; testresult = 1; - end: +end: /* Free stack and any memory owned by detached element */ IPAddressFamily_free(f1); sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); @@ -376,12 +372,12 @@ for (i = 0; i < OSSL_NELEM(extvalues); i++) { X509V3_CTX ctx; BIO *extbio = BIO_new_mem_buf(extvalues[i].value, - strlen(extvalues[i].value)); + strlen(extvalues[i].value)); CONF *conf; long eline; if (!TEST_ptr(extbio)) - return 0 ; + return 0; conf = NCONF_new_ex(NULL, NULL); if (!TEST_ptr(conf)) { @@ -396,14 +392,14 @@ if (extvalues[i].pass) { if (!TEST_true(X509V3_EXT_add_nconf(conf, &ctx, "default", - NULL))) { + NULL))) { TEST_info("Value: %s", extvalues[i].value); testresult = 0; } } else { ERR_set_mark(); if (!TEST_false(X509V3_EXT_add_nconf(conf, &ctx, "default", - NULL))) { + NULL))) { testresult = 0; TEST_info("Value: %s", extvalues[i].value); ERR_clear_last_mark(); @@ -435,22 +431,22 @@ || !TEST_ptr(ip1[i] = a2i_IPADDRESS(ranges[i].ip1)) || !TEST_ptr(ip2[i] = a2i_IPADDRESS(ranges[i].ip2)) || !TEST_true(X509v3_addr_add_range(addr[i], ranges[i].afi, NULL, - ip1[i]->data, ip2[i]->data))) + ip1[i]->data, ip2[i]->data))) goto end; } ret = TEST_ptr(addrEmpty = sk_IPAddressFamily_new_null()) - && TEST_true(X509v3_addr_subset(NULL, NULL)) - && TEST_true(X509v3_addr_subset(NULL, addr[0])) - && TEST_true(X509v3_addr_subset(addrEmpty, addr[0])) - && TEST_true(X509v3_addr_subset(addr[0], addr[0])) - && TEST_true(X509v3_addr_subset(addr[0], addr[1])) - && TEST_true(X509v3_addr_subset(addr[0], addr[2])) - && TEST_true(X509v3_addr_subset(addr[1], addr[2])) - && TEST_false(X509v3_addr_subset(addr[0], NULL)) - && TEST_false(X509v3_addr_subset(addr[1], addr[0])) - && TEST_false(X509v3_addr_subset(addr[2], addr[1])) - && TEST_false(X509v3_addr_subset(addr[0], addrEmpty)); + && TEST_true(X509v3_addr_subset(NULL, NULL)) + && TEST_true(X509v3_addr_subset(NULL, addr[0])) + && TEST_true(X509v3_addr_subset(addrEmpty, addr[0])) + && TEST_true(X509v3_addr_subset(addr[0], addr[0])) + && TEST_true(X509v3_addr_subset(addr[0], addr[1])) + && TEST_true(X509v3_addr_subset(addr[0], addr[2])) + && TEST_true(X509v3_addr_subset(addr[1], addr[2])) + && TEST_false(X509v3_addr_subset(addr[0], NULL)) + && TEST_false(X509v3_addr_subset(addr[1], addr[0])) + && TEST_false(X509v3_addr_subset(addr[2], addr[1])) + && TEST_false(X509v3_addr_subset(addr[0], addrEmpty)); end: sk_IPAddressFamily_pop_free(addrEmpty, IPAddressFamily_free); for (i = 0; i < sz; ++i) { --- crypto/openssl/test/v3nametest.c.orig +++ crypto/openssl/test/v3nametest.c @@ -102,13 +102,13 @@ break; name = va_arg(ap, const char *); if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, - (unsigned char *)name, -1, -1, 1)) + (unsigned char *)name, -1, -1, 1)) goto out; } if (!X509_set_subject_name(crt, n)) goto out; ret = 1; - out: +out: X509_NAME_free(n); va_end(ap); return ret; @@ -163,7 +163,7 @@ if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0)) goto out; ret = 1; - out: +out: ASN1_IA5STRING_free(ia5); GENERAL_NAME_free(gen); GENERAL_NAMES_free(gens); @@ -179,19 +179,19 @@ static int set_cn_and_email(X509 *crt, const char *name) { return set_cn(crt, NID_commonName, name, - NID_pkcs9_emailAddress, "dummy@example.com", 0); + NID_pkcs9_emailAddress, "dummy@example.com", 0); } static int set_cn2(X509 *crt, const char *name) { return set_cn(crt, NID_commonName, "dummy value", - NID_commonName, name, 0); + NID_commonName, name, 0); } static int set_cn3(X509 *crt, const char *name) { return set_cn(crt, NID_commonName, name, - NID_commonName, "dummy value", 0); + NID_commonName, "dummy value", 0); } static int set_email1(X509 *crt, const char *name) @@ -202,19 +202,19 @@ static int set_email2(X509 *crt, const char *name) { return set_cn(crt, NID_pkcs9_emailAddress, "dummy@example.com", - NID_pkcs9_emailAddress, name, 0); + NID_pkcs9_emailAddress, name, 0); } static int set_email3(X509 *crt, const char *name) { return set_cn(crt, NID_pkcs9_emailAddress, name, - NID_pkcs9_emailAddress, "dummy@example.com", 0); + NID_pkcs9_emailAddress, "dummy@example.com", 0); } static int set_email_and_cn(X509 *crt, const char *name) { return set_cn(crt, NID_pkcs9_emailAddress, name, - NID_commonName, "www.example.org", 0); + NID_commonName, "www.example.org", 0); } static int set_altname_dns(X509 *crt, const char *name) @@ -228,23 +228,23 @@ } struct set_name_fn { - int (*fn) (X509 *, const char *); + int (*fn)(X509 *, const char *); const char *name; int host; int email; }; static const struct set_name_fn name_fns[] = { - {set_cn1, "set CN", 1, 0}, - {set_cn2, "set CN", 1, 0}, - {set_cn3, "set CN", 1, 0}, - {set_cn_and_email, "set CN", 1, 0}, - {set_email1, "set emailAddress", 0, 1}, - {set_email2, "set emailAddress", 0, 1}, - {set_email3, "set emailAddress", 0, 1}, - {set_email_and_cn, "set emailAddress", 0, 1}, - {set_altname_dns, "set dnsName", 1, 0}, - {set_altname_email, "set rfc822Name", 0, 1}, + { set_cn1, "set CN", 1, 0 }, + { set_cn2, "set CN", 1, 0 }, + { set_cn3, "set CN", 1, 0 }, + { set_cn_and_email, "set CN", 1, 0 }, + { set_email1, "set emailAddress", 0, 1 }, + { set_email2, "set emailAddress", 0, 1 }, + { set_email3, "set emailAddress", 0, 1 }, + { set_email_and_cn, "set emailAddress", 0, 1 }, + { set_altname_dns, "set dnsName", 1, 0 }, + { set_altname_email, "set rfc822Name", 0, 1 }, }; static X509 *make_cert(void) @@ -261,15 +261,15 @@ } static int check_message(const struct set_name_fn *fn, const char *op, - const char *nameincert, int match, const char *name) + const char *nameincert, int match, const char *name) { char msg[1024]; if (match < 0) return 1; BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]", - fn->name, op, nameincert, - match ? "matches" : "does not match", name); + fn->name, op, nameincert, + match ? "matches" : "does not match", name); if (is_exception(msg)) return 1; TEST_error("%s", msg); @@ -277,7 +277,7 @@ } static int run_cert(X509 *crt, const char *nameincert, - const struct set_name_fn *fn) + const struct set_name_fn *fn) { const char *const *pname = names; int failed = 0; @@ -294,7 +294,7 @@ match = -1; if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL), - 0)) { + 0)) { failed = 1; } else if (fn->host) { if (ret == 1 && !samename) @@ -308,8 +308,9 @@ match = -1; if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, - X509_CHECK_FLAG_NO_WILDCARDS, - NULL), 0)) { + X509_CHECK_FLAG_NO_WILDCARDS, + NULL), + 0)) { failed = 1; } else if (fn->host) { if (ret == 1 && !samename) @@ -319,7 +320,7 @@ } else if (ret == 1) match = 1; if (!TEST_true(check_message(fn, "host-no-wildcards", - nameincert, match, *pname))) + nameincert, match, *pname))) failed = 1; match = -1; @@ -349,8 +350,8 @@ TEST_info("%s", pfn->name); for (pname = names; *pname != NULL; pname++) { if (!TEST_ptr(crt = make_cert()) - || !TEST_true(pfn->fn(crt, *pname)) - || !run_cert(crt, *pname, pfn)) + || !TEST_true(pfn->fn(crt, *pname)) + || !run_cert(crt, *pname, pfn)) failed = 1; X509_free(crt); } @@ -361,307 +362,252 @@ const unsigned char der[22]; size_t derlen; } gennames[] = { - { - /* - * [0] { - * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } - * [0] { - * SEQUENCE {} - * } - * } - */ + { /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * SEQUENCE {} + * } + * } + */ { 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, - 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 - }, - 21 - }, { - /* - * [0] { - * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } - * [0] { - * [APPLICATION 0] {} - * } - * } - */ + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 }, + 21 }, + { /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * [APPLICATION 0] {} + * } + * } + */ { 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, - 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 - }, - 21 - }, { - /* - * [0] { - * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } - * [0] { - * UTF8String { "a" } - * } - * } - */ + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 }, + 21 }, + { /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * UTF8String { "a" } + * } + * } + */ { 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, - 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 - }, - 22 - }, { - /* - * [0] { - * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } - * [0] { - * UTF8String { "a" } - * } - * } - */ + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 }, + 22 }, + { /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } + * [0] { + * UTF8String { "a" } + * } + * } + */ { 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, - 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 - }, - 22 - }, { - /* - * [0] { - * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } - * [0] { - * UTF8String { "b" } - * } - * } - */ + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 }, + 22 }, + { /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * UTF8String { "b" } + * } + * } + */ { 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, - 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 - }, - 22 - }, { - /* - * [0] { - * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } - * [0] { - * BOOLEAN { TRUE } - * } - * } - */ + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 }, + 22 }, + { /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * BOOLEAN { TRUE } + * } + * } + */ { 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, - 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff - }, - 22 - }, { - /* - * [0] { - * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } - * [0] { - * BOOLEAN { FALSE } - * } - * } - */ + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff }, + 22 }, + { /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * BOOLEAN { FALSE } + * } + * } + */ { 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, - 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 - }, - 22 - }, { - /* [1 PRIMITIVE] { "a" } */ + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 }, + 22 }, + { /* [1 PRIMITIVE] { "a" } */ { - 0x81, 0x01, 0x61 - }, - 3 - }, { - /* [1 PRIMITIVE] { "b" } */ + 0x81, 0x01, 0x61 }, + 3 }, + { /* [1 PRIMITIVE] { "b" } */ { - 0x81, 0x01, 0x62 - }, - 3 - }, { - /* [2 PRIMITIVE] { "a" } */ + 0x81, 0x01, 0x62 }, + 3 }, + { /* [2 PRIMITIVE] { "a" } */ { - 0x82, 0x01, 0x61 - }, - 3 - }, { - /* [2 PRIMITIVE] { "b" } */ + 0x82, 0x01, 0x61 }, + 3 }, + { /* [2 PRIMITIVE] { "b" } */ { - 0x82, 0x01, 0x62 - }, - 3 - }, { - /* - * [4] { - * SEQUENCE { - * SET { - * SEQUENCE { - * # commonName - * OBJECT_IDENTIFIER { 2.5.4.3 } - * UTF8String { "a" } - * } - * } - * } - * } - */ + 0x82, 0x01, 0x62 }, + 3 }, + { /* + * [4] { + * SEQUENCE { + * SET { + * SEQUENCE { + * # commonName + * OBJECT_IDENTIFIER { 2.5.4.3 } + * UTF8String { "a" } + * } + * } + * } + * } + */ { 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x01, 0x61 - }, - 16 - }, { - /* - * [4] { - * SEQUENCE { - * SET { - * SEQUENCE { - * # commonName - * OBJECT_IDENTIFIER { 2.5.4.3 } - * UTF8String { "b" } - * } - * } - * } - * } - */ + 0x04, 0x03, 0x0c, 0x01, 0x61 }, + 16 }, + { /* + * [4] { + * SEQUENCE { + * SET { + * SEQUENCE { + * # commonName + * OBJECT_IDENTIFIER { 2.5.4.3 } + * UTF8String { "b" } + * } + * } + * } + * } + */ { 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x01, 0x62 - }, - 16 - }, { - /* - * [5] { - * [1] { - * UTF8String { "a" } - * } - * } - */ + 0x04, 0x03, 0x0c, 0x01, 0x62 }, + 16 }, + { /* + * [5] { + * [1] { + * UTF8String { "a" } + * } + * } + */ { - 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 - }, - 7 - }, { - /* - * [5] { - * [1] { - * UTF8String { "b" } - * } - * } - */ + 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 }, + 7 }, + { /* + * [5] { + * [1] { + * UTF8String { "b" } + * } + * } + */ { - 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 - }, - 7 - }, { - /* - * [5] { - * [0] { - * UTF8String {} - * } - * [1] { - * UTF8String { "a" } - * } - * } - */ + 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 }, + 7 }, + { /* + * [5] { + * [0] { + * UTF8String {} + * } + * [1] { + * UTF8String { "a" } + * } + * } + */ { - 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 - }, - 11 - }, { - /* - * [5] { - * [0] { - * UTF8String { "a" } - * } - * [1] { - * UTF8String { "a" } - * } - * } - */ + 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 }, + 11 }, + { /* + * [5] { + * [0] { + * UTF8String { "a" } + * } + * [1] { + * UTF8String { "a" } + * } + * } + */ { 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, - 0x61 - }, - 12 - }, { - /* - * [5] { - * [0] { - * UTF8String { "b" } - * } - * [1] { - * UTF8String { "a" } - * } - * } - */ + 0x61 }, + 12 }, + { /* + * [5] { + * [0] { + * UTF8String { "b" } + * } + * [1] { + * UTF8String { "a" } + * } + * } + */ { 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, - 0x61 - }, - 12 - }, { - /* [6 PRIMITIVE] { "a" } */ + 0x61 }, + 12 }, + { /* [6 PRIMITIVE] { "a" } */ { - 0x86, 0x01, 0x61 - }, - 3 - }, { - /* [6 PRIMITIVE] { "b" } */ + 0x86, 0x01, 0x61 }, + 3 }, + { /* [6 PRIMITIVE] { "b" } */ { - 0x86, 0x01, 0x62 - }, - 3 - }, { - /* [7 PRIMITIVE] { `11111111` } */ + 0x86, 0x01, 0x62 }, + 3 }, + { /* [7 PRIMITIVE] { `11111111` } */ { - 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 - }, - 6 - }, { - /* [7 PRIMITIVE] { `22222222`} */ + 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 }, + 6 }, + { /* [7 PRIMITIVE] { `22222222`} */ { - 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 - }, - 6 - }, { - /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ + 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 }, + 6 }, + { /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ { 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 - }, - 18 - }, { - /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, + 18 }, + { /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ { 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 - }, - 18 - }, { - /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, + 18 }, + { /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ { 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, - 0xb7, 0x09, 0x02, 0x01 - }, - 15 - }, { - /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ + 0xb7, 0x09, 0x02, 0x01 }, + 15 }, + { /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ { 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, - 0xb7, 0x09, 0x02, 0x02 - }, - 15 - }, { - /* - * Regression test for CVE-2023-0286. - */ + 0xb7, 0x09, 0x02, 0x02 }, + 15 }, + { /* + * Regression test for CVE-2023-0286. + */ { - 0xa3, 0x00 - }, - 2 - } + 0xa3, 0x00 }, + 2 } }; static int test_GENERAL_NAME_cmp(void) { size_t i, j; GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa) - * OSSL_NELEM(gennames)); + * OSSL_NELEM(gennames)); GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb) - * OSSL_NELEM(gennames)); + * OSSL_NELEM(gennames)); int testresult = 0; if (!TEST_ptr(namesa) || !TEST_ptr(namesb)) @@ -695,7 +641,7 @@ } testresult = 1; - end: +end: for (i = 0; i < OSSL_NELEM(gennames); i++) { if (namesa != NULL) GENERAL_NAME_free(namesa[i]); --- crypto/openssl/test/verify_extra_test.c.orig +++ crypto/openssl/test/verify_extra_test.c @@ -96,7 +96,7 @@ /* This is the result we were expecting: Test passed */ ret = 1; } - err: +err: X509_STORE_CTX_free(sctx); X509_free(x); sk_X509_pop_free(untrusted, X509_free); @@ -120,7 +120,7 @@ goto err; if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid, - (int)strlen(distid))) { + (int)strlen(distid))) { ASN1_OCTET_STRING_free(v); goto err; } @@ -129,11 +129,11 @@ v2 = X509_get0_distinguishing_id(x); if (!TEST_ptr(v2) - || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) + || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) goto err; ret = 1; - err: +err: X509_free(x); return ret; } @@ -159,7 +159,7 @@ goto err; if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid, - (int)strlen(distid))) { + (int)strlen(distid))) { ASN1_OCTET_STRING_free(v); goto err; } @@ -168,11 +168,11 @@ v2 = X509_REQ_get0_distinguishing_id(x); if (!TEST_ptr(v2) - || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) + || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) goto err; ret = 1; - err: +err: X509_REQ_free(x); BIO_free(bio); return ret; @@ -233,14 +233,13 @@ int testresult = 0; if (!TEST_ptr(eecert) - || !TEST_ptr(untrcert) - || !TEST_ptr(trcert) - || !TEST_ptr(trusted) - || !TEST_ptr(untrusted) - || !TEST_ptr(ctx)) + || !TEST_ptr(untrcert) + || !TEST_ptr(trcert) + || !TEST_ptr(trusted) + || !TEST_ptr(untrusted) + || !TEST_ptr(ctx)) goto err; - if (!TEST_true(sk_X509_push(trusted, trcert))) goto err; trcert = NULL; @@ -265,7 +264,7 @@ goto err; testresult = 1; - err: +err: sk_X509_pop_free(trusted, X509_free); sk_X509_pop_free(untrusted, X509_free); X509_STORE_CTX_free(ctx); @@ -303,13 +302,13 @@ return 0; if (!TEST_ptr(root_f = test_mk_file_path(certs_dir, "rootCA.pem")) - || !TEST_ptr(roots_f = test_mk_file_path(certs_dir, "roots.pem")) - || !TEST_ptr(untrusted_f = test_mk_file_path(certs_dir, "untrusted.pem")) - || !TEST_ptr(bad_f = test_mk_file_path(certs_dir, "bad.pem")) - || !TEST_ptr(req_f = test_mk_file_path(certs_dir, "sm2-csr.pem")) - || !TEST_ptr(sroot_cert = test_mk_file_path(certs_dir, "sroot-cert.pem")) - || !TEST_ptr(ca_cert = test_mk_file_path(certs_dir, "ca-cert.pem")) - || !TEST_ptr(ee_cert = test_mk_file_path(certs_dir, "ee-cert.pem"))) + || !TEST_ptr(roots_f = test_mk_file_path(certs_dir, "roots.pem")) + || !TEST_ptr(untrusted_f = test_mk_file_path(certs_dir, "untrusted.pem")) + || !TEST_ptr(bad_f = test_mk_file_path(certs_dir, "bad.pem")) + || !TEST_ptr(req_f = test_mk_file_path(certs_dir, "sm2-csr.pem")) + || !TEST_ptr(sroot_cert = test_mk_file_path(certs_dir, "sroot-cert.pem")) + || !TEST_ptr(ca_cert = test_mk_file_path(certs_dir, "ca-cert.pem")) + || !TEST_ptr(ee_cert = test_mk_file_path(certs_dir, "ee-cert.pem"))) goto err; ADD_TEST(test_alt_chains_cert_forgery); @@ -323,7 +322,7 @@ ADD_TEST(test_purpose_ssl_server); ADD_TEST(test_purpose_any); return 1; - err: +err: cleanup_tests(); return 0; } --- crypto/openssl/test/versions.c.orig +++ crypto/openssl/test/versions.c @@ -16,6 +16,6 @@ { printf("Build version: %s\n", OPENSSL_FULL_VERSION_STR); printf("Library version: %s\n", - OpenSSL_version(OPENSSL_FULL_VERSION_STRING)); + OpenSSL_version(OPENSSL_FULL_VERSION_STRING)); return 0; } --- crypto/openssl/test/wpackettest.c.orig +++ crypto/openssl/test/wpackettest.c @@ -42,35 +42,35 @@ unsigned char sbuf[3]; if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - /* Closing a top level WPACKET should fail */ - || !TEST_false(WPACKET_close(&pkt)) - /* Finishing a top level WPACKET should succeed */ - || !TEST_true(WPACKET_finish(&pkt)) - /* - * Can't call close or finish on a WPACKET that's already - * finished. - */ - || !TEST_false(WPACKET_close(&pkt)) - || !TEST_false(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1))) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + /* Closing a top level WPACKET should fail */ + || !TEST_false(WPACKET_close(&pkt)) + /* Finishing a top level WPACKET should succeed */ + || !TEST_true(WPACKET_finish(&pkt)) + /* + * Can't call close or finish on a WPACKET that's already + * finished. + */ + || !TEST_false(WPACKET_close(&pkt)) + || !TEST_false(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1))) return cleanup(&pkt); /* Now try with a one byte length prefix */ if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2))) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2))) return cleanup(&pkt); /* And a longer length prefix */ if (!TEST_true(WPACKET_init_len(&pkt, buf, 4)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple3, sizeof(simple3))) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple3, sizeof(simple3))) return cleanup(&pkt); if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))) @@ -88,23 +88,23 @@ /* Test initialising from a fixed size buffer */ if (!TEST_true(WPACKET_init_static_len(&pkt, sbuf, sizeof(sbuf), 0)) - /* Adding 3 bytes should succeed */ - || !TEST_true(WPACKET_put_bytes_u24(&pkt, 0xffffff)) - /* Adding 1 more byte should fail */ - || !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff)) - /* Finishing the top level WPACKET should succeed */ - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(sbuf, written, fixed, sizeof(sbuf)) - /* Initialise with 1 len byte */ - || !TEST_true(WPACKET_init_static_len(&pkt, sbuf, sizeof(sbuf), 1)) - /* Adding 2 bytes should succeed */ - || !TEST_true(WPACKET_put_bytes_u16(&pkt, 0xfeff)) - /* Adding 1 more byte should fail */ - || !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(sbuf, written, alloc, sizeof(alloc))) + /* Adding 3 bytes should succeed */ + || !TEST_true(WPACKET_put_bytes_u24(&pkt, 0xffffff)) + /* Adding 1 more byte should fail */ + || !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff)) + /* Finishing the top level WPACKET should succeed */ + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(sbuf, written, fixed, sizeof(sbuf)) + /* Initialise with 1 len byte */ + || !TEST_true(WPACKET_init_static_len(&pkt, sbuf, sizeof(sbuf), 1)) + /* Adding 2 bytes should succeed */ + || !TEST_true(WPACKET_put_bytes_u16(&pkt, 0xfeff)) + /* Adding 1 more byte should fail */ + || !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(sbuf, written, alloc, sizeof(alloc))) return cleanup(&pkt); return 1; @@ -116,42 +116,42 @@ size_t written; if (!TEST_true(WPACKET_init(&pkt, buf)) - /* - * No previous lenbytes set so we should be ok to set the max - * possible max size - */ - || !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX)) - /* We should be able to set it smaller too */ - || !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX -1)) - /* And setting it bigger again should be ok */ - || !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX)) - || !TEST_true(WPACKET_finish(&pkt))) + /* + * No previous lenbytes set so we should be ok to set the max + * possible max size + */ + || !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX)) + /* We should be able to set it smaller too */ + || !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX - 1)) + /* And setting it bigger again should be ok */ + || !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX)) + || !TEST_true(WPACKET_finish(&pkt))) return cleanup(&pkt); if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)) - /* - * Should fail because we already consumed 1 byte with the - * length - */ - || !TEST_false(WPACKET_set_max_size(&pkt, 0)) - /* - * Max size can't be bigger than biggest that will fit in - * lenbytes - */ - || !TEST_false(WPACKET_set_max_size(&pkt, 0x0101)) - /* It can be the same as the maximum possible size */ - || !TEST_true(WPACKET_set_max_size(&pkt, 0x0100)) - /* Or it can be less */ - || !TEST_true(WPACKET_set_max_size(&pkt, 0x01)) - /* Should fail because packet is already filled */ - || !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff)) - /* You can't put in more bytes than max size */ - || !TEST_true(WPACKET_set_max_size(&pkt, 0x02)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2))) + /* + * Should fail because we already consumed 1 byte with the + * length + */ + || !TEST_false(WPACKET_set_max_size(&pkt, 0)) + /* + * Max size can't be bigger than biggest that will fit in + * lenbytes + */ + || !TEST_false(WPACKET_set_max_size(&pkt, 0x0101)) + /* It can be the same as the maximum possible size */ + || !TEST_true(WPACKET_set_max_size(&pkt, 0x0100)) + /* Or it can be less */ + || !TEST_true(WPACKET_set_max_size(&pkt, 0x01)) + /* Should fail because packet is already filled */ + || !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff)) + /* You can't put in more bytes than max size */ + || !TEST_true(WPACKET_set_max_size(&pkt, 0x02)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2))) return cleanup(&pkt); return 1; @@ -164,81 +164,80 @@ size_t len; if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_start_sub_packet(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - /* Can't finish because we have a sub packet */ - || !TEST_false(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_close(&pkt)) - /* Sub packet is closed so can't close again */ - || !TEST_false(WPACKET_close(&pkt)) - /* Now a top level so finish should succeed */ - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1))) + || !TEST_true(WPACKET_start_sub_packet(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + /* Can't finish because we have a sub packet */ + || !TEST_false(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_close(&pkt)) + /* Sub packet is closed so can't close again */ + || !TEST_false(WPACKET_close(&pkt)) + /* Now a top level so finish should succeed */ + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1))) return cleanup(&pkt); - /* Single sub-packet with length prefix */ + /* Single sub-packet with length prefix */ if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2))) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2))) return cleanup(&pkt); /* Nested sub-packets with length prefixes */ if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_get_length(&pkt, &len)) - || !TEST_size_t_eq(len, 1) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_get_length(&pkt, &len)) - || !TEST_size_t_eq(len, 3) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, nestedsub, sizeof(nestedsub))) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_get_length(&pkt, &len)) + || !TEST_size_t_eq(len, 1) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_get_length(&pkt, &len)) + || !TEST_size_t_eq(len, 3) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, nestedsub, sizeof(nestedsub))) return cleanup(&pkt); /* Sequential sub-packets with length prefixes */ if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, seqsub, sizeof(seqsub))) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, seqsub, sizeof(seqsub))) return cleanup(&pkt); /* Nested sub-packets with lengths filled before finish */ if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_get_length(&pkt, &len)) - || !TEST_size_t_eq(len, 1) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_get_length(&pkt, &len)) - || !TEST_size_t_eq(len, 3) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_fill_lengths(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, nestedsub, sizeof(nestedsub)) - || !TEST_true(WPACKET_finish(&pkt))) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_get_length(&pkt, &len)) + || !TEST_size_t_eq(len, 1) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_get_length(&pkt, &len)) + || !TEST_size_t_eq(len, 3) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_fill_lengths(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, nestedsub, sizeof(nestedsub)) + || !TEST_true(WPACKET_finish(&pkt))) return cleanup(&pkt); return 1; } - static int test_WPACKET_set_flags(void) { WPACKET pkt; @@ -246,55 +245,55 @@ /* Set packet to be non-zero length */ if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) - /* Should fail because of zero length */ - || !TEST_false(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1))) + || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) + /* Should fail because of zero length */ + || !TEST_false(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1))) return cleanup(&pkt); /* Repeat above test in a sub-packet */ if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_start_sub_packet(&pkt)) - || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) - /* Should fail because of zero length */ - || !TEST_false(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1))) + || !TEST_true(WPACKET_start_sub_packet(&pkt)) + || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) + /* Should fail because of zero length */ + || !TEST_false(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1))) return cleanup(&pkt); /* Set packet to abandon non-zero length */ if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)) - || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_size_t_eq(written, 0)) + || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_size_t_eq(written, 0)) return cleanup(&pkt); /* Repeat above test but only abandon a sub-packet */ if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, empty, sizeof(empty))) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, empty, sizeof(empty))) return cleanup(&pkt); /* And repeat with a non empty sub-packet */ if (!TEST_true(WPACKET_init(&pkt, buf)) - || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) - || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2))) + || !TEST_true(WPACKET_start_sub_packet_u8(&pkt)) + || !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2))) return cleanup(&pkt); return 1; } @@ -306,24 +305,24 @@ unsigned char *bytes; if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)) - || !TEST_true(WPACKET_allocate_bytes(&pkt, 2, &bytes))) + || !TEST_true(WPACKET_allocate_bytes(&pkt, 2, &bytes))) return cleanup(&pkt); bytes[0] = 0xfe; bytes[1] = 0xff; if (!TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, alloc, sizeof(alloc))) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, alloc, sizeof(alloc))) return cleanup(&pkt); /* Repeat with WPACKET_sub_allocate_bytes */ if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)) - || !TEST_true(WPACKET_sub_allocate_bytes_u8(&pkt, 2, &bytes))) + || !TEST_true(WPACKET_sub_allocate_bytes_u8(&pkt, 2, &bytes))) return cleanup(&pkt); bytes[0] = 0xfe; bytes[1] = 0xff; if (!TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, submem, sizeof(submem))) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, submem, sizeof(submem))) return cleanup(&pkt); return 1; @@ -336,18 +335,18 @@ const unsigned char bytes[] = { 0xfe, 0xff }; if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)) - || !TEST_true(WPACKET_memcpy(&pkt, bytes, sizeof(bytes))) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, alloc, sizeof(alloc))) + || !TEST_true(WPACKET_memcpy(&pkt, bytes, sizeof(bytes))) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, alloc, sizeof(alloc))) return cleanup(&pkt); /* Repeat with WPACKET_sub_memcpy() */ if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)) - || !TEST_true(WPACKET_sub_memcpy_u8(&pkt, bytes, sizeof(bytes))) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written)) - || !TEST_mem_eq(buf->data, written, submem, sizeof(submem))) + || !TEST_true(WPACKET_sub_memcpy_u8(&pkt, bytes, sizeof(bytes))) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written)) + || !TEST_mem_eq(buf->data, written, submem, sizeof(submem))) return cleanup(&pkt); return 1; @@ -358,7 +357,7 @@ WPACKET pkt; unsigned char sbuf[1024]; unsigned char testdata[] = { 0x00, 0x01, 0x02, 0x03 }; - unsigned char testdata2[259] = { 0x82, 0x01, 0x00 }; + unsigned char testdata2[259] = { 0x82, 0x01, 0x00 }; size_t written[2]; size_t size1, size2; int flags = WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH; @@ -366,23 +365,23 @@ /* Test initialising for writing DER */ if (!TEST_true(WPACKET_init_der(&pkt, sbuf, sizeof(sbuf))) - || !TEST_true(WPACKET_put_bytes_u24(&pkt, 0xfffefd)) - /* Test writing data in a length prefixed sub-packet */ - || !TEST_true(WPACKET_start_sub_packet(&pkt)) - || !TEST_true(WPACKET_memcpy(&pkt, testdata, sizeof(testdata))) + || !TEST_true(WPACKET_put_bytes_u24(&pkt, 0xfffefd)) + /* Test writing data in a length prefixed sub-packet */ + || !TEST_true(WPACKET_start_sub_packet(&pkt)) + || !TEST_true(WPACKET_memcpy(&pkt, testdata, sizeof(testdata))) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xfc)) + /* this sub-packet is empty, and should render zero bytes */ + || (!TEST_true(WPACKET_start_sub_packet(&pkt)) + || !TEST_true(WPACKET_set_flags(&pkt, flags)) + || !TEST_true(WPACKET_get_total_written(&pkt, &size1)) || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xfc)) - /* this sub-packet is empty, and should render zero bytes */ - || (!TEST_true(WPACKET_start_sub_packet(&pkt)) - || !TEST_true(WPACKET_set_flags(&pkt, flags)) - || !TEST_true(WPACKET_get_total_written(&pkt, &size1)) - || !TEST_true(WPACKET_close(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &size2)) - || !TEST_size_t_eq(size1, size2)) - || !TEST_true(WPACKET_finish(&pkt)) - || !TEST_true(WPACKET_get_total_written(&pkt, &written[0])) - || !TEST_mem_eq(WPACKET_get_curr(&pkt), written[0], simpleder, - sizeof(simpleder))) + || !TEST_true(WPACKET_get_total_written(&pkt, &size2)) + || !TEST_size_t_eq(size1, size2)) + || !TEST_true(WPACKET_finish(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &written[0])) + || !TEST_mem_eq(WPACKET_get_curr(&pkt), written[0], simpleder, + sizeof(simpleder))) return cleanup(&pkt); /* Generate random packet data for test */ @@ -398,17 +397,17 @@ if (i == 0) { if (!TEST_true(WPACKET_init_null_der(&pkt))) return 0; - } else { + } else { if (!TEST_true(WPACKET_init_der(&pkt, sbuf, sizeof(sbuf)))) return 0; } if (!TEST_true(WPACKET_start_sub_packet(&pkt)) || !TEST_true(WPACKET_memcpy(&pkt, &testdata2[3], - sizeof(testdata2) - 3)) + sizeof(testdata2) - 3)) || !TEST_true(WPACKET_close(&pkt)) || !TEST_true(WPACKET_finish(&pkt)) || !TEST_true(WPACKET_get_total_written(&pkt, &written[i]))) - return cleanup(&pkt); + return cleanup(&pkt); } /* @@ -417,8 +416,8 @@ * packet looks as we expect it to. */ if (!TEST_size_t_eq(written[0], written[1]) - || !TEST_mem_eq(WPACKET_get_curr(&pkt), written[1], testdata2, - sizeof(testdata2))) + || !TEST_mem_eq(WPACKET_get_curr(&pkt), written[1], testdata2, + sizeof(testdata2))) return 0; return 1; @@ -427,7 +426,7 @@ int setup_tests(void) { if (!TEST_ptr(buf = BUF_MEM_new())) - return 0; + return 0; ADD_TEST(test_WPACKET_init); ADD_TEST(test_WPACKET_set_max_size); --- crypto/openssl/test/x509_check_cert_pkey_test.c.orig +++ crypto/openssl/test/x509_check_cert_pkey_test.c @@ -107,7 +107,7 @@ } static const char *file; /* path of a cert/CRL/key file in PEM format */ -static const char *num; /* expected number of certs/CRLs/keys included */ +static const char *num; /* expected number of certs/CRLs/keys included */ static int test_PEM_X509_INFO_read_bio(void) { @@ -161,16 +161,16 @@ if (test_get_argument_count() == 2) { if (!TEST_ptr(file = test_get_argument(0)) - || !TEST_ptr(num = test_get_argument(1))) + || !TEST_ptr(num = test_get_argument(1))) return 0; ADD_TEST(test_PEM_X509_INFO_read_bio); return 1; } if (!TEST_ptr(c = test_get_argument(0)) - || !TEST_ptr(k = test_get_argument(1)) - || !TEST_ptr(t = test_get_argument(2)) - || !TEST_ptr(e = test_get_argument(3))) { + || !TEST_ptr(k = test_get_argument(1)) + || !TEST_ptr(t = test_get_argument(2)) + || !TEST_ptr(e = test_get_argument(3))) { return 0; } --- crypto/openssl/test/x509_internal_test.c.orig +++ crypto/openssl/test/x509_internal_test.c @@ -37,7 +37,6 @@ if ((*tmp)->ext_nid < prev) good = 0; prev = (*tmp)->ext_nid; - } if (!good) { tmp = standard_exts; @@ -55,29 +54,28 @@ } IP_TESTDATA; static IP_TESTDATA a2i_ipaddress_tests[] = { - {"127.0.0.1", "\x7f\x00\x00\x01", 4}, - {"1.2.3.4", "\x01\x02\x03\x04", 4}, - {"1.2.3.255", "\x01\x02\x03\xff", 4}, - {"1.2.3", NULL, 0}, - {"1.2.3 .4", NULL, 0}, - - {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, - {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16}, - {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16}, - {"1:1:1:1:1:1:1:1.test", NULL, 0}, - {":::1", NULL, 0}, - {"2001::123g", NULL, 0}, - - {"example.test", NULL, 0}, - {"", NULL, 0}, - - {"1.2.3.4 ", "\x01\x02\x03\x04", 4}, - {" 1.2.3.4", "\x01\x02\x03\x04", 4}, - {" 1.2.3.4 ", "\x01\x02\x03\x04", 4}, - {"1.2.3.4.example.test", NULL, 0}, + { "127.0.0.1", "\x7f\x00\x00\x01", 4 }, + { "1.2.3.4", "\x01\x02\x03\x04", 4 }, + { "1.2.3.255", "\x01\x02\x03\xff", 4 }, + { "1.2.3", NULL, 0 }, + { "1.2.3 .4", NULL, 0 }, + + { "::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16 }, + { "1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16 }, + { "2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16 }, + { "1:1:1:1:1:1:1:1.test", NULL, 0 }, + { ":::1", NULL, 0 }, + { "2001::123g", NULL, 0 }, + + { "example.test", NULL, 0 }, + { "", NULL, 0 }, + + { "1.2.3.4 ", "\x01\x02\x03\x04", 4 }, + { " 1.2.3.4", "\x01\x02\x03\x04", 4 }, + { " 1.2.3.4 ", "\x01\x02\x03\x04", 4 }, + { "1.2.3.4.example.test", NULL, 0 }, }; - static int test_a2i_ipaddress(int idx) { int good = 1; @@ -94,7 +92,7 @@ if (!TEST_ptr(ip) || !TEST_int_eq(ASN1_STRING_length(ip), len) || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len, - a2i_ipaddress_tests[idx].data, len)) { + a2i_ipaddress_tests[idx].data, len)) { good = 0; } } --- crypto/openssl/test/x509_time_test.c.orig +++ crypto/openssl/test/x509_time_test.c @@ -53,203 +53,352 @@ /* GeneralizedTime */ { /* good format, check only */ - "20170217180105Z", 0, 1, -1, NULL, + "20170217180105Z", + 0, + 1, + -1, + NULL, }, { /* not leap year, check only */ - "20170229180105Z", 0, 0, -1, NULL, + "20170229180105Z", + 0, + 0, + -1, + NULL, }, { /* leap year, check only */ - "20160229180105Z", 0, 1, -1, NULL, + "20160229180105Z", + 0, + 1, + -1, + NULL, }, { /* SS is missing, check only */ - "201702171801Z", 0, 0, -1, NULL, + "201702171801Z", + 0, + 0, + -1, + NULL, }, { /* fractional seconds, check only */ - "20170217180105.001Z", 0, 0, -1, NULL, + "20170217180105.001Z", + 0, + 0, + -1, + NULL, }, { /* time zone, check only */ - "20170217180105+0800", 0, 0, -1, NULL, + "20170217180105+0800", + 0, + 0, + -1, + NULL, }, { /* SS is missing, set string */ - "201702171801Z", 1, 0, -1, NULL, + "201702171801Z", + 1, + 0, + -1, + NULL, }, { /* fractional seconds, set string */ - "20170217180105.001Z", 1, 0, -1, NULL, + "20170217180105.001Z", + 1, + 0, + -1, + NULL, }, { /* time zone, set string */ - "20170217180105+0800", 1, 0, -1, NULL, + "20170217180105+0800", + 1, + 0, + -1, + NULL, }, { /* good format, check returned 'turned' string */ - "20170217180154Z", 1, 1, V_ASN1_UTCTIME, "170217180154Z", + "20170217180154Z", + 1, + 1, + V_ASN1_UTCTIME, + "170217180154Z", }, { /* good format, check returned string */ - "20510217180154Z", 1, 1, V_ASN1_GENERALIZEDTIME, "20510217180154Z", + "20510217180154Z", + 1, + 1, + V_ASN1_GENERALIZEDTIME, + "20510217180154Z", }, { /* good format but out of UTC range, check returned string */ - "19230419180154Z", 1, 1, V_ASN1_GENERALIZEDTIME, "19230419180154Z", + "19230419180154Z", + 1, + 1, + V_ASN1_GENERALIZEDTIME, + "19230419180154Z", }, /* UTC */ { /* SS is missing, check only */ - "1702171801Z", 0, 0, -1, NULL, + "1702171801Z", + 0, + 0, + -1, + NULL, }, { /* not leap year, check only */ - "050229180101Z", 0, 0, -1, NULL, + "050229180101Z", + 0, + 0, + -1, + NULL, }, { /* leap year, check only */ - "040229180101Z", 0, 1, -1, NULL, + "040229180101Z", + 0, + 1, + -1, + NULL, }, { /* time zone, check only */ - "170217180154+0800", 0, 0, -1, NULL, + "170217180154+0800", + 0, + 0, + -1, + NULL, }, { /* SS is missing, set string */ - "1702171801Z", 1, 0, -1, NULL, + "1702171801Z", + 1, + 0, + -1, + NULL, }, { /* time zone, set string */ - "170217180154+0800", 1, 0, -1, NULL, + "170217180154+0800", + 1, + 0, + -1, + NULL, }, { /* 2017, good format, check returned string */ - "170217180154Z", 1, 1, V_ASN1_UTCTIME, "170217180154Z", + "170217180154Z", + 1, + 1, + V_ASN1_UTCTIME, + "170217180154Z", }, { /* 1998, good format, check returned string */ - "981223180154Z", 1, 1, V_ASN1_UTCTIME, "981223180154Z", + "981223180154Z", + 1, + 1, + V_ASN1_UTCTIME, + "981223180154Z", }, }; static TESTDATA x509_cmp_tests[] = { { - "20170217180154Z", V_ASN1_GENERALIZEDTIME, + "20170217180154Z", + V_ASN1_GENERALIZEDTIME, /* The same in seconds since epoch. */ - 1487354514, -1, + 1487354514, + -1, }, { - "20170217180154Z", V_ASN1_GENERALIZEDTIME, + "20170217180154Z", + V_ASN1_GENERALIZEDTIME, /* One second more. */ - 1487354515, -1, + 1487354515, + -1, }, { - "20170217180154Z", V_ASN1_GENERALIZEDTIME, + "20170217180154Z", + V_ASN1_GENERALIZEDTIME, /* One second less. */ - 1487354513, 1, + 1487354513, + 1, }, /* Same as UTC time. */ { - "170217180154Z", V_ASN1_UTCTIME, + "170217180154Z", + V_ASN1_UTCTIME, /* The same in seconds since epoch. */ - 1487354514, -1, + 1487354514, + -1, }, { - "170217180154Z", V_ASN1_UTCTIME, + "170217180154Z", + V_ASN1_UTCTIME, /* One second more. */ - 1487354515, -1, + 1487354515, + -1, }, { - "170217180154Z", V_ASN1_UTCTIME, + "170217180154Z", + V_ASN1_UTCTIME, /* One second less. */ - 1487354513, 1, + 1487354513, + 1, }, /* UTCTime from the 20th century. */ { - "990217180154Z", V_ASN1_UTCTIME, + "990217180154Z", + V_ASN1_UTCTIME, /* The same in seconds since epoch. */ - 919274514, -1, + 919274514, + -1, }, { - "990217180154Z", V_ASN1_UTCTIME, + "990217180154Z", + V_ASN1_UTCTIME, /* One second more. */ - 919274515, -1, + 919274515, + -1, }, { - "990217180154Z", V_ASN1_UTCTIME, + "990217180154Z", + V_ASN1_UTCTIME, /* One second less. */ - 919274513, 1, + 919274513, + 1, }, /* Various invalid formats. */ { /* No trailing Z. */ - "20170217180154", V_ASN1_GENERALIZEDTIME, 0, 0, + "20170217180154", + V_ASN1_GENERALIZEDTIME, + 0, + 0, }, { /* No trailing Z, UTCTime. */ - "170217180154", V_ASN1_UTCTIME, 0, 0, + "170217180154", + V_ASN1_UTCTIME, + 0, + 0, }, { /* No seconds. */ - "201702171801Z", V_ASN1_GENERALIZEDTIME, 0, 0, + "201702171801Z", + V_ASN1_GENERALIZEDTIME, + 0, + 0, }, { /* No seconds, UTCTime. */ - "1702171801Z", V_ASN1_UTCTIME, 0, 0, + "1702171801Z", + V_ASN1_UTCTIME, + 0, + 0, }, { /* Fractional seconds. */ - "20170217180154.001Z", V_ASN1_GENERALIZEDTIME, 0, 0, + "20170217180154.001Z", + V_ASN1_GENERALIZEDTIME, + 0, + 0, }, { /* Fractional seconds, UTCTime. */ - "170217180154.001Z", V_ASN1_UTCTIME, 0, 0, + "170217180154.001Z", + V_ASN1_UTCTIME, + 0, + 0, }, { /* Timezone offset. */ - "20170217180154+0100", V_ASN1_GENERALIZEDTIME, 0, 0, + "20170217180154+0100", + V_ASN1_GENERALIZEDTIME, + 0, + 0, }, { /* Timezone offset, UTCTime. */ - "170217180154+0100", V_ASN1_UTCTIME, 0, 0, + "170217180154+0100", + V_ASN1_UTCTIME, + 0, + 0, }, { /* Extra digits. */ - "2017021718015400Z", V_ASN1_GENERALIZEDTIME, 0, 0, + "2017021718015400Z", + V_ASN1_GENERALIZEDTIME, + 0, + 0, }, { /* Extra digits, UTCTime. */ - "17021718015400Z", V_ASN1_UTCTIME, 0, 0, + "17021718015400Z", + V_ASN1_UTCTIME, + 0, + 0, }, { /* Non-digits. */ - "2017021718015aZ", V_ASN1_GENERALIZEDTIME, 0, 0, + "2017021718015aZ", + V_ASN1_GENERALIZEDTIME, + 0, + 0, }, { /* Non-digits, UTCTime. */ - "17021718015aZ", V_ASN1_UTCTIME, 0, 0, + "17021718015aZ", + V_ASN1_UTCTIME, + 0, + 0, }, { /* Trailing garbage. */ - "20170217180154Zlongtrailinggarbage", V_ASN1_GENERALIZEDTIME, 0, 0, + "20170217180154Zlongtrailinggarbage", + V_ASN1_GENERALIZEDTIME, + 0, + 0, }, { /* Trailing garbage, UTCTime. */ - "170217180154Zlongtrailinggarbage", V_ASN1_UTCTIME, 0, 0, + "170217180154Zlongtrailinggarbage", + V_ASN1_UTCTIME, + 0, + 0, }, { - /* Swapped type. */ - "20170217180154Z", V_ASN1_UTCTIME, 0, 0, + /* Swapped type. */ + "20170217180154Z", + V_ASN1_UTCTIME, + 0, + 0, }, { /* Swapped type. */ - "170217180154Z", V_ASN1_GENERALIZEDTIME, 0, 0, + "170217180154Z", + V_ASN1_GENERALIZEDTIME, + 0, + 0, }, { /* Bad type. */ - "20170217180154Z", V_ASN1_OCTET_STRING, 0, 0, + "20170217180154Z", + V_ASN1_OCTET_STRING, + 0, + 0, }, }; @@ -260,14 +409,14 @@ memset(&t, 0, sizeof(t)); t.type = x509_cmp_tests[idx].type; - t.data = (unsigned char*)(x509_cmp_tests[idx].data); + t.data = (unsigned char *)(x509_cmp_tests[idx].data); t.length = strlen(x509_cmp_tests[idx].data); t.flags = 0; result = X509_cmp_time(&t, &x509_cmp_tests[idx].cmp_time); if (!TEST_int_eq(result, x509_cmp_tests[idx].expected)) { TEST_info("test_x509_cmp_time(%d) failed: expected %d, got %d\n", - idx, x509_cmp_tests[idx].expected, result); + idx, x509_cmp_tests[idx].expected, result); return 0; } return 1; @@ -283,7 +432,7 @@ asn1_before = ASN1_TIME_adj(NULL, now, -1, 0); asn1_after = ASN1_TIME_adj(NULL, now, 1, 0); - cmp_result = X509_cmp_time(asn1_before, NULL); + cmp_result = X509_cmp_time(asn1_before, NULL); if (!TEST_int_eq(cmp_result, -1)) failed = 1; @@ -298,9 +447,9 @@ } static int test_X509_cmp_timeframe_vpm(const X509_VERIFY_PARAM *vpm, - ASN1_TIME *asn1_before, - ASN1_TIME *asn1_mid, - ASN1_TIME *asn1_after) + ASN1_TIME *asn1_before, + ASN1_TIME *asn1_mid, + ASN1_TIME *asn1_after) { int always_0 = vpm != NULL && (X509_VERIFY_PARAM_get_flags(vpm) & X509_V_FLAG_USE_CHECK_TIME) == 0 @@ -312,11 +461,11 @@ && TEST_int_eq(X509_cmp_timeframe(vpm, NULL, asn1_after), 0) && TEST_int_eq(X509_cmp_timeframe(vpm, NULL, NULL), 0) && TEST_int_eq(X509_cmp_timeframe(vpm, asn1_after, asn1_after), - always_0 ? 0 : -1) + always_0 ? 0 : -1) && TEST_int_eq(X509_cmp_timeframe(vpm, asn1_before, asn1_before), - always_0 ? 0 : 1) + always_0 ? 0 : 1) && TEST_int_eq(X509_cmp_timeframe(vpm, asn1_after, asn1_before), - always_0 ? 0 : 1); + always_0 ? 0 : 1); } static int test_X509_cmp_timeframe(void) @@ -367,7 +516,7 @@ /* time string parsing result is always checked against what's expected */ if (!TEST_int_eq(result, x509_format_tests[idx].expected)) { TEST_info("test_x509_time(%d) failed: expected %d, got %d\n", - idx, x509_format_tests[idx].expected, result); + idx, x509_format_tests[idx].expected, result); goto out; } @@ -375,7 +524,7 @@ if (t != NULL && x509_format_tests[idx].expected_type != -1) { if (!TEST_int_eq(t->type, x509_format_tests[idx].expected_type)) { TEST_info("test_x509_time(%d) failed: expected_type %d, got %d\n", - idx, x509_format_tests[idx].expected_type, t->type); + idx, x509_format_tests[idx].expected_type, t->type); goto out; } } @@ -383,11 +532,11 @@ /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */ if (t != NULL && x509_format_tests[idx].expected_string) { if (!TEST_mem_eq((const char *)t->data, t->length, - x509_format_tests[idx].expected_string, - strlen(x509_format_tests[idx].expected_string))) { + x509_format_tests[idx].expected_string, + strlen(x509_format_tests[idx].expected_string))) { TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n", - idx, x509_format_tests[idx].expected_string, t->length, - t->data); + idx, x509_format_tests[idx].expected_string, t->length, + t->data); goto out; } } @@ -404,55 +553,55 @@ int yd, wd; } day_of_week_tests[] = { /*YYYY MM DD DoY DoW */ - { 1900, 1, 1, 0, 1 }, - { 1900, 2, 28, 58, 3 }, - { 1900, 3, 1, 59, 4 }, + { 1900, 1, 1, 0, 1 }, + { 1900, 2, 28, 58, 3 }, + { 1900, 3, 1, 59, 4 }, { 1900, 12, 31, 364, 1 }, - { 1901, 1, 1, 0, 2 }, - { 1970, 1, 1, 0, 4 }, - { 1999, 1, 10, 9, 0 }, + { 1901, 1, 1, 0, 2 }, + { 1970, 1, 1, 0, 4 }, + { 1999, 1, 10, 9, 0 }, { 1999, 12, 31, 364, 5 }, - { 2000, 1, 1, 0, 6 }, - { 2000, 2, 28, 58, 1 }, - { 2000, 2, 29, 59, 2 }, - { 2000, 3, 1, 60, 3 }, + { 2000, 1, 1, 0, 6 }, + { 2000, 2, 28, 58, 1 }, + { 2000, 2, 29, 59, 2 }, + { 2000, 3, 1, 60, 3 }, { 2000, 12, 31, 365, 0 }, - { 2001, 1, 1, 0, 1 }, - { 2008, 1, 1, 0, 2 }, - { 2008, 2, 28, 58, 4 }, - { 2008, 2, 29, 59, 5 }, - { 2008, 3, 1, 60, 6 }, + { 2001, 1, 1, 0, 1 }, + { 2008, 1, 1, 0, 2 }, + { 2008, 2, 28, 58, 4 }, + { 2008, 2, 29, 59, 5 }, + { 2008, 3, 1, 60, 6 }, { 2008, 12, 31, 365, 3 }, - { 2009, 1, 1, 0, 4 }, - { 2011, 1, 1, 0, 6 }, - { 2011, 2, 28, 58, 1 }, - { 2011, 3, 1, 59, 2 }, + { 2009, 1, 1, 0, 4 }, + { 2011, 1, 1, 0, 6 }, + { 2011, 2, 28, 58, 1 }, + { 2011, 3, 1, 59, 2 }, { 2011, 12, 31, 364, 6 }, - { 2012, 1, 1, 0, 0 }, - { 2019, 1, 2, 1, 3 }, - { 2019, 2, 2, 32, 6 }, - { 2019, 3, 2, 60, 6 }, - { 2019, 4, 2, 91, 2 }, - { 2019, 5, 2, 121, 4 }, - { 2019, 6, 2, 152, 0 }, - { 2019, 7, 2, 182, 2 }, - { 2019, 8, 2, 213, 5 }, - { 2019, 9, 2, 244, 1 }, - { 2019, 10, 2, 274, 3 }, - { 2019, 11, 2, 305, 6 }, - { 2019, 12, 2, 335, 1 }, - { 2020, 1, 2, 1, 4 }, - { 2020, 2, 2, 32, 0 }, - { 2020, 3, 2, 61, 1 }, - { 2020, 4, 2, 92, 4 }, - { 2020, 5, 2, 122, 6 }, - { 2020, 6, 2, 153, 2 }, - { 2020, 7, 2, 183, 4 }, - { 2020, 8, 2, 214, 0 }, - { 2020, 9, 2, 245, 3 }, - { 2020, 10, 2, 275, 5 }, - { 2020, 11, 2, 306, 1 }, - { 2020, 12, 2, 336, 3 } + { 2012, 1, 1, 0, 0 }, + { 2019, 1, 2, 1, 3 }, + { 2019, 2, 2, 32, 6 }, + { 2019, 3, 2, 60, 6 }, + { 2019, 4, 2, 91, 2 }, + { 2019, 5, 2, 121, 4 }, + { 2019, 6, 2, 152, 0 }, + { 2019, 7, 2, 182, 2 }, + { 2019, 8, 2, 213, 5 }, + { 2019, 9, 2, 244, 1 }, + { 2019, 10, 2, 274, 3 }, + { 2019, 11, 2, 305, 6 }, + { 2019, 12, 2, 335, 1 }, + { 2020, 1, 2, 1, 4 }, + { 2020, 2, 2, 32, 0 }, + { 2020, 3, 2, 61, 1 }, + { 2020, 4, 2, 92, 4 }, + { 2020, 5, 2, 122, 6 }, + { 2020, 6, 2, 153, 2 }, + { 2020, 7, 2, 183, 4 }, + { 2020, 8, 2, 214, 0 }, + { 2020, 9, 2, 245, 3 }, + { 2020, 10, 2, 275, 5 }, + { 2020, 11, 2, 306, 1 }, + { 2020, 12, 2, 336, 3 } }; static int test_days(int n) @@ -463,8 +612,8 @@ int r; BIO_snprintf(d, sizeof(d), "%04d%02d%02d050505Z", - day_of_week_tests[n].y, day_of_week_tests[n].m, - day_of_week_tests[n].d); + day_of_week_tests[n].y, day_of_week_tests[n].m, + day_of_week_tests[n].d); if (!TEST_ptr(a = ASN1_TIME_new())) return 0; @@ -479,60 +628,60 @@ } #define construct_asn1_time(s, t, e) \ - { { sizeof(s) - 1, t, (unsigned char*)s, 0 }, e } + { { sizeof(s) - 1, t, (unsigned char *)s, 0 }, e } static const struct { ASN1_TIME asn1; const char *readable; -} x509_print_tests_rfc_822 [] = { +} x509_print_tests_rfc_822[] = { /* Generalized Time */ construct_asn1_time("20170731222050Z", V_ASN1_GENERALIZEDTIME, - "Jul 31 22:20:50 2017 GMT"), + "Jul 31 22:20:50 2017 GMT"), /* Generalized Time, no seconds */ construct_asn1_time("201707312220Z", V_ASN1_GENERALIZEDTIME, - "Jul 31 22:20:00 2017 GMT"), + "Jul 31 22:20:00 2017 GMT"), /* Generalized Time, fractional seconds (3 digits) */ construct_asn1_time("20170731222050.123Z", V_ASN1_GENERALIZEDTIME, - "Jul 31 22:20:50.123 2017 GMT"), + "Jul 31 22:20:50.123 2017 GMT"), /* Generalized Time, fractional seconds (1 digit) */ construct_asn1_time("20170731222050.1Z", V_ASN1_GENERALIZEDTIME, - "Jul 31 22:20:50.1 2017 GMT"), + "Jul 31 22:20:50.1 2017 GMT"), /* Generalized Time, fractional seconds (0 digit) */ construct_asn1_time("20170731222050.Z", V_ASN1_GENERALIZEDTIME, - "Bad time value"), + "Bad time value"), /* UTC Time */ construct_asn1_time("170731222050Z", V_ASN1_UTCTIME, - "Jul 31 22:20:50 2017 GMT"), + "Jul 31 22:20:50 2017 GMT"), /* UTC Time, no seconds */ construct_asn1_time("1707312220Z", V_ASN1_UTCTIME, - "Jul 31 22:20:00 2017 GMT"), + "Jul 31 22:20:00 2017 GMT"), }; static const struct { ASN1_TIME asn1; const char *readable; -} x509_print_tests_iso_8601 [] = { +} x509_print_tests_iso_8601[] = { /* Generalized Time */ construct_asn1_time("20170731222050Z", V_ASN1_GENERALIZEDTIME, - "2017-07-31 22:20:50Z"), + "2017-07-31 22:20:50Z"), /* Generalized Time, no seconds */ construct_asn1_time("201707312220Z", V_ASN1_GENERALIZEDTIME, - "2017-07-31 22:20:00Z"), + "2017-07-31 22:20:00Z"), /* Generalized Time, fractional seconds (3 digits) */ construct_asn1_time("20170731222050.123Z", V_ASN1_GENERALIZEDTIME, - "2017-07-31 22:20:50.123Z"), + "2017-07-31 22:20:50.123Z"), /* Generalized Time, fractional seconds (1 digit) */ construct_asn1_time("20170731222050.1Z", V_ASN1_GENERALIZEDTIME, - "2017-07-31 22:20:50.1Z"), + "2017-07-31 22:20:50.1Z"), /* Generalized Time, fractional seconds (0 digit) */ construct_asn1_time("20170731222050.Z", V_ASN1_GENERALIZEDTIME, - "Bad time value"), + "Bad time value"), /* UTC Time */ construct_asn1_time("170731222050Z", V_ASN1_UTCTIME, - "2017-07-31 22:20:50Z"), + "2017-07-31 22:20:50Z"), /* UTC Time, no seconds */ construct_asn1_time("1707312220Z", V_ASN1_UTCTIME, - "2017-07-31 22:20:00Z"), + "2017-07-31 22:20:00Z"), }; static int test_x509_time_print_rfc_822(int idx) @@ -558,7 +707,7 @@ goto err; ret = 1; - err: +err: BIO_free(m); return ret; } @@ -586,7 +735,7 @@ goto err; ret = 1; - err: +err: BIO_free(m); return ret; } --- crypto/openssl/test/x509aux.c.orig +++ crypto/openssl/test/x509aux.c @@ -64,7 +64,7 @@ enclen = i2d(cert, NULL); if (len != enclen) { TEST_error("encoded length %ld of %s != input length %ld", - enclen, name, len); + enclen, name, len); err = 1; goto next; } @@ -76,11 +76,11 @@ enclen = i2d(cert, &bufp); if (len != enclen) { TEST_error("encoded length %ld of %s != input length %ld", - enclen, name, len); + enclen, name, len); err = 1; goto next; } - enclen = (long) (bufp - buf); + enclen = (long)(bufp - buf); if (enclen != len) { TEST_error("unexpected buffer position after encoding %s", name); err = 1; @@ -111,7 +111,7 @@ enclen = i2d(cert, &buf); if (len != enclen) { TEST_error("encoded length %ld of %s != input length %ld", - enclen, name, len); + enclen, name, len); err = 1; goto next; } @@ -130,7 +130,7 @@ enclen = i2d(cert, &buf); if (enclen > len) { TEST_error("encoded length %ld of %s > input length %ld", - enclen, name, len); + enclen, name, len); err = 1; goto next; } --- /dev/null +++ crypto/openssl/tools/c_rehash @@ -0,0 +1,253 @@ +#!/usr/bin/env perl + +# WARNING: do not edit! +# Generated by Makefile from tools/c_rehash.in +# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = "etc"; +my $prefix = "/usr"; + +my $errorcount = 0; +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h' || $flag eq '-help' ) { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -h.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h or -help print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if (!(-f $openssl && -x $openssl)) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if (-f "$_/$openssl" && -x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if ($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if (@ARGV) { + @dirlist = @ARGV; +} elsif ($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!(-f $openssl && -x $openssl)); + chdir $pwd; +} + +foreach (@dirlist) { + if (-d $_ ) { + if ( -w $_) { + hash_dir($_); + } else { + print "Skipping $_, can't write\n"; + $errorcount++; + } + } +} +exit($errorcount); + +sub copy_file { + my ($src_fname, $dst_fname) = @_; + + if (open(my $in, "<", $src_fname)) { + if (open(my $out, ">", $dst_fname)) { + print $out $_ while (<$in>); + close $out; + } else { + warn "Cannot open $dst_fname for write, $!"; + } + close $in; + } else { + warn "Cannot open $src_fname for read, $!"; + } +} + +sub hash_dir { + my $dir = shift; + my %hashlist; + + print "Doing $dir\n"; + + if (!chdir $dir) { + print STDERR "WARNING: Cannot chdir to '$dir', $!\n"; + return; + } + + opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n"; + my @flist = sort readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if (-l $_) { + print "unlink $_\n" if $verbose; + unlink $_ || warn "Can't unlink $_, $!\n"; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if (!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if ($cert); + link_hash_crl($fname) if ($crl); + } + + chdir $pwd; +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + + open(my $in, "<", $fname); + while(<$in>) { + if (/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if ($is_crl); + } elsif ($hdr eq "X509 CRL") { + $is_crl = 1; + last if ($is_cert); + } + } + } + close $in; + return ($is_cert, $is_crl); +} + +sub compute_hash { + my $fh; + if ( $^O eq "VMS" ) { + # VMS uses the open through shell + # The file names are safe there and list form is unsupported + if (!open($fh, "-|", join(' ', @_))) { + print STDERR "Cannot compute hash on '$fname'\n"; + return; + } + } else { + if (!open($fh, "-|", @_)) { + print STDERR "Cannot compute hash on '$fname'\n"; + return; + } + binmode($fh, ":crlf"); + } + return (<$fh>, <$fh>); +} + +# Link a certificate to its subject name hash value, each hash is of +# the form . where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + link_hash($_[0], 'cert'); +} + +# Same as above except for a CRL. CRL links are of the form .r + +sub link_hash_crl { + link_hash($_[0], 'crl'); +} + +sub link_hash { + my ($fname, $type) = @_; + my $is_cert = $type eq 'cert'; + + my ($hash, $fprint) = compute_hash($openssl, + $is_cert ? "x509" : "crl", + $is_cert ? $x509hash : $crlhash, + "-fingerprint", "-noout", + "-in", $fname); + chomp $hash; + $hash =~ s/^.*=// if !$is_cert; + chomp $fprint; + return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + my $crlmark = $is_cert ? "" : "r"; + while(exists $hashlist{"$hash.$crlmark$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) { + my $what = $is_cert ? 'certificate' : 'CRL'; + print STDERR "WARNING: Skipping duplicate $what $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$crlmark$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "copy $fname -> $hash\n" if $verbose; + copy_file($fname, $hash); + } + $hashlist{$hash} = $fprint; +} --- crypto/openssl/tools/c_rehash.in.orig +++ crypto/openssl/tools/c_rehash.in @@ -1,7 +1,7 @@ #!{- $config{HASHBANGPERL} -} {- use OpenSSL::Util; -} # {- join("\n# ", @autowarntext) -} -# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -63,10 +63,10 @@ my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); -if (! -x $openssl) { +if (!(-f $openssl && -x $openssl)) { my $found = 0; foreach (split /$path_delim/, $ENV{PATH}) { - if (-x "$_/$openssl") { + if (-f "$_/$openssl" && -x "$_/$openssl") { $found = 1; $openssl = "$_/$openssl"; last; @@ -88,7 +88,7 @@ if (-d $dirlist[0]) { chdir $dirlist[0]; - $openssl="$pwd/$openssl" if (!-x $openssl); + $openssl="$pwd/$openssl" if (!(-f $openssl && -x $openssl)); chdir $pwd; } @@ -192,6 +192,7 @@ print STDERR "Cannot compute hash on '$fname'\n"; return; } + binmode($fh, ":crlf"); } return (<$fh>, <$fh>); } --- crypto/openssl/util/add-depends.pl.orig +++ crypto/openssl/util/add-depends.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -214,7 +214,7 @@ # # Hinweis: Einlesen der Datei: {whatever header file} # - # To accomodate, we need to use a very general regular expression + # To accommodate, we need to use a very general regular expression # to parse those lines. # # Since there's no object file name at all in that information, --- crypto/openssl/util/missingcrypto.txt.orig +++ crypto/openssl/util/missingcrypto.txt @@ -172,7 +172,6 @@ BIO_asn1_get_suffix(3) BIO_asn1_set_prefix(3) BIO_asn1_set_suffix(3) -BIO_clear_flags(3) BIO_copy_next_retry(3) BIO_dgram_is_sctp(3) BIO_dgram_non_fatal_error(3) @@ -211,7 +210,6 @@ BIO_nwrite0(3) BIO_s_datagram_sctp(3) BIO_s_log(3) -BIO_set_flags(3) BIO_set_tcp_ndelay(3) BIO_sock_error(3) BIO_sock_info(3) @@ -220,7 +218,6 @@ BIO_sock_should_retry(3) BIO_socket_ioctl(3) BIO_socket_nbio(3) -BIO_test_flags(3) BN_GF2m_add(3) BN_GF2m_arr2poly(3) BN_GF2m_mod(3) @@ -296,7 +293,6 @@ CMAC_Update(3) CMAC_resume(3) CMS_ContentInfo_it(3) -CMS_EncryptedData_set1_key(3) CMS_ReceiptRequest_it(3) CMS_RecipientEncryptedKey_cert_cmp(3) CMS_RecipientEncryptedKey_get0_id(3) --- crypto/openssl/util/mkerr.pl.orig +++ crypto/openssl/util/mkerr.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -338,21 +338,21 @@ */ #ifndef $guard -# define $guard -# pragma once +#define $guard +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern \"C\" { -# endif +#endif EOF $indent = ' '; if ($disablable) { print OUT <<"EOF"; -# ifndef OPENSSL_NO_${lib} +#ifndef OPENSSL_NO_${lib} EOF $indent = " "; @@ -379,7 +379,7 @@ $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z; + printf OUT "#define $i $rcodes{$i}\n"; } print OUT "\n"; } @@ -388,14 +388,14 @@ # brace for 'extern "C" {'. while (length($indent) > 1) { $indent = substr $indent, 0, -1; - print OUT "#${indent}endif\n"; + print OUT "#endif\n"; } print OUT <<"EOF"; -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif EOF close OUT; @@ -407,8 +407,8 @@ my $extra_include = $internal ? ($lib ne 'SSL' - ? "# include \n" - : "# include \n") + ? "#include \n" + : "#include \n") : ''; my $hfile = $hpubinc{$lib}; my $guard = $hfile; @@ -429,45 +429,43 @@ */ #ifndef $guard -# define $guard -# pragma once +#define $guard +#pragma once -# include -# include +#include +#include $extra_include - EOF $indent = ' '; if ( $internal ) { if ($disablable) { print OUT <<"EOF"; -# ifndef OPENSSL_NO_${lib} - +#ifndef OPENSSL_NO_${lib} EOF $indent .= ' '; } } else { print OUT <<"EOF"; -# define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) - +#define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) +#define ERR_R_${lib}_LIB ERR_${lib}_lib() EOF if ( ! $static ) { print OUT <<"EOF"; -# ifdef __cplusplus +#ifdef __cplusplus extern \"C\" { -# endif +#endif int ERR_load_${lib}_strings(void); void ERR_unload_${lib}_strings(void); void ERR_${lib}_error(int function, int reason, const char *file, int line); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif EOF } } - print OUT "\n/*\n * $lib reason codes.\n */\n"; + print OUT "/*\n * $lib reason codes.\n */\n"; foreach my $i ( @reasons ) { my $z = 48 - length($i); $z = 0 if $z < 0; @@ -482,13 +480,13 @@ $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z; + printf OUT "#define $i $rcodes{$i}\n"; } print OUT "\n"; while (length($indent) > 0) { $indent = substr $indent, 0, -1; - print OUT "#${indent}endif\n"; + print OUT "#endif\n"; } close OUT; } @@ -548,7 +546,7 @@ } } print OUT <<"EOF"; -#${indent}ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static ${const}ERR_STRING_DATA ${lib}_str_reasons[] = { EOF @@ -565,28 +563,27 @@ $rn =~ tr/_[A-Z]/ [a-z]/; $strings{$i} = $rn; } - my $short = " {ERR_PACK($pack_lib, 0, $i), \"$rn\"},"; - if ( length($short) <= 80 ) { - print OUT "$short\n"; - } else { - print OUT " {ERR_PACK($pack_lib, 0, $i),\n \"$rn\"},\n"; - } + my $lines; + $lines = " { ERR_PACK($pack_lib, 0, $i), \"$rn\" },"; + $lines = " { ERR_PACK($pack_lib, 0, $i),\n \"$rn\" }," + if length($lines) > 82; + print OUT "$lines\n"; } print OUT <<"EOF"; - {0, NULL} + { 0, NULL } }; -#${indent}endif +#endif EOF if ( $internal ) { print OUT <<"EOF"; int ossl_err_load_${lib}_strings(void) { -#${indent}ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(${lib}_str_reasons[0].error) == NULL) ERR_load_strings_const(${lib}_str_reasons); -#${indent}endif +#endif return 1; } EOF @@ -628,13 +625,20 @@ ERR_raise(lib_code, reason); ERR_set_debug(file, line, NULL); } + +${st}int ERR_${lib}_lib(void) +{ + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + return lib_code; +} EOF } while (length($indent) > 1) { $indent = substr $indent, 0, -1; - print OUT "#${indent}endif\n"; + print OUT "#endif\n"; } if ($internal && $disablable) { print OUT <<"EOF"; --- crypto/openssl/util/other.syms.orig +++ crypto/openssl/util/other.syms @@ -178,6 +178,8 @@ BIO_get_conn_port define BIO_get_conn_ip_family define BIO_get_fd define +BIO_get_flags define +BIO_get_retry_flags define BIO_get_fp define BIO_get_indent define BIO_get_info_callback define @@ -211,6 +213,12 @@ BIO_set_conn_port define BIO_set_conn_ip_family define BIO_set_fd define +BIO_set_flags define +BIO_set_retry_read define +BIO_set_retry_write define +BIO_set_retry_special define +BIO_clear_flags define +BIO_clear_retry_flags define BIO_set_fp define BIO_set_indent define BIO_set_info_callback define --- /dev/null +++ crypto/openssl/util/shlib_wrap.sh @@ -0,0 +1,114 @@ +#!/bin/sh + +# To test this OpenSSL version's applications against another version's +# shared libraries, simply set +# +# OPENSSL_REGRESSION=/path/to/other/OpenSSL/build/tree +if [ -n "$OPENSSL_REGRESSION" ]; then + shlibwrap="$OPENSSL_REGRESSION/util/shlib_wrap.sh" + if [ -x "$shlibwrap" ]; then + # We clear OPENSSL_REGRESSION to avoid a loop, should the shlib_wrap.sh + # we exec also support that mechanism... + OPENSSL_REGRESSION= exec "$shlibwrap" "$@" + else + if [ -f "$shlibwrap" ]; then + echo "Not permitted to run $shlibwrap" >&2 + else + echo "No $shlibwrap, perhaps OPENSSL_REGRESSION isn't properly set?" >&2 + fi + exit 1 + fi +fi + +[ $# -ne 0 ] || set -x # debug mode without arguments:-) + +THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.." +[ -d "${THERE}" ] || exec "$@" # should never happen... + +LIBCRYPTOSO="${THERE}/libcrypto.so.3" +LIBSSLSO="${THERE}/libssl.so.3" + +SYSNAME=`(uname -s) 2>/dev/null`; +case "$SYSNAME" in +SunOS|IRIX*) + # SunOS and IRIX run-time linkers evaluate alternative + # variables depending on target ABI... + rld_var=LD_LIBRARY_PATH + case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in + *ELF\ 64*SPARC*|*ELF\ 64*AMD64*) + [ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64 + LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64 + preload_var=LD_PRELOAD_64 + ;; + *ELF\ 32*SPARC*|*ELF\ 32*80386*) + # We only need to change LD_PRELOAD_32 and LD_LIBRARY_PATH_32 + # on a multi-arch system. Otherwise, trust the fallbacks. + if [ -f /lib/64/ld.so.1 ]; then + [ -n "$LD_LIBRARY_PATH_32" ] && rld_var=LD_LIBRARY_PATH_32 + LD_PRELOAD_32="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_32 + preload_var=LD_PRELOAD_32 + fi + ;; + # Why are newly built .so's preloaded anyway? Because run-time + # .so lookup path embedded into application takes precedence + # over LD_LIBRARY_PATH and as result application ends up linking + # to previously installed .so's. On IRIX instead of preloading + # newly built .so's we trick run-time linker to fail to find + # the installed .so by setting _RLD_ROOT variable. + *ELF\ 32*MIPS*) + #_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST + _RLD_ROOT=/no/such/dir; export _RLD_ROOT + eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLD_LIST + ;; + *ELF\ N32*MIPS*) + [ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH + #_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST + _RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT + eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLDN32_LIST + ;; + *ELF\ 64*MIPS*) + [ -n "$LD_LIBRARY64_PATH" ] && rld_var=LD_LIBRARY64_PATH + #_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST + _RLD64_ROOT=/no/such/dir; export _RLD64_ROOT + eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLD64_LIST + ;; + esac + eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var + unset rld_var + ;; +NONSTOP_KERNEL) + # HPE NonStop has a proprietary mechanism for specifying + # the location of DLLs. It does not use PATH or variables + # commonly used on other platforms. The platform has a limited + # environment space keeping extraneous variables to a minimum + # is recommended. + _RLD_LIB_PATH="${THERE}:$LD_LIBRARY_PATH" + export _RLD_LIB_PATH + ;; +*) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX + DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X + SHLIB_PATH="${THERE}:$SHLIB_PATH" # legacy HP-UX + LIBPATH="${THERE}:$LIBPATH" # AIX, OS/2 + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH + # Even though $PATH is adjusted [for Windows sake], it doesn't + # necessarily does the trick. Trouble is that with introduction + # of SafeDllSearchMode in XP/2003 it's more appropriate to copy + # .DLLs in vicinity of executable, which is done elsewhere... + if [ "$OSTYPE" != msdosdjgpp ]; then + PATH="${THERE}:$PATH"; export PATH + fi + ;; +esac + + + +cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}" +shift +if [ $# -eq 0 ]; then + exec "$cmd" # old sh, such as Tru64 4.x, fails to expand empty "$@" +else + exec "$cmd" "$@" +fi --- crypto/openssl/util/wrap.pl.in.orig +++ crypto/openssl/util/wrap.pl.in @@ -18,6 +18,38 @@ OpenSSL::Util->import(); } +sub quote_cmd_win32 { + my $cmd = ""; + + foreach my $arg (@_) { + if ($arg =~ m{\A[\w,-./@]+\z}) { + $cmd .= $arg . q{ };; + } else { + $cmd .= q{"} . quote_arg_win32($arg) . q{" }; + } + } + return substr($cmd, 0, -1); +} + +sub quote_arg_win32 { + my ($arg) = @_; + my $val = ""; + + pos($arg) = 0; + while (1) { + return $val if (pos($arg) == length($arg)); + if ($arg =~ m{\G((?:(?>[\\]*)[^"\\]+)+)}ogc) { + $val .= $1; + } elsif ($arg =~ m{\G"}ogc) { + $val .= qq{\\"}; + } elsif ($arg =~ m{\G((?>[\\]+)(?="|\z))}ogc) { + $val .= qq{\\} x (2 * length($1)); + } else { + die sprintf("Internal error quoting: '%s'\n", $arg); + } + } +} + my $there = canonpath(catdir(dirname($0), updir())); my $std_engines = catdir($there, 'engines'); my $std_providers = catdir($there, 'providers'); @@ -60,7 +92,12 @@ # The exec() statement on MSWin32 doesn't seem to give back the exit code # from the call, so we resort to using system() instead. -my $waitcode = system @cmd; +my $waitcode; +if ($^O eq 'MSWin32') { + $waitcode = system(quote_cmd_win32(@cmd)); +} else { + $waitcode = system @cmd; +} # According to documentation, -1 means that system() couldn't run the command, # otherwise, the value is similar to the Unix wait() status value --- secure/lib/libcrypto/Makefile.inc.orig +++ secure/lib/libcrypto/Makefile.inc @@ -1,10 +1,6 @@ .include -# OpenSSL version used for manual page generation -OPENSSL_VER= 3.0.16 -OPENSSL_DATE= 2025-02-11 - LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc @@ -13,10 +9,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include -.include "Makefile.common" +.SUFFIXES: .pc +.PATH.pc: ${LCRYPTO_SRC}/exporters -.for pcfile in ${PCFILES} -${pcfile}: ${pcfile}.in - sed -e 's,@openssl_ver@,${OPENSSL_VER},g' ${.ALLSRC} > ${.TARGET} -.endfor -CLEANFILES+= ${PCFILES} +.include "Makefile.common" --- secure/lib/libcrypto/man/man3/ADMISSIONS.3.orig +++ secure/lib/libcrypto/man/man3/ADMISSIONS.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ADMISSIONS 3ossl" -.TH ADMISSIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ADMISSIONS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, @@ -171,7 +96,7 @@ PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber \&\- Accessors and settors for ADMISSION_SYNTAX -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 5 \& typedef struct NamingAuthority_st NAMING_AUTHORITY; @@ -230,23 +155,23 @@ \& void PROFESSION_INFO_set0_registrationNumber( \& PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1PROFESSION_INFOS\s0\fR, \fB\s-1ADMISSION_SYNTAX\s0\fR, \fB\s-1ADMISSIONS\s0\fR, and -\&\fB\s-1PROFESSION_INFO\s0\fR types are opaque structures representing the -analogous types defined in the Common \s-1PKI\s0 Specification published -by . +The \fBPROFESSION_INFOS\fR, \fBADMISSION_SYNTAX\fR, \fBADMISSIONS\fR, and +\&\fBPROFESSION_INFO\fR types are opaque structures representing the +analogous types defined in the Common PKI Specification published +by T7 & TELETRUST . Knowledge of those structures and their semantics is assumed. .PP -The conventional routines to convert between \s-1DER\s0 and the local format +The conventional routines to convert between DER and the local format are described in \fBd2i_X509\fR\|(3). The conventional routines to allocate and free the types are defined in \fBX509_dup\fR\|(3). .PP -The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see -\&\s-1\fBDEFINE_STACK_OF\s0\fR\|(3) for details. +The \fBPROFESSION_INFOS\fR type is a stack of \fBPROFESSION_INFO\fR; see +\&\fBDEFINE_STACK_OF\fR\|(3) for details. .PP -The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL,\s0 and text fields. +The \fBNAMING_AUTHORITY\fR type has an authority ID and URL, and text fields. The \fBNAMING_AUTHORITY_get0_authorityId()\fR, \&\fBNAMING_AUTHORITY_get0_get0_authorityURL()\fR, and \&\fBNAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers @@ -256,8 +181,8 @@ \&\fBNAMING_AUTHORITY_set0_get0_authorityText()\fR, functions free any existing value and set the pointer to the specified value. .PP -The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of -\&\fB\s-1ADMISSION\s0\fR objects. +The \fBADMISSION_SYNTAX\fR type has an authority name and a stack of +\&\fBADMISSION\fR objects. The \fBADMISSION_SYNTAX_get0_admissionAuthority()\fR and \fBADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers to those values within the object. @@ -266,8 +191,8 @@ \&\fBADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR functions free any existing value and set the pointer to the specified value. .PP -The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a -stack of \fB\s-1PROFESSION_INFO\s0\fR items. +The \fBADMISSION\fR type has an authority name, authority object, and a +stack of \fBPROFESSION_INFO\fR items. The \fBADMISSIONS_get0_admissionAuthority()\fR, \fBADMISSIONS_get0_namingAuthority()\fR, and \fBADMISSIONS_get0_professionInfos()\fR functions return pointers to those values within the object. @@ -277,7 +202,7 @@ \&\fBADMISSIONS_set0_professionInfos()\fR functions free any existing value and set the pointer to the specified value. .PP -The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of +The \fBPROFESSION_INFO\fR type has a name authority, stacks of profession Items and OIDs, a registration number, and additional profession info. The functions \fBPROFESSION_INFO_get0_addProfessionInfo()\fR, @@ -301,11 +226,11 @@ .IX Header "SEE ALSO" \&\fBX509_dup\fR\|(3), \&\fBd2i_X509\fR\|(3), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_EXTERN_FUNCS.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_EXTERN_FUNCS.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_EXTERN_FUNCS 3ossl" -.TH ASN1_EXTERN_FUNCS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_EXTERN_FUNCS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_EXTERN_FUNCS, ASN1_ex_d2i, ASN1_ex_d2i_ex, ASN1_ex_i2d, ASN1_ex_new_func, ASN1_ex_new_ex_func, ASN1_ex_free_func, ASN1_ex_print_func, IMPLEMENT_EXTERN_ASN1 \&\- ASN.1 external function support -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -180,120 +105,120 @@ \& \& #define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1ASN.1\s0 data structures templates are typically defined in OpenSSL using a series -of macros such as \s-1\fBASN1_SEQUENCE\s0()\fR, \s-1\fBASN1_SEQUENCE_END\s0()\fR and so on. Instead +ASN.1 data structures templates are typically defined in OpenSSL using a series +of macros such as \fBASN1_SEQUENCE()\fR, \fBASN1_SEQUENCE_END()\fR and so on. Instead templates can also be defined based entirely on external functions. These external functions are called to perform operations such as creating a new -\&\fB\s-1ASN1_VALUE\s0\fR or converting an \fB\s-1ASN1_VALUE\s0\fR to or from \s-1DER\s0 encoding. +\&\fBASN1_VALUE\fR or converting an \fBASN1_VALUE\fR to or from DER encoding. .PP -The macro \s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR can be used to create such an externally +The macro \fBIMPLEMENT_EXTERN_ASN1()\fR can be used to create such an externally defined structure. The name of the structure should be supplied in the \fIsname\fR parameter. The tag for the structure (e.g. typically \fBV_ASN1_SEQUENCE\fR) should be supplied in the \fItag\fR parameter. Finally a pointer to an -\&\fB\s-1ASN1_EXTERN_FUNCS\s0\fR structure should be supplied in the \fIfptrs\fR parameter. +\&\fBASN1_EXTERN_FUNCS\fR structure should be supplied in the \fIfptrs\fR parameter. .PP -The \fB\s-1ASN1_EXTERN_FUNCS\s0\fR structure has the following entries. -.IP "\fIapp_data\fR" 4 +The \fBASN1_EXTERN_FUNCS\fR structure has the following entries. +.IP \fIapp_data\fR 4 .IX Item "app_data" A pointer to arbitrary application specific data. -.IP "\fIasn1_ex_new\fR" 4 +.IP \fIasn1_ex_new\fR 4 .IX Item "asn1_ex_new" -A \*(L"new\*(R" function responsible for constructing a new \fB\s-1ASN1_VALUE\s0\fR object. The +A "new" function responsible for constructing a new \fBASN1_VALUE\fR object. The newly constructed value should be stored in \fI*pval\fR. The \fIit\fR parameter is a -pointer to the \fB\s-1ASN1_ITEM\s0\fR template object created via the -\&\s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR macro. +pointer to the \fBASN1_ITEM\fR template object created via the +\&\fBIMPLEMENT_EXTERN_ASN1()\fR macro. .Sp Returns a positive value on success or 0 on error. -.IP "\fIasn1_ex_free\fR" 4 +.IP \fIasn1_ex_free\fR 4 .IX Item "asn1_ex_free" -A \*(L"free\*(R" function responsible for freeing the \fB\s-1ASN1_VALUE\s0\fR passed in \fI*pval\fR -that was previously allocated via a \*(L"new\*(R" function. The \fIit\fR parameter is a -pointer to the \fB\s-1ASN1_ITEM\s0\fR template object created via the -\&\s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR macro. -.IP "\fIasn1_ex_clear\fR" 4 +A "free" function responsible for freeing the \fBASN1_VALUE\fR passed in \fI*pval\fR +that was previously allocated via a "new" function. The \fIit\fR parameter is a +pointer to the \fBASN1_ITEM\fR template object created via the +\&\fBIMPLEMENT_EXTERN_ASN1()\fR macro. +.IP \fIasn1_ex_clear\fR 4 .IX Item "asn1_ex_clear" -A \*(L"clear\*(R" function responsible for clearing any data in the \fB\s-1ASN1_VALUE\s0\fR passed +A "clear" function responsible for clearing any data in the \fBASN1_VALUE\fR passed in \fI*pval\fR and making it suitable for reuse. The \fIit\fR parameter is a pointer -to the \fB\s-1ASN1_ITEM\s0\fR template object created via the \s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR +to the \fBASN1_ITEM\fR template object created via the \fBIMPLEMENT_EXTERN_ASN1()\fR macro. -.IP "\fIasn1_ex_d2i\fR" 4 +.IP \fIasn1_ex_d2i\fR 4 .IX Item "asn1_ex_d2i" -A \*(L"d2i\*(R" function responsible for converting \s-1DER\s0 data with the tag \fItag\fR and -class \fIclass\fR into an \fB\s-1ASN1_VALUE\s0\fR. If \fI*pval\fR is non-NULL then the -\&\fB\s-1ASN_VALUE\s0\fR it points to should be reused. Otherwise a new \fB\s-1ASN1_VALUE\s0\fR -should be allocated and stored in \fI*pval\fR. \fI*in\fR points to the \s-1DER\s0 data to be +A "d2i" function responsible for converting DER data with the tag \fItag\fR and +class \fIclass\fR into an \fBASN1_VALUE\fR. If \fI*pval\fR is non\-NULL then the +\&\fBASN_VALUE\fR it points to should be reused. Otherwise a new \fBASN1_VALUE\fR +should be allocated and stored in \fI*pval\fR. \fI*in\fR points to the DER data to be decoded and \fIlen\fR is the length of that data. After decoding \fI*in\fR should be -updated to point at the next byte after the decoded data. If the \fB\s-1ASN1_VALUE\s0\fR +updated to point at the next byte after the decoded data. If the \fBASN1_VALUE\fR is considered optional in this context then \fIopt\fR will be nonzero. Otherwise -it will be zero. The \fIit\fR parameter is a pointer to the \fB\s-1ASN1_ITEM\s0\fR template -object created via the \s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR macro. A pointer to the current -\&\fB\s-1ASN1_TLC\s0\fR context (which may be required for other \s-1ASN1\s0 function calls) is +it will be zero. The \fIit\fR parameter is a pointer to the \fBASN1_ITEM\fR template +object created via the \fBIMPLEMENT_EXTERN_ASN1()\fR macro. A pointer to the current +\&\fBASN1_TLC\fR context (which may be required for other ASN1 function calls) is passed in the \fIctx\fR parameter. .Sp -The \fIasn1_ex_d2i\fR entry may be \s-1NULL\s0 if \fIasn1_ex_d2i_ex\fR has been specified +The \fIasn1_ex_d2i\fR entry may be NULL if \fIasn1_ex_d2i_ex\fR has been specified instead. .Sp Returns <= 0 on error or a positive value on success. -.IP "\fIasn1_ex_i2d\fR" 4 +.IP \fIasn1_ex_i2d\fR 4 .IX Item "asn1_ex_i2d" -An \*(L"i2d\*(R" function responsible for converting an \fB\s-1ASN1_VALUE\s0\fR into \s-1DER\s0 encoding. -On entry \fI*pval\fR will contain the \fB\s-1ASN1_VALUE\s0\fR to be encoded. If default +An "i2d" function responsible for converting an \fBASN1_VALUE\fR into DER encoding. +On entry \fI*pval\fR will contain the \fBASN1_VALUE\fR to be encoded. If default tagging is to be used then \fItag\fR will be \-1 on entry. Otherwise if implicit tagging should be used then \fItag\fR and \fIaclass\fR will be the tag and associated class. .Sp -If \fIout\fR is not \s-1NULL\s0 then this function should write the \s-1DER\s0 encoded data to +If \fIout\fR is not NULL then this function should write the DER encoded data to the buffer in \fI*out\fR, and then increment \fI*out\fR to point to immediately after the data just written. .Sp -If \fIout\fR is \s-1NULL\s0 then no data should be written but the length calculated and +If \fIout\fR is NULL then no data should be written but the length calculated and returned as if it were. .Sp -The \fIasn1_ex_i2d\fR entry may be \s-1NULL\s0 if \fIasn1_ex_i2d_ex\fR has been specified +The \fIasn1_ex_i2d\fR entry may be NULL if \fIasn1_ex_i2d_ex\fR has been specified instead. .Sp The return value should be negative if a fatal error occurred, or 0 if a -non-fatal error occurred. Otherwise it should return the length of the encoded +non\-fatal error occurred. Otherwise it should return the length of the encoded data. -.IP "\fIasn1_ex_print\fR" 4 +.IP \fIasn1_ex_print\fR 4 .IX Item "asn1_ex_print" -A \*(L"print\*(R" function. \fIout\fR is the \s-1BIO\s0 to print the output to. \fI*pval\fR is the -\&\fB\s-1ASN1_VALUE\s0\fR to be printed. \fIindent\fR is the number of spaces of indenting to +A "print" function. \fIout\fR is the BIO to print the output to. \fI*pval\fR is the +\&\fBASN1_VALUE\fR to be printed. \fIindent\fR is the number of spaces of indenting to be printed before any data is printed. \fIfname\fR is currently unused and is -always "". \fIpctx\fR is a pointer to the \fB\s-1ASN1_PCTX\s0\fR for the print operation. +always "". \fIpctx\fR is a pointer to the \fBASN1_PCTX\fR for the print operation. .Sp Returns 0 on error or a positive value on success. If the return value is 2 then an additional newline will be printed after the data printed by this function. -.IP "\fIasn1_ex_new_ex\fR" 4 +.IP \fIasn1_ex_new_ex\fR 4 .IX Item "asn1_ex_new_ex" This is the same as \fIasn1_ex_new\fR except that it is additionally passed the -\&\s-1OSSL_LIB_CTX\s0 to be used in \fIlibctx\fR and any property query string to be used +OSSL_LIB_CTX to be used in \fIlibctx\fR and any property query string to be used for algorithm fetching in the \fIpropq\fR parameter. See -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further details. If \fIasn1_ex_new_ex\fR is -non \s-1NULL,\s0 then it will always be called in preference to \fIasn1_ex_new\fR. -.IP "\fIasn1_ex_d2i_ex\fR" 4 +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further details. If \fIasn1_ex_new_ex\fR is +non NULL, then it will always be called in preference to \fIasn1_ex_new\fR. +.IP \fIasn1_ex_d2i_ex\fR 4 .IX Item "asn1_ex_d2i_ex" This is the same as \fIasn1_ex_d2i\fR except that it is additionally passed the -\&\s-1OSSL_LIB_CTX\s0 to be used in \fIlibctx\fR and any property query string to be used +OSSL_LIB_CTX to be used in \fIlibctx\fR and any property query string to be used for algorithm fetching in the \fIpropq\fR parameter. See -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further details. If \fIasn1_ex_d2i_ex\fR is -non \s-1NULL,\s0 then it will always be called in preference to \fIasn1_ex_d2i\fR. +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further details. If \fIasn1_ex_d2i_ex\fR is +non NULL, then it will always be called in preference to \fIasn1_ex_d2i\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Return values for the various callbacks are as described above. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBASN1_item_new_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fIasn1_ex_new_ex\fR and \fIasn1_ex_d2i_ex\fR callbacks were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_INTEGER_GET_INT64 3ossl" -.TH ASN1_INTEGER_GET_INT64 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_INTEGER_GET_INT64 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN \&\- ASN.1 INTEGER and ENUMERATED utilities -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -168,12 +93,12 @@ \& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); \& BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR +These functions convert to and from \fBASN1_INTEGER\fR and \fBASN1_ENUMERATED\fR structures. .PP -\&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type +\&\fBASN1_INTEGER_get_int64()\fR converts an \fBASN1_INTEGER\fR into an \fBint64_t\fR type If successful it returns 1 and sets \fI*pr\fR to the value of \fIa\fR. If it fails (due to invalid type or the value being too big to fit into an \fBint64_t\fR type) it returns 0. @@ -183,44 +108,44 @@ is negative. .PP \&\fBASN1_INTEGER_get()\fR also returns the value of \fIa\fR but it returns 0 if \fIa\fR is -\&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for -an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR +NULL and \-1 on error (which is ambiguous because \-1 is a legitimate value for +an \fBASN1_INTEGER\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR instead. .PP -\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the +\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fBASN1_INTEGER\fR \fIa\fR to the \&\fBint64_t\fR value \fIr\fR. .PP -\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the +\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fBASN1_INTEGER\fR \fIa\fR to the \&\fBuint64_t\fR value \fIr\fR. .PP -\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the \fIlong\fR value +\&\fBASN1_INTEGER_set()\fR sets the value of \fBASN1_INTEGER\fR \fIa\fR to the \fIlong\fR value \&\fIv\fR. .PP -\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fIbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fIai\fR -is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fIai\fR is not \s-1NULL\s0 then +\&\fBBN_to_ASN1_INTEGER()\fR converts \fBBIGNUM\fR \fIbn\fR to an \fBASN1_INTEGER\fR. If \fIai\fR +is NULL a new \fBASN1_INTEGER\fR structure is returned. If \fIai\fR is not NULL then the existing structure will be used instead. .PP -\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fIai\fR into a \fB\s-1BIGNUM\s0\fR. If \fIbn\fR is -\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fIbn\fR is not \s-1NULL\s0 then the +\&\fBASN1_INTEGER_to_BN()\fR converts ASN1_INTEGER \fIai\fR into a \fBBIGNUM\fR. If \fIbn\fR is +NULL a new \fBBIGNUM\fR structure is returned. If \fIbn\fR is not NULL then the existing structure will be used instead. .PP \&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR, \&\fBASN1_ENUMERATED_set()\fR, \fBBN_to_ASN1_ENUMERATED()\fR and \fBASN1_ENUMERATED_to_BN()\fR -behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they -operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. +behave in an identical way to their ASN1_INTEGER counterparts except they +operate on an \fBASN1_ENUMERATED\fR value. .PP \&\fBASN1_ENUMERATED_get()\fR returns the value of \fIa\fR in a similar way to \&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fIa\fR will not fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR instead. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an +In general an \fBASN1_INTEGER\fR or \fBASN1_ENUMERATED\fR type can contain an integer of almost arbitrary size and so cannot always be represented by a C \&\fBint64_t\fR type. However, in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" The ambiguous return values of \fBASN1_INTEGER_get()\fR and \fBASN1_ENUMERATED_get()\fR mean these functions should be avoided if possible. They are retained for @@ -237,26 +162,26 @@ only happen if there is a programming error) or if the value exceeds the range of an \fBint64_t\fR type. .PP -\&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or -\&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will +\&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fBASN1_INTEGER\fR or +\&\fBASN1_ENUMERATED\fR structure respectively or NULL if an error occurs. They will only fail due to a memory allocation error. .PP -\&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure -of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect +\&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fBBIGNUM\fR structure +of NULL if an error occurs. They can fail if the passed type is incorrect (due to programming error) or due to a memory allocation failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_get_int64()\fR, \&\fBASN1_ENUMERATED_set_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_INTEGER_new.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_INTEGER_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_INTEGER_NEW 3ossl" -.TH ASN1_INTEGER_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_INTEGER_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_INTEGER_new, ASN1_INTEGER_free \- ASN1_INTEGER allocation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,27 +73,28 @@ \& ASN1_INTEGER *ASN1_INTEGER_new(void); \& void ASN1_INTEGER_free(ASN1_INTEGER *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBASN1_INTEGER_new()\fR returns an allocated \fB\s-1ASN1_INTEGER\s0\fR structure. +\&\fBASN1_INTEGER_new()\fR returns an allocated \fBASN1_INTEGER\fR structure. .PP -\&\fBASN1_INTEGER_free()\fR frees up a single \fB\s-1ASN1_INTEGER\s0\fR object. +\&\fBASN1_INTEGER_free()\fR frees up a single \fBASN1_INTEGER\fR object. +If the argument is NULL, nothing is done. .PP -\&\fB\s-1ASN1_INTEGER\s0\fR structure representing the \s-1ASN.1 INTEGER\s0 type +\&\fBASN1_INTEGER\fR structure representing the ASN.1 INTEGER type .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASN1_INTEGER_new()\fR return a valid \fB\s-1ASN1_INTEGER\s0\fR structure or \s-1NULL\s0 +\&\fBASN1_INTEGER_new()\fR return a valid \fBASN1_INTEGER\fR structure or NULL if an error occurred. .PP \&\fBASN1_INTEGER_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_ITEM_LOOKUP 3ossl" -.TH ASN1_ITEM_LOOKUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_ITEM_LOOKUP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,24 +73,24 @@ \& const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); \& const ASN1_ITEM *ASN1_ITEM_get(size_t i); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0\fR named \fIname\fR. +\&\fBASN1_ITEM_lookup()\fR returns the \fBASN1_ITEM\fR named \fIname\fR. .PP -\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fIi\fR. This function -returns \s-1NULL\s0 if the index \fIi\fR is out of range. +\&\fBASN1_ITEM_get()\fR returns the \fBASN1_ITEM\fR with index \fIi\fR. This function +returns NULL if the index \fIi\fR is out of range. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure -or \s-1NULL\s0 if an error occurred. +\&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fBASN1_ITEM\fR structure +or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_NEW 3ossl" -.TH ASN1_OBJECT_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_OBJECT_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,23 +73,23 @@ \& ASN1_OBJECT *ASN1_OBJECT_new(void); \& void ASN1_OBJECT_free(ASN1_OBJECT *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1ASN1_OBJECT\s0\fR allocation routines, allocate and free an -\&\fB\s-1ASN1_OBJECT\s0\fR structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 +The \fBASN1_OBJECT\fR allocation routines, allocate and free an +\&\fBASN1_OBJECT\fR structure, which represents an ASN1 OBJECT IDENTIFIER. .PP -\&\fBASN1_OBJECT_new()\fR allocates and initializes an \fB\s-1ASN1_OBJECT\s0\fR structure. +\&\fBASN1_OBJECT_new()\fR allocates and initializes an \fBASN1_OBJECT\fR structure. .PP -\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fIa\fR. -If \fIa\fR is \s-1NULL,\s0 nothing is done. -.SH "NOTES" +\&\fBASN1_OBJECT_free()\fR frees up the \fBASN1_OBJECT\fR structure \fIa\fR. +If \fIa\fR is NULL, nothing is done. +.SH NOTES .IX Header "NOTES" -Although \fBASN1_OBJECT_new()\fR allocates a new \fB\s-1ASN1_OBJECT\s0\fR structure it -is almost never used in applications. The \s-1ASN1\s0 object utility functions +Although \fBASN1_OBJECT_new()\fR allocates a new \fBASN1_OBJECT\fR structure it +is almost never used in applications. The ASN1 object utility functions such as \fBOBJ_nid2obj()\fR are used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBASN1_OBJECT_new()\fR returns \s-1NULL\s0 and sets an error +If the allocation fails, \fBASN1_OBJECT_new()\fR returns NULL and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP @@ -172,11 +97,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_STRING_TABLE_ADD 3ossl" -.TH ASN1_STRING_TABLE_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_STRING_TABLE_ADD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,44 +78,44 @@ \& ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); \& void ASN1_STRING_TABLE_cleanup(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -.SS "Types" +.SS Types .IX Subsection "Types" -\&\fB\s-1ASN1_STRING_TABLE\s0\fR is a table which holds string information -(basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. -.SS "Functions" +\&\fBASN1_STRING_TABLE\fR is a table which holds string information +(basically minimum size, maximum size, type and etc) for a NID object. +.SS Functions .IX Subsection "Functions" -\&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the -local \s-1ASN1\s0 string table based on the \fInid\fR along with other parameters. +\&\fBASN1_STRING_TABLE_add()\fR adds a new \fBASN1_STRING_TABLE\fR item into the +local ASN1 string table based on the \fInid\fR along with other parameters. .PP -If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are +If the item is already in the table, fields of \fBASN1_STRING_TABLE\fR are updated (depending on the values of those parameters, e.g., \fIminsize\fR and \fImaxsize\fR >= 0, \fImask\fR and \fIflags\fR != 0). If the \fInid\fR is standard, -a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with +a copy of the standard \fBASN1_STRING_TABLE\fR is created and updated with other parameters. .PP -\&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based +\&\fBASN1_STRING_TABLE_get()\fR searches for an \fBASN1_STRING_TABLE\fR item based on \fInid\fR. It will search the local table first, then the standard one. .PP -\&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added +\&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fBASN1_STRING_TABLE\fR items added by \fBASN1_STRING_TABLE_add()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. .PP -\&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure -or \s-1NULL\s0 if nothing is found. +\&\fBASN1_STRING_TABLE_get()\fR returns a valid \fBASN1_STRING_TABLE\fR structure +or NULL if nothing is found. .PP \&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_STRING_length.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_STRING_LENGTH 3ossl" -.TH ASN1_STRING_LENGTH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_STRING_LENGTH 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,9 +86,9 @@ \& \& int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. +These functions allow an \fBASN1_STRING\fR structure to be manipulated. .PP \&\fBASN1_STRING_length()\fR returns the length of the content of \fIx\fR. .PP @@ -187,28 +112,28 @@ \&\fBASN1_STRING_type()\fR returns the type of \fIx\fR, using standard constants such as \fBV_ASN1_OCTET_STRING\fR. .PP -\&\fBASN1_STRING_to_UTF8()\fR converts the string \fIin\fR to \s-1UTF8\s0 format, the +\&\fBASN1_STRING_to_UTF8()\fR converts the string \fIin\fR to UTF8 format, the converted data is allocated in a buffer in \fI*out\fR. The length of \&\fIout\fR is returned or a negative error code. The buffer \fI*out\fR should be freed using \fBOPENSSL_free()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR -structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedef'ed -to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. -\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +Almost all ASN1 types in OpenSSL are represented as an \fBASN1_STRING\fR +structure. Other types such as \fBASN1_OCTET_STRING\fR are simply typedef\*(Aqed +to \fBASN1_STRING\fR and the functions call the \fBASN1_STRING\fR equivalents. +\&\fBASN1_STRING\fR is also used for some \fBCHOICE\fR types which consist entirely of primitive string types such as \fBDirectoryString\fR and \&\fBTime\fR. .PP -These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR -or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +These functions should \fBnot\fR be used to examine or modify \fBASN1_INTEGER\fR +or \fBASN1_ENUMERATED\fR types: the relevant \fBINTEGER\fR or \fBENUMERATED\fR utility functions should be used instead. .PP In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example -for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per -character in big endian format, and for a UTF8String it will be in \s-1UTF8\s0 format. +for an IA5String the data will be ASCII, for a BMPString two bytes per +character in big endian format, and for a UTF8String it will be in UTF8 format. .PP Similar care should be take to ensure the data is in the correct format when calling \fBASN1_STRING_set()\fR. @@ -219,7 +144,7 @@ \&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to the data of \fIx\fR. .PP -\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \s-1NULL\s0 if an +\&\fBASN1_STRING_dup()\fR returns a valid \fBASN1_STRING\fR structure or NULL if an error occurred. .PP \&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, @@ -234,11 +159,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_STRING_new.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_STRING_NEW 3ossl" -.TH ASN1_STRING_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_STRING_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,34 +75,34 @@ \& ASN1_STRING *ASN1_STRING_type_new(int type); \& void ASN1_STRING_free(ASN1_STRING *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +\&\fBASN1_STRING_new()\fR returns an allocated \fBASN1_STRING\fR structure. Its type is undefined. .PP -\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +\&\fBASN1_STRING_type_new()\fR returns an allocated \fBASN1_STRING\fR structure of type \fItype\fR. .PP \&\fBASN1_STRING_free()\fR frees up \fIa\fR. -If \fIa\fR is \s-1NULL\s0 nothing is done. -.SH "NOTES" +If \fIa\fR is NULL nothing is done. +.SH NOTES .IX Header "NOTES" -Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +Other string types call the \fBASN1_STRING\fR functions. For example \&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type_new(V_ASN1_OCTET_STRING). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid -\&\fB\s-1ASN1_STRING\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBASN1_STRING\fR structure or NULL if an error occurred. .PP \&\fBASN1_STRING_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_STRING_PRINT_EX 3ossl" -.TH ASN1_STRING_PRINT_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_STRING_PRINT_EX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \&\- ASN1_STRING output routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,78 +77,78 @@ \& \& const char *ASN1_tag2str(int tag); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to -represent all the \s-1ASN1\s0 string types. +These functions output an \fBASN1_STRING\fR structure. \fBASN1_STRING\fR is used to +represent all the ASN1 string types. .PP \&\fBASN1_STRING_print_ex()\fR outputs \fIstr\fR to \fIout\fR, the format is determined by the options \fIflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs to \fIfp\fR instead. .PP \&\fBASN1_STRING_print()\fR prints \fIstr\fR to \fIout\fR but using a different format to -\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) -with '.'. +\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than CR, LF) +with \*(Aq.\*(Aq. .PP -\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fItag\fR. -.SH "NOTES" +\&\fBASN1_tag2str()\fR returns a human\-readable name of the specified ASN.1 \fItag\fR. +.SH NOTES .IX Header "NOTES" \&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use \&\fBASN1_STRING_print_ex()\fR instead. .PP -Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is -suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. +Although there are a large number of options frequently \fBASN1_STRFLGS_RFC2253\fR is +suitable, or on UTF8 terminals \fBASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB\fR. .PP The complete set of supported options for \fIflags\fR is listed below. .PP -Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters -determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control -characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the -\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly -interprets \s-1UTF8\s0 sequences. +Various characters can be escaped. If \fBASN1_STRFLGS_ESC_2253\fR is set the characters +determined by RFC2253 are escaped. If \fBASN1_STRFLGS_ESC_CTRL\fR is set control +characters are escaped. If \fBASN1_STRFLGS_ESC_MSB\fR is set characters with the +MSB set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets UTF8 sequences. .PP Escaping takes several forms. .PP -If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used +If the character being escaped is a 16 bit character then the form "\eUXXXX" is used using exactly four characters for the hex representation. If it is 32 bits then -\&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms -will only be used if \s-1UTF8\s0 conversion is not set (see below). +"\eWXXXXXXXX" is used using eight characters of its hex representation. These forms +will only be used if UTF8 conversion is not set (see below). .PP -Printable characters are normally escaped using the backslash '\e' character. If -\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +Printable characters are normally escaped using the backslash \*(Aq\e\*(Aq character. If +\&\fBASN1_STRFLGS_ESC_QUOTE\fR is set then the whole string is instead surrounded by double quote characters: this is arguably more readable than the backslash -notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +notation. Other characters use the "\eXX" using exactly two characters of the hex representation. .PP -If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 -format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +If \fBASN1_STRFLGS_UTF8_CONVERT\fR is set then characters are converted to UTF8 +format first. If the terminal supports the display of UTF8 sequences then this option will correctly display multi byte characters. .PP -If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +If \fBASN1_STRFLGS_IGNORE_TYPE\fR is set then the string type is not interpreted at all: everything is assumed to be one byte per character. This is primarily for debugging purposes and can result in confusing output in multi character strings. .PP -If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out -before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR. +If \fBASN1_STRFLGS_SHOW_TYPE\fR is set then the string type itself is printed out +before its value (for example "BMPSTRING"), this actually uses \fBASN1_tag2str()\fR. .PP -The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +The content of a string instead of being interpreted can be "dumped": this just outputs the value of the string using the form #XXXX using hex format for each octet. .PP -If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +If \fBASN1_STRFLGS_DUMP_ALL\fR is set then any type is dumped. .PP -Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be -one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will +Normally non character string types (such as OCTET STRING) are assumed to be +one byte per character, if \fBASN1_STRFLGS_DUMP_UNKNOWN\fR is set then they will be dumped instead. .PP When a type is dumped normally just the content octets are printed, if -\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +\&\fBASN1_STRFLGS_DUMP_DER\fR is set then the complete encoding is dumped instead (including tag and length octets). .PP -\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is +\&\fBASN1_STRFLGS_RFC2253\fR includes all the flags required by RFC2253. It is equivalent to: - \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | - \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 + ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | + ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_STRING_print_ex()\fR and \fBASN1_STRING_print_ex_fp()\fR return the number of @@ -231,16 +156,16 @@ .PP \&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error. .PP -\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fItag\fR. +\&\fBASN1_tag2str()\fR returns a human\-readable name of the specified ASN.1 \fItag\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_NAME_print_ex\fR\|(3), \&\fBASN1_tag2str\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_TIME_set.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_TIME_SET 3ossl" -.TH ASN1_TIME_SET 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_TIME_SET 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, @@ -152,7 +77,7 @@ ASN1_TIME_compare, ASN1_TIME_to_generalizedtime, ASN1_TIME_dup, ASN1_UTCTIME_dup, ASN1_GENERALIZEDTIME_dup \- ASN.1 Time functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 4 \& ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); @@ -201,60 +126,60 @@ \& ASN1_UTCTIME *ASN1_UTCTIME_dup(const ASN1_UTCTIME *t); \& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_dup(const ASN1_GENERALIZEDTIME *t); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR functions set the structure \fIs\fR to the time represented by the time_t -value \fIt\fR. If \fIs\fR is \s-1NULL\s0 a new time structure is allocated and returned. +value \fIt\fR. If \fIs\fR is NULL a new time structure is allocated and returned. .PP The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR functions set the time structure \fIs\fR to the time represented by the time \fIoffset_day\fR and \fIoffset_sec\fR after the time_t value \fIt\fR. The values of \fIoffset_day\fR or \fIoffset_sec\fR can be negative to set a time before \fIt\fR. The \fIoffset_sec\fR value can also exceed the number of -seconds in a day. If \fIs\fR is \s-1NULL\s0 a new structure is allocated +seconds in a day. If \fIs\fR is NULL a new structure is allocated and returned. .PP The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and \&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fIs\fR -to the time represented by string \fIstr\fR which must be in appropriate \s-1ASN.1\s0 -time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fIs\fR is \s-1NULL\s0 +to the time represented by string \fIstr\fR which must be in appropriate ASN.1 +time format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). If \fIs\fR is NULL this function performs a format check on \fIstr\fR only. The string \fIstr\fR is copied into \fIs\fR. .PP -\&\fBASN1_TIME_set_string_X509()\fR sets \fB\s-1ASN1_TIME\s0\fR structure \fIs\fR to the time +\&\fBASN1_TIME_set_string_X509()\fR sets \fBASN1_TIME\fR structure \fIs\fR to the time represented by string \fIstr\fR which must be in appropriate time format -that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and -\&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format -are not allowed. If \fIs\fR is \s-1NULL\s0 this function performs a format check +that RFC 5280 requires, which means it only allows YYMMDDHHMMSSZ and +YYYYMMDDHHMMSSZ (leap second is rejected), all other ASN.1 time format +are not allowed. If \fIs\fR is NULL this function performs a format check on \fIstr\fR only. .PP -The \fBASN1_TIME_normalize()\fR function converts an \fB\s-1ASN1_GENERALIZEDTIME\s0\fR or -\&\fB\s-1ASN1_UTCTIME\s0\fR into a time value that can be used in a certificate. It +The \fBASN1_TIME_normalize()\fR function converts an \fBASN1_GENERALIZEDTIME\fR or +\&\fBASN1_UTCTIME\fR into a time value that can be used in a certificate. It should be used after the \fBASN1_TIME_set_string()\fR functions and before -\&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. +\&\fBASN1_TIME_print()\fR functions to get consistent (i.e. GMT) results. .PP The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR functions check the syntax of the time structure \fIs\fR. .PP The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR -functions print the time structure \fIs\fR to \s-1BIO\s0 \fIb\fR in human readable -format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example -\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R",\s0 which does not include a newline. -If the time structure has invalid format it prints out \*(L"Bad time value\*(R" and +functions print the time structure \fIs\fR to BIO \fIb\fR in human readable +format. It will be of the format MMM DD HH:MM:SS[.s*] YYYY GMT, for example +"Feb 3 00:55:52 2015 GMT", which does not include a newline. +If the time structure has invalid format it prints out "Bad time value" and returns an error. The output for generalized time may include a fractional part following the second. .PP \&\fBASN1_TIME_print_ex()\fR provides \fIflags\fR to specify the output format of the -datetime. This can be either \fB\s-1ASN1_DTFLGS_RFC822\s0\fR or \fB\s-1ASN1_DTFLGS_ISO8601\s0\fR. +datetime. This can be either \fBASN1_DTFLGS_RFC822\fR or \fBASN1_DTFLGS_ISO8601\fR. .PP \&\fBASN1_TIME_to_tm()\fR converts the time \fIs\fR to the standard \fItm\fR structure. -If \fIs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 +If \fIs\fR is NULL, then the current time is converted. The output time is GMT. The \fItm_sec\fR, \fItm_min\fR, \fItm_hour\fR, \fItm_mday\fR, \fItm_wday\fR, \fItm_yday\fR, \&\fItm_mon\fR and \fItm_year\fR fields of \fItm\fR structure are set to proper values, -whereas all other fields are set to 0. If \fItm\fR is \s-1NULL\s0 this function performs +whereas all other fields are set to 0. If \fItm\fR is NULL this function performs a format check on \fIs\fR only. If \fIs\fR is in Generalized format with fractional -seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while +seconds, e.g. YYYYMMDDHHMMSS.SSSZ, the fractional seconds will be lost while converting \fIs\fR to \fItm\fR structure. .PP \&\fBASN1_TIME_diff()\fR sets \fI*pday\fR and \fI*psec\fR to the time difference between @@ -265,7 +190,7 @@ represent the same time then \fI*pday\fR and \fI*psec\fR will both be zero. If both \fI*pday\fR and \fI*psec\fR are nonzero they will always have the same sign. The value of \fI*psec\fR will always be less than the number of seconds -in a day. If \fIfrom\fR or \fIto\fR is \s-1NULL\s0 the current time is used. +in a day. If \fIfrom\fR or \fIto\fR is NULL the current time is used. .PP The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare the two times represented by the time structure \fIs\fR and the time_t \fIt\fR. @@ -273,29 +198,29 @@ The \fBASN1_TIME_compare()\fR function compares the two times represented by the time structures \fIa\fR and \fIb\fR. .PP -The \fBASN1_TIME_to_generalizedtime()\fR function converts an \fB\s-1ASN1_TIME\s0\fR to an -\&\fB\s-1ASN1_GENERALIZEDTIME\s0\fR, regardless of year. If either \fIout\fR or -\&\fI*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. +The \fBASN1_TIME_to_generalizedtime()\fR function converts an \fBASN1_TIME\fR to an +\&\fBASN1_GENERALIZEDTIME\fR, regardless of year. If either \fIout\fR or +\&\fI*out\fR are NULL, then a new object is allocated and must be freed after use. .PP The \fBASN1_TIME_dup()\fR, \fBASN1_UTCTIME_dup()\fR and \fBASN1_GENERALIZEDTIME_dup()\fR functions duplicate the time structure \fIt\fR and return the duplicated result correspondingly. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \fB\s-1ASN1_TIME\s0\fR structure corresponds to the \s-1ASN.1\s0 structure \fBTime\fR -defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined -in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else +The \fBASN1_TIME\fR structure corresponds to the ASN.1 structure \fBTime\fR +defined in RFC5280 et al. The time setting functions obey the rules outlined +in RFC5280: if the date can be represented by UTCTime it is used, else GeneralizedTime is used. .PP -The \fB\s-1ASN1_TIME\s0\fR, \fB\s-1ASN1_UTCTIME\s0\fR and \fB\s-1ASN1_GENERALIZEDTIME\s0\fR structures are -represented as an \fB\s-1ASN1_STRING\s0\fR internally and can be freed up using +The \fBASN1_TIME\fR, \fBASN1_UTCTIME\fR and \fBASN1_GENERALIZEDTIME\fR structures are +represented as an \fBASN1_STRING\fR internally and can be freed up using \&\fBASN1_STRING_free()\fR. .PP -The \fB\s-1ASN1_TIME\s0\fR structure can represent years from 0000 to 9999 but no attempt +The \fBASN1_TIME\fR structure can represent years from 0000 to 9999 but no attempt is made to correct ancient calendar changes (for example from Julian to Gregorian calendars). .PP -\&\fB\s-1ASN1_UTCTIME\s0\fR is limited to a year range of 1950 through 2049. +\&\fBASN1_UTCTIME\fR is limited to a year range of 1950 through 2049. .PP Some applications add offset times directly to a time_t value and pass the results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the @@ -304,33 +229,37 @@ in the \fIoffset_sec\fR and \fIoffset_day\fR parameters instead of directly manipulating a time_t value. .PP -\&\fBASN1_TIME_adj()\fR may change the type from \fB\s-1ASN1_GENERALIZEDTIME\s0\fR to -\&\fB\s-1ASN1_UTCTIME\s0\fR, or vice versa, based on the resulting year. +\&\fBASN1_TIME_adj()\fR may change the type from \fBASN1_GENERALIZEDTIME\fR to +\&\fBASN1_UTCTIME\fR, or vice versa, based on the resulting year. \&\fBASN1_GENERALIZEDTIME_adj()\fR and \fBASN1_UTCTIME_adj()\fR will not modify the type of the return structure. .PP -It is recommended that functions starting with \fB\s-1ASN1_TIME\s0\fR be used instead of -those starting with \fB\s-1ASN1_UTCTIME\s0\fR or \fB\s-1ASN1_GENERALIZEDTIME\s0\fR. The functions -starting with \fB\s-1ASN1_UTCTIME\s0\fR and \fB\s-1ASN1_GENERALIZEDTIME\s0\fR act only on that -specific time format. The functions starting with \fB\s-1ASN1_TIME\s0\fR will operate on +It is recommended that functions starting with \fBASN1_TIME\fR be used instead of +those starting with \fBASN1_UTCTIME\fR or \fBASN1_GENERALIZEDTIME\fR. The functions +starting with \fBASN1_UTCTIME\fR and \fBASN1_GENERALIZEDTIME\fR act only on that +specific time format. The functions starting with \fBASN1_TIME\fR will operate on either format. -.SH "BUGS" +.PP +Users familiar with RFC822 should note that when specifying the flag +\&\fBASN1_DTFLGS_RFC822\fR the year will be formatted as documented above, +i.e., using 4 digits, not 2 as specified in RFC822. +.SH BUGS .IX Header "BUGS" \&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR do -not print out the timezone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all -certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. +not print out the timezone: it either prints out "GMT" or nothing. But all +certificates complying with RFC5280 et al use GMT anyway. .PP \&\fBASN1_TIME_print()\fR, \fBASN1_TIME_print_ex()\fR, \fBASN1_UTCTIME_print()\fR and \&\fBASN1_GENERALIZEDTIME_print()\fR do not distinguish if they fail because of an I/O error or invalid time format. .PP Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before -printing to get \s-1GMT\s0 results. +printing to get GMT results. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \&\fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_set()\fR return -a pointer to a time structure or \s-1NULL\s0 if an error occurred. +a pointer to a time structure or NULL if an error occurred. .PP \&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \&\fBASN1_GENERALIZEDTIME_set_string()\fR and \fBASN1_TIME_set_string_X509()\fR return @@ -349,7 +278,7 @@ error occurred (invalid time format). .PP \&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the -passed-in time structure has invalid syntax, for example. +passed\-in time structure has invalid syntax, for example. .PP \&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fIs\fR is before \fIt\fR, 0 if \fIs\fR equals \fIt\fR, or 1 if \fIs\fR is after \fIt\fR. \-2 is returned @@ -359,11 +288,11 @@ or 1 if \fIa\fR is after \fIb\fR. \-2 is returned on error. .PP \&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to the appropriate time -structure on success or \s-1NULL\s0 if an error occurred. +structure on success or NULL if an error occurred. .PP \&\fBASN1_TIME_dup()\fR, \fBASN1_UTCTIME_dup()\fR and \fBASN1_GENERALIZEDTIME_dup()\fR return a -pointer to a time structure or \s-1NULL\s0 if an error occurred. -.SH "EXAMPLES" +pointer to a time structure or NULL if an error occurred. +.SH EXAMPLES .IX Header "EXAMPLES" Set a time structure to one hour after the current time and print it out: .PP @@ -398,18 +327,18 @@ \& else \& printf("Same\en"); .Ve -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_TYPE_GET 3ossl" -.TH ASN1_TYPE_GET 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_TYPE_GET 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,11 +80,11 @@ \& ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, \& ASN1_TYPE **t); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions allow an \fB\s-1ASN1_TYPE\s0\fR structure to be manipulated. The -\&\fB\s-1ASN1_TYPE\s0\fR structure can contain any \s-1ASN.1\s0 type or constructed type -such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type. +These functions allow an \fBASN1_TYPE\fR structure to be manipulated. The +\&\fBASN1_TYPE\fR structure can contain any ASN.1 type or constructed type +such as a SEQUENCE: it is effectively equivalent to the ASN.1 ANY type. .PP \&\fBASN1_TYPE_get()\fR returns the type of \fIa\fR or 0 if it fails. .PP @@ -169,48 +94,48 @@ .PP \&\fBASN1_TYPE_set1()\fR sets the value of \fIa\fR to \fItype\fR a copy of \fIvalue\fR. .PP -\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fIa\fR and \fIb\fR and returns 0 if +\&\fBASN1_TYPE_cmp()\fR compares ASN.1 types \fIa\fR and \fIb\fR and returns 0 if they are identical and nonzero otherwise. .PP -\&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in -\&\fIt\fR using the \s-1ASN.1\s0 structure \fIit\fR. If successful it returns a pointer -to the \s-1ASN.1\s0 structure corresponding to \fIit\fR which must be freed by the -caller. If it fails it return \s-1NULL.\s0 +\&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the SEQUENCE present in +\&\fIt\fR using the ASN.1 structure \fIit\fR. If successful it returns a pointer +to the ASN.1 structure corresponding to \fIit\fR which must be freed by the +caller. If it fails it return NULL. .PP -\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fIs\fR -corresponding to \fIit\fR into an \fB\s-1ASN1_TYPE\s0\fR. If successful the encoded -\&\fB\s-1ASN1_TYPE\s0\fR is returned. If \fIt\fR and \fI*t\fR are not \s-1NULL\s0 the encoded type -is written to \fIt\fR overwriting any existing data. If \fIt\fR is not \s-1NULL\s0 -but \fI*t\fR is \s-1NULL\s0 the returned \fB\s-1ASN1_TYPE\s0\fR is written to \fI*t\fR. -.SH "NOTES" +\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the ASN.1 structure \fIs\fR +corresponding to \fIit\fR into an \fBASN1_TYPE\fR. If successful the encoded +\&\fBASN1_TYPE\fR is returned. If \fIt\fR and \fI*t\fR are not NULL the encoded type +is written to \fIt\fR overwriting any existing data. If \fIt\fR is not NULL +but \fI*t\fR is NULL the returned \fBASN1_TYPE\fR is written to \fI*t\fR. +.SH NOTES .IX Header "NOTES" The type and meaning of the \fIvalue\fR parameter for \fBASN1_TYPE_set()\fR and \&\fBASN1_TYPE_set1()\fR is determined by the \fItype\fR parameter. If \fItype\fR is \fBV_ASN1_NULL\fR \fIvalue\fR is ignored. If \fItype\fR is \&\fBV_ASN1_BOOLEAN\fR -then the boolean is set to \s-1TRUE\s0 if \fIvalue\fR is not \s-1NULL.\s0 If \fItype\fR is -\&\fBV_ASN1_OBJECT\fR then value is an \fB\s-1ASN1_OBJECT\s0\fR structure. Otherwise \fItype\fR -is and \fB\s-1ASN1_STRING\s0\fR structure. If \fItype\fR corresponds to a primitive type -(or a string type) then the contents of the \fB\s-1ASN1_STRING\s0\fR contain the content +then the boolean is set to TRUE if \fIvalue\fR is not NULL. If \fItype\fR is +\&\fBV_ASN1_OBJECT\fR then value is an \fBASN1_OBJECT\fR structure. Otherwise \fItype\fR +is and \fBASN1_STRING\fR structure. If \fItype\fR corresponds to a primitive type +(or a string type) then the contents of the \fBASN1_STRING\fR contain the content octets of the type. If \fItype\fR corresponds to a constructed type or a tagged type (\fBV_ASN1_SEQUENCE\fR, \fBV_ASN1_SET\fR or \fBV_ASN1_OTHER\fR) then the -\&\fB\s-1ASN1_STRING\s0\fR contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and +\&\fBASN1_STRING\fR contains the entire ASN.1 encoding verbatim (including tag and length octets). .PP \&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have -different encodings. For example the single content octet of the boolean \s-1TRUE\s0 -value under \s-1BER\s0 can have any nonzero encoding but \fBASN1_TYPE_cmp()\fR will +different encodings. For example the single content octet of the boolean TRUE +value under BER can have any nonzero encoding but \fBASN1_TYPE_cmp()\fR will only return zero if the values are the same. .PP -If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the -return value is nonzero. Technically if both parameters are \s-1NULL\s0 the two -types could be absent \s-1OPTIONAL\s0 fields and so should match, however, passing -\&\s-1NULL\s0 values could also indicate a programming error (for example an -unparsable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So +If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is NULL the +return value is nonzero. Technically if both parameters are NULL the two +types could be absent OPTIONAL fields and so should match, however, passing +NULL values could also indicate a programming error (for example an +unparsable type which returns NULL) for types which do \fBnot\fR match. So applications should handle the case of two absent values separately. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASN1_TYPE_get()\fR returns the type of the \fB\s-1ASN1_TYPE\s0\fR argument. +\&\fBASN1_TYPE_get()\fR returns the type of the \fBASN1_TYPE\fR argument. .PP \&\fBASN1_TYPE_set()\fR does not return a value. .PP @@ -218,16 +143,16 @@ .PP \&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and nonzero otherwise. .PP -\&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or -\&\s-1NULL\s0 on failure. +\&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an ASN.1 structure or +NULL on failure. .PP -\&\fBASN1_TYPE_pack_sequence()\fR return an \fB\s-1ASN1_TYPE\s0\fR structure if it succeeds or -\&\s-1NULL\s0 on failure. -.SH "COPYRIGHT" +\&\fBASN1_TYPE_pack_sequence()\fR return an \fBASN1_TYPE\fR structure if it succeeds or +NULL on failure. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_aux_cb.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_aux_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_AUX_CB 3ossl" -.TH ASN1_AUX_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_AUX_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_AUX, ASN1_PRINT_ARG, ASN1_STREAM_ARG, ASN1_aux_cb, ASN1_aux_const_cb \&\- ASN.1 auxiliary data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -176,175 +101,175 @@ \& typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in, \& const ASN1_ITEM *it, void *exarg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1ASN.1\s0 data structures can be associated with an \fB\s-1ASN1_AUX\s0\fR object to supply -additional information about the \s-1ASN.1\s0 structure. An \fB\s-1ASN1_AUX\s0\fR structure is -associated with the structure during the definition of the \s-1ASN.1\s0 template. For -example an \fB\s-1ASN1_AUX\s0\fR structure will be associated by using one of the various -\&\s-1ASN.1\s0 template definition macros that supply auxiliary information such as +ASN.1 data structures can be associated with an \fBASN1_AUX\fR object to supply +additional information about the ASN.1 structure. An \fBASN1_AUX\fR structure is +associated with the structure during the definition of the ASN.1 template. For +example an \fBASN1_AUX\fR structure will be associated by using one of the various +ASN.1 template definition macros that supply auxiliary information such as \&\fBASN1_SEQUENCE_enc()\fR, \fBASN1_SEQUENCE_ref()\fR, \fBASN1_SEQUENCE_cb_const_cb()\fR, \&\fBASN1_SEQUENCE_const_cb()\fR, \fBASN1_SEQUENCE_cb()\fR or \fBASN1_NDEF_SEQUENCE_cb()\fR. .PP -An \fB\s-1ASN1_AUX\s0\fR structure contains the following information. -.IP "\fIapp_data\fR" 4 +An \fBASN1_AUX\fR structure contains the following information. +.IP \fIapp_data\fR 4 .IX Item "app_data" Arbitrary application data -.IP "\fIflags\fR" 4 +.IP \fIflags\fR 4 .IX Item "flags" Flags which indicate the auxiliarly functionality supported. .Sp -The \fB\s-1ASN1_AFLG_REFCOUNT\s0\fR flag indicates that objects support reference counting. +The \fBASN1_AFLG_REFCOUNT\fR flag indicates that objects support reference counting. .Sp -The \fB\s-1ASN1_AFLG_ENCODING\s0\fR flag indicates that the original encoding of the +The \fBASN1_AFLG_ENCODING\fR flag indicates that the original encoding of the object will be saved. .Sp -The \fB\s-1ASN1_AFLG_BROKEN\s0\fR flag is a work around for broken encoders where the +The \fBASN1_AFLG_BROKEN\fR flag is a work around for broken encoders where the sequence length value may not be correct. This should generally not be used. .Sp -The \fB\s-1ASN1_AFLG_CONST_CB\s0\fR flag indicates that the \*(L"const\*(R" form of the -\&\fB\s-1ASN1_AUX\s0\fR callback should be used in preference to the non-const form. -.IP "\fIref_offset\fR" 4 +The \fBASN1_AFLG_CONST_CB\fR flag indicates that the "const" form of the +\&\fBASN1_AUX\fR callback should be used in preference to the non\-const form. +.IP \fIref_offset\fR 4 .IX Item "ref_offset" -If the \fB\s-1ASN1_AFLG_REFCOUNT\s0\fR flag is set then this value is assumed to be an -offset into the \fB\s-1ASN1_VALUE\s0\fR structure where a \fB\s-1CRYPTO_REF_COUNT\s0\fR may be +If the \fBASN1_AFLG_REFCOUNT\fR flag is set then this value is assumed to be an +offset into the \fBASN1_VALUE\fR structure where a \fBCRYPTO_REF_COUNT\fR may be found for the purposes of reference counting. -.IP "\fIref_lock\fR" 4 +.IP \fIref_lock\fR 4 .IX Item "ref_lock" -If the \fB\s-1ASN1_AFLG_REFCOUNT\s0\fR flag is set then this value is assumed to be an -offset into the \fB\s-1ASN1_VALUE\s0\fR structure where a \fB\s-1CRYPTO_RWLOCK\s0\fR may be +If the \fBASN1_AFLG_REFCOUNT\fR flag is set then this value is assumed to be an +offset into the \fBASN1_VALUE\fR structure where a \fBCRYPTO_RWLOCK\fR may be found for the purposes of reference counting. -.IP "\fIasn1_cb\fR" 4 +.IP \fIasn1_cb\fR 4 .IX Item "asn1_cb" A callback that will be invoked at various points during the processing of -the the \fB\s-1ASN1_VALLUE\s0\fR. See below for further details. -.IP "\fIenc_offset\fR" 4 +the \fBASN1_VALUE\fR. See below for further details. +.IP \fIenc_offset\fR 4 .IX Item "enc_offset" -Offset into the \fB\s-1ASN1_VALUE\s0\fR object where the original encoding of the object -will be saved if the \fB\s-1ASN1_AFLG_ENCODING\s0\fR flag has been set. -.IP "\fIasn1_const_cb\fR" 4 +Offset into the \fBASN1_VALUE\fR object where the original encoding of the object +will be saved if the \fBASN1_AFLG_ENCODING\fR flag has been set. +.IP \fIasn1_const_cb\fR 4 .IX Item "asn1_const_cb" A callback that will be invoked at various points during the processing of -the the \fB\s-1ASN1_VALLUE\s0\fR. This is used in preference to the \fIasn1_cb\fR callback if -the \fB\s-1ASN1_AFLG_CONST_CB\s0\fR flag is set. See below for further details. +the \fBASN1_VALUE\fR. This is used in preference to the \fIasn1_cb\fR callback if +the \fBASN1_AFLG_CONST_CB\fR flag is set. See below for further details. .PP -During the processing of an \fB\s-1ASN1_VALUE\s0\fR object the callbacks set via +During the processing of an \fBASN1_VALUE\fR object the callbacks set via \&\fIasn1_cb\fR or \fIasn1_const_cb\fR will be invoked as a result of various events indicated via the \fIoperation\fR parameter. The value of \fI*in\fR will be the -\&\fB\s-1ASN1_VALUE\s0\fR object being processed based on the template in \fIit\fR. An +\&\fBASN1_VALUE\fR object being processed based on the template in \fIit\fR. An additional operation specific parameter may be passed in \fIexarg\fR. The currently supported operations are as follows. The callbacks should return a positive value on success or zero on error, unless otherwise noted below. -.IP "\fB\s-1ASN1_OP_NEW_PRE\s0\fR" 4 +.IP \fBASN1_OP_NEW_PRE\fR 4 .IX Item "ASN1_OP_NEW_PRE" -Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure -prior to an \fB\s-1ASN1_VALUE\s0\fR object being allocated. The callback may allocate the -\&\fB\s-1ASN1_VALUE\s0\fR itself and store it in \fI*pval\fR. If it does so it should return 2 +Invoked when processing a \fBCHOICE\fR, \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure +prior to an \fBASN1_VALUE\fR object being allocated. The callback may allocate the +\&\fBASN1_VALUE\fR itself and store it in \fI*pval\fR. If it does so it should return 2 from the callback. On error it should return 0. -.IP "\fB\s-1ASN1_OP_NEW_POST\s0\fR" 4 +.IP \fBASN1_OP_NEW_POST\fR 4 .IX Item "ASN1_OP_NEW_POST" -Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure -after an \fB\s-1ASN1_VALUE\s0\fR object has been allocated. The allocated object is in +Invoked when processing a \fBCHOICE\fR, \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure +after an \fBASN1_VALUE\fR object has been allocated. The allocated object is in \&\fI*pval\fR. -.IP "\fB\s-1ASN1_OP_FREE_PRE\s0\fR" 4 +.IP \fBASN1_OP_FREE_PRE\fR 4 .IX Item "ASN1_OP_FREE_PRE" -Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure -immediately before an \fB\s-1ASN1_VALUE\s0\fR is freed. If the callback originally -constructed the \fB\s-1ASN1_VALUE\s0\fR via \fB\s-1ASN1_OP_NEW_PRE\s0\fR then it should free it at +Invoked when processing a \fBCHOICE\fR, \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure +immediately before an \fBASN1_VALUE\fR is freed. If the callback originally +constructed the \fBASN1_VALUE\fR via \fBASN1_OP_NEW_PRE\fR then it should free it at this point and return 2 from the callback. Otherwise it should return 1 for success or 0 on error. -.IP "\fB\s-1ASN1_OP_FREE_POST\s0\fR" 4 +.IP \fBASN1_OP_FREE_POST\fR 4 .IX Item "ASN1_OP_FREE_POST" -Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure -immediately after \fB\s-1ASN1_VALUE\s0\fR sub-structures are freed. -.IP "\fB\s-1ASN1_OP_D2I_PRE\s0\fR" 4 +Invoked when processing a \fBCHOICE\fR, \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure +immediately after \fBASN1_VALUE\fR sub\-structures are freed. +.IP \fBASN1_OP_D2I_PRE\fR 4 .IX Item "ASN1_OP_D2I_PRE" -Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure -immediately before a \*(L"d2i\*(R" operation for the \fB\s-1ASN1_VALUE\s0\fR. -.IP "\fB\s-1ASN1_OP_D2I_POST\s0\fR" 4 +Invoked when processing a \fBCHOICE\fR, \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure +immediately before a "d2i" operation for the \fBASN1_VALUE\fR. +.IP \fBASN1_OP_D2I_POST\fR 4 .IX Item "ASN1_OP_D2I_POST" -Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure -immediately after a \*(L"d2i\*(R" operation for the \fB\s-1ASN1_VALUE\s0\fR. -.IP "\fB\s-1ASN1_OP_I2D_PRE\s0\fR" 4 +Invoked when processing a \fBCHOICE\fR, \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure +immediately after a "d2i" operation for the \fBASN1_VALUE\fR. +.IP \fBASN1_OP_I2D_PRE\fR 4 .IX Item "ASN1_OP_I2D_PRE" -Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure -immediately before a \*(L"i2d\*(R" operation for the \fB\s-1ASN1_VALUE\s0\fR. -.IP "\fB\s-1ASN1_OP_I2D_POST\s0\fR" 4 +Invoked when processing a \fBCHOICE\fR, \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure +immediately before a "i2d" operation for the \fBASN1_VALUE\fR. +.IP \fBASN1_OP_I2D_POST\fR 4 .IX Item "ASN1_OP_I2D_POST" -Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure -immediately after a \*(L"i2d\*(R" operation for the \fB\s-1ASN1_VALUE\s0\fR. -.IP "\fB\s-1ASN1_OP_PRINT_PRE\s0\fR" 4 +Invoked when processing a \fBCHOICE\fR, \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure +immediately after a "i2d" operation for the \fBASN1_VALUE\fR. +.IP \fBASN1_OP_PRINT_PRE\fR 4 .IX Item "ASN1_OP_PRINT_PRE" -Invoked when processing a \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure immediately -before printing the \fB\s-1ASN1_VALUE\s0\fR. The \fIexarg\fR argument will be a pointer to an -\&\fB\s-1ASN1_PRINT_ARG\s0\fR structure (see below). -.IP "\fB\s-1ASN1_OP_PRINT_POST\s0\fR" 4 +Invoked when processing a \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure immediately +before printing the \fBASN1_VALUE\fR. The \fIexarg\fR argument will be a pointer to an +\&\fBASN1_PRINT_ARG\fR structure (see below). +.IP \fBASN1_OP_PRINT_POST\fR 4 .IX Item "ASN1_OP_PRINT_POST" -Invoked when processing a \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure immediately -after printing the \fB\s-1ASN1_VALUE\s0\fR. The \fIexarg\fR argument will be a pointer to an -\&\fB\s-1ASN1_PRINT_ARG\s0\fR structure (see below). -.IP "\fB\s-1ASN1_OP_STREAM_PRE\s0\fR" 4 +Invoked when processing a \fBSEQUENCE\fR or \fBNDEF_SEQUENCE\fR structure immediately +after printing the \fBASN1_VALUE\fR. The \fIexarg\fR argument will be a pointer to an +\&\fBASN1_PRINT_ARG\fR structure (see below). +.IP \fBASN1_OP_STREAM_PRE\fR 4 .IX Item "ASN1_OP_STREAM_PRE" -Invoked immediately prior to streaming the \fB\s-1ASN1_VALUE\s0\fR data using indefinite -length encoding. The \fIexarg\fR argument will be a pointer to a \fB\s-1ASN1_STREAM_ARG\s0\fR +Invoked immediately prior to streaming the \fBASN1_VALUE\fR data using indefinite +length encoding. The \fIexarg\fR argument will be a pointer to a \fBASN1_STREAM_ARG\fR structure (see below). -.IP "\fB\s-1ASN1_OP_STREAM_POST\s0\fR" 4 +.IP \fBASN1_OP_STREAM_POST\fR 4 .IX Item "ASN1_OP_STREAM_POST" -Invoked immediately after streaming the \fB\s-1ASN1_VALUE\s0\fR data using indefinite -length encoding. The \fIexarg\fR argument will be a pointer to a \fB\s-1ASN1_STREAM_ARG\s0\fR +Invoked immediately after streaming the \fBASN1_VALUE\fR data using indefinite +length encoding. The \fIexarg\fR argument will be a pointer to a \fBASN1_STREAM_ARG\fR structure (see below). -.IP "\fB\s-1ASN1_OP_DETACHED_PRE\s0\fR" 4 +.IP \fBASN1_OP_DETACHED_PRE\fR 4 .IX Item "ASN1_OP_DETACHED_PRE" -Invoked immediately prior to processing the \fB\s-1ASN1_VALUE\s0\fR data as a \*(L"detached\*(R" -value (as used in \s-1CMS\s0 and \s-1PKCS7\s0). The \fIexarg\fR argument will be a pointer to a -\&\fB\s-1ASN1_STREAM_ARG\s0\fR structure (see below). -.IP "\fB\s-1ASN1_OP_DETACHED_POST\s0\fR" 4 +Invoked immediately prior to processing the \fBASN1_VALUE\fR data as a "detached" +value (as used in CMS and PKCS7). The \fIexarg\fR argument will be a pointer to a +\&\fBASN1_STREAM_ARG\fR structure (see below). +.IP \fBASN1_OP_DETACHED_POST\fR 4 .IX Item "ASN1_OP_DETACHED_POST" -Invoked immediately after processing the \fB\s-1ASN1_VALUE\s0\fR data as a \*(L"detached\*(R" -value (as used in \s-1CMS\s0 and \s-1PKCS7\s0). The \fIexarg\fR argument will be a pointer to a -\&\fB\s-1ASN1_STREAM_ARG\s0\fR structure (see below). -.IP "\fB\s-1ASN1_OP_DUP_PRE\s0\fR" 4 +Invoked immediately after processing the \fBASN1_VALUE\fR data as a "detached" +value (as used in CMS and PKCS7). The \fIexarg\fR argument will be a pointer to a +\&\fBASN1_STREAM_ARG\fR structure (see below). +.IP \fBASN1_OP_DUP_PRE\fR 4 .IX Item "ASN1_OP_DUP_PRE" -Invoked immediate prior to an \s-1ASN1_VALUE\s0 being duplicated via a call to +Invoked immediate prior to an ASN1_VALUE being duplicated via a call to \&\fBASN1_item_dup()\fR. -.IP "\fB\s-1ASN1_OP_DUP_POST\s0\fR" 4 +.IP \fBASN1_OP_DUP_POST\fR 4 .IX Item "ASN1_OP_DUP_POST" -Invoked immediate after to an \s-1ASN1_VALUE\s0 has been duplicated via a call to +Invoked immediate after to an ASN1_VALUE has been duplicated via a call to \&\fBASN1_item_dup()\fR. -.IP "\fB\s-1ASN1_OP_GET0_LIBCTX\s0\fR" 4 +.IP \fBASN1_OP_GET0_LIBCTX\fR 4 .IX Item "ASN1_OP_GET0_LIBCTX" -Invoked in order to obtain the \fB\s-1OSSL_LIB_CTX\s0\fR associated with an \fB\s-1ASN1_VALUE\s0\fR -if any. A pointer to an \fB\s-1OSSL_LIB_CTX\s0\fR should be stored in \fI*exarg\fR if such +Invoked in order to obtain the \fBOSSL_LIB_CTX\fR associated with an \fBASN1_VALUE\fR +if any. A pointer to an \fBOSSL_LIB_CTX\fR should be stored in \fI*exarg\fR if such a value exists. -.IP "\fB\s-1ASN1_OP_GET0_PROPQ\s0\fR" 4 +.IP \fBASN1_OP_GET0_PROPQ\fR 4 .IX Item "ASN1_OP_GET0_PROPQ" Invoked in order to obtain the property query string associated with an -\&\fB\s-1ASN1_VALUE\s0\fR if any. A pointer to the property query string should be stored in +\&\fBASN1_VALUE\fR if any. A pointer to the property query string should be stored in \&\fI*exarg\fR if such a value exists. .PP -An \fB\s-1ASN1_PRINT_ARG\s0\fR object is used during processing of \fB\s-1ASN1_OP_PRINT_PRE\s0\fR -and \fB\s-1ASN1_OP_PRINT_POST\s0\fR callback operations. It contains the following +An \fBASN1_PRINT_ARG\fR object is used during processing of \fBASN1_OP_PRINT_PRE\fR +and \fBASN1_OP_PRINT_POST\fR callback operations. It contains the following information. -.IP "\fIout\fR" 4 +.IP \fIout\fR 4 .IX Item "out" -The \fB\s-1BIO\s0\fR being used to print the data out. -.IP "\fIndef_bio\fR" 4 +The \fBBIO\fR being used to print the data out. +.IP \fIndef_bio\fR 4 .IX Item "ndef_bio" The current number of indent spaces that should be used for printing this data. -.IP "\fIpctx\fR" 4 +.IP \fIpctx\fR 4 .IX Item "pctx" -The context for the \fB\s-1ASN1_PCTX\s0\fR operation. +The context for the \fBASN1_PCTX\fR operation. .PP -An \fB\s-1ASN1_STREAM_ARG\s0\fR object is used during processing of \fB\s-1ASN1_OP_STREAM_PRE\s0\fR, -\&\fB\s-1ASN1_OP_STREAM_POST\s0\fR, \fB\s-1ASN1_OP_DETACHED_PRE\s0\fR and \fB\s-1ASN1_OP_DETACHED_POST\s0\fR +An \fBASN1_STREAM_ARG\fR object is used during processing of \fBASN1_OP_STREAM_PRE\fR, +\&\fBASN1_OP_STREAM_POST\fR, \fBASN1_OP_DETACHED_PRE\fR and \fBASN1_OP_DETACHED_POST\fR callback operations. It contains the following information. -.IP "\fIout\fR" 4 +.IP \fIout\fR 4 .IX Item "out" -The \fB\s-1BIO\s0\fR to stream through -.IP "\fIndef_bio\fR" 4 +The \fBBIO\fR to stream through +.IP \fIndef_bio\fR 4 .IX Item "ndef_bio" -The \fB\s-1BIO\s0\fR with filters appended -.IP "\fIboundary\fR" 4 +The \fBBIO\fR with filters appended +.IP \fIboundary\fR 4 .IX Item "boundary" The streaming I/O boundary. .SH "RETURN VALUES" @@ -354,15 +279,15 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBASN1_item_new_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \fBASN1_aux_const_cb()\fR callback and the \fB\s-1ASN1_OP_GET0_LIBCTX\s0\fR and -\&\fB\s-1ASN1_OP_GET0_PROPQ\s0\fR operation types were added in OpenSSL 3.0. -.SH "COPYRIGHT" +The \fBASN1_aux_const_cb()\fR callback and the \fBASN1_OP_GET0_LIBCTX\fR and +\&\fBASN1_OP_GET0_PROPQ\fR operation types were added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_GENERATE_NCONF 3ossl" -.TH ASN1_GENERATE_NCONF 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_GENERATE_NCONF 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 string generation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,24 +73,24 @@ \& ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); \& ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions generate the \s-1ASN1\s0 encoding of a string -in an \fB\s-1ASN1_TYPE\s0\fR structure. +These functions generate the ASN1 encoding of a string +in an \fBASN1_TYPE\fR structure. .PP \&\fIstr\fR contains the string to encode. \fInconf\fR or \fIcnf\fR contains the optional configuration information where additional strings will be read from. \fInconf\fR will typically come from a config file whereas \fIcnf\fR is obtained from an \fBX509V3_CTX\fR structure, which will typically be used by X509 v3 certificate extension -functions. \fIcnf\fR or \fInconf\fR can be set to \s-1NULL\s0 if no additional +functions. \fIcnf\fR or \fInconf\fR can be set to NULL if no additional configuration will be used. .SH "GENERATION STRING FORMAT" .IX Header "GENERATION STRING FORMAT" The actual data encoded is determined by the string \fIstr\fR and the configuration information. The general format of the string is: -.IP "[\fImodifier\fR,]\fItype\fR[:\fIvalue\fR]" 4 +.IP [\fImodifier\fR,]\fItype\fR[:\fIvalue\fR] 4 .IX Item "[modifier,]type[:value]" .PP That is zero or more comma separated modifiers followed by a type @@ -175,103 +100,103 @@ .IX Subsection "Supported Types" The supported types are listed below. Case is not significant in the type names. -Unless otherwise specified only the \fB\s-1ASCII\s0\fR format is permissible. -.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 +Unless otherwise specified only the \fBASCII\fR format is permissible. +.IP "\fBBOOLEAN\fR, \fBBOOL\fR" 4 .IX Item "BOOLEAN, BOOL" This encodes a boolean type. The \fIvalue\fR string is mandatory and -should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, -\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR +should be \fBTRUE\fR or \fBFALSE\fR. Additionally \fBTRUE\fR, \fBtrue\fR, \fBY\fR, +\&\fBy\fR, \fBYES\fR, \fByes\fR, \fBFALSE\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fBNO\fR and \fBno\fR are acceptable. -.IP "\fB\s-1NULL\s0\fR" 4 +.IP \fBNULL\fR 4 .IX Item "NULL" -Encode the \fB\s-1NULL\s0\fR type, the \fIvalue\fR string must not be present. -.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 +Encode the \fBNULL\fR type, the \fIvalue\fR string must not be present. +.IP "\fBINTEGER\fR, \fBINT\fR" 4 .IX Item "INTEGER, INT" -Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fIvalue\fR string represents +Encodes an ASN1 \fBINTEGER\fR type. The \fIvalue\fR string represents the value of the integer, it can be prefaced by a minus sign and is normally interpreted as a decimal value unless the prefix \fB0x\fR is included. -.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 4 +.IP "\fBENUMERATED\fR, \fBENUM\fR" 4 .IX Item "ENUMERATED, ENUM" -Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to -\&\fB\s-1INTEGER\s0\fR. -.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 +Encodes the ASN1 \fBENUMERATED\fR type, it is otherwise identical to +\&\fBINTEGER\fR. +.IP "\fBOBJECT\fR, \fBOID\fR" 4 .IX Item "OBJECT, OID" -Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fIvalue\fR string can be +Encodes an ASN1 \fBOBJECT IDENTIFIER\fR, the \fIvalue\fR string can be a short name, a long name or numerical format. -.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 +.IP "\fBUTCTIME\fR, \fBUTC\fR" 4 .IX Item "UTCTIME, UTC" -Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in -the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. -.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 4 +Encodes an ASN1 \fBUTCTime\fR structure, the value should be in +the format \fBYYMMDDHHMMSSZ\fR. +.IP "\fBGENERALIZEDTIME\fR, \fBGENTIME\fR" 4 .IX Item "GENERALIZEDTIME, GENTIME" -Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in -the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. -.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 +Encodes an ASN1 \fBGeneralizedTime\fR structure, the value should be in +the format \fBYYYYMMDDHHMMSSZ\fR. +.IP "\fBOCTETSTRING\fR, \fBOCT\fR" 4 .IX Item "OCTETSTRING, OCT" -Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fIvalue\fR represents the contents -of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be +Encodes an ASN1 \fBOCTET STRING\fR. \fIvalue\fR represents the contents +of this structure, the format strings \fBASCII\fR and \fBHEX\fR can be used to specify the format of \fIvalue\fR. -.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 +.IP "\fBBITSTRING\fR, \fBBITSTR\fR" 4 .IX Item "BITSTRING, BITSTR" -Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fIvalue\fR represents the contents -of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR +Encodes an ASN1 \fBBIT STRING\fR. \fIvalue\fR represents the contents +of this structure, the format strings \fBASCII\fR, \fBHEX\fR and \fBBITLIST\fR can be used to specify the format of \fIvalue\fR. .Sp -If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused +If the format is anything other than \fBBITLIST\fR the number of unused bits is set to zero. -.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 +.IP "\fBUNIVERSALSTRING\fR, \fBUNIV\fR, \fBIA5\fR, \fBIA5STRING\fR, \fBUTF8\fR, \fBUTF8String\fR, \fBBMP\fR, \fBBMPSTRING\fR, \fBVISIBLESTRING\fR, \fBVISIBLE\fR, \fBPRINTABLESTRING\fR, \fBPRINTABLE\fR, \fBT61\fR, \fBT61STRING\fR, \fBTELETEXSTRING\fR, \fBGeneralString\fR, \fBNUMERICSTRING\fR, \fBNUMERIC\fR" 4 .IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" These encode the corresponding string types. \fIvalue\fR represents the -contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. -.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 +contents of this structure. The format can be \fBASCII\fR or \fBUTF8\fR. +.IP "\fBSEQUENCE\fR, \fBSEQ\fR, \fBSET\fR" 4 .IX Item "SEQUENCE, SEQ, SET" -Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fIvalue\fR +Formats the result as an ASN1 \fBSEQUENCE\fR or \fBSET\fR type. \fIvalue\fR should be a section name which will contain the contents. The field names in the section are ignored and the values are in the -generated string format. If \fIvalue\fR is absent then an empty \s-1SEQUENCE\s0 +generated string format. If \fIvalue\fR is absent then an empty SEQUENCE will be encoded. -.SS "Modifiers" +.SS Modifiers .IX Subsection "Modifiers" Modifiers affect the following structure, they can be used to -add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change +add EXPLICIT or IMPLICIT tagging, add wrappers or to change the string format of the final type and value. The supported formats are documented below. -.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 4 +.IP "\fBEXPLICIT\fR, \fBEXP\fR" 4 .IX Item "EXPLICIT, EXP" Add an explicit tag to the following structure. This string should be followed by a colon and the tag value to use as a decimal value. .Sp -By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL, -APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used, -the default is \s-1CONTEXT SPECIFIC.\s0 -.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 4 +By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR UNIVERSAL, +APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used, +the default is CONTEXT SPECIFIC. +.IP "\fBIMPLICIT\fR, \fBIMP\fR" 4 .IX Item "IMPLICIT, IMP" -This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used +This is the same as \fBEXPLICIT\fR except IMPLICIT tagging is used instead. -.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 4 +.IP "\fBOCTWRAP\fR, \fBSEQWRAP\fR, \fBSETWRAP\fR, \fBBITWRAP\fR" 4 .IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" -The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0 -a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused +The following structure is surrounded by an OCTET STRING, a SEQUENCE, +a SET or a BIT STRING respectively. For a BIT STRING the number of unused bits is set to zero. -.IP "\fB\s-1FORMAT\s0\fR" 4 +.IP \fBFORMAT\fR 4 .IX Item "FORMAT" This specifies the format of the ultimate value. It should be followed -by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. +by a colon and one of the strings \fBASCII\fR, \fBUTF8\fR, \fBHEX\fR or \fBBITLIST\fR. .Sp -If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is -specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the -output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT -STRING\s0) is a comma separated list of the indices of the set bits, all other +If no format specifier is included then \fBASCII\fR is used. If \fBUTF8\fR is +specified then the value string must be a valid \fBUTF8\fR string. For \fBHEX\fR the +output must be a set of hex digits. \fBBITLIST\fR (which is only valid for a BIT +STRING) is a comma separated list of the indices of the set bits, all other bits are zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded -data as an \fB\s-1ASN1_TYPE\s0\fR structure or \s-1NULL\s0 if an error occurred. +data as an \fBASN1_TYPE\fR structure or NULL if an error occurred. .PP The error codes that can be obtained by \fBERR_get_error\fR\|(3). -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" A simple IA5String: .PP @@ -285,20 +210,20 @@ \& EXPLICIT:0,IA5STRING:Hello World .Ve .PP -An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: +An IA5String explicitly tagged using APPLICATION tagging: .PP .Vb 1 \& EXPLICIT:0A,IA5STRING:Hello World .Ve .PP -A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: +A BITSTRING with bits 1 and 5 set and all others zero: .PP .Vb 1 \& FORMAT:BITLIST,BITSTRING:1,5 .Ve .PP A more complex example using a config file to produce a -\&\s-1SEQUENCE\s0 consisting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: +SEQUENCE consisting of a BOOL an OID and a UTF8String: .PP .Vb 1 \& asn1 = SEQUENCE:seq_section @@ -312,7 +237,7 @@ .PP This example produces an RSAPrivateKey structure, this is the key contained in the file client.pem in all OpenSSL distributions -(note: the field names such as 'coeff' are ignored and are present just +(note: the field names such as \*(Aqcoeff\*(Aq are ignored and are present just for clarity): .PP .Vb 3 @@ -372,11 +297,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_item_d2i_bio.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_item_d2i_bio.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_ITEM_D2I_BIO 3ossl" -.TH ASN1_ITEM_D2I_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_ITEM_D2I_BIO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_item_d2i_ex, ASN1_item_d2i, ASN1_item_d2i_bio_ex, ASN1_item_d2i_bio, ASN1_item_d2i_fp_ex, ASN1_item_d2i_fp, ASN1_item_i2d_mem_bio \&\- decode and encode DER\-encoded ASN.1 structures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,58 +88,58 @@ \& \& BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBASN1_item_d2i_ex()\fR decodes the contents of the data stored in \fI*in\fR of length -\&\fIlen\fR which must be a DER-encoded \s-1ASN.1\s0 structure, using the \s-1ASN.1\s0 template -\&\fIit\fR. It places the result in \fI*pval\fR unless \fIpval\fR is \s-1NULL.\s0 If \fI*pval\fR is -non-NULL on entry then the \fB\s-1ASN1_VALUE\s0\fR present there will be reused. Otherwise -a new \fB\s-1ASN1_VALUE\s0\fR will be allocated. If any algorithm fetches are required -during the process then they will use the \fB\s-1OSSL_LIB_CTX\s0\fRprovided in the +\&\fIlen\fR which must be a DER\-encoded ASN.1 structure, using the ASN.1 template +\&\fIit\fR. It places the result in \fI*pval\fR unless \fIpval\fR is NULL. If \fI*pval\fR is +non\-NULL on entry then the \fBASN1_VALUE\fR present there will be reused. Otherwise +a new \fBASN1_VALUE\fR will be allocated. If any algorithm fetches are required +during the process then they will use the \fBOSSL_LIB_CTX\fRprovided in the \&\fIlibctx\fR parameter and the property query string in \fIpropq\fR. See -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about algorithm fetching. +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for more information about algorithm fetching. On exit \fI*in\fR will be updated to point to the next byte in the buffer after the decoded structure. .PP \&\fBASN1_item_d2i()\fR is the same as \fBASN1_item_d2i_ex()\fR except that the default -\&\s-1OSSL_LIB_CTX\s0 is used (i.e. \s-1NULL\s0) and with a \s-1NULL\s0 property query string. +OSSL_LIB_CTX is used (i.e. NULL) and with a NULL property query string. .PP -\&\fBASN1_item_d2i_bio_ex()\fR decodes the contents of its input \s-1BIO\s0 \fIin\fR, -which must be a DER-encoded \s-1ASN.1\s0 structure, using the \s-1ASN.1\s0 template \fIit\fR -and places the result in \fI*pval\fR unless \fIpval\fR is \s-1NULL.\s0 -If \fIin\fR is \s-1NULL\s0 it returns \s-1NULL,\s0 else a pointer to the parsed structure. If any +\&\fBASN1_item_d2i_bio_ex()\fR decodes the contents of its input BIO \fIin\fR, +which must be a DER\-encoded ASN.1 structure, using the ASN.1 template \fIit\fR +and places the result in \fI*pval\fR unless \fIpval\fR is NULL. +If \fIin\fR is NULL it returns NULL, else a pointer to the parsed structure. If any algorithm fetches are required during the process then they will use the -\&\fB\s-1OSSL_LIB_CTX\s0\fR provided in the \fIlibctx\fR parameter and the property query -string in \fIpropq\fR. See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information +\&\fBOSSL_LIB_CTX\fR provided in the \fIlibctx\fR parameter and the property query +string in \fIpropq\fR. See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for more information about algorithm fetching. .PP \&\fBASN1_item_d2i_bio()\fR is the same as \fBASN1_item_d2i_bio_ex()\fR except that the -default \fB\s-1OSSL_LIB_CTX\s0\fR is used (i.e. \s-1NULL\s0) and with a \s-1NULL\s0 property query +default \fBOSSL_LIB_CTX\fR is used (i.e. NULL) and with a NULL property query string. .PP -\&\fBASN1_item_d2i_fp_ex()\fR is the same as \fBASN1_item_d2i_bio_ex()\fR except that a \s-1FILE\s0 -pointer is provided instead of a \s-1BIO.\s0 +\&\fBASN1_item_d2i_fp_ex()\fR is the same as \fBASN1_item_d2i_bio_ex()\fR except that a FILE +pointer is provided instead of a BIO. .PP \&\fBASN1_item_d2i_fp()\fR is the same as \fBASN1_item_d2i_fp_ex()\fR except that the -default \fB\s-1OSSL_LIB_CTX\s0\fR is used (i.e. \s-1NULL\s0) and with a \s-1NULL\s0 property query +default \fBOSSL_LIB_CTX\fR is used (i.e. NULL) and with a NULL property query string. .PP -\&\fBASN1_item_i2d_mem_bio()\fR encodes the given \s-1ASN.1\s0 value \fIval\fR -using the \s-1ASN.1\s0 template \fIit\fR and returns the result in a memory \s-1BIO.\s0 +\&\fBASN1_item_i2d_mem_bio()\fR encodes the given ASN.1 value \fIval\fR +using the ASN.1 template \fIit\fR and returns the result in a memory BIO. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASN1_item_d2i_bio()\fR returns a pointer to an \fB\s-1ASN1_VALUE\s0\fR or \s-1NULL.\s0 +\&\fBASN1_item_d2i_bio()\fR returns a pointer to an \fBASN1_VALUE\fR or NULL. .PP -\&\fBASN1_item_i2d_mem_bio()\fR returns a pointer to a memory \s-1BIO\s0 or \s-1NULL\s0 on error. -.SH "HISTORY" +\&\fBASN1_item_i2d_mem_bio()\fR returns a pointer to a memory BIO or NULL on error. +.SH HISTORY .IX Header "HISTORY" The functions \fBASN1_item_d2i_ex()\fR, \fBASN1_item_d2i_bio_ex()\fR, \fBASN1_item_d2i_fp_ex()\fR and \fBASN1_item_i2d_mem_bio()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_item_new.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_item_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_ITEM_NEW 3ossl" -.TH ASN1_ITEM_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_ITEM_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_item_new_ex, ASN1_item_new \&\- create new ASN.1 values -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,28 +75,28 @@ \& const char *propq); \& ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBASN1_item_new_ex()\fR creates a new \fB\s-1ASN1_VALUE\s0\fR structure based on the -\&\fB\s-1ASN1_ITEM\s0\fR template given in the \fIit\fR parameter. If any algorithm fetches are -required during the process then they will use the \fB\s-1OSSL_LIB_CTX\s0\fR provided in +\&\fBASN1_item_new_ex()\fR creates a new \fBASN1_VALUE\fR structure based on the +\&\fBASN1_ITEM\fR template given in the \fIit\fR parameter. If any algorithm fetches are +required during the process then they will use the \fBOSSL_LIB_CTX\fR provided in the \fIlibctx\fR parameter and the property query string in \fIpropq\fR. See -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about algorithm fetching. +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for more information about algorithm fetching. .PP \&\fBASN1_item_new()\fR is the same as \fBASN1_item_new_ex()\fR except that the default -\&\fB\s-1OSSL_LIB_CTX\s0\fR is used (i.e. \s-1NULL\s0) and with a \s-1NULL\s0 property query string. +\&\fBOSSL_LIB_CTX\fR is used (i.e. NULL) and with a NULL property query string. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_item_new_ex()\fR and \fBASN1_item_new()\fR return a pointer to the newly created -\&\fB\s-1ASN1_VALUE\s0\fR or \s-1NULL\s0 on error. -.SH "HISTORY" +\&\fBASN1_VALUE\fR or NULL on error. +.SH HISTORY .IX Header "HISTORY" The function \fBASN1_item_new_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASN1_item_sign.3.orig +++ secure/lib/libcrypto/man/man3/ASN1_item_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASN1_ITEM_SIGN 3ossl" -.TH ASN1_ITEM_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASN1_ITEM_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASN1_item_sign, ASN1_item_sign_ex, ASN1_item_sign_ctx, ASN1_item_verify, ASN1_item_verify_ex, ASN1_item_verify_ctx \- ASN1 sign and verify -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -174,30 +99,30 @@ \& const ASN1_BIT_STRING *signature, const void *data, \& EVP_MD_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBASN1_item_sign_ex()\fR is used to sign arbitrary \s-1ASN1\s0 data using a data object -\&\fIdata\fR, the \s-1ASN.1\s0 structure \fIit\fR, private key \fIpkey\fR and message digest \fImd\fR. +\&\fBASN1_item_sign_ex()\fR is used to sign arbitrary ASN1 data using a data object +\&\fIdata\fR, the ASN.1 structure \fIit\fR, private key \fIpkey\fR and message digest \fImd\fR. The data that is signed is formed by taking the data object in \fIdata\fR and -converting it to der format using the \s-1ASN.1\s0 structure \fIit\fR. +converting it to der format using the ASN.1 structure \fIit\fR. The \fIdata\fR that will be signed, and a structure containing the signature may both have a copy of the \fBX509_ALGOR\fR. The \fBASN1_item_sign_ex()\fR function will write the correct \fBX509_ALGOR\fR to the structs based on the algorithms and parameters that have been set up. If one of \fIalgor1\fR or \fIalgor2\fR points to the \&\fBX509_ALGOR\fR of the \fIdata\fR to be signed, then that \fBX509_ALGOR\fR will first be written before the signature is generated. -Examples of valid values that can be used by the \s-1ASN.1\s0 structure \fIit\fR are +Examples of valid values that can be used by the ASN.1 structure \fIit\fR are ASN1_ITEM_rptr(X509_CINF), ASN1_ITEM_rptr(X509_REQ_INFO) and ASN1_ITEM_rptr(X509_CRL_INFO). -The \fB\s-1OSSL_LIB_CTX\s0\fR specified in \fIlibctx\fR and the property query string +The \fBOSSL_LIB_CTX\fR specified in \fIlibctx\fR and the property query string specified in \fIprops\fR are used when searching for algorithms in providers. The generated signature is set into \fIsignature\fR. -The optional parameter \fIid\fR can be \s-1NULL,\s0 but can be set for special key types. +The optional parameter \fIid\fR can be NULL, but can be set for special key types. See \fBEVP_PKEY_CTX_set1_id()\fR for further info. The output parameters and -\&\fIalgor2\fR are ignored if they are \s-1NULL.\s0 +\&\fIalgor2\fR are ignored if they are NULL. .PP \&\fBASN1_item_sign()\fR is similar to \fBASN1_item_sign_ex()\fR but uses default values of -\&\s-1NULL\s0 for the \fIid\fR, \fIlibctx\fR and \fIpropq\fR. +NULL for the \fIid\fR, \fIlibctx\fR and \fIpropq\fR. .PP \&\fBASN1_item_sign_ctx()\fR is similar to \fBASN1_item_sign()\fR but uses the parameters contained in digest context \fIctx\fR. @@ -205,14 +130,14 @@ \&\fBASN1_item_verify_ex()\fR is used to verify the signature \fIsignature\fR of internal data \fIdata\fR using the public key \fIpkey\fR and algorithm identifier \fIalg\fR. The data that is verified is formed by taking the data object in \fIdata\fR and -converting it to der format using the \s-1ASN.1\s0 structure \fIit\fR. -The \fB\s-1OSSL_LIB_CTX\s0\fR specified in \fIlibctx\fR and the property query string +converting it to der format using the ASN.1 structure \fIit\fR. +The \fBOSSL_LIB_CTX\fR specified in \fIlibctx\fR and the property query string specified in \fIprops\fR are used when searching for algorithms in providers. -The optional parameter \fIid\fR can be \s-1NULL,\s0 but can be set for special key types. +The optional parameter \fIid\fR can be NULL, but can be set for special key types. See \fBEVP_PKEY_CTX_set1_id()\fR for further info. .PP \&\fBASN1_item_verify()\fR is similar to \fBASN1_item_verify_ex()\fR but uses default values of -\&\s-1NULL\s0 for the \fIid\fR, \fIlibctx\fR and \fIpropq\fR. +NULL for the \fIid\fR, \fIlibctx\fR and \fIpropq\fR. .PP \&\fBASN1_item_verify_ctx()\fR is similar to \fBASN1_item_verify()\fR but uses the parameters contained in digest context \fIctx\fR. @@ -223,12 +148,12 @@ .PP All verify functions return 1 if the signature is valid and 0 if the signature check fails. If the signature could not be checked at all because it was -ill-formed or some other error occurred then \-1 is returned. -.SH "EXAMPLES" +ill\-formed or some other error occurred then \-1 is returned. +.SH EXAMPLES .IX Header "EXAMPLES" -In the following example a 'MyObject' object is signed using the key contained -in an \s-1EVP_MD_CTX.\s0 The signature is written to MyObject.signature. The object is -then output in \s-1DER\s0 format and then loaded back in and verified. +In the following example a \*(AqMyObject\*(Aq object is signed using the key contained +in an EVP_MD_CTX. The signature is written to MyObject.signature. The object is +then output in DER format and then loaded back in and verified. .PP .Vb 2 \& #include @@ -344,14 +269,14 @@ .IX Header "SEE ALSO" \&\fBX509_sign\fR\|(3), \&\fBX509_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBASN1_item_sign_ex()\fR and \fBASN1_item_verify_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASYNC_WAIT_CTX_NEW 3ossl" -.TH ASYNC_WAIT_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASYNC_WAIT_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, @@ -147,7 +72,7 @@ ASYNC_STATUS_UNSUPPORTED, ASYNC_STATUS_ERR, ASYNC_STATUS_OK, ASYNC_STATUS_EAGAIN \&\- functions to manage waiting for asynchronous jobs to complete -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -181,28 +106,28 @@ \& int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status); \& int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" For an overview of how asynchronous operations are implemented in OpenSSL see -\&\fBASYNC_start_job\fR\|(3). An \fB\s-1ASYNC_WAIT_CTX\s0\fR object represents an asynchronous -\&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms -this would have a one-to-one correspondence with an \s-1SSL\s0 connection. +\&\fBASYNC_start_job\fR\|(3). An \fBASYNC_WAIT_CTX\fR object represents an asynchronous +"session", i.e. a related set of crypto operations. For example in SSL terms +this would have a one\-to\-one correspondence with an SSL connection. .PP -Application code must create an \fB\s-1ASYNC_WAIT_CTX\s0\fR using the \fBASYNC_WAIT_CTX_new()\fR +Application code must create an \fBASYNC_WAIT_CTX\fR using the \fBASYNC_WAIT_CTX_new()\fR function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When -the job is started it is associated with the \fB\s-1ASYNC_WAIT_CTX\s0\fR for the duration -of that job. An \fB\s-1ASYNC_WAIT_CTX\s0\fR should only be used for one \fB\s-1ASYNC_JOB\s0\fR at -any one time, but can be reused after an \fB\s-1ASYNC_JOB\s0\fR has finished for a -subsequent \fB\s-1ASYNC_JOB\s0\fR. When the session is complete (e.g. the \s-1SSL\s0 connection +the job is started it is associated with the \fBASYNC_WAIT_CTX\fR for the duration +of that job. An \fBASYNC_WAIT_CTX\fR should only be used for one \fBASYNC_JOB\fR at +any one time, but can be reused after an \fBASYNC_JOB\fR has finished for a +subsequent \fBASYNC_JOB\fR. When the session is complete (e.g. the SSL connection is closed), application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. .PP -\&\fB\s-1ASYNC_WAIT_CTX\s0\fRs can have \*(L"wait\*(R" file descriptors associated with them. +\&\fBASYNC_WAIT_CTX\fRs can have "wait" file descriptors associated with them. Calling \fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an -\&\fB\s-1ASYNC_WAIT_CTX\s0\fR in the \fIctx\fR parameter will return the wait file descriptors +\&\fBASYNC_WAIT_CTX\fR in the \fIctx\fR parameter will return the wait file descriptors associated with that job in \fI*fd\fR. The number of file descriptors returned will -be stored in \fI*numfds\fR. It is the caller's responsibility to ensure that +be stored in \fI*numfds\fR. It is the caller\*(Aqs responsibility to ensure that sufficient memory has been allocated in \fI*fd\fR to receive all the file -descriptors. Calling \fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fIfd\fR value will +descriptors. Calling \fBASYNC_WAIT_CTX_get_all_fds()\fR with a NULL \fIfd\fR value will return no file descriptors but will still populate \fI*numfds\fR. Therefore, application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If @@ -211,26 +136,26 @@ could be returned. .PP The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds -have changed since the last call time \fBASYNC_start_job()\fR returned \fB\s-1ASYNC_PAUSE\s0\fR -(or since the \fB\s-1ASYNC_WAIT_CTX\s0\fR was created if no \fB\s-1ASYNC_PAUSE\s0\fR result has +have changed since the last call time \fBASYNC_start_job()\fR returned \fBASYNC_PAUSE\fR +(or since the \fBASYNC_WAIT_CTX\fR was created if no \fBASYNC_PAUSE\fR result has been received). The \fInumaddfds\fR and \fInumdelfds\fR parameters will be populated with the number of fds added or deleted respectively. \fI*addfd\fR and \fI*delfd\fR will be populated with the list of added and deleted fds respectively. Similarly -to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not -\&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. +to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be NULL, but if they are not +NULL then the caller is responsible for ensuring sufficient memory is allocated. .PP Implementers of async aware code (e.g. engines) are encouraged to return a -stable fd for the lifetime of the \fB\s-1ASYNC_WAIT_CTX\s0\fR in order to reduce the -\&\*(L"churn\*(R" of regularly changing fds \- although no guarantees of this are provided +stable fd for the lifetime of the \fBASYNC_WAIT_CTX\fR in order to reduce the +"churn" of regularly changing fds \- although no guarantees of this are provided to applications. .PP -Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a -system function call such as select or poll (being ready for \*(L"read\*(R" indicates +Applications can wait for the file descriptor to be ready for "read" using a +system function call such as select or poll (being ready for "read" indicates that the job should be resumed). If no file descriptor is made available then an -application will have to periodically \*(L"poll\*(R" the job by attempting to restart it +application will have to periodically "poll" the job by attempting to restart it to see if it is ready to continue. .PP -Async aware code (e.g. engines) can get the current \fB\s-1ASYNC_WAIT_CTX\s0\fR from the +Async aware code (e.g. engines) can get the current \fBASYNC_WAIT_CTX\fR from the job via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user @@ -238,29 +163,29 @@ \&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of these functions requires a \fIkey\fR value which is unique to the async aware code. This could be any unique value but a good candidate might be the -\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fIcustom_data\fR parameter can be any value, and +\&\fBENGINE *\fR for the engine. The \fIcustom_data\fR parameter can be any value, and will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The -\&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" -routine. This can be \s-1NULL\s0 but if provided will automatically get called when -the \fB\s-1ASYNC_WAIT_CTX\s0\fR is freed, and gives the engine the opportunity to close -the fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called +\&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a "cleanup" +routine. This can be NULL but if provided will automatically get called when +the \fBASYNC_WAIT_CTX\fR is freed, and gives the engine the opportunity to close +the fd or any other resources. Note: The "cleanup" routine does not get called if the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. .PP An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd()\fR followed by \&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then -perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +perform other tasks or wait for the job to be ready by calling "select" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor -\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +"readable". Once resumed the engine should clear the wake signal on the wait file descriptor. .PP As well as a file descriptor, user code may also be notified via a callback. The -callback and data pointers are stored within the \fB\s-1ASYNC_WAIT_CTX\s0\fR along with an +callback and data pointers are stored within the \fBASYNC_WAIT_CTX\fR along with an additional status field that can be used for the notification of retries from an engine. This additional method can be used when the user thinks that a file -descriptor is too costly in terms of \s-1CPU\s0 cycles or in some context where a file +descriptor is too costly in terms of CPU cycles or in some context where a file descriptor is not appropriate. .PP \&\fBASYNC_WAIT_CTX_set_callback()\fR sets the callback and the callback argument. The @@ -269,31 +194,31 @@ and nonblocking as it will be run in the context of a polling mechanism or an interrupt. .PP -\&\fBASYNC_WAIT_CTX_get_callback()\fR returns the callback set in the \fB\s-1ASYNC_WAIT_CTX\s0\fR +\&\fBASYNC_WAIT_CTX_get_callback()\fR returns the callback set in the \fBASYNC_WAIT_CTX\fR structure. .PP \&\fBASYNC_WAIT_CTX_set_status()\fR allows an engine to set the current engine status. The possible status values are the following: -.IP "\fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR" 4 +.IP \fBASYNC_STATUS_UNSUPPORTED\fR 4 .IX Item "ASYNC_STATUS_UNSUPPORTED" The engine does not support the callback mechanism. This is the default value. The engine must call \fBASYNC_WAIT_CTX_set_status()\fR to set the status to some value -other than \fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR if it intends to enable the callback +other than \fBASYNC_STATUS_UNSUPPORTED\fR if it intends to enable the callback mechanism. -.IP "\fB\s-1ASYNC_STATUS_ERR\s0\fR" 4 +.IP \fBASYNC_STATUS_ERR\fR 4 .IX Item "ASYNC_STATUS_ERR" The engine has a fatal problem with this request. The user code should clean up this session. -.IP "\fB\s-1ASYNC_STATUS_OK\s0\fR" 4 +.IP \fBASYNC_STATUS_OK\fR 4 .IX Item "ASYNC_STATUS_OK" The request has been successfully submitted. -.IP "\fB\s-1ASYNC_STATUS_EAGAIN\s0\fR" 4 +.IP \fBASYNC_STATUS_EAGAIN\fR 4 .IX Item "ASYNC_STATUS_EAGAIN" The engine has some problem which will be recovered soon, such as a buffer is full, so user code should resume the job. .PP \&\fBASYNC_WAIT_CTX_get_status()\fR allows user code to obtain the current status value. -If the status is any value other than \fB\s-1ASYNC_STATUS_OK\s0\fR then the user code +If the status is any value other than \fBASYNC_STATUS_OK\fR then the user code should not expect to receive a callback from the engine even if one has been set. .PP @@ -305,28 +230,31 @@ operation, normally it is detected by a polling function or an interrupt, as the user code set a callback by calling \fBASYNC_WAIT_CTX_set_callback()\fR previously, then the registered callback will be called. +.PP +\&\fBASYNC_WAIT_CTX_free()\fR frees up a single \fBASYNC_WAIT_CTX\fR object. +If the argument is NULL, nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \fB\s-1ASYNC_WAIT_CTX\s0\fR -or \s-1NULL\s0 on error. +\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \fBASYNC_WAIT_CTX\fR +or NULL on error. .PP ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback and ASYNC_WAIT_CTX_set_status all return 1 on success or 0 on error. \&\fBASYNC_WAIT_CTX_get_status()\fR returns the engine status. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" On Windows platforms the \fI\fR header is dependent on some of the types customarily made available by including \fI\fR. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, -it is defined as an application developer's responsibility to include +it is defined as an application developer\*(Aqs responsibility to include \&\fI\fR prior to \fI\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBASYNC_WAIT_CTX_new()\fR, \fBASYNC_WAIT_CTX_free()\fR, \fBASYNC_WAIT_CTX_set_wait_fd()\fR, \&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR, @@ -336,11 +264,11 @@ \&\fBASYNC_WAIT_CTX_set_callback()\fR, \fBASYNC_WAIT_CTX_get_callback()\fR, \&\fBASYNC_WAIT_CTX_set_status()\fR, and \fBASYNC_WAIT_CTX_get_status()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ASYNC_start_job.3.orig +++ secure/lib/libcrypto/man/man3/ASYNC_start_job.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ASYNC_START_JOB 3ossl" -.TH ASYNC_START_JOB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ASYNC_START_JOB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable \&\- asynchronous job management functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,92 +87,92 @@ \& \& int ASYNC_is_capable(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -OpenSSL implements asynchronous capabilities through an \fB\s-1ASYNC_JOB\s0\fR. This +OpenSSL implements asynchronous capabilities through an \fBASYNC_JOB\fR. This represents code that can be started and executes until some event occurs. At that point the code can be paused and control returns to user code until some subsequent event indicates that the job can be resumed. .PP -The creation of an \fB\s-1ASYNC_JOB\s0\fR is a relatively expensive operation. Therefore, +The creation of an \fBASYNC_JOB\fR is a relatively expensive operation. Therefore, for efficiency reasons, jobs can be created up front and reused many times. They are held in a pool until they are needed, at which point they are removed from the pool, used, and then returned to the pool when the job completes. If the -user application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for +user application is multi\-threaded, then \fBASYNC_init_thread()\fR may be called for each thread that will initiate asynchronous jobs. Before -user code exits per-thread resources need to be cleaned up. This will normally +user code exits per\-thread resources need to be cleaned up. This will normally occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to ensure this will result in memory leaks. .PP -The \fImax_size\fR argument limits the number of \fB\s-1ASYNC_JOB\s0\fRs that will be held in +The \fImax_size\fR argument limits the number of \fBASYNC_JOB\fRs that will be held in the pool. If \fImax_size\fR is set to 0 then no upper limit is set. When an -\&\fB\s-1ASYNC_JOB\s0\fR is needed but there are none available in the pool already then one -will be automatically created, as long as the total of \fB\s-1ASYNC_JOB\s0\fRs managed by +\&\fBASYNC_JOB\fR is needed but there are none available in the pool already then one +will be automatically created, as long as the total of \fBASYNC_JOB\fRs managed by the pool does not exceed \fImax_size\fR. When the pool is first initialised -\&\fIinit_size\fR \fB\s-1ASYNC_JOB\s0\fRs will be created immediately. If \fBASYNC_init_thread()\fR +\&\fIinit_size\fR \fBASYNC_JOB\fRs will be created immediately. If \fBASYNC_init_thread()\fR is not called before the pool is first used then it will be called automatically with a \fImax_size\fR of 0 (no upper limit) and an \fIinit_size\fR of 0 (no -\&\fB\s-1ASYNC_JOB\s0\fRs created up front). +\&\fBASYNC_JOB\fRs created up front). .PP An asynchronous job is started by calling the \fBASYNC_start_job()\fR function. -Initially \fI*job\fR should be \s-1NULL.\s0 \fIctx\fR should point to an \fB\s-1ASYNC_WAIT_CTX\s0\fR +Initially \fI*job\fR should be NULL. \fIctx\fR should point to an \fBASYNC_WAIT_CTX\fR object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fIret\fR should point to a location where the return value of the asynchronous function should be stored on completion of the job. \fIfunc\fR represents the function that should be started asynchronously. The data pointed to by \fIargs\fR and of size \fIsize\fR will be copied and then passed as an argument to \fIfunc\fR when the job starts. ASYNC_start_job will return one of the following values: -.IP "\fB\s-1ASYNC_ERR\s0\fR" 4 +.IP \fBASYNC_ERR\fR 4 .IX Item "ASYNC_ERR" An error occurred trying to start the job. Check the OpenSSL error queue (e.g. see \fBERR_print_errors\fR\|(3)) for more details. -.IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 +.IP \fBASYNC_NO_JOBS\fR 4 .IX Item "ASYNC_NO_JOBS" There are no jobs currently available in the pool. This call can be retried again at a later time. -.IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 +.IP \fBASYNC_PAUSE\fR 4 .IX Item "ASYNC_PAUSE" -The job was successfully started but was \*(L"paused\*(R" before it completed (see +The job was successfully started but was "paused" before it completed (see \&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fI*job\fR. Other work can be performed (if desired) and the job restarted at a later time. To restart a job call \fBASYNC_start_job()\fR again passing the job handle in \fI*job\fR. The \&\fIfunc\fR, \fIargs\fR and \fIsize\fR parameters will be ignored when restarting a job. When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread that the job was originally started from. -.IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 +.IP \fBASYNC_FINISH\fR 4 .IX Item "ASYNC_FINISH" -The job completed. \fI*job\fR will be \s-1NULL\s0 and the return value from \fIfunc\fR will +The job completed. \fI*job\fR will be NULL and the return value from \fIfunc\fR will be placed in \fI*ret\fR. .PP At any one time there can be a maximum of one job actively running per thread (you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get -a pointer to the currently executing \fB\s-1ASYNC_JOB\s0\fR. If no job is currently -executing then this will return \s-1NULL.\s0 +a pointer to the currently executing \fBASYNC_JOB\fR. If no job is currently +executing then this will return NULL. .PP If executing within the context of a job (i.e. having been called directly or -indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR) +indirectly by the function "func" passed as an argument to \fBASYNC_start_job()\fR) then \fBASYNC_pause_job()\fR will immediately return control to the calling -application with \fB\s-1ASYNC_PAUSE\s0\fR returned from the \fBASYNC_start_job()\fR call. A -subsequent call to ASYNC_start_job passing in the relevant \fB\s-1ASYNC_JOB\s0\fR in the +application with \fBASYNC_PAUSE\fR returned from the \fBASYNC_start_job()\fR call. A +subsequent call to ASYNC_start_job passing in the relevant \fBASYNC_JOB\fR in the \&\fI*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If \&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no action is taken and \fBASYNC_pause_job()\fR returns immediately. .PP -\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \fB\s-1ASYNC_WAIT_CTX\s0\fR -for the \fIjob\fR. \fB\s-1ASYNC_WAIT_CTX\s0\fRs contain two different ways to notify -applications that a job is ready to be resumed. One is a \*(L"wait\*(R" file -descriptor, and the other is a \*(L"callback\*(R" mechanism. +\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \fBASYNC_WAIT_CTX\fR +for the \fIjob\fR. \fBASYNC_WAIT_CTX\fRs contain two different ways to notify +applications that a job is ready to be resumed. One is a "wait" file +descriptor, and the other is a "callback" mechanism. .PP -The \*(L"wait\*(R" file descriptor associated with \fB\s-1ASYNC_WAIT_CTX\s0\fR is used for -applications to wait for the file descriptor to be ready for \*(L"read\*(R" using a -system function call such as select or poll (being ready for \*(L"read\*(R" indicates +The "wait" file descriptor associated with \fBASYNC_WAIT_CTX\fR is used for +applications to wait for the file descriptor to be ready for "read" using a +system function call such as select or poll (being ready for "read" indicates that the job should be resumed). If no file descriptor is made available then -an application will have to periodically \*(L"poll\*(R" the job by attempting to restart +an application will have to periodically "poll" the job by attempting to restart it to see if it is ready to continue. .PP -\&\fB\s-1ASYNC_WAIT_CTX\s0\fRs also have a \*(L"callback\*(R" mechanism to notify applications. The +\&\fBASYNC_WAIT_CTX\fRs also have a "callback" mechanism to notify applications. The callback is set by an application, and it will be automatically called when an engine completes a cryptography operation, so that the application can resume the paused work flow without polling. An engine could be written to look whether @@ -261,12 +186,12 @@ pausing. The block will remain in place until a subsequent call to \&\fBASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call \&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in -order to re-enable pausing. If these functions are called while there is no +order to re\-enable pausing. If these functions are called while there is no currently active job then they have no effect. This functionality can be useful -to avoid deadlock scenarios. For example during the execution of an \fB\s-1ASYNC_JOB\s0\fR +to avoid deadlock scenarios. For example during the execution of an \fBASYNC_JOB\fR an application acquires a lock. It then calls some cryptographic function which invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created -the \fB\s-1ASYNC_JOB\s0\fR. If that code then attempts to acquire the same lock before +the \fBASYNC_JOB\fR. If that code then attempts to acquire the same lock before resuming the original job then a deadlock can occur. By calling \&\fBASYNC_block_pause()\fR immediately after acquiring the lock and \&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot @@ -278,29 +203,29 @@ .IX Header "RETURN VALUES" ASYNC_init_thread returns 1 on success or 0 otherwise. .PP -ASYNC_start_job returns one of \fB\s-1ASYNC_ERR\s0\fR, \fB\s-1ASYNC_NO_JOBS\s0\fR, \fB\s-1ASYNC_PAUSE\s0\fR or -\&\fB\s-1ASYNC_FINISH\s0\fR as described above. +ASYNC_start_job returns one of \fBASYNC_ERR\fR, \fBASYNC_NO_JOBS\fR, \fBASYNC_PAUSE\fR or +\&\fBASYNC_FINISH\fR as described above. .PP ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when -not within the context of an \fB\s-1ASYNC_JOB\s0\fR then this is counted as success so 1 +not within the context of an \fBASYNC_JOB\fR then this is counted as success so 1 is returned. .PP -ASYNC_get_current_job returns a pointer to the currently executing \fB\s-1ASYNC_JOB\s0\fR -or \s-1NULL\s0 if not within the context of a job. +ASYNC_get_current_job returns a pointer to the currently executing \fBASYNC_JOB\fR +or NULL if not within the context of a job. .PP -\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \fB\s-1ASYNC_WAIT_CTX\s0\fR for the job. +\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \fBASYNC_WAIT_CTX\fR for the job. .PP \&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 otherwise. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" On Windows platforms the \fI\fR header is dependent on some of the types customarily made available by including \fI\fR. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, -it is defined as an application developer's responsibility to include +it is defined as an application developer\*(Aqs responsibility to include \&\fI\fR prior to \fI\fR. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The following example demonstrates how to use most of the core async APIs: .PP @@ -444,17 +369,17 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBERR_print_errors\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx()\fR, \&\fBASYNC_block_pause()\fR, \fBASYNC_unblock_pause()\fR and \fBASYNC_is_capable()\fR were first added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BF_encrypt.3.orig +++ secure/lib/libcrypto/man/man3/BF_encrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BF_ENCRYPT 3ossl" -.TH BF_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BF_ENCRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -170,7 +95,7 @@ \& void BF_encrypt(BF_LONG *data, const BF_KEY *key); \& void BF_decrypt(BF_LONG *data, const BF_KEY *key); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_EncryptInit_ex\fR\|(3), \fBEVP_EncryptUpdate\fR\|(3) and @@ -182,20 +107,20 @@ Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are considered good for strong encryption. Blowfish can be used in the same -modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)). Blowfish is currently one -of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much -faster than \s-1IDEA\s0 or \s-1RC2.\s0 +modes as DES (see \fBdes_modes\fR\|(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than DES, and much +faster than IDEA or RC2. .PP Blowfish consists of a key setup phase and the actual encryption or decryption phase. .PP -\&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +\&\fBBF_set_key()\fR sets up the \fBBF_KEY\fR \fBkey\fR using the \fBlen\fR bytes long key at \fBdata\fR. .PP \&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, -putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) -or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fBBF_ENCRYPT\fR) +or decryption (\fBBF_DECRYPT\fR) shall be performed. The vector pointed at by \&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, everything after the first 64 bits is ignored. .PP @@ -203,8 +128,8 @@ all operate on variable length data. They all take an initialization vector \&\fBivec\fR which needs to be passed along into the next call of the same function for the same message. \fBivec\fR may be initialized with anything, but the -recipient needs to know what it was initialized with, or it won't be able -to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where +recipient needs to know what it was initialized with, or it won\*(Aqt be able +to decrypt. Some programs and protocols simplify this, like SSH, where \&\fBivec\fR is simply initialized to zero. \&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while \&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt a variable @@ -216,32 +141,32 @@ .PP \&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, -putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or -decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte +putting the result in \fBout\fR. \fBenc\fR decides if encryption (BF_ENCRYPT) or +decryption (BF_DECRYPT) shall be performed. \fBivec\fR must point at an 8 byte long initialization vector. .PP -\&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +\&\fBBF_cfb64_encrypt()\fR is the CFB mode for Blowfish with 64 bit feedback. It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, -putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) -or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fBBF_ENCRYPT\fR) +or decryption (\fBBF_DECRYPT\fR) shall be performed. \fBivec\fR must point at an 8 byte long initialization vector. \fBnum\fR must point at an integer which must be initially zero. .PP -\&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +\&\fBBF_ofb64_encrypt()\fR is the OFB mode for Blowfish with 64 bit feedback. It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized the same way. .PP \&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish encryption. They encrypt/decrypt the first 64 bits of the vector pointed by \&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you -implement 'modes' of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. +implement \*(Aqmodes\*(Aq of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. If you still want to use these functions, you should be aware that they take -each 32\-bit chunk in host-byte order, which is little-endian on little-endian -platforms and big-endian on big-endian ones. +each 32\-bit chunk in host\-byte order, which is little\-endian on little\-endian +platforms and big\-endian on big\-endian ones. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions presented here return any value. -.SH "NOTE" +.SH NOTE .IX Header "NOTE" Applications should use the higher level functions \&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these @@ -250,14 +175,14 @@ .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3), \&\fBdes_modes\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_ADDR.3.orig +++ secure/lib/libcrypto/man/man3/BIO_ADDR.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_ADDR 3ossl" -.TH BIO_ADDR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_ADDR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string \- BIO_ADDR routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -163,94 +88,95 @@ \& char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); \& char *BIO_ADDR_path_string(const BIO_ADDR *ap); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1BIO_ADDR\s0\fR type is a wrapper around all types of socket +The \fBBIO_ADDR\fR type is a wrapper around all types of socket addresses that OpenSSL deals with, currently transparently -supporting \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's +supporting AF_INET, AF_INET6 and AF_UNIX according to what\*(Aqs available on the platform at hand. .PP -\&\fBBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used +\&\fBBIO_ADDR_new()\fR creates a new unfilled \fBBIO_ADDR\fR, to be used with routines that will fill it with information, such as \&\fBBIO_accept_ex()\fR. .PP -\&\fBBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fBBIO_ADDR_new()\fR. +\&\fBBIO_ADDR_free()\fR frees a \fBBIO_ADDR\fR created with \fBBIO_ADDR_new()\fR. +If the argument is NULL, nothing is done. .PP -\&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets +\&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fBBIO_ADDR\fR and sets it back to an uninitialised state. .PP \&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, a byte array of size \fBwherelen\fR with an address in network byte order pointed at by \fBwhere\fR and a port number in network byte order in \fBport\fR (except -for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and -therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. -In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected +for the \fBAF_UNIX\fR protocol family, where \fBport\fR is meaningless and +therefore ignored) and populates the given \fBBIO_ADDR\fR with them. +In case this creates a \fBAF_UNIX\fR \fBBIO_ADDR\fR, \fBwherelen\fR is expected to be the length of the path string (not including the terminating -\&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). -Read on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below. +NUL, such as the result of a call to \fBstrlen()\fR). +Read on about the addresses in "RAW ADDRESSES" below. .PP \&\fBBIO_ADDR_family()\fR returns the protocol family of the given -\&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the -constants \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 It will also return \s-1AF_UNSPEC\s0 if the -\&\s-1BIO_ADDR\s0 has not been initialised. +\&\fBBIO_ADDR\fR. The possible non\-error results are one of the +constants AF_INET, AF_INET6 and AF_UNIX. It will also return AF_UNSPEC if the +BIO_ADDR has not been initialised. .PP \&\fBBIO_ADDR_rawaddress()\fR will write the raw address of the given -\&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, +\&\fBBIO_ADDR\fR in the area pointed at by \fBp\fR if \fBp\fR is non\-NULL, and will set \fB*l\fR to be the amount of bytes the raw address -takes up if \fBl\fR is non-NULL. +takes up if \fBl\fR is non\-NULL. A technique to only find out the size of the address is a call -with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte +with \fBp\fR set to \fBNULL\fR. The raw address will be in network byte order, most significant byte first. -In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the -path string (not including the terminating \s-1NUL,\s0 such as the result of +In case this is a \fBAF_UNIX\fR \fBBIO_ADDR\fR, \fBl\fR gets the length of the +path string (not including the terminating NUL, such as the result of a call to \fBstrlen()\fR). -Read on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below. +Read on about the addresses in "RAW ADDRESSES" below. .PP -\&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. +\&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fBBIO_ADDR\fR. The raw port will be in network byte order. .PP \&\fBBIO_ADDR_hostname_string()\fR returns a character string with the -hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string +hostname of the given \fBBIO_ADDR\fR. If \fBnumeric\fR is 1, the string will contain the numerical form of the address. This only works for -\&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The +\&\fBBIO_ADDR\fR of the protocol families AF_INET and AF_INET6. The returned string has been allocated on the heap and must be freed with \fBOPENSSL_free()\fR. .PP \&\fBBIO_ADDR_service_string()\fR returns a character string with the -service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR +service name of the port of the given \fBBIO_ADDR\fR. If \fBnumeric\fR is 1, the string will contain the port number. This only works -for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The +for \fBBIO_ADDR\fR of the protocol families AF_INET and AF_INET6. The returned string has been allocated on the heap and must be freed with \fBOPENSSL_free()\fR. .PP \&\fBBIO_ADDR_path_string()\fR returns a character string with the path -of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the -protocol family \s-1AF_UNIX.\s0 The returned string has been allocated +of the given \fBBIO_ADDR\fR. This only works for \fBBIO_ADDR\fR of the +protocol family AF_UNIX. The returned string has been allocated on the heap and must be freed with \fBOPENSSL_free()\fR. .SH "RAW ADDRESSES" .IX Header "RAW ADDRESSES" Both \fBBIO_ADDR_rawmake()\fR and \fBBIO_ADDR_rawaddress()\fR take a pointer to a network byte order address of a specific site. Internally, those are -treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct -in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all +treated as a pointer to \fBstruct in_addr\fR (for \fBAF_INET\fR), \fBstruct +in6_addr\fR (for \fBAF_INET6\fR) or \fBchar *\fR (for \fBAF_UNIX\fR), all depending on the protocol family the address is for. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The string producing functions \fBBIO_ADDR_hostname_string()\fR, \&\fBBIO_ADDR_service_string()\fR and \fBBIO_ADDR_path_string()\fR will -return \fB\s-1NULL\s0\fR on error and leave an error indication on the +return \fBNULL\fR on error and leave an error indication on the OpenSSL error stack. .PP -All other functions described here return 0 or \fB\s-1NULL\s0\fR when the -information they should return isn't available. +All other functions described here return 0 or \fBNULL\fR when the +information they should return isn\*(Aqt available. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3.orig +++ secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_ADDRINFO 3ossl" -.TH BIO_ADDRINFO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_ADDRINFO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, @@ -146,7 +71,7 @@ BIO_lookup_ex, BIO_lookup \&\- BIO_ADDRINFO type and routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -171,74 +96,74 @@ \& const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); \& void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1BIO_ADDRINFO\s0\fR type is a wrapper for address information +The \fBBIO_ADDRINFO\fR type is a wrapper for address information types provided on your platform. .PP -\&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be +\&\fBBIO_ADDRINFO\fR normally forms a chain of several that can be picked at one by one. .PP \&\fBBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and uses \fBlookup_type\fR to determine what the default address should -be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to +be if \fBhost\fR is \fBNULL\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to determine what protocol family, socket type and protocol should be used for -the lookup. \fBfamily\fR can be any of \s-1AF_INET, AF_INET6, AF_UNIX\s0 and -\&\s-1AF_UNSPEC.\s0 \fBsocktype\fR can be \s-1SOCK_STREAM, SOCK_DGRAM\s0 or 0. Specifying 0 +the lookup. \fBfamily\fR can be any of AF_INET, AF_INET6, AF_UNIX and +AF_UNSPEC. \fBsocktype\fR can be SOCK_STREAM, SOCK_DGRAM or 0. Specifying 0 indicates that any type can be used. \fBprotocol\fR specifies a protocol such as -\&\s-1IPPROTO_TCP, IPPROTO_UDP\s0 or \s-1IPPORTO_SCTP.\s0 If set to 0 than any protocol can be -used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR +IPPROTO_TCP, IPPROTO_UDP or IPPORTO_SCTP. If set to 0 than any protocol can be +used. \fBres\fR points at a pointer to hold the start of a \fBBIO_ADDRINFO\fR chain. .PP -For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR +For the family \fBAF_UNIX\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR parameter and expects the \fBhost\fR parameter to hold the path to the socket file. .PP \&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability to select based on the protocol (any protocol may be returned). .PP \&\fBBIO_ADDRINFO_family()\fR returns the family of the given -\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants -\&\s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 +\&\fBBIO_ADDRINFO\fR. The result will be one of the constants +AF_INET, AF_INET6 and AF_UNIX. .PP \&\fBBIO_ADDRINFO_socktype()\fR returns the socket type of the given -\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants -\&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM.\s0 +\&\fBBIO_ADDRINFO\fR. The result will be one of the constants +SOCK_STREAM and SOCK_DGRAM. .PP \&\fBBIO_ADDRINFO_protocol()\fR returns the protocol id of the given -\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants -\&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP.\s0 +\&\fBBIO_ADDRINFO\fR. The result will be one of the constants +IPPROTO_TCP and IPPROTO_UDP. .PP -\&\fBBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR -of the given \fB\s-1BIO_ADDRINFO\s0\fR. +\&\fBBIO_ADDRINFO_address()\fR returns the underlying \fBBIO_ADDR\fR +of the given \fBBIO_ADDRINFO\fR. .PP -\&\fBBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain +\&\fBBIO_ADDRINFO_next()\fR returns the next \fBBIO_ADDRINFO\fR in the chain from the given one. .PP -\&\fBBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting -with the given one. +\&\fBBIO_ADDRINFO_free()\fR frees the chain of \fBBIO_ADDRINFO\fR starting +with the given one. If the argument is NULL, nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_lookup_ex()\fR and \fBBIO_lookup()\fR return 1 on success and 0 when an error occurred, and will leave an error indication on the OpenSSL error stack in that case. .PP -All other functions described here return 0 or \fB\s-1NULL\s0\fR when the -information they should return isn't available. -.SH "NOTES" +All other functions described here return 0 or \fBNULL\fR when the +information they should return isn\*(Aqt available. +.SH NOTES .IX Header "NOTES" The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR function. On Linux it is known that specifying 0 for the protocol will not -return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore, if an \s-1SCTP\s0 +return any SCTP based addresses when calling \fBgetaddrinfo()\fR. Therefore, if an SCTP address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be -explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. -.SH "HISTORY" +explicitly set to IPPROTO_SCTP. The same may be true on other platforms. +.SH HISTORY .IX Header "HISTORY" The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_connect.3.orig +++ secure/lib/libcrypto/man/man3/BIO_connect.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_CONNECT 3ossl" -.TH BIO_CONNECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_CONNECT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO socket communication setup routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,7 +78,7 @@ \& int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options); \& int BIO_closesocket(int sock); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type \&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, @@ -161,44 +86,44 @@ .PP \&\fBBIO_bind()\fR binds the source address and service to a socket and may be useful before calling \fBBIO_connect()\fR. The options may include -\&\fB\s-1BIO_SOCK_REUSEADDR\s0\fR, which is described in \*(L"\s-1FLAGS\*(R"\s0 below. +\&\fBBIO_SOCK_REUSEADDR\fR, which is described in "FLAGS" below. .PP \&\fBBIO_connect()\fR connects \fBsock\fR to the address and service given by \&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of -\&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. -The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +\&\fBBIO_SOCK_KEEPALIVE\fR, \fBBIO_SOCK_NONBLOCK\fR and \fBBIO_SOCK_NODELAY\fR. +The flags are described in "FLAGS" below. .PP \&\fBBIO_listen()\fR has \fBsock\fR start listening on the address and service given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any -combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, -\&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. -The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +combination of \fBBIO_SOCK_KEEPALIVE\fR, \fBBIO_SOCK_NONBLOCK\fR, +\&\fBBIO_SOCK_NODELAY\fR, \fBBIO_SOCK_REUSEADDR\fR and \fBBIO_SOCK_V6_ONLY\fR. +The flags are described in "FLAGS" below. .PP \&\fBBIO_accept_ex()\fR waits for an incoming connections on the given socket \fBaccept_sock\fR. When it gets a connection, the address and -port of the peer gets stored in \fBpeer\fR if that one is non-NULL. -Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied -on the accepted socket. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +port of the peer gets stored in \fBpeer\fR if that one is non\-NULL. +Accept \fBoptions\fR may be zero or \fBBIO_SOCK_NONBLOCK\fR, and is applied +on the accepted socket. The flags are described in "FLAGS" below. .PP \&\fBBIO_closesocket()\fR closes \fBsock\fR. -.SH "FLAGS" +.SH FLAGS .IX Header "FLAGS" -.IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 +.IP BIO_SOCK_KEEPALIVE 4 .IX Item "BIO_SOCK_KEEPALIVE" -Enables regular sending of keep-alive messages. -.IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 +Enables regular sending of keep\-alive messages. +.IP BIO_SOCK_NONBLOCK 4 .IX Item "BIO_SOCK_NONBLOCK" Sets the socket to nonblocking mode. -.IP "\s-1BIO_SOCK_NODELAY\s0" 4 +.IP BIO_SOCK_NODELAY 4 .IX Item "BIO_SOCK_NODELAY" -Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With +Corresponds to \fBTCP_NODELAY\fR, and disables the Nagle algorithm. With this set, any data will be sent as soon as possible instead of being -buffered until there's enough for the socket to send out in one go. -.IP "\s-1BIO_SOCK_REUSEADDR\s0" 4 +buffered until there\*(Aqs enough for the socket to send out in one go. +.IP BIO_SOCK_REUSEADDR 4 .IX Item "BIO_SOCK_REUSEADDR" Try to reuse the address and port combination for a recently closed port. -.IP "\s-1BIO_SOCK_V6_ONLY\s0" 4 +.IP BIO_SOCK_V6_ONLY 4 .IX Item "BIO_SOCK_V6_ONLY" When creating an IPv6 socket, make it only listen for IPv6 addresses and not IPv4 addresses mapped to IPv6. @@ -211,7 +136,7 @@ .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR +\&\fBBIO_socket()\fR returns the socket number on success or \fBINVALID_SOCKET\fR (\-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. .PP @@ -220,22 +145,22 @@ data and errno has the system error. .PP \&\fBBIO_accept_ex()\fR returns the accepted socket on success or -\&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the +\&\fBINVALID_SOCKET\fR (\-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBBIO_ADDR\s0\fR\|(3) -.SH "HISTORY" +\&\fBBIO_ADDR\fR\|(3) +.SH HISTORY .IX Header "HISTORY" \&\fBBIO_gethostname()\fR, \fBBIO_get_port()\fR, \fBBIO_get_host_ip()\fR, \&\fBBIO_get_accept_socket()\fR and \fBBIO_accept()\fR were deprecated in OpenSSL 1.1.0. Use the functions described above instead. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_ctrl.3.orig +++ secure/lib/libcrypto/man/man3/BIO_ctrl.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_CTRL 3ossl" -.TH BIO_CTRL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_CTRL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send, BIO_get_ktls_recv \&\- BIO control operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -175,35 +100,35 @@ \& int BIO_get_ktls_send(BIO *b); \& int BIO_get_ktls_recv(BIO *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR -are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. +are BIO "control" operations taking arguments of various types. These functions are not normally called directly, various macros are used instead. The standard macros are described below, macros -specific to a particular type of \s-1BIO\s0 are described in the specific +specific to a particular type of BIO are described in the specific BIOs manual page as well as any special features of the standard calls. .PP -\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +\&\fBBIO_reset()\fR typically resets a BIO to some initial state, in the case of file related BIOs for example it rewinds the file pointer to the start of the file. .PP -\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and -\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. +\&\fBBIO_seek()\fR resets a file related BIO\*(Aqs (that is file descriptor and +FILE BIOs) file position pointer to \fBofs\fR bytes from start of file. .PP -\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 +\&\fBBIO_tell()\fR returns the current file position of a file related BIO. .PP \&\fBBIO_flush()\fR normally writes out any internally buffered data, in some -cases it is used to signal \s-1EOF\s0 and that no more data will be written. +cases it is used to signal EOF and that no more data will be written. .PP -\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of -\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. +\&\fBBIO_eof()\fR returns 1 if the BIO has read EOF, the precise meaning of +"EOF" varies according to the BIO type. .PP -\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can -take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used -in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should -be closed when the \s-1BIO\s0 is freed. +\&\fBBIO_set_close()\fR sets the BIO \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used +in a source/sink BIO to indicate that the underlying I/O stream should +be closed when the BIO is freed. .PP \&\fBBIO_get_close()\fR returns the BIOs close flag. .PP @@ -213,9 +138,9 @@ return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are macros which call \fBBIO_ctrl()\fR. .PP -\&\fBBIO_get_ktls_send()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +\&\fBBIO_get_ktls_send()\fR returns 1 if the BIO is using the Kernel TLS data\-path for sending. Otherwise, it returns zero. -\&\fBBIO_get_ktls_recv()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +\&\fBBIO_get_ktls_recv()\fR returns 1 if the BIO is using the Kernel TLS data\-path for receiving. Otherwise, it returns zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -228,11 +153,11 @@ .PP \&\fBBIO_flush()\fR returns 1 for success and <=0 for failure. .PP -\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached, 0 if not, or negative values for failure. +\&\fBBIO_eof()\fR returns 1 if EOF has been reached, 0 if not, or negative values for failure. .PP \&\fBBIO_set_close()\fR returns 1 on success or <=0 for failure. .PP -\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 It also +\&\fBBIO_get_close()\fR returns the close flag value: BIO_CLOSE or BIO_NOCLOSE. It also returns other negative values if an error occurs. .PP \&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR @@ -240,11 +165,11 @@ negative value or 0 on error. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR return 0 on error. .PP -\&\fBBIO_get_ktls_send()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +\&\fBBIO_get_ktls_send()\fR returns 1 if the BIO is using the Kernel TLS data\-path for sending. Otherwise, it returns zero. -\&\fBBIO_get_ktls_recv()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +\&\fBBIO_get_ktls_recv()\fR returns 1 if the BIO is using the Kernel TLS data\-path for receiving. Otherwise, it returns zero. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating that the call should be retried later in a similar manner to \fBBIO_write_ex()\fR. @@ -253,39 +178,39 @@ .PP The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably determine the amount of pending data in all cases. For example in the -case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures +case of a file BIO some data may be available in the FILE structures internal buffers but it is not possible to determine this in a -portably way. For other types of \s-1BIO\s0 they may not be supported. +portably way. For other types of BIO they may not be supported. .PP Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR -operation usually pass the operation to the next \s-1BIO\s0 in the chain. -This often means there is no need to locate the required \s-1BIO\s0 for +operation usually pass the operation to the next BIO in the chain. +This often means there is no need to locate the required BIO for a particular operation, it can be called on a chain and it will -be automatically passed to the relevant \s-1BIO.\s0 However, this can cause +be automatically passed to the relevant BIO. However, this can cause unexpected results: for example no current filter BIOs implement -\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 -or file descriptor \s-1BIO.\s0 +\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a FILE +or file descriptor BIO. .PP Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR operation. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Some of the return values are ambiguous and care should be taken. In particular a return value of 0 can be returned if an operation is not -supported, if an error occurred, if \s-1EOF\s0 has not been reached and in -the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +supported, if an error occurred, if EOF has not been reached and in +the case of \fBBIO_seek()\fR on a file BIO for a successful operation. .PP In older versions of OpenSSL the \fBBIO_ctrl_pending()\fR and -\&\fBBIO_ctrl_wpending()\fR could return values greater than \s-1INT_MAX\s0 on error. -.SH "HISTORY" +\&\fBBIO_ctrl_wpending()\fR could return values greater than INT_MAX on error. +.SH HISTORY .IX Header "HISTORY" The \fBBIO_get_ktls_send()\fR and \fBBIO_get_ktls_recv()\fR macros were added in OpenSSL 3.0. They were modified to never return \-1 in OpenSSL 3.0.4. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_f_base64.3.orig +++ secure/lib/libcrypto/man/man3/BIO_f_base64.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_F_BASE64 3ossl" -.TH BIO_F_BASE64 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_F_BASE64 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_f_base64 \- base64 BIO filter -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -148,43 +73,41 @@ \& \& const BIO_METHOD *BIO_f_base64(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter -\&\s-1BIO\s0 that base64 encodes any data written through it and decodes +\&\fBBIO_f_base64()\fR returns the base64 BIO method. This is a filter +BIO that base64 encodes any data written through it and decodes any data read through it. .PP Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. .PP -For writing, output is by default divided to lines of length 64 -characters and there is always a newline at the end of output. -.PP -For reading, first line should be at most 1024 -characters long. If it is longer then it is ignored completely. -Other input lines can be of any length. There must be a newline -at the end of input. +For writing, by default output is divided to lines of length 64 +characters and there is a newline at the end of output. +This behavior can be changed with \fBBIO_FLAGS_BASE64_NO_NL\fR flag. .PP -This behavior can be changed with \s-1BIO_FLAGS_BASE64_NO_NL\s0 flag. +For reading, first line should be at most 1024 bytes long including newline +unless the flag \fBBIO_FLAGS_BASE64_NO_NL\fR is set. +Further input lines can be of any length (i.e., newlines may appear anywhere +in the input) and a newline at the end of input is not needed. .PP -\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +\&\fBBIO_flush()\fR on a base64 BIO that is being written through is used to signal that no more data is to be encoded: this is used -to flush the final block through the \s-1BIO.\s0 +to flush the final block through the BIO. .PP -The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR. +The flag \fBBIO_FLAGS_BASE64_NO_NL\fR can be set with \fBBIO_set_flags()\fR. For writing, it causes all data to be written on one line without newline at the end. -For reading, it expects the data to be all on one line (with or -without a trailing newline). -.SH "NOTES" +For reading, it removes all expectations on newlines in the input data. +.SH NOTES .IX Header "NOTES" Because of the format of base64 encoding the end of the encoded block cannot always be reliably determined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. -.SH "EXAMPLES" +\&\fBBIO_f_base64()\fR returns the base64 BIO method. +.SH EXAMPLES .IX Header "EXAMPLES" -Base64 encode the string \*(L"Hello World\en\*(R" and write the result +Base64 encode the string "Hello World\en" and write the result to standard output: .PP .Vb 2 @@ -218,18 +141,22 @@ \& BIO_flush(bio_out); \& BIO_free_all(b64); .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional +On decoding, if the flag \fBBIO_FLAGS_BASE64_NO_NL\fR is not set and +the first 1024 bytes of input do not include a newline character +the first two lines of input are ignored. +.PP +The ambiguity of EOF in base64 encoded data can cause additional data following the base64 encoded block to be misinterpreted. .PP -There should be some way of specifying a test that the \s-1BIO\s0 can perform -to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). -.SH "COPYRIGHT" +There should be some way of specifying a test that the BIO can perform +to reliably determine EOF (for example a MIME boundary). +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_f_buffer.3.orig +++ secure/lib/libcrypto/man/man3/BIO_f_buffer.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_F_BUFFER 3ossl" -.TH BIO_F_BUFFER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_F_BUFFER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, @@ -146,7 +71,7 @@ BIO_set_buffer_read_data, BIO_f_buffer \&\- buffering BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,55 +84,55 @@ \& long BIO_set_buffer_size(BIO *b, long size); \& long BIO_set_buffer_read_data(BIO *b, void *buf, long num); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +\&\fBBIO_f_buffer()\fR returns the buffering BIO method. .PP -Data written to a buffering \s-1BIO\s0 is buffered and periodically written -to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from -an internal buffer which is filled from the next \s-1BIO\s0 in the chain. +Data written to a buffering BIO is buffered and periodically written +to the next BIO in the chain. Data read from a buffering BIO comes from +an internal buffer which is filled from the next BIO in the chain. Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported. .PP -Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +Calling \fBBIO_reset()\fR on a buffering BIO clears any buffered data. .PP \&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. .PP \&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR set the read, write or both read and write buffer sizes to \fBsize\fR. The initial -buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the -buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared +buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the +buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared when the buffer is resized. .PP \&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer is expanded. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions, other than \fBBIO_f_buffer()\fR, are implemented as macros. .PP Buffering BIOs implement \fBBIO_read_ex()\fR and \fBBIO_gets()\fR by using -\&\fBBIO_read_ex()\fR operations on the next \s-1BIO\s0 in the chain and storing the +\&\fBBIO_read_ex()\fR operations on the next BIO in the chain and storing the result in an internal buffer, from which bytes are given back to the caller as appropriate for the call; a \fBBIO_gets()\fR is guaranteed to give the caller a whole line, and \fBBIO_read_ex()\fR is guaranteed to give the -caller the number of bytes it asks for, unless there's an error or end -of communication is reached in the next \s-1BIO.\s0 By prepending a -buffering \s-1BIO\s0 to a chain it is therefore possible to provide +caller the number of bytes it asks for, unless there\*(Aqs an error or end +of communication is reached in the next BIO. By prepending a +buffering BIO to a chain it is therefore possible to provide \&\fBBIO_gets()\fR or exact size \fBBIO_read_ex()\fR functionality if the following BIOs do not support it. .PP -Do not add more than one \fBBIO_f_buffer()\fR to a \s-1BIO\s0 chain. The result of +Do not add more than one \fBBIO_f_buffer()\fR to a BIO chain. The result of doing so will force a full read of the size of the internal buffer of the top \fBBIO_f_buffer()\fR, which is 4 KiB at a minimum. .PP -Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills +Data is only written to the next BIO in the chain when the write buffer fills or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR whenever any pending data should be written such as when removing a buffering -\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate -source/sink \s-1BIO\s0 is non blocking. +BIO using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate +source/sink BIO is non blocking. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +\&\fBBIO_f_buffer()\fR returns the buffering BIO method. .PP \&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0) or a negative value in case of errors. @@ -224,11 +149,11 @@ \&\fBBIO_flush\fR\|(3), \&\fBBIO_pop\fR\|(3), \&\fBBIO_ctrl\fR\|(3). -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_f_cipher.3.orig +++ secure/lib/libcrypto/man/man3/BIO_f_cipher.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_F_CIPHER 3ossl" -.TH BIO_F_CIPHER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_F_CIPHER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -152,48 +77,48 @@ \& int BIO_get_cipher_status(BIO *b); \& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter -\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data -read from it. It is a \s-1BIO\s0 wrapper for the cipher routines +\&\fBBIO_f_cipher()\fR returns the cipher BIO method. This is a filter +BIO that encrypts any data written through it, and decrypts any data +read from it. It is a BIO wrapper for the cipher routines \&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR. .PP Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. .PP -\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +\&\fBBIO_flush()\fR on an encryption BIO that is being written through is used to signal that no more data is to be encrypted: this is used -to flush and possibly pad the final block through the \s-1BIO.\s0 +to flush and possibly pad the final block through the BIO. .PP -\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR -and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for +\&\fBBIO_set_cipher()\fR sets the cipher of BIO \fBb\fR to \fBcipher\fR using key \fBkey\fR +and IV \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for decryption. .PP -When reading from an encryption \s-1BIO\s0 the final block is automatically -decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR +When reading from an encryption BIO the final block is automatically +decrypted and checked when EOF is detected. \fBBIO_get_cipher_status()\fR is a \fBBIO_ctrl()\fR macro which can be called to determine whether the decryption operation was successful. .PP \&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal -\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction +BIO cipher context. The retrieved context can be used in conjunction with the standard cipher routines to set it up. This is useful when \&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block -through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent +through the BIO. If it is not then the final block will fail a subsequent decrypt. .PP When decrypting an error on the final block is signaled by a zero return value from the read operation. A successful decrypt followed -by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR +by EOF will also return zero for the final read. \fBBIO_get_cipher_status()\fR should be called to determine if the decrypt was successful. .PP As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can -be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 +be achieved by preceding the cipher BIO with a buffering BIO. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +\&\fBBIO_f_cipher()\fR returns the cipher BIO method. .PP \&\fBBIO_set_cipher()\fR returns 1 for success and 0 for failure. .PP @@ -201,11 +126,11 @@ for failure. .PP \&\fBBIO_get_cipher_ctx()\fR returns 1 for success and <=0 for failure. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_f_md.3.orig +++ secure/lib/libcrypto/man/man3/BIO_f_md.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_F_MD 3ossl" -.TH BIO_F_MD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_F_MD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -151,31 +76,31 @@ \& int BIO_get_md(BIO *b, EVP_MD **mdp); \& int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter -\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper +\&\fBBIO_f_md()\fR returns the message digest BIO method. This is a filter +BIO that digests any data passed through it. It is a BIO wrapper for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR and \fBEVP_DigestFinal()\fR. .PP -Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read_ex()\fR and +Any data written or read through a digest BIO using \fBBIO_read_ex()\fR and \&\fBBIO_write_ex()\fR is digested. .PP \&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the digest calculation and returns the digest value. \fBBIO_puts()\fR is not supported. .PP -\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 +\&\fBBIO_reset()\fR reinitialises a digest BIO. .PP -\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this -must be called to initialize a digest \s-1BIO\s0 before any data is +\&\fBBIO_set_md()\fR sets the message digest of BIO \fBb\fR to \fBmd\fR: this +must be called to initialize a digest BIO before any data is passed through it. It is a \fBBIO_ctrl()\fR macro. .PP -\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method -in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro. +\&\fBBIO_get_md()\fR places a pointer to the digest BIOs digest method +in \fBmdp\fR. It is a \fBBIO_ctrl()\fR macro. .PP \&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The context returned by \fBBIO_get_md_ctx()\fR can be used in calls to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR @@ -183,30 +108,30 @@ .PP The context returned by \fBBIO_get_md_ctx()\fR is an internal context structure. Changes made to this context will affect the digest -\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest -\&\s-1BIO\s0 is freed. +BIO itself and the context pointer will become invalid when the digest +BIO is freed. .PP -After the digest has been retrieved from a digest \s-1BIO\s0 it must be +After the digest has been retrieved from a digest BIO it must be reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more data is passed through it. .PP If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through a chain containing digest BIOs then this can be done by prepending -a buffering \s-1BIO.\s0 +a buffering BIO. .PP -Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 +Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the BIO state. This allows applications to initialize the context externally if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +\&\fBBIO_f_md()\fR returns the digest BIO method. .PP \&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and <=0 for failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 -digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error +The following example creates a BIO chain containing an SHA1 and MD5 +digest BIO and passes the string "Hello World" through it. Error checking has been omitted for clarity. .PP .Vb 2 @@ -248,7 +173,7 @@ \& } while (rdlen > 0); .Ve .PP -This next example retrieves the message digests from a \s-1BIO\s0 chain and +This next example retrieves the message digests from a BIO chain and outputs them. This could be used with the examples above. .PP .Vb 4 @@ -274,22 +199,22 @@ \& \& BIO_free_all(bio); .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" The lack of support for \fBBIO_puts()\fR and the non standard behaviour of \&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR -and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +and \fBBIO_puts()\fR should be passed to the next BIO in the chain and digest the data passed through and that digests should be retrieved using a separate \fBBIO_ctrl()\fR call. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the -\&\s-1BIO\s0 was initialized first. -.SH "COPYRIGHT" +BIO was initialized first. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_f_null.3.orig +++ secure/lib/libcrypto/man/man3/BIO_f_null.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,103 +53,44 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_F_NULL 3ossl" -.TH BIO_F_NULL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_F_NULL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_f_null \- null filter -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_f_null(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +\&\fBBIO_f_null()\fR returns the null filter BIO method. This is a filter BIO that does nothing. .PP -All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in -the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 -behaves just as though the \s-1BIO\s0 was not there. -.SH "NOTES" +All requests to a null filter BIO are passed through to the next BIO in +the chain: this means that a BIO chain containing a null filter BIO +behaves just as though the BIO was not there. +.SH NOTES .IX Header "NOTES" -As may be apparent a null filter \s-1BIO\s0 is not particularly useful. +As may be apparent a null filter BIO is not particularly useful. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. -.SH "COPYRIGHT" +\&\fBBIO_f_null()\fR returns the null filter BIO method. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_f_prefix.3.orig +++ secure/lib/libcrypto/man/man3/BIO_f_prefix.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_F_PREFIX 3ossl" -.TH BIO_F_PREFIX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_F_PREFIX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_f_prefix, BIO_set_prefix, BIO_set_indent, BIO_get_indent \&\- prefix BIO filter -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,9 +76,9 @@ \& long BIO_set_indent(BIO *b, long indent); \& long BIO_get_indent(BIO *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_f_cipher()\fR returns the prefix \s-1BIO\s0 method. This is a filter for +\&\fBBIO_f_cipher()\fR returns the prefix BIO method. This is a filter for text output, where each line gets automatically prefixed and indented according to user input. .PP @@ -165,21 +90,21 @@ By default, there is no prefix, and indentation is set to 0. .PP \&\fBBIO_set_prefix()\fR sets the prefix to be used for future lines of -text, using \fIprefix\fR. \fIprefix\fR may be \s-1NULL,\s0 signifying that there -should be no prefix. If \fIprefix\fR isn't \s-1NULL,\s0 this function makes a +text, using \fIprefix\fR. \fIprefix\fR may be NULL, signifying that there +should be no prefix. If \fIprefix\fR isn\*(Aqt NULL, this function makes a copy of it. .PP \&\fBBIO_set_indent()\fR sets the indentation to be used for future lines of text, using \fIindent\fR. Negative values are not allowed. .PP \&\fBBIO_get_indent()\fR gets the current indentation. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBBIO_set_prefix()\fR, \fBBIO_set_indent()\fR and \fBBIO_get_indent()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_f_prefix()\fR returns the prefix \s-1BIO\s0 method. +\&\fBBIO_f_prefix()\fR returns the prefix BIO method. .PP \&\fBBIO_set_prefix()\fR returns 1 if the prefix was correctly set, or <=0 on failure. @@ -191,11 +116,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_f_readbuffer.3.orig +++ secure/lib/libcrypto/man/man3/BIO_f_readbuffer.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,112 +53,53 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_F_READBUFFER 3ossl" -.TH BIO_F_READBUFFER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_F_READBUFFER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_f_readbuffer \&\- read only buffering BIO that supports BIO_tell() and BIO_seek() -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_f_readbuffer(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_f_readbuffer()\fR returns the read buffering \s-1BIO\s0 method. +\&\fBBIO_f_readbuffer()\fR returns the read buffering BIO method. .PP -This \s-1BIO\s0 filter can be inserted on top of \s-1BIO\s0's that do not support \fBBIO_tell()\fR -or \fBBIO_seek()\fR (e.g. A file \s-1BIO\s0 that uses stdin). +This BIO filter can be inserted on top of BIO\*(Aqs that do not support \fBBIO_tell()\fR +or \fBBIO_seek()\fR (e.g. A file BIO that uses stdin). .PP -Data read from a read buffering \s-1BIO\s0 comes from an internal buffer which is -filled from the next \s-1BIO\s0 in the chain. +Data read from a read buffering BIO comes from an internal buffer which is +filled from the next BIO in the chain. .PP \&\fBBIO_gets()\fR is supported for read buffering BIOs. -Writing data to a read buffering \s-1BIO\s0 is not supported. +Writing data to a read buffering BIO is not supported. .PP -Calling \fBBIO_reset()\fR on a read buffering \s-1BIO\s0 does not clear any buffered data. -.SH "NOTES" +Calling \fBBIO_reset()\fR on a read buffering BIO does not clear any buffered data. +.SH NOTES .IX Header "NOTES" Read buffering BIOs implement \fBBIO_read_ex()\fR by using \fBBIO_read_ex()\fR operations -on the next \s-1BIO\s0 (e.g. a file \s-1BIO\s0) in the chain and storing the result in an +on the next BIO (e.g. a file BIO) in the chain and storing the result in an internal buffer, from which bytes are given back to the caller as appropriate for the call. \fBBIO_read_ex()\fR is guaranteed to give the caller the number of bytes -it asks for, unless there's an error or end of communication is reached in the -next \s-1BIO.\s0 The internal buffer can grow to cache the entire contents of the next -\&\s-1BIO\s0 in the chain. \fBBIO_seek()\fR uses the internal buffer, so that it can only seek +it asks for, unless there\*(Aqs an error or end of communication is reached in the +next BIO. The internal buffer can grow to cache the entire contents of the next +BIO in the chain. \fBBIO_seek()\fR uses the internal buffer, so that it can only seek into data that is already read. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_f_readbuffer()\fR returns the read buffering \s-1BIO\s0 method. +\&\fBBIO_f_readbuffer()\fR returns the read buffering BIO method. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7), @@ -182,11 +107,11 @@ \&\fBBIO_gets\fR\|(3), \&\fBBIO_reset\fR\|(3), \&\fBBIO_ctrl\fR\|(3). -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_f_ssl.3.orig +++ secure/lib/libcrypto/man/man3/BIO_f_ssl.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_F_SSL 3ossl" -.TH BIO_F_SSL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_F_SSL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown \- SSL BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -168,94 +93,94 @@ \& \& long BIO_do_handshake(BIO *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which -is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to -\&\s-1SSL I/O.\s0 +\&\fBBIO_f_ssl()\fR returns the SSL BIO method. This is a filter BIO which +is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to +SSL I/O. .PP -I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with -the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established +I/O performed on an SSL BIO communicates using the SSL protocol with +the SSLs read and write BIOs. If an SSL connection is not established then an attempt is made to establish one on the first I/O call. .PP -If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically -used as the \s-1SSL\s0 BIOs read and write BIOs. +If a BIO is appended to an SSL BIO using \fBBIO_push()\fR it is automatically +used as the SSL BIOs read and write BIOs. .PP -Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection -by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +Calling \fBBIO_reset()\fR on an SSL BIO closes down any current SSL connection +by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next BIO in the chain: this will typically disconnect the underlying transport. -The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. +The SSL BIO is then reset to the initial accept or connect state. .PP -If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal -\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR. +If the close flag is set when an SSL BIO is freed then the internal +SSL structure is also freed using \fBSSL_free()\fR. .PP -\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1SSL BIO\s0 \fBb\fR to \fBssl\fR using +\&\fBBIO_set_ssl()\fR sets the internal SSL pointer of SSL BIO \fBb\fR to \fBssl\fR using the close flag \fBc\fR. .PP -\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1SSL BIO\s0 \fBb\fR, it can then be -manipulated using the standard \s-1SSL\s0 library functions. +\&\fBBIO_get_ssl()\fR retrieves the SSL pointer of SSL BIO \fBb\fR, it can then be +manipulated using the standard SSL library functions. .PP -\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR +\&\fBBIO_set_ssl_mode()\fR sets the SSL BIO mode to \fBclient\fR. If \fBclient\fR is 1 client mode is set. If \fBclient\fR is 0 server mode is set. .PP -\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count of \s-1SSL BIO\s0 \fBb\fR +\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count of SSL BIO \fBb\fR to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) -the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at +the SSL session is automatically renegotiated. \fBnum\fR must be at least 512 bytes. .PP -\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout of \s-1SSL BIO\s0 \fBb\fR +\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout of SSL BIO \fBb\fR to \fBseconds\fR. When the renegotiate timeout elapses the session is automatically renegotiated. .PP \&\fBBIO_get_num_renegotiates()\fR returns the total number of session -renegotiations due to I/O or timeout of \s-1SSL BIO\s0 \fBb\fR. +renegotiations due to I/O or timeout of SSL BIO \fBb\fR. .PP -\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +\&\fBBIO_new_ssl()\fR allocates an SSL BIO using SSL_CTX \fBctx\fR and using client mode if \fBclient\fR is non zero. .PP -\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an -\&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0 +\&\fBBIO_new_ssl_connect()\fR creates a new BIO chain consisting of an +SSL BIO (using \fBctx\fR) followed by a connect BIO. .PP -\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting -of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR), and a connect \s-1BIO.\s0 +\&\fBBIO_new_buffer_ssl_connect()\fR creates a new BIO chain consisting +of a buffering BIO, an SSL BIO (using \fBctx\fR), and a connect BIO. .PP -\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between -\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the -\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on -the internal \s-1SSL\s0 pointer. +\&\fBBIO_ssl_copy_session_id()\fR copies an SSL session id between +BIO chains \fBfrom\fR and \fBto\fR. It does this by locating the +SSL BIOs in each chain and calling \fBSSL_copy_session_id()\fR on +the internal SSL pointer. .PP -\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 -chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the -chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 +\&\fBBIO_ssl_shutdown()\fR closes down an SSL connection on BIO +chain \fBbio\fR. It does this by locating the SSL BIO in the +chain and calling \fBSSL_shutdown()\fR on its internal SSL pointer. .PP -\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the -supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. -For non-SSL BIOs the connection is done typically at \s-1TCP\s0 level. -If domain name resolution yields multiple \s-1IP\s0 addresses all of them are tried +\&\fBBIO_do_handshake()\fR attempts to complete an SSL handshake on the +supplied BIO and establish the SSL connection. +For non\-SSL BIOs the connection is done typically at TCP level. +If domain name resolution yields multiple IP addresses all of them are tried after \fBconnect()\fR failures. The function returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established. The call \fBBIO_should_retry()\fR should be used for nonblocking connect BIOs to determine if the call should be retried. If a connection has already been established this call has no effect. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport +SSL BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session renegotiation takes place during a \fBBIO_read_ex()\fR operation, one case where this happens is when step up occurs. .PP -The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be +The SSL flag SSL_AUTO_RETRY can be set to disable this behaviour. That is when this flag is set -an \s-1SSL BIO\s0 using a blocking transport will never request a +an SSL BIO using a blocking transport will never request a retry. .PP Since unknown \fBBIO_ctrl()\fR operations are sent through filter BIOs the servers name and port can be set using \fBBIO_set_host()\fR -on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having -to locate the connect \s-1BIO\s0 first. +on the BIO returned by \fBBIO_new_ssl_connect()\fR without having +to locate the connect BIO first. .PP Applications do not have to call \fBBIO_do_handshake()\fR but may wish to do so to separate the handshake process from other I/O @@ -266,23 +191,23 @@ \&\fBBIO_get_num_renegotiates()\fR, and \fBBIO_do_handshake()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. +\&\fBBIO_f_ssl()\fR returns the SSL \fBBIO_METHOD\fR structure. .PP \&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \fBBIO_set_ssl_renegotiate_bytes()\fR, \&\fBBIO_set_ssl_renegotiate_timeout()\fR and \fBBIO_get_num_renegotiates()\fR return 1 on success or a value which is less than or equal to 0 if an error occurred. .PP \&\fBBIO_new_ssl()\fR, \fBBIO_new_ssl_connect()\fR and \fBBIO_new_buffer_ssl_connect()\fR return -a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. +a valid \fBBIO\fR structure on success or \fBNULL\fR if an error occurred. .PP \&\fBBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. .PP \&\fBBIO_do_handshake()\fR returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This \s-1SSL/TLS\s0 client example attempts to retrieve a page from an -\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the +This SSL/TLS client example attempts to retrieve a page from an +SSL/TLS web server. The I/O routines are identical to those of the unencrypted example in \fBBIO_s_connect\fR\|(3). .PP .Vb 5 @@ -332,7 +257,7 @@ .Ve .PP Here is a simple server example. It makes use of a buffering -\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets. +BIO to allow lines to be read from the SSL BIO using BIO_gets. It creates a pseudo web page containing the actual request from a client and also echoes the request to standard output. .PP @@ -388,7 +313,7 @@ .PP /* Second call to \fBBIO_do_accept()\fR waits for incoming connection */ if (BIO_do_accept(acpt) <= 0) { - fprintf(stderr, \*(L"Error accepting connection\en\*(R"); + fprintf(stderr, "Error accepting connection\en"); ERR_print_errors_fp(stderr); \fBexit\fR\|(1); } @@ -424,19 +349,19 @@ \& BIO_flush(sbio); \& BIO_free_all(sbio); .Ve -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" In OpenSSL before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly, -the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of -decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not +the I/O BIO reference count was incorrectly incremented (instead of +decremented) and dissociated with the SSL BIO even if the SSL BIO was not explicitly being popped (e.g. a pop higher up the chain). Applications which included workarounds for this bug (e.g. freeing BIOs more than once) should -be modified to handle this fix or they may free up an already freed \s-1BIO.\s0 -.SH "COPYRIGHT" +be modified to handle this fix or they may free up an already freed BIO. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_find_type.3.orig +++ secure/lib/libcrypto/man/man3/BIO_find_type.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_FIND_TYPE 3ossl" -.TH BIO_FIND_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_FIND_TYPE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,33 +74,33 @@ \& BIO *BIO_next(BIO *b); \& int BIO_method_type(const BIO *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting -at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search -is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as -\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is -searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +The \fBBIO_find_type()\fR searches for a BIO of a given type in a chain, starting +at BIO \fBb\fR. If \fBtype\fR is a specific type (such as \fBBIO_TYPE_MEM\fR) then a search +is made for a BIO of that type. If \fBtype\fR is a general type (such as +\&\fBBIO_TYPE_SOURCE_SINK\fR) then the next matching BIO of the given general type is +searched for. \fBBIO_find_type()\fR returns the next matching BIO or NULL if none is found. .PP The following general types are defined: -\&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. +\&\fBBIO_TYPE_DESCRIPTOR\fR, \fBBIO_TYPE_FILTER\fR, and \fBBIO_TYPE_SOURCE_SINK\fR. .PP For a list of the specific types, see the \fI\fR header file. .PP -\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +\&\fBBIO_next()\fR returns the next BIO in a chain. It can be used to traverse all BIOs in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a certain type. .PP -\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0 +\&\fBBIO_method_type()\fR returns the type of a BIO. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +\&\fBBIO_find_type()\fR returns a matching BIO or NULL for no match. .PP -\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +\&\fBBIO_next()\fR returns the next BIO in a chain. .PP -\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. -.SH "EXAMPLES" +\&\fBBIO_method_type()\fR returns the type of the BIO \fBb\fR. +.SH EXAMPLES .IX Header "EXAMPLES" Traverse a chain looking for digest BIOs: .PP @@ -193,11 +118,11 @@ \& btmp = BIO_next(btmp); \& } while (btmp); .Ve -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_get_data.3.orig +++ secure/lib/libcrypto/man/man3/BIO_get_data.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_GET_DATA 3ossl" -.TH BIO_GET_DATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_GET_DATA 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown \- functions for managing BIO state information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,44 +78,50 @@ \& void BIO_set_shutdown(BIO *a, int shut); \& int BIO_get_shutdown(BIO *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions are mainly useful when implementing a custom \s-1BIO.\s0 +These functions can be used when implementing a custom BIO. .PP The \fBBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with -the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR. +the BIO. This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR. This can be used by custom BIOs for storing implementation specific information. .PP -The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate -whether initialisation has been completed for this \s-1BIO\s0 or not. A nonzero value +The \fBBIO_set_init()\fR function sets the value of the BIO\*(Aqs "init" flag to indicate +whether initialisation has been completed for this BIO or not. A nonzero value indicates that initialisation is complete, whilst zero indicates that it is not. -Often initialisation will complete during initial construction of the \s-1BIO.\s0 For +Often initialisation will complete during initial construction of the BIO. For some BIOs however, initialisation may not complete until after additional steps have occurred (for example through calling custom ctrls). The \fBBIO_get_init()\fR -function returns the value of the \*(L"init\*(R" flag. +function returns the value of the "init" flag. .PP The \fBBIO_set_shutdown()\fR and \fBBIO_get_shutdown()\fR functions set and get the state of -this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource -is also closed when the \s-1BIO\s0 is freed. +this BIO\*(Aqs shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource +is also closed when the BIO is freed. +.SH WARNINGS +.IX Header "WARNINGS" +Do not use \fBBIO_set_data()\fR, \fBBIO_get_data()\fR, \fBBIO_set_init()\fR, \fBBIO_get_init()\fR, outside +the implementation of a custom BIO. +Calling \fBBIO_set_data()\fR on an existing BIO implementation with data that it does +not expect will lead to unexpected results. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_get_data()\fR returns a pointer to the implementation specific custom data -associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set. +associated with this BIO, or NULL if none has been set. .PP -\&\fBBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. +\&\fBBIO_get_init()\fR returns the state of the BIO\*(Aqs init flag. .PP -\&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. +\&\fBBIO_get_shutdown()\fR returns the stat of the BIO\*(Aqs shutdown (i.e. BIO_CLOSE) flag. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7), \fBBIO_meth_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3.orig +++ secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_GET_EX_NEW_INDEX 3ossl" -.TH BIO_GET_EX_NEW_INDEX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_GET_EX_NEW_INDEX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, BIO_set_app_data, BIO_get_app_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, @@ -161,7 +86,7 @@ X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data \&\- application\-specific data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -180,7 +105,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 10 @@ -207,32 +132,32 @@ \& int ENGINE_set_ex_data(ENGINE *type, int idx, void *arg); \& void *ENGINE_get_ex_data(ENGINE *type, int idx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +In the description here, \fITYPE\fR is used a placeholder for any of the OpenSSL datatypes listed in \fBCRYPTO_get_ex_new_index\fR\|(3). .PP -All functions with a \fI\s-1TYPE\s0\fR of \fB\s-1DH\s0\fR, \fB\s-1DSA\s0\fR, \fB\s-1RSA\s0\fR and \fB\s-1EC_KEY\s0\fR are deprecated. +All functions with a \fITYPE\fR of \fBDH\fR, \fBDSA\fR, \fBRSA\fR and \fBEC_KEY\fR are deprecated. Applications should instead use \fBEVP_PKEY_set_ex_data()\fR, \&\fBEVP_PKEY_get_ex_data()\fR and \fBEVP_PKEY_get_ex_new_index()\fR. .PP -All functions with a \fI\s-1TYPE\s0\fR of \fB\s-1ENGINE\s0\fR are deprecated. +All functions with a \fITYPE\fR of \fBENGINE\fR are deprecated. Applications using engines should be replaced by providers. .PP -These functions handle application-specific data for OpenSSL data +These functions handle application\-specific data for OpenSSL data structures. .PP \&\fBTYPE_get_ex_new_index()\fR is a macro that calls \fBCRYPTO_get_ex_new_index()\fR with the correct \fBindex\fR value. .PP \&\fBTYPE_set_ex_data()\fR is a function that calls \fBCRYPTO_set_ex_data()\fR with -an offset into the opaque exdata part of the \s-1TYPE\s0 object. +an offset into the opaque exdata part of the TYPE object. .PP \&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with -an offset into the opaque exdata part of the \s-1TYPE\s0 object. +an offset into the opaque exdata part of the TYPE object. .PP For compatibility with previous releases, the exdata index of zero is -reserved for \*(L"application data.\*(R" There are two convenience functions for +reserved for "application data." There are two convenience functions for this. \&\fBTYPE_set_app_data()\fR is a macro that invokes \fBTYPE_set_ex_data()\fR with \&\fBidx\fR set to zero. @@ -244,11 +169,11 @@ .PP \&\fBTYPE_set_ex_data()\fR returns 1 on success or 0 on error. .PP -\&\fBTYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. +\&\fBTYPE_get_ex_data()\fR returns the application data or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBCRYPTO_get_ex_new_index\fR\|(3). -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBDH_get_ex_new_index()\fR, \fBDH_set_ex_data()\fR, \fBDH_get_ex_data()\fR, \&\fBDSA_get_ex_new_index()\fR, \fBDSA_set_ex_data()\fR, \fBDSA_get_ex_data()\fR, @@ -256,11 +181,11 @@ \&\fBENGINE_get_ex_new_index()\fR, \fBENGINE_set_ex_data()\fR, \fBENGINE_get_ex_data()\fR, \&\fBRSA_get_ex_new_index()\fR, \fBRSA_set_ex_data()\fR, \fBRSA_get_ex_data()\fR, \&\fBRSA_set_app_data()\fR and \fBRSA_get_app_data()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_meth_new.3.orig +++ secure/lib/libcrypto/man/man3/BIO_meth_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_METH_NEW 3ossl" -.TH BIO_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_METH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, @@ -147,7 +72,7 @@ BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl \- Routines to build up BIO methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -193,30 +118,30 @@ \& int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, \& long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 +The \fBBIO_METHOD\fR type is a structure used for the implementation of new BIO types. It provides a set of functions used by OpenSSL for the implementation -of the various \s-1BIO\s0 capabilities. See the \fBbio\fR\|(7) page for more information. +of the various BIO capabilities. See the \fBbio\fR\|(7) page for more information. .PP -\&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a +\&\fBBIO_meth_new()\fR creates a new \fBBIO_METHOD\fR structure. It should be given a unique integer \fBtype\fR and a string that represents its \fBname\fR. Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR. .PP The set of -standard OpenSSL provided \s-1BIO\s0 types is provided in \fI\fR. -Some examples include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs -should have a type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). -Source/sink BIOs should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). +standard OpenSSL provided BIO types is provided in \fI\fR. +Some examples include \fBBIO_TYPE_BUFFER\fR and \fBBIO_TYPE_CIPHER\fR. Filter BIOs +should have a type which have the "filter" bit set (\fBBIO_TYPE_FILTER\fR). +Source/sink BIOs should have the "source/sink" bit set (\fBBIO_TYPE_SOURCE_SINK\fR). File descriptor based BIOs (e.g. socket, fd, connect, accept etc) should -additionally have the \*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the +additionally have the "descriptor" bit set (\fBBIO_TYPE_DESCRIPTOR\fR). See the \&\fBBIO_find_type\fR\|(3) page for more information. .PP -\&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory -associated with it. +\&\fBBIO_meth_free()\fR destroys a \fBBIO_METHOD\fR structure and frees up any memory +associated with it. If the argument is NULL, nothing is done. .PP \&\fBBIO_meth_get_write_ex()\fR and \fBBIO_meth_set_write_ex()\fR get and set the function -used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function +used for writing arbitrary length data to the BIO respectively. This function will be called in response to the application calling \fBBIO_write_ex()\fR or \&\fBBIO_write()\fR. The parameters for the function have the same meaning as for \&\fBBIO_write_ex()\fR. Older code may call \fBBIO_meth_get_write()\fR and @@ -225,7 +150,7 @@ when the function was set with \fBBIO_meth_set_write_ex()\fR. .PP \&\fBBIO_meth_get_read_ex()\fR and \fBBIO_meth_set_read_ex()\fR get and set the function used -for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will +for reading arbitrary length data from the BIO respectively. This function will be called in response to the application calling \fBBIO_read_ex()\fR or \fBBIO_read()\fR. The parameters for the function have the same meaning as for \fBBIO_read_ex()\fR. Older code may call \fBBIO_meth_get_read()\fR and \fBBIO_meth_set_read()\fR instead. @@ -234,49 +159,49 @@ \&\fBBIO_meth_set_read_ex()\fR. .PP \&\fBBIO_meth_get_puts()\fR and \fBBIO_meth_set_puts()\fR get and set the function used for -writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be +writing a NULL terminated string to the BIO respectively. This function will be called in response to the application calling \fBBIO_puts()\fR. The parameters for the function have the same meaning as for \fBBIO_puts()\fR. .PP \&\fBBIO_meth_get_gets()\fR and \fBBIO_meth_set_gets()\fR get and set the function typically -used for reading a line of data from the \s-1BIO\s0 respectively (see the \fBBIO_gets\fR\|(3) +used for reading a line of data from the BIO respectively (see the \fBBIO_gets\fR\|(3) page for more information). This function will be called in response to the application calling \fBBIO_gets()\fR. The parameters for the function have the same meaning as for \fBBIO_gets()\fR. .PP \&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for -processing ctrl messages in the \s-1BIO\s0 respectively. See the \fBBIO_ctrl\fR\|(3) page for +processing ctrl messages in the BIO respectively. See the \fBBIO_ctrl\fR\|(3) page for more information. This function will be called in response to the application calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for \&\fBBIO_ctrl()\fR. .PP \&\fBBIO_meth_get_create()\fR and \fBBIO_meth_set_create()\fR get and set the function used -for creating a new instance of the \s-1BIO\s0 respectively. This function will be +for creating a new instance of the BIO respectively. This function will be called in response to the application calling \fBBIO_new()\fR and passing -in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the -memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will +in a pointer to the current BIO_METHOD. The \fBBIO_new()\fR function will allocate the +memory for the new BIO, and a pointer to this newly allocated structure will be passed as a parameter to the function. If a create function is set, -\&\fBBIO_new()\fR will not mark the \s-1BIO\s0 as initialised on allocation. +\&\fBBIO_new()\fR will not mark the BIO as initialised on allocation. \&\fBBIO_set_init\fR\|(3) must then be called either by the create function, or later, -by a \s-1BIO\s0 ctrl function, once \s-1BIO\s0 initialisation is complete. +by a BIO ctrl function, once BIO initialisation is complete. .PP \&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used -for destroying an instance of a \s-1BIO\s0 respectively. This function will be -called in response to the application calling \fBBIO_free()\fR. A pointer to the \s-1BIO\s0 +for destroying an instance of a BIO respectively. This function will be +called in response to the application calling \fBBIO_free()\fR. A pointer to the BIO to be destroyed is passed as a parameter. The destroy function should be used -for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by +for BIO specific clean up. The memory for the BIO itself should not be freed by this function. .PP \&\fBBIO_meth_get_callback_ctrl()\fR and \fBBIO_meth_set_callback_ctrl()\fR get and set the -function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See +function used for processing callback ctrl messages in the BIO respectively. See the \fBBIO_callback_ctrl\fR\|(3) page for more information. This function will be called in response to the application calling \fBBIO_callback_ctrl()\fR. The parameters for the function have the same meaning as for \fBBIO_callback_ctrl()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. +\&\fBBIO_get_new_index()\fR returns the new BIO type value or \-1 if an error occurred. .PP -BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 +BIO_meth_new(int type, const char *name) returns a valid \fBBIO_METHOD\fR or NULL if an error occurred. .PP The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. @@ -285,14 +210,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7), \fBBIO_find_type\fR\|(3), \fBBIO_ctrl\fR\|(3), \fBBIO_read_ex\fR\|(3), \fBBIO_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_new.3.orig +++ secure/lib/libcrypto/man/man3/BIO_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_NEW 3ossl" -.TH BIO_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_new_ex, BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and freeing functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,59 +78,59 @@ \& void BIO_vfree(BIO *a); \& void BIO_free_all(BIO *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fBBIO_new_ex()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR associated with -the library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). The library context may be -\&\s-1NULL\s0 to indicate the default library context. +The \fBBIO_new_ex()\fR function returns a new BIO using method \fBtype\fR associated with +the library context \fIlibctx\fR (see \fBOSSL_LIB_CTX\fR\|(3)). The library context may be +NULL to indicate the default library context. .PP The \fBBIO_new()\fR is the same as \fBBIO_new_ex()\fR except the default library context is always used. .PP -\&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. +\&\fBBIO_up_ref()\fR increments the reference count associated with the BIO object. .PP -\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0 +\&\fBBIO_free()\fR frees up a single BIO, \fBBIO_vfree()\fR also frees up a single BIO but it does not return a value. -If \fBa\fR is \s-1NULL\s0 nothing is done. +If \fBa\fR is NULL nothing is done. Calling \fBBIO_free()\fR may also have some effect on the underlying I/O structure, for example it may close the file being referred to under certain circumstances. For more details see the individual -\&\s-1BIO_METHOD\s0 descriptions. +BIO_METHOD descriptions. .PP -\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error -occurs freeing up an individual \s-1BIO\s0 in the chain. -If \fBa\fR is \s-1NULL\s0 nothing is done. +\&\fBBIO_free_all()\fR frees up an entire BIO chain, it does not halt if an error +occurs freeing up an individual BIO in the chain. +If \fBa\fR is NULL nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_new_ex()\fR and \fBBIO_new()\fR return a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +\&\fBBIO_new_ex()\fR and \fBBIO_new()\fR return a newly created BIO or NULL if the call fails. .PP \&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure. .PP \&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +If \fBBIO_free()\fR is called on a BIO chain it will only free one BIO resulting in a memory leak. .PP -Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR +Calling \fBBIO_free_all()\fR on a single BIO has the same effect as calling \fBBIO_free()\fR on it other than the discarded return value. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -\&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. +\&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as BIO type is now opaque. .PP \&\fBBIO_new_ex()\fR was added in OpenSSL 3.0. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Create a memory \s-1BIO:\s0 +Create a memory BIO: .PP .Vb 1 \& BIO *mem = BIO_new(BIO_s_mem()); .Ve -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_new_CMS.3.orig +++ secure/lib/libcrypto/man/man3/BIO_new_CMS.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,98 +53,39 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_NEW_CMS 3ossl" -.TH BIO_NEW_CMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_NEW_CMS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_new_CMS \- CMS streaming filter BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +\&\fBBIO_new_CMS()\fR returns a streaming filter BIO chain based on \fBcms\fR. The output of the filter is written to \fBout\fR. Any data written to the chain is -automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. -.SH "NOTES" +automatically translated to a BER format CMS structure of the appropriate type. +.SH NOTES .IX Header "NOTES" -The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It +The chain returned by this function behaves like a standard filter BIO. It supports non blocking I/O. Content is processed and streamed on the fly and not all held in memory at once: so it is possible to encode very large structures. After all content has been written through the chain \fBBIO_flush()\fR must be called to finalise the structure. .PP -The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR +The \fBCMS_STREAM\fR flag must be included in the corresponding \fBflags\fR parameter of the \fBcms\fR creation function. .PP If an application wishes to write additional data to \fBout\fR BIOs should be @@ -177,28 +102,28 @@ structures. .PP Large numbers of small writes through the chain should be avoided as this will -produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending -a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. -.SH "BUGS" +produce an output consisting of lots of OCTET STRING structures. Prepending +a \fBBIO_f_buffer()\fR buffering BIO will prevent this. +.SH BUGS .IX Header "BUGS" -There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode -a \s-1CMS\s0 structure on the fly. +There is currently no corresponding inverse BIO: i.e. one which can decode +a CMS structure on the fly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +\&\fBBIO_new_CMS()\fR returns a BIO chain when successful or NULL if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_encrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3.orig +++ secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_PARSE_HOSTSERV 3ossl" -.TH BIO_PARSE_HOSTSERV 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_PARSE_HOSTSERV 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a standard host and service string -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,7 +78,7 @@ \& int BIO_parse_hostserv(const char *hostserv, char **host, char **service, \& enum BIO_hostserv_priorities hostserv_prio); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, create strings with the hostname and service name and give those @@ -174,8 +99,8 @@ \& service .Ve .PP -The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 -address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. +The host part can be a name or an IP address. If it\*(Aqs a IPv6 +address, it MUST be enclosed in brackets, such as \*(Aq[::1]\*(Aq. .PP The service part can be a service name or its port number. A service name will be mapped to a port number using the system function \fBgetservbyname()\fR. @@ -204,12 +129,12 @@ \&\fBBIO_parse_hostserv()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBBIO_ADDRINFO\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_printf.3.orig +++ secure/lib/libcrypto/man/man3/BIO_printf.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_PRINTF 3ossl" -.TH BIO_PRINTF 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_PRINTF 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,14 +77,14 @@ \& int BIO_snprintf(char *buf, size_t n, const char *format, ...); \& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that -the output is sent to the specified \s-1BIO,\s0 \fIbio\fR, rather than standard +the output is sent to the specified BIO, \fIbio\fR, rather than standard output. All common format specifiers are supported. .PP \&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms, -the output is sent to the specified \s-1BIO,\s0 \fIbio\fR, rather than standard +the output is sent to the specified BIO, \fIbio\fR, rather than standard output. All common format specifiers are supported. The argument list \fIargs\fR is a stdarg argument list. .PP @@ -173,17 +98,17 @@ All functions return the number of bytes written, or \-1 on error. For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output buffer is too small. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Except when \fIn\fR is 0, both \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR always terminate their output with \f(CW\*(Aq\e0\*(Aq\fR. This includes cases where \-1 is returned, such as when there is insufficient space to output the whole string. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_push.3.orig +++ secure/lib/libcrypto/man/man3/BIO_push.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_PUSH 3ossl" -.TH BIO_PUSH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_PUSH 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,44 +74,44 @@ \& BIO *BIO_pop(BIO *b); \& void BIO_set_next(BIO *b, BIO *next); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBIO_push()\fR pushes \fIb\fR on \fInext\fR. -If \fIb\fR is \s-1NULL\s0 the function does nothing and returns \fInext\fR. -Otherwise it prepends \fIb\fR, which may be a single \s-1BIO\s0 or a chain of BIOs, -to \fInext\fR (unless \fInext\fR is \s-1NULL\s0). +If \fIb\fR is NULL the function does nothing and returns \fInext\fR. +Otherwise it prepends \fIb\fR, which may be a single BIO or a chain of BIOs, +to \fInext\fR (unless \fInext\fR is NULL). It then makes a control call on \fIb\fR and returns \fIb\fR. .PP -\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fIb\fR from any chain is is part of. -If \fIb\fR is \s-1NULL\s0 the function does nothing and returns \s-1NULL.\s0 +\&\fBBIO_pop()\fR removes the BIO \fIb\fR from any chain is is part of. +If \fIb\fR is NULL the function does nothing and returns NULL. Otherwise it makes a control call on \fIb\fR and -returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 -The removed \s-1BIO\s0 becomes a single \s-1BIO\s0 with no association with +returns the next BIO in the chain, or NULL if there is no next BIO. +The removed BIO becomes a single BIO with no association with the original chain, it can thus be freed or be made part of a different chain. .PP -\&\fBBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to +\&\fBBIO_set_next()\fR replaces the existing next BIO in a chain with the BIO pointed to by \fInext\fR. The new chain may include some of the same BIOs from the old chain or it may be completely different. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The names of these functions are perhaps a little misleading. \fBBIO_push()\fR -joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, -the deleted \s-1BIO\s0 does not need to be at the end of a chain. +joins two BIO chains whereas \fBBIO_pop()\fR deletes a single BIO from a chain, +the deleted BIO does not need to be at the end of a chain. .PP -The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional +The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a BIO may have additional consequences (a control call is made to the affected BIOs). Any effects will be noted in the descriptions of individual BIOs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_push()\fR returns the head of the chain, -which usually is \fIb\fR, or \fInext\fR if \fIb\fR is \s-1NULL.\s0 +which usually is \fIb\fR, or \fInext\fR if \fIb\fR is NULL. .PP -\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, -or \s-1NULL\s0 if there is no next \s-1BIO.\s0 -.SH "EXAMPLES" +\&\fBBIO_pop()\fR returns the next BIO in the chain, +or NULL if there is no next BIO. +.SH EXAMPLES .IX Header "EXAMPLES" For these examples suppose \fImd1\fR and \fImd2\fR are digest BIOs, -\&\fIb64\fR is a base64 \s-1BIO\s0 and \fIf\fR is a file \s-1BIO.\s0 +\&\fIb64\fR is a base64 BIO and \fIf\fR is a file BIO. .PP If the call: .PP @@ -220,14 +145,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_read.3.orig +++ secure/lib/libcrypto/man/man3/BIO_read.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_READ 3ossl" -.TH BIO_READ 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_READ 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_get_line, BIO_puts \&\- BIO I/O functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,40 +81,40 @@ \& int BIO_write(BIO *b, const void *data, int dlen); \& int BIO_puts(BIO *b, const char *buf); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_read_ex()\fR attempts to read \fIdlen\fR bytes from \s-1BIO\s0 \fIb\fR and places the data +\&\fBBIO_read_ex()\fR attempts to read \fIdlen\fR bytes from BIO \fIb\fR and places the data in \fIdata\fR. If any bytes were successfully read then the number of bytes read is stored in \fI*readbytes\fR. .PP -\&\fBBIO_write_ex()\fR attempts to write \fIdlen\fR bytes from \fIdata\fR to \s-1BIO\s0 \fIb\fR. +\&\fBBIO_write_ex()\fR attempts to write \fIdlen\fR bytes from \fIdata\fR to BIO \fIb\fR. If successful then the number of bytes written is stored in \fI*written\fR -unless \fIwritten\fR is \s-1NULL.\s0 +unless \fIwritten\fR is NULL. .PP -\&\fBBIO_read()\fR attempts to read \fIlen\fR bytes from \s-1BIO\s0 \fIb\fR and places +\&\fBBIO_read()\fR attempts to read \fIlen\fR bytes from BIO \fIb\fR and places the data in \fIbuf\fR. .PP -\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +\&\fBBIO_gets()\fR performs the BIOs "gets" operation and places the data in \fIbuf\fR. Usually this operation will attempt to read a line of data -from the \s-1BIO\s0 of maximum length \fIsize\-1\fR. There are exceptions to this, -however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +from the BIO of maximum length \fIsize\-1\fR. There are exceptions to this, +however; for example, \fBBIO_gets()\fR on a digest BIO will calculate and return the digest and other BIOs may not support \fBBIO_gets()\fR at all. -The returned string is always NUL-terminated and the '\en' is preserved +The returned string is always NUL\-terminated and the \*(Aq\en\*(Aq is preserved if present in the input data. -On binary input there may be \s-1NUL\s0 characters within the string; +On binary input there may be NUL characters within the string; in this case the return value (if nonnegative) may give an incorrect length. .PP -\&\fBBIO_get_line()\fR attempts to read from \s-1BIO\s0 \fIb\fR a line of data up to the next '\en' +\&\fBBIO_get_line()\fR attempts to read from BIO \fIb\fR a line of data up to the next \*(Aq\en\*(Aq or the maximum length \fIsize\-1\fR is reached and places the data in \fIbuf\fR. -The returned string is always NUL-terminated and the '\en' is preserved +The returned string is always NUL\-terminated and the \*(Aq\en\*(Aq is preserved if present in the input data. -On binary input there may be \s-1NUL\s0 characters within the string; +On binary input there may be NUL characters within the string; in this case the return value (if nonnegative) gives the actual length read. -For implementing this, unfortunately the data needs to be read byte-by-byte. +For implementing this, unfortunately the data needs to be read byte\-by\-byte. .PP -\&\fBBIO_write()\fR attempts to write \fIlen\fR bytes from \fIbuf\fR to \s-1BIO\s0 \fIb\fR. +\&\fBBIO_write()\fR attempts to write \fIlen\fR bytes from \fIbuf\fR to BIO \fIb\fR. .PP -\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fIbuf\fR to \s-1BIO\s0 \fIb\fR. +\&\fBBIO_puts()\fR attempts to write a NUL\-terminated string \fIbuf\fR to BIO \fIb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_read_ex()\fR returns 1 if data was successfully read, and 0 otherwise. @@ -197,24 +122,24 @@ \&\fBBIO_write_ex()\fR returns 1 if no error was encountered writing data, 0 otherwise. Requesting to write 0 bytes is not considered an error. .PP -\&\fBBIO_write()\fR returns \-2 if the \*(L"write\*(R" operation is not implemented by the \s-1BIO\s0 +\&\fBBIO_write()\fR returns \-2 if the "write" operation is not implemented by the BIO or \-1 on other errors. Otherwise it returns the number of bytes written. -This may be 0 if the \s-1BIO\s0 \fIb\fR is \s-1NULL\s0 or \fIdlen <= 0\fR. +This may be 0 if the BIO \fIb\fR is NULL or \fIdlen <= 0\fR. .PP -\&\fBBIO_gets()\fR returns \-2 if the \*(L"gets\*(R" operation is not implemented by the \s-1BIO\s0 +\&\fBBIO_gets()\fR returns \-2 if the "gets" operation is not implemented by the BIO or \-1 on other errors. Otherwise it typically returns the amount of data read, but depending on the implementation it may return only the length up to -the first \s-1NUL\s0 character contained in the data read. -In any case the trailing \s-1NUL\s0 that is added after the data read +the first NUL character contained in the data read. +In any case the trailing NUL that is added after the data read is not included in the length returned. .PP All other functions return either the amount of data successfully read or written (if the return value is positive) or that no data was successfully read or written if the result is 0 or \-1. If the return value is \-2 then -the operation is not implemented in the specific \s-1BIO\s0 type. -.SH "NOTES" +the operation is not implemented in the specific BIO type. +.SH NOTES .IX Header "NOTES" A 0 or \-1 return is not necessarily an indication of an error. In particular when the source/sink is nonblocking or of a certain type @@ -226,7 +151,7 @@ and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call \&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR -can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying +can cause several reads (and writes in the case of SSL BIOs) on the underlying I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent) should be combined with non blocking I/O so successive reads will request a retry instead of blocking. @@ -234,26 +159,26 @@ See \fBBIO_should_retry\fR\|(3) for details of how to determine the cause of a retry and other I/O issues. .PP -If the \*(L"gets\*(R" method is not supported by a \s-1BIO\s0 then \fBBIO_get_line()\fR can be used. -It is also possible to make \fBBIO_gets()\fR usable even if the \*(L"gets\*(R" method is not -supported by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) to the chain. +If the "gets" method is not supported by a BIO then \fBBIO_get_line()\fR can be used. +It is also possible to make \fBBIO_gets()\fR usable even if the "gets" method is not +supported by adding a buffering BIO \fBBIO_f_buffer\fR\|(3) to the chain. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBIO_should_retry\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 did not -keep the '\en' at the end of the line in the buffer. +\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based BIO did not +keep the \*(Aq\en\*(Aq at the end of the line in the buffer. .PP \&\fBBIO_get_line()\fR was added in OpenSSL 3.0. .PP \&\fBBIO_write_ex()\fR returns 1 if the size of the data to write is 0 and the -\&\fIwritten\fR parameter of the function can be \s-1NULL\s0 since OpenSSL 3.0. -.SH "COPYRIGHT" +\&\fIwritten\fR parameter of the function can be NULL since OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_accept.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_accept.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_ACCEPT 3ossl" -.TH BIO_S_ACCEPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_ACCEPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -172,45 +97,45 @@ \& \& int BIO_do_accept(BIO *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper -round the platform's \s-1TCP/IP\s0 socket accept routines. +\&\fBBIO_s_accept()\fR returns the accept BIO method. This is a wrapper +round the platform\*(Aqs TCP/IP socket accept routines. .PP -Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data -transferred using only \s-1BIO\s0 routines. In this way any platform -specific operations are hidden by the \s-1BIO\s0 abstraction. +Using accept BIOs, TCP/IP connections can be accepted and data +transferred using only BIO routines. In this way any platform +specific operations are hidden by the BIO abstraction. .PP -Read and write operations on an accept \s-1BIO\s0 will perform I/O +Read and write operations on an accept BIO will perform I/O on the underlying connection. If no connection is established -and the port (see below) is set up properly then the \s-1BIO\s0 +and the port (see below) is set up properly then the BIO waits for an incoming connection. .PP Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. .PP -If the close flag is set on an accept \s-1BIO\s0 then any active +If the close flag is set on an accept BIO then any active connection on that chain is shutdown and the socket closed when -the \s-1BIO\s0 is freed. +the BIO is freed. .PP -Calling \fBBIO_reset()\fR on an accept \s-1BIO\s0 will close any active -connection and reset the \s-1BIO\s0 into a state where it awaits another +Calling \fBBIO_reset()\fR on an accept BIO will close any active +connection and reset the BIO into a state where it awaits another incoming connection. .PP \&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set the accept socket. See \fBBIO_s_fd\fR\|(3) .PP \&\fBBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept -name. The name is represented as a string of the form \*(L"host:port\*(R", -where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. -The host can be \*(L"*\*(R" or empty which is interpreted as meaning +name. The name is represented as a string of the form "host:port", +where "host" is the interface to use and "port" is the port. +The host can be "*" or empty which is interpreted as meaning any interface. If the host is an IPv6 address, it has to be -enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the +enclosed in brackets, for example "[::1]:https". "port" has the same syntax as the port specified in \fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup using \fBgetservbyname()\fR and a string table. .PP \&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept -port of \s-1BIO\s0 \fIb\fR. \*(L"port\*(R" has the same syntax as the port specified in +port of BIO \fIb\fR. "port" has the same syntax as the port specified in \&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup using \fBgetservbyname()\fR and a string table. @@ -218,7 +143,7 @@ It may be queried using \fBBIO_sock_info()\fR and \fBBIO_ADDR_service_string\fR\|(3). .PP \&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into -a single call: that is it creates a new accept \s-1BIO\s0 with port +a single call: that is it creates a new accept BIO with port \&\fBhost_port\fR. .PP \&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode @@ -227,49 +152,49 @@ \&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which will be duplicated and prepended to the chain when an incoming connection is received. This is useful if, for example, a -buffering or \s-1SSL BIO\s0 is required for each connection. The +buffering or SSL BIO is required for each connection. The chain of BIOs must not be freed after this call, they will -be automatically freed when the accept \s-1BIO\s0 is freed. +be automatically freed when the accept BIO is freed. .PP -\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family accepted by the \s-1BIO\s0 \fIb\fR, -which may be \fB\s-1BIO_FAMILY_IPV4\s0\fR, \fB\s-1BIO_FAMILY_IPV6\s0\fR, or \fB\s-1BIO_FAMILY_IPANY\s0\fR. +\&\fBBIO_get_accept_ip_family()\fR returns the IP family accepted by the BIO \fIb\fR, +which may be \fBBIO_FAMILY_IPV4\fR, \fBBIO_FAMILY_IPV6\fR, or \fBBIO_FAMILY_IPANY\fR. .PP -\&\fBBIO_set_accept_ip_family()\fR sets the \s-1IP\s0 family \fIfamily\fR accepted by \s-1BIO\s0 \fIb\fR. -The default is \fB\s-1BIO_FAMILY_IPANY\s0\fR. +\&\fBBIO_set_accept_ip_family()\fR sets the IP family \fIfamily\fR accepted by BIO \fIb\fR. +The default is \fBBIO_FAMILY_IPANY\fR. .PP \&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve -the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set +the current bind mode. If \fBBIO_BIND_NORMAL\fR (the default) is set then another socket cannot be bound to the same port. If -\&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the -same port. If \fB\s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0\fR is set then and -attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails +\&\fBBIO_BIND_REUSEADDR\fR is set then other sockets can bind to the +same port. If \fBBIO_BIND_REUSEADDR_IF_UNUSED\fR is set then and +attempt is first made to use BIO_BIN_NORMAL, if this fails and the port is not in use then a second attempt is made -using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. +using \fBBIO_BIND_REUSEADDR\fR. .PP \&\fBBIO_do_accept()\fR serves two functions. When it is first -called, after the accept \s-1BIO\s0 has been setup, it will attempt +called, after the accept BIO has been setup, it will attempt to create the accept socket and bind an address to it. Second and subsequent calls to \fBBIO_do_accept()\fR will await an incoming connection, or request a retry in non blocking mode. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When an accept \s-1BIO\s0 is at the end of a chain it will await an +When an accept BIO is at the end of a chain it will await an incoming connection before processing I/O calls. When an accept -\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next -\&\s-1BIO\s0 in the chain. +BIO is not at then end of a chain it passes I/O calls to the next +BIO in the chain. .PP -When a connection is established a new socket \s-1BIO\s0 is created for +When a connection is established a new socket BIO is created for the connection and appended to the chain. That is the chain is now accept\->socket. This effectively means that attempting I/O on an initial accept socket will await an incoming connection then perform I/O on it. .PP If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR -then they are placed between the socket and the accept \s-1BIO,\s0 +then they are placed between the socket and the accept BIO, that is the chain will be accept\->otherbios\->socket. .PP If a server wishes to process multiple connections (as is normally -the case) then the accept \s-1BIO\s0 must be made available for further +the case) then the accept BIO must be made available for further incoming connections. This can be done by waiting for a connection and then calling: .PP @@ -277,21 +202,21 @@ \& connection = BIO_pop(accept); .Ve .PP -After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently -established connection and \fBaccept\fR will now be a single \s-1BIO\s0 +After this call \fBconnection\fR will contain a BIO for the recently +established connection and \fBaccept\fR will now be a single BIO again which can be used to await further incoming connections. If no further connections will be accepted the \fBaccept\fR can be freed using \fBBIO_free()\fR. .PP If only a single connection will be processed it is possible to -perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable -however because the accept \s-1BIO\s0 will still accept additional incoming +perform I/O using the accept BIO itself. This is often undesirable +however because the accept BIO will still accept additional incoming connections. This can be resolved by using \fBBIO_pop()\fR (see above) -and freeing up the accept \s-1BIO\s0 after the initial connection. +and freeing up the accept BIO after the initial connection. .PP If the underlying accept socket is nonblocking and \fBBIO_do_accept()\fR is called to await an incoming connection it is possible for -\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens +\&\fBBIO_should_io_special()\fR with the reason BIO_RR_ACCEPT. If this happens then it is an indication that an accept attempt would block: the application should take appropriate action to wait until the underlying socket has accepted a connection and retry the call. @@ -306,19 +231,19 @@ \&\fBBIO_do_accept()\fR, \&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR -return 1 for success and <=0 for failure. +return 1 for success and <= 0 for failure. .PP -\&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. -\&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. +\&\fBBIO_get_accept_name()\fR returns the accept name or NULL on error. +\&\fBBIO_get_peer_name()\fR returns the peer name or NULL on error. .PP -\&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. -\&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. -\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or <=0 on error. +\&\fBBIO_get_accept_port()\fR returns the accept port as a string or NULL on error. +\&\fBBIO_get_peer_port()\fR returns the peer port as a string or NULL on error. +\&\fBBIO_get_accept_ip_family()\fR returns the IP family or <= 0 on error. .PP -\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or <=0 on failure. +\&\fBBIO_get_bind_mode()\fR returns the set of \fBBIO_BIND\fR flags, or <= 0 on failure. .PP -\&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. -.SH "EXAMPLES" +\&\fBBIO_new_accept()\fR returns a BIO or NULL on error. +.SH EXAMPLES .IX Header "EXAMPLES" This example accepts two connections on port 4444, sends messages down each and finally closes both down. @@ -367,11 +292,11 @@ \& BIO_free(cbio); \& BIO_free(cbio2); .Ve -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_bio.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_bio.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_BIO 3ossl" -.TH BIO_S_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_BIO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,20 +90,20 @@ \& size_t BIO_ctrl_get_read_request(BIO *b); \& int BIO_ctrl_reset_read_request(BIO *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +\&\fBBIO_s_bio()\fR returns the method for a BIO pair. A BIO pair is a pair of source/sink BIOs where data written to either half of the pair is buffered and can be read from the other half. Both halves must usually by handled by the same application thread since no locking is done on the internal data structures. .PP -Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this -one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application +Since BIO chains typically end in a source/sink BIO it is possible to make this +one half of a BIO pair and have all the data processed by the chain under application control. .PP -One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this +One typical use of BIO pairs is to place TLS/SSL I/O under application control, this can be used when the application wishes to use a non standard transport for -\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. +TLS/SSL or the normal socket routines are inappropriate. .PP Calls to \fBBIO_read_ex()\fR will read data from the buffer or request a retry if no data is available. @@ -196,14 +121,14 @@ \&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing up any half of the pair will automatically destroy the association. .PP -\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further -writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other -half of the pair will return any pending data or \s-1EOF\s0 when all pending data has +\&\fBBIO_shutdown_wr()\fR is used to close down a BIO \fBb\fR. After this call no further +writes on BIO \fBb\fR are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or EOF when all pending data has been read. .PP -\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of BIO \fBb\fR to \fBsize\fR. If the size is not initialized a default value is used. This is currently -17K, sufficient for a maximum size \s-1TLS\s0 record. +17K, sufficient for a maximum size TLS record. .PP \&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer. .PP @@ -211,21 +136,21 @@ \&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether -\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, +\&\fBbio1\fR or \fBbio2\fR do point to some other BIO, the values are overwritten, \&\fBBIO_free()\fR is not called. .PP \&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum -length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this +length of data that can be currently written to the BIO. Writes larger than this value will return a value from \fBBIO_write_ex()\fR less than the amount requested or if the buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a function whereas \fBBIO_get_write_guarantee()\fR is a macro. .PP \&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the amount of data requested, or the buffer size if it is less, if the -last read attempt at the other half of the \s-1BIO\s0 pair failed due to an +last read attempt at the other half of the BIO pair failed due to an empty buffer. This can be used to determine how much data should be -written to the \s-1BIO\s0 so the next read will succeed: this is most useful -in \s-1TLS/SSL\s0 applications where the amount of data read is usually +written to the BIO so the next read will succeed: this is most useful +in TLS/SSL applications where the amount of data read is usually meaningful rather than just a buffer size. After a successful read this call will return zero. It also will return zero once new data has been written satisfying the read request or part of it. @@ -234,12 +159,12 @@ .PP \&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by \&\fBBIO_get_read_request()\fR to zero. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit +Both halves of a BIO pair should be freed. That is even if one half is implicit freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed. .PP -When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to +When used in bidirectional applications (such as TLS/SSL) care should be taken to flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR on the other half of the pair and, if any data is pending, reading it and sending it to the underlying transport. This must be done before any normal processing @@ -247,13 +172,13 @@ .PP To see why this is important consider a case where a request is sent using \&\fBBIO_write_ex()\fR and a response read with \fBBIO_read_ex()\fR, this can occur during an -\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the +TLS/SSL handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the write buffer. \fBBIO_read_ex()\fR will initially fail and \fBBIO_should_read()\fR will be true. If the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent! .PP -\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been +\&\fBBIO_eof()\fR is true if no data is in the peer BIO and the peer BIO has been shutdown. .PP \&\fBBIO_make_bio_pair()\fR, \fBBIO_destroy_bio_pair()\fR, \fBBIO_shutdown_wr()\fR, @@ -263,15 +188,15 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in -\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with NULL pointers stored into the locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. .PP -[\s-1XXXXX:\s0 More return values need to be added here] -.SH "EXAMPLES" +[XXXXX: More return values need to be added here] +.SH EXAMPLES .IX Header "EXAMPLES" -The \s-1BIO\s0 pair can be used to have full control over the network access of an +The BIO pair can be used to have full control over the network access of an application. The application can call \fBselect()\fR on the socket as required -without having to go through the SSL-interface. +without having to go through the SSL\-interface. .PP .Vb 1 \& BIO *internal_bio, *network_bio; @@ -302,18 +227,18 @@ \& ... .Ve .PP -As the \s-1BIO\s0 pair will only buffer the data and never directly access the +As the BIO pair will only buffer the data and never directly access the connection, it behaves nonblocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. .PP -Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the BIO and must be transferred to the network. Use \fBBIO_ctrl_get_read_request()\fR to find out, how many bytes must be written into the buffer before the \&\fBSSL_operation()\fR can successfully be continued. -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" -As the data is buffered, \fBSSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 +As the data is buffered, \fBSSL_operation()\fR may return with an ERROR_SSL_WANT_READ condition, but there is still data in the write buffer. An application must not rely on the error value of \fBSSL_operation()\fR but must assure that the write buffer is always flushed first. Otherwise a deadlock may occur as @@ -322,11 +247,11 @@ .IX Header "SEE ALSO" \&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), \&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_connect.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_connect.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_CONNECT 3ossl" -.TH BIO_S_CONNECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_CONNECT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_address, BIO_set_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_get_conn_address, BIO_get_conn_ip_family, BIO_set_nbio, BIO_do_connect \- connect BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -167,59 +92,59 @@ \& \& long BIO_do_connect(BIO *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper -round the platform's \s-1TCP/IP\s0 socket connection routines. +\&\fBBIO_s_connect()\fR returns the connect BIO method. This is a wrapper +round the platform\*(Aqs TCP/IP socket connection routines. .PP -Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data -transferred using only \s-1BIO\s0 routines. In this way any platform -specific operations are hidden by the \s-1BIO\s0 abstraction. +Using connect BIOs, TCP/IP connections can be made and data +transferred using only BIO routines. In this way any platform +specific operations are hidden by the BIO abstraction. .PP -Read and write operations on a connect \s-1BIO\s0 will perform I/O +Read and write operations on a connect BIO will perform I/O on the underlying connection. If no connection is established and the port and hostname (see below) is set up properly then a connection is established first. .PP Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. .PP -If the close flag is set on a connect \s-1BIO\s0 then any active -connection is shutdown and the socket closed when the \s-1BIO\s0 +If the close flag is set on a connect BIO then any active +connection is shutdown and the socket closed when the BIO is freed. .PP -Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active -connection and reset the \s-1BIO\s0 into a state where it can connect +Calling \fBBIO_reset()\fR on a connect BIO will close any active +connection and reset the BIO into a state where it can connect to the same host again. .PP \&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into -a single call: that is it creates a new connect \s-1BIO\s0 with hostname \fBname\fR. +a single call: that is it creates a new connect BIO with hostname \fBname\fR. .PP \&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. -The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it -must be enclosed with brackets \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +The hostname can be an IP address; if the address is an IPv6 one, it +must be enclosed in brackets \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. The hostname can also include the port in the form hostname:port; see \fBBIO_parse_hostserv\fR\|(3) and \fBBIO_set_conn_port()\fR for details. .PP \&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the -numerical form or a service string such as \*(L"http\*(R", which +numerical form or a service string such as "http", which will be mapped to a port number using the system function \fBgetservbyname()\fR. .PP \&\fBBIO_set_conn_address()\fR sets the address and port information using -a \s-1\fBBIO_ADDR\s0\fR\|(3ssl). +a \fBBIO_ADDR\fR\|(3ssl). .PP -\&\fBBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. +\&\fBBIO_set_conn_ip_family()\fR sets the IP family. .PP -\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or -\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. +\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect BIO or +NULL if the BIO is initialized but no hostname is set. This return value is an internal pointer which should not be modified. .PP \&\fBBIO_get_conn_port()\fR returns the port as a string. This return value is an internal pointer which should not be modified. .PP -\&\fBBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0 +\&\fBBIO_get_conn_address()\fR returns the address information as a BIO_ADDR. This return value is an internal pointer which should not be modified. .PP -\&\fBBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0 +\&\fBBIO_get_conn_ip_family()\fR returns the IP family of the connect BIO. .PP \&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O @@ -227,17 +152,17 @@ should be made before the connection is established because non blocking I/O is set during the connect process. .PP -\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 -This performs an \s-1SSL/TLS\s0 handshake as far as supported by the \s-1BIO.\s0 -For non-SSL BIOs the connection is done typically at \s-1TCP\s0 level. -If domain name resolution yields multiple \s-1IP\s0 addresses all of them are tried +\&\fBBIO_do_connect()\fR attempts to connect the supplied BIO. +This performs an SSL/TLS handshake as far as supported by the BIO. +For non\-SSL BIOs the connection is done typically at TCP level. +If domain name resolution yields multiple IP addresses all of them are tried after \fBconnect()\fR failures. The function returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established. The call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs to determine if the call should be retried. If a connection has already been established this call has no effect. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" If blocking I/O is set then a non positive return value from any I/O call is caused by an error condition, although a zero return @@ -246,7 +171,7 @@ If the port name is supplied as part of the hostname then this will override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable if the application does not wish to allow connection to arbitrary -ports. This can be avoided by checking for the presence of the ':' +ports. This can be avoided by checking for the presence of the \*(Aq:\*(Aq character in the passed hostname and either indicating an error or truncating the string at that point. .PP @@ -262,7 +187,7 @@ .PP It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also possible for \fBBIO_should_io_special()\fR to be true during the initial -connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned +connection process with the reason BIO_RR_CONNECT. If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. @@ -273,29 +198,29 @@ \&\fBBIO_set_nbio()\fR, and \fBBIO_do_connect()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +\&\fBBIO_s_connect()\fR returns the connect BIO method. .PP \&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR return 1 or <=0 if an error occurs. .PP \&\fBBIO_set_conn_hostname()\fR returns 1 on success and <=0 on failure. .PP -\&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none +\&\fBBIO_get_conn_address()\fR returns the address information or NULL if none was set. .PP -\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if +\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or NULL if none was set. .PP \&\fBBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. .PP \&\fBBIO_get_conn_port()\fR returns a string representing the connected -port or \s-1NULL\s0 if not set. +port or NULL if not set. .PP \&\fBBIO_set_nbio()\fR returns 1 or <=0 if an error occurs. .PP \&\fBBIO_do_connect()\fR returns 1 if the connection was successfully established and <=0 if the connection failed. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" This is example connects to a webserver on the local host and attempts to retrieve a page and copy the result to standard output. @@ -324,17 +249,17 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBBIO_ADDR\s0\fR\|(3), \fBBIO_parse_hostserv\fR\|(3) -.SH "HISTORY" +\&\fBBIO_ADDR\fR\|(3), \fBBIO_parse_hostserv\fR\|(3) +.SH HISTORY .IX Header "HISTORY" \&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR were removed in OpenSSL 1.1.0. Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_core.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_core.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_CORE 3ossl" -.TH BIO_S_CORE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_CORE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_core, BIO_new_from_core_bio \- OSSL_CORE_BIO functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,38 +74,38 @@ \& \& BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_core()\fR returns the core \s-1BIO\s0 method function. +\&\fBBIO_s_core()\fR returns the core BIO method function. .PP -A core \s-1BIO\s0 is treated as source/sink \s-1BIO\s0 which communicates to some external -\&\s-1BIO.\s0 This is primarily useful to provider authors. A number of calls from -libcrypto into a provider supply an \s-1OSSL_CORE_BIO\s0 parameter. This represents -a \s-1BIO\s0 within libcrypto, but cannot be used directly by a provider. Instead it +A core BIO is treated as source/sink BIO which communicates to some external +BIO. This is primarily useful to provider authors. A number of calls from +libcrypto into a provider supply an OSSL_CORE_BIO parameter. This represents +a BIO within libcrypto, but cannot be used directly by a provider. Instead it should be wrapped using a \fBBIO_s_core()\fR. .PP -Once a \s-1BIO\s0 is constructed based on \fBBIO_s_core()\fR, the associated \s-1OSSL_CORE_BIO\s0 -object should be set on it using \fBBIO_set_data\fR\|(3). Note that the \s-1BIO\s0 will only +Once a BIO is constructed based on \fBBIO_s_core()\fR, the associated OSSL_CORE_BIO +object should be set on it using \fBBIO_set_data\fR\|(3). Note that the BIO will only operate correctly if it is associated with a library context constructed using -\&\fBOSSL_LIB_CTX_new_from_dispatch\fR\|(3). To associate the \s-1BIO\s0 with a library context +\&\fBOSSL_LIB_CTX_new_from_dispatch\fR\|(3). To associate the BIO with a library context construct it using \fBBIO_new_ex\fR\|(3). .PP -\&\fBBIO_new_from_core_bio()\fR is a convenience function that constructs a new \s-1BIO\s0 +\&\fBBIO_new_from_core_bio()\fR is a convenience function that constructs a new BIO based on \fBBIO_s_core()\fR and that is associated with the given library context. It -then also sets the \s-1OSSL_CORE_BIO\s0 object on the \s-1BIO\s0 using \fBBIO_set_data\fR\|(3). +then also sets the OSSL_CORE_BIO object on the BIO using \fBBIO_set_data\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_s_core()\fR return a core \s-1BIO\s0 \fB\s-1BIO_METHOD\s0\fR structure. +\&\fBBIO_s_core()\fR return a core BIO \fBBIO_METHOD\fR structure. .PP -\&\fBBIO_new_from_core_bio()\fR returns a \s-1BIO\s0 structure on success or \s-1NULL\s0 on failure. +\&\fBBIO_new_from_core_bio()\fR returns a BIO structure on success or NULL on failure. A failure will most commonly be because the library context was not constructed using \fBOSSL_LIB_CTX_new_from_dispatch\fR\|(3). -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBBIO_s_core()\fR and \fBBIO_new_from_core_bio()\fR were added in OpenSSL 3.0. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Create a core \s-1BIO\s0 and write some data to it: +Create a core BIO and write some data to it: .PP .Vb 2 \& int some_function(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio) { @@ -195,11 +120,11 @@ \& return 1; \& } .Ve -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_datagram.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_datagram.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_DATAGRAM 3ossl" -.TH BIO_S_DATAGRAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_DATAGRAM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_datagram, BIO_new_dgram, BIO_ctrl_dgram_connect, BIO_ctrl_set_connected, @@ -147,7 +72,7 @@ BIO_dgram_get_peer, BIO_dgram_set_peer, BIO_dgram_get_mtu_overhead \- Network BIO with datagram semantics -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,10 +88,10 @@ \& int BIO_dgram_set_peer(BIO *bio, const BIO_ADDR *peer); \& int BIO_dgram_get_mtu_overhead(BIO *bio); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_datagram()\fR is a \s-1BIO\s0 implementation designed for use with network sockets -which provide datagram semantics, such as \s-1UDP\s0 sockets. It is suitable for use +\&\fBBIO_s_datagram()\fR is a BIO implementation designed for use with network sockets +which provide datagram semantics, such as UDP sockets. It is suitable for use with DTLSv1. .PP Because \fBBIO_s_datagram()\fR has datagram semantics, a single \fBBIO_write()\fR call sends @@ -175,18 +100,18 @@ silently truncated. .PP When using \fBBIO_s_datagram()\fR, it is important to note that: -.IP "\(bu" 4 -This \s-1BIO\s0 can be used with either a connected or unconnected network socket. A +.IP \(bu 4 +This BIO can be used with either a connected or unconnected network socket. A connected socket is a network socket which has had \fBBIO_connect\fR\|(3) or a -similar OS-specific function called on it. Such a socket can only receive +similar OS\-specific function called on it. Such a socket can only receive datagrams from the specified peer. Any other socket is an unconnected socket and can receive datagrams from any host. -.IP "\(bu" 4 +.IP \(bu 4 Despite their naming, neither \fBBIO_ctrl_dgram_connect()\fR nor \fBBIO_ctrl_set_connected()\fR cause a socket -to become connected. These controls are provided to indicate to the \s-1BIO\s0 how +to become connected. These controls are provided to indicate to the BIO how the underlying socket is configured and how it is to be used; see below. -.IP "\(bu" 4 +.IP \(bu 4 Use of \fBBIO_s_datagram()\fR with an unconnected network socket is hazardous hecause any successful call to \fBBIO_read()\fR results in the peer address used for any subsequent call to \fBBIO_write()\fR being set to the source address of the datagram @@ -200,62 +125,62 @@ .PP Various controls are available for configuring the \fBBIO_s_datagram()\fR using \&\fBBIO_ctrl\fR\|(3): -.IP "BIO_ctrl_dgram_connect (\s-1BIO_CTRL_DGRAM_CONNECT\s0)" 4 +.IP "BIO_ctrl_dgram_connect (BIO_CTRL_DGRAM_CONNECT)" 4 .IX Item "BIO_ctrl_dgram_connect (BIO_CTRL_DGRAM_CONNECT)" This is equivalent to calling \fBBIO_dgram_set_peer\fR\|(3). .Sp Despite its name, this function does not cause the underlying socket to become connected. -.IP "BIO_ctrl_set_connected (\s-1BIO_CTRL_SET_CONNECTED\s0)" 4 +.IP "BIO_ctrl_set_connected (BIO_CTRL_SET_CONNECTED)" 4 .IX Item "BIO_ctrl_set_connected (BIO_CTRL_SET_CONNECTED)" This informs the \fBBIO_s_datagram()\fR whether the underlying socket has been connected, and therefore how the \fBBIO_s_datagram()\fR should attempt to use the socket. .Sp -If the \fIpeer\fR argument is non-NULL, \fBBIO_s_datagram()\fR assumes that the -underlying socket has been connected and will attempt to use the socket using \s-1OS\s0 +If the \fIpeer\fR argument is non\-NULL, \fBBIO_s_datagram()\fR assumes that the +underlying socket has been connected and will attempt to use the socket using OS APIs which do not specify peer addresses (for example, \fBsend\fR\|(3) and \fBrecv\fR\|(3) or similar). The \fIpeer\fR argument should specify the peer address to which the socket is connected. .Sp -If the \fIpeer\fR argument is \s-1NULL,\s0 \fBBIO_s_datagram()\fR assumes that the underlying -socket is not connected and will attempt to use the socket using an \s-1OS\s0 APIs +If the \fIpeer\fR argument is NULL, \fBBIO_s_datagram()\fR assumes that the underlying +socket is not connected and will attempt to use the socket using an OS APIs which specify peer addresses (for example, \fBsendto\fR\|(3) and \fBrecvfrom\fR\|(3)). -.IP "BIO_dgram_get_peer (\s-1BIO_CTRL_DGRAM_GET_PEER\s0)" 4 +.IP "BIO_dgram_get_peer (BIO_CTRL_DGRAM_GET_PEER)" 4 .IX Item "BIO_dgram_get_peer (BIO_CTRL_DGRAM_GET_PEER)" -This outputs a \fB\s-1BIO_ADDR\s0\fR which specifies one of the following values, +This outputs a \fBBIO_ADDR\fR which specifies one of the following values, whichever happened most recently: .RS 4 -.IP "\(bu" 4 +.IP \(bu 4 The peer address last passed to \fBBIO_dgram_set_peer()\fR, \fBBIO_ctrl_dgram_connect()\fR or \fBBIO_ctrl_set_connected()\fR. -.IP "\(bu" 4 +.IP \(bu 4 The peer address of the datagram last received by a call to \fBBIO_read()\fR. .RE .RS 4 .RE -.IP "BIO_dgram_set_peer (\s-1BIO_CTRL_DGRAM_SET_PEER\s0)" 4 +.IP "BIO_dgram_set_peer (BIO_CTRL_DGRAM_SET_PEER)" 4 .IX Item "BIO_dgram_set_peer (BIO_CTRL_DGRAM_SET_PEER)" -Sets the peer address to be used for subsequent writes to this \s-1BIO.\s0 +Sets the peer address to be used for subsequent writes to this BIO. .Sp Warning: When used with an unconnected network socket, the value set may be modified by future calls to \fBBIO_read\fR\|(3), making use of \fBBIO_s_datagram()\fR hazardous when used with unconnected network sockets; see above. -.IP "BIO_dgram_recv_timeout (\s-1BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP\s0)" 4 +.IP "BIO_dgram_recv_timeout (BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP)" 4 .IX Item "BIO_dgram_recv_timeout (BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP)" -Returns 1 if the last I/O operation performed on the \s-1BIO\s0 (for example, via a +Returns 1 if the last I/O operation performed on the BIO (for example, via a call to \fBBIO_read\fR\|(3)) may have been caused by a receive timeout. -.IP "BIO_dgram_send_timedout (\s-1BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP\s0)" 4 +.IP "BIO_dgram_send_timedout (BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP)" 4 .IX Item "BIO_dgram_send_timedout (BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP)" -Returns 1 if the last I/O operation performed on the \s-1BIO\s0 (for example, via a +Returns 1 if the last I/O operation performed on the BIO (for example, via a call to \fBBIO_write\fR\|(3)) may have been caused by a send timeout. -.IP "BIO_dgram_get_mtu_overhead (\s-1BIO_CTRL_DGRAM_GET_MTU_OVERHEAD\s0)" 4 +.IP "BIO_dgram_get_mtu_overhead (BIO_CTRL_DGRAM_GET_MTU_OVERHEAD)" 4 .IX Item "BIO_dgram_get_mtu_overhead (BIO_CTRL_DGRAM_GET_MTU_OVERHEAD)" Returns a quantity in bytes which is a rough estimate of the number of bytes of overhead which should typically be added to a datagram payload size in order to -estimate the final size of the Layer 3 (e.g. \s-1IP\s0) packet which will contain the +estimate the final size of the Layer 3 (e.g. IP) packet which will contain the datagram. In most cases, the maximum datagram payload size which can be -transmitted can be determined by determining the link \s-1MTU\s0 in bytes and +transmitted can be determined by determining the link MTU in bytes and subtracting the value returned by this call. .Sp The value returned by this call depends on the network layer protocol being @@ -264,42 +189,42 @@ The value returned is not fully reliable because datagram overheads can be higher in atypical network configurations, for example where IPv6 extension headers or IPv4 options are used. -.IP "\s-1BIO_CTRL_DGRAM_SET_DONT_FRAG\s0" 4 +.IP BIO_CTRL_DGRAM_SET_DONT_FRAG 4 .IX Item "BIO_CTRL_DGRAM_SET_DONT_FRAG" -If \fInum\fR is nonzero, configures the underlying network socket to enable Don't -Fragment mode, in which datagrams will be set with the \s-1IP\s0 Don't Fragment (\s-1DF\s0) -bit set. If \fInum\fR is zero, Don't Fragment mode is disabled. -.IP "\s-1BIO_CTRL_DGRAM_QUERY_MTU\s0" 4 +If \fInum\fR is nonzero, configures the underlying network socket to enable Don\*(Aqt +Fragment mode, in which datagrams will be set with the IP Don\*(Aqt Fragment (DF) +bit set. If \fInum\fR is zero, Don\*(Aqt Fragment mode is disabled. +.IP BIO_CTRL_DGRAM_QUERY_MTU 4 .IX Item "BIO_CTRL_DGRAM_QUERY_MTU" -Queries the \s-1OS\s0 for its assessment of the Path \s-1MTU\s0 for the destination to which -the underlying network socket, and returns that Path \s-1MTU\s0 in bytes. This control +Queries the OS for its assessment of the Path MTU for the destination to which +the underlying network socket, and returns that Path MTU in bytes. This control can only be used with a connected socket. .Sp -This is not supported on all platforms and depends on \s-1OS\s0 support being +This is not supported on all platforms and depends on OS support being available. Returns 0 on failure. -.IP "\s-1BIO_CTRL_DGRAM_MTU_DISCOVER\s0" 4 +.IP BIO_CTRL_DGRAM_MTU_DISCOVER 4 .IX Item "BIO_CTRL_DGRAM_MTU_DISCOVER" -This control requests that Path \s-1MTU\s0 discovery be enabled on the underlying +This control requests that Path MTU discovery be enabled on the underlying network socket. -.IP "\s-1BIO_CTRL_DGRAM_GET_FALLBACK_MTU\s0" 4 +.IP BIO_CTRL_DGRAM_GET_FALLBACK_MTU 4 .IX Item "BIO_CTRL_DGRAM_GET_FALLBACK_MTU" Returns the estimated minimum size of datagram payload which should always be -supported on the \s-1BIO.\s0 This size is determined by the minimum \s-1MTU\s0 required to be +supported on the BIO. This size is determined by the minimum MTU required to be supported by the applicable underlying network layer. Use of datagrams of this size may lead to suboptimal performance, but should be routable in all circumstances. The value returned is the datagram payload size in bytes and does not include the size of layer 3 or layer 4 protocol headers. -.IP "\s-1BIO_CTRL_DGRAM_MTU_EXCEEDED\s0" 4 +.IP BIO_CTRL_DGRAM_MTU_EXCEEDED 4 .IX Item "BIO_CTRL_DGRAM_MTU_EXCEEDED" -Returns 1 if the last attempted write to the \s-1BIO\s0 failed due to the size of the -attempted write exceeding the applicable \s-1MTU.\s0 -.IP "\s-1BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT\s0" 4 +Returns 1 if the last attempted write to the BIO failed due to the size of the +attempted write exceeding the applicable MTU. +.IP BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 4 .IX Item "BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT" Accepts a pointer to a \fBstruct timeval\fR. If the time specified is zero, disables receive timeouts. Otherwise, configures the specified time interval as the receive timeout for the socket for the purposes of future \fBBIO_read\fR\|(3) calls. -.IP "\s-1BIO_CTRL_DGRAM_SET_PEEK_MODE\s0" 4 +.IP BIO_CTRL_DGRAM_SET_PEEK_MODE 4 .IX Item "BIO_CTRL_DGRAM_SET_PEEK_MODE" If \fBnum\fR is nonzero, enables peek mode; otherwise, disables peek mode. Where peek mode is enabled, calls to \fBBIO_read\fR\|(3) read datagrams from the underlying @@ -307,12 +232,12 @@ yield the same datagram until peek mode is disabled. .PP \&\fBBIO_new_dgram()\fR is a helper function which instantiates a \fBBIO_s_datagram()\fR and -sets the \s-1BIO\s0 to use the socket given in \fIfd\fR by calling \fBBIO_set_fd()\fR. +sets the BIO to use the socket given in \fIfd\fR by calling \fBBIO_set_fd()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_s_datagram()\fR returns a \s-1BIO\s0 method. +\&\fBBIO_s_datagram()\fR returns a BIO method. .PP -\&\fBBIO_new_dgram()\fR returns a \s-1BIO\s0 on success and \s-1NULL\s0 on failure. +\&\fBBIO_new_dgram()\fR returns a BIO on success and NULL on failure. .PP \&\fBBIO_ctrl_dgram_connect()\fR, \fBBIO_ctrl_set_connected()\fR, \&\fBBIO_dgram_get_peer()\fR, \fBBIO_dgram_set_peer()\fR return 1 on success and 0 on failure. @@ -324,11 +249,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDTLSv1_listen\fR\|(3), \fBbio\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_fd.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_fd.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_FD 3ossl" -.TH BIO_S_FD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_FD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,16 +77,16 @@ \& \& BIO *BIO_new_fd(int fd, int close_flag); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +\&\fBBIO_s_fd()\fR returns the file descriptor BIO method. This is a wrapper round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR. .PP \&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying descriptor. \&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. .PP If the close flag is set then \fBclose()\fR is called on the underlying -file descriptor when the \s-1BIO\s0 is freed. +file descriptor when the BIO is freed. .PP \&\fBBIO_reset()\fR attempts to change the file pointer to the start of file such as by using \fBlseek(fd, 0, 0)\fR. @@ -172,18 +97,18 @@ \&\fBBIO_tell()\fR returns the current file position such as by calling \&\fBlseek(fd, 0, 1)\fR. .PP -\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +\&\fBBIO_set_fd()\fR sets the file descriptor of BIO \fBb\fR to \fBfd\fR and the close flag to \fBc\fR. .PP -\&\fBBIO_get_fd()\fR places the file descriptor of \s-1BIO\s0 \fBb\fR in \fBc\fR if it is not \s-1NULL.\s0 +\&\fBBIO_get_fd()\fR places the file descriptor of BIO \fBb\fR in \fBc\fR if it is not NULL. It also returns the file descriptor. .PP -\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. -.SH "NOTES" +\&\fBBIO_new_fd()\fR returns a file descriptor BIO using \fBfd\fR and \fBclose_flag\fR. +.SH NOTES .IX Header "NOTES" The behaviour of \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR depends on the behavior of the platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying -file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the +file descriptor is in a non blocking mode then the BIO will behave in the manner described in the \fBBIO_read_ex\fR\|(3) and \fBBIO_should_retry\fR\|(3) manual pages. .PP @@ -193,18 +118,18 @@ \&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +\&\fBBIO_s_fd()\fR returns the file descriptor BIO method. .PP \&\fBBIO_set_fd()\fR returns 1 on success or <=0 for failure. .PP -\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the BIO has not been initialized. It also returns zero and negative values if other error occurs. .PP -\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +\&\fBBIO_new_fd()\fR returns the newly allocated BIO or NULL is an error occurred. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": +This is a file descriptor BIO version of "Hello World": .PP .Vb 1 \& BIO *out; @@ -220,11 +145,11 @@ \&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), \&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), \&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_file.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_file.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_FILE 3ossl" -.TH BIO_S_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_FILE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename \- FILE bio -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,16 +84,16 @@ \& int BIO_append_filename(BIO *b, char *name); \& int BIO_rw_filename(BIO *b, char *name); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it -is a wrapper round the stdio \s-1FILE\s0 structure and it is a -source/sink \s-1BIO.\s0 +\&\fBBIO_s_file()\fR returns the BIO file method. As its name implies it +is a wrapper round the stdio FILE structure and it is a +source/sink BIO. .PP Calls to \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read and write data to the underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs. .PP -\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped +\&\fBBIO_flush()\fR on a file BIO calls the \fBfflush()\fR function on the wrapped stream. .PP \&\fBBIO_reset()\fR attempts to change the file pointer to the start of file @@ -179,22 +104,22 @@ .PP \&\fBBIO_eof()\fR calls \fBfeof()\fR. .PP -Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0 +Setting the BIO_CLOSE flag calls \fBfclose()\fR on the stream when the BIO is freed. .PP -\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning -of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0 -flag is set on the returned \s-1BIO.\s0 +\&\fBBIO_new_file()\fR creates a new file BIO with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The BIO_CLOSE +flag is set on the returned BIO. .PP -\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: -\&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying +\&\fBBIO_new_fp()\fR creates a file BIO wrapping \fBstream\fR. Flags can be: +BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying stream to text mode, default is binary: this only has any effect under Win32). .PP -\&\fBBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +\&\fBBIO_set_fp()\fR sets the fp of a file BIO to \fBfp\fR. \fBflags\fR has the same meaning as in \fBBIO_new_fp()\fR, it is a macro. .PP -\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. +\&\fBBIO_get_fp()\fR retrieves the fp of a file BIO, it is a macro. .PP \&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes from the start of file. @@ -202,24 +127,24 @@ \&\fBBIO_tell()\fR returns the value of the position pointer. .PP \&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and -\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +\&\fBBIO_rw_filename()\fR set the file BIO \fBb\fR to use file \fBname\fR for reading, writing, append or read write respectively. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" When wrapping stdout, stdin or stderr the underlying stream should not -normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. +normally be closed so the BIO_NOCLOSE flag should be set. .PP -Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks -in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 +Because the file BIO calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding BIO. .PP On Windows BIO_new_files reserves for the filename argument to be -\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- -lingual environment, encode filenames in \s-1UTF\-8.\s0 +UTF\-8 encoded. In other words if you have to make it work in multi\- +lingual environment, encode filenames in UTF\-8. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. +\&\fBBIO_s_file()\fR returns the file BIO method. .PP -\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file BIO or NULL if an error occurred. .PP \&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or <=0 for failure @@ -231,9 +156,9 @@ .PP \&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and \&\fBBIO_rw_filename()\fR return 1 for success or <=0 for failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -File \s-1BIO\s0 \*(L"hello world\*(R": +File BIO "hello world": .PP .Vb 1 \& BIO *bio_out; @@ -280,11 +205,11 @@ \& BIO_printf(out, "Hello World\en"); \& BIO_free(out); .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" \&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error -occurred this differs from other types of \s-1BIO\s0 which will typically return +occurred this differs from other types of BIO which will typically return 1 for success and a non positive value if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -294,11 +219,11 @@ \&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), \&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), \&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_mem.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_mem.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_MEM 3ossl" -.TH BIO_S_MEM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_MEM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,38 +82,38 @@ \& \& BIO *BIO_new_mem_buf(const void *buf, int len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. +\&\fBBIO_s_mem()\fR returns the memory BIO method function. .PP -A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data -written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended +A memory BIO is a source/sink BIO which uses memory for its I/O. Data +written to a memory BIO is stored in a BUF_MEM structure which is extended as appropriate to accommodate the stored data. .PP \&\fBBIO_s_secmem()\fR is like \fBBIO_s_mem()\fR except that the secure heap is used for buffer storage. .PP -Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. -Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from -the \s-1BIO.\s0 +Any data written to a memory BIO can be recalled by reading from it. +Unless the memory BIO is read only any data read from it is deleted from +the BIO. .PP Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR. .PP -If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying -\&\s-1BUF_MEM\s0 structure is also freed. +If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying +BUF_MEM structure is also freed. .PP -Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the -flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set, otherwise it just restores the read +Calling \fBBIO_reset()\fR on a read write memory BIO clears any data in it if the +flag BIO_FLAGS_NONCLEAR_RST is not set, otherwise it just restores the read pointer to the state it was just after the last write was performed and the -data can be read again. On a read only \s-1BIO\s0 it similarly restores the \s-1BIO\s0 to +data can be read again. On a read only BIO it similarly restores the BIO to its original state and the read only data can be read again. .PP -\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 +\&\fBBIO_eof()\fR is true if no data is in the BIO. .PP \&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored. .PP -\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is -empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is +\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory BIO \fBb\fR when it is +empty. If the \fBv\fR is zero then an empty memory BIO will return EOF (that is it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non zero then it will return \fBv\fR when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal @@ -199,79 +124,79 @@ Note the pointer returned by this call is informative, no transfer of ownership of this memory is implied. See notes on \fBBIO_set_close()\fR. .PP -\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the -close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +\&\fBBIO_set_mem_buf()\fR sets the internal BUF_MEM structure to \fBbm\fR and sets the +close flag to \fBc\fR, that is \fBc\fR should be either BIO_CLOSE or BIO_NOCLOSE. It is a macro. .PP -\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is +\&\fBBIO_get_mem_ptr()\fR places the underlying BUF_MEM structure in *\fBpp\fR. It is a macro. .PP -\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +\&\fBBIO_new_mem_buf()\fR creates a memory BIO using \fBlen\fR bytes of data at \fBbuf\fR, if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its -length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and +length is determined by \fBstrlen\fR. The BIO is set to a read only state and as a result cannot be written to. This is useful when some data needs to be -made available from a static area of memory in the form of a \s-1BIO.\s0 The +made available from a static area of memory in the form of a BIO. The supplied data is read directly from the supplied buffer: it is \fBnot\fR copied -first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. -.SH "NOTES" +first, so the supplied area of memory must be unchanged until the BIO is freed. +.SH NOTES .IX Header "NOTES" Writes to memory BIOs will always succeed if memory is available: that is their size can grow indefinitely. .PP Every write after partial read (not all data in the memory buffer was read) -to a read write memory \s-1BIO\s0 will have to move the unread data with an internal -copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small +to a read write memory BIO will have to move the unread data with an internal +copy operation, if a BIO contains a lot of data and it is read in small chunks intertwined with writes the operation can be very slow. Adding -a buffering \s-1BIO\s0 to the chain can speed up the process. +a buffering BIO to the chain can speed up the process. .PP -Calling \fBBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fBBIO_new_secmem()\fR will +Calling \fBBIO_set_mem_buf()\fR on a BIO created with \fBBIO_new_secmem()\fR will give undefined results, including perhaps a program crash. .PP -Switching the memory \s-1BIO\s0 from read write to read only is not supported and +Switching the memory BIO from read write to read only is not supported and can give undefined results including a program crash. There are two notable exceptions to the rule. The first one is to assign a static memory buffer -immediately after \s-1BIO\s0 creation and set the \s-1BIO\s0 as read only. +immediately after BIO creation and set the BIO as read only. .PP -The other supported sequence is to start with read write \s-1BIO\s0 then temporarily -switch it to read only and call \fBBIO_reset()\fR on the read only \s-1BIO\s0 immediately -before switching it back to read write. Before the \s-1BIO\s0 is freed it must be +The other supported sequence is to start with read write BIO then temporarily +switch it to read only and call \fBBIO_reset()\fR on the read only BIO immediately +before switching it back to read write. Before the BIO is freed it must be switched back to the read write mode. .PP -Calling \fBBIO_get_mem_ptr()\fR on read only \s-1BIO\s0 will return a \s-1BUF_MEM\s0 that +Calling \fBBIO_get_mem_ptr()\fR on read only BIO will return a BUF_MEM that contains only the remaining data to be read. If the close status of the -\&\s-1BIO\s0 is set to \s-1BIO_NOCLOSE,\s0 before freeing the \s-1BUF_MEM\s0 the data pointer -in it must be set to \s-1NULL\s0 as the data pointer does not point to an +BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer +in it must be set to NULL as the data pointer does not point to an allocated memory. .PP -Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 with \s-1BIO_FLAGS_NONCLEAR_RST\s0 +Calling \fBBIO_reset()\fR on a read write memory BIO with BIO_FLAGS_NONCLEAR_RST flag set can have unexpected outcome when the reads and writes to the -\&\s-1BIO\s0 are intertwined. As documented above the \s-1BIO\s0 will be reset to the +BIO are intertwined. As documented above the BIO will be reset to the state after the last completed write operation. The effects of reads preceding that write operation cannot be undone. .PP Calling \fBBIO_get_mem_ptr()\fR prior to a \fBBIO_reset()\fR call with -\&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. +BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation. .PP -Calling \fBBIO_set_close()\fR with \s-1BIO_NOCLOSE\s0 orphans the \s-1BUF_MEM\s0 internal to the -\&\s-1BIO,\s0 _not_ its actual data buffer. See the examples section for the proper +Calling \fBBIO_set_close()\fR with BIO_NOCLOSE orphans the BUF_MEM internal to the +BIO, _not_ its actual data buffer. See the examples section for the proper method for claiming ownership of the data pointer for a deferred free operation. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -There should be an option to set the maximum size of a memory \s-1BIO.\s0 +There should be an option to set the maximum size of a memory BIO. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. +\&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fBBIO_METHOD\fR structure. .PP \&\fBBIO_set_mem_eof_return()\fR, \fBBIO_set_mem_buf()\fR and \fBBIO_get_mem_ptr()\fR return 1 on success or a value which is less than or equal to 0 if an error occurred. .PP \&\fBBIO_get_mem_data()\fR returns the total number of bytes available on success, -0 if b is \s-1NULL,\s0 or a negative value in case of other errors. +0 if b is NULL, or a negative value in case of other errors. .PP -\&\fBBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. -.SH "EXAMPLES" +\&\fBBIO_new_mem_buf()\fR returns a valid \fBBIO\fR structure on success or NULL on error. +.SH EXAMPLES .IX Header "EXAMPLES" -Create a memory \s-1BIO\s0 and write some data to it: +Create a memory BIO and write some data to it: .PP .Vb 1 \& BIO *mem = BIO_new(BIO_s_mem()); @@ -279,14 +204,14 @@ \& BIO_puts(mem, "Hello World\en"); .Ve .PP -Create a read only memory \s-1BIO:\s0 +Create a read only memory BIO: .PP .Vb 2 \& char data[] = "Hello World"; \& BIO *mem = BIO_new_mem_buf(data, \-1); .Ve .PP -Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 +Extract the BUF_MEM structure from a memory BIO and then free up the BIO: .PP .Vb 1 \& BUF_MEM *bptr; @@ -296,8 +221,8 @@ \& BIO_free(mem); .Ve .PP -Extract the \s-1BUF_MEM\s0 ptr, claim ownership of the internal data and free the \s-1BIO\s0 -and \s-1BUF_MEM\s0 structure: +Extract the BUF_MEM ptr, claim ownership of the internal data and free the BIO +and BUF_MEM structure: .PP .Vb 2 \& BUF_MEM *bptr; @@ -312,11 +237,11 @@ \& ... \& free(data); .Ve -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_null.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_null.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,91 +53,32 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_NULL 3ossl" -.TH BIO_S_NULL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_NULL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_null \- null data sink -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_s_null(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to -the null sink is discarded, reads return \s-1EOF.\s0 -.SH "NOTES" +\&\fBBIO_s_null()\fR returns the null sink BIO method. Data written to +the null sink is discarded, reads return EOF. +.SH NOTES .IX Header "NOTES" -A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null +A null sink BIO behaves in a similar manner to the Unix /dev/null device. .PP A null bio can be placed on the end of a chain to discard any data @@ -161,16 +86,16 @@ .PP A null sink is useful if, for example, an application wishes to digest some data by writing through a digest bio but not send the digested data anywhere. -Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved -by adding a null sink \s-1BIO\s0 to the end of the chain +Since a BIO chain must normally include a source/sink BIO this can be achieved +by adding a null sink BIO to the end of the chain .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. -.SH "COPYRIGHT" +\&\fBBIO_s_null()\fR returns the null sink BIO method. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_s_socket.3.orig +++ secure/lib/libcrypto/man/man3/BIO_s_socket.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_S_SOCKET 3ossl" -.TH BIO_S_SOCKET 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_S_SOCKET 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_s_socket, BIO_new_socket \- socket BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,19 +74,19 @@ \& \& BIO *BIO_new_socket(int sock, int close_flag); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper -round the platform's socket routines. +\&\fBBIO_s_socket()\fR returns the socket BIO method. This is a wrapper +round the platform\*(Aqs socket routines. .PP \&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying socket. \&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. .PP If the close flag is set then the socket is shut down and closed -when the \s-1BIO\s0 is freed. +when the BIO is freed. .PP -\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. -.SH "NOTES" +\&\fBBIO_new_socket()\fR returns a socket BIO using \fBsock\fR and \fBclose_flag\fR. +.SH NOTES .IX Header "NOTES" Socket BIOs also support any relevant functionality of file descriptor BIOs. @@ -172,15 +97,15 @@ all platforms. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +\&\fBBIO_s_socket()\fR returns the socket BIO method. .PP -\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +\&\fBBIO_new_socket()\fR returns the newly allocated BIO or NULL is an error occurred. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_set_callback.3.orig +++ secure/lib/libcrypto/man/man3/BIO_set_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_SET_CALLBACK 3ossl" -.TH BIO_SET_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_SET_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_debug_callback_ex, BIO_callback_fn_ex, BIO_callback_fn \&\- BIO callback functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,7 +88,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 6 @@ -174,14 +99,14 @@ \& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, \& long argl, long ret); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 -callback. The callback is called during most high-level \s-1BIO\s0 operations. It can -be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its +\&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the BIO +callback. The callback is called during most high\-level BIO operations. It can +be used for debugging purposes to trace operations on a BIO or to modify its operation. .PP -\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 +\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format BIO callback. New code should not use these functions, but they are retained for backwards compatibility. Any callback set via \fBBIO_set_callback_ex()\fR will get called in preference to any set by \fBBIO_set_callback()\fR. @@ -190,8 +115,8 @@ used to set and retrieve an argument for use in the callback. .PP \&\fBBIO_debug_callback_ex()\fR is a standard debugging callback which prints -out information relating to each \s-1BIO\s0 operation. If the callback -argument is set it is interpreted as a \s-1BIO\s0 to send the information +out information relating to each BIO operation. If the callback +argument is set it is interpreted as a BIO to send the information to, otherwise stderr is used. The \fBBIO_debug_callback()\fR function is the deprecated version of the same callback for use with the old callback format \fBBIO_set_callback()\fR function. @@ -199,35 +124,35 @@ BIO_callback_fn_ex is the type of the callback function and BIO_callback_fn is the type of the old format callback function. The meaning of each argument is described below: -.IP "\fBb\fR" 4 +.IP \fBb\fR 4 .IX Item "b" -The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. -.IP "\fBoper\fR" 4 +The BIO the callback is attached to is passed in \fBb\fR. +.IP \fBoper\fR 4 .IX Item "oper" \&\fBoper\fR is set to the operation being performed. For some operations the callback is called twice, once before and once after the actual -operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0 -.IP "\fBlen\fR" 4 +operation, the latter case has \fBoper\fR or\*(Aqed with BIO_CB_RETURN. +.IP \fBlen\fR 4 .IX Item "len" The length of the data requested to be read or written. This is only useful if -\&\fBoper\fR is \s-1BIO_CB_READ, BIO_CB_WRITE\s0 or \s-1BIO_CB_GETS.\s0 +\&\fBoper\fR is BIO_CB_READ, BIO_CB_WRITE or BIO_CB_GETS. .IP "\fBargp\fR \fBargi\fR \fBargl\fR" 4 .IX Item "argp argi argl" The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on the value of \fBoper\fR, that is the operation being performed. -.IP "\fBprocessed\fR" 4 +.IP \fBprocessed\fR 4 .IX Item "processed" \&\fBprocessed\fR is a pointer to a location which will be updated with the amount of -data that was actually read or written. Only used for \s-1BIO_CB_READ, BIO_CB_WRITE, -BIO_CB_GETS\s0 and \s-1BIO_CB_PUTS.\s0 -.IP "\fBret\fR" 4 +data that was actually read or written. Only used for BIO_CB_READ, BIO_CB_WRITE, +BIO_CB_GETS and BIO_CB_PUTS. +.IP \fBret\fR 4 .IX Item "ret" \&\fBret\fR is the return value that would be returned to the application if no callback were present. The actual value returned is the return value of the callback itself. In the case of callbacks -called before the actual \s-1BIO\s0 operation 1 is placed in \fBret\fR, if +called before the actual BIO operation 1 is placed in \fBret\fR, if the return value is not positive it will be immediately returned to -the application and the \s-1BIO\s0 operation will not be performed. +the application and the BIO operation will not be performed. .PP The callback should normally simply return \fBret\fR when it has finished processing, unless it specifically wishes to modify the @@ -236,7 +161,7 @@ .IX Header "CALLBACK OPERATIONS" In the notes below, \fBcallback\fR defers to the actual callback function that is called. -.IP "\fBBIO_free(b)\fR" 4 +.IP \fBBIO_free(b)\fR 4 .IX Item "BIO_free(b)" .Vb 1 \& callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL) @@ -352,7 +277,7 @@ .Ve .Sp after. -.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 +.IP "\fBBIO_ctrl(BIO *b, int cmd, long larg, void *parg)\fR" 4 .IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" .Vb 1 \& callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL) @@ -378,7 +303,7 @@ .Sp after. .Sp -Note: \fBcmd\fR == \fB\s-1BIO_CTRL_SET_CALLBACK\s0\fR is special, because \fBparg\fR is not the +Note: \fBcmd\fR == \fBBIO_CTRL_SET_CALLBACK\fR is special, because \fBparg\fR is not the argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer to the actual call parameter, see \fBBIO_callback_ctrl\fR. .SH "RETURN VALUES" @@ -390,23 +315,23 @@ \&\fBBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set via a call to \fBBIO_set_callback_arg()\fR. .PP -\&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 +\&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it\*(Aqs called after specific BIO operations. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The \fBBIO_debug_callback_ex()\fR function is an example, its source is in crypto/bio/bio_cb.c -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBBIO_debug_callback_ex()\fR function was added in OpenSSL 3.0. .PP \&\fBBIO_set_callback()\fR, \fBBIO_get_callback()\fR, and \fBBIO_debug_callback()\fR were -deprecated in OpenSSL 3.0. Use the non-deprecated _ex functions instead. -.SH "COPYRIGHT" +deprecated in OpenSSL 3.0. Use the non\-deprecated _ex functions instead. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- /dev/null +++ secure/lib/libcrypto/man/man3/BIO_set_flags.3 @@ -0,0 +1,236 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "BIO_SET_FLAGS 3ossl" +.TH BIO_SET_FLAGS 3ossl 2026-04-07 3.0.20 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +BIO_set_flags, BIO_clear_flags, BIO_test_flags, BIO_get_flags, +BIO_set_retry_read, BIO_set_retry_write, BIO_set_retry_special, +BIO_clear_retry_flags, BIO_get_retry_flags +\&\- manipulate and interpret BIO flags +.SH SYNOPSIS +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BIO_set_flags(BIO *b, int flags); +\& void BIO_clear_flags(BIO *b, int flags); +\& int BIO_test_flags(const BIO *b, int flags); +\& int BIO_get_flags(const BIO *b); +\& +\& void BIO_set_retry_read(BIO *b); +\& void BIO_set_retry_write(BIO *b); +\& void BIO_set_retry_special(BIO *b); +\& void BIO_clear_retry_flags(BIO *b); +\& int BIO_get_retry_flags(BIO *b); +.Ve +.SH DESCRIPTION +.IX Header "DESCRIPTION" +A \fBBIO\fR has an internal set of bit flags that describe its state. These +functions and macros are used primarily by \fBBIO\fR implementations and by code +that builds \fBBIO\fR chains to manipulate those flags. +.PP +\&\fBBIO_set_flags()\fR sets the bits given in \fIflags\fR in the \fBBIO\fR \fIb\fR. Any bits +already set in the \fBBIO\fR\*(Aqs flag word remain set. +.PP +\&\fBBIO_clear_flags()\fR clears the bits given in \fIflags\fR from the \fBBIO\fR \fIb\fR. Any +other bits in the flag word are left unchanged. +.PP +\&\fBBIO_test_flags()\fR tests the bits given in \fIflags\fR in the \fBBIO\fR \fIb\fR and +returns a nonzero value if any of them are currently set and zero +otherwise. +.PP +\&\fBBIO_get_flags()\fR returns the current flag word from the \fBBIO\fR \fIb\fR. This is +equivalent to testing for all bits and returning the result. +.PP +The following convenience macros are built on top of these primitives and are +used to maintain the retry state of a BIO: +.PP +\&\fBBIO_set_retry_read()\fR marks the \fBBIO\fR \fIb\fR as being in a retryable state +by setting the \fBBIO_FLAGS_SHOULD_RETRY\fR flag. In addition, it sets the +\&\fBBIO_FLAGS_READ\fR flag to indicate that the retry condition is +associated with a read operation. +.PP +\&\fBBIO_set_retry_write()\fR marks the \fBBIO\fR \fIb\fR as being in a retryable state +by setting the \fBBIO_FLAGS_SHOULD_RETRY\fR flag. In addition, it sets the +\&\fBBIO_FLAGS_WRITE\fR flag to indicate that the retry condition is +associated with a write operation. +.PP +\&\fBBIO_set_retry_special()\fR marks the \fBBIO\fR \fIb\fR as being in a retryable state +by setting the \fBBIO_FLAGS_SHOULD_RETRY\fR flag. In addition, it sets the +\&\fBBIO_FLAGS_IO_SPECIAL\fR flag to indicate that the retry condition is +associated with a read operation some "special" condition. +The precise meaning of this condition depends on the \fBBIO\fR type. +.PP +\&\fBBIO_clear_retry_flags()\fR clears all retry\-related bits from \fIb\fR, i.e. +\&\fBBIO_FLAGS_READ\fR, \fBBIO_FLAGS_WRITE\fR, \fBBIO_FLAGS_IO_SPECIAL\fR, and +\&\fBBIO_FLAGS_SHOULD_RETRY\fR. +.PP +\&\fBBIO_get_retry_flags()\fR returns retry\-related bits that are +currently set in \fIb\fR. The result is a subset of +\&\fBBIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY\fR. +.PP +The retry bits are interpreted by the higher level macros +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, +\&\fBBIO_retry_type()\fR and \fBBIO_should_retry()\fR, as documented in +\&\fBBIO_should_retry\fR\|(3). Application code will typically use those macros +rather than manipulate the underlying flags directly. +.PP +The following flag bits are currently defined for use with \fBBIO_set_flags()\fR, +\&\fBBIO_clear_flags()\fR and \fBBIO_test_flags()\fR: +.IP \fBBIO_FLAGS_READ\fR 4 +.IX Item "BIO_FLAGS_READ" +The last I/O operation should be retried when the \fBBIO\fR becomes readable. +This flag is normally set by the \fBBIO\fR implementation via \fBBIO_set_retry_read()\fR +after a failed read operation. +.IP \fBBIO_FLAGS_WRITE\fR 4 +.IX Item "BIO_FLAGS_WRITE" +The last I/O operation should be retried when the \fBBIO\fR becomes writable. +This flag is normally set by the \fBBIO\fR implementation via \fBBIO_set_retry_write()\fR +after a failed write operation. +.IP \fBBIO_FLAGS_IO_SPECIAL\fR 4 +.IX Item "BIO_FLAGS_IO_SPECIAL" +The last I/O operation should be retried when some "special" condition +becomes true. The precise meaning of this condition depends on the \fBBIO\fR +type and is usually obtained via \fBBIO_get_retry_BIO()\fR and +\&\fBBIO_get_retry_reason()\fR as described in \fBBIO_should_retry\fR\|(3). +This flag is normally set by the \fBBIO\fR implementation via +\&\fBBIO_set_retry_special()\fR. +.IP \fBBIO_FLAGS_RWS\fR 4 +.IX Item "BIO_FLAGS_RWS" +The bitwise OR of \fBBIO_FLAGS_READ\fR, \fBBIO_FLAGS_WRITE\fR and +\&\fBBIO_FLAGS_IO_SPECIAL\fR. This mask is used when clearing or extracting +the retry\-direction bits. +.IP \fBBIO_FLAGS_SHOULD_RETRY\fR 4 +.IX Item "BIO_FLAGS_SHOULD_RETRY" +Set if the last I/O operation on the \fBBIO\fR should be retried at a later time. +If this bit is not set then the condition is treated as an error. +This flag is normally set by the \fBBIO\fR implementation. +.IP \fBBIO_FLAGS_BASE64_NO_NL\fR 4 +.IX Item "BIO_FLAGS_BASE64_NO_NL" +When set on a base64 filter \fBBIO\fR this flag disables the generation of +newline characters in the encoded output and causes newlines to be ignored +in the input. See also \fBBIO_f_base64\fR\|(3). +The flag has no effect on any other built\-in \fBBIO\fR types. +.IP \fBBIO_FLAGS_MEM_RDONLY\fR 4 +.IX Item "BIO_FLAGS_MEM_RDONLY" +When set on a memory \fBBIO\fR this flag indicates that the underlying buffer is +read only. Attempts to write to such a \fBBIO\fR will fail. +The flag has no effect on any other built\-in \fBBIO\fR types. +.IP \fBBIO_FLAGS_NONCLEAR_RST\fR 4 +.IX Item "BIO_FLAGS_NONCLEAR_RST" +On a memory \fBBIO\fR this flag modifies the behaviour of \fBBIO_reset()\fR. When it +is set, resetting the \fBBIO\fR does not clear the underlying buffer but only +resets the current read position. +The flag has no effect on any other built\-in \fBBIO\fR types. +.IP \fBBIO_FLAGS_IN_EOF\fR 4 +.IX Item "BIO_FLAGS_IN_EOF" +This flag may be used by a \fBBIO\fR implementation to indicate that the end +of the input stream has been reached. However, \fBBIO\fR types are not +required to use this flag to signal end\-of\-file conditions; they may rely +on other mechanisms such as system calls or by querying the next \fBBIO\fR in a +chain. Applications must therefore not test this flag directly to +determine whether EOF has been reached, and must use \fBBIO_eof()\fR instead. +.PP +A range of additional flag values is reserved for internal use by OpenSSL +to track kernel TLS (KTLS) state. This range and the corresponding flag +macros are not part of the public API and must not be used by applications. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_flags()\fR returns a bit mask of the flags currently set on the \fBBIO\fR. +.PP +\&\fBBIO_test_flags()\fR returns a bit mask consisting of those flags from the +argument that are currently set in the \fBBIO\fR. Consequently, it returns a +nonzero value if and only if at least one of the requested flags is set. +.PP +\&\fBBIO_get_retry_flags()\fR returns a bit mask consisting of those flags from +\&\fBBIO_FLAGS_READ\fR, \fBBIO_FLAGS_WRITE\fR, \fBBIO_FLAGS_IO_SPECIAL\fR, and +\&\fBBIO_FLAGS_SHOULD_RETRY\fR that are currently set in the \fIBIO\fR. +.SH NOTES +.IX Header "NOTES" +Ordinary application code will rarely need to call \fBBIO_set_flags()\fR, +\&\fBBIO_clear_flags()\fR or \fBBIO_test_flags()\fR directly. They are intended for \fBBIO\fR +implementations and for code that forwards retry state from one \fBBIO\fR in a +chain to another. +After a failed I/O operation, applications should normally use +\&\fBBIO_should_retry()\fR and related macros as described in +\&\fBBIO_should_retry\fR\|(3) instead of inspecting the flags directly. +.PP +These functions and macros are not thread\-safe. If a single \fBBIO\fR +is accessed from multiple threads, the caller must provide appropriate +external synchronisation. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_should_retry\fR\|(3), \fBBIO_f_base64\fR\|(3), \fBbio\fR\|(7) +.SH HISTORY +.IX Header "HISTORY" +The functions and macros described here have been available in OpenSSL since +at least 1.1.0 (\fBBIO_FLAGS_IN_EOF\fR since 1.1.1). +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +. --- secure/lib/libcrypto/man/man3/BIO_should_retry.3.orig +++ secure/lib/libcrypto/man/man3/BIO_should_retry.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_SHOULD_RETRY 3ossl" -.TH BIO_SHOULD_RETRY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_SHOULD_RETRY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,9 +83,9 @@ \& int BIO_get_retry_reason(BIO *bio); \& void BIO_set_retry_reason(BIO *bio, int reason); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions determine why a \s-1BIO\s0 is not able to read or write data. +These functions determine why a BIO is not able to read or write data. They will typically be called after a failed \fBBIO_read_ex()\fR or \fBBIO_write_ex()\fR call. .PP @@ -169,58 +94,58 @@ .PP If \fBBIO_should_retry()\fR is false then the cause is an error condition. .PP -\&\fBBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 +\&\fBBIO_should_read()\fR is true if the cause of the condition is that the BIO has insufficient data to return. Check for readability and/or retry the last operation. .PP -\&\fBBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 +\&\fBBIO_should_write()\fR is true if the cause of the condition is that the BIO has pending data to write. Check for writability and/or retry the last operation. .PP -\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +\&\fBBIO_should_io_special()\fR is true if some "special" condition, that is a reason other than reading or writing is the cause of the condition. .PP \&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition -consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, -\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of +consisting of the values \fBBIO_FLAGS_READ\fR, \fBBIO_FLAGS_WRITE\fR, +\&\fBBIO_FLAGS_IO_SPECIAL\fR though current BIO types will only set one of these. .PP \&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special -condition, it returns the \s-1BIO\s0 that caused this condition and if -\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of +condition, it returns the BIO that caused this condition and if +\&\fBreason\fR is not NULL it contains the reason code. The meaning of the reason code and the action that should be taken depends on -the type of \s-1BIO\s0 that resulted in this condition. +the type of BIO that resulted in this condition. .PP \&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if -passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR. +passed the relevant BIO, for example as returned by \fBBIO_get_retry_BIO()\fR. .PP \&\fBBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given -\&\s-1BIO.\s0 This would usually only be called by \s-1BIO\s0 implementations. -.SH "NOTES" +BIO. This would usually only be called by BIO implementations. +.SH NOTES .IX Header "NOTES" \&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, \&\fBBIO_retry_type()\fR, and \fBBIO_should_retry()\fR, are implemented as macros. .PP -If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" -depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 -operation. For example if a call to \fBBIO_read_ex()\fR on a socket \s-1BIO\s0 returns +If \fBBIO_should_retry()\fR returns false then the precise "error condition" +depends on the BIO type that caused it and the return code of the BIO +operation. For example if a call to \fBBIO_read_ex()\fR on a socket BIO returns 0 and \fBBIO_should_retry()\fR is false then the cause will be that the -connection closed. A similar condition on a file \s-1BIO\s0 will mean that it -has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on -the error queue. For more details see the individual \s-1BIO\s0 type manual +connection closed. A similar condition on a file BIO will mean that it +has reached EOF. Some BIO types may place additional information on +the error queue. For more details see the individual BIO type manual pages. .PP If the underlying I/O structure is in a blocking mode almost all current -\&\s-1BIO\s0 types will not request a retry, because the underlying I/O -calls will not. If the application knows that the \s-1BIO\s0 type will never +BIO types will not request a retry, because the underlying I/O +calls will not. If the application knows that the BIO type will never signal a retry then it need not call \fBBIO_should_retry()\fR after a failed -\&\s-1BIO I/O\s0 call. This is typically done with file BIOs. +BIO I/O call. This is typically done with file BIOs. .PP -\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a +SSL BIOs are the only current exception to this rule: they can request a retry even if the underlying I/O structure is blocking, if a handshake occurs during a call to \fBBIO_read()\fR. An application can retry the failed -call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 -on the underlying \s-1SSL\s0 structure. +call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY +on the underlying SSL structure. .PP While an application may retry a failed non blocking call immediately this is likely to be very inefficient because the call will fail @@ -230,47 +155,47 @@ .PP For example if the cause is ultimately a socket and \fBBIO_should_read()\fR is true then a call to \fBselect()\fR may be made to wait until data is -available and then retry the \s-1BIO\s0 operation. By combining the retry +available and then retry the BIO operation. By combining the retry conditions of several non blocking BIOs in a single \fBselect()\fR call it is possible to service several BIOs in a single thread, though -the performance may be poor if \s-1SSL\s0 BIOs are present because long delays +the performance may be poor if SSL BIOs are present because long delays can occur during the initial handshake process. .PP -It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O +It is possible for a BIO to block indefinitely if the underlying I/O structure cannot process or return any data. This depends on the behaviour of the platforms I/O functions. This is often not desirable: one solution is to use non blocking I/O and use a timeout on the \fBselect()\fR (or equivalent) call. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: +The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O: that is they cannot retry after a partial read or write. This is usually -worked around by only passing the relevant data to \s-1ASN1\s0 functions when +worked around by only passing the relevant data to ASN1 functions when the entire structure can be read or written. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, and \&\fBBIO_should_retry()\fR return either 1 or 0 based on the actual conditions -of the \fB\s-1BIO\s0\fR. +of the \fBBIO\fR. .PP \&\fBBIO_retry_type()\fR returns a flag combination presenting the cause of a retry condition or false if there is no retry condition. .PP -\&\fBBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. +\&\fBBIO_get_retry_BIO()\fR returns a valid \fBBIO\fR structure. .PP \&\fBBIO_get_retry_reason()\fR returns the reason for a special condition. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BIO_socket_wait.3.orig +++ secure/lib/libcrypto/man/man3/BIO_socket_wait.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO_SOCKET_WAIT 3ossl" -.TH BIO_SOCKET_WAIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO_SOCKET_WAIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BIO_socket_wait, BIO_wait, BIO_do_connect_retry \&\- BIO connection utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,13 +79,13 @@ \& int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); \& int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBIO_socket_wait()\fR waits on the socket \fBfd\fR for reading if \fBfor_read\fR is not 0, else for writing, at most until \fBmax_time\fR. It succeeds immediately if \fBmax_time\fR == 0 (which means no timeout given). .PP -\&\fBBIO_wait()\fR waits at most until \fBmax_time\fR on the given (typically socket-based) +\&\fBBIO_wait()\fR waits at most until \fBmax_time\fR on the given (typically socket\-based) \&\fBbio\fR, for reading if \fBbio\fR is supposed to read, else for writing. It is used by \fBBIO_do_connect_retry()\fR and can be used together \fBBIO_read\fR\|(3). It succeeds immediately if \fBmax_time\fR == 0 (which means no timeout given). @@ -171,7 +96,7 @@ \&\fBBIO_do_connect_retry()\fR connects via the given \fBbio\fR. It retries \fBBIO_do_connect()\fR as far as needed to reach a definite outcome, i.e., connection succeeded, timeout has been reached, or an error occurred. -For nonblocking and potentially even non-socket BIOs it polls +For nonblocking and potentially even non\-socket BIOs it polls every \fBnap_milliseconds\fR and sleeps in between using \fBBIO_wait()\fR. If \fBnap_milliseconds\fR is < 0 then a default value of 100 ms is used. If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds @@ -186,15 +111,15 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBIO_do_connect\fR\|(3), \fBBIO_read\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBBIO_socket_wait()\fR, \fBBIO_wait()\fR, and \fBBIO_do_connect_retry()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_BLINDING_new.3.orig +++ secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_BLINDING_NEW 3ossl" -.TH BN_BLINDING_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_BLINDING_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -175,84 +100,84 @@ \& BN_MONT_CTX *m_ctx), \& BN_MONT_CTX *m_ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies -the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. +\&\fBBN_BLINDING_new()\fR allocates a new \fBBN_BLINDING\fR structure and copies +the \fBA\fR and \fBAi\fR values into the newly created \fBBN_BLINDING\fR object. .PP -\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. -If \fBb\fR is \s-1NULL,\s0 nothing is done. +\&\fBBN_BLINDING_free()\fR frees the \fBBN_BLINDING\fR structure. +If \fBb\fR is NULL, nothing is done. .PP -\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +\&\fBBN_BLINDING_update()\fR updates the \fBBN_BLINDING\fR parameters by squaring the \fBA\fR and \fBAi\fR or, after specific number of uses and if the -necessary parameters are set, by re-creating the blinding parameters. +necessary parameters are set, by re\-creating the blinding parameters. .PP \&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. -If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be -returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among +If \fBr\fR is not NULL a copy the inverse blinding factor \fBAi\fR will be +returned in \fBr\fR (this is useful if a \fBRSA\fR object is shared among several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the -inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as +inverse blinding factor \fBAi\fR. If \fBr\fR is not NULL it will be used as the inverse blinding. .PP \&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR -with \fBr\fR set to \s-1NULL.\s0 +with \fBr\fR set to NULL. .PP -\&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR +\&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fBBN_BLINDING\fR structure is owned by the current thread. This is to help users -provide proper locking if needed for multi-threaded use. +provide proper locking if needed for multi\-threaded use. .PP \&\fBBN_BLINDING_set_current_thread()\fR sets the current thread as the -owner of the \fB\s-1BN_BLINDING\s0\fR structure. +owner of the \fBBN_BLINDING\fR structure. .PP -\&\fBBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. +\&\fBBN_BLINDING_lock()\fR locks the \fBBN_BLINDING\fR structure. .PP -\&\fBBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. +\&\fBBN_BLINDING_unlock()\fR unlocks the \fBBN_BLINDING\fR structure. .PP -\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently -there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and -\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the -automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use -and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation -of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently -32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. -\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +\&\fBBN_BLINDING_get_flags()\fR returns the BN_BLINDING flags. Currently +there are two supported flags: \fBBN_BLINDING_NO_UPDATE\fR and +\&\fBBN_BLINDING_NO_RECREATE\fR. \fBBN_BLINDING_NO_UPDATE\fR inhibits the +automatic update of the \fBBN_BLINDING\fR parameters after each use +and \fBBN_BLINDING_NO_RECREATE\fR inhibits the automatic re\-creation +of the \fBBN_BLINDING\fR parameters after a fixed number of uses (currently +32). In newly allocated \fBBN_BLINDING\fR objects no flags are set. +\&\fBBN_BLINDING_set_flags()\fR sets the \fBBN_BLINDING\fR parameters flags. .PP -\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +\&\fBBN_BLINDING_create_param()\fR creates new \fBBN_BLINDING\fR parameters using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and \&\fBm_ctx\fR can be used to pass special functions for exponentiation -(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +(normally \fBBN_mod_exp_mont()\fR and \fBBN_MONT_CTX\fR). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure -or \s-1NULL\s0 in case of an error. +\&\fBBN_BLINDING_new()\fR returns the newly allocated \fBBN_BLINDING\fR structure +or NULL in case of an error. .PP \&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR, \&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on success and 0 if an error occurred. .PP \&\fBBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns -the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. +the \fBBN_BLINDING\fR object, 0 otherwise. .PP -\&\fBBN_BLINDING_set_current_thread()\fR doesn't return anything. +\&\fBBN_BLINDING_set_current_thread()\fR doesn\*(Aqt return anything. .PP \&\fBBN_BLINDING_lock()\fR, \fBBN_BLINDING_unlock()\fR return 1 if the operation succeeded or 0 on error. .PP -\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fBBN_BLINDING\fR flags (a \fBunsigned long\fR value). .PP -\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR -parameters or \s-1NULL\s0 on error. -.SH "HISTORY" +\&\fBBN_BLINDING_create_param()\fR returns the newly created \fBBN_BLINDING\fR +parameters or NULL on error. +.SH HISTORY .IX Header "HISTORY" \&\fBBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2005\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/BN_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_CTX_NEW 3ossl" -.TH BN_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_CTX_new_ex, BN_CTX_new, BN_CTX_secure_new_ex, BN_CTX_secure_new, BN_CTX_free \&\- allocate and free BN_CTX structures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,38 +79,38 @@ \& \& void BN_CTX_free(BN_CTX *c); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by -library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs +A \fBBN_CTX\fR is a structure that holds \fBBIGNUM\fR temporary variables used by +library functions. Since dynamic memory allocation to create \fBBIGNUM\fRs is rather expensive when used in conjunction with repeated subroutine -calls, the \fB\s-1BN_CTX\s0\fR structure is used. +calls, the \fBBN_CTX\fR structure is used. .PP -\&\fBBN_CTX_new_ex()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure for the given -library context \fBctx\fR. The value may be \s-1NULL\s0 in which case the default +\&\fBBN_CTX_new_ex()\fR allocates and initializes a \fBBN_CTX\fR structure for the given +library context \fBctx\fR. The value may be NULL in which case the default library context will be used. \fBBN_CTX_new()\fR is the same as \fBBN_CTX_new_ex()\fR except that the default library context is always used. .PP -\&\fBBN_CTX_secure_new_ex()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure +\&\fBBN_CTX_secure_new_ex()\fR allocates and initializes a \fBBN_CTX\fR structure but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the -\&\fB\s-1BIGNUM\s0\fRs for the given library context \fBctx\fR. The value may be \s-1NULL\s0 in +\&\fBBIGNUM\fRs for the given library context \fBctx\fR. The value may be NULL in which case the default library context will be used. \fBBN_CTX_secure_new()\fR is the same as \fBBN_CTX_secure_new_ex()\fR except that the default library context is always used. .PP -\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. -Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the -\&\fB\s-1BN_CTX\s0\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may -be freed by \fBBN_CTX_free()\fR. If \fBc\fR is \s-1NULL,\s0 nothing is done. +\&\fBBN_CTX_free()\fR frees the components of the \fBBN_CTX\fR and the structure itself. +Since \fBBN_CTX_start()\fR is required in order to obtain \fBBIGNUM\fRs from the +\&\fBBN_CTX\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fBBN_CTX\fR may +be freed by \fBBN_CTX_free()\fR. If \fBc\fR is NULL, nothing is done. .PP -A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No +A given \fBBN_CTX\fR must only be used by a single thread of execution. No locking is performed, and the internal pool allocator will not properly handle multiple threads of execution. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. +\&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fBBN_CTX\fR. If the allocation fails, -they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by +they return \fBNULL\fR and sets an error code that can be obtained by \&\fBERR_get_error\fR\|(3). .PP \&\fBBN_CTX_free()\fR has no return values. @@ -210,14 +135,14 @@ .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), \&\fBBN_CTX_start\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_CTX_start.3.orig +++ secure/lib/libcrypto/man/man3/BN_CTX_start.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_CTX_START 3ossl" -.TH BN_CTX_START 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_CTX_START 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,39 +76,39 @@ \& \& void BN_CTX_end(BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from -a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) +These functions are used to obtain temporary \fBBIGNUM\fR variables from +a \fBBN_CTX\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) in order to save the overhead of repeatedly creating and -freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. +freeing \fBBIGNUM\fRs in functions that are called from inside a loop. .PP A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be -called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR +called repeatedly to obtain temporary \fBBIGNUM\fRs. All \fBBN_CTX_get()\fR calls must be made before calling any other functions that use the \&\fBctx\fR as an argument. .PP Finally, \fBBN_CTX_end()\fR must be called before returning from the function. -If \fBctx\fR is \s-1NULL,\s0 nothing is done. -When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +If \fBctx\fR is NULL, nothing is done. +When \fBBN_CTX_end()\fR is called, the \fBBIGNUM\fR pointers obtained from \&\fBBN_CTX_get()\fR become invalid. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values. .PP -\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. -Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +\&\fBBN_CTX_get()\fR returns a pointer to the \fBBIGNUM\fR, or \fBNULL\fR on error. +Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fBNULL\fR as well, so it is sufficient to check the return value of the last \&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_CTX_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_add.3.orig +++ secure/lib/libcrypto/man/man3/BN_add.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_ADD 3ossl" -.TH BN_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_ADD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,9 +76,9 @@ \& \& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& -\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); \& -\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); \& \& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, \& BN_CTX *ctx); @@ -162,50 +87,50 @@ \& \& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); \& -\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); \& -\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); \& -\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); \& -\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); \& -\& BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +\& BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); \& -\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); +\& int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); \& -\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, \& const BIGNUM *m, BN_CTX *ctx); \& -\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). -\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +\&\fIr\fR may be the same \fBBIGNUM\fR as \fIa\fR or \fIb\fR. .PP \&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). -\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +\&\fIr\fR may be the same \fBBIGNUM\fR as \fIa\fR or \fIb\fR. .PP \&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). -\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +\&\fIr\fR may be the same \fBBIGNUM\fR as \fIa\fR or \fIb\fR. For multiplication by powers of 2, use \fBBN_lshift\fR\|(3). .PP \&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR -(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fBBIGNUM\fR. This function is faster than BN_mul(r,a,a). .PP \&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may -be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +be \fBNULL\fR, in which case the respective value is not returned. The result is rounded towards zero; thus if \fIa\fR is negative, the remainder will be zero or negative. For division by powers of 2, use \fBBN_rshift\fR\|(3). .PP -\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fBNULL\fR. .PP \&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the nonnegative remainder in \fIr\fR. @@ -218,7 +143,7 @@ .PP \&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the nonnegative remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be -the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +the same \fBBIGNUM\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for repeated computations using the same modulus, see \&\fBBN_mod_mul_montgomery\fR\|(3) and \&\fBBN_mod_mul_reciprocal\fR\|(3). @@ -228,8 +153,8 @@ .PP \&\fBBN_mod_sqrt()\fR returns the modular square root of \fIa\fR such that \&\f(CW\*(C`in^2 = a (mod p)\*(C'\fR. The modulus \fIp\fR must be a -prime, otherwise an error or an incorrect \*(L"result\*(R" will be returned. -The result is stored into \fIin\fR which can be \s-1NULL.\s0 The result will be +prime, otherwise an error or an incorrect "result" will be returned. +The result is stored into \fIin\fR which can be NULL. The result will be newly allocated in that case. .PP \&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR @@ -239,21 +164,25 @@ \&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this function when \fBm\fR is even and any of the parameters have the -\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. +\&\fBBN_FLG_CONSTTIME\fR flag set. .PP \&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and -places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +places the result in \fIr\fR. \fIr\fR may be the same \fBBIGNUM\fR as \fIa\fR or \&\fIb\fR. .PP -For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +For all functions, \fIctx\fR is a previously allocated \fBBN_CTX\fR used for temporary variables; see \fBBN_CTX_new\fR\|(3). .PP -Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from +Unless noted otherwise, the result \fBBIGNUM\fR must be different from the arguments. +.SH NOTES +.IX Header "NOTES" +For modular operations such as \fBBN_nnmod()\fR or \fBBN_mod_exp()\fR it is an error +to use the same \fBBIGNUM\fR object for the modulus as for the output. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBBN_mod_sqrt()\fR returns the result (possibly incorrect if \fIp\fR is -not a prime), or \s-1NULL.\s0 +not a prime), or NULL. .PP For all remaining functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). @@ -262,11 +191,11 @@ .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3), \&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_add_word.3.orig +++ secure/lib/libcrypto/man/man3/BN_add_word.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_ADD_WORD 3ossl" -.TH BN_ADD_WORD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_ADD_WORD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic functions on BIGNUMs with integers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,10 +81,10 @@ \& \& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions perform arithmetic operations on BIGNUMs with unsigned -integers. They are much more efficient than the normal \s-1BIGNUM\s0 +integers. They are much more efficient than the normal BIGNUM arithmetic operations. .PP \&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). @@ -179,15 +104,15 @@ on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP \&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and -\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. +\&\fB(BN_ULONG)\-1\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_bn2bin.3.orig +++ secure/lib/libcrypto/man/man3/BN_bn2bin.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_BN2BIN 3ossl" -.TH BN_BN2BIN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_BN2BIN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2nativepad, BN_native2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -169,76 +94,76 @@ \& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); \& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big\-endian form and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of memory. .PP -\&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form +\&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big\-endian form and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer \&\fBto\fR. The result is padded with zeros if necessary. If \fBtolen\fR is less than BN_num_bytes(\fBa\fR) an error is returned. .PP -\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length -\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is -\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. +\&\fBBN_bin2bn()\fR converts the positive integer in big\-endian form of length +\&\fBlen\fR at \fBs\fR into a \fBBIGNUM\fR and places it in \fBret\fR. If \fBret\fR is +NULL, a new \fBBIGNUM\fR is created. .PP \&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and -\&\fBBN_bin2bn()\fR except the buffer is in little-endian format. +\&\fBBN_bin2bn()\fR except the buffer is in little\-endian format. .PP \&\fBBN_bn2nativepad()\fR and \fBBN_native2bn()\fR are identical to \fBBN_bn2binpad()\fR and \&\fBBN_bin2bn()\fR except the buffer is in native format, i.e. most significant -byte first on big-endian platforms, and least significant byte first on -little-endian platforms. +byte first on big\-endian platforms, and least significant byte first on +little\-endian platforms. .PP \&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the hexadecimal and decimal encoding of \fBa\fR respectively. For negative -numbers, the string is prefaced with a leading '\-'. The string must be +numbers, the string is prefaced with a leading \*(Aq\-\*(Aq. The string must be freed later using \fBOPENSSL_free()\fR. .PP \&\fBBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, -including the leading character '\-' which means negative, to form a valid -hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and -stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. If -\&\fBa\fR is \s-1NULL,\s0 it only computes the length of valid representation. -A \*(L"negative zero\*(R" is converted to zero. +including the leading character \*(Aq\-\*(Aq which means negative, to form a valid +hexadecimal number representation and converts them to a \fBBIGNUM\fR and +stores it in **\fBa\fR. If *\fBa\fR is NULL, a new \fBBIGNUM\fR is created. If +\&\fBa\fR is NULL, it only computes the length of valid representation. +A "negative zero" is converted to zero. \&\fBBN_dec2bn()\fR is the same using the decimal system. .PP \&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, -with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR +with a leading \*(Aq\-\*(Aq for negative numbers, to the \fBBIO\fR or \fBFILE\fR \&\fBfp\fR. .PP -\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format -that consists of the number's length in bytes represented as a 4\-byte -big-endian number, and the number itself in big-endian format, where +\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fBBIGNUM\fRs from and to a format +that consists of the number\*(Aqs length in bytes represented as a 4\-byte +big\-endian number, and the number itself in big\-endian format, where the most significant bit signals a negative number (the representation -of numbers with the \s-1MSB\s0 set is prefixed with null byte). +of numbers with the MSB set is prefixed with null byte). .PP \&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR must be large enough to hold the result. The size can be determined by -calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). +calling BN_bn2mpi(\fBa\fR, NULL). .PP \&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to -a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR -if \fBret\fR is \s-1NULL.\s0 +a \fBBIGNUM\fR and stores it at \fBret\fR, or in a newly allocated \fBBIGNUM\fR +if \fBret\fR is NULL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. -\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +\&\fBBN_bn2bin()\fR returns the length of the big\-endian number placed at \fBto\fR. +\&\fBBN_bin2bn()\fR returns the \fBBIGNUM\fR, NULL on error. .PP \&\fBBN_bn2binpad()\fR, \fBBN_bn2lebinpad()\fR, and \fBBN_bn2nativepad()\fR return the number of bytes written or \-1 if the supplied buffer is too small. .PP -\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a NUL-terminated string, or \s-1NULL\s0 +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a NUL\-terminated string, or NULL on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters used in parsing, or 0 on error, in which -case no new \fB\s-1BIGNUM\s0\fR will be created. +case no new \fBBIGNUM\fR will be created. .PP \&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors. .PP \&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR -returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. +returns the \fBBIGNUM\fR, and NULL on error. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" @@ -246,11 +171,11 @@ \&\fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3), \&\fBASN1_INTEGER_to_BN\fR\|(3), \&\fBBN_num_bytes\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_cmp.3.orig +++ secure/lib/libcrypto/man/man3/BN_cmp.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_CMP 3ossl" -.TH BN_CMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_CMP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd \- BIGNUM comparison and test functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,7 +79,7 @@ \& int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); \& int BN_is_odd(const BIGNUM *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBN_cmp()\fR compares the numbers \fIa\fR and \fIb\fR. \fBBN_ucmp()\fR compares their absolute values. @@ -170,15 +95,15 @@ .PP \&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR, \fBBN_abs_is_word()\fR and \&\fBBN_is_odd()\fR return 1 if the condition is true, 0 otherwise. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" Prior to OpenSSL 1.1.0, \fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR, \&\fBBN_abs_is_word()\fR and \fBBN_is_odd()\fR were macros. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_copy.3.orig +++ secure/lib/libcrypto/man/man3/BN_copy.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_COPY 3ossl" -.TH BN_COPY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_COPY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,9 +76,9 @@ \& \& void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fBBIGNUM\fR containing the value \fBfrom\fR. .PP BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places @@ -161,31 +86,31 @@ these restrictions may encounter unexpected side effects or crashes. For that reason use of this function is discouraged. Any flags provided in \fBflags\fR will be set in \fBdest\fR in addition to any flags already set in \fBb\fR. For example this -might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the -\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set for constant time operations. The temporary copy in +might commonly be used to create a temporary copy of a BIGNUM with the +\&\fBBN_FLG_CONSTTIME\fR flag set for constant time operations. The temporary copy in \&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following restrictions apply to the use of \fBdest\fR: -.IP "\(bu" 2 -\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fBBN_new()\fR. It +.IP \(bu 2 +\&\fBdest\fR should be a newly allocated BIGNUM obtained via a call to \fBBN_new()\fR. It should not have been used for other purposes or initialised in any way. -.IP "\(bu" 2 -\&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those -functions where the relevant parameter is declared \*(L"const\*(R". -.IP "\(bu" 2 +.IP \(bu 2 +\&\fBdest\fR must only be used in "read\-only" operations, i.e. typically those +functions where the relevant parameter is declared "const". +.IP \(bu 2 \&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns -the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained +\&\fBBN_copy()\fR returns \fBto\fR on success, NULL on error. \fBBN_dup()\fR returns +the new \fBBIGNUM\fR, and NULL on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_generate_prime.3.orig +++ secure/lib/libcrypto/man/man3/BN_generate_prime.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_GENERATE_PRIME 3ossl" -.TH BN_GENERATE_PRIME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_GENERATE_PRIME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, BN_check_prime, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -173,7 +98,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 0.9.8, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -190,7 +115,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -199,57 +124,57 @@ \& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, \& int do_trial_division, BN_GENCB *cb); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBN_generate_prime_ex2()\fR generates a pseudo-random prime number of -at least bit length \fBbits\fR using the \s-1BN_CTX\s0 provided in \fBctx\fR. The value of -\&\fBctx\fR must not be \s-1NULL.\s0 +\&\fBBN_generate_prime_ex2()\fR generates a pseudo\-random prime number of +at least bit length \fBbits\fR using the BN_CTX provided in \fBctx\fR. The value of +\&\fBctx\fR must not be NULL. .PP The returned number is probably prime with a negligible error. The maximum error rate is 2^\-128. -It's 2^\-287 for a 512 bit prime, 2^\-435 for a 1024 bit prime, +It\*(Aqs 2^\-287 for a 512 bit prime, 2^\-435 for a 1024 bit prime, 2^\-648 for a 2048 bit prime, and lower than 2^\-882 for primes larger than 2048 bit. .PP -If \fBadd\fR is \fB\s-1NULL\s0\fR the returned prime number will have exact bit +If \fBadd\fR is \fBNULL\fR the returned prime number will have exact bit length \fBbits\fR with the top most two bits set. .PP -If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. +If \fBret\fR is not \fBNULL\fR, it will be used to store the number. .PP -If \fBcb\fR is not \fB\s-1NULL\s0\fR, it is used as follows: -.IP "\(bu" 2 +If \fBcb\fR is not \fBNULL\fR, it is used as follows: +.IP \(bu 2 \&\fBBN_GENCB_call(cb, 0, i)\fR is called after generating the i\-th potential prime number. -.IP "\(bu" 2 +.IP \(bu 2 While the number is being tested for primality, \&\fBBN_GENCB_call(cb, 1, j)\fR is called as described below. -.IP "\(bu" 2 +.IP \(bu 2 When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. -.IP "\(bu" 2 +.IP \(bu 2 The callers of \fBBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with -other values as described in their respective man pages; see \*(L"\s-1SEE ALSO\*(R"\s0. +other values as described in their respective man pages; see "SEE ALSO". .PP The prime may have to fulfill additional requirements for use in -Diffie-Hellman key exchange: +Diffie\-Hellman key exchange: .PP -If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR -== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given +If \fBadd\fR is not \fBNULL\fR, the prime will fulfill the condition p % \fBadd\fR +== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fBNULL\fR) in order to suit a given generator. .PP If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so -that (p\-1)/2 is also prime). If \fBsafe\fR is true, and \fBrem\fR == \fB\s-1NULL\s0\fR +that (p\-1)/2 is also prime). If \fBsafe\fR is true, and \fBrem\fR == \fBNULL\fR the condition will be p % \fBadd\fR == 3. It is recommended that \fBadd\fR is a multiple of 4. .PP The random generator must be seeded prior to calling \fBBN_generate_prime_ex()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -The random number generator configured for the \s-1OSSL_LIB_CTX\s0 associated with +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. +The random number generator configured for the OSSL_LIB_CTX associated with \&\fBctx\fR will be used. .PP \&\fBBN_generate_prime_ex()\fR is the same as \fBBN_generate_prime_ex2()\fR except that no \&\fBctx\fR parameter is passed. -In this case the random number generator associated with the default \s-1OSSL_LIB_CTX\s0 +In this case the random number generator associated with the default OSSL_LIB_CTX will be used. .PP \&\fBBN_check_prime()\fR, \fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR @@ -259,15 +184,15 @@ If \fBp\fR passes all these tests, it is considered a probable prime. .PP The test performed on \fBp\fR are trial division by a number of small primes -and rounds of the of the Miller-Rabin probabilistic primality test. +and rounds of the Miller\-Rabin probabilistic primality test. .PP -The functions do at least 64 rounds of the Miller-Rabin test giving a maximum +The functions do at least 64 rounds of the Miller\-Rabin test giving a maximum false positive rate of 2^\-128. If the size of \fBp\fR is more than 2048 bits, they do at least 128 rounds giving a maximum false positive rate of 2^\-256. .PP If \fBnchecks\fR is larger than the minimum above (64 or 128), \fBnchecks\fR -rounds of the Miller-Rabin test will be done. +rounds of the Miller\-Rabin test will be done. .PP If \fBdo_trial_division\fR set to \fB0\fR, the trial division will be skipped. \&\fBBN_is_prime_ex()\fR and \fBBN_is_prime()\fR always skip the trial division. @@ -277,31 +202,32 @@ .PP \&\fBBN_is_prime_fasttest()\fR and \fBBN_is_prime()\fR behave just like \&\fBBN_is_prime_fasttest_ex()\fR and \fBBN_is_prime_ex()\fR respectively, but with the old -style call back. +style callback. .PP -\&\fBctx\fR is a preallocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and -freeing the structure in a loop), or \fB\s-1NULL\s0\fR. +\&\fBctx\fR is a preallocated \fBBN_CTX\fR (to save the overhead of allocating and +freeing the structure in a loop), or \fBNULL\fR. .PP If the trial division is done, and no divisors are found and \fBcb\fR -is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, \-1)\fR is called. +is not \fBNULL\fR, \fBBN_GENCB_call(cb, 1, \-1)\fR is called. .PP -After each round of the Miller-Rabin probabilistic primality test, -if \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called +After each round of the Miller\-Rabin probabilistic primality test, +if \fBcb\fR is not \fBNULL\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called with \fBj\fR the iteration (j = 0, 1, ...). .PP -\&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure +\&\fBBN_GENCB_call()\fR calls the callback function held in the \fBBN_GENCB\fR structure and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of -\&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New -programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided +\&\fBBN_GENCB\fR structure that are supported: "new" style and "old" style. New +programs should prefer the "new" style, whilst the "old" style is provided for backwards compatibility purposes. .PP -A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fBBN_GENCB_new()\fR, -and freed through a call to \fBBN_GENCB_free()\fR. +A \fBBN_GENCB\fR structure should be created through a call to \fBBN_GENCB_new()\fR, +and freed through a call to \fBBN_GENCB_free()\fR. If the argument is NULL, +nothing is done. .PP -For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a -call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of -type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. -\&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call +For "new" style callbacks a BN_GENCB structure should be initialised with a +call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fBBN_GENCB *\fR, \fBcallback\fR is of +type \fBint (*callback)(int, int, BN_GENCB *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. +"Old" style callbacks are the same except they are initialised with a call to \fBBN_GENCB_set_old()\fR and \fBcallback\fR is of type \&\fBvoid (*callback)(int, int, void *)\fR. .PP @@ -309,11 +235,11 @@ the type of the callback and will invoke \fBcallback(a, b, gencb)\fR for new style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. .PP -It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure +It is possible to obtain the argument associated with a BN_GENCB structure (set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. .PP \&\fBBN_generate_prime()\fR (deprecated) works in the same way as -\&\fBBN_generate_prime_ex()\fR but expects an old-style callback function +\&\fBBN_generate_prime_ex()\fR but expects an old\-style callback function directly in the \fBcallback\fR parameter, and an argument to pass to it in the \fBcb_arg\fR. \fBBN_is_prime()\fR and \fBBN_is_prime_fasttest()\fR can similarly be compared to \fBBN_is_prime_ex()\fR and @@ -327,12 +253,12 @@ 1 if it is prime with an error probability of less than 0.25^\fBnchecks\fR, and \&\-1 on error. .PP -\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +\&\fBBN_generate_prime()\fR returns the prime number on success, \fBNULL\fR otherwise. .PP -BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR +BN_GENCB_new returns a pointer to a BN_GENCB structure on success, or \fBNULL\fR otherwise. .PP -BN_GENCB_get_arg returns the argument previously associated with a \s-1BN_GENCB\s0 +BN_GENCB_get_arg returns the argument previously associated with a BN_GENCB structure. .PP Callback functions should return 1 on success or 0 on error. @@ -340,14 +266,14 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "REMOVED FUNCTIONALITY" .IX Header "REMOVED FUNCTIONALITY" -As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure +As of OpenSSL 1.1.0 it is no longer possible to create a BN_GENCB structure directly, as in: .PP .Vb 1 \& BN_GENCB callback; .Ve .PP -Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_new: +Instead applications should create a BN_GENCB structure using BN_GENCB_new: .PP .Vb 6 \& BN_GENCB *callback; @@ -361,8 +287,8 @@ .IX Header "SEE ALSO" \&\fBDH_generate_parameters\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \&\fBRSA_generate_key\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" The \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR functions were deprecated in OpenSSL 3.0. @@ -371,11 +297,11 @@ and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. .PP \&\fBBN_check_prime()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_mod_exp_mont.3.orig +++ secure/lib/libcrypto/man/man3/BN_mod_exp_mont.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_MOD_EXP_MONT 3ossl" -.TH BN_MOD_EXP_MONT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_MOD_EXP_MONT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_mod_exp_mont, BN_mod_exp_mont_consttime, BN_mod_exp_mont_consttime_x2 \- Montgomery exponentiation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,19 +85,19 @@ \& const BIGNUM *m2, BN_MONT_CTX *in_mont2, \& BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBN_mod_exp_mont()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`rr=a^p % m\*(C'\fR) using Montgomery multiplication. \fIin_mont\fR is a Montgomery context and can be -\&\s-1NULL.\s0 In the case \fIin_mont\fR is \s-1NULL,\s0 it will be initialized within the +NULL. In the case \fIin_mont\fR is NULL, it will be initialized within the function, so you can save time on initialization if you provide it in advance. .PP \&\fBBN_mod_exp_mont_consttime()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`rr=a^p % m\*(C'\fR) using Montgomery multiplication. It is a variant of \&\fBBN_mod_exp_mont\fR\|(3) that uses fixed windows and the special precomputation -memory layout to limit data-dependency to a minimum to protect secret exponents. +memory layout to limit data\-dependency to a minimum to protect secret exponents. It is called automatically when \fBBN_mod_exp_mont\fR\|(3) is called with parameters -\&\fIa\fR, \fIp\fR, \fIm\fR, any of which have \fB\s-1BN_FLG_CONSTTIME\s0\fR flag. +\&\fIa\fR, \fIp\fR, \fIm\fR, any of which have \fBBN_FLG_CONSTTIME\fR flag. .PP \&\fBBN_mod_exp_mont_consttime_x2()\fR computes two independent exponentiations \fIa1\fR to the \fIp1\fR\-th power modulo \fIm1\fR (\f(CW\*(C`rr1=a1^p1 % m1\*(C'\fR) and \fIa2\fR to the \fIp2\fR\-th @@ -187,11 +112,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_mod_exp_mont\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_mod_inverse.3.orig +++ secure/lib/libcrypto/man/man3/BN_mod_inverse.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_MOD_INVERSE 3ossl" -.TH BN_MOD_INVERSE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_MOD_INVERSE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_mod_inverse \- compute inverse modulo n -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,26 +73,29 @@ \& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, \& BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR -places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 -a new \fB\s-1BIGNUM\s0\fR is created. +places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is NULL, +a new \fBBIGNUM\fR is created. .PP -\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary -variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. +\&\fBctx\fR is a previously allocated \fBBN_CTX\fR used for temporary +variables. \fBr\fR may be the same \fBBIGNUM\fR as \fBa\fR. +.SH NOTES +.IX Header "NOTES" +It is an error to use the same \fBBIGNUM\fR as \fBn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and -\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). +\&\fBBN_mod_inverse()\fR returns the \fBBIGNUM\fR containing the inverse, and +NULL on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3.orig +++ secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_MONTGOMERY 3ossl" -.TH BN_MOD_MUL_MONTGOMERY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_MOD_MUL_MONTGOMERY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,23 +87,23 @@ \& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, \& BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions implement Montgomery multiplication. They are used automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus. .PP -\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fBBN_MONT_CTX\fR structure. .PP \&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR by precomputing its inverse and a value R. .PP -\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. +\&\fBBN_MONT_CTX_copy()\fR copies the \fBBN_MONT_CTX\fR \fIfrom\fR to \fIto\fR. .PP -\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +\&\fBBN_MONT_CTX_free()\fR frees the components of the \fBBN_MONT_CTX\fR, and, if it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself. -If \fBmont\fR is \s-1NULL,\s0 nothing is done. +If \fBmont\fR is NULL, nothing is done. .PP \&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places the result in \fIr\fR. @@ -188,18 +113,18 @@ \&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. Note that \fIa\fR must be nonnegative and smaller than the modulus. .PP -For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +For all functions, \fIctx\fR is a previously allocated \fBBN_CTX\fR used for temporary variables. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fBBN_MONT_CTX\fR, and NULL on error. .PP \&\fBBN_MONT_CTX_free()\fR has no return value. .PP For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" The inputs must be reduced modulo \fBm\fR, otherwise the result will be outside the expected range. @@ -207,14 +132,14 @@ .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), \&\fBBN_CTX_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3.orig +++ secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_RECIPROCAL 3ossl" -.TH BN_MOD_MUL_RECIPROCAL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_MOD_MUL_RECIPROCAL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using reciprocal -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,19 +83,19 @@ \& int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, \& BN_RECP_CTX *recp, BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient \&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a -previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. +previously allocated \fBBN_CTX\fR used for temporary variables. .PP -\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fBBN_RECP\fR structure. .PP -\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +\&\fBBN_RECP_CTX_free()\fR frees the components of the \fBBN_RECP\fR, and, if it was created by \fBBN_RECP_CTX_new()\fR, also the structure itself. -If \fBrecp\fR is \s-1NULL,\s0 nothing is done. +If \fBrecp\fR is NULL, nothing is done. .PP \&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing 1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an @@ -180,10 +105,10 @@ \&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient in \fBdv\fR and the remainder in \fBrem\fR. .PP -The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. +The \fBBN_RECP_CTX\fR structure cannot be shared between threads. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fBBN_RECP_CTX\fR, and NULL on error. .PP \&\fBBN_RECP_CTX_free()\fR has no return value. @@ -194,14 +119,14 @@ .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), \&\fBBN_CTX_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_new.3.orig +++ secure/lib/libcrypto/man/man3/BN_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_NEW 3ossl" -.TH BN_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,41 +80,41 @@ \& \& void BN_clear_free(BIGNUM *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. +\&\fBBN_new()\fR allocates and initializes a \fBBIGNUM\fR structure. \&\fBBN_secure_new()\fR does the same except that the secure heap \&\fBOPENSSL_secure_malloc\fR\|(3) is used to store the value. .PP \&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they are no longer needed. It erases the memory used by \fBa\fR and sets it to the value 0. -If \fBa\fR is \s-1NULL,\s0 nothing is done. +If \fBa\fR is NULL, nothing is done. .PP -\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +\&\fBBN_free()\fR frees the components of the \fBBIGNUM\fR, and if it was created by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally overwrites the data before the memory is returned to the system. -If \fBa\fR is \s-1NULL,\s0 nothing is done. +If \fBa\fR is NULL, nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_new()\fR and \fBBN_secure_new()\fR -return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. +return a pointer to the \fBBIGNUM\fR initialised to the value 0. If the allocation fails, -they return \fB\s-1NULL\s0\fR and set an error code that can be obtained +they return \fBNULL\fR and set an error code that can be obtained by \fBERR_get_error\fR\|(3). .PP \&\fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBOPENSSL_secure_malloc\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_num_bytes.3.orig +++ secure/lib/libcrypto/man/man3/BN_num_bytes.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_NUM_BYTES 3ossl" -.TH BN_NUM_BYTES 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_NUM_BYTES 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,42 +76,42 @@ \& \& int BN_num_bits_word(BN_ULONG w); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +\&\fBBN_num_bytes()\fR returns the size of a \fBBIGNUM\fR in bytes. .PP \&\fBBN_num_bits_word()\fR returns the number of significant bits in a word. If we take 0x00000432 as an example, it returns 11, not 16, not 32. Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. .PP -\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, +\&\fBBN_num_bits()\fR returns the number of significant bits in a \fBBIGNUM\fR, following the same principle as \fBBN_num_bits_word()\fR. .PP \&\fBBN_num_bytes()\fR is a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The size. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, -\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with +Some have tried using \fBBN_num_bits()\fR on individual numbers in RSA keys, +DH keys and DSA keys, and found that they don\*(Aqt always come up with the number of bits they expected (something like 512, 1024, 2048, \&...). This is because generating a number with some specific number -of bits doesn't always set the highest bits, thereby making the number -of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key -size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR +of bits doesn\*(Aqt always set the highest bits, thereby making the number +of \fIsignificant\fR bits a little lower. If you want to know the "key +size" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although -there's no real guarantee that will match the \*(L"key size\*(R", just a lot +there\*(Aqs no real guarantee that will match the "key size", just a lot more probability). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_size\fR\|(3), \fBDSA_size\fR\|(3), \&\fBRSA_size\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_rand.3.orig +++ secure/lib/libcrypto/man/man3/BN_rand.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_RAND 3ossl" -.TH BN_RAND 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_RAND 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_rand_ex, BN_rand, BN_priv_rand_ex, BN_priv_rand, BN_pseudo_rand, BN_rand_range_ex, BN_rand_range, BN_priv_rand_range_ex, BN_priv_rand_range, BN_pseudo_rand_range \&\- generate pseudo\-random number -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -166,42 +91,42 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); \& int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBBN_rand_ex()\fR generates a cryptographically strong pseudo-random +\&\fBBN_rand_ex()\fR generates a cryptographically strong pseudo\-random number of \fIbits\fR in length and security strength at least \fIstrength\fR bits using the random number generator for the library context associated with \&\fIctx\fR. The function stores the generated data in \fIrnd\fR. The parameter \fIctx\fR -may be \s-1NULL\s0 in which case the default library context is used. +may be NULL in which case the default library context is used. If \fIbits\fR is less than zero, or too small to accommodate the requirements specified by the \fItop\fR and \fIbottom\fR parameters, an error is returned. The \fItop\fR parameters specifies requirements on the most significant bit of the generated number. -If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. -If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. -If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of +If it is \fBBN_RAND_TOP_ANY\fR, there is no constraint. +If it is \fBBN_RAND_TOP_ONE\fR, the top bit must be one. +If it is \fBBN_RAND_TOP_TWO\fR, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*\fIbits\fR length. -If \fIbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it -is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. -If \fIbits\fR is 1 then \fItop\fR cannot also be \fB\s-1BN_RAND_TOP_TWO\s0\fR. +If \fIbottom\fR is \fBBN_RAND_BOTTOM_ODD\fR, the number will be odd; if it +is \fBBN_RAND_BOTTOM_ANY\fR it can be odd or even. +If \fIbits\fR is 1 then \fItop\fR cannot also be \fBBN_RAND_TOP_TWO\fR. .PP \&\fBBN_rand()\fR is the same as \fBBN_rand_ex()\fR except that the default library context is always used. .PP -\&\fBBN_rand_range_ex()\fR generates a cryptographically strong pseudo-random +\&\fBBN_rand_range_ex()\fR generates a cryptographically strong pseudo\-random number \fIrnd\fR, of security strength at least \fIstrength\fR bits, in the range 0 <= \fIrnd\fR < \fIrange\fR using the random number generator for the library context associated with \fIctx\fR. The parameter \fIctx\fR -may be \s-1NULL\s0 in which case the default library context is used. +may be NULL in which case the default library context is used. .PP \&\fBBN_rand_range()\fR is the same as \fBBN_rand_range_ex()\fR except that the default library context is always used. @@ -211,10 +136,10 @@ \&\fBBN_rand_range_ex()\fR and \fBBN_rand_range()\fR respectively. They are intended to be used for generating values that should remain private, and mirror the same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Always check the error return value of these functions and do not take -randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been +randomness for granted: an error occurs if the CSPRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -226,27 +151,27 @@ \&\fBRAND_add\fR\|(3), \&\fBRAND_bytes\fR\|(3), \&\fBRAND_priv_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7), -\&\s-1\fBEVP_RAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7), +\&\fBEVP_RAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" -.IP "\(bu" 2 +.IP \(bu 2 Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to \&\fBBN_rand_range()\fR. The \fBBN_pseudo_rand()\fR and \fBBN_pseudo_rand_range()\fR functions were deprecated in OpenSSL 3.0. -.IP "\(bu" 2 +.IP \(bu 2 The \fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. -.IP "\(bu" 2 +.IP \(bu 2 The \fBBN_rand_ex()\fR, \fBBN_priv_rand_ex()\fR, \fBBN_rand_range_ex()\fR and \&\fBBN_priv_rand_range_ex()\fR functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_security_bits.3.orig +++ secure/lib/libcrypto/man/man3/BN_security_bits.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,113 +53,54 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_SECURITY_BITS 3ossl" -.TH BN_SECURITY_BITS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_SECURITY_BITS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_security_bits \- returns bits of security based on given numbers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_security_bits(int L, int N); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBN_security_bits()\fR returns the number of bits of security provided by a specific algorithm and a particular key size. The bits of security is -defined in \s-1NIST SP800\-57.\s0 Currently, \fBBN_security_bits()\fR support two types -of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 -(Integer Factorization Cryptography). For \s-1FFC,\s0 e.g., \s-1DSA\s0 and \s-1DH,\s0 both +defined in NIST SP800\-57. Currently, \fBBN_security_bits()\fR support two types +of asymmetric algorithms: the FFC (Finite Field Cryptography) and IFC +(Integer Factorization Cryptography). For FFC, e.g., DSA and DH, both parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where \&\fBL\fR is the size of the public key and \fBN\fR is the size of the private -key. For \s-1IFC,\s0 e.g., \s-1RSA,\s0 only \fBL\fR is used and it's commonly considered +key. For IFC, e.g., RSA, only \fBL\fR is used and it\*(Aqs commonly considered to be the key size (modulus). .SH "RETURN VALUES" .IX Header "RETURN VALUES" Number of security bits. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR +ECC (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR function. The symmetric algorithms are not covered neither. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_security_bits\fR\|(3), \fBDSA_security_bits\fR\|(3), \fBRSA_security_bits\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_set_bit.3.orig +++ secure/lib/libcrypto/man/man3/BN_set_bit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_SET_BIT 3ossl" -.TH BN_SET_BIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_SET_BIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,7 +84,7 @@ \& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); \& int BN_rshift1(BIGNUM *r, BIGNUM *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<. --- secure/lib/libcrypto/man/man3/BN_swap.3.orig +++ secure/lib/libcrypto/man/man3/BN_swap.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,95 +53,36 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_SWAP 3ossl" -.TH BN_SWAP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_SWAP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_swap \- exchange BIGNUMs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void BN_swap(BIGNUM *a, BIGNUM *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_swap()\fR does not return a value. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BN_zero.3.orig +++ secure/lib/libcrypto/man/man3/BN_zero.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BN_ZERO 3ossl" -.TH BN_ZERO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BN_ZERO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,45 +79,45 @@ \& int BN_set_word(BIGNUM *a, BN_ULONG w); \& unsigned BN_ULONG BN_get_word(BIGNUM *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized +\&\fBBN_ULONG\fR is a macro that will be an unsigned integral type optimized for the most efficient implementation on the local platform. .PP \&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and \&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros. .PP -\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +\&\fBBN_value_one()\fR returns a \fBBIGNUM\fR constant of value 1. This constant is useful for use in comparisons and assignment. .PP -\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. +\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fBBN_ULONG\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot +\&\fBBN_get_word()\fR returns the value \fBa\fR, or all\-bits\-set if \fBa\fR cannot be represented as a single integer. .PP \&\fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise. \&\fBBN_value_one()\fR returns the constant. \&\fBBN_zero()\fR never fails and returns no value. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide +If a \fBBIGNUM\fR is equal to the value of all\-bits\-set, it will collide with the error condition returned by \fBBN_get_word()\fR which uses that as an error value. .PP -\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. +\&\fBBN_ULONG\fR should probably be a typedef. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_bn2bin\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" In OpenSSL 0.9.8, \fBBN_zero()\fR was changed to not return a value; previous versions returned an int. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/BUF_MEM_new.3.orig +++ secure/lib/libcrypto/man/man3/BUF_MEM_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BUF_MEM_NEW 3ossl" -.TH BUF_MEM_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BUF_MEM_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse \&\- simple character array structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,7 +83,7 @@ \& \& void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The buffer library handles simple character arrays. Buffers are used for various purposes in the library, most notably memory BIOs. @@ -166,24 +91,25 @@ \&\fBBUF_MEM_new()\fR allocates a new buffer of zero size. .PP \&\fBBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. -The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer +The flag \fBBUF_MEM_FLAG_SECURE\fR specifies that the \fBdata\fR pointer should be allocated on the secure heap; see \fBCRYPTO_secure_malloc\fR\|(3). .PP \&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data. +If the argument is NULL, nothing is done. .PP \&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to \&\fBlen\fR. Any data already in the buffer is preserved if it increases in size. .PP -\&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free'd -or additionally-allocated memory to zero. +\&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free\*(Aqd +or additionally\-allocated memory to zero. .PP \&\fBBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR -is \s-1NULL,\s0 the array is reversed in-place. +is NULL, the array is reversed in\-place. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +\&\fBBUF_MEM_new()\fR returns the buffer or NULL on error. .PP \&\fBBUF_MEM_free()\fR has no return value. .PP @@ -193,14 +119,14 @@ .IX Header "SEE ALSO" \&\fBbio\fR\|(7), \&\fBCRYPTO_secure_malloc\fR\|(3). -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_EncryptedData_decrypt.3.orig +++ secure/lib/libcrypto/man/man3/CMS_EncryptedData_decrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_ENCRYPTEDDATA_DECRYPT 3ossl" -.TH CMS_ENCRYPTEDDATA_DECRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_ENCRYPTEDDATA_DECRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_EncryptedData_decrypt \&\- Decrypt CMS EncryptedData -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,17 +75,17 @@ \& const unsigned char *key, size_t keylen, \& BIO *dcont, BIO *out, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_EncryptedData_decrypt()\fR decrypts a \fIcms\fR EncryptedData object using the -symmetric \fIkey\fR of size \fIkeylen\fR bytes. \fIout\fR is a \s-1BIO\s0 to write the content -to and \fIflags\fR is an optional set of flags. -\&\fIdcont\fR is used in the rare case where the encrypted content is detached. It -will normally be set to \s-1NULL.\s0 +symmetric \fIkey\fR of size \fIkeylen\fR bytes. AEAD cipher algorithms are not +supported. \fIout\fR is a BIO to write the content to and \fIflags\fR is an optional +set of flags. \fIdcont\fR is used in the rare case where the encrypted content is +detached. It will normally be set to NULL. .PP The following flags can be passed in the \fIflags\fR parameter. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted +If the \fBCMS_TEXT\fR flag is set MIME headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted from the content. If the content is not of type \f(CW\*(C`text/plain\*(C'\fR then an error is returned. .SH "RETURN VALUES" @@ -170,11 +95,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_EncryptedData_encrypt\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_EncryptedData_encrypt.3.orig +++ secure/lib/libcrypto/man/man3/CMS_EncryptedData_encrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_ENCRYPTEDDATA_ENCRYPT 3ossl" -.TH CMS_ENCRYPTEDDATA_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_ENCRYPTEDDATA_ENCRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_EncryptedData_encrypt_ex, CMS_EncryptedData_encrypt \&\- Create CMS EncryptedData -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,43 +83,43 @@ \& const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, \& unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_EncryptedData_encrypt_ex()\fR creates a \fBCMS_ContentInfo\fR structure -with a type \fBNID_pkcs7_encrypted\fR. \fIin\fR is a \s-1BIO\s0 containing the data to +with a type \fBNID_pkcs7_encrypted\fR. \fIin\fR is a BIO containing the data to encrypt using \fIcipher\fR and the encryption key \fIkey\fR of size \fIkeylen\fR bytes. The library context \fIlibctx\fR and the property query \fIpropq\fR are used when retrieving algorithms from providers. \fIflags\fR is a set of optional flags. .PP -The \fIflags\fR field supports the options \fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_STREAM\s0\fR and -\&\fB\s-1CMS_PARTIAL\s0\fR. Internally \fBCMS_final()\fR is called unless \fB\s-1CMS_STREAM\s0\fR and/or -\&\fB\s-1CMS_PARTIAL\s0\fR is specified. +The \fIflags\fR field supports the options \fBCMS_DETACHED\fR, \fBCMS_STREAM\fR and +\&\fBCMS_PARTIAL\fR. Internally \fBCMS_final()\fR is called unless \fBCMS_STREAM\fR and/or +\&\fBCMS_PARTIAL\fR is specified. .PP -The algorithm passed in the \fIcipher\fR parameter must support \s-1ASN1\s0 encoding of -its parameters. +The algorithm passed in the \fIcipher\fR parameter must support ASN1 encoding of +its parameters. AEAD cipher algorithms are not supported. .PP The \fBCMS_ContentInfo\fR structure can be freed using \fBCMS_ContentInfo_free\fR\|(3). .PP \&\fBCMS_EncryptedData_encrypt()\fR is similar to \fBCMS_EncryptedData_encrypt_ex()\fR -but uses default values of \s-1NULL\s0 for the library context \fIlibctx\fR and the +but uses default values of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBCMS_EncryptedData_encrypt_ex()\fR and -\&\fBCMS_EncryptedData_encrypt()\fR return \s-1NULL\s0 and set an error code that can be +\&\fBCMS_EncryptedData_encrypt()\fR return NULL and set an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise they return a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_final\fR\|(3), \fBCMS_EncryptedData_decrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBCMS_EncryptedData_encrypt_ex()\fR method was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- /dev/null +++ secure/lib/libcrypto/man/man3/CMS_EncryptedData_set1_key.3 @@ -0,0 +1,96 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "CMS_ENCRYPTEDDATA_SET1_KEY 3ossl" +.TH CMS_ENCRYPTEDDATA_SET1_KEY 3ossl 2026-04-07 3.0.20 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +CMS_EncryptedData_set1_key \- Sets the cipher and key for +CMS EncryptedData +.SH SYNOPSIS +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, +\& const unsigned char *key, size_t keylen); +.Ve +.SH DESCRIPTION +.IX Header "DESCRIPTION" +\&\fBCMS_EncryptedData_set1_key()\fR takes in a \fIcms\fR EncryptedData object and sets +the appropriate attributes to \fIciph\fR, it makes a copy of the symmetric \fIkey\fR +of size \fIkeylen\fR. AEAD cipher algorithms are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_EncryptedData_set1_key()\fR returns 0 if an error occurred otherwise +returns 1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCMS_EncryptedData_encrypt\fR\|(3), \fBCMS_EncryptedData_decrypt\fR\|(3) +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +. --- secure/lib/libcrypto/man/man3/CMS_EnvelopedData_create.3.orig +++ secure/lib/libcrypto/man/man3/CMS_EnvelopedData_create.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_ENVELOPEDDATA_CREATE 3ossl" -.TH CMS_ENVELOPEDDATA_CREATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_ENVELOPEDDATA_CREATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_EnvelopedData_create_ex, CMS_EnvelopedData_create, CMS_AuthEnvelopedData_create, CMS_AuthEnvelopedData_create_ex \&\- Create CMS envelope -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,7 +82,7 @@ \& const char *propq); \& CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_EnvelopedData_create_ex()\fR creates a \fBCMS_ContentInfo\fR structure with a type \fBNID_pkcs7_enveloped\fR. \fIcipher\fR is the symmetric cipher to use. @@ -166,11 +91,11 @@ .PP \&\fBCMS_AuthEnvelopedData_create_ex()\fR creates a \fBCMS_ContentInfo\fR structure with a type \fBNID_id_smime_ct_authEnvelopedData\fR. \fBcipher\fR is the -symmetric \s-1AEAD\s0 cipher to use. Currently only \s-1AES\s0 variants with \s-1GCM\s0 mode are +symmetric AEAD cipher to use. Currently only AES variants with GCM mode are supported. The library context \fIlibctx\fR and the property query \fIpropq\fR are used when retrieving algorithms from providers. .PP -The algorithm passed in the \fIcipher\fR parameter must support \s-1ASN1\s0 encoding of +The algorithm passed in the \fIcipher\fR parameter must support ASN1 encoding of its parameters. .PP The recipients can be added later using \fBCMS_add1_recipient_cert\fR\|(3) or @@ -181,9 +106,9 @@ .PP \&\fBCMS_EnvelopedData_create()\fR and CMS_AuthEnvelopedData_create are similar to \&\fBCMS_EnvelopedData_create_ex()\fR and -\&\fBCMS_AuthEnvelopedData_create_ex()\fR but use default values of \s-1NULL\s0 for +\&\fBCMS_AuthEnvelopedData_create_ex()\fR but use default values of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Although \fBCMS_EnvelopedData_create()\fR and \fBCMS_AuthEnvelopedData_create()\fR allocate a new \fBCMS_ContentInfo\fR structure, they are not usually used in applications. @@ -191,20 +116,20 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBCMS_EnvelopedData_create()\fR and -\&\fBCMS_AuthEnvelopedData_create()\fR return \s-1NULL\s0 and set an error code that can be +\&\fBCMS_AuthEnvelopedData_create()\fR return NULL and set an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise they return a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3), \fBCMS_decrypt\fR\|(3), \fBCMS_final\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBCMS_EnvelopedData_create_ex()\fR method was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_add0_cert.3.orig +++ secure/lib/libcrypto/man/man3/CMS_add0_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_ADD0_CERT 3ossl" -.TH CMS_ADD0_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_ADD0_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls \&\- CMS certificate and CRL utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,27 +79,27 @@ \& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); \& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fIcert\fR to \fIcms\fR. This is used by \fBCMS_sign_ex\fR\|(3) and \fBCMS_sign\fR\|(3) and may be used before calling \fBCMS_verify\fR\|(3) to help chain building in certificate validation. \&\fIcms\fR must be of type signed data or (authenticated) enveloped data. For signed data, such a certificate can be used when signing or verifying -to fill in the signer certificate or to provide an extra \s-1CA\s0 certificate +to fill in the signer certificate or to provide an extra CA certificate that may be needed for chain building in certificate validation. .PP \&\fBCMS_get1_certs()\fR returns all certificates in \fIcms\fR. .PP -\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fIcrl\fR to \fIcms\fR. +\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add CRL \fIcrl\fR to \fIcms\fR. \&\fIcms\fR must be of type signed data or (authenticated) enveloped data. -For signed data, such a \s-1CRL\s0 may be used in certificate validation +For signed data, such a CRL may be used in certificate validation with \fBCMS_verify\fR\|(3). -It may be given both for inclusion when signing a \s-1CMS\s0 message -and when verifying a signed \s-1CMS\s0 message. +It may be given both for inclusion when signing a CMS message +and when verifying a signed CMS message. .PP \&\fBCMS_get1_crls()\fR returns all CRLs in \fIcms\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The CMS_ContentInfo structure \fIcms\fR must be of type signed data or enveloped data or an error will be returned. @@ -193,19 +118,19 @@ \&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return 1 for success and 0 for failure. .PP -\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs -or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur +\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the STACK of certificates or CRLs +or NULL if there are none or an error occurs. The only error which will occur in practice is if the \fIcms\fR type is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBCMS_sign\fR\|(3), \fBCMS_sign_ex\fR\|(3), \fBCMS_verify\fR\|(3), \&\fBCMS_encrypt\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3.orig +++ secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_ADD1_RECIPIENT_CERT 3ossl" -.TH CMS_ADD1_RECIPIENT_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_ADD1_RECIPIENT_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_add1_recipient, CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,11 +84,11 @@ \& ASN1_OBJECT *otherTypeId, \& ASN1_TYPE *otherType); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_add1_recipient()\fR adds recipient \fBrecip\fR and provides the originator pkey \&\fBoriginatorPrivKey\fR and originator certificate \fBoriginator\fR to CMS_ContentInfo. -The originator-related fields are relevant only in case when the keyAgreement +The originator\-related fields are relevant only in case when the keyAgreement method of providing of the shared key is in use. .PP \&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped @@ -175,42 +100,42 @@ data structure \fBcms\fR as a KEKRecipientInfo structure. .PP The CMS_ContentInfo structure should be obtained from an initial call to -\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. -.SH "NOTES" +\&\fBCMS_encrypt()\fR with the flag \fBCMS_PARTIAL\fR set. +.SH NOTES .IX Header "NOTES" -The main purpose of this function is to provide finer control over a \s-1CMS\s0 +The main purpose of this function is to provide finer control over a CMS enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are not appropriate. For example if one or more KEKRecipientInfo structures need to be added. New attributes can also be added using the returned -CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. +CMS_RecipientInfo structure and the CMS attribute utility functions. .PP OpenSSL will by default identify recipient certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +and serial number. If \fBCMS_USE_KEYID\fR is set it will use the subject key identifier value instead. An error occurs if all recipient certificates do not have a subject key identifier extension. .PP -Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, +Currently only AES based key wrapping algorithms are supported for \fBnid\fR, specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. -If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used +If \fBnid\fR is set to \fBNID_undef\fR then an AES wrap algorithm will be used consistent with \fBkeylen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal -pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error +pointer to the CMS_RecipientInfo structure just added or NULL if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), \&\fBCMS_final\fR\|(3), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBCMS_add1_recipient_cert\fR and \fBCMS_add0_recipient_key\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_add1_signer.3.orig +++ secure/lib/libcrypto/man/man3/CMS_add1_signer.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_ADD1_SIGNER 3ossl" -.TH CMS_ADD1_SIGNER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_ADD1_SIGNER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,70 +76,70 @@ \& \& int CMS_SignerInfo_sign(CMS_SignerInfo *si); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData structure \fBcms\fR. .PP The CMS_ContentInfo structure should be obtained from an initial call to -\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +\&\fBCMS_sign()\fR with the flag \fBCMS_PARTIAL\fR set or in the case or re\-signing a valid CMS_ContentInfo SignedData structure. .PP -If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +If the \fBmd\fR parameter is \fBNULL\fR then the default digest for the public key algorithm will be used. .PP -Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo +Unless the \fBCMS_REUSE_DIGEST\fR flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if applicable) or a call to \fBCMS_final()\fR. .PP -The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo -structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags +The \fBCMS_SignerInfo_sign()\fR function explicitly signs a CMS_SignerInfo +structure, its main use is when the \fBCMS_REUSE_DIGEST\fR and \fBCMS_PARTIAL\fR flags are both set. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The main purpose of \fBCMS_add1_signer()\fR is to provide finer control -over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults +over a CMS signed data structure where the simpler \fBCMS_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned -CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the -\&\s-1CMS\s0 signed receipt request functions. +CMS_SignerInfo structure and the CMS attribute utility functions or the +CMS signed receipt request functions. .PP Any of the following flags (ored together) can be passed in the \fBflags\fR parameter. .PP -If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +If \fBCMS_REUSE_DIGEST\fR is set then an attempt is made to copy the content digest value from the CMS_ContentInfo structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The returned CMS_ContentInfo structure will be valid and finalized when this flag is set. .PP -If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the +If \fBCMS_PARTIAL\fR is set in addition to \fBCMS_REUSE_DIGEST\fR then the CMS_SignerInfo structure will not be finalized so additional attributes can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is needed to finalize it. .PP -If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the -CMS_ContentInfo structure, the signer's certificate must still be supplied in +If \fBCMS_NOCERTS\fR is set the signer\*(Aqs certificate will not be included in the +CMS_ContentInfo structure, the signer\*(Aqs certificate must still be supplied in the \fBsigncert\fR parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. .PP -The SignedData structure includes several \s-1CMS\s0 signedAttributes including the -signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an -SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes -will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fBCMS_NOATTR\fR is set then no signedAttributes +will be used. If \fBCMS_NOSMIMECAP\fR is set then just the SMIMECapabilities are omitted. .PP OpenSSL will by default identify signing certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +and serial number. If \fBCMS_USE_KEYID\fR is set it will use the subject key identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension. .PP If present the SMIMECapabilities attribute indicates support for the following -algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 -bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 -If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +algorithms in preference order: 256 bit AES, Gost R3411\-94, Gost 28147\-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is not loaded. .PP \&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo @@ -223,16 +148,18 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo -structure just added or \s-1NULL\s0 if an error occurs. +structure just added or NULL if an error occurs. +.PP +\&\fBCMS_SignerInfo_sign()\fR returns 1 on success, 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_final\fR\|(3), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_compress.3.orig +++ secure/lib/libcrypto/man/man3/CMS_compress.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,140 +53,81 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_COMPRESS 3ossl" -.TH CMS_COMPRESS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_COMPRESS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_compress \- create a CMS CompressedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +\&\fBCMS_compress()\fR creates and returns a CMS CompressedData structure. \fBcomp_nid\fR is the compression algorithm to use or \fBNID_undef\fR to use the default algorithm (zlib compression). \fBin\fR is the content to be compressed. \&\fBflags\fR is an optional set of flags. .PP -The only currently supported compression algorithm is zlib using the \s-1NID\s0 +The only currently supported compression algorithm is zlib using the NID NID_zlib_compression. .PP If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return an error. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +If the \fBCMS_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are prepended to the data. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if \fBCMS_BINARY\fR is set no translation occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then -\&\fB\s-1CMS_TEXT\s0\fR is ignored. +otherwise the translation will corrupt it. If \fBCMS_BINARY\fR is set then +\&\fBCMS_TEXT\fR is ignored. .PP -If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is -returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +If the \fBCMS_STREAM\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the BIO \fBin\fR. .PP The compressed data is included in the CMS_ContentInfo structure, unless -\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +\&\fBCMS_DETACHED\fR is set in which case it is omitted. This is rarely used in practice and is not supported by \fBSMIME_write_CMS()\fR. .PP -If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +If the flag \fBCMS_STREAM\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, \&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +can be performed by obtaining the streaming ASN1 \fBBIO\fR directly using \&\fBBIO_new_CMS()\fR. .PP Additional compression parameters such as the zlib compression level cannot currently be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +The \fBCMS_STREAM\fR flag was added in OpenSSL 1.0.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_data_create.3.orig +++ secure/lib/libcrypto/man/man3/CMS_data_create.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_DATA_CREATE 3ossl" -.TH CMS_DATA_CREATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_DATA_CREATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_data_create_ex, CMS_data_create \&\- Create CMS Data object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,36 +75,36 @@ \& OSSL_LIB_CTX *libctx, const char *propq); \& CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_data_create_ex()\fR creates a \fBCMS_ContentInfo\fR structure -with a type \fBNID_pkcs7_data\fR. The data is supplied via the \fIin\fR \s-1BIO.\s0 +with a type \fBNID_pkcs7_data\fR. The data is supplied via the \fIin\fR BIO. The library context \fIlibctx\fR and the property query \fIpropq\fR are used when retrieving algorithms from providers. The \fIflags\fR field supports the -\&\fB\s-1CMS_STREAM\s0\fR flag. Internally \fBCMS_final()\fR is called unless \fB\s-1CMS_STREAM\s0\fR is +\&\fBCMS_STREAM\fR flag. Internally \fBCMS_final()\fR is called unless \fBCMS_STREAM\fR is specified. .PP The \fBCMS_ContentInfo\fR structure can be freed using \fBCMS_ContentInfo_free\fR\|(3). .PP \&\fBCMS_data_create()\fR is similar to \fBCMS_data_create_ex()\fR -but uses default values of \s-1NULL\s0 for the library context \fIlibctx\fR and the +but uses default values of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBCMS_data_create_ex()\fR and \fBCMS_data_create()\fR -return \s-1NULL\s0 and set an error code that can be obtained by \fBERR_get_error\fR\|(3). +return NULL and set an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise they return a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_final\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBCMS_data_create_ex()\fR method was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_decrypt.3.orig +++ secure/lib/libcrypto/man/man3/CMS_decrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_DECRYPT 3ossl" -.TH CMS_DECRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_DECRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_decrypt, CMS_decrypt_set1_pkey_and_peer, CMS_decrypt_set1_pkey, CMS_decrypt_set1_password \&\- decrypt content from a CMS envelopedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,52 +80,52 @@ \& int CMS_decrypt_set1_password(CMS_ContentInfo *cms, \& unsigned char *pass, ossl_ssize_t passlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBCMS_decrypt()\fR extracts the decrypted content from a \s-1CMS\s0 EnvelopedData +\&\fBCMS_decrypt()\fR extracts the decrypted content from a CMS EnvelopedData or AuthEnvelopedData structure. It uses \fBCMS_decrypt_set1_pkey()\fR to decrypt the content -with the recipient private key \fIpkey\fR if \fIpkey\fR is not \s-1NULL.\s0 +with the recipient private key \fIpkey\fR if \fIpkey\fR is not NULL. In this case, it is recommended to provide the associated certificate -in \fIcert\fR \- see the \s-1NOTES\s0 below. -\&\fIout\fR is a \s-1BIO\s0 to write the content to and +in \fIcert\fR \- see the NOTES below. +\&\fIout\fR is a BIO to write the content to and \&\fIflags\fR is an optional set of flags. -If \fIpkey\fR is \s-1NULL\s0 the function assumes that decryption was already done +If \fIpkey\fR is NULL the function assumes that decryption was already done (e.g., using \fBCMS_decrypt_set1_pkey()\fR or \fBCMS_decrypt_set1_password()\fR) and just -provides the content unless \fIcert\fR, \fIdcont\fR, and \fIout\fR are \s-1NULL\s0 as well. +provides the content unless \fIcert\fR, \fIdcont\fR, and \fIout\fR are NULL as well. The \fIdcont\fR parameter is used in the rare case where the encrypted content -is detached. It will normally be set to \s-1NULL.\s0 +is detached. It will normally be set to NULL. .PP \&\fBCMS_decrypt_set1_pkey_and_peer()\fR decrypts the CMS_ContentInfo structure \fIcms\fR using the private key \fIpkey\fR, the corresponding certificate \fIcert\fR, which is -recommended to be supplied but may be \s-1NULL,\s0 +recommended to be supplied but may be NULL, and the (optional) originator certificate \fIpeer\fR. On success, it also records in \fIcms\fR the decryption key \fIpkey\fR, and this should be followed by \f(CW\*(C`CMS_decrypt(cms, NULL, NULL, dcont, out, flags)\*(C'\fR. This call deallocates any decryption key stored in \fIcms\fR. .PP \&\fBCMS_decrypt_set1_pkey()\fR is the same as -\&\fBCMS_decrypt_set1_pkey_and_peer()\fR with \fIpeer\fR being \s-1NULL.\s0 +\&\fBCMS_decrypt_set1_pkey_and_peer()\fR with \fIpeer\fR being NULL. .PP \&\fBCMS_decrypt_set1_password()\fR decrypts the CMS_ContentInfo structure \fIcms\fR using the secret \fIpass\fR of length \fIpasslen\fR. On success, it also records in \fIcms\fR the decryption key used, and this should be followed by \f(CW\*(C`CMS_decrypt(cms, NULL, NULL, dcont, out, flags)\*(C'\fR. This call deallocates any decryption key stored in \fIcms\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Although the recipients certificate is not needed to decrypt the data it is -needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 +needed to locate the appropriate (of possible several) recipients in the CMS structure. .PP -If \fIcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however -is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on -\&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or +If \fIcert\fR is set to NULL all possible recipients are tried. This case however +is problematic. To thwart the MMA attack (Bleichenbacher\*(Aqs attack on +PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt the content: this will typically output garbage and may (but is not guaranteed to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an error when all recipient encrypted keys failed to decrypt an attacker could -use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set +use this in a timing attack. If the special flag \fBCMS_DEBUG_DECRYPT\fR is set then the above behaviour is modified and an error \fBis\fR returned if no recipient encrypted key can be decrypted \fBwithout\fR generating a random content encryption key. Applications should use this flag with @@ -208,18 +133,18 @@ open to attack. .PP It is possible to determine the correct recipient key by other means (for -example looking them up in a database) and setting them in the \s-1CMS\s0 structure -in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR, +example looking them up in a database) and setting them in the CMS structure +in advance using the CMS utility functions such as \fBCMS_set1_pkey()\fR, or use \fBCMS_decrypt_set1_password()\fR if the recipient has a symmetric key. -In these cases both \fIcert\fR and \fIpkey\fR should be set to \s-1NULL.\s0 +In these cases both \fIcert\fR and \fIpkey\fR should be set to NULL. .PP To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and -\&\fIcert\fR and \fIpkey\fR set to \s-1NULL.\s0 +\&\fIcert\fR and \fIpkey\fR set to NULL. .PP The following flags can be passed in the \fIflags\fR parameter. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted +If the \fBCMS_TEXT\fR flag is set MIME headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted from the content. If the content is not of type \f(CW\*(C`text/plain\*(C'\fR then an error is returned. .SH "RETURN VALUES" @@ -228,7 +153,7 @@ \&\fBCMS_decrypt_set1_pkey()\fR, and \fBCMS_decrypt_set1_password()\fR return either 1 for success or 0 for failure. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "BUGS" +.SH BUGS .IX Header "BUGS" The \fBset1_\fR part of these function names is misleading and should better read: \fBwith_\fR. @@ -238,15 +163,15 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBCMS_decrypt_set1_pkey_and_peer()\fR and \fBCMS_decrypt_set1_password()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_digest_create.3.orig +++ secure/lib/libcrypto/man/man3/CMS_digest_create.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_DIGEST_CREATE 3ossl" -.TH CMS_DIGEST_CREATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_DIGEST_CREATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_digest_create_ex, CMS_digest_create \&\- Create CMS DigestedData object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,36 +78,36 @@ \& CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, \& unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_digest_create_ex()\fR creates a \fBCMS_ContentInfo\fR structure -with a type \fBNID_pkcs7_digest\fR. The data supplied via the \fIin\fR \s-1BIO\s0 is digested +with a type \fBNID_pkcs7_digest\fR. The data supplied via the \fIin\fR BIO is digested using \fImd\fR. The library context \fIlibctx\fR and the property query \fIpropq\fR are used when retrieving algorithms from providers. -The \fIflags\fR field supports the \fB\s-1CMS_DETACHED\s0\fR and \fB\s-1CMS_STREAM\s0\fR flags, -Internally \fBCMS_final()\fR is called unless \fB\s-1CMS_STREAM\s0\fR is specified. +The \fIflags\fR field supports the \fBCMS_DETACHED\fR and \fBCMS_STREAM\fR flags, +Internally \fBCMS_final()\fR is called unless \fBCMS_STREAM\fR is specified. .PP The \fBCMS_ContentInfo\fR structure can be freed using \fBCMS_ContentInfo_free\fR\|(3). .PP \&\fBCMS_digest_create()\fR is similar to \fBCMS_digest_create_ex()\fR -but uses default values of \s-1NULL\s0 for the library context \fIlibctx\fR and the +but uses default values of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBCMS_digest_create_ex()\fR and \fBCMS_digest_create()\fR -return \s-1NULL\s0 and set an error code that can be obtained by \fBERR_get_error\fR\|(3). +return NULL and set an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise they return a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_final\fR\|(3)> -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBCMS_digest_create_ex()\fR method was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_encrypt.3.orig +++ secure/lib/libcrypto/man/man3/CMS_encrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_ENCRYPT 3ossl" -.TH CMS_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_ENCRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_encrypt_ex, CMS_encrypt \- create a CMS envelopedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,95 +76,95 @@ \& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, \& const EVP_CIPHER *cipher, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBCMS_encrypt_ex()\fR creates and returns a \s-1CMS\s0 EnvelopedData or +\&\fBCMS_encrypt_ex()\fR creates and returns a CMS EnvelopedData or AuthEnvelopedData structure. \fIcerts\fR is a list of recipient certificates. \&\fIin\fR is the content to be encrypted. \fIcipher\fR is the symmetric cipher to use. \&\fIflags\fR is an optional set of flags. The library context \fIlibctx\fR and the property query \fIpropq\fR are used internally when retrieving algorithms from providers. .PP -Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this +Only certificates carrying RSA, Diffie\-Hellman or EC keys are supported by this function. .PP -\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +\&\fBEVP_des_ede3_cbc()\fR (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. .PP -The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of -its parameters. If the cipher mode is \s-1GCM,\s0 then an AuthEnvelopedData structure -containing \s-1MAC\s0 is used. Otherwise an EnvelopedData structure is used. Currently -the \s-1AES\s0 variants with \s-1GCM\s0 mode are the only supported \s-1AEAD\s0 algorithms. +The algorithm passed in the \fBcipher\fR parameter must support ASN1 encoding of +its parameters. If the cipher mode is GCM, then an AuthEnvelopedData structure +containing MAC is used. Otherwise an EnvelopedData structure is used. Currently +the AES variants with GCM mode are the only supported AEAD algorithms. .PP -Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced -by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +by storing the S/MIME signed message in a memory BIO and passing it to \&\fBCMS_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +If the \fBCMS_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are prepended to the data. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if \fBCMS_BINARY\fR is set no translation occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then -\&\fB\s-1CMS_TEXT\s0\fR is ignored. +otherwise the translation will corrupt it. If \fBCMS_BINARY\fR is set then +\&\fBCMS_TEXT\fR is ignored. .PP OpenSSL will by default identify recipient certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +and serial number. If \fBCMS_USE_KEYID\fR is set it will use the subject key identifier value instead. An error occurs if all recipient certificates do not have a subject key identifier extension. .PP -If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is -returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +If the \fBCMS_STREAM\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the BIO \fBin\fR. .PP -If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +If the \fBCMS_PARTIAL\fR flag is set a partial \fBCMS_ContentInfo\fR structure is returned to which additional recipients and attributes can be added before finalization. .PP The data being encrypted is included in the CMS_ContentInfo structure, unless -\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +\&\fBCMS_DETACHED\fR is set in which case it is omitted. This is rarely used in practice and is not supported by \fBSMIME_write_CMS()\fR. .PP -If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +If the flag \fBCMS_STREAM\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, \&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +can be performed by obtaining the streaming ASN1 \fBBIO\fR directly using \&\fBBIO_new_CMS()\fR. .PP -The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info -structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR +The recipients specified in \fBcerts\fR use a CMS KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag \fBCMS_PARTIAL\fR and \fBCMS_add0_recipient_key()\fR. .PP -The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients +The parameter \fBcerts\fR may be NULL if \fBCMS_PARTIAL\fR is set and recipients added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. .PP \&\fBCMS_encrypt()\fR is similar to \fBCMS_encrypt_ex()\fR but uses default values -of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. +of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_encrypt_ex()\fR and \fBCMS_encrypt()\fR return either a CMS_ContentInfo -structure or \s-1NULL\s0 if an error occurred. The error can be obtained from +structure or NULL if an error occurred. The error can be obtained from \&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBCMS_encrypt_ex()\fR was added in OpenSSL 3.0. .PP -The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. -.SH "COPYRIGHT" +The \fBCMS_STREAM\fR flag was first supported in OpenSSL 1.0.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_final.3.orig +++ secure/lib/libcrypto/man/man3/CMS_final.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,95 +53,36 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_FINAL 3ossl" -.TH CMS_FINAL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_FINAL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_final \- finalise a CMS_ContentInfo structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_final()\fR finalises the structure \fBcms\fR. Its purpose is to perform any operations necessary on \fBcms\fR (digest computation for example) and set the appropriate fields. The parameter \fBdata\fR contains the content to be -processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after +processed. The \fBdcont\fR parameter contains a BIO to write content to after processing: this is only used with detached data and will usually be set to -\&\s-1NULL.\s0 -.SH "NOTES" +NULL. +.SH NOTES .IX Header "NOTES" -This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It +This function will normally be called when the \fBCMS_PARTIAL\fR flag is used. It should only be used when streaming is not performed because the streaming I/O functions perform finalisation operations internally. .SH "RETURN VALUES" @@ -167,11 +92,11 @@ .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_encrypt\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3.orig +++ secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_GET0_RECIPIENTINFOS 3ossl" -.TH CMS_GET0_RECIPIENTINFOS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_GET0_RECIPIENTINFOS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, @@ -147,7 +72,7 @@ CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt \&\- CMS envelopedData RecipientInfo routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -177,53 +102,53 @@ \& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); \& int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo -structures associated with a \s-1CMS\s0 EnvelopedData structure. +structures associated with a CMS EnvelopedData structure. .PP \&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. -It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, -CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0 +It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, +CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER. .PP \&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which -must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in +must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in \&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. .PP \&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the -CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 +CMS_RecipientInfo structure \fBri\fR, which must be of type CMS_RECIPINFO_TRANS. It returns zero if the comparison is successful and non zero if not. .PP \&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type -\&\s-1CMS_RECIPINFO_TRANS.\s0 +CMS_RECIPINFO_TRANS. .PP \&\fBCMS_RecipientInfo_kari_set0_pkey_and_peer()\fR associates the private key \fBpkey\fR and peer certificate \fBpeer\fR with the CMS_RecipientInfo structure \fBri\fR, which -must be of type \s-1CMS_RECIPINFO_AGREE.\s0 +must be of type CMS_RECIPINFO_AGREE. .PP \&\fBCMS_RecipientInfo_kari_set0_pkey()\fR associates the private key \fBpkey\fR with the -CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_AGREE.\s0 +CMS_RecipientInfo structure \fBri\fR, which must be of type CMS_RECIPINFO_AGREE. .PP \&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the -CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any -of the remaining parameters can be \s-1NULL\s0 if the application is not interested in -the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written +CMS_RecipientInfo structure \fBri\fR which must be of type CMS_RECIPINFO_KEK. Any +of the remaining parameters can be NULL if the application is not interested in +the value of a field. Where a field is optional and absent NULL will be written to the corresponding parameter. The keyEncryptionAlgorithm field is written to \&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if present is written to \fBpdate\fR, if the \fBother\fR field is present the components \&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and \&\fBpothertype\fR. .PP -\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the ID in the \fBid\fR and \fBidlen\fR parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, -which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is +which must be of type CMS_RECIPINFO_KEK. It returns zero if the comparison is successful and non zero if not. .PP \&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length \&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type -\&\s-1CMS_RECIPINFO_KEK.\s0 +CMS_RECIPINFO_KEK. .PP \&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure @@ -233,7 +158,7 @@ \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure first and the content encryption key must be available: for example by a previous call to \fBCMS_RecipientInfo_decrypt()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The main purpose of these functions is to enable an application to lookup recipient keys using any appropriate technique when the simpler method @@ -246,7 +171,7 @@ function. Then if the corresponding secret or private key can be obtained by any appropriate means it can then associated with the structure and \&\fBCMS_RecipientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called -with a \s-1NULL\s0 key to decrypt the enveloped content. +with a NULL key to decrypt the enveloped content. .PP The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an existing enveloped data structure. Typically an application will first decrypt @@ -256,7 +181,7 @@ using \fBCMS_RecipientInfo_encrypt()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or NULL if an error occurs. .PP \&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR, @@ -271,15 +196,15 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBCMS_RecipientInfo_kari_set0_pkey_and_peer\fR and \fBCMS_RecipientInfo_kari_set0_pkey\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3.orig +++ secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_GET0_SIGNERINFOS 3ossl" -.TH CMS_GET0_SIGNERINFOS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_GET0_SIGNERINFOS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp \&\- CMS signedData signer functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,10 +81,10 @@ \& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); \& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures -associated with a \s-1CMS\s0 signedData structure. +associated with a CMS signedData structure. .PP \&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the @@ -167,7 +92,7 @@ in \fBissuer\fR and \fBsno\fR. .PP \&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with -\&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned +\&\fBsi\fR in a pointer to an ASN1_OCTET_STRING structure. This pointer returned corresponds to the internal signature value if \fBsi\fR so it may be read or modified. .PP @@ -177,7 +102,7 @@ .PP \&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to \&\fBsigner\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The main purpose of these functions is to enable an application to lookup signers certificates using any appropriate technique when the simpler method @@ -185,19 +110,19 @@ .PP In typical usage and application will retrieve all CMS_SignerInfo structures using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using -\&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means +CMS. It will then obtain the signer certificate by some unspecified means (or return and error if it cannot be found) and set it using \&\fBCMS_SignerInfo_set1_signer_cert()\fR. .PP Once all signer certificates have been set \fBCMS_verify()\fR can be used. .PP -Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if +Although \fBCMS_get0_SignerInfos()\fR can return NULL if an error occurs \fBor\fR if there are no signers this is not a problem in practice because the only error which can occur is if the \fBcms\fR structure is not of type signedData due to application error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or NULL there are no signers or an error occurs. .PP \&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. @@ -211,11 +136,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_get0_type.3.orig +++ secure/lib/libcrypto/man/man3/CMS_get0_type.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_GET0_TYPE 3ossl" -.TH CMS_GET0_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_GET0_TYPE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- get and set CMS content types and content -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,32 +75,32 @@ \& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); \& ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as -an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the +an ASN1_OBJECT pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. .PP \&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo -structure. It should be called with \s-1CMS\s0 functions (such as \fBCMS_sign\fR\|(3), +structure. It should be called with CMS functions (such as \fBCMS_sign\fR\|(3), \&\fBCMS_encrypt\fR\|(3)) -with the \fB\s-1CMS_PARTIAL\s0\fR +with the \fBCMS_PARTIAL\fR flag and \fBbefore\fR the structure is finalised, otherwise the results are undefined. .PP -\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded +ASN1_OBJECT *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded content type. .PP -\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer +\&\fBCMS_get0_content()\fR returns a pointer to the \fBASN1_OCTET_STRING\fR pointer containing the embedded content. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and \&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. -\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up +\&\fBCMS_set1_eContentType()\fR copies the supplied OID and it \fBshould\fR be freed up after use. .PP -The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value +The \fBASN1_OBJECT\fR values returned can be converted to an integer \fBNID\fR value using \fBOBJ_obj2nid()\fR. For the currently supported content types the following values are returned: .PP @@ -188,31 +113,31 @@ \& NID_pkcs7_enveloped .Ve .PP -The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR +The return value of \fBCMS_get0_content()\fR is a pointer to the \fBASN1_OCTET_STRING\fR content pointer. That means that for example: .PP .Vb 1 \& ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); .Ve .PP -\&\fB*pconf\fR could be \s-1NULL\s0 if there is no embedded content. Applications can +\&\fB*pconf\fR could be NULL if there is no embedded content. Applications can access, modify or create the embedded content in a \fBCMS_ContentInfo\fR structure using this function. Applications usually will not need to modify the embedded content as it is normally set by higher level functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. +\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an ASN1_OBJECT structure. .PP \&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3.orig +++ secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_GET1_RECEIPTREQUEST 3ossl" -.TH CMS_GET1_RECEIPTREQUEST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_GET1_RECEIPTREQUEST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_ReceiptRequest_create0_ex, CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \&\- CMS signed receipt request functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,19 +86,19 @@ \& STACK_OF(GENERAL_NAMES) **plist, \& STACK_OF(GENERAL_NAMES) **prto); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_ReceiptRequest_create0_ex()\fR creates a signed receipt request structure. The \fBsignedContentIdentifier\fR field is set using \fIid\fR and \fIidlen\fR, -or it is set to 32 bytes of pseudo random data if \fIid\fR is \s-1NULL.\s0 -If \fIreceiptList\fR is \s-1NULL\s0 the allOrFirstTier option in \fIreceiptsFrom\fR is used +or it is set to 32 bytes of pseudo random data if \fIid\fR is NULL. +If \fIreceiptList\fR is NULL the allOrFirstTier option in \fIreceiptsFrom\fR is used and set to the value of the \fIallorfirst\fR parameter. If \fIreceiptList\fR is not -\&\s-1NULL\s0 the \fIreceiptList\fR option in \fIreceiptsFrom\fR is used. The \fIreceiptsTo\fR +NULL the \fIreceiptList\fR option in \fIreceiptsFrom\fR is used. The \fIreceiptsTo\fR parameter specifies the \fIreceiptsTo\fR field value. The library context \fIlibctx\fR is used to find the public random generator. .PP \&\fBCMS_ReceiptRequest_create0()\fR is similar to -\&\fBCMS_ReceiptRequest_create0_ex()\fR but uses default values of \s-1NULL\s0 for the +\&\fBCMS_ReceiptRequest_create0_ex()\fR but uses default values of NULL for the library context \fIlibctx\fR. .PP The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR @@ -187,9 +112,9 @@ option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR parameter is copied to \fBprto\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -For more details of the meaning of the fields see \s-1RFC2634.\s0 +For more details of the meaning of the fields see RFC2634. .PP The contents of a signed receipt should only be considered meaningful if the corresponding CMS_ContentInfo structure can be successfully verified using @@ -197,7 +122,7 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_ReceiptRequest_create0_ex()\fR and \fBCMS_ReceiptRequest_create0()\fR return -a signed receipt request structure or \s-1NULL\s0 if an error occurred. +a signed receipt request structure or NULL if an error occurred. .PP \&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. .PP @@ -209,14 +134,14 @@ \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) \&\fBCMS_verify_receipt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBCMS_ReceiptRequest_create0_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_sign.3.orig +++ secure/lib/libcrypto/man/man3/CMS_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_SIGN 3ossl" -.TH CMS_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_sign, CMS_sign_ex \- create a CMS SignedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,120 +77,120 @@ \& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, \& BIO *data, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBCMS_sign_ex()\fR creates and returns a \s-1CMS\s0 SignedData structure. +\&\fBCMS_sign_ex()\fR creates and returns a CMS SignedData structure. \&\fIsigncert\fR is the certificate to sign with, \fIpkey\fR is the corresponding private key. \fIcerts\fR is an optional additional set of certificates to include -in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). The +in the CMS structure (for example any intermediate CAs in the chain). The library context \fIlibctx\fR and the property query \fIpropq\fR are used when retrieving algorithms from providers. Any or all of these parameters can be -\&\fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. +\&\fBNULL\fR, see \fBNOTES\fR below. .PP -The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +The data to be signed is read from BIO \fBdata\fR. .PP \&\fBflags\fR is an optional set of flags. .PP -\&\fBCMS_sign()\fR is similar to \fBCMS_sign_ex()\fR but uses default values of \s-1NULL\s0 +\&\fBCMS_sign()\fR is similar to \fBCMS_sign_ex()\fR but uses default values of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Any of the following flags (ored together) can be passed in the \fBflags\fR parameter. .PP -Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If -the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +Many S/MIME clients expect the signed content to include valid MIME headers. If +the \fBCMS_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are prepended to the data. .PP -If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the -CMS_ContentInfo structure, the signer's certificate must still be supplied in +If \fBCMS_NOCERTS\fR is set the signer\*(Aqs certificate will not be included in the +CMS_ContentInfo structure, the signer\*(Aqs certificate must still be supplied in the \fBsigncert\fR parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. .PP The data being signed is included in the CMS_ContentInfo structure, unless -\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for +\&\fBCMS_DETACHED\fR is set in which case it is omitted. This is used for CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed messages for example. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if \fBCMS_BINARY\fR is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. .PP -The SignedData structure includes several \s-1CMS\s0 signedAttributes including the -signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an -SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes -will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fBCMS_NOATTR\fR is set then no signedAttributes +will be used. If \fBCMS_NOSMIMECAP\fR is set then just the SMIMECapabilities are omitted. .PP If present the SMIMECapabilities attribute indicates support for the following -algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 -bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 +algorithms in preference order: 256 bit AES, Gost R3411\-94, Gost 28147\-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is not available then it will not be included: -for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +for example the GOST algorithms will not be included if the GOST ENGINE is not loaded. .PP OpenSSL will by default identify signing certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +and serial number. If \fBCMS_USE_KEYID\fR is set it will use the subject key identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension. .PP -If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR +If the flags \fBCMS_STREAM\fR is set then the returned \fBCMS_ContentInfo\fR structure is just initialized ready to perform the signing operation. The signing is however \fBnot\fR performed and the data to be signed is not read from the \fBdata\fR parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass. .PP -If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +If the \fBCMS_PARTIAL\fR flag is set a partial \fBCMS_ContentInfo\fR structure is output to which additional signers and capabilities can be added before finalization. .PP -If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +If the flag \fBCMS_STREAM\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, \&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +can be performed by obtaining the streaming ASN1 \fBBIO\fR directly using \&\fBBIO_new_CMS()\fR. .PP If a signer is specified it will use the default digest for the signing -algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +algorithm. This is \fBSHA256\fR for both RSA and DSA keys. .PP -If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is +If \fBsigncert\fR and \fBpkey\fR are NULL then a certificates only CMS structure is output. .PP -The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +The function \fBCMS_sign()\fR is a basic CMS signing function whose output will be suitable for many purposes. For finer control of the output format the -\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the -\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the +\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fBNULL\fR and the +\&\fBCMS_PARTIAL\fR flag set. Then one or more signers can be added using the function \fBCMS_add1_signer()\fR, non default digests can be used and custom attributes added. \fBCMS_final()\fR must then be called to finalize the structure if streaming is not enabled. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Some attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_sign_ex()\fR and \fBCMS_sign()\fR return either a valid CMS_ContentInfo -structure or \s-1NULL\s0 if an error occurred. The error can be obtained from +structure or NULL if an error occurred. The error can be obtained from \&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, +The \fBCMS_STREAM\fR flag is only supported for detached data in OpenSSL 0.9.8, it is supported for embedded data in OpenSSL 1.0.0 and later. .PP The \fBCMS_sign_ex()\fR method was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_sign_receipt.3.orig +++ secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_SIGN_RECEIPT 3ossl" -.TH CMS_SIGN_RECEIPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_SIGN_RECEIPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_sign_receipt \- create a CMS signed receipt -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,35 +74,35 @@ \& EVP_PKEY *pkey, STACK_OF(X509) *certs, \& unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +\&\fBCMS_sign_receipt()\fR creates and returns a CMS signed receipt structure. \fBsi\fR is the \fBCMS_SignerInfo\fR structure containing the signed receipt request. \&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding private key. \fBcerts\fR is an optional additional set of certificates to include -in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). +in the CMS structure (for example any intermediate CAs in the chain). .PP \&\fBflags\fR is an optional set of flags. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values -\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR +\&\fBCMS_DETACHED\fR, \fBCMS_BINARY\fR, \fBCMS_NOATTR\fR, \fBCMS_TEXT\fR and \fBCMS_STREAM\fR are not supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBCMS_verify_receipt\fR\|(3), \&\fBCMS_sign\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- /dev/null +++ secure/lib/libcrypto/man/man3/CMS_signed_get_attr.3 @@ -0,0 +1,263 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "CMS_SIGNED_GET_ATTR 3ossl" +.TH CMS_SIGNED_GET_ATTR 3ossl 2026-04-07 3.0.20 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +CMS_signed_get_attr_count, +CMS_signed_get_attr_by_NID, CMS_signed_get_attr_by_OBJ, CMS_signed_get_attr, +CMS_signed_delete_attr, +CMS_signed_add1_attr, CMS_signed_add1_attr_by_OBJ, +CMS_signed_add1_attr_by_NID, CMS_signed_add1_attr_by_txt, +CMS_signed_get0_data_by_OBJ, +CMS_unsigned_get_attr_count, +CMS_unsigned_get_attr_by_NID, CMS_unsigned_get_attr_by_OBJ, +CMS_unsigned_get_attr, CMS_unsigned_delete_attr, +CMS_unsigned_add1_attr, CMS_unsigned_add1_attr_by_OBJ, +CMS_unsigned_add1_attr_by_NID, CMS_unsigned_add1_attr_by_txt, +CMS_unsigned_get0_data_by_OBJ +\&\- CMS signed and unsigned attribute functions +.SH SYNOPSIS +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +\& int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, +\& int lastpos); +\& int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, +\& int lastpos); +\& X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +\& X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +\& int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +\& int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, +\& const ASN1_OBJECT *obj, int type, +\& const void *bytes, int len); +\& int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, +\& int nid, int type, +\& const void *bytes, int len); +\& int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, +\& const char *attrname, int type, +\& const void *bytes, int len); +\& void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, +\& const ASN1_OBJECT *oid, +\& int lastpos, int type); +\& +\& int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +\& int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, +\& int lastpos); +\& int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, +\& const ASN1_OBJECT *obj, int lastpos); +\& X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +\& X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +\& int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +\& int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, +\& const ASN1_OBJECT *obj, int type, +\& const void *bytes, int len); +\& int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, +\& int nid, int type, +\& const void *bytes, int len); +\& int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, +\& const char *attrname, int type, +\& const void *bytes, int len); +\& void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, +\& int lastpos, int type); +.Ve +.SH DESCRIPTION +.IX Header "DESCRIPTION" +CMS_signerInfo contains separate attribute lists for signed and unsigned +attributes. Each \fBCMS_signed_XXX()\fR function is used for signed attributes, and +each \fBCMS_unsigned_XXX()\fR function is used for unsigned attributes. +Since the \fBCMS_unsigned_XXX()\fR functions work in the same way as the +\&\fBCMS_signed_XXX()\fR equivalents, only the \fBCMS_signed_XXX()\fR functions are +described below. +.PP +\&\fBCMS_signed_get_attr_by_OBJ()\fR finds the location of the first matching object +\&\fIobj\fR in the SignerInfo\*(Aqs \fIsi\fR signed attribute list. The search starts at the +position after \fIlastpos\fR. If the returned value is positive then it can be used +on the next call to \fBCMS_signed_get_attr_by_OBJ()\fR as the value of \fIlastpos\fR in +order to iterate through the remaining attributes. \fIlastpos\fR can be set to any +negative value on the first call, in order to start searching from the start of +the signed attribute list. +.PP +\&\fBCMS_signed_get_attr_by_NID()\fR is similar to \fBCMS_signed_get_attr_by_OBJ()\fR except +that it passes the numerical identifier (NID) \fInid\fR associated with the object. +See for a list of NID_*. +.PP +\&\fBCMS_signed_get_attr()\fR returns the \fBX509_ATTRIBUTE\fR object at index \fIloc\fR in the +\&\fIsi\fR signed attribute list. \fIloc\fR should be in the range from 0 to +\&\fBCMS_signed_get_attr_count()\fR \- 1. +.PP +\&\fBCMS_signed_delete_attr()\fR removes the \fBX509_ATTRIBUTE\fR object at index \fIloc\fR in +the \fIsi\fR signed attribute list. An error occurs if the \fIsi\fR attribute list +is NULL. +.PP +\&\fBCMS_signed_add1_attr()\fR pushes a copy of the passed in \fBX509_ATTRIBUTE\fR object +to the \fIsi\fR signed attribute list. A new signed attribute list is created if +required. An error occurs if \fIattr\fR is NULL. +.PP +\&\fBCMS_signed_add1_attr_by_OBJ()\fR creates a new signed \fBX509_ATTRIBUTE\fR using +\&\fBX509_ATTRIBUTE_set1_object()\fR and \fBX509_ATTRIBUTE_set1_data()\fR to assign a new +\&\fIobj\fR with type \fItype\fR and data \fIbytes\fR of length \fIlen\fR and then pushes it +to the \fIkey\fR object\*(Aqs attribute list. +.PP +\&\fBCMS_signed_add1_attr_by_NID()\fR is similar to \fBCMS_signed_add1_attr_by_OBJ()\fR except +that it passes the numerical identifier (NID) \fInid\fR associated with the object. +See for a list of NID_*. +.PP +\&\fBCMS_signed_add1_attr_by_txt()\fR is similar to \fBCMS_signed_add1_attr_by_OBJ()\fR +except that it passes a name \fIattrname\fR associated with the object. +See for a list of SN_* names. +.PP +\&\fBCMS_signed_get0_data_by_OBJ()\fR finds the first attribute in a \fIsi\fR signed +attributes list that matches the \fIobj\fR starting at index \fIlastpos\fR +and returns the data retrieved from the found attributes first \fBASN1_TYPE\fR +object. An error will occur if the attribute type \fItype\fR does not match the +type of the \fBASN1_TYPE\fR object OR if \fItype\fR is either \fBV_ASN1_BOOLEAN\fR or +\&\fBV_ASN1_NULL\fR OR the attribute is not found. +If \fIlastpos\fR is less than \-1 then an error will occur if there are multiple +objects in the signed attribute list that match \fIobj\fR. +If \fIlastpos\fR is less than \-2 then an error will occur if there is more than +one \fBASN1_TYPE\fR object in the found signed attribute. +.PP +Refer to \fBX509_ATTRIBUTE\fR\|(3) for information related to attributes. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBCMS_unsigned_XXX()\fR functions return values are similar to those of the +equivalent \fBCMS_signed_XXX()\fR functions. +.PP +\&\fBCMS_signed_get_attr_count()\fR returns the number of signed attributes in the +SignerInfo \fIsi\fR, or \-1 if the signed attribute list is NULL. +.PP +\&\fBCMS_signed_get_attr_by_OBJ()\fR returns \-1 if either the signed attribute list of +\&\fIsi\fR is empty OR if \fIobj\fR is not found, otherwise it returns the location of +the \fIobj\fR in the SignerInfo\*(Aqs \fIsi\fR signed attribute list. +.PP +\&\fBCMS_signed_get_attr_by_NID()\fR is similar to \fBCMS_signed_get_attr_by_OBJ()\fR except +that it returns \-2 if the \fInid\fR is not known by OpenSSL. +.PP +\&\fBCMS_signed_get_attr()\fR returns either a signed \fBX509_ATTRIBUTE\fR or NULL on error. +.PP +\&\fBCMS_signed_delete_attr()\fR returns either the removed signed \fBX509_ATTRIBUTE\fR or +NULL if there is a error. +.PP +\&\fBCMS_signed_add1_attr()\fR, \fBCMS_signed_add1_attr_by_OBJ()\fR, +\&\fBCMS_signed_add1_attr_by_NID()\fR, \fBCMS_signed_add1_attr_by_txt()\fR, +return 1 on success or 0 on error. +.PP +\&\fBCMS_signed_get0_data_by_OBJ()\fR returns the data retrieved from the found +signed attributes first \fBASN1_TYPE\fR object, or NULL if an error occurs. +.SH NOTES +.IX Header "NOTES" +Some attributes are added automatically during the signing process. +.PP +Calling \fBCMS_SignerInfo_sign()\fR adds the NID_pkcs9_signingTime signed +attribute. +.PP +Calling \fBCMS_final()\fR, \fBCMS_final_digest()\fR or \fBCMS_dataFinal()\fR adds the +NID_pkcs9_messageDigest signed attribute. +.PP +The NID_pkcs9_contentType signed attribute is always added if the +NID_pkcs9_signingTime attribute is added. +.PP +Calling \fBCMS_sign_ex()\fR, \fBCMS_sign_receipt()\fR or \fBCMS_add1_signer()\fR may add +attributes depending on the flags parameter. See \fBCMS_add1_signer\fR\|(3) for +more information. +.PP +OpenSSL applies special rules for the following attribute NIDs: +.IP "CMS Signed Attributes" 4 +.IX Item "CMS Signed Attributes" +NID_pkcs9_contentType +NID_pkcs9_messageDigest +NID_pkcs9_signingTime +.IP "ESS Signed Attributes" 4 +.IX Item "ESS Signed Attributes" +NID_id_smime_aa_signingCertificate +NID_id_smime_aa_signingCertificateV2 +NID_id_smime_aa_receiptRequest +.IP "CMS Unsigned Attributes" 4 +.IX Item "CMS Unsigned Attributes" +NID_pkcs9_countersignature +.PP +\&\fBCMS_signed_add1_attr()\fR, \fBCMS_signed_add1_attr_by_OBJ()\fR, +\&\fBCMS_signed_add1_attr_by_NID()\fR, \fBCMS_signed_add1_attr_by_txt()\fR +and the equivalent \fBCMS_unsigned_add1_attrXXX()\fR functions allow +duplicate attributes to be added. The attribute rules are not checked +during these function calls, and are deferred until the sign or verify process +(i.e. during calls to any of \fBCMS_sign_ex()\fR, \fBCMS_sign()\fR, \fBCMS_sign_receipt()\fR, +\&\fBCMS_add1_signer()\fR, \fBCMS_Final()\fR, \fBCMS_dataFinal()\fR, \fBCMS_final_digest()\fR, +\&\fBCMS_verify()\fR, \fBCMS_verify_receipt()\fR or \fBCMS_SignedData_verify()\fR). +.PP +For CMS attribute rules see RFC 5652 Section 11. +For ESS attribute rules see RFC 2634 Section 1.3.4 and RFC 5035 Section 5.4. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_ATTRIBUTE\fR\|(3) +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2023\-2024 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +. --- secure/lib/libcrypto/man/man3/CMS_uncompress.3.orig +++ secure/lib/libcrypto/man/man3/CMS_uncompress.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,93 +53,34 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_UNCOMPRESS 3ossl" -.TH CMS_UNCOMPRESS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_UNCOMPRESS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_uncompress \- uncompress a CMS CompressedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 -CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a CMS +CompressedData structure \fBcms\fR. \fBdata\fR is a BIO to write the content to and \&\fBflags\fR is an optional set of flags. .PP The \fBdcont\fR parameter is used in the rare case where the compressed content -is detached. It will normally be set to \s-1NULL.\s0 -.SH "NOTES" +is detached. It will normally be set to NULL. +.SH NOTES .IX Header "NOTES" The only currently supported compression algorithm is zlib: if the structure indicates the use of any other algorithm an error is returned. @@ -165,25 +90,25 @@ .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +If the \fBCMS_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" +.SH BUGS .IX Header "BUGS" The lack of single pass processing and the need to hold all data in memory as mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_verify.3.orig +++ secure/lib/libcrypto/man/man3/CMS_verify.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_VERIFY 3ossl" -.TH CMS_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_VERIFY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,20 +75,20 @@ \& \& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCMS_verify()\fR is very similar to \fBPKCS7_verify\fR\|(3). It verifies a -\&\fB\s-1CMS\s0 SignedData\fR structure contained in a structure of type \fBCMS_ContentInfo\fR. +\&\fBCMS SignedData\fR structure contained in a structure of type \fBCMS_ContentInfo\fR. \&\fIcms\fR points to the \fBCMS_ContentInfo\fR structure to verify. The optional \fIcerts\fR parameter refers to a set of certificates in which to search for signing certificates. -\&\fIcms\fR may contain extra untrusted \s-1CA\s0 certificates that may be used for +\&\fIcms\fR may contain extra untrusted CA certificates that may be used for chain building as well as CRLs that may be used for certificate validation. -\&\fIstore\fR may be \s-1NULL\s0 or point to +\&\fIstore\fR may be NULL or point to the trusted certificate store to use for chain verification. \&\fIindata\fR refers to the signed data if the content is detached from \fIcms\fR. -Otherwise \fIindata\fR should be \s-1NULL\s0 and the signed data must be in \fIcms\fR. -The content is written to the \s-1BIO\s0 \fIout\fR unless it is \s-1NULL.\s0 +Otherwise \fIindata\fR should be NULL and the signed data must be in \fIcms\fR. +The content is written to the BIO \fIout\fR unless it is NULL. \&\fIflags\fR is an optional set of flags, which can be used to modify the operation. .PP \&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fIcms\fR, it may only @@ -174,23 +99,23 @@ .PP Initially some sanity checks are performed on \fIcms\fR. The type of \fIcms\fR must be SignedData. There must be at least one signature on the data and if -the content is detached \fIindata\fR cannot be \s-1NULL.\s0 +the content is detached \fIindata\fR cannot be NULL. .PP An attempt is made to locate all the signing certificate(s), first looking in -the \fIcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any -certificates contained in the \fIcms\fR structure unless \fB\s-1CMS_NOINTERN\s0\fR is set. +the \fIcerts\fR parameter (if it is not NULL) and then looking in any +certificates contained in the \fIcms\fR structure unless \fBCMS_NOINTERN\fR is set. If any signing certificate cannot be located the operation fails. .PP Each signing certificate is chain verified using the \fIsmimesign\fR purpose and using the trusted certificate store \fIstore\fR if supplied. Any internal certificates in the message, which may have been added using \&\fBCMS_add1_cert\fR\|(3), are used as untrusted CAs. -If \s-1CRL\s0 checking is enabled in \fIstore\fR and \fB\s-1CMS_NOCRL\s0\fR is not set, +If CRL checking is enabled in \fIstore\fR and \fBCMS_NOCRL\fR is not set, any internal CRLs, which may have been added using \fBCMS_add1_crl\fR\|(3), are used in addition to attempting to look them up in \fIstore\fR. -If \fIstore\fR is not \s-1NULL\s0 and any chain verify fails an error code is returned. +If \fIstore\fR is not NULL and any chain verify fails an error code is returned. .PP -Finally the signed content is read (and written to \fIout\fR unless it is \s-1NULL\s0) +Finally the signed content is read (and written to \fIout\fR unless it is NULL) and the signature is checked. .PP If all signatures verify correctly then the function is successful. @@ -198,31 +123,31 @@ Any of the following flags (ored together) can be passed in the \fIflags\fR parameter to change the default verify behaviour. .PP -If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not +If \fBCMS_NOINTERN\fR is set the certificates in the message itself are not searched when locating the signing certificate(s). This means that all the signing certificates must be in the \fIcerts\fR parameter. .PP -If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fIstore\fR then any +If \fBCMS_NOCRL\fR is set and CRL checking is enabled in \fIstore\fR then any CRLs in the message itself are ignored. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +If the \fBCMS_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .PP -If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not -chain verified, unless \fB\s-1CMS_CADES\s0\fR flag is also set. +If \fBCMS_NO_SIGNER_CERT_VERIFY\fR is set the signing certificates are not +chain verified, unless \fBCMS_CADES\fR flag is also set. .PP -If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not -verified, unless \s-1CMS_CADES\s0 flag is also set. +If \fBCMS_NO_ATTR_VERIFY\fR is set the signed attributes signature is not +verified, unless CMS_CADES flag is also set. .PP -If \fB\s-1CMS_CADES\s0\fR is set, each signer certificate is checked against the -\&\s-1ESS\s0 signingCertificate or \s-1ESS\s0 signingCertificateV2 extension +If \fBCMS_CADES\fR is set, each signer certificate is checked against the +ESS signingCertificate or ESS signingCertificateV2 extension that is required in the signed attributes of the signature. .PP -If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. -.SH "NOTES" +If \fBCMS_NO_CONTENT_VERIFY\fR is set then the content digest is not checked. +.SH NOTES .IX Header "NOTES" -One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by +One application of \fBCMS_NOINTERN\fR is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed in the \fIcerts\fR parameter. In this case if the signer certificate is not one of the certificates supplied in \fIcerts\fR then the verify will fail because the @@ -235,7 +160,7 @@ using the signed data utility functions. .PP Care should be taken when modifying the default verify behaviour, for example -setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification +setting \fBCMS_NO_CONTENT_VERIFY\fR will totally disable all content verification and any modified content will be considered valid. This combination is however useful if one merely wishes to write the content to \fIout\fR and its validity is not considered important. @@ -248,10 +173,10 @@ .IX Header "RETURN VALUES" \&\fBCMS_verify()\fR returns 1 for a successful verification and 0 if an error occurred. .PP -\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +\&\fBCMS_get0_signers()\fR returns all signers or NULL if an error occurred. .PP The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" +.SH BUGS .IX Header "BUGS" The trusted certificate store is not searched for the signing certificate. This is primarily due to the inadequacies of the current \fBX509_STORE\fR @@ -264,11 +189,11 @@ \&\fBPKCS7_verify\fR\|(3), \fBCMS_add1_cert\fR\|(3), \fBCMS_add1_crl\fR\|(3), \&\fBOSSL_ESS_check_signing_certs\fR\|(3), \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CMS_verify_receipt.3.orig +++ secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CMS_VERIFY_RECEIPT 3ossl" -.TH CMS_VERIFY_RECEIPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CMS_VERIFY_RECEIPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CMS_verify_receipt \- verify a CMS signed receipt -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,9 +74,9 @@ \& STACK_OF(X509) *certs, X509_STORE *store, \& unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +\&\fBCMS_verify_receipt()\fR verifies a CMS signed receipt. \fBrcms\fR is the signed receipt to verify. \fBocms\fR is the original SignedData structure containing the receipt request. \fBcerts\fR is a set of certificates in which to search for the signing certificate. \fBstore\fR is a trusted certificate store (used for chain @@ -159,10 +84,10 @@ .PP \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values -\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not +\&\fBCMS_DETACHED\fR, \fBCMS_BINARY\fR, \fBCMS_TEXT\fR and \fBCMS_STREAM\fR are not supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -175,11 +100,11 @@ \&\fBERR_get_error\fR\|(3), \&\fBCMS_sign_receipt\fR\|(3), \&\fBCMS_verify\fR\|(3), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CONF_modules_free.3.orig +++ secure/lib/libcrypto/man/man3/CONF_modules_free.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CONF_MODULES_FREE 3ossl" -.TH CONF_MODULES_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CONF_MODULES_FREE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- OpenSSL configuration cleanup functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,13 +76,13 @@ .Ve .PP The following functions have been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& void CONF_modules_free(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, @@ -169,7 +94,7 @@ .PP \&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If \&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If -\&\fBall\fR is \fB1\fR all modules, including built-in modules will be unloaded. +\&\fBall\fR is \fB1\fR all modules, including built\-in modules will be unloaded. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions return a value. @@ -177,15 +102,15 @@ .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3), \&\fBCONF_modules_load_file_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. For more information see \fBOPENSSL_init_crypto\fR\|(3). -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CONF_modules_load_file.3.orig +++ secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CONF_MODULES_LOAD_FILE 3ossl" -.TH CONF_MODULES_LOAD_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CONF_MODULES_LOAD_FILE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CONF_get1_default_config_file, CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load \&\- OpenSSL configuration functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,62 +80,62 @@ \& int CONF_modules_load(const CONF *cnf, const char *appname, \& unsigned long flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBCONF_get1_default_config_file()\fR determines the default configuration file pathname as follows. -If the \fB\s-1OPENSSL_CONF\s0\fR environment variable is set its value is returned. +If the \fBOPENSSL_CONF\fR environment variable is set its value is returned. Else the function returns the path obtained using \&\fBX509_get_default_cert_area\fR\|(3) with the filename \f(CW"openssl.cnf"\fR appended. The caller is responsible for freeing any string returned. .PP The function \fBCONF_modules_load_file_ex()\fR configures OpenSSL using library context \fBlibctx\fR file \fBfilename\fR and application name \fBappname\fR. -If \fBfilename\fR is \s-1NULL\s0 the standard OpenSSL configuration file is used +If \fBfilename\fR is NULL the standard OpenSSL configuration file is used as determined by calling \fBCONF_get1_default_config_file()\fR. -If \fBappname\fR is \s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is +If \fBappname\fR is NULL the standard OpenSSL application name \fBopenssl_conf\fR is used. The behaviour can be customized using \fBflags\fR. Note that, the error suppressing can be overridden by \fBconfig_diagnostics\fR as described in \fBconfig\fR\|(5). .PP \&\fBCONF_modules_load_file()\fR is the same as \fBCONF_modules_load_file_ex()\fR but -has a \s-1NULL\s0 library context. +has a NULL library context. .PP \&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it reads configuration information from \fBcnf\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The following \fBflags\fR are currently recognized: .PP -If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual +If \fBCONF_MFLAGS_IGNORE_ERRORS\fR is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded. .PP Normally any modules errors will add error information to the error queue. If -\&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. +\&\fBCONF_MFLAGS_SILENT\fR is set no error information is added. .PP -If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally +If \fBCONF_MFLAGS_IGNORE_RETURN_CODES\fR is set the function unconditionally returns success. This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in -the default system-wide configuration file, as having all OpenSSL applications +the default system\-wide configuration file, as having all OpenSSL applications fail to start when there are potentially minor issues in the file is too risky. Applications calling \fBCONF_modules_load_file_ex\fR explicitly should not generally set this flag. .PP -If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is +If \fBCONF_MFLAGS_NO_DSO\fR is set configuration module loading from DSOs is disabled. .PP -\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR +\&\fBCONF_MFLAGS_IGNORE_MISSING_FILE\fR if set will make \fBCONF_load_modules_file()\fR ignore missing configuration files. Normally a missing configuration file return an error. .PP -\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the +\&\fBCONF_MFLAGS_DEFAULT_SECTION\fR if set and \fBappname\fR is not NULL will use the default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. .PP By using \fBCONF_modules_load_file_ex()\fR with appropriate flags an application can customise application configuration to best suit its needs. In some cases the use of a configuration file is optional and its absence is not -an error: in this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. +an error: in this case \fBCONF_MFLAGS_IGNORE_MISSING_FILE\fR would be set. .PP Errors during configuration may also be handled differently by different applications. For example in some cases an error may simply print out a warning @@ -225,7 +150,7 @@ These functions return 1 for success and a zero or negative value for failure. If module errors are not ignored the return code will reflect the return value of the failing module (this will always be zero or negative). -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Load a configuration file and print out any errors and exit (missing file considered fatal): @@ -238,7 +163,7 @@ \& } .Ve .PP -Load default configuration file using the section indicated by \*(L"myapp\*(R", +Load default configuration file using the section indicated by "myapp", tolerate missing files, but exit on other errors: .PP .Vb 6 @@ -292,11 +217,11 @@ \&\fBconfig\fR\|(5), \&\fBOPENSSL_config\fR\|(3), \&\fBNCONF_new_ex\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3.orig +++ secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CRYPTO_THREAD_RUN_ONCE 3ossl" -.TH CRYPTO_THREAD_RUN_ONCE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CRYPTO_THREAD_RUN_ONCE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add, CRYPTO_atomic_or, CRYPTO_atomic_load \- OpenSSL thread support -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,78 +87,79 @@ \& CRYPTO_RWLOCK *lock); \& int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -OpenSSL can be safely used in multi-threaded applications provided that -support for the underlying \s-1OS\s0 threading \s-1API\s0 is built-in. Currently, OpenSSL +OpenSSL can be safely used in multi\-threaded applications provided that +support for the underlying OS threading API is built\-in. Currently, OpenSSL supports the pthread and Windows APIs. OpenSSL can also be built without -any multi-threading support, for example on platforms that don't provide -any threading support or that provide a threading \s-1API\s0 that is not yet +any multi\-threading support, for example on platforms that don\*(Aqt provide +any threading support or that provide a threading API that is not yet supported by OpenSSL. .PP -The following multi-threading function are provided: -.IP "\(bu" 2 -\&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. +The following multi\-threading function are provided: +.IP \(bu 2 +\&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one\-time initialization. The \fIonce\fR argument must be a pointer to a static object of type -\&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value -\&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. +\&\fBCRYPTO_ONCE\fR that was statically initialized to the value +\&\fBCRYPTO_ONCE_STATIC_INIT\fR. The \fIinit\fR argument is a pointer to a function that performs the desired exactly once initialization. -In particular, this can be used to allocate locks in a thread-safe manner, +In particular, this can be used to allocate locks in a thread\-safe manner, which can then be used with the locking functions below. -.IP "\(bu" 2 +.IP \(bu 2 \&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write lock. -.IP "\(bu" 2 +.IP \(bu 2 \&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fIlock\fR for reading. -.IP "\(bu" 2 +.IP \(bu 2 \&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fIlock\fR for writing. -.IP "\(bu" 2 +.IP \(bu 2 \&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fIlock\fR. -.IP "\(bu" 2 +.IP \(bu 2 \&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fIlock\fR. -.IP "\(bu" 2 +If the argument is NULL, nothing is done. +.IP \(bu 2 \&\fBCRYPTO_atomic_add()\fR atomically adds \fIamount\fR to \fI*val\fR and returns the result of the operation in \fI*ret\fR. \fIlock\fR will be locked, unless atomic operations are supported on the specific platform. Because of this, if a variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must be the only way that the variable is modified. If atomic operations are not -supported and \fIlock\fR is \s-1NULL,\s0 then the function will fail. -.IP "\(bu" 2 +supported and \fIlock\fR is NULL, then the function will fail. +.IP \(bu 2 \&\fBCRYPTO_atomic_or()\fR performs an atomic bitwise or of \fIop\fR and \fI*val\fR and stores the result back in \fI*val\fR. It also returns the result of the operation in \&\fI*ret\fR. \fIlock\fR will be locked, unless atomic operations are supported on the specific platform. Because of this, if a variable is modified by \&\fBCRYPTO_atomic_or()\fR or read by \fBCRYPTO_atomic_load()\fR then \fBCRYPTO_atomic_or()\fR must be the only way that the variable is modified. If atomic operations are not -supported and \fIlock\fR is \s-1NULL,\s0 then the function will fail. -.IP "\(bu" 2 +supported and \fIlock\fR is NULL, then the function will fail. +.IP \(bu 2 \&\fBCRYPTO_atomic_load()\fR atomically loads the contents of \fI*val\fR into \fI*ret\fR. \&\fIlock\fR will be locked, unless atomic operations are supported on the specific platform. Because of this, if a variable is modified by \fBCRYPTO_atomic_or()\fR or read by \fBCRYPTO_atomic_load()\fR then \fBCRYPTO_atomic_load()\fR must be the only way that the variable is read. If atomic operations are not supported and \fIlock\fR is -\&\s-1NULL,\s0 then the function will fail. +NULL, then the function will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. .PP -\&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. +\&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or NULL on error. .PP \&\fBCRYPTO_THREAD_lock_free()\fR returns no value. .PP The other functions return 1 on success, or 0 on error. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" On Windows platforms the CRYPTO_THREAD_* types and functions in the \&\fI\fR header are dependent on some of the types customarily made available by including \fI\fR. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, it is defined as an -application developer's responsibility to include \fI\fR prior to +application developer\*(Aqs responsibility to include \fI\fR prior to \&\fI\fR where use of CRYPTO_THREAD_* types and functions is required. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" You can find out if OpenSSL was configured with thread support: .PP @@ -278,10 +204,13 @@ \& { \& int ret = 0; \& -\& if (mylock()) { -\& /* Your code here, do not return without releasing the lock! */ -\& ret = ... ; +\& if (!mylock()) { +\& /* Do not unlock unless the lock was successfully acquired. */ +\& return 0; \& } +\& +\& /* Your code here, do not return without releasing the lock! */ +\& ret = ... ; \& myunlock(); \& return ret; \& } @@ -290,16 +219,16 @@ Finalization of locks is an advanced topic, not covered in this example. This can only be done at process exit or when a dynamically loaded library is no longer in use and is unloaded. -The simplest solution is to just \*(L"leak\*(R" the lock in applications and not +The simplest solution is to just "leak" the lock in applications and not repeatedly load/unload shared libraries that allocate locks. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBopenssl\-threads\fR\|(7). -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3.orig +++ secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CRYPTO_GET_EX_NEW_INDEX 3ossl" -.TH CRYPTO_GET_EX_NEW_INDEX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CRYPTO_GET_EX_NEW_INDEX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_alloc_ex_data, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data \&\- functions supporting application\-specific data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -175,10 +100,10 @@ \& \& int CRYPTO_free_ex_index(int class_index, int idx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Several OpenSSL structures can have application-specific data attached to them, -known as \*(L"exdata.\*(R" +Several OpenSSL structures can have application\-specific data attached to them, +known as "exdata." The specific structures are: .PP .Vb 10 @@ -199,19 +124,19 @@ \& X509_STORE_CTX .Ve .PP -In addition, the \fB\s-1APP\s0\fR name is reserved for use by application code. +In addition, the \fBAPP\fR name is reserved for use by application code. .PP Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the header file -\&\fI\fR. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for +\&\fI\fR. In addition, \fBCRYPTO_EX_INDEX_APP\fR is reserved for applications to use this facility for their own structures. .PP -The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific +The API described here is used by OpenSSL to manipulate exdata for specific structures. Since the application data can be anything at all it is passed and retrieved as a \fBvoid *\fR type. .PP -The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of +The \fBCRYPTO_EX_DATA\fR type is opaque. To initialize the exdata part of a structure, call \fBCRYPTO_new_ex_data()\fR. This is only necessary for -\&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. +\&\fBCRYPTO_EX_INDEX_APP\fR objects. .PP Exdata types are identified by an \fBindex\fR, an integer guaranteed to be unique within structures for the lifetime of the program. Applications @@ -228,55 +153,55 @@ .PP If a dynamic library can be unloaded, it should call \fBCRYPTO_free_ex_index()\fR when this is done. -This will replace the callbacks with no-ops -so that applications don't crash. Any existing exdata will be leaked. +This will replace the callbacks with no\-ops +so that applications don\*(Aqt crash. Any existing exdata will be leaked. .PP -To set or get the exdata on an object, the appropriate type-specific +To set or get the exdata on an object, the appropriate type\-specific routine must be used. This is because the containing structure is opaque -and the \fB\s-1CRYPTO_EX_DATA\s0\fR field is not accessible. In both \s-1API\s0's, the -\&\fBidx\fR parameter should be an already-created index value. +and the \fBCRYPTO_EX_DATA\fR field is not accessible. In both API\*(Aqs, the +\&\fBidx\fR parameter should be an already\-created index value. .PP When setting exdata, the pointer specified with a particular index is saved, -and returned on a subsequent \*(L"get\*(R" call. If the application is going to -release the data, it must make sure to set a \fB\s-1NULL\s0\fR value at the index, -to avoid likely double-free crashes. +and returned on a subsequent "get" call. If the application is going to +release the data, it must make sure to set a \fBNULL\fR value at the index, +to avoid likely double\-free crashes. .PP The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached -to a structure. The appropriate type-specific routine must be used. +to a structure. The appropriate type\-specific routine must be used. The \fBclass_index\fR identifies the structure type, the \fBobj\fR is a pointer to the actual structure, and \fBr\fR is a pointer to the -structure's exdata field. +structure\*(Aqs exdata field. .SS "Callback Functions" .IX Subsection "Callback Functions" This section describes how the callback functions are used. Applications -that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must +that are defining their own exdata using \fBCYPRTO_EX_INDEX_APP\fR must call them as described here. .PP When a structure is initially allocated (such as \fBRSA_new()\fR) then the \&\fBnew_func()\fR is called for every defined index. There is no requirement that the entire parent, or containing, structure has been set up. The \fBnew_func()\fR is typically used only to allocate memory to store the -exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. +exdata, and perhaps an "initialized" flag within that memory. The exdata value may be allocated later on with \fBCRYPTO_alloc_ex_data()\fR, or may be set by calling \fBCRYPTO_set_ex_data()\fR. .PP -When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the +When a structure is free\*(Aqd (such as \fBSSL_CTX_free()\fR) then the \&\fBfree_func()\fR is called for every defined index. Again, the state of the parent structure is not guaranteed. The \fBfree_func()\fR may be called with a -\&\s-1NULL\s0 pointer. +NULL pointer. .PP Both \fBnew_func()\fR and \fBfree_func()\fR take the same parameters. The \fBparent\fR is the pointer to the structure that contains the exdata. The \fBptr\fR is the current exdata item; for \fBnew_func()\fR this will typically -be \s-1NULL.\s0 The \fBr\fR parameter is a pointer to the exdata field of the object. +be NULL. The \fBr\fR parameter is a pointer to the exdata field of the object. The \fBidx\fR is the index and is the value returned when the callbacks were initially registered via \fBCRYPTO_get_ex_new_index()\fR and can be used if the same callback handles different types of exdata. .PP \&\fBdup_func()\fR is called when a structure is being copied. This is only done -for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via +for \fBSSL\fR, \fBSSL_SESSION\fR, \fBEC_KEY\fR objects and \fBBIO\fR chains via \&\fBBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters -are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, +are pointers to the destination and source \fBCRYPTO_EX_DATA\fR structures, respectively. The \fB*from_d\fR parameter is a pointer to the source exdata. When the \fBdup_func()\fR returns, the value in \fB*from_d\fR is copied to the destination ex_data. If the pointer contained in \fB*pptr\fR is not modified @@ -291,23 +216,23 @@ \&\fBCRYPTO_free_ex_index()\fR, \fBCRYPTO_alloc_ex_data()\fR and \fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. .PP -\&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; -note that \s-1NULL\s0 may be a valid value. +\&\fBCRYPTO_get_ex_data()\fR returns the application data or NULL on failure; +note that NULL may be a valid value. .PP \&\fBdup_func()\fR should return 0 for failure and 1 for success. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBCRYPTO_alloc_ex_data()\fR was added in OpenSSL 3.0. .PP The signature of the \fBdup_func()\fR callback was changed in OpenSSL 3.0 to use the type \fBvoid **\fR for \fBfrom_d\fR. Previously this parameter was of type \fBvoid *\fR. .PP -Support for \s-1ENGINE\s0 \*(L"exdata\*(R" was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +Support for ENGINE "exdata" was deprecated in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3.orig +++ secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CRYPTO_MEMCMP 3ossl" -.TH CRYPTO_MEMCMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CRYPTO_MEMCMP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CRYPTO_memcmp \- Constant time memory comparison -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CRYPTO_memcmp(const void *a, const void *b, size_t len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The CRYPTO_memcmp function compares the \fBlen\fR bytes pointed to by \fBa\fR and \fBb\fR for equality. @@ -157,15 +82,15 @@ .IX Header "RETURN VALUES" \&\fBCRYPTO_memcmp()\fR returns 0 if the memory regions are equal and nonzero otherwise. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Unlike \fBmemcmp\fR\|(2), this function cannot be used to order the two memory regions as the return value when they differ is undefined, other than being nonzero. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3.orig +++ secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3ossl" -.TH CTLOG_STORE_GET0_LOG_BY_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CTLOG_STORE_get0_log_by_id \- Get a Certificate Transparency log from a CTLOG_STORE -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,31 +75,31 @@ \& const uint8_t *log_id, \& size_t log_id_len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transparency -(\s-1CT\s0) log that issued it using the log's LogID (see \s-1RFC 6962,\s0 Section 3.2). +A Signed Certificate Timestamp (SCT) identifies the Certificate Transparency +(CT) log that issued it using the log\*(Aqs LogID (see RFC 6962, Section 3.2). Therefore, it is useful to be able to look up more information about a log (e.g. its public key) using this LogID. .PP -\&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 -in a \s-1CTLOG_STORE\s0 that has a given LogID. +\&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a CTLOG +in a CTLOG_STORE that has a given LogID. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCTLOG_STORE_get0_log_by_id\fR returns a \s-1CTLOG\s0 with the given LogID, if it -exists in the given \s-1CTLOG_STORE,\s0 otherwise it returns \s-1NULL.\s0 +\&\fBCTLOG_STORE_get0_log_by_id\fR returns a CTLOG with the given LogID, if it +exists in the given CTLOG_STORE, otherwise it returns NULL. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), \&\fBCTLOG_STORE_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3.orig +++ secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CTLOG_STORE_NEW 3ossl" -.TH CTLOG_STORE_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CTLOG_STORE_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CTLOG_STORE_new_ex, CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- Create and populate a Certificate Transparency log list -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,25 +80,25 @@ \& int CTLOG_STORE_load_default_file(CTLOG_STORE *store); \& int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparency +A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency logs). The list can be loaded from one or more files and then searched by LogID -(see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID). +(see RFC 6962, Section 3.2, for the definition of a LogID). .PP -\&\fBCTLOG_STORE_new_ex()\fR creates an empty list of \s-1CT\s0 logs associated with +\&\fBCTLOG_STORE_new_ex()\fR creates an empty list of CT logs associated with the library context \fIlibctx\fR and the property query string \fIpropq\fR. .PP \&\fBCTLOG_STORE_new()\fR does the same thing as \fBCTLOG_STORE_new_ex()\fR but with the default library context and property query string. .PP -The \s-1CTLOG_STORE\s0 is then populated by \fBCTLOG_STORE_load_default_file()\fR or +The CTLOG_STORE is then populated by \fBCTLOG_STORE_load_default_file()\fR or \&\fBCTLOG_STORE_load_file()\fR. \fBCTLOG_STORE_load_default_file()\fR loads from the default -file, which is named \fIct_log_list.cnf\fR in \s-1OPENSSLDIR\s0 (see the output of +file, which is named \fIct_log_list.cnf\fR in OPENSSLDIR (see the output of \&\fBopenssl\-version\fR\|(1)). This can be overridden using an environment variable -named \fB\s-1CTLOG_FILE\s0\fR. \fBCTLOG_STORE_load_file()\fR loads from a caller-specified file -path instead. Both of these functions append any loaded \s-1CT\s0 logs to the -\&\s-1CTLOG_STORE.\s0 +named \fBCTLOG_FILE\fR. \fBCTLOG_STORE_load_file()\fR loads from a caller\-specified file +path instead. Both of these functions append any loaded CT logs to the +CTLOG_STORE. .PP The expected format of the file is: .PP @@ -189,32 +114,32 @@ \& key = .Ve .PP -Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to +Once a CTLOG_STORE is no longer required, it should be passed to \&\fBCTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along -with the \s-1CTLOG_STORE\s0 itself. -.SH "NOTES" +with the CTLOG_STORE itself. If the argument is NULL, nothing is done. +.SH NOTES .IX Header "NOTES" -If there are any invalid \s-1CT\s0 logs in a file, they are skipped and the remaining -valid logs will still be added to the \s-1CTLOG_STORE. A CT\s0 log will be considered -invalid if it is missing a \*(L"key\*(R" or \*(L"description\*(R" field. +If there are any invalid CT logs in a file, they are skipped and the remaining +valid logs will still be added to the CTLOG_STORE. A CT log will be considered +invalid if it is missing a "key" or "description" field. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return 1 if -all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. +all CT logs in the file are successfully parsed and loaded, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), \&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), \&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" CTLOG_STORE_new_ex was added in OpenSSL 3.0. All other functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CTLOG_new.3.orig +++ secure/lib/libcrypto/man/man3/CTLOG_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CTLOG_NEW 3ossl" -.TH CTLOG_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CTLOG_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CTLOG_new_ex, CTLOG_new, CTLOG_new_from_base64, CTLOG_new_from_base64_ex, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- encapsulates information about a Certificate Transparency log -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,10 +88,10 @@ \& size_t *log_id_len); \& EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBCTLOG_new_ex()\fR returns a new \s-1CTLOG\s0 that represents the Certificate -Transparency (\s-1CT\s0) log with the given public key and associates it with the +\&\fBCTLOG_new_ex()\fR returns a new CTLOG that represents the Certificate +Transparency (CT) log with the given public key and associates it with the library context \fIlibctx\fR and property query string \fIpropq\fR. A name must also be provided that can be used to help users identify this log. Ownership of the public key is transferred. @@ -174,9 +99,9 @@ \&\fBCTLOG_new()\fR does the same thing as \fBCTLOG_new_ex()\fR but with the default library context and the default property query string. .PP -\&\fBCTLOG_new_from_base64_ex()\fR also creates a new \s-1CTLOG,\s0 but takes the -public key in base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to -the new \s-1CTLOG.\s0 The base64 will be decoded and the public key parsed. The \s-1CTLOG\s0 +\&\fBCTLOG_new_from_base64_ex()\fR also creates a new CTLOG, but takes the +public key in base64\-encoded DER form and sets the ct_log pointer to point to +the new CTLOG. The base64 will be decoded and the public key parsed. The CTLOG will be associated with the given library context \fIlibctx\fR and property query string \fIpropq\fR. .PP @@ -185,37 +110,37 @@ property query string are used. .PP Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the -caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer -needed. This will delete it and, if created by \fBCTLOG_new()\fR, the \s-1EVP_PKEY\s0 that -was passed to it. +caller\*(Aqs responsibility to pass the CTLOG to \fBCTLOG_free()\fR once it is no longer +needed. This will delete it and, if created by \fBCTLOG_new()\fR, the EVP_PKEY that +was passed to it. If the argument to \fBCTLOG_free()\fR is NULL, nothing is done. .PP -\&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was -created. Ownership of the string remains with the \s-1CTLOG.\s0 +\&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the CTLOG was +created. Ownership of the string remains with the CTLOG. .PP -\&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's -LogID (see \s-1RFC 6962\s0). It sets *log_id_len to the length of that LogID. For a -v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of -the string remains with the \s-1CTLOG.\s0 +\&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log\*(Aqs +LogID (see RFC 6962). It sets *log_id_len to the length of that LogID. For a +v1 CT log, the LogID will be a SHA\-256 hash (i.e. 32 bytes long). Ownership of +the string remains with the CTLOG. .PP -\&\fBCTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the -\&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG.\s0 +\&\fBCTLOG_get0_public_key()\fR returns the public key of the CT log. Ownership of the +EVP_PKEY remains with the CTLOG. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. +\&\fBCTLOG_new()\fR will return NULL if an error occurs. .PP \&\fBCTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBCTLOG_new_ex()\fR and \fBCTLOG_new_from_base64_ex()\fR were added in OpenSSL 3.0. All other functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CT_POLICY_EVAL_CTX_NEW 3ossl" -.TH CT_POLICY_EVAL_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CT_POLICY_EVAL_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CT_POLICY_EVAL_CTX_new_ex, CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, @@ -146,7 +71,7 @@ CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,20 +90,20 @@ \& uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); \& void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -A \fB\s-1CT_POLICY_EVAL_CTX\s0\fR is used by functions that evaluate whether Signed -Certificate Timestamps (SCTs) fulfil a Certificate Transparency (\s-1CT\s0) policy. -This policy may be, for example, that at least one valid \s-1SCT\s0 is available. To -determine this, an \s-1SCT\s0's timestamp and signature must be verified. +A \fBCT_POLICY_EVAL_CTX\fR is used by functions that evaluate whether Signed +Certificate Timestamps (SCTs) fulfil a Certificate Transparency (CT) policy. +This policy may be, for example, that at least one valid SCT is available. To +determine this, an SCT\*(Aqs timestamp and signature must be verified. This requires: -.IP "\(bu" 2 -the public key of the log that issued the \s-1SCT\s0 -.IP "\(bu" 2 -the certificate that the \s-1SCT\s0 was issued for -.IP "\(bu" 2 -the issuer certificate (if the \s-1SCT\s0 was issued for a pre-certificate) -.IP "\(bu" 2 +.IP \(bu 2 +the public key of the log that issued the SCT +.IP \(bu 2 +the certificate that the SCT was issued for +.IP \(bu 2 +the issuer certificate (if the SCT was issued for a pre\-certificate) +.IP \(bu 2 the current time .PP The above requirements are met using the setters described below. @@ -191,56 +116,57 @@ \&\fBCT_POLICY_EVAL_CTX_new_ex()\fR except that it uses the default library context and property query string. .PP -The \s-1CT_POLICY_EVAL_CTX\s0 should then be populated using: -.IP "\(bu" 2 +The CT_POLICY_EVAL_CTX should then be populated using: +.IP \(bu 2 \&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for .Sp Increments the reference count of the certificate. -.IP "\(bu" 2 +.IP \(bu 2 \&\fBCT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate .Sp Increments the reference count of the certificate. -.IP "\(bu" 2 +.IP \(bu 2 \&\fBCT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs .Sp -Holds a pointer to the \s-1CTLOG_STORE,\s0 so the \s-1CTLOG_STORE\s0 must outlive the -\&\s-1CT_POLICY_EVAL_CTX.\s0 -.IP "\(bu" 2 +Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the +CT_POLICY_EVAL_CTX. +.IP \(bu 2 \&\fBCT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid .Sp -The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was -issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose -timestamp is in the future\*(R". By default, this will be set to 5 minutes in the +The SCT timestamp will be compared to this time to check whether the SCT was +issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose +timestamp is in the future". By default, this will be set to 5 minutes in the future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift. .Sp The time should be in milliseconds since the Unix Epoch. .PP Each setter has a matching getter for accessing the current value. .PP -When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to -\&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it. -.SH "NOTES" +When no longer required, the \fBCT_POLICY_EVAL_CTX\fR should be passed to +\&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it. If the argument to +\&\fBCT_POLICY_EVAL_CTX_free()\fR is NULL, nothing is done. +.SH NOTES .IX Header "NOTES" The issuer certificate only needs to be provided if at least one of the SCTs -was issued for a pre-certificate. This will be the case for SCTs embedded in a +was issued for a pre\-certificate. This will be the case for SCTs embedded in a certificate (i.e. those in an X.509 extension), but may not be the case for SCTs -found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response. +found in the TLS SCT extension or OCSP response. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCT_POLICY_EVAL_CTX_new_ex()\fR and \fBCT_POLICY_EVAL_CTX_new()\fR will return -\&\s-1NULL\s0 if malloc fails. +NULL if malloc fails. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" CT_POLICY_EVAL_CTX_new_ex was added in OpenSSL 3.0. All other functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3.orig +++ secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DEFINE_STACK_OF 3ossl" -.TH DEFINE_STACK_OF 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DEFINE_STACK_OF 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, @@ -156,7 +81,7 @@ OPENSSL_sk_set_cmp_func, OPENSSL_sk_shift, OPENSSL_sk_sort, OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero \&\- stack container -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -176,8 +101,8 @@ \& STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); \& STACK_OF(TYPE) *sk_TYPE_new_null(void); \& int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); -\& void sk_TYPE_free(const STACK_OF(TYPE) *sk); -\& void sk_TYPE_zero(const STACK_OF(TYPE) *sk); +\& void sk_TYPE_free(STACK_OF(TYPE) *sk); +\& void sk_TYPE_zero(STACK_OF(TYPE) *sk); \& TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); \& TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); \& int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); @@ -200,26 +125,26 @@ \& sk_TYPE_compfunc compare)); \& STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Applications can create and use their own stacks by placing any of the macros described below in a header file. These macros define typesafe inline -functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0 -In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used +functions that wrap around the utility \fBOPENSSL_sk_\fR API. +In the description here, \fR\f(BITYPE\fR\fB\fR is used as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. .PP -The \s-1\fBSTACK_OF\s0()\fR macro returns the name for a stack of the specified \fB\f(BI\s-1TYPE\s0\fB\fR. +The \fBSTACK_OF()\fR macro returns the name for a stack of the specified \fR\f(BITYPE\fR\fB\fR. This is an opaque pointer to a structure declaration. This can be used in every header file that references the stack. -There are several \fB\s-1DEFINE...\s0\fR macros that create static inline functions +There are several \fBDEFINE...\fR macros that create static inline functions for all of the functions described on this page. This should normally be used in one source file, and the stack manipulation -is wrapped with application-specific functions. +is wrapped with application\-specific functions. .PP -\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\f(BI\s-1TYPE\s0\fB\fR elements. +\&\fBDEFINE_STACK_OF()\fR creates set of functions for a stack of \fR\f(BITYPE\fR\fB\fR elements. The type is referenced by -\&\fB\s-1STACK_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) and each function name begins with \fBsk_\f(BI\s-1TYPE\s0\fB_\fR. -\&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except +\&\fBSTACK_OF\fR(\fB\fR\f(BITYPE\fR\fB\fR) and each function name begins with \fBsk_\fR\f(BITYPE\fR\fB_\fR. +\&\fBDEFINE_STACK_OF_CONST()\fR is identical to \fBDEFINE_STACK_OF()\fR except each element is constant. .PP .Vb 4 @@ -229,8 +154,8 @@ \& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP -\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR and \s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR are similar -except \fB\s-1FUNCNAME\s0\fR is used in the function names: +\&\fBDEFINE_SPECIAL_STACK_OF()\fR and \fBDEFINE_SPECIAL_STACK_OF_CONST()\fR are similar +except \fBFUNCNAME\fR is used in the function names: .PP .Vb 4 \& /* DEFINE_SPECIAL_STACK_OF(TYPE, FUNCNAME) */ @@ -239,124 +164,124 @@ \& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_num\fR() returns the number of elements in \fIsk\fR or \-1 if \fIsk\fR is -\&\s-1NULL.\s0 +\&\fBsk_\fR\f(BITYPE\fR\fB_num\fR() returns the number of elements in \fIsk\fR or \-1 if \fIsk\fR is +NULL. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_value\fR() returns element \fIidx\fR in \fIsk\fR, where \fIidx\fR starts at -zero. If \fIidx\fR is out of range then \s-1NULL\s0 is returned. +\&\fBsk_\fR\f(BITYPE\fR\fB_value\fR() returns element \fIidx\fR in \fIsk\fR, where \fIidx\fR starts at +zero. If \fIidx\fR is out of range then NULL is returned. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_new\fR() allocates a new empty stack using comparison function -\&\fIcompare\fR. If \fIcompare\fR is \s-1NULL\s0 then no comparison function is used. This -function is equivalent to \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR(\fIcompare\fR, 0). +\&\fBsk_\fR\f(BITYPE\fR\fB_new\fR() allocates a new empty stack using comparison function +\&\fIcompare\fR. If \fIcompare\fR is NULL then no comparison function is used. This +function is equivalent to \fBsk_\fR\f(BITYPE\fR\fB_new_reserve\fR(\fIcompare\fR, 0). .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_null\fR() allocates a new empty stack with no comparison -function. This function is equivalent to \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR(\s-1NULL, 0\s0). +\&\fBsk_\fR\f(BITYPE\fR\fB_new_null\fR() allocates a new empty stack with no comparison +function. This function is equivalent to \fBsk_\fR\f(BITYPE\fR\fB_new_reserve\fR(NULL, 0). .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() allocates additional memory in the \fIsk\fR structure -such that the next \fIn\fR calls to \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() -or \fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() will not fail or cause memory to be allocated +\&\fBsk_\fR\f(BITYPE\fR\fB_reserve\fR() allocates additional memory in the \fIsk\fR structure +such that the next \fIn\fR calls to \fBsk_\fR\f(BITYPE\fR\fB_insert\fR(), \fBsk_\fR\f(BITYPE\fR\fB_push\fR() +or \fBsk_\fR\f(BITYPE\fR\fB_unshift\fR() will not fail or cause memory to be allocated or reallocated. If \fIn\fR is zero, any excess space allocated in the \&\fIsk\fR structure is freed. On error \fIsk\fR is unchanged. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() allocates a new stack. The new stack will have +\&\fBsk_\fR\f(BITYPE\fR\fB_new_reserve\fR() allocates a new stack. The new stack will have additional memory allocated to hold \fIn\fR elements if \fIn\fR is positive. -The next \fIn\fR calls to \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() or -\&\fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() will not fail or cause memory to be allocated or +The next \fIn\fR calls to \fBsk_\fR\f(BITYPE\fR\fB_insert\fR(), \fBsk_\fR\f(BITYPE\fR\fB_push\fR() or +\&\fBsk_\fR\f(BITYPE\fR\fB_unshift\fR() will not fail or cause memory to be allocated or reallocated. If \fIn\fR is zero or less than zero, no memory is allocated. -\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() also sets the comparison function \fIcompare\fR -to the newly created stack. If \fIcompare\fR is \s-1NULL\s0 then no comparison +\&\fBsk_\fR\f(BITYPE\fR\fB_new_reserve\fR() also sets the comparison function \fIcompare\fR +to the newly created stack. If \fIcompare\fR is NULL then no comparison function is used. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_set_cmp_func\fR() sets the comparison function of \fIsk\fR to -\&\fIcompare\fR. The previous comparison function is returned or \s-1NULL\s0 if there +\&\fBsk_\fR\f(BITYPE\fR\fB_set_cmp_func\fR() sets the comparison function of \fIsk\fR to +\&\fIcompare\fR. The previous comparison function is returned or NULL if there was no previous comparison function. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR() frees up the \fIsk\fR structure. It does \fInot\fR free up any +\&\fBsk_\fR\f(BITYPE\fR\fB_free\fR() frees up the \fIsk\fR structure. It does \fInot\fR free up any elements of \fIsk\fR. After this call \fIsk\fR is no longer valid. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR() sets the number of elements in \fIsk\fR to zero. It does not +\&\fBsk_\fR\f(BITYPE\fR\fB_zero\fR() sets the number of elements in \fIsk\fR to zero. It does not free \fIsk\fR so after this call \fIsk\fR is still valid. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR() frees up all elements of \fIsk\fR and \fIsk\fR itself. The +\&\fBsk_\fR\f(BITYPE\fR\fB_pop_free\fR() frees up all elements of \fIsk\fR and \fIsk\fR itself. The free function \fBfreefunc()\fR is called on each element to free it. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR() deletes element \fIi\fR from \fIsk\fR. It returns the deleted -element or \s-1NULL\s0 if \fIi\fR is out of range. +\&\fBsk_\fR\f(BITYPE\fR\fB_delete\fR() deletes element \fIi\fR from \fIsk\fR. It returns the deleted +element or NULL if \fIi\fR is out of range. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR() deletes element matching \fIptr\fR from \fIsk\fR. It -returns the deleted element or \s-1NULL\s0 if no element matching \fIptr\fR was found. +\&\fBsk_\fR\f(BITYPE\fR\fB_delete_ptr\fR() deletes element matching \fIptr\fR from \fIsk\fR. It +returns the deleted element or NULL if no element matching \fIptr\fR was found. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() inserts \fIptr\fR into \fIsk\fR at position \fIidx\fR. Any +\&\fBsk_\fR\f(BITYPE\fR\fB_insert\fR() inserts \fIptr\fR into \fIsk\fR at position \fIidx\fR. Any existing elements at or after \fIidx\fR are moved downwards. If \fIidx\fR is out -of range the new element is appended to \fIsk\fR. \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() either +of range the new element is appended to \fIsk\fR. \fBsk_\fR\f(BITYPE\fR\fB_insert\fR() either returns the number of elements in \fIsk\fR after the new element is inserted or zero if an error (such as memory allocation failure) occurred. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() appends \fIptr\fR to \fIsk\fR it is equivalent to: +\&\fBsk_\fR\f(BITYPE\fR\fB_push\fR() appends \fIptr\fR to \fIsk\fR it is equivalent to: .PP .Vb 1 \& sk_TYPE_insert(sk, ptr, \-1); .Ve .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() inserts \fIptr\fR at the start of \fIsk\fR it is equivalent +\&\fBsk_\fR\f(BITYPE\fR\fB_unshift\fR() inserts \fIptr\fR at the start of \fIsk\fR it is equivalent to: .PP .Vb 1 \& sk_TYPE_insert(sk, ptr, 0); .Ve .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR() returns and removes the last element from \fIsk\fR. +\&\fBsk_\fR\f(BITYPE\fR\fB_pop\fR() returns and removes the last element from \fIsk\fR. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR() returns and removes the first element from \fIsk\fR. +\&\fBsk_\fR\f(BITYPE\fR\fB_shift\fR() returns and removes the first element from \fIsk\fR. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_set\fR() sets element \fIidx\fR of \fIsk\fR to \fIptr\fR replacing the current -element. The new element value is returned or \s-1NULL\s0 if an error occurred: -this will only happen if \fIsk\fR is \s-1NULL\s0 or \fIidx\fR is out of range. +\&\fBsk_\fR\f(BITYPE\fR\fB_set\fR() sets element \fIidx\fR of \fIsk\fR to \fIptr\fR replacing the current +element. The new element value is returned or NULL if an error occurred: +this will only happen if \fIsk\fR is NULL or \fIidx\fR is out of range. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() searches \fIsk\fR for the element \fIptr\fR. In the case +\&\fBsk_\fR\f(BITYPE\fR\fB_find\fR() searches \fIsk\fR for the element \fIptr\fR. In the case where no comparison function has been specified, the function performs a linear search for a pointer equal to \fIptr\fR. The index of the first matching element is returned or \fB\-1\fR if there is no match. In the case where a comparison function has been specified, \fIsk\fR is sorted and -\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() returns the index of a matching element or \fB\-1\fR if there +\&\fBsk_\fR\f(BITYPE\fR\fB_find\fR() returns the index of a matching element or \fB\-1\fR if there is no match. Note that, in this case the comparison function will usually compare the values pointed to rather than the pointers themselves and the order of elements in \fIsk\fR can change. Note that because the stack may be -sorted as the result of a \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() call, if a lock is being used to +sorted as the result of a \fBsk_\fR\f(BITYPE\fR\fB_find\fR() call, if a lock is being used to synchronise access to the stack across multiple threads, then that lock must be -a \*(L"write\*(R" lock. +a "write" lock. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() operates like \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() except when a +\&\fBsk_\fR\f(BITYPE\fR\fB_find_ex\fR() operates like \fBsk_\fR\f(BITYPE\fR\fB_find\fR() except when a comparison function has been specified and no matching element is found. -Instead of returning \fB\-1\fR, \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() returns the index of the +Instead of returning \fB\-1\fR, \fBsk_\fR\f(BITYPE\fR\fB_find_ex\fR() returns the index of the element either before or after the location where \fIptr\fR would be if it were present in \fIsk\fR. The function also does not guarantee that the first matching element in the sorted stack is returned. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_find_all\fR() operates like \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() but it also +\&\fBsk_\fR\f(BITYPE\fR\fB_find_all\fR() operates like \fBsk_\fR\f(BITYPE\fR\fB_find\fR() but it also sets the \fI*pnum\fR to number of matching elements in the stack. In case no comparison function has been specified the \fI*pnum\fR will be always set to 1 if matching element was found, 0 otherwise. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() sorts \fIsk\fR using the supplied comparison function. +\&\fBsk_\fR\f(BITYPE\fR\fB_sort\fR() sorts \fIsk\fR using the supplied comparison function. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_is_sorted\fR() returns \fB1\fR if \fIsk\fR is sorted and \fB0\fR otherwise. +\&\fBsk_\fR\f(BITYPE\fR\fB_is_sorted\fR() returns \fB1\fR if \fIsk\fR is sorted and \fB0\fR otherwise. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_dup\fR() returns a shallow copy of \fIsk\fR -or an empty stack if the passed stack is \s-1NULL.\s0 +\&\fBsk_\fR\f(BITYPE\fR\fB_dup\fR() returns a shallow copy of \fIsk\fR +or an empty stack if the passed stack is NULL. Note the pointers in the copy are identical to the original. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_deep_copy\fR() returns a new stack where each element has been -copied or an empty stack if the passed stack is \s-1NULL.\s0 +\&\fBsk_\fR\f(BITYPE\fR\fB_deep_copy\fR() returns a new stack where each element has been +copied or an empty stack if the passed stack is NULL. Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The function \fBfreefunc()\fR is only called if an error occurs. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Care should be taken when accessing stacks in multi-threaded environments. -Any operation which increases the size of a stack such as \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() -or \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() can \*(L"grow\*(R" the size of an internal array and cause race +Care should be taken when accessing stacks in multi\-threaded environments. +Any operation which increases the size of a stack such as \fBsk_\fR\f(BITYPE\fR\fB_insert\fR() +or \fBsk_\fR\f(BITYPE\fR\fB_push\fR() can "grow" the size of an internal array and cause race conditions if the same stack is accessed in a different thread. Operations such -as \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() can also reorder the stack. +as \fBsk_\fR\f(BITYPE\fR\fB_find\fR() and \fBsk_\fR\f(BITYPE\fR\fB_sort\fR() can also reorder the stack. .PP Any comparison function supplied should use a metric suitable for use in a binary search operation. That is it should return zero, a @@ -364,21 +289,21 @@ or less than \fIb\fR respectively. .PP Care should be taken when checking the return values of the functions -\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR(). They return an index to the +\&\fBsk_\fR\f(BITYPE\fR\fB_find\fR() and \fBsk_\fR\f(BITYPE\fR\fB_find_ex\fR(). They return an index to the matching element. In particular \fB0\fR indicates a matching first element. A failed search is indicated by a \fB\-1\fR return value. .PP -\&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and -\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. +\&\fBSTACK_OF()\fR, \fBDEFINE_STACK_OF()\fR, \fBDEFINE_STACK_OF_CONST()\fR, and +\&\fBDEFINE_SPECIAL_STACK_OF()\fR are implemented as macros. .PP -It is not an error to call \fBsk_\f(BI\s-1TYPE\s0\fB_num\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_value\fR(), -\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR(), -\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR(), -\&\fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR(), -and \fBsk_\f(BI\s-1TYPE\s0\fB_find_all\fR() on a \s-1NULL\s0 stack, empty stack, or with +It is not an error to call \fBsk_\fR\f(BITYPE\fR\fB_num\fR(), \fBsk_\fR\f(BITYPE\fR\fB_value\fR(), +\&\fBsk_\fR\f(BITYPE\fR\fB_free\fR(), \fBsk_\fR\f(BITYPE\fR\fB_zero\fR(), \fBsk_\fR\f(BITYPE\fR\fB_pop_free\fR(), +\&\fBsk_\fR\f(BITYPE\fR\fB_delete\fR(), \fBsk_\fR\f(BITYPE\fR\fB_delete_ptr\fR(), \fBsk_\fR\f(BITYPE\fR\fB_pop\fR(), +\&\fBsk_\fR\f(BITYPE\fR\fB_shift\fR(), \fBsk_\fR\f(BITYPE\fR\fB_find\fR(), \fBsk_\fR\f(BITYPE\fR\fB_find_ex\fR(), +and \fBsk_\fR\f(BITYPE\fR\fB_find_all\fR() on a NULL stack, empty stack, or with an invalid index. An error is not raised in these conditions. .PP -The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. +The underlying utility \fBOPENSSL_sk_\fR API should not be used directly. It defines these functions: \fBOPENSSL_sk_deep_copy()\fR, \&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR, \&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_find_all()\fR, @@ -390,55 +315,55 @@ \&\fBOPENSSL_sk_value()\fR, \fBOPENSSL_sk_zero()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBsk_\f(BI\s-1TYPE\s0\fB_num\fR() returns the number of elements in the stack or \fB\-1\fR if the -passed stack is \s-1NULL.\s0 +\&\fBsk_\fR\f(BITYPE\fR\fB_num\fR() returns the number of elements in the stack or \fB\-1\fR if the +passed stack is NULL. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_value\fR() returns a pointer to a stack element or \s-1NULL\s0 if the +\&\fBsk_\fR\f(BITYPE\fR\fB_value\fR() returns a pointer to a stack element or NULL if the index is out of range. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_new\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_new_null\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() -return an empty stack or \s-1NULL\s0 if an error occurs. +\&\fBsk_\fR\f(BITYPE\fR\fB_new\fR(), \fBsk_\fR\f(BITYPE\fR\fB_new_null\fR() and \fBsk_\fR\f(BITYPE\fR\fB_new_reserve\fR() +return an empty stack or NULL if an error occurs. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() returns \fB1\fR on successful allocation of the required +\&\fBsk_\fR\f(BITYPE\fR\fB_reserve\fR() returns \fB1\fR on successful allocation of the required memory or \fB0\fR on error. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_set_cmp_func\fR() returns the old comparison function or \s-1NULL\s0 if +\&\fBsk_\fR\f(BITYPE\fR\fB_set_cmp_func\fR() returns the old comparison function or NULL if there was no old comparison function. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR() and -\&\fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() do not return values. +\&\fBsk_\fR\f(BITYPE\fR\fB_free\fR(), \fBsk_\fR\f(BITYPE\fR\fB_zero\fR(), \fBsk_\fR\f(BITYPE\fR\fB_pop_free\fR() and +\&\fBsk_\fR\f(BITYPE\fR\fB_sort\fR() do not return values. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR() and -\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR() return a pointer to the deleted element or \s-1NULL\s0 +\&\fBsk_\fR\f(BITYPE\fR\fB_pop\fR(), \fBsk_\fR\f(BITYPE\fR\fB_shift\fR(), \fBsk_\fR\f(BITYPE\fR\fB_delete\fR() and +\&\fBsk_\fR\f(BITYPE\fR\fB_delete_ptr\fR() return a pointer to the deleted element or NULL on error. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() return +\&\fBsk_\fR\f(BITYPE\fR\fB_insert\fR(), \fBsk_\fR\f(BITYPE\fR\fB_push\fR() and \fBsk_\fR\f(BITYPE\fR\fB_unshift\fR() return the total number of elements in the stack and 0 if an error occurred. -\&\fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() further returns \-1 if \fIsk\fR is \s-1NULL.\s0 +\&\fBsk_\fR\f(BITYPE\fR\fB_push\fR() further returns \-1 if \fIsk\fR is NULL. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_set\fR() returns a pointer to the replacement element or \s-1NULL\s0 on +\&\fBsk_\fR\f(BITYPE\fR\fB_set\fR() returns a pointer to the replacement element or NULL on error. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() return an index to the found +\&\fBsk_\fR\f(BITYPE\fR\fB_find\fR() and \fBsk_\fR\f(BITYPE\fR\fB_find_ex\fR() return an index to the found element or \fB\-1\fR on error. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_is_sorted\fR() returns \fB1\fR if the stack is sorted and \fB0\fR if it is +\&\fBsk_\fR\f(BITYPE\fR\fB_is_sorted\fR() returns \fB1\fR if the stack is sorted and \fB0\fR if it is not. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_dup\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_deep_copy\fR() return a pointer to the copy -of the stack or \s-1NULL\s0 on error. -.SH "HISTORY" +\&\fBsk_\fR\f(BITYPE\fR\fB_dup\fR() and \fBsk_\fR\f(BITYPE\fR\fB_deep_copy\fR() return a pointer to the copy +of the stack or NULL on error. +.SH HISTORY .IX Header "HISTORY" Before OpenSSL 1.1.0, this was implemented via macros and not inline functions -and was not a public \s-1API.\s0 +and was not a public API. .PP -\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() were added in OpenSSL +\&\fBsk_\fR\f(BITYPE\fR\fB_reserve\fR() and \fBsk_\fR\f(BITYPE\fR\fB_new_reserve\fR() were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DES_random_key.3.orig +++ secure/lib/libcrypto/man/man3/DES_random_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DES_RANDOM_KEY 3ossl" -.TH DES_RANDOM_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DES_RANDOM_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, @@ -148,14 +73,14 @@ DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt \- DES encryption -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -235,34 +160,34 @@ \& char *DES_fcrypt(const char *buf, const char *salt, char *ret); \& char *DES_crypt(const char *buf, const char *salt); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_EncryptInit_ex\fR\|(3), \fBEVP_EncryptUpdate\fR\|(3) and \&\fBEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. .PP -This library contains a fast implementation of the \s-1DES\s0 encryption +This library contains a fast implementation of the DES encryption algorithm. .PP -There are two phases to the use of \s-1DES\s0 encryption. The first is the +There are two phases to the use of DES encryption. The first is the generation of a \fIDES_key_schedule\fR from a key, the second is the -actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type +actual encryption. A DES key is of type \fIDES_cblock\fR. This type consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. .PP \&\fBDES_random_key()\fR generates a random key. The random generator must be seeded when calling this function. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. If the function fails, 0 is returned. .PP -Before a \s-1DES\s0 key can be used, it must be converted into the +Before a DES key can be used, it must be converted into the architecture dependent \fIDES_key_schedule\fR via the \&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function. .PP \&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity -and is not a weak or semi-weak key. If the parity is wrong, then \-1 +and is not a weak or semi\-weak key. If the parity is wrong, then \-1 is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP @@ -277,31 +202,31 @@ The following routines mostly operate on an input and output stream of \&\fIDES_cblock\fRs. .PP -\&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +\&\fBDES_ecb_encrypt()\fR is the basic DES encryption routine that encrypts or decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR -(\s-1ECB\s0) mode. It always transforms the input data, pointed to by +(ECB) mode. It always transforms the input data, pointed to by \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. -If the \fIencrypt\fR argument is nonzero (\s-1DES_ENCRYPT\s0), the \fIinput\fR +If the \fIencrypt\fR argument is nonzero (DES_ENCRYPT), the \fIinput\fR (cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the key_schedule specified by the \fIschedule\fR argument, previously set via -\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (DES_DECRYPT), the \fIinput\fR (now ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input and output may overlap. \fBDES_ecb_encrypt()\fR does not return a value. .PP \&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using -three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting +three\-key Triple\-DES encryption in ECB mode. This involves encrypting the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and then encrypting with \fIks3\fR. This routine greatly reduces the chances -of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, +of brute force breaking of DES and has the advantage of if \fIks1\fR, \&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption -using \s-1ECB\s0 mode and \fIks1\fR as the key. +using ECB mode and \fIks1\fR as the key. .PP -The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +The macro \fBDES_ecb2_encrypt()\fR is provided to perform two\-key Triple\-DES encryption by using \fIks1\fR for the final encryption. .PP -\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR -(\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is nonzero, the -routine cipher-block-chain encrypts the cleartext data pointed to by +\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher\-block\-chaining\fR +(CBC) mode of DES. If the \fIencrypt\fR argument is nonzero, the +routine cipher\-block\-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR argument, using the key schedule provided by the \fIschedule\fR argument, and initialization vector provided by the \fIivec\fR argument. If the @@ -309,18 +234,18 @@ last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. .PP -\&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and -\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret +\&\fBDES_xcbc_encrypt()\fR is RSA\*(Aqs DESX mode of DES. It uses \fIinw\fR and +\&\fIoutw\fR to \*(Aqwhiten\*(Aq the encryption. \fIinw\fR and \fIoutw\fR are secret (unlike the iv) and are as such, part of the key. So the key is sort -of 24 bytes. This is much better than \s-1CBC DES.\s0 +of 24 bytes. This is much better than CBC DES. .PP -\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with -three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is -\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 +\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple CBC DES encryption with +three keys. This means that each DES operation inside the CBC mode is +\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by SSL. .PP -The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +The \fBDES_ede2_cbc_encrypt()\fR macro implements two\-key Triple\-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. -This form of Triple-DES is used by the \s-1RSAREF\s0 library. +This form of Triple\-DES is used by the RSAREF library. .PP \&\fBDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as @@ -331,39 +256,39 @@ characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs -a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +a complete DES ECB encryption per \fInumbits\fR, this function is only suggested for use when sending a small number of characters. .PP \&\fBDES_cfb64_encrypt()\fR -implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this +implements CFB mode of DES with 64\-bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, without 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec -and num. num contains 'how far' we are though ivec. If this does -not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0 +and num. num contains \*(Aqhow far\*(Aq we are though ivec. If this does +not make much sense, read more about CFB mode of DES. .PP \&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as -\&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used. +\&\fBDES_cfb64_encrypt()\fR except that Triple\-DES is used. .PP \&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs -a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +a complete DES ECB encryption per \fInumbits\fR, this function is only suggested for use when sending a small number of characters. .PP \&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output Feed Back mode. .PP \&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as -\&\fBDES_ofb64_encrypt()\fR, using Triple-DES. +\&\fBDES_ofb64_encrypt()\fR, using Triple\-DES. .PP -The following functions are included in the \s-1DES\s0 library for -compatibility with the \s-1MIT\s0 Kerberos library. +The following functions are included in the DES library for +compatibility with the MIT Kerberos library. .PP \&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream -(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned +(via CBC encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in \fIoutput\fR. This function is used by Kerberos v4. Other applications should use \&\fBEVP_DigestInit\fR\|(3) etc. instead. @@ -371,10 +296,10 @@ \&\fBDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is -non-NULL, the 8 bytes generated by each pass are written into +non\-NULL, the 8 bytes generated by each pass are written into \&\fIoutput\fR. .PP -The following are DES-based transformations: +The following are DES\-based transformations: .PP \&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function. This version takes only a small amount of space relative to other fast @@ -385,11 +310,11 @@ .PP \&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR. This function calls \fBDES_fcrypt()\fR with a static array passed as the -third parameter. This mostly emulates the normal non-thread-safe semantics +third parameter. This mostly emulates the normal non\-thread\-safe semantics of \fBcrypt\fR\|(3). -The \fBsalt\fR must be two \s-1ASCII\s0 characters. +The \fBsalt\fR must be two ASCII characters. .PP -The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by \s-1NUL\s0 +The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by NUL character. .PP \&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from @@ -399,7 +324,7 @@ containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" \&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR instead. @@ -415,18 +340,18 @@ get ugly! .PP \&\fBDES_string_to_key()\fR is available for backward compatibility with the -\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +MIT library. New applications should use a cryptographic hash function. The same applies for \fBDES_string_to_2key()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The \fBdes\fR library was written to be source code compatible with -the \s-1MIT\s0 Kerberos library. +the MIT Kerberos library. .PP Applications should use the higher level functions \&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these functions directly. .PP -Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is +Single\-key DES is insecure due to its short key size. ECB mode is not suitable for most applications; see \fBdes_modes\fR\|(7). .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -439,26 +364,26 @@ \&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the last 4 bytes of the checksum of the input. .PP -\&\fBDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fBDES_crypt()\fR \- -to a static buffer on success; otherwise they return \s-1NULL.\s0 +\&\fBDES_fcrypt()\fR returns a pointer to the caller\-provided buffer and \fBDES_crypt()\fR \- +to a static buffer on success; otherwise they return NULL. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBdes_modes\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR -be two \s-1ASCII\s0 characters was first enforced in +be two ASCII characters was first enforced in OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR -if both character were not present, and could crash when given non-ASCII +if both character were not present, and could crash when given non\-ASCII on some platforms. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_generate_key.3.orig +++ secure/lib/libcrypto/man/man3/DH_generate_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_GENERATE_KEY 3ossl" -.TH DH_GENERATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_GENERATE_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_generate_key, DH_compute_key, DH_compute_key_padded \- perform Diffie\-Hellman key exchange -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -158,32 +83,32 @@ \& \& int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). .PP -\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key -exchange by generating private and public \s-1DH\s0 values. By calling +\&\fBDH_generate_key()\fR performs the first step of a Diffie\-Hellman key +exchange by generating private and public DH values. By calling \&\fBDH_compute_key()\fR or \fBDH_compute_key_padded()\fR, these are combined with -the other party's public value to compute the shared key. +the other party\*(Aqs public value to compute the shared key. .PP \&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters -\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value +\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private DH value unless \fBdh\->priv_key\fR is already set, and computes the corresponding public value \fBdh\->pub_key\fR, which can then be published. .PP -\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value -in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores +\&\fBDH_compute_key()\fR computes the shared secret from the private DH value +in \fBdh\fR and the other party\*(Aqs public value in \fBpub_key\fR and stores it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. -The padding style is \s-1RFC 5246\s0 (8.1.2) that strips leading zero bytes. +The padding style is RFC 5246 (8.1.2) that strips leading zero bytes. It is not constant time due to the leading zero bytes being stripped. The return value should be considered public. .PP \&\fBDH_compute_key_padded()\fR is similar but stores a fixed number of bytes. -The padding style is \s-1NIST SP 800\-56A\s0 (C.1) that retains leading zero bytes. +The padding style is NIST SP 800\-56A (C.1) that retains leading zero bytes. It is constant time due to the leading zero bytes being retained. The return value should be considered public. .SH "RETURN VALUES" @@ -200,16 +125,16 @@ .IX Header "SEE ALSO" \&\fBEVP_PKEY_derive\fR\|(3), \&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBDH_compute_key_padded()\fR was added in OpenSSL 1.0.2. .PP All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_generate_parameters.3.orig +++ secure/lib/libcrypto/man/man3/DH_generate_parameters.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,89 +53,30 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_GENERATE_PARAMETERS 3ossl" -.TH DH_GENERATE_PARAMETERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_GENERATE_PARAMETERS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex \&\- generate and check Diffie\-Hellman parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -166,23 +91,23 @@ .Ve .PP The following functions have been deprecated since OpenSSL 0.9.8, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& DH *DH_generate_parameters(int prime_len, int generator, \& void (*callback)(int, int, void *), void *cb_arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_check\fR\|(3), \&\fBEVP_PKEY_public_check\fR\|(3), \fBEVP_PKEY_private_check\fR\|(3) and \&\fBEVP_PKEY_param_check\fR\|(3). .PP -\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can -be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR -structure. The pseudo-random number generator must be +\&\fBDH_generate_parameters_ex()\fR generates Diffie\-Hellman parameters that can +be shared among a group of users, and stores them in the provided \fBDH\fR +structure. The pseudo\-random number generator must be seeded before calling it. The parameters generated by \fBDH_generate_parameters_ex()\fR should not be used in signature schemes. @@ -191,15 +116,15 @@ \&\fBgenerator\fR is a small number > 1, typically 2 or 5. .PP A callback function may be used to provide feedback about the progress -of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +of the key generation. If \fBcb\fR is not \fBNULL\fR, it will be called as described in \fBBN_generate_prime\fR\|(3) while a random prime number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR is called. See \fBBN_generate_prime_ex\fR\|(3) for information on the \fBBN_GENCB_call()\fR function. .PP \&\fBDH_generate_parameters()\fR is similar to \fBDH_generate_prime_ex()\fR but -expects an old-style callback function; see -\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +expects an old\-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old\-style callback. .PP \&\fBDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to be valid. @@ -208,58 +133,62 @@ The value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then no problems were found, otherwise the following bits may be set: -.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IP DH_CHECK_P_NOT_PRIME 4 .IX Item "DH_CHECK_P_NOT_PRIME" The parameter \fBp\fR has been determined to not being an odd prime. -Note that the lack of this bit doesn't guarantee that \fBp\fR is a +Note that the lack of this bit doesn\*(Aqt guarantee that \fBp\fR is a prime. -.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IP DH_NOT_SUITABLE_GENERATOR 4 .IX Item "DH_NOT_SUITABLE_GENERATOR" The generator \fBg\fR is not suitable. -Note that the lack of this bit doesn't guarantee that \fBg\fR is +Note that the lack of this bit doesn\*(Aqt guarantee that \fBg\fR is suitable, unless \fBp\fR is known to be a strong prime. -.IP "\s-1DH_MODULUS_TOO_SMALL\s0" 4 +.IP DH_MODULUS_TOO_SMALL 4 .IX Item "DH_MODULUS_TOO_SMALL" The modulus is too small. -.IP "\s-1DH_MODULUS_TOO_LARGE\s0" 4 +.IP DH_MODULUS_TOO_LARGE 4 .IX Item "DH_MODULUS_TOO_LARGE" The modulus is too large. .PP -\&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The +\&\fBDH_check()\fR confirms that the Diffie\-Hellman parameters \fBdh\fR are valid. The value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then no problems were found, otherwise the following bits may be set: -.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IP DH_CHECK_P_NOT_PRIME 4 .IX Item "DH_CHECK_P_NOT_PRIME" The parameter \fBp\fR is not prime. -.IP "\s-1DH_CHECK_P_NOT_SAFE_PRIME\s0" 4 +.IP DH_CHECK_P_NOT_SAFE_PRIME 4 .IX Item "DH_CHECK_P_NOT_SAFE_PRIME" The parameter \fBp\fR is not a safe prime and no \fBq\fR value is present. -.IP "\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0" 4 +.IP DH_UNABLE_TO_CHECK_GENERATOR 4 .IX Item "DH_UNABLE_TO_CHECK_GENERATOR" The generator \fBg\fR cannot be checked for suitability. -.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IP DH_NOT_SUITABLE_GENERATOR 4 .IX Item "DH_NOT_SUITABLE_GENERATOR" The generator \fBg\fR is not suitable. -.IP "\s-1DH_CHECK_Q_NOT_PRIME\s0" 4 +.IP DH_CHECK_Q_NOT_PRIME 4 .IX Item "DH_CHECK_Q_NOT_PRIME" The parameter \fBq\fR is not prime. -.IP "\s-1DH_CHECK_INVALID_Q_VALUE\s0" 4 +.IP DH_CHECK_INVALID_Q_VALUE 4 .IX Item "DH_CHECK_INVALID_Q_VALUE" The parameter \fBq\fR is invalid. -.IP "\s-1DH_CHECK_INVALID_J_VALUE\s0" 4 +.IP DH_CHECK_INVALID_J_VALUE 4 .IX Item "DH_CHECK_INVALID_J_VALUE" The parameter \fBj\fR is invalid. .PP +If 0 is returned or \fB*codes\fR is set to a nonzero value the supplied +parameters should not be used for Diffie\-Hellman operations otherwise +the security properties of the key exchange are not guaranteed. +.PP \&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR are similar to \&\fBDH_check()\fR and \fBDH_check_params()\fR respectively, but the error reasons are added -to the thread's error queue instead of provided as return values from the +to the thread\*(Aqs error queue instead of provided as return values from the function. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_generate_parameters_ex()\fR, \fBDH_check()\fR and \fBDH_check_params()\fR return 1 if the check could be performed, 0 otherwise. .PP -\&\fBDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if +\&\fBDH_generate_parameters()\fR returns a pointer to the DH structure or NULL if the parameter generation fails. .PP \&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR return 1 if the @@ -270,17 +199,17 @@ .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDH_free\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP \&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use \&\fBDH_generate_parameters_ex()\fR instead. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_get0_pqg.3.orig +++ secure/lib/libcrypto/man/man3/DH_get0_pqg.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,89 +53,30 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_GET0_PQG 3ossl" -.TH DH_GET0_PQG 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_GET0_PQG 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 10 @@ -175,78 +100,78 @@ \& \& ENGINE *DH_get0_engine(DH *d); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_get_bn_param\fR\|(3) for any methods that -return a \fB\s-1BIGNUM\s0\fR. Refer to \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) for more information. +return a \fBBIGNUM\fR. Refer to \fBEVP_PKEY\-DH\fR\|(7) for more information. .PP -A \s-1DH\s0 object contains the parameters \fIp\fR, \fIq\fR and \fIg\fR. Note that the \fIq\fR +A DH object contains the parameters \fIp\fR, \fIq\fR and \fIg\fR. Note that the \fIq\fR parameter is optional. It also contains a public key (\fIpub_key\fR) and (optionally) a private key (\fIpriv_key\fR). .PP The \fIp\fR, \fIq\fR and \fIg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. If the parameters have not yet been set then \fI*p\fR, \fI*q\fR and \fI*g\fR will be set -to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These +to NULL. Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. -Any of the out parameters \fIp\fR, \fIq\fR, and \fIg\fR can be \s-1NULL,\s0 in which case no +Any of the out parameters \fIp\fR, \fIq\fR, and \fIg\fR can be NULL, in which case no value will be returned for that parameter. .PP The \fIp\fR, \fIq\fR and \fIg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing the new values for \fIp\fR, \fIq\fR and \fIg\fR as parameters to the function. Calling -this function transfers the memory management of the values to the \s-1DH\s0 object, +this function transfers the memory management of the values to the DH object, and therefore the values that have been passed in should not be freed directly -after this function has been called. The \fIq\fR parameter may be \s-1NULL.\s0 +after this function has been called. The \fIq\fR parameter may be NULL. \&\fBDH_set0_pqg()\fR also checks if the parameters associated with \fIp\fR and \fIg\fR and optionally \fIq\fR are associated with known safe prime groups. If it is a safe prime group then the value of \fIq\fR will be set to q = (p \- 1) / 2 if \fIq\fR is -\&\s-1NULL.\s0 The optional length parameter will be set to BN_num_bits(\fIq\fR) if \fIq\fR -is not \s-1NULL.\s0 +NULL. The optional length parameter will be set to BN_num_bits(\fIq\fR) if \fIq\fR +is not NULL. .PP To get the public and private key values use the \fBDH_get0_key()\fR function. A pointer to the public key will be stored in \fI*pub_key\fR, and a pointer to the -private key will be stored in \fI*priv_key\fR. Either may be \s-1NULL\s0 if they have not +private key will be stored in \fI*priv_key\fR. Either may be NULL if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. -Any of the out parameters \fIpub_key\fR and \fIpriv_key\fR can be \s-1NULL,\s0 in which case +Any of the out parameters \fIpub_key\fR and \fIpriv_key\fR can be NULL, in which case no value will be returned for that parameter. .PP The public and private key values can be set using \fBDH_set0_key()\fR. Either -parameter may be \s-1NULL,\s0 which means the corresponding \s-1DH\s0 field is left +parameter may be NULL, which means the corresponding DH field is left untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory management -of the key values to the \s-1DH\s0 object, and therefore they should not be freed +of the key values to the DH object, and therefore they should not be freed directly after this function has been called. .PP Any of the values \fIp\fR, \fIq\fR, \fIg\fR, \fIpriv_key\fR, and \fIpub_key\fR can also be retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively. .PP -\&\fBDH_set_flags()\fR sets the flags in the \fIflags\fR parameter on the \s-1DH\s0 object. +\&\fBDH_set_flags()\fR sets the flags in the \fIflags\fR parameter on the DH object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags -passed in the \fIflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple +passed in the \fIflags\fR parameter are currently set in the DH object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags -within the \s-1DH\s0 object. +within the DH object. .PP -\&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 -object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. This function is deprecated. All +\&\fBDH_get0_engine()\fR returns a handle to the ENGINE that has been set for this DH +object, or NULL if no such ENGINE has been set. This function is deprecated. All engines should be replaced by providers. .PP The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional -length parameter associated with this \s-1DH\s0 object. If the length is nonzero then +length parameter associated with this DH object. If the length is nonzero then it is used, otherwise it is ignored. The \fIlength\fR parameter indicates the length of the secret exponent (private key) in bits. For safe prime groups the optional length parameter \fIlength\fR can be set to a value greater or equal to 2 * maximum_target_security_strength(BN_num_bits(\fIp\fR)) as listed in SP800\-56Ar3 Table(s) 25 & 26. These functions are deprecated and should be replaced with \&\fBEVP_PKEY_CTX_set_params()\fR and \fBEVP_PKEY_get_int_param()\fR using the parameter key -\&\fB\s-1OSSL_PKEY_PARAM_DH_PRIV_LEN\s0\fR as described in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7). -.SH "NOTES" +\&\fBOSSL_PKEY_PARAM_DH_PRIV_LEN\fR as described in \fBEVP_PKEY\-DH\fR\|(7). +.SH NOTES .IX Header "NOTES" -Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used +Values retrieved with \fBDH_get0_key()\fR are owned by the DH object used in the call and may therefore \fInot\fR be passed to \fBDH_set0_key()\fR. If needed, duplicate the received value using \fBBN_dup()\fR and pass the duplicate. The same applies to \fBDH_get0_pqg()\fR and \fBDH_set0_pqg()\fR. @@ -255,11 +180,11 @@ \&\fBDH_set0_pqg()\fR and \fBDH_set0_key()\fR return 1 on success or 0 on failure. .PP \&\fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR -return the respective value, or \s-1NULL\s0 if it is unset. +return the respective value, or NULL if it is unset. .PP -\&\fBDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. +\&\fBDH_test_flags()\fR returns the current state of the flags in the DH object. .PP -\&\fBDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +\&\fBDH_get0_engine()\fR returns the ENGINE set for the DH object or NULL if no ENGINE has been set. .PP \&\fBDH_get_length()\fR returns the length of the secret exponent (private key) in bits, @@ -268,16 +193,16 @@ .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), \&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_meth_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .PP All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_get_1024_160.3.orig +++ secure/lib/libcrypto/man/man3/DH_get_1024_160.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_GET_1024_160 3ossl" -.TH DH_GET_1024_160 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_GET_1024_160 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, @@ -156,7 +81,7 @@ BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 \&\- Create standardized public primes or DH pairs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -178,7 +103,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -188,38 +113,38 @@ \& DH *DH_get_2048_224(void); \& DH *DH_get_2048_256(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return -a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. These functions are deprecated. +a DH object for the IETF RFC 5114 value. These functions are deprecated. Applications should instead use \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \&\fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR as described in \fBEVP_PKEY_CTX_ctrl\fR\|(3) or -by setting the \fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR as specified in -\&\*(L"\s-1DH\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7)) to one of \*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R" or -\&\*(L"dh_2048_256\*(R". +by setting the \fBOSSL_PKEY_PARAM_GROUP_NAME\fR as specified in +"DH parameters" in \fBEVP_PKEY\-DH\fR\|(7)) to one of "dh_1024_160", "dh_2048_224" or +"dh_2048_256". .PP \&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR, \&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return -a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). +a BIGNUM for the specific NIST prime curve (e.g., P\-256). .PP \&\fBBN_get_rfc2409_prime_768()\fR, \fBBN_get_rfc2409_prime_1024()\fR, \&\fBBN_get_rfc3526_prime_1536()\fR, \fBBN_get_rfc3526_prime_2048()\fR, \&\fBBN_get_rfc3526_prime_3072()\fR, \fBBN_get_rfc3526_prime_4096()\fR, \&\fBBN_get_rfc3526_prime_6144()\fR, and \fBBN_get_rfc3526_prime_8192()\fR functions -return a \s-1BIGNUM\s0 for the specified size from \s-1IETF RFC 2409.\s0 If \fBbn\fR -is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well. +return a BIGNUM for the specified size from IETF RFC 2409. If \fBbn\fR +is not NULL, the BIGNUM will be set into that location as well. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Defined above. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR and \fBDH_get_2048_256()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_meth_new.3.orig +++ secure/lib/libcrypto/man/man3/DH_meth_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_METH_NEW 3ossl" -.TH DH_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_METH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, @@ -146,14 +71,14 @@ DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params \- Routines to build up DH methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -199,50 +124,50 @@ \& int DH_meth_set_generate_params(DH_METHOD *dhm, \& int (*generate_params)(DH *, int, int, BN_GENCB *)); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use the provider APIs. .PP -The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 +The \fBDH_METHOD\fR type is a structure used for the provision of custom DH implementations. It provides a set of functions used by OpenSSL for the -implementation of the various \s-1DH\s0 capabilities. +implementation of the various DH capabilities. .PP -\&\fBDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a -unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated -string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is +\&\fBDH_meth_new()\fR creates a new \fBDH_METHOD\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a NULL terminated +string, which will be duplicated and stored in the \fBDH_METHOD\fR object. It is the callers responsibility to free the original string. The flags will be used -during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any -new \fB\s-1DH\s0\fR object will have those flags set by default. +during the construction of a new \fBDH\fR object based on this \fBDH_METHOD\fR. Any +new \fBDH\fR object will have those flags set by default. .PP -\&\fBDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a -parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an +\&\fBDH_meth_dup()\fR creates a duplicate copy of the \fBDH_METHOD\fR object passed as a +parameter. This might be useful for creating a new \fBDH_METHOD\fR based on an existing one, but with some differences. .PP -\&\fBDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory -associated with it. +\&\fBDH_meth_free()\fR destroys a \fBDH_METHOD\fR structure and frees up any memory +associated with it. If the argument is NULL, nothing is done. .PP -\&\fBDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This +\&\fBDH_meth_get0_name()\fR will return a pointer to the name of this DH_METHOD. This is a pointer to the internal name string and so should not be freed by the -caller. \fBDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The -string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the +caller. \fBDH_meth_set1_name()\fR sets the name of the DH_METHOD to \fBname\fR. The +string is duplicated and the copy is stored in the DH_METHOD structure, so the caller remains responsible for freeing the memory associated with the name. .PP \&\fBDH_meth_get_flags()\fR returns the current value of the flags associated with this -\&\s-1DH_METHOD.\s0 \fBDH_meth_set_flags()\fR provides the ability to set these flags. +DH_METHOD. \fBDH_meth_set_flags()\fR provides the ability to set these flags. .PP The functions \fBDH_meth_get0_app_data()\fR and \fBDH_meth_set0_app_data()\fR provide the -ability to associate implementation specific data with the \s-1DH_METHOD.\s0 It is -the application's responsibility to free this data before the \s-1DH_METHOD\s0 is +ability to associate implementation specific data with the DH_METHOD. It is +the application\*(Aqs responsibility to free this data before the DH_METHOD is freed via a call to \fBDH_meth_free()\fR. .PP \&\fBDH_meth_get_generate_key()\fR and \fBDH_meth_set_generate_key()\fR get and set the -function used for generating a new \s-1DH\s0 key pair respectively. This function will +function used for generating a new DH key pair respectively. This function will be called in response to the application calling \fBDH_generate_key()\fR. The parameter for the function has the same meaning as for \fBDH_generate_key()\fR. .PP \&\fBDH_meth_get_compute_key()\fR and \fBDH_meth_set_compute_key()\fR get and set the -function used for computing a new \s-1DH\s0 shared secret respectively. This function +function used for computing a new DH shared secret respectively. This function will be called in response to the application calling \fBDH_compute_key()\fR. The parameters for the function have the same meaning as for \fBDH_compute_key()\fR. .PP @@ -255,39 +180,39 @@ .PP This function will be called by the default OpenSSL function for \&\fBDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function -may be \s-1NULL\s0 unless using the default generate key function, in which case it +may be NULL unless using the default generate key function, in which case it must be present. .PP \&\fBDH_meth_get_init()\fR and \fBDH_meth_set_init()\fR get and set the function used -for creating a new \s-1DH\s0 instance respectively. This function will be +for creating a new DH instance respectively. This function will be called in response to the application calling \fBDH_new()\fR (if the current default -\&\s-1DH_METHOD\s0 is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR -functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this +DH_METHOD is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR +functions will allocate the memory for the new DH object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This -function may be \s-1NULL.\s0 +function may be NULL. .PP \&\fBDH_meth_get_finish()\fR and \fBDH_meth_set_finish()\fR get and set the function used -for destroying an instance of a \s-1DH\s0 object respectively. This function will be -called in response to the application calling \fBDH_free()\fR. A pointer to the \s-1DH\s0 +for destroying an instance of a DH object respectively. This function will be +called in response to the application calling \fBDH_free()\fR. A pointer to the DH to be destroyed is passed as a parameter. The destroy function should be used -for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should -not be freed by this function. This function may be \s-1NULL.\s0 +for DH implementation specific clean up. The memory for the DH itself should +not be freed by this function. This function may be NULL. .PP \&\fBDH_meth_get_generate_params()\fR and \fBDH_meth_set_generate_params()\fR get and set the -function used for generating \s-1DH\s0 parameters respectively. This function will be +function used for generating DH parameters respectively. This function will be called in response to the application calling \fBDH_generate_parameters_ex()\fR (or \&\fBDH_generate_parameters()\fR). The parameters for the function have the same -meaning as for \fBDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0 +meaning as for \fBDH_generate_parameters_ex()\fR. This function may be NULL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object -or \s-1NULL\s0 on failure. +\&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated DH_METHOD object +or NULL on failure. .PP \&\fBDH_meth_get0_name()\fR and \fBDH_meth_get_flags()\fR return the name and flags -associated with the \s-1DH_METHOD\s0 respectively. +associated with the DH_METHOD respectively. .PP All other DH_meth_get_*() functions return the appropriate function pointer -that has been set in the \s-1DH_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been +that has been set in the DH_METHOD, or NULL if no such pointer has yet been set. .PP \&\fBDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or @@ -296,16 +221,16 @@ .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), \&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_new.3.orig +++ secure/lib/libcrypto/man/man3/DH_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_NEW 3ossl" -.TH DH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_new, DH_free \- allocate and free DH objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -155,16 +80,16 @@ \& \& void DH_free(DH *dh); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +\&\fBDH_new()\fR allocates and initializes a \fBDH\fR structure. .PP -\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +\&\fBDH_free()\fR frees the \fBDH\fR structure and its components. The values are erased before the memory is returned to the system. -If \fBdh\fR is \s-1NULL\s0 nothing is done. +If \fBdh\fR is NULL nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +If the allocation fails, \fBDH_new()\fR returns \fBNULL\fR and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP @@ -174,17 +99,17 @@ \&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBDH_generate_parameters\fR\|(3), \&\fBDH_generate_key\fR\|(3), -\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7) -.SH "HISTORY" +\&\fBEVP_PKEY\-DH\fR\|(7) +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP -For replacement see \s-1\fBEVP_PKEY\-DH\s0\fR\|(7). -.SH "COPYRIGHT" +For replacement see \fBEVP_PKEY\-DH\fR\|(7). +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_new_by_nid.3.orig +++ secure/lib/libcrypto/man/man3/DH_new_by_nid.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_NEW_BY_NID 3ossl" -.TH DH_NEW_BY_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_NEW_BY_NID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_new_by_nid, DH_get_nid \- create or get DH named parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -155,32 +80,32 @@ \& \& int DH_get_nid(const DH *dh); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters +\&\fBDH_new_by_nid()\fR creates and returns a DH structure containing named parameters \&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, \&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR, \&\fBNID_modp_1536\fR, \fBNID_modp_2048\fR, \fBNID_modp_3072\fR, \&\fBNID_modp_4096\fR, \fBNID_modp_6144\fR or \fBNID_modp_8192\fR. .PP \&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match -any named safe prime group. It returns the \s-1NID\s0 corresponding to the matching +any named safe prime group. It returns the NID corresponding to the matching parameters or \fBNID_undef\fR if there is no match. This function is deprecated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. +\&\fBDH_new_by_nid()\fR returns a set of DH parameters or \fBNULL\fR if an error occurred. .PP -\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters for p and g +\&\fBDH_get_nid()\fR returns the NID of the matching set of parameters for p and g and optionally q, otherwise it returns \fBNID_undef\fR if there is no match. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_set_method.3.orig +++ secure/lib/libcrypto/man/man3/DH_set_method.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_SET_METHOD 3ossl" -.TH DH_SET_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_SET_METHOD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL \- select DH method -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -162,71 +87,71 @@ \& \& const DH_METHOD *DH_OpenSSL(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use the provider APIs. .PP -A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman +A \fBDH_METHOD\fR specifies the functions that OpenSSL uses for Diffie\-Hellman operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1DH API\s0 functions are affected by the use -of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +such as hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these DH API functions are affected by the use +of \fBENGINE\fR API calls. .PP -Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +Initially, the default DH_METHOD is the OpenSSL internal implementation, as returned by \fBDH_OpenSSL()\fR. .PP -\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all DH structures created later. -\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set -as a default for \s-1DH,\s0 so this function is no longer recommended. -This function is not thread-safe and should not be called at the same time +\&\fBNB\fR: This is true only whilst no ENGINE has been set +as a default for DH, so this function is no longer recommended. +This function is not thread\-safe and should not be called at the same time as other OpenSSL functions. .PP -\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 -However, the meaningfulness of this result is dependent on whether the \s-1ENGINE -API\s0 is being used, so this function is no longer recommended. +\&\fBDH_get_default_method()\fR returns a pointer to the current default DH_METHOD. +However, the meaningfulness of this result is dependent on whether the ENGINE +API is being used, so this function is no longer recommended. .PP \&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. -This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method -was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the -change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 -implementations (e.g. from an \s-1ENGINE\s0 module that supports embedded -hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +This will replace the DH_METHOD used by the DH key and if the previous method +was supplied by an ENGINE, the handle to that ENGINE will be released during the +change. It is possible to have DH keys that only work with certain DH_METHOD +implementations (e.g. from an ENGINE module that supports embedded +hardware\-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results. .PP -\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will -be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 -operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fBDH_new_method()\fR allocates and initializes a DH structure so that \fBengine\fR will +be used for the DH operations. If \fBengine\fR is NULL, the default ENGINE for DH +operations is used, and if no default ENGINE is set, the DH_METHOD controlled by \&\fBDH_set_default_method()\fR is used. .PP -A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see +A new DH_METHOD object may be constructed using \fBDH_meth_new()\fR (see \&\fBDH_meth_new\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective -\&\fB\s-1DH_METHOD\s0\fRs. +\&\fBDH_METHOD\fRs. .PP \&\fBDH_set_default_method()\fR returns no value. .PP \&\fBDH_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as -the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous -method was supplied by an \s-1ENGINE\s0). +the method for \fBdh\fR (including unloading the ENGINE handle if the previous +method was supplied by an ENGINE). .PP -\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +\&\fBDH_new_method()\fR returns NULL and sets an error code that can be obtained by \&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DH_size.3.orig +++ secure/lib/libcrypto/man/man3/DH_size.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DH_SIZE 3ossl" -.TH DH_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DH_SIZE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and security bits -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -158,7 +83,7 @@ \& \& int DH_security_bits(const DH *dh); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_get_bits\fR\|(3), @@ -166,9 +91,9 @@ .PP \&\fBDH_bits()\fR returns the number of significant bits. .PP -\&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. +\&\fBdh\fR and \fBdh\->p\fR must not be \fBNULL\fR. .PP -\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used +\&\fBDH_size()\fR returns the Diffie\-Hellman prime size in bytes. It can be used to determine how much memory must be allocated for the shared secret computed by \fBDH_compute_key\fR\|(3). .PP @@ -177,26 +102,26 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_bits()\fR returns the number of bits in the key, or \-1 if -\&\fBdh\fR doesn't hold any key parameters. +\&\fBdh\fR doesn\*(Aqt hold any key parameters. .PP -\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes, or \-1 if -\&\fBdh\fR doesn't hold any key parameters. +\&\fBDH_size()\fR returns the prime size of Diffie\-Hellman in bytes, or \-1 if +\&\fBdh\fR doesn\*(Aqt hold any key parameters. .PP \&\fBDH_security_bits()\fR returns the number of security bits, or \-1 if -\&\fBdh\fR doesn't hold any key parameters. +\&\fBdh\fR doesn\*(Aqt hold any key parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_get_bits\fR\|(3), \&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3), \&\fBBN_num_bits\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_SIG_new.3.orig +++ secure/lib/libcrypto/man/man3/DSA_SIG_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_SIG_NEW 3ossl" -.TH DSA_SIG_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_SIG_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,24 +76,25 @@ \& void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); \& int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. +\&\fBDSA_SIG_new()\fR allocates an empty \fBDSA_SIG\fR structure. .PP -\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +\&\fBDSA_SIG_free()\fR frees the \fBDSA_SIG\fR structure and its components. The values are erased before the memory is returned to the system. +If the argument is NULL, nothing is done. .PP \&\fBDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained in \fBsig\fR. .PP The \fBr\fR and \fBs\fR values can be set by calling \fBDSA_SIG_set0()\fR and passing the new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this -function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, +function transfers the memory management of the values to the DSA_SIG object, and therefore the values that have been passed in should not be freed directly after this function has been called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +If the allocation fails, \fBDSA_SIG_new()\fR returns \fBNULL\fR and sets an error code that can be obtained by \&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. @@ -180,11 +106,11 @@ .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_get_bn_param\fR\|(3), \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_do_sign.3.orig +++ secure/lib/libcrypto/man/man3/DSA_do_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_DO_SIGN 3ossl" -.TH DSA_DO_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_DO_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_do_sign, DSA_do_verify \- raw DSA signature operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -156,7 +81,7 @@ \& int DSA_do_verify(const unsigned char *dgst, int dgst_len, \& DSA_SIG *sig, DSA *dsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_sign_init\fR\|(3), \fBEVP_PKEY_sign\fR\|(3), @@ -164,18 +89,18 @@ .PP \&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a -newly allocated \fB\s-1DSA_SIG\s0\fR structure. +newly allocated \fBDSA_SIG\fR structure. .PP \&\fBDSA_sign_setup\fR\|(3) may be used to precompute part of the signing operation in case signature generation is -time-critical. +time\-critical. .PP \&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given -message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public +message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer\*(Aqs public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR +\&\fBDSA_do_sign()\fR returns the signature, NULL on error. \fBDSA_do_verify()\fR returns 1 for a valid signature, 0 for an incorrect signature and \-1 on error. The error codes can be obtained by \&\fBERR_get_error\fR\|(3). @@ -184,14 +109,14 @@ \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_SIG_new\fR\|(3), \&\fBDSA_sign\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_dup_DH.3.orig +++ secure/lib/libcrypto/man/man3/DSA_dup_DH.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,117 +53,58 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_DUP_DH 3ossl" -.TH DSA_DUP_DH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_DUP_DH 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_dup_DH \- create a DH structure out of DSA structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& DH *DSA_dup_DH(const DSA *r); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function described on this page is deprecated. There is no direct -replacement, applications should use the \s-1EVP_PKEY\s0 APIs for Diffie-Hellman +replacement, applications should use the EVP_PKEY APIs for Diffie\-Hellman operations. .PP -\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q -is lost during that conversion, but the resulting \s-1DH\s0 parameters +\&\fBDSA_dup_DH()\fR duplicates DSA parameters/keys as DH parameters/keys. q +is lost during that conversion, but the resulting DH parameters contain its length. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +\&\fBDSA_dup_DH()\fR returns the new \fBDH\fR structure, and NULL on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "NOTE" +.SH NOTE .IX Header "NOTE" Be careful to avoid small subgroup attacks when using this. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This function was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_generate_key.3.orig +++ secure/lib/libcrypto/man/man3/DSA_generate_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,102 +53,43 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_GENERATE_KEY 3ossl" -.TH DSA_GENERATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_GENERATE_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_generate_key \- generate DSA key pair -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& int DSA_generate_key(DSA *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_keygen_init\fR\|(3) and -\&\fBEVP_PKEY_keygen\fR\|(3) as described in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7). +\&\fBEVP_PKEY_keygen\fR\|(3) as described in \fBEVP_PKEY\-DSA\fR\|(7). .PP -\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +\&\fBDSA_generate_key()\fR expects \fBa\fR to contain DSA parameters. It generates a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. .PP The random generator must be seeded prior to calling \fBDSA_generate_key()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise. @@ -173,14 +98,14 @@ .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_generate_parameters_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This function was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_generate_parameters.3.orig +++ secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_GENERATE_PARAMETERS 3ossl" -.TH DSA_GENERATE_PARAMETERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_GENERATE_PARAMETERS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 4 @@ -158,7 +83,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 0.9.8, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -166,87 +91,87 @@ \& int *counter_ret, unsigned long *h_ret, \& void (*callback)(int, int, void *), void *cb_arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_paramgen_init\fR\|(3) and -\&\fBEVP_PKEY_keygen\fR\|(3) as described in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7). +\&\fBEVP_PKEY_keygen\fR\|(3) as described in \fBEVP_PKEY\-DSA\fR\|(7). .PP \&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g -for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. +for use in the DSA and stores the result in \fBdsa\fR. .PP \&\fBbits\fR is the length of the prime p to be generated. For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. .PP -If \fBseed\fR is \s-1NULL,\s0 the primes will be generated at random. +If \fBseed\fR is NULL, the primes will be generated at random. If \fBseed_len\fR is less than the length of q, an error is returned. .PP \&\fBDSA_generate_parameters_ex()\fR places the iteration count in *\fBcounter_ret\fR and a counter used for finding a generator in -*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. +*\fBh_ret\fR, unless these are \fBNULL\fR. .PP A callback function may be used to provide feedback about the progress -of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be -called as shown below. For information on the \s-1BN_GENCB\s0 structure and the +of the key generation. If \fBcb\fR is not \fBNULL\fR, it will be +called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to \&\fBBN_generate_prime\fR\|(3). .PP -\&\fBDSA_generate_prime()\fR is similar to \fBDSA_generate_prime_ex()\fR but -expects an old-style callback function; see -\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. -.IP "\(bu" 2 +\&\fBDSA_generate_parameters()\fR is similar to \fBDSA_generate_parameters_ex()\fR but +expects an old\-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old\-style callback. +.IP \(bu 2 When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called (m is 0 for the first candidate). -.IP "\(bu" 2 +.IP \(bu 2 When a candidate for q has passed a test by trial division, \&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. -While a candidate for q is tested by Miller-Rabin primality tests, +While a candidate for q is tested by Miller\-Rabin primality tests, \&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop (once for each witness that confirms that the candidate may be prime); i is the loop counter (starting at 0). -.IP "\(bu" 2 +.IP \(bu 2 When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and \&\fBBN_GENCB_call(cb, 3, 0)\fR are called. -.IP "\(bu" 2 +.IP \(bu 2 Before a candidate for p (other than the first) is generated and tested, \&\fBBN_GENCB_call(cb, 0, counter)\fR is called. -.IP "\(bu" 2 +.IP \(bu 2 When a candidate for p has passed the test by trial division, \&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. -While it is tested by the Miller-Rabin primality test, +While it is tested by the Miller\-Rabin primality test, \&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop (once for each witness that confirms that the candidate may be prime). i is the loop counter (starting at 0). -.IP "\(bu" 2 +.IP \(bu 2 When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. -.IP "\(bu" 2 +.IP \(bu 2 When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP -\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or -\&\fB\s-1NULL\s0\fR if the parameter generation fails. -.SH "BUGS" +\&\fBDSA_generate_parameters()\fR returns a pointer to the DSA structure or +\&\fBNULL\fR if the parameter generation fails. +.SH BUGS .IX Header "BUGS" Seed lengths greater than 20 are not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBDSA_generate_parameters_ex()\fR was deprecated in OpenSSL 3.0. .PP \&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use \&\fBDSA_generate_parameters_ex()\fR instead. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_get0_pqg.3.orig +++ secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_GET0_PQG 3ossl" -.TH DSA_GET0_PQG 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_GET0_PQG 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine \- Routines for getting and setting data in a DSA object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 10 @@ -172,38 +97,38 @@ \& void DSA_set_flags(DSA *d, int flags); \& ENGINE *DSA_get0_engine(DSA *d); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_get_bn_param\fR\|(3). .PP -A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a +A DSA object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). .PP The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDSA_get0_pqg()\fR. If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set -to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These +to NULL. Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. .PP The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDSA_set0_pqg()\fR and passing the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling -this function transfers the memory management of the values to the \s-1DSA\s0 object, +this function transfers the memory management of the values to the DSA object, and therefore the values that have been passed in should not be freed directly after this function has been called. .PP To get the public and private key values use the \fBDSA_get0_key()\fR function. A pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the -private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +private key will be stored in \fB*priv_key\fR. Either may be NULL if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. .PP The public and private key values can be set using \fBDSA_set0_key()\fR. The public -key must be non-NULL the first time this function is called on a given \s-1DSA\s0 -object. The private key may be \s-1NULL.\s0 On subsequent calls, either may be \s-1NULL,\s0 -which means the corresponding \s-1DSA\s0 field is left untouched. As for \fBDSA_set0_pqg()\fR -this function transfers the memory management of the key values to the \s-1DSA\s0 +key must be non\-NULL the first time this function is called on a given DSA +object. The private key may be NULL. On subsequent calls, either may be NULL, +which means the corresponding DSA field is left untouched. As for \fBDSA_set0_pqg()\fR +this function transfers the memory management of the key values to the DSA object, and therefore they should not be freed directly after this function has been called. .PP @@ -211,19 +136,19 @@ retrieved separately by the corresponding function \fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR, \&\fBDSA_get0_g()\fR, \fBDSA_get0_priv_key()\fR, and \fBDSA_get0_pub_key()\fR, respectively. .PP -\&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. +\&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the DSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. \fBDSA_test_flags()\fR tests to see whether the flags -passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple +passed in the \fBflags\fR parameter are currently set in the DSA object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. \fBDSA_clear_flags()\fR clears the specified flags -within the \s-1DSA\s0 object. +within the DSA object. .PP -\&\fBDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 -object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. -.SH "NOTES" +\&\fBDSA_get0_engine()\fR returns a handle to the ENGINE that has been set for this DSA +object, or NULL if no such ENGINE has been set. +.SH NOTES .IX Header "NOTES" -Values retrieved with \fBDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used +Values retrieved with \fBDSA_get0_key()\fR are owned by the DSA object used in the call and may therefore \fInot\fR be passed to \fBDSA_set0_key()\fR. If needed, duplicate the received value using \fBBN_dup()\fR and pass the duplicate. The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR. @@ -231,9 +156,9 @@ .IX Header "RETURN VALUES" \&\fBDSA_set0_pqg()\fR and \fBDSA_set0_key()\fR return 1 on success or 0 on failure. .PP -\&\fBDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. +\&\fBDSA_test_flags()\fR returns the current state of the flags in the DSA object. .PP -\&\fBDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +\&\fBDSA_get0_engine()\fR returns the ENGINE set for the DSA object or NULL if no ENGINE has been set. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -241,15 +166,15 @@ \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), \&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), \&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0 and deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_meth_new.3.orig +++ secure/lib/libcrypto/man/man3/DSA_meth_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_METH_NEW 3ossl" -.TH DSA_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_METH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, @@ -148,14 +73,14 @@ DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen \- Routines to build up DSA methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -227,56 +152,56 @@ \& int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); \& int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications and extension implementations should instead use the -\&\s-1OSSL_PROVIDER\s0 APIs. +OSSL_PROVIDER APIs. .PP -The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 +The \fBDSA_METHOD\fR type is a structure used for the provision of custom DSA implementations. It provides a set of functions used by OpenSSL for the -implementation of the various \s-1DSA\s0 capabilities. +implementation of the various DSA capabilities. .PP -\&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a -unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated -string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is +\&\fBDSA_meth_new()\fR creates a new \fBDSA_METHOD\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a NULL terminated +string, which will be duplicated and stored in the \fBDSA_METHOD\fR object. It is the callers responsibility to free the original string. The flags will be used -during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any -new \fB\s-1DSA\s0\fR object will have those flags set by default. +during the construction of a new \fBDSA\fR object based on this \fBDSA_METHOD\fR. Any +new \fBDSA\fR object will have those flags set by default. .PP -\&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a -parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an +\&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fBDSA_METHOD\fR object passed as a +parameter. This might be useful for creating a new \fBDSA_METHOD\fR based on an existing one, but with some differences. .PP -\&\fBDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory -associated with it. +\&\fBDSA_meth_free()\fR destroys a \fBDSA_METHOD\fR structure and frees up any memory +associated with it. If the argument is NULL, nothing is done. .PP -\&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This +\&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this DSA_METHOD. This is a pointer to the internal name string and so should not be freed by the -caller. \fBDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The -string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the +caller. \fBDSA_meth_set1_name()\fR sets the name of the DSA_METHOD to \fBname\fR. The +string is duplicated and the copy is stored in the DSA_METHOD structure, so the caller remains responsible for freeing the memory associated with the name. .PP \&\fBDSA_meth_get_flags()\fR returns the current value of the flags associated with this -\&\s-1DSA_METHOD.\s0 \fBDSA_meth_set_flags()\fR provides the ability to set these flags. +DSA_METHOD. \fBDSA_meth_set_flags()\fR provides the ability to set these flags. .PP The functions \fBDSA_meth_get0_app_data()\fR and \fBDSA_meth_set0_app_data()\fR provide the -ability to associate implementation specific data with the \s-1DSA_METHOD.\s0 It is -the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is +ability to associate implementation specific data with the DSA_METHOD. It is +the application\*(Aqs responsibility to free this data before the DSA_METHOD is freed via a call to \fBDSA_meth_free()\fR. .PP \&\fBDSA_meth_get_sign()\fR and \fBDSA_meth_set_sign()\fR get and set the function used for -creating a \s-1DSA\s0 signature respectively. This function will be +creating a DSA signature respectively. This function will be called in response to the application calling \fBDSA_do_sign()\fR (or \fBDSA_sign()\fR). The parameters for the function have the same meaning as for \fBDSA_do_sign()\fR. .PP \&\fBDSA_meth_get_sign_setup()\fR and \fBDSA_meth_set_sign_setup()\fR get and set the function -used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function +used for precalculating the DSA signature values \fBk^\-1\fR and \fBr\fR. This function will be called in response to the application calling \fBDSA_sign_setup()\fR. The parameters for the function have the same meaning as for \fBDSA_sign_setup()\fR. .PP \&\fBDSA_meth_get_verify()\fR and \fBDSA_meth_set_verify()\fR get and set the function used -for verifying a \s-1DSA\s0 signature respectively. This function will be called in +for verifying a DSA signature respectively. This function will be called in response to the application calling \fBDSA_do_verify()\fR (or \fBDSA_verify()\fR). The parameters for the function have the same meaning as for \fBDSA_do_verify()\fR. .PP @@ -288,8 +213,8 @@ .Ve .PP This function will be called by the default OpenSSL method during verification -of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function -may be \s-1NULL.\s0 +of a DSA signature. The result is stored in the \fBrr\fR parameter. This function +may be NULL. .PP \&\fBDSA_meth_get_bn_mod_exp()\fR and \fBDSA_meth_set_bn_mod_exp()\fR get and set the function used for computing the following value: @@ -300,43 +225,43 @@ .PP This function will be called by the default OpenSSL function for \&\fBDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function -may be \s-1NULL.\s0 +may be NULL. .PP \&\fBDSA_meth_get_init()\fR and \fBDSA_meth_set_init()\fR get and set the function used -for creating a new \s-1DSA\s0 instance respectively. This function will be +for creating a new DSA instance respectively. This function will be called in response to the application calling \fBDSA_new()\fR (if the current default -\&\s-1DSA_METHOD\s0 is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR -functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this +DSA_METHOD is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR +functions will allocate the memory for the new DSA object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This -function may be \s-1NULL.\s0 +function may be NULL. .PP \&\fBDSA_meth_get_finish()\fR and \fBDSA_meth_set_finish()\fR get and set the function used -for destroying an instance of a \s-1DSA\s0 object respectively. This function will be -called in response to the application calling \fBDSA_free()\fR. A pointer to the \s-1DSA\s0 +for destroying an instance of a DSA object respectively. This function will be +called in response to the application calling \fBDSA_free()\fR. A pointer to the DSA to be destroyed is passed as a parameter. The destroy function should be used -for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should -not be freed by this function. This function may be \s-1NULL.\s0 +for DSA implementation specific clean up. The memory for the DSA itself should +not be freed by this function. This function may be NULL. .PP \&\fBDSA_meth_get_paramgen()\fR and \fBDSA_meth_set_paramgen()\fR get and set the function -used for generating \s-1DSA\s0 parameters respectively. This function will be called in +used for generating DSA parameters respectively. This function will be called in response to the application calling \fBDSA_generate_parameters_ex()\fR (or \&\fBDSA_generate_parameters()\fR). The parameters for the function have the same meaning as for \fBDSA_generate_parameters_ex()\fR. .PP \&\fBDSA_meth_get_keygen()\fR and \fBDSA_meth_set_keygen()\fR get and set the function -used for generating a new \s-1DSA\s0 key pair respectively. This function will be +used for generating a new DSA key pair respectively. This function will be called in response to the application calling \fBDSA_generate_key()\fR. The parameter for the function has the same meaning as for \fBDSA_generate_key()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object -or \s-1NULL\s0 on failure. +\&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated DSA_METHOD object +or NULL on failure. .PP \&\fBDSA_meth_get0_name()\fR and \fBDSA_meth_get_flags()\fR return the name and flags -associated with the \s-1DSA_METHOD\s0 respectively. +associated with the DSA_METHOD respectively. .PP All other DSA_meth_get_*() functions return the appropriate function pointer -that has been set in the \s-1DSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been +that has been set in the DSA_METHOD, or NULL if no such pointer has yet been set. .PP \&\fBDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or @@ -346,16 +271,16 @@ \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), \&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), \&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were deprecated in OpenSSL 3.0. .PP The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_new.3.orig +++ secure/lib/libcrypto/man/man3/DSA_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_NEW 3ossl" -.TH DSA_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_new, DSA_free \- allocate and free DSA objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -155,20 +80,20 @@ \& \& void DSA_free(DSA *dsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_new\fR\|(3) and \fBEVP_PKEY_free\fR\|(3). .PP -\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to -calling DSA_new_method(\s-1NULL\s0). +\&\fBDSA_new()\fR allocates and initializes a \fBDSA\fR structure. It is equivalent to +calling DSA_new_method(NULL). .PP -\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +\&\fBDSA_free()\fR frees the \fBDSA\fR structure and its components. The values are erased before the memory is returned to the system. -If \fBdsa\fR is \s-1NULL\s0 nothing is done. +If \fBdsa\fR is NULL nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +If the allocation fails, \fBDSA_new()\fR returns \fBNULL\fR and sets an error code that can be obtained by \&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. @@ -180,14 +105,14 @@ \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBDSA_generate_parameters\fR\|(3), \&\fBDSA_generate_key\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_set_method.3.orig +++ secure/lib/libcrypto/man/man3/DSA_set_method.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_SET_METHOD 3ossl" -.TH DSA_SET_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_SET_METHOD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -162,71 +87,71 @@ \& \& const DSA_METHOD *DSA_OpenSSL(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should providers instead of method overrides. .PP -A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 +A \fBDSA_METHOD\fR specifies the functions that OpenSSL uses for DSA operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1DSA API\s0 functions are affected by the use -of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +such as hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these DSA API functions are affected by the use +of \fBENGINE\fR API calls. .PP -Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +Initially, the default DSA_METHOD is the OpenSSL internal implementation, as returned by \fBDSA_OpenSSL()\fR. .PP -\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all DSA structures created later. -\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has -been set as a default for \s-1DSA,\s0 so this function is no longer recommended. -This function is not thread-safe and should not be called at the same time +\&\fBNB\fR: This is true only whilst no ENGINE has +been set as a default for DSA, so this function is no longer recommended. +This function is not thread\-safe and should not be called at the same time as other OpenSSL functions. .PP \&\fBDSA_get_default_method()\fR returns a pointer to the current default -\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on -whether the \s-1ENGINE API\s0 is being used, so this function is no longer +DSA_METHOD. However, the meaningfulness of this result is dependent on +whether the ENGINE API is being used, so this function is no longer recommended. .PP \&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key -\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the -previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will -be released during the change. It is possible to have \s-1DSA\s0 keys that only -work with certain \s-1DSA_METHOD\s0 implementations (e.g. from an \s-1ENGINE\s0 module -that supports embedded hardware-protected keys), and in such cases -attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected -results. See \fBDSA_meth_new\fR\|(3) for information on constructing custom \s-1DSA_METHOD\s0 +\&\fBrsa\fR. This will replace the DSA_METHOD used by the DSA key and if the +previous method was supplied by an ENGINE, the handle to that ENGINE will +be released during the change. It is possible to have DSA keys that only +work with certain DSA_METHOD implementations (e.g. from an ENGINE module +that supports embedded hardware\-protected keys), and in such cases +attempting to change the DSA_METHOD for the key can have unexpected +results. See \fBDSA_meth_new\fR\|(3) for information on constructing custom DSA_METHOD objects; .PP -\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR -will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine -for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +\&\fBDSA_new_method()\fR allocates and initializes a DSA structure so that \fBengine\fR +will be used for the DSA operations. If \fBengine\fR is NULL, the default engine +for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD controlled by \fBDSA_set_default_method()\fR is used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective -\&\fB\s-1DSA_METHOD\s0\fRs. +\&\fBDSA_METHOD\fRs. .PP \&\fBDSA_set_default_method()\fR returns no value. .PP \&\fBDSA_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as -the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous -method was supplied by an \s-1ENGINE\s0). +the method for \fBdsa\fR (including unloading the ENGINE handle if the previous +method was supplied by an ENGINE). .PP -\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be +\&\fBDSA_new_method()\fR returns NULL and sets an error code that can be obtained by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_sign.3.orig +++ secure/lib/libcrypto/man/man3/DSA_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_SIGN 3ossl" -.TH DSA_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -159,34 +84,34 @@ \& int DSA_verify(int type, const unsigned char *dgst, int len, \& unsigned char *sigbuf, int siglen, DSA *dsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_sign_init\fR\|(3), \fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). .PP \&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message -digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 +digest \fBdgst\fR using the private key \fBdsa\fR and places its ASN.1 DER encoding at \fBsigret\fR. The length of the signature is places in *\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. .PP \&\fBDSA_sign_setup()\fR is defined only for backward binary compatibility and should not be used. -Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of +Since OpenSSL 1.1.0 the DSA type is opaque and the output of \&\fBDSA_sign_setup()\fR cannot be used anyway: calling this function will only cause overhead, and does not affect the actual signature (pre\-)computation. .PP \&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBdgst\fR of size \fBlen\fR. -\&\fBdsa\fR is the signer's public key. +\&\fBdsa\fR is the signer\*(Aqs public key. .PP The \fBtype\fR parameter is ignored. .PP The random generator must be seeded when \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR) is called. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error. @@ -195,21 +120,21 @@ \&\fBERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS186\-4\s0 (Digital Signature -Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 +US Federal Information Processing Standard FIPS186\-4 (Digital Signature +Standard, DSS), ANSI X9.30 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_do_sign\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DSA_size.3.orig +++ secure/lib/libcrypto/man/man3/DSA_size.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DSA_SIZE 3ossl" -.TH DSA_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DSA_SIZE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or security bits -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -157,7 +82,7 @@ \& \& int DSA_security_bits(const DSA *dsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_get_bits\fR\|(3), @@ -166,21 +91,21 @@ \&\fBDSA_bits()\fR returns the number of bits in key \fIdsa\fR: this is the number of bits in the \fIp\fR parameter. .PP -\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature +\&\fBDSA_size()\fR returns the maximum size of an ASN.1 encoded DSA signature for key \fIdsa\fR in bytes. It can be used to determine how much memory must -be allocated for a \s-1DSA\s0 signature. +be allocated for a DSA signature. .PP \&\fBDSA_security_bits()\fR returns the number of security bits of the given \fIdsa\fR key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_security_bits()\fR returns the number of security bits in the key, or \-1 if -\&\fIdsa\fR doesn't hold any key parameters. +\&\fIdsa\fR doesn\*(Aqt hold any key parameters. .PP -\&\fBDSA_bits()\fR returns the number of bits in the key, or \-1 if \fIdsa\fR doesn't +\&\fBDSA_bits()\fR returns the number of bits in the key, or \-1 if \fIdsa\fR doesn\*(Aqt hold any key parameters. .PP -\&\fBDSA_size()\fR returns the signature size in bytes, or \-1 if \fIdsa\fR doesn't +\&\fBDSA_size()\fR returns the signature size in bytes, or \-1 if \fIdsa\fR doesn\*(Aqt hold any key parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -188,14 +113,14 @@ \&\fBEVP_PKEY_get_security_bits\fR\|(3), \&\fBEVP_PKEY_get_size\fR\|(3), \&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3.orig +++ secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,100 +53,41 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DTLS_GET_DATA_MTU 3ossl" -.TH DTLS_GET_DATA_MTU 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DTLS_GET_DATA_MTU 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DTLS_get_data_mtu \- Get maximum data payload size -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& size_t DTLS_get_data_mtu(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This function obtains the maximum data payload size for the established -\&\s-1DTLS\s0 connection \fBssl\fR, based on the \s-1DTLS\s0 record \s-1MTU\s0 and the overhead -of the \s-1DTLS\s0 record header, encryption and authentication currently in use. +DTLS connection \fBssl\fR, based on the DTLS record MTU and the overhead +of the DTLS record header, encryption and authentication currently in use. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns the maximum data payload size on success, or 0 on failure. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3.orig +++ secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DTLS_SET_TIMER_CB 3ossl" -.TH DTLS_SET_TIMER_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DTLS_SET_TIMER_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DTLS_timer_cb, DTLS_set_timer_cb \&\- Set callback for controlling DTLS timer duration -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,22 +76,33 @@ \& \& void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This function sets an optional callback function for controlling the -timeout interval on the \s-1DTLS\s0 protocol. The callback function will be -called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. +timeout interval on the DTLS protocol. The callback function will be +called by DTLS for every new DTLS packet that is sent. +.PP +The callback should return the timeout interval in micro seconds. +.PP +The \fItimer_us\fR parameter of the callback is the last set timeout +interval returned. On the first invocation of the callback, +this value will be 0. +.PP +At the beginning of the connection, if no timeout callback has been +set via \fBDTLS_set_timer_cb()\fR, the default timeout value is 1 second. +For all subsequent timeouts, the default behavior is to double the +duration up to a maximum of 1 minute. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns void. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/DTLSv1_listen.3.orig +++ secure/lib/libcrypto/man/man3/DTLSv1_listen.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DTLSV1_LISTEN 3ossl" -.TH DTLSV1_LISTEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DTLSV1_LISTEN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,54 +75,54 @@ \& int SSL_stateless(SSL *s); \& int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. -\&\fBDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a +\&\fBDTLSv1_listen()\fR statelessly listens for new incoming DTLS connections. If a ClientHello is received that does not contain a cookie, then they respond with a request for a new ClientHello that does contain a cookie. If a ClientHello is received with a cookie that is verified then the function returns in order to enable the handshake to be completed (for example by using \fBSSL_accept()\fR). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification -attacks. Unlike \s-1TCP\s0 there is no initial connection setup in \s-1UDP\s0 that +Some transport protocols (such as UDP) can be susceptible to amplification +attacks. Unlike TCP there is no initial connection setup in UDP that validates that the client can actually receive messages on its advertised source -address. An attacker could forge its source \s-1IP\s0 address and then send handshake +address. An attacker could forge its source IP address and then send handshake initiation messages to the server. The server would then send its response to -the forged source \s-1IP.\s0 If the response messages are larger than the original +the forged source IP. If the response messages are larger than the original message then the amplification attack has succeeded. .PP -If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate -the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is -designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). -If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However, some -stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source +If DTLS is used over UDP (or any datagram based protocol that does not validate +the source IP) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream\-based transport protocol (such as TCP). +If TCP is being used then there is no need to use \fBSSL_stateless()\fR. However, some +stream\-based transport protocols (e.g. QUIC) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack. .PP -As a countermeasure to this issue TLSv1.3 and \s-1DTLS\s0 include a stateless cookie +As a countermeasure to this issue TLSv1.3 and DTLS include a stateless cookie mechanism. The idea is that when a client attempts to connect to a server it sends a ClientHello message. The server responds with a HelloRetryRequest (in -TLSv1.3) or a HelloVerifyRequest (in \s-1DTLS\s0) which contains a unique cookie. The +TLSv1.3) or a HelloVerifyRequest (in DTLS) which contains a unique cookie. The client then resends the ClientHello, but this time includes the cookie in the message thus proving that the client is capable of receiving messages sent to that address. All of this can be done by the server without allocating any state, and thus without consuming expensive resources. .PP OpenSSL implements this capability via the \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR -functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its +functions. The \fBssl\fR parameter should be a newly allocated SSL object with its read and write BIOs set, in the same way as might be done for a call to -\&\fBSSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" +\&\fBSSL_accept()\fR. Typically, for DTLS, the read BIO will be in an "unconnected" state and thus capable of receiving messages from any peer. .PP When a ClientHello is received that contains a cookie that has been verified, then these functions will return with the \fBssl\fR parameter updated into a state where the handshake can be continued by a call to (for example) \fBSSL_accept()\fR. -Additionally, for \fBDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be +Additionally, for \fBDTLSv1_listen()\fR, the \fBBIO_ADDR\fR pointed to by \fBpeer\fR will be filled in with details of the peer that sent the ClientHello. If the underlying -\&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 +BIO is unable to obtain the \fBBIO_ADDR\fR of the peer (for example because the BIO does not support this), then \fB*peer\fR will be cleared and the family set to -\&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to +AF_UNSPEC. Typically user code is expected to "connect" the underlying socket to the peer and continue the handshake in a connected state. .PP Warning: It is essential that the calling code connects the underlying socket to @@ -205,17 +130,17 @@ \&\fBBIO_s_datagram\fR\|(3) is used, the peer address is updated when receiving a datagram on an unconnected socket. If the socket is not connected, it can receive datagrams from any host on the network, which will cause subsequent -outgoing datagrams transmitted by \s-1DTLS\s0 to be transmitted to that host. In other -words, failing to call \fBBIO_connect()\fR or a similar OS-specific function on a -socket means that any host on the network can cause outgoing \s-1DTLS\s0 traffic to be +outgoing datagrams transmitted by DTLS to be transmitted to that host. In other +words, failing to call \fBBIO_connect()\fR or a similar OS\-specific function on a +socket means that any host on the network can cause outgoing DTLS traffic to be redirected to it by sending a datagram to the socket in question. This does not -break the cryptographic protections of \s-1DTLS\s0 but may facilitate a -denial-of-service attack or allow unencrypted information in the \s-1DTLS\s0 handshake +break the cryptographic protections of DTLS but may facilitate a +denial\-of\-service attack or allow unencrypted information in the DTLS handshake to be learned by an attacker. This is due to the historical design of \&\fBBIO_s_datagram\fR\|(3); see \fBBIO_s_datagram\fR\|(3) for details on this issue. .PP Once a socket has been connected, \fBBIO_ctrl_set_connected\fR\|(3) should be used to -inform the \s-1BIO\s0 that the socket is to be used in connected mode. +inform the BIO that the socket is to be used in connected mode. .PP Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation and verification callbacks have been set up using @@ -229,11 +154,11 @@ \&\fBonly\fR supports ClientHellos that fit inside a single datagram. .PP For \fBSSL_stateless()\fR if an entire ClientHello message cannot be read without the -\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fBSSL_stateless()\fR call will fail. It is the -application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during +"read" BIO becoming empty then the \fBSSL_stateless()\fR call will fail. It is the +application\*(Aqs responsibility to ensure that data read from the "read" BIO during a single \fBSSL_stateless()\fR call is all from the same peer. .PP -\&\fBSSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than +\&\fBSSL_stateless()\fR will fail (with a 0 return value) if some TLS version less than TLSv1.3 is used. .PP Both \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR will clear the error queue when they @@ -249,35 +174,35 @@ will be set up ready to continue the handshake. the \fBpeer\fR value will also be filled in. .PP -A return value of 0 indicates a non-fatal error. This could (for -example) be because of nonblocking \s-1IO,\s0 or some invalid message having been +A return value of 0 indicates a non\-fatal error. This could (for +example) be because of nonblocking IO, or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the -call to \fBDTLSv1_listen()\fR in the event of a non-fatal error. +call to \fBDTLSv1_listen()\fR in the event of a non\-fatal error. .PP A return value of <0 indicates a fatal error. This could (for example) be because of a failure to allocate sufficient memory for the operation. .PP -For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both +For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non\-fatal errors both produce return codes <= 0 (in typical implementations user code treats all -errors as non-fatal), whilst return codes >0 indicate success. +errors as non\-fatal), whilst return codes >0 indicate success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_cookie_generate_cb\fR\|(3), \fBSSL_CTX_set_cookie_verify_cb\fR\|(3), \&\fBSSL_CTX_set_stateless_cookie_generate_cb\fR\|(3), \&\fBSSL_CTX_set_stateless_cookie_verify_cb\fR\|(3), \fBSSL_get_error\fR\|(3), \&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_stateless()\fR function was added in OpenSSL 1.1.1. .PP The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. -The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. -.SH "COPYRIGHT" +The type of "peer" also changed in OpenSSL 1.1.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3.orig +++ secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ECDSA_SIG_NEW 3ossl" -.TH ECDSA_SIG_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ECDSA_SIG_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0 \&\- Functions for creating, destroying and manipulating ECDSA_SIG objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,47 +79,48 @@ \& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); \& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the -\&\fIr\fR and \fIs\fR value of an Elliptic Curve Digital Signature Algorithm (\s-1ECDSA\s0) signature -(see \s-1FIPS186\-4\s0 or X9.62). -The \fB\s-1ECDSA_SIG\s0\fR object was mainly used by the deprecated low level functions described in +\&\fBECDSA_SIG\fR is an opaque structure consisting of two BIGNUMs for the +\&\fIr\fR and \fIs\fR value of an Elliptic Curve Digital Signature Algorithm (ECDSA) signature +(see FIPS186\-4 or X9.62). +The \fBECDSA_SIG\fR object was mainly used by the deprecated low level functions described in \&\fBECDSA_sign\fR\|(3), it is still required in order to be able to set or get the values of \&\fIr\fR and \fIs\fR into or from a signature. This is mainly used for testing purposes as shown -in the \*(L"\s-1EXAMPLES\*(R"\s0. +in the "EXAMPLES". .PP -\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. +\&\fBECDSA_SIG_new()\fR allocates an empty \fBECDSA_SIG\fR structure. Note: before OpenSSL 1.1.0, the \fIr\fR and \fIs\fR components were initialised. .PP -\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fIsig\fR. +\&\fBECDSA_SIG_free()\fR frees the \fBECDSA_SIG\fR structure \fIsig\fR. +If the argument is NULL, nothing is done. .PP \&\fBECDSA_SIG_get0()\fR returns internal pointers the \fIr\fR and \fIs\fR values contained in \fIsig\fR and stores them in \fI*pr\fR and \fI*ps\fR, respectively. -The pointer \fIpr\fR or \fIps\fR can be \s-1NULL,\s0 in which case the corresponding value +The pointer \fIpr\fR or \fIps\fR can be NULL, in which case the corresponding value is not returned. .PP The values \fIr\fR, \fIs\fR can also be retrieved separately by the corresponding function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively. .PP -Non-NULL \fIr\fR and \fIs\fR values can be set on the \fIsig\fR by calling +Non\-NULL \fIr\fR and \fIs\fR values can be set on the \fIsig\fR by calling \&\fBECDSA_SIG_set0()\fR. Calling this function transfers the memory management of the -values to the \fB\s-1ECDSA_SIG\s0\fR object, and therefore the values that have been +values to the \fBECDSA_SIG\fR object, and therefore the values that have been passed in should not be freed by the caller. .PP See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding -and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 +and decoding ECDSA signatures to/from DER. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. +\&\fBECDSA_SIG_new()\fR returns NULL if the allocation fails. .PP \&\fBECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. .PP \&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value, -or \s-1NULL\s0 if it is unset. -.SH "EXAMPLES" +or NULL if it is unset. +.SH EXAMPLES .IX Header "EXAMPLES" -Extract signature \fIr\fR and \fIs\fR values from a \s-1ECDSA\s0 \fIsignature\fR +Extract signature \fIr\fR and \fIs\fR values from a ECDSA \fIsignature\fR of size \fIsignaturelen\fR: .PP .Vb 2 @@ -220,7 +146,7 @@ \& ECDSA_SIG_free(obj); .Ve .PP -Convert \fIr\fR and \fIs\fR byte arrays into an \s-1ECDSA_SIG\s0 \fIsignature\fR of +Convert \fIr\fR and \fIs\fR byte arrays into an ECDSA_SIG \fIsignature\fR of size \fIsignaturelen\fR: .PP .Vb 4 @@ -258,9 +184,9 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ANSI X9.62, -US\s0 Federal Information Processing Standard \s-1FIPS186\-4\s0 -(Digital Signature Standard, \s-1DSS\s0) +ANSI X9.62, +US Federal Information Processing Standard FIPS186\-4 +(Digital Signature Standard, DSS) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEC_KEY_new\fR\|(3), @@ -270,11 +196,11 @@ \&\fBi2d_ECDSA_SIG\fR\|(3), \&\fBd2i_ECDSA_SIG\fR\|(3), \&\fBECDSA_sign\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2004\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ECDSA_sign.3.orig +++ secure/lib/libcrypto/man/man3/ECDSA_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,88 +53,29 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ECDSA_SIGN 3ossl" -.TH ECDSA_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ECDSA_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- deprecated low\-level elliptic curve digital signature algorithm (ECDSA) functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -174,58 +99,58 @@ \& unsigned char *sig, unsigned int *siglen, \& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -See \fBECDSA_SIG_new\fR\|(3) for a description of the \fB\s-1ECDSA_SIG\s0\fR object. +See \fBECDSA_SIG_new\fR\|(3) for a description of the \fBECDSA_SIG\fR object. .PP See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding -and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 +and decoding ECDSA signatures to/from DER. .PP All of the functions described below are deprecated. Applications should -use the higher level \fB\s-1EVP\s0\fR interface such as \fBEVP_DigestSignInit\fR\|(3) +use the higher level \fBEVP\fR interface such as \fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. .PP -\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature -created with the private \s-1EC\s0 key \fIeckey\fR. To obtain the actual signature -size use \fBEVP_PKEY_sign\fR\|(3) with a \s-1NULL\s0 \fIsig\fR parameter. +\&\fBECDSA_size()\fR returns the maximum length of a DER encoded ECDSA signature +created with the private EC key \fIeckey\fR. To obtain the actual signature +size use \fBEVP_PKEY_sign\fR\|(3) with a NULL \fIsig\fR parameter. .PP \&\fBECDSA_sign()\fR computes a digital signature of the \fIdgstlen\fR bytes hash value -\&\fIdgst\fR using the private \s-1EC\s0 key \fIeckey\fR. The \s-1DER\s0 encoded signatures is -stored in \fIsig\fR and its length is returned in \fIsig_len\fR. Note: \fIsig\fR must +\&\fIdgst\fR using the private EC key \fIeckey\fR. The DER encoded signatures is +stored in \fIsig\fR and its length is returned in \fIsiglen\fR. Note: \fIsig\fR must point to ECDSA_size(eckey) bytes of memory. The parameter \fItype\fR is currently ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fIkinv\fR -and \fIrp\fR set to \s-1NULL.\s0 +and \fIrp\fR set to NULL. .PP \&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned -as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR +as a newly allocated \fBECDSA_SIG\fR structure (or NULL on error). \fBECDSA_do_sign()\fR is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fIkinv\fR and \fIrp\fR set to -\&\s-1NULL.\s0 +NULL. .PP \&\fBECDSA_verify()\fR verifies that the signature in \fIsig\fR of size \fIsiglen\fR is a -valid \s-1ECDSA\s0 signature of the hash value \fIdgst\fR of size \fIdgstlen\fR using the +valid ECDSA signature of the hash value \fIdgst\fR of size \fIdgstlen\fR using the public key \fIeckey\fR. The parameter \fItype\fR is ignored. .PP \&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is -presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. +presented in the form of a pointer to an \fBECDSA_SIG\fR structure. .PP The remaining functions utilise the internal \fIkinv\fR and \fIr\fR values used during signature computation. Most applications will never need to call these -and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if -either \fIkinv\fR or \fIr\fR is not \s-1NULL.\s0 +and some external ECDSA ENGINE implementations may not support them at all if +either \fIkinv\fR or \fIr\fR is not NULL. .PP \&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. -\&\fIeckey\fR is the private \s-1EC\s0 key and \fIctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure -(or \s-1NULL\s0). The precomputed values or returned in \fIkinv\fR and \fIrp\fR and can be +\&\fIeckey\fR is the private EC key and \fIctx\fR is a pointer to \fBBN_CTX\fR structure +(or NULL). The precomputed values or returned in \fIkinv\fR and \fIrp\fR and can be used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. .PP \&\fBECDSA_sign_ex()\fR computes a digital signature of the \fIdgstlen\fR bytes hash value -\&\fIdgst\fR using the private \s-1EC\s0 key \fIeckey\fR and the optional pre-computed values -\&\fIkinv\fR and \fIrp\fR. The \s-1DER\s0 encoded signature is stored in \fIsig\fR and its -length is returned in \fIsig_len\fR. Note: \fIsig\fR must point to ECDSA_size(eckey) +\&\fIdgst\fR using the private EC key \fIeckey\fR and the optional pre\-computed values +\&\fIkinv\fR and \fIrp\fR. The DER encoded signature is stored in \fIsig\fR and its +length is returned in \fIsiglen\fR. Note: \fIsig\fR must point to ECDSA_size(eckey) bytes of memory. The parameter \fItype\fR is ignored. .PP \&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is -returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). +returned as a newly allocated \fBECDSA_SIG\fR structure (or NULL on error). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. @@ -234,18 +159,18 @@ or 0 on error. .PP \&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated -\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. +\&\fBECDSA_SIG\fR structure or NULL on error. .PP \&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid signature, 0 for an invalid signature and \-1 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the +Creating an ECDSA signature of a given SHA\-256 hash value using the named curve prime256v1 (aka P\-256). -This example uses deprecated functionality. See \*(L"\s-1DESCRIPTION\*(R"\s0. +This example uses deprecated functionality. See "DESCRIPTION". .PP -First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 +First step: create an EC_KEY object (note: this part is \fBnot\fR ECDSA specific) .PP .Vb 3 @@ -260,7 +185,7 @@ \& /* error */ .Ve .PP -Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value +Second step: compute the ECDSA signature of a SHA\-256 hash value using \fBECDSA_do_sign()\fR: .PP .Vb 3 @@ -282,7 +207,7 @@ \& /* error */ .Ve .PP -Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: +Third step: verify the created ECDSA signature using \fBECDSA_do_verify()\fR: .PP .Vb 1 \& ret = ECDSA_do_verify(digest, 32, sig, eckey); @@ -306,8 +231,8 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS186\-2\s0 -(Digital Signature Standard, \s-1DSS\s0) +ANSI X9.62, US Federal Information Processing Standard FIPS186\-2 +(Digital Signature Standard, DSS) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEC_KEY_new\fR\|(3), @@ -316,14 +241,14 @@ \&\fBEVP_PKEY_sign\fR\|(3) \&\fBi2d_ECDSA_SIG\fR\|(3), \&\fBd2i_ECDSA_SIG\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All functionality described here was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ECPKParameters_print.3.orig +++ secure/lib/libcrypto/man/man3/ECPKParameters_print.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,102 +53,43 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ECPKPARAMETERS_PRINT 3ossl" -.TH ECPKPARAMETERS_PRINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ECPKPARAMETERS_PRINT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and encoding ASN1 representations of elliptic curve entities -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); \& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_print_params\fR\|(3) .PP The ECPKParameters represent the public parameters for an -\&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. +\&\fBEC_GROUP\fR structure, which represents a curve. .PP The \fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR functions print -a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR +a human\-readable output of the public parameters of the EC_GROUP to \fBbp\fR or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -175,14 +100,14 @@ \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3.orig +++ secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EC_GFP_SIMPLE_METHOD 3ossl" -.TH EC_GFP_SIMPLE_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EC_GFP_SIMPLE_METHOD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 6 @@ -162,15 +87,15 @@ \& \& int EC_METHOD_get_field_type(const EC_METHOD *meth); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -All const \s-1EC_METHOD\s0 *EC_GF* functions were deprecated in OpenSSL 3.0, since -\&\s-1EC_METHOD\s0 is no longer a public concept. +All const EC_METHOD *EC_GF* functions were deprecated in OpenSSL 3.0, since +EC_METHOD is no longer a public concept. .PP The Elliptic Curve library provides a number of different implementations through a single common interface. When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an implementation method must be provided. The functions described here all return a const pointer to an -\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation +\&\fBEC_METHOD\fR structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation type for the form of curve selected is used. .PP For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. @@ -178,38 +103,38 @@ For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method -offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through +offers an implementation optimised for use with NIST recommended curves (NIST curves are available through EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)). .PP The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit -optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these +optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these implementations are not available on all platforms. .PP \&\fBEC_METHOD_get_field_type()\fR was deprecated in OpenSSL 3.0. Applications should use \fBEC_GROUP_get_field_type()\fR as a replacement (see \fBEC_GROUP_copy\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. +All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an EC_METHOD structure. .PP -EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. +EC_METHOD_get_field_type returns an integer that identifies the type of field the EC_METHOD structure supports. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBd2i_ECPKParameters\fR\|(3), \&\fBBN_mod_mul_montgomery\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBEC_GFp_simple_method()\fR, EC_GFp_mont_method(void), \&\fBEC_GFp_nist_method()\fR, \fBEC_GFp_nistp224_method()\fR, \&\fBEC_GFp_nistp256_method()\fR, \fBEC_GFp_nistp521_method()\fR, \&\fBEC_GF2m_simple_method()\fR, and \fBEC_METHOD_get_field_type()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EC_GROUP_copy.3.orig +++ secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EC_GROUP_COPY 3ossl" -.TH EC_GROUP_COPY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EC_GROUP_COPY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, @@ -152,7 +77,7 @@ EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field, EC_GROUP_get_field_type \&\- Functions for manipulating EC_GROUP objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -203,21 +128,21 @@ .Ve .PP The following function has been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBEC_GROUP_copy()\fR copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD.\s0 +\&\fBEC_GROUP_copy()\fR copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same EC_METHOD. .PP -\&\fBEC_GROUP_dup()\fR creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created -\&\s-1EC_GROUP\s0 object. +\&\fBEC_GROUP_dup()\fR creates a new EC_GROUP object and copies the content from \fBsrc\fR to the newly created +EC_GROUP object. .PP -\&\fBEC_GROUP_method_of()\fR obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. -This function was deprecated in OpenSSL 3.0, since \s-1EC_METHOD\s0 is no longer a public concept. +\&\fBEC_GROUP_method_of()\fR obtains the EC_METHOD of \fBgroup\fR. +This function was deprecated in OpenSSL 3.0, since EC_METHOD is no longer a public concept. .PP \&\fBEC_GROUP_set_generator()\fR sets curve parameters that must be agreed by all participants using the curve. These parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the @@ -234,24 +159,24 @@ into \fBcofactor\fR. It fails in case \fBgroup\fR is not fully initialized or if the cofactor is not set (or set to zero). .PP -The functions \fBEC_GROUP_set_curve_name()\fR and \fBEC_GROUP_get_curve_name()\fR, set and get the \s-1NID\s0 for the curve respectively -(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name +The functions \fBEC_GROUP_set_curve_name()\fR and \fBEC_GROUP_get_curve_name()\fR, set and get the NID for the curve respectively +(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name will return NID_undef. .PP The asn1_flag value is used to determine whether the curve encoding uses -explicit parameters or a named curve using an \s-1ASN1 OID:\s0 many applications only -support the latter form. If asn1_flag is \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR then the +explicit parameters or a named curve using an ASN1 OID: many applications only +support the latter form. If asn1_flag is \fBOPENSSL_EC_NAMED_CURVE\fR then the named curve form is used and the parameters must have a corresponding -named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the +named curve NID set. If asn1_flags is \fBOPENSSL_EC_EXPLICIT_CURVE\fR the parameters are explicitly encoded. The functions \fBEC_GROUP_get_asn1_flag()\fR and \&\fBEC_GROUP_set_asn1_flag()\fR get and set the status of the asn1_flag for the curve. -Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for +Note: \fBOPENSSL_EC_EXPLICIT_CURVE\fR was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL 1.1.0 and later the named curve form is the default. .PP -The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0). +The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA). point_conversion_form_t is an enum defined as follows: .PP .Vb 10 @@ -267,33 +192,33 @@ \& } point_conversion_form_t; .Ve .PP -For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by +For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by the octets for x, followed by the octets for y. .PP For any given x coordinate for a point on a curve it is possible to derive two possible y values. For -\&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of +POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of the two possible solutions for y has been used, followed by the octets for x. .PP -For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two +For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two possible solutions for y has been used, followed by the octets for x, followed by the octets for y. .PP The functions \fBEC_GROUP_set_point_conversion_form()\fR and \fBEC_GROUP_get_point_conversion_form()\fR, set and get the point_conversion_form for the curve respectively. .PP -\&\s-1ANSI X9.62\s0 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages +ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. -If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library does not use this seed value but does enable you to inspect it using \fBEC_GROUP_get0_seed()\fR. This returns a pointer to a memory block containing the seed that was used. The length of the memory block can be obtained using \fBEC_GROUP_get_seed_len()\fR. A number of the -built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using -\&\fBEC_GROUP_set_seed()\fR and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use -this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. +built\-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +\&\fBEC_GROUP_set_seed()\fR and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use +this seed value, although it will be preserved in any ASN1 based communications. .PP \&\fBEC_GROUP_get_degree()\fR gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be the value m. .PP -\&\fBEC_GROUP_get_field_type()\fR identifies what type of field the \s-1EC_GROUP\s0 structure supports, +\&\fBEC_GROUP_get_field_type()\fR identifies what type of field the EC_GROUP structure supports, which will be either F2^m or Fp. .PP The function \fBEC_GROUP_check_discriminant()\fR calculates the discriminant for the curve and verifies that it is valid. @@ -303,17 +228,17 @@ The function \fBEC_GROUP_check()\fR behaves in the following way: For the OpenSSL default provider it performs a number of checks on a curve to verify that it is valid. Checks performed include verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has -the correct order. For the OpenSSL \s-1FIPS\s0 provider it uses \fBEC_GROUP_check_named_curve()\fR to conform to SP800\-56Ar3. +the correct order. For the OpenSSL FIPS provider it uses \fBEC_GROUP_check_named_curve()\fR to conform to SP800\-56Ar3. .PP -The function \fBEC_GROUP_check_named_curve()\fR determines if the group's domain parameters match one of the built-in curves supported by the library. -The curve name is returned as a \fB\s-1NID\s0\fR if it matches. If the group's domain parameters have been modified then no match will be found. +The function \fBEC_GROUP_check_named_curve()\fR determines if the group\*(Aqs domain parameters match one of the built\-in curves supported by the library. +The curve name is returned as a \fBNID\fR if it matches. If the group\*(Aqs domain parameters have been modified then no match will be found. If the curve name of the given group is \fBNID_undef\fR (e.g. it has been created by using explicit parameters with no curve name), -then this method can be used to lookup the name of the curve that matches the group domain parameters. The built-in curves contain -aliases, so that multiple \s-1NID\s0's can map to the same domain parameters. For such curves it is unspecified which of the aliases will be +then this method can be used to lookup the name of the curve that matches the group domain parameters. The built\-in curves contain +aliases, so that multiple NID\*(Aqs can map to the same domain parameters. For such curves it is unspecified which of the aliases will be returned if the curve name of the given group is NID_undef. -If \fBnist_only\fR is 1 it will only look for \s-1NIST\s0 approved curves, otherwise it searches all built-in curves. -This function may be passed a \s-1BN_CTX\s0 object in the \fBctx\fR parameter. -The \fBctx\fR parameter may be \s-1NULL.\s0 +If \fBnist_only\fR is 1 it will only look for NIST approved curves, otherwise it searches all built\-in curves. +This function may be passed a BN_CTX object in the \fBctx\fR parameter. +The \fBctx\fR parameter may be NULL. .PP \&\fBEC_GROUP_cmp()\fR compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. .PP @@ -327,7 +252,7 @@ .PP f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 .PP -The function \fBEC_GROUP_get_basis_type()\fR returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The +The function \fBEC_GROUP_get_basis_type()\fR returns a NID identifying whether a trinomial or pentanomial is in use for the field. The function \fBEC_GROUP_get_trinomial_basis()\fR must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly the function \fBEC_GROUP_get_pentanomial_basis()\fR must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR, \&\fBk2\fR and \fBk3\fR respectively. @@ -336,20 +261,20 @@ The following functions return 1 on success or 0 on error: \fBEC_GROUP_copy()\fR, \fBEC_GROUP_set_generator()\fR, \fBEC_GROUP_check()\fR, \&\fBEC_GROUP_check_discriminant()\fR, \fBEC_GROUP_get_trinomial_basis()\fR and \fBEC_GROUP_get_pentanomial_basis()\fR. .PP -\&\fBEC_GROUP_dup()\fR returns a pointer to the duplicated curve, or \s-1NULL\s0 on error. +\&\fBEC_GROUP_dup()\fR returns a pointer to the duplicated curve, or NULL on error. .PP -\&\fBEC_GROUP_method_of()\fR returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error. +\&\fBEC_GROUP_method_of()\fR returns the EC_METHOD implementation in use for the given curve or NULL on error. .PP -\&\fBEC_GROUP_get0_generator()\fR returns the generator for the given curve or \s-1NULL\s0 on error. +\&\fBEC_GROUP_get0_generator()\fR returns the generator for the given curve or NULL on error. .PP \&\fBEC_GROUP_get_order()\fR returns 0 if the order is not set (or set to zero) for \&\fBgroup\fR or if copying into \fBorder\fR fails, 1 otherwise. .PP \&\fBEC_GROUP_get_cofactor()\fR returns 0 if the cofactor is not set (or is set to zero) for \fBgroup\fR or if copying into \fBcofactor\fR fails, 1 otherwise. .PP -\&\fBEC_GROUP_get_curve_name()\fR returns the curve name (\s-1NID\s0) for \fBgroup\fR or will return NID_undef if no curve name is associated. +\&\fBEC_GROUP_get_curve_name()\fR returns the curve name (NID) for \fBgroup\fR or will return NID_undef if no curve name is associated. .PP -\&\fBEC_GROUP_get_asn1_flag()\fR returns the \s-1ASN1\s0 flag for the specified \fBgroup\fR . +\&\fBEC_GROUP_get_asn1_flag()\fR returns the ASN1 flag for the specified \fBgroup\fR . .PP \&\fBEC_GROUP_get_point_conversion_form()\fR returns the point_conversion_form for \fBgroup\fR. .PP @@ -364,13 +289,13 @@ \&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order. \&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order. \&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. -\&\fBEC_GROUP_get0_field()\fR returns an internal pointer to the group field. For curves over \s-1GF\s0(p), this is the modulus; for curves -over \s-1GF\s0(2^m), this is the irreducible polynomial defining the field. +\&\fBEC_GROUP_get0_field()\fR returns an internal pointer to the group field. For curves over GF(p), this is the modulus; for curves +over GF(2^m), this is the irreducible polynomial defining the field. .PP -\&\fBEC_GROUP_get0_seed()\fR returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not +\&\fBEC_GROUP_get0_seed()\fR returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not specified. \fBEC_GROUP_get_seed_len()\fR returns the length of the seed or 0 if the seed is not specified. .PP -\&\fBEC_GROUP_set_seed()\fR returns the length of the seed that has been set. If the supplied seed is \s-1NULL,\s0 or the supplied seed length is +\&\fBEC_GROUP_set_seed()\fR returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is 0, the return value will be 1. On error 0 is returned. .PP \&\fBEC_GROUP_cmp()\fR returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. @@ -382,16 +307,16 @@ \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBEC_GROUP_method_of()\fR was deprecated in OpenSSL 3.0. \&\fBEC_GROUP_get0_field()\fR, \fBEC_GROUP_check_named_curve()\fR and \fBEC_GROUP_get_field_type()\fR were added in OpenSSL 3.0. \&\fBEC_GROUP_get0_order()\fR, \fBEC_GROUP_order_bits()\fR and \fBEC_GROUP_get0_cofactor()\fR were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EC_GROUP_new.3.orig +++ secure/lib/libcrypto/man/man3/EC_GROUP_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EC_GROUP_NEW 3ossl" -.TH EC_GROUP_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EC_GROUP_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new_from_params, @@ -160,7 +85,7 @@ EC_get_builtin_curves, OSSL_EC_curve_nid2name \- Functions for creating and destroying EC_GROUP objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -194,7 +119,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -210,7 +135,7 @@ \& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, \& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the prime field Fp. The elements of Fp are @@ -232,23 +157,23 @@ Although deprecated since OpenSSL 3.0 and should no longer be used, a new curve can be constructed by calling \fBEC_GROUP_new()\fR, using the implementation provided by \fImeth\fR (see \fBEC_GFp_simple_method\fR\|(3)) and -associated with the library context \fIctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). -The \fIctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +associated with the library context \fIctx\fR (see \fBOSSL_LIB_CTX\fR\|(3)). +The \fIctx\fR parameter may be NULL in which case the default library context is used. It is then necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. Applications should instead use one of the other EC_GROUP_new_* constructors. .PP \&\fBEC_GROUP_new_from_params()\fR creates a group with parameters specified by \fIparams\fR. -The library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and property query string +The library context \fIlibctx\fR (see \fBOSSL_LIB_CTX\fR\|(3)) and property query string \&\fIpropq\fR are used to fetch algorithms from providers. \&\fIparams\fR may be either a list of explicit params or a named group, -The values for \fIctx\fR and \fIpropq\fR may be \s-1NULL.\s0 +The values for \fIctx\fR and \fIpropq\fR may be NULL. The \fIparams\fR that can be used are described in -\&\fB\s-1EVP_PKEY\-EC\s0\fR(7). +\&\fBEVP_PKEY\-EC\fR(7). .PP \&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the specified \fIparams\fR and -\&\fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 +\&\fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific PK \&\fIparams\fR. .PP \&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fIp\fR, \fIa\fR and \fIb\fR. For a curve @@ -278,11 +203,11 @@ to obtain a list of all of the predefined curves, call the function \&\fBEC_get_builtin_curves()\fR. The parameter \fIr\fR should be an array of EC_builtin_curve structures of size \fInitems\fR. The function will populate the -\&\fIr\fR array with information about the built-in curves. If \fInitems\fR is less than +\&\fIr\fR array with information about the built\-in curves. If \fInitems\fR is less than the total number of curves available, then the first \fInitems\fR curves will be returned. Otherwise the total number of curves will be provided. The return value is the total number of curves available (whether that number has been -populated in \fIr\fR or not). Passing a \s-1NULL\s0 \fIr\fR, or setting \fInitems\fR to 0 will +populated in \fIr\fR or not). Passing a NULL \fIr\fR, or setting \fInitems\fR to 0 will do nothing other than return the total number of curves available. The EC_builtin_curve structure is defined as follows: .PP @@ -296,56 +221,56 @@ Each EC_builtin_curve item has a unique integer id (\fInid\fR), and a human readable comment string describing the curve. .PP -In order to construct a built-in curve use the function +In order to construct a built\-in curve use the function \&\fBEC_GROUP_new_by_curve_name_ex()\fR and provide the \fInid\fR of the curve to be constructed, the associated library context to be used in \fIctx\fR (see -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and any property query string in \fIpropq\fR. The \fIctx\fR value -may be \s-1NULL\s0 in which case the default library context is used. The \fIpropq\fR -value may also be \s-1NULL.\s0 +\&\fBOSSL_LIB_CTX\fR\|(3)) and any property query string in \fIpropq\fR. The \fIctx\fR value +may be NULL in which case the default library context is used. The \fIpropq\fR +value may also be NULL. .PP \&\fBEC_GROUP_new_by_curve_name()\fR is the same as \&\fBEC_GROUP_new_by_curve_name_ex()\fR except that the default library context -is always used along with a \s-1NULL\s0 property query string. +is always used along with a NULL property query string. .PP -\&\fBEC_GROUP_free()\fR frees the memory associated with the \s-1EC_GROUP.\s0 -If \fIgroup\fR is \s-1NULL\s0 nothing is done. +\&\fBEC_GROUP_free()\fR frees the memory associated with the EC_GROUP. +If \fIgroup\fR is NULL nothing is done. .PP \&\fBEC_GROUP_clear_free()\fR is deprecated: it was meant to destroy any sensitive data -held within the \s-1EC_GROUP\s0 and then free its memory, but since all the data stored -in the \s-1EC_GROUP\s0 is public anyway, this function is unnecessary. +held within the EC_GROUP and then free its memory, but since all the data stored +in the EC_GROUP is public anyway, this function is unnecessary. Its use can be safely replaced with \fBEC_GROUP_free()\fR. -If \fIgroup\fR is \s-1NULL\s0 nothing is done. +If \fIgroup\fR is NULL nothing is done. .PP \&\fBOSSL_EC_curve_nid2name()\fR converts a curve \fInid\fR into the corresponding name. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All EC_GROUP_new* functions return a pointer to the newly constructed group, or -\&\s-1NULL\s0 on error. +NULL on error. .PP -\&\fBEC_get_builtin_curves()\fR returns the number of built-in curves that are +\&\fBEC_get_builtin_curves()\fR returns the number of built\-in curves that are available. .PP \&\fBEC_GROUP_set_curve_GFp()\fR, \fBEC_GROUP_get_curve_GFp()\fR, \fBEC_GROUP_set_curve_GF2m()\fR, \&\fBEC_GROUP_get_curve_GF2m()\fR return 1 on success or 0 on error. .PP -\&\fBOSSL_EC_curve_nid2name()\fR returns a character string constant, or \s-1NULL\s0 on error. +\&\fBOSSL_EC_curve_nid2name()\fR returns a character string constant, or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3), -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) -.SH "HISTORY" +\&\fBOSSL_LIB_CTX\fR\|(3), \fBEVP_PKEY\-EC\fR\|(7) +.SH HISTORY .IX Header "HISTORY" -.IP "\(bu" 2 +.IP \(bu 2 \&\fBEC_GROUP_new()\fR was deprecated in OpenSSL 3.0. .Sp \&\fBEC_GROUP_new_by_curve_name_ex()\fR and \fBEC_GROUP_new_from_params()\fR were added in OpenSSL 3.0. -.IP "\(bu" 2 +.IP \(bu 2 \&\fBEC_GROUP_clear_free()\fR was deprecated in OpenSSL 3.0; use \fBEC_GROUP_free()\fR instead. -.IP "\(bu" 2 +.IP \(bu 2 .Sp .Vb 3 @@ -353,11 +278,11 @@ \& EC_GROUP_set_curve_GF2m() and EC_GROUP_get_curve_GF2m() were deprecated in \& OpenSSL 3.0; use EC_GROUP_set_curve() and EC_GROUP_get_curve() instead. .Ve -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3.orig +++ secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EC_KEY_GET_ENC_FLAGS 3ossl" -.TH EC_KEY_GET_ENC_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EC_KEY_GET_ENC_FLAGS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding EC_KEY structures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,7 +74,7 @@ \& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); \& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The format of the external representation of the public key written by \&\fBi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is @@ -157,22 +82,22 @@ for a description of point_conversion_form. .PP When reading a private key encoded without an associated public key (e.g. if -\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates +EC_PKEY_NO_PUBKEY has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates the missing public key automatically. Private keys encoded without parameters -(e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using +(e.g. if EC_PKEY_NO_PARAMETERS has been used \- see below) cannot be loaded using \&\fBd2i_ECPrivateKey()\fR. .PP The functions \fBEC_KEY_get_enc_flags()\fR and \fBEC_KEY_set_enc_flags()\fR get and set the value of the encoding flags for the \fBkey\fR. There are two encoding flags -currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0 These flags -define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to -\&\fBi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for -the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is +currently defined \- EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags +define the behaviour of how the \fBkey\fR is converted into ASN1 in a call to +\&\fBi2d_ECPrivateKey()\fR. If EC_PKEY_NO_PARAMETERS is set then the public parameters for +the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is set then the public key is not encoded along with the private key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the -\&\s-1EC_KEY.\s0 +EC_KEY. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), @@ -181,11 +106,11 @@ \&\fBEC_GFp_simple_method\fR\|(3), \&\fBd2i_ECPKParameters\fR\|(3), \&\fBd2i_ECPrivateKey\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EC_KEY_new.3.orig +++ secure/lib/libcrypto/man/man3/EC_KEY_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EC_KEY_NEW 3ossl" -.TH EC_KEY_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EC_KEY_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_EC_gen, EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, @@ -153,7 +78,7 @@ EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,7 +87,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 10 @@ -205,137 +130,137 @@ \& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); \& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBEVP_EC_gen()\fR generates a new \s-1EC\s0 key pair on the given \fIcurve\fR. +\&\fBEVP_EC_gen()\fR generates a new EC key pair on the given \fIcurve\fR. .PP All of the functions described below are deprecated. Applications should instead use \fBEVP_EC_gen()\fR, \fBEVP_PKEY_Q_keygen\fR\|(3), or \&\fBEVP_PKEY_keygen_init\fR\|(3) and \fBEVP_PKEY_keygen\fR\|(3). .PP -An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private +An EC_KEY represents a public key and, optionally, the associated private key. -A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling +A new EC_KEY with no associated curve can be constructed by calling \&\fBEC_KEY_new_ex()\fR and specifying the associated library context in \fIctx\fR -(see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and property query string \fIpropq\fR. -The \fIctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +(see \fBOSSL_LIB_CTX\fR\|(3)) and property query string \fIpropq\fR. +The \fIctx\fR parameter may be NULL in which case the default library context is used. -The reference count for the newly created \s-1EC_KEY\s0 is initially +The reference count for the newly created EC_KEY is initially set to 1. -A curve can be associated with the \s-1EC_KEY\s0 by calling +A curve can be associated with the EC_KEY by calling \&\fBEC_KEY_set_group()\fR. .PP \&\fBEC_KEY_new()\fR is the same as \fBEC_KEY_new_ex()\fR except that the default library context is always used. .PP -Alternatively a new \s-1EC_KEY\s0 can be constructed by calling +Alternatively a new EC_KEY can be constructed by calling \&\fBEC_KEY_new_by_curve_name_ex()\fR and supplying the nid of the associated -curve, the library context to be used \fIctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and any +curve, the library context to be used \fIctx\fR (see \fBOSSL_LIB_CTX\fR\|(3)) and any property query string \fIpropq\fR. -The \fIctx\fR parameter may be \s-1NULL\s0 in which case the default library context is -used. The \fIpropq\fR value may also be \s-1NULL.\s0 +The \fIctx\fR parameter may be NULL in which case the default library context is +used. The \fIpropq\fR value may also be NULL. See \fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply wraps calls to \fBEC_KEY_new_ex()\fR and \&\fBEC_GROUP_new_by_curve_name_ex()\fR. .PP \&\fBEC_KEY_new_by_curve_name()\fR is the same as \fBEC_KEY_new_by_curve_name_ex()\fR -except that the default library context is always used and a \s-1NULL\s0 property query +except that the default library context is always used and a NULL property query string. .PP -Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, +Calling \fBEC_KEY_free()\fR decrements the reference count for the EC_KEY object, and if it has dropped to zero then frees the memory associated with it. If -\&\fIkey\fR is \s-1NULL\s0 nothing is done. +\&\fIkey\fR is NULL nothing is done. .PP -\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fIsrc\fR into \fIdest\fR. +\&\fBEC_KEY_copy()\fR copies the contents of the EC_KEY in \fIsrc\fR into \fIdest\fR. .PP -\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fIec_key\fR into it. +\&\fBEC_KEY_dup()\fR creates a new EC_KEY object and copies \fIec_key\fR into it. .PP -\&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 +\&\fBEC_KEY_up_ref()\fR increments the reference count associated with the EC_KEY object. .PP -\&\fBEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for -this \s-1EC_KEY\s0 object. +\&\fBEC_KEY_get0_engine()\fR returns a handle to the ENGINE that has been set for +this EC_KEY object. .PP \&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied -\&\fIeckey\fR object. \fIeckey\fR must have an \s-1EC_GROUP\s0 object associated with it +\&\fIeckey\fR object. \fIeckey\fR must have an EC_GROUP object associated with it before calling this function. The private key is a random integer (0 < priv_key -< order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is -an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the +< order, where \fIorder\fR is the order of the EC_GROUP object). The public key is +an EC_POINT on the curve calculated by multiplying the generator for the curve by the private key. .PP -\&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to +\&\fBEC_KEY_check_key()\fR performs various sanity checks on the EC_KEY object to confirm that it is valid. .PP \&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fIkey\fR based -on its affine coordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on +on its affine coordinates; i.e., it constructs an EC_POINT object based on the supplied \fIx\fR and \fIy\fR values and sets the public key to be this -\&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm +EC_POINT. It also performs certain sanity checks on the key to confirm that it is valid. .PP The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, \&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, -and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, -and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. The function -\&\fBEC_KEY_set_private_key()\fR accepts \s-1NULL\s0 as the priv_key argument to securely clear -the private key component from the \s-1EC_KEY.\s0 +and \fBEC_KEY_set_public_key()\fR get and set the EC_GROUP object, the private key, +and the EC_POINT public key for the \fBkey\fR respectively. The function +\&\fBEC_KEY_set_private_key()\fR accepts NULL as the priv_key argument to securely clear +the private key component from the EC_KEY. .PP The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the point_conversion_form for the \fIkey\fR. For a description of point_conversion_forms please see \fBEC_POINT_new\fR\|(3). .PP -\&\fBEC_KEY_set_flags()\fR sets the flags in the \fIflags\fR parameter on the \s-1EC_KEY\s0 +\&\fBEC_KEY_set_flags()\fR sets the flags in the \fIflags\fR parameter on the EC_KEY object. Any flags that are already set are left set. The flags currently -defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In -addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 -\&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 +defined are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In +addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH. +\&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this EC_KEY. \&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fIflags\fR parameter; all other flags are left in their existing state. .PP -\&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object +\&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the asn1_flag. .PP \&\fBEC_KEY_decoded_from_explicit_params()\fR returns 1 if the group of the \fIkey\fR was decoded from data with explicitly encoded group parameters, \-1 if the \fIkey\fR -is \s-1NULL\s0 or the group parameters are missing, and 0 otherwise. +is NULL or the group parameters are missing, and 0 otherwise. .PP -\&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator +\&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). Modern versions should instead switch to named curves which OpenSSL has hardcoded lookup tables for. .PP \&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions \&\fBEC_POINT_oct2point()\fR and \fBEC_POINT_point2buf()\fR except they use the public key -\&\s-1EC_POINT\s0 in \fIeckey\fR. +EC_POINT in \fIeckey\fR. .PP \&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key component of \fIeckey\fR and octet form. The octet form consists of the content -octets of the \fIprivateKey\fR \s-1OCTET STRING\s0 in an \fIECPrivateKey\fR \s-1ASN.1\s0 structure. +octets of the \fIprivateKey\fR OCTET STRING in an \fIECPrivateKey\fR ASN.1 structure. .PP The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. -Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +Calling the function with a NULL buffer will not perform the conversion but will just return the required buffer length. .PP The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes -an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fI*pbuf\fR +an EC_KEY to it in octet format. The allocated buffer is written to \fI*pbuf\fR and its length is returned. The caller must free up the allocated buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fI*pbuf\fR -the \fIpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +the \fIpbuf\fR parameter \fBMUST NOT\fR be \fBNULL\fR. .PP -\&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. +\&\fBEC_KEY_priv2buf()\fR converts an EC_KEY private key into an allocated buffer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEC_KEY_new_ex()\fR, \fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name_ex()\fR, \&\fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to the newly -created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. +created EC_KEY object, or NULL on error. .PP -\&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an +\&\fBEC_KEY_get_flags()\fR returns the flags associated with the EC_KEY object as an integer. .PP -\&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. +\&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or NULL on error. .PP -\&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. +\&\fBEC_KEY_get0_engine()\fR returns a pointer to an ENGINE, or NULL if it wasn\*(Aqt set. .PP \&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_public_key()\fR, \&\fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, \fBEC_KEY_check_key()\fR, @@ -343,14 +268,14 @@ \&\fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. .PP \&\fBEC_KEY_set_private_key()\fR returns 1 on success or 0 on error except when the -priv_key argument is \s-1NULL,\s0 in that case it returns 0, for legacy compatibility, +priv_key argument is NULL, in that case it returns 0, for legacy compatibility, and should not be treated as an error. .PP -\&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 +\&\fBEC_KEY_get0_group()\fR returns the EC_GROUP associated with the EC_KEY. .PP -\&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0 +\&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the EC_KEY. .PP -\&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0 +\&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the EC_KEY. .PP \&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_priv2oct()\fR and \fBEC_KEY_priv2buf()\fR return the length of the buffer or 0 on error. @@ -362,17 +287,17 @@ \&\fBEC_POINT_add\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \&\fBd2i_ECPKParameters\fR\|(3), -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBOSSL_LIB_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_EC_gen()\fR was added in OpenSSL 3.0. All other functions described here were deprecated in OpenSSL 3.0. -For replacement see \s-1\fBEVP_PKEY\-EC\s0\fR\|(7). -.SH "COPYRIGHT" +For replacement see \fBEVP_PKEY\-EC\fR\|(7). +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EC_POINT_add.3.orig +++ secure/lib/libcrypto/man/man3/EC_POINT_add.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EC_POINT_ADD 3ossl" -.TH EC_POINT_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EC_POINT_ADD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,7 +82,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 7 @@ -169,7 +94,7 @@ \& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); \& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR. @@ -182,18 +107,18 @@ .PP EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. .PP -The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine +The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine coordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be forced. These functions were deprecated in OpenSSL 3.0 and should no longer be used. Modern versions automatically perform this conversion when needed. .PP EC_POINT_mul calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. -The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL,\s0 and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). +The value \fBn\fR may be NULL in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be NULL, and \fBn\fR non\-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). .PP Although deprecated in OpenSSL 3.0 and should no longer be used, -EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. -When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). +EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be NULL or \fBnum\fR may be zero. +When performing a fixed point multiplication (\fBn\fR is non\-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is NULL and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). Modern versions should instead use \fBEC_POINT_mul()\fR, combined (if needed) with \fBEC_POINT_add()\fR in such rare circumstances. .PP The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst @@ -218,16 +143,16 @@ \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBEC_POINT_make_affine()\fR, \fBEC_POINTs_make_affine()\fR, \fBEC_POINTs_mul()\fR, \&\fBEC_GROUP_precompute_mult()\fR, and \fBEC_GROUP_have_precompute_mult()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EC_POINT_new.3.orig +++ secure/lib/libcrypto/man/man3/EC_POINT_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EC_POINT_NEW 3ossl" -.TH EC_POINT_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EC_POINT_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, @@ -165,7 +90,7 @@ EC_POINT_point2hex, EC_POINT_hex2point \&\- Functions for creating, destroying and manipulating EC_POINT objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -199,7 +124,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 10 @@ -238,26 +163,26 @@ \& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, \& EC_POINT *p, BN_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is +An \fBEC_POINT\fR structure represents a point on a curve. A new point is constructed by calling the function \fBEC_POINT_new()\fR and providing the \&\fBgroup\fR object that the point relates to. .PP -\&\fBEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. -if \fBpoint\fR is \s-1NULL\s0 nothing is done. +\&\fBEC_POINT_free()\fR frees the memory associated with the \fBEC_POINT\fR. +if \fBpoint\fR is NULL nothing is done. .PP -\&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and -then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. +\&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the EC_POINT and +then frees its memory. If \fBpoint\fR is NULL nothing is done. .PP \&\fBEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR -must use the same \fB\s-1EC_METHOD\s0\fR. +must use the same \fBEC_METHOD\fR. .PP -\&\fBEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from -\&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. +\&\fBEC_POINT_dup()\fR creates a new \fBEC_POINT\fR object and copies the content from +\&\fBsrc\fR to the newly created \fBEC_POINT\fR object. .PP -\&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. -This function was deprecated in OpenSSL 3.0, since \s-1EC_METHOD\s0 is no longer a +\&\fBEC_POINT_method_of()\fR obtains the \fBEC_METHOD\fR associated with \fBpoint\fR. +This function was deprecated in OpenSSL 3.0, since EC_METHOD is no longer a public concept. .PP A valid point on a curve is the special point at infinity. A point is set to @@ -267,7 +192,7 @@ position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR coordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which -may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR. +may be NULL, to the corresponding coordinates of \fBp\fR. .PP The functions \fBEC_POINT_set_affine_coordinates_GFp()\fR and \&\fBEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for @@ -307,34 +232,34 @@ \&\fBEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards compatibility only and should not be used. .PP -In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external +In addition \fBEC_POINT\fR can be converted to and from various external representations. The octet form is the binary encoding of the \fBECPoint\fR -structure (as defined in \s-1RFC5480\s0 and used in certificates and \s-1TLS\s0 records): -only the content octets are present, the \fB\s-1OCTET STRING\s0\fR tag and length are -not included. \fB\s-1BIGNUM\s0\fR form is the octet form interpreted as a big endian -integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the octet -form converted to a \s-1NULL\s0 terminated character string where each character +structure (as defined in RFC5480 and used in certificates and TLS records): +only the content octets are present, the \fBOCTET STRING\fR tag and length are +not included. \fBBIGNUM\fR form is the octet form interpreted as a big endian +integer converted to a \fBBIGNUM\fR structure. Hexadecimal form is the octet +form converted to a NULL terminated character string where each character is one of the printable values 0\-9 or A\-F (or a\-f). .PP The functions \fBEC_POINT_point2oct()\fR, \fBEC_POINT_oct2point()\fR, \fBEC_POINT_point2bn()\fR, \&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2hex()\fR and \fBEC_POINT_hex2point()\fR convert from -and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. +and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively. .PP The function \fBEC_POINT_point2oct()\fR encodes the given curve point \fBp\fR as an octet string into the buffer \fBbuf\fR of size \fBlen\fR, using the specified conversion form \fBform\fR. -The encoding conforms with Sec. 2.3.3 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve -Cryptography\*(R") standard. +The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve +Cryptography") standard. Similarly the function \fBEC_POINT_oct2point()\fR decodes a curve point into \fBp\fR from the octet string contained in the given buffer \fBbuf\fR of size \fBlen\fR, conforming -to Sec. 2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve Cryptography\*(R") standard. +to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. .PP The functions \fBEC_POINT_point2hex()\fR and \fBEC_POINT_point2bn()\fR convert a point \fBp\fR, -respectively, to the hexadecimal or \s-1BIGNUM\s0 representation of the same +respectively, to the hexadecimal or BIGNUM representation of the same encoding of the function \fBEC_POINT_point2oct()\fR. Vice versa, similarly to the function \fBEC_POINT_oct2point()\fR, the functions \&\fBEC_POINT_hex2point()\fR and \fBEC_POINT_point2bn()\fR decode the hexadecimal or -\&\s-1BIGNUM\s0 representation into the \s-1EC_POINT\s0 \fBp\fR. +BIGNUM representation into the EC_POINT \fBp\fR. .PP Notice that, according to the standard, the octet string encoding of the point at infinity for a given curve is fixed to a single octet of value zero and that, @@ -342,21 +267,21 @@ .PP The function \fBEC_POINT_point2oct()\fR must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. -Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +Calling the function with a NULL buffer will not perform the conversion but will still return the required buffer length. .PP The function \fBEC_POINT_point2buf()\fR allocates a buffer of suitable length and -writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to +writes an EC_POINT to it in octet format. The allocated buffer is written to \&\fB*pbuf\fR and its length is returned. The caller must free up the allocated buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is -written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +written to \fB*pbuf\fR the \fBpbuf\fR parameter \fBMUST NOT\fR be \fBNULL\fR. .PP The function \fBEC_POINT_point2hex()\fR will allocate sufficient memory to store the -hexadecimal string. It is the caller's responsibility to free this memory with +hexadecimal string. It is the caller\*(Aqs responsibility to free this memory with a subsequent call to \fBOPENSSL_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 +\&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated EC_POINT or NULL on error. .PP The following functions return 1 on success or 0 on error: \fBEC_POINT_copy()\fR, @@ -367,27 +292,27 @@ \&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR, \&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR and \fBEC_POINT_oct2point()\fR. .PP -EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0 +EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT. .PP \&\fBEC_POINT_point2oct()\fR and \fBEC_POINT_point2buf()\fR return the length of the required buffer or 0 on error. .PP -\&\fBEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on +\&\fBEC_POINT_point2bn()\fR returns the pointer to the BIGNUM supplied, or NULL on error. .PP -\&\fBEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +\&\fBEC_POINT_bn2point()\fR returns the pointer to the EC_POINT supplied, or NULL on error. .PP -\&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. +\&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or NULL on error. .PP -\&\fBEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +\&\fBEC_POINT_hex2point()\fR returns the pointer to the EC_POINT supplied, or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBEC_POINT_method_of()\fR, \&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR, @@ -401,11 +326,11 @@ \&\fBEC_POINT_set_affine_coordinates\fR, \fBEC_POINT_get_affine_coordinates\fR, and \fBEC_POINT_set_compressed_coordinates\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ENGINE_add.3.orig +++ secure/lib/libcrypto/man/man3/ENGINE_add.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ENGINE_ADD 3ossl" -.TH ENGINE_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ENGINE_ADD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, @@ -178,14 +103,14 @@ ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests \&\- ENGINE cryptographic module support -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 4 @@ -299,24 +224,24 @@ .Ve .PP The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& void ENGINE_cleanup(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use the provider APIs. .PP These functions create, manipulate, and use cryptographic modules in the -form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +form of \fBENGINE\fR objects. These objects act as containers for implementations of cryptographic algorithms, and support a -reference-counted mechanism to allow them to be dynamically loaded in and +reference\-counted mechanism to allow them to be dynamically loaded in and out of the running application. .PP -The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +The cryptographic functionality that can be provided by an \fBENGINE\fR implementation includes the following abstractions; .PP .Vb 6 @@ -329,82 +254,83 @@ .Ve .SS "Reference counting and handles" .IX Subsection "Reference counting and handles" -Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be +Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be treated as handles \- i.e. not only as pointers, but also as references to -the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when -making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +the underlying ENGINE object. Ie. one should obtain a new reference when +making copies of an ENGINE pointer if the copies will be used (and released) independently. .PP -\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in -which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +ENGINE objects have two levels of reference\-counting to match the way in +which the objects are used. At the most basic level, each ENGINE pointer is inherently a \fBstructural\fR reference \- a structural reference is required to use the pointer value at all, as this kind of reference is a guarantee that the structure can not be deallocated until the reference is released. .PP -However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is +However, a structural reference provides no guarantee that the ENGINE is initialised and able to use any of its cryptographic -implementations. Indeed it's quite possible that most ENGINEs will not +implementations. Indeed it\*(Aqs quite possible that most ENGINEs will not initialise at all in typical environments, as ENGINEs are typically used to -support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +support specialised hardware. To use an ENGINE\*(Aqs functionality, you need a \&\fBfunctional\fR reference. This kind of reference can be considered a specialised form of structural reference, because each functional reference implicitly contains a structural reference as well \- however to avoid -difficult-to-find programming bugs, it is recommended to treat the two +difficult\-to\-find programming bugs, it is recommended to treat the two kinds of reference independently. If you have a functional reference to an -\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised and +ENGINE, you have a guarantee that the ENGINE has been initialised and is ready to perform cryptographic operations, and will remain initialised until after you have released your reference. .PP \&\fIStructural references\fR .PP This basic type of reference is used for instantiating new ENGINEs, -iterating across OpenSSL's internal linked-list of loaded -ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural +iterating across OpenSSL\*(Aqs internal linked\-list of loaded +ENGINEs, reading information about an ENGINE, etc. Essentially a structural reference is sufficient if you only need to query or manipulate the data of -an \s-1ENGINE\s0 implementation rather than use its functionality. +an ENGINE implementation rather than use its functionality. .PP The \fBENGINE_new()\fR function returns a structural reference to a new (empty) -\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural +ENGINE object. There are other ENGINE API functions that return structural references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be released by a corresponding to call to the \fBENGINE_free()\fR function \- the -\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when -the last structural reference is released. +ENGINE object itself will only actually be cleaned up and deallocated when +the last structural reference is released. If the argument to \fBENGINE_free()\fR +is NULL, nothing is done. .PP -It should also be noted that many \s-1ENGINE API\s0 function calls that accept a +It should also be noted that many ENGINE API function calls that accept a structural reference will internally obtain another reference \- typically -this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after -the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to -OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success, +this happens whenever the supplied ENGINE will be needed by OpenSSL after +the function has returned. Eg. the function to add a new ENGINE to +OpenSSL\*(Aqs internal list is \fBENGINE_add()\fR \- if this function returns success, then OpenSSL will have stored a new structural reference internally so the caller is still responsible for freeing their own reference with \&\fBENGINE_free()\fR when they are finished with it. In a similar way, some functions will automatically release the structural reference passed to it -if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and +if part of the function\*(Aqs job is to do so. Eg. the \fBENGINE_get_next()\fR and \&\fBENGINE_get_prev()\fR functions are used for iterating across the internal -\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or -previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +ENGINE list \- they will return a new structural reference to the next (or +previous) ENGINE in the list or NULL if at the end (or beginning) of the list, but in either case the structural reference passed to the function is released on behalf of the caller. .PP -To clarify a particular function's handling of references, one should -always consult that function's documentation \*(L"man\*(R" page, or failing that +To clarify a particular function\*(Aqs handling of references, one should +always consult that function\*(Aqs documentation "man" page, or failing that the \fI\fR header file includes some hints. .PP \&\fIFunctional references\fR .PP As mentioned, functional references exist when the cryptographic -functionality of an \s-1ENGINE\s0 is required to be available. A functional +functionality of an ENGINE is required to be available. A functional reference can be obtained in one of two ways; from an existing structural -reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default -operational \s-1ENGINE\s0 for a given cryptographic purpose. +reference to the required ENGINE, or by asking OpenSSL for the default +operational ENGINE for a given cryptographic purpose. .PP To obtain a functional reference from an existing structural reference, -call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not -already operational and couldn't be successfully initialised (e.g. lack of +call the \fBENGINE_init()\fR function. This returns zero if the ENGINE was not +already operational and couldn\*(Aqt be successfully initialised (e.g. lack of system drivers, no special hardware attached, etc), otherwise it will -return nonzero to indicate that the \s-1ENGINE\s0 is now operational and will -have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional +return nonzero to indicate that the ENGINE is now operational and will +have allocated a new \fBfunctional\fR reference to the ENGINE. All functional references are released by calling \fBENGINE_finish()\fR (which removes the implicit structural reference as well). .PP @@ -413,87 +339,87 @@ \&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant -algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. +algorithm\-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc. .SS "Default implementations" .IX Subsection "Default implementations" -For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +For each supported abstraction, the ENGINE code maintains an internal table of state to control which implementations are available for a given abstraction and which should be used by default. These implementations are -registered in the tables and indexed by an 'nid' value, because -abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +registered in the tables and indexed by an \*(Aqnid\*(Aq value, because +abstractions like EVP_CIPHER and EVP_DIGEST support many distinct algorithms and modes, and ENGINEs can support arbitrarily many of them. -In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one -\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' +In the case of other abstractions like RSA, DSA, etc, there is only one +"algorithm" so all implementations implicitly register using the same \*(Aqnid\*(Aq index. .PP -When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (e.g. -when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the -\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a -functional reference to an initialised \s-1ENGINE\s0 whose implementation should be -used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller -will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the +When a default ENGINE is requested for a given abstraction/algorithm/mode, (e.g. +when calling RSA_new_method(NULL)), a "get_default" call will be made to the +ENGINE subsystem to process the corresponding state table and return a +functional reference to an initialised ENGINE whose implementation should be +used. If no ENGINE should (or can) be used, it will return NULL and the caller +will operate with a NULL ENGINE handle \- this usually equates to using the conventional software implementation. In the latter case, OpenSSL will from -then on behave the way it used to before the \s-1ENGINE API\s0 existed. +then on behave the way it used to before the ENGINE API existed. .PP Each state table has a flag to note whether it has processed this -\&\*(L"get_default\*(R" query since the table was last modified, because to process +"get_default" query since the table was last modified, because to process this question it must iterate across all the registered ENGINEs in the table trying to initialise each of them in turn, in case one of them is -operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will +operational. If it returns a functional reference to an ENGINE, it will also cache another reference to speed up processing future queries (without -needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 -response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +needing to iterate across the table). Likewise, it will cache a NULL +response if no ENGINE was available so that future queries won\*(Aqt repeat the same iteration unless the state table changes. This behaviour can also be -changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using \&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place, -instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the -\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +instead the only way for the state table to return a non\-NULL ENGINE to the +"get_default" query will be if one is expressly set in the table. Eg. \&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except -that it also sets the state table's cached response for the \*(L"get_default\*(R" -query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are -indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +that it also sets the state table\*(Aqs cached response for the "get_default" +query. In the case of abstractions like EVP_CIPHER, where implementations are +indexed by \*(Aqnid\*(Aq, these flags and cached\-responses are distinct for each \*(Aqnid\*(Aq value. .SS "Application requirements" .IX Subsection "Application requirements" This section will explain the basic things an application programmer should -support to make the most useful elements of the \s-1ENGINE\s0 functionality +support to make the most useful elements of the ENGINE functionality available to the user. The first thing to consider is whether the -programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +programmer wishes to make alternative ENGINE modules available to the application and user. OpenSSL maintains an internal linked list of -\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is -empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and +"visible" ENGINEs from which it has to operate \- at start\-up, this list is +empty and in fact if an application does not call any ENGINE API calls and it uses static linking against openssl, then the resulting application -binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first -consideration is whether any/all available \s-1ENGINE\s0 implementations should be -made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +binary will not contain any alternative ENGINE code at all. So the first +consideration is whether any/all available ENGINE implementations should be +made visible to OpenSSL \- this is controlled by calling the various "load" functions. .PP The fact that ENGINEs are made visible to OpenSSL (and thus are linked into -the program and loaded into memory at run-time) does not mean they are -\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +the program and loaded into memory at run\-time) does not mean they are +"registered" or called into use by OpenSSL automatically \- that behaviour is something for the application to control. Some applications -will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +will want to allow the user to specify exactly which ENGINE they want used if any is to be used at all. Others may prefer to load all support and have -OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +OpenSSL automatically use at run\-time any ENGINE that is able to successfully initialise \- i.e. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a couple of simple cases and leave developers to consider these and the -source code to openssl's built-in utilities as guides. +source code to openssl\*(Aqs built\-in utilities as guides. .PP -If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL +If no ENGINE API functions are called within an application, then OpenSSL will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, if any ENGINEs are loaded, even if not registered or used, it was necessary to call \fBENGINE_cleanup()\fR before the program exits. .PP -\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +\&\fIUsing a specific ENGINE implementation\fR .PP -Here we'll assume an application has been configured by its user or admin -to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of +Here we\*(Aqll assume an application has been configured by its user or admin +to want to use the "ACME" ENGINE if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be -used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operations, otherwise -OpenSSL should use its built-in software as per usual. The following code +used by default for all RSA, DSA, and symmetric cipher operations, otherwise +OpenSSL should use its built\-in software as per usual. The following code illustrates how to approach this; .PP .Vb 10 @@ -523,11 +449,11 @@ \& ENGINE_free(e); .Ve .PP -\&\fIAutomatically using built-in \s-1ENGINE\s0 implementations\fR +\&\fIAutomatically using built\-in ENGINE implementations\fR .PP -Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +Here we\*(Aqll assume we want to load and register all ENGINE implementations bundled with OpenSSL, such that for any cryptographic algorithm required by -OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialised, +OpenSSL \- if there is an ENGINE that implements it and can be initialised, it should be used. The following code illustrates how this can work; .PP .Vb 4 @@ -537,23 +463,23 @@ \& ENGINE_register_all_complete(); .Ve .PP -That's all that's required. Eg. the next time OpenSSL tries to set up an -\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to -\&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the -default for \s-1RSA\s0 use from then on. +That\*(Aqs all that\*(Aqs required. Eg. the next time OpenSSL tries to set up an +RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to +\&\fBENGINE_init()\fR and if any of those succeed, that ENGINE will be set as the +default for RSA use from then on. .SS "Advanced configuration support" .IX Subsection "Advanced configuration support" -There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each -\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration -\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on -OpenSSL. This mechanism is entirely based on the use of name-value pairs -and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +There is a mechanism supported by the ENGINE framework that allows each +ENGINE implementation to define an arbitrary set of configuration +"commands" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name\-value pairs +and assumes ASCII input (no unicode or UTF for now!), so it is ideal if applications want to provide a transparent way for users to provide -arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also -possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +arbitrary configuration "directives" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded ENGINE implementations for the names, descriptions, and input flags of their -available \*(L"control commands\*(R", providing a more flexible configuration -scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +available "control commands", providing a more flexible configuration +scheme. However, if the user is expected to know which ENGINE device he/she is using (in the case of specialised hardware, this goes without saying) then applications may not need to concern themselves with discovering the supported control commands and simply prefer to pass settings into ENGINEs @@ -565,26 +491,26 @@ implementation (which may know nothing at all specific to the host system) so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, -smart-card identifiers, passwords to initialise protected devices, +smart\-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be -passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, i.e. before +passed to an ENGINE \fBbefore\fR attempting to initialise it, i.e. before calling \fBENGINE_init()\fR. The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after \fBENGINE_init()\fR, or -in some cases both. \s-1ENGINE\s0 implementations should provide indications of -this in the descriptions attached to built-in control commands and/or in +in some cases both. ENGINE implementations should provide indications of +this in the descriptions attached to built\-in control commands and/or in external product documentation. .PP -\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +\&\fIIssuing control commands to an ENGINE\fR .PP -Let's illustrate by example; a function for which the caller supplies the -name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +Let\*(Aqs illustrate by example; a function for which the caller supplies the +name of the ENGINE it wishes to use, a table of string\-pairs for use before initialisation, and another table for use after initialisation. Note that -the string-pairs used for control commands consist of a command \*(L"name\*(R" -followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some -cases but the name can not. This function should initialise the \s-1ENGINE\s0 -(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) -and set it as the default for everything except \s-1RAND\s0 and then return a +the string\-pairs used for control commands consist of a command "name" +followed by the command "parameter" \- the parameter could be NULL in some +cases but the name can not. This function should initialise the ENGINE +(issuing the "pre" commands beforehand and the "post" commands afterwards) +and set it as the default for everything except RAND and then return a boolean success or failure. .PP .Vb 10 @@ -630,26 +556,26 @@ .PP Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can relax the semantics of the function \- if set nonzero it will only return -failure if the \s-1ENGINE\s0 supported the given command name but failed while -executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +failure if the ENGINE supported the given command name but failed while +executing it, if the ENGINE doesn\*(Aqt support the command name it will simply return success without doing anything. In this case we assume the user is -only supplying commands specific to the given \s-1ENGINE\s0 so we set this to -\&\s-1FALSE.\s0 +only supplying commands specific to the given ENGINE so we set this to +FALSE. .PP \&\fIDiscovering supported control commands\fR .PP -It is possible to discover at run-time the names, numerical-ids, descriptions -and input parameters of the control commands supported by an \s-1ENGINE\s0 using a +It is possible to discover at run\-time the names, numerical\-ids, descriptions +and input parameters of the control commands supported by an ENGINE using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -\&\s-1ENGINE,\s0 i.e. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. -\&\fI\fR defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control +ENGINE, i.e. the ENGINE\*(Aqs \fBctrl()\fR handler is not used for the control command. +\&\fI\fR defines an index, ENGINE_CMD_BASE, that all control commands implemented by ENGINEs should be numbered from. Any command value -lower than this symbol is considered a \*(L"generic\*(R" command is handled directly +lower than this symbol is considered a "generic" command is handled directly by the OpenSSL core routines. .PP -It is using these \*(L"core\*(R" control commands that one can discover the control -commands implemented by a given \s-1ENGINE,\s0 specifically the commands: +It is using these "core" control commands that one can discover the control +commands implemented by a given ENGINE, specifically the commands: .PP .Vb 9 \& ENGINE_HAS_CTRL_FUNCTION @@ -664,14 +590,14 @@ .Ve .PP Whilst these commands are automatically processed by the OpenSSL framework code, -they use various properties exposed by each \s-1ENGINE\s0 to process these -queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; -it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in -the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. -If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will -simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR -handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to -reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +they use various properties exposed by each ENGINE to process these +queries. An ENGINE has 3 properties it exposes that can affect how this behaves; +it can supply a \fBctrl()\fR handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in +the ENGINE\*(Aqs flags, and it can expose an array of control command descriptions. +If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will +simply pass all these "core" control commands directly to the ENGINE\*(Aqs \fBctrl()\fR +handler (and thus, it must have supplied one), so it is up to the ENGINE to +reply to these "discovery" commands itself. If that flag is not set, then the OpenSSL framework code will work with the following rules: .PP .Vb 9 @@ -686,17 +612,17 @@ \& all other commands proceed processing ... .Ve .PP -If the \s-1ENGINE\s0's array of control commands is empty then all other commands will -fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of -the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the -identifier of a command supported by the \s-1ENGINE\s0 and returns the next command -identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +If the ENGINE\*(Aqs array of control commands is empty then all other commands will +fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of +the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the +identifier of a command supported by the ENGINE and returns the next command +identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string name for a command and returns the corresponding identifier or fails if no such command name exists, and the remaining commands take a command identifier and return properties of the corresponding commands. All except -\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +ENGINE_CTRL_GET_FLAGS return the string length of a command name or description, or populate a supplied character buffer with a copy of the command name or -description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +description. ENGINE_CTRL_GET_FLAGS returns a bitwise\-OR\*(Aqd mask of the following possible values: .PP .Vb 4 @@ -706,37 +632,37 @@ \& ENGINE_CMD_FLAG_INTERNAL .Ve .PP -If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely informational to the caller \- this flag will prevent the command being usable -for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR. -\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration +for any higher\-level ENGINE functions such as \fBENGINE_ctrl_cmd_string()\fR. +"INTERNAL" commands are not intended to be exposed to text\-based configuration by applications, administrations, users, etc. These can support arbitrary operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the -discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 -supports certain specific commands it might want to use (e.g. application \*(L"foo\*(R" -might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R"\s0 \- -and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +discovery mechanisms simply to allow applications to determine if an ENGINE +supports certain specific commands it might want to use (e.g. application "foo" +might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" \- +and ENGINE could therefore decide whether or not to support this "foo"\-specific extension). -.SH "ENVIRONMENT" +.SH ENVIRONMENT .IX Header "ENVIRONMENT" -.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IP \fBOPENSSL_ENGINES\fR 4 .IX Item "OPENSSL_ENGINES" The path to the engines directory. -Ignored in set-user-ID and set-group-ID programs. +Ignored in set\-user\-ID and set\-group\-ID programs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \fBENGINE_get_next()\fR and \fBENGINE_get_prev()\fR -return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +return a valid \fBENGINE\fR structure or NULL if an error occurred. .PP \&\fBENGINE_add()\fR and \fBENGINE_remove()\fR return 1 on success or 0 on error. .PP -\&\fBENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBENGINE_by_id()\fR returns a valid \fBENGINE\fR structure or NULL if an error occurred. .PP \&\fBENGINE_init()\fR and \fBENGINE_finish()\fR return 1 on success or 0 on error. .PP All \fBENGINE_get_default_TYPE()\fR functions, \fBENGINE_get_cipher_engine()\fR and -\&\fBENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 +\&\fBENGINE_get_digest_engine()\fR return a valid \fBENGINE\fR structure on success or NULL if an error occurred. .PP All \fBENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. @@ -745,7 +671,7 @@ .PP \&\fBENGINE_get_table_flags()\fR returns an unsigned integer value representing the global table flags which are used to control the registration behaviour of -\&\fB\s-1ENGINE\s0\fR implementations. +\&\fBENGINE\fR implementations. .PP All \fBENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. .PP @@ -757,7 +683,7 @@ .PP \&\fBENGINE_ctrl_cmd()\fR and \fBENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. .PP -\&\fBENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error +\&\fBENGINE_new()\fR returns a valid \fBENGINE\fR structure on success or NULL if an error occurred. .PP \&\fBENGINE_free()\fR always returns 1. @@ -769,7 +695,7 @@ All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. .PP \&\fBENGINE_get_id()\fR and \fBENGINE_get_name()\fR return a string representing the identifier -and the name of the \s-1ENGINE\s0 \fBe\fR respectively. +and the name of the ENGINE \fBe\fR respectively. .PP \&\fBENGINE_get_RSA()\fR, \fBENGINE_get_DSA()\fR, \fBENGINE_get_DH()\fR and \fBENGINE_get_RAND()\fR return corresponding method structures for each algorithms. @@ -780,36 +706,36 @@ \&\fBENGINE_get_ciphers()\fR and \fBENGINE_get_digests()\fR return corresponding function pointers of the callbacks. .PP -\&\fBENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 +\&\fBENGINE_get_cipher()\fR returns a valid \fBEVP_CIPHER\fR structure on success or NULL if an error occurred. .PP -\&\fBENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an +\&\fBENGINE_get_digest()\fR returns a valid \fBEVP_MD\fR structure on success or NULL if an error occurred. .PP -\&\fBENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are -used to control various behaviours of an \s-1ENGINE.\s0 +\&\fBENGINE_get_flags()\fR returns an integer representing the ENGINE flags which are +used to control various behaviours of an ENGINE. .PP -\&\fBENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's +\&\fBENGINE_get_cmd_defns()\fR returns an \fBENGINE_CMD_DEFN\fR structure or NULL if it\*(Aqs not set. .PP -\&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR -structure on success or \s-1NULL\s0 if an error occurred. +\&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fBEVP_PKEY\fR +structure on success or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_init_crypto\fR\|(3), \fBRSA_new_method\fR\|(3), \fBDSA_new\fR\|(3), \fBDH_new\fR\|(3), \&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP \&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup done by \fBOPENSSL_cleanup()\fR and should not be used. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_GET_LIB.3.orig +++ secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3ossl" -.TH ERR_GET_LIB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_GET_LIB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_GET_LIB, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information from error codes -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,32 +77,32 @@ \& \& int ERR_FATAL_ERROR(unsigned long e); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The error code returned by \fBERR_get_error()\fR consists of a library -number and reason code. \s-1\fBERR_GET_LIB\s0()\fR -and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. +number and reason code. \fBERR_GET_LIB()\fR +and \fBERR_GET_REASON()\fR can be used to extract these. .PP -\&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. +\&\fBERR_FATAL_ERROR()\fR indicates whether a given error code is a fatal error. .PP The library number describes where the error occurred, the reason code is the information about what went wrong. .PP -Each sub-library of OpenSSL has a unique library number; the -reason code is unique within each sub-library. Note that different +Each sub\-library of OpenSSL has a unique library number; the +reason code is unique within each sub\-library. Note that different libraries may use the same value to signal different reasons. .PP -\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally -unique. However, when checking for sub-library specific reason codes, +\&\fBERR_R_...\fR reason codes such as \fBERR_R_MALLOC_FAILURE\fR are globally +unique. However, when checking for sub\-library specific reason codes, be sure to also compare the library number. .PP -\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR are macros. +\&\fBERR_GET_LIB()\fR, \fBERR_GET_REASON()\fR, and \fBERR_FATAL_ERROR()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The library number, reason code, and whether the error is fatal, respectively. Starting with OpenSSL 3.0.0, the function code is always set to zero. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Applications should not make control flow decisions based on specific error codes. Error codes are subject to change at any time (even in patch releases of @@ -187,16 +112,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -\&\s-1\fBERR_GET_LIB\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in all versions of OpenSSL. +\&\fBERR_GET_LIB()\fR and \fBERR_GET_REASON()\fR are available in all versions of OpenSSL. .PP -\&\s-1\fBERR_GET_FUNC\s0()\fR was removed in OpenSSL 3.0. -.SH "COPYRIGHT" +\&\fBERR_GET_FUNC()\fR was removed in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_clear_error.3.orig +++ secure/lib/libcrypto/man/man3/ERR_clear_error.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,98 +53,39 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_CLEAR_ERROR 3ossl" -.TH ERR_CLEAR_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_CLEAR_ERROR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_clear_error \- clear the error queue -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void ERR_clear_error(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBERR_clear_error()\fR empties the current thread's error queue. +\&\fBERR_clear_error()\fR empties the current thread\*(Aqs error queue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_clear_error()\fR has no return value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_error_string.3.orig +++ secure/lib/libcrypto/man/man3/ERR_error_string.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_ERROR_STRING 3ossl" -.TH ERR_ERROR_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_ERROR_STRING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable error message -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,19 +84,19 @@ .Vb 1 \& const char *ERR_func_error_string(unsigned long e); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBERR_error_string()\fR generates a human-readable string representing the +\&\fBERR_error_string()\fR generates a human\-readable string representing the error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 -bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a +bytes long. If \fIbuf\fR is \fBNULL\fR, the error string is placed in a static buffer. -Note that this function is not thread-safe and does no checks on the size +Note that this function is not thread\-safe and does no checks on the size of the buffer; use \fBERR_error_string_n()\fR instead. .PP \&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes at most \fIlen\fR characters (including the terminating 0) and truncates the string if necessary. -For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fBNULL\fR. .PP The string will have the following format: .PP @@ -180,7 +105,7 @@ .Ve .PP \&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR and -\&\fIreason string\fR are \s-1ASCII\s0 text. +\&\fIreason string\fR are ASCII text. .PP \&\fBERR_lib_error_string()\fR and \fBERR_reason_error_string()\fR return the library name and reason string respectively. @@ -193,24 +118,24 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_error_string()\fR returns a pointer to a static buffer containing the -string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. +string if \fIbuf\fR \fB== NULL\fR, \fIbuf\fR otherwise. .PP \&\fBERR_lib_error_string()\fR and \fBERR_reason_error_string()\fR return the strings, -and \fB\s-1NULL\s0\fR if none is registered for the error code. +and \fBNULL\fR if none is registered for the error code. .PP -\&\fBERR_func_error_string()\fR returns \s-1NULL.\s0 +\&\fBERR_func_error_string()\fR returns NULL. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBERR_print_errors\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBERR_func_error_string()\fR became deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_get_error.3.orig +++ secure/lib/libcrypto/man/man3/ERR_get_error.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_GET_ERROR 3ossl" -.TH ERR_GET_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_GET_ERROR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_peek_error_func, ERR_peek_last_error_func, @@ -146,7 +71,7 @@ ERR_get_error_all, ERR_peek_error_all, ERR_peek_last_error_all, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data \&\- obtain error code and data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -176,7 +101,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 7 @@ -188,30 +113,30 @@ \& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, \& const char **data, int *flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBERR_get_error()\fR returns the earliest error code from the thread's error +\&\fBERR_get_error()\fR returns the earliest error code from the thread\*(Aqs error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. .PP -\&\fBERR_peek_error()\fR returns the earliest error code from the thread's +\&\fBERR_peek_error()\fR returns the earliest error code from the thread\*(Aqs error queue without modifying it. .PP -\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's +\&\fBERR_peek_last_error()\fR returns the latest error code from the thread\*(Aqs error queue without modifying it. .PP -See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining further specific information +See \fBERR_GET_LIB\fR\|(3) for obtaining further specific information such as the reason of the error, -and \fBERR_error_string\fR\|(3) for human-readable error messages. +and \fBERR_error_string\fR\|(3) for human\-readable error messages. .PP \&\fBERR_get_error_all()\fR is the same as \fBERR_get_error()\fR, but on success it additionally stores the filename, line number and function where the error occurred in *\fIfile\fR, *\fIline\fR and *\fIfunc\fR, and also extra text and flags -in *\fIdata\fR, *\fIflags\fR. If any of those parameters are \s-1NULL,\s0 it will not +in *\fIdata\fR, *\fIflags\fR. If any of those parameters are NULL, it will not be changed. -An unset filename is indicated as "\*(L", i.e. an empty string. +An unset filename is indicated as "", i.e. an empty string. An unset line number is indicated as 0. -An unset function name is indicated as \*(R"", i.e. an empty string. +An unset function name is indicated as "", i.e. an empty string. .PP A pointer returned this way by these functions and the ones below is valid until the respective entry is overwritten in the error queue. @@ -219,23 +144,23 @@ \&\fBERR_peek_error_line()\fR and \fBERR_peek_last_error_line()\fR are the same as \&\fBERR_peek_error()\fR and \fBERR_peek_last_error()\fR, but on success they additionally store the filename and line number where the error occurred in *\fIfile\fR and -*\fIline\fR, as far as they are not \s-1NULL.\s0 +*\fIline\fR, as far as they are not NULL. An unset filename is indicated as "", i.e., an empty string. An unset line number is indicated as 0. .PP \&\fBERR_peek_error_func()\fR and \fBERR_peek_last_error_func()\fR are the same as \&\fBERR_peek_error()\fR and \fBERR_peek_last_error()\fR, but on success they additionally store the name of the function where the error occurred in *\fIfunc\fR, unless -it is \s-1NULL.\s0 +it is NULL. An unset function name is indicated as "". .PP \&\fBERR_peek_error_data()\fR and \fBERR_peek_last_error_data()\fR are the same as \&\fBERR_peek_error()\fR and \fBERR_peek_last_error()\fR, but on success they additionally store additional data and flags associated with the error code in *\fIdata\fR -and *\fIflags\fR, as far as they are not \s-1NULL.\s0 +and *\fIflags\fR, as far as they are not NULL. Unset data is indicated as "". In this case the value given for the flag is irrelevant (and equals 0). -*\fIdata\fR contains a string if *\fIflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. +*\fIdata\fR contains a string if *\fIflags\fR&\fBERR_TXT_STRING\fR is true. .PP \&\fBERR_peek_error_all()\fR and \fBERR_peek_last_error_all()\fR are combinations of all of the above. @@ -245,7 +170,7 @@ \&\fBERR_peek_error_all()\fR and \fBERR_peek_last_error_all()\fR, and may give confusing results. They should no longer be used and are therefore deprecated. .PP -An application \fB\s-1MUST NOT\s0\fR free the *\fIdata\fR pointer (or any other pointers +An application \fBMUST NOT\fR free the *\fIdata\fR pointer (or any other pointers returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled automatically by the error library. .SH "RETURN VALUES" @@ -254,8 +179,8 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_error_string\fR\|(3), -\&\s-1\fBERR_GET_LIB\s0\fR\|(3) -.SH "HISTORY" +\&\fBERR_GET_LIB\fR\|(3) +.SH HISTORY .IX Header "HISTORY" \&\fBERR_peek_error_func()\fR, \fBERR_peek_last_error_func()\fR, \&\fBERR_peek_error_data()\fR, \fBERR_peek_last_error_data()\fR, @@ -264,11 +189,11 @@ .PP \&\fBERR_get_error_line()\fR, \fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and \fBERR_peek_last_error_line_data()\fR became deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3.orig +++ secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_LOAD_CRYPTO_STRINGS 3ossl" -.TH ERR_LOAD_CRYPTO_STRINGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_LOAD_CRYPTO_STRINGS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- load and free error strings -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" The following functions have been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -157,7 +82,7 @@ \& \& void SSL_load_error_strings(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBERR_load_crypto_strings()\fR registers the error strings for all \&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same, @@ -172,16 +97,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_error_string\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and \&\fBERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by \&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_load_strings.3.orig +++ secure/lib/libcrypto/man/man3/ERR_load_strings.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_LOAD_STRINGS 3ossl" -.TH ERR_LOAD_STRINGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_LOAD_STRINGS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error strings -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& \& unsigned long ERR_PACK(int lib, int func, int reason); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR. .PP @@ -167,8 +92,8 @@ .Ve .PP The error code is generated from the library number and a function and -reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). -\&\s-1\fBERR_PACK\s0()\fR is a macro. +reason code: \fBerror\fR = ERR_PACK(\fBlib\fR, \fBfunc\fR, \fBreason\fR). +\&\fBERR_PACK()\fR is a macro. .PP The last entry in the array is {0,0}. .PP @@ -176,17 +101,17 @@ to user libraries at run time. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBERR_load_strings()\fR returns 1 for success and 0 for failure. \s-1\fBERR_PACK\s0()\fR returns the error code. +\&\fBERR_load_strings()\fR returns 1 for success and 0 for failure. \fBERR_PACK()\fR returns the error code. \&\fBERR_get_next_error_library()\fR returns zero on failure, otherwise a new library number. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_load_strings\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_new.3.orig +++ secure/lib/libcrypto/man/man3/ERR_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_NEW 3ossl" -.TH ERR_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_new, ERR_set_debug, ERR_set_error, ERR_vset_error \&\- Error recording building blocks -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,17 +76,17 @@ \& void ERR_set_error(int lib, int reason, const char *fmt, ...); \& void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functions described here are generally not used directly, but rather through macros such as \fBERR_raise\fR\|(3). They can still be useful for anyone that wants to make their own macros. .PP -\&\fBERR_new()\fR allocates a new slot in the thread's error queue. +\&\fBERR_new()\fR allocates a new slot in the thread\*(Aqs error queue. .PP \&\fBERR_set_debug()\fR sets the debug information related to the current -error in the thread's error queue. +error in the thread\*(Aqs error queue. The values that can be given are the filename \fIfile\fR, line in the file \fIline\fR and the name of the function \fIfunc\fR where the error occurred. @@ -181,7 +106,7 @@ .IX Header "RETURN VALUES" ERR_new, ERR_set_debug, ERR_set_error and ERR_vset_error do not return any values. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The library number is unique to each unit that records errors. OpenSSL has a number of preallocated ones for its own uses, but @@ -199,11 +124,11 @@ .IX Header "SEE ALSO" \&\fBERR_raise\fR\|(3), \fBERR_get_next_error_library\fR\|(3), \&\fBERR_load_strings\fR\|(3), \fBBIO_snprintf\fR\|(3), \fBprovider\-base\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_print_errors.3.orig +++ secure/lib/libcrypto/man/man3/ERR_print_errors.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_PRINT_ERRORS 3ossl" -.TH ERR_PRINT_ERRORS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_PRINT_ERRORS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error messages -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,14 +76,14 @@ \& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), \& void *u); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBERR_print_errors()\fR is a convenience function that prints the error strings for all errors that OpenSSL has recorded to \fBbp\fR, thus emptying the error queue. .PP \&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a -\&\fB\s-1FILE\s0\fR. +\&\fBFILE\fR. .PP \&\fBERR_print_errors_cb()\fR is the same, except that the callback function, \&\fBcb\fR, is called for each error line with the string, length, and userdata @@ -171,7 +96,7 @@ .Ve .PP \&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, -\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional +\&\fIfunction name\fR and \fIreason string\fR are ASCII text, as is \fIoptional text message\fR if one was set for the respective error code. .PP If there is no text string registered for the given error code, @@ -183,11 +108,11 @@ .IX Header "SEE ALSO" \&\fBERR_error_string\fR\|(3), \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_put_error.3.orig +++ secure/lib/libcrypto/man/man3/ERR_put_error.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_PUT_ERROR 3ossl" -.TH ERR_PUT_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_PUT_ERROR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_raise, ERR_raise_data, ERR_put_error, ERR_add_error_data, ERR_add_error_vdata, ERR_add_error_txt, ERR_add_error_mem_bio \&\- record an error -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,15 +83,15 @@ .Ve .PP The following function has been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& void ERR_put_error(int lib, int func, int reason, const char *file, int line); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBERR_raise()\fR adds a new error to the thread's error queue. The +\&\fBERR_raise()\fR adds a new error to the thread\*(Aqs error queue. The error occurred in the library \fBlib\fR for the reason given by the \&\fBreason\fR code. Furthermore, the name of the file, the line, and name of the function where the error occurred is saved with the error @@ -176,7 +101,7 @@ caller specify additional information as a format string \fBfmt\fR and an arbitrary number of values, which are processed with \fBBIO_snprintf\fR\|(3). .PP -\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It +\&\fBERR_put_error()\fR adds an error code to the thread\*(Aqs error queue. It signals that the error of reason code \fBreason\fR occurred in function \&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. This function is usually called by a macro. @@ -189,53 +114,53 @@ .PP \&\fBERR_add_error_txt()\fR appends the given text string as additional data to the last error queue entry, after inserting the optional separator string if it is -not \s-1NULL\s0 and the top error entry does not yet have additional data. +not NULL and the top error entry does not yet have additional data. In case the separator is at the end of the text it is not appended to the data. -The \fBsep\fR argument may be for instance \*(L"\en\*(R" to insert a line break when needed. +The \fBsep\fR argument may be for instance "\en" to insert a line break when needed. If the associated data would become more than 4096 characters long (which is the limit given above) it is split over sufficiently many new copies of the last error queue entry. .PP \&\fBERR_add_error_mem_bio()\fR is the same as \fBERR_add_error_txt()\fR except that -the text string is taken from the given memory \s-1BIO.\s0 -It appends '\e0' to the \s-1BIO\s0 contents if not already NUL-terminated. +the text string is taken from the given memory BIO. +It appends \*(Aq\e0\*(Aq to the BIO contents if not already NUL\-terminated. .PP \&\fBERR_load_strings\fR\|(3) can be used to register -error strings so that the application can a generate human-readable +error strings so that the application can a generate human\-readable error messages for the error code. .SS "Reporting errors" .IX Subsection "Reporting errors" \fIOpenSSL library reports\fR .IX Subsection "OpenSSL library reports" .PP -Each OpenSSL sub-library has library code \fB\s-1ERR_LIB_XXX\s0\fR and has its own set -of reason codes \fB\s-1XXX_R_...\s0\fR. These are both passed in combination to +Each OpenSSL sub\-library has library code \fBERR_LIB_XXX\fR and has its own set +of reason codes \fBXXX_R_...\fR. These are both passed in combination to \&\fBERR_raise()\fR and \fBERR_raise_data()\fR, and the combination ultimately produces the correct error text for the reported error. .PP All these macros and the numbers they have as values are specific to -OpenSSL's libraries. OpenSSL reason codes normally consist of textual error +OpenSSL\*(Aqs libraries. OpenSSL reason codes normally consist of textual error descriptions. For example, the function \fBssl3_read_bytes()\fR reports a -\&\*(L"handshake failure\*(R" as follows: +"handshake failure" as follows: .PP .Vb 1 \& ERR_raise(ERR_LIB_SSL, SSL_R_SSL_HANDSHAKE_FAILURE); .Ve .PP There are two exceptions: -.IP "\fB\s-1ERR_LIB_SYS\s0\fR" 4 +.IP \fBERR_LIB_SYS\fR 4 .IX Item "ERR_LIB_SYS" -This \*(L"library code\*(R" indicates that a system error is being reported. In +This "library code" indicates that a system error is being reported. In this case, the reason code given to \fBERR_raise()\fR and \fBERR_raise_data()\fR \fImust\fR be \fBerrno\fR\|(3). .Sp .Vb 1 \& ERR_raise(ERR_LIB_SYS, errno); .Ve -.IP "\fB\s-1ERR_R_XXX\s0\fR" 4 +.IP \fBERR_R_XXX\fR 4 .IX Item "ERR_R_XXX" This set of error codes is considered global, and may be used in combination -with any sub-library code. +with any sub\-library code. .Sp .Vb 1 \& ERR_raise(ERR_LIB_RSA, ERR_R_PASSED_INVALID_ARGUMENT); @@ -244,26 +169,26 @@ \fIOther pieces of software\fR .IX Subsection "Other pieces of software" .PP -Other pieces of software that may want to use OpenSSL's error reporting +Other pieces of software that may want to use OpenSSL\*(Aqs error reporting system, such as engines or applications, must normally get their own numbers. -.IP "\(bu" 4 -To get a \*(L"library\*(R" code, call \fBERR_get_next_error_library\fR\|(3); this gives +.IP \(bu 4 +To get a "library" code, call \fBERR_get_next_error_library\fR\|(3); this gives the calling code a dynamic number, usable for the duration of the process. -.IP "\(bu" 4 -Reason codes for each such \*(L"library\*(R" are determined or generated by the +.IP \(bu 4 +Reason codes for each such "library" are determined or generated by the authors of that code. They must be numbers in the range 1 to 524287 (in other words, they must be nonzero unsigned 18 bit integers). .PP -The exceptions mentioned in \*(L"OpenSSL library reports\*(R" above are valid for -other pieces of software, i.e. they may use \fB\s-1ERR_LIB_SYS\s0\fR to report system +The exceptions mentioned in "OpenSSL library reports" above are valid for +other pieces of software, i.e. they may use \fBERR_LIB_SYS\fR to report system errors: .PP .Vb 1 \& ERR_raise(ERR_LIB_SYS, errno); .Ve .PP -\&... and they may use \fB\s-1ERR_R_XXX\s0\fR macros together with their own \*(L"library\*(R" +\&... and they may use \fBERR_R_XXX\fR macros together with their own "library" code. .PP .Vb 1 @@ -279,21 +204,21 @@ \&\fBERR_add_error_data()\fR, \fBERR_add_error_vdata()\fR \&\fBERR_add_error_txt()\fR, and \fBERR_add_error_mem_bio()\fR return no values. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBERR_raise()\fR, \fBERR_raise()\fR and \fBERR_put_error()\fR are implemented as macros. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_load_strings\fR\|(3), \fBERR_get_next_error_library\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" ERR_raise, ERR_raise_data, \fBERR_add_error_txt()\fR and \fBERR_add_error_mem_bio()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_remove_state.3.orig +++ secure/lib/libcrypto/man/man3/ERR_remove_state.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_REMOVE_STATE 3ossl" -.TH ERR_REMOVE_STATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_REMOVE_STATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_remove_thread_state, ERR_remove_state \- DEPRECATED -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" The following function has been deprecated since OpenSSL 1.0.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -151,13 +76,13 @@ .Ve .PP The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& void ERR_remove_thread_state(void *tid); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBERR_remove_state()\fR frees the error queue associated with the specified thread, identified by \fBtid\fR. @@ -169,16 +94,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" L\fBOPENSSL_init_crypto\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and \&\fBERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions and should not be used. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/ERR_set_mark.3.orig +++ secure/lib/libcrypto/man/man3/ERR_set_mark.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "ERR_SET_MARK 3ossl" -.TH ERR_SET_MARK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH ERR_SET_MARK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ERR_set_mark, ERR_clear_last_mark, ERR_pop_to_mark \&\- set mark, clear mark and pop errors until mark -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,7 +75,7 @@ \& int ERR_pop_to_mark(void); \& int ERR_clear_last_mark(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there is one. @@ -165,11 +90,11 @@ .PP \&\fBERR_clear_last_mark()\fR and \fBERR_pop_to_mark()\fR return 0 if there was no mark in the error stack, which implies that the stack became empty, otherwise 1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2003\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_ASYM_CIPHER_free.3.orig +++ secure/lib/libcrypto/man/man3/EVP_ASYM_CIPHER_free.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_ASYM_CIPHER_FREE 3ossl" -.TH EVP_ASYM_CIPHER_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_ASYM_CIPHER_FREE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_get0_provider, EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all, EVP_ASYM_CIPHER_get0_name, EVP_ASYM_CIPHER_get0_description, EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params \&\- Functions to manage EVP_ASYM_CIPHER algorithm objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -168,27 +93,27 @@ \& const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip); \& const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_ASYM_CIPHER_fetch()\fR fetches the implementation for the given \&\fBalgorithm\fR from any provider offering it, within the criteria given by the \fBproperties\fR and in the scope of the given library context \fBctx\fR (see -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). The algorithm will be one offering functions for performing +\&\fBOSSL_LIB_CTX\fR\|(3)). The algorithm will be one offering functions for performing asymmetric cipher related tasks such as asymmetric encryption and decryption. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .PP The returned value must eventually be freed with \fBEVP_ASYM_CIPHER_free()\fR. .PP -\&\fBEVP_ASYM_CIPHER_free()\fR decrements the reference count for the \fB\s-1EVP_ASYM_CIPHER\s0\fR +\&\fBEVP_ASYM_CIPHER_free()\fR decrements the reference count for the \fBEVP_ASYM_CIPHER\fR structure. Typically this structure will have been obtained from an earlier call to \fBEVP_ASYM_CIPHER_fetch()\fR. If the reference count drops to 0 then the -structure is freed. +structure is freed. If the argument is NULL, nothing is done. .PP \&\fBEVP_ASYM_CIPHER_up_ref()\fR increments the reference count for an -\&\fB\s-1EVP_ASYM_CIPHER\s0\fR structure. +\&\fBEVP_ASYM_CIPHER\fR structure. .PP \&\fBEVP_ASYM_CIPHER_is_a()\fR returns 1 if \fIcipher\fR is an implementation of an -algorithm that's identifiable with \fIname\fR, otherwise 0. +algorithm that\*(Aqs identifiable with \fIname\fR, otherwise 0. .PP \&\fBEVP_ASYM_CIPHER_get0_provider()\fR returns the provider that \fIcipher\fR was fetched from. @@ -212,13 +137,13 @@ discretion of the \fIcipher\fR implementation. .PP \&\fBEVP_ASYM_CIPHER_gettable_ctx_params()\fR and \fBEVP_ASYM_CIPHER_settable_ctx_params()\fR -return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +return a constant \fBOSSL_PARAM\fR\|(3) array that describes the names and types of key parameters that can be retrieved or set by a key encryption algorithm using \&\fBEVP_PKEY_CTX_get_params\fR\|(3) and \fBEVP_PKEY_CTX_set_params\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_ASYM_CIPHER_fetch()\fR returns a pointer to an \fB\s-1EVP_ASYM_CIPHER\s0\fR for success -or \fB\s-1NULL\s0\fR for failure. +\&\fBEVP_ASYM_CIPHER_fetch()\fR returns a pointer to an \fBEVP_ASYM_CIPHER\fR for success +or \fBNULL\fR for failure. .PP \&\fBEVP_ASYM_CIPHER_up_ref()\fR returns 1 for success or 0 otherwise. .PP @@ -226,18 +151,18 @@ names. A return value of 0 means that the callback was not called for any names. .PP \&\fBEVP_ASYM_CIPHER_gettable_ctx_params()\fR and \fBEVP_ASYM_CIPHER_settable_ctx_params()\fR -return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or \s-1NULL\s0 on error. +return a constant \fBOSSL_PARAM\fR\|(3) array or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), \s-1\fBOSSL_PROVIDER\s0\fR\|(3) -.SH "HISTORY" +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7), \fBOSSL_PROVIDER\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_BytesToKey.3.orig +++ secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_BYTESTOKEY 3ossl" -.TH EVP_BYTESTOKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_BYTESTOKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_BytesToKey \- password based encryption routine -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,16 +75,16 @@ \& const unsigned char *data, int datal, int count, \& unsigned char *key, unsigned char *iv); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is -the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +\&\fBEVP_BytesToKey()\fR derives a key and IV from various parameters. \fBtype\fR is +the cipher to derive the key and IV for. \fBmd\fR is the message digest to use. The \fBsalt\fR parameter is used as a salt in the derivation: it should point to -an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +an 8 byte buffer or NULL if no salt is used. \fBdata\fR is a buffer containing \&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the -iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +iteration count to use. The derived key and IV will be written to \fBkey\fR and \fBiv\fR respectively. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" A typical application of this function is to derive keying material for an encryption algorithm from a password in the \fBdata\fR parameter. @@ -168,43 +93,43 @@ harder for an attacker to perform a brute force attack using a large number of candidate passwords. .PP -If the total key and \s-1IV\s0 length is less than the digest length and -\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +If the total key and IV length is less than the digest length and +\&\fBMD5\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data. .PP -Newer applications should use a more modern algorithm such as \s-1PBKDF2\s0 as -defined in PKCS#5v2.1 and provided by \s-1PKCS5_PBKDF2_HMAC.\s0 +Newer applications should use a more modern algorithm such as PBKDF2 as +defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC. .SH "KEY DERIVATION ALGORITHM" .IX Header "KEY DERIVATION ALGORITHM" -The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until -enough data is available for the key and \s-1IV.\s0 D_i is defined as: +The key and IV is derived by concatenating D_1, D_2, etc until +enough data is available for the key and IV. D_i is defined as: .PP .Vb 1 \& D_i = HASH^count(D_(i\-1) || data || salt) .Ve .PP -where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest -algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) -is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +where || denotes concatenation, D_0 is empty, HASH is the digest +algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) +is HASH(HASH(data)) and so on. .PP The initial bytes are used for the key and the subsequent bytes for -the \s-1IV.\s0 +the IV. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes +If \fBdata\fR is NULL, then \fBEVP_BytesToKey()\fR returns the number of bytes needed to store the derived key. Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes, or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), -\&\s-1\fBPKCS5_PBKDF2_HMAC\s0\fR\|(3), +\&\fBPKCS5_PBKDF2_HMAC\fR\|(3), \&\fBEVP_EncryptInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- /dev/null +++ secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_app_data.3 @@ -0,0 +1,96 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_CTX_GET_APP_DATA 3ossl" +.TH EVP_CIPHER_CTX_GET_APP_DATA 3ossl 2026-04-07 3.0.20 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data \- Routines to +inspect and modify application data related to EVP_CIPHER_CTX +.SH SYNOPSIS +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +.Ve +.SH DESCRIPTION +.IX Header "DESCRIPTION" +The functions \fBEVP_CIPHER_CTX_set_app_data()\fR and \fBEVP_CIPHER_CTX_get_app_data()\fR +associate an opaque, application\-defined pointer with an EVP_CIPHER_CTX object. +.PP +This pointer is not interpreted by the library and is reserved entirely for use +by the application. It may be used to store arbitrary context or state that +needs to be accessible wherever the corresponding EVP_CIPHER_CTX is available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBEVP_CIPHER_CTX_get_app_data()\fR function returns a opaque pointer to the +current application data for the EVP_CIPHER_CTX. +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2026 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +. --- secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3.orig +++ secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3ossl" -.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to inspect and modify EVP_CIPHER_CTX objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,10 +74,10 @@ \& void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); \& void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher -data relevant to \s-1EVP_CIPHER_CTX.\s0 The contents of this data is specific to the +data relevant to EVP_CIPHER_CTX. The contents of this data is specific to the particular implementation of the cipher. For example this data can be used by engines to store engine specific information. The data is automatically allocated and freed by OpenSSL, so applications and engines should not normally @@ -165,19 +90,19 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current -cipher data for the \s-1EVP_CIPHER_CTX.\s0 +cipher data for the EVP_CIPHER_CTX. .PP The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old -cipher data for the \s-1EVP_CIPHER_CTX.\s0 -.SH "HISTORY" +cipher data for the EVP_CIPHER_CTX. +.SH HISTORY .IX Header "HISTORY" The \fBEVP_CIPHER_CTX_get_cipher_data()\fR and \fBEVP_CIPHER_CTX_set_cipher_data()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_original_iv.3.orig +++ secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_original_iv.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER_CTX_GET_ORIGINAL_IV 3ossl" -.TH EVP_CIPHER_CTX_GET_ORIGINAL_IV 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER_CTX_GET_ORIGINAL_IV 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER_CTX_get_original_iv, EVP_CIPHER_CTX_get_updated_iv, EVP_CIPHER_CTX_iv, EVP_CIPHER_CTX_original_iv, EVP_CIPHER_CTX_iv_noconst \- Routines to inspect EVP_CIPHER_CTX IV data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -160,26 +85,26 @@ \& const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); \& unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_CIPHER_CTX_get_original_iv()\fR and \fBEVP_CIPHER_CTX_get_updated_iv()\fR copy -initialization vector (\s-1IV\s0) information from the \fB\s-1EVP_CIPHER_CTX\s0\fR into the -caller-supplied buffer. \fBEVP_CIPHER_CTX_get_iv_length\fR\|(3) can be used to +initialization vector (IV) information from the \fBEVP_CIPHER_CTX\fR into the +caller\-supplied buffer. \fBEVP_CIPHER_CTX_get_iv_length\fR\|(3) can be used to determine an appropriate buffer size, and if the supplied buffer is too small, an error will be returned (and no data copied). -\&\fBEVP_CIPHER_CTX_get_original_iv()\fR accesses the (\*(L"original\*(R") \s-1IV\s0 that was -supplied when the \fB\s-1EVP_CIPHER_CTX\s0\fR was initialized, and -\&\fBEVP_CIPHER_CTX_get_updated_iv()\fR accesses the current \*(L"\s-1IV\s0 state\*(R" +\&\fBEVP_CIPHER_CTX_get_original_iv()\fR accesses the ("original") IV that was +supplied when the \fBEVP_CIPHER_CTX\fR was initialized, and +\&\fBEVP_CIPHER_CTX_get_updated_iv()\fR accesses the current "IV state" of the cipher, which is updated during cipher operation for certain cipher modes -(e.g., \s-1CBC\s0 and \s-1OFB\s0). +(e.g., CBC and OFB). .PP The functions \fBEVP_CIPHER_CTX_iv()\fR, \fBEVP_CIPHER_CTX_original_iv()\fR, and \&\fBEVP_CIPHER_CTX_iv_noconst()\fR are deprecated functions that provide similar (at a conceptual level) functionality. \fBEVP_CIPHER_CTX_iv()\fR returns a pointer to -the beginning of the \*(L"\s-1IV\s0 state\*(R" as maintained internally in the -\&\fB\s-1EVP_CIPHER_CTX\s0\fR; \fBEVP_CIPHER_CTX_original_iv()\fR returns a pointer to the -beginning of the (\*(L"original\*(R") \s-1IV,\s0 as maintained by the \fB\s-1EVP_CIPHER_CTX\s0\fR, that -was provided when the \fB\s-1EVP_CIPHER_CTX\s0\fR was initialized; and +the beginning of the "IV state" as maintained internally in the +\&\fBEVP_CIPHER_CTX\fR; \fBEVP_CIPHER_CTX_original_iv()\fR returns a pointer to the +beginning of the ("original") IV, as maintained by the \fBEVP_CIPHER_CTX\fR, that +was provided when the \fBEVP_CIPHER_CTX\fR was initialized; and \&\fBEVP_CIPHER_CTX_get_iv_noconst()\fR is the same as \fBEVP_CIPHER_CTX_iv()\fR but has a different return type for the pointer. .SH "RETURN VALUES" @@ -188,9 +113,9 @@ on success and 0 on failure. .PP The functions \fBEVP_CIPHER_CTX_iv()\fR, \fBEVP_CIPHER_CTX_original_iv()\fR, and -\&\fBEVP_CIPHER_CTX_iv_noconst()\fR return a pointer to an \s-1IV\s0 as an array of bytes on -success, and \s-1NULL\s0 on failure. -.SH "HISTORY" +\&\fBEVP_CIPHER_CTX_iv_noconst()\fR return a pointer to an IV as an array of bytes on +success, and NULL on failure. +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_CIPHER_CTX_get_original_iv()\fR and \fBEVP_CIPHER_CTX_get_updated_iv()\fR were added in OpenSSL 3.0.0. @@ -198,11 +123,11 @@ \&\fBEVP_CIPHER_CTX_iv()\fR, \fBEVP_CIPHER_CTX_original_iv()\fR, and \&\fBEVP_CIPHER_CTX_iv_noconst()\fR were added in OpenSSL 1.1.0, and were deprecated in OpenSSL 3.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3.orig +++ secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER_METH_NEW 3ossl" -.TH EVP_CIPHER_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER_METH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, @@ -149,14 +74,14 @@ EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl \&\- Routines to build up EVP_CIPHER methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -206,101 +131,102 @@ \& int type, int arg, \& void *ptr); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. -Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +Applications should instead use the OSSL_PROVIDER APIs. .PP -The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method +The \fBEVP_CIPHER\fR type is a structure for symmetric cipher method implementation. .PP -\&\fBEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. +\&\fBEVP_CIPHER_meth_new()\fR creates a new \fBEVP_CIPHER\fR structure. .PP \&\fBEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. .PP -\&\fBEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. +\&\fBEVP_CIPHER_meth_free()\fR destroys a \fBEVP_CIPHER\fR structure. +If the argument is NULL, nothing is done. .PP -\&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0 +\&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the IV. This is only needed when the implemented cipher mode requires it. .PP \&\fBEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional behaviours in the particular \fBcipher\fR. With the exception of cipher modes, of which only one may be present, -several flags can be or'd together. +several flags can be or\*(Aqd together. The available flags are: -.IP "\s-1EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE\s0" 4 +.IP "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE" 4 .IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE" The cipher mode. -.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 +.IP EVP_CIPH_VARIABLE_LENGTH 4 .IX Item "EVP_CIPH_VARIABLE_LENGTH" This cipher is of variable length. -.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 +.IP EVP_CIPH_CUSTOM_IV 4 .IX Item "EVP_CIPH_CUSTOM_IV" -Storing and initialising the \s-1IV\s0 is left entirely to the +Storing and initialising the IV is left entirely to the implementation. -.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 +.IP EVP_CIPH_ALWAYS_CALL_INIT 4 .IX Item "EVP_CIPH_ALWAYS_CALL_INIT" -Set this if the implementation's \fBinit()\fR function should be called even -if \fBkey\fR is \fB\s-1NULL\s0\fR. -.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 +Set this if the implementation\*(Aqs \fBinit()\fR function should be called even +if \fBkey\fR is \fBNULL\fR. +.IP EVP_CIPH_CTRL_INIT 4 .IX Item "EVP_CIPH_CTRL_INIT" -Set this to have the implementation's \fBctrl()\fR function called with -command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. -.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 +Set this to have the implementation\*(Aqs \fBctrl()\fR function called with +command code \fBEVP_CTRL_INIT\fR early in its setup. +.IP EVP_CIPH_CUSTOM_KEY_LENGTH 4 .IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" -Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR +Checking and setting the key length after creating the \fBEVP_CIPHER\fR is left to the implementation. Whenever someone uses \fBEVP_CIPHER_CTX_set_key_length()\fR on a -\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fBctrl()\fR function -will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and +\&\fBEVP_CIPHER\fR with this flag set, the implementation\*(Aqs \fBctrl()\fR function +will be called with the control code \fBEVP_CTRL_SET_KEY_LENGTH\fR and the key length in \fBarg\fR. -.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 +.IP EVP_CIPH_NO_PADDING 4 .IX Item "EVP_CIPH_NO_PADDING" -Don't use standard block padding. -.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 +Don\*(Aqt use standard block padding. +.IP EVP_CIPH_RAND_KEY 4 .IX Item "EVP_CIPH_RAND_KEY" Making a key with random content is left to the implementation. -This is done by calling the implementation's \fBctrl()\fR function with the -control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory +This is done by calling the implementation\*(Aqs \fBctrl()\fR function with the +control code \fBEVP_CTRL_RAND_KEY\fR and the pointer to the key memory storage in \fBptr\fR. -.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 +.IP EVP_CIPH_CUSTOM_COPY 4 .IX Item "EVP_CIPH_CUSTOM_COPY" -Set this to have the implementation's \fBctrl()\fR function called with -command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR. +Set this to have the implementation\*(Aqs \fBctrl()\fR function called with +command code \fBEVP_CTRL_COPY\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR. The intended use is for further things to deal with after the implementation specific data block has been copied. -The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the +The destination \fBEVP_CIPHER_CTX\fR is passed to the control with the \&\fBptr\fR parameter. The implementation specific data block is reached with \&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. -.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 +.IP EVP_CIPH_FLAG_DEFAULT_ASN1 4 .IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" -Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN.1.\s0 -.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 +Use the default EVP routines to pass IV to and from ASN.1. +.IP EVP_CIPH_FLAG_LENGTH_BITS 4 .IX Item "EVP_CIPH_FLAG_LENGTH_BITS" Signals that the length of the input buffer for encryption / decryption is to be understood as the number of bits instead of bytes for this implementation. -This is only useful for \s-1CFB1\s0 ciphers. -.IP "\s-1EVP_CIPH_FLAG_CTS\s0" 4 +This is only useful for CFB1 ciphers. +.IP EVP_CIPH_FLAG_CTS 4 .IX Item "EVP_CIPH_FLAG_CTS" Indicates that the cipher uses ciphertext stealing. This is currently used to indicate that the cipher is a one shot that only allows a single call to \&\fBEVP_CipherUpdate()\fR. -.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 +.IP EVP_CIPH_FLAG_CUSTOM_CIPHER 4 .IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" This indicates that the implementation takes care of everything, including padding, buffering and finalization. -The \s-1EVP\s0 routines will simply give them control and do nothing more. -.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 +The EVP routines will simply give them control and do nothing more. +.IP EVP_CIPH_FLAG_AEAD_CIPHER 4 .IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" -This indicates that this is an \s-1AEAD\s0 cipher implementation. -.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0" 4 +This indicates that this is an AEAD cipher implementation. +.IP EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 4 .IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK" Allow interleaving of crypto blocks, a particular optimization only applicable -to certain \s-1TLS\s0 ciphers. +to certain TLS ciphers. .PP -\&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's +\&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the EVP_CIPHER\*(Aqs implementation context so that it can be automatically allocated. .PP \&\fBEVP_CIPHER_meth_set_init()\fR sets the cipher init function for @@ -317,22 +243,22 @@ \&\fBEVP_DecryptFinal_ex()\fR. .PP \&\fBEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do -extra cleanup before the method's private data structure is cleaned +extra cleanup before the method\*(Aqs private data structure is cleaned out and freed. -Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the +Note that the cleanup function is passed a \fBEVP_CIPHER_CTX *\fR, the private data structure is then available with \&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. This cleanup function is called by \fBEVP_CIPHER_CTX_reset()\fR and \&\fBEVP_CIPHER_CTX_free()\fR. .PP \&\fBEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR -to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. +to set the AlgorithmIdentifier "parameter" based on the passed cipher. This function is called by \fBEVP_CIPHER_param_to_asn1()\fR. \&\fBEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR -that sets the cipher parameters based on an \s-1ASN.1\s0 AlgorithmIdentifier -\&\*(L"parameter\*(R". +that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier +"parameter". Both these functions are needed when there is a need for custom data -(more or other than the cipher \s-1IV\s0). +(more or other than the cipher IV). They are called by \fBEVP_CIPHER_param_to_asn1()\fR and \&\fBEVP_CIPHER_asn1_to_param()\fR respectively if defined. .PP @@ -346,25 +272,25 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_CIPHER_meth_new()\fR and \fBEVP_CIPHER_meth_dup()\fR return a pointer to a -newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. +newly created \fBEVP_CIPHER\fR, or NULL on failure. All EVP_CIPHER_meth_set_*() functions return 1. All EVP_CIPHER_meth_get_*() functions return pointers to their respective \fBcipher\fR function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP The functions described here were added in OpenSSL 1.1.0. -The \fB\s-1EVP_CIPHER\s0\fR structure created with these functions became reference +The \fBEVP_CIPHER\fR structure created with these functions became reference counted in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_DigestInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_DigestInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_DIGESTINIT 3ossl" -.TH EVP_DIGESTINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_DIGESTINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free, EVP_MD_get_params, EVP_MD_gettable_params, EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, @@ -163,7 +88,7 @@ EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data \&\- EVP digest routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -256,7 +181,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -269,103 +194,105 @@ \& int (*update)(EVP_MD_CTX *ctx, \& const void *data, size_t count)); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 digest routines are a high-level interface to message digests, -and should be used instead of the digest-specific functions. +The EVP digest routines are a high\-level interface to message digests, +and should be used instead of the digest\-specific functions. .PP -The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. -.IP "\fBEVP_MD_fetch()\fR" 4 +The \fBEVP_MD\fR type is a structure for digest method implementation. +.IP \fBEVP_MD_fetch()\fR 4 .IX Item "EVP_MD_fetch()" Fetches the digest implementation for the given \fIalgorithm\fR from any provider offering it, within the criteria given by the \fIproperties\fR. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .Sp The returned value must eventually be freed with \fBEVP_MD_free()\fR. .Sp -Fetched \fB\s-1EVP_MD\s0\fR structures are reference counted. -.IP "\fBEVP_MD_up_ref()\fR" 4 +Fetched \fBEVP_MD\fR structures are reference counted. +.IP \fBEVP_MD_up_ref()\fR 4 .IX Item "EVP_MD_up_ref()" -Increments the reference count for an \fB\s-1EVP_MD\s0\fR structure. -.IP "\fBEVP_MD_free()\fR" 4 +Increments the reference count for an \fBEVP_MD\fR structure. +.IP \fBEVP_MD_free()\fR 4 .IX Item "EVP_MD_free()" -Decrements the reference count for the fetched \fB\s-1EVP_MD\s0\fR structure. +Decrements the reference count for the fetched \fBEVP_MD\fR structure. If the reference count drops to 0 then the structure is freed. -.IP "\fBEVP_MD_CTX_new()\fR" 4 +If the argument is NULL, nothing is done. +.IP \fBEVP_MD_CTX_new()\fR 4 .IX Item "EVP_MD_CTX_new()" Allocates and returns a digest context. -.IP "\fBEVP_MD_CTX_reset()\fR" 4 +.IP \fBEVP_MD_CTX_reset()\fR 4 .IX Item "EVP_MD_CTX_reset()" Resets the digest context \fIctx\fR. This can be used to reuse an already existing context. -.IP "\fBEVP_MD_CTX_free()\fR" 4 +.IP \fBEVP_MD_CTX_free()\fR 4 .IX Item "EVP_MD_CTX_free()" Cleans up digest context \fIctx\fR and frees up the space allocated to it. -.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 +If the argument is NULL, nothing is done. +.IP \fBEVP_MD_CTX_ctrl()\fR 4 .IX Item "EVP_MD_CTX_ctrl()" -\&\fIThis is a legacy method. \f(BIEVP_MD_CTX_set_params()\fI and \f(BIEVP_MD_CTX_get_params()\fI +\&\fIThis is a legacy method. \fR\f(BIEVP_MD_CTX_set_params()\fR\fI and \fR\f(BIEVP_MD_CTX_get_params()\fR\fI is the mechanism that should be used to set and get parameters that are used by providers.\fR .Sp -Performs digest-specific control actions on context \fIctx\fR. The control command +Performs digest\-specific control actions on context \fIctx\fR. The control command is indicated in \fIcmd\fR and any additional arguments in \fIp1\fR and \fIp2\fR. \&\fBEVP_MD_CTX_ctrl()\fR must be called after \fBEVP_DigestInit_ex2()\fR. Other restrictions may apply depending on the control type and digest implementation. .Sp -If this function happens to be used with a fetched \fB\s-1EVP_MD\s0\fR, it will -translate the controls that are known to OpenSSL into \s-1\fBOSSL_PARAM\s0\fR\|(3) +If this function happens to be used with a fetched \fBEVP_MD\fR, it will +translate the controls that are known to OpenSSL into \fBOSSL_PARAM\fR\|(3) parameters with keys defined by OpenSSL and call \fBEVP_MD_CTX_get_params()\fR or \&\fBEVP_MD_CTX_set_params()\fR as is appropriate for each control command. .Sp -See \*(L"\s-1CONTROLS\*(R"\s0 below for more information, including what translations are +See "CONTROLS" below for more information, including what translations are being done. -.IP "\fBEVP_MD_get_params()\fR" 4 +.IP \fBEVP_MD_get_params()\fR 4 .IX Item "EVP_MD_get_params()" -Retrieves the requested list of \fIparams\fR from a \s-1MD\s0 \fImd\fR. -See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. -.IP "\fBEVP_MD_CTX_get_params()\fR" 4 +Retrieves the requested list of \fIparams\fR from a MD \fImd\fR. +See "PARAMETERS" below for more information. +.IP \fBEVP_MD_CTX_get_params()\fR 4 .IX Item "EVP_MD_CTX_get_params()" -Retrieves the requested list of \fIparams\fR from a \s-1MD\s0 context \fIctx\fR. -See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. -.IP "\fBEVP_MD_CTX_set_params()\fR" 4 +Retrieves the requested list of \fIparams\fR from a MD context \fIctx\fR. +See "PARAMETERS" below for more information. +.IP \fBEVP_MD_CTX_set_params()\fR 4 .IX Item "EVP_MD_CTX_set_params()" -Sets the list of \fIparams\fR into a \s-1MD\s0 context \fIctx\fR. -See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. -.IP "\fBEVP_MD_gettable_params()\fR" 4 +Sets the list of \fIparams\fR into a MD context \fIctx\fR. +See "PARAMETERS" below for more information. +.IP \fBEVP_MD_gettable_params()\fR 4 .IX Item "EVP_MD_gettable_params()" -Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters +Get a constant \fBOSSL_PARAM\fR\|(3) array that describes the retrievable parameters that can be used with \fBEVP_MD_get_params()\fR. .IP "\fBEVP_MD_gettable_ctx_params()\fR, \fBEVP_MD_CTX_gettable_params()\fR" 4 .IX Item "EVP_MD_gettable_ctx_params(), EVP_MD_CTX_gettable_params()" -Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters +Get a constant \fBOSSL_PARAM\fR\|(3) array that describes the retrievable parameters that can be used with \fBEVP_MD_CTX_get_params()\fR. \fBEVP_MD_gettable_ctx_params()\fR returns the parameters that can be retrieved from the algorithm, whereas \&\fBEVP_MD_CTX_gettable_params()\fR returns the parameters that can be retrieved -in the context's current state. +in the context\*(Aqs current state. .IP "\fBEVP_MD_settable_ctx_params()\fR, \fBEVP_MD_CTX_settable_params()\fR" 4 .IX Item "EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params()" -Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the settable parameters +Get a constant \fBOSSL_PARAM\fR\|(3) array that describes the settable parameters that can be used with \fBEVP_MD_CTX_set_params()\fR. \fBEVP_MD_settable_ctx_params()\fR returns the parameters that can be set from the algorithm, whereas \&\fBEVP_MD_CTX_settable_params()\fR returns the parameters that can be set in the -context's current state. +context\*(Aqs current state. .IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4 .IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" -Sets, clears and tests \fIctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. -.IP "\fBEVP_Q_digest()\fR is a quick one-shot digest function." 4 +Sets, clears and tests \fIctx\fR flags. See "FLAGS" below for more information. +.IP "\fBEVP_Q_digest()\fR is a quick one\-shot digest function." 4 .IX Item "EVP_Q_digest() is a quick one-shot digest function." It hashes \fIdatalen\fR bytes of data at \fIdata\fR using the digest algorithm \&\fIname\fR, which is fetched using the optional \fIlibctx\fR and \fIpropq\fR parameters. The digest value is placed in \fImd\fR and its length is written at \fImdlen\fR -if the pointer is not \s-1NULL.\s0 At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. -.IP "\fBEVP_Digest()\fR" 4 +if the pointer is not NULL. At most \fBEVP_MAX_MD_SIZE\fR bytes will be written. +.IP \fBEVP_Digest()\fR 4 .IX Item "EVP_Digest()" A wrapper around the Digest Init_ex, Update and Final_ex functions. -Hashes \fIcount\fR bytes of data at \fIdata\fR using a digest \fItype\fR from \s-1ENGINE\s0 +Hashes \fIcount\fR bytes of data at \fIdata\fR using a digest \fItype\fR from ENGINE \&\fIimpl\fR. The digest value is placed in \fImd\fR and its length is written at \fIsize\fR -if the pointer is not \s-1NULL.\s0 At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. -If \fIimpl\fR is \s-1NULL\s0 the default implementation of digest \fItype\fR is used. -.IP "\fBEVP_DigestInit_ex2()\fR" 4 +if the pointer is not NULL. At most \fBEVP_MAX_MD_SIZE\fR bytes will be written. +If \fIimpl\fR is NULL the default implementation of digest \fItype\fR is used. +.IP \fBEVP_DigestInit_ex2()\fR 4 .IX Item "EVP_DigestInit_ex2()" Sets up digest context \fIctx\fR to use a digest \fItype\fR. \&\fItype\fR is typically supplied by a function such as \fBEVP_sha1()\fR, or a @@ -373,145 +300,145 @@ .Sp The parameters \fBparams\fR are set on the context after initialisation. .Sp -The \fItype\fR parameter can be \s-1NULL\s0 if \fIctx\fR has been already initialized +The \fItype\fR parameter can be NULL if \fIctx\fR has been already initialized with another \fBEVP_DigestInit_ex()\fR call and has not been reset with \&\fBEVP_MD_CTX_reset()\fR. -.IP "\fBEVP_DigestInit_ex()\fR" 4 +.IP \fBEVP_DigestInit_ex()\fR 4 .IX Item "EVP_DigestInit_ex()" Sets up digest context \fIctx\fR to use a digest \fItype\fR. \&\fItype\fR is typically supplied by a function such as \fBEVP_sha1()\fR, or a value explicitly fetched with \fBEVP_MD_fetch()\fR. .Sp -If \fIimpl\fR is non-NULL, its implementation of the digest \fItype\fR is used if +If \fIimpl\fR is non\-NULL, its implementation of the digest \fItype\fR is used if there is one, and if not, the default implementation is used. .Sp -The \fItype\fR parameter can be \s-1NULL\s0 if \fIctx\fR has been already initialized +The \fItype\fR parameter can be NULL if \fIctx\fR has been already initialized with another \fBEVP_DigestInit_ex()\fR call and has not been reset with \&\fBEVP_MD_CTX_reset()\fR. -.IP "\fBEVP_DigestUpdate()\fR" 4 +.IP \fBEVP_DigestUpdate()\fR 4 .IX Item "EVP_DigestUpdate()" Hashes \fIcnt\fR bytes of data at \fId\fR into the digest context \fIctx\fR. This function can be called several times on the same \fIctx\fR to hash additional data. -.IP "\fBEVP_DigestFinal_ex()\fR" 4 +.IP \fBEVP_DigestFinal_ex()\fR 4 .IX Item "EVP_DigestFinal_ex()" Retrieves the digest value from \fIctx\fR and places it in \fImd\fR. If the \fIs\fR -parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the +parameter is not NULL then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at \fIs\fR, at most -\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR +\&\fBEVP_MAX_MD_SIZE\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR no additional calls to \fBEVP_DigestUpdate()\fR can be made, but \&\fBEVP_DigestInit_ex2()\fR can be called to initialize a new digest operation. -.IP "\fBEVP_DigestFinalXOF()\fR" 4 +.IP \fBEVP_DigestFinalXOF()\fR 4 .IX Item "EVP_DigestFinalXOF()" -Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0 +Interfaces to extendable\-output functions, XOFs, such as SHAKE128 and SHAKE256. It retrieves the digest value from \fIctx\fR and places it in \fIlen\fR\-sized \fImd\fR. After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be made, but \fBEVP_DigestInit_ex2()\fR can be called to initialize a new operation. -.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 +.IP \fBEVP_MD_CTX_copy_ex()\fR 4 .IX Item "EVP_MD_CTX_copy_ex()" Can be used to copy the message digest state from \fIin\fR to \fIout\fR. This is useful if large amounts of data are to be hashed which only differ in the last few bytes. -.IP "\fBEVP_DigestInit()\fR" 4 +.IP \fBEVP_DigestInit()\fR 4 .IX Item "EVP_DigestInit()" -Behaves in the same way as \fBEVP_DigestInit_ex2()\fR except it doesn't set any +Behaves in the same way as \fBEVP_DigestInit_ex2()\fR except it doesn\*(Aqt set any parameters and calls \fBEVP_MD_CTX_reset()\fR so it cannot be used with an \fItype\fR -of \s-1NULL.\s0 -.IP "\fBEVP_DigestFinal()\fR" 4 +of NULL. +.IP \fBEVP_DigestFinal()\fR 4 .IX Item "EVP_DigestFinal()" Similar to \fBEVP_DigestFinal_ex()\fR except after computing the digest the digest context \fIctx\fR is automatically cleaned up with \fBEVP_MD_CTX_reset()\fR. -.IP "\fBEVP_MD_CTX_copy()\fR" 4 +.IP \fBEVP_MD_CTX_copy()\fR 4 .IX Item "EVP_MD_CTX_copy()" Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fIout\fR does not have to be initialized. -.IP "\fBEVP_MD_is_a()\fR" 4 +.IP \fBEVP_MD_is_a()\fR 4 .IX Item "EVP_MD_is_a()" -Returns 1 if \fImd\fR is an implementation of an algorithm that's +Returns 1 if \fImd\fR is an implementation of an algorithm that\*(Aqs identifiable with \fIname\fR, otherwise 0. .Sp -If \fImd\fR is a legacy digest (it's the return value from the likes of +If \fImd\fR is a legacy digest (it\*(Aqs the return value from the likes of \&\fBEVP_sha256()\fR rather than the result of an \fBEVP_MD_fetch()\fR), only cipher names registered with the default library context (see -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) will be considered. +\&\fBOSSL_LIB_CTX\fR\|(3)) will be considered. .IP "\fBEVP_MD_get0_name()\fR, \fBEVP_MD_CTX_get0_name()\fR" 4 .IX Item "EVP_MD_get0_name(), EVP_MD_CTX_get0_name()" Return the name of the given message digest. For fetched message -digests with multiple names, only one of them is returned; it's +digests with multiple names, only one of them is returned; it\*(Aqs recommended to use \fBEVP_MD_names_do_all()\fR instead. -.IP "\fBEVP_MD_names_do_all()\fR" 4 +.IP \fBEVP_MD_names_do_all()\fR 4 .IX Item "EVP_MD_names_do_all()" Traverses all names for the \fImd\fR, and calls \fIfn\fR with each name and -\&\fIdata\fR. This is only useful with fetched \fB\s-1EVP_MD\s0\fRs. -.IP "\fBEVP_MD_get0_description()\fR" 4 +\&\fIdata\fR. This is only useful with fetched \fBEVP_MD\fRs. +.IP \fBEVP_MD_get0_description()\fR 4 .IX Item "EVP_MD_get0_description()" Returns a description of the digest, meant for display and human consumption. The description is at the discretion of the digest implementation. -.IP "\fBEVP_MD_get0_provider()\fR" 4 +.IP \fBEVP_MD_get0_provider()\fR 4 .IX Item "EVP_MD_get0_provider()" -Returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider that implements the given -\&\fB\s-1EVP_MD\s0\fR. +Returns an \fBOSSL_PROVIDER\fR pointer to the provider that implements the given +\&\fBEVP_MD\fR. .IP "\fBEVP_MD_get_size()\fR, \fBEVP_MD_CTX_get_size()\fR" 4 .IX Item "EVP_MD_get_size(), EVP_MD_CTX_get_size()" -Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an -\&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. +Return the size of the message digest when passed an \fBEVP_MD\fR or an +\&\fBEVP_MD_CTX\fR structure, i.e. the size of the hash. .IP "\fBEVP_MD_get_block_size()\fR, \fBEVP_MD_CTX_get_block_size()\fR" 4 .IX Item "EVP_MD_get_block_size(), EVP_MD_CTX_get_block_size()" -Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an -\&\fB\s-1EVP_MD_CTX\s0\fR structure. +Return the block size of the message digest when passed an \fBEVP_MD\fR or an +\&\fBEVP_MD_CTX\fR structure. .IP "\fBEVP_MD_get_type()\fR, \fBEVP_MD_CTX_get_type()\fR" 4 .IX Item "EVP_MD_get_type(), EVP_MD_CTX_get_type()" -Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest -when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_get_type(EVP_sha1())\*(C'\fR -returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. -.IP "\fBEVP_MD_CTX_get0_md_data()\fR" 4 +Return the NID of the OBJECT IDENTIFIER representing the given message digest +when passed an \fBEVP_MD\fR structure. For example, \f(CW\*(C`EVP_MD_get_type(EVP_sha1())\*(C'\fR +returns \fBNID_sha1\fR. This function is normally used when setting ASN1 OIDs. +.IP \fBEVP_MD_CTX_get0_md_data()\fR 4 .IX Item "EVP_MD_CTX_get0_md_data()" -Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. +Return the digest method private data for the passed \fBEVP_MD_CTX\fR. The space is allocated by OpenSSL and has the size originally set with \&\fBEVP_MD_meth_set_app_datasize()\fR. .IP "\fBEVP_MD_CTX_get0_md()\fR, \fBEVP_MD_CTX_get1_md()\fR" 4 .IX Item "EVP_MD_CTX_get0_md(), EVP_MD_CTX_get1_md()" \&\fBEVP_MD_CTX_get0_md()\fR returns -the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. This -will be the same \fB\s-1EVP_MD\s0\fR object originally passed to \fBEVP_DigestInit_ex2()\fR (or -other similar function) when the \s-1EVP_MD_CTX\s0 was first initialised. Note that +the \fBEVP_MD\fR structure corresponding to the passed \fBEVP_MD_CTX\fR. This +will be the same \fBEVP_MD\fR object originally passed to \fBEVP_DigestInit_ex2()\fR (or +other similar function) when the EVP_MD_CTX was first initialised. Note that where explicit fetch is in use (see \fBEVP_MD_fetch\fR\|(3)) the value returned from this function will not have its reference count incremented and therefore it -should not be used after the \s-1EVP_MD_CTX\s0 is freed. +should not be used after the EVP_MD_CTX is freed. \&\fBEVP_MD_CTX_get1_md()\fR is the same except the ownership is passed to the -caller and is from the passed \fB\s-1EVP_MD_CTX\s0\fR. -.IP "\fBEVP_MD_CTX_set_update_fn()\fR" 4 +caller and is from the passed \fBEVP_MD_CTX\fR. +.IP \fBEVP_MD_CTX_set_update_fn()\fR 4 .IX Item "EVP_MD_CTX_set_update_fn()" Sets the update function for \fIctx\fR to \fIupdate\fR. This is the function that is called by \fBEVP_DigestUpdate()\fR. If not set, the -update function from the \fB\s-1EVP_MD\s0\fR type specified at initialization is used. -.IP "\fBEVP_MD_CTX_update_fn()\fR" 4 +update function from the \fBEVP_MD\fR type specified at initialization is used. +.IP \fBEVP_MD_CTX_update_fn()\fR 4 .IX Item "EVP_MD_CTX_update_fn()" Returns the update function for \fIctx\fR. -.IP "\fBEVP_MD_get_flags()\fR" 4 +.IP \fBEVP_MD_get_flags()\fR 4 .IX Item "EVP_MD_get_flags()" -Returns the \fImd\fR flags. Note that these are different from the \fB\s-1EVP_MD_CTX\s0\fR +Returns the \fImd\fR flags. Note that these are different from the \fBEVP_MD_CTX\fR ones. See \fBEVP_MD_meth_set_flags\fR\|(3) for more information. -.IP "\fBEVP_MD_get_pkey_type()\fR" 4 +.IP \fBEVP_MD_get_pkey_type()\fR 4 .IX Item "EVP_MD_get_pkey_type()" -Returns the \s-1NID\s0 of the public key signing algorithm associated with this -digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return +Returns the NID of the public key signing algorithm associated with this +digest. For example \fBEVP_sha1()\fR is associated with RSA so this will return \&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. -.IP "\fBEVP_md_null()\fR" 4 +.IP \fBEVP_md_null()\fR 4 .IX Item "EVP_md_null()" -A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero +A "null" message digest that does nothing: i.e. the hash it returns is of zero length. .IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" -Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an -\&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. +Returns an \fBEVP_MD\fR structure when passed a digest name, a digest \fBNID\fR or an +\&\fBASN1_OBJECT\fR structure respectively. .Sp The \fBEVP_get_digestbyname()\fR function is present for backwards compatibility with OpenSSL prior to version 3 and is different to the \fBEVP_MD_fetch()\fR function -since it does not attempt to \*(L"fetch\*(R" an implementation of the cipher. -Additionally, it only knows about digests that are built-in to OpenSSL and have -an associated \s-1NID.\s0 Similarly \fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR +since it does not attempt to "fetch" an implementation of the cipher. +Additionally, it only knows about digests that are built\-in to OpenSSL and have +an associated NID. Similarly \fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR also return objects without an associated implementation. .Sp When the digest objects returned by these functions are used (such as in a call @@ -520,84 +447,87 @@ implementation is available. Use \fBEVP_MD_fetch()\fR instead to explicitly fetch the algorithm and an associated implementation from a provider. .Sp -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about fetching. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for more information about fetching. .Sp The digest objects returned from these functions do not need to be freed with \&\fBEVP_MD_free()\fR. -.IP "\fBEVP_MD_CTX_get_pkey_ctx()\fR" 4 +.IP \fBEVP_MD_CTX_get_pkey_ctx()\fR 4 .IX Item "EVP_MD_CTX_get_pkey_ctx()" -Returns the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fIctx\fR. The returned pointer should not +Returns the \fBEVP_PKEY_CTX\fR assigned to \fIctx\fR. The returned pointer should not be freed by the caller. -.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IP \fBEVP_MD_CTX_set_pkey_ctx()\fR 4 .IX Item "EVP_MD_CTX_set_pkey_ctx()" -Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide -a customized \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or +Assigns an \fBEVP_PKEY_CTX\fR to \fBEVP_MD_CTX\fR. This is usually used to provide +a customized \fBEVP_PKEY_CTX\fR to \fBEVP_DigestSignInit\fR\|(3) or \&\fBEVP_DigestVerifyInit\fR\|(3). The \fIpctx\fR passed to this function should be freed -by the caller. A \s-1NULL\s0 \fIpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR -assigned to \fIctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not -depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. -.IP "\fBEVP_MD_do_all_provided()\fR" 4 +by the caller. A NULL \fIpctx\fR pointer is also allowed to clear the \fBEVP_PKEY_CTX\fR +assigned to \fIctx\fR. In such case, freeing the cleared \fBEVP_PKEY_CTX\fR or not +depends on how the \fBEVP_PKEY_CTX\fR is created. +.IP \fBEVP_MD_do_all_provided()\fR 4 .IX Item "EVP_MD_do_all_provided()" Traverses all messages digests implemented by all activated providers in the given library context \fIlibctx\fR, and for each of the implementations, calls the given function \fIfn\fR with the implementation method and the given \&\fIarg\fR as argument. -.SH "PARAMETERS" +.SH PARAMETERS .IX Header "PARAMETERS" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about passing parameters. +See \fBOSSL_PARAM\fR\|(3) for information about passing parameters. .PP -\&\fBEVP_MD_CTX_set_params()\fR can be used with the following \s-1OSSL_PARAM\s0 keys: -.ie n .IP """xoflen"" (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) " 4 -.el .IP "``xoflen'' (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) " 4 -.IX Item "xoflen (OSSL_DIGEST_PARAM_XOFLEN) " +\&\fBEVP_MD_CTX_set_params()\fR can be used with the following OSSL_PARAM keys: +.IP """xoflen"" (\fBOSSL_DIGEST_PARAM_XOFLEN\fR) " 4 +.IX Item """xoflen"" (OSSL_DIGEST_PARAM_XOFLEN) " Sets the digest length for extendable output functions. -It is used by the \s-1SHAKE\s0 algorithm and should not exceed what can be given +It is used by the SHAKE algorithm and should not exceed what can be given using a \fBsize_t\fR. -.ie n .IP """pad-type"" (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) " 4 -.el .IP "``pad-type'' (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) " 4 -.IX Item "pad-type (OSSL_DIGEST_PARAM_PAD_TYPE) " +.IP """pad\-type"" (\fBOSSL_DIGEST_PARAM_PAD_TYPE\fR) " 4 +.IX Item """pad-type"" (OSSL_DIGEST_PARAM_PAD_TYPE) " Sets the padding type. -It is used by the \s-1MDC2\s0 algorithm. +It is used by the MDC2 algorithm. .PP -\&\fBEVP_MD_CTX_get_params()\fR can be used with the following \s-1OSSL_PARAM\s0 keys: -.ie n .IP """micalg"" (\fB\s-1OSSL_PARAM_DIGEST_KEY_MICALG\s0\fR) <\s-1UTF8\s0 string>." 4 -.el .IP "``micalg'' (\fB\s-1OSSL_PARAM_DIGEST_KEY_MICALG\s0\fR) <\s-1UTF8\s0 string>." 4 -.IX Item "micalg (OSSL_PARAM_DIGEST_KEY_MICALG) ." +\&\fBEVP_MD_CTX_get_params()\fR can be used with the following OSSL_PARAM keys: +.IP """micalg"" (\fBOSSL_DIGEST_PARAM_MICALG\fR) ." 4 +.IX Item """micalg"" (OSSL_DIGEST_PARAM_MICALG) ." Gets the digest Message Integrity Check algorithm string. This is used when -creating S/MIME multipart/signed messages, as specified in \s-1RFC 3851.\s0 +creating S/MIME multipart/signed messages, as specified in RFC 3851. It may be used by external engines or providers. -.SH "CONTROLS" +.SH CONTROLS .IX Header "CONTROLS" \&\fBEVP_MD_CTX_ctrl()\fR can be used to send the following standard controls: -.IP "\s-1EVP_MD_CTRL_MICALG\s0" 4 +.IP EVP_MD_CTRL_MICALG 4 .IX Item "EVP_MD_CTRL_MICALG" Gets the digest Message Integrity Check algorithm string. This is used when -creating S/MIME multipart/signed messages, as specified in \s-1RFC 3851.\s0 +creating S/MIME multipart/signed messages, as specified in RFC 3851. The string value is written to \fIp2\fR. .Sp -When used with a fetched \fB\s-1EVP_MD\s0\fR, \fBEVP_MD_CTX_get_params()\fR gets called with -an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"micalg\*(R" (\fB\s-1OSSL_DIGEST_PARAM_MICALG\s0\fR). -.IP "\s-1EVP_MD_CTRL_XOF_LEN\s0" 4 +When used with a fetched \fBEVP_MD\fR, \fBEVP_MD_CTX_get_params()\fR gets called with +an \fBOSSL_PARAM\fR\|(3) item with the key "micalg" (\fBOSSL_DIGEST_PARAM_MICALG\fR). +.IP EVP_MD_CTRL_XOF_LEN 4 .IX Item "EVP_MD_CTRL_XOF_LEN" This control sets the digest length for extendable output functions to \fIp1\fR. Sending this control directly should not be necessary, the use of \&\fBEVP_DigestFinalXOF()\fR is preferred. -Currently used by \s-1SHAKE.\s0 +Currently used by SHAKE. .Sp -When used with a fetched \fB\s-1EVP_MD\s0\fR, \fBEVP_MD_CTX_get_params()\fR gets called with -an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"xoflen\*(R" (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR). -.SH "FLAGS" +When used with a fetched \fBEVP_MD\fR, \fBEVP_MD_CTX_get_params()\fR gets called with +an \fBOSSL_PARAM\fR\|(3) item with the key "xoflen" (\fBOSSL_DIGEST_PARAM_XOFLEN\fR). +.SH FLAGS .IX Header "FLAGS" \&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR -can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: -.IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 +can be used the manipulate and test these \fBEVP_MD_CTX\fR flags: +.IP EVP_MD_CTX_FLAG_ONESHOT 4 .IX Item "EVP_MD_CTX_FLAG_ONESHOT" This flag instructs the digest to optimize for one update only, if possible. -.IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 +.IP EVP_MD_CTX_FLAG_CLEANED 4 +.IX Item "EVP_MD_CTX_FLAG_CLEANED" +This flag is for internal use only and \fImust not\fR be used in user code. +.IP EVP_MD_CTX_FLAG_REUSE 4 +.IX Item "EVP_MD_CTX_FLAG_REUSE" +This flag is for internal use only and \fImust not\fR be used in user code. +.IP EVP_MD_CTX_FLAG_NO_INIT 4 .IX Item "EVP_MD_CTX_FLAG_NO_INIT" This flag instructs \fBEVP_DigestInit()\fR and similar not to initialise the implementation specific data. -.IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 +.IP EVP_MD_CTX_FLAG_FINALISE 4 .IX Item "EVP_MD_CTX_FLAG_FINALISE" Some functions such as EVP_DigestSign only finalise copies of internal contexts so additional data can be included after the finalisation call. @@ -605,17 +535,17 @@ disabled with this flag. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -.IP "\fBEVP_MD_fetch()\fR" 4 +.IP \fBEVP_MD_fetch()\fR 4 .IX Item "EVP_MD_fetch()" -Returns a pointer to a \fB\s-1EVP_MD\s0\fR for success or \s-1NULL\s0 for failure. -.IP "\fBEVP_MD_up_ref()\fR" 4 +Returns a pointer to a \fBEVP_MD\fR for success or NULL for failure. +.IP \fBEVP_MD_up_ref()\fR 4 .IX Item "EVP_MD_up_ref()" Returns 1 for success or 0 for failure. .IP "\fBEVP_Q_digest()\fR, \fBEVP_Digest()\fR, \fBEVP_DigestInit_ex2()\fR, \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR, \fBEVP_DigestFinalXOF()\fR, and \fBEVP_DigestFinal()\fR" 4 .IX Item "EVP_Q_digest(), EVP_Digest(), EVP_DigestInit_ex2(), EVP_DigestInit_ex(), EVP_DigestInit(), EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_DigestFinalXOF(), and EVP_DigestFinal()" return 1 for success and 0 for failure. -.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 +.IP \fBEVP_MD_CTX_ctrl()\fR 4 .IX Item "EVP_MD_CTX_ctrl()" Returns 1 if successful or 0 for failure. .IP "\fBEVP_MD_CTX_set_params()\fR, \fBEVP_MD_CTX_get_params()\fR" 4 @@ -623,48 +553,48 @@ Returns 1 if successful or 0 for failure. .IP "\fBEVP_MD_CTX_settable_params()\fR, \fBEVP_MD_CTX_gettable_params()\fR" 4 .IX Item "EVP_MD_CTX_settable_params(), EVP_MD_CTX_gettable_params()" -Return an array of constant \s-1\fBOSSL_PARAM\s0\fR\|(3)s, or \s-1NULL\s0 if there is none +Return an array of constant \fBOSSL_PARAM\fR\|(3)s, or NULL if there is none to get. -.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 +.IP \fBEVP_MD_CTX_copy_ex()\fR 4 .IX Item "EVP_MD_CTX_copy_ex()" Returns 1 if successful or 0 for failure. .IP "\fBEVP_MD_get_type()\fR, \fBEVP_MD_get_pkey_type()\fR" 4 .IX Item "EVP_MD_get_type(), EVP_MD_get_pkey_type()" -Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none +Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none exists. .IP "\fBEVP_MD_get_size()\fR, \fBEVP_MD_get_block_size()\fR, \fBEVP_MD_CTX_get_size()\fR, \fBEVP_MD_CTX_get_block_size()\fR" 4 .IX Item "EVP_MD_get_size(), EVP_MD_get_block_size(), EVP_MD_CTX_get_size(), EVP_MD_CTX_get_block_size()" Returns the digest or block size in bytes or \-1 for failure. -.IP "\fBEVP_md_null()\fR" 4 +.IP \fBEVP_md_null()\fR 4 .IX Item "EVP_md_null()" -Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. +Returns a pointer to the \fBEVP_MD\fR structure of the "null" message digest. .IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" -Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. -.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 +Returns either an \fBEVP_MD\fR structure or NULL if an error occurs. +.IP \fBEVP_MD_CTX_set_pkey_ctx()\fR 4 .IX Item "EVP_MD_CTX_set_pkey_ctx()" This function has no return value. -.IP "\fBEVP_MD_names_do_all()\fR" 4 +.IP \fBEVP_MD_names_do_all()\fR 4 .IX Item "EVP_MD_names_do_all()" Returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in -preference to the low-level interfaces. This is because the code then becomes +The \fBEVP\fR interface to message digests should almost always be used in +preference to the low\-level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. .PP -New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 +New applications should use the SHA\-2 (such as \fBEVP_sha256\fR\|(3)) or the SHA\-3 digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms are still in common use. .PP For most applications the \fIimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be -set to \s-1NULL\s0 to use the default digest implementation. +set to NULL to use the default digest implementation. .PP Ignoring failure returns of \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestInit_ex2()\fR, or \&\fBEVP_DigestInit()\fR can lead to undefined behavior on subsequent calls -updating or finalizing the \fB\s-1EVP_MD_CTX\s0\fR such as the \fBEVP_DigestUpdate()\fR or -\&\fBEVP_DigestFinal()\fR functions. The only valid calls on the \fB\s-1EVP_MD_CTX\s0\fR +updating or finalizing the \fBEVP_MD_CTX\fR such as the \fBEVP_DigestUpdate()\fR or +\&\fBEVP_DigestFinal()\fR functions. The only valid calls on the \fBEVP_MD_CTX\fR when initialization fails are calls that attempt another initialization of the context or release the context. .PP @@ -684,9 +614,9 @@ .PP \&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration or control. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the +This example digests the data "Test Message\en" and "Hello World\en", using the digest name passed on the command line. .PP .Vb 3 @@ -750,10 +680,10 @@ \&\fBEVP_MD_meth_new\fR\|(3), \&\fBopenssl\-dgst\fR\|(1), \&\fBevp\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\s0\fR\|(3), -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), +\&\fBOSSL_PROVIDER\fR\|(3), +\&\fBOSSL_PARAM\fR\|(3), \&\fBproperty\fR\|(7), -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7), \&\fBprovider\-digest\fR\|(7), \&\fBlife_cycle\-digest\fR\|(7) .PP @@ -770,13 +700,13 @@ \&\fBEVP_sha3_224\fR\|(3), \&\fBEVP_sm3\fR\|(3), \&\fBEVP_whirlpool\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_MD_CTX_create()\fR and \fBEVP_MD_CTX_destroy()\fR functions were renamed to \&\fBEVP_MD_CTX_new()\fR and \fBEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. .PP The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 +later, so now \fBEVP_sha1()\fR can be used with RSA and DSA. .PP The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. .PP @@ -793,18 +723,18 @@ \&\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_flags()\fR, \fBEVP_MD_CTX_size()\fR, \&\fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, and \fBEVP_MD_CTX_md_data()\fR functions were renamed to include \f(CW\*(C`get\*(C'\fR or \f(CW\*(C`get0\*(C'\fR in their names in -OpenSSL 3.0, respectively. The old names are kept as non-deprecated +OpenSSL 3.0, respectively. The old names are kept as non\-deprecated alias macros. .PP The \fBEVP_MD_CTX_md()\fR function was deprecated in OpenSSL 3.0; use \&\fBEVP_MD_CTX_get0_md()\fR instead. \&\fBEVP_MD_CTX_update_fn()\fR and \fBEVP_MD_CTX_set_update_fn()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_DIGESTSIGNINIT 3ossl" -.TH EVP_DIGESTSIGNINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_DIGESTSIGNINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_DigestSignInit_ex, EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,9 +84,9 @@ \& size_t *siglen, const unsigned char *tbs, \& size_t tbslen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. +The EVP signature routines are a high\-level interface to digital signatures. Input data is digested first before the signing takes place. .PP \&\fBEVP_DigestSignInit_ex()\fR sets up signing context \fIctx\fR to use a digest @@ -172,83 +97,83 @@ (which could result in a digest from a different provider being selected). If the provider supports fetching the digest then it may use the \fIprops\fR argument for the properties to be used during the fetch. Finally, the passed parameters -\&\fIparams\fR, if not \s-1NULL,\s0 are set on the context before returning. +\&\fIparams\fR, if not NULL, are set on the context before returning. .PP -The \fIpkey\fR algorithm is used to fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, to -be used for the actual signing. See \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) for +The \fIpkey\fR algorithm is used to fetch a \fBEVP_SIGNATURE\fR method implicitly, to +be used for the actual signing. See "Implicit fetch" in \fBprovider\fR\|(7) for more information about implicit fetches. .PP The OpenSSL default and legacy providers support fetching digests and can fetch -those digests from any available provider. The OpenSSL \s-1FIPS\s0 provider also +those digests from any available provider. The OpenSSL FIPS provider also supports fetching digests but will only fetch digests that are themselves -implemented inside the \s-1FIPS\s0 provider. +implemented inside the FIPS provider. .PP \&\fIctx\fR must be created with \fBEVP_MD_CTX_new()\fR before calling this function. If -\&\fIpctx\fR is not \s-1NULL,\s0 the \s-1EVP_PKEY_CTX\s0 of the signing operation will be written +\&\fIpctx\fR is not NULL, the EVP_PKEY_CTX of the signing operation will be written to \fI*pctx\fR: this can be used to set alternative signing options. Note that any -existing value in \fI*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must +existing value in \fI*pctx\fR is overwritten. The EVP_PKEY_CTX value returned must not be freed directly by the application if \fIctx\fR is not assigned an -\&\s-1EVP_PKEY_CTX\s0 value before being passed to \fBEVP_DigestSignInit_ex()\fR -(which means the \s-1EVP_PKEY_CTX\s0 is created inside \fBEVP_DigestSignInit_ex()\fR -and it will be freed automatically when the \s-1EVP_MD_CTX\s0 is freed). If the -\&\s-1EVP_PKEY_CTX\s0 to be used is created by EVP_DigestSignInit_ex then it -will use the \fB\s-1OSSL_LIB_CTX\s0\fR specified in \fIlibctx\fR and the property query string +EVP_PKEY_CTX value before being passed to \fBEVP_DigestSignInit_ex()\fR +(which means the EVP_PKEY_CTX is created inside \fBEVP_DigestSignInit_ex()\fR +and it will be freed automatically when the EVP_MD_CTX is freed). If the +EVP_PKEY_CTX to be used is created by EVP_DigestSignInit_ex then it +will use the \fBOSSL_LIB_CTX\fR specified in \fIlibctx\fR and the property query string specified in \fIprops\fR. .PP -The digest \fImdname\fR may be \s-1NULL\s0 if the signing algorithm supports it. The -\&\fIprops\fR argument can always be \s-1NULL.\s0 +The digest \fImdname\fR may be NULL if the signing algorithm supports it. The +\&\fIprops\fR argument can always be NULL. .PP -No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit_ex()\fR if the +No \fBEVP_PKEY_CTX\fR will be created by \fBEVP_DigestSignInit_ex()\fR if the passed \fIctx\fR has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). -See also \s-1\fBSM2\s0\fR\|(7). +See also \fBSM2\fR\|(7). .PP -Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This -includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of -\&\*(L"signing\*(R". Built-in \s-1EVP_PKEY\s0 types supported by these functions are \s-1CMAC,\s0 -Poly1305, \s-1DSA, ECDSA, HMAC, RSA,\s0 SipHash, Ed25519 and Ed448. +Only EVP_PKEY types that support signing can be used with these functions. This +includes MAC algorithms where the MAC generation is considered as a form of +"signing". Built\-in EVP_PKEY types supported by these functions are CMAC, +Poly1305, DSA, ECDSA, HMAC, RSA, SipHash, Ed25519 and Ed448. .PP Not all digests can be used for all key types. The following combinations apply. -.IP "\s-1DSA\s0" 4 +.IP DSA 4 .IX Item "DSA" -Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 -.IP "\s-1ECDSA\s0" 4 +Supports SHA1, SHA224, SHA256, SHA384 and SHA512 +.IP ECDSA 4 .IX Item "ECDSA" -Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 -.IP "\s-1RSA\s0 with no padding" 4 +Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3 +.IP "RSA with no padding" 4 .IX Item "RSA with no padding" -Supports no digests (the digest \fItype\fR must be \s-1NULL\s0) -.IP "\s-1RSA\s0 with X931 padding" 4 +Supports no digests (the digest \fItype\fR must be NULL) +.IP "RSA with X931 padding" 4 .IX Item "RSA with X931 padding" -Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 -.IP "All other \s-1RSA\s0 padding types" 4 +Supports SHA1, SHA256, SHA384 and SHA512 +.IP "All other RSA padding types" 4 .IX Item "All other RSA padding types" -Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, -SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 +Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512 .IP "Ed25519 and Ed448" 4 .IX Item "Ed25519 and Ed448" -Support no digests (the digest \fItype\fR must be \s-1NULL\s0) -.IP "\s-1HMAC\s0" 4 +Support no digests (the digest \fItype\fR must be NULL) +.IP HMAC 4 .IX Item "HMAC" Supports any digest -.IP "\s-1CMAC,\s0 Poly1305 and SipHash" 4 +.IP "CMAC, Poly1305 and SipHash" 4 .IX Item "CMAC, Poly1305 and SipHash" Will ignore any digest provided. .PP -If RSA-PSS is used and restrictions apply then the digest must match. +If RSA\-PSS is used and restrictions apply then the digest must match. .PP \&\fBEVP_DigestSignInit()\fR works in the same way as \fBEVP_DigestSignInit_ex()\fR except that the \fImdname\fR parameter will be inferred from the supplied -digest \fItype\fR, and \fIprops\fR will be \s-1NULL.\s0 Where supplied the \s-1ENGINE\s0 \fIe\fR will -be used for the signing and digest algorithm implementations. \fIe\fR may be \s-1NULL.\s0 +digest \fItype\fR, and \fIprops\fR will be NULL. Where supplied the ENGINE \fIe\fR will +be used for the signing and digest algorithm implementations. \fIe\fR may be NULL. .PP \&\fBEVP_DigestSignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the signature context \fIctx\fR. This function can be called several times on the same \fIctx\fR to include additional data. .PP -Unless \fIsig\fR is \s-1NULL\s0 \fBEVP_DigestSignFinal()\fR signs the data in \fIctx\fR +Unless \fIsig\fR is NULL \fBEVP_DigestSignFinal()\fR signs the data in \fIctx\fR and places the signature in \fIsig\fR. Otherwise the maximum necessary size of the output buffer is written to -the \fIsiglen\fR parameter. If \fIsig\fR is not \s-1NULL\s0 then before the call the +the \fIsiglen\fR parameter. If \fIsig\fR is not NULL then before the call the \&\fIsiglen\fR parameter should contain the length of the \fIsig\fR buffer. If the call is successful the signature is written to \fIsig\fR and the amount of data written to \fIsiglen\fR. @@ -256,9 +181,9 @@ \&\fBEVP_DigestSign()\fR signs \fItbslen\fR bytes of data at \fItbs\fR and places the signature in \fIsig\fR and its length in \fIsiglen\fR in a similar way to \&\fBEVP_DigestSignFinal()\fR. In the event of a failure \fBEVP_DigestSign()\fR cannot be -called again without reinitialising the \s-1EVP_MD_CTX.\s0 If \fIsig\fR is \s-1NULL\s0 before the +called again without reinitialising the EVP_MD_CTX. If \fIsig\fR is NULL before the call then \fIsiglen\fR will be populated with the required size for the \fIsig\fR -buffer. If \fIsig\fR is non-NULL before the call then \fIsiglen\fR should contain the +buffer. If \fIsig\fR is non\-NULL before the call then \fIsiglen\fR should contain the length of the \fIsig\fR buffer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -266,10 +191,10 @@ \&\fBEVP_DigestSign()\fR return 1 for success and 0 for failure. .PP The error codes can be obtained from \fBERR_get_error\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low-level interfaces. This is because the code then becomes +The \fBEVP\fR interface to digital signatures should almost always be used in +preference to the low\-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP \&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data @@ -278,13 +203,13 @@ do not support streaming (e.g. PureEdDSA) it is the only way to sign data. .PP In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR -needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and +and public key algorithms. This meant that "clone" digests such as \fBEVP_dss1()\fR +needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged. .PP For some key types and parameters the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .PP The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest context. This means that calls to \fBEVP_DigestSignUpdate()\fR and @@ -292,7 +217,7 @@ .PP \&\fBEVP_DigestSignInit()\fR and \fBEVP_DigestSignInit_ex()\fR functions can be called multiple times on a context and the parameters set by previous calls should be -preserved if the \fIpkey\fR parameter is \s-1NULL.\s0 The call then just resets the state +preserved if the \fIpkey\fR parameter is NULL. The call then just resets the state of the \fIctx\fR. .PP Ignoring failure returns of \fBEVP_DigestSignInit()\fR and \fBEVP_DigestSignInit_ex()\fR @@ -307,11 +232,11 @@ .IX Header "SEE ALSO" \&\fBEVP_DigestVerifyInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), -\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), -\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBopenssl\-dgst\fR\|(1), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBevp\fR\|(7), \fBHMAC\fR\|(3), \fBMD2\fR\|(3), +\&\fBMD5\fR\|(3), \fBMDC2\fR\|(3), \fBRIPEMD160\fR\|(3), +\&\fBSHA1\fR\|(3), \fBopenssl\-dgst\fR\|(1), +\&\fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR were added in OpenSSL 1.0.0. @@ -319,11 +244,11 @@ \&\fBEVP_DigestSignInit_ex()\fR was added in OpenSSL 3.0. .PP \&\fBEVP_DigestSignUpdate()\fR was converted from a macro to a function in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_DIGESTVERIFYINIT 3ossl" -.TH EVP_DIGESTVERIFYINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_DIGESTVERIFYINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_DigestVerifyInit_ex, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,9 +83,9 @@ \& int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, \& size_t siglen, const unsigned char *tbs, size_t tbslen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. +The EVP signature routines are a high\-level interface to digital signatures. Input data is digested first before the signature verification takes place. .PP \&\fBEVP_DigestVerifyInit_ex()\fR sets up verification context \fBctx\fR to use a @@ -171,67 +96,67 @@ (which could result in a digest from a different provider being selected). If the provider supports fetching the digest then it may use the \fBprops\fR argument for the properties to be used during the fetch. Finally, the passed parameters -\&\fIparams\fR, if not \s-1NULL,\s0 are set on the context before returning. +\&\fIparams\fR, if not NULL, are set on the context before returning. .PP -The \fIpkey\fR algorithm is used to fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, to -be used for the actual signing. See \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) for +The \fIpkey\fR algorithm is used to fetch a \fBEVP_SIGNATURE\fR method implicitly, to +be used for the actual signing. See "Implicit fetch" in \fBprovider\fR\|(7) for more information about implicit fetches. .PP The OpenSSL default and legacy providers support fetching digests and can fetch -those digests from any available provider. The OpenSSL \s-1FIPS\s0 provider also +those digests from any available provider. The OpenSSL FIPS provider also supports fetching digests but will only fetch digests that are themselves -implemented inside the \s-1FIPS\s0 provider. +implemented inside the FIPS provider. .PP \&\fBctx\fR must be created with \fBEVP_MD_CTX_new()\fR before calling this function. If -\&\fBpctx\fR is not \s-1NULL,\s0 the \s-1EVP_PKEY_CTX\s0 of the verification operation will be +\&\fBpctx\fR is not NULL, the EVP_PKEY_CTX of the verification operation will be written to \fB*pctx\fR: this can be used to set alternative verification options. -Note that any existing value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value +Note that any existing value in \fB*pctx\fR is overwritten. The EVP_PKEY_CTX value returned must not be freed directly by the application if \fBctx\fR is not assigned -an \s-1EVP_PKEY_CTX\s0 value before being passed to \fBEVP_DigestVerifyInit_ex()\fR -(which means the \s-1EVP_PKEY_CTX\s0 is created inside +an EVP_PKEY_CTX value before being passed to \fBEVP_DigestVerifyInit_ex()\fR +(which means the EVP_PKEY_CTX is created inside \&\fBEVP_DigestVerifyInit_ex()\fR and it will be freed automatically when the -\&\s-1EVP_MD_CTX\s0 is freed). If the \s-1EVP_PKEY_CTX\s0 to be used is created by -EVP_DigestVerifyInit_ex then it will use the \fB\s-1OSSL_LIB_CTX\s0\fR specified +EVP_MD_CTX is freed). If the EVP_PKEY_CTX to be used is created by +EVP_DigestVerifyInit_ex then it will use the \fBOSSL_LIB_CTX\fR specified in \fIlibctx\fR and the property query string specified in \fIprops\fR. .PP -No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestVerifyInit_ex()\fR if the +No \fBEVP_PKEY_CTX\fR will be created by \fBEVP_DigestVerifyInit_ex()\fR if the passed \fBctx\fR has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). -See also \s-1\fBSM2\s0\fR\|(7). +See also \fBSM2\fR\|(7). .PP Not all digests can be used for all key types. The following combinations apply. -.IP "\s-1DSA\s0" 4 +.IP DSA 4 .IX Item "DSA" -Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 -.IP "\s-1ECDSA\s0" 4 +Supports SHA1, SHA224, SHA256, SHA384 and SHA512 +.IP ECDSA 4 .IX Item "ECDSA" -Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 -.IP "\s-1RSA\s0 with no padding" 4 +Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3 +.IP "RSA with no padding" 4 .IX Item "RSA with no padding" -Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) -.IP "\s-1RSA\s0 with X931 padding" 4 +Supports no digests (the digest \fBtype\fR must be NULL) +.IP "RSA with X931 padding" 4 .IX Item "RSA with X931 padding" -Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 -.IP "All other \s-1RSA\s0 padding types" 4 +Supports SHA1, SHA256, SHA384 and SHA512 +.IP "All other RSA padding types" 4 .IX Item "All other RSA padding types" -Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, -SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 +Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512 .IP "Ed25519 and Ed448" 4 .IX Item "Ed25519 and Ed448" -Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) -.IP "\s-1HMAC\s0" 4 +Support no digests (the digest \fBtype\fR must be NULL) +.IP HMAC 4 .IX Item "HMAC" Supports any digest -.IP "\s-1CMAC,\s0 Poly1305 and Siphash" 4 +.IP "CMAC, Poly1305 and Siphash" 4 .IX Item "CMAC, Poly1305 and Siphash" Will ignore any digest provided. .PP -If RSA-PSS is used and restrictions apply then the digest must match. +If RSA\-PSS is used and restrictions apply then the digest must match. .PP \&\fBEVP_DigestVerifyInit()\fR works in the same way as \&\fBEVP_DigestVerifyInit_ex()\fR except that the \fBmdname\fR parameter will be -inferred from the supplied digest \fBtype\fR, and \fBprops\fR will be \s-1NULL.\s0 Where -supplied the \s-1ENGINE\s0 \fBe\fR will be used for the signature verification and digest -algorithm implementations. \fBe\fR may be \s-1NULL.\s0 +inferred from the supplied digest \fBtype\fR, and \fBprops\fR will be NULL. Where +supplied the ENGINE \fBe\fR will be used for the signature verification and digest +algorithm implementations. \fBe\fR may be NULL. .PP \&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the @@ -254,10 +179,10 @@ error (and sometimes also indicate an invalid signature form). .PP The error codes can be obtained from \fBERR_get_error\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low-level interfaces. This is because the code then becomes +The \fBEVP\fR interface to digital signatures should almost always be used in +preference to the low\-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP \&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of @@ -267,13 +192,13 @@ to verify data. .PP In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR -needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and +and public key algorithms. This meant that "clone" digests such as \fBEVP_dss1()\fR +needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged. .PP For some key types and parameters the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .PP The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can @@ -281,7 +206,7 @@ .PP \&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyInit_ex()\fR functions can be called multiple times on a context and the parameters set by previous calls should be -preserved if the \fIpkey\fR parameter is \s-1NULL.\s0 The call then just resets the state +preserved if the \fIpkey\fR parameter is NULL. The call then just resets the state of the \fIctx\fR. .PP Ignoring failure returns of \fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyInit_ex()\fR @@ -291,11 +216,11 @@ .IX Header "SEE ALSO" \&\fBEVP_DigestSignInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), -\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), -\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBopenssl\-dgst\fR\|(1), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBevp\fR\|(7), \fBHMAC\fR\|(3), \fBMD2\fR\|(3), +\&\fBMD5\fR\|(3), \fBMDC2\fR\|(3), \fBRIPEMD160\fR\|(3), +\&\fBSHA1\fR\|(3), \fBopenssl\-dgst\fR\|(1), +\&\fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR were added in OpenSSL 1.0.0. @@ -304,11 +229,11 @@ .PP \&\fBEVP_DigestVerifyUpdate()\fR was converted from a macro to a function in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_EncodeInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_ENCODEINIT 3ossl" -.TH EVP_ENCODEINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_ENCODEINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock \- EVP base 64 encode/decode routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -164,21 +89,21 @@ \& int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); \& int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 encode routines provide a high-level interface to base 64 encoding and +The EVP encode routines provide a high\-level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses -the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 +the characters A\-Z, a\-z, 0\-9, "+" and "/" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced plus some occasional newlines (see below). If the input data length is not a -multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" +multiple of 3 then the output data will be padded at the end using the "=" character. .PP \&\fBEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for the encode/decode functions. .PP \&\fBEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the -space allocated to it. +space allocated to it. If the argument is NULL, nothing is done. .PP Encoding of binary data is performed in blocks of 48 input bytes (or less for the final block). For each 48 byte input block encoded 64 bytes of base 64 data @@ -192,7 +117,7 @@ .PP \&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by \&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output -is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the +is stored in \fB*outl\fR. It is the caller\*(Aqs responsibility to ensure that the buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full blocks of data (48 bytes) will be immediately processed and output by this function. Any remainder is held in the \fBctx\fR object and will be processed by a @@ -201,7 +126,7 @@ amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore any remainder). This gives the number of blocks of data that will be processed. Ensure the output buffer contains 65 bytes of storage for each block, plus an -additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called +additional byte for a NUL terminator. \fBEVP_EncodeUpdate()\fR may be called repeatedly to process large amounts of input data. In the event of an error \&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be returned. @@ -209,9 +134,9 @@ \&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will process any partial block of data remaining in the \fBctx\fR object. The output data will be stored in \fBout\fR and the length of the data written will be stored -in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is +in \fB*outl\fR. It is the caller\*(Aqs responsibility to ensure that \fBout\fR is sufficiently large to accommodate the output data which will never be more than -65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). +65 bytes plus an additional NUL terminator (i.e. 66 bytes in total). .PP \&\fBEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context \&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. @@ -223,30 +148,30 @@ \&\fBn\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of output data will be produced. If \fBn\fR is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always -divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For +divisible by 4. Additionally a NUL terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is -created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of -the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. +created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of +the data generated \fIwithout\fR the NUL terminator is returned from the function. .PP \&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. .PP \&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes -output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that +output is stored in \fB*outl\fR. It is the caller\*(Aqs responsibility to ensure that the buffer at \fBout\fR is sufficiently large to accommodate the output data. This function will attempt to decode as much data as possible in 4 byte chunks. Any whitespace, newline or carriage return characters are ignored. Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If any illegal base 64 characters are encountered or if the base 64 padding -character \*(L"=\*(R" is encountered in the middle of the data then the function returns +character "=" is encountered in the middle of the data then the function returns \&\-1 to indicate an error. A return value of 0 or 1 indicates successful processing of the data. A return value of 0 additionally indicates that the last -input data characters processed included the base 64 padding character \*(L"=\*(R" and -therefore no more non-padding character data is expected to be processed. For +input data characters processed included the base 64 padding character "=" and +therefore no more non\-padding character data is expected to be processed. For every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and line feeds), 3 bytes of binary output data will be produced (or less at the end -of the data where the padding character \*(L"=\*(R" has been used). +of the data where the padding character "=" has been used). .PP \&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there is any unprocessed data still in \fBctx\fR then the input data must not have been @@ -255,7 +180,7 @@ .PP \&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be -trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 +trimmed as will any trailing whitespace, newlines, carriage returns or EOF characters. After such trimming the length of the data in \fBf\fR must be divisible by 4. For every 4 input bytes exactly 3 output bytes will be produced. The output will be padded with 0 bits if necessary to ensure that the output is @@ -263,19 +188,19 @@ the data decoded or \-1 on error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 -object or \s-1NULL\s0 on error. +\&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated EVP_ENCODE_CTX +object or NULL on error. .PP \&\fBEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in \&\fBctx\fR. .PP \&\fBEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. .PP -\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 +\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the NUL terminator. .PP \&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned -then no more non-padding base 64 characters are expected. +then no more non\-padding base 64 characters are expected. .PP \&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. .PP @@ -283,11 +208,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_EncryptInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_ENCRYPTINIT 3ossl" -.TH EVP_ENCRYPTINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_ENCRYPTINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER_fetch, EVP_CIPHER_up_ref, EVP_CIPHER_free, @@ -198,8 +123,6 @@ EVP_CIPHER_CTX_get_key_length, EVP_CIPHER_CTX_get_iv_length, EVP_CIPHER_CTX_get_tag_length, -EVP_CIPHER_CTX_get_app_data, -EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags, @@ -232,7 +155,7 @@ EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_mode \&\- EVP cipher routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -331,8 +254,6 @@ \& int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); -\& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); -\& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); \& int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); @@ -366,7 +287,7 @@ .Ve .PP The following function has been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -374,114 +295,124 @@ .Ve .PP The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 cipher routines are a high-level interface to certain +The EVP cipher routines are a high\-level interface to certain symmetric ciphers. .PP -The \fB\s-1EVP_CIPHER\s0\fR type is a structure for cipher method implementation. -.IP "\fBEVP_CIPHER_fetch()\fR" 4 +The \fBEVP_CIPHER\fR type is a structure for cipher method implementation. +.IP \fBEVP_CIPHER_fetch()\fR 4 .IX Item "EVP_CIPHER_fetch()" Fetches the cipher implementation for the given \fIalgorithm\fR from any provider offering it, within the criteria given by the \fIproperties\fR. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .Sp The returned value must eventually be freed with \fBEVP_CIPHER_free()\fR. .Sp -Fetched \fB\s-1EVP_CIPHER\s0\fR structures are reference counted. -.IP "\fBEVP_CIPHER_up_ref()\fR" 4 +Fetched \fBEVP_CIPHER\fR structures are reference counted. +.IP \fBEVP_CIPHER_up_ref()\fR 4 .IX Item "EVP_CIPHER_up_ref()" -Increments the reference count for an \fB\s-1EVP_CIPHER\s0\fR structure. -.IP "\fBEVP_CIPHER_free()\fR" 4 +Increments the reference count for an \fBEVP_CIPHER\fR structure. +.IP \fBEVP_CIPHER_free()\fR 4 .IX Item "EVP_CIPHER_free()" -Decrements the reference count for the fetched \fB\s-1EVP_CIPHER\s0\fR structure. +Decrements the reference count for the fetched \fBEVP_CIPHER\fR structure. If the reference count drops to 0 then the structure is freed. -.IP "\fBEVP_CIPHER_CTX_new()\fR" 4 +If the argument is NULL, nothing is done. +.IP \fBEVP_CIPHER_CTX_new()\fR 4 .IX Item "EVP_CIPHER_CTX_new()" Allocates and returns a cipher context. -.IP "\fBEVP_CIPHER_CTX_free()\fR" 4 +.IP \fBEVP_CIPHER_CTX_free()\fR 4 .IX Item "EVP_CIPHER_CTX_free()" Clears all information from a cipher context and frees any allocated memory -associated with it, including \fIctx\fR itself. This function should be called after -all operations using a cipher are complete so sensitive information does not -remain in memory. -.IP "\fBEVP_CIPHER_CTX_ctrl()\fR" 4 +associated with it, including \fIctx\fR itself. This function should be called +after all operations using a cipher are complete so sensitive information does +not remain in memory. If the argument is NULL, nothing is done. +.IP \fBEVP_CIPHER_CTX_ctrl()\fR 4 .IX Item "EVP_CIPHER_CTX_ctrl()" \&\fIThis is a legacy method.\fR \fBEVP_CIPHER_CTX_set_params()\fR and \&\fBEVP_CIPHER_CTX_get_params()\fR is the mechanism that should be used to set and get parameters that are used by providers. .Sp -Performs cipher-specific control actions on context \fIctx\fR. The control command +Performs cipher\-specific control actions on context \fIctx\fR. The control command is indicated in \fIcmd\fR and any additional arguments in \fIp1\fR and \fIp2\fR. \&\fBEVP_CIPHER_CTX_ctrl()\fR must be called after \fBEVP_CipherInit_ex2()\fR. Other restrictions may apply depending on the control type and cipher implementation. .Sp -If this function happens to be used with a fetched \fB\s-1EVP_CIPHER\s0\fR, it will -translate the controls that are known to OpenSSL into \s-1\fBOSSL_PARAM\s0\fR\|(3) +If this function happens to be used with a fetched \fBEVP_CIPHER\fR, it will +translate the controls that are known to OpenSSL into \fBOSSL_PARAM\fR\|(3) parameters with keys defined by OpenSSL and call \fBEVP_CIPHER_CTX_get_params()\fR or \&\fBEVP_CIPHER_CTX_set_params()\fR as is appropriate for each control command. .Sp -See \*(L"\s-1CONTROLS\*(R"\s0 below for more information, including what translations are +See "CONTROLS" below for more information, including what translations are being done. -.IP "\fBEVP_CIPHER_get_params()\fR" 4 +.IP \fBEVP_CIPHER_get_params()\fR 4 .IX Item "EVP_CIPHER_get_params()" -Retrieves the requested list of algorithm \fIparams\fR from a \s-1CIPHER\s0 \fIcipher\fR. -See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. -.IP "\fBEVP_CIPHER_CTX_get_params()\fR" 4 +Retrieves the requested list of algorithm \fIparams\fR from a CIPHER \fIcipher\fR. +See "PARAMETERS" below for more information. +.IP \fBEVP_CIPHER_CTX_get_params()\fR 4 .IX Item "EVP_CIPHER_CTX_get_params()" -Retrieves the requested list of \fIparams\fR from \s-1CIPHER\s0 context \fIctx\fR. -See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. -.IP "\fBEVP_CIPHER_CTX_set_params()\fR" 4 +Retrieves the requested list of \fIparams\fR from CIPHER context \fIctx\fR. +See "PARAMETERS" below for more information. +.IP \fBEVP_CIPHER_CTX_set_params()\fR 4 .IX Item "EVP_CIPHER_CTX_set_params()" -Sets the list of \fIparams\fR into a \s-1CIPHER\s0 context \fIctx\fR. -See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. -.IP "\fBEVP_CIPHER_gettable_params()\fR" 4 +Sets the list of \fIparams\fR into a CIPHER context \fIctx\fR. +See "PARAMETERS" below for more information. +.IP \fBEVP_CIPHER_gettable_params()\fR 4 .IX Item "EVP_CIPHER_gettable_params()" -Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters +Get a constant \fBOSSL_PARAM\fR\|(3) array that describes the retrievable parameters that can be used with \fBEVP_CIPHER_get_params()\fR. .IP "\fBEVP_CIPHER_gettable_ctx_params()\fR and \fBEVP_CIPHER_CTX_gettable_params()\fR" 4 .IX Item "EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params()" -Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters +Get a constant \fBOSSL_PARAM\fR\|(3) array that describes the retrievable parameters that can be used with \fBEVP_CIPHER_CTX_get_params()\fR. \&\fBEVP_CIPHER_gettable_ctx_params()\fR returns the parameters that can be retrieved from the algorithm, whereas \fBEVP_CIPHER_CTX_gettable_params()\fR returns the -parameters that can be retrieved in the context's current state. +parameters that can be retrieved in the context\*(Aqs current state. .IP "\fBEVP_CIPHER_settable_ctx_params()\fR and \fBEVP_CIPHER_CTX_settable_params()\fR" 4 .IX Item "EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params()" -Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the settable parameters +Get a constant \fBOSSL_PARAM\fR\|(3) array that describes the settable parameters that can be used with \fBEVP_CIPHER_CTX_set_params()\fR. \&\fBEVP_CIPHER_settable_ctx_params()\fR returns the parameters that can be set from the algorithm, whereas \fBEVP_CIPHER_CTX_settable_params()\fR returns the parameters that -can be set in the context's current state. -.IP "\fBEVP_EncryptInit_ex2()\fR" 4 +can be set in the context\*(Aqs current state. +.IP \fBEVP_EncryptInit_ex2()\fR 4 .IX Item "EVP_EncryptInit_ex2()" Sets up cipher context \fIctx\fR for encryption with cipher \fItype\fR. \fItype\fR is typically supplied by calling \fBEVP_CIPHER_fetch()\fR. \fItype\fR may also be set using legacy functions such as \fBEVP_aes_256_cbc()\fR, but this is not recommended -for new applications. \fIkey\fR is the symmetric key to use and \fIiv\fR is the \s-1IV\s0 to -use (if necessary), the actual number of bytes used for the key and \s-1IV\s0 depends +for new applications. \fIkey\fR is the symmetric key to use and \fIiv\fR is the IV to +use (if necessary), the actual number of bytes used for the key and IV depends on the cipher. The parameters \fIparams\fR will be set on the context after -initialisation. It is possible to set all parameters to \s-1NULL\s0 except \fItype\fR in +initialisation. It is possible to set all parameters to NULL except \fItype\fR in an initial call and supply the remaining parameters in subsequent calls, all of -which have \fItype\fR set to \s-1NULL.\s0 This is done when the default cipher parameters +which have \fItype\fR set to NULL. This is done when the default cipher parameters are not appropriate. -For \fB\s-1EVP_CIPH_GCM_MODE\s0\fR the \s-1IV\s0 will be generated internally if it is not +For \fBEVP_CIPH_GCM_MODE\fR the IV will be generated internally if it is not specified. -.IP "\fBEVP_EncryptInit_ex()\fR" 4 +.IP \fBEVP_EncryptInit_ex()\fR 4 .IX Item "EVP_EncryptInit_ex()" -This legacy function is similar to \fBEVP_EncryptInit_ex2()\fR when \fIimpl\fR is \s-1NULL.\s0 +This legacy function is similar to \fBEVP_EncryptInit_ex2()\fR when \fIimpl\fR is NULL. The implementation of the \fItype\fR from the \fIimpl\fR engine will be used if it exists. -.IP "\fBEVP_EncryptUpdate()\fR" 4 +.IP \fBEVP_EncryptUpdate()\fR 4 .IX Item "EVP_EncryptUpdate()" Encrypts \fIinl\fR bytes from the buffer \fIin\fR and writes the encrypted version to -\&\fIout\fR. This function can be called multiple times to encrypt successive blocks +\&\fIout\fR. The pointers \fIout\fR and \fIin\fR may point to the same location, in which +case the encryption will be done in\-place. However, in\-place encryption is +guaranteed to work only if the encryption context (\fIctx\fR) has processed data in +multiples of the block size. If the context contains an incomplete data block +from previous operations, in\-place encryption will fail. +.Sp +If \fIout\fR and \fIin\fR point to different locations, the two buffers must be +disjoint, otherwise the operation might fail or the outcome might be undefined. +.Sp +This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data. For most ciphers and modes, the amount of data written can be anything @@ -490,15 +421,14 @@ from zero bytes to (inl + cipher_block_size) bytes. For stream ciphers, the amount of data written can be anything from zero bytes to inl bytes. -Thus, \fIout\fR should contain sufficient room for the operation being performed. -The actual number of bytes written is placed in \fIoutl\fR. It also -checks if \fIin\fR and \fIout\fR are partially overlapping, and if they are -0 is returned to indicate failure. +Thus, the buffer pointed to by \fIout\fR must contain sufficient room for the +operation being performed. +The actual number of bytes written is placed in \fIoutl\fR. .Sp If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts -the \*(L"final\*(R" data, that is any data that remains in a partial block. -It uses standard block padding (aka \s-1PKCS\s0 padding) as described in -the \s-1NOTES\s0 section, below. The encrypted +the "final" data, that is any data that remains in a partial block. +It uses standard block padding (aka PKCS padding) as described in +the NOTES section, below. The encrypted final data is written to \fIout\fR which should have sufficient space for one cipher block. The number of bytes written is placed in \fIoutl\fR. After this function is called the encryption operation is finished and no further @@ -521,8 +451,8 @@ These functions can be used for decryption or encryption. The operation performed depends on the value of the \fIenc\fR parameter. It should be set to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged -(the actual value of 'enc' being supplied in a previous call). -.IP "\fBEVP_CIPHER_CTX_reset()\fR" 4 +(the actual value of \*(Aqenc\*(Aq being supplied in a previous call). +.IP \fBEVP_CIPHER_CTX_reset()\fR 4 .IX Item "EVP_CIPHER_CTX_reset()" Clears all information from a cipher context and free up any allocated memory associated with it, except the \fIctx\fR itself. This function should be called @@ -539,33 +469,33 @@ \&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up the \fIctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_cleanup()\fR must be called to free any context resources. -.IP "\fBEVP_Cipher()\fR" 4 +.IP \fBEVP_Cipher()\fR 4 .IX Item "EVP_Cipher()" Encrypts or decrypts a maximum \fIinl\fR amount of bytes from \fIin\fR and leaves the result in \fIout\fR. .Sp -For legacy ciphers \- If the cipher doesn't have the flag -\&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR set, then \fIinl\fR must be a multiple of -\&\fBEVP_CIPHER_get_block_size()\fR. If it isn't, the result is undefined. If the cipher +For legacy ciphers \- If the cipher doesn\*(Aqt have the flag +\&\fBEVP_CIPH_FLAG_CUSTOM_CIPHER\fR set, then \fIinl\fR must be a multiple of +\&\fBEVP_CIPHER_get_block_size()\fR. If it isn\*(Aqt, the result is undefined. If the cipher has that flag set, then \fIinl\fR can be any size. .Sp -Due to the constraints of the \s-1API\s0 contract of this function it shouldn't be used +Due to the constraints of the API contract of this function it shouldn\*(Aqt be used in applications, please consider using \fBEVP_CipherUpdate()\fR and \&\fBEVP_CipherFinal_ex()\fR instead. .IP "\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR" 4 .IX Item "EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()" -Returns an \fB\s-1EVP_CIPHER\s0\fR structure when passed a cipher name, a cipher \fB\s-1NID\s0\fR or -an \fB\s-1ASN1_OBJECT\s0\fR structure respectively. +Returns an \fBEVP_CIPHER\fR structure when passed a cipher name, a cipher \fBNID\fR or +an \fBASN1_OBJECT\fR structure respectively. .Sp -\&\fBEVP_get_cipherbyname()\fR will return \s-1NULL\s0 for algorithms such as \*(L"\s-1AES\-128\-SIV\*(R", -\&\*(L"AES\-128\-CBC\-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA\-128\-CBC\-CTS\*(R"\s0 which were previously only +\&\fBEVP_get_cipherbyname()\fR will return NULL for algorithms such as "AES\-128\-SIV", +"AES\-128\-CBC\-CTS" and "CAMELLIA\-128\-CBC\-CTS" which were previously only accessible via low level interfaces. .Sp The \fBEVP_get_cipherbyname()\fR function is present for backwards compatibility with OpenSSL prior to version 3 and is different to the \fBEVP_CIPHER_fetch()\fR function -since it does not attempt to \*(L"fetch\*(R" an implementation of the cipher. -Additionally, it only knows about ciphers that are built-in to OpenSSL and have -an associated \s-1NID.\s0 Similarly \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR +since it does not attempt to "fetch" an implementation of the cipher. +Additionally, it only knows about ciphers that are built\-in to OpenSSL and have +an associated NID. Similarly \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR also return objects without an associated implementation. .Sp When the cipher objects returned by these functions are used (such as in a call @@ -574,23 +504,23 @@ implementation is available. Use \fBEVP_CIPHER_fetch()\fR instead to explicitly fetch the algorithm and an associated implementation from a provider. .Sp -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about fetching. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for more information about fetching. .Sp The cipher objects returned from these functions do not need to be freed with \&\fBEVP_CIPHER_free()\fR. .IP "\fBEVP_CIPHER_get_nid()\fR and \fBEVP_CIPHER_CTX_get_nid()\fR" 4 .IX Item "EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid()" -Return the \s-1NID\s0 of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR -structure. The actual \s-1NID\s0 value is an internal value which may not have a -corresponding \s-1OBJECT IDENTIFIER.\s0 +Return the NID of a cipher when passed an \fBEVP_CIPHER\fR or \fBEVP_CIPHER_CTX\fR +structure. The actual NID value is an internal value which may not have a +corresponding OBJECT IDENTIFIER. .IP "\fBEVP_CIPHER_CTX_set_flags()\fR, \fBEVP_CIPHER_CTX_clear_flags()\fR and \fBEVP_CIPHER_CTX_test_flags()\fR" 4 .IX Item "EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags()" -Sets, clears and tests \fIctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. +Sets, clears and tests \fIctx\fR flags. See "FLAGS" below for more information. .Sp For provided ciphers \fBEVP_CIPHER_CTX_set_flags()\fR should be called only after the fetched cipher has been assigned to the \fIctx\fR. It is recommended to use -\&\*(L"\s-1PARAMETERS\*(R"\s0 instead. -.IP "\fBEVP_CIPHER_CTX_set_padding()\fR" 4 +"PARAMETERS" instead. +.IP \fBEVP_CIPHER_CTX_set_padding()\fR 4 .IX Item "EVP_CIPHER_CTX_set_padding()" Enables or disables padding. This function should be called after the context is set up for encryption or decryption with \fBEVP_EncryptInit_ex2()\fR, @@ -601,610 +531,566 @@ be a multiple of the block size or an error will occur. .IP "\fBEVP_CIPHER_get_key_length()\fR and \fBEVP_CIPHER_CTX_get_key_length()\fR" 4 .IX Item "EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length()" -Return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or -\&\fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum +Return the key length of a cipher when passed an \fBEVP_CIPHER\fR or +\&\fBEVP_CIPHER_CTX\fR structure. The constant \fBEVP_MAX_KEY_LENGTH\fR is the maximum key length for all ciphers. Note: although \fBEVP_CIPHER_get_key_length()\fR is fixed for a given cipher, the value of \fBEVP_CIPHER_CTX_get_key_length()\fR may be different for variable key length ciphers. -.IP "\fBEVP_CIPHER_CTX_set_key_length()\fR" 4 +.IP \fBEVP_CIPHER_CTX_set_key_length()\fR 4 .IX Item "EVP_CIPHER_CTX_set_key_length()" Sets the key length of the cipher context. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error. .IP "\fBEVP_CIPHER_get_iv_length()\fR and \fBEVP_CIPHER_CTX_get_iv_length()\fR" 4 .IX Item "EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length()" -Return the \s-1IV\s0 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or -\&\fB\s-1EVP_CIPHER_CTX\s0\fR. It will return zero if the cipher does not use an \s-1IV.\s0 -The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. -.IP "\fBEVP_CIPHER_CTX_get_tag_length()\fR" 4 +Return the IV length of a cipher when passed an \fBEVP_CIPHER\fR or +\&\fBEVP_CIPHER_CTX\fR. It will return zero if the cipher does not use an IV. +The constant \fBEVP_MAX_IV_LENGTH\fR is the maximum IV length for all ciphers. +.IP \fBEVP_CIPHER_CTX_get_tag_length()\fR 4 .IX Item "EVP_CIPHER_CTX_get_tag_length()" -Returns the tag length of an \s-1AEAD\s0 cipher when passed a \fB\s-1EVP_CIPHER_CTX\s0\fR. It will +Returns the tag length of an AEAD cipher when passed a \fBEVP_CIPHER_CTX\fR. It will return zero if the cipher does not support a tag. It returns a default value if the tag length has not been set. .IP "\fBEVP_CIPHER_get_block_size()\fR and \fBEVP_CIPHER_CTX_get_block_size()\fR" 4 .IX Item "EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size()" -Return the block size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or -\&\fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the +Return the block size of a cipher when passed an \fBEVP_CIPHER\fR or +\&\fBEVP_CIPHER_CTX\fR structure. The constant \fBEVP_MAX_BLOCK_LENGTH\fR is also the maximum block length for all ciphers. .IP "\fBEVP_CIPHER_get_type()\fR and \fBEVP_CIPHER_CTX_get_type()\fR" 4 .IX Item "EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type()" -Return the type of the passed cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 -of the cipher \s-1OBJECT IDENTIFIER\s0 and as such it ignores the cipher parameters -(40 bit \s-1RC2\s0 and 128 bit \s-1RC2\s0 have the same \s-1NID\s0). If the cipher does not have an -object identifier or does not have \s-1ASN1\s0 support this function will return +Return the type of the passed cipher or context. This "type" is the actual NID +of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters +(40 bit RC2 and 128 bit RC2 have the same NID). If the cipher does not have an +object identifier or does not have ASN1 support this function will return \&\fBNID_undef\fR. -.IP "\fBEVP_CIPHER_is_a()\fR" 4 +.IP \fBEVP_CIPHER_is_a()\fR 4 .IX Item "EVP_CIPHER_is_a()" -Returns 1 if \fIcipher\fR is an implementation of an algorithm that's identifiable -with \fIname\fR, otherwise 0. If \fIcipher\fR is a legacy cipher (it's the return +Returns 1 if \fIcipher\fR is an implementation of an algorithm that\*(Aqs identifiable +with \fIname\fR, otherwise 0. If \fIcipher\fR is a legacy cipher (it\*(Aqs the return value from the likes of \fBEVP_aes128()\fR rather than the result of an \&\fBEVP_CIPHER_fetch()\fR), only cipher names registered with the default library -context (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) will be considered. +context (see \fBOSSL_LIB_CTX\fR\|(3)) will be considered. .IP "\fBEVP_CIPHER_get0_name()\fR and \fBEVP_CIPHER_CTX_get0_name()\fR" 4 .IX Item "EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name()" Return the name of the passed cipher or context. For fetched ciphers with multiple names, only one of them is returned. See also \fBEVP_CIPHER_names_do_all()\fR. -.IP "\fBEVP_CIPHER_names_do_all()\fR" 4 +.IP \fBEVP_CIPHER_names_do_all()\fR 4 .IX Item "EVP_CIPHER_names_do_all()" Traverses all names for the \fIcipher\fR, and calls \fIfn\fR with each name and -\&\fIdata\fR. This is only useful with fetched \fB\s-1EVP_CIPHER\s0\fRs. -.IP "\fBEVP_CIPHER_get0_description()\fR" 4 +\&\fIdata\fR. This is only useful with fetched \fBEVP_CIPHER\fRs. +.IP \fBEVP_CIPHER_get0_description()\fR 4 .IX Item "EVP_CIPHER_get0_description()" Returns a description of the cipher, meant for display and human consumption. The description is at the discretion of the cipher implementation. -.IP "\fBEVP_CIPHER_get0_provider()\fR" 4 +.IP \fBEVP_CIPHER_get0_provider()\fR 4 .IX Item "EVP_CIPHER_get0_provider()" -Returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider that implements the given -\&\fB\s-1EVP_CIPHER\s0\fR. -.IP "\fBEVP_CIPHER_CTX_get0_cipher()\fR" 4 +Returns an \fBOSSL_PROVIDER\fR pointer to the provider that implements the given +\&\fBEVP_CIPHER\fR. +.IP \fBEVP_CIPHER_CTX_get0_cipher()\fR 4 .IX Item "EVP_CIPHER_CTX_get0_cipher()" -Returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. +Returns the \fBEVP_CIPHER\fR structure when passed an \fBEVP_CIPHER_CTX\fR structure. \&\fBEVP_CIPHER_CTX_get1_cipher()\fR is the same except the ownership is passed to the caller. .IP "\fBEVP_CIPHER_get_mode()\fR and \fBEVP_CIPHER_CTX_get_mode()\fR" 4 .IX Item "EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()" Return the block cipher mode: -\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, +EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, -EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0 or \s-1EVP_CIPH_SIV_MODE.\s0 -If the cipher is a stream cipher then \s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. -.IP "\fBEVP_CIPHER_get_flags()\fR" 4 +EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. +If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned. +.IP \fBEVP_CIPHER_get_flags()\fR 4 .IX Item "EVP_CIPHER_get_flags()" -Returns any flags associated with the cipher. See \*(L"\s-1FLAGS\*(R"\s0 +Returns any flags associated with the cipher. See "FLAGS" for a list of currently defined flags. .IP "\fBEVP_CIPHER_CTX_get_num()\fR and \fBEVP_CIPHER_CTX_set_num()\fR" 4 .IX Item "EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num()" -Gets or sets the cipher specific \*(L"num\*(R" parameter for the associated \fIctx\fR. -Built-in ciphers typically use this to track how much of the current underlying block -has been \*(L"used\*(R" already. -.IP "\fBEVP_CIPHER_CTX_is_encrypting()\fR" 4 +Gets or sets the cipher specific "num" parameter for the associated \fIctx\fR. +Built\-in ciphers typically use this to track how much of the current underlying block +has been "used" already. +.IP \fBEVP_CIPHER_CTX_is_encrypting()\fR 4 .IX Item "EVP_CIPHER_CTX_is_encrypting()" Reports whether the \fIctx\fR is being used for encryption or decryption. -.IP "\fBEVP_CIPHER_CTX_flags()\fR" 4 +.IP \fBEVP_CIPHER_CTX_flags()\fR 4 .IX Item "EVP_CIPHER_CTX_flags()" A deprecated macro calling \f(CW\*(C`EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))\*(C'\fR. Do not use. -.IP "\fBEVP_CIPHER_param_to_asn1()\fR" 4 +.IP \fBEVP_CIPHER_param_to_asn1()\fR 4 .IX Item "EVP_CIPHER_param_to_asn1()" -Sets the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. This will -typically include any parameters and an \s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set +Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will +typically include any parameters and an IV. The cipher IV (if any) must be set when this call is made. This call should be made before the cipher is actually -\&\*(L"used\*(R" (before any \fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). -This function may fail if the cipher does not have any \s-1ASN1\s0 support. -.IP "\fBEVP_CIPHER_asn1_to_param()\fR" 4 +"used" (before any \fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). +This function may fail if the cipher does not have any ASN1 support. +.IP \fBEVP_CIPHER_asn1_to_param()\fR 4 .IX Item "EVP_CIPHER_asn1_to_param()" -Sets the cipher parameters based on an \s-1ASN1\s0 AlgorithmIdentifier \*(L"parameter\*(R". -The precise effect depends on the cipher. In the case of \fB\s-1RC2\s0\fR, for example, -it will set the \s-1IV\s0 and effective key length. +Sets the cipher parameters based on an ASN1 AlgorithmIdentifier "parameter". +The precise effect depends on the cipher. In the case of \fBRC2\fR, for example, +it will set the IV and effective key length. This function should be called after the base cipher type is set but before -the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and -key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally -\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is -possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support -or the parameters cannot be set (for example the \s-1RC2\s0 effective key length +the key is set. For example \fBEVP_CipherInit()\fR will be called with the IV and +key set to NULL, \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fBEVP_CipherInit()\fR again with all parameters except the key set to NULL. It is +possible for this function to fail if the cipher does not have any ASN1 support +or the parameters cannot be set (for example the RC2 effective key length is not supported. -.IP "\fBEVP_CIPHER_CTX_rand_key()\fR" 4 +.IP \fBEVP_CIPHER_CTX_rand_key()\fR 4 .IX Item "EVP_CIPHER_CTX_rand_key()" Generates a random key of the appropriate length based on the cipher context. -The \fB\s-1EVP_CIPHER\s0\fR can provide its own random key generation routine to support +The \fBEVP_CIPHER\fR can provide its own random key generation routine to support keys of a specific form. \fIkey\fR must point to a buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_get_key_length()\fR. -.IP "\fBEVP_CIPHER_do_all_provided()\fR" 4 +.IP \fBEVP_CIPHER_do_all_provided()\fR 4 .IX Item "EVP_CIPHER_do_all_provided()" Traverses all ciphers implemented by all activated providers in the given library context \fIlibctx\fR, and for each of the implementations, calls the given function \fIfn\fR with the implementation method and the given \fIarg\fR as argument. -.SH "PARAMETERS" +.SH PARAMETERS .IX Header "PARAMETERS" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about passing parameters. -.SS "Gettable \s-1EVP_CIPHER\s0 parameters" +See \fBOSSL_PARAM\fR\|(3) for information about passing parameters. +.SS "Gettable EVP_CIPHER parameters" .IX Subsection "Gettable EVP_CIPHER parameters" When \fBEVP_CIPHER_fetch()\fR is called it internally calls \fBEVP_CIPHER_get_params()\fR and caches the results. .PP -\&\fBEVP_CIPHER_get_params()\fR can be used with the following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys: -.ie n .IP """mode"" (\fB\s-1OSSL_CIPHER_PARAM_MODE\s0\fR) " 4 -.el .IP "``mode'' (\fB\s-1OSSL_CIPHER_PARAM_MODE\s0\fR) " 4 -.IX Item "mode (OSSL_CIPHER_PARAM_MODE) " +\&\fBEVP_CIPHER_get_params()\fR can be used with the following \fBOSSL_PARAM\fR\|(3) keys: +.IP """mode"" (\fBOSSL_CIPHER_PARAM_MODE\fR) " 4 +.IX Item """mode"" (OSSL_CIPHER_PARAM_MODE) " Gets the mode for the associated cipher algorithm \fIcipher\fR. -See \*(L"\fBEVP_CIPHER_get_mode()\fR and \fBEVP_CIPHER_CTX_get_mode()\fR\*(R" for a list of valid modes. +See "\fBEVP_CIPHER_get_mode()\fR and \fBEVP_CIPHER_CTX_get_mode()\fR" for a list of valid modes. Use \fBEVP_CIPHER_get_mode()\fR to retrieve the cached value. -.ie n .IP """keylen"" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 -.el .IP "``keylen'' (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 -.IX Item "keylen (OSSL_CIPHER_PARAM_KEYLEN) " +.IP """keylen"" (\fBOSSL_CIPHER_PARAM_KEYLEN\fR) " 4 +.IX Item """keylen"" (OSSL_CIPHER_PARAM_KEYLEN) " Gets the key length for the associated cipher algorithm \fIcipher\fR. Use \fBEVP_CIPHER_get_key_length()\fR to retrieve the cached value. -.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) " 4 -.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) " 4 -.IX Item "ivlen (OSSL_CIPHER_PARAM_IVLEN) " -Gets the \s-1IV\s0 length for the associated cipher algorithm \fIcipher\fR. +.IP """ivlen"" (\fBOSSL_CIPHER_PARAM_IVLEN\fR) " 4 +.IX Item """ivlen"" (OSSL_CIPHER_PARAM_IVLEN) " +Gets the IV length for the associated cipher algorithm \fIcipher\fR. Use \fBEVP_CIPHER_get_iv_length()\fR to retrieve the cached value. -.ie n .IP """blocksize"" (\fB\s-1OSSL_CIPHER_PARAM_BLOCK_SIZE\s0\fR) " 4 -.el .IP "``blocksize'' (\fB\s-1OSSL_CIPHER_PARAM_BLOCK_SIZE\s0\fR) " 4 -.IX Item "blocksize (OSSL_CIPHER_PARAM_BLOCK_SIZE) " +.IP """blocksize"" (\fBOSSL_CIPHER_PARAM_BLOCK_SIZE\fR) " 4 +.IX Item """blocksize"" (OSSL_CIPHER_PARAM_BLOCK_SIZE) " Gets the block size for the associated cipher algorithm \fIcipher\fR. The block size should be 1 for stream ciphers. Note that the block size for a cipher may be different to the block size for the underlying encryption/decryption primitive. -For example \s-1AES\s0 in \s-1CTR\s0 mode has a block size of 1 (because it operates like a -stream cipher), even though \s-1AES\s0 has a block size of 16. +For example AES in CTR mode has a block size of 1 (because it operates like a +stream cipher), even though AES has a block size of 16. Use \fBEVP_CIPHER_get_block_size()\fR to retrieve the cached value. -.ie n .IP """aead"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD\s0\fR) " 4 -.el .IP "``aead'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD\s0\fR) " 4 -.IX Item "aead (OSSL_CIPHER_PARAM_AEAD) " -Gets 1 if this is an \s-1AEAD\s0 cipher algorithm, otherwise it gets 0. -Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0) to retrieve the +.IP """aead"" (\fBOSSL_CIPHER_PARAM_AEAD\fR) " 4 +.IX Item """aead"" (OSSL_CIPHER_PARAM_AEAD) " +Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0. +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the cached value. -.ie n .IP """custom-iv"" (\fB\s-1OSSL_CIPHER_PARAM_CUSTOM_IV\s0\fR) " 4 -.el .IP "``custom-iv'' (\fB\s-1OSSL_CIPHER_PARAM_CUSTOM_IV\s0\fR) " 4 -.IX Item "custom-iv (OSSL_CIPHER_PARAM_CUSTOM_IV) " -Gets 1 if the cipher algorithm \fIcipher\fR has a custom \s-1IV,\s0 otherwise it gets 0. -Storing and initializing the \s-1IV\s0 is left entirely to the implementation, if a -custom \s-1IV\s0 is used. -Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_CUSTOM_IV\s0) to retrieve the +.IP """custom\-iv"" (\fBOSSL_CIPHER_PARAM_CUSTOM_IV\fR) " 4 +.IX Item """custom-iv"" (OSSL_CIPHER_PARAM_CUSTOM_IV) " +Gets 1 if the cipher algorithm \fIcipher\fR has a custom IV, otherwise it gets 0. +Storing and initializing the IV is left entirely to the implementation, if a +custom IV is used. +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the cached value. -.ie n .IP """cts"" (\fB\s-1OSSL_CIPHER_PARAM_CTS\s0\fR) " 4 -.el .IP "``cts'' (\fB\s-1OSSL_CIPHER_PARAM_CTS\s0\fR) " 4 -.IX Item "cts (OSSL_CIPHER_PARAM_CTS) " +.IP """cts"" (\fBOSSL_CIPHER_PARAM_CTS\fR) " 4 +.IX Item """cts"" (OSSL_CIPHER_PARAM_CTS) " Gets 1 if the cipher algorithm \fIcipher\fR uses ciphertext stealing, otherwise it gets 0. This is currently used to indicate that the cipher is a one shot that only allows a single call to \fBEVP_CipherUpdate()\fR. -Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_CTS\s0) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the cached value. -.ie n .IP """tls-multi"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK\s0\fR) " 4 -.el .IP "``tls-multi'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK\s0\fR) " 4 -.IX Item "tls-multi (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK) " +.IP """tls\-multi"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK\fR) " 4 +.IX Item """tls-multi"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK) " Gets 1 if the cipher algorithm \fIcipher\fR supports interleaving of crypto blocks, otherwise it gets 0. The interleaving is an optimization only applicable to certain -\&\s-1TLS\s0 ciphers. -Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0) to retrieve the +TLS ciphers. +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the cached value. -.ie n .IP """has-randkey"" (\fB\s-1OSSL_CIPHER_PARAM_HAS_RANDKEY\s0\fR) " 4 -.el .IP "``has-randkey'' (\fB\s-1OSSL_CIPHER_PARAM_HAS_RANDKEY\s0\fR) " 4 -.IX Item "has-randkey (OSSL_CIPHER_PARAM_HAS_RANDKEY) " -Gets 1 if the cipher algorithm \fIcipher\fR supports the gettable \s-1EVP_CIPHER_CTX\s0 -parameter \fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR. Only \s-1DES\s0 and 3DES set this to 1, +.IP """has\-randkey"" (\fBOSSL_CIPHER_PARAM_HAS_RANDKEY\fR) " 4 +.IX Item """has-randkey"" (OSSL_CIPHER_PARAM_HAS_RANDKEY) " +Gets 1 if the cipher algorithm \fIcipher\fR supports the gettable EVP_CIPHER_CTX +parameter \fBOSSL_CIPHER_PARAM_RANDOM_KEY\fR. Only DES and 3DES set this to 1, all other OpenSSL ciphers return 0. -.SS "Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters" +.SS "Gettable and Settable EVP_CIPHER_CTX parameters" .IX Subsection "Gettable and Settable EVP_CIPHER_CTX parameters" -The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with both \fBEVP_CIPHER_CTX_get_params()\fR +The following \fBOSSL_PARAM\fR\|(3) keys can be used with both \fBEVP_CIPHER_CTX_get_params()\fR and \fBEVP_CIPHER_CTX_set_params()\fR. -.ie n .IP """padding"" (\fB\s-1OSSL_CIPHER_PARAM_PADDING\s0\fR) " 4 -.el .IP "``padding'' (\fB\s-1OSSL_CIPHER_PARAM_PADDING\s0\fR) " 4 -.IX Item "padding (OSSL_CIPHER_PARAM_PADDING) " +.IP """padding"" (\fBOSSL_CIPHER_PARAM_PADDING\fR) " 4 +.IX Item """padding"" (OSSL_CIPHER_PARAM_PADDING) " Gets or sets the padding mode for the cipher context \fIctx\fR. Padding is enabled if the value is 1, and disabled if the value is 0. See also \fBEVP_CIPHER_CTX_set_padding()\fR. -.ie n .IP """num"" (\fB\s-1OSSL_CIPHER_PARAM_NUM\s0\fR) " 4 -.el .IP "``num'' (\fB\s-1OSSL_CIPHER_PARAM_NUM\s0\fR) " 4 -.IX Item "num (OSSL_CIPHER_PARAM_NUM) " -Gets or sets the cipher specific \*(L"num\*(R" parameter for the cipher context \fIctx\fR. -Built-in ciphers typically use this to track how much of the current underlying -block has been \*(L"used\*(R" already. +.IP """num"" (\fBOSSL_CIPHER_PARAM_NUM\fR) " 4 +.IX Item """num"" (OSSL_CIPHER_PARAM_NUM) " +Gets or sets the cipher specific "num" parameter for the cipher context \fIctx\fR. +Built\-in ciphers typically use this to track how much of the current underlying +block has been "used" already. See also \fBEVP_CIPHER_CTX_get_num()\fR and \fBEVP_CIPHER_CTX_set_num()\fR. -.ie n .IP """keylen"" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 -.el .IP "``keylen'' (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 -.IX Item "keylen (OSSL_CIPHER_PARAM_KEYLEN) " +.IP """keylen"" (\fBOSSL_CIPHER_PARAM_KEYLEN\fR) " 4 +.IX Item """keylen"" (OSSL_CIPHER_PARAM_KEYLEN) " Gets or sets the key length for the cipher context \fIctx\fR. -The length of the \*(L"keylen\*(R" parameter should not exceed that of a \fBsize_t\fR. +The length of the "keylen" parameter should not exceed that of a \fBsize_t\fR. See also \fBEVP_CIPHER_CTX_get_key_length()\fR and \fBEVP_CIPHER_CTX_set_key_length()\fR. -.ie n .IP """tag"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR) " 4 -.el .IP "``tag'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR) " 4 -.IX Item "tag (OSSL_CIPHER_PARAM_AEAD_TAG) " -Gets or sets the \s-1AEAD\s0 tag for the associated cipher context \fIctx\fR. -See \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3). -.ie n .IP """keybits"" (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR) " 4 -.el .IP "``keybits'' (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR) " 4 -.IX Item "keybits (OSSL_CIPHER_PARAM_RC2_KEYBITS) " -Gets or sets the effective keybits used for a \s-1RC2\s0 cipher. -The length of the \*(L"keybits\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """rounds"" (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR) " 4 -.el .IP "``rounds'' (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR) " 4 -.IX Item "rounds (OSSL_CIPHER_PARAM_ROUNDS) " +.IP """tag"" (\fBOSSL_CIPHER_PARAM_AEAD_TAG\fR) " 4 +.IX Item """tag"" (OSSL_CIPHER_PARAM_AEAD_TAG) " +Gets or sets the AEAD tag for the associated cipher context \fIctx\fR. +See "AEAD INTERFACE" in \fBEVP_EncryptInit\fR\|(3). +.IP """keybits"" (\fBOSSL_CIPHER_PARAM_RC2_KEYBITS\fR) " 4 +.IX Item """keybits"" (OSSL_CIPHER_PARAM_RC2_KEYBITS) " +Gets or sets the effective keybits used for a RC2 cipher. +The length of the "keybits" parameter should not exceed that of a \fBsize_t\fR. +.IP """rounds"" (\fBOSSL_CIPHER_PARAM_ROUNDS\fR) " 4 +.IX Item """rounds"" (OSSL_CIPHER_PARAM_ROUNDS) " Gets or sets the number of rounds to be used for a cipher. -This is used by the \s-1RC5\s0 cipher. -.ie n .IP """alg_id_param"" (\fB\s-1OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS\s0\fR) " 4 -.el .IP "``alg_id_param'' (\fB\s-1OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS\s0\fR) " 4 -.IX Item "alg_id_param (OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS) " -Used to pass the \s-1DER\s0 encoded AlgorithmIdentifier parameter to or from +This is used by the RC5 cipher. +.IP """alg_id_param"" (\fBOSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS\fR) " 4 +.IX Item """alg_id_param"" (OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS) " +Used to pass the DER encoded AlgorithmIdentifier parameter to or from the cipher implementation. Functions like \fBEVP_CIPHER_param_to_asn1\fR\|(3) and \fBEVP_CIPHER_asn1_to_param\fR\|(3) use this parameter for any implementation -that has the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_ASN1\s0\fR set. -.ie n .IP """cts_mode"" (\fB\s-1OSSL_CIPHER_PARAM_CTS_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cts_mode'' (\fB\s-1OSSL_CIPHER_PARAM_CTS_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cts_mode (OSSL_CIPHER_PARAM_CTS_MODE) " +that has the flag \fBEVP_CIPH_FLAG_CUSTOM_ASN1\fR set. +.IP """cts_mode"" (\fBOSSL_CIPHER_PARAM_CTS_MODE\fR) " 4 +.IX Item """cts_mode"" (OSSL_CIPHER_PARAM_CTS_MODE) " Gets or sets the cipher text stealing mode. For all modes the output size is the same as the input size. The input length must be greater than or equal to the -block size. (The block size for \s-1AES\s0 and \s-1CAMELLIA\s0 is 16 bytes). +block size. (The block size for AES and CAMELLIA is 16 bytes). .Sp Valid values for the mode are: .RS 4 -.ie n .IP """\s-1CS1""\s0" 4 -.el .IP "``\s-1CS1''\s0" 4 -.IX Item "CS1" -The \s-1NIST\s0 variant of cipher text stealing. +.IP """CS1""" 4 +.IX Item """CS1""" +The NIST variant of cipher text stealing. For input lengths that are multiples of the block size it is equivalent to -using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher otherwise the second last +using a "AES\-XXX\-CBC" or "CAMELLIA\-XXX\-CBC" cipher otherwise the second last cipher text block is a partial block. -.ie n .IP """\s-1CS2""\s0" 4 -.el .IP "``\s-1CS2''\s0" 4 -.IX Item "CS2" +.IP """CS2""" 4 +.IX Item """CS2""" For input lengths that are multiples of the block size it is equivalent to -using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher, otherwise it is the same as -\&\*(L"\s-1CS3\*(R"\s0 mode. -.ie n .IP """\s-1CS3""\s0" 4 -.el .IP "``\s-1CS3''\s0" 4 -.IX Item "CS3" +using a "AES\-XXX\-CBC" or "CAMELLIA\-XXX\-CBC" cipher, otherwise it is the same as +"CS3" mode. +.IP """CS3""" 4 +.IX Item """CS3""" The Kerberos5 variant of cipher text stealing which always swaps the last cipher text block with the previous block (which may be a partial or full block depending on the input length). If the input length is exactly one full block -then this is equivalent to using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher. +then this is equivalent to using a "AES\-XXX\-CBC" or "CAMELLIA\-XXX\-CBC" cipher. .RE .RS 4 .Sp -The default is \*(L"\s-1CS1\*(R".\s0 -This is only supported for \*(L"\s-1AES\-128\-CBC\-CTS\*(R", \*(L"AES\-192\-CBC\-CTS\*(R", \*(L"AES\-256\-CBC\-CTS\*(R", -\&\*(L"CAMELLIA\-128\-CBC\-CTS\*(R", \*(L"CAMELLIA\-192\-CBC\-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA\-256\-CBC\-CTS\*(R".\s0 +The default is "CS1". +This is only supported for "AES\-128\-CBC\-CTS", "AES\-192\-CBC\-CTS", "AES\-256\-CBC\-CTS", +"CAMELLIA\-128\-CBC\-CTS", "CAMELLIA\-192\-CBC\-CTS" and "CAMELLIA\-256\-CBC\-CTS". .RE -.ie n .IP """tls1multi_interleave"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) " 4 -.el .IP "``tls1multi_interleave'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) " 4 -.IX Item "tls1multi_interleave (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE) " +.IP """tls1multi_interleave"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\fR) " 4 +.IX Item """tls1multi_interleave"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE) " Sets or gets the number of records being sent in one go for a tls1 multiblock cipher operation (either 4 or 8 records). -.SS "Gettable \s-1EVP_CIPHER_CTX\s0 parameters" +.SS "Gettable EVP_CIPHER_CTX parameters" .IX Subsection "Gettable EVP_CIPHER_CTX parameters" -The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with \fBEVP_CIPHER_CTX_get_params()\fR: -.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR and <\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) " 4 -.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR and <\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) " 4 -.IX Item "ivlen (OSSL_CIPHER_PARAM_IVLEN and " -Gets the \s-1IV\s0 length for the cipher context \fIctx\fR. -The length of the \*(L"ivlen\*(R" parameter should not exceed that of a \fBsize_t\fR. +The following \fBOSSL_PARAM\fR\|(3) keys can be used with \fBEVP_CIPHER_CTX_get_params()\fR: +.IP """ivlen"" (\fBOSSL_CIPHER_PARAM_IVLEN\fR and <\fBOSSL_CIPHER_PARAM_AEAD_IVLEN\fR) " 4 +.IX Item """ivlen"" (OSSL_CIPHER_PARAM_IVLEN and " +Gets the IV length for the cipher context \fIctx\fR. +The length of the "ivlen" parameter should not exceed that of a \fBsize_t\fR. See also \fBEVP_CIPHER_CTX_get_iv_length()\fR. -.ie n .IP """iv"" (\fB\s-1OSSL_CIPHER_PARAM_IV\s0\fR) " 4 -.el .IP "``iv'' (\fB\s-1OSSL_CIPHER_PARAM_IV\s0\fR) " 4 -.IX Item "iv (OSSL_CIPHER_PARAM_IV) " -Gets the \s-1IV\s0 used to initialize the associated cipher context \fIctx\fR. +.IP """iv"" (\fBOSSL_CIPHER_PARAM_IV\fR) " 4 +.IX Item """iv"" (OSSL_CIPHER_PARAM_IV) " +Gets the IV used to initialize the associated cipher context \fIctx\fR. See also \fBEVP_CIPHER_CTX_get_original_iv()\fR. -.ie n .IP """updated-iv"" (\fB\s-1OSSL_CIPHER_PARAM_UPDATED_IV\s0\fR) " 4 -.el .IP "``updated-iv'' (\fB\s-1OSSL_CIPHER_PARAM_UPDATED_IV\s0\fR) " 4 -.IX Item "updated-iv (OSSL_CIPHER_PARAM_UPDATED_IV) " -Gets the updated pseudo-IV state for the associated cipher context, e.g., -the previous ciphertext block for \s-1CBC\s0 mode or the iteratively encrypted \s-1IV\s0 -value for \s-1OFB\s0 mode. Note that octet pointer access is deprecated and is +.IP """updated\-iv"" (\fBOSSL_CIPHER_PARAM_UPDATED_IV\fR) " 4 +.IX Item """updated-iv"" (OSSL_CIPHER_PARAM_UPDATED_IV) " +Gets the updated pseudo\-IV state for the associated cipher context, e.g., +the previous ciphertext block for CBC mode or the iteratively encrypted IV +value for OFB mode. Note that octet pointer access is deprecated and is provided only for backwards compatibility with historical libcrypto APIs. See also \fBEVP_CIPHER_CTX_get_updated_iv()\fR. -.ie n .IP """randkey"" (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR) " 4 -.el .IP "``randkey'' (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR) " 4 -.IX Item "randkey (OSSL_CIPHER_PARAM_RANDOM_KEY) " +.IP """randkey"" (\fBOSSL_CIPHER_PARAM_RANDOM_KEY\fR) " 4 +.IX Item """randkey"" (OSSL_CIPHER_PARAM_RANDOM_KEY) " Gets an implementation specific randomly generated key for the associated -cipher context \fIctx\fR. This is currently only supported by \s-1DES\s0 and 3DES (which set +cipher context \fIctx\fR. This is currently only supported by DES and 3DES (which set the key to odd parity). -.ie n .IP """taglen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAGLEN\s0\fR) " 4 -.el .IP "``taglen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAGLEN\s0\fR) " 4 -.IX Item "taglen (OSSL_CIPHER_PARAM_AEAD_TAGLEN) " -Gets the tag length to be used for an \s-1AEAD\s0 cipher for the associated cipher +.IP """taglen"" (\fBOSSL_CIPHER_PARAM_AEAD_TAGLEN\fR) " 4 +.IX Item """taglen"" (OSSL_CIPHER_PARAM_AEAD_TAGLEN) " +Gets the tag length to be used for an AEAD cipher for the associated cipher context \fIctx\fR. It gets a default value if it has not been set. -The length of the \*(L"taglen\*(R" parameter should not exceed that of a \fBsize_t\fR. +The length of the "taglen" parameter should not exceed that of a \fBsize_t\fR. See also \fBEVP_CIPHER_CTX_get_tag_length()\fR. -.ie n .IP """tlsaadpad"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR) " 4 -.el .IP "``tlsaadpad'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR) " 4 -.IX Item "tlsaadpad (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD) " -Gets the length of the tag that will be added to a \s-1TLS\s0 record for the \s-1AEAD\s0 +.IP """tlsaadpad"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\fR) " 4 +.IX Item """tlsaadpad"" (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD) " +Gets the length of the tag that will be added to a TLS record for the AEAD tag for the associated cipher context \fIctx\fR. -The length of the \*(L"tlsaadpad\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """tlsivgen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR) " 4 -.el .IP "``tlsivgen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR) " 4 -.IX Item "tlsivgen (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN) " +The length of the "tlsaadpad" parameter should not exceed that of a \fBsize_t\fR. +.IP """tlsivgen"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\fR) " 4 +.IX Item """tlsivgen"" (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN) " Gets the invocation field generated for encryption. -Can only be called after \*(L"tlsivfixed\*(R" is set. -This is only used for \s-1GCM\s0 mode. -.ie n .IP """tls1multi_enclen"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR) " 4 -.el .IP "``tls1multi_enclen'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR) " 4 -.IX Item "tls1multi_enclen (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN) " -Get the total length of the record returned from the \*(L"tls1multi_enc\*(R" operation. -.ie n .IP """tls1multi_maxbufsz"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR) " 4 -.el .IP "``tls1multi_maxbufsz'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR) " 4 -.IX Item "tls1multi_maxbufsz (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE) " -Gets the maximum record length for a \s-1TLS1\s0 multiblock cipher operation. -The length of the \*(L"tls1multi_maxbufsz\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """tls1multi_aadpacklen"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) " 4 -.el .IP "``tls1multi_aadpacklen'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) " 4 -.IX Item "tls1multi_aadpacklen (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN) " -Gets the result of running the \*(L"tls1multi_aad\*(R" operation. -.ie n .IP """tls-mac"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC\s0\fR) " 4 -.el .IP "``tls-mac'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC\s0\fR) " 4 -.IX Item "tls-mac (OSSL_CIPHER_PARAM_TLS_MAC) " -Used to pass the \s-1TLS MAC\s0 data. -.SS "Settable \s-1EVP_CIPHER_CTX\s0 parameters" +Can only be called after "tlsivfixed" is set. +This is only used for GCM mode. +.IP """tls1multi_enclen"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\fR) " 4 +.IX Item """tls1multi_enclen"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN) " +Get the total length of the record returned from the "tls1multi_enc" operation. +.IP """tls1multi_maxbufsz"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\fR) " 4 +.IX Item """tls1multi_maxbufsz"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE) " +Gets the maximum record length for a TLS1 multiblock cipher operation. +The length of the "tls1multi_maxbufsz" parameter should not exceed that of a \fBsize_t\fR. +.IP """tls1multi_aadpacklen"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\fR) " 4 +.IX Item """tls1multi_aadpacklen"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN) " +Gets the result of running the "tls1multi_aad" operation. +.IP """tls\-mac"" (\fBOSSL_CIPHER_PARAM_TLS_MAC\fR) " 4 +.IX Item """tls-mac"" (OSSL_CIPHER_PARAM_TLS_MAC) " +Used to pass the TLS MAC data. +.SS "Settable EVP_CIPHER_CTX parameters" .IX Subsection "Settable EVP_CIPHER_CTX parameters" -The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with \fBEVP_CIPHER_CTX_set_params()\fR: -.ie n .IP """mackey"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR) " 4 -.el .IP "``mackey'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR) " 4 -.IX Item "mackey (OSSL_CIPHER_PARAM_AEAD_MAC_KEY) " -Sets the \s-1MAC\s0 key used by composite \s-1AEAD\s0 ciphers such as \s-1AES\-CBC\-HMAC\-SHA256.\s0 -.ie n .IP """speed"" (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR) " 4 -.el .IP "``speed'' (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR) " 4 -.IX Item "speed (OSSL_CIPHER_PARAM_SPEED) " +The following \fBOSSL_PARAM\fR\|(3) keys can be used with \fBEVP_CIPHER_CTX_set_params()\fR: +.IP """mackey"" (\fBOSSL_CIPHER_PARAM_AEAD_MAC_KEY\fR) " 4 +.IX Item """mackey"" (OSSL_CIPHER_PARAM_AEAD_MAC_KEY) " +Sets the MAC key used by composite AEAD ciphers such as AES\-CBC\-HMAC\-SHA256. +.IP """speed"" (\fBOSSL_CIPHER_PARAM_SPEED\fR) " 4 +.IX Item """speed"" (OSSL_CIPHER_PARAM_SPEED) " Sets the speed option for the associated cipher context. This is only supported -by \s-1AES SIV\s0 ciphers which disallow multiple operations by default. -Setting \*(L"speed\*(R" to 1 allows another encrypt or decrypt operation to be +by AES SIV ciphers which disallow multiple operations by default. +Setting "speed" to 1 allows another encrypt or decrypt operation to be performed. This is used for performance testing. -.ie n .IP """use-bits"" (\fB\s-1OSSL_CIPHER_PARAM_USE_BITS\s0\fR) " 4 -.el .IP "``use-bits'' (\fB\s-1OSSL_CIPHER_PARAM_USE_BITS\s0\fR) " 4 -.IX Item "use-bits (OSSL_CIPHER_PARAM_USE_BITS) " +.IP """use\-bits"" (\fBOSSL_CIPHER_PARAM_USE_BITS\fR) " 4 +.IX Item """use-bits"" (OSSL_CIPHER_PARAM_USE_BITS) " Determines if the input length \fIinl\fR passed to \fBEVP_EncryptUpdate()\fR, \&\fBEVP_DecryptUpdate()\fR and \fBEVP_CipherUpdate()\fR is the number of bits or number of bytes. -Setting \*(L"use-bits\*(R" to 1 uses bits. The default is in bytes. -This is only used for \fB\s-1CFB1\s0\fR ciphers. +Setting "use\-bits" to 1 uses bits. The default is in bytes. +This is only used for \fBCFB1\fR ciphers. .Sp -This can be set using EVP_CIPHER_CTX_set_flags(ctx, \s-1EVP_CIPH_FLAG_LENGTH_BITS\s0). -.ie n .IP """tls-version"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_VERSION\s0\fR) " 4 -.el .IP "``tls-version'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_VERSION\s0\fR) " 4 -.IX Item "tls-version (OSSL_CIPHER_PARAM_TLS_VERSION) " -Sets the \s-1TLS\s0 version. -.ie n .IP """tls-mac-size"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC_SIZE\s0\fR) " 4 -.el .IP "``tls-mac-size'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC_SIZE\s0\fR) " 4 -.IX Item "tls-mac-size (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) " -Set the \s-1TLS MAC\s0 size. -.ie n .IP """tlsaad"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) " 4 -.el .IP "``tlsaad'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) " 4 -.IX Item "tlsaad (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) " -Sets TLSv1.2 \s-1AAD\s0 information for the associated cipher context \fIctx\fR. -TLSv1.2 \s-1AAD\s0 information is always 13 bytes in length and is as defined for the -\&\*(L"additional_data\*(R" field described in section 6.2.3.3 of \s-1RFC5246.\s0 -.ie n .IP """tlsivfixed"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR) " 4 -.el .IP "``tlsivfixed'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR) " 4 -.IX Item "tlsivfixed (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED) " -Sets the fixed portion of an \s-1IV\s0 for an \s-1AEAD\s0 cipher used in a \s-1TLS\s0 record +This can be set using EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS). +.IP """tls\-version"" (\fBOSSL_CIPHER_PARAM_TLS_VERSION\fR) " 4 +.IX Item """tls-version"" (OSSL_CIPHER_PARAM_TLS_VERSION) " +Sets the TLS version. +.IP """tls\-mac\-size"" (\fBOSSL_CIPHER_PARAM_TLS_MAC_SIZE\fR) " 4 +.IX Item """tls-mac-size"" (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) " +Set the TLS MAC size. +.IP """tlsaad"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_AAD\fR) " 4 +.IX Item """tlsaad"" (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) " +Sets TLSv1.2 AAD information for the associated cipher context \fIctx\fR. +TLSv1.2 AAD information is always 13 bytes in length and is as defined for the +"additional_data" field described in section 6.2.3.3 of RFC5246. +.IP """tlsivfixed"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\fR) " 4 +.IX Item """tlsivfixed"" (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED) " +Sets the fixed portion of an IV for an AEAD cipher used in a TLS record encryption/ decryption for the associated cipher context. -\&\s-1TLS\s0 record encryption/decryption always occurs \*(L"in place\*(R" so that the input and +TLS record encryption/decryption always occurs "in place" so that the input and output buffers are always the same memory location. -\&\s-1AEAD\s0 IVs in TLSv1.2 consist of an implicit \*(L"fixed\*(R" part and an explicit part +AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part that varies with every record. -Setting a \s-1TLS\s0 fixed \s-1IV\s0 changes a cipher to encrypt/decrypt \s-1TLS\s0 records. -\&\s-1TLS\s0 records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per +Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records. +TLS records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per record. For a record decryption the first bytes of the input buffer will be the explicit -part of the \s-1IV\s0 and the final bytes of the input buffer will be the \s-1AEAD\s0 tag. -The length of the explicit part of the \s-1IV\s0 and the tag length will depend on the -cipher in use and will be defined in the \s-1RFC\s0 for the relevant ciphersuite. -In order to allow for \*(L"in place\*(R" decryption the plaintext output should be +part of the IV and the final bytes of the input buffer will be the AEAD tag. +The length of the explicit part of the IV and the tag length will depend on the +cipher in use and will be defined in the RFC for the relevant ciphersuite. +In order to allow for "in place" decryption the plaintext output should be written to the same location in the output buffer that the ciphertext payload -was read from, i.e. immediately after the explicit \s-1IV.\s0 +was read from, i.e. immediately after the explicit IV. .Sp When encrypting a record the first bytes of the input buffer should be empty to -allow space for the explicit \s-1IV,\s0 as will the final bytes where the tag will +allow space for the explicit IV, as will the final bytes where the tag will be written. -The length of the input buffer will include the length of the explicit \s-1IV,\s0 the +The length of the input buffer will include the length of the explicit IV, the payload, and the tag bytes. -The cipher implementation should generate the explicit \s-1IV\s0 and write it to the -beginning of the output buffer, do \*(L"in place\*(R" encryption of the payload and +The cipher implementation should generate the explicit IV and write it to the +beginning of the output buffer, do "in place" encryption of the payload and write that to the output buffer, and finally add the tag onto the end of the output buffer. .Sp Whether encrypting or decrypting the value written to \fI*outl\fR in the OSSL_FUNC_cipher_cipher call should be the length of the payload excluding the explicit -\&\s-1IV\s0 length and the tag length. -.ie n .IP """tlsivinv"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR) " 4 -.el .IP "``tlsivinv'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR) " 4 -.IX Item "tlsivinv (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV) " +IV length and the tag length. +.IP """tlsivinv"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\fR) " 4 +.IX Item """tlsivinv"" (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV) " Sets the invocation field used for decryption. -Can only be called after \*(L"tlsivfixed\*(R" is set. -This is only used for \s-1GCM\s0 mode. -.ie n .IP """tls1multi_enc"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR) " 4 -.el .IP "``tls1multi_enc'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR) " 4 -.IX Item "tls1multi_enc (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC) " -Triggers a multiblock \s-1TLS1\s0 encrypt operation for a \s-1TLS1\s0 aware cipher that +Can only be called after "tlsivfixed" is set. +This is only used for GCM mode. +.IP """tls1multi_enc"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\fR) " 4 +.IX Item """tls1multi_enc"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC) " +Triggers a multiblock TLS1 encrypt operation for a TLS1 aware cipher that supports sending 4 or 8 records in one go. -The cipher performs both the \s-1MAC\s0 and encrypt stages and constructs the record +The cipher performs both the MAC and encrypt stages and constructs the record headers itself. -\&\*(L"tls1multi_enc\*(R" supplies the output buffer for the encrypt operation, -\&\*(L"tls1multi_encin\*(R" & \*(L"tls1multi_interleave\*(R" must also be set in order to supply +"tls1multi_enc" supplies the output buffer for the encrypt operation, +"tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply values to the encrypt operation. -.ie n .IP """tls1multi_encin"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) " 4 -.el .IP "``tls1multi_encin'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) " 4 -.IX Item "tls1multi_encin (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) " -Supplies the data to encrypt for a \s-1TLS1\s0 multiblock cipher operation. -.ie n .IP """tls1multi_maxsndfrag"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0\fR) " 4 -.el .IP "``tls1multi_maxsndfrag'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0\fR) " 4 -.IX Item "tls1multi_maxsndfrag (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT) " -Sets the maximum send fragment size for a \s-1TLS1\s0 multiblock cipher operation. -It must be set before using \*(L"tls1multi_maxbufsz\*(R". -The length of the \*(L"tls1multi_maxsndfrag\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """tls1multi_aad"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) " 4 -.el .IP "``tls1multi_aad'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) " 4 -.IX Item "tls1multi_aad (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) " -Sets the authenticated additional data used by a \s-1TLS1\s0 multiblock cipher operation. +.IP """tls1multi_encin"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\fR) " 4 +.IX Item """tls1multi_encin"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) " +Supplies the data to encrypt for a TLS1 multiblock cipher operation. +.IP """tls1multi_maxsndfrag"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\fR) " 4 +.IX Item """tls1multi_maxsndfrag"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT) " +Sets the maximum send fragment size for a TLS1 multiblock cipher operation. +It must be set before using "tls1multi_maxbufsz". +The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a \fBsize_t\fR. +.IP """tls1multi_aad"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\fR) " 4 +.IX Item """tls1multi_aad"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) " +Sets the authenticated additional data used by a TLS1 multiblock cipher operation. The supplied data consists of 13 bytes of record data containing: Bytes 0\-7: The sequence number of the first record Byte 8: The record type Byte 9\-10: The protocol version Byte 11\-12: Input length (Always 0) .Sp -\&\*(L"tls1multi_interleave\*(R" must also be set for this operation. -.SH "CONTROLS" +"tls1multi_interleave" must also be set for this operation. +.SH CONTROLS .IX Header "CONTROLS" -The Mappings from \fBEVP_CIPHER_CTX_ctrl()\fR identifiers to \s-1PARAMETERS\s0 are listed -in the following section. See the \*(L"\s-1PARAMETERS\*(R"\s0 section for more details. +The Mappings from \fBEVP_CIPHER_CTX_ctrl()\fR identifiers to PARAMETERS are listed +in the following section. See the "PARAMETERS" section for more details. .PP \&\fBEVP_CIPHER_CTX_ctrl()\fR can be used to send the following standard controls: -.IP "\s-1EVP_CTRL_AEAD_SET_IVLEN\s0 and \s-1EVP_CTRL_GET_IVLEN\s0" 4 +.IP "EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN" 4 .IX Item "EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and -\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the -key \*(L"ivlen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR). -.IP "\s-1EVP_CTRL_AEAD_SET_IV_FIXED\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \fBOSSL_PARAM\fR\|(3) item with the +key "ivlen" (\fBOSSL_CIPHER_PARAM_IVLEN\fR). +.IP EVP_CTRL_AEAD_SET_IV_FIXED 4 .IX Item "EVP_CTRL_AEAD_SET_IV_FIXED" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"tlsivfixed\*(R" -(\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR). -.IP "\s-1EVP_CTRL_AEAD_SET_MAC_KEY\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \fBOSSL_PARAM\fR\|(3) item with the key "tlsivfixed" +(\fBOSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\fR). +.IP EVP_CTRL_AEAD_SET_MAC_KEY 4 .IX Item "EVP_CTRL_AEAD_SET_MAC_KEY" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"mackey\*(R" -(\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR). -.IP "\s-1EVP_CTRL_AEAD_SET_TAG\s0 and \s-1EVP_CTRL_AEAD_GET_TAG\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \fBOSSL_PARAM\fR\|(3) item with the key "mackey" +(\fBOSSL_CIPHER_PARAM_AEAD_MAC_KEY\fR). +.IP "EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG" 4 .IX Item "EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and -\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the -key \*(L"tag\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR). -.IP "\s-1EVP_CTRL_CCM_SET_L\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \fBOSSL_PARAM\fR\|(3) item with the +key "tag" (\fBOSSL_CIPHER_PARAM_AEAD_TAG\fR). +.IP EVP_CTRL_CCM_SET_L 4 .IX Item "EVP_CTRL_CCM_SET_L" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"ivlen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \fBOSSL_PARAM\fR\|(3) item with the key "ivlen" (\fBOSSL_CIPHER_PARAM_IVLEN\fR) with a value of (15 \- L) -.IP "\s-1EVP_CTRL_COPY\s0" 4 +.IP EVP_CTRL_COPY 4 .IX Item "EVP_CTRL_COPY" -There is no \s-1OSSL_PARAM\s0 mapping for this. Use \fBEVP_CIPHER_CTX_copy()\fR instead. -.IP "\s-1EVP_CTRL_GCM_SET_IV_INV\s0" 4 +There is no OSSL_PARAM mapping for this. Use \fBEVP_CIPHER_CTX_copy()\fR instead. +.IP EVP_CTRL_GCM_SET_IV_INV 4 .IX Item "EVP_CTRL_GCM_SET_IV_INV" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"tlsivinv\*(R" -(\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR). -.IP "\s-1EVP_CTRL_RAND_KEY\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \fBOSSL_PARAM\fR\|(3) item with the key "tlsivinv" +(\fBOSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\fR). +.IP EVP_CTRL_RAND_KEY 4 .IX Item "EVP_CTRL_RAND_KEY" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"randkey\*(R" -(\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR). -.IP "\s-1EVP_CTRL_SET_KEY_LENGTH\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \fBOSSL_PARAM\fR\|(3) item with the key "randkey" +(\fBOSSL_CIPHER_PARAM_RANDOM_KEY\fR). +.IP EVP_CTRL_SET_KEY_LENGTH 4 .IX Item "EVP_CTRL_SET_KEY_LENGTH" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"keylen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR). -.IP "\s-1EVP_CTRL_SET_RC2_KEY_BITS\s0 and \s-1EVP_CTRL_GET_RC2_KEY_BITS\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \fBOSSL_PARAM\fR\|(3) item with the key "keylen" (\fBOSSL_CIPHER_PARAM_KEYLEN\fR). +.IP "EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS" 4 .IX Item "EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and -\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the -key \*(L"keybits\*(R" (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR). -.IP "\s-1EVP_CTRL_SET_RC5_ROUNDS\s0 and \s-1EVP_CTRL_GET_RC5_ROUNDS\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \fBOSSL_PARAM\fR\|(3) item with the +key "keybits" (\fBOSSL_CIPHER_PARAM_RC2_KEYBITS\fR). +.IP "EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS" 4 .IX Item "EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and -\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the -key \*(L"rounds\*(R" (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR). -.IP "\s-1EVP_CTRL_SET_SPEED\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \fBOSSL_PARAM\fR\|(3) item with the +key "rounds" (\fBOSSL_CIPHER_PARAM_ROUNDS\fR). +.IP EVP_CTRL_SET_SPEED 4 .IX Item "EVP_CTRL_SET_SPEED" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"speed\*(R" (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR). -.IP "\s-1EVP_CTRL_GCM_IV_GEN\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \fBOSSL_PARAM\fR\|(3) item with the key "speed" (\fBOSSL_CIPHER_PARAM_SPEED\fR). +.IP EVP_CTRL_GCM_IV_GEN 4 .IX Item "EVP_CTRL_GCM_IV_GEN" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_get_params()\fR gets called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key -\&\*(L"tlsivgen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR). -.IP "\s-1EVP_CTRL_AEAD_TLS1_AAD\s0" 4 +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_get_params()\fR gets called +with an \fBOSSL_PARAM\fR\|(3) item with the key +"tlsivgen" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\fR). +.IP EVP_CTRL_AEAD_TLS1_AAD 4 .IX Item "EVP_CTRL_AEAD_TLS1_AAD" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR get called -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key -\&\*(L"tlsaad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR get called +with an \fBOSSL_PARAM\fR\|(3) item with the key +"tlsaad" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_AAD\fR) followed by \fBEVP_CIPHER_CTX_get_params()\fR with a key of -\&\*(L"tlsaadpad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR). -.IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE\s0" 4 +"tlsaadpad" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\fR). +.IP EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 4 .IX Item "EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, -\&\fBEVP_CIPHER_CTX_set_params()\fR gets called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the -key \s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0 +When used with a fetched \fBEVP_CIPHER\fR, +\&\fBEVP_CIPHER_CTX_set_params()\fR gets called with an \fBOSSL_PARAM\fR\|(3) item with the +key OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT followed by \fBEVP_CIPHER_CTX_get_params()\fR with a key of -\&\*(L"tls1multi_maxbufsz\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR). -.IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_AAD\s0" 4 +"tls1multi_maxbufsz" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\fR). +.IP EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 4 .IX Item "EVP_CTRL_TLS1_1_MULTIBLOCK_AAD" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with \s-1\fBOSSL_PARAM\s0\fR\|(3) items with the keys -\&\*(L"tls1multi_aad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) and -\&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with \fBOSSL_PARAM\fR\|(3) items with the keys +"tls1multi_aad" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\fR) and +"tls1multi_interleave" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\fR) followed by \fBEVP_CIPHER_CTX_get_params()\fR with keys of -\&\*(L"tls1multi_aadpacklen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) and -\&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR). -.IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT\s0" 4 +"tls1multi_aadpacklen" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\fR) and +"tls1multi_interleave" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\fR). +.IP EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 4 .IX Item "EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT" -When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called -with \s-1\fBOSSL_PARAM\s0\fR\|(3) items with the keys -\&\*(L"tls1multi_enc\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR), -\&\*(L"tls1multi_encin\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) and -\&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR), +When used with a fetched \fBEVP_CIPHER\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with \fBOSSL_PARAM\fR\|(3) items with the keys +"tls1multi_enc" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\fR), +"tls1multi_encin" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\fR) and +"tls1multi_interleave" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\fR), followed by \fBEVP_CIPHER_CTX_get_params()\fR with a key of -\&\*(L"tls1multi_enclen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR). -.SH "FLAGS" +"tls1multi_enclen" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\fR). +.SH FLAGS .IX Header "FLAGS" \&\fBEVP_CIPHER_CTX_set_flags()\fR, \fBEVP_CIPHER_CTX_clear_flags()\fR and \fBEVP_CIPHER_CTX_test_flags()\fR. -can be used to manipulate and test these \fB\s-1EVP_CIPHER_CTX\s0\fR flags: -.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 +can be used to manipulate and test these \fBEVP_CIPHER_CTX\fR flags: +.IP EVP_CIPH_NO_PADDING 4 .IX Item "EVP_CIPH_NO_PADDING" Used by \fBEVP_CIPHER_CTX_set_padding()\fR. .Sp -See also \*(L"Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" \*(L"padding\*(R" -.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 +See also "Gettable and Settable EVP_CIPHER_CTX parameters" "padding" +.IP EVP_CIPH_FLAG_LENGTH_BITS 4 .IX Item "EVP_CIPH_FLAG_LENGTH_BITS" -See \*(L"Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" \*(L"use-bits\*(R". -.IP "\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0" 4 +See "Settable EVP_CIPHER_CTX parameters" "use\-bits". +.IP EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 4 .IX Item "EVP_CIPHER_CTX_FLAG_WRAP_ALLOW" Used for Legacy purposes only. This flag needed to be set to indicate the cipher handled wrapping. .PP \&\fBEVP_CIPHER_flags()\fR uses the following flags that -have mappings to \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R": -.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 +have mappings to "Gettable EVP_CIPHER parameters": +.IP EVP_CIPH_FLAG_AEAD_CIPHER 4 .IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" -See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"aead\*(R". -.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 +See "Gettable EVP_CIPHER parameters" "aead". +.IP EVP_CIPH_CUSTOM_IV 4 .IX Item "EVP_CIPH_CUSTOM_IV" -See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"custom-iv\*(R". -.IP "\s-1EVP_CIPH_FLAG_CTS\s0" 4 +See "Gettable EVP_CIPHER parameters" "custom\-iv". +.IP EVP_CIPH_FLAG_CTS 4 .IX Item "EVP_CIPH_FLAG_CTS" -See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"cts\*(R". -.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0;" 4 +See "Gettable EVP_CIPHER parameters" "cts". +.IP EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; 4 .IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;" -See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"tls-multi\*(R". -.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 +See "Gettable EVP_CIPHER parameters" "tls\-multi". +.IP EVP_CIPH_RAND_KEY 4 .IX Item "EVP_CIPH_RAND_KEY" -See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"has-randkey\*(R". +See "Gettable EVP_CIPHER parameters" "has\-randkey". .PP \&\fBEVP_CIPHER_flags()\fR uses the following flags for legacy purposes only: -.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 +.IP EVP_CIPH_VARIABLE_LENGTH 4 .IX Item "EVP_CIPH_VARIABLE_LENGTH" .PD 0 -.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 +.IP EVP_CIPH_FLAG_CUSTOM_CIPHER 4 .IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" -.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 +.IP EVP_CIPH_ALWAYS_CALL_INIT 4 .IX Item "EVP_CIPH_ALWAYS_CALL_INIT" -.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 +.IP EVP_CIPH_CTRL_INIT 4 .IX Item "EVP_CIPH_CTRL_INIT" -.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 +.IP EVP_CIPH_CUSTOM_KEY_LENGTH 4 .IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" -.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 +.IP EVP_CIPH_CUSTOM_COPY 4 .IX Item "EVP_CIPH_CUSTOM_COPY" -.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 +.IP EVP_CIPH_FLAG_DEFAULT_ASN1 4 .IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" .PD See \fBEVP_CIPHER_meth_set_flags\fR\|(3) for further information related to the above flags. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_CIPHER_fetch()\fR returns a pointer to a \fB\s-1EVP_CIPHER\s0\fR for success -and \fB\s-1NULL\s0\fR for failure. +\&\fBEVP_CIPHER_fetch()\fR returns a pointer to a \fBEVP_CIPHER\fR for success +and \fBNULL\fR for failure. .PP \&\fBEVP_CIPHER_up_ref()\fR returns 1 for success or 0 otherwise. .PP \&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created -\&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. +\&\fBEVP_CIPHER_CTX\fR for success and \fBNULL\fR for failure. .PP \&\fBEVP_EncryptInit_ex2()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. @@ -1216,17 +1102,17 @@ \&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. .PP \&\fBEVP_Cipher()\fR returns 1 on success or 0 on failure, if the flag -\&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is not set for the cipher. +\&\fBEVP_CIPH_FLAG_CUSTOM_CIPHER\fR is not set for the cipher. \&\fBEVP_Cipher()\fR returns the number of bytes written to \fIout\fR for encryption / decryption, or -the number of bytes authenticated in a call specifying \s-1AAD\s0 for an \s-1AEAD\s0 cipher, if the flag -\&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is set for the cipher. +the number of bytes authenticated in a call specifying AAD for an AEAD cipher, if the flag +\&\fBEVP_CIPH_FLAG_CUSTOM_CIPHER\fR is set for the cipher. .PP \&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. .PP \&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR -return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. +return an \fBEVP_CIPHER\fR structure or NULL on error. .PP -\&\fBEVP_CIPHER_get_nid()\fR and \fBEVP_CIPHER_CTX_get_nid()\fR return a \s-1NID.\s0 +\&\fBEVP_CIPHER_get_nid()\fR and \fBEVP_CIPHER_CTX_get_nid()\fR return a NID. .PP \&\fBEVP_CIPHER_get_block_size()\fR and \fBEVP_CIPHER_CTX_get_block_size()\fR return the block size. @@ -1236,20 +1122,20 @@ .PP \&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. .PP -\&\fBEVP_CIPHER_get_iv_length()\fR and \fBEVP_CIPHER_CTX_get_iv_length()\fR return the \s-1IV\s0 -length or zero if the cipher does not use an \s-1IV.\s0 +\&\fBEVP_CIPHER_get_iv_length()\fR and \fBEVP_CIPHER_CTX_get_iv_length()\fR return the IV +length or zero if the cipher does not use an IV. .PP \&\fBEVP_CIPHER_CTX_get_tag_length()\fR return the tag length or zero if the cipher does not use a tag. .PP -\&\fBEVP_CIPHER_get_type()\fR and \fBEVP_CIPHER_CTX_get_type()\fR return the \s-1NID\s0 of the -cipher's \s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined -\&\s-1OBJECT IDENTIFIER.\s0 +\&\fBEVP_CIPHER_get_type()\fR and \fBEVP_CIPHER_CTX_get_type()\fR return the NID of the +cipher\*(Aqs OBJECT IDENTIFIER or NID_undef if it has no defined +OBJECT IDENTIFIER. .PP -\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fBEVP_CIPHER\fR structure. .PP \&\fBEVP_CIPHER_CTX_get_num()\fR returns a nonnegative num value or -\&\fB\s-1EVP_CTRL_RET_UNSUPPORTED\s0\fR if the implementation does not support the call +\&\fBEVP_CTRL_RET_UNSUPPORTED\fR if the implementation does not support the call or on any other error. .PP \&\fBEVP_CIPHER_CTX_set_num()\fR returns 1 on success and 0 if the implementation @@ -1266,174 +1152,190 @@ .PP \&\fBEVP_CIPHER_names_do_all()\fR returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. +.PP +\&\fBEVP_CIPHER_get_params()\fR, \fBEVP_CIPHER_CTX_get_params()\fR and +\&\fBEVP_CIPHER_CTX_set_params()\fR return 1 for success and 0 for failure. .SH "CIPHER LISTING" .IX Header "CIPHER LISTING" All algorithms have a fixed key length unless otherwise stated. .PP -Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0 +Refer to "SEE ALSO" for the full list of ciphers available through the EVP interface. -.IP "\fBEVP_enc_null()\fR" 4 +.IP \fBEVP_enc_null()\fR 4 .IX Item "EVP_enc_null()" Null cipher: does nothing. .SH "AEAD INTERFACE" .IX Header "AEAD INTERFACE" -The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) +The EVP interface for Authenticated Encryption with Associated Data (AEAD) modes are subtly altered and several additional \fIctrl\fR operations are supported depending on the mode specified. .PP -To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR, +To specify additional authenticated data (AAD), a call to \fBEVP_CipherUpdate()\fR, \&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output -parameter \fIout\fR set to \fB\s-1NULL\s0\fR. In this case, on success, the parameter -\&\fIoutl\fR is set to the number of bytes authenticated. +parameter \fIout\fR set to NULL. In this case, on success, the parameter +\&\fIoutl\fR is set to the number of AAD bytes processed in that call +(that is, the value of \fIinl\fR), and does not include any plaintext +or ciphertext bytes processed by other calls. +.PP +If no AAD is used, this call can be omitted. See the mode\-specific notes +below for any exceptions. .PP When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR indicates whether the operation was successful. If it does not indicate success, -the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used +the authentication operation has failed and any output data \fBMUST NOT\fR be used as it is corrupted. -.SS "\s-1GCM\s0 and \s-1OCB\s0 Modes" +.PP +Please note that the number of authenticated bytes returned by +\&\fBEVP_CipherUpdate()\fR depends on the cipher used. Stream ciphers, such as ChaCha20 +or ciphers in GCM mode, can handle 1 byte at a time, resulting in an effective +"block" size of 1. Conversely, ciphers in OCB mode must process data one block +at a time, and the block size is returned. +.PP +Regardless of the returned size, it is safe to pass unpadded data to an +\&\fBEVP_CipherUpdate()\fR call in a single operation. +.SS "GCM and OCB Modes" .IX Subsection "GCM and OCB Modes" -The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +The following \fIctrl\fRs are supported in GCM and OCB modes. +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" -Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV.\s0 If -not called a default \s-1IV\s0 length is used. +Sets the IV length. This call can only be made before specifying an IV. If +not called a default IV length is used. .Sp -For \s-1GCM AES\s0 and \s-1OCB AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the +For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the maximum is 15. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. This call can only be made when encrypting data and \fBafter\fR all data has been processed (e.g. after an \fBEVP_EncryptFinal()\fR call). .Sp -For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via -\&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +For OCB, \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via +\&\fBEVP_CTRL_AEAD_SET_TAG\fR. +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" When decrypting, this call sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. \&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 inclusive. The tag must be set prior to any call to \fBEVP_DecryptFinal()\fR or \&\fBEVP_DecryptFinal_ex()\fR. .Sp -For \s-1GCM,\s0 this call is only valid when decrypting data. +For GCM, this call is only valid when decrypting data. .Sp -For \s-1OCB,\s0 this call is valid when decrypting data to set the expected tag, +For OCB, this call is valid when decrypting data to set the expected tag, and when encrypting to set the desired tag length. .Sp -In \s-1OCB\s0 mode, calling this when encrypting with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the -tag length. The tag length can only be set before specifying an \s-1IV.\s0 If this is -not called prior to setting the \s-1IV\s0 during encryption, then a default tag length -is used. +In OCB mode, calling this with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the tag length. +The tag length can only be set before specifying an IV. If this is not called +prior to setting the IV, then a default tag length is used. .Sp -For \s-1OCB AES,\s0 the default tag length is 16 (i.e. 128 bits). It is also the -maximum tag length for \s-1OCB.\s0 -.SS "\s-1CCM\s0 Mode" +For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for OCB. +.SS "CCM Mode" .IX Subsection "CCM Mode" -The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a +The EVP interface for CCM mode is similar to that of the GCM mode but with a few additional requirements and different \fIctrl\fR values. .PP -For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to +For CCM mode, the total plaintext or ciphertext length \fBMUST\fR be passed to \&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output -and input parameters (\fIin\fR and \fIout\fR) set to \fB\s-1NULL\s0\fR and the length passed in +and input parameters (\fIin\fR and \fIout\fR) set to \fBNULL\fR and the length passed in the \fIinl\fR parameter. .PP -The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +The following \fIctrl\fRs are supported in CCM mode. +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" -This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or -the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting. +This call is made to set the expected \fBCCM\fR tag value when decrypting or +the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to NULL) when encrypting. The tag length is often referred to as \fBM\fR. If not set a default value is -used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing -in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after -passing additional authenticated data (see \*(L"\s-1AEAD INTERFACE\*(R"\s0). -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L,\s0 ivlen, \s-1NULL\s0)" 4 +used (12 for AES). When decrypting, the tag needs to be set before passing +in data to be decrypted, but as in GCM and OCB mode, it can be set after +passing additional authenticated data (see "AEAD INTERFACE"). +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" -Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +Sets the CCM \fBL\fR value. If not set a default is used (8 for AES). +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" -Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying a +Sets the CCM nonce (IV) length. This call can only be made before specifying a nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for -\&\s-1AES.\s0 -.SS "\s-1SIV\s0 Mode" +AES. +.SS "SIV Mode" .IX Subsection "SIV Mode" -For \s-1SIV\s0 mode ciphers the behaviour of the \s-1EVP\s0 interface is subtly +For SIV mode ciphers the behaviour of the EVP interface is subtly altered and several additional ctrl operations are supported. .PP -To specify any additional authenticated data (\s-1AAD\s0) and/or a Nonce, a call to +To specify any additional authenticated data (AAD) and/or a Nonce, a call to \&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made -with the output parameter \fIout\fR set to \fB\s-1NULL\s0\fR. +with the output parameter \fIout\fR set to \fBNULL\fR. .PP -\&\s-1RFC5297\s0 states that the Nonce is the last piece of \s-1AAD\s0 before the actual -encrypt/decrypt takes place. The \s-1API\s0 does not differentiate the Nonce from -other \s-1AAD.\s0 +RFC5297 states that the Nonce is the last piece of AAD before the actual +encrypt/decrypt takes place. The API does not differentiate the Nonce from +other AAD. .PP When decrypting the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR indicates if the operation was successful. If it does not indicate success -the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR +the authentication operation has failed and any output data \fBMUST NOT\fR be used as it is corrupted. .PP -The \s-1API\s0 does not store the the \s-1SIV\s0 (Synthetic Initialization Vector) in -the cipher text. Instead, it is stored as the tag within the \s-1EVP_CIPHER_CTX.\s0 -The \s-1SIV\s0 must be retrieved from the context after encryption, and set into +The API does not store the the SIV (Synthetic Initialization Vector) in +the cipher text. Instead, it is stored as the tag within the EVP_CIPHER_CTX. +The SIV must be retrieved from the context after encryption, and set into the context before decryption. .PP -This differs from \s-1RFC5297\s0 in that the cipher output from encryption, and -the cipher input to decryption, does not contain the \s-1SIV.\s0 This also means +This differs from RFC5297 in that the cipher output from encryption, and +the cipher input to decryption, does not contain the SIV. This also means that the plain text and cipher text lengths are identical. .PP -The following ctrls are supported in \s-1SIV\s0 mode, and are used to get and set +The following ctrls are supported in SIV mode, and are used to get and set the Synthetic Initialization Vector: -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag);" 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);" Writes \fItaglen\fR bytes of the tag value (the Synthetic Initialization Vector) to the buffer indicated by \fItag\fR. This call can only be made when encrypting data and \fBafter\fR all data has been processed (e.g. after an \fBEVP_EncryptFinal()\fR -call). For \s-1SIV\s0 mode the taglen must be 16. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag);" 4 +call). For SIV mode the taglen must be 16. +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);" Sets the expected tag (the Synthetic Initialization Vector) to \fItaglen\fR bytes from \fItag\fR. This call is only legal when decrypting data and must be made \fBbefore\fR any data is processed (e.g. before any \fBEVP_DecryptUpdate()\fR -calls). For \s-1SIV\s0 mode the taglen must be 16. +calls). For SIV mode the taglen must be 16. .PP -\&\s-1SIV\s0 mode makes two passes over the input data, thus, only one call to +SIV mode makes two passes over the input data, thus, only one call to \&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made -with \fIout\fR set to a non\-\fB\s-1NULL\s0\fR value. A call to \fBEVP_DecryptFinal()\fR or +with \fIout\fR set to a non\-\fBNULL\fR value. A call to \fBEVP_DecryptFinal()\fR or \&\fBEVP_CipherFinal()\fR is not required, but will indicate if the update operation succeeded. -.SS "ChaCha20\-Poly1305" +.SS ChaCha20\-Poly1305 .IX Subsection "ChaCha20-Poly1305" -The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 AEAD algorithm. +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" Sets the nonce length. This call is now redundant since the only valid value is the default length of 12 (i.e. 96 bits). Prior to OpenSSL 3.0 a nonce of less than 12 bytes could be used to automatically pad the iv with leading 0 bytes to make it 12 bytes in length. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. This call can only be made when encrypting data and \fBafter\fR all data has been processed (e.g. after an \fBEVP_EncryptFinal()\fR call). .Sp -\&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or +\&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fBPOLY1305_BLOCK_SIZE\fR, i.e. 128\-bits) or less. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. -The tag length can only be set before specifying an \s-1IV.\s0 -\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive. +The tag length can only be set before specifying an IV. +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fBPOLY1305_BLOCK_SIZE\fR) inclusive. This call is only valid when decrypting data. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in -preference to the low-level interfaces. This is because the code then becomes +Where possible the \fBEVP\fR interface to symmetric ciphers should be used in +preference to the low\-level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the -\&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic -acceleration such as AES-NI (the low-level interfaces do not provide the +\&\fBEVP\fR interface will ensure the use of platform specific cryptographic +acceleration such as AES\-NI (the low\-level interfaces do not provide the guarantee). .PP -\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total +PKCS padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total length of the encrypted data a multiple of the block size. Padding is always added so if the data is already a multiple of the block size \fBn\fR will equal the block size. For example if the block size is 8 and 11 bytes are to be @@ -1461,32 +1363,32 @@ There are some differences between functions \fBEVP_CipherInit()\fR and \&\fBEVP_CipherInit_ex()\fR, significant in some circumstances. \fBEVP_CipherInit()\fR fills the passed context object with zeros. As a consequence, \fBEVP_CipherInit()\fR does -not allow step-by-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are -passed in separate calls. It also means that the flags set for the \s-1CTX\s0 are +not allow step\-by\-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are +passed in separate calls. It also means that the flags set for the CTX are removed, and it is especially important for the -\&\fB\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0\fR flag treated specially in +\&\fBEVP_CIPHER_CTX_FLAG_WRAP_ALLOW\fR flag treated specially in \&\fBEVP_CipherInit_ex()\fR. .PP -Ignoring failure returns of the \fB\s-1EVP_CIPHER_CTX\s0\fR initialization functions can +Ignoring failure returns of the \fBEVP_CIPHER_CTX\fR initialization functions can lead to subsequent undefined behavior when calling the functions that update or -finalize the context. The only valid calls on the \fB\s-1EVP_CIPHER_CTX\s0\fR when +finalize the context. The only valid calls on the \fBEVP_CIPHER_CTX\fR when initialization fails are calls that attempt another initialization of the context or release the context. .PP \&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal +\&\fBEVP_MAX_KEY_LENGTH\fR and \fBEVP_MAX_IV_LENGTH\fR only refer to the internal ciphers with default key lengths. If custom ciphers exceed these values the results are unpredictable. This is because it has become standard practice to define a generic key as a fixed unsigned char array containing -\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes. +\&\fBEVP_MAX_KEY_LENGTH\fR bytes. .PP -The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested -for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode. -.SH "EXAMPLES" +The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. +.SH EXAMPLES .IX Header "EXAMPLES" -Encrypt a string using \s-1IDEA:\s0 +Encrypt a string using IDEA: .PP .Vb 10 \& int do_crypt(char *outfile) @@ -1551,7 +1453,7 @@ \& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 . --- secure/lib/libcrypto/man/man3/EVP_KDF.3.orig +++ secure/lib/libcrypto/man/man3/EVP_KDF.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF 3ossl" -.TH EVP_KDF 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, EVP_KDF_CTX_reset, EVP_KDF_derive, @@ -149,7 +74,7 @@ EVP_KDF_get_params, EVP_KDF_gettable_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params \- EVP KDF routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,7 +82,7 @@ \& typedef struct evp_kdf_st EVP_KDF; \& typedef struct evp_kdf_ctx_st EVP_KDF_CTX; \& -\& EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); +\& EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); \& const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); \& void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); \& EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); @@ -189,46 +114,46 @@ \& const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf); \& const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP KDF\s0 routines are a high-level interface to Key Derivation Function -algorithms and should be used instead of algorithm-specific functions. +The EVP KDF routines are a high\-level interface to Key Derivation Function +algorithms and should be used instead of algorithm\-specific functions. .PP -After creating a \fB\s-1EVP_KDF_CTX\s0\fR for the required algorithm using +After creating a \fBEVP_KDF_CTX\fR for the required algorithm using \&\fBEVP_KDF_CTX_new()\fR, inputs to the algorithm are supplied either by passing them as part of the \fBEVP_KDF_derive()\fR call or using calls to \fBEVP_KDF_CTX_set_params()\fR before calling \fBEVP_KDF_derive()\fR to derive the key. -.SS "Types" +.SS Types .IX Subsection "Types" -\&\fB\s-1EVP_KDF\s0\fR is a type that holds the implementation of a \s-1KDF.\s0 +\&\fBEVP_KDF\fR is a type that holds the implementation of a KDF. .PP -\&\fB\s-1EVP_KDF_CTX\s0\fR is a context type that holds the algorithm inputs. +\&\fBEVP_KDF_CTX\fR is a context type that holds the algorithm inputs. .SS "Algorithm implementation fetching" .IX Subsection "Algorithm implementation fetching" -\&\fBEVP_KDF_fetch()\fR fetches an implementation of a \s-1KDF\s0 \fIalgorithm\fR, given +\&\fBEVP_KDF_fetch()\fR fetches an implementation of a KDF \fIalgorithm\fR, given a library context \fIlibctx\fR and a set of \fIproperties\fR. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .PP -See \*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7) for the lists of +See "Key Derivation Function (KDF)" in \fBOSSL_PROVIDER\-default\fR\|(7) for the lists of algorithms supported by the default provider. .PP The returned value must eventually be freed with \&\fBEVP_KDF_free\fR\|(3). .PP \&\fBEVP_KDF_up_ref()\fR increments the reference count of an already fetched -\&\s-1KDF.\s0 +KDF. .PP \&\fBEVP_KDF_free()\fR frees a fetched algorithm. -\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +NULL is a valid parameter, for which this function is a no\-op. .SS "Context manipulation functions" .IX Subsection "Context manipulation functions" -\&\fBEVP_KDF_CTX_new()\fR creates a new context for the \s-1KDF\s0 implementation \fIkdf\fR. +\&\fBEVP_KDF_CTX_new()\fR creates a new context for the KDF implementation \fIkdf\fR. .PP -\&\fBEVP_KDF_CTX_free()\fR frees up the context \fIctx\fR. If \fIctx\fR is \s-1NULL,\s0 nothing +\&\fBEVP_KDF_CTX_free()\fR frees up the context \fIctx\fR. If \fIctx\fR is NULL, nothing is done. .PP -\&\fBEVP_KDF_CTX_kdf()\fR returns the \fB\s-1EVP_KDF\s0\fR associated with the context +\&\fBEVP_KDF_CTX_kdf()\fR returns the \fBEVP_KDF\fR associated with the context \&\fIctx\fR. .SS "Computing functions" .IX Subsection "Computing functions" @@ -261,46 +186,46 @@ parameters are passed down. Note that a parameter that is unknown in the underlying context is simply ignored. -Also, what happens when a needed parameter isn't passed down is +Also, what happens when a needed parameter isn\*(Aqt passed down is defined by the implementation. .PP -\&\fBEVP_KDF_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes +\&\fBEVP_KDF_gettable_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array that describes the retrievable and settable parameters. \fBEVP_KDF_gettable_params()\fR returns parameters that can be used with \fBEVP_KDF_get_params()\fR. .PP \&\fBEVP_KDF_gettable_ctx_params()\fR and \fBEVP_KDF_CTX_gettable_params()\fR -return constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the retrievable +return constant \fBOSSL_PARAM\fR\|(3) arrays that describe the retrievable parameters that can be used with \fBEVP_KDF_CTX_get_params()\fR. \&\fBEVP_KDF_gettable_ctx_params()\fR returns the parameters that can be retrieved from the algorithm, whereas \fBEVP_KDF_CTX_gettable_params()\fR returns -the parameters that can be retrieved in the context's current state. +the parameters that can be retrieved in the context\*(Aqs current state. .PP \&\fBEVP_KDF_settable_ctx_params()\fR and \fBEVP_KDF_CTX_settable_params()\fR return -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the settable parameters that +constant \fBOSSL_PARAM\fR\|(3) arrays that describe the settable parameters that can be used with \fBEVP_KDF_CTX_set_params()\fR. \fBEVP_KDF_settable_ctx_params()\fR returns the parameters that can be retrieved from the algorithm, whereas \fBEVP_KDF_CTX_settable_params()\fR returns the parameters that can -be retrieved in the context's current state. +be retrieved in the context\*(Aqs current state. .SS "Information functions" .IX Subsection "Information functions" \&\fBEVP_KDF_CTX_get_kdf_size()\fR returns the output size if the algorithm produces a fixed amount -of output and \fB\s-1SIZE_MAX\s0\fR otherwise. If an error occurs then 0 is returned. +of output and \fBSIZE_MAX\fR otherwise. If an error occurs then 0 is returned. For some algorithms an error may result if input parameters necessary to calculate a fixed output size have not yet been supplied. .PP \&\fBEVP_KDF_is_a()\fR returns 1 if \fIkdf\fR is an implementation of an -algorithm that's identifiable with \fIname\fR, otherwise 0. +algorithm that\*(Aqs identifiable with \fIname\fR, otherwise 0. .PP \&\fBEVP_KDF_get0_provider()\fR returns the provider that holds the implementation of the given \fIkdf\fR. .PP -\&\fBEVP_KDF_do_all_provided()\fR traverses all \s-1KDF\s0 implemented by all activated +\&\fBEVP_KDF_do_all_provided()\fR traverses all KDF implemented by all activated providers in the given library context \fIlibctx\fR, and for each of the implementations, calls the given function \fIfn\fR with the implementation method and the given \fIarg\fR as argument. .PP -\&\fBEVP_KDF_get0_name()\fR return the name of the given \s-1KDF.\s0 For fetched KDFs -with multiple names, only one of them is returned; it's +\&\fBEVP_KDF_get0_name()\fR return the name of the given KDF. For fetched KDFs +with multiple names, only one of them is returned; it\*(Aqs recommended to use \fBEVP_KDF_names_do_all()\fR instead. .PP \&\fBEVP_KDF_names_do_all()\fR traverses all names for \fIkdf\fR, and calls @@ -309,44 +234,37 @@ \&\fBEVP_KDF_get0_description()\fR returns a description of the \fIkdf\fR, meant for display and human consumption. The description is at the discretion of the \fIkdf\fR implementation. -.SH "PARAMETERS" +.SH PARAMETERS .IX Header "PARAMETERS" The standard parameter names are: -.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " -Some \s-1KDF\s0 implementations require a password. -For those \s-1KDF\s0 implementations that support it, this parameter sets the password. -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " -Some \s-1KDF\s0 implementations can take a non-secret unique cryptographic salt. -For those \s-1KDF\s0 implementations that support it, this parameter sets the salt. +.IP """pass"" (\fBOSSL_KDF_PARAM_PASSWORD\fR) " 4 +.IX Item """pass"" (OSSL_KDF_PARAM_PASSWORD) " +Some KDF implementations require a password. +For those KDF implementations that support it, this parameter sets the password. +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " +Some KDF implementations can take a non\-secret unique cryptographic salt. +For those KDF implementations that support it, this parameter sets the salt. .Sp The default value, if any, is implementation dependent. -.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.IX Item "iter (OSSL_KDF_PARAM_ITER) " -Some \s-1KDF\s0 implementations require an iteration count. -For those \s-1KDF\s0 implementations that support it, this parameter sets the +.IP """iter"" (\fBOSSL_KDF_PARAM_ITER\fR) " 4 +.IX Item """iter"" (OSSL_KDF_PARAM_ITER) " +Some KDF implementations require an iteration count. +For those KDF implementations that support it, this parameter sets the iteration count. .Sp The default value, if any, is implementation dependent. -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mac (OSSL_KDF_PARAM_MAC) " -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " -.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) " +.IP """mac"" (\fBOSSL_KDF_PARAM_MAC\fR) " 4 +.IX Item """mac"" (OSSL_KDF_PARAM_MAC) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " +.IP """cipher"" (\fBOSSL_KDF_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_KDF_PARAM_CIPHER) " .PD -For \s-1KDF\s0 implementations that use an underlying computation \s-1MAC,\s0 digest or +For KDF implementations that use an underlying computation MAC, digest or cipher, these parameters set what the algorithm should be. .Sp The value is always the name of the intended algorithm, @@ -354,36 +272,32 @@ .Sp Note that not all algorithms may support all possible underlying implementations. -.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_KDF_PARAM_KEY) " -Some \s-1KDF\s0 implementations require a key. -For those \s-1KDF\s0 implementations that support it, this octet string parameter +.IP """key"" (\fBOSSL_KDF_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_KEY) " +Some KDF implementations require a key. +For those KDF implementations that support it, this octet string parameter sets the key. -.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.IX Item "info (OSSL_KDF_PARAM_INFO) " -Some \s-1KDF\s0 implementations, such as \s-1\fBEVP_KDF\-HKDF\s0\fR\|(7), take an 'info' parameter +.IP """info"" (\fBOSSL_KDF_PARAM_INFO\fR) " 4 +.IX Item """info"" (OSSL_KDF_PARAM_INFO) " +Some KDF implementations, such as \fBEVP_KDF\-HKDF\fR\|(7), take an \*(Aqinfo\*(Aq parameter for binding the derived key material -to application\- and context-specific information. +to application\- and context\-specific information. This parameter sets the info, fixed info, other info or shared info argument. You can specify this parameter multiple times, and each instance will be concatenated to form the final value. -.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 -.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 -.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) " -Used by implementations that use a \s-1MAC\s0 with a variable output size (\s-1KMAC\s0). -For those \s-1KDF\s0 implementations that support it, this parameter -sets the \s-1MAC\s0 output size. +.IP """maclen"" (\fBOSSL_KDF_PARAM_MAC_SIZE\fR) " 4 +.IX Item """maclen"" (OSSL_KDF_PARAM_MAC_SIZE) " +Used by implementations that use a MAC with a variable output size (KMAC). +For those KDF implementations that support it, this parameter +sets the MAC output size. .Sp The default value, if any, is implementation dependent. The length must never exceed what can be given with a \fBsize_t\fR. -.ie n .IP """maxmem_bytes"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 -.el .IP "``maxmem_bytes'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 -.IX Item "maxmem_bytes (OSSL_KDF_PARAM_SCRYPT_MAXMEM) " -Memory-hard password-based \s-1KDF\s0 algorithms, such as scrypt, use an amount of +.IP """maxmem_bytes"" (\fBOSSL_KDF_PARAM_SCRYPT_MAXMEM\fR) " 4 +.IX Item """maxmem_bytes"" (OSSL_KDF_PARAM_SCRYPT_MAXMEM) " +Memory\-hard password\-based KDF algorithms, such as scrypt, use an amount of memory that depends on the load factors provided as input. -For those \s-1KDF\s0 implementations that support it, this \fBuint64_t\fR parameter sets +For those KDF implementations that support it, this \fBuint64_t\fR parameter sets an upper limit on the amount of memory that may be consumed while performing a key derivation. If this memory usage limit is exceeded because the load factors are chosen @@ -393,47 +307,47 @@ The memory size must never exceed what can be given with a \fBsize_t\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_KDF_fetch()\fR returns a pointer to a newly fetched \fB\s-1EVP_KDF\s0\fR, or -\&\s-1NULL\s0 if allocation failed. +\&\fBEVP_KDF_fetch()\fR returns a pointer to a newly fetched \fBEVP_KDF\fR, or +NULL if allocation failed. .PP -\&\fBEVP_KDF_get0_provider()\fR returns a pointer to the provider for the \s-1KDF,\s0 or -\&\s-1NULL\s0 on error. +\&\fBEVP_KDF_get0_provider()\fR returns a pointer to the provider for the KDF, or +NULL on error. .PP \&\fBEVP_KDF_up_ref()\fR returns 1 on success, 0 on error. .PP \&\fBEVP_KDF_CTX_new()\fR returns either the newly allocated -\&\fB\s-1EVP_KDF_CTX\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBEVP_KDF_CTX\fR structure or NULL if an error occurred. .PP \&\fBEVP_KDF_CTX_free()\fR and \fBEVP_KDF_CTX_reset()\fR do not return a value. .PP -\&\fBEVP_KDF_CTX_get_kdf_size()\fR returns the output size. \fB\s-1SIZE_MAX\s0\fR is returned to indicate +\&\fBEVP_KDF_CTX_get_kdf_size()\fR returns the output size. \fBSIZE_MAX\fR is returned to indicate that the algorithm produces a variable amount of output; 0 to indicate failure. .PP -\&\fBEVP_KDF_get0_name()\fR returns the name of the \s-1KDF,\s0 or \s-1NULL\s0 on error. +\&\fBEVP_KDF_get0_name()\fR returns the name of the KDF, or NULL on error. .PP \&\fBEVP_KDF_names_do_all()\fR returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. .PP The remaining functions return 1 for success and 0 or a negative value for failure. In particular, a return value of \-2 indicates the operation is not -supported by the \s-1KDF\s0 algorithm. -.SH "NOTES" +supported by the KDF algorithm. +.SH NOTES .IX Header "NOTES" -The \s-1KDF\s0 life-cycle is described in \fBlife_cycle\-kdf\fR\|(7). In the future, +The KDF life\-cycle is described in \fBlife_cycle\-kdf\fR\|(7). In the future, the transitions described there will be enforced. When this is done, it will -not be considered a breaking change to the \s-1API.\s0 +not be considered a breaking change to the API. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7), +"Key Derivation Function (KDF)" in \fBOSSL_PROVIDER\-default\fR\|(7), \&\fBlife_cycle\-kdf\fR\|(7). -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_KEM_free.3.orig +++ secure/lib/libcrypto/man/man3/EVP_KEM_free.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KEM_FREE 3ossl" -.TH EVP_KEM_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KEM_FREE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KEM_fetch, EVP_KEM_free, EVP_KEM_up_ref, EVP_KEM_get0_name, EVP_KEM_is_a, EVP_KEM_get0_provider, EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_get0_description, EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params \&\- Functions to manage EVP_KEM algorithm objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -164,25 +89,26 @@ \& const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem); \& const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_KEM_fetch()\fR fetches the implementation for the given \fBalgorithm\fR from any provider offering it, within the criteria given by the \fBproperties\fR and in the -scope of the given library context \fBctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). The algorithm +scope of the given library context \fBctx\fR (see \fBOSSL_LIB_CTX\fR\|(3)). The algorithm will be one offering functions for performing asymmetric kem related tasks such as key encapsulation and decapsulation. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .PP The returned value must eventually be freed with \fBEVP_KEM_free()\fR. .PP -\&\fBEVP_KEM_free()\fR decrements the reference count for the \fB\s-1EVP_KEM\s0\fR structure. +\&\fBEVP_KEM_free()\fR decrements the reference count for the \fBEVP_KEM\fR structure. Typically this structure will have been obtained from an earlier call to \&\fBEVP_KEM_fetch()\fR. If the reference count drops to 0 then the structure is freed. +If the argument is NULL, nothing is done. .PP -\&\fBEVP_KEM_up_ref()\fR increments the reference count for an \fB\s-1EVP_KEM\s0\fR structure. +\&\fBEVP_KEM_up_ref()\fR increments the reference count for an \fBEVP_KEM\fR structure. .PP \&\fBEVP_KEM_is_a()\fR returns 1 if \fIkem\fR is an implementation of an -algorithm that's identifiable with \fIname\fR, otherwise 0. +algorithm that\*(Aqs identifiable with \fIname\fR, otherwise 0. .PP \&\fBEVP_KEM_get0_provider()\fR returns the provider that \fIkem\fR was fetched from. .PP @@ -205,12 +131,12 @@ the \fIkem\fR implementation. .PP \&\fBEVP_KEM_gettable_ctx_params()\fR and \fBEVP_KEM_settable_ctx_params()\fR return -a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +a constant \fBOSSL_PARAM\fR\|(3) array that describes the names and types of key parameters that can be retrieved or set by a key encapsulation algorithm using \&\fBEVP_PKEY_CTX_get_params\fR\|(3) and \fBEVP_PKEY_CTX_set_params\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_KEM_fetch()\fR returns a pointer to an \fB\s-1EVP_KEM\s0\fR for success or \fB\s-1NULL\s0\fR for +\&\fBEVP_KEM_fetch()\fR returns a pointer to an \fBEVP_KEM\fR for success or \fBNULL\fR for failure. .PP \&\fBEVP_KEM_up_ref()\fR returns 1 for success or 0 otherwise. @@ -219,18 +145,18 @@ return value of 0 means that the callback was not called for any names. .PP \&\fBEVP_KEM_gettable_ctx_params()\fR and \fBEVP_KEM_settable_ctx_params()\fR return -a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or \s-1NULL\s0 on error. +a constant \fBOSSL_PARAM\fR\|(3) array or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), \s-1\fBOSSL_PROVIDER\s0\fR\|(3) -.SH "HISTORY" +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7), \fBOSSL_PROVIDER\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_KEYEXCH_free.3.orig +++ secure/lib/libcrypto/man/man3/EVP_KEYEXCH_free.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KEYEXCH_FREE 3ossl" -.TH EVP_KEYEXCH_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KEYEXCH_FREE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_get0_provider, EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, EVP_KEYEXCH_names_do_all, EVP_KEYEXCH_get0_name, EVP_KEYEXCH_get0_description, EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params \&\- Functions to manage EVP_KEYEXCH algorithm objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -166,28 +91,28 @@ \& const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch); \& const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_KEYEXCH_fetch()\fR fetches the key exchange implementation for the given \&\fIalgorithm\fR from any provider offering it, within the criteria given by the \fIproperties\fR. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .PP The returned value must eventually be freed with \fBEVP_KEYEXCH_free()\fR. .PP -\&\fBEVP_KEYEXCH_free()\fR decrements the reference count for the \fB\s-1EVP_KEYEXCH\s0\fR +\&\fBEVP_KEYEXCH_free()\fR decrements the reference count for the \fBEVP_KEYEXCH\fR structure. Typically this structure will have been obtained from an earlier call to \fBEVP_KEYEXCH_fetch()\fR. If the reference count drops to 0 then the -structure is freed. +structure is freed. If the argument is NULL, nothing is done. .PP -\&\fBEVP_KEYEXCH_up_ref()\fR increments the reference count for an \fB\s-1EVP_KEYEXCH\s0\fR +\&\fBEVP_KEYEXCH_up_ref()\fR increments the reference count for an \fBEVP_KEYEXCH\fR structure. .PP \&\fBEVP_KEYEXCH_get0_provider()\fR returns the provider that \fIexchange\fR was fetched from. .PP \&\fBEVP_KEYEXCH_is_a()\fR checks if \fIexchange\fR is an implementation of an -algorithm that's identifiable with \fIname\fR. +algorithm that\*(Aqs identifiable with \fIname\fR. .PP \&\fBEVP_KEYEXCH_get0_name()\fR returns the algorithm name from the provided implementation for the given \fIexchange\fR. Note that the \fIexchange\fR may have @@ -208,13 +133,13 @@ \&\fIdata\fR as arguments. .PP \&\fBEVP_KEYEXCH_gettable_ctx_params()\fR and \fBEVP_KEYEXCH_settable_ctx_params()\fR return -a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +a constant \fBOSSL_PARAM\fR\|(3) array that describes the names and types of key parameters that can be retrieved or set by a key exchange algorithm using \&\fBEVP_PKEY_CTX_get_params\fR\|(3) and \fBEVP_PKEY_CTX_set_params\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_KEYEXCH_fetch()\fR returns a pointer to a \fB\s-1EVP_KEYEXCH\s0\fR for success -or \s-1NULL\s0 for failure. +\&\fBEVP_KEYEXCH_fetch()\fR returns a pointer to a \fBEVP_KEYEXCH\fR for success +or NULL for failure. .PP \&\fBEVP_KEYEXCH_up_ref()\fR returns 1 for success or 0 otherwise. .PP @@ -225,18 +150,18 @@ otherwise 0. .PP \&\fBEVP_KEYEXCH_gettable_ctx_params()\fR and \fBEVP_KEYEXCH_settable_ctx_params()\fR return -a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or \s-1NULL\s0 on error. +a constant \fBOSSL_PARAM\fR\|(3) array or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), \s-1\fBOSSL_PROVIDER\s0\fR\|(3) -.SH "HISTORY" +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7), \fBOSSL_PROVIDER\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_KEYMGMT.3.orig +++ secure/lib/libcrypto/man/man3/EVP_KEYMGMT.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KEYMGMT 3ossl" -.TH EVP_KEYMGMT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KEYMGMT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KEYMGMT, EVP_KEYMGMT_fetch, EVP_KEYMGMT_up_ref, @@ -153,7 +78,7 @@ EVP_KEYMGMT_settable_params, EVP_KEYMGMT_gen_settable_params \&\- EVP key management routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -179,9 +104,9 @@ \& const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt); \& const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1EVP_KEYMGMT\s0\fR is a method object that represents key management +\&\fBEVP_KEYMGMT\fR is a method object that represents key management implementations for different cryptographic algorithms. This method object provides functionality to have providers import key material from the outside, as well as export key material to the @@ -191,20 +116,21 @@ when needed. .PP \&\fBEVP_KEYMGMT_fetch()\fR looks for an algorithm within the provider that -has been loaded into the \fB\s-1OSSL_LIB_CTX\s0\fR given by \fIctx\fR, having the +has been loaded into the \fBOSSL_LIB_CTX\fR given by \fIctx\fR, having the name given by \fIalgorithm\fR and the properties given by \fIproperties\fR. .PP \&\fBEVP_KEYMGMT_up_ref()\fR increments the reference count for the given -\&\fB\s-1EVP_KEYMGMT\s0\fR \fIkeymgmt\fR. +\&\fBEVP_KEYMGMT\fR \fIkeymgmt\fR. .PP \&\fBEVP_KEYMGMT_free()\fR decrements the reference count for the given -\&\fB\s-1EVP_KEYMGMT\s0\fR \fIkeymgmt\fR, and when the count reaches zero, frees it. +\&\fBEVP_KEYMGMT\fR \fIkeymgmt\fR, and when the count reaches zero, frees it. +If the argument is NULL, nothing is done. .PP \&\fBEVP_KEYMGMT_get0_provider()\fR returns the provider that has this particular implementation. .PP \&\fBEVP_KEYMGMT_is_a()\fR checks if \fIkeymgmt\fR is an implementation of an -algorithm that's identifiable with \fIname\fR. +algorithm that\*(Aqs identifiable with \fIname\fR. .PP \&\fBEVP_KEYMGMT_get0_name()\fR returns the algorithm name from the provided implementation for the given \fIkeymgmt\fR. Note that the \fIkeymgmt\fR may have @@ -225,22 +151,22 @@ \&\fIdata\fR as arguments. .PP \&\fBEVP_KEYMGMT_gettable_params()\fR and \fBEVP_KEYMGMT_settable_params()\fR return a -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +constant \fBOSSL_PARAM\fR\|(3) array that describes the names and types of key parameters that can be retrieved or set. \&\fBEVP_KEYMGMT_gettable_params()\fR is used by \fBEVP_PKEY_gettable_params\fR\|(3). .PP -\&\fBEVP_KEYMGMT_gen_settable_params()\fR returns a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that +\&\fBEVP_KEYMGMT_gen_settable_params()\fR returns a constant \fBOSSL_PARAM\fR\|(3) array that describes the names and types of key generation parameters that can be set via \&\fBEVP_PKEY_CTX_set_params\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBEVP_KEYMGMT_fetch()\fR may be called implicitly by other fetching functions, using the same library context and properties. -Any other \s-1API\s0 that uses keys will typically do this. +Any other API that uses keys will typically do this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_KEYMGMT_fetch()\fR returns a pointer to the key management -implementation represented by an \s-1EVP_KEYMGMT\s0 object, or \s-1NULL\s0 on +implementation represented by an EVP_KEYMGMT object, or NULL on error. .PP \&\fBEVP_KEYMGMT_up_ref()\fR returns 1 on success, or 0 on error. @@ -248,33 +174,33 @@ \&\fBEVP_KEYMGMT_names_do_all()\fR returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. .PP -\&\fBEVP_KEYMGMT_free()\fR doesn't return any value. +\&\fBEVP_KEYMGMT_free()\fR doesn\*(Aqt return any value. .PP -\&\fBEVP_KEYMGMT_get0_provider()\fR returns a pointer to a provider object, or \s-1NULL\s0 +\&\fBEVP_KEYMGMT_get0_provider()\fR returns a pointer to a provider object, or NULL on error. .PP \&\fBEVP_KEYMGMT_is_a()\fR returns 1 of \fIkeymgmt\fR was identifiable, otherwise 0. .PP -\&\fBEVP_KEYMGMT_get0_name()\fR returns the algorithm name, or \s-1NULL\s0 on error. +\&\fBEVP_KEYMGMT_get0_name()\fR returns the algorithm name, or NULL on error. .PP -\&\fBEVP_KEYMGMT_get0_description()\fR returns a pointer to a description, or \s-1NULL\s0 if -there isn't one. +\&\fBEVP_KEYMGMT_get0_description()\fR returns a pointer to a description, or NULL if +there isn\*(Aqt one. .PP \&\fBEVP_KEYMGMT_gettable_params()\fR, \fBEVP_KEYMGMT_settable_params()\fR and -\&\fBEVP_KEYMGMT_gen_settable_params()\fR return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or -\&\s-1NULL\s0 on error. +\&\fBEVP_KEYMGMT_gen_settable_params()\fR return a constant \fBOSSL_PARAM\fR\|(3) array or +NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_MD_fetch\fR\|(3), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBEVP_MD_fetch\fR\|(3), \fBOSSL_LIB_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_MAC.3.orig +++ secure/lib/libcrypto/man/man3/EVP_MAC.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MAC 3ossl" -.TH EVP_MAC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MAC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, EVP_MAC_get0_name, EVP_MAC_names_do_all, EVP_MAC_get0_description, EVP_MAC_get0_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, @@ -149,7 +74,7 @@ EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params, EVP_MAC_do_all_provided \- EVP MAC routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -201,99 +126,102 @@ \& void (*fn)(EVP_MAC *mac, void *arg), \& void *arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These types and functions help the application to calculate MACs of different types and with different underlying algorithms if there are any. .PP MACs are a bit complex insofar that some of them use other algorithms -for actual computation. \s-1HMAC\s0 uses a digest, and \s-1CMAC\s0 uses a cipher. +for actual computation. HMAC uses a digest, and CMAC uses a cipher. Therefore, there are sometimes two contexts to keep track of, one for -the \s-1MAC\s0 algorithm itself and one for the underlying computation +the MAC algorithm itself and one for the underlying computation algorithm if there is one. .PP -To make things less ambiguous, this manual talks about a \*(L"context\*(R" or -\&\*(L"\s-1MAC\s0 context\*(R", which is to denote the \s-1MAC\s0 level context, and about a -\&\*(L"underlying context\*(R", or \*(L"computation context\*(R", which is to denote the +To make things less ambiguous, this manual talks about a "context" or +"MAC context", which is to denote the MAC level context, and about a +"underlying context", or "computation context", which is to denote the context for the underlying computation algorithm if there is one. -.SS "Types" +.SS Types .IX Subsection "Types" -\&\fB\s-1EVP_MAC\s0\fR is a type that holds the implementation of a \s-1MAC.\s0 +\&\fBEVP_MAC\fR is a type that holds the implementation of a MAC. .PP -\&\fB\s-1EVP_MAC_CTX\s0\fR is a context type that holds internal \s-1MAC\s0 information +\&\fBEVP_MAC_CTX\fR is a context type that holds internal MAC information as well as a reference to a computation context, for those MACs that rely on an underlying computation algorithm. .SS "Algorithm implementation fetching" .IX Subsection "Algorithm implementation fetching" -\&\fBEVP_MAC_fetch()\fR fetches an implementation of a \s-1MAC\s0 \fIalgorithm\fR, given +\&\fBEVP_MAC_fetch()\fR fetches an implementation of a MAC \fIalgorithm\fR, given a library context \fIlibctx\fR and a set of \fIproperties\fR. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .PP -See \*(L"Message Authentication Code (\s-1MAC\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7) for the list +See "Message Authentication Code (MAC)" in \fBOSSL_PROVIDER\-default\fR\|(7) for the list of algorithms supported by the default provider. .PP The returned value must eventually be freed with \&\fBEVP_MAC_free\fR\|(3). .PP \&\fBEVP_MAC_up_ref()\fR increments the reference count of an already fetched -\&\s-1MAC.\s0 +MAC. .PP \&\fBEVP_MAC_free()\fR frees a fetched algorithm. -\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +NULL is a valid parameter, for which this function is a no\-op. .SS "Context manipulation functions" .IX Subsection "Context manipulation functions" -\&\fBEVP_MAC_CTX_new()\fR creates a new context for the \s-1MAC\s0 type \fImac\fR. +\&\fBEVP_MAC_CTX_new()\fR creates a new context for the MAC type \fImac\fR. The created context can then be used with most other functions described here. .PP \&\fBEVP_MAC_CTX_free()\fR frees the contents of the context, including an underlying context if there is one, as well as the context itself. -\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +NULL is a valid parameter, for which this function is a no\-op. .PP \&\fBEVP_MAC_CTX_dup()\fR duplicates the \fIsrc\fR context and returns a newly allocated context. .PP -\&\fBEVP_MAC_CTX_get0_mac()\fR returns the \fB\s-1EVP_MAC\s0\fR associated with the context +\&\fBEVP_MAC_CTX_get0_mac()\fR returns the \fBEVP_MAC\fR associated with the context \&\fIctx\fR. .SS "Computing functions" .IX Subsection "Computing functions" \&\fBEVP_Q_mac()\fR computes the message authentication code of \fIdata\fR with length \fIdatalen\fR -using the \s-1MAC\s0 algorithm \fIname\fR and the key \fIkey\fR with length \fIkeylen\fR. -The \s-1MAC\s0 algorithm is fetched using any given \fIlibctx\fR and property query +using the MAC algorithm \fIname\fR and the key \fIkey\fR with length \fIkeylen\fR. +The MAC algorithm is fetched using any given \fIlibctx\fR and property query string \fIpropq\fR. It takes parameters \fIsubalg\fR and further \fIparams\fR, -both of which may be \s-1NULL\s0 if not needed. -If \fIout\fR is not \s-1NULL,\s0 it places the result in the memory pointed at by \fIout\fR, +both of which may be NULL if not needed. +If \fIout\fR is not NULL, it places the result in the memory pointed at by \fIout\fR, but only if \fIoutsize\fR is sufficient (otherwise no computation is made). -If \fIout\fR is \s-1NULL,\s0 it allocates and uses a buffer of suitable length, +If \fIout\fR is NULL, it allocates and uses a buffer of suitable length, which will be returned on success and must be freed by the caller. In either case, also on error, -it assigns the number of bytes written to \fI*outlen\fR unless \fIoutlen\fR is \s-1NULL.\s0 +it assigns the number of bytes written to \fI*outlen\fR unless \fIoutlen\fR is NULL. .PP \&\fBEVP_MAC_init()\fR sets up the underlying context \fIctx\fR with information given -via the \fIkey\fR and \fIparams\fR arguments. The \s-1MAC\s0 \fIkey\fR has a length of +via the \fIkey\fR and \fIparams\fR arguments. The MAC \fIkey\fR has a length of \&\fIkeylen\fR and the parameters in \fIparams\fR are processed before setting -the key. If \fIkey\fR is \s-1NULL,\s0 the key must be set via \fIparams\fR either +the key. If \fIkey\fR is NULL, the key must be set via \fIparams\fR either as part of this call or separately using \fBEVP_MAC_CTX_set_params()\fR. -Providing non-NULL \fIparams\fR to this function is equivalent to calling +Providing non\-NULL \fIparams\fR to this function is equivalent to calling \&\fBEVP_MAC_CTX_set_params()\fR with those \fIparams\fR for the same \fIctx\fR beforehand. +Note: There are additional requirements for some MAC algorithms during +re\-initalization (i.e. calling \fBEVP_MAC_init()\fR on an EVP_MAC after \fBEVP_MAC_final()\fR +has been called on the same object). See the NOTES section below. .PP \&\fBEVP_MAC_init()\fR should be called before \fBEVP_MAC_update()\fR and \fBEVP_MAC_final()\fR. .PP -\&\fBEVP_MAC_update()\fR adds \fIdatalen\fR bytes from \fIdata\fR to the \s-1MAC\s0 input. +\&\fBEVP_MAC_update()\fR adds \fIdatalen\fR bytes from \fIdata\fR to the MAC input. .PP \&\fBEVP_MAC_final()\fR does the final computation and stores the result in the memory pointed at by \fIout\fR of size \fIoutsize\fR, and sets the number of bytes written in \fI*outl\fR at. -If \fIout\fR is \s-1NULL\s0 or \fIoutsize\fR is too small, then no computation +If \fIout\fR is NULL or \fIoutsize\fR is too small, then no computation is made. To figure out what the output length will be and allocate space for it -dynamically, simply call with \fIout\fR being \s-1NULL\s0 and \fIoutl\fR +dynamically, simply call with \fIout\fR being NULL and \fIoutl\fR pointing at a valid location, then allocate space and make a second call with \fIout\fR pointing at the allocated space. .PP -\&\fBEVP_MAC_finalXOF()\fR does the final computation for an \s-1XOF\s0 based \s-1MAC\s0 and stores +\&\fBEVP_MAC_finalXOF()\fR does the final computation for an XOF based MAC and stores the result in the memory pointed at by \fIout\fR of size \fIoutsize\fR. .PP \&\fBEVP_MAC_get_params()\fR retrieves details about the implementation @@ -314,49 +242,49 @@ context, given a context \fIctx\fR. The set of parameters given with \fIparams\fR determine exactly what parameters are passed down. -If \fIparams\fR are \s-1NULL,\s0 the underlying context should do nothing and return 1. +If \fIparams\fR are NULL, the underlying context should do nothing and return 1. Note that a parameter that is unknown in the underlying context is simply ignored. -Also, what happens when a needed parameter isn't passed down is +Also, what happens when a needed parameter isn\*(Aqt passed down is defined by the implementation. .PP -\&\fBEVP_MAC_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes +\&\fBEVP_MAC_gettable_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array that describes the retrievable and settable parameters. \fBEVP_MAC_gettable_params()\fR returns parameters that can be used with \fBEVP_MAC_get_params()\fR. .PP \&\fBEVP_MAC_gettable_ctx_params()\fR and \fBEVP_MAC_CTX_gettable_params()\fR -return constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the retrievable +return constant \fBOSSL_PARAM\fR\|(3) arrays that describe the retrievable parameters that can be used with \fBEVP_MAC_CTX_get_params()\fR. \&\fBEVP_MAC_gettable_ctx_params()\fR returns the parameters that can be retrieved from the algorithm, whereas \fBEVP_MAC_CTX_gettable_params()\fR returns -the parameters that can be retrieved in the context's current state. +the parameters that can be retrieved in the context\*(Aqs current state. .PP \&\fBEVP_MAC_settable_ctx_params()\fR and \fBEVP_MAC_CTX_settable_params()\fR return -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the settable parameters that +constant \fBOSSL_PARAM\fR\|(3) arrays that describe the settable parameters that can be used with \fBEVP_MAC_CTX_set_params()\fR. \fBEVP_MAC_settable_ctx_params()\fR returns the parameters that can be retrieved from the algorithm, whereas \fBEVP_MAC_CTX_settable_params()\fR returns the parameters that can -be retrieved in the context's current state. +be retrieved in the context\*(Aqs current state. .SS "Information functions" .IX Subsection "Information functions" -\&\fBEVP_MAC_CTX_get_mac_size()\fR returns the \s-1MAC\s0 output size for the given context. +\&\fBEVP_MAC_CTX_get_mac_size()\fR returns the MAC output size for the given context. .PP -\&\fBEVP_MAC_CTX_get_block_size()\fR returns the \s-1MAC\s0 block size for the given context. -Not all \s-1MAC\s0 algorithms support this. +\&\fBEVP_MAC_CTX_get_block_size()\fR returns the MAC block size for the given context. +Not all MAC algorithms support this. .PP \&\fBEVP_MAC_is_a()\fR checks if the given \fImac\fR is an implementation of an -algorithm that's identifiable with \fIname\fR. +algorithm that\*(Aqs identifiable with \fIname\fR. .PP \&\fBEVP_MAC_get0_provider()\fR returns the provider that holds the implementation of the given \fImac\fR. .PP -\&\fBEVP_MAC_do_all_provided()\fR traverses all \s-1MAC\s0 implemented by all activated +\&\fBEVP_MAC_do_all_provided()\fR traverses all MAC implemented by all activated providers in the given library context \fIlibctx\fR, and for each of the implementations, calls the given function \fIfn\fR with the implementation method and the given \fIarg\fR as argument. .PP -\&\fBEVP_MAC_get0_name()\fR return the name of the given \s-1MAC.\s0 For fetched MACs -with multiple names, only one of them is returned; it's +\&\fBEVP_MAC_get0_name()\fR return the name of the given MAC. For fetched MACs +with multiple names, only one of them is returned; it\*(Aqs recommended to use \fBEVP_MAC_names_do_all()\fR instead. .PP \&\fBEVP_MAC_names_do_all()\fR traverses all names for \fImac\fR, and calls @@ -365,116 +293,111 @@ \&\fBEVP_MAC_get0_description()\fR returns a description of the \fImac\fR, meant for display and human consumption. The description is at the discretion of the mac implementation. -.SH "PARAMETERS" +.SH PARAMETERS .IX Header "PARAMETERS" Parameters are identified by name as strings, and have an expected data type and maximum size. OpenSSL has a set of macros for parameter names it expects to see in -its own \s-1MAC\s0 implementations. +its own MAC implementations. Here, we show all three, the OpenSSL macro for the parameter name, the name in string form, and a type description. .PP The standard parameter names are: -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " -Its value is the \s-1MAC\s0 key as an array of bytes. +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " +Its value is the MAC key as an array of bytes. .Sp For MACs that use an underlying computation algorithm, the algorithm -must be set first, see parameter names \*(L"algorithm\*(R" below. -.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 -.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 -.IX Item "iv (OSSL_MAC_PARAM_IV) " -Some \s-1MAC\s0 implementations (\s-1GMAC\s0) require an \s-1IV,\s0 this parameter sets the \s-1IV.\s0 -.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 -.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 -.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " -Some \s-1MAC\s0 implementations (\s-1KMAC, BLAKE2\s0) accept a Customization String, +must be set first, see parameter names "algorithm" below. +.IP """iv"" (\fBOSSL_MAC_PARAM_IV\fR) " 4 +.IX Item """iv"" (OSSL_MAC_PARAM_IV) " +Some MAC implementations (GMAC) require an IV, this parameter sets the IV. +.IP """custom"" (\fBOSSL_MAC_PARAM_CUSTOM\fR) " 4 +.IX Item """custom"" (OSSL_MAC_PARAM_CUSTOM) " +Some MAC implementations (KMAC, BLAKE2) accept a Customization String, this parameter sets the Customization String. The default value is the empty string. -.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_MAC_PARAM_SALT) " -This option is used by \s-1BLAKE2 MAC.\s0 -.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 -.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 -.IX Item "xof (OSSL_MAC_PARAM_XOF) " -It's a simple flag, the value 0 or 1 are expected. +.IP """salt"" (\fBOSSL_MAC_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_MAC_PARAM_SALT) " +This option is used by BLAKE2 MAC. +.IP """xof"" (\fBOSSL_MAC_PARAM_XOF\fR) " 4 +.IX Item """xof"" (OSSL_MAC_PARAM_XOF) " +It\*(Aqs a simple flag, the value 0 or 1 are expected. .Sp -This option is used by \s-1KMAC.\s0 -.ie n .IP """digest-noinit"" (\fB\s-1OSSL_MAC_PARAM_DIGEST_NOINIT\s0\fR) " 4 -.el .IP "``digest-noinit'' (\fB\s-1OSSL_MAC_PARAM_DIGEST_NOINIT\s0\fR) " 4 -.IX Item "digest-noinit (OSSL_MAC_PARAM_DIGEST_NOINIT) " -A simple flag to set the \s-1MAC\s0 digest to not initialise the +This option is used by KMAC. +.IP """digest\-noinit"" (\fBOSSL_MAC_PARAM_DIGEST_NOINIT\fR) " 4 +.IX Item """digest-noinit"" (OSSL_MAC_PARAM_DIGEST_NOINIT) " +A simple flag to set the MAC digest to not initialise the implementation specific data. The value 0 or 1 is expected. .Sp -This option is used by \s-1HMAC.\s0 -.ie n .IP """digest-oneshot"" (\fB\s-1OSSL_MAC_PARAM_DIGEST_ONESHOT\s0\fR) " 4 -.el .IP "``digest-oneshot'' (\fB\s-1OSSL_MAC_PARAM_DIGEST_ONESHOT\s0\fR) " 4 -.IX Item "digest-oneshot (OSSL_MAC_PARAM_DIGEST_ONESHOT) " -A simple flag to set the \s-1MAC\s0 digest to be a oneshot operation. +This option is used by HMAC. +.IP """digest\-oneshot"" (\fBOSSL_MAC_PARAM_DIGEST_ONESHOT\fR) " 4 +.IX Item """digest-oneshot"" (OSSL_MAC_PARAM_DIGEST_ONESHOT) " +A simple flag to set the MAC digest to be a oneshot operation. The value 0 or 1 is expected. .Sp -This option is used by \s-1HMAC.\s0 -.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +This option is used by HMAC. +.IP """properties"" (\fBOSSL_MAC_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_MAC_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_MAC_PARAM_DIGEST) " -.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.IP """digest"" (\fBOSSL_MAC_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_MAC_PARAM_DIGEST) " +.IP """cipher"" (\fBOSSL_MAC_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_MAC_PARAM_CIPHER) " .PD -For \s-1MAC\s0 implementations that use an underlying computation cipher or +For MAC implementations that use an underlying computation cipher or digest, these parameters set what the algorithm should be. .Sp The value is always the name of the intended algorithm, or the properties. .Sp Note that not all algorithms may support all digests. -\&\s-1HMAC\s0 does not support variable output length digests such as \s-1SHAKE128\s0 -or \s-1SHAKE256.\s0 -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " -For \s-1MAC\s0 implementations that support it, set the output size that +HMAC does not support variable output length digests such as SHAKE128 +or SHAKE256. +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " +For MAC implementations that support it, set the output size that \&\fBEVP_MAC_final()\fR should produce. -The allowed sizes vary between \s-1MAC\s0 implementations, but must never exceed +The allowed sizes vary between MAC implementations, but must never exceed what can be given with a \fBsize_t\fR. -.ie n .IP """tls-data-size"" (\fB\s-1OSSL_MAC_PARAM_TLS_DATA_SIZE\s0\fR) " 4 -.el .IP "``tls-data-size'' (\fB\s-1OSSL_MAC_PARAM_TLS_DATA_SIZE\s0\fR) " 4 -.IX Item "tls-data-size (OSSL_MAC_PARAM_TLS_DATA_SIZE) " -This parameter is only supported by \s-1HMAC.\s0 If set then special handling is -activated for calculating the \s-1MAC\s0 of a received mac-then-encrypt \s-1TLS\s0 record -where variable length record padding has been used (as in the case of \s-1CBC\s0 mode +.IP """tls\-data\-size"" (\fBOSSL_MAC_PARAM_TLS_DATA_SIZE\fR) " 4 +.IX Item """tls-data-size"" (OSSL_MAC_PARAM_TLS_DATA_SIZE) " +This parameter is only supported by HMAC. If set then special handling is +activated for calculating the MAC of a received mac\-then\-encrypt TLS record +where variable length record padding has been used (as in the case of CBC mode ciphersuites). The value represents the total length of the record that is -having the \s-1MAC\s0 calculated including the received \s-1MAC\s0 and the record padding. +having the MAC calculated including the received MAC and the record padding. .Sp When used EVP_MAC_update must be called precisely twice. The first time with -the 13 bytes of \s-1TLS\s0 \*(L"header\*(R" data, and the second time with the entire record -including the \s-1MAC\s0 itself and any padding. The entire record length must equal -the value passed in the \*(L"tls-data-size\*(R" parameter. The length passed in the +the 13 bytes of TLS "header" data, and the second time with the entire record +including the MAC itself and any padding. The entire record length must equal +the value passed in the "tls\-data\-size" parameter. The length passed in the \&\fBdatalen\fR parameter to \fBEVP_MAC_update()\fR should be equal to the length of the -record after the \s-1MAC\s0 and any padding has been removed. +record after the MAC and any padding has been removed. .PP All these parameters should be used before the calls to any of \&\fBEVP_MAC_init()\fR, \fBEVP_MAC_update()\fR and \fBEVP_MAC_final()\fR for a full computation. Anything else may give undefined results. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \s-1MAC\s0 life-cycle is described in \fBlife_cycle\-mac\fR\|(7). In the future, +The MAC life\-cycle is described in \fBlife_cycle\-mac\fR\|(7). In the future, the transitions described there will be enforced. When this is done, it will -not be considered a breaking change to the \s-1API.\s0 +not be considered a breaking change to the API. .PP -The usage of the parameter names \*(L"custom\*(R", \*(L"iv\*(R" and \*(L"salt\*(R" correspond to +The usage of the parameter names "custom", "iv" and "salt" correspond to the names used in the standard where the algorithm was defined. +.PP +Some MAC algorithms store internal state that cannot be extracted during +re\-initalization. For example GMAC cannot extract an \fBIV\fR from the +underlying CIPHER context, and so calling \fBEVP_MAC_init()\fR on an EVP_MAC object +after \fBEVP_MAC_final()\fR has been called cannot reset its cipher state to what it +was when the \fBIV\fR was initially generated. For such instances, an +\&\fBOSSL_MAC_PARAM_IV\fR parameter must be passed with each call to \fBEVP_MAC_init()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_MAC_fetch()\fR returns a pointer to a newly fetched \fB\s-1EVP_MAC\s0\fR, or -\&\s-1NULL\s0 if allocation failed. +\&\fBEVP_MAC_fetch()\fR returns a pointer to a newly fetched \fBEVP_MAC\fR, or +NULL if allocation failed. .PP \&\fBEVP_MAC_up_ref()\fR returns 1 on success, 0 on error. .PP @@ -486,32 +409,32 @@ \&\fBEVP_MAC_is_a()\fR returns 1 if the given method can be identified with the given name, otherwise 0. .PP -\&\fBEVP_MAC_get0_name()\fR returns a name of the \s-1MAC,\s0 or \s-1NULL\s0 on error. +\&\fBEVP_MAC_get0_name()\fR returns a name of the MAC, or NULL on error. .PP -\&\fBEVP_MAC_get0_provider()\fR returns a pointer to the provider for the \s-1MAC,\s0 or -\&\s-1NULL\s0 on error. +\&\fBEVP_MAC_get0_provider()\fR returns a pointer to the provider for the MAC, or +NULL on error. .PP \&\fBEVP_MAC_CTX_new()\fR and \fBEVP_MAC_CTX_dup()\fR return a pointer to a newly -created \s-1EVP_MAC_CTX,\s0 or \s-1NULL\s0 if allocation failed. +created EVP_MAC_CTX, or NULL if allocation failed. .PP \&\fBEVP_MAC_CTX_free()\fR returns nothing at all. .PP \&\fBEVP_MAC_CTX_get_params()\fR and \fBEVP_MAC_CTX_set_params()\fR return 1 on success, 0 on error. .PP -\&\fBEVP_Q_mac()\fR returns a pointer to the computed \s-1MAC\s0 value, or \s-1NULL\s0 on error. +\&\fBEVP_Q_mac()\fR returns a pointer to the computed MAC value, or NULL on error. .PP \&\fBEVP_MAC_init()\fR, \fBEVP_MAC_update()\fR, \fBEVP_MAC_final()\fR, and \fBEVP_MAC_finalXOF()\fR return 1 on success, 0 on error. .PP -\&\fBEVP_MAC_CTX_get_mac_size()\fR returns the expected output size, or 0 if it isn't -set. If it isn't set, a call to \fBEVP_MAC_init()\fR will set it. +\&\fBEVP_MAC_CTX_get_mac_size()\fR returns the expected output size, or 0 if it isn\*(Aqt +set. If it isn\*(Aqt set, a call to \fBEVP_MAC_init()\fR will set it. .PP -\&\fBEVP_MAC_CTX_get_block_size()\fR returns the block size, or 0 if it isn't set. -If it isn't set, a call to \fBEVP_MAC_init()\fR will set it. +\&\fBEVP_MAC_CTX_get_block_size()\fR returns the block size, or 0 if it isn\*(Aqt set. +If it isn\*(Aqt set, a call to \fBEVP_MAC_init()\fR will set it. .PP \&\fBEVP_MAC_do_all_provided()\fR returns nothing at all. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 5 \& #include @@ -595,24 +518,24 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBproperty\fR\|(7) -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), -\&\s-1\fBEVP_MAC\-BLAKE2\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-CMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-GMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-HMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-KMAC\s0\fR\|(7), +\&\fBOSSL_PARAM\fR\|(3), +\&\fBEVP_MAC\-BLAKE2\fR\|(7), +\&\fBEVP_MAC\-CMAC\fR\|(7), +\&\fBEVP_MAC\-GMAC\fR\|(7), +\&\fBEVP_MAC\-HMAC\fR\|(7), +\&\fBEVP_MAC\-KMAC\fR\|(7), \&\fBEVP_MAC\-Siphash\fR\|(7), \&\fBEVP_MAC\-Poly1305\fR\|(7), \&\fBprovider\-mac\fR\|(7), \&\fBlife_cycle\-mac\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2018\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3.orig +++ secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD_METH_NEW 3ossl" -.TH EVP_MD_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD_METH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, @@ -150,14 +75,14 @@ EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl \&\- Routines to build up legacy EVP_MD methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -197,22 +122,23 @@ \& int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, \& int p1, void *p2); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. -Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +Applications should instead use the OSSL_PROVIDER APIs. .PP -The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +The \fBEVP_MD\fR type is a structure for digest method implementation. It can also have associated public/private key signing and verifying routines. .PP -\&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. -These \fB\s-1EVP_MD\s0\fR structures are reference counted. +\&\fBEVP_MD_meth_new()\fR creates a new \fBEVP_MD\fR structure. +These \fBEVP_MD\fR structures are reference counted. .PP \&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. .PP -\&\fBEVP_MD_meth_free()\fR decrements the reference count for the \fB\s-1EVP_MD\s0\fR structure. +\&\fBEVP_MD_meth_free()\fR decrements the reference count for the \fBEVP_MD\fR structure. If the reference count drops to 0 then the structure is freed. +If the argument is NULL, nothing is done. .PP \&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size for the method \fBmd\fR to \fBblocksize\fR bytes. @@ -225,34 +151,34 @@ set the size for it to \fBdatasize\fR. .PP \&\fBEVP_MD_meth_set_flags()\fR sets the flags to describe optional -behaviours in the particular \fBmd\fR. Several flags can be or'd +behaviours in the particular \fBmd\fR. Several flags can be or\*(Aqd together. The available flags are: -.IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 +.IP EVP_MD_FLAG_ONESHOT 4 .IX Item "EVP_MD_FLAG_ONESHOT" This digest method can only handle one block of input. -.IP "\s-1EVP_MD_FLAG_XOF\s0" 4 +.IP EVP_MD_FLAG_XOF 4 .IX Item "EVP_MD_FLAG_XOF" -This digest method is an extensible-output function (\s-1XOF\s0) and supports -the \fB\s-1EVP_MD_CTRL_XOF_LEN\s0\fR control. -.IP "\s-1EVP_MD_FLAG_DIGALGID_NULL\s0" 4 +This digest method is an extensible\-output function (XOF) and supports +the \fBEVP_MD_CTRL_XOF_LEN\fR control. +.IP EVP_MD_FLAG_DIGALGID_NULL 4 .IX Item "EVP_MD_FLAG_DIGALGID_NULL" When setting up a DigestAlgorithmIdentifier, this flag will have the -parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if -combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT,\s0 the latter will override.\fR -.IP "\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0" 4 +parameter set to NULL by default. Use this for PKCS#1. \fINote: if +combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.\fR +.IP EVP_MD_FLAG_DIGALGID_ABSENT 4 .IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" When setting up a DigestAlgorithmIdentifier, this flag will have the parameter be left absent by default. \fINote: if combined with -\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR -.IP "\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0" 4 +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.\fR +.IP EVP_MD_FLAG_DIGALGID_CUSTOM 4 .IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" Custom DigestAlgorithmIdentifier handling via ctrl, with -\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with -\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR +\&\fBEVP_MD_FLAG_DIGALGID_ABSENT\fR as default. \fINote: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.\fR Currently unused. -.IP "\s-1EVP_MD_FLAG_FIPS\s0" 4 +.IP EVP_MD_FLAG_FIPS 4 .IX Item "EVP_MD_FLAG_FIPS" -This digest method is suitable for use in \s-1FIPS\s0 mode. +This digest method is suitable for use in FIPS mode. Currently unused. .PP \&\fBEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. @@ -269,18 +195,18 @@ \&\fBEVP_DigestFinal_ex()\fR, \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR. .PP \&\fBEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra -computations after the method's private data structure has been copied -from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy +computations after the method\*(Aqs private data structure has been copied +from one \fBEVP_MD_CTX\fR to another. If all that\*(Aqs needed is to copy the data, there is no need for this copy function. -Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private +Note that the copy function is passed two \fBEVP_MD_CTX *\fR, the private data structure is then available with \fBEVP_MD_CTX_get0_md_data()\fR. This copy function is called by \fBEVP_MD_CTX_copy()\fR and \&\fBEVP_MD_CTX_copy_ex()\fR. .PP \&\fBEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra -cleanup before the method's private data structure is cleaned out and +cleanup before the method\*(Aqs private data structure is cleaned out and freed. -Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the +Note that the cleanup function is passed a \fBEVP_MD_CTX *\fR, the private data structure is then available with \fBEVP_MD_CTX_get0_md_data()\fR. This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and \&\fBEVP_MD_CTX_free()\fR. @@ -298,7 +224,7 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_MD_meth_new()\fR and \fBEVP_MD_meth_dup()\fR return a pointer to a newly -created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. +created \fBEVP_MD\fR, or NULL on failure. All EVP_MD_meth_set_*() functions return 1. \&\fBEVP_MD_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, \&\fBEVP_MD_meth_get_app_datasize()\fR and \fBEVP_MD_meth_get_flags()\fR return the @@ -308,20 +234,20 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP -The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version +The \fBEVP_MD\fR structure was openly available in OpenSSL before version 1.1. The functions described here were added in OpenSSL 1.1. -The \fB\s-1EVP_MD\s0\fR structure created with these functions became reference +The \fBEVP_MD\fR structure created with these functions became reference counted in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_OpenInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_OpenInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_OPENINIT 3ossl" -.TH EVP_OPENINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_OPENINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,27 +76,27 @@ \& int *outl, unsigned char *in, int inl); \& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 envelope routines are a high-level interface to envelope +The EVP envelope routines are a high\-level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. .PP \&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length \&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. -The \s-1IV\s0 is supplied in the \fBiv\fR parameter. +The IV is supplied in the \fBiv\fR parameter. .PP \&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as documented on the \fBEVP_EncryptInit\fR\|(3) manual page. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" It is possible to call \fBEVP_OpenInit()\fR twice in the same way as -\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to NULL and (after setting any cipher parameters) it should be called again -with \fBtype\fR set to \s-1NULL.\s0 +with \fBtype\fR set to NULL. .PP If the cipher passed in the \fBtype\fR parameter is a variable length cipher then the key length will be set to the value of the recovered @@ -190,11 +115,11 @@ \&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_SealInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PBE_CipherInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PBE_CipherInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PBE_CIPHERINIT 3ossl" -.TH EVP_PBE_CIPHERINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PBE_CIPHERINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PBE_CipherInit, EVP_PBE_CipherInit_ex, EVP_PBE_find, EVP_PBE_find_ex, EVP_PBE_alg_add_type, EVP_PBE_alg_add \- Password based encryption routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,46 +88,46 @@ \& int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, \& EVP_PBE_KEYGEN *keygen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -.SS "\s-1PBE\s0 operations" +.SS "PBE operations" .IX Subsection "PBE operations" -\&\fBEVP_PBE_CipherInit()\fR and \fBEVP_PBE_CipherInit_ex()\fR initialise an \fB\s-1EVP_CIPHER_CTX\s0\fR +\&\fBEVP_PBE_CipherInit()\fR and \fBEVP_PBE_CipherInit_ex()\fR initialise an \fBEVP_CIPHER_CTX\fR \&\fIctx\fR for encryption (\fIen_de\fR=1) or decryption (\fIen_de\fR=0) using the password -\&\fIpass\fR of length \fIpasslen\fR. The \s-1PBE\s0 algorithm type and parameters are extracted -from an \s-1OID\s0 \fIpbe_obj\fR and parameters \fIparam\fR. +\&\fIpass\fR of length \fIpasslen\fR. The PBE algorithm type and parameters are extracted +from an OID \fIpbe_obj\fR and parameters \fIparam\fR. .PP \&\fBEVP_PBE_CipherInit_ex()\fR also allows the application to specify a library context \&\fIlibctx\fR and property query \fIpropq\fR to select appropriate algorithm implementations. -.SS "\s-1PBE\s0 algorithm search" +.SS "PBE algorithm search" .IX Subsection "PBE algorithm search" \&\fBEVP_PBE_find()\fR and \fBEVP_PBE_find_ex()\fR search for a matching algorithm using two parameters: .PP 1. An algorithm type \fItype\fR which can be: -.IP "\(bu" 4 -\&\s-1EVP_PBE_TYPE_OUTER\s0 \- A \s-1PBE\s0 algorithm -.IP "\(bu" 4 -\&\s-1EVP_PBE_TYPE_PRF\s0 \- A pseudo-random function -.IP "\(bu" 4 -\&\s-1EVP_PBE_TYPE_KDF\s0 \- A key derivation function +.IP \(bu 4 +EVP_PBE_TYPE_OUTER \- A PBE algorithm +.IP \(bu 4 +EVP_PBE_TYPE_PRF \- A pseudo\-random function +.IP \(bu 4 +EVP_PBE_TYPE_KDF \- A key derivation function .PP 2. A \fIpbe_nid\fR which can represent the algorithm identifier with parameters e.g. \&\fBNID_pbeWithSHA1AndRC2_CBC\fR or an algorithm class e.g. \fBNID_pbes2\fR. .PP -They return the algorithm's cipher \s-1ID\s0 \fIpcnid\fR, digest \s-1ID\s0 \fIpmnid\fR and a key +They return the algorithm\*(Aqs cipher ID \fIpcnid\fR, digest ID \fIpmnid\fR and a key generation function for the algorithm \fIpkeygen\fR. \fBEVP_PBE_CipherInit_ex()\fR also returns an extended key generation function \fIkeygen_ex\fR which takes a library context and property query. .PP -If a \s-1NULL\s0 is supplied for any of \fIpcnid\fR, \fIpmnid\fR, \fIpkeygen\fR or \fIpkeygen_ex\fR +If a NULL is supplied for any of \fIpcnid\fR, \fIpmnid\fR, \fIpkeygen\fR or \fIpkeygen_ex\fR then this parameter is not returned. -.SS "\s-1PBE\s0 algorithm add" +.SS "PBE algorithm add" .IX Subsection "PBE algorithm add" \&\fBEVP_PBE_alg_add_type()\fR and \fBEVP_PBE_alg_add()\fR add an algorithm to the list of known algorithms. Their parameters have the same meaning as for \&\fBEVP_PBE_find()\fR and \fBEVP_PBE_find_ex()\fR functions. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The arguments \fIpbe_obj\fR and \fIparam\fR to \fBEVP_PBE_CipherInit()\fR and \fBEVP_PBE_CipherInit_ex()\fR together form an \fBX509_ALGOR\fR and can often be extracted directly from this structure. @@ -216,14 +141,14 @@ \&\fBPKCS5_v2_PBE_keyivgen_ex\fR\|(3), \&\fBPKCS12_pbe_crypt_ex\fR\|(3), \&\fBPKCS12_create_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_PBE_CipherInit_ex()\fR and \fBEVP_PBE_find_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY2PKCS8.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY2PKCS8.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY2PKCS8 3ossl" -.TH EVP_PKEY2PKCS8 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY2PKCS8 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY2PKCS8, EVP_PKCS82PKEY_ex, EVP_PKCS82PKEY \&\- Convert a private key to/from PKCS8 -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,29 +76,29 @@ \& EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, \& const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1\fBEVP_PKEY2PKCS8\s0()\fR converts a private key \fIpkey\fR into a returned \s-1PKCS8\s0 object. +\&\fBEVP_PKEY2PKCS8()\fR converts a private key \fIpkey\fR into a returned PKCS8 object. .PP -\&\fBEVP_PKCS82PKEY_ex()\fR converts a \s-1PKCS8\s0 object \fIp8\fR into a returned private key. +\&\fBEVP_PKCS82PKEY_ex()\fR converts a PKCS8 object \fIp8\fR into a returned private key. It uses \fIlibctx\fR and \fIpropq\fR when fetching algorithms. .PP -\&\s-1\fBEVP_PKCS82PKEY\s0()\fR is similar to \fBEVP_PKCS82PKEY_ex()\fR but uses default values of -\&\s-1NULL\s0 for the \fIlibctx\fR and \fIpropq\fR. +\&\fBEVP_PKCS82PKEY()\fR is similar to \fBEVP_PKCS82PKEY_ex()\fR but uses default values of +NULL for the \fIlibctx\fR and \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fBEVP_PKEY2PKCS8\s0()\fR returns a \s-1PKCS8\s0 object on success. -\&\s-1\fBEVP_PKCS82PKEY\s0()\fR and \fBEVP_PKCS82PKEY_ex()\fR return a private key on success. +\&\fBEVP_PKEY2PKCS8()\fR returns a PKCS8 object on success. +\&\fBEVP_PKCS82PKEY()\fR and \fBEVP_PKCS82PKEY_ex()\fR return a private key on success. .PP -All functions return \s-1NULL\s0 if the operation fails. +All functions return NULL if the operation fails. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS8_pkey_add1_attr\fR\|(3), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_METHOD 3ossl" -.TH EVP_PKEY_ASN1_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_ASN1_METHOD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, @@ -162,7 +87,7 @@ EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 \&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -276,21 +201,21 @@ \& \& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR is a structure which holds a set of \s-1ASN.1\s0 +\&\fBEVP_PKEY_ASN1_METHOD\fR is a structure which holds a set of ASN.1 conversion, printing and information methods for a specific public key algorithm. .PP -There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are -stored: one is a built-in array representing the standard methods for -different algorithms, and the other one is a stack of user-defined -application-specific methods, which can be manipulated by using +There are two places where the \fBEVP_PKEY_ASN1_METHOD\fR objects are +stored: one is a built\-in array representing the standard methods for +different algorithms, and the other one is a stack of user\-defined +application\-specific methods, which can be manipulated by using \&\fBEVP_PKEY_asn1_add0\fR\|(3). -.SS "Methods" +.SS Methods .IX Subsection "Methods" The methods are the underlying implementations of a particular public -key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. +key algorithm present by the \fBEVP_PKEY\fR object. .PP .Vb 5 \& int (*pub_decode) (EVP_PKEY *pk, const X509_PUBKEY *pub); @@ -301,19 +226,19 @@ .Ve .PP The \fBpub_decode()\fR and \fBpub_encode()\fR methods are called to decode / -encode \fBX509_PUBKEY\fR \s-1ASN.1\s0 parameters to / from \fBpk\fR. -They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). +encode \fBX509_PUBKEY\fR ASN.1 parameters to / from \fBpk\fR. +They MUST return 0 on error, 1 on success. +They\*(Aqre called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). .PP The \fBpub_cmp()\fR method is called when two public keys are to be compared. -It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. -It's called by \fBEVP_PKEY_eq\fR\|(3). +It MUST return 1 when the keys are equal, 0 otherwise. +It\*(Aqs called by \fBEVP_PKEY_eq\fR\|(3). .PP The \fBpub_print()\fR method is called to print a public key in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBEVP_PKEY_print_public\fR\|(3). +It MUST return 0 on error, 1 on success. +It\*(Aqs called by \fBEVP_PKEY_print_public\fR\|(3). .PP .Vb 4 \& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); @@ -323,14 +248,14 @@ .Ve .PP The \fBpriv_decode()\fR and \fBpriv_encode()\fR methods are called to decode / -encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. -They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fBEVP_PKEY2PKCS8\s0\fR\|(3). +encode \fBPKCS8_PRIV_KEY_INFO\fR form private key to / from \fBpk\fR. +They MUST return 0 on error, 1 on success. +They\*(Aqre called by \fBEVP_PKCS82PKEY\fR\|(3) and \fBEVP_PKEY2PKCS8\fR\|(3). .PP The \fBpriv_print()\fR method is called to print a private key in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBEVP_PKEY_print_private\fR\|(3). +It MUST return 0 on error, 1 on success. +It\*(Aqs called by \fBEVP_PKEY_print_private\fR\|(3). .PP .Vb 3 \& int (*pkey_size) (const EVP_PKEY *pk); @@ -339,10 +264,10 @@ .Ve .PP The \fBpkey_size()\fR method returns the key size in bytes. -It's called by \fBEVP_PKEY_get_size\fR\|(3). +It\*(Aqs called by \fBEVP_PKEY_get_size\fR\|(3). .PP The \fBpkey_bits()\fR method returns the key size in bits. -It's called by \fBEVP_PKEY_get_bits\fR\|(3). +It\*(Aqs called by \fBEVP_PKEY_get_bits\fR\|(3). .PP .Vb 8 \& int (*param_decode) (EVP_PKEY *pkey, @@ -356,28 +281,28 @@ .Ve .PP The \fBparam_decode()\fR and \fBparam_encode()\fR methods are called to decode / -encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. -They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR -\&\s-1\fBOSSL_STORE_LOADER\s0\fR\|(3). +encode DER formatted parameters to / from \fBpk\fR. +They MUST return 0 on error, 1 on success. +They\*(Aqre called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR +\&\fBOSSL_STORE_LOADER\fR\|(3). .PP The \fBparam_missing()\fR method returns 0 if a key parameter is missing, otherwise 1. -It's called by \fBEVP_PKEY_missing_parameters\fR\|(3). +It\*(Aqs called by \fBEVP_PKEY_missing_parameters\fR\|(3). .PP The \fBparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBEVP_PKEY_copy_parameters\fR\|(3). +It MUST return 0 on error, 1 on success. +It\*(Aqs called by \fBEVP_PKEY_copy_parameters\fR\|(3). .PP The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. -It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a +It MUST return 1 when the keys are equal, 0 when not equal, or a negative number on error. -It's called by \fBEVP_PKEY_parameters_eq\fR\|(3). +It\*(Aqs called by \fBEVP_PKEY_parameters_eq\fR\|(3). .PP The \fBparam_print()\fR method prints the private key parameters in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBEVP_PKEY_print_params\fR\|(3). +It MUST return 0 on error, 1 on success. +It\*(Aqs called by \fBEVP_PKEY_print_params\fR\|(3). .PP .Vb 3 \& int (*sig_print) (BIO *out, @@ -388,17 +313,17 @@ The \fBsig_print()\fR method prints a signature in humanly readable text to \&\fBout\fR, indented \fBindent\fR spaces. \&\fBsigalg\fR contains the exact signature algorithm. -If the signature in \fBsig\fR doesn't correspond to what this method +If the signature in \fBsig\fR doesn\*(Aqt correspond to what this method expects, \fBX509_signature_dump()\fR must be used as a last resort. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBX509_signature_print\fR\|(3). +It MUST return 0 on error, 1 on success. +It\*(Aqs called by \fBX509_signature_print\fR\|(3). .PP .Vb 1 \& void (*pkey_free) (EVP_PKEY *pkey); .Ve .PP The \fBpkey_free()\fR method helps freeing the internals of \fBpkey\fR. -It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), +It\*(Aqs called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), \&\fBEVP_PKEY_set_type_str\fR\|(3), and \fBEVP_PKEY_assign\fR\|(3). .PP .Vb 1 @@ -406,7 +331,7 @@ .Ve .PP The \fBpkey_ctrl()\fR method adds extra algorithm specific control. -It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), +It\*(Aqs called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), \&\fBEVP_PKEY_set1_encoded_public_key\fR\|(3), \&\fBEVP_PKEY_get1_encoded_public_key\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), \&\fBPKCS7_RECIP_INFO_set\fR\|(3), ... @@ -418,13 +343,13 @@ .Ve .PP The \fBold_priv_decode()\fR and \fBold_priv_encode()\fR methods decode / encode -they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. +they private key \fBpkey\fR from / to a DER formatted array. These are exclusively used to help decoding / encoding older (pre -PKCS#8) \s-1PEM\s0 formatted encrypted private keys. -\&\fBold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. -\&\fBold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as +PKCS#8) PEM formatted encrypted private keys. +\&\fBold_priv_decode()\fR MUST return 0 on error, 1 on success. +\&\fBold_priv_encode()\fR MUST the return same kind of values as \&\fBi2d_PrivateKey()\fR. -They're called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3). +They\*(Aqre called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3). .PP .Vb 5 \& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, @@ -437,32 +362,32 @@ The \fBitem_sign()\fR and \fBitem_verify()\fR methods make it possible to have algorithm specific signatures and verification of them. .PP -\&\fBitem_sign()\fR \s-1MUST\s0 return one of: -.IP "<=0" 4 +\&\fBitem_sign()\fR MUST return one of: +.IP <=0 4 .IX Item "<=0" error -.IP "1" 4 +.IP 1 4 .IX Item "1" \&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the signature length back. -.IP "2" 4 +.IP 2 4 .IX Item "2" \&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are expected to continue with the default signature production. -.IP "3" 4 +.IP 3 4 .IX Item "3" \&\fBitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, OpenSSL internals should just sign using those algorithms. .PP -\&\fBitem_verify()\fR \s-1MUST\s0 return one of: -.IP "<=0" 4 +\&\fBitem_verify()\fR MUST return one of: +.IP <=0 4 .IX Item "<=0" error -.IP "1" 4 +.IP 1 4 .IX Item "1" \&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the signature length back. -.IP "2" 4 +.IP 2 4 .IX Item "2" \&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are expected to continue with the default signature production. @@ -478,8 +403,8 @@ .PP The \fBsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR parameters. -It \s-1MUST\s0 return 0 on error, or 1 on success. -It's called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3) +It MUST return 0 on error, or 1 on success. +It\*(Aqs called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3) and \fBX509_check_issued\fR\|(3). .PP .Vb 3 @@ -489,9 +414,9 @@ .Ve .PP The \fBpkey_check()\fR, \fBpkey_public_check()\fR and \fBpkey_param_check()\fR methods are used -to check the validity of \fBpk\fR for key-pair, public component and parameters, +to check the validity of \fBpk\fR for key\-pair, public component and parameters, respectively. -They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. +They MUST return 0 for an invalid key, or 1 for a valid key. They are called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and \&\fBEVP_PKEY_param_check\fR\|(3) respectively. .PP @@ -501,7 +426,7 @@ .Ve .PP The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw private and -public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success. +public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and \&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively. .PP @@ -510,18 +435,18 @@ \& void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); .Ve .PP -\&\fBdirty_cnt()\fR returns the internal key's dirty count. +\&\fBdirty_cnt()\fR returns the internal key\*(Aqs dirty count. This can be used to synchronise different copies of the same keys. .PP The \fBexport_to()\fR method exports the key material from the given key to -a provider, through the \s-1\fBEVP_KEYMGMT\s0\fR\|(3) interface, if that provider +a provider, through the \fBEVP_KEYMGMT\fR\|(3) interface, if that provider supports importing key material. -.SS "Functions" +.SS Functions .IX Subsection "Functions" -\&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR +\&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fBEVP_PKEY_ASN1_METHOD\fR object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and \&\fBinfo\fR. -\&\fBid\fR is a \s-1NID,\s0 \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a +\&\fBid\fR is a NID, \fBpem_str\fR is the PEM type string, \fBinfo\fR is a descriptive string. The following \fBflags\fR are supported: .PP @@ -529,30 +454,30 @@ \& ASN1_PKEY_SIGPARAM_NULL .Ve .PP -If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm +If \fBASN1_PKEY_SIGPARAM_NULL\fR is set, then the signature algorithm parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is omitted). See \fBX509_ALGOR_set0\fR\|(3) for more information. .PP -\&\fBEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from +\&\fBEVP_PKEY_asn1_copy()\fR copies an \fBEVP_PKEY_ASN1_METHOD\fR object from \&\fBsrc\fR to \fBdst\fR. -This function is not thread safe, it's recommended to only use this +This function is not thread safe, it\*(Aqs recommended to only use this when initializing the application. .PP -\&\fBEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed -by \fBameth\fR. +\&\fBEVP_PKEY_asn1_free()\fR frees an existing \fBEVP_PKEY_ASN1_METHOD\fR pointed +by \fBameth\fR. If the argument is NULL, nothing is done. .PP \&\fBEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of -methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is +methods unless another \fBEVP_PKEY_ASN1_METHOD\fR with the same NID is already there. -This function is not thread safe, it's recommended to only use this +This function is not thread safe, it\*(Aqs recommended to only use this when initializing the application. .PP -\&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. -This function is not thread safe, it's recommended to only use this +\&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the NID \fBto\fR for the +\&\fBEVP_PKEY_ASN1_METHOD\fR with NID \fBfrom\fR unless another +\&\fBEVP_PKEY_ASN1_METHOD\fR with the same NID is already added. +This function is not thread safe, it\*(Aqs recommended to only use this when initializing the application. .PP \&\fBEVP_PKEY_asn1_set_public()\fR, \fBEVP_PKEY_asn1_set_private()\fR, @@ -563,30 +488,30 @@ \&\fBEVP_PKEY_asn1_set_security_bits()\fR, \fBEVP_PKEY_asn1_set_set_priv_key()\fR, \&\fBEVP_PKEY_asn1_set_set_pub_key()\fR, \fBEVP_PKEY_asn1_set_get_priv_key()\fR and \&\fBEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. +\&\fBEVP_PKEY_ASN1_METHOD\fR object. .PP -\&\fBEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated +\&\fBEVP_PKEY_get0_asn1()\fR finds the \fBEVP_PKEY_ASN1_METHOD\fR associated with the key \fBpkey\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +\&\fBEVP_PKEY_asn1_new()\fR returns NULL on error, or a pointer to an +\&\fBEVP_PKEY_ASN1_METHOD\fR object otherwise. .PP \&\fBEVP_PKEY_asn1_add0()\fR and \fBEVP_PKEY_asn1_add_alias()\fR return 0 on error, or 1 on success. .PP -\&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. -.SH "HISTORY" +\&\fBEVP_PKEY_get0_asn1()\fR returns NULL on error, or a pointer to a constant +\&\fBEVP_PKEY_ASN1_METHOD\fR object otherwise. +.SH HISTORY .IX Header "HISTORY" The signature of the \fIpub_decode\fR functional argument of \&\fBEVP_PKEY_asn1_set_public()\fR has changed in OpenSSL 3.0 so its \fIpub\fR parameter is now constified. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_CTRL 3ossl" -.TH EVP_PKEY_CTX_CTRL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_CTRL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, @@ -208,7 +133,7 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len, EVP_PKEY_CTX_set_kem_op \&\- algorithm specific control operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -315,7 +240,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -331,7 +256,7 @@ \& \& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context \fIctx\fR. The key type used must match \fIkeytype\fR if it is not \-1. The parameter \fIoptype\fR is a @@ -339,8 +264,8 @@ The control command is indicated in \fIcmd\fR and any additional arguments in \&\fIp1\fR and \fIp2\fR. .PP -For \fIcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fIp1\fR is the length of the \s-1MAC\s0 key, -and \fIp2\fR is the \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 +For \fIcmd\fR = \fBEVP_PKEY_CTRL_SET_MAC_KEY\fR, \fIp1\fR is the length of the MAC key, +and \fIp2\fR is the MAC key. This is used by Poly1305, SipHash, HMAC and CMAC. .PP Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will instead call one of the algorithm specific functions below. @@ -359,10 +284,10 @@ \&\fIctx\fR. The message digest is specified by its name \fImd\fR. .PP \&\fBEVP_PKEY_CTX_set_signature_md()\fR sets the message digest type used -in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +in a signature. It can be used in the RSA, DSA and ECDSA algorithms. .PP \&\fBEVP_PKEY_CTX_get_signature_md()\fRgets the message digest type used -in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +in a signature. It can be used in the RSA, DSA and ECDSA algorithms. .PP Key generation typically involves setting up parameters to be used and generating the private and public key data. Some algorithm implementations @@ -376,62 +301,62 @@ the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. .PP \&\fBEVP_PKEY_CTX_set_group_name()\fR sets the group name to \fIname\fR for parameter and -key generation. For example for \s-1EC\s0 keys this will set the curve name and for -\&\s-1DH\s0 keys it will set the name of the finite field group. +key generation. For example for EC keys this will set the curve name and for +DH keys it will set the name of the finite field group. .PP -\&\fBEVP_PKEY_CTX_get_group_name()\fR finds the group name that's currently +\&\fBEVP_PKEY_CTX_get_group_name()\fR finds the group name that\*(Aqs currently set with \fIctx\fR, and writes it to the location that \fIname\fR points at, as long as its size \fInamelen\fR is large enough to store that name, including a -terminating \s-1NUL\s0 byte. -.SS "\s-1RSA\s0 parameters" +terminating NUL byte. +.SS "RSA parameters" .IX Subsection "RSA parameters" -\&\fBEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fIctx\fR. -The \fIpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 -padding, \fB\s-1RSA_NO_PADDING\s0\fR for -no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and -decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations -only), \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only) and -\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR for \s-1TLS RSA\s0 ClientKeyExchange message padding +\&\fBEVP_PKEY_CTX_set_rsa_padding()\fR sets the RSA padding mode for \fIctx\fR. +The \fIpad\fR parameter can take the value \fBRSA_PKCS1_PADDING\fR for PKCS#1 +padding, \fBRSA_NO_PADDING\fR for +no padding, \fBRSA_PKCS1_OAEP_PADDING\fR for OAEP padding (encrypt and +decrypt only), \fBRSA_X931_PADDING\fR for X9.31 padding (signature operations +only), \fBRSA_PKCS1_PSS_PADDING\fR (sign and verify only) and +\&\fBRSA_PKCS1_WITH_TLS_PADDING\fR for TLS RSA ClientKeyExchange message padding (decryption only). .PP -Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR +Two RSA padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR is used. If this function is called for PKCS#1 padding the plaintext buffer is an actual digest value and is encapsulated in a DigestInfo structure according to PKCS#1 when signing and this structure is expected (and stripped off) when -verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the +verifying. If this control is not used with RSA and PKCS#1 padding then the supplied data is used directly and not encapsulated. In the case of X9.31 -padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed +padding for RSA the algorithm identifier byte is added or checked and removed if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. .PP -\&\fBEVP_PKEY_CTX_get_rsa_padding()\fR gets the \s-1RSA\s0 padding mode for \fIctx\fR. +\&\fBEVP_PKEY_CTX_get_rsa_padding()\fR gets the RSA padding mode for \fIctx\fR. .PP -\&\fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR sets the \s-1RSA PSS\s0 salt length to \fIsaltlen\fR. -As its name implies it is only supported for \s-1PSS\s0 padding. If this function is +\&\fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR sets the RSA PSS salt length to \fIsaltlen\fR. +As its name implies it is only supported for PSS padding. If this function is not called then the maximum salt length is used when signing and auto detection when verifying. Three special values are supported: -.IP "\fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR" 4 +.IP \fBRSA_PSS_SALTLEN_DIGEST\fR 4 .IX Item "RSA_PSS_SALTLEN_DIGEST" sets the salt length to the digest length. -.IP "\fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR" 4 +.IP \fBRSA_PSS_SALTLEN_MAX\fR 4 .IX Item "RSA_PSS_SALTLEN_MAX" sets the salt length to the maximum permissible value. -.IP "\fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR" 4 +.IP \fBRSA_PSS_SALTLEN_AUTO\fR 4 .IX Item "RSA_PSS_SALTLEN_AUTO" causes the salt length to be automatically determined based on the -\&\fB\s-1PSS\s0\fR block structure when verifying. When signing, it has the same -meaning as \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR. +\&\fBPSS\fR block structure when verifying. When signing, it has the same +meaning as \fBRSA_PSS_SALTLEN_MAX\fR. .PP -\&\fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR gets the \s-1RSA PSS\s0 salt length for \fIctx\fR. -The padding mode must already have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +\&\fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR gets the RSA PSS salt length for \fIctx\fR. +The padding mode must already have been set to \fBRSA_PKCS1_PSS_PADDING\fR. .PP -\&\fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR sets the \s-1RSA\s0 key length for -\&\s-1RSA\s0 key generation to \fIbits\fR. If not specified 2048 bits is used. +\&\fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR sets the RSA key length for +RSA key generation to \fIbits\fR. If not specified 2048 bits is used. .PP -\&\fBEVP_PKEY_CTX_set1_rsa_keygen_pubexp()\fR sets the public exponent value for \s-1RSA\s0 key +\&\fBEVP_PKEY_CTX_set1_rsa_keygen_pubexp()\fR sets the public exponent value for RSA key generation to the value stored in \fIpubexp\fR. Currently it should be an odd integer. In accordance with the OpenSSL naming convention, the \fIpubexp\fR pointer -must be freed independently of the \s-1EVP_PKEY_CTX\s0 (ie, it is internally copied). +must be freed independently of the EVP_PKEY_CTX (ie, it is internally copied). If not specified 65537 is used. .PP \&\fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR does the same as @@ -439,36 +364,36 @@ therefore \fIpubexp\fR should not be modified or freed after the call. .PP \&\fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR sets the number of primes for -\&\s-1RSA\s0 key generation to \fIprimes\fR. If not specified 2 is used. +RSA key generation to \fIprimes\fR. If not specified 2 is used. .PP -\&\fBEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR sets the \s-1MGF1\s0 digest for \s-1RSA\s0 -padding schemes to the digest named \fImdname\fR. If the \s-1RSA\s0 algorithm +\&\fBEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR sets the MGF1 digest for RSA +padding schemes to the digest named \fImdname\fR. If the RSA algorithm implementation for the selected provider supports it then the digest will be fetched using the properties \fImdprops\fR. If not explicitly set the signing -digest is used. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR -or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +digest is used. The padding mode must have been set to \fBRSA_PKCS1_OAEP_PADDING\fR +or \fBRSA_PKCS1_PSS_PADDING\fR. .PP \&\fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR does the same as \&\fBEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR except that the name of the digest is inferred from the supplied \fImd\fR and it is not possible to specify any properties. .PP -\&\fBEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR gets the name of the \s-1MGF1\s0 +\&\fBEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR gets the name of the MGF1 digest algorithm for \fIctx\fR. If not explicitly set the signing digest is used. -The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or -\&\fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +The padding mode must have been set to \fBRSA_PKCS1_OAEP_PADDING\fR or +\&\fBRSA_PKCS1_PSS_PADDING\fR. .PP \&\fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR does the same as \&\fBEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR except that it returns a pointer to an -\&\s-1EVP_MD\s0 object instead. Note that only known, built-in \s-1EVP_MD\s0 objects will be -returned. The \s-1EVP_MD\s0 object may be \s-1NULL\s0 if the digest is not one of these (such +EVP_MD object instead. Note that only known, built\-in EVP_MD objects will be +returned. The EVP_MD object may be NULL if the digest is not one of these (such as a digest only implemented in a third party provider). .PP \&\fBEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR sets the message digest type -used in \s-1RSA OAEP\s0 to the digest named \fImdname\fR. If the \s-1RSA\s0 algorithm +used in RSA OAEP to the digest named \fImdname\fR. If the RSA algorithm implementation for the selected provider supports it then the digest will be fetched using the properties \fImdprops\fR. The padding mode must have been set to -\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +\&\fBRSA_PKCS1_OAEP_PADDING\fR. .PP \&\fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR does the same as \&\fBEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR except that the name of the digest is @@ -476,66 +401,66 @@ properties. .PP \&\fBEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR gets the message digest -algorithm name used in \s-1RSA OAEP\s0 and stores it in the buffer \fIname\fR which is of +algorithm name used in RSA OAEP and stores it in the buffer \fIname\fR which is of size \fInamelen\fR. The padding mode must have been set to -\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The buffer should be sufficiently large for any +\&\fBRSA_PKCS1_OAEP_PADDING\fR. The buffer should be sufficiently large for any expected digest algorithm names or the function will fail. .PP \&\fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR does the same as \&\fBEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR except that it returns a pointer to an -\&\s-1EVP_MD\s0 object instead. Note that only known, built-in \s-1EVP_MD\s0 objects will be -returned. The \s-1EVP_MD\s0 object may be \s-1NULL\s0 if the digest is not one of these (such +EVP_MD object instead. Note that only known, built\-in EVP_MD objects will be +returned. The EVP_MD object may be NULL if the digest is not one of these (such as a digest only implemented in a third party provider). .PP -\&\fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR sets the \s-1RSA OAEP\s0 label to binary data -\&\fIlabel\fR and its length in bytes to \fIlen\fR. If \fIlabel\fR is \s-1NULL\s0 or \fIlen\fR is 0, +\&\fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR sets the RSA OAEP label to binary data +\&\fIlabel\fR and its length in bytes to \fIlen\fR. If \fIlabel\fR is NULL or \fIlen\fR is 0, the label is cleared. The library takes ownership of the label so the caller should not free the original memory pointed to by \fIlabel\fR. -The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +The padding mode must have been set to \fBRSA_PKCS1_OAEP_PADDING\fR. .PP -\&\fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR gets the \s-1RSA OAEP\s0 label to +\&\fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR gets the RSA OAEP label to \&\fIlabel\fR. The return value is the label length. The padding mode -must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned +must have been set to \fBRSA_PKCS1_OAEP_PADDING\fR. The resulting pointer is owned by the library and should not be freed by the caller. .PP -\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR is used when decrypting an \s-1RSA\s0 encrypted \s-1TLS\s0 -pre-master secret in a \s-1TLS\s0 ClientKeyExchange message. It is the same as -\&\s-1RSA_PKCS1_PADDING\s0 except that it additionally verifies that the result is the +\&\fBRSA_PKCS1_WITH_TLS_PADDING\fR is used when decrypting an RSA encrypted TLS +pre\-master secret in a TLS ClientKeyExchange message. It is the same as +RSA_PKCS1_PADDING except that it additionally verifies that the result is the correct length and the first two bytes are the protocol version initially requested by the client. If the encrypted content is publicly invalid then the decryption will fail. However, if the padding checks fail then decryption will -still appear to succeed but a random \s-1TLS\s0 premaster secret will be returned +still appear to succeed but a random TLS premaster secret will be returned instead. This padding mode accepts two parameters which can be set using the \&\fBEVP_PKEY_CTX_set_params\fR\|(3) function. These are -\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0 and -\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION,\s0 both of which are expected to be +OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION and +OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, both of which are expected to be unsigned integers. Normally only the first of these will be set and represents -the \s-1TLS\s0 protocol version that was first requested by the client (e.g. 0x0303 for +the TLS protocol version that was first requested by the client (e.g. 0x0303 for TLSv1.2, 0x0302 for TLSv1.1 etc). Historically some buggy clients would use the negotiated protocol version instead of the protocol version first requested. If this behaviour should be tolerated then -\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION\s0 should be set to the actual +OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual negotiated protocol version. Otherwise it should be left unset. -.SS "\s-1DSA\s0 parameters" +.SS "DSA parameters" .IX Subsection "DSA parameters" -\&\fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used for \s-1DSA\s0 +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used for DSA parameter generation to \fBnbits\fR. If not specified, 2048 is used. .PP \&\fBEVP_PKEY_CTX_set_dsa_paramgen_q_bits()\fR sets the number of bits in the subprime -parameter \fIq\fR for \s-1DSA\s0 parameter generation to \fIqbits\fR. If not specified, 224 +parameter \fIq\fR for DSA parameter generation to \fIqbits\fR. If not specified, 224 is used. If a digest function is specified below, this parameter is ignored and instead, the number of bits in \fIq\fR matches the size of the digest. .PP -\&\fBEVP_PKEY_CTX_set_dsa_paramgen_md()\fR sets the digest function used for \s-1DSA\s0 -parameter generation to \fImd\fR. If not specified, one of \s-1SHA\-1, SHA\-224,\s0 or -\&\s-1SHA\-256\s0 is selected to match the bit length of \fIq\fR above. +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_md()\fR sets the digest function used for DSA +parameter generation to \fImd\fR. If not specified, one of SHA\-1, SHA\-224, or +SHA\-256 is selected to match the bit length of \fIq\fR above. .PP -\&\fBEVP_PKEY_CTX_set_dsa_paramgen_md_props()\fR sets the digest function used for \s-1DSA\s0 +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_md_props()\fR sets the digest function used for DSA parameter generation using \fImd_name\fR and \fImd_properties\fR to retrieve the digest from a provider. -If not specified, \fImd_name\fR will be set to one of \s-1SHA\-1, SHA\-224,\s0 or -\&\s-1SHA\-256\s0 depending on the bit length of \fIq\fR above. \fImd_properties\fR is a -property query string that has a default value of '' if not specified. +If not specified, \fImd_name\fR will be set to one of SHA\-1, SHA\-224, or +SHA\-256 depending on the bit length of \fIq\fR above. \fImd_properties\fR is a +property query string that has a default value of \*(Aq\*(Aq if not specified. .PP \&\fBEVP_PKEY_CTX_set_dsa_paramgen_gindex()\fR sets the \fIgindex\fR used by the generator G. The default value is \-1 which uses unverifiable g, otherwise a positive value @@ -548,44 +473,44 @@ p & q on its first iteration. This value must be saved if key validation of p, q, and verifiable g are required, since it is not part of a persisted key. .PP -\&\fBEVP_PKEY_CTX_set_dsa_paramgen_type()\fR sets the generation type to use \s-1FIPS186\-4\s0 -generation if \fIname\fR is \*(L"fips186_4\*(R", or \s-1FIPS186\-2\s0 generation if \fIname\fR is -\&\*(L"fips186_2\*(R". The default value for the default provider is \*(L"fips186_2\*(R". The -default value for the \s-1FIPS\s0 provider is \*(L"fips186_4\*(R". -.SS "\s-1DH\s0 parameters" +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_type()\fR sets the generation type to use FIPS186\-4 +generation if \fIname\fR is "fips186_4", or FIPS186\-2 generation if \fIname\fR is +"fips186_2". The default value for the default provider is "fips186_2". The +default value for the FIPS provider is "fips186_4". +.SS "DH parameters" .IX Subsection "DH parameters" -\&\fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0 prime -parameter \fIp\fR for \s-1DH\s0 parameter generation. If this function is not called then +\&\fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the DH prime +parameter \fIp\fR for DH parameter generation. If this function is not called then 2048 is used. Only accepts lengths greater than or equal to 256. .PP -\&\fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR sets the length of the \s-1DH\s0 -optional subprime parameter \fIq\fR for \s-1DH\s0 parameter generation. The default is -256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 paramgen -type must have been set to \*(L"fips186_4\*(R". +\&\fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR sets the length of the DH +optional subprime parameter \fIq\fR for DH parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The DH paramgen +type must have been set to "fips186_4". .PP -\&\fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR sets \s-1DH\s0 generator to \fIgen\fR for \s-1DH\s0 +\&\fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR sets DH generator to \fIgen\fR for DH parameter generation. If not specified 2 is used. .PP -\&\fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR sets the key type for \s-1DH\s0 parameter +\&\fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR sets the key type for DH parameter generation. The supported parameters are: -.IP "\fB\s-1DH_PARAMGEN_TYPE_GROUP\s0\fR" 4 +.IP \fBDH_PARAMGEN_TYPE_GROUP\fR 4 .IX Item "DH_PARAMGEN_TYPE_GROUP" Use a named group. If only the safe prime parameter \fIp\fR is set this can be used to select a ffdhe safe prime group of the correct size. -.IP "\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_4\s0\fR" 4 +.IP \fBDH_PARAMGEN_TYPE_FIPS_186_4\fR 4 .IX Item "DH_PARAMGEN_TYPE_FIPS_186_4" -\&\s-1FIPS186\-4 FFC\s0 parameter generator. -.IP "\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_2\s0\fR" 4 +FIPS186\-4 FFC parameter generator. +.IP \fBDH_PARAMGEN_TYPE_FIPS_186_2\fR 4 .IX Item "DH_PARAMGEN_TYPE_FIPS_186_2" -\&\s-1FIPS186\-2 FFC\s0 parameter generator (X9.42 \s-1DH\s0). -.IP "\fB\s-1DH_PARAMGEN_TYPE_GENERATOR\s0\fR" 4 +FIPS186\-2 FFC parameter generator (X9.42 DH). +.IP \fBDH_PARAMGEN_TYPE_GENERATOR\fR 4 .IX Item "DH_PARAMGEN_TYPE_GENERATOR" Uses a safe prime generator g (PKCS#3 format). .PP -The default in the default provider is \fB\s-1DH_PARAMGEN_TYPE_GENERATOR\s0\fR for the -\&\*(L"\s-1DH\*(R"\s0 keytype, and \fB\s-1DH_PARAMGEN_TYPE_FIPS_186_2\s0\fR for the \*(L"\s-1DHX\*(R"\s0 keytype. In the -\&\s-1FIPS\s0 provider the default value is \fB\s-1DH_PARAMGEN_TYPE_GROUP\s0\fR for the \*(L"\s-1DH\*(R"\s0 -keytype and <\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_4\s0\fR for the \*(L"\s-1DHX\*(R"\s0 keytype. +The default in the default provider is \fBDH_PARAMGEN_TYPE_GENERATOR\fR for the +"DH" keytype, and \fBDH_PARAMGEN_TYPE_FIPS_186_2\fR for the "DHX" keytype. In the +FIPS provider the default value is \fBDH_PARAMGEN_TYPE_GROUP\fR for the "DH" +keytype and <\fBDH_PARAMGEN_TYPE_FIPS_186_4\fR for the "DHX" keytype. .PP \&\fBEVP_PKEY_CTX_set_dh_paramgen_gindex()\fR sets the \fIgindex\fR used by the generator G. The default value is \-1 which uses unverifiable g, otherwise a positive value @@ -598,13 +523,13 @@ p & q on its first iteration. This value must be saved if key validation of p, q, and verifiable g are required, since it is not part of a persisted key. .PP -\&\fBEVP_PKEY_CTX_set_dh_pad()\fR sets the \s-1DH\s0 padding mode. -If \fIpad\fR is 1 the shared secret is padded with zeros up to the size of the \s-1DH\s0 +\&\fBEVP_PKEY_CTX_set_dh_pad()\fR sets the DH padding mode. +If \fIpad\fR is 1 the shared secret is padded with zeros up to the size of the DH prime \fIp\fR. If \fIpad\fR is zero (the default) then no padding is performed. .PP -\&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to -\&\fInid\fR as defined in \s-1RFC7919\s0 or \s-1RFC3526.\s0 The \fInid\fR parameter must be +\&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the DH parameters to values corresponding to +\&\fInid\fR as defined in RFC7919 or RFC3526. The \fInid\fR parameter must be \&\fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \&\fBNID_ffdhe8192\fR, \fBNID_modp_1536\fR, \fBNID_modp_2048\fR, \fBNID_modp_3072\fR, \&\fBNID_modp_4096\fR, \fBNID_modp_6144\fR, \fBNID_modp_8192\fR or \fBNID_undef\fR to clear @@ -612,55 +537,55 @@ The nid parameter and the rfc5114 parameter are mutually exclusive. .PP \&\fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR both set the -\&\s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The \fIrfc5114\fR parameter must -be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections 2.1, 2.2 and 2.3. or 0 to clear +DH parameters to the values defined in RFC5114. The \fIrfc5114\fR parameter must +be 1, 2 or 3 corresponding to RFC5114 sections 2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called during parameter generation. The -\&\fIctx\fR must have a key type of \fB\s-1EVP_PKEY_DHX\s0\fR. +\&\fIctx\fR must have a key type of \fBEVP_PKEY_DHX\fR. The rfc5114 parameter and the nid parameter are mutually exclusive. -.SS "\s-1DH\s0 key derivation function parameters" +.SS "DH key derivation function parameters" .IX Subsection "DH key derivation function parameters" Note that all of the following functions require that the \fIctx\fR parameter has -a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of -\&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. -The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn -encrypts a Content Encryption Key (\s-1CEK\s0). +a private key type of \fBEVP_PKEY_DHX\fR. When using key derivation, the output of +\&\fBEVP_PKEY_derive()\fR is the output of the KDF instead of the DH shared secret. +The KDF output is typically used as a Key Encryption Key (KEK) that in turn +encrypts a Content Encryption Key (CEK). .PP \&\fBEVP_PKEY_CTX_set_dh_kdf_type()\fR sets the key derivation function type to \fIkdf\fR -for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR and -\&\fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 +for DH key derivation. Possible values are \fBEVP_PKEY_DH_KDF_NONE\fR and +\&\fBEVP_PKEY_DH_KDF_X9_42\fR which uses the key derivation specified in RFC2631 (based on the keying algorithm described in X9.42). When using key derivation, the \fIkdf_oid\fR, \fIkdf_md\fR and \fIkdf_outlen\fR parameters must also be specified. .PP \&\fBEVP_PKEY_CTX_get_dh_kdf_type()\fR gets the key derivation function type for \fIctx\fR -used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR and -\&\fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. +used for DH key derivation. Possible values are \fBEVP_PKEY_DH_KDF_NONE\fR and +\&\fBEVP_PKEY_DH_KDF_X9_42\fR. .PP \&\fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR sets the key derivation function object -identifier to \fIoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify the +identifier to \fIoid\fR for DH key derivation. This OID should identify the algorithm to be used with the Content Encryption Key. The library takes ownership of the object identifier so the caller should not free the original memory pointed to by \fIoid\fR. .PP \&\fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR gets the key derivation function oid for \fIctx\fR -used for \s-1DH\s0 key derivation. The resulting pointer is owned by the library and +used for DH key derivation. The resulting pointer is owned by the library and should not be freed by the caller. .PP \&\fBEVP_PKEY_CTX_set_dh_kdf_md()\fR sets the key derivation function message digest to -\&\fImd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies that this digest should -be \s-1SHA1\s0 but OpenSSL tolerates other digests. +\&\fImd\fR for DH key derivation. Note that RFC2631 specifies that this digest should +be SHA1 but OpenSSL tolerates other digests. .PP \&\fBEVP_PKEY_CTX_get_dh_kdf_md()\fR gets the key derivation function message digest for -\&\fIctx\fR used for \s-1DH\s0 key derivation. +\&\fIctx\fR used for DH key derivation. .PP \&\fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR sets the key derivation function output length -to \fIlen\fR for \s-1DH\s0 key derivation. +to \fIlen\fR for DH key derivation. .PP \&\fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR gets the key derivation function output length -for \fIctx\fR used for \s-1DH\s0 key derivation. +for \fIctx\fR used for DH key derivation. .PP \&\fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR sets the user key material to \fIukm\fR and its -length to \fIlen\fR for \s-1DH\s0 key derivation. This parameter is optional and -corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification +length to \fIlen\fR for DH key derivation. This parameter is optional and +corresponds to the partyAInfo field in RFC2631 terms. The specification requires that it is 512 bits long but this is not enforced by OpenSSL. The library takes ownership of the user key material so the caller should not free the original memory pointed to by \fIukm\fR. @@ -668,67 +593,67 @@ \&\fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR gets the user key material for \fIctx\fR. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller. -.SS "\s-1EC\s0 parameters" +.SS "EC parameters" .IX Subsection "EC parameters" Use \fBEVP_PKEY_CTX_set_group_name()\fR (described above) to set the curve name to \&\fIname\fR for parameter and key generation. .PP \&\fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR does the same as -\&\fBEVP_PKEY_CTX_set_group_name()\fR, but is specific to \s-1EC\s0 and uses a \fInid\fR rather +\&\fBEVP_PKEY_CTX_set_group_name()\fR, but is specific to EC and uses a \fInid\fR rather than a name string. .PP -For \s-1EC\s0 parameter generation, one of \fBEVP_PKEY_CTX_set_group_name()\fR +For EC parameter generation, one of \fBEVP_PKEY_CTX_set_group_name()\fR or \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR must be called or an error occurs because there is no default curve. These function can also be called to set the curve explicitly when -generating an \s-1EC\s0 key. +generating an EC key. .PP \&\fBEVP_PKEY_CTX_get_group_name()\fR (described above) can be used to obtain the curve -name that's currently set with \fIctx\fR. +name that\*(Aqs currently set with \fIctx\fR. .PP -\&\fBEVP_PKEY_CTX_set_ec_param_enc()\fR sets the \s-1EC\s0 parameter encoding to \fIparam_enc\fR -when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be -\&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions -of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. +\&\fBEVP_PKEY_CTX_set_ec_param_enc()\fR sets the EC parameter encoding to \fIparam_enc\fR +when generating EC parameters or an EC key. The encoding can be +\&\fBOPENSSL_EC_EXPLICIT_CURVE\fR for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or \fBOPENSSL_EC_NAMED_CURVE\fR to use named curve form. For maximum compatibility the named curve form should be used. Note: the -\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous +\&\fBOPENSSL_EC_NAMED_CURVE\fR value was added in OpenSSL 1.1.0; previous versions should use 0 instead. -.SS "\s-1ECDH\s0 parameters" +.SS "ECDH parameters" .IX Subsection "ECDH parameters" \&\fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR sets the cofactor mode to \fIcofactor_mode\fR -for \s-1ECDH\s0 key derivation. Possible values are 1 to enable cofactor +for ECDH key derivation. Possible values are 1 to enable cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor mode and fallback to the private key cofactor mode. .PP \&\fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR returns the cofactor mode for \fIctx\fR used -for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key derivation is +for ECDH key derivation. Possible values are 1 when cofactor key derivation is enabled and 0 otherwise. -.SS "\s-1ECDH\s0 key derivation function parameters" +.SS "ECDH key derivation function parameters" .IX Subsection "ECDH key derivation function parameters" \&\fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR sets the key derivation function type to -\&\fIkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR -and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. +\&\fIkdf\fR for ECDH key derivation. Possible values are \fBEVP_PKEY_ECDH_KDF_NONE\fR +and \fBEVP_PKEY_ECDH_KDF_X9_63\fR which uses the key derivation specified in X9.63. When using key derivation, the \fIkdf_md\fR and \fIkdf_outlen\fR parameters must also be specified. .PP \&\fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR returns the key derivation function type for -\&\fIctx\fR used for \s-1ECDH\s0 key derivation. Possible values are -\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. +\&\fIctx\fR used for ECDH key derivation. Possible values are +\&\fBEVP_PKEY_ECDH_KDF_NONE\fR and \fBEVP_PKEY_ECDH_KDF_X9_63\fR. .PP \&\fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR sets the key derivation function message digest -to \fImd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies that this digest -should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +to \fImd\fR for ECDH key derivation. Note that X9.63 specifies that this digest +should be SHA1 but OpenSSL tolerates other digests. .PP \&\fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR gets the key derivation function message digest -for \fIctx\fR used for \s-1ECDH\s0 key derivation. +for \fIctx\fR used for ECDH key derivation. .PP \&\fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR sets the key derivation function output -length to \fIlen\fR for \s-1ECDH\s0 key derivation. +length to \fIlen\fR for ECDH key derivation. .PP \&\fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR gets the key derivation function output -length for \fIctx\fR used for \s-1ECDH\s0 key derivation. +length for \fIctx\fR used for ECDH key derivation. .PP -\&\fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR sets the user key material to \fIukm\fR for \s-1ECDH\s0 +\&\fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR sets the user key material to \fIukm\fR for ECDH key derivation. This parameter is optional and corresponds to the shared info in X9.63 terms. The library takes ownership of the user key material so the caller should not free the original memory pointed to by \fIukm\fR. @@ -740,19 +665,19 @@ .IX Subsection "Other parameters" \&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR are used to manipulate the special identifier field for specific signature -algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fIid\fR with +algorithms such as SM2. The \fBEVP_PKEY_CTX_set1_id()\fR sets an ID pointed by \fIid\fR with the length \fIid_len\fR to the library. The library takes a copy of the id so that the caller can safely free the original memory pointed to by \fIid\fR. -\&\fBEVP_PKEY_CTX_get1_id_len()\fR returns the length of the \s-1ID\s0 set via a previous call +\&\fBEVP_PKEY_CTX_get1_id_len()\fR returns the length of the ID set via a previous call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. \fBEVP_PKEY_CTX_get1_id()\fR -returns the previously set \s-1ID\s0 value to caller in \fIid\fR. The caller should +returns the previously set ID value to caller in \fIid\fR. The caller should allocate adequate memory space for the \fIid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. .PP -\&\fBEVP_PKEY_CTX_set_kem_op()\fR sets the \s-1KEM\s0 operation to run. This can be set after +\&\fBEVP_PKEY_CTX_set_kem_op()\fR sets the KEM operation to run. This can be set after \&\fBEVP_PKEY_encapsulate_init()\fR or \fBEVP_PKEY_decapsulate_init()\fR to select the -kem operation. \s-1RSA\s0 is the only key type that supports encapsulation currently, -and as there is no default operation for the \s-1RSA\s0 type, this function must be +kem operation. RSA is the only key type that supports encapsulation currently, +and as there is no default operation for the RSA type, this function must be called before \fBEVP_PKEY_encapsulate()\fR or \fBEVP_PKEY_decapsulate()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -772,7 +697,7 @@ \&\fBEVP_PKEY_keygen\fR\|(3) \&\fBEVP_PKEY_encapsulate\fR\|(3) \&\fBEVP_PKEY_decapsulate\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR, \fBEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR, \&\fBEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR, \fBEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR, @@ -790,11 +715,11 @@ .PP \&\fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR, \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR, and \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_libctx.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_libctx.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_GET0_LIBCTX 3ossl" -.TH EVP_PKEY_CTX_GET0_LIBCTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_GET0_LIBCTX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_get0_libctx, EVP_PKEY_CTX_get0_propq, EVP_PKEY_CTX_get0_provider \&\- functions for getting diverse information from an EVP_PKEY_CTX -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,34 +77,34 @@ \& const char *EVP_PKEY_CTX_get0_propq(const EVP_PKEY_CTX *ctx); \& const OSSL_PROVIDER *EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_CTX_get0_libctx()\fR and \fBEVP_PKEY_CTX_get0_propq()\fR obtain the -\&\s-1OSSL_LIB_CTX\s0 and property query string values respectively that were -associated with the \s-1EVP_PKEY_CTX\s0 when it was constructed. +OSSL_LIB_CTX and property query string values respectively that were +associated with the EVP_PKEY_CTX when it was constructed. .PP \&\fBEVP_PKEY_CTX_get0_provider()\fR returns the provider associated with the -ongoing \fB\s-1EVP_PKEY_CTX\s0\fR operation. If the operation is performed by -en \fB\s-1ENGINE\s0\fR, this function returns \s-1NULL.\s0 +ongoing \fBEVP_PKEY_CTX\fR operation. If the operation is performed by +en \fBENGINE\fR, this function returns NULL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_CTX_get0_libctx()\fR and \fBEVP_PKEY_CTX_get0_propq()\fR functions return the -\&\s-1OSSL_LIB_CTX\s0 and property query string associated with the \s-1EVP_PKEY_CTX\s0 or \s-1NULL\s0 +OSSL_LIB_CTX and property query string associated with the EVP_PKEY_CTX or NULL if they are not set. The returned values should not be freed by the caller. .PP \&\fBEVP_PKEY_CTX_get0_provider()\fR returns a provider if an operation performed by -a provider is ongoing, otherwise \s-1NULL.\s0 +a provider is ongoing, otherwise NULL. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_pkey.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_pkey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_GET0_PKEY 3ossl" -.TH EVP_PKEY_CTX_GET0_PKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_GET0_PKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_get0_pkey, EVP_PKEY_CTX_get0_peerkey \&\- functions for accessing the EVP_PKEY associated with an EVP_PKEY_CTX -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,39 +75,39 @@ \& EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); \& EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBEVP_PKEY_CTX_get0_pkey()\fR is used to access the \fB\s-1EVP_PKEY\s0\fR -associated with the given \fB\s-1EVP_PKEY_CTX\s0\fR \fIctx\fR. -The \fB\s-1EVP_PKEY\s0\fR obtained is the one used for creating the \fB\s-1EVP_PKEY_CTX\s0\fR +\&\fBEVP_PKEY_CTX_get0_pkey()\fR is used to access the \fBEVP_PKEY\fR +associated with the given \fBEVP_PKEY_CTX\fR \fIctx\fR. +The \fBEVP_PKEY\fR obtained is the one used for creating the \fBEVP_PKEY_CTX\fR using either \fBEVP_PKEY_CTX_new\fR\|(3) or \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3). .PP -\&\fBEVP_PKEY_CTX_get0_peerkey()\fR is used to access the peer \fB\s-1EVP_PKEY\s0\fR -associated with the given \fB\s-1EVP_PKEY_CTX\s0\fR \fIctx\fR. -The peer \fB\s-1EVP_PKEY\s0\fR obtained is the one set using +\&\fBEVP_PKEY_CTX_get0_peerkey()\fR is used to access the peer \fBEVP_PKEY\fR +associated with the given \fBEVP_PKEY_CTX\fR \fIctx\fR. +The peer \fBEVP_PKEY\fR obtained is the one set using either \fBEVP_PKEY_derive_set_peer\fR\|(3) or \fBEVP_PKEY_derive_set_peer_ex\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_CTX_get0_pkey()\fR returns the \fB\s-1EVP_PKEY\s0\fR associated with the -\&\s-1EVP_PKEY_CTX\s0 or \s-1NULL\s0 if it is not set. +\&\fBEVP_PKEY_CTX_get0_pkey()\fR returns the \fBEVP_PKEY\fR associated with the +EVP_PKEY_CTX or NULL if it is not set. .PP -\&\fBEVP_PKEY_CTX_get0_peerkey()\fR returns the peer \fB\s-1EVP_PKEY\s0\fR associated with the -\&\s-1EVP_PKEY_CTX\s0 or \s-1NULL\s0 if it is not set. +\&\fBEVP_PKEY_CTX_get0_peerkey()\fR returns the peer \fBEVP_PKEY\fR associated with the +EVP_PKEY_CTX or NULL if it is not set. .PP -The returned \s-1EVP_PKEY\s0 objects are owned by the \s-1EVP_PKEY_CTX,\s0 +The returned EVP_PKEY objects are owned by the EVP_PKEY_CTX, and therefore should not explicitly be freed by the caller. .PP -These functions do not affect the \s-1EVP_PKEY\s0 reference count. +These functions do not affect the EVP_PKEY reference count. They merely act as getter functions, and should be treated as such. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3), \&\fBEVP_PKEY_derive_set_peer\fR\|(3), \fBEVP_PKEY_derive_set_peer_ex\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. -You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at +You can obtain a copy in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_NEW 3ossl" -.TH EVP_PKEY_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name, EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free, EVP_PKEY_CTX_is_a \&\- public key algorithm context functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,77 +85,80 @@ \& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using -the \fIpkey\fR key type and \s-1ENGINE\s0 \fIe\fR. +the \fIpkey\fR key type and ENGINE \fIe\fR. .PP The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context -using the key type specified by \fIid\fR and \s-1ENGINE\s0 \fIe\fR. +using the key type specified by \fIid\fR and ENGINE \fIe\fR. .PP The \fBEVP_PKEY_CTX_new_from_name()\fR function allocates a public key algorithm -context using the library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)), the +context using the library context \fIlibctx\fR (see \fBOSSL_LIB_CTX\fR\|(3)), the key type specified by \fIname\fR and the property query \fIpropquery\fR. None of the arguments are duplicated, so they must remain unchanged for the -lifetime of the returned \fB\s-1EVP_PKEY_CTX\s0\fR or of any of its duplicates. Read -further about the possible names in \*(L"\s-1NOTES\*(R"\s0 below. +lifetime of the returned \fBEVP_PKEY_CTX\fR or of any of its duplicates. Read +further about the possible names in "NOTES" below. .PP The \fBEVP_PKEY_CTX_new_from_pkey()\fR function allocates a public key algorithm -context using the library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and the +context using the library context \fIlibctx\fR (see \fBOSSL_LIB_CTX\fR\|(3)) and the algorithm specified by \fIpkey\fR and the property query \fIpropquery\fR. None of the arguments are duplicated, so they must remain unchanged for the lifetime of the -returned \fB\s-1EVP_PKEY_CTX\s0\fR or any of its duplicates. +returned \fBEVP_PKEY_CTX\fR or any of its duplicates. .PP \&\fBEVP_PKEY_CTX_new_id()\fR and \fBEVP_PKEY_CTX_new_from_name()\fR are normally -used when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, +used when no \fBEVP_PKEY\fR structure is associated with the operations, for example during parameter generation or key generation for some algorithms. .PP -\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fIctx\fR. It is not supported for a -keygen operation. +\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fIctx\fR. +It is not supported for a keygen operation. +It is however possible to duplicate a context freshly created via any of the +above \f(CW\*(C`new\*(C'\fR functions, provided \fBEVP_PKEY_keygen_init\fR\|(3) has not yet been +called on the source context, and then use the copy for key generation. .PP \&\fBEVP_PKEY_CTX_free()\fR frees up the context \fIctx\fR. -If \fIctx\fR is \s-1NULL,\s0 nothing is done. +If \fIctx\fR is NULL, nothing is done. .PP \&\fBEVP_PKEY_is_a()\fR checks if the key type associated with \fIctx\fR is \fIkeytype\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -.SS "On \fB\s-1EVP_PKEY_CTX\s0\fP" +.SS "On \fBEVP_PKEY_CTX\fP" .IX Subsection "On EVP_PKEY_CTX" -The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used -by the OpenSSL high-level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between +The \fBEVP_PKEY_CTX\fR structure is an opaque public key algorithm context used +by the OpenSSL high\-level public key API. Contexts \fBMUST NOT\fR be shared between threads: that is it is not permissible to use the same context simultaneously in two threads. .SS "On Key Types" .IX Subsection "On Key Types" -We mention \*(L"key type\*(R" in this manual, which is the same -as \*(L"algorithm\*(R" in most cases, allowing either term to be used +We mention "key type" in this manual, which is the same +as "algorithm" in most cases, allowing either term to be used interchangeably. There are algorithms where the \fIkey type\fR and the \&\fIalgorithm\fR of the operations that use the keys are not the same, -such as \s-1EC\s0 keys being used for \s-1ECDSA\s0 and \s-1ECDH\s0 operations. +such as EC keys being used for ECDSA and ECDH operations. .PP Key types are given in two different manners: -.IP "Legacy \s-1NID\s0 or \s-1EVP_PKEY\s0 type" 4 +.IP "Legacy NID or EVP_PKEY type" 4 .IX Item "Legacy NID or EVP_PKEY type" This is the \fIid\fR used with \fBEVP_PKEY_CTX_new_id()\fR. .Sp -These are \fB\s-1EVP_PKEY_RSA\s0\fR, \fB\s-1EVP_PKEY_RSA_PSS\s0\fR, \fB\s-1EVP_PKEY_DSA\s0\fR, -\&\fB\s-1EVP_PKEY_DH\s0\fR, \fB\s-1EVP_PKEY_EC\s0\fR, \fB\s-1EVP_PKEY_SM2\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, -\&\fB\s-1EVP_PKEY_X448\s0\fR, and are used by legacy methods. +These are \fBEVP_PKEY_RSA\fR, \fBEVP_PKEY_RSA_PSS\fR, \fBEVP_PKEY_DSA\fR, +\&\fBEVP_PKEY_DH\fR, \fBEVP_PKEY_EC\fR, \fBEVP_PKEY_SM2\fR, \fBEVP_PKEY_X25519\fR, +\&\fBEVP_PKEY_X448\fR, and are used by legacy methods. .IP "Name strings" 4 .IX Item "Name strings" This is the \fIname\fR used with \fBEVP_PKEY_CTX_new_from_name()\fR. .Sp -These are names like \*(L"\s-1RSA\*(R", \*(L"DSA\*(R",\s0 and what's available depends on what +These are names like "RSA", "DSA", and what\*(Aqs available depends on what providers are currently accessible. .Sp The OpenSSL providers offer a set of key types available this way, please -see \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) and \fBOSSL_PROVIDER\-default\fR\|(7) and related +see \fBOSSL_PROVIDER\-FIPS\fR\|(7) and \fBOSSL_PROVIDER\-default\fR\|(7) and related documentation for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR and \fBEVP_PKEY_CTX_dup()\fR return either -the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +the newly allocated \fBEVP_PKEY_CTX\fR structure or \fBNULL\fR if an error occurred. .PP \&\fBEVP_PKEY_CTX_free()\fR does not return a value. .PP @@ -238,18 +166,18 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR and \&\fBEVP_PKEY_CTX_free()\fR functions were added in OpenSSL 1.0.0. .PP The \fBEVP_PKEY_CTX_new_from_name()\fR and \fBEVP_PKEY_CTX_new_from_pkey()\fR functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3ossl" -.TH EVP_PKEY_CTX_SET1_PBE_PASS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,9 +74,9 @@ \& int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, \& int passlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions are generic support functions for all \s-1KDF\s0 algorithms. +These functions are generic support functions for all KDF algorithms. .PP \&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first bytes from \fBpass\fR. @@ -160,7 +85,7 @@ There is also support for string based control operations via \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). The \fBpassword\fR can be directly specified using the \fBtype\fR parameter -\&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. +"pass" or given in hex encoding using the "hexpass" parameter. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. @@ -171,15 +96,15 @@ \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR was converted from a macro to a function in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3ossl" -.TH EVP_PKEY_CTX_SET_HKDF_MD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_set_hkdf_mode \- HMAC\-based Extract\-and\-Expand key derivation algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,44 +86,44 @@ \& int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info, \& int infolen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP_PKEY_HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. -\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function. +HKDF follows the "extract\-then\-expand" paradigm, where the KDF logically consists of two modules. The first stage takes the input keying material -and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage -\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output -of the \s-1KDF\s0). +and "extracts" from it a fixed\-length pseudorandom key K. The second stage +"expands" the key K into several additional pseudorandom keys (the output +of the KDF). .PP -\&\fBEVP_PKEY_CTX_set_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There +\&\fBEVP_PKEY_CTX_set_hkdf_mode()\fR sets the mode for the HKDF operation. There are three modes that are currently defined: -.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 +.IP EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" -This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set -up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an EVP_PKEY_CTX set +up for HKDF will perform an extract followed by an expand operation in one go. The derived key returned will be the result after the expand operation. The -intermediate fixed-length pseudorandom key K is not returned. +intermediate fixed\-length pseudorandom key K is not returned. .Sp In this mode the digest, key, salt and info values must be set before a key is derived or an error occurs. -.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 +.IP EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the extract -operation. The value returned will be the intermediate fixed-length pseudorandom +operation. The value returned will be the intermediate fixed\-length pseudorandom key K. .Sp The digest, key and salt values must be set before a key is derived or an error occurs. -.IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 +.IP EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the expand -operation. The input key should be set to the intermediate fixed-length +operation. The input key should be set to the intermediate fixed\-length pseudorandom key K returned from a previous extract operation. .Sp The digest, key and info values must be set before a key is derived or an error occurs. .PP -\&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 +\&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the HKDF. .PP \&\fBEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the buffer \fBsalt\fR. Any existing value is replaced. @@ -211,46 +136,46 @@ value. .SH "STRING CTRLS" .IX Header "STRING CTRLS" -\&\s-1HKDF\s0 also supports string based control operations via +HKDF also supports string based control operations via \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). -The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +The \fBtype\fR parameter "md" uses the supplied \fBvalue\fR as the name of the digest algorithm to use. -The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\*(R", -\&\*(L"EXTRACT_ONLY\*(R"\s0 and \*(L"\s-1EXPAND_ONLY\*(R"\s0 to determine the mode to use. -The \fBtype\fR parameters \*(L"salt\*(R", \*(L"key\*(R" and \*(L"info\*(R" use the supplied \fBvalue\fR +The \fBtype\fR parameter "mode" uses the values "EXTRACT_AND_EXPAND", +"EXTRACT_ONLY" and "EXPAND_ONLY" to determine the mode to use. +The \fBtype\fR parameters "salt", "key" and "info" use the supplied \fBvalue\fR parameter as a \fBseed\fR, \fBkey\fR or \fBinfo\fR value. -The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar except they take a hex +The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex string which is converted to binary. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A context for \s-1HKDF\s0 can be obtained by calling: +A context for HKDF can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); .Ve .PP The total length of the info buffer cannot exceed 2048 bytes in length: this -should be more than enough for any normal use of \s-1HKDF.\s0 +should be more than enough for any normal use of HKDF. .PP -The output length of an \s-1HKDF\s0 expand operation is specified via the length +The output length of an HKDF expand operation is specified via the length parameter to the \fBEVP_PKEY_derive\fR\|(3) function. -Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means -to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that +Since the HKDF output length is variable, passing a \fBNULL\fR buffer as a means +to obtain the requisite length is not meaningful with HKDF in any mode that performs an expand operation. Instead, the caller must allocate a buffer of the desired length, and pass that buffer to \fBEVP_PKEY_derive\fR\|(3) along with (a -pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain -the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.\s0 +pointer initialized to) the desired length. Passing a \fBNULL\fR buffer to obtain +the length is allowed when using EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY. .PP -Optimised versions of \s-1HKDF\s0 can be implemented in an \s-1ENGINE.\s0 +Optimised versions of HKDF can be implemented in an ENGINE. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", -salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +This example derives 10 bytes using SHA\-256 with the secret key "secret", +salt value "salt" and info value "label": .PP .Vb 4 \& EVP_PKEY_CTX *pctx; @@ -273,21 +198,21 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 5869\s0 +RFC 5869 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of the functions described here were converted from macros to functions in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_params.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_params.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_PARAMS 3ossl" -.TH EVP_PKEY_CTX_SET_PARAMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_SET_PARAMS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_set_params, EVP_PKEY_CTX_settable_params, EVP_PKEY_CTX_get_params, EVP_PKEY_CTX_gettable_params \&\- provider parameter passing operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,49 +79,51 @@ \& int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); \& const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBEVP_PKEY_CTX_get_params()\fR and \fBEVP_PKEY_CTX_set_params()\fR functions allow transfer of arbitrary key parameters to and from providers. Not all parameters may be supported by all providers. -See \s-1\fBOSSL_PROVIDER\s0\fR\|(3) for more information on providers. -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for more information on parameters. -These functions must only be called after the \s-1EVP_PKEY_CTX\s0 has been initialised +See \fBOSSL_PROVIDER\fR\|(3) for more information on providers. +The \fIparams\fR field is a pointer to a list of \fBOSSL_PARAM\fR structures, +terminated with a \fBOSSL_PARAM_END\fR\|(3) struct. +See \fBOSSL_PARAM\fR\|(3) for information about passing parameters. +These functions must only be called after the EVP_PKEY_CTX has been initialised for use in an operation. These methods replace the \fBEVP_PKEY_CTX_ctrl()\fR mechanism. (EVP_PKEY_CTX_ctrl now calls these methods internally to interact with providers). .PP \&\fBEVP_PKEY_CTX_gettable_params()\fR and \fBEVP_PKEY_CTX_settable_params()\fR get a -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the gettable and +constant \fBOSSL_PARAM\fR\|(3) array that describes the gettable and settable parameters for the current algorithm implementation, i.e. parameters that can be used with \fBEVP_PKEY_CTX_get_params()\fR and \fBEVP_PKEY_CTX_set_params()\fR respectively. -These functions must only be called after the \s-1EVP_PKEY_CTX\s0 has been initialised +These functions must only be called after the EVP_PKEY_CTX has been initialised for use in an operation. -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" -Examples of \s-1EVP_PKEY\s0 parameters include the following: +Examples of EVP_PKEY parameters include the following: .PP -\&\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7) -\&\*(L"Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7) -\&\*(L"Signature parameters\*(R" in \fBprovider\-signature\fR\|(7) +"Common parameters" in \fBprovider\-keymgmt\fR\|(7) +"Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7) +"Signature parameters" in \fBprovider\-signature\fR\|(7) .PP -\&\*(L"Common \s-1RSA\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7) -\&\*(L"\s-1RSA\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7) -\&\*(L"\s-1FFC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) -\&\*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) -\&\*(L"\s-1DSA\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7) -\&\*(L"\s-1DSA\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7) -\&\*(L"\s-1DH\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) -\&\*(L"\s-1DH\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) -\&\*(L"Common \s-1EC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) -\&\*(L"Common X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7) +"Common RSA parameters" in \fBEVP_PKEY\-RSA\fR\|(7) +"RSA key generation parameters" in \fBEVP_PKEY\-RSA\fR\|(7) +"FFC parameters" in \fBEVP_PKEY\-FFC\fR\|(7) +"FFC key generation parameters" in \fBEVP_PKEY\-FFC\fR\|(7) +"DSA parameters" in \fBEVP_PKEY\-DSA\fR\|(7) +"DSA key generation parameters" in \fBEVP_PKEY\-DSA\fR\|(7) +"DH parameters" in \fBEVP_PKEY\-DH\fR\|(7) +"DH key generation parameters" in \fBEVP_PKEY\-DH\fR\|(7) +"Common EC parameters" in \fBEVP_PKEY\-EC\fR\|(7) +"Common X25519, X448, ED25519 and ED448 parameters" in \fBEVP_PKEY\-X25519\fR\|(7) .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_CTX_set_params()\fR returns 1 for success or 0 otherwise. -\&\fBEVP_PKEY_CTX_settable_params()\fR returns an \s-1OSSL_PARAM\s0 array on success or \s-1NULL\s0 on +\&\fBEVP_PKEY_CTX_settable_params()\fR returns an OSSL_PARAM array on success or NULL on error. -It may also return \s-1NULL\s0 if there are no settable parameters available. +It may also return NULL if there are no settable parameters available. .PP All other functions and macros described on this page return a positive value for success and 0 or a negative value for failure. In particular a return value @@ -211,14 +138,14 @@ \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3), \&\fBEVP_PKEY_keygen\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3ossl" -.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_md_name, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen \&\- EVP_PKEY RSA\-PSS algorithm support functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,55 +87,55 @@ \& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, \& int saltlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These are the functions that implement \s-1\fBRSA\-PSS\s0\fR\|(7). +These are the functions that implement \fBRSA\-PSS\fR\|(7). .SS "Signing and Verification" .IX Subsection "Signing and Verification" The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is returned if an attempt is made to set the padding mode to anything other -than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. +than \fBPSS\fR. It is otherwise similar to the \fBRSA\fR version. .PP The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. If the key has usage restrictions then an error is returned if an attempt is made to set the salt length below the minimum value. It is otherwise similar -to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using -\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has +to the \fBRSA\fR operation except detection of the salt length (using +RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has usage restrictions. .PP The \fBEVP_PKEY_CTX_set_signature_md\fR\|(3) and \fBEVP_PKEY_CTX_set_rsa_mgf1_md\fR\|(3) -functions are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the +functions are used to set the digest and MGF1 algorithms respectively. If the key has usage restrictions then an error is returned if an attempt is made to set the digest to anything other than the restricted value. Otherwise these are -similar to the \fB\s-1RSA\s0\fR versions. +similar to the \fBRSA\fR versions. .SS "Key Generation" .IX Subsection "Key Generation" -As with \s-1RSA\s0 key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR -and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: -they have exactly the same meaning as for the \s-1RSA\s0 algorithm. +As with RSA key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR +and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA\-PSS: +they have exactly the same meaning as for the RSA algorithm. .PP -Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. +Optional parameter restrictions can be specified when generating a PSS key. If any restrictions are set (using the macros described below) then \fBall\fR parameters are restricted. For example, setting a minimum salt length also -restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in place +restricts the digest and MGF1 algorithms. If any restrictions are in place then they are reflected in the corresponding parameters of the public key when (for example) a certificate request is signed. .PP \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the generated key can use to \fImd\fR. \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md_name()\fR does the same thing, but -passes the algorithm by name rather than by \fB\s-1EVP_MD\s0\fR. +passes the algorithm by name rather than by \fBEVP_MD\fR. .PP -\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the MGF1 algorithm the generated key can use to \fImd\fR. \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name()\fR does the same thing, but -passes the algorithm by name rather than by \fB\s-1EVP_MD\s0\fR. +passes the algorithm by name rather than by \fBEVP_MD\fR. .PP \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length to \fIsaltlen\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: +A context for the \fBRSA\-PSS\fR algorithm can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); @@ -222,15 +147,15 @@ the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBRSA\-PSS\s0\fR\|(7), +\&\fBRSA\-PSS\fR\|(7), \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3ossl" -.TH EVP_PKEY_CTX_SET_SCRYPT_N 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes \&\- EVP_PKEY scrypt KDF support functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,11 +87,11 @@ \& int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, \& uint64_t maxmem); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions are used to set up the necessary data to use the -scrypt \s-1KDF.\s0 -For more information on scrypt, see \s-1\fBEVP_KDF\-SCRYPT\s0\fR\|(7). +scrypt KDF. +For more information on scrypt, see \fBEVP_KDF\-SCRYPT\fR\|(7). .PP \&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt value. @@ -174,26 +99,26 @@ \&\fBEVP_PKEY_CTX_set_scrypt_N()\fR, \fBEVP_PKEY_CTX_set_scrypt_r()\fR and \&\fBEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. .PP -\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key +\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much RAM key derivation may maximally use, given in bytes. -If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the +If RAM is exceeded because the load factors are chosen too high, the key derivation will fail. .SH "STRING CTRLS" .IX Header "STRING CTRLS" scrypt also supports string based control operations via \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR -parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. +parameter "salt" or in hex encoding by using the "hexsalt" parameter. The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be -set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxmem_bytes\*(R", +set by using the parameters "N", "r", "p" and "maxmem_bytes", respectively. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -There is a newer generic \s-1API\s0 for KDFs, \s-1\fBEVP_KDF\s0\fR\|(3), which is -preferred over the \s-1EVP_PKEY\s0 method. +There is a newer generic API for KDFs, \fBEVP_KDF\fR\|(3), which is +preferred over the EVP_PKEY method. .PP -The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as -the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". +The scrypt KDF also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as +the value from the string controls "pass" and "hexpass". See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -203,19 +128,19 @@ supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3) +\&\fBEVP_KDF\fR\|(3) \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of the functions described here were converted from macros to functions in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3ossl" -.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- TLS PRF key derivation algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,17 +78,17 @@ \& int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, \& unsigned char *seed, int seedlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for -\&\s-1TLS.\s0 It has no associated private key and only implements key derivation +The \fBEVP_PKEY_TLS1_PRF\fR algorithm implements the PRF key derivation function for +TLS. It has no associated private key and only implements key derivation using \fBEVP_PKEY_derive\fR\|(3). .PP \&\fBEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the -\&\s-1TLS PRF.\s0 \fBEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 -algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1. +TLS PRF. \fBEVP_md5_sha1()\fR is treated as a special case which uses the PRF +algorithm using both \fBMD5\fR and \fBSHA1\fR as used in TLS 1.0 and 1.1. .PP -\&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0 +\&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the TLS PRF to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced and any seed is reset. .PP @@ -171,17 +96,17 @@ If a seed is already set it is appended to the existing value. .SH "STRING CTRLS" .IX Header "STRING CTRLS" -The \s-1TLS PRF\s0 also supports string based control operations using +The TLS PRF also supports string based control operations using \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). -The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +The \fBtype\fR parameter "md" uses the supplied \fBvalue\fR as the name of the digest algorithm to use. -The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter +The \fBtype\fR parameters "secret" and "seed" use the supplied \fBvalue\fR parameter as a secret or seed value. -The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take a hex string +The names "hexsecret" and "hexseed" are similar except they take a hex string which is converted to binary. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A context for the \s-1TLS PRF\s0 can be obtained by calling: +A context for the TLS PRF can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); @@ -191,22 +116,22 @@ error occurs. .PP The total length of all seeds cannot exceed 1024 bytes in length: this should -be more than enough for any normal use of the \s-1TLS PRF.\s0 +be more than enough for any normal use of the TLS PRF. .PP -The output length of the \s-1PRF\s0 is specified by the length parameter in the +The output length of the PRF is specified by the length parameter in the \&\fBEVP_PKEY_derive()\fR function. Since the output length is variable, setting -the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS PRF.\s0 +the buffer to \fBNULL\fR is not meaningful for the TLS PRF. .PP -Optimised versions of the \s-1TLS PRF\s0 can be implemented in an \s-1ENGINE.\s0 +Optimised versions of the TLS PRF can be implemented in an ENGINE. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" -and seed value \*(L"seed\*(R": +This example derives 10 bytes using SHA\-256 with the secret key "secret" +and seed value "seed": .PP .Vb 3 \& EVP_PKEY_CTX *pctx; @@ -230,15 +155,15 @@ \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of the functions described here were converted from macros to functions in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_GET_COUNT 3ossl" -.TH EVP_PKEY_ASN1_GET_COUNT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_ASN1_GET_COUNT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info \&\- enumerate public key ASN.1 methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,53 +85,53 @@ \& const char **ppem_str, \& const EVP_PKEY_ASN1_METHOD *ameth); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_asn1_count()\fR returns a count of the number of public key -\&\s-1ASN.1\s0 methods available: it includes standard methods and any methods +ASN.1 methods available: it includes standard methods and any methods added by the application. .PP -\&\fBEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR. +\&\fBEVP_PKEY_asn1_get0()\fR returns the public key ASN.1 method \fBidx\fR. The value of \fBidx\fR must be between zero and \fBEVP_PKEY_asn1_get_count()\fR \&\- 1. .PP -\&\fBEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 +\&\fBEVP_PKEY_asn1_find()\fR looks up the \fBEVP_PKEY_ASN1_METHOD\fR with NID \&\fBtype\fR. -If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, +If \fBpe\fR isn\*(Aqt \fBNULL\fR, then it will look up an engine implementing a +\&\fBEVP_PKEY_ASN1_METHOD\fR for the NID \fBtype\fR and return that instead, and also set \fB*pe\fR to point at the engine that implements it. .PP -\&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 +\&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fBEVP_PKEY_ASN1_METHOD\fR with PEM type string \fBstr\fR. -Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will -look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 +Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn\*(Aqt \fBNULL\fR, then it will +look up an engine implementing a \fBEVP_PKEY_ASN1_METHOD\fR for the NID \&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the engine that implements it. .PP -\&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key -\&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string -associated with the public key \s-1ASN.1\s0 method \fB*ameth\fR. +\&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key ID, base public key +ID (both NIDs), any flags, the method description and PEM type string +associated with the public key ASN.1 method \fB*ameth\fR. .PP \&\fBEVP_PKEY_asn1_count()\fR, \fBEVP_PKEY_asn1_get0()\fR, \fBEVP_PKEY_asn1_find()\fR and \&\fBEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets +\&\fBEVP_PKEY_ASN1_METHOD\fR objects are added before the application gets threaded, using them is safe. See \fBEVP_PKEY_asn1_add0\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_asn1_count()\fR returns the number of available public key methods. .PP -\&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +\&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fBNULL\fR if \fBidx\fR is out of range. .PP \&\fBEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_check.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_check.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_CHECK 3ossl" -.TH EVP_PKEY_CHECK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_CHECK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_check, EVP_PKEY_param_check, EVP_PKEY_param_check_quick, EVP_PKEY_public_check, EVP_PKEY_public_check_quick, EVP_PKEY_private_check, EVP_PKEY_pairwise_check \&\- key and parameter validation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,7 +81,7 @@ \& int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_param_check()\fR validates the parameters component of the key given by \fBctx\fR. This check will always succeed for key types that do not have @@ -182,20 +107,25 @@ the correct mathematical relationship to each other for the key given by \fBctx\fR. .PP \&\fBEVP_PKEY_check()\fR is an alias for the \fBEVP_PKEY_pairwise_check()\fR function. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Key validation used by the OpenSSL \s-1FIPS\s0 provider complies with the rules -within \s-1SP800\-56A\s0 and \s-1SP800\-56B.\s0 For backwards compatibility reasons the OpenSSL +Key validation used by the OpenSSL FIPS provider complies with the rules +within SP800\-56A and SP800\-56B. For backwards compatibility reasons the OpenSSL default provider may use checks that are not as restrictive for certain key types. -For further information see \*(L"\s-1DSA\s0 key validation\*(R" in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), -\&\*(L"\s-1DH\s0 key validation\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \*(L"\s-1EC\s0 key validation\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) and -\&\*(L"\s-1RSA\s0 key validation\*(R" in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7). +For further information see "DSA key validation" in \fBEVP_PKEY\-DSA\fR\|(7), +"DH key validation" in \fBEVP_PKEY\-DH\fR\|(7), "EC key validation" in \fBEVP_PKEY\-EC\fR\|(7) and +"RSA key validation" in \fBEVP_PKEY\-RSA\fR\|(7). .PP -Refer to \s-1SP800\-56A\s0 and \s-1SP800\-56B\s0 for rules relating to when these functions +Refer to SP800\-56A and SP800\-56B for rules relating to when these functions should be called during key establishment. It is not necessary to call these functions after locally calling an approved key generation method, but may be required for assurance purposes when receiving keys from a third party. +.PP +The \fBEVP_PKEY_pairwise_check()\fR and \fBEVP_PKEY_private_check()\fR might not be bounded +by any key size limits as private keys are not expected to be supplied by +attackers. For that reason they might take an unbounded time if run on +arbitrarily large keys. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All functions return 1 for success or others for failure. @@ -204,23 +134,23 @@ .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_fromdata\fR\|(3), -\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-EC\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), -.SH "HISTORY" +\&\fBEVP_PKEY\-DH\fR\|(7), +\&\fBEVP_PKEY\-FFC\fR\|(7), +\&\fBEVP_PKEY\-DSA\fR\|(7), +\&\fBEVP_PKEY\-EC\fR\|(7), +\&\fBEVP_PKEY\-RSA\fR\|(7), +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added in OpenSSL 1.1.1. .PP \&\fBEVP_PKEY_param_check_quick()\fR, \fBEVP_PKEY_public_check_quick()\fR, \&\fBEVP_PKEY_private_check()\fR and \fBEVP_PKEY_pairwise_check()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2006\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_copy_parameters.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_copy_parameters.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_COPY_PARAMETERS 3ossl" -.TH EVP_PKEY_COPY_PARAMETERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_COPY_PARAMETERS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_missing_parameters, EVP_PKEY_copy_parameters, EVP_PKEY_parameters_eq, EVP_PKEY_cmp_parameters, EVP_PKEY_eq, EVP_PKEY_cmp \- public key parameter and comparison functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,18 +80,18 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); \& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm -doesn't use parameters. +doesn\*(Aqt use parameters. .PP The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key \&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in @@ -178,12 +103,12 @@ .PP The function \fBEVP_PKEY_eq()\fR checks the keys \fBa\fR and \fBb\fR for equality, including their parameters if they are available. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and \&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the parameters are sometimes omitted from a public key if they are inherited from -the \s-1CA\s0 that signed it. +the CA that signed it. .PP The deprecated functions \fBEVP_PKEY_cmp()\fR and \fBEVP_PKEY_cmp_parameters()\fR differ in their return values compared to other \fB_cmp()\fR functions. They are aliases for @@ -192,45 +117,45 @@ The function \fBEVP_PKEY_cmp()\fR previously only checked the key parameters (if there are any) and the public key, assuming that there always was a public key and that private key equality could be derived from that. -Because it's no longer assumed that the private key in an \s-1\fBEVP_PKEY\s0\fR\|(3) is +Because it\*(Aqs no longer assumed that the private key in an \fBEVP_PKEY\fR\|(3) is always accompanied by a public key, the comparison can not rely on public key comparison alone. .PP Instead, \fBEVP_PKEY_eq()\fR (and therefore also \fBEVP_PKEY_cmp()\fR) now compares: -.IP "1." 4 +.IP 1. 4 the key parameters (if there are any) -.IP "2." 4 -the public keys or the private keys of the two \fB\s-1EVP_PKEY\s0\fRs, depending on +.IP 2. 4 +the public keys or the private keys of the two \fBEVP_PKEY\fRs, depending on what they both contain. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm -doesn't use parameters. +doesn\*(Aqt use parameters. .PP These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for failure. .PP The functions \fBEVP_PKEY_cmp_parameters()\fR, \fBEVP_PKEY_parameters_eq()\fR, \&\fBEVP_PKEY_cmp()\fR and \fBEVP_PKEY_eq()\fR return 1 if their -inputs match, 0 if they don't match, \-1 if the key types are different and +inputs match, 0 if they don\*(Aqt match, \-1 if the key types are different and \&\-2 if the operation is not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_keygen\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_cmp()\fR and \fBEVP_PKEY_cmp_parameters()\fR functions were deprecated in OpenSSL 3.0. .PP The \fBEVP_PKEY_eq()\fR and \fBEVP_PKEY_parameters_eq()\fR were added in OpenSSL 3.0 to replace \fBEVP_PKEY_cmp()\fR and \fBEVP_PKEY_cmp_parameters()\fR. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_decapsulate.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_decapsulate.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_DECAPSULATE 3ossl" -.TH EVP_PKEY_DECAPSULATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_DECAPSULATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_decapsulate_init, EVP_PKEY_decapsulate \&\- Key decapsulation using a KEM algorithm with a private key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,7 +76,7 @@ \& unsigned char *unwrapped, size_t *unwrappedlen, \& const unsigned char *wrapped, size_t wrappedlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBEVP_PKEY_decapsulate_init()\fR function initializes a private key algorithm context \fIctx\fR for a decapsulation operation and then sets the \fIparams\fR @@ -162,22 +87,25 @@ The \fBEVP_PKEY_decapsulate()\fR function performs a private key decapsulation operation using \fIctx\fR. The data to be decapsulated is specified using the \&\fIwrapped\fR and \fIwrappedlen\fR parameters. -If \fIunwrapped\fR is \s-1NULL\s0 then the maximum size of the output secret buffer -is written to \fI*unwrappedlen\fR. If \fIunwrapped\fR is not \s-1NULL\s0 and the +If \fIunwrapped\fR is NULL then the size of the output secret buffer +is written to \fI*unwrappedlen\fR. If \fIunwrapped\fR is not NULL and the call is successful then the decapsulated secret data is written to \fIunwrapped\fR -and the amount of data written to \fI*unwrappedlen\fR. -.SH "NOTES" +and the amount of data written to \fI*unwrappedlen\fR. Note that, if \fIunwrappedlen\fR +is not NULL in this call, the value it points to must be initialised to the length of +\&\fIunwrapped\fR, so that the call can validate it is of sufficient size to hold the +result of the operation. +.SH NOTES .IX Header "NOTES" -After the call to \fBEVP_PKEY_decapsulate_init()\fR algorithm-specific parameters +After the call to \fBEVP_PKEY_decapsulate_init()\fR algorithm\-specific parameters for the operation may be set or modified using \fBEVP_PKEY_CTX_set_params\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_decapsulate_init()\fR and \fBEVP_PKEY_decapsulate()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the private key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Decapsulate data using \s-1RSA:\s0 +Decapsulate data using RSA: .PP .Vb 1 \& #include @@ -192,7 +120,7 @@ \& unsigned char *secret = NULL;; \& \& ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_priv_key, NULL); -\& if (ctx = NULL) +\& if (ctx == NULL) \& /* Error */ \& if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0) \& /* Error */ @@ -217,15 +145,15 @@ .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new_from_pkey\fR\|(3), \&\fBEVP_PKEY_encapsulate\fR\|(3), -\&\s-1\fBEVP_KEM\-RSA\s0\fR\|(7), -.SH "HISTORY" +\&\fBEVP_KEM\-RSA\fR\|(7), +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_DECRYPT 3ossl" -.TH EVP_PKEY_DECRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_DECRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_decrypt_init, EVP_PKEY_decrypt_init_ex, EVP_PKEY_decrypt \- decrypt using a public key algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& unsigned char *out, size_t *outlen, \& const unsigned char *in, size_t inlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm context using key \fIpkey\fR for a decryption operation. @@ -163,14 +88,14 @@ .PP The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation using \fIctx\fR. The data to be decrypted is specified using the \fIin\fR and -\&\fIinlen\fR parameters. If \fIout\fR is \s-1NULL\s0 then the minimum required size of +\&\fIinlen\fR parameters. If \fIout\fR is NULL then the minimum required size of the output buffer is written to the \fI*outlen\fR parameter. .PP -If \fIout\fR is not \s-1NULL\s0 then before the call the \fI*outlen\fR parameter must +If \fIout\fR is not NULL then before the call the \fI*outlen\fR parameter must contain the length of the \fIout\fR buffer. If the call is successful the decrypted data is written to \fIout\fR and the amount of the decrypted data written to \fI*outlen\fR, otherwise an error is returned. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the @@ -185,9 +110,9 @@ return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): +Decrypt data using OAEP (for RSA keys): .PP .Vb 2 \& #include @@ -233,14 +158,14 @@ \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_DERIVE 3ossl" -.TH EVP_PKEY_DERIVE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_DERIVE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_derive_init, EVP_PKEY_derive_init_ex, EVP_PKEY_derive_set_peer_ex, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \&\- derive public key algorithm shared secret -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,12 +79,12 @@ \& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); \& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_derive_init()\fR initializes a public key algorithm context \fIctx\fR for shared secret derivation using the algorithm given when the context was created using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to -fetch a \fB\s-1EVP_KEYEXCH\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) for +fetch a \fBEVP_KEYEXCH\fR method implicitly, see "Implicit fetch" in \fBprovider\fR\|(7) for more information about implicit fetches. .PP \&\fBEVP_PKEY_derive_init_ex()\fR is the same as \fBEVP_PKEY_derive_init()\fR but additionally @@ -173,12 +98,12 @@ \&\fIvalidate_peer\fR set to 1. .PP \&\fBEVP_PKEY_derive()\fR derives a shared secret using \fIctx\fR. -If \fIkey\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to the -\&\fIkeylen\fR parameter. If \fIkey\fR is not \s-1NULL\s0 then before the call the \fIkeylen\fR +If \fIkey\fR is NULL then the maximum size of the output buffer is written to the +\&\fIkeylen\fR parameter. If \fIkey\fR is not NULL then before the call the \fIkeylen\fR parameter should contain the length of the \fIkey\fR buffer, if the call is successful the shared secret is written to \fIkey\fR and the amount of data written to \fIkeylen\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" After the call to \fBEVP_PKEY_derive_init()\fR, algorithm specific control operations can be performed to set any appropriate parameters @@ -192,9 +117,9 @@ for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): +Derive shared secret (for example DH or EC keys): .PP .Vb 2 \& #include @@ -238,18 +163,18 @@ \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_KEYEXCH_fetch\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_derive_init()\fR, \fBEVP_PKEY_derive_set_peer()\fR and \fBEVP_PKEY_derive()\fR functions were originally added in OpenSSL 1.0.0. .PP The \fBEVP_PKEY_derive_init_ex()\fR and \fBEVP_PKEY_derive_set_peer_ex()\fR functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_digestsign_supports_digest.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_digestsign_supports_digest.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_DIGESTSIGN_SUPPORTS_DIGEST 3ossl" -.TH EVP_PKEY_DIGESTSIGN_SUPPORTS_DIGEST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_DIGESTSIGN_SUPPORTS_DIGEST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_digestsign_supports_digest \- indicate support for signature digest -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 3 \& #include \& int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, \& const char *name, const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBEVP_PKEY_digestsign_supports_digest()\fR function queries whether the message digest \fIname\fR is supported for public key signature operations associated with @@ -162,14 +87,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestSignInit_ex\fR\|(3), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_digestsign_supports_digest()\fR function was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_encapsulate.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_encapsulate.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_ENCAPSULATE 3ossl" -.TH EVP_PKEY_ENCAPSULATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_ENCAPSULATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_encapsulate_init, EVP_PKEY_encapsulate \&\- Key encapsulation using a KEM algorithm with a public key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,7 +76,7 @@ \& unsigned char *wrappedkey, size_t *wrappedkeylen, \& unsigned char *genkey, size_t *genkeylen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBEVP_PKEY_encapsulate_init()\fR function initializes a public key algorithm context \fIctx\fR for an encapsulation operation and then sets the \fIparams\fR @@ -165,26 +90,29 @@ The ciphertext in \fIwrappedkey\fR is its encapsulated form, which can be sent to another party, who can use \fBEVP_PKEY_decapsulate\fR\|(3) to retrieve it using their private key. -If \fIwrappedkey\fR is \s-1NULL\s0 then the maximum size of the output buffer -is written to the \fI*wrappedkeylen\fR parameter unless \fIwrappedkeylen\fR is \s-1NULL\s0 +If \fIwrappedkey\fR is NULL then the maximum size of the output buffer +is written to the \fI*wrappedkeylen\fR parameter unless \fIwrappedkeylen\fR is NULL and the maximum size of the generated key buffer is written to \fI*genkeylen\fR -unless \fIgenkeylen\fR is \s-1NULL.\s0 -If \fIwrappedkey\fR is not \s-1NULL\s0 and the call is successful then the +unless \fIgenkeylen\fR is NULL. +If \fIwrappedkey\fR is not NULL and the call is successful then the internally generated key is written to \fIgenkey\fR and its size is written to \&\fI*genkeylen\fR. The encapsulated version of the generated key is written to -\&\fIwrappedkey\fR and its size is written to \fI*wrappedkeylen\fR. -.SH "NOTES" +\&\fIwrappedkey\fR and its size is written to \fI*wrappedkeylen\fR. Note that if +\&\fIwrappedlen\fR is not NULL, then the value it points to must initially hold the size of +the \fIunwrapped\fR buffer so that its size can be validated by the call, ensuring +it is large enough to hold the result written to \fIwrapped\fR. +.SH NOTES .IX Header "NOTES" -After the call to \fBEVP_PKEY_encapsulate_init()\fR algorithm-specific parameters +After the call to \fBEVP_PKEY_encapsulate_init()\fR algorithm\-specific parameters for the operation may be set or modified using \fBEVP_PKEY_CTX_set_params\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_encapsulate_init()\fR and \fBEVP_PKEY_encapsulate()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Encapsulate an \s-1RSASVE\s0 key (for \s-1RSA\s0 keys). +Encapsulate an RSASVE key (for RSA keys). .PP .Vb 1 \& #include @@ -198,7 +126,7 @@ \& unsigned char *out = NULL, *secret = NULL; \& \& ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_pub_key, NULL); -\& if (ctx = NULL) +\& if (ctx == NULL) \& /* Error */ \& if (EVP_PKEY_encapsulate_init(ctx, NULL) <= 0) \& /* Error */ @@ -227,15 +155,15 @@ .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new_from_pkey\fR\|(3), \&\fBEVP_PKEY_decapsulate\fR\|(3), -\&\s-1\fBEVP_KEM\-RSA\s0\fR\|(7), -.SH "HISTORY" +\&\fBEVP_KEM\-RSA\fR\|(7), +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_ENCRYPT 3ossl" -.TH EVP_PKEY_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_ENCRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_encrypt_init_ex, EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& unsigned char *out, size_t *outlen, \& const unsigned char *in, size_t inlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for an encryption operation. @@ -163,12 +88,12 @@ .PP The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and -\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output -buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +\&\fBinlen\fR parameters. If \fBout\fR is \fBNULL\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fBNULL\fR then before the call the \fBoutlen\fR parameter should contain the length of the \&\fBout\fR buffer, if the call is successful the encrypted data is written to \&\fBout\fR and the amount of data written to \fBoutlen\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the @@ -183,11 +108,11 @@ return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or +Encrypt data using OAEP (for RSA keys). See also \fBPEM_read_PUBKEY\fR\|(3) or \&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply -set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: +set \*(Aqeng = NULL;\*(Aq to start with the default OpenSSL RSA implementation: .PP .Vb 3 \& #include @@ -236,14 +161,14 @@ \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_fromdata.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_fromdata.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_FROMDATA 3ossl" -.TH EVP_PKEY_FROMDATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_FROMDATA 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_fromdata_init, EVP_PKEY_fromdata, EVP_PKEY_fromdata_settable \&\- functions to create keys and key parameters from user data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,58 +76,58 @@ \& OSSL_PARAM params[]); \& const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functions described here are used to create new keys from user -provided key data, such as \fIn\fR, \fIe\fR and \fId\fR for a minimal \s-1RSA\s0 +provided key data, such as \fIn\fR, \fIe\fR and \fId\fR for a minimal RSA keypair. .PP -These functions use an \fB\s-1EVP_PKEY_CTX\s0\fR context, which should primarily +These functions use an \fBEVP_PKEY_CTX\fR context, which should primarily be created with \fBEVP_PKEY_CTX_new_from_name\fR\|(3) or \&\fBEVP_PKEY_CTX_new_id\fR\|(3). .PP The exact key data that the user can pass depends on the key type. -These are passed as an \s-1\fBOSSL_PARAM\s0\fR\|(3) array. +These are passed as an \fBOSSL_PARAM\fR\|(3) array. .PP \&\fBEVP_PKEY_fromdata_init()\fR initializes a public key algorithm context for creating a key or key parameters from user data. .PP \&\fBEVP_PKEY_fromdata()\fR creates the structure to store a key or key parameters, -given data from \fIparams\fR, \fIselection\fR and a context that's been initialized +given data from \fIparams\fR, \fIselection\fR and a context that\*(Aqs been initialized with \fBEVP_PKEY_fromdata_init()\fR. The result is written to \fI*ppkey\fR. -\&\fIselection\fR is described in \*(L"Selections\*(R". +\&\fIselection\fR is described in "Selections". The parameters that can be used for various types of key are as described by the -diverse \*(L"Common parameters\*(R" sections of the -\&\fB\s-1EVP_PKEY\-RSA\s0\fR(7), -\&\fB\s-1EVP_PKEY\-DSA\s0\fR(7), -\&\fB\s-1EVP_PKEY\-DH\s0\fR(7), -\&\fB\s-1EVP_PKEY\-EC\s0\fR(7), -\&\fB\s-1EVP_PKEY\-ED448\s0\fR(7), -\&\fB\s-1EVP_PKEY\-X25519\s0\fR(7), -\&\fB\s-1EVP_PKEY\-X448\s0\fR(7), -and \fB\s-1EVP_PKEY\-ED25519\s0\fR(7) pages. +diverse "Common parameters" sections of the +\&\fBEVP_PKEY\-RSA\fR(7), +\&\fBEVP_PKEY\-DSA\fR(7), +\&\fBEVP_PKEY\-DH\fR(7), +\&\fBEVP_PKEY\-EC\fR(7), +\&\fBEVP_PKEY\-ED448\fR(7), +\&\fBEVP_PKEY\-X25519\fR(7), +\&\fBEVP_PKEY\-X448\fR(7), +and \fBEVP_PKEY\-ED25519\fR(7) pages. .PP -\&\fBEVP_PKEY_fromdata_settable()\fR gets a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes +\&\fBEVP_PKEY_fromdata_settable()\fR gets a constant \fBOSSL_PARAM\fR\|(3) array that describes the settable parameters that can be used with \fBEVP_PKEY_fromdata()\fR. -\&\fIselection\fR is described in \*(L"Selections\*(R". +\&\fIselection\fR is described in "Selections". .PP Parameters in the \fIparams\fR array that are not among the settable parameters for the given \fIselection\fR are ignored. -.SS "Selections" +.SS Selections .IX Subsection "Selections" The following constants can be used for \fIselection\fR: -.IP "\fB\s-1EVP_PKEY_KEY_PARAMETERS\s0\fR" 4 +.IP \fBEVP_PKEY_KEY_PARAMETERS\fR 4 .IX Item "EVP_PKEY_KEY_PARAMETERS" Only key parameters will be selected. -.IP "\fB\s-1EVP_PKEY_PUBLIC_KEY\s0\fR" 4 +.IP \fBEVP_PKEY_PUBLIC_KEY\fR 4 .IX Item "EVP_PKEY_PUBLIC_KEY" Only public key components will be selected. This includes optional key parameters. -.IP "\fB\s-1EVP_PKEY_KEYPAIR\s0\fR" 4 +.IP \fBEVP_PKEY_KEYPAIR\fR 4 .IX Item "EVP_PKEY_KEYPAIR" Any keypair components will be selected. This includes the private key, public key and key parameters. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions only work with key management methods coming from a provider. This is the mirror function to \fBEVP_PKEY_todata\fR\|(3). @@ -211,13 +136,13 @@ \&\fBEVP_PKEY_fromdata_init()\fR and \fBEVP_PKEY_fromdata()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" These examples are very terse for the sake of staying on topic, which is the \fBEVP_PKEY_fromdata()\fR set of functions. In real applications, BIGNUMs would be handled and converted to byte arrays with -\&\fBBN_bn2nativepad()\fR, but that's off topic here. -.SS "Creating an \s-1RSA\s0 keypair using raw key data" +\&\fBBN_bn2nativepad()\fR, but that\*(Aqs off topic here. +.SS "Creating an RSA keypair using raw key data" .IX Subsection "Creating an RSA keypair using raw key data" .Vb 1 \& #include @@ -251,7 +176,7 @@ \& /* Do what you want with |pkey| */ \& } .Ve -.SS "Creating an \s-1ECC\s0 keypair using raw key data" +.SS "Creating an ECC keypair using raw key data" .IX Subsection "Creating an ECC keypair using raw key data" .Vb 3 \& #include @@ -369,24 +294,24 @@ \& } .Ve .PP -The descriptor \s-1\fBOSSL_PARAM\s0\fR\|(3) returned by +The descriptor \fBOSSL_PARAM\fR\|(3) returned by \&\fBEVP_PKEY_fromdata_settable()\fR may also be used programmatically, for example with \fBOSSL_PARAM_allocate_from_text\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \fBprovider\fR\|(7), \fBEVP_PKEY_gettable_params\fR\|(3), -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), \fBEVP_PKEY_todata\fR\|(3), -\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-ED448\s0\fR\|(7), \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7), \s-1\fBEVP_PKEY\-X448\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-ED25519\s0\fR\|(7) -.SH "HISTORY" +\&\fBOSSL_PARAM\fR\|(3), \fBEVP_PKEY_todata\fR\|(3), +\&\fBEVP_PKEY\-RSA\fR\|(7), \fBEVP_PKEY\-DSA\fR\|(7), \fBEVP_PKEY\-DH\fR\|(7), \fBEVP_PKEY\-EC\fR\|(7), +\&\fBEVP_PKEY\-ED448\fR\|(7), \fBEVP_PKEY\-X25519\fR\|(7), \fBEVP_PKEY\-X448\fR\|(7), +\&\fBEVP_PKEY\-ED25519\fR\|(7) +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- /dev/null +++ secure/lib/libcrypto/man/man3/EVP_PKEY_get_attr.3 @@ -0,0 +1,169 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GET_ATTR 3ossl" +.TH EVP_PKEY_GET_ATTR 3ossl 2026-04-07 3.0.20 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +EVP_PKEY_get_attr, +EVP_PKEY_get_attr_count, +EVP_PKEY_get_attr_by_NID, EVP_PKEY_get_attr_by_OBJ, +EVP_PKEY_delete_attr, +EVP_PKEY_add1_attr, +EVP_PKEY_add1_attr_by_OBJ, EVP_PKEY_add1_attr_by_NID, EVP_PKEY_add1_attr_by_txt +\&\- EVP_PKEY X509_ATTRIBUTE functions +.SH SYNOPSIS +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +\& int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +\& int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, +\& int lastpos); +\& X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +\& X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +\& int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +\& int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, +\& const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len); +\& int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, +\& int nid, int type, +\& const unsigned char *bytes, int len); +\& int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, +\& const char *attrname, int type, +\& const unsigned char *bytes, int len); +.Ve +.SH DESCRIPTION +.IX Header "DESCRIPTION" +These functions are used by \fBPKCS12\fR. +.PP +\&\fBEVP_PKEY_get_attr_by_OBJ()\fR finds the location of the first matching object \fIobj\fR +in the \fIkey\fR attribute list. The search starts at the position after \fIlastpos\fR. +If the returned value is positive then it can be used on the next call to +\&\fBEVP_PKEY_get_attr_by_OBJ()\fR as the value of \fIlastpos\fR in order to iterate through +the remaining attributes. \fIlastpos\fR can be set to any negative value on the +first call, in order to start searching from the start of the attribute list. +.PP +\&\fBEVP_PKEY_get_attr_by_NID()\fR is similar to \fBEVP_PKEY_get_attr_by_OBJ()\fR except that +it passes the numerical identifier (NID) \fInid\fR associated with the object. +See for a list of NID_*. +.PP +\&\fBEVP_PKEY_get_attr()\fR returns the \fBX509_ATTRIBUTE\fR object at index \fIloc\fR in the +\&\fIkey\fR attribute list. \fIloc\fR should be in the range from 0 to +\&\fBEVP_PKEY_get_attr_count()\fR \- 1. +.PP +\&\fBEVP_PKEY_delete_attr()\fR removes the \fBX509_ATTRIBUTE\fR object at index \fIloc\fR in +the \fIkey\fR attribute list. +.PP +\&\fBEVP_PKEY_add1_attr()\fR pushes a copy of the passed in \fBX509_ATTRIBUTE\fR object +to the \fIkey\fR attribute list. A new \fIkey\fR attribute list is created if required. +An error occurs if either \fIattr\fR is NULL, or the attribute already exists. +.PP +\&\fBEVP_PKEY_add1_attr_by_OBJ()\fR creates a new \fBX509_ATTRIBUTE\fR using +\&\fBX509_ATTRIBUTE_set1_object()\fR and \fBX509_ATTRIBUTE_set1_data()\fR to assign a new +\&\fIobj\fR with type \fItype\fR and data \fIbytes\fR of length \fIlen\fR and then pushes it +to the \fIkey\fR object\*(Aqs attribute list. If \fIobj\fR already exists in the attribute +list then an error occurs. +.PP +\&\fBEVP_PKEY_add1_attr_by_NID()\fR is similar to \fBEVP_PKEY_add1_attr_by_OBJ()\fR except +that it passes the numerical identifier (NID) \fInid\fR associated with the object. +See for a list of NID_*. +.PP +\&\fBEVP_PKEY_add1_attr_by_txt()\fR is similar to \fBEVP_PKEY_add1_attr_by_OBJ()\fR except +that it passes a name \fIattrname\fR associated with the object. +See for a list of SN_* names. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_get_attr_count()\fR returns the number of attributes in the \fIkey\fR object +attribute list or \-1 if the attribute list is NULL. +.PP +\&\fBEVP_PKEY_get_attr_by_OBJ()\fR returns \-1 if either the list is empty OR the object +is not found, otherwise it returns the location of the object in the list. +.PP +\&\fBEVP_PKEY_get_attr_by_NID()\fR is similar to \fBEVP_PKEY_get_attr_by_OBJ()\fR, except that +it returns \-2 if the \fInid\fR is not known by OpenSSL. +.PP +\&\fBEVP_PKEY_get_attr()\fR returns either a \fBX509_ATTRIBUTE\fR or NULL if there is a +error. +.PP +\&\fBEVP_PKEY_delete_attr()\fR returns either the removed \fBX509_ATTRIBUTE\fR or NULL if +there is a error. +.PP +\&\fBEVP_PKEY_add1_attr()\fR, \fBEVP_PKEY_add1_attr_by_OBJ()\fR, \fBEVP_PKEY_add1_attr_by_NID()\fR +and \fBEVP_PKEY_add1_attr_by_txt()\fR return 1 on success or 0 otherwise. +.SH NOTES +.IX Header "NOTES" +A \fBEVP_PKEY\fR object\*(Aqs attribute list is initially NULL. All the above functions +listed will return an error unless \fBEVP_PKEY_add1_attr()\fR is called. +All functions listed assume that the \fIkey\fR is not NULL. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_ATTRIBUTE\fR\|(3) +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2023\-2024 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +. --- secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3ossl" -.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name \&\- get default signature digest -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,25 +75,25 @@ \& char *mdname, size_t mdname_sz); \& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_get_default_digest_name()\fR fills in the default message digest name for the public key signature operations associated with key \&\fIpkey\fR into \fImdname\fR, up to at most \fImdname_sz\fR bytes including the -ending \s-1NUL\s0 byte. The name could be \f(CW"UNDEF"\fR, signifying that a digest +ending NUL byte. The name could be \f(CW"UNDEF"\fR, signifying that a digest must (for return value 2) or may (for return value 1) be left unspecified. .PP \&\fBEVP_PKEY_get_default_digest_nid()\fR sets \fIpnid\fR to the default message -digest \s-1NID\s0 for the public key signature operations associated with key +digest NID for the public key signature operations associated with key \&\fIpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use a digest during signing. In this case \fIpnid\fR will be set to NID_undef. This function is only reliable for legacy keys, which -are keys with a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR; these keys have typically +are keys with a \fBEVP_PKEY_ASN1_METHOD\fR; these keys have typically been loaded from engines, or created with \fBEVP_PKEY_assign_RSA\fR\|(3) or similar. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -For all current standard OpenSSL public key algorithms \s-1SHA256\s0 is returned. +For all current standard OpenSSL public key algorithms SHA256 is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_get_default_digest_name()\fR and \fBEVP_PKEY_get_default_digest_nid()\fR @@ -184,14 +109,14 @@ \&\fBEVP_PKEY_digestsign_supports_digest\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_get_field_type.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_get_field_type.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_GET_FIELD_TYPE 3ossl" -.TH EVP_PKEY_GET_FIELD_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_GET_FIELD_TYPE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_get_field_type, EVP_PKEY_get_ec_point_conv_form \- get field type or point conversion form of a key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,37 +74,37 @@ \& int EVP_PKEY_get_field_type(const EVP_PKEY *pkey); \& int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBEVP_PKEY_get_field_type()\fR returns the field type \s-1NID\s0 of the \fIpkey\fR, if -\&\fIpkey\fR's key type supports it. The types currently supported -by the built-in OpenSSL providers are either \fBNID_X9_62_prime_field\fR +\&\fBEVP_PKEY_get_field_type()\fR returns the field type NID of the \fIpkey\fR, if +\&\fIpkey\fR\*(Aqs key type supports it. The types currently supported +by the built\-in OpenSSL providers are either \fBNID_X9_62_prime_field\fR for prime curves or \fBNID_X9_62_characteristic_two_field\fR for binary curves; these values are defined in the \fI\fR header file. .PP \&\fBEVP_PKEY_get_ec_point_conv_form()\fR returns the point conversion format -of the \fIpkey\fR, if \fIpkey\fR's key type supports it. -.SH "NOTES" +of the \fIpkey\fR, if \fIpkey\fR\*(Aqs key type supports it. +.SH NOTES .IX Header "NOTES" -Among the standard OpenSSL key types, this is only supported for \s-1EC\s0 and -\&\s-1SM2\s0 keys. Other providers may support this for additional key types. +Among the standard OpenSSL key types, this is only supported for EC and +SM2 keys. Other providers may support this for additional key types. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_get_field_type()\fR returns the field type \s-1NID\s0 or 0 on error. +\&\fBEVP_PKEY_get_field_type()\fR returns the field type NID or 0 on error. .PP \&\fBEVP_PKEY_get_ec_point_conv_form()\fR returns the point conversion format number (see \fBEC_GROUP_copy\fR\|(3)) or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEC_GROUP_copy\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_get_group_name.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_get_group_name.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_GET_GROUP_NAME 3ossl" -.TH EVP_PKEY_GET_GROUP_NAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_GET_GROUP_NAME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_get_group_name \- get group name of a key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,30 +73,30 @@ \& int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, \& size_t *gname_len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_get_group_name()\fR fills in the group name of the \fIpkey\fR into -\&\fIgname\fR, up to at most \fIgname_sz\fR bytes including the ending \s-1NUL\s0 byte +\&\fIgname\fR, up to at most \fIgname_sz\fR bytes including the ending NUL byte and assigns \fI*gname_len\fR the actual length of the name not including -the \s-1NUL\s0 byte, if \fIpkey\fR's key type supports it. -\&\fIgname\fR as well as \fIgname_len\fR may individually be \s-1NULL,\s0 and won't be +the NUL byte, if \fIpkey\fR\*(Aqs key type supports it. +\&\fIgname\fR as well as \fIgname_len\fR may individually be NULL, and won\*(Aqt be filled in or assigned in that case. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Among the standard OpenSSL key types, this is only supported for \s-1DH, EC\s0 and -\&\s-1SM2\s0 keys. Other providers may support this for additional key types. +Among the standard OpenSSL key types, this is only supported for DH, EC and +SM2 keys. Other providers may support this for additional key types. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_get_group_name()\fR returns 1 if the group name could be filled in, otherwise 0. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This function was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_get_size.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_get_size.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_GET_SIZE 3ossl" -.TH EVP_PKEY_GET_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_GET_SIZE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_get_size, EVP_PKEY_get_bits, EVP_PKEY_get_security_bits, EVP_PKEY_bits, EVP_PKEY_security_bits, EVP_PKEY_size \&\- EVP_PKEY information functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,17 +80,17 @@ \& #define EVP_PKEY_security_bits EVP_PKEY_get_security_bits \& #define EVP_PKEY_size EVP_PKEY_get_size .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_get_size()\fR returns the maximum suitable size for the output buffers for almost all operations that can be done with \fIpkey\fR. The primary documented use is with \fBEVP_SignFinal\fR\|(3) and -\&\fBEVP_SealInit\fR\|(3), but it isn't limited there. The returned size is +\&\fBEVP_SealInit\fR\|(3), but it isn\*(Aqt limited there. The returned size is also large enough for the output buffer of \fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \fBEVP_PKEY_decrypt\fR\|(3), \fBEVP_PKEY_derive\fR\|(3). .PP It must be stressed that, unless the documentation for the operation -that's being performed says otherwise, the size returned by +that\*(Aqs being performed says otherwise, the size returned by \&\fBEVP_PKEY_get_size()\fR is only preliminary and not exact, so the final contents of the target buffer may be smaller. It is therefore crucial to take note of the size given back by the function that performs the @@ -177,27 +102,27 @@ of cryptographic length is specific to the key cryptosystem. .PP \&\fBEVP_PKEY_get_security_bits()\fR returns the number of security bits of the given -\&\fIpkey\fR, bits of security is defined in \s-1NIST SP800\-57.\s0 +\&\fIpkey\fR, bits of security is defined in NIST SP800\-57. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_get_size()\fR, \fBEVP_PKEY_get_bits()\fR and \fBEVP_PKEY_get_security_bits()\fR -return a positive number, or 0 if this size isn't available. -.SH "NOTES" +return a positive number, or 0 if this size isn\*(Aqt available. +.SH NOTES .IX Header "NOTES" Most functions that have an output buffer and are mentioned with -\&\fBEVP_PKEY_get_size()\fR have a functionality where you can pass \s-1NULL\s0 for the +\&\fBEVP_PKEY_get_size()\fR have a functionality where you can pass NULL for the buffer and still pass a pointer to an integer and get the exact size -that this function call delivers in the context that it's called in. +that this function call delivers in the context that it\*(Aqs called in. This allows those functions to be called twice, once to find out the exact buffer size, then allocate the buffer in between, and call that function again actually output the data. For those functions, it -isn't strictly necessary to call \fBEVP_PKEY_get_size()\fR to find out the -buffer size, but may be useful in cases where it's desirable to know +isn\*(Aqt strictly necessary to call \fBEVP_PKEY_get_size()\fR to find out the +buffer size, but may be useful in cases where it\*(Aqs desirable to know the upper limit in advance. .PP -It should also be especially noted that \fBEVP_PKEY_get_size()\fR shouldn't be +It should also be especially noted that \fBEVP_PKEY_get_size()\fR shouldn\*(Aqt be used to get the output size for \fBEVP_DigestSignFinal()\fR, according to -\&\*(L"\s-1NOTES\*(R"\s0 in \fBEVP_DigestSignFinal\fR\|(3). +"NOTES" in \fBEVP_DigestSignFinal\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_SignFinal\fR\|(3), @@ -206,16 +131,16 @@ \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_bits()\fR, \fBEVP_PKEY_security_bits()\fR, and \fBEVP_PKEY_size()\fR functions were renamed to include \f(CW\*(C`get\*(C'\fR in their names in OpenSSL 3.0, respectively. -The old names are kept as non-deprecated alias macros. -.SH "COPYRIGHT" +The old names are kept as non\-deprecated alias macros. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_gettable_params.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_gettable_params.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_GETTABLE_PARAMS 3ossl" -.TH EVP_PKEY_GETTABLE_PARAMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_GETTABLE_PARAMS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_gettable_params, EVP_PKEY_get_params, EVP_PKEY_get_int_param, EVP_PKEY_get_size_t_param, EVP_PKEY_get_bn_param, EVP_PKEY_get_utf8_string_param, EVP_PKEY_get_octet_string_param \&\- retrieve key parameters from a key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -164,9 +89,9 @@ \& unsigned char *buf, size_t max_buf_sz, \& size_t *out_len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about parameters. +See \fBOSSL_PARAM\fR\|(3) for information about parameters. .PP \&\fBEVP_PKEY_get_params()\fR retrieves parameters from the key \fIpkey\fR, according to the contents of \fIparams\fR. @@ -174,8 +99,8 @@ \&\fBEVP_PKEY_gettable_params()\fR returns a constant list of \fIparams\fR indicating the names and types of key parameters that can be retrieved. .PP -An \s-1\fBOSSL_PARAM\s0\fR\|(3) of type \fB\s-1OSSL_PARAM_INTEGER\s0\fR or -\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR is of arbitrary length. Such a parameter can be +An \fBOSSL_PARAM\fR\|(3) of type \fBOSSL_PARAM_INTEGER\fR or +\&\fBOSSL_PARAM_UNSIGNED_INTEGER\fR is of arbitrary length. Such a parameter can be obtained using any of the functions \fBEVP_PKEY_get_int_param()\fR, \&\fBEVP_PKEY_get_size_t_param()\fR or \fBEVP_PKEY_get_bn_param()\fR. Attempting to obtain an integer value that does not fit into a native C \fBint\fR type will cause @@ -191,38 +116,38 @@ associated with a name of \fIkey_name\fR if it fits into \f(CW\*(C`size_t\*(C'\fR type. For parameters that do not fit into \f(CW\*(C`size_t\*(C'\fR use \fBEVP_PKEY_get_bn_param()\fR. .PP -\&\fBEVP_PKEY_get_bn_param()\fR retrieves a key \fIpkey\fR \s-1BIGNUM\s0 value \fI**bn\fR -associated with a name of \fIkey_name\fR. If \fI*bn\fR is \s-1NULL\s0 then the \s-1BIGNUM\s0 +\&\fBEVP_PKEY_get_bn_param()\fR retrieves a key \fIpkey\fR BIGNUM value \fI**bn\fR +associated with a name of \fIkey_name\fR. If \fI*bn\fR is NULL then the BIGNUM is allocated by the method. .PP -\&\fBEVP_PKEY_get_utf8_string_param()\fR get a key \fIpkey\fR \s-1UTF8\s0 string value into a +\&\fBEVP_PKEY_get_utf8_string_param()\fR get a key \fIpkey\fR UTF8 string value into a buffer \fIstr\fR of maximum size \fImax_buf_sz\fR associated with a name of \&\fIkey_name\fR. The maximum size must be large enough to accommodate the string -value including a terminating \s-1NUL\s0 byte, or this function will fail. -If \fIout_len\fR is not \s-1NULL,\s0 \fI*out_len\fR is set to the length of the string -not including the terminating \s-1NUL\s0 byte. The required buffer size not including -the terminating \s-1NUL\s0 byte can be obtained from \fI*out_len\fR by calling the -function with \fIstr\fR set to \s-1NULL.\s0 +value including a terminating NUL byte, or this function will fail. +If \fIout_len\fR is not NULL, \fI*out_len\fR is set to the length of the string +not including the terminating NUL byte. The required buffer size not including +the terminating NUL byte can be obtained from \fI*out_len\fR by calling the +function with \fIstr\fR set to NULL. .PP -\&\fBEVP_PKEY_get_octet_string_param()\fR get a key \fIpkey\fR's octet string value into a +\&\fBEVP_PKEY_get_octet_string_param()\fR get a key \fIpkey\fR\*(Aqs octet string value into a buffer \fIbuf\fR of maximum size \fImax_buf_sz\fR associated with a name of \fIkey_name\fR. -If \fIout_len\fR is not \s-1NULL,\s0 \fI*out_len\fR is set to the length of the contents. +If \fIout_len\fR is not NULL, \fI*out_len\fR is set to the length of the contents. The required buffer size can be obtained from \fI*out_len\fR by calling the -function with \fIbuf\fR set to \s-1NULL.\s0 -.SH "NOTES" +function with \fIbuf\fR set to NULL. +.SH NOTES .IX Header "NOTES" -These functions only work for \fB\s-1EVP_PKEY\s0\fRs that contain a provider side key. +These functions only work for \fBEVP_PKEY\fRs that contain a provider side key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_gettable_params()\fR returns \s-1NULL\s0 on error or if it is not supported. +\&\fBEVP_PKEY_gettable_params()\fR returns NULL on error or if it is not supported. .PP -All other methods return 1 if a value associated with the key's \fIkey_name\fR was +All other methods return 1 if a value associated with the key\*(Aqs \fIkey_name\fR was successfully returned, or 0 if there was an error. An error may be returned by methods \fBEVP_PKEY_get_utf8_string_param()\fR and \&\fBEVP_PKEY_get_octet_string_param()\fR if \fImax_buf_sz\fR is not big enough to hold the -value. If \fIout_len\fR is not \s-1NULL,\s0 \fI*out_len\fR will be assigned the required +value. If \fIout_len\fR is not NULL, \fI*out_len\fR will be assigned the required buffer size to hold the value. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 1 \& #include @@ -252,15 +177,15 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), \fBprovider\-keymgmt\fR\|(7), \s-1\fBOSSL_PARAM\s0\fR\|(3) -.SH "HISTORY" +\&\fBEVP_PKEY_CTX_new\fR\|(3), \fBprovider\-keymgmt\fR\|(7), \fBOSSL_PARAM\fR\|(3) +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_is_a.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_is_a.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_IS_A 3ossl" -.TH EVP_PKEY_IS_A 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_IS_A 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_is_a, EVP_PKEY_can_sign, EVP_PKEY_type_names_do_all, EVP_PKEY_get0_type_name, EVP_PKEY_get0_description, EVP_PKEY_get0_provider \&\- key type and capabilities functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,7 +81,7 @@ \& const char *EVP_PKEY_get0_description(const EVP_PKEY *key); \& const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_is_a()\fR checks if the key type of \fIpkey\fR is \fIname\fR. .PP @@ -164,8 +89,8 @@ \&\fIpkey\fR supports signing. No other check is done, such as whether \&\fIpkey\fR contains a private key. .PP -\&\fBEVP_PKEY_type_names_do_all()\fR traverses all names for \fIpkey\fR's key type, and -calls \fIfn\fR with each name and \fIdata\fR. For example, an \s-1RSA\s0 \fB\s-1EVP_PKEY\s0\fR may +\&\fBEVP_PKEY_type_names_do_all()\fR traverses all names for \fIpkey\fR\*(Aqs key type, and +calls \fIfn\fR with each name and \fIdata\fR. For example, an RSA \fBEVP_PKEY\fR may be named both \f(CW\*(C`RSA\*(C'\fR and \f(CW\*(C`rsaEncryption\*(C'\fR. The order of the names depends on the provider implementation that holds the key. @@ -177,12 +102,12 @@ Ownership of the returned string is retained by the \fIpkey\fR object and should not be freed by the caller. .PP -\&\fBEVP_PKEY_get0_description()\fR returns a description of the type of \fB\s-1EVP_PKEY\s0\fR, +\&\fBEVP_PKEY_get0_description()\fR returns a description of the type of \fBEVP_PKEY\fR, meant for display and human consumption. The description is at the discretion of the key type implementation. .PP -\&\fBEVP_PKEY_get0_provider()\fR returns the provider of the \fB\s-1EVP_PKEY\s0\fR's -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3). +\&\fBEVP_PKEY_get0_provider()\fR returns the provider of the \fBEVP_PKEY\fR\*(Aqs +\&\fBEVP_KEYMGMT\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_is_a()\fR returns 1 if \fIpkey\fR has the key type \fIname\fR, @@ -191,22 +116,22 @@ \&\fBEVP_PKEY_can_sign()\fR returns 1 if the \fIpkey\fR key type functionality supports signing, otherwise 0. .PP -\&\fBEVP_PKEY_get0_type_name()\fR returns the name that is found or \s-1NULL\s0 on error. +\&\fBEVP_PKEY_get0_type_name()\fR returns the name that is found or NULL on error. .PP -\&\fBEVP_PKEY_get0_description()\fR returns the description if found or \s-1NULL\s0 if not. +\&\fBEVP_PKEY_get0_description()\fR returns the description if found or NULL if not. .PP -\&\fBEVP_PKEY_get0_provider()\fR returns the provider if found or \s-1NULL\s0 if not. +\&\fBEVP_PKEY_get0_provider()\fR returns the provider if found or NULL if not. .PP \&\fBEVP_PKEY_type_names_do_all()\fR returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -.SS "\fBEVP_PKEY_is_a()\fP" +.SS \fBEVP_PKEY_is_a()\fP .IX Subsection "EVP_PKEY_is_a()" The loaded providers and what key types they support will ultimately determine what \fIname\fR is possible to use with \fBEVP_PKEY_is_a()\fR. We do know -that the default provider supports \s-1RSA, DH, DSA\s0 and \s-1EC\s0 keys, so we can use +that the default provider supports RSA, DH, DSA and EC keys, so we can use this as an crude example: .PP .Vb 1 @@ -221,7 +146,7 @@ \& BN_free(modulus); \& } .Ve -.SS "\fBEVP_PKEY_can_sign()\fP" +.SS \fBEVP_PKEY_can_sign()\fP .IX Subsection "EVP_PKEY_can_sign()" .Vb 1 \& #include @@ -234,14 +159,14 @@ \& } \& /* Sign something... */ .Ve -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_KEYGEN 3ossl" -.TH EVP_PKEY_KEYGEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_KEYGEN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_Q_keygen, EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_generate, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, @@ -147,7 +72,7 @@ EVP_PKEY_gen_cb, EVP_PKEY_paramgen, EVP_PKEY_keygen \&\- key and parameter generation and check functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -171,16 +96,16 @@ \& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); \& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Generating keys is sometimes straight forward, just generate the key's +Generating keys is sometimes straight forward, just generate the key\*(Aqs numbers and be done with it. However, there are certain key types that need key parameters, often called domain parameters but not necessarily limited to that, that also need to be generated. In addition to this, the caller may want to set user provided generation parameters that further affect key parameter or key generation, such as the desired key size. .PP -To flexibly allow all that's just been described, key parameter and key +To flexibly allow all that\*(Aqs just been described, key parameter and key generation is divided into an initialization of a key algorithm context, functions to set user provided parameters, and finally the key parameter or key generation function itself. @@ -199,7 +124,7 @@ function described in those manuals. .PP \&\fBEVP_PKEY_generate()\fR performs the generation operation, the resulting key -parameters or key are written to \fI*ppkey\fR. If \fI*ppkey\fR is \s-1NULL\s0 when this +parameters or key are written to \fI*ppkey\fR. If \fI*ppkey\fR is NULL when this function is called, it will be allocated, and should be freed by the caller when no longer useful, using \fBEVP_PKEY_free\fR\|(3). .PP @@ -221,22 +146,24 @@ .PP If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where -a user clicks on a \*(L"cancel\*(R" button. +a user clicks on a "cancel" button. +.PP +The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR +associate an opaque, application\-defined pointer with an EVP_PKEY_CTX object. .PP -The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set -and retrieve an opaque pointer. This can be used to set some application -defined value which can be retrieved in the callback: for example a handle -which is used to update a \*(L"progress dialog\*(R". +This pointer is not interpreted by the library and is reserved entirely for use +by the application. It may be used to store arbitrary context or state that +needs to be accessible wherever the corresponding EVP_PKEY_CTX is available. .PP -\&\fBEVP_PKEY_Q_keygen()\fR abstracts from the explicit use of \fB\s-1EVP_PKEY_CTX\s0\fR while -providing a 'quick' but limited way of generating a new asymmetric key pair. +\&\fBEVP_PKEY_Q_keygen()\fR abstracts from the explicit use of \fBEVP_PKEY_CTX\fR while +providing a \*(Aqquick\*(Aq but limited way of generating a new asymmetric key pair. It provides shorthands for simple and common cases of key generation. As usual, the library context \fIlibctx\fR and property query \fIpropq\fR can be given for fetching algorithms from providers. If \fItype\fR is \f(CW\*(C`RSA\*(C'\fR, -a \fBsize_t\fR parameter must be given to specify the size of the \s-1RSA\s0 key. +a \fBsize_t\fR parameter must be given to specify the size of the RSA key. If \fItype\fR is \f(CW\*(C`EC\*(C'\fR, -a string parameter must be given to specify the name of the \s-1EC\s0 curve. +a string parameter must be given to specify the name of the EC curve. If \fItype\fR is \f(CW\*(C`X25519\*(C'\fR, \f(CW\*(C`X448\*(C'\fR, \f(CW\*(C`ED25519\*(C'\fR, \f(CW\*(C`ED448\*(C'\fR, or \f(CW\*(C`SM2\*(C'\fR no further parameter is needed. .SH "RETURN VALUES" @@ -246,8 +173,8 @@ In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP -\&\fBEVP_PKEY_Q_keygen()\fR returns an \fB\s-1EVP_PKEY\s0\fR, or \s-1NULL\s0 on failure. -.SH "NOTES" +\&\fBEVP_PKEY_Q_keygen()\fR returns an \fBEVP_PKEY\fR, or NULL on failure. +.SH NOTES .IX Header "NOTES" After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm specific control operations can be performed to set any appropriate parameters @@ -263,16 +190,16 @@ might not even call the callback. .PP The operation performed by key or parameter generation depends on the algorithm -used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" -option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. +used. In some cases (e.g. EC with a supplied named curve) the "generation" +option merely sets the appropriate fields in an EVP_PKEY structure. .PP -In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +In OpenSSL an EVP_PKEY structure containing a private key also contains the public key components and parameters (if any). An OpenSSL private key is -equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +equivalent to what some libraries call a "key pair". A private key can be used in functions which require the use of a public key or parameters. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Generate a 2048 bit \s-1RSA\s0 key: +Generate a 2048 bit RSA key: .PP .Vb 2 \& #include @@ -352,7 +279,7 @@ \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_PKEY_keygen_init()\fR, int \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR, \&\fBEVP_PKEY_paramgen()\fR, \fBEVP_PKEY_gen_cb()\fR, \fBEVP_PKEY_CTX_set_cb()\fR, @@ -361,11 +288,11 @@ OpenSSL 1.0.0. .PP \&\fBEVP_PKEY_Q_keygen()\fR and \fBEVP_PKEY_generate()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_GET_COUNT 3ossl" -.TH EVP_PKEY_METH_GET_COUNT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_METH_GET_COUNT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerate public key methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 4 @@ -156,10 +81,10 @@ \& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, \& const EVP_PKEY_METHOD *meth); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. -Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +Applications should instead use the OSSL_PROVIDER APIs. .PP \&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods available: it includes standard methods and any methods added by the @@ -168,27 +93,27 @@ \&\fBEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR must be between zero and \fBEVP_PKEY_meth_get_count()\fR \- 1. .PP -\&\fBEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags +\&\fBEVP_PKEY_meth_get0_info()\fR returns the public key ID (a NID) and any flags associated with the public key method \fB*meth\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_meth_count()\fR returns the number of available public key methods. .PP -\&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +\&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fBNULL\fR if \fBidx\fR is out of range. .PP \&\fBEVP_PKEY_meth_get0_info()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_NEW 3ossl" -.TH EVP_PKEY_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_METH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, @@ -161,14 +86,14 @@ EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove \&\- manipulating EVP_PKEY_METHOD structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -381,27 +306,27 @@ \& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, \& EVP_MD_CTX *mctx)); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. -Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +Applications should instead use the OSSL_PROVIDER APIs. .PP -\&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a +\&\fBEVP_PKEY_METHOD\fR is a structure which holds a set of methods for a specific public key cryptographic algorithm. Those methods are usually used to perform different jobs, such as generating a key, signing or verifying, encrypting or decrypting, etc. .PP -There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one -is a built-in static array representing the standard methods for different -algorithms, and the other one is a stack of user-defined application-specific +There are two places where the \fBEVP_PKEY_METHOD\fR objects are stored: one +is a built\-in static array representing the standard methods for different +algorithms, and the other one is a stack of user\-defined application\-specific methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3). .PP -The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR +The \fBEVP_PKEY_METHOD\fR objects are usually referenced by \fBEVP_PKEY_CTX\fR objects. -.SS "Methods" +.SS Methods .IX Subsection "Methods" The methods are the underlying implementations of a particular public key -algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. +algorithm present by the \fBEVP_PKEY_CTX\fR object. .PP .Vb 3 \& int (*init) (EVP_PKEY_CTX *ctx); @@ -409,9 +334,9 @@ \& void (*cleanup) (EVP_PKEY_CTX *ctx); .Ve .PP -The \fBinit()\fR method is called to initialize algorithm-specific data when a new -\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called -when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR +The \fBinit()\fR method is called to initialize algorithm\-specific data when a new +\&\fBEVP_PKEY_CTX\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called +when an \fBEVP_PKEY_CTX\fR is freed. The \fBcopy()\fR method is called when an \fBEVP_PKEY_CTX\fR is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3), \&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3). .PP @@ -462,7 +387,7 @@ .PP The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a signature and then recover the digest from the signature (for instance, a -signature that was generated by \s-1RSA\s0 signing algorithm). They are called by +signature that was generated by RSA signing algorithm). They are called by \&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). .PP .Vb 3 @@ -472,7 +397,7 @@ .Ve .PP The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by -a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See +a \fBEVP_MD_CTX\fR object. They are called by the EVP_DigestSign functions. See \&\fBEVP_DigestSignInit\fR\|(3) for details. .PP .Vb 3 @@ -482,7 +407,7 @@ .Ve .PP The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature -against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various +against the data in a \fBEVP_MD_CTX\fR object. They are called by the various EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for details. .PP .Vb 3 @@ -509,7 +434,7 @@ .Ve .PP The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret -from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by +from a public key algorithm (for instance, the DH algorithm). They are called by \&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). .PP .Vb 2 @@ -517,7 +442,7 @@ \& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); .Ve .PP -The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific +The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm\-specific settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for details. .PP .Vb 5 @@ -529,7 +454,7 @@ .Ve .PP The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify -a signature in a one-shot mode. They could be called by \fBEVP_DigestSign\fR\|(3) +a signature in a one\-shot mode. They could be called by \fBEVP_DigestSign\fR\|(3) and \fBEVP_DigestVerify\fR\|(3). .PP .Vb 3 @@ -539,7 +464,7 @@ .Ve .PP The \fBcheck()\fR, \fBpublic_check()\fR and \fBparam_check()\fR methods are used to validate a -key-pair, the public component and parameters respectively for a given \fBpkey\fR. +key\-pair, the public component and parameters respectively for a given \fBpkey\fR. They could be called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and \&\fBEVP_PKEY_param_check\fR\|(3) respectively. .PP @@ -550,12 +475,12 @@ The \fBdigest_custom()\fR method is used to generate customized digest content before the real message is passed to functions like \fBEVP_DigestSignUpdate\fR\|(3) or \&\fBEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key -signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to +signature algorithms like SM2 which requires a hashed prefix to the message to be signed. The \fBdigest_custom()\fR function will be called by \fBEVP_DigestSignInit\fR\|(3) and \fBEVP_DigestVerifyInit\fR\|(3). -.SS "Functions" +.SS Functions .IX Subsection "Functions" -\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, +\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fBEVP_PKEY_METHOD\fR object, and associates the given \fBid\fR and \fBflags\fR. The following flags are supported: .PP @@ -564,46 +489,46 @@ \& EVP_PKEY_FLAG_SIGCTX_CUSTOM .Ve .PP -If an \fB\s-1EVP_PKEY_METHOD\s0\fR is set with the \fB\s-1EVP_PKEY_FLAG_AUTOARGLEN\s0\fR flag, the +If an \fBEVP_PKEY_METHOD\fR is set with the \fBEVP_PKEY_FLAG_AUTOARGLEN\fR flag, the maximum size of the output buffer will be automatically calculated or checked -in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of -these methods don't need to care about handling the case of returning output +in corresponding EVP methods by the EVP framework. Thus the implementations of +these methods don\*(Aqt need to care about handling the case of returning output buffer size by themselves. For details on the output buffer size, refer to \&\fBEVP_PKEY_sign\fR\|(3). .PP -The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method -of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a +The \fBEVP_PKEY_FLAG_SIGCTX_CUSTOM\fR is used to indicate the \fBsignctx()\fR method +of an \fBEVP_PKEY_METHOD\fR is always called by the EVP framework while doing a digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3). .PP -\&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by -\&\fBpmeth\fR. +\&\fBEVP_PKEY_meth_free()\fR frees an existing \fBEVP_PKEY_METHOD\fR pointed by +\&\fBpmeth\fR. If the argument is NULL, nothing is done. .PP -\&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR +\&\fBEVP_PKEY_meth_copy()\fR copies an \fBEVP_PKEY_METHOD\fR object from \fBsrc\fR to \fBdst\fR. .PP -\&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. -This function first searches through the user-defined method objects and -then the built-in objects. +\&\fBEVP_PKEY_meth_find()\fR finds an \fBEVP_PKEY_METHOD\fR object with the \fBid\fR. +This function first searches through the user\-defined method objects and +then the built\-in objects. .PP \&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. .PP -\&\fBEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by +\&\fBEVP_PKEY_meth_remove()\fR removes an \fBEVP_PKEY_METHOD\fR object added by \&\fBEVP_PKEY_meth_add0()\fR. .PP The EVP_PKEY_meth_set functions set the corresponding fields of -\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. +\&\fBEVP_PKEY_METHOD\fR structure with the arguments passed. .PP The EVP_PKEY_meth_get functions get the corresponding fields of -\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. +\&\fBEVP_PKEY_METHOD\fR structure to the arguments provided. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR -object or returns \s-1NULL\s0 on error. +\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fBEVP_PKEY_METHOD\fR +object or returns NULL on error. .PP \&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values. .PP -\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR -object or returns \s-1NULL\s0 if not found. +\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fBEVP_PKEY_METHOD\fR +object or returns NULL if not found. .PP \&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 if an error occurred. @@ -612,19 +537,19 @@ 0 if an error occurred. .PP All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return -values. For the 'get' functions, function pointers are returned by +values. For the \*(Aqget\*(Aq functions, function pointers are returned by arguments. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP The signature of the \fIcopy\fR functional argument of \fBEVP_PKEY_meth_set_copy()\fR has changed in OpenSSL 3.0 so its \fIsrc\fR parameter is now constified. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_new.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_NEW 3ossl" -.TH EVP_PKEY_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY, EVP_PKEY_new, EVP_PKEY_up_ref, @@ -153,7 +78,7 @@ EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key \&\- public/private key allocation and raw key handling functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -189,80 +114,80 @@ .Ve .PP The following function has been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, \& size_t len, const EVP_CIPHER *cipher); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1EVP_PKEY\s0\fR is a generic structure to hold diverse types of asymmetric keys -(also known as \*(L"key pairs\*(R"), and can be used for diverse operations, like +\&\fBEVP_PKEY\fR is a generic structure to hold diverse types of asymmetric keys +(also known as "key pairs"), and can be used for diverse operations, like signing, verifying signatures, key derivation, etc. The asymmetric keys -themselves are often referred to as the \*(L"internal key\*(R", and are handled by -backends, such as providers (through \s-1\fBEVP_KEYMGMT\s0\fR\|(3)) or \fB\s-1ENGINE\s0\fRs. +themselves are often referred to as the "internal key", and are handled by +backends, such as providers (through \fBEVP_KEYMGMT\fR\|(3)) or \fBENGINE\fRs. .PP -Conceptually, an \fB\s-1EVP_PKEY\s0\fR internal key may hold a private key, a public +Conceptually, an \fBEVP_PKEY\fR internal key may hold a private key, a public key, or both (a keypair), and along with those, key parameters if the key type requires them. The presence of these components determine what operations can be made; for example, signing normally requires the presence of a private key, and verifying normally requires the presence of a public key. .PP -\&\fB\s-1EVP_PKEY\s0\fR has also been used for \s-1MAC\s0 algorithm that were conceived as -producing signatures, although not being public key algorithms; \*(L"\s-1POLY1305\*(R", -\&\*(L"SIPHASH\*(R", \*(L"HMAC\*(R", \*(L"CMAC\*(R".\s0 This usage is considered legacy and is discouraged -in favor of the \s-1\fBEVP_MAC\s0\fR\|(3) \s-1API.\s0 +\&\fBEVP_PKEY\fR has also been used for MAC algorithm that were conceived as +producing signatures, although not being public key algorithms; "POLY1305", +"SIPHASH", "HMAC", "CMAC". This usage is considered legacy and is discouraged +in favor of the \fBEVP_MAC\fR\|(3) API. .PP -The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is +The \fBEVP_PKEY_new()\fR function allocates an empty \fBEVP_PKEY\fR structure which is used by OpenSSL to store public and private keys. The reference count is set to \&\fB1\fR. .PP \&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fIkey\fR. .PP -\&\fBEVP_PKEY_dup()\fR duplicates the \fIkey\fR. The \fIkey\fR must not be \s-1ENGINE\s0 based or +\&\fBEVP_PKEY_dup()\fR duplicates the \fIkey\fR. The \fIkey\fR must not be ENGINE based or a raw key, otherwise the duplication will fail. .PP \&\fBEVP_PKEY_free()\fR decrements the reference count of \fIkey\fR and, if the reference -count is zero, frees it up. If \fIkey\fR is \s-1NULL,\s0 nothing is done. +count is zero, frees it up. If \fIkey\fR is NULL, nothing is done. .PP -\&\fBEVP_PKEY_new_raw_private_key_ex()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. Unless an +\&\fBEVP_PKEY_new_raw_private_key_ex()\fR allocates a new \fBEVP_PKEY\fR. Unless an engine should be used for the key type, a provider for the key is found using the library context \fIlibctx\fR and the property query string \fIpropq\fR. The \&\fIkeytype\fR argument indicates what kind of key this is. The value should be a string for a public key algorithm that supports raw private keys, i.e one of -\&\*(L"X25519\*(R", \*(L"\s-1ED25519\*(R", \*(L"X448\*(R"\s0 or \*(L"\s-1ED448\*(R".\s0 \fIkey\fR points to the raw private key -data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fIkeylen\fR. The length +"X25519", "ED25519", "X448" or "ED448". \fIkey\fR points to the raw private key +data for this \fBEVP_PKEY\fR which should be of length \fIkeylen\fR. The length should be appropriate for the type of the key. The public key data will be automatically derived from the given private key data (if appropriate for the algorithm type). .PP \&\fBEVP_PKEY_new_raw_private_key()\fR does the same as \&\fBEVP_PKEY_new_raw_private_key_ex()\fR except that the default library context and -default property query are used instead. If \fIe\fR is non-NULL then the new -\&\fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fIe\fR. The \fItype\fR argument -indicates what kind of key this is. The value should be a \s-1NID\s0 for a public key -algorithm that supports raw private keys, i.e. one of \fB\s-1EVP_PKEY_X25519\s0\fR, -\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +default property query are used instead. If \fIe\fR is non\-NULL then the new +\&\fBEVP_PKEY\fR structure is associated with the engine \fIe\fR. The \fItype\fR argument +indicates what kind of key this is. The value should be a NID for a public key +algorithm that supports raw private keys, i.e. one of \fBEVP_PKEY_X25519\fR, +\&\fBEVP_PKEY_ED25519\fR, \fBEVP_PKEY_X448\fR or \fBEVP_PKEY_ED448\fR. .PP \&\fBEVP_PKEY_new_raw_private_key_ex()\fR and \fBEVP_PKEY_new_raw_private_key()\fR may also be used with most MACs implemented as public key algorithms, so key types such -as \*(L"\s-1HMAC\*(R", \*(L"POLY1305\*(R", \*(L"SIPHASH\*(R",\s0 or their \s-1NID\s0 form \fB\s-1EVP_PKEY_POLY1305\s0\fR, -\&\fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_HMAC\s0\fR are also accepted. This usage is, -as mentioned above, discouraged in favor of the \s-1\fBEVP_MAC\s0\fR\|(3) \s-1API.\s0 +as "HMAC", "POLY1305", "SIPHASH", or their NID form \fBEVP_PKEY_POLY1305\fR, +\&\fBEVP_PKEY_SIPHASH\fR, \fBEVP_PKEY_HMAC\fR are also accepted. This usage is, +as mentioned above, discouraged in favor of the \fBEVP_MAC\fR\|(3) API. .PP \&\fBEVP_PKEY_new_raw_public_key_ex()\fR works in the same way as \&\fBEVP_PKEY_new_raw_private_key_ex()\fR except that \fIkey\fR points to the raw -public key data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any +public key data. The \fBEVP_PKEY\fR structure will be initialised without any private key information. Algorithm types that support raw public keys are -\&\*(L"X25519\*(R", \*(L"\s-1ED25519\*(R", \*(L"X448\*(R"\s0 or \*(L"\s-1ED448\*(R".\s0 +"X25519", "ED25519", "X448" or "ED448". .PP \&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as \&\fBEVP_PKEY_new_raw_private_key()\fR except that \fIkey\fR points to the raw public key -data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key +data. The \fBEVP_PKEY\fR structure will be initialised without any private key information. Algorithm types that support raw public keys are -\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +\&\fBEVP_PKEY_X25519\fR, \fBEVP_PKEY_ED25519\fR, \fBEVP_PKEY_X448\fR or \fBEVP_PKEY_ED448\fR. .PP \&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. @@ -270,48 +195,60 @@ \&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fIpriv\fR with raw private key data. The size of the \fIpriv\fR buffer should be in \fI*len\fR on entry to the function, and on exit \fI*len\fR is updated with the number of bytes -actually written. If the buffer \fIpriv\fR is \s-1NULL\s0 then \fI*len\fR is populated with +actually written. If the buffer \fIpriv\fR is NULL then \fI*len\fR is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the private key data. This function only works for algorithms that support raw private keys. -Currently this is: \fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, -\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +Currently this is: \fBEVP_PKEY_HMAC\fR, \fBEVP_PKEY_POLY1305\fR, \fBEVP_PKEY_SIPHASH\fR, +\&\fBEVP_PKEY_X25519\fR, \fBEVP_PKEY_ED25519\fR, \fBEVP_PKEY_X448\fR or \fBEVP_PKEY_ED448\fR. .PP \&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fIpub\fR with raw public key data. The size of the \fIpub\fR buffer should be in \fI*len\fR on entry to the function, and on exit \fI*len\fR is updated with the number of bytes -actually written. If the buffer \fIpub\fR is \s-1NULL\s0 then \fI*len\fR is populated with +actually written. If the buffer \fIpub\fR is NULL then \fI*len\fR is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the public key data. This function only works for algorithms that support raw public keys. -Currently this is: \fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or -\&\fB\s-1EVP_PKEY_ED448\s0\fR. +Currently this is: \fBEVP_PKEY_X25519\fR, \fBEVP_PKEY_ED25519\fR, \fBEVP_PKEY_X448\fR or +\&\fBEVP_PKEY_ED448\fR. .PP \&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR -except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the +except it is only for the \fBEVP_PKEY_CMAC\fR algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during -creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. The cipher should be a standard -encryption-only cipher. For example \s-1AEAD\s0 and \s-1XTS\s0 ciphers should not be used. +creation of a CMAC in the \fBcipher\fR argument. The cipher should be a standard +encryption\-only cipher. For example AEAD and XTS ciphers should not be used. .PP -Applications should use the \s-1\fBEVP_MAC\s0\fR\|(3) \s-1API\s0 instead -and set the \fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR parameter on the \fB\s-1EVP_MAC_CTX\s0\fR object +Applications should use the \fBEVP_MAC\fR\|(3) API instead +and set the \fBOSSL_MAC_PARAM_CIPHER\fR parameter on the \fBEVP_MAC_CTX\fR object with the name of the cipher being used. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a +The \fBEVP_PKEY\fR structure is used by various OpenSSL functions which require a general private key without reference to any particular algorithm. .PP The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public key to this empty structure use the appropriate functions described in \&\fBEVP_PKEY_set1_RSA\fR\|(3), \fBEVP_PKEY_set1_DSA\fR\|(3), \fBEVP_PKEY_set1_DH\fR\|(3) or -\&\fBEVP_PKEY_set1_EC_KEY\fR\|(3). +\&\fBEVP_PKEY_set1_EC_KEY\fR\|(3) for legacy key types implemented in internal +OpenSSL providers. +.PP +For fully provider\-managed key types (see \fBprovider\-keymgmt\fR\|(7)), +possibly implemented in external providers, use functions such as +\&\fBEVP_PKEY_set1_encoded_public_key\fR\|(3) or \fBEVP_PKEY_fromdata\fR\|(3) +to populate key data. +.PP +Generally caution is advised for using an \fBEVP_PKEY\fR structure across +different library contexts: In order for an \fBEVP_PKEY\fR to be shared by +multiple library contexts the providers associated with the library contexts +must have key managers that support the key type and implement the +\&\fBOSSL_FUNC_keymgmt_import()\fR and \fBOSSL_FUNC_keymgmt_export()\fR functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, \&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly -allocated \fB\s-1EVP_PKEY\s0\fR structure or \s-1NULL\s0 if an error occurred. +allocated \fBEVP_PKEY\fR structure or NULL if an error occurred. .PP -\&\fBEVP_PKEY_dup()\fR returns the key duplicate or \s-1NULL\s0 if an error occurred. +\&\fBEVP_PKEY_dup()\fR returns the key duplicate or NULL if an error occurred. .PP \&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and \&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. @@ -319,7 +256,7 @@ .IX Header "SEE ALSO" \&\fBEVP_PKEY_set1_RSA\fR\|(3), \fBEVP_PKEY_set1_DSA\fR\|(3), \fBEVP_PKEY_set1_DH\fR\|(3) or \&\fBEVP_PKEY_set1_EC_KEY\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \&\fBEVP_PKEY_new()\fR and \fBEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. @@ -337,14 +274,14 @@ .PP The \fBEVP_PKEY_new_CMAC_key()\fR was deprecated in OpenSSL 3.0. .PP -The documentation of \fB\s-1EVP_PKEY\s0\fR was amended in OpenSSL 3.0 to allow there to +The documentation of \fBEVP_PKEY\fR was amended in OpenSSL 3.0 to allow there to be the private part of the keypair without the public part, where this was previously implied to be disallowed. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_PRINT_PRIVATE 3ossl" -.TH EVP_PKEY_PRINT_PRIVATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_PRINT_PRIVATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params, EVP_PKEY_print_public_fp, EVP_PKEY_print_private_fp, EVP_PKEY_print_params_fp \- public key algorithm printing routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,21 +85,21 @@ \& int EVP_PKEY_print_params_fp(FILE *fp, const EVP_PKEY *pkey, \& int indent, ASN1_PCTX *pctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and \&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components -of key \fIpkey\fR respectively. The key is sent to \fB\s-1BIO\s0\fR \fIout\fR in human readable +of key \fIpkey\fR respectively. The key is sent to \fBBIO\fR \fIout\fR in human readable form. The parameter \fIindent\fR indicates how far the printout should be indented. .PP The \fIpctx\fR parameter allows the print output to be finely tuned by using -\&\s-1ASN1\s0 printing options. If \fIpctx\fR is set to \s-1NULL\s0 then default values will +ASN1 printing options. If \fIpctx\fR is set to NULL then default values will be used. .PP The functions \fBEVP_PKEY_print_public_fp()\fR, \fBEVP_PKEY_print_private_fp()\fR and -\&\fBEVP_PKEY_print_params_fp()\fR do the same as the \fB\s-1BIO\s0\fR based functions -but use \fB\s-1FILE\s0\fR \fIfp\fR instead. -.SH "NOTES" +\&\fBEVP_PKEY_print_params_fp()\fR do the same as the \fBBIO\fR based functions +but use \fBFILE\fR \fIfp\fR instead. +.SH NOTES .IX Header "NOTES" Currently no public key algorithms include any options in the \fIpctx\fR parameter. .PP @@ -190,18 +115,18 @@ .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_keygen\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR, and \fBEVP_PKEY_print_params()\fR were added in OpenSSL 1.0.0. .PP The functions \fBEVP_PKEY_print_public_fp()\fR, \fBEVP_PKEY_print_private_fp()\fR, and \fBEVP_PKEY_print_params_fp()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_SET1_RSA 3ossl" -.TH EVP_PKEY_SET1_RSA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_SET1_RSA 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, @@ -149,7 +74,7 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine, EVP_PKEY_id, EVP_PKEY_base_id \- EVP_PKEY assignment functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,7 +88,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 4 @@ -196,24 +121,24 @@ \& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); \& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_get_base_id()\fR returns the type of \fIpkey\fR. For example -an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. +an RSA key will return \fBEVP_PKEY_RSA\fR. .PP -\&\fBEVP_PKEY_get_id()\fR returns the actual \s-1NID\s0 associated with \fIpkey\fR -only if the \fIpkey\fR type isn't implemented just in a \fBprovider\fR\|(7). +\&\fBEVP_PKEY_get_id()\fR returns the actual NID associated with \fIpkey\fR +only if the \fIpkey\fR type isn\*(Aqt implemented just in a \fBprovider\fR\|(7). Historically keys using the same algorithm could use different NIDs. -For example an \s-1RSA\s0 key could use the NIDs corresponding to -the NIDs \fBNID_rsaEncryption\fR (equivalent to \fB\s-1EVP_PKEY_RSA\s0\fR) or -\&\fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of -alternative non-standard NIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not +For example an RSA key could use the NIDs corresponding to +the NIDs \fBNID_rsaEncryption\fR (equivalent to \fBEVP_PKEY_RSA\fR) or +\&\fBNID_rsa\fR (equivalent to \fBEVP_PKEY_RSA2\fR). The use of +alternative non\-standard NIDs is now rare so \fBEVP_PKEY_RSA2\fR et al are not often seen in practice. -\&\fBEVP_PKEY_get_id()\fR returns \-1 (\fB\s-1EVP_PKEY_KEYMGMT\s0\fR) if the \fIpkey\fR is +\&\fBEVP_PKEY_get_id()\fR returns \-1 (\fBEVP_PKEY_KEYMGMT\fR) if the \fIpkey\fR is only implemented in a \fBprovider\fR\|(7). .PP -\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fItype\fR. For example -EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. +\&\fBEVP_PKEY_type()\fR returns the underlying type of the NID \fItype\fR. For example +EVP_PKEY_type(EVP_PKEY_RSA2) will return \fBEVP_PKEY_RSA\fR. .PP \&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and \&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fIpkey\fR to \fIkey\fR. These @@ -225,32 +150,32 @@ \&\fBEVP_PKEY_assign_SIPHASH()\fR set the referenced key to \fIkey\fR however these use the supplied \fIkey\fR internally and so \fIkey\fR will be freed when the parent \&\fIpkey\fR is freed. These macros are deprecated. Applications should instead read -an \s-1EVP_PKEY\s0 directly using the \s-1OSSL_DECODER\s0 APIs (see -\&\fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3)), or construct an \s-1EVP_PKEY\s0 from data using +an EVP_PKEY directly using the OSSL_DECODER APIs (see +\&\fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3)), or construct an EVP_PKEY from data using \&\fBEVP_PKEY_fromdata\fR\|(3). .PP \&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and -\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fIpkey\fR or \s-1NULL\s0 if the +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fIpkey\fR or NULL if the key is not of the correct type. The returned key must be freed after use. -These functions are deprecated. Applications should instead use the \s-1EVP_PKEY\s0 +These functions are deprecated. Applications should instead use the EVP_PKEY directly where possible. If access to the low level key parameters is required then applications should use \fBEVP_PKEY_get_params\fR\|(3) and other similar -functions. To write an \s-1EVP_PKEY\s0 out use the \s-1OSSL_ENCODER\s0 APIs (see +functions. To write an EVP_PKEY out use the OSSL_ENCODER APIs (see \&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3)). .PP \&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, \&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR and -\&\fBEVP_PKEY_get0_EC_KEY()\fR return the referenced key in \fIpkey\fR or \s-1NULL\s0 if the +\&\fBEVP_PKEY_get0_EC_KEY()\fR return the referenced key in \fIpkey\fR or NULL if the key is not of the correct type. The reference count of the returned key is \&\fBnot\fR incremented and so the key must not be freed after use. These functions -are deprecated. Applications should instead use the \s-1EVP_PKEY\s0 directly where +are deprecated. Applications should instead use the EVP_PKEY directly where possible. If access to the low level key parameters is required then applications should use \fBEVP_PKEY_get_params\fR\|(3) and other similar functions. -To write an \s-1EVP_PKEY\s0 out use the \s-1OSSL_ENCODER\s0 APIs (see +To write an EVP_PKEY out use the OSSL_ENCODER APIs (see \&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3)). \fBEVP_PKEY_get0()\fR returns a pointer to the -legacy key or \s-1NULL\s0 if the key is not legacy. +legacy key or NULL if the key is not legacy. .PP -Note that if an \s-1EVP_PKEY\s0 was not constructed using one of the deprecated +Note that if an EVP_PKEY was not constructed using one of the deprecated functions such as \fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR or \fBEVP_PKEY_set1_EC_KEY()\fR, or via the similarly named \fBEVP_PKEY_assign\fR macros described above then the internal key will be managed by a provider (see @@ -258,45 +183,45 @@ \&\fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR, \fBEVP_PKEY_get1_EC_KEY()\fR, \&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, \&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR or -\&\fBEVP_PKEY_get0_EC_KEY()\fR will be a cached copy of the provider's key. Subsequent -updates to the provider's key will not be reflected back in the cached copy, and +\&\fBEVP_PKEY_get0_EC_KEY()\fR will be a cached copy of the provider\*(Aqs key. Subsequent +updates to the provider\*(Aqs key will not be reflected back in the cached copy, and updates made by an application to the returned key will not be reflected back in -the provider's key. Subsequent calls to \fBEVP_PKEY_get1_RSA()\fR, +the provider\*(Aqs key. Subsequent calls to \fBEVP_PKEY_get1_RSA()\fR, \&\fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and \fBEVP_PKEY_get1_EC_KEY()\fR will always return the cached copy returned by the first call. .PP -\&\fBEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fIpkey\fR. This +\&\fBEVP_PKEY_get0_engine()\fR returns a reference to the ENGINE handling \fIpkey\fR. This function is deprecated. Applications should use providers instead of engines (see \fBprovider\fR\|(7) for details). .PP -\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fIpkey\fR to \fIengine\fR. It +\&\fBEVP_PKEY_set1_engine()\fR sets the ENGINE handling \fIpkey\fR to \fIengine\fR. It must be called after the key algorithm and components are set up. -If \fIengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fIpkey\fR an +If \fIengine\fR does not include an \fBEVP_PKEY_METHOD\fR for \fIpkey\fR an error occurs. This function is deprecated. Applications should use providers instead of engines (see \fBprovider\fR\|(7) for details). -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" -The following functions are only reliable with \fB\s-1EVP_PKEY\s0\fRs that have +The following functions are only reliable with \fBEVP_PKEY\fRs that have been assigned an internal key with EVP_PKEY_assign_*(): .PP \&\fBEVP_PKEY_get_id()\fR, \fBEVP_PKEY_get_base_id()\fR, \fBEVP_PKEY_type()\fR .PP -For \s-1EVP_PKEY\s0 key type checking purposes, \fBEVP_PKEY_is_a\fR\|(3) is more generic. +For EVP_PKEY key type checking purposes, \fBEVP_PKEY_is_a\fR\|(3) is more generic. .PP -For purposes of retrieving the name of the \fB\s-1EVP_PKEY\s0\fR the function +For purposes of retrieving the name of the \fBEVP_PKEY\fR the function \&\fBEVP_PKEY_get0_type_name\fR\|(3) is more generally useful. .PP The keys returned from the functions \fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, -\&\fBEVP_PKEY_get0_DH()\fR and \fBEVP_PKEY_get0_EC_KEY()\fR were changed to have a \*(L"const\*(R" +\&\fBEVP_PKEY_get0_DH()\fR and \fBEVP_PKEY_get0_EC_KEY()\fR were changed to have a "const" return type in OpenSSL 3.0. As described above the keys returned may be cached copies of the key held in a provider. Due to this, and unlike in earlier -versions of OpenSSL, they should be considered read-only copies of the key. +versions of OpenSSL, they should be considered read\-only copies of the key. Updates to these keys will not be reflected back in the provider side key. The \&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and -\&\fBEVP_PKEY_get1_EC_KEY()\fR functions were not changed to have a \*(L"const\*(R" return type -in order that applications can \*(L"free\*(R" the return value. However applications -should still consider them as read-only copies. -.SH "NOTES" +\&\fBEVP_PKEY_get1_EC_KEY()\fR functions were not changed to have a "const" return type +in order that applications can "free" the return value. However applications +should still consider them as read\-only copies. +.SH NOTES .IX Header "NOTES" In accordance with the OpenSSL naming convention the key obtained from or assigned to the \fIpkey\fR using the \fB1\fR functions must be @@ -307,18 +232,18 @@ and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. .PP \&\fBEVP_PKEY_assign_EC_KEY()\fR looks at the curve name id to determine if -the passed \fB\s-1EC_KEY\s0\fR is an \s-1\fBSM2\s0\fR\|(7) key, and will set the \fB\s-1EVP_PKEY\s0\fR -type to \fB\s-1EVP_PKEY_SM2\s0\fR in that case, instead of \fB\s-1EVP_PKEY_EC\s0\fR. +the passed \fBEC_KEY\fR is an \fBSM2\fR\|(7) key, and will set the \fBEVP_PKEY\fR +type to \fBEVP_PKEY_SM2\fR in that case, instead of \fBEVP_PKEY_EC\fR. .PP Most applications wishing to know a key type will simply call \&\fBEVP_PKEY_get_base_id()\fR and will not care about the actual type: which will be identical in almost all cases. .PP Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) -to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this +to determine the type of a key. Since \fBEVP_PKEY\fR is now opaque this is no longer possible: the equivalent is EVP_PKEY_get_base_id(pkey). .PP -\&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 +\&\fBEVP_PKEY_set1_engine()\fR is typically used by an ENGINE returning an HSM key as part of its routine to load a private key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -326,7 +251,7 @@ \&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. .PP \&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and -\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \s-1NULL\s0 if +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or NULL if an error occurred. .PP \&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, @@ -334,17 +259,17 @@ and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. .PP \&\fBEVP_PKEY_get_base_id()\fR, \fBEVP_PKEY_get_id()\fR and \fBEVP_PKEY_type()\fR return a key -type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. +type or \fBNID_undef\fR (equivalently \fBEVP_PKEY_NONE\fR) on error. .PP \&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_PKEY_new\fR\|(3), \s-1\fBSM2\s0\fR\|(7) -.SH "HISTORY" +\&\fBEVP_PKEY_new\fR\|(3), \fBSM2\fR\|(7) +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_base_id()\fR functions were renamed to include \f(CW\*(C`get\*(C'\fR in their names in OpenSSL 3.0, respectively. The old names -are kept as non-deprecated alias macros. +are kept as non\-deprecated alias macros. .PP EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, @@ -359,11 +284,11 @@ .PP The function \fBEVP_PKEY_set_alias_type()\fR was previously documented on this page. It was removed in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_set1_encoded_public_key.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_set1_encoded_public_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_SET1_ENCODED_PUBLIC_KEY 3ossl" -.TH EVP_PKEY_SET1_ENCODED_PUBLIC_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_SET1_ENCODED_PUBLIC_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key, EVP_PKEY_set1_tls_encodedpoint, EVP_PKEY_get1_tls_encodedpoint \&\- functions to set and get public key data within an EVP_PKEY -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,7 +79,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -163,21 +88,21 @@ \& \& size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_set1_encoded_public_key()\fR can be used to set the public key value -within an existing \s-1EVP_PKEY\s0 object. For the built-in OpenSSL algorithms this +within an existing EVP_PKEY object. For the built\-in OpenSSL algorithms this currently only works for those that support key exchange. Parameters are not set as part of this operation, so typically an application will create an -\&\s-1EVP_PKEY\s0 first, set the parameters on it, and then call this function. +EVP_PKEY first, set the parameters on it, and then call this function. For example setting the parameters might be done using \&\fBEVP_PKEY_copy_parameters\fR\|(3). .PP The format for the encoded public key will depend on the algorithm in use. For -\&\s-1DH\s0 it should be encoded as a positive integer in big-endian form. For \s-1EC\s0 is -should be a point conforming to Sec. 2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic -Curve Cryptography\*(R") standard. For X25519 and X448 it should be encoded in a -format as defined by \s-1RFC7748.\s0 +DH it should be encoded as a positive integer in big\-endian form. For EC is +should be a point conforming to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic +Curve Cryptography") standard. For X25519 and X448 it should be encoded in a +format as defined by RFC7748. .PP The key to be updated is supplied in \fBpkey\fR. The buffer containing the encoded key is pointed to be \fBpub\fR. The length of the buffer is supplied in \fBpublen\fR. @@ -202,11 +127,11 @@ value for failure. .PP \&\fBEVP_PKEY_get1_encoded_public_key()\fR returns the length of the encoded key or 0 for failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" See \fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3) for information about performing a key exchange operation. -.SS "Set up a peer's \s-1EVP_PKEY\s0 ready for a key exchange operation" +.SS "Set up a peer\*(Aqs EVP_PKEY ready for a key exchange operation" .IX Subsection "Set up a peer's EVP_PKEY ready for a key exchange operation" .Vb 1 \& #include @@ -256,19 +181,19 @@ .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_copy_parameters\fR\|(3), \&\fBEVP_PKEY_derive_init\fR\|(3), \fBEVP_PKEY_derive\fR\|(3), -\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7), \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7), \s-1\fBEVP_PKEY\-X448\s0\fR\|(7) -.SH "HISTORY" +\&\fBEVP_PKEY\-DH\fR\|(7), \fBEVP_PKEY\-EC\fR\|(7), \fBEVP_PKEY\-X25519\fR\|(7), \fBEVP_PKEY\-X448\fR\|(7) +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_PKEY_set1_encoded_public_key()\fR and \fBEVP_PKEY_get1_encoded_public_key()\fR were added in OpenSSL 3.0. .PP \&\fBEVP_PKEY_set1_tls_encodedpoint()\fR and \fBEVP_PKEY_get1_tls_encodedpoint()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_set_type.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_set_type.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_SET_TYPE 3ossl" -.TH EVP_PKEY_SET_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_SET_TYPE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_set_type, EVP_PKEY_set_type_str, EVP_PKEY_set_type_by_keymgmt \&\- functions to change the EVP_PKEY type -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,30 +75,30 @@ \& int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); \& int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All the functions described here behave the same in so far that they clear all the previous key data and methods from \fIpkey\fR, and reset it to be of the type of key given by the different arguments. If -\&\fIpkey\fR is \s-1NULL,\s0 these functions will still return the same return -values as if it wasn't. +\&\fIpkey\fR is NULL, these functions will still return the same return +values as if it wasn\*(Aqt. .PP \&\fBEVP_PKEY_set_type()\fR initialises \fIpkey\fR to contain an internal legacy -key. When doing this, it finds a \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) +key. When doing this, it finds a \fBEVP_PKEY_ASN1_METHOD\fR\|(3) corresponding to \fItype\fR, and associates \fIpkey\fR with the findings. -It is an error if no \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) could be found for +It is an error if no \fBEVP_PKEY_ASN1_METHOD\fR\|(3) could be found for \&\fItype\fR. .PP \&\fBEVP_PKEY_set_type_str()\fR initialises \fIpkey\fR to contain an internal legacy -key. When doing this, it finds a \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) +key. When doing this, it finds a \fBEVP_PKEY_ASN1_METHOD\fR\|(3) corresponding to \fIstr\fR that has then length \fIlen\fR, and associates \&\fIpkey\fR with the findings. -It is an error if no \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) could be found for +It is an error if no \fBEVP_PKEY_ASN1_METHOD\fR\|(3) could be found for \&\fItype\fR. .PP For both \fBEVP_PKEY_set_type()\fR and \fBEVP_PKEY_set_type_str()\fR, \fIpkey\fR gets a numeric type, which can be retrieved with \fBEVP_PKEY_get_id\fR\|(3). This -numeric type is taken from the \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) that was +numeric type is taken from the \fBEVP_PKEY_ASN1_METHOD\fR\|(3) that was found, and is equal to or closely related to \fItype\fR in the case of \&\fBEVP_PKEY_set_type()\fR, or related to \fIstr\fR in the case of \&\fBEVP_PKEY_set_type_str()\fR. @@ -181,20 +106,20 @@ \&\fBEVP_PKEY_set_type_by_keymgmt()\fR initialises \fIpkey\fR to contain an internal provider side key. When doing this, it associates \fIpkey\fR with \fIkeymgmt\fR. For keys initialised like this, the numeric type -retrieved with \fBEVP_PKEY_get_id\fR\|(3) will always be \fB\s-1EVP_PKEY_NONE\s0\fR. +retrieved with \fBEVP_PKEY_get_id\fR\|(3) will always be \fBEVP_PKEY_NONE\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All functions described here return 1 if successful, or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_assign\fR\|(3), \fBEVP_PKEY_get_id\fR\|(3), \fBEVP_PKEY_get0_RSA\fR\|(3), -\&\fBEVP_PKEY_copy_parameters\fR\|(3), \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3), -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBEVP_PKEY_copy_parameters\fR\|(3), \fBEVP_PKEY_ASN1_METHOD\fR\|(3), +\&\fBEVP_KEYMGMT\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_settable_params.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_settable_params.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_SETTABLE_PARAMS 3ossl" -.TH EVP_PKEY_SETTABLE_PARAMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_SETTABLE_PARAMS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_settable_params, EVP_PKEY_set_params, EVP_PKEY_set_int_param, EVP_PKEY_set_size_t_param, EVP_PKEY_set_bn_param, EVP_PKEY_set_utf8_string_param, EVP_PKEY_set_octet_string_param \&\- set key parameters into a key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,17 +84,17 @@ \& int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name, \& const unsigned char *buf, size_t bsize); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions can be used to set additional parameters into an existing -\&\fB\s-1EVP_PKEY\s0\fR. +\&\fBEVP_PKEY\fR. .PP \&\fBEVP_PKEY_set_params()\fR sets one or more \fIparams\fR into a \fIpkey\fR. -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about parameters. +See \fBOSSL_PARAM\fR\|(3) for information about parameters. .PP \&\fBEVP_PKEY_settable_params()\fR returns a constant list of \fIparams\fR indicating the names and types of key parameters that can be set. -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about parameters. +See \fBOSSL_PARAM\fR\|(3) for information about parameters. .PP \&\fBEVP_PKEY_set_int_param()\fR sets an integer value \fIin\fR into a key \fIpkey\fR for the associated field \fIkey_name\fR. @@ -177,35 +102,35 @@ \&\fBEVP_PKEY_set_size_t_param()\fR sets an size_t value \fIin\fR into a key \fIpkey\fR for the associated field \fIkey_name\fR. .PP -\&\fBEVP_PKEY_set_bn_param()\fR sets the \s-1BIGNUM\s0 value \fIbn\fR into a key \fIpkey\fR for the +\&\fBEVP_PKEY_set_bn_param()\fR sets the BIGNUM value \fIbn\fR into a key \fIpkey\fR for the associated field \fIkey_name\fR. .PP -\&\fBEVP_PKEY_set_utf8_string_param()\fR sets the \s-1UTF8\s0 string \fIstr\fR into a key \fIpkey\fR +\&\fBEVP_PKEY_set_utf8_string_param()\fR sets the UTF8 string \fIstr\fR into a key \fIpkey\fR for the associated field \fIkey_name\fR. .PP \&\fBEVP_PKEY_set_octet_string_param()\fR sets the octet string value \fIbuf\fR with a size \fIbsize\fR into a key \fIpkey\fR for the associated field \fIkey_name\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -These functions only work for \fB\s-1EVP_PKEY\s0\fRs that contain a provider side key. +These functions only work for \fBEVP_PKEY\fRs that contain a provider side key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_settable_params()\fR returns \s-1NULL\s0 on error or if it is not supported, +\&\fBEVP_PKEY_settable_params()\fR returns NULL on error or if it is not supported, .PP All other methods return 1 if a value was successfully set, or 0 if there was an error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_gettable_params\fR\|(3), -\&\fBEVP_PKEY_CTX_new\fR\|(3), \fBprovider\-keymgmt\fR\|(7), \s-1\fBOSSL_PARAM\s0\fR\|(3), -.SH "HISTORY" +\&\fBEVP_PKEY_CTX_new\fR\|(3), \fBprovider\-keymgmt\fR\|(7), \fBOSSL_PARAM\fR\|(3), +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_SIGN 3ossl" -.TH EVP_PKEY_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_sign_init, EVP_PKEY_sign_init_ex, EVP_PKEY_sign \&\- sign using a public key algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,12 +77,12 @@ \& unsigned char *sig, size_t *siglen, \& const unsigned char *tbs, size_t tbslen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_sign_init()\fR initializes a public key algorithm context \fIctx\fR for signing using the algorithm given when the context was created using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to -fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) +fetch a \fBEVP_SIGNATURE\fR method implicitly, see "Implicit fetch" in \fBprovider\fR\|(7) for more information about implicit fetches. .PP \&\fBEVP_PKEY_sign_init_ex()\fR is the same as \fBEVP_PKEY_sign_init()\fR but additionally @@ -165,12 +90,12 @@ .PP The \fBEVP_PKEY_sign()\fR function performs a public key signing operation using \fIctx\fR. The data to be signed is specified using the \fItbs\fR and -\&\fItbslen\fR parameters. If \fIsig\fR is \s-1NULL\s0 then the maximum size of the output -buffer is written to the \fIsiglen\fR parameter. If \fIsig\fR is not \s-1NULL\s0 then +\&\fItbslen\fR parameters. If \fIsig\fR is NULL then the maximum size of the output +buffer is written to the \fIsiglen\fR parameter. If \fIsig\fR is not NULL then before the call the \fIsiglen\fR parameter should contain the length of the \&\fIsig\fR buffer, if the call is successful the signature is written to \&\fIsig\fR and the amount of data written to \fIsiglen\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is normally used to sign digests. For signing arbitrary messages, see the @@ -188,9 +113,9 @@ \&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: +Sign data using RSA with PKCS#1 padding and SHA256 digest: .PP .Vb 2 \& #include @@ -240,17 +165,17 @@ \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR functions were added in OpenSSL 1.0.0. .PP The \fBEVP_PKEY_sign_init_ex()\fR function was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_todata.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_todata.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_TODATA 3ossl" -.TH EVP_PKEY_TODATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_TODATA 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_todata, EVP_PKEY_export \&\- functions to return keys as an array of key parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,23 +75,23 @@ \& int EVP_PKEY_export(const EVP_PKEY *pkey, int selection, \& OSSL_CALLBACK *export_cb, void *export_cbarg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The functions described here are used to extract \fB\s-1EVP_PKEY\s0\fR key values as an -array of \s-1\fBOSSL_PARAM\s0\fR\|(3). +The functions described here are used to extract \fBEVP_PKEY\fR key values as an +array of \fBOSSL_PARAM\fR\|(3). .PP \&\fBEVP_PKEY_todata()\fR extracts values from a key \fIpkey\fR using the \fIselection\fR. -\&\fIselection\fR is described in \*(L"Selections\*(R" in \fBEVP_PKEY_fromdata\fR\|(3). +\&\fIselection\fR is described in "Selections" in \fBEVP_PKEY_fromdata\fR\|(3). \&\fBOSSL_PARAM_free\fR\|(3) should be used to free the returned parameters in \&\fI*params\fR. .PP \&\fBEVP_PKEY_export()\fR is similar to \fBEVP_PKEY_todata()\fR but uses a callback \&\fIexport_cb\fR that gets passed the value of \fIexport_cbarg\fR. See \fBopenssl\-core.h\fR\|(7) for more information about the callback. Note that the -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) array that is passed to the callback is not persistent after the +\&\fBOSSL_PARAM\fR\|(3) array that is passed to the callback is not persistent after the callback returns. The user must preserve the items of interest, or use \&\fBEVP_PKEY_todata()\fR if persistence is required. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions only work with key management methods coming from a provider. This is the mirror function to \fBEVP_PKEY_fromdata\fR\|(3). @@ -175,19 +100,19 @@ \&\fBEVP_PKEY_todata()\fR and \fBEVP_PKEY_export()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), \fBopenssl\-core.h\fR\|(7), +\&\fBOSSL_PARAM\fR\|(3), \fBopenssl\-core.h\fR\|(7), \&\fBEVP_PKEY_fromdata\fR\|(3), -\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-ED448\s0\fR\|(7), \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7), \s-1\fBEVP_PKEY\-X448\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-ED25519\s0\fR\|(7) -.SH "HISTORY" +\&\fBEVP_PKEY\-RSA\fR\|(7), \fBEVP_PKEY\-DSA\fR\|(7), \fBEVP_PKEY\-DH\fR\|(7), \fBEVP_PKEY\-EC\fR\|(7), +\&\fBEVP_PKEY\-ED448\fR\|(7), \fBEVP_PKEY\-X25519\fR\|(7), \fBEVP_PKEY\-X448\fR\|(7), +\&\fBEVP_PKEY\-ED25519\fR\|(7) +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY 3ossl" -.TH EVP_PKEY_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_VERIFY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_verify_init, EVP_PKEY_verify_init_ex, EVP_PKEY_verify \&\- signature verification using a public key algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,12 +77,12 @@ \& const unsigned char *sig, size_t siglen, \& const unsigned char *tbs, size_t tbslen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_verify_init()\fR initializes a public key algorithm context \fIctx\fR for signing using the algorithm given when the context was created using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to -fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) +fetch a \fBEVP_SIGNATURE\fR method implicitly, see "Implicit fetch" in \fBprovider\fR\|(7) for more information about implicit fetches. .PP \&\fBEVP_PKEY_verify_init_ex()\fR is the same as \fBEVP_PKEY_verify_init()\fR but additionally @@ -167,7 +92,7 @@ using \fIctx\fR. The signature is specified using the \fIsig\fR and \&\fIsiglen\fR parameters. The verified data (i.e. the data believed originally signed) is specified using the \fItbs\fR and \fItbslen\fR parameters. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the @@ -186,9 +111,9 @@ A negative value indicates an error other that signature verification failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Verify signature using PKCS#1 and \s-1SHA256\s0 digest: +Verify signature using PKCS#1 and SHA256 digest: .PP .Vb 2 \& #include @@ -229,17 +154,17 @@ \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR functions were added in OpenSSL 1.0.0. .PP The \fBEVP_PKEY_verify_init_ex()\fR function was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3.orig +++ secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY_RECOVER 3ossl" -.TH EVP_PKEY_VERIFY_RECOVER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY_VERIFY_RECOVER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover_init_ex, EVP_PKEY_verify_recover \&\- recover signature using a public key algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,12 +79,12 @@ \& unsigned char *rout, size_t *routlen, \& const unsigned char *sig, size_t siglen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_PKEY_verify_recover_init()\fR initializes a public key algorithm context \&\fIctx\fR for signing using the algorithm given when the context was created using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to -fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) +fetch a \fBEVP_SIGNATURE\fR method implicitly, see "Implicit fetch" in \fBprovider\fR\|(7) for more information about implicit fetches. .PP \&\fBEVP_PKEY_verify_recover_init_ex()\fR is the same as @@ -168,12 +93,12 @@ .PP The \fBEVP_PKEY_verify_recover()\fR function recovers signed data using \fIctx\fR. The signature is specified using the \fIsig\fR and -\&\fIsiglen\fR parameters. If \fIrout\fR is \s-1NULL\s0 then the maximum size of the output -buffer is written to the \fIroutlen\fR parameter. If \fIrout\fR is not \s-1NULL\s0 then +\&\fIsiglen\fR parameters. If \fIrout\fR is NULL then the maximum size of the output +buffer is written to the \fIroutlen\fR parameter. If \fIrout\fR is not NULL then before the call the \fIroutlen\fR parameter should contain the length of the \&\fIrout\fR buffer, if the call is successful recovered data is written to \&\fIrout\fR and the amount of data written to \fIroutlen\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Normally an application is only interested in whether a signature verification operation is successful in those cases the \fBEVP_verify()\fR function should be @@ -181,7 +106,7 @@ .PP Sometimes however it is useful to obtain the data originally signed using a signing operation. Only certain public key algorithms can recover a signature -in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). +in this way (for example RSA in PKCS padding mode). .PP After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the @@ -194,9 +119,9 @@ \&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: +Recover digest originally signed using PKCS#1 and SHA256 digest: .PP .Vb 2 \& #include @@ -243,17 +168,17 @@ \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR functions were added in OpenSSL 1.0.0. .PP The \fBEVP_PKEY_verify_recover_init_ex()\fR function was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_RAND.3.orig +++ secure/lib/libcrypto/man/man3/EVP_RAND.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RAND 3ossl" -.TH EVP_RAND 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RAND 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX, EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_instantiate, EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce, @@ -153,7 +78,7 @@ EVP_RAND_CTX_gettable_params, EVP_RAND_CTX_settable_params, EVP_RAND_gettable_params, EVP_RAND_STATE_UNINITIALISED, EVP_RAND_STATE_READY, EVP_RAND_STATE_ERROR \- EVP RAND routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -208,89 +133,86 @@ \& #define EVP_RAND_STATE_READY 1 \& #define EVP_RAND_STATE_ERROR 2 .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP RAND\s0 routines are a high-level interface to random number generators +The EVP RAND routines are a high\-level interface to random number generators both deterministic and not. -If you just want to generate random bytes then you don't need to use +If you just want to generate random bytes then you don\*(Aqt need to use these functions: just call \fBRAND_bytes()\fR or \fBRAND_priv_bytes()\fR. If you want to do more, these calls should be used instead of the older -\&\s-1RAND\s0 and \s-1RAND_DRBG\s0 functions. +RAND and RAND_DRBG functions. .PP -After creating a \fB\s-1EVP_RAND_CTX\s0\fR for the required algorithm using +After creating a \fBEVP_RAND_CTX\fR for the required algorithm using \&\fBEVP_RAND_CTX_new()\fR, inputs to the algorithm are supplied either by passing them as part of the \fBEVP_RAND_instantiate()\fR call or using calls to \&\fBEVP_RAND_CTX_set_params()\fR before calling \fBEVP_RAND_instantiate()\fR. Finally, call \fBEVP_RAND_generate()\fR to produce cryptographically secure random bytes. -.SS "Types" +.SS Types .IX Subsection "Types" -\&\fB\s-1EVP_RAND\s0\fR is a type that holds the implementation of a \s-1RAND.\s0 +\&\fBEVP_RAND\fR is a type that holds the implementation of a RAND. .PP -\&\fB\s-1EVP_RAND_CTX\s0\fR is a context type that holds the algorithm inputs. -\&\fB\s-1EVP_RAND_CTX\s0\fR structures are reference counted. +\&\fBEVP_RAND_CTX\fR is a context type that holds the algorithm inputs. +\&\fBEVP_RAND_CTX\fR structures are reference counted. .SS "Algorithm implementation fetching" .IX Subsection "Algorithm implementation fetching" -\&\fBEVP_RAND_fetch()\fR fetches an implementation of a \s-1RAND\s0 \fIalgorithm\fR, given +\&\fBEVP_RAND_fetch()\fR fetches an implementation of a RAND \fIalgorithm\fR, given a library context \fIlibctx\fR and a set of \fIproperties\fR. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .PP The returned value must eventually be freed with \&\fBEVP_RAND_free\fR\|(3). .PP \&\fBEVP_RAND_up_ref()\fR increments the reference count of an already fetched -\&\s-1RAND.\s0 +RAND. .PP \&\fBEVP_RAND_free()\fR frees a fetched algorithm. -\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +NULL is a valid parameter, for which this function is a no\-op. .SS "Context manipulation functions" .IX Subsection "Context manipulation functions" -\&\fBEVP_RAND_CTX_new()\fR creates a new context for the \s-1RAND\s0 implementation \fIrand\fR. -If not \s-1NULL,\s0 \fIparent\fR specifies the seed source for this implementation. +\&\fBEVP_RAND_CTX_new()\fR creates a new context for the RAND implementation \fIrand\fR. +If not NULL, \fIparent\fR specifies the seed source for this implementation. Not all random number generators need to have a seed source specified. -If a parent is required, a \s-1NULL\s0 \fIparent\fR will utilise the operating +If a parent is required, a NULL \fIparent\fR will utilise the operating system entropy sources. It is recommended to minimise the number of random number generators that rely on the operating system for their randomness because this is often scarce. .PP -\&\fBEVP_RAND_CTX_free()\fR frees up the context \fIctx\fR. If \fIctx\fR is \s-1NULL,\s0 nothing +\&\fBEVP_RAND_CTX_free()\fR frees up the context \fIctx\fR. If \fIctx\fR is NULL, nothing is done. .PP -\&\fBEVP_RAND_CTX_get0_rand()\fR returns the \fB\s-1EVP_RAND\s0\fR associated with the context +\&\fBEVP_RAND_CTX_get0_rand()\fR returns the \fBEVP_RAND\fR associated with the context \&\fIctx\fR. .SS "Random Number Generator Functions" .IX Subsection "Random Number Generator Functions" \&\fBEVP_RAND_instantiate()\fR processes any parameters in \fIparams\fR and -then instantiates the \s-1RAND\s0 \fIctx\fR with a minimum security strength +then instantiates the RAND \fIctx\fR with a minimum security strength of and personalisation string \fIpstr\fR of length . If \fIprediction_resistance\fR is specified, fresh entropy from a live source -will be sought. This call operates as per \s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90C.\s0 +will be sought. This call operates as per NIST SP 800\-90A and SP 800\-90C. .PP -\&\fBEVP_RAND_uninstantiate()\fR uninstantiates the \s-1RAND\s0 \fIctx\fR as per -\&\s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90C.\s0 Subsequent to this call, the \s-1RAND\s0 cannot +\&\fBEVP_RAND_uninstantiate()\fR uninstantiates the RAND \fIctx\fR as per +NIST SP 800\-90A and SP 800\-90C. Subsequent to this call, the RAND cannot be used to generate bytes. It can only be freed or instantiated again. .PP -\&\fBEVP_RAND_generate()\fR produces random bytes from the \s-1RAND\s0 \fIctx\fR with the +\&\fBEVP_RAND_generate()\fR produces random bytes from the RAND \fIctx\fR with the additional input \fIaddin\fR of length \fIaddin_len\fR. The bytes produced will meet the security \fIstrength\fR. If \fIprediction_resistance\fR is specified, fresh entropy from a live source -will be sought. This call operates as per \s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90C.\s0 +will be sought. This call operates as per NIST SP 800\-90A and SP 800\-90C. .PP -\&\fBEVP_RAND_reseed()\fR reseeds the \s-1RAND\s0 with new entropy. +\&\fBEVP_RAND_reseed()\fR reseeds the RAND with new entropy. Entropy \fIent\fR of length \fIent_len\fR bytes can be supplied as can additional -input \fIaddin\fR of length \fIaddin_len\fR bytes. In the \s-1FIPS\s0 provider, both are -treated as additional input as per \s-1NIST\s0 SP\-800\-90Ar1, Sections 9.1 and 9.2. -Additional seed material is also drawn from the \s-1RAND\s0's parent or the +input \fIaddin\fR of length \fIaddin_len\fR bytes. In the FIPS provider, both are +treated as additional input as per NIST SP\-800\-90Ar1, Sections 9.1 and 9.2. +Additional seed material is also drawn from the RAND\*(Aqs parent or the operating system. If \fIprediction_resistance\fR is specified, fresh entropy -from a live source will be sought. This call operates as per \s-1NIST SP 800\-90A\s0 -and \s-1SP 800\-90C.\s0 +from a live source will be sought. This call operates as per NIST SP 800\-90A +and SP 800\-90C. .PP -\&\fBEVP_RAND_nonce()\fR creates a nonce in \fIout\fR of maximum length \fIoutlen\fR -bytes from the \s-1RAND\s0 \fIctx\fR. The function returns the length of the generated -nonce. If \fIout\fR is \s-1NULL,\s0 the length is still returned but no generation -takes place. This allows a caller to dynamically allocate a buffer of the -appropriate size. +\&\fBEVP_RAND_nonce()\fR creates a nonce in \fIout\fR of length \fIoutlen\fR +bytes from the RAND \fIctx\fR. .PP -\&\fBEVP_RAND_enable_locking()\fR enables locking for the \s-1RAND\s0 \fIctx\fR and all of +\&\fBEVP_RAND_enable_locking()\fR enables locking for the RAND \fIctx\fR and all of its parents. After this \fIctx\fR will operate in a thread safe manner, albeit more slowly. This function is not itself thread safe if called with the same \&\fIctx\fR from multiple threads. Typically locking should be enabled before a @@ -316,47 +238,47 @@ parameters are passed down. Note that a parameter that is unknown in the underlying context is simply ignored. -Also, what happens when a needed parameter isn't passed down is +Also, what happens when a needed parameter isn\*(Aqt passed down is defined by the implementation. .PP -\&\fBEVP_RAND_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes +\&\fBEVP_RAND_gettable_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array that describes the retrievable and settable parameters. \fBEVP_RAND_gettable_params()\fR returns parameters that can be used with \fBEVP_RAND_get_params()\fR. .PP \&\fBEVP_RAND_gettable_ctx_params()\fR and \fBEVP_RAND_CTX_gettable_params()\fR return -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the retrievable parameters that +constant \fBOSSL_PARAM\fR\|(3) arrays that describe the retrievable parameters that can be used with \fBEVP_RAND_CTX_get_params()\fR. \fBEVP_RAND_gettable_ctx_params()\fR returns the parameters that can be retrieved from the algorithm, whereas \&\fBEVP_RAND_CTX_gettable_params()\fR returns the parameters that can be retrieved -in the context's current state. +in the context\*(Aqs current state. .PP \&\fBEVP_RAND_settable_ctx_params()\fR and \fBEVP_RAND_CTX_settable_params()\fR return -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the settable parameters that +constant \fBOSSL_PARAM\fR\|(3) arrays that describe the settable parameters that can be used with \fBEVP_RAND_CTX_set_params()\fR. \fBEVP_RAND_settable_ctx_params()\fR returns the parameters that can be retrieved from the algorithm, whereas \&\fBEVP_RAND_CTX_settable_params()\fR returns the parameters that can be retrieved -in the context's current state. +in the context\*(Aqs current state. .SS "Information functions" .IX Subsection "Information functions" -\&\fBEVP_RAND_get_strength()\fR returns the security strength of the \s-1RAND\s0 \fIctx\fR. +\&\fBEVP_RAND_get_strength()\fR returns the security strength of the RAND \fIctx\fR. .PP -\&\fBEVP_RAND_get_state()\fR returns the current state of the \s-1RAND\s0 \fIctx\fR. +\&\fBEVP_RAND_get_state()\fR returns the current state of the RAND \fIctx\fR. States defined by the OpenSSL RNGs are: -.IP "\(bu" 4 -\&\s-1EVP_RAND_STATE_UNINITIALISED:\s0 this \s-1RNG\s0 is currently uninitialised. +.IP \(bu 4 +EVP_RAND_STATE_UNINITIALISED: this RNG is currently uninitialised. The instantiate call will change this to the ready state. -.IP "\(bu" 4 -\&\s-1EVP_RAND_STATE_READY:\s0 this \s-1RNG\s0 is currently ready to generate output. -.IP "\(bu" 4 -\&\s-1EVP_RAND_STATE_ERROR:\s0 this \s-1RNG\s0 is in an error state. +.IP \(bu 4 +EVP_RAND_STATE_READY: this RNG is currently ready to generate output. +.IP \(bu 4 +EVP_RAND_STATE_ERROR: this RNG is in an error state. .PP \&\fBEVP_RAND_is_a()\fR returns 1 if \fIrand\fR is an implementation of an -algorithm that's identifiable with \fIname\fR, otherwise 0. +algorithm that\*(Aqs identifiable with \fIname\fR, otherwise 0. .PP \&\fBEVP_RAND_get0_provider()\fR returns the provider that holds the implementation of the given \fIrand\fR. .PP -\&\fBEVP_RAND_do_all_provided()\fR traverses all \s-1RAND\s0 implemented by all activated +\&\fBEVP_RAND_do_all_provided()\fR traverses all RAND implemented by all activated providers in the given library context \fIlibctx\fR, and for each of the implementations, calls the given function \fIfn\fR with the implementation method and the given \fIarg\fR as argument. @@ -370,122 +292,106 @@ display and human consumption. The description is at the discretion of the rand implementation. .PP -\&\fBEVP_RAND_verify_zeroization()\fR confirms if the internal \s-1DRBG\s0 state is -currently zeroed. This is used by the \s-1FIPS\s0 provider to support the mandatory +\&\fBEVP_RAND_verify_zeroization()\fR confirms if the internal DRBG state is +currently zeroed. This is used by the FIPS provider to support the mandatory self tests. -.SH "PARAMETERS" +.SH PARAMETERS .IX Header "PARAMETERS" The standard parameter names are: -.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.IX Item "state (OSSL_RAND_PARAM_STATE) " +.IP """state"" (\fBOSSL_RAND_PARAM_STATE\fR) " 4 +.IX Item """state"" (OSSL_RAND_PARAM_STATE) " Returns the state of the random number generator. -.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) " +.IP """strength"" (\fBOSSL_RAND_PARAM_STRENGTH\fR) " 4 +.IX Item """strength"" (OSSL_RAND_PARAM_STRENGTH) " Returns the bit strength of the random number generator. .PP For rands that are also deterministic random bit generators (DRBGs), these additional parameters are recognised. Not all -parameters are relevant to, or are understood by all \s-1DRBG\s0 rands: -.ie n .IP """reseed_requests"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``reseed_requests'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "reseed_requests (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +parameters are relevant to, or are understood by all DRBG rands: +.IP """reseed_requests"" (\fBOSSL_DRBG_PARAM_RESEED_REQUESTS\fR) " 4 +.IX Item """reseed_requests"" (OSSL_DRBG_PARAM_RESEED_REQUESTS) " Reads or set the number of generate requests before reseeding the -associated \s-1RAND\s0 ctx. -.ie n .IP """reseed_time_interval"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.el .IP "``reseed_time_interval'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.IX Item "reseed_time_interval (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " +associated RAND ctx. +.IP """reseed_time_interval"" (\fBOSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\fR) " 4 +.IX Item """reseed_time_interval"" (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " Reads or set the number of elapsed seconds before reseeding the -associated \s-1RAND\s0 ctx. -.ie n .IP """max_request"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``max_request'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "max_request (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +associated RAND ctx. +.IP """max_request"" (\fBOSSL_RAND_PARAM_MAX_REQUEST\fR) " 4 +.IX Item """max_request"" (OSSL_RAND_PARAM_MAX_REQUEST) " Specifies the maximum number of bytes that can be generated in a single call to OSSL_FUNC_rand_generate. -.ie n .IP """min_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.el .IP "``min_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.IX Item "min_entropylen (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " +.IP """min_entropylen"" (\fBOSSL_DRBG_PARAM_MIN_ENTROPYLEN\fR) " 4 +.IX Item """min_entropylen"" (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " .PD 0 -.ie n .IP """max_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.el .IP "``max_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.IX Item "max_entropylen (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " +.IP """max_entropylen"" (\fBOSSL_DRBG_PARAM_MAX_ENTROPYLEN\fR) " 4 +.IX Item """max_entropylen"" (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " .PD Specify the minimum and maximum number of bytes of random material that -can be used to seed the \s-1DRBG.\s0 -.ie n .IP """min_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.el .IP "``min_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.IX Item "min_noncelen (OSSL_DRBG_PARAM_MIN_NONCELEN) " +can be used to seed the DRBG. +.IP """min_noncelen"" (\fBOSSL_DRBG_PARAM_MIN_NONCELEN\fR) " 4 +.IX Item """min_noncelen"" (OSSL_DRBG_PARAM_MIN_NONCELEN) " .PD 0 -.ie n .IP """max_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.el .IP "``max_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.IX Item "max_noncelen (OSSL_DRBG_PARAM_MAX_NONCELEN) " +.IP """max_noncelen"" (\fBOSSL_DRBG_PARAM_MAX_NONCELEN\fR) " 4 +.IX Item """max_noncelen"" (OSSL_DRBG_PARAM_MAX_NONCELEN) " .PD Specify the minimum and maximum number of bytes of nonce that can be used to -seed the \s-1DRBG.\s0 -.ie n .IP """max_perslen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.el .IP "``max_perslen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.IX Item "max_perslen (OSSL_DRBG_PARAM_MAX_PERSLEN) " +seed the DRBG. +.IP """max_perslen"" (\fBOSSL_DRBG_PARAM_MAX_PERSLEN\fR) " 4 +.IX Item """max_perslen"" (OSSL_DRBG_PARAM_MAX_PERSLEN) " .PD 0 -.ie n .IP """max_adinlen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.el .IP "``max_adinlen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.IX Item "max_adinlen (OSSL_DRBG_PARAM_MAX_ADINLEN) " +.IP """max_adinlen"" (\fBOSSL_DRBG_PARAM_MAX_ADINLEN\fR) " 4 +.IX Item """max_adinlen"" (OSSL_DRBG_PARAM_MAX_ADINLEN) " .PD Specify the minimum and maximum number of bytes of personalisation string -that can be used with the \s-1DRBG.\s0 -.ie n .IP """reseed_counter"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.el .IP "``reseed_counter'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.IX Item "reseed_counter (OSSL_DRBG_PARAM_RESEED_COUNTER) " -Specifies the number of times the \s-1DRBG\s0 has been seeded or reseeded. -.ie n .IP """properties"" (\fB\s-1OSSL_RAND_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_RAND_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_RAND_PARAM_PROPERTIES) " +that can be used with the DRBG. +.IP """reseed_counter"" (\fBOSSL_DRBG_PARAM_RESEED_COUNTER\fR) " 4 +.IX Item """reseed_counter"" (OSSL_DRBG_PARAM_RESEED_COUNTER) " +Specifies the number of times the DRBG has been seeded or reseeded. +.IP """properties"" (\fBOSSL_RAND_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_RAND_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """mac"" (\fB\s-1OSSL_RAND_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mac'' (\fB\s-1OSSL_RAND_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mac (OSSL_RAND_PARAM_MAC) " -.ie n .IP """digest"" (\fB\s-1OSSL_RAND_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_RAND_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_RAND_PARAM_DIGEST) " -.ie n .IP """cipher"" (\fB\s-1OSSL_RAND_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_RAND_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_RAND_PARAM_CIPHER) " +.IP """mac"" (\fBOSSL_RAND_PARAM_MAC\fR) " 4 +.IX Item """mac"" (OSSL_RAND_PARAM_MAC) " +.IP """digest"" (\fBOSSL_RAND_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_RAND_PARAM_DIGEST) " +.IP """cipher"" (\fBOSSL_RAND_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_RAND_PARAM_CIPHER) " .PD -For \s-1RAND\s0 implementations that use an underlying computation \s-1MAC,\s0 digest or +For RAND implementations that use an underlying computation MAC, digest or cipher, these parameters set what the algorithm should be. .Sp The value is always the name of the intended algorithm, -or the properties in the case of \fB\s-1OSSL_RAND_PARAM_PROPERTIES\s0\fR. -.SH "NOTES" +or the properties in the case of \fBOSSL_RAND_PARAM_PROPERTIES\fR. +.SH NOTES .IX Header "NOTES" The use of a nonzero value for the \fIprediction_resistance\fR argument to \&\fBEVP_RAND_instantiate()\fR, \fBEVP_RAND_generate()\fR or \fBEVP_RAND_reseed()\fR should be used sparingly. In the default setup, this will cause all public and private DRBGs to be reseeded on next use. Since, by default, public and private DRBGs are allocated on a per thread basis, this can result in -significant overhead for highly multi-threaded applications. For normal -use-cases, the default \*(L"reseed_requests\*(R" and \*(L"reseed_time_interval\*(R" +significant overhead for highly multi\-threaded applications. For normal +use\-cases, the default "reseed_requests" and "reseed_time_interval" thresholds ensure sufficient prediction resistance over time and you can reduce those values if you think they are too high. Explicitly -requesting prediction resistance is intended for more special use-cases -like generating long-term secrets. +requesting prediction resistance is intended for more special use\-cases +like generating long\-term secrets. .PP -An \fB\s-1EVP_RAND_CTX\s0\fR needs to have locking enabled if it acts as the parent of +An \fBEVP_RAND_CTX\fR needs to have locking enabled if it acts as the parent of more than one child and the children can be accessed concurrently. This must be done by explicitly calling \fBEVP_RAND_enable_locking()\fR. .PP -The \s-1RAND\s0 life-cycle is described in \fBlife_cycle\-rand\fR\|(7). In the future, +The RAND life\-cycle is described in \fBlife_cycle\-rand\fR\|(7). In the future, the transitions described there will be enforced. When this is done, it will -not be considered a breaking change to the \s-1API.\s0 +not be considered a breaking change to the API. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_RAND_fetch()\fR returns a pointer to a newly fetched \fB\s-1EVP_RAND\s0\fR, or -\&\s-1NULL\s0 if allocation failed. +\&\fBEVP_RAND_fetch()\fR returns a pointer to a newly fetched \fBEVP_RAND\fR, or +NULL if allocation failed. .PP -\&\fBEVP_RAND_get0_provider()\fR returns a pointer to the provider for the \s-1RAND,\s0 or -\&\s-1NULL\s0 on error. +\&\fBEVP_RAND_get0_provider()\fR returns a pointer to the provider for the RAND, or +NULL on error. .PP -\&\fBEVP_RAND_CTX_get0_rand()\fR returns a pointer to the \fB\s-1EVP_RAND\s0\fR associated +\&\fBEVP_RAND_CTX_get0_rand()\fR returns a pointer to the \fBEVP_RAND\fR associated with the context. .PP \&\fBEVP_RAND_get0_name()\fR returns the name of the random number generation @@ -497,11 +403,11 @@ return value of 0 means that the callback was not called for any names. .PP \&\fBEVP_RAND_CTX_new()\fR returns either the newly allocated -\&\fB\s-1EVP_RAND_CTX\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBEVP_RAND_CTX\fR structure or NULL if an error occurred. .PP \&\fBEVP_RAND_CTX_free()\fR does not return a value. .PP -\&\fBEVP_RAND_nonce()\fR returns the length of the nonce. +\&\fBEVP_RAND_nonce()\fR returns 1 on success, 0 on error. .PP \&\fBEVP_RAND_get_strength()\fR returns the strength of the random number generator in bits. @@ -509,7 +415,7 @@ \&\fBEVP_RAND_gettable_params()\fR, \fBEVP_RAND_gettable_ctx_params()\fR and \&\fBEVP_RAND_settable_ctx_params()\fR return an array of OSSL_PARAMs. .PP -\&\fBEVP_RAND_verify_zeroization()\fR returns 1 if the internal \s-1DRBG\s0 state is +\&\fBEVP_RAND_verify_zeroization()\fR returns 1 if the internal DRBG state is currently zeroed, and 0 if not. .PP The remaining functions return 1 for success and 0 or a negative value for @@ -517,20 +423,20 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_bytes\fR\|(3), -\&\s-1\fBEVP_RAND\-CTR\-DRBG\s0\fR\|(7), -\&\s-1\fBEVP_RAND\-HASH\-DRBG\s0\fR\|(7), -\&\s-1\fBEVP_RAND\-HMAC\-DRBG\s0\fR\|(7), -\&\s-1\fBEVP_RAND\-TEST\-RAND\s0\fR\|(7), +\&\fBEVP_RAND\-CTR\-DRBG\fR\|(7), +\&\fBEVP_RAND\-HASH\-DRBG\fR\|(7), +\&\fBEVP_RAND\-HMAC\-DRBG\fR\|(7), +\&\fBEVP_RAND\-TEST\-RAND\fR\|(7), \&\fBprovider\-rand\fR\|(7), \&\fBlife_cycle\-rand\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This functionality was added to OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_SIGNATURE.3.orig +++ secure/lib/libcrypto/man/man3/EVP_SIGNATURE.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SIGNATURE 3ossl" -.TH EVP_SIGNATURE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SIGNATURE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_SIGNATURE, EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, EVP_SIGNATURE_is_a, EVP_SIGNATURE_get0_provider, @@ -146,7 +71,7 @@ EVP_SIGNATURE_get0_name, EVP_SIGNATURE_get0_description, EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params \&\- Functions to manage EVP_SIGNATURE algorithm objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -172,32 +97,32 @@ \& const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig); \& const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_SIGNATURE_fetch()\fR fetches the implementation for the given \&\fBalgorithm\fR from any provider offering it, within the criteria given by the \fBproperties\fR. The algorithm will be one offering functions for performing signature related tasks such as signing and verifying. -See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. .PP The returned value must eventually be freed with \fBEVP_SIGNATURE_free()\fR. .PP -\&\fBEVP_SIGNATURE_free()\fR decrements the reference count for the \fB\s-1EVP_SIGNATURE\s0\fR +\&\fBEVP_SIGNATURE_free()\fR decrements the reference count for the \fBEVP_SIGNATURE\fR structure. Typically this structure will have been obtained from an earlier call to \fBEVP_SIGNATURE_fetch()\fR. If the reference count drops to 0 then the -structure is freed. +structure is freed. If the argument is NULL, nothing is done. .PP -\&\fBEVP_SIGNATURE_up_ref()\fR increments the reference count for an \fB\s-1EVP_SIGNATURE\s0\fR +\&\fBEVP_SIGNATURE_up_ref()\fR increments the reference count for an \fBEVP_SIGNATURE\fR structure. .PP \&\fBEVP_SIGNATURE_is_a()\fR returns 1 if \fIsignature\fR is an implementation of an -algorithm that's identifiable with \fIname\fR, otherwise 0. +algorithm that\*(Aqs identifiable with \fIname\fR, otherwise 0. .PP \&\fBEVP_SIGNATURE_get0_provider()\fR returns the provider that \fIsignature\fR was fetched from. .PP -\&\fBEVP_SIGNATURE_do_all_provided()\fR traverses all \s-1SIGNATURE\s0 implemented by all +\&\fBEVP_SIGNATURE_do_all_provided()\fR traverses all SIGNATURE implemented by all activated providers in the given library context \fIlibctx\fR, and for each of the implementations, calls the given function \fIfn\fR with the implementation method and the given \fIarg\fR as argument. @@ -216,13 +141,13 @@ discretion of the \fIsignature\fR implementation. .PP \&\fBEVP_SIGNATURE_gettable_ctx_params()\fR and \fBEVP_SIGNATURE_settable_ctx_params()\fR -return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +return a constant \fBOSSL_PARAM\fR\|(3) array that describes the names and types of key parameters that can be retrieved or set by a signature algorithm using \&\fBEVP_PKEY_CTX_get_params\fR\|(3) and \fBEVP_PKEY_CTX_set_params\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_SIGNATURE_fetch()\fR returns a pointer to an \fB\s-1EVP_SIGNATURE\s0\fR for success -or \fB\s-1NULL\s0\fR for failure. +\&\fBEVP_SIGNATURE_fetch()\fR returns a pointer to an \fBEVP_SIGNATURE\fR for success +or \fBNULL\fR for failure. .PP \&\fBEVP_SIGNATURE_up_ref()\fR returns 1 for success or 0 otherwise. .PP @@ -230,18 +155,18 @@ A return value of 0 means that the callback was not called for any names. .PP \&\fBEVP_SIGNATURE_gettable_ctx_params()\fR and \fBEVP_SIGNATURE_settable_ctx_params()\fR -return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or \s-1NULL\s0 on error. +return a constant \fBOSSL_PARAM\fR\|(3) array or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), \s-1\fBOSSL_PROVIDER\s0\fR\|(3) -.SH "HISTORY" +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7), \fBOSSL_PROVIDER\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_SealInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_SealInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SEALINIT 3ossl" -.TH EVP_SEALINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SEALINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,15 +77,15 @@ \& int *outl, unsigned char *in, int inl); \& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 envelope routines are a high-level interface to envelope -encryption. They generate a random key and \s-1IV\s0 (if required) then -\&\*(L"envelope\*(R" it by using public key encryption. Data can then be +The EVP envelope routines are a high\-level interface to envelope +encryption. They generate a random key and IV (if required) then +"envelope" it by using public key encryption. Data can then be encrypted using this key. .PP \&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption -with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally +with cipher \fBtype\fR using a random secret key and IV. \fBtype\fR is normally supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. \fBek\fR is an array of @@ -170,12 +95,12 @@ size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is an array of \fBnpubk\fR public keys. .PP -The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must -contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for +The \fBiv\fR parameter is a buffer where the generated IV is written to. It must +contain enough room for the corresponding cipher\*(Aqs IV, as determined by (for example) EVP_CIPHER_get_iv_length(type). .PP -If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored -and can be \fB\s-1NULL\s0\fR. +If the cipher does not require an IV then the \fBiv\fR parameter is ignored +and can be \fBNULL\fR. .PP \&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as @@ -187,14 +112,14 @@ .PP \&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for failure. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Because a random secret key is generated the random number generator must be seeded when \fBEVP_SealInit()\fR is called. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .PP -The public key must be \s-1RSA\s0 because it is the only OpenSSL public key +The public key must be RSA because it is the only OpenSSL public key algorithm that supports key transport. .PP Envelope encryption is the usual method of using public key encryption @@ -206,18 +131,18 @@ It is possible to call \fBEVP_SealInit()\fR twice in the same way as \&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 and (after setting any cipher parameters) it should be called again -with \fBtype\fR set to \s-1NULL.\s0 +with \fBtype\fR set to NULL. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_OpenInit\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBRAND\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_SignInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_SignInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SIGNINIT 3ossl" -.TH EVP_SIGNINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SIGNINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal_ex, EVP_SignFinal \&\- EVP signing functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,13 +81,13 @@ \& \& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high-level interface to digital +The EVP signature routines are a high\-level interface to digital signatures. .PP \&\fBEVP_SignInit_ex()\fR sets up signing context \fIctx\fR to use digest -\&\fItype\fR from \fB\s-1ENGINE\s0\fR \fIimpl\fR. \fIctx\fR must be created with +\&\fItype\fR from \fBENGINE\fR \fIimpl\fR. \fIctx\fR must be created with \&\fBEVP_MD_CTX_new()\fR before calling this function. .PP \&\fBEVP_SignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the @@ -172,14 +97,14 @@ \&\fBEVP_SignFinal_ex()\fR signs the data in \fIctx\fR using the private key \&\fIpkey\fR and places the signature in \fIsig\fR. The library context \fIlibctx\fR and property query \fIpropq\fR are used when creating a context to use with the key -\&\fIpkey\fR. \fIsig\fR must be at least \f(CW\*(C`EVP_PKEY_get_size(pkey)\*(C'\fR bytes in size. -\&\fIs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. +\&\fIpkey\fR. \fIsig\fR must be at least \f(CWEVP_PKEY_get_size(pkey)\fR bytes in size. +\&\fIs\fR is an OUT parameter, and not used as an IN parameter. The number of bytes of data written (i.e. the length of the signature) -will be written to the integer at \fIs\fR, at most \f(CW\*(C`EVP_PKEY_get_size(pkey)\*(C'\fR +will be written to the integer at \fIs\fR, at most \f(CWEVP_PKEY_get_size(pkey)\fR bytes will be written. .PP \&\fBEVP_SignFinal()\fR is similar to \fBEVP_SignFinal_ex()\fR but uses default -values of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. +values of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. .PP \&\fBEVP_SignInit()\fR initializes a signing context \fIctx\fR to use the default implementation of digest \fItype\fR. @@ -189,15 +114,15 @@ \&\fBEVP_SignFinal()\fR return 1 for success and 0 for failure. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low-level interfaces. This is because the code then becomes +The \fBEVP\fR interface to digital signatures should almost always be used in +preference to the low\-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP When signing with some private key types the random number generator must -be seeded. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails -due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails +due to external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .PP The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called @@ -206,7 +131,7 @@ Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to \&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR. @@ -225,17 +150,17 @@ \&\fBEVP_PKEY_get_security_bits\fR\|(3), \&\fBEVP_VerifyInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), -\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), -\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBopenssl\-dgst\fR\|(1) -.SH "HISTORY" +\&\fBevp\fR\|(7), \fBHMAC\fR\|(3), \fBMD2\fR\|(3), +\&\fBMD5\fR\|(3), \fBMDC2\fR\|(3), \fBRIPEMD160\fR\|(3), +\&\fBSHA1\fR\|(3), \fBopenssl\-dgst\fR\|(1) +.SH HISTORY .IX Header "HISTORY" The function \fBEVP_SignFinal_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_VerifyInit.3.orig +++ secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_VERIFYINIT 3ossl" -.TH EVP_VERIFYINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_VERIFYINIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal_ex, EVP_VerifyFinal \&\- EVP signature verification functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,13 +82,13 @@ \& \& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature verification routines are a high-level interface to digital +The EVP signature verification routines are a high\-level interface to digital signatures. .PP \&\fBEVP_VerifyInit_ex()\fR sets up verification context \fIctx\fR to use digest -\&\fItype\fR from \s-1ENGINE\s0 \fIimpl\fR. \fIctx\fR must be created by calling +\&\fItype\fR from ENGINE \fIimpl\fR. \fIctx\fR must be created by calling \&\fBEVP_MD_CTX_new()\fR before calling this function. .PP \&\fBEVP_VerifyUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the @@ -176,7 +101,7 @@ a context to use with the key \fIpkey\fR. .PP \&\fBEVP_VerifyFinal()\fR is similar to \fBEVP_VerifyFinal_ex()\fR but uses default -values of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. +values of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. .PP \&\fBEVP_VerifyInit()\fR initializes verification context \fIctx\fR to use the default implementation of digest \fItype\fR. @@ -189,10 +114,10 @@ signature, 0 for failure and a negative value if some other error occurred. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low-level interfaces. This is because the code then becomes +The \fBEVP\fR interface to digital signatures should almost always be used in +preference to the low\-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. @@ -202,7 +127,7 @@ Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to \&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR. @@ -220,17 +145,17 @@ \&\fBevp\fR\|(7), \&\fBEVP_SignInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), -\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), -\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBopenssl\-dgst\fR\|(1) -.SH "HISTORY" +\&\fBevp\fR\|(7), \fBHMAC\fR\|(3), \fBMD2\fR\|(3), +\&\fBMD5\fR\|(3), \fBMDC2\fR\|(3), \fBRIPEMD160\fR\|(3), +\&\fBSHA1\fR\|(3), \fBopenssl\-dgst\fR\|(1) +.SH HISTORY .IX Header "HISTORY" The function \fBEVP_VerifyFinal_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_aes_128_gcm.3.orig +++ secure/lib/libcrypto/man/man3/EVP_aes_128_gcm.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_AES_128_GCM 3ossl" -.TH EVP_AES_128_GCM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_AES_128_GCM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, @@ -185,7 +110,7 @@ EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -195,80 +120,80 @@ .PP \&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher functions, such as \fIEVP_aes_128_cbc\fR. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0 +The AES encryption algorithm for EVP. .IP "\fBEVP_aes_128_cbc()\fR, \fBEVP_aes_192_cbc()\fR, \fBEVP_aes_256_cbc()\fR, \fBEVP_aes_128_cfb()\fR, \fBEVP_aes_192_cfb()\fR, \fBEVP_aes_256_cfb()\fR, \fBEVP_aes_128_cfb1()\fR, \fBEVP_aes_192_cfb1()\fR, \fBEVP_aes_256_cfb1()\fR, \fBEVP_aes_128_cfb8()\fR, \fBEVP_aes_192_cfb8()\fR, \fBEVP_aes_256_cfb8()\fR, \fBEVP_aes_128_cfb128()\fR, \fBEVP_aes_192_cfb128()\fR, \fBEVP_aes_256_cfb128()\fR, \fBEVP_aes_128_ctr()\fR, \fBEVP_aes_192_ctr()\fR, \fBEVP_aes_256_ctr()\fR, \fBEVP_aes_128_ecb()\fR, \fBEVP_aes_192_ecb()\fR, \fBEVP_aes_256_ecb()\fR, \fBEVP_aes_128_ofb()\fR, \fBEVP_aes_192_ofb()\fR, \fBEVP_aes_256_ofb()\fR" 4 .IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" -\&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit -shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0 +AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128\-bit +shift, CFB with 1\-bit shift, CFB with 8\-bit shift, CTR, ECB, and OFB. .IP "\fBEVP_aes_128_cbc_hmac_sha1()\fR, \fBEVP_aes_256_cbc_hmac_sha1()\fR" 4 .IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" -Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC,\s0 with keys of +Authenticated encryption with AES in CBC mode using SHA\-1 as HMAC, with keys of 128 and 256 bits length respectively. The authentication tag is 160 bits long. .Sp -\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of -some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface. .IP "\fBEVP_aes_128_cbc_hmac_sha256()\fR, \fBEVP_aes_256_cbc_hmac_sha256()\fR" 4 .IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" -Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2,\s0 256\-bits) as -\&\s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag +Authenticated encryption with AES in CBC mode using SHA256 (SHA\-2, 256\-bits) as +HMAC, with keys of 128 and 256 bits length respectively. The authentication tag is 256 bits long. .Sp -\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of -some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface. .IP "\fBEVP_aes_128_ccm()\fR, \fBEVP_aes_192_ccm()\fR, \fBEVP_aes_256_ccm()\fR, \fBEVP_aes_128_gcm()\fR, \fBEVP_aes_192_gcm()\fR, \fBEVP_aes_256_gcm()\fR, \fBEVP_aes_128_ocb()\fR, \fBEVP_aes_192_ocb()\fR, \fBEVP_aes_256_ocb()\fR" 4 .IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" -\&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode -(\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control -operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) +AES for 128, 192 and 256 bit keys in CBC\-MAC Mode (CCM), Galois Counter Mode +(GCM) and OCB Mode respectively. These ciphers require additional control +operations to function correctly, see the "AEAD INTERFACE" in \fBEVP_EncryptInit\fR\|(3) section for details. -.IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4 -.IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" -\&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC 3394\s0 section -2.2.1 (\*(L"wrap\*(R") and \s-1RFC 5649\s0 section 4.1 (\*(L"wrap with padding\*(R") respectively. +.IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4 +.IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_192_wrap_pad(), EVP_aes_256_wrap_pad()" +AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section +2.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively. .IP "\fBEVP_aes_128_xts()\fR, \fBEVP_aes_256_xts()\fR" 4 .IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" -\&\s-1AES XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST -SP 800\-38E.\s0 The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) +AES XTS mode (XTS\-AES) is standardized in IEEE Std. 1619\-2007 and described in NIST +SP 800\-38E. The XTS (XEX\-based tweaked\-codebook mode with ciphertext stealing) mode was designed by Prof. Phillip Rogaway of University of California, Davis, intended for encrypting data on a storage device. .Sp -XTS-AES provides confidentiality but not authentication of data. It also -requires a key of double-length for protection of a certain key size. -In particular, \s-1XTS\-AES\-128\s0 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to -achieve \s-1AES\s0 128\-bit security, and \s-1XTS\-AES\-256\s0 (\fBEVP_aes_256_xts\fR) takes input -of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. +XTS\-AES provides confidentiality but not authentication of data. It also +requires a key of double\-length for protection of a certain key size. +In particular, XTS\-AES\-128 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to +achieve AES 128\-bit security, and XTS\-AES\-256 (\fBEVP_aes_256_xts\fR) takes input +of a 512\-bit key to achieve AES 256\-bit security. .Sp -The \s-1XTS\s0 implementation in OpenSSL does not support streaming. That is there must +The XTS implementation in OpenSSL does not support streaming. That is there must only be one \fBEVP_EncryptUpdate\fR\|(3) call per \fBEVP_EncryptInit_ex\fR\|(3) call (and -similarly with the \*(L"Decrypt\*(R" functions). +similarly with the "Decrypt" functions). .Sp The \fIiv\fR parameter to \fBEVP_EncryptInit_ex\fR\|(3) or \fBEVP_DecryptInit_ex\fR\|(3) is -the \s-1XTS\s0 \*(L"tweak\*(R" value. -.SH "NOTES" +the XTS "tweak" value. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-AES\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_aria_128_gcm.3.orig +++ secure/lib/libcrypto/man/man3/EVP_aria_128_gcm.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_ARIA_128_GCM 3ossl" -.TH EVP_ARIA_128_GCM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_ARIA_128_GCM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, @@ -170,7 +95,7 @@ EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP ARIA cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -180,39 +105,39 @@ .PP \&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher functions, such as \fIEVP_aria_128_cbc\fR. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 +The ARIA encryption algorithm for EVP. .IP "\fBEVP_aria_128_cbc()\fR, \fBEVP_aria_192_cbc()\fR, \fBEVP_aria_256_cbc()\fR, \fBEVP_aria_128_cfb()\fR, \fBEVP_aria_192_cfb()\fR, \fBEVP_aria_256_cfb()\fR, \fBEVP_aria_128_cfb1()\fR, \fBEVP_aria_192_cfb1()\fR, \fBEVP_aria_256_cfb1()\fR, \fBEVP_aria_128_cfb8()\fR, \fBEVP_aria_192_cfb8()\fR, \fBEVP_aria_256_cfb8()\fR, \fBEVP_aria_128_cfb128()\fR, \fBEVP_aria_192_cfb128()\fR, \fBEVP_aria_256_cfb128()\fR, \fBEVP_aria_128_ctr()\fR, \fBEVP_aria_192_ctr()\fR, \fBEVP_aria_256_ctr()\fR, \fBEVP_aria_128_ecb()\fR, \fBEVP_aria_192_ecb()\fR, \fBEVP_aria_256_ecb()\fR, \fBEVP_aria_128_ofb()\fR, \fBEVP_aria_192_ofb()\fR, \fBEVP_aria_256_ofb()\fR" 4 .IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" -\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with -128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 +ARIA for 128, 192 and 256 bit keys in the following modes: CBC, CFB with +128\-bit shift, CFB with 1\-bit shift, CFB with 8\-bit shift, CTR, ECB and OFB. .IP "\fBEVP_aria_128_ccm()\fR, \fBEVP_aria_192_ccm()\fR, \fBEVP_aria_256_ccm()\fR, \fBEVP_aria_128_gcm()\fR, \fBEVP_aria_192_gcm()\fR, \fBEVP_aria_256_gcm()\fR," 4 .IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," -\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter -Mode (\s-1GCM\s0). These ciphers require additional control operations to function -correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. -.SH "NOTES" +ARIA for 128, 192 and 256 bit keys in CBC\-MAC Mode (CCM) and Galois Counter +Mode (GCM). These ciphers require additional control operations to function +correctly, see the "AEAD INTERFACE" in \fBEVP_EncryptInit\fR\|(3) section for details. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-ARIA\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_bf_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_BF_CBC 3ossl" -.TH EVP_BF_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_BF_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,35 +81,35 @@ \& const EVP_CIPHER *EVP_bf_ecb(void); \& const EVP_CIPHER *EVP_bf_ofb(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The Blowfish encryption algorithm for \s-1EVP.\s0 +The Blowfish encryption algorithm for EVP. .PP This is a variable key length cipher. .IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4 .IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" -Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. -.SH "NOTES" +Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-BLOWFISH\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_blake2b512.3.orig +++ secure/lib/libcrypto/man/man3/EVP_blake2b512.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_BLAKE2B512 3ossl" -.TH EVP_BLAKE2B512 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_BLAKE2B512 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,44 +75,44 @@ \& const EVP_MD *EVP_blake2b512(void); \& const EVP_MD *EVP_blake2s256(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE,\s0 which was submitted to the \s-1NIST SHA\-3\s0 +BLAKE2 is an improved version of BLAKE, which was submitted to the NIST SHA\-3 algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in -\&\s-1RFC 7693.\s0 -.IP "\fBEVP_blake2s256()\fR" 4 +RFC 7693. +.IP \fBEVP_blake2s256()\fR 4 .IX Item "EVP_blake2s256()" The BLAKE2s algorithm that produces a 256\-bit output from a given input. -.IP "\fBEVP_blake2b512()\fR" 4 +.IP \fBEVP_blake2b512()\fR 4 .IX Item "EVP_blake2b512()" The BLAKE2b algorithm that produces a 512\-bit output from a given input. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-BLAKE2\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .PP While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, this implementation outputs a digest of a fixed length (the maximum length supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 7693.\s0 +RFC 7693. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_camellia_128_ecb.3.orig +++ secure/lib/libcrypto/man/man3/EVP_camellia_128_ecb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CAMELLIA_128_ECB 3ossl" -.TH EVP_CAMELLIA_128_ECB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CAMELLIA_128_ECB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, @@ -164,7 +89,7 @@ EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -174,34 +99,34 @@ .PP \&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher functions, such as \fIEVP_camellia_128_cbc\fR. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The Camellia encryption algorithm for \s-1EVP.\s0 +The Camellia encryption algorithm for EVP. .IP "\fBEVP_camellia_128_cbc()\fR, \fBEVP_camellia_192_cbc()\fR, \fBEVP_camellia_256_cbc()\fR, \fBEVP_camellia_128_cfb()\fR, \fBEVP_camellia_192_cfb()\fR, \fBEVP_camellia_256_cfb()\fR, \fBEVP_camellia_128_cfb1()\fR, \fBEVP_camellia_192_cfb1()\fR, \fBEVP_camellia_256_cfb1()\fR, \fBEVP_camellia_128_cfb8()\fR, \fBEVP_camellia_192_cfb8()\fR, \fBEVP_camellia_256_cfb8()\fR, \fBEVP_camellia_128_cfb128()\fR, \fBEVP_camellia_192_cfb128()\fR, \fBEVP_camellia_256_cfb128()\fR, \fBEVP_camellia_128_ctr()\fR, \fBEVP_camellia_192_ctr()\fR, \fBEVP_camellia_256_ctr()\fR, \fBEVP_camellia_128_ecb()\fR, \fBEVP_camellia_192_ecb()\fR, \fBEVP_camellia_256_ecb()\fR, \fBEVP_camellia_128_ofb()\fR, \fBEVP_camellia_192_ofb()\fR, \fBEVP_camellia_256_ofb()\fR" 4 .IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" -Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with -128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 -.SH "NOTES" +Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with +128\-bit shift, CFB with 1\-bit shift, CFB with 8\-bit shift, CTR, ECB and OFB. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-CAMELLIA\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CAST5_CBC 3ossl" -.TH EVP_CAST5_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CAST5_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,35 +81,35 @@ \& const EVP_CIPHER *EVP_cast5_ecb(void); \& const EVP_CIPHER *EVP_cast5_ofb(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0 +The CAST encryption algorithm for EVP. .PP This is a variable key length cipher. .IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4 .IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" -\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. -.SH "NOTES" +CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-CAST\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_chacha20.3.orig +++ secure/lib/libcrypto/man/man3/EVP_chacha20.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CHACHA20 3ossl" -.TH EVP_CHACHA20 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CHACHA20 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,13 +75,13 @@ \& const EVP_CIPHER *EVP_chacha20(void); \& const EVP_CIPHER *EVP_chacha20_poly1305(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The ChaCha20 stream cipher for \s-1EVP.\s0 -.IP "\fBEVP_chacha20()\fR" 4 +The ChaCha20 stream cipher for EVP. +.IP \fBEVP_chacha20()\fR 4 .IX Item "EVP_chacha20()" -The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. -The first 64 bits consists of a counter in little-endian order followed by a 64 +The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long. +The first 64 bits consists of a counter in little\-endian order followed by a 64 bit nonce. For example a nonce of: .Sp 0000000000000002 @@ -164,36 +89,36 @@ With an initial counter of 42 (2a in hex) would be expressed as: .Sp 2a000000000000000000000000000002 -.IP "\fBEVP_chacha20_poly1305()\fR" 4 +.IP \fBEVP_chacha20_poly1305()\fR 4 .IX Item "EVP_chacha20_poly1305()" Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the key -is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data -(\s-1AAD\s0) and produces a 128\-bit authentication tag. See the -\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information. -.SH "NOTES" +is 256 bits and the IV is 96 bits. This supports additional authenticated data +(AAD) and produces a 128\-bit authentication tag. See the +"AEAD INTERFACE" in \fBEVP_EncryptInit\fR\|(3) section for more information. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-CHACHA\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .PP -\&\s-1RFC 7539\s0 -uses a 32 bit counter and a 96 bit nonce for the \s-1IV.\s0 +RFC 7539 +uses a 32 bit counter and a 96 bit nonce for the IV. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_des_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_des_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_DES_CBC 3ossl" -.TH EVP_DES_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_DES_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, @@ -162,7 +87,7 @@ EVP_des_ede3_ofb, EVP_des_ede3_wrap \&\- EVP DES cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -172,48 +97,48 @@ .PP \&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher functions, such as \fIEVP_des_cbc\fR. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 +The DES encryption algorithm for EVP. .IP "\fBEVP_des_cbc()\fR, \fBEVP_des_ecb()\fR, \fBEVP_des_cfb()\fR, \fBEVP_des_cfb1()\fR, \fBEVP_des_cfb8()\fR, \fBEVP_des_cfb64()\fR, \fBEVP_des_ofb()\fR" 4 .IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" -\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit -shift and \s-1OFB\s0 modes. +DES in CBC, ECB, CFB with 64\-bit shift, CFB with 1\-bit shift, CFB with 8\-bit +shift and OFB modes. .Sp None of these algorithms are provided by the OpenSSL default provider. To use them it is necessary to load either the OpenSSL legacy provider or another implementation. .IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4 .IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" -Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. +Two key triple DES in ECB, CBC, CFB with 64\-bit shift and OFB modes. .IP "\fBEVP_des_ede3()\fR, \fBEVP_des_ede3_cbc()\fR, \fBEVP_des_ede3_cfb()\fR, \fBEVP_des_ede3_cfb1()\fR, \fBEVP_des_ede3_cfb8()\fR, \fBEVP_des_ede3_cfb64()\fR, \fBEVP_des_ede3_ecb()\fR, \fBEVP_des_ede3_ofb()\fR" 4 .IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" -Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, -\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. -.IP "\fBEVP_des_ede3_wrap()\fR" 4 +Three\-key triple DES in ECB, CBC, CFB with 64\-bit shift, CFB with 1\-bit shift, +CFB with 8\-bit shift and OFB modes. +.IP \fBEVP_des_ede3_wrap()\fR 4 .IX Item "EVP_des_ede3_wrap()" -Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. -.SH "NOTES" +Triple\-DES key wrap according to RFC 3217 Section 3. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-DES\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_desx_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,93 +53,34 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_DESX_CBC 3ossl" -.TH EVP_DESX_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_DESX_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_desx_cbc \&\- EVP DES\-X cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_desx_cbc(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The DES-X encryption algorithm for \s-1EVP.\s0 +The DES\-X encryption algorithm for EVP. .PP All modes below use a key length of 128 bits and acts on blocks of 128\-bits. -.IP "\fBEVP_desx_cbc()\fR" 4 +.IP \fBEVP_desx_cbc()\fR 4 .IX Item "EVP_desx_cbc()" -The DES-X algorithm in \s-1CBC\s0 mode. +The DES\-X algorithm in CBC mode. .Sp This algorithm is not provided by the OpenSSL default provider. To use it is necessary to load either the OpenSSL legacy provider or another @@ -163,23 +88,23 @@ .PP Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-DES\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_idea_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_IDEA_CBC 3ossl" -.TH EVP_IDEA_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_IDEA_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,33 +81,33 @@ \& const EVP_CIPHER *EVP_idea_ecb(void); \& const EVP_CIPHER *EVP_idea_ofb(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 +The IDEA encryption algorithm for EVP. .IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4 .IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" -The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. -.SH "NOTES" +The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-IDEA\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_md2.3.orig +++ secure/lib/libcrypto/man/man3/EVP_md2.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,116 +53,57 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD2 3ossl" -.TH EVP_MD2 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD2 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_md2 \&\- MD2 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_md2(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by +MD2 is a cryptographic hash function standardized in RFC 1319 and designed by Ronald Rivest. This implementation is only available with the legacy provider. -.IP "\fBEVP_md2()\fR" 4 +.IP \fBEVP_md2()\fR 4 .IX Item "EVP_md2()" -The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. -.SH "NOTES" +The MD2 algorithm which produces a 128\-bit output from a given input. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-MD2\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 1319.\s0 +IETF RFC 1319. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_md4.3.orig +++ secure/lib/libcrypto/man/man3/EVP_md4.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,117 +53,58 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD4 3ossl" -.TH EVP_MD4 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD4 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_md4 \&\- MD4 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_md4(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by +MD4 is a cryptographic hash function standardized in RFC 1320 and designed by Ronald Rivest, first published in 1990. This implementation is only available with the legacy provider. -.IP "\fBEVP_md4()\fR" 4 +.IP \fBEVP_md4()\fR 4 .IX Item "EVP_md4()" -The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. -.SH "NOTES" +The MD4 algorithm which produces a 128\-bit output from a given input. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-MD4\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 1320.\s0 +IETF RFC 1320. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_md5.3.orig +++ secure/lib/libcrypto/man/man3/EVP_md5.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD5 3ossl" -.TH EVP_MD5 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD5 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_md5, EVP_md5_sha1 \&\- MD5 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,45 +75,45 @@ \& const EVP_MD *EVP_md5(void); \& const EVP_MD *EVP_md5_sha1(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1MD5\s0 is a cryptographic hash function standardized in \s-1RFC 1321\s0 and designed by +MD5 is a cryptographic hash function standardized in RFC 1321 and designed by Ronald Rivest. .PP -The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further +The CMU Software Engineering Institute considers MD5 unsuitable for further use since its security has been severely compromised. -.IP "\fBEVP_md5()\fR" 4 +.IP \fBEVP_md5()\fR 4 .IX Item "EVP_md5()" -The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. -.IP "\fBEVP_md5_sha1()\fR" 4 +The MD5 algorithm which produces a 128\-bit output from a given input. +.IP \fBEVP_md5_sha1()\fR 4 .IX Item "EVP_md5_sha1()" -A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as described in \s-1RFC -6101.\s0 +A hash algorithm of SSL v3 that combines MD5 with SHA\-1 as described in RFC +6101. .Sp -\&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. -.SH "NOTES" +WARNING: this algorithm is not intended for non\-SSL usage. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-MD5\fR\|(7) or \fBEVP_MD\-MD5\-SHA1\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 1321.\s0 +IETF RFC 1321. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_mdc2.3.orig +++ secure/lib/libcrypto/man/man3/EVP_mdc2.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,118 +53,59 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MDC2 3ossl" -.TH EVP_MDC2 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MDC2 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_mdc2 \&\- MDC\-2 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_mdc2(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +MDC\-2 (Modification Detection Code 2 or Meyer\-Schilling) is a cryptographic hash function based on a block cipher. This implementation is only available with the legacy provider. -.IP "\fBEVP_mdc2()\fR" 4 +.IP \fBEVP_mdc2()\fR 4 .IX Item "EVP_mdc2()" -The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a +The MDC\-2DES algorithm of using MDC\-2 with the DES block cipher. It produces a 128\-bit output from a given input. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-MDC2\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +ISO/IEC 10118\-2:2000 Hash\-Function 2, with DES as the underlying block cipher. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RC2_CBC 3ossl" -.TH EVP_RC2_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RC2_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, @@ -147,7 +72,7 @@ EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,43 +85,43 @@ \& const EVP_CIPHER *EVP_rc2_40_cbc(void); \& const EVP_CIPHER *EVP_rc2_64_cbc(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0 +The RC2 encryption algorithm for EVP. .IP "\fBEVP_rc2_cbc()\fR, \fBEVP_rc2_cfb()\fR, \fBEVP_rc2_cfb64()\fR, \fBEVP_rc2_ecb()\fR, \fBEVP_rc2_ofb()\fR" 4 .IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" -\&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a -variable key length cipher with an additional parameter called \*(L"effective key -bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. +RC2 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a +variable key length cipher with an additional parameter called "effective key +bits" or "effective key length". By default both are set to 128 bits. .IP "\fBEVP_rc2_40_cbc()\fR, \fBEVP_rc2_64_cbc()\fR" 4 .IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" -\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of +RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits. .Sp -\&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the +WARNING: these functions are obsolete. Their usage should be replaced with the \&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR functions to set the key length and effective key length. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-RC2\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_rc4.3.orig +++ secure/lib/libcrypto/man/man3/EVP_rc4.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RC4 3ossl" -.TH EVP_RC4 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RC4 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,47 +77,47 @@ \& const EVP_CIPHER *EVP_rc4_40(void); \& const EVP_CIPHER *EVP_rc4_hmac_md5(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1RC4\s0 stream cipher for \s-1EVP.\s0 -.IP "\fBEVP_rc4()\fR" 4 +The RC4 stream cipher for EVP. +.IP \fBEVP_rc4()\fR 4 .IX Item "EVP_rc4()" -\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key +RC4 stream cipher. This is a variable key length cipher with a default key length of 128 bits. -.IP "\fBEVP_rc4_40()\fR" 4 +.IP \fBEVP_rc4_40()\fR 4 .IX Item "EVP_rc4_40()" -\&\s-1RC4\s0 stream cipher with 40 bit key length. +RC4 stream cipher with 40 bit key length. .Sp -\&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the +WARNING: this function is obsolete. Its usage should be replaced with the \&\fBEVP_rc4()\fR and the \fBEVP_CIPHER_CTX_set_key_length()\fR functions. -.IP "\fBEVP_rc4_hmac_md5()\fR" 4 +.IP \fBEVP_rc4_hmac_md5()\fR 4 .IX Item "EVP_rc4_hmac_md5()" -Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC.\s0 +Authenticated encryption with the RC4 stream cipher with MD5 as HMAC. .Sp -\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of -some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-RC4\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RC5_32_12_16_CBC 3ossl" -.TH EVP_RC5_32_12_16_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RC5_32_12_16_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,13 +81,13 @@ \& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); \& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0 +The RC5 encryption algorithm for EVP. .IP "\fBEVP_rc5_32_12_16_cbc()\fR, \fBEVP_rc5_32_12_16_cfb()\fR, \fBEVP_rc5_32_12_16_cfb64()\fR, \fBEVP_rc5_32_12_16_ecb()\fR, \fBEVP_rc5_32_12_16_ofb()\fR" 4 .IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" -\&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a -variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By +RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a +variable key length cipher with an additional "number of rounds" parameter. By default the key length is set to 128 bits and 12 rounds. Alternative key lengths can be set using \fBEVP_CIPHER_CTX_set_key_length\fR\|(3). The maximum key length is 2040 bits. @@ -170,38 +95,38 @@ The following rc5 specific \fIctrl\fRs are supported (see \&\fBEVP_CIPHER_CTX_ctrl\fR\|(3)). .RS 4 -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_SET_RC5_ROUNDS,\s0 rounds, \s-1NULL\s0)" 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" -Sets the number of rounds to \fBrounds\fR. This must be one of \s-1RC5_8_ROUNDS, -RC5_12_ROUNDS\s0 or \s-1RC5_16_ROUNDS.\s0 -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_GET_RC5_ROUNDS, 0,\s0 &rounds)" 4 +Sets the number of rounds to \fBrounds\fR. This must be one of RC5_8_ROUNDS, +RC5_12_ROUNDS or RC5_16_ROUNDS. +.IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" Stores the number of rounds currently configured in \fB*rounds\fR where \fB*rounds\fR is an int. .RE .RS 4 .RE -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-RC5\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_ripemd160.3.orig +++ secure/lib/libcrypto/man/man3/EVP_ripemd160.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,117 +53,58 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RIPEMD160 3ossl" -.TH EVP_RIPEMD160 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RIPEMD160 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_ripemd160 \&\- RIPEMD160 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_ripemd160(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging -to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). +RIPEMD\-160 is a cryptographic hash function first published in 1996 belonging +to the RIPEMD family (RACE Integrity Primitives Evaluation Message Digest). This implementation is only available with the legacy provider. -.IP "\fBEVP_ripemd160()\fR" 4 +.IP \fBEVP_ripemd160()\fR 4 .IX Item "EVP_ripemd160()" -The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. -.SH "NOTES" +The RIPEMD\-160 algorithm which produces a 160\-bit output from a given input. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-RIPEMD160\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +ISO/IEC 10118\-3:2016 Dedicated Hash\-Function 1 (RIPEMD\-160). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_seed_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SEED_CBC 3ossl" -.TH EVP_SEED_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SEED_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,35 +81,35 @@ \& const EVP_CIPHER *EVP_seed_ecb(void); \& const EVP_CIPHER *EVP_seed_ofb(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0 +The SEED encryption algorithm for EVP. .PP All modes below use a key length of 128 bits and acts on blocks of 128\-bits. .IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4 .IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" -The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. -.SH "NOTES" +The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-SEED\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return an \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_set_default_properties.3.orig +++ secure/lib/libcrypto/man/man3/EVP_set_default_properties.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SET_DEFAULT_PROPERTIES 3ossl" -.TH EVP_SET_DEFAULT_PROPERTIES 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SET_DEFAULT_PROPERTIES 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_set_default_properties, EVP_default_properties_enable_fips, EVP_default_properties_is_fips_enabled \&\- Set default properties for future algorithm fetches -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,28 +76,28 @@ \& int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable); \& int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *libctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBEVP_set_default_properties()\fR sets the default properties for all -future \s-1EVP\s0 algorithm fetches, implicit as well as explicit. See -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for information about implicit and explicit +future EVP algorithm fetches, implicit as well as explicit. See +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for information about implicit and explicit fetching. .PP EVP_set_default_properties stores the properties given with the string -\&\fIpropq\fR among the \s-1EVP\s0 data that's been stored in the library context -given with \fIlibctx\fR (\s-1NULL\s0 signifies the default library context). +\&\fIpropq\fR among the EVP data that\*(Aqs been stored in the library context +given with \fIlibctx\fR (NULL signifies the default library context). .PP Any previous default property for the specified library context will be dropped. .PP -\&\fBEVP_default_properties_enable_fips()\fR sets the 'fips=yes' to be a default property -if \fIenable\fR is non zero, otherwise it clears 'fips' from the default property +\&\fBEVP_default_properties_enable_fips()\fR sets the \*(Aqfips=yes\*(Aq to be a default property +if \fIenable\fR is non zero, otherwise it clears \*(Aqfips\*(Aq from the default property query for the given \fIlibctx\fR. It merges the fips default property query with any existing query strings that have been set via \fBEVP_set_default_properties()\fR. .PP -\&\fBEVP_default_properties_is_fips_enabled()\fR indicates if 'fips=yes' is a default +\&\fBEVP_default_properties_is_fips_enabled()\fR indicates if \*(Aqfips=yes\*(Aq is a default property for the given \fIlibctx\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBEVP_set_default_properties()\fR and \fBEVP_default_properties_enable_fips()\fR are not thread safe. They are intended to be called only during the initialisation @@ -183,19 +108,19 @@ on success, or 0 on failure. An error is placed on the error stack if a failure occurs. .PP -\&\fBEVP_default_properties_is_fips_enabled()\fR returns 1 if the 'fips=yes' default +\&\fBEVP_default_properties_is_fips_enabled()\fR returns 1 if the \*(Aqfips=yes\*(Aq default property is set for the given \fIlibctx\fR, otherwise it returns 0. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MD_fetch\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_sha1.3.orig +++ secure/lib/libcrypto/man/man3/EVP_sha1.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,116 +53,57 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SHA1 3ossl" -.TH EVP_SHA1 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SHA1 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_sha1 \&\- SHA\-1 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_sha1(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized -in \s-1NIST FIPS 180\-4.\s0 The algorithm was designed by the United States National +SHA\-1 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in NIST FIPS 180\-4. The algorithm was designed by the United States National Security Agency and initially published in 1995. -.IP "\fBEVP_sha1()\fR" 4 +.IP \fBEVP_sha1()\fR 4 .IX Item "EVP_sha1()" -The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. -.SH "NOTES" +The SHA\-1 algorithm which produces a 160\-bit output from a given input. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-SHA1\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1NIST FIPS 180\-4.\s0 +NIST FIPS 180\-4. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_sha224.3.orig +++ secure/lib/libcrypto/man/man3/EVP_sha224.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SHA224 3ossl" -.TH EVP_SHA224 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SHA224 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_sha224, EVP_sha256, EVP_sha512_224, @@ -146,7 +71,7 @@ EVP_sha384, EVP_sha512 \&\- SHA\-2 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,42 +83,42 @@ \& const EVP_MD *EVP_sha384(void); \& const EVP_MD *EVP_sha512(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions -standardized in \s-1NIST FIPS 180\-4,\s0 first published in 2001. +SHA\-2 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in NIST FIPS 180\-4, first published in 2001. .IP "\fBEVP_sha224()\fR, \fBEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fBEVP_sha384()\fR, \fBEVP_sha512()\fR" 4 .IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" -The \s-1SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384\s0 and \s-1SHA\-512\s0 +The SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384 and SHA\-512 algorithms, which generate 224, 256, 224, 256, 384 and 512 bits respectively of output from a given input. .Sp -The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the -\&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though +The two algorithms: SHA\-512/224 and SHA512/256 are truncated forms of the +SHA\-512 algorithm. They are distinct from SHA\-224 and SHA\-256 even though their outputs are of the same size. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-SHA2\fR\|(7)instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1NIST FIPS 180\-4.\s0 +NIST FIPS 180\-4. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_sha3_224.3.orig +++ secure/lib/libcrypto/man/man3/EVP_sha3_224.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SHA3_224 3ossl" -.TH EVP_SHA3_224 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SHA3_224 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, @@ -146,7 +71,7 @@ EVP_shake128, EVP_shake256 \&\- SHA\-3 For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,46 +84,46 @@ \& const EVP_MD *EVP_shake128(void); \& const EVP_MD *EVP_shake256(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions -standardized in \s-1NIST FIPS 202,\s0 first published in 2015. It is based on the +SHA\-3 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in NIST FIPS 202, first published in 2015. It is based on the Keccak algorithm. .IP "\fBEVP_sha3_224()\fR, \fBEVP_sha3_256()\fR, \fBEVP_sha3_384()\fR, \fBEVP_sha3_512()\fR" 4 .IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" -The \s-1SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384,\s0 and \s-1SHA\-3\-512\s0 algorithms +The SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384, and SHA\-3\-512 algorithms respectively. They produce 224, 256, 384 and 512 bits of output from a given input. .IP "\fBEVP_shake128()\fR, \fBEVP_shake256()\fR" 4 .IX Item "EVP_shake128(), EVP_shake256()" -The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate +The SHAKE\-128 and SHAKE\-256 Extendable Output Functions (XOF) that can generate a variable hash length. .Sp Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while \&\fBEVP_shake256\fR provides that of 256 bits. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-SHA3\fR\|(7) or \fBEVP_MD\-SHAKE\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1NIST FIPS 202.\s0 +NIST FIPS 202. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_sm3.3.orig +++ secure/lib/libcrypto/man/man3/EVP_sm3.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,116 +53,57 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SM3 3ossl" -.TH EVP_SM3 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SM3 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_sm3 \&\- SM3 for EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_sm3(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T -32905\-2016.\s0 -.IP "\fBEVP_sm3()\fR" 4 +SM3 is a cryptographic hash function with a 256\-bit output, defined in GB/T +32905\-2016. +.IP \fBEVP_sm3()\fR 4 .IX Item "EVP_sm3()" -The \s-1SM3\s0 hash function. -.SH "NOTES" +The SM3 hash function. +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-SM3\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1GB/T 32905\-2016\s0 and \s-1GM/T 0004\-2012.\s0 +GB/T 32905\-2016 and GM/T 0004\-2012. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3.orig +++ secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SM4_CBC 3ossl" -.TH EVP_SM4_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SM4_CBC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, @@ -146,7 +71,7 @@ EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,37 +83,37 @@ \& const EVP_CIPHER *EVP_sm4_ofb(void); \& const EVP_CIPHER *EVP_sm4_ctr(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0 +The SM4 blockcipher (GB/T 32907\-2016) for EVP. .PP All modes below use a key length of 128 bits and acts on blocks of 128 bits. .IP "\fBEVP_sm4_cbc()\fR, \fBEVP_sm4_ecb()\fR, \fBEVP_sm4_cfb()\fR, \fBEVP_sm4_cfb128()\fR, \fBEVP_sm4_ofb()\fR, \fBEVP_sm4_ctr()\fR" 4 .IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" -The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes +The SM4 blockcipher with a 128\-bit key in CBC, ECB, CFB, OFB and CTR modes respectively. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -\&\fBEVP_CIPHER_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_CIPHER_fetch\fR\|(3) with \fBEVP_CIPHER\-SM4\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the +These functions return a \fBEVP_CIPHER\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. +details of the \fBEVP_CIPHER\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/EVP_whirlpool.3.orig +++ secure/lib/libcrypto/man/man3/EVP_whirlpool.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,118 +53,59 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_WHIRLPOOL 3ossl" -.TH EVP_WHIRLPOOL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_WHIRLPOOL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_whirlpool \&\- WHIRLPOOL For EVP -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_whirlpool(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0 +WHIRLPOOL is a cryptographic hash function standardized in ISO/IEC 10118\-3:2004 designed by Vincent Rijmen and Paulo S. L. M. Barreto. This implementation is only available with the legacy provider. -.IP "\fBEVP_whirlpool()\fR" 4 +.IP \fBEVP_whirlpool()\fR 4 .IX Item "EVP_whirlpool()" -The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given +The WHIRLPOOL algorithm that produces a message digest of 512\-bits from a given input. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -\&\fBEVP_MD_fetch\fR\|(3) instead. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +\&\fBEVP_MD_fetch\fR\|(3) with \fBEVP_MD\-WHIRLPOOL\fR\|(7) instead. +See "Performance" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +These functions return a \fBEVP_MD\fR structure that contains the implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. +details of the \fBEVP_MD\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-3:2004.\s0 +ISO/IEC 10118\-3:2004. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/HMAC.3.orig +++ secure/lib/libcrypto/man/man3/HMAC.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "HMAC 3ossl" -.TH HMAC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH HMAC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME HMAC, HMAC_CTX_new, HMAC_CTX_reset, @@ -152,7 +77,7 @@ HMAC_CTX_get_md, HMAC_size \&\- HMAC message authentication code -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,7 +88,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -185,66 +110,66 @@ .Ve .PP The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash +HMAC is a MAC (message authentication code), i.e. a keyed hash function used for message authentication, which is based on a hash function. .PP -\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fIdata_len\fR bytes at +\&\fBHMAC()\fR computes the message authentication code of the \fIdata_len\fR bytes at \&\fIdata\fR using the hash function \fIevp_md\fR and the key \fIkey\fR which is -\&\fIkey_len\fR bytes long. The \fIkey\fR may also be \s-1NULL\s0 with \fIkey_len\fR being 0. +\&\fIkey_len\fR bytes long. The \fIkey\fR may also be NULL with \fIkey_len\fR being 0. .PP It places the result in \fImd\fR (which must have space for the output of -the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). -If \fImd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of -the output is placed in \fImd_len\fR, unless it is \s-1NULL.\s0 Note: passing a \s-1NULL\s0 +the hash function, which is no more than \fBEVP_MAX_MD_SIZE\fR bytes). +If \fImd\fR is NULL, the digest is placed in a static array. The size of +the output is placed in \fImd_len\fR, unless it is NULL. Note: passing a NULL value for \fImd\fR to use the static array is not thread safe. .PP \&\fIevp_md\fR is a message digest such as \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. -\&\s-1HMAC\s0 does not support variable output length digests such as \fBEVP_shake128()\fR and +HMAC does not support variable output length digests such as \fBEVP_shake128()\fR and \&\fBEVP_shake256()\fR. .PP -\&\s-1\fBHMAC\s0()\fR uses the default \fB\s-1OSSL_LIB_CTX\s0\fR. +\&\fBHMAC()\fR uses the default \fBOSSL_LIB_CTX\fR. Use \fBEVP_Q_mac\fR\|(3) instead if a library context is required. .PP All of the functions described below are deprecated. Applications should instead use \fBEVP_MAC_CTX_new\fR\|(3), \fBEVP_MAC_CTX_free\fR\|(3), \&\fBEVP_MAC_init\fR\|(3), \fBEVP_MAC_update\fR\|(3) and \fBEVP_MAC_final\fR\|(3) -or the 'quick' single-shot \s-1MAC\s0 function \fBEVP_Q_mac\fR\|(3). +or the \*(Aqquick\*(Aq single\-shot MAC function \fBEVP_Q_mac\fR\|(3). .PP -\&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. +\&\fBHMAC_CTX_new()\fR creates a new HMAC_CTX in heap memory. .PP -\&\fBHMAC_CTX_reset()\fR clears an existing \fB\s-1HMAC_CTX\s0\fR and associated +\&\fBHMAC_CTX_reset()\fR clears an existing \fBHMAC_CTX\fR and associated resources, making it suitable for new computations as if it was newly created with \fBHMAC_CTX_new()\fR. .PP -\&\fBHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, -releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR -itself. +\&\fBHMAC_CTX_free()\fR erases the key and other data from the \fBHMAC_CTX\fR, +releases any associated resources and finally frees the \fBHMAC_CTX\fR +itself. If the argument is NULL, nothing is done. .PP The following functions may be used if the message is not completely stored in memory: .PP -\&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash -function \fIevp_md\fR and key \fIkey\fR. If both are \s-1NULL,\s0 or if \fIkey\fR is \s-1NULL\s0 +\&\fBHMAC_Init_ex()\fR initializes or reuses a \fBHMAC_CTX\fR structure to use the hash +function \fIevp_md\fR and key \fIkey\fR. If both are NULL, or if \fIkey\fR is NULL and \fIevp_md\fR is the same as the previous call, then the existing key is reused. \fIctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use -of an \fB\s-1HMAC_CTX\s0\fR in this function. +of an \fBHMAC_CTX\fR in this function. .PP -If \fBHMAC_Init_ex()\fR is called with \fIkey\fR \s-1NULL\s0 and \fIevp_md\fR is not the +If \fBHMAC_Init_ex()\fR is called with \fIkey\fR NULL and \fIevp_md\fR is not the same as the previous digest used by \fIctx\fR then an error is returned because reuse of an existing key with a different digest is not supported. .PP -\&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +\&\fBHMAC_Init()\fR initializes a \fBHMAC_CTX\fR structure to use the hash function \fIevp_md\fR and the key \fIkey\fR which is \fIkey_len\fR bytes long. .PP @@ -259,35 +184,35 @@ \&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3). .PP -\&\fBHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the -supplied \s-1HMAC_CTX.\s0 +\&\fBHMAC_CTX_get_md()\fR returns the EVP_MD that has previously been set for the +supplied HMAC_CTX. .PP \&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +\&\fBHMAC()\fR returns a pointer to the message authentication code or NULL if an error occurred. .PP -\&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or -\&\s-1NULL\s0 if an error occurred. +\&\fBHMAC_CTX_new()\fR returns a pointer to a new \fBHMAC_CTX\fR on success or +NULL if an error occurred. .PP \&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and \&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. .PP -\&\fBHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or -\&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. +\&\fBHMAC_CTX_get_md()\fR return the EVP_MD previously set for the supplied HMAC_CTX or +NULL if no EVP_MD has been set. .PP \&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output or zero on error. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 2104\s0 +RFC 2104 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBSHA1\s0\fR\|(3), \fBEVP_Q_mac\fR\|(3), \fBevp\fR\|(7) -.SH "HISTORY" +\&\fBSHA1\fR\|(3), \fBEVP_Q_mac\fR\|(3), \fBevp\fR\|(7) +.SH HISTORY .IX Header "HISTORY" -All functions except for \s-1\fBHMAC\s0()\fR were deprecated in OpenSSL 3.0. +All functions except for \fBHMAC()\fR were deprecated in OpenSSL 3.0. .PP \&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0. .PP @@ -297,11 +222,11 @@ .PP \&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in OpenSSL before version 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/MD5.3.orig +++ secure/lib/libcrypto/man/man3/MD5.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,182 +53,119 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "MD5 3ossl" -.TH MD5 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH MD5 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" -.Vb 1 -\& #include -.Ve -.PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 +\& #include +\& \& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD2_Init(MD2_CTX *c); \& int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); \& int MD2_Final(unsigned char *md, MD2_CTX *c); -\& -\& -\& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 +\& #include +\& \& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD4_Init(MD4_CTX *c); \& int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); \& int MD4_Final(unsigned char *md, MD4_CTX *c); -\& -\& -\& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 +\& #include +\& \& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD5_Init(MD5_CTX *c); \& int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); \& int MD5_Final(unsigned char *md, MD5_CTX *c); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) and \fBEVP_DigestFinal_ex\fR\|(3). .PP -\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. +MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output. .PP -\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest +\&\fBMD2()\fR, \fBMD4()\fR, and \fBMD5()\fR compute the MD2, MD4, and MD5 message digest of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space -for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 -bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static +for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 +bytes of output). If \fBmd\fR is NULL, the digest is placed in a static array. .PP The following functions may be used if the message is not completely stored in memory: .PP -\&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +\&\fBMD2_Init()\fR initializes a \fBMD2_CTX\fR structure. .PP \&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space -for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. +for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the \fBMD2_CTX\fR. .PP \&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and -\&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +\&\fBMD5_Final()\fR are analogous using an \fBMD4_CTX\fR and \fBMD5_CTX\fR structure. .PP Applications should use the higher level functions \&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. -.SH "NOTE" +.SH NOTE .IX Header "NOTE" -\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing -applications. In new applications, hashes from the \s-1SHA\-2\s0 or \s-1SHA\-3\s0 family +MD2, MD4, and MD5 are recommended only for compatibility with existing +applications. In new applications, hashes from the SHA\-2 or SHA\-3 family should be preferred. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. +\&\fBMD2()\fR, \fBMD4()\fR, and \fBMD5()\fR return pointers to the hash value. .PP \&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, \&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 1319, RFC 1320, RFC 1321\s0 +RFC 1319, RFC 1320, RFC 1321 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_DigestInit\fR\|(3), \s-1\fBEVP_MD\-SHA2\s0\fR\|(7), \s-1\fBEVP_MD\-SHA3\s0\fR\|(7) -.SH "HISTORY" +\&\fBEVP_DigestInit\fR\|(3), \fBEVP_MD\-SHA2\fR\|(7), \fBEVP_MD\-SHA3\fR\|(7) +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/MDC2_Init.3.orig +++ secure/lib/libcrypto/man/man3/MDC2_Init.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "MDC2_INIT 3ossl" -.TH MDC2_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH MDC2_INIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -159,54 +84,54 @@ \& unsigned long len); \& int MDC2_Final(unsigned char *md, MDC2_CTX *c); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) and \fBEVP_DigestFinal_ex\fR\|(3). .PP -\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from -block ciphers. These functions are an implementation of \s-1MDC2\s0 with -\&\s-1DES.\s0 +MDC2 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of MDC2 with +DES. .PP -\&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +\&\fBMDC2()\fR computes the MDC2 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +MDC2_DIGEST_LENGTH == 16 bytes of output). If \fBmd\fR is NULL, the digest is placed in a static array. .PP The following functions may be used if the message is not completely stored in memory: .PP -\&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +\&\fBMDC2_Init()\fR initializes a \fBMDC2_CTX\fR structure. .PP \&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space -for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. +for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the \fBMDC2_CTX\fR. .PP Applications should use the higher level functions \&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value. +\&\fBMDC2()\fR returns a pointer to the hash value. .PP \&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +ISO/IEC 10118\-2:2000 Hash\-Function 2, with DES as the underlying block cipher. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/Makefile.orig +++ secure/lib/libcrypto/man/man3/Makefile @@ -51,6 +51,7 @@ MAN+= BIO_s_null.3 MAN+= BIO_s_socket.3 MAN+= BIO_set_callback.3 +MAN+= BIO_set_flags.3 MAN+= BIO_should_retry.3 MAN+= BIO_socket_wait.3 MAN+= BN_BLINDING_new.3 @@ -77,6 +78,7 @@ MAN+= CMS_EncryptedData_decrypt.3 MAN+= CMS_EncryptedData_encrypt.3 MAN+= CMS_EnvelopedData_create.3 +MAN+= CMS_EncryptedData_set1_key.3 MAN+= CMS_add0_cert.3 MAN+= CMS_add1_recipient_cert.3 MAN+= CMS_add1_signer.3 @@ -92,6 +94,7 @@ MAN+= CMS_get1_ReceiptRequest.3 MAN+= CMS_sign.3 MAN+= CMS_sign_receipt.3 +MAN+= CMS_signed_get_attr.3 MAN+= CMS_uncompress.3 MAN+= CMS_verify.3 MAN+= CMS_verify_receipt.3 @@ -153,6 +156,7 @@ MAN+= ERR_set_mark.3 MAN+= EVP_ASYM_CIPHER_free.3 MAN+= EVP_BytesToKey.3 +MAN+= EVP_CIPHER_CTX_get_app_data.3 MAN+= EVP_CIPHER_CTX_get_cipher_data.3 MAN+= EVP_CIPHER_CTX_get_original_iv.3 MAN+= EVP_CIPHER_meth_new.3 @@ -191,6 +195,7 @@ MAN+= EVP_PKEY_encapsulate.3 MAN+= EVP_PKEY_encrypt.3 MAN+= EVP_PKEY_fromdata.3 +MAN+= EVP_PKEY_get_attr.3 MAN+= EVP_PKEY_get_default_digest_nid.3 MAN+= EVP_PKEY_get_field_type.3 MAN+= EVP_PKEY_get_group_name.3 @@ -545,6 +550,7 @@ MAN+= X509V3_get_d2i.3 MAN+= X509V3_set_ctx.3 MAN+= X509_ALGOR_dup.3 +MAN+= X509_ATTRIBUTE.3 MAN+= X509_CRL_get0_by_serial.3 MAN+= X509_EXTENSION_set_object.3 MAN+= X509_LOOKUP.3 @@ -556,6 +562,8 @@ MAN+= X509_NAME_get_index_by_NID.3 MAN+= X509_NAME_print_ex.3 MAN+= X509_PUBKEY_new.3 +MAN+= X509_REQ_get_attr.3 +MAN+= X509_REQ_get_extensions.3 MAN+= X509_SIG_get0.3 MAN+= X509_STORE_CTX_get_error.3 MAN+= X509_STORE_CTX_new.3 @@ -834,6 +842,14 @@ MLINKS+= BIO_f_ssl.3 BIO_get_ssl.3 MLINKS+= BIO_s_bio.3 BIO_get_write_buf_size.3 MLINKS+= BIO_s_bio.3 BIO_get_write_guarantee.3 +MLINKS+= BIO_set_flags.3 BIO_clear_flags.3 +MLINKS+= BIO_set_flags.3 BIO_clear_retry_flags.3 +MLINKS+= BIO_set_flags.3 BIO_get_flags.3 +MLINKS+= BIO_set_flags.3 BIO_get_retry_flags.3 +MLINKS+= BIO_set_flags.3 BIO_set_retry_read.3 +MLINKS+= BIO_set_flags.3 BIO_set_retry_write.3 +MLINKS+= BIO_set_flags.3 BIO_set_retry_special.3 +MLINKS+= BIO_set_flags.3 BIO_test_flags.3 MLINKS+= BIO_read.3 BIO_gets.3 MLINKS+= BIO_parse_hostserv.3 BIO_hostserv_priorities.3 MLINKS+= BIO_ctrl.3 BIO_info_cb.3 @@ -1683,7 +1699,6 @@ MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get0_cipher.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get0_name.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get1_cipher.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_app_data.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_block_size.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_iv_length.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_key_length.3 @@ -1693,6 +1708,7 @@ MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_params.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_tag_length.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_type.3 +MLINKS+= EVP_CIPHER_CTX_get_app_data.3 EVP_CIPHER_CTX_set_app_data.3 MLINKS+= EVP_CIPHER_CTX_get_original_iv.3 EVP_CIPHER_CTX_get_updated_iv.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_gettable_params.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_is_encrypting.3 @@ -1706,7 +1722,6 @@ MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_num.3 MLINKS+= EVP_CIPHER_CTX_get_original_iv.3 EVP_CIPHER_CTX_original_iv.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_reset.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_app_data.3 MLINKS+= EVP_CIPHER_CTX_get_cipher_data.3 EVP_CIPHER_CTX_set_cipher_data.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_flags.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3 --- secure/lib/libcrypto/man/man3/NCONF_new_ex.3.orig +++ secure/lib/libcrypto/man/man3/NCONF_new_ex.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "NCONF_NEW_EX 3ossl" -.TH NCONF_NEW_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH NCONF_NEW_EX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME NCONF_new_ex, NCONF_new, NCONF_free, NCONF_default, NCONF_load, NCONF_get0_libctx, NCONF_get_section, NCONF_get_section_names \&\- functionality to Load and parse configuration files manually -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,20 +88,20 @@ \& STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *name); \& STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBNCONF_new_ex()\fR creates a new \s-1CONF\s0 object in heap memory and assigns to +\&\fBNCONF_new_ex()\fR creates a new CONF object in heap memory and assigns to it a context \fIlibctx\fR that can be used during loading. If the method table -\&\fImeth\fR is set to \s-1NULL\s0 then the default value of \fBNCONF_default()\fR is used. +\&\fImeth\fR is set to NULL then the default value of \fBNCONF_default()\fR is used. .PP -\&\fBNCONF_new()\fR is similar to \fBNCONF_new_ex()\fR but sets the \fIlibctx\fR to \s-1NULL.\s0 +\&\fBNCONF_new()\fR is similar to \fBNCONF_new_ex()\fR but sets the \fIlibctx\fR to NULL. .PP \&\fBNCONF_free()\fR frees the data associated with \fIconf\fR and then frees the \fIconf\fR -object. +object. If the argument is NULL, nothing is done. .PP \&\fBNCONF_load()\fR parses the file named \fIfilename\fR and adds the values found to \&\fIconf\fR. If an error occurs \fIfile\fR and \fIeline\fR list the file and line that -the load failed on if they are not \s-1NULL.\s0 +the load failed on if they are not NULL. .PP \&\fBNCONF_default()\fR gets the default method table for processing a configuration file. .PP @@ -184,32 +109,32 @@ parameter. .PP \&\fBNCONF_get_section_names()\fR gets the names of the sections associated with -the \fIconf\fR as \fB\s-1STACK_OF\s0(\s-1OPENSSL_CSTRING\s0)\fR strings. The individual strings +the \fIconf\fR as \fBSTACK_OF(OPENSSL_CSTRING)\fR strings. The individual strings are associated with the \fIconf\fR and will be invalid after \fIconf\fR is freed. The returned stack must be freed with \fBsk_OPENSSL_CSTRING_free()\fR. .PP \&\fBNCONF_get_section()\fR gets the config values associated with the \fIconf\fR from -the config section \fIname\fR as \fB\s-1STACK_OF\s0(\s-1CONF_VALUE\s0)\fR structures. The returned +the config section \fIname\fR as \fBSTACK_OF(CONF_VALUE)\fR structures. The returned stack is associated with the \fIconf\fR and will be invalid after \fIconf\fR is freed. It must not be freed by the caller. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBNCONF_load()\fR returns 1 on success or 0 on error. .PP -\&\fBNCONF_new_ex()\fR and \fBNCONF_new()\fR return a newly created \fI\s-1CONF\s0\fR object -or \s-1NULL\s0 if an error occurs. +\&\fBNCONF_new_ex()\fR and \fBNCONF_new()\fR return a newly created \fICONF\fR object +or NULL if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBCONF_modules_load_file\fR\|(3), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBNCONF_new_ex()\fR, \fBNCONF_get0_libctx()\fR, and \fBNCONF_get_section_names()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OBJ_nid2obj.3.orig +++ secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OBJ_NID2OBJ 3ossl" -.TH OBJ_NID2OBJ 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OBJ_NID2OBJ 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup, OBJ_add_sigid \&\- ASN1 object utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -176,45 +101,45 @@ .Ve .PP The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& void OBJ_cleanup(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are -a representation of the \s-1ASN1 OBJECT IDENTIFIER\s0 (\s-1OID\s0) type. +The ASN1 object utility functions process ASN1_OBJECT structures which are +a representation of the ASN1 OBJECT IDENTIFIER (OID) type. For convenience, OIDs are usually represented in source code as numeric -identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that +identifiers, or \fBNID\fRs. OpenSSL has an internal table of OIDs that are generated when the library is built, and their corresponding NIDs are available as defined constants. For the functions below, application -code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as +code should treat all returned values \-\- OIDs, NIDs, or names \-\- as constants. .PP -\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fIn\fR to -an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, -or \fB\s-1NULL\s0\fR if an error occurred. +\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the NID \fIn\fR to +an ASN1_OBJECT structure, its long name and its short name respectively, +or \fBNULL\fR if an error occurred. .PP -\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding NID for the object \fIo\fR, the long name \fIln\fR or the short name \fIsn\fR respectively or NID_undef if an error occurred. .PP -\&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string \fIs\fR. \fIs\fR can be +\&\fBOBJ_txt2nid()\fR returns NID corresponding to text string \fIs\fR. \fIs\fR can be a long name, a short name or the numerical representation of an object. .PP -\&\fBOBJ_txt2obj()\fR converts the text string \fIs\fR into an \s-1ASN1_OBJECT\s0 structure. +\&\fBOBJ_txt2obj()\fR converts the text string \fIs\fR into an ASN1_OBJECT structure. If \fIno_name\fR is 0 then long names and short names will be interpreted as well as numerical forms. If \fIno_name\fR is 1 only the numerical form is acceptable. .PP -\&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fIa\fR into a textual representation. -Unless \fIbuf\fR is \s-1NULL,\s0 -the representation is written as a NUL-terminated string to \fIbuf\fR, where +\&\fBOBJ_obj2txt()\fR converts the \fBASN1_OBJECT\fR \fIa\fR into a textual representation. +Unless \fIbuf\fR is NULL, +the representation is written as a NUL\-terminated string to \fIbuf\fR, where at most \fIbuf_len\fR bytes are written, truncating the result if necessary. -In any case it returns the total string length, excluding the \s-1NUL\s0 character, -required for non-truncated representation, or \-1 on error. +In any case it returns the total string length, excluding the NUL character, +required for non\-truncated representation, or \-1 on error. If \fIno_name\fR is 0 then if the object has a long or short name then that will be used, otherwise the numerical form will be used. If \fIno_name\fR is 1 then the numerical form will always be used. @@ -227,7 +152,7 @@ .PP \&\fBOBJ_create()\fR adds a new object to the internal table. \fIoid\fR is the numerical form of the object, \fIsn\fR the short name and \fIln\fR the -long name. A new \s-1NID\s0 is returned for the created object in case of +long name. A new NID is returned for the created object in case of success and NID_undef in case of failure. .PP \&\fBOBJ_length()\fR returns the size of the content octets of \fIobj\fR. @@ -235,23 +160,23 @@ \&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fIobj\fR. The returned pointer is an internal pointer which \fBmust not\fR be freed. .PP -\&\fBOBJ_add_sigid()\fR creates a new composite \*(L"Signature Algorithm\*(R" that associates a -given \s-1NID\s0 with two other NIDs \- one representing the underlying signature +\&\fBOBJ_add_sigid()\fR creates a new composite "Signature Algorithm" that associates a +given NID with two other NIDs \- one representing the underlying signature algorithm and the other representing a digest algorithm to be used in -conjunction with it. \fIsignid\fR represents the \s-1NID\s0 for the composite \*(L"Signature -Algorithm\*(R", \fIdig_id\fR is the \s-1NID\s0 for the digest algorithm and \fIpkey_id\fR is the -\&\s-1NID\s0 for the underlying signature algorithm. As there are signature algorithms +conjunction with it. \fIsignid\fR represents the NID for the composite "Signature +Algorithm", \fIdig_id\fR is the NID for the digest algorithm and \fIpkey_id\fR is the +NID for the underlying signature algorithm. As there are signature algorithms that do not require a digest, NID_undef is a valid \fIdig_id\fR. .PP \&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Objects in OpenSSL can have a short name, a long name and a numerical -identifier (\s-1NID\s0) associated with them. A standard set of objects is +identifier (NID) associated with them. A standard set of objects is represented in an internal table. The appropriate values are defined in the header file \fBobjects.h\fR. .PP -For example the \s-1OID\s0 for commonName has the following definitions: +For example the OID for commonName has the following definitions: .PP .Vb 3 \& #define SN_commonName "CN" @@ -266,39 +191,39 @@ also static constant structures which are shared: that is there is only a single constant structure for each table object. .PP -Objects which are not in the table have the \s-1NID\s0 value NID_undef. +Objects which are not in the table have the NID value NID_undef. .PP Objects do not need to be in the internal tables to be processed, the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical -form of an \s-1OID.\s0 +form of an OID. .PP Some objects are used to represent algorithms which do not have a -corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently +corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently exists for a particular algorithm). As a result they \fBcannot\fR be encoded or -decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there -is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero. +decoded as part of ASN.1 structures. Applications can determine if there +is a corresponding OBJECT IDENTIFIER by checking \fBOBJ_length()\fR is not zero. .PP -These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can -represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. +These functions cannot return \fBconst\fR because an \fBASN1_OBJECT\fR can +represent both an internal, constant, OID and a dynamically\-created one. The latter cannot be constant because it needs to be freed after use. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +\&\fBOBJ_nid2obj()\fR returns an \fBASN1_OBJECT\fR structure or \fBNULL\fR is an error occurred. .PP -\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fBNULL\fR on error. .PP \&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return -a \s-1NID\s0 or \fBNID_undef\fR on error. +a NID or \fBNID_undef\fR on error. .PP \&\fBOBJ_add_sigid()\fR returns 1 on success or 0 on error. .PP \&\fBi2t_ASN1_OBJECT()\fR an \fBOBJ_obj2txt()\fR return \-1 on error. On success, they return the length of the string written to \fIbuf\fR if \fIbuf\fR is -not \s-1NULL\s0 and \fIbuf_len\fR is big enough, otherwise the total string length. -Note that this does not count the trailing \s-1NUL\s0 character. -.SH "EXAMPLES" +not NULL and \fIbuf_len\fR is big enough, otherwise the total string length. +Note that this does not count the trailing NUL character. +.SH EXAMPLES .IX Header "EXAMPLES" Create an object for \fBcommonName\fR: .PP @@ -313,7 +238,7 @@ \& /* Do something */ .Ve .PP -Create a new \s-1NID\s0 and initialize an object from it: +Create a new NID and initialize an object from it: .PP .Vb 2 \& int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); @@ -325,7 +250,7 @@ .Vb 1 \& obj = OBJ_txt2obj("1.2.3.4", 1); .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Neither \fBOBJ_create()\fR nor \fBOBJ_add_sigid()\fR do any locking and are thus not thread safe. Moreover, none of the other functions should be called while @@ -333,15 +258,15 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto\fR\|(3) and should not be used. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3.orig +++ secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_NEW 3ossl" -.TH OCSP_REQUEST_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OCSP_REQUEST_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 \- OCSP request functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,57 +86,58 @@ \& int OCSP_request_onereq_count(OCSP_REQUEST *req); \& OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. +\&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fBOCSP_REQUEST\fR structure. .PP \&\fBOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. +If the argument is NULL, nothing is done. .PP -\&\fBOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns -the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional -extensions to the request. The \fBid\fR parameter \fB\s-1MUST NOT\s0\fR be freed up after +\&\fBOCSP_request_add0_id()\fR adds certificate ID \fBcid\fR to \fBreq\fR. It returns +the \fBOCSP_ONEREQ\fR structure added so an application can add additional +extensions to the request. The \fBid\fR parameter \fBMUST NOT\fR be freed up after the operation. .PP -\&\fBOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate +\&\fBOCSP_request_sign()\fR signs OCSP request \fBreq\fR using certificate \&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates -\&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates +\&\fBcerts\fR. If the \fBflags\fR option \fBOCSP_NOCERTS\fR is set then no certificates will be included in the request. .PP \&\fBOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The application is responsible for freeing up \fBcert\fR after use. .PP -\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fBOCSP_ONEREQ\fR structures in \fBreq\fR. .PP -\&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR +\&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fBOCSP_ONEREQ\fR contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to OCSP_request_onereq_count(req) \- 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if +\&\fBOCSP_REQUEST_new()\fR returns an empty \fBOCSP_REQUEST\fR structure or \fBNULL\fR if an error occurred. .PP -\&\fBOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR -or \fB\s-1NULL\s0\fR if an error occurred. +\&\fBOCSP_request_add0_id()\fR returns the \fBOCSP_ONEREQ\fR structure containing \fBcid\fR +or \fBNULL\fR if an error occurred. .PP \&\fBOCSP_request_sign()\fR and \fBOCSP_request_add1_cert()\fR return 1 for success and 0 for failure. .PP -\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fBOCSP_ONEREQ\fR structures in \fBreq\fR and \-1 on error. .PP -\&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure -or \fB\s-1NULL\s0\fR if the index value is out or range. -.SH "NOTES" +\&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fBOCSP_ONEREQ\fR structure +or \fBNULL\fR if the index value is out or range. +.SH NOTES .IX Header "NOTES" -An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures +An OCSP request structure contains one or more \fBOCSP_ONEREQ\fR structures corresponding to each certificate. .PP \&\fBOCSP_request_onereq_count()\fR and \fBOCSP_request_onereq_get0()\fR are mainly used by -\&\s-1OCSP\s0 responders. -.SH "EXAMPLES" +OCSP responders. +.SH EXAMPLES .IX Header "EXAMPLES" -Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with issuer +Create an \fBOCSP_REQUEST\fR structure for certificate \fBcert\fR with issuer \&\fBissuer\fR: .PP .Vb 2 @@ -240,11 +166,11 @@ \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3), \&\fBOCSP_sendreq_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3.orig +++ secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OCSP_CERT_TO_ID 3ossl" -.TH OCSP_CERT_TO_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OCSP_CERT_TO_ID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,29 +88,30 @@ \& ASN1_OCTET_STRING **pikeyHash, \& ASN1_INTEGER **pserial, OCSP_CERTID *cid); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using +\&\fBOCSP_cert_to_id()\fR creates and returns a new \fBOCSP_CERTID\fR structure using message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If -\&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. +\&\fBdgst\fR is \fBNULL\fR then SHA1 is used. .PP -\&\fBOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and +\&\fBOCSP_cert_id_new()\fR creates and returns a new \fBOCSP_CERTID\fR using \fBdgst\fR and issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number \&\fBserialNumber\fR. .PP \&\fBOCSP_CERTID_free()\fR frees up \fBid\fR. +If the argument is NULL, nothing is done. .PP -\&\fBOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +\&\fBOCSP_id_cmp()\fR compares \fBOCSP_CERTID\fR \fBa\fR and \fBb\fR. .PP -\&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +\&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fBOCSP_CERTID\fR \fBa\fR and \fBb\fR. .PP -\&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and +\&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash OID, issuer key hash and serial number contained in \fBcid\fR. If any of the values are not required the -corresponding parameter can be set to \fB\s-1NULL\s0\fR. +corresponding parameter can be set to \fBNULL\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid -\&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +\&\fBOCSP_CERTID\fR structure or \fBNULL\fR if an error occurred. .PP \&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and nonzero otherwise. @@ -193,14 +119,14 @@ \&\fBOCSP_CERTID_free()\fR does not return a value. .PP \&\fBOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1OCSP\s0 clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR: +OCSP clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR: the other functions are used by responder applications. .PP -The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST -NOT\s0\fR be freed up by an application: they will be freed when the corresponding -\&\fB\s-1OCSP_CERTID\s0\fR structure is freed. +The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fBMUST +NOT\fR be freed up by an application: they will be freed when the corresponding +\&\fBOCSP_CERTID\fR structure is freed. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), @@ -209,11 +135,11 @@ \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3), \&\fBOCSP_sendreq_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3.orig +++ secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_ADD1_NONCE 3ossl" -.TH OCSP_REQUEST_ADD1_NONCE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OCSP_REQUEST_ADD1_NONCE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce \- OCSP nonce functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,14 +75,14 @@ \& int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); \& int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to -\&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR +OCSP request \fBreq\fR. If \fBval\fR is \fBNULL\fR a random nonce is used. If \fBlen\fR is zero or negative a default length will be used (currently 16 bytes). .PP \&\fBOCSP_basic_add1_nonce()\fR is identical to \fBOCSP_request_add1_nonce()\fR except -it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. +it adds a nonce to OCSP basic response \fBresp\fR. .PP \&\fBOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. .PP @@ -176,25 +101,25 @@ returned. If a nonce is present in the response only 3 is returned. If nonces are present and unequal 0 is returned. If the nonce is present in the request only then \-1 is returned. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" For most purposes the nonce value in a request is set to a random value so -the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0 +the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually NULL. .PP -An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks +An OCSP nonce is typically added to an OCSP request to thwart replay attacks by checking the same nonce value appears in the response. .PP Some responders may include a nonce in all responses even if one is not supplied. .PP -Some responders cache \s-1OCSP\s0 responses and do not sign each response for +Some responders cache OCSP responses and do not sign each response for performance reasons. As a result they do not support nonces. .PP The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case. A positive return value effectively indicates success: nonces are both present and match, both absent or present in the response only. A nonzero return additionally covers the case where the nonce is present in the request only: -this will happen if the responder doesn't support nonces. A zero return value +this will happen if the responder doesn\*(Aqt support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error condition. .SH "SEE ALSO" @@ -205,11 +130,11 @@ \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3), \&\fBOCSP_sendreq_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3.orig +++ secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OCSP_RESP_FIND_STATUS 3ossl" -.TH OCSP_RESP_FIND_STATUS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OCSP_RESP_FIND_STATUS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, @@ -147,7 +72,7 @@ OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_check_validity, OCSP_basic_verify \&\- OCSP response utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -191,24 +116,24 @@ \& int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, \& X509_STORE *st, unsigned long flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOCSP_resp_find_status()\fR searches \fIbs\fR for an \s-1OCSP\s0 response for \fIid\fR. If it is +\&\fBOCSP_resp_find_status()\fR searches \fIbs\fR for an OCSP response for \fIid\fR. If it is successful the fields of the response are returned in \fI*status\fR, \fI*reason\fR, \&\fI*revtime\fR, \fI*thisupd\fR and \fI*nextupd\fR. The \fI*status\fR value will be one of \&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or \&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fI*reason\fR and \fI*revtime\fR fields are only set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fI*reason\fR field will be set to the revocation reason which will be one of -\&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, -\&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, -\&\fB\s-1OCSP_REVOKED_STATUS_AFFILIATIONCHANGED\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_SUPERSEDED\s0\fR, -\&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, -\&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. +\&\fBOCSP_REVOKED_STATUS_NOSTATUS\fR, \fBOCSP_REVOKED_STATUS_UNSPECIFIED\fR, +\&\fBOCSP_REVOKED_STATUS_KEYCOMPROMISE\fR, \fBOCSP_REVOKED_STATUS_CACOMPROMISE\fR, +\&\fBOCSP_REVOKED_STATUS_AFFILIATIONCHANGED\fR, \fBOCSP_REVOKED_STATUS_SUPERSEDED\fR, +\&\fBOCSP_REVOKED_STATUS_CESSATIONOFOPERATION\fR, +\&\fBOCSP_REVOKED_STATUS_CERTIFICATEHOLD\fR or \fBOCSP_REVOKED_STATUS_REMOVEFROMCRL\fR. .PP -\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fIbs\fR. +\&\fBOCSP_resp_count()\fR returns the number of \fBOCSP_SINGLERESP\fR structures in \fIbs\fR. .PP -\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fIbs\fR corresponding +\&\fBOCSP_resp_get0()\fR returns the \fBOCSP_SINGLERESP\fR structure in \fIbs\fR corresponding to index \fIidx\fR, where \fIidx\fR runs from 0 to OCSP_resp_count(bs) \- 1. .PP \&\fBOCSP_resp_find()\fR searches \fIbs\fR for \fIid\fR and returns the index of the first @@ -229,15 +154,15 @@ \&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fIbs\fR. .PP \&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly -signed \fIbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate +signed \fIbs\fR. The OCSP protocol does not require that this certificate is included in the \fBcerts\fR field of the response, so additional certificates can be supplied via the \fIextra_certs\fR if the certificates that may have -signed the response are known via some out-of-band mechanism. +signed the response are known via some out\-of\-band mechanism. .PP -\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fIbs\fR. If the responder \s-1ID\s0 is -a name then <*pname> is set to the name and \fI*pid\fR is set to \s-1NULL.\s0 If the -responder \s-1ID\s0 is by key \s-1ID\s0 then \fI*pid\fR is set to the key \s-1ID\s0 and \fI*pname\fR -is set to \s-1NULL.\s0 +\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fIbs\fR. If the responder ID is +a name then <*pname> is set to the name and \fI*pid\fR is set to NULL. If the +responder ID is by key ID then \fI*pid\fR is set to the key ID and \fI*pname\fR +is set to NULL. .PP \&\fBOCSP_resp_get1_id()\fR is the same as \fBOCSP_resp_get0_id()\fR but leaves ownership of \fI*pid\fR and \fI*pname\fR with the caller, @@ -254,37 +179,37 @@ the trusted store and \fIcerts\fR as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response in \fIcerts\fR. It then searches the certificates the responder may have included -in \fIbs\fR unless \fIflags\fR contains \fB\s-1OCSP_NOINTERN\s0\fR. +in \fIbs\fR unless \fIflags\fR contains \fBOCSP_NOINTERN\fR. It fails if the signer certificate cannot be found. -Next, unless \fIflags\fR contains \fB\s-1OCSP_NOSIGS\s0\fR, the function checks +Next, unless \fIflags\fR contains \fBOCSP_NOSIGS\fR, the function checks the signature of \fIbs\fR and fails on error. Then the function already returns -success if \fIflags\fR contains \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate -was found in \fIcerts\fR and \fIflags\fR contains \fB\s-1OCSP_TRUSTOTHER\s0\fR. +success if \fIflags\fR contains \fBOCSP_NOVERIFY\fR or if the signer certificate +was found in \fIcerts\fR and \fIflags\fR contains \fBOCSP_TRUSTOTHER\fR. Otherwise the function continues by validating the signer certificate. -If \fIflags\fR contains \fB\s-1OCSP_PARTIAL_CHAIN\s0\fR it takes intermediate \s-1CA\s0 +If \fIflags\fR contains \fBOCSP_PARTIAL_CHAIN\fR it takes intermediate CA certificates in \fIst\fR as trust anchors. For more details, see the description of \fBX509_V_FLAG_PARTIAL_CHAIN\fR -in \*(L"\s-1VERIFICATION FLAGS\*(R"\s0 in \fBX509_VERIFY_PARAM_set_flags\fR\|(3). -If \fIflags\fR contains \fB\s-1OCSP_NOCHAIN\s0\fR it ignores all certificates in \fIcerts\fR -and in \fIbs\fR, else it takes them as untrusted intermediate \s-1CA\s0 certificates +in "VERIFICATION FLAGS" in \fBX509_VERIFY_PARAM_set_flags\fR\|(3). +If \fIflags\fR contains \fBOCSP_NOCHAIN\fR it ignores all certificates in \fIcerts\fR +and in \fIbs\fR, else it takes them as untrusted intermediate CA certificates and uses them for constructing the validation path for the signer certificate. Certificate revocation status checks using CRLs is disabled during path validation -if the signer certificate contains the \fBid-pkix-ocsp-no-check\fR extension. +if the signer certificate contains the \fBid\-pkix\-ocsp\-no\-check\fR extension. After successful path -validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. -Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer +validation the function returns success if the \fBOCSP_NOCHECKS\fR flag is set. +Otherwise it verifies that the signer certificate meets the OCSP issuer criteria including potential delegation. If this does not succeed and the -\&\fB\s-1OCSP_NOEXPLICIT\s0\fR flag is not set the function checks for explicit -trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. +\&\fBOCSP_NOEXPLICIT\fR flag is not set the function checks for explicit +trust for OCSP signing in the root CA certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_resp_find_status()\fR returns 1 if \fIid\fR is found in \fIbs\fR and 0 otherwise. .PP -\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in \fIbs\fR +\&\fBOCSP_resp_count()\fR returns the total number of \fBOCSP_SINGLERESP\fR fields in \fIbs\fR or \-1 on error. .PP -\&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or -\&\s-1NULL\s0 on error, such as \fIidx\fR being out of range. +\&\fBOCSP_resp_get0()\fR returns a pointer to an \fBOCSP_SINGLERESP\fR structure or +NULL on error, such as \fIidx\fR being out of range. .PP \&\fBOCSP_resp_find()\fR returns the index of \fIid\fR in \fIbs\fR (which may be 0) or \-1 on error, such as when \fIid\fR was not found. @@ -314,13 +239,13 @@ .PP \&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on verification not successful, or \-1 on a fatal error such as malloc failure. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate -\&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They +ID of interest and then check its validity using \fBOCSP_check_validity()\fR. They can then take appropriate action based on the status of the certificate. .PP -An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR +An OCSP response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR fields. Normally the current time should be between these two values. To account for clock skew the \fImaxsec\fR field can be set to nonzero in \&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this @@ -330,8 +255,8 @@ .PP The values written to \fI*revtime\fR, \fI*thisupd\fR and \fI*nextupd\fR by \&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers -which \s-1MUST NOT\s0 be freed up by the calling application. Any or all of these -parameters can be set to \s-1NULL\s0 if their value is not required. +which MUST NOT be freed up by the calling application. Any or all of these +parameters can be set to NULL if their value is not required. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), @@ -341,11 +266,11 @@ \&\fBOCSP_response_status\fR\|(3), \&\fBOCSP_sendreq_new\fR\|(3), \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OCSP_response_status.3.orig +++ secure/lib/libcrypto/man/man3/OCSP_response_status.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OCSP_RESPONSE_STATUS 3ossl" -.TH OCSP_RESPONSE_STATUS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OCSP_RESPONSE_STATUS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key_ex, OCSP_RESPID_set_by_key, OCSP_RESPID_match_ex, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx \&\- OCSP response functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -168,61 +93,62 @@ \& int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, \& STACK_OF(X509) *certs, unsigned long flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fIresp\fR. It returns -one of the values: \fI\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, -\&\fI\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, -\&\fI\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fI\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR -\&\fI\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fI\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. +\&\fBOCSP_response_status()\fR returns the OCSP response status of \fIresp\fR. It returns +one of the values: \fIOCSP_RESPONSE_STATUS_SUCCESSFUL\fR, +\&\fIOCSP_RESPONSE_STATUS_MALFORMEDREQUEST\fR, +\&\fIOCSP_RESPONSE_STATUS_INTERNALERROR\fR, \fIOCSP_RESPONSE_STATUS_TRYLATER\fR +\&\fIOCSP_RESPONSE_STATUS_SIGREQUIRED\fR, or \fIOCSP_RESPONSE_STATUS_UNAUTHORIZED\fR. .PP -\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fI\s-1OCSP_BASICRESP\s0\fR structure +\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fIOCSP_BASICRESP\fR structure contained in \fIresp\fR. .PP -\&\fBOCSP_response_create()\fR creates and returns an \fI\s-1OCSP_RESPONSE\s0\fR structure for +\&\fBOCSP_response_create()\fR creates and returns an \fIOCSP_RESPONSE\fR structure for \&\fIstatus\fR and optionally including basic response \fIbs\fR. .PP -\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fIresp\fR. +\&\fBOCSP_RESPONSE_free()\fR frees up OCSP response \fIresp\fR. +If the argument is NULL, nothing is done. .PP -\&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the -subject name in the supplied X509 certificate \fIcert\fR for the \s-1OCSP\s0 responder. +\&\fBOCSP_RESPID_set_by_name()\fR sets the name of the OCSP_RESPID to be the same as the +subject name in the supplied X509 certificate \fIcert\fR for the OCSP responder. .PP -\&\fBOCSP_RESPID_set_by_key_ex()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the -key in the supplied X509 certificate \fIcert\fR for the \s-1OCSP\s0 responder. The key is -stored as a \s-1SHA1\s0 hash. To calculate the hash the \s-1SHA1\s0 algorithm is fetched using +\&\fBOCSP_RESPID_set_by_key_ex()\fR sets the key of the OCSP_RESPID to be the same as the +key in the supplied X509 certificate \fIcert\fR for the OCSP responder. The key is +stored as a SHA1 hash. To calculate the hash the SHA1 algorithm is fetched using the library ctx \fIlibctx\fR and the property query string \fIpropq\fR (see -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information). +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information). .PP \&\fBOCSP_RESPID_set_by_key()\fR does the same as \fBOCSP_RESPID_set_by_key_ex()\fR except that the default library context is used with an empty property query string. .PP -Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling +Note that an OCSP_RESPID can only have one of the name, or the key set. Calling \&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing setting. .PP -\&\fBOCSP_RESPID_match_ex()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fIrespid\fR matches -with the X509 certificate \fIcert\fR based on the \s-1SHA1\s0 hash. To calculate the hash -the \s-1SHA1\s0 algorithm is fetched using the library ctx \fIlibctx\fR and the property -query string \fIpropq\fR (see \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further +\&\fBOCSP_RESPID_match_ex()\fR tests whether the OCSP_RESPID given in \fIrespid\fR matches +with the X509 certificate \fIcert\fR based on the SHA1 hash. To calculate the hash +the SHA1 algorithm is fetched using the library ctx \fIlibctx\fR and the property +query string \fIpropq\fR (see "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information). .PP \&\fBOCSP_RESPID_match()\fR does the same as \fBOCSP_RESPID_match_ex()\fR except that the default library context is used with an empty property query string. .PP -\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fIbrsp\fR using certificate \fIsigner\fR, private key +\&\fBOCSP_basic_sign()\fR signs OCSP response \fIbrsp\fR using certificate \fIsigner\fR, private key \&\fIkey\fR, digest \fIdgst\fR and additional certificates \fIcerts\fR. If the \fIflags\fR option -\&\fI\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the response. If the -\&\fIflags\fR option \fI\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 -rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fIbrsp\fR but +\&\fIOCSP_NOCERTS\fR is set then no certificates will be included in the response. If the +\&\fIflags\fR option \fIOCSP_RESPID_KEY\fR is set then the responder is identified by key ID +rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs OCSP response \fIbrsp\fR but uses the parameters contained in digest context \fIctx\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_RESPONSE_status()\fR returns a status value. .PP -\&\fBOCSP_response_get1_basic()\fR returns an \fI\s-1OCSP_BASICRESP\s0\fR structure pointer or -\&\fI\s-1NULL\s0\fR if an error occurred. +\&\fBOCSP_response_get1_basic()\fR returns an \fIOCSP_BASICRESP\fR structure pointer or +\&\fINULL\fR if an error occurred. .PP -\&\fBOCSP_response_create()\fR returns an \fI\s-1OCSP_RESPONSE\s0\fR structure pointer or \fI\s-1NULL\s0\fR +\&\fBOCSP_response_create()\fR returns an \fIOCSP_RESPONSE\fR structure pointer or \fINULL\fR if an error occurred. .PP \&\fBOCSP_RESPONSE_free()\fR does not return a value. @@ -231,12 +157,12 @@ \&\fBOCSP_basic_sign_ctx()\fR return 1 on success or 0 on failure. .PP -\&\fBOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match +\&\fBOCSP_RESPID_match()\fR returns 1 if the OCSP_RESPID and the X509 certificate match or 0 otherwise. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is -\&\fI\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. +\&\fIOCSP_RESPONSE_STATUS_SUCCESSFUL\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) @@ -247,17 +173,17 @@ \&\fBOCSP_sendreq_new\fR\|(3) \&\fBOCSP_RESPID_new\fR\|(3) \&\fBOCSP_RESPID_free\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR and \fBOCSP_RESPID_match()\fR functions were added in OpenSSL 1.1.0a. .PP The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3.orig +++ secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OCSP_SENDREQ_NEW 3ossl" -.TH OCSP_SENDREQ_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OCSP_SENDREQ_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OCSP_REQ_CTX, OCSP_sendreq_new, OCSP_sendreq_nbio, @@ -149,7 +74,7 @@ OCSP_set_max_response_length, OCSP_REQ_CTX_set1_req \&\- OCSP responder query functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,7 +85,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 8 @@ -173,31 +98,31 @@ \& void OCSP_set_max_response_length(OCSP_REQ_CT *rctx, unsigned long len); \& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions perform an \s-1OCSP POST\s0 request / response transfer over \s-1HTTP,\s0 -using the \s-1HTTP\s0 request functions described in \s-1\fBOSSL_HTTP_REQ_CTX\s0\fR\|(3). +These functions perform an OCSP POST request / response transfer over HTTP, +using the HTTP request functions described in \fBOSSL_HTTP_REQ_CTX\fR\|(3). .PP -The function \fBOCSP_sendreq_new()\fR builds a complete \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR structure -with the \fB\s-1BIO\s0\fR \fIio\fR to be used for requests and response, the \s-1URL\s0 path \fIpath\fR, -optionally the \s-1OCSP\s0 request \fIreq\fR, and a response header maximum line length +The function \fBOCSP_sendreq_new()\fR builds a complete \fBOSSL_HTTP_REQ_CTX\fR structure +with the \fBBIO\fR \fIio\fR to be used for requests and response, the URL path \fIpath\fR, +optionally the OCSP request \fIreq\fR, and a response header maximum line length of \fIbuf_size\fR. If \fIbuf_size\fR is zero a default value of 4KiB is used. -The \fIreq\fR may be set to \s-1NULL\s0 and provided later using \fBOCSP_REQ_CTX_set1_req()\fR +The \fIreq\fR may be set to NULL and provided later using \fBOCSP_REQ_CTX_set1_req()\fR or \fBOSSL_HTTP_REQ_CTX_set1_req\fR\|(3). The \fIio\fR and \fIpath\fR arguments to \fBOCSP_sendreq_new()\fR correspond to the -components of the \s-1URL.\s0 -For example if the responder \s-1URL\s0 is \f(CW\*(C`http://example.com/ocspreq\*(C'\fR the \s-1BIO\s0 +components of the URL. +For example if the responder URL is \f(CW\*(C`http://example.com/ocspreq\*(C'\fR the BIO \&\fIio\fR should haven been connected to host \f(CW\*(C`example.com\*(C'\fR on port 80 and \fIpath\fR should be set to \f(CW\*(C`/ocspreq\*(C'\fR. .PP \&\fBOCSP_sendreq_nbio()\fR attempts to send the request prepared in \fIrctx\fR -and to gather the response via \s-1HTTP,\s0 using the \s-1BIO\s0 \fIio\fR and \fIpath\fR +and to gather the response via HTTP, using the BIO \fIio\fR and \fIpath\fR that were given when calling \fBOCSP_sendreq_new()\fR. If the operation gets completed it assigns the response, -a pointer to a \fB\s-1OCSP_RESPONSE\s0\fR structure, in \fI*presp\fR. +a pointer to a \fBOCSP_RESPONSE\fR structure, in \fI*presp\fR. The function may need to be called again if its result is \-1, which indicates \&\fBBIO_should_retry\fR\|(3). In such a case it is advisable to sleep a little in -between, using \fBBIO_wait\fR\|(3) on the read \s-1BIO\s0 to prevent a busy loop. +between, using \fBBIO_wait\fR\|(3) on the read BIO to prevent a busy loop. .PP \&\fBOCSP_sendreq_bio()\fR combines \fBOCSP_sendreq_new()\fR with as many calls of \&\fBOCSP_sendreq_nbio()\fR as needed and then \fBOCSP_REQ_CTX_free()\fR, with a @@ -221,42 +146,42 @@ .PP The deprecated type and the remaining deprecated functions have been superseded by the following equivalents: -\&\fB\s-1OCSP_REQ_CTX\s0\fR by \s-1\fBOSSL_HTTP_REQ_CTX\s0\fR\|(3), +\&\fBOCSP_REQ_CTX\fR by \fBOSSL_HTTP_REQ_CTX\fR\|(3), \&\fBOCSP_REQ_CTX_add1_header()\fR by \fBOSSL_HTTP_REQ_CTX_add1_header\fR\|(3), \&\fBOCSP_REQ_CTX_free()\fR by \fBOSSL_HTTP_REQ_CTX_free\fR\|(3), and \&\fBOCSP_set_max_response_length()\fR by \&\fBOSSL_HTTP_REQ_CTX_set_max_response_length\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR structure or \s-1NULL\s0 +\&\fBOCSP_sendreq_new()\fR returns a valid \fBOSSL_HTTP_REQ_CTX\fR structure or NULL if an error occurred. .PP \&\fBOCSP_sendreq_nbio()\fR returns 1 for success, 0 on error, \-1 if retry is needed. .PP -\&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the -responder or \s-1NULL\s0 if an error occurred. +\&\fBOCSP_sendreq_bio()\fR returns the \fBOCSP_RESPONSE\fR structure sent by the +responder or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBOSSL_HTTP_REQ_CTX\s0\fR\|(3), \fBOSSL_HTTP_transfer\fR\|(3), +\&\fBOSSL_HTTP_REQ_CTX\fR\|(3), \fBOSSL_HTTP_transfer\fR\|(3), \&\fBOCSP_cert_to_id\fR\|(3), \&\fBOCSP_request_add1_nonce\fR\|(3), \&\fBOCSP_REQUEST_new\fR\|(3), \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -\&\fB\s-1OCSP_REQ_CTX\s0\fR, +\&\fBOCSP_REQ_CTX\fR, \&\fBOCSP_REQ_CTX_i2d()\fR, \&\fBOCSP_REQ_CTX_add1_header()\fR, \&\fBOCSP_REQ_CTX_free()\fR, \&\fBOCSP_set_max_response_length()\fR, and \fBOCSP_REQ_CTX_set1_req()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_Applink.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,87 +53,28 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_APPLINK 3ossl" -.TH OPENSSL_APPLINK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_APPLINK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& _\|_declspec(dllexport) void **OPENSSL_Applink(); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -OPENSSL_Applink is application-side interface which provides a glue -between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. -Even though it appears at application side, it's essentially OpenSSL +OPENSSL_Applink is application\-side interface which provides a glue +between OpenSSL BIO layer and Win32 compiler run\-time environment. +Even though it appears at application side, it\*(Aqs essentially OpenSSL private interface. For this reason application developers are not expected to implement it, but to compile provided module with compiler of their choice and link it into the target application. @@ -158,11 +83,11 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" Not available. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_FILE.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_FILE.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_FILE 3ossl" -.TH OPENSSL_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_FILE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC, OPENSSL_MSTR, OPENSSL_MSTR_HELPER \&\- generic C programming utility macros -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,34 +79,34 @@ \& #define OPENSSL_MSTR_HELPER(x) #x \& #define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The macros \fB\s-1OPENSSL_FILE\s0\fR and \fB\s-1OPENSSL_LINE\s0\fR +The macros \fBOPENSSL_FILE\fR and \fBOPENSSL_LINE\fR typically yield the current filename and line number during C compilation. -When \fB\s-1OPENSSL_NO_FILENAMES\s0\fR is defined they yield \fB""\fR and \fB0\fR, respectively. +When \fBOPENSSL_NO_FILENAMES\fR is defined they yield \fB""\fR and \fB0\fR, respectively. .PP -The macro \fB\s-1OPENSSL_FUNC\s0\fR attempts to yield the name of the C function +The macro \fBOPENSSL_FUNC\fR attempts to yield the name of the C function currently being compiled, as far as language and compiler versions allow. -Otherwise, it yields \*(L"(unknown function)\*(R". +Otherwise, it yields "(unknown function)". .PP -The macro \fB\s-1OPENSSL_MSTR\s0\fR yields the expansion of the macro given as argument, +The macro \fBOPENSSL_MSTR\fR yields the expansion of the macro given as argument, which is useful for concatenation with string constants. -The macro \fB\s-1OPENSSL_MSTR_HELPER\s0\fR is an auxiliary macro for this purpose. +The macro \fBOPENSSL_MSTR_HELPER\fR is an auxiliary macro for this purpose. .SH "RETURN VALUES" .IX Header "RETURN VALUES" see above .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -\&\fB\s-1OPENSSL_FUNC\s0\fR, \fB\s-1OPENSSL_MSTR\s0\fR, and \fB\s-1OPENSSL_MSTR_HELPER\s0\fR +\&\fBOPENSSL_FUNC\fR, \fBOPENSSL_MSTR\fR, and \fBOPENSSL_MSTR_HELPER\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,88 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_LH_COMPFUNC 3ossl" -.TH OPENSSL_LH_COMPFUNC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_LH_COMPFUNC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, -lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error, +lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_num_items, lh_TYPE_get_down_load, +lh_TYPE_set_down_load, lh_TYPE_error, OPENSSL_LH_new, OPENSSL_LH_free, OPENSSL_LH_flush, OPENSSL_LH_insert, OPENSSL_LH_delete, OPENSSL_LH_retrieve, -OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error +OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_num_items, +OPENSSL_LH_get_down_load, OPENSSL_LH_set_down_load, OPENSSL_LH_error \&\- dynamic hash table -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -169,6 +96,10 @@ \& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, \& TYPE *arg); \& +\& unsigned long lh_TYPE_num_items(OPENSSL_LHASH *lh); +\& unsigned long lh_TYPE_get_down_load(OPENSSL_LHASH *lh); +\& void lh_TYPE_set_down_load(OPENSSL_LHASH *lh, unsigned long dl); +\& \& int lh_TYPE_error(LHASH_OF(TYPE) *table); \& \& typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); @@ -187,18 +118,24 @@ \& void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); \& void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); \& +\& unsigned long OPENSSL_LH_num_items(OPENSSL_LHASH *lh); +\& unsigned long OPENSSL_LH_get_down_load(OPENSSL_LHASH *lh); +\& void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long dl); +\& \& int OPENSSL_LH_error(OPENSSL_LHASH *lh); +\& +\& #define LH_LOAD_MULT /* integer constant */ .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This library implements type-checked dynamic hash tables. The hash +This library implements type\-checked dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key -and value fields. In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder -for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. +and value fields. In the description here, \fR\f(BITYPE\fR\fB\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fISSL_SESSION\fR. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() creates a new \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure to store -arbitrary data entries, and specifies the 'hash' and 'compare' -callbacks to be used in organising the table's entries. The \fIhash\fR +\&\fBlh_\fR\f(BITYPE\fR\fB_new\fR() creates a new \fBLHASH_OF\fR(\fR\f(BITYPE\fR\fB\fR) structure to store +arbitrary data entries, and specifies the \*(Aqhash\*(Aq and \*(Aqcompare\*(Aq +callbacks to be used in organising the table\*(Aqs entries. The \fIhash\fR callback takes a pointer to a table entry as its argument and returns an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash @@ -209,9 +146,9 @@ If your hash table will contain items of some particular type and the \fIhash\fR and \&\fIcompare\fR callbacks hash/compare these types, then the -\&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be +\&\fBIMPLEMENT_LHASH_HASH_FN\fR and \fBIMPLEMENT_LHASH_COMP_FN\fR macros can be used to create callback wrappers of the prototypes required by -\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() as shown in this example: +\&\fBlh_\fR\f(BITYPE\fR\fB_new\fR() as shown in this example: .PP .Vb 11 \& /* @@ -241,7 +178,7 @@ \& DECLARE_LHASH_COMP_FN(stuff, TYPE) .Ve .PP -Then a hash table of \fB\f(BI\s-1TYPE\s0\fB\fR objects can be created using this: +Then a hash table of \fR\f(BITYPE\fR\fB\fR objects can be created using this: .PP .Vb 1 \& LHASH_OF(TYPE) *htable; @@ -249,28 +186,28 @@ \& htable = B_new>(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); .Ve .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_free\fR() frees the \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure +\&\fBlh_\fR\f(BITYPE\fR\fB_free\fR() frees the \fBLHASH_OF\fR(\fR\f(BITYPE\fR\fB\fR) structure \&\fItable\fR. Allocated hash table entries will not be freed; consider -using \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() to deallocate any remaining entries in the -hash table (see below). +using \fBlh_\fR\f(BITYPE\fR\fB_doall\fR() to deallocate any remaining entries in the +hash table (see below). If the argument is NULL, nothing is done. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_flush\fR() empties the \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure \fItable\fR. New +\&\fBlh_\fR\f(BITYPE\fR\fB_flush\fR() empties the \fBLHASH_OF\fR(\fR\f(BITYPE\fR\fB\fR) structure \fItable\fR. New entries can be added to the flushed table. Allocated hash table entries -will not be freed; consider using \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() to deallocate any +will not be freed; consider using \fBlh_\fR\f(BITYPE\fR\fB_doall\fR() to deallocate any remaining entries in the hash table (see below). .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() inserts the structure pointed to by \fIdata\fR into +\&\fBlh_\fR\f(BITYPE\fR\fB_insert\fR() inserts the structure pointed to by \fIdata\fR into \&\fItable\fR. If there already is an entry with the same key, the old -value is replaced. Note that \fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() stores pointers, the +value is replaced. Note that \fBlh_\fR\f(BITYPE\fR\fB_insert\fR() stores pointers, the data are not copied. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_delete\fR() deletes an entry from \fItable\fR. +\&\fBlh_\fR\f(BITYPE\fR\fB_delete\fR() deletes an entry from \fItable\fR. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_retrieve\fR() looks up an entry in \fItable\fR. Normally, \fIdata\fR +\&\fBlh_\fR\f(BITYPE\fR\fB_retrieve\fR() looks up an entry in \fItable\fR. Normally, \fIdata\fR is a structure with the key field(s) set; the function will return a pointer to a fully populated structure. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() will, for every entry in the hash table, call +\&\fBlh_\fR\f(BITYPE\fR\fB_doall\fR() will, for every entry in the hash table, call \&\fIfunc\fR with the data item as its parameter. For example: .PP @@ -288,24 +225,15 @@ \& lh_TYPE_free(hashtable); .Ve .PP -When doing this, be careful if you delete entries from the hash table -in your callbacks: the table may decrease in size, moving the item -that you are currently on down lower in the hash table \- this could -cause some entries to be skipped during the iteration. The second -best solution to this problem is to set hash\->down_load=0 before -you start (which will stop the hash table ever decreasing in size). -The best solution is probably to avoid deleting items from the hash -table inside a \*(L"doall\*(R" callback! -.PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall_arg\fR() is the same as \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() except that +\&\fBlh_\fR\f(BITYPE\fR\fB_doall_arg\fR() is the same as \fBlh_\fR\f(BITYPE\fR\fB_doall\fR() except that \&\fIfunc\fR will be called with \fIarg\fR as the second argument and \fIfunc\fR -should be of type \fB\s-1LHASH_DOALL_ARG_FN\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) (a callback prototype +should be of type \fBLHASH_DOALL_ARG_FN\fR(\fR\f(BITYPE\fR\fB\fR) (a callback prototype that is passed both the table entry and an extra argument). As with \&\fBlh_doall()\fR, you can instead choose to declare your callback with a prototype matching the types you are dealing with and use the declare/implement macros to create compatible wrappers that cast -variables before calling your type-specific callbacks. An example of -this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 +variables before calling your type\-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a BIO that is provided by the caller): .PP .Vb 2 @@ -320,97 +248,124 @@ \& logging_bio); .Ve .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() can be used to determine if an error occurred in the last +Note that it is by default \fBnot\fR safe to use \fBlh_\fR\f(BITYPE\fR\fB_delete\fR() inside a +callback passed to \fBlh_\fR\f(BITYPE\fR\fB_doall\fR() or \fBlh_\fR\f(BITYPE\fR\fB_doall_arg\fR(). The +reason for this is that deleting an item from the hash table may result in the +hash table being contracted to a smaller size and rehashed. +\&\fBlh_\fR\f(BITYPE\fR\fB_doall\fR() and \fBlh_\fR\f(BITYPE\fR\fB_doall_arg\fR() are unsafe and will exhibit +undefined behaviour under these conditions, as these functions assume the hash +table size and bucket pointers do not change during the call. +.PP +If it is desired to use \fBlh_\fR\f(BITYPE\fR\fB_doall\fR() or \fBlh_\fR\f(BITYPE\fR\fB_doall_arg\fR() with +\&\fBlh_\fR\f(BITYPE\fR\fB_delete\fR(), it is essential that you call +\&\fBlh_\fR\f(BITYPE\fR\fB_set_down_load\fR() with a \fIdown_load\fR argument of 0 first. This +disables hash table contraction and guarantees that it will be safe to delete +items from a hash table during a call to \fBlh_\fR\f(BITYPE\fR\fB_doall\fR() or +\&\fBlh_\fR\f(BITYPE\fR\fB_doall_arg\fR(). +.PP +It is never safe to call \fBlh_\fR\f(BITYPE\fR\fB_insert\fR() during a call to +\&\fBlh_\fR\f(BITYPE\fR\fB_doall\fR() or \fBlh_\fR\f(BITYPE\fR\fB_doall_arg\fR(). +.PP +\&\fBlh_\fR\f(BITYPE\fR\fB_error\fR() can be used to determine if an error occurred in the last operation. .PP -\&\fBOPENSSL_LH_new()\fR is the same as the \fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() except that it is not -type specific. So instead of returning an \fB\s-1LHASH_OF\s0(\f(BI\s-1TYPE\s0\fB)\fR value it returns +\&\fBlh_\fR\f(BITYPE\fR\fB_num_items\fR() returns the number of items in the hash table. +.PP +\&\fBlh_\fR\f(BITYPE\fR\fB_get_down_load\fR() and \fBlh_\fR\f(BITYPE\fR\fB_set_down_load\fR() get and set the +factor used to determine when the hash table is contracted. The factor is the +load factor at or below which hash table contraction will occur, multiplied by +\&\fBLH_LOAD_MULT\fR, where the load factor is the number of items divided by the +number of nodes. Setting this value to 0 disables hash table contraction. +.PP +\&\fBOPENSSL_LH_new()\fR is the same as the \fBlh_\fR\f(BITYPE\fR\fB_new\fR() except that it is not +type specific. So instead of returning an \fBLHASH_OF(\fR\f(BITYPE\fR\fB)\fR value it returns a \fBvoid *\fR. In the same way the functions \fBOPENSSL_LH_free()\fR, \&\fBOPENSSL_LH_flush()\fR, \fBOPENSSL_LH_insert()\fR, \fBOPENSSL_LH_delete()\fR, -\&\fBOPENSSL_LH_retrieve()\fR, \fBOPENSSL_LH_doall()\fR, \fBOPENSSL_LH_doall_arg()\fR, and -\&\fBOPENSSL_LH_error()\fR are equivalent to the similarly named \fBlh_\f(BI\s-1TYPE\s0\fB\fR functions -except that they return or use a \fBvoid *\fR where the equivalent \fBlh_\f(BI\s-1TYPE\s0\fB\fR -function returns or uses a \fB\f(BI\s-1TYPE\s0\fB *\fR or \fB\s-1LHASH_OF\s0(\f(BI\s-1TYPE\s0\fB) *\fR. \fBlh_\f(BI\s-1TYPE\s0\fB\fR -functions are implemented as type checked wrappers around the \fB\s-1OPENSSL_LH\s0\fR -functions. Most applications should not call the \fB\s-1OPENSSL_LH\s0\fR functions -directly. +\&\fBOPENSSL_LH_retrieve()\fR, \fBOPENSSL_LH_doall()\fR, \fBOPENSSL_LH_doall_arg()\fR, +\&\fBOPENSSL_LH_num_items()\fR, \fBOPENSSL_LH_get_down_load()\fR, \fBOPENSSL_LH_set_down_load()\fR +and \fBOPENSSL_LH_error()\fR are equivalent to the similarly named \fBlh_\fR\f(BITYPE\fR +functions except that they return or use a \fBvoid *\fR where the equivalent +\&\fBlh_\fR\f(BITYPE\fR\fB\fR function returns or uses a \fB\fR\f(BITYPE\fR\fB *\fR or \fBLHASH_OF(\fR\f(BITYPE\fR\fB) *\fR. +\&\fBlh_\fR\f(BITYPE\fR\fB\fR functions are implemented as type checked wrappers around the +\&\fBOPENSSL_LH\fR functions. Most applications should not call the \fBOPENSSL_LH\fR +functions directly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() and \fBOPENSSL_LH_new()\fR return \s-1NULL\s0 on error, otherwise a -pointer to the new \fB\s-1LHASH\s0\fR structure. +\&\fBlh_\fR\f(BITYPE\fR\fB_new\fR() and \fBOPENSSL_LH_new()\fR return NULL on error, otherwise a +pointer to the new \fBLHASH\fR structure. .PP -When a hash table entry is replaced, \fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() or -\&\fBOPENSSL_LH_insert()\fR return the value being replaced. \s-1NULL\s0 is returned on normal +When a hash table entry is replaced, \fBlh_\fR\f(BITYPE\fR\fB_insert\fR() or +\&\fBOPENSSL_LH_insert()\fR return the value being replaced. NULL is returned on normal operation and on error. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_delete\fR() and \fBOPENSSL_LH_delete()\fR return the entry being deleted. -\&\s-1NULL\s0 is returned if there is no such value in the hash table. +\&\fBlh_\fR\f(BITYPE\fR\fB_delete\fR() and \fBOPENSSL_LH_delete()\fR return the entry being deleted. +NULL is returned if there is no such value in the hash table. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_retrieve\fR() and \fBOPENSSL_LH_retrieve()\fR return the hash table entry -if it has been found, \s-1NULL\s0 otherwise. +\&\fBlh_\fR\f(BITYPE\fR\fB_retrieve\fR() and \fBOPENSSL_LH_retrieve()\fR return the hash table entry +if it has been found, NULL otherwise. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() and \fBOPENSSL_LH_error()\fR return 1 if an error occurred in -the last operation, 0 otherwise. It's meaningful only after non-retrieve +\&\fBlh_\fR\f(BITYPE\fR\fB_error\fR() and \fBOPENSSL_LH_error()\fR return 1 if an error occurred in +the last operation, 0 otherwise. It\*(Aqs meaningful only after non\-retrieve operations. .PP -\&\fBlh_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBOPENSSL_LH_free()\fR, \fBlh_\f(BI\s-1TYPE\s0\fB_flush\fR(), -\&\fBOPENSSL_LH_flush()\fR, \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() \fBOPENSSL_LH_doall()\fR, -\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall_arg\fR() and \fBOPENSSL_LH_doall_arg()\fR return no values. -.SH "NOTE" +\&\fBlh_\fR\f(BITYPE\fR\fB_free\fR(), \fBOPENSSL_LH_free()\fR, \fBlh_\fR\f(BITYPE\fR\fB_flush\fR(), +\&\fBOPENSSL_LH_flush()\fR, \fBlh_\fR\f(BITYPE\fR\fB_doall\fR() \fBOPENSSL_LH_doall()\fR, +\&\fBlh_\fR\f(BITYPE\fR\fB_doall_arg\fR() and \fBOPENSSL_LH_doall_arg()\fR return no values. +.SH NOTE .IX Header "NOTE" -The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as -\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() or \fBOPENSSL_LH_error()\fR calls must be performed under +The LHASH code is not thread safe. All updating operations, as well as +\&\fBlh_\fR\f(BITYPE\fR\fB_error\fR() or \fBOPENSSL_LH_error()\fR calls must be performed under a write lock. All retrieve operations should be performed under a read lock, \&\fIunless\fR accurate usage statistics are desired. In which case, a write lock should be used for retrieve operations as well. For output of the usage statistics, using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices. .PP -The \s-1LHASH\s0 code regards table entries as constant data. As such, it -internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" +The LHASH code regards table entries as constant data. As such, it +internally represents \fBlh_insert()\fR\*(Aqd items with a "const void *" pointer type. This is why callbacks such as those used by \fBlh_doall()\fR -and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the -parameters that pass back the table items' data pointers \- for -consistency, user-provided data is \*(L"const\*(R" at all times as far as the -\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +and \fBlh_doall_arg()\fR declare their prototypes with "const", even for the +parameters that pass back the table items\*(Aq data pointers \- for +consistency, user\-provided data is "const" at all times as far as the +LHASH code is concerned. However, as callers are themselves providing these pointers, they can choose whether they too should be treating all such parameters as constant. .PP As an example, a hash table may be maintained by code that, for -reasons of encapsulation, has only \*(L"const\*(R" access to the data being -indexed in the hash table (i.e. it is returned as \*(L"const\*(R" from -elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are -appropriate as-is. Conversely, if the caller is responsible for the -life-time of the data in question, then they may well wish to make +reasons of encapsulation, has only "const" access to the data being +indexed in the hash table (i.e. it is returned as "const" from +elsewhere in their code) \- in this case the LHASH prototypes are +appropriate as\-is. Conversely, if the caller is responsible for the +life\-time of the data in question, then they may well wish to make modifications to table item passed back in the \fBlh_doall()\fR or -\&\fBlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If -so, the caller can either cast the \*(L"const\*(R" away (if they're providing +\&\fBlh_doall_arg()\fR callbacks (see the "TYPE_cleanup" example above). If +so, the caller can either cast the "const" away (if they\*(Aqre providing the raw callbacks themselves) or use the macros to declare/implement -the wrapper functions without \*(L"const\*(R" types. +the wrapper functions without "const" types. .PP -Callers that only have \*(L"const\*(R" access to data they're indexing in a +Callers that only have "const" access to data they\*(Aqre indexing in a table, yet declare callbacks without constant types (or cast the -\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs -without being encouraged to do so by the \s-1API.\s0 On a related note, +"const" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the API. On a related note, those auditing code should pay special attention to any instances of -DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types -without any \*(L"const\*(R" qualifiers. -.SH "BUGS" +DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types +without any "const" qualifiers. +.SH BUGS .IX Header "BUGS" -\&\fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() and \fBOPENSSL_LH_insert()\fR return \s-1NULL\s0 both for success +\&\fBlh_\fR\f(BITYPE\fR\fB_insert\fR() and \fBOPENSSL_LH_insert()\fR return NULL both for success and error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_LH_stats\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" In OpenSSL 1.0.0, the lhash interface was revamped for better type checking. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_LH_STATS 3ossl" -.TH OPENSSL_LH_STATS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_LH_STATS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,9 +80,9 @@ \& void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); \& void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of +The \fBLHASH\fR structure records statistics about most aspects of accessing the hash table. .PP \&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table and how @@ -165,36 +90,36 @@ number of additional statistics, but the tracking of these statistics is no longer supported and these statistics are always reported as zero. .PP -\&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the +\&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each \*(Aqbucket\*(Aq in the hash table. .PP \&\fBOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the -hash table. It prints the 'load' and the 'actual load'. The load is -the average number of data items per 'bucket' in the hash table. The -\&'actual load' is the average number of items per 'bucket', but only -for buckets which contain entries. So the 'actual load' is the +hash table. It prints the \*(Aqload\*(Aq and the \*(Aqactual load\*(Aq. The load is +the average number of data items per \*(Aqbucket\*(Aq in the hash table. The +\&\*(Aqactual load\*(Aq is the average number of items per \*(Aqbucket\*(Aq, but only +for buckets which contain entries. So the \*(Aqactual load\*(Aq is the average number of searches that will need to find an item in the hash -table, while the 'load' is the average number that will be done to +table, while the \*(Aqload\*(Aq is the average number that will be done to record a miss. .PP \&\fBOPENSSL_LH_stats_bio()\fR, \fBOPENSSL_LH_node_stats_bio()\fR and \fBOPENSSL_LH_node_usage_stats_bio()\fR -are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. +are the same as the above, except that the output goes to a \fBBIO\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions do not return values. -.SH "NOTE" +.SH NOTE .IX Header "NOTE" These calls should be made under a read lock. Refer to -\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required -when using the \s-1LHASH\s0 data structure. +"NOTE" in \fBOPENSSL_LH_COMPFUNC\fR\|(3) for more details about the locks required +when using the LHASH data structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBbio\fR\|(7), \fBOPENSSL_LH_COMPFUNC\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_config.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_config.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,95 +53,36 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_CONFIG 3ossl" -.TH OPENSSL_CONFIG 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_CONFIG 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& void OPENSSL_config(const char *appname); \& void OPENSSL_no_config(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and -reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then +reads from the application section \fBappname\fR. If \fBappname\fR is NULL then the default section, \fBopenssl_conf\fR, will be used. Errors are silently ignored. Multiple calls have no effect. @@ -165,13 +90,13 @@ \&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR no configuration takes place. .PP -If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a +If the application is built with \fBOPENSSL_LOAD_CONF\fR defined, then a call to \fBOpenSSL_add_all_algorithms()\fR will implicitly call \fBOPENSSL_config()\fR first. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and -forget it\*(R" function. +The \fBOPENSSL_config()\fR function is designed to be a very simple "call it and +forget it" function. It is however \fBmuch\fR better than nothing. Applications which need finer control over their configuration functionality should use the configuration functions such as \fBCONF_modules_load()\fR directly. This function is deprecated @@ -184,15 +109,15 @@ However, very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an -application calls \fBOPENSSL_config()\fR it doesn't need to know or care about -\&\s-1ENGINE\s0 control operations because they can be performed by editing a +application calls \fBOPENSSL_config()\fR it doesn\*(Aqt need to know or care about +ENGINE control operations because they can be performed by editing a configuration file. -.SH "ENVIRONMENT" +.SH ENVIRONMENT .IX Header "ENVIRONMENT" -.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IP \fBOPENSSL_CONF\fR 4 .IX Item "OPENSSL_CONF" The path to the config file. -Ignored in set-user-ID and set-group-ID programs. +Ignored in set\-user\-ID and set\-group\-ID programs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value. @@ -200,15 +125,15 @@ .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \&\fBCONF_modules_load_file\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,88 +53,29 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_FORK_PREPARE 3ossl" -.TH OPENSSL_FORK_PREPARE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_FORK_PREPARE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork handlers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -158,7 +83,7 @@ \& void OPENSSL_fork_parent(void); \& void OPENSSL_fork_child(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These methods are currently unused, and as such, no replacement methods are required or planned. @@ -176,7 +101,7 @@ functions as the OpenSSL library will do so automatically. .PP \&\fBOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate -handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other +handler, when the \fBOPENSSL_INIT_ATFORK\fR flag is used. For other applications, these functions can be called directly. They should be used according to the calling sequence described by the \fBpthread_atfork\fR\|(3) documentation, which is summarized here. \fBOPENSSL_fork_prepare()\fR should @@ -190,14 +115,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_init_crypto\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_gmtime.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_gmtime.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_GMTIME 3ossl" -.TH OPENSSL_GMTIME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_GMTIME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_gmtime, OPENSSL_gmtime_adj, OPENSSL_gmtime_diff \- platform\-agnostic OpenSSL time routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,19 +77,19 @@ \& int OPENSSL_gmtime_diff(int *pday, int *psec, \& const struct tm *from, const struct tm *to); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOPENSSL_gmtime()\fR returns the \s-1UTC\s0 time specified by \fItimer\fR into the provided +\&\fBOPENSSL_gmtime()\fR returns the UTC time specified by \fItimer\fR into the provided \&\fIresult\fR argument. .PP \&\fBOPENSSL_gmtime_adj()\fR adds the offsets in \fIoffset_day\fR and \fIoffset_sec\fR to \fItm\fR. .PP \&\fBOPENSSL_gmtime_diff()\fR calculates the difference between \fIfrom\fR and \fIto\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -It is an error to call \fBOPENSSL_gmtime()\fR with \fIresult\fR equal to \s-1NULL.\s0 The +It is an error to call \fBOPENSSL_gmtime()\fR with \fIresult\fR equal to NULL. The contents of the time_t given by \fItimer\fR are stored into the \fIresult\fR. Calling -with \fItimer\fR equal to \s-1NULL\s0 means use the current time. +with \fItimer\fR equal to NULL means use the current time. .PP \&\fBOPENSSL_gmtime_adj()\fR converts \fItm\fR into a days and seconds value, adds the offsets, then converts back into a \fIstruct tm\fR specified by \fItm\fR. Leap seconds @@ -176,18 +101,18 @@ than the number of seconds per day (3600). Leap seconds are not considered. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOPENSSL_gmtime()\fR returns \s-1NULL\s0 on error, or \fIresult\fR on success. +\&\fBOPENSSL_gmtime()\fR returns NULL on error, or \fIresult\fR on success. .PP \&\fBOPENSSL_gmtime_adj()\fR and \fBOPENSSL_gmtime_diff()\fR return 0 on error, and 1 on success. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOPENSSL_gmtime()\fR, \fBOPENSSL_gmtime_adj()\fR and \fBOPENSSL_gmtime_diff()\fR have been in OpenSSL since 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_hexchar2int.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_hexchar2int.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_HEXCHAR2INT 3ossl" -.TH OPENSSL_HEXCHAR2INT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_HEXCHAR2INT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_hexchar2int, OPENSSL_hexstr2buf_ex, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr_ex, OPENSSL_buf2hexstr \&\- Hex encoding and decoding functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,41 +82,41 @@ \& const char sep); \& char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOPENSSL_hexchar2int()\fR converts a hexadecimal character to its numeric equivalent. .PP \&\fBOPENSSL_hexstr2buf_ex()\fR decodes the hex string \fBstr\fR and places the resulting string of bytes in the given \fIbuf\fR. -The character \fIsep\fR is the separator between the bytes, setting this to '\e0' +The character \fIsep\fR is the separator between the bytes, setting this to \*(Aq\e0\*(Aq means that there is no separator. \&\fIbuf_n\fR gives the size of the buffer. -If \fIbuflen\fR is not \s-1NULL,\s0 it is filled in with the result length. -To find out how large the result will be, call this function with \s-1NULL\s0 +If \fIbuflen\fR is not NULL, it is filled in with the result length. +To find out how large the result will be, call this function with NULL for \fIbuf\fR. -Colons between two-character hex \*(L"bytes\*(R" are accepted and ignored. +Colons between two\-character hex "bytes" are accepted and ignored. An odd number of hex digits is an error. .PP \&\fBOPENSSL_hexstr2buf()\fR does the same thing as \fBOPENSSL_hexstr2buf_ex()\fR, but allocates the space for the result, and returns the result. It uses a -default separator of ':'. +default separator of \*(Aq:\*(Aq. The memory is allocated by calling \fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. .PP \&\fBOPENSSL_buf2hexstr_ex()\fR encodes the contents of the given \fIbuf\fR with length \fIbuflen\fR and places the resulting hexadecimal character string in the given \fIstr\fR. -The character \fIsep\fR is the separator between the bytes, setting this to '\e0' +The character \fIsep\fR is the separator between the bytes, setting this to \*(Aq\e0\*(Aq means that there is no separator. \&\fIstr_n\fR gives the size of the of the string buffer. -If \fIstrlength\fR is not \s-1NULL,\s0 it is filled in with the result length. -To find out how large the result will be, call this function with \s-1NULL\s0 +If \fIstrlength\fR is not NULL, it is filled in with the result length. +To find out how large the result will be, call this function with NULL for \fIstr\fR. .PP \&\fBOPENSSL_buf2hexstr()\fR does the same thing as \fBOPENSSL_buf2hexstr_ex()\fR, but allocates the space for the result, and returns the result. It uses a -default separator of ':'. +default separator of \*(Aq:\*(Aq. The memory is allocated by calling \fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. .SH "RETURN VALUES" @@ -200,15 +125,15 @@ or \-1 on error. .PP \&\fBOPENSSL_buf2hexstr()\fR and \fBOPENSSL_hexstr2buf()\fR -return a pointer to allocated memory, or \s-1NULL\s0 on error. +return a pointer to allocated memory, or NULL on error. .PP \&\fBOPENSSL_buf2hexstr_ex()\fR and \fBOPENSSL_hexstr2buf_ex()\fR return 1 on success, or 0 on error. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,137 +53,78 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_IA32CAP 3ossl" -.TH OPENSSL_IA32CAP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_IA32CAP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_ia32cap \- the x86[_64] processor capabilities vector -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& env OPENSSL_ia32cap=... .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" OpenSSL supports a range of x86[_64] instruction set extensions. These extensions are denoted by individual bits in capability vector returned -by processor in \s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction +by processor in EDX:ECX register pair after executing CPUID instruction with EAX=1 input value (see Intel Application Note #241618). This vector is copied to memory upon toolkit initialization and used to choose between different code paths to provide optimal performance across wide range of processors. For the moment of this writing following bits are significant: -.IP "bit #4 denoting presence of Time-Stamp Counter." 4 +.IP "bit #4 denoting presence of Time\-Stamp Counter." 4 .IX Item "bit #4 denoting presence of Time-Stamp Counter." .PD 0 -.IP "bit #19 denoting availability of \s-1CLFLUSH\s0 instruction;" 4 +.IP "bit #19 denoting availability of CLFLUSH instruction;" 4 .IX Item "bit #19 denoting availability of CLFLUSH instruction;" -.IP "bit #20, reserved by Intel, is used to choose among \s-1RC4\s0 code paths;" 4 +.IP "bit #20, reserved by Intel, is used to choose among RC4 code paths;" 4 .IX Item "bit #20, reserved by Intel, is used to choose among RC4 code paths;" -.IP "bit #23 denoting \s-1MMX\s0 support;" 4 +.IP "bit #23 denoting MMX support;" 4 .IX Item "bit #23 denoting MMX support;" -.IP "bit #24, \s-1FXSR\s0 bit, denoting availability of \s-1XMM\s0 registers;" 4 +.IP "bit #24, FXSR bit, denoting availability of XMM registers;" 4 .IX Item "bit #24, FXSR bit, denoting availability of XMM registers;" -.IP "bit #25 denoting \s-1SSE\s0 support;" 4 +.IP "bit #25 denoting SSE support;" 4 .IX Item "bit #25 denoting SSE support;" -.IP "bit #26 denoting \s-1SSE2\s0 support;" 4 +.IP "bit #26 denoting SSE2 support;" 4 .IX Item "bit #26 denoting SSE2 support;" .IP "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" 4 .IX Item "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" .IP "bit #30, reserved by Intel, denotes specifically Intel CPUs;" 4 .IX Item "bit #30, reserved by Intel, denotes specifically Intel CPUs;" -.IP "bit #33 denoting availability of \s-1PCLMULQDQ\s0 instruction;" 4 +.IP "bit #33 denoting availability of PCLMULQDQ instruction;" 4 .IX Item "bit #33 denoting availability of PCLMULQDQ instruction;" -.IP "bit #41 denoting \s-1SSSE3,\s0 Supplemental \s-1SSE3,\s0 support;" 4 +.IP "bit #41 denoting SSSE3, Supplemental SSE3, support;" 4 .IX Item "bit #41 denoting SSSE3, Supplemental SSE3, support;" -.IP "bit #43 denoting \s-1AMD XOP\s0 support (forced to zero on non-AMD CPUs);" 4 +.IP "bit #43 denoting AMD XOP support (forced to zero on non\-AMD CPUs);" 4 .IX Item "bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);" -.IP "bit #54 denoting availability of \s-1MOVBE\s0 instruction;" 4 +.IP "bit #54 denoting availability of MOVBE instruction;" 4 .IX Item "bit #54 denoting availability of MOVBE instruction;" -.IP "bit #57 denoting AES-NI instruction set extension;" 4 +.IP "bit #57 denoting AES\-NI instruction set extension;" 4 .IX Item "bit #57 denoting AES-NI instruction set extension;" -.IP "bit #58, \s-1XSAVE\s0 bit, lack of which in combination with \s-1MOVBE\s0 is used to identify Atom Silvermont core;" 4 +.IP "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" 4 .IX Item "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" -.IP "bit #59, \s-1OSXSAVE\s0 bit, denoting availability of \s-1YMM\s0 registers;" 4 +.IP "bit #59, OSXSAVE bit, denoting availability of YMM registers;" 4 .IX Item "bit #59, OSXSAVE bit, denoting availability of YMM registers;" -.IP "bit #60 denoting \s-1AVX\s0 extension;" 4 +.IP "bit #60 denoting AVX extension;" 4 .IX Item "bit #60 denoting AVX extension;" -.IP "bit #62 denoting availability of \s-1RDRAND\s0 instruction;" 4 +.IP "bit #62 denoting availability of RDRAND instruction;" 4 .IX Item "bit #62 denoting availability of RDRAND instruction;" .PD .PP -For example, in 32\-bit application context clearing bit #26 at run-time -disables high-performance \s-1SSE2\s0 code present in the crypto library, while -clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 register +For example, in 32\-bit application context clearing bit #26 at run\-time +disables high\-performance SSE2 code present in the crypto library, while +clearing bit #24 disables SSE2 code operating on 128\-bit XMM register bank. You might have to do the latter if target OpenSSL application is -executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that does not -enable \s-1XMM\s0 registers. Historically address of the capability vector copy +executed on SSE2 capable CPU, but under control of OS that does not +enable XMM registers. Historically address of the capability vector copy was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not anymore. Now the only way to affect the capability detection is to set \&\fBOPENSSL_ia32cap\fR environment variable prior target application start. To @@ -209,56 +134,56 @@ effect. Alternatively you can reconfigure the toolkit with no\-sse2 option and recompile. .PP -Less intuitive is clearing bit #28, or ~0x10000000 in the \*(L"environment -variable\*(R" terms. The truth is that it's not copied from \s-1CPUID\s0 output +Less intuitive is clearing bit #28, or ~0x10000000 in the "environment +variable" terms. The truth is that it\*(Aqs not copied from CPUID output verbatim, but is adjusted to reflect whether or not the data cache is actually shared between logical cores. This in turn affects the decision -on whether or not expensive countermeasures against cache-timing attacks -are applied, most notably in \s-1AES\s0 assembler module. +on whether or not expensive countermeasures against cache\-timing attacks +are applied, most notably in AES assembler module. .PP -The capability vector is further extended with \s-1EBX\s0 value returned by -\&\s-1CPUID\s0 with EAX=7 and ECX=0 as input. Following bits are significant: -.IP "bit #64+3 denoting availability of \s-1BMI1\s0 instructions, e.g. \s-1ANDN\s0;" 4 +The capability vector is further extended with EBX value returned by +CPUID with EAX=7 and ECX=0 as input. Following bits are significant: +.IP "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" 4 .IX Item "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" .PD 0 -.IP "bit #64+5 denoting availability of \s-1AVX2\s0 instructions;" 4 +.IP "bit #64+5 denoting availability of AVX2 instructions;" 4 .IX Item "bit #64+5 denoting availability of AVX2 instructions;" -.IP "bit #64+8 denoting availability of \s-1BMI2\s0 instructions, e.g. \s-1MULX\s0 and \s-1RORX\s0;" 4 +.IP "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" 4 .IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" -.IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 +.IP "bit #64+16 denoting availability of AVX512F extension;" 4 .IX Item "bit #64+16 denoting availability of AVX512F extension;" -.IP "bit #64+17 denoting availability of \s-1AVX512DQ\s0 extension;" 4 +.IP "bit #64+17 denoting availability of AVX512DQ extension;" 4 .IX Item "bit #64+17 denoting availability of AVX512DQ extension;" -.IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 +.IP "bit #64+18 denoting availability of RDSEED instruction;" 4 .IX Item "bit #64+18 denoting availability of RDSEED instruction;" -.IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 +.IP "bit #64+19 denoting availability of ADCX and ADOX instructions;" 4 .IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" -.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, aka \s-1AVX512IFMA\s0 extension;" 4 +.IP "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, aka AVX512IFMA extension;" 4 .IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, aka AVX512IFMA extension;" -.IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 +.IP "bit #64+29 denoting availability of SHA extension;" 4 .IX Item "bit #64+29 denoting availability of SHA extension;" -.IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 +.IP "bit #64+30 denoting availability of AVX512BW extension;" 4 .IX Item "bit #64+30 denoting availability of AVX512BW extension;" -.IP "bit #64+31 denoting availability of \s-1AVX512VL\s0 extension;" 4 +.IP "bit #64+31 denoting availability of AVX512VL extension;" 4 .IX Item "bit #64+31 denoting availability of AVX512VL extension;" -.IP "bit #64+41 denoting availability of \s-1VAES\s0 extension;" 4 +.IP "bit #64+41 denoting availability of VAES extension;" 4 .IX Item "bit #64+41 denoting availability of VAES extension;" -.IP "bit #64+42 denoting availability of \s-1VPCLMULQDQ\s0 extension;" 4 +.IP "bit #64+42 denoting availability of VPCLMULQDQ extension;" 4 .IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" .PD .PP To control this extended capability word use \f(CW\*(C`:\*(C'\fR as delimiter when setting up \fBOPENSSL_ia32cap\fR environment variable. For example assigning -\&\f(CW\*(C`:~0x20\*(C'\fR would disable \s-1AVX2\s0 code paths, and \f(CW\*(C`:0\*(C'\fR \- all post-AVX +\&\f(CW\*(C`:~0x20\*(C'\fR would disable AVX2 code paths, and \f(CW\*(C`:0\*(C'\fR \- all post\-AVX extensions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Not available. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_CRYPTO 3ossl" -.TH OPENSSL_INIT_CRYPTO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_INIT_CRYPTO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop_ex, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -164,12 +89,12 @@ \& const char* name); \& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" During normal operation OpenSSL (libcrypto) will allocate various resources at start up that must, subsequently, be freed on close down of the library. Additionally some resources are allocated on a per thread basis (if the -application is multi-threaded), and these resources must be freed prior to the +application is multi\-threaded), and these resources must be freed prior to the thread closing. .PP As of version 1.1.0 OpenSSL will automatically allocate all resources that it @@ -184,49 +109,49 @@ .PP Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. Therefore, in order to perform nondefault initialisation, -\&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to +\&\fBOPENSSL_init_crypto()\fR MUST be called by application code prior to any other OpenSSL function calls. .PP The \fBopts\fR parameter specifies which aspects of libcrypto should be initialised. Valid options are: -.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 +.IP OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 4 .IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" Suppress automatic loading of the libcrypto error strings. This option is not a default option. Once selected subsequent calls to \&\fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 +\&\fBOPENSSL_INIT_LOAD_CRYPTO_STRINGS\fR will be ignored. +.IP OPENSSL_INIT_LOAD_CRYPTO_STRINGS 4 .IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" Automatic loading of the libcrypto error strings. With this option the library will automatically load the libcrypto error strings. This option is a default option. Once selected subsequent calls to \&\fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 +\&\fBOPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\fR will be ignored. +.IP OPENSSL_INIT_ADD_ALL_CIPHERS 4 .IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" With this option the library will automatically load and make available all libcrypto ciphers. This option is a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 +\&\fBOPENSSL_INIT_NO_ADD_ALL_CIPHERS\fR will be ignored. +.IP OPENSSL_INIT_ADD_ALL_DIGESTS 4 .IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" With this option the library will automatically load and make available all libcrypto digests. This option is a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 +\&\fBOPENSSL_INIT_NO_ADD_ALL_DIGESTS\fR will be ignored. +.IP OPENSSL_INIT_NO_ADD_ALL_CIPHERS 4 .IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" With this option the library will suppress automatic loading of libcrypto ciphers. This option is not a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 +\&\fBOPENSSL_INIT_ADD_ALL_CIPHERS\fR will be ignored. +.IP OPENSSL_INIT_NO_ADD_ALL_DIGESTS 4 .IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" With this option the library will suppress automatic loading of libcrypto digests. This option is not a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 +\&\fBOPENSSL_INIT_ADD_ALL_DIGESTS\fR will be ignored. +.IP OPENSSL_INIT_LOAD_CONFIG 4 .IX Item "OPENSSL_INIT_LOAD_CONFIG" With this option an OpenSSL configuration file will be automatically loaded and used by calling \fBOPENSSL_config()\fR. This is a default option. @@ -235,64 +160,64 @@ initialisation). In OpenSSL 1.1.0 this was a nondefault option for both libssl and libcrypto. See the description of \fBOPENSSL_INIT_new()\fR, below. -.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 +.IP OPENSSL_INIT_NO_LOAD_CONFIG 4 .IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" With this option the loading of OpenSSL configuration files will be suppressed. It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default option. -.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 +.IP OPENSSL_INIT_ASYNC 4 .IX Item "OPENSSL_INIT_ASYNC" With this option the library with automatically initialise the libcrypto async -sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 +sub\-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. +.IP OPENSSL_INIT_ENGINE_RDRAND 4 .IX Item "OPENSSL_INIT_ENGINE_RDRAND" With this option the library will automatically load and initialise the -\&\s-1RDRAND\s0 engine (if available). This not a default option and is deprecated +RDRAND engine (if available). This not a default option and is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 +.IP OPENSSL_INIT_ENGINE_DYNAMIC 4 .IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" With this option the library will automatically load and initialise the dynamic engine. This not a default option and is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 +.IP OPENSSL_INIT_ENGINE_OPENSSL 4 .IX Item "OPENSSL_INIT_ENGINE_OPENSSL" With this option the library will automatically load and initialise the openssl engine. This not a default option and is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 +.IP OPENSSL_INIT_ENGINE_CRYPTODEV 4 .IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" With this option the library will automatically load and initialise the cryptodev engine (if available). This not a default option and is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 +.IP OPENSSL_INIT_ENGINE_CAPI 4 .IX Item "OPENSSL_INIT_ENGINE_CAPI" With this option the library will automatically load and initialise the -\&\s-1CAPI\s0 engine (if available). This not a default option and is deprecated +CAPI engine (if available). This not a default option and is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 +.IP OPENSSL_INIT_ENGINE_PADLOCK 4 .IX Item "OPENSSL_INIT_ENGINE_PADLOCK" With this option the library will automatically load and initialise the padlock engine (if available). This not a default option and is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 +.IP OPENSSL_INIT_ENGINE_AFALG 4 .IX Item "OPENSSL_INIT_ENGINE_AFALG" With this option the library will automatically load and initialise the -\&\s-1AFALG\s0 engine. This not a default option and is deprecated +AFALG engine. This not a default option and is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 +.IP OPENSSL_INIT_ENGINE_ALL_BUILTIN 4 .IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" With this option the library will automatically load and initialise all the built in engines listed above with the exception of the openssl and afalg engines. This not a default option and is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 +.IP OPENSSL_INIT_ATFORK 4 .IX Item "OPENSSL_INIT_ATFORK" With this option the library will register its fork handlers. See \fBOPENSSL_fork_prepare\fR\|(3) for details. -.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 +.IP OPENSSL_INIT_NO_ATEXIT 4 .IX Item "OPENSSL_INIT_NO_ATEXIT" By default OpenSSL will attempt to clean itself up when the process exits via an -\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that +"atexit" handler. Using this option suppresses that behaviour. This means that the application will have to clean up OpenSSL explicitly using \&\fBOPENSSL_cleanup()\fR. .PP @@ -312,12 +237,12 @@ that will not call the registered \fBatexit()\fR handlers then the application should call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL are discouraged from calling this function and should instead, typically, rely -on auto-deinitialisation. This is to avoid error conditions where both an +on auto\-deinitialisation. This is to avoid error conditions where both an application and a library it depends on both use OpenSSL, and the library deinitialises it before the application has finished using it. .PP Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. -Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error +Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an ERR_R_INIT_FAIL error will be added to the error stack. Note that because initialisation has failed OpenSSL error strings will not be available, only an error code. This code can be put through the openssl errstr command line application to produce a human @@ -330,46 +255,47 @@ registered, no guarantees are made about the order of execution. .PP The \fBOPENSSL_thread_stop_ex()\fR function deallocates resources associated -with the current thread for the given \s-1OSSL_LIB_CTX\s0 \fBctx\fR. The \fBctx\fR parameter -can be \s-1NULL\s0 in which case the default \s-1OSSL_LIB_CTX\s0 is used. +with the current thread for the given OSSL_LIB_CTX \fBctx\fR. The \fBctx\fR parameter +can be NULL in which case the default OSSL_LIB_CTX is used. .PP Typically, this function will be called automatically by the library when -the thread exits as long as the \s-1OSSL_LIB_CTX\s0 has not been freed before the thread +the thread exits as long as the OSSL_LIB_CTX has not been freed before the thread exits. If \fBOSSL_LIB_CTX_free()\fR is called OPENSSL_thread_stop_ex will be called automatically for the current thread (but not any other threads that may have -used this \s-1OSSL_LIB_CTX\s0). +used this OSSL_LIB_CTX). .PP OPENSSL_thread_stop_ex should be called on all threads that will exit after the -\&\s-1OSSL_LIB_CTX\s0 is freed. -Typically this is not necessary for the default \s-1OSSL_LIB_CTX\s0 (because all +OSSL_LIB_CTX is freed. +Typically this is not necessary for the default OSSL_LIB_CTX (because all resources are cleaned up on library exit) except if thread local resources should be freed before library exit, or under the circumstances described in -the \s-1NOTES\s0 section below. +the NOTES section below. .PP \&\fBOPENSSL_thread_stop()\fR is the same as \fBOPENSSL_thread_stop_ex()\fR except that the -default \s-1OSSL_LIB_CTX\s0 is always used. +default OSSL_LIB_CTX is always used. .PP -The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with -\&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the -\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and -\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. +The \fBOPENSSL_INIT_LOAD_CONFIG\fR flag will load a configuration file, as with +\&\fBCONF_modules_load_file\fR\|(3) with NULL filename and application name and the +\&\fBCONF_MFLAGS_IGNORE_MISSING_FILE\fR, \fBCONF_MFLAGS_IGNORE_RETURN_CODES\fR and +\&\fBCONF_MFLAGS_DEFAULT_SECTION\fR flags. The filename, application name, and flags can be customized by providing a -non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. -The object can be allocated via \fB\fBOPENSSL_INIT_new()\fB\fR. -The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a +non\-null \fBOPENSSL_INIT_SETTINGS\fR object. +The object can be allocated via \fBOPENSSL_INIT_new()\fR. +The \fBOPENSSL_INIT_set_config_filename()\fR function can be used to specify a nondefault filename, which is copied and need not refer to persistent storage. Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a nondefault application name. Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. -If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in +If the \fBCONF_MFLAGS_IGNORE_RETURN_CODES\fR flag is not included, any errors in the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR or indirectly \fBOPENSSL_init_ssl\fR\|(3). The object can be released with \fBOPENSSL_INIT_free()\fR when done. -.SH "NOTES" +If the argument to \fBOPENSSL_INIT_free()\fR is NULL, nothing is done. +.SH NOTES .IX Header "NOTES" Resources local to a thread are deallocated automatically when the thread exits (e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows -platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to +platforms this is done in response to a DLL_THREAD_DETACH message being sent to the libcrypto32.dll entry point. Some windows functions may cause threads to exit without sending this message (for example \fBExitProcess()\fR). If the application uses such functions, then the application must free up OpenSSL resources @@ -381,11 +307,11 @@ should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call. .PP On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is -multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads +multi\-threaded and if \fBdlclose()\fR is subsequently called prior to the threads being destroyed then OpenSSL will not be able to deallocate resources associated with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR -call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). +call should use the RTLD_NODELETE flag (where available on the platform). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and @@ -393,16 +319,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_init_ssl\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR, \&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_SSL 3ossl" -.TH OPENSSL_INIT_SSL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_INIT_SSL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_init_ssl \- OpenSSL (libssl and libcrypto) initialisation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" During normal operation OpenSSL (libssl and libcrypto) will allocate various resources at start up that must, subsequently, be freed on close down of the library. Additionally some resources are allocated on a per thread basis (if the -application is multi-threaded), and these resources must be freed prior to the +application is multi\-threaded), and these resources must be freed prior to the thread closing. .PP As of version 1.1.0 OpenSSL will automatically allocate all resources that it @@ -162,31 +87,31 @@ However, there may be situations when explicit initialisation is desirable or needed, for example when some nondefault initialisation is required. The function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling -this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To -explicitly initialise \s-1ONLY\s0 libcrypto see the +this function will explicitly initialise BOTH libcrypto and libssl. To +explicitly initialise ONLY libcrypto see the \&\fBOPENSSL_init_crypto\fR\|(3) function. .PP Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR. Therefore, in order to perform nondefault initialisation, -\&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to +\&\fBOPENSSL_init_ssl()\fR MUST be called by application code prior to any other OpenSSL function calls. .PP The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be initialised. Valid options for libcrypto are described on the \&\fBOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto specific option the following libssl options can also be used: -.IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 +.IP OPENSSL_INIT_NO_LOAD_SSL_STRINGS 4 .IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" Suppress automatic loading of the libssl error strings. This option is not a default option. Once selected subsequent calls to \&\fBOPENSSL_init_ssl()\fR with the option -\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 +\&\fBOPENSSL_INIT_LOAD_SSL_STRINGS\fR will be ignored. +.IP OPENSSL_INIT_LOAD_SSL_STRINGS 4 .IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" Automatic loading of the libssl error strings. This option is a default option. Once selected subsequent calls to \&\fBOPENSSL_init_ssl()\fR with the option -\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +\&\fBOPENSSL_INIT_LOAD_SSL_STRINGS\fR will be ignored. .PP \&\fBOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to set parameter values. See \fBOPENSSL_init_crypto\fR\|(3) for details. @@ -196,14 +121,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_init_crypto\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_INSTRUMENT_BUS 3ossl" -.TH OPENSSL_INSTRUMENT_BUS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_INSTRUMENT_BUS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memory bus -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 4 \& #ifdef OPENSSL_CPUID_OBJ @@ -148,16 +73,16 @@ \& size_t OPENSSL_instrument_bus2(unsigned int *vector, size_t num, size_t max); \& #endif .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" It was empirically found that timings of references to primary memory -are subject to irregular, apparently non-deterministic variations. The +are subject to irregular, apparently non\-deterministic variations. The subroutines in question instrument these references for purposes of gathering randomness for random number generator. In order to make it -bus-bound a 'flush cache line' instruction is used between probes. In +bus\-bound a \*(Aqflush cache line\*(Aq instruction is used between probes. In addition probes are added to \fBvector\fR elements in atomic or interlocked manner, which should contribute additional noise on -multi-processor systems. This also means that \fBvector[num]\fR should be +multi\-processor systems. This also means that \fBvector[num]\fR should be zeroed upon invocation (if you want to retrieve actual probe values). .PP \&\fBOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of @@ -167,20 +92,20 @@ probes with the same value, i.e. in a way it records duration of periods when probe values appeared deterministic. The subroutine performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, -with \fBmax\fR value of 0 meaning \*(L"as many as it takes.\*(R" +with \fBmax\fR value of 0 meaning "as many as it takes." .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Return value of 0 indicates that \s-1CPU\s0 is not capable of performing the -benchmark, either because oscillator counter or 'flush cache line' is -not available on current platform. For reference, on x86 'flush cache -line' was introduced with the \s-1SSE2\s0 extensions. +Return value of 0 indicates that CPU is not capable of performing the +benchmark, either because oscillator counter or \*(Aqflush cache line\*(Aq is +not available on current platform. For reference, on x86 \*(Aqflush cache +line\*(Aq was introduced with the SSE2 extensions. .PP Otherwise number of recorded values is returned. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2011\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3ossl" -.TH OPENSSL_LOAD_BUILTIN_MODULES 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,16 +74,16 @@ \& void ASN1_add_oid_module(void); \& void ENGINE_add_conf_module(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL configuration modules to the internal list. They can then be used by the OpenSSL configuration code. .PP -\&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. +\&\fBASN1_add_oid_module()\fR adds just the ASN1 OBJECT module. .PP -\&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. -.SH "NOTES" +\&\fBENGINE_add_conf_module()\fR adds just the ENGINE configuration module. +.SH NOTES .IX Header "NOTES" If the simple configuration function \fBOPENSSL_config()\fR is called then \&\fBOPENSSL_load_builtin_modules()\fR is called automatically. @@ -177,14 +102,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBENGINE_add_conf_module()\fR was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_malloc.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_MALLOC 3ossl" -.TH OPENSSL_MALLOC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_MALLOC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, @@ -157,7 +82,7 @@ OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD \&\- Memory allocation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -205,7 +130,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 4 @@ -221,11 +146,11 @@ \& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); \& int CRYPTO_mem_debug_pop(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR \s-1API.\s0 These are -generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR -parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API.\s0 +OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR API. These are +generally macro\*(Aqs that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR +parameters and call a lower\-level \fBCRYPTO_xxx\fR API. Some functions do not add those parameters, but exist for consistency. .PP \&\fBOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is @@ -237,16 +162,21 @@ .PP \&\fBOPENSSL_clear_realloc()\fR and \fBOPENSSL_clear_free()\fR should be used when the buffer at \fBaddr\fR holds sensitive information. -The old buffer is filled with zero's by calling \fBOPENSSL_cleanse()\fR -before ultimately calling \fBOPENSSL_free()\fR. +The old buffer is filled with zero\*(Aqs by calling \fBOPENSSL_cleanse()\fR +before ultimately calling \fBOPENSSL_free()\fR. If the argument to +\&\fBOPENSSL_clear_free()\fR is NULL, nothing is done. .PP -\&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. +\&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0\*(Aqs. +It is useful in cases when it is needed to ensure that memory (that contains +sensitive information) is overwritten (for example, before it is reclaimed, +or when it is stored on stack), and such operation is not optimised out +by compiler optimisations such as dead store elimination (as \fBmemset\fR\|(3) may be). Use \fBOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. -If the storage controller uses write compression, then it's possible +If the storage controller uses write compression, then it\*(Aqs possible that sensitive tail bytes will survive zeroization because the block of zeros will be compressed. If the storage controller uses wear leveling, then the old sensitive data will not be overwritten; rather, a block of -0's will be written at a new physical location. +0\*(Aqs will be written at a new physical location. .PP \&\fBOPENSSL_strdup()\fR, \fBOPENSSL_strndup()\fR and \fBOPENSSL_memdup()\fR are like the equivalent C functions, except that memory is allocated by calling the @@ -256,30 +186,30 @@ \&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C library functions and are provided for portability. .PP -If no allocations have been done, it is possible to \*(L"swap out\*(R" the default +If no allocations have been done, it is possible to "swap out" the default implementations for \fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR and \fBOPENSSL_free()\fR and replace them with alternate versions. \&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the function pointers for the current implementations. With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions. -If any of \fBmalloc_fn\fR, \fBrealloc_fn\fR, or \fBfree_fn\fR are \s-1NULL,\s0 then +If any of \fBmalloc_fn\fR, \fBrealloc_fn\fR, or \fBfree_fn\fR are NULL, then the function is not changed. -While it's permitted to swap out only a few and not all the functions -with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out +While it\*(Aqs permitted to swap out only a few and not all the functions +with \fBCRYPTO_set_mem_functions()\fR, it\*(Aqs recommended to swap them all out at once. .PP If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment -variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, +variables, \fBOPENSSL_MALLOC_FAILURES\fR and \fBOPENSSL_MALLOC_FD\fR, are available. .PP The function \fBCRYPTO_get_alloc_counts()\fR fills in the number of times each of \fBCRYPTO_malloc()\fR, \fBCRYPTO_realloc()\fR, and \fBCRYPTO_free()\fR have been called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, -respectively. If a pointer is \s-1NULL,\s0 then the corresponding count is not stored. +respectively. If a pointer is NULL, then the corresponding count is not stored. .PP The variable -\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR controls how often allocations should fail. +\&\fBOPENSSL_MALLOC_FAILURES\fR controls how often allocations should fail. It is a set of fields separated by semicolons, which each field is a count (defaulting to zero) and an optional atsign and percentage (defaulting to 100). If the count is zero, then it lasts forever. For example, @@ -287,9 +217,9 @@ other allocations (until the program exits or crashes) have a 25% chance of failing. .PP -If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then +If the variable \fBOPENSSL_MALLOC_FD\fR is parsed as a positive integer, then it is taken as an open file descriptor. This is used in conjunction with -\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR described above. For every allocation it will log +\&\fBOPENSSL_MALLOC_FAILURES\fR described above. For every allocation it will log details about how many allocations there have been so far, what percentage chance there is for this allocation failing, and whether it has actually failed. The following example in classic shell syntax shows how to use this (will not @@ -313,31 +243,31 @@ \&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR, \&\fBCRYPTO_clear_realloc()\fR, \&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR -return a pointer to allocated memory or \s-1NULL\s0 on error. +return a pointer to allocated memory or NULL on error. .PP \&\fBCRYPTO_set_mem_functions()\fR returns 1 on success or 0 on failure (almost always because allocations have already happened). .PP \&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR, \fBCRYPTO_mem_leaks_cb()\fR, -\&\fBCRYPTO_set_mem_debug()\fR, and \fBCRYPTO_mem_ctrl()\fR are deprecated and are no-ops that +\&\fBCRYPTO_set_mem_debug()\fR, and \fBCRYPTO_mem_ctrl()\fR are deprecated and are no\-ops that always return \-1. \&\fBOPENSSL_mem_debug_push()\fR, \fBOPENSSL_mem_debug_pop()\fR, \&\fBCRYPTO_mem_debug_push()\fR, and \fBCRYPTO_mem_debug_pop()\fR -are deprecated and are no-ops that always return 0. -.SH "HISTORY" +are deprecated and are no\-ops that always return 0. +.SH HISTORY .IX Header "HISTORY" \&\fBOPENSSL_mem_debug_push()\fR, \fBOPENSSL_mem_debug_pop()\fR, \&\fBCRYPTO_mem_debug_push()\fR, \fBCRYPTO_mem_debug_pop()\fR, \&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR, \&\fBCRYPTO_mem_leaks_cb()\fR, \fBCRYPTO_set_mem_debug()\fR, \fBCRYPTO_mem_ctrl()\fR were deprecated in OpenSSL 3.0. -The memory-leak checking has been deprecated in OpenSSL 3.0 in favor of -clang's memory and leak sanitizer. -.SH "COPYRIGHT" +The memory\-leak checking has been deprecated in OpenSSL 3.0 in favor of +clang\*(Aqs memory and leak sanitizer. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_s390xcap.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_s390xcap.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,95 +53,36 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_S390XCAP 3ossl" -.TH OPENSSL_S390XCAP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_S390XCAP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_s390xcap \- the IBM z processor capabilities vector -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& env OPENSSL_s390xcap=... .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" libcrypto supports z/Architecture instruction set extensions. These extensions are denoted by individual bits in the capabilities vector. -When libcrypto is initialized, the bits returned by the \s-1STFLE\s0 instruction -and by the \s-1QUERY\s0 functions are stored in the vector. +When libcrypto is initialized, the bits returned by the STFLE instruction +and by the QUERY functions are stored in the vector. .PP To change the set of instructions available to an application, you can set the \fBOPENSSL_s390xcap\fR environment variable before you start the application. After initialization, the capability vector is ANDed bitwise with a mask which is derived from the environment variable. .PP -The environment variable is a semicolon-separated list of tokens which is +The environment variable is a semicolon\-separated list of tokens which is processed from left to right (whitespace is ignored): .PP .Vb 1 @@ -165,28 +90,28 @@ .Ve .PP There are three types of tokens: -.IP "" 4 +.IP 4 .IX Item "" -The name of a processor generation. A bit in the environment variable's +The name of a processor generation. A bit in the environment variable\*(Aqs mask is set to one if and only if the specified processor generation implements the corresponding instruction set extension. Possible values are \fBz900\fR, \fBz990\fR, \fBz9\fR, \fBz10\fR, \fBz196\fR, \fBzEC12\fR, \fBz13\fR, \fBz14\fR and \fBz15\fR. -.IP "::" 4 +.IP :: 4 .IX Item "::" The name of an instruction followed by two 64\-bit masks. The part of the -environment variable's mask corresponding to the specified instruction is +environment variable\*(Aqs mask corresponding to the specified instruction is set to the specified 128\-bit mask. Possible values are \fBkimd\fR, \fBklmd\fR, \&\fBkm\fR, \fBkmc\fR, \fBkmac\fR, \fBkmctr\fR, \fBkmo\fR, \fBkmf\fR, \fBprno\fR, \fBkma\fR, \fBpcc\fR and \fBkdsa\fR. -.IP "stfle:::" 4 +.IP stfle::: 4 .IX Item "stfle:::" -Store-facility-list-extended (stfle) followed by three 64\-bit masks. The -part of the environment variable's mask corresponding to the stfle +Store\-facility\-list\-extended (stfle) followed by three 64\-bit masks. The +part of the environment variable\*(Aqs mask corresponding to the stfle instruction is set to the specified 192\-bit mask. .PP The 64\-bit masks are specified in hexadecimal notation. The 0x prefix is -optional. Prefix a mask with a tilde, \f(CW\*(C`~\*(C'\fR, to denote a bitwise \s-1NOT\s0 operation. +optional. Prefix a mask with a tilde, \f(CW\*(C`~\*(C'\fR, to denote a bitwise NOT operation. .PP The following is a list of significant bits for each instruction. Colon rows separate the individual 64\-bit masks. The bit numbers in the first @@ -301,7 +226,7 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" Not available. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Disables all instruction set extensions which the z196 processor does not implement: .PP @@ -315,19 +240,19 @@ \& OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000" .Ve .PP -Disables the KM-XTS-AES and the KIMD-SHAKE function codes: +Disables the KM\-XTS\-AES and the KIMD\-SHAKE function codes: .PP .Vb 1 \& OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0" .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -[1] z/Architecture Principles of Operation, \s-1SA22\-7832\-12\s0 -.SH "COPYRIGHT" +[1] z/Architecture Principles of Operation, SA22\-7832\-12 +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_SECURE_MALLOC 3ossl" -.TH OPENSSL_SECURE_MALLOC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_SECURE_MALLOC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, @@ -146,7 +71,7 @@ CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_allocated, CRYPTO_secure_used \- secure heap storage -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -174,18 +99,23 @@ \& int CRYPTO_secure_allocated(const void *ptr); \& size_t CRYPTO_secure_used(); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -In order to help protect applications (particularly long-running servers) +In order to help protect applications (particularly long\-running servers) from pointer overruns or underruns that could return arbitrary data from -the program's dynamic memory area, where keys and other sensitive -information might be stored, OpenSSL supports the concept of a \*(L"secure heap.\*(R" +the program\*(Aqs dynamic memory area, where keys and other sensitive +information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your -threat model and concerns. -.PP -If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored there. -This protects long-term storage of private keys, but will not necessarily +threat model and concerns. It should be noted that the secure heap +uses a single read/write lock, and therefore any operations +that involve allocation or freeing of secure heap memory are serialised, +blocking other threads. With that in mind, highly concurrent applications +should enable the secure heap with caution and be aware of the performance +implications for multi\-threaded code. +.PP +If a secure heap is used, then private key \fBBIGNUM\fR values are stored there. +This protects long\-term storage of private keys, but will not necessarily put all intermediate values and computations there. .PP \&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified @@ -219,17 +149,19 @@ calling \fBOPENSSL_free()\fR. It exists for consistency with \fBOPENSSL_secure_malloc()\fR , and is a macro that expands to \fBCRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR -and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. +and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. If the argument to \fBOPENSSL_secure_free()\fR +is NULL, nothing is done. .PP \&\fBOPENSSL_secure_clear_free()\fR is similar to \fBOPENSSL_secure_free()\fR except that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear the memory if it was not allocated from the secure heap. If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to -calling \fBOPENSSL_clear_free()\fR. +calling \fBOPENSSL_clear_free()\fR. If the argument to \fBOPENSSL_secure_clear_free()\fR +is NULL, nothing is done. .PP \&\fBOPENSSL_secure_actual_size()\fR tells the actual size allocated to the pointer; implementations may allocate more space than initially -requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. +requested, in order to "round up" and reduce secure heap fragmentation. .PP \&\fBOPENSSL_secure_allocated()\fR tells if a pointer is allocated in the secure heap. .PP @@ -258,17 +190,17 @@ .IX Header "SEE ALSO" \&\fBOPENSSL_malloc\fR\|(3), \&\fBBN_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. .PP The second argument to \fBCRYPTO_secure_malloc_init()\fR was changed from an \fBint\fR to a \fBsize_t\fR in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OPENSSL_strcasecmp.3.orig +++ secure/lib/libcrypto/man/man3/OPENSSL_strcasecmp.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_STRCASECMP 3ossl" -.TH OPENSSL_STRCASECMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_STRCASECMP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_strcasecmp, OPENSSL_strncasecmp \- compare two strings ignoring case -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,32 +73,32 @@ \& int OPENSSL_strcasecmp(const char *s1, const char *s2); \& int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The OPENSSL_strcasecmp function performs a byte-by-byte comparison of the strings +The OPENSSL_strcasecmp function performs a byte\-by\-byte comparison of the strings \&\fBs1\fR and \fBs2\fR, ignoring the case of the characters. .PP The OPENSSL_strncasecmp function is similar, except that it compares no more than \&\fBn\fR bytes of \fBs1\fR and \fBs2\fR. .PP -In POSIX-compatible system and on Windows these functions use \*(L"C\*(R" locale for +In POSIX\-compatible system and on Windows these functions use "C" locale for case insensitive. Otherwise the comparison is done in current locale. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Both functions return an integer less than, equal to, or greater than zero if s1 is found, respectively, to be less than, to match, or be greater than s2. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -OpenSSL extensively uses case insensitive comparison of \s-1ASCII\s0 strings. Though -OpenSSL itself is locale-agnostic, the applications using OpenSSL libraries may +OpenSSL extensively uses case insensitive comparison of ASCII strings. Though +OpenSSL itself is locale\-agnostic, the applications using OpenSSL libraries may unpredictably suffer when they use localization (e.g. Turkish locale is -well-known with a specific I/i cases). These functions use C locale for string +well\-known with a specific I/i cases). These functions use C locale for string comparison. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_ALGORITHM.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_ALGORITHM.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_ALGORITHM 3ossl" -.TH OSSL_ALGORITHM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_ALGORITHM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_ALGORITHM \- OpenSSL Core type to define a fetchable algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,42 +78,42 @@ \& const char *algorithm_description; \& }; .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1OSSL_ALGORITHM\s0\fR type is a \fIpublic structure\fR that describes an +The \fBOSSL_ALGORITHM\fR type is a \fIpublic structure\fR that describes an algorithm that a \fBprovider\fR\|(7) provides. Arrays of this type are returned by providers on demand from the OpenSSL libraries to describe what algorithms the providers provide implementations of, and with what properties. .PP Arrays of this type must be terminated with a tuple where \fIalgorithm_names\fR -is \s-1NULL.\s0 +is NULL. .PP -This type of array is typically returned by the provider's operation querying -function, further described in \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7). -.SS "\fB\s-1OSSL_ALGORITHM\s0\fP fields" +This type of array is typically returned by the provider\*(Aqs operation querying +function, further described in "Provider Functions" in \fBprovider\-base\fR\|(7). +.SS "\fBOSSL_ALGORITHM\fP fields" .IX Subsection "OSSL_ALGORITHM fields" -.IP "\fIalgorithm_names\fR" 4 +.IP \fIalgorithm_names\fR 4 .IX Item "algorithm_names" This string is a colon separated set of names / identities, and is used by the appropriate fetching functionality (such as \fBEVP_CIPHER_fetch\fR\|(3), \&\fBEVP_MD_fetch\fR\|(3), etc) to find the desired algorithm. .Sp Multiple names / identities allow a specific algorithm implementation to be -fetched multiple ways. For example, the \s-1RSA\s0 algorithm has the following +fetched multiple ways. For example, the RSA algorithm has the following known identities: .RS 4 -.IP "\(bu" 4 +.IP \(bu 4 \&\f(CW\*(C`RSA\*(C'\fR -.IP "\(bu" 4 +.IP \(bu 4 \&\f(CW\*(C`rsaEncryption\*(C'\fR .Sp -This is the name of the algorithm's \s-1OBJECT IDENTIFIER\s0 (\s-1OID\s0), as given by the -PKCS#1 \s-1RFC\s0's \s-1ASN.1\s0 module -.IP "\(bu" 4 +This is the name of the algorithm\*(Aqs OBJECT IDENTIFIER (OID), as given by the +PKCS#1 RFC\*(Aqs ASN.1 module +.IP \(bu 4 \&\f(CW1.2.840.113549.1.1.1\fR .Sp -This is the \s-1OID\s0 itself for \f(CW\*(C`rsaEncryption\*(C'\fR, in canonical decimal text form. +This is the OID itself for \f(CW\*(C`rsaEncryption\*(C'\fR, in canonical decimal text form. .RE .RS 4 .Sp @@ -201,11 +126,11 @@ The OpenSSL libraries use the first of the algorithm names as the main or canonical name, on a per algorithm implementation basis. .Sp -See the notes \*(L"On the subject of algorithm names\*(R" below for a more in +See the notes "On the subject of algorithm names" below for a more in depth discussion on \fIalgorithm_names\fR and how that may interact with -applications and libraries, including OpenSSL's. +applications and libraries, including OpenSSL\*(Aqs. .RE -.IP "\fIproperty_definition\fR" 4 +.IP \fIproperty_definition\fR 4 .IX Item "property_definition" This string defines a set of properties associated with a particular algorithm implementation, and is used by the appropriate fetching @@ -215,46 +140,46 @@ .Sp See \fBproperty\fR\|(7) for a further description of the contents of this string. -.IP "\fIimplementation\fR" 4 +.IP \fIimplementation\fR 4 .IX Item "implementation" -Pointer to an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) array, containing pointers to the +Pointer to an \fBOSSL_DISPATCH\fR\|(3) array, containing pointers to the functions of a particular algorithm implementation. -.IP "\fIalgorithm_description\fR" 4 +.IP \fIalgorithm_description\fR 4 .IX Item "algorithm_description" -A string with a short human-readable description of the algorithm. -.SH "NOTES" +A string with a short human\-readable description of the algorithm. +.SH NOTES .IX Header "NOTES" .SS "On the subject of algorithm names" .IX Subsection "On the subject of algorithm names" -Providers may find the need to register \s-1ASN.1\s0 OIDs for algorithms using +Providers may find the need to register ASN.1 OIDs for algorithms using \&\fBOBJ_create\fR\|(3) (via the \fBcore_obj_create\fR upcall described in -\&\fBprovider\-base\fR\|(7), because some application or library \*(-- possibly still -the OpenSSL libraries, even \*(-- use NIDs to look up algorithms. +\&\fBprovider\-base\fR\|(7), because some application or library \-\- possibly still +the OpenSSL libraries, even \-\- use NIDs to look up algorithms. .PP -In that scenario, you must make sure that the corresponding \fB\s-1OSSL_ALGORITHM\s0\fR's +In that scenario, you must make sure that the corresponding \fBOSSL_ALGORITHM\fR\*(Aqs \&\fIalgorithm_names\fR includes both the short and the long name. .PP -Most of the time, registering \s-1ASN.1\s0 OIDs like this shouldn't be necessary, +Most of the time, registering ASN.1 OIDs like this shouldn\*(Aqt be necessary, and applications and libraries are encouraged to use \fBOBJ_obj2txt\fR\|(3) to -get a text representation of the \s-1OID,\s0 which may be a long or short name for -OIDs that are registered, or the \s-1OID\s0 itself in canonical decimal text form +get a text representation of the OID, which may be a long or short name for +OIDs that are registered, or the OID itself in canonical decimal text form if not (or if \fBOBJ_obj2txt\fR\|(3) is called with \fIno_name\fR = 1). .PP -It's recommended to make sure that the corresponding \fB\s-1OSSL_ALGORITHM\s0\fR's -\&\fIalgorithm_names\fR include known names as well as the \s-1OID\s0 itself in +It\*(Aqs recommended to make sure that the corresponding \fBOSSL_ALGORITHM\fR\*(Aqs +\&\fIalgorithm_names\fR include known names as well as the OID itself in canonical decimal text form. That should cover all scenarios. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBprovider\-base\fR\|(7), \fBopenssl\-core.h\fR\|(7), -\&\fBopenssl\-core_dispatch.h\fR\|(7), \s-1\fBOSSL_DISPATCH\s0\fR\|(3) -.SH "HISTORY" +\&\fBopenssl\-core_dispatch.h\fR\|(7), \fBOSSL_DISPATCH\fR\|(3) +.SH HISTORY .IX Header "HISTORY" -\&\fB\s-1OSSL_ALGORITHM\s0\fR was added in OpenSSL 3.0 -.SH "COPYRIGHT" +\&\fBOSSL_ALGORITHM\fR was added in OpenSSL 3.0 +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CALLBACK.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CALLBACK.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CALLBACK 3ossl" -.TH OSSL_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CALLBACK, OSSL_PASSPHRASE_CALLBACK \- OpenSSL Core type to define callbacks -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 6 \& #include @@ -150,7 +75,7 @@ \& const OSSL_PARAM params[], \& void *arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" For certain events or activities, provider functionality may need help from the application or the calling OpenSSL libraries themselves. For example, @@ -161,14 +86,14 @@ OpenSSL libraries, along with a generic pointer to data \fIarg\fR. As far as the function receiving the pointer to the function pointer and \fIarg\fR is concerned, the data that \fIarg\fR points at is opaque, and the pointer should -simply be passed back to the callback function when it's called. -.IP "\fB\s-1OSSL_CALLBACK\s0\fR" 4 +simply be passed back to the callback function when it\*(Aqs called. +.IP \fBOSSL_CALLBACK\fR 4 .IX Item "OSSL_CALLBACK" This is a generic callback function. When calling this callback function, -the caller is expected to build an \s-1\fBOSSL_PARAM\s0\fR\|(3) array of data it wants or +the caller is expected to build an \fBOSSL_PARAM\fR\|(3) array of data it wants or is expected to pass back, and pass that as \fIparams\fR, as well as the opaque data pointer it received, as \fIarg\fR. -.IP "\fB\s-1OSSL_PASSPHRASE_CALLBACK\s0\fR" 4 +.IP \fBOSSL_PASSPHRASE_CALLBACK\fR 4 .IX Item "OSSL_PASSPHRASE_CALLBACK" This is a specialised callback function, used specifically to prompt the user for a passphrase. When calling this callback function, a buffer to @@ -176,18 +101,18 @@ \&\fIpass_size\fR. The length of the prompted pass phrase will be given back in \&\fI*pass_len\fR. .Sp -Additional parameters can be passed with the \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR, +Additional parameters can be passed with the \fBOSSL_PARAM\fR\|(3) array \fIparams\fR, .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-core.h\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The types described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_CTX_NEW 3ossl" -.TH OSSL_CMP_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_CTX_new, OSSL_CMP_CTX_free, OSSL_CMP_CTX_reinit, @@ -200,7 +125,7 @@ OSSL_CMP_CTX_set1_transactionID, OSSL_CMP_CTX_set1_senderNonce \&\- functions for managing the CMP client context data structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -299,40 +224,41 @@ \& int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, \& const ASN1_OCTET_STRING *nonce); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This is the context \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with +This is the context API for using CMP (Certificate Management Protocol) with OpenSSL. .PP -\&\fBOSSL_CMP_CTX_new()\fR allocates an \fB\s-1OSSL_CMP_CTX\s0\fR structure associated with +\&\fBOSSL_CMP_CTX_new()\fR allocates an \fBOSSL_CMP_CTX\fR structure associated with the library context \fIlibctx\fR and property query string \fIpropq\fR, -both of which may be \s-1NULL\s0 to select the defaults. +both of which may be NULL to select the defaults. It initializes the remaining fields to their default values \- for instance, -the logging verbosity is set to \s-1OSSL_CMP_LOG_INFO,\s0 +the logging verbosity is set to OSSL_CMP_LOG_INFO, the message timeout is set to 120 seconds, -and the proof-of-possession method is set to \s-1OSSL_CRMF_POPO_SIGNATURE.\s0 +and the proof\-of\-possession method is set to OSSL_CRMF_POPO_SIGNATURE. .PP -\&\fBOSSL_CMP_CTX_free()\fR deallocates an \s-1OSSL_CMP_CTX\s0 structure. +\&\fBOSSL_CMP_CTX_free()\fR deallocates an OSSL_CMP_CTX structure. +If the argument is NULL, nothing is done. .PP \&\fBOSSL_CMP_CTX_reinit()\fR prepares the given \fIctx\fR for a further transaction by -clearing the internal \s-1CMP\s0 transaction (aka session) status, PKIStatusInfo, +clearing the internal CMP transaction (aka session) status, PKIStatusInfo, and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. It also clears any ITAVs that were added by \fBOSSL_CMP_CTX_push0_genm_ITAV()\fR. -All other field values (i.e., \s-1CMP\s0 options) are retained for potential reuse. +All other field values (i.e., CMP options) are retained for potential reuse. .PP \&\fBOSSL_CMP_CTX_set_option()\fR sets the given value for the given option -(e.g., \s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0) in the given \s-1OSSL_CMP_CTX\s0 structure. +(e.g., OSSL_CMP_OPT_IMPLICIT_CONFIRM) in the given OSSL_CMP_CTX structure. .PP The following options can be set: -.IP "\fB\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_LOG_VERBOSITY\fR 4 .IX Item "OSSL_CMP_OPT_LOG_VERBOSITY" .Vb 3 \& The level of severity needed for actually outputting log messages \& due to errors, warnings, general info, debugging, etc. \& Default is OSSL_CMP_LOG_INFO. See also L. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_KEEP_ALIVE\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_KEEP_ALIVE\fR 4 .IX Item "OSSL_CMP_OPT_KEEP_ALIVE" .Vb 6 \& If the given value is 0 then HTTP connections are not kept open @@ -342,7 +268,7 @@ \& i.e., in case the server does not grant them an error occurs. \& The default value is 1: prefer to keep the connection open. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_MSG_TIMEOUT\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_MSG_TIMEOUT\fR 4 .IX Item "OSSL_CMP_OPT_MSG_TIMEOUT" .Vb 4 \& Number of seconds a CMP request\-response message round trip @@ -350,7 +276,7 @@ \& A value <= 0 means no limitation (waiting indefinitely). \& Default is to use the B setting. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_TOTAL_TIMEOUT\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_TOTAL_TIMEOUT\fR 4 .IX Item "OSSL_CMP_OPT_TOTAL_TIMEOUT" .Vb 4 \& Maximum total number of seconds a transaction may take, @@ -358,28 +284,28 @@ \& A value <= 0 means no limitation (waiting indefinitely). \& Default is 0. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_VALIDITY_DAYS\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_VALIDITY_DAYS\fR 4 .IX Item "OSSL_CMP_OPT_VALIDITY_DAYS" .Vb 1 \& Number of days new certificates are asked to be valid for. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\fR 4 .IX Item "OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT" .Vb 2 \& Do not take default Subject Alternative Names \& from the reference certificate. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL\fR 4 .IX Item "OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL" .Vb 1 \& Demand that the given Subject Alternative Names are flagged as critical. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_POLICIES_CRITICAL\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_POLICIES_CRITICAL\fR 4 .IX Item "OSSL_CMP_OPT_POLICIES_CRITICAL" .Vb 1 \& Demand that the given policies are flagged as critical. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_POPO_METHOD\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_POPO_METHOD\fR 4 .IX Item "OSSL_CMP_OPT_POPO_METHOD" .Vb 1 \& Select the proof of possession method to use. Possible values are: @@ -395,26 +321,26 @@ \& Note that a signature\-based POPO can only be produced if a private key \& is provided as the newPkey or client\*(Aqs pkey component of the CMP context. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_DIGEST_ALGNID\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_DIGEST_ALGNID\fR 4 .IX Item "OSSL_CMP_OPT_DIGEST_ALGNID" .Vb 3 \& The NID of the digest algorithm to be used in RFC 4210\*(Aqs MSG_SIG_ALG \& for signature\-based message protection and Proof\-of\-Possession (POPO). \& Default is SHA256. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_OWF_ALGNID\s0\fR The \s-1NID\s0 of the digest algorithm to be used as one-way function (\s-1OWF\s0) for MAC-based message protection with password-based \s-1MAC\s0 (\s-1PBM\s0). See \s-1RFC 4210\s0 section 5.1.3.1 for details. Default is \s-1SHA256.\s0" 4 +.IP "\fBOSSL_CMP_OPT_OWF_ALGNID\fR The NID of the digest algorithm to be used as one\-way function (OWF) for MAC\-based message protection with password\-based MAC (PBM). See RFC 4210 section 5.1.3.1 for details. Default is SHA256." 4 .IX Item "OSSL_CMP_OPT_OWF_ALGNID The NID of the digest algorithm to be used as one-way function (OWF) for MAC-based message protection with password-based MAC (PBM). See RFC 4210 section 5.1.3.1 for details. Default is SHA256." .PD 0 -.IP "\fB\s-1OSSL_CMP_OPT_MAC_ALGNID\s0\fR The \s-1NID\s0 of the \s-1MAC\s0 algorithm to be used for message protection with \s-1PBM.\s0 Default is \s-1HMAC\-SHA1\s0 as per \s-1RFC 4210.\s0" 4 +.IP "\fBOSSL_CMP_OPT_MAC_ALGNID\fR The NID of the MAC algorithm to be used for message protection with PBM. Default is HMAC\-SHA1 as per RFC 4210." 4 .IX Item "OSSL_CMP_OPT_MAC_ALGNID The NID of the MAC algorithm to be used for message protection with PBM. Default is HMAC-SHA1 as per RFC 4210." -.IP "\fB\s-1OSSL_CMP_OPT_REVOCATION_REASON\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_REVOCATION_REASON\fR 4 .IX Item "OSSL_CMP_OPT_REVOCATION_REASON" .PD .Vb 2 \& The reason code to be included in a Revocation Request (RR); \& values: 0..10 (RFC 5210, 5.3.1) or \-1 for none, which is the default. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_IMPLICIT_CONFIRM\fR 4 .IX Item "OSSL_CMP_OPT_IMPLICIT_CONFIRM" .Vb 4 \& Request server to enable implicit confirm mode, where the client @@ -422,7 +348,7 @@ \& certificate. If the server does not enable implicit confirmation \& in the return message, then confirmation is sent anyway. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_DISABLE_CONFIRM\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_DISABLE_CONFIRM\fR 4 .IX Item "OSSL_CMP_OPT_DISABLE_CONFIRM" .Vb 5 \& Do not confirm enrolled certificates, to cope with broken servers @@ -431,12 +357,12 @@ \&exclusively to allow interoperability with server implementations violating \&RFC 4210. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_SEND\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_UNPROTECTED_SEND\fR 4 .IX Item "OSSL_CMP_OPT_UNPROTECTED_SEND" .Vb 1 \& Send request or response messages without CMP\-level protection. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_ERRORS\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_UNPROTECTED_ERRORS\fR 4 .IX Item "OSSL_CMP_OPT_UNPROTECTED_ERRORS" .Vb 7 \& Accept unprotected error responses which are either explicitly @@ -447,63 +373,70 @@ \&exclusively to allow interoperability with server implementations violating \&RFC 4210. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_IGNORE_KEYUSAGE\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_IGNORE_KEYUSAGE\fR 4 .IX Item "OSSL_CMP_OPT_IGNORE_KEYUSAGE" .Vb 3 \& Ignore key usage restrictions in the signer\*(Aqs certificate when \& validating signature\-based protection in received CMP messages. \& Else, \*(AqdigitalSignature\*(Aq must be allowed by CMP signer certificates. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0\fR" 4 +.IP \fBOSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\fR 4 .IX Item "OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR" -.Vb 2 +.Vb 3 \& Allow retrieving a trust anchor from extraCerts and using that \& to validate the certificate chain of an IP message. +\& This is a quirk option added to support 3GPP TS 33.310. +\& +\& Note that using this option is dangerous as the certificate obtained +\& this way has not been authenticated (at least not at CMP level). +\& Taking it over as a trust anchor implements trust\-on\-first\-use (TOFU). .Ve .PP \&\fBOSSL_CMP_CTX_get_option()\fR reads the current value of the given option -(e.g., \s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0) from the given \s-1OSSL_CMP_CTX\s0 structure. +(e.g., OSSL_CMP_OPT_IMPLICIT_CONFIRM) from the given OSSL_CMP_CTX structure. .PP \&\fBOSSL_CMP_CTX_set_log_cb()\fR sets in \fIctx\fR the callback function \fIcb\fR for handling error queue entries and logging messages. -When \fIcb\fR is \s-1NULL\s0 errors are printed to \s-1STDERR\s0 (if available, else ignored) +When \fIcb\fR is NULL errors are printed to STDERR (if available, else ignored) any log messages are ignored. -Alternatively, \fBOSSL_CMP_log_open\fR\|(3) may be used to direct logging to \s-1STDOUT.\s0 +Alternatively, \fBOSSL_CMP_log_open\fR\|(3) may be used to direct logging to STDOUT. .PP \&\fBOSSL_CMP_CTX_set_log_verbosity()\fR is a macro setting the -\&\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0 context option to the given level. +OSSL_CMP_OPT_LOG_VERBOSITY context option to the given level. .PP \&\fBOSSL_CMP_CTX_print_errors()\fR outputs any entries in the OpenSSL error queue. It -is similar to \fBERR_print_errors_cb\fR\|(3) but uses the \s-1CMP\s0 log callback function -if set in the \fIctx\fR for uniformity with \s-1CMP\s0 logging if given. Otherwise it uses -\&\fBERR_print_errors\fR\|(3) to print to \s-1STDERR\s0 (unless \s-1OPENSSL_NO_STDIO\s0 is defined). +is similar to \fBERR_print_errors_cb\fR\|(3) but uses the CMP log callback function +if set in the \fIctx\fR for uniformity with CMP logging if given. Otherwise it uses +\&\fBERR_print_errors\fR\|(3) to print to STDERR (unless OPENSSL_NO_STDIO is defined). .PP -\&\fBOSSL_CMP_CTX_set1_serverPath()\fR sets the \s-1HTTP\s0 path of the \s-1CMP\s0 server on the host, -also known as \*(L"\s-1CMP\s0 alias\*(R". +\&\fBOSSL_CMP_CTX_set1_serverPath()\fR sets the HTTP path of the CMP server on the host, +also known as "CMP alias". The default is \f(CW\*(C`/\*(C'\fR. .PP \&\fBOSSL_CMP_CTX_set1_server()\fR sets the given server \fIaddress\fR -(which may be a hostname or \s-1IP\s0 address or \s-1NULL\s0) in the given \fIctx\fR. +(which may be a hostname or IP address or NULL) in the given \fIctx\fR. .PP -\&\fBOSSL_CMP_CTX_set_serverPort()\fR sets the port of the \s-1CMP\s0 server to connect to. +\&\fBOSSL_CMP_CTX_set_serverPort()\fR sets the port of the CMP server to connect to. If not used or the \fIport\fR argument is 0 -the default port applies, which is 80 for \s-1HTTP\s0 and 443 for \s-1HTTPS.\s0 +the default port applies, which is 80 for HTTP and 443 for HTTPS. .PP -\&\fBOSSL_CMP_CTX_set1_proxy()\fR sets the \s-1HTTP\s0 proxy to be used for connecting to -the given \s-1CMP\s0 server unless overruled by any \*(L"no_proxy\*(R" settings (see below). -If \s-1TLS\s0 is not used this defaults to the value of +\&\fBOSSL_CMP_CTX_set1_proxy()\fR sets the HTTP proxy to be used for connecting to +the given CMP server unless overruled by any "no_proxy" settings (see below). +If TLS is not used this defaults to the value of the environment variable \f(CW\*(C`http_proxy\*(C'\fR if set, else \f(CW\*(C`HTTP_PROXY\*(C'\fR. Otherwise defaults to the value of \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. An empty proxy string specifies not to use a proxy. -Else the format is \f(CW\*(C`[http[s]://]address[:port][/path]\*(C'\fR, -where any path given is ignored. +Otherwise the format is +\&\f(CW\*(C`[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\*(C'\fR, +where any given userinfo, path, query, and fragment is ignored. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. The default port number is 80, or 443 in case \f(CW\*(C`https:\*(C'\fR is given. .PP \&\fBOSSL_CMP_CTX_set1_no_proxy()\fR sets the list of server hostnames not to use -an \s-1HTTP\s0 proxy for. The names may be separated by commas and/or whitespace. +an HTTP proxy for. The names may be separated by commas and/or whitespace. Defaults to the environment variable \f(CW\*(C`no_proxy\*(C'\fR if set, else \f(CW\*(C`NO_PROXY\*(C'\fR. .PP -\&\fBOSSL_CMP_CTX_set_http_cb()\fR sets the optional \s-1BIO\s0 connect/disconnect callback +\&\fBOSSL_CMP_CTX_set_http_cb()\fR sets the optional BIO connect/disconnect callback function, which has the prototype .PP .Vb 1 @@ -512,25 +445,25 @@ .PP The callback may modify the \fIbio\fR provided by \fBOSSL_CMP_MSG_http_perform\fR\|(3), whereby it may make use of a custom defined argument \fIctx\fR -stored in the \s-1OSSL_CMP_CTX\s0 by means of \fBOSSL_CMP_CTX_set_http_cb_arg()\fR. +stored in the OSSL_CMP_CTX by means of \fBOSSL_CMP_CTX_set_http_cb_arg()\fR. During connection establishment, just after calling \fBBIO_do_connect_retry()\fR, the function is invoked with the \fIconnect\fR argument being 1 and the \fIdetail\fR -argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled. On +argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. On disconnect \fIconnect\fR is 0 and \fIdetail\fR is 1 in case no error occurred, else 0. -For instance, on connect the function may prepend a \s-1TLS BIO\s0 to implement \s-1HTTPS\s0; +For instance, on connect the function may prepend a TLS BIO to implement HTTPS; after disconnect it may do some diagnostic output and/or specific cleanup. -The function should return \s-1NULL\s0 to indicate failure. -After disconnect the modified \s-1BIO\s0 will be deallocated using \fBBIO_free_all()\fR. +The function should return NULL to indicate failure. +After disconnect the modified BIO will be deallocated using \fBBIO_free_all()\fR. .PP \&\fBOSSL_CMP_CTX_set_http_cb_arg()\fR sets an argument, respectively a pointer to a structure containing arguments, optionally to be used by the http connect/disconnect callback function. \&\fIarg\fR is not consumed, and it must therefore explicitly be freed when not -needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry. +needed any more. \fIarg\fR may be NULL to clear the entry. .PP \&\fBOSSL_CMP_CTX_get_http_cb_arg()\fR gets the argument, respectively the pointer to a structure containing arguments, previously set by -\&\fBOSSL_CMP_CTX_set_http_cb_arg()\fR or \s-1NULL\s0 if unset. +\&\fBOSSL_CMP_CTX_set_http_cb_arg()\fR or NULL if unset. .PP \&\fBOSSL_CMP_CTX_set_transfer_cb()\fR sets the message transfer callback function, which has the type @@ -542,9 +475,9 @@ .PP Returns 1 on success, 0 on error. .PP -Default is \s-1NULL,\s0 which implies the use of \fBOSSL_CMP_MSG_http_perform\fR\|(3). -The callback should send the \s-1CMP\s0 request message it obtains via the \fIreq\fR -parameter and on success return the response, else it must return \s-1NULL.\s0 +Default is NULL, which implies the use of \fBOSSL_CMP_MSG_http_perform\fR\|(3). +The callback should send the CMP request message it obtains via the \fIreq\fR +parameter and on success return the response, else it must return NULL. The transfer callback may make use of a custom defined argument stored in the ctx by means of \fBOSSL_CMP_CTX_set_transfer_cb_arg()\fR, which may be retrieved again through \fBOSSL_CMP_CTX_get_transfer_cb_arg()\fR. @@ -552,120 +485,120 @@ \&\fBOSSL_CMP_CTX_set_transfer_cb_arg()\fR sets an argument, respectively a pointer to a structure containing arguments, optionally to be used by the transfer callback. \&\fIarg\fR is not consumed, and it must therefore explicitly be freed when not -needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry. +needed any more. \fIarg\fR may be NULL to clear the entry. .PP \&\fBOSSL_CMP_CTX_get_transfer_cb_arg()\fR gets the argument, respectively the pointer to a structure containing arguments, previously set by -\&\fBOSSL_CMP_CTX_set_transfer_cb_arg()\fR or \s-1NULL\s0 if unset. +\&\fBOSSL_CMP_CTX_set_transfer_cb_arg()\fR or NULL if unset. .PP \&\fBOSSL_CMP_CTX_set1_srvCert()\fR sets the expected server cert in \fIctx\fR and trusts it directly (even if it is expired) when verifying signed response messages. -This pins the accepted \s-1CMP\s0 server and +This pins the accepted CMP server and results in ignoring whatever may be set using \fBOSSL_CMP_CTX_set0_trustedStore()\fR. Any previously set value is freed. -The \fIcert\fR argument may be \s-1NULL\s0 to clear the entry. +The \fIcert\fR argument may be NULL to clear the entry. If set, the subject of the certificate is also used -as default value for the recipient of \s-1CMP\s0 requests -and as default value for the expected sender of \s-1CMP\s0 responses. +as default value for the recipient of CMP requests +and as default value for the expected sender of CMP responses. .PP -\&\fBOSSL_CMP_CTX_set1_expected_sender()\fR sets the Distinguished Name (\s-1DN\s0) -expected in the sender field of incoming \s-1CMP\s0 messages. +\&\fBOSSL_CMP_CTX_set1_expected_sender()\fR sets the Distinguished Name (DN) +expected in the sender field of incoming CMP messages. Defaults to the subject of the pinned server certificate, if any. This can be used to make sure that only a particular entity is accepted as -\&\s-1CMP\s0 message signer, and attackers are not able to use arbitrary certificates -of a trusted \s-1PKI\s0 hierarchy to fraudulently pose as \s-1CMP\s0 server. +CMP message signer, and attackers are not able to use arbitrary certificates +of a trusted PKI hierarchy to fraudulently pose as CMP server. Note that this gives slightly more freedom than \fBOSSL_CMP_CTX_set1_srvCert()\fR, which pins the server to the holder of a particular certificate, while the expected sender name will continue to match after updates of the server cert. .PP \&\fBOSSL_CMP_CTX_set0_trustedStore()\fR -sets in the \s-1CMP\s0 context \fIctx\fR the certificate store of type X509_STORE +sets in the CMP context \fIctx\fR the certificate store of type X509_STORE containing trusted certificates, typically of root CAs. This is ignored when a certificate is pinned using \fBOSSL_CMP_CTX_set1_srvCert()\fR. The store may also hold CRLs and a certificate verification callback function -used for signature-based peer authentication. +used for signature\-based peer authentication. Any store entry already set before is freed. -When given a \s-1NULL\s0 parameter the entry is cleared. +When given a NULL parameter the entry is cleared. .PP \&\fBOSSL_CMP_CTX_get0_trustedStore()\fR -extracts from the \s-1CMP\s0 context \fIctx\fR the pointer to the currently set +extracts from the CMP context \fIctx\fR the pointer to the currently set certificate store containing trust anchors etc., or an empty store if unset. .PP -\&\fBOSSL_CMP_CTX_set1_untrusted()\fR sets up a list of non-trusted certificates -of intermediate CAs that may be useful for path construction for the own \s-1CMP\s0 -signer certificate, for the own \s-1TLS\s0 certificate (if any), when verifying peer -\&\s-1CMP\s0 protection certificates, and when verifying newly enrolled certificates. +\&\fBOSSL_CMP_CTX_set1_untrusted()\fR sets up a list of non\-trusted certificates +of intermediate CAs that may be useful for path construction for the own CMP +signer certificate, for the own TLS certificate (if any), when verifying peer +CMP protection certificates, and when verifying newly enrolled certificates. The reference counts of those certificates handled successfully are increased. .PP -OSSL_CMP_CTX_get0_untrusted(\s-1OSSL_CMP_CTX\s0 *ctx) returns a pointer to the +OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the list of untrusted certs, which may be empty if unset. .PP -\&\fBOSSL_CMP_CTX_set1_cert()\fR sets the \s-1CMP\s0 signer certificate, also called protection -certificate, related to the private key for signature-based message protection. +\&\fBOSSL_CMP_CTX_set1_cert()\fR sets the CMP signer certificate, also called protection +certificate, related to the private key for signature\-based message protection. Therefore the public key of this \fIcert\fR must correspond to the private key set before or thereafter via \fBOSSL_CMP_CTX_set1_pkey()\fR. -When using signature-based protection of \s-1CMP\s0 request messages -this \s-1CMP\s0 signer certificate will be included first in the extraCerts field. +When using signature\-based protection of CMP request messages +this CMP signer certificate will be included first in the extraCerts field. It serves as fallback reference certificate, see \fBOSSL_CMP_CTX_set1_oldCert()\fR. The subject of this \fIcert\fR will be used as the sender field of outgoing messages, while the subject of any cert set via \fBOSSL_CMP_CTX_set1_oldCert()\fR and any value set via \fBOSSL_CMP_CTX_set1_subjectName()\fR are used as fallback. .PP -The \fIcert\fR argument may be \s-1NULL\s0 to clear the entry. +The \fIcert\fR argument may be NULL to clear the entry. .PP -\&\fBOSSL_CMP_CTX_build_cert_chain()\fR builds a certificate chain for the \s-1CMP\s0 signer +\&\fBOSSL_CMP_CTX_build_cert_chain()\fR builds a certificate chain for the CMP signer certificate previously set in the \fIctx\fR. It adds the optional \fIcandidates\fR, -a list of intermediate \s-1CA\s0 certs that may already constitute the targeted chain, +a list of intermediate CA certs that may already constitute the targeted chain, to the untrusted certs that may already exist in the \fIctx\fR. Then the function uses this augmented set of certs for chain construction. -If \fIown_trusted\fR is \s-1NULL\s0 it builds the chain as far down as possible and -ignores any verification errors. Else the \s-1CMP\s0 signer certificate must be +If \fIown_trusted\fR is NULL it builds the chain as far down as possible and +ignores any verification errors. Else the CMP signer certificate must be verifiable where the chain reaches a trust anchor contained in \fIown_trusted\fR. On success the function stores the resulting chain in \fIctx\fR -for inclusion in the extraCerts field of signature-protected messages. +for inclusion in the extraCerts field of signature\-protected messages. Calling this function is optional; by default a chain construction is performed on demand that is equivalent to calling this function -with the \fIcandidates\fR and \fIown_trusted\fR arguments being \s-1NULL.\s0 +with the \fIcandidates\fR and \fIown_trusted\fR arguments being NULL. .PP -\&\fBOSSL_CMP_CTX_set1_pkey()\fR sets the client's private key corresponding to the -\&\s-1CMP\s0 signer certificate set via \fBOSSL_CMP_CTX_set1_cert()\fR. -This key is used create signature-based protection (protectionAlg = \s-1MSG_SIG_ALG\s0) +\&\fBOSSL_CMP_CTX_set1_pkey()\fR sets the client\*(Aqs private key corresponding to the +CMP signer certificate set via \fBOSSL_CMP_CTX_set1_cert()\fR. +This key is used create signature\-based protection (protectionAlg = MSG_SIG_ALG) of outgoing messages unless a symmetric secret has been set via \fBOSSL_CMP_CTX_set1_secretValue()\fR. -The \fIpkey\fR argument may be \s-1NULL\s0 to clear the entry. +The \fIpkey\fR argument may be NULL to clear the entry. .PP \&\fBOSSL_CMP_CTX_set1_secretValue()\fR sets in \fIctx\fR the byte string \fIsec\fR of length -\&\fIlen\fR to use as pre-shared secret, or clears it if the \fIsec\fR argument is \s-1NULL.\s0 -If present, this secret is used to create MAC-based authentication and integrity -protection (rather than applying signature-based protection) +\&\fIlen\fR to use as pre\-shared secret, or clears it if the \fIsec\fR argument is NULL. +If present, this secret is used to create MAC\-based authentication and integrity +protection (rather than applying signature\-based protection) of outgoing messages and to verify authenticity and integrity of incoming -messages that have MAC-based protection (protectionAlg = \f(CW\*(C`MSG_MAC_ALG\*(C'\fR). +messages that have MAC\-based protection (protectionAlg = \f(CW\*(C`MSG_MAC_ALG\*(C'\fR). .PP \&\fBOSSL_CMP_CTX_set1_referenceValue()\fR sets the given referenceValue \fIref\fR with -length \fIlen\fR in the given \fIctx\fR or clears it if the \fIref\fR argument is \s-1NULL.\s0 -According to \s-1RFC 4210\s0 section 5.1.1, if no value for the sender field in -\&\s-1CMP\s0 message headers can be determined (i.e., no \s-1CMP\s0 signer certificate -and no subject \s-1DN\s0 is set via \fBOSSL_CMP_CTX_set1_subjectName()\fR -then the sender field will contain the NULL-DN -and the senderKID field of the \s-1CMP\s0 message header must be set. -When signature-based protection is used the senderKID will be set to -the subjectKeyIdentifier of the \s-1CMP\s0 signer certificate as far as present. -If not present or when MAC-based protection is used +length \fIlen\fR in the given \fIctx\fR or clears it if the \fIref\fR argument is NULL. +According to RFC 4210 section 5.1.1, if no value for the sender field in +CMP message headers can be determined (i.e., no CMP signer certificate +and no subject DN is set via \fBOSSL_CMP_CTX_set1_subjectName()\fR +then the sender field will contain the NULL\-DN +and the senderKID field of the CMP message header must be set. +When signature\-based protection is used the senderKID will be set to +the subjectKeyIdentifier of the CMP signer certificate as far as present. +If not present or when MAC\-based protection is used the \fIref\fR value is taken as the fallback value for the senderKID. .PP \&\fBOSSL_CMP_CTX_set1_recipient()\fR sets the recipient name that will be used in the -PKIHeader of \s-1CMP\s0 request messages, i.e. the X509 name of the (\s-1CA\s0) server. +PKIHeader of CMP request messages, i.e. the X509 name of the (CA) server. .PP -The recipient field in the header of a \s-1CMP\s0 message is mandatory. +The recipient field in the header of a CMP message is mandatory. If not given explicitly the recipient is determined in the following order: -the subject of the \s-1CMP\s0 server certificate set using \fBOSSL_CMP_CTX_set1_srvCert()\fR, +the subject of the CMP server certificate set using \fBOSSL_CMP_CTX_set1_srvCert()\fR, the value set using \fBOSSL_CMP_CTX_set1_issuer()\fR, the issuer of the certificate set using \fBOSSL_CMP_CTX_set1_oldCert()\fR, -the issuer of the \s-1CMP\s0 signer certificate, -as far as any of those is present, else the NULL-DN as last resort. +the issuer of the CMP signer certificate, +as far as any of those is present, else the NULL\-DN as last resort. .PP \&\fBOSSL_CMP_CTX_push0_geninfo_ITAV()\fR adds \fIitav\fR to the stack in the \fIctx\fR to be -added to the GeneralInfo field of the \s-1CMP\s0 PKIMessage header of a request +added to the GeneralInfo field of the CMP PKIMessage header of a request message sent with this context. .PP \&\fBOSSL_CMP_CTX_reset_geninfo_ITAVs()\fR @@ -674,43 +607,43 @@ \&\fBOSSL_CMP_CTX_set1_extraCertsOut()\fR sets the stack of extraCerts that will be sent to remote. .PP -\&\fBOSSL_CMP_CTX_set0_newPkey()\fR can be used to explicitly set the given \s-1EVP_PKEY\s0 -structure as the private or public key to be certified in the \s-1CMP\s0 context. +\&\fBOSSL_CMP_CTX_set0_newPkey()\fR can be used to explicitly set the given EVP_PKEY +structure as the private or public key to be certified in the CMP context. The \fIpriv\fR parameter must be 0 if and only if the given key is a public key. .PP \&\fBOSSL_CMP_CTX_get0_newPkey()\fR gives the key to use for certificate enrollment -dependent on fields of the \s-1CMP\s0 context structure: +dependent on fields of the CMP context structure: the newPkey (which may be a private or public key) if present, -else the public key in the p10CSR if present, else the client's private key. +else the public key in the p10CSR if present, else the client\*(Aqs private key. If the \fIpriv\fR parameter is not 0 and the selected key does not have a -private component then \s-1NULL\s0 is returned. +private component then NULL is returned. .PP \&\fBOSSL_CMP_CTX_set1_issuer()\fR sets the name of the intended issuer that -will be set in the CertTemplate, i.e., the X509 name of the \s-1CA\s0 server. +will be set in the CertTemplate, i.e., the X509 name of the CA server. .PP -\&\fBOSSL_CMP_CTX_set1_subjectName()\fR sets the subject \s-1DN\s0 that will be used in +\&\fBOSSL_CMP_CTX_set1_subjectName()\fR sets the subject DN that will be used in the CertTemplate structure when requesting a new cert. For Key Update Requests -(\s-1KUR\s0), it defaults to the subject \s-1DN\s0 of the reference certificate, +(KUR), it defaults to the subject DN of the reference certificate, see \fBOSSL_CMP_CTX_set1_oldCert()\fR. This default is used for Initialization -Requests (\s-1IR\s0) and Certification Requests (\s-1CR\s0) only if no SANs are set. +Requests (IR) and Certification Requests (CR) only if no SANs are set. The \fIsubjectName\fR is also used as fallback for the sender field -of outgoing \s-1CMP\s0 messages if no reference certificate is available. +of outgoing CMP messages if no reference certificate is available. .PP \&\fBOSSL_CMP_CTX_push1_subjectAltName()\fR adds the given X509 name to the list of alternate names on the certificate template request. This cannot be used if any Subject Alternative Name extension is set via \&\fBOSSL_CMP_CTX_set0_reqExtensions()\fR. -By default, unless \fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR has been set, +By default, unless \fBOSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\fR has been set, the Subject Alternative Names are copied from the reference certificate, see \fBOSSL_CMP_CTX_set1_oldCert()\fR. -If set and the subject \s-1DN\s0 is not set with \fBOSSL_CMP_CTX_set1_subjectName()\fR then -the certificate template of an \s-1IR\s0 and \s-1CR\s0 will not be filled with the default -subject \s-1DN\s0 from the reference certificate. -If a subject \s-1DN\s0 is desired it needs to be set explicitly with +If set and the subject DN is not set with \fBOSSL_CMP_CTX_set1_subjectName()\fR then +the certificate template of an IR and CR will not be filled with the default +subject DN from the reference certificate. +If a subject DN is desired it needs to be set explicitly with \&\fBOSSL_CMP_CTX_set1_subjectName()\fR. .PP \&\fBOSSL_CMP_CTX_set0_reqExtensions()\fR sets the X.509v3 extensions to be used in -\&\s-1IR/CR/KUR.\s0 +IR/CR/KUR. .PP \&\fBOSSL_CMP_CTX_reqExtensions_have_SAN()\fR returns 1 if the context contains a Subject Alternative Name extension, else 0 or \-1 on error. @@ -719,29 +652,29 @@ to the X509_EXTENSIONS of the requested certificate template. .PP \&\fBOSSL_CMP_CTX_set1_oldCert()\fR sets the old certificate to be updated in -Key Update Requests (\s-1KUR\s0) or to be revoked in Revocation Requests (\s-1RR\s0). -It must be given for \s-1RR,\s0 else it defaults to the \s-1CMP\s0 signer certificate. +Key Update Requests (KUR) or to be revoked in Revocation Requests (RR). +It must be given for RR, else it defaults to the CMP signer certificate. The \fIreference certificate\fR determined in this way, if any, is also used for -deriving default subject \s-1DN,\s0 public key, Subject Alternative Names, and the -default issuer entry in the requested certificate template of \s-1IR/CR/KUR.\s0 +deriving default subject DN, public key, Subject Alternative Names, and the +default issuer entry in the requested certificate template of IR/CR/KUR. The subject of the reference certificate is used as the sender field value -in \s-1CMP\s0 message headers. -Its issuer is used as default recipient in \s-1CMP\s0 message headers. +in CMP message headers. +Its issuer is used as default recipient in CMP message headers. .PP -\&\fBOSSL_CMP_CTX_set1_p10CSR()\fR sets the PKCS#10 \s-1CSR\s0 to use in P10CR messages. -If such a \s-1CSR\s0 is provided, its subject, public key, and extension fields are -also used as fallback values for the certificate template of \s-1IR/CR/KUR\s0 messages. +\&\fBOSSL_CMP_CTX_set1_p10CSR()\fR sets the PKCS#10 CSR to use in P10CR messages. +If such a CSR is provided, its subject, public key, and extension fields are +also used as fallback values for the certificate template of IR/CR/KUR messages. .PP \&\fBOSSL_CMP_CTX_push0_genm_ITAV()\fR adds \fIitav\fR to the stack in the \fIctx\fR which will be the body of a General Message sent with this context. .PP \&\fBOSSL_CMP_certConf_cb()\fR is the default certificate confirmation callback function. -If the callback argument is not \s-1NULL\s0 it must point to a trust store. +If the callback argument is not NULL it must point to a trust store. In this case the function checks that the newly enrolled certificate can be verified using this trust store and untrusted certificates from the \fIctx\fR, which have been augmented by the list of extraCerts received. During this verification, any certificate status checking is disabled. -If the callback argument is \s-1NULL\s0 the function tries building an approximate +If the callback argument is NULL the function tries building an approximate chain as far as possible using the same untrusted certificates from the \fIctx\fR, and if this fails it takes the received extraCerts as fallback. The resulting cert chain can be retrieved using \fBOSSL_CMP_CTX_get1_newChain()\fR. @@ -756,7 +689,7 @@ .Ve .PP and should inspect the certificate it obtains via the \fIcert\fR parameter and may -overrule the pre-decision given in the \fIfail_info\fR and \fI*txt\fR parameters. +overrule the pre\-decision given in the \fIfail_info\fR and \fI*txt\fR parameters. If it accepts the certificate it must return 0, indicating success. Else it must return a bit field reflecting PKIFailureInfo with at least one failure bit and may set the \fI*txt\fR output parameter to point to a string constant with more @@ -765,28 +698,28 @@ retrieved again through \fBOSSL_CMP_CTX_get_certConf_cb_arg()\fR. Typically, the callback will check at least that the certificate can be verified using a set of trusted certificates. -It also could compare the subject \s-1DN\s0 and other fields of the newly +It also could compare the subject DN and other fields of the newly enrolled certificate with the certificate template of the request. .PP \&\fBOSSL_CMP_CTX_set_certConf_cb_arg()\fR sets an argument, respectively a pointer to a structure containing arguments, optionally to be used by the certConf callback. \&\fIarg\fR is not consumed, and it must therefore explicitly be freed when not -needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry. +needed any more. \fIarg\fR may be NULL to clear the entry. .PP \&\fBOSSL_CMP_CTX_get_certConf_cb_arg()\fR gets the argument, respectively the pointer to a structure containing arguments, previously set by -\&\fBOSSL_CMP_CTX_set_certConf_cb_arg()\fR, or \s-1NULL\s0 if unset. +\&\fBOSSL_CMP_CTX_set_certConf_cb_arg()\fR, or NULL if unset. .PP \&\fBOSSL_CMP_CTX_get_status()\fR returns for client contexts the PKIstatus from the last received CertRepMessage or Revocation Response or error message: -=item \fBOSSL_CMP_PKISTATUS_accepted\fR on successful receipt of a \s-1GENP\s0 message: -.IP "\fBOSSL_CMP_PKISTATUS_request\fR" 4 +=item \fBOSSL_CMP_PKISTATUS_accepted\fR on successful receipt of a GENP message: +.IP \fBOSSL_CMP_PKISTATUS_request\fR 4 .IX Item "OSSL_CMP_PKISTATUS_request" -if an \s-1IR/CR/KUR/RR/GENM\s0 request message could not be produced, -.IP "\fBOSSL_CMP_PKISTATUS_trans\fR" 4 +if an IR/CR/KUR/RR/GENM request message could not be produced, +.IP \fBOSSL_CMP_PKISTATUS_trans\fR 4 .IX Item "OSSL_CMP_PKISTATUS_trans" on a transmission error or transaction error for this type of request, and -.IP "\fBOSSL_CMP_PKISTATUS_unspecified\fR" 4 +.IP \fBOSSL_CMP_PKISTATUS_unspecified\fR 4 .IX Item "OSSL_CMP_PKISTATUS_unspecified" if no such request was attempted or \fBOSSL_CMP_CTX_reinit()\fR has been called. .PP @@ -795,26 +728,26 @@ otherwise \fBOSSL_CMP_PKISTATUS_unspecified\fR. .PP \&\fBOSSL_CMP_CTX_get0_statusString()\fR returns the statusString from the last received -CertRepMessage or Revocation Response or error message, or \s-1NULL\s0 if unset. +CertRepMessage or Revocation Response or error message, or NULL if unset. .PP \&\fBOSSL_CMP_CTX_get_failInfoCode()\fR returns the error code from the failInfo field of the last received CertRepMessage or Revocation Response or error message, or \-1 if no such response was received or \fBOSSL_CMP_CTX_reinit()\fR has been called. This is a bit field and the flags for it are specified in the header file \&\fI\fR. -The flags start with \s-1OSSL_CMP_CTX_FAILINFO,\s0 for example: +The flags start with OSSL_CMP_CTX_FAILINFO, for example: OSSL_CMP_CTX_FAILINFO_badAlg. Returns \-1 if the failInfoCode field is unset. .PP \&\fBOSSL_CMP_CTX_get0_newCert()\fR returns the pointer to the newly obtained -certificate in case it is available, else \s-1NULL.\s0 +certificate in case it is available, else NULL. .PP \&\fBOSSL_CMP_CTX_get1_newChain()\fR returns a pointer to a duplicate of the stack of X.509 certificates computed by \fBOSSL_CMP_certConf_cb()\fR (if this function has -been called) on the last received certificate response message \s-1IP/CP/KUP.\s0 +been called) on the last received certificate response message IP/CP/KUP. .PP \&\fBOSSL_CMP_CTX_get1_caPubs()\fR returns a pointer to a duplicate of the list of X.509 certificates in the caPubs field of the last received certificate -response message (of type \s-1IP, CP,\s0 or \s-1KUP\s0), +response message (of type IP, CP, or KUP), or an empty stack if no caPubs have been received in the current transaction. .PP \&\fBOSSL_CMP_CTX_get1_extraCertsIn()\fR returns a pointer to a duplicate of the list @@ -822,14 +755,14 @@ response message (except for pollRep and PKIConf), or an empty stack if no extraCerts have been received in the current transaction. .PP -\&\fBOSSL_CMP_CTX_set1_transactionID()\fR sets the given transaction \s-1ID\s0 in the given -\&\s-1OSSL_CMP_CTX\s0 structure. +\&\fBOSSL_CMP_CTX_set1_transactionID()\fR sets the given transaction ID in the given +OSSL_CMP_CTX structure. .PP \&\fBOSSL_CMP_CTX_set1_senderNonce()\fR stores the last sent sender \fInonce\fR in the \fIctx\fR. This will be used to validate the recipNonce in incoming messages. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +CMP is defined in RFC 4210 (and CRMF in RFC 4211). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_CMP_CTX_free()\fR and \fBOSSL_CMP_CTX_print_errors()\fR do not return anything. @@ -846,7 +779,7 @@ \&\fBOSSL_CMP_CTX_get0_newChain()\fR, \&\fBOSSL_CMP_CTX_get1_caPubs()\fR, and \&\fBOSSL_CMP_CTX_get1_extraCertsIn()\fR -return the intended pointer value as described above or \s-1NULL\s0 on error. +return the intended pointer value as described above or NULL on error. .PP \&\fBOSSL_CMP_CTX_get_option()\fR, \&\fBOSSL_CMP_CTX_reqExtensions_have_SAN()\fR, @@ -861,11 +794,11 @@ All other functions, including \fBOSSL_CMP_CTX_reinit()\fR and \fBOSSL_CMP_CTX_reset_geninfo_ITAVs()\fR, return 1 on success, 0 on error. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The following code omits error handling. .PP -Set up a \s-1CMP\s0 client context for sending requests and verifying responses: +Set up a CMP client context for sending requests and verifying responses: .PP .Vb 5 \& cmp_ctx = OSSL_CMP_CTX_new(); @@ -875,7 +808,7 @@ \& OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts); .Ve .PP -Set up symmetric credentials for MAC-based message protection such as \s-1PBM:\s0 +Set up symmetric credentials for MAC\-based message protection such as PBM: .PP .Vb 2 \& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); @@ -895,7 +828,7 @@ \& initialCert = OSSL_CMP_exec_IR_ses(cmp_ctx); .Ve .PP -Reset the transaction state of the \s-1CMP\s0 context and the credentials: +Reset the transaction state of the CMP context and the credentials: .PP .Vb 3 \& OSSL_CMP_CTX_reinit(cmp_ctx); @@ -924,7 +857,7 @@ .Ve .PP Perform a General Message transaction including, as an example, -the id-it-signKeyPairTypes \s-1OID\s0 and prints info on the General Response contents: +the id\-it\-signKeyPairTypes OID and prints info on the General Response contents: .PP .Vb 1 \& OSSL_CMP_CTX_reinit(cmp_ctx); @@ -944,16 +877,16 @@ \&\fBOSSL_CMP_exec_KUR_ses\fR\|(3), \fBOSSL_CMP_exec_GENM_ses\fR\|(3), \&\fBOSSL_CMP_exec_certreq\fR\|(3), \fBOSSL_CMP_MSG_http_perform\fR\|(3), \&\fBERR_print_errors_cb\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +The OpenSSL CMP support was added in OpenSSL 3.0. .PP \&\fBOSSL_CMP_CTX_reset_geninfo_ITAVs()\fR was added in OpenSSL 3.0.8. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_HDR_get0_transactionID.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_HDR_get0_transactionID.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_HDR_GET0_TRANSACTIONID 3ossl" -.TH OSSL_CMP_HDR_GET0_TRANSACTIONID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_HDR_GET0_TRANSACTIONID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_HDR_get0_transactionID, OSSL_CMP_HDR_get0_recipNonce \&\- functions manipulating CMP message headers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,27 +77,27 @@ \& ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const \& OSSL_CMP_PKIHEADER *hdr); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -OSSL_CMP_HDR_get0_transactionID returns the transaction \s-1ID\s0 of the given +OSSL_CMP_HDR_get0_transactionID returns the transaction ID of the given PKIHeader. .PP OSSL_CMP_HDR_get0_recipNonce returns the recipient nonce of the given PKIHeader. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210.\s0 +CMP is defined in RFC 4210. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return the intended pointer value as described above -or \s-1NULL\s0 if the respective entry does not exist and on error. -.SH "HISTORY" +or NULL if the respective entry does not exist and on error. +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CMP support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_ITAV_set0.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_ITAV_set0.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_ITAV_SET0 3ossl" -.TH OSSL_CMP_ITAV_SET0 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_ITAV_SET0 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_ITAV_create, OSSL_CMP_ITAV_set0, OSSL_CMP_ITAV_get0_type, OSSL_CMP_ITAV_get0_value, OSSL_CMP_ITAV_push0_stack_item \&\- OSSL_CMP_ITAV utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 6 \& #include @@ -158,15 +83,15 @@ \& int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, \& OSSL_CMP_ITAV *itav); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Certificate Management Protocol (\s-1CMP, RFC 4210\s0) extension to OpenSSL +Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL .PP -\&\s-1ITAV\s0 is short for InfoTypeAndValue. This type is defined in \s-1RFC 4210\s0 -section 5.3.19 and Appendix F. It is used at various places in \s-1CMP\s0 messages, -e.g., in the generalInfo PKIHeader field, to hold a key-value pair. +ITAV is short for InfoTypeAndValue. This type is defined in RFC 4210 +section 5.3.19 and Appendix F. It is used at various places in CMP messages, +e.g., in the generalInfo PKIHeader field, to hold a key\-value pair. .PP -\&\fBOSSL_CMP_ITAV_create()\fR creates a new \fB\s-1OSSL_CMP_ITAV\s0\fR structure and fills it in. +\&\fBOSSL_CMP_ITAV_create()\fR creates a new \fBOSSL_CMP_ITAV\fR structure and fills it in. It combines \fBOSSL_CMP_ITAV_new()\fR and \fBOSSL_CMP_ITAV_set0()\fR. .PP \&\fBOSSL_CMP_ITAV_set0()\fR sets the \fIitav\fR with an infoType of \fItype\fR and an @@ -177,30 +102,30 @@ \&\fIitav\fR. .PP \&\fBOSSL_CMP_ITAV_get0_value()\fR returns a direct pointer to the infoValue in -the \fIitav\fR as generic \fB\s-1ASN1_TYPE\s0\fR pointer. +the \fIitav\fR as generic \fBASN1_TYPE\fR pointer. .PP \&\fBOSSL_CMP_ITAV_push0_stack_item()\fR pushes \fIitav\fR to the stack pointed to -by \fI*itav_sk_p\fR. It creates a new stack if \fI*itav_sk_p\fR points to \s-1NULL.\s0 -.SH "NOTES" +by \fI*itav_sk_p\fR. It creates a new stack if \fI*itav_sk_p\fR points to NULL. +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +CMP is defined in RFC 4210 (and CRMF in RFC 4211). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_CMP_ITAV_create()\fR returns a pointer to the \s-1ITAV\s0 structure on success, -or \s-1NULL\s0 on error. +\&\fBOSSL_CMP_ITAV_create()\fR returns a pointer to the ITAV structure on success, +or NULL on error. .PP \&\fBOSSL_CMP_ITAV_set0()\fR does not return a value. .PP \&\fBOSSL_CMP_ITAV_get0_type()\fR and \fBOSSL_CMP_ITAV_get0_value()\fR -return the respective pointer or \s-1NULL\s0 if their input is \s-1NULL.\s0 +return the respective pointer or NULL if their input is NULL. .PP \&\fBOSSL_CMP_ITAV_push0_stack_item()\fR returns 1 on success, 0 on error. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The following code creates and sets a structure representing a generic -InfoTypeAndValue sequence, using an \s-1OID\s0 created from text as type, and an -integer as value. Afterwards, it is pushed to the \fB\s-1OSSL_CMP_CTX\s0\fR to be later -included in the requests' PKIHeader's genInfo field. +InfoTypeAndValue sequence, using an OID created from text as type, and an +integer as value. Afterwards, it is pushed to the \fBOSSL_CMP_CTX\fR to be later +included in the requests\*(Aq PKIHeader\*(Aqs genInfo field. .PP .Vb 2 \& ASN1_OBJECT *type = OBJ_txt2obj("1.2.3.4.5", 1); @@ -229,14 +154,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOSSL_CMP_CTX_new\fR\|(3), \fBOSSL_CMP_CTX_free\fR\|(3), \fBASN1_TYPE_set\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CMP support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_get0_header.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_get0_header.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_MSG_GET0_HEADER 3ossl" -.TH OSSL_CMP_MSG_GET0_HEADER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_MSG_GET0_HEADER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_MSG_get0_header, OSSL_CMP_MSG_get_bodytype, OSSL_CMP_MSG_update_transactionID, @@ -149,7 +74,7 @@ d2i_OSSL_CMP_MSG_bio, i2d_OSSL_CMP_MSG_bio \&\- function(s) manipulating CMP messages -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -164,32 +89,32 @@ \& OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); \& int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOSSL_CMP_MSG_get0_header()\fR returns the header of the given \s-1CMP\s0 message. +\&\fBOSSL_CMP_MSG_get0_header()\fR returns the header of the given CMP message. .PP -\&\fBOSSL_CMP_MSG_get_bodytype()\fR returns the body type of the given \s-1CMP\s0 message. +\&\fBOSSL_CMP_MSG_get_bodytype()\fR returns the body type of the given CMP message. .PP \&\fBOSSL_CMP_MSG_update_transactionID()\fR updates the transactionID field -in the header of the given message according to the \s-1CMP_CTX.\s0 -If \fIctx\fR does not contain a transaction \s-1ID,\s0 a fresh one is created before. -The message gets re-protected (if protecting requests is required). +in the header of the given message according to the CMP_CTX. +If \fIctx\fR does not contain a transaction ID, a fresh one is created before. +The message gets re\-protected (if protecting requests is required). .PP \&\fBOSSL_CMP_MSG_update_recipNonce()\fR updates the recipNonce field -in the header of the given message according to the \s-1CMP_CTX.\s0 -The message gets re-protected (if protecting requests is required). +in the header of the given message according to the CMP_CTX. +The message gets re\-protected (if protecting requests is required). .PP -\&\fBOSSL_CMP_CTX_setup_CRM()\fR creates a \s-1CRMF\s0 certificate request message -from various information provided in the \s-1CMP\s0 context argument \fIctx\fR -for inclusion in a \s-1CMP\s0 request message based on details contained in \fIctx\fR. +\&\fBOSSL_CMP_CTX_setup_CRM()\fR creates a CRMF certificate request message +from various information provided in the CMP context argument \fIctx\fR +for inclusion in a CMP request message based on details contained in \fIctx\fR. The \fIrid\fR argument defines the request identifier to use, which typically is 0. .PP -The subject \s-1DN\s0 included in the certificate template is +The subject DN included in the certificate template is the first available value of these: -.IP "any subject name in \fIctx\fR set via \fBOSSL_CMP_CTX_set1_subjectName\fR\|(3) \- if it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included," 4 +.IP "any subject name in \fIctx\fR set via \fBOSSL_CMP_CTX_set1_subjectName\fR\|(3) \- if it is the NULL\-DN (i.e., any empty sequence of RDNs), no subject is included," 4 .IX Item "any subject name in ctx set via OSSL_CMP_CTX_set1_subjectName - if it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included," .PD 0 -.IP "the subject field of any PKCS#10 \s-1CSR\s0 set in \fIctx\fR via \fBOSSL_CMP_CTX_set1_p10CSR\fR\|(3)," 4 +.IP "the subject field of any PKCS#10 CSR set in \fIctx\fR via \fBOSSL_CMP_CTX_set1_p10CSR\fR\|(3)," 4 .IX Item "the subject field of any PKCS#10 CSR set in ctx via OSSL_CMP_CTX_set1_p10CSR," .IP "the subject field of any reference certificate given in \fIctx\fR (see \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3)), but only if \fIfor_KUR\fR is nonzero or the \fIctx\fR does not include a Subject Alternative Name." 4 .IX Item "the subject field of any reference certificate given in ctx (see OSSL_CMP_CTX_set1_oldCert), but only if for_KUR is nonzero or the ctx does not include a Subject Alternative Name." @@ -199,20 +124,20 @@ .IP "the public key derived from any key set via \fBOSSL_CMP_CTX_set0_newPkey\fR\|(3)," 4 .IX Item "the public key derived from any key set via OSSL_CMP_CTX_set0_newPkey," .PD 0 -.IP "the public key of any PKCS#10 \s-1CSR\s0 given in \fIctx\fR," 4 +.IP "the public key of any PKCS#10 CSR given in \fIctx\fR," 4 .IX Item "the public key of any PKCS#10 CSR given in ctx," .IP "the public key of any reference certificate given in \fIctx\fR (see \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3))," 4 .IX Item "the public key of any reference certificate given in ctx (see OSSL_CMP_CTX_set1_oldCert)," -.IP "the public key derived from any client's private key set via \fBOSSL_CMP_CTX_set1_pkey\fR\|(3)." 4 +.IP "the public key derived from any client\*(Aqs private key set via \fBOSSL_CMP_CTX_set1_pkey\fR\|(3)." 4 .IX Item "the public key derived from any client's private key set via OSSL_CMP_CTX_set1_pkey." .PD .PP The set of X.509 extensions to include is computed as follows. -If a PKCS#10 \s-1CSR\s0 is present in \fIctx\fR, default extensions are taken from there, +If a PKCS#10 CSR is present in \fIctx\fR, default extensions are taken from there, otherwise the empty set is taken as the initial value. If there is a reference certificate in \fIctx\fR and contains Subject Alternative -Names (SANs) and \fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR is not set, -these override any SANs from the PKCS#10 \s-1CSR.\s0 +Names (SANs) and \fBOSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\fR is not set, +these override any SANs from the PKCS#10 CSR. The extensions are further augmented or overridden by any extensions with the same OIDs included in the \fIctx\fR via \fBOSSL_CMP_CTX_set0_reqExtensions\fR\|(3). The SANs are further overridden by any SANs included in \fIctx\fR via @@ -221,35 +146,35 @@ \&\fBOSSL_CMP_CTX_push0_policy\fR\|(3). .PP \&\fBOSSL_CMP_CTX_setup_CRM()\fR also sets the sets the regToken control \fBoldCertID\fR -for \s-1KUR\s0 messages using the issuer name and serial number of the reference +for KUR messages using the issuer name and serial number of the reference certificate, if present. .PP -\&\fBOSSL_CMP_MSG_read()\fR loads a DER-encoded \s-1OSSL_CMP_MSG\s0 from \fIfile\fR. +\&\fBOSSL_CMP_MSG_read()\fR loads a DER\-encoded OSSL_CMP_MSG from \fIfile\fR. .PP -\&\fBOSSL_CMP_MSG_write()\fR stores the given \s-1OSSL_CMP_MSG\s0 to \fIfile\fR in \s-1DER\s0 encoding. +\&\fBOSSL_CMP_MSG_write()\fR stores the given OSSL_CMP_MSG to \fIfile\fR in DER encoding. .PP -\&\fBd2i_OSSL_CMP_MSG_bio()\fR parses an \s-1ASN\s0.1\-encoded \s-1OSSL_CMP_MSG\s0 from the \s-1BIO\s0 \fIbio\fR. -It assigns a pointer to the new structure to \fI*msg\fR if \fImsg\fR is not \s-1NULL.\s0 +\&\fBd2i_OSSL_CMP_MSG_bio()\fR parses an ASN.1\-encoded OSSL_CMP_MSG from the BIO \fIbio\fR. +It assigns a pointer to the new structure to \fI*msg\fR if \fImsg\fR is not NULL. .PP -\&\fBi2d_OSSL_CMP_MSG_bio()\fR writes the \s-1OSSL_CMP_MSG\s0 \fImsg\fR in \s-1ASN.1\s0 encoding -to \s-1BIO\s0 \fIbio\fR. -.SH "NOTES" +\&\fBi2d_OSSL_CMP_MSG_bio()\fR writes the OSSL_CMP_MSG \fImsg\fR in ASN.1 encoding +to BIO \fIbio\fR. +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210.\s0 +CMP is defined in RFC 4210. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_CMP_MSG_get0_header()\fR returns the intended pointer value as described above -or \s-1NULL\s0 if the respective entry does not exist and on error. +or NULL if the respective entry does not exist and on error. .PP \&\fBOSSL_CMP_MSG_get_bodytype()\fR returns the body type or \-1 on error. .PP -\&\fBOSSL_CMP_CTX_setup_CRM()\fR returns a pointer to a \fB\s-1OSSL_CRMF_MSG\s0\fR on success, -\&\s-1NULL\s0 on error. +\&\fBOSSL_CMP_CTX_setup_CRM()\fR returns a pointer to a \fBOSSL_CRMF_MSG\fR on success, +NULL on error. .PP -\&\fBd2i_OSSL_CMP_MSG_bio()\fR returns the parsed message or \s-1NULL\s0 on error. +\&\fBd2i_OSSL_CMP_MSG_bio()\fR returns the parsed message or NULL on error. .PP \&\fBOSSL_CMP_MSG_read()\fR and \fBd2i_OSSL_CMP_MSG_bio()\fR -return the parsed \s-1CMP\s0 message or \s-1NULL\s0 on error. +return the parsed CMP message or NULL on error. .PP \&\fBOSSL_CMP_MSG_write()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. @@ -263,16 +188,16 @@ \&\fBOSSL_CMP_CTX_set1_oldCert\fR\|(3), \fBOSSL_CMP_CTX_set0_newPkey\fR\|(3), \&\fBOSSL_CMP_CTX_set1_pkey\fR\|(3), \fBOSSL_CMP_CTX_set0_reqExtensions\fR\|(3), \&\fBOSSL_CMP_CTX_push1_subjectAltName\fR\|(3), \fBOSSL_CMP_CTX_push0_policy\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +The OpenSSL CMP support was added in OpenSSL 3.0. .PP \&\fBOSSL_CMP_MSG_update_recipNonce()\fR was added in OpenSSL 3.0.9. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_http_perform.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_http_perform.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_MSG_HTTP_PERFORM 3ossl" -.TH OSSL_CMP_MSG_HTTP_PERFORM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_MSG_HTTP_PERFORM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_MSG_http_perform \&\- client\-side HTTP(S) transfer of a CMP request\-response pair -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,42 +74,42 @@ \& OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, \& const OSSL_CMP_MSG *req); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_CMP_MSG_http_perform()\fR sends the given PKIMessage \fIreq\fR -to the \s-1CMP\s0 server specified in \fIctx\fR via \fBOSSL_CMP_CTX_set1_server\fR\|(3) +to the CMP server specified in \fIctx\fR via \fBOSSL_CMP_CTX_set1_server\fR\|(3) and optionally \fBOSSL_CMP_CTX_set_serverPort\fR\|(3), using -any \*(L"\s-1CMP\s0 alias\*(R" optionally specified via \fBOSSL_CMP_CTX_set1_serverPath\fR\|(3). -The default port is 80 for \s-1HTTP\s0 and 443 for \s-1HTTPS\s0; the default path is \*(L"/\*(R". -On success the function returns the server's response PKIMessage. +any "CMP alias" optionally specified via \fBOSSL_CMP_CTX_set1_serverPath\fR\|(3). +The default port is 80 for HTTP and 443 for HTTPS; the default path is "/". +On success the function returns the server\*(Aqs response PKIMessage. .PP -The function makes use of any \s-1HTTP\s0 callback function +The function makes use of any HTTP callback function set via \fBOSSL_CMP_CTX_set_http_cb\fR\|(3). It respects any timeout value set via \fBOSSL_CMP_CTX_set_option\fR\|(3) -with an \fB\s-1OSSL_CMP_OPT_MSG_TIMEOUT\s0\fR argument. -It also respects any \s-1HTTP\s0(S) proxy options set via \fBOSSL_CMP_CTX_set1_proxy\fR\|(3) +with an \fBOSSL_CMP_OPT_MSG_TIMEOUT\fR argument. +It also respects any HTTP(S) proxy options set via \fBOSSL_CMP_CTX_set1_proxy\fR\|(3) and \fBOSSL_CMP_CTX_set1_no_proxy\fR\|(3) and the respective environment variables. -Proxying plain \s-1HTTP\s0 is supported directly, -while using a proxy for \s-1HTTPS\s0 connections requires a suitable callback function +Proxying plain HTTP is supported directly, +while using a proxy for HTTPS connections requires a suitable callback function such as \fBOSSL_HTTP_proxy_connect\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210. -HTTP\s0 transfer for \s-1CMP\s0 is defined in \s-1RFC 6712.\s0 +CMP is defined in RFC 4210. +HTTP transfer for CMP is defined in RFC 6712. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_CMP_MSG_http_perform()\fR returns a \s-1CMP\s0 message on success, else \s-1NULL.\s0 +\&\fBOSSL_CMP_MSG_http_perform()\fR returns a CMP message on success, else NULL. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOSSL_CMP_CTX_new\fR\|(3), \fBOSSL_HTTP_proxy_connect\fR\|(3). -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CMP support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_SRV_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_SRV_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_SRV_CTX_NEW 3ossl" -.TH OSSL_CMP_SRV_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_SRV_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_SRV_process_request, OSSL_CMP_CTX_server_perform, OSSL_CMP_SRV_CTX_new, @@ -157,7 +82,7 @@ OSSL_CMP_SRV_CTX_set_accept_raverified, OSSL_CMP_SRV_CTX_set_grant_implicit_confirm \&\- generic functions to set up and control a CMP server -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -219,38 +144,39 @@ \& int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, \& int val); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOSSL_CMP_SRV_process_request()\fR implements the generic aspects of a \s-1CMP\s0 server. -Its arguments are the \fB\s-1OSSL_CMP_SRV_CTX\s0\fR \fIsrv_ctx\fR and the \s-1CMP\s0 request message +\&\fBOSSL_CMP_SRV_process_request()\fR implements the generic aspects of a CMP server. +Its arguments are the \fBOSSL_CMP_SRV_CTX\fR \fIsrv_ctx\fR and the CMP request message \&\fIreq\fR. It does the typical generic checks on \fIreq\fR, calls the respective callback function (if present) for more specific processing, -and then assembles a result message, which may be a \s-1CMP\s0 error message. +and then assembles a result message, which may be a CMP error message. If after return of the function the expression \&\fIOSSL_CMP_CTX_get_status(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx))\fR yields \-1 then the function has closed the current transaction, which may be due to normal successful end of the transaction or due to an error. .PP \&\fBOSSL_CMP_CTX_server_perform()\fR is an interface to -\&\fBOSSL_CMP_SRV_process_request()\fR that can be used by a \s-1CMP\s0 client +\&\fBOSSL_CMP_SRV_process_request()\fR that can be used by a CMP client in the same way as \fBOSSL_CMP_MSG_http_perform\fR\|(3). -The \fB\s-1OSSL_CMP_SRV_CTX\s0\fR must be set as \fItransfer_cb_arg\fR of \fIclient_ctx\fR. +The \fBOSSL_CMP_SRV_CTX\fR must be set as \fItransfer_cb_arg\fR of \fIclient_ctx\fR. .PP -\&\fBOSSL_CMP_SRV_CTX_new()\fR creates and initializes an \fB\s-1OSSL_CMP_SRV_CTX\s0\fR structure +\&\fBOSSL_CMP_SRV_CTX_new()\fR creates and initializes an \fBOSSL_CMP_SRV_CTX\fR structure associated with the library context \fIlibctx\fR and property query string -\&\fIpropq\fR, both of which may be \s-1NULL\s0 to select the defaults. +\&\fIpropq\fR, both of which may be NULL to select the defaults. .PP \&\fBOSSL_CMP_SRV_CTX_free()\fR deletes the given \fIsrv_ctx\fR. +If the argument is NULL, nothing is done. .PP \&\fBOSSL_CMP_SRV_CTX_init()\fR sets in the given \fIsrv_ctx\fR a custom server context -pointer as well as callback functions performing the specific processing of \s-1CMP\s0 +pointer as well as callback functions performing the specific processing of CMP certificate requests, revocation requests, certificate confirmation requests, general messages, error messages, and poll requests. -All arguments except \fIsrv_ctx\fR may be \s-1NULL.\s0 +All arguments except \fIsrv_ctx\fR may be NULL. If a callback for some message type is not given this means that the respective -type of \s-1CMP\s0 message is not supported by the server. +type of CMP message is not supported by the server. .PP -\&\fBOSSL_CMP_SRV_CTX_get0_cmp_ctx()\fR returns the \fB\s-1OSSL_CMP_CTX\s0\fR from the \fIsrv_ctx\fR. +\&\fBOSSL_CMP_SRV_CTX_get0_cmp_ctx()\fR returns the \fBOSSL_CMP_CTX\fR from the \fIsrv_ctx\fR. .PP \&\fBOSSL_CMP_SRV_CTX_get0_custom_ctx()\fR returns the custom server context from \&\fIsrv_ctx\fR that has been set using \fBOSSL_CMP_SRV_CTX_init()\fR. @@ -262,38 +188,38 @@ without protection of with invalid protection. .PP \&\fBOSSL_CMP_SRV_CTX_set_accept_raverified()\fR enables acceptance of ir/cr/kur -messages with \s-1POPO\s0 'RAVerified'. +messages with POPO \*(AqRAVerified\*(Aq. .PP \&\fBOSSL_CMP_SRV_CTX_set_grant_implicit_confirm()\fR enables granting implicit confirmation of newly enrolled certificates if requested. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +CMP is defined in RFC 4210 (and CRMF in RFC 4211). .PP -So far the \s-1CMP\s0 server implementation is limited to one request per \s-1CMP\s0 message -(and consequently to at most one response component per \s-1CMP\s0 message). +So far the CMP server implementation is limited to one request per CMP message +(and consequently to at most one response component per CMP message). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_CMP_SRV_CTX_new()\fR returns a \fB\s-1OSSL_CMP_SRV_CTX\s0\fR structure on success, -\&\s-1NULL\s0 on error. +\&\fBOSSL_CMP_SRV_CTX_new()\fR returns a \fBOSSL_CMP_SRV_CTX\fR structure on success, +NULL on error. .PP \&\fBOSSL_CMP_SRV_CTX_free()\fR does not return a value. .PP -\&\fBOSSL_CMP_SRV_CTX_get0_cmp_ctx()\fR returns a \fB\s-1OSSL_CMP_CTX\s0\fR structure on success, -\&\s-1NULL\s0 on error. +\&\fBOSSL_CMP_SRV_CTX_get0_cmp_ctx()\fR returns a \fBOSSL_CMP_CTX\fR structure on success, +NULL on error. .PP \&\fBOSSL_CMP_SRV_CTX_get0_custom_ctx()\fR returns the custom server context that has been set using \fBOSSL_CMP_SRV_CTX_init()\fR. .PP All other functions return 1 on success, 0 on error. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CMP support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_STATUSINFO_new.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_STATUSINFO_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_STATUSINFO_NEW 3ossl" -.TH OSSL_CMP_STATUSINFO_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_STATUSINFO_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_STATUSINFO_new, OSSL_CMP_snprint_PKIStatusInfo, OSSL_CMP_CTX_snprint_PKIStatus \&\- function(s) for managing the CMP PKIStatus -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,43 +80,43 @@ \& char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, \& size_t bufsize); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This is the PKIStatus \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with +This is the PKIStatus API for using CMP (Certificate Management Protocol) with OpenSSL. .PP \&\fBOSSL_CMP_STATUSINFO_new()\fR creates a new PKIStatusInfo structure and fills in the given values. It sets the status field to \fIstatus\fR, -copies \fItext\fR (unless it is \s-1NULL\s0) to statusString, +copies \fItext\fR (unless it is NULL) to statusString, and interprets \fIfail_info\fR as bit pattern for the failInfo field. .PP -\&\fBOSSL_CMP_snprint_PKIStatusInfo()\fR places a human-readable string +\&\fBOSSL_CMP_snprint_PKIStatusInfo()\fR places a human\-readable string representing the given statusInfo in the given buffer, with the given maximal length. .PP -\&\fBOSSL_CMP_CTX_snprint_PKIStatus()\fR places a human-readable string -representing the PKIStatusInfo components of the \s-1CMP\s0 context \fIctx\fR +\&\fBOSSL_CMP_CTX_snprint_PKIStatus()\fR places a human\-readable string +representing the PKIStatusInfo components of the CMP context \fIctx\fR in the given buffer, with the given maximal length. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +CMP is defined in RFC 4210 (and CRMF in RFC 4211). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_CMP_STATUSINFO_new()\fR -returns a pointer to the structure on success, or \s-1NULL\s0 on error. +returns a pointer to the structure on success, or NULL on error. .PP \&\fBOSSL_CMP_snprint_PKIStatusInfo()\fR and \&\fBOSSL_CMP_CTX_snprint_PKIStatus()\fR -return a copy of the buffer pointer containing the string or \s-1NULL\s0 on error. -.SH "HISTORY" +return a copy of the buffer pointer containing the string or NULL on error. +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CMP support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_exec_certreq.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_exec_certreq.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_EXEC_CERTREQ 3ossl" -.TH OSSL_CMP_EXEC_CERTREQ 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_EXEC_CERTREQ 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_exec_certreq, OSSL_CMP_exec_IR_ses, OSSL_CMP_exec_CR_ses, @@ -152,7 +77,7 @@ OSSL_CMP_exec_RR_ses, OSSL_CMP_exec_GENM_ses \&\- functions implementing CMP client transactions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -172,28 +97,28 @@ \& int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); \& STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This is the OpenSSL \s-1API\s0 for doing \s-1CMP\s0 (Certificate Management Protocol) -client-server transactions, i.e., sequences of \s-1CMP\s0 requests and responses. +This is the OpenSSL API for doing CMP (Certificate Management Protocol) +client\-server transactions, i.e., sequences of CMP requests and responses. .PP -All functions take a populated \s-1OSSL_CMP_CTX\s0 structure as their first argument. -Usually the server name, port, and path (\*(L"\s-1CMP\s0 alias\*(R") need to be set, as well as +All functions take a populated OSSL_CMP_CTX structure as their first argument. +Usually the server name, port, and path ("CMP alias") need to be set, as well as credentials the client can use for authenticating itself to the server. In order to authenticate the server the client typically needs a trust store. The functions return their respective main results directly, while there are also accessor functions for retrieving various results and status information from the \fIctx\fR. See \fBOSSL_CMP_CTX_new\fR\|(3) etc. for details. .PP -The default conveying protocol is \s-1HTTP.\s0 -Timeout values may be given per request-response pair and per transaction. +The default conveying protocol is HTTP. +Timeout values may be given per request\-response pair and per transaction. See \fBOSSL_CMP_MSG_http_perform\fR\|(3) for details. .PP -\&\fBOSSL_CMP_exec_IR_ses()\fR requests an initial certificate from the given \s-1PKI.\s0 +\&\fBOSSL_CMP_exec_IR_ses()\fR requests an initial certificate from the given PKI. .PP \&\fBOSSL_CMP_exec_CR_ses()\fR requests an additional certificate. .PP -\&\fBOSSL_CMP_exec_P10CR_ses()\fR conveys a legacy PKCS#10 \s-1CSR\s0 requesting a certificate. +\&\fBOSSL_CMP_exec_P10CR_ses()\fR conveys a legacy PKCS#10 CSR requesting a certificate. .PP \&\fBOSSL_CMP_exec_KUR_ses()\fR obtains an updated certificate. .PP @@ -201,30 +126,30 @@ calling \fBOSSL_CMP_exec_certreq()\fR. .PP \&\fBOSSL_CMP_exec_certreq()\fR performs a certificate request of the type specified -by the \fIreq_type\fR parameter, which may be \s-1IR, CR, P10CR,\s0 or \s-1KUR.\s0 -For \s-1IR, CR,\s0 and \s-1KUR,\s0 the certificate template to be used in the request -may be supplied via the \fIcrm\fR parameter pointing to a \s-1CRMF\s0 structure. -Typically \fIcrm\fR is \s-1NULL,\s0 then the template ingredients are taken from \fIctx\fR +by the \fIreq_type\fR parameter, which may be IR, CR, P10CR, or KUR. +For IR, CR, and KUR, the certificate template to be used in the request +may be supplied via the \fIcrm\fR parameter pointing to a CRMF structure. +Typically \fIcrm\fR is NULL, then the template ingredients are taken from \fIctx\fR and need to be filled in using \fBOSSL_CMP_CTX_set1_subjectName\fR\|(3), \&\fBOSSL_CMP_CTX_set0_newPkey\fR\|(3), \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3), etc. For P10CR, \fBOSSL_CMP_CTX_set1_p10CSR\fR\|(3) needs to be used instead. The enrollment session may be blocked by sleeping until the addressed -\&\s-1CA\s0 (or an intermediate \s-1PKI\s0 component) can fully process and answer the request. +CA (or an intermediate PKI component) can fully process and answer the request. .PP \&\fBOSSL_CMP_try_certreq()\fR is an alternative to the above functions that is more flexible regarding what to do after receiving a checkAfter value. When called for the first time (with no certificate request in progress for the given \fIctx\fR) it starts a new transaction by sending a certificate request constructed as stated above using the \fIreq_type\fR and optional \fIcrm\fR parameter. -Otherwise (when according to \fIctx\fR a 'waiting' status has been received before) +Otherwise (when according to \fIctx\fR a \*(Aqwaiting\*(Aq status has been received before) it continues polling for the pending request unless the \fIreq_type\fR argument is < 0, which aborts the request. If the requested certificate is available the function returns 1 and the caller can use \fBOSSL_CMP_CTX_get0_newCert\fR\|(3) to retrieve the new certificate. If no error occurred but no certificate is available yet then -\&\fBOSSL_CMP_try_certreq()\fR remembers in the \s-1CMP\s0 context that it should be retried +\&\fBOSSL_CMP_try_certreq()\fR remembers in the CMP context that it should be retried and returns \-1 after assigning the received checkAfter value -via the output pointer argument (unless it is \s-1NULL\s0). +via the output pointer argument (unless it is NULL). The checkAfter value indicates the number of seconds the caller should let pass before trying again. The caller is free to sleep for the given number of seconds or for some other time and/or to do anything else before retrying by calling @@ -233,62 +158,62 @@ to see whether meanwhile the requested certificate is available. If the caller decides to abort the pending certificate request and provides a negative value as the \fIreq_type\fR argument then \fBOSSL_CMP_try_certreq()\fR -aborts the \s-1CMP\s0 transaction by sending an error message to the server. +aborts the CMP transaction by sending an error message to the server. .PP \&\fBOSSL_CMP_exec_RR_ses()\fR requests the revocation of the certificate specified in the \fIctx\fR using \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3). -\&\s-1RFC 4210\s0 is vague in which PKIStatus should be returned by the server. -We take \*(L"accepted\*(R" and \*(L"grantedWithMods\*(R" as clear success and handle -\&\*(L"revocationWarning\*(R" and \*(L"revocationNotification\*(R" just as warnings because CAs +RFC 4210 is vague in which PKIStatus should be returned by the server. +We take "accepted" and "grantedWithMods" as clear success and handle +"revocationWarning" and "revocationNotification" just as warnings because CAs typically return them as an indication that the certificate was already revoked. -\&\*(L"rejection\*(R" is a clear error. The values \*(L"waiting\*(R" and \*(L"keyUpdateWarning\*(R" +"rejection" is a clear error. The values "waiting" and "keyUpdateWarning" make no sense for revocation and thus are treated as an error as well. .PP \&\fBOSSL_CMP_exec_GENM_ses()\fR sends a general message containing the sequence of -infoType and infoValue pairs (InfoTypeAndValue; short: \fB\s-1ITAV\s0\fR) +infoType and infoValue pairs (InfoTypeAndValue; short: \fBITAV\fR) optionally provided in the \fIctx\fR using \fBOSSL_CMP_CTX_push0_genm_ITAV\fR\|(3). On success it records in \fIctx\fR the status \fBOSSL_CMP_PKISTATUS_accepted\fR -and returns the list of \fB\s-1ITAV\s0\fRs received in the \s-1GENP\s0 message. -This can be used, for instance, to poll for CRLs or \s-1CA\s0 Key Updates. -See \s-1RFC 4210\s0 section 5.3.19 and appendix E.5 for details. -.SH "NOTES" +and returns the list of \fBITAV\fRs received in the GENP message. +This can be used, for instance, to poll for CRLs or CA Key Updates. +See RFC 4210 section 5.3.19 and appendix E.5 for details. +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +CMP is defined in RFC 4210 (and CRMF in RFC 4211). .PP -The \s-1CMP\s0 client implementation is limited to one request per \s-1CMP\s0 message -(and consequently to at most one response component per \s-1CMP\s0 message). +The CMP client implementation is limited to one request per CMP message +(and consequently to at most one response component per CMP message). .PP -When a client obtains from a \s-1CMP\s0 server \s-1CA\s0 certificates that it is going to +When a client obtains from a CMP server CA certificates that it is going to trust, for instance via the caPubs field of a certificate response, -authentication of the \s-1CMP\s0 server is particularly critical. +authentication of the CMP server is particularly critical. So special care must be taken setting up server authentication in \fIctx\fR using functions such as -\&\fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3) (for certificate-based authentication) or -\&\fBOSSL_CMP_CTX_set1_secretValue\fR\|(3) (for MAC-based protection). +\&\fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3) (for certificate\-based authentication) or +\&\fBOSSL_CMP_CTX_set1_secretValue\fR\|(3) (for MAC\-based protection). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_CMP_exec_certreq()\fR, \fBOSSL_CMP_exec_IR_ses()\fR, \fBOSSL_CMP_exec_CR_ses()\fR, \&\fBOSSL_CMP_exec_P10CR_ses()\fR, and \fBOSSL_CMP_exec_KUR_ses()\fR return a -pointer to the newly obtained X509 certificate on success, \s-1NULL\s0 on error. +pointer to the newly obtained X509 certificate on success, NULL on error. This pointer will be freed implicitly by \fBOSSL_CMP_CTX_free()\fR or \&\fBCSSL_CMP_CTX_reinit()\fR. .PP \&\fBOSSL_CMP_try_certreq()\fR returns 1 if the requested certificate is available via \fBOSSL_CMP_CTX_get0_newCert\fR\|(3) or on successfully aborting a pending certificate request, 0 on error, and \-1 -in case a 'waiting' status has been received and checkAfter value is available. -In the latter case \fBOSSL_CMP_CTX_get0_newCert\fR\|(3) yields \s-1NULL\s0 +in case a \*(Aqwaiting\*(Aq status has been received and checkAfter value is available. +In the latter case \fBOSSL_CMP_CTX_get0_newCert\fR\|(3) yields NULL and the output parameter \fIcheckAfter\fR has been used to -assign the received value unless \fIcheckAfter\fR is \s-1NULL.\s0 +assign the received value unless \fIcheckAfter\fR is NULL. .PP \&\fBOSSL_CMP_exec_RR_ses()\fR returns 1 on success, 0 on error. .PP -\&\fBOSSL_CMP_exec_GENM_ses()\fR returns \s-1NULL\s0 on error, -otherwise a pointer to the sequence of \fB\s-1ITAV\s0\fR received, which may be empty. +\&\fBOSSL_CMP_exec_GENM_ses()\fR returns NULL on error, +otherwise a pointer to the sequence of \fBITAV\fR received, which may be empty. This pointer must be freed by the caller. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -See \s-1OSSL_CMP_CTX\s0 for examples on how to prepare the context for these +See OSSL_CMP_CTX for examples on how to prepare the context for these functions. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -297,14 +222,14 @@ \&\fBOSSL_CMP_CTX_set1_p10CSR\fR\|(3), \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3), \&\fBOSSL_CMP_CTX_get0_newCert\fR\|(3), \fBOSSL_CMP_CTX_push0_genm_ITAV\fR\|(3), \&\fBOSSL_CMP_MSG_http_perform\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CMP support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_log_open.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_log_open.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_LOG_OPEN 3ossl" -.TH OSSL_CMP_LOG_OPEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_LOG_OPEN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_log_open, OSSL_CMP_log_close, OSSL_CMP_severity, @@ -156,7 +81,7 @@ OSSL_CMP_print_to_bio, OSSL_CMP_print_errors_cb \&\- functions for logging and error reporting -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -183,17 +108,17 @@ \& int line, OSSL_CMP_severity level, const char *msg); \& void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The logging and error reporting facility described here contains -convenience functions for CMP-specific logging, +convenience functions for CMP\-specific logging, including a string prefix mirroring the severity levels of syslog.h, and enhancements of the error queue mechanism needed for large diagnostic -messages produced by the \s-1CMP\s0 library in case of certificate validation failures. +messages produced by the CMP library in case of certificate validation failures. .PP When an interesting activity is performed or an error occurs, some detail should be provided for user information, debugging, and auditing purposes. -A \s-1CMP\s0 application can obtain this information by providing a callback function +A CMP application can obtain this information by providing a callback function with the following type: .PP .Vb 3 @@ -203,56 +128,56 @@ .Ve .PP The parameters may provide -some component info (which may be a module name and/or function name) or \s-1NULL,\s0 -a file pathname or \s-1NULL,\s0 +some component info (which may be a module name and/or function name) or NULL, +a file pathname or NULL, a line number or 0 indicating the source code location, a severity level, and -a message string describing the nature of the event, terminated by '\en'. +a message string describing the nature of the event, terminated by \*(Aq\en\*(Aq. .PP Even when an activity is successful some warnings may be useful and some degree of auditing may be required. Therefore, the logging facility supports a severity level and the callback function has a \fIlevel\fR parameter indicating such a level, such that error, warning, info, debug, etc. can be treated differently. The callback is activated only when the severity level is sufficient according -to the current level of verbosity, which by default is \fB\s-1OSSL_CMP_LOG_INFO\s0\fR. +to the current level of verbosity, which by default is \fBOSSL_CMP_LOG_INFO\fR. .PP -The callback function may itself do non-trivial tasks like writing to +The callback function may itself do non\-trivial tasks like writing to a log file or remote stream, which in turn may fail. Therefore, the function should return 1 on success and 0 on failure. .PP -\&\fBOSSL_CMP_log_open()\fR initializes the CMP-specific logging facility to output -everything to \s-1STDOUT.\s0 It fails if the integrated tracing is disabled or \s-1STDIO\s0 +\&\fBOSSL_CMP_log_open()\fR initializes the CMP\-specific logging facility to output +everything to STDOUT. It fails if the integrated tracing is disabled or STDIO is not available. It may be called during application startup. Alternatively, \fBOSSL_CMP_CTX_set_log_cb\fR\|(3) can be used for more flexibility. As long as neither if the two is used any logging output is ignored. .PP \&\fBOSSL_CMP_log_close()\fR may be called when all activities are finished to flush -any pending CMP-specific log output and deallocate related resources. +any pending CMP\-specific log output and deallocate related resources. It may be called multiple times. It does get called at OpenSSL shutdown. .PP \&\fBOSSL_CMP_print_to_bio()\fR prints the given component info, filename, line number, severity level, and log message or error queue message to the given \fIbio\fR. \&\fIcomponent\fR usually is a function or module name. -If it is \s-1NULL,\s0 empty, or \*(L"(unknown function)\*(R" then \*(L"\s-1CMP\*(R"\s0 is used as fallback. +If it is NULL, empty, or "(unknown function)" then "CMP" is used as fallback. .PP \&\fBOSSL_CMP_print_errors_cb()\fR outputs any entries in the OpenSSL error queue. -It is similar to \fBERR_print_errors_cb\fR\|(3) but uses the \s-1CMP\s0 log callback -function \fIlog_fn\fR for uniformity with \s-1CMP\s0 logging if not \s-1NULL.\s0 Otherwise it -prints to \s-1STDERR\s0 using \fBOSSL_CMP_print_to_bio\fR\|(3) (unless \fB\s-1OPENSSL_NO_STDIO\s0\fR +It is similar to \fBERR_print_errors_cb\fR\|(3) but uses the CMP log callback +function \fIlog_fn\fR for uniformity with CMP logging if not NULL. Otherwise it +prints to STDERR using \fBOSSL_CMP_print_to_bio\fR\|(3) (unless \fBOPENSSL_NO_STDIO\fR is defined). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_CMP_log_close()\fR and \fBOSSL_CMP_print_errors_cb()\fR do not return anything. .PP All other functions return 1 on success, 0 on error. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CMP support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CMP_validate_msg.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CMP_validate_msg.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CMP_VALIDATE_MSG 3ossl" -.TH OSSL_CMP_VALIDATE_MSG 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CMP_VALIDATE_MSG 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CMP_validate_msg, OSSL_CMP_validate_cert_path \&\- functions for verifying CMP message protection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 4 \& #include @@ -150,15 +75,15 @@ \& int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, \& X509_STORE *trusted_store, X509 *cert); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This is the \s-1API\s0 for validating the protection of \s-1CMP\s0 messages, -which includes validating \s-1CMP\s0 message sender certificates and their paths +This is the API for validating the protection of CMP messages, +which includes validating CMP message sender certificates and their paths while optionally checking the revocation status of the certificates(s). .PP \&\fBOSSL_CMP_validate_msg()\fR validates the protection of the given \fImsg\fR, -which must be signature-based or using password-based \s-1MAC\s0 (\s-1PBM\s0). -In the former case a suitable trust anchor must be given in the \s-1CMP\s0 context +which must be signature\-based or using password\-based MAC (PBM). +In the former case a suitable trust anchor must be given in the CMP context \&\fIctx\fR, and in the latter case the matching secret must have been set there using \fBOSSL_CMP_CTX_set1_secretValue\fR\|(3). .PP @@ -168,30 +93,33 @@ taken from the list of certificates received in the \fImsg\fR extraCerts, then any certificates provided before via \fBOSSL_CMP_CTX_set1_untrusted\fR\|(3), and then all trusted certificates provided via \fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3), -where a candidate is acceptable only if has not expired, its subject \s-1DN\s0 matches -the \fImsg\fR sender \s-1DN\s0 (as far as present), and its subject key identifier +where a candidate is acceptable only if has not expired, its subject DN matches +the \fImsg\fR sender DN (as far as present), and its subject key identifier is present and matches the senderKID (as far as the latter present). Each acceptable cert is tried in the given order to see if the message signature check succeeds and the cert and its path can be verified using any trust store set via \fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3). .PP -If the option \s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0 was set by calling -\&\fBOSSL_CMP_CTX_set_option\fR\|(3), for an Initialization Response (\s-1IP\s0) message -any self-issued certificate from the \fImsg\fR extraCerts field may also be used -as trust anchor for the path verification of an acceptable cert if it can be -used also to validate the issued certificate returned in the \s-1IP\s0 message. This is -according to \s-1TS 33.310\s0 [Network Domain Security (\s-1NDS\s0); Authentication Framework -(\s-1AF\s0)] document specified by the The 3rd Generation Partnership Project (3GPP). +If the option OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR was set by calling +\&\fBOSSL_CMP_CTX_set_option\fR\|(3), for an Initialization Response (IP) message +any self\-issued certificate from the \fImsg\fR extraCerts field may be used +as a trust anchor for the path verification of an \*(Aqacceptable\*(Aq cert if it can be +used also to validate the issued certificate returned in the IP message. This is +according to TS 33.310 [Network Domain Security (NDS); Authentication Framework +(AF)] document specified by The 3rd Generation Partnership Project (3GPP). +Note that using this option is dangerous as the certificate obtained this way +has not been authenticated (at least not at CMP level). +Taking it over as a trust anchor implements trust\-on\-first\-use (TOFU). .PP Any cert that has been found as described above is cached and tried first when validating the signatures of subsequent messages in the same transaction. .PP \&\fBOSSL_CMP_validate_cert_path()\fR attempts to validate the given certificate and its path using the given store of trusted certs (possibly including CRLs and a cert -verification callback) and non-trusted intermediate certs from the \fIctx\fR. -.SH "NOTES" +verification callback) and non\-trusted intermediate certs from the \fIctx\fR. +.SH NOTES .IX Header "NOTES" -\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +CMP is defined in RFC 4210 (and CRMF in RFC 4211). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_CMP_validate_msg()\fR and \fBOSSL_CMP_validate_cert_path()\fR @@ -201,14 +129,14 @@ \&\fBOSSL_CMP_CTX_new\fR\|(3), \fBOSSL_CMP_exec_certreq\fR\|(3), \&\fBOSSL_CMP_CTX_set1_secretValue\fR\|(3), \fBOSSL_CMP_CTX_set1_srvCert\fR\|(3), \&\fBOSSL_CMP_CTX_set1_untrusted\fR\|(3), \fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CMP support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CORE_MAKE_FUNC.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CORE_MAKE_FUNC.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CORE_MAKE_FUNC 3ossl" -.TH OSSL_CORE_MAKE_FUNC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CORE_MAKE_FUNC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CORE_MAKE_FUNC, SSL_OP_BIT, EXT_UTF8STRING \&\- OpenSSL reserved symbols -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& #define SSL_OP_BIT(n) \& #define EXT_UTF8STRING(nid) .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" There are certain macros that may appear in OpenSSL header files that are reserved for internal use. They should not be used by applications or assumed @@ -162,14 +87,14 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" Not applicable. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The macros described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_get0_tmpl.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CRMF_MSG_GET0_TMPL 3ossl" -.TH OSSL_CRMF_MSG_GET0_TMPL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CRMF_MSG_GET0_TMPL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CRMF_MSG_get0_tmpl, OSSL_CRMF_CERTTEMPLATE_get0_serialNumber, OSSL_CRMF_CERTTEMPLATE_get0_subject, @@ -149,7 +74,7 @@ OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, OSSL_CRMF_MSG_get_certReqId \&\- functions reading from CRMF CertReqMsg structures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -175,7 +100,7 @@ \& \& int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_CRMF_MSG_get0_tmpl()\fR retrieves the certificate template of \fIcrm\fR. .PP @@ -189,39 +114,39 @@ given certificate template \fItmpl\fR. .PP \&\fBOSSL_CRMF_CERTTEMPLATE_get0_extensions()\fR retrieves the X.509 extensions -of the given certificate template \fItmpl\fR, or \s-1NULL\s0 if not present. +of the given certificate template \fItmpl\fR, or NULL if not present. .PP OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber of the given CertId \fIcid\fR. .PP OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name -of the given CertId \fIcid\fR, which must be of \s-1ASN.1\s0 type \s-1GEN_DIRNAME.\s0 +of the given CertId \fIcid\fR, which must be of ASN.1 type GEN_DIRNAME. .PP \&\fBOSSL_CRMF_ENCRYPTEDVALUE_get1_encCert()\fR decrypts the certificate in the given encryptedValue \fIecert\fR, using the private key \fIpkey\fR, library context -\&\fIlibctx\fR and property query string \fIpropq\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). -This is needed for the indirect \s-1POPO\s0 method as in \s-1RFC 4210\s0 section 5.2.8.2. +\&\fIlibctx\fR and property query string \fIpropq\fR (see \fBOSSL_LIB_CTX\fR\|(3)). +This is needed for the indirect POPO method as in RFC 4210 section 5.2.8.2. The function returns the decrypted certificate as a copy, leaving its ownership with the caller, who is responsible for freeing it. .PP \&\fBOSSL_CRMF_MSG_get_certReqId()\fR retrieves the certReqId of \fIcrm\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_CRMF_MSG_get_certReqId()\fR returns the certificate request \s-1ID\s0 as a +\&\fBOSSL_CRMF_MSG_get_certReqId()\fR returns the certificate request ID as a nonnegative integer or \-1 on error. .PP -All other functions return a pointer with the intended result or \s-1NULL\s0 on error. +All other functions return a pointer with the intended result or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1RFC 4211\s0 -.SH "HISTORY" +RFC 4211 +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CRMF support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set0_validity.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set0_validity.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CRMF_MSG_SET0_VALIDITY 3ossl" -.TH OSSL_CRMF_MSG_SET0_VALIDITY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CRMF_MSG_SET0_VALIDITY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CRMF_MSG_set0_validity, OSSL_CRMF_MSG_set_certReqId, OSSL_CRMF_CERTTEMPLATE_fill, @@ -147,7 +72,7 @@ OSSL_CRMF_MSG_create_popo, OSSL_CRMF_MSGS_verify_popo \&\- functions populating and verifying CRMF CertReqMsg structures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -175,57 +100,57 @@ \& int rid, int acceptRAVerified, \& OSSL_LIB_CTX *libctx, const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_CRMF_MSG_set0_validity()\fR sets the \fInotBefore\fR and \fInotAfter\fR fields as validity constraints in the certTemplate of \fIcrm\fR. -Any of the \fInotBefore\fR and \fInotAfter\fR parameters may be \s-1NULL,\s0 +Any of the \fInotBefore\fR and \fInotAfter\fR parameters may be NULL, which means no constraint for the respective field. On success ownership of \fInotBefore\fR and \fInotAfter\fR is transferred to \fIcrm\fR. .PP \&\fBOSSL_CRMF_MSG_set_certReqId()\fR sets \fIrid\fR as the certReqId of \fIcrm\fR. .PP \&\fBOSSL_CRMF_CERTTEMPLATE_fill()\fR sets those fields of the certTemplate \fItmpl\fR -for which non-NULL values are provided: \fIpubkey\fR, \fIsubject\fR, \fIissuer\fR, +for which non\-NULL values are provided: \fIpubkey\fR, \fIsubject\fR, \fIissuer\fR, and/or \fIserial\fR. X.509 extensions may be set using \fBOSSL_CRMF_MSG_set0_extensions()\fR. On success the reference counter of the \fIpubkey\fR (if given) is incremented, while the \fIsubject\fR, \fIissuer\fR, and \fIserial\fR structures (if given) are copied. .PP \&\fBOSSL_CRMF_MSG_set0_extensions()\fR sets \fIexts\fR as the extensions in the -certTemplate of \fIcrm\fR. Frees any pre-existing ones and consumes \fIexts\fR. +certTemplate of \fIcrm\fR. Frees any pre\-existing ones and consumes \fIexts\fR. .PP \&\fBOSSL_CRMF_MSG_push0_extension()\fR pushes the X509 extension \fIext\fR to the extensions in the certTemplate of \fIcrm\fR. Consumes \fIext\fR. .PP -\&\fBOSSL_CRMF_MSG_create_popo()\fR creates and sets the Proof-of-Possession (\s-1POPO\s0) +\&\fBOSSL_CRMF_MSG_create_popo()\fR creates and sets the Proof\-of\-Possession (POPO) according to the method \fImeth\fR in \fIcrm\fR. The library context \fIlibctx\fR and property query string \fIpropq\fR, -may be \s-1NULL\s0 to select the defaults. -In case the method is \s-1OSSL_CRMF_POPO_SIGNATURE\s0 the \s-1POPO\s0 is calculated +may be NULL to select the defaults. +In case the method is OSSL_CRMF_POPO_SIGNATURE the POPO is calculated using the private key \fIpkey\fR and the digest method \fIdigest\fR, where the \fIdigest\fR argument is ignored if \fIpkey\fR is of a type (such as Ed25519 and Ed448) that is implicitly associated with a digest algorithm. .PP \&\fImeth\fR can be one of the following: -.IP "\(bu" 8 -\&\s-1OSSL_CRMF_POPO_NONE\s0 \- \s-1RFC 4211,\s0 section 4, \s-1POP\s0 field omitted. -\&\s-1CA/RA\s0 uses out-of-band method to verify \s-1POP.\s0 Note that servers may fail in this -case, resulting for instance in \s-1HTTP\s0 error code 500 (Internal error). -.IP "\(bu" 8 -\&\s-1OSSL_CRMF_POPO_RAVERIFIED\s0 \- \s-1RFC 4211,\s0 section 4, explicit indication -that the \s-1RA\s0 has already verified the \s-1POP.\s0 -.IP "\(bu" 8 -\&\s-1OSSL_CRMF_POPO_SIGNATURE\s0 \- \s-1RFC 4211,\s0 section 4.1, only case 3 supported +.IP \(bu 8 +OSSL_CRMF_POPO_NONE \- RFC 4211, section 4, POP field omitted. +CA/RA uses out\-of\-band method to verify POP. Note that servers may fail in this +case, resulting for instance in HTTP error code 500 (Internal error). +.IP \(bu 8 +OSSL_CRMF_POPO_RAVERIFIED \- RFC 4211, section 4, explicit indication +that the RA has already verified the POP. +.IP \(bu 8 +OSSL_CRMF_POPO_SIGNATURE \- RFC 4211, section 4.1, only case 3 supported so far. -.IP "\(bu" 8 -\&\s-1OSSL_CRMF_POPO_KEYENC\s0 \- \s-1RFC 4211,\s0 section 4.2, only indirect method +.IP \(bu 8 +OSSL_CRMF_POPO_KEYENC \- RFC 4211, section 4.2, only indirect method (subsequentMessage/enccert) supported, -challenge-response exchange (challengeResp) not yet supported. -.IP "\(bu" 8 -\&\s-1OSSL_CRMF_POPO_KEYAGREE\s0 \- \s-1RFC 4211,\s0 section 4.3, not yet supported. +challenge\-response exchange (challengeResp) not yet supported. +.IP \(bu 8 +OSSL_CRMF_POPO_KEYAGREE \- RFC 4211, section 4.3, not yet supported. .PP -OSSL_CRMF_MSGS_verify_popo verifies the Proof-of-Possession of the request with +OSSL_CRMF_MSGS_verify_popo verifies the Proof\-of\-Possession of the request with the given \fIrid\fR in the list of \fIreqs\fR. Optionally accepts RAVerified. It can make use of the library context \fIlibctx\fR and property query string \fIpropq\fR. .SH "RETURN VALUES" @@ -233,15 +158,15 @@ All functions return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1RFC 4211\s0 -.SH "HISTORY" +RFC 4211 +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CRMF support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3ossl" -.TH OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CRMF_MSG_get0_regCtrl_regToken, OSSL_CRMF_MSG_set1_regCtrl_regToken, OSSL_CRMF_MSG_get0_regCtrl_authenticator, @@ -154,7 +79,7 @@ OSSL_CRMF_MSG_set1_regCtrl_oldCertID, OSSL_CRMF_CERTID_gen \&\- functions getting or setting CRMF Registration Controls -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -189,73 +114,73 @@ \& OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, \& const ASN1_INTEGER *serial); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Each of the \fBOSSL_CRMF_MSG_get0_regCtrl_X()\fR functions returns the respective control X in the given \fImsg\fR, if present. .PP \&\fBOSSL_CRMF_MSG_set1_regCtrl_regToken()\fR sets the regToken control in the given -\&\fImsg\fR copying the given \fItok\fR as value. See \s-1RFC 4211,\s0 section 6.1. +\&\fImsg\fR copying the given \fItok\fR as value. See RFC 4211, section 6.1. .PP \&\fBOSSL_CRMF_MSG_set1_regCtrl_authenticator()\fR sets the authenticator control in -the given \fImsg\fR copying the given \fIauth\fR as value. See \s-1RFC 4211,\s0 section 6.2. +the given \fImsg\fR copying the given \fIauth\fR as value. See RFC 4211, section 6.2. .PP \&\fBOSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo()\fR pushes the given \fIspi\fR to \fIsi\fR. Consumes the \fIspi\fR pointer. .PP \&\fBOSSL_CRMF_MSG_set0_SinglePubInfo()\fR sets in the given SinglePubInfo \fIspi\fR the \fImethod\fR and publication location, in the form of a GeneralName, \fInm\fR. -The publication location is optional, and therefore \fInm\fR may be \s-1NULL.\s0 +The publication location is optional, and therefore \fInm\fR may be NULL. The function consumes the \fInm\fR pointer if present. Available methods are: - # define \s-1OSSL_CRMF_PUB_METHOD_DONTCARE 0\s0 - # define \s-1OSSL_CRMF_PUB_METHOD_X500\s0 1 - # define \s-1OSSL_CRMF_PUB_METHOD_WEB\s0 2 - # define \s-1OSSL_CRMF_PUB_METHOD_LDAP\s0 3 + # define OSSL_CRMF_PUB_METHOD_DONTCARE 0 + # define OSSL_CRMF_PUB_METHOD_X500 1 + # define OSSL_CRMF_PUB_METHOD_WEB 2 + # define OSSL_CRMF_PUB_METHOD_LDAP 3 .PP \&\fBOSSL_CRMF_MSG_set_PKIPublicationInfo_action()\fR sets the action in the given \fIpi\fR -using the given \fIaction\fR as value. See \s-1RFC 4211,\s0 section 6.3. +using the given \fIaction\fR as value. See RFC 4211, section 6.3. Available actions are: - # define \s-1OSSL_CRMF_PUB_ACTION_DONTPUBLISH\s0 0 - # define \s-1OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1\s0 + # define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 + # define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 .PP \&\fBOSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo()\fR sets the pkiPublicationInfo -control in the given \fImsg\fR copying the given \fItok\fR as value. See \s-1RFC 4211,\s0 +control in the given \fImsg\fR copying the given \fItok\fR as value. See RFC 4211, section 6.3. .PP \&\fBOSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey()\fR sets the protocolEncrKey control in -the given \fImsg\fR copying the given \fIpubkey\fR as value. See \s-1RFC 4211\s0 section 6.6. +the given \fImsg\fR copying the given \fIpubkey\fR as value. See RFC 4211 section 6.6. .PP \&\fBOSSL_CRMF_MSG_set1_regCtrl_oldCertID()\fR sets the \fBoldCertID\fR regToken control in -the given \fImsg\fR copying the given \fIcid\fR as value. See \s-1RFC 4211,\s0 section 6.5. +the given \fImsg\fR copying the given \fIcid\fR as value. See RFC 4211, section 6.5. .PP OSSL_CRMF_CERTID_gen produces an OSSL_CRMF_CERTID_gen structure copying the given \fIissuer\fR name and \fIserial\fR number. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All OSSL_CRMF_MSG_get0_*() functions -return the respective pointer value or \s-1NULL\s0 if not present and on error. +return the respective pointer value or NULL if not present and on error. .PP All OSSL_CRMF_MSG_set1_*() functions return 1 on success, 0 on error. .PP \&\fBOSSL_CRMF_CERTID_gen()\fR returns a pointer to the resulting structure -or \s-1NULL\s0 on error. -.SH "NOTES" +or NULL on error. +.SH NOTES .IX Header "NOTES" A function \fBOSSL_CRMF_MSG_set1_regCtrl_pkiArchiveOptions()\fR for setting an Archive Options Control is not yet implemented due to missing features to -create the needed \s-1OSSL_CRMF_PKIARCHIVEOPTINS\s0 content. +create the needed OSSL_CRMF_PKIARCHIVEOPTINS content. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1RFC 4211\s0 -.SH "HISTORY" +RFC 4211 +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CRMF support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3ossl" -.TH OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CRMF_MSG_get0_regInfo_utf8Pairs, OSSL_CRMF_MSG_set1_regInfo_utf8Pairs, OSSL_CRMF_MSG_get0_regInfo_certReq, OSSL_CRMF_MSG_set1_regInfo_certReq \&\- functions getting or setting CRMF Registration Info -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,41 +83,41 @@ \& int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, \& const OSSL_CRMF_CERTREQUEST *cr); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_CRMF_MSG_get0_regInfo_utf8Pairs()\fR returns the first utf8Pairs regInfo in the given \fImsg\fR, if present. .PP \&\fBOSSL_CRMF_MSG_set1_regInfo_utf8Pairs()\fR adds a copy of the given \fIutf8pairs\fR -value as utf8Pairs regInfo to the given \fImsg\fR. See \s-1RFC 4211\s0 section 7.1. +value as utf8Pairs regInfo to the given \fImsg\fR. See RFC 4211 section 7.1. .PP \&\fBOSSL_CRMF_MSG_get0_regInfo_certReq()\fR returns the first certReq regInfo in the given \fImsg\fR, if present. .PP \&\fBOSSL_CRMF_MSG_set1_regInfo_certReq()\fR adds a copy of the given \fIcr\fR value -as certReq regInfo to the given \fImsg\fR. See \s-1RFC 4211\s0 section 7.2. +as certReq regInfo to the given \fImsg\fR. See RFC 4211 section 7.2. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -All get0_*() functions return the respective pointer value, \s-1NULL\s0 if not present. +All get0_*() functions return the respective pointer value, NULL if not present. .PP All set1_*() functions return 1 on success, 0 on error. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Calling the set1_*() functions multiple times adds multiple instances of the respective -control to the regInfo structure of the given \fImsg\fR. While \s-1RFC 4211\s0 expects +control to the regInfo structure of the given \fImsg\fR. While RFC 4211 expects multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1RFC 4211\s0 -.SH "HISTORY" +RFC 4211 +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CRMF support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_CRMF_pbmp_new.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_CRMF_pbmp_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_CRMF_PBMP_NEW 3ossl" -.TH OSSL_CRMF_PBMP_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_CRMF_PBMP_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_CRMF_pbm_new, OSSL_CRMF_pbmp_new \&\- functions for producing Password\-Based MAC (PBM) -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,43 +82,43 @@ \& int owfnid, size_t itercnt, \& int macnid); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOSSL_CRMF_pbm_new()\fR generates a \s-1PBM\s0 (Password-Based \s-1MAC\s0) based on given \s-1PBM\s0 +\&\fBOSSL_CRMF_pbm_new()\fR generates a PBM (Password\-Based MAC) based on given PBM parameters \fIpbmp\fR, message \fImsg\fR, and secret \fIsec\fR, along with the respective lengths \fImsglen\fR and \fIseclen\fR. The optional library context \fIlibctx\fR and \fIpropq\fR parameters may be used -to influence the selection of the \s-1MAC\s0 algorithm referenced in the \fIpbmp\fR; -see \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +to influence the selection of the MAC algorithm referenced in the \fIpbmp\fR; +see "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information. On success writes the address of the newly -allocated \s-1MAC\s0 via the \fImac\fR reference parameter and writes the length via the -\&\fImaclen\fR reference parameter unless it its \s-1NULL.\s0 +allocated MAC via the \fImac\fR reference parameter and writes the length via the +\&\fImaclen\fR reference parameter unless it its NULL. .PP \&\fBOSSL_CRMF_pbmp_new()\fR initializes and returns a new \fBPBMParameter\fR structure with a new random salt of given length \fIsaltlen\fR, -\&\s-1OWF\s0 (one-way function) \s-1NID\s0 \fIowfnid\fR, \s-1OWF\s0 iteration count \fIitercnt\fR, -and \s-1MAC NID\s0 \fImacnid\fR. +OWF (one\-way function) NID \fIowfnid\fR, OWF iteration count \fIitercnt\fR, +and MAC NID \fImacnid\fR. The library context \fIlibctx\fR parameter may be used to select the provider -for the random number generation (\s-1DRBG\s0) and may be \s-1NULL\s0 for the default. -.SH "NOTES" +for the random number generation (DRBG) and may be NULL for the default. +.SH NOTES .IX Header "NOTES" -The algorithms for the \s-1OWF\s0 (one-way function) and for the \s-1MAC\s0 (message -authentication code) may be any with a \s-1NID\s0 defined in \fI\fR. -As specified by \s-1RFC 4210,\s0 these should include NID_hmac_sha1. +The algorithms for the OWF (one\-way function) and for the MAC (message +authentication code) may be any with a NID defined in \fI\fR. +As specified by RFC 4210, these should include NID_hmac_sha1. .PP -\&\s-1RFC 4210\s0 recommends that the salt \s-1SHOULD\s0 be at least 8 bytes (64 bits) long, +RFC 4210 recommends that the salt SHOULD be at least 8 bytes (64 bits) long, where 16 bytes is common. .PP -The iteration count must be at least 100, as stipulated by \s-1RFC 4211,\s0 and is +The iteration count must be at least 100, as stipulated by RFC 4211, and is limited to at most 100000 to avoid DoS through manipulated or otherwise malformed input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_CRMF_pbm_new()\fR returns 1 on success, 0 on error. .PP -\&\fBOSSL_CRMF_pbmp_new()\fR returns a new and initialized \s-1OSSL_CRMF_PBMPARAMETER\s0 -structure, or \s-1NULL\s0 on error. -.SH "EXAMPLES" +\&\fBOSSL_CRMF_pbmp_new()\fR returns a new and initialized OSSL_CRMF_PBMPARAMETER +structure, or NULL on error. +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 5 \& OSSL_CRMF_PBMPARAMETER *pbm = NULL; @@ -209,15 +134,15 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1RFC 4211\s0 section 4.4 -.SH "HISTORY" +RFC 4211 section 4.4 +.SH HISTORY .IX Header "HISTORY" -The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL CRMF support was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_DECODER.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_DECODER.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_DECODER 3ossl" -.TH OSSL_DECODER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_DECODER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_DECODER, OSSL_DECODER_fetch, OSSL_DECODER_up_ref, @@ -153,7 +78,7 @@ OSSL_DECODER_gettable_params, OSSL_DECODER_get_params \&\- Decoder method routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -178,26 +103,27 @@ \& const OSSL_PARAM *OSSL_DECODER_gettable_params(OSSL_DECODER *decoder); \& int OSSL_DECODER_get_params(OSSL_DECODER_CTX *ctx, const OSSL_PARAM params[]); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1OSSL_DECODER\s0\fR is a method for decoders, which know how to +\&\fBOSSL_DECODER\fR is a method for decoders, which know how to decode encoded data into an object of some type that the rest of OpenSSL knows how to handle. .PP \&\fBOSSL_DECODER_fetch()\fR looks for an algorithm within the provider that -has been loaded into the \fB\s-1OSSL_LIB_CTX\s0\fR given by \fIctx\fR, having the +has been loaded into the \fBOSSL_LIB_CTX\fR given by \fIctx\fR, having the name given by \fIname\fR and the properties given by \fIproperties\fR. The \fIname\fR determines what type of object the fetched decoder method is expected to be able to decode, and the properties are used to determine the expected output type. For known properties and the values they may have, please have a look -in \*(L"Names and properties\*(R" in \fBprovider\-encoder\fR\|(7). +in "Names and properties" in \fBprovider\-encoder\fR\|(7). .PP \&\fBOSSL_DECODER_up_ref()\fR increments the reference count for the given \&\fIdecoder\fR. .PP \&\fBOSSL_DECODER_free()\fR decrements the reference count for the given \&\fIdecoder\fR, and when the count reaches zero, frees it. +If the argument is NULL, nothing is done. .PP \&\fBOSSL_DECODER_get0_provider()\fR returns the provider of the given \&\fIdecoder\fR. @@ -206,7 +132,7 @@ with the given \fIdecoder\fR. .PP \&\fBOSSL_DECODER_is_a()\fR checks if \fIdecoder\fR is an implementation -of an algorithm that's identifiable with \fIname\fR. +of an algorithm that\*(Aqs identifiable with \fIname\fR. .PP \&\fBOSSL_DECODER_get0_name()\fR returns the name used to fetch the given \fIdecoder\fR. .PP @@ -222,26 +148,26 @@ \&\fIlibctx\fR, and for each of the implementations, calls \fIfn\fR with the implementation method and \fIarg\fR as arguments. .PP -\&\fBOSSL_DECODER_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) +\&\fBOSSL_DECODER_gettable_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array of parameter descriptors. .PP \&\fBOSSL_DECODER_get_params()\fR attempts to get parameters specified -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. Parameters that the -implementation doesn't recognise should be ignored. +with an \fBOSSL_PARAM\fR\|(3) array \fIparams\fR. Parameters that the +implementation doesn\*(Aqt recognise should be ignored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_DECODER_fetch()\fR returns a pointer to an \s-1OSSL_DECODER\s0 object, -or \s-1NULL\s0 on error. +\&\fBOSSL_DECODER_fetch()\fR returns a pointer to an OSSL_DECODER object, +or NULL on error. .PP \&\fBOSSL_DECODER_up_ref()\fR returns 1 on success, or 0 on error. .PP -\&\fBOSSL_DECODER_free()\fR doesn't return any value. +\&\fBOSSL_DECODER_free()\fR doesn\*(Aqt return any value. .PP \&\fBOSSL_DECODER_get0_provider()\fR returns a pointer to a provider object, or -\&\s-1NULL\s0 on error. +NULL on error. .PP \&\fBOSSL_DECODER_get0_properties()\fR returns a pointer to a property -definition string, or \s-1NULL\s0 on error. +definition string, or NULL on error. .PP \&\fBOSSL_DECODER_is_a()\fR returns 1 if \fIdecoder\fR was identifiable, otherwise 0. @@ -252,17 +178,17 @@ algorithm definition is returned. Ownership of the returned string is retained by the \fIdecoder\fR object and should not be freed by the caller. .PP -\&\fBOSSL_DECODER_get0_description()\fR returns a pointer to a description, or \s-1NULL\s0 if -there isn't one. +\&\fBOSSL_DECODER_get0_description()\fR returns a pointer to a description, or NULL if +there isn\*(Aqt one. .PP \&\fBOSSL_DECODER_names_do_all()\fR returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBOSSL_DECODER_fetch()\fR may be called implicitly by other fetching functions, using the same library context and properties. -Any other \s-1API\s0 that uses keys will typically do this. -.SH "EXAMPLES" +Any other API that uses keys will typically do this. +.SH EXAMPLES .IX Header "EXAMPLES" To list all decoders in a provider to a bio_out: .PP @@ -306,16 +232,16 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER_CTX\s0\fR\|(3), \fBOSSL_DECODER_from_bio\fR\|(3), -\&\fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_DECODER_CTX\fR\|(3), \fBOSSL_DECODER_from_bio\fR\|(3), +\&\fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3), \fBOSSL_LIB_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_DECODER_CTX 3ossl" -.TH OSSL_DECODER_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_DECODER_CTX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_DECODER_CTX, OSSL_DECODER_CTX_new, OSSL_DECODER_settable_ctx_params, @@ -165,7 +90,7 @@ OSSL_DECODER_INSTANCE_get_input_type, OSSL_DECODER_INSTANCE_get_input_structure \&\- Decoder context routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -218,14 +143,14 @@ \& void *reference, size_t reference_sz, \& OSSL_CALLBACK *export_cb, void *export_cbarg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1OSSL_DECODER_CTX\s0\fR holds data about multiple decoders, as needed to +The \fBOSSL_DECODER_CTX\fR holds data about multiple decoders, as needed to figure out what the input data is and to attempt to unpack it into one of several possible related results. This also includes chaining decoders, so the output from one can become the input for another. This allows having -generic format decoders such as \s-1PEM\s0 to \s-1DER,\s0 as well as more specialized -decoders like \s-1DER\s0 to \s-1RSA.\s0 +generic format decoders such as PEM to DER, as well as more specialized +decoders like DER to RSA. .PP The chains may be limited by specifying an input type, which is considered a starting point. This is both considered by \fBOSSL_DECODER_CTX_add_extra()\fR, @@ -233,9 +158,9 @@ added those that take the specified input type, and functions like \&\fBOSSL_DECODER_from_bio\fR\|(3), which will only start the decoding process with the decoder implementations that take that input type. For example, if the -input type is set to \f(CW\*(C`DER\*(C'\fR, a \s-1PEM\s0 to \s-1DER\s0 decoder will be ignored. +input type is set to \f(CW\*(C`DER\*(C'\fR, a PEM to DER decoder will be ignored. .PP -The input type can also be \s-1NULL,\s0 which means that the caller doesn't know +The input type can also be NULL, which means that the caller doesn\*(Aqt know what type of input they have. In this case, \fBOSSL_DECODER_from_bio()\fR will simply try with one decoder implementation after the other, and thereby discover what kind of input the caller gave it. @@ -245,25 +170,26 @@ that the caller knows how to handle from the current decoding result. The constructor is set with \fBOSSL_DECODER_CTX_set_construct()\fR. .PP -\&\fB\s-1OSSL_DECODER_INSTANCE\s0\fR is an opaque structure that contains data about the +\&\fBOSSL_DECODER_INSTANCE\fR is an opaque structure that contains data about the decoder that was just used, and that may be useful for the constructor. There are some functions to extract data from this type, described further down. -.SS "Functions" +.SS Functions .IX Subsection "Functions" -\&\fBOSSL_DECODER_CTX_new()\fR creates a new empty \fB\s-1OSSL_DECODER_CTX\s0\fR. +\&\fBOSSL_DECODER_CTX_new()\fR creates a new empty \fBOSSL_DECODER_CTX\fR. .PP -\&\fBOSSL_DECODER_settable_ctx_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array of +\&\fBOSSL_DECODER_settable_ctx_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array of parameter descriptors. .PP \&\fBOSSL_DECODER_CTX_set_params()\fR attempts to set parameters specified with an -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. These parameters are passed to all +\&\fBOSSL_PARAM\fR\|(3) array \fIparams\fR. These parameters are passed to all decoders that have been added to the \fIctx\fR so far. Parameters that an -implementation doesn't recognise should be ignored by it. +implementation doesn\*(Aqt recognise should be ignored by it. .PP \&\fBOSSL_DECODER_CTX_free()\fR frees the given context \fIctx\fR. +If the argument is NULL, nothing is done. .PP -\&\fBOSSL_DECODER_CTX_add_decoder()\fR populates the \fB\s-1OSSL_DECODER_CTX\s0\fR \fIctx\fR with +\&\fBOSSL_DECODER_CTX_add_decoder()\fR populates the \fBOSSL_DECODER_CTX\fR \fIctx\fR with a decoder, to be used to attempt to decode some encoded input. .PP \&\fBOSSL_DECODER_CTX_add_extra()\fR finds decoders that generate input for already @@ -276,7 +202,7 @@ .PP \&\fBOSSL_DECODER_CTX_set_input_structure()\fR sets the name of the structure that the input is expected to have. This may be used to determines what decoder -implementations may be used. \s-1NULL\s0 is a valid input structure, when it's not +implementations may be used. NULL is a valid input structure, when it\*(Aqs not relevant, or when the decoder implementations are expected to figure it out. .PP \&\fBOSSL_DECODER_CTX_get_num_decoders()\fR gets the number of decoders currently @@ -285,7 +211,7 @@ \&\fBOSSL_DECODER_CTX_set_construct()\fR sets the constructor \fIconstruct\fR. .PP \&\fBOSSL_DECODER_CTX_set_construct_data()\fR sets the constructor data that is -passed to the constructor every time it's called. +passed to the constructor every time it\*(Aqs called. .PP \&\fBOSSL_DECODER_CTX_set_cleanup()\fR sets the constructor data \fIcleanup\fR function. This is called by \fBOSSL_DECODER_CTX_free\fR\|(3). @@ -299,21 +225,28 @@ use the data they get directly for diverse reasons. It takes the same decode instance \fIdecoder_inst\fR that the constructor got and an object \&\fIreference\fR, unpacks the object which it refers to, and exports it by -creating an \s-1\fBOSSL_PARAM\s0\fR\|(3) array that it then passes to \fIexport_cb\fR, +creating an \fBOSSL_PARAM\fR\|(3) array that it then passes to \fIexport_cb\fR, along with \fIexport_arg\fR. -.SS "Constructor" +.PP +Note that functions \fBOSSL_DECODER_CTX_set_selection()\fR, +\&\fBOSSL_DECODER_CTX_set_output_type()\fR, \fBOSSL_DECODER_CTX_set_output_structure()\fR, +\&\fBOSSL_DECODER_CTX_add_encoder()\fR, \fBOSSL_DECODER_CTX_add_extra()\fR, +\&\fBOSSL_DECODER_CTX_set_construct()\fR, \fBOSSL_DECODER_CTX_set_construct_data()\fR, and +\&\fBOSSL_DECODER_CTX_set_cleanup()\fR shouldn\*(Aqt be used after the context is finalised, +in particular after calling the function \fBOSSL_DECODER_CTX_new_for_pkey()\fR. +.SS Constructor .IX Subsection "Constructor" -A \fB\s-1OSSL_DECODER_CONSTRUCT\s0\fR gets the following arguments: -.IP "\fIdecoder_inst\fR" 4 +A \fBOSSL_DECODER_CONSTRUCT\fR gets the following arguments: +.IP \fIdecoder_inst\fR 4 .IX Item "decoder_inst" -The \fB\s-1OSSL_DECODER_INSTANCE\s0\fR for the decoder from which the constructor gets +The \fBOSSL_DECODER_INSTANCE\fR for the decoder from which the constructor gets its data. -.IP "\fIobject\fR" 4 +.IP \fIobject\fR 4 .IX Item "object" -A provider-native object abstraction produced by the decoder. Further -information on the provider-native object abstraction can be found in +A provider\-native object abstraction produced by the decoder. Further +information on the provider\-native object abstraction can be found in \&\fBprovider\-object\fR\|(7). -.IP "\fIconstruct_data\fR" 4 +.IP \fIconstruct_data\fR 4 .IX Item "construct_data" The pointer that was set with \fBOSSL_DECODE_CTX_set_construct_data()\fR. .PP @@ -326,22 +259,22 @@ implementation from a decoder instance \fIdecoder_inst\fR. .PP \&\fBOSSL_DECODER_INSTANCE_get_decoder_ctx()\fR can be used to get the decoder -implementation's provider context from a decoder instance \fIdecoder_inst\fR. +implementation\*(Aqs provider context from a decoder instance \fIdecoder_inst\fR. .PP \&\fBOSSL_DECODER_INSTANCE_get_input_type()\fR can be used to get the decoder -implementation's input type from a decoder instance \fIdecoder_inst\fR. +implementation\*(Aqs input type from a decoder instance \fIdecoder_inst\fR. .PP \&\fBOSSL_DECODER_INSTANCE_get_input_structure()\fR can be used to get the input structure for the decoder implementation from a decoder instance \&\fIdecoder_inst\fR. -This may be \s-1NULL.\s0 +This may be NULL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_DECODER_CTX_new()\fR returns a pointer to a \fB\s-1OSSL_DECODER_CTX\s0\fR, or \s-1NULL\s0 -if the context structure couldn't be allocated. +\&\fBOSSL_DECODER_CTX_new()\fR returns a pointer to a \fBOSSL_DECODER_CTX\fR, or NULL +if the context structure couldn\*(Aqt be allocated. .PP -\&\fBOSSL_DECODER_settable_ctx_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array, or -\&\s-1NULL\s0 if none is available. +\&\fBOSSL_DECODER_settable_ctx_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array, or +NULL if none is available. .PP \&\fBOSSL_DECODER_CTX_set_params()\fR returns 1 if all recognised parameters were valid, or 0 if one of them was invalid or caused some other failure in the @@ -356,26 +289,26 @@ constructor, the constructor data and the cleanup functions, respectively. .PP \&\fBOSSL_DECODER_CTX_num_decoders()\fR returns the current number of decoders. It -returns 0 if \fIctx\fR is \s-1NULL.\s0 +returns 0 if \fIctx\fR is NULL. .PP \&\fBOSSL_DECODER_export()\fR returns 1 on success, or 0 on failure. .PP -\&\fBOSSL_DECODER_INSTANCE_decoder()\fR returns an \fB\s-1OSSL_DECODER\s0\fR pointer on -success, or \s-1NULL\s0 on failure. +\&\fBOSSL_DECODER_INSTANCE_decoder()\fR returns an \fBOSSL_DECODER\fR pointer on +success, or NULL on failure. .PP \&\fBOSSL_DECODER_INSTANCE_decoder_ctx()\fR returns a provider context pointer on -success, or \s-1NULL\s0 on failure. +success, or NULL on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER\s0\fR\|(3), \fBOSSL_DECODER_from_bio\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_DECODER\fR\|(3), \fBOSSL_DECODER_from_bio\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX_new_for_pkey.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX_new_for_pkey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_DECODER_CTX_NEW_FOR_PKEY 3ossl" -.TH OSSL_DECODER_CTX_NEW_FOR_PKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_DECODER_CTX_NEW_FOR_PKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_DECODER_CTX_new_for_pkey, OSSL_DECODER_CTX_set_passphrase, OSSL_DECODER_CTX_set_pem_password_cb, OSSL_DECODER_CTX_set_passphrase_ui, OSSL_DECODER_CTX_set_passphrase_cb \&\- Decoder routines to decode EVP_PKEYs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -170,44 +95,48 @@ \& OSSL_PASSPHRASE_CALLBACK *cb, \& void *cbarg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_DECODER_CTX_new_for_pkey()\fR is a utility function that creates a -\&\fB\s-1OSSL_DECODER_CTX\s0\fR, finds all applicable decoder implementations and sets +\&\fBOSSL_DECODER_CTX\fR, finds all applicable decoder implementations and sets them up, so all the caller has to do next is call functions like \&\fBOSSL_DECODER_from_bio\fR\|(3). The caller may use the optional \fIinput_type\fR, \&\fIinput_struct\fR, \fIkeytype\fR and \fIselection\fR to specify what the input is -expected to contain. The \fIpkey\fR must reference an \fB\s-1EVP_PKEY\s0 *\fR variable -that will be set to the newly created \fB\s-1EVP_PKEY\s0\fR on successful decoding. -The referenced variable must be initialized to \s-1NULL\s0 before calling the +expected to contain. The \fIpkey\fR must reference an \fBEVP_PKEY *\fR variable +that will be set to the newly created \fBEVP_PKEY\fR on successful decoding. +The referenced variable must be initialized to NULL before calling the function. .PP Internally \fBOSSL_DECODER_CTX_new_for_pkey()\fR searches for all available -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3) implementations, and then builds a list of all potential +\&\fBEVP_KEYMGMT\fR\|(3) implementations, and then builds a list of all potential decoder implementations that may be able to process the encoded input into -data suitable for \fB\s-1EVP_PKEY\s0\fRs. All these implementations are implicitly +data suitable for \fBEVP_PKEY\fRs. All these implementations are implicitly fetched using \fIlibctx\fR and \fIpropquery\fR. .PP The search of decoder implementations can be limited with \fIinput_type\fR and \&\fIinput_struct\fR which specifies a starting input type and input structure. -\&\s-1NULL\s0 is valid for both of them and signifies that the decoder implementations +NULL is valid for both of them and signifies that the decoder implementations will find out the input type on their own. They are set with \fBOSSL_DECODER_CTX_set_input_type\fR\|(3) and \&\fBOSSL_DECODER_CTX_set_input_structure\fR\|(3). -See \*(L"Input Types\*(R" and \*(L"Input Structures\*(R" below for further information. +See "Input Types" and "Input Structures" below for further information. .PP The search of decoder implementations can also be limited with \fIkeytype\fR and \fIselection\fR, which specifies the expected resulting keytype and contents. -\&\s-1NULL\s0 and zero are valid and signify that the decoder implementations will +NULL and zero are valid and signify that the decoder implementations will find out the keytype and key contents on their own from the input they get. .PP If no suitable decoder implementation is found, -\&\fBOSSL_DECODER_CTX_new_for_pkey()\fR still creates a \fB\s-1OSSL_DECODER_CTX\s0\fR, but +\&\fBOSSL_DECODER_CTX_new_for_pkey()\fR still creates a \fBOSSL_DECODER_CTX\fR, but with no associated decoder (\fBOSSL_DECODER_CTX_get_num_decoders\fR\|(3) returns zero). This helps the caller to distinguish between an error when creating -the \fB\s-1OSSL_ENCODER_CTX\s0\fR and missing encoder implementation, and allows it to +the \fBOSSL_ENCODER_CTX\fR and missing encoder implementation, and allows it to act accordingly. .PP +Note that \fBOSSL_DECODER_CTX_new_for_pkey()\fR finalises the OSSL_DECODER_CTX; +after that the OSSL_DECODER_CTX_set_* and OSSL_DECODER_CTX_add_* functions +described in \fBOSSL_DECODER_CTX\fR\|(3) shouldn\*(Aqt be called. +.PP \&\fBOSSL_DECODER_CTX_set_passphrase()\fR gives the implementation a pass phrase to use when decrypting the encoded private key. Alternatively, a pass phrase callback may be specified with the following functions. @@ -216,10 +145,10 @@ and \fBOSSL_DECODER_CTX_set_passphrase_cb()\fR set up a callback method that the implementation can use to prompt for a pass phrase, giving the caller the choice of preferred pass phrase callback form. These are called indirectly, -through an internal \s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3) function. +through an internal \fBOSSL_PASSPHRASE_CALLBACK\fR\|(3) function. .PP -The internal \s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3) function caches the pass phrase, to -be re-used in all decodings that are performed in the same decoding run (for +The internal \fBOSSL_PASSPHRASE_CALLBACK\fR\|(3) function caches the pass phrase, to +be reused in all decodings that are performed in the same decoding run (for example, within one \fBOSSL_DECODER_from_bio\fR\|(3) call). .SS "Input Types" .IX Subsection "Input Types" @@ -227,7 +156,7 @@ offer, and provider documentation should have the details. .PP Among the known input types that OpenSSL decoder implementations offer -for \fB\s-1EVP_PKEY\s0\fRs are \f(CW\*(C`DER\*(C'\fR, \f(CW\*(C`PEM\*(C'\fR, \f(CW\*(C`MSBLOB\*(C'\fR and \f(CW\*(C`PVK\*(C'\fR. +for \fBEVP_PKEY\fRs are \f(CW\*(C`DER\*(C'\fR, \f(CW\*(C`PEM\*(C'\fR, \f(CW\*(C`MSBLOB\*(C'\fR and \f(CW\*(C`PVK\*(C'\fR. See \fBopenssl\-glossary\fR\|(7) for further information on what these input types mean. .SS "Input Structures" @@ -236,22 +165,22 @@ providers offer, and provider documentation should have the details. .PP Among the known input structures that OpenSSL decoder implementations -offer for \fB\s-1EVP_PKEY\s0\fRs are \f(CW\*(C`pkcs8\*(C'\fR and \f(CW\*(C`SubjectPublicKeyInfo\*(C'\fR. +offer for \fBEVP_PKEY\fRs are \f(CW\*(C`pkcs8\*(C'\fR and \f(CW\*(C`SubjectPublicKeyInfo\*(C'\fR. .PP OpenSSL decoder implementations also support the input structure \&\f(CW\*(C`type\-specific\*(C'\fR. This is the structure used for keys encoded -according to key type specific specifications. For example, \s-1RSA\s0 keys +according to key type specific specifications. For example, RSA keys encoded according to PKCS#1. -.SS "Selections" +.SS Selections .IX Subsection "Selections" \&\fIselection\fR can be any one of the values described in -\&\*(L"Selections\*(R" in \fBEVP_PKEY_fromdata\fR\|(3). +"Selections" in \fBEVP_PKEY_fromdata\fR\|(3). Additionally \fIselection\fR can also be set to \fB0\fR to indicate that the code will auto detect the selection. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_DECODER_CTX_new_for_pkey()\fR returns a pointer to a -\&\fB\s-1OSSL_DECODER_CTX\s0\fR, or \s-1NULL\s0 if it couldn't be created. +\&\fBOSSL_DECODER_CTX\fR, or NULL if it couldn\*(Aqt be created. .PP \&\fBOSSL_DECODER_CTX_set_passphrase()\fR, \fBOSSL_DECODER_CTX_set_pem_password_cb()\fR, \&\fBOSSL_DECODER_CTX_set_passphrase_ui()\fR and @@ -259,15 +188,15 @@ failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER\s0\fR\|(3), \s-1\fBOSSL_DECODER_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_DECODER\fR\|(3), \fBOSSL_DECODER_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_DECODER_from_bio.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_DECODER_from_bio.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_DECODER_FROM_BIO 3ossl" -.TH OSSL_DECODER_FROM_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_DECODER_FROM_BIO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_DECODER_from_data, OSSL_DECODER_from_bio, OSSL_DECODER_from_fp \&\- Routines to perform a decoding -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,29 +80,29 @@ .Ve .PP Feature availability macros: -.IP "\fBOSSL_DECODER_from_fp()\fR is only available when \fB\s-1OPENSSL_NO_STDIO\s0\fR is undefined." 4 +.IP "\fBOSSL_DECODER_from_fp()\fR is only available when \fBOPENSSL_NO_STDIO\fR is undefined." 4 .IX Item "OSSL_DECODER_from_fp() is only available when OPENSSL_NO_STDIO is undefined." -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_DECODER_from_data()\fR runs the decoding process for the context \fIctx\fR, with input coming from \fI*pdata\fR, \fI*pdata_len\fR bytes long. Both \fI*pdata\fR -and \fI*pdata_len\fR must be non-NULL. When \fBOSSL_DECODER_from_data()\fR returns, +and \fI*pdata_len\fR must be non\-NULL. When \fBOSSL_DECODER_from_data()\fR returns, \&\fI*pdata\fR is updated to point at the location after what has been decoded, and \fI*pdata_len\fR to have the number of remaining bytes. .PP \&\fBOSSL_DECODER_from_bio()\fR runs the decoding process for the context \fIctx\fR, -with the input coming from the \fB\s-1BIO\s0\fR \fIin\fR. Should it make a difference, -it's recommended to have the \s-1BIO\s0 set in binary mode rather than text mode. +with the input coming from the \fBBIO\fR \fIin\fR. Should it make a difference, +it\*(Aqs recommended to have the BIO set in binary mode rather than text mode. .PP \&\fBOSSL_DECODER_from_fp()\fR does the same thing as \fBOSSL_DECODER_from_bio()\fR, -except that the input is coming from the \fB\s-1FILE\s0\fR \fIfp\fR. +except that the input is coming from the \fBFILE\fR \fIfp\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_DECODER_from_bio()\fR, \fBOSSL_DECODER_from_data()\fR and \fBOSSL_DECODER_from_fp()\fR return 1 on success, or 0 on failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -To decode an \s-1RSA\s0 key encoded with \s-1PEM\s0 from a bio: +To decode an RSA key encoded with PEM from a bio: .PP .Vb 6 \& OSSL_DECODER_CTX *dctx; @@ -204,7 +129,7 @@ \& OSSL_DECODER_CTX_free(dctx); .Ve .PP -To decode an \s-1EC\s0 key encoded with \s-1DER\s0 from a buffer: +To decode an EC key encoded with DER from a buffer: .PP .Vb 8 \& OSSL_DECODER_CTX *dctx; @@ -235,15 +160,15 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_DECODER_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_DISPATCH.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_DISPATCH.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_DISPATCH 3ossl" -.TH OSSL_DISPATCH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_DISPATCH 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_DISPATCH \- OpenSSL Core type to define a dispatchable function table -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,20 +76,20 @@ \& void (*function)(void); \& }; .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This type is a tuple of function identity and function pointer. Arrays of this type are passed between the OpenSSL libraries and the providers to describe what functionality one side provides to the other. .PP Arrays of this type must be terminated with a tuple having function identity -zero and function pointer \s-1NULL.\s0 -.SS "\fB\s-1OSSL_DISPATCH\s0\fP fields" +zero and function pointer NULL. +.SS "\fBOSSL_DISPATCH\fP fields" .IX Subsection "OSSL_DISPATCH fields" -.IP "\fIfunction_id\fR" 4 +.IP \fIfunction_id\fR 4 .IX Item "function_id" OpenSSL defined function identity of the implemented function. -.IP "\fIfunction\fR" 4 +.IP \fIfunction\fR 4 .IX Item "function" Pointer to the implemented function itself. Despite the generic definition of this field, the implemented function it points to must have a function @@ -173,8 +98,8 @@ Available function identities and corresponding function signatures are defined in \fBopenssl\-core_dispatch.h\fR\|(7). Furthermore, the chosen function identities and associated function -signature must be chosen specifically for the operation that it's intended -for, as determined by the intended \s-1\fBOSSL_ALGORITHM\s0\fR\|(3) array. +signature must be chosen specifically for the operation that it\*(Aqs intended +for, as determined by the intended \fBOSSL_ALGORITHM\fR\|(3) array. .PP Any function identity not recognised by the recipient of this type will be ignored. @@ -183,15 +108,15 @@ mechanism. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBopenssl\-core_dispatch.h\fR\|(7), \s-1\fBOSSL_ALGORITHM\s0\fR\|(3) -.SH "HISTORY" +\&\fBcrypto\fR\|(7), \fBopenssl\-core_dispatch.h\fR\|(7), \fBOSSL_ALGORITHM\fR\|(3) +.SH HISTORY .IX Header "HISTORY" -\&\fB\s-1OSSL_DISPATCH\s0\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +\&\fBOSSL_DISPATCH\fR was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_ENCODER.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_ENCODER.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_ENCODER 3ossl" -.TH OSSL_ENCODER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_ENCODER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_ENCODER, OSSL_ENCODER_fetch, OSSL_ENCODER_up_ref, @@ -153,7 +78,7 @@ OSSL_ENCODER_gettable_params, OSSL_ENCODER_get_params \&\- Encoder method routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -178,26 +103,27 @@ \& const OSSL_PARAM *OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder); \& int OSSL_ENCODER_get_params(OSSL_ENCODER_CTX *ctx, const OSSL_PARAM params[]); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1OSSL_ENCODER\s0\fR is a method for encoders, which know how to -encode an object of some kind to a encoded form, such as \s-1PEM, -DER,\s0 or even human readable text. +\&\fBOSSL_ENCODER\fR is a method for encoders, which know how to +encode an object of some kind to a encoded form, such as PEM, +DER, or even human readable text. .PP \&\fBOSSL_ENCODER_fetch()\fR looks for an algorithm within the provider that -has been loaded into the \fB\s-1OSSL_LIB_CTX\s0\fR given by \fIctx\fR, having the +has been loaded into the \fBOSSL_LIB_CTX\fR given by \fIctx\fR, having the name given by \fIname\fR and the properties given by \fIproperties\fR. The \fIname\fR determines what type of object the fetched encoder method is expected to be able to encode, and the properties are used to determine the expected output type. For known properties and the values they may have, please have a look -in \*(L"Names and properties\*(R" in \fBprovider\-encoder\fR\|(7). +in "Names and properties" in \fBprovider\-encoder\fR\|(7). .PP \&\fBOSSL_ENCODER_up_ref()\fR increments the reference count for the given \&\fIencoder\fR. .PP \&\fBOSSL_ENCODER_free()\fR decrements the reference count for the given \&\fIencoder\fR, and when the count reaches zero, frees it. +If the argument is NULL, nothing is done. .PP \&\fBOSSL_ENCODER_get0_provider()\fR returns the provider of the given \&\fIencoder\fR. @@ -206,7 +132,7 @@ with the given \fIencoder\fR. .PP \&\fBOSSL_ENCODER_is_a()\fR checks if \fIencoder\fR is an implementation of an -algorithm that's identifiable with \fIname\fR. +algorithm that\*(Aqs identifiable with \fIname\fR. .PP \&\fBOSSL_ENCODER_get0_name()\fR returns the name used to fetch the given \fIencoder\fR. .PP @@ -222,27 +148,27 @@ \&\fIlibctx\fR, and for each of the implementations, calls \fIfn\fR with the implementation method and \fIarg\fR as arguments. .PP -\&\fBOSSL_ENCODER_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) +\&\fBOSSL_ENCODER_gettable_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array of parameter descriptors. .PP \&\fBOSSL_ENCODER_get_params()\fR attempts to get parameters specified -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. Parameters that the -implementation doesn't recognise should be ignored. +with an \fBOSSL_PARAM\fR\|(3) array \fIparams\fR. Parameters that the +implementation doesn\*(Aqt recognise should be ignored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_ENCODER_fetch()\fR returns a pointer to the key management -implementation represented by an \s-1OSSL_ENCODER\s0 object, or \s-1NULL\s0 on +implementation represented by an OSSL_ENCODER object, or NULL on error. .PP \&\fBOSSL_ENCODER_up_ref()\fR returns 1 on success, or 0 on error. .PP -\&\fBOSSL_ENCODER_free()\fR doesn't return any value. +\&\fBOSSL_ENCODER_free()\fR doesn\*(Aqt return any value. .PP \&\fBOSSL_ENCODER_get0_provider()\fR returns a pointer to a provider object, or -\&\s-1NULL\s0 on error. +NULL on error. .PP \&\fBOSSL_ENCODER_get0_properties()\fR returns a pointer to a property -definition string, or \s-1NULL\s0 on error. +definition string, or NULL on error. .PP \&\fBOSSL_ENCODER_is_a()\fR returns 1 of \fIencoder\fR was identifiable, otherwise 0. @@ -253,23 +179,23 @@ algorithm definition is returned. Ownership of the returned string is retained by the \fIencoder\fR object and should not be freed by the caller. .PP -\&\fBOSSL_ENCODER_get0_description()\fR returns a pointer to a description, or \s-1NULL\s0 if -there isn't one. +\&\fBOSSL_ENCODER_get0_description()\fR returns a pointer to a description, or NULL if +there isn\*(Aqt one. .PP \&\fBOSSL_ENCODER_names_do_all()\fR returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_ENCODER_CTX\s0\fR\|(3), \fBOSSL_ENCODER_to_bio\fR\|(3), -\&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_ENCODER_CTX\fR\|(3), \fBOSSL_ENCODER_to_bio\fR\|(3), +\&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3), \fBOSSL_LIB_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_ENCODER_CTX 3ossl" -.TH OSSL_ENCODER_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_ENCODER_CTX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_ENCODER_CTX, OSSL_ENCODER_CTX_new, OSSL_ENCODER_settable_ctx_params, @@ -161,7 +86,7 @@ OSSL_ENCODER_CTX_set_construct_data, OSSL_ENCODER_CTX_set_cleanup \&\- Encoder context routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -206,40 +131,41 @@ \& int OSSL_ENCODER_CTX_set_cleanup(OSSL_ENCODER_CTX *ctx, \& OSSL_ENCODER_CLEANUP *cleanup); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Encoding an input object to the desired encoding may be done with a chain of encoder implementations, which means that the output from one encoder may be -the input for the next in the chain. The \fB\s-1OSSL_ENCODER_CTX\s0\fR holds all the +the input for the next in the chain. The \fBOSSL_ENCODER_CTX\fR holds all the data about these encoders. This allows having generic format encoders such -as \s-1DER\s0 to \s-1PEM,\s0 as well as more specialized encoders like \s-1RSA\s0 to \s-1DER.\s0 +as DER to PEM, as well as more specialized encoders like RSA to DER. .PP The final output type must be given, and a chain of encoders must end with an implementation that produces that output type. .PP At the beginning of the encoding process, a constructor provided by the -caller is called to ensure that there is an appropriate provider-side object +caller is called to ensure that there is an appropriate provider\-side object to start with. The constructor is set with \fBOSSL_ENCODER_CTX_set_construct()\fR. .PP -\&\fB\s-1OSSL_ENCODER_INSTANCE\s0\fR is an opaque structure that contains data about the +\&\fBOSSL_ENCODER_INSTANCE\fR is an opaque structure that contains data about the encoder that is going to be used, and that may be useful for the constructor. There are some functions to extract data from this type, -described in \*(L"Constructor\*(R" below. -.SS "Functions" +described in "Constructor" below. +.SS Functions .IX Subsection "Functions" -\&\fBOSSL_ENCODER_CTX_new()\fR creates a \fB\s-1OSSL_ENCODER_CTX\s0\fR. +\&\fBOSSL_ENCODER_CTX_new()\fR creates a \fBOSSL_ENCODER_CTX\fR. .PP -\&\fBOSSL_ENCODER_settable_ctx_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) +\&\fBOSSL_ENCODER_settable_ctx_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array of parameter descriptors. .PP \&\fBOSSL_ENCODER_CTX_set_params()\fR attempts to set parameters specified -with an \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. Parameters that the -implementation doesn't recognise should be ignored. +with an \fBOSSL_PARAM\fR\|(3) array \fIparams\fR. Parameters that the +implementation doesn\*(Aqt recognise should be ignored. .PP \&\fBOSSL_ENCODER_CTX_free()\fR frees the given context \fIctx\fR. +If the argument is NULL, nothing is done. .PP -\&\fBOSSL_ENCODER_CTX_add_encoder()\fR populates the \fB\s-1OSSL_ENCODER_CTX\s0\fR +\&\fBOSSL_ENCODER_CTX_add_encoder()\fR populates the \fBOSSL_ENCODER_CTX\fR \&\fIctx\fR with a encoder, to be used to encode an input object. .PP \&\fBOSSL_ENCODER_CTX_add_extra()\fR finds encoders that further encodes output @@ -260,24 +186,31 @@ \&\fBOSSL_ENCODER_CTX_set_construct()\fR sets the constructor \fIconstruct\fR. .PP \&\fBOSSL_ENCODER_CTX_set_construct_data()\fR sets the constructor data that is -passed to the constructor every time it's called. +passed to the constructor every time it\*(Aqs called. .PP \&\fBOSSL_ENCODER_CTX_set_cleanup()\fR sets the constructor data \fIcleanup\fR function. This is called by \fBOSSL_ENCODER_CTX_free\fR\|(3). -.SS "Constructor" +.PP +Note that functions \fBOSSL_ENCODER_CTX_set_selection()\fR, +\&\fBOSSL_ENCODER_CTX_set_output_type()\fR, \fBOSSL_ENCODER_CTX_set_output_structure()\fR, +\&\fBOSSL_ENCODER_CTX_add_encoder()\fR, \fBOSSL_ENCODER_CTX_add_extra()\fR, +\&\fBOSSL_ENCODER_CTX_set_construct()\fR, \fBOSSL_ENCODER_CTX_set_construct_data()\fR, and +\&\fBOSSL_ENCODER_CTX_set_cleanup()\fR shouldn\*(Aqt be used after the context is finalised, +in particular after calling the function \fBOSSL_ENCODER_CTX_new_for_pkey()\fR. +.SS Constructor .IX Subsection "Constructor" -A \fB\s-1OSSL_ENCODER_CONSTRUCT\s0\fR gets the following arguments: -.IP "\fIencoder_inst\fR" 4 +A \fBOSSL_ENCODER_CONSTRUCT\fR gets the following arguments: +.IP \fIencoder_inst\fR 4 .IX Item "encoder_inst" -The \fB\s-1OSSL_ENCODER_INSTANCE\s0\fR for the encoder from which the constructor gets +The \fBOSSL_ENCODER_INSTANCE\fR for the encoder from which the constructor gets its data. -.IP "\fIconstruct_data\fR" 4 +.IP \fIconstruct_data\fR 4 .IX Item "construct_data" The pointer that was set with \fBOSSL_ENCODE_CTX_set_construct_data()\fR. .PP -The constructor is expected to return a valid (non-NULL) pointer to a -provider-native object that can be used as first input of an encoding chain, -or \s-1NULL\s0 to indicate that an error has occurred. +The constructor is expected to return a valid (non\-NULL) pointer to a +provider\-native object that can be used as first input of an encoding chain, +or NULL to indicate that an error has occurred. .PP These utility functions may be used by a constructor: .PP @@ -285,23 +218,23 @@ implementation of the encoder instance \fIencoder_inst\fR. .PP \&\fBOSSL_ENCODER_INSTANCE_get_encoder_ctx()\fR can be used to get the encoder -implementation's provider context of the encoder instance \fIencoder_inst\fR. +implementation\*(Aqs provider context of the encoder instance \fIencoder_inst\fR. .PP \&\fBOSSL_ENCODER_INSTANCE_get_output_type()\fR can be used to get the output type for the encoder implementation of the encoder instance \fIencoder_inst\fR. -This will never be \s-1NULL.\s0 +This will never be NULL. .PP \&\fBOSSL_ENCODER_INSTANCE_get_output_structure()\fR can be used to get the output structure for the encoder implementation of the encoder instance \&\fIencoder_inst\fR. -This may be \s-1NULL.\s0 +This may be NULL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_ENCODER_CTX_new()\fR returns a pointer to a \fB\s-1OSSL_ENCODER_CTX\s0\fR, or \s-1NULL\s0 -if the context structure couldn't be allocated. +\&\fBOSSL_ENCODER_CTX_new()\fR returns a pointer to a \fBOSSL_ENCODER_CTX\fR, or NULL +if the context structure couldn\*(Aqt be allocated. .PP -\&\fBOSSL_ENCODER_settable_ctx_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array, or -\&\s-1NULL\s0 if none is available. +\&\fBOSSL_ENCODER_settable_ctx_params()\fR returns an \fBOSSL_PARAM\fR\|(3) array, or +NULL if none is available. .PP \&\fBOSSL_ENCODER_CTX_set_params()\fR returns 1 if all recognised parameters were valid, or 0 if one of them was invalid or caused some other failure in the @@ -312,33 +245,38 @@ \&\fBOSSL_ENCODER_CTX_set_cleanup()\fR return 1 on success, or 0 on failure. .PP \&\fBOSSL_ENCODER_CTX_get_num_encoders()\fR returns the current number of encoders. -It returns 0 if \fIctx\fR is \s-1NULL.\s0 +It returns 0 if \fIctx\fR is NULL. .PP -\&\fBOSSL_ENCODER_INSTANCE_get_encoder()\fR returns an \fB\s-1OSSL_ENCODER\s0\fR pointer on -success, or \s-1NULL\s0 on failure. +\&\fBOSSL_ENCODER_INSTANCE_get_encoder()\fR returns an \fBOSSL_ENCODER\fR pointer on +success, or NULL on failure. .PP \&\fBOSSL_ENCODER_INSTANCE_get_encoder_ctx()\fR returns a provider context pointer on -success, or \s-1NULL\s0 on failure. +success, or NULL on failure. .PP \&\fBOSSL_ENCODER_INSTANCE_get_output_type()\fR returns a string with the name of the -input type, if relevant. \s-1NULL\s0 is a valid returned value. +input type, if relevant. NULL is a valid returned value. .PP \&\fBOSSL_ENCODER_INSTANCE_get_output_type()\fR returns a string with the name of the output type. .PP \&\fBOSSL_ENCODER_INSTANCE_get_output_structure()\fR returns a string with the name of the output structure. +.SH "NOTES AND BUGS" +.IX Header "NOTES AND BUGS" +The chain mechanism in ENCODE is not yet completely implemented. +It affects functions such as OSSL_ENCODER_CTX_add_extra and the +inner processing loop. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_ENCODER\s0\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_ENCODER\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX_new_for_pkey.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX_new_for_pkey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_ENCODER_CTX_NEW_FOR_PKEY 3ossl" -.TH OSSL_ENCODER_CTX_NEW_FOR_PKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_ENCODER_CTX_NEW_FOR_PKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_ENCODER_CTX_new_for_pkey, OSSL_ENCODER_CTX_set_cipher, OSSL_ENCODER_CTX_set_passphrase, @@ -146,7 +71,7 @@ OSSL_ENCODER_CTX_set_passphrase_cb, OSSL_ENCODER_CTX_set_passphrase_ui \&\- Encoder routines to encode EVP_PKEYs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -172,31 +97,35 @@ \& OSSL_PASSPHRASE_CALLBACK *cb, \& void *cbarg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_ENCODER_CTX_new_for_pkey()\fR is a utility function that creates a -\&\fB\s-1OSSL_ENCODER_CTX\s0\fR, finds all applicable encoder implementations and sets +\&\fBOSSL_ENCODER_CTX\fR, finds all applicable encoder implementations and sets them up, so almost all the caller has to do next is call functions like \&\fBOSSL_ENCODER_to_bio\fR\|(3). \fIoutput_type\fR determines the final output encoding, and \fIselection\fR can be used to select what parts of the \fIpkey\fR should be included in the output. \fIoutput_type\fR is further discussed in -\&\*(L"Output types\*(R" below, and \fIselection\fR is further described in -\&\*(L"Selections\*(R". +"Output types" below, and \fIselection\fR is further described in +"Selections". .PP Internally, \fBOSSL_ENCODER_CTX_new_for_pkey()\fR uses the names from the -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3) implementation associated with \fIpkey\fR to build a list of +\&\fBEVP_KEYMGMT\fR\|(3) implementation associated with \fIpkey\fR to build a list of applicable encoder implementations that are used to process the \fIpkey\fR into the encoding named by \fIoutput_type\fR, with the outermost structure named by -\&\fIoutput_structure\fR if that's relevant. All these implementations are +\&\fIoutput_structure\fR if that\*(Aqs relevant. All these implementations are implicitly fetched, with \fIpropquery\fR for finer selection. .PP If no suitable encoder implementation is found, -\&\fBOSSL_ENCODER_CTX_new_for_pkey()\fR still creates a \fB\s-1OSSL_ENCODER_CTX\s0\fR, but +\&\fBOSSL_ENCODER_CTX_new_for_pkey()\fR still creates a \fBOSSL_ENCODER_CTX\fR, but with no associated encoder (\fBOSSL_ENCODER_CTX_get_num_encoders\fR\|(3) returns zero). This helps the caller to distinguish between an error when creating -the \fB\s-1OSSL_ENCODER_CTX\s0\fR and missing encoder implementation, and allows it to +the \fBOSSL_ENCODER_CTX\fR and missing encoder implementation, and allows it to act accordingly. .PP +Note that \fBOSSL_ENCODER_CTX_new_for_pkey()\fR finalises the OSSL_ENCODER_CTX; +after that the OSSL_ENCODER_CTX_set_* and OSSL_ENCODER_CTX_add_* functions +described in \fBOSSL_ENCODER_CTX\fR\|(3) shouldn\*(Aqt be called. +.PP \&\fBOSSL_ENCODER_CTX_set_cipher()\fR tells the implementation what cipher should be used to encrypt encoded keys. The cipher is given by name \fIcipher_name\fR. The interpretation of that \fIcipher_name\fR is @@ -204,7 +133,7 @@ directly itself or by other implementations, or it may choose to fetch it. If the implementation supports fetching the cipher, then it may use \fIpropquery\fR as properties to be queried for when fetching. -\&\fIcipher_name\fR may also be \s-1NULL,\s0 which will result in unencrypted +\&\fIcipher_name\fR may also be NULL, which will result in unencrypted encoding. .PP \&\fBOSSL_ENCODER_CTX_set_passphrase()\fR gives the implementation a @@ -216,40 +145,40 @@ and \fBOSSL_ENCODER_CTX_set_passphrase_cb()\fR sets up a callback method that the implementation can use to prompt for a pass phrase, giving the caller the choice of preferred pass phrase callback form. These are called indirectly, -through an internal \s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3) function. +through an internal \fBOSSL_PASSPHRASE_CALLBACK\fR\|(3) function. .SS "Output types" .IX Subsection "Output types" -The possible \fB\s-1EVP_PKEY\s0\fR output types depends on the available +The possible \fBEVP_PKEY\fR output types depends on the available implementations. .PP OpenSSL has built in implementations for the following output types: .ie n .IP """TEXT""" 4 -.el .IP "\f(CWTEXT\fR" 4 +.el .IP \f(CWTEXT\fR 4 .IX Item "TEXT" The output is a human readable description of the key. \&\fBEVP_PKEY_print_private\fR\|(3), \fBEVP_PKEY_print_public\fR\|(3) and \&\fBEVP_PKEY_print_params\fR\|(3) use this for their output. .ie n .IP """DER""" 4 -.el .IP "\f(CWDER\fR" 4 +.el .IP \f(CWDER\fR 4 .IX Item "DER" -The output is the \s-1DER\s0 encoding of the \fIselection\fR of the \fIpkey\fR. +The output is the DER encoding of the \fIselection\fR of the \fIpkey\fR. .ie n .IP """PEM""" 4 -.el .IP "\f(CWPEM\fR" 4 +.el .IP \f(CWPEM\fR 4 .IX Item "PEM" -The output is the \fIselection\fR of the \fIpkey\fR in \s-1PEM\s0 format. -.SS "Selections" +The output is the \fIselection\fR of the \fIpkey\fR in PEM format. +.SS Selections .IX Subsection "Selections" \&\fIselection\fR can be any one of the values described in -\&\*(L"Selections\*(R" in \fBEVP_PKEY_fromdata\fR\|(3). +"Selections" in \fBEVP_PKEY_fromdata\fR\|(3). .PP -These are only 'hints' since the encoder implementations are free to +These are only \*(Aqhints\*(Aq since the encoder implementations are free to determine what makes sense to include in the output, and this may depend on -the desired output. For example, an \s-1EC\s0 key in a PKCS#8 structure doesn't +the desired output. For example, an EC key in a PKCS#8 structure doesn\*(Aqt usually include the public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_ENCODER_CTX_new_for_pkey()\fR returns a pointer to an \fB\s-1OSSL_ENCODER_CTX\s0\fR, -or \s-1NULL\s0 if it couldn't be created. +\&\fBOSSL_ENCODER_CTX_new_for_pkey()\fR returns a pointer to an \fBOSSL_ENCODER_CTX\fR, +or NULL if it couldn\*(Aqt be created. .PP \&\fBOSSL_ENCODER_CTX_set_cipher()\fR, \fBOSSL_ENCODER_CTX_set_passphrase()\fR, \&\fBOSSL_ENCODER_CTX_set_pem_password_cb()\fR, \fBOSSL_ENCODER_CTX_set_passphrase_ui()\fR @@ -257,15 +186,15 @@ failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_ENCODER\s0\fR\|(3), \s-1\fBOSSL_ENCODER_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_ENCODER\fR\|(3), \fBOSSL_ENCODER_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_ENCODER_to_bio.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_ENCODER_to_bio.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_ENCODER_TO_BIO 3ossl" -.TH OSSL_ENCODER_TO_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_ENCODER_TO_BIO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_ENCODER_to_data, OSSL_ENCODER_to_bio, OSSL_ENCODER_to_fp \&\- Routines to perform an encoding -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,37 +80,37 @@ .Ve .PP Feature availability macros: -.IP "\fBOSSL_ENCODER_to_fp()\fR is only available when \fB\s-1OPENSSL_NO_STDIO\s0\fR is undefined." 4 +.IP "\fBOSSL_ENCODER_to_fp()\fR is only available when \fBOPENSSL_NO_STDIO\fR is undefined." 4 .IX Item "OSSL_ENCODER_to_fp() is only available when OPENSSL_NO_STDIO is undefined." -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_ENCODER_to_data()\fR runs the encoding process for the context \fIctx\fR, with the output going to the \fI*pdata\fR and \fI*pdata_len\fR. -If \fI*pdata\fR is \s-1NULL\s0 when \fBOSSL_ENCODER_to_data()\fR is called, a buffer will be +If \fI*pdata\fR is NULL when \fBOSSL_ENCODER_to_data()\fR is called, a buffer will be allocated using \fBOPENSSL_zalloc\fR\|(3), and \fI*pdata\fR will be set to point at the start of that buffer, and \fI*pdata_len\fR will be assigned its length when \&\fBOSSL_ENCODER_to_data()\fR returns. -If \fI*pdata\fR is non-NULL when \fBOSSL_ENCODER_to_data()\fR is called, \fI*pdata_len\fR +If \fI*pdata\fR is non\-NULL when \fBOSSL_ENCODER_to_data()\fR is called, \fI*pdata_len\fR is assumed to have its size. In this case, \fI*pdata\fR will be set to point after the encoded bytes, and \fI*pdata_len\fR will be assigned the number of remaining bytes. .PP \&\fBOSSL_ENCODER_to_bio()\fR runs the encoding process for the context \fIctx\fR, with -the output going to the \fB\s-1BIO\s0\fR \fIout\fR. +the output going to the \fBBIO\fR \fIout\fR. .PP \&\fBOSSL_ENCODER_to_fp()\fR does the same thing as \fBOSSL_ENCODER_to_bio()\fR, except -that the output is going to the \fB\s-1FILE\s0\fR \fIfp\fR. +that the output is going to the \fBFILE\fR \fIfp\fR. .PP For \fBOSSL_ENCODER_to_bio()\fR and \fBOSSL_ENCODER_to_fp()\fR, the application is -required to set up the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR properly, for example to have +required to set up the \fBBIO\fR or \fBFILE\fR properly, for example to have it in text or binary mode as is appropriate for the encoder output type. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_ENCODER_to_bio()\fR, \fBOSSL_ENCODER_to_fp()\fR and \fBOSSL_ENCODER_to_data()\fR return 1 on success, or 0 on failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -To encode a pkey as PKCS#8 with \s-1PEM\s0 format into a bio: +To encode a pkey as PKCS#8 with PEM format into a bio: .PP .Vb 4 \& OSSL_ENCODER_CTX *ectx; @@ -211,8 +136,8 @@ \& OSSL_ENCODER_CTX_free(ectx); .Ve .PP -To encode a pkey as PKCS#8 with \s-1DER\s0 format encrypted with -\&\s-1AES\-256\-CBC\s0 into a buffer: +To encode a pkey as PKCS#8 with DER format encrypted with +AES\-256\-CBC into a buffer: .PP .Vb 6 \& OSSL_ENCODER_CTX *ectx; @@ -246,15 +171,15 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_ENCODER_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_ENCODER_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_ESS_check_signing_certs.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_ESS_check_signing_certs.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_ESS_CHECK_SIGNING_CERTS 3ossl" -.TH OSSL_ESS_CHECK_SIGNING_CERTS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_ESS_CHECK_SIGNING_CERTS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_ESS_signing_cert_new_init, OSSL_ESS_signing_cert_v2_new_init, OSSL_ESS_check_signing_certs \&\- Enhanced Security Services (ESS) functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,25 +86,25 @@ \& const STACK_OF(X509) *chain, \& int require_signing_cert); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOSSL_ESS_signing_cert_new_init()\fR generates a new \fB\s-1ESS_SIGNING_CERT\s0\fR structure +\&\fBOSSL_ESS_signing_cert_new_init()\fR generates a new \fBESS_SIGNING_CERT\fR structure referencing the given \fIsigncert\fR and any given further \fIcerts\fR -using their \s-1SHA\-1\s0 fingerprints. +using their SHA\-1 fingerprints. If \fIset_issuer_serial\fR is nonzero then also the issuer and serial number -of \fIsigncert\fR are included in the \fB\s-1ESS_CERT_ID\s0\fR as the \fBissuerSerial\fR field. +of \fIsigncert\fR are included in the \fBESS_CERT_ID\fR as the \fBissuerSerial\fR field. For all members of \fIcerts\fR the \fBissuerSerial\fR field is always included. .PP \&\fBOSSL_ESS_signing_cert_v2_new_init()\fR is the same as \&\fBOSSL_ESS_signing_cert_new_init()\fR except that it uses the given \fIhash_alg\fR and -generates a \fB\s-1ESS_SIGNING_CERT_V2\s0\fR structure with \fB\s-1ESS_CERT_ID_V2\s0\fR elements. +generates a \fBESS_SIGNING_CERT_V2\fR structure with \fBESS_CERT_ID_V2\fR elements. .PP \&\fBOSSL_ESS_check_signing_certs()\fR checks if the validation chain \fIchain\fR contains the certificates required by the identifiers given in \fIss\fR and/or \fIssv2\fR. -If \fIrequire_signing_cert\fR is nonzero, \fIss\fR or \fIssv2\fR must not be \s-1NULL.\s0 -If both \fIss\fR and \fIssv2\fR are not \s-1NULL,\s0 they are evaluated independently. -The list of certificate identifiers in \fIss\fR is of type \fB\s-1ESS_CERT_ID\s0\fR, -while the list contained in \fIssv2\fR is of type \fB\s-1ESS_CERT_ID_V2\s0\fR. +If \fIrequire_signing_cert\fR is nonzero, \fIss\fR or \fIssv2\fR must not be NULL. +If both \fIss\fR and \fIssv2\fR are not NULL, they are evaluated independently. +The list of certificate identifiers in \fIss\fR is of type \fBESS_CERT_ID\fR, +while the list contained in \fIssv2\fR is of type \fBESS_CERT_ID_V2\fR. As far as these lists are present, they must be nonempty. The certificate identified by their first entry must be the first element of \&\fIchain\fR, i.e. the signer certificate. @@ -188,15 +113,15 @@ In addition to the checks required by RFCs 2624 and 5035, if the \fBissuerSerial\fR field is included in an \fBESSCertID\fR or \fBESSCertIDv2\fR it must match the certificate issuer and serial number attributes. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1ESS\s0 has been defined in \s-1RFC 2634,\s0 which has been updated in \s-1RFC 5035\s0 -(\s-1ESS\s0 version 2) to support hash algorithms other than \s-1SHA\-1.\s0 -This is used for \s-1TSP\s0 (\s-1RFC 3161\s0) and CAdES-BES (informational \s-1RFC 5126\s0). +ESS has been defined in RFC 2634, which has been updated in RFC 5035 +(ESS version 2) to support hash algorithms other than SHA\-1. +This is used for TSP (RFC 3161) and CAdES\-BES (informational RFC 5126). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_ESS_signing_cert_new_init()\fR and \fBOSSL_ESS_signing_cert_v2_new_init()\fR -return a pointer to the new structure or \s-1NULL\s0 on malloc failure. +return a pointer to the new structure or NULL on malloc failure. .PP \&\fBOSSL_ESS_check_signing_certs()\fR returns 1 on success, 0 if a required certificate cannot be found, \-1 on other error. @@ -204,15 +129,15 @@ .IX Header "SEE ALSO" \&\fBTS_VERIFY_CTX_set_certs\fR\|(3), \&\fBCMS_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOSSL_ESS_signing_cert_new_init()\fR, \fBOSSL_ESS_signing_cert_v2_new_init()\fR, and \&\fBOSSL_ESS_check_signing_certs()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_HTTP_REQ_CTX.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_HTTP_REQ_CTX.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_HTTP_REQ_CTX 3ossl" -.TH OSSL_HTTP_REQ_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_HTTP_REQ_CTX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_HTTP_REQ_CTX, OSSL_HTTP_REQ_CTX_new, OSSL_HTTP_REQ_CTX_free, @@ -154,7 +79,7 @@ OSSL_HTTP_REQ_CTX_set_max_response_length, OSSL_HTTP_is_alive \&\- HTTP client low\-level functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -187,38 +112,39 @@ \& \& int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1OSSL_HTTP_REQ_CTX\s0\fR is a context structure for an \s-1HTTP\s0 request and response, +\&\fBOSSL_HTTP_REQ_CTX\fR is a context structure for an HTTP request and response, used to collect all the necessary data to perform that request. .PP -This file documents low-level \s-1HTTP\s0 functions rarely used directly. High-level -\&\s-1HTTP\s0 client functions like \fBOSSL_HTTP_get\fR\|(3) and \fBOSSL_HTTP_transfer\fR\|(3) +This file documents low\-level HTTP functions rarely used directly. High\-level +HTTP client functions like \fBOSSL_HTTP_get\fR\|(3) and \fBOSSL_HTTP_transfer\fR\|(3) should be preferred. .PP -\&\fBOSSL_HTTP_REQ_CTX_new()\fR allocates a new \s-1HTTP\s0 request context structure, -which gets populated with the \fB\s-1BIO\s0\fR to write/send the request to (\fIwbio\fR), -the \fB\s-1BIO\s0\fR to read/receive the response from (\fIrbio\fR, which may be equal to +\&\fBOSSL_HTTP_REQ_CTX_new()\fR allocates a new HTTP request context structure, +which gets populated with the \fBBIO\fR to write/send the request to (\fIwbio\fR), +the \fBBIO\fR to read/receive the response from (\fIrbio\fR, which may be equal to \&\fIwbio\fR), and the maximum expected response header line length \fIbuf_size\fR. A value <= 0 indicates that -the \fB\s-1OSSL_HTTP_DEFAULT_MAX_LINE_LEN\s0\fR of 4KiB should be used. +the \fBOSSL_HTTP_DEFAULT_MAX_LINE_LEN\fR of 4KiB should be used. \&\fIbuf_size\fR is also used as the number of content bytes that are read at a time. -The allocated context structure includes an internal memory \fB\s-1BIO\s0\fR, -which collects the \s-1HTTP\s0 request header lines. +The allocated context structure includes an internal memory \fBBIO\fR, +which collects the HTTP request header lines. .PP -\&\fBOSSL_HTTP_REQ_CTX_free()\fR frees up the \s-1HTTP\s0 request context \fIrctx\fR. -The \fIrbio\fR is not free'd, \fIwbio\fR will be free'd if \fIfree_wbio\fR is set. +\&\fBOSSL_HTTP_REQ_CTX_free()\fR frees up the HTTP request context \fIrctx\fR. +The \fIrbio\fR is not free\*(Aqd, \fIwbio\fR will be free\*(Aqd if \fIfree_wbio\fR is set. +If the argument is NULL, nothing is done. .PP -\&\fBOSSL_HTTP_REQ_CTX_set_request_line()\fR adds the 1st \s-1HTTP\s0 request line to \fIrctx\fR. -The \s-1HTTP\s0 method is determined by \fImethod_POST\fR, +\&\fBOSSL_HTTP_REQ_CTX_set_request_line()\fR adds the 1st HTTP request line to \fIrctx\fR. +The HTTP method is determined by \fImethod_POST\fR, which should be 1 to indicate \f(CW\*(C`POST\*(C'\fR or 0 to indicate \f(CW\*(C`GET\*(C'\fR. \&\fIserver\fR and \fIport\fR may be set to give the server and the optional port that -an \s-1HTTP\s0 proxy shall forward the request to, otherwise they must be left \s-1NULL.\s0 -\&\fIpath\fR provides the \s-1HTTP\s0 request path; if left \s-1NULL,\s0 \f(CW\*(C`/\*(C'\fR is used. +an HTTP proxy shall forward the request to, otherwise they must be left NULL. +\&\fIpath\fR provides the HTTP request path; if left NULL, \f(CW\*(C`/\*(C'\fR is used. For backward compatibility, \fIpath\fR may begin with \f(CW\*(C`http://\*(C'\fR and thus convey -an absoluteURI. In this case it indicates \s-1HTTP\s0 proxy use and provides also the +an absoluteURI. In this case it indicates HTTP proxy use and provides also the server (and optionally the port) that the proxy shall forward the request to. -In this case the \fIserver\fR and \fIport\fR arguments must be \s-1NULL.\s0 +In this case the \fIserver\fR and \fIport\fR arguments must be NULL. .PP \&\fBOSSL_HTTP_REQ_CTX_add1_header()\fR adds header \fIname\fR with value \fIvalue\fR to the context \fIrctx\fR. It can be called more than once to add multiple header lines. @@ -229,90 +155,90 @@ .Ve .PP \&\fBOSSL_HTTP_REQ_CTX_set_expected()\fR optionally sets in \fIrctx\fR some expectations -of the \s-1HTTP\s0 client on the response. -Due to the structure of an \s-1HTTP\s0 request, if the \fIkeep_alive\fR argument is +of the HTTP client on the response. +Due to the structure of an HTTP request, if the \fIkeep_alive\fR argument is nonzero the function must be used before calling \fBOSSL_HTTP_REQ_CTX_set1_req()\fR. If the \fIcontent_type\fR parameter -is not \s-1NULL\s0 then the client will check that the given content type string -is included in the \s-1HTTP\s0 header of the response and return an error if not. -If the \fIasn1\fR parameter is nonzero a structure in \s-1ASN.1\s0 encoding will be +is not NULL then the client will check that the given content type string +is included in the HTTP header of the response and return an error if not. +If the \fIasn1\fR parameter is nonzero a structure in ASN.1 encoding will be expected as the response content and input streaming is disabled. This means -that an \s-1ASN.1\s0 sequence header is required, its length field is checked, and +that an ASN.1 sequence header is required, its length field is checked, and \&\fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR should be used to get the buffered response. Otherwise (by default) any input format is allowed without length checks. -In this case the \s-1BIO\s0 given as \fIrbio\fR argument to \fBOSSL_HTTP_REQ_CTX_new()\fR should +In this case the BIO given as \fIrbio\fR argument to \fBOSSL_HTTP_REQ_CTX_new()\fR should be used directly to read the response contents, which may support streaming. If the \fItimeout\fR parameter is > 0 this indicates the maximum number of seconds -the subsequent \s-1HTTP\s0 transfer (sending the request and receiving a response) +the subsequent HTTP transfer (sending the request and receiving a response) is allowed to take. \&\fItimeout\fR == 0 enables waiting indefinitely, i.e., no timeout can occur. This is the default. \&\fItimeout\fR < 0 takes over any value set via the \fIoverall_timeout\fR argument of \&\fBOSSL_HTTP_open\fR\|(3) with the default being 0, which means no timeout. If the \fIkeep_alive\fR parameter is 0, which is the default, the connection is not -kept open after receiving a response. This is the default behavior for \s-1HTTP 1.0.\s0 +kept open after receiving a response. This is the default behavior for HTTP 1.0. If the value is 1 or 2 then a persistent connection is requested. If the value is 2 then a persistent connection is required, i.e., an error occurs in case the server does not grant it. .PP -\&\fBOSSL_HTTP_REQ_CTX_set1_req()\fR finalizes the \s-1HTTP\s0 request context. +\&\fBOSSL_HTTP_REQ_CTX_set1_req()\fR finalizes the HTTP request context. It is needed if the \fImethod_POST\fR parameter in the \&\fBOSSL_HTTP_REQ_CTX_set_request_line()\fR call was 1 -and an \s-1ASN\s0.1\-encoded request should be sent. -It must also be used when requesting \*(L"keep-alive\*(R", -even if a \s-1GET\s0 request is going to be sent, in which case \fIreq\fR must be \s-1NULL.\s0 -Unless \fIreq\fR is \s-1NULL,\s0 the function adds the \s-1DER\s0 encoding of \fIreq\fR using -the \s-1ASN.1\s0 template \fIit\fR to do the encoding (which does not support streaming). -The \s-1HTTP\s0 header \f(CW\*(C`Content\-Length\*(C'\fR is filled out with the length of the request. -\&\fIcontent_type\fR must be \s-1NULL\s0 if \fIreq\fR is \s-1NULL.\s0 -If \fIcontent_type\fR isn't \s-1NULL,\s0 -the \s-1HTTP\s0 header \f(CW\*(C`Content\-Type\*(C'\fR is also added with the given string value. -The header lines are added to the internal memory \fB\s-1BIO\s0\fR for the request header. +and an ASN.1\-encoded request should be sent. +It must also be used when requesting "keep\-alive", +even if a GET request is going to be sent, in which case \fIreq\fR must be NULL. +Unless \fIreq\fR is NULL, the function adds the DER encoding of \fIreq\fR using +the ASN.1 template \fIit\fR to do the encoding (which does not support streaming). +The HTTP header \f(CW\*(C`Content\-Length\*(C'\fR is filled out with the length of the request. +\&\fIcontent_type\fR must be NULL if \fIreq\fR is NULL. +If \fIcontent_type\fR isn\*(Aqt NULL, +the HTTP header \f(CW\*(C`Content\-Type\*(C'\fR is also added with the given string value. +The header lines are added to the internal memory \fBBIO\fR for the request header. .PP \&\fBOSSL_HTTP_REQ_CTX_nbio()\fR attempts to send the request prepared in \fIrctx\fR -and to gather the response via \s-1HTTP,\s0 using the \fIwbio\fR and \fIrbio\fR +and to gather the response via HTTP, using the \fIwbio\fR and \fIrbio\fR that were given when calling \fBOSSL_HTTP_REQ_CTX_new()\fR. The function may need to be called again if its result is \-1, which indicates \&\fBBIO_should_retry\fR\|(3). In such a case it is advisable to sleep a little in -between, using \fBBIO_wait\fR\|(3) on the read \s-1BIO\s0 to prevent a busy loop. +between, using \fBBIO_wait\fR\|(3) on the read BIO to prevent a busy loop. .PP \&\fBOSSL_HTTP_REQ_CTX_nbio_d2i()\fR is like \fBOSSL_HTTP_REQ_CTX_nbio()\fR but on success -in addition parses the response, which must be a DER-encoded \s-1ASN.1\s0 structure, -using the \s-1ASN.1\s0 template \fIit\fR and places the result in \fI*pval\fR. +in addition parses the response, which must be a DER\-encoded ASN.1 structure, +using the ASN.1 template \fIit\fR and places the result in \fI*pval\fR. .PP \&\fBOSSL_HTTP_REQ_CTX_exchange()\fR calls \fBOSSL_HTTP_REQ_CTX_nbio()\fR as often as needed in order to exchange a request and response or until a timeout is reached. -On success it returns a pointer to the \s-1BIO\s0 that can be used to read the result. -If an \s-1ASN\s0.1\-encoded response was expected, this is the \s-1BIO\s0 +On success it returns a pointer to the BIO that can be used to read the result. +If an ASN.1\-encoded response was expected, this is the BIO returned by \fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR when called after the exchange. -This memory \s-1BIO\s0 does not support streaming. -Otherwise the returned \s-1BIO\s0 is the \fIrbio\fR given to \fBOSSL_HTTP_REQ_CTX_new()\fR, +This memory BIO does not support streaming. +Otherwise the returned BIO is the \fIrbio\fR given to \fBOSSL_HTTP_REQ_CTX_new()\fR, which may support streaming. -When this \s-1BIO\s0 is returned, it has been read past the end of the response header, +When this BIO is returned, it has been read past the end of the response header, such that the actual response body can be read from it. -The returned \s-1BIO\s0 pointer \s-1MUST NOT\s0 be freed by the caller. +The returned BIO pointer MUST NOT be freed by the caller. .PP -\&\fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR returns the internal memory \fB\s-1BIO\s0\fR. -Before the \s-1HTTP\s0 request is sent, this could be used to adapt its header lines. +\&\fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR returns the internal memory \fBBIO\fR. +Before the HTTP request is sent, this could be used to adapt its header lines. \&\fIUse with caution!\fR -After receiving a response via \s-1HTTP,\s0 the \s-1BIO\s0 represents the current state of -reading the response header. If the response was expected to be \s-1ASN.1\s0 encoded, -its contents can be read via this \s-1BIO,\s0 which does not support streaming. -The returned \s-1BIO\s0 pointer must not be freed by the caller. +After receiving a response via HTTP, the BIO represents the current state of +reading the response header. If the response was expected to be ASN.1 encoded, +its contents can be read via this BIO, which does not support streaming. +The returned BIO pointer must not be freed by the caller. .PP \&\fBOSSL_HTTP_REQ_CTX_get_resp_len()\fR returns the size of the response contents in \fIrctx\fR if provided by the server as header field, else 0. .PP \&\fBOSSL_HTTP_REQ_CTX_set_max_response_length()\fR sets the maximum allowed response content length for \fIrctx\fR to \fIlen\fR. If not set or \fIlen\fR is 0 -then the \fB\s-1OSSL_HTTP_DEFAULT_MAX_RESP_LEN\s0\fR is used, which currently is 100 KiB. +then the \fBOSSL_HTTP_DEFAULT_MAX_RESP_LEN\fR is used, which currently is 100 KiB. If the \f(CW\*(C`Content\-Length\*(C'\fR header is present and exceeds this value or -the content is an \s-1ASN.1\s0 encoded structure with a length exceeding this value +the content is an ASN.1 encoded structure with a length exceeding this value or both length indications are present but disagree then an error occurs. .PP -\&\fBOSSL_HTTP_is_alive()\fR can be used to query if the \s-1HTTP\s0 connection +\&\fBOSSL_HTTP_is_alive()\fR can be used to query if the HTTP connection given by \fIrctx\fR is still alive, i.e., has not been closed. -It returns 0 if \fIrctx\fR is \s-1NULL.\s0 +It returns 0 if \fIrctx\fR is NULL. .PP If the client application requested or required a persistent connection and this was granted by the server, it can keep \fIrctx\fR as long as it wants @@ -321,32 +247,32 @@ In case the client application keeps \fIrctx\fR but the connection then dies for any reason at the server side, it will notice this obtaining an I/O error when trying to send the next request via \fIrctx\fR. -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" -The server's response may be unexpected if the hostname that was used to +The server\*(Aqs response may be unexpected if the hostname that was used to create the \fIwbio\fR, any \f(CW\*(C`Host\*(C'\fR header, and the host specified in the -request \s-1URL\s0 do not match. +request URL do not match. .PP Many of these functions must be called in a certain order. .PP -First, the \s-1HTTP\s0 request context must be allocated: +First, the HTTP request context must be allocated: \&\fBOSSL_HTTP_REQ_CTX_new()\fR. .PP -Then, the \s-1HTTP\s0 request must be prepared with request data: -.IP "1." 4 +Then, the HTTP request must be prepared with request data: +.IP 1. 4 Calling \fBOSSL_HTTP_REQ_CTX_set_request_line()\fR. -.IP "2." 4 +.IP 2. 4 Adding extra header lines with \fBOSSL_HTTP_REQ_CTX_add1_header()\fR. This is optional and may be done multiple times with different names. -.IP "3." 4 +.IP 3. 4 Finalize the request using \fBOSSL_HTTP_REQ_CTX_set1_req()\fR. -This may be omitted if the \s-1GET\s0 method is used and \*(L"keep-alive\*(R" is not requested. +This may be omitted if the GET method is used and "keep\-alive" is not requested. .PP -When the request context is fully prepared, the \s-1HTTP\s0 exchange may be performed +When the request context is fully prepared, the HTTP exchange may be performed with \fBOSSL_HTTP_REQ_CTX_nbio()\fR or \fBOSSL_HTTP_REQ_CTX_exchange()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_HTTP_REQ_CTX_new()\fR returns a pointer to a \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR, or \s-1NULL\s0 +\&\fBOSSL_HTTP_REQ_CTX_new()\fR returns a pointer to a \fBOSSL_HTTP_REQ_CTX\fR, or NULL on error. .PP \&\fBOSSL_HTTP_REQ_CTX_free()\fR and \fBOSSL_HTTP_REQ_CTX_set_max_response_length()\fR @@ -360,13 +286,13 @@ return 1 for success, 0 on error or redirection, \-1 if retry is needed. .PP \&\fBOSSL_HTTP_REQ_CTX_exchange()\fR and \fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR -return a pointer to a \fB\s-1BIO\s0\fR on success as described above or \s-1NULL\s0 on failure. -The returned \s-1BIO\s0 must not be freed by the caller. +return a pointer to a \fBBIO\fR on success as described above or NULL on failure. +The returned BIO must not be freed by the caller. .PP \&\fBOSSL_HTTP_REQ_CTX_get_resp_len()\fR returns the size of the response contents or 0 if not available or an error occurred. .PP -\&\fBOSSL_HTTP_is_alive()\fR returns 1 if its argument is non-NULL +\&\fBOSSL_HTTP_is_alive()\fR returns 1 if its argument is non\-NULL and the client requested a persistent connection and the server did not disagree on keeping the connection open, else 0. .SH "SEE ALSO" @@ -379,14 +305,14 @@ \&\fBOSSL_HTTP_get\fR\|(3), \&\fBOSSL_HTTP_transfer\fR\|(3), \&\fBOSSL_HTTP_close\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_HTTP_parse_url.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_HTTP_parse_url.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_HTTP_PARSE_URL 3ossl" -.TH OSSL_HTTP_PARSE_URL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_HTTP_PARSE_URL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_HTTP_adapt_proxy, OSSL_parse_url, OSSL_HTTP_parse_url, OCSP_parse_url \&\- http utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,61 +87,66 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, \& int *pssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_HTTP_adapt_proxy()\fR takes an optional proxy hostname \fIproxy\fR and returns it transformed according to the optional \fIno_proxy\fR parameter, \&\fIserver\fR, \fIuse_ssl\fR, and the applicable environment variable, as follows. -If \fIproxy\fR is \s-1NULL,\s0 take any default value from the \f(CW\*(C`http_proxy\*(C'\fR +If \fIproxy\fR is NULL, take any default value from the \f(CW\*(C`http_proxy\*(C'\fR environment variable, or from \f(CW\*(C`https_proxy\*(C'\fR if \fIuse_ssl\fR is nonzero. If this still does not yield a proxy hostname, take any further default value from the \f(CW\*(C`HTTP_PROXY\*(C'\fR environment variable, or from \f(CW\*(C`HTTPS_PROXY\*(C'\fR if \fIuse_ssl\fR is nonzero. -If \fIno_proxy\fR is \s-1NULL,\s0 take any default exclusion value from the \f(CW\*(C`no_proxy\*(C'\fR +If \fIno_proxy\fR is NULL, take any default exclusion value from the \f(CW\*(C`no_proxy\*(C'\fR environment variable, or else from \f(CW\*(C`NO_PROXY\*(C'\fR. -Return the determined proxy hostname unless the exclusion contains \fIserver\fR. -Otherwise return \s-1NULL.\s0 +Return the determined proxy host unless the exclusion value, +which is a list of proxy hosts separated by \f(CW\*(C`,\*(C'\fR and/or whitespace, +contains \fIserver\fR. +Otherwise return NULL. +When \fIserver\fR is a string delimited by \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR, which are used for IPv6 +addresses, the enclosing \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR are stripped prior to comparison. .PP -\&\fBOSSL_parse_url()\fR parses its input string \fIurl\fR as a \s-1URL\s0 of the form +\&\fBOSSL_parse_url()\fR parses its input string \fIurl\fR as a URL of the form \&\f(CW\*(C`[scheme://][userinfo@]host[:port][/path][?query][#fragment]\*(C'\fR and splits it up into scheme, userinfo, host, port, path, query, and fragment components. -The host (or server) component may be a \s-1DNS\s0 name or an \s-1IP\s0 address -where IPv6 addresses should be enclosed in square brackets \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +The host (or server) component may be a DNS name or an IP address +where IPv6 addresses must be enclosed in square brackets \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. The port component is optional and defaults to \f(CW0\fR. -If given, it must be in decimal form. If the \fIpport_num\fR argument is not \s-1NULL\s0 +If given, it must be in decimal form. If the \fIpport_num\fR argument is not NULL the integer value of the port number is assigned to \fI*pport_num\fR on success. The path component is also optional and defaults to \f(CW\*(C`/\*(C'\fR. -Each non-NULL result pointer argument \fIpscheme\fR, \fIpuser\fR, \fIphost\fR, \fIpport\fR, +Each non\-NULL result pointer argument \fIpscheme\fR, \fIpuser\fR, \fIphost\fR, \fIpport\fR, \&\fIppath\fR, \fIpquery\fR, and \fIpfrag\fR, is assigned the respective url component. -On success, they are guaranteed to contain non-NULL string pointers, else \s-1NULL.\s0 +Any IPv6 address in \fI*phost\fR is enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +On success, they are guaranteed to contain non\-NULL string pointers, else NULL. It is the responsibility of the caller to free them using \fBOPENSSL_free\fR\|(3). -If \fIpquery\fR is \s-1NULL,\s0 any given query component is handled as part of the path. +If \fIpquery\fR is NULL, any given query component is handled as part of the path. A string returned via \fI*ppath\fR is guaranteed to begin with a \f(CW\*(C`/\*(C'\fR character. For absent scheme, userinfo, port, query, and fragment components an empty string is provided. .PP \&\fBOSSL_HTTP_parse_url()\fR is a special form of \fBOSSL_parse_url()\fR where the scheme, if given, must be \f(CW\*(C`http\*(C'\fR or \f(CW\*(C`https\*(C'\fR. -If \fIpssl\fR is not \s-1NULL,\s0 \fI*pssl\fR is assigned 1 in case parsing was successful +If \fIpssl\fR is not NULL, \fI*pssl\fR is assigned 1 in case parsing was successful and the scheme is \f(CW\*(C`https\*(C'\fR, else 0. The port component is optional and defaults to \f(CW443\fR if the scheme is \f(CW\*(C`https\*(C'\fR, else \f(CW80\fR. Note that relative paths must be given with a leading \f(CW\*(C`/\*(C'\fR, -otherwise the first path element is interpreted as the hostname. +otherwise the first path element is interpreted as the host. .PP Calling the deprecated function OCSP_parse_url(url, host, port, path, ssl) is equivalent to -OSSL_HTTP_parse_url(url, ssl, \s-1NULL,\s0 host, port, \s-1NULL,\s0 path, \s-1NULL, NULL\s0). +OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_HTTP_adapt_proxy()\fR returns \s-1NULL\s0 if no proxy is to be used, +\&\fBOSSL_HTTP_adapt_proxy()\fR returns NULL if no proxy is to be used, otherwise a constant proxy hostname string, which is either the proxy name handed in or an environment variable value. .PP @@ -225,16 +155,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOSSL_HTTP_transfer\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOSSL_HTTP_adapt_proxy()\fR, \&\fBOSSL_parse_url()\fR and \fBOSSL_HTTP_parse_url()\fR were added in OpenSSL 3.0. \&\fBOCSP_parse_url()\fR was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_HTTP_transfer.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_HTTP_transfer.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_HTTP_TRANSFER 3ossl" -.TH OSSL_HTTP_TRANSFER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_HTTP_TRANSFER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_HTTP_open, OSSL_HTTP_bio_cb_t, OSSL_HTTP_proxy_connect, @@ -148,7 +73,7 @@ OSSL_HTTP_transfer, OSSL_HTTP_close \&\- HTTP client high\-level functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -187,19 +112,19 @@ \& size_t max_resp_len, int timeout, int keep_alive); \& int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOSSL_HTTP_open()\fR initiates an \s-1HTTP\s0 session using the \fIbio\fR argument if not -\&\s-1NULL,\s0 else by connecting to a given \fIserver\fR optionally via a \fIproxy\fR. +\&\fBOSSL_HTTP_open()\fR initiates an HTTP session using the \fIbio\fR argument if not +NULL, else by connecting to a given \fIserver\fR optionally via a \fIproxy\fR. .PP -Typically the OpenSSL build supports sockets and the \fIbio\fR parameter is \s-1NULL.\s0 -In this case \fIrbio\fR must be \s-1NULL\s0 as well and the \fIserver\fR must be non-NULL. -The function creates a network \s-1BIO\s0 internally using \fBBIO_new_connect\fR\|(3) +Typically the OpenSSL build supports sockets and the \fIbio\fR parameter is NULL. +In this case \fIrbio\fR must be NULL as well and the \fIserver\fR must be non\-NULL. +The function creates a network BIO internally using \fBBIO_new_connect\fR\|(3) for connecting to the given server and the optionally given \fIport\fR, -defaulting to 80 for \s-1HTTP\s0 or 443 for \s-1HTTPS.\s0 -Then this internal \s-1BIO\s0 is used for setting up a connection +defaulting to 80 for HTTP or 443 for HTTPS. +Then this internal BIO is used for setting up a connection and for exchanging one or more request and response. -If \fIbio\fR is given and \fIrbio\fR is \s-1NULL\s0 then this \fIbio\fR is used instead. +If \fIbio\fR is given and \fIrbio\fR is NULL then this \fIbio\fR is used instead. If both \fIbio\fR and \fIrbio\fR are given (which may be memory BIOs for instance) then no explicit connection is set up, but \&\fIbio\fR is used for writing requests and \fIrbio\fR for reading responses. @@ -208,49 +133,51 @@ .PP If \fIbio\fR is given, it is an error to provide \fIproxy\fR or \fIno_proxy\fR arguments, while \fIserver\fR and \fIport\fR arguments may be given to support diagnostic output. -If \fIbio\fR is \s-1NULL\s0 the optional \fIproxy\fR parameter can be used to set an -\&\s-1HTTP\s0(S) proxy to use (unless overridden by \*(L"no_proxy\*(R" settings). -If \s-1TLS\s0 is not used this defaults to the environment variable \f(CW\*(C`http_proxy\*(C'\fR +If \fIbio\fR is NULL the optional \fIproxy\fR parameter can be used to set an +HTTP(S) proxy to use (unless overridden by "no_proxy" settings). +If TLS is not used this defaults to the environment variable \f(CW\*(C`http_proxy\*(C'\fR if set, else \f(CW\*(C`HTTP_PROXY\*(C'\fR. If \fIuse_ssl\fR != 0 it defaults to \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. An empty proxy string \f(CW""\fR forbids using a proxy. -Else the format is +Otherwise, the format is \&\f(CW\*(C`[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\*(C'\fR, where any userinfo, path, query, and fragment given is ignored. -The default proxy port number is 80, or 443 in case \*(L"https:\*(R" is given. -The \s-1HTTP\s0 client functions connect via the given proxy unless the \fIserver\fR -is found in the optional list \fIno_proxy\fR of proxy hostnames (if not \s-1NULL\s0; +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +The default proxy port number is 80, or 443 in case "https:" is given. +The HTTP client functions connect via the given proxy unless the \fIserver\fR +is found in the optional list \fIno_proxy\fR of proxy hostnames or IP addresses +separated by \f(CW\*(C`,\*(C'\fR and/or whitespace (if not NULL; default is the environment variable \f(CW\*(C`no_proxy\*(C'\fR if set, else \f(CW\*(C`NO_PROXY\*(C'\fR). -Proxying plain \s-1HTTP\s0 is supported directly, -while using a proxy for \s-1HTTPS\s0 connections requires a suitable callback function +Proxying plain HTTP is supported directly, +while using a proxy for HTTPS connections requires a suitable callback function such as \fBOSSL_HTTP_proxy_connect()\fR, described below. .PP -If \fIuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested +If \fIuse_ssl\fR is nonzero a TLS connection is requested and the \fIbio_update_fn\fR parameter must be provided. .PP The parameter \fIbio_update_fn\fR, which is optional if \fIuse_ssl\fR is 0, -may be used to modify the connection \s-1BIO\s0 used by the \s-1HTTP\s0 client, +may be used to modify the connection BIO used by the HTTP client, but cannot be used when both \fIbio\fR and \fIrbio\fR are given. -\&\fIbio_update_fn\fR is a \s-1BIO\s0 connect/disconnect callback function with prototype +\&\fIbio_update_fn\fR is a BIO connect/disconnect callback function with prototype .PP .Vb 1 \& BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail) .Ve .PP -The callback function may modify the \s-1BIO\s0 provided in the \fIbio\fR argument, +The callback function may modify the BIO provided in the \fIbio\fR argument, whereby it may make use of a custom defined argument \fIarg\fR, -which may for instance point to an \fB\s-1SSL_CTX\s0\fR structure. +which may for instance point to an \fBSSL_CTX\fR structure. During connection establishment, just after calling \fBBIO_do_connect_retry()\fR, the callback function is invoked with the \fIconnect\fR argument being 1 and -\&\fIdetail\fR being 1 if \fIuse_ssl\fR is nonzero (i.e., \s-1HTTPS\s0 is requested), else 0. +\&\fIdetail\fR being 1 if \fIuse_ssl\fR is nonzero (i.e., HTTPS is requested), else 0. On disconnect \fIconnect\fR is 0 and \fIdetail\fR is 1 if no error occurred, else 0. -For instance, on connect the callback may push an \s-1SSL BIO\s0 to implement \s-1HTTPS\s0; -after disconnect it may do some diagnostic output and pop and free the \s-1SSL BIO.\s0 +For instance, on connect the callback may push an SSL BIO to implement HTTPS; +after disconnect it may do some diagnostic output and pop and free the SSL BIO. .PP -The callback function must return either the potentially modified \s-1BIO\s0 \fIbio\fR. -or \s-1NULL\s0 to indicate failure, in which case it should not modify the \s-1BIO.\s0 +The callback function must return either the potentially modified BIO \fIbio\fR. +or NULL to indicate failure, in which case it should not modify the BIO. .PP -Here is a simple example that supports \s-1TLS\s0 connections (but not via a proxy): +Here is a simple example that supports TLS connections (but not via a proxy): .PP .Vb 5 \& BIO *http_tls_cb(BIO *bio, void *arg, int connect, int detail) @@ -275,132 +202,132 @@ \& } .Ve .PP -After disconnect the modified \s-1BIO\s0 will be deallocated using \fBBIO_free_all()\fR. +After disconnect the modified BIO will be deallocated using \fBBIO_free_all()\fR. .PP The \fIbuf_size\fR parameter specifies the response header maximum line length. -A value <= 0 means that the \fB\s-1OSSL_HTTP_DEFAULT_MAX_LINE_LEN\s0\fR (4KiB) is used. +A value <= 0 means that the \fBOSSL_HTTP_DEFAULT_MAX_LINE_LEN\fR (4KiB) is used. \&\fIbuf_size\fR is also used as the number of content bytes that are read at a time. .PP If the \fIoverall_timeout\fR parameter is > 0 this indicates the maximum number of -seconds the overall \s-1HTTP\s0 transfer (i.e., connection setup if needed, +seconds the overall HTTP transfer (i.e., connection setup if needed, sending requests, and receiving responses) is allowed to take until completion. A value <= 0 enables waiting indefinitely, i.e., no timeout. .PP -\&\fBOSSL_HTTP_proxy_connect()\fR may be used by an above \s-1BIO\s0 connect callback function -to set up an \s-1SSL/TLS\s0 connection via an \s-1HTTPS\s0 proxy. -It promotes the given \s-1BIO\s0 \fIbio\fR representing a connection -pre-established with a \s-1TLS\s0 proxy using the \s-1HTTP CONNECT\s0 method, +\&\fBOSSL_HTTP_proxy_connect()\fR may be used by an above BIO connect callback function +to set up an SSL/TLS connection via an HTTPS proxy. +It promotes the given BIO \fIbio\fR representing a connection +pre\-established with a TLS proxy using the HTTP CONNECT method, optionally using proxy client credentials \fIproxyuser\fR and \fIproxypass\fR, -to connect with \s-1TLS\s0 protection ultimately to \fIserver\fR and \fIport\fR. -If the \fIport\fR argument is \s-1NULL\s0 or the empty string it defaults to \*(L"443\*(R". +to connect with TLS protection ultimately to \fIserver\fR and \fIport\fR. +If the \fIport\fR argument is NULL or the empty string it defaults to "443". If the \fItimeout\fR parameter is > 0 this indicates the maximum number of seconds the connection setup is allowed to take. A value <= 0 enables waiting indefinitely, i.e., no timeout. Since this function is typically called by applications such as \&\fBopenssl\-s_client\fR\|(1) it uses the \fIbio_err\fR and \fIprog\fR parameters (unless -\&\s-1NULL\s0) to print additional diagnostic information in a user-oriented way. +NULL) to print additional diagnostic information in a user\-oriented way. .PP \&\fBOSSL_HTTP_set1_request()\fR sets up in \fIrctx\fR the request header and content data and expectations on the response using the following parameters. -If indicates using a proxy for \s-1HTTP\s0 (but not \s-1HTTPS\s0), the server host +If indicates using a proxy for HTTP (but not HTTPS), the server host (and optionally port) needs to be placed in the header; thus it must be present in \fIrctx\fR. For backward compatibility, the server (and optional port) may also be given in the \fIpath\fR argument beginning with \f(CW\*(C`http://\*(C'\fR (thus giving an absoluteURI). -If \fIpath\fR is \s-1NULL\s0 it defaults to \*(L"/\*(R". -If \fIreq\fR is \s-1NULL\s0 the \s-1HTTP GET\s0 method will be used to send the request -else \s-1HTTP POST\s0 with the contents of \fIreq\fR and optional \fIcontent_type\fR, where +If \fIpath\fR is NULL it defaults to "/". +If \fIreq\fR is NULL the HTTP GET method will be used to send the request +else HTTP POST with the contents of \fIreq\fR and optional \fIcontent_type\fR, where the length of the data in \fIreq\fR does not need to be determined in advance: the -\&\s-1BIO\s0 will be read on-the-fly while sending the request, which supports streaming. -The optional list \fIheaders\fR may contain additional custom \s-1HTTP\s0 header lines. +BIO will be read on\-the\-fly while sending the request, which supports streaming. +The optional list \fIheaders\fR may contain additional custom HTTP header lines. If the parameter \fIexpected_content_type\fR -is not \s-1NULL\s0 then the client will check that the given content type string -is included in the \s-1HTTP\s0 header of the response and return an error if not. +is not NULL then the client will check that the given content type string +is included in the HTTP header of the response and return an error if not. If the \fIexpect_asn1\fR parameter is nonzero, -a structure in \s-1ASN.1\s0 encoding will be expected as response content. +a structure in ASN.1 encoding will be expected as response content. The \fImax_resp_len\fR parameter specifies the maximum allowed response content length, where the value 0 indicates no limit. If the \fItimeout\fR parameter is > 0 this indicates the maximum number of seconds -the subsequent \s-1HTTP\s0 transfer (sending the request and receiving a response) +the subsequent HTTP transfer (sending the request and receiving a response) is allowed to take. A value of 0 enables waiting indefinitely, i.e., no timeout. A value < 0 indicates that the \fIoverall_timeout\fR parameter value given -when opening the \s-1HTTP\s0 transfer will be used instead. +when opening the HTTP transfer will be used instead. If \fIkeep_alive\fR is 0 the connection is not kept open -after receiving a response, which is the default behavior for \s-1HTTP 1.0.\s0 +after receiving a response, which is the default behavior for HTTP 1.0. If the value is 1 or 2 then a persistent connection is requested. If the value is 2 then a persistent connection is required, i.e., an error occurs in case the server does not grant it. .PP -\&\fBOSSL_HTTP_exchange()\fR exchanges any form of \s-1HTTP\s0 request and response +\&\fBOSSL_HTTP_exchange()\fR exchanges any form of HTTP request and response as specified by \fIrctx\fR, which must include both connection and request data, typically set up using \fBOSSL_HTTP_open()\fR and \fBOSSL_HTTP_set1_request()\fR. It implements the core of the functions described below. -If the \s-1HTTP\s0 method is \s-1GET\s0 and \fIredirection_url\fR -is not \s-1NULL\s0 the latter pointer is used to provide any new location that -the server may return with \s-1HTTP\s0 code 301 (\s-1MOVED_PERMANENTLY\s0) or 302 (\s-1FOUND\s0). -In this case the function returns \s-1NULL\s0 and the caller is -responsible for deallocating the \s-1URL\s0 with \fBOPENSSL_free\fR\|(3). -If the response header contains one or more \*(L"Content-Length\*(R" header lines and/or -an \s-1ASN\s0.1\-encoded response is expected, which should include a total length, +If the HTTP method is GET and \fIredirection_url\fR +is not NULL the latter pointer is used to provide any new location that +the server may return with HTTP code 301 (MOVED_PERMANENTLY) or 302 (FOUND). +In this case the function returns NULL and the caller is +responsible for deallocating the URL with \fBOPENSSL_free\fR\|(3). +If the response header contains one or more "Content\-Length" header lines and/or +an ASN.1\-encoded response is expected, which should include a total length, the length indications received are checked for consistency and for not exceeding any given maximum response length. -If an \s-1ASN\s0.1\-encoded response is expected, the function returns on success -the contents buffered in a memory \s-1BIO,\s0 which does not support streaming. -Otherwise it returns directly the read \s-1BIO\s0 that holds the response contents, +If an ASN.1\-encoded response is expected, the function returns on success +the contents buffered in a memory BIO, which does not support streaming. +Otherwise it returns directly the read BIO that holds the response contents, which allows a response of indefinite length and may support streaming. -The caller is responsible for freeing the \s-1BIO\s0 pointer obtained. +The caller is responsible for freeing the BIO pointer obtained. .PP -\&\fBOSSL_HTTP_get()\fR uses \s-1HTTP GET\s0 to obtain data from \fIbio\fR if non-NULL, -else from the server contained in the \fIurl\fR, and returns it as a \s-1BIO.\s0 -It supports redirection via \s-1HTTP\s0 status code 301 or 302. It is meant for +\&\fBOSSL_HTTP_get()\fR uses HTTP GET to obtain data from \fIbio\fR if non\-NULL, +else from the server contained in the \fIurl\fR, and returns it as a BIO. +It supports redirection via HTTP status code 301 or 302. It is meant for transfers with a single round trip, so does not support persistent connections. -If \fIbio\fR is non-NULL, any host and port components in the \fIurl\fR are not used +If \fIbio\fR is non\-NULL, any host and port components in the \fIurl\fR are not used for connecting but the hostname is used, as usual, for the \f(CW\*(C`Host\*(C'\fR header. Any userinfo and fragment components in the \fIurl\fR are ignored. Any query component is handled as part of the path component. -If the scheme component of the \fIurl\fR is \f(CW\*(C`https\*(C'\fR a \s-1TLS\s0 connection is requested +If the scheme component of the \fIurl\fR is \f(CW\*(C`https\*(C'\fR a TLS connection is requested and the \fIbio_update_fn\fR, as described for \fBOSSL_HTTP_open()\fR, must be provided. Also the remaining parameters are interpreted as described for \fBOSSL_HTTP_open()\fR and \fBOSSL_HTTP_set1_request()\fR, respectively. -The caller is responsible for freeing the \s-1BIO\s0 pointer obtained. +The caller is responsible for freeing the BIO pointer obtained. .PP -\&\fBOSSL_HTTP_transfer()\fR exchanges an \s-1HTTP\s0 request and response +\&\fBOSSL_HTTP_transfer()\fR exchanges an HTTP request and response over a connection managed via \fIprctx\fR without supporting redirection. It combines \fBOSSL_HTTP_open()\fR, \fBOSSL_HTTP_set1_request()\fR, \fBOSSL_HTTP_exchange()\fR, and \fBOSSL_HTTP_close()\fR. -If \fIprctx\fR is not \s-1NULL\s0 it reuses any open connection represented by a non-NULL +If \fIprctx\fR is not NULL it reuses any open connection represented by a non\-NULL \&\fI*prctx\fR. It keeps the connection open if a persistent connection is requested or required and this was granted by the server, else it closes the connection -and assigns \s-1NULL\s0 to \fI*prctx\fR. +and assigns NULL to \fI*prctx\fR. The remaining parameters are interpreted as described for \fBOSSL_HTTP_open()\fR and \fBOSSL_HTTP_set1_request()\fR, respectively. -The caller is responsible for freeing the \s-1BIO\s0 pointer obtained. +The caller is responsible for freeing the BIO pointer obtained. .PP \&\fBOSSL_HTTP_close()\fR closes the connection and releases \fIrctx\fR. -The \fIok\fR parameter is passed to any \s-1BIO\s0 update function +The \fIok\fR parameter is passed to any BIO update function given during setup as described above for \fBOSSL_HTTP_open()\fR. -It must be 1 if no error occurred during the \s-1HTTP\s0 transfer and 0 otherwise. -.SH "NOTES" +It must be 1 if no error occurred during the HTTP transfer and 0 otherwise. +.SH NOTES .IX Header "NOTES" The names of the environment variables used by this implementation: \&\f(CW\*(C`http_proxy\*(C'\fR, \f(CW\*(C`HTTP_PROXY\*(C'\fR, \f(CW\*(C`https_proxy\*(C'\fR, \f(CW\*(C`HTTPS_PROXY\*(C'\fR, \f(CW\*(C`no_proxy\*(C'\fR, and \&\f(CW\*(C`NO_PROXY\*(C'\fR, have been chosen for maximal compatibility with -other \s-1HTTP\s0 client implementations such as wget, curl, and git. +other HTTP client implementations such as wget, curl, and git. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_HTTP_open()\fR returns on success a \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR, else \s-1NULL.\s0 +\&\fBOSSL_HTTP_open()\fR returns on success a \fBOSSL_HTTP_REQ_CTX\fR, else NULL. .PP \&\fBOSSL_HTTP_proxy_connect()\fR and \fBOSSL_HTTP_set1_request()\fR return 1 on success, 0 on error. .PP On success, \fBOSSL_HTTP_exchange()\fR, \fBOSSL_HTTP_get()\fR, and \fBOSSL_HTTP_transfer()\fR -return a memory \s-1BIO\s0 that buffers all the data received if an \s-1ASN\s0.1\-encoded -response is expected, otherwise a \s-1BIO\s0 that may support streaming. -The \s-1BIO\s0 must be freed by the caller. -On failure, they return \s-1NULL.\s0 +return a memory BIO that buffers all the data received if an ASN.1\-encoded +response is expected, otherwise a BIO that may support streaming. +The BIO must be freed by the caller. +On failure, they return NULL. Failure conditions include connection/transfer timeout, parse errors, etc. -The caller is responsible for freeing the \s-1BIO\s0 pointer obtained. +The caller is responsible for freeing the BIO pointer obtained. .PP \&\fBOSSL_HTTP_close()\fR returns 0 if anything went wrong while disconnecting, else 1. .SH "SEE ALSO" @@ -408,14 +335,14 @@ \&\fBOSSL_HTTP_parse_url\fR\|(3), \fBBIO_new_connect\fR\|(3), \&\fBASN1_item_i2d_mem_bio\fR\|(3), \fBASN1_item_d2i_bio\fR\|(3), \&\fBOSSL_HTTP_is_alive\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All the functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_ITEM.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_ITEM.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_ITEM 3ossl" -.TH OSSL_ITEM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_ITEM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_ITEM \- OpenSSL Core type for generic itemized data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,28 +76,28 @@ \& void *ptr; \& }; .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This type is a tuple of integer and pointer. -It's a generic type used as a generic descriptor, its exact meaning -being defined by how it's used. +It\*(Aqs a generic type used as a generic descriptor, its exact meaning +being defined by how it\*(Aqs used. Arrays of this type are passed between the OpenSSL libraries and the providers, and must be terminated with a tuple where the integer is -zero and the pointer \s-1NULL.\s0 +zero and the pointer NULL. .PP -This is currently mainly used for the return value of the provider's error -reason strings array, see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7). +This is currently mainly used for the return value of the provider\*(Aqs error +reason strings array, see "Provider Functions" in \fBprovider\-base\fR\|(7). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBprovider\-base\fR\|(7), \fBopenssl\-core.h\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -\&\fB\s-1OSSL_ITEM\s0\fR was added in OpenSSL 3.0 -.SH "COPYRIGHT" +\&\fBOSSL_ITEM\fR was added in OpenSSL 3.0 +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_LIB_CTX.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_LIB_CTX.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_LIB_CTX 3ossl" -.TH OSSL_LIB_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_LIB_CTX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_LIB_CTX, OSSL_LIB_CTX_new, OSSL_LIB_CTX_new_from_dispatch, OSSL_LIB_CTX_new_child, OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config, OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default \&\- OpenSSL library context -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,24 +85,24 @@ \& OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); \& OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1OSSL_LIB_CTX\s0\fR is an internal OpenSSL library context type. -Applications may allocate their own, but may also use \s-1NULL\s0 to use -a default context with functions that take an \fB\s-1OSSL_LIB_CTX\s0\fR +\&\fBOSSL_LIB_CTX\fR is an internal OpenSSL library context type. +Applications may allocate their own, but may also use NULL to use +a default context with functions that take an \fBOSSL_LIB_CTX\fR argument. .PP When a non default library context is in use care should be taken with -multi-threaded applications to properly clean up thread local resources before -the \s-1OSSL_LIB_CTX\s0 is freed. +multi\-threaded applications to properly clean up thread local resources before +the OSSL_LIB_CTX is freed. See \fBOPENSSL_thread_stop_ex\fR\|(3) for more information. .PP \&\fBOSSL_LIB_CTX_new()\fR creates a new OpenSSL library context. .PP \&\fBOSSL_LIB_CTX_new_from_dispatch()\fR creates a new OpenSSL library context -initialised to use callbacks from the \s-1OSSL_DISPATCH\s0 structure. This is primarily +initialised to use callbacks from the OSSL_DISPATCH structure. This is primarily useful for provider authors. The \fIhandle\fR and dispatch structure arguments -passed should be the same ones as passed to a provider's +passed should be the same ones as passed to a provider\*(Aqs OSSL_provider_init function. Some OpenSSL functions, such as \&\fBBIO_new_from_core_bio\fR\|(3), require the library context to be created in this way in order to work. @@ -212,12 +137,12 @@ library context then the new properties will override anything from the parent library context and mirroring of the properties will stop. .PP -When \fBOSSL_LIB_CTX_new_child()\fR is called from within the scope of a provider's +When \fBOSSL_LIB_CTX_new_child()\fR is called from within the scope of a provider\*(Aqs \&\fBOSSL_provider_init\fR function the currently initialising provider is not yet -available in the application's library context and therefore will similarly not +available in the application\*(Aqs library context and therefore will similarly not yet be available in the newly constructed child library context. As soon as the \&\fBOSSL_provider_init\fR function returns then the new provider is available in the -application's library context and will be similarly mirrored in the child +application\*(Aqs library context and will be similarly mirrored in the child library context. .PP \&\fBOSSL_LIB_CTX_load_config()\fR loads a configuration file using the given \fIctx\fR. @@ -225,18 +150,18 @@ from a configuration. .PP \&\fBOSSL_LIB_CTX_free()\fR frees the given \fIctx\fR, unless it happens to be the -default OpenSSL library context. +default OpenSSL library context. If the argument is NULL, nothing is done. .PP -\&\fBOSSL_LIB_CTX_get0_global_default()\fR returns a concrete (non \s-1NULL\s0) reference to +\&\fBOSSL_LIB_CTX_get0_global_default()\fR returns a concrete (non NULL) reference to the global default library context. .PP \&\fBOSSL_LIB_CTX_set0_default()\fR sets the default OpenSSL library context to be \&\fIctx\fR in the current thread. The previous default library context is returned. Care should be taken by the caller to restore the previous default library context with a subsequent call of this function. If \fIctx\fR is -\&\s-1NULL\s0 then no change is made to the default library context, but a pointer to +NULL then no change is made to the default library context, but a pointer to the current library context is still returned. On a successful call of this -function the returned value will always be a concrete (non \s-1NULL\s0) library +function the returned value will always be a concrete (non NULL) library context. .PP Care should be taken when changing the default library context and starting @@ -249,20 +174,20 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_LIB_CTX_new()\fR, \fBOSSL_LIB_CTX_get0_global_default()\fR and -\&\fBOSSL_LIB_CTX_set0_default()\fR return a library context pointer on success, or \s-1NULL\s0 +\&\fBOSSL_LIB_CTX_set0_default()\fR return a library context pointer on success, or NULL on error. .PP -\&\fBOSSL_LIB_CTX_free()\fR doesn't return any value. +\&\fBOSSL_LIB_CTX_free()\fR doesn\*(Aqt return any value. .PP \&\fBOSSL_LIB_CTX_load_config()\fR returns 1 on success, 0 on error. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of the functions described on this page were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_PARAM.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_PARAM.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PARAM 3ossl" -.TH OSSL_PARAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PARAM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PARAM \- a structure to pass or request object parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,15 +73,15 @@ \& typedef struct ossl_param_st OSSL_PARAM; \& struct ossl_param_st { \& const char *key; /* the name of the parameter */ -\& unsigned char data_type; /* declare what kind of content is in data */ +\& unsigned int data_type; /* declare what kind of content is in data */ \& void *data; /* value being passed in or out */ \& size_t data_size; /* data size */ \& size_t return_size; /* returned size */ \& }; .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1OSSL_PARAM\s0\fR is a type that allows passing arbitrary data for some +\&\fBOSSL_PARAM\fR is a type that allows passing arbitrary data for some object between two parties that have no or very little shared knowledge about their respective internal structures for that object. .PP @@ -165,68 +90,68 @@ object. .PP Arrays of this type can be used for the following purposes: -.IP "\(bu" 4 +.IP \(bu 4 Setting parameters for some object .Sp -The caller sets up the \fB\s-1OSSL_PARAM\s0\fR array and calls some function +The caller sets up the \fBOSSL_PARAM\fR array and calls some function (the \fIsetter\fR) that has intimate knowledge about the object that can -take the data from the \fB\s-1OSSL_PARAM\s0\fR array and assign them in a +take the data from the \fBOSSL_PARAM\fR array and assign them in a suitable form for the internal structure of the object. -.IP "\(bu" 4 +.IP \(bu 4 Request parameters of some object .Sp -The caller (the \fIrequester\fR) sets up the \fB\s-1OSSL_PARAM\s0\fR array and +The caller (the \fIrequester\fR) sets up the \fBOSSL_PARAM\fR array and calls some function (the \fIresponder\fR) that has intimate knowledge about the object, which can take the internal data of the object and copy (possibly convert) that to the memory prepared by the -\&\fIrequester\fR and pointed at with the \fB\s-1OSSL_PARAM\s0\fR \fIdata\fR. -.IP "\(bu" 4 +\&\fIrequester\fR and pointed at with the \fBOSSL_PARAM\fR \fIdata\fR. +.IP \(bu 4 Request parameter descriptors .Sp -The caller gets an array of constant \fB\s-1OSSL_PARAM\s0\fR, which describe +The caller gets an array of constant \fBOSSL_PARAM\fR, which describe available parameters and some of their properties; name, data type and expected data size. For a detailed description of each field for this use, see the field descriptions below. .Sp The caller may then use the information from this descriptor array to -build up its own \fB\s-1OSSL_PARAM\s0\fR array to pass down to a \fIsetter\fR or +build up its own \fBOSSL_PARAM\fR array to pass down to a \fIsetter\fR or \&\fIresponder\fR. .PP -Normally, the order of the an \fB\s-1OSSL_PARAM\s0\fR array is not relevant. +Normally, the order of the an \fBOSSL_PARAM\fR array is not relevant. However, if the \fIresponder\fR can handle multiple elements with the same key, those elements must be handled in the order they are in. .PP -An \fB\s-1OSSL_PARAM\s0\fR array must have a terminating element, where \fIkey\fR -is \s-1NULL.\s0 The usual full terminating template is: +An \fBOSSL_PARAM\fR array must have a terminating element, where \fIkey\fR +is NULL. The usual full terminating template is: .PP .Vb 1 \& { NULL, 0, NULL, 0, 0 } .Ve .PP -This can also be specified using \s-1\fBOSSL_PARAM_END\s0\fR\|(3). +This can also be specified using \fBOSSL_PARAM_END\fR\|(3). .SS "Functional support" .IX Subsection "Functional support" Libcrypto offers a limited set of helper functions to handle -\&\fB\s-1OSSL_PARAM\s0\fR items and arrays, please see \fBOSSL_PARAM_get_int\fR\|(3). +\&\fBOSSL_PARAM\fR items and arrays, please see \fBOSSL_PARAM_get_int\fR\|(3). Developers are free to extend or replace those as they see fit. -.SS "\fB\s-1OSSL_PARAM\s0\fP fields" +.SS "\fBOSSL_PARAM\fP fields" .IX Subsection "OSSL_PARAM fields" -.IP "\fIkey\fR" 4 +.IP \fIkey\fR 4 .IX Item "key" The identity of the parameter in the form of a string. .Sp -In an \fB\s-1OSSL_PARAM\s0\fR array, an item with this field set to \s-1NULL\s0 is +In an \fBOSSL_PARAM\fR array, an item with this field set to NULL is considered a terminating item. -.IP "\fIdata_type\fR" 4 +.IP \fIdata_type\fR 4 .IX Item "data_type" The \fIdata_type\fR is a value that describes the type and organization of the data. -See \*(L"Supported types\*(R" below for a description of the types. -.IP "\fIdata\fR" 4 +See "Supported types" below for a description of the types. +.IP \fIdata\fR 4 .IX Item "data" .PD 0 -.IP "\fIdata_size\fR" 4 +.IP \fIdata_size\fR 4 .IX Item "data_size" .PD \&\fIdata\fR is a pointer to the memory where the parameter data is (when @@ -235,35 +160,35 @@ The organization of the data depends on the parameter type and flag. .Sp The \fIdata_size\fR needs special attention with the parameter type -\&\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR in relation to C strings. When setting +\&\fBOSSL_PARAM_UTF8_STRING\fR in relation to C strings. When setting parameters, the size should be set to the length of the string, not -counting the terminating \s-1NUL\s0 byte. When requesting parameters, the +counting the terminating NUL byte. When requesting parameters, the size should be set to the size of the buffer to be populated, which -should accommodate enough space for a terminating \s-1NUL\s0 byte. +should accommodate enough space for a terminating NUL byte. .Sp -When \fIrequesting parameters\fR, it's acceptable for \fIdata\fR to be \s-1NULL.\s0 +When \fIrequesting parameters\fR, it\*(Aqs acceptable for \fIdata\fR to be NULL. This can be used by the \fIrequester\fR to figure out dynamically exactly how much buffer space is needed to store the parameter data. In this case, \fIdata_size\fR is ignored. .Sp -When the \fB\s-1OSSL_PARAM\s0\fR is used as a parameter descriptor, \fIdata\fR +When the \fBOSSL_PARAM\fR is used as a parameter descriptor, \fIdata\fR should be ignored. If \fIdata_size\fR is zero, it means that an arbitrary data size is accepted, otherwise it specifies the maximum size allowed. -.IP "\fIreturn_size\fR" 4 +.IP \fIreturn_size\fR 4 .IX Item "return_size" -When an array of \fB\s-1OSSL_PARAM\s0\fR is used to request data, the +When an array of \fBOSSL_PARAM\fR is used to request data, the \&\fIresponder\fR must set this field to indicate size of the parameter data, including padding as the case may be. In case the \fIdata_size\fR is an unsuitable size for the data, the \&\fIresponder\fR must still set this field to indicate the minimum data size required. -(further notes on this in \*(L"\s-1NOTES\*(R"\s0 below). +(further notes on this in "NOTES" below). .Sp -When the \fB\s-1OSSL_PARAM\s0\fR is used as a parameter descriptor, +When the \fBOSSL_PARAM\fR is used as a parameter descriptor, \&\fIreturn_size\fR should be ignored. .PP -\&\fB\s-1NOTE:\s0\fR +\&\fBNOTE:\fR .PP The key names and associated types are defined by the entity that offers these parameters, i.e. names for parameters provided by the @@ -273,38 +198,38 @@ below). Entities that want to set or request parameters need to know what those keys are and of what type, any functionality between those two -entities should remain oblivious and just pass the \fB\s-1OSSL_PARAM\s0\fR array +entities should remain oblivious and just pass the \fBOSSL_PARAM\fR array along. .SS "Supported types" .IX Subsection "Supported types" The \fIdata_type\fR field can be one of the following types: -.IP "\fB\s-1OSSL_PARAM_INTEGER\s0\fR" 4 +.IP \fBOSSL_PARAM_INTEGER\fR 4 .IX Item "OSSL_PARAM_INTEGER" .PD 0 -.IP "\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR" 4 +.IP \fBOSSL_PARAM_UNSIGNED_INTEGER\fR 4 .IX Item "OSSL_PARAM_UNSIGNED_INTEGER" .PD The parameter data is an integer (signed or unsigned) of arbitrary length, organized in native form, i.e. most significant byte first on -Big-Endian systems, and least significant byte first on Little-Endian +Big\-Endian systems, and least significant byte first on Little\-Endian systems. -.IP "\fB\s-1OSSL_PARAM_REAL\s0\fR" 4 +.IP \fBOSSL_PARAM_REAL\fR 4 .IX Item "OSSL_PARAM_REAL" The parameter data is a floating point value in native form. -.IP "\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR" 4 +.IP \fBOSSL_PARAM_UTF8_STRING\fR 4 .IX Item "OSSL_PARAM_UTF8_STRING" The parameter data is a printable string. -.IP "\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR" 4 +.IP \fBOSSL_PARAM_OCTET_STRING\fR 4 .IX Item "OSSL_PARAM_OCTET_STRING" The parameter data is an arbitrary string of bytes. -.IP "\fB\s-1OSSL_PARAM_UTF8_PTR\s0\fR" 4 +.IP \fBOSSL_PARAM_UTF8_PTR\fR 4 .IX Item "OSSL_PARAM_UTF8_PTR" The parameter data is a pointer to a printable string. .Sp -The difference between this and \fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR is that \fIdata\fR -doesn't point directly at the data, but to a pointer that points to the data. +The difference between this and \fBOSSL_PARAM_UTF8_STRING\fR is that \fIdata\fR +doesn\*(Aqt point directly at the data, but to a pointer that points to the data. .Sp -If there is any uncertainty about which to use, \fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR is +If there is any uncertainty about which to use, \fBOSSL_PARAM_UTF8_STRING\fR is almost certainly the correct choice. .Sp This is used to indicate that constant data is or will be passed, @@ -319,17 +244,17 @@ .Sp Note that the use of this type is \fBfragile\fR and can only be safely used for data that remains constant and in a constant location for a -long enough duration (such as the life-time of the entity that +long enough duration (such as the life\-time of the entity that offers these parameters). -.IP "\fB\s-1OSSL_PARAM_OCTET_PTR\s0\fR" 4 +.IP \fBOSSL_PARAM_OCTET_PTR\fR 4 .IX Item "OSSL_PARAM_OCTET_PTR" The parameter data is a pointer to an arbitrary string of bytes. .Sp -The difference between this and \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR is that -\&\fIdata\fR doesn't point directly at the data, but to a pointer that +The difference between this and \fBOSSL_PARAM_OCTET_STRING\fR is that +\&\fIdata\fR doesn\*(Aqt point directly at the data, but to a pointer that points to the data. .Sp -If there is any uncertainty about which to use, \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR is +If there is any uncertainty about which to use, \fBOSSL_PARAM_OCTET_STRING\fR is almost certainly the correct choice. .Sp This is used to indicate that constant data is or will be passed, and @@ -344,56 +269,56 @@ .Sp Note that the use of this type is \fBfragile\fR and can only be safely used for data that remains constant and in a constant location for a -long enough duration (such as the life-time of the entity that +long enough duration (such as the life\-time of the entity that offers these parameters). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Both when setting and requesting parameters, the functions that are called will have to decide what is and what is not an error. The recommended behaviour is: -.IP "\(bu" 4 -Keys that a \fIsetter\fR or \fIresponder\fR doesn't recognise should simply +.IP \(bu 4 +Keys that a \fIsetter\fR or \fIresponder\fR doesn\*(Aqt recognise should simply be ignored. -That in itself isn't an error. -.IP "\(bu" 4 +That in itself isn\*(Aqt an error. +.IP \(bu 4 If the keys that a called \fIsetter\fR recognises form a consistent enough set of data, that call should succeed. -.IP "\(bu" 4 +.IP \(bu 4 Apart from the \fIreturn_size\fR, a \fIresponder\fR must never change the fields -of an \fB\s-1OSSL_PARAM\s0\fR. +of an \fBOSSL_PARAM\fR. To return a value, it should change the contents of the memory that \&\fIdata\fR points at. -.IP "\(bu" 4 -If the data type for a key that it's associated with is incorrect, +.IP \(bu 4 +If the data type for a key that it\*(Aqs associated with is incorrect, the called function may return an error. .Sp The called function may also try to convert the data to a suitable -form (for example, it's plausible to pass a large number as an octet +form (for example, it\*(Aqs plausible to pass a large number as an octet string, so even though a given key is defined as an -\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR, is plausible to pass the value as an -\&\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR), but this is in no way mandatory. -.IP "\(bu" 4 -If \fIdata\fR for a \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR or a -\&\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR is \s-1NULL,\s0 the \fIresponder\fR should +\&\fBOSSL_PARAM_UNSIGNED_INTEGER\fR, is plausible to pass the value as an +\&\fBOSSL_PARAM_OCTET_STRING\fR), but this is in no way mandatory. +.IP \(bu 4 +If \fIdata\fR for a \fBOSSL_PARAM_OCTET_STRING\fR or a +\&\fBOSSL_PARAM_UTF8_STRING\fR is NULL, the \fIresponder\fR should set \fIreturn_size\fR to the size of the item to be returned and return success. Later the responder will be called again with \fIdata\fR pointing at the place for the value to be put. -.IP "\(bu" 4 +.IP \(bu 4 If a \fIresponder\fR finds that some data sizes are too small for the requested data, it must set \fIreturn_size\fR for each such -\&\fB\s-1OSSL_PARAM\s0\fR item to the minimum required size, and eventually return +\&\fBOSSL_PARAM\fR item to the minimum required size, and eventually return an error. -.IP "\(bu" 4 -For the integer type parameters (\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR and -\&\fB\s-1OSSL_PARAM_INTEGER\s0\fR), a \fIresponder\fR may choose to return an error -if the \fIdata_size\fR isn't a suitable size (even if \fIdata_size\fR is +.IP \(bu 4 +For the integer type parameters (\fBOSSL_PARAM_UNSIGNED_INTEGER\fR and +\&\fBOSSL_PARAM_INTEGER\fR), a \fIresponder\fR may choose to return an error +if the \fIdata_size\fR isn\*(Aqt a suitable size (even if \fIdata_size\fR is bigger than needed). If the \fIresponder\fR finds the size suitable, it must fill all \fIdata_size\fR bytes and ensure correct padding for the native endianness, and set \fIreturn_size\fR to the same value as \&\fIdata_size\fR. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -A couple of examples to just show how \fB\s-1OSSL_PARAM\s0\fR arrays could be +A couple of examples to just show how \fBOSSL_PARAM\fR arrays could be set up. .PP \fIExample 1\fR @@ -452,15 +377,15 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBopenssl\-core.h\fR\|(7), \fBOSSL_PARAM_get_int\fR\|(3), \fBOSSL_PARAM_dup\fR\|(3) -.SH "HISTORY" +\&\fBopenssl\-core.h\fR\|(7), \fBOSSL_PARAM_get_int\fR\|(3), \fBOSSL_PARAM_dup\fR\|(3), \fBOSSL_PARAM_construct_utf8_string\fR\|(3) +.SH HISTORY .IX Header "HISTORY" -\&\fB\s-1OSSL_PARAM\s0\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +\&\fBOSSL_PARAM\fR was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_PARAM_BLD.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_PARAM_BLD.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PARAM_BLD 3ossl" -.TH OSSL_PARAM_BLD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PARAM_BLD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PARAM_BLD, OSSL_PARAM_BLD_new, OSSL_PARAM_BLD_to_param, OSSL_PARAM_BLD_free, OSSL_PARAM_BLD_push_int, OSSL_PARAM_BLD_push_uint, OSSL_PARAM_BLD_push_long, @@ -150,7 +75,7 @@ OSSL_PARAM_BLD_push_utf8_string, OSSL_PARAM_BLD_push_utf8_ptr, OSSL_PARAM_BLD_push_octet_string, OSSL_PARAM_BLD_push_octet_ptr \&\- functions to assist in the creation of OSSL_PARAM arrays -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -177,84 +102,85 @@ \& int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, \& void *buf, size_t bsize); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -A collection of utility functions that simplify the creation of \s-1OSSL_PARAM\s0 -arrays. The \fB\f(BI\s-1TYPE\s0\fB\fR names are as per \fBOSSL_PARAM_int\fR\|(3). +A collection of utility functions that simplify the creation of OSSL_PARAM +arrays. The \fR\f(BITYPE\fR\fB\fR names are as per \fBOSSL_PARAM_int\fR\|(3). .PP -\&\fBOSSL_PARAM_BLD_new()\fR allocates and initialises a new \s-1OSSL_PARAM_BLD\s0 structure +\&\fBOSSL_PARAM_BLD_new()\fR allocates and initialises a new OSSL_PARAM_BLD structure so that values can be added. Any existing values are cleared. .PP \&\fBOSSL_PARAM_BLD_free()\fR deallocates the memory allocates by \fBOSSL_PARAM_BLD_new()\fR. +If the argument is NULL, nothing is done. .PP -\&\fBOSSL_PARAM_BLD_to_param()\fR converts a built up \s-1OSSL_PARAM_BLD\s0 structure -\&\fIbld\fR into an allocated \s-1OSSL_PARAM\s0 array. -The \s-1OSSL_PARAM\s0 array and all associated storage must be freed by calling +\&\fBOSSL_PARAM_BLD_to_param()\fR converts a built up OSSL_PARAM_BLD structure +\&\fIbld\fR into an allocated OSSL_PARAM array. +The OSSL_PARAM array and all associated storage must be freed by calling \&\fBOSSL_PARAM_free()\fR with the functions return value. \&\fBOSSL_PARAM_BLD_free()\fR can safely be called any time after this function is. .PP -\&\fBOSSL_PARAM_BLD_push_\f(BI\s-1TYPE\s0\fB\fR() are a series of functions which will create -\&\s-1OSSL_PARAM\s0 objects of the specified size and correct type for the \fIval\fR +\&\fBOSSL_PARAM_BLD_push_\fR\f(BITYPE\fR() are a series of functions which will create +OSSL_PARAM objects of the specified size and correct type for the \fIval\fR argument. \&\fIval\fR is stored by value and an expression or auto variable can be used. .PP -\&\fBOSSL_PARAM_BLD_push_BN()\fR is a function that will create an \s-1OSSL_PARAM\s0 object -that holds the specified \s-1BIGNUM\s0 \fIbn\fR. -If \fIbn\fR is marked as being securely allocated, its \s-1OSSL_PARAM\s0 representation +\&\fBOSSL_PARAM_BLD_push_BN()\fR is a function that will create an OSSL_PARAM object +that holds the specified BIGNUM \fIbn\fR. +If \fIbn\fR is marked as being securely allocated, its OSSL_PARAM representation will also be securely allocated. -The \fIbn\fR argument is stored by reference and the underlying \s-1BIGNUM\s0 object +The \fIbn\fR argument is stored by reference and the underlying BIGNUM object must exist until after \fBOSSL_PARAM_BLD_to_param()\fR has been called. .PP -\&\fBOSSL_PARAM_BLD_push_BN_pad()\fR is a function that will create an \s-1OSSL_PARAM\s0 object -that holds the specified \s-1BIGNUM\s0 \fIbn\fR. +\&\fBOSSL_PARAM_BLD_push_BN_pad()\fR is a function that will create an OSSL_PARAM object +that holds the specified BIGNUM \fIbn\fR. The object will be padded to occupy exactly \fIsz\fR bytes, if insufficient space is specified an error results. -If \fIbn\fR is marked as being securely allocated, its \s-1OSSL_PARAM\s0 representation +If \fIbn\fR is marked as being securely allocated, its OSSL_PARAM representation will also be securely allocated. -The \fIbn\fR argument is stored by reference and the underlying \s-1BIGNUM\s0 object +The \fIbn\fR argument is stored by reference and the underlying BIGNUM object must exist until after \fBOSSL_PARAM_BLD_to_param()\fR has been called. .PP -\&\fBOSSL_PARAM_BLD_push_utf8_string()\fR is a function that will create an \s-1OSSL_PARAM\s0 -object that references the \s-1UTF8\s0 string specified by \fIbuf\fR. -The length of the string \fIbsize\fR should not include the terminating \s-1NUL\s0 byte. +\&\fBOSSL_PARAM_BLD_push_utf8_string()\fR is a function that will create an OSSL_PARAM +object that references the UTF8 string specified by \fIbuf\fR. +The length of the string \fIbsize\fR should not include the terminating NUL byte. If it is zero then it will be calculated. The string that \fIbuf\fR points to is stored by reference and must remain in scope until after \fBOSSL_PARAM_BLD_to_param()\fR has been called. .PP -\&\fBOSSL_PARAM_BLD_push_octet_string()\fR is a function that will create an \s-1OSSL_PARAM\s0 +\&\fBOSSL_PARAM_BLD_push_octet_string()\fR is a function that will create an OSSL_PARAM object that references the octet string specified by \fIbuf\fR and . The memory that \fIbuf\fR points to is stored by reference and must remain in scope until after \fBOSSL_PARAM_BLD_to_param()\fR has been called. .PP -\&\fBOSSL_PARAM_BLD_push_utf8_ptr()\fR is a function that will create an \s-1OSSL_PARAM\s0 -object that references the \s-1UTF8\s0 string specified by \fIbuf\fR. -The length of the string \fIbsize\fR should not include the terminating \s-1NUL\s0 byte. +\&\fBOSSL_PARAM_BLD_push_utf8_ptr()\fR is a function that will create an OSSL_PARAM +object that references the UTF8 string specified by \fIbuf\fR. +The length of the string \fIbsize\fR should not include the terminating NUL byte. If it is zero then it will be calculated. The string \fIbuf\fR points to is stored by reference and must remain in -scope until the \s-1OSSL_PARAM\s0 array is freed. +scope until the OSSL_PARAM array is freed. .PP -\&\fBOSSL_PARAM_BLD_push_octet_ptr()\fR is a function that will create an \s-1OSSL_PARAM\s0 +\&\fBOSSL_PARAM_BLD_push_octet_ptr()\fR is a function that will create an OSSL_PARAM object that references the octet string specified by \fIbuf\fR. The memory \fIbuf\fR points to is stored by reference and must remain in -scope until the \s-1OSSL_PARAM\s0 array is freed. +scope until the OSSL_PARAM array is freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_PARAM_BLD_new()\fR returns the allocated \s-1OSSL_PARAM_BLD\s0 structure, or \s-1NULL\s0 +\&\fBOSSL_PARAM_BLD_new()\fR returns the allocated OSSL_PARAM_BLD structure, or NULL on error. .PP -\&\fBOSSL_PARAM_BLD_to_param()\fR returns the allocated \s-1OSSL_PARAM\s0 array, or \s-1NULL\s0 +\&\fBOSSL_PARAM_BLD_to_param()\fR returns the allocated OSSL_PARAM array, or NULL on error. .PP All of the OSSL_PARAM_BLD_push_TYPE functions return 1 on success and 0 on error. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBOSSL_PARAM_BLD_push_BN()\fR and \fBOSSL_PARAM_BLD_push_BN_pad()\fR currently only -support nonnegative \fB\s-1BIGNUM\s0\fRs. They return an error on negative \fB\s-1BIGNUM\s0\fRs. -.SH "EXAMPLES" +support nonnegative \fBBIGNUM\fRs. They return an error on negative \fBBIGNUM\fRs. +.SH EXAMPLES .IX Header "EXAMPLES" -Both examples creating an \s-1OSSL_PARAM\s0 array that contains an \s-1RSA\s0 key. +Both examples creating an OSSL_PARAM array that contains an RSA key. For both, the predefined key variables are: .PP .Vb 6 @@ -267,7 +193,7 @@ .Ve .SS "Example 1" .IX Subsection "Example 1" -This example shows how to create an \s-1OSSL_PARAM\s0 array that contains an \s-1RSA\s0 +This example shows how to create an OSSL_PARAM array that contains an RSA private key. .PP .Vb 2 @@ -292,7 +218,7 @@ .Ve .SS "Example 2" .IX Subsection "Example 2" -This example shows how to create an \s-1OSSL_PARAM\s0 array that contains an \s-1RSA\s0 +This example shows how to create an OSSL_PARAM array that contains an RSA public key. .PP .Vb 2 @@ -311,15 +237,15 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBOSSL_PARAM_int\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3), \fBOSSL_PARAM_free\fR\|(3) -.SH "HISTORY" +\&\fBOSSL_PARAM_int\fR\|(3), \fBOSSL_PARAM\fR\|(3), \fBOSSL_PARAM_free\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were all added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_PARAM_allocate_from_text.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_PARAM_allocate_from_text.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PARAM_ALLOCATE_FROM_TEXT 3ossl" -.TH OSSL_PARAM_ALLOCATE_FROM_TEXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PARAM_ALLOCATE_FROM_TEXT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PARAM_allocate_from_text \&\- OSSL_PARAM construction utilities -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& size_t value_n, \& int *found); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" With OpenSSL before version 3.0, parameters were passed down to or retrieved from algorithm implementations via control functions. @@ -161,81 +86,81 @@ .PP OpenSSL 3.0 introduces a new mechanism to do the same thing with an array of parameters that contain name, value, value type and value -size (see \s-1\fBOSSL_PARAM\s0\fR\|(3) for more information). +size (see \fBOSSL_PARAM\fR\|(3) for more information). .PP \&\fBOSSL_PARAM_allocate_from_text()\fR uses \fIkey\fR to look up an item in \&\fIparamdefs\fR. If an item was found, it converts \fIvalue\fR to something -suitable for that item's \fIdata_type\fR, and stores the result in +suitable for that item\*(Aqs \fIdata_type\fR, and stores the result in \&\fIto\->data\fR as well as its size in \fIto\->data_size\fR. \&\fIto\->key\fR and \fIto\->data_type\fR are assigned the corresponding values from the item that was found, and \fIto\->return_size\fR is set to zero. .PP \&\fIto\->data\fR is always allocated using \fBOPENSSL_zalloc\fR\|(3) and -needs to be freed by the caller when it's not useful any more, using +needs to be freed by the caller when it\*(Aqs not useful any more, using \&\fBOPENSSL_free\fR\|(3). .PP -If \fIfound\fR is not \s-1NULL,\s0 \fI*found\fR is set to 1 if \fIkey\fR could be +If \fIfound\fR is not NULL, \fI*found\fR is set to 1 if \fIkey\fR could be located in \fIparamdefs\fR, and to 0 otherwise. .SS "The use of \fIkey\fP and \fIvalue\fP in detail" .IX Subsection "The use of key and value in detail" \&\fBOSSL_PARAM_allocate_from_text()\fR takes note if \fIkey\fR starts with -\&\*(L"hex\*(R", and will only use the rest of \fIkey\fR to look up an item in -\&\fIparamdefs\fR in that case. As an example, if \fIkey\fR is \*(L"hexid\*(R", \*(L"id\*(R" +"hex", and will only use the rest of \fIkey\fR to look up an item in +\&\fIparamdefs\fR in that case. As an example, if \fIkey\fR is "hexid", "id" will be looked up in \fIparamdefs\fR. .PP When an item in \fIparamdefs\fR has been found, \fIvalue\fR is converted -depending on that item's \fIdata_type\fR, as follows: -.IP "\fB\s-1OSSL_PARAM_INTEGER\s0\fR and \fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR" 4 +depending on that item\*(Aqs \fIdata_type\fR, as follows: +.IP "\fBOSSL_PARAM_INTEGER\fR and \fBOSSL_PARAM_UNSIGNED_INTEGER\fR" 4 .IX Item "OSSL_PARAM_INTEGER and OSSL_PARAM_UNSIGNED_INTEGER" -If \fIkey\fR didn't start with \*(L"hex\*(R", \fIvalue\fR is assumed to contain +If \fIkey\fR didn\*(Aqt start with "hex", \fIvalue\fR is assumed to contain \&\fIvalue_n\fR decimal characters, which are decoded, and the resulting bytes become the number stored in the \fIto\->data\fR storage. .Sp -If \fIvalue\fR starts with \*(L"0x\*(R", it is assumed to contain \fIvalue_n\fR +If \fIvalue\fR starts with "0x", it is assumed to contain \fIvalue_n\fR hexadecimal characters. .Sp -If \fIkey\fR started with \*(L"hex\*(R", \fIvalue\fR is assumed to contain -\&\fIvalue_n\fR hexadecimal characters without the \*(L"0x\*(R" prefix. +If \fIkey\fR started with "hex", \fIvalue\fR is assumed to contain +\&\fIvalue_n\fR hexadecimal characters without the "0x" prefix. .Sp -If \fIvalue\fR contains characters that couldn't be decoded as +If \fIvalue\fR contains characters that couldn\*(Aqt be decoded as hexadecimal or decimal characters, \fBOSSL_PARAM_allocate_from_text()\fR considers that an error. -.IP "\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR" 4 +.IP \fBOSSL_PARAM_UTF8_STRING\fR 4 .IX Item "OSSL_PARAM_UTF8_STRING" -If \fIkey\fR started with \*(L"hex\*(R", \fBOSSL_PARAM_allocate_from_text()\fR +If \fIkey\fR started with "hex", \fBOSSL_PARAM_allocate_from_text()\fR considers that an error. .Sp Otherwise, \fIvalue\fR is considered a C string and is copied to the \&\fIto\->data\fR storage. -On systems where the native character encoding is \s-1EBCDIC,\s0 the bytes in -\&\fIto\->data\fR are converted to \s-1ASCII.\s0 -.IP "\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR" 4 +On systems where the native character encoding is EBCDIC, the bytes in +\&\fIto\->data\fR are converted to ASCII. +.IP \fBOSSL_PARAM_OCTET_STRING\fR 4 .IX Item "OSSL_PARAM_OCTET_STRING" -If \fIkey\fR started with \*(L"hex\*(R", \fIvalue\fR is assumed to contain +If \fIkey\fR started with "hex", \fIvalue\fR is assumed to contain \&\fIvalue_n\fR hexadecimal characters, which are decoded, and the resulting bytes are stored in the \fIto\->data\fR storage. -If \fIvalue\fR contains characters that couldn't be decoded as +If \fIvalue\fR contains characters that couldn\*(Aqt be decoded as hexadecimal or decimal characters, \fBOSSL_PARAM_allocate_from_text()\fR considers that an error. .Sp -If \fIkey\fR didn't start with \*(L"hex\*(R", \fIvalue_n\fR bytes from \fIvalue\fR are +If \fIkey\fR didn\*(Aqt start with "hex", \fIvalue_n\fR bytes from \fIvalue\fR are copied to the \fIto\->data\fR storage. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_PARAM_allocate_from_text()\fR returns 1 if \fIkey\fR was found in \&\fIparamdefs\fR and there was no other failure, otherwise 0. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The parameter descriptor array comes from functions dedicated to return them. -The following \s-1\fBOSSL_PARAM\s0\fR\|(3) attributes are used: -.IP "\fIkey\fR" 4 +The following \fBOSSL_PARAM\fR\|(3) attributes are used: +.IP \fIkey\fR 4 .IX Item "key" .PD 0 -.IP "\fIdata_type\fR" 4 +.IP \fIdata_type\fR 4 .IX Item "data_type" -.IP "\fIdata_size\fR" 4 +.IP \fIdata_size\fR 4 .IX Item "data_size" .PD .PP @@ -243,7 +168,7 @@ .PP The \fIdata_size\fR attribute can be zero, meaning that the parameter it describes expects arbitrary length data. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Code that looked like this: .PP @@ -319,12 +244,12 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), \fBOSSL_PARAM_int\fR\|(3) -.SH "COPYRIGHT" +\&\fBOSSL_PARAM\fR\|(3), \fBOSSL_PARAM_int\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_PARAM_dup.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_PARAM_dup.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PARAM_DUP 3ossl" -.TH OSSL_PARAM_DUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PARAM_DUP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PARAM_dup, OSSL_PARAM_merge, OSSL_PARAM_free \&\- OSSL_PARAM array copy functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,41 +75,42 @@ \& OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *params, const OSSL_PARAM *params1); \& void OSSL_PARAM_free(OSSL_PARAM *params); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Algorithm parameters can be exported/imported from/to providers using arrays of -\&\s-1\fBOSSL_PARAM\s0\fR\|(3). The following utility functions allow the parameters to be -duplicated and merged with other \s-1\fBOSSL_PARAM\s0\fR\|(3) to assist in this process. +\&\fBOSSL_PARAM\fR\|(3). The following utility functions allow the parameters to be +duplicated and merged with other \fBOSSL_PARAM\fR\|(3) to assist in this process. .PP \&\fBOSSL_PARAM_dup()\fR duplicates the parameter array \fIparams\fR. This function does a deep copy of the data. .PP \&\fBOSSL_PARAM_merge()\fR merges the parameter arrays \fIparams\fR and \fIparams1\fR into a new parameter array. If \fIparams\fR and \fIparams1\fR contain values with the same -\&'key' then the value from \fIparams1\fR will replace the \fIparam\fR value. This +\&\*(Aqkey\*(Aq then the value from \fIparams1\fR will replace the \fIparam\fR value. This function does a shallow copy of the parameters. Either \fIparams\fR or \fIparams1\fR -may be \s-1NULL.\s0 The behaviour of the merge is unpredictable if \fIparams\fR and +may be NULL. The behaviour of the merge is unpredictable if \fIparams\fR and \&\fIparams1\fR contain the same key, and there are multiple entries within either array that have the same key. .PP \&\fBOSSL_PARAM_free()\fR frees the parameter array \fIparams\fR that was created using \&\fBOSSL_PARAM_dup()\fR, \fBOSSL_PARAM_merge()\fR or \fBOSSL_PARAM_BLD_to_param()\fR. +If the argument to \fBOSSL_PARAM_free()\fR is NULL, nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions \fBOSSL_PARAM_dup()\fR and \fBOSSL_PARAM_merge()\fR return a newly allocated -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) array, or \s-1NULL\s0 if there was an error. If both parameters are \s-1NULL\s0 - then \s-1NULL\s0 is returned. +\&\fBOSSL_PARAM\fR\|(3) array, or NULL if there was an error. If both parameters are NULL + then NULL is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), \s-1\fBOSSL_PARAM_BLD\s0\fR\|(3) -.SH "HISTORY" +\&\fBOSSL_PARAM\fR\|(3), \fBOSSL_PARAM_BLD\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_PARAM_int.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_PARAM_int.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PARAM_INT 3ossl" -.TH OSSL_PARAM_INT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PARAM_INT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PARAM_double, OSSL_PARAM_int, OSSL_PARAM_int32, OSSL_PARAM_int64, OSSL_PARAM_long, OSSL_PARAM_size_t, OSSL_PARAM_time_t, OSSL_PARAM_uint, OSSL_PARAM_uint32, OSSL_PARAM_uint64, OSSL_PARAM_ulong, OSSL_PARAM_BN, @@ -170,7 +95,7 @@ OSSL_PARAM_set_utf8_ptr, OSSL_PARAM_set_octet_ptr, OSSL_PARAM_UNMODIFIED, OSSL_PARAM_modified, OSSL_PARAM_set_all_unmodified \&\- OSSL_PARAM helpers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -242,85 +167,85 @@ \& int OSSL_PARAM_modified(const OSSL_PARAM *param); \& void OSSL_PARAM_set_all_unmodified(OSSL_PARAM *params); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" A collection of utility functions that simplify and add type safety to the -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) arrays. The following \fB\f(BI\s-1TYPE\s0\fB\fR names are supported: -.IP "\(bu" 1 +\&\fBOSSL_PARAM\fR\|(3) arrays. The following \fR\f(BITYPE\fR\fB\fR names are supported: +.IP \(bu 2 double -.IP "\(bu" 1 +.IP \(bu 2 int -.IP "\(bu" 1 +.IP \(bu 2 int32 (int32_t) -.IP "\(bu" 1 +.IP \(bu 2 int64 (int64_t) -.IP "\(bu" 1 +.IP \(bu 2 long int (long) -.IP "\(bu" 1 +.IP \(bu 2 time_t -.IP "\(bu" 1 +.IP \(bu 2 size_t -.IP "\(bu" 1 +.IP \(bu 2 uint32 (uint32_t) -.IP "\(bu" 1 +.IP \(bu 2 uint64 (uint64_t) -.IP "\(bu" 1 +.IP \(bu 2 unsigned int (uint) -.IP "\(bu" 1 +.IP \(bu 2 unsigned long int (ulong) .PP -\&\s-1\fBOSSL_PARAM_TYPE\s0()\fR are a series of macros designed to assist initialising an -array of \s-1\fBOSSL_PARAM\s0\fR\|(3) structures. -Each of these macros defines a parameter of the specified \fB\f(BI\s-1TYPE\s0\fB\fR with the +\&\fBOSSL_PARAM_TYPE()\fR are a series of macros designed to assist initialising an +array of \fBOSSL_PARAM\fR\|(3) structures. +Each of these macros defines a parameter of the specified \fR\f(BITYPE\fR\fB\fR with the provided \fIkey\fR and parameter variable \fIaddress\fR. .PP \&\fBOSSL_PARAM_utf8_string()\fR, \fBOSSL_PARAM_octet_string()\fR, \fBOSSL_PARAM_utf8_ptr()\fR, -\&\fBOSSL_PARAM_octet_ptr()\fR, \s-1\fBOSSL_PARAM_BN\s0()\fR are macros that provide support -for defining \s-1UTF8\s0 strings, \s-1OCTET\s0 strings and big numbers. +\&\fBOSSL_PARAM_octet_ptr()\fR, \fBOSSL_PARAM_BN()\fR are macros that provide support +for defining UTF8 strings, OCTET strings and big numbers. A parameter with name \fIkey\fR is defined. The storage for this parameter is at \fIaddress\fR and is of \fIsize\fR bytes. .PP -\&\s-1OSSL_PARAM_END\s0 provides an end of parameter list marker. -This should terminate all \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays. +OSSL_PARAM_END provides an end of parameter list marker. +This should terminate all \fBOSSL_PARAM\fR\|(3) arrays. .PP -The \s-1\fBOSSL_PARAM_DEFN\s0()\fR macro provides the ability to construct a single -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) (typically used in the construction of \fB\s-1OSSL_PARAM\s0\fR arrays). The +The \fBOSSL_PARAM_DEFN()\fR macro provides the ability to construct a single +\&\fBOSSL_PARAM\fR\|(3) (typically used in the construction of \fBOSSL_PARAM\fR arrays). The \&\fIkey\fR, \fItype\fR, \fIaddr\fR and \fIsz\fR arguments correspond to the \fIkey\fR, -\&\fIdata_type\fR, \fIdata\fR and \fIdata_size\fR fields of the \s-1\fBOSSL_PARAM\s0\fR\|(3) structure as -described on the \s-1\fBOSSL_PARAM\s0\fR\|(3) page. +\&\fIdata_type\fR, \fIdata\fR and \fIdata_size\fR fields of the \fBOSSL_PARAM\fR\|(3) structure as +described on the \fBOSSL_PARAM\fR\|(3) page. .PP -\&\fBOSSL_PARAM_construct_TYPE()\fR are a series of functions that create \s-1\fBOSSL_PARAM\s0\fR\|(3) +\&\fBOSSL_PARAM_construct_TYPE()\fR are a series of functions that create \fBOSSL_PARAM\fR\|(3) records dynamically. A parameter with name \fIkey\fR is created. The parameter will use storage pointed to by \fIbuf\fR and return size of \fIret\fR. .PP \&\fBOSSL_PARAM_construct_BN()\fR is a function that constructs a large integer -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +\&\fBOSSL_PARAM\fR\|(3) structure. A parameter with name \fIkey\fR, storage \fIbuf\fR, size \fIbsize\fR and return size \fIrsize\fR is created. .PP -\&\fBOSSL_PARAM_construct_utf8_string()\fR is a function that constructs a \s-1UTF8\s0 -string \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +\&\fBOSSL_PARAM_construct_utf8_string()\fR is a function that constructs a UTF8 +string \fBOSSL_PARAM\fR\|(3) structure. A parameter with name \fIkey\fR, storage \fIbuf\fR and size \fIbsize\fR is created. If \fIbsize\fR is zero, the string length is determined using \fBstrlen\fR\|(3). Generally pass zero for \fIbsize\fR instead of calling \fBstrlen\fR\|(3) yourself. .PP -\&\fBOSSL_PARAM_construct_octet_string()\fR is a function that constructs an \s-1OCTET\s0 -string \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +\&\fBOSSL_PARAM_construct_octet_string()\fR is a function that constructs an OCTET +string \fBOSSL_PARAM\fR\|(3) structure. A parameter with name \fIkey\fR, storage \fIbuf\fR and size \fIbsize\fR is created. .PP -\&\fBOSSL_PARAM_construct_utf8_ptr()\fR is a function that constructs a \s-1UTF8\s0 string -pointer \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +\&\fBOSSL_PARAM_construct_utf8_ptr()\fR is a function that constructs a UTF8 string +pointer \fBOSSL_PARAM\fR\|(3) structure. A parameter with name \fIkey\fR, storage pointer \fI*buf\fR and size \fIbsize\fR is created. .PP -\&\fBOSSL_PARAM_construct_octet_ptr()\fR is a function that constructs an \s-1OCTET\s0 string -pointer \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +\&\fBOSSL_PARAM_construct_octet_ptr()\fR is a function that constructs an OCTET string +pointer \fBOSSL_PARAM\fR\|(3) structure. A parameter with name \fIkey\fR, storage pointer \fI*buf\fR and size \fIbsize\fR is created. .PP \&\fBOSSL_PARAM_construct_end()\fR is a function that constructs the terminating -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +\&\fBOSSL_PARAM\fR\|(3) structure. .PP \&\fBOSSL_PARAM_locate()\fR is a function that searches an \fIarray\fR of parameters for the one matching the \fIkey\fR name. @@ -328,86 +253,86 @@ \&\fBOSSL_PARAM_locate_const()\fR behaves exactly like \fBOSSL_PARAM_locate()\fR except for the presence of \fIconst\fR for the \fIarray\fR argument and its return value. .PP -\&\fBOSSL_PARAM_get_TYPE()\fR retrieves a value of type \fB\f(BI\s-1TYPE\s0\fB\fR from the parameter +\&\fBOSSL_PARAM_get_TYPE()\fR retrieves a value of type \fR\f(BITYPE\fR\fB\fR from the parameter \&\fIp\fR. The value is copied to the address \fIval\fR. -Type coercion takes place as discussed in the \s-1NOTES\s0 section. +Type coercion takes place as discussed in the NOTES section. .PP -\&\fBOSSL_PARAM_set_TYPE()\fR stores a value \fIval\fR of type \fB\f(BI\s-1TYPE\s0\fB\fR into the +\&\fBOSSL_PARAM_set_TYPE()\fR stores a value \fIval\fR of type \fR\f(BITYPE\fR\fB\fR into the parameter \fIp\fR. -If the parameter's \fIdata\fR field is \s-1NULL,\s0 then only its \fIreturn_size\fR field -will be assigned the size the parameter's \fIdata\fR buffer should have. -Type coercion takes place as discussed in the \s-1NOTES\s0 section. +If the parameter\*(Aqs \fIdata\fR field is NULL, then only its \fIreturn_size\fR field +will be assigned the size the parameter\*(Aqs \fIdata\fR buffer should have. +Type coercion takes place as discussed in the NOTES section. .PP -\&\fBOSSL_PARAM_get_BN()\fR retrieves a \s-1BIGNUM\s0 from the parameter pointed to by \fIp\fR. -The \s-1BIGNUM\s0 referenced by \fIval\fR is updated and is allocated if \fI*val\fR is -\&\s-1NULL.\s0 +\&\fBOSSL_PARAM_get_BN()\fR retrieves a BIGNUM from the parameter pointed to by \fIp\fR. +The BIGNUM referenced by \fIval\fR is updated and is allocated if \fI*val\fR is +NULL. .PP -\&\fBOSSL_PARAM_set_BN()\fR stores the \s-1BIGNUM\s0 \fIval\fR into the parameter \fIp\fR. -If the parameter's \fIdata\fR field is \s-1NULL,\s0 then only its \fIreturn_size\fR field -will be assigned the size the parameter's \fIdata\fR buffer should have. +\&\fBOSSL_PARAM_set_BN()\fR stores the BIGNUM \fIval\fR into the parameter \fIp\fR. +If the parameter\*(Aqs \fIdata\fR field is NULL, then only its \fIreturn_size\fR field +will be assigned the size the parameter\*(Aqs \fIdata\fR buffer should have. .PP -\&\fBOSSL_PARAM_get_utf8_string()\fR retrieves a \s-1UTF8\s0 string from the parameter +\&\fBOSSL_PARAM_get_utf8_string()\fR retrieves a UTF8 string from the parameter pointed to by \fIp\fR. The string is stored into \fI*val\fR with a size limit of \fImax_len\fR, -which must be large enough to accommodate a terminating \s-1NUL\s0 byte, +which must be large enough to accommodate a terminating NUL byte, otherwise this function will fail. -If \fI*val\fR is \s-1NULL,\s0 memory is allocated for the string (including the -terminating \s-1NUL\s0 byte) and \fImax_len\fR is ignored. +If \fI*val\fR is NULL, memory is allocated for the string (including the +terminating NUL byte) and \fImax_len\fR is ignored. If memory is allocated by this function, it must be freed by the caller. .PP -\&\fBOSSL_PARAM_set_utf8_string()\fR sets a \s-1UTF8\s0 string from the parameter pointed to +\&\fBOSSL_PARAM_set_utf8_string()\fR sets a UTF8 string from the parameter pointed to by \fIp\fR to the value referenced by \fIval\fR. -If the parameter's \fIdata\fR field isn't \s-1NULL,\s0 its \fIdata_size\fR must indicate +If the parameter\*(Aqs \fIdata\fR field isn\*(Aqt NULL, its \fIdata_size\fR must indicate that the buffer is large enough to accommodate the string that \fIval\fR points at, -not including the terminating \s-1NUL\s0 byte, or this function will fail. -A terminating \s-1NUL\s0 byte is added only if the parameter's \fIdata_size\fR indicates +not including the terminating NUL byte, or this function will fail. +A terminating NUL byte is added only if the parameter\*(Aqs \fIdata_size\fR indicates the buffer is longer than the string length, otherwise the string will not be -\&\s-1NUL\s0 terminated. -If the parameter's \fIdata\fR field is \s-1NULL,\s0 then only its \fIreturn_size\fR field -will be assigned the minimum size the parameter's \fIdata\fR buffer should have -to accommodate the string, not including a terminating \s-1NUL\s0 byte. +NUL terminated. +If the parameter\*(Aqs \fIdata\fR field is NULL, then only its \fIreturn_size\fR field +will be assigned the minimum size the parameter\*(Aqs \fIdata\fR buffer should have +to accommodate the string, not including a terminating NUL byte. .PP -\&\fBOSSL_PARAM_get_octet_string()\fR retrieves an \s-1OCTET\s0 string from the parameter +\&\fBOSSL_PARAM_get_octet_string()\fR retrieves an OCTET string from the parameter pointed to by \fIp\fR. The OCTETs are either stored into \fI*val\fR with a length limit of \fImax_len\fR or, -in the case when \fI*val\fR is \s-1NULL,\s0 memory is allocated and +in the case when \fI*val\fR is NULL, memory is allocated and \&\fImax_len\fR is ignored. \fI*used_len\fR is populated with the number of OCTETs -stored. If \fIval\fR is \s-1NULL\s0 then the \s-1OCTETS\s0 are not stored, but \fI*used_len\fR is +stored. If \fIval\fR is NULL then the OCTETS are not stored, but \fI*used_len\fR is still populated. If memory is allocated by this function, it must be freed by the caller. .PP -\&\fBOSSL_PARAM_set_octet_string()\fR sets an \s-1OCTET\s0 string from the parameter +\&\fBOSSL_PARAM_set_octet_string()\fR sets an OCTET string from the parameter pointed to by \fIp\fR to the value referenced by \fIval\fR. -If the parameter's \fIdata\fR field is \s-1NULL,\s0 then only its \fIreturn_size\fR field -will be assigned the size the parameter's \fIdata\fR buffer should have. +If the parameter\*(Aqs \fIdata\fR field is NULL, then only its \fIreturn_size\fR field +will be assigned the size the parameter\*(Aqs \fIdata\fR buffer should have. .PP -\&\fBOSSL_PARAM_get_utf8_ptr()\fR retrieves the \s-1UTF8\s0 string pointer from the parameter +\&\fBOSSL_PARAM_get_utf8_ptr()\fR retrieves the UTF8 string pointer from the parameter referenced by \fIp\fR and stores it in \fI*val\fR. .PP -\&\fBOSSL_PARAM_set_utf8_ptr()\fR sets the \s-1UTF8\s0 string pointer in the parameter +\&\fBOSSL_PARAM_set_utf8_ptr()\fR sets the UTF8 string pointer in the parameter referenced by \fIp\fR to the values \fIval\fR. .PP -\&\fBOSSL_PARAM_get_octet_ptr()\fR retrieves the \s-1OCTET\s0 string pointer from the parameter +\&\fBOSSL_PARAM_get_octet_ptr()\fR retrieves the OCTET string pointer from the parameter referenced by \fIp\fR and stores it in \fI*val\fR. -The length of the \s-1OCTET\s0 string is stored in \fI*used_len\fR. +The length of the OCTET string is stored in \fI*used_len\fR. .PP -\&\fBOSSL_PARAM_set_octet_ptr()\fR sets the \s-1OCTET\s0 string pointer in the parameter +\&\fBOSSL_PARAM_set_octet_ptr()\fR sets the OCTET string pointer in the parameter referenced by \fIp\fR to the values \fIval\fR. -The length of the \s-1OCTET\s0 string is provided by \fIused_len\fR. +The length of the OCTET string is provided by \fIused_len\fR. .PP -\&\fBOSSL_PARAM_get_utf8_string_ptr()\fR retrieves the pointer to a \s-1UTF8\s0 string from +\&\fBOSSL_PARAM_get_utf8_string_ptr()\fR retrieves the pointer to a UTF8 string from the parameter pointed to by \fIp\fR, and stores that pointer in \fI*val\fR. This is different from \fBOSSL_PARAM_get_utf8_string()\fR, which copies the string. .PP \&\fBOSSL_PARAM_get_octet_string_ptr()\fR retrieves the pointer to a octet string from the parameter pointed to by \fIp\fR, and stores that pointer in \fI*val\fR, -along with the string's length in \fI*used_len\fR. +along with the string\*(Aqs length in \fI*used_len\fR. This is different from \fBOSSL_PARAM_get_octet_string()\fR, which copies the string. .PP -The \s-1OSSL_PARAM_UNMODIFIED\s0 macro is used to detect if a parameter was set. On +The OSSL_PARAM_UNMODIFIED macro is used to detect if a parameter was set. On creation, via either the macros or construct calls, the \fIreturn_size\fR field is set to this. If the parameter is set using the calls defined herein, the \&\fIreturn_size\fR field is changed. @@ -422,16 +347,16 @@ \&\fBOSSL_PARAM_construct_TYPE()\fR, \fBOSSL_PARAM_construct_BN()\fR, \&\fBOSSL_PARAM_construct_utf8_string()\fR, \fBOSSL_PARAM_construct_octet_string()\fR, \&\fBOSSL_PARAM_construct_utf8_ptr()\fR and \fBOSSL_PARAM_construct_octet_ptr()\fR -return a populated \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +return a populated \fBOSSL_PARAM\fR\|(3) structure. .PP \&\fBOSSL_PARAM_locate()\fR and \fBOSSL_PARAM_locate_const()\fR return a pointer to -the matching \s-1\fBOSSL_PARAM\s0\fR\|(3) object. They return \s-1NULL\s0 on error or when +the matching \fBOSSL_PARAM\fR\|(3) object. They return NULL on error or when no object matching \fIkey\fR exists in the \fIarray\fR. .PP \&\fBOSSL_PARAM_modified()\fR returns 1 if the parameter was set and 0 otherwise. .PP All other functions return 1 on success and 0 on failure. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Native types will be converted as required only if the value is exactly representable by the target type or parameter. @@ -439,21 +364,21 @@ expected type of the parameter. .PP \&\fBOSSL_PARAM_get_BN()\fR and \fBOSSL_PARAM_set_BN()\fR currently only support -nonnegative \fB\s-1BIGNUM\s0\fRs, and by consequence, only -\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR. \fBOSSL_PARAM_construct_BN()\fR currently -constructs an \s-1\fBOSSL_PARAM\s0\fR\|(3) structure with the data type -\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR. +nonnegative \fBBIGNUM\fRs, and by consequence, only +\&\fBOSSL_PARAM_UNSIGNED_INTEGER\fR. \fBOSSL_PARAM_construct_BN()\fR currently +constructs an \fBOSSL_PARAM\fR\|(3) structure with the data type +\&\fBOSSL_PARAM_UNSIGNED_INTEGER\fR. .PP For \fBOSSL_PARAM_construct_utf8_ptr()\fR and \fBOSSL_PARAM_consstruct_octet_ptr()\fR, -\&\fIbsize\fR is not relevant if the purpose is to send the \s-1\fBOSSL_PARAM\s0\fR\|(3) array +\&\fIbsize\fR is not relevant if the purpose is to send the \fBOSSL_PARAM\fR\|(3) array to a \fIresponder\fR, i.e. to get parameter data back. In that case, \fIbsize\fR can safely be given zero. -See \*(L"\s-1DESCRIPTION\*(R"\s0 in \s-1\fBOSSL_PARAM\s0\fR\|(3) for further information on the +See "DESCRIPTION" in \fBOSSL_PARAM\fR\|(3) for further information on the possible purposes. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Reusing the examples from \s-1\fBOSSL_PARAM\s0\fR\|(3) to just show how -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) arrays can be handled using the macros and functions +Reusing the examples from \fBOSSL_PARAM\fR\|(3) to just show how +\&\fBOSSL_PARAM\fR\|(3) arrays can be handled using the macros and functions defined herein. .SS "Example 1" .IX Subsection "Example 1" @@ -474,7 +399,7 @@ .SS "Example 2" .IX Subsection "Example 2" This example is for requesting parameters on some object, and also -demonstrates that the requester isn't obligated to request all +demonstrates that the requester isn\*(Aqt obligated to request all available parameters: .PP .Vb 7 @@ -502,17 +427,43 @@ \& if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL) \& OSSL_PARAM_set_utf8_ptr(p, "cookie value"); .Ve +.SS "Example 3" +.IX Subsection "Example 3" +This example shows a special case where +\&\fI\-Wincompatible\-pointer\-types\-discards\-qualifiers\fR may be set during +compilation. The value for \fIbuf\fR cannot be a \fIconst char *\fR type string. An +alternative in this case would be to use \fBOSSL_PARAM\fR macro abbreviated calls +rather than the specific callers which allows you to define the sha1 argument +as a standard character array (\fIchar[]\fR). +.PP +For example, this code: +.PP +.Vb 3 +\& OSSL_PARAM params[2]; +\& params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0); +\& params[1] = OSSL_PARAM_construct_end(); +.Ve +.PP +Can be made compatible with the following version: +.PP +.Vb 2 +\& char sha1[] = "SHA1"; /* sha1 is defined as char[] in this case */ +\& OSSL_PARAM params[2]; +\& +\& params[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0); +\& params[1] = OSSL_PARAM_construct_end(); +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBopenssl\-core.h\fR\|(7), \s-1\fBOSSL_PARAM\s0\fR\|(3) -.SH "HISTORY" +\&\fBopenssl\-core.h\fR\|(7), \fBOSSL_PARAM\fR\|(3) +.SH HISTORY .IX Header "HISTORY" These APIs were introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_PROVIDER.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_PROVIDER.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PROVIDER 3ossl" -.TH OSSL_PROVIDER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PROVIDER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PROVIDER_set_default_search_path, OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload, OSSL_PROVIDER_available, OSSL_PROVIDER_do_all, @@ -148,7 +73,7 @@ OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_get0_name, OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test \&\- provider routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -190,9 +115,9 @@ \& void *arg); \& int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1OSSL_PROVIDER\s0\fR is a type that holds internal information about +\&\fBOSSL_PROVIDER\fR is a type that holds internal information about implementation providers (see \fBprovider\fR\|(7) for information on what a provider is). A provider can be built in to the application or the OpenSSL @@ -200,8 +125,8 @@ The functions described here handle both forms. .PP Some of these functions operate within a library context, please see -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) for further details. -.SS "Functions" +\&\fBOSSL_LIB_CTX\fR\|(3) for further details. +.SS Functions .IX Subsection "Functions" \&\fBOSSL_PROVIDER_set_default_search_path()\fR specifies the default search \fIpath\fR that is to be used for looking for providers in the specified \fIlibctx\fR. @@ -209,7 +134,7 @@ be used instead. .PP \&\fBOSSL_PROVIDER_add_builtin()\fR is used to add a built in provider to -\&\fB\s-1OSSL_PROVIDER\s0\fR store in the given library context, by associating a +\&\fBOSSL_PROVIDER\fR store in the given library context, by associating a provider name with a provider initialization function. This name can then be used with \fBOSSL_PROVIDER_load()\fR. .PP @@ -221,8 +146,8 @@ to a provider module, in that case the provider name as returned by \fBOSSL_PROVIDER_get0_name()\fR will be the path. Interpretation of relative paths is platform dependent and they are relative -to the configured \*(L"\s-1MODULESDIR\*(R"\s0 directory or the path set in -the environment variable \s-1OPENSSL_MODULES\s0 if set. +to the configured "MODULESDIR" directory or the path set in +the environment variable OPENSSL_MODULES if set. .PP \&\fBOSSL_PROVIDER_try_load()\fR functions like \fBOSSL_PROVIDER_load()\fR, except that it does not disable the fallback providers if the provider cannot be @@ -246,34 +171,34 @@ behaviour. .PP \&\fBOSSL_PROVIDER_gettable_params()\fR is used to get a provider parameter -descriptor set as a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array. +descriptor set as a constant \fBOSSL_PARAM\fR\|(3) array. .PP \&\fBOSSL_PROVIDER_get_params()\fR is used to get provider parameter values. -The caller must prepare the \s-1\fBOSSL_PARAM\s0\fR\|(3) array before calling this +The caller must prepare the \fBOSSL_PARAM\fR\|(3) array before calling this function, and the variables acting as buffers for this parameter array should be filled with data when it returns successfully. .PP -\&\fBOSSL_PROVIDER_self_test()\fR is used to run a provider's self tests on demand. +\&\fBOSSL_PROVIDER_self_test()\fR is used to run a provider\*(Aqs self tests on demand. If the self tests fail then the provider will fail to provide any further services and algorithms. \fBOSSL_SELF_TEST_set_callback\fR\|(3) may be called beforehand in order to display diagnostics for the running self tests. .PP -\&\fBOSSL_PROVIDER_query_operation()\fR calls the provider's \fIquery_operation\fR +\&\fBOSSL_PROVIDER_query_operation()\fR calls the provider\*(Aqs \fIquery_operation\fR function (see \fBprovider\fR\|(7)), if the provider has one. It returns an -array of \fI\s-1OSSL_ALGORITHM\s0\fR for the given \fIoperation_id\fR terminated by an all -\&\s-1NULL OSSL_ALGORITHM\s0 entry. This is considered a low-level function that most +array of \fIOSSL_ALGORITHM\fR for the given \fIoperation_id\fR terminated by an all +NULL OSSL_ALGORITHM entry. This is considered a low\-level function that most applications should not need to call. .PP -\&\fBOSSL_PROVIDER_unquery_operation()\fR calls the provider's \fIunquery_operation\fR +\&\fBOSSL_PROVIDER_unquery_operation()\fR calls the provider\*(Aqs \fIunquery_operation\fR function (see \fBprovider\fR\|(7)), if the provider has one. This is considered a -low-level function that most applications should not need to call. +low\-level function that most applications should not need to call. .PP \&\fBOSSL_PROVIDER_get0_provider_ctx()\fR returns the provider context for the given provider. The provider context is an opaque handle set by the provider itself and is passed back to the provider by libcrypto in various function calls. .PP -\&\fBOSSL_PROVIDER_get0_dispatch()\fR returns the provider's dispatch table as it was -returned in the \fIout\fR parameter from the provider's init function. See +\&\fBOSSL_PROVIDER_get0_dispatch()\fR returns the provider\*(Aqs dispatch table as it was +returned in the \fIout\fR parameter from the provider\*(Aqs init function. See \&\fBprovider\-base\fR\|(7). .PP If it is permissible to cache references to this array then \fI*no_store\fR is set @@ -285,10 +210,10 @@ \&\fBOSSL_PROVIDER_get_capabilities()\fR provides information about the capabilities supported by the provider specified in \fIprov\fR with the capability name \&\fIcapability\fR. For each capability of that name supported by the provider it -will call the callback \fIcb\fR and supply a set of \s-1\fBOSSL_PARAM\s0\fR\|(3)s describing the +will call the callback \fIcb\fR and supply a set of \fBOSSL_PARAM\fR\|(3)s describing the capability. It will also pass back the argument \fIarg\fR. For more details about capabilities and what they can be used for please see -\&\*(L"\s-1CAPABILTIIES\*(R"\s0 in \fBprovider\-base\fR\|(7). +"CAPABILITIES" in \fBprovider\-base\fR\|(7). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_PROVIDER_set_default_search_path()\fR, \fBOSSL_PROVIDER_add()\fR, @@ -296,7 +221,7 @@ \&\fBOSSL_PROVIDER_get_capabilities()\fR return 1 on success, or 0 on error. .PP \&\fBOSSL_PROVIDER_load()\fR and \fBOSSL_PROVIDER_try_load()\fR return a pointer to a -provider object on success, or \s-1NULL\s0 on error. +provider object on success, or NULL on error. .PP \&\fBOSSL_PROVIDER_do_all()\fR returns 1 if the callback \fIcb\fR returns 1 for every provider it is called with, or 0 if any provider callback invocation returns 0; @@ -307,17 +232,17 @@ otherwise 0. .PP \&\fBOSSL_PROVIDER_gettable_params()\fR returns a pointer to an array -of constant \s-1\fBOSSL_PARAM\s0\fR\|(3), or \s-1NULL\s0 if none is provided. +of constant \fBOSSL_PARAM\fR\|(3), or NULL if none is provided. .PP \&\fBOSSL_PROVIDER_get_params()\fR and returns 1 on success, or 0 on error. .PP -\&\fBOSSL_PROVIDER_query_operation()\fR returns an array of \s-1OSSL_ALGORITHM\s0 or \s-1NULL\s0 on +\&\fBOSSL_PROVIDER_query_operation()\fR returns an array of OSSL_ALGORITHM or NULL on error. .PP \&\fBOSSL_PROVIDER_self_test()\fR returns 1 if the self tests pass, or 0 on error. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This demonstrates how to load the provider module \*(L"foo\*(R" and ask for +This demonstrates how to load the provider module "foo" and ask for its build information. .PP .Vb 3 @@ -340,15 +265,15 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBopenssl\-core.h\fR\|(7), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3), \fBprovider\fR\|(7) -.SH "HISTORY" +\&\fBopenssl\-core.h\fR\|(7), \fBOSSL_LIB_CTX\fR\|(3), \fBprovider\fR\|(7) +.SH HISTORY .IX Header "HISTORY" The type and functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_new.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_SELF_TEST_NEW 3ossl" -.TH OSSL_SELF_TEST_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_SELF_TEST_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_SELF_TEST_new, OSSL_SELF_TEST_free, OSSL_SELF_TEST_onbegin, OSSL_SELF_TEST_oncorrupt_byte, OSSL_SELF_TEST_onend \- functionality to trigger a callback during a self test -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,27 +82,27 @@ \& int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes); \& void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These methods are intended for use by provider implementers, to display diagnostic information during self testing. .PP -\&\fBOSSL_SELF_TEST_new()\fR allocates an opaque \fB\s-1OSSL_SELF_TEST\s0\fR object that has a +\&\fBOSSL_SELF_TEST_new()\fR allocates an opaque \fBOSSL_SELF_TEST\fR object that has a callback and callback argument associated with it. .PP The callback \fIcb\fR may be triggered multiple times by a self test to indicate different phases. .PP \&\fBOSSL_SELF_TEST_free()\fR frees the space allocated by \fBOSSL_SELF_TEST_new()\fR. +If the argument is NULL, nothing is done. .PP \&\fBOSSL_SELF_TEST_onbegin()\fR may be inserted at the start of a block of self test code. It can be used for diagnostic purposes. If this method is called the callback \fIcb\fR will receive the following -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) object. -.ie n .IP """st-phase"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``st-phase'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "st-phase (OSSL_PROV_PARAM_SELF_TEST_PHASE) " -The value is the string \*(L"Start\*(R" +\&\fBOSSL_PARAM\fR\|(3) object. +.IP """st\-phase"" (\fBOSSL_PROV_PARAM_SELF_TEST_PHASE\fR) " 4 +.IX Item """st-phase"" (OSSL_PROV_PARAM_SELF_TEST_PHASE) " +The value is the string "Start" .PP \&\fBOSSL_SELF_TEST_oncorrupt_byte()\fR may be inserted just after the known answer is calculated, but before the self test compares the result. The first byte in the @@ -186,47 +111,43 @@ The \fItype\fR and \fIdesc\fR can be used to identify an individual self test to target for failure testing. If this method is called the callback \fIcb\fR will receive the following -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) object. -.ie n .IP """st-phase"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``st-phase'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "st-phase (OSSL_PROV_PARAM_SELF_TEST_PHASE) " -The value is the string \*(L"Corrupt\*(R" +\&\fBOSSL_PARAM\fR\|(3) object. +.IP """st\-phase"" (\fBOSSL_PROV_PARAM_SELF_TEST_PHASE\fR) " 4 +.IX Item """st-phase"" (OSSL_PROV_PARAM_SELF_TEST_PHASE) " +The value is the string "Corrupt" .PP \&\fBOSSL_SELF_TEST_onend()\fR may be inserted at the end of a block of self test code just before cleanup to indicate if the test passed or failed. It can be used for diagnostic purposes. If this method is called the callback \fIcb\fR will receive the following -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) object. -.ie n .IP """st-phase"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``st-phase'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "st-phase (OSSL_PROV_PARAM_SELF_TEST_PHASE) " -The value of the string is \*(L"Pass\*(R" if \fIret\fR is non zero, otherwise it has the -value \*(L"Fail\*(R". +\&\fBOSSL_PARAM\fR\|(3) object. +.IP """st\-phase"" (\fBOSSL_PROV_PARAM_SELF_TEST_PHASE\fR) " 4 +.IX Item """st-phase"" (OSSL_PROV_PARAM_SELF_TEST_PHASE) " +The value of the string is "Pass" if \fIret\fR is non zero, otherwise it has the +value "Fail". .PP After the callback \fIcb\fR has been called the values that were set by -\&\fBOSSL_SELF_TEST_onbegin()\fR for \fItype\fR and \fIdesc\fR are set to the value \*(L"None\*(R". +\&\fBOSSL_SELF_TEST_onbegin()\fR for \fItype\fR and \fIdesc\fR are set to the value "None". .PP If \fBOSSL_SELF_TEST_onbegin()\fR, \fBOSSL_SELF_TEST_oncorrupt_byte()\fR or -\&\fBOSSL_SELF_TEST_onend()\fR is called the following additional \s-1\fBOSSL_PARAM\s0\fR\|(3) are +\&\fBOSSL_SELF_TEST_onend()\fR is called the following additional \fBOSSL_PARAM\fR\|(3) are passed to the callback. -.ie n .IP """st-type"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``st-type'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "st-type (OSSL_PROV_PARAM_SELF_TEST_TYPE) " +.IP """st\-type"" (\fBOSSL_PROV_PARAM_SELF_TEST_TYPE\fR) " 4 +.IX Item """st-type"" (OSSL_PROV_PARAM_SELF_TEST_TYPE) " The value is setup by the \fItype\fR passed to \fBOSSL_SELF_TEST_onbegin()\fR. This allows the callback to identify the type of test being run. -.ie n .IP """st-desc"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``st-desc'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "st-desc (OSSL_PROV_PARAM_SELF_TEST_DESC) " +.IP """st\-desc"" (\fBOSSL_PROV_PARAM_SELF_TEST_DESC\fR) " 4 +.IX Item """st-desc"" (OSSL_PROV_PARAM_SELF_TEST_DESC) " The value is setup by the \fItype\fR passed to \fBOSSL_SELF_TEST_onbegin()\fR. This allows the callback to identify the sub category of the test being run. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_SELF_TEST_new()\fR returns the allocated \fB\s-1OSSL_SELF_TEST\s0\fR object, or \s-1NULL\s0 if +\&\fBOSSL_SELF_TEST_new()\fR returns the allocated \fBOSSL_SELF_TEST\fR object, or NULL if it fails. .PP \&\fBOSSL_SELF_TEST_oncorrupt_byte()\fR returns 1 if corruption occurs, otherwise it returns 0. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" A single self test could be set up in the following way: .PP @@ -270,22 +191,22 @@ \& EVP_MD_CTX_free(ctx); .Ve .PP -Multiple self test's can be set up in a similar way by repeating the pattern of +Multiple self test\*(Aqs can be set up in a similar way by repeating the pattern of \&\fBOSSL_SELF_TEST_onbegin()\fR, \fBOSSL_SELF_TEST_oncorrupt_byte()\fR, \fBOSSL_SELF_TEST_onend()\fR for each test. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOSSL_SELF_TEST_set_callback\fR\|(3), \&\fBopenssl\-core.h\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) -.SH "HISTORY" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_set_callback.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_set_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_SELF_TEST_SET_CALLBACK 3ossl" -.TH OSSL_SELF_TEST_SET_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_SELF_TEST_SET_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_SELF_TEST_set_callback, OSSL_SELF_TEST_get_callback \- specify a callback for processing self tests -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,11 +74,11 @@ \& void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *ctx, OSSL_CALLBACK *cb, void *cbarg); \& void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Set or gets the optional application callback (and the callback argument) that is called during self testing. -The application callback \s-1\fBOSSL_CALLBACK\s0\fR\|(3) is associated with a \fB\s-1OSSL_LIB_CTX\s0\fR. +The application callback \fBOSSL_CALLBACK\fR\|(3) is associated with a \fBOSSL_LIB_CTX\fR. The application callback function receives information about a running self test, and may return a result to the calling self test. See \fBopenssl\-core.h\fR\|(7) for further information on the callback. @@ -162,22 +87,22 @@ \&\fBOSSL_SELF_TEST_get_callback()\fR returns the callback and callback argument that has been set via \fBOSSL_SELF_TEST_set_callback()\fR for the given library context \&\fIctx\fR. -These returned parameters will be \s-1NULL\s0 if \fBOSSL_SELF_TEST_set_callback()\fR has +These returned parameters will be NULL if \fBOSSL_SELF_TEST_set_callback()\fR has not been called. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-core.h\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7) \&\fBOSSL_SELF_TEST_new\fR\|(3) -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBOSSL_LIB_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_STORE_INFO 3ossl" -.TH OSSL_STORE_INFO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_STORE_INFO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PUBKEY, @@ -152,7 +77,7 @@ OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL, OSSL_STORE_INFO_new, OSSL_STORE_INFO_get0_data \&\- Functions to manipulate OSSL_STORE_INFO objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -191,86 +116,87 @@ \& OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data); \& void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions are primarily useful for applications to retrieve -supported objects from \fB\s-1OSSL_STORE_INFO\s0\fR objects and for scheme specific -loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. -.SS "Types" +supported objects from \fBOSSL_STORE_INFO\fR objects and for scheme specific +loaders to create \fBOSSL_STORE_INFO\fR holders. +.SS Types .IX Subsection "Types" -\&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for +\&\fBOSSL_STORE_INFO\fR is an opaque type that\*(Aqs just an intermediary holder for the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar functions. Supported OpenSSL type object can be extracted using one of -STORE_INFO_get0_<\s-1TYPE\s0>() where <\s-1TYPE\s0> can be \s-1NAME, PARAMS, PKEY, CERT,\s0 or \s-1CRL.\s0 +STORE_INFO_get0_() where can be NAME, PARAMS, PKEY, CERT, or CRL. The life time of this extracted object is as long as the life time of -the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not +the \fBOSSL_STORE_INFO\fR it was extracted from, so care should be taken not to free the latter too early. -As an alternative, STORE_INFO_get1_<\s-1TYPE\s0>() extracts a duplicate (or the +As an alternative, STORE_INFO_get1_() extracts a duplicate (or the same object with its reference count increased), which can be used -after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. -The object returned by STORE_INFO_get1_<\s-1TYPE\s0>() must be freed separately +after the containing \fBOSSL_STORE_INFO\fR has been freed. +The object returned by STORE_INFO_get1_() must be freed separately by the caller. -See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are supported. -.SS "Functions" +See "SUPPORTED OBJECTS" for more information on the types that are supported. +.SS Functions .IX Subsection "Functions" -\&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 +\&\fBOSSL_STORE_INFO_get_type()\fR takes a \fBOSSL_STORE_INFO\fR and returns the STORE type number for the object inside. .PP -\&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a +\&\fBSTORE_INFO_get_type_string()\fR takes a STORE type number and returns a short string describing it. .PP \&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, \&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PUBKEY()\fR, \&\fBOSSL_STORE_INFO_get0_PKEY()\fR, \fBOSSL_STORE_INFO_get0_CERT()\fR, \&\fBOSSL_STORE_INFO_get0_CRL()\fR -all take a \fB\s-1OSSL_STORE_INFO\s0\fR and return the object it holds if the -\&\fB\s-1OSSL_STORE_INFO\s0\fR type (as returned by \fBOSSL_STORE_INFO_get_type()\fR) -matches the function, otherwise \s-1NULL.\s0 +all take a \fBOSSL_STORE_INFO\fR and return the object it holds if the +\&\fBOSSL_STORE_INFO\fR type (as returned by \fBOSSL_STORE_INFO_get_type()\fR) +matches the function, otherwise NULL. .PP \&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, \&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PUBKEY()\fR, \&\fBOSSL_STORE_INFO_get1_PKEY()\fR, \fBOSSL_STORE_INFO_get1_CERT()\fR and \&\fBOSSL_STORE_INFO_get1_CRL()\fR -all take a \fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate the object it -holds if the \fB\s-1OSSL_STORE_INFO\s0\fR type (as returned by -\&\fBOSSL_STORE_INFO_get_type()\fR) matches the function, otherwise \s-1NULL.\s0 +all take a \fBOSSL_STORE_INFO\fR and return a duplicate the object it +holds if the \fBOSSL_STORE_INFO\fR type (as returned by +\&\fBOSSL_STORE_INFO_get_type()\fR) matches the function, otherwise NULL. .PP -\&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. +\&\fBOSSL_STORE_INFO_free()\fR frees a \fBOSSL_STORE_INFO\fR and its contained type. +If the argument is NULL, nothing is done. .PP \&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR, , \fBOSSL_STORE_INFO_new_PUBKEY()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, \&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR -create a \fB\s-1OSSL_STORE_INFO\s0\fR object to hold the given input object. +create a \fBOSSL_STORE_INFO\fR object to hold the given input object. On success the input object is consumed. .PP -Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR objects, +Additionally, for \fBOSSL_STORE_INFO_NAME\fR objects, \&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra description. This description is meant to be human readable and should be used for information printout. .PP -\&\fBOSSL_STORE_INFO_new()\fR creates a \fB\s-1OSSL_STORE_INFO\s0\fR with an arbitrary \fItype\fR -number and \fIdata\fR structure. It's the responsibility of the caller to +\&\fBOSSL_STORE_INFO_new()\fR creates a \fBOSSL_STORE_INFO\fR with an arbitrary \fItype\fR +number and \fIdata\fR structure. It\*(Aqs the responsibility of the caller to define type numbers other than the ones defined by \fI\fR, and to handle freeing the associated data structure on their own. -\&\fIUsing type numbers that are defined by \fI\fI may cause +\&\fIUsing type numbers that are defined by may cause undefined behaviours, including crashes\fR. .PP \&\fBOSSL_STORE_INFO_get0_data()\fR returns the data pointer that was passed to \&\fBOSSL_STORE_INFO_new()\fR if \fItype\fR matches the type number in \fIinfo\fR. .PP \&\fBOSSL_STORE_INFO_new()\fR and \fBOSSL_STORE_INFO_get0_data()\fR may be useful for -applications that define their own \s-1STORE\s0 data, but must be used with care. +applications that define their own STORE data, but must be used with care. .SH "SUPPORTED OBJECTS" .IX Header "SUPPORTED OBJECTS" Currently supported object types are: -.IP "\s-1OSSL_STORE_INFO_NAME\s0" 4 +.IP OSSL_STORE_INFO_NAME 4 .IX Item "OSSL_STORE_INFO_NAME" A name is exactly that, a name. -It's like a name in a directory, but formatted as a complete \s-1URI.\s0 -For example, the path in \s-1URI\s0 \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file -named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fB\s-1OSSL_STORE_INFO_NAME\s0\fR -object would have the \s-1URI\s0 \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be +It\*(Aqs like a name in a directory, but formatted as a complete URI. +For example, the path in URI \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file +named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fBOSSL_STORE_INFO_NAME\fR +object would have the URI \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be used by the application to get the objects in that file. This can be applied to all schemes that can somehow support a listing of object URIs. @@ -280,70 +206,70 @@ given and that path has the file \f(CW\*(C`cookie.pem\*(C'\fR, the name \&\f(CW\*(C`/foo/bar/cookie.pem\*(C'\fR will be returned. .Sp -The returned \s-1URI\s0 is considered canonical and must be unique and permanent +The returned URI is considered canonical and must be unique and permanent for the storage where the object (or collection of objects) resides. Each loader is responsible for ensuring that it only returns canonical URIs. -However, it's possible that certain schemes allow an object (or collection -thereof) to be reached with alternative URIs; just because one \s-1URI\s0 is -canonical doesn't mean that other variants can't be used. +However, it\*(Aqs possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one URI is +canonical doesn\*(Aqt mean that other variants can\*(Aqt be used. .Sp At the discretion of the loader that was used to get these names, an extra description may be attached as well. -.IP "\s-1OSSL_STORE_INFO_PARAMS\s0" 4 +.IP OSSL_STORE_INFO_PARAMS 4 .IX Item "OSSL_STORE_INFO_PARAMS" Key parameters. -.IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 +.IP OSSL_STORE_INFO_PKEY 4 .IX Item "OSSL_STORE_INFO_PKEY" A keypair or just a private key (possibly with key parameters). -.IP "\s-1OSSL_STORE_INFO_PUBKEY\s0" 4 +.IP OSSL_STORE_INFO_PUBKEY 4 .IX Item "OSSL_STORE_INFO_PUBKEY" A public key (possibly with key parameters). -.IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 +.IP OSSL_STORE_INFO_CERT 4 .IX Item "OSSL_STORE_INFO_CERT" An X.509 certificate. -.IP "\s-1OSSL_STORE_INFO_CRL\s0" 4 +.IP OSSL_STORE_INFO_CRL 4 .IX Item "OSSL_STORE_INFO_CRL" A X.509 certificate revocation list. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given -\&\fB\s-1OSSL_STORE_INFO\s0\fR. +\&\fBOSSL_STORE_INFO_get_type()\fR returns the STORE type number of the given +\&\fBOSSL_STORE_INFO\fR. There is no error value. .PP \&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, \&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, \&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return -a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. +a pointer to the OpenSSL object on success, NULL otherwise. .PP \&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, \&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, \&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all return -a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. +a pointer to a duplicate of the OpenSSL object on success, NULL otherwise. .PP -\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \s-1NULL\s0 on +\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or NULL on failure. .PP \&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR, \&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and -\&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR -pointer on success, or \s-1NULL\s0 on failure. +\&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fBOSSL_STORE_INFO\fR +pointer on success, or NULL on failure. .PP \&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1OSSL_STORE API\s0 was added in OpenSSL 1.1.1. +The OSSL_STORE API was added in OpenSSL 1.1.1. .PP -The \s-1OSSL_STORE_INFO_PUBKEY\s0 object type was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OSSL_STORE_INFO_PUBKEY object type was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_STORE_LOADER 3ossl" -.TH OSSL_STORE_LOADER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_STORE_LOADER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_STORE_LOADER, OSSL_STORE_LOADER_fetch, OSSL_STORE_LOADER_up_ref, @@ -163,7 +88,7 @@ OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn \- Types and functions to manipulate, register and unregister STORE loaders for different URI schemes -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -191,7 +116,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 5 @@ -244,20 +169,19 @@ \& typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); \& int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, \& OSSL_STORE_close_fn store_close_function); -\& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); \& \& int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); \& OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fB\s-1OSSL_STORE_LOADER\s0\fR is a method for \s-1OSSL_STORE\s0 loaders, which implement +\&\fBOSSL_STORE_LOADER\fR is a method for OSSL_STORE loaders, which implement \&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_open_ex()\fR, \fBOSSL_STORE_load()\fR, \&\fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_close()\fR for specific storage schemes. .PP \&\fBOSSL_STORE_LOADER_fetch()\fR looks for an implementation for a storage -\&\fIscheme\fR within the providers that has been loaded into the \fB\s-1OSSL_LIB_CTX\s0\fR +\&\fIscheme\fR within the providers that has been loaded into the \fBOSSL_LIB_CTX\fR given by \fIlibctx\fR, and with the properties given by \fIproperties\fR. .PP \&\fBOSSL_STORE_LOADER_up_ref()\fR increments the reference count for the given @@ -265,6 +189,7 @@ .PP \&\fBOSSL_STORE_LOADER_free()\fR decrements the reference count for the given \&\fIloader\fR, and when the count reaches zero, frees it. +If the argument is NULL, nothing is done. .PP \&\fBOSSL_STORE_LOADER_get0_provider()\fR returns the provider of the given \&\fIloader\fR. @@ -273,7 +198,7 @@ with the given \fIloader\fR. .PP \&\fBOSSL_STORE_LOADER_is_a()\fR checks if \fIloader\fR is an implementation -of an algorithm that's identifiable with \fIscheme\fR. +of an algorithm that\*(Aqs identifiable with \fIscheme\fR. .PP \&\fBOSSL_STORE_LOADER_get0_description()\fR returns a description of the \fIloader\fR, meant for display and human consumption. The description is at the discretion of the @@ -292,97 +217,97 @@ schemes they support. These are all deprecated and discouraged in favour of provider implementations, see \fBprovider\-storemgmt\fR\|(7). .PP -\&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader +\&\fBOSSL_STORE_LOADER_CTX\fR is a type template, to be defined by each loader using \f(CW\*(C`struct ossl_store_loader_ctx_st { ... }\*(C'\fR. .PP \&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_open_ex_fn\fR, \&\fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, \fBOSSL_STORE_find_fn\fR, \&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, and \fBOSSL_STORE_close_fn\fR -are the function pointer types used within a \s-1STORE\s0 loader. +are the function pointer types used within a STORE loader. The functions pointed at define the functionality of the given loader. .IP "\fBOSSL_STORE_open_fn\fR and \fBOSSL_STORE_open_ex_fn\fR" 4 .IX Item "OSSL_STORE_open_fn and OSSL_STORE_open_ex_fn" -\&\fBOSSL_STORE_open_ex_fn\fR takes a \s-1URI\s0 and is expected to +\&\fBOSSL_STORE_open_ex_fn\fR takes a URI and is expected to interpret it in the best manner possible according to the scheme the -loader implements. It also takes a \fB\s-1UI_METHOD\s0\fR and associated data, +loader implements. It also takes a \fBUI_METHOD\fR and associated data, to be used any time something needs to be prompted for, as well as a library context \fIlibctx\fR with an associated property query \fIpropq\fR, to be used when fetching necessary algorithms to perform the loads. Furthermore, this function is expected to initialize what needs to be -initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, +initialized, to create a private data store (\fBOSSL_STORE_LOADER_CTX\fR, see above), and to return it. -If something goes wrong, this function is expected to return \s-1NULL.\s0 +If something goes wrong, this function is expected to return NULL. .Sp \&\fBOSSL_STORE_open_fn\fR does the same thing as -\&\fBOSSL_STORE_open_ex_fn\fR but uses \s-1NULL\s0 for the library +\&\fBOSSL_STORE_open_ex_fn\fR but uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. -.IP "\fBOSSL_STORE_attach_fn\fR" 4 +.IP \fBOSSL_STORE_attach_fn\fR 4 .IX Item "OSSL_STORE_attach_fn" -This function takes a \fB\s-1BIO\s0\fR, otherwise works like +This function takes a \fBBIO\fR, otherwise works like \&\fBOSSL_STORE_open_ex_fn\fR. -.IP "\fBOSSL_STORE_ctrl_fn\fR" 4 +.IP \fBOSSL_STORE_ctrl_fn\fR 4 .IX Item "OSSL_STORE_ctrl_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number +This function takes a \fBOSSL_STORE_LOADER_CTX\fR pointer, a command number \&\fIcmd\fR and a \fBva_list\fR \fIargs\fR and is used to manipulate loader specific parameters. .Sp -Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. +Loader specific command numbers must begin at \fBOSSL_STORE_C_CUSTOM_START\fR. Any number below that is reserved for future globally known command numbers. .Sp This function is expected to return 1 on success, 0 on error. -.IP "\fBOSSL_STORE_expect_fn\fR" 4 +.IP \fBOSSL_STORE_expect_fn\fR 4 .IX Item "OSSL_STORE_expect_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR +This function takes a \fBOSSL_STORE_LOADER_CTX\fR pointer and a \fBOSSL_STORE_INFO\fR identity \fIexpected\fR, and is used to tell the loader what object type is expected. \&\fIexpected\fR may be zero to signify that no specific object type is expected. .Sp This function is expected to return 1 on success, 0 on error. -.IP "\fBOSSL_STORE_find_fn\fR" 4 +.IP \fBOSSL_STORE_find_fn\fR 4 .IX Item "OSSL_STORE_find_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what +This function takes a \fBOSSL_STORE_LOADER_CTX\fR pointer and a +\&\fBOSSL_STORE_SEARCH\fR search criterion, and is used to tell the loader what to search for. .Sp -When called with the loader context being \s-1NULL,\s0 this function is expected +When called with the loader context being NULL, this function is expected to return 1 if the loader supports the criterion, otherwise 0. .Sp -When called with the loader context being something other than \s-1NULL,\s0 this +When called with the loader context being something other than NULL, this function is expected to return 1 on success, 0 on error. -.IP "\fBOSSL_STORE_load_fn\fR" 4 +.IP \fBOSSL_STORE_load_fn\fR 4 .IX Item "OSSL_STORE_load_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI_METHOD\s0\fR +This function takes a \fBOSSL_STORE_LOADER_CTX\fR pointer and a \fBUI_METHOD\fR with associated data. -It's expected to load the next available data, mold it into a data -structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the -\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3) functions. +It\*(Aqs expected to load the next available data, mold it into a data +structure that can be wrapped in a \fBOSSL_STORE_INFO\fR using one of the +\&\fBOSSL_STORE_INFO\fR\|(3) functions. If no more data is available or an error occurs, this function is -expected to return \s-1NULL.\s0 +expected to return NULL. The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if it was in fact the end of data or if an error occurred. .Sp Note that this function retrieves \fIone\fR data item only. -.IP "\fBOSSL_STORE_eof_fn\fR" 4 +.IP \fBOSSL_STORE_eof_fn\fR 4 .IX Item "OSSL_STORE_eof_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +This function takes a \fBOSSL_STORE_LOADER_CTX\fR pointer and is expected to return 1 to indicate that the end of available data has been reached. It is otherwise expected to return 0. -.IP "\fBOSSL_STORE_error_fn\fR" 4 +.IP \fBOSSL_STORE_error_fn\fR 4 .IX Item "OSSL_STORE_error_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +This function takes a \fBOSSL_STORE_LOADER_CTX\fR pointer and is expected to return 1 to indicate that an error occurred in a previous call to the \&\fBOSSL_STORE_load_fn\fR function. It is otherwise expected to return 0. -.IP "\fBOSSL_STORE_close_fn\fR" 4 +.IP \fBOSSL_STORE_close_fn\fR 4 .IX Item "OSSL_STORE_close_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +This function takes a \fBOSSL_STORE_LOADER_CTX\fR pointer and is expected to close or shut down what needs to be closed, and finally free the -contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. +contents of the \fBOSSL_STORE_LOADER_CTX\fR pointer. It returns 1 on success and 0 on error. .PP -\&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. -It takes an \fB\s-1ENGINE\s0\fR \fIe\fR and a string \fIscheme\fR. +\&\fBOSSL_STORE_LOADER_new()\fR creates a new \fBOSSL_STORE_LOADER\fR. +It takes an \fBENGINE\fR \fIe\fR and a string \fIscheme\fR. \&\fIscheme\fR must \fIalways\fR be set. Both \fIe\fR and \fIscheme\fR are used as is and must therefore be alive as long as the created loader is. @@ -415,6 +340,7 @@ \&\fIstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_free()\fR frees the given \fIstore_loader\fR. +If the argument is NULL, nothing is done. .PP \&\fBOSSL_STORE_register_loader()\fR register the given \fIstore_loader\fR and thereby makes it available for use with \fBOSSL_STORE_open()\fR, @@ -425,27 +351,27 @@ \&\fIscheme\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_STORE_LOADER_fetch()\fR returns a pointer to an \s-1OSSL_STORE_LOADER\s0 object, -or \s-1NULL\s0 on error. +\&\fBOSSL_STORE_LOADER_fetch()\fR returns a pointer to an OSSL_STORE_LOADER object, +or NULL on error. .PP \&\fBOSSL_STORE_LOADER_up_ref()\fR returns 1 on success, or 0 on error. .PP \&\fBOSSL_STORE_LOADER_names_do_all()\fR returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. .PP -\&\fBOSSL_STORE_LOADER_free()\fR doesn't return any value. +\&\fBOSSL_STORE_LOADER_free()\fR doesn\*(Aqt return any value. .PP \&\fBOSSL_STORE_LOADER_get0_provider()\fR returns a pointer to a provider object, or -\&\s-1NULL\s0 on error. +NULL on error. .PP \&\fBOSSL_STORE_LOADER_get0_properties()\fR returns a pointer to a property -definition string, or \s-1NULL\s0 on error. +definition string, or NULL on error. .PP \&\fBOSSL_STORE_LOADER_is_a()\fR returns 1 if \fIloader\fR was identifiable, otherwise 0. .PP -\&\fBOSSL_STORE_LOADER_get0_description()\fR returns a pointer to a description, or \s-1NULL\s0 if -there isn't one. +\&\fBOSSL_STORE_LOADER_get0_description()\fR returns a pointer to a description, or NULL if +there isn\*(Aqt one. .PP The functions with the types \fBOSSL_STORE_open_fn\fR, \&\fBOSSL_STORE_open_ex_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, @@ -454,8 +380,8 @@ \&\fBOSSL_STORE_open_ex()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, \&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively. .PP -\&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, -or \s-1NULL\s0 on failure. +\&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fBOSSL_STORE_LOADER\fR on success, +or NULL on failure. .PP \&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_open_ex()\fR, \&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, @@ -465,38 +391,42 @@ \&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. .PP \&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, -or \s-1NULL\s0 on failure. +or NULL on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3), +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_LIB_CTX\fR\|(3), \&\fBprovider\-storemgmt\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOSSL_STORE_LOADER_fetch()\fR, \fBOSSL_STORE_LOADER_up_ref()\fR, -\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_LOADER_get0_provider()\fR, -\&\fBOSSL_STORE_LOADER_get0_properties()\fR, \fBOSSL_STORE_LOADER_is_a()\fR, -\&\fBOSSL_STORE_LOADER_do_all_provided()\fR and -\&\fBOSSL_STORE_LOADER_names_do_all()\fR were added in OpenSSL 3.0. +\&\fBOSSL_STORE_LOADER_get0_provider()\fR, \fBOSSL_STORE_LOADER_get0_properties()\fR, +\&\fBOSSL_STORE_LOADER_get0_description()\fR, \fBOSSL_STORE_LOADER_is_a()\fR, +\&\fBOSSL_STORE_LOADER_do_all_provided()\fR and \fBOSSL_STORE_LOADER_names_do_all()\fR +were added in OpenSSL 3.0. +.PP +\&\fBOSSL_STORE_LOADER\fR and \fBOSSL_STORE_LOADER_free()\fR were added in OpenSSL +1.1.1. .PP -\&\fBOSSL_STORE_open_ex_fn()\fR was added in OpenSSL 3.0. +\&\fBOSSL_STORE_LOADER_set_open_ex()\fR and \fBOSSL_STORE_open_ex_fn()\fR were added in +OpenSSL 3.0, and are deprecated. .PP -\&\fB\s-1OSSL_STORE_LOADER\s0\fR, \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, \fBOSSL_STORE_LOADER_new()\fR, +\&\fBOSSL_STORE_LOADER_CTX\fR, \fBOSSL_STORE_LOADER_new()\fR, \&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_get0_scheme()\fR, \&\fBOSSL_STORE_LOADER_get0_engine()\fR, \fBOSSL_STORE_LOADER_set_expect()\fR, \&\fBOSSL_STORE_LOADER_set_find()\fR, \fBOSSL_STORE_LOADER_set_attach()\fR, \&\fBOSSL_STORE_LOADER_set_open_ex()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, \&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR, -\&\fBOSSL_STORE_LOADER_set_close()\fR, \fBOSSL_STORE_LOADER_free()\fR, +\&\fBOSSL_STORE_LOADER_set_close()\fR, \&\fBOSSL_STORE_register_loader()\fR, \fBOSSL_STORE_LOADER_set_error()\fR, \&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR, \&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR were added in OpenSSL 1.1.1, and became deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_STORE_SEARCH 3ossl" -.TH OSSL_STORE_SEARCH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_STORE_SEARCH 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, @@ -152,7 +77,7 @@ OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest \&\- Type and functions to create OSSL_STORE search criteria -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -180,21 +105,21 @@ \& const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH \& *criterion); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions are used to specify search criteria to help search for specific -objects through other names than just the \s-1URI\s0 that's given to \fBOSSL_STORE_open()\fR. -For example, this can be useful for an application that has received a \s-1URI\s0 +objects through other names than just the URI that\*(Aqs given to \fBOSSL_STORE_open()\fR. +For example, this can be useful for an application that has received a URI and then wants to add on search criteria in a uniform and supported manner. -.SS "Types" +.SS Types .IX Subsection "Types" -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search -criterion, and that can be given to an \s-1OSSL_STORE\s0 context with +\&\fBOSSL_STORE_SEARCH\fR is an opaque type that holds the constructed search +criterion, and that can be given to an OSSL_STORE context with \&\fBOSSL_STORE_find()\fR. .PP -The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all +The calling application owns the allocation of an \fBOSSL_STORE_SEARCH\fR at all times, and should therefore be careful not to deallocate it before -\&\fBOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given +\&\fBOSSL_STORE_close()\fR has been called for the OSSL_STORE context it was given to. .SS "Application Functions" .IX Subsection "Application Functions" @@ -202,56 +127,57 @@ \&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, \&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, and \fBOSSL_STORE_SEARCH_by_alias()\fR -are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name +are used to create an \fBOSSL_STORE_SEARCH\fR from a subject name, an issuer name and serial number pair, a key fingerprint, and an alias (for example a friendly name). The parameters that are provided are not copied, only referred to in a criterion, so they must have at least the same life time as the created -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +\&\fBOSSL_STORE_SEARCH\fR. .PP -\&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. +\&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fBOSSL_STORE_SEARCH\fR. +If the argument is NULL, nothing is done. .SS "Loader Functions" .IX Subsection "Loader Functions" \&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +\&\fBOSSL_STORE_SEARCH\fR. .PP \&\fBOSSL_STORE_SEARCH_get0_name()\fR, \fBOSSL_STORE_SEARCH_get0_serial()\fR, \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, \fBOSSL_STORE_SEARCH_get0_string()\fR, and \fBOSSL_STORE_SEARCH_get0_digest()\fR -are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as +are used to retrieve different data from a \fBOSSL_STORE_SEARCH\fR, as available for each type. -For more information, see \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 below. +For more information, see "SUPPORTED CRITERION TYPES" below. .SH "SUPPORTED CRITERION TYPES" .IX Header "SUPPORTED CRITERION TYPES" Currently supported criterion types are: -.IP "\s-1OSSL_STORE_SEARCH_BY_NAME\s0" 4 +.IP OSSL_STORE_SEARCH_BY_NAME 4 .IX Item "OSSL_STORE_SEARCH_BY_NAME" This criterion supports a search by exact match of subject name. The subject name itself is a \fBX509_NAME\fR pointer. A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_name()\fR, and the actual subject name is retrieved with \fBOSSL_STORE_SEARCH_get0_name()\fR. -.IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 +.IP OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 4 .IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" This criterion supports a search by exact match of both issuer name and serial number. The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is -a \fB\s-1ASN1_INTEGER\s0\fR pointer. +a \fBASN1_INTEGER\fR pointer. A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_issuer_serial()\fR and the actual issuer name and serial number are retrieved with \&\fBOSSL_STORE_SEARCH_get0_name()\fR and \fBOSSL_STORE_SEARCH_get0_serial()\fR. -.IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 +.IP OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 4 .IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" This criterion supports a search by exact match of key fingerprint. The key fingerprint in itself is a string of bytes and its length, as well as the algorithm that was used to compute the fingerprint. -The digest may be left unspecified (\s-1NULL\s0), and in that case, the +The digest may be left unspecified (NULL), and in that case, the loader has to decide on a default digest and compare fingerprints accordingly. A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR and the actual fingerprint and its length can be retrieved with \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR. The digest can be retrieved with \fBOSSL_STORE_SEARCH_get0_digest()\fR. -.IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 +.IP OSSL_STORE_SEARCH_BY_ALIAS 4 .IX Item "OSSL_STORE_SEARCH_BY_ALIAS" This criterion supports a search by match of an alias of some kind. The alias in itself is a simple C string. @@ -263,34 +189,34 @@ \&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, \&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, and \fBOSSL_STORE_SEARCH_by_alias()\fR -return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \s-1NULL\s0 on failure. +return a \fBOSSL_STORE_SEARCH\fR pointer on success, or NULL on failure. .PP \&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +\&\fBOSSL_STORE_SEARCH\fR. There is no error value. .PP \&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, -or \s-1NULL\s0 when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +or NULL when the given \fBOSSL_STORE_SEARCH\fR was of a different type. .PP -\&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, -or \s-1NULL\s0 when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fBASN1_INTEGER\fR pointer on success, +or NULL when the given \fBOSSL_STORE_SEARCH\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and -sets \fI*length\fR to the strings length on success, or \s-1NULL\s0 when the given -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +sets \fI*length\fR to the strings length on success, or NULL when the given +\&\fBOSSL_STORE_SEARCH\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, -or \s-1NULL\s0 when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +or NULL when the given \fBOSSL_STORE_SEARCH\fR was of a different type. .PP -\&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. -\&\s-1NULL\s0 is a valid value and means that the store loader default will +\&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst EVP_MD\fR pointer. +NULL is a valid value and means that the store loader default will be used when applicable. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \fBOSSL_STORE_supports_search\fR\|(3), \fBOSSL_STORE_find\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR, +\&\fBOSSL_STORE_SEARCH\fR, \&\fBOSSL_STORE_SEARCH_by_name()\fR, \&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, \&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, @@ -302,11 +228,11 @@ \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, and \fBOSSL_STORE_SEARCH_get0_string()\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_STORE_attach.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_STORE_attach.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_STORE_ATTACH 3ossl" -.TH OSSL_STORE_ATTACH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_STORE_ATTACH 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_STORE_attach \- Functions to read objects from a BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,27 +77,27 @@ \& OSSL_STORE_post_process_info_fn post_process, \& void *post_process_data); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBOSSL_STORE_attach()\fR works like \fBOSSL_STORE_open\fR\|(3), except it takes a \fB\s-1BIO\s0\fR +\&\fBOSSL_STORE_attach()\fR works like \fBOSSL_STORE_open\fR\|(3), except it takes a \fBBIO\fR \&\fIbio\fR instead of a \fIuri\fR, along with a \fIscheme\fR to determine what loader -should be used to process the data. The reference count of the \fB\s-1BIO\s0\fR object +should be used to process the data. The reference count of the \fBBIO\fR object is increased by 1 if the call is successful. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_STORE_attach()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or -\&\s-1NULL\s0 on failure. +\&\fBOSSL_STORE_attach()\fR returns a pointer to a \fBOSSL_STORE_CTX\fR on success, or +NULL on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOSSL_STORE_attach()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_STORE_EXPECT 3ossl" -.TH OSSL_STORE_EXPECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_STORE_EXPECT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what object type is expected -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,32 +79,32 @@ \& \& int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns -by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. +by specifying a \fBOSSL_STORE_INFO\fR type. By default, no expectations on the types of objects to be loaded are made. \&\fIexpected_type\fR may be 0 to indicate explicitly that no expectation is made, or it may be any of the known object types (see -\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR. +"SUPPORTED OBJECTS" in \fBOSSL_STORE_INFO\fR\|(3)) except for \fBOSSL_STORE_INFO_NAME\fR. For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several objects of different type and only certificates are interesting, the application can simply say -that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. +that it expects the type \fBOSSL_STORE_INFO_CERT\fR. .PP \&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine grained search of objects. .PP -\&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 +\&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given OSSL_STORE context supports the given search type. -See \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 in \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3) for information on the +See "SUPPORTED CRITERION TYPES" in \fBOSSL_STORE_SEARCH\fR\|(3) for information on the supported search criterion types. .PP \&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first \&\fBOSSL_STORE_load()\fR of a given session, or they will fail. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" If a more elaborate filter is required by the application, a better choice -would be to use a post-processing function. +would be to use a post\-processing function. See \fBOSSL_STORE_open\fR\|(3) for more information. .PP However, some loaders may take advantage of the knowledge of an expected type @@ -195,17 +120,17 @@ \&\fBOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3), +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_INFO\fR\|(3), \fBOSSL_STORE_SEARCH\fR\|(3), \&\fBOSSL_STORE_load\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOSSL_STORE_expect()\fR, \fBOSSL_STORE_supports_search()\fR and \fBOSSL_STORE_find()\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_STORE_open.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_STORE_OPEN 3ossl" -.TH OSSL_STORE_OPEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_STORE_OPEN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_open_ex, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close \&\- Types and functions to read objects from a URI -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -172,91 +97,91 @@ .Ve .PP The following function has been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions help the application to fetch supported objects (see -\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) -from a given \s-1URI.\s0 -The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR, +"SUPPORTED OBJECTS" in \fBOSSL_STORE_INFO\fR\|(3) for information on which those are) +from a given URI. +The general method to do so is to "open" the URI using \fBOSSL_STORE_open()\fR, read each available and supported object using \fBOSSL_STORE_load()\fR as long as -\&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR. +\&\fBOSSL_STORE_eof()\fR hasn\*(Aqt been reached, and finish it off with \fBOSSL_STORE_close()\fR. .PP -The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further -described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). -.SS "Types" +The retrieved information is stored in a \fBOSSL_STORE_INFO\fR, which is further +described in \fBOSSL_STORE_INFO\fR\|(3). +.SS Types .IX Subsection "Types" -\&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal +\&\fBOSSL_STORE_CTX\fR is a context variable that holds all the internal information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_open_ex()\fR, \&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR to work together. -.SS "Functions" +.SS Functions .IX Subsection "Functions" -\&\fBOSSL_STORE_open_ex()\fR takes a uri or path \fIuri\fR, password \s-1UI\s0 method +\&\fBOSSL_STORE_open_ex()\fR takes a uri or path \fIuri\fR, password UI method \&\fIui_method\fR with associated data \fIui_data\fR, and post processing callback \fIpost_process\fR with associated data \fIpost_process_data\fR, a library context \fIlibctx\fR with an associated property query \fIpropq\fR, -and opens a channel to the data located at the \s-1URI\s0 and returns a -\&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. +and opens a channel to the data located at the URI and returns a +\&\fBOSSL_STORE_CTX\fR with all necessary internal information. The given \fIui_method\fR and \fIui_data\fR will be reused by all -functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed, +functions that use \fBOSSL_STORE_CTX\fR when interaction is needed, for instance to provide a password. -The auxiliary \s-1\fBOSSL_PARAM\s0\fR\|(3) parameters in \fIparams\fR can be set to further +The auxiliary \fBOSSL_PARAM\fR\|(3) parameters in \fIparams\fR can be set to further modify the store operation. The given \fIpost_process\fR and \fIpost_process_data\fR will be reused by \&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. -The \fIpost_process\fR function drops values by returning \s-1NULL,\s0 which +The \fIpost_process\fR function drops values by returning NULL, which will cause \fBOSSL_STORE_load()\fR to start its process over with loading the next object, until \fIpost_process\fR returns something other than -\&\s-1NULL,\s0 or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. +NULL, or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. .PP -\&\fBOSSL_STORE_open()\fR is similar to \fBOSSL_STORE_open_ex()\fR but uses \s-1NULL\s0 for +\&\fBOSSL_STORE_open()\fR is similar to \fBOSSL_STORE_open_ex()\fR but uses NULL for the \fIparams\fR, the library context \fIlibctx\fR and property query \fIpropq\fR. .PP -\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fIcmd\fR and +\&\fBOSSL_STORE_ctrl()\fR takes a \fBOSSL_STORE_CTX\fR, and command number \fIcmd\fR and more arguments not specified here. The available loader specific command numbers and arguments they each -take depends on the loader that's used and is documented together with +take depends on the loader that\*(Aqs used and is documented together with that loader. .PP There are also global controls available: -.IP "\fB\s-1OSSL_STORE_C_USE_SECMEM\s0\fR" 4 +.IP \fBOSSL_STORE_C_USE_SECMEM\fR 4 .IX Item "OSSL_STORE_C_USE_SECMEM" Controls if the loader should attempt to use secure memory for any -allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. +allocated \fBOSSL_STORE_INFO\fR and its contents. This control expects one argument, a pointer to an \fIint\fR that is expected to have the value 1 (yes) or 0 (no). Any other value is an error. .PP -\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and tries to load the next -available object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. +\&\fBOSSL_STORE_load()\fR takes a \fBOSSL_STORE_CTX\fR and tries to load the next +available object and return it wrapped with \fBOSSL_STORE_INFO\fR. .PP -\&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end +\&\fBOSSL_STORE_eof()\fR takes a \fBOSSL_STORE_CTX\fR and checks if we\*(Aqve reached the end of data. .PP -\&\fBOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in +\&\fBOSSL_STORE_error()\fR takes a \fBOSSL_STORE_CTX\fR and checks if an error occurred in the last \fBOSSL_STORE_load()\fR call. Note that it may still be meaningful to try and load more objects, unless \&\fBOSSL_STORE_eof()\fR shows that the end of data has been reached. .PP -\&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened +\&\fBOSSL_STORE_close()\fR takes a \fBOSSL_STORE_CTX\fR, closes the channel that was opened by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the -\&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. -If \fIctx\fR is \s-1NULL\s0 it does nothing. -.SH "NOTES" +\&\fBOSSL_STORE_CTX\fR, as well as the \fBOSSL_STORE_CTX\fR itself. +If \fIctx\fR is NULL it does nothing. +.SH NOTES .IX Header "NOTES" -A string without a scheme prefix (that is, a non-URI string) is +A string without a scheme prefix (that is, a non\-URI string) is implicitly interpreted as using the \fIfile:\fR scheme. .PP There are some tools that can be used together with \&\fBOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable -\&\s-1URI,\s0 or if it's a different error (such as memory allocation -failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the +URI, or if it\*(Aqs a different error (such as memory allocation +failures); if the URI was parsable but the scheme unregistered, the top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. .PP These functions make no direct assumption regarding the pass phrase received @@ -268,13 +193,13 @@ See \fBpassphrase\-encoding\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or -\&\s-1NULL\s0 on failure. +\&\fBOSSL_STORE_open()\fR returns a pointer to a \fBOSSL_STORE_CTX\fR on success, or +NULL on failure. .PP -\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or \s-1NULL\s0 +\&\fBOSSL_STORE_load()\fR returns a pointer to a \fBOSSL_STORE_INFO\fR on success, or NULL on error or when end of data is reached. Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a -returned \s-1NULL.\s0 +returned NULL. .PP \&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached or an error occurred, 0 otherwise. @@ -285,27 +210,27 @@ \&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3), +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_INFO\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOSSL_STORE_open_ex()\fR was added in OpenSSL 3.0. .PP -\&\fB\s-1OSSL_STORE_CTX\s0\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, +\&\fBOSSL_STORE_CTX\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, \&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR were added in OpenSSL 1.1.1. .PP -Handling of \s-1NULL\s0 \fIctx\fR argument for \fBOSSL_STORE_close()\fR +Handling of NULL \fIctx\fR argument for \fBOSSL_STORE_close()\fR was introduced in OpenSSL 1.1.1h. .PP \&\fBOSSL_STORE_open_ex()\fR was added in OpenSSL 3.0. .PP \&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_vctrl()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_trace_enabled.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_trace_enabled.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_TRACE_ENABLED 3ossl" -.TH OSSL_TRACE_ENABLED 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_TRACE_ENABLED 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_trace_enabled, OSSL_trace_begin, OSSL_trace_end, OSSL_TRACE_BEGIN, OSSL_TRACE_END, OSSL_TRACE_CANCEL, OSSL_TRACE, OSSL_TRACE1, OSSL_TRACE2, OSSL_TRACE3, OSSL_TRACE4, @@ -146,7 +71,7 @@ OSSL_TRACEV, OSSL_TRACE_ENABLED \&\- OpenSSL Tracing API -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -178,52 +103,53 @@ \& ... \& } .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functions described here are mainly interesting for those who provide OpenSSL functionality, either in OpenSSL itself or in engine modules or similar. .PP -If tracing is enabled (see \*(L"\s-1NOTES\*(R"\s0 below), these functions are used to +If tracing is enabled (see "NOTES" below), these functions are used to generate free text tracing output. .PP The tracing output is divided into types which are enabled individually by the application. The tracing types are described in detail in -\&\*(L"Trace types\*(R" in \fBOSSL_trace_set_callback\fR\|(3). -The fallback type \fB\s-1OSSL_TRACE_CATEGORY_ALL\s0\fR should \fInot\fR be used +"Trace types" in \fBOSSL_trace_set_callback\fR\|(3). +The fallback type \fBOSSL_TRACE_CATEGORY_ALL\fR should \fInot\fR be used with the functions described here. .PP Tracing for a specific category is enabled if a so called \&\fItrace channel\fR is attached to it. A trace channel is simply a -\&\s-1BIO\s0 object to which the application can write its trace output. +BIO object to which the application can write its trace output. .PP The application has two different ways of registering a trace channel, -either by directly providing a \s-1BIO\s0 object using \fBOSSL_trace_set_channel()\fR, +either by directly providing a BIO object using \fBOSSL_trace_set_channel()\fR, or by providing a callback routine using \fBOSSL_trace_set_callback()\fR. -The latter is wrapped internally by a dedicated \s-1BIO\s0 object, so for the +The latter is wrapped internally by a dedicated BIO object, so for the tracing code both channel types are effectively indistinguishable. We call them a \fIsimple trace channel\fR and a \fIcallback trace channel\fR, respectively. .PP To produce trace output, it is necessary to obtain a pointer to the -trace channel (i.e., the \s-1BIO\s0 object) using \fBOSSL_trace_begin()\fR, write -to it using arbitrary \s-1BIO\s0 output routines, and finally releases the +trace channel (i.e., the BIO object) using \fBOSSL_trace_begin()\fR, write +to it using arbitrary BIO output routines, and finally releases the channel using \fBOSSL_trace_end()\fR. The \fBOSSL_trace_begin()\fR/\fBOSSL_trace_end()\fR calls surrounding the trace output create a group, which acts as a critical section (guarded by a mutex) to ensure that the trace output of different threads does not get mixed up. .PP The tracing code normally does not call OSSL_trace_{begin,end}() directly, -but rather uses a set of convenience macros, see the \*(L"Macros\*(R" section below. -.SS "Functions" +but rather uses a set of convenience macros, see the "Macros" section below. +.SS Functions .IX Subsection "Functions" \&\fBOSSL_trace_enabled()\fR can be used to check if tracing for the given \&\fIcategory\fR is enabled. .PP -\&\fBOSSL_trace_begin()\fR is used to starts a tracing section, and get the -channel for the given \fIcategory\fR in form of a \s-1BIO.\s0 -This \s-1BIO\s0 can only be used for output. +\&\fBOSSL_trace_begin()\fR is used to start a tracing section, +and get the channel for the given \fIcategory\fR in form of a BIO. +This BIO can only be used for output. +The pointer returned is NULL if the category is invalid or not enabled. .PP \&\fBOSSL_trace_end()\fR is used to end a tracing section. .PP @@ -231,12 +157,12 @@ is \fImandatory\fR. The result of trying to produce tracing output outside of such sections is undefined. -.SS "Macros" +.SS Macros .IX Subsection "Macros" There are a number of convenience macros defined, to make tracing easy and consistent. .PP -\&\s-1\fBOSSL_TRACE_BEGIN\s0()\fR and \s-1\fBOSSL_TRACE_END\s0()\fR reserve the \fB\s-1BIO\s0\fR \f(CW\*(C`trc_out\*(C'\fR and are +\&\fBOSSL_TRACE_BEGIN()\fR and \fBOSSL_TRACE_END()\fR reserve the \fBBIO\fR \f(CW\*(C`trc_out\*(C'\fR and are used as follows to wrap a trace section: .PP .Vb 1 @@ -260,7 +186,7 @@ \& } while (0); .Ve .PP -\&\s-1\fBOSSL_TRACE_CANCEL\s0()\fR must be used before returning from or jumping out of a +\&\fBOSSL_TRACE_CANCEL()\fR must be used before returning from or jumping out of a trace section: .PP .Vb 1 @@ -291,13 +217,13 @@ \& } while (0); .Ve .PP -\&\s-1\fBOSSL_TRACE\s0()\fR and \s-1\fBOSSL_TRACE1\s0()\fR, \s-1\fBOSSL_TRACE2\s0()\fR, ... \s-1\fBOSSL_TRACE9\s0()\fR are -so-called one-shot macros: +\&\fBOSSL_TRACE()\fR and \fBOSSL_TRACE1()\fR, \fBOSSL_TRACE2()\fR, ... \fBOSSL_TRACE9()\fR are +so\-called one\-shot macros: .PP The macro call \f(CW\*(C`OSSL_TRACE(category, text)\*(C'\fR, produces literal text trace output. .PP The macro call \f(CW\*(C`OSSL_TRACEn(category, format, arg1, ..., argn)\*(C'\fR produces -printf-style trace output with n format field arguments (n=1,...,9). +printf\-style trace output with n format field arguments (n=1,...,9). It expands to: .PP .Vb 3 @@ -306,14 +232,14 @@ \& } OSSL_TRACE_END(category) .Ve .PP -Internally, all one-shot macros are implemented using a generic \s-1\fBOSSL_TRACEV\s0()\fR +Internally, all one\-shot macros are implemented using a generic \fBOSSL_TRACEV()\fR macro, since C90 does not support variadic macros. This helper macro has a rather weird synopsis and should not be used directly. .PP -The \s-1\fBOSSL_TRACE_ENABLED\s0()\fR macro can be used to conditionally execute some code +The \fBOSSL_TRACE_ENABLED()\fR macro can be used to conditionally execute some code only if a specific trace category is enabled. In some situations this is simpler than entering a trace section using -\&\s-1\fBOSSL_TRACE_BEGIN\s0()\fR and \s-1\fBOSSL_TRACE_END\s0()\fR. +\&\fBOSSL_TRACE_BEGIN()\fR and \fBOSSL_TRACE_END()\fR. For example, the code .PP .Vb 3 @@ -329,8 +255,11 @@ \& ... \& } .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" +It is not needed to guard trace output function calls like +\&\fIOSSL_TRACE(category, ...)\fR by \fIOSSL_TRACE_ENABLED(category)\fR. +.PP If producing the trace output requires carrying out auxiliary calculations, this auxiliary code should be placed inside a conditional block which is executed only if the trace category is enabled. @@ -362,25 +291,25 @@ .Ve .PP Note however that premature optimization of tracing code is in general futile -and it's better to keep the tracing code as simple as possible. -Because most often the limiting factor for the application's speed is the time +and it\*(Aqs better to keep the tracing code as simple as possible. +Because most often the limiting factor for the application\*(Aqs speed is the time it takes to print the trace output, not to calculate it. .SS "Configure Tracing" .IX Subsection "Configure Tracing" By default, the OpenSSL library is built with tracing disabled. To use the tracing functionality documented here, it is therefore -necessary to configure and build OpenSSL with the 'enable\-trace' option. +necessary to configure and build OpenSSL with the \*(Aqenable\-trace\*(Aq option. .PP When the library is built with tracing disabled: -.IP "\(bu" 4 -The macro \fB\s-1OPENSSL_NO_TRACE\s0\fR is defined in \fI\fR. -.IP "\(bu" 4 +.IP \(bu 4 +The macro \fBOPENSSL_NO_TRACE\fR is defined in \fI\fR. +.IP \(bu 4 all functions are still present, but \fBOSSL_trace_enabled()\fR will always report the categories as disabled, and all other functions will do nothing. -.IP "\(bu" 4 +.IP \(bu 4 the convenience macros are defined to produce dead code. -For example, take this example from \*(L"Macros\*(R" section above: +For example, take this example from "Macros" section above: .Sp .Vb 1 \& OSSL_TRACE_BEGIN(TLS) { @@ -394,7 +323,7 @@ \& } OSSL_TRACE_END(TLS); .Ve .Sp -When the tracing \s-1API\s0 isn't operational, that will expand to: +When the tracing API isn\*(Aqt operational, that will expand to: .Sp .Vb 10 \& do { @@ -413,16 +342,16 @@ \&\fBOSSL_trace_enabled()\fR returns 1 if tracing for the given \fItype\fR is operational and enabled, otherwise 0. .PP -\&\fBOSSL_trace_begin()\fR returns a \fB\s-1BIO\s0\fR pointer if the given \fItype\fR is enabled, -otherwise \s-1NULL.\s0 -.SH "HISTORY" +\&\fBOSSL_trace_begin()\fR returns a \fBBIO\fR pointer if the given \fItype\fR is enabled, +otherwise NULL. +.SH HISTORY .IX Header "HISTORY" -The OpenSSL Tracing \s-1API\s0 was added in OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL Tracing API was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_trace_get_category_num.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_trace_get_category_num.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_TRACE_GET_CATEGORY_NUM 3ossl" -.TH OSSL_TRACE_GET_CATEGORY_NUM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_TRACE_GET_CATEGORY_NUM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_trace_get_category_num, OSSL_trace_get_category_name \&\- OpenSSL tracing information functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,7 +74,7 @@ \& int OSSL_trace_get_category_num(const char *name); \& const char *OSSL_trace_get_category_name(int num); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBOSSL_trace_get_category_num()\fR gives the category number corresponding to the given \f(CW\*(C`name\*(C'\fR. @@ -162,15 +87,15 @@ \&\f(CW\*(C`name\*(C'\fR is a recognised category name, otherwise \-1. .PP \&\fBOSSL_trace_get_category_name()\fR returns the category name if the given -\&\f(CW\*(C`num\*(C'\fR is a recognised category number, otherwise \s-1NULL.\s0 -.SH "HISTORY" +\&\f(CW\*(C`num\*(C'\fR is a recognised category number, otherwise NULL. +.SH HISTORY .IX Header "HISTORY" -The OpenSSL Tracing \s-1API\s0 was added ino OpenSSL 3.0. -.SH "COPYRIGHT" +The OpenSSL Tracing API was added ino OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OSSL_trace_set_channel.3.orig +++ secure/lib/libcrypto/man/man3/OSSL_trace_set_channel.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_TRACE_SET_CHANNEL 3ossl" -.TH OSSL_TRACE_SET_CHANNEL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_TRACE_SET_CHANNEL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix, OSSL_trace_set_callback, OSSL_trace_cb \- Enabling trace output -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,29 +79,29 @@ \& void OSSL_trace_set_suffix(int category, const char *suffix); \& void OSSL_trace_set_callback(int category, OSSL_trace_cb cb, void *data); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -If available (see \*(L"\s-1NOTES\*(R"\s0 below), the application can request +If available (see "NOTES" below), the application can request internal trace output. This output comes in form of free text for humans to read. .PP The trace output is divided into categories which can be enabled individually. Every category can be enabled individually by attaching a so called -\&\fItrace channel\fR to it, which in the simplest case is just a \s-1BIO\s0 object +\&\fItrace channel\fR to it, which in the simplest case is just a BIO object to which the application can write the tracing output for this category. Alternatively, the application can provide a tracer callback in order to get more finegrained trace information. This callback will be wrapped -internally by a dedicated \s-1BIO\s0 object. +internally by a dedicated BIO object. .PP For the tracing code, both trace channel types are indistinguishable. These are called a \fIsimple trace channel\fR and a \fIcallback trace channel\fR, respectively. -.SS "Functions" +.SS Functions .IX Subsection "Functions" \&\fBOSSL_trace_set_channel()\fR is used to enable the given trace \f(CW\*(C`category\*(C'\fR -by attaching the \fB\s-1BIO\s0\fR \fIbio\fR object as (simple) trace channel. -On success the ownership of the \s-1BIO\s0 is transferred to the channel, +by attaching the \fBBIO\fR \fIbio\fR object as (simple) trace channel. +On success the ownership of the BIO is transferred to the channel, so the caller must not free it directly. .PP \&\fBOSSL_trace_set_prefix()\fR and \fBOSSL_trace_set_suffix()\fR can be used to add @@ -191,18 +116,18 @@ \&\fBOSSL_trace_set_callback()\fR is used to enable the given trace \&\fIcategory\fR by giving it the tracer callback \fIcb\fR with the associated data \fIdata\fR, which will simply be passed through to \fIcb\fR whenever -it's called. The callback function is internally wrapped by a -dedicated \s-1BIO\s0 object, the so called \fIcallback trace channel\fR. -This should be used when it's desirable to do form the trace output to +it\*(Aqs called. The callback function is internally wrapped by a +dedicated BIO object, the so called \fIcallback trace channel\fR. +This should be used when it\*(Aqs desirable to do form the trace output to something suitable for application needs where a prefix and suffix -line aren't enough. +line aren\*(Aqt enough. .PP \&\fBOSSL_trace_set_channel()\fR and \fBOSSL_trace_set_callback()\fR are mutually exclusive, calling one of them will clear whatever was set by the previous call. .PP -Calling \fBOSSL_trace_set_channel()\fR with \s-1NULL\s0 for \fIchannel\fR or -\&\fBOSSL_trace_set_callback()\fR with \s-1NULL\s0 for \fIcb\fR disables tracing for +Calling \fBOSSL_trace_set_channel()\fR with NULL for \fIchannel\fR or +\&\fBOSSL_trace_set_callback()\fR with NULL for \fIcb\fR disables tracing for the given \fIcategory\fR. .SS "Trace callback" .IX Subsection "Trace callback" @@ -213,105 +138,105 @@ passed to \fBOSSL_trace_set_callback()\fR. .PP The possible control numbers are: -.IP "\fB\s-1OSSL_TRACE_CTRL_BEGIN\s0\fR" 4 +.IP \fBOSSL_TRACE_CTRL_BEGIN\fR 4 .IX Item "OSSL_TRACE_CTRL_BEGIN" The callback is called from \fBOSSL_trace_begin()\fR, which gives the callback the possibility to output a dynamic starting line, or set a prefix that should be output at the beginning of each line, or something other. -.IP "\fB\s-1OSSL_TRACE_CTRL_WRITE\s0\fR" 4 +.IP \fBOSSL_TRACE_CTRL_WRITE\fR 4 .IX Item "OSSL_TRACE_CTRL_WRITE" -This callback is called whenever data is written to the \s-1BIO\s0 by some -regular \s-1BIO\s0 output routine. -An arbitrary number of \fB\s-1OSSL_TRACE_CTRL_WRITE\s0\fR callbacks can occur -inside a group marked by a pair of \fB\s-1OSSL_TRACE_CTRL_BEGIN\s0\fR and -\&\fB\s-1OSSL_TRACE_CTRL_END\s0\fR calls, but never outside such a group. -.IP "\fB\s-1OSSL_TRACE_CTRL_END\s0\fR" 4 +This callback is called whenever data is written to the BIO by some +regular BIO output routine. +An arbitrary number of \fBOSSL_TRACE_CTRL_WRITE\fR callbacks can occur +inside a group marked by a pair of \fBOSSL_TRACE_CTRL_BEGIN\fR and +\&\fBOSSL_TRACE_CTRL_END\fR calls, but never outside such a group. +.IP \fBOSSL_TRACE_CTRL_END\fR 4 .IX Item "OSSL_TRACE_CTRL_END" The callback is called from \fBOSSL_trace_end()\fR, which gives the callback the possibility to output a dynamic ending line, or reset the line -prefix that was set with \fB\s-1OSSL_TRACE_CTRL_BEGIN\s0\fR, or something other. +prefix that was set with \fBOSSL_TRACE_CTRL_BEGIN\fR, or something other. .SS "Trace categories" .IX Subsection "Trace categories" The trace categories are simple numbers available through macros. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_TRACE\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_TRACE\fR 4 .IX Item "OSSL_TRACE_CATEGORY_TRACE" -Traces the OpenSSL trace \s-1API\s0 itself. +Traces the OpenSSL trace API itself. .Sp More precisely, this will generate trace output any time a new trace hook is set. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_INIT\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_INIT\fR 4 .IX Item "OSSL_TRACE_CATEGORY_INIT" Traces OpenSSL library initialization and cleanup. .Sp This needs special care, as OpenSSL will do automatic cleanup after -exit from \f(CW\*(C`main()\*(C'\fR, and any tracing output done during this cleanup +exit from \f(CWmain()\fR, and any tracing output done during this cleanup will be lost if the tracing channel or callback were cleaned away prematurely. -A suggestion is to make such cleanup part of a function that's +A suggestion is to make such cleanup part of a function that\*(Aqs registered very early with \fBatexit\fR\|(3). -.IP "\fB\s-1OSSL_TRACE_CATEGORY_TLS\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_TLS\fR 4 .IX Item "OSSL_TRACE_CATEGORY_TLS" -Traces the \s-1TLS/SSL\s0 protocol. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_TLS_CIPHER\s0\fR" 4 +Traces the TLS/SSL protocol. +.IP \fBOSSL_TRACE_CATEGORY_TLS_CIPHER\fR 4 .IX Item "OSSL_TRACE_CATEGORY_TLS_CIPHER" -Traces the ciphers used by the \s-1TLS/SSL\s0 protocol. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_CONF\s0\fR" 4 +Traces the ciphers used by the TLS/SSL protocol. +.IP \fBOSSL_TRACE_CATEGORY_CONF\fR 4 .IX Item "OSSL_TRACE_CATEGORY_CONF" Traces details about the provider and engine configuration. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_ENGINE_TABLE\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_ENGINE_TABLE\fR 4 .IX Item "OSSL_TRACE_CATEGORY_ENGINE_TABLE" -Traces the \s-1ENGINE\s0 algorithm table selection. +Traces the ENGINE algorithm table selection. .Sp More precisely, functions like \fBENGINE_get_pkey_asn1_meth_engine()\fR, \&\fBENGINE_get_pkey_meth_engine()\fR, \fBENGINE_get_cipher_engine()\fR, \&\fBENGINE_get_digest_engine()\fR, will generate trace summaries of the handling of internal tables. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_ENGINE_REF_COUNT\fR 4 .IX Item "OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT" -Traces the \s-1ENGINE\s0 reference counting. +Traces the ENGINE reference counting. .Sp -More precisely, both reference counts in the \s-1ENGINE\s0 structure will be +More precisely, both reference counts in the ENGINE structure will be monitored with a line of trace output generated for each change. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_PKCS5V2\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_PKCS5V2\fR 4 .IX Item "OSSL_TRACE_CATEGORY_PKCS5V2" Traces PKCS#5 v2 key generation. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_PKCS12_KEYGEN\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_PKCS12_KEYGEN\fR 4 .IX Item "OSSL_TRACE_CATEGORY_PKCS12_KEYGEN" Traces PKCS#12 key generation. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_PKCS12_DECRYPT\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_PKCS12_DECRYPT\fR 4 .IX Item "OSSL_TRACE_CATEGORY_PKCS12_DECRYPT" Traces PKCS#12 decryption. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_X509V3_POLICY\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_X509V3_POLICY\fR 4 .IX Item "OSSL_TRACE_CATEGORY_X509V3_POLICY" Traces X509v3 policy processing. .Sp More precisely, this generates the complete policy tree at various point during evaluation. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_BN_CTX\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_BN_CTX\fR 4 .IX Item "OSSL_TRACE_CATEGORY_BN_CTX" -Traces \s-1BIGNUM\s0 context operations. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_CMP\s0\fR" 4 +Traces BIGNUM context operations. +.IP \fBOSSL_TRACE_CATEGORY_CMP\fR 4 .IX Item "OSSL_TRACE_CATEGORY_CMP" -Traces \s-1CMP\s0 client and server activity. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_STORE\s0\fR" 4 +Traces CMP client and server activity. +.IP \fBOSSL_TRACE_CATEGORY_STORE\fR 4 .IX Item "OSSL_TRACE_CATEGORY_STORE" -Traces \s-1STORE\s0 operations. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_DECODER\s0\fR" 4 +Traces STORE operations. +.IP \fBOSSL_TRACE_CATEGORY_DECODER\fR 4 .IX Item "OSSL_TRACE_CATEGORY_DECODER" Traces decoder operations. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_ENCODER\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_ENCODER\fR 4 .IX Item "OSSL_TRACE_CATEGORY_ENCODER" Traces encoder operations. -.IP "\fB\s-1OSSL_TRACE_CATEGORY_REF_COUNT\s0\fR" 4 +.IP \fBOSSL_TRACE_CATEGORY_REF_COUNT\fR 4 .IX Item "OSSL_TRACE_CATEGORY_REF_COUNT" -Traces decrementing certain \s-1ASN.1\s0 structure references. +Traces decrementing certain ASN.1 structure references. .PP -There is also \fB\s-1OSSL_TRACE_CATEGORY_ALL\s0\fR, which works as a fallback +There is also \fBOSSL_TRACE_CATEGORY_ALL\fR, which works as a fallback and can be used to get \fIall\fR trace output. .PP Note, however, that in this case all trace output will effectively be -associated with the '\s-1ALL\s0' category, which is undesirable if the +associated with the \*(AqALL\*(Aq category, which is undesirable if the application intends to include the category name in the trace output. In this case it is better to register separate channels for each trace category instead. @@ -320,7 +245,7 @@ \&\fBOSSL_trace_set_channel()\fR, \fBOSSL_trace_set_prefix()\fR, \&\fBOSSL_trace_set_suffix()\fR, and \fBOSSL_trace_set_callback()\fR return 1 on success, or 0 on failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" In all examples below, the trace producing code is assumed to be the following: @@ -411,27 +336,27 @@ \& 0000 \- 00 01 02 03 04 05 06 07\-08 09 0a 0b 0c 0d 0e 0f ................ \& END TRACE[TLS]:7f9eb0193b80 .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" .SS "Configure Tracing" .IX Subsection "Configure Tracing" By default, the OpenSSL library is built with tracing disabled. To use the tracing functionality documented here, it is therefore -necessary to configure and build OpenSSL with the 'enable\-trace' option. +necessary to configure and build OpenSSL with the \*(Aqenable\-trace\*(Aq option. .PP When the library is built with tracing disabled, the macro -\&\fB\s-1OPENSSL_NO_TRACE\s0\fR is defined in \fI\fR and all +\&\fBOPENSSL_NO_TRACE\fR is defined in \fI\fR and all functions described here are inoperational, i.e. will do nothing. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOSSL_trace_set_channel()\fR, \fBOSSL_trace_set_prefix()\fR, \&\fBOSSL_trace_set_suffix()\fR, and \fBOSSL_trace_set_callback()\fR were all added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3.orig +++ secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3ossl" -.TH OPENSSL_ADD_ALL_ALGORITHMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- add algorithms to internal table -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -158,7 +83,7 @@ \& \& void EVP_cleanup(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" OpenSSL keeps an internal table of digest algorithms and ciphers. It uses this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR. @@ -180,17 +105,17 @@ .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBEVP_DigestInit\fR\|(3), \&\fBEVP_EncryptInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBOpenSSL_add_all_algorithms()\fR, \fBOpenSSL_add_all_ciphers()\fR, \&\fBOpenSSL_add_all_digests()\fR, and \fBEVP_cleanup()\fR, functions were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should not be used. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/OpenSSL_version.3.orig +++ secure/lib/libcrypto/man/man3/OpenSSL_version.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION 3ossl" -.TH OPENSSL_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL_VERSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, OPENSSL_VERSION_PRE_RELEASE, OPENSSL_VERSION_BUILD_METADATA, OPENSSL_VERSION_TEXT, OPENSSL_VERSION_PREREQ, OPENSSL_version_major, @@ -146,7 +71,7 @@ OPENSSL_version_build_metadata, OpenSSL_version, OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info \&\- get OpenSSL version number and other information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -181,96 +106,96 @@ \& /* from openssl/crypto.h */ \& unsigned long OpenSSL_version_num(); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -.SS "Macros" +.SS Macros .IX Subsection "Macros" -The three macros \fB\s-1OPENSSL_VERSION_MAJOR\s0\fR, \fB\s-1OPENSSL_VERSION_MINOR\s0\fR and -\&\fB\s-1OPENSSL_VERSION_PATCH\s0\fR represent the three parts of a version -identifier, \fB\f(BI\s-1MAJOR\s0\fB.\f(BI\s-1MINOR\s0\fB.\f(BI\s-1PATCH\s0\fB\fR. +The three macros \fBOPENSSL_VERSION_MAJOR\fR, \fBOPENSSL_VERSION_MINOR\fR and +\&\fBOPENSSL_VERSION_PATCH\fR represent the three parts of a version +identifier, \fR\f(BIMAJOR\fR\fB.\fR\f(BIMINOR\fR\fB.\fR\f(BIPATCH\fR\fB\fR. .PP -The macro \fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR is an added bit of text that -indicates that this is a pre-release version, such as \f(CW"\-dev"\fR for an +The macro \fBOPENSSL_VERSION_PRE_RELEASE\fR is an added bit of text that +indicates that this is a pre\-release version, such as \f(CW"\-dev"\fR for an ongoing development snapshot or \f(CW"\-alpha3"\fR for an alpha release. The value must be a string. .PP -The macro \fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR is extra information, reserved +The macro \fBOPENSSL_VERSION_BUILD_METADATA\fR is extra information, reserved for other parties, such as \f(CW"+fips"\fR, or \f(CW"+vendor.1"\fR). The OpenSSL project will not touch this macro (will leave it an empty string). The value must be a string. .PP -\&\fB\s-1OPENSSL_VERSION_STR\s0\fR is a convenience macro to get the short version -identifier string, \f(CW"\f(CIMAJOR\f(CW.\f(CIMINOR\f(CW.\f(CIPATCH\f(CW"\fR. +\&\fBOPENSSL_VERSION_STR\fR is a convenience macro to get the short version +identifier string, \f(CW"\fR\f(CIMAJOR\fR\f(CW.\fR\f(CIMINOR\fR\f(CW.\fR\f(CIPATCH\fR\f(CW"\fR. .PP -\&\fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR is a convenience macro to get the longer -version identifier string, which combines \fB\s-1OPENSSL_VERSION_STR\s0\fR, -\&\fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR and \fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR. +\&\fBOPENSSL_FULL_VERSION_STR\fR is a convenience macro to get the longer +version identifier string, which combines \fBOPENSSL_VERSION_STR\fR, +\&\fBOPENSSL_VERSION_PRE_RELEASE\fR and \fBOPENSSL_VERSION_BUILD_METADATA\fR. .PP -\&\fB\s-1OPENSSL_VERSION_TEXT\s0\fR is a convenience macro to get a full descriptive -version text, which includes \fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR and the release +\&\fBOPENSSL_VERSION_TEXT\fR is a convenience macro to get a full descriptive +version text, which includes \fBOPENSSL_FULL_VERSION_STR\fR and the release date. .PP -\&\fB\s-1OPENSSL_VERSION_PREREQ\s0\fR is a useful macro for checking whether the OpenSSL -version for the headers in use is at least at the given pre-requisite major +\&\fBOPENSSL_VERSION_PREREQ\fR is a useful macro for checking whether the OpenSSL +version for the headers in use is at least at the given pre\-requisite major (\fBmaj\fR) and minor (\fBmin\fR) number or not. It will evaluate to true if the -header version number (\fB\s-1OPENSSL_VERSION_MAJOR\s0\fR.\fB\s-1OPENSSL_VERSION_MINOR\s0\fR) is +header version number (\fBOPENSSL_VERSION_MAJOR\fR.\fBOPENSSL_VERSION_MINOR\fR) is greater than or equal to \fBmaj\fR.\fBmin\fR. .PP -\&\fB\s-1OPENSSL_VERSION_NUMBER\s0\fR is a combination of the major, minor and +\&\fBOPENSSL_VERSION_NUMBER\fR is a combination of the major, minor and patch version into a single integer 0xMNN00PP0L, where: -.IP "M" 4 +.IP M 4 .IX Item "M" -is the number from \fB\s-1OPENSSL_VERSION_MAJOR\s0\fR, in hexadecimal notation -.IP "\s-1NN\s0" 4 +is the number from \fBOPENSSL_VERSION_MAJOR\fR, in hexadecimal notation +.IP NN 4 .IX Item "NN" -is the number from \fB\s-1OPENSSL_VERSION_MINOR\s0\fR, in hexadecimal notation -.IP "\s-1PP\s0" 4 +is the number from \fBOPENSSL_VERSION_MINOR\fR, in hexadecimal notation +.IP PP 4 .IX Item "PP" -is the number from \fB\s-1OPENSSL_VERSION_PATCH\s0\fR, in hexadecimal notation -.SS "Functions" +is the number from \fBOPENSSL_VERSION_PATCH\fR, in hexadecimal notation +.SS Functions .IX Subsection "Functions" \&\fBOPENSSL_version_major()\fR, \fBOPENSSL_version_minor()\fR, \fBOPENSSL_version_patch()\fR, \&\fBOPENSSL_version_pre_release()\fR, and \fBOPENSSL_version_build_metadata()\fR return the values of the macros above for the build of the library, respectively. .PP \&\fBOpenSSL_version()\fR returns different strings depending on \fIt\fR: -.IP "\s-1OPENSSL_VERSION\s0" 4 +.IP OPENSSL_VERSION 4 .IX Item "OPENSSL_VERSION" -The value of \fB\s-1OPENSSL_VERSION_TEXT\s0\fR -.IP "\s-1OPENSSL_VERSION_STRING\s0" 4 +The value of \fBOPENSSL_VERSION_TEXT\fR +.IP OPENSSL_VERSION_STRING 4 .IX Item "OPENSSL_VERSION_STRING" -The value of \fB\s-1OPENSSL_VERSION_STR\s0\fR -.IP "\s-1OPENSSL_FULL_VERSION_STRING\s0" 4 +The value of \fBOPENSSL_VERSION_STR\fR +.IP OPENSSL_FULL_VERSION_STRING 4 .IX Item "OPENSSL_FULL_VERSION_STRING" -The value of \fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR -.IP "\s-1OPENSSL_CFLAGS\s0" 4 +The value of \fBOPENSSL_FULL_VERSION_STR\fR +.IP OPENSSL_CFLAGS 4 .IX Item "OPENSSL_CFLAGS" The compiler flags set for the compilation process in the form \&\f(CW\*(C`compiler: ...\*(C'\fR if available, or \f(CW\*(C`compiler: information not available\*(C'\fR otherwise. -.IP "\s-1OPENSSL_BUILT_ON\s0" 4 +.IP OPENSSL_BUILT_ON 4 .IX Item "OPENSSL_BUILT_ON" The date of the build process in the form \f(CW\*(C`built on: ...\*(C'\fR if available or \f(CW\*(C`built on: date not available\*(C'\fR otherwise. The date would not be available in a reproducible build, for example. -.IP "\s-1OPENSSL_PLATFORM\s0" 4 +.IP OPENSSL_PLATFORM 4 .IX Item "OPENSSL_PLATFORM" -The \*(L"Configure\*(R" target of the library build in the form \f(CW\*(C`platform: ...\*(C'\fR +The "Configure" target of the library build in the form \f(CW\*(C`platform: ...\*(C'\fR if available, or \f(CW\*(C`platform: information not available\*(C'\fR otherwise. -.IP "\s-1OPENSSL_DIR\s0" 4 +.IP OPENSSL_DIR 4 .IX Item "OPENSSL_DIR" -The \fB\s-1OPENSSLDIR\s0\fR setting of the library build in the form \f(CW\*(C`OPENSSLDIR: "..."\*(C'\fR +The \fBOPENSSLDIR\fR setting of the library build in the form \f(CW\*(C`OPENSSLDIR: "..."\*(C'\fR if available, or \f(CW\*(C`OPENSSLDIR: N/A\*(C'\fR otherwise. -.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 +.IP OPENSSL_ENGINES_DIR 4 .IX Item "OPENSSL_ENGINES_DIR" -The \fB\s-1ENGINESDIR\s0\fR setting of the library build in the form \f(CW\*(C`ENGINESDIR: "..."\*(C'\fR +The \fBENGINESDIR\fR setting of the library build in the form \f(CW\*(C`ENGINESDIR: "..."\*(C'\fR if available, or \f(CW\*(C`ENGINESDIR: N/A\*(C'\fR otherwise. This option is deprecated in OpenSSL 3.0. -.IP "\s-1OPENSSL_MODULES_DIR\s0" 4 +.IP OPENSSL_MODULES_DIR 4 .IX Item "OPENSSL_MODULES_DIR" -The \fB\s-1MODULESDIR\s0\fR setting of the library build in the form \f(CW\*(C`MODULESDIR: "..."\*(C'\fR +The \fBMODULESDIR\fR setting of the library build in the form \f(CW\*(C`MODULESDIR: "..."\*(C'\fR if available, or \f(CW\*(C`MODULESDIR: N/A\*(C'\fR otherwise. -.IP "\s-1OPENSSL_CPU_INFO\s0" 4 +.IP OPENSSL_CPU_INFO 4 .IX Item "OPENSSL_CPU_INFO" The current OpenSSL cpu settings. This is the current setting of the cpu capability flags. It is usually @@ -282,34 +207,34 @@ For an unknown \fIt\fR, the text \f(CW\*(C`not available\*(C'\fR is returned. .PP \&\fBOPENSSL_info()\fR also returns different strings depending on \fIt\fR: -.IP "\s-1OPENSSL_INFO_CONFIG_DIR\s0" 4 +.IP OPENSSL_INFO_CONFIG_DIR 4 .IX Item "OPENSSL_INFO_CONFIG_DIR" The configured \f(CW\*(C`OPENSSLDIR\*(C'\fR, which is the default location for OpenSSL configuration files. -.IP "\s-1OPENSSL_INFO_ENGINES_DIR\s0" 4 +.IP OPENSSL_INFO_ENGINES_DIR 4 .IX Item "OPENSSL_INFO_ENGINES_DIR" The configured \f(CW\*(C`ENGINESDIR\*(C'\fR, which is the default location for OpenSSL engines. -.IP "\s-1OPENSSL_INFO_MODULES_DIR\s0" 4 +.IP OPENSSL_INFO_MODULES_DIR 4 .IX Item "OPENSSL_INFO_MODULES_DIR" The configured \f(CW\*(C`MODULESDIR\*(C'\fR, which is the default location for dynamically loadable OpenSSL modules other than engines. -.IP "\s-1OPENSSL_INFO_DSO_EXTENSION\s0" 4 +.IP OPENSSL_INFO_DSO_EXTENSION 4 .IX Item "OPENSSL_INFO_DSO_EXTENSION" The configured dynamically loadable module extension. -.IP "\s-1OPENSSL_INFO_DIR_FILENAME_SEPARATOR\s0" 4 +.IP OPENSSL_INFO_DIR_FILENAME_SEPARATOR 4 .IX Item "OPENSSL_INFO_DIR_FILENAME_SEPARATOR" The separator between a directory specification and a filename. Note that on some operating systems, this is not the same as the separator between directory elements. -.IP "\s-1OPENSSL_INFO_LIST_SEPARATOR\s0" 4 +.IP OPENSSL_INFO_LIST_SEPARATOR 4 .IX Item "OPENSSL_INFO_LIST_SEPARATOR" The OpenSSL list separator. This is typically used in strings that are lists of items, such as the value of the environment variable \f(CW$PATH\fR on Unix (where the separator is \f(CW\*(C`:\*(C'\fR) or \f(CW\*(C`%PATH%\*(C'\fR on Windows (where the separator is \&\f(CW\*(C`;\*(C'\fR). -.IP "\s-1OPENSSL_INFO_CPU_SETTINGS\s0" 4 +.IP OPENSSL_INFO_CPU_SETTINGS 4 .IX Item "OPENSSL_INFO_CPU_SETTINGS" The current OpenSSL cpu settings. This is the current setting of the cpu capability flags. It is usually @@ -317,32 +242,38 @@ The value has the same syntax as the environment variable. For x86 the string looks like \f(CW\*(C`OPENSSL_ia32cap=0x123:0x456\*(C'\fR. .PP -For an unknown \fIt\fR, \s-1NULL\s0 is returned. +For an unknown \fIt\fR, NULL is returned. .PP -\&\fBOpenSSL_version_num()\fR returns the value of \fB\s-1OPENSSL_VERSION_NUMBER\s0\fR. +\&\fBOpenSSL_version_num()\fR returns the value of \fBOPENSSL_VERSION_NUMBER\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOPENSSL_version_major()\fR, \fBOPENSSL_version_minor()\fR and \fBOPENSSL_version_patch()\fR return the version number parts as integers. .PP \&\fBOPENSSL_version_pre_release()\fR and \fBOPENSSL_version_build_metadata()\fR return -the values of \fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR and -\&\fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR respectively as constant strings. +the values of \fBOPENSSL_VERSION_PRE_RELEASE\fR and +\&\fBOPENSSL_VERSION_BUILD_METADATA\fR respectively as constant strings. For any of them that is undefined, the empty string is returned. .PP \&\fBOpenSSL_version()\fR returns constant strings. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The macros and functions described here were added in OpenSSL 3.0, -except for \s-1OPENSSL_VERSION_NUMBER\s0 and \fBOpenSSL_version_num()\fR. -.SH "COPYRIGHT" +except for OPENSSL_VERSION_NUMBER and \fBOpenSSL_version_num()\fR. +.SH BUGS +.IX Header "BUGS" +There was a discrepancy between this manual and commentary + code +in \fI\fR, where the latter suggested that the +four least significant bits of \fBOPENSSL_VERSION_NUMBER\fR could be +\&\f(CW0x0f\fR in released OpenSSL versions. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2018\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PEM_X509_INFO_read_bio_ex.3.orig +++ secure/lib/libcrypto/man/man3/PEM_X509_INFO_read_bio_ex.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PEM_X509_INFO_READ_BIO_EX 3ossl" -.TH PEM_X509_INFO_READ_BIO_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PEM_X509_INFO_READ_BIO_EX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PEM_X509_INFO_read_ex, PEM_X509_INFO_read, PEM_X509_INFO_read_bio_ex, PEM_X509_INFO_read_bio \&\- read PEM\-encoded data structures into one or more X509_INFO objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,32 +85,32 @@ \& STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, \& pem_password_cb *cb, void *u); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPEM_X509_INFO_read_ex()\fR loads the \fBX509_INFO\fR objects from a file \fIfp\fR. .PP \&\fBPEM_X509_INFO_read()\fR is similar to \fBPEM_X509_INFO_read_ex()\fR -but uses the default (\s-1NULL\s0) library context \fIlibctx\fR +but uses the default (NULL) library context \fIlibctx\fR and empty property query \fIpropq\fR. .PP \&\fBPEM_X509_INFO_read_bio_ex()\fR loads the \fBX509_INFO\fR objects using a bio \fIbp\fR. .PP \&\fBPEM_X509_INFO_read_bio()\fR is similar to \fBPEM_X509_INFO_read_bio_ex()\fR -but uses the default (\s-1NULL\s0) library context \fIlibctx\fR +but uses the default (NULL) library context \fIlibctx\fR and empty property query \fIpropq\fR. .PP -Each of the loaded \fBX509_INFO\fR objects can contain a \s-1CRL,\s0 a certificate, +Each of the loaded \fBX509_INFO\fR objects can contain a CRL, a certificate, and/or a private key. The elements are read sequentially, and as far as they are of different type than the elements read before, they are combined into the same \fBX509_INFO\fR object. The idea behind this is that if, for instance, a certificate is followed by a private key, the private key is supposed to correspond to the certificate. .PP -If the input stack \fIsk\fR is \s-1NULL\s0 a new stack is allocated, +If the input stack \fIsk\fR is NULL a new stack is allocated, else the given stack is extended. .PP The optional \fIcb\fR and \fIu\fR parameters can be used for providing a pass phrase -needed for decrypting encrypted \s-1PEM\s0 structures (normally only private keys). +needed for decrypting encrypted PEM structures (normally only private keys). See \fBPEM_read_bio_PrivateKey\fR\|(3) and \fBpassphrase\-encoding\fR\|(7) for details. .PP The library context \fIlibctx\fR and property query \fIpropq\fR are used for fetching @@ -194,21 +119,21 @@ .IX Header "RETURN VALUES" \&\fBPEM_X509_INFO_read_ex()\fR, \fBPEM_X509_INFO_read()\fR, \&\fBPEM_X509_INFO_read_bio_ex()\fR and \fBPEM_X509_INFO_read_bio()\fR return -a stack of \fBX509_INFO\fR objects or \s-1NULL\s0 on failure. +a stack of \fBX509_INFO\fR objects or NULL on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_read_bio_ex\fR\|(3), \&\fBPEM_read_bio_PrivateKey\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBPEM_X509_INFO_read_ex()\fR and \&\fBPEM_X509_INFO_read_bio_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3.orig +++ secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PEM_BYTES_READ_BIO 3ossl" -.TH PEM_BYTES_READ_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PEM_BYTES_READ_BIO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data structure from a BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,27 +77,27 @@ \& const char *name, BIO *bp, pem_password_cb *cb, \& void *u); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1IETF RFC 1421\s0 and \s-1IETF RFC 7468\s0) -data from the \s-1BIO\s0 -\&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA PRIVATE KEY, CERTIFICATE,\s0 -etc.). If multiple PEM-encoded data structures are present in the same -stream, \fBPEM_bytes_read_bio()\fR will skip non-matching data types and -continue reading. Non-PEM data present in the stream may cause an +\&\fBPEM_bytes_read_bio()\fR reads PEM\-formatted (IETF RFC 1421 and IETF RFC 7468) +data from the BIO +\&\fIbp\fR for the data type given in \fIname\fR (RSA PRIVATE KEY, CERTIFICATE, +etc.). If multiple PEM\-encoded data structures are present in the same +stream, \fBPEM_bytes_read_bio()\fR will skip non\-matching data types and +continue reading. Non\-PEM data present in the stream may cause an error. .PP -The \s-1PEM\s0 header may indicate that the following data is encrypted; if so, +The PEM header may indicate that the following data is encrypted; if so, the data will be decrypted, waiting on user input to supply a passphrase if needed. The password callback \fIcb\fR and rock \fIu\fR are used to obtain the decryption passphrase, if applicable. .PP Some data types have compatibility aliases, such as a file containing -X509 \s-1CERTIFICATE\s0 matching a request for the deprecated type \s-1CERTIFICATE.\s0 +X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE. The actual type indicated by the file is returned in \fI*pnm\fR if \fIpnm\fR is -non-NULL. The caller must free the storage pointed to by \fI*pnm\fR. +non\-NULL. The caller must free the storage pointed to by \fI*pnm\fR. .PP -The returned data is the DER-encoded form of the requested type, in +The returned data is the DER\-encoded form of the requested type, in \&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed to by \fI*pdata\fR. .PP @@ -180,14 +105,14 @@ memory from the secure heap for its temporary buffers and the storage returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use \&\fBOPENSSL_secure_free()\fR to free that storage. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for -storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from +storage allocated within the PEM processing stack. The BIO stack from which input is read may also use temporary buffers, which are not necessarily allocated from the secure heap. In cases where it is desirable to ensure -that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, -care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the +that the contents of the PEM file only appears in memory from the secure heap, +care is needed in generating the BIO passed as \fIbp\fR. In particular, the use of \fBBIO_s_file()\fR indicates the use of the operating system stdio functionality, which includes buffering as a feature; \fBBIO_s_fd()\fR is likely to be more appropriate in such cases. @@ -203,14 +128,14 @@ .IX Header "SEE ALSO" \&\fBPEM_read_bio_ex\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PEM_read.3.orig +++ secure/lib/libcrypto/man/man3/PEM_read.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PEM_READ 3ossl" -.TH PEM_READ 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PEM_READ 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO \&\- PEM encoding routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,14 +86,14 @@ \& int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, \& pem_password_cb *cb, void *u); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions read and write PEM-encoded objects, using the \s-1PEM\s0 +These functions read and write PEM\-encoded objects, using the PEM type \fBname\fR, any additional \fBheader\fR information, and the raw \&\fBdata\fR of length \fBlen\fR. .PP -\&\s-1PEM\s0 is the term used for binary content encoding first defined in \s-1IETF -RFC 1421.\s0 The content is a series of base64\-encoded lines, surrounded +PEM is the term used for binary content encoding first defined in IETF +RFC 1421. The content is a series of base64\-encoded lines, surrounded by begin/end markers each on their own line. For example: .PP .Vb 4 @@ -182,19 +107,19 @@ existence depends on the type of object being written or read. .PP \&\fBPEM_write()\fR writes to the file \fBfp\fR, while \fBPEM_write_bio()\fR writes to -the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the -\&\fBheader\fR is the header value or \s-1NULL,\s0 and \fBdata\fR and \fBlen\fR specify +the BIO \fBbp\fR. The \fBname\fR is the name to use in the marker, the +\&\fBheader\fR is the header value or NULL, and \fBdata\fR and \fBlen\fR specify the data and its length. .PP -The final \fBdata\fR buffer is typically an \s-1ASN.1\s0 object which can be decoded with +The final \fBdata\fR buffer is typically an ASN.1 object which can be decoded with the \fBd2i\fR function appropriate to the type \fBname\fR; see \fBd2i_X509\fR\|(3) for examples. .PP \&\fBPEM_read()\fR reads from the file \fBfp\fR, while \fBPEM_read_bio()\fR reads -from the \s-1BIO\s0 \fBbp\fR. -Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. -When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN -\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers +from the BIO \fBbp\fR. +Both skip any non\-PEM data that precedes the start of the next PEM object. +When an object is successfully retrieved, the type name from the "\-\-\-\-BEGIN +\-\-\-\-\-" is returned via the \fBname\fR argument, any encapsulation headers are returned in \fBheader\fR and the base64\-decoded content and its length are returned via \fBdata\fR and \fBlen\fR respectively. The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fBOPENSSL_malloc()\fR @@ -202,14 +127,14 @@ .PP \&\fBPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by \&\fBPEM_read()\fR or \fBPEM_read_bio()\fR is encrypted and to retrieve the associated cipher -and \s-1IV.\s0 -The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the +and IV. +The caller passes a pointer to structure of type \fBEVP_CIPHER_INFO\fR via the \&\fBcinfo\fR argument and the \fBheader\fR returned via \fBPEM_read()\fR or \fBPEM_read_bio()\fR. -If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the +If the call is successful 1 is returned and the cipher and IV are stored at the address pointed to by \fBcinfo\fR. When the header is malformed, or not supported or when the cipher is unknown or some internal error happens 0 is returned. -This function is deprecated, see \fB\s-1NOTES\s0\fR below. +This function is deprecated, see \fBNOTES\fR below. .PP \&\fBPEM_do_header()\fR can then be used to decrypt the data if the header indicates encryption. @@ -221,30 +146,30 @@ prompt function as described in \fBPEM_read_PrivateKey\fR\|(3). On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is updated to indicate the plaintext length. -This function is deprecated, see \fB\s-1NOTES\s0\fR below. +This function is deprecated, see \fBNOTES\fR below. .PP If the data is a priori known to not be encrypted, then neither \fBPEM_do_header()\fR nor \fBPEM_get_EVP_CIPHER_INFO()\fR need be called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPEM_read()\fR and \fBPEM_read_bio()\fR return 1 on success and 0 on failure, the latter -includes the case when no more \s-1PEM\s0 objects remain in the input file. +includes the case when no more PEM objects remain in the input file. To distinguish end of file from more serious errors the caller must peek at the -error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more -\&\s-1PEM\s0 objects were found. See \fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_REASON\s0\fR\|(3). +error stack and check for \fBPEM_R_NO_START_LINE\fR, which indicates that no more +PEM objects were found. See \fBERR_peek_last_error\fR\|(3), \fBERR_GET_REASON\fR\|(3). .PP \&\fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR return 1 on success, and 0 on failure. The \fBdata\fR is likely meaningless if these functions fail. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The \fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR functions are deprecated. -This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should +This is because the underlying PEM encryption format is obsolete, and should be avoided. -It uses an encryption format with an OpenSSL-specific key-derivation function, -which employs \s-1MD5\s0 with an iteration count of 1! +It uses an encryption format with an OpenSSL\-specific key\-derivation function, +which employs MD5 with an iteration count of 1! Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 -v2.0 \s-1PBE.\s0 +v2.0 PBE. See \fBPEM_write_PrivateKey\fR\|(3) and \fBd2i_PKCS8PrivateKey_bio\fR\|(3). .PP \&\fBPEM_do_header()\fR makes no assumption regarding the pass phrase received from the @@ -252,14 +177,14 @@ It will simply be treated as a byte sequence. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_LIB\s0\fR\|(3), +\&\fBERR_peek_last_error\fR\|(3), \fBERR_GET_LIB\fR\|(3), \&\fBd2i_PKCS8PrivateKey_bio\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 1998\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PEM_read_CMS.3.orig +++ secure/lib/libcrypto/man/man3/PEM_read_CMS.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PEM_READ_CMS 3ossl" -.TH PEM_READ_CMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PEM_READ_CMS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, @@ -178,7 +103,7 @@ PEM_write_X509_PUBKEY, PEM_write_bio_X509_PUBKEY \&\- PEM object encoding routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -192,7 +117,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -219,50 +144,50 @@ \& const unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -All of the functions described on this page are deprecated. -Applications should use \fBOSSL_ENCODER_to_bio()\fR and \fBOSSL_DECODER_from_bio()\fR -instead. +To replace the deprecated functions listed above, applications should use the +\&\fBEVP_PKEY\fR type and \fBOSSL_DECODER_from_bio()\fR and \fBOSSL_ENCODER_to_bio()\fR to +read and write PEM data containing key parameters or private and public keys. .PP -In the description below, \fB\f(BI\s-1TYPE\s0\fB\fR is used +In the description below, \fR\f(BITYPE\fR\fB\fR is used as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in the next four lines of the synopsis. .PP -These routines convert between local instances of \s-1ASN1\s0 datatypes and -the \s-1PEM\s0 encoding. For more information on the templates, see -\&\s-1\fBASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used +These routines convert between local instances of ASN1 datatypes and +the PEM encoding. For more information on the templates, see +\&\fBASN1_ITEM\fR\|(3). For more information on the lower\-level routines used by the functions here, see \fBPEM_read\fR\|(3). .PP -\&\fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() reads a PEM-encoded object of \fB\f(BI\s-1TYPE\s0\fB\fR from the file +\&\fBPEM_read_\fR\f(BITYPE\fR() reads a PEM\-encoded object of \fB\fR\f(BITYPE\fR\fB\fR from the file \&\fIfp\fR and returns it. The \fIcb\fR and \fIu\fR parameters are as described in \&\fBpem_password_cb\fR\|(3). .PP -\&\fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR() is similar to \fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() but reads from -the \s-1BIO\s0 \fIbp\fR. +\&\fBPEM_read_bio_\fR\f(BITYPE\fR() is similar to \fBPEM_read_\fR\f(BITYPE\fR\fB\fR() but reads from +the BIO \fIbp\fR. .PP -\&\fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() writes the \s-1PEM\s0 encoding of the object \fIa\fR to the file +\&\fBPEM_write_\fR\f(BITYPE\fR() writes the PEM encoding of the object \fIa\fR to the file \&\fIfp\fR. .PP -\&\fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR() similarly writes to the \s-1BIO\s0 \fIbp\fR. -.SH "NOTES" +\&\fBPEM_write_bio_\fR\f(BITYPE\fR() similarly writes to the BIO \fIbp\fR. +.SH NOTES .IX Header "NOTES" These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() and \fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR() return a pointer to an -allocated object, which should be released by calling \fB\f(BI\s-1TYPE\s0\fB_free\fR(), or -\&\s-1NULL\s0 on error. +\&\fBPEM_read_\fR\f(BITYPE\fR() and \fBPEM_read_bio_\fR\f(BITYPE\fR\fB\fR() return a pointer to an +allocated object, which should be released by calling \fB\fR\f(BITYPE\fR\fB_free\fR(), or +NULL on error. .PP -\&\fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() and \fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR() return 1 for success or 0 for failure. +\&\fBPEM_write_\fR\f(BITYPE\fR() and \fBPEM_write_bio_\fR\f(BITYPE\fR\fB\fR() return 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_read\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBPEM_write_DHxparams()\fR, \fBPEM_write_bio_DHxparams()\fR, \&\fBPEM_read_ECPKParameters()\fR, \fBPEM_read_bio_ECPKParameters()\fR, @@ -272,11 +197,11 @@ \&\fBPEM_read_ECPrivateKey()\fR, \fBPEM_read_bio_ECPrivateKey()\fR, \&\fBPEM_write_ECPrivateKey()\fR and \fBPEM_write_bio_ECPrivateKey()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 1998\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3.orig +++ secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_PRIVATEKEY 3ossl" -.TH PEM_READ_BIO_PRIVATEKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PEM_READ_BIO_PRIVATEKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME pem_password_cb, PEM_read_bio_PrivateKey_ex, PEM_read_bio_PrivateKey, PEM_read_PrivateKey_ex, PEM_read_PrivateKey, @@ -169,7 +94,7 @@ PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -273,7 +198,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 10 @@ -329,23 +254,23 @@ \& int PEM_write_bio_DHparams(BIO *bp, DH *x); \& int PEM_write_DHparams(FILE *fp, DH *x); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -All of the functions described on this page that have a \fI\s-1TYPE\s0\fR of \fB\s-1DH\s0\fR, \fB\s-1DSA\s0\fR -and \fB\s-1RSA\s0\fR are deprecated. Applications should use \fBOSSL_ENCODER_to_bio\fR\|(3) and +All of the functions described on this page that have a \fITYPE\fR of \fBDH\fR, \fBDSA\fR +and \fBRSA\fR are deprecated. Applications should use \fBOSSL_ENCODER_to_bio\fR\|(3) and \&\fBOSSL_DECODER_from_bio\fR\|(3) instead. .PP -The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In -this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +The PEM functions read or write structures in PEM format. In +this sense PEM format is simply base64 encoded data surrounded by header lines. .PP For more details about the meaning of arguments see the -\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. +\&\fBPEM FUNCTION ARGUMENTS\fR section. .PP Each operation has four functions associated with it. For -brevity the term "\fB\f(BI\s-1TYPE\s0\fB\fR functions" will be used below to collectively -refer to the \fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR(), \fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR(), -\&\fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR(), and \fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() functions. +brevity the term "\fR\f(BITYPE\fR\fB\fR functions" will be used below to collectively +refer to the \fBPEM_read_bio_\fR\f(BITYPE\fR\fB\fR(), \fBPEM_read_\fR\f(BITYPE\fR\fB\fR(), +\&\fBPEM_write_bio_\fR\f(BITYPE\fR\fB\fR(), and \fBPEM_write_\fR\f(BITYPE\fR\fB\fR() functions. .PP Some operations have additional variants that take a library context \fIlibctx\fR and a property query string \fIpropq\fR. The \fBX509\fR, \fBX509_REQ\fR and \fBX509_CRL\fR @@ -355,70 +280,70 @@ library context or property query string by creating an empty \fBX509\fR, \&\fBX509_REQ\fR or \fBX509_CRL\fR object using \fBX509_new_ex\fR\|(3), \fBX509_REQ_new_ex\fR\|(3) or \fBX509_CRL_new_ex\fR\|(3) respectively. Then pass the empty object as a parameter -to the relevant \s-1PEM\s0 function. See the \*(L"\s-1EXAMPLES\*(R"\s0 section below. +to the relevant PEM function. See the "EXAMPLES" section below. .PP -The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using -an \s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are +The \fBPrivateKey\fR functions read or write a private key in PEM format using +an EVP_PKEY structure. The write routines use PKCS#8 private key format and are equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR. The read functions transparently handle traditional and PKCS#8 format encrypted and unencrypted keys. .PP \&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the -\&\*(L"traditional\*(R" format with a simple private key marker and should only +"traditional" format with a simple private key marker and should only be used for compatibility with legacy programs. .PP \&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private -key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using +key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption algorithms. The \fIcipher\fR argument -specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the -encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If -\&\fIcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo +specifies the encryption algorithm to use: unlike some other PEM routines the +encryption is applied at the PKCS#8 level and not in the PEM headers. If +\&\fIcipher\fR is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. .PP \&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm -to use is specified in the \fInid\fR parameter and should be the \s-1NID\s0 of the -corresponding \s-1OBJECT IDENTIFIER\s0 (see \s-1NOTES\s0 section). +to use is specified in the \fInid\fR parameter and should be the NID of the +corresponding OBJECT IDENTIFIER (see NOTES section). .PP -The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +The \fBPUBKEY\fR functions process a public key using an EVP_PKEY structure. The public key is encoded as a SubjectPublicKeyInfo structure. .PP -The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an -\&\s-1RSA\s0 structure. The write routines uses traditional format. The read +The \fBRSAPrivateKey\fR functions process an RSA private key using an +RSA structure. The write routines uses traditional format. The read routines handles the same formats as the \fBPrivateKey\fR -functions but an error occurs if the private key is not \s-1RSA.\s0 +functions but an error occurs if the private key is not RSA. .PP -The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an -\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +The \fBRSAPublicKey\fR functions process an RSA public key using an +RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey structure. .PP -The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using -an \s-1RSA\s0 structure. However, the public key is encoded using a +The \fBRSA_PUBKEY\fR functions also process an RSA public key using +an RSA structure. However, the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public -key is not \s-1RSA.\s0 +key is not RSA. .PP -The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a -\&\s-1DSA\s0 structure. The write routines uses traditional format. The read +The \fBDSAPrivateKey\fR functions process a DSA private key using a +DSA structure. The write routines uses traditional format. The read routines handles the same formats as the \fBPrivateKey\fR -functions but an error occurs if the private key is not \s-1DSA.\s0 +functions but an error occurs if the private key is not DSA. .PP -The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using -a \s-1DSA\s0 structure. The public key is encoded using a +The \fBDSA_PUBKEY\fR functions process a DSA public key using +a DSA structure. The public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public -key is not \s-1DSA.\s0 +key is not DSA. .PP -The \fBParameters\fR functions read or write key parameters in \s-1PEM\s0 format using -an \s-1EVP_PKEY\s0 structure. The encoding depends on the type of key; for \s-1DSA\s0 key -parameters, it will be a Dss-Parms structure as defined in \s-1RFC2459,\s0 and for \s-1DH\s0 +The \fBParameters\fR functions read or write key parameters in PEM format using +an EVP_PKEY structure. The encoding depends on the type of key; for DSA key +parameters, it will be a Dss\-Parms structure as defined in RFC2459, and for DH key parameters, it will be a PKCS#3 DHparameter structure. \fIThese functions -only exist for the \f(BI\s-1BIO\s0\fI type\fR. +only exist for the \fR\f(BIBIO\fR\fI type\fR. .PP -The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 -structure. The parameters are encoded using a Dss-Parms structure -as defined in \s-1RFC2459.\s0 +The \fBDSAparams\fR functions process DSA parameters using a DSA +structure. The parameters are encoded using a Dss\-Parms structure +as defined in RFC2459. .PP -The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +The \fBDHparams\fR functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter structure. .PP @@ -431,55 +356,57 @@ .PP The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 certificate request using an X509_REQ structure. The \fBX509_REQ\fR -write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas -the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR +write functions use \fBCERTIFICATE REQUEST\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fBNEW CERTIFICATE REQUEST\fR (as required by some CAs). The \fBX509_REQ\fR read functions will handle either form so there are no \fBX509_REQ_NEW\fR read functions. .PP -The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +The \fBX509_CRL\fR functions process an X509 CRL using an X509_CRL structure. .PP -The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +The \fBPKCS7\fR functions process a PKCS#7 ContentInfo using a PKCS7 structure. .SH "PEM FUNCTION ARGUMENTS" .IX Header "PEM FUNCTION ARGUMENTS" -The \s-1PEM\s0 functions have many common arguments. +The PEM functions have many common arguments. .PP -The \fIbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +The \fIbp\fR BIO parameter (if present) specifies the BIO to read from or write to. .PP -The \fIfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +The \fIfp\fR FILE parameter (if present) specifies the FILE pointer to read from or write to. .PP -The \s-1PEM\s0 read functions all take an argument \fI\f(BI\s-1TYPE\s0\fI **x\fR and return -a \fI\f(BI\s-1TYPE\s0\fI *\fR pointer. Where \fI\f(BI\s-1TYPE\s0\fI\fR is whatever structure the function -uses. If \fIx\fR is \s-1NULL\s0 then the parameter is ignored. If \fIx\fR is not -\&\s-1NULL\s0 but \fI*x\fR is \s-1NULL\s0 then the structure returned will be written -to \fI*x\fR. If neither \fIx\fR nor \fI*x\fR is \s-1NULL\s0 then an attempt is made -to reuse the structure at \fI*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +The PEM read functions all take an argument \fR\f(BITYPE\fR\fI **x\fR and return +a \fI\fR\f(BITYPE\fR\fI *\fR pointer. Where \fI\fR\f(BITYPE\fR\fI\fR is whatever structure the function +uses. If \fIx\fR is NULL then the parameter is ignored. If \fIx\fR is not +NULL but \fI*x\fR is NULL then the structure returned will be written +to \fI*x\fR. If neither \fIx\fR nor \fI*x\fR is NULL then an attempt is made +to reuse the structure at \fI*x\fR (but see BUGS and EXAMPLES sections). Irrespective of the value of \fIx\fR a pointer to the structure is always -returned (or \s-1NULL\s0 if an error occurred). +returned (or NULL if an error occurred). The caller retains ownership of the +returned object and needs to free it when it is no longer needed, e.g. +using \fBX509_free()\fR for X509 objects or \fBEVP_PKEY_free()\fR for EVP_PKEY objects. .PP -The \s-1PEM\s0 functions which write private keys take an \fIenc\fR parameter +The PEM functions which write private keys take an \fIenc\fR parameter which specifies the encryption algorithm to use, encryption is done -at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +at the PEM level. If this parameter is set to NULL then the private key is written in unencrypted form. .PP The \fIcb\fR argument is the callback to use when querying for the pass -phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +phrase used for encrypted PEM structures (normally only private keys). .PP -For the \s-1PEM\s0 write routines if the \fIkstr\fR parameter is not \s-1NULL\s0 then +For the PEM write routines if the \fIkstr\fR parameter is not NULL then \&\fIklen\fR bytes at \fIkstr\fR are used as the passphrase and \fIcb\fR is ignored. .PP -If the \fIcb\fR parameters is set to \s-1NULL\s0 and the \fIu\fR parameter is not -\&\s-1NULL\s0 then the \fIu\fR parameter is interpreted as a \s-1NUL\s0 terminated string -to use as the passphrase. If both \fIcb\fR and \fIu\fR are \s-1NULL\s0 then the +If the \fIcb\fR parameters is set to NULL and the \fIu\fR parameter is not +NULL then the \fIu\fR parameter is interpreted as a NUL terminated string +to use as the passphrase. If both \fIcb\fR and \fIu\fR are NULL then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off. .PP The default passphrase callback is sometimes inappropriate (for example -in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +in a GUI application) so an alternative can be supplied. The callback routine has the following form: .PP .Vb 1 @@ -491,23 +418,23 @@ which is set to 0 when reading and 1 when writing. A typical routine will ask the user to verify the passphrase (for example by prompting for it twice) if \fIrwflag\fR is 1. The \fIu\fR parameter has the same -value as the \fIu\fR parameter passed to the \s-1PEM\s0 routine. It allows +value as the \fIu\fR parameter passed to the PEM routine. It allows arbitrary data to be passed to the callback by the application -(for example a window handle in a \s-1GUI\s0 application). The callback +(for example a window handle in a GUI application). The callback \&\fImust\fR return the number of characters in the passphrase or \-1 if an error occurred. The passphrase can be arbitrary data; in the case where it -is a string, it is not \s-1NUL\s0 terminated. See the \*(L"\s-1EXAMPLES\*(R"\s0 section below. +is a string, it is not NUL terminated. See the "EXAMPLES" section below. .PP Some implementations may need to use cryptographic algorithms during their operation. If this is the case and \fIlibctx\fR and \fIpropq\fR parameters have been passed then any algorithm fetches will use that library context and property query string. Otherwise the default library context and property query string will be used. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \s-1PEM\s0 reading functions will skip any extraneous content or \s-1PEM\s0 data of +The PEM reading functions will skip any extraneous content or PEM data of a different type than they expect. This allows for example having a certificate -(or multiple certificates) and a key in the \s-1PEM\s0 format in a single file. +(or multiple certificates) and a key in the PEM format in a single file. .PP The old \fBPrivateKey\fR write routines are retained for compatibility. New applications should write private keys using the @@ -519,7 +446,7 @@ The \fBPrivateKey\fR read routines can be used in all applications because they handle all formats transparently. .PP -A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +A frequent cause of problems is attempting to use the PEM routines like this: .PP .Vb 1 @@ -549,24 +476,24 @@ \& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- .Ve .PP -The line beginning with \fIProc-Type\fR contains the version and the -protection on the encapsulated data. The line beginning \fIDEK-Info\fR +The line beginning with \fIProc\-Type\fR contains the version and the +protection on the encapsulated data. The line beginning \fIDEK\-Info\fR contains two comma separated values: the encryption algorithm name as used by \fBEVP_get_cipherbyname()\fR and an initialization vector used by the cipher encoded as a set of hexadecimal digits. After those two lines is the base64\-encoded encrypted data. .PP -The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's +The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher\*(Aqs initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fIsalt\fR -parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used -(regardless of the size of the initialization vector). The user's +parameter. Internally, \fBPKCS5_SALT_LEN\fR bytes of the salt are used +(regardless of the size of the initialization vector). The user\*(Aqs password is passed to \fBEVP_BytesToKey()\fR using the \fIdata\fR and \fIdatal\fR parameters. Finally, the library uses an iteration count of 1 for \&\fBEVP_BytesToKey()\fR. .PP The \fIkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization vector is then used to decrypt the encrypted data. The \fIiv\fR produced by -\&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to +\&\fBEVP_BytesToKey()\fR is not utilized or needed, and NULL should be passed to the function. .PP The pseudo code to derive the key would look similar to: @@ -587,9 +514,9 @@ \& \& /* On success, use key and iv to initialize the cipher */ .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +The PEM read routines in some versions of OpenSSL will not correctly reuse an existing structure. Therefore, the following: .PP .Vb 1 @@ -607,16 +534,16 @@ allocated, empty \fBX509\fR object (for example allocated via \fBX509_new_ex\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The read routines return either a pointer to the structure read or \s-1NULL\s0 +The read routines return either a pointer to the structure read or NULL if an error occurred. .PP The write routines return 1 for success or 0 for failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Although the \s-1PEM\s0 routines take several arguments in almost all applications -most of them are set to 0 or \s-1NULL.\s0 +Although the PEM routines take several arguments in almost all applications +most of them are set to 0 or NULL. .PP -To read a certificate with a library context in \s-1PEM\s0 format from a \s-1BIO:\s0 +To read a certificate with a library context in PEM format from a BIO: .PP .Vb 1 \& X509 *x = X509_new_ex(libctx, NULL); @@ -628,7 +555,7 @@ \& /* Error */ .Ve .PP -Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +Read a certificate in PEM format from a BIO: .PP .Vb 1 \& X509 *x; @@ -647,23 +574,23 @@ \& /* Error */ .Ve .PP -Write a certificate to a \s-1BIO:\s0 +Write a certificate to a BIO: .PP .Vb 2 \& if (!PEM_write_bio_X509(bp, x)) \& /* Error */ .Ve .PP -Write a private key (using traditional format) to a \s-1BIO\s0 using -triple \s-1DES\s0 encryption, the pass phrase is prompted for: +Write a private key (using traditional format) to a BIO using +triple DES encryption, the pass phrase is prompted for: .PP .Vb 2 \& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) \& /* Error */ .Ve .PP -Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple -\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +Write a private key (using PKCS#8 format) to a BIO using triple +DES encryption, using the pass phrase "hello": .PP .Vb 3 \& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), @@ -671,7 +598,7 @@ \& /* Error */ .Ve .PP -Read a private key from a \s-1BIO\s0 using a pass phrase callback: +Read a private key from a BIO using a pass phrase callback: .PP .Vb 3 \& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); @@ -705,10 +632,10 @@ .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3), \fBEVP_BytesToKey\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The old Netscape certificate sequences were no longer documented -in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead +in OpenSSL 1.1.0; applications should use the PKCS7 standard instead as they will be formally deprecated in a future releases. .PP \&\fBPEM_read_bio_PrivateKey_ex()\fR, \fBPEM_read_PrivateKey_ex()\fR, @@ -729,11 +656,11 @@ \&\fBPEM_write_bio_DSAparams()\fR, \fBPEM_write_DSAparams()\fR, \&\fBPEM_read_bio_DHparams()\fR, \fBPEM_read_DHparams()\fR, \&\fBPEM_write_bio_DHparams()\fR and \fBPEM_write_DHparams()\fR were deprecated in 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3.orig +++ secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_EX 3ossl" -.TH PEM_READ_BIO_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PEM_READ_BIO_EX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,34 +77,34 @@ \& int PEM_read_bio_ex(BIO *in, char **name, char **header, \& unsigned char **data, long *len, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting +\&\fBPEM_read_bio_ex()\fR reads in PEM formatted data from an input BIO, outputting the name of the type of contained data, the header information regarding the possibly encrypted data, and the binary data payload (after base64 decoding). It should generally only be used to implement PEM_read_bio_\-family functions for specific data types or other usage, but is exposed to allow greater flexibility over how processing is performed, if needed. .PP -If \s-1PEM_FLAG_SECURE\s0 is set, the intermediate buffers used to read in lines of +If PEM_FLAG_SECURE is set, the intermediate buffers used to read in lines of input are allocated from the secure heap. .PP -If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace +If PEM_FLAG_EAY_COMPATIBLE is set, a simple algorithm is used to remove whitespace and control characters from the end of each line, so as to be compatible with the historical behavior of \fBPEM_read_bio()\fR. .PP -If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 +If PEM_FLAG_ONLY_B64 is set, all characters are required to be valid base64 characters (or newlines); non\-base64 characters are treated as end of input. .PP -If neither \s-1PEM_FLAG_EAY_COMPATIBLE\s0 or \s-1PEM_FLAG_ONLY_B64\s0 is set, control characters +If neither PEM_FLAG_EAY_COMPATIBLE or PEM_FLAG_ONLY_B64 is set, control characters are ignored. .PP -If both \s-1PEM_FLAG_EAY_COMPATIBLE\s0 and \s-1PEM_FLAG_ONLY_B64\s0 are set, an error is returned; +If both PEM_FLAG_EAY_COMPATIBLE and PEM_FLAG_ONLY_B64 are set, an error is returned; these options are not compatible with each other. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The caller must release the storage allocated for *name, *header, and *data. -If \s-1PEM_FLAG_SECURE\s0 was set, use \fBOPENSSL_secure_free()\fR; otherwise, +If PEM_FLAG_SECURE was set, use \fBOPENSSL_secure_free()\fR; otherwise, \&\fBOPENSSL_free()\fR is used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -187,14 +112,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_bytes_read_bio\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3.orig +++ secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_CMS_STREAM 3ossl" -.TH PEM_WRITE_BIO_CMS_STREAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PEM_WRITE_BIO_CMS_STREAM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in PEM format. .PP It is otherwise identical to the function \fBSMIME_write_CMS()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting streaming. @@ -167,14 +92,14 @@ \&\fBPEM_write\fR\|(3), \&\fBSMIME_write_CMS\fR\|(3), \&\fBi2d_CMS_bio_stream\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3.orig +++ secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3ossl" -.TH PEM_WRITE_BIO_PKCS7_STREAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. +\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a PKCS7 structure in PEM format. .PP It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting streaming. @@ -166,14 +91,14 @@ \&\fBPKCS7_decrypt\fR\|(3), \&\fBSMIME_write_PKCS7\fR\|(3), \&\fBi2d_PKCS7_bio_stream\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_PBE_keyivgen.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_PBE_keyivgen.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_PBE_KEYIVGEN 3ossl" -.TH PKCS12_PBE_KEYIVGEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_PBE_KEYIVGEN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_PBE_keyivgen, PKCS12_PBE_keyivgen_ex, PKCS12_pbe_crypt, PKCS12_pbe_crypt_ex \- PKCS#12 Password based encryption -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,7 +90,7 @@ \& int en_de, OSSL_LIB_CTX *libctx, \& const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS12_PBE_keyivgen()\fR and \fBPKCS12_PBE_keyivgen_ex()\fR take a password \fIpass\fR of length \fIpasslen\fR, parameters \fIparam\fR and a message digest function \fImd_type\fR @@ -179,7 +104,7 @@ .PP \&\fBPKCS12_pbe_crypt()\fR and \fBPKCS12_pbe_crypt_ex()\fR will encrypt or decrypt a buffer based on the algorithm in \fIalgor\fR and password \fIpass\fR of length \fIpasslen\fR. -The input is from \fIin\fR of length \fIinlen\fR and output is into a malloc'd buffer +The input is from \fIin\fR of length \fIinlen\fR and output is into a malloc\*(Aqd buffer returned in \fI*data\fR of length \fIdatalen\fR. The operation is determined by \fIen_de\fR, encryption (\fIen_de\fR=1) or decryption (\fIen_de\fR=0). .PP @@ -188,23 +113,23 @@ implementations. .PP \&\fIpass\fR is the password used in the derivation of length \fIpasslen\fR. \fIpass\fR -is an optional parameter and can be \s-1NULL.\s0 If \fIpasslen\fR is \-1, then the +is an optional parameter and can be NULL. If \fIpasslen\fR is \-1, then the function will calculate the length of \fIpass\fR using \fBstrlen()\fR. .PP \&\fIsalt\fR is the salt used in the derivation of length \fIsaltlen\fR. If the -\&\fIsalt\fR is \s-1NULL,\s0 then \fIsaltlen\fR must be 0. The function will not +\&\fIsalt\fR is NULL, then \fIsaltlen\fR must be 0. The function will not attempt to calculate the length of the \fIsalt\fR because it is not assumed to -be \s-1NULL\s0 terminated. +be NULL terminated. .PP \&\fIiter\fR is the iteration count and its value should be greater than or -equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any \&\fIiter\fR less than 1 is treated as a single iteration. .PP \&\fIdigest\fR is the message digest function used in the derivation. .PP Functions ending in \fB_ex()\fR take optional parameters \fIlibctx\fR and \fIpropq\fR which are used to select appropriate algorithm implementations. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The functions are typically used in PKCS#12 to encrypt objects. .PP @@ -215,23 +140,23 @@ \&\fBPKCS12_PBE_keyivgen()\fR, \fBPKCS12_PBE_keyivgen_ex()\fR return 1 on success or 0 on error. .PP \&\fBPKCS12_pbe_crypt()\fR and \fBPKCS12_pbe_crypt_ex()\fR return a buffer containing the -output or \s-1NULL\s0 if an error occurred. +output or NULL if an error occurred. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PBE_CipherInit_ex\fR\|(3), \&\fBPKCS8_encrypt_ex\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_PBE_keyivgen_ex()\fR and \fBPKCS12_pbe_crypt_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_create_cert.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_create_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_SAFEBAG_CREATE_CERT 3ossl" -.TH PKCS12_SAFEBAG_CREATE_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_SAFEBAG_CREATE_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_SAFEBAG_create_cert, PKCS12_SAFEBAG_create_crl, PKCS12_SAFEBAG_create_secret, PKCS12_SAFEBAG_create0_p8inf, PKCS12_SAFEBAG_create0_pkcs8, PKCS12_SAFEBAG_create_pkcs8_encrypt, PKCS12_SAFEBAG_create_pkcs8_encrypt_ex \- Create PKCS#12 safeBag objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -170,35 +95,35 @@ \& OSSL_LIB_CTX *ctx, \& const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_SAFEBAG_create_cert()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type \fBNID_certBag\fR +\&\fBPKCS12_SAFEBAG_create_cert()\fR creates a new \fBPKCS12_SAFEBAG\fR of type \fBNID_certBag\fR containing the supplied certificate. .PP -\&\fBPKCS12_SAFEBAG_create_crl()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type \fBNID_crlBag\fR +\&\fBPKCS12_SAFEBAG_create_crl()\fR creates a new \fBPKCS12_SAFEBAG\fR of type \fBNID_crlBag\fR containing the supplied crl. .PP -\&\fBPKCS12_SAFEBAG_create_secret()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type +\&\fBPKCS12_SAFEBAG_create_secret()\fR creates a new \fBPKCS12_SAFEBAG\fR of type corresponding to a PKCS#12 \fBsecretBag\fR. The \fBsecretBag\fR contents are tagged as -\&\fItype\fR with an \s-1ASN1\s0 value of type \fIvtype\fR constructed using the bytes in +\&\fItype\fR with an ASN1 value of type \fIvtype\fR constructed using the bytes in \&\fIvalue\fR of length \fIlen\fR. .PP -\&\fBPKCS12_SAFEBAG_create0_p8inf()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type \fBNID_keyBag\fR -containing the supplied \s-1PKCS8\s0 structure. +\&\fBPKCS12_SAFEBAG_create0_p8inf()\fR creates a new \fBPKCS12_SAFEBAG\fR of type \fBNID_keyBag\fR +containing the supplied PKCS8 structure. .PP -\&\fBPKCS12_SAFEBAG_create0_pkcs8()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type -\&\fBNID_pkcs8ShroudedKeyBag\fR containing the supplied \s-1PKCS8\s0 structure. +\&\fBPKCS12_SAFEBAG_create0_pkcs8()\fR creates a new \fBPKCS12_SAFEBAG\fR of type +\&\fBNID_pkcs8ShroudedKeyBag\fR containing the supplied PKCS8 structure. .PP -\&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type -\&\fBNID_pkcs8ShroudedKeyBag\fR by encrypting the supplied \s-1PKCS8\s0 \fIp8inf\fR. +\&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt()\fR creates a new \fBPKCS12_SAFEBAG\fR of type +\&\fBNID_pkcs8ShroudedKeyBag\fR by encrypting the supplied PKCS8 \fIp8inf\fR. If \fIpbe_nid\fR is 0, a default encryption algorithm is used. \fIpass\fR is the passphrase and \fIiter\fR is the iteration count. If \fIiter\fR is zero then a default -value of 2048 is used. If \fIsalt\fR is \s-1NULL\s0 then a salt is generated randomly. +value of 2048 is used. If \fIsalt\fR is NULL then a salt is generated randomly. .PP \&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt_ex()\fR is identical to \fBPKCS12_SAFEBAG_create_pkcs8_encrypt()\fR but allows for a library context \fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt()\fR makes assumptions regarding the encoding of the given pass phrase. @@ -207,23 +132,23 @@ \&\fBPKCS12_SAFEBAG_create_secret()\fR was added in OpenSSL 3.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -All of these functions return a valid \fB\s-1PKCS12_SAFEBAG\s0\fR structure or \s-1NULL\s0 if an error occurred. +All of these functions return a valid \fBPKCS12_SAFEBAG\fR structure or NULL if an error occurred. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_create\fR\|(3), \&\fBPKCS12_add_safe\fR\|(3), \&\fBPKCS12_add_safes\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get0_attrs.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get0_attrs.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_SAFEBAG_GET0_ATTRS 3ossl" -.TH PKCS12_SAFEBAG_GET0_ATTRS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_SAFEBAG_GET0_ATTRS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen \&\- Retrieve attributes from a PKCS#12 safeBag -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,32 +76,32 @@ \& ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, \& int attr_nid); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS12_SAFEBAG_get0_attrs()\fR retrieves the stack of \fBX509_ATTRIBUTE\fRs from a -PKCS#12 safeBag. \fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to retrieve the attributes from. +PKCS#12 safeBag. \fIbag\fR is the \fBPKCS12_SAFEBAG\fR to retrieve the attributes from. .PP -\&\fBPKCS12_get_attr_gen()\fR retrieves an attribute by \s-1NID\s0 from a stack of -\&\fBX509_ATTRIBUTE\fRs. \fIattr_nid\fR is the \s-1NID\s0 of the attribute to retrieve. +\&\fBPKCS12_get_attr_gen()\fR retrieves an attribute by NID from a stack of +\&\fBX509_ATTRIBUTE\fRs. \fIattr_nid\fR is the NID of the attribute to retrieve. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS12_SAFEBAG_get0_attrs()\fR returns the stack of \fBX509_ATTRIBUTE\fRs from a PKCS#12 safeBag, which could be empty. .PP -\&\fBPKCS12_get_attr_gen()\fR returns an \fB\s-1ASN1_TYPE\s0\fR object containing the attribute, -or \s-1NULL\s0 if the attribute was either not present or an error occurred. +\&\fBPKCS12_get_attr_gen()\fR returns an \fBASN1_TYPE\fR object containing the attribute, +or NULL if the attribute was either not present or an error occurred. .PP \&\fBPKCS12_get_attr_gen()\fR does not allocate a new attribute. The returned attribute -is still owned by the \fB\s-1PKCS12_SAFEBAG\s0\fR in which it resides. +is still owned by the \fBPKCS12_SAFEBAG\fR in which it resides. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_get_friendlyname\fR\|(3), \&\fBPKCS12_add_friendlyname_asc\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get1_cert.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get1_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_SAFEBAG_GET1_CERT 3ossl" -.TH PKCS12_SAFEBAG_GET1_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_SAFEBAG_GET1_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_SAFEBAG_get0_attr, PKCS12_SAFEBAG_get0_type, PKCS12_SAFEBAG_get_nid, PKCS12_SAFEBAG_get_bag_nid, PKCS12_SAFEBAG_get0_bag_obj, PKCS12_SAFEBAG_get0_bag_type, PKCS12_SAFEBAG_get1_cert, PKCS12_SAFEBAG_get1_crl, PKCS12_SAFEBAG_get0_safes, PKCS12_SAFEBAG_get0_p8inf, PKCS12_SAFEBAG_get0_pkcs8 \- Get objects from a PKCS#12 safeBag -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,44 +88,44 @@ \& const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); \& const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS12_SAFEBAG_get0_attr()\fR gets the attribute value corresponding to the \fBattr_nid\fR. .PP -\&\fBPKCS12_SAFEBAG_get0_type()\fR gets the \fBsafeBag\fR type as an \s-1OID,\s0 whereas -\&\fBPKCS12_SAFEBAG_get_nid()\fR gets the \fBsafeBag\fR type as an \s-1NID,\s0 which could be +\&\fBPKCS12_SAFEBAG_get0_type()\fR gets the \fBsafeBag\fR type as an OID, whereas +\&\fBPKCS12_SAFEBAG_get_nid()\fR gets the \fBsafeBag\fR type as an NID, which could be \&\fBNID_certBag\fR, \fBNID_crlBag\fR, \fBNID_keyBag\fR, \fBNID_secretBag\fR, \fBNID_safeContentsBag\fR or \fBNID_pkcs8ShroudedKeyBag\fR. .PP \&\fBPKCS12_SAFEBAG_get_bag_nid()\fR gets the type of the object contained within the -\&\fB\s-1PKCS12_SAFEBAG\s0\fR. This corresponds to the bag type for most bags, but can be -arbitrary for \fBsecretBag\fRs. \fBPKCS12_SAFEBAG_get0_bag_type()\fR gets this type as an \s-1OID.\s0 +\&\fBPKCS12_SAFEBAG\fR. This corresponds to the bag type for most bags, but can be +arbitrary for \fBsecretBag\fRs. \fBPKCS12_SAFEBAG_get0_bag_type()\fR gets this type as an OID. .PP \&\fBPKCS12_SAFEBAG_get0_bag_obj()\fR retrieves the object contained within the safeBag. .PP \&\fBPKCS12_SAFEBAG_get1_cert()\fR and \fBPKCS12_SAFEBAG_get1_crl()\fR return new \fBX509\fR or \&\fBX509_CRL\fR objects from the item in the safeBag. .PP -\&\fBPKCS12_SAFEBAG_get0_p8inf()\fR and \fBPKCS12_SAFEBAG_get0_pkcs8()\fR return the \s-1PKCS8\s0 object +\&\fBPKCS12_SAFEBAG_get0_p8inf()\fR and \fBPKCS12_SAFEBAG_get0_pkcs8()\fR return the PKCS8 object from a PKCS8shroudedKeyBag or a keyBag. .PP \&\fBPKCS12_SAFEBAG_get0_safes()\fR retrieves the set of \fBsafeBags\fR contained within a safeContentsBag. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS12_SAFEBAG_get_nid()\fR and \fBPKCS12_SAFEBAG_get_bag_nid()\fR return the \s-1NID\s0 of the safeBag -or bag object, or \-1 if there is no corresponding \s-1NID.\s0 -Other functions return a valid object of the specified type or \s-1NULL\s0 if an error occurred. +\&\fBPKCS12_SAFEBAG_get_nid()\fR and \fBPKCS12_SAFEBAG_get_bag_nid()\fR return the NID of the safeBag +or bag object, or \-1 if there is no corresponding NID. +Other functions return a valid object of the specified type or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_create\fR\|(3), \&\fBPKCS12_add_safe\fR\|(3), \&\fBPKCS12_add_safes\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_add1_attr_by_NID.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_add1_attr_by_NID.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_ADD1_ATTR_BY_NID 3ossl" -.TH PKCS12_ADD1_ATTR_BY_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_ADD1_ATTR_BY_NID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_add1_attr_by_NID, PKCS12_add1_attr_by_txt \- Add an attribute to a PKCS#12 safeBag structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,16 +76,16 @@ \& int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, \& const unsigned char *bytes, int len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions add a PKCS#12 Attribute to the Attribute Set of the \fBbag\fR. .PP -\&\fBPKCS12_add1_attr_by_NID()\fR adds an attribute of type \fBnid\fR with a value of \s-1ASN1\s0 +\&\fBPKCS12_add1_attr_by_NID()\fR adds an attribute of type \fBnid\fR with a value of ASN1 type \fBtype\fR constructed using \fBlen\fR bytes from \fBbytes\fR. .PP \&\fBPKCS12_add1_attr_by_txt()\fR adds an attribute of type \fBattrname\fR with a value of -\&\s-1ASN1\s0 type \fBtype\fR constructed using \fBlen\fR bytes from \fBbytes\fR. -.SH "NOTES" +ASN1 type \fBtype\fR constructed using \fBlen\fR bytes from \fBbytes\fR. +.SH NOTES .IX Header "NOTES" These functions do not check whether an existing attribute of the same type is present. There can be multiple attributes with the same type assigned to a @@ -173,11 +98,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_create\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_add_CSPName_asc.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_add_CSPName_asc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,100 +53,41 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_ADD_CSPNAME_ASC 3ossl" -.TH PKCS12_ADD_CSPNAME_ASC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_ADD_CSPNAME_ASC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_add_CSPName_asc \- Add a Microsoft CSP Name attribute to a PKCS#12 safeBag -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_add_CSPName_asc()\fR adds an \s-1ASCII\s0 string representation of the Microsoft \s-1CSP\s0 Name attribute to a PKCS#12 safeBag. +\&\fBPKCS12_add_CSPName_asc()\fR adds an ASCII string representation of the Microsoft CSP Name attribute to a PKCS#12 safeBag. .PP -\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +\&\fIbag\fR is the \fBPKCS12_SAFEBAG\fR to add the attribute to. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_add_friendlyname_asc\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_add_cert.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_add_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_ADD_CERT 3ossl" -.TH PKCS12_ADD_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_ADD_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_add_cert, PKCS12_add_key, PKCS12_add_key_ex, PKCS12_add_secret \- Add an object to a set of PKCS#12 safeBags -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,16 +83,16 @@ \& PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, \& int nid_type, const unsigned char *value, int len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions create a new \fB\s-1PKCS12_SAFEBAG\s0\fR and add it to the set of safeBags +These functions create a new \fBPKCS12_SAFEBAG\fR and add it to the set of safeBags in \fIpbags\fR. .PP \&\fBPKCS12_add_cert()\fR creates a PKCS#12 certBag containing the supplied certificate and adds this to the set of PKCS#12 safeBags. .PP \&\fBPKCS12_add_key()\fR creates a PKCS#12 keyBag (unencrypted) or a pkcs8shroudedKeyBag -(encrypted) containing the supplied \fB\s-1EVP_PKEY\s0\fR and adds this to the set of PKCS#12 +(encrypted) containing the supplied \fBEVP_PKEY\fR and adds this to the set of PKCS#12 safeBags. If \fIkey_nid\fR is not \-1 then the key is encrypted with the supplied algorithm, using \fIpass\fR as the passphrase and \fIiter\fR as the iteration count. If \&\fIiter\fR is zero then a default value for iteration count of 2048 is used. @@ -176,35 +101,35 @@ context \fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations. .PP -\&\fBPKCS12_add_secret()\fR creates a PKCS#12 secretBag with an \s-1OID\s0 corresponding to -the supplied \fInid_type\fR containing the supplied value as an \s-1ASN1\s0 octet string. +\&\fBPKCS12_add_secret()\fR creates a PKCS#12 secretBag with an OID corresponding to +the supplied \fInid_type\fR containing the supplied value as an ASN1 octet string. This is then added to the set of PKCS#12 safeBags. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" If a certificate contains an \fIalias\fR or a \fIkeyid\fR then this will be used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the -\&\s-1PKCS12\s0 structure. +PKCS12 structure. .PP \&\fBPKCS12_add_key()\fR makes assumptions regarding the encoding of the given pass phrase. See \fBpassphrase\-encoding\fR\|(7) for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -A valid \fB\s-1PKCS12_SAFEBAG\s0\fR structure or \s-1NULL\s0 if an error occurred. +A valid \fBPKCS12_SAFEBAG\fR structure or NULL if an error occurred. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_create\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_add_secret()\fR and \fBPKCS12_add_key_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_add_friendlyname_asc.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_add_friendlyname_asc.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_ADD_FRIENDLYNAME_ASC 3ossl" -.TH PKCS12_ADD_FRIENDLYNAME_ASC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_ADD_FRIENDLYNAME_ASC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_add_friendlyname_asc, PKCS12_add_friendlyname_utf8, PKCS12_add_friendlyname_uni \- Functions to add the friendlyname attribute to a PKCS#12 safeBag -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,29 +81,29 @@ \& int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, \& const unsigned char *name, int namelen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_add_friendlyname_asc()\fR adds an \s-1ASCII\s0 string representation of the PKCS#9 +\&\fBPKCS12_add_friendlyname_asc()\fR adds an ASCII string representation of the PKCS#9 friendlyName attribute to a PKCS#12 safeBag. .PP -\&\fBPKCS12_add_friendlyname_utf8()\fR adds a \s-1UTF\-8\s0 string representation of the PKCS#9 +\&\fBPKCS12_add_friendlyname_utf8()\fR adds a UTF\-8 string representation of the PKCS#9 friendlyName attribute to a PKCS#12 safeBag. .PP \&\fBPKCS12_add_friendlyname_uni()\fR adds a Unicode string representation of the PKCS#9 friendlyName attribute to a PKCS#12 safeBag. .PP -\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +\&\fIbag\fR is the \fBPKCS12_SAFEBAG\fR to add the attribute to. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_get_friendlyname\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_add_localkeyid.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_add_localkeyid.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_ADD_LOCALKEYID 3ossl" -.TH PKCS12_ADD_LOCALKEYID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_ADD_LOCALKEYID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_add_localkeyid \- Add the localKeyId attribute to a PKCS#12 safeBag -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,23 +73,23 @@ \& int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, const char *name, \& int namelen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS12_add_localkeyid()\fR adds an octet string representation of the PKCS#9 localKeyId attribute to a PKCS#12 safeBag. .PP -\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +\&\fIbag\fR is the \fBPKCS12_SAFEBAG\fR to add the attribute to. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_add_friendlyname_asc\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_add_safe.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_add_safe.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_ADD_SAFE 3ossl" -.TH PKCS12_ADD_SAFE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_ADD_SAFE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_add_safe, PKCS12_add_safe_ex, PKCS12_add_safes, PKCS12_add_safes_ex \- Create and add objects to a PKCS#12 structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,34 +81,34 @@ \& PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int p7_nid, \& OSSL_LIB_CTX *ctx, const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_add_safe()\fR creates a new \s-1PKCS7\s0 contentInfo containing the supplied -\&\fB\s-1PKCS12_SAFEBAG\s0\fRs and adds this to a set of \s-1PKCS7\s0 contentInfos. Its type +\&\fBPKCS12_add_safe()\fR creates a new PKCS7 contentInfo containing the supplied +\&\fBPKCS12_SAFEBAG\fRs and adds this to a set of PKCS7 contentInfos. Its type depends on the value of \fBsafe_nid\fR: -.IP "\(bu" 4 -If \fIsafe_nid\fR is \-1, a plain \s-1PKCS7\s0 \fIdata\fR contentInfo is created. -.IP "\(bu" 4 -If \fIsafe_nid\fR is a valid \s-1PBE\s0 algorithm \s-1NID,\s0 a \s-1PKCS7\s0 \fBencryptedData\fR +.IP \(bu 4 +If \fIsafe_nid\fR is \-1, a plain PKCS7 \fIdata\fR contentInfo is created. +.IP \(bu 4 +If \fIsafe_nid\fR is a valid PBE algorithm NID, a PKCS7 \fBencryptedData\fR contentInfo is created. The algorithm uses \fIpass\fR as the passphrase and \fIiter\fR as the iteration count. If \fIiter\fR is zero then a default value for iteration count of 2048 is used. -.IP "\(bu" 4 -If \fIsafe_nid\fR is 0, a \s-1PKCS7\s0 \fBencryptedData\fR contentInfo is created using +.IP \(bu 4 +If \fIsafe_nid\fR is 0, a PKCS7 \fBencryptedData\fR contentInfo is created using a default encryption algorithm, currently \fBNID_pbe_WithSHA1And3_Key_TripleDES_CBC\fR. .PP \&\fBPKCS12_add_safe_ex()\fR is identical to \fBPKCS12_add_safe()\fR but allows for a library context \fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations. .PP -\&\fBPKCS12_add_safes()\fR creates a \fB\s-1PKCS12\s0\fR structure containing the supplied set of -\&\s-1PKCS7\s0 contentInfos. The \fIsafes\fR are enclosed first within a \s-1PKCS7\s0 contentInfo +\&\fBPKCS12_add_safes()\fR creates a \fBPKCS12\fR structure containing the supplied set of +PKCS7 contentInfos. The \fIsafes\fR are enclosed first within a PKCS7 contentInfo of type \fIp7_nid\fR. Currently the only supported type is \fBNID_pkcs7_data\fR. .PP \&\fBPKCS12_add_safes_ex()\fR is identical to \fBPKCS12_add_safes()\fR but allows for a library context \fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBPKCS12_add_safe()\fR makes assumptions regarding the encoding of the given pass phrase. @@ -192,21 +117,21 @@ .IX Header "RETURN VALUES" \&\fBPKCS12_add_safe()\fR returns a value of 1 indicating success or 0 for failure. .PP -\&\fBPKCS12_add_safes()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBPKCS12_add_safes()\fR returns a valid \fBPKCS12\fR structure or NULL if an error occurred. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_create\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_add_safe_ex()\fR and \fBPKCS12_add_safes_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_create.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_create.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_CREATE 3ossl" -.TH PKCS12_CREATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_CREATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_create, PKCS12_create_ex \- create a PKCS#12 structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,88 +78,94 @@ \& int iter, int mac_iter, int keytype, \& OSSL_LIB_CTX *ctx, const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS12_create()\fR creates a PKCS#12 structure. .PP \&\fIpass\fR is the passphrase to use. \fIname\fR is the \fBfriendlyName\fR to use for the supplied certificate and key. \fIpkey\fR is the private key to include in -the structure and \fIcert\fR its corresponding certificates. \fIca\fR, if not \fB\s-1NULL\s0\fR +the structure and \fIcert\fR its corresponding certificates. \fIca\fR, if not \fBNULL\fR is an optional set of certificates to also include in the structure. .PP \&\fInid_key\fR and \fInid_cert\fR are the encryption algorithms that should be used for the key and certificate respectively. The modes -\&\s-1GCM, CCM, XTS,\s0 and \s-1OCB\s0 are unsupported. \fIiter\fR is the encryption algorithm -iteration count to use and \fImac_iter\fR is the \s-1MAC\s0 iteration count to use. +GCM, CCM, XTS, and OCB are unsupported. \fIiter\fR is the encryption algorithm +iteration count to use and \fImac_iter\fR is the MAC iteration count to use. \&\fIkeytype\fR is the type of key. .PP \&\fBPKCS12_create_ex()\fR is identical to \fBPKCS12_create()\fR but allows for a library context \&\fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The parameters \fInid_key\fR, \fInid_cert\fR, \fIiter\fR, \fImac_iter\fR and \fIkeytype\fR can all be set to zero and sensible defaults will be used. .PP -These defaults are: \s-1AES\s0 password based encryption (\s-1PBES2\s0 with \s-1PBKDF2\s0 and -\&\s-1AES\-256\-CBC\s0) for private keys and certificates, the \s-1PBKDF2\s0 and \s-1MAC\s0 key -derivation iteration count of \fB\s-1PKCS12_DEFAULT_ITER\s0\fR (currently 2048), and -\&\s-1MAC\s0 algorithm \s-1HMAC\s0 with \s-1SHA2\-256.\s0 The \s-1MAC\s0 key derivation algorithm used -for the outer PKCS#12 structure is \s-1PKCS12KDF.\s0 +These defaults are: AES password based encryption (PBES2 with PBKDF2 and +AES\-256\-CBC) for private keys and certificates, the PBKDF2 and MAC key +derivation iteration count of \fBPKCS12_DEFAULT_ITER\fR (currently 2048), and +MAC algorithm HMAC with SHA2\-256. The MAC key derivation algorithm used +for the outer PKCS#12 structure is PKCS12KDF. .PP -The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with -old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility -is not required then \fImac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 +The default MAC iteration count is 1 in order to retain compatibility with +old software which did not interpret MAC iteration counts. If such compatibility +is not required then \fImac_iter\fR should be set to PKCS12_DEFAULT_ITER. .PP \&\fIkeytype\fR adds a flag to the store private key. This is a non standard extension -that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, -if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +that is only currently interpreted by MSIE. If set to zero the flag is omitted, +if set to \fBKEY_SIG\fR the key can be used for signing only, if set to \fBKEY_EX\fR it can be used for signing and encryption. This option was useful for old export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. .PP -If a certificate contains an \fIalias\fR or \fIkeyid\fR then this will be -used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the -\&\s-1PKCS12\s0 structure. +If \fIname\fR is \fBNULL\fR and \fIcert\fR contains an \fIalias\fR then this will be +used for the corresponding \fBfriendlyName\fR in the PKCS12 structure instead. +Similarly, if \fIpkey\fR is NULL and \fIcert\fR contains a \fIkeyid\fR then this will be +used for the corresponding \fBlocalKeyID\fR in the PKCS12 structure instead of the +id calculated from the \fIpkey\fR. +.PP +For all certificates in \fIca\fR then if a certificate contains an \fIalias\fR or +\&\fIkeyid\fR then this will be used for the corresponding \fBfriendlyName\fR or +\&\fBlocalKeyID\fR in the PKCS12 structure. .PP -Either \fIpkey\fR, \fIcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or +Either \fIpkey\fR, \fIcert\fR or both can be \fBNULL\fR to indicate that no key or certificate is required. In previous versions both had to be present or a fatal error is returned. .PP \&\fInid_key\fR or \fInid_cert\fR can be set to \-1 indicating that no encryption should be used. .PP -\&\fImac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. -This can be useful when running with the \s-1FIPS\s0 provider as the \s-1PKCS12KDF\s0 -is not a \s-1FIPS\s0 approvable algorithm. +\&\fImac_iter\fR can be set to \-1 and the MAC will then be omitted entirely. +This can be useful when running with the FIPS provider as the PKCS12KDF +is not a FIPS approvable algorithm. .PP \&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass phrase. See \fBpassphrase\-encoding\fR\|(7) for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBPKCS12_create()\fR returns a valid \fBPKCS12\fR structure or NULL if an error occurred. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\-PKCS12KDF\s0\fR\|(7), +\&\fBEVP_KDF\-PKCS12KDF\fR\|(7), \&\fBd2i_PKCS12\fR\|(3), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_create_ex()\fR was added in OpenSSL 3.0. .PP -The defaults for encryption algorithms, \s-1MAC\s0 algorithm, and the \s-1MAC\s0 key +The defaults for encryption algorithms, MAC algorithm, and the MAC key derivation iteration count were changed in OpenSSL 3.0 to more modern standards. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_decrypt_skey.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_decrypt_skey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_DECRYPT_SKEY 3ossl" -.TH PKCS12_DECRYPT_SKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_DECRYPT_SKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_decrypt_skey, PKCS12_decrypt_skey_ex \- PKCS12 shrouded keyBag decrypt functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,7 +78,7 @@ \& OSSL_LIB_CTX *ctx, \& const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS12_decrypt_skey()\fR Decrypt the PKCS#8 shrouded keybag contained within \fIbag\fR using the supplied password \fIpass\fR of length \fIpasslen\fR. @@ -162,24 +87,24 @@ \&\fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Both functions will return the decrypted key or \s-1NULL\s0 if an error occurred. +Both functions will return the decrypted key or NULL if an error occurred. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS8_decrypt_ex\fR\|(3), \&\fBPKCS8_encrypt_ex\fR\|(3), \&\fBPKCS12_add_key_ex\fR\|(3), \&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_decrypt_skey_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_gen_mac.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_gen_mac.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_GEN_MAC 3ossl" -.TH PKCS12_GEN_MAC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_GEN_MAC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, PKCS12_verify_mac \- Functions to create and manipulate a PKCS#12 structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,26 +80,26 @@ \& int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, \& int saltlen, const EVP_MD *md_type); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_gen_mac()\fR generates an \s-1HMAC\s0 over the entire PKCS#12 object using the +\&\fBPKCS12_gen_mac()\fR generates an HMAC over the entire PKCS#12 object using the supplied password along with a set of already configured parameters. -The default key generation mechanism used is \s-1PKCS12KDF.\s0 +The default key generation mechanism used is PKCS12KDF. .PP -\&\fBPKCS12_verify_mac()\fR verifies the PKCS#12 object's \s-1HMAC\s0 using the supplied +\&\fBPKCS12_verify_mac()\fR verifies the PKCS#12 object\*(Aqs HMAC using the supplied password. .PP -\&\fBPKCS12_setup_mac()\fR sets the \s-1MAC\s0 part of the PKCS#12 structure with the supplied +\&\fBPKCS12_setup_mac()\fR sets the MAC part of the PKCS#12 structure with the supplied parameters. .PP -\&\fBPKCS12_set_mac()\fR sets the \s-1MAC\s0 and \s-1MAC\s0 parameters into the PKCS#12 object. +\&\fBPKCS12_set_mac()\fR sets the MAC and MAC parameters into the PKCS#12 object. .PP -\&\fIpass\fR is the passphrase to use in the \s-1HMAC.\s0 \fIsalt\fR is the salt value to use, +\&\fIpass\fR is the passphrase to use in the HMAC. \fIsalt\fR is the salt value to use, \&\fIiter\fR is the iteration count and \fImd_type\fR is the message digest function to use. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -If \fIsalt\fR is \s-1NULL\s0 then a suitable salt will be generated and used. +If \fIsalt\fR is NULL then a suitable salt will be generated and used. .PP If \fIiter\fR is 1 then an iteration count will be omitted from the PKCS#12 structure. @@ -187,18 +112,18 @@ All functions return 1 on success and 0 if an error occurred. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_PKCS12\fR\|(3), -\&\s-1\fBEVP_KDF\-PKCS12KDF\s0\fR\|(7), +\&\fBEVP_KDF\-PKCS12KDF\fR\|(7), \&\fBPKCS12_create\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_get_friendlyname.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_get_friendlyname.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,103 +53,44 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_GET_FRIENDLYNAME 3ossl" -.TH PKCS12_GET_FRIENDLYNAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_GET_FRIENDLYNAME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_get_friendlyname \- Retrieve the friendlyname attribute from a PKCS#12 safeBag -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_get_friendlyname()\fR retrieves a \s-1UTF\-8\s0 string representation of the PKCS#9 +\&\fBPKCS12_get_friendlyname()\fR retrieves a UTF\-8 string representation of the PKCS#9 friendlyName attribute for a PKCS#12 safeBag item. .PP -\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to retrieve the attribute from. +\&\fIbag\fR is the \fBPKCS12_SAFEBAG\fR to retrieve the attribute from. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -A \s-1UTF\-8\s0 string, or \s-1NULL\s0 if the attribute was either not present or an error occurred. +A UTF\-8 string, or NULL if the attribute was either not present or an error occurred. .PP The returned string is allocated by OpenSSL and should be freed by the user. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_add_friendlyname_asc\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_init.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_init.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_INIT 3ossl" -.TH PKCS12_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_INIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_init, PKCS12_init_ex \- Create a new empty PKCS#12 structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,7 +73,7 @@ \& PKCS12 *PKCS12_init(int mode); \& PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS12_init()\fR creates an empty PKCS#12 structure. Any PKCS#7 authSafes added to this structure are enclosed first within a single PKCS#7 contentInfo @@ -156,24 +81,24 @@ .PP \&\fBPKCS12_init_ex()\fR creates an empty PKCS#12 structure and assigns the supplied \&\fIctx\fR and \fIpropq\fR to be used to select algorithm implementations for -operations performed on the \fB\s-1PKCS12\s0\fR object. +operations performed on the \fBPKCS12\fR object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS12_init()\fR and \fBPKCS12_init_ex()\fR return a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 +\&\fBPKCS12_init()\fR and \fBPKCS12_init_ex()\fR return a valid \fBPKCS12\fR structure or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_PKCS12\fR\|(3), \&\fBPKCS12_create\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_init_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_item_decrypt_d2i.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_item_decrypt_d2i.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_ITEM_DECRYPT_D2I 3ossl" -.TH PKCS12_ITEM_DECRYPT_D2I 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_ITEM_DECRYPT_D2I 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_item_decrypt_d2i, PKCS12_item_decrypt_d2i_ex, PKCS12_item_i2d_encrypt, PKCS12_item_i2d_encrypt_ex \- PKCS12 item encrypt/decrypt functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -166,14 +91,14 @@ \& OSSL_LIB_CTX *ctx, \& const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS12_item_decrypt_d2i()\fR and \fBPKCS12_item_decrypt_d2i_ex()\fR decrypt an octet -string containing an \s-1ASN.1\s0 encoded object using the algorithm \fIalgor\fR and +string containing an ASN.1 encoded object using the algorithm \fIalgor\fR and password \fIpass\fR of length \fIpasslen\fR. If \fIzbuf\fR is nonzero then the output buffer will zeroed after the decrypt. .PP -\&\fBPKCS12_item_i2d_encrypt()\fR and \fBPKCS12_item_i2d_encrypt_ex()\fR encrypt an \s-1ASN.1\s0 +\&\fBPKCS12_item_i2d_encrypt()\fR and \fBPKCS12_item_i2d_encrypt_ex()\fR encrypt an ASN.1 object \fIit\fR using the algorithm \fIalgor\fR and password \fIpass\fR of length \&\fIpasslen\fR, returning an encoded object in \fIobj\fR. If \fIzbuf\fR is nonzero then the buffer containing the input encoding will be zeroed after the encrypt. @@ -183,22 +108,22 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS12_item_decrypt_d2i()\fR and \fBPKCS12_item_decrypt_d2i_ex()\fR return the decrypted -object or \s-1NULL\s0 if an error occurred. +object or NULL if an error occurred. .PP \&\fBPKCS12_item_i2d_encrypt()\fR and \fBPKCS12_item_i2d_encrypt_ex()\fR return the encrypted -data as an \s-1ASN.1\s0 Octet String or \s-1NULL\s0 if an error occurred. +data as an ASN.1 Octet String or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_pbe_crypt_ex\fR\|(3), \&\fBPKCS8_encrypt_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_item_decrypt_d2i_ex()\fR and \fBPKCS12_item_i2d_encrypt_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_key_gen_utf8_ex.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_key_gen_utf8_ex.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_KEY_GEN_UTF8_EX 3ossl" -.TH PKCS12_KEY_GEN_UTF8_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_KEY_GEN_UTF8_EX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_key_gen_asc, PKCS12_key_gen_asc_ex, PKCS12_key_gen_uni, PKCS12_key_gen_uni_ex, PKCS12_key_gen_utf8, PKCS12_key_gen_utf8_ex \- PKCS#12 Password based key derivation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -169,41 +94,41 @@ \& unsigned char *out, const EVP_MD *md_type, \& OSSL_LIB_CTX *ctx, const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These methods perform a key derivation according to PKCS#12 (\s-1RFC7292\s0) +These methods perform a key derivation according to PKCS#12 (RFC7292) with an input password \fIpass\fR of length \fIpasslen\fR, a salt \fIsalt\fR of length \&\fIsaltlen\fR, an iteration count \fIiter\fR and a digest algorithm \fImd_type\fR. -The \s-1ID\s0 byte \fIid\fR determines how the resulting key is intended to be used: -.IP "\(bu" 4 +The ID byte \fIid\fR determines how the resulting key is intended to be used: +.IP \(bu 4 If ID=1, then the pseudorandom bits being produced are to be used as key material for performing encryption or decryption. -.IP "\(bu" 4 +.IP \(bu 4 If ID=2, then the pseudorandom bits being produced are to be used -as an \s-1IV\s0 (Initial Value) for encryption or decryption. -.IP "\(bu" 4 +as an IV (Initial Value) for encryption or decryption. +.IP \(bu 4 If ID=3, then the pseudorandom bits being produced are to be used as an integrity key for MACing. .PP The intended format of the supplied password is determined by the method chosen: -.IP "\(bu" 4 -\&\fBPKCS12_key_gen_asc()\fR and \fBPKCS12_key_gen_asc_ex()\fR expect an ASCII-formatted password. -.IP "\(bu" 4 -\&\fBPKCS12_key_gen_uni()\fR and \fBPKCS12_key_gen_uni_ex()\fR expect a Unicode-formatted password. -.IP "\(bu" 4 -\&\fBPKCS12_key_gen_utf8()\fR and \fBPKCS12_key_gen_utf8_ex()\fR expect a \s-1UTF\-8\s0 encoded password. +.IP \(bu 4 +\&\fBPKCS12_key_gen_asc()\fR and \fBPKCS12_key_gen_asc_ex()\fR expect an ASCII\-formatted password. +.IP \(bu 4 +\&\fBPKCS12_key_gen_uni()\fR and \fBPKCS12_key_gen_uni_ex()\fR expect a Unicode\-formatted password. +.IP \(bu 4 +\&\fBPKCS12_key_gen_utf8()\fR and \fBPKCS12_key_gen_utf8_ex()\fR expect a UTF\-8 encoded password. .PP \&\fIpass\fR is the password used in the derivation of length \fIpasslen\fR. \fIpass\fR -is an optional parameter and can be \s-1NULL.\s0 If \fIpasslen\fR is \-1, then the +is an optional parameter and can be NULL. If \fIpasslen\fR is \-1, then the function will calculate the length of \fIpass\fR using \fBstrlen()\fR. .PP \&\fIsalt\fR is the salt used in the derivation of length \fIsaltlen\fR. If the -\&\fIsalt\fR is \s-1NULL,\s0 then \fIsaltlen\fR must be 0. The function will not +\&\fIsalt\fR is NULL, then \fIsaltlen\fR must be 0. The function will not attempt to calculate the length of the \fIsalt\fR because it is not assumed to -be \s-1NULL\s0 terminated. +be NULL terminated. .PP \&\fIiter\fR is the iteration count and its value should be greater than or -equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any \&\fIiter\fR less than 1 is treated as a single iteration. .PP \&\fIdigest\fR is the message digest function used in the derivation. @@ -213,7 +138,7 @@ .PP Functions ending in \fB_ex()\fR allow for a library context \fIctx\fR and property query \&\fIpropq\fR to be used to select algorithm implementations. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" A typical application of this function is to derive keying material for an encryption algorithm from a password in the \fIpass\fR, a salt in \fIsalt\fR, @@ -227,21 +152,21 @@ Returns 1 on success or 0 on error. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_create_ex\fR\|(3), \&\fBPKCS12_pbe_crypt_ex\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_key_gen_asc_ex()\fR, \fBPKCS12_key_gen_uni_ex()\fR and \fBPKCS12_key_gen_utf8_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_newpass.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_newpass.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,114 +53,55 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_NEWPASS 3ossl" -.TH PKCS12_NEWPASS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_NEWPASS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_newpass \- change the password of a PKCS12 structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. +\&\fBPKCS12_newpass()\fR changes the password of a PKCS12 structure. .PP -\&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password +\&\fBp12\fR is a pointer to a PKCS12 structure. \fBoldpass\fR is the existing password and \fBnewpass\fR is the new password. .PP Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in -the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8,\s0 it is assumed to be \s-1ISO8859\-1\s0 +the UTF\-8 encoding. If it is not valid UTF\-8, it is assumed to be ISO8859\-1 instead. .PP In particular, this means that passwords in the locale character set -(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +(or code page on Windows) must potentially be converted to UTF\-8 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of \&\fBUI_OpenSSL\fR\|(3), for example. .PP If the PKCS#12 structure does not have a password, then you must use the empty -string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a +string "" for \fBoldpass\fR. Using NULL for \fBoldpass\fR will result in a \&\fBPKCS12_newpass()\fR failure. .PP If the wrong password is used for \fBoldpass\fR then the function will fail, -with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not -contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding +with a MAC verification error. In rare cases the PKCS12 structure does not +contain a MAC: in this case it will usually fail with a decryption padding error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can retrieve the most recent error from \fBPKCS12_newpass()\fR with \fBERR_get_error()\fR. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" This example loads a PKCS#12 file, changes its password and writes out the result to a new file. @@ -225,20 +150,20 @@ \& return 0; \& } .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to +The password format is a NULL terminated ASCII string which is converted to Unicode form internally. As a result some passwords cannot be supplied to this function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_create\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_pack_p7encdata.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_pack_p7encdata.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_PACK_P7ENCDATA 3ossl" -.TH PKCS12_PACK_P7ENCDATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_PACK_P7ENCDATA 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_pack_p7encdata, PKCS12_pack_p7encdata_ex \- Pack a set of PKCS#12 safeBags into a PKCS#7 encrypted data object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,12 +79,12 @@ \& STACK_OF(PKCS12_SAFEBAG) *bags, \& OSSL_LIB_CTX *ctx, const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_pack_p7encdata()\fR generates a PKCS#7 ContentInfo object of encrypted-data -type from the set of safeBags \fIbags\fR. The algorithm \s-1ID\s0 in \fIpbe_nid\fR can be +\&\fBPKCS12_pack_p7encdata()\fR generates a PKCS#7 ContentInfo object of encrypted\-data +type from the set of safeBags \fIbags\fR. The algorithm ID in \fIpbe_nid\fR can be a PKCS#12 or PKCS#5 password based encryption algorithm, or a cipher algorithm. -If a cipher algorithm is passed, the PKCS#5 \s-1PBES2\s0 algorithm will be used with +If a cipher algorithm is passed, the PKCS#5 PBES2 algorithm will be used with this cipher as a parameter. The password \fIpass\fR of length \fIpasslen\fR, salt \fIsalt\fR of length \fIsaltlen\fR and iteration count \fIiter\fR are inputs into the encryption operation. @@ -169,21 +94,21 @@ algorithm implementation. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -A \fB\s-1PKCS7\s0\fR object if successful, or \s-1NULL\s0 if an error occurred. +A \fBPKCS7\fR object if successful, or NULL if an error occurred. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 2315\s0 () +IETF RFC 2315 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_pbe_crypt_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS12_pack_p7encdata_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS12_parse.3.orig +++ secure/lib/libcrypto/man/man3/PKCS12_parse.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS12_PARSE 3ossl" -.TH PKCS12_PARSE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS12_PARSE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS12_parse \- parse a PKCS#12 structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,33 +73,33 @@ \& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, \& STACK_OF(X509) **ca); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +\&\fBPKCS12_parse()\fR parses a PKCS12 structure. .PP -\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +\&\fBp12\fR is the \fBPKCS12\fR structure to parse. \fBpass\fR is the passphrase to use. If successful the private key will be written to \fB*pkey\fR, the corresponding certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Each of the parameters \fBpkey\fR, \fBcert\fR, and \fBca\fR can be \s-1NULL\s0 in which case +Each of the parameters \fBpkey\fR, \fBcert\fR, and \fBca\fR can be NULL in which case the private key, the corresponding certificate, or the additional certificates, respectively, will be discarded. -If any of \fBpkey\fR and \fBcert\fR is non-NULL the variable it points to is +If any of \fBpkey\fR and \fBcert\fR is non\-NULL the variable it points to is initialized. -If \fBca\fR is non-NULL and \fB*ca\fR is \s-1NULL\s0 a new \s-1STACK\s0 will be allocated. -If \fBca\fR is non-NULL and \fB*ca\fR is a valid \s-1STACK\s0 +If \fBca\fR is non\-NULL and \fB*ca\fR is NULL a new STACK will be allocated. +If \fBca\fR is non\-NULL and \fB*ca\fR is a valid STACK then additional certificates are appended in the given order to \fB*ca\fR. .PP The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the \&\fBX509\fR structure. .PP -The parameter \fBpass\fR is interpreted as a string in the \s-1UTF\-8\s0 encoding. If it -is not valid \s-1UTF\-8,\s0 then it is assumed to be \s-1ISO8859\-1\s0 instead. +The parameter \fBpass\fR is interpreted as a string in the UTF\-8 encoding. If it +is not valid UTF\-8, then it is assumed to be ISO8859\-1 instead. .PP In particular, this means that passwords in the locale character set -(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +(or code page on Windows) must potentially be converted to UTF\-8 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of \&\fBUI_OpenSSL\fR\|(3), for example. @@ -183,7 +108,7 @@ \&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred. .PP The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Only a single private key and corresponding certificate is returned by this function. More complex PKCS#12 files with multiple private keys will only @@ -192,16 +117,16 @@ Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in certificates. Other attributes are discarded. .PP -Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. +Attributes currently cannot be stored in the private key \fBEVP_PKEY\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_PKCS12\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS5_PBE_keyivgen.3.orig +++ secure/lib/libcrypto/man/man3/PKCS5_PBE_keyivgen.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS5_PBE_KEYIVGEN 3ossl" -.TH PKCS5_PBE_KEYIVGEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS5_PBE_KEYIVGEN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex, PKCS5_pbe2_set, PKCS5_pbe2_set_iv, PKCS5_pbe2_set_iv_ex, PKCS5_pbe_set, PKCS5_pbe_set_ex, PKCS5_pbe2_set_scrypt, PKCS5_pbe_set0_algor, PKCS5_pbe_set0_algor_ex, @@ -146,7 +71,7 @@ PKCS5_v2_scrypt_keyivgen, PKCS5_v2_scrypt_keyivgen_ex, PKCS5_pbkdf2_set, PKCS5_pbkdf2_set_ex, EVP_PBE_scrypt, EVP_PBE_scrypt_ex \&\- PKCS#5 Password based encryption routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -216,53 +141,62 @@ \& int prf_nid, int keylen, \& OSSL_LIB_CTX *libctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" .SS "Key Derivation" .IX Subsection "Key Derivation" \&\fBPKCS5_PBE_keyivgen()\fR and \fBPKCS5_PBE_keyivgen_ex()\fR take a password \fIpass\fR of length \fIpasslen\fR, parameters \fIparam\fR and a message digest function \fImd_type\fR -and performs a key derivation according to PKCS#5 \s-1PBES1.\s0 The resulting key is +and performs a key derivation according to PKCS#5 PBES1. The resulting key is then used to initialise the cipher context \fIctx\fR with a cipher \fIcipher\fR for encryption (\fIen_de\fR=1) or decryption (\fIen_de\fR=0). .PP -\&\fIpass\fR is an optional parameter and can be \s-1NULL.\s0 If \fIpasslen\fR is \-1, then the +\&\fIpass\fR is an optional parameter and can be NULL. If \fIpasslen\fR is \-1, then the function will calculate the length of \fIpass\fR using \fBstrlen()\fR. .PP \&\fBPKCS5_v2_PBE_keyivgen()\fR and \fBPKCS5_v2_PBE_keyivgen_ex()\fR are similar to the above -but instead use PKCS#5 \s-1PBES2\s0 as the encryption algorithm using the supplied +but instead use PKCS#5 PBES2 as the encryption algorithm using the supplied parameters. .PP -\&\fBPKCS5_v2_scrypt_keyivgen()\fR and \fBPKCS5_v2_scrypt_keyivgen_ex()\fR use \s-1SCRYPT\s0 as the +\&\fBPKCS5_v2_scrypt_keyivgen()\fR and \fBPKCS5_v2_scrypt_keyivgen_ex()\fR use SCRYPT as the key derivation part of the encryption algorithm. .PP \&\fIsalt\fR is the salt used in the derivation of length \fIsaltlen\fR. If the -\&\fIsalt\fR is \s-1NULL,\s0 then \fIsaltlen\fR must be 0. The function will not +\&\fIsalt\fR is NULL, then \fIsaltlen\fR must be 0. The function will not attempt to calculate the length of the \fIsalt\fR because it is not assumed to -be \s-1NULL\s0 terminated. +be NULL terminated. .PP \&\fIiter\fR is the iteration count and its value should be greater than or -equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any \&\fIiter\fR less than 1 is treated as a single iteration. .PP \&\fIdigest\fR is the message digest function used in the derivation. .PP +\&\fIaiv\fR is the initialization vector (IV) to use for the encryption algorithm. +If \fIaiv\fR is NULL, then a random IV will be generated. +.PP +\&\fIprf_nid\fR is the numeric identifier (NID) for the pseudo\-random function to +use with PBKDF2. If \fIprf_nid\fR is not specified (for example, \fIprf_nid\fR is set to 0), +a default PRF is used, which is currently set to SHA\-256 (NID_hmacWithSHA256). +.PP Functions ending in \fB_ex()\fR take optional parameters \fIlibctx\fR and \fIpropq\fR which are used to select appropriate algorithm implementations. .SS "Algorithm Identifier Creation" .IX Subsection "Algorithm Identifier Creation" \&\fBPKCS5_pbe_set()\fR, \fBPKCS5_pbe_set_ex()\fR, \fBPKCS5_pbe2_set()\fR, \fBPKCS5_pbe2_set_iv()\fR, \&\fBPKCS5_pbe2_set_iv_ex()\fR and \fBPKCS5_pbe2_set_scrypt()\fR generate an \fBX509_ALGOR\fR -object which represents an AlgorithmIdentifier containing the algorithm \s-1OID\s0 and -associated parameters for the \s-1PBE\s0 algorithm. +object which represents an AlgorithmIdentifier containing the algorithm OID and +associated parameters for the PBE algorithm. These functions encode the +key derivation parameters (such as salt and iteration count) and the +encryption parameters (such as the IV) into the ASN.1 structure. .PP \&\fBPKCS5_pbkdf2_set()\fR and \fBPKCS5_pbkdf2_set_ex()\fR generate an \fBX509_ALGOR\fR -object which represents an AlgorithmIdentifier containing the algorithm \s-1OID\s0 and -associated parameters for the \s-1PBKDF2\s0 algorithm. +object which represents an AlgorithmIdentifier containing the algorithm OID and +associated parameters for the PBKDF2 algorithm. .PP -\&\fBPKCS5_pbe_set0_algor()\fR and \fBPKCS5_pbe_set0_algor_ex()\fR set the \s-1PBE\s0 algorithm \s-1OID\s0 and +\&\fBPKCS5_pbe_set0_algor()\fR and \fBPKCS5_pbe_set0_algor_ex()\fR set the PBE algorithm OID and parameters into the supplied \fBX509_ALGOR\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The *\fB_keyivgen()\fR functions are typically used in PKCS#12 to encrypt objects. .PP @@ -278,28 +212,28 @@ \&\fBPKCS5_pbe_set()\fR, \fBPKCS5_pbe_set_ex()\fR, \fBPKCS5_pbe2_set()\fR, \fBPKCS5_pbe2_set_iv()\fR, \&\fBPKCS5_pbe2_set_iv_ex()\fR, \fBPKCS5_pbe2_set_scrypt()\fR, \&\fBPKCS5_pbkdf2_set()\fR and \fBPKCS5_pbkdf2_set_ex()\fR return an \fBX509_ALGOR\fR object or -\&\s-1NULL\s0 if an error occurs. +NULL if an error occurs. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 8018\s0 () +IETF RFC 8018 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PBE_CipherInit_ex\fR\|(3), \&\fBPKCS12_pbe_crypt_ex\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS5_v2_PBE_keyivgen_ex()\fR, \fBEVP_PBE_scrypt_ex()\fR, \fBPKCS5_v2_scrypt_keyivgen_ex()\fR, \&\fBPKCS5_pbe_set0_algor_ex()\fR, \fBPKCS5_pbe_set_ex()\fR, \fBPKCS5_pbe2_set_iv_ex()\fR and \&\fBPKCS5_pbkdf2_set_ex()\fR were added in OpenSSL 3.0. .PP -From OpenSSL 3.0 the \s-1PBKDF1\s0 algorithm used in \fBPKCS5_PBE_keyivgen()\fR and -\&\fBPKCS5_PBE_keyivgen_ex()\fR has been moved to the legacy provider as an \s-1EVP_KDF.\s0 -.SH "COPYRIGHT" +From OpenSSL 3.0 the PBKDF1 algorithm used in \fBPKCS5_PBE_keyivgen()\fR and +\&\fBPKCS5_PBE_keyivgen_ex()\fR has been moved to the legacy provider as an EVP_KDF. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3.orig +++ secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS5_PBKDF2_HMAC 3ossl" -.TH PKCS5_PBKDF2_HMAC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS5_PBKDF2_HMAC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,30 +79,31 @@ \& const unsigned char *salt, int saltlen, int iter, \& int keylen, unsigned char *out); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count -as specified in \s-1RFC 2898.\s0 +\&\fBPKCS5_PBKDF2_HMAC()\fR derives a key from a password using a salt and iteration count +as specified in RFC 2898. .PP \&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR -is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the +is an optional parameter and can be NULL. If \fBpasslen\fR is \-1, then the function will calculate the length of \fBpass\fR using \fBstrlen()\fR. .PP \&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the -\&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not +\&\fBsalt\fR is NULL, then \fBsaltlen\fR must be 0. The function will not attempt to calculate the length of the \fBsalt\fR because it is not assumed to -be \s-1NULL\s0 terminated. +be NULL terminated. .PP \&\fBiter\fR is the iteration count and its value should be greater than or -equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any -\&\fBiter\fR less than 1 is treated as a single iteration. +equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any +\&\fBiter\fR value less than 1 is invalid; such values will result in failure +and raise the PROV_R_INVALID_ITERATION_COUNT error. .PP \&\fBdigest\fR is the message digest function used in the derivation. -\&\s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls \s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. +\&\fBPKCS5_PBKDF2_HMAC_SHA1()\fR calls \fBPKCS5_PBKDF2_HMAC()\fR with \fBEVP_sha1()\fR. .PP The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer is specified via \fBkeylen\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" A typical application of this function is to derive keying material for an encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR, @@ -191,17 +117,17 @@ It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fBPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. +\&\fBPKCS5_PBKDF2_HMAC()\fR and \fBPBKCS5_PBKDF2_HMAC_SHA1()\fR return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), \&\fBEVP_BytesToKey\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS7_decrypt.3.orig +++ secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,105 +53,46 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS7_DECRYPT 3ossl" -.TH PKCS7_DECRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS7_DECRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the -recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +recipients certificate, \fBdata\fR is a BIO to write the content to and \&\fBflags\fR is an optional set of flags. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the PKCS#7 structure. .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +If the \fBPKCS7_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" +.SH BUGS .IX Header "BUGS" \&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would be better if it could look up the correct key and certificate from a database. @@ -177,11 +102,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS7_encrypt.3.orig +++ secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS7_ENCRYPT 3ossl" -.TH PKCS7_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS7_ENCRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS7_encrypt_ex, PKCS7_encrypt \&\- create a PKCS#7 envelopedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, \& int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS7_encrypt_ex()\fR creates and returns a PKCS#7 envelopedData structure. \&\fIcerts\fR is a list of recipient certificates. \fIin\fR is the content to be @@ -160,68 +85,68 @@ of flags. The library context \fIlibctx\fR and the property query \fIpropq\fR are used when retrieving algorithms from providers. .PP -Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient -certificates supplied to this function must all contain \s-1RSA\s0 public keys, though -they do not have to be signed using the \s-1RSA\s0 algorithm. +Only RSA keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain RSA public keys, though +they do not have to be signed using the RSA algorithm. .PP -\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +\&\fBEVP_des_ede3_cbc()\fR (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. .PP -Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 -bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR +Some old "export grade" clients may only support weak encryption using 40 or 64 +bit RC2. These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR respectively. .PP -The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +The algorithm passed in the \fBcipher\fR parameter must support ASN1 encoding of its parameters. .PP -Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced -by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +by storing the S/MIME signed message in a memory BIO and passing it to \&\fBPKCS7_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +If the \fBPKCS7_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are prepended to the data. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if \fBPKCS7_BINARY\fR is set no translation occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then -\&\fB\s-1PKCS7_TEXT\s0\fR is ignored. +otherwise the translation will corrupt it. If \fBPKCS7_BINARY\fR is set then +\&\fBPKCS7_TEXT\fR is ignored. .PP -If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output -suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +If the \fBPKCS7_STREAM\fR flag is set a partial \fBPKCS7\fR structure is output +suitable for streaming I/O: no data is read from the BIO \fBin\fR. .PP -If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +If the flag \fBPKCS7_STREAM\fR is set the returned \fBPKCS7\fR structure is \fBnot\fR complete and outputting its contents via a function that does not -properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable +properly finalize the \fBPKCS7\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, \&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +can be performed by obtaining the streaming ASN1 \fBBIO\fR directly using \&\fBBIO_new_PKCS7()\fR. .PP \&\fBPKCS7_encrypt()\fR is similar to \fBPKCS7_encrypt_ex()\fR but uses default -values of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. +values of NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS7_encrypt_ex()\fR and \fBPKCS7_encrypt()\fR return either a \s-1PKCS7\s0 structure -or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBPKCS7_encrypt_ex()\fR and \fBPKCS7_encrypt()\fR return either a PKCS7 structure +or NULL if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBPKCS7_encrypt_ex()\fR was added in OpenSSL 3.0. .PP -The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +The \fBPKCS7_STREAM\fR flag was added in OpenSSL 1.0.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS7_get_octet_string.3.orig +++ secure/lib/libcrypto/man/man3/PKCS7_get_octet_string.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,103 +53,44 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS7_GET_OCTET_STRING 3ossl" -.TH PKCS7_GET_OCTET_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS7_GET_OCTET_STRING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS7_get_octet_string \- return octet string from a PKCS#7 envelopedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS7_get_octet_string()\fR returns a pointer to an \s-1ASN1\s0 octet string from a -PKCS#7 envelopedData structure or \fB\s-1NULL\s0\fR if the structure cannot be parsed. -.SH "NOTES" +\&\fBPKCS7_get_octet_string()\fR returns a pointer to an ASN1 octet string from a +PKCS#7 envelopedData structure or \fBNULL\fR if the structure cannot be parsed. +.SH NOTES .IX Header "NOTES" As the \fB0\fR implies, \fBPKCS7_get_octet_string()\fR returns internal pointers which should not be freed by the caller. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS7_get_octet_string()\fR returns an \s-1ASN1_OCTET_STRING\s0 pointer. +\&\fBPKCS7_get_octet_string()\fR returns an ASN1_OCTET_STRING pointer. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS7_type_is_data\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS7_sign.3.orig +++ secure/lib/libcrypto/man/man3/PKCS7_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS7_SIGN 3ossl" -.TH PKCS7_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS7_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS7_sign_ex, PKCS7_sign \&\- create a PKCS#7 signedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, \& BIO *data, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS7_sign_ex()\fR creates and returns a PKCS#7 signedData structure. \&\fIsigncert\fR is the certificate to sign with, \fIpkey\fR is the corresponding @@ -161,102 +86,102 @@ The library context \fIlibctx\fR and property query \fIpropq\fR are used when retrieving algorithms from providers. .PP -The data to be signed is read from \s-1BIO\s0 \fIdata\fR. +The data to be signed is read from BIO \fIdata\fR. .PP \&\fIflags\fR is an optional set of flags. .PP Any of the following flags (ored together) can be passed in the \fIflags\fR parameter. .PP -Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If -the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are prepended +Many S/MIME clients expect the signed content to include valid MIME headers. If +the \fBPKCS7_TEXT\fR flag is set MIME headers for type \f(CW\*(C`text/plain\*(C'\fR are prepended to the data. .PP -If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate and the extra \fIcerts\fR -will not be included in the \s-1PKCS7\s0 structure. -The signer's certificate must still be supplied in the \fIsigncert\fR parameter -though. This can reduce the size of the signatures if the signer's certificates +If \fBPKCS7_NOCERTS\fR is set the signer\*(Aqs certificate and the extra \fIcerts\fR +will not be included in the PKCS7 structure. +The signer\*(Aqs certificate must still be supplied in the \fIsigncert\fR parameter +though. This can reduce the size of the signatures if the signer\*(Aqs certificates can be obtained by other means: for example a previously signed message. .PP -The data being signed is included in the \s-1PKCS7\s0 structure, unless -\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 +The data being signed is included in the PKCS7 structure, unless +\&\fBPKCS7_DETACHED\fR is set in which case it is omitted. This is used for PKCS7 detached signatures which are used in S/MIME plaintext signed messages for example. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if \fBPKCS7_BINARY\fR is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. .PP The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of -ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no -authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +ciphers in an SMIMECapabilities attribute. If \fBPKCS7_NOATTR\fR is set then no +authenticatedAttributes will be used. If \fBPKCS7_NOSMIMECAP\fR is set then just the SMIMECapabilities are omitted. .PP If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included. .PP -If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is +If the flags \fBPKCS7_STREAM\fR is set then the returned \fBPKCS7\fR structure is just initialized ready to perform the signing operation. The signing is however \&\fBnot\fR performed and the data to be signed is not read from the \fIdata\fR parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass. .PP -If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to +If the \fBPKCS7_PARTIAL\fR flag is set a partial \fBPKCS7\fR structure is output to which additional signers and capabilities can be added before finalization. .PP -If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +If the flag \fBPKCS7_STREAM\fR is set the returned \fBPKCS7\fR structure is \fBnot\fR complete and outputting its contents via a function that does not properly -finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. +finalize the \fBPKCS7\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, \&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +can be performed by obtaining the streaming ASN1 \fBBIO\fR directly using \&\fBBIO_new_PKCS7()\fR. .PP If a signer is specified it will use the default digest for the signing -algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +algorithm. This is \fBSHA256\fR for both RSA and DSA keys. .PP The \fIcerts\fR, \fIsigncert\fR and \fIpkey\fR parameters can all be -\&\s-1NULL\s0 if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added +NULL if the \fBPKCS7_PARTIAL\fR flag is set. One or more signers can be added using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method. .PP -If \fIsigncert\fR and \fIpkey\fR are \s-1NULL\s0 then a certificates only +If \fIsigncert\fR and \fIpkey\fR are NULL then a certificates only PKCS#7 structure is output. .PP In versions of OpenSSL before 1.0.0 the \fIsigncert\fR and \fIpkey\fR parameters must -not be \s-1NULL.\s0 +not be NULL. .PP \&\fBPKCS7_sign()\fR is like \fBPKCS7_sign_ex()\fR except that it uses default values of -\&\s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. -This is retained for \s-1API\s0 backward compatibility. -.SH "BUGS" +NULL for the library context \fIlibctx\fR and the property query \fIpropq\fR. +This is retained for API backward compatibility. +.SH BUGS .IX Header "BUGS" Some advanced attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS7_sign_ex()\fR and \fBPKCS7_sign()\fR return either a valid \s-1PKCS7\s0 structure -or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBPKCS7_sign_ex()\fR and \fBPKCS7_sign()\fR return either a valid PKCS7 structure +or NULL if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBPKCS7_sign_ex()\fR was added in OpenSSL 3.0. .PP -The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fIcerts\fR, \fIsigncert\fR, -and \fIpkey\fR parameters to be \s-1NULL\s0 were added in OpenSSL 1.0.0. +The \fBPKCS7_PARTIAL\fR flag, and the ability for \fIcerts\fR, \fIsigncert\fR, +and \fIpkey\fR parameters to be NULL were added in OpenSSL 1.0.0. .PP -The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +The \fBPKCS7_STREAM\fR flag was added in OpenSSL 1.0.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3.orig +++ secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS7_SIGN_ADD_SIGNER 3ossl" -.TH PKCS7_SIGN_ADD_SIGNER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS7_SIGN_ADD_SIGNER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS7_sign_add_signer, PKCS7_add_certificate, PKCS7_add_crl \- add information to PKCS7 structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,22 +76,22 @@ \& int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); \& int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fIsigncert\fR and private -key \fIpkey\fR using message digest \fImd\fR to a \s-1PKCS7\s0 signed data structure \fIp7\fR. +key \fIpkey\fR using message digest \fImd\fR to a PKCS7 signed data structure \fIp7\fR. .PP -The \fB\s-1PKCS7\s0\fR structure should be obtained from an initial call to \fBPKCS7_sign()\fR -with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid PKCS#7 +The \fBPKCS7\fR structure should be obtained from an initial call to \fBPKCS7_sign()\fR +with the flag \fBPKCS7_PARTIAL\fR set or in the case or re\-signing a valid PKCS#7 signed data structure. .PP -If the \fImd\fR parameter is \s-1NULL\s0 then the default digest for the public +If the \fImd\fR parameter is NULL then the default digest for the public key algorithm will be used. .PP -Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \fB\s-1PKCS7\s0\fR structure +Unless the \fBPKCS7_REUSE_DIGEST\fR flag is set the returned \fBPKCS7\fR structure is not complete and must be finalized either by streaming (if applicable) or a call to \fBPKCS7_final()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The main purpose of this function is to provide finer control over a PKCS#7 signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are @@ -176,64 +101,64 @@ Any of the following flags (ored together) can be passed in the \fIflags\fR parameter. .PP -If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content -digest value from the \fB\s-1PKCS7\s0\fR structure: to add a signer to an existing structure. +If \fBPKCS7_REUSE_DIGEST\fR is set then an attempt is made to copy the content +digest value from the \fBPKCS7\fR structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The -returned \fB\s-1PKCS7\s0\fR structure will be valid and finalized when this flag is set. +returned \fBPKCS7\fR structure will be valid and finalized when this flag is set. .PP -If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the -\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes +If \fBPKCS7_PARTIAL\fR is set in addition to \fBPKCS7_REUSE_DIGEST\fR then the +\&\fBPKCS7_SIGNER_INO\fR structure will not be finalized so additional attributes can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is needed to finalize it. .PP -If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the -\&\fB\s-1PKCS7\s0\fR structure, the signer's certificate must still be supplied in the +If \fBPKCS7_NOCERTS\fR is set the signer\*(Aqs certificate will not be included in the +\&\fBPKCS7\fR structure, the signer\*(Aqs certificate must still be supplied in the \&\fIsigncert\fR parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. .PP The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of -ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no -authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +ciphers in an SMIMECapabilities attribute. If \fBPKCS7_NOATTR\fR is set then no +authenticatedAttributes will be used. If \fBPKCS7_NOSMIMECAP\fR is set then just the SMIMECapabilities are omitted. .PP If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included. .PP -\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \fB\s-1PKCS7_SIGNER_INFO\s0\fR +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \fBPKCS7_SIGNER_INFO\fR structure just added, which can be used to set additional attributes before it is finalized. .PP -\&\fBPKCS7_add_certificate()\fR adds to the \fB\s-1PKCS7\s0\fR structure \fIp7\fR the certificate -\&\fIcert\fR, which may be an end-entity (signer) certificate -or a \s-1CA\s0 certificate useful for chain building. +\&\fBPKCS7_add_certificate()\fR adds to the \fBPKCS7\fR structure \fIp7\fR the certificate +\&\fIcert\fR, which may be an end\-entity (signer) certificate +or a CA certificate useful for chain building. This is done internally by \fBPKCS7_sign_ex\fR\|(3) and similar signing functions. It may have to be used before calling \fBPKCS7_verify\fR\|(3) in order to provide any missing certificate(s) needed for verification. .PP -\&\fBPKCS7_add_crl()\fR adds the \s-1CRL\s0 \fIcrl\fR to the \fB\s-1PKCS7\s0\fR structure \fIp7\fR. +\&\fBPKCS7_add_crl()\fR adds the CRL \fIcrl\fR to the \fBPKCS7\fR structure \fIp7\fR. This may be called to provide certificate status information -to be included when signing or to use when verifying the \fB\s-1PKCS7\s0\fR structure. +to be included when signing or to use when verifying the \fBPKCS7\fR structure. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \fB\s-1PKCS7_SIGNER_INFO\s0\fR -structure just added or \s-1NULL\s0 if an error occurs. +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \fBPKCS7_SIGNER_INFO\fR +structure just added or NULL if an error occurs. .PP \&\fBPKCS7_add_certificate()\fR and \fBPKCS7_add_crl()\fR return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign_ex\fR\|(3), \&\fBPKCS7_final\fR\|(3), \fBPKCS7_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS7_type_is_other.3.orig +++ secure/lib/libcrypto/man/man3/PKCS7_type_is_other.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS7_TYPE_IS_OTHER 3ossl" -.TH PKCS7_TYPE_IS_OTHER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS7_TYPE_IS_OTHER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS7_type_is_other \- determine content type of PKCS#7 envelopedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS7_type_is_other(PKCS7 *p7); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS7_type_is_other()\fR returns the whether the content type of a PKCS#7 envelopedData structure is one of the following content types: @@ -164,11 +89,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS7_type_is_data\fR\|(3), \fBPKCS7_get_octet_string\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS7_verify.3.orig +++ secure/lib/libcrypto/man/man3/PKCS7_verify.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS7_VERIFY 3ossl" -.TH PKCS7_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS7_VERIFY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,22 +75,22 @@ \& \& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS7_verify()\fR is very similar to \fBCMS_verify\fR\|(3). It verifies a PKCS#7 signedData structure given in \fIp7\fR. The optional \fIcerts\fR parameter refers to a set of certificates -in which to search for signer's certificates. -\&\fIp7\fR may contain extra untrusted \s-1CA\s0 certificates that may be used for +in which to search for signer\*(Aqs certificates. +\&\fIp7\fR may contain extra untrusted CA certificates that may be used for chain building as well as CRLs that may be used for certificate validation. -\&\fIstore\fR may be \s-1NULL\s0 or point to +\&\fIstore\fR may be NULL or point to the trusted certificate store to use for chain verification. \&\fIindata\fR refers to the signed data if the content is detached from \fIp7\fR. -Otherwise \fIindata\fR should be \s-1NULL,\s0 and then the signed data must be in \fIp7\fR. -The content is written to the \s-1BIO\s0 \fIout\fR unless it is \s-1NULL.\s0 +Otherwise \fIindata\fR should be NULL, and then the signed data must be in \fIp7\fR. +The content is written to the BIO \fIout\fR unless it is NULL. \&\fIflags\fR is an optional set of flags, which can be used to modify the operation. .PP -\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fIp7\fR, it does +\&\fBPKCS7_get0_signers()\fR retrieves the signer\*(Aqs certificates from \fIp7\fR, it does \&\fBnot\fR check their validity or whether any signatures are valid. The \fIcerts\fR and \fIflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. .SH "VERIFY PROCESS" @@ -174,60 +99,60 @@ .PP Initially some sanity checks are performed on \fIp7\fR. The type of \fIp7\fR must be SignedData. There must be at least one signature on the data and if -the content is detached \fIindata\fR cannot be \s-1NULL.\s0 If the content is -not detached and \fIindata\fR is not \s-1NULL\s0 then the structure has both +the content is detached \fIindata\fR cannot be NULL. If the content is +not detached and \fIindata\fR is not NULL then the structure has both embedded and external content. To treat this as an error, use the flag -\&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. +\&\fBPKCS7_NO_DUAL_CONTENT\fR. The default behavior allows this, for compatibility with older versions of OpenSSL. .PP -An attempt is made to locate all the signer's certificates, first looking in -the \fIcerts\fR parameter (if it is not \s-1NULL\s0). Then they are looked up in any -certificates contained in the \fIp7\fR structure unless \fB\s-1PKCS7_NOINTERN\s0\fR is set. -If any signer's certificates cannot be located the operation fails. +An attempt is made to locate all the signer\*(Aqs certificates, first looking in +the \fIcerts\fR parameter (if it is not NULL). Then they are looked up in any +certificates contained in the \fIp7\fR structure unless \fBPKCS7_NOINTERN\fR is set. +If any signer\*(Aqs certificates cannot be located the operation fails. .PP -Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +Each signer\*(Aqs certificate is chain verified using the \fBsmimesign\fR purpose and using the trusted certificate store \fIstore\fR if supplied. Any internal certificates in the message, which may have been added using -\&\fBPKCS7_add_certificate\fR\|(3), are used as untrusted CAs unless \fB\s-1PKCS7_NOCHAIN\s0\fR +\&\fBPKCS7_add_certificate\fR\|(3), are used as untrusted CAs unless \fBPKCS7_NOCHAIN\fR is set. -If \s-1CRL\s0 checking is enabled in \fIstore\fR and \fB\s-1PKCS7_NOCRL\s0\fR is not set, +If CRL checking is enabled in \fIstore\fR and \fBPKCS7_NOCRL\fR is not set, any internal CRLs, which may have been added using \fBPKCS7_add_crl\fR\|(3), are used in addition to attempting to look them up in \fIstore\fR. -If \fIstore\fR is not \s-1NULL\s0 and any chain verify fails an error code is returned. +If \fIstore\fR is not NULL and any chain verify fails an error code is returned. .PP -Finally the signed content is read (and written to \fIout\fR unless it is \s-1NULL\s0) +Finally the signed content is read (and written to \fIout\fR unless it is NULL) and the signature is checked. .PP If all signatures verify correctly then the function is successful. .PP Any of the following flags (ored together) can be passed in the \fIflags\fR parameter to change the default verify behaviour. -Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is meaningful to \fBPKCS7_get0_signers()\fR. +Only the flag \fBPKCS7_NOINTERN\fR is meaningful to \fBPKCS7_get0_signers()\fR. .PP -If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not -searched when locating the signer's certificates. -This means that all the signer's certificates must be in the \fIcerts\fR parameter. +If \fBPKCS7_NOINTERN\fR is set the certificates in the message itself are not +searched when locating the signer\*(Aqs certificates. +This means that all the signer\*(Aqs certificates must be in the \fIcerts\fR parameter. .PP -If \fB\s-1PKCS7_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fIstore\fR then any +If \fBPKCS7_NOCRL\fR is set and CRL checking is enabled in \fIstore\fR then any CRLs in the message itself are ignored. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted +If the \fBPKCS7_TEXT\fR flag is set MIME headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted from the content. If the content is not of type \f(CW\*(C`text/plain\*(C'\fR then an error is returned. .PP -If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +If \fBPKCS7_NOVERIFY\fR is set the signer\*(Aqs certificates are not chain verified. .PP -If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +If \fBPKCS7_NOCHAIN\fR is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from -the signer's certificates) must be contained in the trusted store. +the signer\*(Aqs certificates) must be contained in the trusted store. .PP -If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. -.SH "NOTES" +If \fBPKCS7_NOSIGS\fR is set then the signatures on the data are not checked. +.SH NOTES .IX Header "NOTES" -One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +One application of \fBPKCS7_NOINTERN\fR is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed -in the \fIcerts\fR parameter. In this case if the signer's certificate is not one +in the \fIcerts\fR parameter. In this case if the signer\*(Aqs certificate is not one of the certificates supplied in \fIcerts\fR then the verify will fail because the signer cannot be found. .PP @@ -245,12 +170,12 @@ .IX Header "RETURN VALUES" \&\fBPKCS7_verify()\fR returns 1 for a successful verification and 0 if an error occurs. .PP -\&\fBPKCS7_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +\&\fBPKCS7_get0_signers()\fR returns all signers or NULL if an error occurred. .PP The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The trusted certificate store is not searched for the signer's certificates. +The trusted certificate store is not searched for the signer\*(Aqs certificates. This is primarily due to the inadequacies of the current \fBX509_STORE\fR functionality. .PP @@ -260,11 +185,11 @@ .IX Header "SEE ALSO" \&\fBCMS_verify\fR\|(3), \fBPKCS7_add_certificate\fR\|(3), \fBPKCS7_add_crl\fR\|(3), \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS8_encrypt.3.orig +++ secure/lib/libcrypto/man/man3/PKCS8_encrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS8_ENCRYPT 3ossl" -.TH PKCS8_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS8_ENCRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS8_decrypt, PKCS8_decrypt_ex, PKCS8_encrypt, PKCS8_encrypt_ex, PKCS8_set0_pbe, PKCS8_set0_pbe_ex \- PKCS8 encrypt/decrypt functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -164,7 +89,7 @@ \& PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, \& OSSL_LIB_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBPKCS8_encrypt()\fR and \fBPKCS8_encrypt_ex()\fR perform encryption of an object \fIp8\fR using the password \fIpass\fR of length \fIpasslen\fR, salt \fIsalt\fR of length \fIsaltlen\fR @@ -184,25 +109,25 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS8_encrypt()\fR, \fBPKCS8_encrypt_ex()\fR, \fBPKCS8_set0_pbe()\fR and \fBPKCS8_set0_pbe_ex()\fR -return an encrypted key in a \fBX509_SIG\fR structure or \s-1NULL\s0 if an error occurs. +return an encrypted key in a \fBX509_SIG\fR structure or NULL if an error occurs. .PP -\&\fBPKCS8_decrypt()\fR and \fBPKCS8_decrypt_ex()\fR return a \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR or \s-1NULL\s0 +\&\fBPKCS8_decrypt()\fR and \fBPKCS8_decrypt_ex()\fR return a \fBPKCS8_PRIV_KEY_INFO\fR or NULL if an error occurs. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1IETF RFC 7292\s0 () +IETF RFC 7292 () .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBPKCS8_decrypt_ex()\fR, \fBPKCS8_encrypt_ex()\fR and \fBPKCS8_set0_pbe_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/PKCS8_pkey_add1_attr.3.orig +++ secure/lib/libcrypto/man/man3/PKCS8_pkey_add1_attr.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PKCS8_PKEY_ADD1_ATTR 3ossl" -.TH PKCS8_PKEY_ADD1_ATTR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PKCS8_PKEY_ADD1_ATTR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME PKCS8_pkey_get0_attrs, PKCS8_pkey_add1_attr, PKCS8_pkey_add1_attr_by_NID, PKCS8_pkey_add1_attr_by_OBJ \- PKCS8 attribute functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,33 +78,33 @@ \& int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, \& int type, const unsigned char *bytes, int len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBPKCS8_pkey_get0_attrs()\fR returns a const \s-1STACK\s0 of X509_ATTRIBUTE present in -the passed const \s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +\&\fBPKCS8_pkey_get0_attrs()\fR returns a const STACK of X509_ATTRIBUTE present in +the passed const PKCS8_PRIV_KEY_INFO structure \fBp8\fR. .PP \&\fBPKCS8_pkey_add1_attr()\fR adds a constructed X509_ATTRIBUTE \fBattr\fR to the -existing \s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +existing PKCS8_PRIV_KEY_INFO structure \fBp8\fR. .PP \&\fBPKCS8_pkey_add1_attr_by_NID()\fR and \fBPKCS8_pkey_add1_attr_by_OBJ()\fR construct a new X509_ATTRIBUTE from the passed arguments and add it to the existing -\&\s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +PKCS8_PRIV_KEY_INFO structure \fBp8\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS8_pkey_add1_attr()\fR, \fBPKCS8_pkey_add1_attr_by_NID()\fR, and \&\fBPKCS8_pkey_add1_attr_by_OBJ()\fR return 1 for success and 0 for failure. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1STACK\s0 of X509_ATTRIBUTE is present in many X509\-related structures and some of +STACK of X509_ATTRIBUTE is present in many X509\-related structures and some of them have the corresponding set of similar functions. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RAND_add.3.orig +++ secure/lib/libcrypto/man/man3/RAND_add.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND_ADD 3ossl" -.TH RAND_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND_ADD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open \&\- add randomness to the PRNG or get its status -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,30 +82,30 @@ .Ve .PP The following functions have been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); \& void RAND_screen(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions can be used to seed the random generator and to check its seeded state. In general, manual (re\-)seeding of the default OpenSSL random generator (\fBRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed itself automatically using trusted system entropy sources. -This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was -built with automatic reseeding disabled, see \s-1\fBRAND\s0\fR\|(7) for more details. +This holds unless the default RAND_METHOD has been replaced or OpenSSL was +built with automatic reseeding disabled, see \fBRAND\fR\|(7) for more details. .PP \&\fBRAND_status()\fR indicates whether or not the random generator has been sufficiently seeded. If not, functions such as \fBRAND_bytes\fR\|(3) will fail. .PP -\&\fBRAND_poll()\fR uses the system's capabilities to seed the random generator using +\&\fBRAND_poll()\fR uses the system\*(Aqs capabilities to seed the random generator using random input obtained from polling various trusted entropy sources. The default choice of the entropy source can be modified at build time, -see \s-1\fBRAND\s0\fR\|(7) for more details. +see \fBRAND\fR\|(7) for more details. .PP \&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state of the random generator. @@ -189,15 +114,15 @@ contained in \&\fBbuf\fR, in bytes, and should be a number between zero and \fBnum\fR. Details about sources of randomness and how to estimate their randomness -can be found in the literature; for example [\s-1NIST SP 800\-90B\s0]. +can be found in the literature; for example [NIST SP 800\-90B]. The content of \fBbuf\fR cannot be recovered from subsequent random generator output. Applications that intend to save and restore random state in an external file should consider using \fBRAND_load_file\fR\|(3) instead. .PP -\&\s-1NOTE:\s0 In \s-1FIPS\s0 mode, random data provided by the application is not considered to -be a trusted entropy source. It is mixed into the internal state of the \s-1RNG\s0 as +NOTE: In FIPS mode, random data provided by the application is not considered to +be a trusted entropy source. It is mixed into the internal state of the RNG as additional data only and this does not count as a full reseed. -For more details, see \s-1\fBEVP_RAND\s0\fR\|(7). +For more details, see \fBEVP_RAND\fR\|(7). .PP \&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. .PP @@ -212,7 +137,7 @@ provider. .PP \&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist -for compatibility reasons only. See \s-1HISTORY\s0 section below. +for compatibility reasons only. See HISTORY section below. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_status()\fR returns 1 if the random generator has been seeded @@ -228,17 +153,17 @@ \&\fBRAND_bytes\fR\|(3), \&\fBRAND_egd\fR\|(3), \&\fBRAND_load_file\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -\&\s-1\fBEVP_RAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7) +\&\fBEVP_RAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" \&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should not be used. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RAND_bytes.3.orig +++ secure/lib/libcrypto/man/man3/RAND_bytes.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND_BYTES 3ossl" -.TH RAND_BYTES 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND_BYTES 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND_bytes, RAND_priv_bytes, RAND_bytes_ex, RAND_priv_bytes_ex, RAND_pseudo_bytes \- generate random data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,57 +81,57 @@ .Ve .PP The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& int RAND_pseudo_bytes(unsigned char *buf, int num); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBRAND_bytes()\fR generates \fBnum\fR random bytes using a cryptographically -secure pseudo random generator (\s-1CSPRNG\s0) and stores them in \fBbuf\fR. +secure pseudo random generator (CSPRNG) and stores them in \fBbuf\fR. .PP \&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR. It is intended to be used for generating values that should remain private. If using the -default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 -instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not -affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7) -and \s-1\fBEVP_RAND\s0\fR\|(7). +default RAND_METHOD, this function uses a separate "private" PRNG +instance so that a compromise of the "public" PRNG instance will not +affect the secrecy of these private values, as described in \fBRAND\fR\|(7) +and \fBEVP_RAND\fR\|(7). .PP \&\fBRAND_bytes_ex()\fR and \fBRAND_priv_bytes_ex()\fR are the same as \fBRAND_bytes()\fR and \&\fBRAND_priv_bytes()\fR except that they both take additional \fIstrength\fR and \&\fIctx\fR parameters. The bytes generated will have a security strength of at least \fIstrength\fR bits. -The \s-1DRBG\s0 used for the operation is the public or private \s-1DRBG\s0 associated with -the specified \fIctx\fR. The parameter can be \s-1NULL,\s0 in which case -the default library context is used (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3). -If the default \s-1RAND_METHOD\s0 has been changed then for compatibility reasons the -\&\s-1RAND_METHOD\s0 will be used in preference and the \s-1DRBG\s0 of the library context +The DRBG used for the operation is the public or private DRBG associated with +the specified \fIctx\fR. The parameter can be NULL, in which case +the default library context is used (see \fBOSSL_LIB_CTX\fR\|(3). +If the default RAND_METHOD has been changed then for compatibility reasons the +RAND_METHOD will be used in preference and the DRBG of the library context ignored. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -By default, the OpenSSL \s-1CSPRNG\s0 supports a security level of 256 bits, provided it +By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it was able to seed itself from a trusted entropy source. -On all major platforms supported by OpenSSL (including the Unix-like platforms -and Windows), OpenSSL is configured to automatically seed the \s-1CSPRNG\s0 on first use -using the operating systems's random generator. +On all major platforms supported by OpenSSL (including the Unix\-like platforms +and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use +using the operating systems\*(Aqs random generator. .PP -If the entropy source fails or is not available, the \s-1CSPRNG\s0 will enter an +If the entropy source fails or is not available, the CSPRNG will enter an error state and refuse to generate random bytes. For that reason, it is important to always check the error return value of \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR and not take randomness for granted. .PP On other platforms, there might not be a trusted entropy source available or OpenSSL might have been explicitly configured to use different entropy sources. -If you are in doubt about the quality of the entropy source, don't hesitate to ask -your operating system vendor or post a question on GitHub or the openssl-users +If you are in doubt about the quality of the entropy source, don\*(Aqt hesitate to ask +your operating system vendor or post a question on GitHub or the openssl\-users mailing list. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR return 1 on success, \-1 if not supported by the current -\&\s-1RAND\s0 method, or 0 on other failure. The error code can be +RAND method, or 0 on other failure. The error code can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -214,21 +139,21 @@ \&\fBRAND_bytes\fR\|(3), \&\fBRAND_priv_bytes\fR\|(3), \&\fBERR_get_error\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7), -\&\s-1\fBEVP_RAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7), +\&\fBEVP_RAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" -.IP "\(bu" 2 +.IP \(bu 2 \&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead. -.IP "\(bu" 2 +.IP \(bu 2 The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. -.IP "\(bu" 2 +.IP \(bu 2 The \fBRAND_bytes_ex()\fR and \fBRAND_priv_bytes_ex()\fR functions were added in OpenSSL 3.0 -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RAND_cleanup.3.orig +++ secure/lib/libcrypto/man/man3/RAND_cleanup.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,111 +53,52 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND_CLEANUP 3ossl" -.TH RAND_CLEANUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND_CLEANUP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND_cleanup \- erase the PRNG state -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& void RAND_cleanup(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Prior to OpenSSL 1.1.0, \fBRAND_cleanup()\fR released all resources used by -the \s-1PRNG.\s0 As of version 1.1.0, it does nothing and should not be called, -since no explicit initialisation or de-initialisation is necessary. See +the PRNG. As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de\-initialisation is necessary. See \&\fBOPENSSL_init_crypto\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_cleanup()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" \&\fBRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. See \fBOPENSSL_init_crypto\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RAND_egd.3.orig +++ secure/lib/libcrypto/man/man3/RAND_egd.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND_EGD 3ossl" -.TH RAND_EGD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND_EGD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,31 +75,31 @@ \& \& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" On older platforms without a good source of randomness such as \f(CW\*(C`/dev/urandom\*(C'\fR, -it is possible to query an Entropy Gathering Daemon (\s-1EGD\s0) over a local -socket to obtain randomness and seed the OpenSSL \s-1RNG.\s0 +it is possible to query an Entropy Gathering Daemon (EGD) over a local +socket to obtain randomness and seed the OpenSSL RNG. The protocol used is defined by the EGDs available at or . .PP -\&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the +\&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an EGD at the specified socket \fBpath\fR, and passes the data it receives into \fBRAND_add()\fR. \&\fBRAND_egd()\fR is equivalent to \fBRAND_egd_bytes()\fR with \fBnum\fR set to 255. .PP -\&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at +\&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an EGD at the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. -If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fBRAND_egd_bytes()\fR. -If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and +If \fBbuf\fR is \fBNULL\fR, it is equivalent to \fBRAND_egd_bytes()\fR. +If \fBbuf\fR is not \fBNULL\fR, then the data is copied to the buffer and \&\fBRAND_add()\fR is not called. .PP -OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding +OpenSSL can be configured at build time to try to use the EGD for seeding automatically. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the daemon on success, or \-1 if the connection failed or the daemon did not -return enough data to fully seed the \s-1PRNG.\s0 +return enough data to fully seed the PRNG. .PP \&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on success, or \-1 if the connection failed. @@ -182,12 +107,12 @@ .IX Header "SEE ALSO" \&\fBRAND_add\fR\|(3), \&\fBRAND_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBRAND\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RAND_get0_primary.3.orig +++ secure/lib/libcrypto/man/man3/RAND_get0_primary.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND_GET0_PRIMARY 3ossl" -.TH RAND_GET0_PRIMARY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND_GET0_PRIMARY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND_get0_primary, RAND_get0_public, RAND_get0_private \&\- get access to the global EVP_RAND_CTX instances -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,61 +77,61 @@ \& EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx); \& EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three -shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0 +The default RAND API implementation (\fBRAND_OpenSSL()\fR) utilizes three +shared DRBG instances which are accessed via the RAND API: .PP -The \fIpublic\fR and \fIprivate\fR \s-1DRBG\s0 are thread-local instances, which are used +The \fIpublic\fR and \fIprivate\fR DRBG are thread\-local instances, which are used by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively. -The \fIprimary\fR \s-1DRBG\s0 is a global instance, which is not intended to be used +The \fIprimary\fR DRBG is a global instance, which is not intended to be used directly, but is used internally to reseed the other two instances. .PP -These functions here provide access to the shared \s-1DRBG\s0 instances. +These functions here provide access to the shared DRBG instances. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBRAND_get0_primary()\fR returns a pointer to the \fIprimary\fR \s-1DRBG\s0 instance -for the given \s-1OSSL_LIB_CTX\s0 \fBctx\fR. +\&\fBRAND_get0_primary()\fR returns a pointer to the \fIprimary\fR DRBG instance +for the given OSSL_LIB_CTX \fBctx\fR. .PP -\&\fBRAND_get0_public()\fR returns a pointer to the \fIpublic\fR \s-1DRBG\s0 instance -for the given \s-1OSSL_LIB_CTX\s0 \fBctx\fR. +\&\fBRAND_get0_public()\fR returns a pointer to the \fIpublic\fR DRBG instance +for the given OSSL_LIB_CTX \fBctx\fR. .PP -\&\fBRAND_get0_private()\fR returns a pointer to the \fIprivate\fR \s-1DRBG\s0 instance -for the given \s-1OSSL_LIB_CTX\s0 \fBctx\fR. +\&\fBRAND_get0_private()\fR returns a pointer to the \fIprivate\fR DRBG instance +for the given OSSL_LIB_CTX \fBctx\fR. .PP In all the above cases the \fBctx\fR parameter can -be \s-1NULL\s0 in which case the default \s-1OSSL_LIB_CTX\s0 is used. -.SH "NOTES" +be NULL in which case the default OSSL_LIB_CTX is used. +.SH NOTES .IX Header "NOTES" -It is not thread-safe to access the \fIprimary\fR \s-1DRBG\s0 instance. -The \fIpublic\fR and \fIprivate\fR \s-1DRBG\s0 instance can be accessed safely, because -they are thread-local. Note however, that changes to these two instances +It is not thread\-safe to access the \fIprimary\fR DRBG instance. +The \fIpublic\fR and \fIprivate\fR DRBG instance can be accessed safely, because +they are thread\-local. Note however, that changes to these two instances apply only to the current thread. .PP For that reason it is recommended not to change the settings of these three instances directly. -Instead, an application should change the default settings for new \s-1DRBG\s0 instances +Instead, an application should change the default settings for new DRBG instances at initialization time, before creating additional threads. .PP During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely. .PP -To set the type of \s-1DRBG\s0 that will be instantiated, use the +To set the type of DRBG that will be instantiated, use the \&\fBRAND_set_DRBG_type\fR\|(3) call before accessing the random number generation infrastructure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_RAND\s0\fR\|(3), +\&\fBEVP_RAND\fR\|(3), \&\fBRAND_set_DRBG_type\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RAND_load_file.3.orig +++ secure/lib/libcrypto/man/man3/RAND_load_file.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND_LOAD_FILE 3ossl" -.TH RAND_LOAD_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND_LOAD_FILE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,29 +76,33 @@ \& \& const char *RAND_file_name(char *buf, size_t num); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and -adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is nonnegative, +adds them to the PRNG. If \fBmax_bytes\fR is nonnegative, up to \fBmax_bytes\fR are read; -if \fBmax_bytes\fR is \-1, the complete file is read. +if \fBmax_bytes\fR is \-1, the complete file is read (unless the file +is not a regular file, in that case a fixed number of bytes, +256 in the current implementation, is attempted to be read). +\&\fBRAND_load_file()\fR can read less than the complete file or the requested number +of bytes if it doesn\*(Aqt fit in the return value type. Do not load the same file multiple times unless its contents have been updated by \fBRAND_write_file()\fR between reads. Also, note that \fBfilename\fR should be adequately protected so that an attacker cannot replace or examine the contents. If \fBfilename\fR is not a regular file, then user is considered to be -responsible for any side effects, e.g. non-anticipated blocking or +responsible for any side effects, e.g. non\-anticipated blocking or capture of controlling terminal. .PP \&\fBRAND_write_file()\fR writes a number of random bytes (currently 128) to -file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling +file \fBfilename\fR which can be used to initialize the PRNG by calling \&\fBRAND_load_file()\fR in a later session. .PP \&\fBRAND_file_name()\fR generates a default path for the random seed file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the filename. .PP -On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its +On all systems, if the environment variable \fBRANDFILE\fR is set, its value will be used as the seed filename. Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: .IP "On Windows (in order of preference)" 4 @@ -181,7 +110,7 @@ .Vb 1 \& %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\e .Ve -.IP "On \s-1VMS\s0" 4 +.IP "On VMS" 4 .IX Item "On VMS" .Vb 1 \& SYS$LOGIN: @@ -192,7 +121,7 @@ \& $HOME .Ve .PP -If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or +If \f(CW$HOME\fR (on non\-Windows and non\-VMS system) is not set either, or \&\fBnum\fR is too small for the pathname, an error occurs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -201,18 +130,18 @@ \&\fBRAND_write_file()\fR returns the number of bytes written, or \-1 if the bytes written were generated without appropriate seeding. .PP -\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_add\fR\|(3), \&\fBRAND_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBRAND\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RAND_set_DRBG_type.3.orig +++ secure/lib/libcrypto/man/man3/RAND_set_DRBG_type.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND_SET_DRBG_TYPE 3ossl" -.TH RAND_SET_DRBG_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND_SET_DRBG_TYPE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND_set_DRBG_type, RAND_set_seed_source_type \&\- specify the global random number generator types -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed, \& const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBRAND_set_DRBG_type()\fR specifies the random bit generator that will be used within the library context \fIctx\fR. A generator of name \fIdrbg\fR @@ -164,31 +89,31 @@ \&\fBRAND_set_seed_source_type()\fR specifies the seed source that will be used within the library context \fIctx\fR. The seed source of name \fIseed\fR with properties \fIpropq\fR will be fetched and used to seed the primary -random big generator. +random bit generator. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These function return 1 on success and 0 on failure. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions must be called before the random bit generators are first created in the library context. They will return an error if the call is made too late. .PP -The default \s-1DRBG\s0 is \*(L"CTR-DRBG\*(R" using the \*(L"\s-1AES\-256\-CTR\*(R"\s0 cipher. +The default DRBG is "CTR\-DRBG" using the "AES\-256\-CTR" cipher. .PP -The default seed source is \*(L"SEED-SRC\*(R". +The default seed source is "SEED\-SRC". .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_RAND\s0\fR\|(3), +\&\fBEVP_RAND\fR\|(3), \&\fBRAND_get0_primary\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RAND_set_rand_method.3.orig +++ secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND_SET_RAND_METHOD 3ossl" -.TH RAND_SET_RAND_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND_SET_RAND_METHOD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -157,26 +82,26 @@ \& \& const RAND_METHOD *RAND_get_rand_method(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBRAND_set_DRBG_type\fR\|(3), -\&\s-1\fBEVP_RAND\s0\fR\|(3) and \s-1\fBEVP_RAND\s0\fR\|(7). +\&\fBEVP_RAND\fR\|(3) and \fBEVP_RAND\fR\|(7). .PP -A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +A \fBRAND_METHOD\fR specifies the functions that OpenSSL uses for random number generation. .PP -\&\fBRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. -This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. +\&\fBRAND_OpenSSL()\fR returns the default \fBRAND_METHOD\fR implementation by OpenSSL. +This implementation ensures that the PRNG state is unique for each thread. .PP -If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will +If an \fBENGINE\fR is loaded that provides the RAND API, however, it will be used instead of the method returned by \fBRAND_OpenSSL()\fR. This is deprecated in OpenSSL 3.0. .PP -\&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an -\&\s-1ENGINE\s0 was providing the method, it will be released first. +\&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for PRNG use. If an +ENGINE was providing the method, it will be released first. .PP -\&\fBRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. +\&\fBRAND_get_rand_method()\fR returns a pointer to the current \fBRAND_METHOD\fR. .SH "THE RAND_METHOD STRUCTURE" .IX Header "THE RAND_METHOD STRUCTURE" .Vb 8 @@ -191,9 +116,9 @@ .Ve .PP The fields point to functions that are used by, in order, -\&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR +\&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal RAND cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR and \fBRAND_status()\fR. -Each pointer may be \s-1NULL\s0 if the function is not implemented. +Each pointer may be NULL if the function is not implemented. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_set_rand_method()\fR returns 1 on success and 0 on failure. @@ -201,20 +126,20 @@ methods. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_RAND\s0\fR\|(3), +\&\fBEVP_RAND\fR\|(3), \&\fBRAND_set_DRBG_type\fR\|(3), \&\fBRAND_bytes\fR\|(3), \&\fBENGINE_by_id\fR\|(3), -\&\s-1\fBEVP_RAND\s0\fR\|(7), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBEVP_RAND\fR\|(7), +\&\fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RC4_set_key.3.orig +++ secure/lib/libcrypto/man/man3/RC4_set_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RC4_SET_KEY 3ossl" -.TH RC4_SET_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RC4_SET_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RC4_set_key, RC4 \- RC4 encryption -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -156,37 +81,37 @@ \& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, \& unsigned char *outdata); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_EncryptInit_ex\fR\|(3), \fBEVP_EncryptUpdate\fR\|(3) and \&\fBEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. .PP -This library implements the Alleged \s-1RC4\s0 cipher, which is described for +This library implements the Alleged RC4 cipher, which is described for example in \fIApplied Cryptography\fR. It is believed to be compatible -with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. +with RC4[TM], a proprietary cipher of RSA Security Inc. .PP -\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit +RC4 is a stream cipher with variable key length. Typically, 128 bit (16 byte) keys are used for strong encryption, but shorter insecure key sizes have been widely used due to export restrictions. .PP -\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or +RC4 consists of a key setup phase and the actual encryption or decryption phase. .PP -\&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +\&\fBRC4_set_key()\fR sets up the \fBRC4_KEY\fR \fBkey\fR using the \fBlen\fR bytes long key at \fBdata\fR. .PP -\&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using -\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fBRC4\s0()\fR calls with +\&\fBRC4()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \fBRC4()\fR calls with the same \fBkey\fR yield a continuous key stream. .PP -Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random +Since RC4 is a stream cipher (the input is XORed with a pseudo\-random key stream to produce the output), decryption uses the same function calls as encryption. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values. -.SH "NOTE" +\&\fBRC4_set_key()\fR and \fBRC4()\fR do not return values. +.SH NOTE .IX Header "NOTE" Applications should use the higher level functions \&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these @@ -197,14 +122,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RIPEMD160_Init.3.orig +++ secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RIPEMD160_INIT 3ossl" -.TH RIPEMD160_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RIPEMD160_INIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash function -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -159,56 +84,56 @@ \& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); \& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) and \fBEVP_DigestFinal_ex\fR\|(3). .PP -\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a +RIPEMD\-160 is a cryptographic hash function with a 160 bit output. .PP -\&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR +\&\fBRIPEMD160()\fR computes the RIPEMD\-160 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If \fBmd\fR is NULL, the digest is placed in a static array. .PP The following functions may be used if the message is not completely stored in memory: .PP -\&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +\&\fBRIPEMD160_Init()\fR initializes a \fBRIPEMD160_CTX\fR structure. .PP \&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have -space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases -the \fB\s-1RIPEMD160_CTX\s0\fR. +space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases +the \fBRIPEMD160_CTX\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value. +\&\fBRIPEMD160()\fR returns a pointer to the hash value. .PP \&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for success, 0 otherwise. -.SH "NOTE" +.SH NOTE .IX Header "NOTE" Applications should use the higher level functions \&\fBEVP_DigestInit\fR\|(3) etc. instead of calling these functions directly. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +ISO/IEC 10118\-3:2016 Dedicated Hash\-Function 1 (RIPEMD\-160). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_blinding_on.3.orig +++ secure/lib/libcrypto/man/man3/RSA_blinding_on.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_BLINDING_ON 3ossl" -.TH RSA_BLINDING_ON 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_BLINDING_ON 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -155,17 +80,17 @@ \& \& void RSA_blinding_off(RSA *rsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. .PP -\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can -measure the time of \s-1RSA\s0 decryption or signature operations, blinding -must be used to protect the \s-1RSA\s0 operation from that attack. +RSA is vulnerable to timing attacks. In a setup where attackers can +measure the time of RSA decryption or signature operations, blinding +must be used to protect the RSA operation from that attack. .PP \&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a -random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a preallocated and -initialized \fB\s-1BN_CTX\s0\fR. +random blinding factor. \fBctx\fR is \fBNULL\fR or a preallocated and +initialized \fBBN_CTX\fR. .PP \&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for the blinding factor. @@ -174,14 +99,14 @@ \&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. .PP \&\fBRSA_blinding_off()\fR returns no value. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_check_key.3.orig +++ secure/lib/libcrypto/man/man3/RSA_check_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_CHECK_KEY 3ossl" -.TH RSA_CHECK_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_CHECK_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_check_key_ex, RSA_check_key \- validate private RSA keys -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -155,71 +80,71 @@ \& \& int RSA_check_key(const RSA *rsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Both of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_public_check\fR\|(3), \&\fBEVP_PKEY_private_check\fR\|(3) and \fBEVP_PKEY_pairwise_check\fR\|(3). .PP -\&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. +\&\fBRSA_check_key_ex()\fR function validates RSA keys. It checks that \fBp\fR and \fBq\fR are in fact prime, and that \fBn = p*q\fR. .PP -It does not work on \s-1RSA\s0 public keys that have only the modulus +It does not work on RSA public keys that have only the modulus and public exponent elements populated. It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR, -and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. +and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fBNULL\fR. It performs integrity checks on all -the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private +the RSA key material, so the RSA key structure must contain all the private key data too. -Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, -even if it is otherwise fit for regular \s-1RSA\s0 operation. +Therefore, it cannot be used with any arbitrary RSA key object, +even if it is otherwise fit for regular RSA operation. .PP The \fBcb\fR parameter is a callback that will be invoked in the same manner as \fBBN_is_prime_ex\fR\|(3). .PP -\&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. +\&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a NULL \fBcb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_check_key_ex()\fR and \fBRSA_check_key()\fR -return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. +return 1 if \fBrsa\fR is a valid RSA key, and 0 otherwise. They return \-1 if an error occurs while checking the key. .PP If the key is invalid or an error occurred, the reason code can be obtained using \fBERR_get_error\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work -transparently with any underlying \s-1ENGINE\s0 implementation because it uses the -key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +Unlike most other RSA functions, this function does \fBnot\fR work +transparently with any underlying ENGINE implementation because it uses the +key data in the RSA structure directly. An ENGINE implementation can override the way key data is stored and handled, and can even provide -support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR -key data at all! If the \s-1ENGINE\s0 in question is only being used for -acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data -is complete and untouched, but this can't be assumed in the general case. -.SH "BUGS" +support for HSM keys \- in which case the RSA structure may contain \fBno\fR +key data at all! If the ENGINE in question is only being used for +acceleration or analysis purposes, then in all likelihood the RSA key data +is complete and untouched, but this can\*(Aqt be assumed in the general case. +.SH BUGS .IX Header "BUGS" -A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need -to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure -elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and -completely violating encapsulation and object-orientation in the process). -The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the -\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +A method of verifying the RSA key using opaque RSA API functions might need +to be considered. Right now \fBRSA_check_key()\fR simply uses the RSA structure +elements directly, bypassing the RSA_METHOD table altogether (and +completely violating encapsulation and object\-orientation in the process). +The best fix will probably be to introduce a "\fBcheck_key()\fR" handler to the +RSA_METHOD function table so that alternative implementations can also provide their own verifiers. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_is_prime_ex\fR\|(3), \&\fBERR_get_error\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP \&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_generate_key.3.orig +++ secure/lib/libcrypto/man/man3/RSA_generate_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_GENERATE_KEY 3ossl" -.TH RSA_GENERATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_GENERATE_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_RSA_gen, RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key \- generate RSA key pair -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,7 +76,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -160,29 +85,29 @@ .Ve .PP The following function has been deprecated since OpenSSL 0.9.8, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& RSA *RSA_generate_key(int bits, unsigned long e, \& void (*callback)(int, int, void *), void *cb_arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBEVP_RSA_gen()\fR generates a new \s-1RSA\s0 key pair with modulus size \fIbits\fR. +\&\fBEVP_RSA_gen()\fR generates a new RSA key pair with modulus size \fIbits\fR. .PP All of the functions described below are deprecated. Applications should instead use \fBEVP_RSA_gen()\fR, \fBEVP_PKEY_Q_keygen\fR\|(3), or \&\fBEVP_PKEY_keygen_init\fR\|(3) and \fBEVP_PKEY_keygen\fR\|(3). .PP -\&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the -\&\fB\s-1RSA\s0\fR structure provided in \fIrsa\fR. +\&\fBRSA_generate_key_ex()\fR generates a 2\-prime RSA key pair and stores it in the +\&\fBRSA\fR structure provided in \fIrsa\fR. .PP -\&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores -it in the \fB\s-1RSA\s0\fR structure provided in \fIrsa\fR. The number of primes is given by +\&\fBRSA_generate_multi_prime_key()\fR generates a multi\-prime RSA key pair and stores +it in the \fBRSA\fR structure provided in \fIrsa\fR. The number of primes is given by the \fIprimes\fR parameter. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .PP The modulus size will be of length \fIbits\fR, the number of primes to form the modulus will be \fIprimes\fR, and the public exponent will be \fIe\fR. Key sizes @@ -199,20 +124,20 @@ .Ve .PP A callback function may be used to provide feedback about the -progress of the key generation. If \fIcb\fR is not \s-1NULL,\s0 it +progress of the key generation. If \fIcb\fR is not NULL, it will be called as follows using the \fBBN_GENCB_call()\fR function described on the \fBBN_generate_prime\fR\|(3) page. .PP \&\fBRSA_generate_key()\fR is similar to \fBRSA_generate_key_ex()\fR but -expects an old-style callback function; see -\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. -.IP "\(bu" 2 +expects an old\-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old\-style callback. +.IP \(bu 2 While a random prime number is generated, it is called as described in \fBBN_generate_prime\fR\|(3). -.IP "\(bu" 2 +.IP \(bu 2 When the n\-th randomly generated prime is rejected as not suitable for the key, \fIBN_GENCB_call(cb, 2, n)\fR is called. -.IP "\(bu" 2 +.IP \(bu 2 When a random p has been found with p\-1 relatively prime to \fIe\fR, it is called as \fIBN_GENCB_call(cb, 3, 0)\fR. .PP @@ -220,32 +145,32 @@ with \fIBN_GENCB_call(cb, 3, i)\fR where \fIi\fR indicates the i\-th prime. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_RSA_gen()\fR returns an \fI\s-1EVP_PKEY\s0\fR or \s-1NULL\s0 on failure. +\&\fBEVP_RSA_gen()\fR returns an \fIEVP_PKEY\fR or NULL on failure. .PP \&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. \&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP -\&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or -\&\s-1NULL\s0 if the key generation fails. -.SH "BUGS" +\&\fBRSA_generate_key()\fR returns a pointer to the RSA structure or +NULL if the key generation fails. +.SH BUGS .IX Header "BUGS" \&\fIBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_Q_keygen\fR\|(3) \&\fBBN_generate_prime\fR\|(3), \fBERR_get_error\fR\|(3), -\&\fBRAND_bytes\fR\|(3), \s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND_bytes\fR\|(3), \fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" \&\fBEVP_RSA_gen()\fR was added in OpenSSL 3.0. All other functions described here were deprecated in OpenSSL 3.0. -For replacement see \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7). -.SH "COPYRIGHT" +For replacement see \fBEVP_PKEY\-RSA\fR\|(7). +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_get0_key.3.orig +++ secure/lib/libcrypto/man/man3/RSA_get0_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_GET0_KEY 3ossl" -.TH RSA_GET0_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_GET0_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, @@ -148,14 +73,14 @@ RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version \&\- Routines for getting and setting data in an RSA object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 10 @@ -189,41 +114,41 @@ \& BIGNUM *coeffs[], int pnum); \& int RSA_get_version(RSA *r); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_get_bn_param\fR\|(3) for any methods that -return a \fB\s-1BIGNUM\s0\fR. Refer to \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) for more information. +return a \fBBIGNUM\fR. Refer to \fBEVP_PKEY\-DH\fR\|(7) for more information. .PP -An \s-1RSA\s0 object contains the components for the public and private key, +An RSA object contains the components for the public and private key, \&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is the modulus common to both public and private key, \fBe\fR is the public exponent and \fBd\fR is the private exponent. \fBp\fR, \fBq\fR, \fBdmp1\fR, \&\fBdmq1\fR and \fBiqmp\fR are the factors for the second representation of a private key (see PKCS#1 section 3 Key Types), where \fBp\fR and \fBq\fR are the first and second factor of \fBn\fR and \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR -are the exponents and coefficient for \s-1CRT\s0 calculations. +are the exponents and coefficient for CRT calculations. .PP -For multi-prime \s-1RSA\s0 (defined in \s-1RFC 8017\s0), there are also one or more -\&'triplet' in an \s-1RSA\s0 object. A triplet contains three members, \fBr\fR, \fBd\fR +For multi\-prime RSA (defined in RFC 8017), there are also one or more +\&\*(Aqtriplet\*(Aq in an RSA object. A triplet contains three members, \fBr\fR, \fBd\fR and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\fR and -\&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. +\&\fBt\fR are the exponent and coefficient for CRT calculations. .PP The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling \&\fBRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and -\&\fB*d\fR will be set to \s-1NULL.\s0 Otherwise, they are set to pointers to +\&\fB*d\fR will be set to NULL. Otherwise, they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed by the caller. .PP The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling \&\fBRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as -parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL -the first time this function is called on a given \s-1RSA\s0 object. The -value \fBd\fR may be \s-1NULL.\s0 On subsequent calls any of these values may be -\&\s-1NULL\s0 which means the corresponding \s-1RSA\s0 field is left untouched. +parameters to the function. The values \fBn\fR and \fBe\fR must be non\-NULL +the first time this function is called on a given RSA object. The +value \fBd\fR may be NULL. On subsequent calls any of these values may be +NULL which means the corresponding RSA field is left untouched. Calling this function transfers the memory management of the values to -the \s-1RSA\s0 object, and therefore the values that have been passed in +the RSA object, and therefore the values that have been passed in should not be freed by the caller after this function has been called. .PP In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and @@ -232,38 +157,38 @@ \&\fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. .PP For \fBRSA_get0_key()\fR, \fBRSA_get0_factors()\fR, and \fBRSA_get0_crt_params()\fR, -\&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions -ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. +NULL value BIGNUM ** output parameters are permitted. The functions +ignore NULL parameters but return values for other, non\-NULL, parameters. .PP -For multi-prime \s-1RSA,\s0 \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR -can be used to obtain other primes and related \s-1CRT\s0 parameters. The -return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fBRSA_set0_multi_prime_params()\fR -sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) -into an \s-1RSA\s0 object. +For multi\-prime RSA, \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR +can be used to obtain other primes and related CRT parameters. The +return values are stored in an array of \fBBIGNUM *\fR. \fBRSA_set0_multi_prime_params()\fR +sets a collect of multi\-prime \*(Aqtriplet\*(Aq members (prime, exponent and coefficient) +into an RSA object. .PP Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be retrieved separately by the corresponding function \&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, \&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR, respectively. .PP -\&\fBRSA_get0_pss_params()\fR is used to retrieve the RSA-PSS parameters. +\&\fBRSA_get0_pss_params()\fR is used to retrieve the RSA\-PSS parameters. .PP -\&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 +\&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the RSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. \fBRSA_test_flags()\fR tests to see whether the flags passed in the \fBflags\fR parameter are currently -set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All +set in the RSA object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. \fBRSA_clear_flags()\fR clears the specified flags within the -\&\s-1RSA\s0 object. +RSA object. .PP -\&\fBRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for -this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +\&\fBRSA_get0_engine()\fR returns a handle to the ENGINE that has been set for +this RSA object, or NULL if no such ENGINE has been set. .PP -\&\fBRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. -.SH "NOTES" +\&\fBRSA_get_version()\fR returns the version of an RSA object \fBr\fR. +.SH NOTES .IX Header "NOTES" -Values retrieved with \fBRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used +Values retrieved with \fBRSA_get0_key()\fR are owned by the RSA object used in the call and may therefore \fInot\fR be passed to \fBRSA_set0_key()\fR. If needed, duplicate the received value using \fBBN_dup()\fR and pass the duplicate. The same applies to \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR @@ -273,8 +198,8 @@ in advance and allocate sufficient buffer to store the return values before calling \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR. .PP -\&\fBRSA_set0_multi_prime_params()\fR always clears the original multi-prime -triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. +\&\fBRSA_set0_multi_prime_params()\fR always clears the original multi\-prime +triplets in RSA object \fBr\fR and assign the new set of triplets into it. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_set0_key()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_crt_params()\fR and @@ -284,27 +209,27 @@ \&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR return the respective value. .PP -\&\fBRSA_get0_pss_params()\fR returns a \fB\s-1RSA_PSS_PARAMS\s0\fR pointer, or \s-1NULL\s0 if +\&\fBRSA_get0_pss_params()\fR returns a \fBRSA_PSS_PARAMS\fR pointer, or NULL if there is none. .PP \&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return 1 on success or 0 on failure. .PP \&\fBRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes -in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for -multi-prime \s-1RSA.\s0 +in use, which is 0 for traditional RSA and the number of extra primes for +multi\-prime RSA. .PP -\&\fBRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and -\&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA,\s0 as defined in \s-1RFC 8017.\s0 +\&\fBRSA_get_version()\fR returns \fBRSA_ASN1_VERSION_MULTI\fR for multi\-prime RSA and +\&\fBRSA_ASN1_VERSION_DEFAULT\fR for normal two\-prime RSA, as defined in RFC 8017. .PP -\&\fBRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. +\&\fBRSA_test_flags()\fR returns the current state of the flags in the RSA object. .PP -\&\fBRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no -\&\s-1ENGINE\s0 has been set. +\&\fBRSA_get0_engine()\fR returns the ENGINE set for the RSA object or NULL if no +ENGINE has been set. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRSA_new\fR\|(3), \fBRSA_size\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBRSA_get0_pss_params()\fR function was added in OpenSSL 1.1.1e. .PP @@ -316,11 +241,11 @@ Other functions described here were added in OpenSSL 1.1.0. .PP All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_meth_new.3.orig +++ secure/lib/libcrypto/man/man3/RSA_meth_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_METH_NEW 3ossl" -.TH RSA_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_METH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, @@ -152,14 +77,14 @@ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen \&\- Routines to build up RSA methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -264,62 +189,62 @@ \& int primes, BIGNUM *e, \& BN_GENCB *cb)); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. -Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +Applications should instead use the OSSL_PROVIDER APIs. .PP -The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom -\&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL -for the implementation of the various \s-1RSA\s0 capabilities. +The \fBRSA_METHOD\fR type is a structure used for the provision of custom +RSA implementations. It provides a set of functions used by OpenSSL +for the implementation of the various RSA capabilities. .PP -\&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be +\&\fBRSA_meth_new()\fR creates a new \fBRSA_METHOD\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a -\&\s-1NULL\s0 terminated string, which will be duplicated and stored in the -\&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the +NULL terminated string, which will be duplicated and stored in the +\&\fBRSA_METHOD\fR object. It is the callers responsibility to free the original string. The flags will be used during the construction of a -new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object +new \fBRSA\fR object based on this \fBRSA_METHOD\fR. Any new \fBRSA\fR object will have those flags set by default. .PP -\&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object +\&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fBRSA_METHOD\fR object passed as a parameter. This might be useful for creating a new -\&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. +\&\fBRSA_METHOD\fR based on an existing one, but with some differences. .PP -\&\fBRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any -memory associated with it. +\&\fBRSA_meth_free()\fR destroys an \fBRSA_METHOD\fR structure and frees up any +memory associated with it. If the argument is NULL, nothing is done. .PP \&\fBRSA_meth_get0_name()\fR will return a pointer to the name of this -\&\s-1RSA_METHOD.\s0 This is a pointer to the internal name string and so +RSA_METHOD. This is a pointer to the internal name string and so should not be freed by the caller. \fBRSA_meth_set1_name()\fR sets the name -of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is -stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible +of the RSA_METHOD to \fBname\fR. The string is duplicated and the copy is +stored in the RSA_METHOD structure, so the caller remains responsible for freeing the memory associated with the name. .PP \&\fBRSA_meth_get_flags()\fR returns the current value of the flags associated -with this \s-1RSA_METHOD.\s0 \fBRSA_meth_set_flags()\fR provides the ability to set +with this RSA_METHOD. \fBRSA_meth_set_flags()\fR provides the ability to set these flags. .PP The functions \fBRSA_meth_get0_app_data()\fR and \fBRSA_meth_set0_app_data()\fR provide the ability to associate implementation specific data with the -\&\s-1RSA_METHOD.\s0 It is the application's responsibility to free this data -before the \s-1RSA_METHOD\s0 is freed via a call to \fBRSA_meth_free()\fR. +RSA_METHOD. It is the application\*(Aqs responsibility to free this data +before the RSA_METHOD is freed via a call to \fBRSA_meth_free()\fR. .PP \&\fBRSA_meth_get_sign()\fR and \fBRSA_meth_set_sign()\fR get and set the function -used for creating an \s-1RSA\s0 signature respectively. This function will be +used for creating an RSA signature respectively. This function will be called in response to the application calling \fBRSA_sign()\fR. The parameters for the function have the same meaning as for \fBRSA_sign()\fR. .PP \&\fBRSA_meth_get_verify()\fR and \fBRSA_meth_set_verify()\fR get and set the -function used for verifying an \s-1RSA\s0 signature respectively. This +function used for verifying an RSA signature respectively. This function will be called in response to the application calling \&\fBRSA_verify()\fR. The parameters for the function have the same meaning as for \fBRSA_verify()\fR. .PP \&\fBRSA_meth_get_mod_exp()\fR and \fBRSA_meth_set_mod_exp()\fR get and set the -function used for \s-1CRT\s0 computations. +function used for CRT computations. .PP \&\fBRSA_meth_get_bn_mod_exp()\fR and \fBRSA_meth_set_bn_mod_exp()\fR get and set -the function used for \s-1CRT\s0 computations, specifically the following +the function used for CRT computations, specifically the following value: .PP .Vb 1 @@ -331,30 +256,30 @@ verification. .PP \&\fBRSA_meth_get_init()\fR and \fBRSA_meth_set_init()\fR get and set the function -used for creating a new \s-1RSA\s0 instance respectively. This function will +used for creating a new RSA instance respectively. This function will be called in response to the application calling \fBRSA_new()\fR (if the -current default \s-1RSA_METHOD\s0 is this one) or \fBRSA_new_method()\fR. The +current default RSA_METHOD is this one) or \fBRSA_new_method()\fR. The \&\fBRSA_new()\fR and \fBRSA_new_method()\fR functions will allocate the memory for -the new \s-1RSA\s0 object, and a pointer to this newly allocated structure +the new RSA object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be -\&\s-1NULL.\s0 +NULL. .PP \&\fBRSA_meth_get_finish()\fR and \fBRSA_meth_set_finish()\fR get and set the -function used for destroying an instance of an \s-1RSA\s0 object respectively. +function used for destroying an instance of an RSA object respectively. This function will be called in response to the application calling -\&\fBRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a -parameter. The destroy function should be used for \s-1RSA\s0 implementation -specific clean up. The memory for the \s-1RSA\s0 itself should not be freed -by this function. This function may be \s-1NULL.\s0 +\&\fBRSA_free()\fR. A pointer to the RSA to be destroyed is passed as a +parameter. The destroy function should be used for RSA implementation +specific clean up. The memory for the RSA itself should not be freed +by this function. This function may be NULL. .PP \&\fBRSA_meth_get_keygen()\fR and \fBRSA_meth_set_keygen()\fR get and set the -function used for generating a new \s-1RSA\s0 key pair respectively. This +function used for generating a new RSA key pair respectively. This function will be called in response to the application calling \&\fBRSA_generate_key_ex()\fR. The parameter for the function has the same meaning as for \fBRSA_generate_key_ex()\fR. .PP \&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR get -and set the function used for generating a new multi-prime \s-1RSA\s0 key pair +and set the function used for generating a new multi\-prime RSA key pair respectively. This function will be called in response to the application calling \&\fBRSA_generate_multi_prime_key()\fR. The parameter for the function has the same meaning as for \fBRSA_generate_multi_prime_key()\fR. @@ -370,13 +295,13 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_meth_new()\fR and \fBRSA_meth_dup()\fR return the newly allocated -\&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. +RSA_METHOD object or NULL on failure. .PP \&\fBRSA_meth_get0_name()\fR and \fBRSA_meth_get_flags()\fR return the name and -flags associated with the \s-1RSA_METHOD\s0 respectively. +flags associated with the RSA_METHOD respectively. .PP All other RSA_meth_get_*() functions return the appropriate function -pointer that has been set in the \s-1RSA_METHOD,\s0 or \s-1NULL\s0 if no such +pointer that has been set in the RSA_METHOD, or NULL if no such pointer has yet been set. .PP RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on @@ -386,7 +311,7 @@ \&\fBRSA_new\fR\|(3), \fBRSA_generate_key_ex\fR\|(3), \fBRSA_sign\fR\|(3), \&\fBRSA_set_method\fR\|(3), \fBRSA_size\fR\|(3), \fBRSA_get0_key\fR\|(3), \&\fBRSA_generate_multi_prime_key\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP @@ -394,11 +319,11 @@ added in OpenSSL 1.1.1. .PP Other functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_new.3.orig +++ secure/lib/libcrypto/man/man3/RSA_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_NEW 3ossl" -.TH RSA_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_new, RSA_free \- allocate and free RSA objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -155,17 +80,17 @@ \& \& void RSA_free(RSA *rsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to -calling RSA_new_method(\s-1NULL\s0). +\&\fBRSA_new()\fR allocates and initializes an \fBRSA\fR structure. It is equivalent to +calling RSA_new_method(NULL). .PP -\&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +\&\fBRSA_free()\fR frees the \fBRSA\fR structure and its components. The key is erased before the memory is returned to the system. -If \fBrsa\fR is \s-1NULL\s0 nothing is done. +If \fBrsa\fR is NULL nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +If the allocation fails, \fBRSA_new()\fR returns \fBNULL\fR and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP @@ -175,15 +100,15 @@ \&\fBERR_get_error\fR\|(3), \&\fBRSA_generate_key\fR\|(3), \&\fBRSA_new_method\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All functions described here were deprecated in OpenSSL 3.0. -For replacement see \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7). -.SH "COPYRIGHT" +For replacement see \fBEVP_PKEY\-RSA\fR\|(7). +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3.orig +++ secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3ossl" -.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption padding -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -192,19 +117,19 @@ \& int RSA_padding_check_none(unsigned char *to, int tlen, \& const unsigned char *f, int fl, int rsa_len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. -Applications should instead use the \s-1EVP PKEY\s0 APIs. +Applications should instead use the EVP PKEY APIs. .PP -The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +The \fBRSA_padding_xxx_xxx()\fR functions are called from the RSA encrypt, decrypt, sign and verify functions. Normally they should not be called from application programs. .PP However, they can also be called directly to implement padding for other asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and \&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined -with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding +with \fBRSA_NO_PADDING\fR in order to implement OAEP with an encoding parameter. .PP \&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into @@ -212,73 +137,73 @@ does not meet the size requirements of the encoding method. .PP The following encoding methods are implemented: -.IP "PKCS1_type_1" 4 +.IP PKCS1_type_1 4 .IX Item "PKCS1_type_1" -\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures -.IP "PKCS1_type_2" 4 +PKCS #1 v2.0 EMSA\-PKCS1\-v1_5 (PKCS #1 v1.5 block type 1); used for signatures +.IP PKCS1_type_2 4 .IX Item "PKCS1_type_2" -\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) -.IP "\s-1PKCS1_OAEP\s0" 4 +PKCS #1 v2.0 EME\-PKCS1\-v1_5 (PKCS #1 v1.5 block type 2) +.IP PKCS1_OAEP 4 .IX Item "PKCS1_OAEP" -\&\s-1PKCS\s0 #1 v2.0 EME-OAEP -.IP "none" 4 +PKCS #1 v2.0 EME\-OAEP +.IP none 4 .IX Item "none" simply copy the data .PP The random number generator must be seeded prior to calling \&\fBRSA_padding_add_xxx()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .PP \&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain -a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective +a valid encoding for a \fBrsa_len\fR byte RSA key in the respective encoding method and stores the recovered data of at most \fBtlen\fR bytes -(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) +(for \fBRSA_NO_PADDING\fR: of size \fBtlen\fR) at \fBto\fR. .PP For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter -of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. +of length \fBpl\fR. \fBp\fR may be \fBNULL\fR if \fBpl\fR is 0. .PP For \fBRSA_padding_xxx_OAEP_mgf1()\fR, \fBmd\fR points to the md hash, -if \fBmd\fR is \fB\s-1NULL\s0\fR that means md=sha1, and \fBmgf1md\fR points to -the mgf1 hash, if \fBmgf1md\fR is \fB\s-1NULL\s0\fR that means mgf1md=md. +if \fBmd\fR is \fBNULL\fR that means md=sha1, and \fBmgf1md\fR points to +the mgf1 hash, if \fBmgf1md\fR is \fBNULL\fR that means mgf1md=md. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. The \fBRSA_padding_check_xxx()\fR functions return the length of the recovered data, \-1 on error. Error codes can be obtained by calling \&\fBERR_get_error\fR\|(3). -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" The result of \fBRSA_padding_check_PKCS1_type_2()\fR is a very sensitive information which can potentially be used to mount a Bleichenbacher -padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 -v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. If that is not +padding oracle attack. This is an inherent weakness in the PKCS #1 +v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not possible, the result of \fBRSA_padding_check_PKCS1_type_2()\fR should be checked in constant time if it matches the expected length of the plaintext and additionally some application specific consistency checks on the plaintext need to be performed in constant time. If the plaintext is rejected it must be kept secret which of the checks caused the application to reject the message. -Do not remove the zero-padding from the decrypted raw \s-1RSA\s0 data -which was computed by \fBRSA_private_decrypt()\fR with \fB\s-1RSA_NO_PADDING\s0\fR, +Do not remove the zero\-padding from the decrypted raw RSA data +which was computed by \fBRSA_private_decrypt()\fR with \fBRSA_NO_PADDING\fR, as this would create a small timing side channel which could be used to mount a Bleichenbacher attack against any padding mode -including \s-1PKCS1_OAEP.\s0 +including PKCS1_OAEP. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRSA_public_encrypt\fR\|(3), \&\fBRSA_private_decrypt\fR\|(3), \&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_print.3.orig +++ secure/lib/libcrypto/man/man3/RSA_print.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,87 +53,28 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_PRINT 3ossl" -.TH RSA_PRINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_PRINT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -160,7 +85,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 4 @@ -173,21 +98,21 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& int DHparams_print(BIO *bp, DH *x); \& int DHparams_print_fp(FILE *fp, const DH *x); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_print_params\fR\|(3) and \&\fBEVP_PKEY_print_private\fR\|(3). .PP -A human-readable hexadecimal output of the components of the \s-1RSA\s0 -key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. +A human\-readable hexadecimal output of the components of the RSA +key, DSA parameters or key or DH parameters is printed to \fBbp\fR or \fBfp\fR. .PP The output lines are indented by \fBoffset\fR spaces. .SH "RETURN VALUES" @@ -203,14 +128,14 @@ \& L, \& L .Ve -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_private_encrypt.3.orig +++ secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_PRIVATE_ENCRYPT 3ossl" -.TH RSA_PRIVATE_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_PRIVATE_ENCRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_private_encrypt, RSA_public_decrypt \- low\-level signature operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -157,14 +82,14 @@ \& int RSA_public_decrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Both of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_sign_init_ex\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify_recover_init\fR\|(3), and \&\fBEVP_PKEY_verify_recover\fR\|(3). .PP -These functions handle \s-1RSA\s0 signatures at a low-level. +These functions handle RSA signatures at a low\-level. .PP \&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a message digest with an algorithm identifier) using the private key @@ -172,20 +97,20 @@ \&\fBRSA_size(rsa)\fR bytes of memory. .PP \&\fBpadding\fR denotes one of the following modes: -.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IP RSA_PKCS1_PADDING 4 .IX Item "RSA_PKCS1_PADDING" -\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the -\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or -verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be +PKCS #1 v1.5 padding. This function does not handle the +\&\fBalgorithmIdentifier\fR specified in PKCS #1. When generating or +verifying PKCS #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be used. -.IP "\s-1RSA_NO_PADDING\s0" 4 +.IP RSA_NO_PADDING 4 .IX Item "RSA_NO_PADDING" -Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement +Raw RSA signature. This mode should \fIonly\fR be used to implement cryptographically sound padding modes in the application code. -Signing user data directly with \s-1RSA\s0 is insecure. +Signing user data directly with RSA is insecure. .PP \&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR -bytes long signature at \fBfrom\fR using the signer's public key +bytes long signature at \fBfrom\fR using the signer\*(Aqs public key \&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the message digest (which is smaller than \fBRSA_size(rsa) \- 11\fR). \fBpadding\fR is the padding mode that was used to sign the data. @@ -202,14 +127,14 @@ \&\fBERR_get_error\fR\|(3), \&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify_recover\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" Both of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_public_encrypt.3.orig +++ secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_PUBLIC_ENCRYPT 3ossl" -.TH RSA_PUBLIC_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_PUBLIC_ENCRYPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -157,7 +82,7 @@ \& int RSA_private_decrypt(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Both of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_encrypt_init_ex\fR\|(3), @@ -169,25 +94,25 @@ \&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. .PP \&\fBpadding\fR denotes one of the following modes: -.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IP RSA_PKCS1_PADDING 4 .IX Item "RSA_PKCS1_PADDING" -\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. -However, it is highly recommended to use \s-1RSA_PKCS1_OAEP_PADDING\s0 in -new applications. \s-1SEE WARNING BELOW.\s0 -.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 +PKCS #1 v1.5 padding. This currently is the most widely used mode. +However, it is highly recommended to use RSA_PKCS1_OAEP_PADDING in +new applications. SEE WARNING BELOW. +.IP RSA_PKCS1_OAEP_PADDING 4 .IX Item "RSA_PKCS1_OAEP_PADDING" -EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty +EME\-OAEP as defined in PKCS #1 v2.0 with SHA\-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications. -.IP "\s-1RSA_NO_PADDING\s0" 4 +.IP RSA_NO_PADDING 4 .IX Item "RSA_NO_PADDING" -Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement +Raw RSA encryption. This mode should \fIonly\fR be used to implement cryptographically sound padding modes in the application code. -Encrypting user data directly with \s-1RSA\s0 is insecure. +Encrypting user data directly with RSA is insecure. .PP -\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 +\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the PKCS #1 v1.5 based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for -\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 -When a padding mode other than \s-1RSA_NO_PADDING\s0 is in use, then +RSA_PKCS1_OAEP_PADDING and exactly RSA_size(\fBrsa\fR) for RSA_NO_PADDING. +When a padding mode other than RSA_NO_PADDING is in use, then \&\fBRSA_public_encrypt()\fR will include some random bytes into the ciphertext and therefore the ciphertext will be different each time, even if the plaintext and the public key are exactly identical. @@ -201,9 +126,9 @@ bytes are in the ciphertext. Those are not important and may be removed, but \fBRSA_public_encrypt()\fR does not do that. \fBto\fR must point to a memory section large enough to hold the maximal possible decrypted -data (which is equal to RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING,\s0 -RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes and -RSA_size(\fBrsa\fR) \- 42 for \s-1RSA_PKCS1_OAEP_PADDING\s0). +data (which is equal to RSA_size(\fBrsa\fR) for RSA_NO_PADDING, +RSA_size(\fBrsa\fR) \- 11 for the PKCS #1 v1.5 based padding modes and +RSA_size(\fBrsa\fR) \- 42 for RSA_PKCS1_OAEP_PADDING). \&\fBpadding\fR is the padding mode that was used to encrypt the data. \&\fBto\fR and \fBfrom\fR may overlap. .SH "RETURN VALUES" @@ -215,27 +140,27 @@ .PP On error, \-1 is returned; the error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" -Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information +Decryption failures in the RSA_PKCS1_PADDING mode leak information which can potentially be used to mount a Bleichenbacher padding oracle -attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding -design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 +attack. This is an inherent weakness in the PKCS #1 v1.5 padding +design. Prefer RSA_PKCS1_OAEP_PADDING. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1SSL, PKCS\s0 #1 v2.0 +SSL, PKCS #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBRSA_size\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" Both of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_set_method.3.orig +++ secure/lib/libcrypto/man/man3/RSA_set_method.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,87 +53,28 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_SET_METHOD 3ossl" -.TH RSA_SET_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_SET_METHOD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method \- select RSA method -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -167,59 +92,59 @@ \& \& RSA *RSA_new_method(ENGINE *engine); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. -Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +Applications should instead use the OSSL_PROVIDER APIs. .PP -An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 +An \fBRSA_METHOD\fR specifies the functions that OpenSSL uses for RSA operations. By modifying the method, alternative implementations such as -hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1RSA API\s0 functions are affected by the -use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these RSA API functions are affected by the +use of \fBENGINE\fR API calls. .PP -Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +Initially, the default RSA_METHOD is the OpenSSL internal implementation, as returned by \fBRSA_PKCS1_OpenSSL()\fR. .PP -\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all RSA structures created later. -\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has -been set as a default for \s-1RSA,\s0 so this function is no longer recommended. -This function is not thread-safe and should not be called at the same time +\&\fBNB\fR: This is true only whilst no ENGINE has +been set as a default for RSA, so this function is no longer recommended. +This function is not thread\-safe and should not be called at the same time as other OpenSSL functions. .PP \&\fBRSA_get_default_method()\fR returns a pointer to the current default -\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on -whether the \s-1ENGINE API\s0 is being used, so this function is no longer +RSA_METHOD. However, the meaningfulness of this result is dependent on +whether the ENGINE API is being used, so this function is no longer recommended. .PP \&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key -\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the -previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will -be released during the change. It is possible to have \s-1RSA\s0 keys that only -work with certain \s-1RSA_METHOD\s0 implementations (e.g. from an \s-1ENGINE\s0 module -that supports embedded hardware-protected keys), and in such cases -attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +\&\fBrsa\fR. This will replace the RSA_METHOD used by the RSA key and if the +previous method was supplied by an ENGINE, the handle to that ENGINE will +be released during the change. It is possible to have RSA keys that only +work with certain RSA_METHOD implementations (e.g. from an ENGINE module +that supports embedded hardware\-protected keys), and in such cases +attempting to change the RSA_METHOD for the key can have unexpected results. .PP -\&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. -This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +\&\fBRSA_get_method()\fR returns a pointer to the RSA_METHOD being used by \fBrsa\fR. +This method may or may not be supplied by an ENGINE implementation, but if it is, the return value can only be guaranteed to be valid as long as the -\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +RSA key itself is valid and does not have its implementation changed by \&\fBRSA_set_method()\fR. .PP -\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current -\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR\*(Aqs current +RSA_METHOD. See the BUGS section. .PP -\&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that -\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the -default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, -the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used. +\&\fBRSA_new_method()\fR allocates and initializes an RSA structure so that +\&\fBengine\fR will be used for the RSA operations. If \fBengine\fR is NULL, the +default ENGINE for RSA operations is used, and if no default ENGINE is set, +the RSA_METHOD controlled by \fBRSA_set_default_method()\fR is used. .PP -\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR\*(Aqs current method. .PP -\&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that -\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +\&\fBRSA_new_method()\fR allocates and initializes an \fBRSA\fR structure so that +\&\fBmethod\fR will be used for the RSA operations. If \fBmethod\fR is \fBNULL\fR, the default method is used. .SH "THE RSA_METHOD STRUCTURE" .IX Header "THE RSA_METHOD STRUCTURE" @@ -287,42 +212,36 @@ .PP \&\fBRSA_set_default_method()\fR returns no value. .PP -\&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation -that was replaced. However, this return value should probably be ignored -because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated -at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a -result of the \fBRSA_set_method()\fR function releasing its handle to the -\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR -declaration in a future release. +\&\fBRSA_set_method()\fR returns 1 for success. It always succeeds. .PP -\&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +\&\fBRSA_new_method()\fR returns NULL and sets an error code that can be obtained by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now -to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the -encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key -itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key -(which is what this function returns). If the flags element of an \s-1RSA\s0 key -is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +The behaviour of \fBRSA_flags()\fR is a mis\-feature that is left as\-is for now +to avoid creating compatibility problems. RSA functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the RSA key +itself, not by the \fBflags\fR value in the RSA_METHOD attached to the RSA key +(which is what this function returns). If the flags element of an RSA key +is changed, the changes will be honoured by RSA functionality but will not be reflected in the return value of the \fBRSA_flags()\fR function \- in effect \&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does not currently exist). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRSA_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. .PP The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, -was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. -.SH "COPYRIGHT" +was replaced to always return NULL in OpenSSL 1.1.1. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_sign.3.orig +++ secure/lib/libcrypto/man/man3/RSA_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_SIGN 3ossl" -.TH RSA_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_sign, RSA_verify \- RSA signatures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -157,31 +82,31 @@ \& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, \& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_sign_init\fR\|(3), \fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). .PP \&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the -private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It +private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in RFC 3447. It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. -Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the +Note that PKCS #1 adds meta\-data, placing limits on the size of the key that can be used. -See \fBRSA_private_encrypt\fR\|(3) for lower-level +See \fBRSA_private_encrypt\fR\|(3) for lower\-level operations. .PP \&\fBtype\fR denotes the message digest algorithm that was used to generate \&\fBm\fR. If \fBtype\fR is \fBNID_md5_sha1\fR, -an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding +an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and no algorithm identifier) is created. .PP \&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes the message digest algorithm that was used to generate the signature. -\&\fBrsa\fR is the signer's public key. +\&\fBrsa\fR is the signer\*(Aqs public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_sign()\fR returns 1 on success and 0 for failure. @@ -190,20 +115,20 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1SSL, PKCS\s0 #1 v2.0 +SSL, PKCS #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBRSA_private_encrypt\fR\|(3), \&\fBRSA_public_decrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3.orig +++ secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_SIGN_ASN1_OCTET_STRING 3ossl" -.TH RSA_SIGN_ASN1_OCTET_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_SIGN_ASN1_OCTET_STRING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -159,13 +84,13 @@ \& unsigned int m_len, unsigned char *sigbuf, \& unsigned int siglen, RSA *rsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. -Applications should instead use \s-1EVP PKEY\s0 APIs. +Applications should instead use EVP PKEY APIs. .PP \&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size -\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 +\&\fBm_len\fR using the private key \fBrsa\fR represented in DER using PKCS #1 padding. It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of memory. @@ -174,12 +99,12 @@ .PP The random number generator must be seeded when calling \&\fBRSA_sign_ASN1_OCTET_STRING()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see \fBRAND\fR\|(7)), the operation will fail. .PP \&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR -of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string -\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's +of size \fBsiglen\fR is the DER representation of a given octet string +\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer\*(Aqs public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -188,7 +113,7 @@ otherwise. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "BUGS" +.SH BUGS .IX Header "BUGS" These functions serve no recognizable purpose. .SH "SEE ALSO" @@ -196,15 +121,15 @@ \&\fBERR_get_error\fR\|(3), \&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3), \&\fBRSA_verify\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/RSA_size.3.orig +++ secure/lib/libcrypto/man/man3/RSA_size.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA_SIZE 3ossl" -.TH RSA_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA_SIZE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,7 +74,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 @@ -157,18 +82,18 @@ \& \& int RSA_security_bits(const RSA *rsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBRSA_bits()\fR returns the number of significant bits. .PP -\&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. +\&\fBrsa\fR and \fBrsa\->n\fR must not be \fBNULL\fR. .PP The remaining functions described on this page are deprecated. Applications should instead use \fBEVP_PKEY_get_size\fR\|(3), \fBEVP_PKEY_get_bits\fR\|(3) and \fBEVP_PKEY_get_security_bits\fR\|(3). .PP -\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to -determine how much memory must be allocated for an \s-1RSA\s0 encrypted +\&\fBRSA_size()\fR returns the RSA modulus size in bytes. It can be used to +determine how much memory must be allocated for an RSA encrypted value. .PP \&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR @@ -183,16 +108,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_num_bits\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBRSA_size()\fR and \fBRSA_security_bits()\fR functions were deprecated in OpenSSL 3.0. .PP The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SCT_new.3.orig +++ secure/lib/libcrypto/man/man3/SCT_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SCT_NEW 3ossl" -.TH SCT_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SCT_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, @@ -149,7 +74,7 @@ SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source \&\- A Certificate Transparency Signed Certificate Timestamp -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -210,75 +135,81 @@ \& sct_source_t SCT_get_source(const SCT *sct); \& int SCT_set_source(SCT *sct, sct_source_t source); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Signed Certificate Timestamps (SCTs) are defined by \s-1RFC 6962,\s0 Section 3.2. -They constitute a promise by a Certificate Transparency (\s-1CT\s0) log to publicly +Signed Certificate Timestamps (SCTs) are defined by RFC 6962, Section 3.2. +They constitute a promise by a Certificate Transparency (CT) log to publicly record a certificate. By cryptographically verifying that a log did indeed issue -an \s-1SCT,\s0 some confidence can be gained that the certificate is publicly known. +an SCT, some confidence can be gained that the certificate is publicly known. .PP -An internal representation of an \s-1SCT\s0 can be created in one of two ways. -The first option is to create a blank \s-1SCT,\s0 using \fBSCT_new()\fR, and then populate +An internal representation of an SCT can be created in one of two ways. +The first option is to create a blank SCT, using \fBSCT_new()\fR, and then populate it using: -.IP "\(bu" 2 -\&\fBSCT_set_version()\fR to set the \s-1SCT\s0 version. +.IP \(bu 2 +\&\fBSCT_set_version()\fR to set the SCT version. .Sp -Only \s-1SCT_VERSION_V1\s0 is currently supported. -.IP "\(bu" 2 -\&\fBSCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: +Only SCT_VERSION_V1 is currently supported. +.IP \(bu 2 +\&\fBSCT_set_log_entry_type()\fR to set the type of certificate the SCT was issued for: .Sp -\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. -\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. -.IP "\(bu" 2 -\&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. +\&\fBCT_LOG_ENTRY_TYPE_X509\fR for a normal certificate. +\&\fBCT_LOG_ENTRY_TYPE_PRECERT\fR for a pre\-certificate. +.IP \(bu 2 +\&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the CT log that the SCT came from. .Sp The former takes ownership, whereas the latter makes a copy. -See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID. -.IP "\(bu" 2 -\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (time in milliseconds +See RFC 6962, Section 3.2 for the definition of LogID. +.IP \(bu 2 +\&\fBSCT_set_timestamp()\fR to set the time the SCT was issued (time in milliseconds since the Unix Epoch). -.IP "\(bu" 2 -\&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. -.IP "\(bu" 2 +.IP \(bu 2 +\&\fBSCT_set_signature_nid()\fR to set the NID of the signature. +.IP \(bu 2 \&\fBSCT_set0_signature()\fR or \fBSCT_set1_signature()\fR to set the raw signature value. .Sp The former takes ownership, whereas the latter makes a copy. -.IP "\(bu" 2 -\&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. +.IP \(bu 2 +\&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide SCT extensions. .Sp The former takes ownership, whereas the latter makes a copy. .PP -Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using +Alternatively, the SCT can be pre\-populated from the following data using \&\fBSCT_new_from_base64()\fR: -.IP "\(bu" 2 -The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). -.IP "\(bu" 2 -The LogID (see \s-1RFC 6962,\s0 Section 3.2), base64 encoded. -.IP "\(bu" 2 -The type of certificate the \s-1SCT\s0 was issued for: -\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. -\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. -.IP "\(bu" 2 -The time that the \s-1SCT\s0 was issued (time in milliseconds since the Unix Epoch). -.IP "\(bu" 2 -The \s-1SCT\s0 extensions, base64 encoded. -.IP "\(bu" 2 -The \s-1SCT\s0 signature, base64 encoded. +.IP \(bu 2 +The SCT version (only SCT_VERSION_V1 is currently supported). +.IP \(bu 2 +The LogID (see RFC 6962, Section 3.2), base64 encoded. +.IP \(bu 2 +The type of certificate the SCT was issued for: +\&\fBCT_LOG_ENTRY_TYPE_X509\fR for a normal certificate. +\&\fBCT_LOG_ENTRY_TYPE_PRECERT\fR for a pre\-certificate. +.IP \(bu 2 +The time that the SCT was issued (time in milliseconds since the Unix Epoch). +.IP \(bu 2 +The SCT extensions, base64 encoded. +.IP \(bu 2 +The SCT signature, base64 encoded. +.PP +\&\fBSCT_set_source()\fR can be used to record where the SCT was found +(TLS extension, X.509 certificate extension or OCSP response). This is not +required for verifying the SCT. +.PP +\&\fBSCT_free()\fR frees the specified SCT. +If the argument is NULL, nothing is done. .PP -\&\fBSCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found -(\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not -required for verifying the \s-1SCT.\s0 -.SH "NOTES" +\&\fBSCT_LIST_free()\fR frees the specified stack of SCTs. +If the argument is NULL, nothing is done. +.SH NOTES .IX Header "NOTES" Some of the setters return int, instead of void. These will all return 1 on success, 0 on failure. They will not make changes on failure. .PP -All of the setters will reset the validation status of the \s-1SCT\s0 to -\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fBSCT_validate\fR\|(3)). +All of the setters will reset the validation status of the SCT to +SCT_VALIDATION_STATUS_NOT_SET (see \fBSCT_validate\fR\|(3)). .PP \&\fBSCT_set_source()\fR will call \fBSCT_set_log_entry_type()\fR if the type of -certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. -For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- +certificate the SCT was issued for can be inferred from where the SCT was found. +For example, an SCT found in an X.509 extension must have been issued for a pre\- certificate. .PP \&\fBSCT_set_source()\fR will not refuse unknown values. @@ -289,10 +220,10 @@ \&\fBSCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. .PP \&\fBSCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a -valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if +valid SHA\-256 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if malloc fails. .PP -\&\fBSCT_set_signature_nid\fR returns 1 if the specified \s-1NID\s0 is supported, 0 otherwise. +\&\fBSCT_set_signature_nid\fR returns 1 if the specified NID is supported, 0 otherwise. .PP \&\fBSCT_set1_extensions\fR and \fBSCT_set1_signature\fR return 1 if the supplied buffer is copied successfully, 0 otherwise (i.e. if malloc fails). @@ -303,14 +234,14 @@ \&\fBct\fR\|(7), \&\fBSCT_validate\fR\|(3), \&\fBOBJ_nid2obj\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SCT_print.3.orig +++ secure/lib/libcrypto/man/man3/SCT_print.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SCT_PRINT 3ossl" -.TH SCT_PRINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SCT_PRINT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certificate Timestamps in a human\-readable way -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,38 +76,38 @@ \& const char *separator, const CTLOG_STORE *logs); \& const char *SCT_validation_status_string(const SCT *sct); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a \fB\s-1BIO\s0\fR in -a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a -similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. +\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (SCT) to a \fBBIO\fR in +a human\-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a +similar way. A separator can be specified to delimit each SCT in the output. .PP -The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR -is provided, it will be used to print the description of the \s-1CT\s0 log that issued -each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed -as the \s-1CTLOG_STORE\s0 parameter to disable this feature. +The output can be indented by a specified number of spaces. If a \fBCTLOG_STORE\fR +is provided, it will be used to print the description of the CT log that issued +each SCT (if that log is in the CTLOG_STORE). Alternatively, NULL can be passed +as the CTLOG_STORE parameter to disable this feature. .PP -\&\fBSCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as -a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR -beforehand in order to set the validation status of an \s-1SCT\s0 first. +\&\fBSCT_validation_status_string()\fR will return the validation status of an SCT as +a human\-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR +beforehand in order to set the validation status of an SCT first. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSCT_validation_status_string()\fR returns a NUL-terminated string representing -the validation status of an \fB\s-1SCT\s0\fR object. +\&\fBSCT_validation_status_string()\fR returns a NUL\-terminated string representing +the validation status of an \fBSCT\fR object. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), \&\fBbio\fR\|(7), \&\fBCTLOG_STORE_new\fR\|(3), \&\fBSCT_validate\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SCT_validate.3.orig +++ secure/lib/libcrypto/man/man3/SCT_validate.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SCT_VALIDATE 3ossl" -.TH SCT_VALIDATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SCT_VALIDATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Certificate Timestamps (SCTs) are valid -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,66 +84,66 @@ \& int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); \& sct_validation_status_t SCT_get_validation_status(const SCT *sct); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. +\&\fBSCT_validate()\fR will check that an SCT is valid and verify its signature. \&\fBSCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. -The result of the validation checks can be obtained by passing the \s-1SCT\s0 to +The result of the validation checks can be obtained by passing the SCT to \&\fBSCT_get_validation_status()\fR. .PP -A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: -.IP "\(bu" 2 -The certificate the \s-1SCT\s0 was issued for. +A CT_POLICY_EVAL_CTX must be provided that specifies: +.IP \(bu 2 +The certificate the SCT was issued for. .Sp Failure to provide the certificate will result in the validation status being -\&\s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 -.IP "\(bu" 2 +SCT_VALIDATION_STATUS_UNVERIFIED. +.IP \(bu 2 The issuer of that certificate. .Sp -This is only required if the \s-1SCT\s0 was issued for a pre-certificate -(see \s-1RFC 6962\s0). If it is required but not provided, the validation status will -be \s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 -.IP "\(bu" 2 -A \s-1CTLOG_STORE\s0 that contains the \s-1CT\s0 log that issued this \s-1SCT.\s0 +This is only required if the SCT was issued for a pre\-certificate +(see RFC 6962). If it is required but not provided, the validation status will +be SCT_VALIDATION_STATUS_UNVERIFIED. +.IP \(bu 2 +A CTLOG_STORE that contains the CT log that issued this SCT. .Sp -If the \s-1SCT\s0 was issued by a log that is not in this \s-1CTLOG_STORE,\s0 the validation -status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_LOG.\s0 +If the SCT was issued by a log that is not in this CTLOG_STORE, the validation +status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG. .PP -If the \s-1SCT\s0 is of an unsupported version (only v1 is currently supported), the -validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_VERSION.\s0 +If the SCT is of an unsupported version (only v1 is currently supported), the +validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION. .PP -If the \s-1SCT\s0's signature is incorrect, its timestamp is in the future (relative to -the time in \s-1CT_POLICY_EVAL_CTX\s0), or if it is otherwise invalid, the validation -status will be \s-1SCT_VALIDATION_STATUS_INVALID.\s0 +If the SCT\*(Aqs signature is incorrect, its timestamp is in the future (relative to +the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation +status will be SCT_VALIDATION_STATUS_INVALID. .PP -If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID.\s0 -.SH "NOTES" +If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID. +.SH NOTES .IX Header "NOTES" A return value of 0 from \fBSCT_LIST_validate()\fR should not be interpreted as a -failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence +failure. At a minimum, only one valid SCT may provide sufficient confidence that a certificate has been publicly logged. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the -\&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. +SCT fails validation, or 1 if the SCT passes validation. .PP \&\fBSCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 if any of SCTs fails validation, or 1 if they all pass validation. .PP -\&\fBSCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0 -If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the -returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET.\s0 +\&\fBSCT_get_validation_status()\fR returns the validation status of the SCT. +If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that SCT, the +returned value will be SCT_VALIDATION_STATUS_NOT_SET. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SHA256_Init.3.orig +++ secure/lib/libcrypto/man/man3/SHA256_Init.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SHA256_INIT 3ossl" -.TH SHA256_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SHA256_INIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final \- Secure Hash Algorithm -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,7 +81,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -180,70 +105,70 @@ \& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); \& int SHA512_Final(unsigned char *md, SHA512_CTX *c); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page -except for \s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR are deprecated. +except for \fBSHA1()\fR, \fBSHA224()\fR, \fBSHA256()\fR, \fBSHA384()\fR and \fBSHA512()\fR are deprecated. Applications should instead use \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) -and \fBEVP_DigestFinal_ex\fR\|(3), or the quick one-shot function \fBEVP_Q_digest\fR\|(3). -\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR, and \s-1\fBSHA256\s0()\fR +and \fBEVP_DigestFinal_ex\fR\|(3), or the quick one\-shot function \fBEVP_Q_digest\fR\|(3). +\&\fBSHA1()\fR, \fBSHA224()\fR, \fBSHA256()\fR, \fBSHA384()\fR, and \fBSHA256()\fR can continue to be used. They can also be replaced by, e.g., .PP .Vb 1 \& (EVP_Q_digest(d, n, md, NULL, NULL, "SHA256", NULL) ? md : NULL) .Ve .PP -\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a +SHA\-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. .PP -\&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR +\&\fBSHA1()\fR computes the SHA\-1 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest -is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. +SHA_DIGEST_LENGTH == 20 bytes of output). If \fBmd\fR is NULL, the digest +is placed in a static array. Note: setting \fBmd\fR to NULL is \fBnot thread safe\fR. .PP The following functions may be used if the message is not completely stored in memory: .PP -\&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +\&\fBSHA1_Init()\fR initializes a \fBSHA_CTX\fR structure. .PP \&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space -for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. +for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the \fBSHA_CTX\fR. .PP -The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the -same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA256\s0 use a -\&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. -The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used -(defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and -\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the -\&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if -\&\fBmd\fR is \s-1NULL.\s0 +The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the +same way as for the SHA1 functions. Note that SHA224 and SHA256 use a +\&\fBSHA256_CTX\fR object instead of \fBSHA_CTX\fR. SHA384 and SHA512 use \fBSHA512_CTX\fR. +The buffer \fBmd\fR must have space for the output from the SHA variant being used +(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and +SHA512_DIGEST_LENGTH). Also note that, as for the \fBSHA1()\fR function above, the +\&\fBSHA224()\fR, \fBSHA256()\fR, \fBSHA384()\fR and \fBSHA512()\fR functions are not thread safe if +\&\fBmd\fR is NULL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash +\&\fBSHA1()\fR, \fBSHA224()\fR, \fBSHA256()\fR, \fBSHA384()\fR and \fBSHA512()\fR return a pointer to the hash value. .PP -\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256, -SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. +\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent SHA224, SHA256, +SHA384 and SHA512 functions return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-4\s0 (Secure Hash +US Federal Information Processing Standard FIPS PUB 180\-4 (Secure Hash Standard), -\&\s-1ANSI X9.30\s0 +ANSI X9.30 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_Q_digest\fR\|(3), \&\fBEVP_DigestInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of these functions except SHA*() were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SMIME_read_ASN1.3.orig +++ secure/lib/libcrypto/man/man3/SMIME_read_ASN1.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SMIME_READ_ASN1 3ossl" -.TH SMIME_READ_ASN1 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SMIME_READ_ASN1 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SMIME_read_ASN1_ex, SMIME_read_ASN1 \&\- parse S/MIME message -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,49 +76,49 @@ \& OSSL_LIB_CTX *libctx, const char *propq); \& ASN1_VALUE *SMIME_read_ASN1(BIO *in, BIO **bcont, const ASN1_ITEM *it); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSMIME_read_ASN1_ex()\fR parses a message in S/MIME format. .PP -\&\fIin\fR is a \s-1BIO\s0 to read the message from. -If the \fIflags\fR argument contains \fB\s-1CMS_BINARY\s0\fR then the input is assumed to be +\&\fIin\fR is a BIO to read the message from. +If the \fIflags\fR argument contains \fBCMS_BINARY\fR then the input is assumed to be in binary format and is not translated to canonical form. -If in addition \fB\s-1SMIME_ASCIICRLF\s0\fR is set then the binary input is assumed -to be followed by \fB\s-1CR\s0\fR and \fB\s-1LF\s0\fR characters, else only by an \fB\s-1LF\s0\fR character. +If in addition \fBSMIME_ASCIICRLF\fR is set then the binary input is assumed +to be followed by \fBCR\fR and \fBLF\fR characters, else only by an \fBLF\fR character. \&\fIx\fR can be used to optionally supply -a previously created \fIit\fR \s-1ASN1_VALUE\s0 object (such as CMS_ContentInfo or \s-1PKCS7\s0), -it can be set to \s-1NULL.\s0 Valid values that can be used by \s-1ASN.1\s0 structure \fIit\fR -are ASN1_ITEM_rptr(\s-1PKCS7\s0) or ASN1_ITEM_rptr(CMS_ContentInfo). Any algorithm -fetches that occur during the operation will use the \fB\s-1OSSL_LIB_CTX\s0\fR supplied in +a previously created \fIit\fR ASN1_VALUE object (such as CMS_ContentInfo or PKCS7), +it can be set to NULL. Valid values that can be used by ASN.1 structure \fIit\fR +are ASN1_ITEM_rptr(PKCS7) or ASN1_ITEM_rptr(CMS_ContentInfo). Any algorithm +fetches that occur during the operation will use the \fBOSSL_LIB_CTX\fR supplied in the \fIlibctx\fR parameter, and use the property query string \fIpropq\fR See -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further details about algorithm fetching. +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further details about algorithm fetching. .PP If cleartext signing is used then the content is saved in a memory bio which is -written to \fI*bcont\fR, otherwise \fI*bcont\fR is set to \s-1NULL.\s0 +written to \fI*bcont\fR, otherwise \fI*bcont\fR is set to NULL. .PP -The parsed \s-1ASN1_VALUE\s0 structure is returned or \s-1NULL\s0 if an error occurred. +The parsed ASN1_VALUE structure is returned or NULL if an error occurred. .PP \&\fBSMIME_read_ASN1()\fR is similar to \fBSMIME_read_ASN1_ex()\fR but sets the value of \fIx\fR -to \s-1NULL\s0 and the value of \fIflags\fR to 0. -.SH "NOTES" +to NULL and the value of \fIflags\fR to 0. +.SH NOTES .IX Header "NOTES" The higher level functions \fBSMIME_read_CMS_ex\fR\|(3) and \&\fBSMIME_read_PKCS7_ex\fR\|(3) should be used instead of \fBSMIME_read_ASN1_ex()\fR. .PP -To support future functionality if \fIbcont\fR is not \s-1NULL\s0 \fI*bcont\fR should be -initialized to \s-1NULL.\s0 -.SH "BUGS" +To support future functionality if \fIbcont\fR is not NULL \fI*bcont\fR should be +initialized to NULL. +.SH BUGS .IX Header "BUGS" -The \s-1MIME\s0 parser used by \fBSMIME_read_ASN1_ex()\fR is somewhat primitive. While it will +The MIME parser used by \fBSMIME_read_ASN1_ex()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP -The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +The use of a memory BIO to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSMIME_read_ASN1_ex()\fR and \fBSMIME_read_ASN1()\fR return a valid \fB\s-1ASN1_VALUE\s0\fR -structure or \fB\s-1NULL\s0\fR if an error occurred. The error can be obtained from +\&\fBSMIME_read_ASN1_ex()\fR and \fBSMIME_read_ASN1()\fR return a valid \fBASN1_VALUE\fR +structure or \fBNULL\fR if an error occurred. The error can be obtained from \&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -202,14 +127,14 @@ \&\fBSMIME_read_PKCS7_ex\fR\|(3), \&\fBSMIME_write_ASN1\fR\|(3), \&\fBSMIME_write_ASN1_ex\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBSMIME_read_ASN1_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SMIME_read_CMS.3.orig +++ secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SMIME_READ_CMS 3ossl" -.TH SMIME_READ_CMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SMIME_READ_CMS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SMIME_read_CMS_ex, SMIME_read_CMS \- parse S/MIME message -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,36 +74,36 @@ \& CMS_ContentInfo **cms); \& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSMIME_read_CMS()\fR parses a message in S/MIME format. .PP -\&\fBin\fR is a \s-1BIO\s0 to read the message from. +\&\fBin\fR is a BIO to read the message from. .PP If cleartext signing is used then the content is saved in a memory bio which is -written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0 +written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to NULL. .PP -The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an +The parsed CMS_ContentInfo structure is returned or NULL if an error occurred. .PP \&\fBSMIME_read_CMS_ex()\fR is similar to \fBSMIME_read_CMS()\fR but optionally a previously created \fIcms\fR CMS_ContentInfo object can be supplied as well as some \fIflags\fR. To create a \fIcms\fR object use \fBCMS_ContentInfo_new_ex\fR\|(3). -If the \fIflags\fR argument contains \fB\s-1CMS_BINARY\s0\fR then the input is assumed to be +If the \fIflags\fR argument contains \fBCMS_BINARY\fR then the input is assumed to be in binary format and is not translated to canonical form. -If in addition \fB\s-1SMIME_ASCIICRLF\s0\fR is set then the binary input is assumed -to be followed by \fB\s-1CR\s0\fR and \fB\s-1LF\s0\fR characters, else only by an \fB\s-1LF\s0\fR character. -If \fIflags\fR is 0 and \fIcms\fR is \s-1NULL\s0 then it is identical to \fBSMIME_read_CMS()\fR. -.SH "NOTES" +If in addition \fBSMIME_ASCIICRLF\fR is set then the binary input is assumed +to be followed by \fBCR\fR and \fBLF\fR characters, else only by an \fBLF\fR character. +If \fIflags\fR is 0 and \fIcms\fR is NULL then it is identical to \fBSMIME_read_CMS()\fR. +.SH NOTES .IX Header "NOTES" -If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can -then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. +If \fB*bcont\fR is not NULL then the message is clear text signed. \fB*bcont\fR can +then be passed to \fBCMS_verify()\fR with the \fBCMS_DETACHED\fR flag set. .PP Otherwise the type of the returned structure can be determined using \fBCMS_get0_type()\fR. .PP -To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be -initialized to \s-1NULL.\s0 For example: +To support future functionality if \fBbcont\fR is not NULL \fB*bcont\fR should be +initialized to NULL. For example: .PP .Vb 2 \& BIO *cont = NULL; @@ -186,22 +111,22 @@ \& \& cms = SMIME_read_CMS(in, &cont); .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will +The MIME parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP The parser assumes that the CMS_ContentInfo structure is always base64 encoded and will not handle the case where it is in binary format or uses quoted printable format. .PP -The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +The use of a memory BIO to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSMIME_read_CMS_ex()\fR and \fBSMIME_read_CMS()\fR return a valid \fBCMS_ContentInfo\fR -structure or \fB\s-1NULL\s0\fR if an error occurred. The error can be obtained from +structure or \fBNULL\fR if an error occurred. The error can be obtained from \&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -210,14 +135,14 @@ \&\fBCMS_verify\fR\|(3), \&\fBCMS_encrypt\fR\|(3), \&\fBCMS_decrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBSMIME_read_CMS_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3.orig +++ secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SMIME_READ_PKCS7 3ossl" -.TH SMIME_READ_PKCS7 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SMIME_READ_PKCS7 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SMIME_read_PKCS7_ex, SMIME_read_PKCS7 \- parse S/MIME message -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,34 +73,34 @@ \& PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7); \& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format. .PP -\&\fBin\fR is a \s-1BIO\s0 to read the message from. +\&\fBin\fR is a BIO to read the message from. .PP If cleartext signing is used then the content is saved in a memory bio which is written to \fB*bcont\fR, otherwise -\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +\&\fB*bcont\fR is set to \fBNULL\fR. .PP -The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +The parsed PKCS#7 structure is returned or \fBNULL\fR if an error occurred. .PP \&\fBSMIME_read_PKCS7_ex()\fR is similar to \fBSMIME_read_PKCS7()\fR but can optionally supply -a previously created \fIp7\fR PKCS#7 object. If \fIp7\fR is \s-1NULL\s0 then it is identical +a previously created \fIp7\fR PKCS#7 object. If \fIp7\fR is NULL then it is identical to \fBSMIME_read_PKCS7()\fR. To create a \fIp7\fR object use \fBPKCS7_new_ex\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +If \fB*bcont\fR is not \fBNULL\fR then the message is clear text signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with -the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +the \fBPKCS7_DETACHED\fR flag set. .PP Otherwise the type of the returned structure can be determined using \fBPKCS7_type_is_enveloped()\fR, etc. .PP -To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR -\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +To support future functionality if \fBbcont\fR is not \fBNULL\fR +\&\fB*bcont\fR should be initialized to \fBNULL\fR. For example: .PP .Vb 2 \& BIO *cont = NULL; @@ -183,37 +108,37 @@ \& \& p7 = SMIME_read_PKCS7(in, &cont); .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. +The MIME parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP -The parser assumes that the \s-1PKCS7\s0 structure is always base64 +The parser assumes that the PKCS7 structure is always base64 encoded and will not handle the case where it is in binary format or uses quoted printable format. .PP -The use of a memory \s-1BIO\s0 to hold the signed content limits the size +The use of a memory BIO to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSMIME_read_PKCS7_ex()\fR and \fBSMIME_read_PKCS7()\fR return a valid \fB\s-1PKCS7\s0\fR structure -or \fB\s-1NULL\s0\fR if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBSMIME_read_PKCS7_ex()\fR and \fBSMIME_read_PKCS7()\fR return a valid \fBPKCS7\fR structure +or \fBNULL\fR if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), \&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) \&\fBPKCS7_decrypt\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBSMIME_read_PKCS7_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SMIME_write_ASN1.3.orig +++ secure/lib/libcrypto/man/man3/SMIME_write_ASN1.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SMIME_WRITE_ASN1 3ossl" -.TH SMIME_WRITE_ASN1 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SMIME_WRITE_ASN1 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SMIME_write_ASN1_ex, SMIME_write_ASN1 \&\- convert structure to S/MIME format -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,45 +80,45 @@ \& ASN1_VALUE *val, BIO *data, int flags, int ctype_nid, int econt_nid, \& STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSMIME_write_ASN1_ex()\fR adds the appropriate \s-1MIME\s0 headers to an object +\&\fBSMIME_write_ASN1_ex()\fR adds the appropriate MIME headers to an object structure to produce an S/MIME message. .PP -\&\fIout\fR is the \s-1BIO\s0 to write the data to. \fIvalue\fR is the appropriate \s-1ASN1_VALUE\s0 -structure (either CMS_ContentInfo or \s-1PKCS7\s0). If streaming is enabled then the +\&\fIout\fR is the BIO to write the data to. \fIvalue\fR is the appropriate ASN1_VALUE +structure (either CMS_ContentInfo or PKCS7). If streaming is enabled then the content must be supplied via \fIdata\fR. -\&\fIflags\fR is an optional set of flags. \fIctype_nid\fR is the \s-1NID\s0 of the content -type, \fIecont_nid\fR is the \s-1NID\s0 of the embedded content type and \fImdalgs\fR is a +\&\fIflags\fR is an optional set of flags. \fIctype_nid\fR is the NID of the content +type, \fIecont_nid\fR is the NID of the embedded content type and \fImdalgs\fR is a list of signed data digestAlgorithms. Valid values that can be used by the -\&\s-1ASN.1\s0 structure \fIit\fR are ASN1_ITEM_rptr(\s-1PKCS7\s0) or ASN1_ITEM_rptr(CMS_ContentInfo). +ASN.1 structure \fIit\fR are ASN1_ITEM_rptr(PKCS7) or ASN1_ITEM_rptr(CMS_ContentInfo). The library context \fIlibctx\fR and the property query \fIpropq\fR are used when retrieving algorithms from providers. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The higher level functions \fBSMIME_write_CMS\fR\|(3) and \&\fBSMIME_write_PKCS7\fR\|(3) should be used instead of \fBSMIME_write_ASN1()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only -makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when the \fBsign()\fR +If \fBCMS_DETACHED\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fBCMS_DETACHED\fR is also set when the \fBsign()\fR method is called. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to -the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. +If the \fBCMS_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fBCMS_DETACHED\fR is also set. .PP -If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only -be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo -or \s-1PKCS7\s0 creation function. +If the \fBCMS_STREAM\fR flag is set streaming is performed. This flag should only +be set if \fBCMS_STREAM\fR was also set in the previous call to a CMS_ContentInfo +or PKCS7 creation function. .PP -If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +If cleartext signing is being used and \fBCMS_STREAM\fR not set then the data must be read twice: once to compute the signature in sign method and once to output the S/MIME message. .PP -If streaming is performed the content is output in \s-1BER\s0 format using indefinite +If streaming is performed the content is output in BER format using indefinite length constructed encoding except in the case of signed data with detached -content where the content is absent and \s-1DER\s0 format is used. +content where the content is absent and DER format is used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSMIME_write_ASN1_ex()\fR and \fBSMIME_write_ASN1()\fR return 1 for success or @@ -203,11 +128,11 @@ \&\fBERR_get_error\fR\|(3), \&\fBSMIME_write_CMS\fR\|(3), \&\fBSMIME_write_PKCS7\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SMIME_write_CMS.3.orig +++ secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,117 +53,58 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SMIME_WRITE_CMS 3ossl" -.TH SMIME_WRITE_CMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SMIME_WRITE_CMS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SMIME_write_CMS \- convert CMS structure to S/MIME format -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 +\&\fBSMIME_write_CMS()\fR adds the appropriate MIME headers to a CMS structure to produce an S/MIME message. .PP -\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate +\&\fBout\fR is the BIO to write the data to. \fBcms\fR is the appropriate \&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The following flags can be passed in the \fBflags\fR parameter. .PP -If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only -makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is +If \fBCMS_DETACHED\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fBCMS_DETACHED\fR is also set when \fBCMS_sign()\fR is called. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to -the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. +If the \fBCMS_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fBCMS_DETACHED\fR is also set. .PP -If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only -be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo +If the \fBCMS_STREAM\fR flag is set streaming is performed. This flag should only +be set if \fBCMS_STREAM\fR was also set in the previous call to a CMS_ContentInfo creation function. .PP -If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +If cleartext signing is being used and \fBCMS_STREAM\fR not set then the data must be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output the S/MIME message. .PP -If streaming is performed the content is output in \s-1BER\s0 format using indefinite +If streaming is performed the content is output in BER format using indefinite length constructed encoding except in the case of signed data with detached -content where the content is absent and \s-1DER\s0 format is used. -.SH "BUGS" +content where the content is absent and DER format is used. +.SH BUGS .IX Header "BUGS" -\&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +\&\fBSMIME_write_CMS()\fR always base64 encodes CMS structures, there should be an option to disable this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -189,11 +114,11 @@ \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) \&\fBCMS_decrypt\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3.orig +++ secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,116 +53,57 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SMIME_WRITE_PKCS7 3ossl" -.TH SMIME_WRITE_PKCS7 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SMIME_WRITE_PKCS7 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +\&\fBSMIME_write_PKCS7()\fR adds the appropriate MIME headers to a PKCS#7 structure to produce an S/MIME message. .PP -\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR +\&\fBout\fR is the BIO to write the data to. \fBp7\fR is the appropriate \fBPKCS7\fR structure. If streaming is enabled then the content must be supplied in the \&\fBdata\fR argument. \fBflags\fR is an optional set of flags. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The following flags can be passed in the \fBflags\fR parameter. .PP -If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, -this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +If \fBPKCS7_DETACHED\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fBPKCS7_DETACHED\fR is also set when \fBPKCS7_sign()\fR is also called. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR -are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +If the \fBPKCS7_TEXT\fR flag is set MIME headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fBPKCS7_DETACHED\fR is also set. .PP -If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should -only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to +If the \fBPKCS7_STREAM\fR flag is set streaming is performed. This flag should +only be set if \fBPKCS7_STREAM\fR was also set in the previous call to \&\fBPKCS7_sign()\fR or \fBPKCS7_encrypt()\fR. .PP -If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then +If cleartext signing is being used and \fBPKCS7_STREAM\fR not set then the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR and once to output the S/MIME message. .PP -If streaming is performed the content is output in \s-1BER\s0 format using indefinite +If streaming is performed the content is output in BER format using indefinite length constructed encoding except in the case of signed data with detached -content where the content is absent and \s-1DER\s0 format is used. -.SH "BUGS" +content where the content is absent and DER format is used. +.SH BUGS .IX Header "BUGS" \&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there should be an option to disable this. @@ -190,11 +115,11 @@ \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), \&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) \&\fBPKCS7_decrypt\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SRP_Calc_B.3.orig +++ secure/lib/libcrypto/man/man3/SRP_Calc_B.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SRP_CALC_B 3ossl" -.TH SRP_CALC_B 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SRP_CALC_B 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SRP_Calc_server_key, SRP_Calc_A, SRP_Calc_B_ex, @@ -150,14 +75,14 @@ SRP_Calc_client_key_ex, SRP_Calc_client_key \&\- SRP authentication primitives -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 7 @@ -184,38 +109,38 @@ \& BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); \& BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. There are no available replacement functions at this time. .PP -The \s-1SRP\s0 functions described on this page are used to calculate various -parameters and keys used by \s-1SRP\s0 as defined in \s-1RFC2945.\s0 The server key and \fIB\fR +The SRP functions described on this page are used to calculate various +parameters and keys used by SRP as defined in RFC2945. The server key and \fIB\fR and \fIu\fR parameters are used on the server side and are calculated via \&\fBSRP_Calc_server_key()\fR, \fBSRP_Calc_B_ex()\fR, \fBSRP_Calc_B()\fR, \fBSRP_Calc_u_ex()\fR and \&\fBSRP_Calc_u()\fR. The client key and \fBx\fR and \fBA\fR parameters are used on the client side and are calculated via the functions \fBSRP_Calc_client_key_ex()\fR, \&\fBSRP_Calc_client_key()\fR, \fBSRP_Calc_x_ex()\fR, \fBSRP_Calc_x()\fR and \fBSRP_Calc_A()\fR. See -\&\s-1RFC2945\s0 for a detailed description of their usage and the meaning of the various -\&\s-1BIGNUM\s0 parameters to these functions. +RFC2945 for a detailed description of their usage and the meaning of the various +BIGNUM parameters to these functions. .PP Most of these functions come in two forms. Those that take a \fIlibctx\fR and -\&\fIpropq\fR parameter, and those that don't. Any cryptogrpahic functions that +\&\fIpropq\fR parameter, and those that don\*(Aqt. Any cryptogrpahic functions that are fetched and used during the calculation use the provided \fIlibctx\fR and -\&\fIpropq\fR. See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more details. The variants +\&\fIpropq\fR. See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for more details. The variants that do not take a \fIlibctx\fR and \fIpropq\fR parameter use the default library context and property query string. The \fBSRP_Calc_server_key()\fR and \fBSRP_Calc_A()\fR functions do not have a form that takes \fIlibctx\fR or \fIpropq\fR parameters because they do not need to fetch any cryptographic algorithms. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -All these functions return the calculated key or parameter, or \s-1NULL\s0 on error. +All these functions return the calculated key or parameter, or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-srp\fR\|(1), \&\fBSRP_VBASE_new\fR\|(3), \&\fBSRP_user_pwd_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" SRP_Calc_B_ex, SRP_Calc_u_ex, SRP_Calc_client_key_ex and SRP_Calc_x_ex were introduced in OpenSSL 3.0. @@ -223,11 +148,11 @@ All of the other functions were added in OpenSSL 1.0.1. .PP All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SRP_VBASE_new.3.orig +++ secure/lib/libcrypto/man/man3/SRP_VBASE_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SRP_VBASE_NEW 3ossl" -.TH SRP_VBASE_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SRP_VBASE_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SRP_VBASE_new, SRP_VBASE_free, SRP_VBASE_init, @@ -146,14 +71,14 @@ SRP_VBASE_get1_by_user, SRP_VBASE_get_by_user \&\- Functions to create and manage a stack of SRP user verifier information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -166,29 +91,29 @@ \& SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); \& SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. There are no available replacement functions at this time. .PP -The \fBSRP_VBASE_new()\fR function allocates a structure to store server side \s-1SRP\s0 +The \fBSRP_VBASE_new()\fR function allocates a structure to store server side SRP verifier information. -If \fBseed_key\fR is not \s-1NULL\s0 a copy is stored and used to generate dummy parameters +If \fBseed_key\fR is not NULL a copy is stored and used to generate dummy parameters for users that are not found by \fBSRP_VBASE_get1_by_user()\fR. This allows the server -to hide the fact that it doesn't have a verifier for a particular username, -as described in section 2.5.1.3 'Unknown \s-1SRP\s0' of \s-1RFC 5054.\s0 -The seed string should contain random \s-1NUL\s0 terminated binary data (therefore -the random data should not contain \s-1NUL\s0 bytes!). +to hide the fact that it doesn\*(Aqt have a verifier for a particular username, +as described in section 2.5.1.3 \*(AqUnknown SRP\*(Aq of RFC 5054. +The seed string should contain random NUL terminated binary data (therefore +the random data should not contain NUL bytes!). .PP The \fBSRP_VBASE_free()\fR function frees up the \fBvb\fR structure. -If \fBvb\fR is \s-1NULL,\s0 nothing is done. +If \fBvb\fR is NULL, nothing is done. .PP The \fBSRP_VBASE_init()\fR function parses the information in a verifier file and populates the \fBvb\fR structure. The verifier file is a text file containing multiple entries, whose format is: flag base64(verifier) base64(salt) username gNid userinfo(optional) -where the flag can be 'V' (valid) or 'R' (revoked). -Note that the base64 encoding used here is non-standard so it is recommended +where the flag can be \*(AqV\*(Aq (valid) or \*(AqR\*(Aq (revoked). +Note that the base64 encoding used here is non\-standard so it is recommended to use \fBopenssl\-srp\fR\|(1) to generate this file. .PP The \fBSRP_VBASE_add0_user()\fR function adds the \fBuser_pwd\fR verifier information @@ -201,20 +126,20 @@ \&\fBSRP_VBASE_get_by_user()\fR. If no matching user is found but a seed_key and default gN parameters have been set, dummy authentication information is generated from the seed_key, allowing -the server to hide the fact that it doesn't have a verifier for a particular -username. When using \s-1SRP\s0 as a \s-1TLS\s0 authentication mechanism, this will cause +the server to hide the fact that it doesn\*(Aqt have a verifier for a particular +username. When using SRP as a TLS authentication mechanism, this will cause the handshake to proceed normally but the first client will be rejected with -a \*(L"bad_record_mac\*(R" alert, as if the password was incorrect. -If no matching user is found and the seed_key is not set, \s-1NULL\s0 is returned. +a "bad_record_mac" alert, as if the password was incorrect. +If no matching user is found and the seed_key is not set, NULL is returned. Ownership of the returned pointer is released to the caller, it must be freed with \fBSRP_user_pwd_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSRP_VBASE_init()\fR returns \fB\s-1SRP_NO_ERROR\s0\fR (0) on success and a positive value +\&\fBSRP_VBASE_init()\fR returns \fBSRP_NO_ERROR\fR (0) on success and a positive value on failure. -The error codes are \fB\s-1SRP_ERR_OPEN_FILE\s0\fR if the file could not be opened, -\&\fB\s-1SRP_ERR_VBASE_INCOMPLETE_FILE\s0\fR if the file could not be parsed, -\&\fB\s-1SRP_ERR_MEMORY\s0\fR on memory allocation failure and \fB\s-1SRP_ERR_VBASE_BN_LIB\s0\fR +The error codes are \fBSRP_ERR_OPEN_FILE\fR if the file could not be opened, +\&\fBSRP_ERR_VBASE_INCOMPLETE_FILE\fR if the file could not be parsed, +\&\fBSRP_ERR_MEMORY\fR on memory allocation failure and \fBSRP_ERR_VBASE_BN_LIB\fR for invalid decoded parameter values. .PP \&\fBSRP_VBASE_add0_user()\fR returns 1 on success and 0 on failure. @@ -224,18 +149,18 @@ \&\fBSRP_create_verifier\fR\|(3), \&\fBSRP_user_pwd_new\fR\|(3), \&\fBSSL_CTX_set_srp_password\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSRP_VBASE_add0_user()\fR function was added in OpenSSL 3.0. .PP All other functions were added in OpenSSL 1.0.1. .PP All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SRP_create_verifier.3.orig +++ secure/lib/libcrypto/man/man3/SRP_create_verifier.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SRP_CREATE_VERIFIER 3ossl" -.TH SRP_CREATE_VERIFIER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SRP_CREATE_VERIFIER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SRP_create_verifier_ex, SRP_create_verifier, SRP_create_verifier_BN_ex, @@ -146,14 +71,14 @@ SRP_check_known_gN_param, SRP_get_default_gN \&\- SRP authentication primitives -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 11 @@ -172,60 +97,60 @@ \& char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); \& SRP_gN *SRP_get_default_gN(const char *id); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. There are no available replacement functions at this time. .PP -The \fBSRP_create_verifier_BN_ex()\fR function creates an \s-1SRP\s0 password verifier from -the supplied parameters as defined in section 2.4 of \s-1RFC 5054\s0 using the library +The \fBSRP_create_verifier_BN_ex()\fR function creates an SRP password verifier from +the supplied parameters as defined in section 2.4 of RFC 5054 using the library context \fIlibctx\fR and property query string \fIpropq\fR. Any cryptographic algorithms that need to be fetched will use the \fIlibctx\fR and \fIpropq\fR. See -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7). +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7). .PP \&\fBSRP_create_verifier_BN()\fR is the same as \fBSRP_create_verifier_BN_ex()\fR except the default library context and property query string is used. .PP -On successful exit \fI*verifier\fR will point to a newly allocated \s-1BIGNUM\s0 containing +On successful exit \fI*verifier\fR will point to a newly allocated BIGNUM containing the verifier and (if a salt was not provided) \fI*salt\fR will be populated with a -newly allocated \s-1BIGNUM\s0 containing a random salt. If \fI*salt\fR is not \s-1NULL\s0 then +newly allocated BIGNUM containing a random salt. If \fI*salt\fR is not NULL then the provided salt is used instead. The caller is responsible for freeing the allocated \fI*salt\fR and \fI*verifier\fR -\&\s-1BIGNUMS\s0 (use \fBBN_free\fR\|(3)). +BIGNUMS (use \fBBN_free\fR\|(3)). .PP The \fBSRP_create_verifier()\fR function is similar to \fBSRP_create_verifier_BN()\fR but -all numeric parameters are in a non-standard base64 encoding originally designed +all numeric parameters are in a non\-standard base64 encoding originally designed for compatibility with libsrp. This is mainly present for historical compatibility and its use is discouraged. -It is possible to pass \s-1NULL\s0 as \fIN\fR and an \s-1SRP\s0 group id as \fIg\fR instead to +It is possible to pass NULL as \fIN\fR and an SRP group id as \fIg\fR instead to load the appropriate gN values (see \fBSRP_get_default_gN()\fR). -If both \fIN\fR and \fIg\fR are \s-1NULL\s0 the 8192\-bit \s-1SRP\s0 group parameters are used. +If both \fIN\fR and \fIg\fR are NULL the 8192\-bit SRP group parameters are used. The caller is responsible for freeing the allocated \fI*salt\fR and \fI*verifier\fR (use \fBOPENSSL_free\fR\|(3)). .PP The \fBSRP_check_known_gN_param()\fR function checks that \fIg\fR and \fIN\fR are valid -\&\s-1SRP\s0 group parameters from \s-1RFC 5054\s0 appendix A. +SRP group parameters from RFC 5054 appendix A. .PP -The \fBSRP_get_default_gN()\fR function returns the gN parameters for the \s-1RFC 5054\s0 \fIid\fR -\&\s-1SRP\s0 group size. -The known ids are \*(L"1024\*(R", \*(L"1536\*(R", \*(L"2048\*(R", \*(L"3072\*(R", \*(L"4096\*(R", \*(L"6144\*(R" and \*(L"8192\*(R". +The \fBSRP_get_default_gN()\fR function returns the gN parameters for the RFC 5054 \fIid\fR +SRP group size. +The known ids are "1024", "1536", "2048", "3072", "4096", "6144" and "8192". .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSRP_create_verifier_BN_ex()\fR and \fBSRP_create_verifier_BN()\fR return 1 on success and 0 on failure. .PP -\&\fBSRP_create_verifier_ex()\fR and \fBSRP_create_verifier()\fR return \s-1NULL\s0 on failure and a -non-NULL value on success: -\&\*(L"*\*(R" if \fIN\fR is not \s-1NULL,\s0 the selected group id otherwise. This value should +\&\fBSRP_create_verifier_ex()\fR and \fBSRP_create_verifier()\fR return NULL on failure and a +non\-NULL value on success: +"*" if \fIN\fR is not NULL, the selected group id otherwise. This value should not be freed. .PP \&\fBSRP_check_known_gN_param()\fR returns the text representation of the group id -(i.e. the prime bit size) or \s-1NULL\s0 if the arguments are not valid \s-1SRP\s0 group parameters. +(i.e. the prime bit size) or NULL if the arguments are not valid SRP group parameters. This value should not be freed. .PP -\&\fBSRP_get_default_gN()\fR returns \s-1NULL\s0 if \fIid\fR is not a valid group size, -or the 8192\-bit group parameters if \fIid\fR is \s-1NULL.\s0 -.SH "EXAMPLES" +\&\fBSRP_get_default_gN()\fR returns NULL if \fIid\fR is not a valid group size, +or the 8192\-bit group parameters if \fIid\fR is NULL. +.SH EXAMPLES .IX Header "EXAMPLES" Generate and store a 8192 bit password verifier (error handling omitted for clarity): @@ -257,17 +182,17 @@ \&\fBopenssl\-srp\fR\|(1), \&\fBSRP_VBASE_new\fR\|(3), \&\fBSRP_user_pwd_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSRP_create_verifier_BN_ex()\fR and \fBSRP_create_verifier_ex()\fR were introduced in OpenSSL 3.0. All other functions were added in OpenSSL 1.0.1. .PP All of these functions were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SRP_user_pwd_new.3.orig +++ secure/lib/libcrypto/man/man3/SRP_user_pwd_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SRP_USER_PWD_NEW 3ossl" -.TH SRP_USER_PWD_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SRP_USER_PWD_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SRP_user_pwd_new, SRP_user_pwd_free, SRP_user_pwd_set1_ids, SRP_user_pwd_set_gN, SRP_user_pwd_set0_sv \&\- Functions to create a record of SRP user verifier information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 @@ -163,7 +88,7 @@ \& void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N); \& int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. There are no available replacement functions at this time. @@ -172,7 +97,7 @@ record. .PP The \fBSRP_user_pwd_free()\fR function frees up the \fBuser_pwd\fR structure. -If \fBuser_pwd\fR is \s-1NULL,\s0 nothing is done. +If \fBuser_pwd\fR is NULL, nothing is done. .PP The \fBSRP_user_pwd_set1_ids()\fR function sets the username to \fBid\fR and the optional user info to \fBinfo\fR for \fBuser_pwd\fR. @@ -183,28 +108,28 @@ to \fBv\fR for \fBuser_pwd\fR. The library takes ownership of the values, they should not be freed by the caller. .PP -The \fBSRP_user_pwd_set_gN()\fR function sets the \s-1SRP\s0 group parameters for \fBuser_pwd\fR. +The \fBSRP_user_pwd_set_gN()\fR function sets the SRP group parameters for \fBuser_pwd\fR. The memory is not freed by \fBSRP_user_pwd_free()\fR, the caller must make sure it is freed once it is no longer used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSRP_user_pwd_set1_ids()\fR returns 1 on success and 0 on failure or if \fBid\fR was \s-1NULL.\s0 +\&\fBSRP_user_pwd_set1_ids()\fR returns 1 on success and 0 on failure or if \fBid\fR was NULL. .PP -\&\fBSRP_user_pwd_set0_sv()\fR returns 1 if both \fBs\fR and \fBv\fR are not \s-1NULL, 0\s0 otherwise. +\&\fBSRP_user_pwd_set0_sv()\fR returns 1 if both \fBs\fR and \fBv\fR are not NULL, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-srp\fR\|(1), \&\fBSRP_create_verifier\fR\|(3), \&\fBSRP_VBASE_new\fR\|(3), \&\fBSSL_CTX_set_srp_password\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were made public in OpenSSL 3.0 and are deprecated. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CIPHER_GET_NAME 3ossl" -.TH SSL_CIPHER_GET_NAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CIPHER_GET_NAME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, @@ -155,7 +80,7 @@ SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id \&\- get SSL_CIPHER properties -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -174,44 +99,44 @@ \& int SSL_CIPHER_is_aead(const SSL_CIPHER *c); \& const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); \& uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); -\& uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +\& uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the -\&\fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". +\&\fBcipher\fR is NULL, it returns "(NONE)". .PP -\&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of -\&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR -has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both -SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name. +\&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard RFC name of +\&\fBcipher\fR. If the \fBcipher\fR is NULL, it returns "(NONE)". If the \fBcipher\fR +has no standard name, it returns \fBNULL\fR. If \fBcipher\fR was defined in both +SSLv3 and TLS, it returns the TLS name. .PP \&\fBOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. -If the \fBstdname\fR is \s-1NULL,\s0 or \fBstdname\fR has no corresponding OpenSSL name, -it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather +If the \fBstdname\fR is NULL, or \fBstdname\fR has no corresponding OpenSSL name, +it returns "(NONE)". Where both exist, \fBstdname\fR should be the TLS name rather than the SSLv3 name. .PP \&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. -If \fBcipher\fR is \s-1NULL, 0\s0 is returned. +If \fBcipher\fR is NULL, 0 is returned. .PP -\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol -version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL.\s0 +\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the SSL/TLS protocol +version that first defined the cipher. It returns "(NONE)" if \fBcipher\fR is NULL. .PP -\&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. +\&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher NID corresponding to \fBc\fR. If there is no cipher (e.g. for cipher suites with no encryption) then \&\fBNID_undef\fR is returned. .PP -\&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 +\&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest NID corresponding to the MAC used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. -for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. +for AEAD cipher suites) then \fBNID_undef\fR is returned. .PP -\&\fBSSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during -the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be -different to the digest used to calculate the \s-1MAC\s0 for encrypted records. +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns an EVP_MD for the digest used during +the SSL/TLS handshake when using the SSL_CIPHER \fBc\fR. Note that this may be +different to the digest used to calculate the MAC for encrypted records. .PP -\&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method +\&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange NID corresponding to the method used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. -If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0 +If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3 cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): .PP .Vb 4 @@ -221,10 +146,10 @@ \& NID_kx_psk .Ve .PP -\&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method +\&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication NID corresponding to the method used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. If any appropriate authentication algorithm can be used (as in the case of -\&\s-1TLS 1.3\s0 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): +TLS 1.3 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): .PP .Vb 3 \& NID_auth_rsa @@ -232,31 +157,31 @@ \& NID_auth_psk .Ve .PP -\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or -ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0 +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is AEAD (e.g. GCM or +ChaCha20/Poly1305), and 0 if it is not AEAD. .PP -\&\fBSSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored +\&\fBSSL_CIPHER_find()\fR returns a \fBSSL_CIPHER\fR structure which has the cipher ID stored in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the -two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter -is usually retrieved from a \s-1TLS\s0 packet by using functions like -\&\fBSSL_client_hello_get0_ciphers\fR\|(3). \fBSSL_CIPHER_find()\fR returns \s-1NULL\s0 if an +two\-byte TLS cipher ID (as allocated by IANA) in network byte order. This parameter +is usually retrieved from a TLS packet by using functions like +\&\fBSSL_client_hello_get0_ciphers\fR\|(3). \fBSSL_CIPHER_find()\fR returns NULL if an error occurs or the indicated cipher is not found. .PP -\&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is -not the same as the IANA-specific \s-1ID.\s0 +\&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL\-specific ID of the given cipher \fBc\fR. That ID is +not the same as the IANA\-specific ID. .PP -\&\fBSSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given +\&\fBSSL_CIPHER_get_protocol_id()\fR returns the two\-byte ID used in the TLS protocol of the given cipher \fBc\fR. .PP \&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it -must be at least 128 bytes, otherwise a buffer will be allocated using +must be at least 128 bytes. If \fBbuf\fR is NULL it will be allocated using \&\fBOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, -\&\fB\s-1NULL\s0\fR is returned. +\&\fBNULL\fR is returned. .PP The string returned by \fBSSL_CIPHER_description()\fR consists of several fields separated by whitespace: -.IP "" 4 +.IP 4 .IX Item "" Textual representation of the cipher name. .IP "" 4 @@ -267,17 +192,17 @@ with earlier protocol versions. .IP "Kx=" 4 .IX Item "Kx=" -Key exchange method such as \fB\s-1RSA\s0\fR, \fB\s-1ECDHE\s0\fR, etc. -.IP "Au=" 4 +Key exchange method such as \fBRSA\fR, \fBECDHE\fR, etc. +.IP Au= 4 .IX Item "Au=" -Authentication method such as \fB\s-1RSA\s0\fR, \fBNone\fR, etc.. None is the +Authentication method such as \fBRSA\fR, \fBNone\fR, etc.. None is the representation of anonymous ciphers. .IP "Enc=" 4 .IX Item "Enc=" -Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. +Encryption method, with number of secret bits, such as \fBAESGCM(128)\fR. .IP "Mac=" 4 .IX Item "Mac=" -Message digest, such as \fB\s-1SHA256\s0\fR. +Message digest, such as \fBSHA256\fR. .PP Some examples for the output of \fBSSL_CIPHER_description()\fR: .PP @@ -289,52 +214,52 @@ .IX Header "RETURN VALUES" \&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR, \&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding -value in a NUL-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" +value in a NUL\-terminated string for a specific cipher or "(NONE)" if the cipher is not found. .PP \&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of secret bits or 0 if an error occurred. .PP \&\fBSSL_CIPHER_get_cipher_nid()\fR, \fBSSL_CIPHER_get_digest_nid()\fR, -\&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or +\&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the NID value or \&\fBNID_undef\fR if an error occurred. .PP -\&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fBEVP_MD\fR structure or NULL if an error occurred. .PP -\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is AEAD or 0 otherwise. .PP -\&\fBSSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error +\&\fBSSL_CIPHER_find()\fR returns a valid \fBSSL_CIPHER\fR structure or NULL if an error occurred. .PP -\&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0 +\&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL\-specific ID. .PP -\&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 -protocol-specific \s-1ID.\s0 +\&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the TLS +protocol\-specific ID. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3), \&\fBSSL_get_ciphers\fR\|(3), \fBopenssl\-ciphers\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_CIPHER_get_version()\fR function was updated to always return the correct protocol string in OpenSSL 1.1.0. .PP -The \fBSSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, +The \fBSSL_CIPHER_description()\fR function was changed to return \fBNULL\fR on error, rather than a fixed string, in OpenSSL 1.1.0. .PP The \fBSSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. .PP The \fBSSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. - Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was + Before OpenSSL 1.1.1, tracing (\fBenable\-ssl\-trace\fR argument to Configure) was required to enable this function. .PP The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3.orig +++ secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3ossl" -.TH SSL_COMP_ADD_COMPRESSION_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods \&\- handle SSL/TLS integrated compression methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,21 +79,21 @@ .Ve .PP The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& void SSL_COMP_free_compression_methods(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with the identifier \fBid\fR to the list of available compression methods. This -list is globally maintained for all \s-1SSL\s0 operations within this application. -It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +list is globally maintained for all SSL operations within this application. +It cannot be set for specific SSL_CTX or SSL objects. .PP \&\fBSSL_COMP_get_compression_methods()\fR returns a stack of all of the available -compression methods or \s-1NULL\s0 on error. +compression methods or NULL on error. .PP \&\fBSSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. .PP @@ -176,14 +101,14 @@ .PP \&\fBSSL_COMP_free_compression_methods()\fR releases any resources acquired to maintain the internal table of compression methods. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods -into the communication. The \s-1TLS RFC\s0 does however not specify compression +The TLS standard (or SSLv3) allows the integration of compression methods +into the communication. The TLS RFC does however not specify compression methods or their corresponding identifiers, so there is currently no compatible way to integrate compression with unknown peers. It is therefore currently not recommended to integrate compression into applications. Applications for -non-public use may agree on certain compression methods. Using different +non\-public use may agree on certain compression methods. Using different compression methods with the same identifier will lead to connection failure. .PP An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) @@ -202,30 +127,30 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_COMP_add_compression_method()\fR may return the following values: -.IP "0" 4 +.IP 0 4 The operation succeeded. -.IP "1" 4 +.IP 1 4 .IX Item "1" The operation failed. Check the error queue to find out the reason. .PP \&\fBSSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or -\&\s-1NULL\s0 on error. +NULL on error. .PP -\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or NULL on error. .PP \&\fBSSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_NEW 3ossl" -.TH SSL_CONF_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CONF_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,17 +73,17 @@ \& SSL_CONF_CTX *SSL_CONF_CTX_new(void); \& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR -structure for use with the \s-1SSL_CONF\s0 functions. +The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fBSSL_CONF_CTX\fR +structure for use with the SSL_CONF functions. .PP The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. -If \fBcctx\fR is \s-1NULL\s0 nothing is done. +If \fBcctx\fR is NULL nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure -or \fB\s-1NULL\s0\fR if an error occurs. +\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fBSSL_CONF_CTX\fR structure +or \fBNULL\fR if an error occurs. .PP \&\fBSSL_CONF_CTX_free()\fR does not return a value. .SH "SEE ALSO" @@ -169,14 +94,14 @@ \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,101 +53,42 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET1_PREFIX 3ossl" -.TH SSL_CONF_CTX_SET1_PREFIX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CONF_CTX_SET1_PREFIX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR -to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. -.SH "NOTES" +to \fBprefix\fR. If \fBprefix\fR is \fBNULL\fR it is restored to the default value. +.SH NOTES .IX Header "NOTES" Command prefixes alter the commands recognised by subsequent \fBSSL_CONF_cmd()\fR -calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names -such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" -and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then -\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". +calls. For example for files, if the prefix "SSL" is set then command names +such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" +and "Options". Similarly for command lines if the prefix is "\-\-ssl\-" then +"\-\-ssl\-no_tls1_2" is recognised instead of "\-no_tls1_2". .PP -If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case -sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application +If the \fBSSL_CONF_FLAG_CMDLINE\fR flag is set then prefix checks are case +sensitive and "\-" is the default. In the unlikely even an application explicitly wants to set no prefix it must be explicitly set to "". .PP -If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case +If the \fBSSL_CONF_FLAG_FILE\fR flag is set then prefix checks are case insensitive and no prefix is the default. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -176,14 +101,14 @@ \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_FLAGS 3ossl" -.TH SSL_CONF_CTX_SET_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CONF_CTX_SET_FLAGS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configuration context flags -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,38 +73,38 @@ \& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); \& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. .PP The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or \&\fBSSL_CONF_argv()\fR behave. .PP Currently the following \fBflags\fR values are recognised: -.IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 +.IP "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" 4 .IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" recognise options intended for command line or configuration file use. At least one of these flags must be set. -.IP "\s-1SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER\s0" 4 +.IP "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" 4 .IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" -recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or +recognise options intended for use in SSL/TLS clients or servers. One or both of these flags must be set. -.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 +.IP SSL_CONF_FLAG_CERTIFICATE 4 .IX Item "SSL_CONF_FLAG_CERTIFICATE" recognise certificate and private key options. -.IP "\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0" 4 +.IP SSL_CONF_FLAG_REQUIRE_PRIVATE 4 .IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" If this option is set then if a private key is not specified for a certificate it will attempt to load a private key from the certificate file when \&\fBSSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate file an error occurs. -.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 +.IP SSL_CONF_FLAG_SHOW_ERRORS 4 .IX Item "SSL_CONF_FLAG_SHOW_ERRORS" indicate errors relating to unrecognised options or missing arguments in -the error queue. If this option isn't set such errors are only reflected +the error queue. If this option isn\*(Aqt set such errors are only reflected in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -193,14 +118,14 @@ \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,103 +53,52 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_SSL_CTX 3ossl" -.TH SSL_CONF_CTX_SET_SSL_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CONF_CTX_SET_SSL_CTX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME +SSL_CONF_CTX_finish, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); \& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +\& int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the -\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBSSL_CTX\fR structure \fBctx\fR. Any previous \fBSSL\fR or \fBSSL_CTX\fR associated with \&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to \&\fBctx\fR. .PP \&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the -\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBSSL\fR structure \fBssl\fR. Any previous \fBSSL\fR or \fBSSL_CTX\fR associated with \&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to \&\fBssl\fR. -.SH "NOTES" +.PP +The function \fBSSL_CONF_CTX_finish()\fR must be called after all configuration +operations have been completed. It is used to finalise any operations +or to process defaults. +.SH NOTES .IX Header "NOTES" -The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only +The context need not be set or it can be set to \fBNULL\fR in which case only syntax checking of commands is performed, where possible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. +.PP +\&\fBSSL_CONF_CTX_finish()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), @@ -174,14 +107,14 @@ \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD 3ossl" -.TH SSL_CONF_CMD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CONF_CMD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,77 +74,77 @@ \& int SSL_CONF_cmd(SSL_CONF_CTX *ctx, const char *option, const char *value); \& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *ctx, const char *option); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBoption\fR with optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application -configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common +configuration of \fBSSL_CTX\fR or \fBSSL\fR structures by providing a common framework for command line options or configuration files. .PP \&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBoption\fR refers to. .SH "SUPPORTED COMMAND LINE COMMANDS" .IX Header "SUPPORTED COMMAND LINE COMMANDS" Currently supported \fBoption\fR names for command lines (i.e. when the -flag \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR is set) are listed below. Note: all \fBoption\fR +flag \fBSSL_CONF_FLAG_CMDLINE\fR is set) are listed below. Note: all \fBoption\fR names are case sensitive. Unless otherwise stated commands can be used by both clients and servers and the \fBvalue\fR parameter is not used. The default prefix for command line commands is \fB\-\fR and that is reflected below. -.IP "\fB\-bugs\fR" 4 +.IP \fB\-bugs\fR 4 .IX Item "-bugs" -Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. -.IP "\fB\-no_comp\fR" 4 +Various bug workarounds are set, same as setting \fBSSL_OP_ALL\fR. +.IP \fB\-no_comp\fR 4 .IX Item "-no_comp" -Disables support for \s-1SSL/TLS\s0 compression, same as setting -\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +Disables support for SSL/TLS compression, same as setting +\&\fBSSL_OP_NO_COMPRESSION\fR. As of OpenSSL 1.1.0, compression is off by default. -.IP "\fB\-comp\fR" 4 +.IP \fB\-comp\fR 4 .IX Item "-comp" -Enables support for \s-1SSL/TLS\s0 compression, same as clearing -\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +Enables support for SSL/TLS compression, same as clearing +\&\fBSSL_OP_NO_COMPRESSION\fR. This command was introduced in OpenSSL 1.1.0. As of OpenSSL 1.1.0, compression is off by default. -.IP "\fB\-no_ticket\fR" 4 +.IP \fB\-no_ticket\fR 4 .IX Item "-no_ticket" -Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. -.IP "\fB\-serverpref\fR" 4 +Disables support for session tickets, same as setting \fBSSL_OP_NO_TICKET\fR. +.IP \fB\-serverpref\fR 4 .IX Item "-serverpref" Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. -Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. -.IP "\fB\-client_renegotiation\fR" 4 +Equivalent to \fBSSL_OP_CIPHER_SERVER_PREFERENCE\fR. Only used by servers. +.IP \fB\-client_renegotiation\fR 4 .IX Item "-client_renegotiation" -Allows servers to accept client-initiated renegotiation. Equivalent to -setting \fB\s-1SSL_OP_ALLOW_CLIENT_RENEGOTIATION\s0\fR. +Allows servers to accept client\-initiated renegotiation. Equivalent to +setting \fBSSL_OP_ALLOW_CLIENT_RENEGOTIATION\fR. Only used by servers. -.IP "\fB\-legacy_renegotiation\fR" 4 +.IP \fB\-legacy_renegotiation\fR 4 .IX Item "-legacy_renegotiation" Permits the use of unsafe legacy renegotiation. Equivalent to setting -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. -.IP "\fB\-no_renegotiation\fR" 4 +\&\fBSSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\fR. +.IP \fB\-no_renegotiation\fR 4 .IX Item "-no_renegotiation" -Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting -\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. -.IP "\fB\-no_resumption_on_reneg\fR" 4 +Disables all attempts at renegotiation in (D)TLSv1.2 and earlier, same as setting +\&\fBSSL_OP_NO_RENEGOTIATION\fR. +.IP \fB\-no_resumption_on_reneg\fR 4 .IX Item "-no_resumption_on_reneg" -Sets \fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR. Only used by servers. +Sets \fBSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR. Only used by servers. .IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 .IX Item "-legacy_server_connect, -no_legacy_server_connect" Permits or prohibits the use of unsafe legacy renegotiation for OpenSSL -clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. -.IP "\fB\-prioritize_chacha\fR" 4 +clients only. Equivalent to setting or clearing \fBSSL_OP_LEGACY_SERVER_CONNECT\fR. +.IP \fB\-prioritize_chacha\fR 4 .IX Item "-prioritize_chacha" Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of -its preference list. This usually indicates a client without \s-1AES\s0 hardware -acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +its preference list. This usually indicates a client without AES hardware +acceleration (e.g. mobile) is in use. Equivalent to \fBSSL_OP_PRIORITIZE_CHACHA\fR. Only used by servers. Requires \fB\-serverpref\fR. -.IP "\fB\-allow_no_dhe_kex\fR" 4 +.IP \fB\-allow_no_dhe_kex\fR 4 .IX Item "-allow_no_dhe_kex" In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. -.IP "\fB\-strict\fR" 4 +.IP \fB\-strict\fR 4 .IX Item "-strict" Enables strict mode protocol handling. Equivalent to setting -\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. +\&\fBSSL_CERT_FLAG_TLS_STRICT\fR. .IP "\fB\-sigalgs\fR \fIalgs\fR" 4 .IX Item "-sigalgs algs" This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. @@ -229,18 +154,18 @@ .Sp The \fBalgs\fR argument should be a colon separated list of signature algorithms in order of decreasing preference of the form \fBalgorithm+hash\fR -or \fBsignature_scheme\fR. \fBalgorithm\fR is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and -\&\fBhash\fR is a supported algorithm \s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, -\&\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. Note: algorithm and hash names are case +or \fBsignature_scheme\fR. \fBalgorithm\fR is one of \fBRSA\fR, \fBDSA\fR or \fBECDSA\fR and +\&\fBhash\fR is a supported algorithm OID short name such as \fBSHA1\fR, \fBSHA224\fR, +\&\fBSHA256\fR, \fBSHA384\fR of \fBSHA512\fR. Note: algorithm and hash names are case sensitive. \fBsignature_scheme\fR is one of the signature schemes defined in -TLSv1.3, specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, +TLSv1.3, specified using the IETF name, e.g., \fBecdsa_secp256r1_sha256\fR, \&\fBed25519\fR, or \fBrsa_pss_pss_sha256\fR. .Sp If this option is not set then all signature algorithms supported by the OpenSSL library are permissible. .Sp Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by -using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +using \fBRSA\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR identifiers) are ignored in TLSv1.3 and will not be negotiated. .IP "\fB\-client_sigalgs\fR \fIalgs\fR" 4 .IX Item "-client_sigalgs algs" @@ -262,8 +187,8 @@ for the \fBkey_share\fR sent by a client in a TLSv1.3 \fBClientHello\fR. .Sp The \fBgroups\fR argument is a colon separated list of groups. The group can -be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name -where applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL \s-1OID\s0 name +be either the \fBNIST\fR name (e.g. \fBP\-256\fR), some other commonly used name +where applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL OID name (e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in order of preference with the most preferred group first. .Sp @@ -275,36 +200,36 @@ This is a synonym for the \fB\-groups\fR command. .IP "\fB\-named_curve\fR \fIcurve\fR" 4 .IX Item "-named_curve curve" -This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used +This sets the temporary curve used for ephemeral ECDH modes. Only used by servers. .Sp The \fBgroups\fR argument is a curve name or the special value \fBauto\fR which picks an appropriate curve based on client and server preferences. The -curve can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +curve can be either the \fBNIST\fR name (e.g. \fBP\-256\fR) or an OpenSSL OID name (e.g. \fBprime256v1\fR). Curve names are case sensitive. .IP "\fB\-cipher\fR \fIciphers\fR" 4 .IX Item "-cipher ciphers" Sets the TLSv1.2 and below ciphersuite list to \fBciphers\fR. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax checking -of \fBciphers\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +of \fBciphers\fR is currently not performed unless a \fBSSL\fR or \fBSSL_CTX\fR structure is associated with \fBctx\fR. .IP "\fB\-ciphersuites\fR \fI1.3ciphers\fR" 4 .IX Item "-ciphersuites 1.3ciphers" Sets the available ciphersuites for TLSv1.3 to value. This is a -colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +colon\-separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. See \fBopenssl\-ciphers\fR\|(1) for more information. .IP "\fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR" 4 .IX Item "-min_protocol minprot, -max_protocol maxprot" Sets the minimum and maximum supported protocol. Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, -\&\fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0; \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 and \fBNone\fR +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR for TLS; \fBDTLSv1\fR, \fBDTLSv1.2\fR for DTLS, and \fBNone\fR for no limit. If either the lower or upper bound is not specified then only the other bound applies, if specified. -If your application supports both \s-1TLS\s0 and \s-1DTLS\s0 you can specify any of these -options twice, once with a bound for \s-1TLS\s0 and again with an appropriate bound -for \s-1DTLS.\s0 +If your application supports both TLS and DTLS you can specify any of these +options twice, once with a bound for TLS and again with an appropriate bound +for DTLS. To restrict the supported protocol versions use these commands rather than the deprecated alternative commands below. .IP "\fB\-record_padding\fR \fIpadding\fR" 4 @@ -312,12 +237,12 @@ Attempts to pad TLSv1.3 records so that they are a multiple of \fBpadding\fR in length on send. A \fBpadding\fR of 0 or 1 turns off padding. Otherwise, the \fBpadding\fR must be >1 or <=16384. -.IP "\fB\-debug_broken_protocol\fR" 4 +.IP \fB\-debug_broken_protocol\fR 4 .IX Item "-debug_broken_protocol" Ignored. -.IP "\fB\-no_middlebox\fR" 4 +.IP \fB\-no_middlebox\fR 4 .IX Item "-no_middlebox" -Turn off \*(L"middlebox compatibility\*(R", as described below. +Turn off "middlebox compatibility", as described below. .SS "Additional Options" .IX Subsection "Additional Options" The following options are accepted by \fBSSL_CONF_cmd()\fR, but are not @@ -325,19 +250,19 @@ .IP "\fB\-cert\fR \fIfile\fR" 4 .IX Item "-cert file" Attempts to use \fBfile\fR as the certificate for the appropriate context. It -currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an -\&\fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate +currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fBSSL_CTX\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype PEM if an +\&\fBSSL\fR structure is set. This option is only supported if certificate operations are permitted. .IP "\fB\-key\fR \fIfile\fR" 4 .IX Item "-key file" Attempts to use \fBfile\fR as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no \fB\-key\fR option is set then a private key is not loaded unless the -flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +flag \fBSSL_CONF_FLAG_REQUIRE_PRIVATE\fR is set. .IP "\fB\-dhparam\fR \fIfile\fR" 4 .IX Item "-dhparam file" -Attempts to use \fBfile\fR as the set of temporary \s-1DH\s0 parameters for +Attempts to use \fBfile\fR as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. .IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 @@ -353,72 +278,72 @@ OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent -time. Anti-Replay is on by default unless overridden by a configuration file and -is only used by servers. Anti-replay measures are required for compliance with +time. Anti\-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti\-replay measures are required for compliance with the TLSv1.3 specification. Some applications may be able to mitigate the replay -risks in other ways and in such cases the built-in OpenSSL functionality is not -required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +risks in other ways and in such cases the built\-in OpenSSL functionality is not +required. Switching off anti\-replay is equivalent to \fBSSL_OP_NO_ANTI_REPLAY\fR. .SH "SUPPORTED CONFIGURATION FILE COMMANDS" .IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" Currently supported \fBoption\fR names for configuration files (i.e., when the -flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file +flag \fBSSL_CONF_FLAG_FILE\fR is set) are listed below. All configuration file \&\fBoption\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names are also case insensitive. .PP Note: the command prefix (if set) alters the recognised \fBoption\fR values. -.IP "\fBCipherString\fR" 4 +.IP \fBCipherString\fR 4 .IX Item "CipherString" Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax -checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +checking of \fBvalue\fR is currently not performed unless an \fBSSL\fR or \fBSSL_CTX\fR structure is associated with \fBctx\fR. -.IP "\fBCiphersuites\fR" 4 +.IP \fBCiphersuites\fR 4 .IX Item "Ciphersuites" Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a -colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +colon\-separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. See \fBopenssl\-ciphers\fR\|(1) for more information. -.IP "\fBCertificate\fR" 4 +.IP \fBCertificate\fR 4 .IX Item "Certificate" Attempts to use the file \fBvalue\fR as the certificate for the appropriate -context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fBSSL_CTX\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype PEM if an \fBSSL\fR structure is set. This option is only supported if certificate operations are permitted. -.IP "\fBPrivateKey\fR" 4 +.IP \fBPrivateKey\fR 4 .IX Item "PrivateKey" Attempts to use the file \fBvalue\fR as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no \fBPrivateKey\fR option is set then a private key is -not loaded unless the \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +not loaded unless the \fBSSL_CONF_FLAG_REQUIRE_PRIVATE\fR is set. .IP "\fBChainCAFile\fR, \fBChainCAPath\fR, \fBVerifyCAFile\fR, \fBVerifyCAPath\fR" 4 .IX Item "ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath" These options indicate a file or directory used for building certificate chains or verifying certificate chains. These options are only supported if certificate operations are permitted. -.IP "\fBRequestCAFile\fR" 4 +.IP \fBRequestCAFile\fR 4 .IX Item "RequestCAFile" -This option indicates a file containing a set of certificates in \s-1PEM\s0 form. +This option indicates a file containing a set of certificates in PEM form. The subject names of the certificates are sent to the peer in the -\&\fBcertificate_authorities\fR extension for \s-1TLS 1.3\s0 (in ClientHello or +\&\fBcertificate_authorities\fR extension for TLS 1.3 (in ClientHello or CertificateRequest) or in a certificate request for previous versions or -\&\s-1TLS.\s0 -.IP "\fBServerInfoFile\fR" 4 +TLS. +.IP \fBServerInfoFile\fR 4 .IX Item "ServerInfoFile" -Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the +Attempts to use the file \fBvalue\fR in the "serverinfo" extension using the function SSL_CTX_use_serverinfo_file. -.IP "\fBDHParameters\fR" 4 +.IP \fBDHParameters\fR 4 .IX Item "DHParameters" -Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +Attempts to use the file \fBvalue\fR as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. -.IP "\fBRecordPadding\fR" 4 +.IP \fBRecordPadding\fR 4 .IX Item "RecordPadding" Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the \&\fBvalue\fR must be >1 or <=16384. -.IP "\fBSignatureAlgorithms\fR" 4 +.IP \fBSignatureAlgorithms\fR 4 .IX Item "SignatureAlgorithms" This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. For clients this @@ -428,20 +353,20 @@ The \fBvalue\fR argument should be a colon separated list of signature algorithms in order of decreasing preference of the form \fBalgorithm+hash\fR or \&\fBsignature_scheme\fR. \fBalgorithm\fR -is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm -\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +is one of \fBRSA\fR, \fBDSA\fR or \fBECDSA\fR and \fBhash\fR is a supported algorithm +OID short name such as \fBSHA1\fR, \fBSHA224\fR, \fBSHA256\fR, \fBSHA384\fR of \fBSHA512\fR. Note: algorithm and hash names are case sensitive. \&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, -specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +specified using the IETF name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, or \fBrsa_pss_pss_sha256\fR. .Sp If this option is not set then all signature algorithms supported by the OpenSSL library are permissible. .Sp Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by -using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +using \fBRSA\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR identifiers) are ignored in TLSv1.3 and will not be negotiated. -.IP "\fBClientSignatureAlgorithms\fR" 4 +.IP \fBClientSignatureAlgorithms\fR 4 .IX Item "ClientSignatureAlgorithms" This sets the supported signature algorithms associated with client authentication for TLSv1.2 and TLSv1.3. @@ -453,7 +378,7 @@ .Sp The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then the value set for \fBSignatureAlgorithms\fR will be used instead. -.IP "\fBGroups\fR" 4 +.IP \fBGroups\fR 4 .IX Item "Groups" This sets the supported groups. For clients, the groups are sent using the supported groups extension. For servers, it is used @@ -463,43 +388,43 @@ \&\fBClientHello\fR. .Sp The \fBvalue\fR argument is a colon separated list of groups. The group can be -either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL \s-1OID\s0 name +either the \fBNIST\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL OID name (e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in order of preference with the most preferred group first. .Sp Currently supported groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, \&\fBX25519\fR, \fBX448\fR, \fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, \&\fBffdhe8192\fR. -.IP "\fBCurves\fR" 4 +.IP \fBCurves\fR 4 .IX Item "Curves" -This is a synonym for the \*(L"Groups\*(R" command. -.IP "\fBMinProtocol\fR" 4 +This is a synonym for the "Groups" command. +.IP \fBMinProtocol\fR 4 .IX Item "MinProtocol" -This sets the minimum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. +This sets the minimum supported SSL, TLS or DTLS version. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The \s-1SSL\s0 and \s-1TLS\s0 bounds apply only to TLS-based contexts, while the \s-1DTLS\s0 bounds -apply only to DTLS-based contexts. -The command can be repeated with one instance setting a \s-1TLS\s0 bound, and the -other setting a \s-1DTLS\s0 bound. +The SSL and TLS bounds apply only to TLS\-based contexts, while the DTLS bounds +apply only to DTLS\-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. The value \fBNone\fR applies to both types of contexts and disables the limits. -.IP "\fBMaxProtocol\fR" 4 +.IP \fBMaxProtocol\fR 4 .IX Item "MaxProtocol" -This sets the maximum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. +This sets the maximum supported SSL, TLS or DTLS version. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The \s-1SSL\s0 and \s-1TLS\s0 bounds apply only to TLS-based contexts, while the \s-1DTLS\s0 bounds -apply only to DTLS-based contexts. -The command can be repeated with one instance setting a \s-1TLS\s0 bound, and the -other setting a \s-1DTLS\s0 bound. +The SSL and TLS bounds apply only to TLS\-based contexts, while the DTLS bounds +apply only to DTLS\-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. The value \fBNone\fR applies to both types of contexts and disables the limits. -.IP "\fBProtocol\fR" 4 +.IP \fBProtocol\fR 4 .IX Item "Protocol" -This can be used to enable or disable certain versions of the \s-1SSL, -TLS\s0 or \s-1DTLS\s0 protocol. +This can be used to enable or disable certain versions of the SSL, +TLS or DTLS protocol. .Sp The \fBvalue\fR argument is a comma separated list of supported protocols to enable or disable. @@ -513,18 +438,18 @@ .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The special value \fB\s-1ALL\s0\fR refers to all supported versions. +The special value \fBALL\fR refers to all supported versions. .Sp -This can't enable protocols that are disabled using \fBMinProtocol\fR +This can\*(Aqt enable protocols that are disabled using \fBMinProtocol\fR or \fBMaxProtocol\fR, but can disable protocols that are still allowed by them. .Sp The \fBProtocol\fR command is fragile and deprecated; do not use it. Use \fBMinProtocol\fR and \fBMaxProtocol\fR instead. If you do use \fBProtocol\fR, make sure that the resulting range of enabled -protocols has no \*(L"holes\*(R", e.g. if \s-1TLS 1.0\s0 and \s-1TLS 1.2\s0 are both enabled, make -sure to also leave \s-1TLS 1.1\s0 enabled. -.IP "\fBOptions\fR" 4 +protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make +sure to also leave TLS 1.1 enabled. +.IP \fBOptions\fR 4 .IX Item "Options" The \fBvalue\fR argument is a comma separated list of various flags to set. If a flag string is preceded \fB\-\fR it is disabled. @@ -535,81 +460,81 @@ the \fB\-flag\fR syntax is needed to disable it. .Sp \&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of -\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting -\&\fB\s-1SSL_OP_NO_TICKET\s0\fR. +\&\fBSSL_OP_NO_TICKET\fR: that is \fB\-SessionTicket\fR is the same as setting +\&\fBSSL_OP_NO_TICKET\fR. .Sp -\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, disabled by default. Inverse -of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +\&\fBCompression\fR: SSL/TLS compression support, disabled by default. Inverse +of \fBSSL_OP_NO_COMPRESSION\fR. .Sp \&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a -\&\s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It -is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. +SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It +is set by default. Inverse of \fBSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\fR. .Sp -\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. +\&\fBBugs\fR: enable various bug workarounds. Same as \fBSSL_OP_ALL\fR. .Sp -\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of -\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. +\&\fBDHSingle\fR: enable single use DH keys, set by default. Inverse of +\&\fBSSL_OP_DH_SINGLE\fR. Only used by servers. .Sp -\&\fBECDHSingle\fR: enable single use \s-1ECDH\s0 keys, set by default. Inverse of -\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. +\&\fBECDHSingle\fR: enable single use ECDH keys, set by default. Inverse of +\&\fBSSL_OP_ECDH_SINGLE\fR. Only used by servers. .Sp \&\fBServerPreference\fR: use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to -\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +\&\fBSSL_OP_CIPHER_SERVER_PREFERENCE\fR. Only used by servers. .Sp \&\fBPrioritizeChaCha\fR: prioritizes ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list. This usually indicates -a mobile client is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +a mobile client is in use. Equivalent to \fBSSL_OP_PRIORITIZE_CHACHA\fR. Only used by servers. .Sp \&\fBNoResumptionOnRenegotiation\fR: set -\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. +\&\fBSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR flag. Only used by servers. .Sp \&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and -earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +earlier, same as setting \fBSSL_OP_NO_RENEGOTIATION\fR. .Sp \&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. -Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +Equivalent to \fBSSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\fR. .Sp \&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation -for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +for OpenSSL clients only. Equivalent to \fBSSL_OP_LEGACY_SERVER_CONNECT\fR. .Sp -\&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by -default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, -\&\fB\-EncryptThenMac\fR is the same as setting \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR. +\&\fBEncryptThenMac\fR: use encrypt\-then\-mac extension, enabled by +default. Inverse of \fBSSL_OP_NO_ENCRYPT_THEN_MAC\fR: that is, +\&\fB\-EncryptThenMac\fR is the same as setting \fBSSL_OP_NO_ENCRYPT_THEN_MAC\fR. .Sp \&\fBAllowNoDHEKEX\fR: In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed -session. Equivalent to \fB\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0\fR. +session. Equivalent to \fBSSL_OP_ALLOW_NO_DHE_KEX\fR. .Sp -\&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent +\&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. This option is set by default. A future version of OpenSSL may not set this by -default. Equivalent to \fB\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0\fR. +default. Equivalent to \fBSSL_OP_ENABLE_MIDDLEBOX_COMPAT\fR. .Sp \&\fBAntiReplay\fR: If set then OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. This option is set by default and is only used by -servers. Anti-replay measures are required to comply with the TLSv1.3 +servers. Anti\-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in -other ways and in such cases the built-in OpenSSL functionality is not required. -Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +other ways and in such cases the built\-in OpenSSL functionality is not required. +Disabling anti\-replay is equivalent to setting \fBSSL_OP_NO_ANTI_REPLAY\fR. .Sp \&\fBExtendedMasterSecret\fR: use extended master secret extension, enabled by -default. Inverse of \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR: that is, -\&\fB\-ExtendedMasterSecret\fR is the same as setting \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR. +default. Inverse of \fBSSL_OP_NO_EXTENDED_MASTER_SECRET\fR: that is, +\&\fB\-ExtendedMasterSecret\fR is the same as setting \fBSSL_OP_NO_EXTENDED_MASTER_SECRET\fR. .Sp -\&\fBCANames\fR: use \s-1CA\s0 names extension, enabled by -default. Inverse of \fB\s-1SSL_OP_DISABLE_TLSEXT_CA_NAMES\s0\fR: that is, -\&\fB\-CANames\fR is the same as setting \fB\s-1SSL_OP_DISABLE_TLSEXT_CA_NAMES\s0\fR. +\&\fBCANames\fR: use CA names extension, enabled by +default. Inverse of \fBSSL_OP_DISABLE_TLSEXT_CA_NAMES\fR: that is, +\&\fB\-CANames\fR is the same as setting \fBSSL_OP_DISABLE_TLSEXT_CA_NAMES\fR. .Sp -\&\fB\s-1KTLS\s0\fR: Enables kernel \s-1TLS\s0 if support has been compiled in, and it is supported +\&\fBKTLS\fR: Enables kernel TLS if support has been compiled in, and it is supported by the negotiated ciphersuites and extensions. Equivalent to -\&\fB\s-1SSL_OP_ENABLE_KTLS\s0\fR. -.IP "\fBVerifyMode\fR" 4 +\&\fBSSL_OP_ENABLE_KTLS\fR. +.IP \fBVerifyMode\fR 4 .IX Item "VerifyMode" The \fBvalue\fR argument is a comma separated list of flags to set. .Sp @@ -625,43 +550,43 @@ not when renegotiating. Servers only. .Sp \&\fBRequestPostHandshake\fR configures the connection to support requests but does -not require a certificate from the client post-handshake. A certificate will +not require a certificate from the client post\-handshake. A certificate will not be requested during the initial handshake. The server application must -provide a mechanism to request a certificate post-handshake. Servers only. +provide a mechanism to request a certificate post\-handshake. Servers only. TLSv1.3 only. .Sp \&\fBRequiresPostHandshake\fR configures the connection to support requests and -requires a certificate from the client post-handshake: an error occurs if the +requires a certificate from the client post\-handshake: an error occurs if the client does not present a certificate. A certificate will not be requested during the initial handshake. The server application must provide a mechanism -to request a certificate post-handshake. Servers only. TLSv1.3 only. +to request a certificate post\-handshake. Servers only. TLSv1.3 only. .IP "\fBClientCAFile\fR, \fBClientCAPath\fR" 4 .IX Item "ClientCAFile, ClientCAPath" -A file or directory of certificates in \s-1PEM\s0 format whose names are used as the +A file or directory of certificates in PEM format whose names are used as the set of acceptable names for client CAs. Servers only. This option is only supported if certificate operations are permitted. .SH "SUPPORTED COMMAND TYPES" .IX Header "SUPPORTED COMMAND TYPES" The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following types: -.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 +.IP \fBSSL_CONF_TYPE_UNKNOWN\fR 4 .IX Item "SSL_CONF_TYPE_UNKNOWN" The \fBoption\fR string is unrecognised, this return value can be use to flag syntax errors. -.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 +.IP \fBSSL_CONF_TYPE_STRING\fR 4 .IX Item "SSL_CONF_TYPE_STRING" The value is a string without any specific structure. -.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 +.IP \fBSSL_CONF_TYPE_FILE\fR 4 .IX Item "SSL_CONF_TYPE_FILE" The value is a filename. -.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 +.IP \fBSSL_CONF_TYPE_DIR\fR 4 .IX Item "SSL_CONF_TYPE_DIR" The value is a directory name. -.IP "\fB\s-1SSL_CONF_TYPE_NONE\s0\fR" 4 +.IP \fBSSL_CONF_TYPE_NONE\fR 4 .IX Item "SSL_CONF_TYPE_NONE" -The value string is not used e.g. a command line option which doesn't take an +The value string is not used e.g. a command line option which doesn\*(Aqt take an argument. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The order of operations is significant. This can be used to set either defaults or values which cannot be overridden. For example if an application calls: @@ -694,7 +619,7 @@ utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way to do this is to set the prefix to an appropriate value using \&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBoption\fR and the -following argument to \fBvalue\fR (which may be \s-1NULL\s0). +following argument to \fBvalue\fR (which may be NULL). .PP In this case if the return value is positive then it is used to skip that number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is @@ -706,25 +631,25 @@ The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to check for the existence of a command or to perform additional syntax checking or translation of the command value. For example if the return -value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative +value is \fBSSL_CONF_TYPE_FILE\fR an application could translate a relative pathname to an absolute pathname. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBoption\fR is recognised and \fBvalue\fR is -\&\fB\s-1NOT\s0\fR used and 2 if both \fBoption\fR and \fBvalue\fR are used. In other words it +\&\fBNOT\fR used and 2 if both \fBoption\fR and \fBvalue\fR are used. In other words it returns the number of arguments processed. This is useful when processing command lines. .PP A return value of \-2 means \fBoption\fR is not recognised. .PP A return value of \-3 means \fBoption\fR is recognised and the command requires a -value but \fBvalue\fR is \s-1NULL.\s0 +value but \fBvalue\fR is NULL. .PP A return code of 0 indicates that both \fBoption\fR and \fBvalue\fR are valid but an error occurred attempting to perform the operation: for example due to an error in the syntax of \fBvalue\fR in this case the error queue may provide additional information. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Set supported signature algorithms: .PP @@ -750,7 +675,7 @@ The following will first enable all protocols, and then disable SSLv3. If no protocol versions were disabled before this has the same effect as -\&\*(L"\-SSLv3\*(R", but if some versions were disables this will re-enable them before +"\-SSLv3", but if some versions were disables this will re\-enable them before disabling SSLv3. .PP .Vb 1 @@ -770,7 +695,7 @@ \& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); .Ve .PP -Disable \s-1TLS\s0 session tickets: +Disable TLS session tickets: .PP .Vb 1 \& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); @@ -796,16 +721,16 @@ \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. .PP -The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro +The \fBSSL_OP_NO_SSL2\fR option doesn\*(Aqt have effect since 1.1.0, but the macro is retained for backwards compatibility. .PP -The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of -OpenSSL passing a command which didn't take an argument would return -\&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. +The \fBSSL_CONF_TYPE_NONE\fR was added in OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn\*(Aqt take an argument would return +\&\fBSSL_CONF_TYPE_UNKNOWN\fR. .PP \&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. .PP @@ -813,11 +738,11 @@ .PP The \fBUnsafeLegacyServerConnect\fR option is no longer set by default from OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2012\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD_ARGV 3ossl" -.TH SSL_CONF_CMD_ARGV 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CONF_CMD_ARGV 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CONF_cmd_argv \- SSL configuration command line processing -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR are updated to reflect the number of command options processed. The \fBpargc\fR -argument can be set to \fB\s-1NULL\s0\fR if it is not used. +argument can be set to \fBNULL\fR if it is not used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 @@ -160,7 +85,7 @@ .PP If \-2 is returned then an argument for a command is missing. .PP -If \-1 is returned the command is recognised but couldn't be processed due +If \-1 is returned the command is recognised but couldn\*(Aqt be processed due to an error: for example a syntax error in the argument. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -170,14 +95,14 @@ \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD1_CHAIN_CERT 3ossl" -.TH SSL_CTX_ADD1_CHAIN_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_ADD1_CHAIN_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, @@ -146,7 +71,7 @@ SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra chain certificate processing -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -173,7 +98,7 @@ \& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); \& int SSL_set_current_cert(SSL *ssl, long op); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain associated with the current certificate of \fBctx\fR to \fBsk\fR. @@ -187,22 +112,22 @@ .PP \&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the current certificate of \fBctx\fR. (This is implemented by calling -\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fBNULL\fR). .PP \&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR. Normally this uses the chain store or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. -The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use -existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR -to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to +The \fBflags\fR parameter can be set to \fBSSL_BUILD_CHAIN_FLAG_UNTRUSTED\fR to use +existing chain certificates as untrusted CAs, \fBSSL_BUILD_CHAIN_FLAG_NO_ROOT\fR +to omit the root CA from the built chain, \fBSSL_BUILD_CHAIN_FLAG_CHECK\fR to use all existing chain certificates only to build the chain (effectively sanity checking and rearranging them if necessary), the flag -\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: -if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors +\&\fBSSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\fR ignores any errors during verification: +if flag \fBSSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\fR is also set verification errors are cleared from the error queue. Details of the chain building process are described in -\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1). +"Certification Path Building" in \fBopenssl\-verification\-options\fR\|(1). .PP Each of these functions operates on the \fIcurrent\fR end entity (i.e. server or client) certificate. This is the last certificate loaded or @@ -215,15 +140,15 @@ \&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, \&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, \&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR -are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. +are similar except they apply to SSL structure \fBssl\fR. .PP \&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based -on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use -the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid +on the \fBop\fR argument. Currently \fBop\fR can be \fBSSL_CERT_SET_FIRST\fR to use +the first valid certificate or \fBSSL_CERT_SET_NEXT\fR to set the next valid certificate after the current certificate. These two operations can be -used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. +used to iterate over all certificates in an \fBSSL_CTX\fR structure. .PP -\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +\&\fBSSL_set_current_cert()\fR also supports the option \fBSSL_CERT_SET_SERVER\fR. If \fBssl\fR is a server and has sent a certificate to a connected client this option sets that certificate to the current certificate and returns 1. If the negotiated cipher suite is anonymous (and thus no certificate will @@ -235,15 +160,15 @@ increment the reference count of the supplied certificate or chain so it must be freed at some point after the operation. Those containing a \fB0\fR do not increment reference counts and the supplied certificate or chain -\&\fB\s-1MUST NOT\s0\fR be freed after the operation. -.SH "NOTES" +\&\fBMUST NOT\fR be freed after the operation. +.SH NOTES .IX Header "NOTES" -The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected -by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 +The chains associate with an SSL_CTX structure are copied to any SSL +structures when \fBSSL_new()\fR is called. SSL structures will not be affected +by any chains subsequently changed in the parent SSL_CTX. .PP One chain can be set for each key type supported by a server. So, for example, -an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. +an RSA and a DSA certificate can (and often will) have different chains. .PP The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can be used to check application configuration and to ensure any necessary @@ -252,10 +177,10 @@ .PP For example an application can add any set of certificates using \&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR -with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. +with the option \fBSSL_BUILD_CHAIN_FLAG_CHECK\fR to check and reorder them. .PP Applications can issue non fatal warnings when checking chains by setting -the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return +the flag \fBSSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\fR and checking the return value. .PP Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more @@ -266,12 +191,12 @@ using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +\&\fBSSL_set_current_cert()\fR with \fBSSL_CERT_SET_SERVER\fR return 1 for success, 2 if no server certificate is used because the cipher suites is anonymous and 0 for failure. .PP \&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success -and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and +and 0 for failure. If the flag \fBSSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\fR and a verification error occurs then 2 is returned. .PP All other functions return 1 for success and 0 for failure. @@ -279,14 +204,14 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3ossl" -.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_add_extra_chain_cert, SSL_CTX_get_extra_chain_certs, SSL_CTX_get_extra_chain_certs_only, SSL_CTX_clear_extra_chain_certs \&\- add, get or clear extra chain certificates -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,7 +79,7 @@ \& long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk); \& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain certificates associated with \fBctx\fR. Several certificates can be added one @@ -173,24 +98,24 @@ associated with \fBctx\fR. .PP These functions are implemented as macros. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" When sending a certificate chain, extra chain certificates are sent in order following the end entity certificate. .PP If no chain is specified, the library will try to complete the chain from the -available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see +available CA certificates in the trusted CA storage, see \&\fBSSL_CTX_load_verify_locations\fR\|(3). .PP The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be -freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application +freed by the library when the \fBSSL_CTX\fR is destroyed. An application \&\fBshould not\fR free the \fBx509\fR object. -.SH "RESTRICTIONS" +.SH RESTRICTIONS .IX Header "RESTRICTIONS" -Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 +Only one set of extra chain certificates can be specified per SSL_CTX structure. Different chains for different certificates (for example if both -\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 -structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this +RSA and DSA certificates are specified by the same server) or different SSL +structures with the same parent SSL_CTX cannot be specified using this function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should be used instead. .SH "RETURN VALUES" @@ -214,11 +139,11 @@ \&\fBSSL_add1_chain_cert\fR\|(3) \&\fBSSL_CTX_build_cert_chain\fR\|(3) \&\fBSSL_build_cert_chain\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_SESSION 3ossl" -.TH SSL_CTX_ADD_SESSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_ADD_SESSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,7 +74,7 @@ \& \& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The reference count for session \fBc\fR is incremented by 1. If a session with @@ -157,32 +82,32 @@ \&\fBSSL_SESSION_free\fR\|(3). .PP \&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and -marks it as non-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. -.SH "NOTES" +marks it as non\-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. +.SH NOTES .IX Header "NOTES" When adding a new session to the internal session cache, it is examined whether a session with the same session id already exists. In this case it is assumed that both sessions are identical. If the same session is -stored in a different \s-1SSL_SESSION\s0 object, The old session is +stored in a different SSL_SESSION object, The old session is removed and replaced by the new session. If the session is actually -identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR -is a no-op, and the return value is 0. +identical (the SSL_SESSION object is identical), \fBSSL_CTX_add_session()\fR +is a no\-op, and the return value is 0. .PP -If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE flag then the internal cache will not be populated automatically by new -sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal -cache will be searched automatically for session-resume requests (the -latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +sessions negotiated by the SSL/TLS implementation, even though the internal +cache will be searched automatically for session\-resume requests (the +latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the application can use \fBSSL_CTX_add_session()\fR directly to have full control over the sessions that can be resumed if desired. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following values are returned by all functions: -.IP "0" 4 +.IP 0 4 The operation failed. In case of the add operation, it was tried to add the same (identical) session twice. In case of the remove operation, the session was not found in the cache. -.IP "1" 4 +.IP 1 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" @@ -190,11 +115,11 @@ \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_config.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_config.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_CONFIG 3ossl" -.TH SSL_CTX_CONFIG 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_CONFIG 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,10 +73,10 @@ \& int SSL_CTX_config(SSL_CTX *ctx, const char *name); \& int SSL_config(SSL *s, const char *name); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or -\&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. +The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fBSSL_CTX\fR or +\&\fBSSL\fR structure using the configuration \fBname\fR. .PP By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many complex tasks based on the contents of the configuration file: greatly @@ -166,9 +91,9 @@ .IX Header "RETURN VALUES" \&\fBSSL_CTX_config()\fR and \fBSSL_config()\fR return 1 for success or 0 if an error occurred. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -If the file \*(L"config.cnf\*(R" contains the following: +If the file "config.cnf" contains the following: .PP .Vb 1 \& testapp = test_sect @@ -211,14 +136,14 @@ \&\fBconfig\fR\|(5), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBCONF_modules_load_file\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_CTRL 3ossl" -.TH SSL_CTX_CTRL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_CTRL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,10 +76,10 @@ \& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); \& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of -the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments +the SSL_CTX and SSL objects. Depending on the command \fBcmd\fR the arguments \&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never be called directly. All functionalities needed are made available via other functions or macros. @@ -165,11 +90,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_DANE_ENABLE 3ossl" -.TH SSL_CTX_DANE_ENABLE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_DANE_ENABLE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags \&\- enable DANE TLS authentication of the remote TLS server in the local TLS client -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,57 +90,57 @@ \& unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); \& unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions implement support for \s-1DANE TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) +These functions implement support for DANE TLSA (RFC6698 and RFC7671) peer authentication. .PP \&\fBSSL_CTX_dane_enable()\fR must be called first to initialize the shared state -required for \s-1DANE\s0 support. +required for DANE support. Individual connections associated with the context can then enable -per-connection \s-1DANE\s0 support as appropriate. -\&\s-1DANE\s0 authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and +per\-connection DANE support as appropriate. +DANE authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and applications that override \fBX509_verify_cert\fR\|(3) via \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer chain in whatever manner they see fit. .PP \&\fBSSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the supported digest algorithms. -This must be done before any \s-1SSL\s0 handles are created for the context. +This must be done before any SSL handles are created for the context. .PP -The \fBmtype\fR argument specifies a \s-1DANE TLSA\s0 matching type and the \fBmd\fR +The \fBmtype\fR argument specifies a DANE TLSA matching type and the \fBmd\fR argument specifies the associated digest algorithm handle. The \fBord\fR argument specifies a strength ordinal. Algorithms with a larger strength ordinal are considered more secure. -Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. -Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables +Strength ordinals are used to implement RFC7671 digest algorithm agility. +Specifying a \fBNULL\fR digest algorithm for a matching type disables support for that matching type. Matching type \fBFull\fR\|(0) cannot be modified or disabled. .PP -By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions -of the \s-1DANE TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR +By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see RFC7218 for definitions +of the DANE TLSA parameter acronyms) is mapped to \f(CWEVP_sha256()\fR with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR -is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. +is mapped to \f(CWEVP_sha512()\fR with a strength ordinal of \f(CW2\fR. .PP -\&\fBSSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with -\&\fBSSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. -(The connection must be associated with a DANE-enabled \s-1SSL\s0 context). -The \fBbasedomain\fR argument specifies the \s-1RFC7671 TLSA\s0 base domain, +\&\fBSSL_dane_enable()\fR must be called before the SSL handshake is initiated with +\&\fBSSL_connect\fR\|(3) if (and only if) you want to enable DANE for that connection. +(The connection must be associated with a DANE\-enabled SSL context). +The \fBbasedomain\fR argument specifies the RFC7671 TLSA base domain, which will be the primary peer reference identifier for certificate name checks. Additional server names can be specified via \fBSSL_add1_host\fR\|(3). -The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been +The \fBbasedomain\fR is used as the default SNI hint if none has yet been specified via \fBSSL_set_tlsext_host_name\fR\|(3). .PP \&\fBSSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the -\&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. -(This too must be done prior to the beginning of the \s-1SSL\s0 handshake). -The arguments specify the fields of the \s-1TLSA\s0 record. -The \fBdata\fR field is provided in binary (wire \s-1RDATA\s0) form, not the hexadecimal -\&\s-1ASCII\s0 presentation form, with an explicit length passed via \fBdlen\fR. +TLSA records that apply to the remote TLS peer. +(This too must be done prior to the beginning of the SSL handshake). +The arguments specify the fields of the TLSA record. +The \fBdata\fR field is provided in binary (wire RDATA) form, not the hexadecimal +ASCII presentation form, with an explicit length passed via \fBdlen\fR. The library takes a copy of the \fBdata\fR buffer contents and the caller may free the original \fBdata\fR buffer when convenient. -A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with invalid or +A return value of 0 indicates that "unusable" TLSA records (with invalid or unsupported parameters) were provided. A negative return value indicates an internal error in processing the record. .PP @@ -223,109 +148,109 @@ call and take appropriate action if none are usable or an internal error is encountered in processing some records. .PP -If no \s-1TLSA\s0 records are added successfully, \s-1DANE\s0 authentication is not enabled, -and authentication will be based on any configured traditional trust-anchors; +If no TLSA records are added successfully, DANE authentication is not enabled, +and authentication will be based on any configured traditional trust\-anchors; authentication success in this case does not mean that the peer was -DANE-authenticated. +DANE\-authenticated. .PP \&\fBSSL_get0_dane_authority()\fR can be used to get more detailed information about -the matched \s-1DANE\s0 trust-anchor after successful connection completion. -The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), -0 if an \s-1EE TLSA\s0 record directly matched the leaf certificate, or a positive -number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. +the matched DANE trust\-anchor after successful connection completion. +The return value is negative if DANE verification failed (or was not enabled), +0 if an EE TLSA record directly matched the leaf certificate, or a positive +number indicating the depth at which a TA record matched an issuer certificate. The complete verified chain can be retrieved via \fBSSL_get0_verified_chain\fR\|(3). The return value is an index into this verified chain, rather than the list of certificates sent by the peer as returned by \fBSSL_get_peer_cert_chain\fR\|(3). .PP -If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain +If the \fBmcert\fR argument is not \fBNULL\fR and a TLSA record matched a chain certificate, a pointer to the matching certificate is returned via \fBmcert\fR. -The returned address is a short-term internal reference to the certificate and +The returned address is a short\-term internal reference to the certificate and must not be freed by the application. Applications that want to retain access to the certificate can call -\&\fBX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via +\&\fBX509_up_ref\fR\|(3) to obtain a long\-term reference which must then be freed via \&\fBX509_free\fR\|(3) once no longer needed. .PP -If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but -a \s-1\fBDANE\-TA\s0\fR\|(2) \s-1\fBSPKI\s0\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an +If no TLSA records directly matched any elements of the certificate chain, but +a \fBDANE\-TA\fR\|(2) \fBSPKI\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an element of the chain, then that key is returned via \fBmspki\fR argument (if not -\&\s-1NULL\s0). -In this case the return value is the depth of the top-most element of the +NULL). +In this case the return value is the depth of the top\-most element of the validated certificate chain. -As with \fBmcert\fR this is a short-term internal reference, and +As with \fBmcert\fR this is a short\-term internal reference, and \&\fBEVP_PKEY_up_ref\fR\|(3) and \fBEVP_PKEY_free\fR\|(3) can be used to acquire and -release long-term references respectively. +release long\-term references respectively. .PP -\&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that +\&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the TLSA record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with \&\fBSSL_get0_dane_authority()\fR. When the return value is nonnegative, the storage pointed to by the \fBusage\fR, \&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding -\&\s-1TLSA\s0 record fields. -The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, +TLSA record fields. +The \fBdata\fR field is in binary wire form, and is therefore not NUL\-terminated, its length is returned via the \fBdlen\fR parameter. -If any of these parameters is \s-1NULL,\s0 the corresponding field is not returned. -The \fBdata\fR parameter is set to a short-term internal-copy of the associated +If any of these parameters is NULL, the corresponding field is not returned. +The \fBdata\fR parameter is set to a short\-term internal\-copy of the associated data field and must not be freed by the application. -Applications that need long-term access to this field need to copy the content. +Applications that need long\-term access to this field need to copy the content. .PP \&\fBSSL_CTX_dane_set_flags()\fR and \fBSSL_dane_set_flags()\fR can be used to enable -optional \s-1DANE\s0 verification features. +optional DANE verification features. \&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable the same features. -The \fBflags\fR argument is a bit-mask of the features to enable or disable. -The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle +The \fBflags\fR argument is a bit\-mask of the features to enable or disable. +The \fBflags\fR set for an \fBSSL_CTX\fR context are copied to each \fBSSL\fR handle associated with that context at the time the handle is created. -Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set +Subsequent changes in the context\*(Aqs \fBflags\fR have no effect on the \fBflags\fR set for the handle. .PP -At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR +At present, the only available option is \fBDANE_FLAG_NO_DANE_EE_NAMECHECKS\fR which can be used to disable server name checks when authenticating via -\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. +\&\fBDANE\-EE\fR\|(3) TLSA records. For some applications, primarily web browsers, it is not safe to disable name -checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +checks due to "unknown key share" attacks, in which a malicious server can convince a client that a connection to a victim server is instead a secure connection to the malicious server. -The malicious server may then be able to violate cross-origin scripting +The malicious server may then be able to violate cross\-origin scripting restrictions. -Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for -\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +Thus, despite the text of RFC7671, name checks are by default enabled for +\&\fBDANE\-EE\fR\|(3) TLSA records, and can be disabled in applications where it is safe to do so. -In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +In particular, SMTP and XMPP clients should set this option as SRV and MX records already make it possible for a remote domain to redirect client -connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +connections to any server of its choice, and in any case SMTP and XMPP clients do not execute scripts downloaded from remote servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions \fBSSL_CTX_dane_enable()\fR, \fBSSL_CTX_dane_mtype_set()\fR, \&\fBSSL_dane_enable()\fR and \fBSSL_dane_tlsa_add()\fR return a positive value on success. Negative return values indicate resource problems (out of memory, etc.) in the -\&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid -input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or +SSL library, while a return value of \fB0\fR indicates incorrect usage or invalid +input, such as an unsupported TLSA record certificate usage, selector or matching type. Invalid input also includes malformed data, either a digest length that does -not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN.1 DER\s0 form) +not match the digest algorithm, or a \f(CWFull(0)\fR (binary ASN.1 DER form) certificate or a public key that fails to parse. .PP The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a -negative value when \s-1DANE\s0 authentication failed or was not enabled, a -nonnegative value indicates the chain depth at which the \s-1TLSA\s0 record matched a -chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 +negative value when DANE authentication failed or was not enabled, a +nonnegative value indicates the chain depth at which the TLSA record matched a +chain certificate, or the depth of the top\-most certificate, when the TLSA record is a full public key that is its signer. .PP The functions \fBSSL_CTX_dane_set_flags()\fR, \fBSSL_CTX_dane_clear_flags()\fR, \&\fBSSL_dane_set_flags()\fR and \fBSSL_dane_clear_flags()\fR return the \fBflags\fR in effect before they were called. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R", and has -DNSSEC-validated \s-1TLSA\s0 records. -The calls below will perform \s-1DANE\s0 authentication and arrange to match either -the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. +Suppose "smtp.example.com" is the MX host of the domain "example.com", and has +DNSSEC\-validated TLSA records. +The calls below will perform DANE authentication and arrange to match either +the MX hostname or the destination domain name in the SMTP server certificate. Wildcards are supported, but must match the entire label. The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond -the lifetime of the \s-1SSL\s0 connection. +the lifetime of the SSL connection. .PP .Vb 7 \& SSL_CTX *ctx; @@ -460,27 +385,27 @@ \& */ \& } .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -It is expected that the majority of clients employing \s-1DANE TLS\s0 will be doing -\&\*(L"opportunistic \s-1DANE TLS\*(R"\s0 in the sense of \s-1RFC7672\s0 and \s-1RFC7435.\s0 -That is, they will use \s-1DANE\s0 authentication when DNSSEC-validated \s-1TLSA\s0 records -are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s0 or +It is expected that the majority of clients employing DANE TLS will be doing +"opportunistic DANE TLS" in the sense of RFC7672 and RFC7435. +That is, they will use DANE authentication when DNSSEC\-validated TLSA records +are published for a given peer, and otherwise will use unauthenticated TLS or even cleartext. .PP -Such applications should generally treat any \s-1TLSA\s0 records published by the peer -with usages \s-1\fBPKIX\-TA\s0\fR\|(0) and \s-1\fBPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include -them among the \s-1TLSA\s0 records used to authenticate peer connections. -In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a +Such applications should generally treat any TLSA records published by the peer +with usages \fBPKIX\-TA\fR\|(0) and \fBPKIX\-EE\fR\|(1) as "unusable", and should not include +them among the TLSA records used to authenticate peer connections. +In addition, some TLSA records with supported usages may be "unusable" as a result of invalid or unsupported parameters. .PP -When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportunistic +When a peer has TLSA records, but none are "usable", an opportunistic application must avoid cleartext, but cannot authenticate the peer, and so should generally proceed with an unauthenticated connection. Opportunistic applications need to note the return value of each call to \fBSSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid or unsupported parameters) disable peer authentication by calling -\&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. +\&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fBSSL_VERIFY_NONE\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), @@ -501,14 +426,14 @@ \&\fBEVP_get_digestbyname\fR\|(3), \&\fBEVP_PKEY_up_ref\fR\|(3), \&\fBEVP_PKEY_free\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,89 +53,30 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_FLUSH_SESSIONS 3ossl" -.TH SSL_CTX_FLUSH_SESSIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_FLUSH_SESSIONS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_flush_sessions \- remove expired sessions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of \&\fBctx\fR to remove sessions expired at time \fBtm\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" If enabled, the internal session cache will collect all sessions established up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR). @@ -178,11 +103,11 @@ \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_CTX_set_timeout\fR\|(3), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_free.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_free.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,102 +53,43 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_FREE 3ossl" -.TH SSL_CTX_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_FREE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_free \- free an allocated SSL_CTX object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_free(SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the -\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. +SSL_CTX object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. .PP It also calls the \fBfree()\fRing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. .PP -If \fBctx\fR is \s-1NULL\s0 nothing is done. -.SH "WARNINGS" +If \fBctx\fR is NULL nothing is done. +.SH WARNINGS .IX Header "WARNINGS" -If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this -callback will be called for each session being freed from \fBctx\fR's +If a session\-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this +callback will be called for each session being freed from \fBctx\fR\*(Aqs session cache. This implies, that all corresponding sessions from an external session cache are removed as well. If this is not desired, the user should explicitly unset the callback by calling -SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR. +SSL_CTX_sess_set_remove_cb(\fBctx\fR, NULL) prior to calling \fBSSL_CTX_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_free()\fR does not provide diagnostic information. @@ -172,11 +97,11 @@ .IX Header "SEE ALSO" \&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(7), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_GET0_PARAM 3ossl" -.TH SSL_CTX_GET0_PARAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_GET0_PARAM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param, SSL_CTX_set_purpose, SSL_CTX_set_trust, SSL_set_purpose, SSL_set_trust \- get and set verification parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,7 +83,7 @@ \& int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); \& int SSL_set_trust(SSL *ssl, int trust); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned @@ -174,9 +99,9 @@ The functions \fBSSL_CTX_set_trust()\fR and \fBSSL_set_trust()\fR are similarly shorthands which set the trust parameter on the verification parameters object. These functions are equivalent to calling \fBX509_VERIFY_PARAM_set_trust()\fR directly. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure +Typically parameters are retrieved from an \fBSSL_CTX\fR or \fBSSL\fR structure using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies them to suit its needs: for example to add a hostname check. .SH "RETURN VALUES" @@ -187,9 +112,9 @@ \&\fBSSL_CTX_set1_param()\fR, \fBSSL_set1_param()\fR, \fBSSL_CTX_set_purpose()\fR, \&\fBSSL_set_purpose()\fR, \fBSSL_CTX_set_trust()\fR and \fBSSL_set_trust()\fR return 1 for success and 0 for failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: +Check hostname matches "www.foo.com" in peer certificate: .PP .Vb 2 \& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); @@ -199,14 +124,14 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_GET_VERIFY_MODE 3ossl" -.TH SSL_CTX_GET_VERIFY_MODE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_GET_VERIFY_MODE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); \& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in \&\fBctx\fR. @@ -170,22 +95,22 @@ .PP \&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification callback currently set in \fBctx\fR. If no callback was explicitly set, the -\&\s-1NULL\s0 pointer is returned and the default callback will be used. +NULL pointer is returned and the default callback will be used. .PP \&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification callback currently set in \fBssl\fR. If no callback was explicitly set, the -\&\s-1NULL\s0 pointer is returned and the default callback will be used. +NULL pointer is returned and the default callback will be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -See \s-1DESCRIPTION\s0 +See DESCRIPTION .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3ossl" -.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular client extension type -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a client extension of type \fBext_type\fR using \fBSSL_CTX_add_client_custom_ext()\fR. @@ -159,11 +84,11 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_add_client_custom_ext\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3ossl" -.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_load_verify_dir, SSL_CTX_load_verify_file, SSL_CTX_load_verify_store, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file, SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations \&\- set default locations for trusted CA certificates -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,27 +87,27 @@ \& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, \& const char *CApath); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_load_verify_locations()\fR, \fBSSL_CTX_load_verify_dir()\fR, \&\fBSSL_CTX_load_verify_file()\fR, \fBSSL_CTX_load_verify_store()\fR specifies the -locations for \fBctx\fR, at which \s-1CA\s0 certificates for verification purposes +locations for \fBctx\fR, at which CA certificates for verification purposes are located. The certificates available via \fBCAfile\fR, \fBCApath\fR and \&\fBCAstore\fR are trusted. .PP Details of the certificate verification and chain checking process are -described in \*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). +described in "Certification Path Validation" in \fBopenssl\-verification\-options\fR\|(1). .PP \&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from -which \s-1CA\s0 certificates are loaded should be used. There is one default directory, +which CA certificates are loaded should be used. There is one default directory, one default file and one default store. -The default \s-1CA\s0 certificates directory is called \fIcerts\fR in the default OpenSSL +The default CA certificates directory is called \fIcerts\fR in the default OpenSSL directory, and this is also the default store. -Alternatively the \fB\s-1SSL_CERT_DIR\s0\fR environment variable can be defined to +Alternatively the \fBSSL_CERT_DIR\fR environment variable can be defined to override this location. -The default \s-1CA\s0 certificates file is called \fIcert.pem\fR in the default +The default CA certificates file is called \fIcert.pem\fR in the default OpenSSL directory. -Alternatively the \fB\s-1SSL_CERT_FILE\s0\fR environment variable can be defined to +Alternatively the \fBSSL_CERT_FILE\fR environment variable can be defined to override this location. .PP \&\fBSSL_CTX_set_default_verify_dir()\fR is similar to @@ -196,10 +121,10 @@ \&\fBSSL_CTX_set_default_verify_store()\fR is similar to \&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default store is used. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 -format. The file can contain several \s-1CA\s0 certificates identified by +If \fBCAfile\fR is not NULL, it points to a file of CA certificates in PEM +format. The file can contain several CA certificates identified by .PP .Vb 3 \& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- @@ -213,10 +138,10 @@ The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR function. .PP -If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates -in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are -looked up by the \s-1CA\s0 subject name hash value, which must hence be available. -If more than one \s-1CA\s0 certificate with the same name hash value exist, the +If \fBCApath\fR is not NULL, it points to a directory containing CA certificates +in PEM format. The files each contain one CA certificate. The files are +looked up by the CA subject name hash value, which must hence be available. +If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. @@ -226,15 +151,15 @@ building the certificate chain or when actually performing the verification of a peer certificate. .PP -When looking up \s-1CA\s0 certificates for chain building, the OpenSSL library +When looking up CA certificates for chain building, the OpenSSL library will search for suitable certificates first in \fBCAfile\fR, then in \fBCApath\fR. Details of the chain building process are described in -\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1). +"Certification Path Building" in \fBopenssl\-verification\-options\fR\|(1). .PP -If \fBCAstore\fR is not \s-1NULL,\s0 it's a \s-1URI\s0 for to a store, which may +If \fBCAstore\fR is not NULL, it\*(Aqs a URI for to a store, which may represent a single container or a whole catalogue of containers. Apart from the \fBCAstore\fR not necessarily being a local file or -directory, it's generally treated the same way as a \fBCApath\fR. +directory, it\*(Aqs generally treated the same way as a \fBCApath\fR. .PP In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list @@ -248,31 +173,31 @@ certificate chain was not explicitly specified (see \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), \&\fBSSL_CTX_use_certificate\fR\|(3). -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" -If several \s-1CA\s0 certificates matching the name, key identifier, and serial +If several CA certificates matching the name, key identifier, and serial number condition are available, only the first one will be examined. This -may lead to unexpected results if the same \s-1CA\s0 certificate is available -with different expiration dates. If a \*(L"certificate expired\*(R" verification +may lead to unexpected results if the same CA certificate is available +with different expiration dates. If a "certificate expired" verification error occurs, no other certificate will be searched. Make sure to not have expired certificates mixed with valid ones. .SH "RETURN VALUES" .IX Header "RETURN VALUES" For SSL_CTX_load_verify_locations the following return values can occur: -.IP "0" 4 -The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the +.IP 0 4 +The operation failed because \fBCAfile\fR and \fBCApath\fR are NULL or the processing at one of the locations specified failed. Check the error stack to find out the reason. -.IP "1" 4 +.IP 1 4 .IX Item "1" The operation succeeded. .PP \&\fBSSL_CTX_set_default_verify_paths()\fR, \fBSSL_CTX_set_default_verify_dir()\fR and \&\fBSSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A missing default location is still treated as a success. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates +Generate a CA certificate file with descriptive text from the CA certificates ca1.pem ca2.pem ca3.pem: .PP .Vb 5 @@ -283,7 +208,7 @@ \& done .Ve .PP -Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates +Prepare the directory /some/where/certs containing several CA certificates for use as \fBCApath\fR: .PP .Vb 2 @@ -299,11 +224,11 @@ \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), \&\fBSSL_CTX_set_cert_store\fR\|(3), \&\fBSSL_CTX_set_client_CA_list\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_NEW 3ossl" -.TH SSL_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, @@ -150,7 +75,7 @@ DTLSv1_2_client_method \&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -208,56 +133,58 @@ \& const SSL_METHOD *DTLSv1_2_client_method(void); \& #endif .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_new_ex()\fR creates a new \fB\s-1SSL_CTX\s0\fR object, which holds various -configuration and data relevant to \s-1SSL/TLS\s0 or \s-1DTLS\s0 session establishment. -These are later inherited by the \fB\s-1SSL\s0\fR object representing an active session. +\&\fBSSL_CTX_new_ex()\fR creates a new \fBSSL_CTX\fR object, which holds various +configuration and data relevant to SSL/TLS or DTLS session establishment. +These are later inherited by the \fBSSL\fR object representing an active session. The \fImethod\fR parameter specifies whether the context will be used for the -client or server side or both \- for details see the \*(L"\s-1NOTES\*(R"\s0 below. -The library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) is used to provide the +client or server side or both \- for details see the "NOTES" below. +The library context \fIlibctx\fR (see \fBOSSL_LIB_CTX\fR\|(3)) is used to provide the cryptographic algorithms needed for the session. Any cryptographic algorithms -that are used by any \fB\s-1SSL\s0\fR objects created from this \fB\s-1SSL_CTX\s0\fR will be fetched +that are used by any \fBSSL\fR objects created from this \fBSSL_CTX\fR will be fetched from the \fIlibctx\fR using the property query string \fIpropq\fR (see -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7). Either or both the \fIlibctx\fR or \fIpropq\fR -parameters may be \s-1NULL.\s0 +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7). Either or both the \fIlibctx\fR or \fIpropq\fR +parameters may be NULL. .PP \&\fBSSL_CTX_new()\fR does the same as \fBSSL_CTX_new_ex()\fR except that the default library context is used and no property query string is specified. .PP -An \fB\s-1SSL_CTX\s0\fR object is reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the -first time increments the reference count. Freeing the \fB\s-1SSL_CTX\s0\fR (using +An \fBSSL_CTX\fR object is reference counted. Creating an \fBSSL_CTX\fR object for the +first time increments the reference count. Freeing the \fBSSL_CTX\fR (using SSL_CTX_free) decrements it. When the reference count drops to zero, any memory -or resources allocated to the \fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR -increments the reference count for an existing \fB\s-1SSL_CTX\s0\fR structure. +or resources allocated to the \fBSSL_CTX\fR object are freed. \fBSSL_CTX_up_ref()\fR +increments the reference count for an existing \fBSSL_CTX\fR structure. .PP -An \fB\s-1SSL_CTX\s0\fR object should not be changed after it is used to create any \fB\s-1SSL\s0\fR +An \fBSSL_CTX\fR object should not be changed after it is used to create any \fBSSL\fR objects or from multiple threads concurrently, since the implementation does not provide serialization of access for these cases. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" On session establishment, by default, no peer credentials verification is done. This must be explicitly requested, typically using \fBSSL_CTX_set_verify\fR\|(3). For verifying peer certificates many options can be set using various functions such as \fBSSL_CTX_load_verify_locations\fR\|(3) and \fBSSL_CTX_set1_param\fR\|(3). -The \fBX509_VERIFY_PARAM_set_purpose\fR\|(3) function can be used, also in conjunction -with \fBSSL_CTX_get0_param\fR\|(3), to set the intended purpose of the session. -The default is \fBX509_PURPOSE_SSL_SERVER\fR on the client side +.PP +The SSL/(D)TLS implementation uses the \fBX509_STORE_CTX_set_default\fR\|(3) +function to prepare checks for \fBX509_PURPOSE_SSL_SERVER\fR on the client side and \fBX509_PURPOSE_SSL_CLIENT\fR on the server side. +The \fBX509_VERIFY_PARAM_set_purpose\fR\|(3) function can be used, also in conjunction +with \fBSSL_CTX_get0_param\fR\|(3), to override the default purpose of the session. .PP -The \s-1SSL_CTX\s0 object uses \fImethod\fR as the connection method. +The SSL_CTX object uses \fImethod\fR as the connection method. Three method variants are available: a generic method (for either client or -server use), a server-only method, and a client-only method. +server use), a server\-only method, and a client\-only method. .PP The \fImethod\fR parameter of \fBSSL_CTX_new_ex()\fR and \fBSSL_CTX_new()\fR can be one of the following: .IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 .IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" -These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. +These are the general\-purpose \fIversion\-flexible\fR SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. -Applications should use these methods, and avoid the version-specific +Applications should use these methods, and avoid the version\-specific methods described below, which are deprecated. .IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 .IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" @@ -269,42 +196,42 @@ is deprecated and new code should call the new functions instead. .IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 .IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the +A TLS/SSL connection established with these methods will only understand the TLSv1.2 protocol. These methods are deprecated. .IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 .IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the +A TLS/SSL connection established with these methods will only understand the TLSv1.1 protocol. These methods are deprecated. .IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 .IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the +A TLS/SSL connection established with these methods will only understand the TLSv1 protocol. These methods are deprecated. .IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 .IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the +A TLS/SSL connection established with these methods will only understand the SSLv3 protocol. The SSLv3 protocol is deprecated and should not be used. .IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 .IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" -These are the version-flexible \s-1DTLS\s0 methods. -Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0 +These are the version\-flexible DTLS methods. +Currently supported protocols are DTLS 1.0 and DTLS 1.2. .IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 .IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" -These are the version-specific methods for DTLSv1.2. +These are the version\-specific methods for DTLSv1.2. These methods are deprecated. .IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 .IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" -These are the version-specific methods for DTLSv1. +These are the version\-specific methods for DTLSv1. These methods are deprecated. .PP \&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to their default values. .PP \&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR, -\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR +\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion\-flexible\fR methods. All other methods only support one specific protocol version. -Use the \fIversion-flexible\fR methods instead of the version specific methods. +Use the \fIversion\-flexible\fR methods instead of the version specific methods. .PP If you want to limit the supported protocols for the version flexible methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3), @@ -312,14 +239,14 @@ \&\fBSSL_set_max_proto_version\fR\|(3) functions. Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR and be able to negotiate with all possible clients, but to only -allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0 +allow newer protocols like TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3. .PP The list of protocols available can also be limited using the \&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, \&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR options of the \&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach -is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of +is not recommended. Clients should avoid creating "holes" in the set of protocols they support. When disabling a protocol, make sure that you also disable either all previous or all subsequent protocol versions. In clients, when a protocol version is disabled without disabling \fIall\fR @@ -328,26 +255,26 @@ .PP The SSLv3 protocol is deprecated and should generally not be used. Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set -the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. +the minimum protocol to at least \fBTLS1_VERSION\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "\s-1NULL\s0" 4 +.IP NULL 4 .IX Item "NULL" -The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out +The creation of a new SSL_CTX object failed. Check the error stack to find out the reason. -.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IP "Pointer to an SSL_CTX object" 4 .IX Item "Pointer to an SSL_CTX object" -The return value points to an allocated \s-1SSL_CTX\s0 object. +The return value points to an allocated SSL_CTX object. .Sp \&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBX509_STORE_CTX_set_default\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3), \fBSSL_CTX_set1_param\fR\|(3), \fBSSL_CTX_get0_param\fR\|(3), \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" Support for SSLv2 and the corresponding \fBSSLv2_method()\fR, \&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where @@ -357,14 +284,14 @@ were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR functions were added in OpenSSL 1.1.0. .PP -All version-specific methods were deprecated in OpenSSL 1.1.0. +All version\-specific methods were deprecated in OpenSSL 1.1.0. .PP \&\fBSSL_CTX_new_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_NUMBER 3ossl" -.TH SSL_CTX_SESS_NUMBER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SESS_NUMBER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,25 +83,25 @@ \& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); \& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal session cache. .PP -\&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +\&\fBSSL_CTX_sess_connect()\fR returns the number of started SSL/TLS handshakes in client mode. .PP \&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established -\&\s-1SSL/TLS\s0 sessions in client mode. +SSL/TLS sessions in client mode. .PP \&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations in client mode. .PP -\&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +\&\fBSSL_CTX_sess_accept()\fR returns the number of started SSL/TLS handshakes in server mode. .PP \&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established -\&\s-1SSL/TLS\s0 sessions in server mode. +SSL/TLS sessions in server mode. .PP \&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations in server mode. @@ -201,17 +126,17 @@ because the maximum session cache size was exceeded. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The functions return the values indicated in the \s-1DESCRIPTION\s0 section. +The functions return the values indicated in the DESCRIPTION section. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) \&\fBSSL_CTX_sess_set_cache_size\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3ossl" -.TH SSL_CTX_SESS_SET_CACHE_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,16 +73,16 @@ \& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); \& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache of context \fBctx\fR to \fBt\fR. This value is a hint and not an absolute; see the notes below. .PP \&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 +The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT, currently 1024*20, so that up to 20000 sessions can be held. This size can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special case is the size 0, which is used for unlimited size. @@ -183,11 +108,11 @@ \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_CTX_sess_number\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_GET_CB 3ossl" -.TH SSL_CTX_SESS_SET_GET_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SESS_SET_GET_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,27 +88,27 @@ \& const unsigned char *data, \& int len, int *copy); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function that is called whenever a new session was negotiated. .PP \&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function that is -called whenever a session is removed by the \s-1SSL\s0 engine. For example, +called whenever a session is removed by the SSL engine. For example, this can occur because a session is considered faulty or has become obsolete because of exceeding the timeout value. .PP \&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function that is called -whenever a \s-1TLS\s0 client proposed to resume a session but the session +whenever a TLS client proposed to resume a session but the session could not be found in the internal session cache (see \&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). -(\s-1TLS\s0 server only.) +(TLS server only.) .PP \&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and \&\fBSSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the corresponding set callback functions. If a callback function has not been -set, the \s-1NULL\s0 pointer is returned. -.SH "NOTES" +set, the NULL pointer is returned. +.SH NOTES .IX Header "NOTES" In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback @@ -194,12 +119,12 @@ session caching is enabled (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). The \&\fBnew_session_cb()\fR is passed the \fBssl\fR connection and the nascent ssl session \fBsess\fR. -Since sessions are reference-counted objects, the reference count on the +Since sessions are reference\-counted objects, the reference count on the session is incremented before the callback, on behalf of the application. If the callback returns \fB0\fR, the session will be immediately removed from the internal cache and the reference count released. If the callback returns \fB1\fR, the application retains the reference (for an entry in the -application-maintained \*(L"external session cache\*(R"), and is responsible for +application\-maintained "external session cache"), and is responsible for calling \fBSSL_SESSION_free()\fR when the session reference is no longer in use. .PP Note that in TLSv1.3, sessions are established after the main @@ -211,24 +136,24 @@ be established with a single connection. In these case the \fBnew_session_cb()\fR function will be invoked multiple times. .PP -In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +In TLSv1.3 it is recommended that each SSL_SESSION object is only used for resumption once. One way of enforcing that is for applications to call \&\fBSSL_CTX_remove_session\fR\|(3) after a session has been used. .PP -The \fBremove_session_cb()\fR is called whenever the \s-1SSL\s0 engine removes a session +The \fBremove_session_cb()\fR is called whenever the SSL engine removes a session from the internal cache. This can happen when the session is removed because it is expired or when a connection was not shutdown cleanly. It also happens for all sessions in the internal session cache when \&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. .PP -The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers, and is given +The \fBget_session_cb()\fR is only called on SSL/TLS servers, and is given the session id proposed by the client. The \fBget_session_cb()\fR is always called, even when session caching was disabled. The \fBget_session_cb()\fR is passed the \&\fBssl\fR connection and the session id of length \fBlength\fR at the memory location \&\fBdata\fR. By setting the parameter \fBcopy\fR to \fB1\fR, the callback can require the -\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object; +SSL engine to increment the reference count of the SSL_SESSION object; setting \fBcopy\fR to \fB0\fR causes the reference count to remain unchanged. If the \fBget_session_cb()\fR does not write to \fBcopy\fR, the reference count is incremented and the session must be explicitly freed with @@ -244,11 +169,11 @@ \&\fBSSL_CTX_flush_sessions\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3), \&\fBSSL_CTX_free\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,110 +53,51 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SESSIONS 3ossl" -.TH SSL_CTX_SESSIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SESSIONS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_sessions \- access internal session cache -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the internal session cache for \fBctx\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The sessions in the internal session cache are kept in an -\&\s-1\fBLHASH\s0\fR\|(3) type database. It is possible to directly +\&\fBLHASH\fR\|(3) type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the -\&\s-1\fBLHASH\s0\fR\|(3) operations, so that the database must not be +\&\fBLHASH\fR\|(3) operations, so that the database must not be modified directly but by using the \&\fBSSL_CTX_add_session\fR\|(3) family of functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fBSSL_SESSION\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \s-1\fBLHASH\s0\fR\|(3), +\&\fBssl\fR\|(7), \fBLHASH\fR\|(3), \&\fBSSL_CTX_add_session\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET0_CA_LIST 3ossl" -.TH SSL_CTX_SET0_CA_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET0_CA_LIST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, @@ -153,7 +78,7 @@ SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \&\- get or set CA list -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -174,29 +99,29 @@ \& \& const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The functions described here set and manage the list of \s-1CA\s0 names that are sent +The functions described here set and manage the list of CA names that are sent between two communicating peers. .PP -For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the -server to the client when requesting a client certificate. So any list of \s-1CA\s0 -names set is never sent from client to server and the list of \s-1CA\s0 names retrieved -by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +For TLS versions 1.2 and earlier the list of CA names is only sent from the +server to the client when requesting a client certificate. So any list of CA +names set is never sent from client to server and the list of CA names retrieved +by \fBSSL_get0_peer_CA_list()\fR is always \fBNULL\fR. .PP -For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR +For TLS 1.3 the list of CA names is sent using the \fBcertificate_authorities\fR extension and may be sent by a client (in the ClientHello message) or by a server (when requesting a certificate). .PP -In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list -of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the +In most cases it is not necessary to set CA names on the client side. The list +of CA names that are acceptable to the client will be sent in plaintext to the server. This has privacy implications and may also have performance implications if the list is large. This optional capability was introduced as part of TLSv1.3 -and therefore setting \s-1CA\s0 names on the client side will have no impact if that +and therefore setting CA names on the client side will have no impact if that protocol version has been disabled. Most servers do not need this and so this should be avoided unless required. .PP -The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the +The "client CA list" functions below only have an effect when called on the server side. .PP \&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when @@ -205,7 +130,7 @@ .PP \&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the -setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred +setting valid for \fBssl\fR\*(Aqs SSL_CTX object. Ownership of \fBlist\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP \&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for @@ -213,31 +138,31 @@ by the caller. .PP \&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly -set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR\*(Aqs SSL_CTX object with \&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. The returned list should not be freed by the caller. .PP -\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +\&\fBSSL_CTX_add_client_CA()\fR adds the CA name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for \&\fBctx\fR. .PP -\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +\&\fBSSL_add_client_CA()\fR adds the CA name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for -the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR\*(Aqs SSL_CTX object. .PP -\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of CA names (if any) the peer has sent. This can be called on either the server or the client side. The returned list should not be freed by the caller. .PP -The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 -list\*(R" functions except that they have an effect on both the server and client -sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) -set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the -\&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been -used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. -Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in -preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on +The "generic CA list" functions below are very similar to the "client CA +list" functions except that they have an effect on both the server and client +sides. The lists of CA names managed are separate \- so you cannot (for example) +set CA names using the "client CA list" functions and then get them using the +"generic CA list" functions. Where a mix of the two types of functions has been +used on the server side then the "client CA list" functions take precedence. +Typically, on the server side, the "client CA list " functions should be used in +preference. As noted above in most cases it is not necessary to set CA names on the client side. .PP \&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to @@ -245,26 +170,26 @@ it should not be freed by the caller. .PP \&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR -overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of +overriding any list set in the parent \fBSSL_CTX\fR of \fBs\fR. Ownership of \&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP \&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for \&\fBctx\fR. The returned list should not be freed by the caller. .PP \&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for -\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The +\&\fBs\fR or if none are set the list from the parent \fBSSL_CTX\fR is retrieved. The returned list should not be freed by the caller. .PP -\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +\&\fBSSL_CTX_add1_to_CA_list()\fR appends the CA subject name extracted from \fBx\fR to the list of CAs sent to peer for \fBctx\fR. .PP -\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +\&\fBSSL_add1_to_CA_list()\fR appends the CA subject name extracted from \fBx\fR to the list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent -\&\fB\s-1SSL_CTX\s0\fR. -.SH "NOTES" +\&\fBSSL_CTX\fR. +.SH NOTES .IX Header "NOTES" -When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +When a TLS/SSL server requests a client certificate (see +\&\fBSSL_CTX_set_verify\|(3)\fR), it sends a list of CAs, for which it will accept certificates, to the client. .PP This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or @@ -282,7 +207,7 @@ \&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no list was specified before using \fBSSL_CTX_set_client_CA_list()\fR, \&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a -new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +new CA list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, @@ -290,15 +215,15 @@ and \fBSSL_set0_CA_list()\fR do not return a value. .PP \&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR -and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +and \fBSSL_get0_CA_list()\fR return a stack of CA names or \fBNULL\fR is no CA names are set. .PP \&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and \&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. .PP -\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or -\&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. -.SH "EXAMPLES" +\&\fBSSL_get0_peer_CA_list()\fR returns a stack of CA names sent by the peer or +\&\fBNULL\fR or an empty stack if no list was sent. +.SH EXAMPLES .IX Header "EXAMPLES" Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: .PP @@ -310,11 +235,11 @@ \&\fBssl\fR\|(7), \&\fBSSL_load_client_CA_file\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_CURVES 3ossl" -.TH SSL_CTX_SET1_CURVES 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET1_CURVES 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve \&\- EC supported curve functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -168,74 +93,74 @@ \& int SSL_get1_curves(SSL *ssl, int *curves); \& int SSL_get_shared_curve(SSL *s, int n); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" For all of the functions below that set the supported groups there must be at least one group in the list. A number of these functions identify groups via a -unique integer \s-1NID\s0 value. However, support for some groups may be added by -external providers. In this case there will be no \s-1NID\s0 assigned for the group. -When setting such groups applications should use the \*(L"list\*(R" form of these +unique integer NID value. However, support for some groups may be added by +external providers. In this case there will be no NID assigned for the group. +When setting such groups applications should use the "list" form of these functions (i.e. \fBSSL_CTX_set1_groups_list()\fR and SSL_set1_groups_list). .PP \&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR groups in the array \fBglist\fR. The array consist of all NIDs of groups in -preference order. For a \s-1TLS\s0 client the groups are used directly in the -supported groups extension. For a \s-1TLS\s0 server the groups are used to +preference order. For a TLS client the groups are used directly in the +supported groups extension. For a TLS server the groups are used to determine the set of shared groups. Currently supported groups for \&\fBTLSv1.3\fR are \fBNID_X9_62_prime256v1\fR, \fBNID_secp384r1\fR, \fBNID_secp521r1\fR, -\&\fB\s-1NID_X25519\s0\fR, \fB\s-1NID_X448\s0\fR, \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_X25519\fR, \fBNID_X448\fR, \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, \&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR and \fBNID_ffdhe8192\fR. .PP \&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to string \fBlist\fR. The string is a colon separated list of group NIDs or -names, for example \*(L"P\-521:P\-384:P\-256:X25519:ffdhe2048\*(R". Currently supported +names, for example "P\-521:P\-384:P\-256:X25519:ffdhe2048". Currently supported groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, \fBX25519\fR, \fBX448\fR, \&\fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, \fBffdhe8192\fR. Support for other groups may be added by external providers. .PP \&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set -supported groups for the \s-1SSL\s0 structure \fBssl\fR. +supported groups for the SSL structure \fBssl\fR. .PP \&\fBSSL_get1_groups()\fR returns the set of supported groups sent by a client in the supported groups extension. It returns the total number of -supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply +supported groups. The \fBgroups\fR parameter can be \fBNULL\fR to simply return the number of groups for memory allocation purposes. The \&\fBgroups\fR array is in the form of a set of group NIDs in preference order. It can return zero if the client did not send a supported groups -extension. If a supported group \s-1NID\s0 is unknown then the value is set to the -bitwise \s-1OR\s0 of TLSEXT_nid_unknown (0x1000000) and the id of the group. +extension. If a supported group NID is unknown then the value is set to the +bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group. .PP -\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of the shared group \fBn\fR for a -server-side \s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is +\&\fBSSL_get_shared_group()\fR returns the NID of the shared group \fBn\fR for a +server\-side SSL \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared group so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, -NID_undef is returned. If the \s-1NID\s0 for the shared group is unknown then the value -is set to the bitwise \s-1OR\s0 of TLSEXT_nid_unknown (0x1000000) and the id of the +NID_undef is returned. If the NID for the shared group is unknown then the value +is set to the bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group. .PP -\&\fBSSL_get_negotiated_group()\fR returns the \s-1NID\s0 of the negotiated group used for +\&\fBSSL_get_negotiated_group()\fR returns the NID of the negotiated group used for the handshake key exchange process. For TLSv1.3 connections this typically -reflects the state of the current connection, though in the case of PSK-only +reflects the state of the current connection, though in the case of PSK\-only resumption, the returned value will be from a previous connection. For earlier -\&\s-1TLS\s0 versions, when a session has been resumed, it always reflects the group +TLS versions, when a session has been resumed, it always reflects the group used for key exchange during the initial handshake (otherwise it is from the -current, non-resumption, connection). This can be called by either client or -server. If the \s-1NID\s0 for the shared group is unknown then the value is set to the -bitwise \s-1OR\s0 of TLSEXT_nid_unknown (0x1000000) and the id of the group. +current, non\-resumption, connection). This can be called by either client or +server. If the NID for the shared group is unknown then the value is set to the +bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group. .PP All these functions are implemented as macros. .PP The curve functions are synonyms for the equivalently named group functions and -are identical in every respect. They exist because, prior to \s-1TLS1.3,\s0 there was -only the concept of supported curves. In \s-1TLS1.3\s0 this was renamed to supported +are identical in every respect. They exist because, prior to TLS1.3, there was +only the concept of supported curves. In TLS1.3 this was renamed to supported groups, and extended to include Diffie Hellman groups. The group functions should be used in preference. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should -consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. +consider using the SSL_CONF interface instead of manually parsing options. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set1_groups()\fR, \fBSSL_CTX_set1_groups_list()\fR, \fBSSL_set1_groups()\fR and @@ -243,29 +168,29 @@ .PP \&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero. .PP -\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there +\&\fBSSL_get_shared_group()\fR returns the NID of shared group \fBn\fR or NID_undef if there is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR is \-1. .PP When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and returns \-1. .PP -\&\fBSSL_get_negotiated_group()\fR returns the \s-1NID\s0 of the negotiated group used for +\&\fBSSL_get_negotiated_group()\fR returns the NID of the negotiated group used for key exchange, or NID_undef if there was no negotiated group. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The curve functions were added in OpenSSL 1.0.2. The equivalent group functions were added in OpenSSL 1.1.1. The \fBSSL_get_negotiated_group()\fR function was added in OpenSSL 3.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_SIGALGS 3ossl" -.TH SSL_CTX_SET1_SIGALGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET1_SIGALGS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list \- set supported signature algorithms -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,7 +83,7 @@ \& long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); \& long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set1_sigalgs()\fR and \fBSSL_set1_sigalgs()\fR set the supported signature algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR @@ -169,7 +94,7 @@ signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter must be a null terminated string consisting of a colon separated list of elements, where each element is either a combination of a public key -algorithm and a digest separated by \fB+\fR, or a \s-1TLS 1\s0.3\-style named +algorithm and a digest separated by \fB+\fR, or a TLS 1.3\-style named SignatureScheme such as rsa_pss_pss_sha256. .PP \&\fBSSL_CTX_set1_client_sigalgs()\fR, \fBSSL_set1_client_sigalgs()\fR, @@ -181,18 +106,18 @@ All these functions are implemented as macros. The signature algorithm parameter (integer array or string) is not freed: the application should free it, if necessary. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" If an application wishes to allow the setting of signature algorithms as one of many user configurable options it should consider using the more -flexible \s-1SSL_CONF API\s0 instead. +flexible SSL_CONF API instead. .PP The signature algorithms set by a client are used directly in the supported signature algorithm in the client hello message. .PP The supported signature algorithms set by a server are not sent to the client but are used to determine the set of shared signature algorithms -and (if server preferences are set with \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0) +and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE) their order. .PP The client authentication signature algorithms set by a server are sent @@ -204,26 +129,26 @@ algorithms. .PP Signature algorithms will neither be advertised nor used if the security level -prohibits them (for example \s-1SHA1\s0 if the security level is 4 or more). +prohibits them (for example SHA1 if the security level is 4 or more). .PP Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and NID_sha512 digest NIDs are supported and the public key algorithm NIDs -\&\s-1EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA\s0 and \s-1EVP_PKEY_EC.\s0 +EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA and EVP_PKEY_EC. .PP The short or long name values for digests can be used in a string (for -example \*(L"\s-1MD5\*(R", \*(L"SHA1\*(R", \*(L"SHA224\*(R", \*(L"SHA256\*(R", \*(L"SHA384\*(R", \*(L"SHA512\*(R"\s0) and -the public key algorithm strings \*(L"\s-1RSA\*(R",\s0 \*(L"RSA-PSS\*(R", \*(L"\s-1DSA\*(R"\s0 or \*(L"\s-1ECDSA\*(R".\s0 +example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and +the public key algorithm strings "RSA", "RSA\-PSS", "DSA" or "ECDSA". .PP -The \s-1TLS 1.3\s0 signature scheme names (such as \*(L"rsa_pss_pss_sha256\*(R") can also -be used with the \fB_list\fR forms of the \s-1API.\s0 +The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also +be used with the \fB_list\fR forms of the API. .PP -The use of \s-1MD5\s0 as a digest is strongly discouraged due to security weaknesses. +The use of MD5 as a digest is strongly discouraged due to security weaknesses. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 for failure. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA using an array: .PP .Vb 1 @@ -232,7 +157,7 @@ \& SSL_CTX_set1_sigalgs(ctx, slist, 4); .Ve .PP -Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA using a string: .PP .Vb 1 @@ -242,11 +167,11 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_shared_sigalgs\fR\|(3), \&\fBSSL_CONF_CTX_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3ossl" -.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, @@ -146,7 +71,7 @@ SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, SSL_get0_verify_cert_store, SSL_get0_chain_cert_store \- set certificate verification or chain store -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,7 +90,7 @@ \& int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st); \& int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR set the certificate store used for certificate verification to \fBst\fR. @@ -175,45 +100,45 @@ .PP \&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR, \&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar -except they apply to \s-1SSL\s0 structure \fBssl\fR. +except they apply to SSL structure \fBssl\fR. .PP \&\fBSSL_CTX_get0_verify_chain_store()\fR, \fBSSL_get0_verify_chain_store()\fR, \&\fBSSL_CTX_get0_chain_cert_store()\fR and \fBSSL_get0_chain_cert_store()\fR retrieve the -objects previously set via the above calls. A pointer to the object (or \s-1NULL\s0 if +objects previously set via the above calls. A pointer to the object (or NULL if no such object has been set) is written to \fB*st\fR. .PP All these functions are implemented as macros. Those containing a \fB1\fR increment the reference count of the supplied store so it must be freed at some point after the operation. Those containing a \fB0\fR do -not increment reference counts and the supplied store \fB\s-1MUST NOT\s0\fR be freed +not increment reference counts and the supplied store \fBMUST NOT\fR be freed after the operation. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be -affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. +The stores pointers associated with an SSL_CTX structure are copied to any SSL +structures when \fBSSL_new()\fR is called. As a result SSL structures will not be +affected if the parent SSL_CTX store pointer is set to a new value. .PP The verification store is used to verify the certificate chain sent by the -peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify -the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify +peer: that is an SSL/TLS client will use the verification store to verify +the server\*(Aqs certificate chain and a SSL/TLS server will use it to verify any client certificate chain. .PP The chain store is used to build the certificate chain. Details of the chain building and checking process are described in -\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1) and -\&\*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). +"Certification Path Building" in \fBopenssl\-verification\-options\fR\|(1) and +"Certification Path Validation" in \fBopenssl\-verification\-options\fR\|(1). .PP -If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is +If the mode \fBSSL_MODE_NO_AUTO_CHAIN\fR is set or a certificate chain is configured already (for example using the functions such as \&\fBSSL_CTX_add1_chain_cert\fR\|(3) or \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then automatic chain building is disabled. .PP -If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building +If the mode \fBSSL_MODE_NO_AUTO_CHAIN\fR is set then automatic chain building is disabled. .PP If the chain or the verification store is not set then the store associated -with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous +with the parent SSL_CTX is used instead to retain compatibility with previous versions of OpenSSL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -232,14 +157,14 @@ \&\fBSSL_add1_chain_cert\fR\|(3) \&\fBSSL_CTX_build_cert_chain\fR\|(3) \&\fBSSL_build_cert_chain\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3ossl" -.TH SSL_CTX_SET_ALPN_SELECT_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated \&\- handle application layer protocol negotiation (ALPN) -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -184,20 +109,21 @@ \& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, \& unsigned *len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to set the list of protocols available to be negotiated. The \fBprotos\fR must be in -protocol-list format, described below. The length of \fBprotos\fR is specified in -\&\fBprotos_len\fR. +protocol\-list format, described below. The length of \fBprotos\fR is specified in +\&\fBprotos_len\fR. Setting \fBprotos_len\fR to 0 clears any existing list of ALPN +protocols and no ALPN extension will be sent to the server. .PP \&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a server to select which protocol to use for the incoming connection. When \fBcb\fR -is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to +is NULL, ALPN is not used. The \fBarg\fR value is a pointer which is passed to the application callback. .PP \&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a -vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector +vector in protocol\-list format. The value of the \fBout\fR, \fBoutlen\fR vector should be set to the value of a single protocol selected from the \fBin\fR, \&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via @@ -206,53 +132,61 @@ \&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It implements the standard protocol selection. It is expected that this function is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, -\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format +\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol\-list format described below. The first item in the \fBserver\fR, \fBserver_len\fR list that matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or -\&\fBclient\fR, so it should be copied immediately. If no match is found, the first -item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This -function can also be used in the \s-1NPN\s0 callback. +\&\fBclient\fR, so it should be copied immediately. The client list must include at +least one valid (nonempty) protocol entry in the list. +.PP +The \fBSSL_select_next_proto()\fR helper function can be useful from either the ALPN +callback or the NPN callback (described below). If no match is found, the first +item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR and +\&\fBOPENSSL_NPN_NO_OVERLAP\fR is returned. This can be useful when implementing +the NPN callback. In the ALPN case, the value returned in \fBout\fR and \fBoutlen\fR +must be ignored if \fBOPENSSL_NPN_NO_OVERLAP\fR has been returned from +\&\fBSSL_select_next_proto()\fR. .PP \&\fBSSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a -client needs to select a protocol from the server's provided list, and a -user-defined pointer argument \fBarg\fR which will be passed to this callback. +client needs to select a protocol from the server\*(Aqs provided list, and a +user\-defined pointer argument \fBarg\fR which will be passed to this callback. For the callback itself, \fBout\fR must be set to point to the selected protocol (which may be within \fBin\fR). The length of the protocol name must be written into \fBoutlen\fR. The -server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The +server\*(Aqs advertised protocols are provided in \fBin\fR and \fBinlen\fR. The callback can assume that \fBin\fR is syntactically valid. The client must -select a protocol. It is fatal to the connection if this callback returns -a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer -set via \fBSSL_CTX_set_next_proto_select_cb()\fR. +select a protocol (although it may be an empty, zero length protocol). It is +fatal to the connection if this callback returns a value other than +\&\fBSSL_TLSEXT_ERR_OK\fR or if the zero length protocol is selected. The \fBarg\fR +parameter is the pointer set via \fBSSL_CTX_set_next_proto_select_cb()\fR. .PP \&\fBSSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called -when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol -Negotiation. The returned list must be in protocol-list format, described +when a TLS server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol\-list format, described below. The list is returned by setting \fBout\fR to point to it and \fBoutlen\fR to its length. This -memory will not be modified, but the \fB\s-1SSL\s0\fR does keep a -reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it +memory will not be modified, but the \fBSSL\fR does keep a +reference to it. The callback should return \fBSSL_TLSEXT_ERR_OK\fR if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello. .PP \&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR -with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR +with length \fBlen\fR. It is not NUL\-terminated. \fBdata\fR is set to NULL and \fBlen\fR is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. .PP \&\fBSSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the -client's requested protocol for this connection. If the client did not -request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and +client\*(Aqs requested protocol for this connection. If the client did not +request any protocol or NPN is not enabled, then \fBdata\fR is set to NULL and \&\fBlen\fR to 0. Note that the client can request any protocol it chooses. The value returned from this function need not be a member of the list of supported protocols provided by the callback. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The protocol-lists must be in wire-format, which is defined as a vector of -nonempty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not -included in the length. Each string is limited to 255 bytes. A byte-string -length of 0 is invalid. A truncated byte-string is invalid. The length of the +The protocol\-lists must be in wire\-format, which is defined as a vector of +nonempty, 8\-bit length\-prefixed, byte strings. The length\-prefix byte is not +included in the length. Each string is limited to 255 bytes. A byte\-string +length of 0 is invalid. A truncated byte\-string is invalid. The length of the vector is not in the vector itself, but in a separate variable. .PP Example: @@ -265,53 +199,54 @@ \& unsigned int length = sizeof(vector); .Ve .PP -The \s-1ALPN\s0 callback is executed after the servername callback; as that servername -callback may update the \s-1SSL_CTX,\s0 and subsequently, the \s-1ALPN\s0 callback. +The ALPN callback is executed after the servername callback; as that servername +callback may update the SSL_CTX, and subsequently, the ALPN callback. .PP -If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not +If there is no ALPN proposed in the ClientHello, the ALPN callback is not invoked. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and -non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. +non\-0 on failure. WARNING: these functions reverse the return value convention. .PP \&\fBSSL_select_next_proto()\fR returns one of the following: -.IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 +.IP OPENSSL_NPN_NEGOTIATED 4 .IX Item "OPENSSL_NPN_NEGOTIATED" A match was found and is returned in \fBout\fR, \fBoutlen\fR. -.IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4 +.IP OPENSSL_NPN_NO_OVERLAP 4 .IX Item "OPENSSL_NPN_NO_OVERLAP" No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in -\&\fBout\fR, \fBoutlen\fR. +\&\fBout\fR, \fBoutlen\fR (or \fBNULL\fR and 0 in the case where the first entry in +\&\fBclient\fR is invalid). .PP -The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: -.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +The ALPN select callback \fBcb\fR, must return one of the following: +.IP SSL_TLSEXT_ERR_OK 4 .IX Item "SSL_TLSEXT_ERR_OK" -\&\s-1ALPN\s0 protocol selected. -.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +ALPN protocol selected. +.IP SSL_TLSEXT_ERR_ALERT_FATAL 4 .IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" -There was no overlap between the client's supplied list and the server +There was no overlap between the client\*(Aqs supplied list and the server configuration. -.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IP SSL_TLSEXT_ERR_NOACK 4 .IX Item "SSL_TLSEXT_ERR_NOACK" -\&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for +ALPN protocol not selected, e.g., because no ALPN protocols are configured for this connection. .PP The callback set using \fBSSL_CTX_set_next_proto_select_cb()\fR should return -\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. +\&\fBSSL_TLSEXT_ERR_OK\fR if successful. Any other value is fatal to the connection. .PP The callback set using \fBSSL_CTX_set_next_protos_advertised_cb()\fR should return -\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension +\&\fBSSL_TLSEXT_ERR_OK\fR if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), \&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_CB 3ossl" -.TH SSL_CTX_SET_CERT_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_CERT_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,34 +74,34 @@ \& void *arg); \& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fIcert_cb\fR callback, \&\fIarg\fR value is pointer which is passed to the application callback. .PP -When \fIcert_cb\fR is \s-1NULL,\s0 no callback function is used. +When \fIcert_cb\fR is NULL, no callback function is used. .PP \&\fIcert_cb\fR is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect the passed \fIssl\fR structure and set or clear any appropriate certificates. If -the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have +the callback is successful it \fBMUST\fR return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. -\&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +\&\fBSSL_get_error\fR\|(3) will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of \fIcert_cb\fR. It is the job of the \&\fIcert_cb\fR to store information about the state of the last call, if required to continue. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" An application will typically call \fBSSL_use_certificate()\fR and \&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key. -It can add intermediate and optionally the root \s-1CA\s0 certificates using +It can add intermediate and optionally the root CA certificates using \&\fBSSL_add1_chain_cert()\fR. .PP It might also call \fBSSL_certs_clear()\fR to delete any certificates associated -with the \fB\s-1SSL\s0\fR object. +with the \fBSSL\fR object. .PP The certificate callback functionality supersedes the (largely broken) functionality provided by the old client certificate callback interface. @@ -185,12 +110,12 @@ .PP A more advanced callback might examine the handshake parameters and set whatever chain is appropriate. For example a legacy client supporting only -TLSv1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a -TLSv1.2 or later client which advertises support for \s-1SHA256\s0 could receive a -chain using \s-1SHA256.\s0 +TLSv1.0 might receive a certificate chain signed using SHA1 whereas a +TLSv1.2 or later client which advertises support for SHA256 could receive a +chain using SHA256. .PP Normal server sanity checks are performed on any certificates set -by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not +by the callback. So if an EC chain is set for a curve the client does not support it will \fBnot\fR be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -201,11 +126,11 @@ \&\fBSSL_add1_chain_cert\fR\|(3), \&\fBSSL_get_client_CA_list\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2014\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_STORE 3ossl" -.TH SSL_CTX_SET_CERT_STORE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_CERT_STORE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,22 +74,24 @@ \& void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); \& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently -set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. +set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. \fBSSL_CTX_set_cert_store()\fR will +take ownership of the \fBstore\fR, i.e., the call \f(CWX509_STORE_free(store)\fR is no +longer needed. .PP \&\fBSSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage -of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. +of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR\*(Aqs reference count is incremented. If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. .PP \&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate verification storage. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -In order to verify the certificates presented by the peer, trusted \s-1CA\s0 -certificates must be accessed. These \s-1CA\s0 certificates are made available +In order to verify the certificates presented by the peer, trusted CA +certificates must be accessed. These CA certificates are made available via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created. .PP @@ -183,19 +110,19 @@ This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. .PP -\&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference +\&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR\*(Aqs reference count, so it should not be used to assign an X509_STORE that is owned -by another \s-1SSL_CTX.\s0 +by another SSL_CTX. .PP To share X509_STOREs between two SSL_CTXs, use \fBSSL_CTX_get_cert_store()\fR -to get the X509_STORE from the first \s-1SSL_CTX,\s0 and then use -\&\fBSSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and +to get the X509_STORE from the first SSL_CTX, and then use +\&\fBSSL_CTX_set1_cert_store()\fR to assign to the second SSL_CTX and increment the reference count of the X509_STORE. -.SH "RESTRICTIONS" +.SH RESTRICTIONS .IX Header "RESTRICTIONS" -The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer +The X509_STORE structure used by an SSL_CTX is used for verifying peer certificates and building certificate chains, it is also shared by -every child \s-1SSL\s0 structure. Applications wanting finer control can use +every child SSL structure. Applications wanting finer control can use functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -209,11 +136,11 @@ \&\fBssl\fR\|(7), \&\fBSSL_CTX_load_verify_locations\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3ossl" -.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,38 +74,38 @@ \& int (*callback)(X509_STORE_CTX *, void *), \& void *arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for -\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +\&\fIctx\fR. SSL objects that are created from \fIctx\fR inherit the setting valid at the time when \fBSSL_new\fR\|(3) is called. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When a peer certificate has been received during a \s-1SSL/TLS\s0 handshake, +When a peer certificate has been received during a SSL/TLS handshake, a verification function is called regardless of the verification mode. If the application does not explicitly specify a verification callback function, -the built-in verification function is used. +the built\-in verification function is used. If a verification callback \fIcallback\fR is specified via \&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called instead with the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The argument \fIarg\fR is specified by the application when setting \fIcallback\fR. -By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. +By setting \fIcallback\fR to NULL, the default behaviour is restored. .PP \&\fIcallback\fR should return 1 to indicate verification success and 0 to indicate verification failure. In server mode, a return value of 0 leads to handshake failure. In client mode, the behaviour is as follows. All values, including 0, are ignored -if the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR. +if the verification mode is \fBSSL_VERIFY_NONE\fR. Otherwise, when the return value is less than or equal to 0, the handshake will fail. .PP In client mode \fIcallback\fR may also call the \fBSSL_set_retry_verify\fR\|(3) -function on the \fB\s-1SSL\s0\fR object set in the \fIx509_store_ctx\fR ex data (see +function on the \fBSSL\fR object set in the \fIx509_store_ctx\fR ex data (see \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)) and return 1. This would be typically done in case the certificate verification was not yet able to succeed. This makes the handshake suspend and return control to the -calling application with \fB\s-1SSL_ERROR_WANT_RETRY_VERIFY\s0\fR. The app can for +calling application with \fBSSL_ERROR_WANT_RETRY_VERIFY\fR. The app can for instance fetch further certificates or cert status information needed for the verification. Calling \fBSSL_connect\fR\|(3) again resumes the connection attempt by retrying the server certificate verification step. @@ -192,19 +117,24 @@ This is particularly important in case the \fIcallback\fR allows the connection to continue (by returning 1). Note that the verification status in the store context is a possibly durable -indication of the chain's validity! -This gets recorded in the \s-1SSL\s0 session (and thus also in session tickets) +indication of the chain\*(Aqs validity! +This gets recorded in the SSL session (and thus also in session tickets) and the validity of the originally presented chain is then visible on resumption, even though no chain is presented int that case. Moreover, the calling application will be informed about the detailed result of the verification procedure and may elect to base further decisions on it. .PP +\&\fIcallback\fR may call \fBX509_verify_cert\fR\|(3) to run the built\-in verification +function. This may be useful if application wishes to dynamically reconfigure +\&\fIx509_store_ctx\fR before verification, or postprocess the result. In this case, +\&\fBX509_verify_cert\fR\|(3) will set the \fBerror\fR member as described above. +.PP Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR function set using \fBSSL_CTX_set_verify\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_cert_verify_callback()\fR does not return a value. -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" Do not mix the verification callback described in this function with the \&\fBverify_callback\fR function called during the verification process. The @@ -212,10 +142,10 @@ family of functions. .PP Providing a complete verification procedure including certificate purpose -settings etc is a complex task. The built-in procedure is quite powerful +settings etc is a complex task. The built\-in procedure is quite powerful and in most cases it should be sufficient to modify its behaviour using the \fBverify_callback\fR function. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" \&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. .SH "SEE ALSO" @@ -225,11 +155,11 @@ \&\fBSSL_get_verify_result\fR\|(3), \&\fBSSL_set_retry_verify\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CIPHER_LIST 3ossl" -.TH SSL_CTX_SET_CIPHER_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_CIPHER_LIST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, @@ -146,7 +71,7 @@ OSSL_default_cipher_list, OSSL_default_ciphersuites \&\- choose list of available SSL_CIPHERs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,7 +85,7 @@ \& const char *OSSL_default_cipher_list(void); \& const char *OSSL_default_ciphersuites(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) for \fBctx\fR using the control string \fBstr\fR. The format of the string is described @@ -172,24 +97,24 @@ \&\fBssl\fR. .PP \&\fBSSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 -ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 +ciphersuites for \fBctx\fR. This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: -.IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 +.IP TLS_AES_128_GCM_SHA256 4 .IX Item "TLS_AES_128_GCM_SHA256" .PD 0 -.IP "\s-1TLS_AES_256_GCM_SHA384\s0" 4 +.IP TLS_AES_256_GCM_SHA384 4 .IX Item "TLS_AES_256_GCM_SHA384" -.IP "\s-1TLS_CHACHA20_POLY1305_SHA256\s0" 4 +.IP TLS_CHACHA20_POLY1305_SHA256 4 .IX Item "TLS_CHACHA20_POLY1305_SHA256" -.IP "\s-1TLS_AES_128_CCM_SHA256\s0" 4 +.IP TLS_AES_128_CCM_SHA256 4 .IX Item "TLS_AES_128_CCM_SHA256" -.IP "\s-1TLS_AES_128_CCM_8_SHA256\s0" 4 +.IP TLS_AES_128_CCM_8_SHA256 4 .IX Item "TLS_AES_128_CCM_8_SHA256" .PD .PP -An empty list is permissible. The default value for the this setting is: +An empty list is permissible. The default value for this setting is: .PP -\&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\*(R"\s0 +"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" .PP \&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it configures the ciphersuites for \fBssl\fR. @@ -197,7 +122,7 @@ \&\fBOSSL_default_cipher_list()\fR returns the default cipher string for TLSv1.2 (and earlier) ciphers. \fBOSSL_default_ciphersuites()\fR returns the default cipher string for TLSv1.3 ciphersuites. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR, \fBSSL_set_cipher_list()\fR, \&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR should be universally @@ -211,25 +136,25 @@ a necessary condition. On the client side, the inclusion into the list is also sufficient unless the security level excludes it. On the server side, additional restrictions apply. All ciphers have additional requirements. -\&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. +ADH ciphers don\*(Aqt need a certificate, but DH\-parameters must have been set. All other ciphers need a corresponding certificate and key. .PP -An \s-1RSA\s0 cipher can only be chosen, when an \s-1RSA\s0 certificate is available. -\&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters +An RSA cipher can only be chosen, when an RSA certificate is available. +RSA ciphers using DHE need a certificate and key and additional DH\-parameters (see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP -A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. -\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters +A DSA cipher can only be chosen, when a DSA certificate is available. +DSA ciphers always use DH key exchange and therefore need DH\-parameters (see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP When these conditions are not met for any cipher in the list (e.g. a -client only supports export \s-1RSA\s0 ciphers with an asymmetric key length -of 512 bits and the server is not configured to use temporary \s-1RSA\s0 -keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated +client only supports export RSA ciphers with an asymmetric key length +of 512 bits and the server is not configured to use temporary RSA +keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated and the handshake will fail. .PP \&\fBOSSL_default_cipher_list()\fR and \fBOSSL_default_ciphersuites()\fR replace -\&\s-1SSL_DEFAULT_CIPHER_LIST\s0 and \s-1TLS_DEFAULT_CIPHERSUITES,\s0 respectively. The +SSL_DEFAULT_CIPHER_LIST and TLS_DEFAULT_CIPHERSUITES, respectively. The cipher list defines are deprecated as of 3.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -244,14 +169,14 @@ \&\fBSSL_CTX_use_certificate\fR\|(3), \&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), \&\fBopenssl\-ciphers\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBOSSL_default_cipher_list()\fR and \fBOSSL_default_ciphersites()\fR are new in 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3ossl" -.TH SSL_CTX_SET_CLIENT_CERT_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,29 +76,29 @@ \& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, \& EVP_PKEY **pkey); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fIclient_cert_cb\fR callback, that is called when a client certificate is requested by a server and no certificate -was yet set for the \s-1SSL\s0 object. +was yet set for the SSL object. .PP -When \fIclient_cert_cb\fR is \s-1NULL,\s0 no callback function is used. +When \fIclient_cert_cb\fR is NULL, no callback function is used. .PP \&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback function. .PP \&\fIclient_cert_cb\fR is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set -using the \fIx509\fR and \fIpkey\fR arguments and \*(L"1\*(R" must be returned. The -certificate will be installed into \fIssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. -If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate +using the \fIx509\fR and \fIpkey\fR arguments and "1" must be returned. The +certificate will be installed into \fIssl\fR, see the NOTES and BUGS sections. +If no certificate should be set, "0" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the handshake function will return immediately. \fBSSL_get_error\fR\|(3) -will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was +will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of \fIclient_cert_cb\fR. It is the job of the \fIclient_cert_cb\fR to store information about the state of the last call, if required to continue. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" During a handshake (or renegotiation) a server may request a certificate from the client. A client certificate must only be sent, when the server @@ -181,7 +106,7 @@ .PP When a certificate was set using the \&\fBSSL_CTX_use_certificate\fR\|(3) family of functions, -it will be sent to the server. The \s-1TLS\s0 standard requires that only a +it will be sent to the server. The TLS standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL library. Using the callback function it is possible to implement a proper @@ -189,40 +114,40 @@ be sent. .PP If a callback function is defined and no certificate was yet defined for the -\&\s-1SSL\s0 object, the callback function will be called. +SSL object, the callback function will be called. If the callback function returns a certificate, the OpenSSL library -will try to load the private key and certificate data into the \s-1SSL\s0 +will try to load the private key and certificate data into the SSL object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions. -Thus it will permanently install the certificate and key for this \s-1SSL\s0 +Thus it will permanently install the certificate and key for this SSL object. It will not be reset by calling \fBSSL_clear\fR\|(3). If the callback returns no certificate, the OpenSSL library will not send a certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fIclient_cert_cb\fR or -\&\s-1NULL\s0 if the callback is not set. -.SH "BUGS" +NULL if the callback is not set. +.SH BUGS .IX Header "BUGS" The \fIclient_cert_cb\fR cannot return a complete certificate chain, it can only return one client certificate. If the chain only has a length of 2, -the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and +the root CA certificate may be omitted according to the TLS standard and thus a standard conforming answer can be sent to the server. For a longer chain, the client must send the complete chain (with the option -to leave out the root \s-1CA\s0 certificate). This can only be accomplished by -either adding the intermediate \s-1CA\s0 certificates into the trusted -certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add -\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding +to leave out the root CA certificate). This can only be accomplished by +either adding the intermediate CA certificates into the trusted +certificate store for the SSL_CTX object (resulting in having to add +CA certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that +function, which is only available for the SSL_CTX object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several certificates) questionable. .PP -Once the \s-1SSL\s0 object has been used in conjunction with the callback function, -the certificate will be set for the \s-1SSL\s0 object and will not be cleared +Once the SSL object has been used in conjunction with the callback function, +the certificate will be set for the SSL object and will not be cleared even when \fBSSL_clear\fR\|(3) is being called. It is therefore -mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3) +mandatory to destroy the SSL object using \fBSSL_free\fR\|(3) and create a new one to return to the previous state. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -230,11 +155,11 @@ \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), \&\fBSSL_get_client_CA_list\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3ossl" -.TH SSL_CTX_SET_CLIENT_HELLO_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext \- callback functions for early server\-side ClientHello processing -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 10 \& typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); @@ -158,7 +83,7 @@ \& int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, \& size_t *outlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically called during the early stages of ClientHello processing on the server. @@ -168,7 +93,7 @@ what alert value is to be sent in the \fBal\fR parameter. A callback may also return a negative value to suspend the handshake, and the handshake function will return immediately. \fBSSL_get_error\fR\|(3) will return -\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. +SSL_ERROR_WANT_CLIENT_HELLO_CB to indicate that the handshake was suspended. It is the job of the ClientHello callback to store information about the state of the last call if needed to continue. On the next call into the handshake function, the ClientHello callback will be called again, and, if it returns @@ -178,8 +103,8 @@ SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial differences from the normal SSLv3 format, including using three bytes per cipher suite, and not allowing extensions. Additionally, the SSLv2 format -\&'challenge' field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to -\&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, +\&\*(Aqchallenge\*(Aq field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to +SSL3_RANDOM_SIZE bytes with zeros if needed. For SSLv2 format ClientHellos, \&\fBSSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes the null compression method, since the SSLv2 format does not include a mechanism by which to negotiate compression. @@ -191,7 +116,7 @@ pointer to the octets of that field. .PP Similarly, \fBSSL_client_hello_get0_ext()\fR provides access to individual extensions -from the ClientHello on a per-extension basis. For the provided wire +from the ClientHello on a per\-extension basis. For the provided wire protocol extension type value, the extension value and length are returned in the output parameters (if present). .PP @@ -200,20 +125,23 @@ ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are both required, and on success the caller must release the storage allocated for \&\fB*out\fR using \fBOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers -holding the numerical value of the \s-1TLS\s0 extension types in the order they appear +holding the numerical value of the TLS extension types in the order they appear in the ClientHello. \fB*outlen\fR contains the number of elements in the array. In situations when the ClientHello has no extensions, the function will return -success with \fB*out\fR set to \s-1NULL\s0 and \fB*outlen\fR set to 0. -.SH "NOTES" +success with \fB*out\fR set to NULL and \fB*outlen\fR set to 0. +Note that \fBSSL_client_hello_get1_extensions_present()\fR returns only recognised +extensions; therefore, unrecognised (including GREASE) extensions will not +appear in the output. +.SH NOTES .IX Header "NOTES" The ClientHello callback provides a vast window of possibilities for application -code to affect the \s-1TLS\s0 handshake. A primary use of the callback is to +code to affect the TLS handshake. A primary use of the callback is to allow the server to examine the server name indication extension provided by the client in order to select an appropriate certificate to present, and make other configuration adjustments relevant to that server name and its configuration. Such configuration changes can include swapping out -the associated \s-1SSL_CTX\s0 pointer, modifying the server's list of permitted \s-1TLS\s0 -versions, changing the server's cipher list in response to the client's +the associated SSL_CTX pointer, modifying the server\*(Aqs list of permitted TLS +versions, changing the server\*(Aqs cipher list in response to the client\*(Aqs cipher list, etc. .PP It is also recommended that applications utilize a ClientHello callback and @@ -221,13 +149,17 @@ occurs due to the relative order of processing between things like session resumption and the historical servername callback. .PP -The SSL_client_hello_* family of functions may only be called from code executing -within a ClientHello callback. +The SSL_client_hello_* family of functions may only be called from code +executing within a ClientHello callback. +.PP +The SSL_client_hello_get0_*() functions return raw ClientHello data, whereas +\&\fBSSL_client_hello_get1_extensions_present()\fR returns only recognized extensions +(so unknown/GREASE\-extensions are not included). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The application's supplied ClientHello callback returns -\&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and -\&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. +The application\*(Aqs supplied ClientHello callback returns +SSL_CLIENT_HELLO_SUCCESS on success, SSL_CLIENT_HELLO_ERROR on failure, and +SSL_CLIENT_HELLO_RETRY to suspend processing. .PP \&\fBSSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. .PP @@ -237,7 +169,7 @@ corresponding ClientHello fields. If zero is returned, the output pointer should not be assumed to be valid. .PP -\&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and +\&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type \*(Aqtype\*(Aq is present, and 0 otherwise. .PP \&\fBSSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. @@ -245,18 +177,18 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), \&\fBSSL_bytes_to_cipher_list\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, +The SSL ClientHello callback, \fBSSL_client_hello_isv2()\fR, \&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, \&\fBSSL_client_hello_get0_ciphers()\fR, \fBSSL_client_hello_get0_compression_methods()\fR, \&\fBSSL_client_hello_get0_ext()\fR, and \fBSSL_client_hello_get1_extensions_present()\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3ossl" -.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- control Certificate Transparency policy -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -164,22 +89,22 @@ \& int SSL_ct_is_enabled(const SSL *s); \& int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed -certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all -connections that share the given \s-1SSL\s0 context, respectively. -This is accomplished by setting a built-in \s-1CT\s0 validation callback. +certificate timestamps (SCTs) either for a given SSL connection or for all +connections that share the given SSL context, respectively. +This is accomplished by setting a built\-in CT validation callback. The behaviour of the callback is determined by the \fBvalidation_mode\fR argument, -which can be either of \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR or -\&\fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR as described below. +which can be either of \fBSSL_CT_VALIDATION_PERMISSIVE\fR or +\&\fBSSL_CT_VALIDATION_STRICT\fR as described below. .PP -If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR, then in a full -\&\s-1TLS\s0 handshake with the verification mode set to \fB\s-1SSL_VERIFY_PEER\s0\fR, if the peer +If \fBvalidation_mode\fR is equal to \fBSSL_CT_VALIDATION_STRICT\fR, then in a full +TLS handshake with the verification mode set to \fBSSL_VERIFY_PEER\fR, if the peer presents no valid SCTs the handshake will be aborted. -If the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR, the handshake will continue +If the verification mode is \fBSSL_VERIFY_NONE\fR, the handshake will continue despite lack of valid SCTs. -However, in that case if the verification status before the built-in callback +However, in that case if the verification status before the built\-in callback was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the callback. Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at @@ -187,24 +112,24 @@ status is part of the saved session state. See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3). .PP -If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the +If \fBvalidation_mode\fR is equal to \fBSSL_CT_VALIDATION_PERMISSIVE\fR, then the handshake continues, and the verification status is not modified, regardless of the validation status of any SCTs. The application can still inspect the validation status of the SCTs at handshake completion. Note that with session resumption there will not be any SCTs presented during the handshake. -Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after -handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the +Therefore, in applications that delay SCT policy enforcement until after +handshake completion, such delayed SCT checks should only be performed when the session is not resumed. .PP \&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR register a custom callback that may implement a different policy than either of the above. -This callback can examine the peer's SCTs and determine whether they are +This callback can examine the peer\*(Aqs SCTs and determine whether they are sufficient to allow the connection to continue. -The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR -and the callback returns a non-positive result. +The TLS handshake is aborted if the verification mode is not \fBSSL_VERIFY_NONE\fR +and the callback returns a non\-positive result. .PP An arbitrary callback data argument, \fBarg\fR, can be passed in when setting the callback. @@ -219,30 +144,30 @@ In that case the handshake continues as it would had no callback been requested. Callbacks are also not invoked when the peer certificate chain is invalid or -validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 -\&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively. +validated via \fBDANE\-TA\fR\|(2) or \fBDANE\-EE\fR\|(3) TLSA records which use a private X.509 +PKI, or no X.509 PKI at all, respectively. Clients that require SCTs are expected to not have enabled any aNULL ciphers -nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +nor to have specified server verification via \fBDANE\-TA\fR\|(2) or \fBDANE\-EE\fR\|(3) TLSA records. .PP -\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether -enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off CT processing, whether +enabled via the built\-in or the custom callbacks, by setting a NULL callback. These may be implemented as macros. .PP -\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is -enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0 +\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if CT processing is +enabled via either \fBSSL_enable_ct()\fR or a non\-null custom callback, and 0 otherwise. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because -one possible source of SCTs is the \s-1OCSP\s0 response from a server. +When SCT processing is enabled, OCSP stapling will be enabled. This is because +one possible source of SCTs is the OCSP response from a server. .PP The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any presented SCTs have timestamps that are in the future (and therefore invalid). -.SH "RESTRICTIONS" +.SH RESTRICTIONS .IX Header "RESTRICTIONS" Certificate Transparency validation cannot be enabled and so a callback cannot -be set if a custom client extension handler has been registered to handle \s-1SCT\s0 +be set if a custom client extension handler has been registered to handle SCT extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -254,8 +179,8 @@ .PP \&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result. .PP -\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 -validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 +\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non\-null CT +validation callback is set, or 0 if no callback (or equivalently a NULL callback) is set. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -265,11 +190,11 @@ \&\fBSSL_set_verify\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3ossl" -.TH SSL_CTX_SET_CTLOG_LIST_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certificate Transparency log list from a file -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,17 +74,17 @@ \& int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); \& int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency -(\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the +(CT) logs from the default file location, "ct_log_list.cnf", found in the directory where OpenSSL is installed. .PP -\&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. +\&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of CT logs from a specific path. See \fBCTLOG_STORE_new\fR\|(3) for the file format. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -These functions will not clear the existing \s-1CT\s0 log list \- it will be appended +These functions will not clear the existing CT log list \- it will be appended to. To replace the existing list, use \fBSSL_CTX_set0_ctlog_store\fR\|(3) first. .PP If an error occurs whilst parsing a particular log entry in the file, that log @@ -174,11 +99,11 @@ \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_ct_validation_callback\fR\|(3), \&\fBCTLOG_STORE_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3ossl" -.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or get passwd callback for encrypted PEM file handling -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,25 +84,25 @@ \& pem_password_cb *SSL_get_default_passwd_cb(SSL *s); \& void *SSL_get_default_passwd_cb_userdata(SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called -when loading/storing a \s-1PEM\s0 certificate with encryption. +when loading/storing a PEM certificate with encryption. .PP \&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, which will be provided to the password callback on invocation. .PP \&\fBSSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password callback currently set in \fBctx\fR. If no callback was explicitly set, the -\&\s-1NULL\s0 pointer is returned. +NULL pointer is returned. .PP \&\fBSSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata -currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer +currently set in \fBctx\fR. If no userdata was explicitly set, the NULL pointer is returned. .PP \&\fBSSL_set_default_passwd_cb()\fR, \fBSSL_set_default_passwd_cb_userdata()\fR, \&\fBSSL_get_default_passwd_cb()\fR and \fBSSL_get_default_passwd_cb_userdata()\fR perform -the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. +the same function as their SSL_CTX counterparts, but using an SSL object. .PP The password callback, which must be provided by the application, hands back the password to be used during decryption. @@ -188,7 +113,7 @@ callback is used for reading/decryption (rwflag=0) or writing/encryption (rwflag=1). For more details, see \fBpem_password_cb\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" When loading or storing private keys, a password might be supplied to protect the private key. The way this password can be supplied may depend @@ -205,15 +130,15 @@ for comparison in order to catch typos, that would make decryption impossible. .PP -Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is +Other items in PEM formatting (certificates) can also be encrypted, it is however not usual, as certificate information is considered public. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions do not provide diagnostic information. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The following example returns the password provided as userdata to the -calling function. The password is considered to be a '\e0' terminated +calling function. The password is considered to be a \*(Aq\e0\*(Aq terminated string. If the password does not fit into the buffer, the password is truncated. .PP @@ -229,16 +154,16 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_use_certificate\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_CTX_get_default_passwd_cb()\fR, \fBSSL_CTX_get_default_passwd_cb_userdata()\fR, \&\fBSSL_set_default_passwd_cb()\fR and \fBSSL_set_default_passwd_cb_userdata()\fR were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3ossl" -.TH SSL_CTX_SET_GENERATE_SESSION_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB \&\- manipulate generation of SSL session IDs (server only) -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,18 +80,18 @@ \& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, \& unsigned int id_len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating -new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +new session ids for SSL/TLS sessions for \fBctx\fR to be \fBcb\fR. .PP \&\fBSSL_set_generate_session_id()\fR sets the callback function for generating -new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +new session ids for SSL/TLS sessions for \fBssl\fR to be \fBcb\fR. .PP \&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR (of length \fBid_len\fR) is already contained in the internal session cache of the parent context of \fBssl\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" When a new session is established between client and server, the server generates a session id. The session id is an arbitrary sequence of bytes. @@ -224,7 +149,7 @@ .PP \&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the same id is already in the cache, or 0 otherwise. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The callback function listed will generate a session id with the server id given, and will fill the rest with pseudo random bytes: @@ -259,11 +184,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,103 +53,48 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_INFO_CALLBACK 3ossl" -.TH SSL_CTX_SET_INFO_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_INFO_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \&\- handle information callback for SSL connections -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); -\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); +\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, +\& void (*callback) (const SSL *ssl, int type, int val)); +\& +\& void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, int val); +\& +\& void SSL_set_info_callback(SSL *ssl, +\& void (*callback) (const SSL *ssl, int type, int val)); \& -\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); -\& void (*SSL_get_info_callback(const SSL *ssl))(); +\& void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to -obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection +obtain state information for SSL objects created from \fBctx\fR during connection setup and use. The setting for \fBctx\fR is overridden from the setting for -a specific \s-1SSL\s0 object, if specified. -When \fBcallback\fR is \s-1NULL,\s0 no callback function is used. +a specific SSL object, if specified. +When \fBcallback\fR is NULL, no callback function is used. .PP \&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to obtain state information for \fBssl\fR during connection setup and use. -When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for +When \fBcallback\fR is NULL, the callback setting currently valid for \&\fBctx\fR is used. .PP \&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information @@ -173,58 +102,58 @@ .PP \&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information callback function for \fBssl\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" When setting up a connection and during use, it is possible to obtain state -information from the \s-1SSL/TLS\s0 engine. When set, an information callback function +information from the SSL/TLS engine. When set, an information callback function is called whenever a significant event occurs such as: the state changes, an alert appears, or an error occurs. .PP -The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. +The callback function is called as \fBcallback(SSL *ssl, int where, int ret)\fR. The \fBwhere\fR argument specifies information about where (in which context) the callback function was called. If \fBret\fR is 0, an error condition occurred. -If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert +If an alert is handled, SSL_CB_ALERT is set and \fBret\fR specifies the alert information. .PP -\&\fBwhere\fR is a bit-mask made up of the following bits: -.IP "\s-1SSL_CB_LOOP\s0" 4 +\&\fBwhere\fR is a bit\-mask made up of the following bits: +.IP SSL_CB_LOOP 4 .IX Item "SSL_CB_LOOP" Callback has been called to indicate state change or some other significant state machine event. This may mean that the callback gets invoked more than once per state in some situations. -.IP "\s-1SSL_CB_EXIT\s0" 4 +.IP SSL_CB_EXIT 4 .IX Item "SSL_CB_EXIT" Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as -on error or when \s-1IO\s0 might otherwise block and nonblocking is being used. -.IP "\s-1SSL_CB_READ\s0" 4 +on error or when IO might otherwise block and nonblocking is being used. +.IP SSL_CB_READ 4 .IX Item "SSL_CB_READ" Callback has been called during read operation. -.IP "\s-1SSL_CB_WRITE\s0" 4 +.IP SSL_CB_WRITE 4 .IX Item "SSL_CB_WRITE" Callback has been called during write operation. -.IP "\s-1SSL_CB_ALERT\s0" 4 +.IP SSL_CB_ALERT 4 .IX Item "SSL_CB_ALERT" Callback has been called due to an alert being sent or received. -.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IP "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" 4 .IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" .PD 0 -.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IP "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" 4 .IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" -.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IP "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 .IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" -.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IP "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 .IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" -.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IP "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 .IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" -.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IP "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 .IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" -.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IP SSL_CB_HANDSHAKE_START 4 .IX Item "SSL_CB_HANDSHAKE_START" .PD Callback has been called because a new handshake is started. It also occurs when resuming a handshake following a pause to handle early data. -.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 +.IP SSL_CB_HANDSHAKE_DONE 4 .IX Item "SSL_CB_HANDSHAKE_DONE" Callback has been called because a handshake is finished. It also occurs if the handshake is paused to allow the exchange of early data. @@ -239,13 +168,13 @@ \&\fBSSL_set_info_callback()\fR does not provide diagnostic information. .PP \&\fBSSL_get_info_callback()\fR returns the current setting. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The following example callback function prints state strings, information -about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 +about alerts being handled and error messages to the \fBbio_err\fR BIO. .PP .Vb 4 -\& void apps_ssl_info_callback(SSL *s, int where, int ret) +\& void apps_ssl_info_callback(const SSL *s, int where, int ret) \& { \& const char *str; \& int w = where & ~SSL_ST_MASK; @@ -279,11 +208,11 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_state_string\fR\|(3), \&\fBSSL_alert_type_string\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3ossl" -.TH SSL_CTX_SET_KEYLOG_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func \- logging TLS key material -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,34 +76,34 @@ \& void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); \& SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback -is called whenever \s-1TLS\s0 key material is generated or received, in order to allow +\&\fBSSL_CTX_set_keylog_callback()\fR sets the TLS key logging callback. This callback +is called whenever TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes. .PP -\&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging -callback. If no callback has been set, this will return \s-1NULL.\s0 When there is no -key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as +\&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set TLS key logging +callback. If no callback has been set, this will return NULL. When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with NULL as the value of cb, no logging of key material will be done. .PP The key logging callback is called with two items: the \fBssl\fR object associated with the connection, and \fBline\fR, a string containing the key material in the -format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that +format used by NSS for its \fBSSLKEYLOGFILE\fR debugging output. To recreate that file, the key logging callback should log \fBline\fR, followed by a newline. -\&\fBline\fR will always be a NUL-terminated string. +\&\fBline\fR will always be a NUL\-terminated string. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or -\&\s-1NULL\s0 if the callback is not set. +NULL if the callback is not set. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MAX_CERT_LIST 3ossl" -.TH SSL_CTX_SET_MAX_CERT_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_MAX_CERT_LIST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" -SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer's certificate chain -.SH "SYNOPSIS" +.SH NAME +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer\*(Aqs certificate chain +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,39 +76,39 @@ \& long SSL_set_max_cert_list(SSL *ssl, long size); \& long SSL_get_max_cert_list(SSL *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's -certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. -The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer\*(Aqs +certificate chain for all SSL objects created from \fBctx\fR to be bytes. +The SSL objects inherit the setting valid for \fBctx\fR at the time \&\fBSSL_new\fR\|(3) is being called. .PP \&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. .PP -\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer\*(Aqs certificate chain for \fBssl\fR to be bytes. This setting stays valid until a new value is set. .PP \&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" During the handshake process, the peer may send a certificate chain. -The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The TLS/SSL standard does not give any maximum size of the certificate chain. The OpenSSL library handles incoming data by a dynamically allocated buffer. In order to prevent this buffer from growing without bounds due to data received from a faulty or malicious peer, a maximum size for the certificate chain is set. .PP The default value for the maximum certificate chain size is 100kB (30kB -on the 16\-bit \s-1DOS\s0 platform). This should be sufficient for usual certificate -chains (OpenSSL's default maximum chain length is 10, see +on the 16\-bit DOS platform). This should be sufficient for usual certificate +chains (OpenSSL\*(Aqs default maximum chain length is 10, see \&\fBSSL_CTX_set_verify\fR\|(3), and certificates without special extensions have a typical size of 1\-2kB). .PP For special applications it can be necessary to extend the maximum certificate chain size allowed to be sent by the peer, see e.g. the work on -\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" -and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +"Internet X.509 Public Key Infrastructure Proxy Certificate Profile" +and "TLS Delegation Protocol" at http://www.ietf.org/ and http://www.globus.org/ . .PP Under normal conditions it should never be necessary to set a value smaller @@ -191,7 +116,7 @@ memory actually required by the data sent by the peer. .PP If the maximum certificate chain size allowed is exceeded, the handshake will -fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously @@ -203,11 +128,11 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3ossl" -.TH SSL_CTX_SET_MIN_PROTO_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum and maximum supported protocol version -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,7 +84,7 @@ \& int SSL_get_min_proto_version(SSL *ssl); \& int SSL_get_max_proto_version(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functions get or set the minimum and maximum supported protocol versions for the \fBctx\fR or \fBssl\fR. @@ -168,37 +93,38 @@ specific protocol versions. Use these functions instead of disabling specific protocol versions. .PP -Setting the minimum or maximum version to 0, will enable protocol +Setting the minimum or maximum version to 0 (default), will enable protocol versions down to the lowest version, or up to the highest version -supported by the library, respectively. +supported by the library, respectively. The supported versions might be +controlled by system configuration. .PP Getters return 0 in case \fBctx\fR or \fBssl\fR have been configured to automatically use the lowest or highest version supported by the library. .PP -Currently supported versions are \fB\s-1SSL3_VERSION\s0\fR, \fB\s-1TLS1_VERSION\s0\fR, -\&\fB\s-1TLS1_1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR, \fB\s-1TLS1_3_VERSION\s0\fR for \s-1TLS\s0 and -\&\fB\s-1DTLS1_VERSION\s0\fR, \fB\s-1DTLS1_2_VERSION\s0\fR for \s-1DTLS.\s0 +Currently supported versions are \fBSSL3_VERSION\fR, \fBTLS1_VERSION\fR, +\&\fBTLS1_1_VERSION\fR, \fBTLS1_2_VERSION\fR, \fBTLS1_3_VERSION\fR for TLS and +\&\fBDTLS1_VERSION\fR, \fBDTLS1_2_VERSION\fR for DTLS. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These setter functions return 1 on success and 0 on failure. The getter -functions return the configured version or 0 for auto-configuration of +functions return the configured version or 0 for auto\-configuration of lowest or highest protocol, respectively. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" All these functions are implemented using macros. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The setter functions were added in OpenSSL 1.1.0. The getter functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MODE 3ossl" -.TH SSL_CTX_SET_MODE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_MODE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,23 +78,23 @@ \& long SSL_CTX_get_mode(SSL_CTX *ctx); \& long SSL_get_mode(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_mode()\fR adds the mode set via bit-mask in \fBmode\fR to \fBctx\fR. +\&\fBSSL_CTX_set_mode()\fR adds the mode set via bit\-mask in \fBmode\fR to \fBctx\fR. Options already set before are not cleared. -\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bit-mask in \fBmode\fR from \fBctx\fR. +\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bit\-mask in \fBmode\fR from \fBctx\fR. .PP -\&\fBSSL_set_mode()\fR adds the mode set via bit-mask in \fBmode\fR to \fBssl\fR. +\&\fBSSL_set_mode()\fR adds the mode set via bit\-mask in \fBmode\fR to \fBssl\fR. Options already set before are not cleared. -\&\fBSSL_clear_mode()\fR removes the mode set via bit-mask in \fBmode\fR from \fBssl\fR. +\&\fBSSL_clear_mode()\fR removes the mode set via bit\-mask in \fBmode\fR from \fBssl\fR. .PP \&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. .PP \&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The following mode changes are available: -.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IP SSL_MODE_ENABLE_PARTIAL_WRITE 4 .IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success when just a single record has been written). This works in a similar way for @@ -178,89 +103,89 @@ \&\fBSSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call to \fBSSL_write_ex()\fR or \fBSSL_write()\fR must only send the n\-r bytes left, imitating the behaviour of \fBwrite()\fR. -.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IP SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 4 .IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer location (the buffer contents must stay the same). This is not the default to avoid the misconception that nonblocking \fBSSL_write()\fR behaves like nonblocking \fBwrite()\fR. -.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IP SSL_MODE_AUTO_RETRY 4 .IX Item "SSL_MODE_AUTO_RETRY" -During normal operations, non-application data records might need to be sent or +During normal operations, non\-application data records might need to be sent or received that the application is not aware of. -If a non-application data record was processed, +If a non\-application data record was processed, \&\fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) can return with a failure and indicate the -need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. -If such a non-application data record was processed, the flag -\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of +need to retry with \fBSSL_ERROR_WANT_READ\fR. +If such a non\-application data record was processed, the flag +\&\fBSSL_MODE_AUTO_RETRY\fR causes it to try to process the next record instead of returning. .Sp In a nonblocking environment applications must be prepared to handle incomplete read/write operations. -Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a nonblocking \fB\s-1BIO\s0\fR will process -non-application data records until either no more data is available or +Setting \fBSSL_MODE_AUTO_RETRY\fR for a nonblocking \fBBIO\fR will process +non\-application data records until either no more data is available or an application data record has been processed. .Sp In a blocking environment, applications are not always prepared to deal with the functions returning intermediate reports such as retry -requests, and setting the \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR flag will cause the functions +requests, and setting the \fBSSL_MODE_AUTO_RETRY\fR flag will cause the functions to only return after successfully processing an application data record or a failure. .Sp -Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case +Turning off \fBSSL_MODE_AUTO_RETRY\fR can be useful with blocking \fBBIO\fRs in case they are used in combination with something like \fBselect()\fR or \fBpoll()\fR. Otherwise the call to \fBSSL_read()\fR or \fBSSL_read_ex()\fR might hang when a -non-application record was sent and no application data was sent. -.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 +non\-application record was sent and no application data was sent. +.IP SSL_MODE_RELEASE_BUFFERS 4 .IX Item "SSL_MODE_RELEASE_BUFFERS" -When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0 +When we no longer need a read buffer or a write buffer for a given SSL, then release the memory we were using to hold it. Using this flag can -save around 34k per idle \s-1SSL\s0 connection. -This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. -.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 +save around 34k per idle SSL connection. +This flag has no effect on SSL v2 connections, or on DTLS connections. +.IP SSL_MODE_SEND_FALLBACK_SCSV 4 .IX Item "SSL_MODE_SEND_FALLBACK_SCSV" -Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications that reconnect with a downgraded protocol version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. .Sp -\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. +DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft\-ietf\-tls\-downgrade\-scsv\-00. -.IP "\s-1SSL_MODE_ASYNC\s0" 4 +.IP SSL_MODE_ASYNC 4 .IX Item "SSL_MODE_ASYNC" -Enable asynchronous processing. \s-1TLS I/O\s0 operations may indicate a retry with -\&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is +Enable asynchronous processing. TLS I/O operations may indicate a retry with +SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See \fBSSL_get_error\fR\|(3). -.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 +.IP SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 4 .IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" Older versions of OpenSSL had a bug in the computation of the label length -used for computing the endpoint-pair shared secret. The bug was that the +used for computing the endpoint\-pair shared secret. The bug was that the terminating zero was included in the length of the label. Setting this option enables this behaviour to allow interoperability with such broken implementations. Please note that setting this option breaks interoperability -with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP.\s0 +with correct implementations. This option only applies to DTLS over SCTP. .PP -All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by +All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by default since 1.1.1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bit-mask +\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bit\-mask after adding \fBmode\fR. .PP -\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bit-mask. +\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bit\-mask. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or \&\fBSSL_write\fR\|(3), \fBSSL_get_error\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +SSL_MODE_ASYNC was added in OpenSSL 1.1.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MSG_CALLBACK 3ossl" -.TH SSL_CTX_SET_MSG_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_MSG_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg \&\- install callback for observing protocol messages -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,10 +86,10 @@ \& size_t len, SSL *ssl, void *arg)); \& void SSL_set_msg_callback_arg(SSL *ssl, void *arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to -define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +define a message callback function \fIcb\fR for observing all SSL/TLS protocol messages (such as handshake messages) that are received or sent, as well as other events that occur during processing. \&\fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR @@ -172,43 +97,43 @@ available for arbitrary application use. .PP \&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify -default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +default settings that will be copied to new \fBSSL\fR objects by \&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and -\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR -object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. +\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fBSSL\fR +object. Using a \fBNULL\fR pointer for \fIcb\fR disables the message callback. .PP -When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the +When \fIcb\fR is called by the SSL/TLS library the function arguments have the following meaning: -.IP "\fIwrite_p\fR" 4 +.IP \fIwrite_p\fR 4 .IX Item "write_p" This flag is \fB0\fR when a protocol message has been received and \fB1\fR when a protocol message has been sent. -.IP "\fIversion\fR" 4 +.IP \fIversion\fR 4 .IX Item "version" The protocol version according to which the protocol message is -interpreted by the library such as \fB\s-1TLS1_3_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR etc. -This is set to 0 for the \s-1SSL3_RT_HEADER\s0 pseudo content type (see \s-1NOTES\s0 below). -.IP "\fIcontent_type\fR" 4 +interpreted by the library such as \fBTLS1_3_VERSION\fR, \fBTLS1_2_VERSION\fR etc. +This is set to 0 for the SSL3_RT_HEADER pseudo content type (see NOTES below). +.IP \fIcontent_type\fR 4 .IX Item "content_type" This is one of the content type values defined in the protocol specification -(\fB\s-1SSL3_RT_CHANGE_CIPHER_SPEC\s0\fR, \fB\s-1SSL3_RT_ALERT\s0\fR, \fB\s-1SSL3_RT_HANDSHAKE\s0\fR; but never -\&\fB\s-1SSL3_RT_APPLICATION_DATA\s0\fR because the callback will only be called for protocol -messages). Alternatively it may be a \*(L"pseudo\*(R" content type. These pseudo +(\fBSSL3_RT_CHANGE_CIPHER_SPEC\fR, \fBSSL3_RT_ALERT\fR, \fBSSL3_RT_HANDSHAKE\fR; but never +\&\fBSSL3_RT_APPLICATION_DATA\fR because the callback will only be called for protocol +messages). Alternatively it may be a "pseudo" content type. These pseudo content types are used to signal some other event in the processing of data (see -\&\s-1NOTES\s0 below). +NOTES below). .IP "\fIbuf\fR, \fIlen\fR" 4 .IX Item "buf, len" \&\fIbuf\fR points to a buffer containing the protocol message or other data (in the case of pseudo content types), which consists of \fIlen\fR bytes. The buffer is no longer valid after the callback function has returned. -.IP "\fIssl\fR" 4 +.IP \fIssl\fR 4 .IX Item "ssl" -The \fB\s-1SSL\s0\fR object that received or sent the message. -.IP "\fIarg\fR" 4 +The \fBSSL\fR object that received or sent the message. +.IP \fIarg\fR 4 .IX Item "arg" -The user-defined argument optionally defined by +The user\-defined argument optionally defined by \&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Protocol messages are passed to the callback function after decryption and fragment collection where applicable. (Thus record boundaries are @@ -221,21 +146,21 @@ .PP Due to automatic protocol version negotiation, \fIversion\fR is not necessarily the protocol version used by the sender of the message: If -a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server, -\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +a TLS 1.0 ClientHello message is received by an SSL 3.0\-only server, +\&\fIversion\fR will be \fBSSL3_VERSION\fR. .PP Pseudo content type values may be sent at various points during the processing of data. The following pseudo content types are currently defined: -.IP "\fB\s-1SSL3_RT_HEADER\s0\fR" 4 +.IP \fBSSL3_RT_HEADER\fR 4 .IX Item "SSL3_RT_HEADER" Used when a record is sent or received. The \fBbuf\fR contains the record header bytes only. -.IP "\fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR" 4 +.IP \fBSSL3_RT_INNER_CONTENT_TYPE\fR 4 .IX Item "SSL3_RT_INNER_CONTENT_TYPE" Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 records the content type in the record header is always -\&\s-1SSL3_RT_APPLICATION_DATA.\s0 The real content type for the record is contained in -an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. +SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in +an "inner" content type. \fBbuf\fR contains the encoded "inner" content type byte. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, \fBSSL_set_msg_callback()\fR @@ -243,14 +168,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +The pseudo content type \fBSSL3_RT_INNER_CONTENT_TYPE\fR was added in OpenSSL 1.1.1. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_NUM_TICKETS 3ossl" -.TH SSL_CTX_SET_NUM_TICKETS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_NUM_TICKETS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets, SSL_new_session_ticket \&\- control the number of TLSv1.3 session tickets that are issued -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,7 +81,7 @@ \& size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); \& int SSL_new_session_ticket(SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR can be called for a server application and set the number of TLSv1.3 session tickets that will be sent to @@ -169,7 +94,7 @@ \&\fBSSL_set_num_tickets()\fR or \fBSSL_CTX_set_num_tickets()\fR. If \fBnum_tickets\fR is set to 0 then no tickets will be issued for either a normal connection or a resumption. .PP -Tickets are also issued on receipt of a post-handshake certificate from the +Tickets are also issued on receipt of a post\-handshake certificate from the client following a request by the server using \&\fBSSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated with the updated client identity (i.e. including their certificate and @@ -179,11 +104,11 @@ \&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be sent. .PP -To issue tickets after other events (such as application-layer changes), +To issue tickets after other events (such as application\-layer changes), \&\fBSSL_new_session_ticket()\fR is used by a server application to request that a new ticket be sent when it is safe to do so. New tickets are only allowed to be sent in this manner after the initial handshake has completed, and only for -\&\s-1TLS 1.3\s0 connections. By default, the ticket generation and transmission are +TLS 1.3 connections. By default, the ticket generation and transmission are delayed until the server is starting a new write operation, so that it is bundled with other application data being written and properly aligned to a record boundary. If the connection was at a record boundary when @@ -195,7 +120,7 @@ \&\fBSSL_do_handshake()\fR. Note that a successful return from \&\fBSSL_new_session_ticket()\fR indicates only that the request to send a ticket was processed, not that the ticket itself was sent. To be notified when the -ticket itself is sent, a new-session callback can be registered with +ticket itself is sent, a new\-session callback can be registered with \&\fBSSL_CTX_sess_set_new_cb\fR\|(3) that will be invoked as the ticket or tickets are generated. .PP @@ -212,16 +137,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_new_session_ticket()\fR was added in OpenSSL 3.0.0. \&\fBSSL_set_num_tickets()\fR, \fBSSL_get_num_tickets()\fR, \fBSSL_CTX_set_num_tickets()\fR, and \&\fBSSL_CTX_get_num_tickets()\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_OPTIONS 3ossl" -.TH SSL_CTX_SET_OPTIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_OPTIONS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,18 +83,18 @@ \& \& long SSL_get_secure_renegotiation_support(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_options()\fR adds the options set via bit-mask in \fBoptions\fR to \fBctx\fR. +\&\fBSSL_CTX_set_options()\fR adds the options set via bit\-mask in \fBoptions\fR to \fBctx\fR. Options already set before are not cleared! .PP -\&\fBSSL_set_options()\fR adds the options set via bit-mask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_set_options()\fR adds the options set via bit\-mask in \fBoptions\fR to \fBssl\fR. Options already set before are not cleared! .PP -\&\fBSSL_CTX_clear_options()\fR clears the options set via bit-mask in \fBoptions\fR +\&\fBSSL_CTX_clear_options()\fR clears the options set via bit\-mask in \fBoptions\fR to \fBctx\fR. .PP -\&\fBSSL_clear_options()\fR clears the options set via bit-mask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_clear_options()\fR clears the options set via bit\-mask in \fBoptions\fR to \fBssl\fR. .PP \&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. .PP @@ -178,79 +103,79 @@ \&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports secure renegotiation. Note, this is implemented via a macro. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The behaviour of the \s-1SSL\s0 library can be changed by setting several options. -The options are coded as bit-masks and can be combined by a bitwise \fBor\fR +The behaviour of the SSL library can be changed by setting several options. +The options are coded as bit\-masks and can be combined by a bitwise \fBor\fR operation (|). .PP \&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) -protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of -the \s-1API\s0 can be changed by using the similar +protocol behaviour of the SSL library. The (internal) behaviour of +the API can be changed by using the similar \&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions. .PP -During a handshake, the option settings of the \s-1SSL\s0 object are used. When -a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current +During a handshake, the option settings of the SSL object are used. When +a new SSL object is created from a context using \fBSSL_new()\fR, the current option setting is copied. Changes to \fBctx\fR do not affect already created -\&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. +SSL objects. \fBSSL_clear()\fR does not affect the settings. .PP The following \fBbug workaround\fR options are available: -.IP "\s-1SSL_OP_CRYPTOPRO_TLSEXT_BUG\s0" 4 +.IP SSL_OP_CRYPTOPRO_TLSEXT_BUG 4 .IX Item "SSL_OP_CRYPTOPRO_TLSEXT_BUG" -Add server-hello extension from the early version of cryptopro draft -when \s-1GOST\s0 ciphersuite is negotiated. Required for interoperability with CryptoPro -\&\s-1CSP 3\s0.x. -.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +Add server\-hello extension from the early version of cryptopro draft +when GOST ciphersuite is negotiated. Required for interoperability with CryptoPro +CSP 3.x. +.IP SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 4 .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" -Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol -vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some -broken \s-1SSL\s0 implementations. This option has no effect for connections +Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol +vulnerability affecting CBC ciphers, which cannot be handled by some +broken SSL implementations. This option has no effect for connections using other ciphers. -.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 +.IP SSL_OP_SAFARI_ECDHE_ECDSA_BUG 4 .IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" -Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. -OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. -.IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 +Don\*(Aqt prefer ECDHE\-ECDSA ciphers when the client appears to be Safari on OS X. +OS X 10.8..10.8.3 has broken support for ECDHE\-ECDSA ciphers. +.IP SSL_OP_TLSEXT_PADDING 4 .IX Item "SSL_OP_TLSEXT_PADDING" Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. This is needed as a workaround for some implementations. -.IP "\s-1SSL_OP_ALL\s0" 4 +.IP SSL_OP_ALL 4 .IX Item "SSL_OP_ALL" All of the above bug workarounds. .PP -It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround +It is usually safe to use \fBSSL_OP_ALL\fR to enable the bug workaround options if compatibility with somewhat broken implementations is desired. .PP The following \fBmodifying\fR options are available: -.IP "\s-1SSL_OP_ALLOW_CLIENT_RENEGOTIATION\s0" 4 +.IP SSL_OP_ALLOW_CLIENT_RENEGOTIATION 4 .IX Item "SSL_OP_ALLOW_CLIENT_RENEGOTIATION" -Client-initiated renegotiation is disabled by default. Use +Client\-initiated renegotiation is disabled by default. Use this option to enable it. -.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 +.IP SSL_OP_ALLOW_NO_DHE_KEX 4 .IX Item "SSL_OP_ALLOW_NO_DHE_KEX" In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. -.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 +.IP SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 4 .IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" Allow legacy insecure renegotiation between OpenSSL and unpatched clients or -servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. -.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +servers. See the \fBSECURE RENEGOTIATION\fR section for more details. +.IP SSL_OP_CIPHER_SERVER_PREFERENCE 4 .IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" -When choosing a cipher, use the server's preferences instead of the client -preferences. When not set, the \s-1SSL\s0 server will always follow the clients -preferences. When set, the \s-1SSL/TLS\s0 server will choose following its +When choosing a cipher, use the server\*(Aqs preferences instead of the client +preferences. When not set, the SSL server will always follow the clients +preferences. When set, the SSL/TLS server will choose following its own preferences. -.IP "\s-1SSL_OP_CISCO_ANYCONNECT\s0" 4 +.IP SSL_OP_CISCO_ANYCONNECT 4 .IX Item "SSL_OP_CISCO_ANYCONNECT" -Use Cisco's version identifier of \s-1DTLS_BAD_VER\s0 when establishing a DTLSv1 -connection. Only available when using the deprecated \fBDTLSv1_client_method()\fR \s-1API.\s0 -.IP "\s-1SSL_OP_CLEANSE_PLAINTEXT\s0" 4 +Use Cisco\*(Aqs version identifier of DTLS_BAD_VER when establishing a DTLSv1 +connection. Only available when using the deprecated \fBDTLSv1_client_method()\fR API. +.IP SSL_OP_CLEANSE_PLAINTEXT 4 .IX Item "SSL_OP_CLEANSE_PLAINTEXT" -By default \s-1TLS\s0 connections keep a copy of received plaintext +By default TLS connections keep a copy of received plaintext application data in a static buffer until it is overwritten by the -next portion of data. When enabling \s-1SSL_OP_CLEANSE_PLAINTEXT\s0 +next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT deciphered application data is cleansed by calling \fBOPENSSL_cleanse\fR\|(3) after passing data to the application. Data is also cleansed when releasing the connection (e.g. \fBSSL_free\fR\|(3)). @@ -259,98 +184,98 @@ responsible for cleansing all other buffers. Most notably, this applies to buffers passed to functions like \fBSSL_read\fR\|(3), \&\fBSSL_peek\fR\|(3) but also like \fBSSL_write\fR\|(3). -.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 +.IP SSL_OP_COOKIE_EXCHANGE 4 .IX Item "SSL_OP_COOKIE_EXCHANGE" -Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects -\&\s-1DTLS\s0 connections. -.IP "\s-1SSL_OP_DISABLE_TLSEXT_CA_NAMES\s0" 4 +Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects +DTLS connections. +.IP SSL_OP_DISABLE_TLSEXT_CA_NAMES 4 .IX Item "SSL_OP_DISABLE_TLSEXT_CA_NAMES" -Disable \s-1TLS\s0 Extension \s-1CA\s0 Names. You may want to disable it for security reasons -or for compatibility with some Windows \s-1TLS\s0 implementations crashing when this +Disable TLS Extension CA Names. You may want to disable it for security reasons +or for compatibility with some Windows TLS implementations crashing when this extension is larger than 1024 bytes. -.IP "\s-1SSL_OP_ENABLE_KTLS\s0" 4 +.IP SSL_OP_ENABLE_KTLS 4 .IX Item "SSL_OP_ENABLE_KTLS" -Enable the use of kernel \s-1TLS.\s0 In order to benefit from kernel \s-1TLS\s0 OpenSSL must +Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must have been compiled with support for it, and it must be supported by the negotiated ciphersuites and extensions. The specific ciphersuites and extensions that are supported may vary by platform and kernel version. .Sp -The kernel \s-1TLS\s0 data-path implements the record layer, and the encryption +The kernel TLS data\-path implements the record layer, and the encryption algorithm. The kernel will utilize the best hardware -available for encryption. Using the kernel data-path should reduce the memory +available for encryption. Using the kernel data\-path should reduce the memory footprint of OpenSSL because no buffering is required. Also, the throughput should improve because data copy is avoided when user data is encrypted into kernel memory instead of the usual encrypt then copy to kernel. .Sp -Kernel \s-1TLS\s0 might not support all the features of OpenSSL. For instance, +Kernel TLS might not support all the features of OpenSSL. For instance, renegotiation, and setting the maximum fragment size is not possible as of Linux 4.20. .Sp -Note that with kernel \s-1TLS\s0 enabled some cryptographic operations are performed +Note that with kernel TLS enabled some cryptographic operations are performed by the kernel directly and not via any available OpenSSL Providers. This might be undesirable if, for example, the application requires all cryptographic -operations to be performed by the \s-1FIPS\s0 provider. -.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 +operations to be performed by the FIPS provider. +.IP SSL_OP_ENABLE_MIDDLEBOX_COMPAT 4 .IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" -If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This +If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. Regardless of whether -this option is set or not \s-1CCS\s0 messages received from the peer will always be +this option is set or not CCS messages received from the peer will always be ignored in TLSv1.3. This option is set by default. To switch it off use \&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. -.IP "\s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0" 4 +.IP SSL_OP_IGNORE_UNEXPECTED_EOF 4 .IX Item "SSL_OP_IGNORE_UNEXPECTED_EOF" -Some \s-1TLS\s0 implementations do not send the mandatory close_notify alert on +Some TLS implementations do not send the mandatory close_notify alert on shutdown. If the application tries to wait for the close_notify alert but the peer closes the connection without sending it, an error is generated. When this option is enabled the peer does not need to send the close_notify alert and a closed connection will be treated as if the close_notify alert was received. .Sp -You should only enable this option if the protocol running over \s-1TLS\s0 +You should only enable this option if the protocol running over TLS can detect a truncation attack itself, and that the application is checking for that truncation attack. .Sp For more information on shutting down a connection, see \fBSSL_shutdown\fR\|(3). -.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 +.IP SSL_OP_LEGACY_SERVER_CONNECT 4 .IX Item "SSL_OP_LEGACY_SERVER_CONNECT" Allow legacy insecure renegotiation between OpenSSL and unpatched servers -\&\fBonly\fR. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. -.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 +\&\fBonly\fR. See the \fBSECURE RENEGOTIATION\fR section for more details. +.IP SSL_OP_NO_ANTI_REPLAY 4 .IX Item "SSL_OP_NO_ANTI_REPLAY" By default, when a server is configured for early data (i.e., max_early_data > 0), OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a -description of the replay protection feature. Anti-replay measures are required +description of the replay protection feature. Anti\-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built in OpenSSL functionality is not required. Those applications can turn this feature off by -setting this option. This is a server-side option only. It is ignored by +setting this option. This is a server\-side option only. It is ignored by clients. -.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 +.IP SSL_OP_NO_COMPRESSION 4 .IX Item "SSL_OP_NO_COMPRESSION" Do not use compression even if it is supported. This option is set by default. To switch it off use \fBSSL_clear_options()\fR. -.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 +.IP SSL_OP_NO_ENCRYPT_THEN_MAC 4 .IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" Normally clients and servers will transparently attempt to negotiate the -\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +RFC7366 Encrypt\-then\-MAC option on TLS and DTLS connection. .Sp -If this option is set, Encrypt-then-MAC is disabled. Clients will not +If this option is set, Encrypt\-then\-MAC is disabled. Clients will not propose, and servers will not accept the extension. -.IP "\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0" 4 +.IP SSL_OP_NO_EXTENDED_MASTER_SECRET 4 .IX Item "SSL_OP_NO_EXTENDED_MASTER_SECRET" Normally clients and servers will transparently attempt to negotiate the -\&\s-1RFC7627\s0 Extended Master Secret option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +RFC7627 Extended Master Secret option on TLS and DTLS connection. .Sp If this option is set, Extended Master Secret is disabled. Clients will not propose, and servers will not accept the extension. -.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 +.IP SSL_OP_NO_QUERY_MTU 4 .IX Item "SSL_OP_NO_QUERY_MTU" -Do not query the \s-1MTU.\s0 Only affects \s-1DTLS\s0 connections. -.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 +Do not query the MTU. Only affects DTLS connections. +.IP SSL_OP_NO_RENEGOTIATION 4 .IX Item "SSL_OP_NO_RENEGOTIATION" -Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +Disable all renegotiation in (D)TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello. -.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IP SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 4 .IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial @@ -358,14 +283,14 @@ .IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 .IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol -versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS,\s0 +versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, respectively. As of OpenSSL 1.1.0, these options are deprecated, use \&\fBSSL_CTX_set_min_proto_version\fR\|(3) and \&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead. -.IP "\s-1SSL_OP_NO_TICKET\s0" 4 +.IP SSL_OP_NO_TICKET 4 .IX Item "SSL_OP_NO_TICKET" -\&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless +SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless session tickets. .Sp When using session ids a copy of the session information is @@ -375,7 +300,7 @@ .Sp When using stateless session tickets the server uses a session ticket encryption key to encrypt the session information. This encrypted data is sent to the -client as a \*(L"ticket\*(R". When the client wishes to resume it sends the encrypted +client as a "ticket". When the client wishes to resume it sends the encrypted data back to the server. The server uses its key to decrypt the data and resume the session. In this way the server can operate statelessly \- no session information needs to be cached locally. @@ -390,82 +315,82 @@ extract the session id from the ticket and retrieve the session information from its cache. .Sp -By default OpenSSL will use stateless tickets. The \s-1SSL_OP_NO_TICKET\s0 option will +By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will cause stateless tickets to not be issued. In TLSv1.2 and below this means no ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be -sent. This is a server-side option only. +sent. This is a server\-side option only. .Sp In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or \&\fBSSL_set_num_tickets\fR\|(3). -.IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 +.IP SSL_OP_PRIORITIZE_CHACHA 4 .IX Item "SSL_OP_PRIORITIZE_CHACHA" -When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize +When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize ChaCha20\-Poly1305 ciphers to the top of the server cipher list if a ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere -in the server cipher list; but still allows other clients to use \s-1AES\s0 and other -ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. -.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +in the server cipher list; but still allows other clients to use AES and other +ciphers. Requires \fBSSL_OP_CIPHER_SERVER_PREFERENCE\fR. +.IP SSL_OP_TLS_ROLLBACK_BUG 4 .IX Item "SSL_OP_TLS_ROLLBACK_BUG" Disable version rollback attack detection. .Sp During the client key exchange, the client must send the same information -about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some -clients violate this rule by adapting to the server's answer. (Example: +about acceptable SSL/TLS protocol levels as during the first hello. Some +clients violate this rule by adapting to the server\*(Aqs answer. (Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect -to the server's answer and violate the version rollback protection.) +to the server\*(Aqs answer and violate the version rollback protection.) .PP The following options no longer have any effect but their identifiers are retained for compatibility purposes: -.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IP SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 4 .IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" .PD 0 -.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IP SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 4 .IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" -.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +.IP SSL_OP_SSLEAY_080_CLIENT_DH_BUG 4 .IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" -.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IP SSL_OP_TLS_D5_BUG 4 .IX Item "SSL_OP_TLS_D5_BUG" -.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IP SSL_OP_TLS_BLOCK_PADDING_BUG 4 .IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" -.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IP SSL_OP_MSIE_SSLV2_RSA_PADDING 4 .IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" -.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +.IP SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 4 .IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" -.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IP SSL_OP_MICROSOFT_SESS_ID_BUG 4 .IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" -.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IP SSL_OP_NETSCAPE_CHALLENGE_BUG 4 .IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" -.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +.IP SSL_OP_PKCS1_CHECK_1 4 .IX Item "SSL_OP_PKCS1_CHECK_1" -.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IP SSL_OP_PKCS1_CHECK_2 4 .IX Item "SSL_OP_PKCS1_CHECK_2" -.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IP SSL_OP_SINGLE_DH_USE 4 .IX Item "SSL_OP_SINGLE_DH_USE" -.IP "\s-1SSL_OP_SINGLE_ECDH_USE\s0" 4 +.IP SSL_OP_SINGLE_ECDH_USE 4 .IX Item "SSL_OP_SINGLE_ECDH_USE" -.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IP SSL_OP_EPHEMERAL_RSA 4 .IX Item "SSL_OP_EPHEMERAL_RSA" -.IP "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 +.IP SSL_OP_NETSCAPE_CA_DN_BUG 4 .IX Item "SSL_OP_NETSCAPE_CA_DN_BUG" -.IP "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 +.IP SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 4 .IX Item "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" .PD .SH "SECURE RENEGOTIATION" .IX Header "SECURE RENEGOTIATION" OpenSSL always attempts to use secure renegotiation as -described in \s-1RFC5746.\s0 This counters the prefix attack described in -\&\s-1CVE\-2009\-3555\s0 and elsewhere. +described in RFC5746. This counters the prefix attack described in +CVE\-2009\-3555 and elsewhere. .PP This attack has far reaching consequences which application writers should be aware of. In the description below an implementation supporting secure renegotiation is referred to as \fIpatched\fR. A server not supporting secure renegotiation is referred to as \fIunpatched\fR. .PP -The following sections describe the operations permitted by OpenSSL's secure +The following sections describe the operations permitted by OpenSSL\*(Aqs secure renegotiation implementation. .SS "Patched client and server" .IX Subsection "Patched client and server" @@ -473,51 +398,51 @@ .SS "Unpatched client and patched OpenSSL server" .IX Subsection "Unpatched client and patched OpenSSL server" The initial connection succeeds but client renegotiation is denied by the -server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal -\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. +server with a \fBno_renegotiation\fR warning alert if TLS v1.0 is used or a fatal +\&\fBhandshake_failure\fR alert in SSL v3.0. .PP If the patched OpenSSL server attempts to renegotiate a fatal \&\fBhandshake_failure\fR alert is sent. This is because the server code may be unaware of the unpatched nature of the client. .PP -If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then +If the option \fBSSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\fR is set then renegotiation \fBalways\fR succeeds. .SS "Patched OpenSSL client and unpatched server" .IX Subsection "Patched OpenSSL client and unpatched server" -If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections +If the option \fBSSL_OP_LEGACY_SERVER_CONNECT\fR or +\&\fBSSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\fR is set then initial connections and renegotiation between patched OpenSSL clients and unpatched servers succeeds. If neither option is set then initial connections to unpatched servers will fail. .PP -Setting the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR has security implications; +Setting the option \fBSSL_OP_LEGACY_SERVER_CONNECT\fR has security implications; clients that are willing to connect to servers that do not implement -\&\s-1RFC 5746\s0 secure renegotiation are subject to attacks such as -\&\s-1CVE\-2009\-3555.\s0 +RFC 5746 secure renegotiation are subject to attacks such as +CVE\-2009\-3555. .PP OpenSSL client applications wishing to ensure they can connect to unpatched -servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR +servers should always \fBset\fR \fBSSL_OP_LEGACY_SERVER_CONNECT\fR .PP OpenSSL client applications that want to ensure they can \fBnot\fR connect to unpatched servers (and thus avoid any security issues) should always \fBclear\fR -\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or +\&\fBSSL_OP_LEGACY_SERVER_CONNECT\fR using \fBSSL_CTX_clear_options()\fR or \&\fBSSL_clear_options()\fR. .PP -The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that -\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure +The difference between the \fBSSL_OP_LEGACY_SERVER_CONNECT\fR and +\&\fBSSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\fR options is that +\&\fBSSL_OP_LEGACY_SERVER_CONNECT\fR enables initial connections and secure renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections +\&\fBSSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\fR allows initial connections and renegotiation between OpenSSL and unpatched clients or servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bit-mask +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bit\-mask after adding \fBoptions\fR. .PP -\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bit-mask +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bit\-mask after clearing \fBoptions\fR. .PP -\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bit-mask. +\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bit\-mask. .PP \&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports secure renegotiation and 0 if it does not. @@ -527,27 +452,27 @@ \&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), \&\fBSSL_CTX_set_min_proto_version\fR\|(3), \&\fBopenssl\-dhparam\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The attempt to always try to use secure renegotiation was added in OpenSSL 0.9.8m. .PP -The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options +The \fBSSL_OP_PRIORITIZE_CHACHA\fR and \fBSSL_OP_NO_RENEGOTIATION\fR options were added in OpenSSL 1.1.1. .PP -The \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR and \fB\s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0\fR +The \fBSSL_OP_NO_EXTENDED_MASTER_SECRET\fR and \fBSSL_OP_IGNORE_UNEXPECTED_EOF\fR options were added in OpenSSL 3.0. .PP -The \fB\s-1SSL_OP_\s0\fR constants and the corresponding parameter and return values +The \fBSSL_OP_\fR constants and the corresponding parameter and return values of the affected functions were changed to \f(CW\*(C`uint64_t\*(C'\fR type in OpenSSL 3.0. -For that reason it is no longer possible use the \fB\s-1SSL_OP_\s0\fR macro values +For that reason it is no longer possible use the \fBSSL_OP_\fR macro values in preprocessor \f(CW\*(C`#if\*(C'\fR conditions. However it is still possible to test whether these macros are defined or not. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2001\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3ossl" -.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, @@ -146,7 +71,7 @@ SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback \&\- set PSK client callback -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -172,28 +97,28 @@ \& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); \& void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" A client application wishing to use TLSv1.3 PSKs should use either \&\fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR as appropriate. These functions cannot be used for TLSv1.2 and below PSKs. .PP -The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. +The callback function is given a pointer to the SSL connection in \fBssl\fR. .PP The first time the callback is called for a connection the \fBmd\fR parameter is -\&\s-1NULL.\s0 In some circumstances the callback will be called a second time. In that -case the server will have specified a ciphersuite to use already and the \s-1PSK\s0 +NULL. In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the PSK must be compatible with the digest for that ciphersuite. The digest will be -given in \fBmd\fR. The \s-1PSK\s0 returned by the callback is allowed to be different +given in \fBmd\fR. The PSK returned by the callback is allowed to be different between the first and second time it is called. .PP On successful completion the callback must store a pointer to an identifier for -the \s-1PSK\s0 in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. +the PSK in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. The memory pointed to by \fB*id\fR remains owned by the application and should be freed by it as required at any point after the handshake is complete. .PP -Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in -\&\fB*sess\fR. This is used as the basis for the \s-1PSK,\s0 and should, at a minimum, have +Additionally the callback should store a pointer to an SSL_SESSION object in +\&\fB*sess\fR. This is used as the basis for the PSK, and should, at a minimum, have the following fields set: .IP "The master key" 4 .IX Item "The master key" @@ -201,46 +126,54 @@ .IP "A ciphersuite" 4 .IX Item "A ciphersuite" Only the handshake digest associated with the ciphersuite is relevant for the -\&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with +PSK (the server may go on to negotiate any ciphersuite which is compatible with the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is -not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. +not NULL the handshake digest for the ciphersuite should be the same. The ciphersuite can be set via a call to <\fBSSL_SESSION_set_cipher\fR\|(3)>. The -handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using +handshake digest of an SSL_CIPHER object can be checked using <\fBSSL_CIPHER_get_handshake_digest\fR\|(3)>. .IP "The protocol version" 4 .IX Item "The protocol version" This can be set via a call to \fBSSL_SESSION_set_protocol_version\fR\|(3) and should -be \s-1TLS1_3_VERSION.\s0 +be TLS1_3_VERSION. .PP Additionally the maximum early data value should be set via a call to -\&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early +\&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the PSK will be used for sending early data. .PP -Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also -be used as the basis for a \s-1PSK.\s0 +Alternatively an SSL_SESSION created from a previous non\-PSK handshake may also +be used as the basis for a PSK. .PP -Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it +Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it should not be freed by the application. .PP -It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this -case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do +Note that as described above, the callback may be called a second time during a +handshake. Since ownership of the SSL_SESSION is transferred to OpenSSL on each +call, if the callback wishes to return the same SSL_SESSION pointer on a +subsequent invocation, it must first call \fBSSL_SESSION_up_ref\fR\|(3) to increment +the reference count. Failure to do so will result in a use\-after\-free error. +Alternatively, the callback may return a different SSL_SESSION object on each +call (e.g., by calling \fBSSL_SESSION_dup\fR\|(3)). +.PP +It is also possible for the callback to succeed but not supply a PSK. In this +case no PSK will be sent to the server but the handshake will continue. To do this the callback should return successfully and ensure that \fB*sess\fR is -\&\s-1NULL.\s0 The contents of \fB*id\fR and \fB*idlen\fR will be ignored. +NULL. The contents of \fB*id\fR and \fB*idlen\fR will be ignored. .PP -A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must +A client application wishing to use PSK ciphersuites for TLSv1.2 and below must provide a different callback function. This function will be called when the client is sending the ClientKeyExchange message to the server. .PP -The purpose of the callback function is to select the \s-1PSK\s0 identity and -the pre-shared key to use during the connection setup phase. +The purpose of the callback function is to select the PSK identity and +the pre\-shared key to use during the connection setup phase. .PP The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR or \fBSSL_set_psk_client_callback()\fR. The callback function is given the -connection in parameter \fBssl\fR, a \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint +connection in parameter \fBssl\fR, a \fBNUL\fR\-terminated PSK identity hint sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of -length \fBmax_identity_len\fR bytes (including the \fB\s-1NUL\s0\fR\-terminator) where the -resulting \fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR -of length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to +length \fBmax_identity_len\fR bytes (including the \fBNUL\fR\-terminator) where the +resulting \fBNUL\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR +of length \fBmax_psk_len\fR bytes where the resulting pre\-shared key is to be stored. .PP The callback for use in TLSv1.2 will also work in TLSv1.3 although it is @@ -251,30 +184,30 @@ and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or \&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will -always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned -\&\s-1PSK.\s0 TLSv1.3 early data exchanges are possible in \s-1PSK\s0 connections only with the +always be NULL and the handshake digest will default to SHA\-256 for any returned +PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the \&\fBSSL_psk_use_session_cb_func\fR callback, and are not possible with the \&\fBSSL_psk_client_cb_func\fR callback. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. +Note that parameter \fBhint\fR given to the callback may be \fBNULL\fR. .PP -A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .PP -There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or -below) and TLSv1.3. However, the \s-1RFC\s0 has this note of caution: +There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However, the RFC has this note of caution: .PP -\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +"While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can -ensure safety from cross-protocol related output by not reusing PSKs between -\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 +ensure safety from cross\-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2." .SH "RETURN VALUES" .IX Header "RETURN VALUES" Return values from the \fBSSL_psk_client_cb_func\fR callback are interpreted as follows: .PP -On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) +On success (callback found a PSK identity and a pre\-shared key to use) the length (> 0) of \fBpsk\fR in bytes is returned. .PP Otherwise or on errors the callback should return 0. In this case @@ -287,15 +220,15 @@ \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3), \&\fBSSL_set_psk_find_session_callback\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_CTX_set_psk_use_session_callback()\fR and \fBSSL_set_psk_use_session_callback()\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3ossl" -.TH SSL_CTX_SET_QUIET_SHUTDOWN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,36 +76,36 @@ \& void SSL_set_quiet_shutdown(SSL *ssl, int mode); \& int SSL_get_quiet_shutdown(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be -\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time +\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the "quiet shutdown" flag for \fBctx\fR to be +\&\fBmode\fR. SSL objects created from \fBctx\fR inherit the \fBmode\fR valid at the time \&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. .PP -\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the "quiet shutdown" setting of \fBctx\fR. .PP -\&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBSSL_set_quiet_shutdown()\fR sets the "quiet shutdown" flag for \fBssl\fR to be \&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with \&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again. It is not changed when \fBSSL_clear\fR\|(3) is called. \&\fBmode\fR may be 0 or 1. .PP -\&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. -.SH "NOTES" +\&\fBSSL_get_quiet_shutdown()\fR returns the "quiet shutdown" setting of \fBssl\fR. +.SH NOTES .IX Header "NOTES" -Normally when a \s-1SSL\s0 connection is finished, the parties must send out +Normally when a SSL connection is finished, the parties must send out close_notify alert messages using \fBSSL_shutdown\fR\|(3) for a clean shutdown. .PP -When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3) +When setting the "quiet shutdown" flag to 1, \fBSSL_shutdown\fR\|(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (\fBSSL_shutdown\fR\|(3) then behaves like \&\fBSSL_set_shutdown\fR\|(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no close_notify alert -is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +is sent to the peer. This behaviour violates the TLS standard. .PP -The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. +The default is normal shutdown behaviour as described by the TLS standard. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return @@ -193,11 +118,11 @@ \&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), \&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_READ_AHEAD 3ossl" -.TH SSL_CTX_SET_READ_AHEAD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_READ_AHEAD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead \&\- manage whether to read as many input bytes as possible -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,12 +80,12 @@ \& long SSL_CTX_get_read_ahead(SSL_CTX *ctx); \& long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as many input bytes as possible (for nonblocking reads) or not. For example if \&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from -the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes +the underlying BIO (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes into its buffer (providing that the buffer is large enough) if reading ahead is on, or \fBx\fR bytes otherwise. Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn @@ -170,24 +95,24 @@ \&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading ahead has been set or not. \&\fBSSL_CTX_get_default_read_ahead()\fR is identical to \fBSSL_CTX_get_read_ahead()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -These functions have no impact when used with \s-1DTLS.\s0 The return values for -\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting +These functions have no impact when used with DTLS. The return values for +\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for DTLS. Setting \&\fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function (see \fBSSL_pending\fR\|(3)). .PP -Since \fBSSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data -records, and \fBSSL_has_pending()\fR can't tell the difference between processed and -unprocessed data, it's recommended that if read ahead is turned on that -\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fBSSL_CTX_clear_mode()\fR. -That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete -record available that hasn't been processed. +Since \fBSSL_read()\fR can return \fBSSL_ERROR_WANT_READ\fR for non\-application data +records, and \fBSSL_has_pending()\fR can\*(Aqt tell the difference between processed and +unprocessed data, it\*(Aqs recommended that if read ahead is turned on that +\&\fBSSL_MODE_AUTO_RETRY\fR is not turned off using \fBSSL_CTX_clear_mode()\fR. +That will prevent getting \fBSSL_ERROR_WANT_READ\fR when there is still a complete +record available that hasn\*(Aqt been processed. .PP -If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 -connection) after the \s-1SSL\s0 connection is finished using \fBSSL_shutdown()\fR reading +If the application wants to continue to use the underlying transport (e.g. TCP +connection) after the SSL connection is finished using \fBSSL_shutdown()\fR reading ahead should be turned off. -Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. +Otherwise the SSL structure might read data that it shouldn\*(Aqt. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_get_read_ahead()\fR and \fBSSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, @@ -195,11 +120,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3ossl" -.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, @@ -147,7 +72,7 @@ SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding \- install callback to specify TLS 1.3 record padding -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -164,28 +89,28 @@ \& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); \& int SSL_set_block_padding(SSL *ssl, size_t block_size); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_record_padding_callback()\fR or \fBSSL_set_record_padding_callback()\fR can be used to assign a callback function \fIcb\fR to specify the padding -for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. -Kernel \s-1TLS\s0 is not possible if the record padding callback is set, and the callback -function cannot be set if Kernel \s-1TLS\s0 is already configured for the current \s-1SSL\s0 object. +for TLS 1.3 records. The value set in \fBctx\fR is copied to a new SSL by \fBSSL_new()\fR. +Kernel TLS is not possible if the record padding callback is set, and the callback +function cannot be set if Kernel TLS is already configured for the current SSL object. .PP \&\fBSSL_CTX_set_record_padding_callback_arg()\fR and \fBSSL_set_record_padding_callback_arg()\fR assign a value \fBarg\fR that is passed to the callback when it is invoked. The value -set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. +set in \fBctx\fR is copied to a new SSL by \fBSSL_new()\fR. .PP \&\fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR retrieve the \fBarg\fR value that is passed to the callback. .PP \&\fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR pads the record to a multiple of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of -\&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 +\&\fBblock_size\fR is SSL3_RT_MAX_PLAIN_LENGTH. .PP The callback is invoked for every record before encryption. -The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be -one of \s-1SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE,\s0 or \s-1SSL3_RT_ALERT.\s0 +The \fBtype\fR parameter is the TLS record type that is being processed; may be +one of SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE, or SSL3_RT_ALERT. The \fBlen\fR parameter is the current plaintext length of the record before encryption. The \fBarg\fR parameter is the value set via \fBSSL_CTX_set_record_padding_callback_arg()\fR or \fBSSL_set_record_padding_callback_arg()\fR. @@ -199,36 +124,36 @@ .PP The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 indicates no padding will be added. A return value that causes the record to -exceed the maximum record size (\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0) will pad out to the +exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the maximum record size. .PP The \fBSSL_CTX_get_record_padding_callback_arg()\fR function returns 1 on success or 0 if -the callback function is not set because Kernel \s-1TLS\s0 is configured for the \s-1SSL\s0 object. -.SH "NOTES" +the callback function is not set because Kernel TLS is configured for the SSL object. +.SH NOTES .IX Header "NOTES" The default behavior is to add no padding to the record. .PP -A user-supplied padding callback function will override the behavior set by -\&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user-supplied -callback to \s-1NULL\s0 will restore the configured block padding behavior. +A user\-supplied padding callback function will override the behavior set by +\&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user\-supplied +callback to NULL will restore the configured block padding behavior. .PP -These functions only apply to \s-1TLS 1.3\s0 records being written. +These functions only apply to TLS 1.3 records being written. .PP -Padding bytes are not added in constant-time. +Padding bytes are not added in constant\-time. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The record padding \s-1API\s0 was added for \s-1TLS 1.3\s0 support in OpenSSL 1.1.1. +The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1. .PP The return type of \fBSSL_CTX_set_record_padding_callback()\fR function was changed to int in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SECURITY_LEVEL 3ossl" -.TH SSL_CTX_SET_SECURITY_LEVEL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_SECURITY_LEVEL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -173,7 +98,7 @@ \& void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); \& void *SSL_get0_security_ex_data(const SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functions \fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR set the security level to \fBlevel\fR. If not set the library default security level @@ -195,7 +120,7 @@ application specific value. .SH "DEFAULT CALLBACK BEHAVIOUR" .IX Header "DEFAULT CALLBACK BEHAVIOUR" -If an application doesn't set its own security callback the default +If an application doesn\*(Aqt set its own security callback the default callback is used. It is intended to provide sane defaults. The meaning of each level is described below. .IP "\fBLevel 0\fR" 4 @@ -205,40 +130,40 @@ .IP "\fBLevel 1\fR" 4 .IX Item "Level 1" The security level corresponds to a minimum of 80 bits of security. Any -parameters offering below 80 bits of security are excluded. As a result \s-1RSA, -DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits +parameters offering below 80 bits of security are excluded. As a result RSA, +DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer -less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite -using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. Note that signatures using \s-1SHA1\s0 -and \s-1MD5\s0 are also forbidden at this level as they have less than 80 security +less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite +using MD5 for the MAC is also prohibited. Note that signatures using SHA1 +and MD5 are also forbidden at this level as they have less than 80 security bits. .IP "\fBLevel 2\fR" 4 .IX Item "Level 2" -Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys -shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. -In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also -prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. +Security level set to 112 bits of security. As a result RSA, DSA and DH keys +shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. +In addition to the level 1 exclusions any cipher suite using RC4 is also +prohibited. SSL version 3 is also not allowed. Compression is disabled. .IP "\fBLevel 3\fR" 4 .IX Item "Level 3" -Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys -shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. +Security level set to 128 bits of security. As a result RSA, DSA and DH keys +shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward -secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session +secrecy are prohibited. TLS versions below 1.1 are not permitted. Session tickets are disabled. .IP "\fBLevel 4\fR" 4 .IX Item "Level 4" -Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and -\&\s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are -prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 +Security level set to 192 bits of security. As a result RSA, DSA and +DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are +prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are not permitted. .IP "\fBLevel 5\fR" 4 .IX Item "Level 5" -Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys -shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. +Security level set to 256 bits of security. As a result RSA, DSA and DH keys +shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited. .SH "APPLICATION DEFINED SECURITY CALLBACKS" .IX Header "APPLICATION DEFINED SECURITY CALLBACKS" \&\fIDocumentation to be provided.\fR -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The default security level can be configured when OpenSSL is compiled by setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. @@ -246,35 +171,35 @@ The security framework disables or reject parameters inconsistent with the set security level. In the past this was difficult as applications had to set a number of distinct parameters (supported ciphers, supported curves supported -signature algorithms) to achieve this end and some cases (\s-1DH\s0 parameter size +signature algorithms) to achieve this end and some cases (DH parameter size for example) could not be checked at all. .PP By setting an appropriate security level much of this complexity can be avoided. .PP The bits of security limits affect all relevant parameters including -cipher suite encryption algorithms, supported \s-1ECC\s0 curves, supported -signature algorithms, \s-1DH\s0 parameter sizes, certificate key sizes and +cipher suite encryption algorithms, supported ECC curves, supported +signature algorithms, DH parameter sizes, certificate key sizes and signature algorithms. This limit applies no matter what other custom -settings an application has set: so if the cipher suite is set to \fB\s-1ALL\s0\fR +settings an application has set: so if the cipher suite is set to \fBALL\fR then only cipher suites consistent with the security level are permissible. .PP -See \s-1SP800\-57\s0 for how the security limits are related to individual +See SP800\-57 for how the security limits are related to individual algorithms. .PP -Some security levels require large key sizes for non-ECC public key +Some security levels require large key sizes for non\-ECC public key algorithms which can severely degrade performance. For example 256 bits -of security requires the use of \s-1RSA\s0 keys of at least 15360 bits in size. +of security requires the use of RSA keys of at least 15360 bits in size. .PP Some restrictions can be gracefully handled: for example cipher suites offering insufficient security are not sent by the client and will not be selected by the server. Other restrictions such as the peer certificate -key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal +key size or the DH parameter size will abort the handshake with a fatal alert. .PP Attempts to set certificates or parameters with insufficient security are -also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 key -or a certificate with a signature with \s-1SHA1\s0 digest at level 1 using +also blocked. For example trying to set a certificate using a 512 bit RSA key +or a certificate with a signature with SHA1 digest at level 1 using \&\fBSSL_CTX_use_certificate()\fR. Applications which do not check the return values for errors will misbehave: for example it might appear that a certificate is not set at all because it had been rejected. @@ -283,27 +208,27 @@ \&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values. .PP \&\fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR return a integer that -represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. +represents the security level with \fBSSL_CTX\fR or \fBSSL\fR, respectively. .PP \&\fBSSL_CTX_set_security_callback()\fR and \fBSSL_set_security_callback()\fR do not return values. .PP \&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR return the pointer -to the security callback or \s-1NULL\s0 if the callback is not set. +to the security callback or NULL if the callback is not set. .PP \&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra -data pointer or \s-1NULL\s0 if the ex data is not set. +data pointer or NULL if the ex data is not set. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3ossl" -.TH SSL_CTX_SET_SESSION_CACHE_MODE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,27 +73,27 @@ \& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); \& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching by setting the operational mode for \fBctx\fR to . .PP \&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. +The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. The sessions can be held in memory for each \fBctx\fR, if more than one -\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 +SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX object. .PP -In order to reuse a session, a client must send the session's id to the +In order to reuse a session, a client must send the session\*(Aqs id to the server. It can only send exactly one id. The server then either agrees to reuse the session or it starts a full handshake (to create a new session). .PP A server will look up the session in its internal session storage. If the session is not found in internal storage or lookups for the internal storage -have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try the external storage if available. .PP Since a client may try to reuse a session intended for use in a different @@ -176,28 +101,28 @@ \&\fBSSL_CTX_set_session_id_context\fR\|(3)). .PP The following session cache modes and modifiers are available: -.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IP SSL_SESS_CACHE_OFF 4 .IX Item "SSL_SESS_CACHE_OFF" No session caching for client or server takes place. -.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IP SSL_SESS_CACHE_CLIENT 4 .IX Item "SSL_SESS_CACHE_CLIENT" Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which -session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not +session to choose (due to the abstract BIO layer the SSL engine does not have details about the connection), the application must select the session to be reused by using the \fBSSL_set_session\fR\|(3) function. This option is not activated by default. -.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IP SSL_SESS_CACHE_SERVER 4 .IX Item "SSL_SESS_CACHE_SERVER" Server sessions are added to the session cache. When a client proposes a session to be reused, the server looks for the corresponding session in (first) -the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set), then (second) in the external cache if available. If the session is found, the server will try to reuse the session. This is the default. -.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IP SSL_SESS_CACHE_BOTH 4 .IX Item "SSL_SESS_CACHE_BOTH" -Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. -.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time. +.IP SSL_SESS_CACHE_NO_AUTO_CLEAR 4 .IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" Normally the session cache is checked for expired sessions every 255 connections using the @@ -206,37 +131,37 @@ flushing may be disabled and \&\fBSSL_CTX_flush_sessions\fR\|(3) can be called explicitly by the application. -.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IP SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" -By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +By setting this flag, session\-resume operations in an SSL/TLS server will not automatically look up sessions in the internal cache, even if sessions are automatically stored there. If external session caching callbacks are in use, this flag guarantees that all lookups are directed to the external cache. -As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +As automatic lookup only applies for SSL/TLS servers, the flag has no effect on clients. -.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IP SSL_SESS_CACHE_NO_INTERNAL_STORE 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" -Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0 -sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER, +sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external -session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will +session caching (callback) that is configured for the SSL_CTX. This flag will prevent sessions being stored in the internal cache (though the application can add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: -in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful -session lookups in the external cache (i.e. for session-resume requests) would +in any SSL/TLS servers where external caching is configured, any successful +session lookups in the external cache (i.e. for session\-resume requests) would normally be copied into the local cache before processing continues \- this flag prevents these additions to the internal cache as well. -.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IP SSL_SESS_CACHE_NO_INTERNAL 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL" -Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and -\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. -.IP "\s-1SSL_SESS_CACHE_UPDATE_TIME\s0" 4 +Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and +SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time. +.IP SSL_SESS_CACHE_UPDATE_TIME 4 .IX Item "SSL_SESS_CACHE_UPDATE_TIME" Updates the timestamp of the session when it is used, increasing the lifespan of the session. The session timeout applies to last use, rather then creation time. .PP -The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 +The default mode is SSL_SESS_CACHE_SERVER. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. @@ -253,11 +178,11 @@ \&\fBSSL_CTX_set_session_id_context\fR\|(3), \&\fBSSL_CTX_set_timeout\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3ossl" -.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,18 +75,18 @@ \& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, \& unsigned int sid_ctx_len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length \&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. .PP \&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length \&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Sessions are generated within a certain context. When exporting/importing sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, -to re-import a session generated from another context (e.g. another +to re\-import a session generated from another context (e.g. another application), which might lead to malfunctions. Therefore, each application must set its own session id context \fBsid_ctx\fR which is used to distinguish the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be @@ -170,7 +95,7 @@ name ... .PP The session id context becomes part of the session. The session id context -is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and +is set by the SSL/TLS server. The \fBSSL_CTX_set_session_id_context()\fR and \&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the server side. .PP @@ -178,10 +103,10 @@ when reusing a session. .PP The maximum length of the \fBsid_ctx\fR is limited to -\&\fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. -.SH "WARNINGS" +\&\fBSSL_MAX_SID_CTX_LENGTH\fR. +.SH WARNINGS .IX Header "WARNINGS" -If the session id context is not set on an \s-1SSL/TLS\s0 server and client +If the session id context is not set on an SSL/TLS server and client certificates are used, stored sessions will not be reused but a fatal error will be flagged and the handshake will fail. @@ -195,21 +120,21 @@ .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR return the following values: -.IP "0" 4 +.IP 0 4 The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded -the maximum allowed length of \fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. The error +the maximum allowed length of \fBSSL_MAX_SID_CTX_LENGTH\fR. The error is logged to the error stack. -.IP "1" 4 +.IP 1 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3ossl" -.TH SSL_CTX_SET_SESSION_TICKET_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,12 +87,12 @@ \& int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); \& int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR and \fBdec_cb\fR that are used by a server to set and get application data stored with a session, and placed into a session ticket. Either callback function may -be set to \s-1NULL.\s0 The value of \fBarg\fR is passed to the callbacks. +be set to NULL. The value of \fBarg\fR is passed to the callbacks. .PP \&\fBgen_cb\fR is the application defined callback invoked when a session ticket is about to be created. The application can call \fBSSL_SESSION_set1_ticket_appdata()\fR @@ -180,7 +105,7 @@ available. If ticket decryption was successful then the \fBss\fR argument contains the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key used to decrypt the session ticket. The \fBstatus\fR argument is the result of the -ticket decryption. See the \*(L"\s-1NOTES\*(R"\s0 section below for further details. The value +ticket decryption. See the "NOTES" section below for further details. The value of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. .PP @@ -194,15 +119,15 @@ \&\fBSSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket application data and assigns \fBlen\fR to the length of the session ticket application data from \fBss\fR. The application data can be set via -\&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned +\&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. NULL will be assigned to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket application data. \fBSSL_SESSION_get0_ticket_appdata()\fR can be called any time after a session has been created. The \fBdec_cb\fR is provided to notify the application that a session ticket has just been decrypted. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When the \fBdec_cb\fR callback is invoked, the \s-1SSL_SESSION\s0 \fBss\fR has not yet been -assigned to the \s-1SSL\s0 \fBs\fR. The \fBstatus\fR indicates the result of the ticket +When the \fBdec_cb\fR callback is invoked, the SSL_SESSION \fBss\fR has not yet been +assigned to the SSL \fBs\fR. The \fBstatus\fR indicates the result of the ticket decryption. The callback must check the \fBstatus\fR value before performing any action, as it is called even if ticket decryption fails. .PP @@ -210,67 +135,67 @@ the key that was used to encrypt the session ticket. .PP The \fBstatus\fR argument can be any of these values: -.IP "\s-1SSL_TICKET_EMPTY\s0" 4 +.IP SSL_TICKET_EMPTY 4 .IX Item "SSL_TICKET_EMPTY" Empty ticket present. No ticket data will be used and a new ticket should be sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not valid for a client to send an empty ticket. -.IP "\s-1SSL_TICKET_NO_DECRYPT\s0" 4 +.IP SSL_TICKET_NO_DECRYPT 4 .IX Item "SSL_TICKET_NO_DECRYPT" -The ticket couldn't be decrypted. No ticket data will be used and a new ticket +The ticket couldn\*(Aqt be decrypted. No ticket data will be used and a new ticket should be sent to the client. -.IP "\s-1SSL_TICKET_SUCCESS\s0" 4 +.IP SSL_TICKET_SUCCESS 4 .IX Item "SSL_TICKET_SUCCESS" A ticket was successfully decrypted, any session ticket application data should be available. A new ticket should not be sent to the client. -.IP "\s-1SSL_TICKET_SUCCESS_RENEW\s0" 4 +.IP SSL_TICKET_SUCCESS_RENEW 4 .IX Item "SSL_TICKET_SUCCESS_RENEW" -Same as \fB\s-1SSL_TICKET_SUCCESS\s0\fR, but a new ticket should be sent to the client. +Same as \fBSSL_TICKET_SUCCESS\fR, but a new ticket should be sent to the client. .PP The return value can be any of these values: -.IP "\s-1SSL_TICKET_RETURN_ABORT\s0" 4 +.IP SSL_TICKET_RETURN_ABORT 4 .IX Item "SSL_TICKET_RETURN_ABORT" The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single handshake. Therefore, just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution. -.IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 +.IP SSL_TICKET_RETURN_IGNORE 4 .IX Item "SSL_TICKET_RETURN_IGNORE" Do not use a ticket (if one was available). Do not send a renewed ticket to the client. -.IP "\s-1SSL_TICKET_RETURN_IGNORE_RENEW\s0" 4 +.IP SSL_TICKET_RETURN_IGNORE_RENEW 4 .IX Item "SSL_TICKET_RETURN_IGNORE_RENEW" Do not use a ticket (if one was available). Send a renewed ticket to the client. .Sp If the callback does not wish to change the default ticket behaviour then it -should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_EMPTY\s0\fR or -\&\fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR. -.IP "\s-1SSL_TICKET_RETURN_USE\s0" 4 +should return this value if \fBstatus\fR is \fBSSL_TICKET_EMPTY\fR or +\&\fBSSL_TICKET_NO_DECRYPT\fR. +.IP SSL_TICKET_RETURN_USE 4 .IX Item "SSL_TICKET_RETURN_USE" Use the ticket. Do not send a renewed ticket to the client. It is an error for the callback to return this value if \fBstatus\fR has a value other than -\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +\&\fBSSL_TICKET_SUCCESS\fR or \fBSSL_TICKET_SUCCESS_RENEW\fR. .Sp If the callback does not wish to change the default ticket behaviour then it -should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS\s0\fR. -.IP "\s-1SSL_TICKET_RETURN_USE_RENEW\s0" 4 +should return this value if \fBstatus\fR is \fBSSL_TICKET_SUCCESS\fR. +.IP SSL_TICKET_RETURN_USE_RENEW 4 .IX Item "SSL_TICKET_RETURN_USE_RENEW" Use the ticket. Send a renewed ticket to the client. It is an error for the callback to return this value if \fBstatus\fR has a value other than -\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +\&\fBSSL_TICKET_SUCCESS\fR or \fBSSL_TICKET_SUCCESS_RENEW\fR. .Sp If the callback does not wish to change the default ticket behaviour then it -should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +should return this value if \fBstatus\fR is \fBSSL_TICKET_SUCCESS_RENEW\fR. .PP -If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR then +If \fBstatus\fR has the value \fBSSL_TICKET_EMPTY\fR or \fBSSL_TICKET_NO_DECRYPT\fR then no session data will be available and the callback must not use the \fBss\fR -argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or -\&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call +argument. If \fBstatus\fR has the value \fBSSL_TICKET_SUCCESS\fR or +\&\fBSSL_TICKET_SUCCESS_RENEW\fR then the application can call \&\fBSSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR argument to retrieve the application data. .PP When the \fBgen_cb\fR callback is invoked, the \fBSSL_get_session()\fR function can be -used to retrieve the \s-1SSL_SESSION\s0 for \fBSSL_SESSION_set1_ticket_appdata()\fR. +used to retrieve the SSL_SESSION for \fBSSL_SESSION_set1_ticket_appdata()\fR. .PP By default, in TLSv1.2 and below, a new session ticket is not issued on a successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the @@ -284,22 +209,22 @@ failure. .PP The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 -will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. +will terminate the connection with an INTERNAL_ERROR alert. .PP -The \fBdec_cb\fR callback must return a value as described in \*(L"\s-1NOTES\*(R"\s0 above. +The \fBdec_cb\fR callback must return a value as described in "NOTES" above. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_get_session\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3ossl" -.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, @@ -146,7 +71,7 @@ SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -167,32 +92,32 @@ \& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); \& uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *session); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Some engines are able to process multiple simultaneous crypto operations. This capability could be utilised to parallelise the processing of a single connection. For example a single write can be split into multiple records and each one encrypted independently and in parallel. Note: this will only work in -\&\s-1TLS1.1+.\s0 There is no support in SSLv3, TLSv1.0 or \s-1DTLS\s0 (any version). This -capability is known as \*(L"pipelining\*(R" within OpenSSL. +TLS1.1+. There is no support in SSLv3, TLSv1.0 or DTLS (any version). This +capability is known as "pipelining" within OpenSSL. .PP In order to benefit from the pipelining capability. You need to have an engine -that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides -\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However, these are for +that provides ciphers that support this. The OpenSSL "dasync" engine provides +AES128\-SHA based ciphers that have this capability. However, these are for development and test purposes only. .PP \&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the -\&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This +\&\fBmax_send_fragment\fR parameter for SSL_CTX and SSL objects respectively. This value restricts the amount of plaintext bytes that will be sent in any one -\&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These -functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 +SSL/TLS record. By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384). These +functions will only accept a value in the range 512 \- SSL3_RT_MAX_PLAIN_LENGTH. .PP \&\fBSSL_CTX_set_max_pipelines()\fR and \fBSSL_set_max_pipelines()\fR set the maximum number of pipelines that will be used at any one time. This value applies to both -\&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be -used (i.e. normal non-parallel operation). The number of pipelines set must be -in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also -automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is +"read" pipelining and "write" pipelining. By default only one pipeline will be +used (i.e. normal non\-parallel operation). The number of pipelines set must be +in the range 1 \- SSL_MAX_PIPELINES (32). Setting this to a value > 1 will also +automatically turn on "read_ahead" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is explained further below. OpenSSL will only ever use more than one pipeline if a cipher suite is negotiated that uses a pipeline capable cipher provided by an engine. @@ -218,7 +143,7 @@ \&\fBsplit_send_fragment\fR must always be less than or equal to \&\fBmax_send_fragment\fR. By default it is set to be equal to \fBmax_send_fragment\fR. This will mean that the same number of records will always be created as would -have been created in the non-parallel case, although the data will be +have been created in the non\-parallel case, although the data will be apportioned differently. In the parallel case data will be spread equally between the pipelines. .PP @@ -243,26 +168,26 @@ parameter sets the size of the buffer. The value will only be used if it is greater than the default that would have been used anyway. The normal default value depends on a number of factors but it will be at least -\&\s-1SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. +SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD (16704) bytes. .PP \&\fBSSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment length negotiation mode via value \fBmode\fR to \fBctx\fR. -This setting affects only \s-1SSL\s0 instances created after this function is called. -It affects the client-side as only its side may initiate this extension use. +This setting affects only SSL instances created after this function is called. +It affects the client\-side as only its side may initiate this extension use. .PP \&\fBSSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length negotiation mode via value \fBmode\fR to \fBssl\fR. This setting will be used during a handshake when extensions are exchanged between client and server. -So it only affects \s-1SSL\s0 sessions created after this function is called. -It affects the client-side as only its side may initiate this extension use. +So it only affects SSL sessions created after this function is called. +It affects the client\-side as only its side may initiate this extension use. .PP \&\fBSSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length negotiated in \fBsession\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -All non-void functions return 1 on success and 0 on failure. -.SH "NOTES" +All non\-void functions return 1 on success and 0 on failure. +.SH NOTES .IX Header "NOTES" The Maximum Fragment Length extension support is optional on the server side. If the server does not support this extension then @@ -270,19 +195,19 @@ TLSEXT_max_fragment_length_DISABLED. .PP The following modes are available: -.IP "TLSEXT_max_fragment_length_DISABLED" 4 +.IP TLSEXT_max_fragment_length_DISABLED 4 .IX Item "TLSEXT_max_fragment_length_DISABLED" Disables Maximum Fragment Length Negotiation (default). -.IP "TLSEXT_max_fragment_length_512" 4 +.IP TLSEXT_max_fragment_length_512 4 .IX Item "TLSEXT_max_fragment_length_512" Sets Maximum Fragment Length to 512 bytes. -.IP "TLSEXT_max_fragment_length_1024" 4 +.IP TLSEXT_max_fragment_length_1024 4 .IX Item "TLSEXT_max_fragment_length_1024" Sets Maximum Fragment Length to 1024. -.IP "TLSEXT_max_fragment_length_2048" 4 +.IP TLSEXT_max_fragment_length_2048 4 .IX Item "TLSEXT_max_fragment_length_2048" Sets Maximum Fragment Length to 2048. -.IP "TLSEXT_max_fragment_length_4096" 4 +.IP TLSEXT_max_fragment_length_4096 4 .IX Item "TLSEXT_max_fragment_length_4096" Sets Maximum Fragment Length to 4096. .PP @@ -294,7 +219,7 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_CTX_set_max_pipelines()\fR, \fBSSL_set_max_pipelines()\fR, \&\fBSSL_CTX_set_split_send_fragment()\fR, \fBSSL_set_split_send_fragment()\fR, @@ -303,11 +228,11 @@ .PP The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_srp_password.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_srp_password.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SRP_PASSWORD 3ossl" -.TH SSL_CTX_SET_SRP_PASSWORD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_SRP_PASSWORD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_srp_username, SSL_CTX_set_srp_password, SSL_CTX_set_srp_strength, @@ -153,14 +78,14 @@ SSL_get_srp_username, SSL_get_srp_userinfo \&\- SRP control operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 10 @@ -186,62 +111,62 @@ \& char *SSL_get_srp_username(SSL *s); \& char *SSL_get_srp_userinfo(SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All of the functions described on this page are deprecated. There are no available replacement functions at this time. .PP -These functions provide access to \s-1SRP\s0 (Secure Remote Password) parameters, -an alternate authentication mechanism for \s-1TLS. SRP\s0 allows the use of usernames +These functions provide access to SRP (Secure Remote Password) parameters, +an alternate authentication mechanism for TLS. SRP allows the use of usernames and passwords over unencrypted channels without revealing the password to an -eavesdropper. \s-1SRP\s0 also supplies a shared secret at the end of the authentication +eavesdropper. SRP also supplies a shared secret at the end of the authentication sequence that can be used to generate encryption keys. .PP -The \s-1SRP\s0 protocol, version 3 is specified in \s-1RFC 2945. SRP\s0 version 6 is described -in \s-1RFC 5054\s0 with applications to \s-1TLS\s0 authentication. +The SRP protocol, version 3 is specified in RFC 2945. SRP version 6 is described +in RFC 5054 with applications to TLS authentication. .PP -The \fBSSL_CTX_set_srp_username()\fR function sets the \s-1SRP\s0 username for \fBctx\fR. This +The \fBSSL_CTX_set_srp_username()\fR function sets the SRP username for \fBctx\fR. This should be called on the client prior to creating a connection to the server. The length of \fBname\fR must be shorter or equal to 255 characters. .PP -The \fBSSL_CTX_set_srp_password()\fR function sets the \s-1SRP\s0 password for \fBctx\fR. This +The \fBSSL_CTX_set_srp_password()\fR function sets the SRP password for \fBctx\fR. This may be called on the client prior to creating a connection to the server. This overrides the effect of \fBSSL_CTX_set_srp_client_pwd_callback()\fR. .PP -The \fBSSL_CTX_set_srp_strength()\fR function sets the \s-1SRP\s0 strength for \fBctx\fR. This -is the minimal length of the \s-1SRP\s0 prime in bits. If not specified 1024 is used. +The \fBSSL_CTX_set_srp_strength()\fR function sets the SRP strength for \fBctx\fR. This +is the minimal length of the SRP prime in bits. If not specified 1024 is used. If not satisfied by the server key exchange the connection will be rejected. .PP The \fBSSL_CTX_set_srp_cb_arg()\fR function sets an extra parameter that will be passed to all following callbacks as \fBarg\fR. .PP The \fBSSL_CTX_set_srp_username_callback()\fR function sets the server side callback -that is invoked when an \s-1SRP\s0 username is found in a ClientHello. -The callback parameters are the \s-1SSL\s0 connection \fBs\fR, a writable error flag \fBad\fR +that is invoked when an SRP username is found in a ClientHello. +The callback parameters are the SSL connection \fBs\fR, a writable error flag \fBad\fR and the extra argument \fBarg\fR set by \fBSSL_CTX_set_srp_cb_arg()\fR. This callback should setup the server for the key exchange by calling \&\fBSSL_set_srp_server_param()\fR with the appropriate parameters for the received username. The username can be obtained by calling \fBSSL_get_srp_username()\fR. See \fBSRP_VBASE_init\fR\|(3) to parse the verifier file created by \fBopenssl\-srp\fR\|(1) or \&\fBSRP_create_verifier\fR\|(3) to generate it. -The callback should return \fB\s-1SSL_ERROR_NONE\s0\fR to proceed with the server key exchange, -\&\fB\s-1SSL3_AL_FATAL\s0\fR for a fatal error or any value < 0 for a retryable error. -In the event of a \fB\s-1SSL3_AL_FATAL\s0\fR the alert flag given by \fB*al\fR will be sent -back. By default this will be \fB\s-1SSL_AD_UNKNOWN_PSK_IDENTITY\s0\fR. +The callback should return \fBSSL_ERROR_NONE\fR to proceed with the server key exchange, +\&\fBSSL3_AL_FATAL\fR for a fatal error or any value < 0 for a retryable error. +In the event of a \fBSSL3_AL_FATAL\fR the alert flag given by \fB*al\fR will be sent +back. By default this will be \fBSSL_AD_UNKNOWN_PSK_IDENTITY\fR. .PP The \fBSSL_CTX_set_srp_client_pwd_callback()\fR function sets the client password callback on the client. -The callback parameters are the \s-1SSL\s0 connection \fBs\fR and the extra argument \fBarg\fR +The callback parameters are the SSL connection \fBs\fR and the extra argument \fBarg\fR set by \fBSSL_CTX_set_srp_cb_arg()\fR. The callback will be called as part of the generation of the client secrets. -It should return the client password in text form or \s-1NULL\s0 to abort the connection. +It should return the client password in text form or NULL to abort the connection. The resulting memory will be freed by the library as part of the callback resolution. This overrides the effect of \fBSSL_CTX_set_srp_password()\fR. .PP -The \fBSSL_CTX_set_srp_verify_param_callback()\fR sets the \s-1SRP\s0 gN parameter verification +The \fBSSL_CTX_set_srp_verify_param_callback()\fR sets the SRP gN parameter verification callback on the client. This allows the client to perform custom verification when -receiving the server \s-1SRP\s0 proposed parameters. -The callback parameters are the \s-1SSL\s0 connection \fBs\fR and the extra argument \fBarg\fR +receiving the server SRP proposed parameters. +The callback parameters are the SSL connection \fBs\fR and the extra argument \fBarg\fR set by \fBSSL_CTX_set_srp_cb_arg()\fR. The callback should return a positive value to accept the server parameters. Returning 0 or a negative value will abort the connection. The server parameters @@ -249,28 +174,28 @@ Sanity checks are already performed by the library after the handshake (B % N non zero, check against the strength parameter) and are not necessary. If no callback is set the g and N parameters will be checked against -known \s-1RFC 5054\s0 values. +known RFC 5054 values. .PP -The \fBSSL_set_srp_server_param()\fR function sets all \s-1SRP\s0 parameters for -the connection \fBs\fR. \fBN\fR and \fBg\fR are the \s-1SRP\s0 group parameters, \fBsa\fR is the +The \fBSSL_set_srp_server_param()\fR function sets all SRP parameters for +the connection \fBs\fR. \fBN\fR and \fBg\fR are the SRP group parameters, \fBsa\fR is the user salt, \fBv\fR the password verifier and \fBinfo\fR is the optional user info. .PP -The \fBSSL_set_srp_server_param_pw()\fR function sets all \s-1SRP\s0 parameters for the +The \fBSSL_set_srp_server_param_pw()\fR function sets all SRP parameters for the connection \fBs\fR by generating a random salt and a password verifier. -\&\fBuser\fR is the username, \fBpass\fR the password and \fBgrp\fR the \s-1SRP\s0 group parameters +\&\fBuser\fR is the username, \fBpass\fR the password and \fBgrp\fR the SRP group parameters identifier for \fBSRP_get_default_gN\fR\|(3). .PP -The \fBSSL_get_srp_g()\fR function returns the \s-1SRP\s0 group generator for \fBs\fR, or from -the underlying \s-1SSL_CTX\s0 if it is \s-1NULL.\s0 +The \fBSSL_get_srp_g()\fR function returns the SRP group generator for \fBs\fR, or from +the underlying SSL_CTX if it is NULL. .PP -The \fBSSL_get_srp_N()\fR function returns the \s-1SRP\s0 prime for \fBs\fR, or from -the underlying \s-1SSL_CTX\s0 if it is \s-1NULL.\s0 +The \fBSSL_get_srp_N()\fR function returns the SRP prime for \fBs\fR, or from +the underlying SSL_CTX if it is NULL. .PP -The \fBSSL_get_srp_username()\fR function returns the \s-1SRP\s0 username for \fBs\fR, or from -the underlying \s-1SSL_CTX\s0 if it is \s-1NULL.\s0 +The \fBSSL_get_srp_username()\fR function returns the SRP username for \fBs\fR, or from +the underlying SSL_CTX if it is NULL. .PP -The \fBSSL_get_srp_userinfo()\fR function returns the \s-1SRP\s0 user info for \fBs\fR, or from -the underlying \s-1SSL_CTX\s0 if it is \s-1NULL.\s0 +The \fBSSL_get_srp_userinfo()\fR function returns the SRP user info for \fBs\fR, or from +the underlying SSL_CTX if it is NULL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All SSL_CTX_set_* functions return 1 on success and 0 on failure. @@ -279,9 +204,9 @@ .PP The SSL_get_SRP_* functions return a pointer to the requested data, the memory is owned by the library and should not be freed by the caller. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Setup \s-1SRP\s0 parameters on the client: +Setup SRP parameters on the client: .PP .Vb 1 \& #include @@ -298,7 +223,7 @@ \& /* Error */ .Ve .PP -Setup \s-1SRP\s0 server with verifier file: +Setup SRP server with verifier file: .PP .Vb 2 \& #include @@ -347,14 +272,14 @@ \&\fBopenssl\-srp\fR\|(1), \&\fBSRP_VBASE_new\fR\|(3), \&\fBSRP_create_verifier\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.1 and deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SSL_VERSION 3ossl" -.TH SSL_CTX_SET_SSL_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_SSL_VERSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_ssl_version, SSL_CTX_get_ssl_method, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a new TLS/SSL method -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,61 +77,61 @@ \& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); \& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +\&\fBSSL_CTX_set_ssl_version()\fR sets a new default TLS/SSL \fBmethod\fR for SSL objects newly created from this \fBctx\fR. Most of the configuration attached to the -\&\s-1SSL_CTX\s0 object is retained, with the exception of the configured \s-1TLS\s0 ciphers, -which are reset to the default values. \s-1SSL\s0 objects already created from this -\&\s-1SSL_CTX\s0 with \fBSSL_new\fR\|(3) are not affected, except when \fBSSL_clear\fR\|(3) is +SSL_CTX object is retained, with the exception of the configured TLS ciphers, +which are reset to the default values. SSL objects already created from this +SSL_CTX with \fBSSL_new\fR\|(3) are not affected, except when \fBSSL_clear\fR\|(3) is being called, as described below. .PP -\&\fBSSL_CTX_get_ssl_method()\fR returns the \s-1SSL_METHOD\s0 which was used to construct the -\&\s-1SSL_CTX.\s0 +\&\fBSSL_CTX_get_ssl_method()\fR returns the SSL_METHOD which was used to construct the +SSL_CTX. .PP -\&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +\&\fBSSL_set_ssl_method()\fR sets a new TLS/SSL \fBmethod\fR for a particular \fBssl\fR object. It may be reset, when \fBSSL_clear()\fR is called. .PP -\&\fBSSL_get_ssl_method()\fR returns a pointer to the \s-1TLS/SSL\s0 method +\&\fBSSL_get_ssl_method()\fR returns a pointer to the TLS/SSL method set in \fBssl\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The available \fBmethod\fR choices are described in \&\fBSSL_CTX_new\fR\|(3). .PP When \fBSSL_clear\fR\|(3) is called and no session is connected to -an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently -set in the corresponding \s-1SSL_CTX\s0 object. +an SSL object, the method of the SSL object is reset to the method currently +set in the corresponding SSL_CTX object. .PP \&\fBSSL_CTX_set_version()\fR has unusual semantics and no clear use case; -it would usually be preferable to create a new \s-1SSL_CTX\s0 object than to +it would usually be preferable to create a new SSL_CTX object than to try to reuse an existing one in this fashion. Its usage is considered deprecated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR and \fBSSL_set_ssl_method()\fR: -.IP "0" 4 +.IP 0 4 The new choice failed, check the error stack to find out the reason. -.IP "1" 4 +.IP 1 4 .IX Item "1" The operation succeeded. .PP -\&\fBSSL_CTX_get_ssl_method()\fR and \fBSSL_get_ssl_method()\fR always return non-NULL +\&\fBSSL_CTX_get_ssl_method()\fR and \fBSSL_get_ssl_method()\fR always return non\-NULL pointers. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7), \&\fBSSL_set_connect_state\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_CTX_set_ssl_version()\fR was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3ossl" -.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb, SSL_CTX_set_cookie_generate_cb, SSL_CTX_set_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -173,28 +98,28 @@ \& unsigned int \& cookie_len)); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR sets the callback used by -\&\fBSSL_stateless\fR\|(3) to generate the application-controlled portion of the cookie +\&\fBSSL_stateless\fR\|(3) to generate the application\-controlled portion of the cookie provided to clients in the HelloRetryRequest transmitted as a response to a ClientHello with a missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must -write at most \s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number +write at most SSL_COOKIE_LENGTH bytes into \fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value can be used to abort the handshake. .PP \&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR sets the callback used by -\&\fBSSL_stateless\fR\|(3) to determine whether the application-controlled portion of a +\&\fBSSL_stateless\fR\|(3) to determine whether the application\-controlled portion of a ClientHello cookie is valid. The cookie data is pointed to by \fBcookie\fR and is of length \fBcookie_len\fR. A nonzero return value from \fBverify_stateless_cookie_cb()\fR communicates that the cookie is valid. The integrity of the entire cookie, -including the application-controlled portion, is automatically verified by \s-1HMAC\s0 +including the application\-controlled portion, is automatically verified by HMAC before \fBverify_stateless_cookie_cb()\fR is called. .PP \&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) to generate the cookie provided to clients in the HelloVerifyRequest transmitted as a response to a ClientHello with a missing or invalid cookie. -\&\fBapp_gen_cookie_cb()\fR must write at most \s-1DTLS1_COOKIE_LENGTH\s0 bytes into +\&\fBapp_gen_cookie_cb()\fR must write at most DTLS1_COOKIE_LENGTH bytes into \&\fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value can be used to abort the handshake. @@ -213,15 +138,15 @@ \&\fBssl\fR\|(7), \&\fBSSL_stateless\fR\|(3), \&\fBDTLSv1_listen\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR and \&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TIMEOUT 3ossl" -.TH SSL_CTX_SET_TIMEOUT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_TIMEOUT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,13 +73,13 @@ \& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); \& long SSL_CTX_get_timeout(SSL_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for \&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. .PP \&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Whenever a new session is created, it is assigned a maximum lifetime. This lifetime is specified by storing the creation time of the session and the @@ -181,7 +106,7 @@ This timeout value is used as the ticket lifetime hint for stateless session tickets. It is also used as the timeout value within the ticket itself. .PP -For TLSv1.3, \s-1RFC8446\s0 limits transmission of this value to 1 week (604800 +For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800 seconds). .PP For TLSv1.2, tickets generated during an initial handshake use the value @@ -199,11 +124,11 @@ \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3), \&\fBSSL_get_default_timeout\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3ossl" -.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name \- handle server name indication (SNI) -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,7 +81,7 @@ \& \& int SSL_set_tlsext_host_name(const SSL *s, const char *name); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functionality provided by the servername callback is mostly superseded by the ClientHello callback, which can be set using \fBSSL_CTX_set_client_hello_cb()\fR. @@ -166,35 +91,35 @@ \&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. When \fBcb\fR -is \s-1NULL, SNI\s0 is not used. +is NULL, SNI is not used. .PP The servername callback should return one of the following values: -.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IP SSL_TLSEXT_ERR_OK 4 .IX Item "SSL_TLSEXT_ERR_OK" This is used to indicate that the servername requested by the client has been accepted. Typically a server will call \fBSSL_set_SSL_CTX()\fR in the callback to set up a different configuration for the selected servername in this case. -.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IP SSL_TLSEXT_ERR_ALERT_FATAL 4 .IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" In this case the servername requested by the client is not accepted and the handshake will be aborted. The value of the alert to be used should be stored in the location pointed to by the \fBal\fR parameter to the callback. By default this -value is initialised to \s-1SSL_AD_UNRECOGNIZED_NAME.\s0 -.IP "\s-1SSL_TLSEXT_ERR_ALERT_WARNING\s0" 4 +value is initialised to SSL_AD_UNRECOGNIZED_NAME. +.IP SSL_TLSEXT_ERR_ALERT_WARNING 4 .IX Item "SSL_TLSEXT_ERR_ALERT_WARNING" If this value is returned then the servername is not accepted by the server. However, the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the \fBal\fR parameter -as for \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 above. Note that TLSv1.3 does not support +as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is -treated the same way as \s-1SSL_TLSEXT_ERR_NOACK.\s0 -.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +treated the same way as SSL_TLSEXT_ERR_NOACK. +.IP SSL_TLSEXT_ERR_NOACK 4 .IX Item "SSL_TLSEXT_ERR_NOACK" This return value indicates that the servername is not accepted by the server. No alerts are sent and the server will not acknowledge the requested servername. .PP -\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be -passed into the callback (via the \fBarg\fR parameter) for this \fB\s-1SSL_CTX\s0\fR. +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context\-specific argument to be +passed into the callback (via the \fBarg\fR parameter) for this \fBSSL_CTX\fR. .PP The behaviour of \fBSSL_get_servername()\fR depends on a number of different factors. In particular note that in TLSv1.3 the servername is negotiated in every @@ -209,48 +134,48 @@ session from the original handshake had a servername accepted by the server then it will return that servername. .Sp -Otherwise it returns \s-1NULL.\s0 +Otherwise it returns NULL. .IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" 4 .IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" If the session from the original handshake had a servername accepted by the server then it will return that servername. .Sp -Otherwise it returns the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 +Otherwise it returns the servername set via \fBSSL_set_tlsext_host_name()\fR or NULL if it was not called. .IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" 4 .IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" -It will return the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 if it +It will return the servername set via \fBSSL_set_tlsext_host_name()\fR or NULL if it was not called. .IP "On the server, before the handshake" 4 .IX Item "On the server, before the handshake" -The function will always return \s-1NULL\s0 before the handshake +The function will always return NULL before the handshake .IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" 4 .IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" If a servername was accepted by the server in the original handshake then it -will return that servername, or \s-1NULL\s0 otherwise. +will return that servername, or NULL otherwise. .IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" 4 .IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" The function will return the servername requested by the client in this -handshake or \s-1NULL\s0 if none was requested. +handshake or NULL if none was requested. .PP Note that the ClientHello callback occurs before a servername extension from the -client is processed. The servername, certificate and \s-1ALPN\s0 callbacks occur after +client is processed. The servername, certificate and ALPN callbacks occur after a servername extension from the client is processed. .PP \&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername -is present. Currently the only supported type (defined in \s-1RFC3546\s0) is +is present. Currently the only supported type (defined in RFC3546) is \&\fBTLSEXT_NAMETYPE_host_name\fR. .PP \&\fBSSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension to contain the value \fBname\fR. The type of server name indication extension is set -to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). -.SH "NOTES" +to \fBTLSEXT_NAMETYPE_host_name\fR (defined in RFC3546). +.SH NOTES .IX Header "NOTES" Several callbacks are executed during ClientHello processing, including -the ClientHello, \s-1ALPN,\s0 and servername callbacks. The ClientHello callback is -executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. +the ClientHello, ALPN, and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the ALPN callback. .PP -The \fBSSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects +The \fBSSL_set_tlsext_host_name()\fR function should only be called on SSL objects that will act as clients; otherwise the configured \fBname\fR will be ignored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -261,7 +186,7 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3), \&\fBSSL_get0_alpn_selected\fR\|(3), \fBSSL_CTX_set_client_hello_cb\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_get_servername()\fR historically provided some unexpected results in certain corner cases. This has been fixed from OpenSSL 1.1.1e. @@ -276,12 +201,12 @@ the server did not accept it, and then a second handshake occurred where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to -\&\s-1NULL.\s0 -.SH "COPYRIGHT" +NULL. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3ossl" -.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, @@ -150,7 +75,7 @@ SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp \&\- OCSP Certificate Status Request functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -170,21 +95,21 @@ \& long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); \& long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -A client application may request that a server send back an \s-1OCSP\s0 status response -(also known as \s-1OCSP\s0 stapling). To do so the client should call the -\&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 +A client application may request that a server send back an OCSP status response +(also known as OCSP stapling). To do so the client should call the +\&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any SSL objects. Alternatively an application can call the \fBSSL_set_tlsext_status_type()\fR -function on an individual \s-1SSL\s0 object prior to the start of the handshake. +function on an individual SSL object prior to the start of the handshake. Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value should be passed in the \fBtype\fR argument. Calling \&\fBSSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR previously set via \fBSSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. .PP The client should additionally provide a callback function to decide what to do -with the returned \s-1OCSP\s0 response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The -callback function should determine whether the returned \s-1OCSP\s0 response is +with the returned OCSP response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The +callback function should determine whether the returned OCSP response is acceptable or not. The callback will be passed as an argument the value previously set via a call to \fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the callback will not be called in the event of a handshake where session resumption @@ -197,22 +122,22 @@ the client has previously called \fBSSL_set_tlsext_status_type()\fR. It will return \&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client -requested \s-1OCSP\s0 stapling. If the client requested it then this function will +requested OCSP stapling. If the client requested it then this function will return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. .PP The response returned by the server can be obtained via a call to \&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point -to the \s-1OCSP\s0 response data and the return value will be the length of that data. -Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a +to the OCSP response data and the return value will be the length of that data. +Typically a callback would obtain an OCSP_RESPONSE object from this data via a call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any -response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from +response data then \fB*resp\fR will be NULL and the return value from \&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1. .PP A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function -if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status +if it wants to be able to provide clients with OCSP Certificate Status responses. Typically the server callback would obtain the server certificate that is being sent back to the client via a call to \fBSSL_get_certificate()\fR; -obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by +obtain the OCSP response to be sent back; and then set that response data by calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should be provided in the \fBresp\fR argument, and the length of that data should be in the \fBlen\fR argument. @@ -223,9 +148,9 @@ fail) or a positive value if it is acceptable. .PP The callback when used on the server side should return with either -\&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be -returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be -returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has +SSL_TLSEXT_ERR_OK (meaning that the OCSP response that has been set should be +returned), SSL_TLSEXT_ERR_NOACK (meaning that an OCSP response should not be +returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has occurred). .PP \&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR, @@ -235,24 +160,24 @@ \&\fBSSL_CTX_get_tlsext_status_type()\fR returns the value previously set by \&\fBSSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. .PP -\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data -or \-1 if there is no \s-1OCSP\s0 response data. +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the OCSP response data +or \-1 if there is no OCSP response data. .PP \&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server -side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. +side if the client requested OCSP stapling. Otherwise \-1 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3ossl" -.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_tlsext_ticket_key_evp_cb, SSL_CTX_set_tlsext_ticket_key_cb \&\- set a callback for session ticket processing -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,7 +79,7 @@ .Ve .PP The following function has been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 4 @@ -163,35 +88,35 @@ \& unsigned char iv[EVP_MAX_IV_LENGTH], \& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_tlsext_ticket_key_evp_cb()\fR sets a callback function \fIcb\fR for handling session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in -\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server +RFC5077 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies -to \s-1TLS\s0 and there is no SSLv3 implementation. +to TLS and there is no SSLv3 implementation. .PP -The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 -session when session ticket extension is presented in the \s-1TLS\s0 hello +The callback function \fIcb\fR will be called for every client instigated TLS +session when session ticket extension is presented in the TLS hello message. It is the responsibility of this function to create or retrieve the cryptographic parameters and to maintain their state. .PP -The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 -ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session +The OpenSSL library uses your callback function to help implement a common TLS +ticket construction state according to RFC5077 Section 4 such that per session state is unnecessary and a small set of cryptographic variables needs to be maintained by the callback function implementation. .PP -In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket -extension to the server. The client can only send exactly one session ticket. +In order to reuse a session, a TLS client must send the session ticket +extension to the server. The client must send exactly one session ticket. The server, through the callback function, either agrees to reuse the session -ticket information or it starts a full \s-1TLS\s0 handshake to create a new session +ticket information or it starts a full TLS handshake to create a new session ticket. .PP Before the callback function is started \fIctx\fR and \fIhctx\fR have been initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBEVP_MAC_CTX_new\fR\|(3) respectively. .PP -For new sessions tickets, when the client doesn't present a session ticket, or +For new sessions tickets, when the client doesn\*(Aqt present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, the callback function will be called with \fIenc\fR equal to 1. The OpenSSL library expects that the function will set an arbitrary \fIname\fR, initialize @@ -199,14 +124,14 @@ .PP The \fIname\fR is 16 characters long and is used as a key identifier. .PP -The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The -maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fI\fR. +The \fIiv\fR length is the length of the IV of the corresponding cipher. The +maximum IV length is \fBEVP_MAX_IV_LENGTH\fR bytes defined in \fI\fR. .PP The initialization vector \fIiv\fR should be a random value. The cipher context \&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context and digest can be set using -\&\fBEVP_MAC_CTX_set_params\fR\|(3) with the \fB\s-1OSSL_MAC_PARAM_KEY\s0\fR and -\&\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR parameters respectively. +\&\fBEVP_MAC_CTX_set_params\fR\|(3) with the \fBOSSL_MAC_PARAM_KEY\fR and +\&\fBOSSL_MAC_PARAM_DIGEST\fR parameters respectively. .PP When the client presents a session ticket, the callback function with be called with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set @@ -216,7 +141,7 @@ \&\fIctx\fR will be set with the retrieved parameters and the initialization vector \&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The key material and digest for \fIhctx\fR need to be set using \fBEVP_MAC_CTX_set_params\fR\|(3) with the -\&\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR and \fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR parameters respectively. +\&\fBOSSL_MAC_PARAM_KEY\fR and \fBOSSL_MAC_PARAM_DIGEST\fR parameters respectively. .PP If the \fIname\fR is still valid but a renewal of the ticket is required the callback function should return 2. The library will call the callback again @@ -224,21 +149,21 @@ .PP The return value of the \fIcb\fR function is used by OpenSSL to determine what further processing will occur. The following return values have meaning: -.IP "2" 4 +.IP 2 4 .IX Item "2" This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can continue on those parameters. Additionally it indicates that the session ticket is in a renewal period and should be replaced. The OpenSSL library will -call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077 -3.3\s0 paragraph 2). -.IP "1" 4 +call \fIcb\fR again with an enc argument of 1 to set the new ticket (see RFC5077 +3.3 paragraph 2). +.IP 1 4 .IX Item "1" This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can continue on those parameters. -.IP "0" 4 +.IP 0 4 This indicates that it was not possible to set/retrieve a session ticket and -the \s-1SSL/TLS\s0 session will continue by negotiating a set of cryptographic -parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. +the SSL/TLS session will continue by negotiating a set of cryptographic +parameters or using the alternate SSL/TLS resumption mechanism, session ids. .Sp If called with enc equal to 0 the library will call the \fIcb\fR again to get a new set of parameters. @@ -248,16 +173,16 @@ .PP The \fBSSL_CTX_set_tlsext_ticket_key_cb()\fR function is identical to \&\fBSSL_CTX_set_tlsext_ticket_key_evp_cb()\fR except that it takes a deprecated -\&\s-1HMAC_CTX\s0 pointer instead of an \s-1EVP_MAC_CTX\s0 one. +HMAC_CTX pointer instead of an EVP_MAC_CTX one. Before this callback function is started \fIhctx\fR will have been initialised with \fBEVP_MAC_CTX_new\fR\|(3) and the digest set with \&\fBEVP_MAC_CTX_set_params\fR\|(3). The \fIhctx\fR key material can be set using \fBHMAC_Init_ex\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Session resumption shortcuts the \s-1TLS\s0 so that the client certificate -negotiation don't occur. It makes up for this by storing client certificate -an all other negotiated state information encrypted within the ticket. In a +Session resumption shortcuts the TLS handshake so that the client certificate +negotiation doesn\*(Aqt occur. It makes up for this by storing the client certificate +and all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available exactly as if a full negotiation had occurred. .PP @@ -274,7 +199,7 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns 1 to indicate the callback function was set and 0 otherwise. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Reference Implementation: .PP @@ -359,17 +284,17 @@ \&\fBSSL_CTX_sess_number\fR\|(3), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3), \&\fBSSL_CTX_set_session_id_context\fR\|(3), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_CTX_set_tlsext_ticket_key_cb()\fR function was deprecated in OpenSSL 3.0. .PP The \fBSSL_CTX_set_tlsext_ticket_key_evp_cb()\fR function was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3ossl" -.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile \&\- Configure and query SRTP support -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,59 +80,59 @@ \& STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); \& SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1SRTP\s0 is the Secure Real-Time Transport Protocol. OpenSSL implements support for -the \*(L"use_srtp\*(R" \s-1DTLS\s0 extension defined in \s-1RFC5764.\s0 This provides a mechanism for -establishing \s-1SRTP\s0 keying material, algorithms and parameters using \s-1DTLS.\s0 This -capability may be used as part of an implementation that conforms to \s-1RFC5763.\s0 -OpenSSL does not implement \s-1SRTP\s0 itself or \s-1RFC5763.\s0 Note that OpenSSL does not -support the use of \s-1SRTP\s0 Master Key Identifiers (MKIs). Also note that this -extension is only supported in \s-1DTLS.\s0 Any \s-1SRTP\s0 configuration will be ignored if a -\&\s-1TLS\s0 connection is attempted. +SRTP is the Secure Real\-Time Transport Protocol. OpenSSL implements support for +the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for +establishing SRTP keying material, algorithms and parameters using DTLS. This +capability may be used as part of an implementation that conforms to RFC5763. +OpenSSL does not implement SRTP itself or RFC5763. Note that OpenSSL does not +support the use of SRTP Master Key Identifiers (MKIs). Also note that this +extension is only supported in DTLS. Any SRTP configuration will be ignored if a +TLS connection is attempted. .PP -An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call -\&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently -created from an \s-1SSL_CTX.\s0 Alternatively a client may call -\&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The -\&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of -\&\s-1SRTP\s0 protection profile names. +An OpenSSL client wishing to send the "use_srtp" extension should call +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all SSL objects subsequently +created from an SSL_CTX. Alternatively a client may call +\&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual SSL object. The +\&\fBprofiles\fR parameters should point to a NUL\-terminated, colon delimited list of +SRTP protection profile names. .PP The currently supported protection profile names are: -.IP "\s-1SRTP_AES128_CM_SHA1_80\s0" 4 +.IP SRTP_AES128_CM_SHA1_80 4 .IX Item "SRTP_AES128_CM_SHA1_80" -This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_80\s0 defined in \s-1RFC5764.\s0 -.IP "\s-1SRTP_AES128_CM_SHA1_32\s0" 4 +This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764. +.IP SRTP_AES128_CM_SHA1_32 4 .IX Item "SRTP_AES128_CM_SHA1_32" -This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_32\s0 defined in \s-1RFC5764.\s0 -.IP "\s-1SRTP_AEAD_AES_128_GCM\s0" 4 +This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764. +.IP SRTP_AEAD_AES_128_GCM 4 .IX Item "SRTP_AEAD_AES_128_GCM" -This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 -.IP "\s-1SRTP_AEAD_AES_256_GCM\s0" 4 +This corresponds to the profile of the same name defined in RFC7714. +.IP SRTP_AEAD_AES_256_GCM 4 .IX Item "SRTP_AEAD_AES_256_GCM" -This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 +This corresponds to the profile of the same name defined in RFC7714. .PP Supplying an unrecognised protection profile name will result in an error. .PP -An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call +An OpenSSL server wishing to support the "use_srtp" extension should also call \&\fBSSL_CTX_set_tlsext_use_srtp()\fR or \fBSSL_set_tlsext_use_srtp()\fR to indicate the protection profiles that it is willing to negotiate. .PP The currently configured list of protection profiles for either a client or a server can be obtained by calling \fBSSL_get_srtp_profiles()\fR. This returns a stack -of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of +of SRTP_PROTECTION_PROFILE objects. The memory pointed to in the return value of this function should not be freed by the caller. .PP -After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if +After a handshake has been completed the negotiated SRTP protection profile (if any) can be obtained (on the client or the server) by calling -\&\fBSSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 +\&\fBSSL_get_selected_srtp_profile()\fR. This function will return NULL if no SRTP protection profile was negotiated. The memory returned from this function should not be freed by the caller. .PP -If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 +If an SRTP protection profile has been successfully negotiated then the SRTP keying material (on both the client and server) should be obtained via a call to \&\fBSSL_export_keying_material\fR\|(3). This call should provide a label value of -\&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total +"EXTRACTOR\-dtls_srtp" and a NULL context value (use_context is 0). The total length of keying material obtained should be equal to two times the sum of the master key length and the salt length as defined for the protection profile in use. This provides the client write master key, the server write master key, the @@ -217,20 +142,20 @@ \&\fBSSL_CTX_set_tlsext_use_srtp()\fR and \fBSSL_set_tlsext_use_srtp()\fR return 0 on success or 1 on error. .PP -\&\fBSSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on -success or \s-1NULL\s0 on error or if no protection profiles have been configured. +\&\fBSSL_get_srtp_profiles()\fR returns a stack of SRTP_PROTECTION_PROFILE objects on +success or NULL on error or if no protection profiles have been configured. .PP -\&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 -object if one has been negotiated or \s-1NULL\s0 otherwise. +\&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an SRTP_PROTECTION_PROFILE +object if one has been negotiated or NULL otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_export_keying_material\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3ossl" -.TH SSL_CTX_SET_TMP_DH_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_dh_auto, SSL_set_dh_auto, SSL_CTX_set0_tmp_dh_pkey, SSL_set0_tmp_dh_pkey, SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \&\- handle DH keys for ephemeral key exchange -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,7 +80,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 4 @@ -169,74 +94,76 @@ \& int keylength)); \& long SSL_set_tmp_dh(SSL *ssl, DH *dh); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The functions described on this page are relevant for servers only. .PP -Some ciphersuites may use ephemeral Diffie-Hellman (\s-1DH\s0) key exchange. In these -cases, the session data is negotiated using the ephemeral/temporary \s-1DH\s0 key and +Some ciphersuites may use ephemeral Diffie\-Hellman (DH) key exchange. In these +cases, the session data is negotiated using the ephemeral/temporary DH key and the key supplied and certified by the certificate chain is only used for signing. Anonymous ciphers (without a permanent server key) also use ephemeral -\&\s-1DH\s0 keys. +DH keys. .PP -Using ephemeral \s-1DH\s0 key exchange yields forward secrecy as the connection -can only be decrypted when the \s-1DH\s0 key is known. By generating a temporary -\&\s-1DH\s0 key inside the server application that is lost when the application +Using ephemeral DH key exchange yields forward secrecy as the connection +can only be decrypted when the DH key is known. By generating a temporary +DH key inside the server application that is lost when the application is left, it becomes impossible for an attacker to decrypt past sessions, even if they get hold of the normal (certified) key, as this key was only used for signing. .PP -In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group -(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate -a new \s-1DH\s0 key during the negotiation. +In order to perform a DH key exchange the server must use a DH group +(DH parameters) and generate a DH key. The server will always generate +a new DH key during the negotiation. .PP -As generating \s-1DH\s0 parameters is extremely time consuming, an application -should not generate the parameters on the fly. \s-1DH\s0 parameters can be reused, as +As generating DH parameters is extremely time consuming, an application +should not generate the parameters on the fly. DH parameters can be reused, as the actual key is newly generated during the negotiation. .PP -Typically applications should use well know \s-1DH\s0 parameters that have built-in +Typically applications should use well known DH parameters that have built\-in support in OpenSSL. The macros \fBSSL_CTX_set_dh_auto()\fR and \fBSSL_set_dh_auto()\fR -configure OpenSSL to use the default built-in \s-1DH\s0 parameters for the \fB\s-1SSL_CTX\s0\fR -and \fB\s-1SSL\s0\fR objects respectively. Passing a value of 1 in the \fIonoff\fR parameter -switches the feature on, and passing a value of 0 switches it off. The default -setting is off. +configure OpenSSL to use the default built\-in DH parameters for the \fBSSL_CTX\fR +and \fBSSL\fR objects respectively. Passing a value of 2 or 1 in the \fIonoff\fR +parameter switches it on. If the \fIonoff\fR parameter is set to 2, it will force +the DH key size to 1024 if the \fBSSL_CTX\fR or \fBSSL\fR security level +\&\fBSSL_CTX_set_security_level\fR\|(3) is 0 or 1. Passing a value of 0 switches +it off. The default setting is off. .PP -If \*(L"auto\*(R" \s-1DH\s0 parameters are switched on then the parameters will be selected to -be consistent with the size of the key associated with the server's certificate. -If there is no certificate (e.g. for \s-1PSK\s0 ciphersuites), then it it will be +If "auto" DH parameters are switched on then the parameters will be selected to +be consistent with the size of the key associated with the server\*(Aqs certificate. +If there is no certificate (e.g. for PSK ciphersuites), then it it will be consistent with the size of the negotiated symmetric cipher key. .PP -Applications may supply their own \s-1DH\s0 parameters instead of using the built-in +Applications may supply their own DH parameters instead of using the built\-in values. This approach is discouraged and applications should in preference use -the built-in parameter support described above. Applications wishing to supply -their own \s-1DH\s0 parameters should call \fBSSL_CTX_set0_tmp_dh_pkey()\fR or -\&\fBSSL_set0_tmp_dh_pkey()\fR to supply the parameters for the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR +the built\-in parameter support described above. Applications wishing to supply +their own DH parameters should call \fBSSL_CTX_set0_tmp_dh_pkey()\fR or +\&\fBSSL_set0_tmp_dh_pkey()\fR to supply the parameters for the \fBSSL_CTX\fR or \fBSSL\fR respectively. The parameters should be supplied in the \fIdhpkey\fR argument as -an \fB\s-1EVP_PKEY\s0\fR containing \s-1DH\s0 parameters. Ownership of the \fIdhpkey\fR value is -passed to the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR object as a result of this call, and so the +an \fBEVP_PKEY\fR containing DH parameters. Ownership of the \fIdhpkey\fR value is +passed to the \fBSSL_CTX\fR or \fBSSL\fR object as a result of this call, and so the caller should not free it if the function call is successful. .PP The deprecated macros \fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do the same thing as \fBSSL_CTX_set0_tmp_dh_pkey()\fR and \fBSSL_set0_tmp_dh_pkey()\fR except that the -\&\s-1DH\s0 parameters are supplied in a \fB\s-1DH\s0\fR object instead in the \fIdh\fR argument, and -ownership of the \fB\s-1DH\s0\fR object is retained by the application. Applications -should use \*(L"auto\*(R" parameters instead, or call \fBSSL_CTX_set0_tmp_dh_pkey()\fR or +DH parameters are supplied in a \fBDH\fR object instead in the \fIdh\fR argument, and +ownership of the \fBDH\fR object is retained by the application. Applications +should use "auto" parameters instead, or call \fBSSL_CTX_set0_tmp_dh_pkey()\fR or \&\fBSSL_set0_tmp_dh_pkey()\fR as appropriate. .PP -An application may instead specify the \s-1DH\s0 parameters via a callback function +An application may instead specify the DH parameters via a callback function using the functions \fBSSL_CTX_set_tmp_dh_callback()\fR or \fBSSL_set_tmp_dh_callback()\fR -to set the callback for the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR object respectively. These -functions are deprecated. Applications should instead use \*(L"auto\*(R" parameters, or +to set the callback for the \fBSSL_CTX\fR or \fBSSL\fR object respectively. These +functions are deprecated. Applications should instead use "auto" parameters, or specify the parameters via \fBSSL_CTX_set0_tmp_dh_pkey()\fR or \fBSSL_set0_tmp_dh_pkey()\fR as appropriate. .PP -The callback will be invoked during a connection when \s-1DH\s0 parameters are -required. The \fB\s-1SSL\s0\fR object for the current connection is supplied as an +The callback will be invoked during a connection when DH parameters are +required. The \fBSSL\fR object for the current connection is supplied as an argument. Previous versions of OpenSSL used the \fBis_export\fR and \fBkeylength\fR -arguments to control parameter generation for export and non-export +arguments to control parameter generation for export and non\-export cipher suites. Modern OpenSSL does not support export ciphersuites and so these arguments are unused and can be ignored by the callback. The callback should -return the parameters to be used in a \s-1DH\s0 object. Ownership of the \s-1DH\s0 object is +return the parameters to be used in a DH object. Ownership of the DH object is retained by the application and should later be freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -246,11 +173,11 @@ \&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3), \&\fBopenssl\-ciphers\fR\|(1), \fBopenssl\-dhparam\fR\|(1) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2001\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_ecdh.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_ecdh.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TMP_ECDH 3ossl" -.TH SSL_CTX_SET_TMP_ECDH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_TMP_ECDH 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto \&\- handle ECDH keys for ephemeral key exchange -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,9 +77,9 @@ \& long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state); \& long SSL_set_ecdh_auto(SSL *ssl, int state); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_tmp_ecdh()\fR sets \s-1ECDH\s0 parameters to be used to be \fBecdh\fR. +\&\fBSSL_CTX_set_tmp_ecdh()\fR sets ECDH parameters to be used to be \fBecdh\fR. The key is inherited by all \fBssl\fR objects created from \fBctx\fR. This macro is deprecated in favor of \fBSSL_CTX_set1_groups\fR\|(3). .PP @@ -172,11 +97,11 @@ \&\fBssl\fR\|(7), \fBSSL_CTX_set1_curves\fR\|(3), \fBSSL_CTX_set_cipher_list\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_set_tmp_dh_callback\fR\|(3), \&\fBopenssl\-ciphers\fR\|(1), \fBopenssl\-ecparam\fR\|(1) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_VERIFY 3ossl" -.TH SSL_CTX_SET_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_SET_VERIFY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, @@ -147,7 +72,7 @@ SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth \&\- set various SSL/TLS parameters for peer certificate verification -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,29 +90,29 @@ \& void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); \& void SSL_set_post_handshake_auth(SSL *ssl, int val); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and specifies the \fBverify_callback\fR function to be used. If no callback function -shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. +shall be specified, the NULL pointer can be used for \fBverify_callback\fR. .PP \&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and specifies the \fBverify_callback\fR function to be used. If no callback function -shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In +shall be specified, the NULL pointer can be used for \fBverify_callback\fR. In this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If no special \fBcallback\fR was set before, the default callback for the underlying \&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with \&\fBSSL_new\fR\|(3). Within the callback function, \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index -of the current \s-1SSL\s0 object that is doing the verification. +of the current SSL object that is doing the verification. .PP In client mode \fBverify_callback\fR may also call the \fBSSL_set_retry_verify\fR\|(3) -function on the \fB\s-1SSL\s0\fR object set in the \fIx509_store_ctx\fR ex data (see +function on the \fBSSL\fR object set in the \fIx509_store_ctx\fR ex data (see \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)) and return 1. This would be typically done in case the certificate verification was not yet able to succeed. This makes the handshake suspend and return control to the calling application -with \fB\s-1SSL_ERROR_WANT_RETRY_VERIFY\s0\fR. +with \fBSSL_ERROR_WANT_RETRY_VERIFY\fR. The application can for instance fetch further certificates or cert status information needed for the verification. Calling \fBSSL_connect\fR\|(3) again resumes the connection attempt by retrying the @@ -203,121 +128,124 @@ verification that shall be allowed for \fBssl\fR. .PP \&\fBSSL_CTX_set_post_handshake_auth()\fR and \fBSSL_set_post_handshake_auth()\fR enable the -Post-Handshake Authentication extension to be added to the ClientHello such that -post-handshake authentication can be requested by the server. If \fBval\fR is 0 +Post\-Handshake Authentication extension to be added to the ClientHello such that +post\-handshake authentication can be requested by the server. If \fBval\fR is 0 then the extension is not sent, otherwise it is. By default the extension is not sent. A certificate callback will need to be set via \&\fBSSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. .PP \&\fBSSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be -sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must -be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. -.SH "NOTES" +sent by a server on the given \fBssl\fR connection. The SSL_VERIFY_PEER flag must +be set; the SSL_VERIFY_POST_HANDSHAKE flag is optional. +.SH NOTES .IX Header "NOTES" The verification of certificates can be controlled by a set of logically -or'ed \fBmode\fR flags: -.IP "\s-1SSL_VERIFY_NONE\s0" 4 +or\*(Aqed \fBmode\fR flags: +.IP SSL_VERIFY_NONE 4 .IX Item "SSL_VERIFY_NONE" \&\fBServer mode:\fR the server will not send a client certificate request to the client, so the client will not send a certificate. .Sp \&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the -certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake +certificate verification process can be checked after the TLS/SSL handshake using the \fBSSL_get_verify_result\fR\|(3) function. The handshake will be continued regardless of the verification result. -.IP "\s-1SSL_VERIFY_PEER\s0" 4 +.IP SSL_VERIFY_PEER 4 .IX Item "SSL_VERIFY_PEER" \&\fBServer mode:\fR the server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process -fails, the \s-1TLS/SSL\s0 handshake is +fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional -\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE\s0 and -\&\s-1SSL_VERIFY_POST_HANDSHAKE\s0 flags. +SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE and +SSL_VERIFY_POST_HANDSHAKE flags. .Sp \&\fBClient mode:\fR the server certificate is verified. If the verification process -fails, the \s-1TLS/SSL\s0 handshake is +fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an -anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. -.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +anonymous cipher is used, SSL_VERIFY_PEER is ignored. +.IP SSL_VERIFY_FAIL_IF_NO_PEER_CERT 4 .IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" -\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 -handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. -This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 +\&\fBServer mode:\fR if the client did not return a certificate, the TLS/SSL +handshake is immediately terminated with a "handshake failure" alert. +This flag must be used together with SSL_VERIFY_PEER. .Sp -\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) -.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +\&\fBClient mode:\fR ignored (see BUGS) +.IP SSL_VERIFY_CLIENT_ONCE 4 .IX Item "SSL_VERIFY_CLIENT_ONCE" \&\fBServer mode:\fR only request a client certificate once during the connection. Do not ask for a client certificate again during -renegotiation or post-authentication if a certificate was requested +renegotiation or post\-authentication if a certificate was requested during the initial handshake. This flag must be used together with -\&\s-1SSL_VERIFY_PEER.\s0 +SSL_VERIFY_PEER. .Sp -\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) -.IP "\s-1SSL_VERIFY_POST_HANDSHAKE\s0" 4 +\&\fBClient mode:\fR ignored (see BUGS) +.IP SSL_VERIFY_POST_HANDSHAKE 4 .IX Item "SSL_VERIFY_POST_HANDSHAKE" \&\fBServer mode:\fR the server will not send a client certificate request during the initial handshake, but will send the request via -\&\fBSSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 -to be configured for post-handshake peer verification before the +\&\fBSSL_verify_client_post_handshake()\fR. This allows the SSL_CTX or SSL +to be configured for post\-handshake peer verification before the handshake occurs. This flag must be used together with -\&\s-1SSL_VERIFY_PEER.\s0 TLSv1.3 only; no effect on pre\-TLSv1.3 connections. +SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre\-TLSv1.3 connections. .Sp -\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +\&\fBClient mode:\fR ignored (see BUGS) +.PP +If the \fBmode\fR is SSL_VERIFY_NONE none of the other flags may be set. .PP -If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. +If verification flags are not modified explicitly by \f(CWSSL_CTX_set_verify()\fR +or \f(CWSSL_set_verify()\fR, the default value will be SSL_VERIFY_NONE. .PP -The actual verification procedure is performed either using the built-in +The actual verification procedure is performed either using the built\-in verification procedure or using another application provided verification function set with \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3). -The following descriptions apply in the case of the built-in procedure. An +The following descriptions apply in the case of the built\-in procedure. An application provided procedure also has access to the verify depth information and the \fBverify_callback()\fR function, but the way this information is used may be different. .PP \&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set a limit on the -number of certificates between the end-entity and trust-anchor certificates. +number of certificates between the end\-entity and trust\-anchor certificates. Neither the -end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the +end\-entity nor the trust\-anchor certificates count against \fBdepth\fR. If the certificate chain needed to reach a trusted issuer is longer than \fBdepth+2\fR, X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. -The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", -\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum -depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the -trust-anchor). +The depth count is "level 0:peer certificate", "level 1: CA certificate", +"level 2: higher level CA certificate", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end\-entity and 3 the +trust\-anchor). The default depth limit is 100, -allowing for the peer certificate, at most 100 intermediate \s-1CA\s0 certificates and +allowing for the peer certificate, at most 100 intermediate CA certificates and a final trust anchor certificate. .PP The \fBverify_callback\fR function is used to control the behaviour when the -\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and +SSL_VERIFY_PEER flag is set. It must be supplied by the application and receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of the certificate in question was passed (preverify_ok=1) or not (preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used for the certificate chain verification. .PP The certificate chain is checked starting with the deepest nesting level -(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. +(the root CA certificate) and worked upward to the peer\*(Aqs certificate. At each level signatures and issuer attributes are checked. Whenever a verification error is found, the error number is stored in \fBx509_ctx\fR and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate -in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is +in question and perform additional steps (see EXAMPLES). If no error is found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 before advancing to the next level. .PP The return value of \fBverify_callback\fR controls the strategy of the further verification process. If \fBverify_callback\fR returns 0, the verification -process is immediately stopped with \*(L"verification failed\*(R" state. If -\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and -the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, +process is immediately stopped with "verification failed" state. If +SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and +the TLS/SSL handshake is terminated. If \fBverify_callback\fR returns 1, the verification process is continued. If \fBverify_callback\fR always returns -1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification +1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The calling process can however retrieve the error code of the last verification error using \&\fBSSL_get_verify_result\fR\|(3) or by maintaining its @@ -325,27 +253,27 @@ .PP If no \fBverify_callback\fR is specified, the default callback will be used. Its return value is identical to \fBpreverify_ok\fR, so that any verification -failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an -alert message, if \s-1SSL_VERIFY_PEER\s0 is set. +failure will lead to a termination of the TLS/SSL handshake with an +alert message, if SSL_VERIFY_PEER is set. .PP After calling \fBSSL_set_post_handshake_auth()\fR, the client will need to add a certificate or certificate callback to its configuration before it can successfully authenticate. This must be called before \fBSSL_connect()\fR. .PP \&\fBSSL_verify_client_post_handshake()\fR requires that verify flags have been -previously set, and that a client sent the post-handshake authentication +previously set, and that a client sent the post\-handshake authentication extension. When the client returns a certificate the verify callback will be invoked. A write operation must take place for the Certificate Request to be sent to the client, this can be done with \fBSSL_do_handshake()\fR or \fBSSL_write_ex()\fR. Only one certificate request may be outstanding at any time. .PP -When post-handshake authentication occurs, a refreshed NewSessionTicket +When post\-handshake authentication occurs, a refreshed NewSessionTicket message is sent to the client. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag -is set, but whether any flags other than \s-1SSL_VERIFY_NONE\s0 are set. This can -lead to unexpected behaviour if \s-1SSL_VERIFY_PEER\s0 and other flags are not used as +In client mode, it is not checked whether the SSL_VERIFY_PEER flag +is set, but whether any flags other than SSL_VERIFY_NONE are set. This can +lead to unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as required. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -354,10 +282,10 @@ The \fBSSL_verify_client_post_handshake()\fR function returns 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The following code sequence realizes an example \fBverify_callback\fR function -that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification +that will always continue the TLS/SSL handshake regardless of verification failure, if wished. The callback realizes a verification depth limit with more informational output. .PP @@ -367,7 +295,7 @@ certificates. .PP The example makes use of the ex_data technique to store application data -into/retrieve application data from the \s-1SSL\s0 structure +into/retrieve application data from the SSL structure (see \fBCRYPTO_get_ex_new_index\fR\|(3), \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). .PP @@ -480,15 +408,15 @@ \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), \&\fBSSL_CTX_set_client_cert_cb\fR\|(3), \&\fBCRYPTO_get_ex_new_index\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_handshake()\fR +The SSL_VERIFY_POST_HANDSHAKE option, and the \fBSSL_verify_client_post_handshake()\fR and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_CERTIFICATE 3ossl" -.TH SSL_CTX_USE_CERTIFICATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_USE_CERTIFICATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, @@ -151,7 +76,7 @@ SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key \&\- load certificate and key data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -186,54 +111,55 @@ \& int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); \& int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions load the certificates and private keys into the \s-1SSL_CTX\s0 -or \s-1SSL\s0 object, respectively. +These functions load the certificates and private keys into the SSL_CTX +or SSL object, respectively. .PP The SSL_CTX_* class of functions loads the certificates and keys into the -\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR +SSL_CTX object \fBctx\fR. The information is passed to SSL objects \fBssl\fR created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that -changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. +changes applied to \fBctx\fR do not propagate to already existing SSL objects. .PP The SSL_* class of functions only loads certificates and keys into a -specific \s-1SSL\s0 object. The specific information is kept, when -\&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. +specific SSL object. The specific information is kept, when +\&\fBSSL_clear\fR\|(3) is called for this SSL object. .PP \&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, \&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the certificates needed to form the complete certificate chain can be specified using the \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -function. +function. On success the reference counter of the \fBx\fR is incremented. .PP -\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the ASN1 encoded certificate from the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, -\&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +\&\fBSSL_use_certificate_ASN1()\fR loads the ASN1 encoded certificate into \fBssl\fR. .PP \&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified -from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 +from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. \&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. -See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR +See the NOTES section on why \fBSSL_CTX_use_certificate_chain_file()\fR should be preferred. .PP \&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from -\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must -be sorted starting with the subject's certificate (actual client or server -certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and -ending at the highest level (root) \s-1CA.\s0 \fBSSL_use_certificate_chain_file()\fR is +\&\fBfile\fR into \fBctx\fR. The certificates must be in PEM format and must +be sorted starting with the subject\*(Aqs certificate (actual client or server +certificate), followed by intermediate CA certificates if applicable, and +ending at the highest level (root) CA. \fBSSL_use_certificate_chain_file()\fR is similar except it loads the certificate chain into \fBssl\fR. .PP \&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. -\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type RSA to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; -\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type RSA to \fBssl\fR. If a certificate has already been set and the private key does not belong to the certificate an error is returned. To change a [certificate/private\-key] pair, the new certificate needs to be set first with \fBSSL_use_certificate()\fR or \&\fBSSL_CTX_use_certificate()\fR before setting the private key with \&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. +On success the reference counter of the \fBpkey\fR/\fBrsa\fR is incremented. .PP \&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509 certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the @@ -241,8 +167,8 @@ key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then \&\fBx\fR, \fBpkey\fR and \fBchain\fR are set only if all were not previously set. If \fBoverride\fR is non\-0, then the certificate, private key and chain certs -are always set. If \fBpkey\fR is \s-1NULL,\s0 then the public key of \fBx\fR is used as -the private key. This is intended to be used with hardware (via the \s-1ENGINE\s0 +are always set. If \fBpkey\fR is NULL, then the public key of \fBx\fR is used as +the private key. This is intended to be used with hardware (via the ENGINE interface) that stores the private key securely, such that it cannot be accessed by OpenSSL. The reference count of the public key is incremented (twice if there is no private key); it is not copied nor duplicated. This @@ -251,37 +177,37 @@ .PP \&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type RSA stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. \&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private key to \fBssl\fR. .PP \&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in \&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified -from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 -\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. +\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private RSA key found in \&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private -\&\s-1RSA\s0 key found to \fBssl\fR. +RSA key found to \fBssl\fR. .PP \&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with the corresponding certificate loaded into \fBctx\fR. If more than one -key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will -be checked. If e.g. the last item was an \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +key/certificate pair (RSA/DSA) is installed, the last item installed will +be checked. If e.g. the last item was an RSA certificate or key, the RSA key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs the same check for \fBssl\fR. If no key/certificate was explicitly added for this \fBssl\fR, the last item added into \fBctx\fR will be checked. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The internal certificate store of OpenSSL can hold several private key/certificate pairs at a time. The certificate used depends on the cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3). .PP When reading certificates and private keys from file, files of type -\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +SSL_FILETYPE_ASN1 (also known as \fBDER\fR, binary encoding) can only contain one certificate or private key, consequently -\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. -Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. +\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to PEM formatting. +Files of type SSL_FILETYPE_PEM can contain more than one item. .PP \&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found in the file to the certificate store. The other certificates are added @@ -290,13 +216,13 @@ certificate chain store for all certificate types, OpenSSL 1.0.2 and later have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order -to allow the use of complete certificate chains even when no trusted \s-1CA\s0 -storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to -the trusted \s-1CA\s0 storage. +to allow the use of complete certificate chains even when no trusted CA +storage is used or when the CA issuing the certificate shall not be added to +the trusted CA storage. .PP If additional certificates are needed to complete the chain during the -\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the -locations of trusted \s-1CA\s0 certificates, see +TLS negotiation, CA certificates are additionally looked up in the +locations of trusted CA certificates, see \&\fBSSL_CTX_load_verify_locations\fR\|(3). .PP The private keys loaded from file can be encrypted. In order to successfully @@ -326,11 +252,11 @@ \&\fBSSL_CTX_set_client_CA_list\fR\|(3), \&\fBSSL_CTX_set_client_cert_cb\fR\|(3), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3ossl" -.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, @@ -148,7 +73,7 @@ SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback \&\- set PSK identity hint to use -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -174,43 +99,43 @@ \& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); \& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" A server application wishing to use TLSv1.3 PSKs should set a callback using either \fBSSL_CTX_set_psk_find_session_callback()\fR or \&\fBSSL_set_psk_find_session_callback()\fR as appropriate. .PP -The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and +The callback function is given a pointer to the SSL connection in \fBssl\fR and an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function -should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it -in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, +should identify an SSL_SESSION object that provides the PSK details and store it +in \fB*sess\fR. The SSL_SESSION object should, as a minimum, set the master key, the ciphersuite and the protocol version. See \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details. .PP -It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this -case no \s-1PSK\s0 will be used but the handshake will continue. To do this the +It is also possible for the callback to succeed but not supply a PSK. In this +case no PSK will be used but the handshake will continue. To do this the callback should return successfully and ensure that \fB*sess\fR is -\&\s-1NULL.\s0 +NULL. .PP Identity hints are not relevant for TLSv1.3. A server application wishing to use -\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR -to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context -object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 -identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is -\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. +PSK ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR +to set the given \fBNUL\fR\-terminated PSK identity hint \fBhint\fR for SSL context +object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fBNUL\fR\-terminated PSK +identity hint \fBhint\fR for the SSL connection object \fBssl\fR. If \fBhint\fR is +\&\fBNULL\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. .PP -In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the +In the case where PSK identity hint is \fBNULL\fR, the server does not send the ServerKeyExchange message to the client. .PP A server application wishing to use PSKs for TLSv1.2 and below must provide a callback function which is called when the server receives the ClientKeyExchange message from the client. The purpose of the callback function -is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used +is to validate the received PSK identity and to fetch the pre\-shared key used during the connection setup phase. The callback is set using the functions \&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback -function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +function is given the connection in parameter \fBssl\fR, \fBNUL\fR\-terminated PSK identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of -length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. +length \fBmax_psk_len\fR bytes where the pre\-shared key is to be stored. .PP The callback for use in TLSv1.2 will also work in TLSv1.3 although it is recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR @@ -220,30 +145,30 @@ and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or \&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest -will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 TLSv1.3 early data exchanges are -possible in \s-1PSK\s0 connections only with the \fBSSL_psk_find_session_cb_func\fR +will default to SHA\-256 for any returned PSK. TLSv1.3 early data exchanges are +possible in PSK connections only with the \fBSSL_psk_find_session_cb_func\fR callback, and are not possible with the \fBSSL_psk_server_cb_func\fR callback. .PP -A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return +\&\fBSSL_CTX_use_psk_identity_hint()\fR and \fBSSL_use_psk_identity_hint()\fR return 1 on success, 0 otherwise. .PP Return values from the TLSv1.2 and below server callback are interpreted as follows: -.IP "0" 4 -\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message +.IP 0 4 +PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. -.IP ">0" 4 +.IP >0 4 .IX Item ">0" -\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 +PSK identity was found and the server callback has provided the PSK successfully in parameter \fBpsk\fR. Return value is the length of \&\fBpsk\fR in bytes. It is an error to return a value greater than \&\fBmax_psk_len\fR. .Sp -If the \s-1PSK\s0 identity was not found but the callback instructs the +If the PSK identity was not found but the callback instructs the protocol to continue anyway, the callback must provide some random data to \fBpsk\fR and return the length of the random data, so the connection will fail with decryption_error before it will be finished @@ -251,29 +176,29 @@ .PP The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or -below) and TLSv1.3. However, the \s-1RFC\s0 has this note of caution: +There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However, the RFC has this note of caution: .PP -\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +"While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can -ensure safety from cross-protocol related output by not reusing PSKs between -\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 +ensure safety from cross\-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2." .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), \&\fBSSL_set_psk_use_session_callback\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3.orig +++ secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_SERVERINFO 3ossl" -.TH SSL_CTX_USE_SERVERINFO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CTX_USE_SERVERINFO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \&\- use serverinfo extension -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,25 +82,25 @@ \& \& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL_CTX. A\s0 -\&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello +These functions load "serverinfo" TLS extensions into the SSL_CTX. A +"serverinfo" extension is returned in response to an empty ClientHello Extension. .PP \&\fBSSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. .PP -If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must +If \fBversion\fR is \fBSSL_SERVERINFOV2\fR then the extensions in the array must consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then length bytes of extension_data. The context and type values have the same meaning as for \fBSSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for extensions to be added to a Certificate message, then the extension will only be added for the first certificate in the message (which is always the -end-entity certificate). +end\-entity certificate). .PP -If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must +If \fBversion\fR is \fBSSL_SERVERINFOV1\fR then the extensions in the array must consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of extension_data. The type value has the same meaning as for \&\fBSSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used @@ -188,17 +113,17 @@ .PP \&\fBSSL_CTX_use_serverinfo()\fR does the same thing as \fBSSL_CTX_use_serverinfo_ex()\fR except that there is no \fBversion\fR parameter so a default version of -\&\s-1SSL_SERVERINFOV1\s0 is used instead. +SSL_SERVERINFOV1 is used instead. .PP \&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from -\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension +\&\fBfile\fR into \fBctx\fR. The extensions must be in PEM format. Each extension must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR. Each -\&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN SERVERINFOV2 FOR \*(R"\s0 for -\&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN SERVERINFO FOR \*(R"\s0 for \s-1SSL_SERVERINFOV1\s0 data. +PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for +SSL_SERVERINFOV2 data or "BEGIN SERVERINFO FOR " for SSL_SERVERINFOV1 data. .PP -If more than one certificate (\s-1RSA/DSA\s0) is installed using +If more than one certificate (RSA/DSA) is installed using \&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the -last certificate installed. If e.g. the last item was an \s-1RSA\s0 certificate, the +last certificate installed. If e.g. the last item was an RSA certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, \&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR @@ -211,11 +136,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_free.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_FREE 3ossl" -.TH SSL_SESSION_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_FREE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create, free and manage SSL_SESSION structures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,51 +78,51 @@ \& int SSL_SESSION_up_ref(SSL_SESSION *ses); \& void SSL_SESSION_free(SSL_SESSION *session); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to +\&\fBSSL_SESSION_new()\fR creates a new SSL_SESSION structure and returns a pointer to it. .PP -\&\fBSSL_SESSION_dup()\fR creates a new \s-1SSL_SESSION\s0 structure that is a copy of \fBsrc\fR. +\&\fBSSL_SESSION_dup()\fR creates a new SSL_SESSION structure that is a copy of \fBsrc\fR. The copy is not owned by any cache that \fBsrc\fR may have been in. .PP -\&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 +\&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given SSL_SESSION structure. .PP \&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes -the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated +the \fBSSL_SESSION\fR structure pointed to by \fBsession\fR and frees up the allocated memory, if the reference count has reached 0. -If \fBsession\fR is \s-1NULL\s0 nothing is done. -.SH "NOTES" +If \fBsession\fR is NULL nothing is done. +.SH NOTES .IX Header "NOTES" -\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation +SSL_SESSION objects are allocated, when a TLS/SSL handshake operation is successfully completed. Depending on the settings, see \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and -linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; -as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 +the SSL_SESSION objects are internally referenced by the SSL_CTX and +linked into its session cache. SSL objects may be using the SSL_SESSION object; +as a session may be reused, several SSL objects may be using one SSL_SESSION object at the same time. It is therefore crucial to keep the reference -count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object +count (usage information) correct and not delete a SSL_SESSION object that is still used, as this may lead to program failures due to dangling pointers. These failures may also appear delayed, e.g. -when an \s-1SSL_SESSION\s0 object was completely freed as the reference count +when an SSL_SESSION object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a \&\fBSSL_CTX_flush_sessions\fR\|(3) operation. .PP -\&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +\&\fBSSL_SESSION_free()\fR must only be called for SSL_SESSION objects, for which the reference count was explicitly incremented (e.g. by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3)) -or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake +or when the SSL_SESSION object was generated outside a TLS handshake operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3). -It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause +It must not be called on other SSL_SESSION objects, as this would cause incorrect reference counts and therefore program failures. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure -or \s-1NULL\s0 on error. +SSL_SESSION_new returns a pointer to the newly allocated SSL_SESSION structure +or NULL on error. .PP -SSL_SESSION_dup returns a pointer to the new copy or \s-1NULL\s0 on error. +SSL_SESSION_dup returns a pointer to the new copy or NULL on error. .PP SSL_SESSION_up_ref returns 1 on success or 0 on error. .SH "SEE ALSO" @@ -206,14 +131,14 @@ \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3), \&\fBd2i_SSL_SESSION\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_CIPHER 3ossl" -.TH SSL_SESSION_GET0_CIPHER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_GET0_CIPHER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL cipher associated with a session -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,21 +75,21 @@ \& const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); \& int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the -connection when the session was created, or \s-1NULL\s0 if it cannot be determined. +connection when the session was created, or NULL if it cannot be determined. .PP The value returned is a pointer to an object maintained within \fBs\fR and should not be released. .PP \&\fBSSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the -\&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a -session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). +SSL_SESSION \fBs\fR to \fBcipher\fR. For example, this could be used to set up a +session based PSK (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 -or \s-1NULL\s0 if it cannot be determined. +\&\fBSSL_SESSION_get0_cipher()\fR returns the SSL_CIPHER associated with the SSL_SESSION +or NULL if it cannot be determined. .PP \&\fBSSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. .SH "SEE ALSO" @@ -175,15 +100,15 @@ \&\fBSSL_SESSION_get0_hostname\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_HOSTNAME 3ossl" -.TH SSL_SESSION_GET0_HOSTNAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_GET0_HOSTNAME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected \&\- get and set SNI and ALPN data associated with a session -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,32 +83,30 @@ \& int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, \& size_t len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the -client when the session was created if it was accepted by the server and TLSv1.2 -or below was negotiated. Otherwise \s-1NULL\s0 is returned. Note that in TLSv1.3 the -\&\s-1SNI\s0 hostname is negotiated with each handshake including resumption handshakes -and is therefore never associated with the session. +\&\fBSSL_SESSION_get0_hostname()\fR retrieves the Server Name Indication (SNI) value +that was sent by the client when the session was created if the server +acknowledged the client\*(Aqs SNI extension by including an empty SNI extension +in response. Otherwise NULL is returned. .PP The value returned is a pointer to memory maintained within \fBs\fR and -should not be free'd. +should not be free\*(Aqd. .PP -\&\fBSSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of +\&\fBSSL_SESSION_set1_hostname()\fR sets the SNI value for the hostname to a copy of the string provided in hostname. .PP -\&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this +\&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected ALPN protocol for this session and its associated length in bytes. The returned value of \fB*alpn\fR is a -pointer to memory maintained within \fBs\fR and should not be free'd. +pointer to memory maintained within \fBs\fR and should not be free\*(Aqd. .PP -\&\fBSSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the +\&\fBSSL_SESSION_set1_alpn_selected()\fR sets the ALPN protocol for this session to the value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input value is made, and the caller retains ownership of the memory pointed to by \&\fBalpn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there -is the \s-1SNI\s0 value sent by client. +\&\fBSSL_SESSION_get0_hostname()\fR returns the SNI string if available, or NULL if not. .PP \&\fBSSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. .PP @@ -194,15 +117,15 @@ \&\fBd2i_SSL_SESSION\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR and \&\fBSSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_ID_CONTEXT 3ossl" -.TH SSL_SESSION_GET0_ID_CONTEXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_GET0_ID_CONTEXT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SSL ID context associated with a session -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,21 +77,21 @@ \& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, \& unsigned int sid_ctx_len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 +See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session ID contexts. .PP -\&\fBSSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with -the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to -\&\fB*len\fR if \fBlen\fR is not \s-1NULL.\s0 +\&\fBSSL_SESSION_get0_id_context()\fR returns the ID context associated with +the SSL/TLS session \fBs\fR. The length of the ID context is written to +\&\fB*len\fR if \fBlen\fR is not NULL. .PP The value returned is a pointer to an object maintained within \fBs\fR and should not be released. .PP -\&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in -\&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context -is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. +\&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided ID context given in +\&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the ID context +is given by \fBsid_ctx_len\fR which must not exceed SSL_MAX_SID_CTX_LENGTH bytes. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. @@ -174,14 +99,14 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_set_session_id_context\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,102 +53,43 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_PEER 3ossl" -.TH SSL_SESSION_GET0_PEER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_GET0_PEER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get0_peer -\&\- get details about peer's certificate for a session -.SH "SYNOPSIS" +\&\- get details about peer\*(Aqs certificate for a session +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session -\&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the +\&\fBs\fR or NULL if no peer certificate is available. The caller should not free the returned value (unless \fBX509_up_ref\fR\|(3) has also been called). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if +\&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or NULL if no peer certificate is available. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_COMPRESS_ID 3ossl" -.TH SSL_SESSION_GET_COMPRESS_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_GET_COMPRESS_ID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get_compress_id \&\- get details about the compression associated with a session -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" If compression has been negotiated for an ssl session then \&\fBSSL_SESSION_get_compress_id()\fR will return the id for the compression method or -0 otherwise. The only built-in supported compression method is zlib which has an +0 otherwise. The only built\-in supported compression method is zlib which has an id of 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -161,11 +86,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3ossl" -.TH SSL_SESSION_GET_PROTOCOL_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and set the session protocol version -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,20 +75,20 @@ \& int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); \& int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get_protocol_version()\fR returns the protocol version number used by session \fBs\fR. .PP \&\fBSSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the -\&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version -constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set -up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). +SSL_SESSION object \fBs\fR to the value \fBversion\fR. This value should be a version +constant such as \fBTLS1_3_VERSION\fR etc. For example, this could be used to set +up a session based PSK (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol version used for the session; this number matches the constants \fIe.g.\fR -\&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. +\&\fBTLS1_VERSION\fR, \fBTLS1_2_VERSION\fR or \fBTLS1_3_VERSION\fR. .PP Note that the \fBSSL_SESSION_get_protocol_version()\fR function does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. @@ -173,15 +98,15 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_TIME 3ossl" -.TH SSL_SESSION_GET_TIME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_GET_TIME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout \&\- retrieve and manipulate session time and timeout settings -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,7 +83,7 @@ \& long SSL_get_timeout(const SSL_SESSION *s); \& long SSL_set_timeout(SSL_SESSION *s, long tm); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was established. The time is given in seconds since the Epoch and therefore @@ -175,7 +100,7 @@ .PP The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR functions are synonyms for the SSL_SESSION_*() counterparts. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the @@ -190,18 +115,18 @@ .PP \&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success. .PP -If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, +If any of the function is passed the NULL pointer for the session \fBs\fR, 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_timeout\fR\|(3), \&\fBSSL_get_default_timeout\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_HAS_TICKET 3ossl" -.TH SSL_SESSION_HAS_TICKET 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_HAS_TICKET 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint \&\- get details about the ticket associated with a session -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, \& size_t *len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with this session, and 0 otherwise. @@ -162,7 +87,7 @@ .PP SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non -\&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only +NULL then a pointer to the ticket is written to \fB*tick\fR. The pointer is only valid while the connection is in use. The session (and hence the ticket pointer) may also become invalid as a result of a call to \fBSSL_CTX_flush_sessions()\fR. .SH "RETURN VALUES" @@ -176,15 +101,15 @@ \&\fBd2i_SSL_SESSION\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_SESSION_has_ticket()\fR, \fBSSL_SESSION_get_ticket_lifetime_hint()\fR and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_IS_RESUMABLE 3ossl" -.TH SSL_SESSION_IS_RESUMABLE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_IS_RESUMABLE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be used for resumption -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_SESSION_is_resumable(const SSL_SESSION *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used +\&\fBSSL_SESSION_is_resumable()\fR determines whether an SSL_SESSION object can be used to resume a session or not. Returns 1 if it can or 0 if not. Note that -attempting to resume with a non-resumable session will result in a full +attempting to resume with a non\-resumable session will result in a full handshake. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -162,14 +87,14 @@ \&\fBssl\fR\|(7), \&\fBSSL_get_session\fR\|(3), \&\fBSSL_CTX_sess_set_new_cb\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_print.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_PRINT 3ossl" -.TH SSL_SESSION_PRINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_PRINT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf information about a session -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,16 +77,16 @@ \& int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); \& int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_SESSION_print()\fR prints summary information about the session provided in -\&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. +\&\fBses\fR to the BIO \fBfp\fR. .PP \&\fBSSL_SESSION_print_fp()\fR does the same as \fBSSL_SESSION_print()\fR except it prints it -to the \s-1FILE\s0 \fBfp\fR. +to the FILE \fBfp\fR. .PP -\&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 -in \s-1NSS\s0 keylog format. +\&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided BIO +in NSS keylog format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_print()\fR, \fBSSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return @@ -169,11 +94,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3.orig +++ secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_SET1_ID 3ossl" -.TH SSL_SESSION_SET1_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_SET1_ID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,30 +77,30 @@ \& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, \& unsigned int sid_len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may be 0. The caller should not free the returned pointer directly. .PP -\&\fBSSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session +\&\fBSSL_SESSION_set1_id()\fR sets the session ID for the \fBssl\fR SSL/TLS session to \fBsid\fR of length \fBsid_len\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get_id()\fR returns a pointer to the session id value. \&\fBSSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example -if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. +if the supplied session ID length exceeds \fBSSL_MAX_SSL_SESSION_ID_LENGTH\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_accept.3.orig +++ secure/lib/libcrypto/man/man3/SSL_accept.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,121 +53,62 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_ACCEPT 3ossl" -.TH SSL_ACCEPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_ACCEPT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_accept(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +\&\fBSSL_accept()\fR waits for a TLS/SSL client to initiate the TLS/SSL handshake. The communication channel must already have been set and assigned to the -\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. -.SH "NOTES" +\&\fBssl\fR by setting an underlying \fBBIO\fR. +.SH NOTES .IX Header "NOTES" -The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_accept()\fR depends on the underlying BIO. .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the +If the underlying BIO is \fBblocking\fR, \fBSSL_accept()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_accept()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR +If the underlying BIO is \fBnonblocking\fR, \fBSSL_accept()\fR will also return +when the underlying BIO could not satisfy the needs of \fBSSL_accept()\fR to continue the handshake, indicating the problem by the return value \-1. In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +return value of \fBSSL_accept()\fR will yield \fBSSL_ERROR_WANT_READ\fR or +\&\fBSSL_ERROR_WANT_WRITE\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +.IP 0 4 +The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.IP "1" 4 +.IP 1 4 .IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. -.IP "<0" 4 +.IP <0 4 .IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR @@ -195,11 +120,11 @@ \&\fBSSL_set_connect_state\fR\|(3), \&\fBSSL_do_handshake\fR\|(3), \&\fBSSL_CTX_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_alert_type_string.3.orig +++ secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_ALERT_TYPE_STRING 3ossl" -.TH SSL_ALERT_TYPE_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_ALERT_TYPE_STRING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,7 +76,7 @@ \& const char *SSL_alert_desc_string(int value); \& const char *SSL_alert_desc_string_long(int value); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_alert_type_string()\fR returns a one letter string indicating the type of the alert specified by \fBvalue\fR. @@ -164,177 +89,150 @@ .PP \&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason of the alert specified by \fBvalue\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about +When one side of an SSL/TLS communication wants to inform the peer about a special situation, it sends an alert. The alert is sent as a special message and does not influence the normal data stream (unless its contents results in the communication being canceled). .PP -A warning alert is sent, when a non-fatal error condition occurs. The -\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for -non-fatal errors are certificate errors (\*(L"certificate expired\*(R", -\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. +A warning alert is sent, when a non\-fatal error condition occurs. The +"close notify" alert is sent as a warning alert. Other examples for +non\-fatal errors are certificate errors ("certificate expired", +"unsupported certificate"), for which a warning alert may be sent. (The sending party may however decide to send a fatal error.) The receiving side may cancel the connection on reception of a warning alert on it discretion. .PP Several alert messages must be sent as fatal alert messages as specified -by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. +by the TLS RFC. A fatal alert always leads to a connection abort. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following strings can occur for \fBSSL_alert_type_string()\fR or \&\fBSSL_alert_type_string_long()\fR: -.ie n .IP """W""/""warning""" 4 -.el .IP "``W''/``warning''" 4 -.IX Item "W/warning" +.IP """W""/""warning""" 4 +.IX Item """W""/""warning""" .PD 0 -.ie n .IP """F""/""fatal""" 4 -.el .IP "``F''/``fatal''" 4 -.IX Item "F/fatal" -.ie n .IP """U""/""unknown""" 4 -.el .IP "``U''/``unknown''" 4 -.IX Item "U/unknown" +.IP """F""/""fatal""" 4 +.IX Item """F""/""fatal""" +.IP """U""/""unknown""" 4 +.IX Item """U""/""unknown""" .PD This indicates that no support is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .PP The following strings can occur for \fBSSL_alert_desc_string()\fR or \&\fBSSL_alert_desc_string_long()\fR: -.ie n .IP """\s-1CN""/\s0""close notify""" 4 -.el .IP "``\s-1CN''/\s0``close notify''" 4 -.IX Item "CN/close notify" +.IP """CN""/""close notify""" 4 +.IX Item """CN""/""close notify""" The connection shall be closed. This is a warning alert. -.ie n .IP """\s-1UM""/\s0""unexpected message""" 4 -.el .IP "``\s-1UM''/\s0``unexpected message''" 4 -.IX Item "UM/unexpected message" +.IP """UM""/""unexpected message""" 4 +.IX Item """UM""/""unexpected message""" An inappropriate message was received. This alert is always fatal and should never be observed in communication between proper implementations. -.ie n .IP """\s-1BM""/\s0""bad record mac""" 4 -.el .IP "``\s-1BM''/\s0``bad record mac''" 4 -.IX Item "BM/bad record mac" +.IP """BM""/""bad record mac""" 4 +.IX Item """BM""/""bad record mac""" This alert is returned if a record is received with an incorrect -\&\s-1MAC.\s0 This message is always fatal. -.ie n .IP """\s-1DF""/\s0""decompression failure""" 4 -.el .IP "``\s-1DF''/\s0``decompression failure''" 4 -.IX Item "DF/decompression failure" +MAC. This message is always fatal. +.IP """DF""/""decompression failure""" 4 +.IX Item """DF""/""decompression failure""" The decompression function received improper input (e.g. data that would expand to excessive length). This message is always fatal. -.ie n .IP """\s-1HF""/\s0""handshake failure""" 4 -.el .IP "``\s-1HF''/\s0``handshake failure''" 4 -.IX Item "HF/handshake failure" +.IP """HF""/""handshake failure""" 4 +.IX Item """HF""/""handshake failure""" Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error. -.ie n .IP """\s-1NC""/\s0""no certificate""" 4 -.el .IP "``\s-1NC''/\s0``no certificate''" 4 -.IX Item "NC/no certificate" +.IP """NC""/""no certificate""" 4 +.IX Item """NC""/""no certificate""" A client, that was asked to send a certificate, does not send a certificate (SSLv3 only). -.ie n .IP """\s-1BC""/\s0""bad certificate""" 4 -.el .IP "``\s-1BC''/\s0``bad certificate''" 4 -.IX Item "BC/bad certificate" +.IP """BC""/""bad certificate""" 4 +.IX Item """BC""/""bad certificate""" A certificate was corrupt, contained signatures that did not verify correctly, etc -.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4 -.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4 -.IX Item "UC/unsupported certificate" +.IP """UC""/""unsupported certificate""" 4 +.IX Item """UC""/""unsupported certificate""" A certificate was of an unsupported type. -.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4 -.el .IP "``\s-1CR''/\s0``certificate revoked''" 4 -.IX Item "CR/certificate revoked" +.IP """CR""/""certificate revoked""" 4 +.IX Item """CR""/""certificate revoked""" A certificate was revoked by its signer. -.ie n .IP """\s-1CE""/\s0""certificate expired""" 4 -.el .IP "``\s-1CE''/\s0``certificate expired''" 4 -.IX Item "CE/certificate expired" +.IP """CE""/""certificate expired""" 4 +.IX Item """CE""/""certificate expired""" A certificate has expired or is not currently valid. -.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4 -.el .IP "``\s-1CU''/\s0``certificate unknown''" 4 -.IX Item "CU/certificate unknown" +.IP """CU""/""certificate unknown""" 4 +.IX Item """CU""/""certificate unknown""" Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. -.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4 -.el .IP "``\s-1IP''/\s0``illegal parameter''" 4 -.IX Item "IP/illegal parameter" +.IP """IP""/""illegal parameter""" 4 +.IX Item """IP""/""illegal parameter""" A field in the handshake was out of range or inconsistent with other fields. This is always fatal. -.ie n .IP """\s-1DC""/\s0""decryption failed""" 4 -.el .IP "``\s-1DC''/\s0``decryption failed''" 4 -.IX Item "DC/decryption failed" -A TLSCiphertext decrypted in an invalid way: either it wasn't an +.IP """DC""/""decryption failed""" 4 +.IX Item """DC""/""decryption failed""" +A TLSCiphertext decrypted in an invalid way: either it wasn\*(Aqt an even multiple of the block length or its padding values, when -checked, weren't correct. This message is always fatal. -.ie n .IP """\s-1RO""/\s0""record overflow""" 4 -.el .IP "``\s-1RO''/\s0``record overflow''" 4 -.IX Item "RO/record overflow" +checked, weren\*(Aqt correct. This message is always fatal. +.IP """RO""/""record overflow""" 4 +.IX Item """RO""/""record overflow""" A TLSCiphertext record was received which had a length more than 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always fatal. -.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4 -.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4 -.IX Item "CA/unknown CA" +.IP """CA""/""unknown CA""" 4 +.IX Item """CA""/""unknown CA""" A valid certificate chain or partial chain was received, but the -certificate was not accepted because the \s-1CA\s0 certificate could not -be located or couldn't be matched with a known, trusted \s-1CA.\s0 This +certificate was not accepted because the CA certificate could not +be located or couldn\*(Aqt be matched with a known, trusted CA. This message is always fatal. -.ie n .IP """\s-1AD""/\s0""access denied""" 4 -.el .IP "``\s-1AD''/\s0``access denied''" 4 -.IX Item "AD/access denied" +.IP """AD""/""access denied""" 4 +.IX Item """AD""/""access denied""" A valid certificate was received, but when access control was applied, the sender decided not to proceed with negotiation. This message is always fatal. -.ie n .IP """\s-1DE""/\s0""decode error""" 4 -.el .IP "``\s-1DE''/\s0``decode error''" 4 -.IX Item "DE/decode error" +.IP """DE""/""decode error""" 4 +.IX Item """DE""/""decode error""" A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal. -.ie n .IP """\s-1CY""/\s0""decrypt error""" 4 -.el .IP "``\s-1CY''/\s0``decrypt error''" 4 -.IX Item "CY/decrypt error" +.IP """CY""/""decrypt error""" 4 +.IX Item """CY""/""decrypt error""" A handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message. -.ie n .IP """\s-1ER""/\s0""export restriction""" 4 -.el .IP "``\s-1ER''/\s0``export restriction''" 4 -.IX Item "ER/export restriction" +.IP """ER""/""export restriction""" 4 +.IX Item """ER""/""export restriction""" A negotiation not in compliance with export restrictions was detected; for example, attempting to transfer a 1024 bit -ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This +ephemeral RSA key for the RSA_EXPORT handshake method. This message is always fatal. -.ie n .IP """\s-1PV""/\s0""protocol version""" 4 -.el .IP "``\s-1PV''/\s0``protocol version''" 4 -.IX Item "PV/protocol version" +.IP """PV""/""protocol version""" 4 +.IX Item """PV""/""protocol version""" The protocol version the client has attempted to negotiate is recognized, but not supported. (For example, old protocol versions might be avoided for security reasons). This message is always fatal. -.ie n .IP """\s-1IS""/\s0""insufficient security""" 4 -.el .IP "``\s-1IS''/\s0``insufficient security''" 4 -.IX Item "IS/insufficient security" +.IP """IS""/""insufficient security""" 4 +.IX Item """IS""/""insufficient security""" Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal. -.ie n .IP """\s-1IE""/\s0""internal error""" 4 -.el .IP "``\s-1IE''/\s0``internal error''" 4 -.IX Item "IE/internal error" +.IP """IE""/""internal error""" 4 +.IX Item """IE""/""internal error""" An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue (such as a memory allocation failure). This message is always fatal. -.ie n .IP """\s-1US""/\s0""user canceled""" 4 -.el .IP "``\s-1US''/\s0``user canceled''" 4 -.IX Item "US/user canceled" +.IP """US""/""user canceled""" 4 +.IX Item """US""/""user canceled""" This handshake is being canceled for some reason unrelated to a protocol failure. If the user cancels an operation after the handshake is complete, just closing the connection by sending a close_notify is more appropriate. This alert should be followed by a close_notify. This message is generally a warning. -.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4 -.el .IP "``\s-1NR''/\s0``no renegotiation''" 4 -.IX Item "NR/no renegotiation" +.IP """NR""/""no renegotiation""" 4 +.IX Item """NR""/""no renegotiation""" Sent by the client in response to a hello request or by the server in response to a client hello after initial handshaking. Either of these would normally lead to renegotiation; when that @@ -346,24 +244,22 @@ (key length, authentication, etc.) at startup and it might be difficult to communicate changes to these parameters after that point. This message is always a warning. -.ie n .IP """\s-1UP""/\s0""unknown \s-1PSK\s0 identity""" 4 -.el .IP "``\s-1UP''/\s0``unknown \s-1PSK\s0 identity''" 4 -.IX Item "UP/unknown PSK identity" -Sent by the server to indicate that it does not recognize a \s-1PSK\s0 -identity or an \s-1SRP\s0 identity. -.ie n .IP """\s-1UK""/\s0""unknown""" 4 -.el .IP "``\s-1UK''/\s0``unknown''" 4 -.IX Item "UK/unknown" +.IP """UP""/""unknown PSK identity""" 4 +.IX Item """UP""/""unknown PSK identity""" +Sent by the server to indicate that it does not recognize a PSK +identity or an SRP identity. +.IP """UK""/""unknown""" 4 +.IX Item """UK""/""unknown""" This indicates that no description is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3.orig +++ secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_ALLOC_BUFFERS 3ossl" -.TH SSL_ALLOC_BUFFERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_ALLOC_BUFFERS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,12 +73,12 @@ \& int SSL_free_buffers(SSL *ssl); \& int SSL_alloc_buffers(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. \&\fBSSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. .PP -The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever +The \fBSSL_MODE_RELEASE_BUFFERS\fR mode releases read or write buffers whenever the buffers have been drained. These functions allow applications to manually control when buffers are freed and allocated. .PP @@ -184,11 +109,11 @@ \&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), \&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3), \&\fBCRYPTO_set_mem_functions\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_check_chain.3.orig +++ secure/lib/libcrypto/man/man3/SSL_check_chain.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CHECK_CHAIN 3ossl" -.TH SSL_CHECK_CHAIN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CHECK_CHAIN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_check_chain \- check certificate chain suitability -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and certificate chain \fBchain\fR is suitable for use with the current session @@ -157,36 +82,36 @@ \&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the chain. .PP -\&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. +\&\fBCERT_PKEY_VALID\fR: the chain can be used with the current session. If this flag is \fBnot\fR set then the certificate will never be used even if the application tries to set it because it is inconsistent with the peer preferences. .PP -\&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing. +\&\fBCERT_PKEY_SIGN\fR: the EE key can be used for signing. .PP -\&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is +\&\fBCERT_PKEY_EE_SIGNATURE\fR: the signature algorithm of the EE certificate is acceptable. .PP -\&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates +\&\fBCERT_PKEY_CA_SIGNATURE\fR: the signature algorithms of all CA certificates are acceptable. .PP -\&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are +\&\fBCERT_PKEY_EE_PARAM\fR: the parameters of the end entity certificate are acceptable (e.g. it is a supported curve). .PP -\&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable. +\&\fBCERT_PKEY_CA_PARAM\fR: the parameters of all CA certificates are acceptable. .PP -\&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm +\&\fBCERT_PKEY_EXPLICIT_SIGN\fR: the end entity certificate algorithm can be used explicitly for signing (i.e. it is mentioned in the signature algorithms extension). .PP -\&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only +\&\fBCERT_PKEY_ISSUER_NAME\fR: the issuer name is acceptable. This is only meaningful for client authentication. .PP -\&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful +\&\fBCERT_PKEY_CERT_TYPE\fR: the certificate type is acceptable. Only meaningful for client authentication. .PP -\&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. -.SH "NOTES" +\&\fBCERT_PKEY_SUITEB\fR: chain is suitable for Suite B use. +.SH NOTES .IX Header "NOTES" \&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in clients after a certificate request message. It will typically be called @@ -197,29 +122,29 @@ most secure. It could then use the chain of the first set which returns suitable flags. .PP -As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be -usable. An application supporting multiple chains with different \s-1CA\s0 signature -algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no +As a minimum the flag \fBCERT_PKEY_VALID\fR must be set for a chain to be +usable. An application supporting multiple chains with different CA signature +algorithms may also wish to check \fBCERT_PKEY_CA_SIGNATURE\fR too. If no chain is suitable a server should fall back to the most secure chain which -sets \fB\s-1CERT_PKEY_VALID\s0\fR. +sets \fBCERT_PKEY_VALID\fR. .PP The validity of a chain is determined by checking if it matches a supported signature algorithm, supported curves and in the case of client authentication certificate types and issuer names. .PP -Since the supported signature algorithms extension is only used in \s-1TLS 1.2, -TLS 1.3\s0 and \s-1DTLS 1.2\s0 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not -be very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain -for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 +Since the supported signature algorithms extension is only used in TLS 1.2, +TLS 1.3 and DTLS 1.2 the results for earlier versions of TLS and DTLS may not +be very useful. Applications may wish to specify a different "legacy" chain +for earlier versions of TLS or DTLS. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_cert_cb\fR\|(3), \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_clear.3.orig +++ secure/lib/libcrypto/man/man3/SSL_clear.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,109 +53,50 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CLEAR 3ossl" -.TH SSL_CLEAR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CLEAR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_clear \- reset SSL object to allow another connection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_clear(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Reset \fBssl\fR to allow another connection. All settings (method, ciphers, BIOs) are kept. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all -settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. +SSL_clear is used to prepare an SSL object for a new connection. While all +settings are kept, a side effect is the handling of the current SSL session. If a session is still \fBopen\fR, it is considered bad and will be removed -from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, +from the session cache, as required by RFC2246. A session is considered open, if \fBSSL_shutdown\fR\|(3) was not called for the connection or at least \fBSSL_set_shutdown\fR\|(3) was used to -set the \s-1SSL_SENT_SHUTDOWN\s0 state. +set the SSL_SENT_SHUTDOWN state. .PP If a session was closed cleanly, the session object will be kept and all settings corresponding. This explicitly means, that e.g. the special method used during the session will be kept for the next handshake. So if the -session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client -method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 +session was a TLSv1 session, a SSL client object will use a TLSv1 client +method for the next handshake and a SSL server object will use a TLSv1 server method, even if TLS_*_methods were chosen on startup. This will might lead to connection failures (see \fBSSL_new\fR\|(3)) -for a description of the method's properties. -.SH "WARNINGS" +for a description of the method\*(Aqs properties. +.SH WARNINGS .IX Header "WARNINGS" -\&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +\&\fBSSL_clear()\fR resets the SSL object to allow for another connection. The reset operation however keeps several settings of the last sessions (some of these settings were made automatically during the last handshake). It only makes sense for a new connection with the exact @@ -187,10 +112,10 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "0" 4 +.IP 0 4 The \fBSSL_clear()\fR operation could not be performed. Check the error stack to find out the reason. -.IP "1" 4 +.IP 1 4 .IX Item "1" The \fBSSL_clear()\fR operation was successful. .PP @@ -198,11 +123,11 @@ \&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(7), \&\fBSSL_CTX_set_client_cert_cb\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_connect.3.orig +++ secure/lib/libcrypto/man/man3/SSL_connect.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,136 +53,77 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_CONNECT 3ossl" -.TH SSL_CONNECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_CONNECT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_connect(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +\&\fBSSL_connect()\fR initiates the TLS/SSL handshake with a server. The communication channel must already have been set and assigned to the \fBssl\fR by setting an -underlying \fB\s-1BIO\s0\fR. -.SH "NOTES" +underlying \fBBIO\fR. +.SH NOTES .IX Header "NOTES" -The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_connect()\fR depends on the underlying BIO. .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the +If the underlying BIO is \fBblocking\fR, \fBSSL_connect()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_connect()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR +If the underlying BIO is \fBnonblocking\fR, \fBSSL_connect()\fR will also return +when the underlying BIO could not satisfy the needs of \fBSSL_connect()\fR to continue the handshake, indicating the problem by the return value \-1. In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +return value of \fBSSL_connect()\fR will yield \fBSSL_ERROR_WANT_READ\fR or +\&\fBSSL_ERROR_WANT_WRITE\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue. .PP -Many systems implement Nagle's algorithm by default which means that it will -buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no -corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance +Many systems implement Nagle\*(Aqs algorithm by default which means that it will +buffer outgoing TCP data if a TCP packet has already been sent for which no +corresponding ACK has been received yet from the peer. This can have performance impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) resumption handshake, because the last peer to communicate in the handshake is the client. If the client is also the first to send application data (as is -typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has +typical for many protocols) then this data could be buffered until an ACK has been received for the final handshake message. .PP -The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's -algorithm. If an application opts to disable Nagle's algorithm consideration +The \fBTCP_NODELAY\fR socket option is often available to disable Nagle\*(Aqs +algorithm. If an application opts to disable Nagle\*(Aqs algorithm consideration should be given to turning it back on again later if appropriate. The helper -function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR +function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fBTCP_NODELAY\fR option. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +.IP 0 4 +The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.IP "1" 4 +.IP 1 4 .IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. -.IP "<0" 4 +.IP <0 4 .IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either +The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR @@ -210,11 +135,11 @@ \&\fBSSL_set_connect_state\fR\|(3), \&\fBSSL_do_handshake\fR\|(3), \&\fBSSL_CTX_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_do_handshake.3.orig +++ secure/lib/libcrypto/man/man3/SSL_do_handshake.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,122 +53,63 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_DO_HANDSHAKE 3ossl" -.TH SSL_DO_HANDSHAKE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_DO_HANDSHAKE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_do_handshake \- perform a TLS/SSL handshake -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_do_handshake(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +\&\fBSSL_do_handshake()\fR will wait for a SSL/TLS handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either \&\fBSSL_set_connect_state\fR\|(3) or \&\fBSSL_set_accept_state\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_do_handshake()\fR depends on the underlying BIO. .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return +If the underlying BIO is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_do_handshake()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR +If the underlying BIO is \fBnonblocking\fR, \fBSSL_do_handshake()\fR will also return +when the underlying BIO could not satisfy the needs of \fBSSL_do_handshake()\fR to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +return value of \fBSSL_do_handshake()\fR will yield \fBSSL_ERROR_WANT_READ\fR or +\&\fBSSL_ERROR_WANT_WRITE\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +.IP 0 4 +The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.IP "1" 4 +.IP 1 4 .IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. -.IP "<0" 4 +.IP <0 4 .IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR @@ -194,11 +119,11 @@ \&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), \&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), \&\fBSSL_set_connect_state\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_export_keying_material.3.orig +++ secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_EXPORT_KEYING_MATERIAL 3ossl" -.TH SSL_EXPORT_KEYING_MATERIAL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_EXPORT_KEYING_MATERIAL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying material for application use -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,20 +82,20 @@ \& const unsigned char *context, \& size_t contextlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is +During the creation of a TLS or DTLS connection shared keying material is established between the two endpoints. The functions \&\fBSSL_export_keying_material()\fR and \fBSSL_export_keying_material_early()\fR enable an application to use some of this keying material for its own purposes in -accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). +accordance with RFC5705 (for TLSv1.2 and below) or RFC8446 (for TLSv1.3). .PP \&\fBSSL_export_keying_material()\fR derives keying material using the \fIexporter_master_secret\fR established in the handshake. .PP \&\fBSSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives keying material using the \fIearly_exporter_master_secret\fR (as defined in the -\&\s-1TLS 1.3 RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only +TLS 1.3 RFC). For the client, the \fIearly_exporter_master_secret\fR is only available when the client attempts to send 0\-RTT data. For the server, it is only available when the server accepts 0\-RTT data. .PP @@ -180,7 +105,7 @@ the context. The context value is left to the application but must be the same on both sides of the communication. .PP -For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to +For a given SSL connection \fBs\fR, \fBolen\fR bytes of data will be written to \&\fBout\fR. The application specific context should be supplied in the location pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of a context is optional. If the context should be omitted entirely then @@ -193,9 +118,9 @@ .PP An application specific label should be provided in the location pointed to by \&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from -the \s-1IANA\s0 Exporter Label Registry +the IANA Exporter Label Registry (). -Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard +Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard to be used without registration. TLSv1.3 imposes a maximum label length of 249 bytes. .PP @@ -209,14 +134,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_extension_supported.3.orig +++ secure/lib/libcrypto/man/man3/SSL_extension_supported.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_EXTENSION_SUPPORTED 3ossl" -.TH SSL_EXTENSION_SUPPORTED 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_EXTENSION_SUPPORTED 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_extension_supported, SSL_custom_ext_add_cb_ex, SSL_custom_ext_free_cb_ex, @@ -147,7 +72,7 @@ SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb \&\- custom TLS extension handling -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -207,16 +132,16 @@ \& \& int SSL_extension_supported(unsigned int ext_type); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server +\&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a TLS/DTLS client or server for all supported protocol versions with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the -\&\*(L"\s-1EXTENSION CALLBACKS\*(R"\s0 section below). The \fBcontext\fR value determines +"EXTENSION CALLBACKS" section below). The \fBcontext\fR value determines which messages and under what conditions the extension will be added/parsed (see -the \*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 section below). +the "EXTENSION CONTEXTS" section below). .PP -\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client +\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a TLS/DTLS client with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only applies to clients, uses the older style of callbacks, and implicitly sets the @@ -227,14 +152,14 @@ \& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION .Ve .PP -\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server +\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a TLS/DTLS server with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only applies to servers, uses the older style of callbacks, and implicitly sets the \fBcontext\fR value to the same as for \fBSSL_CTX_add_client_custom_ext()\fR above. .PP The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of -\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 In all cases the extension type must not be +RFC5246 et al. It is \fBnot\fR a NID. In all cases the extension type must not be handled by OpenSSL internally or an error occurs. .PP \&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled @@ -242,11 +167,11 @@ .SH "EXTENSION CALLBACKS" .IX Header "EXTENSION CALLBACKS" The callback \fBadd_cb\fR is called to send custom extension data to be -included in various \s-1TLS\s0 messages. The \fBext_type\fR parameter is set to the +included in various TLS messages. The \fBext_type\fR parameter is set to the extension type which will be added and \fBadd_arg\fR to the value set when the extension handler was added. When using the new style callbacks the \fBcontext\fR parameter will indicate which message is currently being constructed e.g. for -the ClientHello it will be set to \fB\s-1SSL_EXT_CLIENT_HELLO\s0\fR. +the ClientHello it will be set to \fBSSL_EXT_CLIENT_HELLO\fR. .PP If the application wishes to include the extension \fBext_type\fR it should set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the @@ -254,12 +179,12 @@ .PP If the \fBadd_cb\fR does not wish to include the extension it must return 0. .PP -If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 +If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the TLS alert value specified in \fB*al\fR. .PP -When constructing the ClientHello, if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length +When constructing the ClientHello, if \fBadd_cb\fR is set to NULL a zero length extension is added for \fBext_type\fR. For all other messages if \fBadd_cb\fR is set -to \s-1NULL\s0 then no extension is added. +to NULL then no extension is added. .PP When constructing a Certificate message the callback will be called for each certificate in the message. The \fBx\fR parameter will indicate the @@ -284,9 +209,9 @@ constant (to permit use of constant data in \fBadd_cb\fR) applications may need to cast away const to free the data. .PP -The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. The callback is only +The callback \fBparse_cb\fR receives data for TLS extensions. The callback is only called if the extension is present and relevant for the context (see -\&\*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 below). +"EXTENSION CONTEXTS" below). .PP The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the extension \fBext_type\fR. @@ -300,7 +225,7 @@ .PP If the \fBparse_cb\fR considers the extension data acceptable it must return 1. If it returns 0 or a negative value a fatal handshake error occurs -using the \s-1TLS\s0 alert value specified in \fB*al\fR. +using the TLS alert value specified in \fB*al\fR. .PP The buffer \fBin\fR is a temporary internal buffer which will not be valid after the callback returns. @@ -308,65 +233,65 @@ .IX Header "EXTENSION CONTEXTS" An extension context defines which messages and under which conditions an extension should be added or expected. The context is built up by performing -a bitwise \s-1OR\s0 of multiple pre-defined values together. The valid context values +a bitwise OR of multiple pre\-defined values together. The valid context values are: -.IP "\s-1SSL_EXT_TLS_ONLY\s0" 4 +.IP SSL_EXT_TLS_ONLY 4 .IX Item "SSL_EXT_TLS_ONLY" -The extension is only allowed in \s-1TLS\s0 -.IP "\s-1SSL_EXT_DTLS_ONLY\s0" 4 +The extension is only allowed in TLS +.IP SSL_EXT_DTLS_ONLY 4 .IX Item "SSL_EXT_DTLS_ONLY" -The extension is only allowed in \s-1DTLS\s0 -.IP "\s-1SSL_EXT_TLS_IMPLEMENTATION_ONLY\s0" 4 +The extension is only allowed in DTLS +.IP SSL_EXT_TLS_IMPLEMENTATION_ONLY 4 .IX Item "SSL_EXT_TLS_IMPLEMENTATION_ONLY" -The extension is allowed in \s-1DTLS,\s0 but there is only a \s-1TLS\s0 implementation -available (so it is ignored in \s-1DTLS\s0). -.IP "\s-1SSL_EXT_SSL3_ALLOWED\s0" 4 +The extension is allowed in DTLS, but there is only a TLS implementation +available (so it is ignored in DTLS). +.IP SSL_EXT_SSL3_ALLOWED 4 .IX Item "SSL_EXT_SSL3_ALLOWED" Extensions are not typically defined for SSLv3. Setting this value will allow the extension in SSLv3. Applications will not typically need to use this. -.IP "\s-1SSL_EXT_TLS1_2_AND_BELOW_ONLY\s0" 4 +.IP SSL_EXT_TLS1_2_AND_BELOW_ONLY 4 .IX Item "SSL_EXT_TLS1_2_AND_BELOW_ONLY" The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will ignore this extension if it is present in the ClientHello and TLSv1.3 is negotiated. -.IP "\s-1SSL_EXT_TLS1_3_ONLY\s0" 4 +.IP SSL_EXT_TLS1_3_ONLY 4 .IX Item "SSL_EXT_TLS1_3_ONLY" -The extension is only defined for \s-1TLS1.3\s0 and above. Servers will ignore this +The extension is only defined for TLS1.3 and above. Servers will ignore this extension if it is present in the ClientHello and TLSv1.2 or below is negotiated. -.IP "\s-1SSL_EXT_IGNORE_ON_RESUMPTION\s0" 4 +.IP SSL_EXT_IGNORE_ON_RESUMPTION 4 .IX Item "SSL_EXT_IGNORE_ON_RESUMPTION" The extension will be ignored during parsing if a previous session is being successfully resumed. -.IP "\s-1SSL_EXT_CLIENT_HELLO\s0" 4 +.IP SSL_EXT_CLIENT_HELLO 4 .IX Item "SSL_EXT_CLIENT_HELLO" The extension may be present in the ClientHello message. -.IP "\s-1SSL_EXT_TLS1_2_SERVER_HELLO\s0" 4 +.IP SSL_EXT_TLS1_2_SERVER_HELLO 4 .IX Item "SSL_EXT_TLS1_2_SERVER_HELLO" The extension may be present in a TLSv1.2 or below compatible ServerHello message. -.IP "\s-1SSL_EXT_TLS1_3_SERVER_HELLO\s0" 4 +.IP SSL_EXT_TLS1_3_SERVER_HELLO 4 .IX Item "SSL_EXT_TLS1_3_SERVER_HELLO" The extension may be present in a TLSv1.3 compatible ServerHello message. -.IP "\s-1SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS\s0" 4 +.IP SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 4 .IX Item "SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS" The extension may be present in an EncryptedExtensions message. -.IP "\s-1SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST\s0" 4 +.IP SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 4 .IX Item "SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST" The extension may be present in a HelloRetryRequest message. -.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE\s0" 4 +.IP SSL_EXT_TLS1_3_CERTIFICATE 4 .IX Item "SSL_EXT_TLS1_3_CERTIFICATE" The extension may be present in a TLSv1.3 compatible Certificate message. -.IP "\s-1SSL_EXT_TLS1_3_NEW_SESSION_TICKET\s0" 4 +.IP SSL_EXT_TLS1_3_NEW_SESSION_TICKET 4 .IX Item "SSL_EXT_TLS1_3_NEW_SESSION_TICKET" The extension may be present in a TLSv1.3 compatible NewSessionTicket message. -.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE_REQUEST\s0" 4 +.IP SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 4 .IX Item "SSL_EXT_TLS1_3_CERTIFICATE_REQUEST" The extension may be present in a TLSv1.3 compatible CertificateRequest message. .PP The context must include at least one message value (otherwise the extension will never be used). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values which will be passed to the corresponding callbacks. They can, for example, @@ -379,7 +304,7 @@ the ClientHello a fatal \fBunsupported_extension\fR alert is sent and the handshake is aborted. The ServerHello/EncryptedExtensions \fBadd_cb\fR callback is only called if the corresponding extension was received in the ClientHello. This -is compliant with the \s-1TLS\s0 specifications. This behaviour ensures that each +is compliant with the TLS specifications. This behaviour ensures that each callback is called at most once and that an application can never send unsolicited extensions. .SH "RETURN VALUES" @@ -396,14 +321,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2014\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_free.3.orig +++ secure/lib/libcrypto/man/man3/SSL_free.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,106 +53,47 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_FREE 3ossl" -.TH SSL_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_FREE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_free \- free an allocated SSL structure -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_free(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the SSL structure pointed to by \fBssl\fR and frees up the allocated memory if the reference count has reached 0. -If \fBssl\fR is \s-1NULL\s0 nothing is done. -.SH "NOTES" +If \fBssl\fR is NULL nothing is done. +.SH NOTES .IX Header "NOTES" \&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if -applicable: the buffering \s-1BIO,\s0 the read and write BIOs, -cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. +applicable: the buffering BIO, the read and write BIOs, +cipher lists specially created for this \fBssl\fR, the \fBSSL_SESSION\fR. Do not explicitly free these indirectly freed up items before or after calling \fBSSL_free()\fR, as trying to free things twice may lead to program failure. .PP -The ssl session has reference counts from two users: the \s-1SSL\s0 object, for +The ssl session has reference counts from two users: the SSL object, for which the reference count is removed by \fBSSL_free()\fR and the internal session cache. If the session is considered bad, because \&\fBSSL_shutdown\fR\|(3) was not called for the connection and \fBSSL_set_shutdown\fR\|(3) was not used to set the -\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed -from the session cache as required by \s-1RFC2246.\s0 +SSL_SENT_SHUTDOWN state, the session will also be removed +from the session cache as required by RFC2246. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_free()\fR does not provide diagnostic information. @@ -176,11 +101,11 @@ \&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,91 +53,32 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET0_PEER_SCTS 3ossl" -.TH SSL_GET0_PEER_SCTS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET0_PEER_SCTS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get0_peer_scts \- get SCTs received -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have been received. If this is the first time that this function has been called for -a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and -the peer's certificate for SCTs. Future calls will return the same SCTs. -.SH "RESTRICTIONS" +a given \fBSSL\fR instance, it will examine the TLS extensions, OCSP response and +the peer\*(Aqs certificate for SCTs. Future calls will return the same SCTs. +.SH RESTRICTIONS .IX Header "RESTRICTIONS" If no Certificate Transparency validation callback has been set (using \&\fBSSL_CTX_set_ct_validation_callback\fR or \fBSSL_set_ct_validation_callback\fR), @@ -161,16 +86,16 @@ capable of sending. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. +\&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or NULL if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,99 +53,40 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_SSL_CTX 3ossl" -.TH SSL_GET_SSL_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_SSL_CTX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the SSL_CTX object, from which \&\fBssl\fR was created with \fBSSL_new\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The pointer to the \s-1SSL_CTX\s0 object is returned. +The pointer to the SSL_CTX object is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_ALL_ASYNC_FDS 3ossl" -.TH SSL_GET_ALL_ASYNC_FDS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_ALL_ASYNC_FDS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- manage asynchronous operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -154,64 +79,64 @@ \& int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, \& OSSL_ASYNC_FD *delfd, size_t *numdelfds); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently -waiting for asynchronous operations to complete (see the \fB\s-1SSL_MODE_ASYNC\s0\fR mode +\&\fBSSL_waiting_for_async()\fR determines whether an SSL connection is currently +waiting for asynchronous operations to complete (see the \fBSSL_MODE_ASYNC\fR mode in \fBSSL_CTX_set_mode\fR\|(3)). .PP \&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous operation has completed or not. A completed operation will result in data -appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read -from the file descriptor). This function should only be called if the \fB\s-1SSL\s0\fR +appearing as "read ready" on the file descriptor (no actual data should be read +from the file descriptor). This function should only be called if the \fBSSL\fR object is currently waiting for asynchronous work to complete (i.e. -\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR has been received \- see \fBSSL_get_error\fR\|(3)). Typically +\&\fBSSL_ERROR_WANT_ASYNC\fR has been received \- see \fBSSL_get_error\fR\|(3)). Typically the list will only contain one file descriptor. However, if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in \fI*numfds\fR and the file descriptors themselves -are in \fI*fds\fR. The \fIfds\fR parameter may be \s-1NULL\s0 in which case no file +are in \fI*fds\fR. The \fIfds\fR parameter may be NULL in which case no file descriptors are returned but \fI*numfds\fR is still populated. It is the callers responsibility to ensure sufficient memory is allocated at \fI*fds\fR so typically -this function is called twice (once with a \s-1NULL\s0 \fIfds\fR parameter and once +this function is called twice (once with a NULL \fIfds\fR parameter and once without). .PP \&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors that have been added and a list that have been deleted since the last -\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR was received (or since the \fB\s-1SSL\s0\fR object was created if -no \fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR has been received). Similar to \fBSSL_get_all_async_fds()\fR +\&\fBSSL_ERROR_WANT_ASYNC\fR was received (or since the \fBSSL\fR object was created if +no \fBSSL_ERROR_WANT_ASYNC\fR has been received). Similar to \fBSSL_get_all_async_fds()\fR it is the callers responsibility to ensure that \fI*addfd\fR and \fI*delfd\fR have -sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds +sufficient memory allocated, although they may be NULL. The number of added fds and the number of deleted fds are stored in \fI*numaddfds\fR and \fI*numdelfds\fR respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting +\&\fBSSL_waiting_for_async()\fR will return 1 if the current SSL operation is waiting for an async operation to complete and 0 otherwise. .PP \&\fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR return 1 on success or 0 on error. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" On Windows platforms the \fI\fR header is dependent on some of the types customarily made available by including \fI\fR. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, -it is defined as an application developer's responsibility to include +it is defined as an application developer\*(Aqs responsibility to include \&\fI\fR prior to \fI\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_certificate.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_certificate.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_CERTIFICATE 3ossl" -.TH SSL_GET_CERTIFICATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_CERTIFICATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_certificate, SSL_get_privatekey \- retrieve TLS/SSL certificate and private key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,20 +74,20 @@ \& X509 *SSL_get_certificate(const SSL *s); \& EVP_PKEY *SSL_get_privatekey(const SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_certificate()\fR returns a pointer to an \fBX509\fR object representing a -certificate used as the local peer's identity. +certificate used as the local peer\*(Aqs identity. .PP Multiple certificates can be configured; for example, a server might have both -\&\s-1RSA\s0 and \s-1ECDSA\s0 certificates. The certificate which is returned by +RSA and ECDSA certificates. The certificate which is returned by \&\fBSSL_get_certificate()\fR is determined as follows: -.IP "\(bu" 4 +.IP \(bu 4 If it is called before certificate selection has occurred, it returns the most -recently added certificate, or \s-1NULL\s0 if no certificate has been added. -.IP "\(bu" 4 +recently added certificate, or NULL if no certificate has been added. +.IP \(bu 4 After certificate selection has occurred, it returns the certificate which was -selected during the handshake, or \s-1NULL\s0 if no certificate was selected (for +selected during the handshake, or NULL if no certificate was selected (for example, on a client where no client certificate is in use). .PP Certificate selection occurs during the handshake; therefore, the value returned @@ -172,25 +97,25 @@ .PP A specific use for \fBSSL_get_certificate()\fR is inside a callback set via a call to \&\fBSSL_CTX_set_tlsext_status_cb\fR\|(3). This callback occurs after certificate -selection, where it can be used to examine a server's chosen certificate, for -example for the purpose of identifying a certificate's \s-1OCSP\s0 responder \s-1URL\s0 so -that an \s-1OCSP\s0 response can be obtained. +selection, where it can be used to examine a server\*(Aqs chosen certificate, for +example for the purpose of identifying a certificate\*(Aqs OCSP responder URL so +that an OCSP response can be obtained. .PP -\&\fBSSL_get_privatekey()\fR returns a pointer to the \fB\s-1EVP_PKEY\s0\fR object corresponding +\&\fBSSL_get_privatekey()\fR returns a pointer to the \fBEVP_PKEY\fR object corresponding to the certificate returned by \fBSSL_get_certificate()\fR, if any. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return pointers to their respective objects, or \s-1NULL\s0 if no such -object is available. Returned objects are owned by the \s-1SSL\s0 object and should not +These functions return pointers to their respective objects, or NULL if no such +object is available. Returned objects are owned by the SSL object and should not be freed by users of these functions. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_status_cb\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_ciphers.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_CIPHERS 3ossl" -.TH SSL_GET_CIPHERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_CIPHERS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, @@ -147,7 +72,7 @@ SSL_get_cipher_list, SSL_get_shared_ciphers \&\- get list of available SSL_CIPHERs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,10 +87,10 @@ \& const char *SSL_get_cipher_list(const SSL *ssl, int priority); \& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, -sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 +sorted by preference. If \fBssl\fR is NULL or no ciphers are available, NULL is returned. .PP \&\fBSSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. @@ -174,36 +99,36 @@ \&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). The list depends on settings like the cipher list, the supported protocol versions, the security level, and the enabled signature algorithms. -\&\s-1SRP\s0 and \s-1PSK\s0 ciphers are only enabled if the appropriate callbacks or settings +SRP and PSK ciphers are only enabled if the appropriate callbacks or settings have been applied. The list of ciphers that would be sent in a ClientHello can differ from the list of ciphers that would be acceptable when acting as a server. For example, additional ciphers may be usable by a server if there is a gap in the list of supported protocols, and some ciphers may not be usable by a server if there is not a suitable certificate configured. -If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. +If \fBssl\fR is NULL or no ciphers are available, NULL is returned. .PP \&\fBSSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the -list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are -available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. +list received from the client on \fBssl\fR. If \fBssl\fR is NULL, no ciphers are +available, or \fBssl\fR is not operating in server mode, NULL is returned. .PP \&\fBSSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR -as a wire-protocol cipher suite specification (in the three-octet-per-cipher -SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet +as a wire\-protocol cipher suite specification (in the three\-octet\-per\-cipher +SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two\-octet SSLv3/TLS wire format), and parses the cipher suites supported by the library -into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-Suite +into the returned stacks of SSL_CIPHER objects sk and Signalling Cipher\-Suite Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success and 0 on failure. .PP -\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 -listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are -available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 +\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the SSL_CIPHER +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is NULL, no ciphers are +available, or there are less ciphers than \fBpriority\fR available, NULL is returned. .PP -\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of -\&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is +\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. \fBbuf\fR is the buffer that should be populated with the list of names and \fBsize\fR is the -size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on +size of that buffer. A pointer to \fBbuf\fR is returned on success or NULL on error. If the supplied buffer is not large enough to contain the complete list of names then a truncated list of names will be returned. Note that just because a ciphersuite is available (i.e. it is configured in the cipher list) and shared @@ -212,18 +137,18 @@ available shared ciphersuites whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The details of the ciphers obtained by \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR \&\fBSSL_get1_supported_ciphers()\fR and \fBSSL_get_client_ciphers()\fR can be obtained using the \fBSSL_CIPHER_get_name\fR\|(3) family of functions. .PP Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the -sorted list of available ciphers, until \s-1NULL\s0 is returned. +sorted list of available ciphers, until NULL is returned. .PP Note: \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR and \fBSSL_get_client_ciphers()\fR return a pointer to an internal cipher stack, which will be freed later on when -the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST NOT\s0\fR +the SSL or SSL_SESSION object is freed. Therefore, the calling code \fBMUST NOT\fR free the return value itself. .PP The stack returned by \fBSSL_get1_supported_ciphers()\fR should be freed using @@ -233,16 +158,16 @@ \&\fBsk_SSL_CIPHER_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -See \s-1DESCRIPTION\s0 +See DESCRIPTION .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), \&\fBSSL_CIPHER_get_name\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_client_random.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_client_random.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_CLIENT_RANDOM 3ossl" -.TH SSL_GET_CLIENT_RANDOM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_CLIENT_RANDOM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key \&\- get internal TLS/SSL random values and get/set master key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,10 +81,10 @@ \& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, \& size_t len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_client_random()\fR extracts the random value sent from the client -to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many +to the server during the initial SSL/TLS handshake. It copies as many bytes as it can of this value into the buffer provided in \fBout\fR, which must have at least \fBoutlen\fR bytes available. It returns the total number of bytes that were actually copied. If \fBoutlen\fR is @@ -167,47 +92,47 @@ total size of the client_random value. .PP \&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value -sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. +sent from the server to the client during the initial SSL/TLS handshake. .PP \&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master -secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one -can be dangerous if misused; see \s-1NOTES\s0 below. +secret used to guarantee the security of the SSL/TLS session. This one +can be dangerous if misused; see NOTES below. .PP \&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the -\&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based -\&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length +SSL_SESSION \fBsess\fR. For example, this could be used to set up a session based +PSK (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length \&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the function, so the caller is responsible for freeing and cleaning any memory associated with \fBin\fR. The caller must ensure that the length of the key is -suitable for the ciphersuite associated with the \s-1SSL_SESSION.\s0 -.SH "NOTES" +suitable for the ciphersuite associated with the SSL_SESSION. +.SH NOTES .IX Header "NOTES" -You probably shouldn't use these functions. +You probably shouldn\*(Aqt use these functions. .PP -These functions expose internal values from the \s-1TLS\s0 handshake, for -use in low-level protocols. You probably should not use them, unless +These functions expose internal values from the TLS handshake, for +use in low\-level protocols. You probably should not use them, unless you are implementing something that needs access to the internal protocol details. .PP Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they -\&\s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that -were already generated and used in the \s-1TLS\s0 protocol. Using them +ARE NOT random number generators. Instead, they return the mostly\-random values that +were already generated and used in the TLS protocol. Using them in place of \fBRAND_bytes()\fR would be grossly foolish. .PP -The security of your \s-1TLS\s0 session depends on keeping the master key secret: +The security of your TLS session depends on keeping the master key secret: do not expose it, or any information about it, to anybody. If you need to calculate another secret value that depends on the master secret, you should probably use \fBSSL_export_keying_material()\fR instead, and forget that you ever saw these functions. .PP -In current versions of the \s-1TLS\s0 protocols, the length of client_random -(and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for +In current versions of the TLS protocols, the length of client_random +(and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided -in case of the unlikely event that a future version or variant of \s-1TLS\s0 +in case of the unlikely event that a future version or variant of TLS uses some other length there. .PP -Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called -\&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those +Finally, though the "client_random" and "server_random" values are called +"random", many TLS implementations will generate four bytes of those values based on their view of the current time. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -216,18 +141,18 @@ For the other functions, if \fBoutlen\fR is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to \&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number -of bytes they would copy \*(-- that is, the length of the underlying field. +of bytes they would copy \-\- that is, the length of the underlying field. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBRAND_bytes\fR\|(3), \&\fBSSL_export_keying_material\fR\|(3), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_CURRENT_CIPHER 3ossl" -.TH SSL_GET_CURRENT_CIPHER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_CURRENT_CIPHER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher \- get SSL_CIPHER of a connection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,9 +80,9 @@ \& int SSL_get_cipher_bits(const SSL *s, int *np); \& const char *SSL_get_cipher_version(const SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +\&\fBSSL_get_current_cipher()\fR returns a pointer to an SSL_CIPHER object containing the description of the actually used cipher of a connection established with the \fBssl\fR object. See \fBSSL_CIPHER_get_name\fR\|(3) for more details. @@ -169,34 +94,34 @@ macro to obtain the number of secret/algorithm bits used and \&\fBSSL_get_cipher_version()\fR returns the protocol name. .PP -\&\fBSSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +\&\fBSSL_get_pending_cipher()\fR returns a pointer to an SSL_CIPHER object containing the description of the cipher (if any) that has been negotiated for future use on the connection established with the \fBssl\fR object, but is not yet in use. This may be the case during handshake processing, when control flow can be returned to the application via any of several callback methods. The internal sequencing of handshake processing and callback invocation is not guaranteed to be stable from release to release, and at present only the callback set -by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. +by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non\-NULL return value. Other callbacks may be added to this list over time. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if +\&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or NULL if no session has been established. .PP \&\fBSSL_get_pending_cipher()\fR returns the cipher to be used at the next change -of cipher suite, or \s-1NULL\s0 if no such cipher is known. -.SH "NOTES" +of cipher suite, or NULL if no such cipher is known. +.SH NOTES .IX Header "NOTES" SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and SSL_get_cipher_name are implemented as macros. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CIPHER_get_name\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,89 +53,30 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_DEFAULT_TIMEOUT 3ossl" -.TH SSL_GET_DEFAULT_TIMEOUT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_DEFAULT_TIMEOUT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_default_timeout \- get default session timeout value -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_get_default_timeout(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to -\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. -.SH "NOTES" +SSL_SESSION objects negotiated for the protocol valid for \fBssl\fR. +.SH NOTES .IX Header "NOTES" Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout @@ -171,11 +96,11 @@ \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3), \&\fBSSL_get_default_timeout\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_error.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_error.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,145 +53,88 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_ERROR 3ossl" -.TH SSL_GET_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_ERROR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_error \- obtain result code for TLS/SSL I/O operation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_get_error(const SSL *ssl, int ret); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +\&\fBSSL_get_error()\fR returns a result code (suitable for the C "switch" statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR, \&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_shutdown()\fR, -\&\fBSSL_write_ex()\fR or \fBSSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 +\&\fBSSL_write_ex()\fR or \fBSSL_write()\fR on \fBssl\fR. The value returned by that TLS/SSL I/O function must be passed to \fBSSL_get_error()\fR in parameter \fBret\fR. .PP In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the -current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be -used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no +current thread\*(Aqs OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be +used in the same thread that performed the TLS/SSL I/O operation, and no other OpenSSL function calls should appear in between. The current -thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is +thread\*(Aqs error queue must be empty before the TLS/SSL I/O operation is attempted, or \fBSSL_get_error()\fR will not work reliably. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -Some \s-1TLS\s0 implementations do not send a close_notify alert on shutdown. +Some TLS implementations do not send a close_notify alert on shutdown. .PP -On an unexpected \s-1EOF,\s0 versions before OpenSSL 3.0 returned -\&\fB\s-1SSL_ERROR_SYSCALL\s0\fR, nothing was added to the error stack, and errno was 0. -Since OpenSSL 3.0 the returned error is \fB\s-1SSL_ERROR_SSL\s0\fR with a meaningful -error on the error stack. +On an unexpected EOF, versions before OpenSSL 3.0 returned +\&\fBSSL_ERROR_SYSCALL\fR, nothing was added to the error stack, and errno was 0. +Since OpenSSL 3.0 the returned error is \fBSSL_ERROR_SSL\fR with a meaningful +error on the error stack (SSL_R_UNEXPECTED_EOF_WHILE_READING). This error reason +code may be used for control flow decisions (see the man page for +\&\fBERR_GET_REASON\fR\|(3) for further details on this). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: -.IP "\s-1SSL_ERROR_NONE\s0" 4 +.IP SSL_ERROR_NONE 4 .IX Item "SSL_ERROR_NONE" -The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned +The TLS/SSL I/O operation completed. This result code is returned if and only if \fBret > 0\fR. -.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IP SSL_ERROR_ZERO_RETURN 4 .IX Item "SSL_ERROR_ZERO_RETURN" -The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the +The TLS/SSL peer has closed the connection for writing by sending the close_notify alert. No more data can be read. -Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily +Note that \fBSSL_ERROR_ZERO_RETURN\fR does not necessarily indicate that the underlying transport has been closed. .Sp -This error can also appear when the option \fB\s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0\fR +This error can also appear when the option \fBSSL_OP_IGNORE_UNEXPECTED_EOF\fR is set. See \fBSSL_CTX_set_options\fR\|(3) for more details. -.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 +.IP "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" 4 .IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" The operation did not complete and can be retried later. .Sp -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read -operation from a nonblocking \fB\s-1BIO\s0\fR. +\&\fBSSL_ERROR_WANT_READ\fR is returned when the last operation was a read +operation from a nonblocking \fBBIO\fR. It means that not enough data was available at this time to complete the operation. -If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same +If at a later time the underlying \fBBIO\fR has data available for reading the same function can be called again. .Sp -\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is -still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even -for a blocking \fB\s-1BIO\s0\fR. +\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fBSSL_ERROR_WANT_READ\fR when there is +still unprocessed data available at either the \fBSSL\fR or the \fBBIO\fR layer, even +for a blocking \fBBIO\fR. See \fBSSL_read\fR\|(3) for more information. .Sp -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write -to a nonblocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. -When the \fB\s-1BIO\s0\fR is writable again, the same function can be called again. +\&\fBSSL_ERROR_WANT_WRITE\fR is returned when the last operation was a write +to a nonblocking \fBBIO\fR and it was unable to sent all data to the \fBBIO\fR. +When the \fBBIO\fR is writable again, the same function can be called again. .Sp -Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. +Note that the retry may again lead to an \fBSSL_ERROR_WANT_READ\fR or +\&\fBSSL_ERROR_WANT_WRITE\fR condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level. @@ -215,92 +142,92 @@ It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. However, if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called -again to continue sending the application data. If you get \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR +again to continue sending the application data. If you get \fBSSL_ERROR_WANT_WRITE\fR from \fBSSL_write()\fR or \fBSSL_write_ex()\fR then you should not do any other operation -that could trigger \fB\s-1IO\s0\fR other than to repeat the previous \fBSSL_write()\fR call. +that could trigger \fBIO\fR other than to repeat the previous \fBSSL_write()\fR call. .Sp -For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or +For socket \fBBIO\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or \&\fBpoll()\fR on the underlying socket can be used to find out when the -\&\s-1TLS/SSL I/O\s0 function should be retried. +TLS/SSL I/O function should be retried. .Sp -Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +Caveat: Any TLS/SSL I/O function can lead to either of +\&\fBSSL_ERROR_WANT_READ\fR and \fBSSL_ERROR_WANT_WRITE\fR. In particular, \&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data. This is mainly because -\&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by +TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes. -.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 +.IP "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" 4 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" -The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be -called again later. The underlying \s-1BIO\s0 was not connected yet to the peer -and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be +The operation did not complete; the same TLS/SSL I/O function should be +called again later. The underlying BIO was not connected yet to the peer +and the call would block in \fBconnect()\fR/\fBaccept()\fR. The SSL function should be called again when the connection is established. These messages can only -appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively. +appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR BIO, respectively. In order to find out, when the connection has been successfully established, on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor can be used. -.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IP SSL_ERROR_WANT_X509_LOOKUP 4 .IX Item "SSL_ERROR_WANT_X509_LOOKUP" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. -The \s-1TLS/SSL I/O\s0 function should be called again later. +The TLS/SSL I/O function should be called again later. Details depend on the application. -.IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 +.IP SSL_ERROR_WANT_ASYNC 4 .IX Item "SSL_ERROR_WANT_ASYNC" The operation did not complete because an asynchronous engine is still -processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 +processing data. This will only occur if the mode has been set to SSL_MODE_ASYNC using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable engine is being used. An application can determine whether the engine has completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file descriptor. This file descriptor is available by calling -\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0 +\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The TLS/SSL I/O function should be called again later. The function \fBmust\fR be called from the same thread that the original call was made from. -.IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 +.IP SSL_ERROR_WANT_ASYNC_JOB 4 .IX Item "SSL_ERROR_WANT_ASYNC_JOB" The asynchronous job could not be started because there were no async jobs available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the -mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or +mode has been set to SSL_MODE_ASYNC using \fBSSL_CTX_set_mode\fR\|(3) or \&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the operation after a currently executing asynchronous operation for the current thread has completed. -.IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 +.IP SSL_ERROR_WANT_CLIENT_HELLO_CB 4 .IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. -The \s-1TLS/SSL I/O\s0 function should be called again later. +The TLS/SSL I/O function should be called again later. Details depend on the application. -.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IP SSL_ERROR_SYSCALL 4 .IX Item "SSL_ERROR_SYSCALL" -Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +Some non\-recoverable, fatal I/O error occurred. The OpenSSL error queue may contain more information on the error. For socket I/O on Unix systems, consult \&\fBerrno\fR for details. If this error occurs then no further I/O operations should be performed on the connection and \fBSSL_shutdown()\fR must not be called. .Sp This value can also be returned for other errors, check the error queue for details. -.IP "\s-1SSL_ERROR_SSL\s0" 4 +.IP SSL_ERROR_SSL 4 .IX Item "SSL_ERROR_SSL" -A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol +A non\-recoverable, fatal error in the SSL library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error. If this error occurs then no further I/O operations should be performed on the connection and \fBSSL_shutdown()\fR must not be called. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. -The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0. +The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_extms_support.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_EXTMS_SUPPORT 3ossl" -.TH SSL_GET_EXTMS_SUPPORT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_EXTMS_SUPPORT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_extms_support \- extended master secret support -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_get_extms_support(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_extms_support()\fR indicates whether the current session used extended master secret. @@ -162,11 +87,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_fd.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_fd.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_FD 3ossl" -.TH SSL_GET_FD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_FD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,7 +74,7 @@ \& int SSL_get_rfd(const SSL *ssl); \& int SSL_get_wfd(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. \&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the @@ -159,21 +84,21 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "\-1" 4 +.IP \-1 4 .IX Item "-1" -The operation failed, because the underlying \s-1BIO\s0 is not of the correct type +The operation failed, because the underlying BIO is not of the correct type (suitable for file descriptors). -.IP ">=0" 4 +.IP >=0 4 .IX Item ">=0" The file descriptor linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERT_CHAIN 3ossl" -.TH SSL_GET_PEER_CERT_CHAIN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_PEER_CERT_CHAIN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate chain of the peer -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,31 +74,31 @@ \& STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); \& STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates +\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to STACK_OF(X509) certificates forming the certificate chain sent by the peer. If called on the client side, -the stack also contains the peer's certificate; if called on the server -side, the peer's certificate must be obtained separately using +the stack also contains the peer\*(Aqs certificate; if called on the server +side, the peer\*(Aqs certificate must be obtained separately using \&\fBSSL_get_peer_certificate\fR\|(3). -If the peer did not present a certificate, \s-1NULL\s0 is returned. +If the peer did not present a certificate, NULL is returned. .PP -\&\s-1NB:\s0 \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it +NB: \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it only consists of certificates the peer has sent (in the order the peer has sent them) it is \fBnot\fR a verified chain. .PP \&\fBSSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain -of the peer including the peer's end entity certificate. It must be called +of the peer including the peer\*(Aqs end entity certificate. It must be called after a session has been successfully established. If peer verification was not successful (as indicated by \fBSSL_get_verify_result()\fR not returning X509_V_OK) the chain may be incomplete or invalid. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer +If the session is resumed peers do not send certificates so a NULL pointer is returned by these functions. Applications can call \fBSSL_session_reused()\fR to determine whether a session is resumed. .PP -The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object +The reference count of each certificate in the returned STACK_OF(X509) object is not incremented and the returned stack may be invalidated by renegotiation. If applications wish to use any certificates in the returned chain indefinitely they must increase the reference counts using \fBX509_up_ref()\fR or @@ -181,22 +106,22 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "\s-1NULL\s0" 4 +.IP NULL 4 .IX Item "NULL" No certificate was presented by the peer or no connection was established or the certificate chain is no longer available when a session is reused. -.IP "Pointer to a \s-1STACK_OF\s0(X509)" 4 +.IP "Pointer to a STACK_OF(X509)" 4 .IX Item "Pointer to a STACK_OF(X509)" The return value points to the certificate chain presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), \fBX509_up_ref\fR\|(3), \&\fBX509_chain_up_ref\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,95 +53,43 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERTIFICATE 3ossl" -.TH SSL_GET_PEER_CERTIFICATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_PEER_CERTIFICATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_peer_certificate, SSL_get0_peer_certificate, SSL_get1_peer_certificate \- get the X509 certificate of the peer -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& X509 *SSL_get_peer_certificate(const SSL *ssl); \& X509 *SSL_get0_peer_certificate(const SSL *ssl); \& X509 *SSL_get1_peer_certificate(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.PP +The following function has been deprecated since OpenSSL 3.0, +and can be hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable +version value, see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& X509 *SSL_get_peer_certificate(const SSL *ssl); +.Ve +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions return a pointer to the X509 certificate the -peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. -.SH "NOTES" +peer presented. If the peer did not present a certificate, NULL is returned. +.SH NOTES .IX Header "NOTES" -Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a +Due to the protocol definition, a TLS/SSL server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see \&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher @@ -179,7 +111,7 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "\s-1NULL\s0" 4 +.IP NULL 4 .IX Item "NULL" No certificate was presented by the peer or no connection was established. .IP "Pointer to an X509 certificate" 4 @@ -189,15 +121,15 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_get0_peer_certificate()\fR and \fBSSL_get1_peer_certificate()\fR were added in 3.0.0. \&\fBSSL_get_peer_certificate()\fR was deprecated in 3.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_SIGNATURE_NID 3ossl" -.TH SSL_GET_PEER_SIGNATURE_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_PEER_SIGNATURE_NID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing types -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,17 +77,17 @@ \& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); \& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used -by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. +\&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the NID of the digest used +by the peer to sign TLS messages. It is implemented as a macro. .PP \&\fBSSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature -type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type -is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing -where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between -\&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check -the type of public key in the peer's certificate. +type used by the peer to sign TLS messages. Currently the signature type +is the NID of the public key type used for signing except for PSS signing +where it is \fBEVP_PKEY_RSA_PSS\fR. To differentiate between +\&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it\*(Aqs necessary to check +the type of public key in the peer\*(Aqs certificate. .PP \&\fBSSL_get_signature_nid()\fR and \fBSSL_get_signature_type_nid()\fR return the equivalent information for the local end of the connection. @@ -170,16 +95,16 @@ .IX Header "RETURN VALUES" These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it -uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or +uses RSA key exchange or is anonymous), the TLS version is below 1.2 or the functions were called too early, e.g. before the peer signed a message. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_TMP_KEY 3ossl" -.TH SSL_GET_PEER_TMP_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_PEER_TMP_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information about temporary keys used during a handshake -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,35 +75,35 @@ \& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); \& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and -used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents -the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in -\&\fB*key\fR. It is the caller's responsibility to free this key after use using +used during key exchange. For example, if ECDHE is in use, then this represents +the peer\*(Aqs public ECDHE key. On success a pointer to the key is stored in +\&\fB*key\fR. It is the caller\*(Aqs responsibility to free this key after use using \&\fBEVP_PKEY_free\fR\|(3). .PP \&\fBSSL_get_server_tmp_key()\fR is a backwards compatibility alias for \&\fBSSL_get_peer_tmp_key()\fR. Under that name it worked just on the client side of the connection, its -behaviour on the server end is release-dependent. +behaviour on the server end is release\-dependent. .PP \&\fBSSL_get_tmp_key()\fR returns the equivalent information for the local end of the connection. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 on success and 0 otherwise. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" This function is implemented as a macro. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBEVP_PKEY_free\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_PSK_IDENTITY 3ossl" -.TH SSL_GET_PSK_IDENTITY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_PSK_IDENTITY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,29 +73,29 @@ \& const char *SSL_get_psk_identity_hint(const SSL *ssl); \& const char *SSL_get_psk_identity(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint -used during the connection setup related to \s-1SSL\s0 object -\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the PSK identity hint +used during the connection setup related to SSL object +\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the PSK identity used during the connection setup. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity -hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are -\&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if -no \s-1PSK\s0 identity hint was used during the connection setup. +If non\-\fBNULL\fR, \fBSSL_get_psk_identity_hint()\fR returns the PSK identity +hint and \fBSSL_get_psk_identity()\fR returns the PSK identity. Both are +\&\fBNULL\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fBNULL\fR if +no PSK identity hint was used during the connection setup. .PP Note that the return value is valid only during the lifetime of the -\&\s-1SSL\s0 object \fBssl\fR. +SSL object \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_rbio.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_rbio.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_RBIO 3ossl" -.TH SSL_GET_RBIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_RBIO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,28 +73,28 @@ \& BIO *SSL_get_rbio(SSL *ssl); \& BIO *SSL_get_wbio(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the read or the write channel, which can be different. The reference count -of the \s-1BIO\s0 is not incremented. +of the BIO is not incremented. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "\s-1NULL\s0" 4 +.IP NULL 4 .IX Item "NULL" -No \s-1BIO\s0 was connected to the \s-1SSL\s0 object +No BIO was connected to the SSL object .IP "Any other pointer" 4 .IX Item "Any other pointer" -The \s-1BIO\s0 linked to \fBssl\fR. +The BIO linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_session.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_session.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_SESSION 3ossl" -.TH SSL_GET_SESSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_SESSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,28 +74,28 @@ \& SSL_SESSION *SSL_get0_session(const SSL *ssl); \& SSL_SESSION *SSL_get1_session(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in -\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so +\&\fBSSL_get_session()\fR returns a pointer to the \fBSSL_SESSION\fR actually used in +\&\fBssl\fR. The reference count of the \fBSSL_SESSION\fR is not incremented, so that the pointer can become invalid by other operations. .PP \&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR. .PP \&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference -count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. -.SH "NOTES" +count of the \fBSSL_SESSION\fR is incremented by one. +.SH NOTES .IX Header "NOTES" -The ssl session contains all information required to re-establish the -connection without a full handshake for \s-1SSL\s0 versions up to and including +The ssl session contains all information required to re\-establish the +connection without a full handshake for SSL versions up to and including TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the main handshake has occurred. The server will send the session information to the client at a time of its choosing, which may be some while after the initial connection is established (or never). Calling these functions on the client side in TLSv1.3 before the session has been established will still return an -\&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See +SSL_SESSION object but that object cannot be used for resuming the session. See \&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an -\&\s-1SSL_SESSION\s0 object can be used for resumption or not. +SSL_SESSION object can be used for resumption or not. .PP Additionally, in TLSv1.3, a server can send multiple messages that establish a session for a single connection. In that case, on the client side, the above @@ -179,20 +104,20 @@ sent, or if no session tickets were sent then the session for the current connection. .PP -The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is +The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3). The new session callback is only invoked when a session is actually established, so this avoids the problem described above where an application obtains an -\&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also +SSL_SESSION object that cannot be used for resumption in TLSv1.3. It also enables applications to obtain information about all sessions sent by the server. .PP A session will be automatically removed from the session cache and marked as -non-resumable if the connection is not closed down cleanly, e.g. if a fatal +non\-resumable if the connection is not closed down cleanly, e.g. if a fatal error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to \&\fBSSL_free\fR\|(3). .PP -In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +In TLSv1.3 it is recommended that each SSL_SESSION object is only used for resumption once. .PP \&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the @@ -209,30 +134,30 @@ \&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once to decrement the reference count again. .PP -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). +SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object\*(Aqs session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "\s-1NULL\s0" 4 +.IP NULL 4 .IX Item "NULL" There is no session available in \fBssl\fR. -.IP "Pointer to an \s-1SSL_SESSION\s0" 4 +.IP "Pointer to an SSL_SESSION" 4 .IX Item "Pointer to an SSL_SESSION" -The return value points to the data of an \s-1SSL\s0 session. +The return value points to the data of an SSL session. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_free\fR\|(3), \&\fBSSL_clear\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_SHARED_SIGALGS 3ossl" -.TH SSL_GET_SHARED_SIGALGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_SHARED_SIGALGS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,13 +78,13 @@ \& int *psign, int *phash, int *psignhash, \& unsigned char *rsig, unsigned char *rhash); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_shared_sigalgs()\fR returns information about the shared signature algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index of the shared signature algorithm to return starting from zero. The signature -algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the -sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values +algorithm NID is written to \fB*psign\fR, the hash NID to \fB*phash\fR and the +sign and hash NID to \fB*psignhash\fR. The raw signature and hash values are written to \fB*rsig\fR and \fB*rhash\fR. .PP \&\fBSSL_get_sigalgs()\fR is similar to \fBSSL_get_shared_sigalgs()\fR except it returns @@ -169,10 +94,10 @@ .IX Header "RETURN VALUES" \&\fBSSL_get_shared_sigalgs()\fR and \fBSSL_get_sigalgs()\fR return the number of signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions are typically called for debugging purposes (to report -the peer's preferences) or where an application wants finer control over +the peer\*(Aqs preferences) or where an application wants finer control over certificate selection. Most applications will rely on internal handling and will not need to call them. .PP @@ -180,8 +105,8 @@ signature algorithm it can just set \fBidx\fR to zero. .PP Any or all of the parameters \fBpsign\fR, \fBphash\fR, \fBpsignhash\fR, \fBrsig\fR or -\&\fBrhash\fR can be set to \fB\s-1NULL\s0\fR if the value is not required. By setting -them all to \fB\s-1NULL\s0\fR and setting \fBidx\fR to zero the total number of +\&\fBrhash\fR can be set to \fBNULL\fR if the value is not required. By setting +them all to \fBNULL\fR and setting \fBidx\fR to zero the total number of signature algorithms can be determined: which can be zero. .PP These functions must be called after the peer has sent a list of supported @@ -189,31 +114,31 @@ request (for clients). They can (for example) be called in the certificate callback. .PP -Only \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 currently support signature algorithms. +Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms. If these -functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. +functions are called on an earlier version of TLS or DTLS zero is returned. .PP The shared signature algorithms returned by \fBSSL_get_shared_sigalgs()\fR are ordered according to configuration and peer preferences. .PP -The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. +The raw values correspond to the on the wire form as defined by RFC5246 et al. The NIDs are OpenSSL equivalents. For example if the peer sent \fBsha256\fR\|(4) and \&\fBrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR -NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. +NID_rsaEncryption and \fB*psignhash\fR NID_sha256WithRSAEncryption. .PP If a signature algorithm is not recognised the corresponding NIDs will be set to \fBNID_undef\fR. This may be because the value is not supported, -is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the +is not an appropriate combination (for example MD5 and DSA) or the signature algorithm does not use a hash (for example Ed25519). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_cert_cb\fR\|(3), \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_verify_result.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,89 +53,30 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_VERIFY_RESULT 3ossl" -.TH SSL_GET_VERIFY_RESULT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_VERIFY_RESULT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_get_verify_result \- get result of peer certificate verification -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_get_verify_result(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_get_verify_result()\fR returns the result of the verification of the X509 certificate presented by the peer, if any. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBSSL_get_verify_result()\fR can only return one error code while the verification of a certificate can fail because of many reasons at the same time. Only @@ -167,7 +92,7 @@ .PP The verification result is part of the established session and is restored when a session is reused. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however @@ -176,7 +101,7 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: -.IP "X509_V_OK" 4 +.IP X509_V_OK 4 .IX Item "X509_V_OK" The verification succeeded or no peer certificate was presented. .IP "Any other value" 4 @@ -187,11 +112,11 @@ \&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3), \&\fBSSL_get_peer_certificate\fR\|(3), \&\fBopenssl\-verify\fR\|(1) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_get_version.3.orig +++ secure/lib/libcrypto/man/man3/SSL_get_version.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GET_VERSION 3ossl" -.TH SSL_GET_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GET_VERSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protocol information of a connection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,69 +79,69 @@ \& \& int SSL_version(const SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_client_version()\fR returns the numeric protocol version advertised by the client in the legacy_version field of the ClientHello when initiating the -connection. Note that, for \s-1TLS,\s0 this value will never indicate a version greater +connection. Note that, for TLS, this value will never indicate a version greater than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fBSSL_get_version()\fR returns the name of the protocol used for the connection. \fBSSL_version()\fR returns the numeric protocol version used for the connection. They should only be called after the initial handshake has been completed. Prior to that the results returned from these functions may be unreliable. .PP -\&\fBSSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not. +\&\fBSSL_is_dtls()\fR returns one if the connection is using DTLS, zero if not. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_get_version()\fR returns one of the following strings: -.IP "SSLv3" 4 +.IP SSLv3 4 .IX Item "SSLv3" The connection uses the SSLv3 protocol. -.IP "TLSv1" 4 +.IP TLSv1 4 .IX Item "TLSv1" The connection uses the TLSv1.0 protocol. -.IP "TLSv1.1" 4 +.IP TLSv1.1 4 .IX Item "TLSv1.1" The connection uses the TLSv1.1 protocol. -.IP "TLSv1.2" 4 +.IP TLSv1.2 4 .IX Item "TLSv1.2" The connection uses the TLSv1.2 protocol. -.IP "TLSv1.3" 4 +.IP TLSv1.3 4 .IX Item "TLSv1.3" The connection uses the TLSv1.3 protocol. -.IP "unknown" 4 +.IP unknown 4 .IX Item "unknown" This indicates an unknown protocol version. .PP \&\fBSSL_version()\fR and \fBSSL_client_version()\fR return an integer which could include any of the following: -.IP "\s-1SSL3_VERSION\s0" 4 +.IP SSL3_VERSION 4 .IX Item "SSL3_VERSION" The connection uses the SSLv3 protocol. -.IP "\s-1TLS1_VERSION\s0" 4 +.IP TLS1_VERSION 4 .IX Item "TLS1_VERSION" The connection uses the TLSv1.0 protocol. -.IP "\s-1TLS1_1_VERSION\s0" 4 +.IP TLS1_1_VERSION 4 .IX Item "TLS1_1_VERSION" The connection uses the TLSv1.1 protocol. -.IP "\s-1TLS1_2_VERSION\s0" 4 +.IP TLS1_2_VERSION 4 .IX Item "TLS1_2_VERSION" The connection uses the TLSv1.2 protocol. -.IP "\s-1TLS1_3_VERSION\s0" 4 +.IP TLS1_3_VERSION 4 .IX Item "TLS1_3_VERSION" The connection uses the TLSv1.3 protocol (never returned for \&\fBSSL_client_version()\fR). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_group_to_name.3.orig +++ secure/lib/libcrypto/man/man3/SSL_group_to_name.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,107 +53,48 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_GROUP_TO_NAME 3ossl" -.TH SSL_GROUP_TO_NAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_GROUP_TO_NAME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_group_to_name \- get name of group -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const char *SSL_group_to_name(const SSL *ssl, int id); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_group_to_name()\fR is used to retrieve the \s-1TLS\s0 group name -associated with a given \s-1TLS\s0 group \s-1ID,\s0 as registered via built-in +\&\fBSSL_group_to_name()\fR is used to retrieve the TLS group name +associated with a given TLS group ID, as registered via built\-in or external providers and as returned by a call to \fBSSL_get1_groups()\fR or \fBSSL_get_shared_group()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If non-NULL, \fBSSL_group_to_name()\fR returns the \s-1TLS\s0 group name -corresponding to the given \fIid\fR as a NUL-terminated string. -If \fBSSL_group_to_name()\fR returns \s-1NULL,\s0 an error occurred; possibly no +If non\-NULL, \fBSSL_group_to_name()\fR returns the TLS group name +corresponding to the given \fIid\fR as a NUL\-terminated string. +If \fBSSL_group_to_name()\fR returns NULL, an error occurred; possibly no corresponding tlsname was registered during provider initialisation. .PP Note that the return value is valid only during the lifetime of the -\&\s-1SSL\s0 object \fIssl\fR. +SSL object \fIssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_in_init.3.orig +++ secure/lib/libcrypto/man/man3/SSL_in_init.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_IN_INIT 3ossl" -.TH SSL_IN_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_IN_INIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_in_before, SSL_in_init, SSL_is_init_finished, @@ -146,7 +71,7 @@ SSL_in_accept_init, SSL_get_state \&\- retrieve information about the handshake state machine -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -160,15 +85,15 @@ \& \& OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or +\&\fBSSL_in_init()\fR returns 1 if the SSL/TLS state machine is currently processing or awaiting handshake messages, or 0 otherwise. .PP -\&\fBSSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 +\&\fBSSL_in_before()\fR returns 1 if no SSL/TLS handshake has yet been initiated, or 0 otherwise. .PP -\&\fBSSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where +\&\fBSSL_is_init_finished()\fR returns 1 if the SSL/TLS connection is in a state where fully protected application data can be transferred or 0 otherwise. .PP Note that in some circumstances (such as when early data is being transferred) @@ -183,34 +108,34 @@ \&\fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR are implemented as macros. .PP \&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake -state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value +state machine. OSSL_HANDSHAKE_STATE is an enumerated type where each value indicates a discrete state machine state. Note that future versions of OpenSSL may define more states so applications should expect to receive unrecognised state values. The naming format is made up of a number of elements as follows: .PP \&\fBprotocol\fR_ST_\fBrole\fR_\fBmessage\fR .PP -\&\fBprotocol\fR is one of \s-1TLS\s0 or \s-1DTLS. DTLS\s0 is used where a state is specific to the -\&\s-1DTLS\s0 protocol. Otherwise \s-1TLS\s0 is used. +\&\fBprotocol\fR is one of TLS or DTLS. DTLS is used where a state is specific to the +DTLS protocol. Otherwise TLS is used. .PP -\&\fBrole\fR is one of \s-1CR, CW, SR\s0 or \s-1SW\s0 to indicate \*(L"client reading\*(R", -\&\*(L"client writing\*(R", \*(L"server reading\*(R" or \*(L"server writing\*(R" respectively. +\&\fBrole\fR is one of CR, CW, SR or SW to indicate "client reading", +"client writing", "server reading" or "server writing" respectively. .PP \&\fBmessage\fR is the name of a handshake message that is being or has been sent, or is being or has been processed. .PP Additionally there are some special states that do not conform to the above format. These are: -.IP "\s-1TLS_ST_BEFORE\s0" 4 +.IP TLS_ST_BEFORE 4 .IX Item "TLS_ST_BEFORE" No handshake messages have yet been been sent or received. -.IP "\s-1TLS_ST_OK\s0" 4 +.IP TLS_ST_OK 4 .IX Item "TLS_ST_OK" Handshake message sending/processing has completed. -.IP "\s-1TLS_ST_EARLY_DATA\s0" 4 +.IP TLS_ST_EARLY_DATA 4 .IX Item "TLS_ST_EARLY_DATA" Early data is being processed -.IP "\s-1TLS_ST_PENDING_EARLY_DATA_END\s0" 4 +.IP TLS_ST_PENDING_EARLY_DATA_END 4 .IX Item "TLS_ST_PENDING_EARLY_DATA_END" Awaiting the end of early data processing .SH "RETURN VALUES" @@ -223,11 +148,11 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_read_early_data\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_key_update.3.orig +++ secure/lib/libcrypto/man/man3/SSL_key_update.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_KEY_UPDATE 3ossl" -.TH SSL_KEY_UPDATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_KEY_UPDATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending \&\- initiate and obtain information about updating connection keys -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,27 +82,27 @@ \& int SSL_renegotiate_abbreviated(SSL *s); \& int SSL_renegotiate_pending(const SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. -If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then +\&\fBSSL_key_update()\fR schedules an update of the keys for the current TLS connection. +If the \fBupdatetype\fR parameter is set to \fBSSL_KEY_UPDATE_NOT_REQUESTED\fR then the sending keys for this connection will be updated and the peer will be informed of the change. If the \fBupdatetype\fR parameter is set to -\&\fB\s-1SSL_KEY_UPDATE_REQUESTED\s0\fR then the sending keys for this connection will be +\&\fBSSL_KEY_UPDATE_REQUESTED\fR then the sending keys for this connection will be updated and the peer will be informed of the change along with a request for the peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is -set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. +set to \fBSSL_KEY_UPDATE_NONE\fR. .PP \&\fBSSL_key_update()\fR must only be called after the initial handshake has been completed and TLSv1.3 has been negotiated, at the same time, the application needs to ensure that the writing of data has been completed. The key update -will not take place until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR +will not take place until the next time an IO operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to force the update to take place immediately. .PP \&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update operation has been scheduled but not yet performed. The type of the pending key -update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 +update operation will be returned if there is one, or SSL_KEY_UPDATE_NONE otherwise. .PP \&\fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR should only be called for @@ -185,12 +110,14 @@ connection will result in an error. .PP When called from the client side, \fBSSL_renegotiate()\fR schedules a completely new -handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation +handshake over an existing SSL/TLS connection. The next time an IO operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection a check will be performed to confirm that it is a suitable time to start a renegotiation. If so, then it will be initiated immediately. OpenSSL will not attempt to resume any session associated with the connection in the new -handshake. +handshake. Note that some servers will respond to reneogitation attempts with +a "no_renegotiation" alert. An OpenSSL will immediately fail the connection in +this case. .PP When called from the client side, \fBSSL_renegotiate_abbreviated()\fR works in the same was as \fBSSL_renegotiate()\fR except that OpenSSL will attempt to resume the @@ -198,17 +125,17 @@ .PP When called from the server side, \fBSSL_renegotiate()\fR and \&\fBSSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request -for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is +for a new handshake to be sent to the client. The next time an IO operation is performed then the same checks as on the client side are performed and then, if appropriate, the request is sent. The client may or may not respond with a new handshake and it may or may not attempt to resume an existing session. If a new handshake is started then this will be handled transparently by calling -any OpenSSL \s-1IO\s0 function. +any OpenSSL IO function. .PP If an OpenSSL client receives a renegotiation request from a server then again -this will be handled transparently through calling any OpenSSL \s-1IO\s0 function. For -a \s-1TLS\s0 connection the client will attempt to resume the current session in the -new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume +this will be handled transparently through calling any OpenSSL IO function. For +a TLS connection the client will attempt to resume the current session in the +new handshake. For historical reasons, DTLS clients will not attempt to resume the session in the new handshake. .PP The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or @@ -219,7 +146,7 @@ on success or 0 on error. .PP \&\fBSSL_get_key_update_type()\fR returns the update type of the pending key update -operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. +operation or SSL_KEY_UPDATE_NONE if there is none. .PP \&\fBSSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise. @@ -228,15 +155,15 @@ \&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \&\fBSSL_write_ex\fR\|(3), \&\fBSSL_do_handshake\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_library_init.3.orig +++ secure/lib/libcrypto/man/man3/SSL_library_init.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_LIBRARY_INIT 3ossl" -.TH SSL_LIBRARY_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_LIBRARY_INIT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by registering algorithms -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,37 +75,37 @@ \& \& int OpenSSL_add_ssl_algorithms(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. +\&\fBSSL_library_init()\fR registers the available SSL/TLS ciphers and digests. .PP \&\fBOpenSSL_add_ssl_algorithms()\fR is a synonym for \fBSSL_library_init()\fR and is implemented as a macro. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBSSL_library_init()\fR must be called before any other action takes place. \&\fBSSL_library_init()\fR is not reentrant. -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" \&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by -\&\s-1SSL/TLS.\s0 +SSL/TLS. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +\&\fBSSL_library_init()\fR always returns "1", so it is safe to discard the return value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBRAND_add\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3.orig +++ secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_LOAD_CLIENT_CA_FILE 3ossl" -.TH SSL_LOAD_CLIENT_CA_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_LOAD_CLIENT_CA_FILE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_load_client_CA_file_ex, SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack, SSL_add_store_cert_subjects_to_stack \&\- load certificate names -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,14 +86,14 @@ \& int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, \& const char *store); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_load_client_CA_file_ex()\fR reads certificates from \fIfile\fR and returns -a \s-1STACK_OF\s0(X509_NAME) with the subject names found. The library context \fIlibctx\fR +a STACK_OF(X509_NAME) with the subject names found. The library context \fIlibctx\fR and property query \fIpropq\fR are used when fetching algorithms from providers. .PP \&\fBSSL_load_client_CA_file()\fR is similar to \fBSSL_load_client_CA_file_ex()\fR -but uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +but uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP \&\fBSSL_add_file_cert_subjects_to_stack()\fR reads certificates from \fIfile\fR, and adds their subject name to the already existing \fIstack\fR. @@ -178,27 +103,37 @@ already existing \fIstack\fR. .PP \&\fBSSL_add_store_cert_subjects_to_stack()\fR loads certificates from the -\&\fIstore\fR \s-1URI,\s0 and adds their subject name to the already existing +\&\fIstore\fR URI, and adds their subject name to the already existing \&\fIstack\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +\&\fBSSL_load_client_CA_file()\fR reads a file of PEM formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for \&\fBSSL_CTX_set_client_CA_list\fR\|(3), -it is not limited to \s-1CA\s0 certificates. +it is not limited to CA certificates. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following return values can occur: -.IP "\s-1NULL\s0" 4 +The following return values can occur for \fBSSL_load_client_CA_file_ex()\fR, and +\&\fBSSL_load_client_CA_file()\fR: +.IP NULL 4 .IX Item "NULL" The operation failed, check out the error stack for the reason. -.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 +.IP "Pointer to STACK_OF(X509_NAME)" 4 .IX Item "Pointer to STACK_OF(X509_NAME)" Pointer to the subject names of the successfully read certificates. -.SH "EXAMPLES" +.PP +The following return values can occur for \fBSSL_add_file_cert_subjects_to_stack()\fR, +\&\fBSSL_add_dir_cert_subjects_to_stack()\fR, and \fBSSL_add_store_cert_subjects_to_stack()\fR: +.IP "0 (Failure)" 4 +.IX Item "0 (Failure)" +The operation failed. +.IP "1 (Success)" 4 +.IX Item "1 (Success)" +The operation succeeded. +.SH EXAMPLES .IX Header "EXAMPLES" -Load names of CAs from file and use it as a client \s-1CA\s0 list: +Load names of CAs from file and use it as a client CA list: .PP .Vb 2 \& SSL_CTX *ctx; @@ -217,15 +152,15 @@ \&\fBssl\fR\|(7), \&\fBossl_store\fR\|(7), \&\fBSSL_CTX_set_client_CA_list\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_load_client_CA_file_ex()\fR and \fBSSL_add_store_cert_subjects_to_stack()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_new.3.orig +++ secure/lib/libcrypto/man/man3/SSL_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_NEW 3ossl" -.TH SSL_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,29 +74,29 @@ \& SSL *SSL_new(SSL_CTX *ctx); \& int SSL_up_ref(SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the -data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings +\&\fBSSL_new()\fR creates a new \fBSSL\fR structure which is needed to hold the +data for a TLS/SSL connection. The new structure inherits the settings of the underlying context \fBctx\fR: connection method, -options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is -reference counted. Creating an \fB\s-1SSL\s0\fR structure for the first time increments +options, verification settings, timeout settings. An \fBSSL\fR structure is +reference counted. Creating an \fBSSL\fR structure for the first time increments the reference count. Freeing it (using SSL_free) decrements it. When the -reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR +reference count drops to zero, any memory or resources allocated to the \fBSSL\fR structure are freed. .PP \&\fBSSL_up_ref()\fR increments the reference count for an -existing \fB\s-1SSL\s0\fR structure. +existing \fBSSL\fR structure. .PP -The function \fBSSL_dup()\fR creates and returns a new \fB\s-1SSL\s0\fR structure from the same -\&\fB\s-1SSL_CTX\s0\fR that was used to create \fIs\fR. It additionally duplicates a subset of -the settings in \fIs\fR into the new \fB\s-1SSL\s0\fR object. +The function \fBSSL_dup()\fR creates and returns a new \fBSSL\fR structure from the same +\&\fBSSL_CTX\fR that was used to create \fIs\fR. It additionally duplicates a subset of +the settings in \fIs\fR into the new \fBSSL\fR object. .PP -For \fBSSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state and -\&\s-1MUST NOT\s0 have yet started the \s-1SSL\s0 handshake. For connections that are not in +For \fBSSL_dup()\fR to work, the connection MUST be in its initial state and +MUST NOT have yet started the SSL handshake. For connections that are not in their initial state \fBSSL_dup()\fR just increments an internal reference count and returns the \fIsame\fR handle. It may be possible to -use \fBSSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle that is not in its initial +use \fBSSL_clear\fR\|(3) to recycle an SSL handle that is not in its initial state for reuse, but this is best avoided. Instead, save and restore the session, if desired, and construct a fresh handle for each connection. .PP @@ -185,7 +110,7 @@ .IX Item "any configured certificates, private keys or certificate chains" .IP "any configured signature algorithms, or client signature algorithms" 4 .IX Item "any configured signature algorithms, or client signature algorithms" -.IP "any \s-1DANE\s0 settings" 4 +.IP "any DANE settings" 4 .IX Item "any DANE settings" .IP "any Options set via \fBSSL_set_options\fR\|(3)" 4 .IX Item "any Options set via SSL_set_options" @@ -211,13 +136,13 @@ .IX Item "the read_ahead value set via SSL_set_read_ahead" .IP "application specific data set via \fBSSL_set_ex_data\fR\|(3)" 4 .IX Item "application specific data set via SSL_set_ex_data" -.IP "any \s-1CA\s0 list or client \s-1CA\s0 list set via \fBSSL_set0_CA_list\fR\|(3), \fBSSL_set0_client_CA_list()\fR or similar functions" 4 +.IP "any CA list or client CA list set via \fBSSL_set0_CA_list\fR\|(3), \fBSSL_set0_client_CA_list()\fR or similar functions" 4 .IX Item "any CA list or client CA list set via SSL_set0_CA_list, SSL_set0_client_CA_list() or similar functions" .IP "any security level settings or callbacks" 4 .IX Item "any security level settings or callbacks" .IP "any configured serverinfo data" 4 .IX Item "any configured serverinfo data" -.IP "any configured \s-1PSK\s0 identity hint" 4 +.IP "any configured PSK identity hint" 4 .IX Item "any configured PSK identity hint" .IP "any configured custom extensions" 4 .IX Item "any configured custom extensions" @@ -227,13 +152,13 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "\s-1NULL\s0" 4 +.IP NULL 4 .IX Item "NULL" -The creation of a new \s-1SSL\s0 structure failed. Check the error stack to +The creation of a new SSL structure failed. Check the error stack to find out the reason. -.IP "Pointer to an \s-1SSL\s0 structure" 4 +.IP "Pointer to an SSL structure" 4 .IX Item "Pointer to an SSL structure" -The return value points to an allocated \s-1SSL\s0 structure. +The return value points to an allocated SSL structure. .Sp \&\fBSSL_up_ref()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" @@ -242,11 +167,11 @@ \&\fBSSL_CTX_set_options\fR\|(3), \&\fBSSL_get_SSL_CTX\fR\|(3), \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_pending.3.orig +++ secure/lib/libcrypto/man/man3/SSL_pending.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_PENDING 3ossl" -.TH SSL_PENDING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_PENDING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,7 +74,7 @@ \& int SSL_pending(const SSL *ssl); \& int SSL_has_pending(const SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Data is received in whole blocks known as records from the peer. A whole record is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is @@ -158,14 +83,14 @@ \&\fBSSL_pending()\fR returns the number of bytes which have been processed, buffered and are available inside \fBssl\fR for immediate read. .PP -If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see +If the \fBSSL\fR object\*(Aqs \fIread_ahead\fR flag is set (see \&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current -record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to -\&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These +record) may have been read containing more TLS/SSL records. This also applies to +DTLS and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR will ignore them. Therefore, it is possible for no more bytes to be readable from -the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR +the underlying BIO (because OpenSSL has already read them) and for \fBSSL_pending()\fR to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records). .PP @@ -182,19 +107,19 @@ .IX Header "RETURN VALUES" \&\fBSSL_pending()\fR returns the number of buffered and processed application data bytes that are pending and are available for immediate read. \fBSSL_has_pending()\fR -returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. +returns 1 if there is buffered record data in the SSL object and 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_CTX_set_read_ahead\fR\|(3), \&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_read.3.orig +++ secure/lib/libcrypto/man/man3/SSL_read.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_READ 3ossl" -.TH SSL_READ 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_READ 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL connection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,77 +77,77 @@ \& int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); \& int SSL_peek(SSL *ssl, void *buf, int num); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_read_ex()\fR and \fBSSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR into the buffer \fBbuf\fR. On success \fBSSL_read_ex()\fR will store the number of bytes actually read in \fB*readbytes\fR. .PP \&\fBSSL_peek_ex()\fR and \fBSSL_peek()\fR are identical to \fBSSL_read_ex()\fR and \fBSSL_read()\fR -respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during +respectively except no bytes are actually removed from the underlying BIO during the read, so that a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR will yield at least the same bytes. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -In the paragraphs below a \*(L"read function\*(R" is defined as one of \fBSSL_read_ex()\fR, +In the paragraphs below a "read function" is defined as one of \fBSSL_read_ex()\fR, \&\fBSSL_read()\fR, \fBSSL_peek_ex()\fR or \fBSSL_peek()\fR. .PP -If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already +If necessary, a read function will negotiate a TLS/SSL session, if not already explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the -peer requests a re-negotiation, it will be performed transparently during +peer requests a re\-negotiation, it will be performed transparently during the read function operation. The behaviour of the read functions depends on the -underlying \s-1BIO.\s0 +underlying BIO. .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling \&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first invocation of a read function. .PP -The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in +The read functions work based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). Therefore, data that was not retrieved at the last read call can still be -buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read +buffered inside the SSL layer and will be retrieved on the next read call. If \fBnum\fR is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the buffer, the read functions will trigger the processing of the next record. Only when the record has been received and processed completely will the read functions return reporting success. At most the contents of one record will -be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size -of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several +be returned. As the size of an SSL/TLS record may exceed the maximum packet size +of the underlying transport (e.g. TCP), it may be necessary to read several packets from the transport layer before the record is complete and the read call can succeed. .PP -If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application data +If \fBSSL_MODE_AUTO_RETRY\fR has been switched off and a non\-application data record has been processed, the read function can return and set the error to -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. -In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. +\&\fBSSL_ERROR_WANT_READ\fR. +In this case there might still be unprocessed data available in the \fBBIO\fR. If read ahead was set using \fBSSL_CTX_set_read_ahead\fR\|(3), there might also still -be unprocessed data available in the \fB\s-1SSL\s0\fR. +be unprocessed data available in the \fBSSL\fR. This behaviour can be controlled using the \fBSSL_CTX_set_mode\fR\|(3) call. .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the +If the underlying BIO is \fBblocking\fR, a read function will only return once the read operation has been finished or an error occurred, except when a -non-application data record has been processed and \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is +non\-application data record has been processed and \fBSSL_MODE_AUTO_RETRY\fR is not set. -Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is +Note that if \fBSSL_MODE_AUTO_RETRY\fR is set and only non\-application data is available the call will hang. .PP -If the underlying \s-1BIO\s0 is \fBnonblocking\fR, a read function will also return when -the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the +If the underlying BIO is \fBnonblocking\fR, a read function will also return when +the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the -return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. -As at any time it's possible that non-application data needs to be sent, +return value of the read function will yield \fBSSL_ERROR_WANT_READ\fR or +\&\fBSSL_ERROR_WANT_WRITE\fR. +As at any time it\*(Aqs possible that non\-application data needs to be sent, a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. -The action depends on the underlying \s-1BIO.\s0 +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. -When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or -retrieved out of the \s-1BIO\s0 before being able to continue. +When using a buffering BIO, like a BIO pair, data must be written into or +retrieved out of the BIO before being able to continue. .PP \&\fBSSL_pending\fR\|(3) can be used to find out whether there are buffered bytes available for immediate retrieval. @@ -231,11 +156,11 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR will return 1 for success or 0 for failure. -Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 +Success means that 1 or more application data bytes have been read from the SSL connection. -Failure means that no bytes could be read from the \s-1SSL\s0 connection. +Failure means that no bytes could be read from the SSL connection. Failures can be retryable (e.g. we are waiting for more bytes to -be delivered by the network) or non-retryable (e.g. a fatal network error). +be delivered by the network) or non\-retryable (e.g. a fatal network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which indicates whether the call is retryable or not. .PP @@ -243,7 +168,7 @@ .IP "> 0" 4 .IX Item "> 0" The read operation was successful. -The return value is the number of bytes actually read from the \s-1TLS/SSL\s0 +The return value is the number of bytes actually read from the TLS/SSL connection. .IP "<= 0" 4 .IX Item "<= 0" @@ -253,7 +178,7 @@ .Sp Old documentation indicated a difference between 0 and \-1, and that \-1 was retryable. -You should instead call \fBSSL_get_error()\fR to find out if it's retryable. +You should instead call \fBSSL_get_error()\fR to find out if it\*(Aqs retryable. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_write_ex\fR\|(3), @@ -263,14 +188,14 @@ \&\fBSSL_pending\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), \&\fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_read_early_data.3.orig +++ secure/lib/libcrypto/man/man3/SSL_read_early_data.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_READ_EARLY_DATA 3ossl" -.TH SSL_READ_EARLY_DATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_READ_EARLY_DATA 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, @@ -156,7 +81,7 @@ SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb \&\- functions for sending and receiving early data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -190,26 +115,26 @@ \& SSL_allow_early_data_cb_fn cb, \& void *arg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. Early data can be sent if a session has previously been established with the -server or when establishing a new session using an out-of-band \s-1PSK,\s0 and only +server or when establishing a new session using an out\-of\-band PSK, and only when the server is known to support it. Additionally these functions can be used to send data from the server to the client when the client has not yet completed the authentication stage of the handshake. .PP -Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 +Early data has weaker security properties than other data sent over an SSL/TLS connection. In particular the data does not have forward secrecy. There are also -additional considerations around replay attacks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 +additional considerations around replay attacks (see "REPLAY PROTECTION" below). For these reasons extreme care should be exercised when using early -data. For specific details, consult the \s-1TLS 1.3\s0 specification. +data. For specific details, consult the TLS 1.3 specification. .PP When a server receives early data it may opt to immediately respond by sending application data back to the client. Data sent by the server at this stage is -done before the full handshake has been completed. Specifically the client's +done before the full handshake has been completed. Specifically the client\*(Aqs authentication messages have not yet been received, i.e. the client is unauthenticated at this point and care should be taken when using this capability. @@ -224,8 +149,8 @@ .PP The function \fBSSL_SESSION_set_max_early_data()\fR sets the maximum number of early data bytes that can be sent for a session. This would typically be used when -creating a \s-1PSK\s0 session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If -using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by +creating a PSK session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If +using a ticket based PSK then this is set automatically to the value provided by the server. .PP A client uses the function \fBSSL_write_early_data()\fR to send early data. This @@ -235,7 +160,7 @@ page describes the differences between \fBSSL_write_early_data()\fR and \&\fBSSL_write_ex\fR\|(3). .PP -When called by a client, \fBSSL_write_early_data()\fR must be the first \s-1IO\s0 function +When called by a client, \fBSSL_write_early_data()\fR must be the first IO function called on a new connection, i.e. it must occur before any calls to \&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_connect\fR\|(3), \fBSSL_do_handshake\fR\|(3) or other similar functions. It may be called multiple times to stream data to @@ -257,14 +182,14 @@ A server may choose to ignore early data that has been sent to it. Once the connection has been completed you can determine whether the server accepted or rejected the early data by calling \fBSSL_get_early_data_status()\fR. This will return -\&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it -was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function +SSL_EARLY_DATA_ACCEPTED if the data was accepted, SSL_EARLY_DATA_REJECTED if it +was rejected or SSL_EARLY_DATA_NOT_SENT if no early data was sent. This function may be called by either the client or the server. .PP A server uses the \fBSSL_read_early_data()\fR function to receive early data on a connection for which early data has been enabled using \&\fBSSL_CTX_set_max_early_data()\fR or \fBSSL_set_max_early_data()\fR. As for -\&\fBSSL_write_early_data()\fR, this must be the first \s-1IO\s0 function +\&\fBSSL_write_early_data()\fR, this must be the first IO function called on a connection, i.e. it must occur before any calls to \&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_accept\fR\|(3), \fBSSL_do_handshake\fR\|(3), or other similar functions. @@ -273,26 +198,26 @@ differences. Refer to \fBSSL_read_ex\fR\|(3) for full details. .PP \&\fBSSL_read_early_data()\fR may return 3 possible values: -.IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 +.IP SSL_READ_EARLY_DATA_ERROR 4 .IX Item "SSL_READ_EARLY_DATA_ERROR" -This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the +This indicates an IO or some other error occurred. This should be treated in the same way as a 0 return value from \fBSSL_read_ex\fR\|(3). -.IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 +.IP SSL_READ_EARLY_DATA_SUCCESS 4 .IX Item "SSL_READ_EARLY_DATA_SUCCESS" This indicates that early data was successfully read. This should be treated in the same way as a 1 return value from \fBSSL_read_ex\fR\|(3). You should continue to call \fBSSL_read_early_data()\fR to read more data. -.IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 +.IP SSL_READ_EARLY_DATA_FINISH 4 .IX Item "SSL_READ_EARLY_DATA_FINISH" This indicates that no more early data can be read. It may be returned on the first call to \fBSSL_read_early_data()\fR if the client has not sent any early data, or if the early data was rejected. .PP Once the initial \fBSSL_read_early_data()\fR call has completed successfully (i.e. it -has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the +has returned SSL_READ_EARLY_DATA_SUCCESS or SSL_READ_EARLY_DATA_FINISH) then the server may choose to write data immediately to the unauthenticated client using \&\fBSSL_write_early_data()\fR. If \fBSSL_read_early_data()\fR returned -\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only +SSL_READ_EARLY_DATA_FINISH then in some situations (e.g. if the client only supports TLSv1.2) the handshake may have already been completed and calls to \fBSSL_write_early_data()\fR are not allowed. Call \fBSSL_is_init_finished\fR\|(3) to determine whether the handshake has completed or not. If the handshake is still @@ -301,13 +226,13 @@ .PP Servers must not call \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or \&\fBSSL_write\fR\|(3) until \fBSSL_read_early_data()\fR has returned with -\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 Once it has done so the connection to the client +SSL_READ_EARLY_DATA_FINISH. Once it has done so the connection to the client still needs to be completed. Complete the connection by calling a function such as \fBSSL_accept\fR\|(3) or \fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard read function such as \fBSSL_read_ex\fR\|(3), which will transparently complete the connection and read the requested data. Note that it is an error to attempt to complete the connection before \fBSSL_read_early_data()\fR has returned -\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 +SSL_READ_EARLY_DATA_FINISH. .PP Only servers may call \fBSSL_read_early_data()\fR. .PP @@ -324,17 +249,17 @@ connection attempt. By default the server does not accept early data; a server may indicate support for early data by calling \&\fBSSL_CTX_set_max_early_data()\fR or -\&\fBSSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 +\&\fBSSL_set_max_early_data()\fR to set it for the whole SSL_CTX or an individual SSL object respectively. The \fBmax_early_data\fR parameter specifies the maximum amount of early data in bytes that is permitted to be sent on a single connection. Similarly the \fBSSL_CTX_get_max_early_data()\fR and \&\fBSSL_get_max_early_data()\fR functions can be used to obtain the current maximum -early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a +early data settings for the SSL_CTX and SSL objects respectively. Generally a server application will either use both of \fBSSL_read_early_data()\fR and \&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them, since there is no practical benefit from using only one of them. If the maximum early data setting for a server is nonzero then replay protection is -automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). +automatically enabled (see "REPLAY PROTECTION" below). .PP If the server rejects the early data sent by a client then it will skip over the data that is sent. The maximum amount of received early data that is skipped @@ -358,7 +283,7 @@ the current configured max_early_data value. .PP Some server applications may wish to have more control over whether early data -is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 +is accepted or not, for example to mitigate replay risks (see "REPLAY PROTECTION" below) or to decline early_data when the server is heavily loaded. The functions \&\fBSSL_CTX_set_allow_early_data_cb()\fR and \fBSSL_set_allow_early_data_cb()\fR set a callback which is called at a point in the handshake immediately before a @@ -366,34 +291,34 @@ pointer to the user data argument that was provided when the callback was first set. Returning 1 from the callback will allow early data and returning 0 will reject it. Note that the OpenSSL library may reject early data for other reasons -in which case this callback will not get called. Notably, the built-in replay +in which case this callback will not get called. Notably, the built\-in replay protection feature will still be used even if a callback is present unless it -has been explicitly disabled using the \s-1SSL_OP_NO_ANTI_REPLAY\s0 option. See -\&\*(L"\s-1REPLAY PROTECTION\*(R"\s0 below. -.SH "NOTES" +has been explicitly disabled using the SSL_OP_NO_ANTI_REPLAY option. See +"REPLAY PROTECTION" below. +.SH NOTES .IX Header "NOTES" The whole purpose of early data is to enable a client to start sending data to the server before a full round trip of network traffic has occurred. Application -developers should ensure they consider optimisation of the underlying \s-1TCP\s0 socket -to obtain a performant solution. For example Nagle's algorithm is commonly used -by operating systems in an attempt to avoid lots of small \s-1TCP\s0 packets. In many +developers should ensure they consider optimisation of the underlying TCP socket +to obtain a performant solution. For example Nagle\*(Aqs algorithm is commonly used +by operating systems in an attempt to avoid lots of small TCP packets. In many scenarios this is beneficial for performance, but it does not work well with the -early data solution as implemented in OpenSSL. In Nagle's algorithm the \s-1OS\s0 will -buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent which we have not -yet received an \s-1ACK\s0 for from the peer. The buffered data will only be -transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if -the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the -first \s-1TCP\s0 packet along with any data from the first call to +early data solution as implemented in OpenSSL. In Nagle\*(Aqs algorithm the OS will +buffer outgoing TCP data if a TCP packet has already been sent which we have not +yet received an ACK for from the peer. The buffered data will only be +transmitted if enough data to fill an entire TCP packet is accumulated, or if +the ACK is received from the peer. The initial ClientHello will be sent in the +first TCP packet along with any data from the first call to \&\fBSSL_write_early_data()\fR. If the amount of data written will exceed the size of a -single \s-1TCP\s0 packet, or if there are more calls to \fBSSL_write_early_data()\fR then -that additional data will be sent in subsequent \s-1TCP\s0 packets which will be -buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet +single TCP packet, or if there are more calls to \fBSSL_write_early_data()\fR then +that additional data will be sent in subsequent TCP packets which will be +buffered by the OS and not sent until an ACK is received for the first packet containing the ClientHello. This means the early data is not actually sent until a complete round trip with the server has occurred which defeats the objective of early data. .PP -In many operating systems the \s-1TCP_NODELAY\s0 socket option is available to disable -Nagle's algorithm. If an application opts to disable Nagle's algorithm +In many operating systems the TCP_NODELAY socket option is available to disable +Nagle\*(Aqs algorithm. If an application opts to disable Nagle\*(Aqs algorithm consideration should be given to turning it back on again after the handshake is complete if appropriate. .PP @@ -406,12 +331,12 @@ a server will cause the connection to abort. Clients that encounter an aborted connection while sending early data may want to retry the connection without sending early data as this does not happen automatically. A client will have to -establish a new transport layer connection to the server and attempt the \s-1SSL/TLS\s0 +establish a new transport layer connection to the server and attempt the SSL/TLS connection again but without sending early data. Note that it is inadvisable to retry with a lower maximum protocol version. .SH "REPLAY PROTECTION" .IX Header "REPLAY PROTECTION" -When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that +When early data is in use the TLS protocol provides no security guarantees that the same early data was not replayed across multiple connections. As a mitigation for this issue OpenSSL automatically enables replay protection if the server is configured with a nonzero max early data value. With replay @@ -423,7 +348,7 @@ .PP The replay protection mechanism relies on the internal OpenSSL server session cache (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is -being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been +being used the server will operate as if the SSL_OP_NO_TICKET option had been selected (see \fBSSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache whenever a session ticket is issued. When a client attempts to resume the session, OpenSSL will check for its presence in the internal cache. If it exists @@ -432,7 +357,7 @@ occur. .PP Note that some applications may maintain an external cache of sessions (see -\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application\*(Aqs responsibility to ensure that any sessions in the external cache are also populated in the internal cache and that once removed from the internal cache they are similarly removed from the external cache. Failing to do this could @@ -449,8 +374,8 @@ should be applied when combining external PSKs with early data. .PP Some applications may mitigate the replay risks in other ways. For those -applications it is possible to turn off the built-in replay protection feature -using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fBSSL_CTX_set_options\fR\|(3) for +applications it is possible to turn off the built\-in replay protection feature +using the \fBSSL_OP_NO_ANTI_REPLAY\fR option. See \fBSSL_CTX_set_options\fR\|(3) for details. Applications can also set a callback to make decisions about accepting early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details. .SH "RETURN VALUES" @@ -458,9 +383,9 @@ \&\fBSSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. .PP -\&\fBSSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, -\&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and -\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the +\&\fBSSL_read_early_data()\fR returns SSL_READ_EARLY_DATA_ERROR for failure, +SSL_READ_EARLY_DATA_SUCCESS for success with more data to read and +SSL_READ_EARLY_DATA_FINISH for success with no more to data be read. In the event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. .PP @@ -471,9 +396,9 @@ \&\fBSSL_set_max_early_data()\fR, \fBSSL_CTX_set_max_early_data()\fR and \&\fBSSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. .PP -\&\fBSSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was -accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by -the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. +\&\fBSSL_get_early_data_status()\fR returns SSL_EARLY_DATA_ACCEPTED if early data was +accepted by the server, SSL_EARLY_DATA_REJECTED if early data was rejected by +the server, or SSL_EARLY_DATA_NOT_SENT if no early data was sent. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), @@ -484,14 +409,14 @@ \&\fBSSL_do_handshake\fR\|(3), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" All of the functions described above were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_rstate_string.3.orig +++ secure/lib/libcrypto/man/man3/SSL_rstate_string.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_RSTATE_STRING 3ossl" -.TH SSL_RSTATE_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_RSTATE_STRING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,48 +73,44 @@ \& const char *SSL_rstate_string(SSL *ssl); \& const char *SSL_rstate_string_long(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state -of the \s-1SSL\s0 object \fBssl\fR. +of the SSL object \fBssl\fR. .PP \&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of -the \s-1SSL\s0 object \fBssl\fR. -.SH "NOTES" +the SSL object \fBssl\fR. +.SH NOTES .IX Header "NOTES" -When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, +When performing a read operation, the SSL/TLS engine must parse the record, consisting of header and body. When working in a blocking environment, -SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R". +SSL_rstate_string[_long]() should always return "RD"/"read done". .PP This function should only seldom be needed in applications. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following values: -.ie n .IP """\s-1RH""/\s0""read header""" 4 -.el .IP "``\s-1RH''/\s0``read header''" 4 -.IX Item "RH/read header" +.IP """RH""/""read header""" 4 +.IX Item """RH""/""read header""" The header of the record is being evaluated. -.ie n .IP """\s-1RB""/\s0""read body""" 4 -.el .IP "``\s-1RB''/\s0``read body''" 4 -.IX Item "RB/read body" +.IP """RB""/""read body""" 4 +.IX Item """RB""/""read body""" The body of the record is being evaluated. -.ie n .IP """\s-1RD""/\s0""read done""" 4 -.el .IP "``\s-1RD''/\s0``read done''" 4 -.IX Item "RD/read done" +.IP """RD""/""read done""" 4 +.IX Item """RD""/""read done""" The record has been completely processed. -.ie n .IP """unknown""/""unknown""" 4 -.el .IP "``unknown''/``unknown''" 4 -.IX Item "unknown/unknown" +.IP """unknown""/""unknown""" 4 +.IX Item """unknown""/""unknown""" The read state is unknown. This should never happen. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_session_reused.3.orig +++ secure/lib/libcrypto/man/man3/SSL_session_reused.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,88 +53,29 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SESSION_REUSED 3ossl" -.TH SSL_SESSION_REUSED 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SESSION_REUSED 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_session_reused \- query whether a reused session was negotiated during handshake -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_session_reused(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Query, whether a reused session was negotiated during the handshake. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" During the negotiation, a client can propose to reuse a session. The server then looks up the session in its cache. If both client and server agree @@ -159,20 +84,20 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "0" 4 +.IP 0 4 A new session was negotiated. -.IP "1" 4 +.IP 1 4 .IX Item "1" A session was reused. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set1_host.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set1_host.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET1_HOST 3ossl" -.TH SSL_SET1_HOST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET1_HOST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server verification parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,70 +76,70 @@ \& void SSL_set_hostflags(SSL *s, unsigned int flags); \& const char *SSL_get0_peername(SSL *s); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions configure server hostname checks in the \s-1SSL\s0 client. +These functions configure server hostname checks in the SSL client. .PP -\&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing -any previously specified hostname. If \fBname\fR is \s-1NULL\s0 +\&\fBSSL_set1_host()\fR sets the expected DNS hostname to \fBname\fR clearing +any previously specified hostname. If \fBname\fR is NULL or the empty string, the list of hostnames is cleared and name checks are not performed on the peer certificate. When a nonempty \&\fBname\fR is specified, certificate verification automatically checks the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified -via \fBSSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication +via \fBSSL_set_hostflags()\fR. Clients that enable DANE TLSA authentication via \fBSSL_dane_enable\fR\|(3) should leave it to that function to set the primary reference identifier of the peer, and should not call \&\fBSSL_set1_host()\fR. .PP \&\fBSSL_add1_host()\fR adds \fBname\fR as an additional reference identifier -that can match the peer's certificate. Any previous names set via +that can match the peer\*(Aqs certificate. Any previous names set via \&\fBSSL_set1_host()\fR or \fBSSL_add1_host()\fR are retained, no change is made -if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, +if \fBname\fR is NULL or empty. When multiple names are configured, the peer is considered verified when any name matches. This function -is required for \s-1DANE TLSA\s0 in the presence of service name indirection -via \s-1CNAME, MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671, RFC7672\s0 or -\&\s-1RFC7673.\s0 +is required for DANE TLSA in the presence of service name indirection +via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or +RFC7673. .PP \&\fBSSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to \&\fBX509_check_host\fR\|(3) when name checks are applicable, by default the \fBflags\fR value is 0. See \fBX509_check_host\fR\|(3) for the list of available flags and their meaning. .PP -\&\fBSSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName +\&\fBSSL_get0_peername()\fR returns the DNS hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, the name matched in the peer certificate may be a wildcard name. When one of the reference identifiers configured via \fBSSL_set1_host()\fR or -\&\fBSSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix -rather than a fixed name, the matched peer name may be a sub-domain +\&\fBSSL_add1_host()\fR starts with ".", which indicates a parent domain prefix +rather than a fixed name, the matched peer name may be a sub\-domain of the reference identifier. The returned string is allocated by the library and is no longer valid once the associated \fBssl\fR handle is cleared or freed, or a renegotiation takes place. Applications must not free the return value. .PP -\&\s-1SSL\s0 clients are advised to use these functions in preference to +SSL clients are advised to use these functions in preference to explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out -of scope with the \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3) certificate usage, and the -internal check will be suppressed as appropriate when \s-1DANE\s0 is +of scope with the RFC7671 \fBDANE\-EE\fR\|(3) certificate usage, and the +internal check will be suppressed as appropriate when DANE is enabled. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR return 1 for success and 0 for failure. .PP -\&\fBSSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not -applicable (as with \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3)), or no trusted peername was +\&\fBSSL_get0_peername()\fR returns NULL if peername verification is not +applicable (as with RFC7671 \fBDANE\-EE\fR\|(3)), or no trusted peername was matched. Otherwise, it returns the matched peername. To determine whether verification succeeded call \fBSSL_get_verify_result\fR\|(3). -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". -The calls below will arrange to match either the \s-1MX\s0 hostname or the -destination domain name in the \s-1SMTP\s0 server certificate. Wildcards +Suppose "smtp.example.com" is the MX host of the domain "example.com". +The calls below will arrange to match either the MX hostname or the +destination domain name in the SMTP server certificate. Wildcards are supported, but must match the entire label. The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond -the lifetime of the \s-1SSL\s0 connection. +the lifetime of the SSL connection. .PP .Vb 5 \& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); @@ -238,14 +163,14 @@ \&\fBX509_check_host\fR\|(3), \&\fBSSL_get_verify_result\fR\|(3). \&\fBSSL_dane_enable\fR\|(3). -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set_async_callback.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set_async_callback.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET_ASYNC_CALLBACK 3ossl" -.TH SSL_SET_ASYNC_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET_ASYNC_CALLBACK 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_CTX_set_async_callback, SSL_CTX_set_async_callback_arg, SSL_set_async_callback, @@ -146,7 +71,7 @@ SSL_get_async_status, SSL_async_callback_fn \&\- manage asynchronous operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,60 +83,60 @@ \& int SSL_set_async_callback_arg(SSL *s, void *arg); \& int SSL_get_async_status(SSL *s, int *status); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_async_callback()\fR sets an asynchronous callback function. All \fB\s-1SSL\s0\fR -objects generated based on this \fB\s-1SSL_CTX\s0\fR will get this callback. If an engine +\&\fBSSL_CTX_set_async_callback()\fR sets an asynchronous callback function. All \fBSSL\fR +objects generated based on this \fBSSL_CTX\fR will get this callback. If an engine supports the callback mechanism, it will be automatically called if -\&\fB\s-1SSL_MODE_ASYNC\s0\fR has been set and an asynchronous capable engine completes a +\&\fBSSL_MODE_ASYNC\fR has been set and an asynchronous capable engine completes a cryptography operation to notify the application to resume the paused work flow. .PP \&\fBSSL_CTX_set_async_callback_arg()\fR sets the callback argument. .PP \&\fBSSL_set_async_callback()\fR allows an application to set a callback in an -asynchronous \fB\s-1SSL\s0\fR object, so that when an engine completes a cryptography +asynchronous \fBSSL\fR object, so that when an engine completes a cryptography operation, the callback will be called to notify the application to resume the paused work flow. .PP -\&\fBSSL_set_async_callback_arg()\fR sets an argument for the \fB\s-1SSL\s0\fR object when the +\&\fBSSL_set_async_callback_arg()\fR sets an argument for the \fBSSL\fR object when the above callback is called. .PP \&\fBSSL_get_async_status()\fR returns the engine status. This function facilitates the -communication from the engine to the application. During an \s-1SSL\s0 session, +communication from the engine to the application. During an SSL session, cryptographic operations are dispatched to an engine. The engine status is very useful for an application to know if the operation has been successfully dispatched. If the engine does not support this additional callback method, -\&\fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR will be returned. See \fBASYNC_WAIT_CTX_set_status()\fR +\&\fBASYNC_STATUS_UNSUPPORTED\fR will be returned. See \fBASYNC_WAIT_CTX_set_status()\fR for a description of all of the status values. .PP An example of the above functions would be the following: -.IP "1." 4 -Application sets the async callback and callback data on an \s-1SSL\s0 connection +.IP 1. 4 +Application sets the async callback and callback data on an SSL connection by calling \fBSSL_set_async_callback()\fR. -.IP "2." 4 -Application sets \fB\s-1SSL_MODE_ASYNC\s0\fR and makes an asynchronous \s-1SSL\s0 call -.IP "3." 4 +.IP 2. 4 +Application sets \fBSSL_MODE_ASYNC\fR and makes an asynchronous SSL call +.IP 3. 4 OpenSSL submits the asynchronous request to the engine. If a retry occurs at -this point then the status within the \fB\s-1ASYNC_WAIT_CTX\s0\fR would be set and the +this point then the status within the \fBASYNC_WAIT_CTX\fR would be set and the async callback function would be called (goto Step 7). -.IP "4." 4 +.IP 4. 4 The OpenSSL engine pauses the current job and returns, so that the application can continue processing other connections. -.IP "5." 4 +.IP 5. 4 At a future point in time (probably via a polling mechanism or via an interrupt) the engine will become aware that the asynchronous request has finished processing. -.IP "6." 4 -The engine will call the application's callback passing the callback data as +.IP 6. 4 +The engine will call the application\*(Aqs callback passing the callback data as a parameter. -.IP "7." 4 +.IP 7. 4 The callback function should then run. Note: it is a requirement that the callback function is small and nonblocking as it will be run in the context of a polling mechanism or an interrupt. -.IP "8." 4 -It is the application's responsibility via the callback function to schedule +.IP 8. 4 +It is the application\*(Aqs responsibility via the callback function to schedule recalling the OpenSSL asynchronous function and to continue processing. -.IP "9." 4 +.IP 9. 4 The callback function has the option to check the status returned via \&\fBSSL_get_async_status()\fR to determine whether a retry happened instead of the request being submitted, allowing different processing if required. @@ -223,16 +148,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_CTX_set_async_callback()\fR, \fBSSL_CTX_set_async_callback_arg()\fR, \&\fBSSL_set_async_callback()\fR, \fBSSL_set_async_callback_arg()\fR and \&\fBSSL_get_async_status()\fR were first added to OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set_bio.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set_bio.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET_BIO 3ossl" -.TH SSL_SET_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET_BIO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,10 +74,10 @@ \& void SSL_set0_rbio(SSL *s, BIO *rbio); \& void SSL_set0_wbio(SSL *s, BIO *wbio); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR -object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is +\&\fBSSL_set0_rbio()\fR connects the BIO \fBrbio\fR for the read operations of the \fBssl\fR +object. The SSL engine inherits the behaviour of \fBrbio\fR. If the BIO is nonblocking then the \fBssl\fR object will also have nonblocking behaviour. This function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this @@ -160,42 +85,51 @@ call to \fBBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to the same value as previously). .PP +If using a custom BIO, \fBrbio\fR must implement either +\&\fBBIO_meth_set_read_ex\fR\|(3) or \fBBIO_meth_set_read\fR\|(3). +.PP \&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects -the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the +the BIO \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take ownership of one reference. Therefore, it may be necessary to increment the number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0 functions. .PP +If using a custom BIO, \fBwbio\fR must implement +\&\fBBIO_meth_set_write_ex\fR\|(3) or \fBBIO_meth_set_write\fR\|(3). It additionally must +implement \fBBIO_flush\fR\|(3) using \fBBIO_CTRL_FLUSH\fR and \fBBIO_meth_set_ctrl\fR\|(3). +If flushing is unnecessary with \fBwbio\fR, \fBBIO_flush\fR\|(3) should return one and +do nothing. +.PP \&\fBSSL_set_bio()\fR is similar to \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR except that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to the following set of rules: -.IP "\(bu" 2 +.IP \(bu 2 If neither the \fBrbio\fR or \fBwbio\fR have changed from their previous values then nothing is done. -.IP "\(bu" 2 +.IP \(bu 2 If the \fBrbio\fR and \fBwbio\fR parameters are different and both are different to their previously set values then one reference is consumed for the rbio and one reference is consumed for the wbio. -.IP "\(bu" 2 +.IP \(bu 2 If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is not the same as the previously set value then one reference is consumed. -.IP "\(bu" 2 +.IP \(bu 2 If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is the same as the previously set value, then no additional references are consumed. -.IP "\(bu" 2 +.IP \(bu 2 If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBrbio\fR is the same as the previously set value then one reference is consumed for the \fBwbio\fR and no references are consumed for the \fBrbio\fR. -.IP "\(bu" 2 +.IP \(bu 2 If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values were the same as each other then one reference is consumed for the \fBrbio\fR and no references are consumed for the \fBwbio\fR. -.IP "\(bu" 2 +.IP \(bu 2 If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values were different @@ -212,14 +146,14 @@ \&\fBSSL_get_rbio\fR\|(3), \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set_connect_state.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET_CONNECT_STATE 3ossl" -.TH SSL_SET_CONNECT_STATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET_CONNECT_STATE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for manipulating and examining the client or server mode of an SSL object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,23 +77,23 @@ \& \& int SSL_is_server(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. .PP \&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. .PP \&\fBSSL_is_server()\fR checks if \fBssl\fR is working in server mode. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3), +When the SSL_CTX object was created with \fBSSL_CTX_new\fR\|(3), it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with \&\fBSSL_CTX_set_ssl_version\fR\|(3) or \&\fBSSL_set_ssl_method\fR\|(3).) .PP -When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must +When beginning a new handshake, the SSL engine must know whether it must call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set. @@ -182,7 +107,7 @@ .PP If \fBSSL_is_server()\fR is called before \fBSSL_set_connect_state()\fR or \&\fBSSL_set_accept_state()\fR is called (either automatically or explicitly), -the result depends on what method was used when \s-1SSL_CTX\s0 was created with +the result depends on what method was used when SSL_CTX was created with \&\fBSSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was passed to \fBSSL_CTX_new\fR\|(3), \fBSSL_is_server()\fR returns 1; otherwise, it returns 0. .SH "RETURN VALUES" @@ -198,11 +123,11 @@ \&\fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \&\fBSSL_do_handshake\fR\|(3), \&\fBSSL_CTX_set_ssl_version\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set_fd.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set_fd.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET_FD 3ossl" -.TH SSL_SET_FD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET_FD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descriptor -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,18 +74,18 @@ \& int SSL_set_rfd(SSL *ssl, int fd); \& int SSL_set_wfd(SSL *ssl, int fd); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility -for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +for the TLS/SSL (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the socket file descriptor of a network connection. .PP -When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to -interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine +When performing the operation, a \fBsocket BIO\fR is automatically created to +interface between the \fBssl\fR and \fBfd\fR. The BIO and hence the SSL engine inherit the behaviour of \fBfd\fR. If \fBfd\fR is nonblocking, the \fBssl\fR will also have nonblocking behaviour. .PP -If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called +If there was already a BIO connected to \fBssl\fR, \fBBIO_free()\fR will be called (for both the reading and writing side, if different). .PP \&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only @@ -168,18 +93,18 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "0" 4 +.IP 0 4 The operation failed. Check the error stack to find out why. -.IP "1" 4 +.IP 1 4 .IX Item "1" The operation succeeded. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -On Windows, a socket handle is a 64\-bit data type (\s-1UINT_PTR\s0), which leads to a -compiler warning (conversion from '\s-1SOCKET\s0' to 'int', possible loss of data) when +On Windows, a socket handle is a 64\-bit data type (UINT_PTR), which leads to a +compiler warning (conversion from \*(AqSOCKET\*(Aq to \*(Aqint\*(Aq, possible loss of data) when passing the socket handle to SSL_set_*\fBfd()\fR. For the time being, this warning can safely be ignored, because although the Microsoft documentation claims that the -upper limit is \s-1INVALID_SOCKET\-1\s0 (2^64 \- 2), in practice the current \fBsocket()\fR +upper limit is INVALID_SOCKET\-1 (2^64 \- 2), in practice the current \fBsocket()\fR implementation returns an index into the kernel handle table, the size of which is limited to 2^24. .SH "SEE ALSO" @@ -187,11 +112,11 @@ \&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3), \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set_retry_verify.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set_retry_verify.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET_RETRY_VERIFY 3ossl" -.TH SSL_SET_RETRY_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET_RETRY_VERIFY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_retry_verify \- indicate that certificate verification should be retried -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_set_retry_verify(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_set_retry_verify()\fR should be called from the certificate verification callback on a client when the application wants to indicate that the handshake @@ -156,16 +81,16 @@ is resumed again by the application, retrying the verification step. .PP Please refer to \fBSSL_CTX_set_cert_verify_callback\fR\|(3) for further details. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The effect of calling \fBSSL_set_retry_verify()\fR outside of the certificate verification callback on the client side is undefined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" SSL_set_retry \fBverify()\fR returns 1 on success, 0 otherwise. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -The following code snippet shows how to obtain the \fB\s-1SSL\s0\fR object associated +The following code snippet shows how to obtain the \fBSSL\fR object associated with the \fBX509_STORE_CTX\fR to call the \fBSSL_set_retry_verify()\fR function: .PP .Vb 2 @@ -186,16 +111,16 @@ .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_connect\fR\|(3), \fBSSL_CTX_set_cert_verify_callback\fR\|(3), \&\fBSSL_want_retry_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBSSL_set_retry_verify()\fR was added in OpenSSL 3.0.2 to replace backwards incompatible handling of a negative return value from the verification callback. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set_session.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set_session.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,88 +53,29 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET_SESSION 3ossl" -.TH SSL_SET_SESSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET_SESSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_set_session(SSL *ssl, SSL_SESSION *session); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection -is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the TLS/SSL connection +is to be established. \fBSSL_set_session()\fR is only useful for TLS/SSL clients. When the session is set, the reference count of \fBsession\fR is incremented by 1. If the session is not reused, the reference count is decremented again during \fBSSL_connect()\fR. Whether the session was reused can be queried @@ -159,24 +84,24 @@ If there is already a session set inside \fBssl\fR (because it was set with \&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for a connection), \fBSSL_SESSION_free()\fR will be called for that session. -This is also the case when \fBsession\fR is a \s-1NULL\s0 pointer. If that old +This is also the case when \fBsession\fR is a NULL pointer. If that old session is still \fBopen\fR, it is considered bad and will be removed from the session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to -set the \s-1SSL_SENT_SHUTDOWN\s0 state). -.SH "NOTES" +set the SSL_SENT_SHUTDOWN state). +.SH NOTES .IX Header "NOTES" -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). +SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object\*(Aqs session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "0" 4 +.IP 0 4 The operation failed; check the error stack to find out the reason. -.IP "1" 4 +.IP 1 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" @@ -185,11 +110,11 @@ \&\fBSSL_get_session\fR\|(3), \&\fBSSL_session_reused\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set_shutdown.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET_SHUTDOWN 3ossl" -.TH SSL_SET_SHUTDOWN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET_SHUTDOWN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,40 +74,40 @@ \& \& int SSL_get_shutdown(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. .PP \&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The shutdown state of an ssl connection is a bit-mask of: -.IP "0" 4 +The shutdown state of an ssl connection is a bit\-mask of: +.IP 0 4 No shutdown setting, yet. -.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IP SSL_SENT_SHUTDOWN 4 .IX Item "SSL_SENT_SHUTDOWN" A close_notify shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. -.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IP SSL_RECEIVED_SHUTDOWN 4 .IX Item "SSL_RECEIVED_SHUTDOWN" A shutdown alert was received form the peer, either a normal close_notify or a fatal error. .PP -\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time. .PP The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when \&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called, -it is considered bad and removed according to \s-1RFC2246.\s0 -The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 -(according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify -alert but to not wait for the peer's answer, when the underlying connection +it is considered bad and removed according to RFC2246. +The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN +(according to the TLS RFC, it is acceptable to only send the close_notify +alert but to not wait for the peer\*(Aqs answer, when the underlying connection is closed). \&\fBSSL_set_shutdown()\fR can be used to set this state without sending a close alert to the peer (see \fBSSL_shutdown\fR\|(3)). .PP -If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, -for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call +If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set, +for setting SSL_SENT_SHUTDOWN the application must however still call \&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -194,11 +119,11 @@ \&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), \&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_set_verify_result.3.orig +++ secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SET_VERIFY_RESULT 3ossl" -.TH SSL_SET_VERIFY_RESULT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SET_VERIFY_RESULT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_set_verify_result \- override result of peer certificate verification -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_set_verify_result(SSL *ssl, long verify_result); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the result of the verification of the X509 certificate presented by the peer, if any. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes the verification result of the \fBssl\fR object. It does not become part of the @@ -168,11 +93,11 @@ \&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), \&\fBSSL_get_peer_certificate\fR\|(3), \&\fBopenssl\-verify\fR\|(1) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_shutdown.3.orig +++ secure/lib/libcrypto/man/man3/SSL_shutdown.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,104 +53,45 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_SHUTDOWN 3ossl" -.TH SSL_SHUTDOWN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_SHUTDOWN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_shutdown \- shut down a TLS/SSL connection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_shutdown(SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +\&\fBSSL_shutdown()\fR shuts down an active TLS/SSL connection. It sends the close_notify shutdown alert to the peer. .PP \&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. -Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and +Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. .PP Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has -occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 -or \s-1SSL_ERROR_SSL.\s0 +occurred on a connection i.e. if \fBSSL_get_error()\fR has returned SSL_ERROR_SYSCALL +or SSL_ERROR_SSL. .PP The shutdown procedure consists of two steps: sending of the close_notify -shutdown alert, and reception of the peer's close_notify shutdown alert. +shutdown alert, and reception of the peer\*(Aqs close_notify shutdown alert. The order of those two steps depends on the application. .PP It is acceptable for an application to only send its shutdown alert and -then close the underlying connection without waiting for the peer's response. +then close the underlying connection without waiting for the peer\*(Aqs response. This way resources can be saved, as the process can already terminate or serve another connection. This should only be done when it is known that the other side will not send more @@ -187,48 +112,48 @@ It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR. The read direction is closed by the peer. .PP -The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the +The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying BIO. +If the underlying BIO is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the handshake step has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_shutdown()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR +If the underlying BIO is \fBnonblocking\fR, \fBSSL_shutdown()\fR will also return +when the underlying BIO could not satisfy the needs of \fBSSL_shutdown()\fR to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +return value of \fBSSL_shutdown()\fR will yield \fBSSL_ERROR_WANT_READ\fR or +\&\fBSSL_ERROR_WANT_WRITE\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue. .PP After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again -to wait for the peer's close_notify alert. +to wait for the peer\*(Aqs close_notify alert. \&\fBSSL_shutdown()\fR will return 1 in that case. However, it is recommended to wait for it using \fBSSL_read()\fR instead. .PP -\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +\&\fBSSL_shutdown()\fR can be modified to only set the connection to "shutdown" state but not actually send the close_notify alert messages, see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). -When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed +When "quiet shutdown" is enabled, \fBSSL_shutdown()\fR will always succeed and return 1. Note that this is not standard compliant behaviour. It should only be done when the peer has a way to make sure all -data has been received and doesn't wait for the close_notify alert -message, otherwise an unexpected \s-1EOF\s0 will be reported. +data has been received and doesn\*(Aqt wait for the close_notify alert +message, otherwise an unexpected EOF will be reported. .PP There are implementations that do not send the required close_notify alert. -If there is a need to communicate with such an implementation, and it's clear -that all data has been received, do not wait for the peer's close_notify alert. +If there is a need to communicate with such an implementation, and it\*(Aqs clear +that all data has been received, do not wait for the peer\*(Aqs close_notify alert. Waiting for the close_notify alert when the peer just closes the connection will result in an error being generated. -The error can be ignored using the \fB\s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0\fR. +The error can be ignored using the \fBSSL_OP_IGNORE_UNEXPECTED_EOF\fR. For more information see \fBSSL_CTX_set_options\fR\|(3). .SS "First to close the connection" .IX Subsection "First to close the connection" When the application is the first party to send the close_notify alert, \fBSSL_shutdown()\fR will only send the alert and then set the -\&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will +SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in the cache). If successful, \fBSSL_shutdown()\fR will return 0. .PP @@ -237,7 +162,7 @@ .PP In order to complete the bidirectional shutdown handshake, the peer needs to send back a close_notify alert. -The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing +The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing it. .PP The peer is still allowed to send data after receiving the close_notify @@ -245,24 +170,24 @@ When it is done sending data, it will send the close_notify alert. \&\fBSSL_read()\fR should be called until all data is received. \&\fBSSL_read()\fR will indicate the end of the peer data by returning <= 0 -and \fBSSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 +and \fBSSL_get_error()\fR returning SSL_ERROR_ZERO_RETURN. .SS "Peer closes the connection" .IX Subsection "Peer closes the connection" If the peer already sent the close_notify alert \fBand\fR it was already processed implicitly inside another function -(\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. +(\fBSSL_read\fR\|(3)), the SSL_RECEIVED_SHUTDOWN flag is set. \&\fBSSL_read()\fR will return <= 0 in that case, and \fBSSL_get_error()\fR will return -\&\s-1SSL_ERROR_ZERO_RETURN.\s0 -\&\fBSSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 +SSL_ERROR_ZERO_RETURN. +\&\fBSSL_shutdown()\fR will send the close_notify alert, set the SSL_SENT_SHUTDOWN flag. If successful, \fBSSL_shutdown()\fR will return 1. .PP -Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the +Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the \&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.IP "0" 4 +.IP 0 4 The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call \fBSSL_read()\fR to do a bidirectional shutdown. @@ -270,11 +195,11 @@ Unlike most other function, returning 0 does not indicate an error. \&\fBSSL_get_error\fR\|(3) should not get called, it may misleadingly indicate an error even though no error occurred. -.IP "1" 4 +.IP 1 4 .IX Item "1" The shutdown was successfully completed. The close_notify alert was sent -and the peer's close_notify alert was received. -.IP "<0" 4 +and the peer\*(Aqs close_notify alert was received. +.IP <0 4 .IX Item "<0" The shutdown was not successful. Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. @@ -289,11 +214,11 @@ \&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), \fBSSL_CTX_set_options\fR\|(3) \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), \&\fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_state_string.3.orig +++ secure/lib/libcrypto/man/man3/SSL_state_string.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_STATE_STRING 3ossl" -.TH SSL_STATE_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_STATE_STRING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,22 +73,22 @@ \& const char *SSL_state_string(const SSL *ssl); \& const char *SSL_state_string_long(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_state_string()\fR returns an abbreviated string indicating the current state -of the \s-1SSL\s0 object \fBssl\fR. The returned NUL-terminated string contains 6 or fewer characters. +of the SSL object \fBssl\fR. The returned NUL\-terminated string contains 6 or fewer characters. .PP \&\fBSSL_state_string_long()\fR returns a descriptive string indicating the current state of -the \s-1SSL\s0 object \fBssl\fR. -.SH "NOTES" +the SSL object \fBssl\fR. +.SH NOTES .IX Header "NOTES" -During its use, an \s-1SSL\s0 objects passes several states. The state is internally +During its use, an SSL objects passes several states. The state is internally maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake. .PP When using nonblocking sockets, the function call performing the handshake -may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, +may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, so that SSL_state_string[_long]() may be called. .PP For both blocking or nonblocking sockets, the details state information @@ -175,11 +100,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_want.3.orig +++ secure/lib/libcrypto/man/man3/SSL_want.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_WANT 3ossl" -.TH SSL_WANT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_WANT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_retry_verify, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state information TLS/SSL I/O operation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,15 +82,15 @@ \& int SSL_want_async_job(const SSL *ssl); \& int SSL_want_client_hello_cb(const SSL *ssl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +\&\fBSSL_want()\fR returns state information for the SSL object \fBssl\fR. .PP The other SSL_want_*() calls are shortcuts for the possible states returned by \fBSSL_want()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +\&\fBSSL_want()\fR examines the internal state information of the SSL object. Its return values are similar to that of \fBSSL_get_error\fR\|(3). Unlike \fBSSL_get_error\fR\|(3), which also evaluates the error queue, the results are obtained by examining an internal state flag @@ -178,44 +103,44 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur for \fBSSL_want()\fR: -.IP "\s-1SSL_NOTHING\s0" 4 +.IP SSL_NOTHING 4 .IX Item "SSL_NOTHING" There is no data to be written or to be read. -.IP "\s-1SSL_WRITING\s0" 4 +.IP SSL_WRITING 4 .IX Item "SSL_WRITING" -There are data in the \s-1SSL\s0 buffer that must be written to the underlying -\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. -.IP "\s-1SSL_READING\s0" 4 +There are data in the SSL buffer that must be written to the underlying +\&\fBBIO\fR layer in order to complete the actual SSL_*() operation. +A call to \fBSSL_get_error\fR\|(3) should return \fBSSL_ERROR_WANT_WRITE\fR. +.IP SSL_READING 4 .IX Item "SSL_READING" -More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to +More data must be read from the underlying \fBBIO\fR layer in order to complete the actual SSL_*() operation. -A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_READ\s0\fR. -.IP "\s-1SSL_X509_LOOKUP\s0" 4 +A call to \fBSSL_get_error\fR\|(3) should return \fBSSL_ERROR_WANT_READ\fR. +.IP SSL_X509_LOOKUP 4 .IX Item "SSL_X509_LOOKUP" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. -A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_X509_LOOKUP\s0\fR. -.IP "\s-1SSL_RETRY_VERIFY\s0" 4 +A call to \fBSSL_get_error\fR\|(3) should return \fBSSL_ERROR_WANT_X509_LOOKUP\fR. +.IP SSL_RETRY_VERIFY 4 .IX Item "SSL_RETRY_VERIFY" The operation did not complete because a certificate verification callback has asked to be called again via \fBSSL_set_retry_verify\fR\|(3). -A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_RETRY_VERIFY\s0\fR. -.IP "\s-1SSL_ASYNC_PAUSED\s0" 4 +A call to \fBSSL_get_error\fR\|(3) should return \fBSSL_ERROR_WANT_RETRY_VERIFY\fR. +.IP SSL_ASYNC_PAUSED 4 .IX Item "SSL_ASYNC_PAUSED" An asynchronous operation partially completed and was then paused. See \&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return -\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR. -.IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 +\&\fBSSL_ERROR_WANT_ASYNC\fR. +.IP SSL_ASYNC_NO_JOBS 4 .IX Item "SSL_ASYNC_NO_JOBS" The asynchronous job could not be started because there were no async jobs available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3) -should return \fB\s-1SSL_ERROR_WANT_ASYNC_JOB\s0\fR. -.IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 +should return \fBSSL_ERROR_WANT_ASYNC_JOB\fR. +.IP SSL_CLIENT_HELLO_CB 4 .IX Item "SSL_CLIENT_HELLO_CB" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. -A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0\fR. +A call to \fBSSL_get_error\fR\|(3) should return \fBSSL_ERROR_WANT_CLIENT_HELLO_CB\fR. .PP \&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \&\fBSSL_want_x509_lookup()\fR, \fBSSL_want_retry_verify()\fR, @@ -224,15 +149,15 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value +The \fBSSL_want_client_hello_cb()\fR function and the SSL_CLIENT_HELLO_CB return value were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/SSL_write.3.orig +++ secure/lib/libcrypto/man/man3/SSL_write.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL_WRITE 3ossl" -.TH SSL_WRITE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL_WRITE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME SSL_write_ex, SSL_write, SSL_sendfile \- write bytes to a TLS/SSL connection -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,65 +74,65 @@ \& int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); \& int SSL_write(SSL *ssl, const void *buf, int num); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBSSL_write_ex()\fR and \fBSSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into the specified \fBssl\fR connection. On success \fBSSL_write_ex()\fR will store the number of bytes written in \fB*written\fR. .PP \&\fBSSL_sendfile()\fR writes \fBsize\fR bytes from offset \fBoffset\fR in the file -descriptor \fBfd\fR to the specified \s-1SSL\s0 connection \fBs\fR. This function provides -efficient zero-copy semantics. \fBSSL_sendfile()\fR is available only when -Kernel \s-1TLS\s0 is enabled, which can be checked by calling \fBBIO_get_ktls_send()\fR. +descriptor \fBfd\fR to the specified SSL connection \fBs\fR. This function provides +efficient zero\-copy semantics. \fBSSL_sendfile()\fR is available only when +Kernel TLS is enabled, which can be checked by calling \fBBIO_get_ktls_send()\fR. It is provided here to allow users to maintain the same interface. The meaning of \fBflags\fR is platform dependent. Currently, under Linux it is ignored. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -In the paragraphs below a \*(L"write function\*(R" is defined as one of either +In the paragraphs below a "write function" is defined as one of either \&\fBSSL_write_ex()\fR, or \fBSSL_write()\fR. .PP -If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already +If necessary, a write function will negotiate a TLS/SSL session, if not already explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer -requests a re-negotiation, it will be performed transparently during +requests a re\-negotiation, it will be performed transparently during the write function operation. The behaviour of the write functions depends on the -underlying \s-1BIO.\s0 +underlying BIO. .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling \&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first call to a write function. .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once +If the underlying BIO is \fBblocking\fR, the write functions will only return, once the write operation has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnonblocking\fR the write functions will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue +If the underlying BIO is \fBnonblocking\fR the write functions will also return +when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the -return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR -or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +return value of the write function will yield \fBSSL_ERROR_WANT_READ\fR +or \fBSSL_ERROR_WANT_WRITE\fR. As at any time a re\-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs -of the write function. The action depends on the underlying \s-1BIO.\s0 When using a +of the write function. The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check -for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data -must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +for the required condition. When using a buffering BIO, like a BIO pair, data +must be written into or retrieved out of the BIO before being able to continue. .PP The write functions will only return with success when the complete contents of \&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed -with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fBSSL_CTX_set_mode\fR\|(3). When +with the SSL_MODE_ENABLE_PARTIAL_WRITE option of \fBSSL_CTX_set_mode\fR\|(3). When this flag is set the write functions will also return with success when a partial write has been successfully completed. In this case the write function operation is considered completed. The bytes are sent and a new write call with a new buffer (with the already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB. -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" When a write function call has to be repeated because \fBSSL_get_error\fR\|(3) -returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +returned \fBSSL_ERROR_WANT_READ\fR or \fBSSL_ERROR_WANT_WRITE\fR, it must be repeated with the same arguments. The data that was passed might have been partially processed. -When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fBSSL_CTX_set_mode\fR\|(3) +When \fBSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\fR was set using \fBSSL_CTX_set_mode\fR\|(3) the pointer can be different, but the data and length should still be the same. .PP You should not call \fBSSL_write()\fR with num=0, it will return an error. @@ -216,13 +141,13 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that -all requested application data bytes have been written to the \s-1SSL\s0 connection or, -if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has -been written to the \s-1SSL\s0 connection. Failure means that not all the requested -bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in use) or -no bytes could be written to the \s-1SSL\s0 connection (if -\&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the -network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +all requested application data bytes have been written to the SSL connection or, +if SSL_MODE_ENABLE_PARTIAL_WRITE is in use, at least 1 application data byte has +been written to the SSL connection. Failure means that not all the requested +bytes have been written yet (if SSL_MODE_ENABLE_PARTIAL_WRITE is not in use) or +no bytes could be written to the SSL connection (if +SSL_MODE_ENABLE_PARTIAL_WRITE is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non\-retryable (e.g. a fatal network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which indicates whether the call is retryable or not. .PP @@ -230,7 +155,7 @@ .IP "> 0" 4 .IX Item "> 0" The write operation was successful, the return value is the number of -bytes actually written to the \s-1TLS/SSL\s0 connection. +bytes actually written to the TLS/SSL connection. .IP "<= 0" 4 .IX Item "<= 0" The write operation was not successful, because either the connection was @@ -239,13 +164,13 @@ .Sp Old documentation indicated a difference between 0 and \-1, and that \-1 was retryable. -You should instead call \fBSSL_get_error()\fR to find out if it's retryable. +You should instead call \fBSSL_get_error()\fR to find out if it\*(Aqs retryable. .PP For \fBSSL_sendfile()\fR, the following return values can occur: .IP ">= 0" 4 .IX Item ">= 0" The write operation was successful, the return value is the number -of bytes of the file written to the \s-1TLS/SSL\s0 connection. The return +of bytes of the file written to the TLS/SSL connection. The return value can be less than \fBsize\fR for a partial write. .IP "< 0" 4 .IX Item "< 0" @@ -259,15 +184,15 @@ \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) \&\fBSSL_set_connect_state\fR\|(3), \fBBIO_ctrl\fR\|(3), \&\fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. The \fBSSL_sendfile()\fR function was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/TS_RESP_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/TS_RESP_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "TS_RESP_CTX_NEW 3ossl" -.TH TS_RESP_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH TS_RESP_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME TS_RESP_CTX_new_ex, TS_RESP_CTX_new, TS_RESP_CTX_free \- Timestamp response context object creation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,32 +75,33 @@ \& TS_RESP_CTX *TS_RESP_CTX_new(void); \& void TS_RESP_CTX_free(TS_RESP_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Creates a response context that can be used for generating responses. .PP -\&\fBTS_RESP_CTX_new_ex()\fR allocates and initializes a \s-1TS_RESP_CTX\s0 structure with a +\&\fBTS_RESP_CTX_new_ex()\fR allocates and initializes a TS_RESP_CTX structure with a library context of \fIlibctx\fR and a property query of \fIpropq\fR. The library context and property query can be used to select which providers supply the fetched algorithms. .PP \&\fBTS_RESP_CTX_new()\fR is similar to \fBTS_RESP_CTX_new_ex()\fR but sets the library context -and property query to \s-1NULL.\s0 This results in the default (\s-1NULL\s0) library context +and property query to NULL. This results in the default (NULL) library context being used for any operations requiring algorithm fetches. .PP -\&\fBTS_RESP_CTX_free()\fR frees the \fB\s-1TS_RESP_CTX\s0\fR object \fIctx\fR. +\&\fBTS_RESP_CTX_free()\fR frees the \fBTS_RESP_CTX\fR object \fIctx\fR. +If the argument is NULL, nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBTS_RESP_CTX_new_ex()\fR and \fBTS_RESP_CTX_new()\fR return \s-1NULL,\s0 +If the allocation fails, \fBTS_RESP_CTX_new_ex()\fR and \fBTS_RESP_CTX_new()\fR return NULL, otherwise it returns a pointer to the newly allocated structure. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBTS_RESP_CTX_new_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/TS_VERIFY_CTX_set_certs.3.orig +++ secure/lib/libcrypto/man/man3/TS_VERIFY_CTX_set_certs.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "TS_VERIFY_CTX_SET_CERTS 3ossl" -.TH TS_VERIFY_CTX_SET_CERTS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH TS_VERIFY_CTX_SET_CERTS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs \&\- set certificates for TS response verification -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,21 +76,21 @@ \& STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, \& STACK_OF(X509) *certs); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The Time-Stamp Protocol (\s-1TSP\s0) is defined by \s-1RFC 3161. TSP\s0 is a protocol used to +The Time\-Stamp Protocol (TSP) is defined by RFC 3161. TSP is a protocol used to provide long term proof of the existence of a certain datum before a particular -time. \s-1TSP\s0 defines a Time Stamping Authority (\s-1TSA\s0) and an entity who shall make -requests to the \s-1TSA.\s0 Usually the \s-1TSA\s0 is denoted as the server side and the +time. TSP defines a Time Stamping Authority (TSA) and an entity who shall make +requests to the TSA. Usually the TSA is denoted as the server side and the requesting entity is denoted as the client. .PP -In \s-1TSP,\s0 when a server is sending a response to a client, the server normally -needs to sign the response data \- the TimeStampToken (\s-1TST\s0) \- with its private -key. Then the client shall verify the received \s-1TST\s0 by the server's certificate +In TSP, when a server is sending a response to a client, the server normally +needs to sign the response data \- the TimeStampToken (TST) \- with its private +key. Then the client shall verify the received TST by the server\*(Aqs certificate chain. .PP -\&\fBTS_VERIFY_CTX_set_certs()\fR is used to set the server's certificate chain when -verifying a \s-1TST.\s0 \fBctx\fR is the verification context created in advance and +\&\fBTS_VERIFY_CTX_set_certs()\fR is used to set the server\*(Aqs certificate chain when +verifying a TST. \fBctx\fR is the verification context created in advance and \&\fBcerts\fR is a stack of \fBX509\fR certificates. .PP \&\fBTS_VERIFY_CTS_set_certs()\fR is a misspelled version of \fBTS_VERIFY_CTX_set_certs()\fR @@ -177,16 +102,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOSSL_ESS_check_signing_certs\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The spelling of \fBTS_VERIFY_CTX_set_certs()\fR was corrected in OpenSSL 3.0.0. The misspelled version \fBTS_VERIFY_CTS_set_certs()\fR has been retained for compatibility reasons, but it is deprecated in OpenSSL 3.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/UI_STRING.3.orig +++ secure/lib/libcrypto/man/man3/UI_STRING.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "UI_STRING 3ossl" -.TH UI_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH UI_STRING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex \&\- User interface string parsing -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -173,107 +98,107 @@ \& int UI_set_result(UI *ui, UI_STRING *uis, const char *result); \& int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever +The \fBUI_STRING\fR gets created internally and added to a \fBUI\fR whenever one of the functions \fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \&\fBUI_add_verify_string()\fR, \fBUI_dup_verify_string()\fR, \&\fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \fBUI_add_info_string()\fR, \&\fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR or \fBUI_dup_error_string()\fR is called. -For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. -For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these -\&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. +For a \fBUI_METHOD\fR user, there\*(Aqs no need to know more. +For a \fBUI_METHOD\fR creator, it is of interest to fetch text from these +\&\fBUI_STRING\fR objects as well as adding results to some of them. .PP \&\fBUI_get_string_type()\fR is used to retrieve the type of the given -\&\fB\s-1UI_STRING\s0\fR. +\&\fBUI_STRING\fR. .PP \&\fBUI_get_input_flags()\fR is used to retrieve the flags associated with the -given \fB\s-1UI_STRING\s0\fR. +given \fBUI_STRING\fR. .PP \&\fBUI_get0_output_string()\fR is used to retrieve the actual string to output (prompt, info, error, ...). .PP \&\fBUI_get0_action_string()\fR is used to retrieve the action description -associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. -For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +associated with a \fBUIT_BOOLEAN\fR type \fBUI_STRING\fR. +For all other \fBUI_STRING\fR types, NULL is returned. See \fBUI_add_input_boolean\fR\|(3). .PP \&\fBUI_get0_result_string()\fR and \fBUI_get_result_string_length()\fR are used to retrieve the result of a prompt and its length. -This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. -For all other \fB\s-1UI_STRING\s0\fR types, \fBUI_get0_result_string()\fR returns \s-1NULL\s0 +This is only useful for \fBUIT_PROMPT\fR and \fBUIT_VERIFY\fR type strings. +For all other \fBUI_STRING\fR types, \fBUI_get0_result_string()\fR returns NULL and \fBUI_get_result_string_length()\fR returns \-1. .PP \&\fBUI_get0_test_string()\fR is used to retrieve the string to compare the prompt result with. -This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. -For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +This is only useful for \fBUIT_VERIFY\fR type strings. +For all other \fBUI_STRING\fR types, NULL is returned. .PP \&\fBUI_get_result_minsize()\fR and \fBUI_get_result_maxsize()\fR are used to retrieve the minimum and maximum required size of the result. -This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. -For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. +This is only useful for \fBUIT_PROMPT\fR and \fBUIT_VERIFY\fR type strings. +For all other \fBUI_STRING\fR types, \-1 is returned. .PP \&\fBUI_set_result_ex()\fR is used to set the result value of a prompt and its length. -For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the +For \fBUIT_PROMPT\fR and \fBUIT_VERIFY\fR type UI strings, this sets the result retrievable with \fBUI_get0_result_string()\fR by copying the contents of \fBresult\fR if its length fits the minimum and maximum size requirements. -For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of +For \fBUIT_BOOLEAN\fR type UI strings, this sets the first character of the result retrievable with \fBUI_get0_result_string()\fR to the first \&\fBok_char\fR given with \fBUI_add_input_boolean()\fR or \fBUI_dup_input_boolean()\fR if the \fBresult\fR matched any of them, or the first of the -\&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's -set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. +\&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it\*(Aqs +set to the NUL char \f(CW\*(C`\e0\*(C'\fR. See \fBUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and \&\fBcancel_chars\fR. .PP \&\fBUI_set_result()\fR does the same thing as \fBUI_set_result_ex()\fR, but calculates its length internally. -It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore +It expects the string to be terminated with a NUL byte, and is therefore only useful with normal C strings. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBUI_get_string_type()\fR returns the \s-1UI\s0 string type. +\&\fBUI_get_string_type()\fR returns the UI string type. .PP -\&\fBUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. +\&\fBUI_get_input_flags()\fR returns the UI string flags. .PP -\&\fBUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. +\&\fBUI_get0_output_string()\fR returns the UI string output string. .PP -\&\fBUI_get0_action_string()\fR returns the \s-1UI\s0 string action description -string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +\&\fBUI_get0_action_string()\fR returns the UI string action description +string for \fBUIT_BOOLEAN\fR type UI strings, NULL for any other type. .PP -\&\fBUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for -\&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other +\&\fBUI_get0_result_string()\fR returns the UI string result buffer for +\&\fBUIT_PROMPT\fR and \fBUIT_VERIFY\fR type UI strings, NULL for any other type. .PP -\&\fBUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's -content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, +\&\fBUI_get_result_string_length()\fR returns the UI string result buffer\*(Aqs +content length for \fBUIT_PROMPT\fR and \fBUIT_VERIFY\fR type UI strings, \&\-1 for any other type. .PP -\&\fBUI_get0_test_string()\fR returns the \s-1UI\s0 string action description -string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +\&\fBUI_get0_test_string()\fR returns the UI string action description +string for \fBUIT_VERIFY\fR type UI strings, NULL for any other type. .PP \&\fBUI_get_result_minsize()\fR returns the minimum allowed result size for -the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +the UI string for \fBUIT_PROMPT\fR and \fBUIT_VERIFY\fR type strings, \&\-1 for any other type. .PP \&\fBUI_get_result_maxsize()\fR returns the minimum allowed result size for -the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +the UI string for \fBUIT_PROMPT\fR and \fBUIT_VERIFY\fR type strings, \&\-1 for any other type. .PP -\&\fBUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any -type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on +\&\fBUI_set_result()\fR returns 0 on success or when the UI string is of any +type other than \fBUIT_PROMPT\fR, \fBUIT_VERIFY\fR or \fBUIT_BOOLEAN\fR, \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBUI\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBUI\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3.orig +++ secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "UI_UTIL_READ_PW 3ossl" -.TH UI_UTIL_READ_PW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH UI_UTIL_READ_PW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user interface utilities -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,12 +77,12 @@ \& int verify); \& UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a prompt, and stores it in \fBbuf\fR. The maximum allowed size is given with \fBlength\fR, including the -terminating \s-1NUL\s0 byte. +terminating NUL byte. If \fBverify\fR is nonzero, the password will be verified as well. .PP \&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the @@ -165,39 +90,39 @@ verification passphrase. .PP \&\fBUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary -\&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. +\&\fBUI_METHOD\fR that wraps a given PEM password callback \fBcb\fR. \&\fBrwflag\fR is used to specify if this method will be used for passphrase entry without (0) or with (1) verification. When not used any more, the returned method should be freed with \&\fBUI_destroy_method()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR use default -\&\fB\s-1UI_METHOD\s0\fR. +\&\fBUI_METHOD\fR. See \fBUI_get_default_method\fR\|(3) and friends for more information. .PP -The result from the \fB\s-1UI_METHOD\s0\fR created by +The result from the \fBUI_METHOD\fR created by \&\fBUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the encoding that the given password callback generates. The default password prompting functions (apart from \&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR, there is \&\fBPEM_def_callback()\fR, \fBEVP_read_pw_string()\fR and \fBEVP_read_pw_string_min()\fR) -all use the default \fB\s-1UI_METHOD\s0\fR. +all use the default \fBUI_METHOD\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR return 0 on success or a negative value on error. .PP -\&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +\&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fBUI_METHOD\fR structure or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBUI_get_default_method\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/UI_create_method.3.orig +++ secure/lib/libcrypto/man/man3/UI_create_method.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "UI_CREATE_METHOD 3ossl" -.TH UI_CREATE_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH UI_CREATE_METHOD 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, @@ -149,7 +74,7 @@ UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data \- user interface method creation and destruction -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -186,52 +111,52 @@ \& void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); \& const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -A method contains a few functions that implement the low-level of the +A method contains a few functions that implement the low\-level of the User Interface. These functions are: .IP "an opener" 4 .IX Item "an opener" -This function takes a reference to a \s-1UI\s0 and starts a session, for +This function takes a reference to a UI and starts a session, for example by opening a channel to a tty, or by creating a dialog box. .IP "a writer" 4 .IX Item "a writer" -This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 String, and writes +This function takes a reference to a UI and a UI String, and writes the string where appropriate, maybe to the tty, maybe added as a field label in a dialog box. -Note that this gets fed all strings associated with a \s-1UI,\s0 one after +Note that this gets fed all strings associated with a UI, one after the other, so care must be taken which ones it actually uses. .IP "a flusher" 4 .IX Item "a flusher" -This function takes a reference to a \s-1UI,\s0 and flushes everything that +This function takes a reference to a UI, and flushes everything that has been output so far. For example, if the method builds up a dialog box, this can be used to actually display it and accepting input ended with a pressed button. .IP "a reader" 4 .IX Item "a reader" -This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 string and reads off +This function takes a reference to a UI and a UI string and reads off the given prompt, maybe from the tty, maybe from a field in a dialog box. -Note that this gets fed all strings associated with a \s-1UI,\s0 one after +Note that this gets fed all strings associated with a UI, one after the other, so care must be taken which ones it actually uses. .IP "a closer" 4 .IX Item "a closer" -This function takes a reference to a \s-1UI,\s0 and closes the session, maybe +This function takes a reference to a UI, and closes the session, maybe by closing the channel to the tty, maybe by destroying a dialog box. .PP All of these functions are expected to return 0 on error, 1 on -success, or \-1 on out-off-band events, for example if some prompting -has been cancelled (by pressing Ctrl-C, for example). +success, or \-1 on out\-off\-band events, for example if some prompting +has been cancelled (by pressing Ctrl\-C, for example). Only the flusher or the reader are expected to return \-1. -If returned by another of the functions, it's treated as if 0 was +If returned by another of the functions, it\*(Aqs treated as if 0 was returned. .PP -Regarding the writer and the reader, don't assume the former should -only write and don't assume the latter should only read. +Regarding the writer and the reader, don\*(Aqt assume the former should +only write and don\*(Aqt assume the latter should only read. This depends on the needs of the method. .PP -For example, a typical tty reader wouldn't write the prompts in the +For example, a typical tty reader wouldn\*(Aqt write the prompts in the write, but would rather do so in the reader, because of the sequential nature of prompting on a tty. This is how the \fBUI_OpenSSL()\fR method does it. @@ -243,26 +168,26 @@ .PP The central function that uses these method functions is \fBUI_process()\fR, and it does it in five steps: -.IP "1." 4 -Open the session using the opener function if that one's defined. +.IP 1. 4 +Open the session using the opener function if that one\*(Aqs defined. If an error occurs, jump to 5. -.IP "2." 4 -For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the writer function -if that one's defined. +.IP 2. 4 +For every UI String associated with the UI, call the writer function +if that one\*(Aqs defined. If an error occurs, jump to 5. -.IP "3." 4 -Flush everything using the flusher function if that one's defined. +.IP 3. 4 +Flush everything using the flusher function if that one\*(Aqs defined. If an error occurs, jump to 5. -.IP "4." 4 -For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the reader function -if that one's defined. +.IP 4. 4 +For every UI String associated with the UI, call the reader function +if that one\*(Aqs defined. If an error occurs, jump to 5. -.IP "5." 4 -Close the session using the closer function if that one's defined. +.IP 5. 4 +Close the session using the closer function if that one\*(Aqs defined. .PP -\&\fBUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. +\&\fBUI_create_method()\fR creates a new UI method with a given \fBname\fR. .PP -\&\fBUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. +\&\fBUI_destroy_method()\fR destroys the given UI method \fBui_method\fR. .PP \&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, \&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR and @@ -276,7 +201,7 @@ See \fBUI_construct_prompt\fR\|(3). .PP \&\fBUI_method_set_ex_data()\fR sets application specific data with a given -\&\s-1EX_DATA\s0 index. +EX_DATA index. See \fBCRYPTO_get_ex_new_index\fR\|(3) for general information on how to get that index. .PP @@ -290,14 +215,14 @@ with \fBUI_method_set_ex_data()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on +\&\fBUI_create_method()\fR returns a UI_METHOD pointer on success, NULL on error. .PP \&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, \&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR, \&\fBUI_method_set_closer()\fR, \fBUI_method_set_data_duplicator()\fR and \&\fBUI_method_set_prompt_constructor()\fR -return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL.\s0 +return 0 on success, \-1 if the given \fBmethod\fR is NULL. .PP \&\fBUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because \&\fBCRYPTO_set_ex_data()\fR does so). @@ -306,23 +231,23 @@ \&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, \&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, \&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR -return the requested function pointer if it's set in the method, -otherwise \s-1NULL.\s0 +return the requested function pointer if it\*(Aqs set in the method, +otherwise NULL. .PP \&\fBUI_method_get_ex_data()\fR returns a pointer to the application specific data associated with the method. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBUI\s0\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \s-1\fBUI_STRING\s0\fR\|(3) -.SH "HISTORY" +\&\fBUI\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \fBUI_STRING\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/UI_new.3.orig +++ secure/lib/libcrypto/man/man3/UI_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "UI_NEW 3ossl" -.TH UI_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH UI_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, @@ -148,7 +73,7 @@ UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -202,65 +127,65 @@ \& UI_METHOD *UI_OpenSSL(void); \& const UI_METHOD *UI_null(void); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to -prompt the user for text-based information. Through user-written methods +UI stands for User Interface, and is general purpose set of routines to +prompt the user for text\-based information. Through user\-written methods (see \fBUI_create_method\fR\|(3)), prompting can be done in any way imaginable, be it plain text prompting, through dialog boxes or from a cell phone. .PP -All the functions work through a context of the type \s-1UI.\s0 This context +All the functions work through a context of the type UI. This context contains all the information needed to prompt correctly as well as a -reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that +reference to a UI_METHOD, which is an ordered vector of functions that carry out the actual prompting. .PP -The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR, +The first thing to do is to create a UI with \fBUI_new()\fR or \fBUI_new_method()\fR, then add information to it with the UI_add or UI_dup functions. Also, -user-defined random data can be passed down to the underlying method +user\-defined random data can be passed down to the underlying method through calls to \fBUI_add_user_data()\fR or \fBUI_dup_user_data()\fR. The default -\&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, +UI method doesn\*(Aqt care about these data, but other methods might. Finally, use \fBUI_process()\fR to actually perform the prompting and \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR to find the result to the prompt and its length. .PP -A \s-1UI\s0 can contain more than one prompt, which are performed in the given +A UI can contain more than one prompt, which are performed in the given sequence. Each prompt gets an index number which is returned by the UI_add and UI_dup functions, and has to be used to get the corresponding result with \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR. .PP -\&\fBUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing -a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. +\&\fBUI_process()\fR can be called more than once on the same UI, thereby allowing +a UI to have a long lifetime, but can just as well have a short lifetime. .PP The functions are as follows: .PP -\&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with -this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. +\&\fBUI_new()\fR creates a new UI using the default UI method. When done with +this UI, it should be freed using \fBUI_free()\fR. .PP -\&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with -this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. +\&\fBUI_new_method()\fR creates a new UI using the given UI method. When done with +this UI, it should be freed using \fBUI_free()\fR. .PP -\&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the +\&\fBUI_OpenSSL()\fR returns the built\-in UI method (note: not necessarily the default one, since the default can be changed. See further on). This method is the most machine/OS dependent part of OpenSSL and normally generates the most problems when porting. .PP -\&\fBUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid -getting internal defaults for passed \s-1UI_METHOD\s0 pointers. +\&\fBUI_null()\fR returns a UI method that does nothing. Its use is to avoid +getting internal defaults for passed UI_METHOD pointers. .PP -\&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory -that's connected to it, like duplicated input strings, results and others. -If \fBui\fR is \s-1NULL\s0 nothing is done. +\&\fBUI_free()\fR removes a UI from memory, along with all other pieces of memory +that\*(Aqs connected to it, like duplicated input strings, results and others. +If \fBui\fR is NULL nothing is done. .PP -\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 +\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the UI, as well as flags and a result buffer and the desired minimum and maximum -sizes of the result, not counting the final \s-1NUL\s0 character. The given +sizes of the result, not counting the final NUL character. The given information is used to prompt for information, for example a password, and to verify a password (i.e. having the user enter it twice and check that the same string was entered twice). \fBUI_add_verify_string()\fR takes and extra argument that should be a pointer to the result buffer of the -input string that it's supposed to verify, or verification will fail. +input string that it\*(Aqs supposed to verify, or verification will fail. .PP -\&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +\&\fBUI_add_input_boolean()\fR adds a prompt to the UI that\*(Aqs supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given as well. The prompt itself is divided in two, one part being the @@ -269,15 +194,15 @@ .PP \&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at the same time as the prompt for extra information or to show an error string. -The difference between the two is only conceptual. With the built-in method, -there's no technical difference between them. Other methods may make a +The difference between the two is only conceptual. With the built\-in method, +there\*(Aqs no technical difference between them. Other methods may make a difference between them, however. .PP -The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for +The flags currently supported are \fBUI_INPUT_FLAG_ECHO\fR, which is relevant for \&\fBUI_add_input_string()\fR and will have the users response be echoed (when prompting for a password, this flag should obviously not be used, and -\&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some -sort will be used (completely depending on the application and the \s-1UI\s0 +\&\fBUI_INPUT_FLAG_DEFAULT_PWD\fR, which means that a default password of some +sort will be used (completely depending on the application and the UI method). .PP \&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR, @@ -287,29 +212,29 @@ .PP \&\fBUI_construct_prompt()\fR is a helper function that can be used to create a prompt from two pieces of information: a phrase description \fIphrase_desc\fR -and an object name \fIobject_name\fR, where the latter may be \s-1NULL.\s0 +and an object name \fIobject_name\fR, where the latter may be NULL. The default constructor (if there is none provided by the method used) -creates a string "Enter \fIphrase_desc\fR for \fIobject_name\fR:\*(L" -where the \*(R" for \fIobject_name\fR" part is left out if \fIobject_name\fR is \s-1NULL.\s0 -With the description \*(L"pass phrase\*(R" and the filename \*(L"foo.key\*(R", that becomes -\&\*(L"Enter pass phrase for foo.key:\*(R". Other methods may create whatever +creates a string "Enter \fIphrase_desc\fR for \fIobject_name\fR:" +where the " for \fIobject_name\fR" part is left out if \fIobject_name\fR is NULL. +With the description "pass phrase" and the filename "foo.key", that becomes +"Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions. .PP \&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any -time. The built-in \s-1UI\s0 method doesn't care about this info. Note that several -calls to this function doesn't add data, it replaces the previous blob +time. The built\-in UI method doesn\*(Aqt care about this info. Note that several +calls to this function doesn\*(Aqt add data, it replaces the previous blob with the one given as argument. .PP \&\fBUI_dup_user_data()\fR duplicates the user data and works as an alternative to \fBUI_add_user_data()\fR when the user data needs to be preserved for a longer -duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes +duration, perhaps even the lifetime of the application. The UI object takes ownership of this duplicate and will free it whenever it gets replaced or -the \s-1UI\s0 is destroyed. \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory -allocation failure or if the method doesn't have a duplicator function. +the UI is destroyed. \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory +allocation failure or if the method doesn\*(Aqt have a duplicator function. .PP \&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the -\&\s-1UI\s0 with \fBUI_add_user_data()\fR or UI_dup_user_data. +UI with \fBUI_add_user_data()\fR or UI_dup_user_data. .PP \&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with the information indexed by \fIi\fR. @@ -318,37 +243,37 @@ the information indexed by \fIi\fR. .PP \&\fBUI_process()\fR goes through the information given so far, does all the printing -and prompting and returns the final status, which is \-2 on out-of-band events +and prompting and returns the final status, which is \-2 on out\-of\-band events (Interrupt, Cancel, ...), \-1 on error and 0 on success. .PP \&\fBUI_ctrl()\fR adds extra control for the application author. For now, it -understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fBUI_process()\fR -print the OpenSSL error stack as part of processing the \s-1UI,\s0 and -\&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can +understands two commands: \fBUI_CTRL_PRINT_ERRORS\fR, which makes \fBUI_process()\fR +print the OpenSSL error stack as part of processing the UI, and +\&\fBUI_CTRL_IS_REDOABLE\fR, which returns a flag saying if the used UI can be used again or not. .PP -\&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. -This function is not thread-safe and should not be called at the same time +\&\fBUI_set_default_method()\fR changes the default UI method to the one given. +This function is not thread\-safe and should not be called at the same time as other OpenSSL functions. .PP -\&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +\&\fBUI_get_default_method()\fR returns a pointer to the current default UI method. .PP -\&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 +\&\fBUI_get_method()\fR returns the UI method associated with a given UI. .PP -\&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 -.SH "NOTES" +\&\fBUI_set_method()\fR changes the UI method associated with a given UI. +.SH NOTES .IX Header "NOTES" The resulting strings that the built in method \fBUI_OpenSSL()\fR generate are assumed to be encoded according to the current locale or (for Windows) code page. For applications having different demands, these strings need to be converted appropriately by the caller. -For Windows, if the \fB\s-1OPENSSL_WIN32_UTF8\s0\fR environment variable is set, -the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings +For Windows, if the \fBOPENSSL_WIN32_UTF8\fR environment variable is set, +the built\-in method \fBUI_OpenSSL()\fR will produce UTF\-8 encoded strings instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error +\&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fBUI\fR structure or NULL if an error occurred. .PP \&\fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \fBUI_add_verify_string()\fR, @@ -357,11 +282,11 @@ and \fBUI_dup_error_string()\fR return a positive number on success or a value which is less than or equal to 0 otherwise. .PP -\&\fBUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. +\&\fBUI_construct_prompt()\fR returns a string or NULL if an error occurred. .PP \&\fBUI_dup_user_data()\fR returns 0 on success or \-1 on error. .PP -\&\fBUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. +\&\fBUI_get0_result()\fR returns a string or NULL on error. .PP \&\fBUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it returns \-1 on error. @@ -371,16 +296,16 @@ \&\fBUI_ctrl()\fR returns a mask on success or \-1 on error. .PP \&\fBUI_get_default_method()\fR, \fBUI_get_method()\fR, \fBUI_OpenSSL()\fR, \fBUI_null()\fR and -\&\fBUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +\&\fBUI_set_method()\fR return either a valid \fBUI_METHOD\fR structure or NULL respectively. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509V3_get_d2i.3.orig +++ secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509V3_GET_D2I 3ossl" -.TH X509V3_GET_D2I 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509V3_GET_D2I 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d, X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions \- X509 extension decode and encode functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -174,48 +99,48 @@ \& const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); \& const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBX509V3_get_d2i()\fR looks for an extension with \s-1OID\s0 \fInid\fR in the extensions -\&\fIx\fR and, if found, decodes it. If \fIidx\fR is \s-1NULL\s0 then only one +\&\fBX509V3_get_d2i()\fR looks for an extension with OID \fInid\fR in the extensions +\&\fIx\fR and, if found, decodes it. If \fIidx\fR is NULL then only one occurrence of an extension is permissible, otherwise the first extension after index \fI*idx\fR is returned and \fI*idx\fR updated to the location of the extension. -If \fIcrit\fR is not \s-1NULL\s0 then \fI*crit\fR is set to a status value: \-2 if the -extension occurs multiple times (this is only returned if \fIidx\fR is \s-1NULL\s0), +If \fIcrit\fR is not NULL then \fI*crit\fR is set to a status value: \-2 if the +extension occurs multiple times (this is only returned if \fIidx\fR is NULL), \&\-1 if the extension could not be found, 0 if the extension is found and is not critical and 1 if critical. A pointer to an extension specific structure -or \s-1NULL\s0 is returned. +or NULL is returned. .PP -\&\fBX509V3_add1_i2d()\fR adds extension \fIvalue\fR to \s-1STACK\s0 \fI*x\fR (allocating a new -\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fInid\fR and criticality \fIcrit\fR according +\&\fBX509V3_add1_i2d()\fR adds extension \fIvalue\fR to STACK \fI*x\fR (allocating a new +STACK if necessary) using OID \fInid\fR and criticality \fIcrit\fR according to \fIflags\fR. .PP -\&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension -\&\fIext\fR and returns a pointer to an extension specific structure or \s-1NULL\s0 +\&\fBX509V3_EXT_d2i()\fR attempts to decode the ASN.1 data contained in extension +\&\fIext\fR and returns a pointer to an extension specific structure or NULL if the extension could not be decoded (invalid syntax or not supported). .PP \&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fIext_struc\fR -with \s-1OID\s0 \fIext_nid\fR and criticality \fIcrit\fR. +with OID \fIext_nid\fR and criticality \fIcrit\fR. .PP \&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of certificate \fIx\fR. They are otherwise identical to \fBX509V3_get_d2i()\fR and \&\fBX509V3_add1_i2d()\fR. .PP \&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions -of \s-1CRL\s0 \fIcrl\fR. They are otherwise identical to \fBX509V3_get_d2i()\fR and +of CRL \fIcrl\fR. They are otherwise identical to \fBX509V3_get_d2i()\fR and \&\fBX509V3_add1_i2d()\fR. .PP \&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the -extensions of \fBX509_REVOKED\fR structure \fIr\fR (i.e for \s-1CRL\s0 entry extensions). +extensions of \fBX509_REVOKED\fR structure \fIr\fR (i.e for CRL entry extensions). They are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add1_i2d()\fR. .PP \&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and -\&\fBX509_REVOKED_get0_extensions()\fR return a \s-1STACK\s0 of all the extensions -of a certificate, a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. -.SH "NOTES" +\&\fBX509_REVOKED_get0_extensions()\fR return a STACK of all the extensions +of a certificate, a CRL or a CRL entry respectively. +.SH NOTES .IX Header "NOTES" In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore, the \fIidx\fR parameter is usually \s-1NULL.\s0 +occurrences is an error. Therefore, the \fIidx\fR parameter is usually NULL. .PP The \fIflags\fR parameter may be one of the following values. .PP @@ -241,21 +166,22 @@ will not be added to the error queue. .PP The function \fBX509V3_get_d2i()\fR and its variants -will return \s-1NULL\s0 if the extension is not +will return NULL if the extension is not found, occurs multiple times or cannot be decoded. It is possible to determine the precise reason by checking the value of \fI*crit\fR. +The returned pointer must be explicitly freed. .PP The function \fBX509V3_add1_i2d()\fR and its variants allocate \fBX509_EXTENSION\fR -objects on \s-1STACK\s0 \fI*x\fR depending on \fIflags\fR. The \fBX509_EXTENSION\fR objects +objects on STACK \fI*x\fR depending on \fIflags\fR. The \fBX509_EXTENSION\fR objects must be explicitly freed using \fBX509_EXTENSION_free()\fR. .SH "SUPPORTED EXTENSIONS" .IX Header "SUPPORTED EXTENSIONS" The following sections contain a list of all supported extensions -including their name and \s-1NID.\s0 -.SS "\s-1PKIX\s0 Certificate Extensions" +including their name and NID. +.SS "PKIX Certificate Extensions" .IX Subsection "PKIX Certificate Extensions" -The following certificate extensions are defined in \s-1PKIX\s0 standards such as -\&\s-1RFC5280.\s0 +The following certificate extensions are defined in PKIX standards such as +RFC5280. .PP .Vb 3 \& Basic Constraints NID_basic_constraints @@ -302,9 +228,9 @@ \& Strong Extranet ID NID_sxnet \& Proxy Certificate Information NID_proxyCertInfo .Ve -.SS "\s-1PKIX CRL\s0 Extensions" +.SS "PKIX CRL Extensions" .IX Subsection "PKIX CRL Extensions" -The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 +The following are CRL extensions from PKIX standards such as RFC5280. .PP .Vb 6 \& CRL Number NID_crl_number @@ -315,13 +241,13 @@ \& Issuing Distribution Point NID_issuing_distribution_point .Ve .PP -The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 +The following are CRL entry extensions from PKIX standards such as RFC5280. .PP .Vb 2 \& CRL Reason Code NID_crl_reason \& Certificate Issuer NID_certificate_issuer .Ve -.SS "\s-1OCSP\s0 Extensions" +.SS "OCSP Extensions" .IX Subsection "OCSP Extensions" .Vb 7 \& OCSP Nonce NID_id_pkix_OCSP_Nonce @@ -334,7 +260,7 @@ .Ve .SS "Certificate Transparency Extensions" .IX Subsection "Certificate Transparency Extensions" -The following extensions are used by certificate transparency, \s-1RFC6962\s0 +The following extensions are used by certificate transparency, RFC6962 .PP .Vb 2 \& CT Precertificate SCTs NID_ct_precert_scts @@ -343,19 +269,19 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509V3_get_d2i()\fR, its variants, and \fBX509V3_EXT_d2i()\fR return -a pointer to an extension specific structure or \s-1NULL\s0 if an error occurs. +a pointer to an extension specific structure or NULL if an error occurs. .PP \&\fBX509V3_add1_i2d()\fR and its variants return 1 if the operation is successful -and 0 if it fails due to a non-fatal error (extension not found, already exists, +and 0 if it fails due to a non\-fatal error (extension not found, already exists, cannot be encoded) or \-1 due to a fatal error such as a memory allocation failure. .PP \&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure -or \s-1NULL\s0 if an error occurs. +or NULL if an error occurs. .PP \&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and \&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return -\&\s-1NULL\s0 if no extensions are present. +NULL if no extensions are present. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), @@ -374,11 +300,11 @@ \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509V3_set_ctx.3.orig +++ secure/lib/libcrypto/man/man3/X509V3_set_ctx.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509V3_SET_CTX 3ossl" -.TH X509V3_SET_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509V3_SET_CTX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509V3_set_ctx, X509V3_set_issuer_pkey \- X.509 v3 extension generation utilities -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,7 +75,7 @@ \& X509_REQ *req, X509_CRL *crl, int flags); \& int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509V3_set_ctx()\fR fills in the basic fields of \fIctx\fR of type \fBX509V3_CTX\fR, providing details potentially needed by functions producing X509 v3 extensions, @@ -160,39 +85,38 @@ When constructing the subject key identifier of a certificate by computing a hash value of its public key, the public key is taken from \fIsubject\fR or \fIreq\fR. Similarly, when constructing subject alternative names from any email addresses -contained in a subject \s-1DN,\s0 the subject \s-1DN\s0 is taken from \fIsubject\fR or \fIreq\fR. +contained in a subject DN, the subject DN is taken from \fIsubject\fR or \fIreq\fR. If \fIsubject\fR or \fIcrl\fR is provided, \fIissuer\fR should point to its issuer, for instance to help generating an authority key identifier extension. Note that if \fIsubject\fR is provided, \fIissuer\fR may be the same as \fIsubject\fR, -which means that \fIsubject\fR is self-issued (or even self-signed). +which means that \fIsubject\fR is self\-issued (or even self\-signed). \&\fIflags\fR may be 0 or contain \fBX509V3_CTX_TEST\fR, which means that just the syntax of extension definitions is to be checked without actually producing an extension, or \fBX509V3_CTX_REPLACE\fR, which means that each X.509v3 extension added as defined in some configuration section shall replace any already existing -extension with the same \s-1OID.\s0 +extension with the same OID. .PP \&\fBX509V3_set_issuer_pkey()\fR explicitly sets the issuer private key of the certificate that has been provided in \fIctx\fR. -This should be done for self-issued certificates (which may be self-signed +This should be done for self\-issued certificates (which may be self\-signed or not) to provide fallback data for the authority key identifier extension. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509V3_set_ctx()\fR and \fBX509V3_set_issuer_pkey()\fR -return 1 on success and 0 on error. +\&\fBX509V3_set_issuer_pkey()\fR returns 1 on success and 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_add_ext\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBX509V3_set_issuer_pkey()\fR was added in OpenSSL 3.0. .PP -\&\s-1CTX_TEST\s0 was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. -.SH "COPYRIGHT" +CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3.orig +++ secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_ALGOR_DUP 3ossl" -.TH X509_ALGOR_DUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_ALGOR_DUP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy \- AlgorithmIdentifier functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,19 +78,19 @@ \& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); \& int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. .PP -\&\fBX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the +\&\fBX509_ALGOR_set0()\fR sets the algorithm OID of \fBalg\fR to \fBaobj\fR and the associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is \&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fBASN1_TYPE_set()\fR. -All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after +All the supplied parameters are used internally so must \fBNOT\fR be freed after this call. .PP \&\fBX509_ALGOR_get0()\fR is the inverse of \fBX509_ALGOR_set0()\fR: it returns the -algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR +algorithm OID in \fB*paobj\fR and the associated parameter in \fB*pptype\fR and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. .PP \&\fBX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate @@ -178,7 +103,7 @@ a duplicate of each (and free any thing pointed to from within *dest). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error +\&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or NULL if an error occurred. .PP \&\fBX509_ALGOR_set0()\fR and \fBX509_ALGOR_copy()\fR return 1 on success or 0 on error. @@ -187,14 +112,14 @@ .PP \&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and nonzero otherwise. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_ALGOR_copy()\fR was added in 1.1.1e. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- /dev/null +++ secure/lib/libcrypto/man/man3/X509_ATTRIBUTE.3 @@ -0,0 +1,324 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "X509_ATTRIBUTE 3ossl" +.TH X509_ATTRIBUTE 3ossl 2026-04-07 3.0.20 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +X509_ATTRIBUTE, X509at_get_attr, +X509at_get_attr_count, X509at_get_attr_by_NID, X509at_get_attr_by_OBJ, +X509at_delete_attr, +X509at_add1_attr, +X509at_add1_attr_by_OBJ, X509at_add1_attr_by_NID, X509at_add1_attr_by_txt, +X509at_get0_data_by_OBJ, +X509_ATTRIBUTE_create, X509_ATTRIBUTE_create_by_NID, +X509_ATTRIBUTE_create_by_OBJ, X509_ATTRIBUTE_create_by_txt, +X509_ATTRIBUTE_set1_object, X509_ATTRIBUTE_set1_data, +X509_ATTRIBUTE_count, +X509_ATTRIBUTE_get0_data, X509_ATTRIBUTE_get0_object, X509_ATTRIBUTE_get0_type +\&\- X509 attribute functions +.SH SYNOPSIS +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct x509_attributes_st X509_ATTRIBUTE; +\& +\& int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +\& int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, +\& int lastpos); +\& int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, +\& const ASN1_OBJECT *obj, int lastpos); +\& X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +\& X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +\& STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, +\& X509_ATTRIBUTE *attr); +\& STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) +\& **x, const ASN1_OBJECT *obj, +\& int type, +\& const unsigned char *bytes, +\& int len); +\& STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) +\& **x, int nid, int type, +\& const unsigned char *bytes, +\& int len); +\& STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) +\& **x, const char *attrname, +\& int type, +\& const unsigned char *bytes, +\& int len); +\& void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, +\& const ASN1_OBJECT *obj, int lastpos, int type); +\& X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); +\& X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, +\& int atrtype, const void *data, +\& int len); +\& X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, +\& const ASN1_OBJECT *obj, +\& int atrtype, const void *data, +\& int len); +\& X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, +\& const char *atrname, int type, +\& const unsigned char *bytes, +\& int len); +\& int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +\& int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, +\& const void *data, int len); +\& void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, +\& void *data); +\& int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +\& ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +\& ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); +.Ve +.SH DESCRIPTION +.IX Header "DESCRIPTION" +\&\fBX509_ATTRIBUTE\fR objects are used by many standards including X509, X509_REQ, +PKCS12, PKCS8, PKCS7 and CMS. +.PP +The \fBX509_ATTRIBUTE\fR object is used to represent the ASN.1 Attribute as defined +in RFC 5280, i.e. +.PP +.Vb 3 +\& Attribute ::= SEQUENCE { +\& type AttributeType, +\& values SET OF AttributeValue } +\& +\& AttributeType ::= OBJECT IDENTIFIER +\& AttributeValue ::= ANY \-\- DEFINED BY AttributeType +.Ve +.PP +For example CMS defines the signing\-time attribute as: +.PP +.Vb 2 +\& id\-signingTime OBJECT IDENTIFIER ::= { iso(1) member\-body(2) +\& us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } +\& +\& SigningTime ::= Time +\& +\& Time ::= CHOICE { +\& utcTime UTCTime, +\& generalizedTime GeneralizedTime } +.Ve +.PP +In OpenSSL \fBAttributeType\fR maps to an \fBASN1_OBJECT\fR object +and \fBAttributeValue\fR maps to a list of \fBASN1_TYPE\fR objects. +.PP +The following functions are used for \fBX509_ATTRIBUTE\fR objects. +.PP +\&\fBX509at_get_attr_by_OBJ()\fR finds the location of the first matching object \fIobj\fR +in a list of attributes \fIsk\fR. The search starts at the position after \fIlastpos\fR. +If the returned value is positive then it can be used on the next call to +\&\fBX509at_get_attr_by_OBJ()\fR as the value of \fIlastpos\fR in order to iterate through +the remaining attributes. \fIlastpos\fR can be set to any negative value on the +first call, in order to start searching from the start of the list. +.PP +\&\fBX509at_get_attr_by_NID()\fR is similar to \fBX509at_get_attr_by_OBJ()\fR except that it +passes the numerical identifier (NID) \fInid\fR associated with the object. +See for a list of NID_*. +.PP +\&\fBX509at_get_attr()\fR returns the \fBX509_ATTRIBUTE\fR object at index \fIloc\fR in the +list of attributes \fIx\fR. \fIloc\fR should be in the range from 0 to +\&\fBX509at_get_attr_count()\fR \- 1. +.PP +\&\fBX509at_delete_attr()\fR removes the \fBX509_ATTRIBUTE\fR object at index \fIloc\fR in +the list of attributes \fIx\fR. +.PP +\&\fBX509at_add1_attr()\fR pushes a copy of the passed in \fBX509_ATTRIBUTE\fR object +to the list \fIx\fR. +Both \fIx\fR and \fIattr\fR must be non NULL or an error will occur. +If \fI*x\fR is NULL then a new list is created, otherwise it uses the +passed in list. An error will occur if an existing attribute (with the same +attribute type) already exists in the attribute list. +.PP +\&\fBX509at_add1_attr_by_OBJ()\fR creates a new \fBX509_ATTRIBUTE\fR using +\&\fBX509_ATTRIBUTE_set1_object()\fR and \fBX509_ATTRIBUTE_set1_data()\fR to assign a new +\&\fIobj\fR with type \fItype\fR and data \fIbytes\fR of length \fIlen\fR and then pushes it +to the attribute list \fIx\fR. Both \fIx\fR and \fIattr\fR must be non NULL or an error +will occur. If \fI*x\fR is NULL then a new attribute list is created. If \fIobj\fR +already exists in the attribute list then an error occurs. +.PP +\&\fBX509at_add1_attr_by_NID()\fR is similar to \fBX509at_add1_attr_by_OBJ()\fR except that it +passes the numerical identifier (NID) \fInid\fR associated with the object. +See for a list of NID_*. +.PP +\&\fBX509at_add1_attr_by_txt()\fR is similar to \fBX509at_add1_attr_by_OBJ()\fR except that it +passes a name \fIattrname\fR associated with the object. +See for a list of SN_* names. +.PP +\&\fBX509_ATTRIBUTE_set1_object()\fR assigns a \fBASN1_OBJECT\fR \fIobj\fR +to the attribute \fIattr\fR. If \fIattr\fR contained an existing \fBASN1_OBJECT\fR then +it is freed. An error occurs if either \fIattr\fR or \fIobj\fR are NULL, or if +the passed in \fIobj\fR cannot be duplicated. +.PP +\&\fBX509_ATTRIBUTE_set1_data()\fR pushes a new \fBASN1_TYPE\fR object onto the \fIattr\fR +attributes list. The new object is assigned a copy of the data in \fIdata\fR of +size \fIlen\fR. +If \fIattrtype\fR has flag \fIMBSTRING_FLAG\fR set then a table lookup using the +\&\fIattr\fR attributes NID is used to set an \fBASN1_STRING\fR using +\&\fBASN1_STRING_set_by_NID()\fR, and the passed in \fIdata\fR must be in the format +required for that object type or an error will occur. +If \fIlen\fR is not \-1 then internally \fBASN1_STRING_type_new()\fR is +used with the passed in \fIattrtype\fR. +If \fIattrtype\fR is 0 the call does nothing except return 1. +.PP +\&\fBX509_ATTRIBUTE_create()\fR creates a new \fBX509_ATTRIBUTE\fR using the \fInid\fR +to set the \fBASN1_OBJECT\fR OID and the \fIatrtype\fR and \fIvalue\fR to set the +\&\fBASN1_TYPE\fR. +.PP +\&\fBX509_ATTRIBUTE_create_by_OBJ()\fR uses \fBX509_ATTRIBUTE_set1_object()\fR and +\&\fBX509_ATTRIBUTE_set1_data()\fR to assign a new \fIobj\fR with type \fIatrtype\fR and +data \fIdata\fR of length \fIlen\fR. If the passed in attribute \fIattr\fR OR \fI*attr\fR is +NULL then a new \fBX509_ATTRIBUTE\fR will be returned, otherwise the passed in +\&\fBX509_ATTRIBUTE\fR is used. Note that the ASN1_OBJECT \fIobj\fR is pushed onto the +attributes existing list of objects, which could be an issue if the attributes + was different. +.PP +\&\fBX509_ATTRIBUTE_create_by_NID()\fR is similar to \fBX509_ATTRIBUTE_create_by_OBJ()\fR +except that it passes the numerical identifier (NID) \fInid\fR associated with the +object. See for a list of NID_*. +.PP +\&\fBX509_ATTRIBUTE_create_by_txt()\fR is similar to \fBX509_ATTRIBUTE_create_by_OBJ()\fR +except that it passes a name \fIatrname\fR associated with the +object. See for a list of SN_* names. +.PP +\&\fBX509_ATTRIBUTE_count()\fR returns the number of \fBASN1_TYPE\fR objects in an +attribute \fIattr\fR. +.PP +\&\fBX509_ATTRIBUTE_get0_type()\fR returns the \fBASN1_TYPE\fR object at index \fIidx\fR in +the attribute list \fIattr\fR. \fIidx\fR should be in the +range of 0 to \fBX509_ATTRIBUTE_count()\fR \- 1 or an error will occur. +.PP +\&\fBX509_ATTRIBUTE_get0_data()\fR returns the data of an \fBASN1_TYPE\fR object at +index \fIidx\fR in the attribute \fIattr\fR. \fIdata\fR is unused and can be set to NULL. +An error will occur if the attribute type \fIatrtype\fR does not match the type of +the \fBASN1_TYPE\fR object at index \fIidx\fR OR if \fIatrtype\fR is either +\&\fBV_ASN1_BOOLEAN\fR or \fBV_ASN1_NULL\fR OR if the \fIidx\fR is not in the +range 0 to \fBX509_ATTRIBUTE_count()\fR \- 1. +.PP +\&\fBX509at_get0_data_by_OBJ()\fR finds the first attribute in an attribute list \fIx\fR +that matches the \fIobj\fR starting at index \fIlastpos\fR and returns the data +retrieved from the found attributes first \fBASN1_TYPE\fR object. An error will +occur if the attribute type \fItype\fR does not match the type of the \fBASN1_TYPE\fR +object OR if \fItype\fR is either \fBV_ASN1_BOOLEAN\fR or \fBV_ASN1_NULL\fR OR the +attribute is not found. +If \fIlastpos\fR is less than \-1 then an error will occur if there are multiple +objects in the list \fIx\fR that match \fIobj\fR. +If \fIlastpos\fR is less than \-2 then an error will occur if there is more than +one \fBASN1_TYPE\fR object in the found attribute. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509at_get_attr_count()\fR returns the number of attributes in the list \fIx\fR or \-1 +if \fIx\fR is NULL. +.PP +\&\fBX509at_get_attr_by_OBJ()\fR returns \-1 if either the list is empty OR the object +is not found, otherwise it returns the location of the object in the list. +.PP +\&\fBX509at_get_attr_by_NID()\fR is similar to \fBX509at_get_attr_by_OBJ()\fR, except that +it returns \-2 if the \fInid\fR is not known by OpenSSL. +.PP +\&\fBX509at_get_attr()\fR returns either an \fBX509_ATTRIBUTE\fR or NULL if there is a error. +.PP +\&\fBX509at_delete_attr()\fR returns either the removed \fBX509_ATTRIBUTE\fR or NULL if +there is a error. +.PP +\&\fBX509_ATTRIBUTE_count()\fR returns \-1 on error, otherwise it returns the number +of \fBASN1_TYPE\fR elements. +.PP +\&\fBX509_ATTRIBUTE_get0_type()\fR returns NULL on error, otherwise it returns a +\&\fBASN1_TYPE\fR object. +.PP +\&\fBX509_ATTRIBUTE_get0_data()\fR returns NULL if an error occurs, +otherwise it returns the data associated with an \fBASN1_TYPE\fR object. +.PP +\&\fBX509_ATTRIBUTE_set1_object()\fR and \fBX509_ATTRIBUTE_set1_data()\fR returns 1 on +success, or 0 otherwise. +.PP +\&\fBX509_ATTRIBUTE_create()\fR, \fBX509_ATTRIBUTE_create_by_OBJ()\fR, +\&\fBX509_ATTRIBUTE_create_by_NID()\fR and \fBX509_ATTRIBUTE_create_by_txt()\fR return either +a \fBX509_ATTRIBUTE\fR on success, or NULL if there is a error. +.PP +\&\fBX509at_add1_attr()\fR, \fBX509at_add1_attr_by_OBJ()\fR, \fBX509at_add1_attr_by_NID()\fR and +\&\fBX509at_add1_attr_by_txt()\fR return NULL on error, otherwise they return a list +of \fBX509_ATTRIBUTE\fR. +.PP +\&\fBX509at_get0_data_by_OBJ()\fR returns the data retrieved from the found attributes +first \fBASN1_TYPE\fR object, or NULL if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBASN1_TYPE_get\fR\|(3), +\&\fBASN1_INTEGER_get\fR\|(3), +\&\fBASN1_ENUMERATED_get\fR\|(3), +\&\fBASN1_STRING_get0_data\fR\|(3), +\&\fBASN1_STRING_length\fR\|(3), +\&\fBASN1_STRING_type\fR\|(3), +\&\fBX509_REQ_get_attr\fR\|(3), +\&\fBEVP_PKEY_get_attr\fR\|(3), +\&\fBCMS_signed_get_attr\fR\|(3), +\&\fBPKCS8_pkey_get0_attrs\fR\|(3), +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2023\-2024 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +. --- secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3.orig +++ secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_CRL_GET0_BY_SERIAL 3ossl" -.TH X509_CRL_GET0_BY_SERIAL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_CRL_GET0_BY_SERIAL 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,17 +90,17 @@ \& \& int X509_CRL_sort(X509_CRL *crl); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fIcrl\fR for serial number \fIserial\fR. If it is successful, it sets \fI*ret\fR to the internal -pointer of the matching entry. As a result, \fI*ret\fR \fB\s-1MUST NOT\s0\fR be freed +pointer of the matching entry. As a result, \fI*ret\fR \fBMUST NOT\fR be freed after the call. .PP \&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it looks for a revoked entry using the serial number of certificate \fIx\fR. .PP -\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a \s-1STACK\s0 of all +\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a STACK of all revoked entries for \fIcrl\fR. .PP \&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the @@ -192,13 +117,13 @@ \&\fItm\fR. The supplied \fItm\fR pointer is not used internally so it should be freed after use. .PP -\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fIrev\fR to \s-1CRL\s0 \fIcrl\fR. The -pointer \fIrev\fR is used internally so it \fB\s-1MUST NOT\s0\fR be freed after the call: -it is freed when the parent \s-1CRL\s0 is freed. +\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fIrev\fR to CRL \fIcrl\fR. The +pointer \fIrev\fR is used internally so it \fBMUST NOT\fR be freed after the call: +it is freed when the parent CRL is freed. .PP \&\fBX509_CRL_sort()\fR sorts the revoked entries of \fIcrl\fR into ascending serial number order. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Applications can determine the number of revoked entries returned by \&\fBX509_CRL_get_REVOKED()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one @@ -209,11 +134,11 @@ 1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), in which case 2 is returned. .PP -\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. +\&\fBX509_CRL_get_REVOKED()\fR returns a STACK of revoked entries. .PP -\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR structure. +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fBASN1_INTEGER\fR structure. .PP -\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR structure. +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fBASN1_TIME\fR structure. .PP \&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, \&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for @@ -236,11 +161,11 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3.orig +++ secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_EXTENSION_SET_OBJECT 3ossl" -.TH X509_EXTENSION_SET_OBJECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_EXTENSION_SET_OBJECT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 3 \& int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); @@ -162,13 +87,13 @@ \& int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); \& ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The \&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. .PP \&\fBX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If -\&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. +\&\fBcrit\fR is zero the extension in non\-critical otherwise it is critical. .PP \&\fBX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The \&\fBdata\fR pointer is duplicated internally. @@ -176,22 +101,22 @@ \&\fBX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR -should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must +should either be \fBNULL\fR or a valid \fBX509_EXTENSION\fR structure it must \&\fBnot\fR be an uninitialised pointer. .PP \&\fBX509_EXTENSION_create_by_OBJ()\fR is identical to \fBX509_EXTENSION_create_by_NID()\fR -except it creates and extension using \fBobj\fR instead of a \s-1NID.\s0 +except it creates and extension using \fBobj\fR instead of a NID. .PP \&\fBX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an -\&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must +\&\fBASN1_OBJECT\fR pointer. The returned pointer is an internal value which must not be freed up. .PP \&\fBX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it -returns \fB1\fR for critical and \fB0\fR for non-critical. +returns \fB1\fR for critical and \fB0\fR for non\-critical. .PP \&\fBX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned pointer is an internal value which must not be freed up. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions manipulate the contents of an extension directly. Most applications will want to parse or encode and add an extension: they should @@ -199,29 +124,29 @@ \&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. .PP The \fBdata\fR associated with an extension is the extension encoding in an -\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. +\&\fBASN1_OCTET_STRING\fR structure. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_EXTENSION_set_object()\fR \fBX509_EXTENSION_set_critical()\fR and \&\fBX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. .PP \&\fBX509_EXTENSION_create_by_NID()\fR and \fBX509_EXTENSION_create_by_OBJ()\fR return -an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +an \fBX509_EXTENSION\fR pointer or \fBNULL\fR if an error occurs. .PP -\&\fBX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. +\&\fBX509_EXTENSION_get_object()\fR returns an \fBASN1_OBJECT\fR pointer. .PP -\&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for +\&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non\-critical and \fB1\fR for critical. .PP -\&\fBX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. +\&\fBX509_EXTENSION_get_data()\fR returns an \fBASN1_OCTET_STRING\fR pointer. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509V3_get_d2i\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_LOOKUP.3.orig +++ secure/lib/libcrypto/man/man3/X509_LOOKUP.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_LOOKUP 3ossl" -.TH X509_LOOKUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_LOOKUP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, X509_LOOKUP_shutdown, @@ -153,7 +78,7 @@ X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, X509_LOOKUP_by_alias \&\- OpenSSL certificate lookup mechanisms -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -203,7 +128,7 @@ \& int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, \& const char *str, int len, X509_OBJECT *ret); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBX509_LOOKUP\fR structure holds the information needed to look up certificates and CRLs according to an associated \fBX509_LOOKUP_METHOD\fR\|(3). @@ -222,6 +147,7 @@ the given \fBX509_LOOKUP\fR. .PP \&\fBX509_LOOKUP_free()\fR destructs the given \fBX509_LOOKUP\fR. +If the argument is NULL, nothing is done. .PP \&\fBX509_LOOKUP_set_method_data()\fR and \fBX509_LOOKUP_get_method_data()\fR associates and retrieves a pointer to application data to and from the @@ -236,10 +162,10 @@ control command. In general, this function is not called directly, but wrapped by a macro call, see below. The control \fIcmd\fRs known to OpenSSL are discussed in more depth -in \*(L"Control Commands\*(R". +in "Control Commands". .PP \&\fBX509_LOOKUP_ctrl()\fR is similar to \fBX509_LOOKUP_ctrl_ex()\fR but -uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP \&\fBX509_LOOKUP_load_file_ex()\fR passes a filename to be loaded immediately into the associated \fBX509_STORE\fR. The library context \fIlibctx\fR and property @@ -249,7 +175,7 @@ \&\fBX509_LOOKUP_file\fR\|(3). .PP \&\fBX509_LOOKUP_load_file()\fR is similar to \fBX509_LOOKUP_load_file_ex()\fR but -uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP \&\fBX509_LOOKUP_add_dir()\fR passes a directory specification from which certificates and CRLs are loaded on demand into the associated @@ -258,15 +184,15 @@ This can only be used with a lookup using the implementation \&\fBX509_LOOKUP_hash_dir\fR\|(3). .PP -\&\fBX509_LOOKUP_add_store_ex()\fR passes a \s-1URI\s0 for a directory-like structure +\&\fBX509_LOOKUP_add_store_ex()\fR passes a URI for a directory\-like structure from which containers with certificates and CRLs are loaded on demand into the associated \fBX509_STORE\fR. The library context \fIlibctx\fR and property query \fIpropq\fR are used when fetching algorithms from providers. .PP \&\fBX509_LOOKUP_add_store()\fR is similar to \fBX509_LOOKUP_add_store_ex()\fR but -uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP -\&\fBX509_LOOKUP_load_store_ex()\fR passes a \s-1URI\s0 for a single container from +\&\fBX509_LOOKUP_load_store_ex()\fR passes a URI for a single container from which certificates and CRLs are immediately loaded into the associated \&\fBX509_STORE\fR. The library context \fIlibctx\fR and property query \fIpropq\fR are used when fetching algorithms from providers. @@ -274,7 +200,7 @@ implementation \fBX509_LOOKUP_store\fR\|(3). .PP \&\fBX509_LOOKUP_load_store()\fR is similar to \fBX509_LOOKUP_load_store_ex()\fR but -uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP \&\fBX509_LOOKUP_load_file_ex()\fR, \fBX509_LOOKUP_load_file()\fR, \&\fBX509_LOOKUP_add_dir()\fR, @@ -294,56 +220,56 @@ .IX Subsection "Control Commands" The \fBX509_LOOKUP_METHOD\fRs built into OpenSSL recognize the following \&\fBX509_LOOKUP_ctrl()\fR \fIcmd\fRs: -.IP "\fBX509_L_FILE_LOAD\fR" 4 +.IP \fBX509_L_FILE_LOAD\fR 4 .IX Item "X509_L_FILE_LOAD" This is the command that \fBX509_LOOKUP_load_file_ex()\fR and \&\fBX509_LOOKUP_load_file()\fR use. The filename is passed in \fIargc\fR, and the type in \fIargl\fR. -.IP "\fBX509_L_ADD_DIR\fR" 4 +.IP \fBX509_L_ADD_DIR\fR 4 .IX Item "X509_L_ADD_DIR" This is the command that \fBX509_LOOKUP_add_dir()\fR uses. The directory specification is passed in \fIargc\fR, and the type in \&\fIargl\fR. -.IP "\fBX509_L_ADD_STORE\fR" 4 +.IP \fBX509_L_ADD_STORE\fR 4 .IX Item "X509_L_ADD_STORE" This is the command that \fBX509_LOOKUP_add_store_ex()\fR and \&\fBX509_LOOKUP_add_store()\fR use. -The \s-1URI\s0 is passed in \fIargc\fR. -.IP "\fBX509_L_LOAD_STORE\fR" 4 +The URI is passed in \fIargc\fR. +.IP \fBX509_L_LOAD_STORE\fR 4 .IX Item "X509_L_LOAD_STORE" This is the command that \fBX509_LOOKUP_load_store_ex()\fR and \&\fBX509_LOOKUP_load_store()\fR use. -The \s-1URI\s0 is passed in \fIargc\fR. +The URI is passed in \fIargc\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_LOOKUP_new()\fR returns a \fBX509_LOOKUP\fR pointer when successful, -or \s-1NULL\s0 on error. +or NULL on error. .PP \&\fBX509_LOOKUP_init()\fR and \fBX509_LOOKUP_shutdown()\fR return 1 on success, or 0 on error. .PP -\&\fBX509_LOOKUP_ctrl()\fR returns \-1 if the \fBX509_LOOKUP\fR doesn't have an +\&\fBX509_LOOKUP_ctrl()\fR returns \-1 if the \fBX509_LOOKUP\fR doesn\*(Aqt have an associated \fBX509_LOOKUP_METHOD\fR, or 1 if the -doesn't have a control function. +doesn\*(Aqt have a control function. Otherwise, it returns what the control function in the \&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in error. .IX Xref "509_LOOKUP_METHOD" .PP \&\fBX509_LOOKUP_get_store()\fR returns a \fBX509_STORE\fR pointer if there is -one, otherwise \s-1NULL.\s0 +one, otherwise NULL. .PP \&\fBX509_LOOKUP_by_subject_ex()\fR, \fBX509_LOOKUP_by_subject()\fR, \&\fBX509_LOOKUP_by_issuer_serial()\fR, \fBX509_LOOKUP_by_fingerprint()\fR, and \&\fBX509_LOOKUP_by_alias()\fR all return 0 if there is no \fBX509_LOOKUP_METHOD\fR or that -method doesn't implement the corresponding function. +method doesn\*(Aqt implement the corresponding function. Otherwise, it returns what the corresponding function in the \&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_LOOKUP_METHOD\fR\|(3), \fBX509_STORE\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBX509_LOOKUP_by_subject_ex()\fR and \&\fBX509_LOOKUP_ctrl_ex()\fR were added in OpenSSL 3.0. @@ -351,11 +277,11 @@ The macros \fBX509_LOOKUP_load_file_ex()\fR, \&\fBX509_LOOKUP_load_store_ex()\fR and 509_LOOKUP_add_store_ex() were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3.orig +++ secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_LOOKUP_HASH_DIR 3ossl" -.TH X509_LOOKUP_HASH_DIR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_LOOKUP_HASH_DIR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store, X509_load_cert_file_ex, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file_ex, X509_load_cert_crl_file \&\- Default OpenSSL certificate lookup methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -161,7 +86,7 @@ \& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_LOOKUP_hash_dir\fR and \fBX509_LOOKUP_file\fR are two certificate lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. @@ -175,19 +100,19 @@ Internally loading of certificates and CRLs is implemented via functions \&\fBX509_load_cert_crl_file\fR, \fBX509_load_cert_file\fR and \&\fBX509_load_crl_file\fR. These functions support parameter \fItype\fR, which -can be one of constants \fB\s-1FILETYPE_PEM\s0\fR, \fB\s-1FILETYPE_ASN1\s0\fR and -\&\fB\s-1FILETYPE_DEFAULT\s0\fR. They load certificates and/or CRLs from specified +can be one of constants \fBFILETYPE_PEM\fR, \fBFILETYPE_ASN1\fR and +\&\fBFILETYPE_DEFAULT\fR. They load certificates and/or CRLs from specified file into memory cache of \fBX509_STORE\fR objects which given \fBctx\fR parameter is associated with. .PP Functions \fBX509_load_cert_file\fR and -\&\fBX509_load_crl_file\fR can load both \s-1PEM\s0 and \s-1DER\s0 formats depending of -type value. Because \s-1DER\s0 format cannot contain more than one certificate -or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\s0 objects) -\&\fBX509_load_cert_crl_file\fR with \fB\s-1FILETYPE_ASN1\s0\fR is equivalent to +\&\fBX509_load_crl_file\fR can load both PEM and DER formats depending of +type value. Because DER format cannot contain more than one certificate +or CRL object (while PEM can contain several concatenated PEM objects) +\&\fBX509_load_cert_crl_file\fR with \fBFILETYPE_ASN1\fR is equivalent to \&\fBX509_load_cert_file\fR. .PP -Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions +Constant \fBFILETYPE_DEFAULT\fR with NULL filename causes these functions to load default certificate store file (see \&\fBX509_STORE_set_default_paths\fR\|(3). .PP @@ -205,7 +130,7 @@ present in a file into memory at the time the file is added as a lookup source. .PP -File format is \s-1ASCII\s0 text which contains concatenated \s-1PEM\s0 certificates +File format is ASCII text which contains concatenated PEM certificates and CRLs. .PP This method should be used by applications which work with a small @@ -218,16 +143,16 @@ upon each lookup, so that newer CRLs are as soon as they appear in the directory. .PP -The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, +The directory should contain one certificate or CRL per file in PEM format, with a filename of the form \fIhash\fR.\fIN\fR for a certificate, or -\&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 +\&\fIhash\fR.\fBr\fR\fIN\fR for a CRL. The \fIhash\fR is the value returned by the \fBX509_NAME_hash_ex\fR\|(3) function applied to the subject name for certificates or issuer name for CRLs. The hash can also be obtained via the \fB\-hash\fR option of the \&\fBopenssl\-x509\fR\|(1) or \fBopenssl\-crl\fR\|(1) commands. .PP The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is -incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR +incremented consecutively for each certificate or CRL with the same \fIhash\fR value. Gaps in the sequence numbers are not supported, it is assumed that there are no more objects with the same hash beyond the first missing number in the @@ -239,9 +164,9 @@ subject or several CRLs with same issuer (and, for example, different validity period). .PP -When checking for new CRLs once one \s-1CRL\s0 for given hash value is +When checking for new CRLs once one CRL for given hash value is loaded, hash_dir lookup method checks only for certificates with -sequence number greater than that of the already cached \s-1CRL.\s0 +sequence number greater than that of the already cached CRL. .PP Note that the hash algorithm used for subject name hashing changed in OpenSSL 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL @@ -249,7 +174,7 @@ .PP OpenSSL includes a \fBopenssl\-rehash\fR\|(1) utility which creates symlinks with hashed names for all files with \fI.pem\fR suffix in a given directory. -.SS "\s-1OSSL_STORE\s0 Method" +.SS "OSSL_STORE Method" .IX Subsection "OSSL_STORE Method" \&\fBX509_LOOKUP_store\fR is a method that allows access to any store of certificates and CRLs through any loader supported by @@ -258,10 +183,10 @@ certificates or CRLs, but can also be references to catalogues of such objects (that behave like directories). .PP -This method overlaps the \*(L"File Method\*(R" and \*(L"Hashed Directory Method\*(R" -because of the 'file:' scheme loader. +This method overlaps the "File Method" and "Hashed Directory Method" +because of the \*(Aqfile:\*(Aq scheme loader. It does no caching of its own, but can use a caching \fBossl_store\fR\|(7) -loader, and therefore depends on the loader's capability. +loader, and therefore depends on the loader\*(Aqs capability. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_LOOKUP_hash_dir()\fR, \fBX509_LOOKUP_file()\fR and \fBX509_LOOKUP_store()\fR @@ -276,16 +201,16 @@ \&\fBSSL_CTX_load_verify_locations\fR\|(3), \&\fBX509_LOOKUP_meth_new\fR\|(3), \&\fBossl_store\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBX509_load_cert_file_ex()\fR, \&\fBX509_load_cert_crl_file_ex()\fR and \fBX509_LOOKUP_store()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3.orig +++ secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_LOOKUP_METH_NEW 3ossl" -.TH X509_LOOKUP_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_LOOKUP_METH_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, @@ -156,7 +81,7 @@ X509_LOOKUP_meth_get_get_by_alias, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL \&\- Routines to build up X509_LOOKUP methods -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -234,7 +159,7 @@ \& int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); \& int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBX509_LOOKUP_METHOD\fR type is a structure used for the implementation of new X509_LOOKUP types. It provides a set of functions used by OpenSSL for the @@ -243,10 +168,11 @@ \&\fBX509_LOOKUP\fR structure. .PP \&\fBX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should -be given a human-readable string containing a brief description of the lookup +be given a human\-readable string containing a brief description of the lookup method. .PP \&\fBX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. +If the argument is NULL, nothing is done. .PP \&\fBX509_LOOKUP_get_new_item()\fR and \fBX509_LOOKUP_set_new_item()\fR get and set the function that is called when an \fBX509_LOOKUP\fR object is created with @@ -277,7 +203,7 @@ .PP \&\fBX509_LOOKUP_set_get_by_subject()\fR, \fBX509_LOOKUP_set_get_by_issuer_serial()\fR, \&\fBX509_LOOKUP_set_get_by_fingerprint()\fR, \fBX509_LOOKUP_set_get_by_alias()\fR set -the functions used to retrieve an X509 or X509_CRL object by the object's +the functions used to retrieve an X509 or X509_CRL object by the object\*(Aqs subject, issuer, fingerprint, and alias respectively. These functions are given the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters related to the lookup, and an X509_OBJECT that will receive the requested @@ -293,7 +219,7 @@ .PP Implementations should also use either \fBX509_OBJECT_set1_X509()\fR or \&\fBX509_OBJECT_set1_X509_CRL()\fR to set the result. Note that this also -increments the result's reference count. +increments the result\*(Aqs reference count. .PP Any method data that was created as a result of the new_item function set by \fBX509_LOOKUP_meth_set_new_item()\fR can be accessed with @@ -313,14 +239,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_new\fR\|(3), \fBSSL_CTX_set_cert_store\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0i. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3.orig +++ secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_GET_OBJECT 3ossl" -.TH X509_NAME_ENTRY_GET_OBJECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_NAME_ENTRY_GET_OBJECT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,13 +90,13 @@ \& const ASN1_OBJECT *obj, int type, \& const unsigned char *bytes, int len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in -and \fB\s-1ASN1_OBJECT\s0\fR structure. +and \fBASN1_OBJECT\fR structure. .PP \&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in -and \fB\s-1ASN1_STRING\s0\fR structure. +and \fBASN1_STRING\fR structure. .PP \&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. .PP @@ -181,7 +106,7 @@ \&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an \&\fBX509_NAME_ENTRY\fR structure. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be used to examine an \fBX509_NAME_ENTRY\fR function as returned by @@ -197,31 +122,31 @@ The arguments of these functions support similar options to the similarly named ones of the corresponding \fBX509_NAME\fR functions such as \&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to -\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be +\&\fBMBSTRING_ASC\fR but in the case of \fBX509_set_data()\fR the field name must be set first so the relevant field information can be looked up internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is -set or \s-1NULL\s0 if an error occurred. +\&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fBASN1_OBJECT\fR structure if it is +set or NULL if an error occurred. .PP -\&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set -or \s-1NULL\s0 if an error occurred. +\&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fBASN1_STRING\fR structure if it is set +or NULL if an error occurred. .PP \&\fBX509_NAME_ENTRY_set_object()\fR and \fBX509_NAME_ENTRY_set_data()\fR return 1 on success or 0 on error. .PP \&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and \&\fBX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or -\&\s-1NULL\s0 if an error occurred. +NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3), \&\fBOBJ_nid2obj\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3.orig +++ secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3ossl" -.TH X509_NAME_ADD_ENTRY_BY_TXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,18 +84,18 @@ \& \& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and \&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined -by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +by a string \fBfield\fR, an object \fBobj\fR or a NID \fBnid\fR respectively. The field value to be added is in \fBbytes\fR of length \fBlen\fR. If \&\fBlen\fR is \-1 then the field length is calculated internally using strlen(bytes). .PP The type of field is determined by \fBtype\fR which can either be a -definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a -standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +definition of the type of \fBbytes\fR (such as \fBMBSTRING_ASC\fR) or a +standard ASN1 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is added to a position determined by \fBloc\fR and \fBset\fR. .PP \&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR @@ -180,15 +105,15 @@ .PP \&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position \&\fBloc\fR. The deleted entry is returned and must be freed up. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +The use of string types such as \fBMBSTRING_ASC\fR or \fBMBSTRING_UTF8\fR is strongly recommended for the \fBtype\fR parameter. This allows the internal code to correctly determine the type of the field and to apply length checks according to the relevant standards. This is done using \fBASN1_STRING_set_by_NID()\fR. .PP -If instead an \s-1ASN1\s0 type is used no checks are performed and the +If instead an ASN1 type is used no checks are performed and the supplied data in \fBbytes\fR is used directly. .PP In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents @@ -197,18 +122,18 @@ The \fBloc\fR and \fBset\fR parameters determine where a new entry should be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR to 0. This adds a new entry to the end of \fBname\fR as a single valued -RelativeDistinguishedName (\s-1RDN\s0). +RelativeDistinguishedName (RDN). .PP \&\fBloc\fR actually determines the index where the new entry is inserted: if it is \-1 it is appended. .PP \&\fBset\fR determines how the new type is added. -If it is zero a new \s-1RDN\s0 is created. +If it is zero a new RDN is created. .PP If \fBset\fR is \-1 or 1 it is added as a new set member -to the previous or next \s-1RDN\s0 structure, respectively. -This will then become part of a multi-valued \s-1RDN\s0 (containing a set of AVAs). -Since multi-valued RDNs are very rarely used \fBset\fR typically will be zero. +to the previous or next RDN structure, respectively. +This will then become part of a multi\-valued RDN (containing a set of AVAs). +Since multi\-valued RDNs are very rarely used \fBset\fR typically will be zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, @@ -216,12 +141,12 @@ success of 0 if an error occurred. .PP \&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR -structure or \fB\s-1NULL\s0\fR if an error occurred. -.SH "EXAMPLES" +structure or \fBNULL\fR if an error occurred. +.SH EXAMPLES .IX Header "EXAMPLES" Create an \fBX509_NAME\fR structure: .PP -\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +"C=UK, O=Disorganized Organization, CN=Joe Bloggs" .PP .Vb 1 \& X509_NAME *nm; @@ -239,7 +164,7 @@ \& "Joe Bloggs", \-1, \-1, 0)) \& /* Error */ .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" \&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a different algorithm to determine field types. Since this form does @@ -248,11 +173,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3.orig +++ secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_NAME_GET0_DER 3ossl" -.TH X509_NAME_GET0_DER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_NAME_GET0_DER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_NAME_get0_der \- get X509_NAME DER encoding -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,7 +73,7 @@ \& int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, \& size_t *pderlen); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The function \fBX509_NAME_get0_der()\fR returns an internal pointer to the encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of @@ -161,11 +86,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3.orig +++ secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_NAME_GET_INDEX_BY_NID 3ossl" -.TH X509_NAME_GET_INDEX_BY_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_NAME_GET_INDEX_BY_NID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- X509_NAME lookup and enumeration functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -159,17 +84,17 @@ \& int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, \& char *buf, int len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions allow an \fBX509_NAME\fR structure to be examined. The \&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in -\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +RFC2459 (and elsewhere) and used for example in certificate subject and issuer names. .PP \&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR should initially be set to \-1. If there are no more entries \-1 is returned. -If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. +If \fBnid\fR is invalid (doesn\*(Aqt correspond to a valid OID) then \-2 is returned. .PP \&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. .PP @@ -179,13 +104,13 @@ internal pointer which must not be freed. .PP \&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve -the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +the "text" from the first entry in \fBname\fR which matches \fBnid\fR or \&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes will be written and the text written to \fBbuf\fR will be null terminated. The length of the output string written is returned -excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +excluding the terminating null. If \fBbuf\fR is then the amount of space needed in \fBbuf\fR (excluding the final null) is returned. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR should be considered deprecated because they @@ -205,21 +130,21 @@ \&\fI\fR. .PP Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR -should check for the return value of \-2. Alternatively the \s-1NID\s0 validity -can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0 +should check for the return value of \-2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR return the index of the next matching entry or \-1 if not found. \&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied -\&\s-1NID\s0 is invalid. +NID is invalid. .PP \&\fBX509_NAME_entry_count()\fR returns the total number of entries, and 0 for failure. .PP \&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the -requested entry or \fB\s-1NULL\s0\fR if the index is invalid. -.SH "EXAMPLES" +requested entry or \fBNULL\fR if the index is invalid. +.SH EXAMPLES .IX Header "EXAMPLES" Process all entries: .PP @@ -250,11 +175,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3.orig +++ secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_NAME_PRINT_EX 3ossl" -.TH X509_NAME_PRINT_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_NAME_PRINT_EX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- X509_NAME printing routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,72 +78,71 @@ \& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); \& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fInm\fR to \s-1BIO\s0 \fIout\fR. +\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fInm\fR to BIO \fIout\fR. Each line (for multiline formats) is indented by \fIindent\fR spaces. The output format can be extensively customised by use of the \fIflags\fR parameter. .PP \&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR -except the output is written to \s-1FILE\s0 pointer \fIfp\fR. +except the output is written to FILE pointer \fIfp\fR. .PP -\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fIa\fR to \fIbuf\fR. -This supports multi-valued RDNs and escapes \fB/\fR and \fB+\fR characters in values. -If \fIbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and +\&\fBX509_NAME_oneline()\fR prints an ASCII version of \fIa\fR to \fIbuf\fR. +This supports multi\-valued RDNs and escapes \fB/\fR and \fB+\fR characters in values. +If \fIbuf\fR is \fBNULL\fR then a buffer is dynamically allocated and returned, and \&\fIsize\fR is ignored. -Otherwise, at most \fIsize\fR bytes will be written, including the ending '\e0', +Otherwise, at most \fIsize\fR bytes will be written, including the ending \*(Aq\e0\*(Aq, and \fIbuf\fR is returned. .PP -\&\fBX509_NAME_print()\fR prints out \fIname\fR to \fIbp\fR indenting each line by \fIobase\fR -characters. Multiple lines are used if the output (including indent) exceeds -80 characters. -.SH "NOTES" +\&\fBX509_NAME_print()\fR prints out \fIname\fR to \fIbp\fR on a single line. +The \fIobase\fR parameter is ignored and retained only for API compatibility. +.SH NOTES .IX Header "NOTES" The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR -produce a non standard output form, they don't handle multi-character fields and +produce a non standard output form, they don\*(Aqt handle multi\-character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications and they could be deprecated in a future release. .PP Although there are a large number of possible flags for most purposes -\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +\&\fBXN_FLAG_ONELINE\fR, \fBXN_FLAG_MULTILINE\fR or \fBXN_FLAG_RFC2253\fR will suffice. As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page -for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example -\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. +for UTF8 terminals the \fBASN1_STRFLGS_ESC_MSB\fR should be unset: so for example +\&\fBXN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB\fR would be used. .PP The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below. .PP Several options can be ored together. .PP -The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, -\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR +The options \fBXN_FLAG_SEP_COMMA_PLUS\fR, \fBXN_FLAG_SEP_CPLUS_SPC\fR, +\&\fBXN_FLAG_SEP_SPLUS_SPC\fR and \fBXN_FLAG_SEP_MULTILINE\fR determine the field separators to use. Two distinct separators are used between distinct RelativeDistinguishedName -components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 -Multi-valued RDNs are currently very rare +components and separate values in the same RDN for a multi\-valued RDN. +Multi\-valued RDNs are currently very rare so the second separator will hardly ever be used. .PP -\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. -\&\fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR uses comma and plus with spaces: +\&\fBXN_FLAG_SEP_COMMA_PLUS\fR uses comma and plus as separators. +\&\fBXN_FLAG_SEP_CPLUS_SPC\fR uses comma and plus with spaces: this is more readable that plain comma and plus. -\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. -\&\fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses spaced newline and plus respectively. +\&\fBXN_FLAG_SEP_SPLUS_SPC\fR uses spaced semicolon and plus. +\&\fBXN_FLAG_SEP_MULTILINE\fR uses spaced newline and plus respectively. .PP -If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +If \fBXN_FLAG_DN_REV\fR is set the whole DN is printed in reversed order. .PP -The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, -\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will -use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always -use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +The fields \fBXN_FLAG_FN_SN\fR, \fBXN_FLAG_FN_LN\fR, \fBXN_FLAG_FN_OID\fR, +\&\fBXN_FLAG_FN_NONE\fR determine how a field name is displayed. It will +use the short name (e.g. CN) the long name (e.g. commonName) always +use OID numerical form (normally OIDs are only used if the field name is not recognised) and no field name respectively. .PP -If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +If \fBXN_FLAG_SPC_EQ\fR is set then spaces will be placed around the \*(Aq=\*(Aq character separating field names and values. .PP -If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +If \fBXN_FLAG_DUMP_UNKNOWN_FIELDS\fR is set then the encoding of unknown fields is printed instead of the values. .PP -If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +If \fBXN_FLAG_FN_ALIGN\fR is set then field names are padded to 20 characters: this is only of use for multiline format. .PP Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to @@ -226,38 +150,38 @@ .PP In addition a number options can be set for commonly used formats. .PP -\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253.\s0 +\&\fBXN_FLAG_RFC2253\fR sets options which produce an output compatible with RFC2253. It is equivalent to: \f(CW\*(C`ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS\*(C'\fR .PP -\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: +\&\fBXN_FLAG_ONELINE\fR is a more readable one line format which is the same as: \f(CW\*(C`ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN\*(C'\fR .PP -\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: +\&\fBXN_FLAG_MULTILINE\fR is a multiline format which is the same as: \f(CW\*(C`ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN\*(C'\fR .PP -\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: +\&\fBXN_FLAG_COMPAT\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. +\&\fBX509_NAME_oneline()\fR returns a valid string on success or NULL on error. .PP \&\fBX509_NAME_print()\fR returns 1 on success or 0 on error. .PP \&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on -error if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. +error if the \fBXN_FLAG_COMPAT\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise, it returns \-1 on error or other values on success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBASN1_STRING_print_ex\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3.orig +++ secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_PUBKEY_NEW 3ossl" -.TH X509_PUBKEY_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_PUBKEY_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_PUBKEY_new_ex, X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY_ex, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param, X509_PUBKEY_eq \- SubjectPublicKeyInfo public key functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -177,53 +102,53 @@ \& X509_ALGOR **pa, const X509_PUBKEY *pub); \& int X509_PUBKEY_eq(X509_PUBKEY *a, X509_PUBKEY *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR -structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. +The \fBX509_PUBKEY\fR structure represents the ASN.1 \fBSubjectPublicKeyInfo\fR +structure defined in RFC5280 and used in certificates and certificate requests. .PP \&\fBX509_PUBKEY_new_ex()\fR allocates and initializes an \fBX509_PUBKEY\fR structure -associated with the given \fB\s-1OSSL_LIB_CTX\s0\fR in the \fIlibctx\fR parameter. Any +associated with the given \fBOSSL_LIB_CTX\fR in the \fIlibctx\fR parameter. Any algorithm fetches associated with using the \fBX509_PUBKEY\fR object will use -the property query string \fIpropq\fR. See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for +the property query string \fIpropq\fR. See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7) for further information about algorithm fetching. .PP \&\fBX509_PUBKEY_new()\fR is the same as \fBX509_PUBKEY_new_ex()\fR except that the default -(\s-1NULL\s0) \fB\s-1OSSL_LIB_CTX\s0\fR and a \s-1NULL\s0 property query string are used. +(NULL) \fBOSSL_LIB_CTX\fR and a NULL property query string are used. .PP \&\fBX509_PUBKEY_dup()\fR creates a duplicate copy of the \fBX509_PUBKEY\fR object specified by \fIa\fR. .PP -\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fIa\fR. If \fIa\fR is \s-1NULL\s0 +\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fIa\fR. If \fIa\fR is NULL nothing is done. .PP \&\fBX509_PUBKEY_set()\fR sets the public key in \fI*x\fR to the public key contained -in the \fB\s-1EVP_PKEY\s0\fR structure \fIpkey\fR. If \fI*x\fR is not \s-1NULL\s0 any existing +in the \fBEVP_PKEY\fR structure \fIpkey\fR. If \fI*x\fR is not NULL any existing public key structure will be freed. .PP \&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fIkey\fR. The returned -value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use. +value is an internal pointer which \fBMUST NOT\fR be freed after use. .PP \&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference -count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using +count on the returned key is incremented so it \fBMUST\fR be freed using \&\fBEVP_PKEY_free()\fR after use. .PP -\&\fBd2i_PUBKEY_ex()\fR decodes an \fB\s-1EVP_PKEY\s0\fR structure using \fBSubjectPublicKeyInfo\fR +\&\fBd2i_PUBKEY_ex()\fR decodes an \fBEVP_PKEY\fR structure using \fBSubjectPublicKeyInfo\fR format. Some public key decoding implementations may use cryptographic algorithms. In this case the supplied library context \fIlibctx\fR and property query string \fIpropq\fR are used. \&\fBd2i_PUBKEY()\fR does the same as \fBd2i_PUBKEY_ex()\fR except that the default library context and property query string are used. .PP -\&\fBi2d_PUBKEY()\fR encodes an \fB\s-1EVP_PKEY\s0\fR structure using \fBSubjectPublicKeyInfo\fR +\&\fBi2d_PUBKEY()\fR encodes an \fBEVP_PKEY\fR structure using \fBSubjectPublicKeyInfo\fR format. .PP \&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a -\&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. +\&\fBBIO\fR or \fBFILE\fR pointer. .PP \&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fIpub\fR. The -\&\s-1OID\s0 associated with the algorithm is set to \fIaobj\fR. The type of the +OID associated with the algorithm is set to \fIaobj\fR. The type of the algorithm parameters is set to \fItype\fR using the structure \fIpval\fR. The encoding of the public key itself is set to the \fIpenclen\fR bytes contained in buffer \fIpenc\fR. On success ownership of all the supplied @@ -231,15 +156,15 @@ call. .PP \&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fIpub\fR, -\&\fI*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of +\&\fI*ppkalg\fR is set to the associated OID and the encoding consists of \&\fI*ppklen\fR bytes at \fI*pk\fR, \fI*pa\fR is set to the associated AlgorithmIdentifier for the public key. If the value of any of these -parameters is not required it can be set to \s-1NULL.\s0 All of the +parameters is not required it can be set to NULL. All of the retrieved pointers are internal and must not be freed after the call. .PP \&\fBX509_PUBKEY_eq()\fR compares two \fBX509_PUBKEY\fR values. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys in a standard format. @@ -249,13 +174,13 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBX509_PUBKEY_new()\fR and \fBX509_PUBKEY_dup()\fR return -\&\s-1NULL\s0 and set an error code that can be obtained by \fBERR_get_error\fR\|(3). +NULL and set an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise they return a pointer to the newly allocated structure. .PP \&\fBX509_PUBKEY_free()\fR does not return a value. .PP -\&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR -structure or \s-1NULL\s0 if an error occurs. +\&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fBEVP_PKEY\fR +structure or NULL if an error occurs. .PP \&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR return 1 for success and 0 if an error occurred. @@ -266,15 +191,15 @@ \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_PUBKEY_new_ex()\fR and \fBX509_PUBKEY_eq()\fR functions were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- /dev/null +++ secure/lib/libcrypto/man/man3/X509_REQ_get_attr.3 @@ -0,0 +1,167 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "X509_REQ_GET_ATTR 3ossl" +.TH X509_REQ_GET_ATTR 3ossl 2026-04-07 3.0.20 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +X509_REQ_get_attr_count, +X509_REQ_get_attr_by_NID, X509_REQ_get_attr_by_OBJ, X509_REQ_get_attr, +X509_REQ_delete_attr, +X509_REQ_add1_attr, X509_REQ_add1_attr_by_OBJ, X509_REQ_add1_attr_by_NID, +X509_REQ_add1_attr_by_txt +\&\- X509_ATTRIBUTE support for signed certificate requests +.SH SYNOPSIS +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_REQ_get_attr_count(const X509_REQ *req); +\& int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +\& int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, +\& int lastpos); +\& X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +\& X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +\& int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +\& int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, +\& const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len); +\& int X509_REQ_add1_attr_by_NID(X509_REQ *req, +\& int nid, int type, +\& const unsigned char *bytes, int len); +\& int X509_REQ_add1_attr_by_txt(X509_REQ *req, +\& const char *attrname, int type, +\& const unsigned char *bytes, int len); +.Ve +.SH DESCRIPTION +.IX Header "DESCRIPTION" +\&\fBX509_REQ_get_attr_by_OBJ()\fR finds the location of the first matching object \fIobj\fR +in the \fIreq\fR attribute list. The search starts at the position after \fIlastpos\fR. +If the returned value is positive then it can be used on the next call to +\&\fBX509_REQ_get_attr_by_OBJ()\fR as the value of \fIlastpos\fR in order to iterate through +the remaining attributes. \fIlastpos\fR can be set to any negative value on the +first call, in order to start searching from the start of the attribute list. +.PP +\&\fBX509_REQ_get_attr_by_NID()\fR is similar to \fBX509_REQ_get_attr_by_OBJ()\fR except that +it passes the numerical identifier (NID) \fInid\fR associated with the object. +See for a list of NID_*. +.PP +\&\fBX509_REQ_get_attr()\fR returns the \fBX509_ATTRIBUTE\fR object at index \fIloc\fR in the +\&\fIreq\fR attribute list. \fIloc\fR should be in the range from 0 to +\&\fBX509_REQ_get_attr_count()\fR \- 1. +.PP +\&\fBX509_REQ_delete_attr()\fR removes the \fBX509_ATTRIBUTE\fR object at index \fIloc\fR in +the \fIreq\fR objects list of attributes. An error occurs if \fIreq\fR is NULL. +.PP +\&\fBX509_REQ_add1_attr()\fR pushes a copy of the passed in \fBX509_ATTRIBUTE\fR \fRattr> +to the \fIreq\fR object\*(Aqs attribute list. An error will occur if either the +attribute list is NULL or the attribute already exists. +.PP +\&\fBX509_REQ_add1_attr_by_OBJ()\fR creates a new \fBX509_ATTRIBUTE\fR using +\&\fBX509_ATTRIBUTE_set1_object()\fR and \fBX509_ATTRIBUTE_set1_data()\fR to assign a new +\&\fIobj\fR with type \fItype\fR and data \fIbytes\fR of length \fIlen\fR and then pushes it +to the \fIreq\fR object\*(Aqs attribute list. \fIreq\fR must be non NULL or an error +will occur. If \fIobj\fR already exists in the attribute list then an error occurs. +.PP +\&\fBX509_REQ_add1_attr_by_NID()\fR is similar to \fBX509_REQ_add1_attr_by_OBJ()\fR except +that it passes the numerical identifier (NID) \fInid\fR associated with the object. +See for a list of NID_*. +.PP +\&\fBX509_REQ_add1_attr_by_txt()\fR is similar to \fBX509_REQ_add1_attr_by_OBJ()\fR except +that it passes a name \fIattrname\fR associated with the object. +See for a list of SN_* names. +.PP +Refer to \fBX509_ATTRIBUTE\fR\|(3) for information related to attributes. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_REQ_get_attr_count()\fR returns the number of attributes in the \fIreq\fR object +attribute list or \-1 if the attribute list is NULL. +.PP +\&\fBX509_REQ_get_attr_by_OBJ()\fR returns \-1 if either the \fIreq\fR object\*(Aqs attribute +list is empty OR \fIobj\fR is not found, otherwise it returns the location of the +\&\fIobj\fR in the attribute list. +.PP +\&\fBX509_REQ_get_attr_by_NID()\fR is similar to \fBX509_REQ_get_attr_by_OBJ()\fR, except that +it returns \-2 if the \fInid\fR is not known by OpenSSL. +.PP +\&\fBX509_REQ_get_attr()\fR returns either an \fBX509_ATTRIBUTE\fR or NULL on error. +.PP +\&\fBX509_REQ_delete_attr()\fR returns either the removed \fBX509_ATTRIBUTE\fR or NULL if +there is a error. +.PP +\&\fBX509_REQ_add1_attr()\fR, \fBX509_REQ_add1_attr_by_OBJ()\fR, \fBX509_REQ_add1_attr_by_NID()\fR +and \fBX509_REQ_add1_attr_by_txt()\fR return 1 on success or 0 on error. +.SH NOTES +.IX Header "NOTES" +Any functions that modify the attributes (add or delete) internally set a flag +to indicate the ASN.1 encoding has been modified. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_ATTRIBUTE\fR\|(3) +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2023\-2024 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +. --- /dev/null +++ secure/lib/libcrypto/man/man3/X509_REQ_get_extensions.3 @@ -0,0 +1,108 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l +.\" ======================================================================== +.\" +.IX Title "X509_REQ_GET_EXTENSIONS 3ossl" +.TH X509_REQ_GET_EXTENSIONS 3ossl 2026-04-07 3.0.20 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +X509_REQ_get_extensions, +X509_REQ_add_extensions, X509_REQ_add_extensions_nid +\&\- handle X.509 extension attributes of a CSR +.SH SYNOPSIS +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +\& int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts); +\& int X509_REQ_add_extensions_nid(X509_REQ *req, +\& const STACK_OF(X509_EXTENSION) *exts, int nid); +.Ve +.SH DESCRIPTION +.IX Header "DESCRIPTION" +\&\fBX509_REQ_get_extensions()\fR returns the first list of X.509 extensions +found in the attributes of \fIreq\fR. +The returned list is empty if there are no such extensions in \fIreq\fR. +The caller is responsible for freeing the list obtained. +.PP +\&\fBX509_REQ_add_extensions()\fR adds to \fIreq\fR a list of X.509 extensions \fIexts\fR, +which must not be NULL, using the default \fBNID_ext_req\fR. +This function must not be called more than once on the same \fIreq\fR. +.PP +\&\fBX509_REQ_add_extensions_nid()\fR is like \fBX509_REQ_add_extensions()\fR +except that \fInid\fR is used to identify the extensions attribute. +This function must not be called more than once with the same \fIreq\fR and \fInid\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_REQ_get_extensions()\fR returns a pointer to \fBSTACK_OF(X509_EXTENSION)\fR +or NULL on error. +.PP +\&\fBX509_REQ_add_extensions()\fR and \fBX509_REQ_add_extensions_nid()\fR +return 1 on success, 0 on error. +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2022\-2024 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +. --- secure/lib/libcrypto/man/man3/X509_SIG_get0.3.orig +++ secure/lib/libcrypto/man/man3/X509_SIG_get0.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_SIG_GET0 3ossl" -.TH X509_SIG_GET0 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_SIG_GET0 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_SIG_get0, X509_SIG_getm \- DigestInfo functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,7 +75,7 @@ \& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, \& ASN1_OCTET_STRING **pdigest); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest value in \fBsig\fR. \fBX509_SIG_getm()\fR is identical to \fBX509_SIG_get0()\fR @@ -162,11 +87,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3.orig +++ secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_GET_ERROR 3ossl" -.TH X509_STORE_CTX_GET_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_STORE_CTX_GET_ERROR 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -162,14 +87,14 @@ \& \& const char *X509_verify_cert_error_string(long n); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions are typically called after certificate or chain verification using \fBX509_verify_cert\fR\|(3) or \fBX509_STORE_CTX_verify\fR\|(3) has indicated an error or in a verification callback to determine the nature of an error. .PP \&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fIctx\fR. -See the \*(L"\s-1ERROR CODES\*(R"\s0 section for a full description of all error codes. +See the "ERROR CODES" section for a full description of all error codes. It may return a code != X509_V_OK even if \fBX509_verify_cert()\fR did not indicate an error, likely because a verification callback function has waived the error. .PP @@ -188,7 +113,7 @@ .PP \&\fBX509_STORE_CTX_get_current_cert()\fR returns the current certificate in \&\fIctx\fR. If an error occurred, the current certificate will be the one -that is most closely related to the error, or possibly \s-1NULL\s0 if no such +that is most closely related to the error, or possibly NULL if no such certificate is relevant. .PP \&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fIx\fR in \fIctx\fR which @@ -224,7 +149,7 @@ \&\fBX509_STORE_CTX_get_error_depth()\fR returns a nonnegative error depth. .PP \&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the -error or \s-1NULL\s0 if no certificate is relevant to the error. +error or NULL if no certificate is relevant to the error. .PP \&\fBX509_verify_cert_error_string()\fR returns a human readable error string for verification error \fIn\fR. @@ -232,7 +157,7 @@ .IX Header "ERROR CODES" A list of error codes and messages is shown below. Some of the error codes are defined but currently never returned: these are described as -\&\*(L"unused\*(R". +"unused". .IP "\fBX509_V_OK: ok\fR" 4 .IX Item "X509_V_OK: ok" The operation was successful. @@ -243,19 +168,19 @@ .IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" The issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete. -To allow any certificate (not only a self-signed one) in the trust store +To allow any certificate (not only a self\-signed one) in the trust store to terminate the chain the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag may be set. -.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" -The \s-1CRL\s0 of a certificate could not be found. -.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 +The CRL of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate\*(Aqs signature\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the -expected value, this is only meaningful for \s-1RSA\s0 keys. -.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 +expected value, this is only meaningful for RSA keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL\*(Aqs signature\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" -The \s-1CRL\s0 signature could not be decrypted: this means that the actual signature +The CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused. .IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 @@ -265,9 +190,9 @@ .IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 .IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" The signature of the certificate is invalid. -.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure\fR" 4 .IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" -The signature of the \s-1CRL\s0 is invalid. +The signature of the CRL is invalid. .IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 .IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" The certificate is not yet valid: the \f(CW\*(C`notBefore\*(C'\fR date is after the @@ -276,35 +201,35 @@ .IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" The certificate has expired: that is the \f(CW\*(C`notAfter\*(C'\fR date is before the current time. -.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid\fR" 4 .IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" -The \s-1CRL\s0 is not yet valid. -.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 +The CRL is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: CRL has expired\fR" 4 .IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" -The \s-1CRL\s0 has expired. -.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 +The CRL has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate\*(Aqs notBefore field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" The certificate \f(CW\*(C`notBefore\*(C'\fR field contains an invalid time. -.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate\*(Aqs notAfter field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" The certificate \f(CW\*(C`notAfter\*(C'\fR field contains an invalid time. -.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL\*(Aqs lastUpdate field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" -The \s-1CRL\s0 \fBlastUpdate\fR field contains an invalid time. -.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 +The CRL \fBlastUpdate\fR field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL\*(Aqs nextUpdate field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" -The \s-1CRL\s0 \f(CW\*(C`nextUpdate\*(C'\fR field contains an invalid time. +The CRL \f(CW\*(C`nextUpdate\*(C'\fR field contains an invalid time. .IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 .IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" An error occurred trying to allocate memory. -.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self-signed certificate\fR" 4 +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self\-signed certificate\fR" 4 .IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self-signed certificate" -The passed certificate is self-signed and the same certificate cannot be found +The passed certificate is self\-signed and the same certificate cannot be found in the list of trusted certificates. -.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self-signed certificate in certificate chain\fR" 4 +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self\-signed certificate in certificate chain\fR" 4 .IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self-signed certificate in certificate chain" The certificate chain could be built up using the untrusted certificates -but no suitable trust anchor (which typically is a self-signed root certificate) +but no suitable trust anchor (which typically is a self\-signed root certificate) could be found in the trust store. .IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" @@ -313,28 +238,28 @@ .IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" No signatures could be verified because the chain contains only one certificate -and it is not self-signed and the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag is not set. +and it is not self\-signed and the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag is not set. .IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 .IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" The certificate chain length is greater than the supplied maximum depth. .IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 .IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" The certificate has been revoked. -.IP "\fBX509_V_ERR_NO_ISSUER_PUBLIC_KEY: issuer certificate doesn't have a public key\fR" 4 +.IP "\fBX509_V_ERR_NO_ISSUER_PUBLIC_KEY: issuer certificate doesn\*(Aqt have a public key\fR" 4 .IX Item "X509_V_ERR_NO_ISSUER_PUBLIC_KEY: issuer certificate doesn't have a public key" The issuer certificate does not have a public key. .IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 .IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" -The basicConstraints path-length parameter has been exceeded. +The basicConstraints path\-length parameter has been exceeded. .IP "\fBX509_V_ERR_INVALID_PURPOSE: unsuitable certificate purpose\fR" 4 .IX Item "X509_V_ERR_INVALID_PURPOSE: unsuitable certificate purpose" The target certificate cannot be used for the specified purpose. .IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 .IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" -The root \s-1CA\s0 is not marked as trusted for the specified purpose. +The root CA is not marked as trusted for the specified purpose. .IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 .IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" -The root \s-1CA\s0 is marked to reject the specified purpose. +The root CA is marked to reject the specified purpose. .IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 .IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" The current candidate issuer certificate was rejected because its subject name @@ -353,21 +278,21 @@ .IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN: key usage does not include certificate signing" The current candidate issuer certificate was rejected because its \f(CW\*(C`keyUsage\*(C'\fR extension does not permit certificate signing. -.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get \s-1CRL\s0 issuer certificate\fR" 4 +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate" -Unable to get \s-1CRL\s0 issuer certificate. +Unable to get CRL issuer certificate. .IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension\fR" 4 .IX Item "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension" Unhandled critical extension. -.IP "\fBX509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include \s-1CRL\s0 signing\fR" 4 +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing\fR" 4 .IX Item "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing" -Key usage does not include \s-1CRL\s0 signing. -.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical \s-1CRL\s0 extension\fR" 4 +Key usage does not include CRL signing. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension\fR" 4 .IX Item "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension" -Unhandled critical \s-1CRL\s0 extension. -.IP "\fBX509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has \s-1CA\s0 markings)\fR" 4 +Unhandled critical CRL extension. +.IP "\fBX509_V_ERR_INVALID_NON_CA: invalid non\-CA certificate (has CA markings)\fR" 4 .IX Item "X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has CA markings)" -Invalid non-CA certificate has \s-1CA\s0 markings. +Invalid non\-CA certificate has CA markings. .IP "\fBX509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length constraint exceeded\fR" 4 .IX Item "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length constraint exceeded" Proxy path length constraint exceeded. @@ -392,15 +317,15 @@ .IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" The verification flags were set to require and explicit policy but none was present. -.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: different \s-1CRL\s0 scope\fR" 4 +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: different CRL scope\fR" 4 .IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: different CRL scope" The only CRLs that could be found did not match the scope of the certificate. .IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: unsupported extension feature\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: unsupported extension feature" Some feature of a certificate extension is not supported. Unused. -.IP "\fBX509_V_ERR_UNNESTED_RESOURCE: \s-1RFC 3779\s0 resource not subset of parent's resources\fR" 4 +.IP "\fBX509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent\*(Aqs resources\fR" 4 .IX Item "X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resources" -See \s-1RFC 3779\s0 for details. +See RFC 3779 for details. .IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 .IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" A name constraint violation occurred in the permitted subtrees. @@ -418,19 +343,19 @@ .IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" An unsupported name constraint type was encountered. OpenSSL currently only -supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. +supports directory name, DNS name, email and URI types. .IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" The format of the name constraint is not recognised: for example an email -address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by +address format of a form not mentioned in RFC3280. This could be caused by a garbage extension or some new feature not currently supported. .IP "\fBX509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax" Unsupported or invalid name syntax. -.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error\fR" 4 .IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" -An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only -happen if extended \s-1CRL\s0 checking is enabled. +An error occurred when attempting to verify the CRL path. This error can only +happen if extended CRL checking is enabled. .IP "\fBX509_V_ERR_PATH_LOOP: path loop\fR" 4 .IX Item "X509_V_ERR_PATH_LOOP: path loop" Path loop. @@ -440,23 +365,23 @@ .IP "\fBX509_V_ERR_EMAIL_MISMATCH: email address mismatch\fR" 4 .IX Item "X509_V_ERR_EMAIL_MISMATCH: email address mismatch" Email address mismatch. -.IP "\fBX509_V_ERR_IP_ADDRESS_MISMATCH: \s-1IP\s0 address mismatch\fR" 4 +.IP "\fBX509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch\fR" 4 .IX Item "X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch" -\&\s-1IP\s0 address mismatch. -.IP "\fBX509_V_ERR_DANE_NO_MATCH: no matching \s-1DANE TLSA\s0 records\fR" 4 +IP address mismatch. +.IP "\fBX509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records\fR" 4 .IX Item "X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records" -\&\s-1DANE TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the +DANE TLSA authentication is enabled, but no TLSA records matched the certificate chain. This error is only possible in \fBopenssl\-s_client\fR\|(1). -.IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL: \s-1EE\s0 certificate key too weak\fR" 4 +.IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL: EE certificate key too weak\fR" 4 .IX Item "X509_V_ERR_EE_KEY_TOO_SMALL: EE certificate key too weak" -\&\s-1EE\s0 certificate key too weak. -.IP "\fBX509_V_ERR_CA_KEY_TOO_SMALL: \s-1CA\s0 certificate key too weak\fR" 4 +EE certificate key too weak. +.IP "\fBX509_V_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak\fR" 4 .IX Item "X509_V_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak" -\&\s-1CA\s0 certificate key too weak. -.IP "\fBX509_V_ERR_CA_MD_TOO_WEAK: \s-1CA\s0 signature digest algorithm too weak\fR" 4 +CA certificate key too weak. +.IP "\fBX509_V_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak\fR" 4 .IX Item "X509_V_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak" -\&\s-1CA\s0 signature digest algorithm too weak. +CA signature digest algorithm too weak. .IP "\fBX509_V_ERR_INVALID_CALL: invalid certificate verification context\fR" 4 .IX Item "X509_V_ERR_INVALID_CALL: invalid certificate verification context" Invalid certificate verification context. @@ -469,45 +394,45 @@ .IP "\fBX509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation\fR" 4 .IX Item "X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation" Proxy subject name violation. -.IP "\fBX509_V_ERR_OCSP_VERIFY_NEEDED: \s-1OCSP\s0 verification needed\fR" 4 +.IP "\fBX509_V_ERR_OCSP_VERIFY_NEEDED: OCSP verification needed\fR" 4 .IX Item "X509_V_ERR_OCSP_VERIFY_NEEDED: OCSP verification needed" -Returned by the verify callback to indicate an \s-1OCSP\s0 verification is needed. -.IP "\fBX509_V_ERR_OCSP_VERIFY_FAILED: \s-1OCSP\s0 verification failed\fR" 4 +Returned by the verify callback to indicate an OCSP verification is needed. +.IP "\fBX509_V_ERR_OCSP_VERIFY_FAILED: OCSP verification failed\fR" 4 .IX Item "X509_V_ERR_OCSP_VERIFY_FAILED: OCSP verification failed" -Returned by the verify callback to indicate \s-1OCSP\s0 verification failed. -.IP "\fBX509_V_ERR_OCSP_CERT_UNKNOWN: \s-1OCSP\s0 unknown cert\fR" 4 +Returned by the verify callback to indicate OCSP verification failed. +.IP "\fBX509_V_ERR_OCSP_CERT_UNKNOWN: OCSP unknown cert\fR" 4 .IX Item "X509_V_ERR_OCSP_CERT_UNKNOWN: OCSP unknown cert" Returned by the verify callback to indicate that the certificate is not -recognized by the \s-1OCSP\s0 responder. +recognized by the OCSP responder. .IP "\fBX509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM: unsupported signature algorithm\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM: unsupported signature algorithm" Cannot find certificate signature algorithm. .IP "\fBX509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: subject signature algorithm and issuer public key algorithm mismatch\fR" 4 .IX Item "X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: subject signature algorithm and issuer public key algorithm mismatch" -The issuer's public key is not of the type required by the signature in -the subject's certificate. +The issuer\*(Aqs public key is not of the type required by the signature in +the subject\*(Aqs certificate. .IP "\fBX509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY: cert info signature and signature algorithm mismatch\fR" 4 .IX Item "X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY: cert info signature and signature algorithm mismatch" The algorithm given in the certificate info is inconsistent with the one used for the certificate signature. -.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IP "\fBX509_V_ERR_INVALID_CA: invalid CA certificate\fR" 4 .IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" -A \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not +A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The above functions should be used instead of directly referencing the fields in the \fBX509_VERIFY_CTX\fR structure. .PP In versions of OpenSSL before 1.0 the current certificate returned by -\&\fBX509_STORE_CTX_get_current_cert()\fR was never \s-1NULL.\s0 Applications should +\&\fBX509_STORE_CTX_get_current_cert()\fR was never NULL. Applications should check the return value before printing out any debugging information relating to the current certificate. .PP If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the numerical value of the unknown code is returned in a static buffer. This is not thread safe but will never happen unless an invalid code is passed. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Previous versions of this documentation swapped the meaning of the \&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR and @@ -517,11 +442,11 @@ \&\fBX509_verify_cert\fR\|(3), \fBX509_STORE_CTX_verify\fR\|(3), \&\fBX509_up_ref\fR\|(3), \&\fBX509_free\fR\|(3). -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2009\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3.orig +++ secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_NEW 3ossl" -.TH X509_STORE_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_STORE_CTX_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_STORE_CTX_new_ex, X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, @@ -153,7 +78,7 @@ X509_STORE_CTX_set_trust, X509_STORE_CTX_purpose_inherit \&\- X509_STORE_CTX initialisation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -190,7 +115,7 @@ \& int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, \& int purpose, int trust); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use by \fBX509_verify_cert\fR\|(3) or \fBX509_STORE_CTX_verify\fR\|(3). @@ -202,26 +127,32 @@ query string. .PP \&\fBX509_STORE_CTX_new()\fR is the same as \fBX509_STORE_CTX_new_ex()\fR except that -the default library context and a \s-1NULL\s0 property query string are used. +the default library context and a NULL property query string are used. .PP \&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. It is used by \fBX509_STORE_CTX_init()\fR and \fBX509_STORE_CTX_free()\fR. .PP \&\fBX509_STORE_CTX_free()\fR completely frees up \fIctx\fR. After this call \fIctx\fR is no longer valid. -If \fIctx\fR is \s-1NULL\s0 nothing is done. +If \fIctx\fR is NULL nothing is done. +.PP +\&\fBX509_STORE_CTX_init()\fR sets up \fIctx\fR for a subsequent verification operation. .PP +\&\fBX509_STORE_CTX_init()\fR initializes the internal state and resources of the +given \fIctx\fR. Among others, it sets the verification parameters associated +with the method name \f(CW\*(C`default\*(C'\fR, which includes the \f(CW\*(C`any\*(C'\fR purpose, +and takes over callback function pointers from \fItrust_store\fR (unless NULL). It must be called before each call to \fBX509_verify_cert\fR\|(3) or \&\fBX509_STORE_CTX_verify\fR\|(3), i.e., a context is only good for one verification. If you want to verify a further certificate or chain with the same \fIctx\fR then you must call \fBX509_STORE_CTX_init()\fR again. The trusted certificate store is set to \fItrust_store\fR of type \fBX509_STORE\fR. -This may be \s-1NULL\s0 because there are no trusted certificates or because +This may be NULL because there are no trusted certificates or because they are provided simply as a list using \fBX509_STORE_CTX_set0_trusted_stack()\fR. The certificate to be verified is set to \fItarget\fR, and a list of additional certificates may be provided in \fIuntrusted\fR, which will be untrusted but may be used to build the chain. -Each of the \fItrust_store\fR, \fItarget\fR and \fIuntrusted\fR parameters can be \s-1NULL.\s0 +Each of the \fItrust_store\fR, \fItarget\fR and \fIuntrusted\fR parameters can be NULL. Yet note that \fBX509_verify_cert\fR\|(3) and \fBX509_STORE_CTX_verify\fR\|(3) will need a verification target. This can also be set using \fBX509_STORE_CTX_set_cert()\fR. @@ -239,15 +170,15 @@ .PP \&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain to \fIchain\fR. Ownership of the chain is transferred to \fIctx\fR, -and so it should not be free'd by the caller. +and so it should not be free\*(Aqd by the caller. .PP \&\fBX509_STORE_CTX_get0_chain()\fR returns the internal pointer used by the \&\fIctx\fR that contains the constructed (output) chain. .PP \&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate -verification to \fIsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is +verification to \fIsk\fR. These CRLs will only be used if CRL verification is enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be -used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, +used where additional "useful" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. .PP \&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer @@ -273,20 +204,21 @@ \&\fIctx\fR that contains the validated chain. .PP Details of the chain building and checking process are described in -\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1) and -\&\*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). +"Certification Path Building" in \fBopenssl\-verification\-options\fR\|(1) and +"Certification Path Validation" in \fBopenssl\-verification\-options\fR\|(1). .PP \&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used by \fIctx\fR to be \fIchain\fR. Ownership of the chain is transferred to \fIctx\fR, -and so it should not be free'd by the caller. +and so it should not be free\*(Aqd by the caller. .PP -\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification -method to \fIname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to -find an appropriate set of parameters from the purpose identifier \fIname\fR. -Currently defined purposes are \f(CW\*(C`sslclient\*(C'\fR, \f(CW\*(C`sslserver\*(C'\fR, \f(CW\*(C`nssslserver\*(C'\fR, -\&\f(CW\*(C`smimesign\*(C'\fR, \f(CW\*(C`smimeencrypt\*(C'\fR, \f(CW\*(C`crlsign\*(C'\fR, \f(CW\*(C`ocsphelper\*(C'\fR, \f(CW\*(C`timestampsign\*(C'\fR, -and \f(CW\*(C`any\*(C'\fR. +\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification method. +This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to find +the set of parameters associated with the given verification method \fIname\fR. +Among others, the parameters determine the trust model and verification purpose. +More detail, including the list of currently predefined methods, +is described for the \fB\-verify_name\fR command\-line option +in "Verification Options" in \fBopenssl\-verification\-options\fR\|(1). .PP \&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default verify function. This function is responsible for verifying chain signatures and @@ -303,25 +235,25 @@ return 1 on success or 0 on failure. .PP X509 certificates may contain information about what purposes keys contained -within them can be used for. For example \*(L"\s-1TLS WWW\s0 Server Authentication\*(R" or -\&\*(L"Email Protection\*(R". This \*(L"key usage\*(R" information is held internally to the +within them can be used for. For example "TLS WWW Server Authentication" or +"Email Protection". This "key usage" information is held internally to the certificate itself. In addition the trust store containing trusted certificates -can declare what purposes we trust different certificates for. This \*(L"trust\*(R" -information is not held within the certificate itself but is \*(L"meta\*(R" information -held alongside it. This \*(L"meta\*(R" information is associated with the certificate +can declare what purposes we trust different certificates for. This "trust" +information is not held within the certificate itself but is "meta" information +held alongside it. This "meta" information is associated with the certificate after it is issued and could be determined by a system administrator. For example a certificate might declare that it is suitable for use for both -\&\*(L"\s-1TLS WWW\s0 Server Authentication\*(R" and \*(L"\s-1TLS\s0 Client Authentication\*(R", but a system +"TLS WWW Server Authentication" and "TLS Client Authentication", but a system administrator might only trust it for the former. An X.509 certificate extension exists that can record extended key usage information to supplement the purpose information described above. This extended mechanism is arbitrarily extensible -and not well suited for a generic library \s-1API\s0; applications that need to +and not well suited for a generic library API; applications that need to validate extended key usage information in certificates will need to define a -custom \*(L"purpose\*(R" (see below) or supply a nondefault verification callback +custom "purpose" (see below) or supply a nondefault verification callback (\fBX509_STORE_set_verify_cb_func\fR\|(3)). .PP \&\fBX509_STORE_CTX_set_purpose()\fR sets the purpose for the target certificate being -verified in the \fIctx\fR. Built-in available values for the \fIpurpose\fR argument +verified in the \fIctx\fR. Built\-in available values for the \fIpurpose\fR argument are \fBX509_PURPOSE_SSL_CLIENT\fR, \fBX509_PURPOSE_SSL_SERVER\fR, \&\fBX509_PURPOSE_NS_SSL_SERVER\fR, \fBX509_PURPOSE_SMIME_SIGN\fR, \&\fBX509_PURPOSE_SMIME_ENCRYPT\fR, \fBX509_PURPOSE_CRL_SIGN\fR, \fBX509_PURPOSE_ANY\fR, @@ -335,7 +267,7 @@ the chain. .PP \&\fBX509_STORE_CTX_set_trust()\fR sets the trust value for the target certificate -being verified in the \fIctx\fR. Built-in available values for the \fItrust\fR +being verified in the \fIctx\fR. Built\-in available values for the \fItrust\fR argument are \fBX509_TRUST_COMPAT\fR, \fBX509_TRUST_SSL_CLIENT\fR, \&\fBX509_TRUST_SSL_SERVER\fR, \fBX509_TRUST_EMAIL\fR, \fBX509_TRUST_OBJECT_SIGN\fR, \&\fBX509_TRUST_OCSP_SIGN\fR, \fBX509_TRUST_OCSP_REQUEST\fR and \fBX509_TRUST_TSA\fR. It is @@ -350,7 +282,7 @@ \&\fBX509_STORE_CTX_set_purpose()\fR or \fBX509_STORE_CTX_set_trust()\fR instead. Using this function it is possible to set the purpose and trust values for the \fIctx\fR at the same time. -Both \fIctx\fR and its internal verification parameter pointer must not be \s-1NULL.\s0 +Both \fIctx\fR and its internal verification parameter pointer must not be NULL. The \fIdef_purpose\fR and \fIpurpose\fR arguments can have the same purpose values as described for \fBX509_STORE_CTX_set_purpose()\fR above. The \fItrust\fR argument can have the same trust values as described in @@ -364,24 +296,24 @@ the default trust value for \fIpurpose\fR. If the default trust value for the purpose is \fIX509_TRUST_DEFAULT\fR and \fItrust\fR is 0 then the default trust value associated with the \fIdef_purpose\fR value is used for the trust setting instead. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The certificates and CRLs in a store are used internally and should \fBnot\fR be freed up until after the associated \fBX509_STORE_CTX\fR is freed. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" The certificates and CRLs in a context are used internally and should \fBnot\fR be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies should be made or reference counts increased instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_STORE_CTX_new()\fR returns a newly allocated context or \s-1NULL\s0 if an +\&\fBX509_STORE_CTX_new()\fR returns a newly allocated context or NULL if an error occurred. .PP \&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. .PP \&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR -structure or \s-1NULL\s0 if an error occurred. +structure or NULL if an error occurred. .PP \&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, \&\fBX509_STORE_CTX_set0_trusted_stack()\fR, @@ -397,18 +329,18 @@ .IX Header "SEE ALSO" \&\fBX509_verify_cert\fR\|(3), \fBX509_STORE_CTX_verify\fR\|(3), \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. The \fBX509_STORE_CTX_new_ex()\fR function was added in OpenSSL 3.0. .PP There is no need to call \fBX509_STORE_CTX_cleanup()\fR explicitly since OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2009\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3.orig +++ secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_SET_VERIFY_CB 3ossl" -.TH X509_STORE_CTX_SET_VERIFY_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_STORE_CTX_SET_VERIFY_CB 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, @@ -154,7 +79,7 @@ X509_STORE_CTX_verify_cb, X509_STORE_CTX_print_verify_cb \&\- get and set X509_STORE_CTX components such as verification callback -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -178,7 +103,7 @@ \& X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); \& X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to \&\fBverify_cb\fR overwriting any existing callback. @@ -219,14 +144,14 @@ and \fBX509_STORE_CTX_get_cleanup()\fR return the function pointers cached from the corresponding \fBX509_STORE\fR, please see \&\fBX509_STORE_set_verify\fR\|(3) for more information. -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" -In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in +In general a verification callback should \fBNOT\fR unconditionally return 1 in all circumstances because this will allow verification to succeed no matter what the error. This effectively removes all security from the application because \fBany\fR certificate (including untrusted generated ones) will be accepted. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The verification callback can be set and inherited from the parent structure performing the operation. In some cases (such as S/MIME verification) the @@ -236,7 +161,7 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Default callback operation: .PP @@ -259,7 +184,7 @@ \& } .Ve .PP -More complex example, we don't wish to continue after \fBany\fR certificate has +More complex example, we don\*(Aqt wish to continue after \fBany\fR certificate has expired just one specific case: .PP .Vb 4 @@ -277,7 +202,7 @@ .Ve .PP Full featured logging callback. In this case the \fBbio_err\fR is assumed to be -a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using +a global logging \fBBIO\fR, an alternative would to store a BIO in \fBctx\fR using \&\fBex_data\fR. .PP .Vb 4 @@ -336,7 +261,7 @@ \&\fBX509_STORE_CTX_get_error\fR\|(3) \&\fBX509_STORE_set_verify_cb_func\fR\|(3) \&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \&\fBX509_STORE_CTX_get_get_issuer()\fR, @@ -347,11 +272,11 @@ and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. .PP \&\fBX509_STORE_CTX_print_verify_cb()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3.orig +++ secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_STORE_ADD_CERT 3ossl" -.TH X509_STORE_ADD_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_STORE_ADD_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, @@ -148,7 +73,7 @@ X509_STORE_set_default_paths_ex, X509_STORE_set_default_paths, X509_STORE_load_locations_ex, X509_STORE_load_locations \&\- X509_STORE manipulation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -181,7 +106,7 @@ \& int X509_STORE_load_locations(X509_STORE *ctx, \& const char *file, const char *dir); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBX509_STORE\fR structure is intended to be a consolidated mechanism for holding information about X.509 certificates and CRLs, and constructing @@ -191,8 +116,8 @@ how validation and policy checks are performed. .PP Details of the chain building and checking process are described in -\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1) and -\&\*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). +"Certification Path Building" in \fBopenssl\-verification\-options\fR\|(1) and +"Certification Path Validation" in \fBopenssl\-verification\-options\fR\|(1). .PP \&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains no information about trusted certificates or where such certificates @@ -203,10 +128,10 @@ and many behaviors configured as desired. .PP Once the \fBX509_STORE\fR is suitably configured, \fBX509_STORE_CTX_new()\fR is -used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building -and verification operation. That process includes providing the end-entity +used to instantiate a single\-use \fBX509_STORE_CTX\fR for each chain\-building +and verification operation. That process includes providing the end\-entity certificate to be verified and an additional set of untrusted certificates -that may be used in chain-building. As such, it is expected that the +that may be used in chain\-building. As such, it is expected that the certificates included in the \fBX509_STORE\fR are certificates that represent trusted entities such as root certificate authorities (CAs). OpenSSL represents these trusted certificates internally as \fBX509\fR objects @@ -216,8 +141,8 @@ operate on pointers to \fBX509\fR objects, though. .PP \&\fBX509_STORE_add_cert()\fR and \fBX509_STORE_add_crl()\fR add the respective object -to the \fBX509_STORE\fR's local storage. Untrusted objects should not be -added in this way. The added object's reference count is incremented by one, +to the \fBX509_STORE\fR\*(Aqs local storage. Untrusted objects should not be +added in this way. The added object\*(Aqs reference count is incremented by one, hence the caller retains ownership of the object and needs to free it when it is no longer needed. .PP @@ -237,7 +162,7 @@ query \fIpropq\fR are used when fetching algorithms from providers. .PP \&\fBX509_STORE_load_file()\fR is similar to \fBX509_STORE_load_file_ex()\fR but -uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP \&\fBX509_STORE_load_path()\fR loads trusted certificate(s) into an \&\fBX509_STORE\fR from a given directory path. @@ -245,11 +170,11 @@ documented in \fBX509_LOOKUP_hash_dir\fR\|(3). .PP \&\fBX509_STORE_load_store_ex()\fR loads trusted certificate(s) into an -\&\fBX509_STORE\fR from a store at a given \s-1URI.\s0 The library context \fIlibctx\fR and +\&\fBX509_STORE\fR from a store at a given URI. The library context \fIlibctx\fR and property query \fIpropq\fR are used when fetching algorithms from providers. .PP \&\fBX509_STORE_load_store()\fR is similar to \fBX509_STORE_load_store_ex()\fR but -uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP \&\fBX509_STORE_load_locations_ex()\fR combines \&\fBX509_STORE_load_file_ex()\fR and \fBX509_STORE_load_path()\fR for a given file @@ -258,7 +183,7 @@ paths. .PP \&\fBX509_STORE_load_locations()\fR is similar to \fBX509_STORE_load_locations_ex()\fR -but uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +but uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP \&\fBX509_STORE_set_default_paths_ex()\fR is somewhat misnamed, in that it does not set what default paths should be used for loading certificates. Instead, @@ -267,7 +192,7 @@ fetching algorithms from providers. .PP \&\fBX509_STORE_set_default_paths()\fR is similar to -\&\fBX509_STORE_set_default_paths_ex()\fR but uses \s-1NULL\s0 for the library +\&\fBX509_STORE_set_default_paths_ex()\fR but uses NULL for the library context \fIlibctx\fR and property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -281,23 +206,23 @@ return 1 on success or 0 on failure. .PP \&\fBX509_STORE_add_lookup()\fR returns the found or created -\&\fBX509_LOOKUP\fR\|(3), or \s-1NULL\s0 on error. +\&\fBX509_LOOKUP\fR\|(3), or NULL on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_LOOKUP_hash_dir\fR\|(3). \&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). \&\fBX509_STORE_new\fR\|(3), \&\fBX509_STORE_get0_param\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBX509_STORE_set_default_paths_ex()\fR, \&\fBX509_STORE_load_file_ex()\fR, \fBX509_STORE_load_store_ex()\fR and \&\fBX509_STORE_load_locations_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3.orig +++ secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_STORE_GET0_PARAM 3ossl" -.TH X509_STORE_GET0_PARAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_STORE_GET0_PARAM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects, X509_STORE_get1_all_certs \&\- X509_STORE setter and getter functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,7 +77,7 @@ \& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *ctx); \& STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_STORE_set1_param()\fR sets the verification parameters to \fBpm\fR for \fBctx\fR. @@ -161,12 +86,13 @@ parameters for \fBctx\fR. The returned pointer must not be freed by the calling application .PP -\&\fBX509_STORE_get0_objects()\fR retrieves an internal pointer to the store's +\&\fBX509_STORE_get0_objects()\fR retrieves an internal pointer to the store\*(Aqs X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The returned pointer must not be freed by the calling application. .PP \&\fBX509_STORE_get1_all_certs()\fR returns a list of all certificates in the store. -The caller is responsible for freeing the returned list. +The caller is responsible for freeing the returned list +with sk_X509_pop_free(sk, X509_free). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_get0_param()\fR returns a pointer to an @@ -177,20 +103,21 @@ \&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. .PP \&\fBX509_STORE_get1_all_certs()\fR returns a pointer to a stack of the retrieved -certificates on success, else \s-1NULL.\s0 +certificates on success, else NULL. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBDEFINE_STACK_OF\fR\|(3), \&\fBX509_STORE_new\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in OpenSSL 1.1.0. \&\fBX509_STORE_get1_certs\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_STORE_new.3.orig +++ secure/lib/libcrypto/man/man3/X509_STORE_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_STORE_NEW 3ossl" -.TH X509_STORE_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_STORE_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock,X509_STORE_unlock \&\- X509_STORE allocation, freeing and locking functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,7 +78,7 @@ \& int X509_STORE_unlock(X509_STORE *v); \& int X509_STORE_up_ref(X509_STORE *v); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBX509_STORE_new()\fR function returns a new X509_STORE. .PP @@ -164,9 +89,10 @@ \&\fBX509_STORE_unlock()\fR unlocks it. .PP \&\fBX509_STORE_free()\fR frees up a single X509_STORE object. +If the argument is NULL, nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. +\&\fBX509_STORE_new()\fR returns a newly created X509_STORE or NULL if the call fails. .PP \&\fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR return 1 for success and 0 for failure. @@ -176,15 +102,15 @@ .IX Header "SEE ALSO" \&\fBX509_STORE_set_verify_cb_func\fR\|(3) \&\fBX509_STORE_get0_param\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3.orig +++ secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3ossl" -.TH X509_STORE_SET_VERIFY_CB_FUNC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, @@ -172,7 +97,7 @@ X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn \&\- set verification callback -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -257,7 +182,7 @@ \& void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, \& X509_STORE_CTX_lookup_crls_fn lookup_crls); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fIctx\fR to \&\fIverify_cb\fR overwriting the previous callback. @@ -269,7 +194,7 @@ \&\fIctx\fR to \fIverify\fR. Its purpose is to go through the chain of certificates and check that all signatures are valid and that the current time is within the -limits of each certificate's first and last validity time. +limits of each certificate\*(Aqs first and last validity time. The final chain verification functions must return 0 on failure and 1 on success. \&\fIIf no chain verification function is provided, the internal default @@ -282,16 +207,16 @@ If the function returns 1 the caller is responsible for freeing \fI*issuer\fR. .PP \&\fBX509_STORE_set_get_issuer()\fR sets the function \fIget_issuer\fR -to get the \*(L"best\*(R" candidate issuer certificate of the given certificate \fIx\fR. -When such a certificate is found, \fIget_issuer\fR must up-ref and assign it +to get the "best" candidate issuer certificate of the given certificate \fIx\fR. +When such a certificate is found, \fIget_issuer\fR must up\-ref and assign it to \fI*issuer\fR and then return 1. Otherwise \fIget_issuer\fR must return 0 if not found and \-1 (or 0) on failure. -If \fBX509_STORE_set_get_issuer()\fR is not used or \fIget_issuer\fR is \s-1NULL\s0 +If \fBX509_STORE_set_get_issuer()\fR is not used or \fIget_issuer\fR is NULL then \fBX509_STORE_CTX_get1_issuer()\fR is used as the default implementation. .PP \&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given certificate \fIx\fR is issued by the issuer certificate \fIissuer\fR. -This function must return 0 on failure (among others if \fIx\fR hasn't +This function must return 0 on failure (among others if \fIx\fR hasn\*(Aqt been issued with \fIissuer\fR) and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR @@ -332,7 +257,7 @@ \&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the functions to look up all the certs or all the CRLs that match the given name \fInm\fR. -These functions return \s-1NULL\s0 on failure and a pointer to a stack of +These functions return NULL on failure and a pointer to a stack of certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on success. \&\fIIf no function to get the issuer is provided, the internal default @@ -340,7 +265,7 @@ .PP \&\fBX509_STORE_set_cleanup()\fR sets the final cleanup function, which is called when the context (\fBX509_STORE_CTX\fR) is being torn down. -This function doesn't return any value. +This function doesn\*(Aqt return any value. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP @@ -355,7 +280,7 @@ \&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_set_get_crl()\fR, \&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_set_cert_crl()\fR, \&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_set_lookup_certs()\fR, -\&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if +\&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or NULL if no assignment has been made. .PP \&\fBX509_STORE_set_verify_cb_func()\fR, \fBX509_STORE_set_verify_func()\fR and @@ -363,12 +288,12 @@ \&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_set_verify()\fR and X509_STORE_set_lookup_crls, available as macros for backward compatibility. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" All the callbacks from a \fBX509_STORE\fR are inherited by the corresponding \fBX509_STORE_CTX\fR structure when it is initialized. See \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" The macro version of this function was the only one available before OpenSSL 1.0.0. @@ -386,7 +311,7 @@ \&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3), \&\fBX509_STORE_CTX_verify_cb\fR\|(3), \fBX509_STORE_CTX_verify_fn\fR\|(3), \&\fBCMS_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. .PP @@ -404,11 +329,11 @@ \&\fBX509_STORE_set_lookup_crls()\fR, \fBX509_STORE_get_lookup_crls()\fR, \&\fBX509_STORE_set_cleanup()\fR and \fBX509_STORE_get_cleanup()\fR were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2009\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3.orig +++ secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_SET_FLAGS 3ossl" -.TH X509_VERIFY_PARAM_SET_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_VERIFY_PARAM_SET_FLAGS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, @@ -156,7 +81,7 @@ X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_get1_ip_asc, X509_VERIFY_PARAM_set1_ip_asc \&\- X509 verification parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -206,13 +131,13 @@ \& const unsigned char *ip, size_t iplen); \& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with a certificate verification operation. .PP The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring -it with \fBflags\fR. See \*(L"\s-1VERIFICATION FLAGS\*(R"\s0 for a complete +it with \fBflags\fR. See "VERIFICATION FLAGS" for a complete description of values the \fBflags\fR parameter can take. .PP \&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. @@ -220,7 +145,7 @@ \&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR which specifies how verification flags are copied from one structure to another. \fBX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. -See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits. +See the \fBINHERITANCE FLAGS\fR section for a description of these bits. .PP \&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. .PP @@ -241,18 +166,18 @@ .PP \&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing -policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear +policy set is cleared. The \fBpolicies\fR parameter can be \fBNULL\fR to clear an existing policy set. .PP \&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. -That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a +That is the maximum number of intermediate CA certificates that can appear in a chain. A maximal depth chain contains 2 more certificates than the limit, since -neither the end-entity certificate nor the trust-anchor count against this +neither the end\-entity certificate nor the trust\-anchor count against this limit. -Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed +Thus a \fBdepth\fR limit of 0 only allows the end\-entity certificate to be signed directly by the trust anchor, while with a \fBdepth\fR limit of 1 there can be one -intermediate \s-1CA\s0 certificate between the trust anchor and the end-entity +intermediate CA certificate between the trust anchor and the end\-entity certificate. .PP \&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to @@ -261,27 +186,27 @@ key strength when verifying certificate chains. For a certificate chain to validate, the public keys of all the certificates must meet the specified security level. -The signature algorithm security level is not enforced for the chain's \fItrust +The signature algorithm security level is not enforced for the chain\*(Aqs \fItrust anchor\fR certificate, which is either directly trusted or validated by means other than its signature. See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available levels. -The default security level is \-1, or \*(L"not set\*(R". +The default security level is \-1, or "not set". At security level 0 or lower all algorithms are acceptable. Security level 1 requires at least 80\-bit\-equivalent security and is broadly -interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys +interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits. .PP -\&\fBX509_VERIFY_PARAM_get0_host()\fR returns the \fBn\fRth expected \s-1DNS\s0 hostname that has +\&\fBX509_VERIFY_PARAM_get0_host()\fR returns the \fBn\fRth expected DNS hostname that has been set using \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR. -To obtain all names start with \fBn\fR = 0 and increment \fBn\fR as long as no \s-1NULL\s0 +To obtain all names start with \fBn\fR = 0 and increment \fBn\fR as long as no NULL pointer is returned. .PP -\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to +\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected DNS hostname to \&\fBname\fR clearing any previously specified hostname. If -\&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and +\&\fBname\fR is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If \fBname\fR -is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR +is NUL\-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR must be set to the length of \fBname\fR. .PP When a hostname is specified, @@ -290,19 +215,19 @@ \&\fBX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications are strongly advised to use this interface in preference to explicitly calling \fBX509_check_host\fR\|(3), hostname checks may be out of scope -with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will -be suppressed as appropriate when \s-1DANE\s0 verification is enabled. +with the \fBDANE\-EE\fR\|(3) certificate usage, and the internal check will +be suppressed as appropriate when DANE verification is enabled. .PP When the subject CommonName will not be ignored, whether as a result of the -\&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no \s-1DNS\s0 subject -alternative names are present in the certificate, any \s-1DNS\s0 name constraints in +\&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no DNS subject +alternative names are present in the certificate, any DNS name constraints in issuer certificates apply to the subject CommonName as well as the subject alternative name extension. .PP When the subject CommonName will be ignored, whether as a result of the -\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject -alternative names are present in the certificate, \s-1DNS\s0 name constraints in -issuer certificates will not be applied to the subject \s-1DN.\s0 +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some DNS subject +alternative names are present in the certificate, DNS name constraints in +issuer certificates will not be applied to the subject DN. As described in \fBX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. .PP @@ -310,43 +235,43 @@ call to \fBX509_VERIFY_PARAM_set_hostflags()\fR. .PP \&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference -identifier that can match the peer's certificate. Any previous names +identifier that can match the peer\*(Aqs certificate. Any previous names set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR -are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When +are retained, no change is made if \fBname\fR is NULL or empty. When multiple names are configured, the peer is considered verified when any name matches. .PP -\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject +\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the DNS hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, or when a -reference identifier specifies a parent domain (starts with \*(L".\*(R") +reference identifier specifies a parent domain (starts with ".") rather than a hostname, the peer name may be a wildcard name or a -sub-domain of the reference identifier respectively. The return +sub\-domain of the reference identifier respectively. The return string is allocated by the library and is no longer valid once the associated \fBparam\fR argument is freed. Applications must not free the return value. .PP -\&\fBX509_VERIFY_PARAM_get0_email()\fR returns the expected \s-1RFC822\s0 email address. +\&\fBX509_VERIFY_PARAM_get0_email()\fR returns the expected RFC822 email address. .PP -\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to -\&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise +\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected RFC822 email address to +\&\fBemail\fR. If \fBemail\fR is NUL\-terminated, \fBemaillen\fR may be zero, otherwise \&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address is specified, certificate verification automatically invokes \&\fBX509_check_email\fR\|(3). .PP -\&\fBX509_VERIFY_PARAM_get1_ip_asc()\fR returns the expected \s-1IP\s0 address as a string. +\&\fBX509_VERIFY_PARAM_get1_ip_asc()\fR returns the expected IP address as a string. The caller is responsible for freeing it. .PP -\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. -The \fBip\fR argument is in binary format, in network byte-order and -\&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 +\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected IP address to \fBip\fR. +The \fBip\fR argument is in binary format, in network byte\-order and +\&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an IP address is specified, certificate verification automatically invokes \&\fBX509_check_ip\fR\|(3). .PP -\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to -\&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: -dotted decimal quad for IPv4 and colon-separated hexadecimal for -IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected IP address to +\&\fBipasc\fR. The \fBipasc\fR argument is a NUL\-terminal ASCII string: +dotted decimal quad for IPv4 and colon\-separated hexadecimal for +IPv6. The condensed "::" notation is supported for IPv6 addresses. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR, @@ -360,7 +285,7 @@ .PP \&\fBX509_VERIFY_PARAM_get0_host()\fR, \fBX509_VERIFY_PARAM_get0_email()\fR, and \&\fBX509_VERIFY_PARAM_get1_ip_asc()\fR, return the string pointer specified above -or \s-1NULL\s0 if the respective value has not been set or on error. +or NULL if the respective value has not been set or on error. .PP \&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. .PP @@ -380,16 +305,16 @@ The verification flags consists of zero or more of the following flags ored together. .PP -\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf -certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. +\&\fBX509_V_FLAG_CRL_CHECK\fR enables CRL checking for the certificate chain leaf +certificate. An error occurs if a suitable CRL cannot be found. .PP -\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate -chain. +\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR expands CRL checking to the entire certificate +chain if \fBX509_V_FLAG_CRL_CHECK\fR has also been enabled, and is otherwise ignored. .PP \&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disables critical extension checking. By default any unhandled critical extensions in certificates or (if checked) CRLs result in a fatal error. If this flag is set unhandled critical extensions are -ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging +ignored. \fBWARNING\fR setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are supported can be performed in the verification callback. .PP @@ -405,7 +330,7 @@ \&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and \&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in -\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags +\&\fBRFC3280\fR. Policy checking is automatically enabled if any of these flags are set. .PP If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful @@ -421,12 +346,12 @@ determine certificate status. If not set deltas are ignored. .PP \&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR requests checking the signature of -the last certificate in a chain if the certificate is supposedly self-signed. -This is prohibited and will result in an error if it is a non-conforming \s-1CA\s0 +the last certificate in a chain if the certificate is supposedly self\-signed. +This is prohibited and will result in an error if it is a non\-conforming CA certificate with key usage restrictions not including the \fIkeyCertSign\fR bit. -By default this check is disabled because it doesn't +By default this check is disabled because it doesn\*(Aqt add any additional security but in some cases applications might want to -check the signature anyway. A side effect of not checking the self-signature +check the signature anyway. A side effect of not checking the self\-signature of such a certificate is that disabled or unsupported message digests used for the signature are not treated as fatal errors. .PP @@ -437,7 +362,7 @@ Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important when some certificates in the trust store have -explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBopenssl\-x509\fR\|(1)). +explicit trust settings (see "TRUST SETTINGS" in \fBopenssl\-x509\fR\|(1)). .PP The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag could have been used before OpenSSL 1.1.0 to suppress checking for alternative chains. @@ -449,15 +374,15 @@ As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option has no effect. .PP -The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes non-self-signed certificates in the -trust store to be treated as trust anchors, in the same way as self-signed -root \s-1CA\s0 certificates. -This makes it possible to trust self-issued certificates as well as certificates -issued by an intermediate \s-1CA\s0 without having to trust their ancestor root \s-1CA.\s0 +The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes non\-self\-signed certificates in the +trust store to be treated as trust anchors, in the same way as self\-signed +root CA certificates. +This makes it possible to trust self\-issued certificates as well as certificates +issued by an intermediate CA without having to trust their ancestor root CA. With OpenSSL 1.1.0 and later and \fBX509_V_FLAG_PARTIAL_CHAIN\fR set, chain construction stops as soon as the first certificate contained in the trust store -is added to the chain, whether that certificate is a self-signed \*(L"root\*(R" -certificate or a not self-signed \*(L"intermediate\*(R" or self-issued certificate. +is added to the chain, whether that certificate is a self\-signed "root" +certificate or a not self\-signed "intermediate" or self\-issued certificate. Thus, when an intermediate certificate is found in the trust store, the verified chain passed to callbacks may be shorter than it otherwise would be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. @@ -467,7 +392,7 @@ is used to specify a verification time, the check is not suppressed. .SH "INHERITANCE FLAGS" .IX Header "INHERITANCE FLAGS" -These flags specify how parameters are \*(L"inherited\*(R" from one structure to +These flags specify how parameters are "inherited" from one structure to another. .PP If \fBX509_VP_FLAG_ONCE\fR is set then the current setting is zeroed @@ -477,8 +402,8 @@ all of the following flags. .PP If \fBX509_VP_FLAG_DEFAULT\fR is set then anything set in the source is copied -to the destination. Effectively the values in \*(L"to\*(R" become default values -which will be used only if nothing new is set in \*(L"from\*(R". This is the +to the destination. Effectively the values in "to" become default values +which will be used only if nothing new is set in "from". This is the default. .PP If \fBX509_VP_FLAG_OVERWRITE\fR is set then all value are copied across whether @@ -486,25 +411,25 @@ .PP If \fBX509_VP_FLAG_RESET_FLAGS\fR is set then the flags value is copied instead of ORed. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The above functions should be used to manipulate verification parameters instead of functions which work in specific structures such as \&\fBX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future release. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and +Delta CRL checking is currently primitive. Only a single delta can be used and (partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not maintained. .PP If CRLs checking is enable CRLs are expected to be available in the corresponding \fBX509_STORE\fR structure. No attempt is made to download -CRLs from the \s-1CRL\s0 distribution points extension. -.SH "EXAMPLES" +CRLs from the CRL distribution points extension. +.SH EXAMPLES .IX Header "EXAMPLES" -Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 -connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: +Enable CRL checking when performing certificate verification during SSL +connections associated with an \fBSSL_CTX\fR structure \fBctx\fR: .PP .Vb 1 \& X509_VERIFY_PARAM *param; @@ -521,7 +446,7 @@ \&\fBX509_check_email\fR\|(3), \&\fBX509_check_ip\fR\|(3), \&\fBopenssl\-x509\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 @@ -535,11 +460,11 @@ The function \fBX509_VERIFY_PARAM_add0_policy()\fR was historically documented as enabling policy checking however the implementation has never done this. The documentation was changed to align with the implementation. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2009\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_add_cert.3.orig +++ secure/lib/libcrypto/man/man3/X509_add_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_ADD_CERT 3ossl" -.TH X509_ADD_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_ADD_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_add_cert, X509_add_certs \- X509 certificate list addition functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -150,12 +75,13 @@ \& int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags); \& int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_add_cert()\fR adds a certificate \fIcert\fR to the given list \fIsk\fR. +It is an error for the \fIcert\fR argument to be NULL. .PP \&\fBX509_add_certs()\fR adds a list of certificate \fIcerts\fR to the given list \fIsk\fR. -The \fIcerts\fR argument may be \s-1NULL,\s0 which implies no effect. +The \fIcerts\fR argument may be NULL, which implies no effect. It does not modify the list \fIcerts\fR but in case the \fBX509_ADD_FLAG_UP_REF\fR flag (described below) is set the reference counters of those of its members added to \fIsk\fR are increased. @@ -175,12 +101,12 @@ If \fBX509_ADD_FLAG_NO_DUP\fR is set then certificates already contained in \fIsk\fR, which is determined using \fBX509_cmp\fR\|(3), are ignored. .PP -If \fBX509_ADD_FLAG_NO_SS\fR is set then certificates that are marked self-signed, +If \fBX509_ADD_FLAG_NO_SS\fR is set then certificates that are marked self\-signed, which is determined using \fBX509_self_signed\fR\|(3), are ignored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Both functions return 1 for success and 0 for failure. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" If \fBX509_add_certs()\fR is used with the flags \fBX509_ADD_FLAG_NO_DUP\fR or \&\fBX509_ADD_FLAG_NO_SS\fR it is advisable to use also \fBX509_ADD_FLAG_UP_REF\fR @@ -192,15 +118,15 @@ .IX Header "SEE ALSO" \&\fBX509_cmp\fR\|(3) \&\fBX509_self_signed\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The functions \fBX509_add_cert()\fR and \fBX509_add_certs()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_check_ca.3.orig +++ secure/lib/libcrypto/man/man3/X509_check_ca.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,97 +53,38 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_CHECK_CA 3ossl" -.TH X509_CHECK_CA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_CHECK_CA 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_check_ca \- check if given certificate is CA certificate -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_check_ca(X509 *cert); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This function checks if given certificate is \s-1CA\s0 certificate (can be used +This function checks if given certificate is CA certificate (can be used to sign other certificates). The certificate must be a complete certificate otherwise an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 -\&\s-1CA\s0 certificate with \fBbasicConstraints\fR extension \s-1CA:TRUE, -3,\s0 if it is self-signed X509 v1 certificate, 4, if it is certificate with +Function return 0, if it is not CA certificate, 1 if it is proper X509v3 +CA certificate with \fBbasicConstraints\fR extension CA:TRUE, +3, if it is self\-signed X509 v1 certificate, 4, if it is certificate with \&\fBkeyUsage\fR extension with bit \fBkeyCertSign\fR set, but without \&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type -extension telling that it is \s-1CA\s0 certificate. +extension telling that it is CA certificate. .PP This function will also return 0 on error. .PP @@ -170,11 +95,11 @@ \&\fBX509_verify_cert\fR\|(3), \&\fBX509_check_issued\fR\|(3), \&\fBX509_check_purpose\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_check_host.3.orig +++ secure/lib/libcrypto/man/man3/X509_check_host.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_CHECK_HOST 3ossl" -.TH X509_CHECK_HOST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_CHECK_HOST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 certificate matching -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,43 +78,43 @@ \& unsigned int flags); \& int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The certificate matching functions are used to check whether a -certificate matches a given hostname, email address, or \s-1IP\s0 address. +certificate matches a given hostname, email address, or IP address. The validity of the certificate and its trust level has to be checked by other means. .PP \&\fBX509_check_host()\fR checks if the certificate Subject Alternative -Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname, +Name (SAN) or Subject CommonName (CN) matches the specified hostname, which must be encoded in the preferred name syntax described -in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported -and they match only in the left-most label; but they may match +in section 3.5 of RFC 1034. By default, wildcards are supported +and they match only in the left\-most label; but they may match part of that label with an explicit prefix or suffix. For example, -by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a -certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R" -or \*(L"*w.example.com\*(R". +by default, the host \fBname\fR "www.example.com" would match a +certificate with a SAN or CN value of "*.example.com", "w*.example.com" +or "*w.example.com". .PP -Per section 6.4.2 of \s-1RFC 6125,\s0 \fBname\fR values representing international +Per section 6.4.2 of RFC 6125, \fBname\fR values representing international domain names must be given in A\-label form. The \fBnamelen\fR argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts -with a dot (e.g. \*(L".example.com\*(R"), it will be matched by a certificate -valid for any sub-domain of \fBname\fR, (see also +with a dot (e.g. ".example.com"), it will be matched by a certificate +valid for any sub\-domain of \fBname\fR, (see also \&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). .PP -When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a -pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate +When the certificate is matched, and \fBpeername\fR is not NULL, a +pointer to a copy of the matching SAN or CN from the peer certificate is stored at the address passed in \fBpeername\fR. The application is responsible for freeing the peername via \fBOPENSSL_free()\fR when it is no longer needed. .PP \&\fBX509_check_email()\fR checks if the certificate matches the specified -email \fBaddress\fR. The mailbox syntax of \s-1RFC 822\s0 is supported, +email \fBaddress\fR. The mailbox syntax of RFC 822 is supported, comments are not allowed, and no attempt is made to normalize quoted -characters. The mailbox syntax of \s-1RFC 6531\s0 is supported for -SmtpUTF8Mailbox address in subjectAltName according to \s-1RFC 8398,\s0 -with similar limitations as for \s-1RFC 822\s0 syntax, and no attempt +characters. The mailbox syntax of RFC 6531 is supported for +SmtpUTF8Mailbox address in subjectAltName according to RFC 8398, +with similar limitations as for RFC 822 syntax, and no attempt is made to convert from A\-label to U\-label before comparison. The \fBaddresslen\fR argument must be the number of characters in the address string or zero in which case the length @@ -198,80 +123,80 @@ \&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or IPv6 address. The \fBaddress\fR array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only -explicitly marked addresses in the certificates are considered; \s-1IP\s0 -addresses stored in \s-1DNS\s0 names and Common Names are ignored. There are +explicitly marked addresses in the certificates are considered; IP +addresses stored in DNS names and Common Names are ignored. There are currently no \fBflags\fR that would affect the behavior of this call. .PP -\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated +\&\fBX509_check_ip_asc()\fR is similar, except that the NUL\-terminated string \fBaddress\fR is first converted to the internal representation. .PP -The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the +The \fBflags\fR argument is usually 0. It can be the bitwise OR of the flags: -.IP "\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR," 4 +.IP \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR, 4 .IX Item "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT," .PD 0 -.IP "\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR," 4 +.IP \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR, 4 .IX Item "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT," -.IP "\fBX509_CHECK_FLAG_NO_WILDCARDS\fR," 4 +.IP \fBX509_CHECK_FLAG_NO_WILDCARDS\fR, 4 .IX Item "X509_CHECK_FLAG_NO_WILDCARDS," -.IP "\fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR," 4 +.IP \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR, 4 .IX Item "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS," -.IP "\fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR." 4 +.IP \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR. 4 .IX Item "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS." -.IP "\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR." 4 +.IP \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR. 4 .IX Item "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS." .PD .PP The \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag causes the function -to consider the subject \s-1DN\s0 even if the certificate contains at least -one subject alternative name of the right type (\s-1DNS\s0 name or email -address as appropriate); the default is to ignore the subject \s-1DN\s0 +to consider the subject DN even if the certificate contains at least +one subject alternative name of the right type (DNS name or email +address as appropriate); the default is to ignore the subject DN when at least one corresponding subject alternative names is present. .PP The \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag causes the function to never -consider the subject \s-1DN\s0 even if the certificate contains no subject alternative -names of the right type (\s-1DNS\s0 name or email address as appropriate); the default -is to use the subject \s-1DN\s0 when no corresponding subject alternative names are +consider the subject DN even if the certificate contains no subject alternative +names of the right type (DNS name or email address as appropriate); the default +is to use the subject DN when no corresponding subject alternative names are present. If both \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR and \&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR are specified, the latter takes -precedence and the subject \s-1DN\s0 is not checked for matching names. +precedence and the subject DN is not checked for matching names. .PP If set, \fBX509_CHECK_FLAG_NO_WILDCARDS\fR disables wildcard expansion; this only applies to \fBX509_check_host\fR. .PP If set, \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR suppresses support -for \*(L"*\*(R" as wildcard pattern in labels that have a prefix or suffix, -such as: \*(L"www*\*(R" or \*(L"*www\*(R"; this only applies to \fBX509_check_host\fR. +for "*" as wildcard pattern in labels that have a prefix or suffix, +such as: "www*" or "*www"; this only applies to \fBX509_check_host\fR. .PP -If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a \*(L"*\*(R" that -constitutes the complete label of a \s-1DNS\s0 name (e.g. \*(L"*.example.com\*(R") +If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a "*" that +constitutes the complete label of a DNS name (e.g. "*.example.com") to match more than one label in \fBname\fR; this flag only applies to \fBX509_check_host\fR. .PP If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR -values which start with \*(L".\*(R", that would otherwise match any sub-domain -in the peer certificate, to only match direct child sub-domains. -Thus, for instance, with this flag set a \fBname\fR of \*(L".example.com\*(R" -would match a peer certificate with a \s-1DNS\s0 name of \*(L"www.example.com\*(R", -but would not match a peer certificate with a \s-1DNS\s0 name of -\&\*(L"www.sub.example.com\*(R"; this flag only applies to \fBX509_check_host\fR. +values which start with ".", that would otherwise match any sub\-domain +in the peer certificate, to only match direct child sub\-domains. +Thus, for instance, with this flag set a \fBname\fR of ".example.com" +would match a peer certificate with a DNS name of "www.example.com", +but would not match a peer certificate with a DNS name of +"www.sub.example.com"; this flag only applies to \fBX509_check_host\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return 1 for a successful match, 0 for a failed match and \-1 for an internal error: typically a memory allocation failure -or an \s-1ASN.1\s0 decoding error. +or an ASN.1 decoding error. .PP All functions can also return \-2 if the input is malformed. For example, \&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded NULs. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR rather than explicitly calling \fBX509_check_host\fR\|(3). Hostname -checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, +checks may be out of scope with the \fBDANE\-EE\fR\|(3) certificate usage, and the internal checks will be suppressed as appropriate when -\&\s-1DANE\s0 support is enabled. +DANE support is enabled. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_verify_result\fR\|(3), @@ -279,14 +204,14 @@ \&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), \&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), \&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2012\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_check_issued.3.orig +++ secure/lib/libcrypto/man/man3/X509_check_issued.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,91 +53,32 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_CHECK_ISSUED 3ossl" -.TH X509_CHECK_ISSUED 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_CHECK_ISSUED 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_check_issued \- checks if certificate is apparently issued by another certificate -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_check_issued(X509 *issuer, X509 *subject); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_check_issued()\fR checks if certificate \fIsubject\fR was apparently issued -using (\s-1CA\s0) certificate \fIissuer\fR. This function takes into account not only +using (CA) certificate \fIissuer\fR. This function takes into account not only matching of the issuer field of \fIsubject\fR with the subject field of \fIissuer\fR, -but also compares all sub-fields of the \fBauthorityKeyIdentifier\fR extension of +but also compares all sub\-fields of the \fBauthorityKeyIdentifier\fR extension of \&\fIsubject\fR, as far as present, with the respective \fBsubjectKeyIdentifier\fR, serial number, and issuer fields of \fIissuer\fR, as far as present. It also checks if the \fBkeyUsage\fR field (if present) of \fIissuer\fR allows certificate signing. @@ -167,11 +92,11 @@ .IX Header "SEE ALSO" \&\fBX509_verify_cert\fR\|(3), \fBX509_verify\fR\|(3), \fBX509_check_ca\fR\|(3), \&\fBopenssl\-verify\fR\|(1), \fBX509_self_signed\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_check_private_key.3.orig +++ secure/lib/libcrypto/man/man3/X509_check_private_key.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_CHECK_PRIVATE_KEY 3ossl" -.TH X509_CHECK_PRIVATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_CHECK_PRIVATE_KEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a private key with the public key in an X509 certificate or certificate request -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -151,7 +76,7 @@ \& \& int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_check_private_key()\fR function checks the consistency of private key \fBk\fR with the public key in \fBx\fR. @@ -165,21 +90,21 @@ .PP If the key is invalid or an error occurred, the reason code can be obtained using \fBERR_get_error\fR\|(3). -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed +The \fBcheck_private_key\fR functions don\*(Aqt check if \fBk\fR itself is indeed a private key or not. It merely compares the public materials (e.g. exponent -and modulus of an \s-1RSA\s0 key) and/or key parameters (e.g. \s-1EC\s0 params of an \s-1EC\s0 key) +and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) of a key pair. So if you pass a public key to these functions in \fBk\fR, it will return success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_check_purpose.3.orig +++ secure/lib/libcrypto/man/man3/X509_check_purpose.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,93 +53,34 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_CHECK_PURPOSE 3ossl" -.TH X509_CHECK_PURPOSE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_CHECK_PURPOSE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_check_purpose \- Check the purpose of a certificate -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_check_purpose(X509 *x, int id, int ca); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This function checks if certificate \fIx\fR was created with the purpose represented by \fIid\fR. If \fIca\fR is nonzero, then certificate \fIx\fR is -checked to determine if it's a possible \s-1CA\s0 with various levels of certainty +checked to determine if it\*(Aqs a possible CA with various levels of certainty possibly returned. The certificate \fIx\fR must be a complete certificate otherwise the function returns an error. .PP -Below are the potential \s-1ID\s0's that can be checked: +Below are the potential ID\*(Aqs that can be checked: .PP .Vb 9 \& # define X509_PURPOSE_SSL_CLIENT 1 @@ -173,7 +98,7 @@ keyUsage, extendedKeyUsage, and basicConstraints. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -For non-CA checks +For non\-CA checks .IP "\-1 an error condition has occurred" 4 .IX Item "-1 an error condition has occurred" .PD 0 @@ -183,26 +108,26 @@ .IX Item " 0 if the certificate was not created to perform the purpose represented by id" .PD .PP -For \s-1CA\s0 checks the below integers could be returned with the following meanings: +For CA checks the below integers could be returned with the following meanings: .IP "\-1 an error condition has occurred" 4 .IX Item "-1 an error condition has occurred" .PD 0 -.IP " 0 not a \s-1CA\s0 or does not have the purpose represented by \fIid\fR" 4 +.IP " 0 not a CA or does not have the purpose represented by \fIid\fR" 4 .IX Item " 0 not a CA or does not have the purpose represented by id" -.IP " 1 is a \s-1CA.\s0" 4 +.IP " 1 is a CA." 4 .IX Item " 1 is a CA." -.IP " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a \s-1CA\s0" 4 +.IP " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA" 4 .IX Item " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA" .IP " 3 basicConstraints absent but self signed V1." 4 .IX Item " 3 basicConstraints absent but self signed V1." .IP " 4 basicConstraints absent but keyUsage present and keyCertSign asserted." 4 .IX Item " 4 basicConstraints absent but keyUsage present and keyCertSign asserted." -.IP " 5 legacy Netscape specific \s-1CA\s0 Flags present" 4 +.IP " 5 legacy Netscape specific CA Flags present" 4 .IX Item " 5 legacy Netscape specific CA Flags present" .PD -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file -\&\s-1LICENSE\s0 in the source distribution or at . +LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_cmp.3.orig +++ secure/lib/libcrypto/man/man3/X509_cmp.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_CMP 3ossl" -.TH X509_CMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_CMP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match \&\- compare X509 certificates and related values -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,22 +81,22 @@ \& int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); \& int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This set of functions are used to compare X509 objects, including X509 -certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. +certificates, X509 CRL objects and various values in an X509 certificate. .PP The \fBX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters \&\fIa\fR and \fIb\fR. The comparison is based on the \fBmemcmp\fR result of the hash -values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. +values of two \fBX509\fR objects and the canonical (DER) encoding values. .PP The \fBX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by parameters \fIa\fR and \fIb\fR. The comparison is based on the \fBmemcmp\fR result of the -canonical (\s-1DER\s0) encoding values of the two objects using \fBi2d_X509_NAME\fR\|(3). -This procedure adheres to the matching rules for Distinguished Names (\s-1DN\s0) -given in \s-1RFC 4517\s0 section 4.2.15 and \s-1RFC 5280\s0 section 7.1. +canonical (DER) encoding values of the two objects using \fBi2d_X509_NAME\fR\|(3). +This procedure adheres to the matching rules for Distinguished Names (DN) +given in RFC 4517 section 4.2.15 and RFC 5280 section 7.1. In particular, the order of Relative Distinguished Names (RDNs) is relevant. -On the other hand, if an \s-1RDN\s0 is multi-valued, i.e., it contains a set of +On the other hand, if an RDN is multi\-valued, i.e., it contains a set of AttributeValueAssertions (AVAs), its members are effectively not ordered. .PP The \fBX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer @@ -184,7 +109,7 @@ .IX Xref "509" .PP The \fBX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike the -\&\fBX509_CRL_cmp()\fR function, this function compares the whole \s-1CRL\s0 content instead +\&\fBX509_CRL_cmp()\fR function, this function compares the whole CRL content instead of just the issuer name. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -194,11 +119,11 @@ \&\fBX509_NAME_cmp()\fR, \fBX509_issuer_and_serial_cmp()\fR, \fBX509_issuer_name_cmp()\fR, \&\fBX509_subject_name_cmp()\fR, \fBX509_CRL_cmp()\fR, and \fBX509_CRL_match()\fR may return \fB\-2\fR to indicate an error. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do -the comparison job. Data to be compared varies from \s-1DER\s0 encoding data, hash -value or \fB\s-1ASN1_STRING\s0\fR. The sign of the comparison can be used to order the +the comparison job. Data to be compared varies from DER encoding data, hash +value or \fBASN1_STRING\fR. The sign of the comparison can be used to order the objects but it does not have a special meaning in some cases. .PP \&\fBX509_NAME_cmp()\fR and wrappers utilize the value \fB\-2\fR to indicate errors in some @@ -206,11 +131,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBi2d_X509_NAME\fR\|(3), \fBi2d_X509\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_cmp_time.3.orig +++ secure/lib/libcrypto/man/man3/X509_cmp_time.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_CMP_TIME 3ossl" -.TH X509_CMP_TIME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_CMP_TIME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, X509_time_adj, X509_time_adj_ex, X509_gmtime_adj \&\- X509 time functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 8 \& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); @@ -154,39 +79,39 @@ \& offset_sec, time_t *in_tm); \& ASN1_TIME *X509_gmtime_adj(ASN1_TIME *asn1_time, long offset_sec); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fIasn1_time\fR with the time +\&\fBX509_cmp_time()\fR compares the ASN1_TIME in \fIasn1_time\fR with the time in . .PP -\&\fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in +\&\fBX509_cmp_current_time()\fR compares the ASN1_TIME in \&\fIasn1_time\fR with the current time, expressed as time_t. .PP \&\fBX509_cmp_timeframe()\fR compares the given time period with the reference time -included in the verification parameters \fIvpm\fR if they are not \s-1NULL\s0 and contain +included in the verification parameters \fIvpm\fR if they are not NULL and contain \&\fBX509_V_FLAG_USE_CHECK_TIME\fR; else the current time is used as reference time. .PP -\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fIasn1_time\fR to the time +\&\fBX509_time_adj_ex()\fR sets the ASN1_TIME structure \fIasn1_time\fR to the time \&\fIoffset_day\fR and \fIoffset_sec\fR after \fIin_tm\fR. .PP -\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fIasn1_time\fR to the time +\&\fBX509_time_adj()\fR sets the ASN1_TIME structure \fIasn1_time\fR to the time \&\fIoffset_sec\fR after \fIin_tm\fR. This method can only handle second offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR -\&\s-1API\s0 should be preferred. +API should be preferred. .PP -In both methods, if \fIasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure +In both methods, if \fIasn1_time\fR is NULL, a new ASN1_TIME structure is allocated and returned. .PP -In all methods, if \fIin_tm\fR is \s-1NULL,\s0 the current time, expressed as +In all methods, if \fIin_tm\fR is NULL, the current time, expressed as time_t, is used. .PP -\&\fIasn1_time\fR must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 -i.e., its format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 +\&\fIasn1_time\fR must satisfy the ASN1_TIME format mandated by RFC 5280, +i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. .PP -\&\fBX509_gmtime_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fIasn1_time\fR to the time +\&\fBX509_gmtime_adj()\fR sets the ASN1_TIME structure \fIasn1_time\fR to the time \&\fIoffset_sec\fR after the current time. It is equivalent to calling -\&\fBX509_time_adj()\fR with the last parameter as \s-1NULL.\s0 -.SH "BUGS" +\&\fBX509_time_adj()\fR with the last parameter as NULL. +.SH BUGS .IX Header "BUGS" Unlike many standard comparison functions, \fBX509_cmp_time()\fR and \&\fBX509_cmp_current_time()\fR return 0 on error. @@ -196,24 +121,24 @@ is earlier than, or equal to, \fIin_tm\fR (resp. current time), and 1 otherwise. These methods return 0 on error. .PP -\&\fBX509_cmp_timeframe()\fR returns 0 if \fIvpm\fR is not \s-1NULL\s0 and the verification +\&\fBX509_cmp_timeframe()\fR returns 0 if \fIvpm\fR is not NULL and the verification parameters do not contain \fBX509_V_FLAG_USE_CHECK_TIME\fR but do contain \fBX509_V_FLAG_NO_CHECK_TIME\fR. Otherwise it returns -1 if the end time is not \s-1NULL\s0 and the reference time (which has determined as -stated above) is past the end time, \-1 if the start time is not \s-1NULL\s0 and the +1 if the end time is not NULL and the reference time (which has determined as +stated above) is past the end time, \-1 if the start time is not NULL and the reference time is before, else 0 to indicate that the reference time is in range (implying that the end time is not before the start time if both are present). .PP \&\fBX509_time_adj()\fR, \fBX509_time_adj_ex()\fR and \fBX509_gmtime_adj()\fR return a pointer to -the updated \s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. -.SH "HISTORY" +the updated ASN1_TIME structure, and NULL on error. +.SH HISTORY .IX Header "HISTORY" \&\fBX509_cmp_timeframe()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_digest.3.orig +++ secure/lib/libcrypto/man/man3/X509_digest.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_DIGEST 3ossl" -.TH X509_DIGEST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_DIGEST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_digest, X509_digest_sig, X509_CRL_digest, @@ -147,7 +72,7 @@ X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest \&\- get digest of various objects -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -175,48 +100,48 @@ \& const EVP_MD *type, unsigned char *md, \& unsigned int *len); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_digest_sig()\fR calculates a digest of the given certificate \fIcert\fR using the same hash algorithm as in its signature, if the digest is an integral part of the certificate signature algorithm identifier. Otherwise, a fallback hash algorithm is determined as follows: -\&\s-1SHA512\s0 if the signature algorithm is \s-1ED25519, -SHAKE256\s0 if it is \s-1ED448,\s0 otherwise \s-1SHA256.\s0 +SHA512 if the signature algorithm is ED25519, +SHAKE256 if it is ED448, otherwise SHA256. The output parameters are assigned as follows. -Unless \fImd_used\fR is \s-1NULL,\s0 the hash algorithm used is provided -in \fI*md_used\fR and must be freed by the caller (if it is not \s-1NULL\s0). -Unless \fImd_is_fallback\fR is \s-1NULL,\s0 +Unless \fImd_used\fR is NULL, the hash algorithm used is provided +in \fI*md_used\fR and must be freed by the caller (if it is not NULL). +Unless \fImd_is_fallback\fR is NULL, the \fI*md_is_fallback\fR is set to 1 if the hash algorithm used is a fallback, otherwise to 0. .PP -\&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public +\&\fBX509_pubkey_digest()\fR returns a digest of the DER representation of the public key in the specified X509 \fIdata\fR object. .PP -All other functions described here return a digest of the \s-1DER\s0 representation +All other functions described here return a digest of the DER representation of their entire \fIdata\fR objects. .PP The \fItype\fR parameter specifies the digest to be used, such as \fBEVP_sha1()\fR. The \fImd\fR is a pointer to the buffer where the digest will be copied and is assumed to be large enough; the constant -\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fIlen\fR parameter, if not \s-1NULL,\s0 points +\&\fBEVP_MAX_MD_SIZE\fR is suggested. The \fIlen\fR parameter, if not NULL, points to a place where the digest size will be stored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_digest_sig()\fR returns an \s-1ASN1_OCTET_STRING\s0 pointer on success, else \s-1NULL.\s0 +\&\fBX509_digest_sig()\fR returns an ASN1_OCTET_STRING pointer on success, else NULL. .PP All other functions described here return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_sha1\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_digest_sig()\fR function was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_dup.3.orig +++ secure/lib/libcrypto/man/man3/X509_dup.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_DUP 3ossl" -.TH X509_DUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_DUP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, @@ -439,7 +364,7 @@ X509_VAL_new, X509_dup, \&\- ASN1 object utilities -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -457,7 +382,7 @@ .Ve .PP The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 3 @@ -465,60 +390,72 @@ \& RSA *RSAPrivateKey_dup(const RSA *rsa); \& RSA *RSAPublicKey_dup(const RSA *rsa); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -In the description below, \fB\f(BI\s-1TYPE\s0\fB\fR is used +In the description below, \fR\f(BITYPE\fR\fB\fR is used as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. .PP -The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode +The OpenSSL ASN1 parsing library templates are like a data\-driven bytecode interpreter. -Every \s-1ASN1\s0 object as a global variable, TYPE_it, that describes the item +Every ASN1 object as a global variable, TYPE_it, that describes the item such as its fields. (On systems which cannot export variables from shared libraries, the global is instead a function which returns a pointer to a static variable. .PP -The macro \s-1\fBDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files +The macro \fBDECLARE_ASN1_FUNCTIONS()\fR is typically used in header files to generate the function declarations. .PP -The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file +The macro \fBIMPLEMENT_ASN1_FUNCTIONS()\fR is used once in a source file to generate the function bodies. .PP -\&\fB\f(BI\s-1TYPE\s0\fB_new\fR() allocates an empty object of the indicated type. -The object returned must be released by calling \fB\f(BI\s-1TYPE\s0\fB_free\fR(). +\&\fR\f(BITYPE\fR\fB_new\fR() allocates an empty object of the indicated type. +The object returned must be released by calling \fB\fR\f(BITYPE\fR\fB_free\fR(). .PP -\&\fB\f(BI\s-1TYPE\s0\fB_new_ex\fR() is similar to \fB\f(BI\s-1TYPE\s0\fB_new\fR() but also passes the +\&\fR\f(BITYPE\fR\fB_new_ex\fR() is similar to \fB\fR\f(BITYPE\fR\fB_new\fR() but also passes the library context \fIlibctx\fR and the property query \fIpropq\fR to use when retrieving algorithms from providers. This created object can then be used when loading -binary data using \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(). +binary data using \fBd2i_\fR\f(BITYPE\fR\fB\fR(). .PP -\&\fB\f(BI\s-1TYPE\s0\fB_dup\fR() copies an existing object, leaving it untouched. +\&\fR\f(BITYPE\fR\fB_dup\fR() copies an existing object, leaving it untouched. +Note, however, that the internal representation of the object +may contain (besides the ASN.1 structure) further data, which is not copied. +For instance, an \fBX509\fR object usually is augmented by cached information +on X.509v3 extensions, etc., and losing it can lead to wrong validation results. +To avoid such situations, better use \fB\fR\f(BITYPE\fR\fB_up_ref\fR() if available. +For the case of \fBX509\fR objects, an alternative to using \fBX509_up_ref\fR\|(3) +may be to still call \fB\fR\f(BITYPE\fR\fB_dup\fR(), e.g., \fIcopied_cert = X509_dup(cert)\fR, +followed by \fIX509_check_purpose(copied_cert, \-1, 0)\fR, +which re\-builds the cached data. .PP -\&\fB\f(BI\s-1TYPE\s0\fB_free\fR() releases the object and all pointers and sub-objects -within it. +\&\fR\f(BITYPE\fR\fB_free\fR() releases the object and all pointers and sub\-objects +within it. If the argument is NULL, nothing is done. .PP -\&\fB\f(BI\s-1TYPE\s0\fB_print_ctx\fR() prints the object \fIa\fR on the specified \s-1BIO\s0 \fIout\fR. +\&\fR\f(BITYPE\fR\fB_print_ctx\fR() prints the object \fIa\fR on the specified BIO \fIout\fR. Each line will be prefixed with \fIindent\fR spaces. The \fIpctx\fR specifies the printing context and is for internal -use; use \s-1NULL\s0 to get the default behavior. If a print function is -user-defined, then pass in any \fIpctx\fR down to any nested calls. +use; use NULL to get the default behavior. If a print function is +user\-defined, then pass in any \fIpctx\fR down to any nested calls. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fB\f(BI\s-1TYPE\s0\fB_new\fR(), \fB\f(BI\s-1TYPE\s0\fB_new_ex\fR() and \fB\f(BI\s-1TYPE\s0\fB_dup\fR() return a pointer to -the object or \s-1NULL\s0 on failure. +\&\fR\f(BITYPE\fR\fB_new\fR(), \fB\fR\f(BITYPE\fR\fB_new_ex\fR() and \fB\fR\f(BITYPE\fR\fB_dup\fR() return a pointer to +the object or NULL on failure. .PP -\&\fB\f(BI\s-1TYPE\s0\fB_print_ctx\fR() returns 1 on success or zero on failure. -.SH "HISTORY" +\&\fR\f(BITYPE\fR\fB_print_ctx\fR() returns 1 on success or zero on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_up_ref\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The functions \fBX509_REQ_new_ex()\fR, \fBX509_CRL_new_ex()\fR, \fBPKCS7_new_ex()\fR and \&\fBCMS_ContentInfo_new_ex()\fR were added in OpenSSL 3.0. .PP The functions \fBDSAparams_dup()\fR, \fBRSAPrivateKey_dup()\fR and \fBRSAPublicKey_dup()\fR were deprecated in 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get0_distinguishing_id.3.orig +++ secure/lib/libcrypto/man/man3/X509_get0_distinguishing_id.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET0_DISTINGUISHING_ID 3ossl" -.TH X509_GET0_DISTINGUISHING_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET0_DISTINGUISHING_ID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_get0_distinguishing_id, X509_set0_distinguishing_id, X509_REQ_get0_distinguishing_id, X509_REQ_set0_distinguishing_id \&\- get or set the Distinguishing ID for certificate operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,26 +77,26 @@ \& ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x); \& void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *distid); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The Distinguishing \s-1ID\s0 is defined in \s-1FIPS 196\s0 as follows: +The Distinguishing ID is defined in FIPS 196 as follows: .IP "\fIDistinguishing identifier\fR" 4 .IX Item "Distinguishing identifier" Information which unambiguously distinguishes an entity in the authentication process. .PP -The \s-1SM2\s0 signature algorithm requires a Distinguishing \s-1ID\s0 value when generating -and verifying a signature, but the Ddistinguishing \s-1ID\s0 may also find other uses. -In the context of \s-1SM2,\s0 the Distinguishing \s-1ID\s0 is often referred to as the \*(L"\s-1SM2 -ID\*(R".\s0 +The SM2 signature algorithm requires a Distinguishing ID value when generating +and verifying a signature, but the Ddistinguishing ID may also find other uses. +In the context of SM2, the Distinguishing ID is often referred to as the "SM2 +ID". .PP For the purpose off verifying a certificate or a certification request, a -Distinguishing \s-1ID\s0 may be attached to it, so functions like \fBX509_verify\fR\|(3) +Distinguishing ID may be attached to it, so functions like \fBX509_verify\fR\|(3) or \fBX509_REQ_verify\fR\|(3) have easy access to that identity for signature verification. .PP -\&\fBX509_get0_distinguishing_id()\fR gets the Distinguishing \s-1ID\s0 value of a certificate -\&\fBx\fR by returning an \fB\s-1ASN1_OCTET_STRING\s0\fR object which should not be freed by +\&\fBX509_get0_distinguishing_id()\fR gets the Distinguishing ID value of a certificate +\&\fBx\fR by returning an \fBASN1_OCTET_STRING\fR object which should not be freed by the caller. .PP \&\fBX509_set0_distinguishing_id()\fR assigns \fBdistid\fR to the certificate \fBx\fR. @@ -189,12 +114,12 @@ return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBX509_verify\fR\|(3), \s-1\fBSM2\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBX509_verify\fR\|(3), \fBSM2\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get0_notBefore.3.orig +++ secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET0_NOTBEFORE 3ossl" -.TH X509_GET0_NOTBEFORE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET0_NOTBEFORE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -163,7 +88,7 @@ \& int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); \& int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR return the \fBnotBefore\fR and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value @@ -172,7 +97,7 @@ .PP \&\fBX509_getm_notBefore()\fR and \fBX509_getm_notAfter()\fR are similar to \&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR except they return -non-constant mutable references to the associated date field of +non\-constant mutable references to the associated date field of the certificate. .PP \&\fBX509_set1_notBefore()\fR and \fBX509_set1_notAfter()\fR set the \fBnotBefore\fR @@ -184,7 +109,7 @@ \&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value returned is an internal pointer which must not be freed up after the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then -\&\fB\s-1NULL\s0\fR is returned. +\&\fBNULL\fR is returned. .PP \&\fBX509_CRL_set1_lastUpdate()\fR and \fBX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter @@ -193,10 +118,10 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get0_notBefore()\fR, \fBX509_get0_notAfter()\fR and \fBX509_CRL_get0_lastUpdate()\fR -return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. +return a pointer to an \fBASN1_TIME\fR structure. .PP -\&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure -or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. +\&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fBASN1_TIME\fR structure +or NULL if the \fBlastUpdate\fR field is absent. .PP \&\fBX509_set1_notBefore()\fR, \fBX509_set1_notAfter()\fR, \fBX509_CRL_set1_lastUpdate()\fR and \&\fBX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. @@ -218,17 +143,17 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions are available in all versions of OpenSSL. .PP \&\fBX509_get_notBefore()\fR and \fBX509_get_notAfter()\fR were deprecated in OpenSSL 1.1.0 -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get0_signature.3.orig +++ secure/lib/libcrypto/man/man3/X509_get0_signature.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET0_SIGNATURE 3ossl" -.TH X509_GET0_SIGNATURE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET0_SIGNATURE 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -174,11 +99,11 @@ \& void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, \& int secbits, uint32_t flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR to the signature algorithm of \fBx\fR. The values returned are internal -pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call. +pointers which \fBMUST NOT\fR be freed up after the call. .PP \&\fBX509_set0_signature()\fR and \fBX509_REQ_set1_signature_algo()\fR are the equivalent setters for the two values of \fBX509_get0_signature()\fR. @@ -186,7 +111,7 @@ \&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed portion of \fBx\fR. .PP -\&\fBX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature +\&\fBX509_get_signature_nid()\fR returns the NID corresponding to the signature algorithm of \fBx\fR. .PP \&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR @@ -194,17 +119,17 @@ same function for certificate requests and CRLs. .PP \&\fBX509_get_signature_info()\fR retrieves information about the signature of -certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, +certificate \fBx\fR. The NID of the signing digest is written to \fB*mdnid\fR, the public key algorithm to \fB*pknid\fR, the effective security bits to \&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can -be set to \fB\s-1NULL\s0\fR if the information is not required. +be set to \fBNULL\fR if the information is not required. .PP \&\fBX509_SIG_INFO_get()\fR and \fBX509_SIG_INFO_set()\fR get and set information about a signature in an \fBX509_SIG_INFO\fR structure. They are only used by implementations of algorithms which need to set custom signature information: most applications will never need to call them. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions provide lower level access to signatures in certificates where an application wishes to analyse or generate a signature in a form @@ -214,12 +139,12 @@ The security bits returned by \fBX509_get_signature_info()\fR refers to information available from the certificate signature (such as the signing digest). In some cases the actual security of the signature is less because the signing -key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a -1024 bit \s-1RSA\s0 key. +key is less secure: for example a certificate signed using SHA\-512 and a +1024 bit RSA key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get_signature_nid()\fR, \fBX509_REQ_get_signature_nid()\fR and -\&\fBX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0 +\&\fBX509_CRL_get_signature_nid()\fR return a NID. .PP \&\fBX509_get0_signature()\fR, \fBX509_REQ_get0_signature()\fR and \&\fBX509_CRL_get0_signature()\fR do not return values. @@ -229,7 +154,7 @@ unknown algorithms or malformed parameters). .PP \&\fBX509_REQ_set1_signature_algo()\fR returns 0 on success; or 1 on an -error (e.g. null \s-1ALGO\s0 pointer). X509_REQ_set0_signature does +error (e.g. null ALGO pointer). X509_REQ_set0_signature does not return an error value. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -249,7 +174,7 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \&\fBX509_get0_signature()\fR and \fBX509_get_signature_nid()\fR functions were @@ -262,11 +187,11 @@ .PP The \fBX509_REQ_set0_signature()\fR and \fBX509_REQ_set1_signature_algo()\fR were added in OpenSSL 1.1.1e. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get0_uids.3.orig +++ secure/lib/libcrypto/man/man3/X509_get0_uids.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET0_UIDS 3ossl" -.TH X509_GET0_UIDS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET0_UIDS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_get0_uids \- get certificate unique identifiers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -148,11 +73,11 @@ \& void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, \& const ASN1_BIT_STRING **psuid); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique -identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. -.SH "NOTES" +identifiers of certificate \fBx\fR or NULL if the fields are not present. +.SH NOTES .IX Header "NOTES" The issuer and subject unique identifier fields are very rarely encountered in practice outside test cases. @@ -178,11 +103,11 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get_extension_flags.3.orig +++ secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET_EXTENSION_FLAGS 3ossl" -.TH X509_GET_EXTENSION_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET_EXTENSION_FLAGS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, @@ -150,7 +75,7 @@ X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen \- retrieve certificate extension data -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -167,113 +92,113 @@ \& void X509_set_proxy_pathlen(int l); \& long X509_get_proxy_pathlen(X509 *x); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" These functions retrieve information related to commonly used certificate extensions. .PP \&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate. This extension is used to limit the length of a cert chain that may be -issued from that \s-1CA.\s0 +issued from that CA. .PP \&\fBX509_get_extension_flags()\fR retrieves general information about a certificate, it will return one or more of the following flags ored together. -.IP "\fB\s-1EXFLAG_V1\s0\fR" 4 +.IP \fBEXFLAG_V1\fR 4 .IX Item "EXFLAG_V1" The certificate is an obsolete version 1 certificate. -.IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4 +.IP \fBEXFLAG_BCONS\fR 4 .IX Item "EXFLAG_BCONS" The certificate contains a basic constraints extension. -.IP "\fB\s-1EXFLAG_CA\s0\fR" 4 +.IP \fBEXFLAG_CA\fR 4 .IX Item "EXFLAG_CA" -The certificate contains basic constraints and asserts the \s-1CA\s0 flag. -.IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4 +The certificate contains basic constraints and asserts the CA flag. +.IP \fBEXFLAG_PROXY\fR 4 .IX Item "EXFLAG_PROXY" The certificate is a valid proxy certificate. -.IP "\fB\s-1EXFLAG_SI\s0\fR" 4 +.IP \fBEXFLAG_SI\fR 4 .IX Item "EXFLAG_SI" The certificate is self issued (that is subject and issuer names match). -.IP "\fB\s-1EXFLAG_SS\s0\fR" 4 +.IP \fBEXFLAG_SS\fR 4 .IX Item "EXFLAG_SS" The subject and issuer names match and extension values imply it is self signed. -.IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4 +.IP \fBEXFLAG_FRESHEST\fR 4 .IX Item "EXFLAG_FRESHEST" -The freshest \s-1CRL\s0 extension is present in the certificate. -.IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4 +The freshest CRL extension is present in the certificate. +.IP \fBEXFLAG_CRITICAL\fR 4 .IX Item "EXFLAG_CRITICAL" The certificate contains an unhandled critical extension. -.IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4 +.IP \fBEXFLAG_INVALID\fR 4 .IX Item "EXFLAG_INVALID" Some certificate extension values are invalid or inconsistent. The certificate should be rejected. -This bit may also be raised after an out-of-memory error while +This bit may also be raised after an out\-of\-memory error while processing the X509 object, so it may not be related to the processed -\&\s-1ASN1\s0 object itself. -.IP "\fB\s-1EXFLAG_NO_FINGERPRINT\s0\fR" 4 +ASN1 object itself. +.IP \fBEXFLAG_NO_FINGERPRINT\fR 4 .IX Item "EXFLAG_NO_FINGERPRINT" -Failed to compute the internal \s-1SHA1\s0 hash value of the certificate or \s-1CRL.\s0 -This may be due to malloc failure or because no \s-1SHA1\s0 implementation was found. -.IP "\fB\s-1EXFLAG_INVALID_POLICY\s0\fR" 4 +Failed to compute the internal SHA1 hash value of the certificate or CRL. +This may be due to malloc failure or because no SHA1 implementation was found. +.IP \fBEXFLAG_INVALID_POLICY\fR 4 .IX Item "EXFLAG_INVALID_POLICY" The NID_certificate_policies certificate extension is invalid or inconsistent. The certificate should be rejected. -This bit may also be raised after an out-of-memory error while +This bit may also be raised after an out\-of\-memory error while processing the X509 object, so it may not be related to the processed -\&\s-1ASN1\s0 object itself. -.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 +ASN1 object itself. +.IP \fBEXFLAG_KUSAGE\fR 4 .IX Item "EXFLAG_KUSAGE" The certificate contains a key usage extension. The value can be retrieved using \fBX509_get_key_usage()\fR. -.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 +.IP \fBEXFLAG_XKUSAGE\fR 4 .IX Item "EXFLAG_XKUSAGE" The certificate contains an extended key usage extension. The value can be retrieved using \fBX509_get_extended_key_usage()\fR. .PP \&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key usage is present will return zero or more of the flags: -\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, -\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, -\&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to -individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is +\&\fBKU_DIGITAL_SIGNATURE\fR, \fBKU_NON_REPUDIATION\fR, \fBKU_KEY_ENCIPHERMENT\fR, +\&\fBKU_DATA_ENCIPHERMENT\fR, \fBKU_KEY_AGREEMENT\fR, \fBKU_KEY_CERT_SIGN\fR, +\&\fBKU_CRL_SIGN\fR, \fBKU_ENCIPHER_ONLY\fR or \fBKU_DECIPHER_ONLY\fR corresponding to +individual key usage bits. If key usage is absent then \fBUINT32_MAX\fR is returned. .PP \&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage extension. If extended key usage is present it will return zero or more of the -flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR -\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These -correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, -\&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR, -\&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. -Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are +flags: \fBXKU_SSL_SERVER\fR, \fBXKU_SSL_CLIENT\fR, \fBXKU_SMIME\fR, \fBXKU_CODE_SIGN\fR +\&\fBXKU_OCSP_SIGN\fR, \fBXKU_TIMESTAMP\fR, \fBXKU_DVCS\fR or \fBXKU_ANYEKU\fR. These +correspond to the OIDs \fBid\-kp\-serverAuth\fR, \fBid\-kp\-clientAuth\fR, +\&\fBid\-kp\-emailProtection\fR, \fBid\-kp\-codeSigning\fR, \fBid\-kp\-OCSPSigning\fR, +\&\fBid\-kp\-timeStamping\fR, \fBid\-kp\-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. +Additionally \fBXKU_SGC\fR is set if either Netscape or Microsoft SGC OIDs are present. .PP \&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key -identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +identifier of \fBx\fR as an \fBASN1_OCTET_STRING\fR or \fBNULL\fR if the extension is not present or cannot be parsed. .PP \&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key -identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +identifier of \fBx\fR as an \fBASN1_OCTET_STRING\fR or \fBNULL\fR if the extension is not present or cannot be parsed. .PP \&\fBX509_get0_authority_issuer()\fR returns an internal pointer to the authority -certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or -\&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. +certificate issuer of \fBx\fR as a stack of \fBGENERAL_NAME\fR structures or +\&\fBNULL\fR if the extension is not present or cannot be parsed. .PP \&\fBX509_get0_authority_serial()\fR returns an internal pointer to the authority -certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the +certificate serial number of \fBx\fR as an \fBASN1_INTEGER\fR or \fBNULL\fR if the extension is not present or cannot be parsed. .PP -\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. +\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fBEXFLAG_PROXY\fR flag. This is for the users who need to mark non\-RFC3820 proxy certificates as -such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +such, as OpenSSL only detects RFC3820 compliant ones. .PP \&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy -certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +certificates as such, as OpenSSL only detects RFC3820 compliant ones. .PP \&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the given certificate \fBx\fR if it is a proxy certificate. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The value of the flags correspond to extension values which are cached in the \fBX509\fR structure. If the flags returned do not provide sufficient @@ -282,12 +207,12 @@ .PP If the key usage or extended key usage extension is absent then typically usage is unrestricted. For this reason \fBX509_get_key_usage()\fR and -\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding +\&\fBX509_get_extended_key_usage()\fR return \fBUINT32_MAX\fR when the corresponding extension is absent. Applications can additionally check the return value of \&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is absent. .PP -If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be +If \fBX509_get0_subject_key_id()\fR returns \fBNULL\fR then the extension may be absent or malformed. Applications can determine the precise reason using \&\fBX509_get_ext_d2i()\fR. .SH "RETURN VALUES" @@ -300,7 +225,7 @@ certificate extension values. .PP \&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a -pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension +pointer to an \fBASN1_OCTET_STRING\fR structure or \fBNULL\fR if the extension is absent or an error occurred during parsing. .PP \&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given @@ -308,15 +233,15 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_check_purpose\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and \&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get_pubkey.3.orig +++ secure/lib/libcrypto/man/man3/X509_get_pubkey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET_PUBKEY 3ossl" -.TH X509_GET_PUBKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET_PUBKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request public key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -158,13 +83,13 @@ \& int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); \& X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If -successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its +successful it returns the public key as an \fBEVP_PKEY\fR pointer with its reference count incremented: this means the returned key must be freed up after use. \fBX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment -the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up +the reference count of the returned \fBEVP_PKEY\fR so it must not be freed up after use. .PP \&\fBX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR @@ -176,9 +101,9 @@ .PP \&\fBX509_REQ_get_pubkey()\fR, \fBX509_REQ_get0_pubkey()\fR, \fBX509_REQ_set_pubkey()\fR and \&\fBX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is +The first time a public key is decoded the \fBEVP_PKEY\fR structure is cached in the certificate or certificate request itself. Subsequent calls return the cached structure with its reference count incremented to improve performance. @@ -186,7 +111,7 @@ .IX Header "RETURN VALUES" \&\fBX509_get_pubkey()\fR, \fBX509_get0_pubkey()\fR, \fBX509_get_X509_PUBKEY()\fR, \&\fBX509_REQ_get_pubkey()\fR and \fBX509_REQ_get_X509_PUBKEY()\fR return a public key or -\&\fB\s-1NULL\s0\fR if an error occurred. +\&\fBNULL\fR if an error occurred. .PP \&\fBX509_set_pubkey()\fR and \fBX509_REQ_set_pubkey()\fR return 1 for success and 0 for failure. @@ -208,11 +133,11 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get_serialNumber.3.orig +++ secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET_SERIALNUMBER 3ossl" -.TH X509_GET_SERIALNUMBER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET_SERIALNUMBER 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or set certificate serial number -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,11 +77,11 @@ \& const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); \& int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an -\&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value -returned is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed up after the call. +\&\fBASN1_INTEGER\fR structure which can be examined or initialised. The value +returned is an internal pointer which \fBMUST NOT\fR be freed up after the call. .PP \&\fBX509_get0_serialNumber()\fR is the same as \fBX509_get_serialNumber()\fR except it accepts a const parameter and returns a const result. @@ -166,7 +91,7 @@ be freed up after use. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR +\&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fBASN1_INTEGER\fR structure. .PP \&\fBX509_set_serialNumber()\fR returns 1 for success and 0 for failure. @@ -188,16 +113,16 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_get_serialNumber()\fR and \fBX509_set_serialNumber()\fR functions are available in all versions of OpenSSL. The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get_subject_name.3.orig +++ secure/lib/libcrypto/man/man3/X509_get_subject_name.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET_SUBJECT_NAME 3ossl" -.TH X509_GET_SUBJECT_NAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET_SUBJECT_NAME 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_NAME_hash_ex, X509_NAME_hash, X509_get_subject_name, X509_set_subject_name, X509_subject_name_hash, X509_get_issuer_name, X509_set_issuer_name, X509_issuer_name_hash, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get X509_NAME hashes or get and set issuer or subject names -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -169,25 +94,25 @@ .Ve .PP The following macro has been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& #define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_NAME_hash_ex()\fR returns a hash value of name \fIx\fR or 0 on failure, using any given library context \fIlibctx\fR and property query \fIpropq\fR. -The \fIok\fR result argument may be \s-1NULL\s0 +The \fIok\fR result argument may be NULL or else is used to return 1 for success and 0 for failure. -Failure may happen on malloc error or if no \s-1SHA1\s0 implementation is available. +Failure may happen on malloc error or if no SHA1 implementation is available. .PP \&\fBX509_NAME_hash()\fR returns a hash value of name \fIx\fR or 0 on failure, using the default library context and default property query. .PP \&\fBX509_get_subject_name()\fR returns the subject name of certificate \fIx\fR. The -returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed. +returned value is an internal pointer which \fBMUST NOT\fR be freed. .PP \&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fIx\fR to \&\fIname\fR. The \fIname\fR parameter is copied internally and should be freed @@ -211,13 +136,13 @@ .PP \&\fBX509_NAME_hash_ex()\fR, \fBX509_NAME_hash()\fR, \&\fBX509_subject_name_hash()\fR and \fBX509_issuer_name_hash()\fR -return the first four bytes of the \s-1SHA1\s0 hash value, +return the first four bytes of the SHA1 hash value, converted to \fBunsigned long\fR in little endian order, or 0 on failure. .PP \&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" In case \fBX509_NAME_hash()\fR, \fBX509_subject_name_hash()\fR, or \fBX509_issuer_name_hash()\fR returns 0 it remains unclear if this is the real hash value or due to failure. @@ -239,7 +164,7 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in earlier versions. @@ -248,11 +173,11 @@ added in OpenSSL 1.0.0 as a macro. .PP \&\fBX509_NAME_hash()\fR was turned into a macro and deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_get_version.3.orig +++ secure/lib/libcrypto/man/man3/X509_get_version.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_GET_VERSION 3ossl" -.TH X509_GET_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_GET_VERSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, certificate request or CRL version -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,7 +81,7 @@ \& long X509_CRL_get_version(const X509_CRL *crl); \& int X509_CRL_set_version(X509_CRL *x, long version); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_get_version()\fR returns the numerical value of the version field of certificate \fBx\fR. These correspond to the constants \fBX509_VERSION_1\fR, @@ -171,10 +96,10 @@ \&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version number of certificate requests and CRLs. They use constants \&\fBX509_REQ_VERSION_1\fR, \fBX509_CRL_VERSION_1\fR, and \fBX509_CRL_VERSION_2\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The version field of certificates, certificate requests and CRLs has a -\&\s-1DEFAULT\s0 value of \fB\fBv1\fB\|(0)\fR meaning the field should be omitted for version +DEFAULT value of \fBv1\|(0)\fR meaning the field should be omitted for version 1. This is handled transparently by these functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -201,15 +126,15 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR are functions in OpenSSL 1.1.0, in previous versions they were macros. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_load_http.3.orig +++ secure/lib/libcrypto/man/man3/X509_load_http.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_LOAD_HTTP 3ossl" -.TH X509_LOAD_HTTP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_LOAD_HTTP 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_load_http, X509_http_nbio, X509_CRL_load_http, X509_CRL_http_nbio \&\- certificate and CRL loading functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -154,19 +79,22 @@ .Ve .PP The following macros have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 2 \& #define X509_http_nbio(rctx, pcert) \& #define X509_CRL_http_nbio(rctx, pcrl) .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBX509_load_http()\fR and \fBX509_CRL_load_http()\fR loads a certificate or a \s-1CRL,\s0 -respectively, in \s-1ASN.1\s0 format using \s-1HTTP\s0 from the given \fBurl\fR. +\&\fBX509_load_http()\fR and \fBX509_CRL_load_http()\fR loads a certificate or a CRL, +respectively, in ASN.1 format using HTTP from the given \fBurl\fR. +.PP +Maximum size of the HTTP response is 100 kB for certificates and 32 MB for CRLs +and hard coded in the functions. .PP -If \fBbio\fR is given and \fBrbio\fR is \s-1NULL\s0 then this \s-1BIO\s0 is used instead of an +If \fBbio\fR is given and \fBrbio\fR is NULL then this BIO is used instead of an internal one for connecting, writing the request, and reading the response. If both \fBbio\fR and \fBrbio\fR are given (which may be memory BIOs, for instance) then no explicit connection is attempted, @@ -182,20 +110,20 @@ and without the possibility to specify custom BIOs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -On success the function yield the loaded value, else \s-1NULL.\s0 +On success the function yield the loaded value, else NULL. Error conditions include connection/transfer timeout, parse errors, etc. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOSSL_HTTP_get\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBX509_load_http()\fR and \fBX509_CRL_load_http()\fR were added in OpenSSL 3.0. \&\fBX509_http_nbio()\fR and \fBX509_CRL_http_nbio()\fR were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_new.3.orig +++ secure/lib/libcrypto/man/man3/X509_new.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_NEW 3ossl" -.TH X509_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_NEW 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_new, X509_new_ex, X509_free, X509_up_ref, X509_chain_up_ref \- X509 certificate ASN1 allocation functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,48 +78,49 @@ \& int X509_up_ref(X509 *a); \& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The X509 \s-1ASN1\s0 allocation routines, allocate and free an +The X509 ASN1 allocation routines allocate and free an X509 structure, which represents an X509 certificate. .PP \&\fBX509_new_ex()\fR allocates and initializes a X509 structure with a library context of \fIlibctx\fR, property query of \fIpropq\fR and a reference count of \fB1\fR. Many X509 functions such as \fBX509_check_purpose()\fR, and \&\fBX509_verify()\fR use this library context to select which providers supply the -fetched algorithms (\s-1SHA1\s0 is used internally). This created X509 object can then +fetched algorithms (SHA1 is used internally). This created X509 object can then be used when loading binary data using \fBd2i_X509()\fR. .PP \&\fBX509_new()\fR is similar to \fBX509_new_ex()\fR but sets the library context -and property query to \s-1NULL.\s0 This results in the default (\s-1NULL\s0) library context +and property query to NULL. This results in the default (NULL) library context being used for any X509 operations requiring algorithm fetches. .PP \&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and -frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. +frees it up if the reference count is zero. If the argument is NULL, +nothing is done. .PP \&\fBX509_up_ref()\fR increments the reference count of \fBa\fR. .PP \&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in -chain \fBx\fR and returns a copy of the stack, or an empty stack if \fBa\fR is \s-1NULL.\s0 -.SH "NOTES" +chain \fBx\fR and returns a copy of the stack, or an empty stack if \fBa\fR is NULL. +.SH NOTES .IX Header "NOTES" The function \fBX509_up_ref()\fR if useful if a certificate structure is being used by several different operations each of which will free it up after use: this avoids the need to duplicate the entire certificate structure. .PP -The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of +The function \fBX509_chain_up_ref()\fR doesn\*(Aqt just up the reference count of each certificate. It also returns a copy of the stack, using \fBsk_X509_dup()\fR, but it serves a similar purpose: the returned chain persists after the original has been freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBX509_new()\fR returns \s-1NULL\s0 and sets an error +If the allocation fails, \fBX509_new()\fR returns NULL and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBX509_up_ref()\fR returns 1 for success and 0 for failure. .PP -\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \s-1NULL\s0 if an error occurred. +\&\fBX509_chain_up_ref()\fR returns a copy of the stack or NULL if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), @@ -213,14 +139,14 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The function \fBX509_new_ex()\fR was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_sign.3.orig +++ secure/lib/libcrypto/man/man3/X509_sign.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_SIGN 3ossl" -.TH X509_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_SIGN 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_sign, X509_sign_ctx, X509_REQ_sign, X509_REQ_sign_ctx, X509_CRL_sign, X509_CRL_sign_ctx \- sign certificate, certificate request, or CRL signature -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -157,7 +82,7 @@ \& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); \& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_sign()\fR signs certificate \fIx\fR using private key \fIpkey\fR and message digest \fImd\fR and sets the signature in \fIx\fR. \fBX509_sign_ctx()\fR also signs @@ -166,14 +91,14 @@ \&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \&\fBX509_CRL_sign()\fR, and \fBX509_CRL_sign_ctx()\fR sign certificate requests and CRLs, respectively. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" \&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding public key and digest are not suitable. It can be used to sign keys using -RSA-PSS for example. +RSA\-PSS for example. .PP -For efficiency reasons and to work around \s-1ASN.1\s0 encoding issues the encoding -of the signed portion of a certificate, certificate request and \s-1CRL\s0 is cached +For efficiency reasons and to work around ASN.1 encoding issues the encoding +of the signed portion of a certificate, certificate request and CRL is cached internally. If the signed portion of the structure is modified the encoding is not always updated meaning a stale version is sometimes used. This is not normally a problem because modifying the signed portion will invalidate the @@ -191,18 +116,18 @@ \&\fBX509_verify\fR\|(3), \&\fBX509_REQ_verify_ex\fR\|(3), \fBX509_REQ_verify\fR\|(3), \&\fBX509_CRL_verify\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are available in all versions of OpenSSL. .PP The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR and \fBX509_CRL_sign_ctx()\fR functions were added in OpenSSL 1.0.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_verify.3.orig +++ secure/lib/libcrypto/man/man3/X509_verify.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_VERIFY 3ossl" -.TH X509_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_VERIFY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_verify, X509_self_signed, X509_REQ_verify_ex, X509_REQ_verify, X509_CRL_verify \- verify certificate, certificate request, or CRL signature -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -156,13 +81,13 @@ \& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); \& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_verify()\fR verifies the signature of certificate \fIx\fR using public key \&\fIpkey\fR. Only the signature is checked: no other checks (such as certificate chain validity) are performed. .PP -\&\fBX509_self_signed()\fR checks whether certificate \fIcert\fR is self-signed. +\&\fBX509_self_signed()\fR checks whether certificate \fIcert\fR is self\-signed. For success the issuer and subject names must match, the components of the authority key identifier (if present) must match the subject key identifier etc. The signature itself is actually verified only if \fBverify_signature\fR is 1, as @@ -175,7 +100,7 @@ \&\fBX509_verify()\fR, \&\fBX509_REQ_verify_ex()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the signature is valid and 0 if the signature check fails. -If the signature could not be checked at all because it was ill-formed, +If the signature could not be checked at all because it was ill\-formed, the certificate or the request was not complete or some other error occurred then \-1 is returned. .PP @@ -197,18 +122,18 @@ \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3), -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) -.SH "HISTORY" +\&\fBOSSL_LIB_CTX\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The \fBX509_verify()\fR, \fBX509_REQ_verify()\fR, and \fBX509_CRL_verify()\fR functions are available in all versions of OpenSSL. .PP \&\fBX509_REQ_verify_ex()\fR, and \fBX509_self_signed()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509_verify_cert.3.orig +++ secure/lib/libcrypto/man/man3/X509_verify_cert.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509_VERIFY_CERT 3ossl" -.TH X509_VERIFY_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509_VERIFY_CERT 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509_build_chain, X509_verify_cert, X509_STORE_CTX_verify \- build and verify X509 certificate chain -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,21 +78,21 @@ \& int X509_verify_cert(X509_STORE_CTX *ctx); \& int X509_STORE_CTX_verify(X509_STORE_CTX *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509_build_chain()\fR builds a certificate chain starting from \fItarget\fR -using the optional list of intermediate \s-1CA\s0 certificates \fIcerts\fR. -If \fIstore\fR is \s-1NULL\s0 it builds the chain as far down as possible, ignoring errors. +using the optional list of intermediate CA certificates \fIcerts\fR. +If \fIstore\fR is NULL it builds the chain as far down as possible, ignoring errors. Else the chain must reach a trust anchor contained in \fIstore\fR. It internally uses a \fBX509_STORE_CTX\fR structure associated with the library -context \fIlibctx\fR and property query string \fIpropq\fR, both of which may be \s-1NULL.\s0 +context \fIlibctx\fR and property query string \fIpropq\fR, both of which may be NULL. In case there is more than one possibility for the chain, only one is taken. .PP -On success it returns a pointer to a new stack of (up_ref'ed) certificates +On success it returns a pointer to a new stack of (up_ref\*(Aqed) certificates starting with \fItarget\fR and followed by all available intermediate certificates. -A self-signed trust anchor is included only if \fItarget\fR is the trust anchor +A self\-signed trust anchor is included only if \fItarget\fR is the trust anchor of \fIwith_self_signed\fR is 1. -If a non-NULL stack is returned the caller is responsible for freeing it. +If a non\-NULL stack is returned the caller is responsible for freeing it. .PP The \fBX509_verify_cert()\fR function attempts to discover and validate a certificate chain based on parameters in \fIctx\fR. @@ -175,7 +100,7 @@ using \fBX509_STORE_CTX_new\fR\|(3) and \fBX509_STORE_CTX_init\fR\|(3). It usually includes a target certificate to be verified, a set of certificates serving as trust anchors, -a list of non-trusted certificates that may be helpful for chain construction, +a list of non\-trusted certificates that may be helpful for chain construction, flags such as X509_V_FLAG_X509_STRICT, and various other optional components such as a callback function that allows customizing the verification outcome. A complete description of the certificate verification process is contained in @@ -183,7 +108,7 @@ .PP Applications rarely call this function directly but it is used by OpenSSL internally for certificate validation, in both the S/MIME and -\&\s-1SSL/TLS\s0 code. +SSL/TLS code. .PP A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked incorrectly, such as with no certificate set in \fIctx\fR, or when it is called @@ -197,7 +122,7 @@ in \fIctx\fR unless a target certificate is set explicitly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_build_chain()\fR returns \s-1NULL\s0 on error, else a stack of certificates. +\&\fBX509_build_chain()\fR returns NULL on error, else a stack of certificates. .PP Both \fBX509_verify_cert()\fR and \fBX509_STORE_CTX_verify()\fR return 1 if a complete chain can be built and validated, @@ -217,14 +142,14 @@ .IX Header "SEE ALSO" \&\fBX509_STORE_CTX_new\fR\|(3), \fBX509_STORE_CTX_init\fR\|(3), \&\fBX509_STORE_CTX_get_error\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBX509_build_chain()\fR and \fBX509_STORE_CTX_verify()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2009\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3.orig +++ secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509V3_GET_EXT_BY_NID 3ossl" -.TH X509V3_GET_EXT_BY_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509V3_GET_EXT_BY_NID 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, @@ -149,7 +74,7 @@ X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext \- extension stack utility functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -193,32 +118,32 @@ \& X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); \& int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fIx\fR. .PP \&\fBX509v3_get_ext()\fR retrieves extension \fIloc\fR from \fIx\fR. The index \fIloc\fR can take any value from 0 to X509_get_ext_count(\fIx\fR) \- 1. The returned -extension is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed by the +extension is an internal pointer which \fBMUST NOT\fR be freed by the application. .PP \&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension -with \fInid\fR or \fIobj\fR from extension \s-1STACK\s0 \fIx\fR. The search starts from the +with \fInid\fR or \fIobj\fR from extension STACK \fIx\fR. The search starts from the extension after \fIlastpos\fR or from the beginning if \fIlastpos\fR is \-1. If the extension is found, its index is returned, otherwise \-1 is returned. .PP \&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it looks for an extension of criticality \fIcrit\fR. A zero value for \fIcrit\fR -looks for a non-critical extension. A nonzero value looks for a critical +looks for a non\-critical extension. A nonzero value looks for a critical extension. .PP \&\fBX509v3_delete_ext()\fR deletes the extension with index \fIloc\fR from \fIx\fR. The deleted extension is returned and must be freed by the caller. -If \fIloc\fR is an invalid index value, \s-1NULL\s0 is returned. +If \fIloc\fR is an invalid index value, NULL is returned. .PP -\&\fBX509v3_add_ext()\fR adds extension \fIex\fR to \s-1STACK\s0 \fI*x\fR at position \fIloc\fR. If -\&\fIloc\fR is \-1, the new extension is added to the end. If \fI*x\fR is \s-1NULL,\s0 -a new \s-1STACK\s0 will be allocated. The passed extension \fIex\fR is duplicated +\&\fBX509v3_add_ext()\fR adds extension \fIex\fR to STACK \fI*x\fR at position \fIloc\fR. If +\&\fIloc\fR is \-1, the new extension is added to the end. If \fI*x\fR is NULL, +a new STACK will be allocated. The passed extension \fIex\fR is duplicated internally so it must be freed after use. .PP \&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR, @@ -229,14 +154,14 @@ \&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR, \&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR, \&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of -\&\s-1CRL\s0 \fIx\fR. They are otherwise identical to the X509v3 functions. +CRL \fIx\fR. They are otherwise identical to the X509v3 functions. .PP \&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR, \&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR, \&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and -\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fIx\fR. +\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of CRL entry \fIx\fR. They are otherwise identical to the X509v3 functions. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" These functions are used to examine stacks of extensions directly. Applications that want to parse or encode and add an extension should @@ -245,12 +170,12 @@ .PP For \fBX509v3_get_ext_by_NID()\fR, \fBX509v3_get_ext_by_OBJ()\fR, \&\fBX509v3_get_ext_by_critical()\fR and its variants, a zero index return value -is not an error since extension \s-1STACK\s0 \fIx\fR indices start from zero. +is not an error since extension STACK \fIx\fR indices start from zero. These search functions start from the extension \fBafter\fR the \fIlastpos\fR parameter so it should initially be set to \-1. If it is set to zero, the initial extension will not be checked. .PP -\&\fBX509v3_delete_ext()\fR and its variants are a bit counter-intuitive +\&\fBX509v3_delete_ext()\fR and its variants are a bit counter\-intuitive because these functions do not free the extension they delete. They return an \fBX509_EXTENSION\fR object which must be explicitly freed using \fBX509_EXTENSION_free()\fR. @@ -259,7 +184,7 @@ \&\fBX509v3_get_ext_count()\fR returns the extension count or 0 for failure. .PP \&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an -\&\fBX509_EXTENSION\fR structure or \s-1NULL\s0 if an error occurs. +\&\fBX509_EXTENSION\fR structure or NULL if an error occurs. .PP \&\fBX509v3_get_ext_by_OBJ()\fR and \fBX509v3_get_ext_by_critical()\fR return the extension index or \-1 if an error occurs. @@ -267,17 +192,17 @@ \&\fBX509v3_get_ext_by_NID()\fR returns the extension index or negative values if an error occurs. .PP -\&\fBX509v3_add_ext()\fR returns a \s-1STACK\s0 of extensions or \s-1NULL\s0 on error. +\&\fBX509v3_add_ext()\fR returns a STACK of extensions or NULL on error. .PP \&\fBX509_add_ext()\fR returns 1 on success and 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509V3_get_d2i\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/b2i_PVK_bio_ex.3.orig +++ secure/lib/libcrypto/man/man3/b2i_PVK_bio_ex.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "B2I_PVK_BIO_EX 3ossl" -.TH B2I_PVK_BIO_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH B2I_PVK_BIO_EX 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME b2i_PVK_bio, b2i_PVK_bio_ex, i2b_PVK_bio, i2b_PVK_bio_ex \- Decode and encode functions for reading and writing MSBLOB format private keys -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -155,9 +80,9 @@ \& pem_password_cb *cb, void *u, \& OSSL_LIB_CTX *libctx, const char *propq); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBb2i_PVK_bio_ex()\fR decodes a private key of \s-1MSBLOB\s0 format read from a \fB\s-1BIO\s0\fR. It +\&\fBb2i_PVK_bio_ex()\fR decodes a private key of MSBLOB format read from a \fBBIO\fR. It attempts to automatically determine the key type. If the key is encrypted then \&\fIcb\fR is called with the user data \fIu\fR in order to obtain a password to decrypt the key. The supplied library context \fIlibctx\fR and property query @@ -166,7 +91,7 @@ \&\fBb2i_PVK_bio()\fR does the same as \fBb2i_PVK_bio_ex()\fR except that the default library context and property query string are used. .PP -\&\fBi2b_PVK_bio_ex()\fR encodes \fIpk\fR using \s-1MSBLOB\s0 format. If \fIenclevel\fR is 1 then +\&\fBi2b_PVK_bio_ex()\fR encodes \fIpk\fR using MSBLOB format. If \fIenclevel\fR is 1 then a password obtained via \fIpem_password_cb\fR is used to encrypt the private key. If \fIenclevel\fR is 0 then no encryption is applied. The user data in \fIu\fR is passed to the password callback. The supplied library context \fIlibctx\fR and @@ -176,8 +101,8 @@ library context and property query string are used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fBb2i_PVK_bio()\fR and \fBb2i_PVK_bio_ex()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR -structure or \fB\s-1NULL\s0\fR if an error occurs. The error code can be obtained by calling +The \fBb2i_PVK_bio()\fR and \fBb2i_PVK_bio_ex()\fR functions return a valid \fBEVP_KEY\fR +structure or \fBNULL\fR if an error occurs. The error code can be obtained by calling \&\fBERR_get_error\fR\|(3). .PP \&\fBi2b_PVK_bio()\fR and \fBi2b_PVK_bio_ex()\fR return the number of bytes successfully @@ -187,14 +112,14 @@ .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBb2i_PVK_bio_ex()\fR and \fBi2b_PVK_bio_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3.orig +++ secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "D2I_PKCS8PRIVATEKEY_BIO 3ossl" -.TH D2I_PKCS8PRIVATEKEY_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH D2I_PKCS8PRIVATEKEY_BIO 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& \& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); \& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); @@ -166,18 +91,18 @@ \& char *kstr, int klen, \& pem_password_cb *cb, void *u); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The PKCS#8 functions encode and decode private keys in PKCS#8 format using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. .PP -Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the -corresponding \fB\s-1PEM\s0\fR function as described in \fBPEM_read_PrivateKey\fR\|(3). -.SH "NOTES" +Other than the use of DER as opposed to PEM these functions are identical to the +corresponding \fBPEM\fR function as described in \fBPEM_read_PrivateKey\fR\|(3). +.SH NOTES .IX Header "NOTES" -These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +These functions are currently the only way to store encrypted private keys using DER format. .PP -Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +Currently all the functions use BIOs or FILE pointers, there are no functions which work directly on memory: this can be readily worked around by converting the buffers to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details. .PP @@ -186,8 +111,8 @@ It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR -structure or \s-1NULL\s0 if an error occurred. +\&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fBEVP_PKEY\fR +structure or NULL if an error occurred. .PP \&\fBi2d_PKCS8PrivateKey_bio()\fR, \fBi2d_PKCS8PrivateKey_fp()\fR, \fBi2d_PKCS8PrivateKey_nid_bio()\fR and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. @@ -195,11 +120,11 @@ .IX Header "SEE ALSO" \&\fBPEM_read_PrivateKey\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/d2i_PrivateKey.3.orig +++ secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "D2I_PRIVATEKEY 3ossl" -.TH D2I_PRIVATEKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH D2I_PRIVATEKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME d2i_PrivateKey_ex, d2i_PrivateKey, d2i_PublicKey, d2i_KeyParams, d2i_AutoPrivateKey_ex, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, i2d_KeyParams, i2d_KeyParams_bio, d2i_PrivateKey_ex_bio, d2i_PrivateKey_bio, d2i_PrivateKey_ex_fp, d2i_PrivateKey_fp, d2i_KeyParams_bio, i2d_PrivateKey_bio, i2d_PrivateKey_fp \&\- decode and encode functions for reading and saving EVP_PKEY structures -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -184,18 +109,18 @@ \& int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); \& int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBd2i_PrivateKey_ex()\fR decodes a private key using algorithm \fItype\fR. It attempts -to use any key-specific format or PKCS#8 unencrypted PrivateKeyInfo format. +to use any key\-specific format or PKCS#8 unencrypted PrivateKeyInfo format. The \fItype\fR parameter should be a public key algorithm constant such as -\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fItype\fR. Some +\&\fBEVP_PKEY_RSA\fR. An error occurs if the decoded key does not match \fItype\fR. Some private key decoding implementations may use cryptographic algorithms (for example to automatically derive the public key if it is not explicitly included in the encoding). In this case the supplied library context \fIlibctx\fR and property query string \fIpropq\fR are used. -If successful and the \fIa\fR parameter is not \s-1NULL\s0 the function assigns the -returned \fB\s-1EVP_PKEY\s0\fR structure pointer to \fI*a\fR, overwriting any previous value. +If successful and the \fIa\fR parameter is not NULL the function assigns the +returned \fBEVP_PKEY\fR structure pointer to \fI*a\fR, overwriting any previous value. .PP \&\fBd2i_PrivateKey()\fR does the same as \fBd2i_PrivateKey_ex()\fR except that the default library context and property query string are used. @@ -204,9 +129,9 @@ .PP The \fBd2i_PrivateKey_ex_bio()\fR and \fBd2i_PrivateKey_bio()\fR functions are similar to \&\fBd2i_PrivateKey_ex()\fR and \fBd2i_PrivateKey()\fR respectively except that they decode -the data read from the given \s-1BIO.\s0 The \fBd2i_PrivateKey_ex_fp()\fR and +the data read from the given BIO. The \fBd2i_PrivateKey_ex_fp()\fR and \&\fBd2i_PrivateKey_fp()\fR functions are the same except that they read the data from -the given \s-1FILE.\s0 +the given FILE. .PP \&\fBd2i_AutoPrivateKey_ex()\fR and \fBd2i_AutoPrivateKey()\fR are similar to \&\fBd2i_PrivateKey_ex()\fR and \fBd2i_PrivateKey()\fR respectively except that they attempt @@ -218,27 +143,27 @@ \&\fBi2d_KeyParams()\fR does the same for key parameters. These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3). \&\fBi2d_PrivateKey_bio()\fR and \fBi2d_PrivateKey_fp()\fR do the same thing except that they -encode to a \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR respectively. Again, these work similarly to the +encode to a \fBBIO\fR or \fBFILE\fR respectively. Again, these work similarly to the functions described in \fBd2i_X509\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" All the functions that operate on data in memory update the data pointer \fI*pp\fR after a successful operation, just like the other d2i and i2d functions; see \fBd2i_X509\fR\|(3). .PP -All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing +All these functions use DER format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as \&\fBd2i_PKCS8PrivateKey()\fR instead. .PP -To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fI*a\fR to be -a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper -\&\s-1EC_GROUP.\s0 +To decode a key with type \fBEVP_PKEY_EC\fR, \fBd2i_PublicKey()\fR requires \fI*a\fR to be +a non\-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper +EC_GROUP. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBd2i_PrivateKey_ex()\fR, \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey_ex()\fR, \&\fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_ex_bio()\fR, \fBd2i_PrivateKey_bio()\fR, \&\fBd2i_PrivateKey_ex_fp()\fR, \fBd2i_PrivateKey_fp()\fR, \fBd2i_PublicKey()\fR, \fBd2i_KeyParams()\fR -and \fBd2i_KeyParams_bio()\fR functions return a valid \fB\s-1EVP_PKEY\s0\fR structure or \s-1NULL\s0 if +and \fBd2i_KeyParams_bio()\fR functions return a valid \fBEVP_PKEY\fR structure or NULL if an error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). .PP \&\fBi2d_PrivateKey()\fR, \fBi2d_PublicKey()\fR and \fBi2d_KeyParams()\fR return the number of @@ -251,15 +176,15 @@ .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" \&\fBd2i_PrivateKey_ex()\fR, \fBd2i_PrivateKey_ex_bio()\fR, \fBd2i_PrivateKey_ex_fp()\fR, and \&\fBd2i_AutoPrivateKey_ex()\fR were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/d2i_RSAPrivateKey.3.orig +++ secure/lib/libcrypto/man/man3/d2i_RSAPrivateKey.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "D2I_RSAPRIVATEKEY 3ossl" -.TH D2I_RSAPRIVATEKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH D2I_RSAPRIVATEKEY 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, @@ -194,10 +119,10 @@ i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp \&\- DEPRECATED -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +hidden entirely by defining \fBOPENSSL_API_COMPAT\fR with a suitable version value, see \fBopenssl_user_macros\fR\|(7): .PP .Vb 12 @@ -239,105 +164,105 @@ \& int i2d_TYPE_PUBKEY_bio(BIO *bp, const TYPE *a); \& int i2d_TYPE_PUBKEY_bio(BIO *bp, TYPE *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -All functions described here are deprecated. Please use \s-1\fBOSSL_DECODER\s0\fR\|(3) -instead of the \fBd2i\fR functions and \s-1\fBOSSL_ENCODER\s0\fR\|(3) instead of the \fBi2d\fR -functions. See \*(L"Migration\*(R" below. +All functions described here are deprecated. Please use \fBOSSL_DECODER\fR\|(3) +instead of the \fBd2i\fR functions and \fBOSSL_ENCODER\fR\|(3) instead of the \fBi2d\fR +functions. See "Migration" below. .PP -In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder for any of the -OpenSSL datatypes, such as \fB\s-1RSA\s0\fR. +In the description here, \fR\f(BITYPE\fR\fB\fR is used a placeholder for any of the +OpenSSL datatypes, such as \fBRSA\fR. The function parameters \fIppin\fR and \fIppout\fR are generally either both named \&\fIpp\fR in the headers, or \fIin\fR and \fIout\fR. .PP -All the functions here behave the way that's described in \fBd2i_X509\fR\|(3). +All the functions here behave the way that\*(Aqs described in \fBd2i_X509\fR\|(3). .PP Please note that not all functions in the synopsis are available for all key types. For example, there are no \fBd2i_RSAparams()\fR or \fBi2d_RSAparams()\fR, -because the PKCS#1 \fB\s-1RSA\s0\fR structure doesn't include any key parameters. +because the PKCS#1 \fBRSA\fR structure doesn\*(Aqt include any key parameters. .PP -\&\fBd2i_\f(BI\s-1TYPE\s0\fBPrivateKey\fR() and derivates thereof decode \s-1DER\s0 encoded -\&\fB\f(BI\s-1TYPE\s0\fB\fR private key data organized in a type specific structure. +\&\fBd2i_\fR\f(BITYPE\fR\fBPrivateKey\fR() and derivates thereof decode DER encoded +\&\fR\f(BITYPE\fR\fB\fR private key data organized in a type specific structure. .PP -\&\fBd2i_\f(BI\s-1TYPE\s0\fBPublicKey\fR() and derivates thereof decode \s-1DER\s0 encoded -\&\fB\f(BI\s-1TYPE\s0\fB\fR public key data organized in a type specific structure. +\&\fBd2i_\fR\f(BITYPE\fR\fBPublicKey\fR() and derivates thereof decode DER encoded +\&\fR\f(BITYPE\fR\fB\fR public key data organized in a type specific structure. .PP -\&\fBd2i_\f(BI\s-1TYPE\s0\fBparams\fR() and derivates thereof decode \s-1DER\s0 encoded \fB\f(BI\s-1TYPE\s0\fB\fR +\&\fBd2i_\fR\f(BITYPE\fR\fBparams\fR() and derivates thereof decode DER encoded \fR\f(BITYPE\fR\fB\fR key parameters organized in a type specific structure. .PP -\&\fBd2i_\f(BI\s-1TYPE\s0\fB_PUBKEY\fR() and derivates thereof decode \s-1DER\s0 encoded \fB\f(BI\s-1TYPE\s0\fB\fR +\&\fBd2i_\fR\f(BITYPE\fR\fB_PUBKEY\fR() and derivates thereof decode DER encoded \fR\f(BITYPE\fR\fB\fR public key data organized in a \fBSubjectPublicKeyInfo\fR structure. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fBPrivateKey\fR() and derivates thereof encode the private key -\&\fB\f(BI\s-1TYPE\s0\fB\fR data into a type specific \s-1DER\s0 encoded structure. +\&\fBi2d_\fR\f(BITYPE\fR\fBPrivateKey\fR() and derivates thereof encode the private key +\&\fR\f(BITYPE\fR\fB\fR data into a type specific DER encoded structure. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fBPublicKey\fR() and derivates thereof encode the public key -\&\fB\f(BI\s-1TYPE\s0\fB\fR data into a type specific \s-1DER\s0 encoded structure. +\&\fBi2d_\fR\f(BITYPE\fR\fBPublicKey\fR() and derivates thereof encode the public key +\&\fR\f(BITYPE\fR\fB\fR data into a type specific DER encoded structure. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fBparams\fR() and derivates thereof encode the \fB\f(BI\s-1TYPE\s0\fB\fR key -parameters data into a type specific \s-1DER\s0 encoded structure. +\&\fBi2d_\fR\f(BITYPE\fR\fBparams\fR() and derivates thereof encode the \fR\f(BITYPE\fR\fB\fR key +parameters data into a type specific DER encoded structure. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB_PUBKEY\fR() and derivates thereof encode the public key -\&\fB\f(BI\s-1TYPE\s0\fB\fR data into a \s-1DER\s0 encoded \fBSubjectPublicKeyInfo\fR structure. +\&\fBi2d_\fR\f(BITYPE\fR\fB_PUBKEY\fR() and derivates thereof encode the public key +\&\fR\f(BITYPE\fR\fB\fR data into a DER encoded \fBSubjectPublicKeyInfo\fR structure. .PP For example, \fBd2i_RSAPrivateKey()\fR and \fBd2i_RSAPublicKey()\fR expects the structure defined by PKCS#1. -Similarly, \fBi2d_RSAPrivateKey()\fR and \fBi2d_RSAPublicKey()\fR produce \s-1DER\s0 encoded +Similarly, \fBi2d_RSAPrivateKey()\fR and \fBi2d_RSAPublicKey()\fR produce DER encoded string organized according to PKCS#1. -.SS "Migration" +.SS Migration .IX Subsection "Migration" -Migration from the diverse \fB\f(BI\s-1TYPE\s0\fB\fRs requires using corresponding new -OpenSSL types. For all \fB\f(BI\s-1TYPE\s0\fB\fRs described here, the corresponding new -type is \fB\s-1EVP_PKEY\s0\fR. The rest of this section assumes that this has been +Migration from the diverse \fR\f(BITYPE\fR\fB\fRs requires using corresponding new +OpenSSL types. For all \fB\fR\f(BITYPE\fR\fB\fRs described here, the corresponding new +type is \fBEVP_PKEY\fR. The rest of this section assumes that this has been done, exactly how to do that is described elsewhere. .PP There are two migration paths: -.IP "\(bu" 4 +.IP \(bu 4 Replace -b with \fBd2i_PrivateKey\fR\|(3), -b with \fBd2i_PublicKey\fR\|(3), -b with \fBd2i_KeyParams\fR\|(3), -b with \fBd2i_PUBKEY\fR\|(3), -b with \fBi2d_PrivateKey\fR\|(3), -b with \fBi2d_PublicKey\fR\|(3), -b with \fBi2d_KeyParams\fR\|(3), -b with \fBi2d_PUBKEY\fR\|(3). -A caveat is that \fBi2d_PrivateKey\fR\|(3) may output a \s-1DER\s0 encoded PKCS#8 +b with \fBd2i_PrivateKey\fR\|(3), +b with \fBd2i_PublicKey\fR\|(3), +b with \fBd2i_KeyParams\fR\|(3), +b with \fBd2i_PUBKEY\fR\|(3), +b with \fBi2d_PrivateKey\fR\|(3), +b with \fBi2d_PublicKey\fR\|(3), +b with \fBi2d_KeyParams\fR\|(3), +b with \fBi2d_PUBKEY\fR\|(3). +A caveat is that \fBi2d_PrivateKey\fR\|(3) may output a DER encoded PKCS#8 outermost structure instead of the type specific structure, and that \&\fBd2i_PrivateKey\fR\|(3) recognises and unpacks a PKCS#8 structures. -.IP "\(bu" 4 -Use \s-1\fBOSSL_DECODER\s0\fR\|(3) and \s-1\fBOSSL_ENCODER\s0\fR\|(3). How to migrate is described +.IP \(bu 4 +Use \fBOSSL_DECODER\fR\|(3) and \fBOSSL_ENCODER\fR\|(3). How to migrate is described below. All those descriptions assume that the key to be encoded is in the variable \fIpkey\fR. .PP -\fIMigrating \f(BIi2d\fI functions to \f(BI\s-1OSSL_ENCODER\s0\fI\fR +\fIMigrating \fR\f(BIi2d\fR\fI functions to \fR\f(BIOSSL_ENCODER\fR .IX Subsection "Migrating i2d functions to OSSL_ENCODER" .PP -The exact \s-1\fBOSSL_ENCODER\s0\fR\|(3) output is driven by arguments rather than by -function names. The sample code to get \s-1DER\s0 encoded output in a type +The exact \fBOSSL_ENCODER\fR\|(3) output is driven by arguments rather than by +function names. The sample code to get DER encoded output in a type specific structure is uniform, the only things that vary are the selection -of what part of the \fB\s-1EVP_PKEY\s0\fR should be output, and the structure. The +of what part of the \fBEVP_PKEY\fR should be output, and the structure. The \&\fBi2d\fR functions names can therefore be translated into two variables, \&\fIselection\fR and \fIstructure\fR as follows: -.IP "\fBi2d_\f(BI\s-1TYPE\s0\fBPrivateKey\fR() translates into:" 4 +.IP "\fBi2d_\fR\f(BITYPE\fR\fBPrivateKey\fR() translates into:" 4 .IX Item "i2d_TYPEPrivateKey() translates into:" .Vb 2 \& int selection = EVP_PKEY_KEYPAIR; \& const char *structure = "type\-specific"; .Ve -.IP "\fBi2d_\f(BI\s-1TYPE\s0\fBPublicKey\fR() translates into:" 4 +.IP "\fBi2d_\fR\f(BITYPE\fR\fBPublicKey\fR() translates into:" 4 .IX Item "i2d_TYPEPublicKey() translates into:" .Vb 2 \& int selection = EVP_PKEY_PUBLIC_KEY; \& const char *structure = "type\-specific"; .Ve -.IP "\fBi2d_\f(BI\s-1TYPE\s0\fBparams\fR() translates into:" 4 +.IP "\fBi2d_\fR\f(BITYPE\fR\fBparams\fR() translates into:" 4 .IX Item "i2d_TYPEparams() translates into:" .Vb 2 \& int selection = EVP_PKEY_PARAMETERS; \& const char *structure = "type\-specific"; .Ve -.IP "\fBi2d_\f(BI\s-1TYPE\s0\fB_PUBKEY\fR() translates into:" 4 +.IP "\fBi2d_\fR\f(BITYPE\fR\fB_PUBKEY\fR() translates into:" 4 .IX Item "i2d_TYPE_PUBKEY() translates into:" .Vb 2 \& int selection = EVP_PKEY_PUBLIC_KEY; @@ -365,62 +290,62 @@ \& } \& OSSL_ENCODER_CTX_free(ctx); .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The letters \fBi\fR and \fBd\fR in \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() stand for -\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. -So \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() converts from internal to \s-1DER.\s0 +The letters \fBi\fR and \fBd\fR in \fBi2d_\fR\f(BITYPE\fR() stand for +"internal" (that is, an internal C structure) and "DER" respectively. +So \fBi2d_\fR\f(BITYPE\fR\fB\fR() converts from internal to DER. .PP -The functions can also understand \fB\s-1BER\s0\fR forms. +The functions can also understand \fBBER\fR forms. .PP -The actual \s-1TYPE\s0 structure passed to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() must be a valid -populated \fB\f(BI\s-1TYPE\s0\fB\fR structure \*(-- it \fBcannot\fR simply be fed with an +The actual TYPE structure passed to \fBi2d_\fR\f(BITYPE\fR() must be a valid +populated \fB\fR\f(BITYPE\fR\fB\fR structure \-\- it \fBcannot\fR simply be fed with an empty structure such as that returned by \fBTYPE_new()\fR. .PP The encoded data is in binary form and may contain embedded zeros. -Therefore, any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Therefore, any FILE pointers or BIOs should be opened in binary mode. Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length of the encoded structure. .PP The ways that \fI*ppin\fR and \fI*ppout\fR are incremented after the operation -can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section in \fBd2i_X509\fR\|(3) for some +can trap the unwary. See the \fBWARNINGS\fR section in \fBd2i_X509\fR\|(3) for some common errors. -The reason for this-auto increment behaviour is to reflect a typical -usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +The reason for this\-auto increment behaviour is to reflect a typical +usage of ASN1 functions: after one structure is encoded or decoded another will be processed after it. .PP The following points about the data types might be useful: -.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 +.IP \fBDSA_PUBKEY\fR 4 .IX Item "DSA_PUBKEY" -Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. +Represents a DSA public key using a \fBSubjectPublicKeyInfo\fR structure. .IP "\fBDSAPublicKey\fR, \fBDSAPrivateKey\fR" 4 .IX Item "DSAPublicKey, DSAPrivateKey" -Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, +Use a non\-standard OpenSSL format and should be avoided; use \fBDSA_PUBKEY\fR, \&\fBPEM_write_PrivateKey\fR\|(3), or similar instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR(), \fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() return a valid -\&\fB\f(BI\s-1TYPE\s0\fB\fR structure or \s-1NULL\s0 if an error occurs. If the \*(L"reuse\*(R" capability has +\&\fBd2i_\fR\f(BITYPE\fR(), \fBd2i_\fR\f(BITYPE\fR\fB_bio\fR() and \fBd2i_\fR\f(BITYPE\fR\fB_fp\fR() return a valid +\&\fB\fR\f(BITYPE\fR\fB\fR structure or NULL if an error occurs. If the "reuse" capability has been used with a valid structure being passed in via \fIa\fR, then the object is -freed in the event of error and \fI*a\fR is set to \s-1NULL.\s0 +freed in the event of error and \fI*a\fR is set to NULL. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() returns the number of bytes successfully encoded or a negative +\&\fBi2d_\fR\f(BITYPE\fR() returns the number of bytes successfully encoded or a negative value if an error occurs. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() return 1 for success and 0 if an +\&\fBi2d_\fR\f(BITYPE\fR\fB_bio\fR() and \fBi2d_\fR\f(BITYPE\fR\fB_fp\fR() return 1 for success and 0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBOSSL_ENCODER\s0\fR\|(3), \s-1\fBOSSL_DECODER\s0\fR\|(3), +\&\fBOSSL_ENCODER\fR\|(3), \fBOSSL_DECODER\fR\|(3), \&\fBd2i_PrivateKey\fR\|(3), \fBd2i_PublicKey\fR\|(3), \fBd2i_KeyParams\fR\|(3), \&\fBd2i_PUBKEY\fR\|(3), \&\fBi2d_PrivateKey\fR\|(3), \fBi2d_PublicKey\fR\|(3), \fBi2d_KeyParams\fR\|(3), \&\fBi2d_PUBKEY\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3.orig +++ secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "D2I_SSL_SESSION 3ossl" -.TH D2I_SSL_SESSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH D2I_SSL_SESSION 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -149,34 +74,34 @@ \& long length); \& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions decode and encode an \s-1SSL_SESSION\s0 object. +These functions decode and encode an SSL_SESSION object. For encoding details see \fBd2i_X509\fR\|(3). .PP -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). +SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object\*(Aqs session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 -object. In case of failure the NULL-pointer is returned and the error message +\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated SSL_SESSION +object. In case of failure the NULL\-pointer is returned and the error message can be retrieved from the error stack. .PP -\&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +\&\fBi2d_SSL_SESSION()\fR returns the size of the ASN1 representation in bytes. When the session is not valid, \fB0\fR is returned and no operation is performed. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3), \&\fBd2i_X509\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/d2i_X509.3.orig +++ secure/lib/libcrypto/man/man3/d2i_X509.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "D2I_X509 3ossl" -.TH D2I_X509 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH D2I_X509 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, @@ -485,7 +410,7 @@ i2d_X509_SIG, i2d_X509_VAL, \&\- convert objects from/to ASN.1/DER representation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 3 \& TYPE *d2i_TYPE(TYPE **a, const unsigned char **ppin, long length); @@ -499,122 +424,127 @@ \& int i2d_TYPE_bio(BIO *bp, const TYPE *a); \& int i2d_TYPE_bio(BIO *bp, TYPE *a); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder +In the description here, \fR\f(BITYPE\fR\fB\fR is used a placeholder for any of the OpenSSL datatypes, such as \fBX509_CRL\fR. The function parameters \fIppin\fR and \fIppout\fR are generally either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. .PP -These functions convert OpenSSL objects to and from their \s-1ASN.1/DER\s0 -encoding. Unlike the C structures which can have pointers to sub-objects -within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the +These functions convert OpenSSL objects to and from their ASN.1/DER +encoding. Unlike the C structures which can have pointers to sub\-objects +within, the DER is a serialized encoding, suitable for sending over the network, writing to a file, and so on. .PP -\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR() attempts to decode \fIlen\fR bytes at \fI*ppin\fR. If successful a -pointer to the \fB\f(BI\s-1TYPE\s0\fB\fR structure is returned and \fI*ppin\fR is incremented to -the byte following the parsed data. If \fIa\fR is not \s-1NULL\s0 then a pointer +\&\fBd2i_\fR\f(BITYPE\fR() attempts to decode \fIlen\fR bytes at \fI*ppin\fR. If successful a +pointer to the \fB\fR\f(BITYPE\fR\fB\fR structure is returned and \fI*ppin\fR is incremented to +the byte following the parsed data. If \fIa\fR is not NULL then a pointer to the returned structure is also written to \fI*a\fR. If an error occurred -then \s-1NULL\s0 is returned. +then NULL is returned. The caller retains ownership of the +returned object and needs to free it when it is no longer needed, e.g. +using \fBX509_free()\fR for X509 objects or \fBDSA_SIG_free()\fR for DSA_SIG objects. .PP -On a successful return, if \fI*a\fR is not \s-1NULL\s0 then it is assumed that \fI*a\fR -contains a valid \fB\f(BI\s-1TYPE\s0\fB\fR structure and an attempt is made to reuse it. This -\&\*(L"reuse\*(R" capability is present for historical compatibility but its use is -\&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN -VALUES\s0 section). +On a successful return, if \fI*a\fR is not NULL then it is assumed that \fI*a\fR +contains a valid \fR\f(BITYPE\fR\fB\fR structure and an attempt is made to reuse it. +For \fB\fR\f(BITYPE\fR\fB\fR structures where it matters it is possible to set up a library +context on the decoded structure this way (see the \fBEXAMPLES\fR section). +However using the "reuse" capability for other purposes is \fBstrongly +discouraged\fR (see \fBBUGS\fR below, and the discussion in the \fBRETURN VALUES\fR +section). .PP -\&\fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() is similar to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() except it attempts -to parse data from \s-1BIO\s0 \fIbp\fR. +\&\fBd2i_\fR\f(BITYPE\fR\fB_bio\fR() is similar to \fBd2i_\fR\f(BITYPE\fR() except it attempts +to parse data from BIO \fIbp\fR. .PP -\&\fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() is similar to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() except it attempts -to parse data from \s-1FILE\s0 pointer \fIfp\fR. +\&\fBd2i_\fR\f(BITYPE\fR\fB_fp\fR() is similar to \fBd2i_\fR\f(BITYPE\fR() except it attempts +to parse data from FILE pointer \fIfp\fR. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() encodes the structure pointed to by \fIa\fR into \s-1DER\s0 format. -If \fIppout\fR is not \s-1NULL,\s0 it writes the \s-1DER\s0 encoded data to the buffer +\&\fBi2d_\fR\f(BITYPE\fR() encodes the structure pointed to by \fIa\fR into DER format. +If \fIppout\fR is not NULL, it writes the DER encoded data to the buffer at \fI*ppout\fR, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data. .PP -If \fI*ppout\fR is \s-1NULL\s0 memory will be allocated for a buffer and the encoded +If \fI*ppout\fR is NULL memory will be allocated for a buffer and the encoded data written to it. In this case \fI*ppout\fR is not incremented and it points to the start of the data just written. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() is similar to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() except it writes -the encoding of the structure \fIa\fR to \s-1BIO\s0 \fIbp\fR and it +\&\fBi2d_\fR\f(BITYPE\fR\fB_bio\fR() is similar to \fBi2d_\fR\f(BITYPE\fR() except it writes +the encoding of the structure \fIa\fR to BIO \fIbp\fR and it returns 1 for success and 0 for failure. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() is similar to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() except it writes -the encoding of the structure \fIa\fR to \s-1FILE\s0 pointer \fIfp\fR and it +\&\fBi2d_\fR\f(BITYPE\fR\fB_fp\fR() is similar to \fBi2d_\fR\f(BITYPE\fR() except it writes +the encoding of the structure \fIa\fR to FILE pointer \fIfp\fR and it returns 1 for success and 0 for failure. .PP These routines do not encrypt private keys and therefore offer no security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The letters \fBi\fR and \fBd\fR in \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() stand for -\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. -So \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() converts from internal to \s-1DER.\s0 +The letters \fBi\fR and \fBd\fR in \fBi2d_\fR\f(BITYPE\fR() stand for +"internal" (that is, an internal C structure) and "DER" respectively. +So \fBi2d_\fR\f(BITYPE\fR\fB\fR() converts from internal to DER. .PP -The functions can also understand \fB\s-1BER\s0\fR forms. +The functions can also understand \fBBER\fR forms. .PP -The actual \s-1TYPE\s0 structure passed to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() must be a valid -populated \fB\f(BI\s-1TYPE\s0\fB\fR structure \*(-- it \fBcannot\fR simply be fed with an +The actual TYPE structure passed to \fBi2d_\fR\f(BITYPE\fR() must be a valid +populated \fB\fR\f(BITYPE\fR\fB\fR structure \-\- it \fBcannot\fR simply be fed with an empty structure such as that returned by \fBTYPE_new()\fR. .PP The encoded data is in binary form and may contain embedded zeros. -Therefore, any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Therefore, any FILE pointers or BIOs should be opened in binary mode. Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length of the encoded structure. .PP The ways that \fI*ppin\fR and \fI*ppout\fR are incremented after the operation -can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +can trap the unwary. See the \fBWARNINGS\fR section for some common errors. -The reason for this-auto increment behaviour is to reflect a typical -usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +The reason for this\-auto increment behaviour is to reflect a typical +usage of ASN1 functions: after one structure is encoded or decoded another will be processed after it. .PP The following points about the data types might be useful: -.IP "\fB\s-1ASN1_OBJECT\s0\fR" 4 +.IP \fBASN1_OBJECT\fR 4 .IX Item "ASN1_OBJECT" -Represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 -.IP "\fBDHparams\fR" 4 +Represents an ASN1 OBJECT IDENTIFIER. +.IP \fBDHparams\fR 4 .IX Item "DHparams" -Represents a PKCS#3 \s-1DH\s0 parameters structure. -.IP "\fBDHxparams\fR" 4 +Represents a PKCS#3 DH parameters structure. +.IP \fBDHxparams\fR 4 .IX Item "DHxparams" -Represents an \s-1ANSI X9.42 DH\s0 parameters structure. -.IP "\fB\s-1ECDSA_SIG\s0\fR" 4 +Represents an ANSI X9.42 DH parameters structure. +.IP \fBECDSA_SIG\fR 4 .IX Item "ECDSA_SIG" -Represents an \s-1ECDSA\s0 signature. -.IP "\fBX509_ALGOR\fR" 4 +Represents an ECDSA signature. +.IP \fBX509_ALGOR\fR 4 .IX Item "X509_ALGOR" -Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF RFC 6960\s0 and +Represents an \fBAlgorithmIdentifier\fR structure as used in IETF RFC 6960 and elsewhere. -.IP "\fBX509_NAME\fR" 4 +.IP \fBX509_NAME\fR 4 .IX Item "X509_NAME" Represents a \fBName\fR type as used for subject and issuer names in -\&\s-1IETF RFC 6960\s0 and elsewhere. -.IP "\fBX509_REQ\fR" 4 +IETF RFC 6960 and elsewhere. +.IP \fBX509_REQ\fR 4 .IX Item "X509_REQ" Represents a PKCS#10 certificate request. -.IP "\fBX509_SIG\fR" 4 +.IP \fBX509_SIG\fR 4 .IX Item "X509_SIG" Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR(), \fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() return a valid -\&\fB\f(BI\s-1TYPE\s0\fB\fR structure or \s-1NULL\s0 if an error occurs. If the \*(L"reuse\*(R" capability has +\&\fBd2i_\fR\f(BITYPE\fR(), \fBd2i_\fR\f(BITYPE\fR\fB_bio\fR() and \fBd2i_\fR\f(BITYPE\fR\fB_fp\fR() return a valid +\&\fB\fR\f(BITYPE\fR\fB\fR structure or NULL if an error occurs. If the "reuse" capability has been used with a valid structure being passed in via \fIa\fR, then the object is -freed in the event of error and \fI*a\fR is set to \s-1NULL.\s0 +freed in the event of error and \fI*a\fR is set to NULL. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() returns the number of bytes successfully encoded or a negative +\&\fBi2d_\fR\f(BITYPE\fR() returns the number of bytes successfully encoded or a negative value if an error occurs. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() return 1 for success and 0 if an -error occurs. -.SH "EXAMPLES" +\&\fBi2d_\fR\f(BITYPE\fR\fB_bio\fR() and \fBi2d_\fR\f(BITYPE\fR\fB_fp\fR(), +as well as \fBi2d_ASN1_bio_stream()\fR, +return 1 for success and 0 if an error occurs. +.SH EXAMPLES .IX Header "EXAMPLES" -Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +Allocate and encode the DER encoding of an X509 structure: .PP .Vb 2 \& int len; @@ -656,7 +586,25 @@ \& if (d2i_X509(&x, &p, len) == NULL) \& /* error */ .Ve -.SH "WARNINGS" +.PP +Setting up a library context and property query: +.PP +.Vb 6 +\& X509 *x; +\& unsigned char *buf; +\& const unsigned char *p; +\& int len; +\& OSSL_LIB_CTX *libctx = ....; +\& const char *propq = ....; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = X509_new_ex(libctx, propq); +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error, x was freed and NULL assigned to it (see RETURN VALUES) */ +.Ve +.SH WARNINGS .IX Header "WARNINGS" Using a temporary variable is mandatory. A common mistake is to attempt to use a buffer directly as follows: @@ -678,7 +626,7 @@ Also \fIbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR and the subsequent call to \fBOPENSSL_free()\fR is likely to crash. .PP -Another trap to avoid is misuse of the \fIa\fR argument to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(): +Another trap to avoid is misuse of the \fIa\fR argument to \fBd2i_\fR\f(BITYPE\fR(): .PP .Vb 1 \& X509 *x; @@ -690,36 +638,36 @@ This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this is that the variable \fIx\fR is uninitialized and an attempt will be made to interpret its (invalid) value as an \fBX509\fR structure, typically causing -a segmentation violation. If \fIx\fR is set to \s-1NULL\s0 first then this will not +a segmentation violation. If \fIx\fR is set to NULL first then this will not happen. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() when +In some versions of OpenSSL the "reuse" behaviour of \fBd2i_\fR\f(BITYPE\fR() when \&\fI*a\fR is valid is broken and some parts of the reused structure may persist if they are not present in the new one. Additionally, in versions of -OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs +OpenSSL prior to 1.1.0, when the "reuse" behaviour is used and an error occurs the behaviour is inconsistent. Some functions behaved as described here, while -some did not free \fI*a\fR on error and did not set \fI*a\fR to \s-1NULL.\s0 +some did not free \fI*a\fR on error and did not set \fI*a\fR to NULL. .PP -As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. +As a result of the above issues the "reuse" behaviour is strongly discouraged. .PP -\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() will not return an error in many versions of OpenSSL, +\&\fBi2d_\fR\f(BITYPE\fR() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the -fields entirely and will not be parsed by \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(). This may be -fixed in future so code should not assume that \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() will +fields entirely and will not be parsed by \fBd2i_\fR\f(BITYPE\fR\fB\fR(). This may be +fixed in future so code should not assume that \fBi2d_\fR\f(BITYPE\fR\fB\fR() will always succeed. .PP -Any function which encodes a structure (\fBi2d_\f(BI\s-1TYPE\s0\fB\fR(), -\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() or \fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR()) may return a stale encoding if the +Any function which encodes a structure (\fBi2d_\fR\f(BITYPE\fR(), +\&\fBi2d_\fR\f(BITYPE\fR\fB_bio\fR() or \fBi2d_\fR\f(BITYPE\fR\fB_fp\fR()) may return a stale encoding if the structure has been modified after deserialization or previous serialization. This is because some objects cache the encoding for efficiency reasons. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 1998\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3.orig +++ secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,96 +53,37 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "I2D_CMS_BIO_STREAM 3ossl" -.TH I2D_CMS_BIO_STREAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH I2D_CMS_BIO_STREAM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. +\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in BER format. .PP It is otherwise identical to the function \fBSMIME_write_CMS()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting streaming. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +The prefix "i2d" is arguably wrong because the function outputs BER format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. @@ -169,14 +94,14 @@ \&\fBCMS_decrypt\fR\|(3), \&\fBSMIME_write_CMS\fR\|(3), \&\fBPEM_write_bio_CMS_stream\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3.orig +++ secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,96 +53,37 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "I2D_PKCS7_BIO_STREAM 3ossl" -.TH I2D_PKCS7_BIO_STREAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH I2D_PKCS7_BIO_STREAM 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. +\&\fBi2d_PKCS7_bio_stream()\fR outputs a PKCS7 structure in BER format. .PP It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting streaming. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +The prefix "i2d" is arguably wrong because the function outputs BER format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. @@ -169,14 +94,14 @@ \&\fBPKCS7_decrypt\fR\|(3), \&\fBSMIME_write_PKCS7\fR\|(3), \&\fBPEM_write_bio_PKCS7_stream\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3.orig +++ secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "I2D_RE_X509_TBS 3ossl" -.TH I2D_RE_X509_TBS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH I2D_RE_X509_TBS 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs \&\- X509 encode and decode functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -153,40 +78,40 @@ \& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); \& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The X509 encode and decode routines encode and parse an \&\fBX509\fR structure, which represents an X509 certificate. .PP \&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509\fR\|(3) but the input is expected to consist of an X509 certificate followed by auxiliary trust information. -This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. +This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. This function should not be called on untrusted input. .PP \&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509\fR\|(3), but the encoded output contains both the certificate and any auxiliary trust information. -This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. -Note that this is a non-standard OpenSSL-specific data format. +This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. +Note that this is a non\-standard OpenSSL\-specific data format. .PP \&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509\fR\|(3) except it encodes only the TBSCertificate portion of the certificate. \fBi2d_re_X509_CRL_tbs()\fR -and \fBi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, -respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", +and \fBi2d_re_X509_REQ_tbs()\fR are analogous for CRL and certificate request, +respectively. The "re" in \fBi2d_re_X509_tbs\fR stands for "re\-encode", and ensures that a fresh encoding is generated in case the object has been -modified after creation (see the \s-1BUGS\s0 section). +modified after creation (see the BUGS section). .PP The encoding of the TBSCertificate portion of a certificate is cached in the \fBX509\fR structure internally to improve encoding performance and to ensure certificate signatures are verified correctly in some -certificates with broken (non-DER) encodings. +certificates with broken (non\-DER) encodings. .PP -If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR, +If, after modification, the \fBX509\fR object is re\-signed with \fBX509_sign()\fR, the encoding is automatically renewed. Otherwise, the encoding of the TBSCertificate portion of the \fBX509\fR can be manually renewed by calling \&\fBi2d_re_X509_tbs()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. +\&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or NULL if an error occurred. .PP \&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. .PP @@ -210,11 +135,11 @@ \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3.orig +++ secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "O2I_SCT_LIST 3ossl" -.TH O2I_SCT_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH O2I_SCT_LIST 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- decode and encode Signed Certificate Timestamp lists in TLS wire format -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -152,11 +77,11 @@ \& SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); \& int i2o_SCT(const SCT *sct, unsigned char **out); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of -functions, except that they convert to and from \s-1TLS\s0 wire format, as described in -\&\s-1RFC 6962.\s0 See \fBd2i_SCT_LIST\fR\|(3) for more information about how the parameters are +The SCT_LIST and SCT functions are very similar to the i2d and d2i family of +functions, except that they convert to and from TLS wire format, as described in +RFC 6962. See \fBd2i_SCT_LIST\fR\|(3) for more information about how the parameters are treated and the return values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -167,14 +92,14 @@ \&\fBct\fR\|(7), \&\fBd2i_SCT_LIST\fR\|(3), \&\fBi2d_SCT_LIST\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man3/s2i_ASN1_IA5STRING.3.orig +++ secure/lib/libcrypto/man/man3/s2i_ASN1_IA5STRING.3 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "S2I_ASN1_IA5STRING 3ossl" -.TH S2I_ASN1_IA5STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH S2I_ASN1_IA5STRING 3ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME i2s_ASN1_IA5STRING, s2i_ASN1_IA5STRING, i2s_ASN1_INTEGER, @@ -150,7 +75,7 @@ i2s_ASN1_UTF8STRING, s2i_ASN1_UTF8STRING \&\- convert objects from/to ASN.1/string representation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -173,58 +98,58 @@ \& ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, \& X509V3_CTX *ctx, const char *str); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -These functions convert OpenSSL objects to and from their \s-1ASN\s0.1/string +These functions convert OpenSSL objects to and from their ASN.1/string representation. This function is used for \fBX509v3\fR extensions. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The letters \fBi\fR and \fBs\fR in \fBi2s\fR and \fBs2i\fR stand for -\&\*(L"internal\*(R" (that is, an internal C structure) and string respectively. +"internal" (that is, an internal C structure) and string respectively. So \fBi2s_ASN1_IA5STRING\fR() converts from internal to string. .PP -It is the caller's responsibility to free the returned string. +It is the caller\*(Aqs responsibility to free the returned string. In the \fBi2s_ASN1_IA5STRING\fR() function the string is copied and the ownership of the original string remains with the caller. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBi2s_ASN1_IA5STRING\fR() returns the pointer to a \s-1IA5\s0 string -or \s-1NULL\s0 if an error occurs. +\&\fBi2s_ASN1_IA5STRING\fR() returns the pointer to a IA5 string +or NULL if an error occurs. .PP \&\fBs2i_ASN1_IA5STRING\fR() return a valid -\&\fB\s-1ASN1_IA5STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +\&\fBASN1_IA5STRING\fR structure or NULL if an error occurs. .PP \&\fBi2s_ASN1_INTEGER\fR() return a valid -string or \s-1NULL\s0 if an error occurs. +string or NULL if an error occurs. .PP -\&\fBs2i_ASN1_INTEGER\fR() returns the pointer to a \fB\s-1ASN1_INTEGER\s0\fR -structure or \s-1NULL\s0 if an error occurs. +\&\fBs2i_ASN1_INTEGER\fR() returns the pointer to a \fBASN1_INTEGER\fR +structure or NULL if an error occurs. .PP -\&\fBi2s_ASN1_OCTET_STRING\fR() returns the pointer to a \s-1OCTET_STRING\s0 string -or \s-1NULL\s0 if an error occurs. +\&\fBi2s_ASN1_OCTET_STRING\fR() returns the pointer to a OCTET_STRING string +or NULL if an error occurs. .PP \&\fBs2i_ASN1_OCTET_STRING\fR() return a valid -\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +\&\fBASN1_OCTET_STRING\fR structure or NULL if an error occurs. .PP \&\fBi2s_ASN1_ENUMERATED\fR() return a valid -string or \s-1NULL\s0 if an error occurs. +string or NULL if an error occurs. .PP -\&\fBs2i_ASN1_ENUMERATED\fR() returns the pointer to a \fB\s-1ASN1_ENUMERATED\s0\fR -structure or \s-1NULL\s0 if an error occurs. +\&\fBs2i_ASN1_ENUMERATED\fR() returns the pointer to a \fBASN1_ENUMERATED\fR +structure or NULL if an error occurs. .PP \&\fBs2i_ASN1_UTF8STRING\fR() return a valid -\&\fB\s-1ASN1_UTF8STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +\&\fBASN1_UTF8STRING\fR structure or NULL if an error occurs. .PP -\&\fBi2s_ASN1_UTF8STRING\fR() returns the pointer to a \s-1UTF\-8\s0 string -or \s-1NULL\s0 if an error occurs. -.SH "HISTORY" +\&\fBi2s_ASN1_UTF8STRING\fR() returns the pointer to a UTF\-8 string +or NULL if an error occurs. +.SH HISTORY .IX Header "HISTORY" \&\fBi2s_ASN1_UTF8STRING()\fR and \fBs2i_ASN1_UTF8STRING()\fR were made public in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man5/config.5.orig +++ secure/lib/libcrypto/man/man5/config.5 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CONFIG 5ossl" -.TH CONFIG 5ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CONFIG 5ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME config \- OpenSSL CONF library configuration files -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This page documents the syntax of OpenSSL configuration files, as parsed by \fBNCONF_load\fR\|(3) and related functions. @@ -151,15 +76,15 @@ files, and subsequent sections describe the semantics of individual modules. Other modules are described in \fBfips_config\fR\|(5) and \&\fBx509v3_config\fR\|(5). -The syntax for defining \s-1ASN.1\s0 values is described in +The syntax for defining ASN.1 values is described in \&\fBASN1_generate_nconf\fR\|(3). -.SH "SYNTAX" +.SH SYNTAX .IX Header "SYNTAX" A configuration file is a series of lines. Blank lines, and whitespace between the elements of a line, have no significance. A comment starts with a \fB#\fR character; the rest of the line is ignored. If the \fB#\fR -is the first non-space character in a line, the entire line is ignored. -.SS "Directives" +is the first non\-space character in a line, the entire line is ignored. +.SS Directives .IX Subsection "Directives" Two directives can be used to control the parsing of configuration files: \&\fB.include\fR and \fB.pragma\fR. @@ -178,14 +103,14 @@ that point. Included files can have \fB.include\fR statements that specify other files. If \fBpathname\fR is a directory, all files within that directory that have a \f(CW\*(C`.cnf\*(C'\fR or \f(CW\*(C`.conf\*(C'\fR extension will be included. (This is only -available on systems with \s-1POSIX IO\s0 support.) Any sub-directories found +available on systems with POSIX IO support.) Any sub\-directories found inside the \fBpathname\fR are \fBignored\fR. Similarly, if a file is opened while scanning a directory, and that file has an \fB.include\fR directive that specifies a directory, that is also ignored. .PP As a general rule, the \fBpathname\fR should be an absolute path; this can be enforced with the \fBabspath\fR and \fBincludedir\fR pragmas, described below. -The environment variable \fB\s-1OPENSSL_CONF_INCLUDE\s0\fR, if it exists, +The environment variable \fBOPENSSL_CONF_INCLUDE\fR, if it exists, is prepended to all relative pathnames. If the pathname is still relative, it is interpreted based on the current working directory. @@ -213,7 +138,7 @@ The default behavior, where the \fBvalue\fR is \fBfalse\fR or \fBoff\fR, is to treat the dollarsign as indicating a variable name; \f(CW\*(C`foo$bar\*(C'\fR is interpreted as \&\f(CW\*(C`foo\*(C'\fR followed by the expansion of the variable \f(CW\*(C`bar\*(C'\fR. If \fBvalue\fR is -\&\fBtrue\fR or \fBon\fR, then \f(CW\*(C`foo$bar\*(C'\fR is a single seven-character name and +\&\fBtrue\fR or \fBon\fR, then \f(CW\*(C`foo$bar\*(C'\fR is a single seven\-character name and variable expansions must be specified using braces or parentheses. .PP .Vb 1 @@ -221,10 +146,10 @@ .Ve .PP If a relative pathname is specified in the \fB.include\fR directive, and -the \fB\s-1OPENSSL_CONF_INCLUDE\s0\fR environment variable doesn't exist, then +the \fBOPENSSL_CONF_INCLUDE\fR environment variable doesn\*(Aqt exist, then the value of the \fBincludedir\fR pragma, if it exists, is prepended to the pathname. -.SS "Settings" +.SS Settings .IX Subsection "Settings" A configuration file is divided into a number of \fIsections\fR. A section begins with the section name in square brackets, and ends when a new @@ -238,7 +163,7 @@ looked up, it is first looked up in the current or named section, and then the default section if necessary. .PP -The environment is mapped onto a section called \fB\s-1ENV\s0\fR. +The environment is mapped onto a section called \fBENV\fR. .PP Within a section are a series of name/value assignments, described in more detail below. As a reminder, the square brackets shown in this example @@ -284,12 +209,12 @@ This can be worked around by specifying a default value in the \fBdefault\fR section before the variable is used. .PP -Any name/value settings in an \fB\s-1ENV\s0\fR section are available +Any name/value settings in an \fBENV\fR section are available to the configuration file, but are not propagated to the environment. .PP It is an error if the value ends up longer than 64k. .PP -It is possible to escape certain characters by using a single \fB'\fR or +It is possible to escape certain characters by using a single \fB\*(Aq\fR or double \fB"\fR quote around the value, or using a backslash \fB\e\fR before the character, By making the last character of a line a \fB\e\fR @@ -302,7 +227,7 @@ .IX Header "OPENSSL LIBRARY CONFIGURATION" The sections below use the informal term \fImodule\fR to refer to a part of the OpenSSL functionality. This is not the same as the formal term -\&\fI\s-1FIPS\s0 module\fR, for example. +\&\fIFIPS module\fR, for example. .PP The OpenSSL configuration looks up the value of \fBopenssl_conf\fR in the default section and takes that as the name of a section that specifies @@ -351,18 +276,18 @@ \& ... random properties here ... .Ve .PP -The semantics of each module are described below. The phrase \*(L"in the -initialization section\*(R" refers to the section identified by the +The semantics of each module are described below. The phrase "in the +initialization section" refers to the section identified by the \&\fBopenssl_conf\fR or other name (given as \fBopenssl_init\fR in the example above). The examples below assume the configuration above is used to specify the individual sections. -.SS "\s-1ASN.1\s0 Object Identifier Configuration" +.SS "ASN.1 Object Identifier Configuration" .IX Subsection "ASN.1 Object Identifier Configuration" The name \fBoid_section\fR in the initialization section names the section -containing name/value pairs of \s-1OID\s0's. +containing name/value pairs of OID\*(Aqs. The name is the short name; the value is an optional long name followed by a comma, and the numeric value. -While some OpenSSL commands have their own section for specifying \s-1OID\s0's, +While some OpenSSL commands have their own section for specifying OID\*(Aqs, this section makes them available to all commands and applications. .PP .Vb 4 @@ -385,17 +310,17 @@ \& 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 .Ve .PP -showing that the \s-1OID\s0 \*(L"newoid1\*(R" has been added as \*(L"1.2.3.4.1\*(R". +showing that the OID "newoid1" has been added as "1.2.3.4.1". .SS "Provider Configuration" .IX Subsection "Provider Configuration" The name \fBproviders\fR in the initialization section names the section containing cryptographic provider configuration. The name/value assignments in this section each name a provider, and point to the configuration section -for that provider. The provider-specific section is used to specify how +for that provider. The provider\-specific section is used to specify how to load the module, activate it, and set other parameters. .PP Within a provider section, the following names have meaning: -.IP "\fBidentity\fR" 4 +.IP \fBidentity\fR 4 .IX Item "identity" This is used to specify an alternate name, overriding the default name specified in the list of providers. For example: @@ -407,15 +332,15 @@ \& [foo_provider] \& identity = my_fips_module .Ve -.IP "\fBmodule\fR" 4 +.IP \fBmodule\fR 4 .IX Item "module" Specifies the pathname of the module (typically a shared library) to load. -.IP "\fBactivate\fR" 4 +.IP \fBactivate\fR 4 .IX Item "activate" If present, the module is activated. The value assigned to this name is not significant. .PP -All parameters in the section as well as sub-sections are made +All parameters in the section as well as sub\-sections are made available to the provider. .PP \fIDefault provider and its activation\fR @@ -427,13 +352,13 @@ If you add a section explicitly activating any other provider(s), you most probably need to explicitly activate the default provider, otherwise it becomes unavailable in openssl. It may make the system remotely unavailable. -.SS "\s-1EVP\s0 Configuration" +.SS "EVP Configuration" .IX Subsection "EVP Configuration" The name \fBalg_section\fR in the initialization section names the section -containing algorithmic properties when using the \fB\s-1EVP\s0\fR \s-1API.\s0 +containing algorithmic properties when using the \fBEVP\fR API. .PP Within the algorithm properties section, the following names have meaning: -.IP "\fBdefault_properties\fR" 4 +.IP \fBdefault_properties\fR 4 .IX Item "default_properties" The value may be anything that is acceptable as a property query string for \fBEVP_set_default_properties()\fR. @@ -448,10 +373,10 @@ .Sp If the value is \fBno\fR, nothing happens. Using this name is deprecated, and if used, it must be the only name in the section. -.SS "\s-1SSL\s0 Configuration" +.SS "SSL Configuration" .IX Subsection "SSL Configuration" The name \fBssl_conf\fR in the initialization section names the section -containing the list of \s-1SSL/TLS\s0 configurations. +containing the list of SSL/TLS configurations. As with the providers, each name in this section identifies a section with the configuration for that name. For example: .PP @@ -469,8 +394,8 @@ .Ve .PP The configuration name \fBsystem_default\fR has a special meaning. If it -exists, it is applied whenever an \fB\s-1SSL_CTX\s0\fR object is created. For example, -to impose system-wide minimum \s-1TLS\s0 and \s-1DTLS\s0 protocol versions: +exists, it is applied whenever an \fBSSL_CTX\fR object is created. For example, +to impose system\-wide minimum TLS and DTLS protocol versions: .PP .Vb 3 \& [tls_system_default] @@ -478,12 +403,12 @@ \& MinProtocol = DTLSv1.2 .Ve .PP -The minimum \s-1TLS\s0 protocol is applied to \fB\s-1SSL_CTX\s0\fR objects that are TLS-based, -and the minimum \s-1DTLS\s0 protocol to those are DTLS-based. +The minimum TLS protocol is applied to \fBSSL_CTX\fR objects that are TLS\-based, +and the minimum DTLS protocol to those are DTLS\-based. The same applies also to maximum versions set with \fBMaxProtocol\fR. .PP Each configuration section consists of name/value pairs that are parsed -by \fB\fBSSL_CONF_cmd\fB\|(3)\fR, which will be called by \fBSSL_CTX_config()\fR or +by \fBSSL_CONF_cmd\|(3)\fR, which will be called by \fBSSL_CTX_config()\fR or \&\fBSSL_config()\fR, appropriately. Note that any characters before an initial dot in the configuration section are ignored, so that the same command can be used multiple times. This probably is most useful for loading different @@ -497,14 +422,14 @@ .SS "Engine Configuration" .IX Subsection "Engine Configuration" The name \fBengines\fR in the initialization section names the section -containing the list of \s-1ENGINE\s0 configurations. +containing the list of ENGINE configurations. As with the providers, each name in this section identifies an engine with the configuration for that engine. -The engine-specific section is used to specify how to load the engine, +The engine\-specific section is used to specify how to load the engine, activate it, and set other parameters. .PP Within an engine section, the following names have meaning: -.IP "\fBengine_id\fR" 4 +.IP \fBengine_id\fR 4 .IX Item "engine_id" This is used to specify an alternate name, overriding the default name specified in the list of engines. If present, it must be first. @@ -517,29 +442,29 @@ \& [foo_engine] \& engine_id = myfoo .Ve -.IP "\fBdynamic_path\fR" 4 +.IP \fBdynamic_path\fR 4 .IX Item "dynamic_path" -This loads and adds an \s-1ENGINE\s0 from the given path. It is equivalent to -sending the ctrls \fB\s-1SO_PATH\s0\fR with the path argument followed by \fB\s-1LIST_ADD\s0\fR -with value \fB2\fR and \fB\s-1LOAD\s0\fR to the dynamic \s-1ENGINE.\s0 If this is not the +This loads and adds an ENGINE from the given path. It is equivalent to +sending the ctrls \fBSO_PATH\fR with the path argument followed by \fBLIST_ADD\fR +with value \fB2\fR and \fBLOAD\fR to the dynamic ENGINE. If this is not the required behaviour then alternative ctrls can be sent directly to the -dynamic \s-1ENGINE\s0 using ctrl commands. -.IP "\fBinit\fR" 4 +dynamic ENGINE using ctrl commands. +.IP \fBinit\fR 4 .IX Item "init" -This specifies whether to initialize the \s-1ENGINE.\s0 If the value is \fB0\fR the -\&\s-1ENGINE\s0 will not be initialized, if the value is \fB1\fR an attempt is made +This specifies whether to initialize the ENGINE. If the value is \fB0\fR the +ENGINE will not be initialized, if the value is \fB1\fR an attempt is made to initialize -the \s-1ENGINE\s0 immediately. If the \fBinit\fR command is not present then an -attempt will be made to initialize the \s-1ENGINE\s0 after all commands in its +the ENGINE immediately. If the \fBinit\fR command is not present then an +attempt will be made to initialize the ENGINE after all commands in its section have been processed. -.IP "\fBdefault_algorithms\fR" 4 +.IP \fBdefault_algorithms\fR 4 .IX Item "default_algorithms" -This sets the default algorithms an \s-1ENGINE\s0 will supply using the function +This sets the default algorithms an ENGINE will supply using the function \&\fBENGINE_set_default_string()\fR. .PP All other names are taken to be the name of a ctrl command that is -sent to the \s-1ENGINE,\s0 and the value is the argument passed with the command. -The special value \fB\s-1EMPTY\s0\fR means no value is sent with the command. +sent to the ENGINE, and the value is the argument passed with the command. +The special value \fBEMPTY\fR means no value is sent with the command. For example: .PP .Vb 2 @@ -558,7 +483,7 @@ containing the random number generator settings. .PP Within the random section, the following names have meaning: -.IP "\fBrandom\fR" 4 +.IP \fBrandom\fR 4 .IX Item "random" This is used to specify the random bit generator. For example: @@ -570,39 +495,39 @@ .Sp The available random bit generators are: .RS 4 -.IP "\fBCTR-DRBG\fR" 4 +.IP \fBCTR\-DRBG\fR 4 .IX Item "CTR-DRBG" .PD 0 -.IP "\fBHASH-DRBG\fR" 4 +.IP \fBHASH\-DRBG\fR 4 .IX Item "HASH-DRBG" -.IP "\fBHMAC-DRBG\fR" 4 +.IP \fBHMAC\-DRBG\fR 4 .IX Item "HMAC-DRBG" +.PD .RE .RS 4 .RE -.IP "\fBcipher\fR" 4 +.IP \fBcipher\fR 4 .IX Item "cipher" -.PD -This specifies what cipher a \fBCTR-DRBG\fR random bit generator will use. +This specifies what cipher a \fBCTR\-DRBG\fR random bit generator will use. Other random bit generators ignore this name. -The default value is \fB\s-1AES\-256\-CTR\s0\fR. -.IP "\fBdigest\fR" 4 +The default value is \fBAES\-256\-CTR\fR. +.IP \fBdigest\fR 4 .IX Item "digest" -This specifies what digest the \fBHASH-DRBG\fR or \fBHMAC-DRBG\fR random bit +This specifies what digest the \fBHASH\-DRBG\fR or \fBHMAC\-DRBG\fR random bit generators will use. Other random bit generators ignore this name. -.IP "\fBproperties\fR" 4 +.IP \fBproperties\fR 4 .IX Item "properties" This sets the property query used when fetching the random bit generator and any underlying algorithms. -.IP "\fBseed\fR" 4 +.IP \fBseed\fR 4 .IX Item "seed" -This sets the randomness source that should be used. By default \fBSEED-SRC\fR -will be used outside of the \s-1FIPS\s0 provider. The \s-1FIPS\s0 provider uses call backs +This sets the randomness source that should be used. By default \fBSEED\-SRC\fR +will be used outside of the FIPS provider. The FIPS provider uses call backs to access the same randomness sources from outside the validated boundary. -.IP "\fBseed_properties\fR" 4 +.IP \fBseed_properties\fR 4 .IX Item "seed_properties" This sets the property query used when fetching the randomness source. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" This example shows how to use quoting and escaping. .PP @@ -625,12 +550,12 @@ .PP This example shows how to expand environment variables safely. In this example, the variable \fBtempfile\fR is intended to refer -to a temporary file, and the environment variable \fB\s-1TEMP\s0\fR or -\&\fB\s-1TMP\s0\fR, if present, specify the directory where the file +to a temporary file, and the environment variable \fBTEMP\fR or +\&\fBTMP\fR, if present, specify the directory where the file should be put. Since the default section is checked if a variable does not -exist, it is possible to set \fB\s-1TMP\s0\fR to default to \fI/tmp\fR, and -\&\fB\s-1TEMP\s0\fR to default to \fB\s-1TMP\s0\fR. +exist, it is possible to set \fBTMP\fR to default to \fI/tmp\fR, and +\&\fBTEMP\fR to default to \fBTMP\fR. .PP .Vb 3 \& # These two lines must be in the default section. @@ -641,7 +566,7 @@ \& tmpfile = ${ENV::TEMP}/tmp.filename .Ve .PP -This example shows how to enforce \s-1FIPS\s0 mode for the application +This example shows how to enforce FIPS mode for the application \&\fIsample\fR. .PP .Vb 1 @@ -653,41 +578,41 @@ \& [evp_properties] \& default_properties = "fips=yes" .Ve -.SH "ENVIRONMENT" +.SH ENVIRONMENT .IX Header "ENVIRONMENT" -.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IP \fBOPENSSL_CONF\fR 4 .IX Item "OPENSSL_CONF" The path to the config file, or the empty string for none. -Ignored in set-user-ID and set-group-ID programs. -.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +Ignored in set\-user\-ID and set\-group\-ID programs. +.IP \fBOPENSSL_ENGINES\fR 4 .IX Item "OPENSSL_ENGINES" The path to the engines directory. -Ignored in set-user-ID and set-group-ID programs. -.IP "\fB\s-1OPENSSL_MODULES\s0\fR" 4 +Ignored in set\-user\-ID and set\-group\-ID programs. +.IP \fBOPENSSL_MODULES\fR 4 .IX Item "OPENSSL_MODULES" The path to the directory with OpenSSL modules, such as providers. -Ignored in set-user-ID and set-group-ID programs. -.IP "\fB\s-1OPENSSL_CONF_INCLUDE\s0\fR" 4 +Ignored in set\-user\-ID and set\-group\-ID programs. +.IP \fBOPENSSL_CONF_INCLUDE\fR 4 .IX Item "OPENSSL_CONF_INCLUDE" The optional path to prepend to all \fB.include\fR paths. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" There is no way to include characters using the octal \fB\ennn\fR form. Strings are all null terminated so nulls cannot form part of the value. .PP -The escaping isn't quite right: if you want to use sequences like \fB\en\fR -you can't use any quote escaping on the same line. +The escaping isn\*(Aqt quite right: if you want to use sequences like \fB\en\fR +you can\*(Aqt use any quote escaping on the same line. .PP The limit that only one directory can be opened and read at a time can be considered a bug and should be fixed. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -An undocumented \s-1API, \fBNCONF_WIN32\s0()\fR, used a slightly different set +An undocumented API, \fBNCONF_WIN32()\fR, used a slightly different set of parsing rules there were intended to be tailored to the Microsoft Windows platform. Specifically, the backslash character was not an escape character and -could be used in pathnames, only the double-quote character was recognized, -and comments began with a semi-colon. +could be used in pathnames, only the double\-quote character was recognized, +and comments began with a semi\-colon. This function was deprecated in OpenSSL 3.0; applications with configuration files using that syntax will have to be modified. .SH "SEE ALSO" @@ -700,11 +625,11 @@ \&\fBCONF_modules_load_file\fR\|(3), \&\fBfips_config\fR\|(5), and \&\fBx509v3_config\fR\|(5). -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man5/fips_config.5.orig +++ secure/lib/libcrypto/man/man5/fips_config.5 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,139 +53,80 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "FIPS_CONFIG 5ossl" -.TH FIPS_CONFIG 5ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH FIPS_CONFIG 5ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME fips_config \- OpenSSL FIPS configuration -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" A separate configuration file, using the OpenSSL \fBconfig\fR\|(5) syntax, -is used to hold information about the \s-1FIPS\s0 module. This includes a digest -of the shared library file, and status about the self-testing. +is used to hold information about the FIPS module. This includes a digest +of the shared library file, and status about the self\-testing. This data is used automatically by the module itself for two purposes: -.IP "\- Run the startup \s-1FIPS\s0 self-test known answer tests (\s-1KATS\s0)." 4 +.IP "\- Run the startup FIPS self\-test known answer tests (KATS)." 4 .IX Item "- Run the startup FIPS self-test known answer tests (KATS)." This is normally done once, at installation time, but may also be set up to run each time the module is used. -.IP "\- Verify the module's checksum." 4 +.IP "\- Verify the module\*(Aqs checksum." 4 .IX Item "- Verify the module's checksum." This is done each time the module is used. .PP This file is generated by the \fBopenssl\-fipsinstall\fR\|(1) program, and -used internally by the \s-1FIPS\s0 module during its initialization. +used internally by the FIPS module during its initialization. .PP The following options are supported. They should all appear in a section whose name is identified by the \fBfips\fR option in the \fBproviders\fR -section, as described in \*(L"Provider Configuration Module\*(R" in \fBconfig\fR\|(5). -.IP "\fBactivate\fR" 4 +section, as described in "Provider Configuration Module" in \fBconfig\fR\|(5). +.IP \fBactivate\fR 4 .IX Item "activate" If present, the module is activated. The value assigned to this name is not significant. -.IP "\fBinstall-version\fR" 4 +.IP \fBinstall\-version\fR 4 .IX Item "install-version" A version number for the fips install process. Should be 1. -.IP "\fBconditional-errors\fR" 4 +.IP \fBconditional\-errors\fR 4 .IX Item "conditional-errors" -The \s-1FIPS\s0 module normally enters an internal error mode if any self test fails. +The FIPS module normally enters an internal error mode if any self test fails. Once this error mode is active, no services or cryptographic algorithms are accessible from this point on. Continuous tests are a subset of the self tests (e.g., a key pair test during key -generation, or the \s-1CRNG\s0 output test). +generation, or the CRNG output test). Setting this value to \f(CW0\fR allows the error mode to not be triggered if any continuous test fails. The default value of \f(CW1\fR will trigger the error mode. Regardless of the value, the operation (e.g., key generation) that called the continuous test will return an error code if its continuous test fails. The operation may then be retried if the error mode has not been triggered. -.IP "\fBsecurity-checks\fR" 4 +.IP \fBsecurity\-checks\fR 4 .IX Item "security-checks" -This indicates if run-time checks related to enforcement of security parameters +This indicates if run\-time checks related to enforcement of security parameters such as minimum security strength of keys and approved curve names are used. -A value of '1' will perform the checks, otherwise if the value is '0' the checks -are not performed and \s-1FIPS\s0 compliance must be done by procedures documented in +A value of \*(Aq1\*(Aq will perform the checks, otherwise if the value is \*(Aq0\*(Aq the checks +are not performed and FIPS compliance must be done by procedures documented in the relevant Security Policy. -.IP "\fBmodule-mac\fR" 4 +.IP \fBmodule\-mac\fR 4 .IX Item "module-mac" -The calculated \s-1MAC\s0 of the \s-1FIPS\s0 provider file. -.IP "\fBinstall-status\fR" 4 +The calculated MAC of the FIPS provider file. +.IP \fBinstall\-status\fR 4 .IX Item "install-status" -An indicator that the self-tests were successfully run. +An indicator that the self\-tests were successfully run. This should only be written after the module has successfully passed its self tests during installation. If this field is not present, then the self tests will run when the module loads. -.IP "\fBinstall-mac\fR" 4 +.IP \fBinstall\-mac\fR 4 .IX Item "install-mac" -A \s-1MAC\s0 of the value of the \fBinstall-status\fR option, to prevent accidental +A MAC of the value of the \fBinstall\-status\fR option, to prevent accidental changes to that value. -It is written-to at the same time as \fBinstall-status\fR is updated. +It is written\-to at the same time as \fBinstall\-status\fR is updated. .PP For example: .PP @@ -215,24 +140,24 @@ \& install\-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C \& install\-status = INSTALL_SELF_TEST_KATS_RUN .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When using the \s-1FIPS\s0 provider, it is recommended that the +When using the FIPS provider, it is recommended that the \&\fBconfig_diagnostics\fR option is enabled to prevent accidental use of -non-FIPS validated algorithms via broken or mistaken configuration. +non\-FIPS validated algorithms via broken or mistaken configuration. See \fBconfig\fR\|(5). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5) \&\fBopenssl\-fipsinstall\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man5/x509v3_config.5.orig +++ secure/lib/libcrypto/man/man5/x509v3_config.5 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 5ossl" -.TH X509V3_CONFIG 5ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509V3_CONFIG 5ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME x509v3_config \- X509 V3 certificate extension configuration format -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Several OpenSSL commands can add extensions to a certificate or certificate request based on the contents of a configuration file -and \s-1CLI\s0 options such as \fB\-addext\fR. +and CLI options such as \fB\-addext\fR. The syntax of configuration files is described in \fBconfig\fR\|(5). The commands typically have an option to specify the name of the configuration file, and a section within that file; see the documentation of the @@ -165,7 +90,7 @@ later entries override earlier ones with the same name. .PP The format of \fBvalues\fR depends on the value of \fBname\fR, many have a -type-value pairing where the type and value are separated by a colon. +type\-value pairing where the type and value are separated by a colon. There are four main types of extension: .PP .Vb 4 @@ -180,8 +105,8 @@ String extensions simply have a string which contains either the value itself or how it is obtained. .PP -Multi-valued extensions have a short form and a long form. The short form -is a comma-separated list of names and values: +Multi\-valued extensions have a short form and a long form. The short form +is a comma\-separated list of names and values: .PP .Vb 1 \& basicConstraints = critical, CA:true, pathlen:1 @@ -200,7 +125,7 @@ .PP Both forms are equivalent. .PP -If an extension is multi-value and a field value must contain a comma the long +If an extension is multi\-value and a field value must contain a comma the long form must be used otherwise the comma would be misinterpreted as a field separator. For example: .PP @@ -246,19 +171,19 @@ .PP The syntax of raw extensions is defined by the source code that parses the extension but should be documented. -See \*(L"Certificate Policies\*(R" for an example of a raw extension. +See "Certificate Policies" for an example of a raw extension. .PP If an extension type is unsupported, then the \fIarbitrary\fR extension syntax -must be used, see the \*(L"\s-1ARBITRARY EXTENSIONS\*(R"\s0 section for more details. +must be used, see the "ARBITRARY EXTENSIONS" section for more details. .SH "STANDARD EXTENSIONS" .IX Header "STANDARD EXTENSIONS" The following sections describe the syntax of each supported extension. They do not define the semantics of the extension. .SS "Basic Constraints" .IX Subsection "Basic Constraints" -This is a multi-valued extension which indicates whether a certificate is -a \s-1CA\s0 certificate. The first value is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or -\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by a +This is a multi\-valued extension which indicates whether a certificate is +a CA certificate. The first value is \fBCA\fR followed by \fBTRUE\fR or +\&\fBFALSE\fR. If \fBCA\fR is \fBTRUE\fR then an optional \fBpathlen\fR name followed by a nonnegative value can be included. .PP For example: @@ -271,15 +196,15 @@ \& basicConstraints = critical, CA:TRUE, pathlen:1 .Ve .PP -A \s-1CA\s0 certificate \fImust\fR include the \fBbasicConstraints\fR name with the \fB\s-1CA\s0\fR -parameter set to \fB\s-1TRUE\s0\fR. An end-user certificate must either have \fB\s-1CA:FALSE\s0\fR +A CA certificate \fImust\fR include the \fBbasicConstraints\fR name with the \fBCA\fR +parameter set to \fBTRUE\fR. An end\-user certificate must either have \fBCA:FALSE\fR or omit the extension entirely. The \fBpathlen\fR parameter specifies the maximum number of CAs that can appear -below this one in a chain. A \fBpathlen\fR of zero means the \s-1CA\s0 cannot sign -any sub-CA's, and can only sign end-entity certificates. +below this one in a chain. A \fBpathlen\fR of zero means the CA cannot sign +any sub\-CA\*(Aqs, and can only sign end\-entity certificates. .SS "Key Usage" .IX Subsection "Key Usage" -Key usage is a multi-valued extension consisting of a list of names of +Key usage is a multi\-valued extension consisting of a list of names of the permitted key usages. The defined values are: \f(CW\*(C`digitalSignature\*(C'\fR, \&\f(CW\*(C`nonRepudiation\*(C'\fR, \f(CW\*(C`keyEncipherment\*(C'\fR, \f(CW\*(C`dataEncipherment\*(C'\fR, \f(CW\*(C`keyAgreement\*(C'\fR, \&\f(CW\*(C`keyCertSign\*(C'\fR, \f(CW\*(C`cRLSign\*(C'\fR, \f(CW\*(C`encipherOnly\*(C'\fR, and \f(CW\*(C`decipherOnly\*(C'\fR. @@ -295,7 +220,7 @@ .IX Subsection "Extended Key Usage" This extension consists of a list of values indicating purposes for which the certificate public key can be used. -Each value can be either a short text name or an \s-1OID.\s0 +Each value can be either a short text name or an OID. The following text names, and their intended meaning, are known: .PP .Vb 10 @@ -314,8 +239,8 @@ \& msEFS Microsoft Encrypted File System .Ve .PP -While \s-1IETF RFC 5280\s0 says that \fBid-kp-serverAuth\fR and \fBid-kp-clientAuth\fR -are only for \s-1WWW\s0 use, in practice they are used for all kinds of \s-1TLS\s0 clients +While IETF RFC 5280 says that \fBid\-kp\-serverAuth\fR and \fBid\-kp\-clientAuth\fR +are only for WWW use, in practice they are used for all kinds of TLS clients and servers, and this is what OpenSSL assumes as well. .PP Examples: @@ -327,12 +252,12 @@ .Ve .SS "Subject Key Identifier" .IX Subsection "Subject Key Identifier" -The \s-1SKID\s0 extension specification has a value with three choices. -If the value is the word \fBnone\fR then no \s-1SKID\s0 extension will be included. +The SKID extension specification has a value with three choices. +If the value is the word \fBnone\fR then no SKID extension will be included. If the value is the word \fBhash\fR, or by default for the \fBx509\fR, \fBreq\fR, and -\&\fBca\fR apps, the process specified in \s-1RFC 5280\s0 section 4.2.1.2. (1) is followed: -The keyIdentifier is composed of the 160\-bit \s-1SHA\-1\s0 hash of the value of the \s-1BIT -STRING\s0 subjectPublicKey (excluding the tag, length, and number of unused bits). +\&\fBca\fR apps, the process specified in RFC 5280 section 4.2.1.2. (1) is followed: +The keyIdentifier is composed of the 160\-bit SHA\-1 hash of the value of the BIT +STRING subjectPublicKey (excluding the tag, length, and number of unused bits). .PP Otherwise, the value must be a hex string (possibly with \f(CW\*(C`:\*(C'\fR separating bytes) to output directly, however, this is strongly discouraged. @@ -344,26 +269,26 @@ .Ve .SS "Authority Key Identifier" .IX Subsection "Authority Key Identifier" -The \s-1AKID\s0 extension specification may have the value \fBnone\fR -indicating that no \s-1AKID\s0 shall be included. +The AKID extension specification may have the value \fBnone\fR +indicating that no AKID shall be included. Otherwise it may have the value \fBkeyid\fR or \fBissuer\fR or both of them, separated by \f(CW\*(C`,\*(C'\fR. Either or both can have the option \fBalways\fR, indicated by putting a colon \f(CW\*(C`:\*(C'\fR between the value and this option. -For self-signed certificates the \s-1AKID\s0 is suppressed unless \fBalways\fR is present. +For self\-signed certificates the AKID is suppressed unless \fBalways\fR is present. By default the \fBx509\fR, \fBreq\fR, and \fBca\fR apps behave as if -\&\*(L"none\*(R" was given for self-signed certificates and \*(L"keyid, issuer\*(R" otherwise. +"none" was given for self\-signed certificates and "keyid, issuer" otherwise. .PP If \fBkeyid\fR is present, an attempt is made to -copy the subject key identifier (\s-1SKID\s0) from the issuer certificate except if -the issuer certificate is the same as the current one and it is not self-signed. +copy the subject key identifier (SKID) from the issuer certificate except if +the issuer certificate is the same as the current one and it is not self\-signed. The hash of the public key related to the signing key is taken as fallback if the issuer certificate is the same as the current certificate. If \fBalways\fR is present but no value can be obtained, an error is returned. .PP If \fBissuer\fR is present, and in addition it has the option \fBalways\fR specified or \fBkeyid\fR is not present, -then the issuer \s-1DN\s0 and serial number are copied from the issuer certificate. +then the issuer DN and serial number are copied from the issuer certificate. .PP Examples: .PP @@ -374,13 +299,13 @@ .Ve .SS "Subject Alternative Name" .IX Subsection "Subject Alternative Name" -This is a multi-valued extension that supports several types of name +This is a multi\-valued extension that supports several types of name identifier, including \&\fBemail\fR (an email address), -\&\fB\s-1URI\s0\fR (a uniform resource indicator), -\&\fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), -\&\fB\s-1RID\s0\fR (a registered \s-1ID: OBJECT IDENTIFIER\s0), -\&\fB\s-1IP\s0\fR (an \s-1IP\s0 address), +\&\fBURI\fR (a uniform resource indicator), +\&\fBDNS\fR (a DNS domain name), +\&\fBRID\fR (a registered ID: OBJECT IDENTIFIER), +\&\fBIP\fR (an IP address), \&\fBdirName\fR (a distinguished name), and \fBotherName\fR. The syntax of each is described in the following paragraphs. @@ -391,14 +316,14 @@ \&\f(CW\*(C`move\*(C'\fR will automatically move any email addresses from the certificate subject name to the extension. .PP -The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR option can be in either IPv4 or IPv6 format. +The IP address used in the \fBIP\fR option can be in either IPv4 or IPv6 format. .PP The value of \fBdirName\fR is specifies the configuration section containing -the distinguished name to use, as a set of name-value pairs. -Multi-valued AVAs can be formed by prefacing the name with a \fB+\fR character. +the distinguished name to use, as a set of name\-value pairs. +Multi\-valued AVAs can be formed by prefacing the name with a \fB+\fR character. .PP -The value of \fBotherName\fR can include arbitrary data associated with an \s-1OID\s0; -the value should be the \s-1OID\s0 followed by a semicolon and the content in specified +The value of \fBotherName\fR can include arbitrary data associated with an OID; +the value should be the OID followed by a semicolon and the content in specified using the syntax in \fBASN1_generate_nconf\fR\|(3). .PP Examples: @@ -424,8 +349,8 @@ \& CN = My Name .Ve .PP -Non-ASCII Email Address conforming the syntax defined in Section 3.3 of \s-1RFC 6531\s0 -are provided as otherName.SmtpUTF8Mailbox. According to \s-1RFC 8398,\s0 the email +Non\-ASCII Email Address conforming the syntax defined in Section 3.3 of RFC 6531 +are provided as otherName.SmtpUTF8Mailbox. According to RFC 8398, the email address should be provided as UTF8String. To enforce the valid representation in the certificate, the SmtpUTF8Mailbox should be provided as follows .PP @@ -449,16 +374,16 @@ .SS "Authority Info Access" .IX Subsection "Authority Info Access" This extension gives details about how to retrieve information that -related to the certificate that the \s-1CA\s0 makes available. The syntax is +related to the certificate that the CA makes available. The syntax is \&\fBaccess_id;location\fR, where \fBaccess_id\fR is an object identifier -(although only a few values are well-known) and \fBlocation\fR has the same +(although only a few values are well\-known) and \fBlocation\fR has the same syntax as subject alternative name (except that \fBemail:copy\fR is not supported). .PP -Possible values for access_id include \fB\s-1OCSP\s0\fR (\s-1OCSP\s0 responder), -\&\fBcaIssuers\fR (\s-1CA\s0 Issuers), -\&\fBad_timestamping\fR (\s-1AD\s0 Time Stamping), -\&\fB\s-1AD_DVCS\s0\fR (ad dvcs), -\&\fBcaRepository\fR (\s-1CA\s0 Repository). +Possible values for access_id include \fBOCSP\fR (OCSP responder), +\&\fBcaIssuers\fR (CA Issuers), +\&\fBad_timestamping\fR (AD Time Stamping), +\&\fBAD_DVCS\fR (ad dvcs), +\&\fBcaRepository\fR (CA Repository). .PP Examples: .PP @@ -467,32 +392,32 @@ \& \& authorityInfoAccess = OCSP;URI:http://ocsp.example.com/ .Ve -.SS "\s-1CRL\s0 distribution points" +.SS "CRL distribution points" .IX Subsection "CRL distribution points" -This is a multi-valued extension whose values can be either a name-value +This is a multi\-valued extension whose values can be either a name\-value pair using the same form as subject alternative name or a single value specifying the section name containing all the distribution point values. .PP -When a name-value pair is used, a DistributionPoint extension will +When a name\-value pair is used, a DistributionPoint extension will be set with the given value as the fullName field as the distributionPoint value, and the reasons and cRLIssuer fields will be omitted. .PP When a single option is used, the value specifies the section, and that section can have the following items: -.IP "fullname" 4 +.IP fullname 4 .IX Item "fullname" The full name of the distribution point, in the same format as the subject alternative name. -.IP "relativename" 4 +.IP relativename 4 .IX Item "relativename" The value is taken as a distinguished name fragment that is set as the value of the nameRelativeToCRLIssuer field. -.IP "CRLIssuer" 4 +.IP CRLIssuer 4 .IX Item "CRLIssuer" The value must in the same format as the subject alternative name. -.IP "reasons" 4 +.IP reasons 4 .IX Item "reasons" -A multi-value field that contains the reasons for revocation. The recognized +A multi\-value field that contains the reasons for revocation. The recognized values are: \f(CW\*(C`keyCompromise\*(C'\fR, \f(CW\*(C`CACompromise\*(C'\fR, \f(CW\*(C`affiliationChanged\*(C'\fR, \&\f(CW\*(C`superseded\*(C'\fR, \f(CW\*(C`cessationOfOperation\*(C'\fR, \f(CW\*(C`certificateHold\*(C'\fR, \&\f(CW\*(C`privilegeWithdrawn\*(C'\fR, and \f(CW\*(C`AACompromise\*(C'\fR. @@ -525,20 +450,20 @@ .Ve .SS "Issuing Distribution Point" .IX Subsection "Issuing Distribution Point" -This extension should only appear in CRLs. It is a multi-valued extension -whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution +This extension should only appear in CRLs. It is a multi\-valued extension +whose syntax is similar to the "section" pointed to by the CRL distribution points extension. The following names have meaning: -.IP "fullname" 4 +.IP fullname 4 .IX Item "fullname" The full name of the distribution point, in the same format as the subject alternative name. -.IP "relativename" 4 +.IP relativename 4 .IX Item "relativename" The value is taken as a distinguished name fragment that is set as the value of the nameRelativeToCRLIssuer field. -.IP "onlysomereasons" 4 +.IP onlysomereasons 4 .IX Item "onlysomereasons" -A multi-value field that contains the reasons for revocation. The recognized +A multi\-value field that contains the reasons for revocation. The recognized values are: \f(CW\*(C`keyCompromise\*(C'\fR, \f(CW\*(C`CACompromise\*(C'\fR, \f(CW\*(C`affiliationChanged\*(C'\fR, \&\f(CW\*(C`superseded\*(C'\fR, \f(CW\*(C`cessationOfOperation\*(C'\fR, \f(CW\*(C`certificateHold\*(C'\fR, \&\f(CW\*(C`privilegeWithdrawn\*(C'\fR, and \f(CW\*(C`AACompromise\*(C'\fR. @@ -562,17 +487,17 @@ This is a \fIraw\fR extension that supports all of the defined fields of the certificate extension. .PP -Policies without qualifiers are specified by giving the \s-1OID.\s0 -Multiple policies are comma-separated. For example: +Policies without qualifiers are specified by giving the OID. +Multiple policies are comma\-separated. For example: .PP .Vb 1 \& certificatePolicies = 1.2.4.5, 1.1.3.4 .Ve .PP -To include policy qualifiers, use the \*(L"@section\*(R" syntax to point to a +To include policy qualifiers, use the "@section" syntax to point to a section that specifies all the information. .PP -The section referred to must include the policy \s-1OID\s0 using the name +The section referred to must include the policy OID using the name \&\fBpolicyIdentifier\fR. cPSuri qualifiers can be included using the syntax: .PP .Vb 1 @@ -591,7 +516,7 @@ This section can include \fBexplicitText\fR, \fBorganization\fR, and \fBnoticeNumbers\fR options. explicitText and organization are text strings, noticeNumbers is a comma separated list of numbers. The organization and noticeNumbers options -(if included) must \s-1BOTH\s0 be present. Some software might require +(if included) must BOTH be present. Some software might require the \fBia5org\fR option at the top level; this changes the encoding from Displaytext to IA5String. .PP @@ -614,7 +539,7 @@ .Ve .PP The character encoding of explicitText can be specified by prefixing the -value with \fB\s-1UTF8\s0\fR, \fB\s-1BMP\s0\fR, or \fB\s-1VISIBLE\s0\fR followed by colon. For example: +value with \fBUTF8\fR, \fBBMP\fR, or \fBVISIBLE\fR followed by colon. For example: .PP .Vb 2 \& [notice] @@ -622,7 +547,7 @@ .Ve .SS "Policy Constraints" .IX Subsection "Policy Constraints" -This is a multi-valued extension which consisting of the names +This is a multi\-valued extension which consisting of the names \&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative integer value. At least one component must be present. .PP @@ -642,11 +567,11 @@ .Ve .SS "Name Constraints" .IX Subsection "Name Constraints" -This is a multi-valued extension. The name should +This is a multi\-valued extension. The name should begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of the name and the value follows the syntax of subjectAltName except \&\fBemail:copy\fR -is not supported and the \fB\s-1IP\s0\fR form should consist of an \s-1IP\s0 addresses and +is not supported and the \fBIP\fR form should consist of an IP addresses and subnet mask separated by a \fB/\fR. .PP Examples: @@ -658,7 +583,7 @@ \& \& nameConstraints = excluded;email:.com .Ve -.SS "\s-1OCSP\s0 No Check" +.SS "OCSP No Check" .IX Subsection "OCSP No Check" This is a string extension. It is parsed, but ignored. .PP @@ -667,11 +592,11 @@ .Vb 1 \& noCheck = ignored .Ve -.SS "\s-1TLS\s0 Feature (aka Must Staple)" +.SS "TLS Feature (aka Must Staple)" .IX Subsection "TLS Feature (aka Must Staple)" -This is a multi-valued extension consisting of a list of \s-1TLS\s0 extension +This is a multi\-valued extension consisting of a list of TLS extension identifiers. Each identifier may be a number (0..65535) or a supported name. -When a \s-1TLS\s0 client sends a listed extension, the \s-1TLS\s0 server is expected to +When a TLS client sends a listed extension, the TLS server is expected to include that extension in its reply. .PP The supported names are: \fBstatus_request\fR and \fBstatus_request_v2\fR. @@ -694,7 +619,7 @@ and \fBnsSslServerName\fR. .SS "Netscape Certificate Type" .IX Subsection "Netscape Certificate Type" -This is a multi-valued extensions which consists of a list of flags to be +This is a multi\-valued extensions which consists of a list of flags to be included. It was used to indicate the purposes for which a certificate could be used. The basicConstraints, keyUsage and extended key usage extensions are now used instead. @@ -710,7 +635,7 @@ .PP There are two ways to encode arbitrary extensions. .PP -The first way is to use the word \s-1ASN1\s0 followed by the extension content +The first way is to use the word ASN1 followed by the extension content using the same syntax as \fBASN1_generate_nconf\fR\|(3). For example: .PP @@ -724,7 +649,7 @@ \& field2 = UTF8:field2 .Ve .PP -It is also possible to use the word \s-1DER\s0 to include the raw encoded data in any +It is also possible to use the word DER to include the raw encoded data in any extension. .PP .Vb 2 @@ -732,31 +657,31 @@ \& 1.2.3.4.1 = DER:01020304 .Ve .PP -The value following \s-1DER\s0 is a hex dump of the \s-1DER\s0 encoding of the extension +The value following DER is a hex dump of the DER encoding of the extension Any extension can be placed in this form to override the default behaviour. For example: .PP .Vb 1 \& basicConstraints = critical, DER:00:01:02:03 .Ve -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" There is no guarantee that a specific implementation will process a given extension. It may therefore be sometimes possible to use certificates for purposes prohibited by their extensions because a specific application does not recognize or honour the values of the relevant extensions. .PP -The \s-1DER\s0 and \s-1ASN1\s0 options should be used with caution. It is possible to create +The DER and ASN1 options should be used with caution. It is possible to create invalid extensions if they are not used carefully. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-req\fR\|(1), \fBopenssl\-ca\fR\|(1), \fBopenssl\-x509\fR\|(1), \&\fBASN1_generate_nconf\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_ASYM_CIPHER-RSA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_ASYM_CIPHER-RSA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,165 +53,93 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_ASYM_CIPHER-RSA 7ossl" -.TH EVP_ASYM_CIPHER-RSA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_ASYM_CIPHER-RSA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_ASYM_CIPHER\-RSA \&\- RSA Asymmetric Cipher algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Asymmetric Cipher support for the \fB\s-1RSA\s0\fR key type. -.SS "\s-1RSA\s0 Asymmetric Cipher parameters" +Asymmetric Cipher support for the \fBRSA\fR key type. +.SS "RSA Asymmetric Cipher parameters" .IX Subsection "RSA Asymmetric Cipher parameters" -.ie n .IP """pad-mode"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``pad-mode'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "pad-mode (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) " -The default provider understands these \s-1RSA\s0 padding modes in string form: +.IP """pad\-mode"" (\fBOSSL_ASYM_CIPHER_PARAM_PAD_MODE\fR) " 4 +.IX Item """pad-mode"" (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) " +The default provider understands these RSA padding modes in string form: .RS 4 -.ie n .IP """none"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_NONE\s0\fR)" 4 -.el .IP "``none'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_NONE\s0\fR)" 4 -.IX Item "none (OSSL_PKEY_RSA_PAD_MODE_NONE)" +.IP """none"" (\fBOSSL_PKEY_RSA_PAD_MODE_NONE\fR)" 4 +.IX Item """none"" (OSSL_PKEY_RSA_PAD_MODE_NONE)" .PD 0 -.ie n .IP """oaep"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_OAEP\s0\fR)" 4 -.el .IP "``oaep'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_OAEP\s0\fR)" 4 -.IX Item "oaep (OSSL_PKEY_RSA_PAD_MODE_OAEP)" -.ie n .IP """pkcs1"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_PKCSV15\s0\fR)" 4 -.el .IP "``pkcs1'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_PKCSV15\s0\fR)" 4 -.IX Item "pkcs1 (OSSL_PKEY_RSA_PAD_MODE_PKCSV15)" -.ie n .IP """x931"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_X931\s0\fR)" 4 -.el .IP "``x931'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_X931\s0\fR)" 4 -.IX Item "x931 (OSSL_PKEY_RSA_PAD_MODE_X931)" +.IP """oaep"" (\fBOSSL_PKEY_RSA_PAD_MODE_OAEP\fR)" 4 +.IX Item """oaep"" (OSSL_PKEY_RSA_PAD_MODE_OAEP)" +.IP """pkcs1"" (\fBOSSL_PKEY_RSA_PAD_MODE_PKCSV15\fR)" 4 +.IX Item """pkcs1"" (OSSL_PKEY_RSA_PAD_MODE_PKCSV15)" +.IP """x931"" (\fBOSSL_PKEY_RSA_PAD_MODE_X931\fR)" 4 +.IX Item """x931"" (OSSL_PKEY_RSA_PAD_MODE_X931)" +.PD .RE .RS 4 .RE -.ie n .IP """pad-mode"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) " 4 -.el .IP "``pad-mode'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) " 4 -.IX Item "pad-mode (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) " -.PD -The default provider understands these \s-1RSA\s0 padding modes in integer form: +.IP """pad\-mode"" (\fBOSSL_ASYM_CIPHER_PARAM_PAD_MODE\fR) " 4 +.IX Item """pad-mode"" (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) " +The default provider understands these RSA padding modes in integer form: .RS 4 -.IP "1 (\fB\s-1RSA_PKCS1_PADDING\s0\fR)" 4 +.IP "1 (\fBRSA_PKCS1_PADDING\fR)" 4 .IX Item "1 (RSA_PKCS1_PADDING)" .PD 0 -.IP "3 (\fB\s-1RSA_NO_PADDING\s0\fR)" 4 +.IP "3 (\fBRSA_NO_PADDING\fR)" 4 .IX Item "3 (RSA_NO_PADDING)" -.IP "4 (\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR)" 4 +.IP "4 (\fBRSA_PKCS1_OAEP_PADDING\fR)" 4 .IX Item "4 (RSA_PKCS1_OAEP_PADDING)" -.IP "5 (\fB\s-1RSA_X931_PADDING\s0\fR)" 4 +.IP "5 (\fBRSA_X931_PADDING\fR)" 4 .IX Item "5 (RSA_X931_PADDING)" +.PD .RE .RS 4 -.PD .Sp See \fBEVP_PKEY_CTX_set_rsa_padding\fR\|(3) for further details. .RE -.ie n .IP """digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) " +.IP """digest"" (\fBOSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) " .PD 0 -.ie n .IP """digest-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest-props (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) " -.ie n .IP """mgf1\-digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mgf1\-digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mgf1-digest (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) " -.ie n .IP """mgf1\-digest\-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mgf1\-digest\-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mgf1-digest-props (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) " -.ie n .IP """oaep-label"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 -.el .IP "``oaep-label'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 -.IX Item "oaep-label (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) " -.ie n .IP """tls-client-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 -.el .IP "``tls-client-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 -.IX Item "tls-client-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " +.IP """digest\-props"" (\fBOSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\fR) " 4 +.IX Item """digest-props"" (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) " +.IP """mgf1\-digest"" (\fBOSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\fR) " 4 +.IX Item """mgf1-digest"" (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) " +.IP """mgf1\-digest\-props"" (\fBOSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\fR) " 4 +.IX Item """mgf1-digest-props"" (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) " +.IP """oaep\-label"" (\fBOSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\fR) " 4 +.IX Item """oaep-label"" (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) " +.IP """tls\-client\-version"" (\fBOSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\fR) " 4 +.IX Item """tls-client-version"" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " .PD -See \fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR on the page \fBEVP_PKEY_CTX_set_rsa_padding\fR\|(3). -.ie n .IP """tls-negotiated-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 -.el .IP "``tls-negotiated-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 -.IX Item "tls-negotiated-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " -See \fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR on the page \fBEVP_PKEY_CTX_set_rsa_padding\fR\|(3). +See \fBRSA_PKCS1_WITH_TLS_PADDING\fR on the page \fBEVP_PKEY_CTX_set_rsa_padding\fR\|(3). +.IP """tls\-negotiated\-version"" (\fBOSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\fR) " 4 +.IX Item """tls-negotiated-version"" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " +See \fBRSA_PKCS1_WITH_TLS_PADDING\fR on the page \fBEVP_PKEY_CTX_set_rsa_padding\fR\|(3). .Sp -See \*(L"Asymmetric Cipher Parameters\*(R" in \fBprovider\-asym_cipher\fR\|(7) for more information. +See "Asymmetric Cipher Parameters" in \fBprovider\-asym_cipher\fR\|(7) for more information. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_PKEY\-RSA\fR\|(7), +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-asym_cipher\fR\|(7), \&\fBprovider\-keymgmt\fR\|(7), \&\fBOSSL_PROVIDER\-default\fR\|(7) -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_ASYM_CIPHER-SM2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_ASYM_CIPHER-SM2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,104 +53,43 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_ASYM_CIPHER-SM2 7ossl" -.TH EVP_ASYM_CIPHER-SM2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_ASYM_CIPHER-SM2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_ASYM_CIPHER\-SM2 \&\- SM2 Asymmetric Cipher algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Asymmetric Cipher support for the \fB\s-1SM2\s0\fR key type. -.SS "\s-1SM2\s0 Asymmetric Cipher parameters" +Asymmetric Cipher support for the \fBSM2\fR key type. +.SS "SM2 Asymmetric Cipher parameters" .IX Subsection "SM2 Asymmetric Cipher parameters" -.ie n .IP """digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_ASYM_CIPHER_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_ASYM_CIPHER_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_ASYM_CIPHER_PARAM_DIGEST) " .PD 0 -.ie n .IP """digest-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest-props (OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS) " +.IP """digest\-props"" (\fBOSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS\fR) " 4 +.IX Item """digest-props"" (OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS) " .PD -See \*(L"Asymmetric Cipher Parameters\*(R" in \fBprovider\-asym_cipher\fR\|(7). +See "Asymmetric Cipher Parameters" in \fBprovider\-asym_cipher\fR\|(7). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-SM2\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_PKEY\-SM2\fR\|(7), +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-asym_cipher\fR\|(7), \&\fBprovider\-keymgmt\fR\|(7), \&\fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-AES.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-AES.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,142 +53,82 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-AES 7ossl" -.TH EVP_CIPHER-AES 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-AES 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-AES \- The AES EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1AES\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for AES symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" -The following algorithms are available in the \s-1FIPS\s0 provider as well as the +The following algorithms are available in the FIPS provider as well as the default provider: -.ie n .IP """\s-1AES\-128\-CBC"", ""AES\-192\-CBC""\s0 and ""\s-1AES\-256\-CBC""\s0" 4 -.el .IP "``\s-1AES\-128\-CBC'', ``AES\-192\-CBC''\s0 and ``\s-1AES\-256\-CBC''\s0" 4 -.IX Item "AES-128-CBC, AES-192-CBC and AES-256-CBC" +.IP """AES\-128\-CBC"", ""AES\-192\-CBC"" and ""AES\-256\-CBC""" 4 +.IX Item """AES-128-CBC"", ""AES-192-CBC"" and ""AES-256-CBC""" .PD 0 -.ie n .IP """\s-1AES\-128\-CBC\-CTS"", ""AES\-192\-CBC\-CTS""\s0 and ""\s-1AES\-256\-CBC\-CTS""\s0" 4 -.el .IP "``\s-1AES\-128\-CBC\-CTS'', ``AES\-192\-CBC\-CTS''\s0 and ``\s-1AES\-256\-CBC\-CTS''\s0" 4 -.IX Item "AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS" -.ie n .IP """\s-1AES\-128\-CFB"", ""AES\-192\-CFB"", ""AES\-256\-CFB"", ""AES\-128\-CFB1"", ""AES\-192\-CFB1"", ""AES\-256\-CFB1"", ""AES\-128\-CFB8"", ""AES\-192\-CFB8""\s0 and ""\s-1AES\-256\-CFB8""\s0" 4 -.el .IP "``\s-1AES\-128\-CFB'', ``AES\-192\-CFB'', ``AES\-256\-CFB'', ``AES\-128\-CFB1'', ``AES\-192\-CFB1'', ``AES\-256\-CFB1'', ``AES\-128\-CFB8'', ``AES\-192\-CFB8''\s0 and ``\s-1AES\-256\-CFB8''\s0" 4 -.IX Item "AES-128-CFB, AES-192-CFB, AES-256-CFB, AES-128-CFB1, AES-192-CFB1, AES-256-CFB1, AES-128-CFB8, AES-192-CFB8 and AES-256-CFB8" -.ie n .IP """\s-1AES\-128\-CTR"", ""AES\-192\-CTR""\s0 and ""\s-1AES\-256\-CTR""\s0" 4 -.el .IP "``\s-1AES\-128\-CTR'', ``AES\-192\-CTR''\s0 and ``\s-1AES\-256\-CTR''\s0" 4 -.IX Item "AES-128-CTR, AES-192-CTR and AES-256-CTR" -.ie n .IP """\s-1AES\-128\-ECB"", ""AES\-192\-ECB""\s0 and ""\s-1AES\-256\-ECB""\s0" 4 -.el .IP "``\s-1AES\-128\-ECB'', ``AES\-192\-ECB''\s0 and ``\s-1AES\-256\-ECB''\s0" 4 -.IX Item "AES-128-ECB, AES-192-ECB and AES-256-ECB" -.ie n .IP """\s-1AES\-192\-OFB"", ""AES\-128\-OFB""\s0 and ""\s-1AES\-256\-OFB""\s0" 4 -.el .IP "``\s-1AES\-192\-OFB'', ``AES\-128\-OFB''\s0 and ``\s-1AES\-256\-OFB''\s0" 4 -.IX Item "AES-192-OFB, AES-128-OFB and AES-256-OFB" -.ie n .IP """\s-1AES\-128\-XTS""\s0 and ""\s-1AES\-256\-XTS""\s0" 4 -.el .IP "``\s-1AES\-128\-XTS''\s0 and ``\s-1AES\-256\-XTS''\s0" 4 -.IX Item "AES-128-XTS and AES-256-XTS" -.ie n .IP """\s-1AES\-128\-CCM"", ""AES\-192\-CCM""\s0 and ""\s-1AES\-256\-CCM""\s0" 4 -.el .IP "``\s-1AES\-128\-CCM'', ``AES\-192\-CCM''\s0 and ``\s-1AES\-256\-CCM''\s0" 4 -.IX Item "AES-128-CCM, AES-192-CCM and AES-256-CCM" -.ie n .IP """\s-1AES\-128\-GCM"", ""AES\-192\-GCM""\s0 and ""\s-1AES\-256\-GCM""\s0" 4 -.el .IP "``\s-1AES\-128\-GCM'', ``AES\-192\-GCM''\s0 and ``\s-1AES\-256\-GCM''\s0" 4 -.IX Item "AES-128-GCM, AES-192-GCM and AES-256-GCM" -.ie n .IP """\s-1AES\-128\-WRAP"", ""AES\-192\-WRAP"", ""AES\-256\-WRAP"", ""AES\-128\-WRAP\-PAD"", ""AES\-192\-WRAP\-PAD"", ""AES\-256\-WRAP\-PAD"", ""AES\-128\-WRAP\-INV"", ""AES\-192\-WRAP\-INV"", ""AES\-256\-WRAP\-INV"", ""AES\-128\-WRAP\-PAD\-INV"", ""AES\-192\-WRAP\-PAD\-INV""\s0 and ""\s-1AES\-256\-WRAP\-PAD\-INV""\s0" 4 -.el .IP "``\s-1AES\-128\-WRAP'', ``AES\-192\-WRAP'', ``AES\-256\-WRAP'', ``AES\-128\-WRAP\-PAD'', ``AES\-192\-WRAP\-PAD'', ``AES\-256\-WRAP\-PAD'', ``AES\-128\-WRAP\-INV'', ``AES\-192\-WRAP\-INV'', ``AES\-256\-WRAP\-INV'', ``AES\-128\-WRAP\-PAD\-INV'', ``AES\-192\-WRAP\-PAD\-INV''\s0 and ``\s-1AES\-256\-WRAP\-PAD\-INV''\s0" 4 -.IX Item "AES-128-WRAP, AES-192-WRAP, AES-256-WRAP, AES-128-WRAP-PAD, AES-192-WRAP-PAD, AES-256-WRAP-PAD, AES-128-WRAP-INV, AES-192-WRAP-INV, AES-256-WRAP-INV, AES-128-WRAP-PAD-INV, AES-192-WRAP-PAD-INV and AES-256-WRAP-PAD-INV" -.ie n .IP """\s-1AES\-128\-CBC\-HMAC\-SHA1"", ""AES\-256\-CBC\-HMAC\-SHA1"", ""AES\-128\-CBC\-HMAC\-SHA256""\s0 and ""\s-1AES\-256\-CBC\-HMAC\-SHA256""\s0" 4 -.el .IP "``\s-1AES\-128\-CBC\-HMAC\-SHA1'', ``AES\-256\-CBC\-HMAC\-SHA1'', ``AES\-128\-CBC\-HMAC\-SHA256''\s0 and ``\s-1AES\-256\-CBC\-HMAC\-SHA256''\s0" 4 -.IX Item "AES-128-CBC-HMAC-SHA1, AES-256-CBC-HMAC-SHA1, AES-128-CBC-HMAC-SHA256 and AES-256-CBC-HMAC-SHA256" +.IP """AES\-128\-CBC\-CTS"", ""AES\-192\-CBC\-CTS"" and ""AES\-256\-CBC\-CTS""" 4 +.IX Item """AES-128-CBC-CTS"", ""AES-192-CBC-CTS"" and ""AES-256-CBC-CTS""" +.IP """AES\-128\-CFB"", ""AES\-192\-CFB"", ""AES\-256\-CFB"", ""AES\-128\-CFB1"", ""AES\-192\-CFB1"", ""AES\-256\-CFB1"", ""AES\-128\-CFB8"", ""AES\-192\-CFB8"" and ""AES\-256\-CFB8""" 4 +.IX Item """AES-128-CFB"", ""AES-192-CFB"", ""AES-256-CFB"", ""AES-128-CFB1"", ""AES-192-CFB1"", ""AES-256-CFB1"", ""AES-128-CFB8"", ""AES-192-CFB8"" and ""AES-256-CFB8""" +.IP """AES\-128\-CTR"", ""AES\-192\-CTR"" and ""AES\-256\-CTR""" 4 +.IX Item """AES-128-CTR"", ""AES-192-CTR"" and ""AES-256-CTR""" +.IP """AES\-128\-ECB"", ""AES\-192\-ECB"" and ""AES\-256\-ECB""" 4 +.IX Item """AES-128-ECB"", ""AES-192-ECB"" and ""AES-256-ECB""" +.IP """AES\-192\-OFB"", ""AES\-128\-OFB"" and ""AES\-256\-OFB""" 4 +.IX Item """AES-192-OFB"", ""AES-128-OFB"" and ""AES-256-OFB""" +.IP """AES\-128\-XTS"" and ""AES\-256\-XTS""" 4 +.IX Item """AES-128-XTS"" and ""AES-256-XTS""" +.IP """AES\-128\-CCM"", ""AES\-192\-CCM"" and ""AES\-256\-CCM""" 4 +.IX Item """AES-128-CCM"", ""AES-192-CCM"" and ""AES-256-CCM""" +.IP """AES\-128\-GCM"", ""AES\-192\-GCM"" and ""AES\-256\-GCM""" 4 +.IX Item """AES-128-GCM"", ""AES-192-GCM"" and ""AES-256-GCM""" +.IP """AES\-128\-WRAP"", ""AES\-192\-WRAP"", ""AES\-256\-WRAP"", ""AES\-128\-WRAP\-PAD"", ""AES\-192\-WRAP\-PAD"", ""AES\-256\-WRAP\-PAD"", ""AES\-128\-WRAP\-INV"", ""AES\-192\-WRAP\-INV"", ""AES\-256\-WRAP\-INV"", ""AES\-128\-WRAP\-PAD\-INV"", ""AES\-192\-WRAP\-PAD\-INV"" and ""AES\-256\-WRAP\-PAD\-INV""" 4 +.IX Item """AES-128-WRAP"", ""AES-192-WRAP"", ""AES-256-WRAP"", ""AES-128-WRAP-PAD"", ""AES-192-WRAP-PAD"", ""AES-256-WRAP-PAD"", ""AES-128-WRAP-INV"", ""AES-192-WRAP-INV"", ""AES-256-WRAP-INV"", ""AES-128-WRAP-PAD-INV"", ""AES-192-WRAP-PAD-INV"" and ""AES-256-WRAP-PAD-INV""" +.IP """AES\-128\-CBC\-HMAC\-SHA1"", ""AES\-256\-CBC\-HMAC\-SHA1"", ""AES\-128\-CBC\-HMAC\-SHA256"" and ""AES\-256\-CBC\-HMAC\-SHA256""" 4 +.IX Item """AES-128-CBC-HMAC-SHA1"", ""AES-256-CBC-HMAC-SHA1"", ""AES-128-CBC-HMAC-SHA256"" and ""AES-256-CBC-HMAC-SHA256""" .PD .PP The following algorithms are available in the default provider, but not the -\&\s-1FIPS\s0 provider: -.ie n .IP """\s-1AES\-128\-OCB"", ""AES\-192\-OCB""\s0 and ""\s-1AES\-256\-OCB""\s0" 4 -.el .IP "``\s-1AES\-128\-OCB'', ``AES\-192\-OCB''\s0 and ``\s-1AES\-256\-OCB''\s0" 4 -.IX Item "AES-128-OCB, AES-192-OCB and AES-256-OCB" +FIPS provider: +.IP """AES\-128\-OCB"", ""AES\-192\-OCB"" and ""AES\-256\-OCB""" 4 +.IX Item """AES-128-OCB"", ""AES-192-OCB"" and ""AES-256-OCB""" .PD 0 -.ie n .IP """\s-1AES\-128\-SIV"", ""AES\-192\-SIV""\s0 and ""\s-1AES\-256\-SIV""\s0" 4 -.el .IP "``\s-1AES\-128\-SIV'', ``AES\-192\-SIV''\s0 and ``\s-1AES\-256\-SIV''\s0" 4 -.IX Item "AES-128-SIV, AES-192-SIV and AES-256-SIV" +.IP """AES\-128\-SIV"", ""AES\-192\-SIV"" and ""AES\-256\-SIV""" 4 +.IX Item """AES-128-SIV"", ""AES-192-SIV"" and ""AES-256-SIV""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). +.SH NOTES +.IX Header "NOTES" +The AES\-SIV and AES\-WRAP mode implementations do not support streaming. That +means to obtain correct results there can be only one \fBEVP_EncryptUpdate\fR\|(3) +or \fBEVP_DecryptUpdate\fR\|(3) call after the initialization of the context. +.PP +The AES\-XTS implementations allow streaming to be performed, but each +\&\fBEVP_EncryptUpdate\fR\|(3) or \fBEVP_DecryptUpdate\fR\|(3) call requires each input +to be a multiple of the blocksize. Only the final \fBEVP_EncryptUpdate()\fR or +\&\fBEVP_DecryptUpdate()\fR call can optionally have an input that is not a multiple +of the blocksize but is larger than one block. In that case ciphertext +stealing (CTS) is used to fill the block. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\-cipher\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-FIPS\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-ARIA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-ARIA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,121 +53,54 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-ARIA 7ossl" -.TH EVP_CIPHER-ARIA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-ARIA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-ARIA \- The ARIA EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1ARIA\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for ARIA symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the default provider: -.ie n .IP """\s-1ARIA\-128\-CBC"", ""ARIA\-192\-CBC""\s0 and ""\s-1ARIA\-256\-CBC""\s0" 4 -.el .IP "``\s-1ARIA\-128\-CBC'', ``ARIA\-192\-CBC''\s0 and ``\s-1ARIA\-256\-CBC''\s0" 4 -.IX Item "ARIA-128-CBC, ARIA-192-CBC and ARIA-256-CBC" +.IP """ARIA\-128\-CBC"", ""ARIA\-192\-CBC"" and ""ARIA\-256\-CBC""" 4 +.IX Item """ARIA-128-CBC"", ""ARIA-192-CBC"" and ""ARIA-256-CBC""" .PD 0 -.ie n .IP """\s-1ARIA\-128\-CFB"", ""ARIA\-192\-CFB"", ""ARIA\-256\-CFB"", ""ARIA\-128\-CFB1"", ""ARIA\-192\-CFB1"", ""ARIA\-256\-CFB1"", ""ARIA\-128\-CFB8"", ""ARIA\-192\-CFB8""\s0 and ""\s-1ARIA\-256\-CFB8""\s0" 4 -.el .IP "``\s-1ARIA\-128\-CFB'', ``ARIA\-192\-CFB'', ``ARIA\-256\-CFB'', ``ARIA\-128\-CFB1'', ``ARIA\-192\-CFB1'', ``ARIA\-256\-CFB1'', ``ARIA\-128\-CFB8'', ``ARIA\-192\-CFB8''\s0 and ``\s-1ARIA\-256\-CFB8''\s0" 4 -.IX Item "ARIA-128-CFB, ARIA-192-CFB, ARIA-256-CFB, ARIA-128-CFB1, ARIA-192-CFB1, ARIA-256-CFB1, ARIA-128-CFB8, ARIA-192-CFB8 and ARIA-256-CFB8" -.ie n .IP """\s-1ARIA\-128\-CTR"", ""ARIA\-192\-CTR""\s0 and ""\s-1ARIA\-256\-CTR""\s0" 4 -.el .IP "``\s-1ARIA\-128\-CTR'', ``ARIA\-192\-CTR''\s0 and ``\s-1ARIA\-256\-CTR''\s0" 4 -.IX Item "ARIA-128-CTR, ARIA-192-CTR and ARIA-256-CTR" -.ie n .IP """\s-1ARIA\-128\-ECB"", ""ARIA\-192\-ECB""\s0 and ""\s-1ARIA\-256\-ECB""\s0" 4 -.el .IP "``\s-1ARIA\-128\-ECB'', ``ARIA\-192\-ECB''\s0 and ``\s-1ARIA\-256\-ECB''\s0" 4 -.IX Item "ARIA-128-ECB, ARIA-192-ECB and ARIA-256-ECB" -.ie n .IP """\s-1AES\-192\-OCB"", ""AES\-128\-OCB""\s0 and ""\s-1AES\-256\-OCB""\s0" 4 -.el .IP "``\s-1AES\-192\-OCB'', ``AES\-128\-OCB''\s0 and ``\s-1AES\-256\-OCB''\s0" 4 -.IX Item "AES-192-OCB, AES-128-OCB and AES-256-OCB" -.ie n .IP """\s-1ARIA\-128\-OFB"", ""ARIA\-192\-OFB""\s0 and ""\s-1ARIA\-256\-OFB""\s0" 4 -.el .IP "``\s-1ARIA\-128\-OFB'', ``ARIA\-192\-OFB''\s0 and ``\s-1ARIA\-256\-OFB''\s0" 4 -.IX Item "ARIA-128-OFB, ARIA-192-OFB and ARIA-256-OFB" -.ie n .IP """\s-1ARIA\-128\-CCM"", ""ARIA\-192\-CCM""\s0 and ""\s-1ARIA\-256\-CCM""\s0" 4 -.el .IP "``\s-1ARIA\-128\-CCM'', ``ARIA\-192\-CCM''\s0 and ``\s-1ARIA\-256\-CCM''\s0" 4 -.IX Item "ARIA-128-CCM, ARIA-192-CCM and ARIA-256-CCM" -.ie n .IP """\s-1ARIA\-128\-GCM"", ""ARIA\-192\-GCM""\s0 and ""\s-1ARIA\-256\-GCM""\s0" 4 -.el .IP "``\s-1ARIA\-128\-GCM'', ``ARIA\-192\-GCM''\s0 and ``\s-1ARIA\-256\-GCM''\s0" 4 -.IX Item "ARIA-128-GCM, ARIA-192-GCM and ARIA-256-GCM" +.IP """ARIA\-128\-CFB"", ""ARIA\-192\-CFB"", ""ARIA\-256\-CFB"", ""ARIA\-128\-CFB1"", ""ARIA\-192\-CFB1"", ""ARIA\-256\-CFB1"", ""ARIA\-128\-CFB8"", ""ARIA\-192\-CFB8"" and ""ARIA\-256\-CFB8""" 4 +.IX Item """ARIA-128-CFB"", ""ARIA-192-CFB"", ""ARIA-256-CFB"", ""ARIA-128-CFB1"", ""ARIA-192-CFB1"", ""ARIA-256-CFB1"", ""ARIA-128-CFB8"", ""ARIA-192-CFB8"" and ""ARIA-256-CFB8""" +.IP """ARIA\-128\-CTR"", ""ARIA\-192\-CTR"" and ""ARIA\-256\-CTR""" 4 +.IX Item """ARIA-128-CTR"", ""ARIA-192-CTR"" and ""ARIA-256-CTR""" +.IP """ARIA\-128\-ECB"", ""ARIA\-192\-ECB"" and ""ARIA\-256\-ECB""" 4 +.IX Item """ARIA-128-ECB"", ""ARIA-192-ECB"" and ""ARIA-256-ECB""" +.IP """AES\-192\-OCB"", ""AES\-128\-OCB"" and ""AES\-256\-OCB""" 4 +.IX Item """AES-192-OCB"", ""AES-128-OCB"" and ""AES-256-OCB""" +.IP """ARIA\-128\-OFB"", ""ARIA\-192\-OFB"" and ""ARIA\-256\-OFB""" 4 +.IX Item """ARIA-128-OFB"", ""ARIA-192-OFB"" and ""ARIA-256-OFB""" +.IP """ARIA\-128\-CCM"", ""ARIA\-192\-CCM"" and ""ARIA\-256\-CCM""" 4 +.IX Item """ARIA-128-CCM"", ""ARIA-192-CCM"" and ""ARIA-256-CCM""" +.IP """ARIA\-128\-GCM"", ""ARIA\-192\-GCM"" and ""ARIA\-256\-GCM""" 4 +.IX Item """ARIA-128-GCM"", ""ARIA-192-GCM"" and ""ARIA-256-GCM""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-BLOWFISH.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-BLOWFISH.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,109 +53,46 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-BLOWFISH 7ossl" -.TH EVP_CIPHER-BLOWFISH 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-BLOWFISH 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-BLOWFISH \- The BLOBFISH EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1BLOWFISH\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for BLOWFISH symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the legacy provider: -.ie n .IP """BF-ECB""" 4 -.el .IP "``BF-ECB''" 4 -.IX Item "BF-ECB" +.IP """BF\-ECB""" 4 +.IX Item """BF-ECB""" .PD 0 -.ie n .IP """BF-CBC""" 4 -.el .IP "``BF-CBC''" 4 -.IX Item "BF-CBC" -.ie n .IP """BF-OFB""" 4 -.el .IP "``BF-OFB''" 4 -.IX Item "BF-OFB" -.ie n .IP """BF-CFB""" 4 -.el .IP "``BF-CFB''" 4 -.IX Item "BF-CFB" +.IP """BF\-CBC""" 4 +.IX Item """BF-CBC""" +.IP """BF\-OFB""" 4 +.IX Item """BF-OFB""" +.IP """BF\-CFB""" 4 +.IX Item """BF-CFB""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-CAMELLIA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-CAMELLIA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,115 +53,50 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-CAMELLIA 7ossl" -.TH EVP_CIPHER-CAMELLIA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-CAMELLIA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-CAMELLIA \- The CAMELLIA EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1CAMELLIA\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for CAMELLIA symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the default provider: -.ie n .IP """\s-1CAMELLIA\-128\-CBC"", ""CAMELLIA\-192\-CBC""\s0 and ""\s-1CAMELLIA\-256\-CBC""\s0" 4 -.el .IP "``\s-1CAMELLIA\-128\-CBC'', ``CAMELLIA\-192\-CBC''\s0 and ``\s-1CAMELLIA\-256\-CBC''\s0" 4 -.IX Item "CAMELLIA-128-CBC, CAMELLIA-192-CBC and CAMELLIA-256-CBC" +.IP """CAMELLIA\-128\-CBC"", ""CAMELLIA\-192\-CBC"" and ""CAMELLIA\-256\-CBC""" 4 +.IX Item """CAMELLIA-128-CBC"", ""CAMELLIA-192-CBC"" and ""CAMELLIA-256-CBC""" .PD 0 -.ie n .IP """\s-1CAMELLIA\-128\-CBC\-CTS"", ""CAMELLIA\-192\-CBC\-CTS""\s0 and ""\s-1CAMELLIA\-256\-CBC\-CTS""\s0" 4 -.el .IP "``\s-1CAMELLIA\-128\-CBC\-CTS'', ``CAMELLIA\-192\-CBC\-CTS''\s0 and ``\s-1CAMELLIA\-256\-CBC\-CTS''\s0" 4 -.IX Item "CAMELLIA-128-CBC-CTS, CAMELLIA-192-CBC-CTS and CAMELLIA-256-CBC-CTS" -.ie n .IP """\s-1CAMELLIA\-128\-CFB"", ""CAMELLIA\-192\-CFB"", ""CAMELLIA\-256\-CFB"", ""CAMELLIA\-128\-CFB1"", ""CAMELLIA\-192\-CFB1"", ""CAMELLIA\-256\-CFB1"", ""CAMELLIA\-128\-CFB8"", ""CAMELLIA\-192\-CFB8""\s0 and ""\s-1CAMELLIA\-256\-CFB8""\s0" 4 -.el .IP "``\s-1CAMELLIA\-128\-CFB'', ``CAMELLIA\-192\-CFB'', ``CAMELLIA\-256\-CFB'', ``CAMELLIA\-128\-CFB1'', ``CAMELLIA\-192\-CFB1'', ``CAMELLIA\-256\-CFB1'', ``CAMELLIA\-128\-CFB8'', ``CAMELLIA\-192\-CFB8''\s0 and ``\s-1CAMELLIA\-256\-CFB8''\s0" 4 -.IX Item "CAMELLIA-128-CFB, CAMELLIA-192-CFB, CAMELLIA-256-CFB, CAMELLIA-128-CFB1, CAMELLIA-192-CFB1, CAMELLIA-256-CFB1, CAMELLIA-128-CFB8, CAMELLIA-192-CFB8 and CAMELLIA-256-CFB8" -.ie n .IP """\s-1CAMELLIA\-128\-CTR"", ""CAMELLIA\-192\-CTR""\s0 and ""\s-1CAMELLIA\-256\-CTR""\s0" 4 -.el .IP "``\s-1CAMELLIA\-128\-CTR'', ``CAMELLIA\-192\-CTR''\s0 and ``\s-1CAMELLIA\-256\-CTR''\s0" 4 -.IX Item "CAMELLIA-128-CTR, CAMELLIA-192-CTR and CAMELLIA-256-CTR" -.ie n .IP """\s-1CAMELLIA\-128\-ECB"", ""CAMELLIA\-192\-ECB""\s0 and ""\s-1CAMELLIA\-256\-ECB""\s0" 4 -.el .IP "``\s-1CAMELLIA\-128\-ECB'', ``CAMELLIA\-192\-ECB''\s0 and ``\s-1CAMELLIA\-256\-ECB''\s0" 4 -.IX Item "CAMELLIA-128-ECB, CAMELLIA-192-ECB and CAMELLIA-256-ECB" -.ie n .IP """\s-1CAMELLIA\-192\-OFB"", ""CAMELLIA\-128\-OFB""\s0 and ""\s-1CAMELLIA\-256\-OFB""\s0" 4 -.el .IP "``\s-1CAMELLIA\-192\-OFB'', ``CAMELLIA\-128\-OFB''\s0 and ``\s-1CAMELLIA\-256\-OFB''\s0" 4 -.IX Item "CAMELLIA-192-OFB, CAMELLIA-128-OFB and CAMELLIA-256-OFB" +.IP """CAMELLIA\-128\-CBC\-CTS"", ""CAMELLIA\-192\-CBC\-CTS"" and ""CAMELLIA\-256\-CBC\-CTS""" 4 +.IX Item """CAMELLIA-128-CBC-CTS"", ""CAMELLIA-192-CBC-CTS"" and ""CAMELLIA-256-CBC-CTS""" +.IP """CAMELLIA\-128\-CFB"", ""CAMELLIA\-192\-CFB"", ""CAMELLIA\-256\-CFB"", ""CAMELLIA\-128\-CFB1"", ""CAMELLIA\-192\-CFB1"", ""CAMELLIA\-256\-CFB1"", ""CAMELLIA\-128\-CFB8"", ""CAMELLIA\-192\-CFB8"" and ""CAMELLIA\-256\-CFB8""" 4 +.IX Item """CAMELLIA-128-CFB"", ""CAMELLIA-192-CFB"", ""CAMELLIA-256-CFB"", ""CAMELLIA-128-CFB1"", ""CAMELLIA-192-CFB1"", ""CAMELLIA-256-CFB1"", ""CAMELLIA-128-CFB8"", ""CAMELLIA-192-CFB8"" and ""CAMELLIA-256-CFB8""" +.IP """CAMELLIA\-128\-CTR"", ""CAMELLIA\-192\-CTR"" and ""CAMELLIA\-256\-CTR""" 4 +.IX Item """CAMELLIA-128-CTR"", ""CAMELLIA-192-CTR"" and ""CAMELLIA-256-CTR""" +.IP """CAMELLIA\-128\-ECB"", ""CAMELLIA\-192\-ECB"" and ""CAMELLIA\-256\-ECB""" 4 +.IX Item """CAMELLIA-128-ECB"", ""CAMELLIA-192-ECB"" and ""CAMELLIA-256-ECB""" +.IP """CAMELLIA\-192\-OFB"", ""CAMELLIA\-128\-OFB"" and ""CAMELLIA\-256\-OFB""" 4 +.IX Item """CAMELLIA-192-OFB"", ""CAMELLIA-128-OFB"" and ""CAMELLIA-256-OFB""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-CAST.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-CAST.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,109 +53,46 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-CAST 7ossl" -.TH EVP_CIPHER-CAST 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-CAST 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-CAST \- The CAST EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1CAST\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for CAST symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the legacy provider: -.ie n .IP """\s-1CAST\-128\-CBC"", ""CAST\-192\-CBC""\s0 and ""\s-1CAST\-256\-CBC""\s0" 4 -.el .IP "``\s-1CAST\-128\-CBC'', ``CAST\-192\-CBC''\s0 and ``\s-1CAST\-256\-CBC''\s0" 4 -.IX Item "CAST-128-CBC, CAST-192-CBC and CAST-256-CBC" +.IP """CAST\-128\-CBC"", ""CAST\-192\-CBC"" and ""CAST\-256\-CBC""" 4 +.IX Item """CAST-128-CBC"", ""CAST-192-CBC"" and ""CAST-256-CBC""" .PD 0 -.ie n .IP """\s-1CAST\-128\-CFB"", ""CAST\-192\-CFB"", ""CAST\-256\-CFB""\s0" 4 -.el .IP "``\s-1CAST\-128\-CFB'', ``CAST\-192\-CFB'', ``CAST\-256\-CFB''\s0" 4 -.IX Item "CAST-128-CFB, CAST-192-CFB, CAST-256-CFB" -.ie n .IP """\s-1CAST\-128\-ECB"", ""CAST\-192\-ECB""\s0 and ""\s-1CAST\-256\-ECB""\s0" 4 -.el .IP "``\s-1CAST\-128\-ECB'', ``CAST\-192\-ECB''\s0 and ``\s-1CAST\-256\-ECB''\s0" 4 -.IX Item "CAST-128-ECB, CAST-192-ECB and CAST-256-ECB" -.ie n .IP """\s-1CAST\-192\-OFB"", ""CAST\-128\-OFB""\s0 and ""\s-1CAST\-256\-OFB""\s0" 4 -.el .IP "``\s-1CAST\-192\-OFB'', ``CAST\-128\-OFB''\s0 and ``\s-1CAST\-256\-OFB''\s0" 4 -.IX Item "CAST-192-OFB, CAST-128-OFB and CAST-256-OFB" +.IP """CAST\-128\-CFB"", ""CAST\-192\-CFB"", ""CAST\-256\-CFB""" 4 +.IX Item """CAST-128-CFB"", ""CAST-192-CFB"", ""CAST-256-CFB""" +.IP """CAST\-128\-ECB"", ""CAST\-192\-ECB"" and ""CAST\-256\-ECB""" 4 +.IX Item """CAST-128-ECB"", ""CAST-192-ECB"" and ""CAST-256-ECB""" +.IP """CAST\-192\-OFB"", ""CAST\-128\-OFB"" and ""CAST\-256\-OFB""" 4 +.IX Item """CAST-192-OFB"", ""CAST-128-OFB"" and ""CAST-256-OFB""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-CHACHA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-CHACHA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,103 +53,42 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-CHACHA 7ossl" -.TH EVP_CIPHER-CHACHA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-CHACHA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-CHACHA \- The CHACHA EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1CHACHA\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for CHACHA symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the default provider: -.ie n .IP """ChaCha20""" 4 -.el .IP "``ChaCha20''" 4 -.IX Item "ChaCha20" +.IP """ChaCha20""" 4 +.IX Item """ChaCha20""" .PD 0 -.ie n .IP """ChaCha20\-Poly1305""" 4 -.el .IP "``ChaCha20\-Poly1305''" 4 -.IX Item "ChaCha20-Poly1305" +.IP """ChaCha20\-Poly1305""" 4 +.IX Item """ChaCha20-Poly1305""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-DES.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-DES.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,147 +53,75 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-DES 7ossl" -.TH EVP_CIPHER-DES 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-DES 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-DES \- The DES EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1DES\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for DES symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" -The following algorithms are available in the \s-1FIPS\s0 provider as well as the +The following algorithms are available in the FIPS provider as well as the default provider: -.ie n .IP """\s-1DES\-EDE3\-ECB""\s0 or ""\s-1DES\-EDE3""\s0" 4 -.el .IP "``\s-1DES\-EDE3\-ECB''\s0 or ``\s-1DES\-EDE3''\s0" 4 -.IX Item "DES-EDE3-ECB or DES-EDE3" +.IP """DES\-EDE3\-ECB"" or ""DES\-EDE3""" 4 +.IX Item """DES-EDE3-ECB"" or ""DES-EDE3""" .PD 0 -.ie n .IP """\s-1DES\-EDE3\-CBC""\s0 or ""\s-1DES3""\s0" 4 -.el .IP "``\s-1DES\-EDE3\-CBC''\s0 or ``\s-1DES3''\s0" 4 -.IX Item "DES-EDE3-CBC or DES3" +.IP """DES\-EDE3\-CBC"" or ""DES3""" 4 +.IX Item """DES-EDE3-CBC"" or ""DES3""" .PD .PP The following algorithms are available in the default provider, but not the -\&\s-1FIPS\s0 provider: -.ie n .IP """\s-1DES\-EDE3\-CFB8""\s0 and ""\s-1DES\-EDE3\-CFB1""\s0" 4 -.el .IP "``\s-1DES\-EDE3\-CFB8''\s0 and ``\s-1DES\-EDE3\-CFB1''\s0" 4 -.IX Item "DES-EDE3-CFB8 and DES-EDE3-CFB1" +FIPS provider: +.IP """DES\-EDE3\-CFB8"" and ""DES\-EDE3\-CFB1""" 4 +.IX Item """DES-EDE3-CFB8"" and ""DES-EDE3-CFB1""" .PD 0 -.ie n .IP """DES-EDE-ECB"" or ""DES-EDE""" 4 -.el .IP "``DES-EDE-ECB'' or ``DES-EDE''" 4 -.IX Item "DES-EDE-ECB or DES-EDE" -.ie n .IP """DES-EDE-CBC""" 4 -.el .IP "``DES-EDE-CBC''" 4 -.IX Item "DES-EDE-CBC" -.ie n .IP """DES-EDE-OFB""" 4 -.el .IP "``DES-EDE-OFB''" 4 -.IX Item "DES-EDE-OFB" -.ie n .IP """DES-EDE-CFB""" 4 -.el .IP "``DES-EDE-CFB''" 4 -.IX Item "DES-EDE-CFB" -.ie n .IP """\s-1DES3\-WRAP""\s0" 4 -.el .IP "``\s-1DES3\-WRAP''\s0" 4 -.IX Item "DES3-WRAP" +.IP """DES\-EDE\-ECB"" or ""DES\-EDE""" 4 +.IX Item """DES-EDE-ECB"" or ""DES-EDE""" +.IP """DES\-EDE\-CBC""" 4 +.IX Item """DES-EDE-CBC""" +.IP """DES\-EDE\-OFB""" 4 +.IX Item """DES-EDE-OFB""" +.IP """DES\-EDE\-CFB""" 4 +.IX Item """DES-EDE-CFB""" +.IP """DES3\-WRAP""" 4 +.IX Item """DES3-WRAP""" .PD .PP The following algorithms are available in the legacy provider: -.ie n .IP """DES-ECB""" 4 -.el .IP "``DES-ECB''" 4 -.IX Item "DES-ECB" +.IP """DES\-ECB""" 4 +.IX Item """DES-ECB""" .PD 0 -.ie n .IP """DES-CBC""" 4 -.el .IP "``DES-CBC''" 4 -.IX Item "DES-CBC" -.ie n .IP """DES-OFB""" 4 -.el .IP "``DES-OFB''" 4 -.IX Item "DES-OFB" -.ie n .IP """DES-CFB"", ""\s-1DES\-CFB1""\s0 and ""\s-1DES\-CFB8""\s0" 4 -.el .IP "``DES-CFB'', ``\s-1DES\-CFB1''\s0 and ``\s-1DES\-CFB8''\s0" 4 -.IX Item "DES-CFB, DES-CFB1 and DES-CFB8" -.ie n .IP """DESX-CBC""" 4 -.el .IP "``DESX-CBC''" 4 -.IX Item "DESX-CBC" +.IP """DES\-CBC""" 4 +.IX Item """DES-CBC""" +.IP """DES\-OFB""" 4 +.IX Item """DES-OFB""" +.IP """DES\-CFB"", ""DES\-CFB1"" and ""DES\-CFB8""" 4 +.IX Item """DES-CFB"", ""DES-CFB1"" and ""DES-CFB8""" +.IP """DESX\-CBC""" 4 +.IX Item """DESX-CBC""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\-cipher\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7), +\&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-FIPS\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7), \&\fBOSSL_PROVIDER\-legacy\fR\|(7), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-IDEA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-IDEA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,109 +53,46 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-IDEA 7ossl" -.TH EVP_CIPHER-IDEA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-IDEA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-IDEA \- The IDEA EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1IDEA\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for IDEA symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the legacy provider: -.ie n .IP """IDEA-ECB""" 4 -.el .IP "``IDEA-ECB''" 4 -.IX Item "IDEA-ECB" +.IP """IDEA\-ECB""" 4 +.IX Item """IDEA-ECB""" .PD 0 -.ie n .IP """IDEA-CBC""" 4 -.el .IP "``IDEA-CBC''" 4 -.IX Item "IDEA-CBC" -.ie n .IP """IDEA-OFB"" or ""\s-1IDEA\-OFB64""\s0" 4 -.el .IP "``IDEA-OFB'' or ``\s-1IDEA\-OFB64''\s0" 4 -.IX Item "IDEA-OFB or IDEA-OFB64" -.ie n .IP """IDEA-CFB"" or ""\s-1IDEA\-CFB64""\s0" 4 -.el .IP "``IDEA-CFB'' or ``\s-1IDEA\-CFB64''\s0" 4 -.IX Item "IDEA-CFB or IDEA-CFB64" +.IP """IDEA\-CBC""" 4 +.IX Item """IDEA-CBC""" +.IP """IDEA\-OFB"" or ""IDEA\-OFB64""" 4 +.IX Item """IDEA-OFB"" or ""IDEA-OFB64""" +.IP """IDEA\-CFB"" or ""IDEA\-CFB64""" 4 +.IX Item """IDEA-CFB"" or ""IDEA-CFB64""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-NULL.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-NULL.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,131 +53,67 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-NULL 7ossl" -.TH EVP_CIPHER-NULL 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-NULL 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-NULL \- The NULL EVP_CIPHER implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for a \s-1NULL\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 -This is used when the \s-1TLS\s0 cipher suite is \s-1TLS_NULL_WITH_NULL_NULL.\s0 +Support for a NULL symmetric encryption using the \fBEVP_CIPHER\fR API. +This is used when the TLS cipher suite is TLS_NULL_WITH_NULL_NULL. This does no encryption (just copies the data) and has a mac size of zero. .SS "Algorithm Name" .IX Subsection "Algorithm Name" The following algorithm is available in the default provider: -.ie n .IP """\s-1NULL""\s0" 4 -.el .IP "``\s-1NULL''\s0" 4 -.IX Item "NULL" -.SS "Parameters" +.IP """NULL""" 4 +.IX Item """NULL""" +.SS Parameters .IX Subsection "Parameters" This implementation supports the following parameters: .PP -\fIGettable \s-1EVP_CIPHER\s0 parameters\fR +\fIGettable EVP_CIPHER parameters\fR .IX Subsection "Gettable EVP_CIPHER parameters" .PP -See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" in \fBEVP_EncryptInit\fR\|(3) +See "Gettable EVP_CIPHER parameters" in \fBEVP_EncryptInit\fR\|(3) .PP -\fIGettable \s-1EVP_CIPHER_CTX\s0 parameters\fR +\fIGettable EVP_CIPHER_CTX parameters\fR .IX Subsection "Gettable EVP_CIPHER_CTX parameters" -.ie n .IP """keylen"" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 -.el .IP "``keylen'' (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 -.IX Item "keylen (OSSL_CIPHER_PARAM_KEYLEN) " +.IP """keylen"" (\fBOSSL_CIPHER_PARAM_KEYLEN\fR) " 4 +.IX Item """keylen"" (OSSL_CIPHER_PARAM_KEYLEN) " .PD 0 -.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR and <\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) " 4 -.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR and <\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) " 4 -.IX Item "ivlen (OSSL_CIPHER_PARAM_IVLEN and " -.ie n .IP """tls-mac"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC\s0\fR) " 4 -.el .IP "``tls-mac'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC\s0\fR) " 4 -.IX Item "tls-mac (OSSL_CIPHER_PARAM_TLS_MAC) " +.IP """ivlen"" (\fBOSSL_CIPHER_PARAM_IVLEN\fR and <\fBOSSL_CIPHER_PARAM_AEAD_IVLEN\fR) " 4 +.IX Item """ivlen"" (OSSL_CIPHER_PARAM_IVLEN and " +.IP """tls\-mac"" (\fBOSSL_CIPHER_PARAM_TLS_MAC\fR) " 4 +.IX Item """tls-mac"" (OSSL_CIPHER_PARAM_TLS_MAC) " .PD .PP -See \*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) for further information. +See "PARAMETERS" in \fBEVP_EncryptInit\fR\|(3) for further information. .PP -\fISettable \s-1EVP_CIPHER_CTX\s0 parameters\fR +\fISettable EVP_CIPHER_CTX parameters\fR .IX Subsection "Settable EVP_CIPHER_CTX parameters" -.ie n .IP """tls-mac-size"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC_SIZE\s0\fR) " 4 -.el .IP "``tls-mac-size'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC_SIZE\s0\fR) " 4 -.IX Item "tls-mac-size (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) " +.IP """tls\-mac\-size"" (\fBOSSL_CIPHER_PARAM_TLS_MAC_SIZE\fR) " 4 +.IX Item """tls-mac-size"" (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) " .PP -See \*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) for further information. +See "PARAMETERS" in \fBEVP_EncryptInit\fR\|(3) for further information. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 5246\s0 section\-6.2.3.1 +RFC 5246 section\-6.2.3.1 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-RC2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-RC2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,115 +53,50 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-RC2 7ossl" -.TH EVP_CIPHER-RC2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-RC2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-RC2 \- The RC2 EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1RC2\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for RC2 symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the legacy provider: -.ie n .IP """\s-1RC2\-CBC"", ""RC2""\s0 or ""\s-1RC2\-128""\s0" 4 -.el .IP "``\s-1RC2\-CBC'', ``RC2''\s0 or ``\s-1RC2\-128''\s0" 4 -.IX Item "RC2-CBC, RC2 or RC2-128" +.IP """RC2\-CBC"", ""RC2"" or ""RC2\-128""" 4 +.IX Item """RC2-CBC"", ""RC2"" or ""RC2-128""" .PD 0 -.ie n .IP """\s-1RC2\-40\-CBC""\s0 or ""\s-1RC2\-40""\s0" 4 -.el .IP "``\s-1RC2\-40\-CBC''\s0 or ``\s-1RC2\-40''\s0" 4 -.IX Item "RC2-40-CBC or RC2-40" -.ie n .IP """\s-1RC2\-64\-CBC""\s0 or ""\s-1RC2\-64""\s0" 4 -.el .IP "``\s-1RC2\-64\-CBC''\s0 or ``\s-1RC2\-64''\s0" 4 -.IX Item "RC2-64-CBC or RC2-64" -.ie n .IP """\s-1RC2\-ECB""\s0" 4 -.el .IP "``\s-1RC2\-ECB''\s0" 4 -.IX Item "RC2-ECB" -.ie n .IP """\s-1RC2\-CFB""\s0" 4 -.el .IP "``\s-1RC2\-CFB''\s0" 4 -.IX Item "RC2-CFB" -.ie n .IP """\s-1RC2\-OFB""\s0" 4 -.el .IP "``\s-1RC2\-OFB''\s0" 4 -.IX Item "RC2-OFB" +.IP """RC2\-40\-CBC"" or ""RC2\-40""" 4 +.IX Item """RC2-40-CBC"" or ""RC2-40""" +.IP """RC2\-64\-CBC"" or ""RC2\-64""" 4 +.IX Item """RC2-64-CBC"" or ""RC2-64""" +.IP """RC2\-ECB""" 4 +.IX Item """RC2-ECB""" +.IP """RC2\-CFB""" 4 +.IX Item """RC2-CFB""" +.IP """RC2\-OFB""" 4 +.IX Item """RC2-OFB""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-RC4.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-RC4.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,106 +53,44 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-RC4 7ossl" -.TH EVP_CIPHER-RC4 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-RC4 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-RC4 \- The RC4 EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1RC4\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for RC4 symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the legacy provider: -.ie n .IP """\s-1RC4""\s0" 4 -.el .IP "``\s-1RC4''\s0" 4 -.IX Item "RC4" +.IP """RC4""" 4 +.IX Item """RC4""" .PD 0 -.ie n .IP """\s-1RC4\-40""\s0" 4 -.el .IP "``\s-1RC4\-40''\s0" 4 -.IX Item "RC4-40" -.ie n .IP """\s-1RC4\-HMAC\-MD5""\s0" 4 -.el .IP "``\s-1RC4\-HMAC\-MD5''\s0" 4 -.IX Item "RC4-HMAC-MD5" +.IP """RC4\-40""" 4 +.IX Item """RC4-40""" +.IP """RC4\-HMAC\-MD5""" 4 +.IX Item """RC4-HMAC-MD5""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-RC5.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-RC5.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,111 +53,48 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-RC5 7ossl" -.TH EVP_CIPHER-RC5 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-RC5 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-RC5 \- The RC5 EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1RC5\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for RC5 symmetric encryption using the \fBEVP_CIPHER\fR API. .PP Disabled by default. Use the \fIenable\-rc5\fR configuration option to enable. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the legacy provider: -.ie n .IP """\s-1RC5\-CBC""\s0 or ""\s-1RC5""\s0" 4 -.el .IP "``\s-1RC5\-CBC''\s0 or ``\s-1RC5''\s0" 4 -.IX Item "RC5-CBC or RC5" +.IP """RC5\-CBC"" or ""RC5""" 4 +.IX Item """RC5-CBC"" or ""RC5""" .PD 0 -.ie n .IP """\s-1RC5\-ECB""\s0" 4 -.el .IP "``\s-1RC5\-ECB''\s0" 4 -.IX Item "RC5-ECB" -.ie n .IP """\s-1RC5\-OFB""\s0" 4 -.el .IP "``\s-1RC5\-OFB''\s0" 4 -.IX Item "RC5-OFB" -.ie n .IP """\s-1RC5\-CFB""\s0" 4 -.el .IP "``\s-1RC5\-CFB''\s0" 4 -.IX Item "RC5-CFB" +.IP """RC5\-ECB""" 4 +.IX Item """RC5-ECB""" +.IP """RC5\-OFB""" 4 +.IX Item """RC5-OFB""" +.IP """RC5\-CFB""" 4 +.IX Item """RC5-CFB""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-SEED.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-SEED.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,109 +53,46 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-SEED 7ossl" -.TH EVP_CIPHER-SEED 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-SEED 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-SEED \- The SEED EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1SEED\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for SEED symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the legacy provider: -.ie n .IP """SEED-CBC"" or ""\s-1SEED""\s0" 4 -.el .IP "``SEED-CBC'' or ``\s-1SEED''\s0" 4 -.IX Item "SEED-CBC or SEED" +.IP """SEED\-CBC"" or ""SEED""" 4 +.IX Item """SEED-CBC"" or ""SEED""" .PD 0 -.ie n .IP """SEED-ECB""" 4 -.el .IP "``SEED-ECB''" 4 -.IX Item "SEED-ECB" -.ie n .IP """SEED-OFB"" or ""\s-1SEED\-OFB128""\s0" 4 -.el .IP "``SEED-OFB'' or ``\s-1SEED\-OFB128''\s0" 4 -.IX Item "SEED-OFB or SEED-OFB128" -.ie n .IP """SEED-CFB"" or ""\s-1SEED\-CFB128""\s0" 4 -.el .IP "``SEED-CFB'' or ``\s-1SEED\-CFB128''\s0" 4 -.IX Item "SEED-CFB or SEED-CFB128" +.IP """SEED\-ECB""" 4 +.IX Item """SEED-ECB""" +.IP """SEED\-OFB"" or ""SEED\-OFB128""" 4 +.IX Item """SEED-OFB"" or ""SEED-OFB128""" +.IP """SEED\-CFB"" or ""SEED\-CFB128""" 4 +.IX Item """SEED-CFB"" or ""SEED-CFB128""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_CIPHER-SM4.7.orig +++ secure/lib/libcrypto/man/man7/EVP_CIPHER-SM4.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,112 +53,48 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_CIPHER-SM4 7ossl" -.TH EVP_CIPHER-SM4 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_CIPHER-SM4 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_CIPHER\-SM4 \- The SM4 EVP_CIPHER implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for \s-1SM4\s0 symmetric encryption using the \fB\s-1EVP_CIPHER\s0\fR \s-1API.\s0 +Support for SM4 symmetric encryption using the \fBEVP_CIPHER\fR API. .SS "Algorithm Names" .IX Subsection "Algorithm Names" The following algorithms are available in the default provider: -.ie n .IP """\s-1SM4\-CBC:SM4""\s0" 4 -.el .IP "``\s-1SM4\-CBC:SM4''\s0" 4 -.IX Item "SM4-CBC:SM4" +.IP """SM4\-CBC:SM4""" 4 +.IX Item """SM4-CBC:SM4""" .PD 0 -.ie n .IP """\s-1SM4\-ECB""\s0" 4 -.el .IP "``\s-1SM4\-ECB''\s0" 4 -.IX Item "SM4-ECB" -.ie n .IP """\s-1SM4\-CTR""\s0" 4 -.el .IP "``\s-1SM4\-CTR''\s0" 4 -.IX Item "SM4-CTR" -.ie n .IP """\s-1SM4\-OFB""\s0 or ""\s-1SM4\-OFB128""\s0" 4 -.el .IP "``\s-1SM4\-OFB''\s0 or ``\s-1SM4\-OFB128''\s0" 4 -.IX Item "SM4-OFB or SM4-OFB128" -.ie n .IP """\s-1SM4\-CFB""\s0 or ""\s-1SM4\-CFB128""\s0" 4 -.el .IP "``\s-1SM4\-CFB''\s0 or ``\s-1SM4\-CFB128''\s0" 4 -.IX Item "SM4-CFB or SM4-CFB128" +.IP """SM4\-ECB""" 4 +.IX Item """SM4-ECB""" +.IP """SM4\-CTR""" 4 +.IX Item """SM4-CTR""" +.IP """SM4\-OFB"" or ""SM4\-OFB128""" 4 +.IX Item """SM4-OFB"" or ""SM4-OFB128""" +.IP """SM4\-CFB"" or ""SM4\-CFB128""" 4 +.IX Item """SM4-CFB"" or ""SM4-CFB128""" .PD -.SS "Parameters" +.SS Parameters .IX Subsection "Parameters" This implementation supports the parameters described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-HKDF.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-HKDF.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,146 +53,80 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-HKDF 7ossl" -.TH EVP_KDF-HKDF 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-HKDF 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-HKDF \- The HKDF EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \fB\s-1HKDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0 +Support for computing the \fBHKDF\fR KDF through the \fBEVP_KDF\fR API. .PP -The \s-1EVP_KDF\-HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. -\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +The EVP_KDF\-HKDF algorithm implements the HKDF key derivation function. +HKDF follows the "extract\-then\-expand" paradigm, where the KDF logically consists of two modules. The first stage takes the input keying material -and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage -\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output -of the \s-1KDF\s0). -.SS "Identity" +and "extracts" from it a fixed\-length pseudorandom key K. The second stage +"expands" the key K into several additional pseudorandom keys (the output +of the KDF). +.PP +The output is considered to be keying material. +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1HKDF\*(R"\s0 is the name for this implementation; it +"HKDF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " -.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_KDF_PARAM_KEY) " -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " +.IP """key"" (\fBOSSL_KDF_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_KEY) " +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.IX Item "info (OSSL_KDF_PARAM_INFO) " +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """info"" (\fBOSSL_KDF_PARAM_INFO\fR) " 4 +.IX Item """info"" (OSSL_KDF_PARAM_INFO) " This parameter sets the info value. The length of the context info buffer cannot exceed 1024 bytes; -this should be more than enough for any normal use of \s-1HKDF.\s0 -.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or " 4 -.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or " 4 -.IX Item "mode (OSSL_KDF_PARAM_MODE) or " -This parameter sets the mode for the \s-1HKDF\s0 operation. +this should be more than enough for any normal use of HKDF. +.IP """mode"" (\fBOSSL_KDF_PARAM_MODE\fR) or " 4 +.IX Item """mode"" (OSSL_KDF_PARAM_MODE) or " +This parameter sets the mode for the HKDF operation. There are three modes that are currently defined: .RS 4 -.ie n .IP """\s-1EXTRACT_AND_EXPAND""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\s0\fR" 4 -.el .IP "``\s-1EXTRACT_AND_EXPAND''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\s0\fR" 4 -.IX Item "EXTRACT_AND_EXPAND or EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND" -This is the default mode. Calling \fBEVP_KDF_derive\fR\|(3) on an \s-1EVP_KDF_CTX\s0 set -up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +.IP """EXTRACT_AND_EXPAND"" or \fBEVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\fR" 4 +.IX Item """EXTRACT_AND_EXPAND"" or EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND" +This is the default mode. Calling \fBEVP_KDF_derive\fR\|(3) on an EVP_KDF_CTX set +up for HKDF will perform an extract followed by an expand operation in one go. The derived key returned will be the result after the expand operation. The -intermediate fixed-length pseudorandom key K is not returned. +intermediate fixed\-length pseudorandom key K is not returned. .Sp In this mode the digest, key, salt and info values must be set before a key is derived otherwise an error will occur. -.ie n .IP """\s-1EXTRACT_ONLY""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR" 4 -.el .IP "``\s-1EXTRACT_ONLY''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR" 4 -.IX Item "EXTRACT_ONLY or EVP_KDF_HKDF_MODE_EXTRACT_ONLY" +.IP """EXTRACT_ONLY"" or \fBEVP_KDF_HKDF_MODE_EXTRACT_ONLY\fR" 4 +.IX Item """EXTRACT_ONLY"" or EVP_KDF_HKDF_MODE_EXTRACT_ONLY" In this mode calling \fBEVP_KDF_derive\fR\|(3) will just perform the extract -operation. The value returned will be the intermediate fixed-length pseudorandom +operation. The value returned will be the intermediate fixed\-length pseudorandom key K. The \fIkeylen\fR parameter must match the size of K, which can be looked up by calling \fBEVP_KDF_CTX_get_kdf_size()\fR after setting the mode and digest. .Sp The digest, key and salt values must be set before a key is derived otherwise an error will occur. -.ie n .IP """\s-1EXPAND_ONLY""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR" 4 -.el .IP "``\s-1EXPAND_ONLY''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR" 4 -.IX Item "EXPAND_ONLY or EVP_KDF_HKDF_MODE_EXPAND_ONLY" +.IP """EXPAND_ONLY"" or \fBEVP_KDF_HKDF_MODE_EXPAND_ONLY\fR" 4 +.IX Item """EXPAND_ONLY"" or EVP_KDF_HKDF_MODE_EXPAND_ONLY" In this mode calling \fBEVP_KDF_derive\fR\|(3) will just perform the expand -operation. The input key should be set to the intermediate fixed-length +operation. The input key should be set to the intermediate fixed\-length pseudorandom key K returned from a previous extract operation. .Sp The digest, key and info values must be set before a key is derived otherwise @@ -216,25 +134,25 @@ .RE .RS 4 .RE -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A context for \s-1HKDF\s0 can be obtained by calling: +A context for HKDF can be obtained by calling: .PP .Vb 2 \& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); \& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); .Ve .PP -The output length of an \s-1HKDF\s0 expand operation is specified via the \fIkeylen\fR +The output length of an HKDF expand operation is specified via the \fIkeylen\fR parameter to the \fBEVP_KDF_derive\fR\|(3) function. When using -\&\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0 the \fIkeylen\fR parameter must equal the size of -the intermediate fixed-length pseudorandom key otherwise an error will occur. +EVP_KDF_HKDF_MODE_EXTRACT_ONLY the \fIkeylen\fR parameter must equal the size of +the intermediate fixed\-length pseudorandom key otherwise an error will occur. For that mode, the fixed output size can be looked up by calling \fBEVP_KDF_CTX_get_kdf_size()\fR -after setting the mode and digest on the \fB\s-1EVP_KDF_CTX\s0\fR. -.SH "EXAMPLES" +after setting the mode and digest on the \fBEVP_KDF_CTX\fR. +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", -salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +This example derives 10 bytes using SHA\-256 with the secret key "secret", +salt value "salt" and info value "label": .PP .Vb 4 \& EVP_KDF *kdf; @@ -263,25 +181,25 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 5869\s0 +RFC 5869 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3), -\&\s-1\fBEVP_KDF\-TLS13_KDF\s0\fR\|(7) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3), +\&\fBEVP_KDF\-TLS13_KDF\fR\|(7) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-KB.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-KB.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,161 +53,94 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-KB 7ossl" -.TH EVP_KDF-KB 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-KB 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-KB \- The Key\-Based EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP_KDF\-KB\s0 algorithm implements the Key-Based key derivation function -(\s-1KBKDF\s0). \s-1KBKDF\s0 derives a key from repeated application of a keyed \s-1MAC\s0 to an +The EVP_KDF\-KB algorithm implements the Key\-Based key derivation function +(KBKDF). KBKDF derives a key from repeated application of a keyed MAC to an input secret (and other optional values). -.SS "Identity" +.PP +The output is considered to be keying material. +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1KBKDF\*(R"\s0 is the name for this implementation; it can be used with the +"KBKDF" is the name for this implementation; it can be used with the \&\fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mode (OSSL_KDF_PARAM_MODE) " -The mode parameter determines which flavor of \s-1KBKDF\s0 to use \- currently the -choices are \*(L"counter\*(R" and \*(L"feedback\*(R". \*(L"counter\*(R" is the default, and will be +.IP """mode"" (\fBOSSL_KDF_PARAM_MODE\fR) " 4 +.IX Item """mode"" (OSSL_KDF_PARAM_MODE) " +The mode parameter determines which flavor of KBKDF to use \- currently the +choices are "counter" and "feedback". "counter" is the default, and will be used if unspecified. -.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mac (OSSL_KDF_PARAM_MAC) " -The value is either \s-1CMAC\s0 or \s-1HMAC.\s0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.IP """mac"" (\fBOSSL_KDF_PARAM_MAC\fR) " 4 +.IX Item """mac"" (OSSL_KDF_PARAM_MAC) " +The value is either CMAC or HMAC. +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " .PD 0 -.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) " -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " -.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_KDF_PARAM_KEY) " -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " -.IP """info (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IP """cipher"" (\fBOSSL_KDF_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_KDF_PARAM_CIPHER) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " +.IP """key"" (\fBOSSL_KDF_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_KEY) " +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " +.IP """info (\fBOSSL_KDF_PARAM_INFO\fR) " 4 .IX Item """info (OSSL_KDF_PARAM_INFO) " -.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 -.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 -.IX Item "seed (OSSL_KDF_PARAM_SEED) " +.IP """seed"" (\fBOSSL_KDF_PARAM_SEED\fR) " 4 +.IX Item """seed"" (OSSL_KDF_PARAM_SEED) " .PD The seed parameter is unused in counter mode. -.ie n .IP """use-l"" (\fB\s-1OSSL_KDF_PARAM_KBKDF_USE_L\s0\fR) " 4 -.el .IP "``use-l'' (\fB\s-1OSSL_KDF_PARAM_KBKDF_USE_L\s0\fR) " 4 -.IX Item "use-l (OSSL_KDF_PARAM_KBKDF_USE_L) " -Set to \fB0\fR to disable use of the optional Fixed Input data 'L' (see \s-1SP800\-108\s0). +.IP """use\-l"" (\fBOSSL_KDF_PARAM_KBKDF_USE_L\fR) " 4 +.IX Item """use-l"" (OSSL_KDF_PARAM_KBKDF_USE_L) " +Set to \fB0\fR to disable use of the optional Fixed Input data \*(AqL\*(Aq (see SP800\-108). The default value of \fB1\fR will be used if unspecified. -.ie n .IP """use-separator"" (\fB\s-1OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR\s0\fR) " 4 -.el .IP "``use-separator'' (\fB\s-1OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR\s0\fR) " 4 -.IX Item "use-separator (OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR) " -Set to \fB0\fR to disable use of the optional Fixed Input data 'zero separator' -(see \s-1SP800\-108\s0) that is placed between the Label and Context. +.IP """use\-separator"" (\fBOSSL_KDF_PARAM_KBKDF_USE_SEPARATOR\fR) " 4 +.IX Item """use-separator"" (OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR) " +Set to \fB0\fR to disable use of the optional Fixed Input data \*(Aqzero separator\*(Aq +(see SP800\-108) that is placed between the Label and Context. The default value of \fB1\fR will be used if unspecified. .PP -Depending on whether mac is \s-1CMAC\s0 or \s-1HMAC,\s0 either digest or cipher is required +Depending on whether mac is CMAC or HMAC, either digest or cipher is required (respectively) and the other is unused. .PP -The parameters key, salt, info, and seed correspond to \s-1KI,\s0 Label, Context, and -\&\s-1IV\s0 (respectively) in \s-1SP800\-108.\s0 As in that document, salt, info, and seed are +The parameters key, salt, info, and seed correspond to KI, Label, Context, and +IV (respectively) in SP800\-108. As in that document, salt, info, and seed are optional and may be omitted. .PP -\&\*(L"mac\*(R", \*(L"digest\*(R", cipher\*(L" and \*(R"properties" are described in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.SH "NOTES" +"mac", "digest", cipher" and "properties" are described in +"PARAMETERS" in \fBEVP_KDF\fR\|(3). +.SH NOTES .IX Header "NOTES" -A context for \s-1KBKDF\s0 can be obtained by calling: +A context for KBKDF can be obtained by calling: .PP .Vb 2 \& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); \& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); .Ve .PP -The output length of an \s-1KBKDF\s0 is specified via the \f(CW\*(C`keylen\*(C'\fR +The output length of an KBKDF is specified via the \f(CW\*(C`keylen\*(C'\fR parameter to the \fBEVP_KDF_derive\fR\|(3) function. .PP Note that currently OpenSSL only implements counter and feedback modes. Other variants may be supported in the future. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives 10 bytes using \s-1COUNTER\-HMAC\-SHA256,\s0 with \s-1KI\s0 \*(L"secret\*(R", -Label \*(L"label\*(R", and Context \*(L"context\*(R". +This example derives 10 bytes using COUNTER\-HMAC\-SHA256, with KI "secret", +Label "label", and Context "context". .PP .Vb 4 \& EVP_KDF *kdf; @@ -252,8 +169,8 @@ \& EVP_KDF_CTX_free(kctx); .Ve .PP -This example derives 10 bytes using \s-1FEEDBACK\-CMAC\-AES256,\s0 with \s-1KI\s0 \*(L"secret\*(R", -Label \*(L"label\*(R", and \s-1IV\s0 \*(L"sixteen bytes iv\*(R". +This example derives 10 bytes using FEEDBACK\-CMAC\-AES256, with KI "secret", +Label "label", and IV "sixteen bytes iv". .PP .Vb 5 \& EVP_KDF *kdf; @@ -285,23 +202,23 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1NIST SP800\-108, IETF RFC 6803, IETF RFC 8009.\s0 +NIST SP800\-108, IETF RFC 6803, IETF RFC 8009. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. Copyright 2019 Red Hat, Inc. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-KRB5KDF.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-KRB5KDF.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,131 +53,68 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-KRB5KDF 7ossl" -.TH EVP_KDF-KRB5KDF 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-KRB5KDF 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-KRB5KDF \- The RFC3961 Krb5 KDF EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \fB\s-1KRB5KDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0 +Support for computing the \fBKRB5KDF\fR KDF through the \fBEVP_KDF\fR API. .PP -The \s-1EVP_KDF\-KRB5KDF\s0 algorithm implements the key derivation function defined -in \s-1RFC 3961,\s0 section 5.1 and is used by Krb5 to derive session keys. +The EVP_KDF\-KRB5KDF algorithm implements the key derivation function defined +in RFC 3961, section 5.1 and is used by Krb5 to derive session keys. Three inputs are required to perform key derivation: a cipher, (for example -\&\s-1AES\-128\-CBC\s0), the initial key, and a constant. -.SS "Identity" +AES\-128\-CBC), the initial key, and a constant. +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1KRB5KDF\*(R"\s0 is the name for this implementation; +"KRB5KDF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) " -.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_KDF_PARAM_KEY) " +.IP """cipher"" (\fBOSSL_KDF_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_KDF_PARAM_CIPHER) " +.IP """key"" (\fBOSSL_KDF_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_KEY) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """constant"" (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) " 4 -.el .IP "``constant'' (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) " 4 -.IX Item "constant (OSSL_KDF_PARAM_CONSTANT) " -This parameter sets the constant value for the \s-1KDF.\s0 +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """constant"" (\fBOSSL_KDF_PARAM_CONSTANT\fR) " 4 +.IX Item """constant"" (OSSL_KDF_PARAM_CONSTANT) " +This parameter sets the constant value for the KDF. If a value is already set, the contents are replaced. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A context for \s-1KRB5KDF\s0 can be obtained by calling: +A context for KRB5KDF can be obtained by calling: .PP .Vb 2 \& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); \& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); .Ve .PP -The output length of the \s-1KRB5KDF\s0 derivation is specified via the \fIkeylen\fR -parameter to the \fBEVP_KDF_derive\fR\|(3) function, and \s-1MUST\s0 match the key +The output length of the KRB5KDF derivation is specified via the \fIkeylen\fR +parameter to the \fBEVP_KDF_derive\fR\|(3) function, and MUST match the key length for the chosen cipher or an error is returned. Moreover, the -constant's length must not exceed the block size of the cipher. -Since the \s-1KRB5KDF\s0 output length depends on the chosen cipher, calling +constant\*(Aqs length must not exceed the block size of the cipher. +Since the KRB5KDF output length depends on the chosen cipher, calling \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3) to obtain the requisite length returns the correct length -only after the cipher is set. Prior to that \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is returned. +only after the cipher is set. Prior to that \fBEVP_MAX_KEY_LENGTH\fR is returned. The caller must allocate a buffer of the correct length for the chosen cipher, and pass that buffer to the \fBEVP_KDF_derive\fR\|(3) function along with that length. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives a key using the \s-1AES\-128\-CBC\s0 cipher: +This example derives a key using the AES\-128\-CBC cipher: .PP .Vb 7 \& EVP_KDF *kdf; @@ -223,22 +144,22 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 3961\s0 +RFC 3961 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-PBKDF1.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-PBKDF1.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,120 +53,56 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-PBKDF1 7ossl" -.TH EVP_KDF-PBKDF1 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-PBKDF1 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-PBKDF1 \- The PBKDF1 EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \fB\s-1PBKDF1\s0\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR -\&\s-1API.\s0 +Support for computing the \fBPBKDF1\fR password\-based KDF through the \fBEVP_KDF\fR +API. .PP -The \s-1EVP_KDF\-PBKDF1\s0 algorithm implements the \s-1PBKDF1\s0 password-based key -derivation function, as described in \s-1RFC 8018\s0; it derives a key from a password +The EVP_KDF\-PBKDF1 algorithm implements the PBKDF1 password\-based key +derivation function, as described in RFC 8018; it derives a key from a password using a salt and iteration count. -.SS "Identity" +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1PBKDF1\*(R"\s0 is the name for this implementation; it +"PBKDF1" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +.IP """pass"" (\fBOSSL_KDF_PARAM_PASSWORD\fR) " 4 +.IX Item """pass"" (OSSL_KDF_PARAM_PASSWORD) " .PD 0 -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " -.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.IX Item "iter (OSSL_KDF_PARAM_ITER) " +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " +.IP """iter"" (\fBOSSL_KDF_PARAM_ITER\fR) " 4 +.IX Item """iter"" (OSSL_KDF_PARAM_ITER) " .PD This parameter has a default value of 0 and should be set. -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.SH "NOTES" +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.SH NOTES .IX Header "NOTES" A typical application of this algorithm is to derive keying material for an -encryption algorithm from a password in the \*(L"pass\*(R", a salt in \*(L"salt\*(R", +encryption algorithm from a password in the "pass", a salt in "salt", and an iteration count. .PP -Increasing the \*(L"iter\*(R" parameter slows down the algorithm which makes it +Increasing the "iter" parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords. .PP @@ -190,23 +110,23 @@ byte sequence. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 8018\s0 +RFC 8018 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-PBKDF2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-PBKDF2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,117 +53,54 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-PBKDF2 7ossl" -.TH EVP_KDF-PBKDF2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-PBKDF2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-PBKDF2 \- The PBKDF2 EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \fB\s-1PBKDF2\s0\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR -\&\s-1API.\s0 +Support for computing the \fBPBKDF2\fR password\-based KDF through the \fBEVP_KDF\fR +API. .PP -The \s-1EVP_KDF\-PBKDF2\s0 algorithm implements the \s-1PBKDF2\s0 password-based key -derivation function, as described in \s-1SP800\-132\s0; it derives a key from a password +The EVP_KDF\-PBKDF2 algorithm implements the PBKDF2 password\-based key +derivation function, as described in SP800\-132; it derives a key from a password using a salt and iteration count. -.SS "Identity" +.PP +The output is considered to be a cryptographic key. +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1PBKDF2\*(R"\s0 is the name for this implementation; it +"PBKDF2" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +.IP """pass"" (\fBOSSL_KDF_PARAM_PASSWORD\fR) " 4 +.IX Item """pass"" (OSSL_KDF_PARAM_PASSWORD) " .PD 0 -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " -.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.IX Item "iter (OSSL_KDF_PARAM_ITER) " +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " +.IP """iter"" (\fBOSSL_KDF_PARAM_ITER\fR) " 4 +.IX Item """iter"" (OSSL_KDF_PARAM_ITER) " .PD This parameter has a default value of 2048. -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """pkcs5"" (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) " 4 -.el .IP "``pkcs5'' (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) " 4 -.IX Item "pkcs5 (OSSL_KDF_PARAM_PKCS5) " -This parameter can be used to enable or disable \s-1SP800\-132\s0 compliance checks. +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """pkcs5"" (\fBOSSL_KDF_PARAM_PKCS5\fR) " 4 +.IX Item """pkcs5"" (OSSL_KDF_PARAM_PKCS5) " +This parameter can be used to enable or disable SP800\-132 compliance checks. Setting the mode to 0 enables the compliance checks. .Sp The checks performed are: @@ -191,22 +112,22 @@ .IX Item "- the salt length is at least 128 bits." .IP "\- the derived key length is at least 112 bits." 4 .IX Item "- the derived key length is at least 112 bits." +.PD .RE .RS 4 -.PD .Sp The default provider uses a default mode of 1 for backwards compatibility, -and the \s-1FIPS\s0 provider uses a default mode of 0. +and the FIPS provider uses a default mode of 0. .Sp The value string is expected to be a decimal number 0 or 1. .RE -.SH "NOTES" +.SH NOTES .IX Header "NOTES" A typical application of this algorithm is to derive keying material for an -encryption algorithm from a password in the \*(L"pass\*(R", a salt in \*(L"salt\*(R", +encryption algorithm from a password in the "pass", a salt in "salt", and an iteration count. .PP -Increasing the \*(L"iter\*(R" parameter slows down the algorithm which makes it +Increasing the "iter" parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords. .PP @@ -214,23 +135,23 @@ byte sequence. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1SP800\-132\s0 +SP800\-132 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-PKCS12KDF.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-PKCS12KDF.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,126 +53,61 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-PKCS12KDF 7ossl" -.TH EVP_KDF-PKCS12KDF 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-PKCS12KDF 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-PKCS12KDF \- The PKCS#12 EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \fBPKCS#12\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR -\&\s-1API.\s0 +Support for computing the \fBPKCS#12\fR password\-based KDF through the \fBEVP_KDF\fR +API. .PP -The \s-1EVP_KDF\-PKCS12KDF\s0 algorithm implements the PKCS#12 password-based key -derivation function, as described in appendix B of \s-1RFC 7292\s0 (\s-1PKCS\s0 #12: +The EVP_KDF\-PKCS12KDF algorithm implements the PKCS#12 password\-based key +derivation function, as described in appendix B of RFC 7292 (PKCS #12: Personal Information Exchange Syntax); it derives a key from a password using a salt, iteration count and the intended usage. -.SS "Identity" +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1PKCS12KDF\*(R"\s0 is the name for this implementation; it +"PKCS12KDF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +.IP """pass"" (\fBOSSL_KDF_PARAM_PASSWORD\fR) " 4 +.IX Item """pass"" (OSSL_KDF_PARAM_PASSWORD) " .PD 0 -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " -.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.IX Item "iter (OSSL_KDF_PARAM_ITER) " -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " +.IP """iter"" (\fBOSSL_KDF_PARAM_ITER\fR) " 4 +.IX Item """iter"" (OSSL_KDF_PARAM_ITER) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """id"" (\fB\s-1OSSL_KDF_PARAM_PKCS12_ID\s0\fR) " 4 -.el .IP "``id'' (\fB\s-1OSSL_KDF_PARAM_PKCS12_ID\s0\fR) " 4 -.IX Item "id (OSSL_KDF_PARAM_PKCS12_ID) " +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """id"" (\fBOSSL_KDF_PARAM_PKCS12_ID\fR) " 4 +.IX Item """id"" (OSSL_KDF_PARAM_PKCS12_ID) " This parameter is used to specify the intended usage of the output bits, as per -\&\s-1RFC 7292\s0 section B.3. -.SH "NOTES" +RFC 7292 section B.3. +.SH NOTES .IX Header "NOTES" -This algorithm is not available in the \s-1FIPS\s0 provider as it is not \s-1FIPS\s0 +This algorithm is not available in the FIPS provider as it is not FIPS approvable. .PP A typical application of this algorithm is to derive keying material for an -encryption algorithm from a password in the \*(L"pass\*(R", a salt in \*(L"salt\*(R", +encryption algorithm from a password in the "pass", a salt in "salt", and an iteration count. .PP -Increasing the \*(L"iter\*(R" parameter slows down the algorithm which makes it +Increasing the "iter" parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords. .PP @@ -196,24 +115,24 @@ byte sequence. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC7292\s0 +RFC7292 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3), +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-SCRYPT.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-SCRYPT.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,143 +53,77 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-SCRYPT 7ossl" -.TH EVP_KDF-SCRYPT 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-SCRYPT 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-SCRYPT \- The scrypt EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \fBscrypt\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR -\&\s-1API.\s0 +Support for computing the \fBscrypt\fR password\-based KDF through the \fBEVP_KDF\fR +API. .PP -The \s-1EVP_KDF\-SCRYPT\s0 algorithm implements the scrypt password-based key -derivation function, as described in \s-1RFC 7914.\s0 It is memory-hard in the sense -that it deliberately requires a significant amount of \s-1RAM\s0 for efficient +The EVP_KDF\-SCRYPT algorithm implements the scrypt password\-based key +derivation function, as described in RFC 7914. It is memory\-hard in the sense +that it deliberately requires a significant amount of RAM for efficient computation. The intention of this is to render brute forcing of passwords on systems that lack large amounts of main memory (such as GPUs or ASICs) computationally infeasible. .PP scrypt provides three work factors that can be customized: N, r and p. N, which -has to be a positive power of two, is the general work factor and scales \s-1CPU\s0 +has to be a positive power of two, is the general work factor and scales CPU time in an approximately linear fashion. r is the block size of the internally used hash function and p is the parallelization factor. Both r and p need to be -greater than zero. The amount of \s-1RAM\s0 that scrypt requires for its computation +greater than zero. The amount of RAM that scrypt requires for its computation is roughly (128 * N * r * p) bytes. .PP -In the original paper of Colin Percival (\*(L"Stronger Key Derivation via -Sequential Memory-Hard Functions\*(R", 2009), the suggested values that give a +In the original paper of Colin Percival ("Stronger Key Derivation via +Sequential Memory\-Hard Functions", 2009), the suggested values that give a computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = 2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for -this computation is roughly 1 GiB. On a more recent \s-1CPU\s0 (Intel i7\-5930K at 3.5 +this computation is roughly 1 GiB. On a more recent CPU (Intel i7\-5930K at 3.5 GHz), this computation takes about 3 seconds. When N, r or p are not specified, -they default to 1048576, 8, and 1, respectively. The maximum amount of \s-1RAM\s0 that +they default to 1048576, 8, and 1, respectively. The maximum amount of RAM that may be used by scrypt defaults to 1025 MiB. -.SS "Identity" +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1SCRYPT\*(R"\s0 is the name for this implementation; it +"SCRYPT" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +.IP """pass"" (\fBOSSL_KDF_PARAM_PASSWORD\fR) " 4 +.IX Item """pass"" (OSSL_KDF_PARAM_PASSWORD) " .PD 0 -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """n"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) " 4 -.el .IP "``n'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) " 4 -.IX Item "n (OSSL_KDF_PARAM_SCRYPT_N) " +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """n"" (\fBOSSL_KDF_PARAM_SCRYPT_N\fR) " 4 +.IX Item """n"" (OSSL_KDF_PARAM_SCRYPT_N) " .PD 0 -.ie n .IP """r"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) " 4 -.el .IP "``r'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) " 4 -.IX Item "r (OSSL_KDF_PARAM_SCRYPT_R) " -.ie n .IP """p"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) " 4 -.el .IP "``p'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) " 4 -.IX Item "p (OSSL_KDF_PARAM_SCRYPT_P) " -.ie n .IP """maxmem_bytes"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 -.el .IP "``maxmem_bytes'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 -.IX Item "maxmem_bytes (OSSL_KDF_PARAM_SCRYPT_MAXMEM) " +.IP """r"" (\fBOSSL_KDF_PARAM_SCRYPT_R\fR) " 4 +.IX Item """r"" (OSSL_KDF_PARAM_SCRYPT_R) " +.IP """p"" (\fBOSSL_KDF_PARAM_SCRYPT_P\fR) " 4 +.IX Item """p"" (OSSL_KDF_PARAM_SCRYPT_P) " +.IP """maxmem_bytes"" (\fBOSSL_KDF_PARAM_SCRYPT_MAXMEM\fR) " 4 +.IX Item """maxmem_bytes"" (OSSL_KDF_PARAM_SCRYPT_MAXMEM) " .PD These parameters configure the scrypt work factors N, r, maxmem and p. Both N and maxmem_bytes are parameters of type \fBuint64_t\fR. Both r and p are parameters of type \fBuint32_t\fR. -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " This can be used to set the property query string when fetching the -fixed digest internally. \s-1NULL\s0 is used if this value is not set. -.SH "NOTES" +fixed digest internally. NULL is used if this value is not set. +.SH NOTES .IX Header "NOTES" A context for scrypt can be obtained by calling: .PP @@ -215,11 +133,11 @@ .Ve .PP The output length of an scrypt key derivation is specified via the -\&\*(L"keylen\*(R" parameter to the \fBEVP_KDF_derive\fR\|(3) function. -.SH "EXAMPLES" +"keylen" parameter to the \fBEVP_KDF_derive\fR\|(3) function. +.SH EXAMPLES .IX Header "EXAMPLES" This example derives a 64\-byte long test vector using scrypt with the password -\&\*(L"password\*(R", salt \*(L"NaCl\*(R" and N = 1024, r = 8, p = 16. +"password", salt "NaCl" and N = 1024, r = 8, p = 16. .PP .Vb 4 \& EVP_KDF *kdf; @@ -262,23 +180,23 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 7914\s0 +RFC 7914 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-SS.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-SS.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-SS 7ossl" -.TH EVP_KDF-SS 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-SS 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-SS \- The Single Step / One Step EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP_KDF\-SS\s0 algorithm implements the Single Step key derivation function (\s-1SSKDF\s0). -\&\s-1SSKDF\s0 derives a key using input such as a shared secret key (that was generated +The EVP_KDF\-SS algorithm implements the Single Step key derivation function (SSKDF). +SSKDF derives a key using input such as a shared secret key (that was generated during the execution of a key establishment scheme) and fixedinfo. -\&\s-1SSKDF\s0 is also informally referred to as 'Concat \s-1KDF\s0'. +SSKDF is also informally referred to as \*(AqConcat KDF\*(Aq. +.PP +The output is considered to be keying material. .SS "Auxiliary function" .IX Subsection "Auxiliary function" The implementation uses a selectable auxiliary function H, which can be one of: @@ -154,64 +81,56 @@ .PD 0 .IP "\fBH(x) = HMAC_hash(x, key=salt, digest=md)\fR" 4 .IX Item "H(x) = HMAC_hash(x, key=salt, digest=md)" -.ie n .IP "\fBH(x) = KMACxxx(x, key=salt, custom=""\s-1KDF"",\s0 outlen=mac_size)\fR" 4 -.el .IP "\fBH(x) = KMACxxx(x, key=salt, custom=``\s-1KDF'',\s0 outlen=mac_size)\fR" 4 -.IX Item "H(x) = KMACxxx(x, key=salt, custom=KDF, outlen=mac_size)" +.IP "\fBH(x) = KMACxxx(x, key=salt, custom=""KDF"", outlen=mac_size)\fR" 4 +.IX Item "H(x) = KMACxxx(x, key=salt, custom=""KDF"", outlen=mac_size)" .PD .PP -Both the \s-1HMAC\s0 and \s-1KMAC\s0 implementations set the key using the 'salt' value. -The hash and \s-1HMAC\s0 also require the digest to be set. -.SS "Identity" +Both the HMAC and KMAC implementations set the key using the \*(Aqsalt\*(Aq value. +The hash and HMAC also require the digest to be set. +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1SSKDF\*(R"\s0 is the name for this implementation; it +"SSKDF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " .PD -This parameter is ignored for \s-1KMAC.\s0 -.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mac (OSSL_KDF_PARAM_MAC) " +This parameter is ignored for KMAC. +.IP """mac"" (\fBOSSL_KDF_PARAM_MAC\fR) " 4 +.IX Item """mac"" (OSSL_KDF_PARAM_MAC) " .PD 0 -.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 -.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 -.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) " -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.IP """maclen"" (\fBOSSL_KDF_PARAM_MAC_SIZE\fR) " 4 +.IX Item """maclen"" (OSSL_KDF_PARAM_MAC_SIZE) " +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """key"" (\fB\s-1EVP_KDF_CTRL_SET_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1EVP_KDF_CTRL_SET_KEY\s0\fR) " 4 -.IX Item "key (EVP_KDF_CTRL_SET_KEY) " +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """key"" (\fBOSSL_KDF_PARAM_SECRET\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_SECRET) " This parameter set the shared secret that is used for key derivation. -.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.IX Item "info (OSSL_KDF_PARAM_INFO) " +.IP """info"" (\fBOSSL_KDF_PARAM_INFO\fR) " 4 +.IX Item """info"" (OSSL_KDF_PARAM_INFO) " This parameter sets an optional value for fixedinfo, also known as otherinfo. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A context for \s-1SSKDF\s0 can be obtained by calling: +A context for SSKDF can be obtained by calling: .PP .Vb 2 \& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); \& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); .Ve .PP -The output length of an \s-1SSKDF\s0 is specified via the \fIkeylen\fR +The output length of an SSKDF is specified via the \fIkeylen\fR parameter to the \fBEVP_KDF_derive\fR\|(3) function. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives 10 bytes using H(x) = \s-1SHA\-256,\s0 with the secret key \*(L"secret\*(R" -and fixedinfo value \*(L"label\*(R": +This example derives 10 bytes using H(x) = SHA\-256, with the secret key "secret" +and fixedinfo value "label": .PP .Vb 4 \& EVP_KDF *kdf; @@ -237,8 +156,8 @@ \& EVP_KDF_CTX_free(kctx); .Ve .PP -This example derives 10 bytes using H(x) = \s-1HMAC\s0(\s-1SHA\-256\s0), with the secret key \*(L"secret\*(R", -fixedinfo value \*(L"label\*(R" and salt \*(L"salt\*(R": +This example derives 10 bytes using H(x) = HMAC(SHA\-256), with the secret key "secret", +fixedinfo value "label" and salt "salt": .PP .Vb 4 \& EVP_KDF *kdf; @@ -254,7 +173,7 @@ \& SN_hmac, strlen(SN_hmac)); \& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, \& SN_sha256, strlen(SN_sha256)); -\& *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, \& "secret", (size_t)6); \& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, \& "label", (size_t)5); @@ -268,8 +187,8 @@ \& EVP_KDF_CTX_free(kctx); .Ve .PP -This example derives 10 bytes using H(x) = \s-1KMAC128\s0(x,salt,outlen), with the secret key \*(L"secret\*(R" -fixedinfo value \*(L"label\*(R", salt of \*(L"salt\*(R" and \s-1KMAC\s0 outlen of 20: +This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" +fixedinfo value "label", salt of "salt" and KMAC outlen of 20: .PP .Vb 4 \& EVP_KDF *kdf; @@ -283,7 +202,7 @@ \& \& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, \& SN_kmac128, strlen(SN_kmac128)); -\& *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, \& "secret", (size_t)6); \& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, \& "label", (size_t)5); @@ -299,25 +218,25 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1NIST\s0 SP800\-56Cr1. +NIST SP800\-56Cr1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-SSHKDF.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-SSHKDF.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,168 +53,105 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-SSHKDF 7ossl" -.TH EVP_KDF-SSHKDF 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-SSHKDF 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-SSHKDF \- The SSHKDF EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \fB\s-1SSHKDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0 +Support for computing the \fBSSHKDF\fR KDF through the \fBEVP_KDF\fR API. .PP -The \s-1EVP_KDF\-SSHKDF\s0 algorithm implements the \s-1SSHKDF\s0 key derivation function. -It is defined in \s-1RFC 4253,\s0 section 7.2 and is used by \s-1SSH\s0 to derive IVs, +The EVP_KDF\-SSHKDF algorithm implements the SSHKDF key derivation function. +It is defined in RFC 4253, section 7.2 and is used by SSH to derive IVs, encryption keys and integrity keys. Five inputs are required to perform key derivation: The hashing function -(for example \s-1SHA256\s0), the Initial Key, the Exchange Hash, the Session \s-1ID,\s0 +(for example SHA256), the Initial Key, the Exchange Hash, the Session ID, and the derivation key type. -.SS "Identity" +.PP +The output is considered to be keying material. +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1SSHKDF\*(R"\s0 is the name for this implementation; it +"SSHKDF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " -.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_KDF_PARAM_KEY) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " +.IP """key"" (\fBOSSL_KDF_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_KEY) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """xcghash"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) " 4 -.el .IP "``xcghash'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) " 4 -.IX Item "xcghash (OSSL_KDF_PARAM_SSHKDF_XCGHASH) " +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """xcghash"" (\fBOSSL_KDF_PARAM_SSHKDF_XCGHASH\fR) " 4 +.IX Item """xcghash"" (OSSL_KDF_PARAM_SSHKDF_XCGHASH) " .PD 0 -.ie n .IP """session_id"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) " 4 -.el .IP "``session_id'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) " 4 -.IX Item "session_id (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) " +.IP """session_id"" (\fBOSSL_KDF_PARAM_SSHKDF_SESSION_ID\fR) " 4 +.IX Item """session_id"" (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) " .PD -These parameters set the respective values for the \s-1KDF.\s0 +These parameters set the respective values for the KDF. If a value is already set, the contents are replaced. -.ie n .IP """type"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``type'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "type (OSSL_KDF_PARAM_SSHKDF_TYPE) " -This parameter sets the type for the \s-1SSHKDF\s0 operation. +.IP """type"" (\fBOSSL_KDF_PARAM_SSHKDF_TYPE\fR) " 4 +.IX Item """type"" (OSSL_KDF_PARAM_SSHKDF_TYPE) " +This parameter sets the type for the SSHKDF operation. There are six supported types: .RS 4 -.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV\s0" 4 +.IP EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 4 .IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV" -The Initial \s-1IV\s0 from client to server. -A single char of value 65 (\s-1ASCII\s0 char 'A'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI\s0" 4 +The Initial IV from client to server. +A single char of value 65 (ASCII char \*(AqA\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 4 .IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI" -The Initial \s-1IV\s0 from server to client -A single char of value 66 (\s-1ASCII\s0 char 'B'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV\s0" 4 +The Initial IV from server to client +A single char of value 66 (ASCII char \*(AqB\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 4 .IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV" The Encryption Key from client to server -A single char of value 67 (\s-1ASCII\s0 char 'C'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI\s0" 4 +A single char of value 67 (ASCII char \*(AqC\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 4 .IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI" The Encryption Key from server to client -A single char of value 68 (\s-1ASCII\s0 char 'D'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV\s0" 4 +A single char of value 68 (ASCII char \*(AqD\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 4 .IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV" The Integrity Key from client to server -A single char of value 69 (\s-1ASCII\s0 char 'E'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI\s0" 4 +A single char of value 69 (ASCII char \*(AqE\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 4 .IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI" The Integrity Key from client to server -A single char of value 70 (\s-1ASCII\s0 char 'F'). +A single char of value 70 (ASCII char \*(AqF\*(Aq). .RE .RS 4 .RE -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A context for \s-1SSHKDF\s0 can be obtained by calling: +A context for SSHKDF can be obtained by calling: .PP .Vb 2 \& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); \& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); .Ve .PP -The output length of the \s-1SSHKDF\s0 derivation is specified via the \fIkeylen\fR +The output length of the SSHKDF derivation is specified via the \fIkeylen\fR parameter to the \fBEVP_KDF_derive\fR\|(3) function. -Since the \s-1SSHKDF\s0 output length is variable, calling \fBEVP_KDF_CTX_get_kdf_size\fR\|(3) +Since the SSHKDF output length is variable, calling \fBEVP_KDF_CTX_get_kdf_size\fR\|(3) to obtain the requisite length is not meaningful. The caller must allocate a buffer of the desired length, and pass that buffer to the \&\fBEVP_KDF_derive\fR\|(3) function along with the desired length. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives an 8 byte \s-1IV\s0 using \s-1SHA\-256\s0 with a 1K \*(L"key\*(R" and appropriate -\&\*(L"xcghash\*(R" and \*(L"session_id\*(R" values: +This example derives an 8 byte IV using SHA\-256 with a 1K "key" and appropriate +"xcghash" and "session_id" values: .PP .Vb 9 \& EVP_KDF *kdf; @@ -263,24 +184,24 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 4253\s0 +RFC 4253 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-TLS13_KDF.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-TLS13_KDF.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,143 +53,76 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-TLS13_KDF 7ossl" -.TH EVP_KDF-TLS13_KDF 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-TLS13_KDF 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-TLS13_KDF \- The TLS 1.3 EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \s-1TLS 1.3\s0 version of the \fB\s-1HKDF\s0\fR \s-1KDF\s0 through -the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0 +Support for computing the TLS 1.3 version of the \fBHKDF\fR KDF through +the \fBEVP_KDF\fR API. +.PP +The EVP_KDF\-TLS13_KDF algorithm implements the HKDF key derivation function +as used by TLS 1.3. .PP -The \s-1EVP_KDF\-TLS13_KDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function -as used by \s-1TLS 1.3.\s0 -.SS "Identity" +The output is considered to be keying material. +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1TLS13\-KDF\*(R"\s0 is the name for this implementation; it +"TLS13\-KDF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " -.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_KDF_PARAM_KEY) " -.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " +.IP """key"" (\fBOSSL_KDF_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_KEY) " +.IP """salt"" (\fBOSSL_KDF_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_KDF_PARAM_SALT) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """prefix"" (\fB\s-1OSSL_KDF_PARAM_PREFIX\s0\fR) " 4 -.el .IP "``prefix'' (\fB\s-1OSSL_KDF_PARAM_PREFIX\s0\fR) " 4 -.IX Item "prefix (OSSL_KDF_PARAM_PREFIX) " -This parameter sets the label prefix on the specified \s-1TLS 1.3 KDF\s0 context. -For \s-1TLS 1.3\s0 this should be set to the \s-1ASCII\s0 string \*(L"tls13 \*(R" without a -trailing zero byte. Refer to \s-1RFC 8446\s0 section 7.1 \*(L"Key Schedule\*(R" for details. -.ie n .IP """label"" (\fB\s-1OSSL_KDF_PARAM_LABEL\s0\fR) " 4 -.el .IP "``label'' (\fB\s-1OSSL_KDF_PARAM_LABEL\s0\fR) " 4 -.IX Item "label (OSSL_KDF_PARAM_LABEL) " -This parameter sets the label on the specified \s-1TLS 1.3 KDF\s0 context. -Refer to \s-1RFC 8446\s0 section 7.1 \*(L"Key Schedule\*(R" for details. -.ie n .IP """data"" (\fB\s-1OSSL_KDF_PARAM_DATA\s0\fR) " 4 -.el .IP "``data'' (\fB\s-1OSSL_KDF_PARAM_DATA\s0\fR) " 4 -.IX Item "data (OSSL_KDF_PARAM_DATA) " -This parameter sets the context data on the specified \s-1TLS 1.3 KDF\s0 context. -Refer to \s-1RFC 8446\s0 section 7.1 \*(L"Key Schedule\*(R" for details. -.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or " 4 -.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or " 4 -.IX Item "mode (OSSL_KDF_PARAM_MODE) or " -This parameter sets the mode for the \s-1TLS 1.3 KDF\s0 operation. +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """prefix"" (\fBOSSL_KDF_PARAM_PREFIX\fR) " 4 +.IX Item """prefix"" (OSSL_KDF_PARAM_PREFIX) " +This parameter sets the label prefix on the specified TLS 1.3 KDF context. +For TLS 1.3 this should be set to the ASCII string "tls13 " without a +trailing zero byte. Refer to RFC 8446 section 7.1 "Key Schedule" for details. +.IP """label"" (\fBOSSL_KDF_PARAM_LABEL\fR) " 4 +.IX Item """label"" (OSSL_KDF_PARAM_LABEL) " +This parameter sets the label on the specified TLS 1.3 KDF context. +Refer to RFC 8446 section 7.1 "Key Schedule" for details. +.IP """data"" (\fBOSSL_KDF_PARAM_DATA\fR) " 4 +.IX Item """data"" (OSSL_KDF_PARAM_DATA) " +This parameter sets the context data on the specified TLS 1.3 KDF context. +Refer to RFC 8446 section 7.1 "Key Schedule" for details. +.IP """mode"" (\fBOSSL_KDF_PARAM_MODE\fR) or " 4 +.IX Item """mode"" (OSSL_KDF_PARAM_MODE) or " +This parameter sets the mode for the TLS 1.3 KDF operation. There are two modes that are currently defined: .RS 4 -.ie n .IP """\s-1EXTRACT_ONLY""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR" 4 -.el .IP "``\s-1EXTRACT_ONLY''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR" 4 -.IX Item "EXTRACT_ONLY or EVP_KDF_HKDF_MODE_EXTRACT_ONLY" +.IP """EXTRACT_ONLY"" or \fBEVP_KDF_HKDF_MODE_EXTRACT_ONLY\fR" 4 +.IX Item """EXTRACT_ONLY"" or EVP_KDF_HKDF_MODE_EXTRACT_ONLY" In this mode calling \fBEVP_KDF_derive\fR\|(3) will just perform the extract -operation. The value returned will be the intermediate fixed-length pseudorandom +operation. The value returned will be the intermediate fixed\-length pseudorandom key K. The \fIkeylen\fR parameter must match the size of K, which can be looked up by calling \fBEVP_KDF_CTX_get_kdf_size()\fR after setting the mode and digest. .Sp The digest, key and salt values must be set before a key is derived otherwise an error will occur. -.ie n .IP """\s-1EXPAND_ONLY""\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR" 4 -.el .IP "``\s-1EXPAND_ONLY''\s0 or \fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR" 4 -.IX Item "EXPAND_ONLY or EVP_KDF_HKDF_MODE_EXPAND_ONLY" +.IP """EXPAND_ONLY"" or \fBEVP_KDF_HKDF_MODE_EXPAND_ONLY\fR" 4 +.IX Item """EXPAND_ONLY"" or EVP_KDF_HKDF_MODE_EXPAND_ONLY" In this mode calling \fBEVP_KDF_derive\fR\|(3) will just perform the expand -operation. The input key should be set to the intermediate fixed-length +operation. The input key should be set to the intermediate fixed\-length pseudorandom key K returned from a previous extract operation. .Sp The digest, key and info values must be set before a key is derived otherwise @@ -213,50 +130,50 @@ .RE .RS 4 .RE -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -This \s-1KDF\s0 is intended for use by the \s-1TLS 1.3\s0 implementation in libssl. -It does not support all the options and capabilities that \s-1HKDF\s0 does. +This KDF is intended for use by the TLS 1.3 implementation in libssl. +It does not support all the options and capabilities that HKDF does. .PP -The \fI\s-1OSSL_PARAM\s0\fR array passed to \fBEVP_KDF_derive\fR\|(3) or +The \fIOSSL_PARAM\fR array passed to \fBEVP_KDF_derive\fR\|(3) or \&\fBEVP_KDF_CTX_set_params\fR\|(3) must specify all of the parameters required. -This \s-1KDF\s0 does not support a piecemeal approach to providing these. +This KDF does not support a piecemeal approach to providing these. .PP -A context for a \s-1TLS 1.3 KDF\s0 can be obtained by calling: +A context for a TLS 1.3 KDF can be obtained by calling: .PP .Vb 2 \& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS13\-KDF", NULL); \& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); .Ve .PP -The output length of a \s-1TLS 1.3 KDF\s0 expand operation is specified via the +The output length of a TLS 1.3 KDF expand operation is specified via the \&\fIkeylen\fR parameter to the \fBEVP_KDF_derive\fR\|(3) function. When using -\&\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0 the \fIkeylen\fR parameter must equal the size of -the intermediate fixed-length pseudorandom key otherwise an error will occur. +EVP_KDF_HKDF_MODE_EXTRACT_ONLY the \fIkeylen\fR parameter must equal the size of +the intermediate fixed\-length pseudorandom key otherwise an error will occur. For that mode, the fixed output size can be looked up by calling \&\fBEVP_KDF_CTX_get_kdf_size()\fR after setting the mode and digest on the -\&\fB\s-1EVP_KDF_CTX\s0\fR. +\&\fBEVP_KDF_CTX\fR. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 8446\s0 +RFC 8446 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3), -\&\s-1\fBEVP_KDF\-HKDF\s0\fR\|(7) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3), +\&\fBEVP_KDF\-HKDF\fR\|(7) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-TLS1_PRF.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-TLS1_PRF.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,118 +53,57 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-TLS1_PRF 7ossl" -.TH EVP_KDF-TLS1_PRF 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-TLS1_PRF 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-TLS1_PRF \- The TLS1 PRF EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing the \fB\s-1TLS1\s0\fR \s-1PRF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API.\s0 +Support for computing the \fBTLS1\fR PRF through the \fBEVP_KDF\fR API. +.PP +The EVP_KDF\-TLS1_PRF algorithm implements the PRF used by TLS versions up to +and including TLS 1.2. .PP -The \s-1EVP_KDF\-TLS1_PRF\s0 algorithm implements the \s-1PRF\s0 used by \s-1TLS\s0 versions up to -and including \s-1TLS 1.2.\s0 -.SS "Identity" +The output is considered to be keying material. +.SS Identity .IX Subsection "Identity" -\&\*(L"\s-1TLS1\-PRF\*(R"\s0 is the name for this implementation; it +"TLS1\-PRF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). .Sp -The \fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR parameter is used to set the message digest -associated with the \s-1TLS PRF.\s0 +The \fBOSSL_KDF_PARAM_DIGEST\fR parameter is used to set the message digest +associated with the TLS PRF. \&\fBEVP_md5_sha1()\fR is treated as a special case which uses the -\&\s-1PRF\s0 algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1. -.ie n .IP """secret"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 -.el .IP "``secret'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 -.IX Item "secret (OSSL_KDF_PARAM_SECRET) " -This parameter sets the secret value of the \s-1TLS PRF.\s0 +PRF algorithm using both \fBMD5\fR and \fBSHA1\fR as used in TLS 1.0 and 1.1. +.IP """secret"" (\fBOSSL_KDF_PARAM_SECRET\fR) " 4 +.IX Item """secret"" (OSSL_KDF_PARAM_SECRET) " +This parameter sets the secret value of the TLS PRF. Any existing secret value is replaced. -.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 -.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 -.IX Item "seed (OSSL_KDF_PARAM_SEED) " +.IP """seed"" (\fBOSSL_KDF_PARAM_SEED\fR) " 4 +.IX Item """seed"" (OSSL_KDF_PARAM_SEED) " This parameter sets the context seed. The length of the context seed cannot exceed 1024 bytes; -this should be more than enough for any normal use of the \s-1TLS PRF.\s0 -.SH "NOTES" +this should be more than enough for any normal use of the TLS PRF. +.SH NOTES .IX Header "NOTES" -A context for the \s-1TLS PRF\s0 can be obtained by calling: +A context for the TLS PRF can be obtained by calling: .PP .Vb 2 \& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1\-PRF", NULL); @@ -190,12 +113,12 @@ The digest, secret value and seed must be set before a key is derived otherwise an error will occur. .PP -The output length of the \s-1PRF\s0 is specified by the \fIkeylen\fR parameter to the +The output length of the PRF is specified by the \fIkeylen\fR parameter to the \&\fBEVP_KDF_derive()\fR function. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" -and seed value \*(L"seed\*(R": +This example derives 10 bytes using SHA\-256 with the secret key "secret" +and seed value "seed": .PP .Vb 4 \& EVP_KDF *kdf; @@ -221,23 +144,23 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 2246, RFC 5246\s0 and \s-1NIST SP 800\-135\s0 r1 +RFC 2246, RFC 5246 and NIST SP 800\-135 r1 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-X942-ASN1.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-X942-ASN1.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,147 +53,79 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-X942-ASN1 7ossl" -.TH EVP_KDF-X942-ASN1 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-X942-ASN1 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-X942\-ASN1 \- The X9.42\-2003 asn1 EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP_KDF\-X942\-ASN1\s0 algorithm implements the key derivation function -X942KDF\-ASN1. It is used by \s-1DH\s0 KeyAgreement, to derive a key using input such as -a shared secret key and other info. The other info is \s-1DER\s0 encoded data that -contains a 32 bit counter as well as optional fields for \*(L"partyu-info\*(R", -\&\*(L"partyv-info\*(R", \*(L"supp-pubinfo\*(R" and \*(L"supp-privinfo\*(R". -This kdf is used by Cryptographic Message Syntax (\s-1CMS\s0). -.SS "Identity" +The EVP_KDF\-X942\-ASN1 algorithm implements the key derivation function +X942KDF\-ASN1. It is used by DH KeyAgreement, to derive a key using input such as +a shared secret key and other info. The other info is DER encoded data that +contains a 32 bit counter as well as optional fields for "partyu\-info", +"partyv\-info", "supp\-pubinfo" and "supp\-privinfo". +This kdf is used by Cryptographic Message Syntax (CMS). +.PP +The output is considered to be keying material. +.SS Identity .IX Subsection "Identity" -\&\*(L"X942KDF\-ASN1\*(R" or \*(L"X942KDF\*(R" is the name for this implementation; it +"X942KDF\-ASN1" or "X942KDF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """secret"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 -.el .IP "``secret'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 -.IX Item "secret (OSSL_KDF_PARAM_SECRET) " +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """secret"" (\fBOSSL_KDF_PARAM_SECRET\fR) " 4 +.IX Item """secret"" (OSSL_KDF_PARAM_SECRET) " The shared secret used for key derivation. This parameter sets the secret. -.ie n .IP """acvp-info"" (\fB\s-1OSSL_KDF_PARAM_X942_ACVPINFO\s0\fR) " 4 -.el .IP "``acvp-info'' (\fB\s-1OSSL_KDF_PARAM_X942_ACVPINFO\s0\fR) " 4 -.IX Item "acvp-info (OSSL_KDF_PARAM_X942_ACVPINFO) " -This value should not be used in production and should only be used for \s-1ACVP\s0 -testing. It is an optional octet string containing a combined \s-1DER\s0 encoded blob -of any of the optional fields related to \*(L"partyu-info\*(R", \*(L"partyv-info\*(R", -\&\*(L"supp-pubinfo\*(R" and \*(L"supp-privinfo\*(R". If it is specified then none of these other +.IP """acvp\-info"" (\fBOSSL_KDF_PARAM_X942_ACVPINFO\fR) " 4 +.IX Item """acvp-info"" (OSSL_KDF_PARAM_X942_ACVPINFO) " +This value should not be used in production and should only be used for ACVP +testing. It is an optional octet string containing a combined DER encoded blob +of any of the optional fields related to "partyu\-info", "partyv\-info", +"supp\-pubinfo" and "supp\-privinfo". If it is specified then none of these other fields should be used. -.ie n .IP """partyu-info"" (\fB\s-1OSSL_KDF_PARAM_X942_PARTYUINFO\s0\fR) " 4 -.el .IP "``partyu-info'' (\fB\s-1OSSL_KDF_PARAM_X942_PARTYUINFO\s0\fR) " 4 -.IX Item "partyu-info (OSSL_KDF_PARAM_X942_PARTYUINFO) " +.IP """partyu\-info"" (\fBOSSL_KDF_PARAM_X942_PARTYUINFO\fR) " 4 +.IX Item """partyu-info"" (OSSL_KDF_PARAM_X942_PARTYUINFO) " An optional octet string containing public info contributed by the initiator. -.ie n .IP """ukm"" (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) " 4 -.el .IP "``ukm'' (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) " 4 -.IX Item "ukm (OSSL_KDF_PARAM_UKM) " -An alias for \*(L"partyu-info\*(R". -In \s-1CMS\s0 this is the user keying material. -.ie n .IP """partyv-info"" (\fB\s-1OSSL_KDF_PARAM_X942_PARTYVINFO\s0\fR) " 4 -.el .IP "``partyv-info'' (\fB\s-1OSSL_KDF_PARAM_X942_PARTYVINFO\s0\fR) " 4 -.IX Item "partyv-info (OSSL_KDF_PARAM_X942_PARTYVINFO) " +.IP """ukm"" (\fBOSSL_KDF_PARAM_UKM\fR) " 4 +.IX Item """ukm"" (OSSL_KDF_PARAM_UKM) " +An alias for "partyu\-info". +In CMS this is the user keying material. +.IP """partyv\-info"" (\fBOSSL_KDF_PARAM_X942_PARTYVINFO\fR) " 4 +.IX Item """partyv-info"" (OSSL_KDF_PARAM_X942_PARTYVINFO) " An optional octet string containing public info contributed by the responder. -.ie n .IP """supp-pubinfo"" (\fB\s-1OSSL_KDF_PARAM_X942_SUPP_PUBINFO\s0\fR) " 4 -.el .IP "``supp-pubinfo'' (\fB\s-1OSSL_KDF_PARAM_X942_SUPP_PUBINFO\s0\fR) " 4 -.IX Item "supp-pubinfo (OSSL_KDF_PARAM_X942_SUPP_PUBINFO) " -An optional octet string containing some additional, mutually-known public -information. Setting this value also sets \*(L"use-keybits\*(R" to 0. -.ie n .IP """use-keybits"" (\fB\s-1OSSL_KDF_PARAM_X942_USE_KEYBITS\s0\fR) " 4 -.el .IP "``use-keybits'' (\fB\s-1OSSL_KDF_PARAM_X942_USE_KEYBITS\s0\fR) " 4 -.IX Item "use-keybits (OSSL_KDF_PARAM_X942_USE_KEYBITS) " -The default value of 1 will use the \s-1KEK\s0 key length (in bits) as the -\&\*(L"supp-pubinfo\*(R". A value of 0 disables setting the \*(L"supp-pubinfo\*(R". -.ie n .IP """supp-privinfo"" (\fB\s-1OSSL_KDF_PARAM_X942_SUPP_PRIVINFO\s0\fR) " 4 -.el .IP "``supp-privinfo'' (\fB\s-1OSSL_KDF_PARAM_X942_SUPP_PRIVINFO\s0\fR) " 4 -.IX Item "supp-privinfo (OSSL_KDF_PARAM_X942_SUPP_PRIVINFO) " -An optional octet string containing some additional, mutually-known private +.IP """supp\-pubinfo"" (\fBOSSL_KDF_PARAM_X942_SUPP_PUBINFO\fR) " 4 +.IX Item """supp-pubinfo"" (OSSL_KDF_PARAM_X942_SUPP_PUBINFO) " +An optional octet string containing some additional, mutually\-known public +information. Setting this value also sets "use\-keybits" to 0. +.IP """use\-keybits"" (\fBOSSL_KDF_PARAM_X942_USE_KEYBITS\fR) " 4 +.IX Item """use-keybits"" (OSSL_KDF_PARAM_X942_USE_KEYBITS) " +The default value of 1 will use the KEK key length (in bits) as the +"supp\-pubinfo". A value of 0 disables setting the "supp\-pubinfo". +.IP """supp\-privinfo"" (\fBOSSL_KDF_PARAM_X942_SUPP_PRIVINFO\fR) " 4 +.IX Item """supp-privinfo"" (OSSL_KDF_PARAM_X942_SUPP_PRIVINFO) " +An optional octet string containing some additional, mutually\-known private information. -.ie n .IP """cekalg"" (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cekalg'' (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cekalg (OSSL_KDF_PARAM_CEK_ALG) " -This parameter sets the \s-1CEK\s0 wrapping algorithm name. -Valid values are \*(L"\s-1AES\-128\-WRAP\*(R", \*(L"AES\-192\-WRAP\*(R", \*(L"AES\-256\-WRAP\*(R"\s0 and \*(L"\s-1DES3\-WRAP\*(R".\s0 -.SH "NOTES" +.IP """cekalg"" (\fBOSSL_KDF_PARAM_CEK_ALG\fR) " 4 +.IX Item """cekalg"" (OSSL_KDF_PARAM_CEK_ALG) " +This parameter sets the CEK wrapping algorithm name. +Valid values are "AES\-128\-WRAP", "AES\-192\-WRAP", "AES\-256\-WRAP" and "DES3\-WRAP". +.SH NOTES .IX Header "NOTES" A context for X942KDF can be obtained by calling: .PP @@ -220,9 +136,9 @@ .PP The output length of an X942KDF is specified via the \fIkeylen\fR parameter to the \fBEVP_KDF_derive\fR\|(3) function. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives 24 bytes, with the secret key \*(L"secret\*(R" and random user +This example derives 24 bytes, with the secret key "secret" and random user keying material: .PP .Vb 5 @@ -256,25 +172,25 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ANS1 X9.42\-2003 -RFC 2631\s0 +ANS1 X9.42\-2003 +RFC 2631 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-X942-CONCAT.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-X942-CONCAT.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,98 +53,39 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-X942-CONCAT 7ossl" -.TH EVP_KDF-X942-CONCAT 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-X942-CONCAT 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-X942\-CONCAT \- The X942 Concat EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP_KDF\-X942\-CONCAT\s0 algorithm is identical to \s-1EVP_KDF\-X963.\s0 It is +The EVP_KDF\-X942\-CONCAT algorithm is identical to EVP_KDF\-X963. It is used for key agreement to derive a key using input such as a shared secret key and shared info. -.SS "Identity" +.SS Identity .IX Subsection "Identity" -\&\*(L"X942KDF_CONCAT\*(R" is the name for this implementation; it +"X942KDF_CONCAT" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .PP -This is an alias for \*(L"X963KDF\*(R". +This is an alias for "X963KDF". .PP -See \s-1\fBEVP_KDF\-X963\s0\fR\|(7) for a list of supported parameters and examples. -.SH "HISTORY" +See \fBEVP_KDF\-X963\fR\|(7) for a list of supported parameters and examples. +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KDF-X963.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KDF-X963.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,111 +53,50 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KDF-X963 7ossl" -.TH EVP_KDF-X963 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KDF-X963 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KDF\-X963 \- The X9.63\-2001 EVP_KDF implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP_KDF\-X963\s0 algorithm implements the key derivation function (X963KDF). -X963KDF is used by Cryptographic Message Syntax (\s-1CMS\s0) for \s-1EC\s0 KeyAgreement, to +The EVP_KDF\-X963 algorithm implements the key derivation function (X963KDF). +X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to derive a key using input such as a shared secret key and shared info. -.SS "Identity" +.PP +The output is considered to be keying material. +.SS Identity .IX Subsection "Identity" -\&\*(L"X963KDF\*(R" is the name for this implementation; it +"X963KDF" is the name for this implementation; it can be used with the \fBEVP_KDF_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). -.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_KDF_PARAM_KEY) " +These parameters work as described in "PARAMETERS" in \fBEVP_KDF\fR\|(3). +.IP """key"" (\fBOSSL_KDF_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_KEY) " The shared secret used for key derivation. This parameter sets the secret. -.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.IX Item "info (OSSL_KDF_PARAM_INFO) " +.IP """info"" (\fBOSSL_KDF_PARAM_INFO\fR) " 4 +.IX Item """info"" (OSSL_KDF_PARAM_INFO) " This parameter specifies an optional value for shared info. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -X963KDF is very similar to the \s-1SSKDF\s0 that uses a digest as the auxiliary function, -X963KDF appends the counter to the secret, whereas \s-1SSKDF\s0 prepends the counter. +X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function, +X963KDF appends the counter to the secret, whereas SSKDF prepends the counter. .PP A context for X963KDF can be obtained by calling: .PP @@ -184,10 +107,10 @@ .PP The output length of an X963KDF is specified via the \fIkeylen\fR parameter to the \fBEVP_KDF_derive\fR\|(3) function. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -This example derives 10 bytes, with the secret key \*(L"secret\*(R" and sharedinfo -value \*(L"label\*(R": +This example derives 10 bytes, with the secret key "secret" and sharedinfo +value "label": .PP .Vb 4 \& EVP_KDF *kdf; @@ -214,24 +137,24 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\*(L"\s-1SEC 1:\s0 Elliptic Curve Cryptography\*(R" +"SEC 1: Elliptic Curve Cryptography" .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KDF\s0\fR\|(3), +\&\fBEVP_KDF\fR\|(3), \&\fBEVP_KDF_CTX_new\fR\|(3), \&\fBEVP_KDF_CTX_free\fR\|(3), \&\fBEVP_KDF_CTX_set_params\fR\|(3), \&\fBEVP_KDF_CTX_get_kdf_size\fR\|(3), \&\fBEVP_KDF_derive\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_KDF\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KEM-RSA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KEM-RSA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,96 +53,35 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KEM-RSA 7ossl" -.TH EVP_KEM-RSA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KEM-RSA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KEM\-RSA \&\- EVP_KEM RSA keytype and algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1RSA\s0\fR keytype and its parameters are described in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7). +The \fBRSA\fR keytype and its parameters are described in \fBEVP_PKEY\-RSA\fR\|(7). See \fBEVP_PKEY_encapsulate\fR\|(3) and \fBEVP_PKEY_decapsulate\fR\|(3) for more info. -.SS "\s-1RSA KEM\s0 parameters" +.SS "RSA KEM parameters" .IX Subsection "RSA KEM parameters" -.ie n .IP """operation"" (\fB\s-1OSSL_KEM_PARAM_OPERATION\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``operation'' (\fB\s-1OSSL_KEM_PARAM_OPERATION\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "operation (OSSL_KEM_PARAM_OPERATION) " -The OpenSSL \s-1RSA\s0 Key Encapsulation Mechanism only currently supports the +.IP """operation"" (\fBOSSL_KEM_PARAM_OPERATION\fR) " 4 +.IX Item """operation"" (OSSL_KEM_PARAM_OPERATION) " +The OpenSSL RSA Key Encapsulation Mechanism only currently supports the following operation .RS 4 -.ie n .IP """\s-1RSASVE""\s0" 4 -.el .IP "``\s-1RSASVE''\s0" 4 -.IX Item "RSASVE" +.IP """RSASVE""" 4 +.IX Item """RSASVE""" The encapsulate function simply generates a secret using random bytes and then -encrypts the secret using the \s-1RSA\s0 public key (with no padding). -The decapsulate function recovers the secret using the \s-1RSA\s0 private key. +encrypts the secret using the RSA public key (with no padding). +The decapsulate function recovers the secret using the RSA private key. .RE .RS 4 .Sp @@ -166,26 +89,26 @@ .RE .SH "CONFORMING TO" .IX Header "CONFORMING TO" -.IP "SP800\-56Br2" 4 +.IP SP800\-56Br2 4 .IX Item "SP800-56Br2" -Section 7.2.1.2 \s-1RSASVE\s0 Generate Operation (\s-1RSASVE.GENERATE\s0). -Section 7.2.1.3 \s-1RSASVE\s0 Recovery Operation (\s-1RSASVE.RECOVER\s0). +Section 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE). +Section 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_set_kem_op\fR\|(3), \&\fBEVP_PKEY_encapsulate\fR\|(3), \&\fBEVP_PKEY_decapsulate\fR\|(3) -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_KEYMGMT\fR\|(3), +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-keymgmt\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KEYEXCH-DH.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KEYEXCH-DH.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KEYEXCH-DH 7ossl" -.TH EVP_KEYEXCH-DH 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KEYEXCH-DH 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KEYEXCH\-DH \&\- DH Key Exchange algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Key exchange support for the \fB\s-1DH\s0\fR key type. -.SS "\s-1DH\s0 key exchange parameters" -.IX Subsection "DH key exchange parameters" -.ie n .IP """pad"" (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 -.el .IP "``pad'' (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 -.IX Item "pad (OSSL_EXCHANGE_PARAM_PAD) " +Key exchange support for the \fBDH\fR and \fBDHX\fR key types. +.PP +Please note that although both key types support the same key exchange +operations, they cannot be used together in a single key exchange. It +is not possible to use a private key of the \fBDH\fR type in key exchange +with the public key of \fBDHX\fR type and vice versa. +.SS "DH and DHX key exchange parameters" +.IX Subsection "DH and DHX key exchange parameters" +.IP """pad"" (\fBOSSL_EXCHANGE_PARAM_PAD\fR) " 4 +.IX Item """pad"" (OSSL_EXCHANGE_PARAM_PAD) " Sets the padding mode for the associated key exchange ctx. Setting a value of 1 will turn padding on. Setting a value of 0 will turn padding off. @@ -158,38 +87,32 @@ filled with zeros where necessary to make the shared secret the same size as the largest possible secret size. The padding mode parameter is ignored (and padding implicitly enabled) when -the \s-1KDF\s0 type is set to \*(L"X942KDF\-ASN1\*(R" (\fB\s-1OSSL_KDF_NAME_X942KDF_ASN1\s0\fR). -.ie n .IP """kdf-type"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-type'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-type (OSSL_EXCHANGE_PARAM_KDF_TYPE) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """kdf-digest"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-digest'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-digest (OSSL_EXCHANGE_PARAM_KDF_DIGEST) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """kdf-digest-props"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-digest-props'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-digest-props (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """kdf-outlen"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 -.el .IP "``kdf-outlen'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 -.IX Item "kdf-outlen (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """kdf-ukm"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 -.el .IP "``kdf-ukm'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 -.IX Item "kdf-ukm (OSSL_EXCHANGE_PARAM_KDF_UKM) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """cekalg"" (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) " 4 -.el .IP "``cekalg'' (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) " 4 -.IX Item "cekalg (OSSL_KDF_PARAM_CEK_ALG) " -See \*(L"\s-1KDF\s0 Parameters\*(R" in \fBprovider\-kdf\fR\|(7). -.SH "EXAMPLES" +the KDF type is set to "X942KDF\-ASN1" (\fBOSSL_KDF_NAME_X942KDF_ASN1\fR). +.IP """kdf\-type"" (\fBOSSL_EXCHANGE_PARAM_KDF_TYPE\fR) " 4 +.IX Item """kdf-type"" (OSSL_EXCHANGE_PARAM_KDF_TYPE) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """kdf\-digest"" (\fBOSSL_EXCHANGE_PARAM_KDF_DIGEST\fR) " 4 +.IX Item """kdf-digest"" (OSSL_EXCHANGE_PARAM_KDF_DIGEST) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """kdf\-digest\-props"" (\fBOSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\fR) " 4 +.IX Item """kdf-digest-props"" (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """kdf\-outlen"" (\fBOSSL_EXCHANGE_PARAM_KDF_OUTLEN\fR) " 4 +.IX Item """kdf-outlen"" (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """kdf\-ukm"" (\fBOSSL_EXCHANGE_PARAM_KDF_UKM\fR) " 4 +.IX Item """kdf-ukm"" (OSSL_EXCHANGE_PARAM_KDF_UKM) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """cekalg"" (\fBOSSL_KDF_PARAM_CEK_ALG\fR) " 4 +.IX Item """cekalg"" (OSSL_KDF_PARAM_CEK_ALG) " +See "KDF Parameters" in \fBprovider\-kdf\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" The examples assume a host and peer both generate keys using the same -named group (or domain parameters). See \*(L"Examples\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7). +named group (or domain parameters). See "Examples" in \fBEVP_PKEY\-DH\fR\|(7). Both the host and peer transfer their public key to each other. .PP -To convert the peer's generated key pair to a public key in \s-1DER\s0 format in order +To convert the peer\*(Aqs generated key pair to a public key in DER format in order to transfer to the host: .PP .Vb 3 @@ -202,7 +125,7 @@ \& OPENSSL_free(peer_pub_der); .Ve .PP -To convert the received peer's public key from \s-1DER\s0 format on the host: +To convert the received peer\*(Aqs public key from DER format on the host: .PP .Vb 4 \& const unsigned char *pd = peer_pub_der; @@ -211,7 +134,7 @@ \& EVP_PKEY_free(peer_pub_key); .Ve .PP -To derive a shared secret on the host using the host's key and the peer's public +To derive a shared secret on the host using the host\*(Aqs key and the peer\*(Aqs public key: .PP .Vb 8 @@ -245,21 +168,21 @@ .Ve .PP Very similar code can be used by the peer to derive the same shared secret -using the host's public key and the peer's generated key pair. +using the host\*(Aqs public key and the peer\*(Aqs generated key pair. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_PKEY\-DH\fR\|(7), +\&\fBEVP_PKEY\-FFC\fR\|(7), +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-keyexch\fR\|(7), \&\fBprovider\-keymgmt\fR\|(7), \&\fBOSSL_PROVIDER\-default\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7), +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KEYEXCH-ECDH.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KEYEXCH-ECDH.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,30 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KEYEXCH-ECDH 7ossl" -.TH EVP_KEYEXCH-ECDH 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KEYEXCH-ECDH 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KEYEXCH\-ECDH \- ECDH Key Exchange algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Key exchange support for the \fB\s-1ECDH\s0\fR key type. -.SS "\s-1ECDH\s0 Key Exchange parameters" +Key exchange support for the \fBECDH\fR key type. +.SS "ECDH Key Exchange parameters" .IX Subsection "ECDH Key Exchange parameters" -.ie n .IP """ecdh-cofactor-mode"" (\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR) " 4 -.el .IP "``ecdh-cofactor-mode'' (\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR) " 4 -.IX Item "ecdh-cofactor-mode (OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE) " -Sets or gets the \s-1ECDH\s0 mode of operation for the associated key exchange ctx. +.IP """ecdh\-cofactor\-mode"" (\fBOSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\fR) " 4 +.IX Item """ecdh-cofactor-mode"" (OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE) " +Sets or gets the ECDH mode of operation for the associated key exchange ctx. .Sp -In the context of an Elliptic Curve Diffie-Hellman key exchange, this parameter -can be used to select between the plain Diffie-Hellman (\s-1DH\s0) or Cofactor -Diffie-Hellman (\s-1CDH\s0) variants of the key exchange algorithm. +In the context of an Elliptic Curve Diffie\-Hellman key exchange, this parameter +can be used to select between the plain Diffie\-Hellman (DH) or Cofactor +Diffie\-Hellman (CDH) variants of the key exchange algorithm. .Sp When setting, the value should be 1, 0 or \-1, respectively forcing cofactor mode on, off, or resetting it to the default for the private key associated with the @@ -162,37 +86,32 @@ cofactor mode is on or off. .Sp See also \fBprovider\-keymgmt\fR\|(7) for the related -\&\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR parameter that can be set on a -per-key basis. -.ie n .IP """kdf-type"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-type'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-type (OSSL_EXCHANGE_PARAM_KDF_TYPE) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """kdf-digest"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-digest'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-digest (OSSL_EXCHANGE_PARAM_KDF_DIGEST) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """kdf-digest-props"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-digest-props'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-digest-props (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """kdf-outlen"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 -.el .IP "``kdf-outlen'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 -.IX Item "kdf-outlen (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.ie n .IP """kdf-ukm"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 -.el .IP "``kdf-ukm'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 -.IX Item "kdf-ukm (OSSL_EXCHANGE_PARAM_KDF_UKM) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.SH "EXAMPLES" +\&\fBOSSL_PKEY_PARAM_USE_COFACTOR_ECDH\fR parameter that can be set on a +per\-key basis. +.IP """kdf\-type"" (\fBOSSL_EXCHANGE_PARAM_KDF_TYPE\fR) " 4 +.IX Item """kdf-type"" (OSSL_EXCHANGE_PARAM_KDF_TYPE) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """kdf\-digest"" (\fBOSSL_EXCHANGE_PARAM_KDF_DIGEST\fR) " 4 +.IX Item """kdf-digest"" (OSSL_EXCHANGE_PARAM_KDF_DIGEST) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """kdf\-digest\-props"" (\fBOSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\fR) " 4 +.IX Item """kdf-digest-props"" (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """kdf\-outlen"" (\fBOSSL_EXCHANGE_PARAM_KDF_OUTLEN\fR) " 4 +.IX Item """kdf-outlen"" (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.IP """kdf\-ukm"" (\fBOSSL_EXCHANGE_PARAM_KDF_UKM\fR) " 4 +.IX Item """kdf-ukm"" (OSSL_EXCHANGE_PARAM_KDF_UKM) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" Keys for the host and peer must be generated as shown in -\&\*(L"Examples\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) using the same curve name. +"Examples" in \fBEVP_PKEY\-EC\fR\|(7) using the same curve name. .PP The code to generate a shared secret for the normal case is identical to -\&\*(L"Examples\*(R" in \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7). +"Examples" in \fBEVP_KEYEXCH\-DH\fR\|(7). .PP -To derive a shared secret on the host using the host's key and the peer's public +To derive a shared secret on the host using the host\*(Aqs key and the peer\*(Aqs public key but also using X963KDF with a user key material: .PP .Vb 10 @@ -230,17 +149,17 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-EC\s0\fR\|(7) -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_PKEY\-EC\fR\|(7) +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-keyexch\fR\|(7), \&\fBprovider\-keymgmt\fR\|(7), \&\fBOSSL_PROVIDER\-default\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7), +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_KEYEXCH-X25519.7.orig +++ secure/lib/libcrypto/man/man7/EVP_KEYEXCH-X25519.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,109 +53,49 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_KEYEXCH-X25519 7ossl" -.TH EVP_KEYEXCH-X25519 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_KEYEXCH-X25519 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_KEYEXCH\-X25519, EVP_KEYEXCH\-X448 \&\- X25519 and X448 Key Exchange algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Key exchange support for the \fBX25519\fR and \fBX448\fR key types. .SS "Key exchange parameters" .IX Subsection "Key exchange parameters" -.ie n .IP """pad"" (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 -.el .IP "``pad'' (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 -.IX Item "pad (OSSL_EXCHANGE_PARAM_PAD) " -See \*(L"Common Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7). -.SH "EXAMPLES" +.IP """pad"" (\fBOSSL_EXCHANGE_PARAM_PAD\fR) " 4 +.IX Item """pad"" (OSSL_EXCHANGE_PARAM_PAD) " +See "Common Key Exchange parameters" in \fBprovider\-keyexch\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" Keys for the host and peer can be generated as shown in -\&\*(L"Examples\*(R" in \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7). +"Examples" in \fBEVP_PKEY\-X25519\fR\|(7). .PP The code to generate a shared secret is identical to -\&\*(L"Examples\*(R" in \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7). +"Examples" in \fBEVP_KEYEXCH\-DH\fR\|(7). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7) -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_PKEY\-FFC\fR\|(7), +\&\fBEVP_PKEY\-DH\fR\|(7) +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-keyexch\fR\|(7), \&\fBprovider\-keymgmt\fR\|(7), \&\fBOSSL_PROVIDER\-default\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7), +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MAC-BLAKE2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MAC-BLAKE2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,147 +53,82 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MAC-BLAKE2 7ossl" -.TH EVP_MAC-BLAKE2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MAC-BLAKE2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MAC\-BLAKE2, EVP_MAC\-BLAKE2BMAC, EVP_MAC\-BLAKE2SMAC \&\- The BLAKE2 EVP_MAC implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1BLAKE2\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing BLAKE2 MACs through the \fBEVP_MAC\fR API. +.SS Identity .IX Subsection "Identity" These implementations are identified with one of these names and properties, to be used with \fBEVP_MAC_fetch()\fR: -.ie n .IP """\s-1BLAKE2BMAC"",\s0 ""provider=default""" 4 -.el .IP "``\s-1BLAKE2BMAC'',\s0 ``provider=default''" 4 -.IX Item "BLAKE2BMAC, provider=default" +.IP """BLAKE2BMAC"", ""provider=default""" 4 +.IX Item """BLAKE2BMAC"", ""provider=default""" .PD 0 -.ie n .IP """\s-1BLAKE2SMAC"",\s0 ""provider=default""" 4 -.el .IP "``\s-1BLAKE2SMAC'',\s0 ``provider=default''" 4 -.IX Item "BLAKE2SMAC, provider=default" +.IP """BLAKE2SMAC"", ""provider=default""" 4 +.IX Item """BLAKE2SMAC"", ""provider=default""" .PD .SS "Supported parameters" .IX Subsection "Supported parameters" The general description of these parameters can be found in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3). +"PARAMETERS" in \fBEVP_MAC\fR\|(3). .PP -All these parameters can be set with \fBEVP_MAC_CTX_set_params()\fR. -Furthermore, the \*(L"size\*(R" parameter can be retrieved with +All these parameters (except for "block\-size") can be set with +\&\fBEVP_MAC_CTX_set_params()\fR. +Furthermore, the "size" parameter can be retrieved with \&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_mac_size()\fR. -The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. -Likewise, the \*(L"block-size\*(R" parameter can be retrieved with +The length of the "size" parameter should not exceed that of a \fBsize_t\fR. +Likewise, the "block\-size" parameter can be retrieved with \&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_block_size()\fR. -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " -Sets the \s-1MAC\s0 key. -It may be at most 64 bytes for \s-1BLAKE2BMAC\s0 or 32 for \s-1BLAKE2SMAC\s0 and at +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " +Sets the MAC key. +It may be at most 64 bytes for BLAKE2BMAC or 32 for BLAKE2SMAC and at least 1 byte in both cases. Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3). -.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 -.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 -.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " -Sets the custom value. -It is an optional value of at most 16 bytes for \s-1BLAKE2BMAC\s0 or 8 for -\&\s-1BLAKE2SMAC,\s0 and is empty by default. -.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 -.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 -.IX Item "salt (OSSL_MAC_PARAM_SALT) " +.IP """custom"" (\fBOSSL_MAC_PARAM_CUSTOM\fR) " 4 +.IX Item """custom"" (OSSL_MAC_PARAM_CUSTOM) " +Sets the customization/personalization string. +It is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC, and is empty by default. +.IP """salt"" (\fBOSSL_MAC_PARAM_SALT\fR) " 4 +.IX Item """salt"" (OSSL_MAC_PARAM_SALT) " Sets the salt. -It is an optional value of at most 16 bytes for \s-1BLAKE2BMAC\s0 or 8 for -\&\s-1BLAKE2SMAC,\s0 and is empty by default. -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " -Sets the \s-1MAC\s0 size. -It can be any number between 1 and 32 for \s-1EVP_MAC_BLAKE2S\s0 or between 1 -and 64 for \s-1EVP_MAC_BLAKE2B.\s0 +It is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC, and is empty by default. +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " +Sets the MAC size. +It can be any number between 1 and 32 for EVP_MAC_BLAKE2S or between 1 +and 64 for EVP_MAC_BLAKE2B. It is 32 and 64 respectively by default. -.ie n .IP """block-size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``block-size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "block-size (OSSL_MAC_PARAM_SIZE) " -Gets the \s-1MAC\s0 block size. -By default, it is 64 for \s-1EVP_MAC_BLAKE2S\s0 and 128 for \s-1EVP_MAC_BLAKE2B.\s0 +.IP """block\-size"" (\fBOSSL_MAC_PARAM_BLOCK_SIZE\fR) " 4 +.IX Item """block-size"" (OSSL_MAC_PARAM_BLOCK_SIZE) " +Gets the MAC block size. +It is 64 for EVP_MAC_BLAKE2S and 128 for EVP_MAC_BLAKE2B. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3) -.SH "HISTORY" +"PARAMETERS" in \fBEVP_MAC\fR\|(3), \fBOSSL_PARAM\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The macros and functions described here were added to OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MAC-CMAC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MAC-CMAC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,133 +53,68 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MAC-CMAC 7ossl" -.TH EVP_MAC-CMAC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MAC-CMAC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MAC\-CMAC \- The CMAC EVP_MAC implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1CMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0 +Support for computing CMAC MACs through the \fBEVP_MAC\fR API. .PP -This implementation uses \s-1EVP_CIPHER\s0 functions to get access to the underlying +This implementation uses EVP_CIPHER functions to get access to the underlying cipher. -.SS "Identity" +.SS Identity .IX Subsection "Identity" This implementation is identified with this name and properties, to be used with \fBEVP_MAC_fetch()\fR: -.ie n .IP """\s-1CMAC"",\s0 ""provider=default"" or ""provider=fips""" 4 -.el .IP "``\s-1CMAC'',\s0 ``provider=default'' or ``provider=fips''" 4 -.IX Item "CMAC, provider=default or provider=fips" +.IP """CMAC"", ""provider=default"" or ""provider=fips""" 4 +.IX Item """CMAC"", ""provider=default"" or ""provider=fips""" .SS "Supported parameters" .IX Subsection "Supported parameters" The general description of these parameters can be found in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3). +"PARAMETERS" in \fBEVP_MAC\fR\|(3). .PP The following parameter can be set with \fBEVP_MAC_CTX_set_params()\fR: -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " -Sets the \s-1MAC\s0 key. +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " +Sets the MAC key. Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3). -.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.IP """cipher"" (\fBOSSL_MAC_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_MAC_PARAM_CIPHER) " Sets the name of the underlying cipher to be used. -.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_MAC_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_MAC_PARAM_PROPERTIES) " Sets the properties to be queried when trying to fetch the underlying cipher. This must be given together with the cipher naming parameter to be considered valid. .PP The following parameters can be retrieved with \&\fBEVP_MAC_CTX_get_params()\fR: -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " -The \*(L"size\*(R" parameter can also be retrieved with with \fBEVP_MAC_CTX_get_mac_size()\fR. -The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. -.ie n .IP """block-size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``block-size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "block-size (OSSL_MAC_PARAM_SIZE) " -Gets the \s-1MAC\s0 block size. The \*(L"block-size\*(R" parameter can also be retrieved with +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " +The "size" parameter can also be retrieved with with \fBEVP_MAC_CTX_get_mac_size()\fR. +The length of the "size" parameter is equal to that of an \fBunsigned int\fR. +.IP """block\-size"" (\fBOSSL_MAC_PARAM_BLOCK_SIZE\fR) " 4 +.IX Item """block-size"" (OSSL_MAC_PARAM_BLOCK_SIZE) " +Gets the MAC block size. The "block\-size" parameter can also be retrieved with \&\fBEVP_MAC_CTX_get_block_size()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3) -.SH "COPYRIGHT" +"PARAMETERS" in \fBEVP_MAC\fR\|(3), \fBOSSL_PARAM\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MAC-GMAC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MAC-GMAC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,134 +53,69 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MAC-GMAC 7ossl" -.TH EVP_MAC-GMAC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MAC-GMAC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MAC\-GMAC \- The GMAC EVP_MAC implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1GMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0 +Support for computing GMAC MACs through the \fBEVP_MAC\fR API. .PP -This implementation uses \s-1EVP_CIPHER\s0 functions to get access to the underlying +This implementation uses EVP_CIPHER functions to get access to the underlying cipher. -.SS "Identity" +.SS Identity .IX Subsection "Identity" This implementation is identified with this name and properties, to be used with \fBEVP_MAC_fetch()\fR: -.ie n .IP """\s-1GMAC"",\s0 ""provider=default"" or ""provider=fips""" 4 -.el .IP "``\s-1GMAC'',\s0 ``provider=default'' or ``provider=fips''" 4 -.IX Item "GMAC, provider=default or provider=fips" +.IP """GMAC"", ""provider=default"" or ""provider=fips""" 4 +.IX Item """GMAC"", ""provider=default"" or ""provider=fips""" .SS "Supported parameters" .IX Subsection "Supported parameters" The general description of these parameters can be found in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3). +"PARAMETERS" in \fBEVP_MAC\fR\|(3). .PP The following parameter can be set with \fBEVP_MAC_CTX_set_params()\fR: -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " -Sets the \s-1MAC\s0 key. +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " +Sets the MAC key. Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3). -.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 -.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 -.IX Item "iv (OSSL_MAC_PARAM_IV) " -Sets the \s-1IV\s0 of the underlying cipher, when applicable. -.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.IP """iv"" (\fBOSSL_MAC_PARAM_IV\fR) " 4 +.IX Item """iv"" (OSSL_MAC_PARAM_IV) " +Sets the IV of the underlying cipher, when applicable. +.IP """cipher"" (\fBOSSL_MAC_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_MAC_PARAM_CIPHER) " Sets the name of the underlying cipher to be used. -.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_MAC_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_MAC_PARAM_PROPERTIES) " Sets the properties to be queried when trying to fetch the underlying cipher. This must be given together with the cipher naming parameter to be considered valid. .PP The following parameters can be retrieved with \&\fBEVP_MAC_CTX_get_params()\fR: -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " -Gets the \s-1MAC\s0 size. +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " +Gets the MAC size. .PP -The \*(L"size\*(R" parameter can also be retrieved with \fBEVP_MAC_CTX_get_mac_size()\fR. -The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. +The "size" parameter can also be retrieved with \fBEVP_MAC_CTX_get_mac_size()\fR. +The length of the "size" parameter is equal to that of an \fBunsigned int\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3) -.SH "COPYRIGHT" +"PARAMETERS" in \fBEVP_MAC\fR\|(3), \fBOSSL_PARAM\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MAC-HMAC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MAC-HMAC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,146 +53,78 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MAC-HMAC 7ossl" -.TH EVP_MAC-HMAC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MAC-HMAC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MAC\-HMAC \- The HMAC EVP_MAC implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1HMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0 +Support for computing HMAC MACs through the \fBEVP_MAC\fR API. .PP -This implementation uses \s-1EVP_MD\s0 functions to get access to the underlying +This implementation uses EVP_MD functions to get access to the underlying digest. -.SS "Identity" +.SS Identity .IX Subsection "Identity" This implementation is identified with this name and properties, to be used with \fBEVP_MAC_fetch()\fR: -.ie n .IP """\s-1HMAC"",\s0 ""provider=default"" or ""provider=fips""" 4 -.el .IP "``\s-1HMAC'',\s0 ``provider=default'' or ``provider=fips''" 4 -.IX Item "HMAC, provider=default or provider=fips" +.IP """HMAC"", ""provider=default"" or ""provider=fips""" 4 +.IX Item """HMAC"", ""provider=default"" or ""provider=fips""" .SS "Supported parameters" .IX Subsection "Supported parameters" The general description of these parameters can be found in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3). +"PARAMETERS" in \fBEVP_MAC\fR\|(3). .PP The following parameter can be set with \fBEVP_MAC_CTX_set_params()\fR: -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " -Sets the \s-1MAC\s0 key. +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " +Sets the MAC key. Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3). -.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_MAC_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_MAC_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_MAC_PARAM_DIGEST) " Sets the name of the underlying digest to be used. -.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_MAC_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_MAC_PARAM_PROPERTIES) " Sets the properties to be queried when trying to fetch the underlying digest. -This must be given together with the digest naming parameter (\*(L"digest\*(R", or -\&\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) to be considered valid. -.ie n .IP """digest-noinit"" (\fB\s-1OSSL_MAC_PARAM_DIGEST_NOINIT\s0\fR) " 4 -.el .IP "``digest-noinit'' (\fB\s-1OSSL_MAC_PARAM_DIGEST_NOINIT\s0\fR) " 4 -.IX Item "digest-noinit (OSSL_MAC_PARAM_DIGEST_NOINIT) " -A flag to set the \s-1MAC\s0 digest to not initialise the implementation +This must be given together with the digest naming parameter ("digest", or +\&\fBOSSL_MAC_PARAM_DIGEST\fR) to be considered valid. +.IP """digest\-noinit"" (\fBOSSL_MAC_PARAM_DIGEST_NOINIT\fR) " 4 +.IX Item """digest-noinit"" (OSSL_MAC_PARAM_DIGEST_NOINIT) " +A flag to set the MAC digest to not initialise the implementation specific data. The value 0 or 1 is expected. -.ie n .IP """digest-oneshot"" (\fB\s-1OSSL_MAC_PARAM_DIGEST_ONESHOT\s0\fR) " 4 -.el .IP "``digest-oneshot'' (\fB\s-1OSSL_MAC_PARAM_DIGEST_ONESHOT\s0\fR) " 4 -.IX Item "digest-oneshot (OSSL_MAC_PARAM_DIGEST_ONESHOT) " -A flag to set the \s-1MAC\s0 digest to be a one-shot operation. +.IP """digest\-oneshot"" (\fBOSSL_MAC_PARAM_DIGEST_ONESHOT\fR) " 4 +.IX Item """digest-oneshot"" (OSSL_MAC_PARAM_DIGEST_ONESHOT) " +A flag to set the MAC digest to be a one\-shot operation. The value 0 or 1 is expected. -.ie n .IP """tls-data-size"" (\fB\s-1OSSL_MAC_PARAM_TLS_DATA_SIZE\s0\fR) " 4 -.el .IP "``tls-data-size'' (\fB\s-1OSSL_MAC_PARAM_TLS_DATA_SIZE\s0\fR) " 4 -.IX Item "tls-data-size (OSSL_MAC_PARAM_TLS_DATA_SIZE) " +.IP """tls\-data\-size"" (\fBOSSL_MAC_PARAM_TLS_DATA_SIZE\fR) " 4 +.IX Item """tls-data-size"" (OSSL_MAC_PARAM_TLS_DATA_SIZE) " .PP The following parameter can be retrieved with \fBEVP_MAC_CTX_get_params()\fR: -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " -The \*(L"size\*(R" parameter can also be retrieved with \fBEVP_MAC_CTX_get_mac_size()\fR. -The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. -.ie n .IP """block-size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``block-size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "block-size (OSSL_MAC_PARAM_SIZE) " -Gets the \s-1MAC\s0 block size. The \*(L"block-size\*(R" parameter can also be retrieved with +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " +The "size" parameter can also be retrieved with \fBEVP_MAC_CTX_get_mac_size()\fR. +The length of the "size" parameter is equal to that of an \fBunsigned int\fR. +.IP """block\-size"" (\fBOSSL_MAC_PARAM_BLOCK_SIZE\fR) " 4 +.IX Item """block-size"" (OSSL_MAC_PARAM_BLOCK_SIZE) " +Gets the MAC block size. The "block\-size" parameter can also be retrieved with \&\fBEVP_MAC_CTX_get_block_size()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3), \s-1\fBHMAC\s0\fR\|(3) -.SH "COPYRIGHT" +"PARAMETERS" in \fBEVP_MAC\fR\|(3), \fBOSSL_PARAM\fR\|(3), \fBHMAC\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MAC-KMAC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MAC-KMAC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,136 +53,72 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MAC-KMAC 7ossl" -.TH EVP_MAC-KMAC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MAC-KMAC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MAC\-KMAC, EVP_MAC\-KMAC128, EVP_MAC\-KMAC256 \&\- The KMAC EVP_MAC implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1KMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing KMAC MACs through the \fBEVP_MAC\fR API. +.SS Identity .IX Subsection "Identity" These implementations are identified with one of these names and properties, to be used with \fBEVP_MAC_fetch()\fR: -.ie n .IP """\s-1KMAC\-128"",\s0 ""provider=default"" or ""provider=fips""" 4 -.el .IP "``\s-1KMAC\-128'',\s0 ``provider=default'' or ``provider=fips''" 4 -.IX Item "KMAC-128, provider=default or provider=fips" +.IP """KMAC\-128"", ""provider=default"" or ""provider=fips""" 4 +.IX Item """KMAC-128"", ""provider=default"" or ""provider=fips""" .PD 0 -.ie n .IP """\s-1KMAC\-256"",\s0 ""provider=default"" or ""provider=fips""" 4 -.el .IP "``\s-1KMAC\-256'',\s0 ``provider=default'' or ``provider=fips''" 4 -.IX Item "KMAC-256, provider=default or provider=fips" +.IP """KMAC\-256"", ""provider=default"" or ""provider=fips""" 4 +.IX Item """KMAC-256"", ""provider=default"" or ""provider=fips""" .PD .SS "Supported parameters" .IX Subsection "Supported parameters" The general description of these parameters can be found in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3). +"PARAMETERS" in \fBEVP_MAC\fR\|(3). .PP -All these parameters can be set with \fBEVP_MAC_CTX_set_params()\fR. -Furthermore, the \*(L"size\*(R" parameter can be retrieved with +All these parameters (except for "block\-size") can be set with +\&\fBEVP_MAC_CTX_set_params()\fR. +Furthermore, the "size" parameter can be retrieved with \&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_mac_size()\fR. -The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. -Likewise, the \*(L"block-size\*(R" parameter can be retrieved with +The length of the "size" parameter should not exceed that of a \fBsize_t\fR. +Likewise, the "block\-size" parameter can be retrieved with \&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_block_size()\fR. -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " -Sets the \s-1MAC\s0 key. +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " +Sets the MAC key. Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3). The length of the key (in bytes) must be in the range 4...512. -.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 -.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 -.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " -Sets the custom value. -It is an optional value with a length of at most 512 bytes, and is empty by default. -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " -Sets the \s-1MAC\s0 size. -By default, it is 16 for \f(CW\*(C`KMAC\-128\*(C'\fR and 32 for \f(CW\*(C`KMAC\-256\*(C'\fR. -.ie n .IP """block-size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``block-size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "block-size (OSSL_MAC_PARAM_SIZE) " -Gets the \s-1MAC\s0 block size. -By default, it is 168 for \f(CW\*(C`KMAC\-128\*(C'\fR and 136 for \f(CW\*(C`KMAC\-256\*(C'\fR. -.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 -.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 -.IX Item "xof (OSSL_MAC_PARAM_XOF) " -The \*(L"xof\*(R" parameter value is expected to be 1 or 0. Use 1 to enable \s-1XOF\s0 mode. +.IP """custom"" (\fBOSSL_MAC_PARAM_CUSTOM\fR) " 4 +.IX Item """custom"" (OSSL_MAC_PARAM_CUSTOM) " +Sets the customization string. +It is an optional value with a length of at most 512 bytes, and is +empty by default. +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " +Sets the MAC size. +By default, it is 32 for \f(CW\*(C`KMAC\-128\*(C'\fR and 64 for \f(CW\*(C`KMAC\-256\*(C'\fR. +.IP """block\-size"" (\fBOSSL_MAC_PARAM_BLOCK_SIZE\fR) " 4 +.IX Item """block-size"" (OSSL_MAC_PARAM_BLOCK_SIZE) " +Gets the MAC block size. +It is 168 for \f(CW\*(C`KMAC\-128\*(C'\fR and 136 for \f(CW\*(C`KMAC\-256\*(C'\fR. +.IP """xof"" (\fBOSSL_MAC_PARAM_XOF\fR) " 4 +.IX Item """xof"" (OSSL_MAC_PARAM_XOF) " +The "xof" parameter value is expected to be 1 or 0. Use 1 to enable XOF mode. The default value is 0. .PP -The \*(L"custom\*(R" parameter must be set as part of or before the \fBEVP_MAC_init()\fR call. -The \*(L"xof\*(R" and \*(L"size\*(R" parameters can be set at any time before \fBEVP_MAC_final()\fR. -The \*(L"key\*(R" parameter is set as part of the \fBEVP_MAC_init()\fR call, but can be +The "custom" parameter must be set as part of or before the \fBEVP_MAC_init()\fR call. +The "xof" and "size" parameters can be set at any time before \fBEVP_MAC_final()\fR. +The "key" parameter is set as part of the \fBEVP_MAC_init()\fR call, but can be set before it instead. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 2 \& #include @@ -267,12 +187,12 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3) -.SH "COPYRIGHT" +"PARAMETERS" in \fBEVP_MAC\fR\|(3), \fBOSSL_PARAM\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MAC-Poly1305.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MAC-Poly1305.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,123 +53,61 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MAC-POLY1305 7ossl" -.TH EVP_MAC-POLY1305 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MAC-POLY1305 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MAC\-Poly1305 \- The Poly1305 EVP_MAC implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing Poly1305 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing Poly1305 MACs through the \fBEVP_MAC\fR API. +.SS Identity .IX Subsection "Identity" This implementation is identified with this name and properties, to be used with \fBEVP_MAC_fetch()\fR: -.ie n .IP """\s-1POLY1305"",\s0 ""provider=default""" 4 -.el .IP "``\s-1POLY1305'',\s0 ``provider=default''" 4 -.IX Item "POLY1305, provider=default" +.IP """POLY1305"", ""provider=default""" 4 +.IX Item """POLY1305"", ""provider=default""" .SS "Supported parameters" .IX Subsection "Supported parameters" The general description of these parameters can be found in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3). +"PARAMETERS" in \fBEVP_MAC\fR\|(3). .PP The following parameter can be set with \fBEVP_MAC_CTX_set_params()\fR: -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " -Sets the \s-1MAC\s0 key. +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " +Sets the MAC key. Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3). .PP The following parameters can be retrieved with \&\fBEVP_MAC_CTX_get_params()\fR: -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " -Gets the \s-1MAC\s0 size. +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " +Gets the MAC size. .PP -The \*(L"size\*(R" parameter can also be retrieved with with \fBEVP_MAC_CTX_get_mac_size()\fR. -The length of the \*(L"size\*(R" parameter should not exceed that of an \fBunsigned int\fR. -.SH "NOTES" +The "size" parameter can also be retrieved with with \fBEVP_MAC_CTX_get_mac_size()\fR. +The length of the "size" parameter should not exceed that of an \fBunsigned int\fR. +.SH NOTES .IX Header "NOTES" -The OpenSSL implementation of the Poly 1305 \s-1MAC\s0 corresponds to \s-1RFC 7539.\s0 +The OpenSSL implementation of the Poly 1305 MAC corresponds to RFC 7539. .PP It is critical to never reuse the key. The security implication noted in -\&\s-1RFC 8439\s0 applies equally to the OpenSSL implementation. +RFC 8439 applies equally to the OpenSSL implementation. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3) -.SH "COPYRIGHT" +"PARAMETERS" in \fBEVP_MAC\fR\|(3), \fBOSSL_PARAM\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MAC-Siphash.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MAC-Siphash.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,122 +53,58 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MAC-SIPHASH 7ossl" -.TH EVP_MAC-SIPHASH 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MAC-SIPHASH 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MAC\-Siphash \- The Siphash EVP_MAC implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing Siphash MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing Siphash MACs through the \fBEVP_MAC\fR API. +.SS Identity .IX Subsection "Identity" This implementation is identified with this name and properties, to be used with \fBEVP_MAC_fetch()\fR: -.ie n .IP """\s-1SIPHASH"",\s0 ""provider=default""" 4 -.el .IP "``\s-1SIPHASH'',\s0 ``provider=default''" 4 -.IX Item "SIPHASH, provider=default" +.IP """SIPHASH"", ""provider=default""" 4 +.IX Item """SIPHASH"", ""provider=default""" .SS "Supported parameters" .IX Subsection "Supported parameters" The general description of these parameters can be found in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3). +"PARAMETERS" in \fBEVP_MAC\fR\|(3). .PP All these parameters can be set with \fBEVP_MAC_CTX_set_params()\fR. -Furthermore, the \*(L"size\*(R" parameter can be retrieved with +Furthermore, the "size" parameter can be retrieved with \&\fBEVP_MAC_CTX_get_params()\fR, or with \fBEVP_MAC_CTX_get_mac_size()\fR. -The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " -Sets the \s-1MAC\s0 key. +The length of the "size" parameter should not exceed that of a \fBsize_t\fR. +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " +Sets the MAC key. Setting this parameter is identical to passing a \fIkey\fR to \fBEVP_MAC_init\fR\|(3). -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " -Sets the \s-1MAC\s0 size. -.ie n .IP """c\-rounds"" (\fB\s-1OSSL_MAC_PARAM_C_ROUNDS\s0\fR) " 4 -.el .IP "``c\-rounds'' (\fB\s-1OSSL_MAC_PARAM_C_ROUNDS\s0\fR) " 4 -.IX Item "c-rounds (OSSL_MAC_PARAM_C_ROUNDS) " +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " +Sets the MAC size. +.IP """c\-rounds"" (\fBOSSL_MAC_PARAM_C_ROUNDS\fR) " 4 +.IX Item """c-rounds"" (OSSL_MAC_PARAM_C_ROUNDS) " Specifies the number of rounds per message block. By default this is \fI2\fR. -.ie n .IP """d\-rounds"" (\fB\s-1OSSL_MAC_PARAM_D_ROUNDS\s0\fR) " 4 -.el .IP "``d\-rounds'' (\fB\s-1OSSL_MAC_PARAM_D_ROUNDS\s0\fR) " 4 -.IX Item "d-rounds (OSSL_MAC_PARAM_D_ROUNDS) " +.IP """d\-rounds"" (\fBOSSL_MAC_PARAM_D_ROUNDS\fR) " 4 +.IX Item """d-rounds"" (OSSL_MAC_PARAM_D_ROUNDS) " Specifies the number of finalisation rounds. By default this is \fI4\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MAC_CTX_get_params\fR\|(3), \fBEVP_MAC_CTX_set_params\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3) -.SH "COPYRIGHT" +"PARAMETERS" in \fBEVP_MAC\fR\|(3), \fBOSSL_PARAM\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-BLAKE2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-BLAKE2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-BLAKE2 7ossl" -.TH EVP_MD-BLAKE2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-BLAKE2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-BLAKE2 \- The BLAKE2 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1BLAKE2\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identities" +Support for computing BLAKE2 digests through the \fBEVP_MD\fR API. +.SS Identities .IX Subsection "Identities" This implementation is only available with the default provider, and includes the following varieties: -.IP "\s-1BLAKE2S\-256\s0" 4 +.IP BLAKE2S\-256 4 .IX Item "BLAKE2S-256" -Known names are \*(L"\s-1BLAKE2S\-256\*(R"\s0 and \*(L"BLAKE2s256\*(R". -.IP "\s-1BLAKE2B\-512\s0" 4 +Known names are "BLAKE2S\-256" and "BLAKE2s256". +.IP BLAKE2B\-512 4 .IX Item "BLAKE2B-512" -Known names are \*(L"\s-1BLAKE2B\-512\*(R"\s0 and \*(L"BLAKE2b512\*(R". +Known names are "BLAKE2B\-512" and "BLAKE2b512". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described @@ -160,11 +85,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-MD2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-MD2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-MD2 7ossl" -.TH EVP_MD-MD2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-MD2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-MD2 \- The MD2 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1MD2\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing MD2 digests through the \fBEVP_MD\fR API. +.SS Identity .IX Subsection "Identity" This implementation is only available with the legacy provider, and is -identified with the name \*(L"\s-1MD2\*(R".\s0 +identified with the name "MD2". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described @@ -154,11 +79,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-MD4.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-MD4.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-MD4 7ossl" -.TH EVP_MD-MD4 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-MD4 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-MD4 \- The MD4 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1MD4\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing MD4 digests through the \fBEVP_MD\fR API. +.SS Identity .IX Subsection "Identity" This implementation is only available with the legacy provider, and is -identified with the name \*(L"\s-1MD4\*(R".\s0 +identified with the name "MD4". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described @@ -154,11 +79,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-MD5-SHA1.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-MD5-SHA1.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,113 +53,53 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-MD5-SHA1 7ossl" -.TH EVP_MD-MD5-SHA1 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-MD5-SHA1 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-MD5\-SHA1 \- The MD5\-SHA1 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1MD5\-SHA1\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 +Support for computing MD5\-SHA1 digests through the \fBEVP_MD\fR API. .PP -\&\s-1MD5\-SHA1\s0 is a rather special digest that's used with SSLv3. -.SS "Identity" +MD5\-SHA1 is a rather special digest that\*(Aqs used with SSLv3. +.SS Identity .IX Subsection "Identity" This implementation is only available with the default provider, and is -identified with the name \*(L"\s-1MD5\-SHA1\*(R".\s0 +identified with the name "MD5\-SHA1". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described in \fBEVP_MD\-common\fR\|(7). .SS "Settable Context Parameters" .IX Subsection "Settable Context Parameters" -This implementation supports the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries, -settable for an \fB\s-1EVP_MD_CTX\s0\fR with \fBEVP_MD_CTX_set_params\fR\|(3): -.ie n .IP """ssl3\-ms"" (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) " 4 -.el .IP "``ssl3\-ms'' (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) " 4 -.IX Item "ssl3-ms (OSSL_DIGEST_PARAM_SSL3_MS) " +This implementation supports the following \fBOSSL_PARAM\fR\|(3) entries, +settable for an \fBEVP_MD_CTX\fR with \fBEVP_MD_CTX_set_params\fR\|(3): +.IP """ssl3\-ms"" (\fBOSSL_DIGEST_PARAM_SSL3_MS\fR) " 4 +.IX Item """ssl3-ms"" (OSSL_DIGEST_PARAM_SSL3_MS) " This parameter is set by libssl in order to calculate a signature hash for an -SSLv3 CertificateVerify message as per \s-1RFC6101.\s0 +SSLv3 CertificateVerify message as per RFC6101. It is only set after all handshake messages have already been digested via \&\fBOP_digest_update()\fR calls. The parameter provides the master secret value to be added to the digest. -The digest implementation should calculate the complete digest as per \s-1RFC6101\s0 +The digest implementation should calculate the complete digest as per RFC6101 section 5.6.8. The next call after setting this parameter should be \fBOP_digest_final()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-MD5.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-MD5.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-MD5 7ossl" -.TH EVP_MD-MD5 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-MD5 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-MD5 \- The MD5 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1MD5\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing MD5 digests through the \fBEVP_MD\fR API. +.SS Identity .IX Subsection "Identity" This implementation is only available with the default provider, and is -identified with the name \*(L"\s-1MD5\*(R".\s0 +identified with the name "MD5". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described @@ -154,11 +79,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-MDC2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-MDC2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,107 +53,47 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-MDC2 7ossl" -.TH EVP_MD-MDC2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-MDC2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-MDC2 \- The MDC2 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1MDC2\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing MDC2 digests through the \fBEVP_MD\fR API. +.SS Identity .IX Subsection "Identity" This implementation is only available with the legacy provider, and is -identified with the name \*(L"\s-1MDC2\*(R".\s0 +identified with the name "MDC2". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described in \fBEVP_MD\-common\fR\|(7). .SS "Settable Context Parameters" .IX Subsection "Settable Context Parameters" -This implementation supports the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries, -settable for an \fB\s-1EVP_MD_CTX\s0\fR with \fBEVP_MD_CTX_set_params\fR\|(3): -.ie n .IP """pad-type"" (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) " 4 -.el .IP "``pad-type'' (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) " 4 -.IX Item "pad-type (OSSL_DIGEST_PARAM_PAD_TYPE) " +This implementation supports the following \fBOSSL_PARAM\fR\|(3) entries, +settable for an \fBEVP_MD_CTX\fR with \fBEVP_MD_CTX_set_params\fR\|(3): +.IP """pad\-type"" (\fBOSSL_DIGEST_PARAM_PAD_TYPE\fR) " 4 +.IX Item """pad-type"" (OSSL_DIGEST_PARAM_PAD_TYPE) " Sets the padding type to be used. -Normally the final \s-1MDC2\s0 block is padded with zeros. +Normally the final MDC2 block is padded with zeros. If the pad type is set to 2 then the final block is padded with 0x80 followed by zeros. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-NULL.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-NULL.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,88 +53,28 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-NULL 7ossl" -.TH EVP_MD-NULL 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-NULL 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-NULL \- The NULL EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for a \s-1NULL\s0 digest through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 +Support for a NULL digest through the \fBEVP_MD\fR API. This algorithm does nothing and returns 1 for its init, update and final methods. .SS "Algorithm Name" .IX Subsection "Algorithm Name" The following algorithm is available in the default provider: -.ie n .IP """\s-1NULL""\s0" 4 -.el .IP "``\s-1NULL''\s0" 4 -.IX Item "NULL" +.IP """NULL""" 4 +.IX Item """NULL""" .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described @@ -159,11 +83,11 @@ .IX Header "SEE ALSO" \&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7), \&\fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-RIPEMD160.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-RIPEMD160.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-RIPEMD160 7ossl" -.TH EVP_MD-RIPEMD160 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-RIPEMD160 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-RIPEMD160 \- The RIPEMD160 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1RIPEMD160\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identities" +Support for computing RIPEMD160 digests through the \fBEVP_MD\fR API. +.SS Identities .IX Subsection "Identities" This implementation is available in both the default and legacy providers, and is -identified with any of the names \*(L"\s-1RIPEMD\-160\*(R", \*(L"RIPEMD160\*(R", \*(L"RIPEMD\*(R"\s0 and -\&\*(L"\s-1RMD160\*(R".\s0 +identified with any of the names "RIPEMD\-160", "RIPEMD160", "RIPEMD" and +"RMD160". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described @@ -155,14 +80,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This digest was added to the default provider in OpenSSL 3.0.7. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-SHA1.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-SHA1.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,112 +53,52 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-SHA1 7ossl" -.TH EVP_MD-SHA1 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-SHA1 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-SHA1 \- The SHA1 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1SHA1\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identities" +Support for computing SHA1 digests through the \fBEVP_MD\fR API. +.SS Identities .IX Subsection "Identities" -This implementation is available with the \s-1FIPS\s0 provider as well as the -default provider, and is identified with the names \*(L"\s-1SHA1\*(R"\s0 and \*(L"\s-1SHA\-1\*(R".\s0 +This implementation is available with the FIPS provider as well as the +default provider, and is identified with the names "SHA1" and "SHA\-1". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described in \fBEVP_MD\-common\fR\|(7). .SS "Settable Context Parameters" .IX Subsection "Settable Context Parameters" -This implementation supports the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries, -settable for an \fB\s-1EVP_MD_CTX\s0\fR with \fBEVP_MD_CTX_set_params\fR\|(3): -.ie n .IP """ssl3\-ms"" (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) " 4 -.el .IP "``ssl3\-ms'' (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) " 4 -.IX Item "ssl3-ms (OSSL_DIGEST_PARAM_SSL3_MS) " +This implementation supports the following \fBOSSL_PARAM\fR\|(3) entries, +settable for an \fBEVP_MD_CTX\fR with \fBEVP_MD_CTX_set_params\fR\|(3): +.IP """ssl3\-ms"" (\fBOSSL_DIGEST_PARAM_SSL3_MS\fR) " 4 +.IX Item """ssl3-ms"" (OSSL_DIGEST_PARAM_SSL3_MS) " This parameter is set by libssl in order to calculate a signature hash for an -SSLv3 CertificateVerify message as per \s-1RFC6101.\s0 +SSLv3 CertificateVerify message as per RFC6101. It is only set after all handshake messages have already been digested via \&\fBOP_digest_update()\fR calls. The parameter provides the master secret value to be added to the digest. -The digest implementation should calculate the complete digest as per \s-1RFC6101\s0 +The digest implementation should calculate the complete digest as per RFC6101 section 5.6.8. The next call after setting this parameter should be \fBOP_digest_final()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-SHA2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-SHA2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,110 +53,51 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-SHA2 7ossl" -.TH EVP_MD-SHA2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-SHA2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-SHA2 \- The SHA2 EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1SHA2\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identities" +Support for computing SHA2 digests through the \fBEVP_MD\fR API. +.SS Identities .IX Subsection "Identities" This implementation includes the following varieties: -.IP "\(bu" 4 -Available with the \s-1FIPS\s0 provider as well as the default provider: +.IP \(bu 4 +Available with the FIPS provider as well as the default provider: .RS 4 -.IP "\s-1SHA2\-224\s0" 4 +.IP SHA2\-224 4 .IX Item "SHA2-224" -Known names are \*(L"\s-1SHA2\-224\*(R", \*(L"SHA\-224\*(R"\s0 and \*(L"\s-1SHA224\*(R".\s0 -.IP "\s-1SHA2\-256\s0" 4 +Known names are "SHA2\-224", "SHA\-224" and "SHA224". +.IP SHA2\-256 4 .IX Item "SHA2-256" -Known names are \*(L"\s-1SHA2\-256\*(R", \*(L"SHA\-256\*(R"\s0 and \*(L"\s-1SHA256\*(R".\s0 -.IP "\s-1SHA2\-384\s0" 4 +Known names are "SHA2\-256", "SHA\-256" and "SHA256". +.IP SHA2\-384 4 .IX Item "SHA2-384" -Known names are \*(L"\s-1SHA2\-384\*(R", \*(L"SHA\-384\*(R"\s0 and \*(L"\s-1SHA384\*(R".\s0 -.IP "\s-1SHA2\-512\s0" 4 +Known names are "SHA2\-384", "SHA\-384" and "SHA384". +.IP SHA2\-512 4 .IX Item "SHA2-512" -Known names are \*(L"\s-1SHA2\-512\*(R", \*(L"SHA\-512\*(R"\s0 and \*(L"\s-1SHA512\*(R".\s0 +Known names are "SHA2\-512", "SHA\-512" and "SHA512". .RE .RS 4 .RE -.IP "\(bu" 4 +.IP \(bu 4 Available with the default provider: .RS 4 -.IP "\s-1SHA2\-512/224\s0" 4 +.IP SHA2\-512/224 4 .IX Item "SHA2-512/224" -Known names are \*(L"\s-1SHA2\-512/224\*(R", \*(L"SHA\-512/224\*(R"\s0 and \*(L"\s-1SHA512\-224\*(R".\s0 -.IP "\s-1SHA2\-512/256\s0" 4 +Known names are "SHA2\-512/224", "SHA\-512/224" and "SHA512\-224". +.IP SHA2\-512/256 4 .IX Item "SHA2-512/256" -Known names are \*(L"\s-1SHA2\-512/256\*(R", \*(L"SHA\-512/256\*(R"\s0 and \*(L"\s-1SHA512\-256\*(R".\s0 +Known names are "SHA2\-512/256", "SHA\-512/256" and "SHA512\-256". .RE .RS 4 .RE @@ -182,12 +107,12 @@ in \fBEVP_MD\-common\fR\|(7). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\-digest\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-FIPS\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-SHA3.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-SHA3.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,97 +53,34 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-SHA3 7ossl" -.TH EVP_MD-SHA3 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-SHA3 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-SHA3 \- The SHA3 EVP_MD implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1SHA3\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identities" +Support for computing SHA3 digests through the \fBEVP_MD\fR API. +.SS Identities .IX Subsection "Identities" -This implementation is available with the \s-1FIPS\s0 provider as well as the +This implementation is available with the FIPS provider as well as the default provider, and includes the following varieties: -.ie n .IP """\s-1SHA3\-224""\s0" 4 -.el .IP "``\s-1SHA3\-224''\s0" 4 -.IX Item "SHA3-224" +.IP """SHA3\-224""" 4 +.IX Item """SHA3-224""" .PD 0 -.ie n .IP """\s-1SHA3\-256""\s0" 4 -.el .IP "``\s-1SHA3\-256''\s0" 4 -.IX Item "SHA3-256" -.ie n .IP """\s-1SHA3\-384""\s0" 4 -.el .IP "``\s-1SHA3\-384''\s0" 4 -.IX Item "SHA3-384" -.ie n .IP """\s-1SHA3\-512""\s0" 4 -.el .IP "``\s-1SHA3\-512''\s0" 4 -.IX Item "SHA3-512" +.IP """SHA3\-256""" 4 +.IX Item """SHA3-256""" +.IP """SHA3\-384""" 4 +.IX Item """SHA3-384""" +.IP """SHA3\-512""" 4 +.IX Item """SHA3-512""" .PD .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" @@ -167,12 +88,12 @@ in \fBEVP_MD\-common\fR\|(7). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\-digest\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +\&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-FIPS\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-SHAKE.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-SHAKE.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,132 +53,77 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-SHAKE 7ossl" -.TH EVP_MD-SHAKE 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-SHAKE 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-SHAKE, EVP_MD\-KECCAK\-KMAC \&\- The SHAKE / KECCAK family EVP_MD implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1SHAKE\s0 or KECCAK-KMAC digests through the -\&\fB\s-1EVP_MD\s0\fR \s-1API.\s0 +Support for computing SHAKE or KECCAK\-KMAC digests through the +\&\fBEVP_MD\fR API. .PP -KECCAK-KMAC is a special digest that's used by the \s-1KMAC EVP_MAC\s0 -implementation (see \s-1\fBEVP_MAC\-KMAC\s0\fR\|(7)). -.SS "Identities" +KECCAK\-KMAC is an Extendable Output Function (XOF), with a definition +similar to SHAKE, used by the KMAC EVP_MAC implementation (see +\&\fBEVP_MAC\-KMAC\fR\|(7)). +.SS Identities .IX Subsection "Identities" -This implementation is available in the \s-1FIPS\s0 provider as well as the default +This implementation is available in the FIPS provider as well as the default provider, and includes the following varieties: -.IP "\s-1KECCAK\-KMAC\-128\s0" 4 +.IP KECCAK\-KMAC\-128 4 .IX Item "KECCAK-KMAC-128" -Known names are \*(L"\s-1KECCAK\-KMAC\-128\*(R"\s0 and \*(L"\s-1KECCAK\-KMAC128\*(R"\s0 -This is used by \s-1\fBEVP_MAC\-KMAC128\s0\fR\|(7) -.IP "\s-1KECCAK\-KMAC\-256\s0" 4 +Known names are "KECCAK\-KMAC\-128" and "KECCAK\-KMAC128". This is used +by \fBEVP_MAC\-KMAC128\fR\|(7). Using the notation from NIST FIPS 202 +(Section 6.2), we have KECCAK\-KMAC\-128(M,\ d) = KECCAK[256](M\ ||\ 00,\ d) +(see the description of KMAC128 in Appendix A of NIST SP 800\-185). +.IP KECCAK\-KMAC\-256 4 .IX Item "KECCAK-KMAC-256" -Known names are \*(L"\s-1KECCAK\-KMAC\-256\*(R"\s0 and \*(L"\s-1KECCAK\-KMAC256\*(R"\s0 -This is used by \s-1\fBEVP_MAC\-KMAC256\s0\fR\|(7) -.IP "\s-1SHAKE\-128\s0" 4 +Known names are "KECCAK\-KMAC\-256" and "KECCAK\-KMAC256". This is used +by \fBEVP_MAC\-KMAC256\fR\|(7). Using the notation from NIST FIPS 202 +(Section 6.2), we have KECCAK\-KMAC\-256(M,\ d) = KECCAK[512](M\ ||\ 00,\ d) +(see the description of KMAC256 in Appendix A of NIST SP 800\-185). +.IP SHAKE\-128 4 .IX Item "SHAKE-128" -Known names are \*(L"\s-1SHAKE\-128\*(R"\s0 and \*(L"\s-1SHAKE128\*(R"\s0 -.IP "\s-1SHAKE\-256\s0" 4 +Known names are "SHAKE\-128" and "SHAKE128". +.IP SHAKE\-256 4 .IX Item "SHAKE-256" -Known names are \*(L"\s-1SHAKE\-256\*(R"\s0 and \*(L"\s-1SHAKE256\*(R"\s0 +Known names are "SHAKE\-256" and "SHAKE256". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described in \fBEVP_MD\-common\fR\|(7). .SS "Settable Context Parameters" .IX Subsection "Settable Context Parameters" -These implementations support the following \s-1\fBOSSL_PARAM\s0\fR\|(3) entries, -settable for an \fB\s-1EVP_MD_CTX\s0\fR with \fBEVP_MD_CTX_set_params\fR\|(3): -.ie n .IP """xoflen"" (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) " 4 -.el .IP "``xoflen'' (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) " 4 -.IX Item "xoflen (OSSL_DIGEST_PARAM_XOFLEN) " +These implementations support the following \fBOSSL_PARAM\fR\|(3) entries, +settable for an \fBEVP_MD_CTX\fR with \fBEVP_MD_CTX_set_params\fR\|(3): +.IP """xoflen"" (\fBOSSL_DIGEST_PARAM_XOFLEN\fR) " 4 +.IX Item """xoflen"" (OSSL_DIGEST_PARAM_XOFLEN) " Sets the digest length for extendable output functions. -The length of the \*(L"xoflen\*(R" parameter should not exceed that of a \fBsize_t\fR. +The length of the "xoflen" parameter should not exceed that of a \fBsize_t\fR. .Sp -For backwards compatibility reasons the default xoflen length for \s-1SHAKE\-128\s0 is +For backwards compatibility reasons the default xoflen length for SHAKE\-128 is 16 (bytes) which results in a security strength of only 64 bits. To ensure the maximum security strength of 128 bits, the xoflen should be set to at least 32. .Sp -For backwards compatibility reasons the default xoflen length for \s-1SHAKE\-256\s0 is +For backwards compatibility reasons the default xoflen length for SHAKE\-256 is 32 (bytes) which results in a security strength of only 128 bits. To ensure the maximum security strength of 256 bits, the xoflen should be set to at least 64. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MD_CTX_set_params\fR\|(3), \fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-SM3.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-SM3.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-SM3 7ossl" -.TH EVP_MD-SM3 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-SM3 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-SM3 \- The SM3 EVP_MD implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1SM3\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing SM3 digests through the \fBEVP_MD\fR API. +.SS Identity .IX Subsection "Identity" This implementation is only available with the default provider, and is -identified with the name \*(L"\s-1SM3\*(R".\s0 +identified with the name "SM3". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described @@ -154,11 +79,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-WHIRLPOOL.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-WHIRLPOOL.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-WHIRLPOOL 7ossl" -.TH EVP_MD-WHIRLPOOL 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-WHIRLPOOL 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-WHIRLPOOL \- The WHIRLPOOL EVP_MD implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1WHIRLPOOL\s0 digests through the \fB\s-1EVP_MD\s0\fR \s-1API.\s0 -.SS "Identity" +Support for computing WHIRLPOOL digests through the \fBEVP_MD\fR API. +.SS Identity .IX Subsection "Identity" This implementation is only available with the legacy provider, and is -identified with the name \*(L"\s-1WHIRLPOOL\*(R".\s0 +identified with the name "WHIRLPOOL". .SS "Gettable Parameters" .IX Subsection "Gettable Parameters" This implementation supports the common gettable parameters described @@ -154,11 +79,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-digest\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_MD-common.7.orig +++ secure/lib/libcrypto/man/man7/EVP_MD-common.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,115 +53,53 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_MD-COMMON 7ossl" -.TH EVP_MD-COMMON 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_MD-COMMON 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_MD\-common \- The OpenSSL EVP_MD implementations, common things -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -All the OpenSSL \s-1EVP_MD\s0 implementations understand the following -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) entries that are +All the OpenSSL EVP_MD implementations understand the following +\&\fBOSSL_PARAM\fR\|(3) entries that are gettable with \fBEVP_MD_get_params\fR\|(3), as well as these: -.ie n .IP """blocksize"" (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) " 4 -.el .IP "``blocksize'' (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) " 4 -.IX Item "blocksize (OSSL_DIGEST_PARAM_BLOCK_SIZE) " +.IP """blocksize"" (\fBOSSL_DIGEST_PARAM_BLOCK_SIZE\fR) " 4 +.IX Item """blocksize"" (OSSL_DIGEST_PARAM_BLOCK_SIZE) " The digest block size. -The length of the \*(L"blocksize\*(R" parameter should not exceed that of a +The length of the "blocksize" parameter should not exceed that of a \&\fBsize_t\fR. .Sp This value can also be retrieved with \fBEVP_MD_get_block_size\fR\|(3). -.ie n .IP """size"" (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_DIGEST_PARAM_SIZE) " +.IP """size"" (\fBOSSL_DIGEST_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_DIGEST_PARAM_SIZE) " The digest output size. -The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +The length of the "size" parameter should not exceed that of a \fBsize_t\fR. .Sp This value can also be retrieved with \fBEVP_MD_get_size\fR\|(3). -.ie n .IP """flags"" (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) " 4 -.el .IP "``flags'' (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) " 4 -.IX Item "flags (OSSL_DIGEST_PARAM_FLAGS) " +.IP """flags"" (\fBOSSL_DIGEST_PARAM_FLAGS\fR) " 4 +.IX Item """flags"" (OSSL_DIGEST_PARAM_FLAGS) " Diverse flags that describe exceptional behaviour for the digest. -These flags are described in \*(L"\s-1DESCRIPTION\*(R"\s0 in \fBEVP_MD_meth_set_flags\fR\|(3). +These flags are described in "DESCRIPTION" in \fBEVP_MD_meth_set_flags\fR\|(3). .Sp -The length of the \*(L"flags\*(R" parameter should equal that of an +The length of the "flags" parameter should equal that of an \&\fBunsigned long int\fR. .Sp This value can also be retrieved with \fBEVP_MD_get_flags\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MD_get_params\fR\|(3), \fBprovider\-digest\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_PKEY-DH.7.orig +++ secure/lib/libcrypto/man/man7/EVP_PKEY-DH.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,233 +53,165 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-DH 7ossl" -.TH EVP_PKEY-DH 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY-DH 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY\-DH, EVP_PKEY\-DHX, EVP_KEYMGMT\-DH, EVP_KEYMGMT\-DHX \&\- EVP_PKEY DH and DHX keytype and algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -For \fB\s-1DH\s0\fR \s-1FFC\s0 key agreement, two classes of domain parameters can be used: -\&\*(L"safe\*(R" domain parameters that are associated with approved named safe-prime -groups, and a class of \*(L"FIPS186\-type\*(R" domain parameters. FIPS186\-type domain -parameters should only be used for backward compatibility with existing -applications that cannot be upgraded to use the approved safe-prime groups. +For finite field Diffie\-Hellman key agreement, two classes of domain +parameters can be used: "safe" domain parameters that are associated with +approved named safe\-prime groups, and a class of "FIPS186\-type" domain +parameters. FIPS186\-type domain parameters should only be used for backward +compatibility with existing applications that cannot be upgraded to use the +approved safe\-prime groups. .PP -See \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) for more information about \s-1FFC\s0 keys. +See \fBEVP_PKEY\-FFC\fR\|(7) for more information about FFC keys. .PP -The \fB\s-1DH\s0\fR key type uses PKCS#3 format which saves \fIp\fR and \fIg\fR, but not the +The \fBDH\fR key type uses PKCS#3 format which saves \fIp\fR and \fIg\fR, but not the \&\fIq\fR value. -The \fB\s-1DHX\s0\fR key type uses X9.42 format which saves the value of \fIq\fR and this -must be used for \s-1FIPS186\-4.\s0 If key validation is required, users should be aware -of the nuances associated with \s-1FIPS186\-4\s0 style parameters as discussed in -\&\*(L"\s-1DH\s0 key validation\*(R". -.SS "\s-1DH\s0 and \s-1DHX\s0 domain parameters" +The \fBDHX\fR key type uses X9.42 format which saves the value of \fIq\fR and this +must be used for FIPS186\-4. If key validation is required, users should be aware +of the nuances associated with FIPS186\-4 style parameters as discussed in +"DH and DHX key validation". +.SS "DH and DHX domain parameters" .IX Subsection "DH and DHX domain parameters" -In addition to the common \s-1FCC\s0 parameters that all \s-1FFC\s0 keytypes should support -(see \*(L"\s-1FFC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)) the \fB\s-1DHX\s0\fR and \fB\s-1DH\s0\fR keytype +In addition to the common FFC parameters that all FFC keytypes should support +(see "FFC parameters" in \fBEVP_PKEY\-FFC\fR\|(7)) the \fBDHX\fR and \fBDH\fR keytype implementations support the following: -.ie n .IP """group"" (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``group'' (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "group (OSSL_PKEY_PARAM_GROUP_NAME) " -Sets or gets a string that associates a \fB\s-1DH\s0\fR or \fB\s-1DHX\s0\fR named safe prime group +.IP """group"" (\fBOSSL_PKEY_PARAM_GROUP_NAME\fR) " 4 +.IX Item """group"" (OSSL_PKEY_PARAM_GROUP_NAME) " +Sets or gets a string that associates a \fBDH\fR or \fBDHX\fR named safe prime group with known values for \fIp\fR, \fIq\fR and \fIg\fR. .Sp -The following values can be used by the OpenSSL's default and \s-1FIPS\s0 providers: -\&\*(L"ffdhe2048\*(R", \*(L"ffdhe3072\*(R", \*(L"ffdhe4096\*(R", \*(L"ffdhe6144\*(R", \*(L"ffdhe8192\*(R", -\&\*(L"modp_2048\*(R", \*(L"modp_3072\*(R", \*(L"modp_4096\*(R", \*(L"modp_6144\*(R", \*(L"modp_8192\*(R". +The following values can be used by the OpenSSL\*(Aqs default and FIPS providers: +"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", +"modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192". .Sp -The following additional values can also be used by OpenSSL's default provider: -\&\*(L"modp_1536\*(R", \*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R", \*(L"dh_2048_256\*(R". +The following additional values can also be used by OpenSSL\*(Aqs default provider: +"modp_1536", "dh_1024_160", "dh_2048_224", "dh_2048_256". .Sp -\&\s-1DH/DHX\s0 named groups can be easily validated since the parameters are well known. +DH/DHX named groups can be easily validated since the parameters are well known. For protocols that only transfer \fIp\fR and \fIg\fR the value of \fIq\fR can also be retrieved. -.SS "\s-1DH\s0 and \s-1DHX\s0 additional parameters" +.SS "DH and DHX additional parameters" .IX Subsection "DH and DHX additional parameters" -.ie n .IP """encoded-pub-key"" (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) " 4 -.el .IP "``encoded-pub-key'' (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) " 4 -.IX Item "encoded-pub-key (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) " -Used for getting and setting the encoding of the \s-1DH\s0 public key used in a key -exchange message for the \s-1TLS\s0 protocol. +.IP """encoded\-pub\-key"" (\fBOSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\fR) " 4 +.IX Item """encoded-pub-key"" (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) " +Used for getting and setting the encoding of the DH public key used in a key +exchange message for the TLS protocol. See \fBEVP_PKEY_set1_encoded_public_key()\fR and \fBEVP_PKEY_get1_encoded_public_key()\fR. -.SS "\s-1DH\s0 additional domain parameters" +.SS "DH additional domain parameters" .IX Subsection "DH additional domain parameters" -.ie n .IP """safeprime-generator"" (\fB\s-1OSSL_PKEY_PARAM_DH_GENERATOR\s0\fR) " 4 -.el .IP "``safeprime-generator'' (\fB\s-1OSSL_PKEY_PARAM_DH_GENERATOR\s0\fR) " 4 -.IX Item "safeprime-generator (OSSL_PKEY_PARAM_DH_GENERATOR) " -Used for \s-1DH\s0 generation of safe primes using the old safe prime generator code. +.IP """safeprime\-generator"" (\fBOSSL_PKEY_PARAM_DH_GENERATOR\fR) " 4 +.IX Item """safeprime-generator"" (OSSL_PKEY_PARAM_DH_GENERATOR) " +Used for DH generation of safe primes using the old safe prime generator code. The default value is 2. It is recommended to use a named safe prime group instead, if domain parameter validation is required. .Sp -Randomly generated safe primes are not allowed by \s-1FIPS,\s0 so setting this value -for the OpenSSL \s-1FIPS\s0 provider will instead choose a named safe prime group +Randomly generated safe primes are not allowed by FIPS, so setting this value +for the OpenSSL FIPS provider will instead choose a named safe prime group based on the size of \fIp\fR. -.SS "\s-1DH\s0 and \s-1DHX\s0 domain parameter / key generation parameters" +.SS "DH and DHX domain parameter / key generation parameters" .IX Subsection "DH and DHX domain parameter / key generation parameters" -In addition to the common \s-1FFC\s0 key generation parameters that all \s-1FFC\s0 key types -should support (see \*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)) the -\&\fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR keytype implementation supports the following: -.ie n .IP """type"" (\fB\s-1OSSL_PKEY_PARAM_FFC_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``type'' (\fB\s-1OSSL_PKEY_PARAM_FFC_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "type (OSSL_PKEY_PARAM_FFC_TYPE) " -Sets the type of parameter generation. For \fB\s-1DH\s0\fR valid values are: +In addition to the common FFC key generation parameters that all FFC key types +should support (see "FFC key generation parameters" in \fBEVP_PKEY\-FFC\fR\|(7)) the +\&\fBDH\fR and \fBDHX\fR keytype implementation supports the following: +.IP """type"" (\fBOSSL_PKEY_PARAM_FFC_TYPE\fR) " 4 +.IX Item """type"" (OSSL_PKEY_PARAM_FFC_TYPE) " +Sets the type of parameter generation. For \fBDH\fR valid values are: .RS 4 -.ie n .IP """fips186_4""" 4 -.el .IP "``fips186_4''" 4 -.IX Item "fips186_4" +.IP """fips186_4""" 4 +.IX Item """fips186_4""" .PD 0 -.ie n .IP """default""" 4 -.el .IP "``default''" 4 -.IX Item "default" -.ie n .IP """fips186_2""" 4 -.el .IP "``fips186_2''" 4 -.IX Item "fips186_2" +.IP """default""" 4 +.IX Item """default""" +.IP """fips186_2""" 4 +.IX Item """fips186_2""" .PD -These are described in \*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) -.ie n .IP """group""" 4 -.el .IP "``group''" 4 -.IX Item "group" -This specifies that a named safe prime name will be chosen using the \*(L"pbits\*(R" +These are described in "FFC key generation parameters" in \fBEVP_PKEY\-FFC\fR\|(7) +.IP """group""" 4 +.IX Item """group""" +This specifies that a named safe prime name will be chosen using the "pbits" type. -.ie n .IP """generator""" 4 -.el .IP "``generator''" 4 -.IX Item "generator" -A safe prime generator. See the \*(L"safeprime-generator\*(R" type above. -This is only valid for \fB\s-1DH\s0\fR keys. +.IP """generator""" 4 +.IX Item """generator""" +A safe prime generator. See the "safeprime\-generator" type above. +This is only valid for \fBDH\fR keys. .RE .RS 4 .RE -.ie n .IP """pbits"" (\fB\s-1OSSL_PKEY_PARAM_FFC_PBITS\s0\fR) " 4 -.el .IP "``pbits'' (\fB\s-1OSSL_PKEY_PARAM_FFC_PBITS\s0\fR) " 4 -.IX Item "pbits (OSSL_PKEY_PARAM_FFC_PBITS) " -Sets the size (in bits) of the prime 'p'. +.IP """pbits"" (\fBOSSL_PKEY_PARAM_FFC_PBITS\fR) " 4 +.IX Item """pbits"" (OSSL_PKEY_PARAM_FFC_PBITS) " +Sets the size (in bits) of the prime \*(Aqp\*(Aq. .Sp -For \*(L"fips186_4\*(R" this must be 2048. -For \*(L"fips186_2\*(R" this must be 1024. -For \*(L"group\*(R" this can be any one of 2048, 3072, 4096, 6144 or 8192. -.ie n .IP """priv_len"" (\fB\s-1OSSL_PKEY_PARAM_DH_PRIV_LEN\s0\fR) " 4 -.el .IP "``priv_len'' (\fB\s-1OSSL_PKEY_PARAM_DH_PRIV_LEN\s0\fR) " 4 -.IX Item "priv_len (OSSL_PKEY_PARAM_DH_PRIV_LEN) " +For "fips186_4" this must be 2048. +For "fips186_2" this must be 1024. +For "group" this can be any one of 2048, 3072, 4096, 6144 or 8192. +.IP """priv_len"" (\fBOSSL_PKEY_PARAM_DH_PRIV_LEN\fR) " 4 +.IX Item """priv_len"" (OSSL_PKEY_PARAM_DH_PRIV_LEN) " An optional value to set the maximum length of the generated private key. The default value used if this is not set is the maximum value of BN_num_bits(\fIq\fR)). The minimum value that this can be set to is 2 * s. Where s is the security strength of the key which has values of 112, 128, 152, 176 and 200 for key sizes of 2048, 3072, 4096, 6144 and 8192. -.SS "\s-1DH\s0 key validation" -.IX Subsection "DH key validation" -For \fB\s-1DHX\s0\fR that is not a named group the \s-1FIPS186\-4\s0 standard specifies that the -values used for \s-1FFC\s0 parameter generation are also required for parameter -validation. This means that optional \s-1FFC\s0 domain parameter values for +.SS "DH and DHX key validation" +.IX Subsection "DH and DHX key validation" +For keys that are not a named group the FIPS186\-4 standard specifies that the +values used for FFC parameter generation are also required for parameter +validation. This means that optional FFC domain parameter values for \&\fIseed\fR, \fIpcounter\fR and \fIgindex\fR or \fIhindex\fR may need to be stored for validation purposes. -For \fB\s-1DHX\s0\fR the \fIseed\fR and \fIpcounter\fR can be stored in \s-1ASN1\s0 data +For \fBDHX\fR the \fIseed\fR and \fIpcounter\fR can be stored in ASN1 data (but the \fIgindex\fR or \fIhindex\fR cannot be stored). It is recommended to use a -named safe prime group instead. +\&\fBDH\fR parameters with named safe prime group instead. .PP -For \s-1DH\s0 keys, \fBEVP_PKEY_param_check\fR\|(3) behaves in the following way: -The OpenSSL \s-1FIPS\s0 provider tests if the parameters are either an approved safe -prime group \s-1OR\s0 that the \s-1FFC\s0 parameters conform to \s-1FIPS186\-4\s0 as defined in -SP800\-56Ar3 \fIAssurances of Domain-Parameter Validity\fR. -The OpenSSL default provider uses simpler checks that allows there to be no \fIq\fR -value for backwards compatibility. +With the OpenSSL FIPS provider, \fBEVP_PKEY_param_check\fR\|(3) and +\&\fBEVP_PKEY_param_check_quick\fR\|(3) behave in the following way: the parameters +are tested if they are either an approved safe prime group OR that the FFC +parameters conform to FIPS186\-4 as defined in SP800\-56Ar3 \fIAssurances of +Domain\-Parameter Validity\fR. .PP -For \s-1DH\s0 keys, \fBEVP_PKEY_param_check_quick\fR\|(3) is equivalent to -\&\fBEVP_PKEY_param_check\fR\|(3). +The OpenSSL default provider uses simpler checks that allows there to be no \fIq\fR +value for backwards compatibility, however the \fBEVP_PKEY_param_check\fR\|(3) will +test the \fIp\fR value for being a prime (and a safe prime if \fIq\fR is missing) +which can take significant time. The \fBEVP_PKEY_param_check_quick\fR\|(3) avoids +the prime tests. .PP -For \s-1DH\s0 keys, \fBEVP_PKEY_public_check\fR\|(3) conforms to -SP800\-56Ar3 \fI\s-1FFC\s0 Full Public-Key Validation\fR. +\&\fBEVP_PKEY_public_check\fR\|(3) conforms to SP800\-56Ar3 +\&\fIFFC Full Public\-Key Validation\fR. .PP -For \s-1DH\s0 keys, \fBEVP_PKEY_public_check_quick\fR\|(3) conforms to -SP800\-56Ar3 \fI\s-1FFC\s0 Partial Public-Key Validation\fR when the -\&\s-1DH\s0 key is an approved named safe prime group, otherwise it is the same as -\&\fBEVP_PKEY_public_check\fR\|(3). +\&\fBEVP_PKEY_public_check_quick\fR\|(3) conforms to SP800\-56Ar3 +\&\fIFFC Partial Public\-Key Validation\fR when the key is an approved named safe +prime group, otherwise it is the same as \fBEVP_PKEY_public_check\fR\|(3). .PP -For \s-1DH\s0 Keys, \fBEVP_PKEY_private_check\fR\|(3) tests that the private key is in the -correct range according to SP800\-56Ar3. The OpenSSL \s-1FIPS\s0 provider requires the -value of \fIq\fR to be set (note that this is set for named safe prime groups). +\&\fBEVP_PKEY_private_check\fR\|(3) tests that the private key is in the correct range +according to SP800\-56Ar3. The OpenSSL FIPS provider requires the value of \fIq\fR +to be set (note that this is implicitly set for named safe prime groups). For backwards compatibility the OpenSSL default provider only requires \fIp\fR to be set. .PP -For \s-1DH\s0 keys, \fBEVP_PKEY_pairwise_check\fR\|(3) conforms to -SP800\-56Ar3 \fIOwner Assurance of Pair-wise Consistency\fR. -.SH "EXAMPLES" +\&\fBEVP_PKEY_pairwise_check\fR\|(3) conforms to SP800\-56Ar3 +\&\fIOwner Assurance of Pair\-wise Consistency\fR. +.SH EXAMPLES .IX Header "EXAMPLES" -An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling: +An \fBEVP_PKEY\fR context can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); .Ve .PP -A \fB\s-1DH\s0\fR key can be generated with a named safe prime group by calling: +A \fBDH\fR key can be generated with a named safe prime group by calling: .PP .Vb 4 \& int priv_len = 2 * 112; @@ -316,7 +232,7 @@ \& EVP_PKEY_CTX_free(pctx); .Ve .PP -\&\fB\s-1DHX\s0\fR domain parameters can be generated according to \fB\s-1FIPS186\-4\s0\fR by calling: +\&\fBDHX\fR domain parameters can be generated according to \fBFIPS186\-4\fR by calling: .PP .Vb 6 \& int gindex = 2; @@ -345,7 +261,7 @@ \& EVP_PKEY_CTX_free(pctx); .Ve .PP -A \fB\s-1DH\s0\fR key can be generated using domain parameters by calling: +A \fBDH\fR key can be generated using domain parameters by calling: .PP .Vb 2 \& EVP_PKEY *key = NULL; @@ -359,8 +275,8 @@ \& EVP_PKEY_CTX_free(gctx); .Ve .PP -To validate \fB\s-1FIPS186\-4\s0\fR \fB\s-1DHX\s0\fR domain parameters decoded from \fB\s-1PEM\s0\fR or -\&\fB\s-1DER\s0\fR data, additional values used during generation may be required to +To validate \fBFIPS186\-4\fR \fBDHX\fR domain parameters decoded from \fBPEM\fR or +\&\fBDER\fR data, additional values used during generation may be required to be set into the key. .PP \&\fBEVP_PKEY_todata()\fR, \fBOSSL_PARAM_merge()\fR, and \fBEVP_PKEY_fromdata()\fR are useful @@ -411,25 +327,24 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -.IP "\s-1RFC 7919\s0 (\s-1TLS\s0 ffdhe named safe prime groups)" 4 +.IP "RFC 7919 (TLS ffdhe named safe prime groups)" 4 .IX Item "RFC 7919 (TLS ffdhe named safe prime groups)" .PD 0 -.IP "\s-1RFC 3526\s0 (\s-1IKE\s0 modp named safe prime groups)" 4 +.IP "RFC 3526 (IKE modp named safe prime groups)" 4 .IX Item "RFC 3526 (IKE modp named safe prime groups)" -.ie n .IP "\s-1RFC 5114\s0 (Additional \s-1DH\s0 named groups for dh_1024_160"", ""dh_2048_224"" and ""dh_2048_256"")." 4 -.el .IP "\s-1RFC 5114\s0 (Additional \s-1DH\s0 named groups for dh_1024_160``, ''dh_2048_224`` and ''dh_2048_256"")." 4 -.IX Item "RFC 5114 (Additional DH named groups for dh_1024_160, dh_2048_224 and dh_2048_256"")." +.IP "RFC 5114 (Additional DH named groups for dh_1024_160"", ""dh_2048_224"" and ""dh_2048_256"")." 4 +.IX Item "RFC 5114 (Additional DH named groups for dh_1024_160"", ""dh_2048_224"" and ""dh_2048_256"")." .PD .PP The following sections of SP800\-56Ar3: -.IP "5.5.1.1 \s-1FFC\s0 Domain Parameter Selection/Generation" 4 +.IP "5.5.1.1 FFC Domain Parameter Selection/Generation" 4 .IX Item "5.5.1.1 FFC Domain Parameter Selection/Generation" .PD 0 -.IP "Appendix D: \s-1FFC\s0 Safe-prime Groups" 4 +.IP "Appendix D: FFC Safe\-prime Groups" 4 .IX Item "Appendix D: FFC Safe-prime Groups" .PD .PP -The following sections of \s-1FIPS186\-4:\s0 +The following sections of FIPS186\-4: .IP "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." 4 .IX Item "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." .PD 0 @@ -440,18 +355,18 @@ .PD .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7), -\&\s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7) -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_PKEY\-FFC\fR\|(7), +\&\fBEVP_KEYEXCH\-DH\fR\|(7) +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-keymgmt\fR\|(7), -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), +\&\fBEVP_KEYMGMT\fR\|(3), \&\fBOSSL_PROVIDER\-default\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_PKEY-DSA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_PKEY-DSA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,123 +53,64 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-DSA 7ossl" -.TH EVP_PKEY-DSA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY-DSA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY\-DSA, EVP_KEYMGMT\-DSA \- EVP_PKEY DSA keytype and algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -For \fB\s-1DSA\s0\fR the \s-1FIPS186\-4\s0 standard specifies that the values used for \s-1FFC\s0 +For \fBDSA\fR the FIPS186\-4 standard specifies that the values used for FFC parameter generation are also required for parameter validation. -This means that optional \s-1FFC\s0 domain parameter values for \fIseed\fR, \fIpcounter\fR -and \fIgindex\fR may need to be stored for validation purposes. For \fB\s-1DSA\s0\fR these -fields are not stored in the \s-1ASN1\s0 data so they need to be stored externally if +This means that optional FFC domain parameter values for \fIseed\fR, \fIpcounter\fR +and \fIgindex\fR may need to be stored for validation purposes. For \fBDSA\fR these +fields are not stored in the ASN1 data so they need to be stored externally if validation is required. -.SS "\s-1DSA\s0 parameters" +.SS "DSA parameters" .IX Subsection "DSA parameters" -The \fB\s-1DSA\s0\fR key type supports the \s-1FFC\s0 parameters (see -\&\*(L"\s-1FFC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)). -.SS "\s-1DSA\s0 key generation parameters" +The \fBDSA\fR key type supports the FFC parameters (see +"FFC parameters" in \fBEVP_PKEY\-FFC\fR\|(7)). +.SS "DSA key generation parameters" .IX Subsection "DSA key generation parameters" -The \fB\s-1DSA\s0\fR key type supports the \s-1FFC\s0 key generation parameters (see -\&\*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) +The \fBDSA\fR key type supports the FFC key generation parameters (see +"FFC key generation parameters" in \fBEVP_PKEY\-FFC\fR\|(7) .PP -The following restrictions apply to the \*(L"pbits\*(R" field: +The following restrictions apply to the "pbits" field: .PP -For \*(L"fips186_4\*(R" this must be either 2048 or 3072. -For \*(L"fips186_2\*(R" this must be 1024. -For \*(L"group\*(R" this can be any one of 2048, 3072, 4096, 6144 or 8192. -.SS "\s-1DSA\s0 key validation" +For "fips186_4" this must be either 2048 or 3072. +For "fips186_2" this must be 1024. +For "group" this can be any one of 2048, 3072, 4096, 6144 or 8192. +.SS "DSA key validation" .IX Subsection "DSA key validation" -For \s-1DSA\s0 keys, \fBEVP_PKEY_param_check\fR\|(3) behaves in the following way: -The OpenSSL \s-1FIPS\s0 provider conforms to the rules within the \s-1FIPS186\-4\s0 -standard for \s-1FFC\s0 parameter validation. For backwards compatibility the OpenSSL +For DSA keys, \fBEVP_PKEY_param_check\fR\|(3) behaves in the following way: +The OpenSSL FIPS provider conforms to the rules within the FIPS186\-4 +standard for FFC parameter validation. For backwards compatibility the OpenSSL default provider uses a much simpler check (see below) for parameter validation, unless the seed parameter is set. .PP -For \s-1DSA\s0 keys, \fBEVP_PKEY_param_check_quick\fR\|(3) behaves in the following way: +For DSA keys, \fBEVP_PKEY_param_check_quick\fR\|(3) behaves in the following way: A simple check of L and N and partial g is performed. The default provider -also supports validation of legacy \*(L"fips186_2\*(R" keys. +also supports validation of legacy "fips186_2" keys. .PP -For \s-1DSA\s0 keys, \fBEVP_PKEY_public_check\fR\|(3), \fBEVP_PKEY_private_check\fR\|(3) and -\&\fBEVP_PKEY_pairwise_check\fR\|(3) the OpenSSL default and \s-1FIPS\s0 providers conform to +For DSA keys, \fBEVP_PKEY_public_check\fR\|(3), \fBEVP_PKEY_private_check\fR\|(3) and +\&\fBEVP_PKEY_pairwise_check\fR\|(3) the OpenSSL default and FIPS providers conform to the rules within SP800\-56Ar3 for public, private and pairwise tests respectively. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling: +An \fBEVP_PKEY\fR context can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); .Ve .PP -The \fB\s-1DSA\s0\fR domain parameters can be generated by calling: +The \fBDSA\fR domain parameters can be generated by calling: .PP .Vb 6 \& unsigned int pbits = 2048; @@ -211,7 +136,7 @@ \& EVP_PKEY_print_params(bio_out, param_key, 0, NULL); .Ve .PP -A \fB\s-1DSA\s0\fR key can be generated using domain parameters by calling: +A \fBDSA\fR key can be generated using domain parameters by calling: .PP .Vb 2 \& EVP_PKEY *key = NULL; @@ -225,7 +150,7 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -The following sections of \s-1FIPS186\-4:\s0 +The following sections of FIPS186\-4: .IP "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." 4 .IX Item "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." .PD 0 @@ -236,18 +161,18 @@ .PD .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7), -\&\s-1\fBEVP_SIGNATURE\-DSA\s0\fR\|(7) -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_PKEY\-FFC\fR\|(7), +\&\fBEVP_SIGNATURE\-DSA\fR\|(7), +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-keymgmt\fR\|(7), -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), +\&\fBEVP_KEYMGMT\fR\|(3), \&\fBOSSL_PROVIDER\-default\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_PKEY-EC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_PKEY-EC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,190 +53,115 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-EC 7ossl" -.TH EVP_PKEY-EC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY-EC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY\-EC, EVP_KEYMGMT\-EC \&\- EVP_PKEY EC keytype and algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1EC\s0\fR keytype is implemented in OpenSSL's default provider. -.SS "Common \s-1EC\s0 parameters" +The \fBEC\fR keytype is implemented in OpenSSL\*(Aqs default provider. +.SS "Common EC parameters" .IX Subsection "Common EC parameters" -The normal way of specifying domain parameters for an \s-1EC\s0 curve is via the -curve name \*(L"group\*(R". For curves with no curve name, explicit parameters can be -used that specify \*(L"field-type\*(R", \*(L"p\*(R", \*(L"a\*(R", \*(L"b\*(R", \*(L"generator\*(R" and \*(L"order\*(R". +The normal way of specifying domain parameters for an EC curve is via the +curve name "group". For curves with no curve name, explicit parameters can be +used that specify "field\-type", "p", "a", "b", "generator" and "order". Explicit parameters are supported for backwards compatibility reasons, but they -are not compliant with multiple standards (including \s-1RFC5915\s0) which only allow +are not compliant with multiple standards (including RFC5915) which only allow named curves. .PP The following KeyGen/Gettable/Import/Export types are available for the -built-in \s-1EC\s0 algorithm: -.ie n .IP """group"" (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``group'' (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "group (OSSL_PKEY_PARAM_GROUP_NAME) " +built\-in EC algorithm: +.IP """group"" (\fBOSSL_PKEY_PARAM_GROUP_NAME\fR) " 4 +.IX Item """group"" (OSSL_PKEY_PARAM_GROUP_NAME) " The curve name. -.ie n .IP """field-type"" (\fB\s-1OSSL_PKEY_PARAM_EC_FIELD_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``field-type'' (\fB\s-1OSSL_PKEY_PARAM_EC_FIELD_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "field-type (OSSL_PKEY_PARAM_EC_FIELD_TYPE) " -The value should be either \*(L"prime-field\*(R" or \*(L"characteristic-two-field\*(R", +.IP """field\-type"" (\fBOSSL_PKEY_PARAM_EC_FIELD_TYPE\fR) " 4 +.IX Item """field-type"" (OSSL_PKEY_PARAM_EC_FIELD_TYPE) " +The value should be either "prime\-field" or "characteristic\-two\-field", which correspond to prime field Fp and binary field F2^m. -.ie n .IP """p"" (\fB\s-1OSSL_PKEY_PARAM_EC_P\s0\fR) " 4 -.el .IP "``p'' (\fB\s-1OSSL_PKEY_PARAM_EC_P\s0\fR) " 4 -.IX Item "p (OSSL_PKEY_PARAM_EC_P) " +.IP """p"" (\fBOSSL_PKEY_PARAM_EC_P\fR) " 4 +.IX Item """p"" (OSSL_PKEY_PARAM_EC_P) " For a curve over Fp \fIp\fR is the prime for the field. For a curve over F2^m \fIp\fR represents the irreducible polynomial \- each bit represents a term in the polynomial. Therefore, there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. -.ie n .IP """a"" (\fB\s-1OSSL_PKEY_PARAM_EC_A\s0\fR) " 4 -.el .IP "``a'' (\fB\s-1OSSL_PKEY_PARAM_EC_A\s0\fR) " 4 -.IX Item "a (OSSL_PKEY_PARAM_EC_A) " +.IP """a"" (\fBOSSL_PKEY_PARAM_EC_A\fR) " 4 +.IX Item """a"" (OSSL_PKEY_PARAM_EC_A) " .PD 0 -.ie n .IP """b"" (\fB\s-1OSSL_PKEY_PARAM_EC_B\s0\fR) " 4 -.el .IP "``b'' (\fB\s-1OSSL_PKEY_PARAM_EC_B\s0\fR) " 4 -.IX Item "b (OSSL_PKEY_PARAM_EC_B) " -.ie n .IP """seed"" (\fB\s-1OSSL_PKEY_PARAM_EC_SEED\s0\fR) " 4 -.el .IP "``seed'' (\fB\s-1OSSL_PKEY_PARAM_EC_SEED\s0\fR) " 4 -.IX Item "seed (OSSL_PKEY_PARAM_EC_SEED) " +.IP """b"" (\fBOSSL_PKEY_PARAM_EC_B\fR) " 4 +.IX Item """b"" (OSSL_PKEY_PARAM_EC_B) " +.IP """seed"" (\fBOSSL_PKEY_PARAM_EC_SEED\fR) " 4 +.IX Item """seed"" (OSSL_PKEY_PARAM_EC_SEED) " .PD \&\fIa\fR and \fIb\fR represents the coefficients of the curve -For Fp: y^2 mod p = x^3 +ax + b mod p \s-1OR\s0 +For Fp: y^2 mod p = x^3 +ax + b mod p OR For F2^m: y^2 + xy = x^3 + ax^2 + b .Sp \&\fIseed\fR is an optional value that is for information purposes only. It represents the random number seed used to generate the coefficient \fIb\fR from a random number. -.ie n .IP """generator"" (\fB\s-1OSSL_PKEY_PARAM_EC_GENERATOR\s0\fR) " 4 -.el .IP "``generator'' (\fB\s-1OSSL_PKEY_PARAM_EC_GENERATOR\s0\fR) " 4 -.IX Item "generator (OSSL_PKEY_PARAM_EC_GENERATOR) " +.IP """generator"" (\fBOSSL_PKEY_PARAM_EC_GENERATOR\fR) " 4 +.IX Item """generator"" (OSSL_PKEY_PARAM_EC_GENERATOR) " .PD 0 -.ie n .IP """order"" (\fB\s-1OSSL_PKEY_PARAM_EC_ORDER\s0\fR) " 4 -.el .IP "``order'' (\fB\s-1OSSL_PKEY_PARAM_EC_ORDER\s0\fR) " 4 -.IX Item "order (OSSL_PKEY_PARAM_EC_ORDER) " -.ie n .IP """cofactor"" (\fB\s-1OSSL_PKEY_PARAM_EC_COFACTOR\s0\fR) " 4 -.el .IP "``cofactor'' (\fB\s-1OSSL_PKEY_PARAM_EC_COFACTOR\s0\fR) " 4 -.IX Item "cofactor (OSSL_PKEY_PARAM_EC_COFACTOR) " +.IP """order"" (\fBOSSL_PKEY_PARAM_EC_ORDER\fR) " 4 +.IX Item """order"" (OSSL_PKEY_PARAM_EC_ORDER) " +.IP """cofactor"" (\fBOSSL_PKEY_PARAM_EC_COFACTOR\fR) " 4 +.IX Item """cofactor"" (OSSL_PKEY_PARAM_EC_COFACTOR) " .PD The \fIgenerator\fR is a well defined point on the curve chosen for cryptographic -operations. The encoding conforms with Sec. 2.3.3 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve -Cryptography\*(R") standard. See \fBEC_POINT_oct2point()\fR. +operations. The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve +Cryptography") standard. See \fBEC_POINT_oct2point()\fR. Integers used for point multiplications will be between 0 and \&\fIorder\fR \- 1. \&\fIcofactor\fR is an optional value. \&\fIorder\fR multiplied by the \fIcofactor\fR gives the number of points on the curve. -.ie n .IP """decoded-from-explicit"" (\fB\s-1OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS\s0\fR) " 4 -.el .IP "``decoded-from-explicit'' (\fB\s-1OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS\s0\fR) " 4 -.IX Item "decoded-from-explicit (OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS) " +.IP """decoded\-from\-explicit"" (\fBOSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS\fR) " 4 +.IX Item """decoded-from-explicit"" (OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS) " Gets a flag indicating whether the key or parameters were decoded from explicit curve parameters. Set to 1 if so or 0 if a named curve was used. -.ie n .IP """use-cofactor-flag"" (\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR) " 4 -.el .IP "``use-cofactor-flag'' (\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR) " 4 -.IX Item "use-cofactor-flag (OSSL_PKEY_PARAM_USE_COFACTOR_ECDH) " -Enable Cofactor \s-1DH\s0 (\s-1ECC CDH\s0) if this value is 1, otherwise it uses normal \s-1EC DH\s0 +.IP """use\-cofactor\-flag"" (\fBOSSL_PKEY_PARAM_USE_COFACTOR_ECDH\fR) " 4 +.IX Item """use-cofactor-flag"" (OSSL_PKEY_PARAM_USE_COFACTOR_ECDH) " +Enable Cofactor DH (ECC CDH) if this value is 1, otherwise it uses normal EC DH if the value is zero. The cofactor variant multiplies the shared secret by the -\&\s-1EC\s0 curve's cofactor (note for some curves the cofactor is 1). +EC curve\*(Aqs cofactor (note for some curves the cofactor is 1). .Sp -See also \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7) for the related -\&\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR parameter that can be set on a -per-operation basis. -.ie n .IP """encoding"" (\fB\s-1OSSL_PKEY_PARAM_EC_ENCODING\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``encoding'' (\fB\s-1OSSL_PKEY_PARAM_EC_ENCODING\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "encoding (OSSL_PKEY_PARAM_EC_ENCODING) " -Set the format used for serializing the \s-1EC\s0 group parameters. -Valid values are \*(L"explicit\*(R" or \*(L"named_curve\*(R". The default value is \*(L"named_curve\*(R". -.ie n .IP """point-format"" (\fB\s-1OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``point-format'' (\fB\s-1OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "point-format (OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT) " +See also \fBEVP_KEYEXCH\-ECDH\fR\|(7) for the related +\&\fBOSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\fR parameter that can be set on a +per\-operation basis. +.IP """encoding"" (\fBOSSL_PKEY_PARAM_EC_ENCODING\fR) " 4 +.IX Item """encoding"" (OSSL_PKEY_PARAM_EC_ENCODING) " +Set the format used for serializing the EC group parameters. +Valid values are "explicit" or "named_curve". The default value is "named_curve". +.IP """point\-format"" (\fBOSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\fR) " 4 +.IX Item """point-format"" (OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT) " Sets or gets the point_conversion_form for the \fIkey\fR. For a description of point_conversion_forms please see \fBEC_POINT_new\fR\|(3). Valid values are -\&\*(L"uncompressed\*(R" or \*(L"compressed\*(R". The default value is \*(L"uncompressed\*(R". -.ie n .IP """group-check"" (\fB\s-1OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``group-check'' (\fB\s-1OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "group-check (OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE) " +"uncompressed" or "compressed". The default value is "uncompressed". +.IP """group\-check"" (\fBOSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE\fR) " 4 +.IX Item """group-check"" (OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE) " Sets or Gets the type of group check done when \fBEVP_PKEY_param_check()\fR is called. -Valid values are \*(L"default\*(R", \*(L"named\*(R" and \*(L"named-nist\*(R". -The \*(L"named\*(R" type checks that the domain parameters match the inbuilt curve parameters, -\&\*(L"named-nist\*(R" is similar but also checks that the named curve is a nist curve. -The \*(L"default\*(R" type does domain parameter validation for the OpenSSL default provider, -but is equivalent to \*(L"named-nist\*(R" for the OpenSSL \s-1FIPS\s0 provider. -.ie n .IP """include-public"" (\fB\s-1OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC\s0\fR) " 4 -.el .IP "``include-public'' (\fB\s-1OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC\s0\fR) " 4 -.IX Item "include-public (OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC) " +Valid values are "default", "named" and "named\-nist". +The "named" type checks that the domain parameters match the inbuilt curve parameters, +"named\-nist" is similar but also checks that the named curve is a nist curve. +The "default" type does domain parameter validation for the OpenSSL default provider, +but is equivalent to "named\-nist" for the OpenSSL FIPS provider. +.IP """include\-public"" (\fBOSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC\fR) " 4 +.IX Item """include-public"" (OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC) " Setting this value to 0 indicates that the public key should not be included when encoding the private key. The default value of 1 will include the public key. -.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 -.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 -.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) " -The public key value in encoded \s-1EC\s0 point format conforming to Sec. 2.3.3 and -2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve Cryptography\*(R") standard. +.IP """pub"" (\fBOSSL_PKEY_PARAM_PUB_KEY\fR) " 4 +.IX Item """pub"" (OSSL_PKEY_PARAM_PUB_KEY) " +The public key value in encoded EC point format conforming to Sec. 2.3.3 and +2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. This parameter is used when importing or exporting the public key value with the \&\fBEVP_PKEY_fromdata()\fR and \fBEVP_PKEY_todata()\fR functions. .Sp @@ -262,54 +171,43 @@ Before OpenSSL 3.0.8, the implementation of providers included with OpenSSL always opted for an encoding in compressed format, unconditionally. Since OpenSSL 3.0.8, the implementation has been changed to honor the -\&\fB\s-1OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\s0\fR parameter, if set, or to default +\&\fBOSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\fR parameter, if set, or to default to uncompressed format. -.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) " +.IP """priv"" (\fBOSSL_PKEY_PARAM_PRIV_KEY\fR) " 4 +.IX Item """priv"" (OSSL_PKEY_PARAM_PRIV_KEY) " The private key value. -.ie n .IP """encoded-pub-key"" (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) " 4 -.el .IP "``encoded-pub-key'' (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) " 4 -.IX Item "encoded-pub-key (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) " -Used for getting and setting the encoding of an \s-1EC\s0 public key. The public key -is expected to be a point conforming to Sec. 2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic -Curve Cryptography\*(R") standard. -.ie n .IP """qx"" (\fB\s-1OSSL_PKEY_PARAM_EC_PUB_X\s0\fR) " 4 -.el .IP "``qx'' (\fB\s-1OSSL_PKEY_PARAM_EC_PUB_X\s0\fR) " 4 -.IX Item "qx (OSSL_PKEY_PARAM_EC_PUB_X) " -Used for getting the \s-1EC\s0 public key X component. -.ie n .IP """qy"" (\fB\s-1OSSL_PKEY_PARAM_EC_PUB_Y\s0\fR) " 4 -.el .IP "``qy'' (\fB\s-1OSSL_PKEY_PARAM_EC_PUB_Y\s0\fR) " 4 -.IX Item "qy (OSSL_PKEY_PARAM_EC_PUB_Y) " -Used for getting the \s-1EC\s0 public key Y component. -.ie n .IP """default-digest"" (\fB\s-1OSSL_PKEY_PARAM_DEFAULT_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``default-digest'' (\fB\s-1OSSL_PKEY_PARAM_DEFAULT_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "default-digest (OSSL_PKEY_PARAM_DEFAULT_DIGEST) " +.IP """encoded\-pub\-key"" (\fBOSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\fR) " 4 +.IX Item """encoded-pub-key"" (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) " +Used for getting and setting the encoding of an EC public key. The public key +is expected to be a point conforming to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic +Curve Cryptography") standard. +.IP """qx"" (\fBOSSL_PKEY_PARAM_EC_PUB_X\fR) " 4 +.IX Item """qx"" (OSSL_PKEY_PARAM_EC_PUB_X) " +Used for getting the EC public key X component. +.IP """qy"" (\fBOSSL_PKEY_PARAM_EC_PUB_Y\fR) " 4 +.IX Item """qy"" (OSSL_PKEY_PARAM_EC_PUB_Y) " +Used for getting the EC public key Y component. +.IP """default\-digest"" (\fBOSSL_PKEY_PARAM_DEFAULT_DIGEST\fR) " 4 +.IX Item """default-digest"" (OSSL_PKEY_PARAM_DEFAULT_DIGEST) " Getter that returns the default digest name. -(Currently returns \*(L"\s-1SHA256\*(R"\s0 as of OpenSSL 3.0). +(Currently returns "SHA256" as of OpenSSL 3.0). .PP -The following Gettable types are also available for the built-in \s-1EC\s0 algorithm: -.ie n .IP """basis-type"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``basis-type'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "basis-type (OSSL_PKEY_PARAM_EC_CHAR2_TYPE) " -Supports the values \*(L"tpBasis\*(R" for a trinomial or \*(L"ppBasis\*(R" for a pentanomial. +The following Gettable types are also available for the built\-in EC algorithm: +.IP """basis\-type"" (\fBOSSL_PKEY_PARAM_EC_CHAR2_TYPE\fR) " 4 +.IX Item """basis-type"" (OSSL_PKEY_PARAM_EC_CHAR2_TYPE) " +Supports the values "tpBasis" for a trinomial or "ppBasis" for a pentanomial. This field is only used for a binary field F2^m. -.ie n .IP """m"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_M\s0\fR) " 4 -.el .IP "``m'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_M\s0\fR) " 4 -.IX Item "m (OSSL_PKEY_PARAM_EC_CHAR2_M) " +.IP """m"" (\fBOSSL_PKEY_PARAM_EC_CHAR2_M\fR) " 4 +.IX Item """m"" (OSSL_PKEY_PARAM_EC_CHAR2_M) " .PD 0 -.ie n .IP """tp"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS\s0\fR) " 4 -.el .IP "``tp'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS\s0\fR) " 4 -.IX Item "tp (OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS) " -.ie n .IP """k1"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K1\s0\fR) " 4 -.el .IP "``k1'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K1\s0\fR) " 4 -.IX Item "k1 (OSSL_PKEY_PARAM_EC_CHAR2_PP_K1) " -.ie n .IP """k2"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K2\s0\fR) " 4 -.el .IP "``k2'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K2\s0\fR) " 4 -.IX Item "k2 (OSSL_PKEY_PARAM_EC_CHAR2_PP_K2) " -.ie n .IP """k3"" (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K3\s0\fR) " 4 -.el .IP "``k3'' (\fB\s-1OSSL_PKEY_PARAM_EC_CHAR2_PP_K3\s0\fR) " 4 -.IX Item "k3 (OSSL_PKEY_PARAM_EC_CHAR2_PP_K3) " +.IP """tp"" (\fBOSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS\fR) " 4 +.IX Item """tp"" (OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS) " +.IP """k1"" (\fBOSSL_PKEY_PARAM_EC_CHAR2_PP_K1\fR) " 4 +.IX Item """k1"" (OSSL_PKEY_PARAM_EC_CHAR2_PP_K1) " +.IP """k2"" (\fBOSSL_PKEY_PARAM_EC_CHAR2_PP_K2\fR) " 4 +.IX Item """k2"" (OSSL_PKEY_PARAM_EC_CHAR2_PP_K2) " +.IP """k3"" (\fBOSSL_PKEY_PARAM_EC_CHAR2_PP_K3\fR) " 4 +.IX Item """k3"" (OSSL_PKEY_PARAM_EC_CHAR2_PP_K3) " .PD These fields are only used for a binary field F2^m. \&\fIm\fR is the degree of the binary field. @@ -319,35 +217,35 @@ .Sp \&\fIk1\fR, \fIk2\fR and \fIk3\fR are used to get the middle bits of a pentanomial such that m > k3 > k2 > k1 > 0 -.SS "\s-1EC\s0 key validation" +.SS "EC key validation" .IX Subsection "EC key validation" -For \s-1EC\s0 keys, \fBEVP_PKEY_param_check\fR\|(3) behaves in the following way: +For EC keys, \fBEVP_PKEY_param_check\fR\|(3) behaves in the following way: For the OpenSSL default provider it uses either \&\fBEC_GROUP_check\fR\|(3) or \fBEC_GROUP_check_named_curve\fR\|(3) depending on the flag -\&\s-1EC_FLAG_CHECK_NAMED_GROUP.\s0 -The OpenSSL \s-1FIPS\s0 provider uses \fBEC_GROUP_check_named_curve\fR\|(3) in order to -conform to SP800\-56Ar3 \fIAssurances of Domain-Parameter Validity\fR. +EC_FLAG_CHECK_NAMED_GROUP. +The OpenSSL FIPS provider uses \fBEC_GROUP_check_named_curve\fR\|(3) in order to +conform to SP800\-56Ar3 \fIAssurances of Domain\-Parameter Validity\fR. .PP -For \s-1EC\s0 keys, \fBEVP_PKEY_param_check_quick\fR\|(3) is equivalent to +For EC keys, \fBEVP_PKEY_param_check_quick\fR\|(3) is equivalent to \&\fBEVP_PKEY_param_check\fR\|(3). .PP -For \s-1EC\s0 keys, \fBEVP_PKEY_public_check\fR\|(3) and \fBEVP_PKEY_public_check_quick\fR\|(3) -conform to SP800\-56Ar3 \fI\s-1ECC\s0 Full Public-Key Validation\fR and -\&\fI\s-1ECC\s0 Partial Public-Key Validation\fR respectively. +For EC keys, \fBEVP_PKEY_public_check\fR\|(3) and \fBEVP_PKEY_public_check_quick\fR\|(3) +conform to SP800\-56Ar3 \fIECC Full Public\-Key Validation\fR and +\&\fIECC Partial Public\-Key Validation\fR respectively. .PP -For \s-1EC\s0 Keys, \fBEVP_PKEY_private_check\fR\|(3) and \fBEVP_PKEY_pairwise_check\fR\|(3) +For EC Keys, \fBEVP_PKEY_private_check\fR\|(3) and \fBEVP_PKEY_pairwise_check\fR\|(3) conform to SP800\-56Ar3 \fIPrivate key validity\fR and -\&\fIOwner Assurance of Pair-wise Consistency\fR respectively. -.SH "EXAMPLES" +\&\fIOwner Assurance of Pair\-wise Consistency\fR respectively. +.SH EXAMPLES .IX Header "EXAMPLES" -An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling: +An \fBEVP_PKEY\fR context can be obtained by calling: .PP .Vb 2 \& EVP_PKEY_CTX *pctx = \& EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); .Ve .PP -An \fB\s-1EVP_PKEY\s0\fR \s-1ECDSA\s0 or \s-1ECDH\s0 key can be generated with a \*(L"P\-256\*(R" named group by +An \fBEVP_PKEY\fR ECDSA or ECDH key can be generated with a "P\-256" named group by calling: .PP .Vb 1 @@ -377,8 +275,8 @@ \& EVP_PKEY_CTX_free(gctx); .Ve .PP -An \fB\s-1EVP_PKEY\s0\fR \s-1EC CDH\s0 (Cofactor Diffie-Hellman) key can be generated with a -\&\*(L"K\-571\*(R" named group by calling: +An \fBEVP_PKEY\fR EC CDH (Cofactor Diffie\-Hellman) key can be generated with a +"K\-571" named group by calling: .PP .Vb 5 \& int use_cdh = 1; @@ -410,16 +308,16 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_EC_gen\fR\|(3), -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_KEYMGMT\fR\|(3), +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-keymgmt\fR\|(7), -\&\s-1\fBEVP_SIGNATURE\-ECDSA\s0\fR\|(7), -\&\s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBEVP_SIGNATURE\-ECDSA\fR\|(7), +\&\fBEVP_KEYEXCH\-ECDH\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_PKEY-FFC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_PKEY-FFC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,254 +53,170 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-FFC 7ossl" -.TH EVP_PKEY-FFC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY-FFC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY\-FFC \- EVP_PKEY DSA and DH/DHX shared FFC parameters. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Finite field cryptography (\s-1FFC\s0) is a method of implementing discrete logarithm -cryptography using finite field mathematics. \s-1DSA\s0 is an example of \s-1FFC\s0 and -Diffie-Hellman key establishment algorithms specified in \s-1SP800\-56A\s0 can also be -implemented as \s-1FFC.\s0 +Finite field cryptography (FFC) is a method of implementing discrete logarithm +cryptography using finite field mathematics. DSA is an example of FFC and +Diffie\-Hellman key establishment algorithms specified in SP800\-56A can also be +implemented as FFC. .PP -The \fB\s-1DSA\s0\fR, \fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR keytypes are implemented in OpenSSL's default and -\&\s-1FIPS\s0 providers. -The implementations support the basic \s-1DSA, DH\s0 and \s-1DHX\s0 keys, containing the public +The \fBDSA\fR, \fBDH\fR and \fBDHX\fR keytypes are implemented in OpenSSL\*(Aqs default and +FIPS providers. +The implementations support the basic DSA, DH and DHX keys, containing the public and private keys \fIpub\fR and \fIpriv\fR as well as the three main domain parameters \&\fIp\fR, \fIq\fR and \fIg\fR. .PP -For \fB\s-1DSA\s0\fR (and \fB\s-1DH\s0\fR that is not a named group) the \s-1FIPS186\-4\s0 standard -specifies that the values used for \s-1FFC\s0 parameter generation are also required +For \fBDSA\fR (and \fBDH\fR that is not a named group) the FIPS186\-4 standard +specifies that the values used for FFC parameter generation are also required for parameter validation. -This means that optional \s-1FFC\s0 domain parameter values for \fIseed\fR, \fIpcounter\fR +This means that optional FFC domain parameter values for \fIseed\fR, \fIpcounter\fR and \fIgindex\fR may need to be stored for validation purposes. -For \fB\s-1DH\s0\fR the \fIseed\fR and \fIpcounter\fR can be stored in \s-1ASN1\s0 data -(but the \fIgindex\fR is not). For \fB\s-1DSA\s0\fR however, these fields are not stored in -the \s-1ASN1\s0 data so they need to be stored externally if validation is required. +For \fBDH\fR the \fIseed\fR and \fIpcounter\fR can be stored in ASN1 data +(but the \fIgindex\fR is not). For \fBDSA\fR however, these fields are not stored in +the ASN1 data so they need to be stored externally if validation is required. .PP -The \fB\s-1DH\s0\fR key type uses PKCS#3 format which saves p and g, but not the 'q' value. -The \fB\s-1DHX\s0\fR key type uses X9.42 format which saves the value of 'q' and this -must be used for \s-1FIPS186\-4.\s0 -.SS "\s-1FFC\s0 parameters" +The \fBDH\fR key type uses PKCS#3 format which saves p and g, but not the \*(Aqq\*(Aq value. +The \fBDHX\fR key type uses X9.42 format which saves the value of \*(Aqq\*(Aq and this +must be used for FIPS186\-4. +.SS "FFC parameters" .IX Subsection "FFC parameters" In addition to the common parameters that all keytypes should support (see -\&\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7)), the \fB\s-1DSA\s0\fR, \fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR keytype +"Common parameters" in \fBprovider\-keymgmt\fR\|(7)), the \fBDSA\fR, \fBDH\fR and \fBDHX\fR keytype implementations support the following. -.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 -.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 -.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) " +.IP """pub"" (\fBOSSL_PKEY_PARAM_PUB_KEY\fR) " 4 +.IX Item """pub"" (OSSL_PKEY_PARAM_PUB_KEY) " The public key value. -.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) " +.IP """priv"" (\fBOSSL_PKEY_PARAM_PRIV_KEY\fR) " 4 +.IX Item """priv"" (OSSL_PKEY_PARAM_PRIV_KEY) " The private key value. -.SS "\s-1FFC DSA, DH\s0 and \s-1DHX\s0 domain parameters" +.SS "FFC DSA, DH and DHX domain parameters" .IX Subsection "FFC DSA, DH and DHX domain parameters" -.ie n .IP """p"" (\fB\s-1OSSL_PKEY_PARAM_FFC_P\s0\fR) " 4 -.el .IP "``p'' (\fB\s-1OSSL_PKEY_PARAM_FFC_P\s0\fR) " 4 -.IX Item "p (OSSL_PKEY_PARAM_FFC_P) " -A \s-1DSA\s0 or Diffie-Hellman prime \*(L"p\*(R" value. -.ie n .IP """g"" (\fB\s-1OSSL_PKEY_PARAM_FFC_G\s0\fR) " 4 -.el .IP "``g'' (\fB\s-1OSSL_PKEY_PARAM_FFC_G\s0\fR) " 4 -.IX Item "g (OSSL_PKEY_PARAM_FFC_G) " -A \s-1DSA\s0 or Diffie-Hellman generator \*(L"g\*(R" value. -.SS "\s-1FFC DSA\s0 and \s-1DHX\s0 domain parameters" +.IP """p"" (\fBOSSL_PKEY_PARAM_FFC_P\fR) " 4 +.IX Item """p"" (OSSL_PKEY_PARAM_FFC_P) " +A DSA or Diffie\-Hellman prime "p" value. +.IP """g"" (\fBOSSL_PKEY_PARAM_FFC_G\fR) " 4 +.IX Item """g"" (OSSL_PKEY_PARAM_FFC_G) " +A DSA or Diffie\-Hellman generator "g" value. +.SS "FFC DSA and DHX domain parameters" .IX Subsection "FFC DSA and DHX domain parameters" -.ie n .IP """q"" (\fB\s-1OSSL_PKEY_PARAM_FFC_Q\s0\fR) " 4 -.el .IP "``q'' (\fB\s-1OSSL_PKEY_PARAM_FFC_Q\s0\fR) " 4 -.IX Item "q (OSSL_PKEY_PARAM_FFC_Q) " -A \s-1DSA\s0 or Diffie-Hellman prime \*(L"q\*(R" value. -.ie n .IP """seed"" (\fB\s-1OSSL_PKEY_PARAM_FFC_SEED\s0\fR) " 4 -.el .IP "``seed'' (\fB\s-1OSSL_PKEY_PARAM_FFC_SEED\s0\fR) " 4 -.IX Item "seed (OSSL_PKEY_PARAM_FFC_SEED) " +.IP """q"" (\fBOSSL_PKEY_PARAM_FFC_Q\fR) " 4 +.IX Item """q"" (OSSL_PKEY_PARAM_FFC_Q) " +A DSA or Diffie\-Hellman prime "q" value. +.IP """seed"" (\fBOSSL_PKEY_PARAM_FFC_SEED\fR) " 4 +.IX Item """seed"" (OSSL_PKEY_PARAM_FFC_SEED) " An optional domain parameter \fIseed\fR value used during generation and validation of \fIp\fR, \fIq\fR and canonical \fIg\fR. For validation this needs to set the \fIseed\fR that was produced during generation. -.ie n .IP """gindex"" (\fB\s-1OSSL_PKEY_PARAM_FFC_GINDEX\s0\fR) " 4 -.el .IP "``gindex'' (\fB\s-1OSSL_PKEY_PARAM_FFC_GINDEX\s0\fR) " 4 -.IX Item "gindex (OSSL_PKEY_PARAM_FFC_GINDEX) " +.IP """gindex"" (\fBOSSL_PKEY_PARAM_FFC_GINDEX\fR) " 4 +.IX Item """gindex"" (OSSL_PKEY_PARAM_FFC_GINDEX) " Sets the index to use for canonical generation and verification of the generator \&\fIg\fR. Set this to a positive value from 0..FF to use this mode. This \fIgindex\fR can then be reused during key validation to verify the value of \fIg\fR. If this value is not set or is \-1 then unverifiable generation of the generator \fIg\fR will be used. -.ie n .IP """pcounter"" (\fB\s-1OSSL_PKEY_PARAM_FFC_PCOUNTER\s0\fR) " 4 -.el .IP "``pcounter'' (\fB\s-1OSSL_PKEY_PARAM_FFC_PCOUNTER\s0\fR) " 4 -.IX Item "pcounter (OSSL_PKEY_PARAM_FFC_PCOUNTER) " +.IP """pcounter"" (\fBOSSL_PKEY_PARAM_FFC_PCOUNTER\fR) " 4 +.IX Item """pcounter"" (OSSL_PKEY_PARAM_FFC_PCOUNTER) " An optional domain parameter \fIcounter\fR value that is output during generation of \fIp\fR. This value must be saved if domain parameter validation is required. -.ie n .IP """hindex"" (\fB\s-1OSSL_PKEY_PARAM_FFC_H\s0\fR) " 4 -.el .IP "``hindex'' (\fB\s-1OSSL_PKEY_PARAM_FFC_H\s0\fR) " 4 -.IX Item "hindex (OSSL_PKEY_PARAM_FFC_H) " +.IP """hindex"" (\fBOSSL_PKEY_PARAM_FFC_H\fR) " 4 +.IX Item """hindex"" (OSSL_PKEY_PARAM_FFC_H) " For unverifiable generation of the generator \fIg\fR this value is output during generation of \fIg\fR. Its value is the first integer larger than one that -satisfies g = h^j mod p (where g != 1 and \*(L"j\*(R" is the cofactor). -.ie n .IP """j"" (\fB\s-1OSSL_PKEY_PARAM_FFC_COFACTOR\s0\fR) " 4 -.el .IP "``j'' (\fB\s-1OSSL_PKEY_PARAM_FFC_COFACTOR\s0\fR) " 4 -.IX Item "j (OSSL_PKEY_PARAM_FFC_COFACTOR) " +satisfies g = h^j mod p (where g != 1 and "j" is the cofactor). +.IP """j"" (\fBOSSL_PKEY_PARAM_FFC_COFACTOR\fR) " 4 +.IX Item """j"" (OSSL_PKEY_PARAM_FFC_COFACTOR) " An optional informational cofactor parameter that should equal to (p \- 1) / q. -.ie n .IP """validate-pq"" (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_PQ\s0\fR) " 4 -.el .IP "``validate-pq'' (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_PQ\s0\fR) " 4 -.IX Item "validate-pq (OSSL_PKEY_PARAM_FFC_VALIDATE_PQ) " +.IP """validate\-pq"" (\fBOSSL_PKEY_PARAM_FFC_VALIDATE_PQ\fR) " 4 +.IX Item """validate-pq"" (OSSL_PKEY_PARAM_FFC_VALIDATE_PQ) " .PD 0 -.ie n .IP """validate-g"" (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_G\s0\fR) " 4 -.el .IP "``validate-g'' (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_G\s0\fR) " 4 -.IX Item "validate-g (OSSL_PKEY_PARAM_FFC_VALIDATE_G) " +.IP """validate\-g"" (\fBOSSL_PKEY_PARAM_FFC_VALIDATE_G\fR) " 4 +.IX Item """validate-g"" (OSSL_PKEY_PARAM_FFC_VALIDATE_G) " .PD -These boolean values are used during \s-1FIPS186\-4\s0 or \s-1FIPS186\-2\s0 key validation checks +These boolean values are used during FIPS186\-4 or FIPS186\-2 key validation checks (See \fBEVP_PKEY_param_check\fR\|(3)) to select validation options. By default -\&\fIvalidate-pq\fR and \fIvalidate-g\fR are both set to 1 to check that p,q and g are +\&\fIvalidate\-pq\fR and \fIvalidate\-g\fR are both set to 1 to check that p,q and g are valid. Either of these may be set to 0 to skip a test, which is mainly useful for testing purposes. -.ie n .IP """validate-legacy"" (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY\s0\fR) " 4 -.el .IP "``validate-legacy'' (\fB\s-1OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY\s0\fR) " 4 -.IX Item "validate-legacy (OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY) " +.IP """validate\-legacy"" (\fBOSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY\fR) " 4 +.IX Item """validate-legacy"" (OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY) " This boolean value is used during key validation checks (See \fBEVP_PKEY_param_check\fR\|(3)) to select the validation type. The default -value of 0 selects \s-1FIPS186\-4\s0 validation. Setting this value to 1 selects -\&\s-1FIPS186\-2\s0 validation. -.SS "\s-1FFC\s0 key generation parameters" +value of 0 selects FIPS186\-4 validation. Setting this value to 1 selects +FIPS186\-2 validation. +.SS "FFC key generation parameters" .IX Subsection "FFC key generation parameters" -The following key generation types are available for \s-1DSA\s0 and \s-1DHX\s0 algorithms: -.ie n .IP """type"" (\fB\s-1OSSL_PKEY_PARAM_FFC_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``type'' (\fB\s-1OSSL_PKEY_PARAM_FFC_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "type (OSSL_PKEY_PARAM_FFC_TYPE) " +The following key generation types are available for DSA and DHX algorithms: +.IP """type"" (\fBOSSL_PKEY_PARAM_FFC_TYPE\fR) " 4 +.IX Item """type"" (OSSL_PKEY_PARAM_FFC_TYPE) " Sets the type of parameter generation. The shared valid values are: .RS 4 -.ie n .IP """fips186_4""" 4 -.el .IP "``fips186_4''" 4 -.IX Item "fips186_4" +.IP """fips186_4""" 4 +.IX Item """fips186_4""" The current standard. -.ie n .IP """fips186_2""" 4 -.el .IP "``fips186_2''" 4 -.IX Item "fips186_2" +.IP """fips186_2""" 4 +.IX Item """fips186_2""" The old standard that should only be used for legacy purposes. -.ie n .IP """default""" 4 -.el .IP "``default''" 4 -.IX Item "default" -This can choose one of \*(L"fips186_4\*(R" or \*(L"fips186_2\*(R" depending on other +.IP """default""" 4 +.IX Item """default""" +This can choose one of "fips186_4" or "fips186_2" depending on other parameters set for parameter generation. .RE .RS 4 .RE -.ie n .IP """pbits"" (\fB\s-1OSSL_PKEY_PARAM_FFC_PBITS\s0\fR) " 4 -.el .IP "``pbits'' (\fB\s-1OSSL_PKEY_PARAM_FFC_PBITS\s0\fR) " 4 -.IX Item "pbits (OSSL_PKEY_PARAM_FFC_PBITS) " -Sets the size (in bits) of the prime 'p'. -.ie n .IP """qbits"" (\fB\s-1OSSL_PKEY_PARAM_FFC_QBITS\s0\fR) " 4 -.el .IP "``qbits'' (\fB\s-1OSSL_PKEY_PARAM_FFC_QBITS\s0\fR) " 4 -.IX Item "qbits (OSSL_PKEY_PARAM_FFC_QBITS) " -Sets the size (in bits) of the prime 'q'. +.IP """pbits"" (\fBOSSL_PKEY_PARAM_FFC_PBITS\fR) " 4 +.IX Item """pbits"" (OSSL_PKEY_PARAM_FFC_PBITS) " +Sets the size (in bits) of the prime \*(Aqp\*(Aq. +.IP """qbits"" (\fBOSSL_PKEY_PARAM_FFC_QBITS\fR) " 4 +.IX Item """qbits"" (OSSL_PKEY_PARAM_FFC_QBITS) " +Sets the size (in bits) of the prime \*(Aqq\*(Aq. .Sp -For \*(L"fips186_4\*(R" this can be either 224 or 256. -For \*(L"fips186_2\*(R" this has a size of 160. -.ie n .IP """digest"" (\fB\s-1OSSL_PKEY_PARAM_FFC_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_PKEY_PARAM_FFC_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_PKEY_PARAM_FFC_DIGEST) " +For "fips186_4" this can be either 224 or 256. +For "fips186_2" this has a size of 160. +.IP """digest"" (\fBOSSL_PKEY_PARAM_FFC_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_PKEY_PARAM_FFC_DIGEST) " Sets the Digest algorithm to be used as part of the Key Generation Function associated with the given Key Generation \fIctx\fR. This must also be set for key validation. -.ie n .IP """properties"" (\fB\s-1OSSL_PKEY_PARAM_FFC_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_PKEY_PARAM_FFC_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_PKEY_PARAM_FFC_DIGEST_PROPS) " +.IP """properties"" (\fBOSSL_PKEY_PARAM_FFC_DIGEST_PROPS\fR) " 4 +.IX Item """properties"" (OSSL_PKEY_PARAM_FFC_DIGEST_PROPS) " Sets properties to be used upon look up of the implementation for the selected Digest algorithm for the Key Generation Function associated with the given key generation \fIctx\fR. This may also be set for key validation. -.ie n .IP """seed"" (\fB\s-1OSSL_PKEY_PARAM_FFC_SEED\s0\fR) " 4 -.el .IP "``seed'' (\fB\s-1OSSL_PKEY_PARAM_FFC_SEED\s0\fR) " 4 -.IX Item "seed (OSSL_PKEY_PARAM_FFC_SEED) " -For \*(L"fips186_4\*(R" or \*(L"fips186_2\*(R" generation this sets the \fIseed\fR data to use +.IP """seed"" (\fBOSSL_PKEY_PARAM_FFC_SEED\fR) " 4 +.IX Item """seed"" (OSSL_PKEY_PARAM_FFC_SEED) " +For "fips186_4" or "fips186_2" generation this sets the \fIseed\fR data to use instead of generating a random seed internally. This should be used for testing purposes only. This will either produce fixed values for the generated -parameters \s-1OR\s0 it will fail if the seed did not generate valid primes. -.ie n .IP """gindex"" (\fB\s-1OSSL_PKEY_PARAM_FFC_GINDEX\s0\fR) " 4 -.el .IP "``gindex'' (\fB\s-1OSSL_PKEY_PARAM_FFC_GINDEX\s0\fR) " 4 -.IX Item "gindex (OSSL_PKEY_PARAM_FFC_GINDEX) " +parameters OR it will fail if the seed did not generate valid primes. +.IP """gindex"" (\fBOSSL_PKEY_PARAM_FFC_GINDEX\fR) " 4 +.IX Item """gindex"" (OSSL_PKEY_PARAM_FFC_GINDEX) " .PD 0 -.ie n .IP """pcounter"" (\fB\s-1OSSL_PKEY_PARAM_FFC_PCOUNTER\s0\fR) " 4 -.el .IP "``pcounter'' (\fB\s-1OSSL_PKEY_PARAM_FFC_PCOUNTER\s0\fR) " 4 -.IX Item "pcounter (OSSL_PKEY_PARAM_FFC_PCOUNTER) " -.ie n .IP """hindex"" (\fB\s-1OSSL_PKEY_PARAM_FFC_H\s0\fR) " 4 -.el .IP "``hindex'' (\fB\s-1OSSL_PKEY_PARAM_FFC_H\s0\fR) " 4 -.IX Item "hindex (OSSL_PKEY_PARAM_FFC_H) " +.IP """pcounter"" (\fBOSSL_PKEY_PARAM_FFC_PCOUNTER\fR) " 4 +.IX Item """pcounter"" (OSSL_PKEY_PARAM_FFC_PCOUNTER) " +.IP """hindex"" (\fBOSSL_PKEY_PARAM_FFC_H\fR) " 4 +.IX Item """hindex"" (OSSL_PKEY_PARAM_FFC_H) " .PD These types are described above. .SH "CONFORMING TO" .IX Header "CONFORMING TO" The following sections of SP800\-56Ar3: -.IP "5.5.1.1 \s-1FFC\s0 Domain Parameter Selection/Generation" 4 +.IP "5.5.1.1 FFC Domain Parameter Selection/Generation" 4 .IX Item "5.5.1.1 FFC Domain Parameter Selection/Generation" .PP -The following sections of \s-1FIPS186\-4:\s0 +The following sections of FIPS186\-4: .IP "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." 4 .IX Item "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." .PD 0 @@ -327,20 +227,20 @@ .PD .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7), -\&\s-1\fBEVP_SIGNATURE\-DSA\s0\fR\|(7), -\&\s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7) -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), -\&\s-1\fBEVP_PKEY\s0\fR\|(3), +\&\fBEVP_PKEY\-DSA\fR\|(7), +\&\fBEVP_PKEY\-DH\fR\|(7), +\&\fBEVP_SIGNATURE\-DSA\fR\|(7), +\&\fBEVP_KEYEXCH\-DH\fR\|(7), +\&\fBEVP_KEYMGMT\fR\|(3), +\&\fBEVP_PKEY\fR\|(3), \&\fBprovider\-keymgmt\fR\|(7), \&\fBOSSL_PROVIDER\-default\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7), +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_PKEY-HMAC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_PKEY-HMAC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,139 +53,74 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-HMAC 7ossl" -.TH EVP_PKEY-HMAC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY-HMAC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY\-HMAC, EVP_KEYMGMT\-HMAC, EVP_PKEY\-Siphash, EVP_KEYMGMT\-Siphash, EVP_PKEY\-Poly1305, EVP_KEYMGMT\-Poly1305, EVP_PKEY\-CMAC, EVP_KEYMGMT\-CMAC \&\- EVP_PKEY legacy MAC keytypes and algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1HMAC\s0\fR and \fB\s-1CMAC\s0\fR key types are implemented in OpenSSL's default and \s-1FIPS\s0 +The \fBHMAC\fR and \fBCMAC\fR key types are implemented in OpenSSL\*(Aqs default and FIPS providers. Additionally the \fBSiphash\fR and \fBPoly1305\fR key types are implemented -in the default provider. Performing \s-1MAC\s0 operations via an \s-1EVP_PKEY\s0 +in the default provider. Performing MAC operations via an EVP_PKEY is considered legacy and are only available for backwards compatibility purposes -and for a restricted set of algorithms. The preferred way of performing \s-1MAC\s0 -operations is via the \s-1EVP_MAC\s0 APIs. See \fBEVP_MAC_init\fR\|(3). +and for a restricted set of algorithms. The preferred way of performing MAC +operations is via the EVP_MAC APIs. See \fBEVP_MAC_init\fR\|(3). .PP -For further details on using \s-1EVP_PKEY\s0 based \s-1MAC\s0 keys see -\&\s-1\fBEVP_SIGNATURE\-HMAC\s0\fR\|(7), \fBEVP_SIGNATURE\-Siphash\fR\|(7), -\&\fBEVP_SIGNATURE\-Poly1305\fR\|(7) or \s-1\fBEVP_SIGNATURE\-CMAC\s0\fR\|(7). -.SS "Common \s-1MAC\s0 parameters" +For further details on using EVP_PKEY based MAC keys see +\&\fBEVP_SIGNATURE\-HMAC\fR\|(7), \fBEVP_SIGNATURE\-Siphash\fR\|(7), +\&\fBEVP_SIGNATURE\-Poly1305\fR\|(7) or \fBEVP_SIGNATURE\-CMAC\fR\|(7). +.SS "Common MAC parameters" .IX Subsection "Common MAC parameters" -All the \fB\s-1MAC\s0\fR keytypes support the following parameters. -.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) " -The \s-1MAC\s0 key value. -.ie n .IP """properties"" (\fB\s-1OSSL_PKEY_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_PKEY_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_PKEY_PARAM_PROPERTIES) " +All the \fBMAC\fR keytypes support the following parameters. +.IP """priv"" (\fBOSSL_PKEY_PARAM_PRIV_KEY\fR) " 4 +.IX Item """priv"" (OSSL_PKEY_PARAM_PRIV_KEY) " +The MAC key value. +.IP """properties"" (\fBOSSL_PKEY_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_PKEY_PARAM_PROPERTIES) " A property query string to be used when any algorithms are fetched. -.SS "\s-1CMAC\s0 parameters" +.SS "CMAC parameters" .IX Subsection "CMAC parameters" -As well as the parameters described above, the \fB\s-1CMAC\s0\fR keytype additionally +As well as the parameters described above, the \fBCMAC\fR keytype additionally supports the following parameters. -.ie n .IP """cipher"" (\fB\s-1OSSL_PKEY_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_PKEY_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_PKEY_PARAM_CIPHER) " -The name of a cipher to be used when generating the \s-1MAC.\s0 -.ie n .IP """engine"" (\fB\s-1OSSL_PKEY_PARAM_ENGINE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``engine'' (\fB\s-1OSSL_PKEY_PARAM_ENGINE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "engine (OSSL_PKEY_PARAM_ENGINE) " +.IP """cipher"" (\fBOSSL_PKEY_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_PKEY_PARAM_CIPHER) " +The name of a cipher to be used when generating the MAC. +.IP """engine"" (\fBOSSL_PKEY_PARAM_ENGINE\fR) " 4 +.IX Item """engine"" (OSSL_PKEY_PARAM_ENGINE) " The name of an engine to be used for the specified cipher (if any). -.SS "Common \s-1MAC\s0 key generation parameters" +.SS "Common MAC key generation parameters" .IX Subsection "Common MAC key generation parameters" -\&\s-1MAC\s0 key generation is unusual in that no new key is actually generated. Instead +MAC key generation is unusual in that no new key is actually generated. Instead a new provider side key object is created with the supplied raw key value. This is done for backwards compatibility with previous versions of OpenSSL. -.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) " -The \s-1MAC\s0 key value. -.SS "\s-1CMAC\s0 key generation parameters" +.IP """priv"" (\fBOSSL_PKEY_PARAM_PRIV_KEY\fR) " 4 +.IX Item """priv"" (OSSL_PKEY_PARAM_PRIV_KEY) " +The MAC key value. +.SS "CMAC key generation parameters" .IX Subsection "CMAC key generation parameters" -In addition to the common \s-1MAC\s0 key generation parameters, the \s-1CMAC\s0 key generation +In addition to the common MAC key generation parameters, the CMAC key generation additionally recognises the following. -.ie n .IP """cipher"" (\fB\s-1OSSL_PKEY_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_PKEY_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_PKEY_PARAM_CIPHER) " -The name of a cipher to be used when generating the \s-1MAC.\s0 +.IP """cipher"" (\fBOSSL_PKEY_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_PKEY_PARAM_CIPHER) " +The name of a cipher to be used when generating the MAC. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), \s-1\fBEVP_PKEY\s0\fR\|(3), \fBprovider\-keymgmt\fR\|(7) -.SH "COPYRIGHT" +\&\fBEVP_KEYMGMT\fR\|(3), \fBEVP_PKEY\fR\|(3), \fBprovider\-keymgmt\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_PKEY-RSA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_PKEY-RSA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,316 +53,212 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-RSA 7ossl" -.TH EVP_PKEY-RSA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY-RSA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY\-RSA, EVP_KEYMGMT\-RSA, RSA \&\- EVP_PKEY RSA keytype and algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1RSA\s0\fR keytype is implemented in OpenSSL's default and \s-1FIPS\s0 providers. -That implementation supports the basic \s-1RSA\s0 keys, containing the modulus \fIn\fR, +The \fBRSA\fR keytype is implemented in OpenSSL\*(Aqs default and FIPS providers. +That implementation supports the basic RSA keys, containing the modulus \fIn\fR, the public exponent \fIe\fR, the private exponent \fId\fR, and a collection of prime -factors, exponents and coefficient for \s-1CRT\s0 calculations, of which the first +factors, exponents and coefficient for CRT calculations, of which the first few are known as \fIp\fR and \fIq\fR, \fIdP\fR and \fIdQ\fR, and \fIqInv\fR. -.SS "Common \s-1RSA\s0 parameters" +.SS "Common RSA parameters" .IX Subsection "Common RSA parameters" In addition to the common parameters that all keytypes should support (see -\&\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7)), the \fB\s-1RSA\s0\fR keytype implementation +"Common parameters" in \fBprovider\-keymgmt\fR\|(7)), the \fBRSA\fR keytype implementation supports the following. -.ie n .IP """n"" (\fB\s-1OSSL_PKEY_PARAM_RSA_N\s0\fR) " 4 -.el .IP "``n'' (\fB\s-1OSSL_PKEY_PARAM_RSA_N\s0\fR) " 4 -.IX Item "n (OSSL_PKEY_PARAM_RSA_N) " -The \s-1RSA\s0 modulus \*(L"n\*(R" value. -.ie n .IP """e"" (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) " 4 -.el .IP "``e'' (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) " 4 -.IX Item "e (OSSL_PKEY_PARAM_RSA_E) " -The \s-1RSA\s0 public exponent \*(L"e\*(R" value. +.IP """n"" (\fBOSSL_PKEY_PARAM_RSA_N\fR) " 4 +.IX Item """n"" (OSSL_PKEY_PARAM_RSA_N) " +The RSA modulus "n" value. +.IP """e"" (\fBOSSL_PKEY_PARAM_RSA_E\fR) " 4 +.IX Item """e"" (OSSL_PKEY_PARAM_RSA_E) " +The RSA public exponent "e" value. This value must always be set when creating a raw key using \fBEVP_PKEY_fromdata\fR\|(3). Note that when a decryption operation is performed, that this value is used for blinding purposes to prevent timing attacks. -.ie n .IP """d"" (\fB\s-1OSSL_PKEY_PARAM_RSA_D\s0\fR) " 4 -.el .IP "``d'' (\fB\s-1OSSL_PKEY_PARAM_RSA_D\s0\fR) " 4 -.IX Item "d (OSSL_PKEY_PARAM_RSA_D) " -The \s-1RSA\s0 private exponent \*(L"d\*(R" value. -.ie n .IP """rsa\-factor1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR1\s0\fR) " 4 -.el .IP "``rsa\-factor1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR1\s0\fR) " 4 -.IX Item "rsa-factor1 (OSSL_PKEY_PARAM_RSA_FACTOR1) " +.IP """d"" (\fBOSSL_PKEY_PARAM_RSA_D\fR) " 4 +.IX Item """d"" (OSSL_PKEY_PARAM_RSA_D) " +The RSA private exponent "d" value. +.IP """rsa\-factor1"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR1\fR) " 4 +.IX Item """rsa-factor1"" (OSSL_PKEY_PARAM_RSA_FACTOR1) " .PD 0 -.ie n .IP """rsa\-factor2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR2\s0\fR) " 4 -.el .IP "``rsa\-factor2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR2\s0\fR) " 4 -.IX Item "rsa-factor2 (OSSL_PKEY_PARAM_RSA_FACTOR2) " -.ie n .IP """rsa\-factor3"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR3\s0\fR) " 4 -.el .IP "``rsa\-factor3'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR3\s0\fR) " 4 -.IX Item "rsa-factor3 (OSSL_PKEY_PARAM_RSA_FACTOR3) " -.ie n .IP """rsa\-factor4"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR4\s0\fR) " 4 -.el .IP "``rsa\-factor4'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR4\s0\fR) " 4 -.IX Item "rsa-factor4 (OSSL_PKEY_PARAM_RSA_FACTOR4) " -.ie n .IP """rsa\-factor5"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR5\s0\fR) " 4 -.el .IP "``rsa\-factor5'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR5\s0\fR) " 4 -.IX Item "rsa-factor5 (OSSL_PKEY_PARAM_RSA_FACTOR5) " -.ie n .IP """rsa\-factor6"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR6\s0\fR) " 4 -.el .IP "``rsa\-factor6'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR6\s0\fR) " 4 -.IX Item "rsa-factor6 (OSSL_PKEY_PARAM_RSA_FACTOR6) " -.ie n .IP """rsa\-factor7"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR7\s0\fR) " 4 -.el .IP "``rsa\-factor7'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR7\s0\fR) " 4 -.IX Item "rsa-factor7 (OSSL_PKEY_PARAM_RSA_FACTOR7) " -.ie n .IP """rsa\-factor8"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR8\s0\fR) " 4 -.el .IP "``rsa\-factor8'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR8\s0\fR) " 4 -.IX Item "rsa-factor8 (OSSL_PKEY_PARAM_RSA_FACTOR8) " -.ie n .IP """rsa\-factor9"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR9\s0\fR) " 4 -.el .IP "``rsa\-factor9'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR9\s0\fR) " 4 -.IX Item "rsa-factor9 (OSSL_PKEY_PARAM_RSA_FACTOR9) " -.ie n .IP """rsa\-factor10"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR10\s0\fR) " 4 -.el .IP "``rsa\-factor10'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR10\s0\fR) " 4 -.IX Item "rsa-factor10 (OSSL_PKEY_PARAM_RSA_FACTOR10) " +.IP """rsa\-factor2"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR2\fR) " 4 +.IX Item """rsa-factor2"" (OSSL_PKEY_PARAM_RSA_FACTOR2) " +.IP """rsa\-factor3"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR3\fR) " 4 +.IX Item """rsa-factor3"" (OSSL_PKEY_PARAM_RSA_FACTOR3) " +.IP """rsa\-factor4"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR4\fR) " 4 +.IX Item """rsa-factor4"" (OSSL_PKEY_PARAM_RSA_FACTOR4) " +.IP """rsa\-factor5"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR5\fR) " 4 +.IX Item """rsa-factor5"" (OSSL_PKEY_PARAM_RSA_FACTOR5) " +.IP """rsa\-factor6"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR6\fR) " 4 +.IX Item """rsa-factor6"" (OSSL_PKEY_PARAM_RSA_FACTOR6) " +.IP """rsa\-factor7"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR7\fR) " 4 +.IX Item """rsa-factor7"" (OSSL_PKEY_PARAM_RSA_FACTOR7) " +.IP """rsa\-factor8"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR8\fR) " 4 +.IX Item """rsa-factor8"" (OSSL_PKEY_PARAM_RSA_FACTOR8) " +.IP """rsa\-factor9"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR9\fR) " 4 +.IX Item """rsa-factor9"" (OSSL_PKEY_PARAM_RSA_FACTOR9) " +.IP """rsa\-factor10"" (\fBOSSL_PKEY_PARAM_RSA_FACTOR10\fR) " 4 +.IX Item """rsa-factor10"" (OSSL_PKEY_PARAM_RSA_FACTOR10) " .PD -\&\s-1RSA\s0 prime factors. The factors are known as \*(L"p\*(R", \*(L"q\*(R" and \*(L"r_i\*(R" in \s-1RFC8017.\s0 -Up to eight additional \*(L"r_i\*(R" prime factors are supported. -.ie n .IP """rsa\-exponent1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT1\s0\fR) " 4 -.el .IP "``rsa\-exponent1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT1\s0\fR) " 4 -.IX Item "rsa-exponent1 (OSSL_PKEY_PARAM_RSA_EXPONENT1) " +RSA prime factors. The factors are known as "p", "q" and "r_i" in RFC8017. +Up to eight additional "r_i" prime factors are supported. +.IP """rsa\-exponent1"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT1\fR) " 4 +.IX Item """rsa-exponent1"" (OSSL_PKEY_PARAM_RSA_EXPONENT1) " .PD 0 -.ie n .IP """rsa\-exponent2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT2\s0\fR) " 4 -.el .IP "``rsa\-exponent2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT2\s0\fR) " 4 -.IX Item "rsa-exponent2 (OSSL_PKEY_PARAM_RSA_EXPONENT2) " -.ie n .IP """rsa\-exponent3"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT3\s0\fR) " 4 -.el .IP "``rsa\-exponent3'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT3\s0\fR) " 4 -.IX Item "rsa-exponent3 (OSSL_PKEY_PARAM_RSA_EXPONENT3) " -.ie n .IP """rsa\-exponent4"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT4\s0\fR) " 4 -.el .IP "``rsa\-exponent4'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT4\s0\fR) " 4 -.IX Item "rsa-exponent4 (OSSL_PKEY_PARAM_RSA_EXPONENT4) " -.ie n .IP """rsa\-exponent5"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT5\s0\fR) " 4 -.el .IP "``rsa\-exponent5'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT5\s0\fR) " 4 -.IX Item "rsa-exponent5 (OSSL_PKEY_PARAM_RSA_EXPONENT5) " -.ie n .IP """rsa\-exponent6"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT6\s0\fR) " 4 -.el .IP "``rsa\-exponent6'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT6\s0\fR) " 4 -.IX Item "rsa-exponent6 (OSSL_PKEY_PARAM_RSA_EXPONENT6) " -.ie n .IP """rsa\-exponent7"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT7\s0\fR) " 4 -.el .IP "``rsa\-exponent7'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT7\s0\fR) " 4 -.IX Item "rsa-exponent7 (OSSL_PKEY_PARAM_RSA_EXPONENT7) " -.ie n .IP """rsa\-exponent8"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT8\s0\fR) " 4 -.el .IP "``rsa\-exponent8'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT8\s0\fR) " 4 -.IX Item "rsa-exponent8 (OSSL_PKEY_PARAM_RSA_EXPONENT8) " -.ie n .IP """rsa\-exponent9"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT9\s0\fR) " 4 -.el .IP "``rsa\-exponent9'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT9\s0\fR) " 4 -.IX Item "rsa-exponent9 (OSSL_PKEY_PARAM_RSA_EXPONENT9) " -.ie n .IP """rsa\-exponent10"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT10\s0\fR) " 4 -.el .IP "``rsa\-exponent10'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT10\s0\fR) " 4 -.IX Item "rsa-exponent10 (OSSL_PKEY_PARAM_RSA_EXPONENT10) " +.IP """rsa\-exponent2"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT2\fR) " 4 +.IX Item """rsa-exponent2"" (OSSL_PKEY_PARAM_RSA_EXPONENT2) " +.IP """rsa\-exponent3"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT3\fR) " 4 +.IX Item """rsa-exponent3"" (OSSL_PKEY_PARAM_RSA_EXPONENT3) " +.IP """rsa\-exponent4"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT4\fR) " 4 +.IX Item """rsa-exponent4"" (OSSL_PKEY_PARAM_RSA_EXPONENT4) " +.IP """rsa\-exponent5"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT5\fR) " 4 +.IX Item """rsa-exponent5"" (OSSL_PKEY_PARAM_RSA_EXPONENT5) " +.IP """rsa\-exponent6"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT6\fR) " 4 +.IX Item """rsa-exponent6"" (OSSL_PKEY_PARAM_RSA_EXPONENT6) " +.IP """rsa\-exponent7"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT7\fR) " 4 +.IX Item """rsa-exponent7"" (OSSL_PKEY_PARAM_RSA_EXPONENT7) " +.IP """rsa\-exponent8"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT8\fR) " 4 +.IX Item """rsa-exponent8"" (OSSL_PKEY_PARAM_RSA_EXPONENT8) " +.IP """rsa\-exponent9"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT9\fR) " 4 +.IX Item """rsa-exponent9"" (OSSL_PKEY_PARAM_RSA_EXPONENT9) " +.IP """rsa\-exponent10"" (\fBOSSL_PKEY_PARAM_RSA_EXPONENT10\fR) " 4 +.IX Item """rsa-exponent10"" (OSSL_PKEY_PARAM_RSA_EXPONENT10) " .PD -\&\s-1RSA CRT\s0 (Chinese Remainder Theorem) exponents. The exponents are known -as \*(L"dP\*(R", \*(L"dQ\*(R" and \*(L"d_i in \s-1RFC8017\*(R".\s0 -Up to eight additional \*(L"d_i\*(R" exponents are supported. -.ie n .IP """rsa\-coefficient1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT1\s0\fR) " 4 -.el .IP "``rsa\-coefficient1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT1\s0\fR) " 4 -.IX Item "rsa-coefficient1 (OSSL_PKEY_PARAM_RSA_COEFFICIENT1) " +RSA CRT (Chinese Remainder Theorem) exponents. The exponents are known +as "dP", "dQ" and "d_i" in RFC8017. +Up to eight additional "d_i" exponents are supported. +.IP """rsa\-coefficient1"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT1\fR) " 4 +.IX Item """rsa-coefficient1"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT1) " .PD 0 -.ie n .IP """rsa\-coefficient2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT2\s0\fR) " 4 -.el .IP "``rsa\-coefficient2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT2\s0\fR) " 4 -.IX Item "rsa-coefficient2 (OSSL_PKEY_PARAM_RSA_COEFFICIENT2) " -.ie n .IP """rsa\-coefficient3"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT3\s0\fR) " 4 -.el .IP "``rsa\-coefficient3'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT3\s0\fR) " 4 -.IX Item "rsa-coefficient3 (OSSL_PKEY_PARAM_RSA_COEFFICIENT3) " -.ie n .IP """rsa\-coefficient4"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT4\s0\fR) " 4 -.el .IP "``rsa\-coefficient4'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT4\s0\fR) " 4 -.IX Item "rsa-coefficient4 (OSSL_PKEY_PARAM_RSA_COEFFICIENT4) " -.ie n .IP """rsa\-coefficient5"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT5\s0\fR) " 4 -.el .IP "``rsa\-coefficient5'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT5\s0\fR) " 4 -.IX Item "rsa-coefficient5 (OSSL_PKEY_PARAM_RSA_COEFFICIENT5) " -.ie n .IP """rsa\-coefficient6"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT6\s0\fR) " 4 -.el .IP "``rsa\-coefficient6'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT6\s0\fR) " 4 -.IX Item "rsa-coefficient6 (OSSL_PKEY_PARAM_RSA_COEFFICIENT6) " -.ie n .IP """rsa\-coefficient7"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT7\s0\fR) " 4 -.el .IP "``rsa\-coefficient7'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT7\s0\fR) " 4 -.IX Item "rsa-coefficient7 (OSSL_PKEY_PARAM_RSA_COEFFICIENT7) " -.ie n .IP """rsa\-coefficient8"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT8\s0\fR) " 4 -.el .IP "``rsa\-coefficient8'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT8\s0\fR) " 4 -.IX Item "rsa-coefficient8 (OSSL_PKEY_PARAM_RSA_COEFFICIENT8) " -.ie n .IP """rsa\-coefficient9"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT9\s0\fR) " 4 -.el .IP "``rsa\-coefficient9'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT9\s0\fR) " 4 -.IX Item "rsa-coefficient9 (OSSL_PKEY_PARAM_RSA_COEFFICIENT9) " +.IP """rsa\-coefficient2"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT2\fR) " 4 +.IX Item """rsa-coefficient2"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT2) " +.IP """rsa\-coefficient3"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT3\fR) " 4 +.IX Item """rsa-coefficient3"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT3) " +.IP """rsa\-coefficient4"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT4\fR) " 4 +.IX Item """rsa-coefficient4"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT4) " +.IP """rsa\-coefficient5"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT5\fR) " 4 +.IX Item """rsa-coefficient5"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT5) " +.IP """rsa\-coefficient6"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT6\fR) " 4 +.IX Item """rsa-coefficient6"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT6) " +.IP """rsa\-coefficient7"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT7\fR) " 4 +.IX Item """rsa-coefficient7"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT7) " +.IP """rsa\-coefficient8"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT8\fR) " 4 +.IX Item """rsa-coefficient8"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT8) " +.IP """rsa\-coefficient9"" (\fBOSSL_PKEY_PARAM_RSA_COEFFICIENT9\fR) " 4 +.IX Item """rsa-coefficient9"" (OSSL_PKEY_PARAM_RSA_COEFFICIENT9) " .PD -\&\s-1RSA CRT\s0 (Chinese Remainder Theorem) coefficients. The coefficients are known as -\&\*(L"qInv\*(R" and \*(L"t_i\*(R". -Up to eight additional \*(L"t_i\*(R" exponents are supported. -.SS "\s-1RSA\s0 key generation parameters" +RSA CRT (Chinese Remainder Theorem) coefficients. The coefficients are known as +"qInv" and "t_i". +Up to eight additional "t_i" exponents are supported. +.SS "RSA key generation parameters" .IX Subsection "RSA key generation parameters" -When generating \s-1RSA\s0 keys, the following key generation parameters may be used. -.ie n .IP """bits"" (\fB\s-1OSSL_PKEY_PARAM_RSA_BITS\s0\fR) " 4 -.el .IP "``bits'' (\fB\s-1OSSL_PKEY_PARAM_RSA_BITS\s0\fR) " 4 -.IX Item "bits (OSSL_PKEY_PARAM_RSA_BITS) " -The value should be the cryptographic length for the \fB\s-1RSA\s0\fR cryptosystem, in +When generating RSA keys, the following key generation parameters may be used. +.IP """bits"" (\fBOSSL_PKEY_PARAM_RSA_BITS\fR) " 4 +.IX Item """bits"" (OSSL_PKEY_PARAM_RSA_BITS) " +The value should be the cryptographic length for the \fBRSA\fR cryptosystem, in bits. -.ie n .IP """primes"" (\fB\s-1OSSL_PKEY_PARAM_RSA_PRIMES\s0\fR) " 4 -.el .IP "``primes'' (\fB\s-1OSSL_PKEY_PARAM_RSA_PRIMES\s0\fR) " 4 -.IX Item "primes (OSSL_PKEY_PARAM_RSA_PRIMES) " -The value should be the number of primes for the generated \fB\s-1RSA\s0\fR key. The -default is 2. It isn't permitted to specify a larger number of primes than +.IP """primes"" (\fBOSSL_PKEY_PARAM_RSA_PRIMES\fR) " 4 +.IX Item """primes"" (OSSL_PKEY_PARAM_RSA_PRIMES) " +The value should be the number of primes for the generated \fBRSA\fR key. The +default is 2. It isn\*(Aqt permitted to specify a larger number of primes than 10. Additionally, the number of primes is limited by the length of the key being generated so the maximum number could be less. Some providers may only support a value of 2. -.ie n .IP """e"" (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) " 4 -.el .IP "``e'' (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) " 4 -.IX Item "e (OSSL_PKEY_PARAM_RSA_E) " -The \s-1RSA\s0 \*(L"e\*(R" value. The value may be any odd number greater than or equal to +.IP """e"" (\fBOSSL_PKEY_PARAM_RSA_E\fR) " 4 +.IX Item """e"" (OSSL_PKEY_PARAM_RSA_E) " +The RSA "e" value. The value may be any odd number greater than or equal to 65537. The default value is 65537. For legacy reasons a value of 3 is currently accepted but is deprecated. -.SS "\s-1RSA\s0 key generation parameters for \s-1FIPS\s0 module testing" +.SS "RSA key generation parameters for FIPS module testing" .IX Subsection "RSA key generation parameters for FIPS module testing" -When generating \s-1RSA\s0 keys, the following additional key generation parameters may +When generating RSA keys, the following additional key generation parameters may be used for algorithm testing purposes only. Do not use these to generate -\&\s-1RSA\s0 keys for a production environment. -.ie n .IP """xp"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP\s0\fR) " 4 -.el .IP "``xp'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP\s0\fR) " 4 -.IX Item "xp (OSSL_PKEY_PARAM_RSA_TEST_XP) " +RSA keys for a production environment. +.IP """xp"" (\fBOSSL_PKEY_PARAM_RSA_TEST_XP\fR) " 4 +.IX Item """xp"" (OSSL_PKEY_PARAM_RSA_TEST_XP) " .PD 0 -.ie n .IP """xq"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ\s0\fR) " 4 -.el .IP "``xq'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ\s0\fR) " 4 -.IX Item "xq (OSSL_PKEY_PARAM_RSA_TEST_XQ) " +.IP """xq"" (\fBOSSL_PKEY_PARAM_RSA_TEST_XQ\fR) " 4 +.IX Item """xq"" (OSSL_PKEY_PARAM_RSA_TEST_XQ) " .PD -These 2 fields are normally randomly generated and are used to generate \*(L"p\*(R" and -\&\*(L"q\*(R". -.ie n .IP """xp1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP1\s0\fR) " 4 -.el .IP "``xp1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP1\s0\fR) " 4 -.IX Item "xp1 (OSSL_PKEY_PARAM_RSA_TEST_XP1) " +These 2 fields are normally randomly generated and are used to generate "p" and +"q". +.IP """xp1"" (\fBOSSL_PKEY_PARAM_RSA_TEST_XP1\fR) " 4 +.IX Item """xp1"" (OSSL_PKEY_PARAM_RSA_TEST_XP1) " .PD 0 -.ie n .IP """xp2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP2\s0\fR) " 4 -.el .IP "``xp2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XP2\s0\fR) " 4 -.IX Item "xp2 (OSSL_PKEY_PARAM_RSA_TEST_XP2) " -.ie n .IP """xq1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ1\s0\fR) " 4 -.el .IP "``xq1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ1\s0\fR) " 4 -.IX Item "xq1 (OSSL_PKEY_PARAM_RSA_TEST_XQ1) " -.ie n .IP """xq2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ2\s0\fR) " 4 -.el .IP "``xq2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_XQ2\s0\fR) " 4 -.IX Item "xq2 (OSSL_PKEY_PARAM_RSA_TEST_XQ2) " +.IP """xp2"" (\fBOSSL_PKEY_PARAM_RSA_TEST_XP2\fR) " 4 +.IX Item """xp2"" (OSSL_PKEY_PARAM_RSA_TEST_XP2) " +.IP """xq1"" (\fBOSSL_PKEY_PARAM_RSA_TEST_XQ1\fR) " 4 +.IX Item """xq1"" (OSSL_PKEY_PARAM_RSA_TEST_XQ1) " +.IP """xq2"" (\fBOSSL_PKEY_PARAM_RSA_TEST_XQ2\fR) " 4 +.IX Item """xq2"" (OSSL_PKEY_PARAM_RSA_TEST_XQ2) " .PD -These 4 fields are normally randomly generated. The prime factors \*(L"p1\*(R", \*(L"p2\*(R", -\&\*(L"q1\*(R" and \*(L"q2\*(R" are determined from these values. -.SS "\s-1RSA\s0 key parameters for \s-1FIPS\s0 module testing" +These 4 fields are normally randomly generated. The prime factors "p1", "p2", +"q1" and "q2" are determined from these values. +.SS "RSA key parameters for FIPS module testing" .IX Subsection "RSA key parameters for FIPS module testing" The following intermediate values can be retrieved only if the values -specified in \*(L"\s-1RSA\s0 key generation parameters for \s-1FIPS\s0 module testing\*(R" are set. +specified in "RSA key generation parameters for FIPS module testing" are set. These should not be accessed in a production environment. -.ie n .IP """p1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_P1\s0\fR) " 4 -.el .IP "``p1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_P1\s0\fR) " 4 -.IX Item "p1 (OSSL_PKEY_PARAM_RSA_TEST_P1) " +.IP """p1"" (\fBOSSL_PKEY_PARAM_RSA_TEST_P1\fR) " 4 +.IX Item """p1"" (OSSL_PKEY_PARAM_RSA_TEST_P1) " .PD 0 -.ie n .IP """p2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_P2\s0\fR) " 4 -.el .IP "``p2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_P2\s0\fR) " 4 -.IX Item "p2 (OSSL_PKEY_PARAM_RSA_TEST_P2) " -.ie n .IP """q1"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_Q1\s0\fR) " 4 -.el .IP "``q1'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_Q1\s0\fR) " 4 -.IX Item "q1 (OSSL_PKEY_PARAM_RSA_TEST_Q1) " -.ie n .IP """q2"" (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_Q2\s0\fR) " 4 -.el .IP "``q2'' (\fB\s-1OSSL_PKEY_PARAM_RSA_TEST_Q2\s0\fR) " 4 -.IX Item "q2 (OSSL_PKEY_PARAM_RSA_TEST_Q2) " +.IP """p2"" (\fBOSSL_PKEY_PARAM_RSA_TEST_P2\fR) " 4 +.IX Item """p2"" (OSSL_PKEY_PARAM_RSA_TEST_P2) " +.IP """q1"" (\fBOSSL_PKEY_PARAM_RSA_TEST_Q1\fR) " 4 +.IX Item """q1"" (OSSL_PKEY_PARAM_RSA_TEST_Q1) " +.IP """q2"" (\fBOSSL_PKEY_PARAM_RSA_TEST_Q2\fR) " 4 +.IX Item """q2"" (OSSL_PKEY_PARAM_RSA_TEST_Q2) " .PD The auxiliary probable primes. -.SS "\s-1RSA\s0 key validation" +.SS "RSA key validation" .IX Subsection "RSA key validation" -For \s-1RSA\s0 keys, \fBEVP_PKEY_param_check\fR\|(3) and \fBEVP_PKEY_param_check_quick\fR\|(3) +For RSA keys, \fBEVP_PKEY_param_check\fR\|(3) and \fBEVP_PKEY_param_check_quick\fR\|(3) both return 1 unconditionally. .PP -For \s-1RSA\s0 keys, \fBEVP_PKEY_public_check\fR\|(3) conforms to the SP800\-56Br1 \fIpublic key -check\fR when the OpenSSL \s-1FIPS\s0 provider is used. The OpenSSL default provider +For RSA keys, \fBEVP_PKEY_public_check\fR\|(3) conforms to the SP800\-56Br1 \fIpublic key +check\fR when the OpenSSL FIPS provider is used. The OpenSSL default provider performs similar tests but relaxes the keysize restrictions for backwards compatibility. .PP -For \s-1RSA\s0 keys, \fBEVP_PKEY_public_check_quick\fR\|(3) is the same as +For RSA keys, \fBEVP_PKEY_public_check_quick\fR\|(3) is the same as \&\fBEVP_PKEY_public_check\fR\|(3). .PP -For \s-1RSA\s0 keys, \fBEVP_PKEY_private_check\fR\|(3) conforms to the SP800\-56Br1 +For RSA keys, \fBEVP_PKEY_private_check\fR\|(3) conforms to the SP800\-56Br1 \&\fIprivate key test\fR. .PP -For \s-1RSA\s0 keys, \fBEVP_PKEY_pairwise_check\fR\|(3) conforms to the -SP800\-56Br1 \fIKeyPair Validation check\fR for the OpenSSL \s-1FIPS\s0 provider. The -OpenSSL default provider allows testing of the validity of multi-primes. +For RSA keys, \fBEVP_PKEY_pairwise_check\fR\|(3) conforms to the +SP800\-56Br1 \fIKeyPair Validation check\fR for the OpenSSL FIPS provider. The +OpenSSL default provider allows testing of the validity of multi\-primes. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -.IP "\s-1FIPS186\-4\s0" 4 +.IP FIPS186\-4 4 .IX Item "FIPS186-4" Section B.3.6 Generation of Probable Primes with Conditions Based on Auxiliary Probable Primes -.IP "\s-1RFC 8017,\s0 excluding RSA-PSS and RSA-OAEP" 4 +.IP "RFC 8017, excluding RSA\-PSS and RSA\-OAEP" 4 .IX Item "RFC 8017, excluding RSA-PSS and RSA-OAEP" -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling: +An \fBEVP_PKEY\fR context can be obtained by calling: .PP .Vb 2 \& EVP_PKEY_CTX *pctx = \& EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); .Ve .PP -An \fB\s-1RSA\s0\fR key can be generated simply like this: +An \fBRSA\fR key can be generated simply like this: .PP .Vb 1 \& pkey = EVP_RSA_gen(4096); @@ -396,7 +276,7 @@ \& EVP_PKEY_CTX_free(pctx); .Ve .PP -An \fB\s-1RSA\s0\fR key can be generated with key generation parameters: +An \fBRSA\fR key can be generated with key generation parameters: .PP .Vb 5 \& unsigned int primes = 3; @@ -418,12 +298,12 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_RSA_gen\fR\|(3), \s-1\fBEVP_KEYMGMT\s0\fR\|(3), \s-1\fBEVP_PKEY\s0\fR\|(3), \fBprovider\-keymgmt\fR\|(7) -.SH "COPYRIGHT" +\&\fBEVP_RSA_gen\fR\|(3), \fBEVP_KEYMGMT\fR\|(3), \fBEVP_PKEY\fR\|(3), \fBprovider\-keymgmt\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_PKEY-SM2.7.orig +++ secure/lib/libcrypto/man/man7/EVP_PKEY-SM2.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,114 +53,57 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-SM2 7ossl" -.TH EVP_PKEY-SM2 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY-SM2 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY\-SM2, EVP_KEYMGMT\-SM2, SM2 \&\- EVP_PKEY keytype support for the Chinese SM2 signature and encryption algorithms -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1SM2\s0\fR algorithm was first defined by the Chinese national standard \s-1GM/T -0003\-2012\s0 and was later standardized by \s-1ISO\s0 as \s-1ISO/IEC 14888.\s0 \fB\s-1SM2\s0\fR is actually +The \fBSM2\fR algorithm was first defined by the Chinese national standard GM/T +0003\-2012 and was later standardized by ISO as ISO/IEC 14888. \fBSM2\fR is actually an elliptic curve based algorithm. The current implementation in OpenSSL supports -both signature and encryption schemes via the \s-1EVP\s0 interface. +both signature and encryption schemes via the EVP interface. .PP -When doing the \fB\s-1SM2\s0\fR signature algorithm, it requires a distinguishing identifier +When doing the \fBSM2\fR signature algorithm, it requires a distinguishing identifier to form the message prefix which is hashed before the real message is hashed. -.SS "Common \s-1SM2\s0 parameters" +.SS "Common SM2 parameters" .IX Subsection "Common SM2 parameters" -\&\s-1SM2\s0 uses the parameters defined in \*(L"Common \s-1EC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7). +SM2 uses the parameters defined in "Common EC parameters" in \fBEVP_PKEY\-EC\fR\|(7). The following parameters are different: -.ie n .IP """cofactor"" (\fB\s-1OSSL_PKEY_PARAM_EC_COFACTOR\s0\fR) " 4 -.el .IP "``cofactor'' (\fB\s-1OSSL_PKEY_PARAM_EC_COFACTOR\s0\fR) " 4 -.IX Item "cofactor (OSSL_PKEY_PARAM_EC_COFACTOR) " -This parameter is ignored for \fB\s-1SM2\s0\fR. -.IP "(\fB\s-1OSSL_PKEY_PARAM_DEFAULT_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IP """cofactor"" (\fBOSSL_PKEY_PARAM_EC_COFACTOR\fR) " 4 +.IX Item """cofactor"" (OSSL_PKEY_PARAM_EC_COFACTOR) " +This parameter is ignored for \fBSM2\fR. +.IP "(\fBOSSL_PKEY_PARAM_DEFAULT_DIGEST\fR) " 4 .IX Item "(OSSL_PKEY_PARAM_DEFAULT_DIGEST) " Getter that returns the default digest name. -(Currently returns \*(L"\s-1SM3\*(R"\s0 as of OpenSSL 3.0). -.SH "NOTES" +(Currently returns "SM3" as of OpenSSL 3.0). +.SH NOTES .IX Header "NOTES" -\&\fB\s-1SM2\s0\fR signatures can be generated by using the 'DigestSign' series of APIs, for +\&\fBSM2\fR signatures can be generated by using the \*(AqDigestSign\*(Aq series of APIs, for instance, \fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. -Ditto for the verification process by calling the 'DigestVerify' series of APIs. +Ditto for the verification process by calling the \*(AqDigestVerify\*(Aq series of APIs. +Note that the SM2 algorithm requires the presence of the public key for signatures, +as such the \fBOSSL_PKEY_PARAM_PUB_KEY\fR option must be set on any key used in signature +generation. .PP -Before computing an \fB\s-1SM2\s0\fR signature, an \fB\s-1EVP_PKEY_CTX\s0\fR needs to be created, -and an \fB\s-1SM2\s0\fR \s-1ID\s0 must be set for it, like this: +Before computing an \fBSM2\fR signature, an \fBEVP_PKEY_CTX\fR needs to be created, +and an \fBSM2\fR ID must be set for it, like this: .PP .Vb 1 \& EVP_PKEY_CTX_set1_id(pctx, id, id_len); .Ve .PP Before calling the \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR functions, -that \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR, like this: +that \fBEVP_PKEY_CTX\fR should be assigned to the \fBEVP_MD_CTX\fR, like this: .PP .Vb 1 \& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); @@ -185,15 +112,15 @@ There is normally no need to pass a \fBpctx\fR parameter to \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR in such a scenario. .PP -\&\s-1SM2\s0 can be tested with the \fBopenssl\-speed\fR\|(1) application since version 3.0. +SM2 can be tested with the \fBopenssl\-speed\fR\|(1) application since version 3.0. Currently, the only valid algorithm name is \fBsm2\fR. .PP -Since version 3.0, \s-1SM2\s0 keys can be generated and loaded only when the domain -parameters specify the \s-1SM2\s0 elliptic curve. -.SH "EXAMPLES" +Since version 3.0, SM2 keys can be generated and loaded only when the domain +parameters specify the SM2 elliptic curve. +.SH EXAMPLES .IX Header "EXAMPLES" -This example demonstrates the calling sequence for using an \fB\s-1EVP_PKEY\s0\fR to verify -a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algorithm: +This example demonstrates the calling sequence for using an \fBEVP_PKEY\fR to verify +a message with the SM2 signature algorithm and the SM3 hash algorithm: .PP .Vb 1 \& #include @@ -214,11 +141,11 @@ \&\fBEVP_DigestVerifyInit\fR\|(3), \&\fBEVP_PKEY_CTX_set1_id\fR\|(3), \&\fBEVP_MD_CTX_set_pkey_ctx\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_PKEY-X25519.7.orig +++ secure/lib/libcrypto/man/man7/EVP_PKEY-X25519.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,129 +53,65 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-X25519 7ossl" -.TH EVP_PKEY-X25519 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_PKEY-X25519 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_PKEY\-X25519, EVP_PKEY\-X448, EVP_PKEY\-ED25519, EVP_PKEY\-ED448, EVP_KEYMGMT\-X25519, EVP_KEYMGMT\-X448, EVP_KEYMGMT\-ED25519, EVP_KEYMGMT\-ED448 \&\- EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fBX25519\fR, \fBX448\fR, \fB\s-1ED25519\s0\fR and \fB\s-1ED448\s0\fR keytypes are -implemented in OpenSSL's default and \s-1FIPS\s0 providers. These implementations +The \fBX25519\fR, \fBX448\fR, \fBED25519\fR and \fBED448\fR keytypes are +implemented in OpenSSL\*(Aqs default and FIPS providers. These implementations support the associated key, containing the public key \fIpub\fR and the private key \fIpriv\fR. .PP No additional parameters can be set during key generation. -.SS "Common X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 parameters" +.SS "Common X25519, X448, ED25519 and ED448 parameters" .IX Subsection "Common X25519, X448, ED25519 and ED448 parameters" In addition to the common parameters that all keytypes should support (see -\&\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7)), the implementation of these keytypes +"Common parameters" in \fBprovider\-keymgmt\fR\|(7)), the implementation of these keytypes support the following. -.ie n .IP """group"" (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``group'' (\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "group (OSSL_PKEY_PARAM_GROUP_NAME) " -This is only supported by X25519 and X448. The group name must be \*(L"x25519\*(R" or -\&\*(L"x448\*(R" respectively for those algorithms. This is only present for consistency +.IP """group"" (\fBOSSL_PKEY_PARAM_GROUP_NAME\fR) " 4 +.IX Item """group"" (OSSL_PKEY_PARAM_GROUP_NAME) " +This is only supported by X25519 and X448. The group name must be "x25519" or +"x448" respectively for those algorithms. This is only present for consistency with other key exchange algorithms and is typically not needed. -.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 -.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 -.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) " +.IP """pub"" (\fBOSSL_PKEY_PARAM_PUB_KEY\fR) " 4 +.IX Item """pub"" (OSSL_PKEY_PARAM_PUB_KEY) " The public key value. -.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 -.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) " +.IP """priv"" (\fBOSSL_PKEY_PARAM_PRIV_KEY\fR) " 4 +.IX Item """priv"" (OSSL_PKEY_PARAM_PRIV_KEY) " The private key value. -.ie n .IP """encoded-pub-key"" (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) " 4 -.el .IP "``encoded-pub-key'' (\fB\s-1OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\s0\fR) " 4 -.IX Item "encoded-pub-key (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) " +.IP """encoded\-pub\-key"" (\fBOSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\fR) " 4 +.IX Item """encoded-pub-key"" (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) " Used for getting and setting the encoding of a public key for the \fBX25519\fR and \&\fBX448\fR key types. Public keys are expected be encoded in a format as defined by -\&\s-1RFC7748.\s0 -.SS "\s-1ED25519\s0 and \s-1ED448\s0 parameters" +RFC7748. +.SS "ED25519 and ED448 parameters" .IX Subsection "ED25519 and ED448 parameters" -.ie n .IP """mandatory-digest"" (\fB\s-1OSSL_PKEY_PARAM_MANDATORY_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mandatory-digest'' (\fB\s-1OSSL_PKEY_PARAM_MANDATORY_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mandatory-digest (OSSL_PKEY_PARAM_MANDATORY_DIGEST) " +.IP """mandatory\-digest"" (\fBOSSL_PKEY_PARAM_MANDATORY_DIGEST\fR) " 4 +.IX Item """mandatory-digest"" (OSSL_PKEY_PARAM_MANDATORY_DIGEST) " The empty string, signifying that no digest may be specified. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -.IP "\s-1RFC 8032\s0" 4 +.IP "RFC 8032" 4 .IX Item "RFC 8032" .PD 0 -.IP "\s-1RFC 8410\s0" 4 +.IP "RFC 8410" 4 .IX Item "RFC 8410" .PD -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling: +An \fBEVP_PKEY\fR context can be obtained by calling: .PP .Vb 2 \& EVP_PKEY_CTX *pctx = @@ -213,17 +133,17 @@ \& pkey = EVP_PKEY_Q_keygen(NULL, NULL, "X25519"); .Ve .PP -An \fBX448\fR, \fB\s-1ED25519\s0\fR, or \fB\s-1ED448\s0\fR key can be generated likewise. +An \fBX448\fR, \fBED25519\fR, or \fBED448\fR key can be generated likewise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3), \s-1\fBEVP_PKEY\s0\fR\|(3), \fBprovider\-keymgmt\fR\|(7), -\&\s-1\fBEVP_KEYEXCH\-X25519\s0\fR\|(7), \s-1\fBEVP_KEYEXCH\-X448\s0\fR\|(7), -\&\s-1\fBEVP_SIGNATURE\-ED25519\s0\fR\|(7), \s-1\fBEVP_SIGNATURE\-ED448\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBEVP_KEYMGMT\fR\|(3), \fBEVP_PKEY\fR\|(3), \fBprovider\-keymgmt\fR\|(7), +\&\fBEVP_KEYEXCH\-X25519\fR\|(7), \fBEVP_KEYEXCH\-X448\fR\|(7), +\&\fBEVP_SIGNATURE\-ED25519\fR\|(7), \fBEVP_SIGNATURE\-ED448\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_RAND-CTR-DRBG.7.orig +++ secure/lib/libcrypto/man/man7/EVP_RAND-CTR-DRBG.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,148 +53,74 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RAND-CTR-DRBG 7ossl" -.TH EVP_RAND-CTR-DRBG 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RAND-CTR-DRBG 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_RAND\-CTR\-DRBG \- The CTR DRBG EVP_RAND implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Support for the counter deterministic random bit generator through the -\&\fB\s-1EVP_RAND\s0\fR \s-1API.\s0 -.SS "Identity" +\&\fBEVP_RAND\fR API. +.SS Identity .IX Subsection "Identity" -\&\*(L"CTR-DRBG\*(R" is the name for this implementation; it can be used with the +"CTR\-DRBG" is the name for this implementation; it can be used with the \&\fBEVP_RAND_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.IX Item "state (OSSL_RAND_PARAM_STATE) " +.IP """state"" (\fBOSSL_RAND_PARAM_STATE\fR) " 4 +.IX Item """state"" (OSSL_RAND_PARAM_STATE) " .PD 0 -.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) " -.ie n .IP """max_request"" (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) " 4 -.el .IP "``max_request'' (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) " 4 -.IX Item "max_request (OSSL_RAND_PARAM_MAX_REQUEST) " -.ie n .IP """reseed_requests"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``reseed_requests'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "reseed_requests (OSSL_DRBG_PARAM_RESEED_REQUESTS) " -.ie n .IP """reseed_time_interval"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.el .IP "``reseed_time_interval'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.IX Item "reseed_time_interval (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " -.ie n .IP """min_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.el .IP "``min_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.IX Item "min_entropylen (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " -.ie n .IP """max_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.el .IP "``max_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.IX Item "max_entropylen (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " -.ie n .IP """min_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.el .IP "``min_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.IX Item "min_noncelen (OSSL_DRBG_PARAM_MIN_NONCELEN) " -.ie n .IP """max_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.el .IP "``max_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.IX Item "max_noncelen (OSSL_DRBG_PARAM_MAX_NONCELEN) " -.ie n .IP """max_perslen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.el .IP "``max_perslen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.IX Item "max_perslen (OSSL_DRBG_PARAM_MAX_PERSLEN) " -.ie n .IP """max_adinlen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.el .IP "``max_adinlen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.IX Item "max_adinlen (OSSL_DRBG_PARAM_MAX_ADINLEN) " -.ie n .IP """reseed_counter"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.el .IP "``reseed_counter'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.IX Item "reseed_counter (OSSL_DRBG_PARAM_RESEED_COUNTER) " -.ie n .IP """properties"" (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_DRBG_PARAM_PROPERTIES) " -.ie n .IP """cipher"" (\fB\s-1OSSL_DRBG_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_DRBG_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_DRBG_PARAM_CIPHER) " +.IP """strength"" (\fBOSSL_RAND_PARAM_STRENGTH\fR) " 4 +.IX Item """strength"" (OSSL_RAND_PARAM_STRENGTH) " +.IP """max_request"" (\fBOSSL_RAND_PARAM_MAX_REQUEST\fR) " 4 +.IX Item """max_request"" (OSSL_RAND_PARAM_MAX_REQUEST) " +.IP """reseed_requests"" (\fBOSSL_DRBG_PARAM_RESEED_REQUESTS\fR) " 4 +.IX Item """reseed_requests"" (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +.IP """reseed_time_interval"" (\fBOSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\fR) " 4 +.IX Item """reseed_time_interval"" (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " +.IP """min_entropylen"" (\fBOSSL_DRBG_PARAM_MIN_ENTROPYLEN\fR) " 4 +.IX Item """min_entropylen"" (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " +.IP """max_entropylen"" (\fBOSSL_DRBG_PARAM_MAX_ENTROPYLEN\fR) " 4 +.IX Item """max_entropylen"" (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " +.IP """min_noncelen"" (\fBOSSL_DRBG_PARAM_MIN_NONCELEN\fR) " 4 +.IX Item """min_noncelen"" (OSSL_DRBG_PARAM_MIN_NONCELEN) " +.IP """max_noncelen"" (\fBOSSL_DRBG_PARAM_MAX_NONCELEN\fR) " 4 +.IX Item """max_noncelen"" (OSSL_DRBG_PARAM_MAX_NONCELEN) " +.IP """max_perslen"" (\fBOSSL_DRBG_PARAM_MAX_PERSLEN\fR) " 4 +.IX Item """max_perslen"" (OSSL_DRBG_PARAM_MAX_PERSLEN) " +.IP """max_adinlen"" (\fBOSSL_DRBG_PARAM_MAX_ADINLEN\fR) " 4 +.IX Item """max_adinlen"" (OSSL_DRBG_PARAM_MAX_ADINLEN) " +.IP """reseed_counter"" (\fBOSSL_DRBG_PARAM_RESEED_COUNTER\fR) " 4 +.IX Item """reseed_counter"" (OSSL_DRBG_PARAM_RESEED_COUNTER) " +.IP """properties"" (\fBOSSL_DRBG_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_DRBG_PARAM_PROPERTIES) " +.IP """cipher"" (\fBOSSL_DRBG_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_DRBG_PARAM_CIPHER) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3). -.ie n .IP """use_derivation_function"" (\fB\s-1OSSL_DRBG_PARAM_USE_DF\s0\fR) " 4 -.el .IP "``use_derivation_function'' (\fB\s-1OSSL_DRBG_PARAM_USE_DF\s0\fR) " 4 -.IX Item "use_derivation_function (OSSL_DRBG_PARAM_USE_DF) " +These parameters work as described in "PARAMETERS" in \fBEVP_RAND\fR\|(3). +.IP """use_derivation_function"" (\fBOSSL_DRBG_PARAM_USE_DF\fR) " 4 +.IX Item """use_derivation_function"" (OSSL_DRBG_PARAM_USE_DF) " This Boolean indicates if a derivation function should be used or not. A nonzero value (the default) uses the derivation function. A zero value does not. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A context for \s-1CTR DRBG\s0 can be obtained by calling: +A context for CTR DRBG can be obtained by calling: .PP .Vb 2 \& EVP_RAND *rand = EVP_RAND_fetch(NULL, "CTR\-DRBG", NULL); \& EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand); .Ve -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 5 \& EVP_RAND *rand; @@ -234,16 +144,16 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90B\s0 +NIST SP 800\-90A and SP 800\-90B .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_RAND\s0\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBEVP_RAND\fR\|(3), +"PARAMETERS" in \fBEVP_RAND\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_RAND-HASH-DRBG.7.orig +++ secure/lib/libcrypto/man/man7/EVP_RAND-HASH-DRBG.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,142 +53,69 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RAND-HASH-DRBG 7ossl" -.TH EVP_RAND-HASH-DRBG 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RAND-HASH-DRBG 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_RAND\-HASH\-DRBG \- The HASH DRBG EVP_RAND implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Support for the hash deterministic random bit generator through the -\&\fB\s-1EVP_RAND\s0\fR \s-1API.\s0 -.SS "Identity" +\&\fBEVP_RAND\fR API. +.SS Identity .IX Subsection "Identity" -\&\*(L"HASH-DRBG\*(R" is the name for this implementation; it can be used with the +"HASH\-DRBG" is the name for this implementation; it can be used with the \&\fBEVP_RAND_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.IX Item "state (OSSL_RAND_PARAM_STATE) " +.IP """state"" (\fBOSSL_RAND_PARAM_STATE\fR) " 4 +.IX Item """state"" (OSSL_RAND_PARAM_STATE) " .PD 0 -.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) " -.ie n .IP """max_request"" (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) " 4 -.el .IP "``max_request'' (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) " 4 -.IX Item "max_request (OSSL_RAND_PARAM_MAX_REQUEST) " -.ie n .IP """reseed_requests"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``reseed_requests'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "reseed_requests (OSSL_DRBG_PARAM_RESEED_REQUESTS) " -.ie n .IP """reseed_time_interval"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.el .IP "``reseed_time_interval'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.IX Item "reseed_time_interval (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " -.ie n .IP """min_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.el .IP "``min_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.IX Item "min_entropylen (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " -.ie n .IP """max_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.el .IP "``max_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.IX Item "max_entropylen (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " -.ie n .IP """min_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.el .IP "``min_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.IX Item "min_noncelen (OSSL_DRBG_PARAM_MIN_NONCELEN) " -.ie n .IP """max_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.el .IP "``max_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.IX Item "max_noncelen (OSSL_DRBG_PARAM_MAX_NONCELEN) " -.ie n .IP """max_perslen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.el .IP "``max_perslen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.IX Item "max_perslen (OSSL_DRBG_PARAM_MAX_PERSLEN) " -.ie n .IP """max_adinlen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.el .IP "``max_adinlen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.IX Item "max_adinlen (OSSL_DRBG_PARAM_MAX_ADINLEN) " -.ie n .IP """reseed_counter"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.el .IP "``reseed_counter'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.IX Item "reseed_counter (OSSL_DRBG_PARAM_RESEED_COUNTER) " -.ie n .IP """properties"" (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_DRBG_PARAM_PROPERTIES) " -.ie n .IP """digest"" (\fB\s-1OSSL_DRBG_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_DRBG_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_DRBG_PARAM_DIGEST) " +.IP """strength"" (\fBOSSL_RAND_PARAM_STRENGTH\fR) " 4 +.IX Item """strength"" (OSSL_RAND_PARAM_STRENGTH) " +.IP """max_request"" (\fBOSSL_RAND_PARAM_MAX_REQUEST\fR) " 4 +.IX Item """max_request"" (OSSL_RAND_PARAM_MAX_REQUEST) " +.IP """reseed_requests"" (\fBOSSL_DRBG_PARAM_RESEED_REQUESTS\fR) " 4 +.IX Item """reseed_requests"" (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +.IP """reseed_time_interval"" (\fBOSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\fR) " 4 +.IX Item """reseed_time_interval"" (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " +.IP """min_entropylen"" (\fBOSSL_DRBG_PARAM_MIN_ENTROPYLEN\fR) " 4 +.IX Item """min_entropylen"" (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " +.IP """max_entropylen"" (\fBOSSL_DRBG_PARAM_MAX_ENTROPYLEN\fR) " 4 +.IX Item """max_entropylen"" (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " +.IP """min_noncelen"" (\fBOSSL_DRBG_PARAM_MIN_NONCELEN\fR) " 4 +.IX Item """min_noncelen"" (OSSL_DRBG_PARAM_MIN_NONCELEN) " +.IP """max_noncelen"" (\fBOSSL_DRBG_PARAM_MAX_NONCELEN\fR) " 4 +.IX Item """max_noncelen"" (OSSL_DRBG_PARAM_MAX_NONCELEN) " +.IP """max_perslen"" (\fBOSSL_DRBG_PARAM_MAX_PERSLEN\fR) " 4 +.IX Item """max_perslen"" (OSSL_DRBG_PARAM_MAX_PERSLEN) " +.IP """max_adinlen"" (\fBOSSL_DRBG_PARAM_MAX_ADINLEN\fR) " 4 +.IX Item """max_adinlen"" (OSSL_DRBG_PARAM_MAX_ADINLEN) " +.IP """reseed_counter"" (\fBOSSL_DRBG_PARAM_RESEED_COUNTER\fR) " 4 +.IX Item """reseed_counter"" (OSSL_DRBG_PARAM_RESEED_COUNTER) " +.IP """properties"" (\fBOSSL_DRBG_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_DRBG_PARAM_PROPERTIES) " +.IP """digest"" (\fBOSSL_DRBG_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_DRBG_PARAM_DIGEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3). -.SH "NOTES" +These parameters work as described in "PARAMETERS" in \fBEVP_RAND\fR\|(3). +.SH NOTES .IX Header "NOTES" -A context for \s-1HASH DRBG\s0 can be obtained by calling: +A context for HASH DRBG can be obtained by calling: .PP .Vb 2 \& EVP_RAND *rand = EVP_RAND_fetch(NULL, "HASH\-DRBG", NULL); \& EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand); .Ve -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 5 \& EVP_RAND *rand; @@ -227,16 +138,16 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90B\s0 +NIST SP 800\-90A and SP 800\-90B .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_RAND\s0\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBEVP_RAND\fR\|(3), +"PARAMETERS" in \fBEVP_RAND\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_RAND-HMAC-DRBG.7.orig +++ secure/lib/libcrypto/man/man7/EVP_RAND-HMAC-DRBG.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,145 +53,71 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RAND-HMAC-DRBG 7ossl" -.TH EVP_RAND-HMAC-DRBG 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RAND-HMAC-DRBG 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_RAND\-HMAC\-DRBG \- The HMAC DRBG EVP_RAND implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for the \s-1HMAC\s0 deterministic random bit generator through the -\&\fB\s-1EVP_RAND\s0\fR \s-1API.\s0 -.SS "Identity" +Support for the HMAC deterministic random bit generator through the +\&\fBEVP_RAND\fR API. +.SS Identity .IX Subsection "Identity" -\&\*(L"HMAC-DRBG\*(R" is the name for this implementation; it can be used with the +"HMAC\-DRBG" is the name for this implementation; it can be used with the \&\fBEVP_RAND_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.IX Item "state (OSSL_RAND_PARAM_STATE) " +.IP """state"" (\fBOSSL_RAND_PARAM_STATE\fR) " 4 +.IX Item """state"" (OSSL_RAND_PARAM_STATE) " .PD 0 -.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) " -.ie n .IP """max_request"" (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) " 4 -.el .IP "``max_request'' (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) " 4 -.IX Item "max_request (OSSL_RAND_PARAM_MAX_REQUEST) " -.ie n .IP """reseed_requests"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``reseed_requests'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "reseed_requests (OSSL_DRBG_PARAM_RESEED_REQUESTS) " -.ie n .IP """reseed_time_interval"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.el .IP "``reseed_time_interval'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.IX Item "reseed_time_interval (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " -.ie n .IP """min_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.el .IP "``min_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.IX Item "min_entropylen (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " -.ie n .IP """max_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.el .IP "``max_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.IX Item "max_entropylen (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " -.ie n .IP """min_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.el .IP "``min_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.IX Item "min_noncelen (OSSL_DRBG_PARAM_MIN_NONCELEN) " -.ie n .IP """max_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.el .IP "``max_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.IX Item "max_noncelen (OSSL_DRBG_PARAM_MAX_NONCELEN) " -.ie n .IP """max_perslen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.el .IP "``max_perslen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.IX Item "max_perslen (OSSL_DRBG_PARAM_MAX_PERSLEN) " -.ie n .IP """max_adinlen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.el .IP "``max_adinlen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.IX Item "max_adinlen (OSSL_DRBG_PARAM_MAX_ADINLEN) " -.ie n .IP """reseed_counter"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.el .IP "``reseed_counter'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.IX Item "reseed_counter (OSSL_DRBG_PARAM_RESEED_COUNTER) " -.ie n .IP """properties"" (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_DRBG_PARAM_PROPERTIES) " -.ie n .IP """mac"" (\fB\s-1OSSL_DRBG_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mac'' (\fB\s-1OSSL_DRBG_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mac (OSSL_DRBG_PARAM_MAC) " -.ie n .IP """digest"" (\fB\s-1OSSL_DRBG_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_DRBG_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_DRBG_PARAM_DIGEST) " +.IP """strength"" (\fBOSSL_RAND_PARAM_STRENGTH\fR) " 4 +.IX Item """strength"" (OSSL_RAND_PARAM_STRENGTH) " +.IP """max_request"" (\fBOSSL_RAND_PARAM_MAX_REQUEST\fR) " 4 +.IX Item """max_request"" (OSSL_RAND_PARAM_MAX_REQUEST) " +.IP """reseed_requests"" (\fBOSSL_DRBG_PARAM_RESEED_REQUESTS\fR) " 4 +.IX Item """reseed_requests"" (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +.IP """reseed_time_interval"" (\fBOSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\fR) " 4 +.IX Item """reseed_time_interval"" (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " +.IP """min_entropylen"" (\fBOSSL_DRBG_PARAM_MIN_ENTROPYLEN\fR) " 4 +.IX Item """min_entropylen"" (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " +.IP """max_entropylen"" (\fBOSSL_DRBG_PARAM_MAX_ENTROPYLEN\fR) " 4 +.IX Item """max_entropylen"" (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " +.IP """min_noncelen"" (\fBOSSL_DRBG_PARAM_MIN_NONCELEN\fR) " 4 +.IX Item """min_noncelen"" (OSSL_DRBG_PARAM_MIN_NONCELEN) " +.IP """max_noncelen"" (\fBOSSL_DRBG_PARAM_MAX_NONCELEN\fR) " 4 +.IX Item """max_noncelen"" (OSSL_DRBG_PARAM_MAX_NONCELEN) " +.IP """max_perslen"" (\fBOSSL_DRBG_PARAM_MAX_PERSLEN\fR) " 4 +.IX Item """max_perslen"" (OSSL_DRBG_PARAM_MAX_PERSLEN) " +.IP """max_adinlen"" (\fBOSSL_DRBG_PARAM_MAX_ADINLEN\fR) " 4 +.IX Item """max_adinlen"" (OSSL_DRBG_PARAM_MAX_ADINLEN) " +.IP """reseed_counter"" (\fBOSSL_DRBG_PARAM_RESEED_COUNTER\fR) " 4 +.IX Item """reseed_counter"" (OSSL_DRBG_PARAM_RESEED_COUNTER) " +.IP """properties"" (\fBOSSL_DRBG_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_DRBG_PARAM_PROPERTIES) " +.IP """mac"" (\fBOSSL_DRBG_PARAM_MAC\fR) " 4 +.IX Item """mac"" (OSSL_DRBG_PARAM_MAC) " +.IP """digest"" (\fBOSSL_DRBG_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_DRBG_PARAM_DIGEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3). -.SH "NOTES" +These parameters work as described in "PARAMETERS" in \fBEVP_RAND\fR\|(3). +.SH NOTES .IX Header "NOTES" -A context for \s-1HMAC DRBG\s0 can be obtained by calling: +A context for HMAC DRBG can be obtained by calling: .PP .Vb 2 \& EVP_RAND *rand = EVP_RAND_fetch(NULL, "HMAC\-DRBG", NULL); \& EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand); .Ve -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 5 \& EVP_RAND *rand; @@ -231,16 +141,16 @@ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90B\s0 +NIST SP 800\-90A and SP 800\-90B .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_RAND\s0\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBEVP_RAND\fR\|(3), +"PARAMETERS" in \fBEVP_RAND\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_RAND-SEED-SRC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_RAND-SEED-SRC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,105 +53,43 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RAND-SEED-SRC 7ossl" -.TH EVP_RAND-SEED-SRC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RAND-SEED-SRC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_RAND\-SEED\-SRC \- The randomness seed source EVP_RAND implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Support for deterministic random number generator seeding through the -\&\fB\s-1EVP_RAND\s0\fR \s-1API.\s0 +\&\fBEVP_RAND\fR API. .PP The seed sources used are specified at the time OpenSSL is configured for building using the \fB\-\-with\-rand\-seed=\fR option. By default, operating system randomness sources are used. -.SS "Identity" +.SS Identity .IX Subsection "Identity" -\&\*(L"SEED-SRC\*(R" is the name for this implementation; it can be used with the +"SEED\-SRC" is the name for this implementation; it can be used with the \&\fBEVP_RAND_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.IX Item "state (OSSL_RAND_PARAM_STATE) " +.IP """state"" (\fBOSSL_RAND_PARAM_STATE\fR) " 4 +.IX Item """state"" (OSSL_RAND_PARAM_STATE) " .PD 0 -.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) " -.ie n .IP """max_request"" (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) " 4 -.el .IP "``max_request'' (\fB\s-1OSSL_RAND_PARAM_MAX_REQUEST\s0\fR) " 4 -.IX Item "max_request (OSSL_RAND_PARAM_MAX_REQUEST) " +.IP """strength"" (\fBOSSL_RAND_PARAM_STRENGTH\fR) " 4 +.IX Item """strength"" (OSSL_RAND_PARAM_STRENGTH) " +.IP """max_request"" (\fBOSSL_RAND_PARAM_MAX_REQUEST\fR) " 4 +.IX Item """max_request"" (OSSL_RAND_PARAM_MAX_REQUEST) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3). -.SH "NOTES" +These parameters work as described in "PARAMETERS" in \fBEVP_RAND\fR\|(3). +.SH NOTES .IX Header "NOTES" A context for the seed source can be obtained by calling: .PP @@ -175,7 +97,7 @@ \& EVP_RAND *rand = EVP_RAND_fetch(NULL, "SEED\-SRC", NULL); \& EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand); .Ve -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 5 \& EVP_RAND *rand; @@ -184,9 +106,10 @@ \& OSSL_PARAM params[2], *p = params; \& unsigned int strength = 128; \& -\& /* Create a seed source */ +\& /* Create and instantiate a seed source */ \& rand = EVP_RAND_fetch(NULL, "SEED\-SRC", NULL); \& seed = EVP_RAND_CTX_new(rand, NULL); +\& EVP_RAND_instantiate(seed, strength, 0, NULL, 0, NULL); \& EVP_RAND_free(rand); \& \& /* Feed this into a DRBG */ @@ -207,13 +130,13 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_RAND\s0\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBEVP_RAND\fR\|(3), +"PARAMETERS" in \fBEVP_RAND\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_RAND-TEST-RAND.7.orig +++ secure/lib/libcrypto/man/man7/EVP_RAND-TEST-RAND.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,141 +53,68 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RAND-TEST-RAND 7ossl" -.TH EVP_RAND-TEST-RAND 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RAND-TEST-RAND 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_RAND\-TEST\-RAND \- The test EVP_RAND implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for a test generator through the \fB\s-1EVP_RAND\s0\fR \s-1API.\s0 This generator is +Support for a test generator through the \fBEVP_RAND\fR API. This generator is for test purposes only, it does not generate random numbers. -.SS "Identity" +.SS Identity .IX Subsection "Identity" -\&\*(L"TEST-RAND\*(R" is the name for this implementation; it can be used with the +"TEST\-RAND" is the name for this implementation; it can be used with the \&\fBEVP_RAND_fetch()\fR function. .SS "Supported parameters" .IX Subsection "Supported parameters" The supported parameters are: -.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.IX Item "state (OSSL_RAND_PARAM_STATE) " -These parameter works as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3). -.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) " +.IP """state"" (\fBOSSL_RAND_PARAM_STATE\fR) " 4 +.IX Item """state"" (OSSL_RAND_PARAM_STATE) " +These parameter works as described in "PARAMETERS" in \fBEVP_RAND\fR\|(3). +.IP """strength"" (\fBOSSL_RAND_PARAM_STRENGTH\fR) " 4 +.IX Item """strength"" (OSSL_RAND_PARAM_STRENGTH) " .PD 0 -.ie n .IP """reseed_requests"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``reseed_requests'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "reseed_requests (OSSL_DRBG_PARAM_RESEED_REQUESTS) " -.ie n .IP """reseed_time_interval"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.el .IP "``reseed_time_interval'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.IX Item "reseed_time_interval (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " -.ie n .IP """max_request"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``max_request'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "max_request (OSSL_DRBG_PARAM_RESEED_REQUESTS) " -.ie n .IP """min_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.el .IP "``min_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.IX Item "min_entropylen (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " -.ie n .IP """max_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.el .IP "``max_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.IX Item "max_entropylen (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " -.ie n .IP """min_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.el .IP "``min_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.IX Item "min_noncelen (OSSL_DRBG_PARAM_MIN_NONCELEN) " -.ie n .IP """max_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.el .IP "``max_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.IX Item "max_noncelen (OSSL_DRBG_PARAM_MAX_NONCELEN) " -.ie n .IP """max_perslen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.el .IP "``max_perslen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.IX Item "max_perslen (OSSL_DRBG_PARAM_MAX_PERSLEN) " -.ie n .IP """max_adinlen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.el .IP "``max_adinlen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.IX Item "max_adinlen (OSSL_DRBG_PARAM_MAX_ADINLEN) " -.ie n .IP """reseed_counter"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.el .IP "``reseed_counter'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.IX Item "reseed_counter (OSSL_DRBG_PARAM_RESEED_COUNTER) " +.IP """reseed_requests"" (\fBOSSL_DRBG_PARAM_RESEED_REQUESTS\fR) " 4 +.IX Item """reseed_requests"" (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +.IP """reseed_time_interval"" (\fBOSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\fR) " 4 +.IX Item """reseed_time_interval"" (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " +.IP """max_request"" (\fBOSSL_DRBG_PARAM_RESEED_REQUESTS\fR) " 4 +.IX Item """max_request"" (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +.IP """min_entropylen"" (\fBOSSL_DRBG_PARAM_MIN_ENTROPYLEN\fR) " 4 +.IX Item """min_entropylen"" (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " +.IP """max_entropylen"" (\fBOSSL_DRBG_PARAM_MAX_ENTROPYLEN\fR) " 4 +.IX Item """max_entropylen"" (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " +.IP """min_noncelen"" (\fBOSSL_DRBG_PARAM_MIN_NONCELEN\fR) " 4 +.IX Item """min_noncelen"" (OSSL_DRBG_PARAM_MIN_NONCELEN) " +.IP """max_noncelen"" (\fBOSSL_DRBG_PARAM_MAX_NONCELEN\fR) " 4 +.IX Item """max_noncelen"" (OSSL_DRBG_PARAM_MAX_NONCELEN) " +.IP """max_perslen"" (\fBOSSL_DRBG_PARAM_MAX_PERSLEN\fR) " 4 +.IX Item """max_perslen"" (OSSL_DRBG_PARAM_MAX_PERSLEN) " +.IP """max_adinlen"" (\fBOSSL_DRBG_PARAM_MAX_ADINLEN\fR) " 4 +.IX Item """max_adinlen"" (OSSL_DRBG_PARAM_MAX_ADINLEN) " +.IP """reseed_counter"" (\fBOSSL_DRBG_PARAM_RESEED_COUNTER\fR) " 4 +.IX Item """reseed_counter"" (OSSL_DRBG_PARAM_RESEED_COUNTER) " .PD -These parameters work as described in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3), except that +These parameters work as described in "PARAMETERS" in \fBEVP_RAND\fR\|(3), except that they can all be set as well as read. -.ie n .IP """test_entropy"" (\fB\s-1OSSL_RAND_PARAM_TEST_ENTROPY\s0\fR) " 4 -.el .IP "``test_entropy'' (\fB\s-1OSSL_RAND_PARAM_TEST_ENTROPY\s0\fR) " 4 -.IX Item "test_entropy (OSSL_RAND_PARAM_TEST_ENTROPY) " +.IP """test_entropy"" (\fBOSSL_RAND_PARAM_TEST_ENTROPY\fR) " 4 +.IX Item """test_entropy"" (OSSL_RAND_PARAM_TEST_ENTROPY) " Sets the bytes returned when the test generator is sent an entropy request. The current position is remembered across generate calls. If there are insufficient data present to satisfy a call, an error is returned. -.ie n .IP """test_nonce"" (\fB\s-1OSSL_RAND_PARAM_TEST_NONCE\s0\fR) " 4 -.el .IP "``test_nonce'' (\fB\s-1OSSL_RAND_PARAM_TEST_NONCE\s0\fR) " 4 -.IX Item "test_nonce (OSSL_RAND_PARAM_TEST_NONCE) " +.IP """test_nonce"" (\fBOSSL_RAND_PARAM_TEST_NONCE\fR) " 4 +.IX Item """test_nonce"" (OSSL_RAND_PARAM_TEST_NONCE) " Sets the bytes returned when the test generator is sent a nonce request. Each nonce request will return all of the bytes. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" A context for a test generator can be obtained by calling: .PP @@ -211,7 +122,7 @@ \& EVP_RAND *rand = EVP_RAND_fetch(NULL, "TEST\-RAND", NULL); \& EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand); .Ve -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 7 \& EVP_RAND *rand; @@ -240,16 +151,16 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_RAND\s0\fR\|(3), -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_RAND\s0\fR\|(3) -.SH "HISTORY" +\&\fBEVP_RAND\fR\|(3), +"PARAMETERS" in \fBEVP_RAND\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_RAND.7.orig +++ secure/lib/libcrypto/man/man7/EVP_RAND.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,178 +53,119 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_RAND 7ossl" -.TH EVP_RAND 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_RAND 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_RAND \- the random bit generator -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The default OpenSSL \s-1RAND\s0 method is based on the \s-1EVP_RAND\s0 classes to provide -non-deterministic inputs to other cryptographic algorithms. +The default OpenSSL RAND method is based on the EVP_RAND classes to provide +non\-deterministic inputs to other cryptographic algorithms. .PP -While the \s-1RAND API\s0 is the 'frontend' which is intended to be used by -application developers for obtaining random bytes, the \s-1EVP_RAND API\s0 -serves as the 'backend', connecting the former with the operating -systems's entropy sources and providing access to deterministic random -bit generators (\s-1DRBG\s0) and their configuration parameters. -A \s-1DRBG\s0 is a certain type of cryptographically-secure pseudo-random -number generator (\s-1CSPRNG\s0), which is described in -[\s-1NIST SP 800\-90A\s0 Rev. 1]. -.SS "Disclaimer" +While the RAND API is the \*(Aqfrontend\*(Aq which is intended to be used by +application developers for obtaining random bytes, the EVP_RAND API +serves as the \*(Aqbackend\*(Aq, connecting the former with the operating +systems\*(Aqs entropy sources and providing access to deterministic random +bit generators (DRBG) and their configuration parameters. +A DRBG is a certain type of cryptographically\-secure pseudo\-random +number generator (CSPRNG), which is described in +[NIST SP 800\-90A Rev. 1]. +.SS Disclaimer .IX Subsection "Disclaimer" Unless you have very specific requirements for your random generator, -it is in general not necessary to utilize the \s-1EVP_RAND API\s0 directly. +it is in general not necessary to utilize the EVP_RAND API directly. The usual way to obtain random bytes is to use \fBRAND_bytes\fR\|(3) or -\&\fBRAND_priv_bytes\fR\|(3), see also \s-1\fBRAND\s0\fR\|(7). +\&\fBRAND_priv_bytes\fR\|(3), see also \fBRAND\fR\|(7). .SS "Typical Use Cases" .IX Subsection "Typical Use Cases" Typical examples for such special use cases are the following: -.IP "\(bu" 2 -You want to use your own private \s-1DRBG\s0 instances. -Multiple \s-1DRBG\s0 instances which are accessed only by a single thread provide +.IP \(bu 2 +You want to use your own private DRBG instances. +Multiple DRBG instances which are accessed only by a single thread provide additional security (because their internal states are independent) and -better scalability in multithreaded applications (because they don't need +better scalability in multithreaded applications (because they don\*(Aqt need to be locked). -.IP "\(bu" 2 +.IP \(bu 2 You need to integrate a previously unsupported entropy source. Refer to \fBprovider\-rand\fR\|(7) for the implementation details to support adding -randomness sources to \s-1EVP_RAND.\s0 -.IP "\(bu" 2 -You need to change the default settings of the standard OpenSSL \s-1RAND\s0 +randomness sources to EVP_RAND. +.IP \(bu 2 +You need to change the default settings of the standard OpenSSL RAND implementation to meet specific requirements. .SH "EVP_RAND CHAINING" .IX Header "EVP_RAND CHAINING" -An \s-1EVP_RAND\s0 instance can be used as the entropy source of another -\&\s-1EVP_RAND\s0 instance, provided it has itself access to a valid entropy source. -The \s-1EVP_RAND\s0 instance which acts as entropy source is called the \fIparent\fR, -the other instance the \fIchild\fR. Typically, the child will be a \s-1DRBG\s0 because +An EVP_RAND instance can be used as the entropy source of another +EVP_RAND instance, provided it has itself access to a valid entropy source. +The EVP_RAND instance which acts as entropy source is called the \fIparent\fR, +the other instance the \fIchild\fR. Typically, the child will be a DRBG because it does not make sense for the child to be an entropy source. .PP -This is called chaining. A chained \s-1EVP_RAND\s0 instance is created by passing -a pointer to the parent \s-1EVP_RAND_CTX\s0 as argument to the \fBEVP_RAND_CTX_new()\fR call. -It is possible to create chains of more than two \s-1DRBG\s0 in a row. -It is also possible to use any \s-1EVP_RAND_CTX\s0 class as the parent, however, only +This is called chaining. A chained EVP_RAND instance is created by passing +a pointer to the parent EVP_RAND_CTX as argument to the \fBEVP_RAND_CTX_new()\fR call. +It is possible to create chains of more than two DRBG in a row. +It is also possible to use any EVP_RAND_CTX class as the parent, however, only a live entropy source may ignore and not use its parent. .SH "THE THREE SHARED DRBG INSTANCES" .IX Header "THE THREE SHARED DRBG INSTANCES" -Currently, there are three shared \s-1DRBG\s0 instances, -the , , and \s-1DRBG.\s0 -While the \s-1DRBG\s0 is a single global instance, the and -\&\s-1DRBG\s0 are created per thread and accessed through thread-local storage. +Currently, there are three shared DRBG instances, +the , , and DRBG. +While the DRBG is a single global instance, the and +DRBG are created per thread and accessed through thread\-local storage. .PP By default, the functions \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3) use -the thread-local and \s-1DRBG\s0 instance, respectively. -.SS "The \s-1DRBG\s0 instance" +the thread\-local and DRBG instance, respectively. +.SS "The DRBG instance" .IX Subsection "The DRBG instance" -The \s-1DRBG\s0 is not used directly by the application, only for reseeding -the two other two \s-1DRBG\s0 instances. It reseeds itself by obtaining randomness +The DRBG is not used directly by the application, only for reseeding +the two other two DRBG instances. It reseeds itself by obtaining randomness either from os entropy sources or by consuming randomness which was added previously by \fBRAND_add\fR\|(3). -.SS "The \s-1DRBG\s0 instance" +.SS "The DRBG instance" .IX Subsection "The DRBG instance" This instance is used per default by \fBRAND_bytes\fR\|(3). -.SS "The \s-1DRBG\s0 instance" +.SS "The DRBG instance" .IX Subsection "The DRBG instance" This instance is used per default by \fBRAND_priv_bytes\fR\|(3) -.SH "LOCKING" +.SH LOCKING .IX Header "LOCKING" -The \s-1DRBG\s0 is intended to be accessed concurrently for reseeding -by its child \s-1DRBG\s0 instances. The necessary locking is done internally. -It is \fInot\fR thread-safe to access the \s-1DRBG\s0 directly via the -\&\s-1EVP_RAND\s0 interface. -The and \s-1DRBG\s0 are thread-local, i.e. there is an +The DRBG is intended to be accessed concurrently for reseeding +by its child DRBG instances. The necessary locking is done internally. +It is \fInot\fR thread\-safe to access the DRBG directly via the +EVP_RAND interface. +The and DRBG are thread\-local, i.e. there is an instance of each per thread. So they can safely be accessed without -locking via the \s-1EVP_RAND\s0 interface. +locking via the EVP_RAND interface. .PP -Pointers to these \s-1DRBG\s0 instances can be obtained using +Pointers to these DRBG instances can be obtained using \&\fBRAND_get0_primary()\fR, \fBRAND_get0_public()\fR and \fBRAND_get0_private()\fR, respectively. -Note that it is not allowed to store a pointer to one of the thread-local -\&\s-1DRBG\s0 instances in a variable or other memory location where it will be +Note that it is not allowed to store a pointer to one of the thread\-local +DRBG instances in a variable or other memory location where it will be accessed and used by multiple threads. .PP -All other \s-1DRBG\s0 instances created by an application don't support locking, +All other DRBG instances created by an application don\*(Aqt support locking, because they are intended to be used by a single thread. -Instead of accessing a single \s-1DRBG\s0 instance concurrently from different -threads, it is recommended to instantiate a separate \s-1DRBG\s0 instance per -thread. Using the \s-1DRBG\s0 as entropy source for multiple \s-1DRBG\s0 -instances on different threads is thread-safe, because the \s-1DRBG\s0 instance -will lock the \s-1DRBG\s0 automatically for obtaining random input. +Instead of accessing a single DRBG instance concurrently from different +threads, it is recommended to instantiate a separate DRBG instance per +thread. Using the DRBG as entropy source for multiple DRBG +instances on different threads is thread\-safe, because the DRBG instance +will lock the DRBG automatically for obtaining random input. .SH "THE OVERALL PICTURE" .IX Header "THE OVERALL PICTURE" -The following picture gives an overview over how the \s-1DRBG\s0 instances work +The following picture gives an overview over how the DRBG instances work together and are being used. .PP .Vb 10 @@ -269,11 +194,11 @@ EVP_RAND_generate(, ...) and EVP_RAND_generate(, ...), respectively. -.SH "RESEEDING" +.SH RESEEDING .IX Header "RESEEDING" -A \s-1DRBG\s0 instance seeds itself automatically, pulling random input from +A DRBG instance seeds itself automatically, pulling random input from its entropy source. The entropy source can be either a trusted operating -system entropy source, or another \s-1DRBG\s0 with access to such a source. +system entropy source, or another DRBG with access to such a source. .PP Automatic reseeding occurs after a predefined number of generate requests. The selection of the trusted entropy sources is configured at build @@ -281,10 +206,10 @@ the reseeding process in more detail. .SS "Automatic Reseeding" .IX Subsection "Automatic Reseeding" -Before satisfying a generate request (\fBEVP_RAND_generate\fR\|(3)), the \s-1DRBG\s0 +Before satisfying a generate request (\fBEVP_RAND_generate\fR\|(3)), the DRBG reseeds itself automatically, if one of the following conditions holds: .PP -\&\- the \s-1DRBG\s0 was not instantiated (=seeded) yet or has been uninstantiated. +\&\- the DRBG was not instantiated (=seeded) yet or has been uninstantiated. .PP \&\- the number of generate requests since the last reseeding exceeds a certain threshold, the so called \fIreseed_interval\fR. @@ -294,108 +219,108 @@ interval, the so called \fIreseed_time_interval\fR. This can be disabled by setting the \fIreseed_time_interval\fR to 0. .PP -\&\- the \s-1DRBG\s0 is in an error state. +\&\- the DRBG is in an error state. .PP \&\fBNote\fR: An error state is entered if the entropy source fails while -the \s-1DRBG\s0 is seeding or reseeding. -The last case ensures that the \s-1DRBG\s0 automatically recovers +the DRBG is seeding or reseeding. +The last case ensures that the DRBG automatically recovers from the error as soon as the entropy source is available again. .SS "Manual Reseeding" .IX Subsection "Manual Reseeding" In addition to automatic reseeding, the caller can request an immediate -reseeding of the \s-1DRBG\s0 with fresh entropy by setting the +reseeding of the DRBG with fresh entropy by setting the \&\fIprediction resistance\fR parameter to 1 when calling \&\fBEVP_RAND_generate\fR\|(3). .PP -The document [\s-1NIST SP 800\-90C\s0] describes prediction resistance requests +The document [NIST SP 800\-90C] describes prediction resistance requests in detail and imposes strict conditions on the entropy sources that are approved for providing prediction resistance. A request for prediction resistance can only be satisfied by pulling fresh -entropy from a live entropy source (section 5.5.2 of [\s-1NIST SP 800\-90C\s0]). +entropy from a live entropy source (section 5.5.2 of [NIST SP 800\-90C]). It is up to the user to ensure that a live entropy source is configured and is being used. .PP For the three shared DRBGs (and only for these) there is another way to reseed them manually: If \fBRAND_add\fR\|(3) is called with a positive \fIrandomness\fR argument -(or \fBRAND_seed\fR\|(3)), then this will immediately reseed the \s-1DRBG.\s0 -The and \s-1DRBG\s0 will detect this on their next generate +(or \fBRAND_seed\fR\|(3)), then this will immediately reseed the DRBG. +The and DRBG will detect this on their next generate call and reseed, pulling randomness from . .PP The last feature has been added to support the common practice used with previous OpenSSL versions to call \fBRAND_add()\fR before calling \fBRAND_bytes()\fR. .SS "Entropy Input and Additional Data" .IX Subsection "Entropy Input and Additional Data" -The \s-1DRBG\s0 distinguishes two different types of random input: \fIentropy\fR, -which comes from a trusted source, and \fIadditional input\fR', +The DRBG distinguishes two different types of random input: \fIentropy\fR, +which comes from a trusted source, and \fIadditional input\fR\*(Aq, which can optionally be added by the user and is considered untrusted. It is possible to add \fIadditional input\fR not only during reseeding, but also for every generate request. .SS "Configuring the Random Seed Source" .IX Subsection "Configuring the Random Seed Source" In most cases OpenSSL will automatically choose a suitable seed source -for automatically seeding and reseeding its \s-1DRBG.\s0 In some cases +for automatically seeding and reseeding its DRBG. In some cases however, it will be necessary to explicitly specify a seed source during configuration, using the \-\-with\-rand\-seed option. For more information, -see the \s-1INSTALL\s0 instructions. There are also operating systems where no +see the INSTALL instructions. There are also operating systems where no seed source is available and automatic reseeding is disabled by default. .PP The following two sections describe the reseeding process of the primary -\&\s-1DRBG,\s0 depending on whether automatic reseeding is available or not. -.SS "Reseeding the primary \s-1DRBG\s0 with automatic seeding enabled" +DRBG, depending on whether automatic reseeding is available or not. +.SS "Reseeding the primary DRBG with automatic seeding enabled" .IX Subsection "Reseeding the primary DRBG with automatic seeding enabled" -Calling \fBRAND_poll()\fR or \fBRAND_add()\fR is not necessary, because the \s-1DRBG\s0 +Calling \fBRAND_poll()\fR or \fBRAND_add()\fR is not necessary, because the DRBG pulls the necessary entropy from its source automatically. -However, both calls are permitted, and do reseed the \s-1RNG.\s0 +However, both calls are permitted, and do reseed the RNG. .PP \&\fBRAND_add()\fR can be used to add both kinds of random input, depending on the value of the \fIrandomness\fR argument: .IP "randomness == 0:" 4 .IX Item "randomness == 0:" The random bytes are mixed as additional input into the current state of -the \s-1DRBG.\s0 +the DRBG. Mixing in additional input is not considered a full reseeding, hence the reseed counter is not reset. .IP "randomness > 0:" 4 .IX Item "randomness > 0:" The random bytes are used as entropy input for a full reseeding -(resp. reinstantiation) if the \s-1DRBG\s0 is instantiated +(resp. reinstantiation) if the DRBG is instantiated (resp. uninstantiated or in an error state). The number of random bits required for reseeding is determined by the -security strength of the \s-1DRBG.\s0 Currently it defaults to 256 bits (32 bytes). +security strength of the DRBG. Currently it defaults to 256 bits (32 bytes). It is possible to provide less randomness than required. In this case the missing randomness will be obtained by pulling random input from the trusted entropy sources. .PP -\&\s-1NOTE:\s0 Manual reseeding is *not allowed* in \s-1FIPS\s0 mode, because -[\s-1NIST\s0 SP\-800\-90Ar1] mandates that entropy *shall not* be provided by +NOTE: Manual reseeding is *not allowed* in FIPS mode, because +[NIST SP\-800\-90Ar1] mandates that entropy *shall not* be provided by the consuming application for instantiation (Section 9.1) or reseeding (Section 9.2). For that reason, the \fIrandomness\fR argument is ignored and the random bytes provided by the \fBRAND_add\fR\|(3) and \&\fBRAND_seed\fR\|(3) calls are treated as additional data. -.SS "Reseeding the primary \s-1DRBG\s0 with automatic seeding disabled" +.SS "Reseeding the primary DRBG with automatic seeding disabled" .IX Subsection "Reseeding the primary DRBG with automatic seeding disabled" Calling \fBRAND_poll()\fR will always fail. .PP \&\fBRAND_add()\fR needs to be called for initial seeding and periodic reseeding. At least 48 bytes (384 bits) of randomness have to be provided, otherwise -the (re\-)seeding of the \s-1DRBG\s0 will fail. This corresponds to one and a half -times the security strength of the \s-1DRBG.\s0 The extra half is used for the +the (re\-)seeding of the DRBG will fail. This corresponds to one and a half +times the security strength of the DRBG. The extra half is used for the nonce during instantiation. .PP More precisely, the number of bytes needed for seeding depend on the -\&\fIsecurity strength\fR of the \s-1DRBG,\s0 which is set to 256 by default. +\&\fIsecurity strength\fR of the DRBG, which is set to 256 by default. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBRAND\s0\fR\|(7), \s-1\fBEVP_RAND\s0\fR\|(3) -.SH "HISTORY" +\&\fBRAND\fR\|(7), \fBEVP_RAND\fR\|(3) +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_SIGNATURE-DSA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_SIGNATURE-DSA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,106 +53,45 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SIGNATURE-DSA 7ossl" -.TH EVP_SIGNATURE-DSA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SIGNATURE-DSA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_SIGNATURE\-DSA \&\- The EVP_PKEY DSA signature implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1DSA\s0 signatures. -See \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7) for information related to \s-1DSA\s0 keys. +Support for computing DSA signatures. The signature produced with +\&\fBEVP_PKEY_sign\fR\|(3) is DER encoded ASN.1 in the form described in +RFC 3279, section 2.2.2. +See \fBEVP_PKEY\-DSA\fR\|(7) for information related to DSA keys. .SS "Signature Parameters" .IX Subsection "Signature Parameters" The following signature parameters can be set using \fBEVP_PKEY_CTX_set_params()\fR. This may be called after \fBEVP_PKEY_sign_init()\fR or \fBEVP_PKEY_verify_init()\fR, and before calling \fBEVP_PKEY_sign()\fR or \fBEVP_PKEY_verify()\fR. -.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_SIGNATURE_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_SIGNATURE_PARAM_DIGEST) " .PD 0 -.ie n .IP """properties"" (\fB\s-1OSSL_SIGNATURE_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_SIGNATURE_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_SIGNATURE_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_SIGNATURE_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_SIGNATURE_PARAM_PROPERTIES) " .PD The settable parameters are described in \fBprovider\-signature\fR\|(7). .PP The following signature parameters can be retrieved using \&\fBEVP_PKEY_CTX_get_params()\fR. -.ie n .IP """algorithm-id"" (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.el .IP "``algorithm-id'' (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.IX Item "algorithm-id (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " +.IP """algorithm\-id"" (\fBOSSL_SIGNATURE_PARAM_ALGORITHM_ID\fR) " 4 +.IX Item """algorithm-id"" (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_SIGNATURE_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_SIGNATURE_PARAM_DIGEST) " .PD The gettable parameters are described in \fBprovider\-signature\fR\|(7). .SH "SEE ALSO" @@ -177,11 +100,11 @@ \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBprovider\-signature\fR\|(7), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_SIGNATURE-ECDSA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_SIGNATURE-ECDSA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,105 +53,42 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SIGNATURE-ECDSA 7ossl" -.TH EVP_SIGNATURE-ECDSA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SIGNATURE-ECDSA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_SIGNATURE\-ECDSA \- The EVP_PKEY ECDSA signature implementation. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1ECDSA\s0 signatures. -See \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) for information related to \s-1EC\s0 keys. -.SS "\s-1ECDSA\s0 Signature Parameters" +Support for computing ECDSA signatures. +See \fBEVP_PKEY\-EC\fR\|(7) for information related to EC keys. +.SS "ECDSA Signature Parameters" .IX Subsection "ECDSA Signature Parameters" The following signature parameters can be set using \fBEVP_PKEY_CTX_set_params()\fR. This may be called after \fBEVP_PKEY_sign_init()\fR or \fBEVP_PKEY_verify_init()\fR, and before calling \fBEVP_PKEY_sign()\fR or \fBEVP_PKEY_verify()\fR. -.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_SIGNATURE_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_SIGNATURE_PARAM_DIGEST) " .PD 0 -.ie n .IP """properties"" (\fB\s-1OSSL_SIGNATURE_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_SIGNATURE_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_SIGNATURE_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_SIGNATURE_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_SIGNATURE_PARAM_PROPERTIES) " .PD These parameters are described in \fBprovider\-signature\fR\|(7). .PP The following signature parameters can be retrieved using \&\fBEVP_PKEY_CTX_get_params()\fR. -.ie n .IP """algorithm-id"" (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.el .IP "``algorithm-id'' (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.IX Item "algorithm-id (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " +.IP """algorithm\-id"" (\fBOSSL_SIGNATURE_PARAM_ALGORITHM_ID\fR) " 4 +.IX Item """algorithm-id"" (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_SIGNATURE_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_SIGNATURE_PARAM_DIGEST) " .PD The parameters are described in \fBprovider\-signature\fR\|(7). .SH "SEE ALSO" @@ -176,11 +97,11 @@ \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBprovider\-signature\fR\|(7), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_SIGNATURE-ED25519.7.orig +++ secure/lib/libcrypto/man/man7/EVP_SIGNATURE-ED25519.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,109 +53,49 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SIGNATURE-ED25519 7ossl" -.TH EVP_SIGNATURE-ED25519 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SIGNATURE-ED25519 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_SIGNATURE\-ED25519, EVP_SIGNATURE\-ED448, Ed25519, Ed448 \&\- EVP_PKEY Ed25519 and Ed448 support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fBEd25519\fR and \fBEd448\fR \s-1EVP_PKEY\s0 implementation supports key generation, -one-shot digest sign and digest verify using PureEdDSA and \fBEd25519\fR or \fBEd448\fR -(see \s-1RFC8032\s0). It has associated private and public key formats compatible with -\&\s-1RFC 8410.\s0 -.SS "\s-1ED25519\s0 and \s-1ED448\s0 Signature Parameters" +The \fBEd25519\fR and \fBEd448\fR EVP_PKEY implementation supports key generation, +one\-shot digest sign and digest verify using PureEdDSA and \fBEd25519\fR or \fBEd448\fR +(see RFC8032). It has associated private and public key formats compatible with +RFC 8410. +.SS "ED25519 and ED448 Signature Parameters" .IX Subsection "ED25519 and ED448 Signature Parameters" -No additional parameters can be set during one-shot signing or verification. -In particular, because PureEdDSA is used, a digest must \fB\s-1NOT\s0\fR be specified when +No additional parameters can be set during one\-shot signing or verification. +In particular, because PureEdDSA is used, a digest must \fBNOT\fR be specified when signing or verifying. -See \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7) for information related to \fBX25519\fR and \fBX448\fR keys. +See \fBEVP_PKEY\-X25519\fR\|(7) for information related to \fBX25519\fR and \fBX448\fR keys. .PP The following signature parameters can be retrieved using \&\fBEVP_PKEY_CTX_get_params()\fR. -.ie n .IP """algorithm-id"" (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.el .IP "``algorithm-id'' (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.IX Item "algorithm-id (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " +.IP """algorithm\-id"" (\fBOSSL_SIGNATURE_PARAM_ALGORITHM_ID\fR) " 4 +.IX Item """algorithm-id"" (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " The parameters are described in \fBprovider\-signature\fR\|(7). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The PureEdDSA algorithm does not support the streaming mechanism of other signature algorithms using, for example, \fBEVP_DigestUpdate()\fR. -The message to sign or verify must be passed using the one-shot +The message to sign or verify must be passed using the one\-shot \&\fBEVP_DigestSign()\fR and \fBEVP_DigestVerify()\fR functions. .PP When calling \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR, the -digest \fItype\fR parameter \fB\s-1MUST\s0\fR be set to \s-1NULL.\s0 +digest \fItype\fR parameter \fBMUST\fR be set to NULL. .PP Applications wishing to sign certificates (or other structures such as CRLs or certificate requests) using Ed25519 or Ed448 can either use \fBX509_sign()\fR @@ -185,15 +109,15 @@ .PP Ed25519 or Ed448 public keys can be set directly using \&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo -structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +structure in a PEM file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). .PP Ed25519 and Ed448 can be tested with the \fBopenssl\-speed\fR\|(1) application since version 1.1.1. Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is specified, then both Ed25519 and Ed448 are benchmarked. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -To sign a message using a \s-1ED25519\s0 or \s-1ED448\s0 key: +To sign a message using a ED25519 or ED448 key: .PP .Vb 5 \& void do_sign(EVP_PKEY *ed_key, unsigned char *msg, size_t msg_len) @@ -215,15 +139,15 @@ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBEVP_PKEY\-X25519\s0\fR\|(7) +\&\fBEVP_PKEY\-X25519\fR\|(7) \&\fBprovider\-signature\fR\|(7), \&\fBEVP_DigestSignInit\fR\|(3), \&\fBEVP_DigestVerifyInit\fR\|(3), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_SIGNATURE-HMAC.7.orig +++ secure/lib/libcrypto/man/man7/EVP_SIGNATURE-HMAC.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SIGNATURE-HMAC 7ossl" -.TH EVP_SIGNATURE-HMAC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SIGNATURE-HMAC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_SIGNATURE\-HMAC, EVP_SIGNATURE\-Siphash, EVP_SIGNATURE\-Poly1305, EVP_SIGNATURE\-CMAC \&\- The legacy EVP_PKEY MAC signature implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The algorithms described here have legacy support for creating MACs using \&\fBEVP_DigestSignInit\fR\|(3) and related functions. This is not the preferred way of @@ -151,9 +76,9 @@ OpenSSL. .PP The same signature parameters can be set using \fBEVP_PKEY_CTX_set_params()\fR as can -be set via \fBEVP_MAC_CTX_set_params()\fR for the underlying \s-1EVP_MAC.\s0 See -\&\s-1\fBEVP_MAC\-HMAC\s0\fR\|(7), \fBEVP_MAC\-Siphash\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7) and -\&\s-1\fBEVP_MAC\-CMAC\s0\fR\|(7) for details. +be set via \fBEVP_MAC_CTX_set_params()\fR for the underlying EVP_MAC. See +\&\fBEVP_MAC\-HMAC\fR\|(7), \fBEVP_MAC\-Siphash\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7) and +\&\fBEVP_MAC\-CMAC\fR\|(7) for details. .PP .Vb 3 \& See L, L, L or @@ -164,20 +89,20 @@ .IX Header "SEE ALSO" \&\fBEVP_MAC_init\fR\|(3), \&\fBEVP_DigestSignInit\fR\|(3), -\&\s-1\fBEVP_PKEY\-HMAC\s0\fR\|(7), +\&\fBEVP_PKEY\-HMAC\fR\|(7), \&\fBEVP_PKEY\-Siphash\fR\|(7), \&\fBEVP_PKEY\-Poly1305\fR\|(7), -\&\s-1\fBEVP_PKEY\-CMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-HMAC\s0\fR\|(7), +\&\fBEVP_PKEY\-CMAC\fR\|(7), +\&\fBEVP_MAC\-HMAC\fR\|(7), \&\fBEVP_MAC\-Siphash\fR\|(7), \&\fBEVP_MAC\-Poly1305\fR\|(7), -\&\s-1\fBEVP_MAC\-CMAC\s0\fR\|(7), +\&\fBEVP_MAC\-CMAC\fR\|(7), \&\fBprovider\-signature\fR\|(7), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/EVP_SIGNATURE-RSA.7.orig +++ secure/lib/libcrypto/man/man7/EVP_SIGNATURE-RSA.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,144 +53,72 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_SIGNATURE-RSA 7ossl" -.TH EVP_SIGNATURE-RSA 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP_SIGNATURE-RSA 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME EVP_SIGNATURE\-RSA \&\- The EVP_PKEY RSA signature implementation -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for computing \s-1RSA\s0 signatures. -See \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7) for information related to \s-1RSA\s0 keys. +Support for computing RSA signatures. +See \fBEVP_PKEY\-RSA\fR\|(7) for information related to RSA keys. .SS "Signature Parameters" .IX Subsection "Signature Parameters" The following signature parameters can be set using \fBEVP_PKEY_CTX_set_params()\fR. This may be called after \fBEVP_PKEY_sign_init()\fR or \fBEVP_PKEY_verify_init()\fR, and before calling \fBEVP_PKEY_sign()\fR or \fBEVP_PKEY_verify()\fR. -.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_SIGNATURE_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_SIGNATURE_PARAM_DIGEST) " .PD 0 -.ie n .IP """properties"" (\fB\s-1OSSL_SIGNATURE_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_SIGNATURE_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_SIGNATURE_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_SIGNATURE_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_SIGNATURE_PARAM_PROPERTIES) " .PD These common parameters are described in \fBprovider\-signature\fR\|(7). -.ie n .IP """pad-mode"" (\fB\s-1OSSL_SIGNATURE_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``pad-mode'' (\fB\s-1OSSL_SIGNATURE_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "pad-mode (OSSL_SIGNATURE_PARAM_PAD_MODE) " +.IP """pad\-mode"" (\fBOSSL_SIGNATURE_PARAM_PAD_MODE\fR) " 4 +.IX Item """pad-mode"" (OSSL_SIGNATURE_PARAM_PAD_MODE) " The type of padding to be used. Its value can be one of the following: .RS 4 -.ie n .IP """none"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_NONE\s0\fR)" 4 -.el .IP "``none'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_NONE\s0\fR)" 4 -.IX Item "none (OSSL_PKEY_RSA_PAD_MODE_NONE)" +.IP """none"" (\fBOSSL_PKEY_RSA_PAD_MODE_NONE\fR)" 4 +.IX Item """none"" (OSSL_PKEY_RSA_PAD_MODE_NONE)" .PD 0 -.ie n .IP """pkcs1"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_PKCSV15\s0\fR)" 4 -.el .IP "``pkcs1'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_PKCSV15\s0\fR)" 4 -.IX Item "pkcs1 (OSSL_PKEY_RSA_PAD_MODE_PKCSV15)" -.ie n .IP """x931"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_X931\s0\fR)" 4 -.el .IP "``x931'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_X931\s0\fR)" 4 -.IX Item "x931 (OSSL_PKEY_RSA_PAD_MODE_X931)" -.ie n .IP """pss"" (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_PSS\s0\fR)" 4 -.el .IP "``pss'' (\fB\s-1OSSL_PKEY_RSA_PAD_MODE_PSS\s0\fR)" 4 -.IX Item "pss (OSSL_PKEY_RSA_PAD_MODE_PSS)" +.IP """pkcs1"" (\fBOSSL_PKEY_RSA_PAD_MODE_PKCSV15\fR)" 4 +.IX Item """pkcs1"" (OSSL_PKEY_RSA_PAD_MODE_PKCSV15)" +.IP """x931"" (\fBOSSL_PKEY_RSA_PAD_MODE_X931\fR)" 4 +.IX Item """x931"" (OSSL_PKEY_RSA_PAD_MODE_X931)" +.IP """pss"" (\fBOSSL_PKEY_RSA_PAD_MODE_PSS\fR)" 4 +.IX Item """pss"" (OSSL_PKEY_RSA_PAD_MODE_PSS)" +.PD .RE .RS 4 .RE -.ie n .IP """mgf1\-digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mgf1\-digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mgf1-digest (OSSL_SIGNATURE_PARAM_MGF1_DIGEST) " -.PD -The digest algorithm name to use for the maskGenAlgorithm used by \*(L"pss\*(R" mode. -.ie n .IP """mgf1\-properties"" (\fB\s-1OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mgf1\-properties'' (\fB\s-1OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mgf1-properties (OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES) " -Sets the name of the property query associated with the \*(L"mgf1\-digest\*(R" algorithm. -\&\s-1NULL\s0 is used if this optional value is not set. -.ie n .IP """saltlen"" (\fB\s-1OSSL_SIGNATURE_PARAM_PSS_SALTLEN\s0\fR) or <\s-1UTF8\s0 string>" 4 -.el .IP "``saltlen'' (\fB\s-1OSSL_SIGNATURE_PARAM_PSS_SALTLEN\s0\fR) or <\s-1UTF8\s0 string>" 4 -.IX Item "saltlen (OSSL_SIGNATURE_PARAM_PSS_SALTLEN) or " -The \*(L"pss\*(R" mode minimum salt length. The value can either be an integer, +.IP """mgf1\-digest"" (\fBOSSL_SIGNATURE_PARAM_MGF1_DIGEST\fR) " 4 +.IX Item """mgf1-digest"" (OSSL_SIGNATURE_PARAM_MGF1_DIGEST) " +The digest algorithm name to use for the maskGenAlgorithm used by "pss" mode. +.IP """mgf1\-properties"" (\fBOSSL_SIGNATURE_PARAM_MGF1_PROPERTIES\fR) " 4 +.IX Item """mgf1-properties"" (OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES) " +Sets the name of the property query associated with the "mgf1\-digest" algorithm. +NULL is used if this optional value is not set. +.IP """saltlen"" (\fBOSSL_SIGNATURE_PARAM_PSS_SALTLEN\fR) or " 4 +.IX Item """saltlen"" (OSSL_SIGNATURE_PARAM_PSS_SALTLEN) or " +The "pss" mode minimum salt length. The value can either be an integer, a string value representing a number or one of the following string values: .RS 4 -.ie n .IP """digest"" (\fB\s-1OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST\s0\fR)" 4 -.el .IP "``digest'' (\fB\s-1OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST\s0\fR)" 4 -.IX Item "digest (OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST)" +.IP """digest"" (\fBOSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST\fR)" 4 +.IX Item """digest"" (OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST)" Use the same length as the digest size. -.ie n .IP """max"" (\fB\s-1OSSL_PKEY_RSA_PSS_SALT_LEN_MAX\s0\fR)" 4 -.el .IP "``max'' (\fB\s-1OSSL_PKEY_RSA_PSS_SALT_LEN_MAX\s0\fR)" 4 -.IX Item "max (OSSL_PKEY_RSA_PSS_SALT_LEN_MAX)" +.IP """max"" (\fBOSSL_PKEY_RSA_PSS_SALT_LEN_MAX\fR)" 4 +.IX Item """max"" (OSSL_PKEY_RSA_PSS_SALT_LEN_MAX)" Use the maximum salt length. -.ie n .IP """auto"" (\fB\s-1OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO\s0\fR)" 4 -.el .IP "``auto'' (\fB\s-1OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO\s0\fR)" 4 -.IX Item "auto (OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO)" +.IP """auto"" (\fBOSSL_PKEY_RSA_PSS_SALT_LEN_AUTO\fR)" 4 +.IX Item """auto"" (OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO)" Auto detect the salt length. .RE .RS 4 @@ -214,23 +126,18 @@ .PP The following signature parameters can be retrieved using \&\fBEVP_PKEY_CTX_get_params()\fR. -.ie n .IP """algorithm-id"" (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.el .IP "``algorithm-id'' (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.IX Item "algorithm-id (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " +.IP """algorithm\-id"" (\fBOSSL_SIGNATURE_PARAM_ALGORITHM_ID\fR) " 4 +.IX Item """algorithm-id"" (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " This common parameter is described in \fBprovider\-signature\fR\|(7). -.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_SIGNATURE_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_SIGNATURE_PARAM_DIGEST) " .PD 0 -.ie n .IP """pad-mode"" (\fB\s-1OSSL_SIGNATURE_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``pad-mode'' (\fB\s-1OSSL_SIGNATURE_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "pad-mode (OSSL_SIGNATURE_PARAM_PAD_MODE) " -.ie n .IP """mgf1\-digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mgf1\-digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mgf1-digest (OSSL_SIGNATURE_PARAM_MGF1_DIGEST) " -.ie n .IP """saltlen"" (\fB\s-1OSSL_SIGNATURE_PARAM_PSS_SALTLEN\s0\fR) or <\s-1UTF8\s0 string>" 4 -.el .IP "``saltlen'' (\fB\s-1OSSL_SIGNATURE_PARAM_PSS_SALTLEN\s0\fR) or <\s-1UTF8\s0 string>" 4 -.IX Item "saltlen (OSSL_SIGNATURE_PARAM_PSS_SALTLEN) or " +.IP """pad\-mode"" (\fBOSSL_SIGNATURE_PARAM_PAD_MODE\fR) " 4 +.IX Item """pad-mode"" (OSSL_SIGNATURE_PARAM_PAD_MODE) " +.IP """mgf1\-digest"" (\fBOSSL_SIGNATURE_PARAM_MGF1_DIGEST\fR) " 4 +.IX Item """mgf1-digest"" (OSSL_SIGNATURE_PARAM_MGF1_DIGEST) " +.IP """saltlen"" (\fBOSSL_SIGNATURE_PARAM_PSS_SALTLEN\fR) or " 4 +.IX Item """saltlen"" (OSSL_SIGNATURE_PARAM_PSS_SALTLEN) or " .PD These parameters are as described above. .SH "SEE ALSO" @@ -239,11 +146,11 @@ \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBprovider\-signature\fR\|(7), -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/OSSL_PROVIDER-FIPS.7.orig +++ secure/lib/libcrypto/man/man7/OSSL_PROVIDER-FIPS.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,94 +53,33 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PROVIDER-FIPS 7ossl" -.TH OSSL_PROVIDER-FIPS 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PROVIDER-FIPS 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PROVIDER\-FIPS \- OpenSSL FIPS provider -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The OpenSSL \s-1FIPS\s0 provider is a special provider that conforms to the Federal -Information Processing Standards (\s-1FIPS\s0) specified in \s-1FIPS 140\-2.\s0 This 'module' +The OpenSSL FIPS provider is a special provider that conforms to the Federal +Information Processing Standards (FIPS) specified in FIPS 140\-2. This \*(Aqmodule\*(Aq contains an approved set of cryptographic algorithms that is validated by an accredited testing laboratory. -.SS "Properties" +.SS Properties .IX Subsection "Properties" The implementations in this provider specifically have these properties defined: -.ie n .IP """provider=fips""" 4 -.el .IP "``provider=fips''" 4 -.IX Item "provider=fips" +.IP """provider=fips""" 4 +.IX Item """provider=fips""" .PD 0 -.ie n .IP """fips=yes""" 4 -.el .IP "``fips=yes''" 4 -.IX Item "fips=yes" +.IP """fips=yes""" 4 +.IX Item """fips=yes""" .PD .PP It may be used in a property query string with fetching functions such as @@ -164,341 +87,297 @@ functions that take a property query string, such as \&\fBEVP_PKEY_CTX_new_from_name\fR\|(3). .PP -It isn't mandatory to query for any of these properties, except to +It isn\*(Aqt mandatory to query for any of these properties, except to make sure to get implementations of this provider and none other. .PP -The \*(L"fips=yes\*(R" property can be use to make sure only \s-1FIPS\s0 approved +The "fips=yes" property can be use to make sure only FIPS approved implementations are used for crypto operations. This may also include -other non-crypto support operations that are not in the \s-1FIPS\s0 provider, +other non\-crypto support operations that are not in the FIPS provider, such as asymmetric key encoders, -see \*(L"Asymmetric Key Management\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7). +see "Asymmetric Key Management" in \fBOSSL_PROVIDER\-default\fR\|(7). .SH "OPERATIONS AND ALGORITHMS" .IX Header "OPERATIONS AND ALGORITHMS" -The OpenSSL \s-1FIPS\s0 provider supports these operations and algorithms: +The OpenSSL FIPS provider supports these operations and algorithms: .SS "Hashing Algorithms / Message Digests" .IX Subsection "Hashing Algorithms / Message Digests" -.IP "\s-1SHA1,\s0 see \s-1\fBEVP_MD\-SHA1\s0\fR\|(7)" 4 +.IP "SHA1, see \fBEVP_MD\-SHA1\fR\|(7)" 4 .IX Item "SHA1, see EVP_MD-SHA1" .PD 0 -.IP "\s-1SHA2,\s0 see \s-1\fBEVP_MD\-SHA2\s0\fR\|(7)" 4 +.IP "SHA2, see \fBEVP_MD\-SHA2\fR\|(7)" 4 .IX Item "SHA2, see EVP_MD-SHA2" -.IP "\s-1SHA3,\s0 see \s-1\fBEVP_MD\-SHA3\s0\fR\|(7)" 4 +.IP "SHA3, see \fBEVP_MD\-SHA3\fR\|(7)" 4 .IX Item "SHA3, see EVP_MD-SHA3" -.IP "KECCAK-KMAC, see \s-1\fBEVP_MD\-KECCAK\-KMAC\s0\fR\|(7)" 4 +.IP "KECCAK\-KMAC, see \fBEVP_MD\-KECCAK\-KMAC\fR\|(7)" 4 .IX Item "KECCAK-KMAC, see EVP_MD-KECCAK-KMAC" .PD .SS "Symmetric Ciphers" .IX Subsection "Symmetric Ciphers" -.IP "\s-1AES,\s0 see \s-1\fBEVP_CIPHER\-AES\s0\fR\|(7)" 4 +.IP "AES, see \fBEVP_CIPHER\-AES\fR\|(7)" 4 .IX Item "AES, see EVP_CIPHER-AES" .PD 0 -.IP "\s-1DES\-EDE3\s0 (TripleDES), see \s-1\fBEVP_CIPHER\-DES\s0\fR\|(7)" 4 +.IP "DES\-EDE3 (TripleDES), see \fBEVP_CIPHER\-DES\fR\|(7)" 4 .IX Item "DES-EDE3 (TripleDES), see EVP_CIPHER-DES" .PD -.SS "Message Authentication Code (\s-1MAC\s0)" +.SS "Message Authentication Code (MAC)" .IX Subsection "Message Authentication Code (MAC)" -.IP "\s-1CMAC,\s0 see \s-1\fBEVP_MAC\-CMAC\s0\fR\|(7)" 4 +.IP "CMAC, see \fBEVP_MAC\-CMAC\fR\|(7)" 4 .IX Item "CMAC, see EVP_MAC-CMAC" .PD 0 -.IP "\s-1GMAC,\s0 see \s-1\fBEVP_MAC\-GMAC\s0\fR\|(7)" 4 +.IP "GMAC, see \fBEVP_MAC\-GMAC\fR\|(7)" 4 .IX Item "GMAC, see EVP_MAC-GMAC" -.IP "\s-1HMAC,\s0 see \s-1\fBEVP_MAC\-HMAC\s0\fR\|(7)" 4 +.IP "HMAC, see \fBEVP_MAC\-HMAC\fR\|(7)" 4 .IX Item "HMAC, see EVP_MAC-HMAC" -.IP "\s-1KMAC,\s0 see \s-1\fBEVP_MAC\-KMAC\s0\fR\|(7)" 4 +.IP "KMAC, see \fBEVP_MAC\-KMAC\fR\|(7)" 4 .IX Item "KMAC, see EVP_MAC-KMAC" .PD -.SS "Key Derivation Function (\s-1KDF\s0)" +.SS "Key Derivation Function (KDF)" .IX Subsection "Key Derivation Function (KDF)" -.IP "\s-1HKDF,\s0 see \s-1\fBEVP_KDF\-HKDF\s0\fR\|(7)" 4 +.IP "HKDF, see \fBEVP_KDF\-HKDF\fR\|(7)" 4 .IX Item "HKDF, see EVP_KDF-HKDF" .PD 0 -.IP "\s-1TLS13\-KDF,\s0 see \s-1\fBEVP_KDF\-TLS13_KDF\s0\fR\|(7)" 4 +.IP "TLS13\-KDF, see \fBEVP_KDF\-TLS13_KDF\fR\|(7)" 4 .IX Item "TLS13-KDF, see EVP_KDF-TLS13_KDF" -.IP "\s-1SSKDF,\s0 see \s-1\fBEVP_KDF\-SS\s0\fR\|(7)" 4 +.IP "SSKDF, see \fBEVP_KDF\-SS\fR\|(7)" 4 .IX Item "SSKDF, see EVP_KDF-SS" -.IP "\s-1PBKDF2,\s0 see \s-1\fBEVP_KDF\-PBKDF2\s0\fR\|(7)" 4 +.IP "PBKDF2, see \fBEVP_KDF\-PBKDF2\fR\|(7)" 4 .IX Item "PBKDF2, see EVP_KDF-PBKDF2" -.IP "\s-1SSHKDF,\s0 see \s-1\fBEVP_KDF\-SSHKDF\s0\fR\|(7)" 4 +.IP "SSHKDF, see \fBEVP_KDF\-SSHKDF\fR\|(7)" 4 .IX Item "SSHKDF, see EVP_KDF-SSHKDF" -.IP "\s-1TLS1\-PRF,\s0 see \s-1\fBEVP_KDF\-TLS1_PRF\s0\fR\|(7)" 4 +.IP "TLS1\-PRF, see \fBEVP_KDF\-TLS1_PRF\fR\|(7)" 4 .IX Item "TLS1-PRF, see EVP_KDF-TLS1_PRF" -.IP "\s-1KBKDF,\s0 see \s-1\fBEVP_KDF\-KB\s0\fR\|(7)" 4 +.IP "KBKDF, see \fBEVP_KDF\-KB\fR\|(7)" 4 .IX Item "KBKDF, see EVP_KDF-KB" -.IP "X942KDF\-ASN1, see \s-1\fBEVP_KDF\-X942\-ASN1\s0\fR\|(7)" 4 +.IP "X942KDF\-ASN1, see \fBEVP_KDF\-X942\-ASN1\fR\|(7)" 4 .IX Item "X942KDF-ASN1, see EVP_KDF-X942-ASN1" -.IP "X942KDF\-CONCAT, see \s-1\fBEVP_KDF\-X942\-CONCAT\s0\fR\|(7)" 4 +.IP "X942KDF\-CONCAT, see \fBEVP_KDF\-X942\-CONCAT\fR\|(7)" 4 .IX Item "X942KDF-CONCAT, see EVP_KDF-X942-CONCAT" -.IP "X963KDF, see \s-1\fBEVP_KDF\-X963\s0\fR\|(7)" 4 +.IP "X963KDF, see \fBEVP_KDF\-X963\fR\|(7)" 4 .IX Item "X963KDF, see EVP_KDF-X963" .PD .SS "Key Exchange" .IX Subsection "Key Exchange" -.IP "\s-1DH,\s0 see \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7)" 4 +.IP "DH, see \fBEVP_KEYEXCH\-DH\fR\|(7)" 4 .IX Item "DH, see EVP_KEYEXCH-DH" .PD 0 -.IP "\s-1ECDH,\s0 see \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7)" 4 +.IP "ECDH, see \fBEVP_KEYEXCH\-ECDH\fR\|(7)" 4 .IX Item "ECDH, see EVP_KEYEXCH-ECDH" -.IP "X25519, see \s-1\fBEVP_KEYEXCH\-X25519\s0\fR\|(7)" 4 +.IP "X25519, see \fBEVP_KEYEXCH\-X25519\fR\|(7)" 4 .IX Item "X25519, see EVP_KEYEXCH-X25519" -.IP "X448, see \s-1\fBEVP_KEYEXCH\-X448\s0\fR\|(7)" 4 +.IP "X448, see \fBEVP_KEYEXCH\-X448\fR\|(7)" 4 .IX Item "X448, see EVP_KEYEXCH-X448" .PD .SS "Asymmetric Signature" .IX Subsection "Asymmetric Signature" -.IP "\s-1RSA,\s0 see \s-1\fBEVP_SIGNATURE\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBEVP_SIGNATURE\-RSA\fR\|(7)" 4 .IX Item "RSA, see EVP_SIGNATURE-RSA" .PD 0 -.IP "X25519, see \s-1\fBEVP_SIGNATURE\-ED25519\s0\fR\|(7)" 4 +.IP "X25519, see \fBEVP_SIGNATURE\-ED25519\fR\|(7)" 4 .IX Item "X25519, see EVP_SIGNATURE-ED25519" -.IP "X448, see \s-1\fBEVP_SIGNATURE\-ED448\s0\fR\|(7)" 4 +.IP "X448, see \fBEVP_SIGNATURE\-ED448\fR\|(7)" 4 .IX Item "X448, see EVP_SIGNATURE-ED448" -.IP "\s-1HMAC,\s0 see \s-1\fBEVP_SIGNATURE\-HMAC\s0\fR\|(7)" 4 +.IP "HMAC, see \fBEVP_SIGNATURE\-HMAC\fR\|(7)" 4 .IX Item "HMAC, see EVP_SIGNATURE-HMAC" -.IP "\s-1CMAC,\s0 see \s-1\fBEVP_SIGNATURE\-CMAC\s0\fR\|(7)" 4 +.IP "CMAC, see \fBEVP_SIGNATURE\-CMAC\fR\|(7)" 4 .IX Item "CMAC, see EVP_SIGNATURE-CMAC" .PD .SS "Asymmetric Cipher" .IX Subsection "Asymmetric Cipher" -.IP "\s-1RSA,\s0 see \s-1\fBEVP_ASYM_CIPHER\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBEVP_ASYM_CIPHER\-RSA\fR\|(7)" 4 .IX Item "RSA, see EVP_ASYM_CIPHER-RSA" .SS "Asymmetric Key Encapsulation" .IX Subsection "Asymmetric Key Encapsulation" -.PD 0 -.IP "\s-1RSA,\s0 see \s-1\fBEVP_KEM\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBEVP_KEM\-RSA\fR\|(7)" 4 .IX Item "RSA, see EVP_KEM-RSA" -.PD .SS "Asymmetric Key Management" .IX Subsection "Asymmetric Key Management" -.IP "\s-1DH,\s0 see \s-1\fBEVP_KEYMGMT\-DH\s0\fR\|(7)" 4 +.IP "DH, see \fBEVP_KEYMGMT\-DH\fR\|(7)" 4 .IX Item "DH, see EVP_KEYMGMT-DH" .PD 0 -.IP "\s-1DHX,\s0 see \s-1\fBEVP_KEYMGMT\-DHX\s0\fR\|(7)" 4 +.IP "DHX, see \fBEVP_KEYMGMT\-DHX\fR\|(7)" 4 .IX Item "DHX, see EVP_KEYMGMT-DHX" -.IP "\s-1DSA,\s0 see \s-1\fBEVP_KEYMGMT\-DSA\s0\fR\|(7)" 4 +.IP "DSA, see \fBEVP_KEYMGMT\-DSA\fR\|(7)" 4 .IX Item "DSA, see EVP_KEYMGMT-DSA" -.IP "\s-1RSA,\s0 see \s-1\fBEVP_KEYMGMT\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBEVP_KEYMGMT\-RSA\fR\|(7)" 4 .IX Item "RSA, see EVP_KEYMGMT-RSA" -.IP "\s-1EC,\s0 see \s-1\fBEVP_KEYMGMT\-EC\s0\fR\|(7)" 4 +.IP "EC, see \fBEVP_KEYMGMT\-EC\fR\|(7)" 4 .IX Item "EC, see EVP_KEYMGMT-EC" -.IP "X25519, see \s-1\fBEVP_KEYMGMT\-X25519\s0\fR\|(7)" 4 +.IP "X25519, see \fBEVP_KEYMGMT\-X25519\fR\|(7)" 4 .IX Item "X25519, see EVP_KEYMGMT-X25519" -.IP "X448, see \s-1\fBEVP_KEYMGMT\-X448\s0\fR\|(7)" 4 +.IP "X448, see \fBEVP_KEYMGMT\-X448\fR\|(7)" 4 .IX Item "X448, see EVP_KEYMGMT-X448" .PD .SS "Random Number Generation" .IX Subsection "Random Number Generation" -.IP "CTR-DRBG, see \s-1\fBEVP_RAND\-CTR\-DRBG\s0\fR\|(7)" 4 +.IP "CTR\-DRBG, see \fBEVP_RAND\-CTR\-DRBG\fR\|(7)" 4 .IX Item "CTR-DRBG, see EVP_RAND-CTR-DRBG" .PD 0 -.IP "HASH-DRBG, see \s-1\fBEVP_RAND\-HASH\-DRBG\s0\fR\|(7)" 4 +.IP "HASH\-DRBG, see \fBEVP_RAND\-HASH\-DRBG\fR\|(7)" 4 .IX Item "HASH-DRBG, see EVP_RAND-HASH-DRBG" -.IP "HMAC-DRBG, see \s-1\fBEVP_RAND\-HMAC\-DRBG\s0\fR\|(7)" 4 +.IP "HMAC\-DRBG, see \fBEVP_RAND\-HMAC\-DRBG\fR\|(7)" 4 .IX Item "HMAC-DRBG, see EVP_RAND-HMAC-DRBG" -.IP "TEST-RAND, see \s-1\fBEVP_RAND\-TEST\-RAND\s0\fR\|(7)" 4 +.IP "TEST\-RAND, see \fBEVP_RAND\-TEST\-RAND\fR\|(7)" 4 .IX Item "TEST-RAND, see EVP_RAND-TEST-RAND" .PD -TEST-RAND is an unapproved algorithm. +TEST\-RAND is an unapproved algorithm. .SH "SELF TESTING" .IX Header "SELF TESTING" -One of the requirements for the \s-1FIPS\s0 module is self testing. An optional callback +One of the requirements for the FIPS module is self testing. An optional callback mechanism is available to return information to the user using \&\fBOSSL_SELF_TEST_set_callback\fR\|(3). .PP The parameters passed to the callback are described in \fBOSSL_SELF_TEST_new\fR\|(3) .PP -The OpenSSL \s-1FIPS\s0 module uses the following mechanism to provide information +The OpenSSL FIPS module uses the following mechanism to provide information about the self tests as they run. This is useful for debugging if a self test is failing. The callback also allows forcing any self test to fail, in order to check that it operates correctly on failure. Note that all self tests run even if a self test failure occurs. .PP -The \s-1FIPS\s0 module passes the following type(s) to \fBOSSL_SELF_TEST_onbegin()\fR. -.ie n .IP """Module_Integrity"" (\fB\s-1OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY\s0\fR)" 4 -.el .IP "``Module_Integrity'' (\fB\s-1OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY\s0\fR)" 4 -.IX Item "Module_Integrity (OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)" -Uses \s-1HMAC SHA256\s0 on the module file to validate that the module has not been +The FIPS module passes the following type(s) to \fBOSSL_SELF_TEST_onbegin()\fR. +.IP """Module_Integrity"" (\fBOSSL_SELF_TEST_TYPE_MODULE_INTEGRITY\fR)" 4 +.IX Item """Module_Integrity"" (OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)" +Uses HMAC SHA256 on the module file to validate that the module has not been modified. The integrity value is compared to a value written to a configuration file during installation. -.ie n .IP """Install_Integrity"" (\fB\s-1OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY\s0\fR)" 4 -.el .IP "``Install_Integrity'' (\fB\s-1OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY\s0\fR)" 4 -.IX Item "Install_Integrity (OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)" -Uses \s-1HMAC SHA256\s0 on a fixed string to validate that the installation process -has already been performed and the self test \s-1KATS\s0 have already been tested, +.IP """Install_Integrity"" (\fBOSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY\fR)" 4 +.IX Item """Install_Integrity"" (OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)" +Uses HMAC SHA256 on a fixed string to validate that the installation process +has already been performed and the self test KATS have already been tested, The integrity value is compared to a value written to a configuration file after successfully running the self tests during installation. -.ie n .IP """KAT_Cipher"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_CIPHER\s0\fR)" 4 -.el .IP "``KAT_Cipher'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_CIPHER\s0\fR)" 4 -.IX Item "KAT_Cipher (OSSL_SELF_TEST_TYPE_KAT_CIPHER)" +.IP """KAT_Cipher"" (\fBOSSL_SELF_TEST_TYPE_KAT_CIPHER\fR)" 4 +.IX Item """KAT_Cipher"" (OSSL_SELF_TEST_TYPE_KAT_CIPHER)" Known answer test for a symmetric cipher. -.ie n .IP """KAT_AsymmetricCipher"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER\s0\fR)" 4 -.el .IP "``KAT_AsymmetricCipher'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER\s0\fR)" 4 -.IX Item "KAT_AsymmetricCipher (OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER)" +.IP """KAT_AsymmetricCipher"" (\fBOSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER\fR)" 4 +.IX Item """KAT_AsymmetricCipher"" (OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER)" Known answer test for a asymmetric cipher. -.ie n .IP """KAT_Digest"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_DIGEST\s0\fR)" 4 -.el .IP "``KAT_Digest'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_DIGEST\s0\fR)" 4 -.IX Item "KAT_Digest (OSSL_SELF_TEST_TYPE_KAT_DIGEST)" +.IP """KAT_Digest"" (\fBOSSL_SELF_TEST_TYPE_KAT_DIGEST\fR)" 4 +.IX Item """KAT_Digest"" (OSSL_SELF_TEST_TYPE_KAT_DIGEST)" Known answer test for a digest. -.ie n .IP """KAT_Signature"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_SIGNATURE\s0\fR)" 4 -.el .IP "``KAT_Signature'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_SIGNATURE\s0\fR)" 4 -.IX Item "KAT_Signature (OSSL_SELF_TEST_TYPE_KAT_SIGNATURE)" +.IP """KAT_Signature"" (\fBOSSL_SELF_TEST_TYPE_KAT_SIGNATURE\fR)" 4 +.IX Item """KAT_Signature"" (OSSL_SELF_TEST_TYPE_KAT_SIGNATURE)" Known answer test for a signature. -.ie n .IP """PCT_Signature"" (\fB\s-1OSSL_SELF_TEST_TYPE_PCT_SIGNATURE\s0\fR)" 4 -.el .IP "``PCT_Signature'' (\fB\s-1OSSL_SELF_TEST_TYPE_PCT_SIGNATURE\s0\fR)" 4 -.IX Item "PCT_Signature (OSSL_SELF_TEST_TYPE_PCT_SIGNATURE)" +.IP """PCT_Signature"" (\fBOSSL_SELF_TEST_TYPE_PCT_SIGNATURE\fR)" 4 +.IX Item """PCT_Signature"" (OSSL_SELF_TEST_TYPE_PCT_SIGNATURE)" Pairwise Consistency check for a signature. -.ie n .IP """\s-1KAT_KDF""\s0 (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KDF\s0\fR)" 4 -.el .IP "``\s-1KAT_KDF''\s0 (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KDF\s0\fR)" 4 -.IX Item "KAT_KDF (OSSL_SELF_TEST_TYPE_KAT_KDF)" +.IP """KAT_KDF"" (\fBOSSL_SELF_TEST_TYPE_KAT_KDF\fR)" 4 +.IX Item """KAT_KDF"" (OSSL_SELF_TEST_TYPE_KAT_KDF)" Known answer test for a key derivation function. -.ie n .IP """\s-1KAT_KA""\s0 (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KA\s0\fR)" 4 -.el .IP "``\s-1KAT_KA''\s0 (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KA\s0\fR)" 4 -.IX Item "KAT_KA (OSSL_SELF_TEST_TYPE_KAT_KA)" +.IP """KAT_KA"" (\fBOSSL_SELF_TEST_TYPE_KAT_KA\fR)" 4 +.IX Item """KAT_KA"" (OSSL_SELF_TEST_TYPE_KAT_KA)" Known answer test for key agreement. -.ie n .IP """\s-1DRBG""\s0 (\fB\s-1OSSL_SELF_TEST_TYPE_DRBG\s0\fR)" 4 -.el .IP "``\s-1DRBG''\s0 (\fB\s-1OSSL_SELF_TEST_TYPE_DRBG\s0\fR)" 4 -.IX Item "DRBG (OSSL_SELF_TEST_TYPE_DRBG)" +.IP """DRBG"" (\fBOSSL_SELF_TEST_TYPE_DRBG\fR)" 4 +.IX Item """DRBG"" (OSSL_SELF_TEST_TYPE_DRBG)" Known answer test for a Deterministic Random Bit Generator. -.ie n .IP """Conditional_PCT"" (\fB\s-1OSSL_SELF_TEST_TYPE_PCT\s0\fR)" 4 -.el .IP "``Conditional_PCT'' (\fB\s-1OSSL_SELF_TEST_TYPE_PCT\s0\fR)" 4 -.IX Item "Conditional_PCT (OSSL_SELF_TEST_TYPE_PCT)" +.IP """Conditional_PCT"" (\fBOSSL_SELF_TEST_TYPE_PCT\fR)" 4 +.IX Item """Conditional_PCT"" (OSSL_SELF_TEST_TYPE_PCT)" Conditional test that is run during the generation of key pairs. -.ie n .IP """Continuous_RNG_Test"" (\fB\s-1OSSL_SELF_TEST_TYPE_CRNG\s0\fR)" 4 -.el .IP "``Continuous_RNG_Test'' (\fB\s-1OSSL_SELF_TEST_TYPE_CRNG\s0\fR)" 4 -.IX Item "Continuous_RNG_Test (OSSL_SELF_TEST_TYPE_CRNG)" +.IP """Continuous_RNG_Test"" (\fBOSSL_SELF_TEST_TYPE_CRNG\fR)" 4 +.IX Item """Continuous_RNG_Test"" (OSSL_SELF_TEST_TYPE_CRNG)" Continuous random number generator test. .PP -The \*(L"Module_Integrity\*(R" self test is always run at startup. -The \*(L"Install_Integrity\*(R" self test is used to check if the self tests have +The "Module_Integrity" self test is always run at startup. +The "Install_Integrity" self test is used to check if the self tests have already been run at installation time. If they have already run then the self tests are not run on subsequent startups. All other self test categories are run once at installation time, except for the -\&\*(L"Pairwise_Consistency_Test\*(R". +"Pairwise_Consistency_Test". .PP -There is only one instance of the \*(L"Module_Integrity\*(R" and \*(L"Install_Integrity\*(R" +There is only one instance of the "Module_Integrity" and "Install_Integrity" self tests. All other self tests may have multiple instances. .PP -The \s-1FIPS\s0 module passes the following descriptions(s) to \fBOSSL_SELF_TEST_onbegin()\fR. -.ie n .IP """\s-1HMAC""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_INTEGRITY_HMAC\s0\fR)" 4 -.el .IP "``\s-1HMAC''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_INTEGRITY_HMAC\s0\fR)" 4 -.IX Item "HMAC (OSSL_SELF_TEST_DESC_INTEGRITY_HMAC)" -\&\*(L"Module_Integrity\*(R" and \*(L"Install_Integrity\*(R" use this. -.ie n .IP """\s-1RSA""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1\s0\fR)" 4 -.el .IP "``\s-1RSA''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1\s0\fR)" 4 -.IX Item "RSA (OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1)" +The FIPS module passes the following descriptions(s) to \fBOSSL_SELF_TEST_onbegin()\fR. +.IP """HMAC"" (\fBOSSL_SELF_TEST_DESC_INTEGRITY_HMAC\fR)" 4 +.IX Item """HMAC"" (OSSL_SELF_TEST_DESC_INTEGRITY_HMAC)" +"Module_Integrity" and "Install_Integrity" use this. +.IP """RSA"" (\fBOSSL_SELF_TEST_DESC_PCT_RSA_PKCS1\fR)" 4 +.IX Item """RSA"" (OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1)" .PD 0 -.ie n .IP """\s-1ECDSA""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_PCT_ECDSA\s0\fR)" 4 -.el .IP "``\s-1ECDSA''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_PCT_ECDSA\s0\fR)" 4 -.IX Item "ECDSA (OSSL_SELF_TEST_DESC_PCT_ECDSA)" -.ie n .IP """\s-1DSA""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_PCT_DSA\s0\fR)" 4 -.el .IP "``\s-1DSA''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_PCT_DSA\s0\fR)" 4 -.IX Item "DSA (OSSL_SELF_TEST_DESC_PCT_DSA)" +.IP """ECDSA"" (\fBOSSL_SELF_TEST_DESC_PCT_ECDSA\fR)" 4 +.IX Item """ECDSA"" (OSSL_SELF_TEST_DESC_PCT_ECDSA)" +.IP """DSA"" (\fBOSSL_SELF_TEST_DESC_PCT_DSA\fR)" 4 +.IX Item """DSA"" (OSSL_SELF_TEST_DESC_PCT_DSA)" .PD -Key generation tests used with the \*(L"Pairwise_Consistency_Test\*(R" type. -.ie n .IP """RSA_Encrypt"" (\fB\s-1OSSL_SELF_TEST_DESC_ASYM_RSA_ENC\s0\fR)" 4 -.el .IP "``RSA_Encrypt'' (\fB\s-1OSSL_SELF_TEST_DESC_ASYM_RSA_ENC\s0\fR)" 4 -.IX Item "RSA_Encrypt (OSSL_SELF_TEST_DESC_ASYM_RSA_ENC)" +Key generation tests used with the "Pairwise_Consistency_Test" type. +.IP """RSA_Encrypt"" (\fBOSSL_SELF_TEST_DESC_ASYM_RSA_ENC\fR)" 4 +.IX Item """RSA_Encrypt"" (OSSL_SELF_TEST_DESC_ASYM_RSA_ENC)" .PD 0 -.ie n .IP """RSA_Decrypt"" (\fB\s-1OSSL_SELF_TEST_DESC_ASYM_RSA_DEC\s0\fR)" 4 -.el .IP "``RSA_Decrypt'' (\fB\s-1OSSL_SELF_TEST_DESC_ASYM_RSA_DEC\s0\fR)" 4 -.IX Item "RSA_Decrypt (OSSL_SELF_TEST_DESC_ASYM_RSA_DEC)" +.IP """RSA_Decrypt"" (\fBOSSL_SELF_TEST_DESC_ASYM_RSA_DEC\fR)" 4 +.IX Item """RSA_Decrypt"" (OSSL_SELF_TEST_DESC_ASYM_RSA_DEC)" .PD -\&\*(L"KAT_AsymmetricCipher\*(R" uses this to indicate an encrypt or decrypt \s-1KAT.\s0 -.ie n .IP """\s-1AES_GCM""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_AES_GCM\s0\fR)" 4 -.el .IP "``\s-1AES_GCM''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_AES_GCM\s0\fR)" 4 -.IX Item "AES_GCM (OSSL_SELF_TEST_DESC_CIPHER_AES_GCM)" +"KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT. +.IP """AES_GCM"" (\fBOSSL_SELF_TEST_DESC_CIPHER_AES_GCM\fR)" 4 +.IX Item """AES_GCM"" (OSSL_SELF_TEST_DESC_CIPHER_AES_GCM)" .PD 0 -.ie n .IP """AES_ECB_Decrypt"" (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_AES_ECB\s0\fR)" 4 -.el .IP "``AES_ECB_Decrypt'' (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_AES_ECB\s0\fR)" 4 -.IX Item "AES_ECB_Decrypt (OSSL_SELF_TEST_DESC_CIPHER_AES_ECB)" -.ie n .IP """\s-1TDES""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_TDES\s0\fR)" 4 -.el .IP "``\s-1TDES''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_TDES\s0\fR)" 4 -.IX Item "TDES (OSSL_SELF_TEST_DESC_CIPHER_TDES)" +.IP """AES_ECB_Decrypt"" (\fBOSSL_SELF_TEST_DESC_CIPHER_AES_ECB\fR)" 4 +.IX Item """AES_ECB_Decrypt"" (OSSL_SELF_TEST_DESC_CIPHER_AES_ECB)" +.IP """TDES"" (\fBOSSL_SELF_TEST_DESC_CIPHER_TDES\fR)" 4 +.IX Item """TDES"" (OSSL_SELF_TEST_DESC_CIPHER_TDES)" .PD -Symmetric cipher tests used with the \*(L"KAT_Cipher\*(R" type. -.ie n .IP """\s-1SHA1""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA1\s0\fR)" 4 -.el .IP "``\s-1SHA1''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA1\s0\fR)" 4 -.IX Item "SHA1 (OSSL_SELF_TEST_DESC_MD_SHA1)" +Symmetric cipher tests used with the "KAT_Cipher" type. +.IP """SHA1"" (\fBOSSL_SELF_TEST_DESC_MD_SHA1\fR)" 4 +.IX Item """SHA1"" (OSSL_SELF_TEST_DESC_MD_SHA1)" .PD 0 -.ie n .IP """\s-1SHA2""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA2\s0\fR)" 4 -.el .IP "``\s-1SHA2''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA2\s0\fR)" 4 -.IX Item "SHA2 (OSSL_SELF_TEST_DESC_MD_SHA2)" -.ie n .IP """\s-1SHA3""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA3\s0\fR)" 4 -.el .IP "``\s-1SHA3''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA3\s0\fR)" 4 -.IX Item "SHA3 (OSSL_SELF_TEST_DESC_MD_SHA3)" +.IP """SHA2"" (\fBOSSL_SELF_TEST_DESC_MD_SHA2\fR)" 4 +.IX Item """SHA2"" (OSSL_SELF_TEST_DESC_MD_SHA2)" +.IP """SHA3"" (\fBOSSL_SELF_TEST_DESC_MD_SHA3\fR)" 4 +.IX Item """SHA3"" (OSSL_SELF_TEST_DESC_MD_SHA3)" .PD -Digest tests used with the \*(L"KAT_Digest\*(R" type. -.ie n .IP """\s-1DSA""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_DSA\s0\fR)" 4 -.el .IP "``\s-1DSA''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_DSA\s0\fR)" 4 -.IX Item "DSA (OSSL_SELF_TEST_DESC_SIGN_DSA)" +Digest tests used with the "KAT_Digest" type. +.IP """DSA"" (\fBOSSL_SELF_TEST_DESC_SIGN_DSA\fR)" 4 +.IX Item """DSA"" (OSSL_SELF_TEST_DESC_SIGN_DSA)" .PD 0 -.ie n .IP """\s-1RSA""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_RSA\s0\fR)" 4 -.el .IP "``\s-1RSA''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_RSA\s0\fR)" 4 -.IX Item "RSA (OSSL_SELF_TEST_DESC_SIGN_RSA)" -.ie n .IP """\s-1ECDSA""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_ECDSA\s0\fR)" 4 -.el .IP "``\s-1ECDSA''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_ECDSA\s0\fR)" 4 -.IX Item "ECDSA (OSSL_SELF_TEST_DESC_SIGN_ECDSA)" +.IP """RSA"" (\fBOSSL_SELF_TEST_DESC_SIGN_RSA\fR)" 4 +.IX Item """RSA"" (OSSL_SELF_TEST_DESC_SIGN_RSA)" +.IP """ECDSA"" (\fBOSSL_SELF_TEST_DESC_SIGN_ECDSA\fR)" 4 +.IX Item """ECDSA"" (OSSL_SELF_TEST_DESC_SIGN_ECDSA)" .PD -Signature tests used with the \*(L"KAT_Signature\*(R" type. -.ie n .IP """\s-1ECDH""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDH\s0\fR)" 4 -.el .IP "``\s-1ECDH''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDH\s0\fR)" 4 -.IX Item "ECDH (OSSL_SELF_TEST_DESC_KA_ECDH)" +Signature tests used with the "KAT_Signature" type. +.IP """ECDH"" (\fBOSSL_SELF_TEST_DESC_KA_ECDH\fR)" 4 +.IX Item """ECDH"" (OSSL_SELF_TEST_DESC_KA_ECDH)" .PD 0 -.ie n .IP """\s-1DH""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KA_DH\s0\fR)" 4 -.el .IP "``\s-1DH''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KA_DH\s0\fR)" 4 -.IX Item "DH (OSSL_SELF_TEST_DESC_KA_DH)" +.IP """DH"" (\fBOSSL_SELF_TEST_DESC_KA_DH\fR)" 4 +.IX Item """DH"" (OSSL_SELF_TEST_DESC_KA_DH)" .PD -Key agreement tests used with the \*(L"\s-1KAT_KA\*(R"\s0 type. -.ie n .IP """\s-1HKDF""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_HKDF\s0\fR)" 4 -.el .IP "``\s-1HKDF''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_HKDF\s0\fR)" 4 -.IX Item "HKDF (OSSL_SELF_TEST_DESC_KDF_HKDF)" +Key agreement tests used with the "KAT_KA" type. +.IP """HKDF"" (\fBOSSL_SELF_TEST_DESC_KDF_HKDF\fR)" 4 +.IX Item """HKDF"" (OSSL_SELF_TEST_DESC_KDF_HKDF)" .PD 0 -.ie n .IP """\s-1TLS13_KDF_EXTRACT""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT\s0\fR)" 4 -.el .IP "``\s-1TLS13_KDF_EXTRACT''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT\s0\fR)" 4 -.IX Item "TLS13_KDF_EXTRACT (OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT)" -.ie n .IP """\s-1TLS13_KDF_EXPAND""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND\s0\fR)" 4 -.el .IP "``\s-1TLS13_KDF_EXPAND''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND\s0\fR)" 4 -.IX Item "TLS13_KDF_EXPAND (OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND)" -.ie n .IP """\s-1SSKDF""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_SSKDF\s0\fR)" 4 -.el .IP "``\s-1SSKDF''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_SSKDF\s0\fR)" 4 -.IX Item "SSKDF (OSSL_SELF_TEST_DESC_KDF_SSKDF)" -.ie n .IP """X963KDF"" (\fB\s-1OSSL_SELF_TEST_DESC_KDF_X963KDF\s0\fR)" 4 -.el .IP "``X963KDF'' (\fB\s-1OSSL_SELF_TEST_DESC_KDF_X963KDF\s0\fR)" 4 -.IX Item "X963KDF (OSSL_SELF_TEST_DESC_KDF_X963KDF)" -.ie n .IP """X942KDF"" (\fB\s-1OSSL_SELF_TEST_DESC_KDF_X942KDF\s0\fR)" 4 -.el .IP "``X942KDF'' (\fB\s-1OSSL_SELF_TEST_DESC_KDF_X942KDF\s0\fR)" 4 -.IX Item "X942KDF (OSSL_SELF_TEST_DESC_KDF_X942KDF)" -.ie n .IP """\s-1PBKDF2""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_PBKDF2\s0\fR)" 4 -.el .IP "``\s-1PBKDF2''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_PBKDF2\s0\fR)" 4 -.IX Item "PBKDF2 (OSSL_SELF_TEST_DESC_KDF_PBKDF2)" -.ie n .IP """\s-1SSHKDF""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_SSHKDF\s0\fR)" 4 -.el .IP "``\s-1SSHKDF''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_SSHKDF\s0\fR)" 4 -.IX Item "SSHKDF (OSSL_SELF_TEST_DESC_KDF_SSHKDF)" -.ie n .IP """\s-1TLS12_PRF""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_TLS12_PRF\s0\fR)" 4 -.el .IP "``\s-1TLS12_PRF''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_TLS12_PRF\s0\fR)" 4 -.IX Item "TLS12_PRF (OSSL_SELF_TEST_DESC_KDF_TLS12_PRF)" -.ie n .IP """\s-1KBKDF""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_KBKDF\s0\fR)" 4 -.el .IP "``\s-1KBKDF''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_KDF_KBKDF\s0\fR)" 4 -.IX Item "KBKDF (OSSL_SELF_TEST_DESC_KDF_KBKDF)" +.IP """TLS13_KDF_EXTRACT"" (\fBOSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT\fR)" 4 +.IX Item """TLS13_KDF_EXTRACT"" (OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT)" +.IP """TLS13_KDF_EXPAND"" (\fBOSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND\fR)" 4 +.IX Item """TLS13_KDF_EXPAND"" (OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND)" +.IP """SSKDF"" (\fBOSSL_SELF_TEST_DESC_KDF_SSKDF\fR)" 4 +.IX Item """SSKDF"" (OSSL_SELF_TEST_DESC_KDF_SSKDF)" +.IP """X963KDF"" (\fBOSSL_SELF_TEST_DESC_KDF_X963KDF\fR)" 4 +.IX Item """X963KDF"" (OSSL_SELF_TEST_DESC_KDF_X963KDF)" +.IP """X942KDF"" (\fBOSSL_SELF_TEST_DESC_KDF_X942KDF\fR)" 4 +.IX Item """X942KDF"" (OSSL_SELF_TEST_DESC_KDF_X942KDF)" +.IP """PBKDF2"" (\fBOSSL_SELF_TEST_DESC_KDF_PBKDF2\fR)" 4 +.IX Item """PBKDF2"" (OSSL_SELF_TEST_DESC_KDF_PBKDF2)" +.IP """SSHKDF"" (\fBOSSL_SELF_TEST_DESC_KDF_SSHKDF\fR)" 4 +.IX Item """SSHKDF"" (OSSL_SELF_TEST_DESC_KDF_SSHKDF)" +.IP """TLS12_PRF"" (\fBOSSL_SELF_TEST_DESC_KDF_TLS12_PRF\fR)" 4 +.IX Item """TLS12_PRF"" (OSSL_SELF_TEST_DESC_KDF_TLS12_PRF)" +.IP """KBKDF"" (\fBOSSL_SELF_TEST_DESC_KDF_KBKDF\fR)" 4 +.IX Item """KBKDF"" (OSSL_SELF_TEST_DESC_KDF_KBKDF)" .PD -Key Derivation Function tests used with the \*(L"\s-1KAT_KDF\*(R"\s0 type. -.ie n .IP """\s-1CTR""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_CTR\s0\fR)" 4 -.el .IP "``\s-1CTR''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_CTR\s0\fR)" 4 -.IX Item "CTR (OSSL_SELF_TEST_DESC_DRBG_CTR)" +Key Derivation Function tests used with the "KAT_KDF" type. +.IP """CTR"" (\fBOSSL_SELF_TEST_DESC_DRBG_CTR\fR)" 4 +.IX Item """CTR"" (OSSL_SELF_TEST_DESC_DRBG_CTR)" .PD 0 -.ie n .IP """\s-1HASH""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HASH\s0\fR)" 4 -.el .IP "``\s-1HASH''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HASH\s0\fR)" 4 -.IX Item "HASH (OSSL_SELF_TEST_DESC_DRBG_HASH)" -.ie n .IP """\s-1HMAC""\s0 (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HMAC\s0\fR)" 4 -.el .IP "``\s-1HMAC''\s0 (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HMAC\s0\fR)" 4 -.IX Item "HMAC (OSSL_SELF_TEST_DESC_DRBG_HMAC)" +.IP """HASH"" (\fBOSSL_SELF_TEST_DESC_DRBG_HASH\fR)" 4 +.IX Item """HASH"" (OSSL_SELF_TEST_DESC_DRBG_HASH)" +.IP """HMAC"" (\fBOSSL_SELF_TEST_DESC_DRBG_HMAC\fR)" 4 +.IX Item """HMAC"" (OSSL_SELF_TEST_DESC_DRBG_HMAC)" .PD -\&\s-1DRBG\s0 tests used with the \*(L"\s-1DRBG\*(R"\s0 type. +DRBG tests used with the "DRBG" type. .Sp -= item \*(L"\s-1RNG\*(R"\s0 (\fB\s-1OSSL_SELF_TEST_DESC_RNG\s0\fR) += item "RNG" (\fBOSSL_SELF_TEST_DESC_RNG\fR) .Sp -\&\*(L"Continuous_RNG_Test\*(R" uses this. -.SH "EXAMPLES" +"Continuous_RNG_Test" uses this. +.SH EXAMPLES .IX Header "EXAMPLES" A simple self test callback is shown below for illustrative purposes. .PP @@ -546,37 +425,50 @@ \& return ret; \& } .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Some released versions of OpenSSL do not include a validated -\&\s-1FIPS\s0 provider. To determine which versions have undergone +FIPS provider. To determine which versions have undergone the validation process, please refer to the OpenSSL Downloads page . If you -require FIPS-approved functionality, it is essential to build your \s-1FIPS\s0 +require FIPS\-approved functionality, it is essential to build your FIPS provider using one of the validated versions listed there. Normally, -it is possible to utilize a \s-1FIPS\s0 provider constructed from one of the +it is possible to utilize a FIPS provider constructed from one of the validated versions alongside \fIlibcrypto\fR and \fIlibssl\fR compiled from any release within the same major release series. This flexibility enables -you to address bug fixes and CVEs that fall outside the \s-1FIPS\s0 boundary. +you to address bug fixes and CVEs that fall outside the FIPS boundary. +.PP +You can load the FIPS provider into multiple library contexts as any other +provider. However the following restriction applies. The FIPS provider cannot +be used by multiple copies of OpenSSL libcrypto in a single process. +.PP +As the provider saves core callbacks to the libcrypto obtained in the +\&\fBOSSL_provider_init()\fR call to global data it will fail if subsequent +invocations of its \fBOSSL_provider_init()\fR function yield different addresses +of these callbacks than in the initial call. This happens when different +copies of libcrypto are present in the memory of the process and both try +to load the same FIPS provider. A workaround is to have a different copy +of the FIPS provider loaded for each of the libcrypto instances in the +process. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-fipsinstall\fR\|(1), \&\fBfips_config\fR\|(5), \&\fBOSSL_SELF_TEST_set_callback\fR\|(3), \&\fBOSSL_SELF_TEST_new\fR\|(3), -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), +\&\fBOSSL_PARAM\fR\|(3), \&\fBopenssl\-core.h\fR\|(7), \&\fBopenssl\-core_dispatch.h\fR\|(7), \&\fBprovider\fR\|(7), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/OSSL_PROVIDER-base.7.orig +++ secure/lib/libcrypto/man/man7/OSSL_PROVIDER-base.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,157 +53,91 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PROVIDER-BASE 7ossl" -.TH OSSL_PROVIDER-BASE 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PROVIDER-BASE 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PROVIDER\-base \- OpenSSL base provider -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The OpenSSL base provider supplies the encoding for OpenSSL's +The OpenSSL base provider supplies the encoding for OpenSSL\*(Aqs asymmetric cryptography. -.SS "Properties" +.SS Properties .IX Subsection "Properties" The implementations in this provider specifically have this property defined: -.ie n .IP """provider=base""" 4 -.el .IP "``provider=base''" 4 -.IX Item "provider=base" +.IP """provider=base""" 4 +.IX Item """provider=base""" .PP It may be used in a property query string with fetching functions. .PP -It isn't mandatory to query for this property, except to make sure to get +It isn\*(Aqt mandatory to query for this property, except to make sure to get implementations of this provider and none other. -.ie n .IP """type=parameters""" 4 -.el .IP "``type=parameters''" 4 -.IX Item "type=parameters" +.IP """type=parameters""" 4 +.IX Item """type=parameters""" .PD 0 -.ie n .IP """type=private""" 4 -.el .IP "``type=private''" 4 -.IX Item "type=private" -.ie n .IP """type=public""" 4 -.el .IP "``type=public''" 4 -.IX Item "type=public" +.IP """type=private""" 4 +.IX Item """type=private""" +.IP """type=public""" 4 +.IX Item """type=public""" .PD .PP These may be used in a property query string with fetching functions to select which data are to be encoded. Either the private key material, the public key material or the domain parameters can be selected. -.ie n .IP """format=der""" 4 -.el .IP "``format=der''" 4 -.IX Item "format=der" +.IP """format=der""" 4 +.IX Item """format=der""" .PD 0 -.ie n .IP """format=pem""" 4 -.el .IP "``format=pem''" 4 -.IX Item "format=pem" -.ie n .IP """format=text""" 4 -.el .IP "``format=text''" 4 -.IX Item "format=text" +.IP """format=pem""" 4 +.IX Item """format=pem""" +.IP """format=text""" 4 +.IX Item """format=text""" .PD .PP These may be used in a property query string with fetching functions to select -the encoding output format. Either the \s-1DER, PEM\s0 and plaintext are +the encoding output format. Either the DER, PEM and plaintext are currently permitted. .SH "OPERATIONS AND ALGORITHMS" .IX Header "OPERATIONS AND ALGORITHMS" The OpenSSL base provider supports these operations and algorithms: .SS "Asymmetric Key Encoder" .IX Subsection "Asymmetric Key Encoder" -In addition to \*(L"provider=base\*(R", some of these encoders define the -property \*(L"fips=yes\*(R", to allow them to be used together with the \s-1FIPS\s0 +In addition to "provider=base", some of these encoders define the +property "fips=yes", to allow them to be used together with the FIPS provider. -.IP "\s-1RSA,\s0 see \s-1\fBOSSL_ENCODER\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBOSSL_ENCODER\-RSA\fR\|(7)" 4 .IX Item "RSA, see OSSL_ENCODER-RSA" .PD 0 -.IP "\s-1DH,\s0 see \s-1\fBOSSL_ENCODER\-DH\s0\fR\|(7)" 4 +.IP "DH, see \fBOSSL_ENCODER\-DH\fR\|(7)" 4 .IX Item "DH, see OSSL_ENCODER-DH" -.IP "\s-1DSA,\s0 see \s-1\fBOSSL_ENCODER\-DSA\s0\fR\|(7)" 4 +.IP "DSA, see \fBOSSL_ENCODER\-DSA\fR\|(7)" 4 .IX Item "DSA, see OSSL_ENCODER-DSA" -.IP "\s-1EC,\s0 see \s-1\fBOSSL_ENCODER\-EC\s0\fR\|(7)" 4 +.IP "EC, see \fBOSSL_ENCODER\-EC\fR\|(7)" 4 .IX Item "EC, see OSSL_ENCODER-EC" -.IP "X25519, see \s-1\fBOSSL_ENCODER\-X25519\s0\fR\|(7)" 4 +.IP "X25519, see \fBOSSL_ENCODER\-X25519\fR\|(7)" 4 .IX Item "X25519, see OSSL_ENCODER-X25519" -.IP "X448, see \s-1\fBOSSL_ENCODER\-X448\s0\fR\|(7)" 4 +.IP "X448, see \fBOSSL_ENCODER\-X448\fR\|(7)" 4 .IX Item "X448, see OSSL_ENCODER-X448" .PD .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOSSL_PROVIDER\-default\fR\|(7), \fBopenssl\-core.h\fR\|(7), \&\fBopenssl\-core_dispatch.h\fR\|(7), \fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/OSSL_PROVIDER-default.7.orig +++ secure/lib/libcrypto/man/man7/OSSL_PROVIDER-default.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,107 +53,47 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PROVIDER-DEFAULT 7ossl" -.TH OSSL_PROVIDER-DEFAULT 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PROVIDER-DEFAULT 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PROVIDER\-default \- OpenSSL default provider -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The OpenSSL default provider supplies the majority of OpenSSL's diverse -algorithm implementations. If an application doesn't specify anything else +The OpenSSL default provider supplies the majority of OpenSSL\*(Aqs diverse +algorithm implementations. If an application doesn\*(Aqt specify anything else explicitly (e.g. in the application or via config), then this is the provider that will be used as fallback: It is loaded automatically the first time that an algorithm is fetched from a provider or a function acting on providers is called and no other provider has been loaded yet. .PP If an attempt to load a provider has already been made (whether successful -or not) then the default provider won't be loaded automatically. Therefore +or not) then the default provider won\*(Aqt be loaded automatically. Therefore if the default provider is to be used in conjunction with other providers then it must be loaded explicitly. Automatic loading of the default provider only occurs a maximum of once; if the default provider is explicitly unloaded then the default provider will not be automatically loaded again. -.SS "Properties" +.SS Properties .IX Subsection "Properties" The implementations in this provider specifically have this property defined: -.ie n .IP """provider=default""" 4 -.el .IP "``provider=default''" 4 -.IX Item "provider=default" +.IP """provider=default""" 4 +.IX Item """provider=default""" .PP It may be used in a property query string with fetching functions such as \&\fBEVP_MD_fetch\fR\|(3) or \fBEVP_CIPHER_fetch\fR\|(3), as well as with other functions that take a property query string, such as \&\fBEVP_PKEY_CTX_new_from_name\fR\|(3). .PP -It isn't mandatory to query for this property, except to make sure to get +It isn\*(Aqt mandatory to query for this property, except to make sure to get implementations of this provider and none other. .PP Some implementations may define additional properties. Exact information is @@ -179,203 +103,203 @@ The OpenSSL default provider supports these operations and algorithms: .SS "Hashing Algorithms / Message Digests" .IX Subsection "Hashing Algorithms / Message Digests" -.IP "\s-1SHA1,\s0 see \s-1\fBEVP_MD\-SHA1\s0\fR\|(7)" 4 +.IP "SHA1, see \fBEVP_MD\-SHA1\fR\|(7)" 4 .IX Item "SHA1, see EVP_MD-SHA1" .PD 0 -.IP "\s-1SHA2,\s0 see \s-1\fBEVP_MD\-SHA2\s0\fR\|(7)" 4 +.IP "SHA2, see \fBEVP_MD\-SHA2\fR\|(7)" 4 .IX Item "SHA2, see EVP_MD-SHA2" -.IP "\s-1SHA3,\s0 see \s-1\fBEVP_MD\-SHA3\s0\fR\|(7)" 4 +.IP "SHA3, see \fBEVP_MD\-SHA3\fR\|(7)" 4 .IX Item "SHA3, see EVP_MD-SHA3" -.IP "KECCAK-KMAC, see \s-1\fBEVP_MD\-KECCAK\-KMAC\s0\fR\|(7)" 4 +.IP "KECCAK\-KMAC, see \fBEVP_MD\-KECCAK\-KMAC\fR\|(7)" 4 .IX Item "KECCAK-KMAC, see EVP_MD-KECCAK-KMAC" -.IP "\s-1SHAKE,\s0 see \s-1\fBEVP_MD\-SHAKE\s0\fR\|(7)" 4 +.IP "SHAKE, see \fBEVP_MD\-SHAKE\fR\|(7)" 4 .IX Item "SHAKE, see EVP_MD-SHAKE" -.IP "\s-1BLAKE2,\s0 see \s-1\fBEVP_MD\-BLAKE2\s0\fR\|(7)" 4 +.IP "BLAKE2, see \fBEVP_MD\-BLAKE2\fR\|(7)" 4 .IX Item "BLAKE2, see EVP_MD-BLAKE2" -.IP "\s-1SM3,\s0 see \s-1\fBEVP_MD\-SM3\s0\fR\|(7)" 4 +.IP "SM3, see \fBEVP_MD\-SM3\fR\|(7)" 4 .IX Item "SM3, see EVP_MD-SM3" -.IP "\s-1MD5,\s0 see \s-1\fBEVP_MD\-MD5\s0\fR\|(7)" 4 +.IP "MD5, see \fBEVP_MD\-MD5\fR\|(7)" 4 .IX Item "MD5, see EVP_MD-MD5" -.IP "\s-1MD5\-SHA1,\s0 see \s-1\fBEVP_MD\-MD5\-SHA1\s0\fR\|(7)" 4 +.IP "MD5\-SHA1, see \fBEVP_MD\-MD5\-SHA1\fR\|(7)" 4 .IX Item "MD5-SHA1, see EVP_MD-MD5-SHA1" -.IP "\s-1RIPEMD160,\s0 see \s-1\fBEVP_MD\-RIPEMD160\s0\fR\|(7)" 4 +.IP "RIPEMD160, see \fBEVP_MD\-RIPEMD160\fR\|(7)" 4 .IX Item "RIPEMD160, see EVP_MD-RIPEMD160" -.IP "\s-1NULL,\s0 see \s-1\fBEVP_MD\-NULL\s0\fR\|(7)" 4 +.IP "NULL, see \fBEVP_MD\-NULL\fR\|(7)" 4 .IX Item "NULL, see EVP_MD-NULL" .PD .SS "Symmetric Ciphers" .IX Subsection "Symmetric Ciphers" -.IP "\s-1AES,\s0 see \s-1\fBEVP_CIPHER\-AES\s0\fR\|(7)" 4 +.IP "AES, see \fBEVP_CIPHER\-AES\fR\|(7)" 4 .IX Item "AES, see EVP_CIPHER-AES" .PD 0 -.IP "\s-1ARIA,\s0 see \s-1\fBEVP_CIPHER\-ARIA\s0\fR\|(7)" 4 +.IP "ARIA, see \fBEVP_CIPHER\-ARIA\fR\|(7)" 4 .IX Item "ARIA, see EVP_CIPHER-ARIA" -.IP "\s-1CAMELLIA,\s0 see \s-1\fBEVP_CIPHER\-CAMELLIA\s0\fR\|(7)" 4 +.IP "CAMELLIA, see \fBEVP_CIPHER\-CAMELLIA\fR\|(7)" 4 .IX Item "CAMELLIA, see EVP_CIPHER-CAMELLIA" -.IP "3DES, see \s-1\fBEVP_CIPHER\-DES\s0\fR\|(7)" 4 +.IP "3DES, see \fBEVP_CIPHER\-DES\fR\|(7)" 4 .IX Item "3DES, see EVP_CIPHER-DES" -.IP "\s-1SEED,\s0 see \s-1\fBEVP_CIPHER\-SEED\s0\fR\|(7)" 4 +.IP "SEED, see \fBEVP_CIPHER\-SEED\fR\|(7)" 4 .IX Item "SEED, see EVP_CIPHER-SEED" -.IP "\s-1SM4,\s0 see \s-1\fBEVP_CIPHER\-SM4\s0\fR\|(7)" 4 +.IP "SM4, see \fBEVP_CIPHER\-SM4\fR\|(7)" 4 .IX Item "SM4, see EVP_CIPHER-SM4" -.IP "ChaCha20, see \s-1\fBEVP_CIPHER\-CHACHA\s0\fR\|(7)" 4 +.IP "ChaCha20, see \fBEVP_CIPHER\-CHACHA\fR\|(7)" 4 .IX Item "ChaCha20, see EVP_CIPHER-CHACHA" -.IP "ChaCha20\-Poly1305, see \s-1\fBEVP_CIPHER\-CHACHA\s0\fR\|(7)" 4 +.IP "ChaCha20\-Poly1305, see \fBEVP_CIPHER\-CHACHA\fR\|(7)" 4 .IX Item "ChaCha20-Poly1305, see EVP_CIPHER-CHACHA" -.IP "\s-1NULL,\s0 see \s-1\fBEVP_CIPHER\-NULL\s0\fR\|(7)" 4 +.IP "NULL, see \fBEVP_CIPHER\-NULL\fR\|(7)" 4 .IX Item "NULL, see EVP_CIPHER-NULL" .PD -.SS "Message Authentication Code (\s-1MAC\s0)" +.SS "Message Authentication Code (MAC)" .IX Subsection "Message Authentication Code (MAC)" -.IP "\s-1BLAKE2,\s0 see \s-1\fBEVP_MAC\-BLAKE2\s0\fR\|(7)" 4 +.IP "BLAKE2, see \fBEVP_MAC\-BLAKE2\fR\|(7)" 4 .IX Item "BLAKE2, see EVP_MAC-BLAKE2" .PD 0 -.IP "\s-1CMAC,\s0 see \s-1\fBEVP_MAC\-CMAC\s0\fR\|(7)" 4 +.IP "CMAC, see \fBEVP_MAC\-CMAC\fR\|(7)" 4 .IX Item "CMAC, see EVP_MAC-CMAC" -.IP "\s-1GMAC,\s0 see \s-1\fBEVP_MAC\-GMAC\s0\fR\|(7)" 4 +.IP "GMAC, see \fBEVP_MAC\-GMAC\fR\|(7)" 4 .IX Item "GMAC, see EVP_MAC-GMAC" -.IP "\s-1HMAC,\s0 see \s-1\fBEVP_MAC\-HMAC\s0\fR\|(7)" 4 +.IP "HMAC, see \fBEVP_MAC\-HMAC\fR\|(7)" 4 .IX Item "HMAC, see EVP_MAC-HMAC" -.IP "\s-1KMAC,\s0 see \s-1\fBEVP_MAC\-KMAC\s0\fR\|(7)" 4 +.IP "KMAC, see \fBEVP_MAC\-KMAC\fR\|(7)" 4 .IX Item "KMAC, see EVP_MAC-KMAC" -.IP "\s-1SIPHASH,\s0 see \fBEVP_MAC\-Siphash\fR\|(7)" 4 +.IP "SIPHASH, see \fBEVP_MAC\-Siphash\fR\|(7)" 4 .IX Item "SIPHASH, see EVP_MAC-Siphash" -.IP "\s-1POLY1305,\s0 see \fBEVP_MAC\-Poly1305\fR\|(7)" 4 +.IP "POLY1305, see \fBEVP_MAC\-Poly1305\fR\|(7)" 4 .IX Item "POLY1305, see EVP_MAC-Poly1305" .PD -.SS "Key Derivation Function (\s-1KDF\s0)" +.SS "Key Derivation Function (KDF)" .IX Subsection "Key Derivation Function (KDF)" -.IP "\s-1HKDF,\s0 see \s-1\fBEVP_KDF\-HKDF\s0\fR\|(7)" 4 +.IP "HKDF, see \fBEVP_KDF\-HKDF\fR\|(7)" 4 .IX Item "HKDF, see EVP_KDF-HKDF" .PD 0 -.IP "\s-1SSKDF,\s0 see \s-1\fBEVP_KDF\-SS\s0\fR\|(7)" 4 +.IP "SSKDF, see \fBEVP_KDF\-SS\fR\|(7)" 4 .IX Item "SSKDF, see EVP_KDF-SS" -.IP "\s-1PBKDF2,\s0 see \s-1\fBEVP_KDF\-PBKDF2\s0\fR\|(7)" 4 +.IP "PBKDF2, see \fBEVP_KDF\-PBKDF2\fR\|(7)" 4 .IX Item "PBKDF2, see EVP_KDF-PBKDF2" -.IP "\s-1PKCS12KDF,\s0 see \s-1\fBEVP_KDF\-PKCS12KDF\s0\fR\|(7)" 4 +.IP "PKCS12KDF, see \fBEVP_KDF\-PKCS12KDF\fR\|(7)" 4 .IX Item "PKCS12KDF, see EVP_KDF-PKCS12KDF" -.IP "\s-1SSHKDF,\s0 see \s-1\fBEVP_KDF\-SSHKDF\s0\fR\|(7)" 4 +.IP "SSHKDF, see \fBEVP_KDF\-SSHKDF\fR\|(7)" 4 .IX Item "SSHKDF, see EVP_KDF-SSHKDF" -.IP "\s-1TLS1\-PRF,\s0 see \s-1\fBEVP_KDF\-TLS1_PRF\s0\fR\|(7)" 4 +.IP "TLS1\-PRF, see \fBEVP_KDF\-TLS1_PRF\fR\|(7)" 4 .IX Item "TLS1-PRF, see EVP_KDF-TLS1_PRF" -.IP "\s-1KBKDF,\s0 see \s-1\fBEVP_KDF\-KB\s0\fR\|(7)" 4 +.IP "KBKDF, see \fBEVP_KDF\-KB\fR\|(7)" 4 .IX Item "KBKDF, see EVP_KDF-KB" -.IP "X942KDF\-ASN1, see \s-1\fBEVP_KDF\-X942\-ASN1\s0\fR\|(7)" 4 +.IP "X942KDF\-ASN1, see \fBEVP_KDF\-X942\-ASN1\fR\|(7)" 4 .IX Item "X942KDF-ASN1, see EVP_KDF-X942-ASN1" -.IP "X942KDF\-CONCAT, see \s-1\fBEVP_KDF\-X942\-CONCAT\s0\fR\|(7)" 4 +.IP "X942KDF\-CONCAT, see \fBEVP_KDF\-X942\-CONCAT\fR\|(7)" 4 .IX Item "X942KDF-CONCAT, see EVP_KDF-X942-CONCAT" -.IP "X963KDF, see \s-1\fBEVP_KDF\-X963\s0\fR\|(7)" 4 +.IP "X963KDF, see \fBEVP_KDF\-X963\fR\|(7)" 4 .IX Item "X963KDF, see EVP_KDF-X963" -.IP "\s-1SCRYPT,\s0 see \s-1\fBEVP_KDF\-SCRYPT\s0\fR\|(7)" 4 +.IP "SCRYPT, see \fBEVP_KDF\-SCRYPT\fR\|(7)" 4 .IX Item "SCRYPT, see EVP_KDF-SCRYPT" -.IP "\s-1KRB5KDF,\s0 see \s-1\fBEVP_KDF\-KRB5KDF\s0\fR\|(7)" 4 +.IP "KRB5KDF, see \fBEVP_KDF\-KRB5KDF\fR\|(7)" 4 .IX Item "KRB5KDF, see EVP_KDF-KRB5KDF" .PD .SS "Key Exchange" .IX Subsection "Key Exchange" -.IP "\s-1DH,\s0 see \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7)" 4 +.IP "DH, see \fBEVP_KEYEXCH\-DH\fR\|(7)" 4 .IX Item "DH, see EVP_KEYEXCH-DH" .PD 0 -.IP "\s-1ECDH,\s0 see \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7)" 4 +.IP "ECDH, see \fBEVP_KEYEXCH\-ECDH\fR\|(7)" 4 .IX Item "ECDH, see EVP_KEYEXCH-ECDH" -.IP "X25519, see \s-1\fBEVP_KEYEXCH\-X25519\s0\fR\|(7)" 4 +.IP "X25519, see \fBEVP_KEYEXCH\-X25519\fR\|(7)" 4 .IX Item "X25519, see EVP_KEYEXCH-X25519" -.IP "X448, see \s-1\fBEVP_KEYEXCH\-X448\s0\fR\|(7)" 4 +.IP "X448, see \fBEVP_KEYEXCH\-X448\fR\|(7)" 4 .IX Item "X448, see EVP_KEYEXCH-X448" .PD .SS "Asymmetric Signature" .IX Subsection "Asymmetric Signature" -.IP "\s-1DSA,\s0 see \s-1\fBEVP_SIGNATURE\-DSA\s0\fR\|(7)" 4 +.IP "DSA, see \fBEVP_SIGNATURE\-DSA\fR\|(7)" 4 .IX Item "DSA, see EVP_SIGNATURE-DSA" .PD 0 -.IP "\s-1RSA,\s0 see \s-1\fBEVP_SIGNATURE\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBEVP_SIGNATURE\-RSA\fR\|(7)" 4 .IX Item "RSA, see EVP_SIGNATURE-RSA" -.IP "\s-1HMAC,\s0 see \s-1\fBEVP_SIGNATURE\-HMAC\s0\fR\|(7)" 4 +.IP "HMAC, see \fBEVP_SIGNATURE\-HMAC\fR\|(7)" 4 .IX Item "HMAC, see EVP_SIGNATURE-HMAC" -.IP "\s-1SIPHASH,\s0 see \fBEVP_SIGNATURE\-Siphash\fR\|(7)" 4 +.IP "SIPHASH, see \fBEVP_SIGNATURE\-Siphash\fR\|(7)" 4 .IX Item "SIPHASH, see EVP_SIGNATURE-Siphash" -.IP "\s-1POLY1305,\s0 see \fBEVP_SIGNATURE\-Poly1305\fR\|(7)" 4 +.IP "POLY1305, see \fBEVP_SIGNATURE\-Poly1305\fR\|(7)" 4 .IX Item "POLY1305, see EVP_SIGNATURE-Poly1305" -.IP "\s-1CMAC,\s0 see \s-1\fBEVP_SIGNATURE\-CMAC\s0\fR\|(7)" 4 +.IP "CMAC, see \fBEVP_SIGNATURE\-CMAC\fR\|(7)" 4 .IX Item "CMAC, see EVP_SIGNATURE-CMAC" .PD .SS "Asymmetric Cipher" .IX Subsection "Asymmetric Cipher" -.IP "\s-1RSA,\s0 see \s-1\fBEVP_ASYM_CIPHER\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBEVP_ASYM_CIPHER\-RSA\fR\|(7)" 4 .IX Item "RSA, see EVP_ASYM_CIPHER-RSA" .PD 0 -.IP "\s-1SM2,\s0 see \s-1\fBEVP_ASYM_CIPHER\-SM2\s0\fR\|(7)" 4 +.IP "SM2, see \fBEVP_ASYM_CIPHER\-SM2\fR\|(7)" 4 .IX Item "SM2, see EVP_ASYM_CIPHER-SM2" .PD .SS "Asymmetric Key Encapsulation" .IX Subsection "Asymmetric Key Encapsulation" -.IP "\s-1RSA,\s0 see \s-1\fBEVP_KEM\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBEVP_KEM\-RSA\fR\|(7)" 4 .IX Item "RSA, see EVP_KEM-RSA" .SS "Asymmetric Key Management" .IX Subsection "Asymmetric Key Management" -.PD 0 -.IP "\s-1DH,\s0 see \s-1\fBEVP_KEYMGMT\-DH\s0\fR\|(7)" 4 +.IP "DH, see \fBEVP_KEYMGMT\-DH\fR\|(7)" 4 .IX Item "DH, see EVP_KEYMGMT-DH" -.IP "\s-1DHX,\s0 see \s-1\fBEVP_KEYMGMT\-DHX\s0\fR\|(7)" 4 +.PD 0 +.IP "DHX, see \fBEVP_KEYMGMT\-DHX\fR\|(7)" 4 .IX Item "DHX, see EVP_KEYMGMT-DHX" -.IP "\s-1DSA,\s0 see \s-1\fBEVP_KEYMGMT\-DSA\s0\fR\|(7)" 4 +.IP "DSA, see \fBEVP_KEYMGMT\-DSA\fR\|(7)" 4 .IX Item "DSA, see EVP_KEYMGMT-DSA" -.IP "\s-1RSA,\s0 see \s-1\fBEVP_KEYMGMT\-RSA\s0\fR\|(7)" 4 +.IP "RSA, see \fBEVP_KEYMGMT\-RSA\fR\|(7)" 4 .IX Item "RSA, see EVP_KEYMGMT-RSA" -.IP "\s-1EC,\s0 see \s-1\fBEVP_KEYMGMT\-EC\s0\fR\|(7)" 4 +.IP "EC, see \fBEVP_KEYMGMT\-EC\fR\|(7)" 4 .IX Item "EC, see EVP_KEYMGMT-EC" -.IP "X25519, see \s-1\fBEVP_KEYMGMT\-X25519\s0\fR\|(7)" 4 +.IP "X25519, see \fBEVP_KEYMGMT\-X25519\fR\|(7)" 4 .IX Item "X25519, see EVP_KEYMGMT-X25519" -.IP "X448, see \s-1\fBEVP_KEYMGMT\-X448\s0\fR\|(7)" 4 +.IP "X448, see \fBEVP_KEYMGMT\-X448\fR\|(7)" 4 .IX Item "X448, see EVP_KEYMGMT-X448" .PD .SS "Random Number Generation" .IX Subsection "Random Number Generation" -.IP "CTR-DRBG, see \s-1\fBEVP_RAND\-CTR\-DRBG\s0\fR\|(7)" 4 +.IP "CTR\-DRBG, see \fBEVP_RAND\-CTR\-DRBG\fR\|(7)" 4 .IX Item "CTR-DRBG, see EVP_RAND-CTR-DRBG" .PD 0 -.IP "HASH-DRBG, see \s-1\fBEVP_RAND\-HASH\-DRBG\s0\fR\|(7)" 4 +.IP "HASH\-DRBG, see \fBEVP_RAND\-HASH\-DRBG\fR\|(7)" 4 .IX Item "HASH-DRBG, see EVP_RAND-HASH-DRBG" -.IP "HMAC-DRBG, see \s-1\fBEVP_RAND\-HMAC\-DRBG\s0\fR\|(7)" 4 +.IP "HMAC\-DRBG, see \fBEVP_RAND\-HMAC\-DRBG\fR\|(7)" 4 .IX Item "HMAC-DRBG, see EVP_RAND-HMAC-DRBG" -.IP "SEED-SRC, see \s-1\fBEVP_RAND\-SEED\-SRC\s0\fR\|(7)" 4 +.IP "SEED\-SRC, see \fBEVP_RAND\-SEED\-SRC\fR\|(7)" 4 .IX Item "SEED-SRC, see EVP_RAND-SEED-SRC" -.IP "TEST-RAND, see \s-1\fBEVP_RAND\-TEST\-RAND\s0\fR\|(7)" 4 +.IP "TEST\-RAND, see \fBEVP_RAND\-TEST\-RAND\fR\|(7)" 4 .IX Item "TEST-RAND, see EVP_RAND-TEST-RAND" .PD .SS "Asymmetric Key Encoder" .IX Subsection "Asymmetric Key Encoder" The default provider also includes all of the encoding algorithms -present in the base provider. Some of these have the property \*(L"fips=yes\*(R", -to allow them to be used together with the \s-1FIPS\s0 provider. -.IP "\s-1RSA,\s0 see \s-1\fBOSSL_ENCODER\-RSA\s0\fR\|(7)" 4 +present in the base provider. Some of these have the property "fips=yes", +to allow them to be used together with the FIPS provider. +.IP "RSA, see \fBOSSL_ENCODER\-RSA\fR\|(7)" 4 .IX Item "RSA, see OSSL_ENCODER-RSA" .PD 0 -.IP "\s-1DH,\s0 see \s-1\fBOSSL_ENCODER\-DH\s0\fR\|(7)" 4 +.IP "DH, see \fBOSSL_ENCODER\-DH\fR\|(7)" 4 .IX Item "DH, see OSSL_ENCODER-DH" -.IP "\s-1DSA,\s0 see \s-1\fBOSSL_ENCODER\-DSA\s0\fR\|(7)" 4 +.IP "DSA, see \fBOSSL_ENCODER\-DSA\fR\|(7)" 4 .IX Item "DSA, see OSSL_ENCODER-DSA" -.IP "\s-1EC,\s0 see \s-1\fBOSSL_ENCODER\-EC\s0\fR\|(7)" 4 +.IP "EC, see \fBOSSL_ENCODER\-EC\fR\|(7)" 4 .IX Item "EC, see OSSL_ENCODER-EC" -.IP "X25519, see \s-1\fBOSSL_ENCODER\-X25519\s0\fR\|(7)" 4 +.IP "X25519, see \fBOSSL_ENCODER\-X25519\fR\|(7)" 4 .IX Item "X25519, see OSSL_ENCODER-X25519" -.IP "X448, see \s-1\fBOSSL_ENCODER\-X448\s0\fR\|(7)" 4 +.IP "X448, see \fBOSSL_ENCODER\-X448\fR\|(7)" 4 .IX Item "X448, see OSSL_ENCODER-X448" .PD .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-core.h\fR\|(7), \fBopenssl\-core_dispatch.h\fR\|(7), \fBprovider\fR\|(7), \&\fBOSSL_PROVIDER\-base\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1RIPEMD160\s0 digest was added to the default provider in OpenSSL 3.0.7. +The RIPEMD160 digest was added to the default provider in OpenSSL 3.0.7. .PP All other functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/OSSL_PROVIDER-legacy.7.orig +++ secure/lib/libcrypto/man/man7/OSSL_PROVIDER-legacy.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PROVIDER-LEGACY 7ossl" -.TH OSSL_PROVIDER-LEGACY 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PROVIDER-LEGACY 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PROVIDER\-legacy \- OpenSSL legacy provider -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The OpenSSL legacy provider supplies OpenSSL implementations of algorithms that have been deemed legacy. Such algorithms have commonly fallen out of @@ -148,84 +73,81 @@ similar. .PP We can consider this the retirement home of cryptographic algorithms. -.SS "Properties" +.SS Properties .IX Subsection "Properties" The implementations in this provider specifically has this property defined: -.ie n .IP """provider=legacy""" 4 -.el .IP "``provider=legacy''" 4 -.IX Item "provider=legacy" +.IP """provider=legacy""" 4 +.IX Item """provider=legacy""" .PP It may be used in a property query string with fetching functions such as \&\fBEVP_MD_fetch\fR\|(3) or \fBEVP_CIPHER_fetch\fR\|(3), as well as with other functions that take a property query string, such as \&\fBEVP_PKEY_CTX_new_from_name\fR\|(3). .PP -It isn't mandatory to query for any of these properties, except to +It isn\*(Aqt mandatory to query for any of these properties, except to make sure to get implementations of this provider and none other. .SH "OPERATIONS AND ALGORITHMS" .IX Header "OPERATIONS AND ALGORITHMS" The OpenSSL legacy provider supports these operations and algorithms: .SS "Hashing Algorithms / Message Digests" .IX Subsection "Hashing Algorithms / Message Digests" -.IP "\s-1MD2,\s0 see \s-1\fBEVP_MD\-MD2\s0\fR\|(7)" 4 +.IP "MD2, see \fBEVP_MD\-MD2\fR\|(7)" 4 .IX Item "MD2, see EVP_MD-MD2" .PD 0 -.IP "\s-1MD4,\s0 see \s-1\fBEVP_MD\-MD4\s0\fR\|(7)" 4 +.IP "MD4, see \fBEVP_MD\-MD4\fR\|(7)" 4 .IX Item "MD4, see EVP_MD-MD4" -.IP "\s-1MDC2,\s0 see \s-1\fBEVP_MD\-MDC2\s0\fR\|(7)" 4 +.IP "MDC2, see \fBEVP_MD\-MDC2\fR\|(7)" 4 .IX Item "MDC2, see EVP_MD-MDC2" -.IP "\s-1WHIRLPOOL,\s0 see \s-1\fBEVP_MD\-WHIRLPOOL\s0\fR\|(7)" 4 +.IP "WHIRLPOOL, see \fBEVP_MD\-WHIRLPOOL\fR\|(7)" 4 .IX Item "WHIRLPOOL, see EVP_MD-WHIRLPOOL" -.IP "\s-1RIPEMD160,\s0 see \s-1\fBEVP_MD\-RIPEMD160\s0\fR\|(7)" 4 +.IP "RIPEMD160, see \fBEVP_MD\-RIPEMD160\fR\|(7)" 4 .IX Item "RIPEMD160, see EVP_MD-RIPEMD160" .PD .SS "Symmetric Ciphers" .IX Subsection "Symmetric Ciphers" Not all of these symmetric cipher algorithms are enabled by default. -.IP "Blowfish, see \s-1\fBEVP_CIPHER\-BLOWFISH\s0\fR\|(7)" 4 +.IP "Blowfish, see \fBEVP_CIPHER\-BLOWFISH\fR\|(7)" 4 .IX Item "Blowfish, see EVP_CIPHER-BLOWFISH" .PD 0 -.IP "\s-1CAST,\s0 see \s-1\fBEVP_CIPHER\-CAST\s0\fR\|(7)" 4 +.IP "CAST, see \fBEVP_CIPHER\-CAST\fR\|(7)" 4 .IX Item "CAST, see EVP_CIPHER-CAST" -.IP "\s-1DES,\s0 see \s-1\fBEVP_CIPHER\-DES\s0\fR\|(7)" 4 +.IP "DES, see \fBEVP_CIPHER\-DES\fR\|(7)" 4 .IX Item "DES, see EVP_CIPHER-DES" .PD -The algorithm names are: \s-1DES_ECB, DES_CBC, DES_OFB, DES_CFB, DES_CFB1, DES_CFB8\s0 -and \s-1DESX_CBC.\s0 -.IP "\s-1IDEA,\s0 see \s-1\fBEVP_CIPHER\-IDEA\s0\fR\|(7)" 4 +The algorithm names are: DES_ECB, DES_CBC, DES_OFB, DES_CFB, DES_CFB1, DES_CFB8 +and DESX_CBC. +.IP "IDEA, see \fBEVP_CIPHER\-IDEA\fR\|(7)" 4 .IX Item "IDEA, see EVP_CIPHER-IDEA" .PD 0 -.IP "\s-1RC2,\s0 see \s-1\fBEVP_CIPHER\-RC2\s0\fR\|(7)" 4 +.IP "RC2, see \fBEVP_CIPHER\-RC2\fR\|(7)" 4 .IX Item "RC2, see EVP_CIPHER-RC2" -.IP "\s-1RC4,\s0 see \s-1\fBEVP_CIPHER\-RC4\s0\fR\|(7)" 4 +.IP "RC4, see \fBEVP_CIPHER\-RC4\fR\|(7)" 4 .IX Item "RC4, see EVP_CIPHER-RC4" -.IP "\s-1RC5,\s0 see \s-1\fBEVP_CIPHER\-RC5\s0\fR\|(7)" 4 +.IP "RC5, see \fBEVP_CIPHER\-RC5\fR\|(7)" 4 .IX Item "RC5, see EVP_CIPHER-RC5" .PD Disabled by default. Use \fIenable\-rc5\fR config option to enable. -.IP "\s-1SEED,\s0 see \s-1\fBEVP_CIPHER\-SEED\s0\fR\|(7)" 4 +.IP "SEED, see \fBEVP_CIPHER\-SEED\fR\|(7)" 4 .IX Item "SEED, see EVP_CIPHER-SEED" -.SS "Key Derivation Function (\s-1KDF\s0)" +.SS "Key Derivation Function (KDF)" .IX Subsection "Key Derivation Function (KDF)" -.PD 0 -.IP "\s-1PBKDF1\s0" 4 +.IP PBKDF1 4 .IX Item "PBKDF1" -.PD .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), +\&\fBOSSL_PARAM\fR\|(3), \&\fBopenssl\-core.h\fR\|(7), \&\fBopenssl\-core_dispatch.h\fR\|(7), \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/OSSL_PROVIDER-null.7.orig +++ secure/lib/libcrypto/man/man7/OSSL_PROVIDER-null.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_PROVIDER-NULL 7ossl" -.TH OSSL_PROVIDER-NULL 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_PROVIDER-NULL 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME OSSL_PROVIDER\-null \- OpenSSL null provider -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The OpenSSL null provider supplies no algorithms. .PP It can used to guarantee that the default library context and a fallback provider will not be accidentally accessed. -.SS "Properties" +.SS Properties .IX Subsection "Properties" The null provider defines no properties. .SH "OPERATIONS AND ALGORITHMS" @@ -155,14 +80,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This functionality was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/RAND.7.orig +++ secure/lib/libcrypto/man/man7/RAND.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,94 +53,35 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RAND 7ossl" -.TH RAND 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RAND 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RAND \&\- the OpenSSL random generator -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Random numbers are a vital part of cryptography, they are needed to provide unpredictability for tasks like key generation, creating salts, and many more. -Software-based generators must be seeded with external randomness before they -can be used as a cryptographically-secure pseudo-random number generator -(\s-1CSPRNG\s0). +Software\-based generators must be seeded with external randomness before they +can be used as a cryptographically\-secure pseudo\-random number generator +(CSPRNG). The availability of common hardware with special instructions and modern operating systems, which may use items such as interrupt jitter and network packet timings, can be reasonable sources of seeding material. .PP -OpenSSL comes with a default implementation of the \s-1RAND API\s0 which is based on -the deterministic random bit generator (\s-1DRBG\s0) model as described in -[\s-1NIST SP 800\-90A\s0 Rev. 1]. The default random generator will initialize +OpenSSL comes with a default implementation of the RAND API which is based on +the deterministic random bit generator (DRBG) model as described in +[NIST SP 800\-90A Rev. 1]. The default random generator will initialize automatically on first use and will be fully functional without having -to be initialized ('seeded') explicitly. +to be initialized (\*(Aqseeded\*(Aq) explicitly. It seeds and reseeds itself automatically using trusted random sources provided by the operating system. .PP @@ -167,23 +92,23 @@ Although (re\-)seeding is automatic, it can fail because no trusted random source is available or the trusted source(s) temporarily fail to provide sufficient random seed material. -In this case the \s-1CSPRNG\s0 enters an error state and ceases to provide output, +In this case the CSPRNG enters an error state and ceases to provide output, until it is able to recover from the error by reseeding itself. -For more details on reseeding and error recovery, see \s-1\fBEVP_RAND\s0\fR\|(7). +For more details on reseeding and error recovery, see \fBEVP_RAND\fR\|(7). .PP For values that should remain secret, you can use \fBRAND_priv_bytes\fR\|(3) instead. -This method does not provide 'better' randomness, it uses the same type of -\&\s-1CSPRNG.\s0 -The intention behind using a dedicated \s-1CSPRNG\s0 exclusively for private +This method does not provide \*(Aqbetter\*(Aq randomness, it uses the same type of +CSPRNG. +The intention behind using a dedicated CSPRNG exclusively for private values is that none of its output should be visible to an attacker (e.g., used as salt value), in order to reveal as little information as -possible about its internal state, and that a compromise of the \*(L"public\*(R" -\&\s-1CSPRNG\s0 instance will not affect the secrecy of these private values. +possible about its internal state, and that a compromise of the "public" +CSPRNG instance will not affect the secrecy of these private values. .PP In the rare case where the default implementation does not satisfy your special -requirements, the default \s-1RAND\s0 internals can be replaced by your own -\&\s-1\fBEVP_RAND\s0\fR\|(3) objects. +requirements, the default RAND internals can be replaced by your own +\&\fBEVP_RAND\fR\|(3) objects. .PP Changing the default random generator should be necessary only in exceptional cases and is not recommended, unless you have a profound @@ -191,22 +116,22 @@ changes. .SH "DEFAULT SETUP" .IX Header "DEFAULT SETUP" -The default OpenSSL \s-1RAND\s0 method is based on the \s-1EVP_RAND\s0 deterministic random -bit generator (\s-1DRBG\s0) classes. -A \s-1DRBG\s0 is a certain type of cryptographically-secure pseudo-random -number generator (\s-1CSPRNG\s0), which is described in [\s-1NIST SP 800\-90A\s0 Rev. 1]. +The default OpenSSL RAND method is based on the EVP_RAND deterministic random +bit generator (DRBG) classes. +A DRBG is a certain type of cryptographically\-secure pseudo\-random +number generator (CSPRNG), which is described in [NIST SP 800\-90A Rev. 1]. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_bytes\fR\|(3), \&\fBRAND_priv_bytes\fR\|(3), -\&\s-1\fBEVP_RAND\s0\fR\|(3), +\&\fBEVP_RAND\fR\|(3), \&\fBRAND_get0_primary\fR\|(3), -\&\s-1\fBEVP_RAND\s0\fR\|(7) -.SH "COPYRIGHT" +\&\fBEVP_RAND\fR\|(7) +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/RSA-PSS.7.orig +++ secure/lib/libcrypto/man/man7/RSA-PSS.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,108 +53,49 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "RSA-PSS 7ossl" -.TH RSA-PSS 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH RSA-PSS 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME RSA\-PSS \- EVP_PKEY RSA\-PSS algorithm support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fBRSA-PSS\fR \s-1EVP_PKEY\s0 implementation is a restricted version of the \s-1RSA\s0 +The \fBRSA\-PSS\fR EVP_PKEY implementation is a restricted version of the RSA algorithm which only supports signing, verification and key generation -using \s-1PSS\s0 padding modes with optional parameter restrictions. +using PSS padding modes with optional parameter restrictions. .PP It has associated private key and public key formats. .PP -This algorithm shares several control operations with the \fB\s-1RSA\s0\fR algorithm +This algorithm shares several control operations with the \fBRSA\fR algorithm but with some restrictions described below. .SS "Signing and Verification" .IX Subsection "Signing and Verification" -Signing and verification is similar to the \fB\s-1RSA\s0\fR algorithm except the -padding mode is always \s-1PSS.\s0 If the key in use has parameter restrictions then +Signing and verification is similar to the \fBRSA\fR algorithm except the +padding mode is always PSS. If the key in use has parameter restrictions then the corresponding signature parameters are set to the restrictions: -for example, if the key can only be used with digest \s-1SHA256, MGF1 SHA256\s0 -and minimum salt length 32 then the digest, \s-1MGF1\s0 digest and salt length -will be set to \s-1SHA256, SHA256\s0 and 32 respectively. +for example, if the key can only be used with digest SHA256, MGF1 SHA256 +and minimum salt length 32 then the digest, MGF1 digest and salt length +will be set to SHA256, SHA256 and 32 respectively. .SS "Key Generation" .IX Subsection "Key Generation" By default no parameter restrictions are placed on the generated key. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The public key format is documented in \s-1RFC4055.\s0 +The public key format is documented in RFC4055. .PP -The PKCS#8 private key format used for RSA-PSS keys is similar to the \s-1RSA\s0 -format except it uses the \fBid-RSASSA-PSS\fR \s-1OID\s0 and the parameters field, if +The PKCS#8 private key format used for RSA\-PSS keys is similar to the RSA +format except it uses the \fBid\-RSASSA\-PSS\fR OID and the parameters field, if present, restricts the key parameters in the same way as the public key. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC 4055\s0 +RFC 4055 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md\fR\|(3), @@ -179,11 +104,11 @@ \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/X25519.7.orig +++ secure/lib/libcrypto/man/man7/X25519.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X25519 7ossl" -.TH X25519 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X25519 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME X25519, X448 \&\- EVP_PKEY X25519 and X448 support -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fBX25519\fR and \fBX448\fR \s-1EVP_PKEY\s0 implementation supports key generation and +The \fBX25519\fR and \fBX448\fR EVP_PKEY implementation supports key generation and key derivation using \fBX25519\fR and \fBX448\fR. It has associated private and public -key formats compatible with \s-1RFC 8410.\s0 +key formats compatible with RFC 8410. .PP No additional parameters can be set during key generation. .PP The peer public key must be set using \fBEVP_PKEY_derive_set_peer()\fR when performing key derivation. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" A context for the \fBX25519\fR algorithm can be obtained by calling: .PP @@ -174,11 +99,11 @@ .PP X25519 or X448 public keys can be set directly using \&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo -structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). -.SH "EXAMPLES" +structure in a PEM file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.SH EXAMPLES .IX Header "EXAMPLES" This example generates an \fBX25519\fR private key and writes it to standard -output in \s-1PEM\s0 format: +output in PEM format: .PP .Vb 9 \& #include @@ -200,11 +125,11 @@ \&\fBEVP_PKEY_keygen\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3), \&\fBEVP_PKEY_derive_set_peer\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/bio.7.orig +++ secure/lib/libcrypto/man/man7/bio.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,125 +53,66 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "BIO 7ossl" -.TH BIO 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH BIO 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME bio \- Basic I/O abstraction -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O -details from an application. If an application uses a \s-1BIO\s0 for its -I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network +A BIO is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a BIO for its +I/O it can transparently handle SSL connections, unencrypted network connections and file I/O. .PP -There are two types of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0 +There are two types of BIO, a source/sink BIO and a filter BIO. .PP -As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, -examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0 +As its name implies a source/sink BIO is a source and/or sink of data, +examples include a socket BIO and a file BIO. .PP -A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to +A filter BIO takes data from one BIO and passes it through to another, or the application. The data may be left unmodified (for -example a message digest \s-1BIO\s0) or translated (for example an -encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according +example a message digest BIO) or translated (for example an +encryption BIO). The effect of a filter BIO may change according to the I/O operation it is performing: for example an encryption -\&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data +BIO will encrypt data if it is being written to and decrypt data if it is being read from. .PP -BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain +BIOs can be joined together to form a chain (a single BIO is a chain with one component). A chain normally consists of one source/sink -\&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the -first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink -\&\s-1BIO\s0). +BIO and one or more filter BIOs. Data read from or written to the +first BIO then traverses the chain to the end (normally a source/sink +BIO). .PP Some BIOs (such as memory BIOs) can be used immediately after calling \&\fBBIO_new()\fR. Others (such as file BIOs) need some additional initialization, and frequently a utility function exists to create and initialize such BIOs. .PP -If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +If \fBBIO_free()\fR is called on a BIO chain it will only free one BIO resulting in a memory leak. .PP -Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling +Calling \fBBIO_free_all()\fR on a single BIO has the same effect as calling \&\fBBIO_free()\fR on it other than the discarded return value. .PP Normally the \fItype\fR argument is supplied by a function which returns a -pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions: -a source/sink \s-1BIO\s0 typically starts with \fIBIO_s_\fR and -a filter \s-1BIO\s0 with \fIBIO_f_\fR. -.SH "EXAMPLES" +pointer to a BIO_METHOD. There is a naming convention for such functions: +a source/sink BIO typically starts with \fIBIO_s_\fR and +a filter BIO with \fIBIO_f_\fR. +.SH EXAMPLES .IX Header "EXAMPLES" -Create a memory \s-1BIO:\s0 +Create a memory BIO: .PP .Vb 1 \& BIO *mem = BIO_new(BIO_s_mem()); @@ -208,11 +133,11 @@ \&\fBBIO_s_null\fR\|(3), \fBBIO_s_socket\fR\|(3), \&\fBBIO_set_callback\fR\|(3), \&\fBBIO_should_retry\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/crypto.7.orig +++ secure/lib/libcrypto/man/man7/crypto.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,133 +53,74 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CRYPTO 7ossl" -.TH CRYPTO 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CRYPTO 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME crypto \- OpenSSL cryptographic library -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" See the individual manual pages for details. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The OpenSSL crypto library (\f(CW\*(C`libcrypto\*(C'\fR) implements a wide range of cryptographic algorithms used in various Internet standards. The services -provided by this library are used by the OpenSSL implementations of \s-1TLS\s0 and -\&\s-1CMS,\s0 and they have also been used to implement many other third party products +provided by this library are used by the OpenSSL implementations of TLS and +CMS, and they have also been used to implement many other third party products and protocols. .PP The functionality includes symmetric encryption, public key cryptography, key agreement, certificate handling, cryptographic hash functions, cryptographic -pseudo-random number generators, message authentication codes (MACs), key +pseudo\-random number generators, message authentication codes (MACs), key derivation functions (KDFs), and various utilities. -.SS "Algorithms" +.SS Algorithms .IX Subsection "Algorithms" -Cryptographic primitives such as the \s-1SHA256\s0 digest, or \s-1AES\s0 encryption are -referred to in OpenSSL as \*(L"algorithms\*(R". Each algorithm may have multiple -implementations available for use. For example the \s-1RSA\s0 algorithm is available as -a \*(L"default\*(R" implementation suitable for general use, and a \*(L"fips\*(R" implementation -which has been validated to \s-1FIPS\s0 standards for situations where that is +Cryptographic primitives such as the SHA256 digest, or AES encryption are +referred to in OpenSSL as "algorithms". Each algorithm may have multiple +implementations available for use. For example the RSA algorithm is available as +a "default" implementation suitable for general use, and a "fips" implementation +which has been validated to FIPS standards for situations where that is important. It is also possible that a third party could add additional -implementations such as in a hardware security module (\s-1HSM\s0). -.SS "Operations" +implementations such as in a hardware security module (HSM). +.SS Operations .IX Subsection "Operations" Different algorithms can be grouped together by their purpose. For example there are algorithms for encryption, and different algorithms for digesting data. -These different groups are known as \*(L"operations\*(R" in OpenSSL. Each operation +These different groups are known as "operations" in OpenSSL. Each operation has a different set of functions associated with it. For example to perform an -encryption operation using \s-1AES\s0 (or any other encryption algorithm) you would use +encryption operation using AES (or any other encryption algorithm) you would use the encryption functions detailed on the \fBEVP_EncryptInit\fR\|(3) page. Or to -perform a digest operation using \s-1SHA256\s0 then you would use the digesting +perform a digest operation using SHA256 then you would use the digesting functions on the \fBEVP_DigestInit\fR\|(3) page. -.SS "Providers" +.SS Providers .IX Subsection "Providers" A provider in OpenSSL is a component that collects together algorithm implementations. In order to use an algorithm you must have at least one provider loaded that contains an implementation of it. OpenSSL comes with a number of providers and they may also be obtained from third parties. If you -don't load a provider explicitly (either in program code or via config) then the -OpenSSL built-in \*(L"default\*(R" provider will be automatically loaded. +don\*(Aqt load a provider explicitly (either in program code or via config) then the +OpenSSL built\-in "default" provider will be automatically loaded. .SS "Library contexts" .IX Subsection "Library contexts" -A library context can be thought of as a \*(L"scope\*(R" within which configuration +A library context can be thought of as a "scope" within which configuration options take effect. When a provider is loaded, it is only loaded within the scope of a given library context. In this way it is possible for different components of a complex application to each use a different library context and have different providers loaded with different configuration settings. .PP If an application does not explicitly create a library context then the -\&\*(L"default\*(R" library context will be used. +"default" library context will be used. .PP -Library contexts are represented by the \fB\s-1OSSL_LIB_CTX\s0\fR type. Many OpenSSL \s-1API\s0 +Library contexts are represented by the \fBOSSL_LIB_CTX\fR type. Many OpenSSL API functions take a library context as a parameter. Applications can always pass -\&\fB\s-1NULL\s0\fR for this parameter to just use the default library context. +\&\fBNULL\fR for this parameter to just use the default library context. .PP The default library context is automatically created the first time it is needed. This will automatically load any available configuration file and will @@ -203,32 +128,32 @@ 1.1.0) no explicit initialisation steps need to be taken. .PP Similarly when the application exits the default library context is -automatically destroyed. No explicit de-initialisation steps need to be taken. +automatically destroyed. No explicit de\-initialisation steps need to be taken. .PP -See \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) for more information about library contexts. -See also \*(L"\s-1ALGORITHM FETCHING\*(R"\s0. -.SS "Multi-threaded applications" +See \fBOSSL_LIB_CTX\fR\|(3) for more information about library contexts. +See also "ALGORITHM FETCHING". +.SS "Multi\-threaded applications" .IX Subsection "Multi-threaded applications" As long as OpenSSL has been built with support for threads (the default case -on most platforms) then most OpenSSL \fIfunctions\fR are thread-safe in the sense +on most platforms) then most OpenSSL \fIfunctions\fR are thread\-safe in the sense that it is safe to call the same function from multiple threads at the same -time. However most OpenSSL \fIdata structures\fR are not thread-safe. For example +time. However most OpenSSL \fIdata structures\fR are not thread\-safe. For example the \fBBIO_write\fR\|(3) and \fBBIO_read\fR\|(3) functions are thread safe. However it would not be thread safe to call \fBBIO_write()\fR from one thread while calling -\&\fBBIO_read()\fR in another where both functions are passed the same \fB\s-1BIO\s0\fR object -since both of them may attempt to make changes to the same \fB\s-1BIO\s0\fR object. +\&\fBBIO_read()\fR in another where both functions are passed the same \fBBIO\fR object +since both of them may attempt to make changes to the same \fBBIO\fR object. .PP There are exceptions to these rules. A small number of functions are not thread safe at all. Where this is the case this restriction should be noted in the documentation for the function. Similarly some data structures may be partially -or fully thread safe. For example it is safe to use an \fB\s-1OSSL_LIB_CTX\s0\fR in +or fully thread safe. For example it is safe to use an \fBOSSL_LIB_CTX\fR in multiple threads. .PP See \fBopenssl\-threads\fR\|(7) for a more detailed discussion on OpenSSL threading support. .SH "ALGORITHM FETCHING" .IX Header "ALGORITHM FETCHING" -In order to use an algorithm an implementation for it must first be \*(L"fetched\*(R". +In order to use an algorithm an implementation for it must first be "fetched". Fetching is the process of looking through the available implementations, applying selection criteria (via a property query string), and finally choosing the implementation that will be used. @@ -239,7 +164,7 @@ .IX Subsection "Property query strings" When fetching an algorithm it is possible to specify a property query string to guide the selection process. For example a property query string of -\&\*(L"provider=default\*(R" could be used to force the selection to only consider +"provider=default" could be used to force the selection to only consider algorithm implementations in the default provider. .PP Property query strings can be specified explicitly as an argument to a function. @@ -266,8 +191,8 @@ arguments are passed: .IP "The library context" 4 .IX Item "The library context" -See \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) for a more detailed description. -This may be \s-1NULL\s0 to signify the default (global) library context, or a +See \fBOSSL_LIB_CTX\fR\|(3) for a more detailed description. +This may be NULL to signify the default (global) library context, or a context created by the user. Only providers loaded in this library context (see \&\fBOSSL_PROVIDER_load\fR\|(3)) will be considered by the fetching function. In case no provider has been loaded in this library context then the default provider @@ -282,7 +207,7 @@ .PP The algorithm implementation that is fetched can then be used with other diverse functions that use them. For example the \fBEVP_DigestInit_ex\fR\|(3) function takes -as a parameter an \fB\s-1EVP_MD\s0\fR object which may have been returned from an earlier +as a parameter an \fBEVP_MD\fR object which may have been returned from an earlier call to \fBEVP_MD_fetch\fR\|(3). .SS "Implicit fetching" .IX Subsection "Implicit fetching" @@ -296,38 +221,38 @@ \&\fBEVP_CipherInit_ex\fR\|(3), the actual implementation to be used is fetched implicitly using default search criteria. .PP -In some cases implicit fetching can also occur when a \s-1NULL\s0 algorithm parameter +In some cases implicit fetching can also occur when a NULL algorithm parameter is supplied. In this case an algorithm implementation is implicitly fetched using default search criteria and an algorithm name that is consistent with the context in which it is being used. .PP -Functions that revolve around \fB\s-1EVP_PKEY_CTX\s0\fR and \s-1\fBEVP_PKEY\s0\fR\|(3), such as +Functions that revolve around \fBEVP_PKEY_CTX\fR and \fBEVP_PKEY\fR\|(3), such as \&\fBEVP_DigestSignInit\fR\|(3) and friends, all fetch the implementations implicitly. Because these functions involve both an operation type (such as -\&\s-1\fBEVP_SIGNATURE\s0\fR\|(3)) and an \s-1\fBEVP_KEYMGMT\s0\fR\|(3) for the \s-1\fBEVP_PKEY\s0\fR\|(3), they try +\&\fBEVP_SIGNATURE\fR\|(3)) and an \fBEVP_KEYMGMT\fR\|(3) for the \fBEVP_PKEY\fR\|(3), they try the following: -.IP "1." 4 +.IP 1. 4 Fetch the operation type implementation from any provider given a library -context and property string stored in the \fB\s-1EVP_PKEY_CTX\s0\fR. +context and property string stored in the \fBEVP_PKEY_CTX\fR. .Sp If the provider of the operation type implementation is different from the -provider of the \s-1\fBEVP_PKEY\s0\fR\|(3)'s \s-1\fBEVP_KEYMGMT\s0\fR\|(3) implementation, try to -fetch a \s-1\fBEVP_KEYMGMT\s0\fR\|(3) implementation in the same provider as the operation -type implementation and export the \s-1\fBEVP_PKEY\s0\fR\|(3) to it (effectively making a +provider of the \fBEVP_PKEY\fR\|(3)\*(Aqs \fBEVP_KEYMGMT\fR\|(3) implementation, try to +fetch a \fBEVP_KEYMGMT\fR\|(3) implementation in the same provider as the operation +type implementation and export the \fBEVP_PKEY\fR\|(3) to it (effectively making a temporary copy of the original key). .Sp If anything in this step fails, the next step is used as a fallback. -.IP "2." 4 +.IP 2. 4 As a fallback, try to fetch the operation type implementation from the same -provider as the original \s-1\fBEVP_PKEY\s0\fR\|(3)'s \s-1\fBEVP_KEYMGMT\s0\fR\|(3), still using the -property string from the \fB\s-1EVP_PKEY_CTX\s0\fR. -.SS "Performance" +provider as the original \fBEVP_PKEY\fR\|(3)\*(Aqs \fBEVP_KEYMGMT\fR\|(3), still using the +property string from the \fBEVP_PKEY_CTX\fR. +.SS Performance .IX Subsection "Performance" If you perform the same operation many times then it is recommended to use -\&\*(L"Explicit fetching\*(R" to prefetch an algorithm once initially, +"Explicit fetching" to prefetch an algorithm once initially, and then pass this created object to any operations that are currently -using \*(L"Implicit fetching\*(R". -See an example of Explicit fetching in \*(L"\s-1USING ALGORITHMS IN APPLICATIONS\*(R"\s0. +using "Implicit fetching". +See an example of Explicit fetching in "USING ALGORITHMS IN APPLICATIONS". .PP Prior to OpenSSL 3.0, constant method tables (such as \fBEVP_sha256()\fR) were used directly to access methods. If you pass one of these convenience functions @@ -345,34 +270,34 @@ (so loading a digest caches all digests). .PP The following methods can be used for prefetching: -.IP "\fBEVP_MD_fetch\fR\|(3)" 4 +.IP \fBEVP_MD_fetch\fR\|(3) 4 .IX Item "EVP_MD_fetch" .PD 0 -.IP "\fBEVP_CIPHER_fetch\fR\|(3)" 4 +.IP \fBEVP_CIPHER_fetch\fR\|(3) 4 .IX Item "EVP_CIPHER_fetch" -.IP "\fBEVP_KDF_fetch\fR\|(3)" 4 +.IP \fBEVP_KDF_fetch\fR\|(3) 4 .IX Item "EVP_KDF_fetch" -.IP "\fBEVP_MAC_fetch\fR\|(3)" 4 +.IP \fBEVP_MAC_fetch\fR\|(3) 4 .IX Item "EVP_MAC_fetch" -.IP "\fBEVP_KEM_fetch\fR\|(3)" 4 +.IP \fBEVP_KEM_fetch\fR\|(3) 4 .IX Item "EVP_KEM_fetch" -.IP "\fBOSSL_ENCODER_fetch\fR\|(3)" 4 +.IP \fBOSSL_ENCODER_fetch\fR\|(3) 4 .IX Item "OSSL_ENCODER_fetch" -.IP "\fBOSSL_DECODER_fetch\fR\|(3)" 4 +.IP \fBOSSL_DECODER_fetch\fR\|(3) 4 .IX Item "OSSL_DECODER_fetch" -.IP "\fBEVP_RAND_fetch\fR\|(3)" 4 +.IP \fBEVP_RAND_fetch\fR\|(3) 4 .IX Item "EVP_RAND_fetch" .PD .PP The following methods are used internally when performing operations: -.IP "\fBEVP_KEYMGMT_fetch\fR\|(3)" 4 +.IP \fBEVP_KEYMGMT_fetch\fR\|(3) 4 .IX Item "EVP_KEYMGMT_fetch" .PD 0 -.IP "\fBEVP_KEYEXCH_fetch\fR\|(3)" 4 +.IP \fBEVP_KEYEXCH_fetch\fR\|(3) 4 .IX Item "EVP_KEYEXCH_fetch" -.IP "\fBEVP_SIGNATURE_fetch\fR\|(3)" 4 +.IP \fBEVP_SIGNATURE_fetch\fR\|(3) 4 .IX Item "EVP_SIGNATURE_fetch" -.IP "\fBOSSL_STORE_LOADER_fetch\fR\|(3)" 4 +.IP \fBOSSL_STORE_LOADER_fetch\fR\|(3) 4 .IX Item "OSSL_STORE_LOADER_fetch" .PD .PP @@ -384,8 +309,8 @@ The following section provides a series of examples of fetching algorithm implementations. .PP -Fetch any available implementation of \s-1SHA2\-256\s0 in the default context. Note -that some algorithms have aliases. So \*(L"\s-1SHA256\*(R"\s0 and \*(L"\s-1SHA2\-256\*(R"\s0 are synonymous: +Fetch any available implementation of SHA2\-256 in the default context. Note +that some algorithms have aliases. So "SHA256" and "SHA2\-256" are synonymous: .PP .Vb 3 \& EVP_MD *md = EVP_MD_fetch(NULL, "SHA2\-256", NULL); @@ -393,7 +318,7 @@ \& EVP_MD_free(md); .Ve .PP -Fetch any available implementation of \s-1AES\-128\-CBC\s0 in the default context: +Fetch any available implementation of AES\-128\-CBC in the default context: .PP .Vb 3 \& EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES\-128\-CBC", NULL); @@ -401,7 +326,7 @@ \& EVP_CIPHER_free(cipher); .Ve .PP -Fetch an implementation of \s-1SHA2\-256\s0 from the default provider in the default +Fetch an implementation of SHA2\-256 from the default provider in the default context: .PP .Vb 3 @@ -410,7 +335,7 @@ \& EVP_MD_free(md); .Ve .PP -Fetch an implementation of \s-1SHA2\-256\s0 that is not from the default provider in the +Fetch an implementation of SHA2\-256 that is not from the default provider in the default context: .PP .Vb 3 @@ -419,7 +344,7 @@ \& EVP_MD_free(md); .Ve .PP -Fetch an implementation of \s-1SHA2\-256\s0 from the default provider in the specified +Fetch an implementation of SHA2\-256 from the default provider in the specified context: .PP .Vb 3 @@ -429,7 +354,7 @@ .Ve .PP Load the legacy provider into the default context and then fetch an -implementation of \s-1WHIRLPOOL\s0 from it: +implementation of WHIRLPOOL from it: .PP .Vb 2 \& /* This only needs to be done once \- usually at application start up */ @@ -440,9 +365,9 @@ \& EVP_MD_free(md); .Ve .PP -Note that in the above example the property string \*(L"provider=legacy\*(R" is optional +Note that in the above example the property string "provider=legacy" is optional since, assuming no other providers have been loaded, the only implementation of -the \*(L"whirlpool\*(R" algorithm is in the \*(L"legacy\*(R" provider. Also note that the +the "whirlpool" algorithm is in the "legacy" provider. Also note that the default provider should be explicitly loaded if it is required in addition to other providers: .PP @@ -477,12 +402,12 @@ The default provider is built in as part of the \fIlibcrypto\fR library and contains all of the most commonly used algorithm implementations. Should it be needed (if other providers are loaded and offer implementations of the same -algorithms), the property query string \*(L"provider=default\*(R" can be used as a +algorithms), the property query string "provider=default" can be used as a search criterion for these implementations. The default provider includes all of the functionality in the base provider below. .PP -If you don't load any providers at all then the \*(L"default\*(R" provider will be -automatically loaded. If you explicitly load any provider then the \*(L"default\*(R" +If you don\*(Aqt load any providers at all then the "default" provider will be +automatically loaded. If you explicitly load any provider then the "default" provider would also need to be explicitly loaded if it is required. .PP See \fBOSSL_PROVIDER\-default\fR\|(7). @@ -492,35 +417,35 @@ algorithm implementations for encoding and decoding for OpenSSL keys. Should it be needed (if other providers are loaded and offer implementations of the same algorithms), the property query string -\&\*(L"provider=base\*(R" can be used as a search criterion for these implementations. -Some encoding and decoding algorithm implementations are not \s-1FIPS\s0 algorithm -implementations in themselves but support algorithms from the \s-1FIPS\s0 provider and -are allowed for use in \*(L"\s-1FIPS\s0 mode\*(R". The property query string \*(L"fips=yes\*(R" can be +"provider=base" can be used as a search criterion for these implementations. +Some encoding and decoding algorithm implementations are not FIPS algorithm +implementations in themselves but support algorithms from the FIPS provider and +are allowed for use in "FIPS mode". The property query string "fips=yes" can be used to select such algorithms. .PP See \fBOSSL_PROVIDER\-base\fR\|(7). -.SS "\s-1FIPS\s0 provider" +.SS "FIPS provider" .IX Subsection "FIPS provider" -The \s-1FIPS\s0 provider is a dynamically loadable module, and must therefore +The FIPS provider is a dynamically loadable module, and must therefore be loaded explicitly, either in code or through OpenSSL configuration (see \fBconfig\fR\|(5)). It contains algorithm implementations that have been -validated according to the \s-1FIPS 140\-2\s0 standard. Should it be needed (if other +validated according to the FIPS 140\-2 standard. Should it be needed (if other providers are loaded and offer implementations of the same algorithms), the -property query string \*(L"provider=fips\*(R" can be used as a search criterion for -these implementations. All approved algorithm implementations in the \s-1FIPS\s0 -provider can also be selected with the property \*(L"fips=yes\*(R". The \s-1FIPS\s0 provider -may also contain non-approved algorithm implementations and these can be -selected with the property \*(L"fips=no\*(R". +property query string "provider=fips" can be used as a search criterion for +these implementations. All approved algorithm implementations in the FIPS +provider can also be selected with the property "fips=yes". The FIPS provider +may also contain non\-approved algorithm implementations and these can be +selected with the property "fips=no". .PP -See \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) and \fBfips_module\fR\|(7). +See \fBOSSL_PROVIDER\-FIPS\fR\|(7) and \fBfips_module\fR\|(7). .SS "Legacy provider" .IX Subsection "Legacy provider" The legacy provider is a dynamically loadable module, and must therefore be loaded explicitly, either in code or through OpenSSL configuration (see \fBconfig\fR\|(5)). It contains algorithm implementations that are considered -insecure, or are no longer in common use such as \s-1MD2\s0 or \s-1RC4.\s0 Should it be needed +insecure, or are no longer in common use such as MD2 or RC4. Should it be needed (if other providers are loaded and offer implementations of the same algorithms), -the property \*(L"provider=legacy\*(R" can be used as a search criterion for these +the property "provider=legacy" can be used as a search criterion for these implementations. .PP See \fBOSSL_PROVIDER\-legacy\fR\|(7). @@ -535,22 +460,22 @@ .SH "USING ALGORITHMS IN APPLICATIONS" .IX Header "USING ALGORITHMS IN APPLICATIONS" Cryptographic algorithms are made available to applications through use of the -\&\*(L"\s-1EVP\*(R"\s0 APIs. Each of the various operations such as encryption, digesting, -message authentication codes, etc., have a set of \s-1EVP\s0 function calls that can +"EVP" APIs. Each of the various operations such as encryption, digesting, +message authentication codes, etc., have a set of EVP function calls that can be invoked to use them. See the \fBevp\fR\|(7) page for further details. .PP -Most of these follow a common pattern. A \*(L"context\*(R" object is first created. For -example for a digest operation you would use an \fB\s-1EVP_MD_CTX\s0\fR, and for an -encryption/decryption operation you would use an \fB\s-1EVP_CIPHER_CTX\s0\fR. The -operation is then initialised ready for use via an \*(L"init\*(R" function \- optionally -passing in a set of parameters (using the \s-1\fBOSSL_PARAM\s0\fR\|(3) type) to configure how +Most of these follow a common pattern. A "context" object is first created. For +example for a digest operation you would use an \fBEVP_MD_CTX\fR, and for an +encryption/decryption operation you would use an \fBEVP_CIPHER_CTX\fR. The +operation is then initialised ready for use via an "init" function \- optionally +passing in a set of parameters (using the \fBOSSL_PARAM\fR\|(3) type) to configure how the operation should behave. Next data is fed into the operation in a series of -\&\*(L"update\*(R" calls. The operation is finalised using a \*(L"final\*(R" call which will +"update" calls. The operation is finalised using a "final" call which will typically provide some kind of output. Finally the context is cleaned up and freed. .PP The following shows a complete example for doing this process for digesting -data using \s-1SHA256.\s0 The process is similar for other operations such as +data using SHA256. The process is similar for other operations such as encryption/decryption, signatures, message authentication codes, etc. .PP .Vb 4 @@ -623,7 +548,7 @@ \& return ret; \& } .Ve -.SH "CONFIGURATION" +.SH CONFIGURATION .IX Header "CONFIGURATION" By default OpenSSL will load a configuration file when it is first used. This will set up various configuration settings within the default library context. @@ -637,9 +562,9 @@ .SH "ENCODING AND DECODING KEYS" .IX Header "ENCODING AND DECODING KEYS" Many algorithms require the use of a key. Keys can be generated dynamically -using the \s-1EVP\s0 APIs (for example see \fBEVP_PKEY_Q_keygen\fR\|(3)). However it is often +using the EVP APIs (for example see \fBEVP_PKEY_Q_keygen\fR\|(3)). However it is often necessary to save or load keys (or their associated parameters) to or from some -external format such as \s-1PEM\s0 or \s-1DER\s0 (see \fBopenssl\-glossary\fR\|(7)). OpenSSL uses +external format such as PEM or DER (see \fBopenssl\-glossary\fR\|(7)). OpenSSL uses encoders and decoders to perform this task. .PP Encoders and decoders are just algorithm implementations in the same way as @@ -651,10 +576,10 @@ information about decoders see \fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3). .SH "LIBRARY CONVENTIONS" .IX Header "LIBRARY CONVENTIONS" -Many OpenSSL functions that \*(L"get\*(R" or \*(L"set\*(R" a value follow a naming convention -using the numbers \fB0\fR and \fB1\fR, i.e. \*(L"get0\*(R", \*(L"get1\*(R", \*(L"set0\*(R" and \*(L"set1\*(R". This -can also apply to some functions that \*(L"add\*(R" a value to an existing set, i.e. -\&\*(L"add0\*(R" and \*(L"add1\*(R". +Many OpenSSL functions that "get" or "set" a value follow a naming convention +using the numbers \fB0\fR and \fB1\fR, i.e. "get0", "get1", "set0" and "set1". This +can also apply to some functions that "add" a value to an existing set, i.e. +"add0" and "add1". .PP For example the functions: .PP @@ -670,20 +595,20 @@ be freed directly. It will be freed implicitly when \fIcrl\fR is freed. .PP In the \fB1\fR version the ownership of the object is not passed to or retained by -the parent object. Instead a copy or \*(L"up ref\*(R" of the object is performed. So +the parent object. Instead a copy or "up ref" of the object is performed. So after calling the \fBX509_add1_trust_object()\fR function above the application will still be responsible for freeing the \fIobj\fR value where appropriate. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBopenssl\fR\|(1), \fBssl\fR\|(7), \fBevp\fR\|(7), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3), \fBopenssl\-threads\fR\|(7), +\&\fBopenssl\fR\|(1), \fBssl\fR\|(7), \fBevp\fR\|(7), \fBOSSL_LIB_CTX\fR\|(3), \fBopenssl\-threads\fR\|(7), \&\fBproperty\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7), \fBOSSL_PROVIDER\-base\fR\|(7), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7), \fBOSSL_PROVIDER\-null\fR\|(7), +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7), \fBOSSL_PROVIDER\-legacy\fR\|(7), \fBOSSL_PROVIDER\-null\fR\|(7), \&\fBopenssl\-glossary\fR\|(7), \fBprovider\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/ct.7.orig +++ secure/lib/libcrypto/man/man7/ct.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,98 +53,39 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CT 7ossl" -.TH CT 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CT 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ct \- Certificate Transparency -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This library implements Certificate Transparency (\s-1CT\s0) verification for \s-1TLS\s0 -clients, as defined in \s-1RFC 6962.\s0 This verification can provide some confidence -that a certificate has been publicly logged in a set of \s-1CT\s0 logs. +This library implements Certificate Transparency (CT) verification for TLS +clients, as defined in RFC 6962. This verification can provide some confidence +that a certificate has been publicly logged in a set of CT logs. .PP By default, these checks are disabled. They can be enabled using \&\fBSSL_CTX_enable_ct\fR\|(3) or \fBSSL_enable_ct\fR\|(3). .PP -This library can also be used to parse and examine \s-1CT\s0 data structures, such as -Signed Certificate Timestamps (SCTs), or to read a list of \s-1CT\s0 logs. There are +This library can also be used to parse and examine CT data structures, such as +Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are functions for: -\&\- decoding and encoding SCTs in \s-1DER\s0 and \s-1TLS\s0 wire format. +\&\- decoding and encoding SCTs in DER and TLS wire format. \&\- printing SCTs. \&\- verifying the authenticity of SCTs. -\&\- loading a \s-1CT\s0 log list from a \s-1CONF\s0 file. +\&\- loading a CT log list from a CONF file. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_SCT_LIST\fR\|(3), @@ -172,14 +97,14 @@ \&\fBSCT_validate\fR\|(3), \&\fBCT_POLICY_EVAL_CTX_new\fR\|(3), \&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The ct library was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/des_modes.7.orig +++ secure/lib/libcrypto/man/man7/des_modes.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,207 +53,148 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "DES_MODES 7ossl" -.TH DES_MODES 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH DES_MODES 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME des_modes \- the variants of DES and other crypto algorithms of OpenSSL -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Several crypto algorithms for OpenSSL can be used in a number of modes. Those are used for using block ciphers in a way similar to stream ciphers, among other things. -.SH "OVERVIEW" +.SH OVERVIEW .IX Header "OVERVIEW" -.SS "Electronic Codebook Mode (\s-1ECB\s0)" +.SS "Electronic Codebook Mode (ECB)" .IX Subsection "Electronic Codebook Mode (ECB)" Normally, this is found as the function \fIalgorithm\fR\fB_ecb_encrypt()\fR. -.IP "\(bu" 2 +.IP \(bu 2 64 bits are enciphered at a time. -.IP "\(bu" 2 +.IP \(bu 2 The order of the blocks can be rearranged without detection. -.IP "\(bu" 2 +.IP \(bu 2 The same plaintext block always produces the same ciphertext block -(for the same key) making it vulnerable to a 'dictionary attack'. -.IP "\(bu" 2 +(for the same key) making it vulnerable to a \*(Aqdictionary attack\*(Aq. +.IP \(bu 2 An error will only affect one ciphertext block. -.SS "Cipher Block Chaining Mode (\s-1CBC\s0)" +.SS "Cipher Block Chaining Mode (CBC)" .IX Subsection "Cipher Block Chaining Mode (CBC)" Normally, this is found as the function \fIalgorithm\fR\fB_cbc_encrypt()\fR. -Be aware that \fBdes_cbc_encrypt()\fR is not really \s-1DES CBC\s0 (it does -not update the \s-1IV\s0); use \fBdes_ncbc_encrypt()\fR instead. -.IP "\(bu" 2 +Be aware that \fBdes_cbc_encrypt()\fR is not really DES CBC (it does +not update the IV); use \fBdes_ncbc_encrypt()\fR instead. +.IP \(bu 2 a multiple of 64 bits are enciphered at a time. -.IP "\(bu" 2 -The \s-1CBC\s0 mode produces the same ciphertext whenever the same +.IP \(bu 2 +The CBC mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable. -.IP "\(bu" 2 +.IP \(bu 2 The chaining operation makes the ciphertext blocks dependent on the current and all preceding plaintext blocks and therefore blocks can not be rearranged. -.IP "\(bu" 2 +.IP \(bu 2 The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. -.IP "\(bu" 2 +.IP \(bu 2 An error will affect the current and the following ciphertext blocks. -.SS "Cipher Feedback Mode (\s-1CFB\s0)" +.SS "Cipher Feedback Mode (CFB)" .IX Subsection "Cipher Feedback Mode (CFB)" Normally, this is found as the function \fIalgorithm\fR\fB_cfb_encrypt()\fR. -.IP "\(bu" 2 +.IP \(bu 2 a number of bits (j) <= 64 are enciphered at a time. -.IP "\(bu" 2 -The \s-1CFB\s0 mode produces the same ciphertext whenever the same +.IP \(bu 2 +The CFB mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable. -.IP "\(bu" 2 +.IP \(bu 2 The chaining operation makes the ciphertext variables dependent on the current and all preceding variables and therefore j\-bit variables are chained together and can not be rearranged. -.IP "\(bu" 2 +.IP \(bu 2 The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. -.IP "\(bu" 2 -The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if +.IP \(bu 2 +The strength of the CFB mode depends on the size of k (maximal if j == k). In my implementation this is always the case. -.IP "\(bu" 2 +.IP \(bu 2 Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads. -.IP "\(bu" 2 +.IP \(bu 2 Only multiples of j bits can be enciphered. -.IP "\(bu" 2 +.IP \(bu 2 An error will affect the current and the following ciphertext variables. -.SS "Output Feedback Mode (\s-1OFB\s0)" +.SS "Output Feedback Mode (OFB)" .IX Subsection "Output Feedback Mode (OFB)" Normally, this is found as the function \fIalgorithm\fR\fB_ofb_encrypt()\fR. -.IP "\(bu" 2 +.IP \(bu 2 a number of bits (j) <= 64 are enciphered at a time. -.IP "\(bu" 2 -The \s-1OFB\s0 mode produces the same ciphertext whenever the same +.IP \(bu 2 +The OFB mode produces the same ciphertext whenever the same plaintext enciphered using the same key and starting variable. More -over, in the \s-1OFB\s0 mode the same key stream is produced when the same +over, in the OFB mode the same key stream is produced when the same key and start variable are used. Consequently, for security reasons a specific start variable should be used only once for a given key. -.IP "\(bu" 2 -The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks. -.IP "\(bu" 2 +.IP \(bu 2 +The absence of chaining makes the OFB more vulnerable to specific attacks. +.IP \(bu 2 The use of different start variables values prevents the same plaintext enciphering to the same ciphertext, by producing different key streams. -.IP "\(bu" 2 +.IP \(bu 2 Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads. -.IP "\(bu" 2 +.IP \(bu 2 Only multiples of j bits can be enciphered. -.IP "\(bu" 2 -\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the +.IP \(bu 2 +OFB mode of operation does not extend ciphertext errors in the resultant plaintext output. Every bit error in the ciphertext causes only one bit to be in error in the deciphered plaintext. -.IP "\(bu" 2 -\&\s-1OFB\s0 mode is not self-synchronizing. If the two operation of +.IP \(bu 2 +OFB mode is not self\-synchronizing. If the two operation of encipherment and decipherment get out of synchronism, the system needs -to be re-initialized. -.IP "\(bu" 2 -Each re-initialization should use a value of the start variable +to be re\-initialized. +.IP \(bu 2 +Each re\-initialization should use a value of the start variable different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be -susceptible to a 'known plaintext' attack. -.SS "Triple \s-1ECB\s0 Mode" +susceptible to a \*(Aqknown plaintext\*(Aq attack. +.SS "Triple ECB Mode" .IX Subsection "Triple ECB Mode" Normally, this is found as the function \fIalgorithm\fR\fB_ecb3_encrypt()\fR. -.IP "\(bu" 2 +.IP \(bu 2 Encrypt with key1, decrypt with key2 and encrypt with key3 again. -.IP "\(bu" 2 -As for \s-1ECB\s0 encryption but increases the key length to 168 bits. +.IP \(bu 2 +As for ECB encryption but increases the key length to 168 bits. There are theoretic attacks that can be used that make the effective key length 112 bits, but this attack also requires 2^56 blocks of -memory, not very likely, even for the \s-1NSA.\s0 -.IP "\(bu" 2 +memory, not very likely, even for the NSA. +.IP \(bu 2 If both keys are the same it is equivalent to encrypting once with just one key. -.IP "\(bu" 2 +.IP \(bu 2 If the first and last key are the same, the key length is 112 bits. There are attacks that could reduce the effective key strength to only slightly more than 56 bits, but these require a lot of memory. -.IP "\(bu" 2 +.IP \(bu 2 If all 3 keys are the same, this is effectively the same as normal ecb mode. -.SS "Triple \s-1CBC\s0 Mode" +.SS "Triple CBC Mode" .IX Subsection "Triple CBC Mode" Normally, this is found as the function \fIalgorithm\fR\fB_ede3_cbc_encrypt()\fR. -.IP "\(bu" 2 +.IP \(bu 2 Encrypt with key1, decrypt with key2 and then encrypt with key3. -.IP "\(bu" 2 -As for \s-1CBC\s0 encryption but increases the key length to 168 bits with +.IP \(bu 2 +As for CBC encryption but increases the key length to 168 bits with the same restrictions as for triple ecb mode. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" This text was been written in large parts by Eric Young in his original documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed @@ -285,11 +210,11 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBF_encrypt\fR\|(3), \fBDES_crypt\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/evp.7.orig +++ secure/lib/libcrypto/man/man7/evp.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,142 +53,82 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP 7ossl" -.TH EVP 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH EVP 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME evp \- high\-level cryptographic functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1EVP\s0 library provides a high-level interface to cryptographic +The EVP library provides a high\-level interface to cryptographic functions. .PP -The \fBEVP_Seal\fR\fI\s-1XXX\s0\fR and \fBEVP_Open\fR\fI\s-1XXX\s0\fR -functions provide public key encryption and decryption to implement digital \*(L"envelopes\*(R". +The \fBEVP_Seal\fR\fIXXX\fR and \fBEVP_Open\fR\fIXXX\fR +functions provide public key encryption and decryption to implement digital "envelopes". .PP -The \fBEVP_DigestSign\fR\fI\s-1XXX\s0\fR and -\&\fBEVP_DigestVerify\fR\fI\s-1XXX\s0\fR functions implement +The \fBEVP_DigestSign\fR\fIXXX\fR and +\&\fBEVP_DigestVerify\fR\fIXXX\fR functions implement digital signatures and Message Authentication Codes (MACs). Also see the older -\&\fBEVP_Sign\fR\fI\s-1XXX\s0\fR and \fBEVP_Verify\fR\fI\s-1XXX\s0\fR +\&\fBEVP_Sign\fR\fIXXX\fR and \fBEVP_Verify\fR\fIXXX\fR functions. .PP -Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI\s-1XXX\s0\fR -functions. The \fBEVP_Digest\fR\fI\s-1XXX\s0\fR functions provide message digests. +Symmetric encryption is available with the \fBEVP_Encrypt\fR\fIXXX\fR +functions. The \fBEVP_Digest\fR\fIXXX\fR functions provide message digests. .PP -The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high-level interface to -asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see +The \fBEVP_PKEY\fR\fIXXX\fR functions provide a high\-level interface to +asymmetric algorithms. To create a new EVP_PKEY see \&\fBEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions described on the \fBEVP_PKEY_fromdata\fR\|(3) page, or new keys can be generated using \fBEVP_PKEY_keygen\fR\|(3). EVP_PKEYs can be compared using \fBEVP_PKEY_eq\fR\|(3), or printed using \&\fBEVP_PKEY_print_private\fR\|(3). \fBEVP_PKEY_todata\fR\|(3) can be used to convert a -key back into an \s-1\fBOSSL_PARAM\s0\fR\|(3) array. +key back into an \fBOSSL_PARAM\fR\|(3) array. .PP -The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations: +The EVP_PKEY functions support the full range of asymmetric algorithm operations: .IP "For key agreement see \fBEVP_PKEY_derive\fR\|(3)" 4 .IX Item "For key agreement see EVP_PKEY_derive" .PD 0 .IP "For signing and verifying see \fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore, normally you would use the \fBEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 .IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore, normally you would use the EVP_DigestSignInit functions for this purpose." -.ie n .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 -.el .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 -.IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit and EVP_OpenInit functions." +.IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 +.IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the EVP_SealInit and EVP_OpenInit functions." .PD .PP The \fBEVP_BytesToKey\fR\|(3) function provides some limited support for password -based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible +based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible implementation. However, new applications should not typically use this (preferring, for example, -\&\s-1PBKDF2\s0 from PCKS#5). +PBKDF2 from PCKS#5). .PP -The \fBEVP_Encode\fR\fI\s-1XXX\s0\fR and -\&\fBEVP_Decode\fR\fI\s-1XXX\s0\fR functions implement base 64 encoding +The \fBEVP_Encode\fR\fIXXX\fR and +\&\fBEVP_Decode\fR\fIXXX\fR functions implement base 64 encoding and decoding. .PP All the symmetric algorithms (ciphers), digests and asymmetric algorithms -(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative -implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered -as defaults, then the various \s-1EVP\s0 functions will automatically use those +(public key algorithms) can be replaced by ENGINE modules providing alternative +implementations. If ENGINE implementations of ciphers or digests are registered +as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the \fBengine\fR\|(3) man page. .PP -Although low-level algorithm specific functions exist for many algorithms -their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 -versions of new algorithms cannot be accessed using the low-level functions. +Although low\-level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an ENGINE and ENGINE +versions of new algorithms cannot be accessed using the low\-level functions. Also makes code harder to adapt to new algorithms and some options are not -cleanly supported at the low-level and some operations are more efficient -using the high-level interface. +cleanly supported at the low\-level and some operations are more efficient +using the high\-level interface. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3), @@ -228,11 +152,11 @@ \&\fBEVP_PKEY_derive\fR\|(3), \&\fBEVP_BytesToKey\fR\|(3), \&\fBENGINE_by_id\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/fips_module.7.orig +++ secure/lib/libcrypto/man/man7/fips_module.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,115 +53,56 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "FIPS_MODULE 7ossl" -.TH FIPS_MODULE 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH FIPS_MODULE 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME fips_module \- OpenSSL fips module guide -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" See the individual manual pages for details. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This guide details different ways that OpenSSL can be used in conjunction -with the \s-1FIPS\s0 module. Which is the correct approach to use will depend on your +with the FIPS module. Which is the correct approach to use will depend on your own specific circumstances and what you are attempting to achieve. .PP -For information related to installing the \s-1FIPS\s0 module see +For information related to installing the FIPS module see . .PP Note that the old functions \fBFIPS_mode()\fR and \fBFIPS_mode_set()\fR are no longer present so you must remove them from your application if you use them. .PP -Applications written to use the OpenSSL 3.0 \s-1FIPS\s0 module should not use any -legacy APIs or features that avoid the \s-1FIPS\s0 module. Specifically this includes: -.IP "\(bu" 4 -Low level cryptographic APIs (use the high level APIs, such as \s-1EVP,\s0 instead) -.IP "\(bu" 4 +Applications written to use the OpenSSL 3.0 FIPS module should not use any +legacy APIs or features that avoid the FIPS module. Specifically this includes: +.IP \(bu 4 +Low level cryptographic APIs (use the high level APIs, such as EVP, instead) +.IP \(bu 4 Engines -.IP "\(bu" 4 -Any functions that create or modify custom \*(L"\s-1METHODS\*(R"\s0 (for example +.IP \(bu 4 +Any functions that create or modify custom "METHODS" (for example \&\fBEVP_MD_meth_new()\fR, \fBEVP_CIPHER_meth_new()\fR, \fBEVP_PKEY_meth_new()\fR, \fBRSA_meth_new()\fR, \&\fBEC_KEY_METHOD_new()\fR, etc.) .PP All of the above APIs are deprecated in OpenSSL 3.0 \- so a simple rule is to avoid using all deprecated functions. See \fBmigration_guide\fR\|(7) for a list of deprecated functions. -.SS "Making all applications use the \s-1FIPS\s0 module by default" +.SS "Making all applications use the FIPS module by default" .IX Subsection "Making all applications use the FIPS module by default" One simple approach is to cause all applications that are using OpenSSL to only -use the \s-1FIPS\s0 module for cryptographic algorithms by default. +use the FIPS module for cryptographic algorithms by default. .PP This approach can be done purely via configuration. As long as applications are built and linked against OpenSSL 3.0 and do not override the loading of the default config file or its settings then they can automatically start using the -\&\s-1FIPS\s0 module without the need for any further code changes. +FIPS module without the need for any further code changes. .PP To do this the default OpenSSL config file will have to be modified. The location of this config file will depend on the platform, and any options that @@ -186,7 +111,7 @@ .PP .Vb 2 \& $ openssl version \-d -\& OPENSSLDIR: "/etc/ssl" +\& OPENSSLDIR: "/usr/local/ssl" .Ve .PP Caution: Many Operating Systems install OpenSSL by default. It is a common error @@ -198,9 +123,9 @@ \& OpenSSL 3.0.0\-dev xx XXX xxxx (Library: OpenSSL 3.0.0\-dev xx XXX xxxx) .Ve .PP -The \fB\s-1OPENSSLDIR\s0\fR value above gives the directory name for where the default +The \fBOPENSSLDIR\fR value above gives the directory name for where the default config file is stored. So in this case the default config file will be called -\&\fI/etc/ssl/openssl.cnf\fR. +\&\fI/usr/local/ssl/openssl.cnf\fR. .PP Edit the config file to add the following lines near the beginning: .PP @@ -208,7 +133,7 @@ \& config_diagnostics = 1 \& openssl_conf = openssl_init \& -\& .include /etc/ssl/fipsmodule.cnf +\& .include /usr/local/ssl/fipsmodule.cnf \& \& [openssl_init] \& providers = provider_sect @@ -222,78 +147,78 @@ .Ve .PP Obviously the include file location above should match the path and name of the -\&\s-1FIPS\s0 module config file that you installed earlier. +FIPS module config file that you installed earlier. See . .PP -For \s-1FIPS\s0 usage, it is recommended that the \fBconfig_diagnostics\fR option is -enabled to prevent accidental use of non-FIPS validated algorithms via broken +For FIPS usage, it is recommended that the \fBconfig_diagnostics\fR option is +enabled to prevent accidental use of non\-FIPS validated algorithms via broken or mistaken configuration. See \fBconfig\fR\|(5). .PP Any applications that use OpenSSL 3.0 and are started after these changes are -made will start using only the \s-1FIPS\s0 module unless those applications take +made will start using only the FIPS module unless those applications take explicit steps to avoid this default behaviour. Note that this configuration -also activates the \*(L"base\*(R" provider. The base provider does not include any +also activates the "base" provider. The base provider does not include any cryptographic algorithms (and therefore does not impact the validation status of any cryptographic operations), but does include other supporting algorithms that -may be required. It is designed to be used in conjunction with the \s-1FIPS\s0 module. +may be required. It is designed to be used in conjunction with the FIPS module. .PP This approach has the primary advantage that it is simple, and no code changes -are required in applications in order to benefit from the \s-1FIPS\s0 module. There are +are required in applications in order to benefit from the FIPS module. There are some disadvantages to this approach: -.IP "\(bu" 4 -You may not want all applications to use the \s-1FIPS\s0 module. +.IP \(bu 4 +You may not want all applications to use the FIPS module. .Sp It may be the case that some applications should and some should not use the -\&\s-1FIPS\s0 module. -.IP "\(bu" 4 +FIPS module. +.IP \(bu 4 If applications take explicit steps to not load the default config file or set different settings. .Sp This method will not work for these cases. -.IP "\(bu" 4 -The algorithms available in the \s-1FIPS\s0 module are a subset of the algorithms +.IP \(bu 4 +The algorithms available in the FIPS module are a subset of the algorithms that are available in the default OpenSSL Provider. .Sp If any applications attempt to use any algorithms that are not present, then they will fail. -.IP "\(bu" 4 -Usage of certain deprecated APIs avoids the use of the \s-1FIPS\s0 module. +.IP \(bu 4 +Usage of certain deprecated APIs avoids the use of the FIPS module. .Sp -If any applications use those APIs then the \s-1FIPS\s0 module will not be used. -.SS "Selectively making applications use the \s-1FIPS\s0 module by default" +If any applications use those APIs then the FIPS module will not be used. +.SS "Selectively making applications use the FIPS module by default" .IX Subsection "Selectively making applications use the FIPS module by default" A variation on the above approach is to do the same thing on an individual application basis. The default OpenSSL config file depends on the compiled in -value for \fB\s-1OPENSSLDIR\s0\fR as described in the section above. However it is also -possible to override the config file to be used via the \fB\s-1OPENSSL_CONF\s0\fR +value for \fBOPENSSLDIR\fR as described in the section above. However it is also +possible to override the config file to be used via the \fBOPENSSL_CONF\fR environment variable. For example the following, on Unix, will cause the -application to be executed with a non-standard config file location: +application to be executed with a non\-standard config file location: .PP .Vb 1 \& $ OPENSSL_CONF=/my/nondefault/openssl.cnf myapplication .Ve .PP Using this mechanism you can control which config file is loaded (and hence -whether the \s-1FIPS\s0 module is loaded) on an application by application basis. +whether the FIPS module is loaded) on an application by application basis. .PP This removes the disadvantage listed above that you may not want all -applications to use the \s-1FIPS\s0 module. All the other advantages and disadvantages +applications to use the FIPS module. All the other advantages and disadvantages still apply. -.SS "Programmatically loading the \s-1FIPS\s0 module (default library context)" +.SS "Programmatically loading the FIPS module (default library context)" .IX Subsection "Programmatically loading the FIPS module (default library context)" -Applications may choose to load the \s-1FIPS\s0 provider explicitly rather than relying +Applications may choose to load the FIPS provider explicitly rather than relying on config to do this. The config file is still necessary in order to hold the -\&\s-1FIPS\s0 module config data (such as its self test status and integrity data). But -in this case we do not automatically activate the \s-1FIPS\s0 provider via that config +FIPS module config data (such as its self test status and integrity data). But +in this case we do not automatically activate the FIPS provider via that config file. .PP To do things this way configure as per -\&\*(L"Making all applications use the \s-1FIPS\s0 module by default\*(R" above, but edit the +"Making all applications use the FIPS module by default" above, but edit the \&\fIfipsmodule.cnf\fR file to remove or comment out the line which says \&\f(CW\*(C`activate = 1\*(C'\fR (note that setting this value to 0 is \fInot\fR sufficient). This means all the required config information will be available to load the -\&\s-1FIPS\s0 module, but it is not automatically loaded when the application starts. The -\&\s-1FIPS\s0 provider can then be loaded programmatically like this: +FIPS module, but it is not automatically loaded when the application starts. The +FIPS provider can then be loaded programmatically like this: .PP .Vb 1 \& #include @@ -327,31 +252,31 @@ application. If any OpenSSL functions get called that require the use of cryptographic functions before this occurs then, if no provider has yet been loaded, then the default provider will be automatically loaded. If you then -later explicitly load the \s-1FIPS\s0 provider then you will have both the \s-1FIPS\s0 and the +later explicitly load the FIPS provider then you will have both the FIPS and the default provider loaded at the same time. It is undefined which implementation of an algorithm will be used if multiple implementations are available and you have not explicitly specified via a property query (see below) which one should be used. .PP -Also note that in this example we have additionally loaded the \*(L"base\*(R" provider. -This loads a sub-set of algorithms that are also available in the default +Also note that in this example we have additionally loaded the "base" provider. +This loads a sub\-set of algorithms that are also available in the default provider \- specifically non cryptographic ones which may be used in conjunction -with the \s-1FIPS\s0 provider. For example this contains algorithms for encoding and +with the FIPS provider. For example this contains algorithms for encoding and decoding keys. If you decide not to load the default provider then you will usually want to load the base provider instead. .PP -In this example we are using the \*(L"default\*(R" library context. OpenSSL functions +In this example we are using the "default" library context. OpenSSL functions operate within the scope of a library context. If no library context is explicitly specified then the default library context is used. For further -details about library contexts see the \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) man page. -.SS "Loading the \s-1FIPS\s0 module at the same time as other providers" +details about library contexts see the \fBOSSL_LIB_CTX\fR\|(3) man page. +.SS "Loading the FIPS module at the same time as other providers" .IX Subsection "Loading the FIPS module at the same time as other providers" -It is possible to have the \s-1FIPS\s0 provider and other providers (such as the +It is possible to have the FIPS provider and other providers (such as the default provider) all loaded at the same time into the same library context. You can use a property query string during algorithm fetches to specify which implementation you would like to use. .PP -For example to fetch an implementation of \s-1SHA256\s0 which conforms to \s-1FIPS\s0 +For example to fetch an implementation of SHA256 which conforms to FIPS standards you can specify the property query \f(CW\*(C`fips=yes\*(C'\fR like this: .PP .Vb 1 @@ -364,7 +289,7 @@ property query then it is undefined which implementation of a particular algorithm will be returned. .PP -This example shows an explicit request for an implementation of \s-1SHA256\s0 from the +This example shows an explicit request for an implementation of SHA256 from the default provider: .PP .Vb 1 @@ -386,31 +311,31 @@ both apply. The local property query overrides the default properties if the same property name is specified in both. .PP -There are two important built-in properties that you should be aware of: +There are two important built\-in properties that you should be aware of: .PP -The \*(L"provider\*(R" property enables you to specify which provider you want an +The "provider" property enables you to specify which provider you want an implementation to be fetched from, e.g. \f(CW\*(C`provider=default\*(C'\fR or \f(CW\*(C`provider=fips\*(C'\fR. All algorithms implemented in a provider have this property set on them. .PP -There is also the \f(CW\*(C`fips\*(C'\fR property. All \s-1FIPS\s0 algorithms match against the -property query \f(CW\*(C`fips=yes\*(C'\fR. There are also some non-cryptographic algorithms +There is also the \f(CW\*(C`fips\*(C'\fR property. All FIPS algorithms match against the +property query \f(CW\*(C`fips=yes\*(C'\fR. There are also some non\-cryptographic algorithms available in the default and base providers that also have the \f(CW\*(C`fips=yes\*(C'\fR property defined for them. These are the encoder and decoder algorithms that -can (for example) be used to write out a key generated in the \s-1FIPS\s0 provider to a -file. The encoder and decoder algorithms are not in the \s-1FIPS\s0 module itself but -are allowed to be used in conjunction with the \s-1FIPS\s0 algorithms. +can (for example) be used to write out a key generated in the FIPS provider to a +file. The encoder and decoder algorithms are not in the FIPS module itself but +are allowed to be used in conjunction with the FIPS algorithms. .PP It is possible to specify default properties within a config file. For example -the following config file automatically loads the default and \s-1FIPS\s0 providers and +the following config file automatically loads the default and FIPS providers and sets the default property value to be \f(CW\*(C`fips=yes\*(C'\fR. Note that this config file -does not load the \*(L"base\*(R" provider. All supporting algorithms that are in \*(L"base\*(R" -are also in \*(L"default\*(R", so it is unnecessary in this case: +does not load the "base" provider. All supporting algorithms that are in "base" +are also in "default", so it is unnecessary in this case: .PP .Vb 2 \& config_diagnostics = 1 \& openssl_conf = openssl_init \& -\& .include /etc/ssl/fipsmodule.cnf +\& .include /usr/local/ssl/fipsmodule.cnf \& \& [openssl_init] \& providers = provider_sect @@ -426,12 +351,12 @@ \& [algorithm_sect] \& default_properties = fips=yes .Ve -.SS "Programmatically loading the \s-1FIPS\s0 module (nondefault library context)" +.SS "Programmatically loading the FIPS module (nondefault library context)" .IX Subsection "Programmatically loading the FIPS module (nondefault library context)" -In addition to using properties to separate usage of the \s-1FIPS\s0 module from other +In addition to using properties to separate usage of the FIPS module from other usages this can also be achieved using library contexts. In this example we create two library contexts. In one we assume the existence of a config file -called \fIopenssl\-fips.cnf\fR that automatically loads and configures the \s-1FIPS\s0 and +called \fIopenssl\-fips.cnf\fR that automatically loads and configures the FIPS and base providers. The other library context will just use the default provider. .PP .Vb 4 @@ -495,53 +420,53 @@ \& return ret; .Ve .PP -Note that we have made use of the special \*(L"null\*(R" provider here which we load +Note that we have made use of the special "null" provider here which we load into the default library context. We could have chosen to use the default -library context for \s-1FIPS\s0 usage, and just create one additional library context +library context for FIPS usage, and just create one additional library context for other usages \- or vice versa. However if code has not been converted to use library contexts then the default library context will be automatically used. This could be the case for your own existing applications as well as certain parts of OpenSSL itself. Not all parts of OpenSSL are library context aware. If -this happens then you could \*(L"accidentally\*(R" use the wrong library context for a -particular operation. To be sure this doesn't happen you can load the \*(L"null\*(R" +this happens then you could "accidentally" use the wrong library context for a +particular operation. To be sure this doesn\*(Aqt happen you can load the "null" provider into the default library context. Because a provider has been explicitly loaded, the default provider will not automatically load. This means code using the default context by accident will fail because no algorithms will be available. .PP -See \*(L"Library Context\*(R" in \fBmigration_guide\fR\|(7) for additional information about the +See "Library Context" in \fBmigration_guide\fR\|(7) for additional information about the Library Context. -.SS "Using Encoders and Decoders with the \s-1FIPS\s0 module" +.SS "Using Encoders and Decoders with the FIPS module" .IX Subsection "Using Encoders and Decoders with the FIPS module" Encoders and decoders are used to read and write keys or parameters from or to -some external format (for example a \s-1PEM\s0 file). If your application generates -keys or parameters that then need to be written into \s-1PEM\s0 or \s-1DER\s0 format +some external format (for example a PEM file). If your application generates +keys or parameters that then need to be written into PEM or DER format then it is likely that you will need to use an encoder to do this. Similarly you need a decoder to read previously saved keys and parameters. In most cases this will be invisible to you if you are using APIs that existed in OpenSSL 1.1.1 or earlier such as \fBi2d_PrivateKey\fR\|(3). However the appropriate encoder/decoder will need to be available in the library context associated with -the key or parameter object. The built-in OpenSSL encoders and decoders are -implemented in both the default and base providers and are not in the \s-1FIPS\s0 +the key or parameter object. The built\-in OpenSSL encoders and decoders are +implemented in both the default and base providers and are not in the FIPS module boundary. However since they are not cryptographic algorithms themselves -it is still possible to use them in conjunction with the \s-1FIPS\s0 module, and +it is still possible to use them in conjunction with the FIPS module, and therefore these encoders/decoders have the \f(CW\*(C`fips=yes\*(C'\fR property against them. You should ensure that either the default or base provider is loaded into the library context in this case. -.SS "Using the \s-1FIPS\s0 module in \s-1SSL/TLS\s0" +.SS "Using the FIPS module in SSL/TLS" .IX Subsection "Using the FIPS module in SSL/TLS" -Writing an application that uses libssl in conjunction with the \s-1FIPS\s0 module is +Writing an application that uses libssl in conjunction with the FIPS module is much the same as writing a normal libssl application. If you are using global -properties and the default library context to specify usage of \s-1FIPS\s0 validated +properties and the default library context to specify usage of FIPS validated algorithms then this will happen automatically for all cryptographic algorithms -in libssl. If you are using a nondefault library context to load the \s-1FIPS\s0 +in libssl. If you are using a nondefault library context to load the FIPS provider then you can supply this to libssl using the function \&\fBSSL_CTX_new_ex\fR\|(3). This works as a drop in replacement for the function \&\fBSSL_CTX_new\fR\|(3) except it provides you with the capability to specify the library context to be used. You can also use the same function to specify libssl specific properties to use. .PP -In this first example we create two \s-1SSL_CTX\s0 objects using two different library +In this first example we create two SSL_CTX objects using two different library contexts. .PP .Vb 11 @@ -558,8 +483,8 @@ \& TLS_method()); .Ve .PP -In this second example we create two \s-1SSL_CTX\s0 objects using different properties -to specify \s-1FIPS\s0 usage: +In this second example we create two SSL_CTX objects using different properties +to specify FIPS usage: .PP .Vb 10 \& /* @@ -576,42 +501,42 @@ \& SSL_CTX *non_fips_ssl_ctx = SSL_CTX_new_ex(NULL, "provider!=fips", \& TLS_method()); .Ve -.SS "Confirming that an algorithm is being provided by the \s-1FIPS\s0 module" +.SS "Confirming that an algorithm is being provided by the FIPS module" .IX Subsection "Confirming that an algorithm is being provided by the FIPS module" A chain of links needs to be followed to go from an algorithm instance to the provider that implements it. The process is similar for all algorithms. Here the example of a digest is used. .PP -To go from an \fB\s-1EVP_MD_CTX\s0\fR to an \fB\s-1EVP_MD\s0\fR, use \fBEVP_MD_CTX_md\fR\|(3) . -To go from the \fB\s-1EVP_MD\s0\fR to its \fB\s-1OSSL_PROVIDER\s0\fR, +To go from an \fBEVP_MD_CTX\fR to an \fBEVP_MD\fR, use \fBEVP_MD_CTX_md\fR\|(3) . +To go from the \fBEVP_MD\fR to its \fBOSSL_PROVIDER\fR, use \fBEVP_MD_get0_provider\fR\|(3). -To extract the name from the \fB\s-1OSSL_PROVIDER\s0\fR, use +To extract the name from the \fBOSSL_PROVIDER\fR, use \&\fBOSSL_PROVIDER_get0_name\fR\|(3). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Some released versions of OpenSSL do not include a validated -\&\s-1FIPS\s0 provider. To determine which versions have undergone +FIPS provider. To determine which versions have undergone the validation process, please refer to the OpenSSL Downloads page . If you -require FIPS-approved functionality, it is essential to build your \s-1FIPS\s0 +require FIPS\-approved functionality, it is essential to build your FIPS provider using one of the validated versions listed there. Normally, -it is possible to utilize a \s-1FIPS\s0 provider constructed from one of the +it is possible to utilize a FIPS provider constructed from one of the validated versions alongside \fIlibcrypto\fR and \fIlibssl\fR compiled from any release within the same major release series. This flexibility enables -you to address bug fixes and CVEs that fall outside the \s-1FIPS\s0 boundary. +you to address bug fixes and CVEs that fall outside the FIPS boundary. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBmigration_guide\fR\|(7), \fBcrypto\fR\|(7), \fBfips_config\fR\|(5), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1FIPS\s0 module guide was created for use with the new \s-1FIPS\s0 provider +The FIPS module guide was created for use with the new FIPS provider in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/life_cycle-cipher.7.orig +++ secure/lib/libcrypto/man/man7/life_cycle-cipher.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,91 +53,32 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "LIFE_CYCLE-CIPHER 7ossl" -.TH LIFE_CYCLE-CIPHER 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH LIFE_CYCLE-CIPHER 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME life_cycle\-cipher \- The cipher algorithm life\-cycle -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All symmetric ciphers (CIPHERs) go through a number of stages in their -life-cycle: -.IP "start" 4 +life\-cycle: +.IP start 4 .IX Item "start" -This state represents the \s-1CIPHER\s0 before it has been allocated. It is the -starting state for any life-cycle transitions. -.IP "newed" 4 +This state represents the CIPHER before it has been allocated. It is the +starting state for any life\-cycle transitions. +.IP newed 4 .IX Item "newed" -This state represents the \s-1CIPHER\s0 after it has been allocated. -.IP "initialised" 4 +This state represents the CIPHER after it has been allocated. +.IP initialised 4 .IX Item "initialised" -These states represent the \s-1CIPHER\s0 when it is set up and capable of processing +These states represent the CIPHER when it is set up and capable of processing input. There are three possible initialised states: .RS 4 .IP "initialised using EVP_CipherInit" 4 @@ -163,34 +88,34 @@ .IX Item "initialised for decryption using EVP_DecryptInit" .IP "initialised for encryption using EVP_EncryptInit" 4 .IX Item "initialised for encryption using EVP_EncryptInit" +.PD .RE .RS 4 .RE -.IP "updated" 4 +.IP updated 4 .IX Item "updated" -.PD -These states represent the \s-1CIPHER\s0 when it is set up and capable of processing +These states represent the CIPHER when it is set up and capable of processing additional input or generating output. The three possible states directly correspond to those for initialised above. The three different streams should not be mixed. -.IP "finaled" 4 +.IP finaled 4 .IX Item "finaled" -This state represents the \s-1CIPHER\s0 when it has generated output. -.IP "freed" 4 +This state represents the CIPHER when it has generated output. +.IP freed 4 .IX Item "freed" -This state is entered when the \s-1CIPHER\s0 is freed. It is the terminal state -for all life-cycle transitions. +This state is entered when the CIPHER is freed. It is the terminal state +for all life\-cycle transitions. .SS "State Transition Diagram" .IX Subsection "State Transition Diagram" -The usual life-cycle of a \s-1CIPHER\s0 is illustrated: +The usual life\-cycle of a CIPHER is illustrated: +---------------------------+ | | | start | | | +---------------------------+ + - - - - - - - - - - - - - + - | ' any of the initialised ' - | EVP_CIPHER_CTX_new ' updated or finaled states ' - v ' ' + | \*(Aq any of the initialised \*(Aq + | EVP_CIPHER_CTX_new \*(Aq updated or finaled states \*(Aq + v \*(Aq \*(Aq +---------------------------+ + - - - - - - - - - - - - - + | | | | newed | | EVP_CIPHER_CTX_reset @@ -266,18 +191,18 @@ decryption decryption encryption encryption EVP_CIPHER_CTX_settable_params newed initialised updated initialised updated initialised updated decryption decryption encryption encryption -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -At some point the \s-1EVP\s0 layer will begin enforcing the transitions described +At some point the EVP layer will begin enforcing the transitions described herein. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-cipher\fR\|(7), \fBEVP_EncryptInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/life_cycle-digest.7.orig +++ secure/lib/libcrypto/man/man7/life_cycle-digest.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,105 +53,46 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "LIFE_CYCLE-DIGEST 7ossl" -.TH LIFE_CYCLE-DIGEST 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH LIFE_CYCLE-DIGEST 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME life_cycle\-digest \- The digest algorithm life\-cycle -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -All message digests (MDs) go through a number of stages in their life-cycle: -.IP "start" 4 +All message digests (MDs) go through a number of stages in their life\-cycle: +.IP start 4 .IX Item "start" -This state represents the \s-1MD\s0 before it has been allocated. It is the -starting state for any life-cycle transitions. -.IP "newed" 4 +This state represents the MD before it has been allocated. It is the +starting state for any life\-cycle transitions. +.IP newed 4 .IX Item "newed" -This state represents the \s-1MD\s0 after it has been allocated. -.IP "initialised" 4 +This state represents the MD after it has been allocated. +.IP initialised 4 .IX Item "initialised" -This state represents the \s-1MD\s0 when it is set up and capable of processing +This state represents the MD when it is set up and capable of processing input. -.IP "updated" 4 +.IP updated 4 .IX Item "updated" -This state represents the \s-1MD\s0 when it is set up and capable of processing +This state represents the MD when it is set up and capable of processing additional input or generating output. -.IP "finaled" 4 +.IP finaled 4 .IX Item "finaled" -This state represents the \s-1MD\s0 when it has generated output. -.IP "freed" 4 +This state represents the MD when it has generated output. +.IP freed 4 .IX Item "freed" -This state is entered when the \s-1MD\s0 is freed. It is the terminal state -for all life-cycle transitions. +This state is entered when the MD is freed. It is the terminal state +for all life\-cycle transitions. .SS "State Transition Diagram" .IX Subsection "State Transition Diagram" -The usual life-cycle of a \s-1MD\s0 is illustrated: +The usual life\-cycle of a MD is illustrated: +-------------------+ | start | +-------------------+ @@ -218,18 +143,18 @@ EVP_MD_CTX_set_params newed initialised updated EVP_MD_CTX_gettable_params newed initialised updated EVP_MD_CTX_settable_params newed initialised updated -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -At some point the \s-1EVP\s0 layer will begin enforcing the transitions described +At some point the EVP layer will begin enforcing the transitions described herein. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\-digest\fR\|(7), \fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/life_cycle-kdf.7.orig +++ secure/lib/libcrypto/man/man7/life_cycle-kdf.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,99 +53,40 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "LIFE_CYCLE-KDF 7ossl" -.TH LIFE_CYCLE-KDF 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH LIFE_CYCLE-KDF 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME life_cycle\-kdf \- The KDF algorithm life\-cycle -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All key derivation functions (KDFs) and pseudo random functions (PRFs) -go through a number of stages in their life-cycle: -.IP "start" 4 +go through a number of stages in their life\-cycle: +.IP start 4 .IX Item "start" -This state represents the \s-1KDF/PRF\s0 before it has been allocated. It is the -starting state for any life-cycle transitions. -.IP "newed" 4 +This state represents the KDF/PRF before it has been allocated. It is the +starting state for any life\-cycle transitions. +.IP newed 4 .IX Item "newed" -This state represents the \s-1KDF/PRF\s0 after it has been allocated. -.IP "deriving" 4 +This state represents the KDF/PRF after it has been allocated. +.IP deriving 4 .IX Item "deriving" -This state represents the \s-1KDF/PRF\s0 when it is set up and capable of generating +This state represents the KDF/PRF when it is set up and capable of generating output. -.IP "freed" 4 +.IP freed 4 .IX Item "freed" -This state is entered when the \s-1KDF/PRF\s0 is freed. It is the terminal state -for all life-cycle transitions. +This state is entered when the KDF/PRF is freed. It is the terminal state +for all life\-cycle transitions. .SS "State Transition Diagram" .IX Subsection "State Transition Diagram" -The usual life-cycle of a \s-1KDF/PRF\s0 is illustrated: +The usual life\-cycle of a KDF/PRF is illustrated: +-------------------+ | start | +-------------------+ @@ -176,7 +101,7 @@ v | EVP_KDF_CTX_reset EVP_KDF_derive +-------------------+ | + - - - - - - - - | | | - ' | deriving | | + \*(Aq | deriving | | + - - - - - - - -> | | -+ +-------------------+ | @@ -199,21 +124,21 @@ EVP_KDF_CTX_set_params newed deriving EVP_KDF_CTX_gettable_params newed deriving EVP_KDF_CTX_settable_params newed deriving -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -At some point the \s-1EVP\s0 layer will begin enforcing the transitions described +At some point the EVP layer will begin enforcing the transitions described herein. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\-kdf\fR\|(7), \s-1\fBEVP_KDF\s0\fR\|(3). -.SH "HISTORY" +\&\fBprovider\-kdf\fR\|(7), \fBEVP_KDF\fR\|(3). +.SH HISTORY .IX Header "HISTORY" -The provider \s-1KDF\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider KDF interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/life_cycle-mac.7.orig +++ secure/lib/libcrypto/man/man7/life_cycle-mac.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,106 +53,47 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "LIFE_CYCLE-MAC 7ossl" -.TH LIFE_CYCLE-MAC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH LIFE_CYCLE-MAC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME life_cycle\-mac \- The MAC algorithm life\-cycle -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All message authentication codes (MACs) -go through a number of stages in their life-cycle: -.IP "start" 4 +go through a number of stages in their life\-cycle: +.IP start 4 .IX Item "start" -This state represents the \s-1MAC\s0 before it has been allocated. It is the -starting state for any life-cycle transitions. -.IP "newed" 4 +This state represents the MAC before it has been allocated. It is the +starting state for any life\-cycle transitions. +.IP newed 4 .IX Item "newed" -This state represents the \s-1MAC\s0 after it has been allocated. -.IP "initialised" 4 +This state represents the MAC after it has been allocated. +.IP initialised 4 .IX Item "initialised" -This state represents the \s-1MAC\s0 when it is set up and capable of processing +This state represents the MAC when it is set up and capable of processing input. -.IP "updated" 4 +.IP updated 4 .IX Item "updated" -This state represents the \s-1MAC\s0 when it is set up and capable of processing +This state represents the MAC when it is set up and capable of processing additional input or generating output. -.IP "finaled" 4 +.IP finaled 4 .IX Item "finaled" -This state represents the \s-1MAC\s0 when it has generated output. -.IP "freed" 4 +This state represents the MAC when it has generated output. +.IP freed 4 .IX Item "freed" -This state is entered when the \s-1MAC\s0 is freed. It is the terminal state -for all life-cycle transitions. +This state is entered when the MAC is freed. It is the terminal state +for all life\-cycle transitions. .SS "State Transition Diagram" .IX Subsection "State Transition Diagram" -The usual life-cycle of a \s-1MAC\s0 is illustrated: +The usual life\-cycle of a MAC is illustrated: +-------------------+ | start | +-------------------+ @@ -218,21 +143,21 @@ EVP_MAC_CTX_set_params newed initialised updated EVP_MAC_CTX_gettable_params newed initialised updated EVP_MAC_CTX_settable_params newed initialised updated -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -At some point the \s-1EVP\s0 layer will begin enforcing the transitions described +At some point the EVP layer will begin enforcing the transitions described herein. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\-mac\fR\|(7), \s-1\fBEVP_MAC\s0\fR\|(3). -.SH "HISTORY" +\&\fBprovider\-mac\fR\|(7), \fBEVP_MAC\fR\|(3). +.SH HISTORY .IX Header "HISTORY" -The provider \s-1MAC\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider MAC interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/life_cycle-pkey.7.orig +++ secure/lib/libcrypto/man/man7/life_cycle-pkey.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,127 +53,68 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "LIFE_CYCLE-PKEY 7ossl" -.TH LIFE_CYCLE-PKEY 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH LIFE_CYCLE-PKEY 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME life_cycle\-pkey \- The PKEY algorithm life\-cycle -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -All public keys (PKEYs) go through a number of stages in their life-cycle: -.IP "start" 4 +All public keys (PKEYs) go through a number of stages in their life\-cycle: +.IP start 4 .IX Item "start" -This state represents the \s-1PKEY\s0 before it has been allocated. It is the -starting state for any life-cycle transitions. -.IP "newed" 4 +This state represents the PKEY before it has been allocated. It is the +starting state for any life\-cycle transitions. +.IP newed 4 .IX Item "newed" -This state represents the \s-1PKEY\s0 after it has been allocated. -.IP "decapsulate" 4 +This state represents the PKEY after it has been allocated. +.IP decapsulate 4 .IX Item "decapsulate" -This state represents the \s-1PKEY\s0 when it is ready to perform a private key decapsulation +This state represents the PKEY when it is ready to perform a private key decapsulation operation. -.IP "decrypt" 4 +.IP decrypt 4 .IX Item "decrypt" -This state represents the \s-1PKEY\s0 when it is ready to decrypt some ciphertext. -.IP "derive" 4 +This state represents the PKEY when it is ready to decrypt some ciphertext. +.IP derive 4 .IX Item "derive" -This state represents the \s-1PKEY\s0 when it is ready to derive a shared secret. +This state represents the PKEY when it is ready to derive a shared secret. .IP "digest sign" 4 .IX Item "digest sign" -This state represents the \s-1PKEY\s0 when it is ready to perform a private key signature +This state represents the PKEY when it is ready to perform a private key signature operation. -.IP "encapsulate" 4 +.IP encapsulate 4 .IX Item "encapsulate" -This state represents the \s-1PKEY\s0 when it is ready to perform a public key encapsulation +This state represents the PKEY when it is ready to perform a public key encapsulation operation. -.IP "encrypt" 4 +.IP encrypt 4 .IX Item "encrypt" -This state represents the \s-1PKEY\s0 when it is ready to encrypt some plaintext. +This state represents the PKEY when it is ready to encrypt some plaintext. .IP "key generation" 4 .IX Item "key generation" -This state represents the \s-1PKEY\s0 when it is ready to generate a new public/private key. +This state represents the PKEY when it is ready to generate a new public/private key. .IP "parameter generation" 4 .IX Item "parameter generation" -This state represents the \s-1PKEY\s0 when it is ready to generate key parameters. -.IP "verify" 4 +This state represents the PKEY when it is ready to generate key parameters. +.IP verify 4 .IX Item "verify" -This state represents the \s-1PKEY\s0 when it is ready to verify a public key signature. +This state represents the PKEY when it is ready to verify a public key signature. .IP "verify recover" 4 .IX Item "verify recover" -This state represents the \s-1PKEY\s0 when it is ready to recover a public key signature data. -.IP "freed" 4 +This state represents the PKEY when it is ready to recover a public key signature data. +.IP freed 4 .IX Item "freed" -This state is entered when the \s-1PKEY\s0 is freed. It is the terminal state -for all life-cycle transitions. +This state is entered when the PKEY is freed. It is the terminal state +for all life\-cycle transitions. .SS "State Transition Diagram" .IX Subsection "State Transition Diagram" -The usual life-cycle of a \s-1PKEY\s0 object is illustrated: +The usual life\-cycle of a PKEY object is illustrated: +-------------+ | | | start | @@ -244,9 +169,9 @@ + - - - - - + +-----------+ - ' ' EVP_PKEY_CTX_free | | - ' any state '------------------->| freed | - ' ' | | + \*(Aq \*(Aq EVP_PKEY_CTX_free | | + \*(Aq any state \*(Aq------------------->| freed | + \*(Aq \*(Aq | | + - - - - - + +-----------+ .SS "Formal State Transitions" .IX Subsection "Formal State Transitions" @@ -299,9 +224,9 @@ EVP_PKEY_CTX_settable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key sign recover generation generation EVP_PKEY_CTX_free freed freed freed freed freed freed freed freed freed freed freed freed -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -At some point the \s-1EVP\s0 layer will begin enforcing the transitions described +At some point the EVP layer will begin enforcing the transitions described herein. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -309,14 +234,14 @@ \&\fBEVP_PKEY_decapsulate\fR\|(3), \fBEVP_PKEY_decrypt\fR\|(3), \fBEVP_PKEY_encapsulate\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \fBEVP_PKEY_derive\fR\|(3), \fBEVP_PKEY_keygen\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3), \fBEVP_PKEY_verify_recover\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The provider \s-1PKEY\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider PKEY interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/life_cycle-rand.7.orig +++ secure/lib/libcrypto/man/man7/life_cycle-rand.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,104 +53,45 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "LIFE_CYCLE-RAND 7ossl" -.TH LIFE_CYCLE-RAND 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH LIFE_CYCLE-RAND 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME life_cycle\-rand \- The RAND algorithm life\-cycle -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" All random number generator (RANDs) -go through a number of stages in their life-cycle: -.IP "start" 4 +go through a number of stages in their life\-cycle: +.IP start 4 .IX Item "start" -This state represents the \s-1RAND\s0 before it has been allocated. It is the -starting state for any life-cycle transitions. -.IP "newed" 4 +This state represents the RAND before it has been allocated. It is the +starting state for any life\-cycle transitions. +.IP newed 4 .IX Item "newed" -This state represents the \s-1RAND\s0 after it has been allocated but unable to +This state represents the RAND after it has been allocated but unable to generate any output. -.IP "instantiated" 4 +.IP instantiated 4 .IX Item "instantiated" -This state represents the \s-1RAND\s0 when it is set up and capable of generating +This state represents the RAND when it is set up and capable of generating output. -.IP "uninstantiated" 4 +.IP uninstantiated 4 .IX Item "uninstantiated" -This state represents the \s-1RAND\s0 when it has been shutdown and it is no longer +This state represents the RAND when it has been shutdown and it is no longer capable of generating output. -.IP "freed" 4 +.IP freed 4 .IX Item "freed" -This state is entered when the \s-1RAND\s0 is freed. It is the terminal state -for all life-cycle transitions. +This state is entered when the RAND is freed. It is the terminal state +for all life\-cycle transitions. .SS "State Transition Diagram" .IX Subsection "State Transition Diagram" -The usual life-cycle of a \s-1RAND\s0 is illustrated: +The usual life\-cycle of a RAND is illustrated: +-------------------------+ | start | +-------------------------+ @@ -183,11 +108,11 @@ +-------------------- | | | | instantiated | +-------------------> | | <+ - +-------------------------+ ' - | ' - | EVP_RAND_uninstantiate ' EVP_RAND_instantiate - v ' - +-------------------------+ ' + +-------------------------+ \*(Aq + | \*(Aq + | EVP_RAND_uninstantiate \*(Aq EVP_RAND_instantiate + v \*(Aq + +-------------------------+ \*(Aq | uninstantiated | -+ +-------------------------+ | @@ -211,21 +136,21 @@ EVP_RAND_CTX_set_params newed instantiated uninstantiated freed EVP_RAND_CTX_gettable_params newed instantiated uninstantiated freed EVP_RAND_CTX_settable_params newed instantiated uninstantiated freed -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -At some point the \s-1EVP\s0 layer will begin enforcing the transitions described +At some point the EVP layer will begin enforcing the transitions described herein. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\-rand\fR\|(7), \s-1\fBEVP_RAND\s0\fR\|(3). -.SH "HISTORY" +\&\fBprovider\-rand\fR\|(7), \fBEVP_RAND\fR\|(3). +.SH HISTORY .IX Header "HISTORY" -The provider \s-1RAND\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider RAND interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/migration_guide.7.orig +++ secure/lib/libcrypto/man/man7/migration_guide.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "MIGRATION_GUIDE 7ossl" -.TH MIGRATION_GUIDE 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH MIGRATION_GUIDE 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME migration_guide \- OpenSSL migration guide -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" See the individual manual pages for details. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This guide details the changes required to migrate to new versions of OpenSSL. Currently this covers OpenSSL 3.0. For earlier versions refer to @@ -164,7 +89,7 @@ previously worked with OpenSSL 1.1.1. However this is not guaranteed and some changes may be required in some cases. Changes may also be required if applications need to take advantage of some of the new features available in -OpenSSL 3.0 such as the availability of the \s-1FIPS\s0 module. +OpenSSL 3.0 such as the availability of the FIPS module. .PP \fILicense Change\fR .IX Subsection "License Change" @@ -174,7 +99,7 @@ (both licenses apply). From OpenSSL 3.0 this is replaced by the Apache License v2 . .PP -\fIProviders and \s-1FIPS\s0 support\fR +\fIProviders and FIPS support\fR .IX Subsection "Providers and FIPS support" .PP One of the key changes from OpenSSL 1.1.1 is the introduction of the Provider @@ -184,42 +109,42 @@ OpenSSL 3.0 comes with 5 different providers as standard. Over time third parties may distribute additional providers that can be plugged into OpenSSL. All algorithm implementations available via providers are accessed through the -\&\*(L"high level\*(R" APIs (for example those functions prefixed with \f(CW\*(C`EVP\*(C'\fR). They cannot -be accessed using the \*(L"Low Level APIs\*(R". +"high level" APIs (for example those functions prefixed with \f(CW\*(C`EVP\*(C'\fR). They cannot +be accessed using the "Low Level APIs". .PP -One of the standard providers available is the \s-1FIPS\s0 provider. This makes -available \s-1FIPS\s0 validated cryptographic algorithms. -The \s-1FIPS\s0 provider is disabled by default and needs to be enabled explicitly +One of the standard providers available is the FIPS provider. This makes +available FIPS validated cryptographic algorithms. +The FIPS provider is disabled by default and needs to be enabled explicitly at configuration time using the \f(CW\*(C`enable\-fips\*(C'\fR option. If it is enabled, -the \s-1FIPS\s0 provider gets built and installed in addition to the other standard +the FIPS provider gets built and installed in addition to the other standard providers. No separate installation procedure is necessary. There is however a dedicated \f(CW\*(C`install_fips\*(C'\fR make target, which serves the -special purpose of installing only the \s-1FIPS\s0 provider into an existing +special purpose of installing only the FIPS provider into an existing OpenSSL installation. .PP Not all algorithms may be available for the application at a particular moment. -If the application code uses any digest or cipher algorithm via the \s-1EVP\s0 interface, +If the application code uses any digest or cipher algorithm via the EVP interface, the application should verify the result of the \fBEVP_EncryptInit\fR\|(3), \&\fBEVP_EncryptInit_ex\fR\|(3), and \fBEVP_DigestInit\fR\|(3) functions. In case when the requested algorithm is not available, these functions will fail. .PP -See also \*(L"Legacy Algorithms\*(R" for information on the legacy provider. +See also "Legacy Algorithms" for information on the legacy provider. .PP -See also \*(L"Completing the installation of the \s-1FIPS\s0 Module\*(R" and -\&\*(L"Using the \s-1FIPS\s0 Module in applications\*(R". +See also "Completing the installation of the FIPS Module" and +"Using the FIPS Module in applications". .PP \fILow Level APIs\fR .IX Subsection "Low Level APIs" .PP OpenSSL has historically provided two sets of APIs for invoking cryptographic -algorithms: the \*(L"high level\*(R" APIs (such as the \f(CW\*(C`EVP\*(C'\fR APIs) and the \*(L"low level\*(R" +algorithms: the "high level" APIs (such as the \f(CW\*(C`EVP\*(C'\fR APIs) and the "low level" APIs. The high level APIs are typically designed to work across all algorithm -types. The \*(L"low level\*(R" APIs are targeted at a specific algorithm implementation. -For example, the \s-1EVP\s0 APIs provide the functions \fBEVP_EncryptInit_ex\fR\|(3), +types. The "low level" APIs are targeted at a specific algorithm implementation. +For example, the EVP APIs provide the functions \fBEVP_EncryptInit_ex\fR\|(3), \&\fBEVP_EncryptUpdate\fR\|(3) and \fBEVP_EncryptFinal\fR\|(3) to perform symmetric -encryption. Those functions can be used with the algorithms \s-1AES, CHACHA, 3DES\s0 etc. -On the other hand, to do \s-1AES\s0 encryption using the low level APIs you would have -to call \s-1AES\s0 specific functions such as \fBAES_set_encrypt_key\fR\|(3), +encryption. Those functions can be used with the algorithms AES, CHACHA, 3DES etc. +On the other hand, to do AES encryption using the low level APIs you would have +to call AES specific functions such as \fBAES_set_encrypt_key\fR\|(3), \&\fBAES_encrypt\fR\|(3), and so on. The functions for 3DES are different. Use of the low level APIs has been informally discouraged by the OpenSSL development team for a long time. However in OpenSSL 3.0 this is made more @@ -229,112 +154,120 @@ removed from future versions of OpenSSL so you are strongly encouraged to update your code to use the high level APIs instead. .PP -This is described in more detail in \*(L"Deprecation of Low Level Functions\*(R" +This is described in more detail in "Deprecation of Low Level Functions" .PP \fILegacy Algorithms\fR .IX Subsection "Legacy Algorithms" .PP -Some cryptographic algorithms such as \fB\s-1MD2\s0\fR and \fB\s-1DES\s0\fR that were available via -the \s-1EVP\s0 APIs are now considered legacy and their use is strongly discouraged. -These legacy \s-1EVP\s0 algorithms are still available in OpenSSL 3.0 but not by +Some cryptographic algorithms such as \fBMD2\fR and \fBDES\fR that were available via +the EVP APIs are now considered legacy and their use is strongly discouraged. +These legacy EVP algorithms are still available in OpenSSL 3.0 but not by default. If you want to use them then you must load the legacy provider. This can be as simple as a config file change, or can be done programmatically. See \fBOSSL_PROVIDER\-legacy\fR\|(7) for a complete list of algorithms. -Applications using the \s-1EVP\s0 APIs to access these algorithms should instead use +Applications using the EVP APIs to access these algorithms should instead use more modern algorithms. If that is not possible then these applications should ensure that the legacy provider has been loaded. This can be achieved either programmatically or via configuration. See \fBcrypto\fR\|(7) man page for more information about providers. .PP -\fIEngines and \*(L"\s-1METHOD\*(R"\s0 APIs\fR -.IX Subsection "Engines and METHOD APIs" +\fIEngines and "METHOD" APIs\fR +.IX Subsection "Engines and ""METHOD"" APIs" .PP The refactoring to support Providers conflicts internally with the APIs used to -support engines, including the \s-1ENGINE API\s0 and any function that creates or -modifies custom \*(L"\s-1METHODS\*(R"\s0 (for example \fBEVP_MD_meth_new\fR\|(3), +support engines, including the ENGINE API and any function that creates or +modifies custom "METHODS" (for example \fBEVP_MD_meth_new\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3), \fBEVP_PKEY_meth_new\fR\|(3), \fBRSA_meth_new\fR\|(3), \&\fBEC_KEY_METHOD_new\fR\|(3), etc.). These functions are being deprecated in OpenSSL 3.0, and users of these APIs should know that their use can likely bypass provider selection and configuration, with unintended consequences. This is particularly relevant for applications written to use the OpenSSL 3.0 -\&\s-1FIPS\s0 module, as detailed below. Authors and maintainers of external engines are +FIPS module, as detailed below. Authors and maintainers of external engines are strongly encouraged to refactor their code transforming engines into providers -using the new Provider \s-1API\s0 and avoiding deprecated methods. +using the new Provider API and avoiding deprecated methods. .PP \fISupport of legacy engines\fR .IX Subsection "Support of legacy engines" .PP -If openssl is not built without engine support or deprecated \s-1API\s0 support, engines +If openssl is not built without engine support or deprecated API support, engines will still work. However, their applicability will be limited. .PP New algorithms provided via engines will still work. .PP -Engine-backed keys can be loaded via custom \fB\s-1OSSL_STORE\s0\fR implementation. -In this case the \fB\s-1EVP_PKEY\s0\fR objects created via \fBENGINE_load_private_key\fR\|(3) +Engine\-backed keys can be loaded via custom \fBOSSL_STORE\fR implementation. +In this case the \fBEVP_PKEY\fR objects created via \fBENGINE_load_private_key\fR\|(3) will be considered legacy and will continue to work. .PP To ensure the future compatibility, the engines should be turned to providers. -To prefer the provider-based hardware offload, you can specify the default +To prefer the provider\-based hardware offload, you can specify the default properties to prefer your provider. .PP +Setting engine\-based or application\-based default low\-level crypto method such +as \fBRSA_METHOD\fR or \fBEC_KEY_METHOD\fR is still possible and keys inside the +default provider will use the engine\-based implementation for the crypto +operations. However \fBEVP_PKEY\fRs created by decoding by using \fBOSSL_DECODER\fR, +\&\fBPEM_\fR or \fBd2i_\fR APIs will be provider\-based. To create a fully legacy +\&\fBEVP_PKEY\fRs \fBEVP_PKEY_set1_RSA\fR\|(3), \fBEVP_PKEY_set1_EC_KEY\fR\|(3) or similar +functions must be used. +.PP \fIVersioning Scheme\fR .IX Subsection "Versioning Scheme" .PP The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new versioning scheme has this format: .PP -\&\s-1MAJOR.MINOR.PATCH\s0 +MAJOR.MINOR.PATCH .PP For OpenSSL 1.1.1 and below, different patch levels were indicated by a letter at the end of the release version number. This will no longer be used and instead the patch level is indicated by the final number in the version. A -change in the second (\s-1MINOR\s0) number indicates that new features may have been -added. OpenSSL versions with the same major number are \s-1API\s0 and \s-1ABI\s0 compatible. -If the major number changes then \s-1API\s0 and \s-1ABI\s0 compatibility is not guaranteed. +change in the second (MINOR) number indicates that new features may have been +added. OpenSSL versions with the same major number are API and ABI compatible. +If the major number changes then API and ABI compatibility is not guaranteed. .PP For more information, see \fBOpenSSL_version\fR\|(3). .PP \fIOther major new features\fR .IX Subsection "Other major new features" .PP -Certificate Management Protocol (\s-1CMP, RFC 4210\s0) +Certificate Management Protocol (CMP, RFC 4210) .IX Subsection "Certificate Management Protocol (CMP, RFC 4210)" .PP -This also covers \s-1CRMF\s0 (\s-1RFC 4211\s0) and \s-1HTTP\s0 transfer (\s-1RFC 6712\s0) +This also covers CRMF (RFC 4211) and HTTP transfer (RFC 6712) See \fBopenssl\-cmp\fR\|(1) and \fBOSSL_CMP_exec_certreq\fR\|(3) as starting points. .PP -\s-1HTTP\s0(S) client +HTTP(S) client .IX Subsection "HTTP(S) client" .PP -A proper \s-1HTTP\s0(S) client that supports \s-1GET\s0 and \s-1POST,\s0 redirection, plain and -\&\s-1ASN\s0.1\-encoded contents, proxies, and timeouts. +A proper HTTP(S) client that supports GET and POST, redirection, plain and +ASN.1\-encoded contents, proxies, and timeouts. .PP -Key Derivation Function \s-1API\s0 (\s-1EVP_KDF\s0) +Key Derivation Function API (EVP_KDF) .IX Subsection "Key Derivation Function API (EVP_KDF)" .PP -This simplifies the process of adding new \s-1KDF\s0 and \s-1PRF\s0 implementations. +This simplifies the process of adding new KDF and PRF implementations. .PP -Previously \s-1KDF\s0 algorithms had been shoe-horned into using the \s-1EVP_PKEY\s0 object +Previously KDF algorithms had been shoe\-horned into using the EVP_PKEY object which was not a logical mapping. -Existing applications that use \s-1KDF\s0 algorithms using \s-1EVP_PKEY\s0 -(scrypt, \s-1TLS1 PRF\s0 and \s-1HKDF\s0) may be slower as they use an \s-1EVP_KDF\s0 bridge +Existing applications that use KDF algorithms using EVP_PKEY +(scrypt, TLS1 PRF and HKDF) may be slower as they use an EVP_KDF bridge internally. -All new applications should use the new \s-1\fBEVP_KDF\s0\fR\|(3) interface. -See also \*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7) and -\&\*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7). +All new applications should use the new \fBEVP_KDF\fR\|(3) interface. +See also "Key Derivation Function (KDF)" in \fBOSSL_PROVIDER\-default\fR\|(7) and +"Key Derivation Function (KDF)" in \fBOSSL_PROVIDER\-FIPS\fR\|(7). .PP -Message Authentication Code \s-1API\s0 (\s-1EVP_MAC\s0) +Message Authentication Code API (EVP_MAC) .IX Subsection "Message Authentication Code API (EVP_MAC)" .PP -This simplifies the process of adding \s-1MAC\s0 implementations. +This simplifies the process of adding MAC implementations. .PP -This includes a generic \s-1EVP_PKEY\s0 to \s-1EVP_MAC\s0 bridge, to facilitate the continued +This includes a generic EVP_PKEY to EVP_MAC bridge, to facilitate the continued use of MACs through raw private keys in functionality such as \&\fBEVP_DigestSign\fR\|(3) and \fBEVP_DigestVerify\fR\|(3). .PP -All new applications should use the new \s-1\fBEVP_MAC\s0\fR\|(3) interface. -See also \*(L"Message Authentication Code (\s-1MAC\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7) -and \*(L"Message Authentication Code (\s-1MAC\s0)\*(R" in \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7). +All new applications should use the new \fBEVP_MAC\fR\|(3) interface. +See also "Message Authentication Code (MAC)" in \fBOSSL_PROVIDER\-default\fR\|(7) +and "Message Authentication Code (MAC)" in \fBOSSL_PROVIDER\-FIPS\fR\|(7). .PP Algorithm Fetching .IX Subsection "Algorithm Fetching" @@ -344,74 +277,74 @@ Retrieving algorithms from providers involves searching for an algorithm by name. This is much slower than directly accessing a method table. It is recommended to prefetch algorithms if an algorithm is used many times. -See \*(L"Performance\*(R" in \fBcrypto\fR\|(7), \*(L"Explicit fetching\*(R" in \fBcrypto\fR\|(7) and \*(L"Implicit fetching\*(R" in \fBcrypto\fR\|(7). +See "Performance" in \fBcrypto\fR\|(7), "Explicit fetching" in \fBcrypto\fR\|(7) and "Implicit fetching" in \fBcrypto\fR\|(7). .PP -Support for Linux Kernel \s-1TLS\s0 +Support for Linux Kernel TLS .IX Subsection "Support for Linux Kernel TLS" .PP -In order to use \s-1KTLS,\s0 support for it must be compiled in using the +In order to use KTLS, support for it must be compiled in using the \&\f(CW\*(C`enable\-ktls\*(C'\fR configuration option. It must also be enabled at run time using -the \fB\s-1SSL_OP_ENABLE_KTLS\s0\fR option. +the \fBSSL_OP_ENABLE_KTLS\fR option. .PP New Algorithms .IX Subsection "New Algorithms" -.IP "\(bu" 4 -\&\s-1KDF\s0 algorithms \*(L"\s-1SINGLE STEP\*(R"\s0 and \*(L"\s-1SSH\*(R"\s0 +.IP \(bu 4 +KDF algorithms "SINGLE STEP" and "SSH" .Sp -See \s-1\fBEVP_KDF\-SS\s0\fR\|(7) and \s-1\fBEVP_KDF\-SSHKDF\s0\fR\|(7) -.IP "\(bu" 4 -\&\s-1MAC\s0 Algorithms \*(L"\s-1GMAC\*(R"\s0 and \*(L"\s-1KMAC\*(R"\s0 +See \fBEVP_KDF\-SS\fR\|(7) and \fBEVP_KDF\-SSHKDF\fR\|(7) +.IP \(bu 4 +MAC Algorithms "GMAC" and "KMAC" .Sp -See \s-1\fBEVP_MAC\-GMAC\s0\fR\|(7) and \s-1\fBEVP_MAC\-KMAC\s0\fR\|(7). -.IP "\(bu" 4 -\&\s-1KEM\s0 Algorithm \*(L"\s-1RSASVE\*(R"\s0 +See \fBEVP_MAC\-GMAC\fR\|(7) and \fBEVP_MAC\-KMAC\fR\|(7). +.IP \(bu 4 +KEM Algorithm "RSASVE" .Sp -See \s-1\fBEVP_KEM\-RSA\s0\fR\|(7). -.IP "\(bu" 4 -Cipher Algorithm \*(L"AES-SIV\*(R" +See \fBEVP_KEM\-RSA\fR\|(7). +.IP \(bu 4 +Cipher Algorithm "AES\-SIV" .Sp -See \*(L"\s-1SIV\s0 Mode\*(R" in \fBEVP_EncryptInit\fR\|(3). -.IP "\(bu" 4 -\&\s-1AES\s0 Key Wrap inverse ciphers supported by \s-1EVP\s0 layer. +See "SIV Mode" in \fBEVP_EncryptInit\fR\|(3). +.IP \(bu 4 +AES Key Wrap inverse ciphers supported by EVP layer. .Sp -The inverse ciphers use \s-1AES\s0 decryption for wrapping, and \s-1AES\s0 encryption for -unwrapping. The algorithms are: \*(L"\s-1AES\-128\-WRAP\-INV\*(R", \*(L"AES\-192\-WRAP\-INV\*(R", -\&\*(L"AES\-256\-WRAP\-INV\*(R", \*(L"AES\-128\-WRAP\-PAD\-INV\*(R", \*(L"AES\-192\-WRAP\-PAD\-INV\*(R"\s0 and -\&\*(L"\s-1AES\-256\-WRAP\-PAD\-INV\*(R".\s0 -.IP "\(bu" 4 -\&\s-1CTS\s0 ciphers added to \s-1EVP\s0 layer. +The inverse ciphers use AES decryption for wrapping, and AES encryption for +unwrapping. The algorithms are: "AES\-128\-WRAP\-INV", "AES\-192\-WRAP\-INV", +"AES\-256\-WRAP\-INV", "AES\-128\-WRAP\-PAD\-INV", "AES\-192\-WRAP\-PAD\-INV" and +"AES\-256\-WRAP\-PAD\-INV". +.IP \(bu 4 +CTS ciphers added to EVP layer. .Sp -The algorithms are \*(L"\s-1AES\-128\-CBC\-CTS\*(R", \*(L"AES\-192\-CBC\-CTS\*(R", \*(L"AES\-256\-CBC\-CTS\*(R", -\&\*(L"CAMELLIA\-128\-CBC\-CTS\*(R", \*(L"CAMELLIA\-192\-CBC\-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA\-256\-CBC\-CTS\*(R". -CS1, CS2\s0 and \s-1CS3\s0 variants are supported. +The algorithms are "AES\-128\-CBC\-CTS", "AES\-192\-CBC\-CTS", "AES\-256\-CBC\-CTS", +"CAMELLIA\-128\-CBC\-CTS", "CAMELLIA\-192\-CBC\-CTS" and "CAMELLIA\-256\-CBC\-CTS". +CS1, CS2 and CS3 variants are supported. .PP -\s-1CMS\s0 and PKCS#7 updates +CMS and PKCS#7 updates .IX Subsection "CMS and PKCS#7 updates" -.IP "\(bu" 4 -Added CAdES-BES signature verification support. -.IP "\(bu" 4 -Added CAdES-BES signature scheme and attributes support (\s-1RFC 5126\s0) to \s-1CMS API.\s0 -.IP "\(bu" 4 -Added AuthEnvelopedData content type structure (\s-1RFC 5083\s0) using \s-1AES_GCM\s0 -.Sp -This uses the AES-GCM parameter (\s-1RFC 5084\s0) for the Cryptographic Message Syntax. +.IP \(bu 4 +Added CAdES\-BES signature verification support. +.IP \(bu 4 +Added CAdES\-BES signature scheme and attributes support (RFC 5126) to CMS API. +.IP \(bu 4 +Added AuthEnvelopedData content type structure (RFC 5083) using AES_GCM +.Sp +This uses the AES\-GCM parameter (RFC 5084) for the Cryptographic Message Syntax. Its purpose is to support encryption and decryption of a digital envelope that -is both authenticated and encrypted using \s-1AES GCM\s0 mode. -.IP "\(bu" 4 +is both authenticated and encrypted using AES GCM mode. +.IP \(bu 4 \&\fBPKCS7_get_octet_string\fR\|(3) and \fBPKCS7_type_is_other\fR\|(3) were made public. .PP -PKCS#12 \s-1API\s0 updates +PKCS#12 API updates .IX Subsection "PKCS#12 API updates" .PP The default algorithms for pkcs12 creation with the \fBPKCS12_create()\fR function -were changed to more modern \s-1PBKDF2\s0 and \s-1AES\s0 based algorithms. The default -\&\s-1MAC\s0 iteration count was changed to \s-1PKCS12_DEFAULT_ITER\s0 to make it equal -with the password-based encryption iteration count. The default digest -algorithm for the \s-1MAC\s0 computation was changed to \s-1SHA\-256.\s0 The pkcs12 +were changed to more modern PBKDF2 and AES based algorithms. The default +MAC iteration count was changed to PKCS12_DEFAULT_ITER to make it equal +with the password\-based encryption iteration count. The default digest +algorithm for the MAC computation was changed to SHA\-256. The pkcs12 application now supports \-legacy option that restores the previous default algorithms to support interoperability with legacy systems. .PP -Added enhanced PKCS#12 APIs which accept a library context \fB\s-1OSSL_LIB_CTX\s0\fR +Added enhanced PKCS#12 APIs which accept a library context \fBOSSL_LIB_CTX\fR and (where relevant) a property query. Other APIs which handle PKCS#7 and PKCS#8 objects have also been enhanced where required. This includes: .PP @@ -430,31 +363,31 @@ derivation function which supports these parameters. This includes \&\fBEVP_PBE_CipherInit_ex\fR\|(3), \fBEVP_PBE_find_ex\fR\|(3) and \fBEVP_PBE_scrypt_ex\fR\|(3). .PP -PKCS#12 \s-1KDF\s0 versus \s-1FIPS\s0 +PKCS#12 KDF versus FIPS .IX Subsection "PKCS#12 KDF versus FIPS" .PP -Unlike in 1.x.y, the \s-1PKCS12KDF\s0 algorithm used when a PKCS#12 structure -is created with a \s-1MAC\s0 that does not work with the \s-1FIPS\s0 provider as the \s-1PKCS12KDF\s0 -is not a \s-1FIPS\s0 approvable mechanism. +Unlike in 1.x.y, the PKCS12KDF algorithm used when a PKCS#12 structure +is created with a MAC that does not work with the FIPS provider as the PKCS12KDF +is not a FIPS approvable mechanism. .PP -See \s-1\fBEVP_KDF\-PKCS12KDF\s0\fR\|(7), \fBPKCS12_create\fR\|(3), \fBopenssl\-pkcs12\fR\|(1), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7). +See \fBEVP_KDF\-PKCS12KDF\fR\|(7), \fBPKCS12_create\fR\|(3), \fBopenssl\-pkcs12\fR\|(1), +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7). .PP Windows thread synchronization changes .IX Subsection "Windows thread synchronization changes" .PP Windows thread synchronization uses read/write primitives (SRWLock) when -supported by the \s-1OS,\s0 otherwise CriticalSection continues to be used. +supported by the OS, otherwise CriticalSection continues to be used. .PP -Trace \s-1API\s0 +Trace API .IX Subsection "Trace API" .PP -A new generic trace \s-1API\s0 has been added which provides support for enabling +A new generic trace API has been added which provides support for enabling instrumentation through trace output. This feature is mainly intended as an aid for developers and is disabled by default. To utilize it, OpenSSL needs to be configured with the \f(CW\*(C`enable\-trace\*(C'\fR option. .PP -If the tracing \s-1API\s0 is enabled, the application can activate trace output by +If the tracing API is enabled, the application can activate trace output by registering BIOs as trace channels for a number of tracing and debugging categories. See \fBOSSL_trace_enabled\fR\|(3). .PP @@ -462,7 +395,7 @@ .IX Subsection "Key validation updates" .PP \&\fBEVP_PKEY_public_check\fR\|(3) and \fBEVP_PKEY_param_check\fR\|(3) now work for -more key types. This includes \s-1RSA, DSA, ED25519, X25519, ED448\s0 and X448. +more key types. This includes RSA, DSA, ED25519, X25519, ED448 and X448. Previously (in 1.1.1) they would return \-2. For key types that do not have parameters then \fBEVP_PKEY_param_check\fR\|(3) will always return 1. .PP @@ -474,18 +407,18 @@ .PP This code is now always set to zero. Related functions are deprecated. .PP -\s-1STACK\s0 and \s-1HASH\s0 macros have been cleaned up +STACK and HASH macros have been cleaned up .IX Subsection "STACK and HASH macros have been cleaned up" .PP -The type-safe wrappers are declared everywhere and implemented once. -See \s-1\fBDEFINE_STACK_OF\s0\fR\|(3) and \s-1\fBDECLARE_LHASH_OF\s0\fR\|(3). +The type\-safe wrappers are declared everywhere and implemented once. +See \fBDEFINE_STACK_OF\fR\|(3) and \fBDECLARE_LHASH_OF\fR\|(3). .PP -The \s-1RAND_DRBG\s0 subsystem has been removed +The RAND_DRBG subsystem has been removed .IX Subsection "The RAND_DRBG subsystem has been removed" .PP -The new \s-1\fBEVP_RAND\s0\fR\|(3) is a partial replacement: the \s-1DRBG\s0 callback framework is -absent. The \s-1RAND_DRBG API\s0 did not fit well into the new provider concept as -implemented by \s-1EVP_RAND\s0 and \s-1EVP_RAND_CTX.\s0 +The new \fBEVP_RAND\fR\|(3) is a partial replacement: the DRBG callback framework is +absent. The RAND_DRBG API did not fit well into the new provider concept as +implemented by EVP_RAND and EVP_RAND_CTX. .PP Removed \fBFIPS_mode()\fR and \fBFIPS_mode_set()\fR .IX Subsection "Removed FIPS_mode() and FIPS_mode_set()" @@ -498,55 +431,55 @@ Key generation is slower .IX Subsection "Key generation is slower" .PP -The Miller-Rabin test now uses 64 rounds, which is used for all prime generation, -including \s-1RSA\s0 key generation. This affects the time for larger keys sizes. +The Miller\-Rabin test now uses 64 rounds, which is used for all prime generation, +including RSA key generation. This affects the time for larger keys sizes. .PP -The default key generation method for the regular 2\-prime \s-1RSA\s0 keys was changed -to the \s-1FIPS186\-4 B.3.6\s0 method (Generation of Probable Primes with Conditions +The default key generation method for the regular 2\-prime RSA keys was changed +to the FIPS186\-4 B.3.6 method (Generation of Probable Primes with Conditions Based on Auxiliary Probable Primes). This method is slower than the original method. .PP -Change \s-1PBKDF2\s0 to conform to \s-1SP800\-132\s0 instead of the older \s-1PKCS5 RFC2898\s0 +Change PBKDF2 to conform to SP800\-132 instead of the older PKCS5 RFC2898 .IX Subsection "Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898" .PP This checks that the salt length is at least 128 bits, the derived key length is at least 112 bits, and that the iteration count is at least 1000. For backwards compatibility these checks are disabled by default in the -default provider, but are enabled by default in the \s-1FIPS\s0 provider. +default provider, but are enabled by default in the FIPS provider. .PP -To enable or disable the checks see \fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR in -\&\s-1\fBEVP_KDF\-PBKDF2\s0\fR\|(7). The parameter can be set using \fBEVP_KDF_derive\fR\|(3). +To enable or disable the checks see \fBOSSL_KDF_PARAM_PKCS5\fR in +\&\fBEVP_KDF\-PBKDF2\fR\|(7). The parameter can be set using \fBEVP_KDF_derive\fR\|(3). .PP -Enforce a minimum \s-1DH\s0 modulus size of 512 bits +Enforce a minimum DH modulus size of 512 bits .IX Subsection "Enforce a minimum DH modulus size of 512 bits" .PP Smaller sizes now result in an error. .PP -\s-1SM2\s0 key changes +SM2 key changes .IX Subsection "SM2 key changes" .PP -\&\s-1EC\s0 EVP_PKEYs with the \s-1SM2\s0 curve have been reworked to automatically become -\&\s-1EVP_PKEY_SM2\s0 rather than \s-1EVP_PKEY_EC.\s0 +EC EVP_PKEYs with the SM2 curve have been reworked to automatically become +EVP_PKEY_SM2 rather than EVP_PKEY_EC. .PP Unlike in previous OpenSSL versions, this means that applications cannot -call \f(CW\*(C`EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)\*(C'\fR to get \s-1SM2\s0 computations. +call \f(CW\*(C`EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)\*(C'\fR to get SM2 computations. .PP Parameter and key generation is also reworked to make it possible -to generate \s-1EVP_PKEY_SM2\s0 parameters and keys. Applications must now generate -\&\s-1SM2\s0 keys directly and must not create an \s-1EVP_PKEY_EC\s0 key first. It is no longer -possible to import an \s-1SM2\s0 key with domain parameters other than the \s-1SM2\s0 elliptic +to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate +SM2 keys directly and must not create an EVP_PKEY_EC key first. It is no longer +possible to import an SM2 key with domain parameters other than the SM2 elliptic curve ones. .PP -Validation of \s-1SM2\s0 keys has been separated from the validation of regular \s-1EC\s0 -keys, allowing to improve the \s-1SM2\s0 validation process to reject loaded private -keys that are not conforming to the \s-1SM2 ISO\s0 standard. +Validation of SM2 keys has been separated from the validation of regular EC +keys, allowing to improve the SM2 validation process to reject loaded private +keys that are not conforming to the SM2 ISO standard. In particular, a private scalar \fIk\fR outside the range \fI1 <= k < n\-1\fR is now correctly rejected. .PP \fBEVP_PKEY_set_alias_type()\fR method has been removed .IX Subsection "EVP_PKEY_set_alias_type() method has been removed" .PP -This function made a \fB\s-1EVP_PKEY\s0\fR object mutable after it had been set up. In +This function made a \fBEVP_PKEY\fR object mutable after it had been set up. In OpenSSL 3.0 it was decided that a provided key should not be able to change its type, so this function has been removed. .PP @@ -554,28 +487,28 @@ .IX Subsection "Functions that return an internal key should be treated as read only" .PP Functions such as \fBEVP_PKEY_get0_RSA\fR\|(3) behave slightly differently in -OpenSSL 3.0. Previously they returned a pointer to the low-level key used +OpenSSL 3.0. Previously they returned a pointer to the low\-level key used internally by libcrypto. From OpenSSL 3.0 this key may now be held in a provider. Calling these functions will only return a handle on the internal key -where the \s-1EVP_PKEY\s0 was constructed using this key in the first place, for +where the EVP_PKEY was constructed using this key in the first place, for example using a function or macro such as \fBEVP_PKEY_assign_RSA\fR\|(3), \&\fBEVP_PKEY_set1_RSA\fR\|(3), etc. -Where the \s-1EVP_PKEY\s0 holds a provider managed key, then these functions now return +Where the EVP_PKEY holds a provider managed key, then these functions now return a cached copy of the key. Changes to the internal provider key that take place after the first time the cached key is accessed will not be reflected back in the cached copy. Similarly any changes made to the cached copy by application code will not be reflected back in the internal provider key. .PP For the above reasons the keys returned from these functions should typically be -treated as read-only. To emphasise this the value returned from +treated as read\-only. To emphasise this the value returned from \&\fBEVP_PKEY_get0_RSA\fR\|(3), \fBEVP_PKEY_get0_DSA\fR\|(3), \fBEVP_PKEY_get0_EC_KEY\fR\|(3) and \&\fBEVP_PKEY_get0_DH\fR\|(3) have been made const. This may break some existing code. Applications broken by this change should be modified. The preferred solution is to refactor the code to avoid the use of these deprecated functions. Failing this the code should be modified to use a const pointer instead. The \fBEVP_PKEY_get1_RSA\fR\|(3), \fBEVP_PKEY_get1_DSA\fR\|(3), \fBEVP_PKEY_get1_EC_KEY\fR\|(3) -and \fBEVP_PKEY_get1_DH\fR\|(3) functions continue to return a non-const pointer to -enable them to be \*(L"freed\*(R". However they should also be treated as read-only. +and \fBEVP_PKEY_get1_DH\fR\|(3) functions continue to return a non\-const pointer to +enable them to be "freed". However they should also be treated as read\-only. .PP The public key check has moved from \fBEVP_PKEY_derive()\fR to \fBEVP_PKEY_derive_set_peer()\fR .IX Subsection "The public key check has moved from EVP_PKEY_derive() to EVP_PKEY_derive_set_peer()" @@ -587,7 +520,7 @@ The print format has cosmetic changes for some functions .IX Subsection "The print format has cosmetic changes for some functions" .PP -The output from numerous \*(L"printing\*(R" functions such as \fBX509_signature_print\fR\|(3), +The output from numerous "printing" functions such as \fBX509_signature_print\fR\|(3), \&\fBX509_print_ex\fR\|(3), \fBX509_CRL_print_ex\fR\|(3), and other similar functions has been amended such that there may be cosmetic differences between the output observed in 1.1.1 and 3.0. This also applies to the \fB\-text\fR output from the @@ -604,19 +537,19 @@ One significant change is that controls which used to return \-2 for invalid inputs, now return \-1 indicating a generic error condition instead. .PP -\s-1DH\s0 and \s-1DHX\s0 key types have different settable parameters +DH and DHX key types have different settable parameters .IX Subsection "DH and DHX key types have different settable parameters" .PP Previously (in 1.1.1) these conflicting parameters were allowed, but will now -result in errors. See \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) for further details. This affects the -behaviour of \fBopenssl\-genpkey\fR\|(1) for \s-1DH\s0 parameter generation. +result in errors. See \fBEVP_PKEY\-DH\fR\|(7) for further details. This affects the +behaviour of \fBopenssl\-genpkey\fR\|(1) for DH parameter generation. .PP \fBEVP_CIPHER_CTX_set_flags()\fR ordering change .IX Subsection "EVP_CIPHER_CTX_set_flags() ordering change" .PP -If using a cipher from a provider the \fB\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0\fR flag can only +If using a cipher from a provider the \fBEVP_CIPH_FLAG_LENGTH_BITS\fR flag can only be set \fBafter\fR the cipher has been assigned to the cipher context. -See \*(L"\s-1FLAGS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) for more information. +See "FLAGS" in \fBEVP_EncryptInit\fR\|(3) for more information. .PP Validation of operation context parameters .IX Subsection "Validation of operation context parameters" @@ -628,28 +561,28 @@ .PP For example when setting an unsupported curve with \&\fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR this function call will not fail -but later keygen operations with the \s-1EVP_PKEY_CTX\s0 will fail. +but later keygen operations with the EVP_PKEY_CTX will fail. .PP Removal of function code from the error codes .IX Subsection "Removal of function code from the error codes" .PP The function code part of the error code is now always set to 0. For that -reason the \s-1\fBERR_GET_FUNC\s0()\fR macro was removed. Applications must resolve +reason the \fBERR_GET_FUNC()\fR macro was removed. Applications must resolve the error codes only using the library number and the reason code. .PP -ChaCha20\-Poly1305 cipher does not allow a truncated \s-1IV\s0 length to be used +ChaCha20\-Poly1305 cipher does not allow a truncated IV length to be used .IX Subsection "ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used" .PP -In OpenSSL 3.0 setting the \s-1IV\s0 length to any value other than 12 will result in an +In OpenSSL 3.0 setting the IV length to any value other than 12 will result in an error. Prior to OpenSSL 3.0 the ivlen could be smaller that the required 12 byte length, -using EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CRTL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0). This resulted -in an \s-1IV\s0 that had leading zero padding. +using EVP_CIPHER_CTX_ctrl(ctx, EVP_CRTL_AEAD_SET_IVLEN, ivlen, NULL). This resulted +in an IV that had leading zero padding. .SS "Installation and Compilation" .IX Subsection "Installation and Compilation" -Please refer to the \s-1INSTALL\s0.md file in the top of the distribution for +Please refer to the INSTALL.md file in the top of the distribution for instructions on how to build and install OpenSSL 3.0. Please also refer to the -various platform specific \s-1NOTES\s0 files for your specific platform. +various platform specific NOTES files for your specific platform. .SS "Upgrading from OpenSSL 1.1.1" .IX Subsection "Upgrading from OpenSSL 1.1.1" Upgrading to OpenSSL 3.0 from OpenSSL 1.1.1 should be relatively straight @@ -657,11 +590,11 @@ is if you have used low level APIs in your code (as discussed above). In that case you are likely to start seeing deprecation warnings when compiling your application. If this happens you have 3 options: -.IP "1." 4 +.IP 1. 4 Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL. -.IP "2." 4 +.IP 2. 4 Suppress the warnings. Refer to your compiler documentation on how to do this. -.IP "3." 4 +.IP 3. 4 Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead .PP \fIError code changes\fR @@ -671,30 +604,30 @@ widely used file formats, application code that checks for particular error reason codes on key loading failures might need an update. .PP -Password-protected keys may deserve special attention. If only some errors +Password\-protected keys may deserve special attention. If only some errors are treated as an indicator that the user should be asked about the password again, -it's worth testing these scenarios and processing the newly relevant codes. +it\*(Aqs worth testing these scenarios and processing the newly relevant codes. .PP There may be more cases to treat specially, depending on the calling application code. .SS "Upgrading from OpenSSL 1.0.2" .IX Subsection "Upgrading from OpenSSL 1.0.2" Upgrading to OpenSSL 3.0 from OpenSSL 1.0.2 is likely to be significantly more difficult. In addition to the issues discussed above in the section about -\&\*(L"Upgrading from OpenSSL 1.1.1\*(R", the main things to be aware of are: -.IP "1." 4 +"Upgrading from OpenSSL 1.1.1", the main things to be aware of are: +.IP 1. 4 The build and installation procedure has changed significantly. .Sp -Check the file \s-1INSTALL\s0.md in the top of the installation for instructions on how -to build and install OpenSSL for your platform. Also read the various \s-1NOTES\s0 +Check the file INSTALL.md in the top of the installation for instructions on how +to build and install OpenSSL for your platform. Also read the various NOTES files in the same directory, as applicable for your platform. -.IP "2." 4 +.IP 2. 4 Many structures have been made opaque in OpenSSL 3.0. .Sp The structure definitions have been removed from the public header files and moved to internal header files. In practice this means that you can no longer stack allocate some structures. Instead they must be heap allocated through some function call (typically those function names have a \f(CW\*(C`_new\*(C'\fR suffix to them). -Additionally you must use \*(L"setter\*(R" or \*(L"getter\*(R" functions to access the fields +Additionally you must use "setter" or "getter" functions to access the fields within those structures. .Sp For example code that previously looked like this: @@ -716,40 +649,40 @@ \& ... \& EVP_MD_CTX_free(md_ctx); .Ve -.IP "3." 4 +.IP 3. 4 Support for TLSv1.3 has been added. .Sp -This has a number of implications for \s-1SSL/TLS\s0 applications. See the -\&\s-1TLS1.3\s0 page for further details. +This has a number of implications for SSL/TLS applications. See the +TLS1.3 page for further details. .PP More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0 can be found on the -OpenSSL 1.1.0 Changes page . +OpenSSL 1.1.0 Changes page . .PP -\fIUpgrading from the OpenSSL 2.0 \s-1FIPS\s0 Object Module\fR +\fIUpgrading from the OpenSSL 2.0 FIPS Object Module\fR .IX Subsection "Upgrading from the OpenSSL 2.0 FIPS Object Module" .PP -The OpenSSL 2.0 \s-1FIPS\s0 Object Module was a separate download that had to be built +The OpenSSL 2.0 FIPS Object Module was a separate download that had to be built separately and then integrated into your main OpenSSL 1.0.2 build. -In OpenSSL 3.0 the \s-1FIPS\s0 support is fully integrated into the mainline version of +In OpenSSL 3.0 the FIPS support is fully integrated into the mainline version of OpenSSL and is no longer a separate download. For further information see -\&\*(L"Completing the installation of the \s-1FIPS\s0 Module\*(R". +"Completing the installation of the FIPS Module". .PP The function calls \fBFIPS_mode()\fR and \fBFIPS_mode_set()\fR have been removed from OpenSSL 3.0. You should rewrite your application to not use them. -See \fBfips_module\fR\|(7) and \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) for details. -.SS "Completing the installation of the \s-1FIPS\s0 Module" +See \fBfips_module\fR\|(7) and \fBOSSL_PROVIDER\-FIPS\fR\|(7) for details. +.SS "Completing the installation of the FIPS Module" .IX Subsection "Completing the installation of the FIPS Module" -The \s-1FIPS\s0 Module will be built and installed automatically if \s-1FIPS\s0 support has +The FIPS Module will be built and installed automatically if FIPS support has been configured. The current documentation can be found in the -README-FIPS file. -.SS "Programming" +README\-FIPS file. +.SS Programming .IX Subsection "Programming" Applications written to work with OpenSSL 1.1.1 will mostly just work with OpenSSL 3.0. However changes will be required if you want to take advantage of some of the new features that OpenSSL 3.0 makes available. In order to do that you need to understand some new concepts introduced in OpenSSL 3.0. -Read \*(L"Library contexts\*(R" in \fBcrypto\fR\|(7) for further information. +Read "Library contexts" in \fBcrypto\fR\|(7) for further information. .PP \fILibrary Context\fR .IX Subsection "Library Context" @@ -757,9 +690,9 @@ A library context allows different components of a complex application to each use a different library context and have different providers loaded with different configuration settings. -See \*(L"Library contexts\*(R" in \fBcrypto\fR\|(7) for further info. +See "Library contexts" in \fBcrypto\fR\|(7) for further info. .PP -If the user creates an \fB\s-1OSSL_LIB_CTX\s0\fR via \fBOSSL_LIB_CTX_new\fR\|(3) then many +If the user creates an \fBOSSL_LIB_CTX\fR via \fBOSSL_LIB_CTX_new\fR\|(3) then many functions may need to be changed to pass additional parameters to handle the library context. .PP @@ -767,121 +700,121 @@ .IX Subsection "Using a Library Context - Old functions that should be changed" .PP If a library context is needed then all EVP_* digest functions that return a -\&\fBconst \s-1EVP_MD\s0 *\fR such as \fBEVP_sha256()\fR should be replaced with a call to -\&\fBEVP_MD_fetch\fR\|(3). See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7). +\&\fBconst EVP_MD *\fR such as \fBEVP_sha256()\fR should be replaced with a call to +\&\fBEVP_MD_fetch\fR\|(3). See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7). .PP If a library context is needed then all EVP_* cipher functions that return a -\&\fBconst \s-1EVP_CIPHER\s0 *\fR such as \fBEVP_aes_128_cbc()\fR should be replaced vith a call to -\&\fBEVP_CIPHER_fetch\fR\|(3). See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7). +\&\fBconst EVP_CIPHER *\fR such as \fBEVP_aes_128_cbc()\fR should be replaced vith a call to +\&\fBEVP_CIPHER_fetch\fR\|(3). See "ALGORITHM FETCHING" in \fBcrypto\fR\|(7). .PP Some functions can be passed an object that has already been set up with a library context such as \fBd2i_X509\fR\|(3), \fBd2i_X509_CRL\fR\|(3), \fBd2i_X509_REQ\fR\|(3) and -\&\fBd2i_X509_PUBKEY\fR\|(3). If \s-1NULL\s0 is passed instead then the created object will be +\&\fBd2i_X509_PUBKEY\fR\|(3). If NULL is passed instead then the created object will be set up with the default library context. Use \fBX509_new_ex\fR\|(3), \&\fBX509_CRL_new_ex\fR\|(3), \fBX509_REQ_new_ex\fR\|(3) and \fBX509_PUBKEY_new_ex\fR\|(3) if a library context is required. .PP -All functions listed below with a \fI\s-1NAME\s0\fR have a replacement function \fINAME_ex\fR -that takes \fB\s-1OSSL_LIB_CTX\s0\fR as an additional argument. Functions that have other +All functions listed below with a \fINAME\fR have a replacement function \fINAME_ex\fR +that takes \fBOSSL_LIB_CTX\fR as an additional argument. Functions that have other mappings are listed along with the respective name. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBASN1_item_new\fR\|(3), \fBASN1_item_d2i\fR\|(3), \fBASN1_item_d2i_fp\fR\|(3), \&\fBASN1_item_d2i_bio\fR\|(3), \fBASN1_item_sign\fR\|(3) and \fBASN1_item_verify\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBBIO_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBb2i_RSA_PVK_bio()\fR and \fBi2b_PVK_bio()\fR -.IP "\(bu" 4 +.IP \(bu 4 \&\fBBN_CTX_new\fR\|(3) and \fBBN_CTX_secure_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBCMS_AuthEnvelopedData_create\fR\|(3), \fBCMS_ContentInfo_new\fR\|(3), \fBCMS_data_create\fR\|(3), \&\fBCMS_digest_create\fR\|(3), \fBCMS_EncryptedData_encrypt\fR\|(3), \fBCMS_encrypt\fR\|(3), \&\fBCMS_EnvelopedData_create\fR\|(3), \fBCMS_ReceiptRequest_create0\fR\|(3) and \fBCMS_sign\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBCONF_modules_load_file\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBCTLOG_new\fR\|(3), \fBCTLOG_new_from_base64\fR\|(3) and \fBCTLOG_STORE_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBCT_POLICY_EVAL_CTX_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBd2i_AutoPrivateKey\fR\|(3), \fBd2i_PrivateKey\fR\|(3) and \fBd2i_PUBKEY\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBd2i_PrivateKey_bio\fR\|(3) and \fBd2i_PrivateKey_fp\fR\|(3) .Sp Use \fBd2i_PrivateKey_ex_bio\fR\|(3) and \fBd2i_PrivateKey_ex_fp\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_GROUP_new\fR\|(3) .Sp Use \fBEC_GROUP_new_by_curve_name_ex\fR\|(3) or \fBEC_GROUP_new_from_params\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_DigestSignInit\fR\|(3) and \fBEVP_DigestVerifyInit\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PBE_CipherInit\fR\|(3), \fBEVP_PBE_find\fR\|(3) and \fBEVP_PBE_scrypt\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPKCS5_PBE_keyivgen\fR\|(3) -.IP "\(bu" 4 -\&\s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 +\&\fBEVP_PKCS82PKEY\fR\|(3) +.IP \(bu 4 \&\fBEVP_PKEY_CTX_new_id\fR\|(3) .Sp Use \fBEVP_PKEY_CTX_new_from_name\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_derive_set_peer\fR\|(3), \fBEVP_PKEY_new_raw_private_key\fR\|(3) and \fBEVP_PKEY_new_raw_public_key\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_SignFinal\fR\|(3) and \fBEVP_VerifyFinal\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBNCONF_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOCSP_RESPID_match\fR\|(3) and \fBOCSP_RESPID_set_by_key\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOPENSSL_thread_stop\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_STORE_open\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPEM_read_bio_Parameters\fR\|(3), \fBPEM_read_bio_PrivateKey\fR\|(3), \fBPEM_read_bio_PUBKEY\fR\|(3), \&\fBPEM_read_PrivateKey\fR\|(3) and \fBPEM_read_PUBKEY\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPEM_write_bio_PrivateKey\fR\|(3), \fBPEM_write_bio_PUBKEY\fR\|(3), \fBPEM_write_PrivateKey\fR\|(3) and \fBPEM_write_PUBKEY\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPEM_X509_INFO_read_bio\fR\|(3) and \fBPEM_X509_INFO_read\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPKCS12_add_key\fR\|(3), \fBPKCS12_add_safe\fR\|(3), \fBPKCS12_add_safes\fR\|(3), \&\fBPKCS12_create\fR\|(3), \fBPKCS12_decrypt_skey\fR\|(3), \fBPKCS12_init\fR\|(3), \fBPKCS12_item_decrypt_d2i\fR\|(3), \&\fBPKCS12_item_i2d_encrypt\fR\|(3), \fBPKCS12_key_gen_asc\fR\|(3), \fBPKCS12_key_gen_uni\fR\|(3), \&\fBPKCS12_key_gen_utf8\fR\|(3), \fBPKCS12_pack_p7encdata\fR\|(3), \fBPKCS12_pbe_crypt\fR\|(3), \&\fBPKCS12_PBE_keyivgen\fR\|(3), \fBPKCS12_SAFEBAG_create_pkcs8_encrypt\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPKCS5_pbe_set0_algor\fR\|(3), \fBPKCS5_pbe_set\fR\|(3), \fBPKCS5_pbe2_set_iv\fR\|(3), \&\fBPKCS5_pbkdf2_set\fR\|(3) and \fBPKCS5_v2_scrypt_keyivgen\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPKCS7_encrypt\fR\|(3), \fBPKCS7_new\fR\|(3) and \fBPKCS7_sign\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPKCS8_decrypt\fR\|(3), \fBPKCS8_encrypt\fR\|(3) and \fBPKCS8_set0_pbe\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBSMIME_write_ASN1\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBSSL_load_client_CA_file\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBSSL_CTX_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBTS_RESP_CTX_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_CRL_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_load_cert_crl_file\fR\|(3) and \fBX509_load_cert_file\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_LOOKUP_by_subject\fR\|(3) and \fBX509_LOOKUP_ctrl\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_NAME_hash\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_REQ_new\fR\|(3) and \fBX509_REQ_verify\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_STORE_CTX_new\fR\|(3), \fBX509_STORE_set_default_paths\fR\|(3), \fBX509_STORE_load_file\fR\|(3), \&\fBX509_STORE_load_locations\fR\|(3) and \fBX509_STORE_load_store\fR\|(3) .PP @@ -889,257 +822,257 @@ .IX Subsection "New functions that use a Library context" .PP The following functions can be passed a library context if required. -Passing \s-1NULL\s0 will use the default library context. -.IP "\(bu" 4 +Passing NULL will use the default library context. +.IP \(bu 4 \&\fBBIO_new_from_core_bio\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_ASYM_CIPHER_fetch\fR\|(3) and \fBEVP_ASYM_CIPHER_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_CIPHER_fetch\fR\|(3) and \fBEVP_CIPHER_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_default_properties_enable_fips\fR\|(3) and \&\fBEVP_default_properties_is_fips_enabled\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_KDF_fetch\fR\|(3) and \fBEVP_KDF_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_KEM_fetch\fR\|(3) and \fBEVP_KEM_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_KEYEXCH_fetch\fR\|(3) and \fBEVP_KEYEXCH_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_KEYMGMT_fetch\fR\|(3) and \fBEVP_KEYMGMT_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_MAC_fetch\fR\|(3) and \fBEVP_MAC_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_MD_fetch\fR\|(3) and \fBEVP_MD_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_CTX_new_from_pkey\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_Q_keygen\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_Q_mac\fR\|(3) and \fBEVP_Q_digest\fR\|(3) -.IP "\(bu" 4 -\&\s-1\fBEVP_RAND\s0\fR\|(3) and \fBEVP_RAND_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 +\&\fBEVP_RAND\fR\|(3) and \fBEVP_RAND_do_all_provided\fR\|(3) +.IP \(bu 4 \&\fBEVP_set_default_properties\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_SIGNATURE_fetch\fR\|(3) and \fBEVP_SIGNATURE_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_CMP_CTX_new\fR\|(3) and \fBOSSL_CMP_SRV_CTX_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_CRMF_ENCRYPTEDVALUE_get1_encCert\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_CRMF_MSG_create_popo\fR\|(3) and \fBOSSL_CRMF_MSGS_verify_popo\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_CRMF_pbm_new\fR\|(3) and \fBOSSL_CRMF_pbmp_new\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_DECODER_CTX_add_extra\fR\|(3) and \fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_DECODER_fetch\fR\|(3) and \fBOSSL_DECODER_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_ENCODER_CTX_add_extra\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_ENCODER_fetch\fR\|(3) and \fBOSSL_ENCODER_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_LIB_CTX_free\fR\|(3), \fBOSSL_LIB_CTX_load_config\fR\|(3) and \fBOSSL_LIB_CTX_set0_default\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_PROVIDER_add_builtin\fR\|(3), \fBOSSL_PROVIDER_available\fR\|(3), \&\fBOSSL_PROVIDER_do_all\fR\|(3), \fBOSSL_PROVIDER_load\fR\|(3), \&\fBOSSL_PROVIDER_set_default_search_path\fR\|(3) and \fBOSSL_PROVIDER_try_load\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_SELF_TEST_get_callback\fR\|(3) and \fBOSSL_SELF_TEST_set_callback\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_STORE_attach\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_STORE_LOADER_fetch\fR\|(3) and \fBOSSL_STORE_LOADER_do_all_provided\fR\|(3) -.IP "\(bu" 4 +.IP \(bu 4 \&\fBRAND_get0_primary\fR\|(3), \fBRAND_get0_private\fR\|(3), \fBRAND_get0_public\fR\|(3), \&\fBRAND_set_DRBG_type\fR\|(3) and \fBRAND_set_seed_source_type\fR\|(3) .PP \fIProviders\fR .IX Subsection "Providers" .PP -Providers are described in detail here \*(L"Providers\*(R" in \fBcrypto\fR\|(7). -See also \*(L"\s-1OPENSSL PROVIDERS\*(R"\s0 in \fBcrypto\fR\|(7). +Providers are described in detail here "Providers" in \fBcrypto\fR\|(7). +See also "OPENSSL PROVIDERS" in \fBcrypto\fR\|(7). .PP \fIFetching algorithms and property queries\fR .IX Subsection "Fetching algorithms and property queries" .PP Implicit and Explicit Fetching is described in detail here -\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7). +"ALGORITHM FETCHING" in \fBcrypto\fR\|(7). .PP -\fIMapping \s-1EVP\s0 controls and flags to provider \s-1\f(BIOSSL_PARAM\s0\fI\|(3) parameters\fR +\fIMapping EVP controls and flags to provider \fR\f(BIOSSL_PARAM\fR\fI\|(3) parameters\fR .IX Subsection "Mapping EVP controls and flags to provider OSSL_PARAM parameters" .PP The existing functions for controls (such as \fBEVP_CIPHER_CTX_ctrl\fR\|(3)) and manipulating flags (such as \fBEVP_MD_CTX_set_flags\fR\|(3))internally use -\&\fB\s-1OSSL_PARAMS\s0\fR to pass information to/from provider objects. -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for additional information related to parameters. +\&\fBOSSL_PARAMS\fR to pass information to/from provider objects. +See \fBOSSL_PARAM\fR\|(3) for additional information related to parameters. .PP -For ciphers see \*(L"\s-1CONTROLS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3), \*(L"\s-1FLAGS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) and -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +For ciphers see "CONTROLS" in \fBEVP_EncryptInit\fR\|(3), "FLAGS" in \fBEVP_EncryptInit\fR\|(3) and +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). .PP -For digests see \*(L"\s-1CONTROLS\*(R"\s0 in \fBEVP_DigestInit\fR\|(3), \*(L"\s-1FLAGS\*(R"\s0 in \fBEVP_DigestInit\fR\|(3) and -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_DigestInit\fR\|(3). +For digests see "CONTROLS" in \fBEVP_DigestInit\fR\|(3), "FLAGS" in \fBEVP_DigestInit\fR\|(3) and +"PARAMETERS" in \fBEVP_DigestInit\fR\|(3). .PP \fIDeprecation of Low Level Functions\fR .IX Subsection "Deprecation of Low Level Functions" .PP A significant number of APIs have been deprecated in OpenSSL 3.0. This section describes some common categories of deprecations. -See \*(L"Deprecated function mappings\*(R" for the list of deprecated functions +See "Deprecated function mappings" for the list of deprecated functions that refer to these categories. .PP -Providers are a replacement for engines and low-level method overrides +Providers are a replacement for engines and low\-level method overrides .IX Subsection "Providers are a replacement for engines and low-level method overrides" .PP -Any accessor that uses an \s-1ENGINE\s0 is deprecated (such as \fBEVP_PKEY_set1_engine()\fR). +Any accessor that uses an ENGINE is deprecated (such as \fBEVP_PKEY_set1_engine()\fR). Applications using engines should instead use providers. .PP Before providers were added algorithms were overridden by changing the methods used by algorithms. All these methods such as \fBRSA_new_method()\fR and \fBRSA_meth_new()\fR are now deprecated and can be replaced by using providers instead. .PP -Deprecated i2d and d2i functions for low-level key types +Deprecated i2d and d2i functions for low\-level key types .IX Subsection "Deprecated i2d and d2i functions for low-level key types" .PP -Any i2d and d2i functions such as \fBd2i_DHparams()\fR that take a low-level key type -have been deprecated. Applications should instead use the \s-1\fBOSSL_DECODER\s0\fR\|(3) and -\&\s-1\fBOSSL_ENCODER\s0\fR\|(3) APIs to read and write files. -See \*(L"Migration\*(R" in \fBd2i_RSAPrivateKey\fR\|(3) for further details. +Any i2d and d2i functions such as \fBd2i_DHparams()\fR that take a low\-level key type +have been deprecated. Applications should instead use the \fBOSSL_DECODER\fR\|(3) and +\&\fBOSSL_ENCODER\fR\|(3) APIs to read and write files. +See "Migration" in \fBd2i_RSAPrivateKey\fR\|(3) for further details. .PP -Deprecated low-level key object getters and setters +Deprecated low\-level key object getters and setters .IX Subsection "Deprecated low-level key object getters and setters" .PP -Applications that set or get low-level key objects (such as \fBEVP_PKEY_set1_DH()\fR -or \fBEVP_PKEY_get0()\fR) should instead use the \s-1OSSL_ENCODER\s0 -(See \fBOSSL_ENCODER_to_bio\fR\|(3)) or \s-1OSSL_DECODER\s0 (See \fBOSSL_DECODER_from_bio\fR\|(3)) +Applications that set or get low\-level key objects (such as \fBEVP_PKEY_set1_DH()\fR +or \fBEVP_PKEY_get0()\fR) should instead use the OSSL_ENCODER +(See \fBOSSL_ENCODER_to_bio\fR\|(3)) or OSSL_DECODER (See \fBOSSL_DECODER_from_bio\fR\|(3)) APIs, or alternatively use \fBEVP_PKEY_fromdata\fR\|(3) or \fBEVP_PKEY_todata\fR\|(3). .PP -Deprecated low-level key parameter getters +Deprecated low\-level key parameter getters .IX Subsection "Deprecated low-level key parameter getters" .PP -Functions that access low-level objects directly such as \fBRSA_get0_n\fR\|(3) are now +Functions that access low\-level objects directly such as \fBRSA_get0_n\fR\|(3) are now deprecated. Applications should use one of \fBEVP_PKEY_get_bn_param\fR\|(3), \&\fBEVP_PKEY_get_int_param\fR\|(3), l<\fBEVP_PKEY_get_size_t_param\fR\|(3)>, \&\fBEVP_PKEY_get_utf8_string_param\fR\|(3), \fBEVP_PKEY_get_octet_string_param\fR\|(3) or -\&\fBEVP_PKEY_get_params\fR\|(3) to access fields from an \s-1EVP_PKEY.\s0 -Gettable parameters are listed in \*(L"Common \s-1RSA\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), -\&\*(L"\s-1DH\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \*(L"\s-1DSA\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), -\&\*(L"\s-1FFC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7), \*(L"Common \s-1EC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) and -\&\*(L"Common X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7). +\&\fBEVP_PKEY_get_params\fR\|(3) to access fields from an EVP_PKEY. +Gettable parameters are listed in "Common RSA parameters" in \fBEVP_PKEY\-RSA\fR\|(7), +"DH parameters" in \fBEVP_PKEY\-DH\fR\|(7), "DSA parameters" in \fBEVP_PKEY\-DSA\fR\|(7), +"FFC parameters" in \fBEVP_PKEY\-FFC\fR\|(7), "Common EC parameters" in \fBEVP_PKEY\-EC\fR\|(7) and +"Common X25519, X448, ED25519 and ED448 parameters" in \fBEVP_PKEY\-X25519\fR\|(7). Applications may also use \fBEVP_PKEY_todata\fR\|(3) to return all fields. .PP -Deprecated low-level key parameter setters +Deprecated low\-level key parameter setters .IX Subsection "Deprecated low-level key parameter setters" .PP -Functions that access low-level objects directly such as \fBRSA_set0_crt_params\fR\|(3) +Functions that access low\-level objects directly such as \fBRSA_set0_crt_params\fR\|(3) are now deprecated. Applications should use \fBEVP_PKEY_fromdata\fR\|(3) to create new keys from user provided key data. Keys should be immutable once they are created, so if required the user may use \fBEVP_PKEY_todata\fR\|(3), \fBOSSL_PARAM_merge\fR\|(3), and \fBEVP_PKEY_fromdata\fR\|(3) to create a modified key. -See \*(L"Examples\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) for more information. -See \*(L"Deprecated low-level key generation functions\*(R" for information on +See "Examples" in \fBEVP_PKEY\-DH\fR\|(7) for more information. +See "Deprecated low\-level key generation functions" for information on generating a key using parameters. .PP -Deprecated low-level object creation +Deprecated low\-level object creation .IX Subsection "Deprecated low-level object creation" .PP -Low-level objects were created using methods such as \fBRSA_new\fR\|(3), +Low\-level objects were created using methods such as \fBRSA_new\fR\|(3), \&\fBRSA_up_ref\fR\|(3) and \fBRSA_free\fR\|(3). Applications should instead use the -high-level \s-1EVP_PKEY\s0 APIs, e.g. \fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_up_ref\fR\|(3) and +high\-level EVP_PKEY APIs, e.g. \fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_up_ref\fR\|(3) and \&\fBEVP_PKEY_free\fR\|(3). See also \fBEVP_PKEY_CTX_new_from_name\fR\|(3) and \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3). .PP EVP_PKEYs may be created in a variety of ways: -See also \*(L"Deprecated low-level key generation functions\*(R", -\&\*(L"Deprecated low-level key reading and writing functions\*(R" and -\&\*(L"Deprecated low-level key parameter setters\*(R". +See also "Deprecated low\-level key generation functions", +"Deprecated low\-level key reading and writing functions" and +"Deprecated low\-level key parameter setters". .PP -Deprecated low-level encryption functions +Deprecated low\-level encryption functions .IX Subsection "Deprecated low-level encryption functions" .PP -Low-level encryption functions such as \fBAES_encrypt\fR\|(3) and \fBAES_decrypt\fR\|(3) +Low\-level encryption functions such as \fBAES_encrypt\fR\|(3) and \fBAES_decrypt\fR\|(3) have been informally discouraged from use for a long time. Applications should -instead use the high level \s-1EVP\s0 APIs \fBEVP_EncryptInit_ex\fR\|(3), +instead use the high level EVP APIs \fBEVP_EncryptInit_ex\fR\|(3), \&\fBEVP_EncryptUpdate\fR\|(3), and \fBEVP_EncryptFinal_ex\fR\|(3) or \&\fBEVP_DecryptInit_ex\fR\|(3), \fBEVP_DecryptUpdate\fR\|(3) and \fBEVP_DecryptFinal_ex\fR\|(3). .PP -Deprecated low-level digest functions +Deprecated low\-level digest functions .IX Subsection "Deprecated low-level digest functions" .PP -Use of low-level digest functions such as \fBSHA1_Init\fR\|(3) have been +Use of low\-level digest functions such as \fBSHA1_Init\fR\|(3) have been informally discouraged from use for a long time. Applications should instead -use the the high level \s-1EVP\s0 APIs \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) -and \fBEVP_DigestFinal_ex\fR\|(3), or the quick one-shot \fBEVP_Q_digest\fR\|(3). +use the the high level EVP APIs \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) +and \fBEVP_DigestFinal_ex\fR\|(3), or the quick one\-shot \fBEVP_Q_digest\fR\|(3). .PP -Note that the functions \s-1\fBSHA1\s0\fR\|(3), \s-1\fBSHA224\s0\fR\|(3), \s-1\fBSHA256\s0\fR\|(3), \s-1\fBSHA384\s0\fR\|(3) -and \s-1\fBSHA512\s0\fR\|(3) have changed to macros that use \fBEVP_Q_digest\fR\|(3). +Note that the functions \fBSHA1\fR\|(3), \fBSHA224\fR\|(3), \fBSHA256\fR\|(3), \fBSHA384\fR\|(3) +and \fBSHA512\fR\|(3) have changed to macros that use \fBEVP_Q_digest\fR\|(3). .PP -Deprecated low-level signing functions +Deprecated low\-level signing functions .IX Subsection "Deprecated low-level signing functions" .PP -Use of low-level signing functions such as \fBDSA_sign\fR\|(3) have been +Use of low\-level signing functions such as \fBDSA_sign\fR\|(3) have been informally discouraged for a long time. Instead applications should use \&\fBEVP_DigestSign\fR\|(3) and \fBEVP_DigestVerify\fR\|(3). -See also \s-1\fBEVP_SIGNATURE\-RSA\s0\fR\|(7), \s-1\fBEVP_SIGNATURE\-DSA\s0\fR\|(7), -\&\s-1\fBEVP_SIGNATURE\-ECDSA\s0\fR\|(7) and \s-1\fBEVP_SIGNATURE\-ED25519\s0\fR\|(7). +See also \fBEVP_SIGNATURE\-RSA\fR\|(7), \fBEVP_SIGNATURE\-DSA\fR\|(7), +\&\fBEVP_SIGNATURE\-ECDSA\fR\|(7) and \fBEVP_SIGNATURE\-ED25519\fR\|(7). .PP -Deprecated low-level \s-1MAC\s0 functions +Deprecated low\-level MAC functions .IX Subsection "Deprecated low-level MAC functions" .PP -Low-level mac functions such as \fBCMAC_Init\fR\|(3) are deprecated. -Applications should instead use the new \s-1\fBEVP_MAC\s0\fR\|(3) interface, using +Low\-level mac functions such as \fBCMAC_Init\fR\|(3) are deprecated. +Applications should instead use the new \fBEVP_MAC\fR\|(3) interface, using \&\fBEVP_MAC_CTX_new\fR\|(3), \fBEVP_MAC_CTX_free\fR\|(3), \fBEVP_MAC_init\fR\|(3), -\&\fBEVP_MAC_update\fR\|(3) and \fBEVP_MAC_final\fR\|(3) or the single-shot \s-1MAC\s0 function +\&\fBEVP_MAC_update\fR\|(3) and \fBEVP_MAC_final\fR\|(3) or the single\-shot MAC function \&\fBEVP_Q_mac\fR\|(3). -See \s-1\fBEVP_MAC\s0\fR\|(3), \s-1\fBEVP_MAC\-HMAC\s0\fR\|(7), \s-1\fBEVP_MAC\-CMAC\s0\fR\|(7), \s-1\fBEVP_MAC\-GMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-KMAC\s0\fR\|(7), \s-1\fBEVP_MAC\-BLAKE2\s0\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7) and +See \fBEVP_MAC\fR\|(3), \fBEVP_MAC\-HMAC\fR\|(7), \fBEVP_MAC\-CMAC\fR\|(7), \fBEVP_MAC\-GMAC\fR\|(7), +\&\fBEVP_MAC\-KMAC\fR\|(7), \fBEVP_MAC\-BLAKE2\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7) and \&\fBEVP_MAC\-Siphash\fR\|(7) for additional information. .PP -Note that the one-shot method \s-1\fBHMAC\s0()\fR is still available for compatibility purposes, -but this can also be replaced by using \s-1EVP_Q_MAC\s0 if a library context is required. +Note that the one\-shot method \fBHMAC()\fR is still available for compatibility purposes, +but this can also be replaced by using EVP_Q_MAC if a library context is required. .PP -Deprecated low-level validation functions +Deprecated low\-level validation functions .IX Subsection "Deprecated low-level validation functions" .PP -Low-level validation functions such as \fBDH_check\fR\|(3) have been informally -discouraged from use for a long time. Applications should instead use the high-level -\&\s-1EVP_PKEY\s0 APIs such as \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_param_check\fR\|(3), +Low\-level validation functions such as \fBDH_check\fR\|(3) have been informally +discouraged from use for a long time. Applications should instead use the high\-level +EVP_PKEY APIs such as \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_param_check\fR\|(3), \&\fBEVP_PKEY_param_check_quick\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3), \&\fBEVP_PKEY_public_check_quick\fR\|(3), \fBEVP_PKEY_private_check\fR\|(3), and \fBEVP_PKEY_pairwise_check\fR\|(3). .PP -Deprecated low-level key exchange functions +Deprecated low\-level key exchange functions .IX Subsection "Deprecated low-level key exchange functions" .PP -Many low-level functions have been informally discouraged from use for a long +Many low\-level functions have been informally discouraged from use for a long time. Applications should instead use \fBEVP_PKEY_derive\fR\|(3). -See \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7), \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7) and \s-1\fBEVP_KEYEXCH\-X25519\s0\fR\|(7). +See \fBEVP_KEYEXCH\-DH\fR\|(7), \fBEVP_KEYEXCH\-ECDH\fR\|(7) and \fBEVP_KEYEXCH\-X25519\fR\|(7). .PP -Deprecated low-level key generation functions +Deprecated low\-level key generation functions .IX Subsection "Deprecated low-level key generation functions" .PP -Many low-level functions have been informally discouraged from use for a long +Many low\-level functions have been informally discouraged from use for a long time. Applications should instead use \fBEVP_PKEY_keygen_init\fR\|(3) and -\&\fBEVP_PKEY_generate\fR\|(3) as described in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DH\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) and \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7). -The 'quick' one-shot function \fBEVP_PKEY_Q_keygen\fR\|(3) and macros for the most +\&\fBEVP_PKEY_generate\fR\|(3) as described in \fBEVP_PKEY\-DSA\fR\|(7), \fBEVP_PKEY\-DH\fR\|(7), +\&\fBEVP_PKEY\-RSA\fR\|(7), \fBEVP_PKEY\-EC\fR\|(7) and \fBEVP_PKEY\-X25519\fR\|(7). +The \*(Aqquick\*(Aq one\-shot function \fBEVP_PKEY_Q_keygen\fR\|(3) and macros for the most common cases: <\fBEVP_RSA_gen\fR\|(3)> and \fBEVP_EC_gen\fR\|(3) may also be used. .PP -Deprecated low-level key reading and writing functions +Deprecated low\-level key reading and writing functions .IX Subsection "Deprecated low-level key reading and writing functions" .PP -Use of low-level objects (such as \s-1DSA\s0) has been informally discouraged from use -for a long time. Functions to read and write these low-level objects (such as +Use of low\-level objects (such as DSA) has been informally discouraged from use +for a long time. Functions to read and write these low\-level objects (such as \&\fBPEM_read_DSA_PUBKEY()\fR) should be replaced. Applications should instead use \&\fBOSSL_ENCODER_to_bio\fR\|(3) and \fBOSSL_DECODER_from_bio\fR\|(3). .PP -Deprecated low-level key printing functions +Deprecated low\-level key printing functions .IX Subsection "Deprecated low-level key printing functions" .PP -Use of low-level objects (such as \s-1DSA\s0) has been informally discouraged from use -for a long time. Functions to print these low-level objects such as -\&\fBDSA_print()\fR should be replaced with the equivalent \s-1EVP_PKEY\s0 functions. +Use of low\-level objects (such as DSA) has been informally discouraged from use +for a long time. Functions to print these low\-level objects such as +\&\fBDSA_print()\fR should be replaced with the equivalent EVP_PKEY functions. Application should use one of \fBEVP_PKEY_print_public\fR\|(3), \&\fBEVP_PKEY_print_private\fR\|(3), \fBEVP_PKEY_print_params\fR\|(3), \&\fBEVP_PKEY_print_public_fp\fR\|(3), \fBEVP_PKEY_print_private_fp\fR\|(3) or @@ -1150,100 +1083,100 @@ .IX Subsection "Deprecated function mappings" .PP The following functions have been deprecated in 3.0. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBAES_bi_ige_encrypt()\fR and \fBAES_ige_encrypt()\fR .Sp -There is no replacement for the \s-1IGE\s0 functions. New code should not use these modes. -These undocumented functions were never integrated into the \s-1EVP\s0 layer. -They implemented the \s-1AES\s0 Infinite Garble Extension (\s-1IGE\s0) mode and \s-1AES\s0 -Bi-directional \s-1IGE\s0 mode. These modes were never formally standardised and +There is no replacement for the IGE functions. New code should not use these modes. +These undocumented functions were never integrated into the EVP layer. +They implemented the AES Infinite Garble Extension (IGE) mode and AES +Bi\-directional IGE mode. These modes were never formally standardised and usage of these functions is believed to be very small. In particular -\&\fBAES_bi_ige_encrypt()\fR has a known bug. It accepts 2 \s-1AES\s0 keys, but only one +\&\fBAES_bi_ige_encrypt()\fR has a known bug. It accepts 2 AES keys, but only one is ever used. The security implications are believed to be minimal, but this issue was never fixed for backwards compatibility reasons. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBAES_encrypt()\fR, \fBAES_decrypt()\fR, \fBAES_set_encrypt_key()\fR, \fBAES_set_decrypt_key()\fR, \&\fBAES_cbc_encrypt()\fR, \fBAES_cfb128_encrypt()\fR, \fBAES_cfb1_encrypt()\fR, \fBAES_cfb8_encrypt()\fR, \&\fBAES_ecb_encrypt()\fR, \fBAES_ofb128_encrypt()\fR -.IP "\(bu" 4 +.IP \(bu 4 \&\fBAES_unwrap_key()\fR, \fBAES_wrap_key()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions" +.IP \(bu 4 \&\fBAES_options()\fR .Sp -There is no replacement. It returned a string indicating if the \s-1AES\s0 code was unrolled. -.IP "\(bu" 4 +There is no replacement. It returned a string indicating if the AES code was unrolled. +.IP \(bu 4 \&\fBASN1_digest()\fR, \fBASN1_sign()\fR, \fBASN1_verify()\fR .Sp There are no replacements. These old functions are not used, and could be -disabled with the macro \s-1NO_ASN1_OLD\s0 since OpenSSL 0.9.7. -.IP "\(bu" 4 +disabled with the macro NO_ASN1_OLD since OpenSSL 0.9.7. +.IP \(bu 4 \&\fBASN1_STRING_length_set()\fR .Sp Use \fBASN1_STRING_set\fR\|(3) or \fBASN1_STRING_set0\fR\|(3) instead. This was a potentially unsafe function that could change the bounds of a previously passed in pointer. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBBF_encrypt()\fR, \fBBF_decrypt()\fR, \fBBF_set_key()\fR, \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR, \&\fBBF_ecb_encrypt()\fR, \fBBF_ofb64_encrypt()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". +See "Deprecated low\-level encryption functions". The Blowfish algorithm has been moved to the Legacy Provider. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBBF_options()\fR .Sp There is no replacement. This option returned a constant string. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBBIO_get_callback()\fR, \fBBIO_set_callback()\fR, \fBBIO_debug_callback()\fR .Sp -Use the respective non-deprecated \fB_ex()\fR functions. -.IP "\(bu" 4 +Use the respective non\-deprecated \fB_ex()\fR functions. +.IP \(bu 4 \&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR .Sp Use \fBBN_check_prime\fR\|(3) which avoids possible misuse and always uses at least -64 rounds of the Miller-Rabin primality test. -.IP "\(bu" 4 +64 rounds of the Miller\-Rabin primality test. +.IP \(bu 4 \&\fBBN_pseudo_rand()\fR, \fBBN_pseudo_rand_range()\fR .Sp Use \fBBN_rand\fR\|(3) and \fBBN_rand_range\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBBN_X931_derive_prime_ex()\fR, \fBBN_X931_generate_prime_ex()\fR, \fBBN_X931_generate_Xpq()\fR .Sp -There are no replacements for these low-level functions. They were used internally +There are no replacements for these low\-level functions. They were used internally by \fBRSA_X931_derive_ex()\fR and \fBRSA_X931_generate_key_ex()\fR which are also deprecated. Use \fBEVP_PKEY_keygen\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBCamellia_encrypt()\fR, \fBCamellia_decrypt()\fR, \fBCamellia_set_key()\fR, \&\fBCamellia_cbc_encrypt()\fR, \fBCamellia_cfb128_encrypt()\fR, \fBCamellia_cfb1_encrypt()\fR, \&\fBCamellia_cfb8_encrypt()\fR, \fBCamellia_ctr128_encrypt()\fR, \fBCamellia_ecb_encrypt()\fR, \&\fBCamellia_ofb128_encrypt()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions". +.IP \(bu 4 \&\fBCAST_encrypt()\fR, \fBCAST_decrypt()\fR, \fBCAST_set_key()\fR, \fBCAST_cbc_encrypt()\fR, \&\fBCAST_cfb64_encrypt()\fR, \fBCAST_ecb_encrypt()\fR, \fBCAST_ofb64_encrypt()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -The \s-1CAST\s0 algorithm has been moved to the Legacy Provider. -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions". +The CAST algorithm has been moved to the Legacy Provider. +.IP \(bu 4 \&\fBCMAC_CTX_new()\fR, \fBCMAC_CTX_cleanup()\fR, \fBCMAC_CTX_copy()\fR, \fBCMAC_CTX_free()\fR, \&\fBCMAC_CTX_get0_cipher_ctx()\fR .Sp -See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level MAC functions". +.IP \(bu 4 \&\fBCMAC_Init()\fR, \fBCMAC_Update()\fR, \fBCMAC_Final()\fR, \fBCMAC_resume()\fR .Sp -See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level MAC functions". +.IP \(bu 4 \&\fBCRYPTO_mem_ctrl()\fR, \fBCRYPTO_mem_debug_free()\fR, \fBCRYPTO_mem_debug_malloc()\fR, \&\fBCRYPTO_mem_debug_pop()\fR, \fBCRYPTO_mem_debug_push()\fR, \fBCRYPTO_mem_debug_realloc()\fR, \&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_cb()\fR, \fBCRYPTO_mem_leaks_fp()\fR, \&\fBCRYPTO_set_mem_debug()\fR .Sp -Memory-leak checking has been deprecated in favor of more modern development +Memory\-leak checking has been deprecated in favor of more modern development tools, such as compiler memory and leak sanitizers or Valgrind. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBCRYPTO_cts128_encrypt_block()\fR, \fBCRYPTO_cts128_encrypt()\fR, \&\fBCRYPTO_cts128_decrypt_block()\fR, \fBCRYPTO_cts128_decrypt()\fR, \&\fBCRYPTO_nistcts128_encrypt_block()\fR, \fBCRYPTO_nistcts128_encrypt()\fR, @@ -1251,22 +1184,27 @@ .Sp Use the higher level functions \fBEVP_CipherInit_ex2()\fR, \fBEVP_CipherUpdate()\fR and \&\fBEVP_CipherFinal_ex()\fR instead. -See the \*(L"cts_mode\*(R" parameter in -\&\*(L"Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" in \fBEVP_EncryptInit\fR\|(3). -See \*(L"\s-1EXAMPLES\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) for a \s-1AES\-256\-CBC\-CTS\s0 example. -.IP "\(bu" 4 +See the "cts_mode" parameter in +"Gettable and Settable EVP_CIPHER_CTX parameters" in \fBEVP_EncryptInit\fR\|(3). +See "EXAMPLES" in \fBEVP_EncryptInit\fR\|(3) for a AES\-256\-CBC\-CTS example. +.IP \(bu 4 \&\fBd2i_DHparams()\fR, \fBd2i_DHxparams()\fR, \fBd2i_DSAparams()\fR, \fBd2i_DSAPrivateKey()\fR, \&\fBd2i_DSAPrivateKey_bio()\fR, \fBd2i_DSAPrivateKey_fp()\fR, \fBd2i_DSA_PUBKEY()\fR, \&\fBd2i_DSA_PUBKEY_bio()\fR, \fBd2i_DSA_PUBKEY_fp()\fR, \fBd2i_DSAPublicKey()\fR, \&\fBd2i_ECParameters()\fR, \fBd2i_ECPrivateKey()\fR, \fBd2i_ECPrivateKey_bio()\fR, \&\fBd2i_ECPrivateKey_fp()\fR, \fBd2i_EC_PUBKEY()\fR, \fBd2i_EC_PUBKEY_bio()\fR, -\&\fBd2i_EC_PUBKEY_fp()\fR, \fBo2i_ECPublicKey()\fR, \fBd2i_RSAPrivateKey()\fR, +\&\fBd2i_EC_PUBKEY_fp()\fR, \fBd2i_RSAPrivateKey()\fR, \&\fBd2i_RSAPrivateKey_bio()\fR, \fBd2i_RSAPrivateKey_fp()\fR, \fBd2i_RSA_PUBKEY()\fR, \&\fBd2i_RSA_PUBKEY_bio()\fR, \fBd2i_RSA_PUBKEY_fp()\fR, \fBd2i_RSAPublicKey()\fR, \&\fBd2i_RSAPublicKey_bio()\fR, \fBd2i_RSAPublicKey_fp()\fR .Sp -See \*(L"Deprecated i2d and d2i functions for low-level key types\*(R" -.IP "\(bu" 4 +See "Deprecated i2d and d2i functions for low\-level key types" +.IP \(bu 4 +\&\fBo2i_ECPublicKey()\fR +.Sp +Use \fBEVP_PKEY_set1_encoded_public_key\fR\|(3). +See "Deprecated low\-level key parameter setters" +.IP \(bu 4 \&\fBDES_crypt()\fR, \fBDES_fcrypt()\fR, \fBDES_encrypt1()\fR, \fBDES_encrypt2()\fR, \fBDES_encrypt3()\fR, \&\fBDES_decrypt3()\fR, \fBDES_ede3_cbc_encrypt()\fR, \fBDES_ede3_cfb64_encrypt()\fR, \&\fBDES_ede3_cfb_encrypt()\fR,\fBDES_ede3_ofb64_encrypt()\fR, @@ -1277,281 +1215,281 @@ \&\fBDES_random_key()\fR, \fBDES_set_key()\fR, \fBDES_set_key_checked()\fR, \fBDES_set_key_unchecked()\fR, \&\fBDES_set_odd_parity()\fR, \fBDES_string_to_2keys()\fR, \fBDES_string_to_key()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -Algorithms for \*(L"DESX-CBC\*(R", \*(L"DES-ECB\*(R", \*(L"DES-CBC\*(R", \*(L"DES-OFB\*(R", \*(L"DES-CFB\*(R", -\&\*(L"\s-1DES\-CFB1\*(R"\s0 and \*(L"\s-1DES\-CFB8\*(R"\s0 have been moved to the Legacy Provider. -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions". +Algorithms for "DESX\-CBC", "DES\-ECB", "DES\-CBC", "DES\-OFB", "DES\-CFB", +"DES\-CFB1" and "DES\-CFB8" have been moved to the Legacy Provider. +.IP \(bu 4 \&\fBDH_bits()\fR, \fBDH_security_bits()\fR, \fBDH_size()\fR .Sp Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and \&\fBEVP_PKEY_get_size\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBDH_check()\fR, \fBDH_check_ex()\fR, \fBDH_check_params()\fR, \fBDH_check_params_ex()\fR, \&\fBDH_check_pub_key()\fR, \fBDH_check_pub_key_ex()\fR .Sp -See \*(L"Deprecated low-level validation functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level validation functions" +.IP \(bu 4 \&\fBDH_clear_flags()\fR, \fBDH_test_flags()\fR, \fBDH_set_flags()\fR .Sp -The \fB\s-1DH_FLAG_CACHE_MONT_P\s0\fR flag has been deprecated without replacement. -The \fB\s-1DH_FLAG_TYPE_DH\s0\fR and \fB\s-1DH_FLAG_TYPE_DHX\s0\fR have been deprecated. +The \fBDH_FLAG_CACHE_MONT_P\fR flag has been deprecated without replacement. +The \fBDH_FLAG_TYPE_DH\fR and \fBDH_FLAG_TYPE_DHX\fR have been deprecated. Use \fBEVP_PKEY_is_a()\fR to determine the type of a key. There is no replacement for setting these flags. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBDH_compute_key()\fR \fBDH_compute_key_padded()\fR .Sp -See \*(L"Deprecated low-level key exchange functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key exchange functions". +.IP \(bu 4 \&\fBDH_new()\fR, \fBDH_new_by_nid()\fR, \fBDH_free()\fR, \fBDH_up_ref()\fR .Sp -See \*(L"Deprecated low-level object creation\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level object creation" +.IP \(bu 4 \&\fBDH_generate_key()\fR, \fBDH_generate_parameters_ex()\fR .Sp -See \*(L"Deprecated low-level key generation functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key generation functions". +.IP \(bu 4 \&\fBDH_get0_pqg()\fR, \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_key()\fR, \&\fBDH_get0_priv_key()\fR, \fBDH_get0_pub_key()\fR, \fBDH_get_length()\fR, \fBDH_get_nid()\fR .Sp -See \*(L"Deprecated low-level key parameter getters\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key parameter getters" +.IP \(bu 4 \&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, \fBDH_get_2048_256()\fR .Sp -Applications should instead set the \fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR as specified in -\&\*(L"\s-1DH\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7)) to one of \*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R" or -\&\*(L"dh_2048_256\*(R" when generating a \s-1DH\s0 key. -.IP "\(bu" 4 -\&\s-1\fBDH_KDF_X9_42\s0()\fR +Applications should instead set the \fBOSSL_PKEY_PARAM_GROUP_NAME\fR as specified in +"DH parameters" in \fBEVP_PKEY\-DH\fR\|(7)) to one of "dh_1024_160", "dh_2048_224" or +"dh_2048_256" when generating a DH key. +.IP \(bu 4 +\&\fBDH_KDF_X9_42()\fR .Sp Applications should use \fBEVP_PKEY_CTX_set_dh_kdf_type\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBDH_get_default_method()\fR, \fBDH_get0_engine()\fR, DH_meth_*(), \fBDH_new_method()\fR, \&\fBDH_OpenSSL()\fR, \fBDH_get_ex_data()\fR, \fBDH_set_default_method()\fR, \fBDH_set_method()\fR, \&\fBDH_set_ex_data()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R" -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides" +.IP \(bu 4 \&\fBDHparams_print()\fR, \fBDHparams_print_fp()\fR .Sp -See \*(L"Deprecated low-level key printing functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key printing functions" +.IP \(bu 4 \&\fBDH_set0_key()\fR, \fBDH_set0_pqg()\fR, \fBDH_set_length()\fR .Sp -See \*(L"Deprecated low-level key parameter setters\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key parameter setters" +.IP \(bu 4 \&\fBDSA_bits()\fR, \fBDSA_security_bits()\fR, \fBDSA_size()\fR .Sp Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and \&\fBEVP_PKEY_get_size\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBDHparams_dup()\fR, \fBDSA_dup_DH()\fR .Sp There is no direct replacement. Applications may use \fBEVP_PKEY_copy_parameters\fR\|(3) and \fBEVP_PKEY_dup\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBDSA_generate_key()\fR, \fBDSA_generate_parameters_ex()\fR .Sp -See \*(L"Deprecated low-level key generation functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key generation functions". +.IP \(bu 4 \&\fBDSA_get0_engine()\fR, \fBDSA_get_default_method()\fR, \fBDSA_get_ex_data()\fR, \&\fBDSA_get_method()\fR, DSA_meth_*(), \fBDSA_new_method()\fR, \fBDSA_OpenSSL()\fR, \&\fBDSA_set_default_method()\fR, \fBDSA_set_ex_data()\fR, \fBDSA_set_method()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R". -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides". +.IP \(bu 4 \&\fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR, \fBDSA_get0_g()\fR, \fBDSA_get0_pqg()\fR, \fBDSA_get0_key()\fR, \&\fBDSA_get0_priv_key()\fR, \fBDSA_get0_pub_key()\fR .Sp -See \*(L"Deprecated low-level key parameter getters\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key parameter getters". +.IP \(bu 4 \&\fBDSA_new()\fR, \fBDSA_free()\fR, \fBDSA_up_ref()\fR .Sp -See \*(L"Deprecated low-level object creation\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level object creation" +.IP \(bu 4 \&\fBDSAparams_dup()\fR .Sp There is no direct replacement. Applications may use \fBEVP_PKEY_copy_parameters\fR\|(3) and \fBEVP_PKEY_dup\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBDSAparams_print()\fR, \fBDSAparams_print_fp()\fR, \fBDSA_print()\fR, \fBDSA_print_fp()\fR .Sp -See \*(L"Deprecated low-level key printing functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key printing functions" +.IP \(bu 4 \&\fBDSA_set0_key()\fR, \fBDSA_set0_pqg()\fR .Sp -See \*(L"Deprecated low-level key parameter setters\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key parameter setters" +.IP \(bu 4 \&\fBDSA_set_flags()\fR, \fBDSA_clear_flags()\fR, \fBDSA_test_flags()\fR .Sp -The \fB\s-1DSA_FLAG_CACHE_MONT_P\s0\fR flag has been deprecated without replacement. -.IP "\(bu" 4 +The \fBDSA_FLAG_CACHE_MONT_P\fR flag has been deprecated without replacement. +.IP \(bu 4 \&\fBDSA_sign()\fR, \fBDSA_do_sign()\fR, \fBDSA_sign_setup()\fR, \fBDSA_verify()\fR, \fBDSA_do_verify()\fR .Sp -See \*(L"Deprecated low-level signing functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level signing functions". +.IP \(bu 4 \&\fBECDH_compute_key()\fR .Sp -See \*(L"Deprecated low-level key exchange functions\*(R". -.IP "\(bu" 4 -\&\s-1\fBECDH_KDF_X9_62\s0()\fR +See "Deprecated low\-level key exchange functions". +.IP \(bu 4 +\&\fBECDH_KDF_X9_62()\fR .Sp Applications may either set this using the helper function -\&\fBEVP_PKEY_CTX_set_ecdh_kdf_type\fR\|(3) or by setting an \s-1\fBOSSL_PARAM\s0\fR\|(3) using the -\&\*(L"kdf-type\*(R" as shown in \*(L"\s-1EXAMPLES\*(R"\s0 in \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7) -.IP "\(bu" 4 +\&\fBEVP_PKEY_CTX_set_ecdh_kdf_type\fR\|(3) or by setting an \fBOSSL_PARAM\fR\|(3) using the +"kdf\-type" as shown in "EXAMPLES" in \fBEVP_KEYEXCH\-ECDH\fR\|(7) +.IP \(bu 4 \&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR, \fBECDSA_sign_setup()\fR, \fBECDSA_do_sign()\fR, \&\fBECDSA_do_sign_ex()\fR, \fBECDSA_verify()\fR, \fBECDSA_do_verify()\fR .Sp -See \*(L"Deprecated low-level signing functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level signing functions". +.IP \(bu 4 \&\fBECDSA_size()\fR .Sp Applications should use \fBEVP_PKEY_get_size\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_GF2m_simple_method()\fR, \fBEC_GFp_mont_method()\fR, \fBEC_GFp_nist_method()\fR, \&\fBEC_GFp_nistp224_method()\fR, \fBEC_GFp_nistp256_method()\fR, \fBEC_GFp_nistp521_method()\fR, \&\fBEC_GFp_simple_method()\fR .Sp There are no replacements for these functions. Applications should rely on the -library automatically assigning a suitable method internally when an \s-1EC_GROUP\s0 +library automatically assigning a suitable method internally when an EC_GROUP is constructed. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_GROUP_clear_free()\fR .Sp Use \fBEC_GROUP_free\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_GROUP_get_curve_GF2m()\fR, \fBEC_GROUP_get_curve_GFp()\fR, \fBEC_GROUP_set_curve_GF2m()\fR, \&\fBEC_GROUP_set_curve_GFp()\fR .Sp Applications should use \fBEC_GROUP_get_curve\fR\|(3) and \fBEC_GROUP_set_curve\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_GROUP_have_precompute_mult()\fR, \fBEC_GROUP_precompute_mult()\fR, \&\fBEC_KEY_precompute_mult()\fR .Sp These functions are not widely used. Applications should instead switch to named curves which OpenSSL has hardcoded lookup tables for. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_GROUP_new()\fR, \fBEC_GROUP_method_of()\fR, \fBEC_POINT_method_of()\fR .Sp -\&\s-1EC_METHOD\s0 is now an internal-only concept and a suitable \s-1EC_METHOD\s0 is assigned +EC_METHOD is now an internal\-only concept and a suitable EC_METHOD is assigned internally without application intervention. Users of \fBEC_GROUP_new()\fR should switch to a different suitable constructor. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_KEY_can_sign()\fR .Sp Applications should use \fBEVP_PKEY_can_sign\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_KEY_check_key()\fR .Sp -See \*(L"Deprecated low-level validation functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level validation functions" +.IP \(bu 4 \&\fBEC_KEY_set_flags()\fR, \fBEC_KEY_get_flags()\fR, \fBEC_KEY_clear_flags()\fR .Sp -See \*(L"Common \s-1EC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) which handles flags as separate -parameters for \fB\s-1OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\s0\fR, -\&\fB\s-1OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE\s0\fR, \fB\s-1OSSL_PKEY_PARAM_EC_ENCODING\s0\fR, -\&\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR and -\&\fB\s-1OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC\s0\fR. -See also \*(L"\s-1EXAMPLES\*(R"\s0 in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) -.IP "\(bu" 4 +See "Common EC parameters" in \fBEVP_PKEY\-EC\fR\|(7) which handles flags as separate +parameters for \fBOSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\fR, +\&\fBOSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE\fR, \fBOSSL_PKEY_PARAM_EC_ENCODING\fR, +\&\fBOSSL_PKEY_PARAM_USE_COFACTOR_ECDH\fR and +\&\fBOSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC\fR. +See also "EXAMPLES" in \fBEVP_PKEY\-EC\fR\|(7) +.IP \(bu 4 \&\fBEC_KEY_dup()\fR, \fBEC_KEY_copy()\fR .Sp There is no direct replacement. Applications may use \fBEVP_PKEY_copy_parameters\fR\|(3) and \fBEVP_PKEY_dup\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_KEY_decoded_from_explicit_params()\fR .Sp There is no replacement. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_KEY_generate_key()\fR .Sp -See \*(L"Deprecated low-level key generation functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key generation functions". +.IP \(bu 4 \&\fBEC_KEY_get0_group()\fR, \fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, \&\fBEC_KEY_get_conv_form()\fR, \fBEC_KEY_get_enc_flags()\fR .Sp -See \*(L"Deprecated low-level key parameter getters\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key parameter getters". +.IP \(bu 4 \&\fBEC_KEY_get0_engine()\fR, \fBEC_KEY_get_default_method()\fR, \fBEC_KEY_get_method()\fR, \&\fBEC_KEY_new_method()\fR, \fBEC_KEY_get_ex_data()\fR, \fBEC_KEY_OpenSSL()\fR, \&\fBEC_KEY_set_ex_data()\fR, \fBEC_KEY_set_default_method()\fR, EC_KEY_METHOD_*(), \&\fBEC_KEY_set_method()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R" -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides" +.IP \(bu 4 \&\fBEC_METHOD_get_field_type()\fR .Sp Use \fBEC_GROUP_get_field_type\fR\|(3) instead. -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R" -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides" +.IP \(bu 4 \&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_oct2key()\fR, \fBEC_KEY_oct2priv()\fR, \fBEC_KEY_priv2buf()\fR, \&\fBEC_KEY_priv2oct()\fR .Sp There are no replacements for these. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR, \fBEC_KEY_free()\fR, \fBEC_KEY_up_ref()\fR .Sp -See \*(L"Deprecated low-level object creation\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level object creation" +.IP \(bu 4 \&\fBEC_KEY_print()\fR, \fBEC_KEY_print_fp()\fR .Sp -See \*(L"Deprecated low-level key printing functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key printing functions" +.IP \(bu 4 \&\fBEC_KEY_set_asn1_flag()\fR, \fBEC_KEY_set_conv_form()\fR, \fBEC_KEY_set_enc_flags()\fR .Sp -See \*(L"Deprecated low-level key parameter setters\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key parameter setters". +.IP \(bu 4 \&\fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_set_public_key()\fR, \&\fBEC_KEY_set_public_key_affine_coordinates()\fR .Sp -See \*(L"Deprecated low-level key parameter setters\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key parameter setters". +.IP \(bu 4 \&\fBECParameters_print()\fR, \fBECParameters_print_fp()\fR, \fBECPKParameters_print()\fR, \&\fBECPKParameters_print_fp()\fR .Sp -See \*(L"Deprecated low-level key printing functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key printing functions" +.IP \(bu 4 \&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2bn()\fR .Sp -These functions were not particularly useful, since \s-1EC\s0 point serialization -formats are not individual big-endian integers. -.IP "\(bu" 4 +These functions were not particularly useful, since EC point serialization +formats are not individual big\-endian integers. +.IP \(bu 4 \&\fBEC_POINT_get_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR, \&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_set_affine_coordinates_GFp()\fR .Sp Applications should use \fBEC_POINT_get_affine_coordinates\fR\|(3) and \&\fBEC_POINT_set_affine_coordinates\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR, \fBEC_POINT_set_Jprojective_coordinates_GFp()\fR .Sp These functions are not widely used. Applications should instead use the \&\fBEC_POINT_set_affine_coordinates\fR\|(3) and \fBEC_POINT_get_affine_coordinates\fR\|(3) functions. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_POINT_make_affine()\fR, \fBEC_POINTs_make_affine()\fR .Sp There is no replacement. These functions were not widely used, and OpenSSL automatically performs this conversion when needed. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR, \fBEC_POINT_set_compressed_coordinates_GFp()\fR .Sp Applications should use \fBEC_POINT_set_compressed_coordinates\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEC_POINTs_mul()\fR .Sp This function is not widely used. Applications should instead use the \&\fBEC_POINT_mul\fR\|(3) function. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBENGINE_*()\fR .Sp All engine functions are deprecated. An engine should be rewritten as a provider. -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R". -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides". +.IP \(bu 4 \&\fBERR_load_*()\fR, \fBERR_func_error_string()\fR, \fBERR_get_error_line()\fR, \&\fBERR_get_error_line_data()\fR, \fBERR_get_state()\fR .Sp OpenSSL now loads error strings automatically so these functions are not needed. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBERR_peek_error_line_data()\fR, \fBERR_peek_last_error_line_data()\fR .Sp The new functions are \fBERR_peek_error_func\fR\|(3), \fBERR_peek_last_error_func\fR\|(3), @@ -1560,179 +1498,184 @@ Applications should use \fBERR_get_error_all\fR\|(3), or pick information with ERR_peek functions and finish off with getting the error code by using \&\fBERR_get_error\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_CIPHER_CTX_iv()\fR, \fBEVP_CIPHER_CTX_iv_noconst()\fR, \fBEVP_CIPHER_CTX_original_iv()\fR .Sp Applications should instead use \fBEVP_CIPHER_CTX_get_updated_iv\fR\|(3), \&\fBEVP_CIPHER_CTX_get_updated_iv\fR\|(3) and \fBEVP_CIPHER_CTX_get_original_iv\fR\|(3) respectively. See \fBEVP_CIPHER_CTX_get_original_iv\fR\|(3) for further information. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_CIPHER_meth_*()\fR, \fBEVP_MD_CTX_set_update_fn()\fR, \fBEVP_MD_CTX_update_fn()\fR, \&\fBEVP_MD_meth_*()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R". -.IP "\(bu" 4 -\&\s-1\fBEVP_PKEY_CTRL_PKCS7_ENCRYPT\s0()\fR, \s-1\fBEVP_PKEY_CTRL_PKCS7_DECRYPT\s0()\fR, -\&\s-1\fBEVP_PKEY_CTRL_PKCS7_SIGN\s0()\fR, \s-1\fBEVP_PKEY_CTRL_CMS_ENCRYPT\s0()\fR, -\&\s-1\fBEVP_PKEY_CTRL_CMS_DECRYPT\s0()\fR, and \s-1\fBEVP_PKEY_CTRL_CMS_SIGN\s0()\fR +See "Providers are a replacement for engines and low\-level method overrides". +.IP \(bu 4 +\&\fBEVP_PKEY_CTRL_PKCS7_ENCRYPT()\fR, \fBEVP_PKEY_CTRL_PKCS7_DECRYPT()\fR, +\&\fBEVP_PKEY_CTRL_PKCS7_SIGN()\fR, \fBEVP_PKEY_CTRL_CMS_ENCRYPT()\fR, +\&\fBEVP_PKEY_CTRL_CMS_DECRYPT()\fR, and \fBEVP_PKEY_CTRL_CMS_SIGN()\fR .Sp These control operations are not invoked by the OpenSSL library anymore and are replaced by direct checks of the key operation against the key type when the operation is initialized. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR, \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR .Sp -See the \*(L"kdf-ukm\*(R" item in \*(L"\s-1DH\s0 key exchange parameters\*(R" in \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7) and -\&\*(L"\s-1ECDH\s0 Key Exchange parameters\*(R" in \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7). +See the "kdf\-ukm" item in "DH key exchange parameters" in \fBEVP_KEYEXCH\-DH\fR\|(7) and +"ECDH Key Exchange parameters" in \fBEVP_KEYEXCH\-ECDH\fR\|(7). These functions are obsolete and should not be required. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR .Sp Applications should use \fBEVP_PKEY_CTX_set1_rsa_keygen_pubexp\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_cmp()\fR, \fBEVP_PKEY_cmp_parameters()\fR .Sp Applications should use \fBEVP_PKEY_eq\fR\|(3) and \fBEVP_PKEY_parameters_eq\fR\|(3) instead. See \fBEVP_PKEY_copy_parameters\fR\|(3) for further details. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_encrypt_old()\fR, \fBEVP_PKEY_decrypt_old()\fR, .Sp Applications should use \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3) or \&\fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_get0()\fR .Sp -This function returns \s-1NULL\s0 if the key comes from a provider. -.IP "\(bu" 4 +This function returns NULL if the key comes from a provider. +.IP \(bu 4 \&\fBEVP_PKEY_get0_DH()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_EC_KEY()\fR, \fBEVP_PKEY_get0_RSA()\fR, \&\fBEVP_PKEY_get1_DH()\fR, \fBEVP_PKEY_get1_DSA()\fR, EVP_PKEY_get1_EC_KEY and \fBEVP_PKEY_get1_RSA()\fR, \&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR .Sp -See \*(L"Functions that return an internal key should be treated as read only\*(R". -.IP "\(bu" 4 +See "Functions that return an internal key should be treated as read only". +.IP \(bu 4 \&\fBEVP_PKEY_meth_*()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R". -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides". +.IP \(bu 4 \&\fBEVP_PKEY_new_CMAC_key()\fR .Sp -See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level MAC functions". +.IP \(bu 4 \&\fBEVP_PKEY_assign()\fR, \fBEVP_PKEY_set1_DH()\fR, \fBEVP_PKEY_set1_DSA()\fR, \&\fBEVP_PKEY_set1_EC_KEY()\fR, \fBEVP_PKEY_set1_RSA()\fR .Sp -See \*(L"Deprecated low-level key object getters and setters\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key object getters and setters" +.IP \(bu 4 \&\fBEVP_PKEY_set1_tls_encodedpoint()\fR \fBEVP_PKEY_get1_tls_encodedpoint()\fR .Sp These functions were previously used by libssl to set or get an encoded public -key into/from an \s-1EVP_PKEY\s0 object. With OpenSSL 3.0 these are replaced by the more +key into/from an EVP_PKEY object. With OpenSSL 3.0 these are replaced by the more generic functions \fBEVP_PKEY_set1_encoded_public_key\fR\|(3) and \&\fBEVP_PKEY_get1_encoded_public_key\fR\|(3). The old versions have been converted to deprecated macros that just call the new functions. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBEVP_PKEY_set1_engine()\fR, \fBEVP_PKEY_get0_engine()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R". -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides". +.IP \(bu 4 \&\fBEVP_PKEY_set_alias_type()\fR .Sp This function has been removed. There is no replacement. -See \*(L"\fBEVP_PKEY_set_alias_type()\fR method has been removed\*(R" -.IP "\(bu" 4 +See "\fBEVP_PKEY_set_alias_type()\fR method has been removed" +.IP \(bu 4 \&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR, \fBHMAC_size()\fR .Sp -See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level MAC functions". +.IP \(bu 4 \&\fBHMAC_CTX_new()\fR, \fBHMAC_CTX_free()\fR, \fBHMAC_CTX_copy()\fR, \fBHMAC_CTX_reset()\fR, \&\fBHMAC_CTX_set_flags()\fR, \fBHMAC_CTX_get_md()\fR .Sp -See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level MAC functions". +.IP \(bu 4 \&\fBi2d_DHparams()\fR, \fBi2d_DHxparams()\fR .Sp -See \*(L"Deprecated low-level key reading and writing functions\*(R" -and \*(L"Migration\*(R" in \fBd2i_RSAPrivateKey\fR\|(3) -.IP "\(bu" 4 +See "Deprecated low\-level key reading and writing functions" +and "Migration" in \fBd2i_RSAPrivateKey\fR\|(3) +.IP \(bu 4 \&\fBi2d_DSAparams()\fR, \fBi2d_DSAPrivateKey()\fR, \fBi2d_DSAPrivateKey_bio()\fR, \&\fBi2d_DSAPrivateKey_fp()\fR, \fBi2d_DSA_PUBKEY()\fR, \fBi2d_DSA_PUBKEY_bio()\fR, \&\fBi2d_DSA_PUBKEY_fp()\fR, \fBi2d_DSAPublicKey()\fR .Sp -See \*(L"Deprecated low-level key reading and writing functions\*(R" -and \*(L"Migration\*(R" in \fBd2i_RSAPrivateKey\fR\|(3) -.IP "\(bu" 4 +See "Deprecated low\-level key reading and writing functions" +and "Migration" in \fBd2i_RSAPrivateKey\fR\|(3) +.IP \(bu 4 \&\fBi2d_ECParameters()\fR, \fBi2d_ECPrivateKey()\fR, \fBi2d_ECPrivateKey_bio()\fR, \&\fBi2d_ECPrivateKey_fp()\fR, \fBi2d_EC_PUBKEY()\fR, \fBi2d_EC_PUBKEY_bio()\fR, -\&\fBi2d_EC_PUBKEY_fp()\fR, \fBi2o_ECPublicKey()\fR +\&\fBi2d_EC_PUBKEY_fp()\fR +.Sp +See "Deprecated low\-level key reading and writing functions" +and "Migration" in \fBd2i_RSAPrivateKey\fR\|(3) +.IP \(bu 4 +\&\fBi2o_ECPublicKey()\fR .Sp -See \*(L"Deprecated low-level key reading and writing functions\*(R" -and \*(L"Migration\*(R" in \fBd2i_RSAPrivateKey\fR\|(3) -.IP "\(bu" 4 +Use \fBEVP_PKEY_get1_encoded_public_key\fR\|(3). +See "Deprecated low\-level key parameter getters" +.IP \(bu 4 \&\fBi2d_RSAPrivateKey()\fR, \fBi2d_RSAPrivateKey_bio()\fR, \fBi2d_RSAPrivateKey_fp()\fR, \&\fBi2d_RSA_PUBKEY()\fR, \fBi2d_RSA_PUBKEY_bio()\fR, \fBi2d_RSA_PUBKEY_fp()\fR, \&\fBi2d_RSAPublicKey()\fR, \fBi2d_RSAPublicKey_bio()\fR, \fBi2d_RSAPublicKey_fp()\fR .Sp -See \*(L"Deprecated low-level key reading and writing functions\*(R" -and \*(L"Migration\*(R" in \fBd2i_RSAPrivateKey\fR\|(3) -.IP "\(bu" 4 +See "Deprecated low\-level key reading and writing functions" +and "Migration" in \fBd2i_RSAPrivateKey\fR\|(3) +.IP \(bu 4 \&\fBIDEA_encrypt()\fR, \fBIDEA_set_decrypt_key()\fR, \fBIDEA_set_encrypt_key()\fR, \&\fBIDEA_cbc_encrypt()\fR, \fBIDEA_cfb64_encrypt()\fR, \fBIDEA_ecb_encrypt()\fR, \&\fBIDEA_ofb64_encrypt()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -\&\s-1IDEA\s0 has been moved to the Legacy Provider. -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions". +IDEA has been moved to the Legacy Provider. +.IP \(bu 4 \&\fBIDEA_options()\fR .Sp There is no replacement. This function returned a constant string. -.IP "\(bu" 4 -\&\s-1\fBMD2\s0()\fR, \fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR +.IP \(bu 4 +\&\fBMD2()\fR, \fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -\&\s-1MD2\s0 has been moved to the Legacy Provider. -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions". +MD2 has been moved to the Legacy Provider. +.IP \(bu 4 \&\fBMD2_options()\fR .Sp There is no replacement. This function returned a constant string. -.IP "\(bu" 4 -\&\s-1\fBMD4\s0()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD4_Transform()\fR +.IP \(bu 4 +\&\fBMD4()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD4_Transform()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -\&\s-1MD4\s0 has been moved to the Legacy Provider. -.IP "\(bu" 4 -\&\s-1\fBMDC2\s0()\fR, \fBMDC2_Init()\fR, \fBMDC2_Update()\fR, \fBMDC2_Final()\fR +See "Deprecated low\-level encryption functions". +MD4 has been moved to the Legacy Provider. +.IP \(bu 4 +\&\fBMDC2()\fR, \fBMDC2_Init()\fR, \fBMDC2_Update()\fR, \fBMDC2_Final()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -\&\s-1MDC2\s0 has been moved to the Legacy Provider. -.IP "\(bu" 4 -\&\s-1\fBMD5\s0()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, \fBMD5_Final()\fR, \fBMD5_Transform()\fR +See "Deprecated low\-level encryption functions". +MDC2 has been moved to the Legacy Provider. +.IP \(bu 4 +\&\fBMD5()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, \fBMD5_Final()\fR, \fBMD5_Transform()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -.IP "\(bu" 4 -\&\s-1\fBNCONF_WIN32\s0()\fR +See "Deprecated low\-level encryption functions". +.IP \(bu 4 +\&\fBNCONF_WIN32()\fR .Sp This undocumented function has no replacement. -See \*(L"\s-1HISTORY\*(R"\s0 in \fBconfig\fR\|(5) for more details. -.IP "\(bu" 4 +See "HISTORY" in \fBconfig\fR\|(5) for more details. +.IP \(bu 4 \&\fBOCSP_parse_url()\fR .Sp Use \fBOSSL_HTTP_parse_url\fR\|(3) instead. -.IP "\(bu" 4 -\&\fB\s-1OCSP_REQ_CTX\s0\fR type and \fBOCSP_REQ_CTX_*()\fR functions +.IP \(bu 4 +\&\fBOCSP_REQ_CTX\fR type and \fBOCSP_REQ_CTX_*()\fR functions .Sp -These methods were used to collect all necessary data to form a \s-1HTTP\s0 request, -and to perform the \s-1HTTP\s0 transfer with that request. With OpenSSL 3.0, the -type is \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR, and the deprecated functions are replaced -with \fBOSSL_HTTP_REQ_CTX_*()\fR. See \s-1\fBOSSL_HTTP_REQ_CTX\s0\fR\|(3) for additional +These methods were used to collect all necessary data to form a HTTP request, +and to perform the HTTP transfer with that request. With OpenSSL 3.0, the +type is \fBOSSL_HTTP_REQ_CTX\fR, and the deprecated functions are replaced +with \fBOSSL_HTTP_REQ_CTX_*()\fR. See \fBOSSL_HTTP_REQ_CTX\fR\|(3) for additional details. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOPENSSL_fork_child()\fR, \fBOPENSSL_fork_parent()\fR, \fBOPENSSL_fork_prepare()\fR .Sp There is no replacement for these functions. These pthread fork support methods were unused by OpenSSL. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_do_all_loaders()\fR, \fBOSSL_STORE_LOADER_get0_engine()\fR, \&\fBOSSL_STORE_LOADER_get0_scheme()\fR, \fBOSSL_STORE_LOADER_new()\fR, \&\fBOSSL_STORE_LOADER_set_attach()\fR, \fBOSSL_STORE_LOADER_set_close()\fR, @@ -1746,7 +1689,7 @@ These functions helped applications and engines create loaders for schemes they supported. These are all deprecated and discouraged in favour of provider implementations, see \fBprovider\-storemgmt\fR\|(7). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBPEM_read_DHparams()\fR, \fBPEM_read_bio_DHparams()\fR, \&\fBPEM_read_DSAparams()\fR, \fBPEM_read_bio_DSAparams()\fR, \&\fBPEM_read_DSAPrivateKey()\fR, \fBPEM_read_DSA_PUBKEY()\fR, @@ -1764,145 +1707,145 @@ \&\fBPEM_write_bio_RSAPrivateKey()\fR, \fBPEM_write_bio_RSA_PUBKEY()\fR, \&\fBPEM_write_bio_RSAPublicKey()\fR, .Sp -See \*(L"Deprecated low-level key reading and writing functions\*(R" -.IP "\(bu" 4 -\&\s-1\fBPKCS1_MGF1\s0()\fR +See "Deprecated low\-level key reading and writing functions" +.IP \(bu 4 +\&\fBPKCS1_MGF1()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions". +.IP \(bu 4 \&\fBRAND_get_rand_method()\fR, \fBRAND_set_rand_method()\fR, \fBRAND_OpenSSL()\fR, \&\fBRAND_set_rand_engine()\fR .Sp Applications should instead use \fBRAND_set_DRBG_type\fR\|(3), -\&\s-1\fBEVP_RAND\s0\fR\|(3) and \s-1\fBEVP_RAND\s0\fR\|(7). +\&\fBEVP_RAND\fR\|(3) and \fBEVP_RAND\fR\|(7). See \fBRAND_set_rand_method\fR\|(3) for more details. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBRC2_encrypt()\fR, \fBRC2_decrypt()\fR, \fBRC2_set_key()\fR, \fBRC2_cbc_encrypt()\fR, \fBRC2_cfb64_encrypt()\fR, \&\fBRC2_ecb_encrypt()\fR, \fBRC2_ofb64_encrypt()\fR, -\&\s-1\fBRC4\s0()\fR, \fBRC4_set_key()\fR, \fBRC4_options()\fR, +\&\fBRC4()\fR, \fBRC4_set_key()\fR, \fBRC4_options()\fR, \&\fBRC5_32_encrypt()\fR, \fBRC5_32_set_key()\fR, \fBRC5_32_decrypt()\fR, \fBRC5_32_cbc_encrypt()\fR, \&\fBRC5_32_cfb64_encrypt()\fR, \fBRC5_32_ecb_encrypt()\fR, \fBRC5_32_ofb64_encrypt()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -The Algorithms \*(L"\s-1RC2\*(R", \*(L"RC4\*(R"\s0 and \*(L"\s-1RC5\*(R"\s0 have been moved to the Legacy Provider. -.IP "\(bu" 4 -\&\s-1\fBRIPEMD160\s0()\fR, \fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR, \fBRIPEMD160_Final()\fR, +See "Deprecated low\-level encryption functions". +The Algorithms "RC2", "RC4" and "RC5" have been moved to the Legacy Provider. +.IP \(bu 4 +\&\fBRIPEMD160()\fR, \fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR, \fBRIPEMD160_Final()\fR, \&\fBRIPEMD160_Transform()\fR .Sp -See \*(L"Deprecated low-level digest functions\*(R". -The \s-1RIPE\s0 algorithm has been moved to the Legacy Provider. -.IP "\(bu" 4 +See "Deprecated low\-level digest functions". +The RIPE algorithm has been moved to the Legacy Provider. +.IP \(bu 4 \&\fBRSA_bits()\fR, \fBRSA_security_bits()\fR, \fBRSA_size()\fR .Sp Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and \&\fBEVP_PKEY_get_size\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBRSA_check_key()\fR, \fBRSA_check_key_ex()\fR .Sp -See \*(L"Deprecated low-level validation functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level validation functions" +.IP \(bu 4 \&\fBRSA_clear_flags()\fR, \fBRSA_flags()\fR, \fBRSA_set_flags()\fR, \fBRSA_test_flags()\fR, \&\fBRSA_setup_blinding()\fR, \fBRSA_blinding_off()\fR, \fBRSA_blinding_on()\fR .Sp -All of these \s-1RSA\s0 flags have been deprecated without replacement: +All of these RSA flags have been deprecated without replacement: .Sp -\&\fB\s-1RSA_FLAG_BLINDING\s0\fR, \fB\s-1RSA_FLAG_CACHE_PRIVATE\s0\fR, \fB\s-1RSA_FLAG_CACHE_PUBLIC\s0\fR, -\&\fB\s-1RSA_FLAG_EXT_PKEY\s0\fR, \fB\s-1RSA_FLAG_NO_BLINDING\s0\fR, \fB\s-1RSA_FLAG_THREAD_SAFE\s0\fR -\&\fB\s-1RSA_METHOD_FLAG_NO_CHECK\s0\fR -.IP "\(bu" 4 +\&\fBRSA_FLAG_BLINDING\fR, \fBRSA_FLAG_CACHE_PRIVATE\fR, \fBRSA_FLAG_CACHE_PUBLIC\fR, +\&\fBRSA_FLAG_EXT_PKEY\fR, \fBRSA_FLAG_NO_BLINDING\fR, \fBRSA_FLAG_THREAD_SAFE\fR +\&\fBRSA_METHOD_FLAG_NO_CHECK\fR +.IP \(bu 4 \&\fBRSA_generate_key_ex()\fR, \fBRSA_generate_multi_prime_key()\fR .Sp -See \*(L"Deprecated low-level key generation functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key generation functions". +.IP \(bu 4 \&\fBRSA_get0_engine()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R" -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides" +.IP \(bu 4 \&\fBRSA_get0_crt_params()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, \&\fBRSA_get0_e()\fR, \fBRSA_get0_factors()\fR, \fBRSA_get0_iqmp()\fR, \fBRSA_get0_key()\fR, \&\fBRSA_get0_multi_prime_crt_params()\fR, \fBRSA_get0_multi_prime_factors()\fR, \fBRSA_get0_n()\fR, \&\fBRSA_get0_p()\fR, \fBRSA_get0_pss_params()\fR, \fBRSA_get0_q()\fR, \&\fBRSA_get_multi_prime_extra_count()\fR .Sp -See \*(L"Deprecated low-level key parameter getters\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key parameter getters" +.IP \(bu 4 \&\fBRSA_new()\fR, \fBRSA_free()\fR, \fBRSA_up_ref()\fR .Sp -See \*(L"Deprecated low-level object creation\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level object creation". +.IP \(bu 4 \&\fBRSA_get_default_method()\fR, RSA_get_ex_data and \fBRSA_get_method()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R". -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides". +.IP \(bu 4 \&\fBRSA_get_version()\fR .Sp There is no replacement. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBRSA_meth_*()\fR, \fBRSA_new_method()\fR, RSA_null_method and \fBRSA_PKCS1_OpenSSL()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R". -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides". +.IP \(bu 4 \&\fBRSA_padding_add_*()\fR, \fBRSA_padding_check_*()\fR .Sp -See \*(L"Deprecated low-level signing functions\*(R" and -\&\*(L"Deprecated low-level encryption functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level signing functions" and +"Deprecated low\-level encryption functions". +.IP \(bu 4 \&\fBRSA_print()\fR, \fBRSA_print_fp()\fR .Sp -See \*(L"Deprecated low-level key printing functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key printing functions" +.IP \(bu 4 \&\fBRSA_public_encrypt()\fR, \fBRSA_private_decrypt()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions" +.IP \(bu 4 \&\fBRSA_private_encrypt()\fR, \fBRSA_public_decrypt()\fR .Sp This is equivalent to doing sign and verify recover operations (with a padding -mode of none). See \*(L"Deprecated low-level signing functions\*(R". -.IP "\(bu" 4 +mode of none). See "Deprecated low\-level signing functions". +.IP \(bu 4 \&\fBRSAPrivateKey_dup()\fR, \fBRSAPublicKey_dup()\fR .Sp There is no direct replacement. Applications may use \fBEVP_PKEY_dup\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBRSAPublicKey_it()\fR, \fBRSAPrivateKey_it()\fR .Sp -See \*(L"Deprecated low-level key reading and writing functions\*(R" -.IP "\(bu" 4 +See "Deprecated low\-level key reading and writing functions" +.IP \(bu 4 \&\fBRSA_set0_crt_params()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_key()\fR, \&\fBRSA_set0_multi_prime_params()\fR .Sp -See \*(L"Deprecated low-level key parameter setters\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level key parameter setters". +.IP \(bu 4 \&\fBRSA_set_default_method()\fR, \fBRSA_set_method()\fR, \fBRSA_set_ex_data()\fR .Sp -See \*(L"Providers are a replacement for engines and low-level method overrides\*(R" -.IP "\(bu" 4 +See "Providers are a replacement for engines and low\-level method overrides" +.IP \(bu 4 \&\fBRSA_sign()\fR, \fBRSA_sign_ASN1_OCTET_STRING()\fR, \fBRSA_verify()\fR, \&\fBRSA_verify_ASN1_OCTET_STRING()\fR, \fBRSA_verify_PKCS1_PSS()\fR, \&\fBRSA_verify_PKCS1_PSS_mgf1()\fR .Sp -See \*(L"Deprecated low-level signing functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level signing functions". +.IP \(bu 4 \&\fBRSA_X931_derive_ex()\fR, \fBRSA_X931_generate_key_ex()\fR, \fBRSA_X931_hash_id()\fR .Sp There are no replacements for these functions. -X931 padding can be set using \*(L"Signature Parameters\*(R" in \s-1\fBEVP_SIGNATURE\-RSA\s0\fR\|(7). -See \fB\s-1OSSL_SIGNATURE_PARAM_PAD_MODE\s0\fR. -.IP "\(bu" 4 +X931 padding can be set using "Signature Parameters" in \fBEVP_SIGNATURE\-RSA\fR\|(7). +See \fBOSSL_SIGNATURE_PARAM_PAD_MODE\fR. +.IP \(bu 4 \&\fBSEED_encrypt()\fR, \fBSEED_decrypt()\fR, \fBSEED_set_key()\fR, \fBSEED_cbc_encrypt()\fR, \&\fBSEED_cfb128_encrypt()\fR, \fBSEED_ecb_encrypt()\fR, \fBSEED_ofb128_encrypt()\fR .Sp -See \*(L"Deprecated low-level encryption functions\*(R". -The \s-1SEED\s0 algorithm has been moved to the Legacy Provider. -.IP "\(bu" 4 +See "Deprecated low\-level encryption functions". +The SEED algorithm has been moved to the Legacy Provider. +.IP \(bu 4 \&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR, \fBSHA1_Final()\fR, \fBSHA1_Transform()\fR, \&\fBSHA224_Init()\fR, \fBSHA224_Update()\fR, \fBSHA224_Final()\fR, \&\fBSHA256_Init()\fR, \fBSHA256_Update()\fR, \fBSHA256_Final()\fR, \fBSHA256_Transform()\fR, \&\fBSHA384_Init()\fR, \fBSHA384_Update()\fR, \fBSHA384_Final()\fR, \&\fBSHA512_Init()\fR, \fBSHA512_Update()\fR, \fBSHA512_Final()\fR, \fBSHA512_Transform()\fR .Sp -See \*(L"Deprecated low-level digest functions\*(R". -.IP "\(bu" 4 +See "Deprecated low\-level digest functions". +.IP \(bu 4 \&\fBSRP_Calc_A()\fR, \fBSRP_Calc_B()\fR, \fBSRP_Calc_client_key()\fR, \fBSRP_Calc_server_key()\fR, \&\fBSRP_Calc_u()\fR, \fBSRP_Calc_x()\fR, \fBSRP_check_known_gN_param()\fR, \fBSRP_create_verifier()\fR, \&\fBSRP_create_verifier_BN()\fR, \fBSRP_get_default_gN()\fR, \fBSRP_user_pwd_free()\fR, \fBSRP_user_pwd_new()\fR, @@ -1910,74 +1853,74 @@ \&\fBSRP_VBASE_add0_user()\fR, \fBSRP_VBASE_free()\fR, \fBSRP_VBASE_get1_by_user()\fR, \fBSRP_VBASE_init()\fR, \&\fBSRP_VBASE_new()\fR, \fBSRP_Verify_A_mod_N()\fR, \fBSRP_Verify_B_mod_N()\fR .Sp -There are no replacements for the \s-1SRP\s0 functions. -.IP "\(bu" 4 +There are no replacements for the SRP functions. +.IP \(bu 4 \&\fBSSL_CTX_set_tmp_dh_callback()\fR, \fBSSL_set_tmp_dh_callback()\fR, \&\fBSSL_CTX_set_tmp_dh()\fR, \fBSSL_set_tmp_dh()\fR .Sp -These are used to set the Diffie-Hellman (\s-1DH\s0) parameters that are to be used by -servers requiring ephemeral \s-1DH\s0 keys. Instead applications should consider using -the built-in \s-1DH\s0 parameters that are available by calling \fBSSL_CTX_set_dh_auto\fR\|(3) +These are used to set the Diffie\-Hellman (DH) parameters that are to be used by +servers requiring ephemeral DH keys. Instead applications should consider using +the built\-in DH parameters that are available by calling \fBSSL_CTX_set_dh_auto\fR\|(3) or \fBSSL_set_dh_auto\fR\|(3). If custom parameters are necessary then applications can use the alternative functions \fBSSL_CTX_set0_tmp_dh_pkey\fR\|(3) and -\&\fBSSL_set0_tmp_dh_pkey\fR\|(3). There is no direct replacement for the \*(L"callback\*(R" +\&\fBSSL_set0_tmp_dh_pkey\fR\|(3). There is no direct replacement for the "callback" functions. The callback was originally useful in order to have different -parameters for export and non-export ciphersuites. Export ciphersuites are no +parameters for export and non\-export ciphersuites. Export ciphersuites are no longer supported by OpenSSL. Use of the callback functions should be replaced by one of the other methods described above. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR .Sp Use the new \fBSSL_CTX_set_tlsext_ticket_key_evp_cb\fR\|(3) function instead. -.IP "\(bu" 4 -\&\s-1\fBWHIRLPOOL\s0()\fR, \fBWHIRLPOOL_Init()\fR, \fBWHIRLPOOL_Update()\fR, \fBWHIRLPOOL_Final()\fR, +.IP \(bu 4 +\&\fBWHIRLPOOL()\fR, \fBWHIRLPOOL_Init()\fR, \fBWHIRLPOOL_Update()\fR, \fBWHIRLPOOL_Final()\fR, \&\fBWHIRLPOOL_BitUpdate()\fR .Sp -See \*(L"Deprecated low-level digest functions\*(R". +See "Deprecated low\-level digest functions". The Whirlpool algorithm has been moved to the Legacy Provider. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_certificate_type()\fR .Sp This was an undocumented function. Applications can use \fBX509_get0_pubkey\fR\|(3) and \fBX509_get0_signature\fR\|(3) instead. -.IP "\(bu" 4 +.IP \(bu 4 \&\fBX509_http_nbio()\fR, \fBX509_CRL_http_nbio()\fR .Sp Use \fBX509_load_http\fR\|(3) and \fBX509_CRL_load_http\fR\|(3) instead. .PP -\fI\s-1NID\s0 handling for provided keys and algorithms\fR +\fINID handling for provided keys and algorithms\fR .IX Subsection "NID handling for provided keys and algorithms" .PP -The following functions for \s-1NID\s0 (numeric id) handling have changed semantics. -.IP "\(bu" 4 +The following functions for NID (numeric id) handling have changed semantics. +.IP \(bu 4 \&\fBEVP_PKEY_id()\fR, \fBEVP_PKEY_get_id()\fR .Sp -This function was previously used to reliably return the \s-1NID\s0 of -an \s-1EVP_PKEY\s0 object, e.g., to look up the name of the algorithm of -such \s-1EVP_PKEY\s0 by calling \fBOBJ_nid2sn\fR\|(3). With the introduction +This function was previously used to reliably return the NID of +an EVP_PKEY object, e.g., to look up the name of the algorithm of +such EVP_PKEY by calling \fBOBJ_nid2sn\fR\|(3). With the introduction of \fBprovider\fR\|(7)s \fBEVP_PKEY_id()\fR or its new equivalent \&\fBEVP_PKEY_get_id\fR\|(3) might now also return the value \-1 -(\fB\s-1EVP_PKEY_KEYMGMT\s0\fR) indicating the use of a provider to -implement the \s-1EVP_PKEY\s0 object. Therefore, the use of +(\fBEVP_PKEY_KEYMGMT\fR) indicating the use of a provider to +implement the EVP_PKEY object. Therefore, the use of \&\fBEVP_PKEY_get0_type_name\fR\|(3) is recommended for retrieving -the name of the \s-1EVP_PKEY\s0 algorithm. -.SS "Using the \s-1FIPS\s0 Module in applications" +the name of the EVP_PKEY algorithm. +.SS "Using the FIPS Module in applications" .IX Subsection "Using the FIPS Module in applications" -See \fBfips_module\fR\|(7) and \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) for details. +See \fBfips_module\fR\|(7) and \fBOSSL_PROVIDER\-FIPS\fR\|(7) for details. .SS "OpenSSL command line application changes" .IX Subsection "OpenSSL command line application changes" \fINew applications\fR .IX Subsection "New applications" .PP -\&\fBopenssl kdf\fR uses the new \s-1\fBEVP_KDF\s0\fR\|(3) \s-1API.\s0 -\&\fBopenssl kdf\fR uses the new \s-1\fBEVP_MAC\s0\fR\|(3) \s-1API.\s0 +\&\fBopenssl kdf\fR uses the new \fBEVP_KDF\fR\|(3) API. +\&\fBopenssl kdf\fR uses the new \fBEVP_MAC\fR\|(3) API. .PP \fIAdded options\fR .IX Subsection "Added options" .PP \&\fB\-provider_path\fR and \fB\-provider\fR are available to all apps and can be used -multiple times to load any providers, such as the 'legacy' provider or third -party providers. If used then the 'default' provider would also need to be +multiple times to load any providers, such as the \*(Aqlegacy\*(Aq provider or third +party providers. If used then the \*(Aqdefault\*(Aq provider would also need to be specified if required. The \fB\-provider_path\fR must be specified before the \&\fB\-provider\fR option. .PP @@ -1985,7 +1928,7 @@ information. .PP \&\fB\-crl_lastupdate\fR and \fB\-crl_nextupdate\fR used by \fBopenssl ca\fR allows -explicit setting of fields in the generated \s-1CRL.\s0 +explicit setting of fields in the generated CRL. .PP \fIRemoved options\fR .IX Subsection "Removed options" @@ -2002,28 +1945,28 @@ The output of Command line applications may have minor changes. These are primarily changes in capitalisation and white space. However, in some cases, there are additional differences. -For example, the \s-1DH\s0 parameters output from \fBopenssl dhparam\fR now lists 'P', -\&'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup order' and -\&'counter' respectively. +For example, the DH parameters output from \fBopenssl dhparam\fR now lists \*(AqP\*(Aq, +\&\*(AqQ\*(Aq, \*(AqG\*(Aq and \*(Aqpcounter\*(Aq instead of \*(Aqprime\*(Aq, \*(Aqgenerator\*(Aq, \*(Aqsubgroup order\*(Aq and +\&\*(Aqcounter\*(Aq respectively. .PP The \fBopenssl\fR commands that read keys, certificates, and CRLs now -automatically detect the \s-1PEM\s0 or \s-1DER\s0 format of the input files so it is not +automatically detect the PEM or DER format of the input files so it is not necessary to explicitly specify the input format anymore. However if the input format option is used the specified format will be required. .PP -\&\fBopenssl speed\fR no longer uses low-level \s-1API\s0 calls. +\&\fBopenssl speed\fR no longer uses low\-level API calls. This implies some of the performance numbers might not be comparable with the previous releases due to higher overhead. This applies particularly to measuring performance on smaller data chunks. .PP b, \fBopenssl dsa\fR, \fBopenssl gendsa\fR, \fBopenssl dsaparam\fR, -\&\fBopenssl genrsa\fR and \fBopenssl rsa\fR have been modified to use \s-1PKEY\s0 APIs. -\&\fBopenssl genrsa\fR and \fBopenssl rsa\fR now write \s-1PKCS\s0 #8 keys by default. +\&\fBopenssl genrsa\fR and \fBopenssl rsa\fR have been modified to use PKEY APIs. +\&\fBopenssl genrsa\fR and \fBopenssl rsa\fR now write PKCS #8 keys by default. .PP \fIDefault settings\fR .IX Subsection "Default settings" .PP -\&\*(L"\s-1SHA256\*(R"\s0 is now the default digest for \s-1TS\s0 query used by \fBopenssl ts\fR. +"SHA256" is now the default digest for TS query used by \fBopenssl ts\fR. .PP \fIDeprecated apps\fR .IX Subsection "Deprecated apps" @@ -2032,119 +1975,119 @@ \&\fBopenssl dhparam\fR, \fBopenssl dsa\fR, \fBopenssl gendsa\fR, \fBopenssl dsaparam\fR, \&\fBopenssl genrsa\fR, \fBopenssl rsa\fR, \fBopenssl genrsa\fR and \fBopenssl rsa\fR are now in maintenance mode and no new features will be added to them. -.SS "\s-1TLS\s0 Changes" +.SS "TLS Changes" .IX Subsection "TLS Changes" -.IP "\(bu" 4 -\&\s-1TLS 1.3 FFDHE\s0 key exchange support added +.IP \(bu 4 +TLS 1.3 FFDHE key exchange support added .Sp -This uses \s-1DH\s0 safe prime named groups. -.IP "\(bu" 4 -Support for fully \*(L"pluggable\*(R" TLSv1.3 groups. +This uses DH safe prime named groups. +.IP \(bu 4 +Support for fully "pluggable" TLSv1.3 groups. .Sp This means that providers may supply their own group implementations (using -either the \*(L"key exchange\*(R" or the \*(L"key encapsulation\*(R" methods) which will +either the "key exchange" or the "key encapsulation" methods) which will automatically be detected and used by libssl. -.IP "\(bu" 4 -\&\s-1SSL\s0 and \s-1SSL_CTX\s0 options are now 64 bit instead of 32 bit. +.IP \(bu 4 +SSL and SSL_CTX options are now 64 bit instead of 32 bit. .Sp -The signatures of the functions to get and set options on \s-1SSL\s0 and -\&\s-1SSL_CTX\s0 objects changed from \*(L"unsigned long\*(R" to \*(L"uint64_t\*(R" type. +The signatures of the functions to get and set options on SSL and +SSL_CTX objects changed from "unsigned long" to "uint64_t" type. .Sp This may require source code changes. For example it is no longer possible -to use the \fB\s-1SSL_OP_\s0\fR macro values in preprocessor \f(CW\*(C`#if\*(C'\fR conditions. +to use the \fBSSL_OP_\fR macro values in preprocessor \f(CW\*(C`#if\*(C'\fR conditions. However it is still possible to test whether these macros are defined or not. .Sp See \fBSSL_CTX_get_options\fR\|(3), \fBSSL_CTX_set_options\fR\|(3), \&\fBSSL_get_options\fR\|(3) and \fBSSL_set_options\fR\|(3). -.IP "\(bu" 4 +.IP \(bu 4 \&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR Changes .Sp -These functions now take \s-1IP\s0 literal addresses as well as actual hostnames. -.IP "\(bu" 4 -Added \s-1SSL\s0 option \s-1SSL_OP_CLEANSE_PLAINTEXT\s0 +These functions now take IP literal addresses as well as actual hostnames. +.IP \(bu 4 +Added SSL option SSL_OP_CLEANSE_PLAINTEXT .Sp If the option is set, openssl cleanses (zeroizes) plaintext bytes from internal buffers after delivering them to the application. Note, the application is still responsible for cleansing other copies (e.g.: data received by \fBSSL_read\fR\|(3)). -.IP "\(bu" 4 -Client-initiated renegotiation is disabled by default. +.IP \(bu 4 +Client\-initiated renegotiation is disabled by default. .Sp To allow it, use the \fB\-client_renegotiation\fR option, -the \fB\s-1SSL_OP_ALLOW_CLIENT_RENEGOTIATION\s0\fR flag, or the \f(CW\*(C`ClientRenegotiation\*(C'\fR +the \fBSSL_OP_ALLOW_CLIENT_RENEGOTIATION\fR flag, or the \f(CW\*(C`ClientRenegotiation\*(C'\fR config parameter as appropriate. -.IP "\(bu" 4 -Secure renegotiation is now required by default for \s-1TLS\s0 connections +.IP \(bu 4 +Secure renegotiation is now required by default for TLS connections .Sp -Support for \s-1RFC 5746\s0 secure renegotiation is now required by default for -\&\s-1SSL\s0 or \s-1TLS\s0 connections to succeed. Applications that require the ability +Support for RFC 5746 secure renegotiation is now required by default for +SSL or TLS connections to succeed. Applications that require the ability to connect to legacy peers will need to explicitly set -\&\s-1SSL_OP_LEGACY_SERVER_CONNECT.\s0 Accordingly, \s-1SSL_OP_LEGACY_SERVER_CONNECT\s0 -is no longer set as part of \s-1SSL_OP_ALL.\s0 -.IP "\(bu" 4 -Combining the Configure options no-ec and no-dh no longer disables TLSv1.3 +SSL_OP_LEGACY_SERVER_CONNECT. Accordingly, SSL_OP_LEGACY_SERVER_CONNECT +is no longer set as part of SSL_OP_ALL. +.IP \(bu 4 +Combining the Configure options no\-ec and no\-dh no longer disables TLSv1.3 .Sp -Typically if OpenSSL has no \s-1EC\s0 or \s-1DH\s0 algorithms then it cannot support -connections with TLSv1.3. However OpenSSL now supports \*(L"pluggable\*(R" groups +Typically if OpenSSL has no EC or DH algorithms then it cannot support +connections with TLSv1.3. However OpenSSL now supports "pluggable" groups through providers. Therefore third party providers may supply group -implementations even where there are no built-in ones. Attempting to create -\&\s-1TLS\s0 connections in such a build without also disabling TLSv1.3 at run time or +implementations even where there are no built\-in ones. Attempting to create +TLS connections in such a build without also disabling TLSv1.3 at run time or using third party provider groups may result in handshake failures. TLSv1.3 -can be disabled at compile time using the \*(L"no\-tls1_3\*(R" Configure option. -.IP "\(bu" 4 +can be disabled at compile time using the "no\-tls1_3" Configure option. +.IP \(bu 4 \&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR changes. .Sp The methods now ignore unknown ciphers. -.IP "\(bu" 4 +.IP \(bu 4 Security callback change. .Sp The security callback, which can be customised by application code, supports -the security operation \s-1SSL_SECOP_TMP_DH.\s0 This is defined to take an \s-1EVP_PKEY\s0 -in the \*(L"other\*(R" parameter. In most places this is what is passed. All these +the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY +in the "other" parameter. In most places this is what is passed. All these places occur server side. However there was one client side call of this -security operation and it passed a \s-1DH\s0 object instead. This is incorrect -according to the definition of \s-1SSL_SECOP_TMP_DH,\s0 and is inconsistent with all +security operation and it passed a DH object instead. This is incorrect +according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other locations. Therefore this client side call has been changed to -pass an \s-1EVP_PKEY\s0 instead. -.IP "\(bu" 4 -New \s-1SSL\s0 option \s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0 +pass an EVP_PKEY instead. +.IP \(bu 4 +New SSL option SSL_OP_IGNORE_UNEXPECTED_EOF .Sp -The \s-1SSL\s0 option \s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0 is introduced. If that option -is set, an unexpected \s-1EOF\s0 is ignored, it pretends a close notify was received -instead and so the returned error becomes \s-1SSL_ERROR_ZERO_RETURN.\s0 -.IP "\(bu" 4 -The security strength of \s-1SHA1\s0 and \s-1MD5\s0 based signatures in \s-1TLS\s0 has been reduced. +The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option +is set, an unexpected EOF is ignored, it pretends a close notify was received +instead and so the returned error becomes SSL_ERROR_ZERO_RETURN. +.IP \(bu 4 +The security strength of SHA1 and MD5 based signatures in TLS has been reduced. .Sp -This results in \s-1SSL 3, TLS 1.0, TLS 1.1\s0 and \s-1DTLS 1.0\s0 no longer +This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer working at the default security level of 1 and instead requires security level 0. The security level can be changed either using the cipher string with \f(CW@SECLEVEL\fR, or calling \fBSSL_CTX_set_security_level\fR\|(3). This also means that where the signature algorithms extension is missing from a ClientHello -then the handshake will fail in \s-1TLS 1.2\s0 at security level 1. This is because, +then the handshake will fail in TLS 1.2 at security level 1. This is because, although this extension is optional, failing to provide one means that OpenSSL will fallback to a default set of signature algorithms. This default -set requires the availability of \s-1SHA1.\s0 -.IP "\(bu" 4 -X509 certificates signed using \s-1SHA1\s0 are no longer allowed at security level 1 and above. +set requires the availability of SHA1. +.IP \(bu 4 +X509 certificates signed using SHA1 are no longer allowed at security level 1 and above. .Sp -In \s-1TLS/SSL\s0 the default security level is 1. It can be set either using the cipher +In TLS/SSL the default security level is 1. It can be set either using the cipher string with \f(CW@SECLEVEL\fR, or calling \fBSSL_CTX_set_security_level\fR\|(3). If the -leaf certificate is signed with \s-1SHA\-1,\s0 a call to \fBSSL_CTX_use_certificate\fR\|(3) +leaf certificate is signed with SHA\-1, a call to \fBSSL_CTX_use_certificate\fR\|(3) will fail if the security level is not lowered first. -Outside \s-1TLS/SSL,\s0 the default security level is \-1 (effectively 0). It can +Outside TLS/SSL, the default security level is \-1 (effectively 0). It can be set using \fBX509_VERIFY_PARAM_set_auth_level\fR\|(3) or using the \fB\-auth_level\fR options of the commands. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBfips_module\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The migration guide was created for OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/openssl-core.h.7.orig +++ secure/lib/libcrypto/man/man7/openssl-core.h.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CORE.H 7ossl" -.TH OPENSSL-CORE.H 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-CORE.H 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl/core.h \- OpenSSL Core types -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fI\fR header defines a number of public types that are used to communicate between the OpenSSL libraries and @@ -154,31 +79,31 @@ of internal structures between the OpenSSL libraries and the providers. .PP The types are: -.IP "\s-1\fBOSSL_DISPATCH\s0\fR\|(3)" 4 +.IP \fBOSSL_DISPATCH\fR\|(3) 4 .IX Item "OSSL_DISPATCH" .PD 0 -.IP "\s-1\fBOSSL_ITEM\s0\fR\|(3)" 4 +.IP \fBOSSL_ITEM\fR\|(3) 4 .IX Item "OSSL_ITEM" -.IP "\s-1\fBOSSL_ALGORITHM\s0\fR\|(3)" 4 +.IP \fBOSSL_ALGORITHM\fR\|(3) 4 .IX Item "OSSL_ALGORITHM" -.IP "\s-1\fBOSSL_PARAM\s0\fR\|(3)" 4 +.IP \fBOSSL_PARAM\fR\|(3) 4 .IX Item "OSSL_PARAM" -.IP "\s-1\fBOSSL_CALLBACK\s0\fR\|(3)" 4 +.IP \fBOSSL_CALLBACK\fR\|(3) 4 .IX Item "OSSL_CALLBACK" -.IP "\s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3)" 4 +.IP \fBOSSL_PASSPHRASE_CALLBACK\fR\|(3) 4 .IX Item "OSSL_PASSPHRASE_CALLBACK" .PD .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-core_dispatch.h\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The types described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/openssl-core_dispatch.h.7.orig +++ secure/lib/libcrypto/man/man7/openssl-core_dispatch.h.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CORE_DISPATCH.H 7ossl" -.TH OPENSSL-CORE_DISPATCH.H 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-CORE_DISPATCH.H 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl/core_dispatch.h \&\- OpenSSL provider dispatch numbers and function types -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fI\fR header defines all the operation numbers, dispatch numbers and provider interface function types @@ -156,11 +81,11 @@ are named as follows: .IP "operation numbers" 4 .IX Item "operation numbers" -These macros have the form \f(CW\*(C`OSSL_OP_\f(CIopname\f(CW\*(C'\fR. +These macros have the form \f(CW\*(C`OSSL_OP_\fR\f(CIopname\fR\f(CW\*(C'\fR. .IP "dipatch numbers" 4 .IX Item "dipatch numbers" -These macros have the form \f(CW\*(C`OSSL_FUNC_\f(CIopname\f(CW_\f(CIfuncname\f(CW\*(C'\fR, where -\&\f(CW\*(C`\f(CIopname\f(CW\*(C'\fR is the same as in the macro for the operation this +These macros have the form \f(CW\*(C`OSSL_FUNC_\fR\f(CIopname\fR\f(CW_\fR\f(CIfuncname\fR\f(CW\*(C'\fR, where +\&\f(CW\*(C`\fR\f(CIopname\fR\f(CW\*(C'\fR is the same as in the macro for the operation this function belongs to. .PP With every dispatch number, there is an associated function type. @@ -169,14 +94,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The types and macros described here were added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/openssl-core_names.h.7.orig +++ secure/lib/libcrypto/man/man7/openssl-core_names.h.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,99 +53,40 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CORE_NAMES.H 7ossl" -.TH OPENSSL-CORE_NAMES.H 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-CORE_NAMES.H 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl/core_names.h \- OpenSSL provider parameter names -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fI\fR header defines a multitude of macros -for \s-1\fBOSSL_PARAM\s0\fR\|(3) names, algorithm names and other known names used -with OpenSSL's providers, made available for practical purposes only. +for \fBOSSL_PARAM\fR\|(3) names, algorithm names and other known names used +with OpenSSL\*(Aqs providers, made available for practical purposes only. .PP -Existing names are further described in the manuals for OpenSSL's -providers (see \*(L"\s-1SEE ALSO\*(R"\s0) and the manuals for each algorithm they +Existing names are further described in the manuals for OpenSSL\*(Aqs +providers (see "SEE ALSO") and the manuals for each algorithm they provide (listed in those provider manuals). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBOSSL_PROVIDER\-default\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), +\&\fBOSSL_PROVIDER\-default\fR\|(7), \fBOSSL_PROVIDER\-FIPS\fR\|(7), \&\fBOSSL_PROVIDER\-legacy\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The macros described here were added in OpenSSL 3.0. -.SH "CAVEATS" +.SH CAVEATS .IX Header "CAVEATS" \&\fIThis header file does not constitute a general registry of names\fR. Providers that implement new algorithms are to be responsible for @@ -170,11 +95,11 @@ However, authors of provider that implement their own variants of algorithms that OpenSSL providers support will want to pay attention to the names provided in this header to work in a compatible manner. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/openssl-env.7.orig +++ secure/lib/libcrypto/man/man7/openssl-env.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,131 +53,146 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-ENV 7ossl" -.TH OPENSSL-ENV 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-ENV 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-env \- OpenSSL environment variables -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The OpenSSL libraries use environment variables to override the -compiled-in default paths for various data. +compiled\-in default paths for various data. To avoid security risks, the environment is usually not consulted when -the executable is set-user-ID or set-group-ID. -.IP "\fB\s-1CTLOG_FILE\s0\fR" 4 +the executable is set\-user\-ID or set\-group\-ID. +.IP \fBCTLOG_FILE\fR 4 .IX Item "CTLOG_FILE" Specifies the path to a certificate transparency log list. See \fBCTLOG_STORE_new\fR\|(3). -.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IP \fBOPENSSL\fR 4 .IX Item "OPENSSL" Specifies the path to the \fBopenssl\fR executable. Used by -the \fBrehash\fR script (see \*(L"Script Configuration\*(R" in \fBopenssl\-rehash\fR\|(1)) -and by the \fB\s-1CA\s0.pl\fR script (see \*(L"\s-1NOTES\*(R"\s0 in \s-1\fBCA\s0.pl\fR\|(1) -.IP "\fB\s-1OPENSSL_CONF\s0\fR, \fB\s-1OPENSSL_CONF_INCLUDE\s0\fR" 4 +the \fBrehash\fR script (see "Script Configuration" in \fBopenssl\-rehash\fR\|(1)) +and by the \fBCA.pl\fR script (see "NOTES" in \fBCA.pl\fR\|(1) +.IP "\fBOPENSSL_CONF\fR, \fBOPENSSL_CONF_INCLUDE\fR" 4 .IX Item "OPENSSL_CONF, OPENSSL_CONF_INCLUDE" Specifies the path to a configuration file and the directory for included files. See \fBconfig\fR\|(5). -.IP "\fB\s-1OPENSSL_CONFIG\s0\fR" 4 +.IP \fBOPENSSL_CONFIG\fR 4 .IX Item "OPENSSL_CONFIG" Specifies a configuration option and filename for the \fBreq\fR and \fBca\fR -commands invoked by the \fB\s-1CA\s0.pl\fR script. -See \s-1\fBCA\s0.pl\fR\|(1). -.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +commands invoked by the \fBCA.pl\fR script. +See \fBCA.pl\fR\|(1). +.IP \fBOPENSSL_ENGINES\fR 4 .IX Item "OPENSSL_ENGINES" Specifies the directory from which dynamic engines are loaded. See \fBopenssl\-engine\fR\|(1). -.IP "\fB\s-1OPENSSL_MALLOC_FD\s0\fR, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR" 4 +.IP "\fBOPENSSL_MALLOC_FD\fR, \fBOPENSSL_MALLOC_FAILURES\fR" 4 .IX Item "OPENSSL_MALLOC_FD, OPENSSL_MALLOC_FAILURES" If built with debugging, this allows memory allocation to fail. See \fBOPENSSL_malloc\fR\|(3). -.IP "\fB\s-1OPENSSL_MODULES\s0\fR" 4 +.IP \fBOPENSSL_MODULES\fR 4 .IX Item "OPENSSL_MODULES" Specifies the directory from which cryptographic providers are loaded. -Equivalently, the generic \fB\-provider\-path\fR command-line option may be used. -.IP "\fB\s-1OPENSSL_WIN32_UTF8\s0\fR" 4 +Equivalently, the generic \fB\-provider\-path\fR command\-line option may be used. +.IP \fBOPENSSL_TRACE\fR 4 +.IX Item "OPENSSL_TRACE" +By default the OpenSSL trace feature is disabled statically. +To enable it, OpenSSL must be built with tracing support, +which may be configured like this: \f(CW\*(C`./config enable\-trace\*(C'\fR +.Sp +Unless OpenSSL tracing support is generally disabled, +enable trace output of specific parts of OpenSSL libraries, by name. +This output usually makes sense only if you know OpenSSL internals well. +.Sp +The value of this environment variable is a comma\-separated list of names, +with the following available: +.RS 4 +.IP \fBTRACE\fR 4 +.IX Item "TRACE" +Traces the OpenSSL trace API itself. +.IP \fBINIT\fR 4 +.IX Item "INIT" +Traces OpenSSL library initialization and cleanup. +.IP \fBTLS\fR 4 +.IX Item "TLS" +Traces the TLS/SSL protocol. +.IP \fBTLS_CIPHER\fR 4 +.IX Item "TLS_CIPHER" +Traces the ciphers used by the TLS/SSL protocol. +.IP \fBCONF\fR 4 +.IX Item "CONF" +Show details about provider and engine configuration. +.IP \fBENGINE_TABLE\fR 4 +.IX Item "ENGINE_TABLE" +The function that is used by RSA, DSA (etc) code to select registered +ENGINEs, cache defaults and functional references (etc), will generate +debugging summaries. +.IP \fBENGINE_REF_COUNT\fR 4 +.IX Item "ENGINE_REF_COUNT" +Reference counts in the ENGINE structure will be monitored with a line +of generated for each change. +.IP \fBPKCS5V2\fR 4 +.IX Item "PKCS5V2" +Traces PKCS#5 v2 key generation. +.IP \fBPKCS12_KEYGEN\fR 4 +.IX Item "PKCS12_KEYGEN" +Traces PKCS#12 key generation. +.IP \fBPKCS12_DECRYPT\fR 4 +.IX Item "PKCS12_DECRYPT" +Traces PKCS#12 decryption. +.IP \fBX509V3_POLICY\fR 4 +.IX Item "X509V3_POLICY" +Generates the complete policy tree at various points during X.509 v3 +policy evaluation. +.IP \fBBN_CTX\fR 4 +.IX Item "BN_CTX" +Traces BIGNUM context operations. +.IP \fBCMP\fR 4 +.IX Item "CMP" +Traces CMP client and server activity. +.IP \fBSTORE\fR 4 +.IX Item "STORE" +Traces STORE operations. +.IP \fBDECODER\fR 4 +.IX Item "DECODER" +Traces decoder operations. +.IP \fBENCODER\fR 4 +.IX Item "ENCODER" +Traces encoder operations. +.IP \fBREF_COUNT\fR 4 +.IX Item "REF_COUNT" +Traces decrementing certain ASN.1 structure references. +.IP \fBHTTP\fR 4 +.IX Item "HTTP" +Traces the HTTP client and server, such as messages being sent and received. +.RE +.RS 4 +.RE +.IP \fBOPENSSL_WIN32_UTF8\fR 4 .IX Item "OPENSSL_WIN32_UTF8" -If set, then \fBUI_OpenSSL\fR\|(3) returns \s-1UTF\-8\s0 encoded strings, rather than +If set, then \fBUI_OpenSSL\fR\|(3) returns UTF\-8 encoded strings, rather than ones encoded in the current code page, and -the \fBopenssl\fR\|(1) program also transcodes the command-line parameters -from the current code page to \s-1UTF\-8.\s0 +the \fBopenssl\fR\|(1) program also transcodes the command\-line parameters +from the current code page to UTF\-8. This environment variable is only checked on Microsoft Windows platforms. -.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IP \fBRANDFILE\fR 4 .IX Item "RANDFILE" The state file for the random number generator. This should not be needed in normal use. See \fBRAND_load_file\fR\|(3). -.IP "\fB\s-1SSL_CERT_DIR\s0\fR, \fB\s-1SSL_CERT_FILE\s0\fR" 4 +.IP "\fBSSL_CERT_DIR\fR, \fBSSL_CERT_FILE\fR" 4 .IX Item "SSL_CERT_DIR, SSL_CERT_FILE" -Specify the default directory or file containing \s-1CA\s0 certificates. +Specify the default directory or file containing CA certificates. See \fBSSL_CTX_load_verify_locations\fR\|(3). -.IP "\fB\s-1TSGET\s0\fR" 4 +.IP \fBTSGET\fR 4 .IX Item "TSGET" Additional arguments for the \fBtsget\fR\|(1) command. .IP "\fBOPENSSL_ia32cap\fR, \fBOPENSSL_sparcv9cap\fR, \fBOPENSSL_ppccap\fR, \fBOPENSSL_armcap\fR, \fBOPENSSL_s390xcap\fR" 4 @@ -203,15 +202,15 @@ processor capabilities and run time feature enquiry. These environment variables can be used to exert more control over this selection process. See \fBOPENSSL_ia32cap\fR\|(3), \fBOPENSSL_s390xcap\fR\|(3). -.IP "\fB\s-1NO_PROXY\s0\fR, \fB\s-1HTTPS_PROXY\s0\fR, \fB\s-1HTTP_PROXY\s0\fR" 4 +.IP "\fBNO_PROXY\fR, \fBHTTPS_PROXY\fR, \fBHTTP_PROXY\fR" 4 .IX Item "NO_PROXY, HTTPS_PROXY, HTTP_PROXY" Specify a proxy hostname. See \fBOSSL_HTTP_parse_url\fR\|(3). -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/openssl-glossary.7.orig +++ secure/lib/libcrypto/man/man7/openssl-glossary.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,90 +53,31 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-GLOSSARY 7ossl" -.TH OPENSSL-GLOSSARY 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-GLOSSARY 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-glossary \- An OpenSSL Glossary -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -.IP "Algorithm" 4 +.IP Algorithm 4 .IX Item "Algorithm" -Cryptographic primitives such as the \s-1SHA256\s0 digest, or \s-1AES\s0 encryption are -referred to in OpenSSL as \*(L"algorithms\*(R". There can be more than one +Cryptographic primitives such as the SHA256 digest, or AES encryption are +referred to in OpenSSL as "algorithms". There can be more than one implementation for any given algorithm available for use. .Sp \&\fBcrypto\fR\|(7) -.IP "\s-1ASN.1, ASN1\s0" 4 +.IP "ASN.1, ASN1" 4 .IX Item "ASN.1, ASN1" -\&\s-1ASN.1\s0 (\*(L"Abstract Syntax Notation One\*(R") is a notation for describing abstract -types and values. It is defined in the ITU-T documents X.680 to X.683: +ASN.1 ("Abstract Syntax Notation One") is a notation for describing abstract +types and values. It is defined in the ITU\-T documents X.680 to X.683: .Sp , , @@ -165,10 +90,10 @@ Default Provider. .Sp \&\fBOSSL_PROVIDER\-base\fR\|(7) -.IP "Decoder" 4 +.IP Decoder 4 .IX Item "Decoder" A decoder is a type of algorithm used for decoding keys and parameters from some -external format such as \s-1PEM\s0 or \s-1DER.\s0 +external format such as PEM or DER. .Sp \&\fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3) .IP "Default Provider" 4 @@ -179,20 +104,19 @@ Default Provider. .Sp \&\fBOSSL_PROVIDER\-default\fR\|(7) -.ie n .IP "\s-1DER\s0 (""Distinguished Encoding Rules"")" 4 -.el .IP "\s-1DER\s0 (``Distinguished Encoding Rules'')" 4 -.IX Item "DER (Distinguished Encoding Rules)" -\&\s-1DER\s0 is a binary encoding of data, structured according to an \s-1ASN.1\s0 +.IP "DER (""Distinguished Encoding Rules"")" 4 +.IX Item "DER (""Distinguished Encoding Rules"")" +DER is a binary encoding of data, structured according to an ASN.1 specification. This is a common encoding used for cryptographic objects such as private and public keys, certificates, CRLs, ... .Sp -It is defined in ITU-T document X.690: +It is defined in ITU\-T document X.690: .Sp -.IP "Encoder" 4 +.IP Encoder 4 .IX Item "Encoder" An encoder is a type of algorithm used for encoding keys and parameters to some -external format such as \s-1PEM\s0 or \s-1DER.\s0 +external format such as PEM or DER. .Sp \&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3) .IP "Explicit Fetching" 4 @@ -200,7 +124,7 @@ Explicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is where a function call is made to obtain an algorithm object representing an implementation such as \fBEVP_MD_fetch\fR\|(3) or \fBEVP_CIPHER_fetch\fR\|(3) -.IP "Fetching" 4 +.IP Fetching 4 .IX Item "Fetching" Fetching is the process of looking through the available algorithm implementations, applying selection criteria (via a property query string), and @@ -209,12 +133,12 @@ Also see Explicit Fetching and Implicit Fetching. .Sp \&\fBcrypto\fR\|(7) -.IP "\s-1FIPS\s0 Provider" 4 +.IP "FIPS Provider" 4 .IX Item "FIPS Provider" An OpenSSL Provider that contains OpenSSL algorithm implementations that have -been validated according to the \s-1FIPS 140\-2\s0 standard. +been validated according to the FIPS 140\-2 standard. .Sp -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7) .IP "Implicit Fetching" 4 .IX Item "Implicit Fetching" Implicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is @@ -230,16 +154,16 @@ \&\fBOSSL_PROVIDER\-legacy\fR\|(7) .IP "Library Context" 4 .IX Item "Library Context" -A Library Context in OpenSSL is represented by the type \fB\s-1OSSL_LIB_CTX\s0\fR. It can +A Library Context in OpenSSL is represented by the type \fBOSSL_LIB_CTX\fR. It can be thought of as a scope within which configuration options apply. If an -application does not explicitly create a library context then the \*(L"default\*(R" +application does not explicitly create a library context then the "default" one is used. Many OpenSSL functions can take a library context as an argument. -A \s-1NULL\s0 value can always be passed to indicate the default library context. +A NULL value can always be passed to indicate the default library context. .Sp -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) -.IP "\s-1MSBLOB\s0" 4 +\&\fBOSSL_LIB_CTX\fR\|(3) +.IP MSBLOB 4 .IX Item "MSBLOB" -\&\s-1MSBLOB\s0 is a Microsoft specific binary format for \s-1RSA\s0 and \s-1DSA\s0 keys, both +MSBLOB is a Microsoft specific binary format for RSA and DSA keys, both private and public. This form is never passphrase protected. .IP "Null Provider" 4 .IX Item "Null Provider" @@ -248,16 +172,15 @@ library context. .Sp \&\fBOSSL_PROVIDER\-null\fR\|(7) -.IP "Operation" 4 +.IP Operation 4 .IX Item "Operation" An operation is a group of OpenSSL functions with a common purpose such as encryption, or digesting. .Sp \&\fBcrypto\fR\|(7) -.ie n .IP "\s-1PEM\s0 (""Privacy Enhanced Message"")" 4 -.el .IP "\s-1PEM\s0 (``Privacy Enhanced Message'')" 4 -.IX Item "PEM (Privacy Enhanced Message)" -\&\s-1PEM\s0 is a format used for encoding of binary content into a mail and \s-1ASCII\s0 +.IP "PEM (""Privacy Enhanced Message"")" 4 +.IX Item "PEM (""Privacy Enhanced Message"")" +PEM is a format used for encoding of binary content into a mail and ASCII friendly form. The content is a series of base64\-encoded lines, surrounded by begin/end markers each on their own line. For example: .Sp @@ -271,28 +194,28 @@ Optional header line(s) may appear after the begin line, and their existence depends on the type of object being written or read. .Sp -For all OpenSSL uses, the binary content is expected to be a \s-1DER\s0 encoded +For all OpenSSL uses, the binary content is expected to be a DER encoded structure. .Sp -This is defined in \s-1IETF RFC 1421:\s0 +This is defined in IETF RFC 1421: .Sp -.IP "PKCS#8" 4 +.IP PKCS#8 4 .IX Item "PKCS#8" -PKCS#8 is a specification of \s-1ASN.1\s0 structures that OpenSSL uses for storing +PKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing or transmitting any private key in a key type agnostic manner. There are two structures worth noting for OpenSSL use, one that contains the -key data in unencrypted form (known as \*(L"PrivateKeyInfo\*(R") and an encrypted -wrapper structure (known as \*(L"EncryptedPrivateKeyInfo\*(R"). +key data in unencrypted form (known as "PrivateKeyInfo") and an encrypted +wrapper structure (known as "EncryptedPrivateKeyInfo"). .Sp -This is specified in \s-1RFC 5208:\s0 +This is specified in RFC 5208: .Sp -.IP "Property" 4 +.IP Property 4 .IX Item "Property" A property is a way of classifying and selecting algorithm implementations. A property is a key/value pair expressed as a string. For example all algorithm -implementations in the default provider have the property \*(L"provider=default\*(R". +implementations in the default provider have the property "provider=default". An algorithm implementation can have multiple properties defined against it. .Sp Also see Property Query String. @@ -302,38 +225,38 @@ .IX Item "Property Query String" A property query string is a string containing a sequence of properties that can be used to select an algorithm implementation. For example the query string -\&\*(L"provider=example,foo=bar\*(R" will select algorithms from the \*(L"example\*(R" provider -that have a \*(L"foo\*(R" property defined for them with a value of \*(L"bar\*(R". +"provider=example,foo=bar" will select algorithms from the "example" provider +that have a "foo" property defined for them with a value of "bar". .Sp Property Query Strings are used during fetching. See Fetching. .Sp \&\fBproperty\fR\|(7) -.IP "Provider" 4 +.IP Provider 4 .IX Item "Provider" A provider in OpenSSL is a component that groups together algorithm implementations. Providers can come from OpenSSL itself or from third parties. .Sp \&\fBprovider\fR\|(7) -.IP "\s-1PVK\s0" 4 +.IP PVK 4 .IX Item "PVK" -\&\s-1PVK\s0 is a Microsoft specific binary format for \s-1RSA\s0 and \s-1DSA\s0 private keys. +PVK is a Microsoft specific binary format for RSA and DSA private keys. This form may be passphrase protected. -.IP "SubjectPublicKeyInfo" 4 +.IP SubjectPublicKeyInfo 4 .IX Item "SubjectPublicKeyInfo" -SubjectPublicKeyInfo is an \s-1ASN.1\s0 structure that OpenSSL uses for storing and +SubjectPublicKeyInfo is an ASN.1 structure that OpenSSL uses for storing and transmitting any public key in a key type agnostic manner. .Sp -This is specified as part of the specification for certificates, \s-1RFC 5280:\s0 +This is specified as part of the specification for certificates, RFC 5280: .Sp -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This glossary was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/openssl-threads.7.orig +++ secure/lib/libcrypto/man/man7/openssl-threads.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,153 +53,94 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-THREADS 7ossl" -.TH OPENSSL-THREADS 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-THREADS 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-threads \- Overview of thread safety in OpenSSL -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -In this man page, we use the term \fBthread-safe\fR to indicate that an +In this man page, we use the term \fBthread\-safe\fR to indicate that an object or function can be used by multiple threads at the same time. .PP OpenSSL can be built with or without threads support. The most important use of this support is so that OpenSSL itself can use a single consistent -\&\s-1API,\s0 as shown in \*(L"\s-1EXAMPLES\*(R"\s0 in \fBCRYPTO_THREAD_run_once\fR\|(3). -Multi-platform applications can also use this \s-1API.\s0 +API, as shown in "EXAMPLES" in \fBCRYPTO_THREAD_run_once\fR\|(3). +Multi\-platform applications can also use this API. .PP In particular, being configured for threads support does not imply that -all OpenSSL objects are thread-safe. +all OpenSSL objects are thread\-safe. To emphasize: \fImost objects are not safe for simultaneous use\fR. Exceptions to this should be documented on the specific manual pages, and -some general high-level guidance is given here. +some general high\-level guidance is given here. .PP -One major use of the OpenSSL thread \s-1API\s0 is to implement reference counting. -Many objects within OpenSSL are reference-counted, so resources are not +One major use of the OpenSSL thread API is to implement reference counting. +Many objects within OpenSSL are reference\-counted, so resources are not released, until the last reference is removed. References are often increased automatically (such as when an \fBX509\fR certificate object is added into an \fBX509_STORE\fR trust store). -There is often an \fB\f(BIobject\fB_up_ref\fR() function that can be used to increase +There is often an \fR\f(BIobject\fR\fB_up_ref\fR() function that can be used to increase the reference count. -Failure to match \fB\f(BIobject\fB_up_ref\fR() calls with the right number of -\&\fB\f(BIobject\fB_free\fR() calls is a common source of memory leaks when a program +Failure to match \fB\fR\f(BIobject\fR\fB_up_ref\fR() calls with the right number of +\&\fB\fR\f(BIobject\fR\fB_free\fR() calls is a common source of memory leaks when a program exits. .PP -Many objects have set and get \s-1API\s0's to set attributes in the object. +Many objects have set and get API\*(Aqs to set attributes in the object. A \f(CW\*(C`set0\*(C'\fR passes ownership from the caller to the object and a \&\f(CW\*(C`get0\*(C'\fR returns a pointer but the attribute ownership remains with the object and a reference to it is returned. A \f(CW\*(C`set1\*(C'\fR or \f(CW\*(C`get1\*(C'\fR function does not change the ownership, but instead -updates the attribute's reference count so that the object is shared +updates the attribute\*(Aqs reference count so that the object is shared between the caller and the object; the caller must free the returned attribute when finished. Functions that involve attributes that have reference counts themselves, but are named with just \f(CW\*(C`set\*(C'\fR or \f(CW\*(C`get\*(C'\fR are historical; and the documentation must state how the references are handled. -Get methods are often thread-safe as long as the ownership requirements are +Get methods are often thread\-safe as long as the ownership requirements are met and shared objects are not modified. -Set methods, or modifying shared objects, are generally not thread-safe +Set methods, or modifying shared objects, are generally not thread\-safe as discussed below. .PP -Objects are thread-safe -as long as the \s-1API\s0's being invoked don't modify the object; in this -case the parameter is usually marked in the \s-1API\s0 as \f(CW\*(C`const\*(C'\fR. +Objects are thread\-safe +as long as the API\*(Aqs being invoked don\*(Aqt modify the object; in this +case the parameter is usually marked in the API as \f(CW\*(C`const\*(C'\fR. Not all parameters are marked this way. Note that a \f(CW\*(C`const\*(C'\fR declaration does not mean immutable; for example \&\fBX509_cmp\fR\|(3) takes pointers to \f(CW\*(C`const\*(C'\fR objects, but the implementation uses a C cast to remove that so it can lock objects, generate and cache -a \s-1DER\s0 encoding, and so on. +a DER encoding, and so on. .PP -Another instance of thread-safety is when updates to an object's +Another instance of thread\-safety is when updates to an object\*(Aqs internal state, such as cached values, are done with locks. -One example of this is the reference counting \s-1API\s0's described above. +One example of this is the reference counting API\*(Aqs described above. .PP In all cases, however, it is generally not safe for one thread to mutate an object, such as setting elements of a private or public key, while another thread is using that object, such as verifying a signature. .PP -The same \s-1API\s0's can usually be used simultaneously on different objects +The same API\*(Aqs can usually be used simultaneously on different objects without interference. For example, two threads can calculate a signature using two different -\&\fB\s-1EVP_PKEY_CTX\s0\fR objects. +\&\fBEVP_PKEY_CTX\fR objects. .PP -For implicit global state or singletons, thread-safety depends on the facility. -The \fBCRYPTO_secure_malloc\fR\|(3) and related \s-1API\s0's have their own lock, +For implicit global state or singletons, thread\-safety depends on the facility. +The \fBCRYPTO_secure_malloc\fR\|(3) and related API\*(Aqs have their own lock, while \fBCRYPTO_malloc\fR\|(3) assumes the underlying platform allocation will do any necessary locking. -Some \s-1API\s0's, such as \fBNCONF_load\fR\|(3) and related, or \fBOBJ_create\fR\|(3) +Some API\*(Aqs, such as \fBNCONF_load\fR\|(3) and related, or \fBOBJ_create\fR\|(3) do no locking at all; this can be considered a bug. .PP -A separate, although related, issue is modifying \*(L"factory\*(R" objects +A separate, although related, issue is modifying "factory" objects when other objects have been created from that. -For example, an \fB\s-1SSL_CTX\s0\fR object created by \fBSSL_CTX_new\fR\|(3) is used -to create per-connection \fB\s-1SSL\s0\fR objects by calling \fBSSL_new\fR\|(3). +For example, an \fBSSL_CTX\fR object created by \fBSSL_CTX_new\fR\|(3) is used +to create per\-connection \fBSSL\fR objects by calling \fBSSL_new\fR\|(3). In this specific case, and probably for factory methods in general, it is not safe to modify the factory object after it has been used to create other objects. @@ -223,14 +148,14 @@ .IX Header "SEE ALSO" \&\fBCRYPTO_THREAD_run_once\fR\|(3), local system threads documentation. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" This page is admittedly very incomplete. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/openssl_user_macros.7.orig +++ secure/lib/libcrypto/man/man7/openssl_user_macros.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL_USER_MACROS 7ossl" -.TH OPENSSL_USER_MACROS 7ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL_USER_MACROS 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl_user_macros, OPENSSL_API_COMPAT, OPENSSL_NO_DEPRECATED \&\- User defined macros -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" User defined macros allow the programmer to control certain aspects of what is exposed by the OpenSSL headers. .PP -\&\fB\s-1NOTE:\s0\fR to be effective, a user defined macro \fImust be defined +\&\fBNOTE:\fR to be effective, a user defined macro \fImust be defined before including any header file that depends on it\fR, either in the compilation command (\f(CW\*(C`cc \-DMACRO=value\*(C'\fR) or by defining the macro in source before including any headers. @@ -155,17 +80,17 @@ user defined macros. .SS "The macros" .IX Subsection "The macros" -.IP "\fB\s-1OPENSSL_API_COMPAT\s0\fR" 4 +.IP \fBOPENSSL_API_COMPAT\fR 4 .IX Item "OPENSSL_API_COMPAT" The value is a version number, given in one of the following two forms: .RS 4 .ie n .IP """0xMNNFF000L""" 4 -.el .IP "\f(CW0xMNNFF000L\fR" 4 +.el .IP \f(CW0xMNNFF000L\fR 4 .IX Item "0xMNNFF000L" This is the form supported for all versions up to 1.1.x, where \f(CW\*(C`M\*(C'\fR represents the major number, \f(CW\*(C`NN\*(C'\fR represents the minor number, and \&\f(CW\*(C`FF\*(C'\fR represents the fix number, as a hexadecimal number. For version -1.1.0, that's \f(CW\*(C`0x10100000L\*(C'\fR. +1.1.0, that\*(Aqs \f(CW\*(C`0x10100000L\*(C'\fR. .Sp Any version number may be given, but these numbers are the current known major deprecation points, making them the most @@ -181,16 +106,16 @@ .ie n .IP """0x10100000L"" (version 1.1.0)" 4 .el .IP "\f(CW0x10100000L\fR (version 1.1.0)" 4 .IX Item "0x10100000L (version 1.1.0)" +.PD .RE .RS 4 -.PD .Sp For convenience, higher numbers are accepted as well, as long as feasible. For example, \f(CW\*(C`0x60000000L\*(C'\fR will work as expected. However, it is recommended to start using the second form instead: .RE .ie n .IP """mmnnpp""" 4 -.el .IP "\f(CWmmnnpp\fR" 4 +.el .IP \f(CWmmnnpp\fR 4 .IX Item "mmnnpp" This form is a simple decimal number calculated with this formula: .Sp @@ -206,28 +131,28 @@ .IX Item "10002 corresponds to version 1.0.2" .IP "420101 corresponds to version 42.1.1" 4 .IX Item "420101 corresponds to version 42.1.1" +.PD .RE .RS 4 .RE .RE .RS 4 -.PD .Sp -If \fB\s-1OPENSSL_API_COMPAT\s0\fR is undefined, this default value is used in its +If \fBOPENSSL_API_COMPAT\fR is undefined, this default value is used in its place: \&\f(CW30000\fR .RE -.IP "\fB\s-1OPENSSL_NO_DEPRECATED\s0\fR" 4 +.IP \fBOPENSSL_NO_DEPRECATED\fR 4 .IX Item "OPENSSL_NO_DEPRECATED" If this macro is defined, all deprecated public symbols in all OpenSSL -versions up to and including the version given by \fB\s-1OPENSSL_API_COMPAT\s0\fR -(or the default value given above, when \fB\s-1OPENSSL_API_COMPAT\s0\fR isn't defined) +versions up to and including the version given by \fBOPENSSL_API_COMPAT\fR +(or the default value given above, when \fBOPENSSL_API_COMPAT\fR isn\*(Aqt defined) will be hidden. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/ossl_store-file.7.orig +++ secure/lib/libcrypto/man/man7/ossl_store-file.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,123 +53,64 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_STORE-FILE 7ossl" -.TH OSSL_STORE-FILE 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_STORE-FILE 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" -ossl_store\-file \- The store 'file' scheme loader -.SH "SYNOPSIS" +.SH NAME +ossl_store\-file \- The store \*(Aqfile\*(Aq scheme loader +.SH SYNOPSIS .IX Header "SYNOPSIS" #include -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. -Since files come in all kinds of formats and content types, the 'file' -scheme has its own layer of functionality called \*(L"file handlers\*(R", +Support for the \*(Aqfile\*(Aq scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +Since files come in all kinds of formats and content types, the \*(Aqfile\*(Aq +scheme has its own layer of functionality called "file handlers", which are used to try to decode diverse types of file contents. .PP -In case a file is formatted as \s-1PEM,\s0 each called file handler receives -the \s-1PEM\s0 name (everything following any '\f(CW\*(C`\-\-\-\-\-BEGIN \*(C'\fR') as well as -possible \s-1PEM\s0 headers, together with the decoded \s-1PEM\s0 body. Since \s-1PEM\s0 +In case a file is formatted as PEM, each called file handler receives +the PEM name (everything following any \*(Aq\f(CW\*(C`\-\-\-\-\-BEGIN \*(C'\fR\*(Aq) as well as +possible PEM headers, together with the decoded PEM body. Since PEM formatted files can contain more than one object, the file handlers are called upon for each such object. .PP -If the file isn't determined to be formatted as \s-1PEM,\s0 the content is +If the file isn\*(Aqt determined to be formatted as PEM, the content is loaded in raw form in its entirety and passed to the available file -handlers as is, with no \s-1PEM\s0 name or headers. +handlers as is, with no PEM name or headers. .PP -Each file handler is expected to handle \s-1PEM\s0 and non-PEM content as -appropriate. Some may refuse non-PEM content for the sake of +Each file handler is expected to handle PEM and non\-PEM content as +appropriate. Some may refuse non\-PEM content for the sake of determinism (for example, there are keys out in the wild that are -represented as an \s-1ASN.1 OCTET STRING.\s0 In raw form, it's not easily -possible to distinguish those from any other data coming as an \s-1ASN.1 -OCTET STRING,\s0 so such keys would naturally be accepted as \s-1PEM\s0 files +represented as an ASN.1 OCTET STRING. In raw form, it\*(Aqs not easily +possible to distinguish those from any other data coming as an ASN.1 +OCTET STRING, so such keys would naturally be accepted as PEM files only). -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When needed, the 'file' scheme loader will require a pass phrase by -using the \fB\s-1UI_METHOD\s0\fR that was passed via \fBOSSL_STORE_open()\fR. -This pass phrase is expected to be \s-1UTF\-8\s0 encoded, anything else will +When needed, the \*(Aqfile\*(Aq scheme loader will require a pass phrase by +using the \fBUI_METHOD\fR that was passed via \fBOSSL_STORE_open()\fR. +This pass phrase is expected to be UTF\-8 encoded, anything else will give an undefined result. The files made accessible through this loader are expected to be standard compliant with regards to pass phrase encoding. -Files that aren't should be re-generated with a correctly encoded pass +Files that aren\*(Aqt should be re\-generated with a correctly encoded pass phrase. See \fBpassphrase\-encoding\fR\|(7) for more information. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/ossl_store.7.orig +++ secure/lib/libcrypto/man/man7/ossl_store.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,113 +53,58 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OSSL_STORE 7ossl" -.TH OSSL_STORE 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OSSL_STORE 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ossl_store \- Store retrieval functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" #include -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -.SS "General" +.SS General .IX Subsection "General" -A \s-1STORE\s0 is a layer of functionality to retrieve a number of supported +A STORE is a layer of functionality to retrieve a number of supported objects from a repository of any kind, addressable as a filename or -as a \s-1URI.\s0 +as a URI. .PP -The functionality supports the pattern \*(L"open a channel to the -repository\*(R", \*(L"loop and retrieve one object at a time\*(R", and \*(L"finish up -by closing the channel\*(R". +The functionality supports the pattern "open a channel to the +repository", "loop and retrieve one object at a time", and "finish up +by closing the channel". .PP -The retrieved objects are returned as a wrapper type \fB\s-1OSSL_STORE_INFO\s0\fR, +The retrieved objects are returned as a wrapper type \fBOSSL_STORE_INFO\fR, from which an OpenSSL type can be retrieved. -.SS "\s-1URI\s0 schemes and loaders" +.SS "URI schemes and loaders" .IX Subsection "URI schemes and loaders" -Support for a \s-1URI\s0 scheme is called a \s-1STORE\s0 \*(L"loader\*(R", and can be added +Support for a URI scheme is called a STORE "loader", and can be added dynamically from the calling application or from a loadable engine. .PP -Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +Support for the \*(Aqfile\*(Aq scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. See \fBossl_store\-file\fR\|(7) for more information. -.SS "\s-1UI_METHOD\s0 and pass phrases" +.SS "UI_METHOD and pass phrases" .IX Subsection "UI_METHOD and pass phrases" -The \fB\s-1OSS_STORE\s0\fR \s-1API\s0 does nothing to enforce any specific format or -encoding on the pass phrase that the \fB\s-1UI_METHOD\s0\fR provides. However, -the pass phrase is expected to be \s-1UTF\-8\s0 encoded. The result of any +The \fBOSS_STORE\fR API does nothing to enforce any specific format or +encoding on the pass phrase that the \fBUI_METHOD\fR provides. However, +the pass phrase is expected to be UTF\-8 encoded. The result of any other encoding is undefined. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .SS "A generic call" .IX Subsection "A generic call" -.Vb 1 -\& OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); +.Vb 2 +\& #include /* for UI_get_default_method */ +\& #include +\& +\& OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem", +\& UI_get_default_method(), NULL, NULL, NULL); \& \& /* \& * OSSL_STORE_eof() simulates file semantics for any repository to signal @@ -196,20 +125,21 @@ \& PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); \& break; \& } +\& OSSL_STORE_INFO_free(info); \& } \& \& OSSL_STORE_close(ctx); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_LOADER\s0\fR\|(3), +\&\fBOSSL_STORE_INFO\fR\|(3), \fBOSSL_STORE_LOADER\fR\|(3), \&\fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_expect\fR\|(3), -\&\s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBOSSL_STORE_SEARCH\fR\|(3) +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/passphrase-encoding.7.orig +++ secure/lib/libcrypto/man/man7/passphrase-encoding.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PASSPHRASE-ENCODING 7ossl" -.TH PASSPHRASE-ENCODING 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PASSPHRASE-ENCODING 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME passphrase\-encoding \&\- How diverse parts of OpenSSL treat pass phrases character encoding -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" In a modern world with all sorts of character encodings, the treatment of pass phrases has become increasingly complex. @@ -149,48 +74,48 @@ currently addressed in different parts of the OpenSSL library. .SS "The general case" .IX Subsection "The general case" -The OpenSSL library doesn't treat pass phrases in any special way as a general +The OpenSSL library doesn\*(Aqt treat pass phrases in any special way as a general rule, and trusts the application or user to choose a suitable character set and stick to that throughout the lifetime of affected objects. This means that for an object that was encrypted using a pass phrase encoded in -\&\s-1ISO\-8859\-1,\s0 that object needs to be decrypted using a pass phrase encoded in -\&\s-1ISO\-8859\-1.\s0 +ISO\-8859\-1, that object needs to be decrypted using a pass phrase encoded in +ISO\-8859\-1. Using the wrong encoding is expected to cause a decryption failure. -.SS "PKCS#12" +.SS PKCS#12 .IX Subsection "PKCS#12" PKCS#12 is a bit different regarding pass phrase encoding. -The standard stipulates that the pass phrase shall be encoded as an \s-1ASN.1\s0 +The standard stipulates that the pass phrase shall be encoded as an ASN.1 BMPString, which consists of the code points of the basic multilingual plane, -encoded in big endian (\s-1UCS\-2 BE\s0). +encoded in big endian (UCS\-2 BE). .PP OpenSSL tries to adapt to this requirements in one of the following manners: -.IP "1." 4 -Treats the received pass phrase as \s-1UTF\-8\s0 encoded and tries to re-encode it to -\&\s-1UTF\-16\s0 (which is the same as \s-1UCS\-2\s0 for characters U+0000 to U+D7FF and U+E000 +.IP 1. 4 +Treats the received pass phrase as UTF\-8 encoded and tries to re\-encode it to +UTF\-16 (which is the same as UCS\-2 for characters U+0000 to U+D7FF and U+E000 to U+FFFF, but becomes an expansion for any other character), or failing that, proceeds with step 2. -.IP "2." 4 -Assumes that the pass phrase is encoded in \s-1ASCII\s0 or \s-1ISO\-8859\-1\s0 and -opportunistically prepends each byte with a zero byte to obtain the \s-1UCS\-2\s0 +.IP 2. 4 +Assumes that the pass phrase is encoded in ASCII or ISO\-8859\-1 and +opportunistically prepends each byte with a zero byte to obtain the UCS\-2 encoding of the characters, which it stores as a BMPString. .Sp -Note that since there is no check of your locale, this may produce \s-1UCS\-2 / -UTF\-16\s0 characters that do not correspond to the original pass phrase characters -for other character sets, such as any \s-1ISO\-8859\-X\s0 encoding other than -\&\s-1ISO\-8859\-1\s0 (or for Windows, \s-1CP 1252\s0 with exception for the extra \*(L"graphical\*(R" +Note that since there is no check of your locale, this may produce UCS\-2 / +UTF\-16 characters that do not correspond to the original pass phrase characters +for other character sets, such as any ISO\-8859\-X encoding other than +ISO\-8859\-1 (or for Windows, CP 1252 with exception for the extra "graphical" characters in the 0x80\-0x9F range). .PP OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why OpenSSL still does this, to be able to read files produced with older versions. .PP -It should be noted that this approach isn't entirely fault free. +It should be noted that this approach isn\*(Aqt entirely fault free. .PP -A pass phrase encoded in \s-1ISO\-8859\-2\s0 could very well have a sequence such as -0xC3 0xAF (which is the two characters \*(L"\s-1LATIN CAPITAL LETTER A WITH BREVE\*(R"\s0 -and \*(L"\s-1LATIN CAPITAL LETTER Z WITH DOT ABOVE\*(R"\s0 in \s-1ISO\-8859\-2\s0 encoding), but would -be misinterpreted as the perfectly valid \s-1UTF\-8\s0 encoded code point U+00EF (\s-1LATIN -SMALL LETTER I WITH DIAERESIS\s0) \fIif the pass phrase doesn't contain anything that -would be invalid \s-1UTF\-8\s0\fR. +A pass phrase encoded in ISO\-8859\-2 could very well have a sequence such as +0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" +and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO\-8859\-2 encoding), but would +be misinterpreted as the perfectly valid UTF\-8 encoded code point U+00EF (LATIN +SMALL LETTER I WITH DIAERESIS) \fIif the pass phrase doesn\*(Aqt contain anything that +would be invalid UTF\-8\fR. A pass phrase that contains this kind of byte sequence will give a different outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. .PP @@ -199,48 +124,48 @@ \& 0x00 0xEF # OpenSSL 1.1.0 and newer .Ve .PP -On the same accord, anything encoded in \s-1UTF\-8\s0 that was given to OpenSSL older -than 1.1.0 was misinterpreted as \s-1ISO\-8859\-1\s0 sequences. -.SS "\s-1OSSL_STORE\s0" +On the same accord, anything encoded in UTF\-8 that was given to OpenSSL older +than 1.1.0 was misinterpreted as ISO\-8859\-1 sequences. +.SS OSSL_STORE .IX Subsection "OSSL_STORE" \&\fBossl_store\fR\|(7) acts as a general interface to access all kinds of objects, -potentially protected with a pass phrase, a \s-1PIN\s0 or something else. -This \s-1API\s0 stipulates that pass phrases should be \s-1UTF\-8\s0 encoded, and that any +potentially protected with a pass phrase, a PIN or something else. +This API stipulates that pass phrases should be UTF\-8 encoded, and that any other pass phrase encoding may give undefined results. -This \s-1API\s0 relies on the application to ensure \s-1UTF\-8\s0 encoding, and doesn't check +This API relies on the application to ensure UTF\-8 encoding, and doesn\*(Aqt check that this is the case, so what it gets, it will also pass to the underlying loader. -.SH "RECOMMENDATIONS" +.SH RECOMMENDATIONS .IX Header "RECOMMENDATIONS" This section assumes that you know what pass phrase was used for encryption, but that it may have been encoded in a different character encoding than the one used by your current input method. For example, the pass phrase may have been used at a time when your default -encoding was \s-1ISO\-8859\-1\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 -0xEF 0x76 0x65), and you're now in an environment where your default encoding -is \s-1UTF\-8\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +encoding was ISO\-8859\-1 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you\*(Aqre now in an environment where your default encoding +is UTF\-8 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 0x65). -Whenever it's mentioned that you should use a certain character encoding, it +Whenever it\*(Aqs mentioned that you should use a certain character encoding, it should be understood that you either change the input method to use the mentioned encoding when you type in your pass phrase, or use some suitable tool to convert your pass phrase from your default encoding to the target encoding. .PP -Also note that the sub-sections below discuss human readable pass phrases. +Also note that the sub\-sections below discuss human readable pass phrases. This is particularly relevant for PKCS#12 objects, where human readable pass phrases are assumed. -For other objects, it's as legitimate to use any byte sequence (such as a -sequence of bytes from \fI/dev/urandom\fR that's been saved away), which makes any +For other objects, it\*(Aqs as legitimate to use any byte sequence (such as a +sequence of bytes from \fI/dev/urandom\fR that\*(Aqs been saved away), which makes any character encoding discussion irrelevant; in such cases, simply use the same byte sequence as it is. .SS "Creating new objects" .IX Subsection "Creating new objects" For creating new pass phrase protected objects, make sure the pass phrase is -encoded using \s-1UTF\-8.\s0 +encoded using UTF\-8. This is default on most modern Unixes, but may involve an effort on other platforms. Specifically for Windows, setting the environment variable -\&\fB\s-1OPENSSL_WIN32_UTF8\s0\fR will have anything entered on [Windows] console prompt -converted to \s-1UTF\-8\s0 (command line and separately prompted pass phrases alike). +\&\fBOPENSSL_WIN32_UTF8\fR will have anything entered on [Windows] console prompt +converted to UTF\-8 (command line and separately prompted pass phrases alike). .SS "Opening existing objects" .IX Subsection "Opening existing objects" For opening pass phrase protected objects where you know what character @@ -250,24 +175,24 @@ For opening pass phrase protected objects where the character encoding that was used is unknown, or where the producing application is unknown, try one of the following: -.IP "1." 4 +.IP 1. 4 Try the pass phrase that you have as it is in the character encoding of your environment. -It's possible that its byte sequence is exactly right. -.IP "2." 4 -Convert the pass phrase to \s-1UTF\-8\s0 and try with the result. +It\*(Aqs possible that its byte sequence is exactly right. +.IP 2. 4 +Convert the pass phrase to UTF\-8 and try with the result. Specifically with PKCS#12, this should open up any object that was created according to the specification. -.IP "3." 4 -Do a nai\*:ve (i.e. purely mathematical) \s-1ISO\-8859\-1\s0 to \s-1UTF\-8\s0 conversion and try +.IP 3. 4 +Do a naïve (i.e. purely mathematical) ISO\-8859\-1 to UTF\-8 conversion and try with the result. -This differs from the previous attempt because \s-1ISO\-8859\-1\s0 maps directly to +This differs from the previous attempt because ISO\-8859\-1 maps directly to U+0000 to U+00FF, which other non\-UTF\-8 character sets do not. .Sp -This also takes care of the case when a \s-1UTF\-8\s0 encoded string was used with +This also takes care of the case when a UTF\-8 encoded string was used with OpenSSL older than 1.1.0. -(for example, \f(CW\*(C`i\*:\*(C'\fR, which is 0xC3 0xAF when encoded in \s-1UTF\-8,\s0 would become 0xC3 -0x83 0xC2 0xAF when re-encoded in the nai\*:ve manner. +(for example, \f(CW\*(C`ï\*(C'\fR, which is 0xC3 0xAF when encoded in UTF\-8, would become 0xC3 +0x83 0xC2 0xAF when re\-encoded in the naïve manner. The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the erroneous/non\-compliant encoding used by OpenSSL older than 1.1.0) .SH "SEE ALSO" @@ -278,11 +203,11 @@ \&\fBPEM_do_header\fR\|(3), \&\fBPKCS12_parse\fR\|(3), \fBPKCS12_newpass\fR\|(3), \&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/property.7.orig +++ secure/lib/libcrypto/man/man7/property.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROPERTY 7ossl" -.TH PROPERTY 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROPERTY 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME property \- Properties, a selection mechanism for algorithm implementations -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" As of OpenSSL 3.0, a new method has been introduced to decide which of multiple implementations of an algorithm will be used. @@ -159,13 +84,13 @@ (except for leading underscores not being permitted), which begins with a letter and can be followed by any number of letters, numbers and underscores. -Property names are case-insensitive, but OpenSSL will only use lowercase +Property names are case\-insensitive, but OpenSSL will only use lowercase letters. .PP A \fIuser defined\fR property name is similar, but it \fBmust\fR consist of two or more C\-style identifiers, separated by periods. -The last identifier in the name can be considered the 'true' property -name, which is prefixed by some sort of 'namespace'. +The last identifier in the name can be considered the \*(Aqtrue\*(Aq property +name, which is prefixed by some sort of \*(Aqnamespace\*(Aq. Providers for example could include their name in the prefix and use property names like .PP @@ -173,29 +98,29 @@ \& . \& .. .Ve -.SS "Properties" +.SS Properties .IX Subsection "Properties" A \fIproperty\fR is a \fIname=value\fR pair. A \fIproperty definition\fR is a sequence of comma separated properties. There can be any number of properties in a definition, however each name must be unique. -For example: "\*(L" defines an empty property definition (i.e., no restriction); -\&\*(R"my.foo=bar" defines a property named \fImy.foo\fR which has a string value \fIbar\fR -and \*(L"iteration.count=3\*(R" defines a property named \fIiteration.count\fR which +For example: "" defines an empty property definition (i.e., no restriction); +"my.foo=bar" defines a property named \fImy.foo\fR which has a string value \fIbar\fR +and "iteration.count=3" defines a property named \fIiteration.count\fR which has a numeric value of \fI3\fR. The full syntax for property definitions appears below. -.SS "Implementations" +.SS Implementations .IX Subsection "Implementations" Each implementation of an algorithm can define any number of properties. For example, the default provider defines the property \fIprovider=default\fR for all of its algorithms. -Likewise, OpenSSL's \s-1FIPS\s0 provider defines \fIprovider=fips\fR and the legacy +Likewise, OpenSSL\*(Aqs FIPS provider defines \fIprovider=fips\fR and the legacy provider defines \fIprovider=legacy\fR for all of their algorithms. -.SS "Queries" +.SS Queries .IX Subsection "Queries" A \fIproperty query clause\fR is a single conditional test. -For example, \*(L"fips=yes\*(R", \*(L"provider!=default\*(R" or \*(L"?iteration.count=3\*(R". +For example, "fips=yes", "provider!=default" or "?iteration.count=3". The first two represent mandatory clauses, such clauses \fBmust\fR match for any algorithm to even be under consideration. The third clause represents an optional clause. @@ -206,23 +131,23 @@ It is an error if a property name appears in more than one query clause. The full syntax for property queries appears below, but the available syntactic features are: -.IP "\(bu" 4 +.IP \(bu 4 \&\fB=\fR is an infix operator providing an equality test. -.IP "\(bu" 4 +.IP \(bu 4 \&\fB!=\fR is an infix operator providing an inequality test. -.IP "\(bu" 4 +.IP \(bu 4 \&\fB?\fR is a prefix operator that means that the following clause is optional but preferred. -.IP "\(bu" 4 +.IP \(bu 4 \&\fB\-\fR is a prefix operator that means any global query clause involving the following property name should be ignored. -.IP "\(bu" 4 -\&\fB\*(L"...\*(R"\fR is a quoted string. +.IP \(bu 4 +\&\fB"..."\fR is a quoted string. The quotes are not included in the body of the string. -.IP "\(bu" 4 -\&\fB'...'\fR is a quoted string. +.IP \(bu 4 +\&\fB\*(Aq...\*(Aq\fR is a quoted string. The quotes are not included in the body of the string. -.SS "Lookups" +.SS Lookups .IX Subsection "Lookups" When an algorithm is looked up, a property query is used to determine the best matching algorithm. @@ -232,11 +157,11 @@ If there is more than one such optimal candidate, the result will be chosen from amongst those in an indeterminate way. Ordering of optional clauses is not significant. -.SS "Shortcut" +.SS Shortcut .IX Subsection "Shortcut" In order to permit a more concise expression of boolean properties, there -is one short cut: a property name alone (e.g. \*(L"my.property\*(R") is -exactly equivalent to \*(L"my.property=yes\*(R" in both definitions and queries. +is one short cut: a property name alone (e.g. "my.property") is +exactly equivalent to "my.property=yes" in both definitions and queries. .SS "Global and Local" .IX Subsection "Global and Local" Two levels of property query are supported. @@ -246,19 +171,44 @@ the local clause overrides the context clause. .PP It is possible for a local property query to remove a clause in the context -property query by preceding the property name with a '\-'. -For example, a context property query that contains \*(L"fips=yes\*(R" would normally -result in implementations that have \*(L"fips=yes\*(R". +property query by preceding the property name with a \*(Aq\-\*(Aq. +For example, a context property query that contains "fips=yes" would normally +result in implementations that have "fips=yes". .PP -However, if the setting of the \*(L"fips\*(R" property is irrelevant to the +However, if the setting of the "fips" property is irrelevant to the operations being performed, the local property query can include the -clause \*(L"\-fips\*(R". -Note that the local property query could not use \*(L"fips=no\*(R" because that would -disallow any implementations with \*(L"fips=yes\*(R" rather than not caring about the +clause "\-fips". +Note that the local property query could not use "fips=no" because that would +disallow any implementations with "fips=yes" rather than not caring about the setting. -.SH "SYNTAX" +.SH "PREDEFINED NAMES" +.IX Header "PREDEFINED NAMES" +Currently known predefined names are: +.ie n .IP """provider""" 4 +.el .IP \f(CWprovider\fR 4 +.IX Item "provider" +The conventional property value is the provider\*(Aqs name. This may be different from the name returned by \fBOSSL_PROVIDER_get0_name\fR\|(3). +.Sp +It is a convention among OpenSSL provider implementations to define a property with this name. It is not mandatory to do this. +.ie n .IP """version""" 4 +.el .IP \f(CWversion\fR 4 +.IX Item "version" +The conventional property value is the provider\*(Aqs version. +.Sp +OpenSSL provider implementations do not define a property with this name. +.ie n .IP """fips""" 4 +.el .IP \f(CWfips\fR 4 +.IX Item "fips" +The conventional property value is boolean (\f(CW"yes"\fR or \f(CW"no"\fR), indication whether the implementation conforms to FIPS standards or not. +.Sp +It is a convention among OpenSSL provider implementations to define a property with this name where applicable. It is not mandatory to do this, but is strongly recommended. +.ie n .IP """output"", ""input"", ""structure""" 4 +.el .IP "\f(CWoutput\fR, \f(CWinput\fR, \f(CWstructure\fR" 4 +.IX Item "output, input, structure" +Properties with these names are used by encoders (see \fBprovider\-encoder\fR\|(7)) and decoders (see \fBprovider\-decoder\fR\|(7)). +.SH SYNTAX .IX Header "SYNTAX" -The lexical syntax in \s-1EBNF\s0 is given by: +The lexical syntax in EBNF is given by: .PP .Vb 11 \& Definition ::= PropertyName ( \*(Aq=\*(Aq Value )? @@ -274,16 +224,16 @@ \& PropertyName ::= [A\-Za\-z] [A\-Za\-z0\-9_]* ( \*(Aq.\*(Aq [A\-Za\-z] [A\-Za\-z0\-9_]* )* .Ve .PP -The flavour of \s-1EBNF\s0 being used is defined by: +The flavour of EBNF being used is defined by: . -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" Properties were added in OpenSSL 3.0 -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-asym_cipher.7.orig +++ secure/lib/libcrypto/man/man7/provider-asym_cipher.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-ASYM_CIPHER 7ossl" -.TH PROVIDER-ASYM_CIPHER 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-ASYM_CIPHER 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-asym_cipher \- The asym_cipher library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -177,28 +102,28 @@ \& int OSSL_FUNC_asym_cipher_set_ctx_params(void *ctx, const OSSL_PARAM params[]); \& const OSSL_PARAM *OSSL_FUNC_asym_cipher_settable_ctx_params(void *provctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The asymmetric cipher (\s-1OSSL_OP_ASYM_CIPHER\s0) operation enables providers to +The asymmetric cipher (OSSL_OP_ASYM_CIPHER) operation enables providers to implement asymmetric cipher algorithms and make them available to applications -via the \s-1API\s0 functions \fBEVP_PKEY_encrypt\fR\|(3), +via the API functions \fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3) and other related functions). .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_asym_cipher_newctx()\fR has these: +For example, the "function" \fBOSSL_FUNC_asym_cipher_newctx()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_asym_cipher_newctx_fn)(void *provctx); @@ -206,7 +131,7 @@ \& OSSL_FUNC_asym_cipher_newctx(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 3 @@ -239,7 +164,7 @@ so must OSSL_FUNC_asym_cipher_settable_ctx_params. .PP An asymmetric cipher algorithm must also implement some mechanism for generating, -loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. See \fBprovider\-keymgmt\fR\|(7) for further details. .SS "Context Management Functions" .IX Subsection "Context Management Functions" @@ -261,30 +186,30 @@ \&\fBOSSL_FUNC_asym_cipher_encrypt_init()\fR initialises a context for an asymmetric encryption given a provider side asymmetric cipher context in the \fIctx\fR parameter, and a pointer to a provider key object in the \fIprovkey\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_asym_cipher_set_ctx_params()\fR. The key object should have been previously generated, loaded or imported into -the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see \fBprovider\-keymgmt\fR\|(7)). +the provider using the key management (OSSL_OP_KEYMGMT) operation (see \fBprovider\-keymgmt\fR\|(7)). \&\fBOSSL_FUNC_asym_cipher_encrypt()\fR performs the actual encryption itself. A previously initialised asymmetric cipher context is passed in the \fIctx\fR parameter. The data to be encrypted is pointed to by the \fIin\fR parameter which is \fIinlen\fR bytes long. -Unless \fIout\fR is \s-1NULL,\s0 the encrypted data should be written to the location +Unless \fIout\fR is NULL, the encrypted data should be written to the location pointed to by the \fIout\fR parameter and it should not exceed \fIoutsize\fR bytes in length. The length of the encrypted data should be written to \fI*outlen\fR. -If \fIout\fR is \s-1NULL\s0 then the maximum length of the encrypted data should be +If \fIout\fR is NULL then the maximum length of the encrypted data should be written to \fI*outlen\fR. .SS "Decryption Functions" .IX Subsection "Decryption Functions" \&\fBOSSL_FUNC_asym_cipher_decrypt_init()\fR initialises a context for an asymmetric decryption given a provider side asymmetric cipher context in the \fIctx\fR parameter, and a pointer to a provider key object in the \fIprovkey\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_asym_cipher_set_ctx_params()\fR. The key object should have been previously generated, loaded or imported into -the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +the provider using the key management (OSSL_OP_KEYMGMT) operation (see \&\fBprovider\-keymgmt\fR\|(7)). .PP \&\fBOSSL_FUNC_asym_cipher_decrypt()\fR performs the actual decryption itself. @@ -292,102 +217,91 @@ parameter. The data to be decrypted is pointed to by the \fIin\fR parameter which is \fIinlen\fR bytes long. -Unless \fIout\fR is \s-1NULL,\s0 the decrypted data should be written to the location +Unless \fIout\fR is NULL, the decrypted data should be written to the location pointed to by the \fIout\fR parameter and it should not exceed \fIoutsize\fR bytes in length. The length of the decrypted data should be written to \fI*outlen\fR. -If \fIout\fR is \s-1NULL\s0 then the maximum length of the decrypted data should be +If \fIout\fR is NULL then the maximum length of the decrypted data should be written to \fI*outlen\fR. .SS "Asymmetric Cipher Parameters" .IX Subsection "Asymmetric Cipher Parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by the \fBOSSL_FUNC_asym_cipher_get_ctx_params()\fR and \fBOSSL_FUNC_asym_cipher_set_ctx_params()\fR functions. .PP \&\fBOSSL_FUNC_asym_cipher_get_ctx_params()\fR gets asymmetric cipher parameters associated with the given provider side asymmetric cipher context \fIctx\fR and stores them in \&\fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_asym_cipher_set_ctx_params()\fR sets the asymmetric cipher parameters associated with the given provider side asymmetric cipher context \fIctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP -Parameters currently recognised by built-in asymmetric cipher algorithms are as +Parameters currently recognised by built\-in asymmetric cipher algorithms are as follows. Not all parameters are relevant to, or are understood by all asymmetric cipher algorithms: -.ie n .IP """pad-mode"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string> \s-1OR\s0 " 4 -.el .IP "``pad-mode'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) <\s-1UTF8\s0 string> \s-1OR\s0 " 4 -.IX Item "pad-mode (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) OR " +.IP """pad\-mode"" (\fBOSSL_ASYM_CIPHER_PARAM_PAD_MODE\fR) OR " 4 +.IX Item """pad-mode"" (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) OR " The type of padding to be used. The interpretation of this value will depend on the algorithm in use. -.ie n .IP """digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) " -Gets or sets the name of the \s-1OAEP\s0 digest algorithm used when \s-1OAEP\s0 padding is in +.IP """digest"" (\fBOSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) " +Gets or sets the name of the OAEP digest algorithm used when OAEP padding is in use. -.ie n .IP """digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_ASYM_CIPHER_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_ASYM_CIPHER_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_ASYM_CIPHER_PARAM_DIGEST) " Gets or sets the name of the digest algorithm used by the algorithm (where applicable). -.ie n .IP """digest-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest-props (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) " -Gets or sets the properties to use when fetching the \s-1OAEP\s0 digest algorithm. -.ie n .IP """digest-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest-props (OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS) " +.IP """digest\-props"" (\fBOSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\fR) " 4 +.IX Item """digest-props"" (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) " +Gets or sets the properties to use when fetching the OAEP digest algorithm. +.IP """digest\-props"" (\fBOSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS\fR) " 4 +.IX Item """digest-props"" (OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS) " Gets or sets the properties to use when fetching the cipher digest algorithm. -.ie n .IP """mgf1\-digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mgf1\-digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mgf1-digest (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) " -Gets or sets the name of the \s-1MGF1\s0 digest algorithm used when \s-1OAEP\s0 or \s-1PSS\s0 padding +.IP """mgf1\-digest"" (\fBOSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\fR) " 4 +.IX Item """mgf1-digest"" (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) " +Gets or sets the name of the MGF1 digest algorithm used when OAEP or PSS padding is in use. -.ie n .IP """mgf1\-digest\-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mgf1\-digest\-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mgf1-digest-props (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) " -Gets or sets the properties to use when fetching the \s-1MGF1\s0 digest algorithm. -.ie n .IP """oaep-label"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 -.el .IP "``oaep-label'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 -.IX Item "oaep-label (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) " -Gets the \s-1OAEP\s0 label used when \s-1OAEP\s0 padding is in use. -.ie n .IP """oaep-label"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 -.el .IP "``oaep-label'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 -.IX Item "oaep-label (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) " -Sets the \s-1OAEP\s0 label used when \s-1OAEP\s0 padding is in use. -.ie n .IP """tls-client-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 -.el .IP "``tls-client-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 -.IX Item "tls-client-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " -The \s-1TLS\s0 protocol version first requested by the client. -.ie n .IP """tls-negotiated-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 -.el .IP "``tls-negotiated-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 -.IX Item "tls-negotiated-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " -The negotiated \s-1TLS\s0 protocol version. +.IP """mgf1\-digest\-props"" (\fBOSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\fR) " 4 +.IX Item """mgf1-digest-props"" (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) " +Gets or sets the properties to use when fetching the MGF1 digest algorithm. +.IP """oaep\-label"" (\fBOSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\fR) " 4 +.IX Item """oaep-label"" (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) " +Gets the OAEP label used when OAEP padding is in use. +.IP """oaep\-label"" (\fBOSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\fR) " 4 +.IX Item """oaep-label"" (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) " +Sets the OAEP label used when OAEP padding is in use. +.IP """tls\-client\-version"" (\fBOSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\fR) " 4 +.IX Item """tls-client-version"" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " +The TLS protocol version first requested by the client. +.IP """tls\-negotiated\-version"" (\fBOSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\fR) " 4 +.IX Item """tls-negotiated-version"" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " +The negotiated TLS protocol version. .PP \&\fBOSSL_FUNC_asym_cipher_gettable_ctx_params()\fR and \fBOSSL_FUNC_asym_cipher_settable_ctx_params()\fR -get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the gettable and settable +get a constant \fBOSSL_PARAM\fR\|(3) array that describes the gettable and settable parameters, i.e. parameters that can be used with \fBOSSL_FUNC_asym_cipherget_ctx_params()\fR and \fBOSSL_FUNC_asym_cipher_set_ctx_params()\fR respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_asym_cipher_newctx()\fR and \fBOSSL_FUNC_asym_cipher_dupctx()\fR should return the newly -created provider side asymmetric cipher context, or \s-1NULL\s0 on failure. +created provider side asymmetric cipher context, or NULL on failure. .PP All other functions should return 1 for success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The provider \s-1ASYM_CIPHER\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider ASYM_CIPHER interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-base.7.orig +++ secure/lib/libcrypto/man/man7/provider-base.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-BASE 7ossl" -.TH PROVIDER-BASE 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-BASE 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-base \&\- The basic OpenSSL library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -250,18 +175,18 @@ \& OSSL_CALLBACK *cb, void *arg); \& int provider_self_test(void *provctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays, in the call -of the provider initialization function. See \*(L"Provider\*(R" in \fBprovider\fR\|(7) -for a description of the initialization function. They are known as \*(L"upcalls\*(R". +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays, in the call +of the provider initialization function. See "Provider" in \fBprovider\fR\|(7) +for a description of the initialization function. They are known as "upcalls". .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from a \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from a \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBcore_gettable_params()\fR has these: +For example, the "function" \fBcore_gettable_params()\fR has these: .PP .Vb 4 \& typedef OSSL_PARAM * @@ -270,10 +195,11 @@ \& OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) array entries contain a \fIfunction_id\fR field that +identifies the function. The \fIfunction_id\fR numbers are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP -For \fIin\fR (the \s-1\fBOSSL_DISPATCH\s0\fR\|(3) array passed from \fIlibcrypto\fR to the +For \fIin\fR (the \fBOSSL_DISPATCH\fR\|(3) array passed from \fIlibcrypto\fR to the provider): .PP .Vb 10 @@ -323,7 +249,7 @@ \& provider_free OSSL_FUNC_PROVIDER_FREE .Ve .PP -For \fI*out\fR (the \s-1\fBOSSL_DISPATCH\s0\fR\|(3) array passed from the provider to +For \fI*out\fR (the \fBOSSL_DISPATCH\fR\|(3) array passed from the provider to \&\fIlibcrypto\fR): .PP .Vb 8 @@ -339,10 +265,10 @@ .SS "Core functions" .IX Subsection "Core functions" \&\fBcore_gettable_params()\fR returns a constant array of descriptor -\&\s-1\fBOSSL_PARAM\s0\fR\|(3), for parameters that \fBcore_get_params()\fR can handle. +\&\fBOSSL_PARAM\fR\|(3), for parameters that \fBcore_get_params()\fR can handle. .PP \&\fBcore_get_params()\fR retrieves parameters from the core for the given \fIhandle\fR. -See \*(L"Core parameters\*(R" below for a description of currently known +See "Core parameters" below for a description of currently known parameters. .PP The \fBcore_thread_start()\fR function informs the core that the provider has stated @@ -356,22 +282,22 @@ .PP \&\fBcore_get_libctx()\fR retrieves the core context in which the library object for the current provider is stored, accessible through the \fIhandle\fR. -This function is useful only for built-in providers such as the default -provider. Never cast this to \s-1OSSL_LIB_CTX\s0 in a provider that is not -built-in as the \s-1OSSL_LIB_CTX\s0 of the library loading the provider might be -a completely different structure than the \s-1OSSL_LIB_CTX\s0 of the library the +This function is useful only for built\-in providers such as the default +provider. Never cast this to OSSL_LIB_CTX in a provider that is not +built\-in as the OSSL_LIB_CTX of the library loading the provider might be +a completely different structure than the OSSL_LIB_CTX of the library the provider is linked to. Use \fBOSSL_LIB_CTX_new_child\fR\|(3) instead to obtain a proper library context that is linked to the application library context. .PP \&\fBcore_new_error()\fR, \fBcore_set_error_debug()\fR and \fBcore_vset_error()\fR are building blocks for reporting an error back to the core, with reference to the \fIhandle\fR. -.IP "\fBcore_new_error()\fR" 4 +.IP \fBcore_new_error()\fR 4 .IX Item "core_new_error()" allocates a new thread specific error record. .Sp This corresponds to the OpenSSL function \fBERR_new\fR\|(3). -.IP "\fBcore_set_error_debug()\fR" 4 +.IP \fBcore_set_error_debug()\fR 4 .IX Item "core_set_error_debug()" sets debugging information in the current thread specific error record. @@ -379,11 +305,11 @@ line \fIline\fR and the function name \fIfunc\fR where the error occurred. .Sp This corresponds to the OpenSSL function \fBERR_set_debug\fR\|(3). -.IP "\fBcore_vset_error()\fR" 4 +.IP \fBcore_vset_error()\fR 4 .IX Item "core_vset_error()" sets the \fIreason\fR for the error, along with any addition data. The \fIreason\fR is a number defined by the provider and used to index -the reason strings table that's returned by +the reason strings table that\*(Aqs returned by \&\fBprovider_get_reason_strings()\fR. The additional data is given as a format string \fIfmt\fR and a set of arguments \fIargs\fR, which are treated in the same manner as with @@ -393,12 +319,12 @@ .Sp This corresponds to the OpenSSL function \fBERR_vset_error\fR\|(3). .PP -The \fBcore_obj_create()\fR function registers a new \s-1OID\s0 and associated short name +The \fBcore_obj_create()\fR function registers a new OID and associated short name \&\fIsn\fR and long name \fIln\fR for the given \fIhandle\fR. It is similar to the OpenSSL function \fBOBJ_create\fR\|(3) except that it returns 1 on success or 0 on failure. -It will treat as success the case where the \s-1OID\s0 already exists (even if the +It will treat as success the case where the OID already exists (even if the short name \fIsn\fR or long name \fIln\fR provided as arguments differ from those -associated with the existing \s-1OID,\s0 in which case the new names are not +associated with the existing OID, in which case the new names are not associated). This function is not thread safe. .PP @@ -409,10 +335,10 @@ signature and digest algorithms are either already known to OpenSSL or have been registered via a call to \fBcore_obj_create()\fR. It corresponds to the OpenSSL function \fBOBJ_add_sigid\fR\|(3), except that the objects are identified by name -rather than a numeric \s-1NID.\s0 Any name (\s-1OID,\s0 short name or long name) can be used +rather than a numeric NID. Any name (OID, short name or long name) can be used to identify the object. It will treat as success the case where the composite signature algorithm already exists (even if registered against a different -underlying signature or digest algorithm). For \fIdigest_name\fR, \s-1NULL\s0 or an +underlying signature or digest algorithm). For \fIdigest_name\fR, NULL or an empty string is permissible for signature algorithms that do not need a digest to operate correctly. The function returns 1 on success or 0 on failure. This function is not thread safe. @@ -425,9 +351,9 @@ \&\fBBIO_free()\fR, \fBBIO_vprintf()\fR, \fBBIO_vsnprintf()\fR, \fBBIO_gets()\fR, \fBBIO_puts()\fR, \&\fBBIO_ctrl()\fR, \fBOPENSSL_cleanse()\fR and \&\fBOPENSSL_hexstr2buf()\fR correspond exactly to the public functions with -the same name. As a matter of fact, the pointers in the \s-1\fBOSSL_DISPATCH\s0\fR\|(3) -array are typically direct pointers to those public functions. Note that the \s-1BIO\s0 -functions take an \fB\s-1OSSL_CORE_BIO\s0\fR type rather than the standard \fB\s-1BIO\s0\fR +the same name. As a matter of fact, the pointers in the \fBOSSL_DISPATCH\fR\|(3) +array are typically direct pointers to those public functions. Note that the BIO +functions take an \fBOSSL_CORE_BIO\fR type rather than the standard \fBBIO\fR type. This is to ensure that a provider does not mix BIOs from the core with BIOs used on the provider side (the two are not compatible). \&\fBOSSL_SELF_TEST_set_callback()\fR is used to set an optional callback that can be @@ -456,22 +382,22 @@ \&\fBbuf\fR and its length in \fBlen\fR. .PP \&\fBprovider_register_child_cb()\fR registers callbacks for being informed about the -loading and unloading of providers in the application's library context. -\&\fIhandle\fR is this provider's handle and \fIcbdata\fR is this provider's data +loading and unloading of providers in the application\*(Aqs library context. +\&\fIhandle\fR is this provider\*(Aqs handle and \fIcbdata\fR is this provider\*(Aqs data that will be passed back to the callbacks. It returns 1 on success or 0 otherwise. These callbacks may be called while holding locks in libcrypto. In order to avoid deadlocks the callback implementation must not be long running -and must not call other OpenSSL \s-1API\s0 functions or upcalls. +and must not call other OpenSSL API functions or upcalls. .PP \&\fIcreate_cb\fR is a callback that will be called when a new provider is loaded -into the application's library context. It is also called for any providers that +into the application\*(Aqs library context. It is also called for any providers that are already loaded at the point that this callback is registered. The callback is passed the handle being used for the new provider being loadded and this -provider's data in \fIcbdata\fR. It should return 1 on success or 0 on failure. +provider\*(Aqs data in \fIcbdata\fR. It should return 1 on success or 0 on failure. .PP \&\fIremove_cb\fR is a callback that will be called when a new provider is unloaded -from the application's library context. It is passed the handle being used for -the provider being unloaded and this provider's data in \fIcbdata\fR. It should +from the application\*(Aqs library context. It is passed the handle being used for +the provider being unloaded and this provider\*(Aqs data in \fIcbdata\fR. It should return 1 on success or 0 on failure. .PP \&\fIglobal_props_cb\fR is a callback that will be called when the global properties @@ -481,7 +407,7 @@ \&\fBprovider_deregister_child_cb()\fR unregisters callbacks previously registered via \&\fBprovider_register_child_cb()\fR. If \fBprovider_register_child_cb()\fR has been called then \fBprovider_deregister_child_cb()\fR should be called at or before the point that -this provider's teardown function is called. +this provider\*(Aqs teardown function is called. .PP \&\fBprovider_name()\fR returns a string giving the name of the provider identified by \&\fIhandle\fR. @@ -502,17 +428,17 @@ .SS "Provider functions" .IX Subsection "Provider functions" \&\fBprovider_teardown()\fR is called when a provider is shut down and removed -from the core's provider store. +from the core\*(Aqs provider store. It must free the passed \fIprovctx\fR. .PP \&\fBprovider_gettable_params()\fR should return a constant array of -descriptor \s-1\fBOSSL_PARAM\s0\fR\|(3), for parameters that \fBprovider_get_params()\fR +descriptor \fBOSSL_PARAM\fR\|(3), for parameters that \fBprovider_get_params()\fR can handle. .PP -\&\fBprovider_get_params()\fR should process the \s-1\fBOSSL_PARAM\s0\fR\|(3) array +\&\fBprovider_get_params()\fR should process the \fBOSSL_PARAM\fR\|(3) array \&\fIparams\fR, setting the values of the parameters it understands. .PP -\&\fBprovider_query_operation()\fR should return a constant \s-1\fBOSSL_ALGORITHM\s0\fR\|(3) +\&\fBprovider_query_operation()\fR should return a constant \fBOSSL_ALGORITHM\fR\|(3) that corresponds to the given \fIoperation_id\fR. It should indicate if the core may store a reference to this array by setting \fI*no_store\fR to 0 (core may store a reference) or 1 (core may @@ -523,18 +449,18 @@ pointers have been copied. The \fIoperation_id\fR should match that passed to \&\fBprovider_query_operation()\fR and \fIalgs\fR should be its return value. .PP -\&\fBprovider_get_reason_strings()\fR should return a constant \s-1\fBOSSL_ITEM\s0\fR\|(3) +\&\fBprovider_get_reason_strings()\fR should return a constant \fBOSSL_ITEM\fR\|(3) array that provides reason strings for reason codes the provider may use when reporting errors using \fBcore_put_error()\fR. .PP The \fBprovider_get_capabilities()\fR function should call the callback \fIcb\fR passing -it a set of \s-1\fBOSSL_PARAM\s0\fR\|(3)s and the caller supplied argument \fIarg\fR. The -\&\s-1\fBOSSL_PARAM\s0\fR\|(3)s should provide details about the capability with the name given +it a set of \fBOSSL_PARAM\fR\|(3)s and the caller supplied argument \fIarg\fR. The +\&\fBOSSL_PARAM\fR\|(3)s should provide details about the capability with the name given in the \fIcapability\fR argument relevant for the provider context \fIprovctx\fR. If a provider supports multiple capabilities with the given name then it may call the callback multiple times (one for each capability). Capabilities can be useful for describing the services that a provider can offer. For further details see the -\&\*(L"\s-1CAPABILITIES\*(R"\s0 section below. It should return 1 on success or 0 on error. +"CAPABILITIES" section below. It should return 1 on success or 0 on error. .PP The \fBprovider_self_test()\fR function should perform known answer tests on a subset of the algorithms that it uses, and may also verify the integrity of the @@ -548,25 +474,21 @@ .SS "Provider parameters" .IX Subsection "Provider parameters" \&\fBprovider_get_params()\fR can return the following provider parameters to the core: -.ie n .IP """name"" (\fB\s-1OSSL_PROV_PARAM_NAME\s0\fR) <\s-1UTF8\s0 ptr>" 4 -.el .IP "``name'' (\fB\s-1OSSL_PROV_PARAM_NAME\s0\fR) <\s-1UTF8\s0 ptr>" 4 -.IX Item "name (OSSL_PROV_PARAM_NAME) " +.IP """name"" (\fBOSSL_PROV_PARAM_NAME\fR) " 4 +.IX Item """name"" (OSSL_PROV_PARAM_NAME) " This points to a string that should give a unique name for the provider. -.ie n .IP """version"" (\fB\s-1OSSL_PROV_PARAM_VERSION\s0\fR) <\s-1UTF8\s0 ptr>" 4 -.el .IP "``version'' (\fB\s-1OSSL_PROV_PARAM_VERSION\s0\fR) <\s-1UTF8\s0 ptr>" 4 -.IX Item "version (OSSL_PROV_PARAM_VERSION) " +.IP """version"" (\fBOSSL_PROV_PARAM_VERSION\fR) " 4 +.IX Item """version"" (OSSL_PROV_PARAM_VERSION) " This points to a string that is a version number associated with this provider. -OpenSSL in-built providers use \s-1OPENSSL_VERSION_STR,\s0 but this may be different +OpenSSL in\-built providers use OPENSSL_VERSION_STR, but this may be different for any third party provider. This string is for informational purposes only. -.ie n .IP """buildinfo"" (\fB\s-1OSSL_PROV_PARAM_BUILDINFO\s0\fR) <\s-1UTF8\s0 ptr>" 4 -.el .IP "``buildinfo'' (\fB\s-1OSSL_PROV_PARAM_BUILDINFO\s0\fR) <\s-1UTF8\s0 ptr>" 4 -.IX Item "buildinfo (OSSL_PROV_PARAM_BUILDINFO) " +.IP """buildinfo"" (\fBOSSL_PROV_PARAM_BUILDINFO\fR) " 4 +.IX Item """buildinfo"" (OSSL_PROV_PARAM_BUILDINFO) " This points to a string that is a build information associated with this provider. -OpenSSL in-built providers use \s-1OPENSSL_FULL_VERSION_STR,\s0 but this may be +OpenSSL in\-built providers use OPENSSL_FULL_VERSION_STR, but this may be different for any third party provider. -.ie n .IP """status"" (\fB\s-1OSSL_PROV_PARAM_STATUS\s0\fR) " 4 -.el .IP "``status'' (\fB\s-1OSSL_PROV_PARAM_STATUS\s0\fR) " 4 -.IX Item "status (OSSL_PROV_PARAM_STATUS) " +.IP """status"" (\fBOSSL_PROV_PARAM_STATUS\fR) " 4 +.IX Item """status"" (OSSL_PROV_PARAM_STATUS) " This returns 0 if the provider has entered an error state, otherwise it returns 1. .PP @@ -574,18 +496,15 @@ .SS "Core parameters" .IX Subsection "Core parameters" \&\fBcore_get_params()\fR can retrieve the following core parameters for each provider: -.ie n .IP """openssl-version"" (\fB\s-1OSSL_PROV_PARAM_CORE_VERSION\s0\fR) <\s-1UTF8\s0 string ptr>" 4 -.el .IP "``openssl-version'' (\fB\s-1OSSL_PROV_PARAM_CORE_VERSION\s0\fR) <\s-1UTF8\s0 string ptr>" 4 -.IX Item "openssl-version (OSSL_PROV_PARAM_CORE_VERSION) " -This points to the OpenSSL libraries' full version string, i.e. the string -expanded from the macro \fB\s-1OPENSSL_VERSION_STR\s0\fR. -.ie n .IP """provider-name"" (\fB\s-1OSSL_PROV_PARAM_CORE_PROV_NAME\s0\fR) <\s-1UTF8\s0 string ptr>" 4 -.el .IP "``provider-name'' (\fB\s-1OSSL_PROV_PARAM_CORE_PROV_NAME\s0\fR) <\s-1UTF8\s0 string ptr>" 4 -.IX Item "provider-name (OSSL_PROV_PARAM_CORE_PROV_NAME) " -This points to the OpenSSL libraries' idea of what the calling provider is named. -.ie n .IP """module-filename"" (\fB\s-1OSSL_PROV_PARAM_CORE_MODULE_FILENAME\s0\fR) <\s-1UTF8\s0 string ptr>" 4 -.el .IP "``module-filename'' (\fB\s-1OSSL_PROV_PARAM_CORE_MODULE_FILENAME\s0\fR) <\s-1UTF8\s0 string ptr>" 4 -.IX Item "module-filename (OSSL_PROV_PARAM_CORE_MODULE_FILENAME) " +.IP """openssl\-version"" (\fBOSSL_PROV_PARAM_CORE_VERSION\fR) " 4 +.IX Item """openssl-version"" (OSSL_PROV_PARAM_CORE_VERSION) " +This points to the OpenSSL libraries\*(Aq full version string, i.e. the string +expanded from the macro \fBOPENSSL_VERSION_STR\fR. +.IP """provider\-name"" (\fBOSSL_PROV_PARAM_CORE_PROV_NAME\fR) " 4 +.IX Item """provider-name"" (OSSL_PROV_PARAM_CORE_PROV_NAME) " +This points to the OpenSSL libraries\*(Aq idea of what the calling provider is named. +.IP """module\-filename"" (\fBOSSL_PROV_PARAM_CORE_MODULE_FILENAME\fR) " 4 +.IX Item """module-filename"" (OSSL_PROV_PARAM_CORE_MODULE_FILENAME) " This points to a string containing the full filename of the providers module file. .PP @@ -594,7 +513,7 @@ The dotted name form is a concatenation of section names and final config command name separated by periods. .PP -For example, let's say we have the following config example: +For example, let\*(Aqs say we have the following config example: .PP .Vb 2 \& config_diagnostics = 1 @@ -617,120 +536,106 @@ .Ve .PP The provider will have these additional parameters available: -.ie n .IP """activate""" 4 -.el .IP "``activate''" 4 -.IX Item "activate" -pointing at the string \*(L"1\*(R" -.ie n .IP """data1""" 4 -.el .IP "``data1''" 4 -.IX Item "data1" -pointing at the string \*(L"2\*(R" -.ie n .IP """data2""" 4 -.el .IP "``data2''" 4 -.IX Item "data2" -pointing at the string \*(L"str\*(R" -.ie n .IP """more.data3""" 4 -.el .IP "``more.data3''" 4 -.IX Item "more.data3" -pointing at the string \*(L"foo,bar\*(R" -.PP -For more information on handling parameters, see \s-1\fBOSSL_PARAM\s0\fR\|(3) as +.IP """activate""" 4 +.IX Item """activate""" +pointing at the string "1" +.IP """data1""" 4 +.IX Item """data1""" +pointing at the string "2" +.IP """data2""" 4 +.IX Item """data2""" +pointing at the string "str" +.IP """more.data3""" 4 +.IX Item """more.data3""" +pointing at the string "foo,bar" +.PP +For more information on handling parameters, see \fBOSSL_PARAM\fR\|(3) as \&\fBOSSL_PARAM_int\fR\|(3). -.SH "CAPABILITIES" +.SH CAPABILITIES .IX Header "CAPABILITIES" Capabilities describe some of the services that a provider can offer. Applications can query the capabilities to discover those services. .PP -\fI\*(L"TLS-GROUP\*(R" Capability\fR -.IX Subsection "TLS-GROUP Capability" +\fI"TLS\-GROUP" Capability\fR +.IX Subsection """TLS-GROUP"" Capability" .PP -The \*(L"TLS-GROUP\*(R" capability can be queried by libssl to discover the list of -\&\s-1TLS\s0 groups that a provider can support. Each group supported can be used for -\&\fIkey exchange\fR (\s-1KEX\s0) or \fIkey encapsulation method\fR (\s-1KEM\s0) during a \s-1TLS\s0 +The "TLS\-GROUP" capability can be queried by libssl to discover the list of +TLS groups that a provider can support. Each group supported can be used for +\&\fIkey exchange\fR (KEX) or \fIkey encapsulation method\fR (KEM) during a TLS handshake. -\&\s-1TLS\s0 clients can advertise the list of \s-1TLS\s0 groups they support in the -supported_groups extension, and \s-1TLS\s0 servers can select a group from the offered +TLS clients can advertise the list of TLS groups they support in the +supported_groups extension, and TLS servers can select a group from the offered list that they also support. In this way a provider can add to the list of groups that libssl already supports with additional ones. .PP -Each \s-1TLS\s0 group that a provider supports should be described via the callback +Each TLS group that a provider supports should be described via the callback passed in through the provider_get_capabilities function. Each group should have the following details supplied (all are mandatory, except -\&\fB\s-1OSSL_CAPABILITY_TLS_GROUP_IS_KEM\s0\fR): -.ie n .IP """tls-group-name"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``tls-group-name'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_NAME\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "tls-group-name (OSSL_CAPABILITY_TLS_GROUP_NAME) " -The name of the group as given in the \s-1IANA TLS\s0 Supported Groups registry +\&\fBOSSL_CAPABILITY_TLS_GROUP_IS_KEM\fR): +.IP """tls\-group\-name"" (\fBOSSL_CAPABILITY_TLS_GROUP_NAME\fR) " 4 +.IX Item """tls-group-name"" (OSSL_CAPABILITY_TLS_GROUP_NAME) " +The name of the group as given in the IANA TLS Supported Groups registry . -.ie n .IP """tls-group-name-internal"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``tls-group-name-internal'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "tls-group-name-internal (OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL) " +.IP """tls\-group\-name\-internal"" (\fBOSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL\fR) " 4 +.IX Item """tls-group-name-internal"" (OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL) " The name of the group as known by the provider. This could be the same as the -\&\*(L"tls-group-name\*(R", but does not have to be. -.ie n .IP """tls-group-id"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_ID\s0\fR) " 4 -.el .IP "``tls-group-id'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_ID\s0\fR) " 4 -.IX Item "tls-group-id (OSSL_CAPABILITY_TLS_GROUP_ID) " -The \s-1TLS\s0 group id value as given in the \s-1IANA TLS\s0 Supported Groups registry. -.ie n .IP """tls-group-alg"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``tls-group-alg'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "tls-group-alg (OSSL_CAPABILITY_TLS_GROUP_ALG) " +"tls\-group\-name", but does not have to be. +.IP """tls\-group\-id"" (\fBOSSL_CAPABILITY_TLS_GROUP_ID\fR) " 4 +.IX Item """tls-group-id"" (OSSL_CAPABILITY_TLS_GROUP_ID) " +The TLS group id value as given in the IANA TLS Supported Groups registry. +.IP """tls\-group\-alg"" (\fBOSSL_CAPABILITY_TLS_GROUP_ALG\fR) " 4 +.IX Item """tls-group-alg"" (OSSL_CAPABILITY_TLS_GROUP_ALG) " The name of a Key Management algorithm that the provider offers and that should be used with this group. Keys created should be able to support \fIkey exchange\fR -or \fIkey encapsulation method\fR (\s-1KEM\s0), as implied by the optional -\&\fB\s-1OSSL_CAPABILITY_TLS_GROUP_IS_KEM\s0\fR flag. +or \fIkey encapsulation method\fR (KEM), as implied by the optional +\&\fBOSSL_CAPABILITY_TLS_GROUP_IS_KEM\fR flag. The algorithm must support key and parameter generation as well as the -key/parameter generation parameter, \fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR. The group -name given via \*(L"tls-group-name-internal\*(R" above will be passed via -\&\fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR when libssl wishes to generate keys/parameters. -.ie n .IP """tls-group-sec-bits"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS\s0\fR) " 4 -.el .IP "``tls-group-sec-bits'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS\s0\fR) " 4 -.IX Item "tls-group-sec-bits (OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS) " +key/parameter generation parameter, \fBOSSL_PKEY_PARAM_GROUP_NAME\fR. The group +name given via "tls\-group\-name\-internal" above will be passed via +\&\fBOSSL_PKEY_PARAM_GROUP_NAME\fR when libssl wishes to generate keys/parameters. +.IP """tls\-group\-sec\-bits"" (\fBOSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS\fR) " 4 +.IX Item """tls-group-sec-bits"" (OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS) " The number of bits of security offered by keys in this group. The number of bits -should be comparable with the ones given in table 2 and 3 of the \s-1NIST SP800\-57\s0 +should be comparable with the ones given in table 2 and 3 of the NIST SP800\-57 document. -.ie n .IP """tls-group-is-kem"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_IS_KEM\s0\fR) " 4 -.el .IP "``tls-group-is-kem'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_IS_KEM\s0\fR) " 4 -.IX Item "tls-group-is-kem (OSSL_CAPABILITY_TLS_GROUP_IS_KEM) " -Boolean flag to describe if the group should be used in \fIkey exchange\fR (\s-1KEX\s0) -mode (0, default) or in \fIkey encapsulation method\fR (\s-1KEM\s0) mode (1). +.IP """tls\-group\-is\-kem"" (\fBOSSL_CAPABILITY_TLS_GROUP_IS_KEM\fR) " 4 +.IX Item """tls-group-is-kem"" (OSSL_CAPABILITY_TLS_GROUP_IS_KEM) " +Boolean flag to describe if the group should be used in \fIkey exchange\fR (KEX) +mode (0, default) or in \fIkey encapsulation method\fR (KEM) mode (1). .Sp -This parameter is optional: if not specified, \s-1KEX\s0 mode is assumed as the default +This parameter is optional: if not specified, KEX mode is assumed as the default mode for the group. .Sp -In \s-1KEX\s0 mode, in a typical Diffie-Hellman fashion, both sides execute \fIkeygen\fR -then \fIderive\fR against the peer public key. To operate in \s-1KEX\s0 mode, the group +In KEX mode, in a typical Diffie\-Hellman fashion, both sides execute \fIkeygen\fR +then \fIderive\fR against the peer public key. To operate in KEX mode, the group implementation must support the provider functions as described in \&\fBprovider\-keyexch\fR\|(7). .Sp -In \s-1KEM\s0 mode, the client executes \fIkeygen\fR and sends its public key, the server -executes \fIencapsulate\fR using the client's public key and sends back the +In KEM mode, the client executes \fIkeygen\fR and sends its public key, the server +executes \fIencapsulate\fR using the client\*(Aqs public key and sends back the resulting \fIciphertext\fR, finally the client executes \fIdecapsulate\fR to retrieve -the same \fIshared secret\fR generated by the server's \fIencapsulate\fR. To operate -in \s-1KEM\s0 mode, the group implementation must support the provider functions as +the same \fIshared secret\fR generated by the server\*(Aqs \fIencapsulate\fR. To operate +in KEM mode, the group implementation must support the provider functions as described in \fBprovider\-kem\fR\|(7). .Sp -Both in \s-1KEX\s0 and \s-1KEM\s0 mode, the resulting \fIshared secret\fR is then used according +Both in KEX and KEM mode, the resulting \fIshared secret\fR is then used according to the protocol specification. -.ie n .IP """tls-min-tls"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_MIN_TLS\s0\fR) " 4 -.el .IP "``tls-min-tls'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_MIN_TLS\s0\fR) " 4 -.IX Item "tls-min-tls (OSSL_CAPABILITY_TLS_GROUP_MIN_TLS) " +.IP """tls\-min\-tls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MIN_TLS\fR) " 4 +.IX Item """tls-min-tls"" (OSSL_CAPABILITY_TLS_GROUP_MIN_TLS) " .PD 0 -.ie n .IP """tls-max-tls"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_MAX_TLS\s0\fR) " 4 -.el .IP "``tls-max-tls'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_MAX_TLS\s0\fR) " 4 -.IX Item "tls-max-tls (OSSL_CAPABILITY_TLS_GROUP_MAX_TLS) " -.ie n .IP """tls-min-dtls"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS\s0\fR) " 4 -.el .IP "``tls-min-dtls'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS\s0\fR) " 4 -.IX Item "tls-min-dtls (OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS) " -.ie n .IP """tls-max-dtls"" (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS\s0\fR) " 4 -.el .IP "``tls-max-dtls'' (\fB\s-1OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS\s0\fR) " 4 -.IX Item "tls-max-dtls (OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS) " +.IP """tls\-max\-tls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MAX_TLS\fR) " 4 +.IX Item """tls-max-tls"" (OSSL_CAPABILITY_TLS_GROUP_MAX_TLS) " +.IP """tls\-min\-dtls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MIN_DTLS\fR) " 4 +.IX Item """tls-min-dtls"" (OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS) " +.IP """tls\-max\-dtls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MAX_DTLS\fR) " 4 +.IX Item """tls-max-dtls"" (OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS) " .PD -These parameters can be used to describe the minimum and maximum \s-1TLS\s0 and \s-1DTLS\s0 -versions supported by the group. The values equate to the on-the-wire encoding -of the various \s-1TLS\s0 versions. For example TLSv1.3 is 0x0304 (772 decimal), and +These parameters can be used to describe the minimum and maximum TLS and DTLS +versions supported by the group. The values equate to the on\-the\-wire encoding +of the various TLS versions. For example TLSv1.3 is 0x0304 (772 decimal), and TLSv1.2 is 0x0303 (771 decimal). A 0 indicates that there is no defined minimum or maximum. A \-1 indicates that the group should not be used in that protocol. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" This is an example of a simple provider made available as a dynamically loadable module. @@ -925,15 +830,15 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The concept of providers and everything surrounding them was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-cipher.7.orig +++ secure/lib/libcrypto/man/man7/provider-cipher.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-CIPHER 7ossl" -.TH PROVIDER-CIPHER 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-CIPHER 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-cipher \- The cipher library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -187,27 +112,27 @@ \& int OSSL_FUNC_cipher_get_ctx_params(void *cctx, OSSL_PARAM params[]); \& int OSSL_FUNC_cipher_set_ctx_params(void *cctx, const OSSL_PARAM params[]); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The \s-1CIPHER\s0 operation enables providers to implement cipher algorithms and make -them available to applications via the \s-1API\s0 functions \fBEVP_EncryptInit_ex\fR\|(3), +The CIPHER operation enables providers to implement cipher algorithms and make +them available to applications via the API functions \fBEVP_EncryptInit_ex\fR\|(3), \&\fBEVP_EncryptUpdate\fR\|(3) and \fBEVP_EncryptFinal\fR\|(3) (as well as the decrypt equivalents and other related functions). .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_cipher_newctx()\fR has these: +For example, the "function" \fBOSSL_FUNC_cipher_newctx()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_cipher_newctx_fn)(void *provctx); @@ -215,7 +140,7 @@ \& OSSL_FUNC_cipher_newctx(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 3 @@ -240,10 +165,10 @@ .PP A cipher algorithm implementation may not implement all of these functions. In order to be a consistent set of functions there must at least be a complete -set of \*(L"encrypt\*(R" functions, or a complete set of \*(L"decrypt\*(R" functions, or a -single \*(L"cipher\*(R" function. -In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be -present. +set of "encrypt" functions, or a complete set of "decrypt" functions, or a +single "cipher" function. +In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx +and OSSL_FUNC_cipher_freectx functions must be present. All other functions are optional. .SS "Context Management Functions" .IX Subsection "Context Management Functions" @@ -265,8 +190,8 @@ \&\fBOSSL_FUNC_cipher_encrypt_init()\fR initialises a cipher operation for encryption given a newly created provider side cipher context in the \fIcctx\fR parameter. The key to be used is given in \fIkey\fR which is \fIkeylen\fR bytes long. -The \s-1IV\s0 to be used is given in \fIiv\fR which is \fIivlen\fR bytes long. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The IV to be used is given in \fIiv\fR which is \fIivlen\fR bytes long. +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_cipher_set_ctx_params()\fR. .PP \&\fBOSSL_FUNC_cipher_decrypt_init()\fR is the same as \fBOSSL_FUNC_cipher_encrypt_init()\fR except that it @@ -285,9 +210,13 @@ that are not multiples of the block length. In such cases a cipher implementation will typically cache partial blocks of input data until a complete block is obtained. -\&\fIout\fR may be the same location as \fIin\fR but it should not partially overlap. -The same expectations apply to \fIoutsize\fR as documented for -\&\fBEVP_EncryptUpdate\fR\|(3) and \fBEVP_DecryptUpdate\fR\|(3). +The pointers \fIout\fR and \fIin\fR may point to the same location, in which +case the encryption must be done in\-place. If \fIout\fR and \fIin\fR point to different +locations, the requirements of \fBEVP_EncryptUpdate\fR\|(3) and \fBEVP_DecryptUpdate\fR\|(3) +guarantee that the two buffers are disjoint. +Similarly, the requirements of \fBEVP_EncryptUpdate\fR\|(3) and \fBEVP_DecryptUpdate\fR\|(3) +ensure that the buffer pointed to by \fIout\fR contains sufficient room for the +operation being performed. .PP \&\fBOSSL_FUNC_cipher_final()\fR completes an encryption or decryption started through previous \&\fBOSSL_FUNC_cipher_encrypt_init()\fR or \fBOSSL_FUNC_cipher_decrypt_init()\fR, and \fBOSSL_FUNC_cipher_update()\fR @@ -313,7 +242,7 @@ \&\fIoutsize\fR bytes. .SS "Cipher Parameters" .IX Subsection "Cipher Parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by these functions. .PP \&\fBOSSL_FUNC_cipher_get_params()\fR gets details of the algorithm implementation @@ -322,29 +251,29 @@ \&\fBOSSL_FUNC_cipher_set_ctx_params()\fR sets cipher operation parameters for the provider side cipher context \fIcctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_cipher_get_ctx_params()\fR gets cipher operation details details from the given provider side cipher context \fIcctx\fR and stores them in \fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_cipher_gettable_params()\fR, \fBOSSL_FUNC_cipher_gettable_ctx_params()\fR, -and \fBOSSL_FUNC_cipher_settable_ctx_params()\fR all return constant \s-1\fBOSSL_PARAM\s0\fR\|(3) +and \fBOSSL_FUNC_cipher_settable_ctx_params()\fR all return constant \fBOSSL_PARAM\fR\|(3) arrays as descriptors of the parameters that \fBOSSL_FUNC_cipher_get_params()\fR, \&\fBOSSL_FUNC_cipher_get_ctx_params()\fR, and \fBOSSL_FUNC_cipher_set_ctx_params()\fR can handle, respectively. \fBOSSL_FUNC_cipher_gettable_ctx_params()\fR and \&\fBOSSL_FUNC_cipher_settable_ctx_params()\fR will return the parameters associated with the provider side context \fIcctx\fR in its current state if it is -not \s-1NULL.\s0 Otherwise, they return the parameters associated with the +not NULL. Otherwise, they return the parameters associated with the provider side algorithm \fIprovctx\fR. .PP -Parameters currently recognised by built-in ciphers are listed in -\&\*(L"\s-1PARAMETERS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3). +Parameters currently recognised by built\-in ciphers are listed in +"PARAMETERS" in \fBEVP_EncryptInit\fR\|(3). Not all parameters are relevant to, or are understood by all ciphers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_cipher_newctx()\fR and \fBOSSL_FUNC_cipher_dupctx()\fR should return the newly created -provider side cipher context, or \s-1NULL\s0 on failure. +provider side cipher context, or NULL on failure. .PP \&\fBOSSL_FUNC_cipher_encrypt_init()\fR, \fBOSSL_FUNC_cipher_decrypt_init()\fR, \fBOSSL_FUNC_cipher_update()\fR, \&\fBOSSL_FUNC_cipher_final()\fR, \fBOSSL_FUNC_cipher_cipher()\fR, \fBOSSL_FUNC_cipher_get_params()\fR, @@ -352,26 +281,26 @@ success or 0 on error. .PP \&\fBOSSL_FUNC_cipher_gettable_params()\fR, \fBOSSL_FUNC_cipher_gettable_ctx_params()\fR and -\&\fBOSSL_FUNC_cipher_settable_ctx_params()\fR should return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) -array, or \s-1NULL\s0 if none is offered. +\&\fBOSSL_FUNC_cipher_settable_ctx_params()\fR should return a constant \fBOSSL_PARAM\fR\|(3) +array, or NULL if none is offered. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7), +\&\fBprovider\fR\|(7), \fBOSSL_PROVIDER\-FIPS\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7), \&\fBOSSL_PROVIDER\-legacy\fR\|(7), -\&\s-1\fBEVP_CIPHER\-AES\s0\fR\|(7), \s-1\fBEVP_CIPHER\-ARIA\s0\fR\|(7), \s-1\fBEVP_CIPHER\-BLOWFISH\s0\fR\|(7), -\&\s-1\fBEVP_CIPHER\-CAMELLIA\s0\fR\|(7), \s-1\fBEVP_CIPHER\-CAST\s0\fR\|(7), \s-1\fBEVP_CIPHER\-CHACHA\s0\fR\|(7), -\&\s-1\fBEVP_CIPHER\-DES\s0\fR\|(7), \s-1\fBEVP_CIPHER\-IDEA\s0\fR\|(7), \s-1\fBEVP_CIPHER\-RC2\s0\fR\|(7), -\&\s-1\fBEVP_CIPHER\-RC4\s0\fR\|(7), \s-1\fBEVP_CIPHER\-RC5\s0\fR\|(7), \s-1\fBEVP_CIPHER\-SEED\s0\fR\|(7), -\&\s-1\fBEVP_CIPHER\-SM4\s0\fR\|(7), \s-1\fBEVP_CIPHER\-NULL\s0\fR\|(7), +\&\fBEVP_CIPHER\-AES\fR\|(7), \fBEVP_CIPHER\-ARIA\fR\|(7), \fBEVP_CIPHER\-BLOWFISH\fR\|(7), +\&\fBEVP_CIPHER\-CAMELLIA\fR\|(7), \fBEVP_CIPHER\-CAST\fR\|(7), \fBEVP_CIPHER\-CHACHA\fR\|(7), +\&\fBEVP_CIPHER\-DES\fR\|(7), \fBEVP_CIPHER\-IDEA\fR\|(7), \fBEVP_CIPHER\-RC2\fR\|(7), +\&\fBEVP_CIPHER\-RC4\fR\|(7), \fBEVP_CIPHER\-RC5\fR\|(7), \fBEVP_CIPHER\-SEED\fR\|(7), +\&\fBEVP_CIPHER\-SM4\fR\|(7), \fBEVP_CIPHER\-NULL\fR\|(7), \&\fBlife_cycle\-cipher\fR\|(7), \fBEVP_EncryptInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The provider \s-1CIPHER\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider CIPHER interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-decoder.7.orig +++ secure/lib/libcrypto/man/man7/provider-decoder.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-DECODER 7ossl" -.TH PROVIDER-DECODER 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-DECODER 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-decoder \- The OSSL_DECODER library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -176,44 +101,44 @@ \& OSSL_CALLBACK *export_cb, \& void *export_cbarg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fIThe term \*(L"decode\*(R" is used throughout this manual. This includes but is +\&\fIThe term "decode" is used throughout this manual. This includes but is not limited to deserialization as individual decoders can also do decoding into intermediate data formats.\fR .PP -The \s-1DECODER\s0 operation is a generic method to create a provider-native +The DECODER operation is a generic method to create a provider\-native object reference or intermediate decoded data from an encoded form -read from the given \fB\s-1OSSL_CORE_BIO\s0\fR. If the caller wants to decode -data from memory, it should provide a \fBBIO_s_mem\fR\|(3) \fB\s-1BIO\s0\fR. The decoded +read from the given \fBOSSL_CORE_BIO\fR. If the caller wants to decode +data from memory, it should provide a \fBBIO_s_mem\fR\|(3) \fBBIO\fR. The decoded data or object reference is passed along with eventual metadata -to the \fImetadata_cb\fR as \s-1\fBOSSL_PARAM\s0\fR\|(3) parameters. +to the \fImetadata_cb\fR as \fBOSSL_PARAM\fR\|(3) parameters. .PP -The decoder doesn't need to know more about the \fB\s-1OSSL_CORE_BIO\s0\fR -pointer than being able to pass it to the appropriate \s-1BIO\s0 upcalls (see -\&\*(L"Core functions\*(R" in \fBprovider\-base\fR\|(7)). +The decoder doesn\*(Aqt need to know more about the \fBOSSL_CORE_BIO\fR +pointer than being able to pass it to the appropriate BIO upcalls (see +"Core functions" in \fBprovider\-base\fR\|(7)). .PP -The \s-1DECODER\s0 implementation may be part of a chain, where data is +The DECODER implementation may be part of a chain, where data is passed from one to the next. For example, there may be an -implementation to decode an object from \s-1PEM\s0 to \s-1DER,\s0 and another one -that decodes \s-1DER\s0 to a provider-native object. +implementation to decode an object from PEM to DER, and another one +that decodes DER to a provider\-native object. .PP The last decoding step in the decoding chain is usually supposed to create -a provider-native object referenced by an object reference. To import +a provider\-native object referenced by an object reference. To import that object into a different provider the \fBOSSL_FUNC_decoder_export_object()\fR can be called as the final step of the decoding process. .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_decoder_decode()\fR has these: +For example, the "function" \fBOSSL_FUNC_decoder_decode()\fR has these: .PP .Vb 7 \& typedef int @@ -225,7 +150,7 @@ \& OSSL_FUNC_decoder_decode(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 2 @@ -246,12 +171,14 @@ .SS "Names and properties" .IX Subsection "Names and properties" The name of an implementation should match the target type of object -it decodes. For example, an implementation that decodes an \s-1RSA\s0 key -should be named \*(L"\s-1RSA\*(R".\s0 Likewise, an implementation that decodes \s-1DER\s0 data -from \s-1PEM\s0 input should be named \*(L"\s-1DER\*(R".\s0 +it decodes. For example, an implementation that decodes an RSA key +should be named "RSA". Likewise, an implementation that decodes DER data +from PEM input should be named "DER". .PP -Properties can be used to further specify details about an implementation: -.IP "input" 4 +Properties, as defined in the \fBOSSL_ALGORITHM\fR\|(3) array element of each +decoder implementation, can be used to further specify details about an +implementation: +.IP input 4 .IX Item "input" This property is used to specify what format of input the implementation can decode. @@ -260,59 +187,56 @@ .Sp OpenSSL providers recognize the following input types: .RS 4 -.IP "pem" 4 +.IP pem 4 .IX Item "pem" -An implementation with that input type decodes \s-1PEM\s0 formatted data. -.IP "der" 4 +An implementation with that input type decodes PEM formatted data. +.IP der 4 .IX Item "der" -An implementation with that input type decodes \s-1DER\s0 formatted data. -.IP "msblob" 4 +An implementation with that input type decodes DER formatted data. +.IP msblob 4 .IX Item "msblob" -An implementation with that input type decodes \s-1MSBLOB\s0 formatted data. -.IP "pvk" 4 +An implementation with that input type decodes MSBLOB formatted data. +.IP pvk 4 .IX Item "pvk" -An implementation with that input type decodes \s-1PVK\s0 formatted data. +An implementation with that input type decodes PVK formatted data. .RE .RS 4 .RE -.IP "structure" 4 +.IP structure 4 .IX Item "structure" This property is used to specify the structure that the decoded data is expected to have. .Sp This property is \fIoptional\fR. .Sp -Structures currently recognised by built-in decoders: +Structures currently recognised by built\-in decoders: .RS 4 -.ie n .IP """type-specific""" 4 -.el .IP "``type-specific''" 4 -.IX Item "type-specific" +.IP """type\-specific""" 4 +.IX Item """type-specific""" Type specific structure. -.ie n .IP """pkcs8""" 4 -.el .IP "``pkcs8''" 4 -.IX Item "pkcs8" +.IP """pkcs8""" 4 +.IX Item """pkcs8""" Structure according to the PKCS#8 specification. -.ie n .IP """SubjectPublicKeyInfo""" 4 -.el .IP "``SubjectPublicKeyInfo''" 4 -.IX Item "SubjectPublicKeyInfo" -Encoding of public keys according to the Subject Public Key Info of \s-1RFC 5280.\s0 +.IP """SubjectPublicKeyInfo""" 4 +.IX Item """SubjectPublicKeyInfo""" +Encoding of public keys according to the Subject Public Key Info of RFC 5280. .RE .RS 4 .RE .PP The possible values of both these properties is open ended. A provider may -very well specify input types and structures that libcrypto doesn't know +very well specify input types and structures that libcrypto doesn\*(Aqt know anything about. .SS "Subset selections" .IX Subsection "Subset selections" Sometimes, an object has more than one subset of data that is interesting to -treat separately or together. It's possible to specify what subsets are to +treat separately or together. It\*(Aqs possible to specify what subsets are to be decoded, with a set of bits \fIselection\fR that are passed in an \fBint\fR. .PP -This set of bits depend entirely on what kind of provider-side object is +This set of bits depend entirely on what kind of provider\-side object is to be decoded. For example, those bits are assumed to be the same as those -used with \fBprovider\-keymgmt\fR\|(7) (see \*(L"Key Objects\*(R" in \fBprovider\-keymgmt\fR\|(7)) when -the object is an asymmetric keypair \- e.g., \fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR +used with \fBprovider\-keymgmt\fR\|(7) (see "Key Objects" in \fBprovider\-keymgmt\fR\|(7)) when +the object is an asymmetric keypair \- e.g., \fBOSSL_KEYMGMT_SELECT_PRIVATE_KEY\fR if the object to be decoded is supposed to contain private key components. .PP \&\fBOSSL_FUNC_decoder_does_selection()\fR should tell if a particular implementation @@ -328,51 +252,51 @@ \&\fBOSSL_FUNC_decoder_set_ctx_params()\fR sets context data according to parameters from \fIparams\fR that it recognises. Unrecognised parameters should be ignored. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP -\&\fBOSSL_FUNC_decoder_settable_ctx_params()\fR returns a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) +\&\fBOSSL_FUNC_decoder_settable_ctx_params()\fR returns a constant \fBOSSL_PARAM\fR\|(3) array describing the parameters that \fBOSSL_FUNC_decoder_set_ctx_params()\fR can handle. .PP -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by \&\fBOSSL_FUNC_decoder_set_ctx_params()\fR and \fBOSSL_FUNC_decoder_settable_ctx_params()\fR. .SS "Export function" .IX Subsection "Export function" -When a provider-native object is created by a decoder it would be unsuitable +When a provider\-native object is created by a decoder it would be unsuitable for direct use with a foreign provider. The export function allows for exporting the object into that foreign provider if the foreign provider supports the type of the object and provides an import function. .PP \&\fBOSSL_FUNC_decoder_export_object()\fR should export the object of size \fIobjref_sz\fR -referenced by \fIobjref\fR as an \s-1\fBOSSL_PARAM\s0\fR\|(3) array and pass that into the +referenced by \fIobjref\fR as an \fBOSSL_PARAM\fR\|(3) array and pass that into the \&\fIexport_cb\fR as well as the given \fIexport_cbarg\fR. .SS "Decoding functions" .IX Subsection "Decoding functions" \&\fBOSSL_FUNC_decoder_decode()\fR should decode the data as read from -the \fB\s-1OSSL_CORE_BIO\s0\fR \fIin\fR to produce decoded data or an object to be -passed as reference in an \s-1\fBOSSL_PARAM\s0\fR\|(3) array along with possible other -metadata that was decoded from the input. This \s-1\fBOSSL_PARAM\s0\fR\|(3) array is +the \fBOSSL_CORE_BIO\fR \fIin\fR to produce decoded data or an object to be +passed as reference in an \fBOSSL_PARAM\fR\|(3) array along with possible other +metadata that was decoded from the input. This \fBOSSL_PARAM\fR\|(3) array is then passed to the \fIdata_cb\fR callback. The \fIselection\fR bits, if relevant, should determine what the input data should contain. -The decoding functions also take an \s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3) function +The decoding functions also take an \fBOSSL_PASSPHRASE_CALLBACK\fR\|(3) function pointer along with a pointer to application data \fIcbarg\fR, which should be used when a pass phrase prompt is needed. .PP -It's important to understand that the return value from this function is +It\*(Aqs important to understand that the return value from this function is interpreted as follows: .IP "True (1)" 4 .IX Item "True (1)" -This means \*(L"carry on the decoding process\*(R", and is meaningful even though -this function couldn't decode the input into anything, because there may be +This means "carry on the decoding process", and is meaningful even though +this function couldn\*(Aqt decode the input into anything, because there may be another decoder implementation that can decode it into something. .Sp -The \fIdata_cb\fR callback should never be called when this function can't +The \fIdata_cb\fR callback should never be called when this function can\*(Aqt decode the input into anything. .IP "False (0)" 4 .IX Item "False (0)" -This means \*(L"stop the decoding process\*(R", and is meaningful when the input +This means "stop the decoding process", and is meaningful when the input could be decoded into some sort of object that this function understands, -but further treatment of that object results into errors that won't be +but further treatment of that object results into errors that won\*(Aqt be possible for some other decoder implementation to get a different result. .PP The conditions to stop the decoding process are at the discretion of the @@ -380,25 +304,24 @@ .SS "Decoder operation parameters" .IX Subsection "Decoder operation parameters" There are currently no operation parameters currently recognised by the -built-in decoders. +built\-in decoders. .PP -Parameters currently recognised by the built-in pass phrase callback: -.ie n .IP """info"" (\fB\s-1OSSL_PASSPHRASE_PARAM_INFO\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``info'' (\fB\s-1OSSL_PASSPHRASE_PARAM_INFO\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "info (OSSL_PASSPHRASE_PARAM_INFO) " +Parameters currently recognised by the built\-in pass phrase callback: +.IP """info"" (\fBOSSL_PASSPHRASE_PARAM_INFO\fR) " 4 +.IX Item """info"" (OSSL_PASSPHRASE_PARAM_INFO) " A string of information that will become part of the pass phrase prompt. This could be used to give the user information on what kind -of object it's being prompted for. +of object it\*(Aqs being prompted for. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_FUNC_decoder_newctx()\fR returns a pointer to a context, or \s-1NULL\s0 on +\&\fBOSSL_FUNC_decoder_newctx()\fR returns a pointer to a context, or NULL on failure. .PP \&\fBOSSL_FUNC_decoder_set_ctx_params()\fR returns 1, unless a recognised parameter was invalid or caused an error, for which 0 is returned. .PP \&\fBOSSL_FUNC_decoder_settable_ctx_params()\fR returns a pointer to an array of -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) elements. +constant \fBOSSL_PARAM\fR\|(3) elements. .PP \&\fBOSSL_FUNC_decoder_does_selection()\fR returns 1 if the decoder implementation supports any of the \fIselection\fR bits, otherwise 0. @@ -408,14 +331,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1DECODER\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The DECODER interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-digest.7.orig +++ secure/lib/libcrypto/man/man7/provider-digest.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-DIGEST 7ossl" -.TH PROVIDER-DIGEST 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-DIGEST 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-digest \- The digest library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -180,26 +105,26 @@ \& int OSSL_FUNC_digest_set_ctx_params(void *dctx, const OSSL_PARAM params[]); \& int OSSL_FUNC_digest_get_ctx_params(void *dctx, OSSL_PARAM params[]); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The \s-1DIGEST\s0 operation enables providers to implement digest algorithms and make -them available to applications via the \s-1API\s0 functions \fBEVP_DigestInit_ex\fR\|(3), +The DIGEST operation enables providers to implement digest algorithms and make +them available to applications via the API functions \fBEVP_DigestInit_ex\fR\|(3), \&\fBEVP_DigestUpdate\fR\|(3) and \fBEVP_DigestFinal\fR\|(3) (and other related functions). .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_digest_newctx()\fR has these: +For example, the "function" \fBOSSL_FUNC_digest_newctx()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_digest_newctx_fn)(void *provctx); @@ -207,7 +132,7 @@ \& OSSL_FUNC_digest_newctx(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 3 @@ -252,7 +177,7 @@ .IX Subsection "Digest Generation Functions" \&\fBOSSL_FUNC_digest_init()\fR initialises a digest operation given a newly created provider side digest context in the \fIdctx\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_digest_set_ctx_params()\fR. .PP \&\fBOSSL_FUNC_digest_update()\fR is called to supply data to be digested as part of a @@ -270,7 +195,7 @@ \&\fI*outl\fR. The digest should not exceed \fIoutsz\fR bytes. .PP -\&\fBOSSL_FUNC_digest_digest()\fR is a \*(L"oneshot\*(R" digest function. +\&\fBOSSL_FUNC_digest_digest()\fR is a "oneshot" digest function. No provider side digest context is used. Instead the provider context that was created during provider initialisation is passed in the \fIprovctx\fR parameter (see \fBprovider\fR\|(7)). @@ -279,7 +204,7 @@ exceed \fIoutsz\fR bytes. .SS "Digest Parameters" .IX Subsection "Digest Parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by these functions. .PP \&\fBOSSL_FUNC_digest_get_params()\fR gets details of the algorithm implementation @@ -288,69 +213,66 @@ \&\fBOSSL_FUNC_digest_set_ctx_params()\fR sets digest operation parameters for the provider side digest context \fIdctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_digest_get_ctx_params()\fR gets digest operation details details from the given provider side digest context \fIdctx\fR and stores them in \fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP -\&\fBOSSL_FUNC_digest_gettable_params()\fR returns a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array +\&\fBOSSL_FUNC_digest_gettable_params()\fR returns a constant \fBOSSL_PARAM\fR\|(3) array containing descriptors of the parameters that \fBOSSL_FUNC_digest_get_params()\fR can handle. .PP \&\fBOSSL_FUNC_digest_gettable_ctx_params()\fR and \&\fBOSSL_FUNC_digest_settable_ctx_params()\fR both return constant -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) arrays as descriptors of the parameters that +\&\fBOSSL_PARAM\fR\|(3) arrays as descriptors of the parameters that \&\fBOSSL_FUNC_digest_get_ctx_params()\fR and \fBOSSL_FUNC_digest_set_ctx_params()\fR can handle, respectively. The array is based on the current state of -the provider side context if \fIdctx\fR is not \s-1NULL\s0 and on the provider +the provider side context if \fIdctx\fR is not NULL and on the provider side algorithm \fIprovctx\fR otherwise. .PP -Parameters currently recognised by built-in digests with this function +Parameters currently recognised by built\-in digests with this function are as follows. Not all parameters are relevant to, or are understood by all digests: -.ie n .IP """blocksize"" (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) " 4 -.el .IP "``blocksize'' (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) " 4 -.IX Item "blocksize (OSSL_DIGEST_PARAM_BLOCK_SIZE) " +.IP """blocksize"" (\fBOSSL_DIGEST_PARAM_BLOCK_SIZE\fR) " 4 +.IX Item """blocksize"" (OSSL_DIGEST_PARAM_BLOCK_SIZE) " The digest block size. -The length of the \*(L"blocksize\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """size"" (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_DIGEST_PARAM_SIZE) " +The length of the "blocksize" parameter should not exceed that of a \fBsize_t\fR. +.IP """size"" (\fBOSSL_DIGEST_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_DIGEST_PARAM_SIZE) " The digest output size. -The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """flags"" (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) " 4 -.el .IP "``flags'' (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) " 4 -.IX Item "flags (OSSL_DIGEST_PARAM_FLAGS) " +The length of the "size" parameter should not exceed that of a \fBsize_t\fR. +.IP """flags"" (\fBOSSL_DIGEST_PARAM_FLAGS\fR) " 4 +.IX Item """flags"" (OSSL_DIGEST_PARAM_FLAGS) " Diverse flags that describe exceptional behaviour for the digest: .RS 4 -.IP "\fB\s-1EVP_MD_FLAG_ONESHOT\s0\fR" 4 +.IP \fBEVP_MD_FLAG_ONESHOT\fR 4 .IX Item "EVP_MD_FLAG_ONESHOT" This digest method can only handle one block of input. -.IP "\fB\s-1EVP_MD_FLAG_XOF\s0\fR" 4 +.IP \fBEVP_MD_FLAG_XOF\fR 4 .IX Item "EVP_MD_FLAG_XOF" -This digest method is an extensible-output function (\s-1XOF\s0) and supports -setting the \fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR parameter. -.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_NULL\s0\fR" 4 +This digest method is an extensible\-output function (XOF) and supports +setting the \fBOSSL_DIGEST_PARAM_XOFLEN\fR parameter. +.IP \fBEVP_MD_FLAG_DIGALGID_NULL\fR 4 .IX Item "EVP_MD_FLAG_DIGALGID_NULL" When setting up a DigestAlgorithmIdentifier, this flag will have the -parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if -combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT,\s0 the latter will override.\fR -.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR" 4 +parameter set to NULL by default. Use this for PKCS#1. \fINote: if +combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.\fR +.IP \fBEVP_MD_FLAG_DIGALGID_ABSENT\fR 4 .IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" When setting up a DigestAlgorithmIdentifier, this flag will have the parameter be left absent by default. \fINote: if combined with -\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR -.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0\fR" 4 +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.\fR +.IP \fBEVP_MD_FLAG_DIGALGID_CUSTOM\fR 4 .IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" Custom DigestAlgorithmIdentifier handling via ctrl, with -\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with -\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR +\&\fBEVP_MD_FLAG_DIGALGID_ABSENT\fR as default. \fINote: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.\fR Currently unused. .RE .RS 4 .Sp -The length of the \*(L"flags\*(R" parameter should equal that of an +The length of the "flags" parameter should equal that of an \&\fBunsigned long int\fR. .RE .SS "Digest Context Parameters" @@ -358,16 +280,16 @@ \&\fBOSSL_FUNC_digest_set_ctx_params()\fR sets digest parameters associated with the given provider side digest context \fIdctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure. .PP \&\fBOSSL_FUNC_digest_get_ctx_params()\fR gets details of currently set parameters values associated with the give provider side digest context \fIdctx\fR and stores them in \fIparams\fR. -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_digest_newctx()\fR and \fBOSSL_FUNC_digest_dupctx()\fR should return the newly created -provider side digest context, or \s-1NULL\s0 on failure. +provider side digest context, or NULL on failure. .PP \&\fBOSSL_FUNC_digest_init()\fR, \fBOSSL_FUNC_digest_update()\fR, \fBOSSL_FUNC_digest_final()\fR, \fBOSSL_FUNC_digest_digest()\fR, \&\fBOSSL_FUNC_digest_set_params()\fR and \fBOSSL_FUNC_digest_get_params()\fR should return 1 for success or @@ -377,30 +299,30 @@ .PP \&\fBOSSL_FUNC_digest_block_size()\fR should return the block size of the underlying digest algorithm. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The \fBEVP_Q_digest()\fR, \fBEVP_Digest()\fR and \fBEVP_DigestFinal_ex()\fR \s-1API\s0 calls do not -expect the digest size to be larger than \s-1EVP_MAX_MD_SIZE.\s0 Any algorithm which -produces larger digests is unusable with those \s-1API\s0 calls. +The \fBEVP_Q_digest()\fR, \fBEVP_Digest()\fR and \fBEVP_DigestFinal_ex()\fR API calls do not +expect the digest size to be larger than EVP_MAX_MD_SIZE. Any algorithm which +produces larger digests is unusable with those API calls. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7), +\&\fBprovider\fR\|(7), \fBOSSL_PROVIDER\-FIPS\fR\|(7), \fBOSSL_PROVIDER\-default\fR\|(7), \&\fBOSSL_PROVIDER\-legacy\fR\|(7), -\&\fBEVP_MD\-common\fR\|(7), \s-1\fBEVP_MD\-BLAKE2\s0\fR\|(7), \s-1\fBEVP_MD\-MD2\s0\fR\|(7), -\&\s-1\fBEVP_MD\-MD4\s0\fR\|(7), \s-1\fBEVP_MD\-MD5\s0\fR\|(7), \s-1\fBEVP_MD\-MD5\-SHA1\s0\fR\|(7), -\&\s-1\fBEVP_MD\-MDC2\s0\fR\|(7), \s-1\fBEVP_MD\-RIPEMD160\s0\fR\|(7), \s-1\fBEVP_MD\-SHA1\s0\fR\|(7), -\&\s-1\fBEVP_MD\-SHA2\s0\fR\|(7), \s-1\fBEVP_MD\-SHA3\s0\fR\|(7), \s-1\fBEVP_MD\-SHAKE\s0\fR\|(7), -\&\s-1\fBEVP_MD\-SM3\s0\fR\|(7), \s-1\fBEVP_MD\-WHIRLPOOL\s0\fR\|(7), -\&\s-1\fBEVP_MD\-NULL\s0\fR\|(7), +\&\fBEVP_MD\-common\fR\|(7), \fBEVP_MD\-BLAKE2\fR\|(7), \fBEVP_MD\-MD2\fR\|(7), +\&\fBEVP_MD\-MD4\fR\|(7), \fBEVP_MD\-MD5\fR\|(7), \fBEVP_MD\-MD5\-SHA1\fR\|(7), +\&\fBEVP_MD\-MDC2\fR\|(7), \fBEVP_MD\-RIPEMD160\fR\|(7), \fBEVP_MD\-SHA1\fR\|(7), +\&\fBEVP_MD\-SHA2\fR\|(7), \fBEVP_MD\-SHA3\fR\|(7), \fBEVP_MD\-SHAKE\fR\|(7), +\&\fBEVP_MD\-SM3\fR\|(7), \fBEVP_MD\-WHIRLPOOL\fR\|(7), +\&\fBEVP_MD\-NULL\fR\|(7), \&\fBlife_cycle\-digest\fR\|(7), \fBEVP_DigestInit\fR\|(3) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The provider \s-1DIGEST\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider DIGEST interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-encoder.7.orig +++ secure/lib/libcrypto/man/man7/provider-encoder.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-ENCODER 7ossl" -.TH PROVIDER-ENCODER 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-ENCODER 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-encoder \- The OSSL_ENCODER library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -177,48 +102,48 @@ \& const OSSL_PARAM params[]); \& void OSSL_FUNC_encoder_free_object(void *obj); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -\&\fIWe use the wide term \*(L"encode\*(R" in this manual. This includes but is +\&\fIWe use the wide term "encode" in this manual. This includes but is not limited to serialization.\fR .PP -The \s-1ENCODER\s0 operation is a generic method to encode a provider-native +The ENCODER operation is a generic method to encode a provider\-native object (\fIobj_raw\fR) or an object abstraction (\fIobject_abstract\fR, see \&\fBprovider\-object\fR\|(7)) into an encoded form, and write the result to -the given \s-1OSSL_CORE_BIO.\s0 If the caller wants to get the encoded -stream to memory, it should provide a \fBBIO_s_mem\fR\|(3) \fB\s-1BIO\s0\fR. +the given OSSL_CORE_BIO. If the caller wants to get the encoded +stream to memory, it should provide a \fBBIO_s_mem\fR\|(3) \fBBIO\fR. .PP -The encoder doesn't need to know more about the \fB\s-1OSSL_CORE_BIO\s0\fR -pointer than being able to pass it to the appropriate \s-1BIO\s0 upcalls (see -\&\*(L"Core functions\*(R" in \fBprovider\-base\fR\|(7)). +The encoder doesn\*(Aqt need to know more about the \fBOSSL_CORE_BIO\fR +pointer than being able to pass it to the appropriate BIO upcalls (see +"Core functions" in \fBprovider\-base\fR\|(7)). .PP -The \s-1ENCODER\s0 implementation may be part of a chain, where data is +The ENCODER implementation may be part of a chain, where data is passed from one to the next. For example, there may be an -implementation to encode an object to \s-1DER\s0 (that object is assumed to -be provider-native and thereby passed via \fIobj_raw\fR), and another one -that encodes \s-1DER\s0 to \s-1PEM\s0 (that one would receive the \s-1DER\s0 encoding via +implementation to encode an object to DER (that object is assumed to +be provider\-native and thereby passed via \fIobj_raw\fR), and another one +that encodes DER to PEM (that one would receive the DER encoding via \&\fIobj_abstract\fR). .PP -The encoding using the \s-1\fBOSSL_PARAM\s0\fR\|(3) array form allows a -encoder to be used for data that's been exported from another +The encoding using the \fBOSSL_PARAM\fR\|(3) array form allows a +encoder to be used for data that\*(Aqs been exported from another provider, and thereby allow them to exist independently of each other. .PP The encoding using a provider side object can only be safely used with provider data coming from the same provider, for example keys -with the \s-1KEYMGMT\s0 provider. +with the KEYMGMT provider. .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_encoder_encode()\fR has these: +For example, the "function" \fBOSSL_FUNC_encoder_encode()\fR has these: .PP .Vb 8 \& typedef int @@ -231,7 +156,7 @@ \& OSSL_FUNC_encoder_encode(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 2 @@ -253,11 +178,13 @@ .SS "Names and properties" .IX Subsection "Names and properties" The name of an implementation should match the type of object it handles. -For example, an implementation that encodes an \s-1RSA\s0 key should be named \*(L"\s-1RSA\*(R".\s0 -Likewise, an implementation that further encodes \s-1DER\s0 should be named \*(L"\s-1DER\*(R".\s0 +For example, an implementation that encodes an RSA key should be named "RSA". +Likewise, an implementation that further encodes DER should be named "DER". .PP -Properties can be used to further specify details about an implementation: -.IP "output" 4 +Properties, as defined in the \fBOSSL_ALGORITHM\fR\|(3) array element of each +decoder implementation, can be used to further specify details about an +implementation: +.IP output 4 .IX Item "output" This property is used to specify what type of output the implementation produces. @@ -266,27 +193,27 @@ .Sp OpenSSL providers recognize the following output types: .RS 4 -.IP "text" 4 +.IP text 4 .IX Item "text" An implementation with that output type outputs human readable text, making that implementation suitable for \f(CW\*(C`\-text\*(C'\fR output in diverse \fBopenssl\fR\|(1) commands. -.IP "pem" 4 +.IP pem 4 .IX Item "pem" -An implementation with that output type outputs \s-1PEM\s0 formatted data. -.IP "der" 4 +An implementation with that output type outputs PEM formatted data. +.IP der 4 .IX Item "der" -An implementation with that output type outputs \s-1DER\s0 formatted data. -.IP "msblob" 4 +An implementation with that output type outputs DER formatted data. +.IP msblob 4 .IX Item "msblob" -An implementation with that output type outputs \s-1MSBLOB\s0 formatted data. -.IP "pvk" 4 +An implementation with that output type outputs MSBLOB formatted data. +.IP pvk 4 .IX Item "pvk" -An implementation with that output type outputs \s-1PVK\s0 formatted data. +An implementation with that output type outputs PVK formatted data. .RE .RS 4 .RE -.IP "structure" 4 +.IP structure 4 .IX Item "structure" This property is used to specify the structure that is used for the encoded object. An example could be \f(CW\*(C`pkcs8\*(C'\fR, to specify explicitly that an object @@ -296,22 +223,22 @@ This property is \fIoptional\fR. .PP The possible values of both these properties is open ended. A provider may -very well specify output types and structures that libcrypto doesn't know +very well specify output types and structures that libcrypto doesn\*(Aqt know anything about. .SS "Subset selections" .IX Subsection "Subset selections" Sometimes, an object has more than one subset of data that is interesting to -treat separately or together. It's possible to specify what subsets are to +treat separately or together. It\*(Aqs possible to specify what subsets are to be encoded, with a set of bits \fIselection\fR that are passed in an \fBint\fR. .PP -This set of bits depend entirely on what kind of provider-side object is +This set of bits depend entirely on what kind of provider\-side object is passed. For example, those bits are assumed to be the same as those used -with \fBprovider\-keymgmt\fR\|(7) (see \*(L"Key Objects\*(R" in \fBprovider\-keymgmt\fR\|(7)) when +with \fBprovider\-keymgmt\fR\|(7) (see "Key Objects" in \fBprovider\-keymgmt\fR\|(7)) when the object is an asymmetric keypair. .PP -\&\s-1ENCODER\s0 implementations are free to regard the \fIselection\fR as a set of +ENCODER implementations are free to regard the \fIselection\fR as a set of hints, but must do so with care. In the end, the output must make sense, -and if there's a corresponding decoder, the resulting decoded object must +and if there\*(Aqs a corresponding decoder, the resulting decoded object must match the original object that was encoded. .PP \&\fBOSSL_FUNC_encoder_does_selection()\fR should tell if a particular implementation @@ -327,45 +254,44 @@ \&\fBOSSL_FUNC_encoder_set_ctx_params()\fR sets context data according to parameters from \fIparams\fR that it recognises. Unrecognised parameters should be ignored. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP -\&\fBOSSL_FUNC_encoder_settable_ctx_params()\fR returns a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) +\&\fBOSSL_FUNC_encoder_settable_ctx_params()\fR returns a constant \fBOSSL_PARAM\fR\|(3) array describing the parameters that \fBOSSL_FUNC_encoder_set_ctx_params()\fR can handle. .PP -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by \&\fBOSSL_FUNC_encoder_set_ctx_params()\fR and \fBOSSL_FUNC_encoder_settable_ctx_params()\fR. .SS "Import functions" .IX Subsection "Import functions" -A provider-native object may be associated with a foreign provider, and may -therefore be unsuitable for direct use with a given \s-1ENCODER\s0 implementation. -Provided that the foreign provider's implementation to handle the object has -a function to export that object in \s-1\fBOSSL_PARAM\s0\fR\|(3) array form, the \s-1ENCODER\s0 +A provider\-native object may be associated with a foreign provider, and may +therefore be unsuitable for direct use with a given ENCODER implementation. +Provided that the foreign provider\*(Aqs implementation to handle the object has +a function to export that object in \fBOSSL_PARAM\fR\|(3) array form, the ENCODER implementation should be able to import that array and create a suitable -object to be passed to \fBOSSL_FUNC_encoder_encode()\fR's \fIobj_raw\fR. +object to be passed to \fBOSSL_FUNC_encoder_encode()\fR\*(Aqs \fIobj_raw\fR. .PP \&\fBOSSL_FUNC_encoder_import_object()\fR should import the subset of \fIparams\fR -given with \fIselection\fR to create a provider-native object that can be +given with \fIselection\fR to create a provider\-native object that can be passed as \fIobj_raw\fR to \fBOSSL_FUNC_encoder_encode()\fR. .PP \&\fBOSSL_FUNC_encoder_free_object()\fR should free the object that was created with \&\fBOSSL_FUNC_encoder_import_object()\fR. .SS "Encoding functions" .IX Subsection "Encoding functions" -\&\fBOSSL_FUNC_encoder_encode()\fR should take a provider-native object (in +\&\fBOSSL_FUNC_encoder_encode()\fR should take a provider\-native object (in \&\fIobj_raw\fR) or an object abstraction (in \fIobj_abstract\fR), and should output -the object in encoded form to the \fB\s-1OSSL_CORE_BIO\s0\fR. The \fIselection\fR bits, +the object in encoded form to the \fBOSSL_CORE_BIO\fR. The \fIselection\fR bits, if relevant, should determine in greater detail what will be output. -The encoding functions also take an \s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3) function +The encoding functions also take an \fBOSSL_PASSPHRASE_CALLBACK\fR\|(3) function pointer along with a pointer to application data \fIcbarg\fR, which should be used when a pass phrase prompt is needed. .SS "Encoder operation parameters" .IX Subsection "Encoder operation parameters" -Operation parameters currently recognised by built-in encoders are as +Operation parameters currently recognised by built\-in encoders are as follows: -.ie n .IP """cipher"" (\fB\s-1OSSL_ENCODER_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_ENCODER_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_ENCODER_PARAM_CIPHER) " +.IP """cipher"" (\fBOSSL_ENCODER_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_ENCODER_PARAM_CIPHER) " The name of the encryption cipher to be used when generating encrypted encoding. This is used when encoding private keys, as well as other objects that need protection. @@ -374,41 +300,38 @@ implementation should refuse to perform the encoding, i.e. \&\fBOSSL_FUNC_encoder_encode_data()\fR and \fBOSSL_FUNC_encoder_encode_object()\fR should return an error. -.ie n .IP """properties"" (\fB\s-1OSSL_ENCODER_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_ENCODER_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_ENCODER_PARAM_PROPERTIES) " +.IP """properties"" (\fBOSSL_ENCODER_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_ENCODER_PARAM_PROPERTIES) " The properties to be queried when trying to fetch the algorithm given -with the \*(L"cipher\*(R" parameter. -This must be given together with the \*(L"cipher\*(R" parameter to be +with the "cipher" parameter. +This must be given together with the "cipher" parameter to be considered valid. .Sp -The encoding implementation isn't obligated to use this value. +The encoding implementation isn\*(Aqt obligated to use this value. However, it is recommended that implementations that do not handle property strings return an error on receiving this parameter unless -its value \s-1NULL\s0 or the empty string. -.ie n .IP """save-parameters"" (\fB\s-1OSSL_ENCODER_PARAM_SAVE_PARAMETERS\s0\fR) " 4 -.el .IP "``save-parameters'' (\fB\s-1OSSL_ENCODER_PARAM_SAVE_PARAMETERS\s0\fR) " 4 -.IX Item "save-parameters (OSSL_ENCODER_PARAM_SAVE_PARAMETERS) " +its value NULL or the empty string. +.IP """save\-parameters"" (\fBOSSL_ENCODER_PARAM_SAVE_PARAMETERS\fR) " 4 +.IX Item """save-parameters"" (OSSL_ENCODER_PARAM_SAVE_PARAMETERS) " If set to 0 disables saving of key domain parameters. Default is 1. -It currently has an effect only on \s-1DSA\s0 keys. +It currently has an effect only on DSA keys. .PP -Parameters currently recognised by the built-in pass phrase callback: -.ie n .IP """info"" (\fB\s-1OSSL_PASSPHRASE_PARAM_INFO\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``info'' (\fB\s-1OSSL_PASSPHRASE_PARAM_INFO\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "info (OSSL_PASSPHRASE_PARAM_INFO) " +Parameters currently recognised by the built\-in pass phrase callback: +.IP """info"" (\fBOSSL_PASSPHRASE_PARAM_INFO\fR) " 4 +.IX Item """info"" (OSSL_PASSPHRASE_PARAM_INFO) " A string of information that will become part of the pass phrase prompt. This could be used to give the user information on what kind -of object it's being prompted for. +of object it\*(Aqs being prompted for. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOSSL_FUNC_encoder_newctx()\fR returns a pointer to a context, or \s-1NULL\s0 on +\&\fBOSSL_FUNC_encoder_newctx()\fR returns a pointer to a context, or NULL on failure. .PP \&\fBOSSL_FUNC_encoder_set_ctx_params()\fR returns 1, unless a recognised parameter was invalid or caused an error, for which 0 is returned. .PP \&\fBOSSL_FUNC_encoder_settable_ctx_params()\fR returns a pointer to an array of -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) elements. +constant \fBOSSL_PARAM\fR\|(3) elements. .PP \&\fBOSSL_FUNC_encoder_does_selection()\fR returns 1 if the encoder implementation supports any of the \fIselection\fR bits, otherwise 0. @@ -417,14 +340,14 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1ENCODER\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The ENCODER interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-kdf.7.orig +++ secure/lib/libcrypto/man/man7/provider-kdf.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-KDF 7ossl" -.TH PROVIDER-KDF 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-KDF 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-kdf \- The KDF library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -172,26 +97,26 @@ \& int OSSL_FUNC_kdf_get_ctx_params(void *kctx, OSSL_PARAM params[]); \& int OSSL_FUNC_kdf_set_ctx_params(void *kctx, const OSSL_PARAM params[]); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The \s-1KDF\s0 operation enables providers to implement \s-1KDF\s0 algorithms and make -them available to applications via the \s-1API\s0 functions \fBEVP_KDF_CTX_reset\fR\|(3), +The KDF operation enables providers to implement KDF algorithms and make +them available to applications via the API functions \fBEVP_KDF_CTX_reset\fR\|(3), and \fBEVP_KDF_derive\fR\|(3). .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_kdf_newctx()\fR has these: +For example, the "function" \fBOSSL_FUNC_kdf_newctx()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_kdf_newctx_fn)(void *provctx); @@ -199,7 +124,7 @@ \& OSSL_FUNC_kdf_newctx(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) array entries are identified by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) array entries are identified by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 3 @@ -219,7 +144,7 @@ \& OSSL_FUNC_kdf_settable_ctx_params OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS .Ve .PP -A \s-1KDF\s0 algorithm implementation may not implement all of these functions. +A KDF algorithm implementation may not implement all of these functions. In order to be a consistent set of functions, at least the following functions must be implemented: \fBOSSL_FUNC_kdf_newctx()\fR, \fBOSSL_FUNC_kdf_freectx()\fR, \&\fBOSSL_FUNC_kdf_set_ctx_params()\fR, \fBOSSL_FUNC_kdf_derive()\fR. @@ -227,115 +152,103 @@ .SS "Context Management Functions" .IX Subsection "Context Management Functions" \&\fBOSSL_FUNC_kdf_newctx()\fR should create and return a pointer to a provider side -structure for holding context information during a \s-1KDF\s0 operation. -A pointer to this context will be passed back in a number of the other \s-1KDF\s0 +structure for holding context information during a KDF operation. +A pointer to this context will be passed back in a number of the other KDF operation function calls. The parameter \fIprovctx\fR is the provider context generated during provider initialisation (see \fBprovider\fR\|(7)). .PP -\&\fBOSSL_FUNC_kdf_freectx()\fR is passed a pointer to the provider side \s-1KDF\s0 context in +\&\fBOSSL_FUNC_kdf_freectx()\fR is passed a pointer to the provider side KDF context in the \fIkctx\fR parameter. -If it receives \s-1NULL\s0 as \fIkctx\fR value, it should not do anything other than +If it receives NULL as \fIkctx\fR value, it should not do anything other than return. This function should free any resources associated with that context. .PP -\&\fBOSSL_FUNC_kdf_dupctx()\fR should duplicate the provider side \s-1KDF\s0 context in the +\&\fBOSSL_FUNC_kdf_dupctx()\fR should duplicate the provider side KDF context in the \&\fIkctx\fR parameter and return the duplicate copy. .SS "Encryption/Decryption Functions" .IX Subsection "Encryption/Decryption Functions" -\&\fBOSSL_FUNC_kdf_reset()\fR initialises a \s-1KDF\s0 operation given a provider -side \s-1KDF\s0 context in the \fIkctx\fR parameter. +\&\fBOSSL_FUNC_kdf_reset()\fR initialises a KDF operation given a provider +side KDF context in the \fIkctx\fR parameter. .PP -\&\fBOSSL_FUNC_kdf_derive()\fR performs the \s-1KDF\s0 operation after processing the +\&\fBOSSL_FUNC_kdf_derive()\fR performs the KDF operation after processing the \&\fIparams\fR as per \fBOSSL_FUNC_kdf_set_ctx_params()\fR. The \fIkctx\fR parameter contains a pointer to the provider side context. The resulting key of the desired \fIkeylen\fR should be written to \fIkey\fR. If the algorithm does not support the requested \fIkeylen\fR the function must return error. -.SS "\s-1KDF\s0 Parameters" +.SS "KDF Parameters" .IX Subsection "KDF Parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by these functions. .PP \&\fBOSSL_FUNC_kdf_get_params()\fR gets details of parameter values associated with the provider algorithm and stores them in \fIparams\fR. .PP -\&\fBOSSL_FUNC_kdf_set_ctx_params()\fR sets \s-1KDF\s0 parameters associated with the given -provider side \s-1KDF\s0 context \fIkctx\fR to \fIparams\fR. +\&\fBOSSL_FUNC_kdf_set_ctx_params()\fR sets KDF parameters associated with the given +provider side KDF context \fIkctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_kdf_get_ctx_params()\fR retrieves gettable parameter values associated -with the given provider side \s-1KDF\s0 context \fIkctx\fR and stores them in \fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +with the given provider side KDF context \fIkctx\fR and stores them in \fIparams\fR. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_kdf_gettable_params()\fR, \fBOSSL_FUNC_kdf_gettable_ctx_params()\fR, -and \fBOSSL_FUNC_kdf_settable_ctx_params()\fR all return constant \s-1\fBOSSL_PARAM\s0\fR\|(3) +and \fBOSSL_FUNC_kdf_settable_ctx_params()\fR all return constant \fBOSSL_PARAM\fR\|(3) arrays as descriptors of the parameters that \fBOSSL_FUNC_kdf_get_params()\fR, \&\fBOSSL_FUNC_kdf_get_ctx_params()\fR, and \fBOSSL_FUNC_kdf_set_ctx_params()\fR can handle, respectively. \fBOSSL_FUNC_kdf_gettable_ctx_params()\fR and \&\fBOSSL_FUNC_kdf_settable_ctx_params()\fR will return the parameters associated with the provider side context \fIkctx\fR in its current state if it is -not \s-1NULL.\s0 Otherwise, they return the parameters associated with the +not NULL. Otherwise, they return the parameters associated with the provider side algorithm \fIprovctx\fR. .PP -Parameters currently recognised by built-in KDFs are as follows. Not all +Parameters currently recognised by built\-in KDFs are as follows. Not all parameters are relevant to, or are understood by all KDFs: -.ie n .IP """size"" (\fB\s-1OSSL_KDF_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_KDF_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_KDF_PARAM_SIZE) " -Gets the output size from the associated \s-1KDF\s0 ctx. -If the algorithm produces a variable amount of output, \s-1SIZE_MAX\s0 should be +.IP """size"" (\fBOSSL_KDF_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_KDF_PARAM_SIZE) " +Gets the output size from the associated KDF ctx. +If the algorithm produces a variable amount of output, SIZE_MAX should be returned. If the input parameters required to calculate the fixed output size have not yet been supplied, 0 should be returned indicating an error. -.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_KDF_PARAM_KEY) " -Sets the key in the associated \s-1KDF\s0 ctx. -.ie n .IP """secret"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 -.el .IP "``secret'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 -.IX Item "secret (OSSL_KDF_PARAM_SECRET) " -Sets the secret in the associated \s-1KDF\s0 ctx. -.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 -.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " -Sets the password in the associated \s-1KDF\s0 ctx. -.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) " +.IP """key"" (\fBOSSL_KDF_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_KDF_PARAM_KEY) " +Sets the key in the associated KDF ctx. +.IP """secret"" (\fBOSSL_KDF_PARAM_SECRET\fR) " 4 +.IX Item """secret"" (OSSL_KDF_PARAM_SECRET) " +Sets the secret in the associated KDF ctx. +.IP """pass"" (\fBOSSL_KDF_PARAM_PASSWORD\fR) " 4 +.IX Item """pass"" (OSSL_KDF_PARAM_PASSWORD) " +Sets the password in the associated KDF ctx. +.IP """cipher"" (\fBOSSL_KDF_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_KDF_PARAM_CIPHER) " .PD 0 -.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " -.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mac (OSSL_KDF_PARAM_MAC) " +.IP """digest"" (\fBOSSL_KDF_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_KDF_PARAM_DIGEST) " +.IP """mac"" (\fBOSSL_KDF_PARAM_MAC\fR) " 4 +.IX Item """mac"" (OSSL_KDF_PARAM_MAC) " .PD -Sets the name of the underlying cipher, digest or \s-1MAC\s0 to be used. -It must name a suitable algorithm for the \s-1KDF\s0 that's being used. -.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 -.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 -.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) " -Sets the length of the \s-1MAC\s0 in the associated \s-1KDF\s0 ctx. -.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +Sets the name of the underlying cipher, digest or MAC to be used. +It must name a suitable algorithm for the KDF that\*(Aqs being used. +.IP """maclen"" (\fBOSSL_KDF_PARAM_MAC_SIZE\fR) " 4 +.IX Item """maclen"" (OSSL_KDF_PARAM_MAC_SIZE) " +Sets the length of the MAC in the associated KDF ctx. +.IP """properties"" (\fBOSSL_KDF_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_KDF_PARAM_PROPERTIES) " Sets the properties to be queried when trying to fetch the underlying algorithm. This must be given together with the algorithm naming parameter to be considered valid. -.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 -.IX Item "iter (OSSL_KDF_PARAM_ITER) " -Sets the number of iterations in the associated \s-1KDF\s0 ctx. -.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mode (OSSL_KDF_PARAM_MODE) " -Sets the mode in the associated \s-1KDF\s0 ctx. -.ie n .IP """pkcs5"" (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) " 4 -.el .IP "``pkcs5'' (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) " 4 -.IX Item "pkcs5 (OSSL_KDF_PARAM_PKCS5) " -Enables or disables the \s-1SP800\-132\s0 compliance checks. +.IP """iter"" (\fBOSSL_KDF_PARAM_ITER\fR) " 4 +.IX Item """iter"" (OSSL_KDF_PARAM_ITER) " +Sets the number of iterations in the associated KDF ctx. +.IP """mode"" (\fBOSSL_KDF_PARAM_MODE\fR) " 4 +.IX Item """mode"" (OSSL_KDF_PARAM_MODE) " +Sets the mode in the associated KDF ctx. +.IP """pkcs5"" (\fBOSSL_KDF_PARAM_PKCS5\fR) " 4 +.IX Item """pkcs5"" (OSSL_KDF_PARAM_PKCS5) " +Enables or disables the SP800\-132 compliance checks. A mode of 0 enables the compliance checks. .Sp The checks performed are: @@ -347,136 +260,120 @@ .IX Item "- the salt length is at least 128 bits." .IP "\- the derived key length is at least 112 bits." 4 .IX Item "- the derived key length is at least 112 bits." +.PD .RE .RS 4 .RE -.ie n .IP """ukm"" (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) " 4 -.el .IP "``ukm'' (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) " 4 -.IX Item "ukm (OSSL_KDF_PARAM_UKM) " -.PD +.IP """ukm"" (\fBOSSL_KDF_PARAM_UKM\fR) " 4 +.IX Item """ukm"" (OSSL_KDF_PARAM_UKM) " Sets an optional random string that is provided by the sender called -\&\*(L"partyAInfo\*(R". In \s-1CMS\s0 this is the user keying material. -.ie n .IP """cekalg"" (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cekalg'' (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cekalg (OSSL_KDF_PARAM_CEK_ALG) " -Sets the \s-1CEK\s0 wrapping algorithm name in the associated \s-1KDF\s0 ctx. -.ie n .IP """n"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) " 4 -.el .IP "``n'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) " 4 -.IX Item "n (OSSL_KDF_PARAM_SCRYPT_N) " -Sets the scrypt work factor parameter N in the associated \s-1KDF\s0 ctx. -.ie n .IP """r"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) " 4 -.el .IP "``r'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) " 4 -.IX Item "r (OSSL_KDF_PARAM_SCRYPT_R) " -Sets the scrypt work factor parameter r in the associated \s-1KDF\s0 ctx. -.ie n .IP """p"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) " 4 -.el .IP "``p'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) " 4 -.IX Item "p (OSSL_KDF_PARAM_SCRYPT_P) " -Sets the scrypt work factor parameter p in the associated \s-1KDF\s0 ctx. -.ie n .IP """maxmem_bytes"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 -.el .IP "``maxmem_bytes'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 -.IX Item "maxmem_bytes (OSSL_KDF_PARAM_SCRYPT_MAXMEM) " -Sets the scrypt work factor parameter maxmem in the associated \s-1KDF\s0 ctx. -.ie n .IP """prefix"" (\fB\s-1OSSL_KDF_PARAM_PREFIX\s0\fR) " 4 -.el .IP "``prefix'' (\fB\s-1OSSL_KDF_PARAM_PREFIX\s0\fR) " 4 -.IX Item "prefix (OSSL_KDF_PARAM_PREFIX) " -Sets the prefix string using by the \s-1TLS 1.3\s0 version of \s-1HKDF\s0 in the -associated \s-1KDF\s0 ctx. -.ie n .IP """label"" (\fB\s-1OSSL_KDF_PARAM_LABEL\s0\fR) " 4 -.el .IP "``label'' (\fB\s-1OSSL_KDF_PARAM_LABEL\s0\fR) " 4 -.IX Item "label (OSSL_KDF_PARAM_LABEL) " -Sets the label string using by the \s-1TLS 1.3\s0 version of \s-1HKDF\s0 in the -associated \s-1KDF\s0 ctx. -.ie n .IP """data"" (\fB\s-1OSSL_KDF_PARAM_DATA\s0\fR) " 4 -.el .IP "``data'' (\fB\s-1OSSL_KDF_PARAM_DATA\s0\fR) " 4 -.IX Item "data (OSSL_KDF_PARAM_DATA) " -Sets the context string using by the \s-1TLS 1.3\s0 version of \s-1HKDF\s0 in the -associated \s-1KDF\s0 ctx. -.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 -.IX Item "info (OSSL_KDF_PARAM_INFO) " -Sets the optional shared info in the associated \s-1KDF\s0 ctx. -.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 -.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 -.IX Item "seed (OSSL_KDF_PARAM_SEED) " -Sets the \s-1IV\s0 in the associated \s-1KDF\s0 ctx. -.ie n .IP """xcghash"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) " 4 -.el .IP "``xcghash'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) " 4 -.IX Item "xcghash (OSSL_KDF_PARAM_SSHKDF_XCGHASH) " -Sets the xcghash in the associated \s-1KDF\s0 ctx. -.ie n .IP """session_id"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) " 4 -.el .IP "``session_id'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) " 4 -.IX Item "session_id (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) " -Sets the session \s-1ID\s0 in the associated \s-1KDF\s0 ctx. -.ie n .IP """type"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``type'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "type (OSSL_KDF_PARAM_SSHKDF_TYPE) " -Sets the \s-1SSH KDF\s0 type parameter in the associated \s-1KDF\s0 ctx. +"partyAInfo". In CMS this is the user keying material. +.IP """cekalg"" (\fBOSSL_KDF_PARAM_CEK_ALG\fR) " 4 +.IX Item """cekalg"" (OSSL_KDF_PARAM_CEK_ALG) " +Sets the CEK wrapping algorithm name in the associated KDF ctx. +.IP """n"" (\fBOSSL_KDF_PARAM_SCRYPT_N\fR) " 4 +.IX Item """n"" (OSSL_KDF_PARAM_SCRYPT_N) " +Sets the scrypt work factor parameter N in the associated KDF ctx. +.IP """r"" (\fBOSSL_KDF_PARAM_SCRYPT_R\fR) " 4 +.IX Item """r"" (OSSL_KDF_PARAM_SCRYPT_R) " +Sets the scrypt work factor parameter r in the associated KDF ctx. +.IP """p"" (\fBOSSL_KDF_PARAM_SCRYPT_P\fR) " 4 +.IX Item """p"" (OSSL_KDF_PARAM_SCRYPT_P) " +Sets the scrypt work factor parameter p in the associated KDF ctx. +.IP """maxmem_bytes"" (\fBOSSL_KDF_PARAM_SCRYPT_MAXMEM\fR) " 4 +.IX Item """maxmem_bytes"" (OSSL_KDF_PARAM_SCRYPT_MAXMEM) " +Sets the scrypt work factor parameter maxmem in the associated KDF ctx. +.IP """prefix"" (\fBOSSL_KDF_PARAM_PREFIX\fR) " 4 +.IX Item """prefix"" (OSSL_KDF_PARAM_PREFIX) " +Sets the prefix string using by the TLS 1.3 version of HKDF in the +associated KDF ctx. +.IP """label"" (\fBOSSL_KDF_PARAM_LABEL\fR) " 4 +.IX Item """label"" (OSSL_KDF_PARAM_LABEL) " +Sets the label string using by the TLS 1.3 version of HKDF in the +associated KDF ctx. +.IP """data"" (\fBOSSL_KDF_PARAM_DATA\fR) " 4 +.IX Item """data"" (OSSL_KDF_PARAM_DATA) " +Sets the context string using by the TLS 1.3 version of HKDF in the +associated KDF ctx. +.IP """info"" (\fBOSSL_KDF_PARAM_INFO\fR) " 4 +.IX Item """info"" (OSSL_KDF_PARAM_INFO) " +Sets the optional shared info in the associated KDF ctx. +.IP """seed"" (\fBOSSL_KDF_PARAM_SEED\fR) " 4 +.IX Item """seed"" (OSSL_KDF_PARAM_SEED) " +Sets the IV in the associated KDF ctx. +.IP """xcghash"" (\fBOSSL_KDF_PARAM_SSHKDF_XCGHASH\fR) " 4 +.IX Item """xcghash"" (OSSL_KDF_PARAM_SSHKDF_XCGHASH) " +Sets the xcghash in the associated KDF ctx. +.IP """session_id"" (\fBOSSL_KDF_PARAM_SSHKDF_SESSION_ID\fR) " 4 +.IX Item """session_id"" (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) " +Sets the session ID in the associated KDF ctx. +.IP """type"" (\fBOSSL_KDF_PARAM_SSHKDF_TYPE\fR) " 4 +.IX Item """type"" (OSSL_KDF_PARAM_SSHKDF_TYPE) " +Sets the SSH KDF type parameter in the associated KDF ctx. There are six supported types: .RS 4 -.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV\s0" 4 +.IP EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 4 .IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV" -The Initial \s-1IV\s0 from client to server. -A single char of value 65 (\s-1ASCII\s0 char 'A'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI\s0" 4 +The Initial IV from client to server. +A single char of value 65 (ASCII char \*(AqA\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 4 .IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI" -The Initial \s-1IV\s0 from server to client -A single char of value 66 (\s-1ASCII\s0 char 'B'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV\s0" 4 +The Initial IV from server to client +A single char of value 66 (ASCII char \*(AqB\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 4 .IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV" The Encryption Key from client to server -A single char of value 67 (\s-1ASCII\s0 char 'C'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI\s0" 4 +A single char of value 67 (ASCII char \*(AqC\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 4 .IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI" The Encryption Key from server to client -A single char of value 68 (\s-1ASCII\s0 char 'D'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV\s0" 4 +A single char of value 68 (ASCII char \*(AqD\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 4 .IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV" The Integrity Key from client to server -A single char of value 69 (\s-1ASCII\s0 char 'E'). -.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI\s0" 4 +A single char of value 69 (ASCII char \*(AqE\*(Aq). +.IP EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 4 .IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI" The Integrity Key from client to server -A single char of value 70 (\s-1ASCII\s0 char 'F'). +A single char of value 70 (ASCII char \*(AqF\*(Aq). .RE .RS 4 .RE -.ie n .IP """constant"" (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) " 4 -.el .IP "``constant'' (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) " 4 -.IX Item "constant (OSSL_KDF_PARAM_CONSTANT) " -Sets the constant value in the associated \s-1KDF\s0 ctx. -.ie n .IP """id"" (\fB\s-1OSSL_KDF_PARAM_PKCS12_ID\s0\fR) " 4 -.el .IP "``id'' (\fB\s-1OSSL_KDF_PARAM_PKCS12_ID\s0\fR) " 4 -.IX Item "id (OSSL_KDF_PARAM_PKCS12_ID) " -Sets the intended usage of the output bits in the associated \s-1KDF\s0 ctx. -It is defined as per \s-1RFC 7292\s0 section B.3. +.IP """constant"" (\fBOSSL_KDF_PARAM_CONSTANT\fR) " 4 +.IX Item """constant"" (OSSL_KDF_PARAM_CONSTANT) " +Sets the constant value in the associated KDF ctx. +.IP """id"" (\fBOSSL_KDF_PARAM_PKCS12_ID\fR) " 4 +.IX Item """id"" (OSSL_KDF_PARAM_PKCS12_ID) " +Sets the intended usage of the output bits in the associated KDF ctx. +It is defined as per RFC 7292 section B.3. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_kdf_newctx()\fR and \fBOSSL_FUNC_kdf_dupctx()\fR should return the newly created -provider side \s-1KDF\s0 context, or \s-1NULL\s0 on failure. +provider side KDF context, or NULL on failure. .PP \&\fBOSSL_FUNC_kdf_derive()\fR, \fBOSSL_FUNC_kdf_get_params()\fR, \&\fBOSSL_FUNC_kdf_get_ctx_params()\fR and \fBOSSL_FUNC_kdf_set_ctx_params()\fR should return 1 for success or 0 on error. .PP \&\fBOSSL_FUNC_kdf_gettable_params()\fR, \fBOSSL_FUNC_kdf_gettable_ctx_params()\fR and -\&\fBOSSL_FUNC_kdf_settable_ctx_params()\fR should return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) -array, or \s-1NULL\s0 if none is offered. -.SH "NOTES" +\&\fBOSSL_FUNC_kdf_settable_ctx_params()\fR should return a constant \fBOSSL_PARAM\fR\|(3) +array, or NULL if none is offered. +.SH NOTES .IX Header "NOTES" -The \s-1KDF\s0 life-cycle is described in \fBlife_cycle\-kdf\fR\|(7). Providers should +The KDF life\-cycle is described in \fBlife_cycle\-kdf\fR\|(7). Providers should ensure that the various transitions listed there are supported. At some point -the \s-1EVP\s0 layer will begin enforcing the listed transitions. +the EVP layer will begin enforcing the listed transitions. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \fBlife_cycle\-kdf\fR\|(7), \s-1\fBEVP_KDF\s0\fR\|(3). -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBlife_cycle\-kdf\fR\|(7), \fBEVP_KDF\fR\|(3). +.SH HISTORY .IX Header "HISTORY" -The provider \s-1KDF\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider KDF interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-kem.7.orig +++ secure/lib/libcrypto/man/man7/provider-kem.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-KEM 7ossl" -.TH PROVIDER-KEM 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-KEM 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-kem \- The kem library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -174,27 +99,27 @@ \& int OSSL_FUNC_kem_set_ctx_params(void *ctx, const OSSL_PARAM params[]); \& const OSSL_PARAM *OSSL_FUNC_kem_settable_ctx_params(void *ctx, void *provctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The asymmetric kem (\s-1OSSL_OP_KEM\s0) operation enables providers to +The asymmetric kem (OSSL_OP_KEM) operation enables providers to implement asymmetric kem algorithms and make them available to applications -via the \s-1API\s0 functions \fBEVP_PKEY_encapsulate\fR\|(3), +via the API functions \fBEVP_PKEY_encapsulate\fR\|(3), \&\fBEVP_PKEY_decapsulate\fR\|(3) and other related functions. .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_kem_newctx()\fR has these: +For example, the "function" \fBOSSL_FUNC_kem_newctx()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_kem_newctx_fn)(void *provctx); @@ -202,7 +127,7 @@ \& OSSL_FUNC_kem_newctx(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 3 @@ -235,7 +160,7 @@ so must OSSL_FUNC_kem_settable_ctx_params. .PP An asymmetric kem algorithm must also implement some mechanism for generating, -loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. See \fBprovider\-keymgmt\fR\|(7) for further details. .SS "Context Management Functions" .IX Subsection "Context Management Functions" @@ -258,23 +183,23 @@ encapsulation given a provider side asymmetric kem context in the \fIctx\fR parameter, a pointer to a provider key object in the \fIprovkey\fR parameter and the \fIname\fR of the algorithm. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_kem_set_ctx_params()\fR. The key object should have been previously generated, loaded or imported into -the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +the provider using the key management (OSSL_OP_KEYMGMT) operation (see \&\fBprovider\-keymgmt\fR\|(7)>. .PP \&\fBOSSL_FUNC_kem_encapsulate()\fR performs the actual encapsulation itself. A previously initialised asymmetric kem context is passed in the \fIctx\fR parameter. -Unless \fIout\fR is \s-1NULL,\s0 the data to be encapsulated is internally generated, +Unless \fIout\fR is NULL, the data to be encapsulated is internally generated, and returned into the buffer pointed to by the \fIsecret\fR parameter and the encapsulated data should also be written to the location pointed to by the \&\fIout\fR parameter. The length of the encapsulated data should be written to \&\fI*outlen\fR and the length of the generated secret should be written to \&\fI*secretlen\fR. .PP -If \fIout\fR is \s-1NULL\s0 then the maximum length of the encapsulated data should be +If \fIout\fR is NULL then the maximum length of the encapsulated data should be written to \fI*outlen\fR, and the maximum length of the generated secret should be written to \fI*secretlen\fR. .SS "Decapsulation Functions" @@ -284,7 +209,7 @@ parameter, a pointer to a provider key object in the \fIprovkey\fR parameter, and a \fIname\fR of the algorithm. The key object should have been previously generated, loaded or imported into -the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +the provider using the key management (OSSL_OP_KEYMGMT) operation (see \&\fBprovider\-keymgmt\fR\|(7)>. .PP \&\fBOSSL_FUNC_kem_decapsulate()\fR performs the actual decapsulation itself. @@ -292,50 +217,50 @@ parameter. The data to be decapsulated is pointed to by the \fIin\fR parameter which is \fIinlen\fR bytes long. -Unless \fIout\fR is \s-1NULL,\s0 the decapsulated data should be written to the location +Unless \fIout\fR is NULL, the decapsulated data should be written to the location pointed to by the \fIout\fR parameter. The length of the decapsulated data should be written to \fI*outlen\fR. -If \fIout\fR is \s-1NULL\s0 then the maximum length of the decapsulated data should be +If \fIout\fR is NULL then the maximum length of the decapsulated data should be written to \fI*outlen\fR. .SS "Asymmetric Key Encapsulation Parameters" .IX Subsection "Asymmetric Key Encapsulation Parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by the \fBOSSL_FUNC_kem_get_ctx_params()\fR and \fBOSSL_FUNC_kem_set_ctx_params()\fR functions. .PP \&\fBOSSL_FUNC_kem_get_ctx_params()\fR gets asymmetric kem parameters associated with the given provider side asymmetric kem context \fIctx\fR and stores them in \&\fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_kem_set_ctx_params()\fR sets the asymmetric kem parameters associated with the given provider side asymmetric kem context \fIctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP -No parameters are currently recognised by built-in asymmetric kem algorithms. +No parameters are currently recognised by built\-in asymmetric kem algorithms. .PP \&\fBOSSL_FUNC_kem_gettable_ctx_params()\fR and \fBOSSL_FUNC_kem_settable_ctx_params()\fR -get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the gettable and settable +get a constant \fBOSSL_PARAM\fR\|(3) array that describes the gettable and settable parameters, i.e. parameters that can be used with \fBOSSL_FUNC_kem_get_ctx_params()\fR and \fBOSSL_FUNC_kem_set_ctx_params()\fR respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_kem_newctx()\fR and \fBOSSL_FUNC_kem_dupctx()\fR should return the newly -created provider side asymmetric kem context, or \s-1NULL\s0 on failure. +created provider side asymmetric kem context, or NULL on failure. .PP All other functions should return 1 for success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The provider \s-1KEM\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider KEM interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-keyexch.7.orig +++ secure/lib/libcrypto/man/man7/provider-keyexch.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-KEYEXCH 7ossl" -.TH PROVIDER-KEYEXCH 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-KEYEXCH 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-keyexch \- The keyexch library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -172,27 +97,27 @@ \& const OSSL_PARAM *OSSL_FUNC_keyexch_gettable_ctx_params(void *ctx, \& void *provctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The key exchange (\s-1OSSL_OP_KEYEXCH\s0) operation enables providers to implement key +The key exchange (OSSL_OP_KEYEXCH) operation enables providers to implement key exchange algorithms and make them available to applications via \&\fBEVP_PKEY_derive\fR\|(3) and other related functions). .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_keyexch_newctx()\fR has these: +For example, the "function" \fBOSSL_FUNC_keyexch_newctx()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_keyexch_newctx_fn)(void *provctx); @@ -200,7 +125,7 @@ \& OSSL_FUNC_keyexch_newctx(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 3 @@ -224,7 +149,7 @@ All other functions are optional. .PP A key exchange algorithm must also implement some mechanism for generating, -loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. See \fBprovider\-keymgmt\fR\|(7) for further details. .SS "Context Management Functions" .IX Subsection "Context Management Functions" @@ -246,18 +171,18 @@ \&\fBOSSL_FUNC_keyexch_init()\fR initialises a key exchange operation given a provider side key exchange context in the \fIctx\fR parameter, and a pointer to a provider key object in the \fIprovkey\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_keyexch_set_params()\fR. The key object should have been previously generated, loaded or imported into the provider using the key management -(\s-1OSSL_OP_KEYMGMT\s0) operation (see \fBprovider\-keymgmt\fR\|(7)>. +(OSSL_OP_KEYMGMT) operation (see \fBprovider\-keymgmt\fR\|(7)>. .PP -\&\fBOSSL_FUNC_keyexch_set_peer()\fR is called to supply the peer's public key (in the +\&\fBOSSL_FUNC_keyexch_set_peer()\fR is called to supply the peer\*(Aqs public key (in the \&\fIprovkey\fR parameter) to be used when deriving the shared secret. It is also passed a previously initialised key exchange context in the \fIctx\fR parameter. The key object should have been previously generated, loaded or imported into -the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +the provider using the key management (OSSL_OP_KEYMGMT) operation (see \&\fBprovider\-keymgmt\fR\|(7)>. .PP \&\fBOSSL_FUNC_keyexch_derive()\fR performs the actual key exchange itself by deriving a shared @@ -267,27 +192,27 @@ The derived secret should be written to the location \fIsecret\fR which should not exceed \fIoutlen\fR bytes. The length of the shared secret should be written to \fI*secretlen\fR. -If \fIsecret\fR is \s-1NULL\s0 then the maximum length of the shared secret should be +If \fIsecret\fR is NULL then the maximum length of the shared secret should be written to \fI*secretlen\fR. .SS "Key Exchange Parameters Functions" .IX Subsection "Key Exchange Parameters Functions" \&\fBOSSL_FUNC_keyexch_set_ctx_params()\fR sets key exchange parameters associated with the given provider side key exchange context \fIctx\fR to \fIparams\fR, -see \*(L"Common Key Exchange parameters\*(R". +see "Common Key Exchange parameters". Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_keyexch_get_ctx_params()\fR gets key exchange parameters associated with the given provider side key exchange context \fIctx\fR into \fIparams\fR, -see \*(L"Common Key Exchange parameters\*(R". -Passing \s-1NULL\s0 for \fIparams\fR should return true. +see "Common Key Exchange parameters". +Passing NULL for \fIparams\fR should return true. .PP -\&\fBOSSL_FUNC_keyexch_settable_ctx_params()\fR yields a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that +\&\fBOSSL_FUNC_keyexch_settable_ctx_params()\fR yields a constant \fBOSSL_PARAM\fR\|(3) array that describes the settable parameters, i.e. parameters that can be used with \&\fBOP_signature_set_ctx_params()\fR. If \fBOSSL_FUNC_keyexch_settable_ctx_params()\fR is present, \fBOSSL_FUNC_keyexch_set_ctx_params()\fR must also be present, and vice versa. -Similarly, \fBOSSL_FUNC_keyexch_gettable_ctx_params()\fR yields a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) +Similarly, \fBOSSL_FUNC_keyexch_gettable_ctx_params()\fR yields a constant \fBOSSL_PARAM\fR\|(3) array that describes the gettable parameters, i.e. parameters that can be handled by \fBOP_signature_get_ctx_params()\fR. If \fBOSSL_FUNC_keyexch_gettable_ctx_params()\fR is present, \fBOSSL_FUNC_keyexch_get_ctx_params()\fR must @@ -296,41 +221,35 @@ Notice that not all settable parameters are also gettable, and vice versa. .SS "Common Key Exchange parameters" .IX Subsection "Common Key Exchange parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by the \fBOSSL_FUNC_keyexch_set_ctx_params()\fR and \fBOSSL_FUNC_keyexch_get_ctx_params()\fR functions. .PP -Common parameters currently recognised by built-in key exchange algorithms are +Common parameters currently recognised by built\-in key exchange algorithms are as follows. -.ie n .IP """kdf-type"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-type'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-type (OSSL_EXCHANGE_PARAM_KDF_TYPE) " +.IP """kdf\-type"" (\fBOSSL_EXCHANGE_PARAM_KDF_TYPE\fR) " 4 +.IX Item """kdf-type"" (OSSL_EXCHANGE_PARAM_KDF_TYPE) " Sets or gets the Key Derivation Function type to apply within the associated key exchange ctx. -.ie n .IP """kdf-digest"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-digest'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-digest (OSSL_EXCHANGE_PARAM_KDF_DIGEST) " +.IP """kdf\-digest"" (\fBOSSL_EXCHANGE_PARAM_KDF_DIGEST\fR) " 4 +.IX Item """kdf-digest"" (OSSL_EXCHANGE_PARAM_KDF_DIGEST) " Sets or gets the Digest algorithm to be used as part of the Key Derivation Function associated with the given key exchange ctx. -.ie n .IP """kdf-digest-props"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``kdf-digest-props'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "kdf-digest-props (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) " +.IP """kdf\-digest\-props"" (\fBOSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\fR) " 4 +.IX Item """kdf-digest-props"" (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) " Sets properties to be used upon look up of the implementation for the selected Digest algorithm for the Key Derivation Function associated with the given key exchange ctx. -.ie n .IP """kdf-outlen"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 -.el .IP "``kdf-outlen'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 -.IX Item "kdf-outlen (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) " +.IP """kdf\-outlen"" (\fBOSSL_EXCHANGE_PARAM_KDF_OUTLEN\fR) " 4 +.IX Item """kdf-outlen"" (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) " Sets or gets the desired size for the output of the chosen Key Derivation Function associated with the given key exchange ctx. -The length of the \*(L"kdf-outlen\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """kdf-ukm"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 -.el .IP "``kdf-ukm'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 -.IX Item "kdf-ukm (OSSL_EXCHANGE_PARAM_KDF_UKM) " +The length of the "kdf\-outlen" parameter should not exceed that of a \fBsize_t\fR. +.IP """kdf\-ukm"" (\fBOSSL_EXCHANGE_PARAM_KDF_UKM\fR) " 4 +.IX Item """kdf-ukm"" (OSSL_EXCHANGE_PARAM_KDF_UKM) " Sets the User Key Material to be used as part of the selected Key Derivation Function associated with the given key exchange ctx. -.ie n .IP """kdf-ukm"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 -.el .IP "``kdf-ukm'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 -.IX Item "kdf-ukm (OSSL_EXCHANGE_PARAM_KDF_UKM) " +.IP """kdf\-ukm"" (\fBOSSL_EXCHANGE_PARAM_KDF_UKM\fR) " 4 +.IX Item """kdf-ukm"" (OSSL_EXCHANGE_PARAM_KDF_UKM) " Gets a pointer to the User Key Material to be used as part of the selected Key Derivation Function associated with the given key exchange ctx. Providers usually do not need to support this gettable parameter as its sole purpose @@ -339,25 +258,25 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_keyexch_newctx()\fR and \fBOSSL_FUNC_keyexch_dupctx()\fR should return the newly created -provider side key exchange context, or \s-1NULL\s0 on failure. +provider side key exchange context, or NULL on failure. .PP \&\fBOSSL_FUNC_keyexch_init()\fR, \fBOSSL_FUNC_keyexch_set_peer()\fR, \fBOSSL_FUNC_keyexch_derive()\fR, \&\fBOSSL_FUNC_keyexch_set_params()\fR, and \fBOSSL_FUNC_keyexch_get_params()\fR should return 1 for success or 0 on error. .PP \&\fBOSSL_FUNC_keyexch_settable_ctx_params()\fR and \fBOSSL_FUNC_keyexch_gettable_ctx_params()\fR should -always return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array. +always return a constant \fBOSSL_PARAM\fR\|(3) array. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The provider \s-1KEYEXCH\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider KEYEXCH interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-keymgmt.7.orig +++ secure/lib/libcrypto/man/man7/provider-keymgmt.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-KEYMGMT 7ossl" -.TH PROVIDER-KEYMGMT 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-KEYMGMT 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-keymgmt \- The KEYMGMT library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -166,7 +91,7 @@ \& void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx); \& \& /* Key loading by object reference, also a constructor */ -\& void *OSSL_FUNC_keymgmt_load(const void *reference, size_t *reference_sz); +\& void *OSSL_FUNC_keymgmt_load(const void *reference, size_t reference_sz); \& \& /* Key object information */ \& int OSSL_FUNC_keymgmt_get_params(void *keydata, OSSL_PARAM params[]); @@ -195,30 +120,30 @@ \& /* Key object validation */ \& int OSSL_FUNC_keymgmt_validate(const void *keydata, int selection, int checktype); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1KEYMGMT\s0 operation doesn't have much public visibility in OpenSSL -libraries, it's rather an internal operation that's designed to work +The KEYMGMT operation doesn\*(Aqt have much public visibility in OpenSSL +libraries, it\*(Aqs rather an internal operation that\*(Aqs designed to work in tandem with operations that use private/public key pairs. .PP -Because the \s-1KEYMGMT\s0 operation shares knowledge with the operations it +Because the KEYMGMT operation shares knowledge with the operations it works with in tandem, they must belong to the same provider. The OpenSSL libraries will ensure that they do. .PP -The primary responsibility of the \s-1KEYMGMT\s0 operation is to hold the -provider side key data for the OpenSSL library \s-1EVP_PKEY\s0 structure. +The primary responsibility of the KEYMGMT operation is to hold the +provider side key data for the OpenSSL library EVP_PKEY structure. .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from a \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from a \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_keymgmt_new()\fR has these: +For example, the "function" \fBOSSL_FUNC_keymgmt_new()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_keymgmt_new_fn)(void *provctx); @@ -226,7 +151,7 @@ \& OSSL_FUNC_keymgmt_new(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 2 @@ -268,58 +193,58 @@ The exact contents of a key object are defined by the provider, and it is assumed that different operations in one and the same provider use the exact same structure to represent this collection of data, so that -for example, a key object that has been created using the \s-1KEYMGMT\s0 +for example, a key object that has been created using the KEYMGMT interface that we document here can be passed as is to other provider operations, such as \fBOP_signature_sign_init()\fR (see \&\fBprovider\-signature\fR\|(7)). .PP -With some of the \s-1KEYMGMT\s0 functions, it's possible to select a specific +With some of the KEYMGMT functions, it\*(Aqs possible to select a specific subset of data to handle, governed by the bits in a \fIselection\fR indicator. The bits are: -.IP "\fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR" 4 +.IP \fBOSSL_KEYMGMT_SELECT_PRIVATE_KEY\fR 4 .IX Item "OSSL_KEYMGMT_SELECT_PRIVATE_KEY" Indicating that the private key data in a key object should be considered. -.IP "\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR" 4 +.IP \fBOSSL_KEYMGMT_SELECT_PUBLIC_KEY\fR 4 .IX Item "OSSL_KEYMGMT_SELECT_PUBLIC_KEY" Indicating that the public key data in a key object should be considered. -.IP "\fB\s-1OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\s0\fR" 4 +.IP \fBOSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\fR 4 .IX Item "OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS" Indicating that the domain parameters in a key object should be considered. -.IP "\fB\s-1OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS\s0\fR" 4 +.IP \fBOSSL_KEYMGMT_SELECT_OTHER_PARAMETERS\fR 4 .IX Item "OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS" Indicating that other parameters in a key object should be considered. .Sp -Other parameters are key parameters that don't fit any other +Other parameters are key parameters that don\*(Aqt fit any other classification. In other words, this particular selector bit works as a last resort bit bucket selector. .PP Some selector bits have also been combined for easier use: -.IP "\fB\s-1OSSL_KEYMGMT_SELECT_ALL_PARAMETERS\s0\fR" 4 +.IP \fBOSSL_KEYMGMT_SELECT_ALL_PARAMETERS\fR 4 .IX Item "OSSL_KEYMGMT_SELECT_ALL_PARAMETERS" Indicating that all key object parameters should be considered, regardless of their more granular classification. .Sp -This is a combination of \fB\s-1OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\s0\fR and -\&\fB\s-1OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS\s0\fR. -.IP "\fB\s-1OSSL_KEYMGMT_SELECT_KEYPAIR\s0\fR" 4 +This is a combination of \fBOSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\fR and +\&\fBOSSL_KEYMGMT_SELECT_OTHER_PARAMETERS\fR. +.IP \fBOSSL_KEYMGMT_SELECT_KEYPAIR\fR 4 .IX Item "OSSL_KEYMGMT_SELECT_KEYPAIR" Indicating that both the whole key pair in a key object should be considered, i.e. the combination of public and private key. .Sp -This is a combination of \fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR and -\&\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR. -.IP "\fB\s-1OSSL_KEYMGMT_SELECT_ALL\s0\fR" 4 +This is a combination of \fBOSSL_KEYMGMT_SELECT_PRIVATE_KEY\fR and +\&\fBOSSL_KEYMGMT_SELECT_PUBLIC_KEY\fR. +.IP \fBOSSL_KEYMGMT_SELECT_ALL\fR 4 .IX Item "OSSL_KEYMGMT_SELECT_ALL" Indicating that everything in a key object should be considered. .PP The exact interpretation of those bits or how they combine is left to each function where you can specify a selector. .PP -It's left to the provider implementation to decide what is reasonable +It\*(Aqs left to the provider implementation to decide what is reasonable to do with regards to received selector bits and how to do it. Among others, an implementation of \fBOSSL_FUNC_keymgmt_match()\fR might opt to not compare the private half if it has compared the public half, @@ -340,21 +265,21 @@ \&\fBOSSL_FUNC_keymgmt_gen_init()\fR should create the key object generation context and initialize it with \fIselections\fR, which will determine what kind of contents the key object to be generated should get. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_keymgmt_set_params()\fR. .PP \&\fBOSSL_FUNC_keymgmt_gen_set_template()\fR should add \fItemplate\fR to the context \&\fIgenctx\fR. The \fItemplate\fR is assumed to be a key object constructed -with the same \s-1KEYMGMT,\s0 and from which content that the implementation +with the same KEYMGMT, and from which content that the implementation chooses can be used as a template for the key object to be generated. -Typically, the generation of a \s-1DSA\s0 or \s-1DH\s0 key would get the domain +Typically, the generation of a DSA or DH key would get the domain parameters from this \fItemplate\fR. .PP \&\fBOSSL_FUNC_keymgmt_gen_set_params()\fR should set additional parameters from \&\fIparams\fR in the key object generation context \fIgenctx\fR. .PP \&\fBOSSL_FUNC_keymgmt_gen_settable_params()\fR should return a constant array of -descriptor \s-1\fBOSSL_PARAM\s0\fR\|(3), for parameters that \fBOSSL_FUNC_keymgmt_gen_set_params()\fR +descriptor \fBOSSL_PARAM\fR\|(3), for parameters that \fBOSSL_FUNC_keymgmt_gen_set_params()\fR can handle. .PP \&\fBOSSL_FUNC_keymgmt_gen()\fR should perform the key object generation itself, and @@ -378,20 +303,20 @@ .SS "Key Object Information Functions" .IX Subsection "Key Object Information Functions" \&\fBOSSL_FUNC_keymgmt_get_params()\fR should extract information data associated -with the given \fIkeydata\fR, see \*(L"Common Information Parameters\*(R". +with the given \fIkeydata\fR, see "Common Information Parameters". .PP \&\fBOSSL_FUNC_keymgmt_gettable_params()\fR should return a constant array of -descriptor \s-1\fBOSSL_PARAM\s0\fR\|(3), for parameters that \fBOSSL_FUNC_keymgmt_get_params()\fR +descriptor \fBOSSL_PARAM\fR\|(3), for parameters that \fBOSSL_FUNC_keymgmt_get_params()\fR can handle. .PP If \fBOSSL_FUNC_keymgmt_gettable_params()\fR is present, \fBOSSL_FUNC_keymgmt_get_params()\fR must also be present, and vice versa. .PP \&\fBOSSL_FUNC_keymgmt_set_params()\fR should update information data associated -with the given \fIkeydata\fR, see \*(L"Common Information Parameters\*(R". +with the given \fIkeydata\fR, see "Common Information Parameters". .PP \&\fBOSSL_FUNC_keymgmt_settable_params()\fR should return a constant array of -descriptor \s-1\fBOSSL_PARAM\s0\fR\|(3), for parameters that \fBOSSL_FUNC_keymgmt_set_params()\fR +descriptor \fBOSSL_PARAM\fR\|(3), for parameters that \fBOSSL_FUNC_keymgmt_set_params()\fR can handle. .PP If \fBOSSL_FUNC_keymgmt_settable_params()\fR is present, \fBOSSL_FUNC_keymgmt_set_params()\fR @@ -402,7 +327,7 @@ supported algorithm for the operation \fIoperation_id\fR. This is similar to \fBprovider_query_operation()\fR (see \fBprovider\-base\fR\|(7)), but only works as an advisory. If this function is not present, or -returns \s-1NULL,\s0 the caller is free to assume that there's an algorithm +returns NULL, the caller is free to assume that there\*(Aqs an algorithm from the same provider, of the same name as the one used to fetch the keymgmt and try to use that. .PP @@ -411,24 +336,24 @@ selector bits must consider all those subsets, not just one. An implementation is, however, free to consider an empty subset of data to still be a valid subset. For algorithms where some selection is -not meaningful such as \fB\s-1OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\s0\fR for -\&\s-1RSA\s0 keys the function should just return 1 as the selected subset +not meaningful such as \fBOSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\fR for +RSA keys the function should just return 1 as the selected subset is not really missing in the key. .PP \&\fBOSSL_FUNC_keymgmt_validate()\fR should check if the \fIkeydata\fR contains valid data subsets indicated by \fIselection\fR. Some combined selections of data subsets may cause validation of the combined data. -For example, the combination of \fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR and -\&\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR (or \fB\s-1OSSL_KEYMGMT_SELECT_KEYPAIR\s0\fR +For example, the combination of \fBOSSL_KEYMGMT_SELECT_PRIVATE_KEY\fR and +\&\fBOSSL_KEYMGMT_SELECT_PUBLIC_KEY\fR (or \fBOSSL_KEYMGMT_SELECT_KEYPAIR\fR for short) is expected to check that the pairwise consistency of \&\fIkeydata\fR is valid. The \fIchecktype\fR parameter controls what type of check is performed on the subset of data. Two types of check are defined: -\&\fB\s-1OSSL_KEYMGMT_VALIDATE_FULL_CHECK\s0\fR and \fB\s-1OSSL_KEYMGMT_VALIDATE_QUICK_CHECK\s0\fR. +\&\fBOSSL_KEYMGMT_VALIDATE_FULL_CHECK\fR and \fBOSSL_KEYMGMT_VALIDATE_QUICK_CHECK\fR. The interpretation of how much checking is performed in a full check versus a quick check is key type specific. Some providers may have no distinction between a full check and a quick check. For algorithms where some selection is -not meaningful such as \fB\s-1OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\s0\fR for -\&\s-1RSA\s0 keys the function should just return 1 as there is nothing to validate for +not meaningful such as \fBOSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\fR for +RSA keys the function should just return 1 as there is nothing to validate for that selection. .PP \&\fBOSSL_FUNC_keymgmt_match()\fR should check if the data subset indicated by @@ -438,18 +363,18 @@ .SS "Key Object Import, Export and Duplication Functions" .IX Subsection "Key Object Import, Export and Duplication Functions" \&\fBOSSL_FUNC_keymgmt_import()\fR should import data indicated by \fIselection\fR into -\&\fIkeydata\fR with values taken from the \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. +\&\fIkeydata\fR with values taken from the \fBOSSL_PARAM\fR\|(3) array \fIparams\fR. .PP \&\fBOSSL_FUNC_keymgmt_export()\fR should extract values indicated by \fIselection\fR -from \fIkeydata\fR, create an \s-1\fBOSSL_PARAM\s0\fR\|(3) array with them and call +from \fIkeydata\fR, create an \fBOSSL_PARAM\fR\|(3) array with them and call \&\fIparam_cb\fR with that array as well as the given \fIcbarg\fR. .PP \&\fBOSSL_FUNC_keymgmt_import_types()\fR should return a constant array of descriptor -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) for data indicated by \fIselection\fR, for parameters that +\&\fBOSSL_PARAM\fR\|(3) for data indicated by \fIselection\fR, for parameters that \&\fBOSSL_FUNC_keymgmt_import()\fR can handle. .PP \&\fBOSSL_FUNC_keymgmt_export_types()\fR should return a constant array of descriptor -\&\s-1\fBOSSL_PARAM\s0\fR\|(3) for data indicated by \fIselection\fR, that the +\&\fBOSSL_PARAM\fR\|(3) for data indicated by \fIselection\fR, that the \&\fBOSSL_FUNC_keymgmt_export()\fR callback can expect to receive. .PP \&\fBOSSL_FUNC_keymgmt_dup()\fR should duplicate data subsets indicated by @@ -457,56 +382,51 @@ provider side key object with the data. .SS "Common Information Parameters" .IX Subsection "Common Information Parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure. .PP -Common information parameters currently recognised by all built-in +Common information parameters currently recognised by all built\-in keymgmt algorithms are as follows: -.ie n .IP """bits"" (\fB\s-1OSSL_PKEY_PARAM_BITS\s0\fR) " 4 -.el .IP "``bits'' (\fB\s-1OSSL_PKEY_PARAM_BITS\s0\fR) " 4 -.IX Item "bits (OSSL_PKEY_PARAM_BITS) " +.IP """bits"" (\fBOSSL_PKEY_PARAM_BITS\fR) " 4 +.IX Item """bits"" (OSSL_PKEY_PARAM_BITS) " The value should be the cryptographic length of the cryptosystem to which the key belongs, in bits. The definition of cryptographic length is specific to the key cryptosystem. -.ie n .IP """max-size"" (\fB\s-1OSSL_PKEY_PARAM_MAX_SIZE\s0\fR) " 4 -.el .IP "``max-size'' (\fB\s-1OSSL_PKEY_PARAM_MAX_SIZE\s0\fR) " 4 -.IX Item "max-size (OSSL_PKEY_PARAM_MAX_SIZE) " +.IP """max\-size"" (\fBOSSL_PKEY_PARAM_MAX_SIZE\fR) " 4 +.IX Item """max-size"" (OSSL_PKEY_PARAM_MAX_SIZE) " The value should be the maximum size that a caller should allocate to safely store a signature (called \fIsig\fR in \fBprovider\-signature\fR\|(7)), -the result of asymmmetric encryption / decryption (\fIout\fR in +the result of asymmetric encryption / decryption (\fIout\fR in \&\fBprovider\-asym_cipher\fR\|(7), a derived secret (\fIsecret\fR in \&\fBprovider\-keyexch\fR\|(7), and similar data). .Sp -Because an \s-1EVP_KEYMGMT\s0 method is always tightly bound to another method +Because an EVP_KEYMGMT method is always tightly bound to another method (signature, asymmetric cipher, key exchange, ...) and must be of the same provider, this number only needs to be synchronised with the dimensions handled in the rest of the same provider. -.ie n .IP """security-bits"" (\fB\s-1OSSL_PKEY_PARAM_SECURITY_BITS\s0\fR) " 4 -.el .IP "``security-bits'' (\fB\s-1OSSL_PKEY_PARAM_SECURITY_BITS\s0\fR) " 4 -.IX Item "security-bits (OSSL_PKEY_PARAM_SECURITY_BITS) " +.IP """security\-bits"" (\fBOSSL_PKEY_PARAM_SECURITY_BITS\fR) " 4 +.IX Item """security-bits"" (OSSL_PKEY_PARAM_SECURITY_BITS) " The value should be the number of security bits of the given key. -Bits of security is defined in \s-1SP800\-57.\s0 -.ie n .IP """mandatory-digest"" (\fB\s-1OSSL_PKEY_PARAM_MANDATORY_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mandatory-digest'' (\fB\s-1OSSL_PKEY_PARAM_MANDATORY_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mandatory-digest (OSSL_PKEY_PARAM_MANDATORY_DIGEST) " +Bits of security is defined in SP800\-57. +.IP """mandatory\-digest"" (\fBOSSL_PKEY_PARAM_MANDATORY_DIGEST\fR) " 4 +.IX Item """mandatory-digest"" (OSSL_PKEY_PARAM_MANDATORY_DIGEST) " If there is a mandatory digest for performing a signature operation with keys from this keymgmt, this parameter should get its name as value. .Sp -When \fBEVP_PKEY_get_default_digest_name()\fR queries this parameter and it's +When \fBEVP_PKEY_get_default_digest_name()\fR queries this parameter and it\*(Aqs filled in by the implementation, its return value will be 2. .Sp If the keymgmt implementation fills in the value \f(CW""\fR or \f(CW"UNDEF"\fR, \&\fBEVP_PKEY_get_default_digest_name\fR\|(3) will place the string \f(CW"UNDEF"\fR into its argument \fImdname\fR. This signifies that no digest should be specified with the corresponding signature operation. -.ie n .IP """default-digest"" (\fB\s-1OSSL_PKEY_PARAM_DEFAULT_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``default-digest'' (\fB\s-1OSSL_PKEY_PARAM_DEFAULT_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "default-digest (OSSL_PKEY_PARAM_DEFAULT_DIGEST) " +.IP """default\-digest"" (\fBOSSL_PKEY_PARAM_DEFAULT_DIGEST\fR) " 4 +.IX Item """default-digest"" (OSSL_PKEY_PARAM_DEFAULT_DIGEST) " If there is a default digest for performing a signature operation with keys from this keymgmt, this parameter should get its name as value. .Sp -When \fBEVP_PKEY_get_default_digest_name\fR\|(3) queries this parameter and it's +When \fBEVP_PKEY_get_default_digest_name\fR\|(3) queries this parameter and it\*(Aqs filled in by the implementation, its return value will be 1. Note that if -\&\fB\s-1OSSL_PKEY_PARAM_MANDATORY_DIGEST\s0\fR is responded to as well, +\&\fBOSSL_PKEY_PARAM_MANDATORY_DIGEST\fR is responded to as well, \&\fBEVP_PKEY_get_default_digest_name\fR\|(3) ignores the response to this parameter. .Sp @@ -518,7 +438,7 @@ .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_keymgmt_new()\fR and \fBOSSL_FUNC_keymgmt_dup()\fR should return a valid -reference to the newly created provider side key object, or \s-1NULL\s0 on failure. +reference to the newly created provider side key object, or NULL on failure. .PP \&\fBOSSL_FUNC_keymgmt_import()\fR, \fBOSSL_FUNC_keymgmt_export()\fR, \fBOSSL_FUNC_keymgmt_get_params()\fR and \&\fBOSSL_FUNC_keymgmt_set_params()\fR should return 1 for success or 0 on error. @@ -530,27 +450,27 @@ in the given \fIkeydata\fR or 0 otherwise. .PP \&\fBOSSL_FUNC_keymgmt_query_operation_name()\fR should return a pointer to a string matching -the requested operation, or \s-1NULL\s0 if the same name used to fetch the keymgmt +the requested operation, or NULL if the same name used to fetch the keymgmt applies. .PP \&\fBOSSL_FUNC_keymgmt_gettable_params()\fR and \fBOSSL_FUNC_keymgmt_settable_params()\fR \&\fBOSSL_FUNC_keymgmt_import_types()\fR, \fBOSSL_FUNC_keymgmt_export_types()\fR should -always return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array. +always return a constant \fBOSSL_PARAM\fR\|(3) array. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7), -\&\s-1\fBEVP_PKEY\-X25519\s0\fR\|(7), \s-1\fBEVP_PKEY\-X448\s0\fR\|(7), \s-1\fBEVP_PKEY\-ED25519\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-ED448\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7), \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), -\&\s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) -.SH "HISTORY" +\&\fBEVP_PKEY\-X25519\fR\|(7), \fBEVP_PKEY\-X448\fR\|(7), \fBEVP_PKEY\-ED25519\fR\|(7), +\&\fBEVP_PKEY\-ED448\fR\|(7), \fBEVP_PKEY\-EC\fR\|(7), \fBEVP_PKEY\-RSA\fR\|(7), +\&\fBEVP_PKEY\-DSA\fR\|(7), \fBEVP_PKEY\-DH\fR\|(7) +.SH HISTORY .IX Header "HISTORY" -The \s-1KEYMGMT\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The KEYMGMT interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-mac.7.orig +++ secure/lib/libcrypto/man/man7/provider-mac.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-MAC 7ossl" -.TH PROVIDER-MAC 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-MAC 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-mac \- The mac library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -173,26 +98,26 @@ \& int OSSL_FUNC_mac_get_ctx_params(void *mctx, OSSL_PARAM params[]); \& int OSSL_FUNC_mac_set_ctx_params(void *mctx, const OSSL_PARAM params[]); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The \s-1MAC\s0 operation enables providers to implement mac algorithms and make -them available to applications via the \s-1API\s0 functions \fBEVP_MAC_init\fR\|(3), +The MAC operation enables providers to implement mac algorithms and make +them available to applications via the API functions \fBEVP_MAC_init\fR\|(3), \&\fBEVP_MAC_update\fR\|(3) and \fBEVP_MAC_final\fR\|(3). .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_mac_newctx()\fR has these: +For example, the "function" \fBOSSL_FUNC_mac_newctx()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_mac_newctx_fn)(void *provctx); @@ -200,7 +125,7 @@ \& OSSL_FUNC_mac_newctx(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 3 @@ -237,7 +162,7 @@ .PP \&\fBOSSL_FUNC_mac_freectx()\fR is passed a pointer to the provider side mac context in the \fImctx\fR parameter. -If it receives \s-1NULL\s0 as \fImctx\fR value, it should not do anything other than +If it receives NULL as \fImctx\fR value, it should not do anything other than return. This function should free any resources associated with that context. .PP @@ -247,24 +172,24 @@ .IX Subsection "Encryption/Decryption Functions" \&\fBOSSL_FUNC_mac_init()\fR initialises a mac operation given a newly created provider side mac context in the \fImctx\fR parameter. The \fIparams\fR are set before setting -the \s-1MAC\s0 \fIkey\fR of \fIkeylen\fR bytes. +the MAC \fIkey\fR of \fIkeylen\fR bytes. .PP -\&\fBOSSL_FUNC_mac_update()\fR is called to supply data for \s-1MAC\s0 computation of a previously +\&\fBOSSL_FUNC_mac_update()\fR is called to supply data for MAC computation of a previously initialised mac operation. The \fImctx\fR parameter contains a pointer to a previously initialised provider side context. \&\fBOSSL_FUNC_mac_update()\fR may be called multiple times for a single mac operation. .PP -\&\fBOSSL_FUNC_mac_final()\fR completes the \s-1MAC\s0 computation started through previous +\&\fBOSSL_FUNC_mac_final()\fR completes the MAC computation started through previous \&\fBOSSL_FUNC_mac_init()\fR and \fBOSSL_FUNC_mac_update()\fR calls. The \fImctx\fR parameter contains a pointer to the provider side context. -The resulting \s-1MAC\s0 should be written to \fIout\fR and the amount of data written +The resulting MAC should be written to \fIout\fR and the amount of data written to \fI*outl\fR, which should not exceed \fIoutsize\fR bytes. The same expectations apply to \fIoutsize\fR as documented for \&\fBEVP_MAC_final\fR\|(3). .SS "Mac Parameters" .IX Subsection "Mac Parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by these functions. .PP \&\fBOSSL_FUNC_mac_get_params()\fR gets details of parameter values associated with the @@ -273,33 +198,32 @@ \&\fBOSSL_FUNC_mac_set_ctx_params()\fR sets mac parameters associated with the given provider side mac context \fImctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_mac_get_ctx_params()\fR gets details of currently set parameter values associated with the given provider side mac context \fImctx\fR and stores them in \fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_mac_gettable_params()\fR, \fBOSSL_FUNC_mac_gettable_ctx_params()\fR, -and \fBOSSL_FUNC_mac_settable_ctx_params()\fR all return constant \s-1\fBOSSL_PARAM\s0\fR\|(3) +and \fBOSSL_FUNC_mac_settable_ctx_params()\fR all return constant \fBOSSL_PARAM\fR\|(3) arrays as descriptors of the parameters that \fBOSSL_FUNC_mac_get_params()\fR, \&\fBOSSL_FUNC_mac_get_ctx_params()\fR, and \fBOSSL_FUNC_mac_set_ctx_params()\fR can handle, respectively. \fBOSSL_FUNC_mac_gettable_ctx_params()\fR and \&\fBOSSL_FUNC_mac_settable_ctx_params()\fR will return the parameters associated with the provider side context \fImctx\fR in its current state if it is -not \s-1NULL.\s0 Otherwise, they return the parameters associated with the +not NULL. Otherwise, they return the parameters associated with the provider side algorithm \fIprovctx\fR. .PP -All \s-1MAC\s0 implementations are expected to handle the following parameters: +All MAC implementations are expected to handle the following parameters: .IP "with \fBOSSL_FUNC_set_ctx_params()\fR:" 4 .IX Item "with OSSL_FUNC_set_ctx_params():" .RS 4 .PD 0 -.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 -.IX Item "key (OSSL_MAC_PARAM_KEY) " +.IP """key"" (\fBOSSL_MAC_PARAM_KEY\fR) " 4 +.IX Item """key"" (OSSL_MAC_PARAM_KEY) " .PD -Sets the key in the associated \s-1MAC\s0 ctx. This is identical to passing a \fIkey\fR +Sets the key in the associated MAC ctx. This is identical to passing a \fIkey\fR argument to the \fBOSSL_FUNC_mac_init()\fR function. .RE .RS 4 @@ -308,56 +232,54 @@ .IX Item "with OSSL_FUNC_get_params():" .RS 4 .PD 0 -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.IP """size"" (\fBOSSL_MAC_PARAM_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_SIZE) " .PD -Can be used to get the default \s-1MAC\s0 size (which might be the only allowable -\&\s-1MAC\s0 size for the implementation). +Can be used to get the default MAC size (which might be the only allowable +MAC size for the implementation). .Sp -Note that some implementations allow setting the size that the resulting \s-1MAC\s0 +Note that some implementations allow setting the size that the resulting MAC should have as well, see the documentation of the implementation. .RE .RS 4 -.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) " 4 -.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_BLOCK_SIZE\s0\fR) " 4 -.IX Item "size (OSSL_MAC_PARAM_BLOCK_SIZE) " -Can be used to get the \s-1MAC\s0 block size (if supported by the algorithm). +.IP """size"" (\fBOSSL_MAC_PARAM_BLOCK_SIZE\fR) " 4 +.IX Item """size"" (OSSL_MAC_PARAM_BLOCK_SIZE) " +Can be used to get the MAC block size (if supported by the algorithm). .RE .RS 4 .RE -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \s-1MAC\s0 life-cycle is described in \fBlife_cycle\-rand\fR\|(7). Providers should +The MAC life\-cycle is described in \fBlife_cycle\-rand\fR\|(7). Providers should ensure that the various transitions listed there are supported. At some point -the \s-1EVP\s0 layer will begin enforcing the listed transitions. +the EVP layer will begin enforcing the listed transitions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_mac_newctx()\fR and \fBOSSL_FUNC_mac_dupctx()\fR should return the newly created -provider side mac context, or \s-1NULL\s0 on failure. +provider side mac context, or NULL on failure. .PP \&\fBOSSL_FUNC_mac_init()\fR, \fBOSSL_FUNC_mac_update()\fR, \fBOSSL_FUNC_mac_final()\fR, \fBOSSL_FUNC_mac_get_params()\fR, \&\fBOSSL_FUNC_mac_get_ctx_params()\fR and \fBOSSL_FUNC_mac_set_ctx_params()\fR should return 1 for success or 0 on error. .PP \&\fBOSSL_FUNC_mac_gettable_params()\fR, \fBOSSL_FUNC_mac_gettable_ctx_params()\fR and -\&\fBOSSL_FUNC_mac_settable_ctx_params()\fR should return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) -array, or \s-1NULL\s0 if none is offered. +\&\fBOSSL_FUNC_mac_settable_ctx_params()\fR should return a constant \fBOSSL_PARAM\fR\|(3) +array, or NULL if none is offered. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7), -\&\s-1\fBEVP_MAC\-BLAKE2\s0\fR\|(7), \s-1\fBEVP_MAC\-CMAC\s0\fR\|(7), \s-1\fBEVP_MAC\-GMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-HMAC\s0\fR\|(7), \s-1\fBEVP_MAC\-KMAC\s0\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7), +\&\fBEVP_MAC\-BLAKE2\fR\|(7), \fBEVP_MAC\-CMAC\fR\|(7), \fBEVP_MAC\-GMAC\fR\|(7), +\&\fBEVP_MAC\-HMAC\fR\|(7), \fBEVP_MAC\-KMAC\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7), \&\fBEVP_MAC\-Siphash\fR\|(7), -\&\fBlife_cycle\-mac\fR\|(7), \s-1\fBEVP_MAC\s0\fR\|(3) -.SH "HISTORY" +\&\fBlife_cycle\-mac\fR\|(7), \fBEVP_MAC\fR\|(3) +.SH HISTORY .IX Header "HISTORY" -The provider \s-1MAC\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider MAC interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-object.7.orig +++ secure/lib/libcrypto/man/man7/provider-object.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,118 +53,59 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-OBJECT 7ossl" -.TH PROVIDER-OBJECT 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-OBJECT 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-object \- A specification for a provider\-native object abstraction -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The provider-native object abstraction is a set of \s-1\fBOSSL_PARAM\s0\fR\|(3) keys and -values that can be used to pass provider-native objects to OpenSSL library +The provider\-native object abstraction is a set of \fBOSSL_PARAM\fR\|(3) keys and +values that can be used to pass provider\-native objects to OpenSSL library code or between different provider operation implementations with the help of OpenSSL library code. .PP -The intention is that certain provider-native operations can pass any sort +The intention is that certain provider\-native operations can pass any sort of object that belong with other operations, or with OpenSSL library code. .PP An object may be passed in the following manners: -.IP "1." 4 +.IP 1. 4 \&\fIBy value\fR .Sp -This means that the \fIobject data\fR is passed as an octet string or an \s-1UTF8\s0 +This means that the \fIobject data\fR is passed as an octet string or an UTF8 string, which can be handled in diverse ways by other provided implementations. -The encoding of the object depends on the context it's used in; for example, -\&\s-1\fBOSSL_DECODER\s0\fR\|(3) allows multiple encodings, depending on existing decoders. +The encoding of the object depends on the context it\*(Aqs used in; for example, +\&\fBOSSL_DECODER\fR\|(3) allows multiple encodings, depending on existing decoders. If central OpenSSL library functionality is to handle the data directly, it -\&\fBmust\fR be encoded in \s-1DER\s0 for all object types except for \fB\s-1OSSL_OBJECT_NAME\s0\fR -(see \*(L"Parameter reference\*(R" below), where it's assumed to a plain \s-1UTF8\s0 string. -.IP "2." 4 +\&\fBmust\fR be encoded in DER for all object types except for \fBOSSL_OBJECT_NAME\fR +(see "Parameter reference" below), where it\*(Aqs assumed to a plain UTF8 string. +.IP 2. 4 \&\fIBy reference\fR .Sp -This means that the \fIobject data\fR isn't passed directly, an \fIobject -reference\fR is passed instead. It's an octet string that only the correct +This means that the \fIobject data\fR isn\*(Aqt passed directly, an \fIobject +reference\fR is passed instead. It\*(Aqs an octet string that only the correct provider understands correctly. .PP -Objects \fIby value\fR can be used by anything that handles \s-1DER\s0 encoded +Objects \fIby value\fR can be used by anything that handles DER encoded objects. .PP Objects \fIby reference\fR need a higher level of cooperation from the -implementation where the object originated (let's call it X) and its target -implementation (let's call it Y): -.IP "1." 4 +implementation where the object originated (let\*(Aqs call it X) and its target +implementation (let\*(Aqs call it Y): +.IP 1. 4 \&\fIAn object loading function in the target implementation\fR .Sp The target implementation (Y) may have a function that can take an \fIobject @@ -190,103 +115,97 @@ The exact target implementation to use is determined from the \fIobject type\fR and possibly the \fIobject data type\fR. For example, when the OpenSSL library receives an object abstraction with the -\&\fIobject type\fR \fB\s-1OSSL_OBJECT_PKEY\s0\fR, it will fetch a \fBprovider\-keymgmt\fR\|(7) +\&\fIobject type\fR \fBOSSL_OBJECT_PKEY\fR, it will fetch a \fBprovider\-keymgmt\fR\|(7) using the \fIobject data type\fR as its key type (the second argument in \&\fBEVP_KEYMGMT_fetch\fR\|(3)). -.IP "2." 4 +.IP 2. 4 \&\fIAn object exporter in the originating implementation\fR .Sp The originating implementation (X) may have an exporter function. This -exporter function can be used to export the object in \s-1\fBOSSL_PARAM\s0\fR\|(3) form, -that can then be imported by the target implementation's imported function. +exporter function can be used to export the object in \fBOSSL_PARAM\fR\|(3) form, +that can then be imported by the target implementation\*(Aqs imported function. .Sp -This can be used when it's not possible to fetch the target implementation +This can be used when it\*(Aqs not possible to fetch the target implementation (Y) from the same provider. .SS "Parameter reference" .IX Subsection "Parameter reference" -A provider-native object abstraction is an \s-1\fBOSSL_PARAM\s0\fR\|(3) with a selection +A provider\-native object abstraction is an \fBOSSL_PARAM\fR\|(3) with a selection of the following parameters: -.ie n .IP """data"" (\fB\s-1OSSL_OBJECT_PARAM_DATA\s0\fR) or <\s-1UTF8\s0 string>" 4 -.el .IP "``data'' (\fB\s-1OSSL_OBJECT_PARAM_DATA\s0\fR) or <\s-1UTF8\s0 string>" 4 -.IX Item "data (OSSL_OBJECT_PARAM_DATA) or " +.IP """data"" (\fBOSSL_OBJECT_PARAM_DATA\fR) or " 4 +.IX Item """data"" (OSSL_OBJECT_PARAM_DATA) or " The object data \fIpassed by value\fR. -.ie n .IP """reference"" (\fB\s-1OSSL_OBJECT_PARAM_REFERENCE\s0\fR) " 4 -.el .IP "``reference'' (\fB\s-1OSSL_OBJECT_PARAM_REFERENCE\s0\fR) " 4 -.IX Item "reference (OSSL_OBJECT_PARAM_REFERENCE) " +.IP """reference"" (\fBOSSL_OBJECT_PARAM_REFERENCE\fR) " 4 +.IX Item """reference"" (OSSL_OBJECT_PARAM_REFERENCE) " The object data \fIpassed by reference\fR. -.ie n .IP """type"" (\fB\s-1OSSL_OBJECT_PARAM_TYPE\s0\fR) " 4 -.el .IP "``type'' (\fB\s-1OSSL_OBJECT_PARAM_TYPE\s0\fR) " 4 -.IX Item "type (OSSL_OBJECT_PARAM_TYPE) " +.IP """type"" (\fBOSSL_OBJECT_PARAM_TYPE\fR) " 4 +.IX Item """type"" (OSSL_OBJECT_PARAM_TYPE) " The \fIobject type\fR, a number that may have any of the following values (all defined in \fI\fR): .RS 4 -.IP "\fB\s-1OSSL_OBJECT_NAME\s0\fR" 4 +.IP \fBOSSL_OBJECT_NAME\fR 4 .IX Item "OSSL_OBJECT_NAME" -The object data may only be \fIpassed by value\fR, and should be a \s-1UTF8\s0 +The object data may only be \fIpassed by value\fR, and should be a UTF8 string. .Sp -This is useful for \fBprovider\-storemgmt\fR\|(7) when a \s-1URI\s0 load results in new +This is useful for \fBprovider\-storemgmt\fR\|(7) when a URI load results in new URIs. -.IP "\fB\s-1OSSL_OBJECT_PKEY\s0\fR" 4 +.IP \fBOSSL_OBJECT_PKEY\fR 4 .IX Item "OSSL_OBJECT_PKEY" -The object data is suitable as provider-native \fB\s-1EVP_PKEY\s0\fR key data. The +The object data is suitable as provider\-native \fBEVP_PKEY\fR key data. The object data may be \fIpassed by value\fR or \fIpassed by reference\fR. -.IP "\fB\s-1OSSL_OBJECT_CERT\s0\fR" 4 +.IP \fBOSSL_OBJECT_CERT\fR 4 .IX Item "OSSL_OBJECT_CERT" The object data is suitable as \fBX509\fR data. The object data for this object type can only be \fIpassed by value\fR, and should be an octet string. .Sp -Since there's no provider-native X.509 object, OpenSSL libraries that +Since there\*(Aqs no provider\-native X.509 object, OpenSSL libraries that receive this object abstraction are expected to convert the data to a \&\fBX509\fR object with \fBd2i_X509()\fR. -.IP "\fB\s-1OSSL_OBJECT_CRL\s0\fR" 4 +.IP \fBOSSL_OBJECT_CRL\fR 4 .IX Item "OSSL_OBJECT_CRL" The object data is suitable as \fBX509_CRL\fR data. The object data can only be \fIpassed by value\fR, and should be an octet string. .Sp -Since there's no provider-native X.509 \s-1CRL\s0 object, OpenSSL libraries that +Since there\*(Aqs no provider\-native X.509 CRL object, OpenSSL libraries that receive this object abstraction are expected to convert the data to a \&\fBX509_CRL\fR object with \fBd2i_X509_CRL()\fR. .RE .RS 4 .RE -.ie n .IP """data-type"" (\fB\s-1OSSL_OBJECT_PARAM_DATA_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``data-type'' (\fB\s-1OSSL_OBJECT_PARAM_DATA_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "data-type (OSSL_OBJECT_PARAM_DATA_TYPE) " +.IP """data\-type"" (\fBOSSL_OBJECT_PARAM_DATA_TYPE\fR) " 4 +.IX Item """data-type"" (OSSL_OBJECT_PARAM_DATA_TYPE) " The specific type of the object content. Legitimate values depend on the -object type; if it is \fB\s-1OSSL_OBJECT_PKEY\s0\fR, the data type is expected to be a +object type; if it is \fBOSSL_OBJECT_PKEY\fR, the data type is expected to be a key type suitable for fetching a \fBprovider\-keymgmt\fR\|(7) that can handle the data. -.ie n .IP """data-structure"" (\fB\s-1OSSL_OBJECT_PARAM_DATA_STRUCTURE\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``data-structure'' (\fB\s-1OSSL_OBJECT_PARAM_DATA_STRUCTURE\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "data-structure (OSSL_OBJECT_PARAM_DATA_STRUCTURE) " +.IP """data\-structure"" (\fBOSSL_OBJECT_PARAM_DATA_STRUCTURE\fR) " 4 +.IX Item """data-structure"" (OSSL_OBJECT_PARAM_DATA_STRUCTURE) " The outermost structure of the object content. Legitimate values depend on the object type. -.ie n .IP """desc"" (\fB\s-1OSSL_OBJECT_PARAM_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``desc'' (\fB\s-1OSSL_OBJECT_PARAM_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "desc (OSSL_OBJECT_PARAM_DESC) " +.IP """desc"" (\fBOSSL_OBJECT_PARAM_DESC\fR) " 4 +.IX Item """desc"" (OSSL_OBJECT_PARAM_DESC) " A human readable text that describes extra details on the object. .PP -When a provider-native object abstraction is used, it \fImust\fR contain object -data in at least one form (object data \fIpassed by value\fR, i.e. the \*(L"data\*(R" -item, or object data \fIpassed by reference\fR, i.e. the \*(L"reference\*(R" item). +When a provider\-native object abstraction is used, it \fImust\fR contain object +data in at least one form (object data \fIpassed by value\fR, i.e. the "data" +item, or object data \fIpassed by reference\fR, i.e. the "reference" item). Both may be present at once, in which case the OpenSSL library code that receives this will use the most optimal variant. .PP -For objects with the object type \fB\s-1OSSL_OBJECT_NAME\s0\fR, that object type +For objects with the object type \fBOSSL_OBJECT_NAME\fR, that object type \&\fImust\fR be given. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER\s0\fR\|(3) -.SH "HISTORY" +\&\fBprovider\fR\|(7), \fBOSSL_DECODER\fR\|(3) +.SH HISTORY .IX Header "HISTORY" The concept of providers and everything surrounding them was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-rand.7.orig +++ secure/lib/libcrypto/man/man7/provider-rand.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-RAND 7ossl" -.TH PROVIDER-RAND 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-RAND 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-rand \- The random number generation library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -197,14 +122,14 @@ \& int OSSL_FUNC_rand_get_ctx_params(void *ctx, OSSL_PARAM params[]); \& int OSSL_FUNC_rand_set_ctx_params(void *ctx, const OSSL_PARAM params[]); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The \s-1RAND\s0 operation enables providers to implement random number generation +The RAND operation enables providers to implement random number generation algorithms and random number sources and make -them available to applications via the \s-1API\s0 function \s-1\fBEVP_RAND\s0\fR\|(3). +them available to applications via the API function \fBEVP_RAND\fR\|(3). .SS "Context Management Functions" .IX Subsection "Context Management Functions" \&\fBOSSL_FUNC_rand_newctx()\fR should create and return a pointer to a provider side @@ -214,31 +139,31 @@ The parameter \fIprovctx\fR is the provider context generated during provider initialisation (see \fBprovider\fR\|(7)). The parameter \fIparent\fR specifies another rand instance to be used for -seeding purposes. If \s-1NULL\s0 and the specific instance supports it, the +seeding purposes. If NULL and the specific instance supports it, the operating system will be used for seeding. The parameter \fIparent_calls\fR points to the dispatch table for \fIparent\fR. Thus, the parent need not be from the same provider as the new instance. .PP \&\fBOSSL_FUNC_rand_freectx()\fR is passed a pointer to the provider side rand context in the \fImctx\fR parameter. -If it receives \s-1NULL\s0 as \fIctx\fR value, it should not do anything other than +If it receives NULL as \fIctx\fR value, it should not do anything other than return. This function should free any resources associated with that context. -.SS "Random Number Generator Functions: \s-1NIST\s0" +.SS "Random Number Generator Functions: NIST" .IX Subsection "Random Number Generator Functions: NIST" -These functions correspond to those defined in \s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90C.\s0 +These functions correspond to those defined in NIST SP 800\-90A and SP 800\-90C. .PP -\&\fBOSSL_FUNC_rand_instantiate()\fR is used to instantiate the \s-1DRBG\s0 \fIctx\fR at a requested +\&\fBOSSL_FUNC_rand_instantiate()\fR is used to instantiate the DRBG \fIctx\fR at a requested security \fIstrength\fR. In addition, \fIprediction_resistance\fR can be requested. Additional input \fIaddin\fR of length \fIaddin_len\fR bytes can optionally -be provided. The parameters specified in \fIparams\fR configure the \s-1DRBG\s0 and these +be provided. The parameters specified in \fIparams\fR configure the DRBG and these should be processed before instantiation. .PP -\&\fBOSSL_FUNC_rand_uninstantiate()\fR is used to uninstantiate the \s-1DRBG\s0 \fIctx\fR. After being -uninstantiated, a \s-1DRBG\s0 is unable to produce output until it is instantiated +\&\fBOSSL_FUNC_rand_uninstantiate()\fR is used to uninstantiate the DRBG \fIctx\fR. After being +uninstantiated, a DRBG is unable to produce output until it is instantiated anew. .PP -\&\fBOSSL_FUNC_rand_generate()\fR is used to generate random bytes from the \s-1DRBG\s0 \fIctx\fR. +\&\fBOSSL_FUNC_rand_generate()\fR is used to generate random bytes from the DRBG \fIctx\fR. It will generate \fIoutlen\fR bytes placing them into the buffer pointed to by \&\fIout\fR. The generated bytes will meet the specified security \fIstrength\fR and, if \fIprediction_resistance\fR is true, the bytes will be produced after reseeding @@ -248,7 +173,7 @@ .IX Subsection "Random Number Generator Functions: Additional" \&\fBOSSL_FUNC_rand_nonce()\fR is used to generate a nonce of the given \fIstrength\fR with a length from \fImin_noncelen\fR to \fImax_noncelen\fR. If the output buffer \fIout\fR is -\&\s-1NULL,\s0 the length of the nonce should be returned. +NULL, the length of the nonce should be returned. .PP \&\fBOSSL_FUNC_rand_get_seed()\fR is used by deterministic generators to obtain their seeding material from their parent. The seed bytes will meet the specified @@ -263,7 +188,7 @@ which was previously allocated by \fBOSSL_FUNC_rand_get_seed()\fR. .PP \&\fBOSSL_FUNC_rand_verify_zeroization()\fR is used to determine if the internal state of the -\&\s-1DRBG\s0 is zero. This capability is mandated by \s-1NIST\s0 as part of the self +DRBG is zero. This capability is mandated by NIST as part of the self tests, it is unlikely to be useful in other circumstances. .SS "Context Locking" .IX Subsection "Context Locking" @@ -271,17 +196,17 @@ ensure their proper operation. Because locking introduces an overhead, it is disabled by default. .PP -\&\fBOSSL_FUNC_rand_enable_locking()\fR allows locking to be turned on for a \s-1DRBG\s0 and all of -its parent DRBGs. From this call onwards, the \s-1DRBG\s0 can be used in a thread +\&\fBOSSL_FUNC_rand_enable_locking()\fR allows locking to be turned on for a DRBG and all of +its parent DRBGs. From this call onwards, the DRBG can be used in a thread safe manner. .PP -\&\fBOSSL_FUNC_rand_lock()\fR is used to lock a \s-1DRBG.\s0 Once locked, exclusive access +\&\fBOSSL_FUNC_rand_lock()\fR is used to lock a DRBG. Once locked, exclusive access is guaranteed. .PP -\&\fBOSSL_FUNC_rand_unlock()\fR is used to unlock a \s-1DRBG.\s0 +\&\fBOSSL_FUNC_rand_unlock()\fR is used to unlock a DRBG. .SS "Rand Parameters" .IX Subsection "Rand Parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by these functions. .PP \&\fBOSSL_FUNC_rand_get_params()\fR gets details of parameter values associated with the @@ -290,113 +215,97 @@ \&\fBOSSL_FUNC_rand_set_ctx_params()\fR sets rand parameters associated with the given provider side rand context \fIctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_rand_get_ctx_params()\fR gets details of currently set parameter values associated with the given provider side rand context \fIctx\fR and stores them in \fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_rand_gettable_params()\fR, \fBOSSL_FUNC_rand_gettable_ctx_params()\fR, -and \fBOSSL_FUNC_rand_settable_ctx_params()\fR all return constant \s-1\fBOSSL_PARAM\s0\fR\|(3) +and \fBOSSL_FUNC_rand_settable_ctx_params()\fR all return constant \fBOSSL_PARAM\fR\|(3) arrays as descriptors of the parameters that \fBOSSL_FUNC_rand_get_params()\fR, \&\fBOSSL_FUNC_rand_get_ctx_params()\fR, and \fBOSSL_FUNC_rand_set_ctx_params()\fR can handle, respectively. \fBOSSL_FUNC_rand_gettable_ctx_params()\fR and \fBOSSL_FUNC_rand_settable_ctx_params()\fR will return the parameters associated with the provider side context \fIctx\fR in its current state -if it is not \s-1NULL.\s0 Otherwise, they return the parameters associated +if it is not NULL. Otherwise, they return the parameters associated with the provider side algorithm \fIprovctx\fR. .PP -Parameters currently recognised by built-in rands are as follows. Not all +Parameters currently recognised by built\-in rands are as follows. Not all parameters are relevant to, or are understood by all rands: -.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) " 4 -.IX Item "state (OSSL_RAND_PARAM_STATE) " +.IP """state"" (\fBOSSL_RAND_PARAM_STATE\fR) " 4 +.IX Item """state"" (OSSL_RAND_PARAM_STATE) " Returns the state of the random number generator. -.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) " 4 -.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) " +.IP """strength"" (\fBOSSL_RAND_PARAM_STRENGTH\fR) " 4 +.IX Item """strength"" (OSSL_RAND_PARAM_STRENGTH) " Returns the bit strength of the random number generator. .PP For rands that are also deterministic random bit generators (DRBGs), these additional parameters are recognised. Not all -parameters are relevant to, or are understood by all \s-1DRBG\s0 rands: -.ie n .IP """reseed_requests"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``reseed_requests'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "reseed_requests (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +parameters are relevant to, or are understood by all DRBG rands: +.IP """reseed_requests"" (\fBOSSL_DRBG_PARAM_RESEED_REQUESTS\fR) " 4 +.IX Item """reseed_requests"" (OSSL_DRBG_PARAM_RESEED_REQUESTS) " Reads or set the number of generate requests before reseeding the -associated \s-1RAND\s0 ctx. -.ie n .IP """reseed_time_interval"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.el .IP "``reseed_time_interval'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) " 4 -.IX Item "reseed_time_interval (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " +associated RAND ctx. +.IP """reseed_time_interval"" (\fBOSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\fR) " 4 +.IX Item """reseed_time_interval"" (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) " Reads or set the number of elapsed seconds before reseeding the -associated \s-1RAND\s0 ctx. -.ie n .IP """max_request"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.el .IP "``max_request'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) " 4 -.IX Item "max_request (OSSL_DRBG_PARAM_RESEED_REQUESTS) " +associated RAND ctx. +.IP """max_request"" (\fBOSSL_DRBG_PARAM_RESEED_REQUESTS\fR) " 4 +.IX Item """max_request"" (OSSL_DRBG_PARAM_RESEED_REQUESTS) " Specifies the maximum number of bytes that can be generated in a single call to OSSL_FUNC_rand_generate. -.ie n .IP """min_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.el .IP "``min_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) " 4 -.IX Item "min_entropylen (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " +.IP """min_entropylen"" (\fBOSSL_DRBG_PARAM_MIN_ENTROPYLEN\fR) " 4 +.IX Item """min_entropylen"" (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) " .PD 0 -.ie n .IP """max_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.el .IP "``max_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) " 4 -.IX Item "max_entropylen (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " +.IP """max_entropylen"" (\fBOSSL_DRBG_PARAM_MAX_ENTROPYLEN\fR) " 4 +.IX Item """max_entropylen"" (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) " .PD Specify the minimum and maximum number of bytes of random material that -can be used to seed the \s-1DRBG.\s0 -.ie n .IP """min_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.el .IP "``min_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) " 4 -.IX Item "min_noncelen (OSSL_DRBG_PARAM_MIN_NONCELEN) " +can be used to seed the DRBG. +.IP """min_noncelen"" (\fBOSSL_DRBG_PARAM_MIN_NONCELEN\fR) " 4 +.IX Item """min_noncelen"" (OSSL_DRBG_PARAM_MIN_NONCELEN) " .PD 0 -.ie n .IP """max_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.el .IP "``max_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) " 4 -.IX Item "max_noncelen (OSSL_DRBG_PARAM_MAX_NONCELEN) " +.IP """max_noncelen"" (\fBOSSL_DRBG_PARAM_MAX_NONCELEN\fR) " 4 +.IX Item """max_noncelen"" (OSSL_DRBG_PARAM_MAX_NONCELEN) " .PD Specify the minimum and maximum number of bytes of nonce that can be used to -instantiate the \s-1DRBG.\s0 -.ie n .IP """max_perslen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.el .IP "``max_perslen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) " 4 -.IX Item "max_perslen (OSSL_DRBG_PARAM_MAX_PERSLEN) " +instantiate the DRBG. +.IP """max_perslen"" (\fBOSSL_DRBG_PARAM_MAX_PERSLEN\fR) " 4 +.IX Item """max_perslen"" (OSSL_DRBG_PARAM_MAX_PERSLEN) " .PD 0 -.ie n .IP """max_adinlen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.el .IP "``max_adinlen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) " 4 -.IX Item "max_adinlen (OSSL_DRBG_PARAM_MAX_ADINLEN) " +.IP """max_adinlen"" (\fBOSSL_DRBG_PARAM_MAX_ADINLEN\fR) " 4 +.IX Item """max_adinlen"" (OSSL_DRBG_PARAM_MAX_ADINLEN) " .PD Specify the minimum and maximum number of bytes of personalisation string -that can be used with the \s-1DRBG.\s0 -.ie n .IP """reseed_counter"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.el .IP "``reseed_counter'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) " 4 -.IX Item "reseed_counter (OSSL_DRBG_PARAM_RESEED_COUNTER) " -Specifies the number of times the \s-1DRBG\s0 has been seeded or reseeded. -.ie n .IP """digest"" (\fB\s-1OSSL_DRBG_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_DRBG_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_DRBG_PARAM_DIGEST) " +that can be used with the DRBG. +.IP """reseed_counter"" (\fBOSSL_DRBG_PARAM_RESEED_COUNTER\fR) " 4 +.IX Item """reseed_counter"" (OSSL_DRBG_PARAM_RESEED_COUNTER) " +Specifies the number of times the DRBG has been seeded or reseeded. +.IP """digest"" (\fBOSSL_DRBG_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_DRBG_PARAM_DIGEST) " .PD 0 -.ie n .IP """cipher"" (\fB\s-1OSSL_DRBG_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``cipher'' (\fB\s-1OSSL_DRBG_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "cipher (OSSL_DRBG_PARAM_CIPHER) " -.ie n .IP """mac"" (\fB\s-1OSSL_DRBG_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``mac'' (\fB\s-1OSSL_DRBG_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "mac (OSSL_DRBG_PARAM_MAC) " +.IP """cipher"" (\fBOSSL_DRBG_PARAM_CIPHER\fR) " 4 +.IX Item """cipher"" (OSSL_DRBG_PARAM_CIPHER) " +.IP """mac"" (\fBOSSL_DRBG_PARAM_MAC\fR) " 4 +.IX Item """mac"" (OSSL_DRBG_PARAM_MAC) " .PD -Sets the name of the underlying cipher, digest or \s-1MAC\s0 to be used. -It must name a suitable algorithm for the \s-1DRBG\s0 that's being used. -.ie n .IP """properties"" (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_DRBG_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_DRBG_PARAM_PROPERTIES) " +Sets the name of the underlying cipher, digest or MAC to be used. +It must name a suitable algorithm for the DRBG that\*(Aqs being used. +.IP """properties"" (\fBOSSL_DRBG_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_DRBG_PARAM_PROPERTIES) " Sets the properties to be queried when trying to fetch an underlying algorithm. This must be given together with the algorithm naming parameter to be considered valid. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_rand_newctx()\fR should return the newly created -provider side rand context, or \s-1NULL\s0 on failure. +provider side rand context, or NULL on failure. .PP \&\fBOSSL_FUNC_rand_gettable_params()\fR, \fBOSSL_FUNC_rand_gettable_ctx_params()\fR and -\&\fBOSSL_FUNC_rand_settable_ctx_params()\fR should return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) -array, or \s-1NULL\s0 if none is offered. +\&\fBOSSL_FUNC_rand_settable_ctx_params()\fR should return a constant \fBOSSL_PARAM\fR\|(3) +array, or NULL if none is offered. .PP \&\fBOSSL_FUNC_rand_nonce()\fR returns the size of the generated nonce, or 0 on error. .PP @@ -404,26 +313,26 @@ error. .PP All of the remaining functions should return 1 for success or 0 on error. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \s-1RAND\s0 life-cycle is described in \fBlife_cycle\-rand\fR\|(7). Providers should +The RAND life\-cycle is described in \fBlife_cycle\-rand\fR\|(7). Providers should ensure that the various transitions listed there are supported. At some point -the \s-1EVP\s0 layer will begin enforcing the listed transitions. +the EVP layer will begin enforcing the listed transitions. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7), -\&\s-1\fBRAND\s0\fR\|(7), -\&\s-1\fBEVP_RAND\s0\fR\|(7), +\&\fBRAND\fR\|(7), +\&\fBEVP_RAND\fR\|(7), \&\fBlife_cycle\-rand\fR\|(7), -\&\s-1\fBEVP_RAND\s0\fR\|(3) -.SH "HISTORY" +\&\fBEVP_RAND\fR\|(3) +.SH HISTORY .IX Header "HISTORY" -The provider \s-1RAND\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider RAND interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-signature.7.orig +++ secure/lib/libcrypto/man/man7/provider-signature.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-SIGNATURE 7ossl" -.TH PROVIDER-SIGNATURE 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-SIGNATURE 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-signature \- The signature library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& #include @@ -215,29 +140,29 @@ \& int OSSL_FUNC_signature_set_ctx_md_params(void *ctx, const OSSL_PARAM params[]); \& const OSSL_PARAM * OSSL_FUNC_signature_settable_ctx_md_params(void *ctx); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This documentation is primarily aimed at provider authors. See \fBprovider\fR\|(7) for further information. .PP -The signature (\s-1OSSL_OP_SIGNATURE\s0) operation enables providers to implement -signature algorithms and make them available to applications via the \s-1API\s0 +The signature (OSSL_OP_SIGNATURE) operation enables providers to implement +signature algorithms and make them available to applications via the API functions \fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), and \fBEVP_PKEY_verify_recover\fR\|(3) (as well as other related functions). .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition +All these "functions" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the -function pointer from an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named +function pointer from an \fBOSSL_DISPATCH\fR\|(3) element named \&\fBOSSL_FUNC_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_signature_newctx()\fR has these: +For example, the "function" \fBOSSL_FUNC_signature_newctx()\fR has these: .PP .Vb 3 \& typedef void *(OSSL_FUNC_signature_newctx_fn)(void *provctx, const char *propq); @@ -245,7 +170,7 @@ \& OSSL_FUNC_signature_newctx(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 3 @@ -286,7 +211,7 @@ A signature algorithm implementation may not implement all of these functions. In order to be a consistent set of functions we must have at least a set of context functions (OSSL_FUNC_signature_newctx and OSSL_FUNC_signature_freectx) as well as a -set of \*(L"signature\*(R" functions, i.e. at least one of: +set of "signature" functions, i.e. at least one of: .IP "OSSL_FUNC_signature_sign_init and OSSL_FUNC_signature_sign" 4 .IX Item "OSSL_FUNC_signature_sign_init and OSSL_FUNC_signature_sign" .PD 0 @@ -307,10 +232,10 @@ OSSL_FUNC_signature_set_ctx_params and OSSL_FUNC_signature_settable_ctx_params are optional, but if one of them is present then the other one must also be present. The same applies to OSSL_FUNC_signature_get_ctx_params and OSSL_FUNC_signature_gettable_ctx_params, as -well as the \*(L"md_params\*(R" functions. The OSSL_FUNC_signature_dupctx function is optional. +well as the "md_params" functions. The OSSL_FUNC_signature_dupctx function is optional. .PP A signature algorithm must also implement some mechanism for generating, -loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. See \fBprovider\-keymgmt\fR\|(7) for further details. .SS "Context Management Functions" .IX Subsection "Context Management Functions" @@ -320,7 +245,7 @@ operation function calls. The parameter \fIprovctx\fR is the provider context generated during provider initialisation (see \fBprovider\fR\|(7)). The \fIpropq\fR parameter is a property query -string that may be (optionally) used by the provider during any \*(L"fetches\*(R" that +string that may be (optionally) used by the provider during any "fetches" that it may perform (if it performs any). .PP \&\fBOSSL_FUNC_signature_freectx()\fR is passed a pointer to the provider side signature @@ -334,10 +259,10 @@ \&\fBOSSL_FUNC_signature_sign_init()\fR initialises a context for signing given a provider side signature context in the \fIctx\fR parameter, and a pointer to a provider key object in the \fIprovkey\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_signature_set_ctx_params()\fR. The key object should have been previously generated, loaded or imported into -the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +the provider using the key management (OSSL_OP_KEYMGMT) operation (see \&\fBprovider\-keymgmt\fR\|(7)>. .PP \&\fBOSSL_FUNC_signature_sign()\fR performs the actual signing itself. @@ -345,20 +270,20 @@ parameter. The data to be signed is pointed to be the \fItbs\fR parameter which is \fItbslen\fR bytes long. -Unless \fIsig\fR is \s-1NULL,\s0 the signature should be written to the location pointed +Unless \fIsig\fR is NULL, the signature should be written to the location pointed to by the \fIsig\fR parameter and it should not exceed \fIsigsize\fR bytes in length. The length of the signature should be written to \fI*siglen\fR. -If \fIsig\fR is \s-1NULL\s0 then the maximum length of the signature should be written to +If \fIsig\fR is NULL then the maximum length of the signature should be written to \&\fI*siglen\fR. .SS "Verify Functions" .IX Subsection "Verify Functions" \&\fBOSSL_FUNC_signature_verify_init()\fR initialises a context for verifying a signature given a provider side signature context in the \fIctx\fR parameter, and a pointer to a provider key object in the \fIprovkey\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_signature_set_ctx_params()\fR. The key object should have been previously generated, loaded or imported into -the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +the provider using the key management (OSSL_OP_KEYMGMT) operation (see \&\fBprovider\-keymgmt\fR\|(7)>. .PP \&\fBOSSL_FUNC_signature_verify()\fR performs the actual verification itself. @@ -372,32 +297,32 @@ \&\fBOSSL_FUNC_signature_verify_recover_init()\fR initialises a context for recovering the signed data given a provider side signature context in the \fIctx\fR parameter, and a pointer to a provider key object in the \fIprovkey\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_signature_set_ctx_params()\fR. The key object should have been previously generated, loaded or imported into -the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +the provider using the key management (OSSL_OP_KEYMGMT) operation (see \&\fBprovider\-keymgmt\fR\|(7)>. .PP \&\fBOSSL_FUNC_signature_verify_recover()\fR performs the actual verify recover itself. A previously initialised signature context is passed in the \fIctx\fR parameter. The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes long. -Unless \fIrout\fR is \s-1NULL,\s0 the recovered data should be written to the location +Unless \fIrout\fR is NULL, the recovered data should be written to the location pointed to by \fIrout\fR which should not exceed \fIroutsize\fR bytes in length. The length of the recovered data should be written to \fI*routlen\fR. -If \fIrout\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to +If \fIrout\fR is NULL then the maximum size of the output buffer is written to the \fIroutlen\fR parameter. .SS "Digest Sign Functions" .IX Subsection "Digest Sign Functions" \&\fBOSSL_FUNC_signature_digeset_sign_init()\fR initialises a context for signing given a provider side signature context in the \fIctx\fR parameter, and a pointer to a provider key object in the \fIprovkey\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to using \fBOSSL_FUNC_signature_set_ctx_params()\fR and \&\fBOSSL_FUNC_signature_set_ctx_md_params()\fR. The key object should have been previously generated, loaded or imported into the provider using the -key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see \fBprovider\-keymgmt\fR\|(7)>. +key management (OSSL_OP_KEYMGMT) operation (see \fBprovider\-keymgmt\fR\|(7)>. The name of the digest to be used will be in the \fImdname\fR parameter. .PP \&\fBOSSL_FUNC_signature_digest_sign_update()\fR provides data to be signed in the \fIdata\fR @@ -409,31 +334,31 @@ started through \fBOSSL_FUNC_signature_digest_sign_init()\fR and \&\fBOSSL_FUNC_signature_digest_sign_update()\fR calls. Once finalised no more data will be added through \fBOSSL_FUNC_signature_digest_sign_update()\fR. A previously initialised -signature context is passed in the \fIctx\fR parameter. Unless \fIsig\fR is \s-1NULL,\s0 the +signature context is passed in the \fIctx\fR parameter. Unless \fIsig\fR is NULL, the signature should be written to the location pointed to by the \fIsig\fR parameter and it should not exceed \fIsigsize\fR bytes in length. The length of the signature -should be written to \fI*siglen\fR. If \fIsig\fR is \s-1NULL\s0 then the maximum length of +should be written to \fI*siglen\fR. If \fIsig\fR is NULL then the maximum length of the signature should be written to \fI*siglen\fR. .PP -\&\fBOSSL_FUNC_signature_digest_sign()\fR implements a \*(L"one shot\*(R" digest sign operation -previously started through \fBOSSL_FUNC_signature_digeset_sign_init()\fR. A previously +\&\fBOSSL_FUNC_signature_digest_sign()\fR implements a "one shot" digest sign operation +previously started through \fBOSSL_FUNC_signature_digest_sign_init()\fR. A previously initialised signature context is passed in the \fIctx\fR parameter. The data to be -signed is in \fItbs\fR which should be \fItbslen\fR bytes long. Unless \fIsig\fR is \s-1NULL,\s0 +signed is in \fItbs\fR which should be \fItbslen\fR bytes long. Unless \fIsig\fR is NULL, the signature should be written to the location pointed to by the \fIsig\fR parameter and it should not exceed \fIsigsize\fR bytes in length. The length of the -signature should be written to \fI*siglen\fR. If \fIsig\fR is \s-1NULL\s0 then the maximum +signature should be written to \fI*siglen\fR. If \fIsig\fR is NULL then the maximum length of the signature should be written to \fI*siglen\fR. .SS "Digest Verify Functions" .IX Subsection "Digest Verify Functions" -\&\fBOSSL_FUNC_signature_digeset_verify_init()\fR initialises a context for verifying given a +\&\fBOSSL_FUNC_signature_digest_verify_init()\fR initialises a context for verifying given a provider side verification context in the \fIctx\fR parameter, and a pointer to a provider key object in the \fIprovkey\fR parameter. -The \fIparams\fR, if not \s-1NULL,\s0 should be set on the context in a manner similar to +The \fIparams\fR, if not NULL, should be set on the context in a manner similar to \&\fBOSSL_FUNC_signature_set_ctx_params()\fR and \&\fBOSSL_FUNC_signature_set_ctx_md_params()\fR. The key object should have been previously generated, loaded or imported into the provider using the -key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see \fBprovider\-keymgmt\fR\|(7)>. +key management (OSSL_OP_KEYMGMT) operation (see \fBprovider\-keymgmt\fR\|(7)>. The name of the digest to be used will be in the \fImdname\fR parameter. .PP \&\fBOSSL_FUNC_signature_digest_verify_update()\fR provides data to be verified in the \fIdata\fR @@ -448,51 +373,51 @@ verification context is passed in the \fIctx\fR parameter. The signature to be verified is in \fIsig\fR which is \fIsiglen\fR bytes long. .PP -\&\fBOSSL_FUNC_signature_digest_verify()\fR implements a \*(L"one shot\*(R" digest verify operation -previously started through \fBOSSL_FUNC_signature_digeset_verify_init()\fR. A previously +\&\fBOSSL_FUNC_signature_digest_verify()\fR implements a "one shot" digest verify operation +previously started through \fBOSSL_FUNC_signature_digest_verify_init()\fR. A previously initialised verification context is passed in the \fIctx\fR parameter. The data to be verified is in \fItbs\fR which should be \fItbslen\fR bytes long. The signature to be verified is in \fIsig\fR which is \fIsiglen\fR bytes long. .SS "Signature parameters" .IX Subsection "Signature parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by the \fBOSSL_FUNC_signature_get_ctx_params()\fR and \fBOSSL_FUNC_signature_set_ctx_params()\fR functions. .PP \&\fBOSSL_FUNC_signature_get_ctx_params()\fR gets signature parameters associated with the given provider side signature context \fIctx\fR and stored them in \fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_signature_set_ctx_params()\fR sets the signature parameters associated with the given provider side signature context \fIctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP -Common parameters currently recognised by built-in signature algorithms are as +Common parameters currently recognised by built\-in signature algorithms are as follows. -.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_SIGNATURE_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_SIGNATURE_PARAM_DIGEST) " Get or sets the name of the digest algorithm used for the input to the -signature functions. It is required in order to calculate the \*(L"algorithm-id\*(R". -.ie n .IP """properties"" (\fB\s-1OSSL_SIGNATURE_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``properties'' (\fB\s-1OSSL_SIGNATURE_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "properties (OSSL_SIGNATURE_PARAM_PROPERTIES) " -Sets the name of the property query associated with the \*(L"digest\*(R" algorithm. -\&\s-1NULL\s0 is used if this optional value is not set. -.ie n .IP """digest-size"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 -.el .IP "``digest-size'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 -.IX Item "digest-size (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) " +signature functions. It is required in order to calculate the "algorithm\-id". +.IP """properties"" (\fBOSSL_SIGNATURE_PARAM_PROPERTIES\fR) " 4 +.IX Item """properties"" (OSSL_SIGNATURE_PARAM_PROPERTIES) " +Sets the name of the property query associated with the "digest" algorithm. +NULL is used if this optional value is not set. +.IP """digest\-size"" (\fBOSSL_SIGNATURE_PARAM_DIGEST_SIZE\fR) " 4 +.IX Item """digest-size"" (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) " Gets or sets the output size of the digest algorithm used for the input to the signature functions. -The length of the \*(L"digest-size\*(R" parameter should not exceed that of a \fBsize_t\fR. -.ie n .IP """algorithm-id"" (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.el .IP "``algorithm-id'' (\fB\s-1OSSL_SIGNATURE_PARAM_ALGORITHM_ID\s0\fR) " 4 -.IX Item "algorithm-id (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " -Gets the \s-1DER\s0 encoded AlgorithmIdentifier that corresponds to the combination of -signature algorithm and digest algorithm for the signature operation. -.ie n .IP """kat"" (\fB\s-1OSSL_SIGNATURE_PARAM_KAT\s0\fR) " 4 -.el .IP "``kat'' (\fB\s-1OSSL_SIGNATURE_PARAM_KAT\s0\fR) " 4 -.IX Item "kat (OSSL_SIGNATURE_PARAM_KAT) " +The length of the "digest\-size" parameter should not exceed that of a \fBsize_t\fR. +.IP """algorithm\-id"" (\fBOSSL_SIGNATURE_PARAM_ALGORITHM_ID\fR) " 4 +.IX Item """algorithm-id"" (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) " +Gets the DER\-encoded AlgorithmIdentifier for the signature operation. +This typically corresponds to the combination of a digest algorithm +with a purely asymmetric signature algorithm, such as SHA256WithECDSA. +.Sp +The \fBASN1_item_sign_ctx\fR\|(3) relies on this operation and is used by +many other functions signing ASN.1 structures such as X.509 certificates, +certificate requests, and CRLs, as well as OCSP, CMP, and CMS messages. +.IP """kat"" (\fBOSSL_SIGNATURE_PARAM_KAT\fR) " 4 +.IX Item """kat"" (OSSL_SIGNATURE_PARAM_KAT) " Sets a flag to modify the sign operation to return an error if the initial calculated signature is invalid. In the normal mode of operation \- new random values are chosen until the @@ -505,54 +430,55 @@ supply known values that either pass or fail. .PP \&\fBOSSL_FUNC_signature_gettable_ctx_params()\fR and \fBOSSL_FUNC_signature_settable_ctx_params()\fR get a -constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the gettable and settable parameters, +constant \fBOSSL_PARAM\fR\|(3) array that describes the gettable and settable parameters, i.e. parameters that can be used with \fBOSSL_FUNC_signature_get_ctx_params()\fR and \&\fBOSSL_FUNC_signature_set_ctx_params()\fR respectively. -.SS "\s-1MD\s0 parameters" +.SS "MD parameters" .IX Subsection "MD parameters" -See \s-1\fBOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure used by the \fBOSSL_FUNC_signature_get_md_ctx_params()\fR and \fBOSSL_FUNC_signature_set_md_ctx_params()\fR functions. .PP \&\fBOSSL_FUNC_signature_get_md_ctx_params()\fR gets digest parameters associated with the given provider side digest signature context \fIctx\fR and stores them in \fIparams\fR. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP \&\fBOSSL_FUNC_signature_set_ms_ctx_params()\fR sets the digest parameters associated with the given provider side digest signature context \fIctx\fR to \fIparams\fR. Any parameter settings are additional to any that were previously set. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +Passing NULL for \fIparams\fR should return true. .PP -Parameters currently recognised by built-in signature algorithms are the same -as those for built-in digest algorithms. See -\&\*(L"Digest Parameters\*(R" in \fBprovider\-digest\fR\|(7) for further information. +Parameters currently recognised by built\-in signature algorithms are the same +as those for built\-in digest algorithms. See +"Digest Parameters" in \fBprovider\-digest\fR\|(7) for further information. .PP \&\fBOSSL_FUNC_signature_gettable_md_ctx_params()\fR and \fBOSSL_FUNC_signature_settable_md_ctx_params()\fR -get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the gettable and settable +get a constant \fBOSSL_PARAM\fR\|(3) array that describes the gettable and settable digest parameters, i.e. parameters that can be used with \&\fBOSSL_FUNC_signature_get_md_ctx_params()\fR and \fBOSSL_FUNC_signature_set_md_ctx_params()\fR respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_FUNC_signature_newctx()\fR and \fBOSSL_FUNC_signature_dupctx()\fR should return the newly created -provider side signature context, or \s-1NULL\s0 on failure. +provider side signature context, or NULL on failure. .PP \&\fBOSSL_FUNC_signature_gettable_ctx_params()\fR, \fBOSSL_FUNC_signature_settable_ctx_params()\fR, \&\fBOSSL_FUNC_signature_gettable_md_ctx_params()\fR and \fBOSSL_FUNC_signature_settable_md_ctx_params()\fR, -return the gettable or settable parameters in a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array. +return the gettable or settable parameters in a constant \fBOSSL_PARAM\fR\|(3) array. .PP All other functions should return 1 for success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBprovider\fR\|(7) -.SH "HISTORY" +\&\fBprovider\fR\|(7), +\&\fBASN1_item_sign_ctx\fR\|(3) +.SH HISTORY .IX Header "HISTORY" -The provider \s-1SIGNATURE\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The provider SIGNATURE interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider-storemgmt.7.orig +++ secure/lib/libcrypto/man/man7/provider-storemgmt.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER-STOREMGMT 7ossl" -.TH PROVIDER-STOREMGMT 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER-STOREMGMT 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider\-storemgmt \- The OSSL_STORE library <\-> provider functions -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include @@ -165,13 +90,13 @@ \& (void *loaderctx, const void *objref, size_t objref_sz, \& OSSL_CALLBACK *export_cb, void *export_cbarg); .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \s-1STORE\s0 operation is the provider side of the \fBossl_store\fR\|(7) \s-1API.\s0 +The STORE operation is the provider side of the \fBossl_store\fR\|(7) API. .PP -The primary responsibility of the \s-1STORE\s0 operation is to load all sorts -of objects from a container indicated by \s-1URI.\s0 These objects are given -to the OpenSSL library in provider-native object abstraction form (see +The primary responsibility of the STORE operation is to load all sorts +of objects from a container indicated by URI. These objects are given +to the OpenSSL library in provider\-native object abstraction form (see \&\fBprovider\-object\fR\|(7)). The OpenSSL library is then responsible for passing on that abstraction to suitable provided functions. .PP @@ -180,16 +105,16 @@ \&\fBOSSL_FUNC_store_export_object()\fR (which exports the object in parameterized form). .PP -All \*(L"functions\*(R" mentioned here are passed as function pointers between -\&\fIlibcrypto\fR and the provider in \s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays via -\&\s-1\fBOSSL_ALGORITHM\s0\fR\|(3) arrays that are returned by the provider's +All "functions" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via +\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs \&\fBprovider_query_operation()\fR function -(see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7)). +(see "Provider Functions" in \fBprovider\-base\fR\|(7)). .PP -All these \*(L"functions\*(R" have a corresponding function type definition named +All these "functions" have a corresponding function type definition named \&\fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the function pointer -from a \s-1\fBOSSL_DISPATCH\s0\fR\|(3) element named \fBOSSL_get_{name}\fR. -For example, the \*(L"function\*(R" \fBOSSL_FUNC_store_attach()\fR has these: +from a \fBOSSL_DISPATCH\fR\|(3) element named \fBOSSL_get_{name}\fR. +For example, the "function" \fBOSSL_FUNC_store_attach()\fR has these: .PP .Vb 4 \& typedef void *(OSSL_FUNC_store_attach_fn)(void *provctx, @@ -198,7 +123,7 @@ \& OSSL_FUNC_store_attach(const OSSL_DISPATCH *opf); .Ve .PP -\&\s-1\fBOSSL_DISPATCH\s0\fR\|(3) arrays are indexed by numbers that are provided as macros +\&\fBOSSL_DISPATCH\fR\|(3) arrays are indexed by numbers that are provided as macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows: .PP .Vb 8 @@ -211,27 +136,27 @@ \& OSSL_FUNC_store_close OSSL_FUNC_STORE_CLOSE \& OSSL_FUNC_store_export_object OSSL_FUNC_STORE_EXPORT_OBJECT .Ve -.SS "Functions" +.SS Functions .IX Subsection "Functions" \&\fBOSSL_FUNC_store_open()\fR should create a provider side context with data based on the input \fIuri\fR. The implementation is entirely responsible for the -interpretation of the \s-1URI.\s0 +interpretation of the URI. .PP \&\fBOSSL_FUNC_store_attach()\fR should create a provider side context with the core -\&\fB\s-1BIO\s0\fR \fIbio\fR attached. This is an alternative to using a \s-1URI\s0 to find storage, +\&\fBBIO\fR \fIbio\fR attached. This is an alternative to using a URI to find storage, supporting \fBOSSL_STORE_attach\fR\|(3). .PP \&\fBOSSL_FUNC_store_settable_ctx_params()\fR should return a constant array of -descriptor \s-1\fBOSSL_PARAM\s0\fR\|(3), for parameters that \fBOSSL_FUNC_store_set_ctx_params()\fR +descriptor \fBOSSL_PARAM\fR\|(3), for parameters that \fBOSSL_FUNC_store_set_ctx_params()\fR can handle. .PP \&\fBOSSL_FUNC_store_set_ctx_params()\fR should set additional parameters, such as what kind of data to expect, search criteria, and so on. More on those below, in -\&\*(L"Load Parameters\*(R". Whether unrecognised parameters are an error or simply -ignored is at the implementation's discretion. -Passing \s-1NULL\s0 for \fIparams\fR should return true. +"Load Parameters". Whether unrecognised parameters are an error or simply +ignored is at the implementation\*(Aqs discretion. +Passing NULL for \fIparams\fR should return true. .PP -\&\fBOSSL_FUNC_store_load()\fR loads the next object from the \s-1URI\s0 opened by +\&\fBOSSL_FUNC_store_load()\fR loads the next object from the URI opened by \&\fBOSSL_FUNC_store_open()\fR, creates an object abstraction for it (see \&\fBprovider\-object\fR\|(7)), and calls \fIobject_cb\fR with it as well as \&\fIobject_cbarg\fR. \fIobject_cb\fR will then interpret the object abstraction @@ -240,24 +165,23 @@ be called. .PP \&\fBOSSL_FUNC_store_eof()\fR indicates if the end of the set of objects from the -\&\s-1URI\s0 has been reached. When that happens, there's no point trying to do any +URI has been reached. When that happens, there\*(Aqs no point trying to do any further loading. .PP \&\fBOSSL_FUNC_store_close()\fR frees the provider side context \fIctx\fR. .PP -When a provider-native object is created by a store manager it would be unsuitable +When a provider\-native object is created by a store manager it would be unsuitable for direct use with a foreign provider. The export function allows for exporting the object to that foreign provider if the foreign provider supports the type of the object and provides an import function. .PP \&\fBOSSL_FUNC_store_export_object()\fR should export the object of size \fIobjref_sz\fR -referenced by \fIobjref\fR as an \s-1\fBOSSL_PARAM\s0\fR\|(3) array and pass that to the +referenced by \fIobjref\fR as an \fBOSSL_PARAM\fR\|(3) array and pass that to the \&\fIexport_cb\fR as well as the given \fIexport_cbarg\fR. .SS "Load Parameters" .IX Subsection "Load Parameters" -.ie n .IP """expect"" (\fB\s-1OSSL_STORE_PARAM_EXPECT\s0\fR) " 4 -.el .IP "``expect'' (\fB\s-1OSSL_STORE_PARAM_EXPECT\s0\fR) " 4 -.IX Item "expect (OSSL_STORE_PARAM_EXPECT) " +.IP """expect"" (\fBOSSL_STORE_PARAM_EXPECT\fR) " 4 +.IX Item """expect"" (OSSL_STORE_PARAM_EXPECT) " Is a hint of what type of data the OpenSSL library expects to get. This is only useful for optimization, as the library will check that the object types match the expectation too. @@ -265,68 +189,60 @@ The number that can be given through this parameter is found in \&\fI\fR, with the macros having names starting with \&\f(CW\*(C`OSSL_STORE_INFO_\*(C'\fR. These are further described in -\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). -.ie n .IP """subject"" (\fB\s-1OSSL_STORE_PARAM_SUBJECT\s0\fR) " 4 -.el .IP "``subject'' (\fB\s-1OSSL_STORE_PARAM_SUBJECT\s0\fR) " 4 -.IX Item "subject (OSSL_STORE_PARAM_SUBJECT) " +"SUPPORTED OBJECTS" in \fBOSSL_STORE_INFO\fR\|(3). +.IP """subject"" (\fBOSSL_STORE_PARAM_SUBJECT\fR) " 4 +.IX Item """subject"" (OSSL_STORE_PARAM_SUBJECT) " Indicates that the caller wants to search for an object with the given subject associated. This can be used to select specific certificates by subject. .Sp -The contents of the octet string is expected to be in \s-1DER\s0 form. -.ie n .IP """issuer"" (\fB\s-1OSSL_STORE_PARAM_ISSUER\s0\fR) " 4 -.el .IP "``issuer'' (\fB\s-1OSSL_STORE_PARAM_ISSUER\s0\fR) " 4 -.IX Item "issuer (OSSL_STORE_PARAM_ISSUER) " +The contents of the octet string is expected to be in DER form. +.IP """issuer"" (\fBOSSL_STORE_PARAM_ISSUER\fR) " 4 +.IX Item """issuer"" (OSSL_STORE_PARAM_ISSUER) " Indicates that the caller wants to search for an object with the given issuer associated. This can be used to select specific certificates by issuer. .Sp -The contents of the octet string is expected to be in \s-1DER\s0 form. -.ie n .IP """serial"" (\fB\s-1OSSL_STORE_PARAM_SERIAL\s0\fR) " 4 -.el .IP "``serial'' (\fB\s-1OSSL_STORE_PARAM_SERIAL\s0\fR) " 4 -.IX Item "serial (OSSL_STORE_PARAM_SERIAL) " +The contents of the octet string is expected to be in DER form. +.IP """serial"" (\fBOSSL_STORE_PARAM_SERIAL\fR) " 4 +.IX Item """serial"" (OSSL_STORE_PARAM_SERIAL) " Indicates that the caller wants to search for an object with the given serial number associated. -.ie n .IP """digest"" (\fB\s-1OSSL_STORE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``digest'' (\fB\s-1OSSL_STORE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "digest (OSSL_STORE_PARAM_DIGEST) " +.IP """digest"" (\fBOSSL_STORE_PARAM_DIGEST\fR) " 4 +.IX Item """digest"" (OSSL_STORE_PARAM_DIGEST) " .PD 0 -.ie n .IP """fingerprint"" (\fB\s-1OSSL_STORE_PARAM_FINGERPRINT\s0\fR) " 4 -.el .IP "``fingerprint'' (\fB\s-1OSSL_STORE_PARAM_FINGERPRINT\s0\fR) " 4 -.IX Item "fingerprint (OSSL_STORE_PARAM_FINGERPRINT) " +.IP """fingerprint"" (\fBOSSL_STORE_PARAM_FINGERPRINT\fR) " 4 +.IX Item """fingerprint"" (OSSL_STORE_PARAM_FINGERPRINT) " .PD Indicates that the caller wants to search for an object with the given fingerprint, computed with the given digest. -.ie n .IP """alias"" (\fB\s-1OSSL_STORE_PARAM_ALIAS\s0\fR) <\s-1UTF8\s0 string>" 4 -.el .IP "``alias'' (\fB\s-1OSSL_STORE_PARAM_ALIAS\s0\fR) <\s-1UTF8\s0 string>" 4 -.IX Item "alias (OSSL_STORE_PARAM_ALIAS) " +.IP """alias"" (\fBOSSL_STORE_PARAM_ALIAS\fR) " 4 +.IX Item """alias"" (OSSL_STORE_PARAM_ALIAS) " Indicates that the caller wants to search for an object with the given -alias (some call it a \*(L"friendly name\*(R"). -.ie n .IP """properties"" (\fB\s-1OSSL_STORE_PARAM_PROPERTIES\s0) " 4 +.IX Item """properties"" (OSSL_STORE_PARAM_PROPERTIES) " +Property string to use when querying for algorithms such as the \fBOSSL_DECODER\fR decoder implementations. -.ie n .IP """input-type"" (\fB\s-1OSSL_STORE_PARAM_INPUT_TYPE\s0) " 4 +.IX Item """input-type"" (OSSL_STORE_PARAM_INPUT_TYPE) " Type of the input format as a hint to use when decoding the objects in the store. .PP Several of these search criteria may be combined. For example, to -search for a certificate by issuer+serial, both the \*(L"issuer\*(R" and the -\&\*(L"serial\*(R" parameters will be given. +search for a certificate by issuer+serial, both the "issuer" and the +"serial" parameters will be given. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBprovider\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \s-1STORE\s0 interface was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +The STORE interface was introduced in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/provider.7.orig +++ secure/lib/libcrypto/man/man7/provider.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROVIDER 7ossl" -.TH PROVIDER 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROVIDER 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME provider \- OpenSSL operation implementation providers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" #include -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -.SS "General" +.SS General .IX Subsection "General" This page contains information useful to provider authors. .PP @@ -154,7 +79,7 @@ that one might want to perform. .PP An \fIoperation\fR is something one wants to do, such as encryption and -decryption, key derivation, \s-1MAC\s0 calculation, signing and verification, +decryption, key derivation, MAC calculation, signing and verification, etc. .PP An \fIalgorithm\fR is a named method to perform an operation. @@ -163,16 +88,16 @@ certain types of objects. .PP See \fBcrypto\fR\|(7) for further details. -.SS "Provider" +.SS Provider .IX Subsection "Provider" A \fIprovider\fR offers an initialization function, as a set of base -functions in the form of an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) array, and by extension, -a set of \s-1\fBOSSL_ALGORITHM\s0\fR\|(3)s (see \fBopenssl\-core.h\fR\|(7)). -It may be a dynamically loadable module, or may be built-in, in +functions in the form of an \fBOSSL_DISPATCH\fR\|(3) array, and by extension, +a set of \fBOSSL_ALGORITHM\fR\|(3)s (see \fBopenssl\-core.h\fR\|(7)). +It may be a dynamically loadable module, or may be built\-in, in OpenSSL libraries or in the application. -If it's a dynamically loadable module, the initialization function +If it\*(Aqs a dynamically loadable module, the initialization function must be named \f(CW\*(C`OSSL_provider_init\*(C'\fR and must be exported. -If it's built-in, the initialization function may have any name. +If it\*(Aqs built\-in, the initialization function may have any name. .PP The initialization function must have the following signature: .PP @@ -209,7 +134,7 @@ One of the functions the provider offers to the OpenSSL libraries is the central mechanism for the OpenSSL libraries to get access to operation implementations for diverse algorithms. -Its referred to with the number \fB\s-1OSSL_FUNC_PROVIDER_QUERY_OPERATION\s0\fR +Its referred to with the number \fBOSSL_FUNC_PROVIDER_QUERY_OPERATION\fR and has the following signature: .PP .Vb 3 @@ -221,18 +146,18 @@ \&\fIprovctx\fR is the provider specific context that was passed back by the initialization function. .PP -\&\fIoperation_id\fR is an operation identity (see \*(L"Operations\*(R" below). +\&\fIoperation_id\fR is an operation identity (see "Operations" below). .PP \&\fIno_store\fR is a flag back to the OpenSSL libraries which, when nonzero, signifies that the OpenSSL libraries will not store a reference to the returned data in their internal store of implementations. .PP -The returned \s-1\fBOSSL_ALGORITHM\s0\fR\|(3) is the foundation of any OpenSSL -library \s-1API\s0 that uses providers for their implementation, most +The returned \fBOSSL_ALGORITHM\fR\|(3) is the foundation of any OpenSSL +library API that uses providers for their implementation, most commonly in the \fIfetching\fR type of functions -(see \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7)). -.SS "Operations" +(see "ALGORITHM FETCHING" in \fBcrypto\fR\|(7)). +.SS Operations .IX Subsection "Operations" Operations are referred to with numbers, via macros with names starting with \f(CW\*(C`OSSL_OP_\*(C'\fR. @@ -241,85 +166,85 @@ provider may or may not offer, depending on its needs. .PP Currently available operations are: -.IP "Digests" 4 +.IP Digests 4 .IX Item "Digests" In the OpenSSL libraries, the corresponding method object is -\&\fB\s-1EVP_MD\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_DIGEST\s0\fR. +\&\fBEVP_MD\fR. +The number for this operation is \fBOSSL_OP_DIGEST\fR. The functions the provider can offer are described in \&\fBprovider\-digest\fR\|(7). .IP "Symmetric ciphers" 4 .IX Item "Symmetric ciphers" In the OpenSSL libraries, the corresponding method object is -\&\fB\s-1EVP_CIPHER\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_CIPHER\s0\fR. +\&\fBEVP_CIPHER\fR. +The number for this operation is \fBOSSL_OP_CIPHER\fR. The functions the provider can offer are described in \&\fBprovider\-cipher\fR\|(7). -.IP "Message Authentication Code (\s-1MAC\s0)" 4 +.IP "Message Authentication Code (MAC)" 4 .IX Item "Message Authentication Code (MAC)" In the OpenSSL libraries, the corresponding method object is -\&\fB\s-1EVP_MAC\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_MAC\s0\fR. +\&\fBEVP_MAC\fR. +The number for this operation is \fBOSSL_OP_MAC\fR. The functions the provider can offer are described in \&\fBprovider\-mac\fR\|(7). -.IP "Key Derivation Function (\s-1KDF\s0)" 4 +.IP "Key Derivation Function (KDF)" 4 .IX Item "Key Derivation Function (KDF)" In the OpenSSL libraries, the corresponding method object is -\&\fB\s-1EVP_KDF\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_KDF\s0\fR. +\&\fBEVP_KDF\fR. +The number for this operation is \fBOSSL_OP_KDF\fR. The functions the provider can offer are described in \&\fBprovider\-kdf\fR\|(7). .IP "Key Exchange" 4 .IX Item "Key Exchange" In the OpenSSL libraries, the corresponding method object is -\&\fB\s-1EVP_KEYEXCH\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_KEYEXCH\s0\fR. +\&\fBEVP_KEYEXCH\fR. +The number for this operation is \fBOSSL_OP_KEYEXCH\fR. The functions the provider can offer are described in \&\fBprovider\-keyexch\fR\|(7). .IP "Asymmetric Ciphers" 4 .IX Item "Asymmetric Ciphers" In the OpenSSL libraries, the corresponding method object is -\&\fB\s-1EVP_ASYM_CIPHER\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_ASYM_CIPHER\s0\fR. +\&\fBEVP_ASYM_CIPHER\fR. +The number for this operation is \fBOSSL_OP_ASYM_CIPHER\fR. The functions the provider can offer are described in \&\fBprovider\-asym_cipher\fR\|(7). .IP "Asymmetric Key Encapsulation" 4 .IX Item "Asymmetric Key Encapsulation" -In the OpenSSL libraries, the corresponding method object is \fB\s-1EVP_KEM\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_KEM\s0\fR. +In the OpenSSL libraries, the corresponding method object is \fBEVP_KEM\fR. +The number for this operation is \fBOSSL_OP_KEM\fR. The functions the provider can offer are described in \fBprovider\-kem\fR\|(7). -.IP "Encoding" 4 +.IP Encoding 4 .IX Item "Encoding" In the OpenSSL libraries, the corresponding method object is -\&\fB\s-1OSSL_ENCODER\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_ENCODER\s0\fR. +\&\fBOSSL_ENCODER\fR. +The number for this operation is \fBOSSL_OP_ENCODER\fR. The functions the provider can offer are described in \&\fBprovider\-encoder\fR\|(7). -.IP "Decoding" 4 +.IP Decoding 4 .IX Item "Decoding" In the OpenSSL libraries, the corresponding method object is -\&\fB\s-1OSSL_DECODER\s0\fR. -The number for this operation is \fB\s-1OSSL_OP_DECODER\s0\fR. +\&\fBOSSL_DECODER\fR. +The number for this operation is \fBOSSL_OP_DECODER\fR. The functions the provider can offer are described in \&\fBprovider\-decoder\fR\|(7). .IP "Random Number Generation" 4 .IX Item "Random Number Generation" -The number for this operation is \fB\s-1OSSL_OP_RAND\s0\fR. +The number for this operation is \fBOSSL_OP_RAND\fR. The functions the provider can offer for random number generation are described in \fBprovider\-rand\fR\|(7). .IP "Key Management" 4 .IX Item "Key Management" -The number for this operation is \fB\s-1OSSL_OP_KEYMGMT\s0\fR. +The number for this operation is \fBOSSL_OP_KEYMGMT\fR. The functions the provider can offer for key management are described in \&\fBprovider\-keymgmt\fR\|(7). .IP "Signing and Signature Verification" 4 .IX Item "Signing and Signature Verification" -The number for this operation is \fB\s-1OSSL_OP_SIGNATURE\s0\fR. +The number for this operation is \fBOSSL_OP_SIGNATURE\fR. The functions the provider can offer for digital signatures are described in \&\fBprovider\-signature\fR\|(7). .IP "Store Management" 4 .IX Item "Store Management" -The number for this operation is \fB\s-1OSSL_OP_STORE\s0\fR. +The number for this operation is \fBOSSL_OP_STORE\fR. The functions the provider can offer for store management are described in \&\fBprovider\-storemgmt\fR\|(7). .PP @@ -330,21 +255,34 @@ aliases associated with it. The canonical OpenSSL naming scheme follows this format: .PP -ALGNAME[\s-1VERSION\s0?][\-SUBNAME[\s-1VERSION\s0?]?][\-SIZE?][\-MODE?] +ALGNAME[VERSION?][\-SUBNAME[VERSION?]?][\-SIZE?][\-MODE?] .PP -\&\s-1VERSION\s0 is only present if there are multiple versions of an algorithm (e.g. -\&\s-1MD2, MD4, MD5\s0). It may be omitted if there is only one version. +VERSION is only present if there are multiple versions of an algorithm (e.g. +MD2, MD4, MD5). It may be omitted if there is only one version. .PP -\&\s-1SUBNAME\s0 may be present where multiple algorithms are combined together, -e.g. \s-1MD5\-SHA1.\s0 +SUBNAME may be present where multiple algorithms are combined together, +e.g. MD5\-SHA1. .PP -\&\s-1SIZE\s0 is only present if multiple versions of an algorithm exist with different -sizes (e.g. \s-1AES\-128\-CBC, AES\-256\-CBC\s0) +SIZE is only present if multiple versions of an algorithm exist with different +sizes (e.g. AES\-128\-CBC, AES\-256\-CBC) .PP -\&\s-1MODE\s0 is only present where applicable. +MODE is only present where applicable. .PP Other aliases may exist for example where standards bodies or common practice use alternative names or names that OpenSSL has used historically. +.PP +\fIProvider dependencies\fR +.IX Subsection "Provider dependencies" +.PP +Providers may depend for their proper operation on the availability of +(functionality implemented in) other providers. As there is no mechanism to +express such dependencies towards the OpenSSL core, provider authors must +take care that such dependencies are either completely avoided or made visible +to users, e.g., by documentation and/or defensive programming, e.g., +outputting error messages if required external dependencies are not available, +e.g., when no provider implementing the required functionality has been +activated. In particular, provider initialization should not depend on other +providers already having been initialized. .SH "OPENSSL PROVIDERS" .IX Header "OPENSSL PROVIDERS" OpenSSL provides a number of its own providers. These are the default, base, @@ -353,7 +291,7 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit_ex\fR\|(3), \fBEVP_EncryptInit_ex\fR\|(3), -\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3), +\&\fBOSSL_LIB_CTX\fR\|(3), \&\fBEVP_set_default_properties\fR\|(3), \&\fBEVP_MD_fetch\fR\|(3), \&\fBEVP_CIPHER_fetch\fR\|(3), @@ -363,15 +301,15 @@ \&\fBprovider\-digest\fR\|(7), \&\fBprovider\-cipher\fR\|(7), \&\fBprovider\-keyexch\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The concept of providers and everything surrounding them was introduced in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/proxy-certificates.7.orig +++ secure/lib/libcrypto/man/man7/proxy-certificates.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,94 +53,35 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "PROXY-CERTIFICATES 7ossl" -.TH PROXY-CERTIFICATES 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH PROXY-CERTIFICATES 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME proxy\-certificates \- Proxy certificates in OpenSSL -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -Proxy certificates are defined in \s-1RFC 3820.\s0 They are used to +Proxy certificates are defined in RFC 3820. They are used to extend rights to some other entity (a computer process, typically, or sometimes to the user itself). This allows the entity to perform -operations on behalf of the owner of the \s-1EE\s0 (End Entity) certificate. +operations on behalf of the owner of the EE (End Entity) certificate. .PP The requirements for a valid proxy certificate are: -.IP "\(bu" 4 -They are issued by an End Entity, either a normal \s-1EE\s0 certificate, or +.IP \(bu 4 +They are issued by an End Entity, either a normal EE certificate, or another proxy certificate. -.IP "\(bu" 4 +.IP \(bu 4 They must not have the \fBsubjectAltName\fR or \fBissuerAltName\fR extensions. -.IP "\(bu" 4 +.IP \(bu 4 They must have the \fBproxyCertInfo\fR extension. -.IP "\(bu" 4 +.IP \(bu 4 They must have the subject of their issuer, with one \fBcommonName\fR added. .SS "Enabling proxy certificate verification" @@ -175,7 +100,7 @@ \& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS); .Ve .PP -See \*(L"\s-1NOTES\*(R"\s0 for a discussion on this requirement. +See "NOTES" for a discussion on this requirement. .SS "Creating proxy certificates" .IX Subsection "Creating proxy certificates" Creating proxy certificates can be done using the \fBopenssl\-x509\fR\|(1) @@ -191,7 +116,7 @@ \& proxyCertInfo = critical,language:id\-ppl\-anyLanguage,pathlen:1,policy:text:AB .Ve .PP -It's also possible to specify the proxy extension in a separate section: +It\*(Aqs also possible to specify the proxy extension in a separate section: .PP .Vb 1 \& proxyCertInfo = critical,@proxy_ext @@ -205,14 +130,14 @@ The policy value has a specific syntax, \fIsyntag\fR:\fIstring\fR, where the \&\fIsyntag\fR determines what will be done with the string. The following \&\fIsyntag\fRs are recognised: -.IP "\fBtext\fR" 4 +.IP \fBtext\fR 4 .IX Item "text" indicates that the string is a byte sequence, without any encoding: .Sp .Vb 1 -\& policy=text:ra\*:ksmo\*:rga\*os +\& policy=text:räksmörgås .Ve -.IP "\fBhex\fR" 4 +.IP \fBhex\fR 4 .IX Item "hex" indicates the string is encoded hexadecimal encoded binary data, with colons between each byte (every second hex digit): @@ -220,11 +145,11 @@ .Vb 1 \& policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 .Ve -.IP "\fBfile\fR" 4 +.IP \fBfile\fR 4 .IX Item "file" indicates that the text of the policy should be taken from a file. The string is then a filename. This is useful for policies that are -more than a few lines, such as \s-1XML\s0 or other markup. +more than a few lines, such as XML or other markup. .PP Note that the proxy policy value is what determines the rights granted to the process during the proxy certificate, and it is up to the @@ -261,24 +186,24 @@ To interpret proxy policies, the application would normally start with some default rights (perhaps none at all), then compute the resulting rights by checking the rights against the chain of proxy certificates, -user certificate and \s-1CA\s0 certificates. +user certificate and CA certificates. .PP The complicated part is figuring out how to pass data between your application and the certificate validation procedure. .PP The following ingredients are needed for such processing: -.IP "\(bu" 4 +.IP \(bu 4 a callback function that will be called for every certificate being validated. The callback is called several times for each certificate, so you must be careful to do the proxy policy interpretation at the -right time. You also need to fill in the defaults when the \s-1EE\s0 +right time. You also need to fill in the defaults when the EE certificate is checked. -.IP "\(bu" 4 +.IP \(bu 4 a data structure that is shared between your application code and the callback. -.IP "\(bu" 4 +.IP \(bu 4 a wrapper function that sets it all up. -.IP "\(bu" 4 +.IP \(bu 4 an ex_data index function that creates an index into the generic ex_data store that is attached to an X509 validation context. .PP @@ -370,7 +295,7 @@ \& * another, temporary bit array and fill it with \& * the rights granted by the current proxy \& * certificate, then use it as a mask on the -\& * accumulated rights bit array, and voila\*`, you +\& * accumulated rights bit array, and voilà, you \& * now have a new accumulated rights bit array. \& */ \& { @@ -438,14 +363,14 @@ \& } .Ve .PP -If you use \s-1SSL\s0 or \s-1TLS,\s0 you can easily set up a callback to have the +If you use SSL or TLS, you can easily set up a callback to have the certificates checked properly, using the code above: .PP .Vb 2 \& SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, \& &needed_rights); .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" To this date, it seems that proxy certificates have only been used in environments that are aware of them, and no one seems to have @@ -465,12 +390,12 @@ \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3), \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), \&\fBopenssl\-req\fR\|(1), \fBopenssl\-x509\fR\|(1), -\&\s-1RFC 3820\s0 -.SH "COPYRIGHT" +RFC 3820 +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/ssl.7.orig +++ secure/lib/libcrypto/man/man7/ssl.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,161 +53,102 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "SSL 7ossl" -.TH SSL 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH SSL 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME ssl \- OpenSSL SSL/TLS library -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" See the individual manual pages for details. -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The OpenSSL \fBssl\fR library implements several versions of the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols. -This page gives a brief overview of the extensive \s-1API\s0 and data types +This page gives a brief overview of the extensive API and data types provided by the library. .PP -An \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish -\&\s-1TLS/SSL\s0 enabled connections (see \fBSSL_CTX_new\fR\|(3)). +An \fBSSL_CTX\fR object is created as a framework to establish +TLS/SSL enabled connections (see \fBSSL_CTX_new\fR\|(3)). Various options regarding certificates, algorithms etc. can be set in this object. .PP When a network connection has been created, it can be assigned to an -\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using +\&\fBSSL\fR object. After the \fBSSL\fR object has been created using \&\fBSSL_new\fR\|(3), \fBSSL_set_fd\fR\|(3) or \&\fBSSL_set_bio\fR\|(3) can be used to associate the network connection with the object. .PP -When the \s-1TLS/SSL\s0 handshake is performed using +When the TLS/SSL handshake is performed using \&\fBSSL_accept\fR\|(3) or \fBSSL_connect\fR\|(3) respectively. \&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) and \fBSSL_write\fR\|(3) are -used to read and write data on the \s-1TLS/SSL\s0 connection. +used to read and write data on the TLS/SSL connection. \&\fBSSL_shutdown\fR\|(3) can be used to shut down the -\&\s-1TLS/SSL\s0 connection. +TLS/SSL connection. .SH "DATA STRUCTURES" .IX Header "DATA STRUCTURES" Here are some of the main data structures in the library. -.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IP "\fBSSL_METHOD\fR (SSL Method)" 4 .IX Item "SSL_METHOD (SSL Method)" This is a dispatch structure describing the internal \fBssl\fR library methods/functions which implement the various protocol versions (SSLv3 -TLSv1, ...). It's needed to create an \fB\s-1SSL_CTX\s0\fR. -.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +TLSv1, ...). It\*(Aqs needed to create an \fBSSL_CTX\fR. +.IP "\fBSSL_CIPHER\fR (SSL Cipher)" 4 .IX Item "SSL_CIPHER (SSL Cipher)" This structure holds the algorithm information for a particular cipher which -are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured -on a \fB\s-1SSL_CTX\s0\fR basis and the actual ones used are then part of the -\&\fB\s-1SSL_SESSION\s0\fR. -.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +are a core part of the SSL/TLS protocol. The available ciphers are configured +on a \fBSSL_CTX\fR basis and the actual ones used are then part of the +\&\fBSSL_SESSION\fR. +.IP "\fBSSL_CTX\fR (SSL Context)" 4 .IX Item "SSL_CTX (SSL Context)" This is the global context structure which is created by a server or client -once per program life-time and which holds mainly default values for the -\&\fB\s-1SSL\s0\fR structures which are later created for the connections. -.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +once per program life\-time and which holds mainly default values for the +\&\fBSSL\fR structures which are later created for the connections. +.IP "\fBSSL_SESSION\fR (SSL Session)" 4 .IX Item "SSL_SESSION (SSL Session)" -This is a structure containing the current \s-1TLS/SSL\s0 session details for a -connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. -.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +This is a structure containing the current TLS/SSL session details for a +connection: \fBSSL_CIPHER\fRs, client and server certificates, keys, etc. +.IP "\fBSSL\fR (SSL Connection)" 4 .IX Item "SSL (SSL Connection)" -This is the main \s-1SSL/TLS\s0 structure which is created by a server or client per -established connection. This actually is the core structure in the \s-1SSL API.\s0 -At run-time the application usually deals with this structure which has +This is the main SSL/TLS structure which is created by a server or client per +established connection. This actually is the core structure in the SSL API. +At run\-time the application usually deals with this structure which has links to mostly all other structures. .SH "HEADER FILES" .IX Header "HEADER FILES" Currently the OpenSSL \fBssl\fR library provides the following C header files containing the prototypes for the data structures and functions: -.IP "\fI\fR" 4 +.IP \fI\fR 4 .IX Item "" -This is the common header file for the \s-1SSL/TLS API.\s0 Include it into your -program to make the \s-1API\s0 of the \fBssl\fR library available. It internally -includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. -Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look +This is the common header file for the SSL/TLS API. Include it into your +program to make the API of the \fBssl\fR library available. It internally +includes both more private SSL headers and headers from the \fBcrypto\fR library. +Whenever you need hard\-core details on the internals of the SSL API, look inside this header file. This file also includes the others listed below. -.IP "\fI\fR" 4 +.IP \fI\fR 4 .IX Item "" Unused. Present for backwards compatibility only. -.IP "\fI\fR" 4 +.IP \fI\fR 4 .IX Item "" This is the sub header file dealing with the SSLv3 protocol only. -.IP "\fI\fR" 4 +.IP \fI\fR 4 .IX Item "" This is the sub header file dealing with the TLSv1 protocol only. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/lib/libcrypto/man/man7/x509.7.orig +++ secure/lib/libcrypto/man/man7/x509.7 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,94 +53,35 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "X509 7ossl" -.TH X509 7ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH X509 7ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME x509 \- X.509 certificate handling -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" An X.509 certificate is a structured grouping of information about -an individual, a device, or anything one can imagine. An X.509 \s-1CRL\s0 +an individual, a device, or anything one can imagine. An X.509 CRL (certificate revocation list) is a tool to help determine if a certificate is still valid. The exact definition of those can be -found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0 +found in the X.509 document from ITU\-T, or in RFC3280 from PKIX. In OpenSSL, the type X509 is used to express such a certificate, and -the type X509_CRL is used to express a \s-1CRL.\s0 +the type X509_CRL is used to express a CRL. .PP A related structure is a certificate request, defined in PKCS#10 from -\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896.\s0 In OpenSSL, the type +RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type X509_REQ is used to express such a certificate request. .PP To handle some complex parts of a certificate, there are the types @@ -164,23 +89,23 @@ a certificate attribute), X509_EXTENSION (to express a certificate extension) and a few more. .PP -Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a +Finally, there\*(Aqs the supertype X509_INFO, which can contain a CRL, a certificate and a corresponding private key. .PP -\&\fBX509_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_\fR\fI\s-1XXX\s0\fR functions +\&\fBX509_\fR\fIXXX\fR, \fBd2i_X509_\fR\fIXXX\fR, and \fBi2d_X509_\fR\fIXXX\fR functions handle X.509 certificates, with some exceptions, shown below. .PP -\&\fBX509_CRL_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_CRL_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_CRL_\fR\fI\s-1XXX\s0\fR +\&\fBX509_CRL_\fR\fIXXX\fR, \fBd2i_X509_CRL_\fR\fIXXX\fR, and \fBi2d_X509_CRL_\fR\fIXXX\fR functions handle X.509 CRLs. .PP -\&\fBX509_REQ_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_REQ_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_REQ_\fR\fI\s-1XXX\s0\fR +\&\fBX509_REQ_\fR\fIXXX\fR, \fBd2i_X509_REQ_\fR\fIXXX\fR, and \fBi2d_X509_REQ_\fR\fIXXX\fR functions handle PKCS#10 certificate requests. .PP -\&\fBX509_NAME_\fR\fI\s-1XXX\s0\fR functions handle certificate names. +\&\fBX509_NAME_\fR\fIXXX\fR functions handle certificate names. .PP -\&\fBX509_ATTRIBUTE_\fR\fI\s-1XXX\s0\fR functions handle certificate attributes. +\&\fBX509_ATTRIBUTE_\fR\fIXXX\fR functions handle certificate attributes. .PP -\&\fBX509_EXTENSION_\fR\fI\s-1XXX\s0\fR functions handle certificate extensions. +\&\fBX509_EXTENSION_\fR\fIXXX\fR functions handle certificate extensions. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_NAME_ENTRY_get_object\fR\|(3), @@ -196,11 +121,11 @@ \&\fBd2i_X509_REQ\fR\|(3), \&\fBd2i_X509_SIG\fR\|(3), \&\fBcrypto\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2003\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/CA.pl.1.orig +++ secure/usr.bin/openssl/man/CA.pl.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "CA.PL 1ossl" -.TH CA.PL 1ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH CA.PL 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME CA.pl \- friendlier interface for OpenSSL certificate programs -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" -\&\fB\s-1CA\s0.pl\fR +\&\fBCA.pl\fR \&\fB\-?\fR | \&\fB\-h\fR | \&\fB\-help\fR .PP -\&\fB\s-1CA\s0.pl\fR +\&\fBCA.pl\fR \&\fB\-newcert\fR | \&\fB\-newreq\fR | \&\fB\-newreq\-nodes\fR | @@ -157,29 +82,29 @@ \&\fB\-signcert\fR | \&\fB\-crl\fR | \&\fB\-newca\fR -[\fB\-extra\-\f(BIcmd\fB\fR \fIparameter\fR] +[\fB\-extra\-\fR\f(BIcmd\fR \fIparameter\fR] .PP -\&\fB\s-1CA\s0.pl\fR \fB\-pkcs12\fR [\fIcertname\fR] +\&\fBCA.pl\fR \fB\-pkcs12\fR [\fIcertname\fR] .PP -\&\fB\s-1CA\s0.pl\fR \fB\-verify\fR \fIcertfile\fR ... +\&\fBCA.pl\fR \fB\-verify\fR \fIcertfile\fR ... .PP -\&\fB\s-1CA\s0.pl\fR \fB\-revoke\fR \fIcertfile\fR [\fIreason\fR] -.SH "DESCRIPTION" +\&\fBCA.pl\fR \fB\-revoke\fR \fIcertfile\fR [\fIreason\fR] +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line +The \fBCA.pl\fR script is a perl script that supplies the relevant command line arguments to the \fBopenssl\fR\|(1) command for some common certificate operations. It is intended to simplify the process of certificate creation and management by the use of some simple options. .PP The script is intended as a simple front end for the \fBopenssl\fR\|(1) program for -use by a beginner. Its behaviour isn't always what is wanted. For more control +use by a beginner. Its behaviour isn\*(Aqt always what is wanted. For more control over the behaviour of the certificate commands call the \fBopenssl\fR\|(1) command directly. .PP Most of the filenames mentioned below can be modified by editing the -\&\fB\s-1CA\s0.pl\fR script. +\&\fBCA.pl\fR script. .PP -Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script +Under some environments it may not be possible to run the \fBCA.pl\fR script directly (for example Win32) and the default configuration file location may be wrong. In this case the command: .PP @@ -187,33 +112,33 @@ \& perl \-S CA.pl .Ve .PP -can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable can be set to point to +can be used and the \fBOPENSSL_CONF\fR environment variable can be set to point to the correct path of the configuration file. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" .IP "\fB\-?\fR, \fB\-h\fR, \fB\-help\fR" 4 .IX Item "-?, -h, -help" Prints a usage message. -.IP "\fB\-newcert\fR" 4 +.IP \fB\-newcert\fR 4 .IX Item "-newcert" Creates a new self signed certificate. The private key is written to the file \&\fInewkey.pem\fR and the request written to the file \fInewreq.pem\fR. Invokes \fBopenssl\-req\fR\|(1). -.IP "\fB\-newreq\fR" 4 +.IP \fB\-newreq\fR 4 .IX Item "-newreq" Creates a new certificate request. The private key is written to the file \&\fInewkey.pem\fR and the request written to the file \fInewreq.pem\fR. Executes \fBopenssl\-req\fR\|(1) under the hood. -.IP "\fB\-newreq\-nodes\fR" 4 +.IP \fB\-newreq\-nodes\fR 4 .IX Item "-newreq-nodes" Is like \fB\-newreq\fR except that the private key will not be encrypted. Uses \fBopenssl\-req\fR\|(1). -.IP "\fB\-newca\fR" 4 +.IP \fB\-newca\fR 4 .IX Item "-newca" -Creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR -and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 -certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 -details of the \s-1CA\s0 will be prompted for. The relevant files and directories +Creates a new CA hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR +and \fB\-xsign\fR options). The user is prompted to enter the filename of the CA +certificates (which should also contain the private key) or by hitting ENTER +details of the CA will be prompted for. The relevant files and directories are created in a directory called \fIdemoCA\fR in the current directory. Uses \fBopenssl\-req\fR\|(1) and \fBopenssl\-ca\fR\|(1). .Sp @@ -221,37 +146,37 @@ overwrite it and will do nothing. This can happen if a previous call using the \fB\-newca\fR option terminated abnormally. To get the correct behaviour delete the directory if it already exists. -.IP "\fB\-pkcs12\fR" 4 +.IP \fB\-pkcs12\fR 4 .IX Item "-pkcs12" -Create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 +Create a PKCS#12 file containing the user certificate, private key and CA certificate. It expects the user certificate and private key to be in the -file \fInewcert.pem\fR and the \s-1CA\s0 certificate to be in the file \fIdemoCA/cacert.pem\fR, +file \fInewcert.pem\fR and the CA certificate to be in the file \fIdemoCA/cacert.pem\fR, it creates a file \fInewcert.p12\fR. This command can thus be called after the \&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser. If there is an additional argument on the command line it will be used as the -\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser -list box), otherwise the name \*(L"My Certificate\*(R" is used. +"friendly name" for the certificate (which is typically displayed in the browser +list box), otherwise the name "My Certificate" is used. Delegates work to \fBopenssl\-pkcs12\fR\|(1). -.IP "\fB\-sign\fR, \fB\-signcert\fR, \fB\-xsign\fR" 4 -.IX Item "-sign, -signcert, -xsign" +.IP "\fB\-sign\fR, \fB\-xsign\fR" 4 +.IX Item "-sign, -xsign" Calls the \fBopenssl\-ca\fR\|(1) command to sign a certificate request. It expects the request to be in the file \fInewreq.pem\fR. The new certificate is written to the file \fInewcert.pem\fR except in the case of the \fB\-xsign\fR option when it is written to standard output. -.IP "\fB\-signCA\fR" 4 +.IP \fB\-signCA\fR 4 .IX Item "-signCA" This option is the same as the \fB\-sign\fR option except it uses the configuration file section \fBv3_ca\fR and so makes the signed request a -valid \s-1CA\s0 certificate. This is useful when creating intermediate \s-1CA\s0 from -a root \s-1CA.\s0 Extra params are passed to \fBopenssl\-ca\fR\|(1). -.IP "\fB\-signcert\fR" 4 +valid CA certificate. This is useful when creating intermediate CA from +a root CA. Extra params are passed to \fBopenssl\-ca\fR\|(1). +.IP \fB\-signcert\fR 4 .IX Item "-signcert" This option is the same as \fB\-sign\fR except it expects a self signed certificate to be present in the file \fInewreq.pem\fR. Extra params are passed to \fBopenssl\-x509\fR\|(1) and \fBopenssl\-ca\fR\|(1). -.IP "\fB\-crl\fR" 4 +.IP \fB\-crl\fR 4 .IX Item "-crl" -Generate a \s-1CRL.\s0 Executes \fBopenssl\-ca\fR\|(1). +Generate a CRL. Executes \fBopenssl\-ca\fR\|(1). .IP "\fB\-revoke\fR \fIcertfile\fR [\fIreason\fR]" 4 .IX Item "-revoke certfile [reason]" Revoke the certificate contained in the specified \fBcertfile\fR. An optional @@ -259,29 +184,29 @@ \&\fBkeyCompromise\fR, \fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, \&\fBcessationOfOperation\fR, \fBcertificateHold\fR, or \fBremoveFromCRL\fR. Leverages \fBopenssl\-ca\fR\|(1). -.IP "\fB\-verify\fR" 4 +.IP \fB\-verify\fR 4 .IX Item "-verify" -Verifies certificates against the \s-1CA\s0 certificate for \fIdemoCA\fR. If no +Verifies certificates against the CA certificate for \fIdemoCA\fR. If no certificates are specified on the command line it tries to verify the file \&\fInewcert.pem\fR. Invokes \fBopenssl\-verify\fR\|(1). -.IP "\fB\-extra\-\f(BIcmd\fB\fR \fIparameter\fR" 4 +.IP "\fB\-extra\-\fR\f(BIcmd\fR \fIparameter\fR" 4 .IX Item "-extra-cmd parameter" -For each option \fBextra\-\f(BIcmd\fB\fR, pass \fIparameter\fR to the \fBopenssl\fR\|(1) -sub-command with the same name as \fIcmd\fR, if that sub-command is invoked. +For each option \fBextra\-\fR\f(BIcmd\fR, pass \fIparameter\fR to the \fBopenssl\fR\|(1) +sub\-command with the same name as \fIcmd\fR, if that sub\-command is invoked. For example, if \fBopenssl\-req\fR\|(1) is invoked, the \fIparameter\fR given with \&\fB\-extra\-req\fR will be passed to it. -For multi-word parameters, either repeat the option or quote the \fIparameters\fR +For multi\-word parameters, either repeat the option or quote the \fIparameters\fR so it looks like one word to your shell. See the individual command documentation for more information. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Create a \s-1CA\s0 hierarchy: +Create a CA hierarchy: .PP .Vb 1 \& CA.pl \-newca .Ve .PP -Complete certificate creation example: create a \s-1CA,\s0 create a request, sign +Complete certificate creation example: create a CA, create a request, sign the request and finally create a PKCS#12 file containing it. .PP .Vb 4 @@ -290,14 +215,14 @@ \& CA.pl \-sign \& CA.pl \-pkcs12 "My Test Certificate" .Ve -.SH "ENVIRONMENT" +.SH ENVIRONMENT .IX Header "ENVIRONMENT" -The environment variable \fB\s-1OPENSSL\s0\fR may be used to specify the name of +The environment variable \fBOPENSSL\fR may be used to specify the name of the OpenSSL program. It can be a full pathname, or a relative one. .PP -The environment variable \fB\s-1OPENSSL_CONFIG\s0\fR may be used to specify a +The environment variable \fBOPENSSL_CONFIG\fR may be used to specify a configuration option and value to the \fBreq\fR and \fBca\fR commands invoked by -this script. It's value should be the option and pathname, as in +this script. It\*(Aqs value should be the option and pathname, as in \&\f(CW\*(C`\-config /path/to/conf\-file\*(C'\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -307,11 +232,11 @@ \&\fBopenssl\-req\fR\|(1), \&\fBopenssl\-pkcs12\fR\|(1), \&\fBconfig\fR\|(5) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-asn1parse.1.orig +++ secure/usr.bin/openssl/man/openssl-asn1parse.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,82 +53,23 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-ASN1PARSE 1ossl" -.TH OPENSSL-ASN1PARSE 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-ASN1PARSE 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-asn1parse \- ASN.1 parsing command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBasn1parse\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-noout\fR] @@ -159,44 +84,44 @@ [\fB\-genconf\fR \fIfile\fR] [\fB\-strictpem\fR] [\fB\-item\fR \fIname\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command is a diagnostic utility that can parse \s-1ASN.1\s0 structures. -It can also be used to extract data from \s-1ASN.1\s0 formatted data. -.SH "OPTIONS" +This command is a diagnostic utility that can parse ASN.1 structures. +It can also be used to extract data from ASN.1 formatted data. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM" -The input format; the default is \fB\s-1PEM\s0\fR. +The input format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" The input file, default is standard input. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" -Output file to place the \s-1DER\s0 encoded data into. If this +Output file to place the DER encoded data into. If this option is not present then no data will be output. This is most useful when combined with the \fB\-strparse\fR option. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" -Don't output the parsed version of the input file. +Don\*(Aqt output the parsed version of the input file. .IP "\fB\-offset\fR \fInumber\fR" 4 .IX Item "-offset number" Starting offset to begin parsing, default is start of file. .IP "\fB\-length\fR \fInumber\fR" 4 .IX Item "-length number" Number of bytes to parse, default is until end of file. -.IP "\fB\-i\fR" 4 +.IP \fB\-i\fR 4 .IX Item "-i" -Indents the output according to the \*(L"depth\*(R" of the structures. +Indents the output according to the "depth" of the structures. .IP "\fB\-oid\fR \fIfilename\fR" 4 .IX Item "-oid filename" -A file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this -file is described in the \s-1NOTES\s0 section below. -.IP "\fB\-dump\fR" 4 +A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this +file is described in the NOTES section below. +.IP \fB\-dump\fR 4 .IX Item "-dump" Dump unknown data in hex format. .IP "\fB\-dlimit\fR \fInum\fR" 4 @@ -204,29 +129,29 @@ Like \fB\-dump\fR, but only the first \fBnum\fR bytes are output. .IP "\fB\-strparse\fR \fIoffset\fR" 4 .IX Item "-strparse offset" -Parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This -option can be used multiple times to \*(L"drill down\*(R" into a nested structure. +Parse the contents octets of the ASN.1 object starting at \fBoffset\fR. This +option can be used multiple times to "drill down" into a nested structure. .IP "\fB\-genstr\fR \fIstring\fR, \fB\-genconf\fR \fIfile\fR" 4 .IX Item "-genstr string, -genconf file" Generate encoded data based on \fIstring\fR, \fIfile\fR or both using \&\fBASN1_generate_nconf\fR\|(3) format. If \fIfile\fR only is present then the string is obtained from the default section using the name -\&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as +\&\fBasn1\fR. The encoded data is passed through the ASN1 parser and printed out as though it came from a file, the contents can thus be examined and written to a file using the \fB\-out\fR option. -.IP "\fB\-strictpem\fR" 4 +.IP \fB\-strictpem\fR 4 .IX Item "-strictpem" If this option is used then \fB\-inform\fR will be ignored. Without this option any -data in a \s-1PEM\s0 format input file will be treated as being base64 encoded and -processed whether it has the normal \s-1PEM BEGIN\s0 and \s-1END\s0 markers or not. This -option will ignore any data prior to the start of the \s-1BEGIN\s0 marker, or after an -\&\s-1END\s0 marker in a \s-1PEM\s0 file. +data in a PEM format input file will be treated as being base64 encoded and +processed whether it has the normal PEM BEGIN and END markers or not. This +option will ignore any data prior to the start of the BEGIN marker, or after an +END marker in a PEM file. .IP "\fB\-item\fR \fIname\fR" 4 .IX Item "-item name" -Attempt to decode and print the data as an \fB\s-1ASN1_ITEM\s0\fR \fIname\fR. This can be -used to print out the fields of any supported \s-1ASN.1\s0 structure if the type is +Attempt to decode and print the data as an \fBASN1_ITEM\fR \fIname\fR. This can be +used to print out the fields of any supported ASN.1 structure if the type is known. -.SS "Output" +.SS Output .IX Subsection "Output" The output will typically contain lines like this: .PP @@ -251,17 +176,17 @@ .PP \&..... .PP -This example is part of a self-signed certificate. Each line starts with the +This example is part of a self\-signed certificate. Each line starts with the offset in decimal. \f(CW\*(C`d=XX\*(C'\fR specifies the current depth. The depth is increased -within the scope of any \s-1SET\s0 or \s-1SEQUENCE.\s0 \f(CW\*(C`hl=XX\*(C'\fR gives the header length +within the scope of any SET or SEQUENCE. \f(CW\*(C`hl=XX\*(C'\fR gives the header length (tag and length octets) of the current type. \f(CW\*(C`l=XX\*(C'\fR gives the length of the contents octets. .PP The \fB\-i\fR option can be used to make the output more readable. .PP -Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output. +Some knowledge of the ASN.1 structure is needed to interpret the output. .PP -In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key. +In this example the BIT STRING at offset 229 is the certificate public key. The contents octets of this will contain the public key information. This can be examined using the option \f(CW\*(C`\-strparse 229\*(C'\fR to yield: .PP @@ -270,21 +195,21 @@ \& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 \& 135:d=1 hl=2 l= 3 prim: INTEGER :010001 .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in +If an OID is not part of OpenSSL\*(Aqs internal table it will be represented in numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option allows additional OIDs to be included. Each line consists of three columns, -the first column is the \s-1OID\s0 in numerical format and should be followed by white -space. The second column is the \*(L"short name\*(R" which is a single word followed +the first column is the OID in numerical format and should be followed by white +space. The second column is the "short name" which is a single word followed by whitespace. The final column is the rest of the line and is the -\&\*(L"long name\*(R". Example: +"long name". Example: .PP \&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR .PP -For any \s-1OID\s0 with an associated short and long name, this command will display +For any OID with an associated short and long name, this command will display the long name. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Parse a file: .PP @@ -292,7 +217,7 @@ \& openssl asn1parse \-in file.pem .Ve .PP -Parse a \s-1DER\s0 file: +Parse a DER file: .PP .Vb 1 \& openssl asn1parse \-inform DER \-in file.der @@ -304,7 +229,7 @@ \& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq .Ve .PP -Generate and write out a UTF8String, don't print parsed output: +Generate and write out a UTF8String, don\*(Aqt print parsed output: .PP .Vb 1 \& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq \-noout \-out utf8.der @@ -326,19 +251,19 @@ \& field1=BOOL:TRUE \& field2=EXP:0, UTF8:some random string .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" There should be options to change the format of output lines. The output of some -\&\s-1ASN.1\s0 types is not well handled (if at all). +ASN.1 types is not well handled (if at all). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), \&\fBASN1_generate_nconf\fR\|(3) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-ca.1.orig +++ secure/usr.bin/openssl/man/openssl-ca.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CA 1ossl" -.TH OPENSSL-CA 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-CA 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-ca \- sample minimal CA application -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBca\fR [\fB\-help\fR] @@ -169,14 +94,14 @@ [\fB\-md\fR \fIarg\fR] [\fB\-policy\fR \fIarg\fR] [\fB\-keyfile\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-key\fR \fIarg\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-cert\fR \fIfile\fR] -[\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR] +[\fB\-certform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR] [\fB\-selfsign\fR] [\fB\-in\fR \fIfile\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|<\s-1PEM\s0>] +[\fB\-inform\fR \fBDER\fR|] [\fB\-out\fR \fIfile\fR] [\fB\-notext\fR] [\fB\-dateopt\fR] @@ -204,10 +129,10 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fIcertreq\fR...] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command emulates a \s-1CA\s0 application. -See the \fB\s-1WARNINGS\s0\fR especially when considering to use it productively. +This command emulates a CA application. +See the \fBWARNINGS\fR especially when considering to use it productively. It can be used to sign certificate requests (CSRs) in a variety of forms and generate certificate revocation lists (CRLs). It also maintains a text database of issued certificates and their status. @@ -220,41 +145,41 @@ See \fBopenssl\-req\fR\|(1) and \fBopenssl\-x509\fR\|(1) for details. .PP The descriptions of the \fBca\fR command options are divided into each purpose. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-verbose\fR" 4 +.IP \fB\-verbose\fR 4 .IX Item "-verbose" This prints extra details about the operations being performed. .IP "\fB\-config\fR \fIfilename\fR" 4 .IX Item "-config filename" Specifies the configuration file to use. Optional; for a description of the default value, -see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +see "COMMAND SUMMARY" in \fBopenssl\fR\|(1). .IP "\fB\-name\fR \fIsection\fR, \fB\-section\fR \fIsection\fR" 4 .IX Item "-name section, -section section" Specifies the configuration file section to use (overrides \&\fBdefault_ca\fR in the \fBca\fR section). .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" -An input filename containing a single certificate request (\s-1CSR\s0) to be -signed by the \s-1CA.\s0 -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +An input filename containing a single certificate request (CSR) to be +signed by the CA. +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM" The format of the data in certificate request input files; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-ss_cert\fR \fIfilename\fR" 4 .IX Item "-ss_cert filename" -A single self-signed certificate to be signed by the \s-1CA.\s0 +A single self\-signed certificate to be signed by the CA. .IP "\fB\-spkac\fR \fIfilename\fR" 4 .IX Item "-spkac filename" A file containing a single Netscape signed public key and challenge -and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR +and additional field values to be signed by the CA. See the \fBSPKAC FORMAT\fR section for information on the required input and output format. -.IP "\fB\-infiles\fR" 4 +.IP \fB\-infiles\fR 4 .IX Item "-infiles" If present this should be the last option, all subsequent arguments are taken as the names of files containing certificate requests. @@ -262,7 +187,7 @@ .IX Item "-out filename" The output file to output certificates to. The default is standard output. The certificate details will also be printed out to this -file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format). +file in PEM format (except that \fB\-spkac\fR outputs DER format). .IP "\fB\-outdir\fR \fIdirectory\fR" 4 .IX Item "-outdir directory" The directory to output certificates to. The certificate will be @@ -270,30 +195,30 @@ \&\fI.pem\fR appended. .IP "\fB\-cert\fR \fIfilename\fR" 4 .IX Item "-cert filename" -The \s-1CA\s0 certificate, which must match with \fB\-keyfile\fR. -.IP "\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4 +The CA certificate, which must match with \fB\-keyfile\fR. +.IP "\fB\-certform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4 .IX Item "-certform DER|PEM|P12" The format of the data in certificate input files; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-keyfile\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-keyfile filename|uri" -The \s-1CA\s0 private key to sign certificate requests with. +The CA private key to sign certificate requests with. This must match with \fB\-cert\fR. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The format of the private key input file; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-sigopt nm:v" Pass options to the signature algorithm during sign operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm\-specific. .IP "\fB\-vfyopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-vfyopt nm:v" Pass options to the signature algorithm during verify operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm\-specific. .Sp -This often needs to be given while signing too, because the self-signature of -a certificate signing request (\s-1CSR\s0) is verified against the included public key, +This often needs to be given while signing too, because the self\-signature of +a certificate signing request (CSR) is verified against the included public key, and that verification may need its own set of options. .IP "\fB\-key\fR \fIpassword\fR" 4 .IX Item "-key password" @@ -307,37 +232,37 @@ The key password source for key files and certificate PKCS#12 files. For more information about the format of \fBarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-selfsign\fR" 4 +.IP \fB\-selfsign\fR 4 .IX Item "-selfsign" Indicates the issued certificates are to be signed with the key the certificate requests were signed with (given with \fB\-keyfile\fR). Certificate requests signed with a different key are ignored. If \fB\-spkac\fR, \fB\-ss_cert\fR or \fB\-gencrl\fR are given, \fB\-selfsign\fR is ignored. .Sp -A consequence of using \fB\-selfsign\fR is that the self-signed +A consequence of using \fB\-selfsign\fR is that the self\-signed certificate appears among the entries in the certificate database (see the configuration option \fBdatabase\fR), and uses the same serial number counter as all other certificates sign with the -self-signed certificate. -.IP "\fB\-notext\fR" 4 +self\-signed certificate. +.IP \fB\-notext\fR 4 .IX Item "-notext" -Don't output the text form of a certificate to the output file. -.IP "\fB\-dateopt\fR" 4 +Don\*(Aqt output the text form of a certificate to the output file. +.IP \fB\-dateopt\fR 4 .IX Item "-dateopt" Specify the date output format. Values are: rfc_822 and iso_8601. Defaults to rfc_822. .IP "\fB\-startdate\fR \fIdate\fR" 4 .IX Item "-startdate date" This allows the start date to be explicitly set. The format of the -date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or -\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In -both formats, seconds \s-1SS\s0 and timezone Z must be present. +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timezone Z must be present. .IP "\fB\-enddate\fR \fIdate\fR" 4 .IX Item "-enddate date" This allows the expiry date to be explicitly set. The format of the -date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or -\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In -both formats, seconds \s-1SS\s0 and timezone Z must be present. +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timezone Z must be present. .IP "\fB\-days\fR \fIarg\fR" 4 .IX Item "-days arg" The number of days to certify the certificate for. @@ -349,32 +274,32 @@ digest that is set is ignored. This option also applies to CRLs. .IP "\fB\-policy\fR \fIarg\fR" 4 .IX Item "-policy arg" -This option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in +This option defines the CA "policy" to use. This is a section in the configuration file which decides which fields should be mandatory -or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section +or match the CA certificate. Check out the \fBPOLICY FORMAT\fR section for more information. -.IP "\fB\-msie_hack\fR" 4 +.IP \fB\-msie_hack\fR 4 .IX Item "-msie_hack" This is a deprecated option to make this command work with very old versions -of the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings +of the IE certificate enrollment control "certenr3". It used UniversalStrings for almost everything. Since the old control has various security bugs its use is strongly discouraged. -.IP "\fB\-preserveDN\fR" 4 +.IP \fB\-preserveDN\fR 4 .IX Item "-preserveDN" -Normally the \s-1DN\s0 order of a certificate is the same as the order of the +Normally the DN order of a certificate is the same as the order of the fields in the relevant policy section. When this option is set the order is the same as the request. This is largely for compatibility with the -older \s-1IE\s0 enrollment control which would only accept certificates if their +older IE enrollment control which would only accept certificates if their DNs match the order of the request. This is not needed for Xenroll. -.IP "\fB\-noemailDN\fR" 4 +.IP \fB\-noemailDN\fR 4 .IX Item "-noemailDN" -The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the -request \s-1DN,\s0 however, it is good policy just having the e\-mail set into +The DN of a certificate can contain the EMAIL field if present in the +request DN, however, it is good policy just having the e\-mail set into the altName extension of the certificate. When this option is set the -\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in +EMAIL field is removed from the certificate\*(Aq subject and set only in the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be used in the configuration file to enable this behaviour. -.IP "\fB\-batch\fR" 4 +.IP \fB\-batch\fR 4 .IX Item "-batch" This sets the batch mode. In this mode no questions will be asked and all certificates will be certified automatically. @@ -400,38 +325,38 @@ Special characters may be escaped by \f(CW\*(C`\e\*(C'\fR (backslash), whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the resulting certificate. -Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL-DN). -Multi-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR +Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL\-DN). +Multi\-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR between the AttributeValueAssertions (AVAs) that specify the members of the set. Example: .Sp \&\f(CW\*(C`/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\*(C'\fR -.IP "\fB\-utf8\fR" 4 +.IP \fB\-utf8\fR 4 .IX Item "-utf8" -This option causes field values to be interpreted as \s-1UTF8\s0 strings, by -default they are interpreted as \s-1ASCII.\s0 This means that the field +This option causes field values to be interpreted as UTF8 strings, by +default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a -configuration file, must be valid \s-1UTF8\s0 strings. -.IP "\fB\-create_serial\fR" 4 +configuration file, must be valid UTF8 strings. +.IP \fB\-create_serial\fR 4 .IX Item "-create_serial" If reading serial from the text file as specified in the configuration fails, specifying this option creates a new random serial to be used as next serial number. To get random serial numbers, use the \fB\-rand_serial\fR flag instead; this -should only be used for simple error-recovery. -.IP "\fB\-rand_serial\fR" 4 +should only be used for simple error\-recovery. +.IP \fB\-rand_serial\fR 4 .IX Item "-rand_serial" Generate a large random number to use as the serial number. This overrides any option or configuration to use a serial number file. -.IP "\fB\-multivalue\-rdn\fR" 4 +.IP \fB\-multivalue\-rdn\fR 4 .IX Item "-multivalue-rdn" This option has been deprecated and has no effect. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -441,34 +366,34 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SH "CRL OPTIONS" .IX Header "CRL OPTIONS" -.IP "\fB\-gencrl\fR" 4 +.IP \fB\-gencrl\fR 4 .IX Item "-gencrl" -This option generates a \s-1CRL\s0 based on information in the index file. +This option generates a CRL based on information in the index file. .IP "\fB\-crl_lastupdate\fR \fItime\fR" 4 .IX Item "-crl_lastupdate time" -Allows the value of the \s-1CRL\s0's lastUpdate field to be explicitly set; if +Allows the value of the CRL\*(Aqs lastUpdate field to be explicitly set; if this option is not present, the current time is used. Accepts times in -\&\s-1YYMMDDHHMMSSZ\s0 format (the same as an \s-1ASN1\s0 UTCTime structure) or -\&\s-1YYYYMMDDHHMMSSZ\s0 format (the same as an \s-1ASN1\s0 GeneralizedTime structure). +YYMMDDHHMMSSZ format (the same as an ASN1 UTCTime structure) or +YYYYMMDDHHMMSSZ format (the same as an ASN1 GeneralizedTime structure). .IP "\fB\-crl_nextupdate\fR \fItime\fR" 4 .IX Item "-crl_nextupdate time" -Allows the value of the \s-1CRL\s0's nextUpdate field to be explicitly set; if +Allows the value of the CRL\*(Aqs nextUpdate field to be explicitly set; if this option is present, any values given for \fB\-crldays\fR, \fB\-crlhours\fR and \fB\-crlsec\fR are ignored. Accepts times in the same formats as \&\fB\-crl_lastupdate\fR. .IP "\fB\-crldays\fR \fInum\fR" 4 .IX Item "-crldays num" -The number of days before the next \s-1CRL\s0 is due. That is the days from -now to place in the \s-1CRL\s0 nextUpdate field. +The number of days before the next CRL is due. That is the days from +now to place in the CRL nextUpdate field. .IP "\fB\-crlhours\fR \fInum\fR" 4 .IX Item "-crlhours num" -The number of hours before the next \s-1CRL\s0 is due. +The number of hours before the next CRL is due. .IP "\fB\-crlsec\fR \fInum\fR" 4 .IX Item "-crlsec num" -The number of seconds before the next \s-1CRL\s0 is due. +The number of seconds before the next CRL is due. .IP "\fB\-revoke\fR \fIfilename\fR" 4 .IX Item "-revoke filename" A filename containing a certificate to revoke. @@ -479,7 +404,7 @@ .IX Item "-status serial" Displays the revocation status of the certificate with the specified serial number and exits. -.IP "\fB\-updatedb\fR" 4 +.IP \fB\-updatedb\fR 4 .IX Item "-updatedb" Updates the database index to purge expired certificates. .IP "\fB\-crl_reason\fR \fIreason\fR" 4 @@ -487,32 +412,32 @@ Revocation reason, where \fIreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, \&\fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, \fBcessationOfOperation\fR, \&\fBcertificateHold\fR or \fBremoveFromCRL\fR. The matching of \fIreason\fR is case -insensitive. Setting any revocation reason will make the \s-1CRL\s0 v2. +insensitive. Setting any revocation reason will make the CRL v2. .Sp In practice \fBremoveFromCRL\fR is not particularly useful because it is only used in delta CRLs which are not currently implemented. .IP "\fB\-crl_hold\fR \fIinstruction\fR" 4 .IX Item "-crl_hold instruction" -This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold -instruction to \fIinstruction\fR which must be an \s-1OID.\s0 Although any \s-1OID\s0 can be -used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0) +This sets the CRL revocation reason code to \fBcertificateHold\fR and the hold +instruction to \fIinstruction\fR which must be an OID. Although any OID can be +used only \fBholdInstructionNone\fR (the use of which is discouraged by RFC2459) \&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used. .IP "\fB\-crl_compromise\fR \fItime\fR" 4 .IX Item "-crl_compromise time" This sets the revocation reason to \fBkeyCompromise\fR and the compromise time to -\&\fItime\fR. \fItime\fR should be in GeneralizedTime format that is \fI\s-1YYYYMMDDHHMMSSZ\s0\fR. +\&\fItime\fR. \fItime\fR should be in GeneralizedTime format that is \fIYYYYMMDDHHMMSSZ\fR. .IP "\fB\-crl_CA_compromise\fR \fItime\fR" 4 .IX Item "-crl_CA_compromise time" This is the same as \fBcrl_compromise\fR except the revocation reason is set to \&\fBCACompromise\fR. .IP "\fB\-crlexts\fR \fIsection\fR" 4 .IX Item "-crlexts section" -The section of the configuration file containing \s-1CRL\s0 extensions to -include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is -created, if the \s-1CRL\s0 extension section is present (even if it is -empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are -\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted -that some software (for example Netscape) can't handle V2 CRLs. See +The section of the configuration file containing CRL extensions to +include. If no CRL extension section is present then a V1 CRL is +created, if the CRL extension section is present (even if it is +empty) then a V2 CRL is created. The CRL extensions specified are +CRL extensions and \fBnot\fR CRL entry extensions. It should be noted +that some software (for example Netscape) can\*(Aqt handle V2 CRLs. See \&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .SH "CONFIGURATION FILE OPTIONS" @@ -524,10 +449,10 @@ of the configuration file (or in the default section of the configuration file). Besides \fBdefault_ca\fR, the following options are read directly from the \fBca\fR section: - \s-1RANDFILE\s0 + RANDFILE preserve msie_hack -With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may +With the exception of \fBRANDFILE\fR, this is probably a bug and may change in future releases. .PP Many of the configuration file options are identical to command line @@ -536,44 +461,44 @@ option is described as mandatory then it must be present in the configuration file or the command line equivalent (if any) used. -.IP "\fBoid_file\fR" 4 +.IP \fBoid_file\fR 4 .IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. +This specifies a file containing additional \fBOBJECT IDENTIFIERS\fR. Each line of the file should consist of the numerical form of the object identifier followed by whitespace then the short name followed by whitespace and finally the long name. -.IP "\fBoid_section\fR" 4 +.IP \fBoid_section\fR 4 .IX Item "oid_section" This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by \fB=\fR and the numerical form. The short and long names are the same when this option is used. -.IP "\fBnew_certs_dir\fR" 4 +.IP \fBnew_certs_dir\fR 4 .IX Item "new_certs_dir" The same as the \fB\-outdir\fR command line option. It specifies the directory where new certificates will be placed. Mandatory. -.IP "\fBcertificate\fR" 4 +.IP \fBcertificate\fR 4 .IX Item "certificate" -The same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0 +The same as \fB\-cert\fR. It gives the file containing the CA certificate. Mandatory. -.IP "\fBprivate_key\fR" 4 +.IP \fBprivate_key\fR 4 .IX Item "private_key" Same as the \fB\-keyfile\fR option. The file containing the -\&\s-1CA\s0 private key. Mandatory. -.IP "\fB\s-1RANDFILE\s0\fR" 4 +CA private key. Mandatory. +.IP \fBRANDFILE\fR 4 .IX Item "RANDFILE" At startup the specified file is loaded into the random number generator, -and at exit 256 bytes will be written to it. (Note: Using a \s-1RANDFILE\s0 is -not necessary anymore, see the \*(L"\s-1HISTORY\*(R"\s0 section. -.IP "\fBdefault_days\fR" 4 +and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is +not necessary anymore, see the "HISTORY" section. +.IP \fBdefault_days\fR 4 .IX Item "default_days" The same as the \fB\-days\fR option. The number of days to certify a certificate for. -.IP "\fBdefault_startdate\fR" 4 +.IP \fBdefault_startdate\fR 4 .IX Item "default_startdate" The same as the \fB\-startdate\fR option. The start date to certify a certificate for. If not set the current time is used. -.IP "\fBdefault_enddate\fR" 4 +.IP \fBdefault_enddate\fR 4 .IX Item "default_enddate" The same as the \fB\-enddate\fR option. Either this option or \&\fBdefault_days\fR (or the command line equivalents) must be @@ -582,57 +507,57 @@ .IX Item "default_crl_hours default_crl_days" The same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These will only be used if neither command line option is present. At -least one of these must be present to generate a \s-1CRL.\s0 -.IP "\fBdefault_md\fR" 4 +least one of these must be present to generate a CRL. +.IP \fBdefault_md\fR 4 .IX Item "default_md" The same as the \fB\-md\fR option. Mandatory except where the signing algorithm does not require a digest (i.e. Ed25519 and Ed448). -.IP "\fBdatabase\fR" 4 +.IP \fBdatabase\fR 4 .IX Item "database" The text database file to use. Mandatory. This file must be present though initially it will be empty. -.IP "\fBunique_subject\fR" 4 +.IP \fBunique_subject\fR 4 .IX Item "unique_subject" If the value \fByes\fR is given, the valid certificate entries in the database must have unique subjects. if the value \fBno\fR is given, several valid certificate entries may have the exact same subject. The default value is \fByes\fR, to be compatible with older (pre 0.9.8) -versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier, -it's recommended to use the value \fBno\fR, especially if combined with +versions of OpenSSL. However, to make CA certificate roll\-over easier, +it\*(Aqs recommended to use the value \fBno\fR, especially if combined with the \fB\-selfsign\fR command line option. .Sp Note that it is valid in some circumstances for certificates to be created without any subject. In the case where there are multiple certificates without subjects this does not count as a duplicate. -.IP "\fBserial\fR" 4 +.IP \fBserial\fR 4 .IX Item "serial" A text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. -.IP "\fBcrlnumber\fR" 4 +.IP \fBcrlnumber\fR 4 .IX Item "crlnumber" -A text file containing the next \s-1CRL\s0 number to use in hex. The crl number +A text file containing the next CRL number to use in hex. The crl number will be inserted in the CRLs only if this file exists. If this file is -present, it must contain a valid \s-1CRL\s0 number. -.IP "\fBx509_extensions\fR" 4 +present, it must contain a valid CRL number. +.IP \fBx509_extensions\fR 4 .IX Item "x509_extensions" A fallback to the \fB\-extensions\fR option. -.IP "\fBcrl_extensions\fR" 4 +.IP \fBcrl_extensions\fR 4 .IX Item "crl_extensions" A fallback to the \fB\-crlexts\fR option. -.IP "\fBpreserve\fR" 4 +.IP \fBpreserve\fR 4 .IX Item "preserve" The same as \fB\-preserveDN\fR -.IP "\fBemail_in_dn\fR" 4 +.IP \fBemail_in_dn\fR 4 .IX Item "email_in_dn" -The same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed -from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present -the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN.\s0 -.IP "\fBmsie_hack\fR" 4 +The same as \fB\-noemailDN\fR. If you want the EMAIL field to be removed +from the DN of the certificate simply set this to \*(Aqno\*(Aq. If not present +the default is to allow for the EMAIL filed in the certificate\*(Aqs DN. +.IP \fBmsie_hack\fR 4 .IX Item "msie_hack" The same as \fB\-msie_hack\fR -.IP "\fBpolicy\fR" 4 +.IP \fBpolicy\fR 4 .IX Item "policy" -The same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY FORMAT\s0\fR section +The same as \fB\-policy\fR. Mandatory. See the \fBPOLICY FORMAT\fR section for more information. .IP "\fBname_opt\fR, \fBcert_opt\fR" 4 .IX Item "name_opt, cert_opt" @@ -650,7 +575,7 @@ OpenSSL is used. Use of the old format is \fBstrongly\fR discouraged because it only displays fields mentioned in the \fBpolicy\fR section, mishandles multicharacter string types and does not display extensions. -.IP "\fBcopy_extensions\fR" 4 +.IP \fBcopy_extensions\fR 4 .IX Item "copy_extensions" Determines how extensions in certificate requests should be handled. If set to \fBnone\fR or this option is not present then extensions are @@ -658,7 +583,7 @@ extensions present in the request that are not already present are copied to the certificate. If set to \fBcopyall\fR then all extensions in the request are copied to the certificate: if the extension is already present -in the certificate it is deleted first. See the \fB\s-1WARNINGS\s0\fR section before +in the certificate it is deleted first. See the \fBWARNINGS\fR section before using this option. .Sp The main use of this option is to allow a certificate request to supply @@ -666,9 +591,9 @@ .SH "POLICY FORMAT" .IX Header "POLICY FORMAT" The policy section consists of a set of variables corresponding to -certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value -must match the same field in the \s-1CA\s0 certificate. If the value is -\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then +certificate DN fields. If the value is "match" then the field value +must match the same field in the CA certificate. If the value is +"supplied" then it must be present. If the value is "optional" then it may be present. Any fields not mentioned in the policy section are silently deleted, unless the \fB\-preserveDN\fR option is set but this can be regarded more of a quirk than intended behaviour. @@ -676,30 +601,30 @@ .IX Header "SPKAC FORMAT" The input to the \fB\-spkac\fR command line option is a Netscape signed public key and challenge. This will usually come from -the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key. +the \fBKEYGEN\fR tag in an HTML form to create a new private key. It is however possible to create SPKACs using \fBopenssl\-spkac\fR\|(1). .PP -The file should contain the variable \s-1SPKAC\s0 set to the value of -the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. +The file should contain the variable SPKAC set to the value of +the SPKAC and also the required DN components as name value pairs. If you need to include the same component twice then it can be -preceded by a number and a '.'. +preceded by a number and a \*(Aq.\*(Aq. .PP -When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR -flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR +When processing SPKAC format, the output is DER if the \fB\-out\fR +flag is used, but PEM format if sending to stdout or the \fB\-outdir\fR flag is used. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Note: these examples assume that the directory structure this command assumes is already set up and the relevant files already exist. This -usually involves creating a \s-1CA\s0 certificate and private key with +usually involves creating a CA certificate and private key with \&\fBopenssl\-req\fR\|(1), a serial number file and an empty index file and placing them in the relevant directories. .PP To use the sample configuration file below the directories \fIdemoCA\fR, -\&\fIdemoCA/private\fR and \fIdemoCA/newcerts\fR would be created. The \s-1CA\s0 +\&\fIdemoCA/private\fR and \fIdemoCA/newcerts\fR would be created. The CA certificate would be copied to \fIdemoCA/cacert.pem\fR and its private key to \fIdemoCA/private/cakey.pem\fR. A file \fIdemoCA/serial\fR would be -created containing for example \*(L"01\*(R" and the empty index file +created containing for example "01" and the empty index file \&\fIdemoCA/index.txt\fR. .PP Sign a certificate request: @@ -708,7 +633,7 @@ \& openssl ca \-in req.pem \-out newcert.pem .Ve .PP -Sign an \s-1SM2\s0 certificate request: +Sign an SM2 certificate request: .PP .Vb 3 \& openssl ca \-in sm2.csr \-out sm2.crt \-md sm3 \e @@ -716,13 +641,13 @@ \& \-vfyopt "distid:1234567812345678" .Ve .PP -Sign a certificate request, using \s-1CA\s0 extensions: +Sign a certificate request, using CA extensions: .PP .Vb 1 \& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem .Ve .PP -Generate a \s-1CRL\s0 +Generate a CRL .PP .Vb 1 \& openssl ca \-gencrl \-out crl.pem @@ -734,13 +659,13 @@ \& openssl ca \-infiles req1.pem req2.pem req3.pem .Ve .PP -Certify a Netscape \s-1SPKAC:\s0 +Certify a Netscape SPKAC: .PP .Vb 1 \& openssl ca \-spkac spkac.txt .Ve .PP -A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): +A sample SPKAC file (the SPKAC line has been truncated for clarity): .PP .Vb 5 \& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 @@ -769,7 +694,7 @@ \& \& default_days = 365 # how long to certify for \& default_crl_days= 30 # how long before next CRL -\& default_md = md5 # md to use +\& default_md = sha256 # md to use \& \& policy = policy_any # default policy \& email_in_dn = no # Don\*(Aqt add the email into cert DN @@ -786,14 +711,14 @@ \& commonName = supplied \& emailAddress = optional .Ve -.SH "FILES" +.SH FILES .IX Header "FILES" Note: the location of all files can change either by compile time options, configuration file entries, environment variables or command line options. The values below reflect the default values. .PP .Vb 9 -\& /etc/ssl/openssl.cnf \- master configuration file +\& /usr/local/ssl/lib/openssl.cnf \- master configuration file \& ./demoCA \- main CA directory \& ./demoCA/cacert.pem \- CA certificate \& ./demoCA/private/cakey.pem \- CA private key @@ -803,48 +728,48 @@ \& ./demoCA/index.txt.old \- CA text database backup file \& ./demoCA/certs \- certificate output file .Ve -.SH "RESTRICTIONS" +.SH RESTRICTIONS .IX Header "RESTRICTIONS" The text database index file is a critical part of the process and if corrupted it can be difficult to fix. It is theoretically possible to rebuild the index file from all the issued certificates and a current -\&\s-1CRL:\s0 however there is no option to do this. +CRL: however there is no option to do this. .PP -V2 \s-1CRL\s0 features like delta CRLs are not currently supported. +V2 CRL features like delta CRLs are not currently supported. .PP Although several requests can be input and handled at once it is only -possible to include one \s-1SPKAC\s0 or self-signed certificate. -.SH "BUGS" +possible to include one SPKAC or self\-signed certificate. +.SH BUGS .IX Header "BUGS" This command is quirky and at times downright unfriendly. .PP -The use of an in-memory text database can cause problems when large +The use of an in\-memory text database can cause problems when large numbers of certificates are present because, as the name implies the database has to be kept in memory. .PP This command really needs rewriting or the required functionality -exposed at either a command or interface level so that a more user-friendly +exposed at either a command or interface level so that a more user\-friendly replacement could handle things properly. The script -\&\fB\s-1CA\s0.pl\fR helps a little but not very much. +\&\fBCA.pl\fR helps a little but not very much. .PP Any fields in a request that are not present in a policy are silently deleted. This does not happen if the \fB\-preserveDN\fR option is used. To -enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN,\s0 as suggested by -RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR +enforce the absence of the EMAIL field within the DN, as suggested by +RFCs, regardless the contents of the request\*(Aq subject the \fB\-noemailDN\fR option can be used. The behaviour should be more friendly and configurable. .PP Canceling some commands by refusing to certify a certificate can create an empty file. -.SH "WARNINGS" +.SH WARNINGS .IX Header "WARNINGS" -This command was originally meant as an example of how to do things in a \s-1CA.\s0 +This command was originally meant as an example of how to do things in a CA. Its code does not have production quality. -It was not supposed to be used as a full blown \s-1CA\s0 itself, +It was not supposed to be used as a full blown CA itself, nevertheless some people are using it for this purpose at least internally. When doing so, specific care should be taken to properly secure the private key(s) used for signing certificates. -It is advisable to keep them in a secure \s-1HW\s0 storage such as a smart card or \s-1HSM\s0 +It is advisable to keep them in a secure HW storage such as a smart card or HSM and access them via a suitable engine or crypto provider. .PP This command command is effectively a single user command: no locking @@ -853,39 +778,39 @@ .PP The \fBcopy_extensions\fR option should be used with caution. If care is not taken then it can be a security risk. For example if a certificate -request contains a basicConstraints extension with \s-1CA:TRUE\s0 and the +request contains a basicConstraints extension with CA:TRUE and the \&\fBcopy_extensions\fR value is set to \fBcopyall\fR and the user does not spot this when the certificate is displayed then this will hand the requester -a valid \s-1CA\s0 certificate. +a valid CA certificate. This situation can be avoided by setting \fBcopy_extensions\fR to \fBcopy\fR -and including basicConstraints with \s-1CA:FALSE\s0 in the configuration file. +and including basicConstraints with CA:FALSE in the configuration file. Then if the request contains a basicConstraints extension it will be ignored. .PP It is advisable to also include values for other extensions such as \fBkeyUsage\fR to prevent a request supplying its own values. .PP -Additional restrictions can be placed on the \s-1CA\s0 certificate itself. -For example if the \s-1CA\s0 certificate has: +Additional restrictions can be placed on the CA certificate itself. +For example if the CA certificate has: .PP .Vb 1 \& basicConstraints = CA:TRUE, pathlen:0 .Ve .PP -then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid. -.SH "HISTORY" +then even if a certificate is issued with CA:TRUE it will not be valid. +.SH HISTORY .IX Header "HISTORY" -Since OpenSSL 1.1.1, the program follows \s-1RFC5280.\s0 Specifically, +Since OpenSSL 1.1.1, the program follows RFC5280. Specifically, certificate validity period (specified by any of \fB\-startdate\fR, -\&\fB\-enddate\fR and \fB\-days\fR) and \s-1CRL\s0 last/next update time (specified by +\&\fB\-enddate\fR and \fB\-days\fR) and CRL last/next update time (specified by any of \fB\-crl_lastupdate\fR, \fB\-crl_nextupdate\fR, \fB\-crldays\fR, \fB\-crlhours\fR and \fB\-crlsec\fR) will be encoded as UTCTime if the dates are earlier than year 2049 (included), and as GeneralizedTime if the dates are in year 2050 or later. .PP -OpenSSL 1.1.1 introduced a new random generator (\s-1CSPRNG\s0) with an improved +OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved seeding mechanism. The new seeding mechanism makes it unnecessary to -define a \s-1RANDFILE\s0 for saving and restoring randomness. This option is +define a RANDFILE for saving and restoring randomness. This option is retained mainly for compatibility reasons. .PP The \fB\-section\fR option was added in OpenSSL 3.0.0. @@ -900,14 +825,14 @@ \&\fBopenssl\-req\fR\|(1), \&\fBopenssl\-spkac\fR\|(1), \&\fBopenssl\-x509\fR\|(1), -\&\s-1\fBCA\s0.pl\fR\|(1), +\&\fBCA.pl\fR\|(1), \&\fBconfig\fR\|(5), \&\fBx509v3_config\fR\|(5) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-ciphers.1.orig +++ secure/usr.bin/openssl/man/openssl-ciphers.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CIPHERS 1ossl" -.TH OPENSSL-CIPHERS 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-CIPHERS 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-ciphers \- SSL cipher display and cipher list command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBciphers\fR [\fB\-help\fR] @@ -162,14 +87,14 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fIcipherlist\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command converts textual OpenSSL cipher lists into -ordered \s-1SSL\s0 cipher preference lists. It can be used to +ordered SSL cipher preference lists. It can be used to determine the appropriate cipherlist. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print a usage message. .IP "\fB\-provider\fR \fIname\fR" 4 @@ -180,35 +105,35 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.IP "\fB\-s\fR" 4 +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.IP \fB\-s\fR 4 .IX Item "-s" Only list supported ciphers: those consistent with the security level, and minimum and maximum protocol version. This is closer to the actual cipher list an application will support. .Sp -\&\s-1PSK\s0 and \s-1SRP\s0 ciphers are not enabled by default: they require \fB\-psk\fR or \fB\-srp\fR +PSK and SRP ciphers are not enabled by default: they require \fB\-psk\fR or \fB\-srp\fR to enable them. .Sp It also does not change the default list of supported signature algorithms. .Sp On a server the list of supported ciphers might also exclude other ciphers -depending on the configured certificates and presence of \s-1DH\s0 parameters. +depending on the configured certificates and presence of DH parameters. .Sp If this option is not used then all ciphers that match the cipherlist will be listed. -.IP "\fB\-psk\fR" 4 +.IP \fB\-psk\fR 4 .IX Item "-psk" -When combined with \fB\-s\fR includes cipher suites which require \s-1PSK.\s0 -.IP "\fB\-srp\fR" 4 +When combined with \fB\-s\fR includes cipher suites which require PSK. +.IP \fB\-srp\fR 4 .IX Item "-srp" -When combined with \fB\-s\fR includes cipher suites which require \s-1SRP.\s0 This option +When combined with \fB\-s\fR includes cipher suites which require SRP. This option is deprecated. -.IP "\fB\-v\fR" 4 +.IP \fB\-v\fR 4 .IX Item "-v" Verbose output: For each cipher suite, list details as provided by \&\fBSSL_CIPHER_description\fR\|(3). -.IP "\fB\-V\fR" 4 +.IP \fB\-V\fR 4 .IX Item "-V" Like \fB\-v\fR, but include the official cipher suite values in hex. .IP "\fB\-tls1_3\fR, \fB\-tls1_2\fR, \fB\-tls1_1\fR, \fB\-tls1\fR, \fB\-ssl3\fR" 4 @@ -217,7 +142,7 @@ the specified protocol were negotiated. Note that not all protocols and flags may be available, depending on how OpenSSL was built. -.IP "\fB\-stdname\fR" 4 +.IP \fB\-stdname\fR 4 .IX Item "-stdname" Precede each cipher suite by its standard name. .IP "\fB\-convert\fR \fIname\fR" 4 @@ -227,13 +152,13 @@ .IX Item "-ciphersuites val" Sets the list of TLSv1.3 ciphersuites. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. The format for this -list is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. By +list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By default this value is: .Sp .Vb 1 \& TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 .Ve -.IP "\fBcipherlist\fR" 4 +.IP \fBcipherlist\fR 4 .IX Item "cipherlist" A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher preference list. This list will be combined with any TLSv1.3 ciphersuites that @@ -246,16 +171,16 @@ .PP The actual cipher string can take several different forms. .PP -It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR. +It can consist of a single cipher suite such as \fBAES256\-SHA\fR. .PP It can represent a list of cipher suites containing a certain algorithm, or -cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers -suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3 -algorithms. +cipher suites of a certain type. For example \fBSHA256\fR represents all cipher +suites using the digest algorithm SHA256 and \fBTLSv1.2\fR represents all +cipher suites introduced in TLS v.1.2. .PP Lists of cipher suites can be combined in a single cipher string using the \&\fB+\fR character. This is used as a logical \fBand\fR operation. For example -\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 +\&\fBSHA256+AES\fR represents all cipher suites using the SHA256 \fBand\fR the AES algorithms. .PP Each cipher string can be optionally preceded by the characters \fB!\fR, @@ -269,207 +194,225 @@ all of the ciphers can be added again by later options. .PP If \fB+\fR is used then the ciphers are moved to the end of the list. This -option doesn't add any new ciphers it just moves matching existing ones. +option doesn\*(Aqt add any new ciphers it just moves matching existing ones. .PP If none of these characters is present then the string is just interpreted as a list of ciphers to be appended to the current preference list. If the list includes any ciphers already present they will be ignored: that is they will not moved to the end of the list. .PP -The cipher string \fB\f(CB@STRENGTH\fB\fR can be used at any point to sort the current +The cipher string \fR\f(CB@STRENGTH\fR\fB\fR can be used at any point to sort the current cipher list in order of encryption algorithm key length. .PP -The cipher string \fB\f(CB@SECLEVEL\fB\fR=\fIn\fR can be used at any point to set the security +The cipher string \fR\f(CB@SECLEVEL\fR\fB\fR=\fIn\fR can be used at any point to set the security level to \fIn\fR, which should be a number between zero and five, inclusive. See \fBSSL_CTX_set_security_level\fR\|(3) for a description of what each level means. .PP -The cipher list can be prefixed with the \fB\s-1DEFAULT\s0\fR keyword, which enables +The cipher list can be prefixed with the \fBDEFAULT\fR keyword, which enables the default cipher list as defined below. Unlike cipher strings, this prefix may not be combined with other strings using \fB+\fR character. -For example, \fB\s-1DEFAULT+DES\s0\fR is not valid. +For example, \fBDEFAULT+AES\fR is not valid. .PP The content of the default list is determined at compile time and normally -corresponds to \fB\s-1ALL:\s0!COMPLEMENTOFDEFAULT:!eNULL\fR. +corresponds to \fBALL:!COMPLEMENTOFDEFAULT:!eNULL\fR. .SH "CIPHER STRINGS" .IX Header "CIPHER STRINGS" The following is a list of all permitted cipher strings and their meanings. -.IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 +.IP \fBCOMPLEMENTOFDEFAULT\fR 4 .IX Item "COMPLEMENTOFDEFAULT" -The ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently -this includes all \s-1RC4\s0 and anonymous ciphers. Note that this rule does -not cover \fBeNULL\fR, which is not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if -necessary). Note that \s-1RC4\s0 based cipher suites are not built into OpenSSL by -default (see the enable-weak-ssl-ciphers option to Configure). -.IP "\fB\s-1ALL\s0\fR" 4 +The cipher suites included in \fBALL\fR, but not enabled by default. The default +cipher suite list provides strong security and reasonable interoperability. +A cipher suite can be not included in the default list for different reasons: +because it is weak, or not "mature" enough, or not widely used, etc. +Note that this rule does not cover \fBeNULL\fR, which is not included by \fBALL\fR +(use \fBCOMPLEMENTOFALL\fR if necessary). +.IP \fBALL\fR 4 .IX Item "ALL" All cipher suites except the \fBeNULL\fR ciphers (which must be explicitly enabled if needed). -As of OpenSSL 1.0.0, the \fB\s-1ALL\s0\fR cipher suites are sensibly ordered by default. -.IP "\fB\s-1COMPLEMENTOFALL\s0\fR" 4 +As of OpenSSL 1.0.0, the \fBALL\fR cipher suites are sensibly ordered by default. +.IP \fBCOMPLEMENTOFALL\fR 4 .IX Item "COMPLEMENTOFALL" -The cipher suites not enabled by \fB\s-1ALL\s0\fR, currently \fBeNULL\fR. -.IP "\fB\s-1HIGH\s0\fR" 4 +The cipher suites not enabled by \fBALL\fR, currently \fBeNULL\fR. +.IP \fBHIGH\fR 4 .IX Item "HIGH" -\&\*(L"High\*(R" encryption cipher suites. This currently means those with key lengths +"High" encryption cipher suites. This currently means those with key lengths larger than 128 bits, and some cipher suites with 128\-bit keys. -.IP "\fB\s-1MEDIUM\s0\fR" 4 +.IP \fBMEDIUM\fR 4 .IX Item "MEDIUM" -\&\*(L"Medium\*(R" encryption cipher suites, currently some of those using 128 bit +"Medium" encryption cipher suites, currently some of those using 128 bit encryption. -.IP "\fB\s-1LOW\s0\fR" 4 +.IP \fBLOW\fR 4 .IX Item "LOW" -\&\*(L"Low\*(R" encryption cipher suites, currently those using 64 or 56 bit +"Low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites. All these cipher suites have been removed as of OpenSSL 1.1.0. -.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 +.IP \fBFIPS\fR 4 +.IX Item "FIPS" +Cipher suites permitted in FIPS mode. +.IP "\fBeNULL\fR, \fBNULL\fR" 4 .IX Item "eNULL, NULL" -The \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no +The "NULL" ciphers that is those offering no encryption. Because these offer no encryption at all and are a security risk they are not enabled via either the -\&\fB\s-1DEFAULT\s0\fR or \fB\s-1ALL\s0\fR cipher strings. -Be careful when building cipherlists out of lower-level primitives such as +\&\fBDEFAULT\fR or \fBALL\fR cipher strings. +Be careful when building cipherlists out of lower\-level primitives such as \&\fBkRSA\fR or \fBaECDSA\fR as these do overlap with the \fBeNULL\fR ciphers. When in doubt, include \fB!eNULL\fR in your cipherlist. -.IP "\fBaNULL\fR" 4 +.IP \fBaNULL\fR 4 .IX Item "aNULL" The cipher suites offering no authentication. This is currently the anonymous -\&\s-1DH\s0 algorithms and anonymous \s-1ECDH\s0 algorithms. These cipher suites are vulnerable -to \*(L"man in the middle\*(R" attacks and so their use is discouraged. -These are excluded from the \fB\s-1DEFAULT\s0\fR ciphers, but included in the \fB\s-1ALL\s0\fR +DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable +to "man in the middle" attacks and so their use is discouraged. +These are excluded from the \fBDEFAULT\fR ciphers, but included in the \fBALL\fR ciphers. -Be careful when building cipherlists out of lower-level primitives such as -\&\fBkDHE\fR or \fB\s-1AES\s0\fR as these do overlap with the \fBaNULL\fR ciphers. +Be careful when building cipherlists out of lower\-level primitives such as +\&\fBkDHE\fR or \fBAES\fR as these do overlap with the \fBaNULL\fR ciphers. When in doubt, include \fB!aNULL\fR in your cipherlist. -.IP "\fBkRSA\fR, \fBaRSA\fR, \fB\s-1RSA\s0\fR" 4 +.IP "\fBkRSA\fR, \fBaRSA\fR, \fBRSA\fR" 4 .IX Item "kRSA, aRSA, RSA" -Cipher suites using \s-1RSA\s0 key exchange or authentication. \fB\s-1RSA\s0\fR is an alias for -\&\fBkRSA\fR. -.IP "\fBkDHr\fR, \fBkDHd\fR, \fBkDH\fR" 4 -.IX Item "kDHr, kDHd, kDH" -Cipher suites using static \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs -with \s-1RSA\s0 and \s-1DSS\s0 keys or either respectively. -All these cipher suites have been removed in OpenSSL 1.1.0. -.IP "\fBkDHE\fR, \fBkEDH\fR, \fB\s-1DH\s0\fR" 4 +Cipher suites using RSA key exchange, RSA authentication, or both of them +respectively. +.IP "\fBkDHE\fR, \fBkEDH\fR, \fBDH\fR" 4 .IX Item "kDHE, kEDH, DH" -Cipher suites using ephemeral \s-1DH\s0 key agreement, including anonymous cipher +Cipher suites using ephemeral DH key agreement, including anonymous cipher suites. -.IP "\fB\s-1DHE\s0\fR, \fB\s-1EDH\s0\fR" 4 +.IP "\fBDHE\fR, \fBEDH\fR" 4 .IX Item "DHE, EDH" -Cipher suites using authenticated ephemeral \s-1DH\s0 key agreement. -.IP "\fB\s-1ADH\s0\fR" 4 +Cipher suites using authenticated ephemeral DH key agreement. +.IP \fBADH\fR 4 .IX Item "ADH" -Anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic -Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites. -.IP "\fBkEECDH\fR, \fBkECDHE\fR, \fB\s-1ECDH\s0\fR" 4 +Anonymous DH cipher suites, note that this does not include anonymous Elliptic +Curve DH (ECDH) cipher suites. +.IP "\fBkEECDH\fR, \fBkECDHE\fR, \fBECDH\fR" 4 .IX Item "kEECDH, kECDHE, ECDH" -Cipher suites using ephemeral \s-1ECDH\s0 key agreement, including anonymous +Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites. -.IP "\fB\s-1ECDHE\s0\fR, \fB\s-1EECDH\s0\fR" 4 +.IP "\fBECDHE\fR, \fBEECDH\fR" 4 .IX Item "ECDHE, EECDH" -Cipher suites using authenticated ephemeral \s-1ECDH\s0 key agreement. -.IP "\fB\s-1AECDH\s0\fR" 4 +Cipher suites using authenticated ephemeral ECDH key agreement. +.IP \fBAECDH\fR 4 .IX Item "AECDH" -Anonymous Elliptic Curve Diffie-Hellman cipher suites. -.IP "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4 +Anonymous Elliptic Curve Diffie\-Hellman cipher suites. +.IP "\fBaDSS\fR, \fBDSS\fR" 4 .IX Item "aDSS, DSS" -Cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys. -.IP "\fBaDH\fR" 4 -.IX Item "aDH" -Cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry -\&\s-1DH\s0 keys. -All these cipher suites have been removed in OpenSSL 1.1.0. -.IP "\fBaECDSA\fR, \fB\s-1ECDSA\s0\fR" 4 +Cipher suites using DSS authentication, i.e. the certificates carry DSS keys. +.IP "\fBaECDSA\fR, \fBECDSA\fR" 4 .IX Item "aECDSA, ECDSA" -Cipher suites using \s-1ECDSA\s0 authentication, i.e. the certificates carry \s-1ECDSA\s0 +Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA keys. .IP "\fBTLSv1.2\fR, \fBTLSv1.0\fR, \fBSSLv3\fR" 4 .IX Item "TLSv1.2, TLSv1.0, SSLv3" -Lists cipher suites which are only supported in at least \s-1TLS\s0 v1.2, \s-1TLS\s0 v1.0 or -\&\s-1SSL\s0 v3.0 respectively. -Note: there are no cipher suites specific to \s-1TLS\s0 v1.1. +Lists cipher suites introduced in TLS v1.2, TLS v1.0 or SSL v3.0 respectively. +Note: there are no cipher suites specific to TLS v1.1. Since this is only the minimum version, if, for example, TLSv1.0 is negotiated then both TLSv1.0 and SSLv3.0 cipher suites are available. .Sp -Note: these cipher strings \fBdo not\fR change the negotiated version of \s-1SSL\s0 or -\&\s-1TLS,\s0 they only affect the list of available cipher suites. -.IP "\fB\s-1AES128\s0\fR, \fB\s-1AES256\s0\fR, \fB\s-1AES\s0\fR" 4 +Note: these cipher strings \fBdo not\fR change the negotiated version of SSL or +TLS, they only affect the list of available cipher suites. +.IP "\fBAES128\fR, \fBAES256\fR, \fBAES\fR" 4 .IX Item "AES128, AES256, AES" -cipher suites using 128 bit \s-1AES, 256\s0 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES.\s0 -.IP "\fB\s-1AESGCM\s0\fR" 4 +cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES. +.IP \fBAESGCM\fR 4 .IX Item "AESGCM" -\&\s-1AES\s0 in Galois Counter Mode (\s-1GCM\s0): these cipher suites are only supported -in \s-1TLS\s0 v1.2. -.IP "\fB\s-1AESCCM\s0\fR, \fB\s-1AESCCM8\s0\fR" 4 +AES in Galois Counter Mode (GCM): these cipher suites are only supported +in TLS v1.2. +.IP "\fBAESCCM\fR, \fBAESCCM8\fR" 4 .IX Item "AESCCM, AESCCM8" -\&\s-1AES\s0 in Cipher Block Chaining \- Message Authentication Mode (\s-1CCM\s0): these -cipher suites are only supported in \s-1TLS\s0 v1.2. \fB\s-1AESCCM\s0\fR references \s-1CCM\s0 -cipher suites using both 16 and 8 octet Integrity Check Value (\s-1ICV\s0) -while \fB\s-1AESCCM8\s0\fR only references 8 octet \s-1ICV.\s0 -.IP "\fB\s-1ARIA128\s0\fR, \fB\s-1ARIA256\s0\fR, \fB\s-1ARIA\s0\fR" 4 -.IX Item "ARIA128, ARIA256, ARIA" -Cipher suites using 128 bit \s-1ARIA, 256\s0 bit \s-1ARIA\s0 or either 128 or 256 bit -\&\s-1ARIA.\s0 -.IP "\fB\s-1CAMELLIA128\s0\fR, \fB\s-1CAMELLIA256\s0\fR, \fB\s-1CAMELLIA\s0\fR" 4 +AES in Cipher Block Chaining \- Message Authentication Mode (CCM): these +cipher suites are only supported in TLS v1.2. \fBAESCCM\fR references CCM +cipher suites using both 16 and 8 octet Integrity Check Value (ICV) +while \fBAESCCM8\fR only references 8 octet ICV. +.IP "\fBARIA128\fR, \fBARIA256\fR" 4 +.IX Item "ARIA128, ARIA256" +Cipher suites using 128 bit ARIA or 256 bit ARIA respectively. +.IP "\fBARIA\fR, \fBARIAGCM\fR" 4 +.IX Item "ARIA, ARIAGCM" +Cipher suites using either 128 or 256 bit ARIA. +.IP "\fBCAMELLIA128\fR, \fBCAMELLIA256\fR, \fBCAMELLIA\fR" 4 .IX Item "CAMELLIA128, CAMELLIA256, CAMELLIA" -Cipher suites using 128 bit \s-1CAMELLIA, 256\s0 bit \s-1CAMELLIA\s0 or either 128 or 256 bit -\&\s-1CAMELLIA.\s0 -.IP "\fB\s-1CHACHA20\s0\fR" 4 +Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit +CAMELLIA. +.IP \fBCHACHA20\fR 4 .IX Item "CHACHA20" Cipher suites using ChaCha20. -.IP "\fB3DES\fR" 4 +.IP \fB3DES\fR 4 .IX Item "3DES" -Cipher suites using triple \s-1DES.\s0 -.IP "\fB\s-1DES\s0\fR" 4 +Cipher suites using triple DES. +.IP \fBDES\fR 4 .IX Item "DES" -Cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). +Cipher suites using DES (not triple DES). All these cipher suites have been removed in OpenSSL 1.1.0. -.IP "\fB\s-1RC4\s0\fR" 4 +.IP \fBRC4\fR 4 .IX Item "RC4" -Cipher suites using \s-1RC4.\s0 -.IP "\fB\s-1RC2\s0\fR" 4 +Cipher suites using RC4. +.IP \fBRC2\fR 4 .IX Item "RC2" -Cipher suites using \s-1RC2.\s0 -.IP "\fB\s-1IDEA\s0\fR" 4 +Cipher suites using RC2. +.IP \fBIDEA\fR 4 .IX Item "IDEA" -Cipher suites using \s-1IDEA.\s0 -.IP "\fB\s-1SEED\s0\fR" 4 +Cipher suites using IDEA. +.IP \fBSEED\fR 4 .IX Item "SEED" -Cipher suites using \s-1SEED.\s0 -.IP "\fB\s-1MD5\s0\fR" 4 +Cipher suites using SEED. +.IP \fBMD5\fR 4 .IX Item "MD5" -Cipher suites using \s-1MD5.\s0 -.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 +Cipher suites using MD5. +.IP "\fBSHA1\fR, \fBSHA\fR" 4 .IX Item "SHA1, SHA" -Cipher suites using \s-1SHA1.\s0 -.IP "\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR" 4 +Cipher suites using SHA1. +.IP "\fBSHA256\fR, \fBSHA384\fR" 4 .IX Item "SHA256, SHA384" -Cipher suites using \s-1SHA256\s0 or \s-1SHA384.\s0 -.IP "\fBaGOST\fR" 4 +Cipher suites using SHA256 or SHA384. +.IP \fBaGOST\fR 4 .IX Item "aGOST" -Cipher suites using \s-1GOST R 34.10\s0 (either 2001 or 94) for authentication -(needs an engine supporting \s-1GOST\s0 algorithms). -.IP "\fBaGOST01\fR" 4 +Cipher suites using GOST R 34.10 (either 2001 or 2012) for authentication +(needs an engine supporting GOST algorithms). +.IP \fBaGOST01\fR 4 .IX Item "aGOST01" -Cipher suites using \s-1GOST R 34.10\-2001\s0 authentication. -.IP "\fBkGOST\fR" 4 +Cipher suites that can be uses with GOST R 34.10\-2001 keys for authentication. +.IP \fBaGOST12\fR 4 +.IX Item "aGOST12" +Cipher suites that can be used with GOST R 34.10\-2012 keys for authentication. +.IP \fBkGOST\fR 4 .IX Item "kGOST" -Cipher suites, using \s-1VKO 34.10\s0 key exchange, specified in the \s-1RFC 4357.\s0 -.IP "\fB\s-1GOST94\s0\fR" 4 +Cipher suites using VKO 34.10 key exchange and key wrap specified in the +RFC 4357 or RFC 7836. +.IP \fBkGOST18\fR 4 +.IX Item "kGOST18" +Cipher suites using VKO 34.10 key exchange specified in the RFC 7836 and +KExp15 key export specified in the RFC 9189. +.IP \fBGOST94\fR 4 .IX Item "GOST94" -Cipher suites, using \s-1HMAC\s0 based on \s-1GOST R 34.11\-94.\s0 -.IP "\fB\s-1GOST89MAC\s0\fR" 4 +Cipher suites, using HMAC based on GOST R 34.11\-94. +.IP \fBGOST12\fR 4 +.IX Item "GOST12" +Cipher suites, using HMAC based on GOST R 34.11\-2012 256 bits. +.IP \fBGOST89MAC\fR 4 .IX Item "GOST89MAC" -Cipher suites using \s-1GOST 28147\-89 MAC\s0 \fBinstead of\fR \s-1HMAC.\s0 -.IP "\fB\s-1PSK\s0\fR" 4 +Cipher suites using GOST 28147\-89 MAC \fBinstead of\fR HMAC with S\-boxes A. +.IP \fBGOST89MAC12\fR 4 +.IX Item "GOST89MAC12" +Cipher suites using GOST 28147\-89 MAC \fBinstead of\fR HMAC with S\-boxes Z. +.IP \fBGOST89\fR 4 +.IX Item "GOST89" +Cipher suites using any GOST cipher (GOST 28147\-89, Magma or Kuznyechik). +.IP \fBPSK\fR 4 .IX Item "PSK" -All cipher suites using pre-shared keys (\s-1PSK\s0). +All cipher suites using pre\-shared keys (PSK). .IP "\fBkPSK\fR, \fBkECDHEPSK\fR, \fBkDHEPSK\fR, \fBkRSAPSK\fR" 4 .IX Item "kPSK, kECDHEPSK, kDHEPSK, kRSAPSK" -Cipher suites using \s-1PSK\s0 key exchange, \s-1ECDHE_PSK, DHE_PSK\s0 or \s-1RSA_PSK.\s0 -.IP "\fBaPSK\fR" 4 +Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK. +.IP \fBaPSK\fR 4 .IX Item "aPSK" -Cipher suites using \s-1PSK\s0 authentication (currently all \s-1PSK\s0 modes apart from -\&\s-1RSA_PSK\s0). -.IP "\fB\s-1SUITEB128\s0\fR, \fB\s-1SUITEB128ONLY\s0\fR, \fB\s-1SUITEB192\s0\fR" 4 +Cipher suites using PSK authentication (currently all PSK modes apart from +RSA_PSK). +.IP "\fBkSRP\fR, \fBSRP\fR" 4 +.IX Item "kSRP, SRP" +Cipher suites using SRP key exchange. +.IP \fBaSRP\fR 4 +.IX Item "aSRP" +Cipher suites using SRP authentication. +.IP "\fBSUITEB128\fR, \fBSUITEB128ONLY\fR, \fBSUITEB192\fR" 4 .IX Item "SUITEB128, SUITEB128ONLY, SUITEB192" Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) 128 bit (not permitting 192 bit by peer) or 192 bit level of security @@ -477,343 +420,427 @@ If used these cipherstrings should appear first in the cipher list and anything after them is ignored. Setting Suite B mode has additional consequences required to comply with -\&\s-1RFC6460.\s0 +RFC6460. In particular the supported signature algorithms is reduced to support only -\&\s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384,\s0 only the elliptic curves P\-256 and P\-384 can be +ECDSA and SHA256 or SHA384, only the elliptic curves P\-256 and P\-384 can be used and only the two suite B compliant cipher suites -(\s-1ECDHE\-ECDSA\-AES128\-GCM\-SHA256\s0 and \s-1ECDHE\-ECDSA\-AES256\-GCM\-SHA384\s0) are +(ECDHE\-ECDSA\-AES128\-GCM\-SHA256 and ECDHE\-ECDSA\-AES256\-GCM\-SHA384) are permissible. -.IP "\fB\s-1CBC\s0\fR" 4 +.IP \fBCBC\fR 4 .IX Item "CBC" -All cipher suites using encryption algorithm in Cipher Block Chaining (\s-1CBC\s0) -mode. These cipher suites are only supported in \s-1TLS\s0 v1.2 and earlier. Currently -it's an alias for the following cipherstrings: \fB\s-1SSL_DES\s0\fR, \fB\s-1SSL_3DES\s0\fR, \fB\s-1SSL_RC2\s0\fR, -\&\fB\s-1SSL_IDEA\s0\fR, \fB\s-1SSL_AES128\s0\fR, \fB\s-1SSL_AES256\s0\fR, \fB\s-1SSL_CAMELLIA128\s0\fR, \fB\s-1SSL_CAMELLIA256\s0\fR, \fB\s-1SSL_SEED\s0\fR. +All cipher suites using encryption algorithm in Cipher Block Chaining (CBC) +mode. These cipher suites are only supported in TLS v1.2 and earlier. Currently +it\*(Aqs an alias for the following cipherstrings: \fBSSL_DES\fR, \fBSSL_3DES\fR, \fBSSL_RC2\fR, +\&\fBSSL_IDEA\fR, \fBSSL_AES128\fR, \fBSSL_AES256\fR, \fBSSL_CAMELLIA128\fR, \fBSSL_CAMELLIA256\fR, \fBSSL_SEED\fR. .SH "CIPHER SUITE NAMES" .IX Header "CIPHER SUITE NAMES" -The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the +The following lists give the SSL or TLS cipher suites names from the relevant specification and their OpenSSL equivalents. It should be noted, that several cipher suite names do not include the authentication used, -e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used. -.SS "\s-1SSL\s0 v3.0 cipher suites" -.IX Subsection "SSL v3.0 cipher suites" -.Vb 6 -\& SSL_RSA_WITH_NULL_MD5 NULL\-MD5 -\& SSL_RSA_WITH_NULL_SHA NULL\-SHA -\& SSL_RSA_WITH_RC4_128_MD5 RC4\-MD5 -\& SSL_RSA_WITH_RC4_128_SHA RC4\-SHA -\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA -\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA -\& -\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH\-DSS\-DES\-CBC3\-SHA -\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH\-RSA\-DES\-CBC3\-SHA -\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA -\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA -\& -\& SSL_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 -\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA -\& -\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. -\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. -\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. -.Ve -.SS "\s-1TLS\s0 v1.0 cipher suites" -.IX Subsection "TLS v1.0 cipher suites" -.Vb 6 -\& TLS_RSA_WITH_NULL_MD5 NULL\-MD5 -\& TLS_RSA_WITH_NULL_SHA NULL\-SHA -\& TLS_RSA_WITH_RC4_128_MD5 RC4\-MD5 -\& TLS_RSA_WITH_RC4_128_SHA RC4\-SHA -\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA -\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA -\& -\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. -\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. -\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA -\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA -\& -\& TLS_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 -\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA -.Ve -.SS "\s-1AES\s0 cipher suites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0" -.IX Subsection "AES cipher suites from RFC3268, extending TLS v1.0" -.Vb 2 -\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA -\& TLS_RSA_WITH_AES_256_CBC_SHA AES256\-SHA -\& -\& TLS_DH_DSS_WITH_AES_128_CBC_SHA DH\-DSS\-AES128\-SHA -\& TLS_DH_DSS_WITH_AES_256_CBC_SHA DH\-DSS\-AES256\-SHA -\& TLS_DH_RSA_WITH_AES_128_CBC_SHA DH\-RSA\-AES128\-SHA -\& TLS_DH_RSA_WITH_AES_256_CBC_SHA DH\-RSA\-AES256\-SHA -\& -\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE\-DSS\-AES128\-SHA -\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE\-DSS\-AES256\-SHA -\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE\-RSA\-AES128\-SHA -\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE\-RSA\-AES256\-SHA -\& -\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA -\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA -.Ve -.SS "Camellia cipher suites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0" -.IX Subsection "Camellia cipher suites from RFC4132, extending TLS v1.0" -.Vb 2 -\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA -\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256\-SHA -\& -\& TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH\-DSS\-CAMELLIA128\-SHA -\& TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH\-DSS\-CAMELLIA256\-SHA -\& TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH\-RSA\-CAMELLIA128\-SHA -\& TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH\-RSA\-CAMELLIA256\-SHA -\& -\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE\-DSS\-CAMELLIA128\-SHA -\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE\-DSS\-CAMELLIA256\-SHA -\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE\-RSA\-CAMELLIA128\-SHA -\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE\-RSA\-CAMELLIA256\-SHA -\& -\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA -\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA +e.g. DES\-CBC3\-SHA. In these cases, RSA authentication is used. +.SS "AES cipher suites for TLS v1.2" +.IX Subsection "AES cipher suites for TLS v1.2" +.Vb 10 +\& TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH\-AES128\-SHA256 +\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA +\& TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH\-AES128\-GCM\-SHA256 +\& TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH\-AES256\-SHA256 +\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA +\& TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH\-AES256\-GCM\-SHA384 +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE\-DSS\-AES128\-SHA256 +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE\-DSS\-AES128\-SHA +\& TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE\-DSS\-AES256\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE\-DSS\-AES256\-SHA +\& TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE\-DSS\-AES256\-GCM\-SHA384 +\& TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE\-PSK\-AES128\-CBC\-SHA256 +\& TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE\-PSK\-AES128\-CBC\-SHA +\& TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE\-PSK\-AES128\-CCM8 +\& TLS_DHE_PSK_WITH_AES_128_CCM DHE\-PSK\-AES128\-CCM +\& TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE\-PSK\-AES128\-GCM\-SHA256 +\& TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE\-PSK\-AES256\-CBC\-SHA384 +\& TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE\-PSK\-AES256\-CBC\-SHA +\& TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE\-PSK\-AES256\-CCM8 +\& TLS_DHE_PSK_WITH_AES_256_CCM DHE\-PSK\-AES256\-CCM +\& TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE\-PSK\-AES256\-GCM\-SHA384 +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE\-RSA\-AES128\-SHA256 +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE\-RSA\-AES128\-SHA +\& TLS_DHE_RSA_WITH_AES_128_CCM_8 DHE\-RSA\-AES128\-CCM8 +\& TLS_DHE_RSA_WITH_AES_128_CCM DHE\-RSA\-AES128\-CCM +\& TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE\-RSA\-AES256\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE\-RSA\-AES256\-SHA +\& TLS_DHE_RSA_WITH_AES_256_CCM_8 DHE\-RSA\-AES256\-CCM8 +\& TLS_DHE_RSA_WITH_AES_256_CCM DHE\-RSA\-AES256\-CCM +\& TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE\-RSA\-AES256\-GCM\-SHA384 +\& TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH\-AES128\-SHA +\& TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH\-AES128\-CCM8 +\& TLS_ECDH_anon_WITH_AES_128_CCM AECDH\-AES128\-CCM +\& TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH\-AES256\-SHA +\& TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH\-AES256\-CCM8 +\& TLS_ECDH_anon_WITH_AES_256_CCM AECDH\-AES256\-CCM +\& TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH\-ECDSA\-AES128\-SHA256 +\& TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH\-ECDSA\-AES128\-SHA +\& TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH\-ECDSA\-AES256\-SHA384 +\& TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH\-ECDSA\-AES256\-SHA +\& TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH\-ECDSA\-AES256\-GCM\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE\-ECDSA\-AES128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE\-ECDSA\-AES128\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE\-ECDSA\-AES128\-CCM8 +\& TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE\-ECDSA\-AES128\-CCM +\& TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE\-ECDSA\-AES256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE\-ECDSA\-AES256\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE\-ECDSA\-AES256\-CCM8 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE\-ECDSA\-AES256\-CCM +\& TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE\-ECDSA\-AES256\-GCM\-SHA384 +\& TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE\-PSK\-AES128\-CBC\-SHA256 +\& TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE\-PSK\-AES128\-CBC\-SHA +\& TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE\-PSK\-AES128\-CCM8 +\& TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE\-PSK\-AES128\-CCM +\& TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE\-PSK\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE\-PSK\-AES256\-CBC\-SHA384 +\& TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE\-PSK\-AES256\-CBC\-SHA +\& TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE\-PSK\-AES256\-GCM\-SHA384 +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE\-RSA\-AES128\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE\-RSA\-AES128\-SHA +\& TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE\-RSA\-AES128\-CCM8 +\& TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE\-RSA\-AES128\-CCM +\& TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE\-RSA\-AES256\-SHA384 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE\-RSA\-AES256\-SHA +\& TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE\-RSA\-AES256\-CCM8 +\& TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE\-RSA\-AES256\-CCM +\& TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE\-RSA\-AES256\-GCM\-SHA384 +\& TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH\-RSA\-AES128\-SHA256 +\& TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH\-RSA\-AES128\-SHA +\& TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH\-RSA\-AES256\-SHA384 +\& TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH\-RSA\-AES256\-SHA +\& TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH\-RSA\-AES256\-GCM\-SHA384 +\& TLS_PSK_WITH_AES_128_CBC_SHA256 PSK\-AES128\-CBC\-SHA256 +\& TLS_PSK_WITH_AES_128_CBC_SHA PSK\-AES128\-CBC\-SHA +\& TLS_PSK_WITH_AES_128_CCM_8 PSK\-AES128\-CCM8 +\& TLS_PSK_WITH_AES_128_CCM PSK\-AES128\-CCM +\& TLS_PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& TLS_PSK_WITH_AES_256_CBC_SHA384 PSK\-AES256\-CBC\-SHA384 +\& TLS_PSK_WITH_AES_256_CBC_SHA PSK\-AES256\-CBC\-SHA +\& TLS_PSK_WITH_AES_256_CCM_8 PSK\-AES256\-CCM8 +\& TLS_PSK_WITH_AES_256_CCM PSK\-AES256\-CCM +\& TLS_PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA\-PSK\-AES128\-CBC\-SHA256 +\& TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA\-PSK\-AES128\-CBC\-SHA +\& TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA\-PSK\-AES128\-GCM\-SHA256 +\& TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA\-PSK\-AES256\-CBC\-SHA384 +\& TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA\-PSK\-AES256\-CBC\-SHA +\& TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA\-PSK\-AES256\-GCM\-SHA384 +\& TLS_RSA_WITH_AES_128_CBC_SHA256 AES128\-SHA256 +\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA +\& TLS_RSA_WITH_AES_128_CCM_8 AES128\-CCM8 +\& TLS_RSA_WITH_AES_128_CCM AES128\-CCM +\& TLS_RSA_WITH_AES_128_GCM_SHA256 AES128\-GCM\-SHA256 +\& TLS_RSA_WITH_AES_256_CBC_SHA256 AES256\-SHA256 +\& TLS_RSA_WITH_AES_256_CBC_SHA AES256\-SHA +\& TLS_RSA_WITH_AES_256_CCM_8 AES256\-CCM8 +\& TLS_RSA_WITH_AES_256_CCM AES256\-CCM +\& TLS_RSA_WITH_AES_256_GCM_SHA384 AES256\-GCM\-SHA384 .Ve -.SS "\s-1SEED\s0 cipher suites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0" -.IX Subsection "SEED cipher suites from RFC4162, extending TLS v1.0" -.Vb 1 -\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA -\& -\& TLS_DH_DSS_WITH_SEED_CBC_SHA DH\-DSS\-SEED\-SHA -\& TLS_DH_RSA_WITH_SEED_CBC_SHA DH\-RSA\-SEED\-SHA -\& -\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE\-DSS\-SEED\-SHA -\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE\-RSA\-SEED\-SHA -\& -\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA +.SS "Camellia cipher suites for TLS v1.2" +.IX Subsection "Camellia cipher suites for TLS v1.2" +.Vb 10 +\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 ADH\-CAMELLIA128\-SHA256 +\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA +\& TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 ADH\-CAMELLIA128\-GCM\-SHA256 +\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 ADH\-CAMELLIA256\-SHA256 +\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA +\& TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 ADH\-CAMELLIA256\-GCM\-SHA384 +\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 DHE\-DSS\-CAMELLIA128\-SHA256 +\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE\-DSS\-CAMELLIA128\-SHA +\& TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 DHE\-DSS\-CAMELLIA128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 DHE\-DSS\-CAMELLIA256\-SHA256 +\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE\-DSS\-CAMELLIA256\-SHA +\& TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 DHE\-DSS\-CAMELLIA256\-GCM\-SHA384 +\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DHE\-RSA\-CAMELLIA128\-SHA256 +\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE\-RSA\-CAMELLIA128\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 DHE\-RSA\-CAMELLIA128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DHE\-RSA\-CAMELLIA256\-SHA256 +\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE\-RSA\-CAMELLIA256\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 DHE\-RSA\-CAMELLIA256\-GCM\-SHA384 +\& TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH\-ECDSA\-CAMELLIA128\-SHA256 +\& TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH\-ECDSA\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-ECDSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-ECDSA\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-PSK\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-PSK\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-RSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-RSA\-CAMELLIA256\-SHA384 +\& TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH\-RSA\-CAMELLIA128\-SHA256 +\& TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH\-RSA\-CAMELLIA256\-SHA384 +\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 CAMELLIA128\-SHA256 +\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA +\& TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 CAMELLIA128\-GCM\-SHA256 +\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 CAMELLIA256\-SHA256 +\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256\-SHA +\& TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 CAMELLIA256\-GCM\-SHA384 .Ve -.SS "\s-1GOST\s0 cipher suites from draft-chudov-cryptopro-cptls, extending \s-1TLS\s0 v1.0" -.IX Subsection "GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0" -Note: these ciphers require an engine which including \s-1GOST\s0 cryptographic -algorithms, such as the \fBgost\fR engine, which isn't part of the OpenSSL -distribution. -.PP +.SS "SEED cipher suites for TLS v1.2" +.IX Subsection "SEED cipher suites for TLS v1.2" .Vb 4 -\& TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94\-GOST89\-GOST89 -\& TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001\-GOST89\-GOST89 -\& TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94\-NULL\-GOST94 -\& TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001\-NULL\-GOST94 +\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA +\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE\-DSS\-SEED\-SHA +\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE\-RSA\-SEED\-SHA +\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA .Ve -.SS "\s-1GOST\s0 cipher suites, extending \s-1TLS\s0 v1.2" -.IX Subsection "GOST cipher suites, extending TLS v1.2" -Note: these ciphers require an engine which including \s-1GOST\s0 cryptographic -algorithms, such as the \fBgost\fR engine, which isn't part of the OpenSSL +.SS "GOST cipher suites for TLS v1.2" +.IX Subsection "GOST cipher suites for TLS v1.2" +Note: these ciphers require an engine which including GOST cryptographic +algorithms, such as the \fBgost\fR engine, which isn\*(Aqt part of the OpenSSL distribution. .PP -.Vb 2 -\& TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012\-GOST8912\-GOST8912 -\& TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012\-NULL\-GOST12 -.Ve -.PP -Note: \s-1GOST2012\-GOST8912\-GOST8912\s0 is an alias for two ciphers \s-1ID\s0 -old \s-1LEGACY\-GOST2012\-GOST8912\-GOST8912\s0 and new \s-1IANA\-GOST2012\-GOST8912\-GOST8912\s0 -.SS "Additional Export 1024 and other cipher suites" -.IX Subsection "Additional Export 1024 and other cipher suites" -Note: these ciphers can also be used in \s-1SSL\s0 v3. -.PP -.Vb 1 -\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA -.Ve -.SS "Elliptic curve cipher suites" -.IX Subsection "Elliptic curve cipher suites" -.Vb 5 -\& TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE\-RSA\-NULL\-SHA -\& TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE\-RSA\-RC4\-SHA -\& TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE\-RSA\-DES\-CBC3\-SHA -\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE\-RSA\-AES128\-SHA -\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE\-RSA\-AES256\-SHA -\& -\& TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE\-ECDSA\-NULL\-SHA -\& TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE\-ECDSA\-RC4\-SHA -\& TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE\-ECDSA\-DES\-CBC3\-SHA -\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE\-ECDSA\-AES128\-SHA -\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE\-ECDSA\-AES256\-SHA -\& -\& TLS_ECDH_anon_WITH_NULL_SHA AECDH\-NULL\-SHA -\& TLS_ECDH_anon_WITH_RC4_128_SHA AECDH\-RC4\-SHA -\& TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH\-DES\-CBC3\-SHA -\& TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH\-AES128\-SHA -\& TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH\-AES256\-SHA -.Ve -.SS "\s-1TLS\s0 v1.2 cipher suites" -.IX Subsection "TLS v1.2 cipher suites" -.Vb 1 -\& TLS_RSA_WITH_NULL_SHA256 NULL\-SHA256 -\& -\& TLS_RSA_WITH_AES_128_CBC_SHA256 AES128\-SHA256 -\& TLS_RSA_WITH_AES_256_CBC_SHA256 AES256\-SHA256 -\& TLS_RSA_WITH_AES_128_GCM_SHA256 AES128\-GCM\-SHA256 -\& TLS_RSA_WITH_AES_256_GCM_SHA384 AES256\-GCM\-SHA384 -\& -\& TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH\-RSA\-AES128\-SHA256 -\& TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH\-RSA\-AES256\-SHA256 -\& TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH\-RSA\-AES128\-GCM\-SHA256 -\& TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH\-RSA\-AES256\-GCM\-SHA384 -\& -\& TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH\-DSS\-AES128\-SHA256 -\& TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH\-DSS\-AES256\-SHA256 -\& TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH\-DSS\-AES128\-GCM\-SHA256 -\& TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH\-DSS\-AES256\-GCM\-SHA384 -\& -\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE\-RSA\-AES128\-SHA256 -\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE\-RSA\-AES256\-SHA256 -\& TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE\-RSA\-AES128\-GCM\-SHA256 -\& TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE\-RSA\-AES256\-GCM\-SHA384 -\& -\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE\-DSS\-AES128\-SHA256 -\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE\-DSS\-AES256\-SHA256 -\& TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE\-DSS\-AES128\-GCM\-SHA256 -\& TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE\-DSS\-AES256\-GCM\-SHA384 -\& -\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE\-RSA\-AES128\-SHA256 -\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE\-RSA\-AES256\-SHA384 -\& TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE\-RSA\-AES128\-GCM\-SHA256 -\& TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE\-RSA\-AES256\-GCM\-SHA384 -\& -\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE\-ECDSA\-AES128\-SHA256 -\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE\-ECDSA\-AES256\-SHA384 -\& TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE\-ECDSA\-AES128\-GCM\-SHA256 -\& TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE\-ECDSA\-AES256\-GCM\-SHA384 -\& -\& TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH\-AES128\-SHA256 -\& TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH\-AES256\-SHA256 -\& TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH\-AES128\-GCM\-SHA256 -\& TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH\-AES256\-GCM\-SHA384 -\& -\& RSA_WITH_AES_128_CCM AES128\-CCM -\& RSA_WITH_AES_256_CCM AES256\-CCM -\& DHE_RSA_WITH_AES_128_CCM DHE\-RSA\-AES128\-CCM -\& DHE_RSA_WITH_AES_256_CCM DHE\-RSA\-AES256\-CCM -\& RSA_WITH_AES_128_CCM_8 AES128\-CCM8 -\& RSA_WITH_AES_256_CCM_8 AES256\-CCM8 -\& DHE_RSA_WITH_AES_128_CCM_8 DHE\-RSA\-AES128\-CCM8 -\& DHE_RSA_WITH_AES_256_CCM_8 DHE\-RSA\-AES256\-CCM8 -\& ECDHE_ECDSA_WITH_AES_128_CCM ECDHE\-ECDSA\-AES128\-CCM -\& ECDHE_ECDSA_WITH_AES_256_CCM ECDHE\-ECDSA\-AES256\-CCM -\& ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE\-ECDSA\-AES128\-CCM8 -\& ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE\-ECDSA\-AES256\-CCM8 +.Vb 7 +\& TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001\-GOST89\-GOST89 +\& TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001\-NULL\-GOST94 +\& IANA\-GOST2012\-GOST8912\-GOST8912 +\& LEGACY\-GOST2012\-GOST8912\-GOST8912 +\& GOST2012\-NULL\-GOST12 +\& GOST2012\-KUZNYECHIK\-KUZNYECHIKOMAC +\& GOST2012\-MAGMA\-MAGMAOMAC .Ve -.SS "\s-1ARIA\s0 cipher suites from \s-1RFC6209,\s0 extending \s-1TLS\s0 v1.2" +.SS "ARIA cipher suites from RFC6209, extending TLS v1.2" .IX Subsection "ARIA cipher suites from RFC6209, extending TLS v1.2" -Note: the \s-1CBC\s0 modes mentioned in this \s-1RFC\s0 are not supported. +Note: the CBC modes mentioned in this RFC are not supported. .PP .Vb 10 -\& TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128\-GCM\-SHA256 -\& TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256\-GCM\-SHA384 -\& TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE\-RSA\-ARIA128\-GCM\-SHA256 -\& TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE\-RSA\-ARIA256\-GCM\-SHA384 -\& TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE\-DSS\-ARIA128\-GCM\-SHA256 -\& TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE\-DSS\-ARIA256\-GCM\-SHA384 -\& TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ECDSA\-ARIA128\-GCM\-SHA256 -\& TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ECDSA\-ARIA256\-GCM\-SHA384 -\& TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ARIA128\-GCM\-SHA256 -\& TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ARIA256\-GCM\-SHA384 -\& TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK\-ARIA128\-GCM\-SHA256 -\& TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK\-ARIA256\-GCM\-SHA384 -\& TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE\-PSK\-ARIA128\-GCM\-SHA256 -\& TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE\-PSK\-ARIA256\-GCM\-SHA384 -\& TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA\-PSK\-ARIA128\-GCM\-SHA256 -\& TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 ADH\-ARIA128\-CBC\-SHA256 +\& TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 ADH\-ARIA128\-GCM\-SHA256 +\& TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 ADH\-ARIA256\-CBC\-SHA384 +\& TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 ADH\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE\-DSS\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE\-DSS\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE\-PSK\-ARIA128\-CBC\-SHA256 +\& TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE\-PSK\-ARIA256\-CBC\-SHA384 +\& TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 DHE\-RSA\-ARIA128\-CBC\-SHA256 +\& TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE\-RSA\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 DHE\-RSA\-ARIA256\-CBC\-SHA384 +\& TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE\-RSA\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE\-ECDSA\-ARIA128\-CBC\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ECDSA\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE\-ECDSA\-ARIA256\-CBC\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ECDSA\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE\-PSK\-ARIA128\-CBC\-SHA256 +\& TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE\-PSK\-ARIA256\-CBC\-SHA384 +\& TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE\-RSA\-ARIA128\-CBC\-SHA256 +\& TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-RSA\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE\-RSA\-ARIA256\-CBC\-SHA384 +\& TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-RSA\-ARIA256\-GCM\-SHA384 +\& TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK\-ARIA128\-CBC\-SHA256 +\& TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK\-ARIA128\-GCM\-SHA256 +\& TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK\-ARIA256\-GCM\-SHA384 +\& TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA\-PSK\-ARIA128\-CBC\-SHA256 +\& TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA\-PSK\-ARIA256\-CBC\-SHA384 +\& TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_RSA_WITH_ARIA_128_CBC_SHA256 ARIA128\-CBC\-SHA256 +\& TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128\-GCM\-SHA256 +\& TLS_RSA_WITH_ARIA_256_CBC_SHA384 ARIA256\-CBC\-SHA384 +\& TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256\-GCM\-SHA384 .Ve -.SS "Camellia HMAC-Based cipher suites from \s-1RFC6367,\s0 extending \s-1TLS\s0 v1.2" -.IX Subsection "Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2" -.Vb 4 -\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-ECDSA\-CAMELLIA128\-SHA256 -\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-ECDSA\-CAMELLIA256\-SHA384 -\& TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-RSA\-CAMELLIA128\-SHA256 -\& TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-RSA\-CAMELLIA256\-SHA384 +.SS "ChaCha20\-Poly1305 cipher suites, extending TLS v1.2" +.IX Subsection "ChaCha20-Poly1305 cipher suites, extending TLS v1.2" +.Vb 7 +\& TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-ECDSA\-CHACHA20\-POLY1305 +\& TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK\-CHACHA20\-POLY1305 +\& TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA\-PSK\-CHACHA20\-POLY1305 .Ve -.SS "Pre-shared keying (\s-1PSK\s0) cipher suites" +.SS "Elliptic curve cipher suites for TLS v.1.2" +.IX Subsection "Elliptic curve cipher suites for TLS v.1.2" +.Vb 10 +\& TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH\-DES\-CBC3\-SHA +\& TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH\-AES128\-SHA +\& TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH\-AES128\-CCM8 +\& TLS_ECDH_anon_WITH_AES_128_CCM AECDH\-AES128\-CCM +\& TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH\-AES256\-SHA +\& TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH\-AES256\-CCM8 +\& TLS_ECDH_anon_WITH_AES_256_CCM AECDH\-AES256\-CCM +\& TLS_ECDH_anon_WITH_RC4_128_SHA AECDH\-RC4\-SHA +\& TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH\-ECDSA\-DES\-CBC3\-SHA +\& TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH\-ECDSA\-AES128\-SHA256 +\& TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH\-ECDSA\-AES128\-SHA +\& TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH\-ECDSA\-AES256\-SHA384 +\& TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH\-ECDSA\-AES256\-SHA +\& TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH\-ECDSA\-AES256\-GCM\-SHA384 +\& TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH\-ECDSA\-CAMELLIA128\-SHA256 +\& TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH\-ECDSA\-CAMELLIA256\-SHA384 +\& TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH\-ECDSA\-RC4\-SHA +\& TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH\-RSA\-DES\-CBC3\-SHA +\& TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH\-RSA\-AES128\-SHA256 +\& TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH\-RSA\-AES128\-SHA +\& TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH\-RSA\-AES256\-SHA384 +\& TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH\-RSA\-AES256\-SHA +\& TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH\-RSA\-AES256\-GCM\-SHA384 +\& TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH\-RSA\-CAMELLIA128\-SHA256 +\& TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH\-RSA\-CAMELLIA256\-SHA384 +\& TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH\-RSA\-RC4\-SHA +\& TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE\-ECDSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE\-ECDSA\-AES128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE\-ECDSA\-AES128\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE\-ECDSA\-AES128\-CCM8 +\& TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE\-ECDSA\-AES128\-CCM +\& TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE\-ECDSA\-AES256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE\-ECDSA\-AES256\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE\-ECDSA\-AES256\-CCM8 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE\-ECDSA\-AES256\-CCM +\& TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE\-ECDSA\-AES256\-GCM\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE\-ECDSA\-ARIA128\-CBC\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ECDSA\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE\-ECDSA\-ARIA256\-CBC\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ECDSA\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-ECDSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-ECDSA\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-ECDSA\-CHACHA20\-POLY1305 +\& TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE\-ECDSA\-RC4\-SHA +\& TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 ECDHE\-ECDSA\-SM4\-CCM\-SM3 +\& TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 ECDHE\-ECDSA\-SM4\-GCM\-SM3 +\& TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE\-RSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE\-RSA\-AES128\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE\-RSA\-AES128\-SHA +\& TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE\-RSA\-AES128\-CCM8 +\& TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE\-RSA\-AES128\-CCM +\& TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE\-RSA\-AES256\-SHA384 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE\-RSA\-AES256\-SHA +\& TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE\-RSA\-AES256\-CCM8 +\& TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE\-RSA\-AES256\-CCM +\& TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE\-RSA\-AES256\-GCM\-SHA384 +\& TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE\-RSA\-ARIA128\-CBC\-SHA256 +\& TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-RSA\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE\-RSA\-ARIA256\-CBC\-SHA384 +\& TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-RSA\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-RSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-RSA\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE\-RSA\-RC4\-SHA +\& TLS_ECDHE_RSA_WITH_SM4_CCM_SM3 ECDHE\-RSA\-SM4\-CCM\-SM3 +\& TLS_ECDHE_RSA_WITH_SM4_GCM_SM3 ECDHE\-RSA\-SM4\-GCM\-SM3 +\& TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE\-PSK\-DES\-CBC3\-SHA +\& TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE\-PSK\-AES128\-CBC\-SHA256 +\& TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE\-PSK\-AES128\-CBC\-SHA +\& TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE\-PSK\-AES128\-CCM8 +\& TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE\-PSK\-AES128\-CCM +\& TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE\-PSK\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE\-PSK\-AES256\-CBC\-SHA384 +\& TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE\-PSK\-AES256\-CBC\-SHA +\& TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE\-PSK\-AES256\-GCM\-SHA384 +\& TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE\-PSK\-ARIA128\-CBC\-SHA256 +\& TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE\-PSK\-ARIA256\-CBC\-SHA384 +\& TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-PSK\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-PSK\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE\-PSK\-RC4\-SHA +\& TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE\-PSK\-SM4\-CCM\-SM3 +\& TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE\-PSK\-SM4\-GCM\-SM3 +.Ve +.SS "Pre\-shared keying (PSK) cipher suites" .IX Subsection "Pre-shared keying (PSK) cipher suites" -.Vb 3 -\& PSK_WITH_NULL_SHA PSK\-NULL\-SHA -\& DHE_PSK_WITH_NULL_SHA DHE\-PSK\-NULL\-SHA -\& RSA_PSK_WITH_NULL_SHA RSA\-PSK\-NULL\-SHA -\& -\& PSK_WITH_RC4_128_SHA PSK\-RC4\-SHA -\& PSK_WITH_3DES_EDE_CBC_SHA PSK\-3DES\-EDE\-CBC\-SHA -\& PSK_WITH_AES_128_CBC_SHA PSK\-AES128\-CBC\-SHA -\& PSK_WITH_AES_256_CBC_SHA PSK\-AES256\-CBC\-SHA -\& -\& DHE_PSK_WITH_RC4_128_SHA DHE\-PSK\-RC4\-SHA -\& DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE\-PSK\-3DES\-EDE\-CBC\-SHA -\& DHE_PSK_WITH_AES_128_CBC_SHA DHE\-PSK\-AES128\-CBC\-SHA -\& DHE_PSK_WITH_AES_256_CBC_SHA DHE\-PSK\-AES256\-CBC\-SHA -\& -\& RSA_PSK_WITH_RC4_128_SHA RSA\-PSK\-RC4\-SHA -\& RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA\-PSK\-3DES\-EDE\-CBC\-SHA -\& RSA_PSK_WITH_AES_128_CBC_SHA RSA\-PSK\-AES128\-CBC\-SHA -\& RSA_PSK_WITH_AES_256_CBC_SHA RSA\-PSK\-AES256\-CBC\-SHA -\& -\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 -\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 -\& DHE_PSK_WITH_AES_128_GCM_SHA256 DHE\-PSK\-AES128\-GCM\-SHA256 -\& DHE_PSK_WITH_AES_256_GCM_SHA384 DHE\-PSK\-AES256\-GCM\-SHA384 -\& RSA_PSK_WITH_AES_128_GCM_SHA256 RSA\-PSK\-AES128\-GCM\-SHA256 -\& RSA_PSK_WITH_AES_256_GCM_SHA384 RSA\-PSK\-AES256\-GCM\-SHA384 -\& -\& PSK_WITH_AES_128_CBC_SHA256 PSK\-AES128\-CBC\-SHA256 -\& PSK_WITH_AES_256_CBC_SHA384 PSK\-AES256\-CBC\-SHA384 -\& PSK_WITH_NULL_SHA256 PSK\-NULL\-SHA256 -\& PSK_WITH_NULL_SHA384 PSK\-NULL\-SHA384 -\& DHE_PSK_WITH_AES_128_CBC_SHA256 DHE\-PSK\-AES128\-CBC\-SHA256 -\& DHE_PSK_WITH_AES_256_CBC_SHA384 DHE\-PSK\-AES256\-CBC\-SHA384 -\& DHE_PSK_WITH_NULL_SHA256 DHE\-PSK\-NULL\-SHA256 -\& DHE_PSK_WITH_NULL_SHA384 DHE\-PSK\-NULL\-SHA384 -\& RSA_PSK_WITH_AES_128_CBC_SHA256 RSA\-PSK\-AES128\-CBC\-SHA256 -\& RSA_PSK_WITH_AES_256_CBC_SHA384 RSA\-PSK\-AES256\-CBC\-SHA384 -\& RSA_PSK_WITH_NULL_SHA256 RSA\-PSK\-NULL\-SHA256 -\& RSA_PSK_WITH_NULL_SHA384 RSA\-PSK\-NULL\-SHA384 -\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 -\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 -\& -\& ECDHE_PSK_WITH_RC4_128_SHA ECDHE\-PSK\-RC4\-SHA -\& ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE\-PSK\-3DES\-EDE\-CBC\-SHA -\& ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE\-PSK\-AES128\-CBC\-SHA -\& ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE\-PSK\-AES256\-CBC\-SHA -\& ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE\-PSK\-AES128\-CBC\-SHA256 -\& ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE\-PSK\-AES256\-CBC\-SHA384 -\& ECDHE_PSK_WITH_NULL_SHA ECDHE\-PSK\-NULL\-SHA -\& ECDHE_PSK_WITH_NULL_SHA256 ECDHE\-PSK\-NULL\-SHA256 -\& ECDHE_PSK_WITH_NULL_SHA384 ECDHE\-PSK\-NULL\-SHA384 -\& -\& PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK\-CAMELLIA128\-SHA256 -\& PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK\-CAMELLIA256\-SHA384 -\& -\& DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE\-PSK\-CAMELLIA128\-SHA256 -\& DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE\-PSK\-CAMELLIA256\-SHA384 -\& -\& RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA\-PSK\-CAMELLIA128\-SHA256 -\& RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA\-PSK\-CAMELLIA256\-SHA384 -\& -\& ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-PSK\-CAMELLIA128\-SHA256 -\& ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-PSK\-CAMELLIA256\-SHA384 -\& -\& PSK_WITH_AES_128_CCM PSK\-AES128\-CCM -\& PSK_WITH_AES_256_CCM PSK\-AES256\-CCM -\& DHE_PSK_WITH_AES_128_CCM DHE\-PSK\-AES128\-CCM -\& DHE_PSK_WITH_AES_256_CCM DHE\-PSK\-AES256\-CCM -\& PSK_WITH_AES_128_CCM_8 PSK\-AES128\-CCM8 -\& PSK_WITH_AES_256_CCM_8 PSK\-AES256\-CCM8 -\& DHE_PSK_WITH_AES_128_CCM_8 DHE\-PSK\-AES128\-CCM8 -\& DHE_PSK_WITH_AES_256_CCM_8 DHE\-PSK\-AES256\-CCM8 +.Vb 10 +\& TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE\-PSK\-AES128\-CBC\-SHA256 +\& TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE\-PSK\-AES128\-CBC\-SHA +\& TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE\-PSK\-AES128\-CCM8 +\& TLS_DHE_PSK_WITH_AES_128_CCM DHE\-PSK\-AES128\-CCM +\& TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE\-PSK\-AES128\-GCM\-SHA256 +\& TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE\-PSK\-AES256\-CBC\-SHA384 +\& TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE\-PSK\-AES256\-CBC\-SHA +\& TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE\-PSK\-AES256\-CCM8 +\& TLS_DHE_PSK_WITH_AES_256_CCM DHE\-PSK\-AES256\-CCM +\& TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE\-PSK\-AES256\-GCM\-SHA384 +\& TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE\-PSK\-ARIA128\-CBC\-SHA256 +\& TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE\-PSK\-ARIA256\-CBC\-SHA384 +\& TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_DHE_PSK_WITH_SM4_CCM_SM3 DHE\-PSK\-SM4\-CCM\-SM3 +\& TLS_DHE_PSK_WITH_SM4_GCM_SM3 DHE\-PSK\-SM4\-GCM\-SM3 +\& TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE\-PSK\-DES\-CBC3\-SHA +\& TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE\-PSK\-AES128\-CBC\-SHA256 +\& TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE\-PSK\-AES128\-CBC\-SHA +\& TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE\-PSK\-AES128\-CCM8 +\& TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE\-PSK\-AES128\-CCM +\& TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE\-PSK\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE\-PSK\-AES256\-CBC\-SHA384 +\& TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE\-PSK\-AES256\-CBC\-SHA +\& TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE\-PSK\-AES256\-GCM\-SHA384 +\& TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE\-PSK\-ARIA128\-CBC\-SHA256 +\& TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE\-PSK\-ARIA256\-CBC\-SHA384 +\& TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-PSK\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-PSK\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE\-PSK\-RC4\-SHA +\& TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE\-PSK\-SM4\-CCM\-SM3 +\& TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE\-PSK\-SM4\-GCM\-SM3 +\& TLS_PSK_WITH_AES_128_CBC_SHA256 PSK\-AES128\-CBC\-SHA256 +\& TLS_PSK_WITH_AES_128_CBC_SHA PSK\-AES128\-CBC\-SHA +\& TLS_PSK_WITH_AES_128_CCM_8 PSK\-AES128\-CCM8 +\& TLS_PSK_WITH_AES_128_CCM PSK\-AES128\-CCM +\& TLS_PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& TLS_PSK_WITH_AES_256_CBC_SHA384 PSK\-AES256\-CBC\-SHA384 +\& TLS_PSK_WITH_AES_256_CBC_SHA PSK\-AES256\-CBC\-SHA +\& TLS_PSK_WITH_AES_256_CCM_8 PSK\-AES256\-CCM8 +\& TLS_PSK_WITH_AES_256_CCM PSK\-AES256\-CCM +\& TLS_PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK\-ARIA128\-CBC\-SHA256 +\& TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK\-ARIA128\-GCM\-SHA256 +\& TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK\-ARIA256\-GCM\-SHA384 +\& TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK\-CHACHA20\-POLY1305 +\& TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA\-PSK\-AES128\-CBC\-SHA256 +\& TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA\-PSK\-AES128\-CBC\-SHA +\& TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA\-PSK\-AES128\-GCM\-SHA256 +\& TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA\-PSK\-AES256\-CBC\-SHA384 +\& TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA\-PSK\-AES256\-CBC\-SHA +\& TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA\-PSK\-AES256\-GCM\-SHA384 +\& TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA\-PSK\-ARIA128\-CBC\-SHA256 +\& TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA\-PSK\-ARIA256\-CBC\-SHA384 +\& TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA\-PSK\-CHACHA20\-POLY1305 +\& TLS_RSA_PSK_WITH_SM4_CCM_SM3 RSA\-PSK\-SM4\-CCM\-SM3 +\& TLS_RSA_PSK_WITH_SM4_GCM_SM3 RSA\-PSK\-SM4\-GCM\-SM3 .Ve -.SS "ChaCha20\-Poly1305 cipher suites, extending \s-1TLS\s0 v1.2" -.IX Subsection "ChaCha20-Poly1305 cipher suites, extending TLS v1.2" -.Vb 7 -\& TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-RSA\-CHACHA20\-POLY1305 -\& TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-ECDSA\-CHACHA20\-POLY1305 -\& TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE\-RSA\-CHACHA20\-POLY1305 -\& TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK\-CHACHA20\-POLY1305 -\& TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-PSK\-CHACHA20\-POLY1305 -\& TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE\-PSK\-CHACHA20\-POLY1305 -\& TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA\-PSK\-CHACHA20\-POLY1305 +.SS "Other TLS v1.2 cipher suites" +.IX Subsection "Other TLS v1.2 cipher suites" +.Vb 10 +\& TLS_RSA_WITH_NULL_MD5 NULL\-MD5 +\& TLS_RSA_WITH_NULL_SHA NULL\-SHA +\& TLS_RSA_WITH_NULL_SHA256 NULL\-SHA256 +\& TLS_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& TLS_RSA_WITH_RC4_128_SHA RC4\-SHA +\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& TLS_RSA_WITH_SM4_CCM_SM3 SM4\-CCM\-SM3 +\& TLS_RSA_WITH_SM4_GCM_SM3 SM4\-GCM\-SM3 +\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& TLS_DHE_RSA_WITH_SM4_CCM_SM3 DHE\-RSA\-SM4\-CCM\-SM3 +\& TLS_DHE_RSA_WITH_SM4_GCM_SM3 DHE\-RSA\-SM4\-GCM\-SM3 +\& TLS_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA .Ve -.SS "\s-1TLS\s0 v1.3 cipher suites" +.SS "TLS v1.3 cipher suites" .IX Subsection "TLS v1.3 cipher suites" .Vb 5 \& TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 @@ -822,27 +849,27 @@ \& TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 \& TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 .Ve -.SS "Older names used by OpenSSL" -.IX Subsection "Older names used by OpenSSL" +.SS """EDH\-"" aliases to ""DHE\-"" names for backward compatibility" +.IX Subsection """EDH-"" aliases to ""DHE-"" names for backward compatibility" The following names are accepted by older releases: .PP .Vb 2 -\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA (DHE\-RSA\-DES\-CBC3\-SHA) -\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA (DHE\-DSS\-DES\-CBC3\-SHA) +\& EDH\-RSA\-DES\-CBC3\-SHA \- alias of DHE\-RSA\-DES\-CBC3\-SHA +\& EDH\-DSS\-DES\-CBC3\-SHA \- alias of DHE\-DSS\-DES\-CBC3\-SHA .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" Some compiled versions of OpenSSL may not include all the ciphers listed here because some ciphers were excluded at compile time. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: +Verbose listing of all OpenSSL ciphers including NULL ciphers: .PP .Vb 1 \& openssl ciphers \-v \*(AqALL:eNULL\*(Aq .Ve .PP -Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by +Include all ciphers except NULL and anonymous DH then sort by strength: .PP .Vb 1 @@ -856,19 +883,13 @@ \& openssl ciphers \-v \*(AqALL:!aNULL\*(Aq .Ve .PP -Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: -.PP -.Vb 1 -\& openssl ciphers \-v \*(Aq3DES:+RSA\*(Aq -.Ve -.PP -Include all \s-1RC4\s0 ciphers but leave out those without authentication: +Include only AES ciphers and then place RSA ciphers last: .PP .Vb 1 -\& openssl ciphers \-v \*(AqRC4:!COMPLEMENTOFDEFAULT\*(Aq +\& openssl ciphers \-v \*(AqAES:+RSA\*(Aq .Ve .PP -Include all ciphers with \s-1RSA\s0 authentication but leave out ciphers without +Include all ciphers with RSA authentication but leave out ciphers without encryption. .PP .Vb 1 @@ -886,19 +907,19 @@ \&\fBopenssl\-s_client\fR\|(1), \&\fBopenssl\-s_server\fR\|(1), \&\fBssl\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-V\fR option was added in OpenSSL 1.0.0. .PP The \fB\-stdname\fR is only available if OpenSSL is built with tracing enabled -(\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1. +(\fBenable\-ssl\-trace\fR argument to Configure) before OpenSSL 1.1.1. .PP The \fB\-convert\fR option was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-cmds.1.orig +++ secure/usr.bin/openssl/man/openssl-cmds.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,76 +53,17 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CMDS 1ossl" -.TH OPENSSL-CMDS 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-CMDS 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME asn1parse, ca, ciphers, @@ -190,18 +115,18 @@ version, x509 \&\- OpenSSL application commands -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fIcmd\fR \fB\-help\fR | [\fI\-option\fR | \fI\-option\fR \fIarg\fR] ... [\fIarg\fR] ... -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Every \fIcmd\fR listed above is a (sub\-)command of the \fBopenssl\fR\|(1) application. -It has its own detailed manual page at \fBopenssl\-\f(BIcmd\fB\fR(1). For example, to +It has its own detailed manual page at \fBopenssl\-\fR\f(BIcmd\fR(1). For example, to view the manual page for the \fBopenssl dgst\fR command, type \f(CW\*(C`man openssl\-dgst\*(C'\fR. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" Among others, every subcommand has a help option. -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message for the subcommand. .SH "SEE ALSO" @@ -257,21 +182,21 @@ \&\fBopenssl\-verify\fR\|(1), \&\fBopenssl\-version\fR\|(1), \&\fBopenssl\-x509\fR\|(1), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -Initially, the manual page entry for the \f(CW\*(C`openssl \f(CIcmd\f(CW\*(C'\fR command used -to be available at \fIcmd\fR(1). Later, the alias \fBopenssl\-\f(BIcmd\fB\fR(1) was +Initially, the manual page entry for the \f(CW\*(C`openssl \fR\f(CIcmd\fR\f(CW\*(C'\fR command used +to be available at \fIcmd\fR(1). Later, the alias \fBopenssl\-\fR\f(BIcmd\fR(1) was introduced, which made it easier to group the openssl commands using -the \fBapropos\fR\|(1) command or the shell's tab completion. +the \fBapropos\fR\|(1) command or the shell\*(Aqs tab completion. .PP In order to reduce cluttering of the global manual page namespace, -the manual page entries without the 'openssl\-' prefix have been +the manual page entries without the \*(Aqopenssl\-\*(Aq prefix have been deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-cmp.1.orig +++ secure/usr.bin/openssl/man/openssl-cmp.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CMP 1ossl" -.TH OPENSSL-CMP 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-CMP 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-cmp \- Certificate Management Protocol (CMP, RFC 4210) application -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBcmp\fR [\fB\-help\fR] @@ -230,7 +155,7 @@ [\fB\-rand\fR \fIfiles\fR] [\fB\-writerand\fR \fIfile\fR] .PP -\&\s-1TLS\s0 connection options: +TLS connection options: .PP [\fB\-tls_used\fR] [\fB\-tls_cert\fR \fIfilename\fR|\fIuri\fR] @@ -240,7 +165,7 @@ [\fB\-tls_trusted\fR \fIfilenames\fR|\fIuris\fR] [\fB\-tls_host\fR \fIname\fR] .PP -Client-side debugging options: +Client\-side debugging options: .PP [\fB\-batch\fR] [\fB\-repeat\fR \fInumber\fR] @@ -279,7 +204,7 @@ [\fB\-accept_unprot_err\fR] [\fB\-accept_raverified\fR] .PP -Certificate verification options, for both \s-1CMP\s0 and \s-1TLS:\s0 +Certificate verification options, for both CMP and TLS: .PP [\fB\-allow_proxy_certs\fR] [\fB\-attime\fR \fItimestamp\fR] @@ -311,16 +236,16 @@ [\fB\-verify_name\fR \fIname\fR] [\fB\-x509_strict\fR] [\fB\-issuer_checks\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The \fBcmp\fR command is a client implementation for the Certificate -Management Protocol (\s-1CMP\s0) as defined in \s-1RFC4210.\s0 -It can be used to request certificates from a \s-1CA\s0 server, +Management Protocol (CMP) as defined in RFC4210. +It can be used to request certificates from a CA server, update their certificates, -request certificates to be revoked, and perform other types of \s-1CMP\s0 requests. -.SH "OPTIONS" +request certificates to be revoked, and perform other types of CMP requests. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Display a summary of all options .IP "\fB\-config\fR \fIfilename\fR" 4 @@ -330,26 +255,26 @@ Default filename is from the environment variable \f(CW\*(C`OPENSSL_CONF\*(C'\fR. .IP "\fB\-section\fR \fInames\fR" 4 .IX Item "-section names" -Section(s) to use within config file defining \s-1CMP\s0 options. +Section(s) to use within config file defining CMP options. An empty string \f(CW""\fR means no specific section. Default is \f(CW\*(C`cmp\*(C'\fR. .Sp Multiple section names may be given, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +(where in the latter case the whole argument must be enclosed in "..."). Contents of sections named later may override contents of sections named before. In any case, as usual, the \f(CW\*(C`[default]\*(C'\fR section and finally the unnamed -section (as far as present) can provide per-option fallback values. +section (as far as present) can provide per\-option fallback values. .IP "\fB\-verbosity\fR \fIlevel\fR" 4 .IX Item "-verbosity level" Level of verbosity for logging, error output, etc. -0 = \s-1EMERG, 1\s0 = \s-1ALERT, 2\s0 = \s-1CRIT, 3\s0 = \s-1ERR, 4\s0 = \s-1WARN, 5\s0 = \s-1NOTE, -6\s0 = \s-1INFO, 7\s0 = \s-1DEBUG, 8\s0 = \s-1TRACE.\s0 -Defaults to 6 = \s-1INFO.\s0 +0 = EMERG, 1 = ALERT, 2 = CRIT, 3 = ERR, 4 = WARN, 5 = NOTE, +6 = INFO, 7 = DEBUG, 8 = TRACE. +Defaults to 6 = INFO. .SS "Generic message options" .IX Subsection "Generic message options" .IP "\fB\-cmd\fR \fIir|cr|kur|p10cr|rr|genm\fR" 4 .IX Item "-cmd ir|cr|kur|p10cr|rr|genm" -\&\s-1CMP\s0 command to execute. +CMP command to execute. Currently implemented commands are: .RS 4 .IP "ir \ \- Initialization Request" 8 @@ -365,18 +290,18 @@ .IX Item "rr - Revocation Request" .IP "genm \- General Message" 8 .IX Item "genm - General Message" +.PD .RE .RS 4 -.PD .Sp -\&\fBir\fR requests initialization of an end entity into a \s-1PKI\s0 hierarchy +\&\fBir\fR requests initialization of an end entity into a PKI hierarchy by issuing a first certificate. .Sp \&\fBcr\fR requests issuing an additional certificate for an end entity already -initialized to the \s-1PKI\s0 hierarchy. +initialized to the PKI hierarchy. .Sp \&\fBp10cr\fR requests issuing an additional certificate similarly to \fBcr\fR -but using legacy PKCS#10 \s-1CSR\s0 format. +but using legacy PKCS#10 CSR format. .Sp \&\fBkur\fR requests a (key) update for an existing certificate. .Sp @@ -385,7 +310,7 @@ \&\fBgenm\fR requests information using a General Message, where optionally included \fBInfoTypeAndValue\fRs may be used to state which info is of interest. Upon receipt of the General Response, information about all received -\&\s-1ITAV\s0 \fBinfoType\fRs is printed to stdout. +ITAV \fBinfoType\fRs is printed to stdout. .RE .IP "\fB\-infotype\fR \fIname\fR" 4 .IX Item "-infotype name" @@ -393,20 +318,20 @@ e.g., \f(CW\*(C`signKeyPairTypes\*(C'\fR. .IP "\fB\-geninfo\fR \fIOID:int:N\fR" 4 .IX Item "-geninfo OID:int:N" -generalInfo integer values to place in request PKIHeader with given \s-1OID,\s0 +generalInfo integer values to place in request PKIHeader with given OID, e.g., \f(CW\*(C`1.2.3.4:int:56789\*(C'\fR. .SS "Certificate enrollment options" .IX Subsection "Certificate enrollment options" .IP "\fB\-newkey\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-newkey filename|uri" The source of the private or public key for the certificate being requested. -Defaults to the public key in the PKCS#10 \s-1CSR\s0 given with the \fB\-csr\fR option, +Defaults to the public key in the PKCS#10 CSR given with the \fB\-csr\fR option, the public key of the reference certificate, or the current client key. .Sp The public portion of the key is placed in the certification request. .Sp Unless \fB\-cmd\fR \fIp10cr\fR, \fB\-popo\fR \fI\-1\fR, or \fB\-popo\fR \fI0\fR is given, the -private key will be needed as well to provide the proof of possession (\s-1POPO\s0), +private key will be needed as well to provide the proof of possession (POPO), where the \fB\-key\fR option may provide a fallback. .IP "\fB\-newkeypass\fR \fIarg\fR" 4 .IX Item "-newkeypass arg" @@ -417,34 +342,34 @@ \&\fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-subject\fR \fIname\fR" 4 .IX Item "-subject name" -X509 Distinguished Name (\s-1DN\s0) of subject to use in the requested certificate +X509 Distinguished Name (DN) of subject to use in the requested certificate template. -If the NULL-DN (\f(CW"/"\fR) is given then no subject is placed in the template. -Default is the subject \s-1DN\s0 of any PKCS#10 \s-1CSR\s0 given with the \fB\-csr\fR option. -For \s-1KUR,\s0 a further fallback is the subject \s-1DN\s0 +If the NULL\-DN (\f(CW"/"\fR) is given then no subject is placed in the template. +Default is the subject DN of any PKCS#10 CSR given with the \fB\-csr\fR option. +For KUR, a further fallback is the subject DN of the reference certificate (see \fB\-oldcert\fR) if provided. -This fallback is used for \s-1IR\s0 and \s-1CR\s0 only if no SANs are set. +This fallback is used for IR and CR only if no SANs are set. .Sp If provided and neither \fB\-cert\fR nor \fB\-oldcert\fR is given, -the subject \s-1DN\s0 is used as fallback sender of outgoing \s-1CMP\s0 messages. +the subject DN is used as fallback sender of outgoing CMP messages. .Sp The argument must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. Special characters may be escaped by \f(CW\*(C`\e\*(C'\fR (backslash); whitespace is retained. Empty values are permitted, but the corresponding type will not be included. -Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL-DN). -Multi-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR +Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL\-DN). +Multi\-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR between the AttributeValueAssertions (AVAs) that specify the members of the set. Example: .Sp \&\f(CW\*(C`/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\*(C'\fR .IP "\fB\-issuer\fR \fIname\fR" 4 .IX Item "-issuer name" -X509 issuer Distinguished Name (\s-1DN\s0) of the \s-1CA\s0 server -to place in the requested certificate template in \s-1IR/CR/KUR.\s0 -If the NULL-DN (\f(CW"/"\fR) is given then no issuer is placed in the template. +X509 issuer Distinguished Name (DN) of the CA server +to place in the requested certificate template in IR/CR/KUR. +If the NULL\-DN (\f(CW"/"\fR) is given then no issuer is placed in the template. .Sp If provided and neither \fB\-recipient\fR nor \fB\-srvcert\fR is given, -the issuer \s-1DN\s0 is used as fallback recipient of outgoing \s-1CMP\s0 messages. +the issuer DN is used as fallback recipient of outgoing CMP messages. .Sp The argument must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. For details see the description of the \fB\-subject\fR option. @@ -458,15 +383,15 @@ .IX Item "-reqexts name" Name of section in OpenSSL config file defining certificate request extensions. If the \fB\-csr\fR option is present, these extensions augment the extensions -contained the given PKCS#10 \s-1CSR,\s0 overriding any extensions with same OIDs. +contained the given PKCS#10 CSR, overriding any extensions with same OIDs. .IP "\fB\-sans\fR \fIspec\fR" 4 .IX Item "-sans spec" -One or more \s-1IP\s0 addresses, \s-1DNS\s0 names, or URIs separated by commas or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R") -to add as Subject Alternative Name(s) (\s-1SAN\s0) certificate request extension. -If the special element \*(L"critical\*(R" is given the SANs are flagged as critical. +One or more IP addresses, DNS names, or URIs separated by commas or whitespace +(where in the latter case the whole argument must be enclosed in "...") +to add as Subject Alternative Name(s) (SAN) certificate request extension. +If the special element "critical" is given the SANs are flagged as critical. Cannot be used if any Subject Alternative Name extension is set via \fB\-reqexts\fR. -.IP "\fB\-san_nodefault\fR" 4 +.IP \fB\-san_nodefault\fR 4 .IX Item "-san_nodefault" When Subject Alternative Names are not given via \fB\-sans\fR nor defined via \fB\-reqexts\fR, @@ -479,33 +404,33 @@ This option cannot be used together with \fB\-policy_oids\fR. .IP "\fB\-policy_oids\fR \fInames\fR" 4 .IX Item "-policy_oids names" -One or more \s-1OID\s0(s), separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R") +One or more OID(s), separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "...") to add as certificate policies request extension. This option cannot be used together with \fB\-policies\fR. -.IP "\fB\-policy_oids_critical\fR" 4 +.IP \fB\-policy_oids_critical\fR 4 .IX Item "-policy_oids_critical" Flag the policies given with \fB\-policy_oids\fR as critical. .IP "\fB\-popo\fR \fInumber\fR" 4 .IX Item "-popo number" -Proof-of-possession (\s-1POPO\s0) method to use for \s-1IR/CR/KUR\s0; values: \f(CW\*(C`\-1\*(C'\fR..<2> where -\&\f(CW\*(C`\-1\*(C'\fR = \s-1NONE,\s0 \f(CW0\fR = \s-1RAVERIFIED,\s0 \f(CW1\fR = \s-1SIGNATURE\s0 (default), \f(CW2\fR = \s-1KEYENC.\s0 +Proof\-of\-possession (POPO) method to use for IR/CR/KUR; values: \f(CW\-1\fR..<2> where +\&\f(CW\-1\fR = NONE, \f(CW0\fR = RAVERIFIED, \f(CW1\fR = SIGNATURE (default), \f(CW2\fR = KEYENC. .Sp -Note that a signature-based \s-1POPO\s0 can only be produced if a private key +Note that a signature\-based POPO can only be produced if a private key is provided via the \fB\-newkey\fR or \fB\-key\fR options. .IP "\fB\-csr\fR \fIfilename\fR" 4 .IX Item "-csr filename" -PKCS#10 \s-1CSR\s0 in \s-1PEM\s0 or \s-1DER\s0 format containing a certificate request. +PKCS#10 CSR in PEM or DER format containing a certificate request. With \fB\-cmd\fR \fIp10cr\fR it is used directly in a legacy P10CR message. .Sp When used with \fB\-cmd\fR \fIir\fR, \fIcr\fR, or \fIkur\fR, -it is transformed into the respective regular \s-1CMP\s0 request. +it is transformed into the respective regular CMP request. In this case, a private key must be provided (with \fB\-newkey\fR or \fB\-key\fR) for the proof of possession (unless \fB\-popo\fR \fI\-1\fR or \fB\-popo\fR \fI0\fR is used) and the respective public key is placed in the certification request -(rather than taking over the public key contained in the PKCS#10 \s-1CSR\s0). +(rather than taking over the public key contained in the PKCS#10 CSR). .Sp -PKCS#10 \s-1CSR\s0 input may also be used with \fB\-cmd\fR \fIrr\fR +PKCS#10 CSR input may also be used with \fB\-cmd\fR \fIrr\fR to specify the certificate to be revoked via the included subject name and public key. .IP "\fB\-out_trusted\fR \fIfilenames\fR|\fIuris\fR" 4 @@ -514,21 +439,21 @@ During this verification, any certificate status checking is disabled. .Sp Multiple sources may be given, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +(where in the latter case the whole argument must be enclosed in "..."). Each source may contain multiple certificates. .Sp The certificate verification options \&\fB\-verify_hostname\fR, \fB\-verify_ip\fR, and \fB\-verify_email\fR only affect the certificate verification enabled via this option. -.IP "\fB\-implicit_confirm\fR" 4 +.IP \fB\-implicit_confirm\fR 4 .IX Item "-implicit_confirm" Request implicit confirmation of newly enrolled certificates. -.IP "\fB\-disable_confirm\fR" 4 +.IP \fB\-disable_confirm\fR 4 .IX Item "-disable_confirm" Do not send certificate confirmation message for newly enrolled certificate without requesting implicit confirmation to cope with broken servers not supporting implicit confirmation correctly. -\&\fB\s-1WARNING:\s0\fR This leads to behavior violating \s-1RFC 4210.\s0 +\&\fBWARNING:\fR This leads to behavior violating RFC 4210. .IP "\fB\-certout\fR \fIfilename\fR" 4 .IX Item "-certout filename" The file where the newly enrolled certificate should be saved. @@ -539,25 +464,25 @@ .IX Subsection "Certificate enrollment and revocation options" .IP "\fB\-oldcert\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-oldcert filename|uri" -The certificate to be updated (i.e., renewed or re-keyed) in Key Update Request -(\s-1KUR\s0) messages or to be revoked in Revocation Request (\s-1RR\s0) messages. -For \s-1KUR\s0 the certificate to be updated defaults to \fB\-cert\fR, +The certificate to be updated (i.e., renewed or re\-keyed) in Key Update Request +(KUR) messages or to be revoked in Revocation Request (RR) messages. +For KUR the certificate to be updated defaults to \fB\-cert\fR, and the resulting certificate is called \fIreference certificate\fR. -For \s-1RR\s0 the certificate to be revoked can also be specified using \fB\-csr\fR. +For RR the certificate to be revoked can also be specified using \fB\-csr\fR. .Sp The reference certificate, if any, is also used for -deriving default subject \s-1DN\s0 and Subject Alternative Names and the -default issuer entry in the requested certificate template of an \s-1IR/CR/KUR.\s0 +deriving default subject DN and Subject Alternative Names and the +default issuer entry in the requested certificate template of an IR/CR/KUR. Its public key is used as a fallback in the template of certification requests. Its subject is used as sender of outgoing messages if \fB\-cert\fR is not given. -Its issuer is used as default recipient in \s-1CMP\s0 message headers +Its issuer is used as default recipient in CMP message headers if neither \fB\-recipient\fR, \fB\-srvcert\fR, nor \fB\-issuer\fR is given. .IP "\fB\-revreason\fR \fInumber\fR" 4 .IX Item "-revreason number" -Set CRLReason to be included in revocation request (\s-1RR\s0); values: \f(CW0\fR..\f(CW10\fR -or \f(CW\*(C`\-1\*(C'\fR for none (which is the default). +Set CRLReason to be included in revocation request (RR); values: \f(CW0\fR..\f(CW10\fR +or \f(CW\-1\fR for none (which is the default). .Sp -Reason numbers defined in \s-1RFC 5280\s0 are: +Reason numbers defined in RFC 5280 are: .Sp .Vb 10 \& CRLReason ::= ENUMERATED { @@ -578,8 +503,11 @@ .IX Subsection "Message transfer options" .IP "\fB\-server\fR \fI[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\fR" 4 .IX Item "-server [http[s]://][userinfo@]host[:port][/path][?query][#fragment]" -The \s-1DNS\s0 hostname or \s-1IP\s0 address and optionally port -of the \s-1CMP\s0 server to connect to using \s-1HTTP\s0(S). +The \fIhost\fR domain name or IP address and optionally \fIport\fR +of the CMP server to connect to using HTTP(S). +IP address may be for v4 or v6, such as \f(CW127.0.0.1\fR or \f(CW\*(C`[::1]\*(C'\fR for localhost. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +.Sp This option excludes \fI\-port\fR and \fI\-use_mock_srv\fR. It is ignored if \fI\-rspin\fR is given with enough filename arguments. .Sp @@ -590,52 +518,53 @@ If a path is included it provides the default value for the \fB\-path\fR option. .IP "\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\fR" 4 .IX Item "-proxy [http[s]://][userinfo@]host[:port][/path][?query][#fragment]" -The \s-1HTTP\s0(S) proxy server to use for reaching the \s-1CMP\s0 server unless \fB\-no_proxy\fR +The HTTP(S) proxy server to use for reaching the CMP server unless \fB\-no_proxy\fR applies, see below. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. The proxy port defaults to 80 or 443 if the scheme is \f(CW\*(C`https\*(C'\fR; apart from that -the optional \f(CW\*(C`http://\*(C'\fR or \f(CW\*(C`https://\*(C'\fR prefix is ignored (note that \s-1TLS\s0 may be +the optional \f(CW\*(C`http://\*(C'\fR or \f(CW\*(C`https://\*(C'\fR prefix is ignored (note that TLS may be selected by \fB\-tls_used\fR), as well as any path, userinfo, and query, and fragment components. Defaults to the environment variable \f(CW\*(C`http_proxy\*(C'\fR if set, else \f(CW\*(C`HTTP_PROXY\*(C'\fR -in case no \s-1TLS\s0 is used, otherwise \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. +in case no TLS is used, otherwise \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. This option is ignored if \fI\-server\fR is not given. .IP "\fB\-no_proxy\fR \fIaddresses\fR" 4 .IX Item "-no_proxy addresses" -List of \s-1IP\s0 addresses and/or \s-1DNS\s0 names of servers -not to use an \s-1HTTP\s0(S) proxy for, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +List of IP addresses and/or DNS names of servers +not to use an HTTP(S) proxy for, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). Default is from the environment variable \f(CW\*(C`no_proxy\*(C'\fR if set, else \f(CW\*(C`NO_PROXY\*(C'\fR. This option is ignored if \fI\-server\fR is not given. .IP "\fB\-recipient\fR \fIname\fR" 4 .IX Item "-recipient name" -Distinguished Name (\s-1DN\s0) to use in the recipient field of \s-1CMP\s0 request message -headers, i.e., the \s-1CMP\s0 server (usually the addressed \s-1CA\s0). +Distinguished Name (DN) to use in the recipient field of CMP request message +headers, i.e., the CMP server (usually the addressed CA). .Sp -The recipient field in the header of a \s-1CMP\s0 message is mandatory. +The recipient field in the header of a CMP message is mandatory. If not given explicitly the recipient is determined in the following order: -the subject of the \s-1CMP\s0 server certificate given with the \fB\-srvcert\fR option, +the subject of the CMP server certificate given with the \fB\-srvcert\fR option, the \fB\-issuer\fR option, the issuer of the certificate given with the \fB\-oldcert\fR option, -the issuer of the \s-1CMP\s0 client certificate (\fB\-cert\fR option), -as far as any of those is present, else the NULL-DN as last resort. +the issuer of the CMP client certificate (\fB\-cert\fR option), +as far as any of those is present, else the NULL\-DN as last resort. .Sp The argument must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. For details see the description of the \fB\-subject\fR option. .IP "\fB\-path\fR \fIremote_path\fR" 4 .IX Item "-path remote_path" -\&\s-1HTTP\s0 path at the \s-1CMP\s0 server (aka \s-1CMP\s0 alias) to use for \s-1POST\s0 requests. +HTTP path at the CMP server (aka CMP alias) to use for POST requests. Defaults to any path given with \fB\-server\fR, else \f(CW"/"\fR. .IP "\fB\-keep_alive\fR \fIvalue\fR" 4 .IX Item "-keep_alive value" -If the given value is 0 then \s-1HTTP\s0 connections are not kept open -after receiving a response, which is the default behavior for \s-1HTTP 1.0.\s0 +If the given value is 0 then HTTP connections are not kept open +after receiving a response, which is the default behavior for HTTP 1.0. If the value is 1 or 2 then persistent connections are requested. If the value is 2 then persistent connections are required, i.e., in case the server does not grant them an error occurs. The default value is 1, which means preferring to keep the connection open. .IP "\fB\-msg_timeout\fR \fIseconds\fR" 4 .IX Item "-msg_timeout seconds" -Number of seconds a \s-1CMP\s0 request-response message round trip +Number of seconds a CMP request\-response message round trip is allowed to take before a timeout error is returned. A value <= 0 means no limitation (waiting indefinitely). Default is to use the \fB\-total_timeout\fR setting. @@ -650,9 +579,9 @@ .IP "\fB\-trusted\fR \fIfilenames\fR|\fIuris\fR" 4 .IX Item "-trusted filenames|uris" The certificate(s), typically of root CAs, the client shall use as trust anchors -when validating signature-based protection of \s-1CMP\s0 response messages. +when validating signature\-based protection of CMP response messages. This option is ignored if the \fB\-srvcert\fR option is given as well. -It provides more flexibility than \fB\-srvcert\fR because the \s-1CMP\s0 protection +It provides more flexibility than \fB\-srvcert\fR because the CMP protection certificate of the server is not pinned but may be any certificate from which a chain to one of the given trust anchors can be constructed. .Sp @@ -660,7 +589,7 @@ errors will be thrown unless \fB\-unprotected_errors\fR permits an exception. .Sp Multiple sources may be given, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +(where in the latter case the whole argument must be enclosed in "..."). Each source may contain multiple certificates. .Sp The certificate verification options @@ -668,74 +597,74 @@ have no effect on the certificate verification enabled via this option. .IP "\fB\-untrusted\fR \fIfilenames\fR|\fIuris\fR" 4 .IX Item "-untrusted filenames|uris" -Non-trusted intermediate \s-1CA\s0 certificate(s). +Non\-trusted intermediate CA certificate(s). Any extra certificates given with the \fB\-cert\fR option are appended to it. All these certificates may be useful for cert path construction -for the own \s-1CMP\s0 signer certificate (to include in the extraCerts field of -request messages) and for the \s-1TLS\s0 client certificate (if \s-1TLS\s0 is enabled) +for the own CMP signer certificate (to include in the extraCerts field of +request messages) and for the TLS client certificate (if TLS is enabled) as well as for chain building -when validating server certificates (checking signature-based -\&\s-1CMP\s0 message protection) and when validating newly enrolled certificates. +when validating server certificates (checking signature\-based +CMP message protection) and when validating newly enrolled certificates. .Sp Multiple filenames or URLs may be given, separated by commas and/or whitespace. Each source may contain multiple certificates. .IP "\fB\-srvcert\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-srvcert filename|uri" -The specific \s-1CMP\s0 server certificate to expect and directly trust (even if it is -expired) when verifying signature-based protection of \s-1CMP\s0 response messages. +The specific CMP server certificate to expect and directly trust (even if it is +expired) when verifying signature\-based protection of CMP response messages. This pins the accepted server and results in ignoring the \fB\-trusted\fR option. .Sp If set, the subject of the certificate is also used -as default value for the recipient of \s-1CMP\s0 requests -and as default value for the expected sender of \s-1CMP\s0 responses. +as default value for the recipient of CMP requests +and as default value for the expected sender of CMP responses. .IP "\fB\-expect_sender\fR \fIname\fR" 4 .IX Item "-expect_sender name" -Distinguished Name (\s-1DN\s0) expected in the sender field of incoming \s-1CMP\s0 messages. -Defaults to the subject \s-1DN\s0 of the pinned \fB\-srvcert\fR, if any. +Distinguished Name (DN) expected in the sender field of incoming CMP messages. +Defaults to the subject DN of the pinned \fB\-srvcert\fR, if any. .Sp This can be used to make sure that only a particular entity is accepted as -\&\s-1CMP\s0 message signer, and attackers are not able to use arbitrary certificates -of a trusted \s-1PKI\s0 hierarchy to fraudulently pose as a \s-1CMP\s0 server. +CMP message signer, and attackers are not able to use arbitrary certificates +of a trusted PKI hierarchy to fraudulently pose as a CMP server. Note that this option gives slightly more freedom than setting the \fB\-srvcert\fR, which pins the server to the holder of a particular certificate, while the expected sender name will continue to match after updates of the server cert. .Sp The argument must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. For details see the description of the \fB\-subject\fR option. -.IP "\fB\-ignore_keyusage\fR" 4 +.IP \fB\-ignore_keyusage\fR 4 .IX Item "-ignore_keyusage" -Ignore key usage restrictions in \s-1CMP\s0 signer certificates when validating -signature-based protection of incoming \s-1CMP\s0 messages. -By default, \f(CW\*(C`digitalSignature\*(C'\fR must be allowed by \s-1CMP\s0 signer certificates. -.IP "\fB\-unprotected_errors\fR" 4 +Ignore key usage restrictions in CMP signer certificates when validating +signature\-based protection of incoming CMP messages. +By default, \f(CW\*(C`digitalSignature\*(C'\fR must be allowed by CMP signer certificates. +.IP \fB\-unprotected_errors\fR 4 .IX Item "-unprotected_errors" Accept missing or invalid protection of negative responses from the server. This applies to the following message types and contents: .RS 4 -.IP "\(bu" 4 +.IP \(bu 4 error messages -.IP "\(bu" 4 -negative certificate responses (\s-1IP/CP/KUP\s0) -.IP "\(bu" 4 -negative revocation responses (\s-1RP\s0) -.IP "\(bu" 4 +.IP \(bu 4 +negative certificate responses (IP/CP/KUP) +.IP \(bu 4 +negative revocation responses (RP) +.IP \(bu 4 negative PKIConf messages .RE .RS 4 .Sp -\&\fB\s-1WARNING:\s0\fR This setting leads to unspecified behavior and it is meant +\&\fBWARNING:\fR This setting leads to unspecified behavior and it is meant exclusively to allow interoperability with server implementations violating -\&\s-1RFC 4210,\s0 e.g.: -.IP "\(bu" 4 +RFC 4210, e.g.: +.IP \(bu 4 section 5.1.3.1 allows exceptions from protecting only for special cases: -\&\*(L"There \s-1MAY\s0 be cases in which the PKIProtection \s-1BIT STRING\s0 is deliberately not -used to protect a message [...] because other protection, external to \s-1PKIX,\s0 will -be applied instead.\*(R" -.IP "\(bu" 4 -section 5.3.21 is clear on ErrMsgContent: \*(L"The \s-1CA MUST\s0 always sign it -with a signature key.\*(R" -.IP "\(bu" 4 +"There MAY be cases in which the PKIProtection BIT STRING is deliberately not +used to protect a message [...] because other protection, external to PKIX, will +be applied instead." +.IP \(bu 4 +section 5.3.21 is clear on ErrMsgContent: "The CA MUST always sign it +with a signature key." +.IP \(bu 4 appendix D.4 shows PKIConf message having protection .RE .RS 4 @@ -746,61 +675,61 @@ of the last received response message (except for pollRep and PKIConf). .IP "\fB\-cacertsout\fR \fIfilename\fR" 4 .IX Item "-cacertsout filename" -The file where to save any \s-1CA\s0 certificates contained in the caPubs field of -the last received certificate response (i.e., \s-1IP, CP,\s0 or \s-1KUP\s0) message. +The file where to save any CA certificates contained in the caPubs field of +the last received certificate response (i.e., IP, CP, or KUP) message. .SS "Client authentication options" .IX Subsection "Client authentication options" .IP "\fB\-ref\fR \fIvalue\fR" 4 .IX Item "-ref value" Reference number/string/value to use as fallback senderKID; this is required if no sender name can be determined from the \fB\-cert\fR or <\-subject> options and -is typically used when authenticating with pre-shared key (password-based \s-1MAC\s0). +is typically used when authenticating with pre\-shared key (password\-based MAC). .IP "\fB\-secret\fR \fIarg\fR" 4 .IX Item "-secret arg" -Provides the source of a secret value to use with MAC-based message protection. +Provides the source of a secret value to use with MAC\-based message protection. This takes precedence over the \fB\-cert\fR and \fB\-key\fR options. -The secret is used for creating MAC-based protection of outgoing messages -and for validating incoming messages that have MAC-based protection. -The algorithm used by default is Password-Based Message Authentication Code (\s-1PBM\s0) -as defined in \s-1RFC 4210\s0 section 5.1.3.1. +The secret is used for creating MAC\-based protection of outgoing messages +and for validating incoming messages that have MAC\-based protection. +The algorithm used by default is Password\-Based Message Authentication Code (PBM) +as defined in RFC 4210 section 5.1.3.1. .Sp For more information about the format of \fIarg\fR see \&\fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-cert\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-cert filename|uri" -The client's current \s-1CMP\s0 signer certificate. +The client\*(Aqs current CMP signer certificate. Requires the corresponding key to be given with \fB\-key\fR. .Sp The subject and the public key contained in this certificate -serve as fallback values in the certificate template of \s-1IR/CR/KUR\s0 messages. +serve as fallback values in the certificate template of IR/CR/KUR messages. .Sp -The subject of this certificate will be used as sender of outgoing \s-1CMP\s0 messages, +The subject of this certificate will be used as sender of outgoing CMP messages, while the subject of \fB\-oldcert\fR or \fB\-subjectName\fR may provide fallback values. .Sp The issuer of this certificate is used as one of the recipient fallback values -and as fallback issuer entry in the certificate template of \s-1IR/CR/KUR\s0 messages. +and as fallback issuer entry in the certificate template of IR/CR/KUR messages. .Sp -When performing signature-based message protection, -this \*(L"protection certificate\*(R", also called \*(L"signer certificate\*(R", +When performing signature\-based message protection, +this "protection certificate", also called "signer certificate", will be included first in the extraCerts field of outgoing messages and the signature is done with the corresponding key. -In Initialization Request (\s-1IR\s0) messages this can be used for authenticating -using an external entity certificate as defined in appendix E.7 of \s-1RFC 4210.\s0 +In Initialization Request (IR) messages this can be used for authenticating +using an external entity certificate as defined in appendix E.7 of RFC 4210. .Sp -For Key Update Request (\s-1KUR\s0) messages this is also used as +For Key Update Request (KUR) messages this is also used as the certificate to be updated if the \fB\-oldcert\fR option is not given. .Sp If the file includes further certs, they are appended to the untrusted certs because they typically constitute the chain of the client certificate, which -is included in the extraCerts field in signature-protected request messages. +is included in the extraCerts field in signature\-protected request messages. .IP "\fB\-own_trusted\fR \fIfilenames\fR|\fIuris\fR" 4 .IX Item "-own_trusted filenames|uris" If this list of certificates is provided then the chain built for -the client-side \s-1CMP\s0 signer certificate given with the \fB\-cert\fR option +the client\-side CMP signer certificate given with the \fB\-cert\fR option is verified using the given certificates as trust anchors. .Sp Multiple sources may be given, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +(where in the latter case the whole argument must be enclosed in "..."). Each source may contain multiple certificates. .Sp The certificate verification options @@ -808,12 +737,12 @@ have no effect on the certificate verification enabled via this option. .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-key filename|uri" -The corresponding private key file for the client's current certificate given in +The corresponding private key file for the client\*(Aqs current certificate given in the \fB\-cert\fR option. -This will be used for signature-based message protection unless the \fB\-secret\fR -option indicating MAC-based protection or \fB\-unprotected_requests\fR is given. +This will be used for signature\-based message protection unless the \fB\-secret\fR +option indicating MAC\-based protection or \fB\-unprotected_requests\fR is given. .Sp -It is also used as a fallback for the \fB\-newkey\fR option with \s-1IR/CR/KUR\s0 messages. +It is also used as a fallback for the \fB\-newkey\fR option with IR/CR/KUR messages. .IP "\fB\-keypass\fR \fIarg\fR" 4 .IX Item "-keypass arg" Pass phrase source for the private key given with the \fB\-key\fR option. @@ -824,40 +753,40 @@ \&\fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-digest\fR \fIname\fR" 4 .IX Item "-digest name" -Specifies name of supported digest to use in \s-1RFC 4210\s0's \s-1MSG_SIG_ALG\s0 -and as the one-way function (\s-1OWF\s0) in \f(CW\*(C`MSG_MAC_ALG\*(C'\fR. +Specifies name of supported digest to use in RFC 4210\*(Aqs MSG_SIG_ALG +and as the one\-way function (OWF) in \f(CW\*(C`MSG_MAC_ALG\*(C'\fR. If applicable, this is used for message protection and -proof-of-possession (\s-1POPO\s0) signatures. +proof\-of\-possession (POPO) signatures. To see the list of supported digests, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR. Defaults to \f(CW\*(C`sha256\*(C'\fR. .IP "\fB\-mac\fR \fIname\fR" 4 .IX Item "-mac name" -Specifies the name of the \s-1MAC\s0 algorithm in \f(CW\*(C`MSG_MAC_ALG\*(C'\fR. -To get the names of supported \s-1MAC\s0 algorithms use \f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR +Specifies the name of the MAC algorithm in \f(CW\*(C`MSG_MAC_ALG\*(C'\fR. +To get the names of supported MAC algorithms use \f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR and possibly combine such a name with the name of a supported digest algorithm, e.g., hmacWithSHA256. -Defaults to \f(CW\*(C`hmac\-sha1\*(C'\fR as per \s-1RFC 4210.\s0 +Defaults to \f(CW\*(C`hmac\-sha1\*(C'\fR as per RFC 4210. .IP "\fB\-extracerts\fR \fIfilenames\fR|\fIuris\fR" 4 .IX Item "-extracerts filenames|uris" Certificates to append in the extraCerts field when sending messages. -They can be used as the default \s-1CMP\s0 signer certificate chain to include. +They can be used as the default CMP signer certificate chain to include. .Sp Multiple sources may be given, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +(where in the latter case the whole argument must be enclosed in "..."). Each source may contain multiple certificates. -.IP "\fB\-unprotected_requests\fR" 4 +.IP \fB\-unprotected_requests\fR 4 .IX Item "-unprotected_requests" -Send request messages without CMP-level protection. +Send request messages without CMP\-level protection. .SS "Credentials format options" .IX Subsection "Credentials format options" .IP "\fB\-certform\fR \fIPEM|DER\fR" 4 .IX Item "-certform PEM|DER" File format to use when saving a certificate to a file. -Default value is \s-1PEM.\s0 +Default value is PEM. .IP "\fB\-keyform\fR \fIPEM|DER|P12|ENGINE\fR" 4 .IX Item "-keyform PEM|DER|P12|ENGINE" The format of the key input; unspecified by default. -See \*(L"Format Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Format Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-otherpass\fR \fIarg\fR" 4 .IX Item "-otherpass arg" Pass phrase source for certificate given with the \fB\-trusted\fR, \fB\-untrusted\fR, @@ -870,7 +799,7 @@ \&\fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .Sp As an alternative to using this combination: @@ -879,7 +808,7 @@ \& \-engine {engineid} \-key {keyid} \-keyform ENGINE .Ve .Sp -\&... it's also possible to just give the key \s-1ID\s0 in \s-1URI\s0 form to \fB\-key\fR, +\&... it\*(Aqs also possible to just give the key ID in URI form to \fB\-key\fR, like this: .Sp .Vb 1 @@ -898,35 +827,35 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SS "Random state options" .IX Subsection "Random state options" .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. -.SS "\s-1TLS\s0 connection options" +See "Random State Options" in \fBopenssl\fR\|(1) for details. +.SS "TLS connection options" .IX Subsection "TLS connection options" -.IP "\fB\-tls_used\fR" 4 +.IP \fB\-tls_used\fR 4 .IX Item "-tls_used" -Enable using \s-1TLS\s0 (even when other TLS-related options are not set) -for message exchange with \s-1CMP\s0 server via \s-1HTTP.\s0 +Enable using TLS (even when other TLS\-related options are not set) +for message exchange with CMP server via HTTP. This option is not supported with the \fI\-port\fR option. It is ignored if the \fI\-server\fR option is not given or \fI\-use_mock_srv\fR is given or \fI\-rspin\fR is given with enough filename arguments. .Sp -The following TLS-related options are ignored +The following TLS\-related options are ignored if \fB\-tls_used\fR is not given or does not take effect. .IP "\fB\-tls_cert\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-tls_cert filename|uri" -Client's \s-1TLS\s0 certificate. +Client\*(Aqs TLS certificate. If the source includes further certs they are used (along with \fB\-untrusted\fR -certs) for constructing the client cert chain provided to the \s-1TLS\s0 server. +certs) for constructing the client cert chain provided to the TLS server. .IP "\fB\-tls_key\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-tls_key filename|uri" -Private key for the client's \s-1TLS\s0 certificate. +Private key for the client\*(Aqs TLS certificate. .IP "\fB\-tls_keypass\fR \fIarg\fR" 4 .IX Item "-tls_keypass arg" -Pass phrase source for client's private \s-1TLS\s0 key \fB\-tls_key\fR. +Pass phrase source for client\*(Aqs private TLS key \fB\-tls_key\fR. Also used for \fB\-tls_cert\fR in case it is an encrypted PKCS#12 file. If not given here, the password will be prompted for if needed. .Sp @@ -934,14 +863,14 @@ \&\fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-tls_extra\fR \fIfilenames\fR|\fIuris\fR" 4 .IX Item "-tls_extra filenames|uris" -Extra certificates to provide to \s-1TLS\s0 server during \s-1TLS\s0 handshake +Extra certificates to provide to TLS server during TLS handshake .IP "\fB\-tls_trusted\fR \fIfilenames\fR|\fIuris\fR" 4 .IX Item "-tls_trusted filenames|uris" -Trusted certificate(s) to use for validating the \s-1TLS\s0 server certificate. +Trusted certificate(s) to use for validating the TLS server certificate. This implies hostname validation. .Sp Multiple sources may be given, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +(where in the latter case the whole argument must be enclosed in "..."). Each source may contain multiple certificates. .Sp The certificate verification options @@ -950,11 +879,11 @@ .IP "\fB\-tls_host\fR \fIname\fR" 4 .IX Item "-tls_host name" Address to be checked during hostname validation. -This may be a \s-1DNS\s0 name or an \s-1IP\s0 address. +This may be a DNS name or an IP address. If not given it defaults to the \fB\-server\fR address. -.SS "Client-side debugging options" +.SS "Client\-side debugging options" .IX Subsection "Client-side debugging options" -.IP "\fB\-batch\fR" 4 +.IP \fB\-batch\fR 4 .IX Item "-batch" Do not interactively prompt for input, for instance when a password is needed. This can be useful for batch processing and testing. @@ -964,14 +893,14 @@ Default is one invocation. .IP "\fB\-reqin\fR \fIfilenames\fR" 4 .IX Item "-reqin filenames" -Take the sequence of \s-1CMP\s0 requests to send to the server from the given file(s) +Take the sequence of CMP requests to send to the server from the given file(s) rather than from the sequence of requests produced internally. .Sp This option is ignored if the \fB\-rspin\fR option is given because in the latter case no requests are actually sent. .Sp Multiple filenames may be given, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +(where in the latter case the whole argument must be enclosed in "..."). .Sp The files are read as far as needed to complete the transaction and filenames have been provided. If more requests are needed, @@ -980,16 +909,16 @@ .Sp The client needs to update the recipNonce field in the given requests (except for the first one) in order to satisfy the checks to be performed by the server. -This causes re-protection (if protecting requests is required). -.IP "\fB\-reqin_new_tid\fR" 4 +This causes re\-protection (if protecting requests is required). +.IP \fB\-reqin_new_tid\fR 4 .IX Item "-reqin_new_tid" -Use a fresh transactionID for \s-1CMP\s0 request messages read using \fB\-reqin\fR, +Use a fresh transactionID for CMP request messages read using \fB\-reqin\fR, which causes their reprotection (if protecting requests is required). This may be needed in case the sequence of requests is reused -and the \s-1CMP\s0 server complains that the transaction \s-1ID\s0 has already been used. +and the CMP server complains that the transaction ID has already been used. .IP "\fB\-reqout\fR \fIfilenames\fR" 4 .IX Item "-reqout filenames" -Save the sequence of \s-1CMP\s0 requests created by the client to the given file(s). +Save the sequence of CMP requests created by the client to the given file(s). These requests are not sent to the server if the \fB\-reqin\fR option is used, too. .Sp Multiple filenames may be given, separated by commas and/or whitespace. @@ -999,7 +928,7 @@ If the transaction contains more requests, the remaining ones are not saved. .IP "\fB\-rspin\fR \fIfilenames\fR" 4 .IX Item "-rspin filenames" -Process the sequence of \s-1CMP\s0 responses provided in the given file(s), +Process the sequence of CMP responses provided in the given file(s), not contacting any given server, as long as enough filenames are provided to complete the transaction. .Sp @@ -1011,7 +940,7 @@ unless the server has been prepared to continue the already started transaction. .IP "\fB\-rspout\fR \fIfilenames\fR" 4 .IX Item "-rspout filenames" -Save the sequence of actually used \s-1CMP\s0 responses to the given file(s). +Save the sequence of actually used CMP responses to the given file(s). These have been received from the server unless \fB\-rspin\fR takes effect. .Sp Multiple filenames may be given, separated by commas and/or whitespace. @@ -1019,32 +948,33 @@ Files are written as far as needed to save the responses contained in the transaction and filenames have been provided. If the transaction contains more responses, the remaining ones are not saved. -.IP "\fB\-use_mock_srv\fR" 4 +.IP \fB\-use_mock_srv\fR 4 .IX Item "-use_mock_srv" -Test the client using the internal \s-1CMP\s0 server mock-up at \s-1API\s0 level, -bypassing socket-based transfer via \s-1HTTP.\s0 +Test the client using the internal CMP server mock\-up at API level, +bypassing socket\-based transfer via HTTP. This excludes the \fB\-server\fR and \fB\-port\fR options. .SS "Mock server options" .IX Subsection "Mock server options" .IP "\fB\-port\fR \fInumber\fR" 4 .IX Item "-port number" -Act as HTTP-based \s-1CMP\s0 server mock-up listening on the given port. -This excludes the \fB\-server\fR and \fB\-use_mock_srv\fR options. +Act as HTTP\-based CMP server mock\-up listening on the given local port. +The client may address the server via, e.g., \f(CW127.0.0.1\fR or \f(CW\*(C`[::1]\*(C'\fR. +This option excludes the \fB\-server\fR and \fB\-use_mock_srv\fR options. The \fB\-rspin\fR, \fB\-rspout\fR, \fB\-reqin\fR, and \fB\-reqout\fR options so far are not supported in this mode. .IP "\fB\-max_msgs\fR \fInumber\fR" 4 .IX Item "-max_msgs number" -Maximum number of \s-1CMP\s0 (request) messages the \s-1CMP HTTP\s0 server mock-up +Maximum number of CMP (request) messages the CMP HTTP server mock\-up should handle, which must be nonnegative. The default value is 0, which means that no limit is imposed. In any case the server terminates on internal errors, but not when it -detects a CMP-level error that it can successfully answer with an error message. +detects a CMP\-level error that it can successfully answer with an error message. .IP "\fB\-srv_ref\fR \fIvalue\fR" 4 .IX Item "-srv_ref value" Reference value to use as senderKID of server in case no \fB\-srv_cert\fR is given. .IP "\fB\-srv_secret\fR \fIarg\fR" 4 .IX Item "-srv_secret arg" -Password source for server authentication with a pre-shared key (secret). +Password source for server authentication with a pre\-shared key (secret). .IP "\fB\-srv_cert\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-srv_cert filename|uri" Certificate of the server. @@ -1063,7 +993,7 @@ have no effect on the certificate verification enabled via this option. .IP "\fB\-srv_untrusted\fR \fIfilenames\fR|\fIuris\fR" 4 .IX Item "-srv_untrusted filenames|uris" -Intermediate \s-1CA\s0 certs that may be useful when validating client certificates. +Intermediate CA certs that may be useful when validating client certificates. .IP "\fB\-rsp_cert\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-rsp_cert filename|uri" Certificate to be returned as mock enrollment result. @@ -1072,14 +1002,14 @@ Extra certificates to be included in mock certification responses. .IP "\fB\-rsp_capubs\fR \fIfilenames\fR|\fIuris\fR" 4 .IX Item "-rsp_capubs filenames|uris" -\&\s-1CA\s0 certificates to be included in mock Initialization Response (\s-1IP\s0) message. +CA certificates to be included in mock Initialization Response (IP) message. .IP "\fB\-poll_count\fR \fInumber\fR" 4 .IX Item "-poll_count number" Number of times the client must poll before receiving a certificate. .IP "\fB\-check_after\fR \fInumber\fR" 4 .IX Item "-check_after number" The checkAfter value (number of seconds to wait) to include in poll response. -.IP "\fB\-grant_implicitconf\fR" 4 +.IP \fB\-grant_implicitconf\fR 4 .IX Item "-grant_implicitconf" Grant implicit confirmation of newly enrolled certificate. .IP "\fB\-pkistatus\fR \fInumber\fR" 4 @@ -1097,64 +1027,64 @@ .IX Item "-statusstring arg" .PD Text to be included as status string in server response. -.IP "\fB\-send_error\fR" 4 +.IP \fB\-send_error\fR 4 .IX Item "-send_error" Force server to reply with error message. -.IP "\fB\-send_unprotected\fR" 4 +.IP \fB\-send_unprotected\fR 4 .IX Item "-send_unprotected" -Send response messages without CMP-level protection. -.IP "\fB\-send_unprot_err\fR" 4 +Send response messages without CMP\-level protection. +.IP \fB\-send_unprot_err\fR 4 .IX Item "-send_unprot_err" In case of negative responses, server shall send unprotected error messages, -certificate responses (\s-1IP/CP/KUP\s0), and revocation responses (\s-1RP\s0). -\&\s-1WARNING:\s0 This setting leads to behavior violating \s-1RFC 4210.\s0 -.IP "\fB\-accept_unprotected\fR" 4 +certificate responses (IP/CP/KUP), and revocation responses (RP). +WARNING: This setting leads to behavior violating RFC 4210. +.IP \fB\-accept_unprotected\fR 4 .IX Item "-accept_unprotected" Accept missing or invalid protection of requests. -.IP "\fB\-accept_unprot_err\fR" 4 +.IP \fB\-accept_unprot_err\fR 4 .IX Item "-accept_unprot_err" Accept unprotected error messages from client. So far this has no effect because the server does not accept any error messages. -.IP "\fB\-accept_raverified\fR" 4 +.IP \fB\-accept_raverified\fR 4 .IX Item "-accept_raverified" -Accept \s-1RAVERIFED\s0 as proof of possession (\s-1POPO\s0). -.SS "Certificate verification options, for both \s-1CMP\s0 and \s-1TLS\s0" +Accept RAVERIFIED as proof of possession (POPO). +.SS "Certificate verification options, for both CMP and TLS" .IX Subsection "Certificate verification options, for both CMP and TLS" .IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 .IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" Set various options of certificate chain verification. -See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .Sp The certificate verification options \&\fB\-verify_hostname\fR, \fB\-verify_ip\fR, and \fB\-verify_email\fR only affect the certificate verification enabled via the \fB\-out_trusted\fR option. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -When a client obtains from a \s-1CMP\s0 server \s-1CA\s0 certificates that it is going to +When a client obtains from a CMP server CA certificates that it is going to trust, for instance via the \f(CW\*(C`caPubs\*(C'\fR field of a certificate response, -authentication of the \s-1CMP\s0 server is particularly critical. +authentication of the CMP server is particularly critical. So special care must be taken setting up server authentication -using \fB\-trusted\fR and related options for certificate-based authentication -or \fB\-secret\fR for MAC-based protection. +using \fB\-trusted\fR and related options for certificate\-based authentication +or \fB\-secret\fR for MAC\-based protection. .PP -When setting up \s-1CMP\s0 configurations and experimenting with enrollment options +When setting up CMP configurations and experimenting with enrollment options typically various errors occur until the configuration is correct and complete. -When the \s-1CMP\s0 server reports an error the client will by default -check the protection of the \s-1CMP\s0 response message. -Yet some \s-1CMP\s0 services tend not to protect negative responses. +When the CMP server reports an error the client will by default +check the protection of the CMP response message. +Yet some CMP services tend not to protect negative responses. In this case the client will reject them, and thus their contents are not shown although they usually contain hints that would be helpful for diagnostics. -For assisting in such cases the \s-1CMP\s0 client offers a workaround via the +For assisting in such cases the CMP client offers a workaround via the \&\fB\-unprotected_errors\fR option, which allows accepting such negative messages. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" .SS "Simple examples using the default OpenSSL configuration file" .IX Subsection "Simple examples using the default OpenSSL configuration file" -This \s-1CMP\s0 client implementation comes with demonstrative \s-1CMP\s0 sections +This CMP client implementation comes with demonstrative CMP sections in the example configuration file \fIopenssl/apps/openssl.cnf\fR, -which can be used to interact conveniently with the Insta Demo \s-1CA.\s0 +which can be used to interact conveniently with the Insta Demo CA. .PP -In order to enroll an initial certificate from that \s-1CA\s0 it is sufficient +In order to enroll an initial certificate from that CA it is sufficient to issue the following shell commands. .PP .Vb 1 @@ -1174,20 +1104,20 @@ \& openssl x509 \-noout \-text \-in insta.cert.pem .Ve .PP -In case the network setup requires using an \s-1HTTP\s0 proxy it may be given as usual +In case the network setup requires using an HTTP proxy it may be given as usual via the environment variable \fBhttp_proxy\fR or via the \fB\-proxy\fR option in the -configuration file or the \s-1CMP\s0 command-line argument \fB\-proxy\fR, for example +configuration file or the CMP command\-line argument \fB\-proxy\fR, for example .PP .Vb 1 \& \-proxy http://192.168.1.1:8080 .Ve .PP -In the Insta Demo \s-1CA\s0 scenario both clients and the server may use the pre-shared +In the Insta Demo CA scenario both clients and the server may use the pre\-shared secret \fIinsta\fR and the reference value \fI3078\fR to authenticate to each other. .PP -Alternatively, \s-1CMP\s0 messages may be protected in signature-based manner, +Alternatively, CMP messages may be protected in signature\-based manner, where the trust anchor in this case is \fIinsta.ca.crt\fR -and the client may use any certificate already obtained from that \s-1CA,\s0 +and the client may use any certificate already obtained from that CA, as specified in the \fB[signature]\fR section of the example configuration. This can be used in combination with the \fB[insta]\fR section simply by .PP @@ -1195,7 +1125,7 @@ \& openssl cmp \-section insta,signature .Ve .PP -By default the \s-1CMP IR\s0 message type is used, yet \s-1CR\s0 works equally here. +By default the CMP IR message type is used, yet CR works equally here. This may be specified directly at the command line: .PP .Vb 1 @@ -1214,13 +1144,13 @@ \& openssl cmp \-section insta,kur .Ve .PP -using MAC-based protection with \s-1PBM\s0 or +using MAC\-based protection with PBM or .PP .Vb 1 \& openssl cmp \-section insta,kur,signature .Ve .PP -using signature-based protection. +using signature\-based protection. .PP In a similar way any previously enrolled certificate may be revoked by .PP @@ -1236,7 +1166,7 @@ .PP Many more options can be given in the configuration file and/or on the command line. -For instance, the \fB\-reqexts\fR \s-1CLI\s0 option may refer to a section in the +For instance, the \fB\-reqexts\fR CLI option may refer to a section in the configuration file defining X.509 extensions to use in certificate requests, such as \f(CW\*(C`v3_req\*(C'\fR in \fIopenssl/apps/openssl.cnf\fR: .PP @@ -1246,15 +1176,15 @@ .SS "Certificate enrollment" .IX Subsection "Certificate enrollment" The following examples do not make use of a configuration file at first. -They assume that a \s-1CMP\s0 server can be contacted on the local \s-1TCP\s0 port 80 +They assume that a CMP server can be contacted on the local TCP port 80 and accepts requests under the alias \fI/pkix/\fR. .PP For enrolling its very first certificate the client generates a client key -and sends an initial request message to the local \s-1CMP\s0 server -using a pre-shared secret key for mutual authentication. -In this example the client does not have the \s-1CA\s0 certificate yet, -so we specify the name of the \s-1CA\s0 with the \fB\-recipient\fR option -and save any \s-1CA\s0 certificates that we may receive in the \f(CW\*(C`capubs.pem\*(C'\fR file. +and sends an initial request message to the local CMP server +using a pre\-shared secret key for mutual authentication. +In this example the client does not have the CA certificate yet, +so we specify the name of the CA with the \fB\-recipient\fR option +and save any CA certificates that we may receive in the \f(CW\*(C`capubs.pem\*(C'\fR file. .PP In below command line usage examples the \f(CW\*(C`\e\*(C'\fR at line ends is used just for formatting; each of the command invocations should be on a single line. @@ -1284,10 +1214,10 @@ .Ve .PP This command sequence can be repeated as often as needed. -.SS "Requesting information from \s-1CMP\s0 server" +.SS "Requesting information from CMP server" .IX Subsection "Requesting information from CMP server" -Requesting \*(L"all relevant information\*(R" with an empty General Message. -This prints information about all received \s-1ITAV\s0 \fBinfoType\fRs to stdout. +Requesting "all relevant information" with an empty General Message. +This prints information about all received ITAV \fBinfoType\fRs to stdout. .PP .Vb 2 \& openssl cmp \-cmd genm \-server 127.0.0.1/pkix/ \-recipient "/CN=CMPserver" \e @@ -1295,8 +1225,8 @@ .Ve .SS "Using a custom configuration file" .IX Subsection "Using a custom configuration file" -For \s-1CMP\s0 client invocations, in particular for certificate enrollment, -usually many parameters need to be set, which is tedious and error-prone to do +For CMP client invocations, in particular for certificate enrollment, +usually many parameters need to be set, which is tedious and error\-prone to do on the command line. Therefore, the client offers the possibility to read options from sections of the OpenSSL config file, usually called \fIopenssl.cnf\fR. @@ -1342,16 +1272,16 @@ .IX Header "SEE ALSO" \&\fBopenssl\-genrsa\fR\|(1), \fBopenssl\-ecparam\fR\|(1), \fBopenssl\-list\fR\|(1), \&\fBopenssl\-req\fR\|(1), \fBopenssl\-x509\fR\|(1), \fBx509v3_config\fR\|(5) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fBcmp\fR application was added in OpenSSL 3.0. .PP The \fB\-engine option\fR was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-cms.1.orig +++ secure/usr.bin/openssl/man/openssl-cms.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CMS 1ossl" -.TH OPENSSL-CMS 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-CMS 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-cms \- CMS command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBcms\fR [\fB\-help\fR] @@ -172,9 +97,9 @@ .PP File format options: .PP -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] -[\fB\-rctform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR] +[\fB\-rctform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR] [\fB\-stream\fR] [\fB\-indef\fR] [\fB\-noindef\fR] @@ -190,7 +115,7 @@ [\fB\-inkey\fR \fIfilename\fR|\fIuri\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-keyopt\fR \fIname\fR:\fIparameter\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-engine\fR \fIid\fR] [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] @@ -202,8 +127,8 @@ .PP [\fB\-originator\fR \fIfile\fR] [\fB\-recip\fR \fIfile\fR] -[\fIrecipient-cert\fR ...] -[\fB\-\f(BIcipher\fB\fR] +[\fIrecipient\-cert\fR ...] +[\fB\-\fR\f(BIcipher\fR] [\fB\-wrap\fR \fIcipher\fR] [\fB\-aes128\-wrap\fR] [\fB\-aes192\-wrap\fR] @@ -293,11 +218,11 @@ [\fB\-verify_name\fR \fIname\fR] [\fB\-x509_strict\fR] [\fB\-issuer_checks\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command handles data in \s-1CMS\s0 format such as S/MIME v3.1 email messages. +This command handles data in CMS format such as S/MIME v3.1 email messages. It can encrypt, decrypt, sign, verify, compress, uncompress, and print messages. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" There are a number of operation options that set the type of operation to be performed: encrypt, decrypt, sign, verify, resign, sign_receipt, verify_receipt, @@ -305,7 +230,7 @@ EncryptedData_encrypt, EncryptedData_decrypt, data_create, data_out, or cmsout. The relevance of the other options depends on the operation type and their meaning may vary according to it. -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .SS "General options" @@ -316,39 +241,43 @@ or verified. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" -The message text that has been decrypted or verified or the output \s-1MIME\s0 +The message text that has been decrypted or verified or the output MIME format message that has been signed or verified. .IP "\fB\-config\fR \fIconfigfile\fR" 4 .IX Item "-config configfile" -See \*(L"Configuration Option\*(R" in \fBopenssl\fR\|(1). +See "Configuration Option" in \fBopenssl\fR\|(1). .SS "Operation options" .IX Subsection "Operation options" -.IP "\fB\-encrypt\fR" 4 +.IP \fB\-encrypt\fR 4 .IX Item "-encrypt" Encrypt data for the given recipient certificates. Input file is the message -to be encrypted. The output file is the encrypted data in \s-1MIME\s0 format. The -actual \s-1CMS\s0 type is \fBEnvelopedData\fR. +to be encrypted. The output file is the encrypted data in MIME format. The +actual CMS type is \fBEnvelopedData\fR. .Sp Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text. -.IP "\fB\-decrypt\fR" 4 +.IP \fB\-decrypt\fR 4 .IX Item "-decrypt" Decrypt data using the supplied certificate and private key. Expects -encrypted datain \s-1MIME\s0 format for the input file. The decrypted data +encrypted datain MIME format for the input file. The decrypted data is written to the output file. -.IP "\fB\-sign\fR" 4 +.IP \fB\-sign\fR 4 .IX Item "-sign" Sign data using the supplied certificate and private key. Input file is -the message to be signed. The signed data in \s-1MIME\s0 format is written +the message to be signed. The signed data in MIME format is written to the output file. -.IP "\fB\-verify\fR" 4 +.IP \fB\-verify\fR 4 .IX Item "-verify" Verify signed data. Expects a signed data on input and outputs the signed data. Both clear text and opaque signing is supported. -.IP "\fB\-resign\fR" 4 +.Sp +By default, validation of signer certificates and their chain +is done w.r.t. the S/MIME signing (\f(CW\*(C`smimesign\*(C'\fR) purpose. +For details see "Certificate Extensions" in \fBopenssl\-verification\-options\fR\|(1). +.IP \fB\-resign\fR 4 .IX Item "-resign" Resign a message: take an existing message and one or more new signers. -.IP "\fB\-sign_receipt\fR" 4 +.IP \fB\-sign_receipt\fR 4 .IX Item "-sign_receipt" Generate and output a signed receipt for the supplied message. The input message \fBmust\fR contain a signed receipt request. Functionality is otherwise @@ -358,54 +287,54 @@ Verify a signed receipt in filename \fBreceipt\fR. The input message \fBmust\fR contain the original receipt request. Functionality is otherwise similar to the \fB\-verify\fR operation. -.IP "\fB\-digest_create\fR" 4 +.IP \fB\-digest_create\fR 4 .IX Item "-digest_create" -Create a \s-1CMS\s0 \fBDigestedData\fR type. -.IP "\fB\-digest_verify\fR" 4 +Create a CMS \fBDigestedData\fR type. +.IP \fB\-digest_verify\fR 4 .IX Item "-digest_verify" -Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content. -.IP "\fB\-compress\fR" 4 +Verify a CMS \fBDigestedData\fR type and output the content. +.IP \fB\-compress\fR 4 .IX Item "-compress" -Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR +Create a CMS \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR support for this option to work, otherwise it will output an error. -.IP "\fB\-uncompress\fR" 4 +.IP \fB\-uncompress\fR 4 .IX Item "-uncompress" -Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be +Uncompress a CMS \fBCompressedData\fR type and output the content. OpenSSL must be compiled with \fBzlib\fR support for this option to work, otherwise it will output an error. -.IP "\fB\-EncryptedData_encrypt\fR" 4 +.IP \fB\-EncryptedData_encrypt\fR 4 .IX Item "-EncryptedData_encrypt" -Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 +Encrypt content using supplied symmetric key and algorithm using a CMS \&\fBEncryptedData\fR type and output the content. -.IP "\fB\-EncryptedData_decrypt\fR" 4 +.IP \fB\-EncryptedData_decrypt\fR 4 .IX Item "-EncryptedData_decrypt" -Decrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 +Decrypt content using supplied symmetric key and algorithm using a CMS \&\fBEncryptedData\fR type and output the content. -.IP "\fB\-data_create\fR" 4 +.IP \fB\-data_create\fR 4 .IX Item "-data_create" -Create a \s-1CMS\s0 \fBData\fR type. -.IP "\fB\-data_out\fR" 4 +Create a CMS \fBData\fR type. +.IP \fB\-data_out\fR 4 .IX Item "-data_out" \&\fBData\fR type and output the content. -.IP "\fB\-cmsout\fR" 4 +.IP \fB\-cmsout\fR 4 .IX Item "-cmsout" -Takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure. +Takes an input message and writes out a PEM encoded CMS structure. .SS "File format options" .IX Subsection "File format options" -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR" 4 .IX Item "-inform DER|PEM|SMIME" -The input format of the \s-1CMS\s0 structure (if one is being read); -the default is \fB\s-1SMIME\s0\fR. +The input format of the CMS structure (if one is being read); +the default is \fBSMIME\fR. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR" 4 .IX Item "-outform DER|PEM|SMIME" -The output format of the \s-1CMS\s0 structure (if one is being written); -the default is \fB\s-1SMIME\s0\fR. +The output format of the CMS structure (if one is being written); +the default is \fBSMIME\fR. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-rctform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IP "\fB\-rctform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR" 4 .IX Item "-rctform DER|PEM|SMIME" The signed receipt format for use with the \fB\-receipt_verify\fR; the default -is \fB\s-1SMIME\s0\fR. +is \fBSMIME\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-stream\fR, \fB\-indef\fR" 4 .IX Item "-stream, -indef" @@ -413,29 +342,29 @@ for encoding operations. This permits single pass processing of data without the need to hold the entire contents in memory, potentially supporting very large files. Streaming is automatically set for S/MIME signing with detached -data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +data if the output format is \fBSMIME\fR it is currently off by default for all other operations. -.IP "\fB\-noindef\fR" 4 +.IP \fB\-noindef\fR 4 .IX Item "-noindef" Disable streaming I/O where it would produce and indefinite length constructed encoding. This option currently has no effect. In future streaming will be enabled by default on all relevant operations and this option will disable it. -.IP "\fB\-binary\fR" 4 +.IP \fB\-binary\fR 4 .IX Item "-binary" -Normally the input message is converted to \*(L"canonical\*(R" format which is -effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +Normally the input message is converted to "canonical" format which is +effectively using CR and LF as end of line: as required by the S/MIME specification. When this option is present no translation occurs. This -is useful when handling binary data which may not be in \s-1MIME\s0 format. -.IP "\fB\-crlfeol\fR" 4 +is useful when handling binary data which may not be in MIME format. +.IP \fB\-crlfeol\fR 4 .IX Item "-crlfeol" -Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this -option is present \fB\s-1CRLF\s0\fR is used instead. -.IP "\fB\-asciicrlf\fR" 4 +Normally the output file uses a single \fBLF\fR as end of line. When this +option is present \fBCRLF\fR is used instead. +.IP \fB\-asciicrlf\fR 4 .IX Item "-asciicrlf" -When signing use \s-1ASCII CRLF\s0 format canonicalisation. This strips trailing -whitespace from all lines, deletes trailing blank lines at \s-1EOF\s0 and sets +When signing use ASCII CRLF format canonicalisation. This strips trailing +whitespace from all lines, deletes trailing blank lines at EOF and sets the encapsulated content type. This option is normally used with detached -content and an output signature format of \s-1DER.\s0 This option is not normally +content and an output signature format of DER. This option is not normally needed when verifying as it is enabled automatically if the encapsulated content format is detected. .SS "Keys and password options" @@ -449,7 +378,7 @@ consistent with the algorithm used. Supported by the \fB\-EncryptedData_encrypt\fR \&\fB\-EncryptedData_decrypt\fR, \fB\-encrypt\fR and \fB\-decrypt\fR options. When used with \fB\-encrypt\fR or \fB\-decrypt\fR the supplied key is used to wrap or unwrap the -content encryption key using an \s-1AES\s0 key in the \fBKEKRecipientInfo\fR type. +content encryption key using an AES key in the \fBKEKRecipientInfo\fR type. .IP "\fB\-secretkeyid\fR \fIid\fR" 4 .IX Item "-secretkeyid id" The key identifier for the supplied symmetric key for \fBKEKRecipientInfo\fR type. @@ -472,15 +401,15 @@ .IX Item "-keyopt name:parameter" For signing and encryption this option can be used multiple times to set customised parameters for the preceding key or certificate. It can -currently be used to set RSA-PSS for signing, RSA-OAEP for encryption -or to modify default parameters for \s-1ECDH.\s0 -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +currently be used to set RSA\-PSS for signing, RSA\-OAEP for encryption +or to modify default parameters for ECDH. +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The format of the private key file; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -490,16 +419,17 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .SS "Encryption and decryption options" .IX Subsection "Encryption and decryption options" .IP "\fB\-originator\fR \fIfile\fR" 4 .IX Item "-originator file" A certificate of the originator of the encrypted message. Necessary for -decryption when Key Agreement is in use for a shared key. +decryption when Key Agreement is in use for a shared key. Currently, not +allowed for encryption. .IP "\fB\-recip\fR \fIfile\fR" 4 .IX Item "-recip file" When decrypting a message this specifies the certificate of the recipient. @@ -507,27 +437,27 @@ .Sp When encrypting a message this option may be used multiple times to specify each recipient. This form \fBmust\fR be used if customised parameters are -required (for example to specify RSA-OAEP). +required (for example to specify RSA\-OAEP). .Sp -Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this +Only certificates carrying RSA, Diffie\-Hellman or EC keys are supported by this option. -.IP "\fIrecipient-cert\fR ..." 4 +.IP "\fIrecipient\-cert\fR ..." 4 .IX Item "recipient-cert ..." This is an alternative to using the \fB\-recip\fR option when encrypting a message. One or more certificate filenames may be given. -.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IP \fB\-\fR\f(BIcipher\fR 4 .IX Item "-cipher" -The encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR -or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the +The encryption algorithm to use. For example triple DES (168 bits) \- \fB\-des3\fR +or 256 bit AES \- \fB\-aes256\fR. Any standard algorithm name (as used by the \&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for example \fB\-aes\-128\-cbc\fR. See \fBopenssl\-enc\fR\|(1) for a list of ciphers supported by your version of OpenSSL. .Sp -Currently the \s-1AES\s0 variants with \s-1GCM\s0 mode are the only supported \s-1AEAD\s0 +Currently the AES variants with GCM mode are the only supported AEAD algorithms. .Sp -If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and -\&\fB\-EncryptedData_create\fR commands. +If not specified triple DES is used. Only used with \fB\-encrypt\fR and +\&\fB\-EncryptedData_encrypt\fR commands. .IP "\fB\-wrap\fR \fIcipher\fR" 4 .IX Item "-wrap cipher" Cipher algorithm to use for key wrap when encrypting the message using Key @@ -535,18 +465,18 @@ wrap. .IP "\fB\-aes128\-wrap\fR, \fB\-aes192\-wrap\fR, \fB\-aes256\-wrap\fR, \fB\-des3\-wrap\fR" 4 .IX Item "-aes128-wrap, -aes192-wrap, -aes256-wrap, -des3-wrap" -Use \s-1AES128, AES192, AES256,\s0 or 3DES\-EDE, respectively, to wrap key. +Use AES128, AES192, AES256, or 3DES\-EDE, respectively, to wrap key. Depending on the OpenSSL build options used, \fB\-des3\-wrap\fR may not be supported. -.IP "\fB\-debug_decrypt\fR" 4 +.IP \fB\-debug_decrypt\fR 4 .IX Item "-debug_decrypt" -This option sets the \fB\s-1CMS_DEBUG_DECRYPT\s0\fR flag. This option should be used +This option sets the \fBCMS_DEBUG_DECRYPT\fR flag. This option should be used with caution: see the notes section below. .SS "Signing options" .IX Subsection "Signing options" .IP "\fB\-md\fR \fIdigest\fR" 4 .IX Item "-md digest" Digest algorithm to use when signing or resigning. If not present then the -default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +default digest algorithm for the signing key will be used (usually SHA\-256). .IP "\fB\-signer\fR \fIfile\fR" 4 .IX Item "-signer file" A signing certificate. When signing or resigning a message, this option can be @@ -556,31 +486,31 @@ Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. -.IP "\fB\-cades\fR" 4 +The input can be in PEM, DER, or PKCS#12 format. +.IP \fB\-cades\fR 4 .IX Item "-cades" When used with \fB\-sign\fR, -add an \s-1ESS\s0 signingCertificate or \s-1ESS\s0 signingCertificateV2 signed-attribute +add an ESS signingCertificate or ESS signingCertificateV2 signed\-attribute to the SignerInfo, in order to make the signature comply with the requirements -for a CAdES Basic Electronic Signature (CAdES-BES). -.IP "\fB\-nodetach\fR" 4 +for a CAdES Basic Electronic Signature (CAdES\-BES). +.IP \fB\-nodetach\fR 4 .IX Item "-nodetach" When signing a message use opaque signing: this form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with -the \s-1MIME\s0 type multipart/signed is used. -.IP "\fB\-nocerts\fR" 4 +the MIME type multipart/signed is used. +.IP \fB\-nocerts\fR 4 .IX Item "-nocerts" -When signing a message the signer's certificate is normally included +When signing a message the signer\*(Aqs certificate is normally included with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the \fB\-certfile\fR option for example). -.IP "\fB\-noattr\fR" 4 +.IP \fB\-noattr\fR 4 .IX Item "-noattr" Normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included. -.IP "\fB\-nosmimecap\fR" 4 +.IP \fB\-nosmimecap\fR 4 .IX Item "-nosmimecap" Exclude the list of supported algorithms from signed attributes, other options such as signing time and content type are still included. @@ -606,41 +536,41 @@ .IP "\fB\-content\fR \fIfilename\fR" 4 .IX Item "-content filename" This specifies a file containing the detached content for operations taking -S/MIME input, such as the \fB\-verify\fR command. This is only usable if the \s-1CMS\s0 +S/MIME input, such as the \fB\-verify\fR command. This is only usable if the CMS structure is using the detached signature form where the content is not included. This option will override any content if the input format -is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. -.IP "\fB\-no_content_verify\fR" 4 +is S/MIME and it uses the multipart/signed MIME content type. +.IP \fB\-no_content_verify\fR 4 .IX Item "-no_content_verify" Do not verify signed content signatures. -.IP "\fB\-no_attr_verify\fR" 4 +.IP \fB\-no_attr_verify\fR 4 .IX Item "-no_attr_verify" Do not verify signed attribute signatures. -.IP "\fB\-nosigs\fR" 4 +.IP \fB\-nosigs\fR 4 .IX Item "-nosigs" -Don't verify message signature. -.IP "\fB\-noverify\fR" 4 +Don\*(Aqt verify message signature. +.IP \fB\-noverify\fR 4 .IX Item "-noverify" Do not verify the signers certificate of a signed message. -.IP "\fB\-nointern\fR" 4 +.IP \fB\-nointern\fR 4 .IX Item "-nointern" When verifying a message normally certificates (if any) included in the message are searched for the signing certificate. With this option only the certificates specified in the \fB\-certfile\fR option are used. The supplied certificates can still be used as untrusted CAs however. -.IP "\fB\-cades\fR" 4 +.IP \fB\-cades\fR 4 .IX Item "-cades" When used with \fB\-verify\fR, require and check signer certificate digest. -See the \s-1NOTES\s0 section for more details. -.IP "\fB\-verify_retcode\fR" 4 +See the NOTES section for more details. +.IP \fB\-verify_retcode\fR 4 .IX Item "-verify_retcode" Exit nonzero on verification failure. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .SS "Output options" .IX Subsection "Output options" -.IP "\fB\-keyid\fR" 4 +.IP \fB\-keyid\fR 4 .IX Item "-keyid" Use subject key identifier to identify certificates instead of issuer name and serial number. The supplied certificate \fBmust\fR include a subject key @@ -648,13 +578,13 @@ .IP "\fB\-econtent_type\fR \fItype\fR" 4 .IX Item "-econtent_type type" Set the encapsulated content type to \fItype\fR if not supplied the \fBData\fR type -is used. The \fItype\fR argument can be any valid \s-1OID\s0 name in either text or +is used. The \fItype\fR argument can be any valid OID name in either text or numerical format. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" -This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +This option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips -off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs. .IP "\fB\-certsout\fR \fIfile\fR" 4 .IX Item "-certsout file" @@ -663,17 +593,17 @@ .IX Item "-to, -from, -subject" The relevant email headers. These are included outside the signed portion of a message so they may be included manually. If signing -then many S/MIME mail clients check the signers certificate's email +then many S/MIME mail clients check the signers certificate\*(Aqs email address matches that specified in the From: address. .SS "Printing options" .IX Subsection "Printing options" -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" -For the \fB\-cmsout\fR operation do not output the parsed \s-1CMS\s0 structure. -This is useful if the syntax of the \s-1CMS\s0 structure is being checked. -.IP "\fB\-print\fR" 4 +For the \fB\-cmsout\fR operation do not output the parsed CMS structure. +This is useful if the syntax of the CMS structure is being checked. +.IP \fB\-print\fR 4 .IX Item "-print" -For the \fB\-cmsout\fR operation print out all fields of the \s-1CMS\s0 structure. +For the \fB\-cmsout\fR operation print out all fields of the CMS structure. This implies \fB\-noout\fR. This is mainly useful for testing purposes. .IP "\fB\-nameopt\fR \fIoption\fR" 4 @@ -681,7 +611,7 @@ For the \fB\-cmsout\fR operation when \fB\-print\fR option is in use, specifies printing options for string fields. For most cases \fButf8\fR is reasonable value. See \fBopenssl\-namedisplay\-options\fR\|(1) for details. -.IP "\fB\-receipt_request_print\fR" 4 +.IP \fB\-receipt_request_print\fR 4 .IX Item "-receipt_request_print" For the \fB\-verify\fR operation print out the contents of any signed receipt requests. @@ -690,32 +620,32 @@ .IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 .IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" Set various options of certificate chain verification. -See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .Sp Any validation errors cause the command to exit. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \s-1MIME\s0 message must be sent without any blank lines between the +The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to sendmail is one way to achieve the correct format. .PP The supplied message to be signed or encrypted must include the -necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +necessary MIME headers or many S/MIME clients won\*(Aqt display it properly (if at all). You can use the \fB\-text\fR option to automatically add plain text headers. .PP -A \*(L"signed and encrypted\*(R" message is one where a signed message is +A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message: see the examples section. .PP This version of the program only allows one signer per message but it will verify multiple signers on received messages. Some S/MIME clients choke if a message contains multiple signers. It is possible to sign -messages \*(L"in parallel\*(R" by signing an already signed message. +messages "in parallel" by signing an already signed message. .PP The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME -clients. Strictly speaking these process \s-1CMS\s0 enveloped data: \s-1CMS\s0 +clients. Strictly speaking these process CMS enveloped data: CMS encrypted data is used for other purposes. .PP The \fB\-resign\fR option uses an existing message digest when adding a new @@ -723,63 +653,63 @@ signer using the same message digest or this operation will fail. .PP The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. -As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding -and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the +As a result the encoding is BER using indefinite length constructed encoding +and no longer DER. Streaming is supported for the \fB\-encrypt\fR operation and the \&\fB\-sign\fR operation if the content is not detached. .PP Streaming is always used for the \fB\-sign\fR operation with detached data but -since the content is no longer part of the \s-1CMS\s0 structure the encoding -remains \s-1DER.\s0 +since the content is no longer part of the CMS structure the encoding +remains DER. .PP If the \fB\-decrypt\fR option is used without a recipient certificate then an attempt is made to locate the recipient by trying each potential recipient -in turn using the supplied private key. To thwart the \s-1MMA\s0 attack -(Bleichenbacher's attack on \s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are +in turn using the supplied private key. To thwart the MMA attack +(Bleichenbacher\*(Aqs attack on PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not and if no recipients match the message -is \*(L"decrypted\*(R" using a random key which will typically output garbage. -The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection +is "decrypted" using a random key which will typically output garbage. +The \fB\-debug_decrypt\fR option can be used to disable the MMA attack protection and return an error if no recipient can be found: this option should be used with caution. For a fuller description see \fBCMS_decrypt\fR\|(3)). -.SH "CADES BASIC ELECTRONIC SIGNATURE (CADES-BES)" +.SH "CADES BASIC ELECTRONIC SIGNATURE (CADES\-BES)" .IX Header "CADES BASIC ELECTRONIC SIGNATURE (CADES-BES)" -A CAdES Basic Electronic Signature (CAdES-BES), -as defined in the European Standard \s-1ETSI EN 319 122\-1 V1.1.1,\s0 contains: -.IP "\(bu" 4 -The signed user data as defined in \s-1CMS\s0 (\s-1RFC 3852\s0); -.IP "\(bu" 4 -Content-type of the EncapsulatedContentInfo value being signed; -.IP "\(bu" 4 -Message-digest of the eContent \s-1OCTET STRING\s0 within encapContentInfo being signed; -.IP "\(bu" 4 -An \s-1ESS\s0 signingCertificate or \s-1ESS\s0 signingCertificateV2 attribute, -as defined in Enhanced Security Services (\s-1ESS\s0), \s-1RFC 2634\s0 and \s-1RFC 5035.\s0 -An \s-1ESS\s0 signingCertificate attribute only allows for \s-1SHA\-1\s0 as digest algorithm. -An \s-1ESS\s0 signingCertificateV2 attribute allows for any digest algorithm. -.IP "\(bu" 4 +A CAdES Basic Electronic Signature (CAdES\-BES), +as defined in the European Standard ETSI EN 319 122\-1 V1.1.1, contains: +.IP \(bu 4 +The signed user data as defined in CMS (RFC 3852); +.IP \(bu 4 +Content\-type of the EncapsulatedContentInfo value being signed; +.IP \(bu 4 +Message\-digest of the eContent OCTET STRING within encapContentInfo being signed; +.IP \(bu 4 +An ESS signingCertificate or ESS signingCertificateV2 attribute, +as defined in Enhanced Security Services (ESS), RFC 2634 and RFC 5035. +An ESS signingCertificate attribute only allows for SHA\-1 as digest algorithm. +An ESS signingCertificateV2 attribute allows for any digest algorithm. +.IP \(bu 4 The digital signature value computed on the user data and, when present, on the signed attributes. .Sp -\&\s-1NOTE\s0 that the \fB\-cades\fR option applies to the \fB\-sign\fR or \fB\-verify\fR operations. +NOTE that the \fB\-cades\fR option applies to the \fB\-sign\fR or \fB\-verify\fR operations. With this option, the \fB\-verify\fR operation also requires that the signingCertificate attribute is present and checks that the given identifiers match the verification trust chain built during the verification process. .SH "EXIT CODES" .IX Header "EXIT CODES" -.IP "0" 4 +.IP 0 4 The operation was completely successfully. -.IP "1" 4 +.IP 1 4 .IX Item "1" An error occurred parsing the command options. -.IP "2" 4 +.IP 2 4 .IX Item "2" One of the input files could not be read. -.IP "3" 4 +.IP 3 4 .IX Item "3" -An error occurred creating the \s-1CMS\s0 file or when reading the \s-1MIME\s0 +An error occurred creating the CMS file or when reading the MIME message. -.IP "4" 4 +.IP 4 4 .IX Item "4" An error occurred decrypting or verifying the message. -.IP "5" 4 +.IP 5 4 .IX Item "5" The message was verified correctly but an error occurred writing out the signers certificates. @@ -792,19 +722,19 @@ .PP The use of the \fB\-keyid\fR option with \fB\-sign\fR or \fB\-encrypt\fR. .PP -The \fB\-outform\fR \fI\s-1PEM\s0\fR option uses different headers. +The \fB\-outform\fR \fIPEM\fR option uses different headers. .PP The \fB\-compress\fR option. .PP The \fB\-secretkey\fR option when used with \fB\-encrypt\fR. .PP -The use of \s-1PSS\s0 with \fB\-sign\fR. +The use of PSS with \fB\-sign\fR. .PP -The use of \s-1OAEP\s0 or non-RSA keys with \fB\-encrypt\fR. +The use of OAEP or non\-RSA keys with \fB\-encrypt\fR. .PP -Additionally the \fB\-EncryptedData_create\fR and \fB\-data_create\fR type cannot +Additionally the \fB\-EncryptedData_encrypt\fR and \fB\-data_create\fR type cannot be processed by the older \fBopenssl\-smime\fR\|(1) command. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Create a cleartext signed message: .PP @@ -843,13 +773,13 @@ \& \-subject "Signed message" | sendmail someone@somewhere .Ve .PP -Verify a message and extract the signer's certificate if successful: +Verify a message and extract the signer\*(Aqs certificate if successful: .PP .Vb 1 \& openssl cms \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt .Ve .PP -Send encrypted mail using triple \s-1DES:\s0 +Send encrypted mail using triple DES: .PP .Vb 3 \& openssl cms \-encrypt \-in in.txt \-from steve@openssl.org \e @@ -867,7 +797,7 @@ .Ve .PP Note: the encryption command does not include the \fB\-text\fR option because the -message being encrypted already has \s-1MIME\s0 headers. +message being encrypted already has MIME headers. .PP Decrypt a message: .PP @@ -909,36 +839,38 @@ \& openssl cms \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg .Ve .PP -Sign a message using RSA-PSS: +Sign a message using RSA\-PSS: .PP .Vb 2 \& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e \& \-signer mycert.pem \-keyopt rsa_padding_mode:pss .Ve .PP -Create an encrypted message using RSA-OAEP: +Create an encrypted message using RSA\-OAEP: .PP .Vb 2 \& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e \& \-recip cert.pem \-keyopt rsa_padding_mode:oaep .Ve .PP -Use \s-1SHA256 KDF\s0 with an \s-1ECDH\s0 certificate: +Use SHA256 KDF with an ECDH certificate: .PP .Vb 2 \& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e \& \-recip ecdhcert.pem \-keyopt ecdh_kdf_md:sha256 .Ve .PP -Print \s-1CMS\s0 signed binary data in human-readable form: +Print CMS signed binary data in human\-readable form: .PP -openssl cms \-in signed.cms \-binary \-inform \s-1DER\s0 \-cmsout \-print -.SH "BUGS" +.Vb 1 +\& openssl cms \-in signed.cms \-binary \-inform DER \-cmsout \-print +.Ve +.SH BUGS .IX Header "BUGS" -The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +The MIME parser isn\*(Aqt very clever: it seems to handle most messages that I\*(Aqve thrown at it but it may choke on others. .PP -The code currently will only write out the signer's certificate to a file: if +The code currently will only write out the signer\*(Aqs certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate. @@ -946,25 +878,25 @@ Ideally a database should be maintained of a certificates for each email address. .PP -The code doesn't currently take note of the permitted symmetric encryption +The code doesn\*(Aqt currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those. .PP -No revocation checking is done on the signer's certificate. +No revocation checking is done on the signer\*(Aqs certificate. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\-file\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first added in OpenSSL 1.0.0. .PP The \fB\-keyopt\fR option was added in OpenSSL 1.0.2. .PP -Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2. +Support for RSA\-OAEP and RSA\-PSS was added in OpenSSL 1.0.2. .PP -The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR +The use of non\-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR was added in OpenSSL 1.0.2. .PP The \-no_alt_chains option was added in OpenSSL 1.0.2b. @@ -972,11 +904,11 @@ The \fB\-nameopt\fR option was added in OpenSSL 3.0.0. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-crl.1.orig +++ secure/usr.bin/openssl/man/openssl-crl.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,85 +53,26 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CRL 1ossl" -.TH OPENSSL-CRL 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-CRL 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-crl \- CRL command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBcrl\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-key\fR \fIfilename\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR] [\fB\-dateopt\fR] [\fB\-text\fR] [\fB\-in\fR \fIfilename\fR] @@ -173,26 +98,26 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format. -.SH "OPTIONS" +This command processes CRL files in DER or PEM format. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM" -The \s-1CRL\s0 input format; unspecified by default. +The CRL input format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The \s-1CRL\s0 output format; the default is \fB\s-1PEM\s0\fR. +The CRL output format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-key\fR \fIfilename\fR" 4 .IX Item "-key filename" -The private key to be used to sign the \s-1CRL.\s0 -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4 +The private key to be used to sign the CRL. +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4 .IX Item "-keyform DER|PEM|P12" The format of the private key file; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -206,45 +131,48 @@ default. .IP "\fB\-gendelta\fR \fIfilename\fR" 4 .IX Item "-gendelta filename" -Output a comparison of the main \s-1CRL\s0 and the one specified here. -.IP "\fB\-badsig\fR" 4 +Output a comparison of the main CRL and the one specified here. +.IP \fB\-badsig\fR 4 .IX Item "-badsig" Corrupt the signature before writing it; this can be useful for testing. -.IP "\fB\-dateopt\fR" 4 +.IP \fB\-dateopt\fR 4 .IX Item "-dateopt" Specify the date output format. Values are: rfc_822 and iso_8601. Defaults to rfc_822. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" -Print out the \s-1CRL\s0 in text form. -.IP "\fB\-verify\fR" 4 +Print out the CRL in text form. +.IP \fB\-verify\fR 4 .IX Item "-verify" -Verify the signature in the \s-1CRL.\s0 -.IP "\fB\-noout\fR" 4 +Verify the signature in the CRL. +.Sp +This option is implicitly enabled if any of \fB\-CApath\fR, \fB\-CAfile\fR +or \fB\-CAstore\fR is specified. +.IP \fB\-noout\fR 4 .IX Item "-noout" -Don't output the encoded version of the \s-1CRL.\s0 -.IP "\fB\-fingerprint\fR" 4 +Don\*(Aqt output the encoded version of the CRL. +.IP \fB\-fingerprint\fR 4 .IX Item "-fingerprint" -Output the fingerprint of the \s-1CRL.\s0 -.IP "\fB\-crlnumber\fR" 4 +Output the fingerprint of the CRL. +.IP \fB\-crlnumber\fR 4 .IX Item "-crlnumber" -Output the number of the \s-1CRL.\s0 -.IP "\fB\-hash\fR" 4 +Output the number of the CRL. +.IP \fB\-hash\fR 4 .IX Item "-hash" Output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name. -.IP "\fB\-hash_old\fR" 4 +.IP \fB\-hash_old\fR 4 .IX Item "-hash_old" -Outputs the \*(L"hash\*(R" of the \s-1CRL\s0 issuer name using the older algorithm +Outputs the "hash" of the CRL issuer name using the older algorithm as used by OpenSSL before version 1.0.0. -.IP "\fB\-issuer\fR" 4 +.IP \fB\-issuer\fR 4 .IX Item "-issuer" Output the issuer name. -.IP "\fB\-lastupdate\fR" 4 +.IP \fB\-lastupdate\fR 4 .IX Item "-lastupdate" Output the lastUpdate field. -.IP "\fB\-nextupdate\fR" 4 +.IP \fB\-nextupdate\fR 4 .IX Item "-nextupdate" Output the nextUpdate field. .IP "\fB\-nameopt\fR \fIoption\fR" 4 @@ -253,7 +181,7 @@ See \fBopenssl\-namedisplay\-options\fR\|(1) for details. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -262,23 +190,23 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "EXAMPLES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" -Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 +Convert a CRL file from PEM to DER: .PP .Vb 1 \& openssl crl \-in crl.pem \-outform DER \-out crl.der .Ve .PP -Output the text form of a \s-1DER\s0 encoded certificate: +Output the text form of a DER encoded certificate: .PP .Vb 1 \& openssl crl \-in crl.der \-text \-noout .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -Ideally it should be possible to create a \s-1CRL\s0 using appropriate options +Ideally it should be possible to create a CRL using appropriate options and files too. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -287,11 +215,11 @@ \&\fBopenssl\-ca\fR\|(1), \&\fBopenssl\-x509\fR\|(1), \&\fBossl_store\-file\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-crl2pkcs7.1.orig +++ secure/usr.bin/openssl/man/openssl-crl2pkcs7.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-CRL2PKCS7 1ossl" -.TH OPENSSL-CRL2PKCS7 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-CRL2PKCS7 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBcrl2pkcs7\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-certfile\fR \fIfilename\fR] @@ -153,27 +78,27 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command takes an optional \s-1CRL\s0 and one or more -certificates and converts them into a PKCS#7 degenerate \*(L"certificates -only\*(R" structure. -.SH "OPTIONS" +This command takes an optional CRL and one or more +certificates and converts them into a PKCS#7 degenerate "certificates +only" structure. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM" -The input format of the \s-1CRL\s0; the default is \fB\s-1PEM\s0\fR. +The input format of the CRL; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The output format of the PKCS#7 object; the default is \fB\s-1PEM\s0\fR. +The output format of the PKCS#7 object; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" -This specifies the input filename to read a \s-1CRL\s0 from or standard input if this +This specifies the input filename to read a CRL from or standard input if this option is not specified. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" @@ -181,14 +106,14 @@ output by default. .IP "\fB\-certfile\fR \fIfilename\fR" 4 .IX Item "-certfile filename" -Specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. +Specifies a filename containing one or more certificates in \fBPEM\fR format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates from multiple files. -.IP "\fB\-nocrl\fR" 4 +.IP \fB\-nocrl\fR 4 .IX Item "-nocrl" -Normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is -included in the output file and a \s-1CRL\s0 is not read from the input file. +Normally a CRL is included in the output file. With this option no CRL is +included in the output file and a CRL is not read from the input file. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -197,42 +122,42 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "EXAMPLES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" -Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 +Create a PKCS#7 structure from a certificate and CRL: .PP .Vb 1 \& openssl crl2pkcs7 \-in crl.pem \-certfile cert.pem \-out p7.pem .Ve .PP -Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several +Creates a PKCS#7 structure in DER format with no CRL from several different certificates: .PP .Vb 2 \& openssl crl2pkcs7 \-nocrl \-certfile newcert.pem \& \-certfile demoCA/cacert.pem \-outform DER \-out p7.der .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The output file is a PKCS#7 signed data structure containing no signers and -just certificates and an optional \s-1CRL.\s0 +just certificates and an optional CRL. .PP This command can be used to send certificates and CAs to Netscape as part of -the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output -as \s-1MIME\s0 type application/x\-x509\-user\-cert. +the certificate enrollment process. This involves sending the DER encoded output +as MIME type application/x\-x509\-user\-cert. .PP -The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to -install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. +The \fBPEM\fR encoded form with the header and footer lines removed can be used to +install user certificates and CAs in MSIE using the Xenroll control. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), \&\fBopenssl\-pkcs7\fR\|(1) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-dgst.1.orig +++ secure/usr.bin/openssl/man/openssl-dgst.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-DGST 1ossl" -.TH OPENSSL-DGST 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-DGST 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-dgst \- perform digest operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBdgst\fR|\fIdigest\fR -[\fB\-\f(BIdigest\fB\fR] +[\fB\-\fR\f(BIdigest\fR] [\fB\-list\fR] [\fB\-help\fR] [\fB\-c\fR] @@ -155,7 +80,7 @@ [\fB\-r\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-sign\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-verify\fR \fIfilename\fR] [\fB\-prverify\fR \fIfilename\fR] @@ -173,7 +98,7 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fIfile\fR ...] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command output the message digest of a supplied file or files in hexadecimal, and also generates and verifies digital @@ -182,37 +107,37 @@ The generic name, \fBopenssl dgst\fR, may be used with an option specifying the algorithm to be used. The default digest is \fBsha256\fR. -A supported \fIdigest\fR name may also be used as the sub-command name. +A supported \fIdigest\fR name may also be used as the sub\-command name. To see the list of supported algorithms, use \f(CW\*(C`openssl list \-digest\-algorithms\*(C'\fR -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IP \fB\-\fR\f(BIdigest\fR 4 .IX Item "-digest" Specifies name of a supported digest to be used. See option \fB\-list\fR below : -.IP "\fB\-list\fR" 4 +.IP \fB\-list\fR 4 .IX Item "-list" Prints out a list of supported message digests. -.IP "\fB\-c\fR" 4 +.IP \fB\-c\fR 4 .IX Item "-c" Print out the digest in two digit groups separated by colons, only relevant if the \fB\-hex\fR option is given as well. .IP "\fB\-d\fR, \fB\-debug\fR" 4 .IX Item "-d, -debug" -Print out \s-1BIO\s0 debugging information. -.IP "\fB\-hex\fR" 4 +Print out BIO debugging information. +.IP \fB\-hex\fR 4 .IX Item "-hex" -Digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" -digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital +Digest is to be output as a hex dump. This is the default case for a "normal" +digest as opposed to a digital signature. See NOTES below for digital signatures using \fB\-hex\fR. -.IP "\fB\-binary\fR" 4 +.IP \fB\-binary\fR 4 .IX Item "-binary" Output the digest or signature in binary form. .IP "\fB\-xoflen\fR \fIlength\fR" 4 .IX Item "-xoflen length" -Set the output length for \s-1XOF\s0 algorithms, such as \fBshake128\fR and \fBshake256\fR. +Set the output length for XOF algorithms, such as \fBshake128\fR and \fBshake256\fR. This option is not supported for signing operations. .Sp For OpenSSL providers it is recommended to set this value for shake algorithms, @@ -226,9 +151,9 @@ For backwards compatibility reasons the default xoflen length for \fBshake256\fR is 32 (bytes) which results in a security strength of only 128 bits. To ensure the maximum security strength of 256 bits, the xoflen should be set to at least 64. -.IP "\fB\-r\fR" 4 +.IP \fB\-r\fR 4 .IX Item "-r" -Output the digest in the \*(L"coreutils\*(R" format, including newlines. +Output the digest in the "coreutils" format, including newlines. Used by programs like \fBsha1sum\fR\|(1). .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" @@ -238,78 +163,78 @@ Digitally sign the digest using the given private key. Note this option does not support Ed25519 or Ed448 private keys. Use the \fBopenssl\-pkeyutl\fR\|(1) command instead for this. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The format of the key to sign with; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-sigopt nm:v" Pass options to the signature algorithm during sign or verify operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm\-specific. .IP "\fB\-passin\fR \fIarg\fR" 4 .IX Item "-passin arg" The private key password source. For more information about the format of \fIarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-verify\fR \fIfilename\fR" 4 .IX Item "-verify filename" -Verify the signature using the public key in \*(L"filename\*(R". -The output is either \*(L"Verified \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R". +Verify the signature using the public key in "filename". +The output is either "Verified OK" or "Verification Failure". .IP "\fB\-prverify\fR \fIfilename\fR" 4 .IX Item "-prverify filename" -Verify the signature using the private key in \*(L"filename\*(R". +Verify the signature using the private key in "filename". .IP "\fB\-signature\fR \fIfilename\fR" 4 .IX Item "-signature filename" The actual signature to verify. .IP "\fB\-hmac\fR \fIkey\fR" 4 .IX Item "-hmac key" -Create a hashed \s-1MAC\s0 using \*(L"key\*(R". +Create a hashed MAC using "key". .Sp The \fBopenssl\-mac\fR\|(1) command should be preferred to using this command line option. .IP "\fB\-mac\fR \fIalg\fR" 4 .IX Item "-mac alg" -Create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0 -algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms -which are not based on hash, for instance \fBgost-mac\fR algorithm, -supported by the \fBgost\fR engine. \s-1MAC\s0 keys and other options should be set +Create MAC (keyed Message Authentication Code). The most popular MAC +algorithm is HMAC (hash\-based MAC), but there are other MAC algorithms +which are not based on hash, for instance \fBgost\-mac\fR algorithm, +supported by the \fBgost\fR engine. MAC keys and other options should be set via \fB\-macopt\fR parameter. .Sp The \fBopenssl\-mac\fR\|(1) command should be preferred to using this command line option. .IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-macopt nm:v" -Passes options to \s-1MAC\s0 algorithm, specified by \fB\-mac\fR key. -Following options are supported by both by \fB\s-1HMAC\s0\fR and \fBgost-mac\fR: +Passes options to MAC algorithm, specified by \fB\-mac\fR key. +Following options are supported by both by \fBHMAC\fR and \fBgost\-mac\fR: .RS 4 -.IP "\fBkey\fR:\fIstring\fR" 4 +.IP \fBkey\fR:\fIstring\fR 4 .IX Item "key:string" -Specifies \s-1MAC\s0 key as alphanumeric string (use if key contain printable +Specifies MAC key as alphanumeric string (use if key contain printable characters only). String length must conform to any restrictions of -the \s-1MAC\s0 algorithm for example exactly 32 chars for gost-mac. -.IP "\fBhexkey\fR:\fIstring\fR" 4 +the MAC algorithm for example exactly 32 chars for gost\-mac. +.IP \fBhexkey\fR:\fIstring\fR 4 .IX Item "hexkey:string" -Specifies \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). -Key length must conform to any restrictions of the \s-1MAC\s0 algorithm -for example exactly 32 chars for gost-mac. +Specifies MAC key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the MAC algorithm +for example exactly 32 chars for gost\-mac. .RE .RS 4 .Sp The \fBopenssl\-mac\fR\|(1) command should be preferred to using this command line option. .RE -.IP "\fB\-fips\-fingerprint\fR" 4 +.IP \fB\-fips\-fingerprint\fR 4 .IX Item "-fips-fingerprint" -Compute \s-1HMAC\s0 using a specific key for certain OpenSSL-FIPS operations. +Compute HMAC using a specific key for certain OpenSSL\-FIPS operations. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .Sp The engine is not used for digests unless the \fB\-engine_impl\fR option is -used or it is configured to do so, see \*(L"Engine Configuration Module\*(R" in \fBconfig\fR\|(5). +used or it is configured to do so, see "Engine Configuration Module" in \fBconfig\fR\|(5). .IP "\fB\-engine_impl\fR \fIid\fR" 4 .IX Item "-engine_impl id" When used with the \fB\-engine\fR option, it specifies to also use @@ -322,14 +247,14 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fIfile\fR ..." 4 .IX Item "file ..." File or files to digest. If no files are specified then standard input is used. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -To create a hex-encoded message digest of a file: +To create a hex\-encoded message digest of a file: .PP .Vb 3 \& openssl dgst \-md5 \-hex file.txt @@ -337,7 +262,7 @@ \& openssl md5 file.txt .Ve .PP -To sign a file using \s-1SHA\-256\s0 with binary file output: +To sign a file using SHA\-256 with binary file output: .PP .Vb 3 \& openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt @@ -352,29 +277,29 @@ \& \-signature signature.sign \e \& file.txt .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" The digest mechanisms that are available will depend on the options used when building OpenSSL. The \f(CW\*(C`openssl list \-digest\-algorithms\*(C'\fR command can be used to list them. .PP -New or agile applications should use probably use \s-1SHA\-256.\s0 Other digests, -particularly \s-1SHA\-1\s0 and \s-1MD5,\s0 are still widely used for interoperating +New or agile applications should use probably use SHA\-256. Other digests, +particularly SHA\-1 and MD5, are still widely used for interoperating with existing formats and protocols. .PP When signing a file, this command will automatically determine the algorithm -(\s-1RSA, ECC,\s0 etc) to use for signing based on the private key's \s-1ASN.1\s0 info. -When verifying signatures, it only handles the \s-1RSA, DSA,\s0 or \s-1ECDSA\s0 signature +(RSA, ECC, etc) to use for signing based on the private key\*(Aqs ASN.1 info. +When verifying signatures, it only handles the RSA, DSA, or ECDSA signature itself, not the related data to identify the signer and algorithm used in -formats such as x.509, \s-1CMS,\s0 and S/MIME. +formats such as x.509, CMS, and S/MIME. .PP A source of random numbers is required for certain signing algorithms, in -particular \s-1ECDSA\s0 and \s-1DSA.\s0 +particular ECDSA and DSA. .PP The signing and verify options should only be used if a single file is being signed or verified. .PP -Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R" +Hex signatures cannot be verified using \fBopenssl\fR. Instead, use "xxd \-r" or similar program to transform the hex signature into a binary signature prior to verification. .PP @@ -383,17 +308,17 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\-mac\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. -The FIPS-related options were removed in OpenSSL 1.1.0. +The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. +The FIPS\-related options were removed in OpenSSL 1.1.0. .PP The \fB\-engine\fR and \fB\-engine_impl\fR options were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-dhparam.1.orig +++ secure/usr.bin/openssl/man/openssl-dhparam.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-DHPARAM 1ossl" -.TH OPENSSL-DHPARAM 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-DHPARAM 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-dhparam \- DH parameter manipulation and generation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl dhparam\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-dsaparam\fR] @@ -162,21 +87,21 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fInumbits\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command is used to manipulate \s-1DH\s0 parameter files. +This command is used to manipulate DH parameter files. .PP -See \*(L"\s-1EXAMPLES\*(R"\s0 in \fBopenssl\-genpkey\fR\|(1) for examples on how to generate +See "EXAMPLES" in \fBopenssl\-genpkey\fR\|(1) for examples on how to generate a key using a named safe prime group without generating intermediate parameters. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR, \fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM, -outform DER|PEM" -The input format and output format; the default is \fB\s-1PEM\s0\fR. +The input format and output format; the default is \fBPEM\fR. The object is compatible with the PKCS#3 \fBDHparameter\fR structure. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-in\fR \fIfilename\fR" 4 @@ -188,18 +113,18 @@ This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should \fBnot\fR be the same as the input filename. -.IP "\fB\-dsaparam\fR" 4 +.IP \fB\-dsaparam\fR 4 .IX Item "-dsaparam" -If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created; -they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such -that (p\-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation. +If this option is used, DSA rather than DH parameters are read or created; +they are converted to DH format. Otherwise, "strong" primes (such +that (p\-1)/2 is also prime) will be used for DH parameter generation. .Sp -\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster, -and the recommended exponent length is shorter, which makes \s-1DH\s0 key -exchange more efficient. Beware that with such DSA-style \s-1DH\s0 -parameters, a fresh \s-1DH\s0 key should be created for each use to -avoid small-subgroup attacks that may be possible otherwise. -.IP "\fB\-check\fR" 4 +DH parameter generation with the \fB\-dsaparam\fR option is much faster, +and the recommended exponent length is shorter, which makes DH key +exchange more efficient. Beware that with such DSA\-style DH +parameters, a fresh DH key should be created for each use to +avoid small\-subgroup attacks that may be possible otherwise. +.IP \fB\-check\fR 4 .IX Item "-check" Performs numerous checks to see if the supplied parameters are valid and displays a warning if not. @@ -209,7 +134,7 @@ input file is ignored and parameters are generated instead. If not present but \fInumbits\fR is present, parameters are generated with the default generator 2. -.IP "\fInumbits\fR" 4 +.IP \fInumbits\fR 4 .IX Item "numbits" This option specifies that a parameter set should be generated of size \&\fInumbits\fR. It must be the last option. If this option is present then @@ -217,19 +142,19 @@ this option is not present but a generator (\fB\-2\fR, \fB\-3\fR or \fB\-5\fR) is present, parameters are generated with a default length of 2048 bits. The minimum length is 512 bits. The maximum length is 10000 bits. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option inhibits the output of the encoded version of the parameters. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" -This option prints out the \s-1DH\s0 parameters in human readable form. +This option prints out the DH parameters in human readable form. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -238,8 +163,8 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "NOTES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH NOTES .IX Header "NOTES" This command replaces the \fBdh\fR and \fBgendh\fR commands of previous releases. @@ -249,16 +174,16 @@ \&\fBopenssl\-pkeyparam\fR\|(1), \&\fBopenssl\-dsaparam\fR\|(1), \&\fBopenssl\-genpkey\fR\|(1). -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. .PP The \fB\-C\fR option was removed in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-dsa.1.orig +++ secure/usr.bin/openssl/man/openssl-dsa.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-DSA 1ossl" -.TH OPENSSL-DSA 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-DSA 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-dsa \- DSA key processing -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBdsa\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-out\fR \fIfilename\fR] @@ -174,31 +99,31 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command processes \s-1DSA\s0 keys. They can be converted between various +This command processes DSA keys. They can be converted between various forms and their components printed out. \fBNote\fR This command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the \fBpkcs8\fR -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM" The key input format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The key output format; the default is \fB\s-1PEM\s0\fR. +The key output format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp -Private keys are a sequence of \fB\s-1ASN.1 INTEGERS\s0\fR: the version (zero), \fBp\fR, +Private keys are a sequence of \fBASN.1 INTEGERS\fR: the version (zero), \fBp\fR, \&\fBq\fR, \fBg\fR, and the public and private key components. Public keys -are a \fBSubjectPublicKeyInfo\fR structure with the \fB\s-1DSA\s0\fR type. +are a \fBSubjectPublicKeyInfo\fR structure with the \fBDSA\fR type. .Sp -The \fB\s-1PEM\s0\fR format also accepts PKCS#8 data. +The \fBPEM\fR format also accepts PKCS#8 data. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" This specifies the input filename to read a key from or standard input if this @@ -223,37 +148,37 @@ means that this command can be used to remove the pass phrase from a key by not giving any encryption option is given, or to add or change the pass phrase by setting them. -These options can only be used with \s-1PEM\s0 format output files. -.IP "\fB\-text\fR" 4 +These options can only be used with PEM format output files. +.IP \fB\-text\fR 4 .IX Item "-text" Prints out the public, private key components and parameters. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option prevents output of the encoded version of the key. -.IP "\fB\-modulus\fR" 4 +.IP \fB\-modulus\fR 4 .IX Item "-modulus" This option prints out the value of the public key component of the key. -.IP "\fB\-pubin\fR" 4 +.IP \fB\-pubin\fR 4 .IX Item "-pubin" By default, a private key is read from the input file. With this option a public key is read instead. -.IP "\fB\-pubout\fR" 4 +.IP \fB\-pubout\fR 4 .IX Item "-pubout" By default, a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. -.IP "\fB\-pvk\-strong\fR" 4 +.IP \fB\-pvk\-strong\fR 4 .IX Item "-pvk-strong" -Enable 'Strong' \s-1PVK\s0 encoding level (default). -.IP "\fB\-pvk\-weak\fR" 4 +Enable \*(AqStrong\*(Aq PVK encoding level (default). +.IP \fB\-pvk\-weak\fR 4 .IX Item "-pvk-weak" -Enable 'Weak' \s-1PVK\s0 encoding level. -.IP "\fB\-pvk\-none\fR" 4 +Enable \*(AqWeak\*(Aq PVK encoding level. +.IP \fB\-pvk\-none\fR 4 .IX Item "-pvk-none" -Don't enforce \s-1PVK\s0 encoding. +Don\*(Aqt enforce PVK encoding. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -263,28 +188,28 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .PP The \fBopenssl\-pkey\fR\|(1) command is capable of performing all the operations this command can, as well as supporting other public key types. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The documentation for the \fBopenssl\-pkey\fR\|(1) command contains examples equivalent to the ones listed here. .PP -To remove the pass phrase on a \s-1DSA\s0 private key: +To remove the pass phrase on a DSA private key: .PP .Vb 1 \& openssl dsa \-in key.pem \-out keyout.pem .Ve .PP -To encrypt a private key using triple \s-1DES:\s0 +To encrypt a private key using triple DES: .PP .Vb 1 \& openssl dsa \-in key.pem \-des3 \-out keyout.pem .Ve .PP -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +To convert a private key from PEM to DER format: .PP .Vb 1 \& openssl dsa \-in key.pem \-outform DER \-out keyout.der @@ -309,14 +234,14 @@ \&\fBopenssl\-gendsa\fR\|(1), \&\fBopenssl\-rsa\fR\|(1), \&\fBopenssl\-genrsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-dsaparam.1.orig +++ secure/usr.bin/openssl/man/openssl-dsaparam.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-DSAPARAM 1ossl" -.TH OPENSSL-DSAPARAM 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-DSAPARAM 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-dsaparam \- DSA parameter manipulation and generation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl dsaparam\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-noout\fR] @@ -159,28 +84,28 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fInumbits\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command is used to manipulate or generate \s-1DSA\s0 parameter files. +This command is used to manipulate or generate DSA parameter files. .PP -\&\s-1DSA\s0 parameter generation can be a slow process and as a result the same set of -\&\s-1DSA\s0 parameters is often used to generate several distinct keys. -.SH "OPTIONS" +DSA parameter generation can be a slow process and as a result the same set of +DSA parameters is often used to generate several distinct keys. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM" -The \s-1DSA\s0 parameters input format; unspecified by default. +The DSA parameters input format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The \s-1DSA\s0 parameters output format; the default is \fB\s-1PEM\s0\fR. +The DSA parameters output format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp -Parameters are a sequence of \fB\s-1ASN.1 INTEGER\s0\fRs: \fBp\fR, \fBq\fR, and \fBg\fR. -This is compatible with \s-1RFC 2459\s0 \fBDSS-Parms\fR structure. +Parameters are a sequence of \fBASN.1 INTEGER\fRs: \fBp\fR, \fBq\fR, and \fBg\fR. +This is compatible with RFC 2459 \fBDSS\-Parms\fR structure. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" This specifies the input filename to read parameters from or standard input if @@ -191,27 +116,27 @@ This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should \fBnot\fR be the same as the input filename. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option inhibits the output of the encoded version of the parameters. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" -This option prints out the \s-1DSA\s0 parameters in human readable form. -.IP "\fB\-genkey\fR" 4 +This option prints out the DSA parameters in human readable form. +.IP \fB\-genkey\fR 4 .IX Item "-genkey" -This option will generate a \s-1DSA\s0 either using the specified or generated +This option will generate a DSA either using the specified or generated parameters. -.IP "\fB\-verbose\fR" 4 +.IP \fB\-verbose\fR 4 .IX Item "-verbose" Print extra details about the operations being performed. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. -.IP "\fInumbits\fR" 4 +.IP \fInumbits\fR 4 .IX Item "numbits" This option specifies that a parameter set should be generated of size \&\fInumbits\fR. It must be the last option. If this option is included then @@ -224,7 +149,7 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), @@ -233,16 +158,16 @@ \&\fBopenssl\-dsa\fR\|(1), \&\fBopenssl\-genrsa\fR\|(1), \&\fBopenssl\-rsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. .PP The \fB\-C\fR option was removed in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-ec.1.orig +++ secure/usr.bin/openssl/man/openssl-ec.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-EC 1ossl" -.TH OPENSSL-EC 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-EC 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-ec \- EC key processing -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBec\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR|\fIuri\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-out\fR \fIfilename\fR] @@ -166,29 +91,29 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The \fBopenssl\-ec\fR\|(1) command processes \s-1EC\s0 keys. They can be converted between +The \fBopenssl\-ec\fR\|(1) command processes EC keys. They can be converted between various forms and their components printed out. \fBNote\fR OpenSSL uses the -private key format specified in '\s-1SEC 1:\s0 Elliptic Curve Cryptography' -(http://www.secg.org/). To convert an OpenSSL \s-1EC\s0 private key into the +private key format specified in \*(AqSEC 1: Elliptic Curve Cryptography\*(Aq +(http://www.secg.org/). To convert an OpenSSL EC private key into the PKCS#8 private key format use the \fBopenssl\-pkcs8\fR\|(1) command. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-inform DER|PEM|P12|ENGINE" The key input format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The key output format; the default is \fB\s-1PEM\s0\fR. +The key output format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp -Private keys are an \s-1SEC1\s0 private key or PKCS#8 format. -Public keys are a \fBSubjectPublicKeyInfo\fR as specified in \s-1IETF RFC 3280.\s0 +Private keys are an SEC1 private key or PKCS#8 format. +Public keys are a \fBSubjectPublicKeyInfo\fR as specified in IETF RFC 3280. .IP "\fB\-in\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-in filename|uri" This specifies the input to read a key from or standard input if this @@ -205,30 +130,30 @@ The password source for the input and output file. For more information about the format of \fBarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-des\fR|\fB\-des3\fR|\fB\-idea\fR" 4 +.IP \fB\-des\fR|\fB\-des3\fR|\fB\-idea\fR 4 .IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or +These options encrypt the private key with the DES, triple DES, IDEA or any other cipher supported by OpenSSL before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using this command to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. -These options can only be used with \s-1PEM\s0 format output files. -.IP "\fB\-text\fR" 4 +These options can only be used with PEM format output files. +.IP \fB\-text\fR 4 .IX Item "-text" Prints out the public, private key components and parameters. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option prevents output of the encoded version of the key. -.IP "\fB\-param_out\fR" 4 +.IP \fB\-param_out\fR 4 .IX Item "-param_out" Print the elliptic curve parameters. -.IP "\fB\-pubin\fR" 4 +.IP \fB\-pubin\fR 4 .IX Item "-pubin" By default, a private key is read from the input file. With this option a public key is read instead. -.IP "\fB\-pubout\fR" 4 +.IP \fB\-pubout\fR 4 .IX Item "-pubout" By default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is @@ -241,25 +166,25 @@ the point conversion forms please read the X9.62 standard. \&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled by default for binary curves and can be enabled by defining -the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +the preprocessor macro \fBOPENSSL_EC_BIN_PT_COMP\fR at compile time. .IP "\fB\-param_enc\fR \fIarg\fR" 4 .IX Item "-param_enc arg" This specifies how the elliptic curve parameters are encoded. Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are -specified by an \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are -explicitly given (see \s-1RFC 3279\s0 for the definition of the -\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. -\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC 3279,\s0 +specified by an OID, or \fBexplicit\fR where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in RFC 3279, is currently not implemented in OpenSSL. -.IP "\fB\-no_public\fR" 4 +.IP \fB\-no_public\fR 4 .IX Item "-no_public" This option omits the public key components from the private key output. -.IP "\fB\-check\fR" 4 +.IP \fB\-check\fR 4 .IX Item "-check" -This option checks the consistency of an \s-1EC\s0 private or public key. +This option checks the consistency of an EC private or public key. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -269,22 +194,22 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .PP The \fBopenssl\-pkey\fR\|(1) command is capable of performing all the operations this command can, as well as supporting other public key types. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The documentation for the \fBopenssl\-pkey\fR\|(1) command contains examples equivalent to the ones listed here. .PP -To encrypt a private key using triple \s-1DES:\s0 +To encrypt a private key using triple DES: .PP .Vb 1 \& openssl ec \-in key.pem \-des3 \-out keyout.pem .Ve .PP -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +To convert a private key from PEM to DER format: .PP .Vb 1 \& openssl ec \-in key.pem \-outform DER \-out keyout.der @@ -320,17 +245,17 @@ \&\fBopenssl\-ecparam\fR\|(1), \&\fBopenssl\-dsa\fR\|(1), \&\fBopenssl\-rsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. .PP The \fB\-conv_form\fR and \fB\-no_public\fR options are no longer supported with keys loaded from an engine in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2003\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-ecparam.1.orig +++ secure/usr.bin/openssl/man/openssl-ecparam.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-ECPARAM 1ossl" -.TH OPENSSL-ECPARAM 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-ECPARAM 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-ecparam \- EC parameter manipulation and generation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl ecparam\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-noout\fR] @@ -164,27 +89,27 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command is used to manipulate or generate \s-1EC\s0 parameter files. +This command is used to manipulate or generate EC parameter files. .PP OpenSSL is currently not able to generate new groups and therefore -this command can only create \s-1EC\s0 parameters from known (named) curves. -.SH "OPTIONS" +this command can only create EC parameters from known (named) curves. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM" -The \s-1EC\s0 parameters input format; unspecified by default. +The EC parameters input format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The \s-1EC\s0 parameters output format; the default is \fB\s-1PEM\s0\fR. +The EC parameters output format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp -Parameters are encoded as \fBEcpkParameters\fR as specified in \s-1IETF RFC 3279.\s0 +Parameters are encoded as \fBEcpkParameters\fR as specified in IETF RFC 3279. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" This specifies the input filename to read parameters from or standard input if @@ -194,26 +119,26 @@ This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should \fBnot\fR be the same as the input filename. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option inhibits the output of the encoded version of the parameters. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" -This option prints out the \s-1EC\s0 parameters in human readable form. -.IP "\fB\-check\fR" 4 +This option prints out the EC parameters in human readable form. +.IP \fB\-check\fR 4 .IX Item "-check" Validate the elliptic curve parameters. -.IP "\fB\-check_named\fR" 4 +.IP \fB\-check_named\fR 4 .IX Item "-check_named" Validate the elliptic name curve parameters by checking if the curve parameters -match any built-in curves. +match any built\-in curves. .IP "\fB\-name\fR \fIarg\fR" 4 .IX Item "-name arg" -Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR -to get a list of all currently implemented \s-1EC\s0 parameters. -.IP "\fB\-list_curves\fR" 4 +Use the EC parameters with the specified \*(Aqshort\*(Aq name. Use \fB\-list_curves\fR +to get a list of all currently implemented EC parameters. +.IP \fB\-list_curves\fR 4 .IX Item "-list_curves" -Print out a list of all currently implemented \s-1EC\s0 parameters names and exit. +Print out a list of all currently implemented EC parameters names and exit. .IP "\fB\-conv_form\fR \fIarg\fR" 4 .IX Item "-conv_form arg" This specifies how the points on the elliptic curve are converted @@ -222,30 +147,30 @@ the point conversion forms please read the X9.62 standard. \&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled by default for binary curves and can be enabled by defining -the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +the preprocessor macro \fBOPENSSL_EC_BIN_PT_COMP\fR at compile time. .IP "\fB\-param_enc\fR \fIarg\fR" 4 .IX Item "-param_enc arg" This specifies how the elliptic curve parameters are encoded. Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are -specified by an \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are -explicitly given (see \s-1RFC 3279\s0 for the definition of the -\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. -\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC 3279,\s0 +specified by an OID, or \fBexplicit\fR where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in RFC 3279, is currently not implemented in OpenSSL. -.IP "\fB\-no_seed\fR" 4 +.IP \fB\-no_seed\fR 4 .IX Item "-no_seed" -This option inhibits that the 'seed' for the parameter generation -is included in the ECParameters structure (see \s-1RFC 3279\s0). -.IP "\fB\-genkey\fR" 4 +This option inhibits that the \*(Aqseed\*(Aq for the parameter generation +is included in the ECParameters structure (see RFC 3279). +.IP \fB\-genkey\fR 4 .IX Item "-genkey" -This option will generate an \s-1EC\s0 private key using the specified parameters. +This option will generate an EC private key using the specified parameters. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -254,47 +179,47 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .PP The \fBopenssl\-genpkey\fR\|(1) and \fBopenssl\-pkeyparam\fR\|(1) commands are capable of performing all the operations this command can, as well as supporting other public key types. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The documentation for the \fBopenssl\-genpkey\fR\|(1) and \fBopenssl\-pkeyparam\fR\|(1) commands contains examples equivalent to the ones listed here. .PP -To create \s-1EC\s0 parameters with the group 'prime192v1': +To create EC parameters with the group \*(Aqprime192v1\*(Aq: .PP .Vb 1 \& openssl ecparam \-out ec_param.pem \-name prime192v1 .Ve .PP -To create \s-1EC\s0 parameters with explicit parameters: +To create EC parameters with explicit parameters: .PP .Vb 1 \& openssl ecparam \-out ec_param.pem \-name prime192v1 \-param_enc explicit .Ve .PP -To validate given \s-1EC\s0 parameters: +To validate given EC parameters: .PP .Vb 1 \& openssl ecparam \-in ec_param.pem \-check .Ve .PP -To create \s-1EC\s0 parameters and a private key: +To create EC parameters and a private key: .PP .Vb 1 \& openssl ecparam \-out ec_key.pem \-name prime192v1 \-genkey .Ve .PP -To change the point encoding to 'compressed': +To change the point encoding to \*(Aqcompressed\*(Aq: .PP .Vb 1 \& openssl ecparam \-in ec_in.pem \-out ec_out.pem \-conv_form compressed .Ve .PP -To print out the \s-1EC\s0 parameters to standard output: +To print out the EC parameters to standard output: .PP .Vb 1 \& openssl ecparam \-in ec_param.pem \-noout \-text @@ -306,16 +231,16 @@ \&\fBopenssl\-genpkey\fR\|(1), \&\fBopenssl\-ec\fR\|(1), \&\fBopenssl\-dsaparam\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. .PP The \fB\-C\fR option was removed in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2003\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-enc.1.orig +++ secure/usr.bin/openssl/man/openssl-enc.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,81 +53,22 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-ENC 1ossl" -.TH OPENSSL-ENC 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-ENC 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-enc \- symmetric cipher routines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBenc\fR|\fIcipher\fR -[\fB\-\f(BIcipher\fB\fR] +[\fB\-\fR\f(BIcipher\fR] [\fB\-help\fR] [\fB\-list\fR] [\fB\-ciphers\fR] @@ -158,7 +83,7 @@ [\fB\-k\fR \fIpassword\fR] [\fB\-kfile\fR \fIfilename\fR] [\fB\-K\fR \fIkey\fR] -[\fB\-iv\fR \fI\s-1IV\s0\fR] +[\fB\-iv\fR \fIIV\fR] [\fB\-S\fR \fIsalt\fR] [\fB\-salt\fR] [\fB\-nosalt\fR] @@ -181,24 +106,24 @@ [\fB\-propquery\fR \fIpropq\fR] .PP \&\fBopenssl\fR \fIcipher\fR [\fB...\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The symmetric cipher commands allow data to be encrypted or decrypted using various block and stream ciphers using keys based on passwords or explicitly provided. Base64 encoding or decoding can also be performed either by itself or in addition to the encryption or decryption. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IP \fB\-\fR\f(BIcipher\fR 4 .IX Item "-cipher" The cipher to use. -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-list\fR" 4 +.IP \fB\-list\fR 4 .IX Item "-list" List all supported ciphers. -.IP "\fB\-ciphers\fR" 4 +.IP \fB\-ciphers\fR 4 .IX Item "-ciphers" Alias of \-list to display all supported ciphers. .IP "\fB\-in\fR \fIfilename\fR" 4 @@ -211,23 +136,29 @@ .IX Item "-pass arg" The password source. For more information about the format of \fIarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-e\fR" 4 +.IP \fB\-e\fR 4 .IX Item "-e" Encrypt the input data: this is the default. -.IP "\fB\-d\fR" 4 +.IP \fB\-d\fR 4 .IX Item "-d" Decrypt the input data. -.IP "\fB\-a\fR" 4 +.IP \fB\-a\fR 4 .IX Item "-a" Base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted. -.IP "\fB\-base64\fR" 4 +.Sp +When the \fB\-A\fR option not given, +on encoding a newline is inserted after each 64 characters, and +on decoding a newline is expected among the first 1024 bytes of input. +.IP \fB\-base64\fR 4 .IX Item "-base64" Same as \fB\-a\fR -.IP "\fB\-A\fR" 4 +.IP \fB\-A\fR 4 .IX Item "-A" -If the \fB\-a\fR option is set then base64 process the data on one line. +If the \fB\-a\fR option is set then base64 encoding produces output without any +newline character, and base64 decoding does not require any newlines. +Therefore it can be helpful to use the \fB\-A\fR option when decoding unknown input. .IP "\fB\-k\fR \fIpassword\fR" 4 .IX Item "-k password" The password to derive the key from. This is for compatibility with previous @@ -244,18 +175,18 @@ .IP "\fB\-iter\fR \fIcount\fR" 4 .IX Item "-iter count" Use a given number of iterations on the password in deriving the encryption key. -High values increase the time required to brute-force the resulting file. -This option enables the use of \s-1PBKDF2\s0 algorithm to derive the key. -.IP "\fB\-pbkdf2\fR" 4 +High values increase the time required to brute\-force the resulting file. +This option enables the use of PBKDF2 algorithm to derive the key. +.IP \fB\-pbkdf2\fR 4 .IX Item "-pbkdf2" -Use \s-1PBKDF2\s0 algorithm with a default iteration count of 10000 +Use PBKDF2 algorithm with a default iteration count of 10000 unless otherwise specified by the \fB\-iter\fR command line option. -.IP "\fB\-nosalt\fR" 4 +.IP \fB\-nosalt\fR 4 .IX Item "-nosalt" -Don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be +Don\*(Aqt use a salt in the key derivation routines. This option \fBSHOULD NOT\fR be used except for test purposes or compatibility with ancient versions of OpenSSL. -.IP "\fB\-salt\fR" 4 +.IP \fB\-salt\fR 4 .IX Item "-salt" Use salt (randomly generated or provide with \fB\-S\fR option) when encrypting, this is the default. @@ -267,47 +198,50 @@ .IP "\fB\-K\fR \fIkey\fR" 4 .IX Item "-K key" The actual key to use: this must be represented as a string comprised only -of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified +of hex digits. If only the key is specified, the IV must additionally specified using the \fB\-iv\fR option. When both a key and a password are specified, the -key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the +key given with the \fB\-K\fR option will be used and the IV generated from the password will be taken. It does not make much sense to specify both key and password. -.IP "\fB\-iv\fR \fI\s-1IV\s0\fR" 4 +.IP "\fB\-iv\fR \fIIV\fR" 4 .IX Item "-iv IV" -The actual \s-1IV\s0 to use: this must be represented as a string comprised only +The actual IV to use: this must be represented as a string comprised only of hex digits. When only the key is specified using the \fB\-K\fR option, the -\&\s-1IV\s0 must explicitly be defined. When a password is being specified using -one of the other options, the \s-1IV\s0 is generated from this password. -.IP "\fB\-p\fR" 4 +IV must explicitly be defined. When a password is being specified using +one of the other options, the IV is generated from this password. +.IP \fB\-p\fR 4 .IX Item "-p" -Print out the key and \s-1IV\s0 used. -.IP "\fB\-P\fR" 4 +Print out the key and IV used. +.IP \fB\-P\fR 4 .IX Item "-P" -Print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption +Print out the key and IV used then immediately exit: don\*(Aqt do any encryption or decryption. -.IP "\fB\-bufsize\fR \fInumber\fR" 4 -.IX Item "-bufsize number" +.IP "\fB\-bufsize\fR \fInumber\fR[\fBk\fR]" 4 +.IX Item "-bufsize number[k]" Set the buffer size for I/O. -.IP "\fB\-nopad\fR" 4 +The maximum size that can be specified is \fB2^31\-1\fR (2147483647) bytes. +The \fBk\fR suffix can be specified to indicate that \fInumber\fR is provided +in kibibytes (multiples of 1024 bytes). +.IP \fB\-nopad\fR 4 .IX Item "-nopad" Disable standard block padding. -.IP "\fB\-v\fR" 4 +.IP \fB\-v\fR 4 .IX Item "-v" Verbose print; display some statistics about I/O and buffer sizes. -.IP "\fB\-debug\fR" 4 +.IP \fB\-debug\fR 4 .IX Item "-debug" Debug the BIOs used for I/O. -.IP "\fB\-z\fR" 4 +.IP \fB\-z\fR 4 .IX Item "-z" Compress or decompress encrypted data using zlib after encryption or before decryption. This option exists only if OpenSSL was compiled with the zlib -or zlib-dynamic option. -.IP "\fB\-none\fR" 4 +or zlib\-dynamic option. +.IP \fB\-none\fR 4 .IX Item "-none" -Use \s-1NULL\s0 cipher (no encryption or decryption of input). +Use NULL cipher (no encryption or decryption of input). .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -316,32 +250,32 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The program can be called either as \f(CW\*(C`openssl \f(CIcipher\f(CW\*(C'\fR or -\&\f(CW\*(C`openssl enc \-\f(CIcipher\f(CW\*(C'\fR. The first form doesn't work with -engine-provided ciphers, because this form is processed before the +The program can be called either as \f(CW\*(C`openssl \fR\f(CIcipher\fR\f(CW\*(C'\fR or +\&\f(CW\*(C`openssl enc \-\fR\f(CIcipher\fR\f(CW\*(C'\fR. The first form doesn\*(Aqt work with +engine\-provided ciphers, because this form is processed before the configuration file is read and any ENGINEs loaded. Use the \fBopenssl\-list\fR\|(1) command to get a list of supported ciphers. .PP Engines which provide entirely new encryption algorithms (such as the ccgost engine which provides gost89 algorithm) should be configured in the configuration file. Engines specified on the command line using \fB\-engine\fR -option can only be used for hardware-assisted implementations of +option can only be used for hardware\-assisted implementations of ciphers which are supported by the OpenSSL core or another engine specified in the configuration file. .PP When the enc command lists supported ciphers, ciphers provided by engines, specified in the configuration files are listed too. .PP -A password will be prompted for to derive the key and \s-1IV\s0 if necessary. +A password will be prompted for to derive the key and IV if necessary. .PP -The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived +The \fB\-salt\fR option should \fBALWAYS\fR be used if the key is being derived from a password unless you want compatibility with previous versions of OpenSSL. .PP @@ -356,19 +290,19 @@ .PP Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use -a strong block cipher, such as \s-1AES,\s0 in \s-1CBC\s0 mode. +a strong block cipher, such as AES, in CBC mode. .PP -All the block ciphers normally use PKCS#5 padding, also known as standard +All the block ciphers normally use PKCS#7 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However, since the chance of random data passing the test -is better than 1 in 256 it isn't a very good test. +is better than 1 in 256 it isn\*(Aqt a very good test. .PP If padding is disabled then the input data must be a multiple of the cipher block length. .PP -All \s-1RC2\s0 ciphers have the same key and effective key length. +All RC2 ciphers have the same key and effective key length. .PP -Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. +Blowfish and RC5 algorithms use a 128 bit key. .PP Please note that OpenSSL 3.0 changed the effect of the \fB\-S\fR option. Any explicit salt value specified via this option is no longer prepended to the @@ -392,15 +326,15 @@ ones provided by configured engines. .PP This command does not support authenticated encryption modes -like \s-1CCM\s0 and \s-1GCM,\s0 and will not support such modes in the future. +like CCM and GCM, and will not support such modes in the future. This is due to having to begin streaming output (e.g., to standard output when \fB\-out\fR is not used) before the authentication tag could be validated. When this command is used in a pipeline, the receiving end will not be -able to roll back upon authentication failure. The \s-1AEAD\s0 modes currently in +able to roll back upon authentication failure. The AEAD modes currently in common use also suffer from catastrophic failure of confidentiality and/or integrity upon reuse of key/iv/nonce, and since \fBopenssl enc\fR places the entire burden of key/iv/nonce management upon the user, the risk of -exposing \s-1AEAD\s0 modes is too great to allow. These key/iv/nonce +exposing AEAD modes is too great to allow. These key/iv/nonce management issues also affect other modes currently exposed in this command, but the failure modes are less extreme in these cases, and the functionality cannot be removed with a stable release branch. @@ -513,7 +447,7 @@ \& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode \& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode .Ve -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Just base64 encode a binary file: .PP @@ -527,8 +461,8 @@ \& openssl base64 \-d \-in file.b64 \-out file.bin .Ve .PP -Encrypt a file using \s-1AES\-128\s0 using a prompted password -and \s-1PBKDF2\s0 key derivation: +Encrypt a file using AES\-128 using a prompted password +and PBKDF2 key derivation: .PP .Vb 1 \& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128 @@ -542,7 +476,7 @@ .Ve .PP Encrypt a file then base64 encode it (so it can be sent via mail for example) -using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation: +using AES\-256 in CTR mode and PBKDF2 key derivation: .PP .Vb 1 \& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256 @@ -554,25 +488,28 @@ \& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e \& \-pass file: .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The \fB\-A\fR option when used with large files doesn't work properly. +The \fB\-A\fR option when used with large files doesn\*(Aqt work properly. +On the other hand, when base64 decoding without the \fB\-A\fR option, +if the first 1024 bytes of input do not include a newline character +the first two lines of input are ignored. .PP The \fBopenssl enc\fR command only supports a fixed number of algorithms with -certain parameters. So if, for example, you want to use \s-1RC2\s0 with a -76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. -.SH "HISTORY" +certain parameters. So if, for example, you want to use RC2 with a +76 bit key or RC4 with an 84 bit key you can\*(Aqt use this program. +.SH HISTORY .IX Header "HISTORY" -The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. .PP The \fB\-list\fR option was added in OpenSSL 1.1.1e. .PP The \fB\-ciphers\fR and \fB\-engine\fR options were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-engine.1.orig +++ secure/usr.bin/openssl/man/openssl-engine.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-ENGINE 1ossl" -.TH OPENSSL-ENGINE 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-ENGINE 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-engine \- load and query engines -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl engine\fR [\fB\-help\fR] @@ -154,32 +79,32 @@ [\fB\-pre\fR \fIcommand\fR] ... [\fB\-post\fR \fIcommand\fR] ... [\fIengine\fR ...] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command has been deprecated. Providers should be used instead of engines. .PP This command is used to query the status and capabilities of the specified \fIengine\fRs. -Engines may be specified before and after all other command-line flags. +Engines may be specified before and after all other command\-line flags. Only those specified are queried. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Display an option summary. .IP "\fB\-v\fR \fB\-vv\fR \fB\-vvv\fR \fB\-vvvv\fR" 4 .IX Item "-v -vv -vvv -vvvv" Provides information about each specified engine. The first flag lists -all the possible run-time control commands; the second adds a +all the possible run\-time control commands; the second adds a description of each command; the third adds the input flags, and the final option adds the internal input flags. -.IP "\fB\-c\fR" 4 +.IP \fB\-c\fR 4 .IX Item "-c" Lists the capabilities of each engine. -.IP "\fB\-t\fR" 4 +.IP \fB\-t\fR 4 .IX Item "-t" Tests if each specified engine is available, and displays the answer. -.IP "\fB\-tt\fR" 4 +.IP \fB\-tt\fR 4 .IX Item "-tt" Displays an error trace for any unavailable engine. .IP "\fB\-pre\fR \fIcommand\fR" 4 @@ -188,7 +113,7 @@ .IP "\fB\-post\fR \fIcommand\fR" 4 .IX Item "-post command" .PD -Command-line configuration of engines. +Command\-line configuration of engines. The \fB\-pre\fR command is given to the engine before it is loaded and the \fB\-post\fR command is given after the engine is loaded. The \fIcommand\fR is of the form \fIcmd\fR:\fIval\fR where \fIcmd\fR is the command, @@ -197,7 +122,7 @@ .Sp These two options are cumulative, so they may be given more than once in the same command. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" To list all the commands available to a dynamic engine: .PP @@ -229,23 +154,23 @@ \& [RSA] \& (dynamic) Dynamic engine loading support .Ve -.SH "ENVIRONMENT" +.SH ENVIRONMENT .IX Header "ENVIRONMENT" -.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IP \fBOPENSSL_ENGINES\fR 4 .IX Item "OPENSSL_ENGINES" The path to the engines directory. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), \&\fBconfig\fR\|(5) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This command was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-errstr.1.orig +++ secure/usr.bin/openssl/man/openssl-errstr.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,94 +53,35 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-ERRSTR 1ossl" -.TH OPENSSL-ERRSTR 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-ERRSTR 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-errstr \- lookup error codes -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl errstr\fR [\fB\-help\fR] \&\fIerror_code...\fR -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Sometimes an application will not load error message texts and only numerical forms will be available. This command can be used to display the meaning of the hex code. The hex code is the hex digits after the second colon. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Display a usage message. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The error code: .PP @@ -175,11 +100,11 @@ .Vb 1 \& error:2006D080:BIO routines::no such file .Ve -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-fipsinstall.1.orig +++ secure/usr.bin/openssl/man/openssl-fipsinstall.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-FIPSINSTALL 1ossl" -.TH OPENSSL-FIPSINSTALL 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-FIPSINSTALL 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-fipsinstall \- perform FIPS configuration installation -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl fipsinstall\fR [\fB\-help\fR] @@ -160,55 +85,55 @@ [\fB\-corrupt_desc\fR \fIselftest_description\fR] [\fB\-corrupt_type\fR \fIselftest_type\fR] [\fB\-config\fR \fIparent_config\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command is used to generate a \s-1FIPS\s0 module configuration file. -This configuration file can be used each time a \s-1FIPS\s0 module is loaded -in order to pass data to the \s-1FIPS\s0 module self tests. The \s-1FIPS\s0 module always -verifies its \s-1MAC,\s0 but optionally only needs to run the \s-1KAT\s0's once, +This command is used to generate a FIPS module configuration file. +This configuration file can be used each time a FIPS module is loaded +in order to pass data to the FIPS module self tests. The FIPS module always +verifies its MAC, but optionally only needs to run the KAT\*(Aqs once, at installation. .PP The generated configuration file consists of: -.IP "\- A \s-1MAC\s0 of the \s-1FIPS\s0 module file." 4 +.IP "\- A MAC of the FIPS module file." 4 .IX Item "- A MAC of the FIPS module file." .PD 0 .IP "\- A test status indicator." 4 .IX Item "- A test status indicator." .PD -This indicates if the Known Answer Self Tests (\s-1KAT\s0's) have successfully run. -.IP "\- A \s-1MAC\s0 of the status indicator." 4 +This indicates if the Known Answer Self Tests (KAT\*(Aqs) have successfully run. +.IP "\- A MAC of the status indicator." 4 .IX Item "- A MAC of the status indicator." .PD 0 .IP "\- A control for conditional self tests errors." 4 .IX Item "- A control for conditional self tests errors." .PD -By default if a continuous test (e.g a key pair test) fails then the \s-1FIPS\s0 module +By default if a continuous test (e.g a key pair test) fails then the FIPS module will enter an error state, and no services or cryptographic algorithms will be able to be accessed after this point. -The default value of '1' will cause the fips module error state to be entered. -If the value is '0' then the module error state will not be entered. +The default value of \*(Aq1\*(Aq will cause the fips module error state to be entered. +If the value is \*(Aq0\*(Aq then the module error state will not be entered. Regardless of whether the error state is entered or not, the current operation (e.g. key generation) will return an error. The user is responsible for retrying the operation if the module error state is not entered. -.IP "\- A control to indicate whether run-time security checks are done." 4 +.IP "\- A control to indicate whether run\-time security checks are done." 4 .IX Item "- A control to indicate whether run-time security checks are done." -This indicates if run-time checks related to enforcement of security parameters +This indicates if run\-time checks related to enforcement of security parameters such as minimum security strength of keys and approved curve names are used. -The default value of '1' will perform the checks. -If the value is '0' the checks are not performed and \s-1FIPS\s0 compliance must +The default value of \*(Aq1\*(Aq will perform the checks. +If the value is \*(Aq0\*(Aq the checks are not performed and FIPS compliance must be done by procedures documented in the relevant Security Policy. .PP This file is described in \fBfips_config\fR\|(5). -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print a usage message. .IP "\fB\-module\fR \fIfilename\fR" 4 .IX Item "-module filename" -Filename of the \s-1FIPS\s0 module to perform an integrity check on. +Filename of the FIPS module to perform an integrity check on. The path provided in the filename is used to load the module when it is -activated, and this overrides the environment variable \fB\s-1OPENSSL_MODULES\s0\fR. +activated, and this overrides the environment variable \fBOPENSSL_MODULES\fR. .IP "\fB\-out\fR \fIconfigfilename\fR" 4 .IX Item "-out configfilename" Filename to output the configuration data to; the default is standard output. @@ -216,7 +141,7 @@ .IX Item "-in configfilename" Input filename to load configuration data from. Must be used if the \fB\-verify\fR option is specified. -.IP "\fB\-verify\fR" 4 +.IP \fB\-verify\fR 4 .IX Item "-verify" Verify that the input configuration file contains the correct information. .IP "\fB\-provider_name\fR \fIprovidername\fR" 4 @@ -229,64 +154,64 @@ The default value is \f(CW\*(C`fips_sect\*(C'\fR. .IP "\fB\-mac_name\fR \fIname\fR" 4 .IX Item "-mac_name name" -Specifies the name of a supported \s-1MAC\s0 algorithm which will be used. -The \s-1MAC\s0 mechanisms that are available will depend on the options +Specifies the name of a supported MAC algorithm which will be used. +The MAC mechanisms that are available will depend on the options used when building OpenSSL. -To see the list of supported \s-1MAC\s0's use the command -\&\f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR. The default is \fB\s-1HMAC\s0\fR. +To see the list of supported MAC\*(Aqs use the command +\&\f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR. The default is \fBHMAC\fR. .IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-macopt nm:v" -Passes options to the \s-1MAC\s0 algorithm. -A comprehensive list of controls can be found in the \s-1EVP_MAC\s0 implementation +Passes options to the MAC algorithm. +A comprehensive list of controls can be found in the EVP_MAC implementation documentation. Common control strings used for this command are: .RS 4 -.IP "\fBkey\fR:\fIstring\fR" 4 +.IP \fBkey\fR:\fIstring\fR 4 .IX Item "key:string" -Specifies the \s-1MAC\s0 key as an alphanumeric string (use if the key contains +Specifies the MAC key as an alphanumeric string (use if the key contains printable characters only). -The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. -A key must be specified for every \s-1MAC\s0 algorithm. +The string length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm. If no key is provided, the default that was specified when OpenSSL was configured is used. -.IP "\fBhexkey\fR:\fIstring\fR" 4 +.IP \fBhexkey\fR:\fIstring\fR 4 .IX Item "hexkey:string" -Specifies the \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). -The key length must conform to any restrictions of the \s-1MAC\s0 algorithm. -A key must be specified for every \s-1MAC\s0 algorithm. +Specifies the MAC key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm. If no key is provided, the default that was specified when OpenSSL was configured is used. -.IP "\fBdigest\fR:\fIstring\fR" 4 +.IP \fBdigest\fR:\fIstring\fR 4 .IX Item "digest:string" -Used by \s-1HMAC\s0 as an alphanumeric string (use if the key contains printable +Used by HMAC as an alphanumeric string (use if the key contains printable characters only). -The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +The string length must conform to any restrictions of the MAC algorithm. To see the list of supported digests, use the command \&\f(CW\*(C`openssl list \-digest\-commands\*(C'\fR. -The default digest is \s-1SHA\-256.\s0 +The default digest is SHA\-256. .RE .RS 4 .RE -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" Disable logging of the self tests. -.IP "\fB\-no_conditional_errors\fR" 4 +.IP \fB\-no_conditional_errors\fR 4 .IX Item "-no_conditional_errors" Configure the module to not enter an error state if a conditional self test fails as described above. -.IP "\fB\-no_security_checks\fR" 4 +.IP \fB\-no_security_checks\fR 4 .IX Item "-no_security_checks" -Configure the module to not perform run-time security checks as described above. -.IP "\fB\-self_test_onload\fR" 4 +Configure the module to not perform run\-time security checks as described above. +.IP \fB\-self_test_onload\fR 4 .IX Item "-self_test_onload" -Do not write the two fields related to the \*(L"test status indicator\*(R" and -\&\*(L"\s-1MAC\s0 status indicator\*(R" to the output configuration file. Without these fields -the self tests \s-1KATS\s0 will run each time the module is loaded. This option could be +Do not write the two fields related to the "test status indicator" and +"MAC status indicator" to the output configuration file. Without these fields +the self tests KATS will run each time the module is loaded. This option could be used for cross compiling, since the self tests need to run at least once on each target machine. Once the self tests have run on the target machine the user could possibly then add the 2 fields into the configuration using some other mechanism. -.IP "\fB\-quiet\fR" 4 +.IP \fB\-quiet\fR 4 .IX Item "-quiet" Do not output pass/fail messages. Implies \fB\-noout\fR. .IP "\fB\-corrupt_desc\fR \fIselftest_description\fR, \fB\-corrupt_type\fR \fIselftest_type\fR" 4 @@ -294,29 +219,29 @@ The corrupt options can be used to test failure of one or more self tests by name. Either option or both may be used to select the tests to corrupt. -Refer to the entries for \fBst-desc\fR and \fBst-type\fR in \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) for +Refer to the entries for \fBst\-desc\fR and \fBst\-type\fR in \fBOSSL_PROVIDER\-FIPS\fR\|(7) for values that can be used. .IP "\fB\-config\fR \fIparent_config\fR" 4 .IX Item "-config parent_config" -Test that a \s-1FIPS\s0 provider can be loaded from the specified configuration file. +Test that a FIPS provider can be loaded from the specified configuration file. A previous call to this application needs to generate the extra configuration data that is included by the base \f(CW\*(C`parent_config\*(C'\fR configuration file. See \fBconfig\fR\|(5) for further information on how to set up a provider section. -All other options are ignored if '\-config' is used. -.SH "NOTES" +All other options are ignored if \*(Aq\-config\*(Aq is used. +.SH NOTES .IX Header "NOTES" Self tests results are logged by default if the options \fB\-quiet\fR and \fB\-noout\fR are not specified, or if either of the options \fB\-corrupt_desc\fR or \&\fB\-corrupt_type\fR are used. If the base configuration file is set up to autoload the fips module, then the -fips module will be loaded and self tested \s-1BEFORE\s0 the fipsinstall application +fips module will be loaded and self tested BEFORE the fipsinstall application has a chance to set up its own self test callback. As a result of this the self test output and the options \fB\-corrupt_desc\fR and \fB\-corrupt_type\fR will be ignored. For normal usage the base configuration file should use the default provider when generating the fips configuration file. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Calculate the mac of a \s-1FIPS\s0 module \fIfips.so\fR and run a \s-1FIPS\s0 self test +Calculate the mac of a FIPS module \fIfips.so\fR and run a FIPS self test for the module, and save the \fIfips.cnf\fR configuration file: .PP .Vb 1 @@ -347,13 +272,16 @@ .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \&\fBfips_config\fR\|(5), -\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), -\&\s-1\fBEVP_MAC\s0\fR\|(3) -.SH "COPYRIGHT" +\&\fBOSSL_PROVIDER\-FIPS\fR\|(7), +\&\fBEVP_MAC\fR\|(3) +.SH HISTORY +.IX Header "HISTORY" +The \fBopenssl\-fipsinstall\fR application was added in OpenSSL 3.0. +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-format-options.1.orig +++ secure/usr.bin/openssl/man/openssl-format-options.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,99 +53,40 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-FORMAT-OPTIONS 1ossl" -.TH OPENSSL-FORMAT-OPTIONS 1ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-FORMAT-OPTIONS 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-format\-options \- OpenSSL command input and output format options -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \&\fIcommand\fR [ \fIoptions\fR ... ] [ \fIparameters\fR ... ] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Several OpenSSL commands can take input or generate output in a variety of formats. .PP Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from -files in any of the \fB\s-1DER\s0\fR, \fB\s-1PEM\s0\fR or \fBP12\fR formats. Specifying their input +files in any of the \fBDER\fR, \fBPEM\fR or \fBP12\fR formats. Specifying their input format is no more needed and the openssl commands will automatically try all -the possible formats. However if the \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR input format is specified +the possible formats. However if the \fBDER\fR or \fBPEM\fR input format is specified it will be enforced. .PP -In order to access a key via an engine the input format \fB\s-1ENGINE\s0\fR may be used; +In order to access a key via an engine the input format \fBENGINE\fR may be used; alternatively the key identifier in the argument of the respective key option may be preceded by \f(CW\*(C`org.openssl.engine:\*(C'\fR. -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1) for an example usage of the latter. -.SH "OPTIONS" +See "Engine Options" in \fBopenssl\fR\|(1) for an example usage of the latter. +.SH OPTIONS .IX Header "OPTIONS" .SS "Format Options" .IX Subsection "Format Options" @@ -175,7 +100,7 @@ Format of a private key input source. .IP "\fB\-CRLform\fR \fIformat\fR" 4 .IX Item "-CRLform format" -Format of a \s-1CRL\s0 input source. +Format of a CRL input source. .SS "Format Option Arguments" .IX Subsection "Format Option Arguments" The possible format arguments are described below. @@ -183,24 +108,24 @@ .PP The list of acceptable format arguments, and the default, is described in each command documentation. -.IP "\fB\s-1DER\s0\fR" 4 +.IP \fBDER\fR 4 .IX Item "DER" A binary format, encoded or parsed according to Distinguished Encoding Rules -(\s-1DER\s0) of the \s-1ASN.1\s0 data language. -.IP "\fB\s-1ENGINE\s0\fR" 4 +(DER) of the ASN.1 data language. +.IP \fBENGINE\fR 4 .IX Item "ENGINE" Used to specify that the cryptographic material is in an OpenSSL \fBengine\fR. An engine must be configured or specified using the \fB\-engine\fR option. -A password or \s-1PIN\s0 may be supplied to the engine using the \fB\-passin\fR option. -.IP "\fBP12\fR" 4 +A password or PIN may be supplied to the engine using the \fB\-passin\fR option. +.IP \fBP12\fR 4 .IX Item "P12" -A DER-encoded file containing a PKCS#12 object. +A DER\-encoded file containing a PKCS#12 object. It might be necessary to provide a decryption password to retrieve -the private key. -.IP "\fB\s-1PEM\s0\fR" 4 +the private key or certificate. +.IP \fBPEM\fR 4 .IX Item "PEM" -A text format defined in \s-1IETF RFC 1421\s0 and \s-1IETF RFC 7468.\s0 Briefly, this is -a block of base\-64 encoding (defined in \s-1IETF RFC 4648\s0), with specific +A text format defined in IETF RFC 1421 and IETF RFC 7468. Briefly, this is +a block of base\-64 encoding (defined in IETF RFC 4648), with specific lines used to mark the start and end: .Sp .Vb 7 @@ -213,7 +138,7 @@ \& Text after the END line is also ignored .Ve .Sp -The \fIobject-type\fR must match the type of object that is expected. +The \fIobject\-type\fR must match the type of object that is expected. For example a \f(CW\*(C`BEGIN X509 CERTIFICATE\*(C'\fR will not match if the command is trying to read a private key. The types supported include: .Sp @@ -241,7 +166,7 @@ \& X9.42 DH PARAMETERS .Ve .Sp -The following legacy \fIobject-type\fR's are also supported for compatibility +The following legacy \fIobject\-type\fR\*(Aqs are also supported for compatibility with earlier releases: .Sp .Vb 4 @@ -250,16 +175,16 @@ \& RSA PUBLIC KEY \& X509 CERTIFICATE .Ve -.IP "\fB\s-1SMIME\s0\fR" 4 +.IP \fBSMIME\fR 4 .IX Item "SMIME" -An S/MIME object as described in \s-1IETF RFC 8551.\s0 -Earlier versions were known as \s-1CMS\s0 and are compatible. +An S/MIME object as described in IETF RFC 8551. +Earlier versions were known as CMS and are compatible. Note that the parsing is simple and might fail to parse some legal data. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-gendsa.1.orig +++ secure/usr.bin/openssl/man/openssl-gendsa.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-GENDSA 1ossl" -.TH OPENSSL-GENDSA 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-GENDSA 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-gendsa \- generate a DSA private key from a set of parameters -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBgendsa\fR [\fB\-help\fR] @@ -166,13 +91,13 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fIparamfile\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file +This command generates a DSA private key from a DSA parameter file (which will be typically generated by the \fBopenssl\-dsaparam\fR\|(1) command). -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-out\fR \fIfilename\fR" 4 @@ -191,20 +116,20 @@ .Sp Note that all options must be given before the \fIparamfile\fR argument. Otherwise they are ignored. -.IP "\fB\-verbose\fR" 4 +.IP \fB\-verbose\fR 4 .IX Item "-verbose" Print extra details about the operations being performed. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. -.IP "\fIparamfile\fR" 4 +.IP \fIparamfile\fR 4 .IX Item "paramfile" -The \s-1DSA\s0 parameter file to use. The parameters in this file determine -the size of the private key. \s-1DSA\s0 parameters can be generated and +The DSA parameter file to use. The parameters in this file determine +the size of the private key. DSA parameters can be generated and examined using the \fBopenssl\-dsaparam\fR\|(1) command. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -214,11 +139,11 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "NOTES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH NOTES .IX Header "NOTES" -\&\s-1DSA\s0 key generation is little more than random number generation so it is -much quicker that \s-1RSA\s0 key generation for example. +DSA key generation is little more than random number generation so it is +much quicker that RSA key generation for example. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), @@ -227,14 +152,14 @@ \&\fBopenssl\-dsa\fR\|(1), \&\fBopenssl\-genrsa\fR\|(1), \&\fBopenssl\-rsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-genpkey.1.orig +++ secure/usr.bin/openssl/man/openssl-genpkey.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,86 +53,27 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-GENPKEY 1ossl" -.TH OPENSSL-GENPKEY 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-GENPKEY 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-genpkey \- generate a private key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBgenpkey\fR [\fB\-help\fR] [\fB\-out\fR \fIfilename\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-quiet\fR] [\fB\-pass\fR \fIarg\fR] -[\fB\-\f(BIcipher\fB\fR] +[\fB\-\fR\f(BIcipher\fR] [\fB\-paramfile\fR \fIfile\fR] [\fB\-algorithm\fR \fIalg\fR] [\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR] @@ -159,57 +84,57 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fB\-config\fR \fIconfigfile\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command generates a private key. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" Output the key to the specified file. If this argument is not specified then standard output is used. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The output format, except when \fB\-genparam\fR is given; the default is \fB\s-1PEM\s0\fR. +The output format, except when \fB\-genparam\fR is given; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp When \fB\-genparam\fR is given, \fB\-outform\fR is ignored. -.IP "\fB\-quiet\fR" 4 +.IP \fB\-quiet\fR 4 .IX Item "-quiet" -Do not output \*(L"status dots\*(R" while generating keys. +Do not output "status dots" while generating keys. .IP "\fB\-pass\fR \fIarg\fR" 4 .IX Item "-pass arg" The output file password source. For more information about the format of \fIarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IP \fB\-\fR\f(BIcipher\fR 4 .IX Item "-cipher" This option encrypts the private key with the supplied cipher. Any algorithm name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. .IP "\fB\-algorithm\fR \fIalg\fR" 4 .IX Item "-algorithm alg" -Public key algorithm to use such as \s-1RSA, DSA, DH\s0 or \s-1DHX.\s0 If used this option must +Public key algorithm to use such as RSA, DSA, DH or DHX. If used this option must precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR are mutually exclusive. Engines may add algorithms in addition to the standard -built-in ones. +built\-in ones. .Sp -Valid built-in algorithm names for private key generation are \s-1RSA,\s0 RSA-PSS, \s-1EC, -X25519, X448, ED25519\s0 and \s-1ED448.\s0 +Valid built\-in algorithm names for private key generation are RSA, RSA\-PSS, EC, +X25519, X448, ED25519 and ED448. .Sp -Valid built-in algorithm names for parameter generation (see the \fB\-genparam\fR -option) are \s-1DH, DSA\s0 and \s-1EC.\s0 +Valid built\-in algorithm names for parameter generation (see the \fB\-genparam\fR +option) are DH, DSA and EC. .Sp -Note that the algorithm name X9.42 \s-1DH\s0 may be used as a synonym for \s-1DHX\s0 keys and -PKCS#3 refers to \s-1DH\s0 Keys. Some options are not shared between \s-1DH\s0 and \s-1DHX\s0 keys. +Note that the algorithm name X9.42 DH may be used as a synonym for DHX keys and +PKCS#3 refers to DH Keys. Some options are not shared between DH and DHX keys. .IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 .IX Item "-pkeyopt opt:value" Set the public key algorithm option \fIopt\fR to \fIvalue\fR. The precise set of options supported depends on the public key algorithm used and its -implementation. See \*(L"\s-1KEY GENERATION OPTIONS\*(R"\s0 and -\&\*(L"\s-1PARAMETER GENERATION OPTIONS\*(R"\s0 below for more details. -.IP "\fB\-genparam\fR" 4 +implementation. See "KEY GENERATION OPTIONS" and +"PARAMETER GENERATION OPTIONS" below for more details. +.IP \fB\-genparam\fR 4 .IX Item "-genparam" Generate a set of parameters instead of a private key. If used this option must precede any \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options. @@ -220,13 +145,13 @@ algorithm used is determined by the parameters. If used this option must precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR are mutually exclusive. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" Print an (unencrypted) text representation of private and public keys and -parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure. +parameters along with the PEM or DER structure. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -236,82 +161,82 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-config\fR \fIconfigfile\fR" 4 .IX Item "-config configfile" -See \*(L"Configuration Option\*(R" in \fBopenssl\fR\|(1). +See "Configuration Option" in \fBopenssl\fR\|(1). .SH "KEY GENERATION OPTIONS" .IX Header "KEY GENERATION OPTIONS" The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed -below. There are no key generation options defined for the X25519, X448, \s-1ED25519\s0 -or \s-1ED448\s0 algorithms. -.SS "\s-1RSA\s0 Key Generation Options" +below. There are no key generation options defined for the X25519, X448, ED25519 +or ED448 algorithms. +.SS "RSA Key Generation Options" .IX Subsection "RSA Key Generation Options" -.IP "\fBrsa_keygen_bits:numbits\fR" 4 +.IP \fBrsa_keygen_bits:numbits\fR 4 .IX Item "rsa_keygen_bits:numbits" The number of bits in the generated key. If not specified 2048 is used. -.IP "\fBrsa_keygen_primes:numprimes\fR" 4 +.IP \fBrsa_keygen_primes:numprimes\fR 4 .IX Item "rsa_keygen_primes:numprimes" The number of primes in the generated key. If not specified 2 is used. -.IP "\fBrsa_keygen_pubexp:value\fR" 4 +.IP \fBrsa_keygen_pubexp:value\fR 4 .IX Item "rsa_keygen_pubexp:value" -The \s-1RSA\s0 public exponent value. This can be a large decimal or +The RSA public exponent value. This can be a large decimal or hexadecimal value if preceded by \f(CW\*(C`0x\*(C'\fR. Default value is 65537. -.SS "RSA-PSS Key Generation Options" +.SS "RSA\-PSS Key Generation Options" .IX Subsection "RSA-PSS Key Generation Options" -Note: by default an \fBRSA-PSS\fR key has no parameter restrictions. +Note: by default an \fBRSA\-PSS\fR key has no parameter restrictions. .IP "\fBrsa_keygen_bits\fR:\fInumbits\fR, \fBrsa_keygen_primes\fR:\fInumprimes\fR, \fBrsa_keygen_pubexp\fR:\fIvalue\fR" 4 .IX Item "rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, rsa_keygen_pubexp:value" -These options have the same meaning as the \fB\s-1RSA\s0\fR algorithm. -.IP "\fBrsa_pss_keygen_md\fR:\fIdigest\fR" 4 +These options have the same meaning as the \fBRSA\fR algorithm. +.IP \fBrsa_pss_keygen_md\fR:\fIdigest\fR 4 .IX Item "rsa_pss_keygen_md:digest" If set the key is restricted and can only use \fIdigest\fR for signing. -.IP "\fBrsa_pss_keygen_mgf1_md\fR:\fIdigest\fR" 4 +.IP \fBrsa_pss_keygen_mgf1_md\fR:\fIdigest\fR 4 .IX Item "rsa_pss_keygen_mgf1_md:digest" -If set the key is restricted and can only use \fIdigest\fR as it's \s-1MGF1\s0 +If set the key is restricted and can only use \fIdigest\fR as it\*(Aqs MGF1 parameter. -.IP "\fBrsa_pss_keygen_saltlen\fR:\fIlen\fR" 4 +.IP \fBrsa_pss_keygen_saltlen\fR:\fIlen\fR 4 .IX Item "rsa_pss_keygen_saltlen:len" If set the key is restricted and \fIlen\fR specifies the minimum salt length. -.SS "\s-1EC\s0 Key Generation Options" +.SS "EC Key Generation Options" .IX Subsection "EC Key Generation Options" -The \s-1EC\s0 key generation options can also be used for parameter generation. -.IP "\fBec_paramgen_curve\fR:\fIcurve\fR" 4 +The EC key generation options can also be used for parameter generation. +.IP \fBec_paramgen_curve\fR:\fIcurve\fR 4 .IX Item "ec_paramgen_curve:curve" -The \s-1EC\s0 curve to use. OpenSSL supports \s-1NIST\s0 curve names such as \*(L"P\-256\*(R". -.IP "\fBec_param_enc\fR:\fIencoding\fR" 4 +The EC curve to use. OpenSSL supports NIST curve names such as "P\-256". +.IP \fBec_param_enc\fR:\fIencoding\fR 4 .IX Item "ec_param_enc:encoding" The encoding to use for parameters. The \fIencoding\fR parameter must be either \&\fBnamed_curve\fR or \fBexplicit\fR. The default value is \fBnamed_curve\fR. -.SS "\s-1DH\s0 Key Generation Options" +.SS "DH Key Generation Options" .IX Subsection "DH Key Generation Options" -.IP "\fBgroup\fR:\fIname\fR" 4 +.IP \fBgroup\fR:\fIname\fR 4 .IX Item "group:name" The \fBparamfile\fR option is not required if a named group is used here. -See the \*(L"\s-1DH\s0 Parameter Generation Options\*(R" section below. +See the "DH Parameter Generation Options" section below. .SH "PARAMETER GENERATION OPTIONS" .IX Header "PARAMETER GENERATION OPTIONS" The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below. -.SS "\s-1DSA\s0 Parameter Generation Options" +.SS "DSA Parameter Generation Options" .IX Subsection "DSA Parameter Generation Options" -.IP "\fBdsa_paramgen_bits\fR:\fInumbits\fR" 4 +.IP \fBdsa_paramgen_bits\fR:\fInumbits\fR 4 .IX Item "dsa_paramgen_bits:numbits" The number of bits in the generated prime. If not specified 2048 is used. -.IP "\fBdsa_paramgen_q_bits\fR:\fInumbits\fR" 4 +.IP \fBdsa_paramgen_q_bits\fR:\fInumbits\fR 4 .IX Item "dsa_paramgen_q_bits:numbits" .PD 0 -.IP "\fBqbits\fR:\fInumbits\fR" 4 +.IP \fBqbits\fR:\fInumbits\fR 4 .IX Item "qbits:numbits" .PD The number of bits in the q parameter. Must be one of 160, 224 or 256. If not specified 224 is used. -.IP "\fBdsa_paramgen_md\fR:\fIdigest\fR" 4 +.IP \fBdsa_paramgen_md\fR:\fIdigest\fR 4 .IX Item "dsa_paramgen_md:digest" .PD 0 -.IP "\fBdigest\fR:\fIdigest\fR" 4 +.IP \fBdigest\fR:\fIdigest\fR 4 .IX Item "digest:digest" .PD The digest to use during parameter generation. Must be one of \fBsha1\fR, \fBsha224\fR @@ -320,118 +245,113 @@ ignored. If not set, then a digest will be used that gives an output matching the number of bits in \fBq\fR, i.e. \fBsha1\fR if q length is 160, \fBsha224\fR if it 224 or \fBsha256\fR if it is 256. -.IP "\fBproperties\fR:\fIquery\fR" 4 +.IP \fBproperties\fR:\fIquery\fR 4 .IX Item "properties:query" The \fIdigest\fR property \fIquery\fR string to use when fetching a digest from a provider. -.IP "\fBtype\fR:\fItype\fR" 4 +.IP \fBtype\fR:\fItype\fR 4 .IX Item "type:type" -The type of generation to use. Set this to 1 to use legacy \s-1FIPS186\-2\s0 parameter -generation. The default of 0 uses \s-1FIPS186\-4\s0 parameter generation. -.IP "\fBgindex\fR:\fIindex\fR" 4 +The type of generation to use. Set this to 1 to use legacy FIPS186\-2 parameter +generation. The default of 0 uses FIPS186\-4 parameter generation. +.IP \fBgindex\fR:\fIindex\fR 4 .IX Item "gindex:index" The index to use for canonical generation and verification of the generator g. Set this to a positive value ranging from 0..255 to use this mode. Larger values will only use the bottom byte. This \fIindex\fR must then be reused during key validation to verify the value of g. If this value is not set then g is not verifiable. The default value is \-1. -.IP "\fBhexseed\fR:\fIseed\fR" 4 +.IP \fBhexseed\fR:\fIseed\fR 4 .IX Item "hexseed:seed" The seed \fIseed\fR data to use instead of generating a random seed internally. This should be used for testing purposes only. This will either produced fixed -values for the generated parameters \s-1OR\s0 it will fail if the seed did not +values for the generated parameters OR it will fail if the seed did not generate valid primes. -.SS "\s-1DH\s0 Parameter Generation Options" +.SS "DH Parameter Generation Options" .IX Subsection "DH Parameter Generation Options" For most use cases it is recommended to use the \fBgroup\fR option rather than the \fBtype\fR options. Note that the \fBgroup\fR option is not used by default if no parameter generation options are specified. -.IP "\fBgroup\fR:\fIname\fR" 4 +.IP \fBgroup\fR:\fIname\fR 4 .IX Item "group:name" .PD 0 -.IP "\fBdh_param\fR:\fIname\fR" 4 +.IP \fBdh_param\fR:\fIname\fR 4 .IX Item "dh_param:name" .PD -Use a named \s-1DH\s0 group to select constant values for the \s-1DH\s0 parameters. +Use a named DH group to select constant values for the DH parameters. All other options will be ignored if this value is set. .Sp -Valid values that are associated with the \fBalgorithm\fR of \fB\*(L"\s-1DH\*(R"\s0\fR are: -\&\*(L"ffdhe2048\*(R", \*(L"ffdhe3072\*(R", \*(L"ffdhe4096\*(R", \*(L"ffdhe6144\*(R", \*(L"ffdhe8192\*(R", -\&\*(L"modp_1536\*(R", \*(L"modp_2048\*(R", \*(L"modp_3072\*(R", \*(L"modp_4096\*(R", \*(L"modp_6144\*(R", \*(L"modp_8192\*(R". +Valid values that are associated with the \fBalgorithm\fR of \fB"DH"\fR are: +"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", +"modp_1536", "modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192". .Sp -Valid values that are associated with the \fBalgorithm\fR of \fB\*(L"\s-1DHX\*(R"\s0\fR are the -\&\s-1RFC5114\s0 names \*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R", \*(L"dh_2048_256\*(R". -.IP "\fBdh_rfc5114\fR:\fInum\fR" 4 +Valid values that are associated with the \fBalgorithm\fR of \fB"DHX"\fR are the +RFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256". +.IP \fBdh_rfc5114\fR:\fInum\fR 4 .IX Item "dh_rfc5114:num" -If this option is set, then the appropriate \s-1RFC5114\s0 parameters are used +If this option is set, then the appropriate RFC5114 parameters are used instead of generating new parameters. The value \fInum\fR can be one of 1, 2 or 3 that are equivalent to using the option \fBgroup\fR with one of -\&\*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R" or \*(L"dh_2048_256\*(R". +"dh_1024_160", "dh_2048_224" or "dh_2048_256". All other options will be ignored if this value is set. -.IP "\fBpbits\fR:\fInumbits\fR" 4 +.IP \fBpbits\fR:\fInumbits\fR 4 .IX Item "pbits:numbits" .PD 0 -.IP "\fBdh_paramgen_prime_len\fR:\fInumbits\fR" 4 +.IP \fBdh_paramgen_prime_len\fR:\fInumbits\fR 4 .IX Item "dh_paramgen_prime_len:numbits" .PD The number of bits in the prime parameter \fIp\fR. The default is 2048. -.IP "\fBqbits\fR:\fInumbits\fR" 4 +.IP \fBqbits\fR:\fInumbits\fR 4 .IX Item "qbits:numbits" .PD 0 -.IP "\fBdh_paramgen_subprime_len\fR:\fInumbits\fR" 4 +.IP \fBdh_paramgen_subprime_len\fR:\fInumbits\fR 4 .IX Item "dh_paramgen_subprime_len:numbits" .PD The number of bits in the sub prime parameter \fIq\fR. The default is 224. Only relevant if used in conjunction with the \fBdh_paramgen_type\fR option to -generate \s-1DHX\s0 parameters. -.IP "\fBsafeprime-generator\fR:\fIvalue\fR" 4 +generate DHX parameters. +.IP \fBsafeprime\-generator\fR:\fIvalue\fR 4 .IX Item "safeprime-generator:value" .PD 0 -.IP "\fBdh_paramgen_generator\fR:\fIvalue\fR" 4 +.IP \fBdh_paramgen_generator\fR:\fIvalue\fR 4 .IX Item "dh_paramgen_generator:value" .PD The value to use for the generator \fIg\fR. The default is 2. -The \fBalgorithm\fR option must be \fB\*(L"\s-1DH\*(R"\s0\fR for this parameter to be used. -.IP "\fBtype\fR:\fIstring\fR" 4 +The \fBalgorithm\fR option must be \fB"DH"\fR for this parameter to be used. +.IP \fBtype\fR:\fIstring\fR 4 .IX Item "type:string" -The type name of \s-1DH\s0 parameters to generate. Valid values are: +The type name of DH parameters to generate. Valid values are: .RS 4 -.ie n .IP """generator""" 4 -.el .IP "``generator''" 4 -.IX Item "generator" +.IP """generator""" 4 +.IX Item """generator""" Use a safe prime generator with the option \fBsafeprime_generator\fR -The \fBalgorithm\fR option must be \fB\*(L"\s-1DH\*(R"\s0\fR. -.ie n .IP """fips186_4""" 4 -.el .IP "``fips186_4''" 4 -.IX Item "fips186_4" -\&\s-1FIPS186\-4\s0 parameter generation. -The \fBalgorithm\fR option must be \fB\*(L"\s-1DHX\*(R"\s0\fR. -.ie n .IP """fips186_2""" 4 -.el .IP "``fips186_2''" 4 -.IX Item "fips186_2" -\&\s-1FIPS186\-4\s0 parameter generation. -The \fBalgorithm\fR option must be \fB\*(L"\s-1DHX\*(R"\s0\fR. -.ie n .IP """group""" 4 -.el .IP "``group''" 4 -.IX Item "group" +The \fBalgorithm\fR option must be \fB"DH"\fR. +.IP """fips186_4""" 4 +.IX Item """fips186_4""" +FIPS186\-4 parameter generation. +The \fBalgorithm\fR option must be \fB"DHX"\fR. +.IP """fips186_2""" 4 +.IX Item """fips186_2""" +FIPS186\-4 parameter generation. +The \fBalgorithm\fR option must be \fB"DHX"\fR. +.IP """group""" 4 +.IX Item """group""" Can be used with the option \fBpbits\fR to select one of -\&\*(L"ffdhe2048\*(R", \*(L"ffdhe3072\*(R", \*(L"ffdhe4096\*(R", \*(L"ffdhe6144\*(R" or \*(L"ffdhe8192\*(R". -The \fBalgorithm\fR option must be \fB\*(L"\s-1DH\*(R"\s0\fR. -.ie n .IP """default""" 4 -.el .IP "``default''" 4 -.IX Item "default" +"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144" or "ffdhe8192". +The \fBalgorithm\fR option must be \fB"DH"\fR. +.IP """default""" 4 +.IX Item """default""" Selects a default type based on the \fBalgorithm\fR. This is used by the OpenSSL default provider to set the type for backwards compatibility. -If \fBalgorithm\fR is \fB\*(L"\s-1DH\*(R"\s0\fR then \fB\*(L"generator\*(R"\fR is used. -If \fBalgorithm\fR is \fB\*(L"\s-1DHX\*(R"\s0\fR then \fB\*(L"fips186_2\*(R"\fR is used. +If \fBalgorithm\fR is \fB"DH"\fR then \fB"generator"\fR is used. +If \fBalgorithm\fR is \fB"DHX"\fR then \fB"fips186_2"\fR is used. .RE .RS 4 .RE -.IP "\fBdh_paramgen_type\fR:\fIvalue\fR" 4 +.IP \fBdh_paramgen_type\fR:\fIvalue\fR 4 .IX Item "dh_paramgen_type:value" -The type of \s-1DH\s0 parameters to generate. Valid values are 0, 1, 2 or 3 +The type of DH parameters to generate. Valid values are 0, 1, 2 or 3 which correspond to setting the option \fBtype\fR to -\&\*(L"generator\*(R", \*(L"fips186_2\*(R", \*(L"fips186_4\*(R" or \*(L"group\*(R". -.IP "\fBdigest\fR:\fIdigest\fR" 4 +"generator", "fips186_2", "fips186_4" or "group". +.IP \fBdigest\fR:\fIdigest\fR 4 .IX Item "digest:digest" The digest to use during parameter generation. Must be one of \fBsha1\fR, \fBsha224\fR or \fBsha256\fR. If set, then the number of bits in \fBqbits\fR will match the output @@ -439,57 +359,57 @@ ignored. If not set, then a digest will be used that gives an output matching the number of bits in \fBq\fR, i.e. \fBsha1\fR if q length is 160, \fBsha224\fR if it is 224 or \fBsha256\fR if it is 256. -This is only used by \*(L"fips186_4\*(R" and \*(L"fips186_2\*(R" key generation. -.IP "\fBproperties\fR:\fIquery\fR" 4 +This is only used by "fips186_4" and "fips186_2" key generation. +.IP \fBproperties\fR:\fIquery\fR 4 .IX Item "properties:query" The \fIdigest\fR property \fIquery\fR string to use when fetching a digest from a provider. -This is only used by \*(L"fips186_4\*(R" and \*(L"fips186_2\*(R" key generation. -.IP "\fBgindex\fR:\fIindex\fR" 4 +This is only used by "fips186_4" and "fips186_2" key generation. +.IP \fBgindex\fR:\fIindex\fR 4 .IX Item "gindex:index" The index to use for canonical generation and verification of the generator g. Set this to a positive value ranging from 0..255 to use this mode. Larger values will only use the bottom byte. This \fIindex\fR must then be reused during key validation to verify the value of g. If this value is not set then g is not verifiable. The default value is \-1. -This is only used by \*(L"fips186_4\*(R" and \*(L"fips186_2\*(R" key generation. -.IP "\fBhexseed\fR:\fIseed\fR" 4 +This is only used by "fips186_4" and "fips186_2" key generation. +.IP \fBhexseed\fR:\fIseed\fR 4 .IX Item "hexseed:seed" The seed \fIseed\fR data to use instead of generating a random seed internally. This should be used for testing purposes only. This will either produced fixed -values for the generated parameters \s-1OR\s0 it will fail if the seed did not +values for the generated parameters OR it will fail if the seed did not generate valid primes. -This is only used by \*(L"fips186_4\*(R" and \*(L"fips186_2\*(R" key generation. -.SS "\s-1EC\s0 Parameter Generation Options" +This is only used by "fips186_4" and "fips186_2" key generation. +.SS "EC Parameter Generation Options" .IX Subsection "EC Parameter Generation Options" -The \s-1EC\s0 parameter generation options are the same as for key generation. See -\&\*(L"\s-1EC\s0 Key Generation Options\*(R" above. -.SH "NOTES" +The EC parameter generation options are the same as for key generation. See +"EC Key Generation Options" above. +.SH NOTES .IX Header "NOTES" The use of the genpkey program is encouraged over the algorithm specific -utilities because additional algorithm options and \s-1ENGINE\s0 provided algorithms +utilities because additional algorithm options and ENGINE provided algorithms can be used. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Generate an \s-1RSA\s0 private key using default parameters: +Generate an RSA private key using default parameters: .PP .Vb 1 \& openssl genpkey \-algorithm RSA \-out key.pem .Ve .PP -Encrypt output private key using 128 bit \s-1AES\s0 and the passphrase \*(L"hello\*(R": +Encrypt output private key using 128 bit AES and the passphrase "hello": .PP .Vb 1 \& openssl genpkey \-algorithm RSA \-out key.pem \-aes\-128\-cbc \-pass pass:hello .Ve .PP -Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent: +Generate a 2048 bit RSA key using 3 as the public exponent: .PP .Vb 2 \& openssl genpkey \-algorithm RSA \-out key.pem \e \& \-pkeyopt rsa_keygen_bits:2048 \-pkeyopt rsa_keygen_pubexp:3 .Ve .PP -Generate 2048 bit \s-1DSA\s0 parameters that can be validated: The output values for +Generate 2048 bit DSA parameters that can be validated: The output values for gindex and seed are required for key validation purposes and are not saved to the output pem file). .PP @@ -498,43 +418,43 @@ \& \-pkeyopt qbits:224 \-pkeyopt digest:SHA256 \-pkeyopt gindex:1 \-text .Ve .PP -Generate \s-1DSA\s0 key from parameters: +Generate DSA key from parameters: .PP .Vb 1 \& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem .Ve .PP -Generate 4096 bit \s-1DH\s0 Key using safe prime group ffdhe4096: +Generate 4096 bit DH Key using safe prime group ffdhe4096: .PP .Vb 1 \& openssl genpkey \-algorithm DH \-out dhkey.pem \-pkeyopt group:ffdhe4096 .Ve .PP -Generate 2048 bit X9.42 \s-1DH\s0 key with 256 bit subgroup using \s-1RFC5114\s0 group3: +Generate 2048 bit X9.42 DH key with 256 bit subgroup using RFC5114 group3: .PP .Vb 1 \& openssl genpkey \-algorithm DHX \-out dhkey.pem \-pkeyopt dh_rfc5114:3 .Ve .PP -Generate a \s-1DH\s0 key using a \s-1DH\s0 parameters file: +Generate a DH key using a DH parameters file: .PP .Vb 1 \& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem .Ve .PP -Output \s-1DH\s0 parameters for safe prime group ffdhe2048: +Output DH parameters for safe prime group ffdhe2048: .PP .Vb 1 \& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \-pkeyopt group:ffdhe2048 .Ve .PP -Output 2048 bit X9.42 \s-1DH\s0 parameters with 224 bit subgroup using \s-1RFC5114\s0 group2: +Output 2048 bit X9.42 DH parameters with 224 bit subgroup using RFC5114 group2: .PP .Vb 1 \& openssl genpkey \-genparam \-algorithm DHX \-out dhp.pem \-pkeyopt dh_rfc5114:2 .Ve .PP -Output 2048 bit X9.42 \s-1DH\s0 parameters with 224 bit subgroup using \s-1FIP186\-4\s0 keygen: +Output 2048 bit X9.42 DH parameters with 224 bit subgroup using FIP186\-4 keygen: .PP .Vb 3 \& openssl genpkey \-genparam \-algorithm DHX \-out dhp.pem \-text \e @@ -542,7 +462,7 @@ \& \-pkeyopt gindex:1 \-pkeyopt dh_paramgen_type:2 .Ve .PP -Output 1024 bit X9.42 \s-1DH\s0 parameters with 160 bit subgroup using \s-1FIP186\-2\s0 keygen: +Output 1024 bit X9.42 DH parameters with 160 bit subgroup using FIP186\-2 keygen: .PP .Vb 3 \& openssl genpkey \-genparam \-algorithm DHX \-out dhp.pem \-text \e @@ -550,14 +470,14 @@ \& \-pkeyopt gindex:1 \-pkeyopt dh_paramgen_type:1 .Ve .PP -Output 2048 bit \s-1DH\s0 parameters: +Output 2048 bit DH parameters: .PP .Vb 2 \& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e \& \-pkeyopt dh_paramgen_prime_len:2048 .Ve .PP -Output 2048 bit \s-1DH\s0 parameters using a generator: +Output 2048 bit DH parameters using a generator: .PP .Vb 3 \& openssl genpkey \-genparam \-algorithm DH \-out dhpx.pem \e @@ -565,7 +485,7 @@ \& \-pkeyopt dh_paramgen_type:1 .Ve .PP -Generate \s-1EC\s0 parameters: +Generate EC parameters: .PP .Vb 3 \& openssl genpkey \-genparam \-algorithm EC \-out ecp.pem \e @@ -573,13 +493,13 @@ \& \-pkeyopt ec_param_enc:named_curve .Ve .PP -Generate \s-1EC\s0 key from parameters: +Generate EC key from parameters: .PP .Vb 1 \& openssl genpkey \-paramfile ecp.pem \-out eckey.pem .Ve .PP -Generate \s-1EC\s0 key directly: +Generate EC key directly: .PP .Vb 3 \& openssl genpkey \-algorithm EC \-out eckey.pem \e @@ -593,24 +513,24 @@ \& openssl genpkey \-algorithm X25519 \-out xkey.pem .Ve .PP -Generate an \s-1ED448\s0 private key: +Generate an ED448 private key: .PP .Vb 1 \& openssl genpkey \-algorithm ED448 \-out xkey.pem .Ve -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly, +The ability to use NIST curve names, and to generate an EC key directly, were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in OpenSSL 1.1.0. -The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1. +The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-genrsa.1.orig +++ secure/usr.bin/openssl/man/openssl-genrsa.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-GENRSA 1ossl" -.TH OPENSSL-GENRSA 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-GENRSA 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-genrsa \- generate an RSA private key -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBgenrsa\fR [\fB\-help\fR] @@ -171,12 +96,12 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fBnumbits\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command generates an \s-1RSA\s0 private key. -.SH "OPTIONS" +This command generates an RSA private key. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-out\fR \fIfilename\fR" 4 @@ -199,22 +124,22 @@ The \fB\-3\fR option has been deprecated. .IP "\fB\-primes\fR \fInum\fR" 4 .IX Item "-primes num" -Specify the number of primes to use while generating the \s-1RSA\s0 key. The \fInum\fR +Specify the number of primes to use while generating the RSA key. The \fInum\fR parameter must be a positive integer that is greater than 1 and less than 16. -If \fInum\fR is greater than 2, then the generated key is called a 'multi\-prime' -\&\s-1RSA\s0 key, which is defined in \s-1RFC 8017.\s0 -.IP "\fB\-verbose\fR" 4 +If \fInum\fR is greater than 2, then the generated key is called a \*(Aqmulti\-prime\*(Aq +RSA key, which is defined in RFC 8017. +.IP \fB\-verbose\fR 4 .IX Item "-verbose" Print extra details about the operations being performed. -.IP "\fB\-traditional\fR" 4 +.IP \fB\-traditional\fR 4 .IX Item "-traditional" Write the key using the traditional PKCS#1 format instead of the PKCS#8 format. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -224,18 +149,18 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.IP "\fBnumbits\fR" 4 +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.IP \fBnumbits\fR 4 .IX Item "numbits" The size of the private key to generate in bits. This must be the last option specified. The default is 2048 and values less than 512 are not allowed. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -\&\s-1RSA\s0 private key generation essentially involves the generation of two or more +RSA private key generation essentially involves the generation of two or more prime numbers. When generating a private key various symbols will be output to indicate the progress of the generation. A \fB.\fR represents each number which has passed an initial sieve test, \fB+\fR means a number has passed a single -round of the Miller-Rabin primality test, \fB*\fR means the current prime starts +round of the Miller\-Rabin primality test, \fB*\fR means the current prime starts a regenerating progress due to some failed tests. A newline means that the number has passed all the prime tests (the actual number depends on the key size). .PP @@ -247,11 +172,11 @@ \&\fBopenssl\fR\|(1), \&\fBopenssl\-genpkey\fR\|(1), \&\fBopenssl\-gendsa\fR\|(1) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-info.1.orig +++ secure/usr.bin/openssl/man/openssl-info.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-INFO 1ossl" -.TH OPENSSL-INFO 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-INFO 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-info \- print OpenSSL built\-in information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl info\fR [\fB\-help\fR] @@ -152,7 +77,7 @@ [\fB\-listsep\fR] [\fB\-seeds\fR] [\fB\-cpusettings\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command is used to print out information about OpenSSL. The information is written exactly as it is with no extra text, which @@ -160,49 +85,49 @@ .PP As a consequence, only one item may be chosen for each run of this command. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-configdir\fR" 4 +.IP \fB\-configdir\fR 4 .IX Item "-configdir" Outputs the default directory for OpenSSL configuration files. -.IP "\fB\-enginesdir\fR" 4 +.IP \fB\-enginesdir\fR 4 .IX Item "-enginesdir" Outputs the default directory for OpenSSL engine modules. -.IP "\fB\-modulesdir\fR" 4 +.IP \fB\-modulesdir\fR 4 .IX Item "-modulesdir" Outputs the default directory for OpenSSL dynamically loadable modules other than engine modules. -.IP "\fB\-dsoext\fR" 4 +.IP \fB\-dsoext\fR 4 .IX Item "-dsoext" -Outputs the \s-1DSO\s0 extension OpenSSL uses. -.IP "\fB\-dirnamesep\fR" 4 +Outputs the DSO extension OpenSSL uses. +.IP \fB\-dirnamesep\fR 4 .IX Item "-dirnamesep" Outputs the separator character between a directory specification and a filename. Note that on some operating systems, this is not the same as the separator between directory elements. -.IP "\fB\-listsep\fR" 4 +.IP \fB\-listsep\fR 4 .IX Item "-listsep" Outputs the OpenSSL list separator character. This is typically used to construct \f(CW$PATH\fR (\f(CW\*(C`%PATH%\*(C'\fR on Windows) style lists. -.IP "\fB\-seeds\fR" 4 +.IP \fB\-seeds\fR 4 .IX Item "-seeds" Outputs the randomness seed sources. -.IP "\fB\-cpusettings\fR" 4 +.IP \fB\-cpusettings\fR 4 .IX Item "-cpusettings" -Outputs the OpenSSL \s-1CPU\s0 settings info. -.SH "HISTORY" +Outputs the OpenSSL CPU settings info. +.SH HISTORY .IX Header "HISTORY" This command was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-kdf.1.orig +++ secure/usr.bin/openssl/man/openssl-kdf.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-KDF 1ossl" -.TH OPENSSL-KDF 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-KDF 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-kdf \- perform Key Derivation Function operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl kdf\fR [\fB\-help\fR] @@ -155,13 +80,13 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] \&\fIkdf_name\fR -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" The key derivation functions generate a derived key from either a secret or password. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print a usage message. .IP "\fB\-keylen\fR \fInum\fR" 4 @@ -170,80 +95,80 @@ .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" Filename to output to, or standard output by default. -.IP "\fB\-binary\fR" 4 +.IP \fB\-binary\fR 4 .IX Item "-binary" Output the derived key in binary form. Uses hexadecimal text format if not specified. .IP "\fB\-cipher\fR \fIname\fR" 4 .IX Item "-cipher name" -Specify the cipher to be used by the \s-1KDF.\s0 +Specify the cipher to be used by the KDF. Not all KDFs require a cipher and it is an error to use this option in such cases. .IP "\fB\-digest\fR \fIname\fR" 4 .IX Item "-digest name" -Specify the digest to be used by the \s-1KDF.\s0 +Specify the digest to be used by the KDF. Not all KDFs require a digest and it is an error to use this option in such cases. To see the list of supported digests, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR. .IP "\fB\-mac\fR \fIname\fR" 4 .IX Item "-mac name" -Specify the \s-1MAC\s0 to be used by the \s-1KDF.\s0 -Not all KDFs require a \s-1MAC\s0 and it is an error to use this option in such +Specify the MAC to be used by the KDF. +Not all KDFs require a MAC and it is an error to use this option in such cases. .IP "\fB\-kdfopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-kdfopt nm:v" -Passes options to the \s-1KDF\s0 algorithm. -A comprehensive list of parameters can be found in \*(L"\s-1PARAMETERS\*(R"\s0 in \s-1\fBEVP_KDF\s0\fR\|(3). +Passes options to the KDF algorithm. +A comprehensive list of parameters can be found in "PARAMETERS" in \fBEVP_KDF\fR\|(3). Common parameter names used by \fBEVP_KDF_CTX_set_params()\fR are: .RS 4 -.IP "\fBkey:\fR\fIstring\fR" 4 +.IP \fBkey:\fR\fIstring\fR 4 .IX Item "key:string" Specifies the secret key as an alphanumeric string (use if the key contains printable characters only). -The string length must conform to any restrictions of the \s-1KDF\s0 algorithm. -A key must be specified for most \s-1KDF\s0 algorithms. -.IP "\fBhexkey:\fR\fIstring\fR" 4 +The string length must conform to any restrictions of the KDF algorithm. +A key must be specified for most KDF algorithms. +.IP \fBhexkey:\fR\fIstring\fR 4 .IX Item "hexkey:string" Alternative to the \fBkey:\fR option where the secret key is specified in hexadecimal form (two hex digits per byte). -.IP "\fBpass:\fR\fIstring\fR" 4 +.IP \fBpass:\fR\fIstring\fR 4 .IX Item "pass:string" Specifies the password as an alphanumeric string (use if the password contains printable characters only). -The password must be specified for \s-1PBKDF2\s0 and scrypt. -.IP "\fBhexpass:\fR\fIstring\fR" 4 +The password must be specified for PBKDF2 and scrypt. +.IP \fBhexpass:\fR\fIstring\fR 4 .IX Item "hexpass:string" Alternative to the \fBpass:\fR option where the password is specified in hexadecimal form (two hex digits per byte). -.IP "\fBsalt:\fR\fIstring\fR" 4 +.IP \fBsalt:\fR\fIstring\fR 4 .IX Item "salt:string" -Specifies a non-secret unique cryptographic salt as an alphanumeric string +Specifies a non\-secret unique cryptographic salt as an alphanumeric string (use if it contains printable characters only). -The length must conform to any restrictions of the \s-1KDF\s0 algorithm. -A salt parameter is required for several \s-1KDF\s0 algorithms, -such as \s-1\fBEVP_KDF\-PBKDF2\s0\fR\|(7). -.IP "\fBhexsalt:\fR\fIstring\fR" 4 +The length must conform to any restrictions of the KDF algorithm. +A salt parameter is required for several KDF algorithms, +such as \fBEVP_KDF\-PBKDF2\fR\|(7). +.IP \fBhexsalt:\fR\fIstring\fR 4 .IX Item "hexsalt:string" Alternative to the \fBsalt:\fR option where the salt is specified in hexadecimal form (two hex digits per byte). -.IP "\fBinfo:\fR\fIstring\fR" 4 +.IP \fBinfo:\fR\fIstring\fR 4 .IX Item "info:string" -Some \s-1KDF\s0 implementations, such as \s-1\fBEVP_KDF\-HKDF\s0\fR\|(7), take an 'info' parameter +Some KDF implementations, such as \fBEVP_KDF\-HKDF\fR\|(7), take an \*(Aqinfo\*(Aq parameter for binding the derived key material -to application\- and context-specific information. +to application\- and context\-specific information. Specifies the info, fixed info, other info or shared info argument as an alphanumeric string (use if it contains printable characters only). -The length must conform to any restrictions of the \s-1KDF\s0 algorithm. -.IP "\fBhexinfo:\fR\fIstring\fR" 4 +The length must conform to any restrictions of the KDF algorithm. +.IP \fBhexinfo:\fR\fIstring\fR 4 .IX Item "hexinfo:string" Alternative to the \fBinfo:\fR option where the info is specified in hexadecimal form (two hex digits per byte). -.IP "\fBdigest:\fR\fIstring\fR" 4 +.IP \fBdigest:\fR\fIstring\fR 4 .IX Item "digest:string" This option is identical to the \fB\-digest\fR option. -.IP "\fBcipher:\fR\fIstring\fR" 4 +.IP \fBcipher:\fR\fIstring\fR 4 .IX Item "cipher:string" This option is identical to the \fB\-cipher\fR option. -.IP "\fBmac:\fR\fIstring\fR" 4 +.IP \fBmac:\fR\fIstring\fR 4 .IX Item "mac:string" This option is identical to the \fB\-mac\fR option. .RE @@ -257,29 +182,29 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.IP "\fIkdf_name\fR" 4 +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.IP \fIkdf_name\fR 4 .IX Item "kdf_name" -Specifies the name of a supported \s-1KDF\s0 algorithm which will be used. -The supported algorithms names include \s-1TLS1\-PRF, HKDF, SSKDF, PBKDF2, -SSHKDF, X942KDF\-ASN1, X942KDF\-CONCAT, X963KDF\s0 and \s-1SCRYPT.\s0 -.SH "EXAMPLES" +Specifies the name of a supported KDF algorithm which will be used. +The supported algorithms names include TLS1\-PRF, HKDF, SSKDF, PBKDF2, +SSHKDF, X942KDF\-ASN1, X942KDF\-CONCAT, X963KDF and SCRYPT. +.SH EXAMPLES .IX Header "EXAMPLES" -Use \s-1TLS1\-PRF\s0 to create a hex-encoded derived key from a secret key and seed: +Use TLS1\-PRF to create a hex\-encoded derived key from a secret key and seed: .PP .Vb 2 \& openssl kdf \-keylen 16 \-kdfopt digest:SHA2\-256 \-kdfopt key:secret \e \& \-kdfopt seed:seed TLS1\-PRF .Ve .PP -Use \s-1HKDF\s0 to create a hex-encoded derived key from a secret key, salt and info: +Use HKDF to create a hex\-encoded derived key from a secret key, salt and info: .PP .Vb 2 \& openssl kdf \-keylen 10 \-kdfopt digest:SHA2\-256 \-kdfopt key:secret \e \& \-kdfopt salt:salt \-kdfopt info:label HKDF .Ve .PP -Use \s-1SSKDF\s0 with \s-1KMAC\s0 to create a hex-encoded derived key from a secret key, salt and info: +Use SSKDF with KMAC to create a hex\-encoded derived key from a secret key, salt and info: .PP .Vb 3 \& openssl kdf \-keylen 64 \-kdfopt mac:KMAC\-128 \-kdfopt maclen:20 \e @@ -287,7 +212,7 @@ \& \-kdfopt hexsalt:3638271ccd68a2 SSKDF .Ve .PP -Use \s-1SSKDF\s0 with \s-1HMAC\s0 to create a hex-encoded derived key from a secret key, salt and info: +Use SSKDF with HMAC to create a hex\-encoded derived key from a secret key, salt and info: .PP .Vb 3 \& openssl kdf \-keylen 16 \-kdfopt mac:HMAC \-kdfopt digest:SHA2\-256 \e @@ -295,7 +220,7 @@ \& \-kdfopt hexsalt:3638271c SSKDF .Ve .PP -Use \s-1SSKDF\s0 with Hash to create a hex-encoded derived key from a secret key, salt and info: +Use SSKDF with Hash to create a hex\-encoded derived key from a secret key, salt and info: .PP .Vb 3 \& openssl kdf \-keylen 14 \-kdfopt digest:SHA2\-256 \e @@ -303,7 +228,7 @@ \& \-kdfopt hexinfo:a1b2c3d4 SSKDF .Ve .PP -Use \s-1SSHKDF\s0 to create a hex-encoded derived key from a secret key, hash and session_id: +Use SSHKDF to create a hex\-encoded derived key from a secret key, hash and session_id: .PP .Vb 5 \& openssl kdf \-keylen 16 \-kdfopt digest:SHA2\-256 \e @@ -313,46 +238,46 @@ \& \-kdfopt type:A SSHKDF .Ve .PP -Use \s-1PBKDF2\s0 to create a hex-encoded derived key from a password and salt: +Use PBKDF2 to create a hex\-encoded derived key from a password and salt: .PP .Vb 2 \& openssl kdf \-keylen 32 \-kdfopt digest:SHA256 \-kdfopt pass:password \e \& \-kdfopt salt:salt \-kdfopt iter:2 PBKDF2 .Ve .PP -Use scrypt to create a hex-encoded derived key from a password and salt: +Use scrypt to create a hex\-encoded derived key from a password and salt: .PP .Vb 3 \& openssl kdf \-keylen 64 \-kdfopt pass:password \-kdfopt salt:NaCl \e \& \-kdfopt n:1024 \-kdfopt r:8 \-kdfopt p:16 \e \& \-kdfopt maxmem_bytes:10485760 SCRYPT .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \s-1KDF\s0 mechanisms that are available will depend on the options +The KDF mechanisms that are available will depend on the options used when building OpenSSL. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), \&\fBopenssl\-pkeyutl\fR\|(1), -\&\s-1\fBEVP_KDF\s0\fR\|(3), -\&\s-1\fBEVP_KDF\-SCRYPT\s0\fR\|(7), -\&\s-1\fBEVP_KDF\-TLS1_PRF\s0\fR\|(7), -\&\s-1\fBEVP_KDF\-PBKDF2\s0\fR\|(7), -\&\s-1\fBEVP_KDF\-HKDF\s0\fR\|(7), -\&\s-1\fBEVP_KDF\-SS\s0\fR\|(7), -\&\s-1\fBEVP_KDF\-SSHKDF\s0\fR\|(7), -\&\s-1\fBEVP_KDF\-X942\-ASN1\s0\fR\|(7), -\&\s-1\fBEVP_KDF\-X942\-CONCAT\s0\fR\|(7), -\&\s-1\fBEVP_KDF\-X963\s0\fR\|(7) -.SH "HISTORY" +\&\fBEVP_KDF\fR\|(3), +\&\fBEVP_KDF\-SCRYPT\fR\|(7), +\&\fBEVP_KDF\-TLS1_PRF\fR\|(7), +\&\fBEVP_KDF\-PBKDF2\fR\|(7), +\&\fBEVP_KDF\-HKDF\fR\|(7), +\&\fBEVP_KDF\-SS\fR\|(7), +\&\fBEVP_KDF\-SSHKDF\fR\|(7), +\&\fBEVP_KDF\-X942\-ASN1\fR\|(7), +\&\fBEVP_KDF\-X942\-CONCAT\fR\|(7), +\&\fBEVP_KDF\-X963\fR\|(7) +.SH HISTORY .IX Header "HISTORY" Added in OpenSSL 3.0 -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-list.1.orig +++ secure/usr.bin/openssl/man/openssl-list.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-LIST 1ossl" -.TH OPENSSL-LIST 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-LIST 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-list \- list algorithms and features -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl list\fR [\fB\-help\fR] @@ -175,126 +100,126 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command is used to generate list of algorithms or disabled features. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Display a usage message. -.IP "\fB\-verbose\fR" 4 +.IP \fB\-verbose\fR 4 .IX Item "-verbose" Displays extra information. The options below where verbosity applies say a bit more about what that means. .IP "\fB\-select\fR \fIname\fR" 4 .IX Item "-select name" Only list algorithms that match this name. -.IP "\fB\-1\fR" 4 +.IP \fB\-1\fR 4 .IX Item "-1" -List the commands, digest-commands, or cipher-commands in a single column. +List the commands, digest\-commands, or cipher\-commands in a single column. If used, this option must be given first. -.IP "\fB\-commands\fR" 4 +.IP \fB\-commands\fR 4 .IX Item "-commands" Display a list of standard commands. -.IP "\fB\-standard\-commands\fR" 4 +.IP \fB\-standard\-commands\fR 4 .IX Item "-standard-commands" List of standard commands. -.IP "\fB\-digest\-commands\fR" 4 +.IP \fB\-digest\-commands\fR 4 .IX Item "-digest-commands" -This option is deprecated. Use \fBdigest-algorithms\fR instead. +This option is deprecated. Use \fBdigest\-algorithms\fR instead. .Sp Display a list of message digest commands, which are typically used as input to the \fBopenssl\-dgst\fR\|(1) or \fBopenssl\-speed\fR\|(1) commands. -.IP "\fB\-cipher\-commands\fR" 4 +.IP \fB\-cipher\-commands\fR 4 .IX Item "-cipher-commands" -This option is deprecated. Use \fBcipher-algorithms\fR instead. +This option is deprecated. Use \fBcipher\-algorithms\fR instead. .Sp Display a list of cipher commands, which are typically used as input to the \fBopenssl\-enc\fR\|(1) or \fBopenssl\-speed\fR\|(1) commands. .IP "\fB\-cipher\-algorithms\fR, \fB\-digest\-algorithms\fR, \fB\-kdf\-algorithms\fR, \fB\-mac\-algorithms\fR," 4 .IX Item "-cipher-algorithms, -digest-algorithms, -kdf-algorithms, -mac-algorithms," Display a list of symmetric cipher, digest, kdf and mac algorithms. -See \*(L"Display of algorithm names\*(R" for a description of how names are +See "Display of algorithm names" for a description of how names are displayed. .Sp In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. -.IP "\fB\-random\-instances\fR" 4 +.IP \fB\-random\-instances\fR 4 .IX Item "-random-instances" List the primary, public and private random number generator details. -.IP "\fB\-random\-generators\fR" 4 +.IP \fB\-random\-generators\fR 4 .IX Item "-random-generators" Display a list of random number generators. -See \*(L"Display of algorithm names\*(R" for a description of how names are +See "Display of algorithm names" for a description of how names are displayed. -.IP "\fB\-encoders\fR" 4 +.IP \fB\-encoders\fR 4 .IX Item "-encoders" Display a list of encoders. -See \*(L"Display of algorithm names\*(R" for a description of how names are +See "Display of algorithm names" for a description of how names are displayed. .Sp In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. -.IP "\fB\-decoders\fR" 4 +.IP \fB\-decoders\fR 4 .IX Item "-decoders" Display a list of decoders. -See \*(L"Display of algorithm names\*(R" for a description of how names are +See "Display of algorithm names" for a description of how names are displayed. .Sp In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. -.IP "\fB\-public\-key\-algorithms\fR" 4 +.IP \fB\-public\-key\-algorithms\fR 4 .IX Item "-public-key-algorithms" Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented. -The options \fBkey-exchange-algorithms\fR, \fBkem-algorithms\fR, -\&\fBsignature-algorithms\fR, and \fBasymcipher-algorithms\fR will display similar info. -.IP "\fB\-public\-key\-methods\fR" 4 +The options \fBkey\-exchange\-algorithms\fR, \fBkem\-algorithms\fR, +\&\fBsignature\-algorithms\fR, and \fBasymcipher\-algorithms\fR will display similar info. +.IP \fB\-public\-key\-methods\fR 4 .IX Item "-public-key-methods" Display a list of public key methods. -.IP "\fB\-key\-managers\fR" 4 +.IP \fB\-key\-managers\fR 4 .IX Item "-key-managers" Display a list of key managers. -.IP "\fB\-key\-exchange\-algorithms\fR" 4 +.IP \fB\-key\-exchange\-algorithms\fR 4 .IX Item "-key-exchange-algorithms" Display a list of key exchange algorithms. -.IP "\fB\-kem\-algorithms\fR" 4 +.IP \fB\-kem\-algorithms\fR 4 .IX Item "-kem-algorithms" Display a list of key encapsulation algorithms. -.IP "\fB\-signature\-algorithms\fR" 4 +.IP \fB\-signature\-algorithms\fR 4 .IX Item "-signature-algorithms" Display a list of signature algorithms. -.IP "\fB\-asymcipher\-algorithms\fR" 4 +.IP \fB\-asymcipher\-algorithms\fR 4 .IX Item "-asymcipher-algorithms" Display a list of asymmetric cipher algorithms. -.IP "\fB\-store\-loaders\fR" 4 +.IP \fB\-store\-loaders\fR 4 .IX Item "-store-loaders" Display a list of store loaders. -.IP "\fB\-providers\fR" 4 +.IP \fB\-providers\fR 4 .IX Item "-providers" Display a list of all loaded providers with their names, version and status. .Sp In verbose mode, the full version and all provider parameters will additionally be displayed. -.IP "\fB\-engines\fR" 4 +.IP \fB\-engines\fR 4 .IX Item "-engines" This option is deprecated. .Sp Display a list of loaded engines. -.IP "\fB\-disabled\fR" 4 +.IP \fB\-disabled\fR 4 .IX Item "-disabled" Display a list of disabled features, those that were compiled out of the installation. -.IP "\fB\-objects\fR" 4 +.IP \fB\-objects\fR 4 .IX Item "-objects" -Display a list of built in objects, i.e. OIDs with names. They're listed in the -format described in \*(L"\s-1ASN1\s0 Object Configuration Module\*(R" in \fBconfig\fR\|(5). +Display a list of built in objects, i.e. OIDs with names. They\*(Aqre listed in the +format described in "ASN1 Object Configuration Module" in \fBconfig\fR\|(5). .IP "\fB\-options\fR \fIcommand\fR" 4 .IX Item "-options command" -Output a two-column list of the options accepted by the specified \fIcommand\fR. -The first is the option name, and the second is a one-character indication +Output a two\-column list of the options accepted by the specified \fIcommand\fR. +The first is the option name, and the second is a one\-character indication of what type of parameter it takes, if any. This is an internal option, used for checking that the documentation is complete. @@ -306,7 +231,7 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SS "Display of algorithm names" .IX Subsection "Display of algorithm names" Algorithm names may be displayed in one of two manners: @@ -324,22 +249,22 @@ \& foo @ bar .Ve .Sp -or like this if it's labeled with multiple names: +or like this if it\*(Aqs labeled with multiple names: .Sp .Vb 1 \& { foo1, foo2 } @bar .Ve .Sp In both cases, \f(CW\*(C`bar\*(C'\fR is the name of the provider. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engines\fR, \fB\-digest\-commands\fR, and \fB\-cipher\-commands\fR options were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-mac.1.orig +++ secure/usr.bin/openssl/man/openssl-mac.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-MAC 1ossl" -.TH OPENSSL-MAC 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-MAC 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-mac \- perform Message Authentication Code operations -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl mac\fR [\fB\-help\fR] @@ -154,75 +79,75 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] \&\fImac_name\fR -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The message authentication code functions output the \s-1MAC\s0 of a supplied input +The message authentication code functions output the MAC of a supplied input file. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print a usage message. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" -Input filename to calculate a \s-1MAC\s0 for, or standard input by default. -Standard input is used if the filename is '\-'. +Input filename to calculate a MAC for, or standard input by default. +Standard input is used if the filename is \*(Aq\-\*(Aq. Files and standard input are expected to be in binary format. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" Filename to output to, or standard output by default. -.IP "\fB\-binary\fR" 4 +.IP \fB\-binary\fR 4 .IX Item "-binary" -Output the \s-1MAC\s0 in binary form. Uses hexadecimal text format if not specified. +Output the MAC in binary form. Uses hexadecimal text format if not specified. .IP "\fB\-cipher\fR \fIname\fR" 4 .IX Item "-cipher name" -Used by \s-1CMAC\s0 and \s-1GMAC\s0 to specify the cipher algorithm. -For \s-1CMAC\s0 it must be one of \s-1AES\-128\-CBC, AES\-192\-CBC, AES\-256\-CBC\s0 or -\&\s-1DES\-EDE3\-CBC.\s0 -For \s-1GMAC\s0 it should be a \s-1GCM\s0 mode cipher e.g. \s-1AES\-128\-GCM.\s0 +Used by CMAC and GMAC to specify the cipher algorithm. +For CMAC it must be one of AES\-128\-CBC, AES\-192\-CBC, AES\-256\-CBC or +DES\-EDE3\-CBC. +For GMAC it should be a GCM mode cipher e.g. AES\-128\-GCM. .IP "\fB\-digest\fR \fIname\fR" 4 .IX Item "-digest name" -Used by \s-1HMAC\s0 as an alphanumeric string (use if the key contains printable +Used by HMAC as an alphanumeric string (use if the key contains printable characters only). -The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +The string length must conform to any restrictions of the MAC algorithm. To see the list of supported digests, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR. .IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-macopt nm:v" -Passes options to the \s-1MAC\s0 algorithm. -A comprehensive list of controls can be found in the \s-1EVP_MAC\s0 implementation +Passes options to the MAC algorithm. +A comprehensive list of controls can be found in the EVP_MAC implementation documentation. Common parameter names used by \fBEVP_MAC_CTX_get_params()\fR are: .RS 4 -.IP "\fBkey:\fR\fIstring\fR" 4 +.IP \fBkey:\fR\fIstring\fR 4 .IX Item "key:string" -Specifies the \s-1MAC\s0 key as an alphanumeric string (use if the key contains +Specifies the MAC key as an alphanumeric string (use if the key contains printable characters only). -The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. -A key must be specified for every \s-1MAC\s0 algorithm. -.IP "\fBhexkey:\fR\fIstring\fR" 4 +The string length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm. +.IP \fBhexkey:\fR\fIstring\fR 4 .IX Item "hexkey:string" -Specifies the \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). -The key length must conform to any restrictions of the \s-1MAC\s0 algorithm. -A key must be specified for every \s-1MAC\s0 algorithm. -.IP "\fBiv:\fR\fIstring\fR" 4 +Specifies the MAC key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm. +.IP \fBiv:\fR\fIstring\fR 4 .IX Item "iv:string" -Used by \s-1GMAC\s0 to specify an \s-1IV\s0 as an alphanumeric string (use if the \s-1IV\s0 contains +Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains printable characters only). -.IP "\fBhexiv:\fR\fIstring\fR" 4 +.IP \fBhexiv:\fR\fIstring\fR 4 .IX Item "hexiv:string" -Used by \s-1GMAC\s0 to specify an \s-1IV\s0 in hexadecimal form (two hex digits per byte). -.IP "\fBsize:\fR\fIint\fR" 4 +Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte). +.IP \fBsize:\fR\fIint\fR 4 .IX Item "size:int" -Used by \s-1KMAC128\s0 or \s-1KMAC256\s0 to specify an output length. +Used by KMAC128 or KMAC256 to specify an output length. The default sizes are 32 or 64 bytes respectively. -.IP "\fBcustom:\fR\fIstring\fR" 4 +.IP \fBcustom:\fR\fIstring\fR 4 .IX Item "custom:string" -Used by \s-1KMAC128\s0 or \s-1KMAC256\s0 to specify a customization string. +Used by KMAC128 or KMAC256 to specify a customization string. The default is the empty string "". -.IP "\fBdigest:\fR\fIstring\fR" 4 +.IP \fBdigest:\fR\fIstring\fR 4 .IX Item "digest:string" This option is identical to the \fB\-digest\fR option. -.IP "\fBcipher:\fR\fIstring\fR" 4 +.IP \fBcipher:\fR\fIstring\fR 4 .IX Item "cipher:string" This option is identical to the \fB\-cipher\fR option. .RE @@ -236,56 +161,71 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.IP "\fImac_name\fR" 4 +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.IP \fImac_name\fR 4 .IX Item "mac_name" -Specifies the name of a supported \s-1MAC\s0 algorithm which will be used. -To see the list of supported \s-1MAC\s0's use the command \f(CW\*(C`openssl list +Specifies the name of a supported MAC algorithm which will be used. +To see the list of supported MAC\*(Aqs use the command \f(CW\*(C`openssl list \&\-mac\-algorithms\*(C'\fR. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -To create a hex-encoded \s-1HMAC\-SHA1 MAC\s0 of a file and write to stdout: \e - openssl mac \-digest \s-1SHA1\s0 \e - \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \e - \-in msg.bin \s-1HMAC\s0 +To create a hex\-encoded HMAC\-SHA1 MAC of a file and write to stdout: +.PP +.Vb 3 +\& openssl mac \-digest SHA1 \e +\& \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \e +\& \-in msg.bin HMAC +.Ve +.PP +To create a SipHash MAC from a file with a binary file output: +.PP +.Vb 2 +\& openssl mac \-macopt hexkey:000102030405060708090A0B0C0D0E0F \e +\& \-in msg.bin \-out out.bin \-binary SipHash +.Ve +.PP +To create a hex\-encoded CMAC\-AES\-128\-CBC MAC from a file: +.PP +.Vb 3 +\& openssl mac \-cipher AES\-128\-CBC \e +\& \-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \e +\& \-in msg.bin CMAC +.Ve .PP -To create a SipHash \s-1MAC\s0 from a file with a binary file output: \e - openssl mac \-macopt hexkey:000102030405060708090A0B0C0D0E0F \e - \-in msg.bin \-out out.bin \-binary SipHash +To create a hex\-encoded KMAC128 MAC from a file with a Customisation String +\&\*(AqTag\*(Aq and output length of 16: .PP -To create a hex-encoded \s-1CMAC\-AES\-128\-CBC MAC\s0 from a file:\e - openssl mac \-cipher \s-1AES\-128\-CBC\s0 \e - \-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \e - \-in msg.bin \s-1CMAC\s0 +.Vb 2 +\& openssl mac \-macopt custom:Tag \-macopt hexkey:40414243444546 \e +\& \-macopt size:16 \-in msg.bin KMAC128 +.Ve .PP -To create a hex-encoded \s-1KMAC128 MAC\s0 from a file with a Customisation String -\&'Tag' and output length of 16: \e - openssl mac \-macopt custom:Tag \-macopt hexkey:40414243444546 \e - \-macopt size:16 \-in msg.bin \s-1KMAC128\s0 +To create a hex\-encoded GMAC\-AES\-128\-GCM with a IV from a file: .PP -To create a hex-encoded \s-1GMAC\-AES\-128\-GCM\s0 with a \s-1IV\s0 from a file: \e - openssl mac \-cipher \s-1AES\-128\-GCM\s0 \-macopt hexiv:E0E00F19FED7BA0136A797F3 \e - \-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \-in msg.bin \s-1GMAC\s0 -.SH "NOTES" +.Vb 2 +\& openssl mac \-cipher AES\-128\-GCM \-macopt hexiv:E0E00F19FED7BA0136A797F3 \e +\& \-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \-in msg.bin GMAC +.Ve +.SH NOTES .IX Header "NOTES" -The \s-1MAC\s0 mechanisms that are available will depend on the options +The MAC mechanisms that are available will depend on the options used when building OpenSSL. Use \f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR to list them. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), -\&\s-1\fBEVP_MAC\s0\fR\|(3), -\&\s-1\fBEVP_MAC\-CMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-GMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-HMAC\s0\fR\|(7), -\&\s-1\fBEVP_MAC\-KMAC\s0\fR\|(7), +\&\fBEVP_MAC\fR\|(3), +\&\fBEVP_MAC\-CMAC\fR\|(7), +\&\fBEVP_MAC\-GMAC\fR\|(7), +\&\fBEVP_MAC\-HMAC\fR\|(7), +\&\fBEVP_MAC\-KMAC\fR\|(7), \&\fBEVP_MAC\-Siphash\fR\|(7), \&\fBEVP_MAC\-Poly1305\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2018\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-namedisplay-options.1.orig +++ secure/usr.bin/openssl/man/openssl-namedisplay-options.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,216 +53,157 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-NAMEDISPLAY-OPTIONS 1ossl" -.TH OPENSSL-NAMEDISPLAY-OPTIONS 1ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-NAMEDISPLAY-OPTIONS 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-namedisplay\-options \- Distinguished name display options -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \&\fIcommand\fR [ \fIoptions\fR ... ] [ \fIparameters\fR ... ] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -OpenSSL provides fine-grain control over how the subject and issuer \s-1DN\s0's are +OpenSSL provides fine\-grain control over how the subject and issuer DN\*(Aqs are displayed. This is specified by using the \fB\-nameopt\fR option, which takes a -comma-separated list of options from the following set. +comma\-separated list of options from the following set. An option may be preceded by a minus sign, \f(CW\*(C`\-\*(C'\fR, to turn it off. The default value is \f(CW\*(C`oneline\*(C'\fR. The first four are the most commonly used. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" .SS "Name Format Option Arguments" .IX Subsection "Name Format Option Arguments" -The \s-1DN\s0 output format can be fine tuned with the following flags. -.IP "\fBcompat\fR" 4 +The DN output format can be fine tuned with the following flags. +.IP \fBcompat\fR 4 .IX Item "compat" Display the name using an old format from previous OpenSSL versions. -.IP "\fB\s-1RFC2253\s0\fR" 4 +.IP \fBRFC2253\fR 4 .IX Item "RFC2253" -Display the name using the format defined in \s-1RFC 2253.\s0 +Display the name using the format defined in RFC 2253. It is equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \&\fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, \fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR. -.IP "\fBoneline\fR" 4 +.IP \fBoneline\fR 4 .IX Item "oneline" Display the name in one line, using a format that is more readable -\&\s-1RFC 2253.\s0 +RFC 2253. It is equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \&\fBdump_nostr\fR, \fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \&\fBspace_eq\fR and \fBsname\fR options. -.IP "\fBmultiline\fR" 4 +.IP \fBmultiline\fR 4 .IX Item "multiline" Display the name using multiple lines. It is equivalent to \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, \fBspace_eq\fR, \&\fBlname\fR and \fBalign\fR. -.IP "\fBesc_2253\fR" 4 +.IP \fBesc_2253\fR 4 .IX Item "esc_2253" -Escape the \*(L"special\*(R" characters in a field, as required by \s-1RFC 2253.\s0 +Escape the "special" characters in a field, as required by RFC 2253. That is, any of the characters \f(CW\*(C`,+"<>;\*(C'\fR, \f(CW\*(C`#\*(C'\fR at the beginning of a string and leading or trailing spaces. -.IP "\fBesc_2254\fR" 4 +.IP \fBesc_2254\fR 4 .IX Item "esc_2254" -Escape the \*(L"special\*(R" characters in a field as required by \s-1RFC 2254\s0 in a field. -That is, the \fB\s-1NUL\s0\fR character and of \f(CW\*(C`()*\*(C'\fR. -.IP "\fBesc_ctrl\fR" 4 +Escape the "special" characters in a field as required by RFC 2254 in a field. +That is, the \fBNUL\fR character and of \f(CW\*(C`()*\*(C'\fR. +.IP \fBesc_ctrl\fR 4 .IX Item "esc_ctrl" -Escape non-printable \s-1ASCII\s0 characters, codes less than 0x20 (space) -or greater than 0x7F (\s-1DELETE\s0). They are displayed using \s-1RFC 2253\s0 \f(CW\*(C`\eXX\*(C'\fR -notation where \fB\s-1XX\s0\fR are the two hex digits representing the character value. -.IP "\fBesc_msb\fR" 4 +Escape non\-printable ASCII characters, codes less than 0x20 (space) +or greater than 0x7F (DELETE). They are displayed using RFC 2253 \f(CW\*(C`\eXX\*(C'\fR +notation where \fBXX\fR are the two hex digits representing the character value. +.IP \fBesc_msb\fR 4 .IX Item "esc_msb" Escape any characters with the most significant bit set, that is with values larger than 127, as described in \fBesc_ctrl\fR. -.IP "\fBuse_quote\fR" 4 +.IP \fBuse_quote\fR 4 .IX Item "use_quote" Escapes some characters by surrounding the entire string with quotation marks, \f(CW\*(C`"\*(C'\fR. Without this option, individual special characters are preceded with a backslash character, \f(CW\*(C`\e\*(C'\fR. -.IP "\fButf8\fR" 4 +.IP \fButf8\fR 4 .IX Item "utf8" -Convert all strings to \s-1UTF\-8\s0 format first as required by \s-1RFC 2253.\s0 -If the output device is \s-1UTF\-8\s0 compatible, then using this option (and +Convert all strings to UTF\-8 format first as required by RFC 2253. +If the output device is UTF\-8 compatible, then using this option (and not setting \fBesc_msb\fR) may give the correct display of multibyte characters. If this option is not set, then multibyte characters larger than 0xFF will be output as \f(CW\*(C`\eUXXXX\*(C'\fR for 16 bits or \f(CW\*(C`\eWXXXXXXXX\*(C'\fR for 32 bits. In addition, any UTF8Strings will be converted to their character form first. -.IP "\fBignore_type\fR" 4 +.IP \fBignore_type\fR 4 .IX Item "ignore_type" This option does not attempt to interpret multibyte characters in any way. That is, the content octets are merely dumped as though one octet represents each character. This is useful for diagnostic purposes but will result in rather odd looking output. -.IP "\fBshow_type\fR" 4 +.IP \fBshow_type\fR 4 .IX Item "show_type" -Display the type of the \s-1ASN1\s0 character string before the value, +Display the type of the ASN1 character string before the value, such as \f(CW\*(C`BMPSTRING: Hello World\*(C'\fR. -.IP "\fBdump_der\fR" 4 +.IP \fBdump_der\fR 4 .IX Item "dump_der" Any fields that would be output in hex format are displayed using -the \s-1DER\s0 encoding of the field. +the DER encoding of the field. If not set, just the content octets are displayed. -Either way, the \fB#XXXX...\fR format of \s-1RFC 2253\s0 is used. -.IP "\fBdump_nostr\fR" 4 +Either way, the \fB#XXXX...\fR format of RFC 2253 is used. +.IP \fBdump_nostr\fR 4 .IX Item "dump_nostr" -Dump non-character strings, such as \s-1ASN.1\s0 \fB\s-1OCTET STRING\s0\fR. +Dump non\-character strings, such as ASN.1 \fBOCTET STRING\fR. If this option is not set, then non character string types will be displayed as though each content octet represents a single character. -.IP "\fBdump_all\fR" 4 +.IP \fBdump_all\fR 4 .IX Item "dump_all" Dump all fields. When this used with \fBdump_der\fR, this allows the -\&\s-1DER\s0 encoding of the structure to be unambiguously determined. -.IP "\fBdump_unknown\fR" 4 +DER encoding of the structure to be unambiguously determined. +.IP \fBdump_unknown\fR 4 .IX Item "dump_unknown" -Dump any field whose \s-1OID\s0 is not recognised by OpenSSL. +Dump any field whose OID is not recognised by OpenSSL. .IP "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4 .IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline" Specify the field separators. The first word is used between the Relative Distinguished Names (RDNs) and the second is between multiple Attribute Value Assertions (AVAs). Multiple AVAs are very rare and their use is discouraged. -The options ending in \*(L"space\*(R" additionally place a space after the separator to make it more readable. -The \fBsep_multiline\fR starts each field on its own line, and uses \*(L"plus space\*(R" -for the \s-1AVA\s0 separator. +The options ending in "space" additionally place a space after the separator to make it more readable. +The \fBsep_multiline\fR starts each field on its own line, and uses "plus space" +for the AVA separator. It also indents the fields by four characters. The default value is \fBsep_comma_plus_space\fR. -.IP "\fBdn_rev\fR" 4 +.IP \fBdn_rev\fR 4 .IX Item "dn_rev" -Reverse the fields of the \s-1DN\s0 as required by \s-1RFC 2253.\s0 +Reverse the fields of the DN as required by RFC 2253. This also reverses the order of multiple AVAs in a field, but this is permissible as there is no ordering on values. .IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 .IX Item "nofname, sname, lname, oid" Specify how the field name is displayed. \&\fBnofname\fR does not display the field at all. -\&\fBsname\fR uses the \*(L"short name\*(R" form (\s-1CN\s0 for commonName for example). +\&\fBsname\fR uses the "short name" form (CN for commonName for example). \&\fBlname\fR uses the long form. -\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for +\&\fBoid\fR represents the OID in numerical form and is useful for diagnostic purpose. -.IP "\fBalign\fR" 4 +.IP \fBalign\fR 4 .IX Item "align" Align field values for a more readable output. Only usable with \&\fBsep_multiline\fR. -.IP "\fBspace_eq\fR" 4 +.IP \fBspace_eq\fR 4 .IX Item "space_eq" Places spaces round the equal sign, \f(CW\*(C`=\*(C'\fR, character which follows the field name. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-nseq.1.orig +++ secure/usr.bin/openssl/man/openssl-nseq.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-NSEQ 1ossl" -.TH OPENSSL-NSEQ 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-NSEQ 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-nseq \- create or examine a Netscape certificate sequence -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBnseq\fR [\fB\-help\fR] @@ -150,20 +75,20 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command takes a file containing a Netscape certificate sequence and prints out the certificates contained in it or takes a file of certificates and converts it into a Netscape certificate sequence. .PP -A Netscape certificate sequence is an old Netscape-specific format that +A Netscape certificate sequence is an old Netscape\-specific format that can be sometimes be sent to browsers as an alternative to the standard PKCS#7 format when several certificates are sent to the browser, for example during certificate enrollment. It was also used by Netscape certificate server. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-in\fR \fIfilename\fR" 4 @@ -173,7 +98,7 @@ .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" Specifies the output filename or standard output by default. -.IP "\fB\-toseq\fR" 4 +.IP \fB\-toseq\fR 4 .IX Item "-toseq" Normally a Netscape certificate sequence will be input and the output is the certificates contained in it. With the \fB\-toseq\fR option the @@ -187,8 +112,8 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "EXAMPLES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" Output the certificates in a Netscape certificate sequence .PP @@ -201,11 +126,11 @@ .Vb 1 \& openssl nseq \-in certs.pem \-toseq \-out nseq.pem .Ve -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-ocsp.1.orig +++ secure/usr.bin/openssl/man/openssl-ocsp.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,80 +53,21 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-OCSP 1ossl" -.TH OPENSSL-OCSP 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-OCSP 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-ocsp \- Online Certificate Status Protocol command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" -.SS "\s-1OCSP\s0 Client" +.SS "OCSP Client" .IX Subsection "OCSP Client" \&\fBopenssl\fR \fBocsp\fR [\fB\-help\fR] @@ -163,10 +88,10 @@ [\fB\-respout\fR \fIfile\fR] [\fB\-reqin\fR \fIfile\fR] [\fB\-respin\fR \fIfile\fR] -[\fB\-url\fR \fI\s-1URL\s0\fR] +[\fB\-url\fR \fIURL\fR] [\fB\-host\fR \fIhost\fR:\fIport\fR] -[\fB\-path\fR] -[\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path]\fR] +[\fB\-path\fR \fIpathname\fR] +[\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\fR] [\fB\-no_proxy\fR \fIaddresses\fR] [\fB\-header\fR] [\fB\-timeout\fR \fIseconds\fR] @@ -184,7 +109,7 @@ [\fB\-no_explicit\fR] [\fB\-port\fR \fInum\fR] [\fB\-ignore_err\fR] -.SS "\s-1OCSP\s0 Server" +.SS "OCSP Server" .IX Subsection "OCSP Server" \&\fBopenssl\fR \fBocsp\fR [\fB\-index\fR \fIfile\fR] @@ -201,9 +126,9 @@ [\fB\-ndays\fR \fIn\fR] [\fB\-resp_key_id\fR] [\fB\-nrequest\fR \fIn\fR] -[\fB\-multi\fR \fIprocess-count\fR] +[\fB\-multi\fR \fIprocess\-count\fR] [\fB\-rcid\fR \fIdigest\fR] -[\fB\-\f(BIdigest\fB\fR] +[\fB\-\fR\f(BIdigest\fR] [\fB\-CAfile\fR \fIfile\fR] [\fB\-no\-CAfile\fR] [\fB\-CApath\fR \fIdir\fR] @@ -243,21 +168,21 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to -determine the (revocation) state of an identified certificate (\s-1RFC 2560\s0). +The Online Certificate Status Protocol (OCSP) enables applications to +determine the (revocation) state of an identified certificate (RFC 2560). .PP -This command performs many common \s-1OCSP\s0 tasks. It can be used +This command performs many common OCSP tasks. It can be used to print out requests and responses, create requests and send queries -to an \s-1OCSP\s0 responder and behave like a mini \s-1OCSP\s0 server itself. -.SH "OPTIONS" +to an OCSP responder and behave like a mini OCSP server itself. +.SH OPTIONS .IX Header "OPTIONS" This command operates as either a client or a server. The options are described below, divided into those two modes. -.SS "\s-1OCSP\s0 Client Options" +.SS "OCSP Client Options" .IX Subsection "OCSP Client Options" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-out\fR \fIfilename\fR" 4 @@ -267,15 +192,15 @@ .IX Item "-issuer filename" This specifies the current issuer certificate. This option can be used multiple times. -This option \fB\s-1MUST\s0\fR come before any \fB\-cert\fR options. +This option \fBMUST\fR come before any \fB\-cert\fR options. .IP "\fB\-cert\fR \fIfilename\fR" 4 .IX Item "-cert filename" Add the certificate \fIfilename\fR to the request. The issuer certificate is taken from the previous \fB\-issuer\fR option, or an error occurs if no issuer certificate is specified. -.IP "\fB\-no_certs\fR" 4 +.IP \fB\-no_certs\fR 4 .IX Item "-no_certs" -Don't include any certificates in signed request. +Don\*(Aqt include any certificates in signed request. .IP "\fB\-serial\fR \fInum\fR" 4 .IX Item "-serial num" Same as the \fB\-cert\fR option except the certificate with serial number @@ -284,130 +209,138 @@ be specified by preceding the value by a \f(CW\*(C`\-\*(C'\fR sign. .IP "\fB\-signer\fR \fIfilename\fR, \fB\-signkey\fR \fIfilename\fR" 4 .IX Item "-signer filename, -signkey filename" -Sign the \s-1OCSP\s0 request using the certificate specified in the \fB\-signer\fR +Sign the OCSP request using the certificate specified in the \fB\-signer\fR option and the private key specified by the \fB\-signkey\fR option. If the \fB\-signkey\fR option is not present then the private key is read from the same file as the certificate. If neither option is specified then -the \s-1OCSP\s0 request is not signed. +the OCSP request is not signed. .IP "\fB\-sign_other\fR \fIfilename\fR" 4 .IX Item "-sign_other filename" Additional certificates to include in the signed request. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. +The input can be in PEM, DER, or PKCS#12 format. .IP "\fB\-nonce\fR, \fB\-no_nonce\fR" 4 .IX Item "-nonce, -no_nonce" -Add an \s-1OCSP\s0 nonce extension to a request or disable \s-1OCSP\s0 nonce addition. -Normally if an \s-1OCSP\s0 request is input using the \fB\-reqin\fR option no +Add an OCSP nonce extension to a request or disable OCSP nonce addition. +Normally if an OCSP request is input using the \fB\-reqin\fR option no nonce is added: using the \fB\-nonce\fR option will force addition of a nonce. -If an \s-1OCSP\s0 request is being created (using \fB\-cert\fR and \fB\-serial\fR options) +If an OCSP request is being created (using \fB\-cert\fR and \fB\-serial\fR options) a nonce is automatically added specifying \fB\-no_nonce\fR overrides this. .IP "\fB\-req_text\fR, \fB\-resp_text\fR, \fB\-text\fR" 4 .IX Item "-req_text, -resp_text, -text" -Print out the text form of the \s-1OCSP\s0 request, response or both respectively. +Print out the text form of the OCSP request, response or both respectively. .IP "\fB\-reqout\fR \fIfile\fR, \fB\-respout\fR \fIfile\fR" 4 .IX Item "-reqout file, -respout file" -Write out the \s-1DER\s0 encoded certificate request or response to \fIfile\fR. +Write out the DER encoded certificate request or response to \fIfile\fR. .IP "\fB\-reqin\fR \fIfile\fR, \fB\-respin\fR \fIfile\fR" 4 .IX Item "-reqin file, -respin file" -Read \s-1OCSP\s0 request or response file from \fIfile\fR. These option are ignored -if \s-1OCSP\s0 request or response creation is implied by other options (for example +Read OCSP request or response file from \fIfile\fR. These option are ignored +if OCSP request or response creation is implied by other options (for example with \fB\-serial\fR, \fB\-cert\fR and \fB\-host\fR options). .IP "\fB\-url\fR \fIresponder_url\fR" 4 .IX Item "-url responder_url" -Specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified. +Specify the responder host and optionally port and path via a URL. +Both HTTP and HTTPS (SSL/TLS) URLs can be specified. The optional userinfo and fragment components are ignored. Any given query component is handled as part of the path component. -.IP "\fB\-host\fR \fIhostname\fR:\fIport\fR, \fB\-path\fR \fIpathname\fR" 4 -.IX Item "-host hostname:port, -path pathname" -If the \fB\-host\fR option is present then the \s-1OCSP\s0 request is sent to the host -\&\fIhostname\fR on port \fIport\fR. The \fB\-path\fR option specifies the \s-1HTTP\s0 pathname -to use or \*(L"/\*(R" by default. This is equivalent to specifying \fB\-url\fR with scheme -http:// and the given hostname, port, and pathname. -.IP "\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path]\fR" 4 -.IX Item "-proxy [http[s]://][userinfo@]host[:port][/path]" -The \s-1HTTP\s0(S) proxy server to use for reaching the \s-1OCSP\s0 server unless \fB\-no_proxy\fR +For details, see the \fB\-host\fR and \fB\-path\fR options described next. +.IP "\fB\-host\fR \fIhost\fR:\fIport\fR, \fB\-path\fR \fIpathname\fR" 4 +.IX Item "-host host:port, -path pathname" +If the \fB\-host\fR option is present then the OCSP request is sent to the host +\&\fIhost\fR on port \fIport\fR. +The \fIhost\fR may be a domain name or an IP (v4 or v6) address, +such as \f(CW127.0.0.1\fR or \f(CW\*(C`[::1]\*(C'\fR for localhost. +If it is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +.Sp +The \fB\-path\fR option specifies the HTTP pathname to use or "/" by default. +This is equivalent to specifying \fB\-url\fR with scheme +http:// and the given \fIhost\fR, \fIport\fR, and optional \fIpathname\fR. +.IP "\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\fR" 4 +.IX Item "-proxy [http[s]://][userinfo@]host[:port][/path][?query][#fragment]" +The HTTP(S) proxy server to use for reaching the OCSP server unless \fB\-no_proxy\fR applies, see below. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. The proxy port defaults to 80 or 443 if the scheme is \f(CW\*(C`https\*(C'\fR; apart from that the optional \f(CW\*(C`http://\*(C'\fR or \f(CW\*(C`https://\*(C'\fR prefix is ignored, -as well as any userinfo and path components. +as well as any userinfo, path, query, and fragment components. Defaults to the environment variable \f(CW\*(C`http_proxy\*(C'\fR if set, else \f(CW\*(C`HTTP_PROXY\*(C'\fR -in case no \s-1TLS\s0 is used, otherwise \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. +in case no TLS is used, otherwise \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. .IP "\fB\-no_proxy\fR \fIaddresses\fR" 4 .IX Item "-no_proxy addresses" -List of \s-1IP\s0 addresses and/or \s-1DNS\s0 names of servers -not to use an \s-1HTTP\s0(S) proxy for, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +List of IP addresses and/or DNS names of servers +not to use an HTTP(S) proxy for, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). Default is from the environment variable \f(CW\*(C`no_proxy\*(C'\fR if set, else \f(CW\*(C`NO_PROXY\*(C'\fR. .IP "\fB\-header\fR \fIname\fR=\fIvalue\fR" 4 .IX Item "-header name=value" -Adds the header \fIname\fR with the specified \fIvalue\fR to the \s-1OCSP\s0 request +Adds the header \fIname\fR with the specified \fIvalue\fR to the OCSP request that is sent to the responder. This may be repeated. .IP "\fB\-timeout\fR \fIseconds\fR" 4 .IX Item "-timeout seconds" -Connection timeout to the \s-1OCSP\s0 responder in seconds. -On \s-1POSIX\s0 systems, when running as an \s-1OCSP\s0 responder, this option also limits +Connection timeout to the OCSP responder in seconds. +On POSIX systems, when running as an OCSP responder, this option also limits the time that the responder is willing to wait for the client request. This time is measured from the time the responder accepts the connection until the complete request is received. .IP "\fB\-verify_other\fR \fIfile\fR" 4 .IX Item "-verify_other file" -File or \s-1URI\s0 containing additional certificates to search +File or URI containing additional certificates to search when attempting to locate -the \s-1OCSP\s0 response signing certificate. Some responders omit the actual signer's +the OCSP response signing certificate. Some responders omit the actual signer\*(Aqs certificate from the response: this option can be used to supply the necessary certificate in such cases. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. -.IP "\fB\-trust_other\fR" 4 +The input can be in PEM, DER, or PKCS#12 format. +.IP \fB\-trust_other\fR 4 .IX Item "-trust_other" The certificates specified by the \fB\-verify_other\fR option should be explicitly trusted and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a -root \s-1CA\s0 is not appropriate. +root CA is not appropriate. .IP "\fB\-VAfile\fR \fIfile\fR" 4 .IX Item "-VAfile file" -File or \s-1URI\s0 containing explicitly trusted responder certificates. +File or URI containing explicitly trusted responder certificates. Equivalent to the \fB\-verify_other\fR and \fB\-trust_other\fR options. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. -.IP "\fB\-noverify\fR" 4 +The input can be in PEM, DER, or PKCS#12 format. +.IP \fB\-noverify\fR 4 .IX Item "-noverify" -Don't attempt to verify the \s-1OCSP\s0 response signature or the nonce +Don\*(Aqt attempt to verify the OCSP response signature or the nonce values. This option will normally only be used for debugging since it disables all verification of the responders certificate. -.IP "\fB\-no_intern\fR" 4 +.IP \fB\-no_intern\fR 4 .IX Item "-no_intern" -Ignore certificates contained in the \s-1OCSP\s0 response when searching for the +Ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the \fB\-verify_other\fR or \fB\-VAfile\fR options. -.IP "\fB\-no_signature_verify\fR" 4 +.IP \fB\-no_signature_verify\fR 4 .IX Item "-no_signature_verify" -Don't check the signature on the \s-1OCSP\s0 response. Since this option -tolerates invalid signatures on \s-1OCSP\s0 responses it will normally only be +Don\*(Aqt check the signature on the OCSP response. Since this option +tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes. -.IP "\fB\-no_cert_verify\fR" 4 +.IP \fB\-no_cert_verify\fR 4 .IX Item "-no_cert_verify" -Don't verify the \s-1OCSP\s0 response signers certificate at all. Since this -option allows the \s-1OCSP\s0 response to be signed by any certificate it should +Don\*(Aqt verify the OCSP response signers certificate at all. Since this +option allows the OCSP response to be signed by any certificate it should only be used for testing purposes. -.IP "\fB\-no_chain\fR" 4 +.IP \fB\-no_chain\fR 4 .IX Item "-no_chain" -Do not use certificates in the response as additional untrusted \s-1CA\s0 +Do not use certificates in the response as additional untrusted CA certificates. -.IP "\fB\-no_explicit\fR" 4 +.IP \fB\-no_explicit\fR 4 .IX Item "-no_explicit" -Do not explicitly trust the root \s-1CA\s0 if it is set to be trusted for \s-1OCSP\s0 signing. -.IP "\fB\-no_cert_checks\fR" 4 +Do not explicitly trust the root CA if it is set to be trusted for OCSP signing. +.IP \fB\-no_cert_checks\fR 4 .IX Item "-no_cert_checks" -Don't perform any additional checks on the \s-1OCSP\s0 response signers certificate. +Don\*(Aqt perform any additional checks on the OCSP response signers certificate. That is do not make any checks to see if the signers certificate is authorised to provide the necessary status information: as a result this option should only be used for testing purposes. .IP "\fB\-validity_period\fR \fInsec\fR, \fB\-status_age\fR \fIage\fR" 4 .IX Item "-validity_period nsec, -status_age age" These options specify the range of times, in seconds, which will be tolerated -in an \s-1OCSP\s0 response. Each certificate status response includes a \fBnotBefore\fR +in an OCSP response. Each certificate status response includes a \fBnotBefore\fR time and an optional \fBnotAfter\fR time. The current time should fall between these two values, but the interval between the two times may be only a few -seconds. In practice the \s-1OCSP\s0 responder and clients clocks may not be precisely +seconds. In practice the OCSP responder and clients clocks may not be precisely synchronised and so such a check may fail. To avoid this the \&\fB\-validity_period\fR option can be used to specify an acceptable error range in seconds, the default value is 5 minutes. @@ -419,21 +352,21 @@ .IP "\fB\-rcid\fR \fIdigest\fR" 4 .IX Item "-rcid digest" This option sets the digest algorithm to use for certificate identification -in the \s-1OCSP\s0 response. Any digest supported by the \fBopenssl\-dgst\fR\|(1) command can +in the OCSP response. Any digest supported by the \fBopenssl\-dgst\fR\|(1) command can be used. The default is the same digest algorithm used in the request. -.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IP \fB\-\fR\f(BIdigest\fR 4 .IX Item "-digest" This option sets digest algorithm to use for certificate identification in the -\&\s-1OCSP\s0 request. Any digest supported by the OpenSSL \fBdgst\fR command can be used. -The default is \s-1SHA\-1.\s0 This option may be used multiple times to specify the +OCSP request. Any digest supported by the OpenSSL \fBdgst\fR command can be used. +The default is SHA\-1. This option may be used multiple times to specify the digest used by subsequent certificate identifiers. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 .IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" Set various options of certificate chain verification. -See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -442,8 +375,8 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SS "\s-1OCSP\s0 Server Options" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SS "OCSP Server Options" .IX Subsection "OCSP Server Options" .IP "\fB\-index\fR \fIindexfile\fR" 4 .IX Item "-index indexfile" @@ -454,21 +387,21 @@ responder mode, otherwise it is in client mode. The request(s) the responder processes can be either specified on the command line (using \fB\-issuer\fR and \fB\-serial\fR options), supplied in a file (using the \fB\-reqin\fR option) -or via external \s-1OCSP\s0 clients (if \fB\-port\fR or \fB\-url\fR is specified). +or via external OCSP clients (if \fB\-port\fR or \fB\-url\fR is specified). .Sp If the \fB\-index\fR option is present then the \fB\-CA\fR and \fB\-rsigner\fR options must also be present. .IP "\fB\-CA\fR \fIfile\fR" 4 .IX Item "-CA file" -\&\s-1CA\s0 certificate corresponding to the revocation information in the index +CA certificate corresponding to the revocation information in the index file given with \fB\-index\fR. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. +The input can be in PEM, DER, or PKCS#12 format. .IP "\fB\-rsigner\fR \fIfile\fR" 4 .IX Item "-rsigner file" -The certificate to sign \s-1OCSP\s0 responses with. +The certificate to sign OCSP responses with. .IP "\fB\-rkey\fR \fIfile\fR" 4 .IX Item "-rkey file" -The private key to sign \s-1OCSP\s0 responses with: if not present the file +The private key to sign OCSP responses with: if not present the file specified in the \fB\-rsigner\fR option is used. .IP "\fB\-passin\fR \fIarg\fR" 4 .IX Item "-passin arg" @@ -476,49 +409,49 @@ see \fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-rother\fR \fIfile\fR" 4 .IX Item "-rother file" -Additional certificates to include in the \s-1OCSP\s0 response. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. +Additional certificates to include in the OCSP response. +The input can be in PEM, DER, or PKCS#12 format. .IP "\fB\-rsigopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-rsigopt nm:v" -Pass options to the signature algorithm when signing \s-1OCSP\s0 responses. -Names and values of these options are algorithm-specific. +Pass options to the signature algorithm when signing OCSP responses. +Names and values of these options are algorithm\-specific. .IP "\fB\-rmd\fR \fIdigest\fR" 4 .IX Item "-rmd digest" The digest to use when signing the response. -.IP "\fB\-badsig\fR" 4 +.IP \fB\-badsig\fR 4 .IX Item "-badsig" Corrupt the response signature before writing it; this can be useful for testing. -.IP "\fB\-resp_no_certs\fR" 4 +.IP \fB\-resp_no_certs\fR 4 .IX Item "-resp_no_certs" -Don't include any certificates in the \s-1OCSP\s0 response. -.IP "\fB\-resp_key_id\fR" 4 +Don\*(Aqt include any certificates in the OCSP response. +.IP \fB\-resp_key_id\fR 4 .IX Item "-resp_key_id" -Identify the signer certificate using the key \s-1ID,\s0 default is to use the +Identify the signer certificate using the key ID, default is to use the subject name. .IP "\fB\-port\fR \fIportnum\fR" 4 .IX Item "-port portnum" -Port to listen for \s-1OCSP\s0 requests on. The port may also be specified -using the \fBurl\fR option. +Port to listen for OCSP requests on. Both IPv4 and IPv6 are possible. +The port may also be specified using the \fB\-url\fR option. A \f(CW0\fR argument indicates that any available port shall be chosen automatically. -.IP "\fB\-ignore_err\fR" 4 +.IP \fB\-ignore_err\fR 4 .IX Item "-ignore_err" -Ignore malformed requests or responses: When acting as an \s-1OCSP\s0 client, retry if -a malformed response is received. When acting as an \s-1OCSP\s0 responder, continue +Ignore malformed requests or responses: When acting as an OCSP client, retry if +a malformed response is received. When acting as an OCSP responder, continue running instead of terminating upon receiving a malformed request. .IP "\fB\-nrequest\fR \fInumber\fR" 4 .IX Item "-nrequest number" -The \s-1OCSP\s0 server will exit after receiving \fInumber\fR requests, default unlimited. -.IP "\fB\-multi\fR \fIprocess-count\fR" 4 +The OCSP server will exit after receiving \fInumber\fR requests, default unlimited. +.IP "\fB\-multi\fR \fIprocess\-count\fR" 4 .IX Item "-multi process-count" -Run the specified number of \s-1OCSP\s0 responder child processes, with the parent +Run the specified number of OCSP responder child processes, with the parent process respawning child processes as needed. -Child processes will detect changes in the \s-1CA\s0 index file and automatically +Child processes will detect changes in the CA index file and automatically reload it. When running as a responder \fB\-timeout\fR option is recommended to limit the time -each child is willing to wait for the client's \s-1OCSP\s0 response. -This option is available on \s-1POSIX\s0 systems (that support the \fBfork()\fR and other -required unix system-calls). +each child is willing to wait for the client\*(Aqs OCSP response. +This option is available on POSIX systems (that support the \fBfork()\fR and other +required unix system\-calls). .IP "\fB\-nmin\fR \fIminutes\fR, \fB\-ndays\fR \fIdays\fR" 4 .IX Item "-nmin minutes, -ndays days" Number of minutes or days when fresh revocation information is available: @@ -527,41 +460,41 @@ immediately available. .SH "OCSP RESPONSE VERIFICATION" .IX Header "OCSP RESPONSE VERIFICATION" -\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560.\s0 +OCSP Response follows the rules specified in RFC2560. .PP -Initially the \s-1OCSP\s0 responder certificate is located and the signature on -the \s-1OCSP\s0 request checked using the responder certificate's public key. +Initially the OCSP responder certificate is located and the signature on +the OCSP request checked using the responder certificate\*(Aqs public key. .PP -Then a normal certificate verify is performed on the \s-1OCSP\s0 responder certificate +Then a normal certificate verify is performed on the OCSP responder certificate building up a certificate chain in the process. The locations of the trusted certificates used to build the chain can be specified by the \fB\-CAfile\fR, \&\fB\-CApath\fR or \fB\-CAstore\fR options or they will be looked for in the standard OpenSSL certificates directory. .PP -If the initial verify fails then the \s-1OCSP\s0 verify process halts with an +If the initial verify fails then the OCSP verify process halts with an error. .PP -Otherwise the issuing \s-1CA\s0 certificate in the request is compared to the \s-1OCSP\s0 -responder certificate: if there is a match then the \s-1OCSP\s0 verify succeeds. +Otherwise the issuing CA certificate in the request is compared to the OCSP +responder certificate: if there is a match then the OCSP verify succeeds. .PP -Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against the issuing -\&\s-1CA\s0 certificate in the request. If there is a match and the OCSPSigning -extended key usage is present in the \s-1OCSP\s0 responder certificate then the -\&\s-1OCSP\s0 verify succeeds. +Otherwise the OCSP responder certificate\*(Aqs CA is checked against the issuing +CA certificate in the request. If there is a match and the OCSPSigning +extended key usage is present in the OCSP responder certificate then the +OCSP verify succeeds. .PP -Otherwise, if \fB\-no_explicit\fR is \fBnot\fR set the root \s-1CA\s0 of the \s-1OCSP\s0 responders -\&\s-1CA\s0 is checked to see if it is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 +Otherwise, if \fB\-no_explicit\fR is \fBnot\fR set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP verify succeeds. .PP -If none of these checks is successful then the \s-1OCSP\s0 verify fails. +If none of these checks is successful then the OCSP verify fails. .PP -What this effectively means if that if the \s-1OCSP\s0 responder certificate is -authorised directly by the \s-1CA\s0 it is issuing revocation information about +What this effectively means if that if the OCSP responder certificate is +authorised directly by the CA it is issuing revocation information about (and it is correctly configured) then verification will succeed. .PP -If the \s-1OCSP\s0 responder is a \*(L"global responder\*(R" which can give details about +If the OCSP responder is a "global responder" which can give details about multiple CAs and has its own separate certificate chain then its root -\&\s-1CA\s0 can be trusted for \s-1OCSP\s0 signing. For example: +CA can be trusted for OCSP signing. For example: .PP .Vb 1 \& openssl x509 \-in ocspCA.pem \-addtrust OCSPSigning \-out trustedCA.pem @@ -569,31 +502,31 @@ .PP Alternatively the responder certificate itself can be explicitly trusted with the \fB\-VAfile\fR option. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" As noted, most of the verify options are for testing or debugging purposes. Normally only the \fB\-CApath\fR, \fB\-CAfile\fR, \fB\-CAstore\fR and (if the responder -is a 'global \s-1VA\s0') \fB\-VAfile\fR options need to be used. +is a \*(Aqglobal VA\*(Aq) \fB\-VAfile\fR options need to be used. .PP -The \s-1OCSP\s0 server is only useful for test and demonstration purposes: it is -not really usable as a full \s-1OCSP\s0 responder. It contains only a very -simple \s-1HTTP\s0 request handling and can only handle the \s-1POST\s0 form of \s-1OCSP\s0 +The OCSP server is only useful for test and demonstration purposes: it is +not really usable as a full OCSP responder. It contains only a very +simple HTTP request handling and can only handle the POST form of OCSP queries. It also handles requests serially meaning it cannot respond to new requests until it has processed the current one. The text index file format of revocation is also inefficient for large quantities of revocation data. .PP -It is possible to run this command in responder mode via a \s-1CGI\s0 +It is possible to run this command in responder mode via a CGI script using the \fB\-reqin\fR and \fB\-respout\fR options. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Create an \s-1OCSP\s0 request and write it to a file: +Create an OCSP request and write it to a file: .PP .Vb 1 \& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \-reqout req.der .Ve .PP -Send a query to an \s-1OCSP\s0 responder with \s-1URL\s0 http://ocsp.myhost.com/ save the +Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the response to a file, print it out in text form, and verify the response: .PP .Vb 2 @@ -601,13 +534,13 @@ \& \-url http://ocsp.myhost.com/ \-resp_text \-respout resp.der .Ve .PP -Read in an \s-1OCSP\s0 response and print out text form: +Read in an OCSP response and print out text form: .PP .Vb 1 \& openssl ocsp \-respin resp.der \-text \-noverify .Ve .PP -\&\s-1OCSP\s0 server on port 8888 using a standard \fBca\fR configuration, and a separate +OCSP server on port 8888 using a standard \fBca\fR configuration, and a separate responder certificate. All requests and responses are printed to a file. .PP .Vb 2 @@ -636,14 +569,14 @@ \& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem \& \-reqin req.der \-respout resp.der .Ve -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \-no_alt_chains option was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-passphrase-options.1.orig +++ secure/usr.bin/openssl/man/openssl-passphrase-options.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PASSPHRASE-OPTIONS 1ossl" -.TH OPENSSL-PASSPHRASE-OPTIONS 1ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-PASSPHRASE-OPTIONS 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-passphrase\-options \- Pass phrase options -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \&\fIcommand\fR [ \fIoptions\fR ... ] [ \fIparameters\fR ... ] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" Several OpenSSL commands accept password arguments, typically using \fB\-passin\fR and \fB\-passout\fR for input and output passwords respectively. These allow @@ -158,40 +83,46 @@ .PP Note that character encoding may be relevant, please see \&\fBpassphrase\-encoding\fR\|(7). -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" .SS "Pass Phrase Option Arguments" .IX Subsection "Pass Phrase Option Arguments" Pass phrase arguments can be formatted as follows. -.IP "\fBpass:\fR\fIpassword\fR" 4 +.IP \fBpass:\fR\fIpassword\fR 4 .IX Item "pass:password" The actual password is \fIpassword\fR. Since the password is visible -to utilities (like 'ps' under Unix) this form should only be used +to utilities (like \*(Aqps\*(Aq under Unix) this form should only be used where security is not important. -.IP "\fBenv:\fR\fIvar\fR" 4 +.IP \fBenv:\fR\fIvar\fR 4 .IX Item "env:var" Obtain the password from the environment variable \fIvar\fR. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution. -.IP "\fBfile:\fR\fIpathname\fR" 4 +.IP \fBfile:\fR\fIpathname\fR 4 .IX Item "file:pathname" -The first line of \fIpathname\fR is the password. If the same \fIpathname\fR -argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first -line will be used for the input password and the next line for the output -password. \fIpathname\fR need not refer to a regular file: it could for example -refer to a device or named pipe. -.IP "\fBfd:\fR\fInumber\fR" 4 +Reads the password from the specified file \fIpathname\fR, which can be a regular +file, device, or named pipe. Only the first line, up to the newline character, +is read from the stream. +.Sp +If the same \fIpathname\fR argument is supplied to both \fB\-passin\fR and \fB\-passout\fR +arguments, the first line will be used for the input password, and the next +line will be used for the output password. +.IP \fBfd:\fR\fInumber\fR 4 .IX Item "fd:number" -Read the password from the file descriptor \fInumber\fR. This can be used to -send the data via a pipe for example. -.IP "\fBstdin\fR" 4 +Reads the password from the file descriptor \fInumber\fR. This can be useful for +sending data via a pipe, for example. The same line handling as described for +\&\fBfile:\fR applies to passwords read from file descriptors. +.Sp +\&\fBfd:\fR is not supported on Windows. +.IP \fBstdin\fR 4 .IX Item "stdin" -Read the password from standard input. -.SH "COPYRIGHT" +Reads the password from standard input. The same line handling as described for +\&\fBfile:\fR applies to passwords read from standard input. +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-passwd.1.orig +++ secure/usr.bin/openssl/man/openssl-passwd.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PASSWD 1ossl" -.TH OPENSSL-PASSWD 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-PASSWD 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-passwd \- compute password hashes -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl passwd\fR [\fB\-help\fR] @@ -162,33 +87,33 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fIpassword\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command computes the hash of a password typed at -run-time or the hash of each password in a list. The password list is +run\-time or the hash of each password in a list. The password list is taken from the named file for option \fB\-in\fR, from stdin for option \fB\-stdin\fR, or from the command line, or from the terminal otherwise. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-1\fR" 4 +.IP \fB\-1\fR 4 .IX Item "-1" -Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR (default). -.IP "\fB\-apr1\fR" 4 +Use the MD5 based BSD password algorithm \fB1\fR (default). +.IP \fB\-apr1\fR 4 .IX Item "-apr1" -Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). -.IP "\fB\-aixmd5\fR" 4 +Use the \fBapr1\fR algorithm (Apache variant of the BSD algorithm). +.IP \fB\-aixmd5\fR 4 .IX Item "-aixmd5" -Use the \fB\s-1AIX MD5\s0\fR algorithm (\s-1AIX\s0 variant of the \s-1BSD\s0 algorithm). -.IP "\fB\-5\fR" 4 +Use the \fBAIX MD5\fR algorithm (AIX variant of the BSD algorithm). +.IP \fB\-5\fR 4 .IX Item "-5" .PD 0 -.IP "\fB\-6\fR" 4 +.IP \fB\-6\fR 4 .IX Item "-6" .PD -Use the \fB\s-1SHA256\s0\fR / \fB\s-1SHA512\s0\fR based algorithms defined by Ulrich Drepper. +Use the \fBSHA256\fR / \fBSHA512\fR based algorithms defined by Ulrich Drepper. See . .IP "\fB\-salt\fR \fIstring\fR" 4 .IX Item "-salt string" @@ -197,25 +122,25 @@ .IP "\fB\-in\fR \fIfile\fR" 4 .IX Item "-in file" Read passwords from \fIfile\fR. -.IP "\fB\-stdin\fR" 4 +.IP \fB\-stdin\fR 4 .IX Item "-stdin" Read passwords from \fBstdin\fR. -.IP "\fB\-noverify\fR" 4 +.IP \fB\-noverify\fR 4 .IX Item "-noverify" -Don't verify when reading a password from the terminal. -.IP "\fB\-quiet\fR" 4 +Don\*(Aqt verify when reading a password from the terminal. +.IP \fB\-quiet\fR 4 .IX Item "-quiet" -Don't output warnings when passwords given at the command line are truncated. -.IP "\fB\-table\fR" 4 +Don\*(Aqt output warnings when passwords given at the command line are truncated. +.IP \fB\-table\fR 4 .IX Item "-table" -In the output list, prepend the cleartext password and a \s-1TAB\s0 character +In the output list, prepend the cleartext password and a TAB character to each password hash. -.IP "\fB\-reverse\fR" 4 +.IP \fB\-reverse\fR 4 .IX Item "-reverse" When the \fB\-table\fR option is used, reverse the order of cleartext and hash. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -224,8 +149,8 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "EXAMPLES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" .Vb 2 \& % openssl passwd \-1 \-salt xxxxxxxx password @@ -237,14 +162,14 @@ \& % openssl passwd \-aixmd5 \-salt xxxxxxxx password \& xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/ .Ve -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-crypt\fR option was removed in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-pkcs12.1.orig +++ secure/usr.bin/openssl/man/openssl-pkcs12.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PKCS12 1ossl" -.TH OPENSSL-PKCS12 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-PKCS12 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-pkcs12 \- PKCS#12 file command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBpkcs12\fR [\fB\-help\fR] @@ -211,27 +136,27 @@ [\fB\-nomaciter\fR] [\fB\-maciter\fR] [\fB\-nomac\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command allows PKCS#12 files (sometimes referred to as -\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several -programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. -.SH "OPTIONS" +PFX files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, MSIE and MS Outlook. +.SH OPTIONS .IX Header "OPTIONS" There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the \fB\-export\fR option (see below). -The PKCS#12 export encryption and \s-1MAC\s0 options such as \fB\-certpbe\fR and \fB\-iter\fR +The PKCS#12 export encryption and MAC options such as \fB\-certpbe\fR and \fB\-iter\fR and many further options such as \fB\-chain\fR are relevant only with \fB\-export\fR. Conversely, the options regarding encryption of private keys when outputting PKCS#12 input are relevant only when the \fB\-export\fR option is not given. .PP -The default encryption algorithm is \s-1AES\-256\-CBC\s0 with \s-1PBKDF2\s0 for key derivation. +The default encryption algorithm is AES\-256\-CBC with PBKDF2 for key derivation. .PP When encountering problems loading legacy PKCS#12 files that involve, -for example, \s-1RC2\-40\-CBC,\s0 +for example, RC2\-40\-CBC, try using the \fB\-legacy\fR option and, if needed, the \fB\-provider\-path\fR option. -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-passin\fR \fIarg\fR" 4 @@ -247,39 +172,39 @@ .IX Item "-password arg" With \fB\-export\fR, \fB\-password\fR is equivalent to \fB\-passout\fR, otherwise it is equivalent to \fB\-passin\fR. -.IP "\fB\-twopass\fR" 4 +.IP \fB\-twopass\fR 4 .IX Item "-twopass" Prompt for separate integrity and encryption passwords: most software always assumes these are the same so this option will render such PKCS#12 files unreadable. Cannot be used in combination with the options \&\fB\-password\fR, \fB\-passin\fR if importing from PKCS#12, or \fB\-passout\fR if exporting. -.IP "\fB\-nokeys\fR" 4 +.IP \fB\-nokeys\fR 4 .IX Item "-nokeys" No private keys will be output. -.IP "\fB\-nocerts\fR" 4 +.IP \fB\-nocerts\fR 4 .IX Item "-nocerts" No certificates will be output. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option inhibits all credentials output, and so the input is just verified. -.IP "\fB\-legacy\fR" 4 +.IP \fB\-legacy\fR 4 .IX Item "-legacy" Use legacy mode of operation and automatically load the legacy provider. -If OpenSSL is not installed system-wide, +If OpenSSL is not installed system\-wide, it is necessary to also use, for example, \f(CW\*(C`\-provider\-path ./providers\*(C'\fR -or to set the environment variable \fB\s-1OPENSSL_MODULES\s0\fR +or to set the environment variable \fBOPENSSL_MODULES\fR to point to the directory where the providers can be found. .Sp In the legacy mode, the default algorithm for certificate encryption -is \s-1RC2_CBC\s0 or 3DES_CBC depending on whether the \s-1RC2\s0 cipher is enabled +is RC2_CBC or 3DES_CBC depending on whether the RC2 cipher is enabled in the build. The default algorithm for private key encryption is 3DES_CBC. If the legacy option is not specified, then the legacy provider is not loaded and the default encryption algorithm for both certificates and private keys is -\&\s-1AES_256_CBC\s0 with \s-1PBKDF2\s0 for key derivation. +AES_256_CBC with PBKDF2 for key derivation. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -289,63 +214,63 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .SS "PKCS#12 input (parsing) options" .IX Subsection "PKCS#12 input (parsing) options" .IP "\fB\-in\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-in filename|uri" -This specifies the input filename or \s-1URI.\s0 +This specifies the input filename or URI. Standard input is used by default. Without the \fB\-export\fR option this must be PKCS#12 file to be parsed. For use with the \fB\-export\fR option -see the \*(L"PKCS#12 output (export) options\*(R" section. +see the "PKCS#12 output (export) options" section. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" The filename to write certificates and private keys to, standard output by -default. They are all written in \s-1PEM\s0 format. -.IP "\fB\-info\fR" 4 +default. They are all written in PEM format. +.IP \fB\-info\fR 4 .IX Item "-info" Output additional information about the PKCS#12 file structure, algorithms used and iteration counts. -.IP "\fB\-nomacver\fR" 4 +.IP \fB\-nomacver\fR 4 .IX Item "-nomacver" -Don't attempt to verify the integrity \s-1MAC.\s0 -.IP "\fB\-clcerts\fR" 4 +Don\*(Aqt attempt to verify the integrity MAC. +.IP \fB\-clcerts\fR 4 .IX Item "-clcerts" -Only output client certificates (not \s-1CA\s0 certificates). -.IP "\fB\-cacerts\fR" 4 +Only output client certificates (not CA certificates). +.IP \fB\-cacerts\fR 4 .IX Item "-cacerts" -Only output \s-1CA\s0 certificates (not client certificates). +Only output CA certificates (not client certificates). .IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR" 4 .IX Item "-aes128, -aes192, -aes256" -Use \s-1AES\s0 to encrypt private keys before outputting. +Use AES to encrypt private keys before outputting. .IP "\fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR" 4 .IX Item "-aria128, -aria192, -aria256" -Use \s-1ARIA\s0 to encrypt private keys before outputting. +Use ARIA to encrypt private keys before outputting. .IP "\fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR" 4 .IX Item "-camellia128, -camellia192, -camellia256" Use Camellia to encrypt private keys before outputting. -.IP "\fB\-des\fR" 4 +.IP \fB\-des\fR 4 .IX Item "-des" -Use \s-1DES\s0 to encrypt private keys before outputting. -.IP "\fB\-des3\fR" 4 +Use DES to encrypt private keys before outputting. +.IP \fB\-des3\fR 4 .IX Item "-des3" -Use triple \s-1DES\s0 to encrypt private keys before outputting. -.IP "\fB\-idea\fR" 4 +Use triple DES to encrypt private keys before outputting. +.IP \fB\-idea\fR 4 .IX Item "-idea" -Use \s-1IDEA\s0 to encrypt private keys before outputting. -.IP "\fB\-noenc\fR" 4 +Use IDEA to encrypt private keys before outputting. +.IP \fB\-noenc\fR 4 .IX Item "-noenc" -Don't encrypt private keys at all. -.IP "\fB\-nodes\fR" 4 +Don\*(Aqt encrypt private keys at all. +.IP \fB\-nodes\fR 4 .IX Item "-nodes" This option is deprecated since OpenSSL 3.0; use \fB\-noenc\fR instead. .SS "PKCS#12 output (export) options" .IX Subsection "PKCS#12 output (export) options" -.IP "\fB\-export\fR" 4 +.IP \fB\-export\fR 4 .IX Item "-export" This option specifies that a PKCS#12 file will be created rather than parsed. @@ -355,21 +280,21 @@ by default. .IP "\fB\-in\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-in filename|uri" -This specifies the input filename or \s-1URI.\s0 +This specifies the input filename or URI. Standard input is used by default. With the \fB\-export\fR option this is a file with certificates and a key, -or a \s-1URI\s0 that refers to a key accessed via an engine. -The order of credentials in a file doesn't matter but one private key and +or a URI that refers to a key accessed via an engine. +The order of credentials in a file doesn\*(Aqt matter but one private key and its corresponding certificate should be present. If additional certificates are present they will also be included in the PKCS#12 output file. .IP "\fB\-inkey\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-inkey filename|uri" -The private key input for \s-1PKCS12\s0 output. +The private key input for PKCS12 output. If this option is not specified then the input file (\fB\-in\fR argument) must contain a private key. If no engine is used, the argument is taken as a file. -If the \fB\-engine\fR option is used or the \s-1URI\s0 has prefix \f(CW\*(C`org.openssl.engine:\*(C'\fR -then the rest of the \s-1URI\s0 is taken as key identifier for the given engine. +If the \fB\-engine\fR option is used or the URI has prefix \f(CW\*(C`org.openssl.engine:\*(C'\fR +then the rest of the URI is taken as key identifier for the given engine. .IP "\fB\-certfile\fR \fIfilename\fR" 4 .IX Item "-certfile filename" An input file with extra certificates to be added to the PKCS#12 output @@ -380,14 +305,14 @@ and \fB\-untrusted\fR. For more information about the format of \fBarg\fR see \&\fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-chain\fR" 4 +.IP \fB\-chain\fR 4 .IX Item "-chain" If this option is present then the certificate chain of the end entity certificate is built and included in the PKCS#12 output file. The end entity certificate is the first one read from the \fB\-in\fR file if no key is given, else the first certificate matching the given key. -The standard \s-1CA\s0 trust store is used for chain building, -as well as any untrusted \s-1CA\s0 certificates given with the \fB\-untrusted\fR option. +The standard CA trust store is used for chain building, +as well as any untrusted CA certificates given with the \fB\-untrusted\fR option. .IP "\fB\-untrusted\fR \fIfilename\fR" 4 .IX Item "-untrusted filename" An input file of untrusted certificates that may be used @@ -396,84 +321,84 @@ Any certificates that are actually part of the chain are added to the output. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-name\fR \fIfriendlyname\fR" 4 .IX Item "-name friendlyname" -This specifies the \*(L"friendly name\*(R" for the certificates and private key. This +This specifies the "friendly name" for the certificates and private key. This name is typically displayed in list boxes by software importing the file. .IP "\fB\-caname\fR \fIfriendlyname\fR" 4 .IX Item "-caname friendlyname" -This specifies the \*(L"friendly name\*(R" for other certificates. This option may be +This specifies the "friendly name" for other certificates. This option may be used multiple times to specify names for all certificates in the order they -appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0 +appear. Netscape ignores friendly names on other certificates whereas MSIE displays them. .IP "\fB\-CSP\fR \fIname\fR" 4 .IX Item "-CSP name" -Write \fIname\fR as a Microsoft \s-1CSP\s0 name. +Write \fIname\fR as a Microsoft CSP name. The password source for the input, and for encrypting any private keys that are output. For more information about the format of \fBarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-LMK\fR" 4 +.IP \fB\-LMK\fR 4 .IX Item "-LMK" -Add the \*(L"Local Key Set\*(R" identifier to the attributes. -.IP "\fB\-keyex\fR|\fB\-keysig\fR" 4 +Add the "Local Key Set" identifier to the attributes. +.IP \fB\-keyex\fR|\fB\-keysig\fR 4 .IX Item "-keyex|-keysig" Specifies that the private key is to be used for key exchange or just signing. -This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally -\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for +This option is only interpreted by MSIE and similar MS software. Normally +"export grade" software will only allow 512 bit RSA keys to be used for encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR option marks the key for signing only. Signing only keys can be used for -S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client -authentication, however, due to a bug only \s-1MSIE 5.0\s0 and later support -the use of signing only keys for \s-1SSL\s0 client authentication. +S/MIME signing, authenticode (ActiveX control signing) and SSL client +authentication, however, due to a bug only MSIE 5.0 and later support +the use of signing only keys for SSL client authentication. .IP "\fB\-keypbe\fR \fIalg\fR, \fB\-certpbe\fR \fIalg\fR" 4 .IX Item "-keypbe alg, -certpbe alg" These options allow the algorithm used to encrypt the private key and -certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 \s-1PBE\s0 algorithm name -can be used (see \*(L"\s-1NOTES\*(R"\s0 section for more information). If a cipher name +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name +can be used (see "NOTES" section for more information). If a cipher name (as output by \f(CW\*(C`openssl list \-cipher\-algorithms\*(C'\fR) is specified then it is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only use PKCS#12 algorithms. .Sp Special value \f(CW\*(C`NONE\*(C'\fR disables encryption of the private key and certificates. -.IP "\fB\-descert\fR" 4 +.IP \fB\-descert\fR 4 .IX Item "-descert" -Encrypt the certificates using triple \s-1DES.\s0 By default the private -key and the certificates are encrypted using \s-1AES\-256\-CBC\s0 unless -the '\-legacy' option is used. If '\-descert' is used with the '\-legacy' -then both, the private key and the certificates are encrypted using triple \s-1DES.\s0 +Encrypt the certificates using triple DES. By default the private +key and the certificates are encrypted using AES\-256\-CBC unless +the \*(Aq\-legacy\*(Aq option is used. If \*(Aq\-descert\*(Aq is used with the \*(Aq\-legacy\*(Aq +then both, the private key and the certificates are encrypted using triple DES. .IP "\fB\-macalg\fR \fIdigest\fR" 4 .IX Item "-macalg digest" -Specify the \s-1MAC\s0 digest algorithm. If not included \s-1SHA256\s0 will be used. +Specify the MAC digest algorithm. If not included SHA256 will be used. .IP "\fB\-iter\fR \fIcount\fR" 4 .IX Item "-iter count" -This option specifies the iteration count for the encryption key and \s-1MAC.\s0 The +This option specifies the iteration count for the encryption key and MAC. The default value is 2048. .Sp To discourage attacks by using large dictionaries of common passwords the algorithm that derives keys from passwords can have an iteration count applied to it: this causes a certain part of the algorithm to be repeated and slows it -down. The \s-1MAC\s0 is used to check the file integrity but since it will normally +down. The MAC is used to check the file integrity but since it will normally have the same password as the keys and certificates it could also be attacked. .IP "\fB\-noiter\fR, \fB\-nomaciter\fR" 4 .IX Item "-noiter, -nomaciter" -By default both encryption and \s-1MAC\s0 iteration counts are set to 2048, using -these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since +By default both encryption and MAC iteration counts are set to 2048, using +these options the MAC and encryption iteration counts can be set to 1, since this reduces the file security you should not use these options unless you -really have to. Most software supports both \s-1MAC\s0 and encryption iteration counts. -\&\s-1MSIE 4.0\s0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR +really have to. Most software supports both MAC and encryption iteration counts. +MSIE 4.0 doesn\*(Aqt support MAC iteration counts so it needs the \fB\-nomaciter\fR option. -.IP "\fB\-maciter\fR" 4 +.IP \fB\-maciter\fR 4 .IX Item "-maciter" This option is included for compatibility with previous versions, it used -to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. -.IP "\fB\-nomac\fR" 4 +to be needed to use MAC iterations counts but they are now used by default. +.IP \fB\-nomac\fR 4 .IX Item "-nomac" -Do not attempt to provide the \s-1MAC\s0 integrity. This can be useful with the \s-1FIPS\s0 -provider as the \s-1PKCS12 MAC\s0 requires \s-1PKCS12KDF\s0 which is not an approved \s-1FIPS\s0 -algorithm and cannot be supported by the \s-1FIPS\s0 provider. -.SH "NOTES" +Do not attempt to provide the MAC integrity. This can be useful with the FIPS +provider as the PKCS12 MAC requires PKCS12KDF which is not an approved FIPS +algorithm and cannot be supported by the FIPS provider. +.SH NOTES .IX Header "NOTES" Although there are a large number of options most of them are very rarely used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used @@ -487,29 +412,29 @@ certificate might assume that the first certificate in the file is the one corresponding to the private key, but that may not always be the case. Using the \fB\-clcerts\fR option will solve this problem by only -outputting the certificate corresponding to the private key. If the \s-1CA\s0 +outputting the certificate corresponding to the private key. If the CA certificates are required then they can be output to a separate file using -the \fB\-nokeys\fR \fB\-cacerts\fR options to just output \s-1CA\s0 certificates. +the \fB\-nokeys\fR \fB\-cacerts\fR options to just output CA certificates. .PP The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption algorithms for private keys and certificates to be specified. Normally -the defaults are fine but occasionally software can't handle triple \s-1DES\s0 -encrypted private keys, then the option \fB\-keypbe\fR \fI\s-1PBE\-SHA1\-RC2\-40\s0\fR can -be used to reduce the private key encryption to 40 bit \s-1RC2. A\s0 complete +the defaults are fine but occasionally software can\*(Aqt handle triple DES +encrypted private keys, then the option \fB\-keypbe\fR \fIPBE\-SHA1\-RC2\-40\fR can +be used to reduce the private key encryption to 40 bit RC2. A complete description of all algorithms is contained in \fBopenssl\-pkcs8\fR\|(1). .PP -Prior 1.1 release passwords containing non-ASCII characters were encoded -in non-compliant manner, which limited interoperability, in first hand -with Windows. But switching to standard-compliant password encoding +Prior 1.1 release passwords containing non\-ASCII characters were encoded +in non\-compliant manner, which limited interoperability, in first hand +with Windows. But switching to standard\-compliant password encoding poses problem accessing old data protected with broken encoding. For this reason even legacy encodings is attempted when reading the data. If you use PKCS#12 files in production application you are advised to convert the data, because implemented heuristic approach is not -MT-safe, its sole goal is to facilitate the data upgrade with this +MT\-safe, its sole goal is to facilitate the data upgrade with this command. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Parse a PKCS#12 file and output it to a \s-1PEM\s0 file: +Parse a PKCS#12 file and output it to a PEM file: .PP .Vb 1 \& openssl pkcs12 \-in file.p12 \-out file.pem @@ -521,7 +446,7 @@ \& openssl pkcs12 \-in file.p12 \-clcerts \-out file.pem .Ve .PP -Don't encrypt the private key: +Don\*(Aqt encrypt the private key: .PP .Vb 1 \& openssl pkcs12 \-in file.p12 \-out file.pem \-noenc @@ -539,7 +464,7 @@ \& openssl pkcs12 \-in file.p12 \-info \-noout \-legacy .Ve .PP -Create a PKCS#12 file from a \s-1PEM\s0 file that may contain a key and certificates: +Create a PKCS#12 file from a PEM file that may contain a key and certificates: .PP .Vb 1 \& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My PSE" @@ -552,8 +477,8 @@ \& \-certfile othercerts.pem .Ve .PP -Export a PKCS#12 file with data from a certificate \s-1PEM\s0 file and from a further -\&\s-1PEM\s0 file containing a key, with default algorithms as in the legacy provider: +Export a PKCS#12 file with data from a certificate PEM file and from a further +PEM file containing a key, with default algorithms as in the legacy provider: .PP .Vb 1 \& openssl pkcs12 \-export \-in cert.pem \-inkey key.pem \-out file.p12 \-legacy @@ -563,15 +488,15 @@ \&\fBopenssl\fR\|(1), \&\fBopenssl\-pkcs8\fR\|(1), \&\fBossl_store\-file\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. The \fB\-nodes\fR option was deprecated in OpenSSL 3.0, too; use \fB\-noenc\fR instead. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-pkcs7.1.orig +++ secure/usr.bin/openssl/man/openssl-pkcs7.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PKCS7 1ossl" -.TH OPENSSL-PKCS7 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-PKCS7 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-pkcs7 \- PKCS#7 command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBpkcs7\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-print\fR] @@ -156,19 +81,19 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command processes PKCS#7 files. Note that it only understands PKCS#7 -v 1.5 as specified in \s-1IETF RFC 2315.\s0 It cannot currently parse \s-1CMS\s0 as -described in \s-1IETF RFC 2630.\s0 -.SH "OPTIONS" +v 1.5 as specified in IETF RFC 2315. It cannot currently parse CMS as +described in IETF RFC 2630. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR, \fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM, -outform DER|PEM" -The input and formats; the default is \fB\s-1PEM\s0\fR. +The input and formats; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp The data is a PKCS#7 Version 1.5 structure. @@ -180,24 +105,24 @@ .IX Item "-out filename" Specifies the output filename to write to or standard output by default. -.IP "\fB\-print\fR" 4 +.IP \fB\-print\fR 4 .IX Item "-print" -Print out the full \s-1PKCS7\s0 object. -.IP "\fB\-print_certs\fR" 4 +Print out the full PKCS7 object. +.IP \fB\-print_certs\fR 4 .IX Item "-print_certs" Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" Prints out certificate details in full rather than just subject and issuer names. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" -Don't output the encoded version of the PKCS#7 structure (or certificates +Don\*(Aqt output the encoded version of the PKCS#7 structure (or certificates if \fB\-print_certs\fR is set). .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -207,10 +132,10 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "EXAMPLES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" -Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 +Convert a PKCS#7 file from PEM to DER: .PP .Vb 1 \& openssl pkcs7 \-in file.pem \-outform DER \-out file.der @@ -225,14 +150,14 @@ .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), \&\fBopenssl\-crl2pkcs7\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-pkcs8.1.orig +++ secure/usr.bin/openssl/man/openssl-pkcs8.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PKCS8 1ossl" -.TH OPENSSL-PKCS8 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-PKCS8 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-pkcs8 \- PKCS#8 format private key conversion command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBpkcs8\fR [\fB\-help\fR] [\fB\-topk8\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-out\fR \fIfilename\fR] @@ -168,42 +93,42 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command processes private keys in PKCS#8 format. It can handle both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-topk8\fR" 4 +.IP \fB\-topk8\fR 4 .IX Item "-topk8" Normally a PKCS#8 private key is expected on input and a private key will be written to the output file. With the \fB\-topk8\fR option the situation is reversed: it reads a private key and writes a PKCS#8 format key. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR, \fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM, -outform DER|PEM" -The input and formats; the default is \fB\s-1PEM\s0\fR. +The input and formats; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp If a key is being converted from PKCS#8 form (i.e. the \fB\-topk8\fR option is not used) then the input file must be in PKCS#8 format. An encrypted key is expected unless \fB\-nocrypt\fR is included. .Sp -If \fB\-topk8\fR is not used and \fB\s-1PEM\s0\fR mode is set the output file will be an +If \fB\-topk8\fR is not used and \fBPEM\fR mode is set the output file will be an unencrypted private key in PKCS#8 format. If the \fB\-traditional\fR option is used then a traditional format private key is written instead. .Sp -If \fB\-topk8\fR is not used and \fB\s-1DER\s0\fR mode is set the output file will be an -unencrypted private key in traditional \s-1DER\s0 format. +If \fB\-topk8\fR is not used and \fBDER\fR mode is set the output file will be an +unencrypted private key in traditional DER format. .Sp If \fB\-topk8\fR is used then any supported private key can be used for the input file in a format specified by \fB\-inform\fR. The output file will be encrypted PKCS#8 format using the specified encryption parameters unless \fB\-nocrypt\fR is included. -.IP "\fB\-traditional\fR" 4 +.IP \fB\-traditional\fR 4 .IX Item "-traditional" When this option is present and \fB\-topk8\fR is not a traditional format private key is written. @@ -227,11 +152,11 @@ .IX Item "-iter count" When creating new PKCS#8 containers, use a given number of iterations on the password in deriving the encryption key for the PKCS#8 output. -High values increase the time required to brute-force a PKCS#8 container. -.IP "\fB\-noiter\fR" 4 +High values increase the time required to brute\-force a PKCS#8 container. +.IP \fB\-noiter\fR 4 .IX Item "-noiter" When creating new PKCS#8 containers, use 1 as iteration count. -.IP "\fB\-nocrypt\fR" 4 +.IP \fB\-nocrypt\fR 4 .IX Item "-nocrypt" PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo structures using an appropriate password based encryption algorithm. With @@ -244,25 +169,25 @@ This option sets the PKCS#5 v2.0 algorithm. .Sp The \fIalg\fR argument is the encryption algorithm to use, valid values include -\&\fBaes128\fR, \fBaes256\fR and \fBdes3\fR. If this option isn't specified then \fBaes256\fR +\&\fBaes128\fR, \fBaes256\fR and \fBdes3\fR. If this option isn\*(Aqt specified then \fBaes256\fR is used. .IP "\fB\-v2prf\fR \fIalg\fR" 4 .IX Item "-v2prf alg" -This option sets the \s-1PRF\s0 algorithm to use with PKCS#5 v2.0. A typical value -value would be \fBhmacWithSHA256\fR. If this option isn't set then the default +This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value +value would be \fBhmacWithSHA256\fR. If this option isn\*(Aqt set then the default for the cipher is used or \fBhmacWithSHA256\fR if there is no default. .Sp -Some implementations may not support custom \s-1PRF\s0 algorithms and may require +Some implementations may not support custom PRF algorithms and may require the \fBhmacWithSHA1\fR option to work. .IP "\fB\-v1\fR \fIalg\fR" 4 .IX Item "-v1 alg" This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some older implementations may not support PKCS#5 v2.0 and may require this option. If not specified PKCS#5 v2.0 form is used. -.IP "\fB\-scrypt\fR" 4 +.IP \fB\-scrypt\fR 4 .IX Item "-scrypt" Uses the \fBscrypt\fR algorithm for private key encryption using default -parameters: currently N=16384, r=8 and p=1 and \s-1AES\s0 in \s-1CBC\s0 mode with a 256 bit +parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit key. These parameters can be modified using the \fB\-scrypt_N\fR, \fB\-scrypt_r\fR, \&\fB\-scrypt_p\fR and \fB\-v2\fR options. .IP "\fB\-scrypt_N\fR \fIN\fR, \fB\-scrypt_r\fR \fIr\fR, \fB\-scrypt_p\fR \fIp\fR" 4 @@ -270,10 +195,10 @@ Sets the scrypt \fIN\fR, \fIr\fR or \fIp\fR parameters. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -283,46 +208,46 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "NOTES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH NOTES .IX Header "NOTES" By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit -\&\s-1AES\s0 with \s-1HMAC\s0 and \s-1SHA256\s0 is used. +AES with HMAC and SHA256 is used. .PP Some older implementations do not support PKCS#5 v2.0 format and require the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak -encryption algorithms such as 56 bit \s-1DES.\s0 +encryption algorithms such as 56 bit DES. .PP Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts are more secure that those encrypted using the traditional SSLeay compatible formats. So if additional security is considered important the keys should be converted. .PP -It is possible to write out \s-1DER\s0 encoded encrypted private keys in -PKCS#8 format because the encryption details are included at an \s-1ASN1\s0 -level whereas the traditional format includes them at a \s-1PEM\s0 level. +It is possible to write out DER encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an ASN1 +level whereas the traditional format includes them at a PEM level. .SH "PKCS#5 V1.5 AND PKCS#12 ALGORITHMS" .IX Header "PKCS#5 V1.5 AND PKCS#12 ALGORITHMS" Various algorithms can be used with the \fB\-v1\fR command line option, including PKCS#5 v1.5 and PKCS#12. These are described in more detail below. -.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4 +.IP "\fBPBE\-MD2\-DES PBE\-MD5\-DES\fR" 4 .IX Item "PBE-MD2-DES PBE-MD5-DES" These algorithms were included in the original PKCS#5 v1.5 specification. -They only offer 56 bits of protection since they both use \s-1DES.\s0 -.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0\fR, \fB\s-1PBE\-MD2\-RC2\-64\s0\fR, \fB\s-1PBE\-MD5\-RC2\-64\s0\fR, \fB\s-1PBE\-SHA1\-DES\s0\fR" 4 +They only offer 56 bits of protection since they both use DES. +.IP "\fBPBE\-SHA1\-RC2\-64\fR, \fBPBE\-MD2\-RC2\-64\fR, \fBPBE\-MD5\-RC2\-64\fR, \fBPBE\-SHA1\-DES\fR" 4 .IX Item "PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES" These algorithms are not mentioned in the original PKCS#5 v1.5 specification but they use the same key derivation algorithm and are supported by some -software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or -56 bit \s-1DES.\s0 -.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC4\-40\s0\fR, \fB\s-1PBE\-SHA1\-3DES\s0\fR, \fB\s-1PBE\-SHA1\-2DES\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-40\s0\fR" 4 +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or +56 bit DES. +.IP "\fBPBE\-SHA1\-RC4\-128\fR, \fBPBE\-SHA1\-RC4\-40\fR, \fBPBE\-SHA1\-3DES\fR, \fBPBE\-SHA1\-2DES\fR, \fBPBE\-SHA1\-RC2\-128\fR, \fBPBE\-SHA1\-RC2\-40\fR" 4 .IX Item "PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40" These algorithms use the PKCS#12 password based encryption algorithm and -allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. -.SH "EXAMPLES" +allow strong encryption algorithms like triple DES or 128 bit RC2 to be used. +.SH EXAMPLES .IX Header "EXAMPLES" -Convert a private key to PKCS#8 format using default parameters (\s-1AES\s0 with +Convert a private key to PKCS#8 format using default parameters (AES with 256 bit key and \fBhmacWithSHA256\fR): .PP .Vb 1 @@ -335,21 +260,21 @@ \& openssl pkcs8 \-in key.pem \-topk8 \-nocrypt \-out enckey.pem .Ve .PP -Convert a private key to PKCS#5 v2.0 format using triple \s-1DES:\s0 +Convert a private key to PKCS#5 v2.0 format using triple DES: .PP .Vb 1 \& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem .Ve .PP -Convert a private key to PKCS#5 v2.0 format using \s-1AES\s0 with 256 bits in \s-1CBC\s0 -mode and \fBhmacWithSHA512\fR \s-1PRF:\s0 +Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC +mode and \fBhmacWithSHA512\fR PRF: .PP .Vb 1 \& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-v2prf hmacWithSHA512 \-out enckey.pem .Ve .PP Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm -(\s-1DES\s0): +(DES): .PP .Vb 1 \& openssl pkcs8 \-in key.pem \-topk8 \-v1 PBE\-MD5\-DES \-out enckey.pem @@ -362,7 +287,7 @@ \& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES .Ve .PP -Read a \s-1DER\s0 unencrypted PKCS#8 format private key: +Read a DER unencrypted PKCS#8 format private key: .PP .Vb 1 \& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem @@ -374,25 +299,25 @@ \& openssl pkcs8 \-in pk8.pem \-traditional \-out key.pem .Ve .PP -Convert a private key to PKCS#8 format, encrypting with \s-1AES\-256\s0 and with +Convert a private key to PKCS#8 format, encrypting with AES\-256 and with one million iterations of the password: .PP .Vb 1 \& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-iter 1000000 \-out pk8.pem .Ve -.SH "STANDARDS" +.SH STANDARDS .IX Header "STANDARDS" Test vectors from this PKCS#5 v2.0 implementation were posted to the -pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration +pkcs\-tng mailing list using triple DES, DES and RC2 with high iteration counts, several people confirmed that they could decrypt the private keys produced and therefore, it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned. .PP -The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: -it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 +The format of PKCS#8 DSA (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL\*(Aqs default DSA PKCS#8 private key format complies with this standard. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" There should be an option that prints out the encryption algorithm in use and other details such as the iteration count. @@ -403,16 +328,16 @@ \&\fBopenssl\-rsa\fR\|(1), \&\fBopenssl\-genrsa\fR\|(1), \&\fBopenssl\-gendsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-iter\fR option was added in OpenSSL 1.1.0. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-pkey.1.orig +++ secure/usr.bin/openssl/man/openssl-pkey.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PKEY 1ossl" -.TH OPENSSL-PKEY 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-PKEY 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-pkey \- public or private key processing command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBpkey\fR [\fB\-help\fR] @@ -151,12 +76,12 @@ [\fB\-check\fR] [\fB\-pubcheck\fR] [\fB\-in\fR \fIfilename\fR|\fIuri\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-pubin\fR] [\fB\-out\fR \fIfilename\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-\f(BIcipher\fB\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-\fR\f(BIcipher\fR] [\fB\-passout\fR \fIarg\fR] [\fB\-traditional\fR] [\fB\-pubout\fR] @@ -165,20 +90,20 @@ [\fB\-text_pub\fR] [\fB\-ec_conv_form\fR \fIarg\fR] [\fB\-ec_param_enc\fR \fIarg\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command processes public or private keys. They can be converted between various forms and their components printed. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" .SS "General options" .IX Subsection "General options" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -188,12 +113,12 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.IP "\fB\-check\fR" 4 +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.IP \fB\-check\fR 4 .IX Item "-check" This option checks the consistency of a key pair for both public and private components. -.IP "\fB\-pubcheck\fR" 4 +.IP \fB\-pubcheck\fR 4 .IX Item "-pubcheck" This option checks the correctness of either a public key or the public component of a key pair. @@ -205,7 +130,7 @@ or standard input if this option is not specified. If the key input is encrypted and \fB\-passin\fR is not given a pass phrase will be prompted for. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-inform DER|PEM|P12|ENGINE" The key input format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -215,7 +140,7 @@ .Sp For more information about the format of \fBarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-pubin\fR" 4 +.IP \fB\-pubin\fR 4 .IX Item "-pubin" By default a private key is read from the input. With this option only the public components are read. @@ -228,48 +153,48 @@ If any cipher option is set but no \fB\-passout\fR is given then a pass phrase will be prompted for. The output filename should \fBnot\fR be the same as the input filename. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The key output format; the default is \fB\s-1PEM\s0\fR. +The key output format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IP \fB\-\fR\f(BIcipher\fR 4 .IX Item "-cipher" -Encrypt the \s-1PEM\s0 encoded private key with the supplied cipher. Any algorithm +Encrypt the PEM encoded private key with the supplied cipher. Any algorithm name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBaes128\fR. -Encryption is not supported for \s-1DER\s0 output. +Encryption is not supported for DER output. .IP "\fB\-passout\fR \fIarg\fR" 4 .IX Item "-passout arg" The password source for the output file. .Sp For more information about the format of \fBarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-traditional\fR" 4 +.IP \fB\-traditional\fR 4 .IX Item "-traditional" Normally a private key is written using standard format: this is PKCS#8 form with the appropriate encryption algorithm (if any). If the \fB\-traditional\fR -option is specified then the older \*(L"traditional\*(R" format is used instead. -.IP "\fB\-pubout\fR" 4 +option is specified then the older "traditional" format is used instead. +.IP \fB\-pubout\fR 4 .IX Item "-pubout" By default the private and public key is output; this option restricts the output to the public components. This option is automatically set if the input is a public key. .Sp When combined with \fB\-text\fR, this is equivalent to \fB\-text_pub\fR. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" Do not output the key in encoded form. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" Output the various key components in plain text -(possibly in addition to the \s-1PEM\s0 encoded form). -This cannot be combined with encoded output in \s-1DER\s0 format. -.IP "\fB\-text_pub\fR" 4 +(possibly in addition to the PEM encoded form). +This cannot be combined with encoded output in DER format. +.IP \fB\-text_pub\fR 4 .IX Item "-text_pub" Output in text form only the public key components (also for private keys). -This cannot be combined with encoded output in \s-1DER\s0 format. +This cannot be combined with encoded output in DER format. .IP "\fB\-ec_conv_form\fR \fIarg\fR" 4 .IX Item "-ec_conv_form arg" -This option only applies to elliptic-curve based keys. +This option only applies to elliptic\-curve based keys. .Sp This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: \fBcompressed\fR (the default @@ -277,19 +202,19 @@ the point conversion forms please read the X9.62 standard. \&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled by default for binary curves and can be enabled by defining -the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +the preprocessor macro \fBOPENSSL_EC_BIN_PT_COMP\fR at compile time. .IP "\fB\-ec_param_enc\fR \fIarg\fR" 4 .IX Item "-ec_param_enc arg" This option only applies to elliptic curve based public and private keys. .Sp This specifies how the elliptic curve parameters are encoded. Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are -specified by an \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are -explicitly given (see \s-1RFC 3279\s0 for the definition of the -\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. -\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC 3279,\s0 +specified by an OID, or \fBexplicit\fR where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in RFC 3279, is currently not implemented in OpenSSL. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" To remove the pass phrase on a private key: .PP @@ -297,13 +222,13 @@ \& openssl pkey \-in key.pem \-out keyout.pem .Ve .PP -To encrypt a private key using triple \s-1DES:\s0 +To encrypt a private key using triple DES: .PP .Vb 1 \& openssl pkey \-in key.pem \-des3 \-out keyout.pem .Ve .PP -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +To convert a private key from PEM to DER format: .PP .Vb 1 \& openssl pkey \-in key.pem \-outform DER \-out keyout.der @@ -327,13 +252,13 @@ \& openssl pkey \-in key.pem \-pubout \-out pubkey.pem .Ve .PP -To change the \s-1EC\s0 parameters encoding to \fBexplicit\fR: +To change the EC parameters encoding to \fBexplicit\fR: .PP .Vb 1 \& openssl pkey \-in key.pem \-ec_param_enc explicit \-out keyout.pem .Ve .PP -To change the \s-1EC\s0 point conversion form to \fBcompressed\fR: +To change the EC point conversion form to \fBcompressed\fR: .PP .Vb 1 \& openssl pkey \-in key.pem \-ec_conv_form compressed \-out keyout.pem @@ -347,14 +272,14 @@ \&\fBopenssl\-dsa\fR\|(1), \&\fBopenssl\-genrsa\fR\|(1), \&\fBopenssl\-gendsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-pkeyparam.1.orig +++ secure/usr.bin/openssl/man/openssl-pkeyparam.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PKEYPARAM 1ossl" -.TH OPENSSL-PKEYPARAM 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-PKEYPARAM 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-pkeyparam \- public key algorithm parameter processing command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBpkeyparam\fR [\fB\-help\fR] @@ -153,13 +78,13 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command processes public key algorithm parameters. They can be checked for correctness and their components printed out. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-in\fR \fIfilename\fR" 4 @@ -170,18 +95,18 @@ .IX Item "-out filename" This specifies the output filename to write parameters to or standard output if this option is not specified. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" Prints out the parameters in plain text in addition to the encoded version. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" Do not output the encoded version of the parameters. -.IP "\fB\-check\fR" 4 +.IP \fB\-check\fR 4 .IX Item "-check" This option checks the correctness of parameters. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -191,18 +116,18 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "EXAMPLES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" Print out text version of parameters: .PP .Vb 1 \& openssl pkeyparam \-in param.pem \-text .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" There are no \fB\-inform\fR or \fB\-outform\fR options for this command because only -\&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers. +PEM format is supported because the key type is determined by the PEM headers. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), @@ -212,14 +137,14 @@ \&\fBopenssl\-dsa\fR\|(1), \&\fBopenssl\-genrsa\fR\|(1), \&\fBopenssl\-gendsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-pkeyutl.1.orig +++ secure/usr.bin/openssl/man/openssl-pkeyutl.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PKEYUTL 1ossl" -.TH OPENSSL-PKEYUTL 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-PKEYUTL 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-pkeyutl \- public key algorithm command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBpkeyutl\fR [\fB\-help\fR] @@ -150,10 +75,10 @@ [\fB\-out\fR \fIfile\fR] [\fB\-sigfile\fR \fIfile\fR] [\fB\-inkey\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-peerkey\fR \fIfile\fR] -[\fB\-peerform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-peerform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-pubin\fR] [\fB\-certin\fR] [\fB\-rev\fR] @@ -177,45 +102,56 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fB\-config\fR \fIconfigfile\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command can be used to perform low-level public key +This command can be used to perform low\-level public key operations using any supported algorithm. -.SH "OPTIONS" +.PP +By default the signing operation (see \fB\-sign\fR option) is assumed. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" This specifies the input filename to read data from or standard input if this option is not specified. -.IP "\fB\-rawin\fR" 4 +.IP \fB\-rawin\fR 4 .IX Item "-rawin" -This indicates that the input data is raw data, which is not hashed by any -message digest algorithm. The user can specify a digest algorithm by using -the \fB\-digest\fR option. This option can only be used with \fB\-sign\fR and -\&\fB\-verify\fR and must be used with the Ed25519 and Ed448 algorithms. +This indicates that the signature or verification input data is raw data, +which is not hashed by any message digest algorithm. +Except with EdDSA, +the user can specify a digest algorithm by using the \fB\-digest\fR option. +For signature algorithms like RSA, DSA and ECDSA, +the default digest algorithm is SHA\-256. For SM2, it is SM3. +.Sp +This option can only be used with \fB\-sign\fR and \fB\-verify\fR. +For EdDSA (the Ed25519 and Ed448 algorithms) this option is required. .IP "\fB\-digest\fR \fIalgorithm\fR" 4 .IX Item "-digest algorithm" -This specifies the digest algorithm which is used to hash the input data before -signing or verifying it with the input key. This option could be omitted if the -signature algorithm does not require one (for instance, EdDSA). If this option -is omitted but the signature algorithm requires one, a default value will be -used. For signature algorithms like \s-1RSA, DSA\s0 and \s-1ECDSA, SHA\-256\s0 will be the -default digest algorithm. For \s-1SM2,\s0 it will be \s-1SM3.\s0 If this option is present, -then the \fB\-rawin\fR option must be also specified. +This option can only be used with \fB\-sign\fR and \fB\-verify\fR. +It specifies the digest algorithm that is used to hash the input data +before signing or verifying it with the input key. This option could be omitted +if the signature algorithm does not require preprocessing the input through +a pluggable hash function before signing (for instance, EdDSA). If this option +is omitted but the signature algorithm requires one and the \fB\-rawin\fR option +is given, a default value will be used (see \fB\-rawin\fR for details). +If this option is present, then the \fB\-rawin\fR option is required. +.Sp +At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported, +so the \fB\-digest\fR option cannot be used with EdDSA. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" Specifies the output filename to write to or standard output by default. .IP "\fB\-sigfile\fR \fIfile\fR" 4 .IX Item "-sigfile file" -Signature file, required for \fB\-verify\fR operations only +Signature file, required and allowed for \fB\-verify\fR operations only .IP "\fB\-inkey\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-inkey filename|uri" The input key, by default it should be a private key. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The key format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -226,78 +162,100 @@ .IP "\fB\-peerkey\fR \fIfile\fR" 4 .IX Item "-peerkey file" The peer key file, used by key derivation (agreement) operations. -.IP "\fB\-peerform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-peerform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-peerform DER|PEM|P12|ENGINE" The peer key format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-pubin\fR" 4 +.IP \fB\-pubin\fR 4 .IX Item "-pubin" The input file is a public key. -.IP "\fB\-certin\fR" 4 +.IP \fB\-certin\fR 4 .IX Item "-certin" The input is a certificate containing a public key. -.IP "\fB\-rev\fR" 4 +.IP \fB\-rev\fR 4 .IX Item "-rev" Reverse the order of the input buffer. This is useful for some libraries -(such as CryptoAPI) which represent the buffer in little endian format. -.IP "\fB\-sign\fR" 4 +(such as CryptoAPI) which represent the buffer in little\-endian format. +This cannot be used in conjunction with \fB\-rawin\fR. +.IP \fB\-sign\fR 4 .IX Item "-sign" -Sign the input data (which must be a hash) and output the signed result. This -requires a private key. -.IP "\fB\-verify\fR" 4 +Sign the input data and output the signed result. This requires a private key. +Using a message digest operation along with this is recommended, +when applicable, see the \fB\-rawin\fR and \fB\-digest\fR options for details. +Otherwise, the input data given with the \fB\-in\fR option is assumed to already +be a digest, but this may then require an additional \fB\-pkeyopt\fR \f(CW\*(C`digest:\*(C'\fR\fImd\fR +in some cases (e.g., RSA with the default PKCS#1 padding mode). +Even for other algorithms like ECDSA, where the additional \fB\-pkeyopt\fR option +does not affect signature output, it is recommended, as it enables +checking that the input length is consistent with the intended digest. +.IP \fB\-verify\fR 4 .IX Item "-verify" -Verify the input data (which must be a hash) against the signature file and -indicate if the verification succeeded or failed. -.IP "\fB\-verifyrecover\fR" 4 +Verify the input data against the signature given with the \fB\-sigfile\fR option +and indicate if the verification succeeded or failed. +The input data given with the \fB\-in\fR option is assumed to be a hash value +unless the \fB\-rawin\fR option is specified or implied. +With raw data, when a digest algorithm is applicable, though it may be inferred +from the signature or take a default value, it should also be specified. +.IP \fB\-verifyrecover\fR 4 .IX Item "-verifyrecover" -Verify the input data (which must be a hash) and output the recovered data. -.IP "\fB\-encrypt\fR" 4 +Verify the given signature and output the recovered data (signature payload). +For example, in case of RSA PKCS#1 the recovered data is the \fBEMSA\-PKCS\-v1_5\fR +DER encoding of the digest algorithm OID and value as specified in +RFC8017 Section 9.2 . +.Sp +Note that here the input given with the \fB\-in\fR option is not a signature input +(as with the \fB\-sign\fR and \fB\-verify\fR options) but a signature output value, +typically produced using the \fB\-sign\fR option. +.Sp +This option is available only for use with RSA keys. +.IP \fB\-encrypt\fR 4 .IX Item "-encrypt" Encrypt the input data using a public key. -.IP "\fB\-decrypt\fR" 4 +.IP \fB\-decrypt\fR 4 .IX Item "-decrypt" Decrypt the input data using a private key. -.IP "\fB\-derive\fR" 4 +.IP \fB\-derive\fR 4 .IX Item "-derive" Derive a shared secret using the peer key. .IP "\fB\-kdf\fR \fIalgorithm\fR" 4 .IX Item "-kdf algorithm" Use key derivation function \fIalgorithm\fR. The supported algorithms are -at present \fB\s-1TLS1\-PRF\s0\fR and \fB\s-1HKDF\s0\fR. -Note: additional parameters and the \s-1KDF\s0 output length will normally have to be +at present \fBTLS1\-PRF\fR and \fBHKDF\fR. +Note: additional parameters and the KDF output length will normally have to be set for this to work. See \fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) for the supported string parameters of each algorithm. .IP "\fB\-kdflen\fR \fIlength\fR" 4 .IX Item "-kdflen length" -Set the output length for \s-1KDF.\s0 +Set the output length for KDF. .IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 .IX Item "-pkeyopt opt:value" -Public key options specified as opt:value. See \s-1NOTES\s0 below for more details. +Public key options specified as opt:value. See NOTES below for more details. .IP "\fB\-pkeyopt_passin\fR \fIopt\fR[:\fIpassarg\fR]" 4 .IX Item "-pkeyopt_passin opt[:passarg]" Allows reading a public key option \fIopt\fR from stdin or a password source. If only \fIopt\fR is specified, the user will be prompted to enter a password on stdin. Alternatively, \fIpassarg\fR can be specified which can be any value supported by \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-hexdump\fR" 4 +.IP \fB\-hexdump\fR 4 .IX Item "-hexdump" hex dump the output data. -.IP "\fB\-asn1parse\fR" 4 +.IP \fB\-asn1parse\fR 4 .IX Item "-asn1parse" -Parse the \s-1ASN.1\s0 output data, this is useful when combined with the -\&\fB\-verifyrecover\fR option when an \s-1ASN1\s0 structure is signed. +Parse the ASN.1 output data to check its DER encoding and print any errors. +When combined with the \fB\-verifyrecover\fR option, this may be useful only in case +an ASN.1 DER\-encoded structure had been signed directly (without hashing it). .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. -.IP "\fB\-engine_impl\fR" 4 +.IP \fB\-engine_impl\fR 4 .IX Item "-engine_impl" When used with the \fB\-engine\fR option, it specifies to also use engine \fIid\fR for crypto operations. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -306,102 +264,102 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-config\fR \fIconfigfile\fR" 4 .IX Item "-config configfile" -See \*(L"Configuration Option\*(R" in \fBopenssl\fR\|(1). -.SH "NOTES" +See "Configuration Option" in \fBopenssl\fR\|(1). +.SH NOTES .IX Header "NOTES" The operations and options supported vary according to the key algorithm and its implementation. The OpenSSL operations and options are indicated below. .PP -Unless otherwise mentioned all algorithms support the \fBdigest:\fR\fIalg\fR option -which specifies the digest in use for sign, verify and verifyrecover operations. +Unless otherwise mentioned, all algorithms support the \fBdigest:\fR\fIalg\fR option, +which specifies the digest in use for the signing and verification operations. The value \fIalg\fR should represent a digest name as used in the \&\fBEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to -hash the input data. It is used (by some algorithms) for sanity-checking the +hash the input data. It is used (by some algorithms) for sanity\-checking the lengths of data passed in and for creating the structures that make up the -signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures). +signature (e.g. \fBDigestInfo\fR in RSASSA PKCS#1 v1.5 signatures). .PP This command does not hash the input data (except where \-rawin is used) but rather it will use the data directly as input to the signature algorithm. Depending on the key type, signature type, and mode of padding, the maximum -acceptable lengths of input data differ. The signed data can't be longer than -the key modulus with \s-1RSA.\s0 In case of \s-1ECDSA\s0 and \s-1DSA\s0 the data shouldn't be longer +acceptable lengths of input data differ. The signed data can\*(Aqt be longer than +the key modulus with RSA. In case of ECDSA and DSA the data shouldn\*(Aqt be longer than the field size, otherwise it will be silently truncated to the field size. In any event the input size must not be larger than the largest supported digest size. .PP In other words, if the value of digest is \fBsha1\fR the input should be the 20 -bytes long binary encoding of the \s-1SHA\-1\s0 hash function output. +bytes long binary encoding of the SHA\-1 hash function output. .SH "RSA ALGORITHM" .IX Header "RSA ALGORITHM" -The \s-1RSA\s0 algorithm generally supports the encrypt, decrypt, sign, +The RSA algorithm generally supports the encrypt, decrypt, sign, verify and verifyrecover operations. However, some padding modes support only a subset of these operations. The following additional \&\fBpkeyopt\fR values are supported: -.IP "\fBrsa_padding_mode:\fR\fImode\fR" 4 +.IP \fBrsa_padding_mode:\fR\fImode\fR 4 .IX Item "rsa_padding_mode:mode" -This sets the \s-1RSA\s0 padding mode. Acceptable values for \fImode\fR are \fBpkcs1\fR for +This sets the RSA padding mode. Acceptable values for \fImode\fR are \fBpkcs1\fR for PKCS#1 padding, \fBnone\fR for no padding, \fBoaep\fR -for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS.\s0 +for \fBOAEP\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for PSS. .Sp -In PKCS#1 padding if the message digest is not set then the supplied data is +In PKCS#1 padding, if the message digest is not set, then the supplied data is signed or verified directly instead of using a \fBDigestInfo\fR structure. If a -digest is set then the a \fBDigestInfo\fR structure is used and its the length +digest is set, then the \fBDigestInfo\fR structure is used and its length must correspond to the digest type. .Sp For \fBoaep\fR mode only encryption and decryption is supported. .Sp For \fBx931\fR if the digest type is set it is used to format the block data -otherwise the first byte is used to specify the X9.31 digest \s-1ID.\s0 Sign, +otherwise the first byte is used to specify the X9.31 digest ID. Sign, verify and verifyrecover are can be performed in this mode. .Sp For \fBpss\fR mode only sign and verify are supported and the digest type must be specified. -.IP "\fBrsa_pss_saltlen:\fR\fIlen\fR" 4 +.IP \fBrsa_pss_saltlen:\fR\fIlen\fR 4 .IX Item "rsa_pss_saltlen:len" For \fBpss\fR mode only this option specifies the salt length. Three special values are supported: \fBdigest\fR sets the salt length to the digest length, \&\fBmax\fR sets the salt length to the maximum permissible value. When verifying \&\fBauto\fR causes the salt length to be automatically determined based on the -\&\fB\s-1PSS\s0\fR block structure. -.IP "\fBrsa_mgf1_md:\fR\fIdigest\fR" 4 +\&\fBPSS\fR block structure. +.IP \fBrsa_mgf1_md:\fR\fIdigest\fR 4 .IX Item "rsa_mgf1_md:digest" -For \s-1PSS\s0 and \s-1OAEP\s0 padding sets the \s-1MGF1\s0 digest. If the \s-1MGF1\s0 digest is not -explicitly set in \s-1PSS\s0 mode then the signing digest is used. -.IP "\fBrsa_oaep_md:\fR\fIdigest\fR" 4 +For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not +explicitly set in PSS mode then the signing digest is used. +.IP \fBrsa_oaep_md:\fR\fIdigest\fR 4 .IX Item "rsa_oaep_md:digest" -Sets the digest used for the \s-1OAEP\s0 hash function. If not explicitly set then -\&\s-1SHA1\s0 is used. -.SH "RSA-PSS ALGORITHM" +Sets the digest used for the OAEP hash function. If not explicitly set then +SHA1 is used. +.SH "RSA\-PSS ALGORITHM" .IX Header "RSA-PSS ALGORITHM" -The RSA-PSS algorithm is a restricted version of the \s-1RSA\s0 algorithm which only -supports the sign and verify operations with \s-1PSS\s0 padding. The following +The RSA\-PSS algorithm is a restricted version of the RSA algorithm which only +supports the sign and verify operations with PSS padding. The following additional \fB\-pkeyopt\fR values are supported: .IP "\fBrsa_padding_mode:\fR\fImode\fR, \fBrsa_pss_saltlen:\fR\fIlen\fR, \fBrsa_mgf1_md:\fR\fIdigest\fR" 4 .IX Item "rsa_padding_mode:mode, rsa_pss_saltlen:len, rsa_mgf1_md:digest" -These have the same meaning as the \fB\s-1RSA\s0\fR algorithm with some additional +These have the same meaning as the \fBRSA\fR algorithm with some additional restrictions. The padding mode can only be set to \fBpss\fR which is the default value. .Sp -If the key has parameter restrictions than the digest, \s-1MGF1\s0 +If the key has parameter restrictions than the digest, MGF1 digest and salt length are set to the values specified in the parameters. -The digest and \s-1MG\s0 cannot be changed and the salt length cannot be set to a +The digest and MG cannot be changed and the salt length cannot be set to a value less than the minimum restriction. .SH "DSA ALGORITHM" .IX Header "DSA ALGORITHM" -The \s-1DSA\s0 algorithm supports signing and verification operations only. Currently -there are no additional \fB\-pkeyopt\fR options other than \fBdigest\fR. The \s-1SHA1\s0 +The DSA algorithm supports signing and verification operations only. Currently +there are no additional \fB\-pkeyopt\fR options other than \fBdigest\fR. The SHA1 digest is assumed by default. .SH "DH ALGORITHM" .IX Header "DH ALGORITHM" -The \s-1DH\s0 algorithm only supports the derivation operation and no additional +The DH algorithm only supports the derivation operation and no additional \&\fB\-pkeyopt\fR options. .SH "EC ALGORITHM" .IX Header "EC ALGORITHM" -The \s-1EC\s0 algorithm supports sign, verify and derive operations. The sign and -verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH. SHA1\s0 is assumed by default for +The EC algorithm supports sign, verify and derive operations. The sign and +verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default for the \fB\-pkeyopt\fR \fBdigest\fR option. .SH "X25519 AND X448 ALGORITHMS" .IX Header "X25519 AND X448 ALGORITHMS" @@ -410,31 +368,31 @@ .SH "ED25519 AND ED448 ALGORITHMS" .IX Header "ED25519 AND ED448 ALGORITHMS" These algorithms only support signing and verifying. OpenSSL only implements the -\&\*(L"pure\*(R" variants of these algorithms so raw data can be passed directly to them +"pure" variants of these algorithms so raw data can be passed directly to them without hashing them first. The option \fB\-rawin\fR must be used with these algorithms with no \fB\-digest\fR specified. Additionally OpenSSL only supports -\&\*(L"oneshot\*(R" operation with these algorithms. This means that the entire file to +"oneshot" operation with these algorithms. This means that the entire file to be signed/verified must be read into memory before processing it. Signing or Verifying very large files should be avoided. Additionally the size of the file must be known for this to work. If the size of the file cannot be determined (for example if the input is stdin) then the sign or verify operation will fail. -.SH "SM2" +.SH SM2 .IX Header "SM2" -The \s-1SM2\s0 algorithm supports sign, verify, encrypt and decrypt operations. For -the sign and verify operations, \s-1SM2\s0 requires an Distinguishing \s-1ID\s0 string to +The SM2 algorithm supports sign, verify, encrypt and decrypt operations. For +the sign and verify operations, SM2 requires an Distinguishing ID string to be passed in. The following \fB\-pkeyopt\fR value is supported: -.IP "\fBdistid:\fR\fIstring\fR" 4 +.IP \fBdistid:\fR\fIstring\fR 4 .IX Item "distid:string" -This sets the \s-1ID\s0 string used in \s-1SM2\s0 sign or verify operations. While verifying -an \s-1SM2\s0 signature, the \s-1ID\s0 string must be the same one used when signing the data. +This sets the ID string used in SM2 sign or verify operations. While verifying +an SM2 signature, the ID string must be the same one used when signing the data. Otherwise the verification will fail. -.IP "\fBhexdistid:\fR\fIhex_string\fR" 4 +.IP \fBhexdistid:\fR\fIhex_string\fR 4 .IX Item "hexdistid:hex_string" -This sets the \s-1ID\s0 string used in \s-1SM2\s0 sign or verify operations. While verifying -an \s-1SM2\s0 signature, the \s-1ID\s0 string must be the same one used when signing the data. -Otherwise the verification will fail. The \s-1ID\s0 string provided with this option +This sets the ID string used in SM2 sign or verify operations. While verifying +an SM2 signature, the ID string must be the same one used when signing the data. +Otherwise the verification will fail. The ID string provided with this option should be a valid hexadecimal value. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Sign some data using a private key: .PP @@ -442,19 +400,19 @@ \& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig .Ve .PP -Recover the signed data (e.g. if an \s-1RSA\s0 key is used): +Recover the signed data (e.g. if an RSA key is used): .PP .Vb 1 \& openssl pkeyutl \-verifyrecover \-in sig \-inkey key.pem .Ve .PP -Verify the signature (e.g. a \s-1DSA\s0 key): +Verify the signature (e.g. a DSA key): .PP .Vb 1 \& openssl pkeyutl \-verify \-in file \-sigfile sig \-inkey key.pem .Ve .PP -Sign data using a message digest value (this is currently only valid for \s-1RSA\s0): +Sign data using a message digest value (this is currently only valid for RSA): .PP .Vb 1 \& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig \-pkeyopt digest:sha256 @@ -466,7 +424,7 @@ \& openssl pkeyutl \-derive \-inkey key.pem \-peerkey pubkey.pem \-out secret .Ve .PP -Hexdump 48 bytes of \s-1TLS1 PRF\s0 using digest \fB\s-1SHA256\s0\fR and shared secret and +Hexdump 48 bytes of TLS1 PRF using digest \fBSHA256\fR and shared secret and seed consisting of the single byte 0xFF: .PP .Vb 2 @@ -481,28 +439,28 @@ \& \-pkeyopt hexsalt:aabbcc \-pkeyopt N:16384 \-pkeyopt r:8 \-pkeyopt p:1 .Ve .PP -Derive using the same algorithm, but read key from environment variable \s-1MYPASS:\s0 +Derive using the same algorithm, but read key from environment variable MYPASS: .PP .Vb 2 \& openssl pkeyutl \-kdf scrypt \-kdflen 16 \-pkeyopt_passin pass:env:MYPASS \e \& \-pkeyopt hexsalt:aabbcc \-pkeyopt N:16384 \-pkeyopt r:8 \-pkeyopt p:1 .Ve .PP -Sign some data using an \s-1\fBSM2\s0\fR\|(7) private key and a specific \s-1ID:\s0 +Sign some data using an \fBSM2\fR\|(7) private key and a specific ID: .PP .Vb 2 \& openssl pkeyutl \-sign \-in file \-inkey sm2.key \-out sig \-rawin \-digest sm3 \e \& \-pkeyopt distid:someid .Ve .PP -Verify some data using an \s-1\fBSM2\s0\fR\|(7) certificate and a specific \s-1ID:\s0 +Verify some data using an \fBSM2\fR\|(7) certificate and a specific ID: .PP .Vb 2 \& openssl pkeyutl \-verify \-certin \-in file \-inkey sm2.cert \-sigfile sig \e \& \-rawin \-digest sm3 \-pkeyopt distid:someid .Ve .PP -Decrypt some data using a private key with \s-1OAEP\s0 padding using \s-1SHA256:\s0 +Decrypt some data using a private key with OAEP padding using SHA256: .PP .Vb 2 \& openssl pkeyutl \-decrypt \-in file \-inkey key.pem \-out secret \e @@ -520,14 +478,14 @@ \&\fBopenssl\-kdf\fR\|(1) \&\fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \&\fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3), -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-prime.1.orig +++ secure/usr.bin/openssl/man/openssl-prime.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-PRIME 1ossl" -.TH OPENSSL-PRIME 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-PRIME 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-prime \- compute prime numbers -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl prime\fR [\fB\-help\fR] @@ -153,31 +78,31 @@ [\fB\-propquery\fR \fIpropq\fR] [\fB\-checks\fR \fInum\fR] [\fInumber\fR ...] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command checks if the specified numbers are prime. .PP If no numbers are given on the command line, the \fB\-generate\fR flag should be used to generate primes according to the requirements specified by the rest of the flags. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Display an option summary. -.IP "\fB\-hex\fR" 4 +.IP \fB\-hex\fR 4 .IX Item "-hex" Generate hex output. -.IP "\fB\-generate\fR" 4 +.IP \fB\-generate\fR 4 .IX Item "-generate" Generate a prime number. .IP "\fB\-bits\fR \fInum\fR" 4 .IX Item "-bits num" Generate a prime with \fInum\fR bits. -.IP "\fB\-safe\fR" 4 +.IP \fB\-safe\fR 4 .IX Item "-safe" -When used with \fB\-generate\fR, generates a \*(L"safe\*(R" prime. If the number -generated is \fIn\fR, then check that \f(CW\*(C`(\f(CIn\f(CW\-1)/2\*(C'\fR is also prime. +When used with \fB\-generate\fR, generates a "safe" prime. If the number +generated is \fIn\fR, then check that \f(CW\*(C`(\fR\f(CIn\fR\f(CW\-1)/2\*(C'\fR is also prime. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -186,15 +111,15 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-checks\fR \fInum\fR" 4 .IX Item "-checks num" This parameter is ignored. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-rand.1.orig +++ secure/usr.bin/openssl/man/openssl-rand.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-RAND 1ossl" -.TH OPENSSL-RAND 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-RAND 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-rand \- generate pseudo\-random bytes -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl rand\fR [\fB\-help\fR] @@ -154,37 +79,37 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] \&\fInum\fR -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command generates \fInum\fR random bytes using a cryptographically -secure pseudo random number generator (\s-1CSPRNG\s0). +secure pseudo random number generator (CSPRNG). .PP The random bytes are generated using the \fBRAND_bytes\fR\|(3) function, which provides a security level of 256 bits, provided it managed to seed itself successfully from a trusted operating system entropy source. Otherwise, the command will fail with a nonzero error code. -For more details, see \fBRAND_bytes\fR\|(3), \s-1\fBRAND\s0\fR\|(7), and \s-1\fBEVP_RAND\s0\fR\|(7). -.SH "OPTIONS" +For more details, see \fBRAND_bytes\fR\|(3), \fBRAND\fR\|(7), and \fBEVP_RAND\fR\|(7). +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-out\fR \fIfile\fR" 4 .IX Item "-out file" Write to \fIfile\fR instead of standard output. -.IP "\fB\-base64\fR" 4 +.IP \fB\-base64\fR 4 .IX Item "-base64" Perform base64 encoding on the output. -.IP "\fB\-hex\fR" 4 +.IP \fB\-hex\fR 4 .IX Item "-hex" Show the output as a hex string. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -193,21 +118,21 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), \&\fBRAND_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7), -\&\s-1\fBEVP_RAND\s0\fR\|(7) -.SH "HISTORY" +\&\fBRAND\fR\|(7), +\&\fBEVP_RAND\fR\|(7) +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-rehash.1.orig +++ secure/usr.bin/openssl/man/openssl-rehash.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,79 +53,20 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-REHASH 1ossl" -.TH OPENSSL-REHASH 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-REHASH 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-rehash, c_rehash \- Create symbolic links to files named by the hash values -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \&\fBrehash\fR @@ -166,7 +91,7 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fIdirectory\fR] ... -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command is generally equivalent to the external script \fBc_rehash\fR, @@ -181,69 +106,69 @@ directories to be set up like this in order to find certificates. .PP If any directories are named on the command line, then those are -processed in turn. If not, then the \fB\s-1SSL_CERT_DIR\s0\fR environment variable -is consulted; this should be a colon-separated list of directories, -like the Unix \fB\s-1PATH\s0\fR variable. -If that is not set then the default directory (installation-specific -but often \fI/etc/ssl/certs\fR) is processed. +processed in turn. If not, then the \fBSSL_CERT_DIR\fR environment variable +is consulted; this should be a colon\-separated list of directories, +like the Unix \fBPATH\fR variable. +If that is not set then the default directory (installation\-specific +but often \fI/usr/local/ssl/certs\fR) is processed. .PP In order for a directory to be processed, the user must have write permissions on that directory, otherwise an error will be generated. .PP -The links created are of the form \fI\s-1HHHHHHHH.D\s0\fR, where each \fIH\fR +The links created are of the form \fIHHHHHHHH.D\fR, where each \fIH\fR is a hexadecimal character and \fID\fR is a single decimal digit. When a directory is processed, all links in it that have a name in that syntax are first removed, even if they are being used for some other purpose. To skip the removal step, use the \fB\-n\fR flag. -Hashes for \s-1CRL\s0's look similar except the letter \fBr\fR appears after -the period, like this: \fI\s-1HHHHHHHH.\s0\fR\fBr\fR\fID\fR. +Hashes for CRL\*(Aqs look similar except the letter \fBr\fR appears after +the period, like this: \fIHHHHHHHH.\fR\fBr\fR\fID\fR. .PP Multiple objects may have the same hash; they will be indicated by incrementing the \fID\fR value. Duplicates are found by comparing the -full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate +full SHA\-1 fingerprint. A warning will be displayed if a duplicate is found. .PP A warning will also be displayed if there are files that -cannot be parsed as either a certificate or a \s-1CRL\s0 or if +cannot be parsed as either a certificate or a CRL or if more than one such object appears in the file. .SS "Script Configuration" .IX Subsection "Script Configuration" The \fBc_rehash\fR script uses the \fBopenssl\fR program to compute the hashes and -fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the -\&\fB\s-1OPENSSL\s0\fR environment variable to the full pathname. +fingerprints. If not found in the user\*(Aqs \fBPATH\fR, then set the +\&\fBOPENSSL\fR environment variable to the full pathname. Any program can be used, it will be invoked as follows for either -a certificate or \s-1CRL:\s0 +a certificate or CRL: .PP .Vb 2 \& $OPENSSL x509 \-hash \-fingerprint \-noout \-in FILENAME \& $OPENSSL crl \-hash \-fingerprint \-noout \-in FILENAME .Ve .PP -where \fI\s-1FILENAME\s0\fR is the filename. It must output the hash of the +where \fIFILENAME\fR is the filename. It must output the hash of the file on the first line, and the fingerprint on the second, optionally prefixed with some text and an equals sign. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" .IP "\fB\-help\fR \fB\-h\fR" 4 .IX Item "-help -h" Display a brief usage message. -.IP "\fB\-old\fR" 4 +.IP \fB\-old\fR 4 .IX Item "-old" -Use old-style hashing (\s-1MD5,\s0 as opposed to \s-1SHA\-1\s0) for generating +Use old\-style hashing (MD5, as opposed to SHA\-1) for generating links to be used for releases before 1.0.0. Note that current versions will not use the old style. -.IP "\fB\-n\fR" 4 +.IP \fB\-n\fR 4 .IX Item "-n" Do not remove existing links. -This is needed when keeping new and old-style links in the same directory. -.IP "\fB\-compat\fR" 4 +This is needed when keeping new and old\-style links in the same directory. +.IP \fB\-compat\fR 4 .IX Item "-compat" -Generate links for both old-style (\s-1MD5\s0) and new-style (\s-1SHA1\s0) hashing. -This allows releases before 1.0.0 to use these links along-side newer +Generate links for both old\-style (MD5) and new\-style (SHA1) hashing. +This allows releases before 1.0.0 to use these links along\-side newer releases. -.IP "\fB\-v\fR" 4 +.IP \fB\-v\fR 4 .IX Item "-v" Print messages about old links removed and new links created. By default, this command only lists each directory as it is processed. @@ -255,14 +180,14 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "ENVIRONMENT" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH ENVIRONMENT .IX Header "ENVIRONMENT" -.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IP \fBOPENSSL\fR 4 .IX Item "OPENSSL" The path to an executable to use to generate hashes and fingerprints (see above). -.IP "\fB\s-1SSL_CERT_DIR\s0\fR" 4 +.IP \fBSSL_CERT_DIR\fR 4 .IX Item "SSL_CERT_DIR" Colon separated list of directories to operate on. Ignored if directories are listed on the command line. @@ -271,11 +196,11 @@ \&\fBopenssl\fR\|(1), \&\fBopenssl\-crl\fR\|(1), \&\fBopenssl\-x509\fR\|(1) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-req.1.orig +++ secure/usr.bin/openssl/man/openssl-req.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-REQ 1ossl" -.TH OPENSSL-REQ 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-REQ 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-req \- PKCS#10 certificate request and certificate generating command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBreq\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-out\fR \fIfilename\fR] @@ -161,10 +86,10 @@ [\fB\-noenc\fR] [\fB\-nodes\fR] [\fB\-key\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-keyout\fR \fIfilename\fR] [\fB\-keygen_engine\fR \fIid\fR] -[\fB\-\f(BIdigest\fB\fR] +[\fB\-\fR\f(BIdigest\fR] [\fB\-config\fR \fIfilename\fR] [\fB\-section\fR \fIname\fR] [\fB\-x509\fR] @@ -194,17 +119,17 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command primarily creates and processes certificate requests (CSRs) -in PKCS#10 format. It can additionally create self-signed certificates +in PKCS#10 format. It can additionally create self\-signed certificates for use as root CAs for example. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR, \fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM, -outform DER|PEM" The input and output formats; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -219,11 +144,11 @@ .IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-sigopt nm:v" Pass options to the signature algorithm during sign operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm\-specific. .IP "\fB\-vfyopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-vfyopt nm:v" Pass options to the signature algorithm during verify operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm\-specific. .IP "\fB\-passin\fR \fIarg\fR" 4 .IX Item "-passin arg" The password source for private key and certificate input. @@ -237,26 +162,26 @@ .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" This specifies the output filename to write to or standard output by default. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" Prints out the certificate request in text form. -.IP "\fB\-subject\fR" 4 +.IP \fB\-subject\fR 4 .IX Item "-subject" Prints out the certificate request subject (or certificate subject if \fB\-x509\fR is in use). -.IP "\fB\-pubkey\fR" 4 +.IP \fB\-pubkey\fR 4 .IX Item "-pubkey" Prints out the public key. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option prevents output of the encoded version of the certificate request. -.IP "\fB\-modulus\fR" 4 +.IP \fB\-modulus\fR 4 .IX Item "-modulus" Prints out the value of the modulus of the public key contained in the request. -.IP "\fB\-verify\fR" 4 +.IP \fB\-verify\fR 4 .IX Item "-verify" -Verifies the self-signature on the request. -.IP "\fB\-new\fR" 4 +Verifies the self\-signature on the request. +.IP \fB\-new\fR 4 .IX Item "-new" This option generates a new certificate request. It will prompt the user for the relevant field values. The actual fields @@ -266,7 +191,7 @@ If the \fB\-key\fR option is not given it will generate a new private key using information specified in the configuration file or given with the \fB\-newkey\fR and \fB\-pkeyopt\fR options, -else by default an \s-1RSA\s0 key with 2048 bits length. +else by default an RSA key with 2048 bits length. .IP "\fB\-newkey\fR \fIarg\fR" 4 .IX Item "-newkey arg" This option is used to generate a new private key unless \fB\-key\fR is given. @@ -277,7 +202,7 @@ .Sp The argument takes one of several forms. .Sp -[\fBrsa:\fR]\fInbits\fR generates an \s-1RSA\s0 key \fInbits\fR in size. +[\fBrsa:\fR]\fInbits\fR generates an RSA key \fInbits\fR in size. If \fInbits\fR is omitted, i.e., \fB\-newkey\fR \fBrsa\fR is specified, the default key size specified in the configuration file with the \fBdefault_bits\fR option is used if present, else 2048. @@ -295,10 +220,10 @@ If algorithm parameters are not given, any necessary parameters should be specified via the \fB\-pkeyopt\fR option. .Sp -\&\fBdsa:\fR\fIfilename\fR generates a \s-1DSA\s0 key using the parameters -in the file \fIfilename\fR. \fBec:\fR\fIfilename\fR generates \s-1EC\s0 key (usable both with -\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:\fR\fIfilename\fR generates \s-1GOST R -34.10\-2001\s0 key (requires \fBgost\fR engine configured in the configuration +\&\fBdsa:\fR\fIfilename\fR generates a DSA key using the parameters +in the file \fIfilename\fR. \fBec:\fR\fIfilename\fR generates EC key (usable both with +ECDSA or ECDH algorithms), \fBgost2001:\fR\fIfilename\fR generates GOST R +34.10\-2001 key (requires \fBgost\fR engine configured in the configuration file). If just \fBgost2001\fR is specified a parameter set should be specified by \fB\-pkeyopt\fR \fIparamset:X\fR .IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 @@ -306,18 +231,18 @@ Set the public key algorithm option \fIopt\fR to \fIvalue\fR. The precise set of options supported depends on the public key algorithm used and its implementation. -See \*(L"\s-1KEY GENERATION OPTIONS\*(R"\s0 in \fBopenssl\-genpkey\fR\|(1) for more details. +See "KEY GENERATION OPTIONS" in \fBopenssl\-genpkey\fR\|(1) for more details. .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-key filename|uri" This option provides the private key for signing a new certificate or certificate request. Unless \fB\-in\fR is given, the corresponding public key is placed in -the new certificate or certificate request, resulting in a self-signature. +the new certificate or certificate request, resulting in a self\-signature. .Sp For certificate signing this option is overridden by the \fB\-CA\fR option. .Sp -This option also accepts PKCS#8 format private keys for \s-1PEM\s0 format files. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +This option also accepts PKCS#8 format private keys for PEM format files. +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The format of the private key; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -330,28 +255,28 @@ private key and the \fB\-key\fR option is provided, you should provide the \&\fB\-keyout\fR option explicitly. If a new key is generated and no filename is specified the key is written to standard output. -.IP "\fB\-noenc\fR" 4 +.IP \fB\-noenc\fR 4 .IX Item "-noenc" If this option is specified then if a private key is created it will not be encrypted. -.IP "\fB\-nodes\fR" 4 +.IP \fB\-nodes\fR 4 .IX Item "-nodes" This option is deprecated since OpenSSL 3.0; use \fB\-noenc\fR instead. -.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IP \fB\-\fR\f(BIdigest\fR 4 .IX Item "-digest" This specifies the message digest to sign the request. Any digest supported by the OpenSSL \fBdgst\fR command can be used. This overrides the digest algorithm specified in the configuration file. .Sp -Some public key algorithms may override this choice. For instance, \s-1DSA\s0 -signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use -\&\s-1GOST R 34.11\-94\s0 (\fB\-md_gost94\fR), Ed25519 and Ed448 never use any digest. +Some public key algorithms may override this choice. For instance, DSA +signatures always use SHA1, GOST R 34.10 signatures always use +GOST R 34.11\-94 (\fB\-md_gost94\fR), Ed25519 and Ed448 never use any digest. .IP "\fB\-config\fR \fIfilename\fR" 4 .IX Item "-config filename" This allows an alternative configuration file to be specified. Optional; for a description of the default value, -see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +see "COMMAND SUMMARY" in \fBopenssl\fR\|(1). .IP "\fB\-section\fR \fIname\fR" 4 .IX Item "-section name" Specifies the name of the section to use; the default is \fBreq\fR. @@ -364,16 +289,16 @@ Special characters may be escaped by \f(CW\*(C`\e\*(C'\fR (backslash), whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the request. -Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL-DN). -Multi-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR +Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL\-DN). +Multi\-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR between the AttributeValueAssertions (AVAs) that specify the members of the set. Example: .Sp \&\f(CW\*(C`/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\*(C'\fR -.IP "\fB\-multivalue\-rdn\fR" 4 +.IP \fB\-multivalue\-rdn\fR 4 .IX Item "-multivalue-rdn" This option has been deprecated and has no effect. -.IP "\fB\-x509\fR" 4 +.IP \fB\-x509\fR 4 .IX Item "-x509" This option outputs a certificate instead of a certificate request. This is typically used to generate test certificates. @@ -382,7 +307,7 @@ This option implies the \fB\-new\fR flag if \fB\-in\fR is not given. .Sp If an existing request is specified with the \fB\-in\fR option, it is converted -to the a certificate; otherwise a request is created from scratch. +to a certificate; otherwise a request is created from scratch. .Sp Unless specified using the \fB\-set_serial\fR option, a large random number will be used for the serial number. @@ -394,14 +319,14 @@ or using the \fB\-addext\fR option. .IP "\fB\-CA\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-CA filename|uri" -Specifies the \*(L"\s-1CA\*(R"\s0 certificate to be used for signing a new certificate +Specifies the "CA" certificate to be used for signing a new certificate and implies use of \fB\-x509\fR. -When present, this behaves like a \*(L"micro \s-1CA\*(R"\s0 as follows: -The subject name of the \*(L"\s-1CA\*(R"\s0 certificate is placed as issuer name in the new -certificate, which is then signed using the \*(L"\s-1CA\*(R"\s0 key given as specified below. +When present, this behaves like a "micro CA" as follows: +The subject name of the "CA" certificate is placed as issuer name in the new +certificate, which is then signed using the "CA" key given as specified below. .IP "\fB\-CAkey\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-CAkey filename|uri" -Sets the \*(L"\s-1CA\*(R"\s0 private key to sign a certificate with. +Sets the "CA" private key to sign a certificate with. The private key must match the public key of the certificate given with \fB\-CA\fR. If this option is not provided then the key must be present in the \fB\-CA\fR input. .IP "\fB\-days\fR \fIn\fR" 4 @@ -411,7 +336,7 @@ be a positive integer. The default is 30 days. .IP "\fB\-set_serial\fR \fIn\fR" 4 .IX Item "-set_serial n" -Serial number to use when outputting a self-signed certificate. +Serial number to use when outputting a self\-signed certificate. This may be specified as a decimal value or a hex value if preceded by \f(CW\*(C`0x\*(C'\fR. If not given, a large random number will be used. .IP "\fB\-copy_extensions\fR \fIarg\fR" 4 @@ -442,21 +367,21 @@ This allows several different sections to be used in the same configuration file to specify requests for a variety of purposes. -.IP "\fB\-precert\fR" 4 +.IP \fB\-precert\fR 4 .IX Item "-precert" A poison extension will be added to the certificate, making it a -\&\*(L"pre-certificate\*(R" (see \s-1RFC6962\s0). This can be submitted to Certificate +"pre\-certificate" (see RFC6962). This can be submitted to Certificate Transparency logs in order to obtain signed certificate timestamps (SCTs). -These SCTs can then be embedded into the pre-certificate as an extension, before +These SCTs can then be embedded into the pre\-certificate as an extension, before removing the poison and signing the certificate. .Sp This implies the \fB\-new\fR flag. -.IP "\fB\-utf8\fR" 4 +.IP \fB\-utf8\fR 4 .IX Item "-utf8" -This option causes field values to be interpreted as \s-1UTF8\s0 strings, by -default they are interpreted as \s-1ASCII.\s0 This means that the field +This option causes field values to be interpreted as UTF8 strings, by +default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a -configuration file, must be valid \s-1UTF8\s0 strings. +configuration file, must be valid UTF8 strings. .IP "\fB\-reqopt\fR \fIoption\fR" 4 .IX Item "-reqopt option" Customise the printing format used with \fB\-text\fR. The \fIoption\fR argument can be @@ -464,14 +389,14 @@ .Sp See discussion of the \fB\-certopt\fR parameter in the \fBopenssl\-x509\fR\|(1) command. -.IP "\fB\-newhdr\fR" 4 +.IP \fB\-newhdr\fR 4 .IX Item "-newhdr" -Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputted +Adds the word \fBNEW\fR to the PEM file header and footer lines on the outputted request. Some software (Netscape certificate server) and some CAs need this. -.IP "\fB\-batch\fR" 4 +.IP \fB\-batch\fR 4 .IX Item "-batch" -Non-interactive mode. -.IP "\fB\-verbose\fR" 4 +Non\-interactive mode. +.IP \fB\-verbose\fR 4 .IX Item "-verbose" Print extra details about the operations being performed. .IP "\fB\-keygen_engine\fR \fIid\fR" 4 @@ -484,10 +409,10 @@ See \fBopenssl\-namedisplay\-options\fR\|(1) for details. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -497,7 +422,7 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SH "CONFIGURATION FILE FORMAT" .IX Header "CONFIGURATION FILE FORMAT" The configuration options are specified in the \fBreq\fR section of @@ -514,7 +439,7 @@ the output private key file (if one will be created). The command line options \fBpassin\fR and \fBpassout\fR override the configuration file values. -.IP "\fBdefault_bits\fR" 4 +.IP \fBdefault_bits\fR 4 .IX Item "default_bits" Specifies the default key size in bits. .Sp @@ -522,82 +447,93 @@ a new key. It can be overridden by specifying an explicit key size in the \fB\-newkey\fR option. The smallest accepted key size is 512 bits. If no key size is specified then 2048 bits is used. -.IP "\fBdefault_keyfile\fR" 4 +.IP \fBdefault_keyfile\fR 4 .IX Item "default_keyfile" This is the default filename to write a private key to. If not specified the key is written to standard output. This can be overridden by the \fB\-keyout\fR option. -.IP "\fBoid_file\fR" 4 +.IP \fBoid_file\fR 4 .IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. +This specifies a file containing additional \fBOBJECT IDENTIFIERS\fR. Each line of the file should consist of the numerical form of the object identifier followed by whitespace then the short name followed by whitespace and finally the long name. -.IP "\fBoid_section\fR" 4 +.IP \fBoid_section\fR 4 .IX Item "oid_section" This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by \fB=\fR and the numerical form. The short and long names are the same when this option is used. -.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IP \fBRANDFILE\fR 4 .IX Item "RANDFILE" At startup the specified file is loaded into the random number generator, and at exit 256 bytes will be written to it. It is used for private key generation. -.IP "\fBencrypt_key\fR" 4 +.IP \fBencrypt_key\fR 4 .IX Item "encrypt_key" If this is set to \fBno\fR then if a private key is generated it is \&\fBnot\fR encrypted. This is equivalent to the \fB\-noenc\fR command line option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option. -.IP "\fBdefault_md\fR" 4 +.IP \fBdefault_md\fR 4 .IX Item "default_md" This option specifies the digest algorithm to use. Any digest supported by the OpenSSL \fBdgst\fR command can be used. This option can be overridden on the command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore any digest that has been set. -.IP "\fBstring_mask\fR" 4 +.IP \fBstring_mask\fR 4 .IX Item "string_mask" This option masks out the use of certain string types in certain -fields. Most users will not need to change this option. +fields. Most users will not need to change this option. It can be set to +several values: +.RS 4 +.IP "\fButf8only\fR \- only UTF8Strings are used (this is the default value)" 4 +.IX Item "utf8only - only UTF8Strings are used (this is the default value)" +.PD 0 +.IP "\fBpkix\fR \- any string type except T61Strings" 4 +.IX Item "pkix - any string type except T61Strings" +.IP "\fBnombstr\fR \- any string type except BMPStrings and UTF8Strings" 4 +.IX Item "nombstr - any string type except BMPStrings and UTF8Strings" +.IP "\fBdefault\fR \- any kind of string type" 4 +.IX Item "default - any kind of string type" +.PD +.RE +.RS 4 .Sp -It can be set to several values \fBdefault\fR which is also the default -option uses PrintableStrings, T61Strings and BMPStrings if the -\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will -be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459.\s0 If the -\&\fButf8only\fR option is used then only UTF8Strings will be used: this -is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR -option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings and UTF8Strings: in particular Netscape. -.IP "\fBreq_extensions\fR" 4 +Note that \fButf8only\fR is the PKIX recommendation in RFC2459 after 2003, and the +default \fBstring_mask\fR; \fBdefault\fR is not the default option. The \fBnombstr\fR +value is a workaround for some software that has problems with variable\-sized +BMPStrings and UTF8Strings. +.RE +.IP \fBreq_extensions\fR 4 .IX Item "req_extensions" This specifies the configuration file section containing a list of extensions to add to the certificate request. It can be overridden by the \fB\-reqexts\fR command line switch. See the \&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. -.IP "\fBx509_extensions\fR" 4 +.IP \fBx509_extensions\fR 4 .IX Item "x509_extensions" This specifies the configuration file section containing a list of extensions to add to certificate generated when \fB\-x509\fR is in use. It can be overridden by the \fB\-extensions\fR command line switch. -.IP "\fBprompt\fR" 4 +.IP \fBprompt\fR 4 .IX Item "prompt" If set to the value \fBno\fR this disables prompting of certificate fields and just takes values from the config file directly. It also changes the expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. -.IP "\fButf8\fR" 4 +.IP \fButf8\fR 4 .IX Item "utf8" -If set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0 -strings, by default they are interpreted as \s-1ASCII.\s0 This means that +If set to the value \fByes\fR then field values to be interpreted as UTF8 +strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a -configuration file, must be valid \s-1UTF8\s0 strings. -.IP "\fBattributes\fR" 4 +configuration file, must be valid UTF8 strings. +.IP \fBattributes\fR 4 .IX Item "attributes" This specifies the section containing any request attributes: its format is the same as \fBdistinguished_name\fR. Typically these may contain the challengePassword or unstructuredName types. They are currently ignored -by OpenSSL's request signing utilities but some CAs might want them. -.IP "\fBdistinguished_name\fR" 4 +by OpenSSL\*(Aqs request signing utilities but some CAs might want them. +.IP \fBdistinguished_name\fR 4 .IX Item "distinguished_name" This specifies the section containing the distinguished name fields to prompt for when generating a certificate or certificate request. The format @@ -614,9 +550,9 @@ \& emailAddress=someone@somewhere.org .Ve .PP -This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file with +This allows external programs (e.g. GUI based) to generate a template file with all the field names and values and just pass it to this command. An example -of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section. +of this kind of configuration file is contained in the \fBEXAMPLES\fR section. .PP Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the file contains field prompting information. It consists of lines of the form: @@ -628,12 +564,12 @@ \& fieldName_max= 4 .Ve .PP -\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0). -The \*(L"prompt\*(R" string is used to ask the user to enter the relevant +"fieldName" is the field name being used, for example commonName (or CN). +The "prompt" string is used to ask the user to enter the relevant details. If the user enters nothing then the default value is used if no default value is present then the field is omitted. A field can still be omitted if a default value is present if the user just -enters the '.' character. +enters the \*(Aq.\*(Aq character. .PP The number of characters entered must be between the fieldName_min and fieldName_max limits: there may be additional restrictions based @@ -641,11 +577,11 @@ two characters long and must fit in a PrintableString). .PP Some fields (such as organizationName) can be used more than once -in a \s-1DN.\s0 This presents a problem because configuration files will +in a DN. This presents a problem because configuration files will not recognize the same name occurring twice. To avoid this problem if the fieldName contains some characters followed by a full stop they will be ignored. So for example a second organizationName can -be input by calling it \*(L"1.organizationName\*(R". +be input by calling it "1.organizationName". .PP The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual @@ -656,7 +592,7 @@ Additional object identifiers can be defined with the \fBoid_file\fR or \&\fBoid_section\fR options in the configuration file. Any additional fields will be treated as though they were a DirectoryString. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Examine and verify certificate request: .PP @@ -677,20 +613,20 @@ \& openssl req \-newkey rsa:2048 \-keyout key.pem \-out req.pem .Ve .PP -Generate a self-signed root certificate: +Generate a self\-signed root certificate: .PP .Vb 1 \& openssl req \-x509 \-newkey rsa:2048 \-keyout key.pem \-out req.pem .Ve .PP -Create an \s-1SM2\s0 private key and then generate a certificate request from it: +Create an SM2 private key and then generate a certificate request from it: .PP .Vb 2 \& openssl ecparam \-genkey \-name SM2 \-out sm2.key \& openssl req \-new \-key sm2.key \-out sm2.csr \-sm3 \-sigopt "distid:1234567812345678" .Ve .PP -Examine and verify an \s-1SM2\s0 certificate request: +Examine and verify an SM2 certificate request: .PP .Vb 1 \& openssl req \-verify \-in sm2.csr \-sm3 \-vfyopt "distid:1234567812345678" @@ -721,7 +657,7 @@ \& attributes = req_attributes \& req_extensions = v3_ca \& -\& dirstring_type = nobmp +\& dirstring_type = nombstr \& \& [ req_distinguished_name ] \& countryName = Country Name (2 letter code) @@ -784,13 +720,13 @@ \& \-addext "certificatePolicies = 1.2.3.4" \e \& \-newkey rsa:2048 \-keyout key.pem \-out req.pem .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions +The certificate requests generated by \fBXenroll\fR with MSIE have extensions added. It includes the \fBkeyUsage\fR extension which determines the type of key (signature only or general purpose) and any additional OIDs entered by the script in an \fBextendedKeyUsage\fR extension. -.SH "DIAGNOSTICS" +.SH DIAGNOSTICS .IX Header "DIAGNOSTICS" The following messages are frequently asked about: .PP @@ -806,9 +742,9 @@ \& problems making Certificate Request .Ve .PP -The first error message is the clue: it can't find the configuration -file! Certain operations (like examining a certificate request) don't -need a configuration file so its use isn't enforced. Generation of +The first error message is the clue: it can\*(Aqt find the configuration +file! Certain operations (like examining a certificate request) don\*(Aqt +need a configuration file so its use isn\*(Aqt enforced. Generation of certificates or requests however does need a configuration file. This could be regarded as a bug. .PP @@ -820,30 +756,30 @@ .Ve .PP this is displayed when no attributes are present and the request includes -the correct empty \fB\s-1SET OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 +the correct empty \fBSET OF\fR structure (the DER encoding of which is 0xa0 0x00). If you just see: .PP .Vb 1 \& Attributes: .Ve .PP -then the \fB\s-1SET OF\s0\fR is missing and the encoding is technically invalid (but +then the \fBSET OF\fR is missing and the encoding is technically invalid (but it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR for more information. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively -treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. -This can cause problems if you need characters that aren't available in -PrintableStrings and you don't want to or can't use BMPStrings. +OpenSSL\*(Aqs handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as ISO\-8859\-1 (Latin 1), Netscape and MSIE have similar behaviour. +This can cause problems if you need characters that aren\*(Aqt available in +PrintableStrings and you don\*(Aqt want to or can\*(Aqt use BMPStrings. .PP As a consequence of the T61String handling the only correct way to represent accented characters in OpenSSL is to use a BMPString: unfortunately Netscape currently chokes on these. If you have to use accented characters with Netscape -and \s-1MSIE\s0 then you currently need to use the invalid T61String form. +and MSIE then you currently need to use the invalid T61String form. .PP -The current prompting is not very friendly. It doesn't allow you to confirm what -you've just entered. Other things like extensions in certificate requests are +The current prompting is not very friendly. It doesn\*(Aqt allow you to confirm what +you\*(Aqve just entered. Other things like extensions in certificate requests are statically defined in the configuration file. Some of these: like an email address in subjectAltName should be input by the user. .SH "SEE ALSO" @@ -855,7 +791,7 @@ \&\fBopenssl\-gendsa\fR\|(1), \&\fBconfig\fR\|(5), \&\fBx509v3_config\fR\|(5) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-section\fR option was added in OpenSSL 3.0.0. .PP @@ -864,11 +800,11 @@ .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. The <\-nodes> option was deprecated in OpenSSL 3.0, too; use \fB\-noenc\fR instead. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-rsa.1.orig +++ secure/usr.bin/openssl/man/openssl-rsa.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,83 +53,24 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-RSA 1ossl" -.TH OPENSSL-RSA 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-RSA 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-rsa \- RSA key processing command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBrsa\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-in\fR \fIfilename\fR|\fIuri\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-out\fR \fIfilename\fR] @@ -178,24 +103,24 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command processes \s-1RSA\s0 keys. They can be converted between +This command processes RSA keys. They can be converted between various forms and their components printed out. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-inform DER|PEM|P12|ENGINE" The key input format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The key output format; the default is \fB\s-1PEM\s0\fR. +The key output format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-traditional\fR" 4 +.IP \fB\-traditional\fR 4 .IX Item "-traditional" When writing a private key, use the traditional PKCS#1 format instead of the PKCS#8 format. @@ -223,25 +148,25 @@ means that this command can be used to remove the pass phrase from a key by not giving any encryption option is given, or to add or change the pass phrase by setting them. -These options can only be used with \s-1PEM\s0 format output files. -.IP "\fB\-text\fR" 4 +These options can only be used with PEM format output files. +.IP \fB\-text\fR 4 .IX Item "-text" Prints out the various public or private key components in plain text in addition to the encoded version. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option prevents output of the encoded version of the key. -.IP "\fB\-modulus\fR" 4 +.IP \fB\-modulus\fR 4 .IX Item "-modulus" This option prints out the value of the modulus of the key. -.IP "\fB\-check\fR" 4 +.IP \fB\-check\fR 4 .IX Item "-check" -This option checks the consistency of an \s-1RSA\s0 private key. -.IP "\fB\-pubin\fR" 4 +This option checks the consistency of an RSA private key. +.IP \fB\-pubin\fR 4 .IX Item "-pubin" By default a private key is read from the input file: with this option a public key is read instead. -.IP "\fB\-pubout\fR" 4 +.IP \fB\-pubout\fR 4 .IX Item "-pubout" By default a private key is output: with this option a public key will be output instead. This option is automatically set if @@ -249,18 +174,18 @@ .IP "\fB\-RSAPublicKey_in\fR, \fB\-RSAPublicKey_out\fR" 4 .IX Item "-RSAPublicKey_in, -RSAPublicKey_out" Like \fB\-pubin\fR and \fB\-pubout\fR except \fBRSAPublicKey\fR format is used instead. -.IP "\fB\-pvk\-strong\fR" 4 +.IP \fB\-pvk\-strong\fR 4 .IX Item "-pvk-strong" -Enable 'Strong' \s-1PVK\s0 encoding level (default). -.IP "\fB\-pvk\-weak\fR" 4 +Enable \*(AqStrong\*(Aq PVK encoding level (default). +.IP \fB\-pvk\-weak\fR 4 .IX Item "-pvk-weak" -Enable 'Weak' \s-1PVK\s0 encoding level. -.IP "\fB\-pvk\-none\fR" 4 +Enable \*(AqWeak\*(Aq PVK encoding level. +.IP \fB\-pvk\-none\fR 4 .IX Item "-pvk-none" -Don't enforce \s-1PVK\s0 encoding. +Don\*(Aqt enforce PVK encoding. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -270,29 +195,29 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "NOTES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH NOTES .IX Header "NOTES" The \fBopenssl\-pkey\fR\|(1) command is capable of performing all the operations this command can, as well as supporting other public key types. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The documentation for the \fBopenssl\-pkey\fR\|(1) command contains examples equivalent to the ones listed here. .PP -To remove the pass phrase on an \s-1RSA\s0 private key: +To remove the pass phrase on an RSA private key: .PP .Vb 1 \& openssl rsa \-in key.pem \-out keyout.pem .Ve .PP -To encrypt a private key using triple \s-1DES:\s0 +To encrypt a private key using triple DES: .PP .Vb 1 \& openssl rsa \-in key.pem \-des3 \-out keyout.pem .Ve .PP -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +To convert a private key from PEM to DER format: .PP .Vb 1 \& openssl rsa \-in key.pem \-outform DER \-out keyout.der @@ -315,7 +240,7 @@ .Vb 1 \& openssl rsa \-in key.pem \-RSAPublicKey_out \-out pubkey.pem .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" There should be an option that automatically handles \fI.key\fR files, without having to manually edit them. @@ -327,14 +252,14 @@ \&\fBopenssl\-dsa\fR\|(1), \&\fBopenssl\-genrsa\fR\|(1), \&\fBopenssl\-gendsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-rsautl.1.orig +++ secure/usr.bin/openssl/man/openssl-rsautl.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-RSAUTL 1ossl" -.TH OPENSSL-RSAUTL 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-RSAUTL 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-rsautl \- RSA command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBrsautl\fR [\fB\-help\fR] @@ -149,7 +74,7 @@ [\fB\-rev\fR] [\fB\-out\fR \fIfile\fR] [\fB\-inkey\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-pubin\fR] [\fB\-certin\fR] [\fB\-sign\fR] @@ -168,16 +93,16 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command has been deprecated. The \fBopenssl\-pkeyutl\fR\|(1) command should be used instead. .PP This command can be used to sign, verify, encrypt and decrypt -data using the \s-1RSA\s0 algorithm. -.SH "OPTIONS" +data using the RSA algorithm. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-in\fR \fIfilename\fR" 4 @@ -188,7 +113,7 @@ .IX Item "-passin arg" The passphrase used in the output file. See see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-rev\fR" 4 +.IP \fB\-rev\fR 4 .IX Item "-rev" Reverse the order of the input. .IP "\fB\-out\fR \fIfilename\fR" 4 @@ -197,49 +122,49 @@ default. .IP "\fB\-inkey\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-inkey filename|uri" -The input key, by default it should be an \s-1RSA\s0 private key. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +The input key, by default it should be an RSA private key. +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The key format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-pubin\fR" 4 +.IP \fB\-pubin\fR 4 .IX Item "-pubin" -The input file is an \s-1RSA\s0 public key. -.IP "\fB\-certin\fR" 4 +The input file is an RSA public key. +.IP \fB\-certin\fR 4 .IX Item "-certin" -The input is a certificate containing an \s-1RSA\s0 public key. -.IP "\fB\-sign\fR" 4 +The input is a certificate containing an RSA public key. +.IP \fB\-sign\fR 4 .IX Item "-sign" Sign the input data and output the signed result. This requires -an \s-1RSA\s0 private key. -.IP "\fB\-verify\fR" 4 +an RSA private key. +.IP \fB\-verify\fR 4 .IX Item "-verify" Verify the input data and output the recovered data. -.IP "\fB\-encrypt\fR" 4 +.IP \fB\-encrypt\fR 4 .IX Item "-encrypt" -Encrypt the input data using an \s-1RSA\s0 public key. -.IP "\fB\-decrypt\fR" 4 +Encrypt the input data using an RSA public key. +.IP \fB\-decrypt\fR 4 .IX Item "-decrypt" -Decrypt the input data using an \s-1RSA\s0 private key. +Decrypt the input data using an RSA private key. .IP "\fB\-pkcs\fR, \fB\-oaep\fR, \fB\-x931\fR, \fB\-raw\fR" 4 .IX Item "-pkcs, -oaep, -x931, -raw" -The padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP, -ANSI X9.31,\s0 or no padding, respectively. +The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, +ANSI X9.31, or no padding, respectively. For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. -.IP "\fB\-hexdump\fR" 4 +.IP \fB\-hexdump\fR 4 .IX Item "-hexdump" Hex dump the output data. -.IP "\fB\-asn1parse\fR" 4 +.IP \fB\-asn1parse\fR 4 .IX Item "-asn1parse" -Parse the \s-1ASN.1\s0 output data, this is useful when combined with the +Parse the ASN.1 output data, this is useful when combined with the \&\fB\-verify\fR option. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -248,15 +173,15 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "NOTES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH NOTES .IX Header "NOTES" -Since this command uses the \s-1RSA\s0 algorithm directly, it can only be +Since this command uses the RSA algorithm directly, it can only be used to sign or verify small pieces of data. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Examples equivalent to these can be found in the documentation for the -non-deprecated \fBopenssl\-pkeyutl\fR\|(1) command. +non\-deprecated \fBopenssl\-pkeyutl\fR\|(1) command. .PP Sign some data using a private key: .PP @@ -317,7 +242,7 @@ \& 614:d=1 hl=3 l= 129 prim: BIT STRING .Ve .PP -The final \s-1BIT STRING\s0 contains the actual signature. It can be extracted with: +The final BIT STRING contains the actual signature. It can be extracted with: .PP .Vb 1 \& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614 @@ -342,7 +267,7 @@ \& 0000 \- f3 46 9e aa 1a 4a 73 c9\-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. .Ve .PP -This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that +This is the parsed version of an ASN1 DigestInfo structure. It can be seen that the digest used was md5. The actual part of the certificate that was signed can be extracted with: .PP @@ -365,16 +290,16 @@ \&\fBopenssl\-dgst\fR\|(1), \&\fBopenssl\-rsa\fR\|(1), \&\fBopenssl\-genrsa\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This command was deprecated in OpenSSL 3.0. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-s_client.1.orig +++ secure/usr.bin/openssl/man/openssl-s_client.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,87 +53,28 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-S_CLIENT 1ossl" -.TH OPENSSL-S_CLIENT 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-S_CLIENT 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-s_client \- SSL/TLS client program -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBs_client\fR [\fB\-help\fR] [\fB\-ssl_config\fR \fIsection\fR] -[\fB\-connect\fR \fIhost:port\fR] +[\fB\-connect\fR \fIhost\fR:\fIport\fR] [\fB\-host\fR \fIhostname\fR] [\fB\-port\fR \fIport\fR] -[\fB\-bind\fR \fIhost:port\fR] -[\fB\-proxy\fR \fIhost:port\fR] +[\fB\-bind\fR \fIhost\fR:\fIport\fR] +[\fB\-proxy\fR \fIhost\fR:\fIport\fR] [\fB\-proxy_user\fR \fIuserid\fR] [\fB\-proxy_pass\fR \fIarg\fR] [\fB\-unix\fR \fIpath\fR] @@ -164,14 +89,14 @@ [\fB\-verifyCApath\fR \fIdir\fR] [\fB\-verifyCAstore\fR \fIuri\fR] [\fB\-cert\fR \fIfilename\fR] -[\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR] +[\fB\-certform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR] [\fB\-cert_chain\fR \fIfilename\fR] [\fB\-build_chain\fR] [\fB\-CRL\fR \fIfilename\fR] -[\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-CRLform\fR \fBDER\fR|\fBPEM\fR] [\fB\-crl_download\fR] [\fB\-key\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-pass\fR \fIarg\fR] [\fB\-chainCAfile\fR \fIfilename\fR] [\fB\-chainCApath\fR \fIdirectory\fR] @@ -270,8 +195,8 @@ [\fB\-xcert\fR \fIfile\fR] [\fB\-xchain\fR \fIfile\fR] [\fB\-xchain_build\fR \fIfile\fR] -[\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> -[\fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-xcertform\fR \fBDER\fR|\fBPEM\fR]> +[\fB\-xkeyform\fR \fBDER\fR|\fBPEM\fR]> [\fB\-CAfile\fR \fIfile\fR] [\fB\-no\-CAfile\fR] [\fB\-CApath\fR \fIdir\fR] @@ -343,51 +268,54 @@ [\fB\-x509_strict\fR] [\fB\-issuer_checks\fR] [\fIhost\fR:\fIport\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command implements a generic \s-1SSL/TLS\s0 client which -connects to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic -tool for \s-1SSL\s0 servers. -.SH "OPTIONS" +This command implements a generic SSL/TLS client which +connects to a remote host using SSL/TLS. It is a \fIvery\fR useful diagnostic +tool for SSL servers. +.SH OPTIONS .IX Header "OPTIONS" In addition to the options below, this command also supports the common and client only options documented -in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3) +in the "Supported Command Line Commands" section of the \fBSSL_CONF_cmd\fR\|(3) manual page. -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-ssl_config\fR \fIsection\fR" 4 .IX Item "-ssl_config section" -Use the specified section of the configuration file to configure the \fB\s-1SSL_CTX\s0\fR object. +Use the specified section of the configuration file to configure the \fBSSL_CTX\fR object. .IP "\fB\-connect\fR \fIhost\fR:\fIport\fR" 4 .IX Item "-connect host:port" This specifies the host and optional port to connect to. It is possible to select the host and port using the optional target positional argument instead. If neither this nor the target positional argument are specified then an attempt is made to connect to the local host on port 4433. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. .IP "\fB\-host\fR \fIhostname\fR" 4 .IX Item "-host hostname" Host to connect to; use \fB\-connect\fR instead. .IP "\fB\-port\fR \fIport\fR" 4 .IX Item "-port port" Connect to the specified port; use \fB\-connect\fR instead. -.IP "\fB\-bind\fR \fIhost:port\fR" 4 +.IP "\fB\-bind\fR \fIhost\fR:\fIport\fR" 4 .IX Item "-bind host:port" This specifies the host address and or port to bind as the source for the -connection. For Unix-domain sockets the port is ignored and the host is +connection. For Unix\-domain sockets the port is ignored and the host is used as the source socket address. -.IP "\fB\-proxy\fR \fIhost:port\fR" 4 +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +.IP "\fB\-proxy\fR \fIhost\fR:\fIport\fR" 4 .IX Item "-proxy host:port" When used with the \fB\-connect\fR flag, the program uses the host and port -specified with this flag and issues an \s-1HTTP CONNECT\s0 command to connect +specified with this flag and issues an HTTP CONNECT command to connect to the desired server. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. .IP "\fB\-proxy_user\fR \fIuserid\fR" 4 .IX Item "-proxy_user userid" When used with the \fB\-proxy\fR flag, the program will attempt to authenticate with the specified proxy using basic (base64) authentication. -\&\s-1NB:\s0 Basic authentication is insecure; the credentials are sent to the proxy -in easily reversible base64 encoding before any \s-1TLS/SSL\s0 session is established. +NB: Basic authentication is insecure; the credentials are sent to the proxy +in easily reversible base64 encoding before any TLS/SSL session is established. Therefore, these credentials are easily recovered by anyone able to sniff/trace the network. Use with caution. .IP "\fB\-proxy_pass\fR \fIarg\fR" 4 @@ -397,30 +325,30 @@ see \fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-unix\fR \fIpath\fR" 4 .IX Item "-unix path" -Connect over the specified Unix-domain socket. -.IP "\fB\-4\fR" 4 +Connect over the specified Unix\-domain socket. +.IP \fB\-4\fR 4 .IX Item "-4" Use IPv4 only. -.IP "\fB\-6\fR" 4 +.IP \fB\-6\fR 4 .IX Item "-6" Use IPv6 only. .IP "\fB\-servername\fR \fIname\fR" 4 .IX Item "-servername name" -Set the \s-1TLS SNI\s0 (Server Name Indication) extension in the ClientHello message to +Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value. -If \fB\-servername\fR is not provided, the \s-1TLS SNI\s0 extension will be populated with -the name given to \fB\-connect\fR if it follows a \s-1DNS\s0 name format. If \fB\-connect\fR is -not provided either, the \s-1SNI\s0 is set to \*(L"localhost\*(R". +If \fB\-servername\fR is not provided, the TLS SNI extension will be populated with +the name given to \fB\-connect\fR if it follows a DNS name format. If \fB\-connect\fR is +not provided either, the SNI is set to "localhost". This is the default since OpenSSL 1.1.1. .Sp -Even though \s-1SNI\s0 should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, if +Even though SNI should normally be a DNS name and not an IP address, if \&\fB\-servername\fR is provided then that name will be sent, regardless of whether -it is a \s-1DNS\s0 name or not. +it is a DNS name or not. .Sp This option cannot be used in conjunction with \fB\-noservername\fR. -.IP "\fB\-noservername\fR" 4 +.IP \fB\-noservername\fR 4 .IX Item "-noservername" -Suppresses sending of the \s-1SNI\s0 (Server Name Indication) extension in the +Suppresses sending of the SNI (Server Name Indication) extension in the ClientHello message. Cannot be used in conjunction with the \fB\-servername\fR or \&\fB\-dane_tlsa_domain\fR options. .IP "\fB\-cert\fR \fIfilename\fR" 4 @@ -429,34 +357,36 @@ The default is not to use a certificate. .Sp The chain for the client certificate may be specified using \fB\-cert_chain\fR. -.IP "\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4 +.IP "\fB\-certform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4 .IX Item "-certform DER|PEM|P12" The client certificate file format to use; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-cert_chain\fR" 4 +.IP \fB\-cert_chain\fR 4 .IX Item "-cert_chain" -A file or \s-1URI\s0 of untrusted certificates to use when attempting to build the +A file or URI of untrusted certificates to use when attempting to build the certificate chain related to the certificate specified via the \fB\-cert\fR option. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. -.IP "\fB\-build_chain\fR" 4 +The input can be in PEM, DER, or PKCS#12 format. +.IP \fB\-build_chain\fR 4 .IX Item "-build_chain" Specify whether the application should build the client certificate chain to be provided to the server. .IP "\fB\-CRL\fR \fIfilename\fR" 4 .IX Item "-CRL filename" -\&\s-1CRL\s0 file to use to check the server's certificate. -.IP "\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +CRL file to use to check the server\*(Aqs certificate. +.IP "\fB\-CRLform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-CRLform DER|PEM" -The \s-1CRL\s0 file format; unspecified by default. +The CRL file format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-crl_download\fR" 4 +.IP \fB\-crl_download\fR 4 .IX Item "-crl_download" -Download \s-1CRL\s0 from distribution points in the certificate. +Download CRL from distribution points in the certificate. Note that this option +is ignored if \fB\-crl_check\fR option is not provided. Note that the maximum size +of CRL is limited by \fBX509_CRL_load_http\fR\|(3) function. .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-key filename|uri" The client private key to use. If not specified then the certificate file will be used to read also the key. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The key format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -469,74 +399,80 @@ .IX Item "-verify depth" The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. -Currently the verify operation continues after errors so all the problems +Unless the \fB\-verify_return_error\fR option is given, +the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure. -.IP "\fB\-verify_return_error\fR" 4 +.Sp +By default, validation of server certificates and their chain +is done w.r.t. the (D)TLS Server (\f(CW\*(C`sslserver\*(C'\fR) purpose. +For details see "Certificate Extensions" in \fBopenssl\-verification\-options\fR\|(1). +.IP \fB\-verify_return_error\fR 4 .IX Item "-verify_return_error" -Return verification errors instead of continuing. This will typically -abort the handshake with a fatal error. -.IP "\fB\-verify_quiet\fR" 4 +Turns on server certificate verification, like with \fB\-verify\fR, +but returns verification errors instead of continuing. +This will typically abort the handshake with a fatal error. +.IP \fB\-verify_quiet\fR 4 .IX Item "-verify_quiet" Limit verify output to only errors. .IP "\fB\-verifyCAfile\fR \fIfilename\fR" 4 .IX Item "-verifyCAfile filename" -A file in \s-1PEM\s0 format containing trusted certificates to use -for verifying the server's certificate. +A file in PEM format containing trusted certificates to use +for verifying the server\*(Aqs certificate. .IP "\fB\-verifyCApath\fR \fIdir\fR" 4 .IX Item "-verifyCApath dir" A directory containing trusted certificates to use -for verifying the server's certificate. -This directory must be in \*(L"hash format\*(R", +for verifying the server\*(Aqs certificate. +This directory must be in "hash format", see \fBopenssl\-verify\fR\|(1) for more information. .IP "\fB\-verifyCAstore\fR \fIuri\fR" 4 .IX Item "-verifyCAstore uri" -The \s-1URI\s0 of a store containing trusted certificates to use -for verifying the server's certificate. +The URI of a store containing trusted certificates to use +for verifying the server\*(Aqs certificate. .IP "\fB\-chainCAfile\fR \fIfile\fR" 4 .IX Item "-chainCAfile file" -A file in \s-1PEM\s0 format containing trusted certificates to use +A file in PEM format containing trusted certificates to use when attempting to build the client certificate chain. .IP "\fB\-chainCApath\fR \fIdirectory\fR" 4 .IX Item "-chainCApath directory" A directory containing trusted certificates to use for building the client certificate chain provided to the server. -This directory must be in \*(L"hash format\*(R", +This directory must be in "hash format", see \fBopenssl\-verify\fR\|(1) for more information. .IP "\fB\-chainCAstore\fR \fIuri\fR" 4 .IX Item "-chainCAstore uri" -The \s-1URI\s0 of a store containing trusted certificates to use +The URI of a store containing trusted certificates to use when attempting to build the client certificate chain. -The \s-1URI\s0 may indicate a single certificate, as well as a collection of them. +The URI may indicate a single certificate, as well as a collection of them. With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-chainCAfile\fR or -\&\fB\-chainCApath\fR, depending on if the \s-1URI\s0 indicates a directory or a +\&\fB\-chainCApath\fR, depending on if the URI indicates a directory or a single file. See \fBossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme. .IP "\fB\-requestCAfile\fR \fIfile\fR" 4 .IX Item "-requestCAfile file" A file containing a list of certificates whose subject names will be sent to the server in the \fBcertificate_authorities\fR extension. Only supported -for \s-1TLS 1.3\s0 +for TLS 1.3 .IP "\fB\-dane_tlsa_domain\fR \fIdomain\fR" 4 .IX Item "-dane_tlsa_domain domain" -Enable \s-1RFC6698/RFC7671 DANE TLSA\s0 authentication and specify the -\&\s-1TLSA\s0 base domain which becomes the default \s-1SNI\s0 hint and the primary +Enable RFC6698/RFC7671 DANE TLSA authentication and specify the +TLSA base domain which becomes the default SNI hint and the primary reference identifier for hostname checks. This must be used in combination with at least one instance of the \fB\-dane_tlsa_rrdata\fR option below. .Sp -When \s-1DANE\s0 authentication succeeds, the diagnostic output will include -the lowest (closest to 0) depth at which a \s-1TLSA\s0 record authenticated -a chain certificate. When that \s-1TLSA\s0 record is a \*(L"2 1 0\*(R" trust -anchor public key that signed (rather than matched) the top-most -certificate of the chain, the result is reported as \*(L"\s-1TA\s0 public key -verified\*(R". Otherwise, either the \s-1TLSA\s0 record \*(L"matched \s-1TA\s0 certificate\*(R" -at a positive depth or else \*(L"matched \s-1EE\s0 certificate\*(R" at depth 0. +When DANE authentication succeeds, the diagnostic output will include +the lowest (closest to 0) depth at which a TLSA record authenticated +a chain certificate. When that TLSA record is a "2 1 0" trust +anchor public key that signed (rather than matched) the top\-most +certificate of the chain, the result is reported as "TA public key +verified". Otherwise, either the TLSA record "matched TA certificate" +at a positive depth or else "matched EE certificate" at depth 0. .IP "\fB\-dane_tlsa_rrdata\fR \fIrrdata\fR" 4 .IX Item "-dane_tlsa_rrdata rrdata" -Use one or more times to specify the \s-1RRDATA\s0 fields of the \s-1DANE TLSA\s0 +Use one or more times to specify the RRDATA fields of the DANE TLSA RRset associated with the target service. The \fIrrdata\fR value is -specified in \*(L"presentation form\*(R", that is four whitespace separated +specified in "presentation form", that is four whitespace separated fields that specify the usage, selector, matching type and associated data, with the last of these encoded in hexadecimal. Optional whitespace is ignored in the associated data field. For example: @@ -555,69 +491,69 @@ \& DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1 \& ... .Ve -.IP "\fB\-dane_ee_no_namechecks\fR" 4 +.IP \fB\-dane_ee_no_namechecks\fR 4 .IX Item "-dane_ee_no_namechecks" -This disables server name checks when authenticating via \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +This disables server name checks when authenticating via \fBDANE\-EE\fR\|(3) TLSA records. For some applications, primarily web browsers, it is not safe to disable name -checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +checks due to "unknown key share" attacks, in which a malicious server can convince a client that a connection to a victim server is instead a secure connection to the malicious server. -The malicious server may then be able to violate cross-origin scripting +The malicious server may then be able to violate cross\-origin scripting restrictions. -Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for -\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +Thus, despite the text of RFC7671, name checks are by default enabled for +\&\fBDANE\-EE\fR\|(3) TLSA records, and can be disabled in applications where it is safe to do so. -In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +In particular, SMTP and XMPP clients should set this option as SRV and MX records already make it possible for a remote domain to redirect client -connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +connections to any server of its choice, and in any case SMTP and XMPP clients do not execute scripts downloaded from remote servers. -.IP "\fB\-reconnect\fR" 4 +.IP \fB\-reconnect\fR 4 .IX Item "-reconnect" -Reconnects to the same server 5 times using the same session \s-1ID,\s0 this can +Reconnects to the same server 5 times using the same session ID, this can be used as a test that session caching is working. -.IP "\fB\-showcerts\fR" 4 +.IP \fB\-showcerts\fR 4 .IX Item "-showcerts" Displays the server certificate list as sent by the server: it only consists of certificates the server has sent (in the order the server has sent them). It is \&\fBnot\fR a verified chain. -.IP "\fB\-prexit\fR" 4 +.IP \fB\-prexit\fR 4 .IX Item "-prexit" Print session information when the program exits. This will always attempt to print out information even if the connection fails. Normally information will only be printed out once if the connection succeeds. This option is useful because the cipher in use may be renegotiated or the connection may fail because a client certificate is required or is requested only after an -attempt is made to access a certain \s-1URL.\s0 Note: the output produced by this +attempt is made to access a certain URL. Note: the output produced by this option is not always accurate because a connection might never have been established. -.IP "\fB\-state\fR" 4 +.IP \fB\-state\fR 4 .IX Item "-state" -Prints out the \s-1SSL\s0 session states. -.IP "\fB\-debug\fR" 4 +Prints out the SSL session states. +.IP \fB\-debug\fR 4 .IX Item "-debug" Print extensive debugging information including a hex dump of all traffic. -.IP "\fB\-nocommands\fR" 4 +.IP \fB\-nocommands\fR 4 .IX Item "-nocommands" Do not use interactive command letters. -.IP "\fB\-security_debug\fR" 4 +.IP \fB\-security_debug\fR 4 .IX Item "-security_debug" Enable security debug messages. -.IP "\fB\-security_debug_verbose\fR" 4 +.IP \fB\-security_debug_verbose\fR 4 .IX Item "-security_debug_verbose" Output more security debug output. -.IP "\fB\-msg\fR" 4 +.IP \fB\-msg\fR 4 .IX Item "-msg" Show protocol messages. -.IP "\fB\-timeout\fR" 4 +.IP \fB\-timeout\fR 4 .IX Item "-timeout" -Enable send/receive timeout on \s-1DTLS\s0 connections. +Enable send/receive timeout on DTLS connections. .IP "\fB\-mtu\fR \fIsize\fR" 4 .IX Item "-mtu size" -Set \s-1MTU\s0 of the link layer to the specified size. -.IP "\fB\-no_etm\fR" 4 +Set MTU of the link layer to the specified size. +.IP \fB\-no_etm\fR 4 .IX Item "-no_etm" -Disable Encrypt-then-MAC negotiation. +Disable Encrypt\-then\-MAC negotiation. .IP "\fB\-keymatexport\fR \fIlabel\fR" 4 .IX Item "-keymatexport label" Export keying material using the specified label. @@ -626,64 +562,64 @@ Export the specified number of bytes of keying material; default is 20. .Sp Show all protocol messages with hex dump. -.IP "\fB\-trace\fR" 4 +.IP \fB\-trace\fR 4 .IX Item "-trace" Show verbose trace output of protocol messages. .IP "\fB\-msgfile\fR \fIfilename\fR" 4 .IX Item "-msgfile filename" File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. -.IP "\fB\-nbio_test\fR" 4 +.IP \fB\-nbio_test\fR 4 .IX Item "-nbio_test" Tests nonblocking I/O -.IP "\fB\-nbio\fR" 4 +.IP \fB\-nbio\fR 4 .IX Item "-nbio" Turns on nonblocking I/O -.IP "\fB\-crlf\fR" 4 +.IP \fB\-crlf\fR 4 .IX Item "-crlf" -This option translated a line feed from the terminal into \s-1CR+LF\s0 as required +This option translated a line feed from the terminal into CR+LF as required by some servers. -.IP "\fB\-ign_eof\fR" 4 +.IP \fB\-ign_eof\fR 4 .IX Item "-ign_eof" Inhibit shutting down the connection when end of file is reached in the -input. -.IP "\fB\-quiet\fR" 4 +input. This implicitly turns on \fB\-nocommands\fR as well. +.IP \fB\-quiet\fR 4 .IX Item "-quiet" Inhibit printing of session and certificate information. This implicitly -turns on \fB\-ign_eof\fR as well. -.IP "\fB\-no_ign_eof\fR" 4 +turns on \fB\-ign_eof\fR and \fB\-nocommands\fR as well. +.IP \fB\-no_ign_eof\fR 4 .IX Item "-no_ign_eof" Shut down the connection when end of file is reached in the input. Can be used to override the implicit \fB\-ign_eof\fR after \fB\-quiet\fR. .IP "\fB\-psk_identity\fR \fIidentity\fR" 4 .IX Item "-psk_identity identity" -Use the \s-1PSK\s0 identity \fIidentity\fR when using a \s-1PSK\s0 cipher suite. -The default value is \*(L"Client_identity\*(R" (without the quotes). +Use the PSK identity \fIidentity\fR when using a PSK cipher suite. +The default value is "Client_identity" (without the quotes). .IP "\fB\-psk\fR \fIkey\fR" 4 .IX Item "-psk key" -Use the \s-1PSK\s0 key \fIkey\fR when using a \s-1PSK\s0 cipher suite. The key is +Use the PSK key \fIkey\fR when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example \-psk 1a2b3c4d. -This option must be provided in order to use a \s-1PSK\s0 cipher. +This option must be provided in order to use a PSK cipher. .IP "\fB\-psk_session\fR \fIfile\fR" 4 .IX Item "-psk_session file" -Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fIfile\fR as the basis of a \s-1PSK.\s0 +Use the pem encoded SSL_SESSION data stored in \fIfile\fR as the basis of a PSK. Note that this will only work if TLSv1.3 is negotiated. -.IP "\fB\-sctp\fR" 4 +.IP \fB\-sctp\fR 4 .IX Item "-sctp" -Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in +Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only -available where OpenSSL has support for \s-1SCTP\s0 enabled. -.IP "\fB\-sctp_label_bug\fR" 4 +available where OpenSSL has support for SCTP enabled. +.IP \fB\-sctp_label_bug\fR 4 .IX Item "-sctp_label_bug" Use the incorrect behaviour of older OpenSSL implementations when computing -endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with +endpoint\-pair shared secrets for DTLS/SCTP. This allows communication with older broken implementations but breaks interoperability with correct implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only -available where OpenSSL has support for \s-1SCTP\s0 enabled. -.IP "\fB\-fallback_scsv\fR" 4 +available where OpenSSL has support for SCTP enabled. +.IP \fB\-fallback_scsv\fR 4 .IX Item "-fallback_scsv" -Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. -.IP "\fB\-async\fR" 4 +Send TLS_FALLBACK_SCSV in the ClientHello. +.IP \fB\-async\fR 4 .IX Item "-async" Switch on asynchronous mode. Cryptographic operations will be performed asynchronously. This will only have an effect if an asynchronous capable engine @@ -717,30 +653,30 @@ effect if the buffer size is larger than the size that would otherwise be used and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for further information). -.IP "\fB\-ignore_unexpected_eof\fR" 4 +.IP \fB\-ignore_unexpected_eof\fR 4 .IX Item "-ignore_unexpected_eof" -Some \s-1TLS\s0 implementations do not send the mandatory close_notify alert on +Some TLS implementations do not send the mandatory close_notify alert on shutdown. If the application tries to wait for the close_notify alert but the peer closes the connection without sending it, an error is generated. When this option is enabled the peer does not need to send the close_notify alert and a closed connection will be treated as if the close_notify alert was received. For more information on shutting down a connection, see \fBSSL_shutdown\fR\|(3). -.IP "\fB\-bugs\fR" 4 +.IP \fB\-bugs\fR 4 .IX Item "-bugs" -There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds. -.IP "\fB\-comp\fR" 4 +.IP \fB\-comp\fR 4 .IX Item "-comp" -Enables support for \s-1SSL/TLS\s0 compression. +Enables support for SSL/TLS compression. This option was introduced in OpenSSL 1.1.0. -\&\s-1TLS\s0 compression is not recommended and is off by default as of +TLS compression is not recommended and is off by default as of OpenSSL 1.1.0. -.IP "\fB\-no_comp\fR" 4 +.IP \fB\-no_comp\fR 4 .IX Item "-no_comp" -Disables support for \s-1SSL/TLS\s0 compression. -\&\s-1TLS\s0 compression is not recommended and is off by default as of +Disables support for SSL/TLS compression. +TLS compression is not recommended and is off by default as of OpenSSL 1.1.0. -.IP "\fB\-brief\fR" 4 +.IP \fB\-brief\fR 4 .IX Item "-brief" Only provide a brief summary of connection parameters instead of the normal verbose output. @@ -752,7 +688,11 @@ .IP "\fB\-curves\fR \fIcurvelist\fR" 4 .IX Item "-curves curvelist" Specifies the list of supported curves to be sent by the client. The curve is -ultimately selected by the server. For a list of all curves, use: +ultimately selected by the server. +.Sp +The list of all supported groups includes named EC parameters as well as X25519 +and X448 or FFDHE groups, and may also include groups implemented in 3rd\-party +providers. For a list of named EC parameters, use: .Sp .Vb 1 \& $ openssl ecparam \-list_curves @@ -771,108 +711,108 @@ configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See \&\fBopenssl\-ciphers\fR\|(1) for more information. The format for this list is a simple -colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +colon (":") separated list of TLSv1.3 ciphersuite names. .IP "\fB\-starttls\fR \fIprotocol\fR" 4 .IX Item "-starttls protocol" -Send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. +Send the protocol\-specific message(s) to switch to TLS for communication. \&\fIprotocol\fR is a keyword for the intended protocol. Currently, the only -supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R", \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", -\&\*(L"irc\*(R", \*(L"postgres\*(R", \*(L"mysql\*(R", \*(L"lmtp\*(R", \*(L"nntp\*(R", \*(L"sieve\*(R" and \*(L"ldap\*(R". +supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp\-server", +"irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap". .IP "\fB\-xmpphost\fR \fIhostname\fR" 4 .IX Item "-xmpphost hostname" -This option, when used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", -specifies the host for the \*(L"to\*(R" attribute of the stream element. -If this option is not specified, then the host specified with \*(L"\-connect\*(R" +This option, when used with "\-starttls xmpp" or "\-starttls xmpp\-server", +specifies the host for the "to" attribute of the stream element. +If this option is not specified, then the host specified with "\-connect" will be used. .Sp -This option is an alias of the \fB\-name\fR option for \*(L"xmpp\*(R" and \*(L"xmpp-server\*(R". +This option is an alias of the \fB\-name\fR option for "xmpp" and "xmpp\-server". .IP "\fB\-name\fR \fIhostname\fR" 4 .IX Item "-name hostname" This option is used to specify hostname information for various protocols -used with \fB\-starttls\fR option. Currently only \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", -\&\*(L"smtp\*(R" and \*(L"lmtp\*(R" can utilize this \fB\-name\fR option. +used with \fB\-starttls\fR option. Currently only "xmpp", "xmpp\-server", +"smtp" and "lmtp" can utilize this \fB\-name\fR option. .Sp -If this option is used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", -if specifies the host for the \*(L"to\*(R" attribute of the stream element. If this -option is not specified, then the host specified with \*(L"\-connect\*(R" will be used. +If this option is used with "\-starttls xmpp" or "\-starttls xmpp\-server", +if specifies the host for the "to" attribute of the stream element. If this +option is not specified, then the host specified with "\-connect" will be used. .Sp -If this option is used with \*(L"\-starttls lmtp\*(R" or \*(L"\-starttls smtp\*(R", it specifies -the name to use in the \*(L"\s-1LMTP LHLO\*(R"\s0 or \*(L"\s-1SMTP EHLO\*(R"\s0 message, respectively. If -this option is not specified, then \*(L"mail.example.com\*(R" will be used. -.IP "\fB\-tlsextdebug\fR" 4 +If this option is used with "\-starttls lmtp" or "\-starttls smtp", it specifies +the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If +this option is not specified, then "mail.example.com" will be used. +.IP \fB\-tlsextdebug\fR 4 .IX Item "-tlsextdebug" -Print out a hex dump of any \s-1TLS\s0 extensions received from the server. -.IP "\fB\-no_ticket\fR" 4 +Print out a hex dump of any TLS extensions received from the server. +.IP \fB\-no_ticket\fR 4 .IX Item "-no_ticket" Disable RFC4507bis session ticket support. .IP "\fB\-sess_out\fR \fIfilename\fR" 4 .IX Item "-sess_out filename" -Output \s-1SSL\s0 session to \fIfilename\fR. +Output SSL session to \fIfilename\fR. .IP "\fB\-sess_in\fR \fIfilename\fR" 4 .IX Item "-sess_in filename" -Load \s-1SSL\s0 session from \fIfilename\fR. The client will attempt to resume a +Load SSL session from \fIfilename\fR. The client will attempt to resume a connection from this session. .IP "\fB\-serverinfo\fR \fItypes\fR" 4 .IX Item "-serverinfo types" -A list of comma-separated \s-1TLS\s0 Extension Types (numbers between 0 and -65535). Each type will be sent as an empty ClientHello \s-1TLS\s0 Extension. -The server's response (if any) will be encoded and displayed as a \s-1PEM\s0 +A list of comma\-separated TLS Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello TLS Extension. +The server\*(Aqs response (if any) will be encoded and displayed as a PEM file. -.IP "\fB\-status\fR" 4 +.IP \fB\-status\fR 4 .IX Item "-status" -Sends a certificate status request to the server (\s-1OCSP\s0 stapling). The server +Sends a certificate status request to the server (OCSP stapling). The server response (if any) is printed out. .IP "\fB\-alpn\fR \fIprotocols\fR, \fB\-nextprotoneg\fR \fIprotocols\fR" 4 .IX Item "-alpn protocols, -nextprotoneg protocols" -These flags enable the Enable the Application-Layer Protocol Negotiation -or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the -\&\s-1IETF\s0 standard and replaces \s-1NPN.\s0 -The \fIprotocols\fR list is a comma-separated list of protocol names that +These flags enable the Enable the Application\-Layer Protocol Negotiation +or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the +IETF standard and replaces NPN. +The \fIprotocols\fR list is a comma\-separated list of protocol names that the client should advertise support for. The list should contain the most -desirable protocols first. Protocol names are printable \s-1ASCII\s0 strings, -for example \*(L"http/1.1\*(R" or \*(L"spdy/3\*(R". +desirable protocols first. Protocol names are printable ASCII strings, +for example "http/1.1" or "spdy/3". An empty list of protocols is treated specially and will cause the -client to advertise support for the \s-1TLS\s0 extension but disconnect just +client to advertise support for the TLS extension but disconnect just after receiving ServerHello with a list of server supported protocols. The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. .IP "\fB\-ct\fR, \fB\-noct\fR" 4 .IX Item "-ct, -noct" -Use one of these two options to control whether Certificate Transparency (\s-1CT\s0) +Use one of these two options to control whether Certificate Transparency (CT) is enabled (\fB\-ct\fR) or disabled (\fB\-noct\fR). -If \s-1CT\s0 is enabled, signed certificate timestamps (SCTs) will be requested from +If CT is enabled, signed certificate timestamps (SCTs) will be requested from the server and reported at handshake completion. .Sp -Enabling \s-1CT\s0 also enables \s-1OCSP\s0 stapling, as this is one possible delivery method +Enabling CT also enables OCSP stapling, as this is one possible delivery method for SCTs. -.IP "\fB\-ctlogfile\fR" 4 +.IP \fB\-ctlogfile\fR 4 .IX Item "-ctlogfile" A file containing a list of known Certificate Transparency logs. See \&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format. .IP "\fB\-keylogfile\fR \fIfile\fR" 4 .IX Item "-keylogfile file" -Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs -(like Wireshark) can decrypt \s-1TLS\s0 connections. +Appends TLS secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt TLS connections. .IP "\fB\-early_data\fR \fIfile\fR" 4 .IX Item "-early_data file" Reads the contents of the specified file and attempts to send it as early data to the server. This will only work with resumed sessions that support early data and when the server accepts the early data. -.IP "\fB\-enable_pha\fR" 4 +.IP \fB\-enable_pha\fR 4 .IX Item "-enable_pha" -For TLSv1.3 only, send the Post-Handshake Authentication extension. This will +For TLSv1.3 only, send the Post\-Handshake Authentication extension. This will happen whether or not a certificate has been provided via \fB\-cert\fR. .IP "\fB\-use_srtp\fR \fIvalue\fR" 4 .IX Item "-use_srtp value" -Offer \s-1SRTP\s0 key management, where \fBvalue\fR is a colon-separated profile list. +Offer SRTP key management, where \fBvalue\fR is a colon\-separated profile list. .IP "\fB\-srpuser\fR \fIvalue\fR" 4 .IX Item "-srpuser value" -Set the \s-1SRP\s0 username to the specified value. This option is deprecated. +Set the SRP username to the specified value. This option is deprecated. .IP "\fB\-srppass\fR \fIvalue\fR" 4 .IX Item "-srppass value" -Set the \s-1SRP\s0 password to the specified value. This option is deprecated. -.IP "\fB\-srp_lateuser\fR" 4 +Set the SRP password to the specified value. This option is deprecated. +.IP \fB\-srp_lateuser\fR 4 .IX Item "-srp_lateuser" -\&\s-1SRP\s0 username for the second ClientHello message. This option is deprecated. +SRP username for the second ClientHello message. This option is deprecated. .IP "\fB\-srp_moregroups\fR This option is deprecated." 4 .IX Item "-srp_moregroups This option is deprecated." Tolerate other than the known \fBg\fR and \fBN\fR values. @@ -882,28 +822,28 @@ deprecated. .IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 .IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" -See \*(L"\s-1TLS\s0 Version Options\*(R" in \fBopenssl\fR\|(1). +See "TLS Version Options" in \fBopenssl\fR\|(1). .IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 .IX Item "-dtls, -dtls1, -dtls1_2" -These specify the use of \s-1DTLS\s0 instead of \s-1TLS.\s0 -See \*(L"\s-1TLS\s0 Version Options\*(R" in \fBopenssl\fR\|(1). +These specify the use of DTLS instead of TLS. +See "TLS Version Options" in \fBopenssl\fR\|(1). .IP "\fB\-nameopt\fR \fIoption\fR" 4 .IX Item "-nameopt option" This specifies how the subject or issuer names are displayed. See \fBopenssl\-namedisplay\-options\fR\|(1) for details. -.IP "\fB\-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \fIfile\fR, \fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \fIfile\fR, \fB\-xcertform\fR \fBDER\fR|\fBPEM\fR, \fB\-xkeyform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-xkey infile, -xcert file, -xchain file, -xchain_build file, -xcertform DER|PEM, -xkeyform DER|PEM" Set extended certificate verification options. -See \*(L"Extended Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Extended Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-bugs\fR, \fB\-comp\fR, \fB\-no_comp\fR, \fB\-no_ticket\fR, \fB\-serverpref\fR, \fB\-client_renegotiation\fR, \fB\-legacy_renegotiation\fR, \fB\-no_renegotiation\fR, \fB\-no_resumption_on_reneg\fR, \fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR, \fB\-no_etm\fR \fB\-allow_no_dhe_kex\fR, \fB\-prioritize_chacha\fR, \fB\-strict\fR, \fB\-sigalgs\fR \fIalgs\fR, \fB\-client_sigalgs\fR \fIalgs\fR, \fB\-groups\fR \fIgroups\fR, \fB\-curves\fR \fIcurves\fR, \fB\-named_curve\fR \fIcurve\fR, \fB\-cipher\fR \fIciphers\fR, \fB\-ciphersuites\fR \fI1.3ciphers\fR, \fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR, \fB\-record_padding\fR \fIpadding\fR, \fB\-debug_broken_protocol\fR, \fB\-no_middlebox\fR" 4 .IX Item "-bugs, -comp, -no_comp, -no_ticket, -serverpref, -client_renegotiation, -legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, -legacy_server_connect, -no_legacy_server_connect, -no_etm -allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs algs, -client_sigalgs algs, -groups groups, -curves curves, -named_curve curve, -cipher ciphers, -ciphersuites 1.3ciphers, -min_protocol minprot, -max_protocol maxprot, -record_padding padding, -debug_broken_protocol, -no_middlebox" -See \*(L"\s-1SUPPORTED COMMAND LINE COMMANDS\*(R"\s0 in \fBSSL_CONF_cmd\fR\|(3) for details. +See "SUPPORTED COMMAND LINE COMMANDS" in \fBSSL_CONF_cmd\fR\|(3) for details. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -912,10 +852,10 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-ssl_client_engine\fR \fIid\fR" 4 .IX Item "-ssl_client_engine id" @@ -923,40 +863,41 @@ .IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 .IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" Set various options of certificate chain verification. -See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .Sp Verification errors are displayed, for debugging, but the command will proceed unless the \fB\-verify_return_error\fR option is used. -.IP "\fIhost\fR:\fIport\fR" 4 +.IP \fIhost\fR:\fIport\fR 4 .IX Item "host:port" -Rather than providing \fB\-connect\fR, the target hostname and optional port may +Rather than providing \fB\-connect\fR, the target host and optional port may be provided as a single positional argument after all options. If neither this nor \fB\-connect\fR are provided, falls back to attempting to connect to \&\fIlocalhost\fR on port \fI4433\fR. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. .SH "CONNECTED COMMANDS" .IX Header "CONNECTED COMMANDS" -If a connection is established with an \s-1SSL\s0 server then any data received +If a connection is established with an SSL server then any data received from the server is displayed and any key presses will be sent to the server. If end of file is reached then the connection will be closed down. When used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR have been given), then certain commands are also recognized which perform special operations. These commands are a letter which must appear at the start of a line. They are listed below. -.IP "\fBQ\fR" 4 +.IP \fBQ\fR 4 .IX Item "Q" -End the current \s-1SSL\s0 connection and exit. -.IP "\fBR\fR" 4 +End the current SSL connection and exit. +.IP \fBR\fR 4 .IX Item "R" -Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). -.IP "\fBk\fR" 4 +Renegotiate the SSL session (TLSv1.2 and below only). +.IP \fBk\fR 4 .IX Item "k" Send a key update message to the server (TLSv1.3 only) -.IP "\fBK\fR" 4 +.IP \fBK\fR 4 .IX Item "K" Send a key update message to the server and request one back (TLSv1.3 only) -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -This command can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL HTTP\s0 +This command can be used to debug SSL servers. To connect to an SSL HTTP server the command: .PP .Vb 1 @@ -964,7 +905,7 @@ .Ve .PP would typically be used (https uses port 443). If the connection succeeds -then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET /\*(R"\s0 to retrieve a web page. +then an HTTP command can be given such as "GET /" to retrieve a web page. .PP If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the \fB\-bugs\fR, @@ -975,11 +916,11 @@ A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending -the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it -requests a certificate. By using this command, the \s-1CA\s0 list can be viewed +the clients certificate authority in its "acceptable CA list" when it +requests a certificate. By using this command, the CA list can be viewed and checked. However, some servers only request client authentication -after a specific \s-1URL\s0 is requested. To obtain the list in this case it -is necessary to use the \fB\-prexit\fR option and send an \s-1HTTP\s0 request +after a specific URL is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option and send an HTTP request for an appropriate page. .PP If a certificate is specified on the command line using the \fB\-cert\fR @@ -993,19 +934,71 @@ .PP This command is a test tool and is designed to continue the handshake after any certificate verification errors. As a result it will -accept any certificate chain (trusted or not) sent by the peer. Non-test -applications should \fBnot\fR do this as it makes them vulnerable to a \s-1MITM\s0 +accept any certificate chain (trusted or not) sent by the peer. Non\-test +applications should \fBnot\fR do this as it makes them vulnerable to a MITM attack. This behaviour can be changed by with the \fB\-verify_return_error\fR option: any verify errors are then returned aborting the handshake. .PP The \fB\-bind\fR option may be useful if the server or a firewall requires connections to come from some particular address and or port. -.SH "BUGS" +.SS "Note on Non\-Interactive Use" +.IX Subsection "Note on Non-Interactive Use" +When \fBs_client\fR is run in a non\-interactive environment (e.g., a cron job or +a script without a valid \fIstdin\fR), it may close the connection prematurely, +especially with TLS 1.3. To prevent this, you can use the \fB\-ign_eof\fR flag, +which keeps \fBs_client\fR running even after reaching EOF from \fIstdin\fR. +.PP +For example: +.PP +.Vb 3 +\& openssl s_client \-connect :443 \-tls1_3 +\& \-sess_out /path/to/tls_session_params_file +\& \-ign_eof :25 :25 +\& \-starttls smtp \-brief \-ign_eof +.Ve +.PP +Similarly, for HTTP/1.1 connections, including a \`Connection: close\` header +ensures the server closes the connection after responding: +.PP +.Vb 2 +\& printf \*(AqGET / HTTP/1.1\er\enHost: \er\enConnection: close\er\en\er\en\*(Aq +\& | openssl s_client \-connect :443 \-brief +.Ve +.PP +These approaches help manage the connection closure gracefully and prevent +hangs caused by the server waiting for the client to initiate the disconnect. +.SH BUGS .IX Header "BUGS" Because this program has a lot of options and also because some of the techniques used are rather old, the C source for this command is rather hard to read and not a model of how things should be done. -A typical \s-1SSL\s0 client program would be much simpler. +A typical SSL client program would be much simpler. .PP The \fB\-prexit\fR option is a bit of a hack. We should really report information whenever a session is renegotiated. @@ -1020,7 +1013,7 @@ \&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \&\fBSSL_CTX_set_max_pipelines\fR\|(3), \&\fBossl_store\-file\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-no_alt_chains\fR option was added in OpenSSL 1.1.0. The \fB\-name\fR option was added in OpenSSL 1.1.1. @@ -1028,11 +1021,11 @@ The \fB\-certform\fR option has become obsolete in OpenSSL 3.0.0 and has no effect. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-s_server.1.orig +++ secure/usr.bin/openssl/man/openssl-s_server.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-S_SERVER 1ossl" -.TH OPENSSL-S_SERVER 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-S_SERVER 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-s_server \- SSL/TLS server program -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBs_server\fR [\fB\-help\fR] @@ -155,19 +80,19 @@ [\fB\-Verify\fR \fIint\fR] [\fB\-cert\fR \fIinfile\fR] [\fB\-cert2\fR \fIinfile\fR] -[\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR] +[\fB\-certform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR] [\fB\-cert_chain\fR \fIinfile\fR] [\fB\-build_chain\fR] [\fB\-serverinfo\fR \fIval\fR] [\fB\-key\fR \fIfilename\fR|\fIuri\fR] [\fB\-key2\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-pass\fR \fIval\fR] [\fB\-dcert\fR \fIinfile\fR] -[\fB\-dcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR] +[\fB\-dcertform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR] [\fB\-dcert_chain\fR \fIinfile\fR] [\fB\-dkey\fR \fIfilename\fR|\fIuri\fR] -[\fB\-dkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-dkeyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-dpass\fR \fIval\fR] [\fB\-nbio_test\fR] [\fB\-crlf\fR] @@ -191,7 +116,7 @@ [\fB\-keymatexport\fR \fIval\fR] [\fB\-keymatexportlen\fR \fI+int\fR] [\fB\-CRL\fR \fIinfile\fR] -[\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-CRLform\fR \fBDER\fR|\fBPEM\fR] [\fB\-crl_download\fR] [\fB\-chainCAfile\fR \fIinfile\fR] [\fB\-chainCApath\fR \fIdir\fR] @@ -209,7 +134,7 @@ [\fB\-status\fR] [\fB\-status_verbose\fR] [\fB\-status_timeout\fR \fIint\fR] -[\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path]\fR] +[\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\fR] [\fB\-no_proxy\fR \fIaddresses\fR] [\fB\-status_url\fR \fIval\fR] [\fB\-status_file\fR \fIinfile\fR] @@ -346,8 +271,8 @@ [\fB\-xcert\fR \fIfile\fR] [\fB\-xchain\fR \fIfile\fR] [\fB\-xchain_build\fR \fIfile\fR] -[\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> -[\fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-xcertform\fR \fBDER\fR|\fBPEM\fR]> +[\fB\-xkeyform\fR \fBDER\fR|\fBPEM\fR]> [\fB\-CAfile\fR \fIfile\fR] [\fB\-no\-CAfile\fR] [\fB\-CApath\fR \fIdir\fR] @@ -360,39 +285,39 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command implements a generic \s-1SSL/TLS\s0 server which -listens for connections on a given port using \s-1SSL/TLS.\s0 -.SH "OPTIONS" +This command implements a generic SSL/TLS server which +listens for connections on a given port using SSL/TLS. +.SH OPTIONS .IX Header "OPTIONS" In addition to the options below, this command also supports the common and server only options documented -\&\*(L"Supported Command Line Commands\*(R" in \fBSSL_CONF_cmd\fR\|(3) -.IP "\fB\-help\fR" 4 +"Supported Command Line Commands" in \fBSSL_CONF_cmd\fR\|(3) +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-port\fR \fI+int\fR" 4 .IX Item "-port +int" -The \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. +The TCP port to listen on for connections. If not specified 4433 is used. .IP "\fB\-accept\fR \fIval\fR" 4 .IX Item "-accept val" -The optional \s-1TCP\s0 host and port to listen on for connections. If not specified, *:4433 is used. +The optional TCP host and port to listen on for connections. If not specified, *:4433 is used. .IP "\fB\-unix\fR \fIval\fR" 4 .IX Item "-unix val" Unix domain socket to accept on. -.IP "\fB\-4\fR" 4 +.IP \fB\-4\fR 4 .IX Item "-4" Use IPv4 only. -.IP "\fB\-6\fR" 4 +.IP \fB\-6\fR 4 .IX Item "-6" Use IPv6 only. -.IP "\fB\-unlink\fR" 4 +.IP \fB\-unlink\fR 4 .IX Item "-unlink" For \-unix, unlink any existing socket first. .IP "\fB\-context\fR \fIval\fR" 4 .IX Item "-context val" -Sets the \s-1SSL\s0 context id. It can be given any string value. If this option +Sets the SSL context id. It can be given any string value. If this option is not present a default value will be used. .IP "\fB\-verify\fR \fIint\fR, \fB\-Verify\fR \fIint\fR" 4 .IX Item "-verify int, -Verify int" @@ -403,35 +328,39 @@ must supply a certificate or an error occurs. .Sp If the cipher suite cannot request a client certificate (for example an -anonymous cipher suite or \s-1PSK\s0) this option has no effect. +anonymous cipher suite or PSK) this option has no effect. +.Sp +By default, validation of any supplied client certificate and its chain +is done w.r.t. the (D)TLS Client (\f(CW\*(C`sslclient\*(C'\fR) purpose. +For details see "Certificate Extensions" in \fBopenssl\-verification\-options\fR\|(1). .IP "\fB\-cert\fR \fIinfile\fR" 4 .IX Item "-cert infile" The certificate to use, most servers cipher suites require the use of a certificate and some require a certificate with a certain public key type: -for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 -(\s-1DSA\s0) key. If not specified then the filename \fIserver.pem\fR will be used. +for example the DSS cipher suites require a certificate containing a DSS +(DSA) key. If not specified then the filename \fIserver.pem\fR will be used. .IP "\fB\-cert2\fR \fIinfile\fR" 4 .IX Item "-cert2 infile" The certificate file to use for servername; default is \f(CW\*(C`server2.pem\*(C'\fR. -.IP "\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4 +.IP "\fB\-certform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4 .IX Item "-certform DER|PEM|P12" The server certificate file format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-cert_chain\fR" 4 +.IP \fB\-cert_chain\fR 4 .IX Item "-cert_chain" -A file or \s-1URI\s0 of untrusted certificates to use when attempting to build the +A file or URI of untrusted certificates to use when attempting to build the certificate chain related to the certificate specified via the \fB\-cert\fR option. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. -.IP "\fB\-build_chain\fR" 4 +The input can be in PEM, DER, or PKCS#12 format. +.IP \fB\-build_chain\fR 4 .IX Item "-build_chain" Specify whether the application should build the server certificate chain to be provided to the client. .IP "\fB\-serverinfo\fR \fIval\fR" 4 .IX Item "-serverinfo val" -A file containing one or more blocks of \s-1PEM\s0 data. Each \s-1PEM\s0 block -must encode a \s-1TLS\s0 ServerHello extension (2 bytes type, 2 bytes length, -followed by \*(L"length\*(R" bytes of extension data). If the client sends -an empty \s-1TLS\s0 ClientHello extension matching the type, the corresponding +A file containing one or more blocks of PEM data. Each PEM block +must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, +followed by "length" bytes of extension data). If the client sends +an empty TLS ClientHello extension matching the type, the corresponding ServerHello extension will be returned. .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-key filename|uri" @@ -440,7 +369,7 @@ .IP "\fB\-key2\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-key2 filename|uri" The private Key file to use for servername if not given via \fB\-cert2\fR. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The key format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -455,21 +384,21 @@ same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default if they are not specified (no additional certificate and key is used). As noted above some cipher suites require a certificate containing a key of -a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key -and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys -a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites +a certain type. Some cipher suites need a certificate carrying an RSA key +and some a DSS (DSA) key. By using RSA and DSS certificates and keys +a server can support clients which only support RSA or DSS cipher suites by using an appropriate certificate. -.IP "\fB\-dcert_chain\fR" 4 +.IP \fB\-dcert_chain\fR 4 .IX Item "-dcert_chain" -A file or \s-1URI\s0 of untrusted certificates to use when attempting to build the +A file or URI of untrusted certificates to use when attempting to build the server certificate chain when a certificate specified via the \fB\-dcert\fR option is in use. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. -.IP "\fB\-dcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4 +The input can be in PEM, DER, or PKCS#12 format. +.IP "\fB\-dcertform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4 .IX Item "-dcertform DER|PEM|P12" The format of the additional certificate file; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-dkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-dkeyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-dkeyform DER|PEM|P12|ENGINE" The format of the additional private key; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -478,219 +407,220 @@ The passphrase for the additional private key and certificate. For more information about the format of \fIval\fR, see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-nbio_test\fR" 4 +.IP \fB\-nbio_test\fR 4 .IX Item "-nbio_test" Tests non blocking I/O. -.IP "\fB\-crlf\fR" 4 +.IP \fB\-crlf\fR 4 .IX Item "-crlf" -This option translated a line feed from the terminal into \s-1CR+LF.\s0 -.IP "\fB\-debug\fR" 4 +This option translated a line feed from the terminal into CR+LF. +.IP \fB\-debug\fR 4 .IX Item "-debug" Print extensive debugging information including a hex dump of all traffic. -.IP "\fB\-security_debug\fR" 4 +.IP \fB\-security_debug\fR 4 .IX Item "-security_debug" -Print output from \s-1SSL/TLS\s0 security framework. -.IP "\fB\-security_debug_verbose\fR" 4 +Print output from SSL/TLS security framework. +.IP \fB\-security_debug_verbose\fR 4 .IX Item "-security_debug_verbose" -Print more output from \s-1SSL/TLS\s0 security framework -.IP "\fB\-msg\fR" 4 +Print more output from SSL/TLS security framework +.IP \fB\-msg\fR 4 .IX Item "-msg" Show all protocol messages with hex dump. .IP "\fB\-msgfile\fR \fIoutfile\fR" 4 .IX Item "-msgfile outfile" File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. -.IP "\fB\-state\fR" 4 +.IP \fB\-state\fR 4 .IX Item "-state" -Prints the \s-1SSL\s0 session states. +Prints the SSL session states. .IP "\fB\-CRL\fR \fIinfile\fR" 4 .IX Item "-CRL infile" -The \s-1CRL\s0 file to use. -.IP "\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +The CRL file to use. +.IP "\fB\-CRLform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-CRLform DER|PEM" -The \s-1CRL\s0 file format; unspecified by default. +The CRL file format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-crl_download\fR" 4 +.IP \fB\-crl_download\fR 4 .IX Item "-crl_download" -Download CRLs from distribution points given in \s-1CDP\s0 extensions of certificates +Download CRLs from distribution points given in CDP extensions of certificates .IP "\fB\-verifyCAfile\fR \fIfilename\fR" 4 .IX Item "-verifyCAfile filename" -A file in \s-1PEM\s0 format \s-1CA\s0 containing trusted certificates to use +A file in PEM format CA containing trusted certificates to use for verifying client certificates. .IP "\fB\-verifyCApath\fR \fIdir\fR" 4 .IX Item "-verifyCApath dir" A directory containing trusted certificates to use for verifying client certificates. -This directory must be in \*(L"hash format\*(R", +This directory must be in "hash format", see \fBopenssl\-verify\fR\|(1) for more information. .IP "\fB\-verifyCAstore\fR \fIuri\fR" 4 .IX Item "-verifyCAstore uri" -The \s-1URI\s0 of a store containing trusted certificates to use +The URI of a store containing trusted certificates to use for verifying client certificates. .IP "\fB\-chainCAfile\fR \fIfile\fR" 4 .IX Item "-chainCAfile file" -A file in \s-1PEM\s0 format containing trusted certificates to use +A file in PEM format containing trusted certificates to use when attempting to build the server certificate chain. .IP "\fB\-chainCApath\fR \fIdir\fR" 4 .IX Item "-chainCApath dir" A directory containing trusted certificates to use for building the server certificate chain provided to the client. -This directory must be in \*(L"hash format\*(R", +This directory must be in "hash format", see \fBopenssl\-verify\fR\|(1) for more information. .IP "\fB\-chainCAstore\fR \fIuri\fR" 4 .IX Item "-chainCAstore uri" -The \s-1URI\s0 of a store containing trusted certificates to use +The URI of a store containing trusted certificates to use for building the server certificate chain provided to the client. -The \s-1URI\s0 may indicate a single certificate, as well as a collection of them. +The URI may indicate a single certificate, as well as a collection of them. With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-chainCAfile\fR or -\&\fB\-chainCApath\fR, depending on if the \s-1URI\s0 indicates a directory or a +\&\fB\-chainCApath\fR, depending on if the URI indicates a directory or a single file. See \fBossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme. -.IP "\fB\-nocert\fR" 4 +.IP \fB\-nocert\fR 4 .IX Item "-nocert" If this option is set then no certificate is used. This restricts the cipher suites available to the anonymous ones (currently just anonymous -\&\s-1DH\s0). -.IP "\fB\-quiet\fR" 4 +DH). +.IP \fB\-quiet\fR 4 .IX Item "-quiet" Inhibit printing of session and certificate information. -.IP "\fB\-no_resume_ephemeral\fR" 4 +.IP \fB\-no_resume_ephemeral\fR 4 .IX Item "-no_resume_ephemeral" -Disable caching and tickets if ephemeral (\s-1EC\s0)DH is used. -.IP "\fB\-tlsextdebug\fR" 4 +Disable caching and tickets if ephemeral (EC)DH is used. +.IP \fB\-tlsextdebug\fR 4 .IX Item "-tlsextdebug" -Print a hex dump of any \s-1TLS\s0 extensions received from the server. -.IP "\fB\-www\fR" 4 +Print a hex dump of any TLS extensions received from the server. +.IP \fB\-www\fR 4 .IX Item "-www" Sends a status message back to the client when it connects. This includes information about the ciphers used and various session parameters. -The output is in \s-1HTML\s0 format so this option can be used with a web browser. -The special \s-1URL\s0 \f(CW\*(C`/renegcert\*(C'\fR turns on client cert validation, and \f(CW\*(C`/reneg\*(C'\fR +The output is in HTML format so this option can be used with a web browser. +The special URL \f(CW\*(C`/renegcert\*(C'\fR turns on client cert validation, and \f(CW\*(C`/reneg\*(C'\fR tells the server to request renegotiation. The \fB\-early_data\fR option cannot be used with this option. .IP "\fB\-WWW\fR, \fB\-HTTP\fR" 4 .IX Item "-WWW, -HTTP" Emulates a simple web server. Pages will be resolved relative to the -current directory, for example if the \s-1URL\s0 \f(CW\*(C`https://myhost/page.html\*(C'\fR is +current directory, for example if the URL \f(CW\*(C`https://myhost/page.html\*(C'\fR is requested the file \fI./page.html\fR will be sent. If the \fB\-HTTP\fR flag is used, the files are sent directly, and should contain -any \s-1HTTP\s0 response headers (including status response line). +any HTTP response headers (including status response line). If the \fB\-WWW\fR option is used, the response headers are generated by the server, and the file extension is -examined to determine the \fBContent-Type\fR header. +examined to determine the \fBContent\-Type\fR header. Extensions of \f(CW\*(C`html\*(C'\fR, \f(CW\*(C`htm\*(C'\fR, and \f(CW\*(C`php\*(C'\fR are \f(CW\*(C`text/html\*(C'\fR and all others are \&\f(CW\*(C`text/plain\*(C'\fR. -In addition, the special \s-1URL\s0 \f(CW\*(C`/stats\*(C'\fR will return status +In addition, the special URL \f(CW\*(C`/stats\*(C'\fR will return status information like the \fB\-www\fR option. Neither of these options can be used in conjunction with \fB\-early_data\fR. -.IP "\fB\-http_server_binmode\fR" 4 +.IP \fB\-http_server_binmode\fR 4 .IX Item "-http_server_binmode" -When acting as web-server (using option \fB\-WWW\fR or \fB\-HTTP\fR) open files requested +When acting as web\-server (using option \fB\-WWW\fR or \fB\-HTTP\fR) open files requested by the client in binary mode. -.IP "\fB\-no_ca_names\fR" 4 +.IP \fB\-no_ca_names\fR 4 .IX Item "-no_ca_names" -Disable \s-1TLS\s0 Extension \s-1CA\s0 Names. You may want to disable it for security reasons -or for compatibility with some Windows \s-1TLS\s0 implementations crashing when this +Disable TLS Extension CA Names. You may want to disable it for security reasons +or for compatibility with some Windows TLS implementations crashing when this extension is larger than 1024 bytes. -.IP "\fB\-ignore_unexpected_eof\fR" 4 +.IP \fB\-ignore_unexpected_eof\fR 4 .IX Item "-ignore_unexpected_eof" -Some \s-1TLS\s0 implementations do not send the mandatory close_notify alert on +Some TLS implementations do not send the mandatory close_notify alert on shutdown. If the application tries to wait for the close_notify alert but the peer closes the connection without sending it, an error is generated. When this option is enabled the peer does not need to send the close_notify alert and a closed connection will be treated as if the close_notify alert was received. For more information on shutting down a connection, see \fBSSL_shutdown\fR\|(3). -.IP "\fB\-servername\fR" 4 +.IP \fB\-servername\fR 4 .IX Item "-servername" -Servername for HostName \s-1TLS\s0 extension. -.IP "\fB\-servername_fatal\fR" 4 +Servername for HostName TLS extension. +.IP \fB\-servername_fatal\fR 4 .IX Item "-servername_fatal" On servername mismatch send fatal alert (default: warning alert). .IP "\fB\-id_prefix\fR \fIval\fR" 4 .IX Item "-id_prefix val" -Generate \s-1SSL/TLS\s0 session IDs prefixed by \fIval\fR. This is mostly useful -for testing any \s-1SSL/TLS\s0 code (e.g. proxies) that wish to deal with multiple +Generate SSL/TLS session IDs prefixed by \fIval\fR. This is mostly useful +for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session IDs (e.g. with a certain prefix). -.IP "\fB\-keymatexport\fR" 4 +.IP \fB\-keymatexport\fR 4 .IX Item "-keymatexport" Export keying material using label. -.IP "\fB\-keymatexportlen\fR" 4 +.IP \fB\-keymatexportlen\fR 4 .IX Item "-keymatexportlen" Export the given number of bytes of keying material; default 20. -.IP "\fB\-no_cache\fR" 4 +.IP \fB\-no_cache\fR 4 .IX Item "-no_cache" Disable session cache. -.IP "\fB\-ext_cache\fR." 4 +.IP \fB\-ext_cache\fR. 4 .IX Item "-ext_cache." Disable internal cache, set up and use external cache. -.IP "\fB\-verify_return_error\fR" 4 +.IP \fB\-verify_return_error\fR 4 .IX Item "-verify_return_error" Verification errors normally just print a message but allow the connection to continue, for debugging purposes. If this option is used, then verification errors close the connection. -.IP "\fB\-verify_quiet\fR" 4 +.IP \fB\-verify_quiet\fR 4 .IX Item "-verify_quiet" No verify output except verify errors. -.IP "\fB\-ign_eof\fR" 4 +.IP \fB\-ign_eof\fR 4 .IX Item "-ign_eof" -Ignore input \s-1EOF\s0 (default: when \fB\-quiet\fR). -.IP "\fB\-no_ign_eof\fR" 4 +Ignore input EOF (default: when \fB\-quiet\fR). +.IP \fB\-no_ign_eof\fR 4 .IX Item "-no_ign_eof" -Do not ignore input \s-1EOF.\s0 -.IP "\fB\-no_etm\fR" 4 +Do not ignore input EOF. +.IP \fB\-no_etm\fR 4 .IX Item "-no_etm" -Disable Encrypt-then-MAC negotiation. -.IP "\fB\-status\fR" 4 +Disable Encrypt\-then\-MAC negotiation. +.IP \fB\-status\fR 4 .IX Item "-status" -Enables certificate status request support (aka \s-1OCSP\s0 stapling). -.IP "\fB\-status_verbose\fR" 4 +Enables certificate status request support (aka OCSP stapling). +.IP \fB\-status_verbose\fR 4 .IX Item "-status_verbose" -Enables certificate status request support (aka \s-1OCSP\s0 stapling) and gives -a verbose printout of the \s-1OCSP\s0 response. +Enables certificate status request support (aka OCSP stapling) and gives +a verbose printout of the OCSP response. .IP "\fB\-status_timeout\fR \fIint\fR" 4 .IX Item "-status_timeout int" -Sets the timeout for \s-1OCSP\s0 response to \fIint\fR seconds. -.IP "\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path]\fR" 4 -.IX Item "-proxy [http[s]://][userinfo@]host[:port][/path]" -The \s-1HTTP\s0(S) proxy server to use for reaching the \s-1OCSP\s0 server unless \fB\-no_proxy\fR +Sets the timeout for OCSP response to \fIint\fR seconds. +.IP "\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\fR" 4 +.IX Item "-proxy [http[s]://][userinfo@]host[:port][/path][?query][#fragment]" +The HTTP(S) proxy server to use for reaching the OCSP server unless \fB\-no_proxy\fR applies, see below. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. The proxy port defaults to 80 or 443 if the scheme is \f(CW\*(C`https\*(C'\fR; apart from that the optional \f(CW\*(C`http://\*(C'\fR or \f(CW\*(C`https://\*(C'\fR prefix is ignored, -as well as any userinfo and path components. +as well as any userinfo, path, query, and fragment components. Defaults to the environment variable \f(CW\*(C`http_proxy\*(C'\fR if set, else \f(CW\*(C`HTTP_PROXY\*(C'\fR -in case no \s-1TLS\s0 is used, otherwise \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. +in case no TLS is used, otherwise \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. .IP "\fB\-no_proxy\fR \fIaddresses\fR" 4 .IX Item "-no_proxy addresses" -List of \s-1IP\s0 addresses and/or \s-1DNS\s0 names of servers -not to use an \s-1HTTP\s0(S) proxy for, separated by commas and/or whitespace -(where in the latter case the whole argument must be enclosed in \*(L"...\*(R"). +List of IP addresses and/or DNS names of servers +not to use an HTTP(S) proxy for, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). Default is from the environment variable \f(CW\*(C`no_proxy\*(C'\fR if set, else \f(CW\*(C`NO_PROXY\*(C'\fR. .IP "\fB\-status_url\fR \fIval\fR" 4 .IX Item "-status_url val" -Sets a fallback responder \s-1URL\s0 to use if no responder \s-1URL\s0 is present in the +Sets a fallback responder URL to use if no responder URL is present in the server certificate. Without this option an error is returned if the server certificate does not contain a responder address. -The optional userinfo and fragment \s-1URL\s0 components are ignored. +The optional userinfo and fragment URL components are ignored. Any given query component is handled as part of the path component. .IP "\fB\-status_file\fR \fIinfile\fR" 4 .IX Item "-status_file infile" -Overrides any \s-1OCSP\s0 responder URLs from the certificate and always provides the -\&\s-1OCSP\s0 Response stored in the file. The file must be in \s-1DER\s0 format. +Overrides any OCSP responder URLs from the certificate and always provides the +OCSP Response stored in the file. The file must be in DER format. .IP "\fB\-ssl_config\fR \fIval\fR" 4 .IX Item "-ssl_config val" -Configure \s-1SSL_CTX\s0 using the given configuration value. -.IP "\fB\-trace\fR" 4 +Configure SSL_CTX using the given configuration value. +.IP \fB\-trace\fR 4 .IX Item "-trace" Show verbose trace output of protocol messages. -.IP "\fB\-brief\fR" 4 +.IP \fB\-brief\fR 4 .IX Item "-brief" Provide a brief summary of connection parameters instead of the normal verbose output. -.IP "\fB\-rev\fR" 4 +.IP \fB\-rev\fR 4 .IX Item "-rev" Simple echo server that sends back received text reversed. Also sets \fB\-brief\fR. Cannot be used in conjunction with \fB\-early_data\fR. -.IP "\fB\-async\fR" 4 +.IP \fB\-async\fR 4 .IX Item "-async" Switch on asynchronous mode. Cryptographic operations will be performed asynchronously. This will only have an effect if an asynchronous capable engine @@ -724,47 +654,50 @@ effect if the buffer size is larger than the size that would otherwise be used and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for further information). -.IP "\fB\-bugs\fR" 4 +.IP \fB\-bugs\fR 4 .IX Item "-bugs" -There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds. -.IP "\fB\-no_comp\fR" 4 +.IP \fB\-no_comp\fR 4 .IX Item "-no_comp" -Disable negotiation of \s-1TLS\s0 compression. -\&\s-1TLS\s0 compression is not recommended and is off by default as of +Disable negotiation of TLS compression. +TLS compression is not recommended and is off by default as of OpenSSL 1.1.0. -.IP "\fB\-comp\fR" 4 +.IP \fB\-comp\fR 4 .IX Item "-comp" -Enable negotiation of \s-1TLS\s0 compression. +Enable negotiation of TLS compression. This option was introduced in OpenSSL 1.1.0. -\&\s-1TLS\s0 compression is not recommended and is off by default as of +TLS compression is not recommended and is off by default as of OpenSSL 1.1.0. -.IP "\fB\-no_ticket\fR" 4 +.IP \fB\-no_ticket\fR 4 .IX Item "-no_ticket" Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 is negotiated. See \fB\-num_tickets\fR. -.IP "\fB\-num_tickets\fR" 4 +.IP \fB\-num_tickets\fR 4 .IX Item "-num_tickets" Control the number of tickets that will be sent to the client after a full handshake in TLSv1.3. The default number of tickets is 2. This option does not affect the number of tickets sent after a resumption handshake. -.IP "\fB\-serverpref\fR" 4 +.IP \fB\-serverpref\fR 4 .IX Item "-serverpref" -Use the server's cipher preferences, rather than the client's preferences. -.IP "\fB\-prioritize_chacha\fR" 4 +Use the server\*(Aqs cipher preferences, rather than the client\*(Aqs preferences. +.IP \fB\-prioritize_chacha\fR 4 .IX Item "-prioritize_chacha" Prioritize ChaCha ciphers when preferred by clients. Requires \fB\-serverpref\fR. -.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IP \fB\-no_resumption_on_reneg\fR 4 .IX Item "-no_resumption_on_reneg" -Set the \fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR option. +Set the \fBSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR option. .IP "\fB\-client_sigalgs\fR \fIval\fR" 4 .IX Item "-client_sigalgs val" Signature algorithms to support for client certificate authentication -(colon-separated list). +(colon\-separated list). .IP "\fB\-named_curve\fR \fIval\fR" 4 .IX Item "-named_curve val" -Specifies the elliptic curve to use. \s-1NOTE:\s0 this is single curve, not a list. -For a list of all possible curves, use: +Specifies the elliptic curve to use. NOTE: this is single curve, not a list. +.Sp +The list of all supported groups includes named EC parameters as well as X25519 +and X448 or FFDHE groups, and may also include groups implemented in 3rd\-party +providers. For a list of named EC parameters, use: .Sp .Vb 1 \& $ openssl ecparam \-list_curves @@ -785,97 +718,97 @@ cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist is irrelevant. See \&\fBopenssl\-ciphers\fR\|(1) command for more information. The format for this list is -a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +a simple colon (":") separated list of TLSv1.3 ciphersuite names. .IP "\fB\-dhparam\fR \fIinfile\fR" 4 .IX Item "-dhparam infile" -The \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys -using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to +The DH parameter file to use. The ephemeral DH cipher suites generate keys +using a set of DH parameters. If not specified then an attempt is made to load the parameters from the server certificate file. If this fails then a static set of parameters hard coded into this command will be used. -.IP "\fB\-nbio\fR" 4 +.IP \fB\-nbio\fR 4 .IX Item "-nbio" Turns on non blocking I/O. -.IP "\fB\-timeout\fR" 4 +.IP \fB\-timeout\fR 4 .IX Item "-timeout" Enable timeouts. -.IP "\fB\-mtu\fR" 4 +.IP \fB\-mtu\fR 4 .IX Item "-mtu" -Set link-layer \s-1MTU.\s0 +Set link\-layer MTU. .IP "\fB\-psk_identity\fR \fIval\fR" 4 .IX Item "-psk_identity val" -Expect the client to send \s-1PSK\s0 identity \fIval\fR when using a \s-1PSK\s0 -cipher suite, and warn if they do not. By default, the expected \s-1PSK\s0 -identity is the string \*(L"Client_identity\*(R". +Expect the client to send PSK identity \fIval\fR when using a PSK +cipher suite, and warn if they do not. By default, the expected PSK +identity is the string "Client_identity". .IP "\fB\-psk_hint\fR \fIval\fR" 4 .IX Item "-psk_hint val" -Use the \s-1PSK\s0 identity hint \fIval\fR when using a \s-1PSK\s0 cipher suite. +Use the PSK identity hint \fIval\fR when using a PSK cipher suite. .IP "\fB\-psk\fR \fIval\fR" 4 .IX Item "-psk val" -Use the \s-1PSK\s0 key \fIval\fR when using a \s-1PSK\s0 cipher suite. The key is +Use the PSK key \fIval\fR when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example \-psk 1a2b3c4d. -This option must be provided in order to use a \s-1PSK\s0 cipher. +This option must be provided in order to use a PSK cipher. .IP "\fB\-psk_session\fR \fIfile\fR" 4 .IX Item "-psk_session file" -Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fIfile\fR as the basis of a \s-1PSK.\s0 +Use the pem encoded SSL_SESSION data stored in \fIfile\fR as the basis of a PSK. Note that this will only work if TLSv1.3 is negotiated. -.IP "\fB\-srpvfile\fR" 4 +.IP \fB\-srpvfile\fR 4 .IX Item "-srpvfile" -The verifier file for \s-1SRP.\s0 +The verifier file for SRP. This option is deprecated. -.IP "\fB\-srpuserseed\fR" 4 +.IP \fB\-srpuserseed\fR 4 .IX Item "-srpuserseed" A seed string for a default user salt. This option is deprecated. -.IP "\fB\-listen\fR" 4 +.IP \fB\-listen\fR 4 .IX Item "-listen" -This option can only be used in conjunction with one of the \s-1DTLS\s0 options above. -With this option, this command will listen on a \s-1UDP\s0 port for incoming +This option can only be used in conjunction with one of the DTLS options above. +With this option, this command will listen on a UDP port for incoming connections. Any ClientHellos that arrive will be checked to see if they have a cookie in them or not. Any without a cookie will be responded to with a HelloVerifyRequest. If a ClientHello with a cookie is received then this command will connect to that peer and complete the handshake. -.IP "\fB\-sctp\fR" 4 +.IP \fB\-sctp\fR 4 .IX Item "-sctp" -Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in +Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only -available where OpenSSL has support for \s-1SCTP\s0 enabled. -.IP "\fB\-sctp_label_bug\fR" 4 +available where OpenSSL has support for SCTP enabled. +.IP \fB\-sctp_label_bug\fR 4 .IX Item "-sctp_label_bug" Use the incorrect behaviour of older OpenSSL implementations when computing -endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with +endpoint\-pair shared secrets for DTLS/SCTP. This allows communication with older broken implementations but breaks interoperability with correct implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only -available where OpenSSL has support for \s-1SCTP\s0 enabled. -.IP "\fB\-use_srtp\fR" 4 +available where OpenSSL has support for SCTP enabled. +.IP \fB\-use_srtp\fR 4 .IX Item "-use_srtp" -Offer \s-1SRTP\s0 key management with a colon-separated profile list. -.IP "\fB\-no_dhe\fR" 4 +Offer SRTP key management with a colon\-separated profile list. +.IP \fB\-no_dhe\fR 4 .IX Item "-no_dhe" -If this option is set then no \s-1DH\s0 parameters will be loaded effectively -disabling the ephemeral \s-1DH\s0 cipher suites. +If this option is set then no DH parameters will be loaded effectively +disabling the ephemeral DH cipher suites. .IP "\fB\-alpn\fR \fIval\fR, \fB\-nextprotoneg\fR \fIval\fR" 4 .IX Item "-alpn val, -nextprotoneg val" -These flags enable the Application-Layer Protocol Negotiation -or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the -\&\s-1IETF\s0 standard and replaces \s-1NPN.\s0 -The \fIval\fR list is a comma-separated list of supported protocol +These flags enable the Application\-Layer Protocol Negotiation +or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the +IETF standard and replaces NPN. +The \fIval\fR list is a comma\-separated list of supported protocol names. The list should contain the most desirable protocols first. -Protocol names are printable \s-1ASCII\s0 strings, for example \*(L"http/1.1\*(R" or -\&\*(L"spdy/3\*(R". +Protocol names are printable ASCII strings, for example "http/1.1" or +"spdy/3". The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. -.IP "\fB\-sendfile\fR" 4 +.IP \fB\-sendfile\fR 4 .IX Item "-sendfile" -If this option is set and \s-1KTLS\s0 is enabled, \fBSSL_sendfile()\fR will be used -instead of \fBBIO_write()\fR to send the \s-1HTTP\s0 response requested by a client. +If this option is set and KTLS is enabled, \fBSSL_sendfile()\fR will be used +instead of \fBBIO_write()\fR to send the HTTP response requested by a client. This option is only valid if \fB\-WWW\fR or \fB\-HTTP\fR is specified. .IP "\fB\-keylogfile\fR \fIoutfile\fR" 4 .IX Item "-keylogfile outfile" -Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs -(like Wireshark) can decrypt \s-1TLS\s0 connections. +Appends TLS secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt TLS connections. .IP "\fB\-max_early_data\fR \fIint\fR" 4 .IX Item "-max_early_data int" Change the default maximum early data bytes that are specified for new sessions @@ -886,11 +819,11 @@ .IX Item "-recv_max_early_data int" Specify the hard limit on the maximum number of early data bytes that will be accepted. -.IP "\fB\-early_data\fR" 4 +.IP \fB\-early_data\fR 4 .IX Item "-early_data" Accept early data where possible. Cannot be used in conjunction with \fB\-www\fR, \&\fB\-WWW\fR, \fB\-HTTP\fR or \fB\-rev\fR. -.IP "\fB\-stateless\fR" 4 +.IP \fB\-stateless\fR 4 .IX Item "-stateless" Require TLSv1.3 cookies. .IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 @@ -907,27 +840,27 @@ See \fBopenssl\-namedisplay\-options\fR\|(1) for details. .IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 .IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" -See \*(L"\s-1TLS\s0 Version Options\*(R" in \fBopenssl\fR\|(1). +See "TLS Version Options" in \fBopenssl\fR\|(1). .IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 .IX Item "-dtls, -dtls1, -dtls1_2" -These specify the use of \s-1DTLS\s0 instead of \s-1TLS.\s0 -See \*(L"\s-1TLS\s0 Version Options\*(R" in \fBopenssl\fR\|(1). +These specify the use of DTLS instead of TLS. +See "TLS Version Options" in \fBopenssl\fR\|(1). .IP "\fB\-bugs\fR, \fB\-comp\fR, \fB\-no_comp\fR, \fB\-no_ticket\fR, \fB\-serverpref\fR, \fB\-client_renegotiation\fR, \fB\-legacy_renegotiation\fR, \fB\-no_renegotiation\fR, \fB\-no_resumption_on_reneg\fR, \fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR, \fB\-no_etm\fR \fB\-allow_no_dhe_kex\fR, \fB\-prioritize_chacha\fR, \fB\-strict\fR, \fB\-sigalgs\fR \fIalgs\fR, \fB\-client_sigalgs\fR \fIalgs\fR, \fB\-groups\fR \fIgroups\fR, \fB\-curves\fR \fIcurves\fR, \fB\-named_curve\fR \fIcurve\fR, \fB\-cipher\fR \fIciphers\fR, \fB\-ciphersuites\fR \fI1.3ciphers\fR, \fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR, \fB\-record_padding\fR \fIpadding\fR, \fB\-debug_broken_protocol\fR, \fB\-no_middlebox\fR" 4 .IX Item "-bugs, -comp, -no_comp, -no_ticket, -serverpref, -client_renegotiation, -legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, -legacy_server_connect, -no_legacy_server_connect, -no_etm -allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs algs, -client_sigalgs algs, -groups groups, -curves curves, -named_curve curve, -cipher ciphers, -ciphersuites 1.3ciphers, -min_protocol minprot, -max_protocol maxprot, -record_padding padding, -debug_broken_protocol, -no_middlebox" -See \*(L"\s-1SUPPORTED COMMAND LINE COMMANDS\*(R"\s0 in \fBSSL_CONF_cmd\fR\|(3) for details. -.IP "\fB\-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \fIfile\fR, \fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +See "SUPPORTED COMMAND LINE COMMANDS" in \fBSSL_CONF_cmd\fR\|(3) for details. +.IP "\fB\-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \fIfile\fR, \fB\-xcertform\fR \fBDER\fR|\fBPEM\fR, \fB\-xkeyform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-xkey infile, -xcert file, -xchain file, -xchain_build file, -xcertform DER|PEM, -xkeyform DER|PEM" Set extended certificate verification options. -See \*(L"Extended Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Extended Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -937,56 +870,56 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 .IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" Set various options of certificate chain verification. -See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .Sp If the server requests a client certificate, then verification errors are displayed, for debugging, but the command will proceed unless the \fB\-verify_return_error\fR option is used. .SH "CONNECTED COMMANDS" .IX Header "CONNECTED COMMANDS" -If a connection request is established with an \s-1SSL\s0 client and neither the +If a connection request is established with an SSL client and neither the \&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received from the client is displayed and any key presses will be sent to the client. .PP Certain commands are also recognized which perform special operations. These commands are a letter which must appear at the start of a line. They are listed below. -.IP "\fBq\fR" 4 +.IP \fBq\fR 4 .IX Item "q" -End the current \s-1SSL\s0 connection but still accept new connections. -.IP "\fBQ\fR" 4 +End the current SSL connection but still accept new connections. +.IP \fBQ\fR 4 .IX Item "Q" -End the current \s-1SSL\s0 connection and exit. -.IP "\fBr\fR" 4 +End the current SSL connection and exit. +.IP \fBr\fR 4 .IX Item "r" -Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). -.IP "\fBR\fR" 4 +Renegotiate the SSL session (TLSv1.2 and below only). +.IP \fBR\fR 4 .IX Item "R" -Renegotiate the \s-1SSL\s0 session and request a client certificate (TLSv1.2 and below +Renegotiate the SSL session and request a client certificate (TLSv1.2 and below only). -.IP "\fBP\fR" 4 +.IP \fBP\fR 4 .IX Item "P" -Send some plain text down the underlying \s-1TCP\s0 connection: this should +Send some plain text down the underlying TCP connection: this should cause the client to disconnect due to a protocol violation. -.IP "\fBS\fR" 4 +.IP \fBS\fR 4 .IX Item "S" Print out some session cache status information. -.IP "\fBk\fR" 4 +.IP \fBk\fR 4 .IX Item "k" Send a key update message to the client (TLSv1.3 only) -.IP "\fBK\fR" 4 +.IP \fBK\fR 4 .IX Item "K" Send a key update message to the client and request one back (TLSv1.3 only) -.IP "\fBc\fR" 4 +.IP \fBc\fR 4 .IX Item "c" Send a certificate request to the client (TLSv1.3 only) -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -This command can be used to debug \s-1SSL\s0 clients. To accept connections +This command can be used to debug SSL clients. To accept connections from a web browser the command: .PP .Vb 1 @@ -996,16 +929,16 @@ can be used for example. .PP Although specifying an empty list of CAs when requesting a client certificate -is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to -mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. +is strictly speaking a protocol violation, some SSL clients interpret this to +mean any CA is acceptable. This is useful for debugging purposes. .PP The session parameters can printed out using the \fBopenssl\-sess_id\fR\|(1) command. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Because this program has a lot of options and also because some of the techniques used are rather old, the C source for this command is rather hard to read and not a model of how things should be done. -A typical \s-1SSL\s0 server program would be much simpler. +A typical SSL server program would be much simpler. .PP The output of common ciphers is wrong: it just gives the list of ciphers that OpenSSL recognizes and the client supports. @@ -1023,7 +956,7 @@ \&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \&\fBSSL_CTX_set_max_pipelines\fR\|(3), \&\fBossl_store\-file\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \-no_alt_chains option was added in OpenSSL 1.1.0. .PP @@ -1032,11 +965,11 @@ .PP The \fB\-srpvfile\fR, \fB\-srpuserseed\fR, and \fB\-engine\fR option were deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-s_time.1.orig +++ secure/usr.bin/openssl/man/openssl-s_time.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-S_TIME 1ossl" -.TH OPENSSL-S_TIME 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-S_TIME 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-s_time \- SSL/TLS performance timing program -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBs_time\fR [\fB\-help\fR] @@ -171,36 +96,37 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command implements a generic \s-1SSL/TLS\s0 client which -connects to a remote host using \s-1SSL/TLS.\s0 It can request a page from the server +This command implements a generic SSL/TLS client which +connects to a remote host using SSL/TLS. It can request a page from the server and includes the time to transfer the payload data in its timing measurements. It measures the number of connections within a given timeframe, the amount of data transferred (if any), and calculates the average time spent for one connection. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-connect\fR \fIhost\fR:\fIport\fR" 4 .IX Item "-connect host:port" This specifies the host and optional port to connect to. +If the host string is an IPv6 address, it must be enclosed in \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. .IP "\fB\-www\fR \fIpage\fR" 4 .IX Item "-www page" -This specifies the page to \s-1GET\s0 from the server. A value of '/' gets the +This specifies the page to GET from the server. A value of \*(Aq/\*(Aq gets the \&\fIindex.html\fR page. If this parameter is not specified, then this command -will only perform the handshake to establish \s-1SSL\s0 connections but not transfer +will only perform the handshake to establish SSL connections but not transfer any payload data. .IP "\fB\-cert\fR \fIcertname\fR" 4 .IX Item "-cert certname" The certificate to use, if one is requested by the server. The default is -not to use a certificate. The file is in \s-1PEM\s0 format. +not to use a certificate. The file is in PEM format. .IP "\fB\-key\fR \fIkeyfile\fR" 4 .IX Item "-key keyfile" The private key to use. If not specified then the certificate file will -be used. The file is in \s-1PEM\s0 format. +be used. The file is in PEM format. .IP "\fB\-verify\fR \fIdepth\fR" 4 .IX Item "-verify depth" The verify depth to use. This specifies the maximum length of the @@ -208,19 +134,19 @@ Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure. -.IP "\fB\-new\fR" 4 +.IP \fB\-new\fR 4 .IX Item "-new" -Performs the timing test using a new session \s-1ID\s0 for each connection. +Performs the timing test using a new session ID for each connection. If neither \fB\-new\fR nor \fB\-reuse\fR are specified, they are both on by default and executed in sequence. -.IP "\fB\-reuse\fR" 4 +.IP \fB\-reuse\fR 4 .IX Item "-reuse" -Performs the timing test using the same session \s-1ID\s0; this can be used as a test +Performs the timing test using the same session ID; this can be used as a test that session caching is working. If neither \fB\-new\fR nor \fB\-reuse\fR are specified, they are both on by default and executed in sequence. -.IP "\fB\-bugs\fR" 4 +.IP \fB\-bugs\fR 4 .IX Item "-bugs" -There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds. .IP "\fB\-cipher\fR \fIcipherlist\fR" 4 .IX Item "-cipher cipherlist" @@ -236,7 +162,7 @@ configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See \&\fBopenssl\-ciphers\fR\|(1) for more information. The format for this list is a -simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +simple colon (":") separated list of TLSv1.3 ciphersuite names. .IP "\fB\-time\fR \fIlength\fR" 4 .IX Item "-time length" Specifies how long (in seconds) this command should establish connections @@ -249,7 +175,7 @@ See \fBopenssl\-namedisplay\-options\fR\|(1) for details. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -258,17 +184,17 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-cafile\fR \fIfile\fR" 4 .IX Item "-cafile file" This is an obsolete synonym for \fB\-CAfile\fR. .IP "\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 .IX Item "-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" -See \*(L"\s-1TLS\s0 Version Options\*(R" in \fBopenssl\fR\|(1). -.SH "NOTES" +See "TLS Version Options" in \fBopenssl\fR\|(1). +.SH NOTES .IX Header "NOTES" -This command can be used to measure the performance of an \s-1SSL\s0 connection. -To connect to an \s-1SSL HTTP\s0 server and get the default page the command +This command can be used to measure the performance of an SSL connection. +To connect to an SSL HTTP server and get the default page the command .PP .Vb 1 \& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3] @@ -287,18 +213,18 @@ A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending -the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it -requests a certificate. By using \fBopenssl\-s_client\fR\|(1) the \s-1CA\s0 list can be +the clients certificate authority in its "acceptable CA list" when it +requests a certificate. By using \fBopenssl\-s_client\fR\|(1) the CA list can be viewed and checked. However, some servers only request client authentication -after a specific \s-1URL\s0 is requested. To obtain the list in this case it +after a specific URL is requested. To obtain the list in this case it is necessary to use the \fB\-prexit\fR option of \fBopenssl\-s_client\fR\|(1) and -send an \s-1HTTP\s0 request for an appropriate page. +send an HTTP request for an appropriate page. .PP If a certificate is specified on the command line using the \fB\-cert\fR option it will not be used unless the server specifically requests a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" Because this program does not have all the options of the \&\fBopenssl\-s_client\fR\|(1) program to turn protocols on and off, you may not @@ -306,7 +232,7 @@ .PP The \fB\-verify\fR option should really exit if the server verification fails. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-cafile\fR option was deprecated in OpenSSL 3.0. .SH "SEE ALSO" @@ -316,11 +242,11 @@ \&\fBopenssl\-s_server\fR\|(1), \&\fBopenssl\-ciphers\fR\|(1), \&\fBossl_store\-file\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-sess_id.1.orig +++ secure/usr.bin/openssl/man/openssl-sess_id.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,110 +53,51 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-SESS_ID 1ossl" -.TH OPENSSL-SESS_ID 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-SESS_ID 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-sess_id \- SSL/TLS session handling command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBsess_id\fR [\fB\-help\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1NSS\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR|\fBNSS\fR] [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-text\fR] [\fB\-cert\fR] [\fB\-noout\fR] -[\fB\-context\fR \fI\s-1ID\s0\fR] -.SH "DESCRIPTION" +[\fB\-context\fR \fIID\fR] +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command processes the encoded version of the \s-1SSL\s0 session -structure and optionally prints out \s-1SSL\s0 session details (for example -the \s-1SSL\s0 session master key) in human readable format. Since this is a -diagnostic tool that needs some knowledge of the \s-1SSL\s0 protocol to use +This command processes the encoded version of the SSL session +structure and optionally prints out SSL session details (for example +the SSL session master key) in human readable format. Since this is a +diagnostic tool that needs some knowledge of the SSL protocol to use properly, most users will not need to use it. .PP The precise format of the data can vary across OpenSSL versions and is not documented. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1NSS\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR, \fB\-outform\fR \fBDER\fR|\fBPEM\fR|\fBNSS\fR" 4 .IX Item "-inform DER|PEM, -outform DER|PEM|NSS" -The input and output formats; the default is \s-1PEM.\s0 +The input and output formats; the default is PEM. See \fBopenssl\-format\-options\fR\|(1) for details. .Sp -For \fB\s-1NSS\s0\fR output, the session \s-1ID\s0 and master key are reported in \s-1NSS\s0 \*(L"keylog\*(R" +For \fBNSS\fR output, the session ID and master key are reported in NSS "keylog" format. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" @@ -182,23 +107,23 @@ .IX Item "-out filename" This specifies the output filename to write session information to or standard output if this option is not specified. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" Prints out the various public or private key components in plain text in addition to the encoded version. -.IP "\fB\-cert\fR" 4 +.IP \fB\-cert\fR 4 .IX Item "-cert" If a certificate is present in the session it will be output using this option, if the \fB\-text\fR option is also present then it will be printed out in text form. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option prevents output of the encoded version of the session. -.IP "\fB\-context\fR \fI\s-1ID\s0\fR" 4 +.IP "\fB\-context\fR \fIID\fR" 4 .IX Item "-context ID" This option can set the session id so the output session information uses the -supplied \s-1ID.\s0 The \s-1ID\s0 can be any string of characters. This option won't normally +supplied ID. The ID can be any string of characters. This option won\*(Aqt normally be used. -.SH "OUTPUT" +.SH OUTPUT .IX Header "OUTPUT" Typical output: .PP @@ -216,40 +141,40 @@ .Ve .PP These are described below in more detail. -.IP "\fBProtocol\fR" 4 +.IP \fBProtocol\fR 4 .IX Item "Protocol" This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3. -.IP "\fBCipher\fR" 4 +.IP \fBCipher\fR 4 .IX Item "Cipher" -The cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0 -or \s-1TLS\s0 specifications for more information. -.IP "\fBSession-ID\fR" 4 +The cipher used this is the actual raw SSL or TLS cipher code, see the SSL +or TLS specifications for more information. +.IP \fBSession\-ID\fR 4 .IX Item "Session-ID" -The \s-1SSL\s0 session \s-1ID\s0 in hex format. -.IP "\fBSession-ID-ctx\fR" 4 +The SSL session ID in hex format. +.IP \fBSession\-ID\-ctx\fR 4 .IX Item "Session-ID-ctx" -The session \s-1ID\s0 context in hex format. -.IP "\fBMaster-Key\fR" 4 +The session ID context in hex format. +.IP \fBMaster\-Key\fR 4 .IX Item "Master-Key" -This is the \s-1SSL\s0 session master key. +This is the SSL session master key. .IP "\fBStart Time\fR" 4 .IX Item "Start Time" This is the session start time represented as an integer in standard Unix format. -.IP "\fBTimeout\fR" 4 +.IP \fBTimeout\fR 4 .IX Item "Timeout" The timeout in seconds. .IP "\fBVerify return code\fR" 4 .IX Item "Verify return code" -This is the return code when an \s-1SSL\s0 client certificate is verified. -.SH "NOTES" +This is the return code when an SSL client certificate is verified. +.SH NOTES .IX Header "NOTES" -Since the \s-1SSL\s0 session output contains the master key it is +Since the SSL session output contains the master key it is possible to read the contents of an encrypted session using this information. Therefore, appropriate security precautions should be taken if -the information is being output by a \*(L"real\*(R" application. This is however +the information is being output by a "real" application. This is however strongly discouraged and should only be used for debugging purposes. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" The cipher and start time should be printed out in human readable form. .SH "SEE ALSO" @@ -257,11 +182,11 @@ \&\fBopenssl\fR\|(1), \&\fBopenssl\-ciphers\fR\|(1), \&\fBopenssl\-s_server\fR\|(1) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-smime.1.orig +++ secure/usr.bin/openssl/man/openssl-smime.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-SMIME 1ossl" -.TH OPENSSL-SMIME 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-SMIME 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-smime \- S/MIME command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBsmime\fR [\fB\-help\fR] @@ -152,7 +77,7 @@ [\fB\-pk7out\fR] [\fB\-binary\fR] [\fB\-crlfeol\fR] -[\fB\-\f(BIcipher\fB\fR] +[\fB\-\fR\f(BIcipher\fR] [\fB\-in\fR \fIfile\fR] [\fB\-certfile\fR \fIfile\fR] [\fB\-signer\fR \fIfile\fR] @@ -165,9 +90,9 @@ [\fB\-nodetach\fR] [\fB\-nosmimecap\fR] [\fB\-recip\fR \fI file\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-inkey\fR \fIfilename\fR|\fIuri\fR] [\fB\-out\fR \fIfile\fR] @@ -224,63 +149,63 @@ [\fB\-propquery\fR \fIpropq\fR] [\fB\-config\fR \fIconfigfile\fR] \&\fIrecipcert\fR ... -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command handles S/MIME mail. It can encrypt, decrypt, sign and verify S/MIME messages. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" There are six operation options that set the type of operation to be performed. The meaning of the other options varies according to the operation type. -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-encrypt\fR" 4 +.IP \fB\-encrypt\fR 4 .IX Item "-encrypt" Encrypt mail for the given recipient certificates. Input file is the message -to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. +to be encrypted. The output file is the encrypted mail in MIME format. .Sp Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text. -.IP "\fB\-decrypt\fR" 4 +.IP \fB\-decrypt\fR 4 .IX Item "-decrypt" Decrypt mail using the supplied certificate and private key. Expects an -encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file. -.IP "\fB\-sign\fR" 4 +.IP \fB\-sign\fR 4 .IX Item "-sign" Sign mail using the supplied certificate and private key. Input file is -the message to be signed. The signed message in \s-1MIME\s0 format is written +the message to be signed. The signed message in MIME format is written to the output file. -.IP "\fB\-verify\fR" 4 +.IP \fB\-verify\fR 4 .IX Item "-verify" Verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing is supported. -.IP "\fB\-pk7out\fR" 4 +.IP \fB\-pk7out\fR 4 .IX Item "-pk7out" -Takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. -.IP "\fB\-resign\fR" 4 +Takes an input message and writes out a PEM encoded PKCS#7 structure. +.IP \fB\-resign\fR 4 .IX Item "-resign" Resign a message: take an existing message and one or more new signers. .IP "\fB\-in\fR \fIfilename\fR" 4 .IX Item "-in filename" -The input message to be encrypted or signed or the \s-1MIME\s0 message to +The input message to be encrypted or signed or the MIME message to be decrypted or verified. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" -The message text that has been decrypted or verified or the output \s-1MIME\s0 +The message text that has been decrypted or verified or the output MIME format message that has been signed or verified. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR" 4 .IX Item "-inform DER|PEM|SMIME" The input format of the PKCS#7 (S/MIME) structure (if one is being read); -the default is \fB\s-1SMIME\s0\fR. +the default is \fBSMIME\fR. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR|\fBSMIME\fR" 4 .IX Item "-outform DER|PEM|SMIME" The output format of the PKCS#7 (S/MIME) structure (if one is being written); -the default is \fB\s-1SMIME\s0\fR. +the default is \fBSMIME\fR. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The key format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -290,9 +215,9 @@ for encoding operations. This permits single pass processing of data without the need to hold the entire contents in memory, potentially supporting very large files. Streaming is automatically set for S/MIME signing with detached -data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +data if the output format is \fBSMIME\fR it is currently off by default for all other operations. -.IP "\fB\-noindef\fR" 4 +.IP \fB\-noindef\fR 4 .IX Item "-noindef" Disable streaming I/O where it would produce and indefinite length constructed encoding. This option currently has no effect. In future streaming will be @@ -303,90 +228,84 @@ useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 structure is using the detached signature form where the content is not included. This option will override any content if the input format -is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. -.IP "\fB\-text\fR" 4 +is S/MIME and it uses the multipart/signed MIME content type. +.IP \fB\-text\fR 4 .IX Item "-text" -This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +This option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips -off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs. .IP "\fB\-md\fR \fIdigest\fR" 4 .IX Item "-md digest" Digest algorithm to use when signing or resigning. If not present then the -default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). -.IP "\fB\-\f(BIcipher\fB\fR" 4 +default digest algorithm for the signing key will be used (usually SHA1). +.IP \fB\-\fR\f(BIcipher\fR 4 .IX Item "-cipher" -The encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR, -triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR, +The encryption algorithm to use. For example DES (56 bits) \- \fB\-des\fR, +triple DES (168 bits) \- \fB\-des3\fR, \&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for example \fB\-aes\-128\-cbc\fR. See \fBopenssl\-enc\fR\|(1) for list of ciphers supported by your version of OpenSSL. .Sp -If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR. -.IP "\fB\-nointern\fR" 4 +If not specified triple DES is used. Only used with \fB\-encrypt\fR. +.IP \fB\-nointern\fR 4 .IX Item "-nointern" When verifying a message normally certificates (if any) included in the message are searched for the signing certificate. With this option only the certificates specified in the \fB\-certfile\fR option are used. The supplied certificates can still be used as untrusted CAs however. -.IP "\fB\-noverify\fR" 4 +.IP \fB\-noverify\fR 4 .IX Item "-noverify" Do not verify the signers certificate of a signed message. -.IP "\fB\-nochain\fR" 4 +.IP \fB\-nochain\fR 4 .IX Item "-nochain" Do not do chain verification of signers certificates; that is, do not use the certificates in the signed message as untrusted CAs. -.IP "\fB\-nosigs\fR" 4 +.IP \fB\-nosigs\fR 4 .IX Item "-nosigs" -Don't try to verify the signatures on the message. -.IP "\fB\-nocerts\fR" 4 +Don\*(Aqt try to verify the signatures on the message. +.IP \fB\-nocerts\fR 4 .IX Item "-nocerts" -When signing a message the signer's certificate is normally included -with this option it is excluded. This will reduce the size of the -signed message but the verifier must have a copy of the signers certificate +When signing a message, the signer\*(Aqs certificate is normally included. +With this option it is excluded. This will reduce the size of the +signed message, but the verifier must have a copy of the signers certificate available locally (passed using the \fB\-certfile\fR option for example). -.IP "\fB\-noattr\fR" 4 +.IP \fB\-noattr\fR 4 .IX Item "-noattr" -Normally when a message is signed a set of attributes are included which +Normally, when a message is signed, a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included. -.IP "\fB\-nodetach\fR" 4 +.IP \fB\-nodetach\fR 4 .IX Item "-nodetach" When signing a message use opaque signing. This form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with -the \s-1MIME\s0 type multipart/signed is used. -.IP "\fB\-nosmimecap\fR" 4 +the MIME type multipart/signed is used. +.IP \fB\-nosmimecap\fR 4 .IX Item "-nosmimecap" When signing a message, do not include the \fBSMIMECapabilities\fR attribute. -.IP "\fB\-binary\fR" 4 +.IP \fB\-binary\fR 4 .IX Item "-binary" -Normally the input message is converted to \*(L"canonical\*(R" format which is -effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +Normally the input message is converted to "canonical" format which is +effectively using CR and LF as end of line: as required by the S/MIME specification. When this option is present no translation occurs. This -is useful when handling binary data which may not be in \s-1MIME\s0 format. -.IP "\fB\-crlfeol\fR" 4 +is useful when handling binary data which may not be in MIME format. +.IP \fB\-crlfeol\fR 4 .IX Item "-crlfeol" -Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this -option is present \fB\s-1CRLF\s0\fR is used instead. +Normally the output file uses a single \fBLF\fR as end of line. When this +option is present \fBCRLF\fR is used instead. .IP "\fB\-certfile\fR \fIfile\fR" 4 .IX Item "-certfile file" Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. -The input can be in \s-1PEM, DER,\s0 or PKCS#12 format. +The input can be in PEM, DER, or PKCS#12 format. .IP "\fB\-signer\fR \fIfile\fR" 4 .IX Item "-signer file" A signing certificate when signing or resigning a message, this option can be used multiple times if more than one signer is required. If a message is being verified then the signers certificates will be written to this file if the verification was successful. -.IP "\fB\-nocerts\fR" 4 -.IX Item "-nocerts" -Don't include signers certificate when signing. -.IP "\fB\-noattr\fR" 4 -.IX Item "-noattr" -Don't include any signed attributes when signing. .IP "\fB\-recip\fR \fIfile\fR" 4 .IX Item "-recip file" The recipients certificate when decrypting a message. This certificate @@ -406,24 +325,24 @@ .IX Item "-to, -from, -subject" The relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing -then many S/MIME mail clients check the signers certificate's email +then many S/MIME mail clients check the signers certificate\*(Aqs email address matches that specified in the From: address. .IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 .IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" Set various options of certificate chain verification. -See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .Sp Any verification errors cause the command to exit. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -432,34 +351,34 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-config\fR \fIconfigfile\fR" 4 .IX Item "-config configfile" -See \*(L"Configuration Option\*(R" in \fBopenssl\fR\|(1). +See "Configuration Option" in \fBopenssl\fR\|(1). .IP "\fIrecipcert\fR ..." 4 .IX Item "recipcert ..." One or more certificates of message recipients, used when encrypting a message. -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The \s-1MIME\s0 message must be sent without any blank lines between the +The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to sendmail is one way to achieve the correct format. .PP The supplied message to be signed or encrypted must include the -necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +necessary MIME headers or many S/MIME clients won\*(Aqt display it properly (if at all). You can use the \fB\-text\fR option to automatically add plain text headers. .PP -A \*(L"signed and encrypted\*(R" message is one where a signed message is +A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message: see the examples section. .PP This version of the program only allows one signer per message but it will verify multiple signers on received messages. Some S/MIME clients choke if a message contains multiple signers. It is possible to sign -messages \*(L"in parallel\*(R" by signing an already signed message. +messages "in parallel" by signing an already signed message. .PP The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 @@ -470,35 +389,35 @@ signer using the same message digest or this operation will fail. .PP The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. -As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding -and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the +As a result the encoding is BER using indefinite length constructed encoding +and no longer DER. Streaming is supported for the \fB\-encrypt\fR operation and the \&\fB\-sign\fR operation if the content is not detached. .PP Streaming is always used for the \fB\-sign\fR operation with detached data but since the content is no longer part of the PKCS#7 structure the encoding -remains \s-1DER.\s0 +remains DER. .SH "EXIT CODES" .IX Header "EXIT CODES" -.IP "0" 4 +.IP 0 4 The operation was completely successfully. -.IP "1" 4 +.IP 1 4 .IX Item "1" An error occurred parsing the command options. -.IP "2" 4 +.IP 2 4 .IX Item "2" One of the input files could not be read. -.IP "3" 4 +.IP 3 4 .IX Item "3" -An error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 +An error occurred creating the PKCS#7 file or when reading the MIME message. -.IP "4" 4 +.IP 4 4 .IX Item "4" An error occurred decrypting or verifying the message. -.IP "5" 4 +.IP 5 4 .IX Item "5" The message was verified correctly but an error occurred writing out the signers certificates. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" Create a cleartext signed message: .PP @@ -537,18 +456,18 @@ \& \-subject "Signed message" | sendmail someone@somewhere .Ve .PP -Verify a message and extract the signer's certificate if successful: +Verify a message and extract the signer\*(Aqs certificate if successful: .PP .Vb 1 \& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt .Ve .PP -Send encrypted mail using triple \s-1DES:\s0 +Send encrypted mail using triple DES: .PP .Vb 3 -\& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e +\& openssl smime \-encrypt \-in in.txt \-out mail.msg \-from steve@openssl.org \e \& \-to someone@somewhere \-subject "Encrypted message" \e -\& \-des3 user.pem \-out mail.msg +\& \-des3 user.pem .Ve .PP Sign and encrypt mail: @@ -561,7 +480,7 @@ .Ve .PP Note: the encryption command does not include the \fB\-text\fR option because the -message being encrypted already has \s-1MIME\s0 headers. +message being encrypted already has MIME headers. .PP Decrypt mail: .PP @@ -602,12 +521,12 @@ .Vb 1 \& openssl smime \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg .Ve -.SH "BUGS" +.SH BUGS .IX Header "BUGS" -The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +The MIME parser isn\*(Aqt very clever: it seems to handle most messages that I\*(Aqve thrown at it but it may choke on others. .PP -The code currently will only write out the signer's certificate to a file: if +The code currently will only write out the signer\*(Aqs certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate. @@ -615,19 +534,19 @@ Ideally a database should be maintained of a certificates for each email address. .PP -The code doesn't currently take note of the permitted symmetric encryption +The code doesn\*(Aqt currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. This means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those. .PP -No revocation checking is done on the signer's certificate. +No revocation checking is done on the signer\*(Aqs certificate. .PP The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 structures may cause parsing errors. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\-file\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first added in OpenSSL 1.0.0 @@ -635,11 +554,11 @@ The \-no_alt_chains option was added in OpenSSL 1.1.0. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-speed.1.orig +++ secure/usr.bin/openssl/man/openssl-speed.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-SPEED 1ossl" -.TH OPENSSL-SPEED 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-SPEED 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-speed \- test library performance -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl speed\fR [\fB\-help\fR] @@ -165,25 +90,25 @@ [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] [\fIalgorithm\fR ...] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command is used to test the performance of cryptographic algorithms. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-elapsed\fR" 4 +.IP \fB\-elapsed\fR 4 .IX Item "-elapsed" -When calculating operations\- or bytes-per-second, use wall-clock time -instead of \s-1CPU\s0 user time as divisor. It can be useful when testing speed +When calculating operations\- or bytes\-per\-second, use wall\-clock time +instead of CPU user time as divisor. It can be useful when testing speed of hardware engines. .IP "\fB\-evp\fR \fIalgo\fR" 4 .IX Item "-evp algo" -Use the specified cipher or message digest algorithm via the \s-1EVP\s0 interface. -If \fIalgo\fR is an \s-1AEAD\s0 cipher, then you can pass \fB\-aead\fR to benchmark a -TLS-like sequence. And if \fIalgo\fR is a multi-buffer capable cipher, e.g. -aes\-128\-cbc\-hmac\-sha1, then \fB\-mb\fR will time multi-buffer operation. +Use the specified cipher or message digest algorithm via the EVP interface. +If \fIalgo\fR is an AEAD cipher, then you can pass \fB\-aead\fR to benchmark a +TLS\-like sequence. And if \fIalgo\fR is a multi\-buffer capable cipher, e.g. +aes\-128\-cbc\-hmac\-sha1, then \fB\-mb\fR will time multi\-buffer operation. .Sp To see the algorithms supported with this option, use \&\f(CW\*(C`openssl list \-digest\-algorithms\*(C'\fR or \f(CW\*(C`openssl list \-cipher\-algorithms\*(C'\fR @@ -199,41 +124,41 @@ Misalign the buffers by the specified number of bytes. .IP "\fB\-hmac\fR \fIdigest\fR" 4 .IX Item "-hmac digest" -Time the \s-1HMAC\s0 algorithm using the specified message digest. +Time the HMAC algorithm using the specified message digest. .IP "\fB\-cmac\fR \fIcipher\fR" 4 .IX Item "-cmac cipher" -Time the \s-1CMAC\s0 algorithm using the specified cipher e.g. +Time the CMAC algorithm using the specified cipher e.g. \&\f(CW\*(C`openssl speed \-cmac aes128\*(C'\fR. -.IP "\fB\-decrypt\fR" 4 +.IP \fB\-decrypt\fR 4 .IX Item "-decrypt" -Time the decryption instead of encryption. Affects only the \s-1EVP\s0 testing. -.IP "\fB\-mb\fR" 4 +Time the decryption instead of encryption. Affects only the EVP testing. +.IP \fB\-mb\fR 4 .IX Item "-mb" -Enable multi-block mode on EVP-named cipher. -.IP "\fB\-aead\fR" 4 +Enable multi\-block mode on EVP\-named cipher. +.IP \fB\-aead\fR 4 .IX Item "-aead" -Benchmark EVP-named \s-1AEAD\s0 cipher in TLS-like sequence. +Benchmark EVP\-named AEAD cipher in TLS\-like sequence. .IP "\fB\-primes\fR \fInum\fR" 4 .IX Item "-primes num" -Generate a \fInum\fR\-prime \s-1RSA\s0 key and use it to run the benchmarks. This option -is only effective if \s-1RSA\s0 algorithm is specified to test. +Generate a \fInum\fR\-prime RSA key and use it to run the benchmarks. This option +is only effective if RSA algorithm is specified to test. .IP "\fB\-seconds\fR \fInum\fR" 4 .IX Item "-seconds num" Run benchmarks for \fInum\fR seconds. .IP "\fB\-bytes\fR \fInum\fR" 4 .IX Item "-bytes num" -Run benchmarks on \fInum\fR\-byte buffers. Affects ciphers, digests and the \s-1CSPRNG.\s0 -The limit on the size of the buffer is \s-1INT_MAX\s0 \- 64 bytes, which for a 32\-bit +Run benchmarks on \fInum\fR\-byte buffers. Affects ciphers, digests and the CSPRNG. +The limit on the size of the buffer is INT_MAX \- 64 bytes, which for a 32\-bit int would be 2147483583 bytes. -.IP "\fB\-mr\fR" 4 +.IP \fB\-mr\fR 4 .IX Item "-mr" -Produce the summary in a mechanical, machine-readable, format. +Produce the summary in a mechanical, machine\-readable, format. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -243,27 +168,27 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fIalgorithm\fR ..." 4 .IX Item "algorithm ..." If any \fIalgorithm\fR is given, then those algorithms are tested, otherwise a -pre-compiled grand selection is tested. -.SH "BUGS" +pre\-compiled grand selection is tested. +.SH BUGS .IX Header "BUGS" -The \fIalgorithm\fR can be selected only from a pre-compiled subset of things +The \fIalgorithm\fR can be selected only from a pre\-compiled subset of things that the \f(CW\*(C`openssl speed\*(C'\fR command knows about. To test any additional digest or cipher algorithm supported by OpenSSL use the \f(CW\*(C`\-evp\*(C'\fR option. .PP There is no way to test the speed of any additional public key algorithms supported by third party providers with the \f(CW\*(C`openssl speed\*(C'\fR command. -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-spkac.1.orig +++ secure/usr.bin/openssl/man/openssl-spkac.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-SPKAC 1ossl" -.TH OPENSSL-SPKAC 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-SPKAC 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-spkac \- SPKAC printing and generating command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBspkac\fR [\fB\-help\fR] @@ -148,7 +73,7 @@ [\fB\-out\fR \fIfilename\fR] [\fB\-digest\fR \fIdigest\fR] [\fB\-key\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-challenge\fR \fIstring\fR] [\fB\-pubkey\fR] @@ -160,14 +85,14 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command processes Netscape signed public key and challenge -(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and +(SPKAC) files. It can print out their contents, verify the signature and produce its own SPKACs from a supplied private key. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-in\fR \fIfilename\fR" 4 @@ -180,14 +105,14 @@ default. .IP "\fB\-digest\fR \fIdigest\fR" 4 .IX Item "-digest digest" -Use the specified \fIdigest\fR to sign a created \s-1SPKAC\s0 file. -The default digest algorithm is \s-1MD5.\s0 +Use the specified \fIdigest\fR to sign a created SPKAC file. +The default digest algorithm is MD5. .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-key filename|uri" -Create an \s-1SPKAC\s0 file using the private key specified by \fIfilename\fR or \fIuri\fR. +Create an SPKAC file using the private key specified by \fIfilename\fR or \fIuri\fR. The \fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if present. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The key format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -197,30 +122,30 @@ see \fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-challenge\fR \fIstring\fR" 4 .IX Item "-challenge string" -Specifies the challenge string if an \s-1SPKAC\s0 is being created. +Specifies the challenge string if an SPKAC is being created. .IP "\fB\-spkac\fR \fIspkacname\fR" 4 .IX Item "-spkac spkacname" Allows an alternative name form the variable containing the -\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both -generated and input \s-1SPKAC\s0 files. +SPKAC. The default is "SPKAC". This option affects both +generated and input SPKAC files. .IP "\fB\-spksect\fR \fIsection\fR" 4 .IX Item "-spksect section" Allows an alternative name form the section containing the -\&\s-1SPKAC.\s0 The default is the default section. -.IP "\fB\-noout\fR" 4 +SPKAC. The default is the default section. +.IP \fB\-noout\fR 4 .IX Item "-noout" -Don't output the text version of the \s-1SPKAC\s0 (not used if an -\&\s-1SPKAC\s0 is being created). -.IP "\fB\-pubkey\fR" 4 +Don\*(Aqt output the text version of the SPKAC (not used if an +SPKAC is being created). +.IP \fB\-pubkey\fR 4 .IX Item "-pubkey" -Output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is +Output the public key of an SPKAC (not used if an SPKAC is being created). -.IP "\fB\-verify\fR" 4 +.IP \fB\-verify\fR 4 .IX Item "-verify" -Verifies the digital signature on the supplied \s-1SPKAC.\s0 +Verifies the digital signature on the supplied SPKAC. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -230,28 +155,28 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "EXAMPLES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" -Print out the contents of an \s-1SPKAC:\s0 +Print out the contents of an SPKAC: .PP .Vb 1 \& openssl spkac \-in spkac.cnf .Ve .PP -Verify the signature of an \s-1SPKAC:\s0 +Verify the signature of an SPKAC: .PP .Vb 1 \& openssl spkac \-in spkac.cnf \-noout \-verify .Ve .PP -Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": +Create an SPKAC using the challenge string "hello": .PP .Vb 1 \& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf .Ve .PP -Example of an \s-1SPKAC,\s0 (long lines split up for clarity): +Example of an SPKAC, (long lines split up for clarity): .PP .Vb 6 \& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\e @@ -261,35 +186,35 @@ \& h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\e \& dq+NQ3F+X4deMx9AaEglZtULwV4= .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed to +A created SPKAC with suitable DN components appended can be fed to \&\fBopenssl\-ca\fR\|(1). .PP SPKACs are typically generated by Netscape when a form is submitted -containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment +containing the \fBKEYGEN\fR tag as part of the certificate enrollment process. .PP The challenge string permits a primitive form of proof of possession -of private key. By checking the \s-1SPKAC\s0 signature and a random challenge +of private key. By checking the SPKAC signature and a random challenge string some guarantee is given that the user knows the private key corresponding to the public key being certified. This is important in -some applications. Without this it is possible for a previous \s-1SPKAC\s0 -to be used in a \*(L"replay attack\*(R". +some applications. Without this it is possible for a previous SPKAC +to be used in a "replay attack". .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), \&\fBopenssl\-ca\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. .PP The \fB\-digest\fR option was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-srp.1.orig +++ secure/usr.bin/openssl/man/openssl-srp.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-SRP 1ossl" -.TH OPENSSL-SRP 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-SRP 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-srp \- maintain SRP password file -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl srp\fR [\fB\-help\fR] @@ -163,49 +88,49 @@ [\fB\-propquery\fR \fIpropq\fR] [\fB\-config\fR \fIconfigfile\fR] [\fIuser\fR ...] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command is deprecated. It is used to maintain an \s-1SRP\s0 (secure remote +This command is deprecated. It is used to maintain an SRP (secure remote password) file. At most one of the \fB\-add\fR, \fB\-modify\fR, \fB\-delete\fR, and \fB\-list\fR options can be specified. These options take zero or more usernames as parameters and perform the -appropriate operation on the \s-1SRP\s0 file. +appropriate operation on the SRP file. For \fB\-list\fR, if no \fIuser\fR is given then all users are displayed. .PP The configuration file to use, and the section within the file, can be specified with the \fB\-config\fR and \fB\-name\fR flags, respectively. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Display an option summary. -.IP "\fB\-verbose\fR" 4 +.IP \fB\-verbose\fR 4 .IX Item "-verbose" Generate verbose output while processing. -.IP "\fB\-add\fR" 4 +.IP \fB\-add\fR 4 .IX Item "-add" -Add a user and \s-1SRP\s0 verifier. -.IP "\fB\-modify\fR" 4 +Add a user and SRP verifier. +.IP \fB\-modify\fR 4 .IX Item "-modify" -Modify the \s-1SRP\s0 verifier of an existing user. -.IP "\fB\-delete\fR" 4 +Modify the SRP verifier of an existing user. +.IP \fB\-delete\fR 4 .IX Item "-delete" Delete user from verifier file. -.IP "\fB\-list\fR" 4 +.IP \fB\-list\fR 4 .IX Item "-list" List users. -.IP "\fB\-name\fR" 4 +.IP \fB\-name\fR 4 .IX Item "-name" -The particular \s-1SRP\s0 definition to use. +The particular SRP definition to use. .IP "\fB\-srpvfile\fR \fIfile\fR" 4 .IX Item "-srpvfile file" If the config file is not specified, \&\fB\-srpvfile\fR can be used to specify the file to operate on. -.IP "\fB\-gn\fR" 4 +.IP \fB\-gn\fR 4 .IX Item "-gn" Specifies the \fBg\fR and \fBN\fR values, using one of -the strengths defined in \s-1IETF RFC 5054.\s0 -.IP "\fB\-userinfo\fR" 4 +the strengths defined in IETF RFC 5054. +.IP \fB\-userinfo\fR 4 .IX Item "-userinfo" specifies additional information to add when adding or modifying a user. @@ -216,11 +141,11 @@ see \fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -229,21 +154,21 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .IP "\fB\-config\fR \fIconfigfile\fR" 4 .IX Item "-config configfile" -See \*(L"Configuration Option\*(R" in \fBopenssl\fR\|(1). +See "Configuration Option" in \fBopenssl\fR\|(1). .Sp [\fB\-rand\fR \fIfiles\fR] [\fB\-writerand\fR \fIfile\fR] -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-storeutl.1.orig +++ secure/usr.bin/openssl/man/openssl-storeutl.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-STOREUTL 1ossl" -.TH OPENSSL-STOREUTL 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-STOREUTL 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-storeutl \- STORE command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBstoreutl\fR [\fB\-help\fR] @@ -157,53 +82,56 @@ [\fB\-serial\fR \fIarg\fR] [\fB\-alias\fR \fIarg\fR] [\fB\-fingerprint\fR \fIarg\fR] -[\fB\-\f(BIdigest\fB\fR] +[\fB\-\fR\f(BIdigest\fR] [\fB\-engine\fR \fIid\fR] [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] \&\fIuri\fR -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command can be used to display the contents (after -decryption as the case may be) fetched from the given \s-1URI.\s0 -.SH "OPTIONS" +decryption as the case may be) fetched from the given URI. +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" specifies the output filename to write to or standard output by default. -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" -this option prevents output of the \s-1PEM\s0 data. +this option prevents output of the PEM data. .IP "\fB\-passin\fR \fIarg\fR" 4 .IX Item "-passin arg" the key password source. For more information about the format of \fIarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" Prints out the objects in text form, similarly to the \fB\-text\fR output from \&\fBopenssl\-x509\fR\|(1), \fBopenssl\-pkey\fR\|(1), etc. -.IP "\fB\-r\fR" 4 +.IP \fB\-r\fR 4 .IX Item "-r" Fetch objects recursively when possible. -.IP "\fB\-certs\fR" 4 +.IP \fB\-certs\fR 4 .IX Item "-certs" .PD 0 -.IP "\fB\-keys\fR" 4 +.IP \fB\-keys\fR 4 .IX Item "-keys" -.IP "\fB\-crls\fR" 4 +.IP \fB\-crls\fR 4 .IX Item "-crls" .PD -Only select the certificates, keys or CRLs from the given \s-1URI.\s0 -However, if this \s-1URI\s0 would return a set of names (URIs), those are always +Only select the certificates, keys or CRLs from the given URI. +However, if this URI would return a set of names (URIs), those are always returned. .Sp Note that all options must be given before the \fIuri\fR argument. Otherwise they are ignored. +.Sp +Note \fI\-keys\fR selects exclusively private keys, there is no selector for public +keys only. .IP "\fB\-subject\fR \fIarg\fR" 4 .IX Item "-subject arg" Search for an object having the subject name \fIarg\fR. @@ -213,8 +141,8 @@ Empty values are permitted but are ignored for the search. That is, a search with an empty value will have the same effect as not specifying the type at all. -Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL-DN). -Multi-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR +Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL\-DN). +Multi\-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR between the AttributeValueAssertions (AVAs) that specify the members of the set. .Sp Example: @@ -238,12 +166,12 @@ .IP "\fB\-fingerprint\fR \fIarg\fR" 4 .IX Item "-fingerprint arg" Search for an object having the given fingerprint. -.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IP \fB\-\fR\f(BIdigest\fR 4 .IX Item "-digest" The digest that was used to compute the fingerprint given with \fB\-fingerprint\fR. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -253,20 +181,20 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" This command was added in OpenSSL 1.1.1. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-ts.1.orig +++ secure/usr.bin/openssl/man/openssl-ts.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-TS 1ossl" -.TH OPENSSL-TS 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-TS 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-ts \- Time Stamping Authority command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBts\fR \&\fB\-help\fR @@ -150,7 +75,7 @@ [\fB\-config\fR \fIconfigfile\fR] [\fB\-data\fR \fIfile_to_hash\fR] [\fB\-digest\fR \fIdigest_bytes\fR] -[\fB\-\f(BIdigest\fB\fR] +[\fB\-\fR\f(BIdigest\fR] [\fB\-tspolicy\fR \fIobject_id\fR] [\fB\-no_nonce\fR] [\fB\-cert\fR] @@ -171,7 +96,7 @@ [\fB\-passin\fR \fIpassword_src\fR] [\fB\-signer\fR \fItsa_cert.pem\fR] [\fB\-inkey\fR \fIfilename\fR|\fIuri\fR] -[\fB\-\f(BIdigest\fB\fR] +[\fB\-\fR\f(BIdigest\fR] [\fB\-chain\fR \fIcerts_file.pem\fR] [\fB\-tspolicy\fR \fIobject_id\fR] [\fB\-in\fR \fIresponse.tsr\fR] @@ -228,50 +153,50 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command is a basic Time Stamping Authority (\s-1TSA\s0) client and -server application as specified in \s-1RFC 3161\s0 (Time-Stamp Protocol, \s-1TSP\s0). A -\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long +This command is a basic Time Stamping Authority (TSA) client and +server application as specified in RFC 3161 (Time\-Stamp Protocol, TSP). A +TSA can be part of a PKI deployment and its role is to provide long term proof of the existence of a certain datum before a particular time. Here is a brief description of the protocol: -.IP "1." 4 -The \s-1TSA\s0 client computes a one-way hash value for a data file and sends -the hash to the \s-1TSA.\s0 -.IP "2." 4 -The \s-1TSA\s0 attaches the current date and time to the received hash value, +.IP 1. 4 +The TSA client computes a one\-way hash value for a data file and sends +the hash to the TSA. +.IP 2. 4 +The TSA attaches the current date and time to the received hash value, signs them and sends the timestamp token back to the client. By -creating this token the \s-1TSA\s0 certifies the existence of the original +creating this token the TSA certifies the existence of the original data file at the time of response generation. -.IP "3." 4 -The \s-1TSA\s0 client receives the timestamp token and verifies the +.IP 3. 4 +The TSA client receives the timestamp token and verifies the signature on it. It also checks if the token contains the same hash -value that it had sent to the \s-1TSA.\s0 +value that it had sent to the TSA. .PP -There is one \s-1DER\s0 encoded protocol data unit defined for transporting a -timestamp request to the \s-1TSA\s0 and one for sending the timestamp response +There is one DER encoded protocol data unit defined for transporting a +timestamp request to the TSA and one for sending the timestamp response back to the client. This command has three main functions: creating a timestamp request based on a data file, creating a timestamp response based on a request, verifying if a response corresponds to a particular request or a data file. .PP There is no support for sending the requests/responses automatically -over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC 3161.\s0 The users must send the +over HTTP or TCP yet as suggested in RFC 3161. The users must send the requests either by ftp or e\-mail. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-query\fR" 4 +.IP \fB\-query\fR 4 .IX Item "-query" -Generate a \s-1TS\s0 query. For details see \*(L"Timestamp Request generation\*(R". -.IP "\fB\-reply\fR" 4 +Generate a TS query. For details see "Timestamp Request generation". +.IP \fB\-reply\fR 4 .IX Item "-reply" -Generate a \s-1TS\s0 reply. For details see \*(L"Timestamp Response generation\*(R". -.IP "\fB\-verify\fR" 4 +Generate a TS reply. For details see "Timestamp Response generation". +.IP \fB\-verify\fR 4 .IX Item "-verify" -Verify a \s-1TS\s0 response. For details see \*(L"Timestamp Response verification\*(R". +Verify a TS response. For details see "Timestamp Response verification". .SS "Timestamp Request generation" .IX Subsection "Timestamp Request generation" The \fB\-query\fR command can be used for creating and printing a timestamp @@ -280,7 +205,7 @@ .IX Item "-config configfile" The configuration file to use. Optional; for a description of the default value, -see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +see "COMMAND SUMMARY" in \fBopenssl\fR\|(1). .IP "\fB\-data\fR \fIfile_to_hash\fR" 4 .IX Item "-data file_to_hash" The data file for which the timestamp request needs to be @@ -293,89 +218,89 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or 1AF601...). The number of bytes must match the message digest algorithm in use. (Optional) -.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IP \fB\-\fR\f(BIdigest\fR 4 .IX Item "-digest" The message digest to apply to the data file. Any digest supported by the \fBopenssl\-dgst\fR\|(1) command can be used. -The default is \s-1SHA\-256.\s0 (Optional) +The default is SHA\-256. (Optional) .IP "\fB\-tspolicy\fR \fIobject_id\fR" 4 .IX Item "-tspolicy object_id" -The policy that the client expects the \s-1TSA\s0 to use for creating the -timestamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined -in the config file can be used. If no policy is requested the \s-1TSA\s0 will +The policy that the client expects the TSA to use for creating the +timestamp token. Either the dotted OID notation or OID names defined +in the config file can be used. If no policy is requested the TSA will use its own default policy. (Optional) -.IP "\fB\-no_nonce\fR" 4 +.IP \fB\-no_nonce\fR 4 .IX Item "-no_nonce" No nonce is specified in the request if this option is -given. Otherwise a 64 bit long pseudo-random none is -included in the request. It is recommended to use nonce to -protect against replay-attacks. (Optional) -.IP "\fB\-cert\fR" 4 +given. Otherwise, a 64\-bit long pseudo\-random nonce is +included in the request. It is recommended to use a nonce to +protect against replay attacks. (Optional) +.IP \fB\-cert\fR 4 .IX Item "-cert" -The \s-1TSA\s0 is expected to include its signing certificate in the +The TSA is expected to include its signing certificate in the response. (Optional) .IP "\fB\-in\fR \fIrequest.tsq\fR" 4 .IX Item "-in request.tsq" -This option specifies a previously created timestamp request in \s-1DER\s0 +This option specifies a previously created timestamp request in DER format that will be printed into the output file. Useful when you need -to examine the content of a request in human-readable +to examine the content of a request in human\-readable format. (Optional) .IP "\fB\-out\fR \fIrequest.tsq\fR" 4 .IX Item "-out request.tsq" Name of the output file to which the request will be written. Default is stdout. (Optional) -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" -If this option is specified the output is human-readable text format -instead of \s-1DER.\s0 (Optional) +If this option is specified the output is human\-readable text format +instead of DER. (Optional) .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .SS "Timestamp Response generation" .IX Subsection "Timestamp Response generation" A timestamp response (TimeStampResp) consists of a response status and the timestamp token itself (ContentInfo), if the token generation was successful. The \fB\-reply\fR command is for creating a timestamp response or timestamp token based on a request and printing the -response/token in human-readable format. If \fB\-token_out\fR is not +response/token in human\-readable format. If \fB\-token_out\fR is not specified the output is always a timestamp response (TimeStampResp), otherwise it is a timestamp token (ContentInfo). .IP "\fB\-config\fR \fIconfigfile\fR" 4 .IX Item "-config configfile" The configuration file to use. Optional; for a description of the default value, -see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). -See \*(L"\s-1CONFIGURATION FILE OPTIONS\*(R"\s0 for configurable variables. +see "COMMAND SUMMARY" in \fBopenssl\fR\|(1). +See "CONFIGURATION FILE OPTIONS" for configurable variables. .IP "\fB\-section\fR \fItsa_section\fR" 4 .IX Item "-section tsa_section" The name of the config file section containing the settings for the -response generation. If not specified the default \s-1TSA\s0 section is -used, see \*(L"\s-1CONFIGURATION FILE OPTIONS\*(R"\s0 for details. (Optional) +response generation. If not specified the default TSA section is +used, see "CONFIGURATION FILE OPTIONS" for details. (Optional) .IP "\fB\-queryfile\fR \fIrequest.tsq\fR" 4 .IX Item "-queryfile request.tsq" -The name of the file containing a \s-1DER\s0 encoded timestamp request. (Optional) +The name of the file containing a DER encoded timestamp request. (Optional) .IP "\fB\-passin\fR \fIpassword_src\fR" 4 .IX Item "-passin password_src" -Specifies the password source for the private key of the \s-1TSA.\s0 See +Specifies the password source for the private key of the TSA. See description in \fBopenssl\fR\|(1). (Optional) .IP "\fB\-signer\fR \fItsa_cert.pem\fR" 4 .IX Item "-signer tsa_cert.pem" -The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing +The signer certificate of the TSA in PEM format. The TSA signing certificate must have exactly one extended key usage assigned to it: timeStamping. The extended key usage must also be critical, otherwise the certificate is going to be refused. Overrides the \fBsigner_cert\fR variable of the config file. (Optional) .IP "\fB\-inkey\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-inkey filename|uri" -The signer private key of the \s-1TSA\s0 in \s-1PEM\s0 format. Overrides the +The signer private key of the TSA in PEM format. Overrides the \&\fBsigner_key\fR config file option. (Optional) -.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IP \fB\-\fR\f(BIdigest\fR 4 .IX Item "-digest" Signing digest to use. Overrides the \fBsigner_digest\fR config file option. (Mandatory unless specified in the config file) .IP "\fB\-chain\fR \fIcerts_file.pem\fR" 4 .IX Item "-chain certs_file.pem" -The collection of certificates in \s-1PEM\s0 format that will all +The collection of certificates in PEM format that will all be included in the response in addition to the signer certificate if the \fB\-cert\fR option was used for the request. This file is supposed to contain the certificate chain for the signer certificate from its @@ -384,39 +309,39 @@ .IP "\fB\-tspolicy\fR \fIobject_id\fR" 4 .IX Item "-tspolicy object_id" The default policy to use for the response unless the client -explicitly requires a particular \s-1TSA\s0 policy. The \s-1OID\s0 can be specified +explicitly requires a particular TSA policy. The OID can be specified either in dotted notation or with its name. Overrides the \&\fBdefault_policy\fR config file option. (Optional) .IP "\fB\-in\fR \fIresponse.tsr\fR" 4 .IX Item "-in response.tsr" Specifies a previously created timestamp response or timestamp token -(if \fB\-token_in\fR is also specified) in \s-1DER\s0 format that will be written +(if \fB\-token_in\fR is also specified) in DER format that will be written to the output file. This option does not require a request, it is useful e.g. when you need to examine the content of a response or token or you want to extract the timestamp token from a response. If the input is a token and the output is a timestamp response a default -\&'granted' status info is added to the token. (Optional) -.IP "\fB\-token_in\fR" 4 +\&\*(Aqgranted\*(Aq status info is added to the token. (Optional) +.IP \fB\-token_in\fR 4 .IX Item "-token_in" This flag can be used together with the \fB\-in\fR option and indicates -that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead +that the input is a DER encoded timestamp token (ContentInfo) instead of a timestamp response (TimeStampResp). (Optional) .IP "\fB\-out\fR \fIresponse.tsr\fR" 4 .IX Item "-out response.tsr" The response is written to this file. The format and content of the file depends on other options (see \fB\-text\fR, \fB\-token_out\fR). The default is stdout. (Optional) -.IP "\fB\-token_out\fR" 4 +.IP \fB\-token_out\fR 4 .IX Item "-token_out" The output is a timestamp token (ContentInfo) instead of timestamp response (TimeStampResp). (Optional) -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" -If this option is specified the output is human-readable text format -instead of \s-1DER.\s0 (Optional) +If this option is specified the output is human\-readable text format +instead of DER. (Optional) .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -426,7 +351,7 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SS "Timestamp Response verification" .IX Subsection "Timestamp Response verification" The \fB\-verify\fR command is for verifying if a timestamp response or @@ -446,21 +371,21 @@ specified with this one. (Optional) .IP "\fB\-queryfile\fR \fIrequest.tsq\fR" 4 .IX Item "-queryfile request.tsq" -The original timestamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR +The original timestamp request in DER format. The \fB\-data\fR and \fB\-digest\fR options must not be specified with this one. (Optional) .IP "\fB\-in\fR \fIresponse.tsr\fR" 4 .IX Item "-in response.tsr" -The timestamp response that needs to be verified in \s-1DER\s0 format. (Mandatory) -.IP "\fB\-token_in\fR" 4 +The timestamp response that needs to be verified in DER format. (Mandatory) +.IP \fB\-token_in\fR 4 .IX Item "-token_in" This flag can be used together with the \fB\-in\fR option and indicates -that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead +that the input is a DER encoded timestamp token (ContentInfo) instead of a timestamp response (TimeStampResp). (Optional) .IP "\fB\-untrusted\fR \fIfiles\fR|\fIuris\fR" 4 .IX Item "-untrusted files|uris" A set of additional untrusted certificates which may be -needed when building the certificate chain for the \s-1TSA\s0's signing certificate. -These do not need to contain the \s-1TSA\s0 signing certificate and intermediate \s-1CA\s0 +needed when building the certificate chain for the TSA\*(Aqs signing certificate. +These do not need to contain the TSA signing certificate and intermediate CA certificates as far as the response already includes them. (Optional) .Sp @@ -468,12 +393,12 @@ Each file may contain multiple certificates. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-CAstore\fR \fIuri\fR" 4 .IX Item "-CAfile file, -CApath dir, -CAstore uri" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. At least one of \fB\-CAfile\fR, \fB\-CApath\fR or \fB\-CAstore\fR must be specified. .IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 .IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" Set various options of certificate chain verification. -See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .Sp Any verification errors cause the command to exit. .SH "CONFIGURATION FILE OPTIONS" @@ -481,7 +406,7 @@ The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file. See \fBconfig\fR\|(5) for a general description of the syntax of the config file. The -\&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section +\&\fB\-query\fR command uses only the symbolic OID names section and it can work without it. However, the \fB\-reply\fR command needs the config file for its operation. .PP @@ -492,110 +417,110 @@ This is the main section and it specifies the name of another section that contains all the options for the \fB\-reply\fR command. This default section can be overridden with the \fB\-section\fR command line switch. (Optional) -.IP "\fBoid_file\fR" 4 +.IP \fBoid_file\fR 4 .IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. +This specifies a file containing additional \fBOBJECT IDENTIFIERS\fR. Each line of the file should consist of the numerical form of the object identifier followed by whitespace then the short name followed by whitespace and finally the long name. (Optional) -.IP "\fBoid_section\fR" 4 +.IP \fBoid_section\fR 4 .IX Item "oid_section" This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by \fB=\fR and the numerical form. The short and long names are the same when this option is used. (Optional) -.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IP \fBRANDFILE\fR 4 .IX Item "RANDFILE" At startup the specified file is loaded into the random number generator, -and at exit 256 bytes will be written to it. (Note: Using a \s-1RANDFILE\s0 is -not necessary anymore, see the \*(L"\s-1HISTORY\*(R"\s0 section. -.IP "\fBserial\fR" 4 +and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is +not necessary anymore, see the "HISTORY" section. +.IP \fBserial\fR 4 .IX Item "serial" The name of the file containing the hexadecimal serial number of the last timestamp response created. This number is incremented by 1 for each response. If the file does not exist at the time of response generation a new file is created with serial number 1. (Mandatory) -.IP "\fBcrypto_device\fR" 4 +.IP \fBcrypto_device\fR 4 .IX Item "crypto_device" Specifies the OpenSSL engine that will be set as the default for -all available algorithms. The default value is built-in, you can specify -any other engines supported by OpenSSL (e.g. use chil for the NCipher \s-1HSM\s0). +all available algorithms. The default value is built\-in, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM). (Optional) -.IP "\fBsigner_cert\fR" 4 +.IP \fBsigner_cert\fR 4 .IX Item "signer_cert" -\&\s-1TSA\s0 signing certificate in \s-1PEM\s0 format. The same as the \fB\-signer\fR +TSA signing certificate in PEM format. The same as the \fB\-signer\fR command line option. (Optional) -.IP "\fBcerts\fR" 4 +.IP \fBcerts\fR 4 .IX Item "certs" -A file containing a set of \s-1PEM\s0 encoded certificates that need to be +A file containing a set of PEM encoded certificates that need to be included in the response. The same as the \fB\-chain\fR command line option. (Optional) -.IP "\fBsigner_key\fR" 4 +.IP \fBsigner_key\fR 4 .IX Item "signer_key" -The private key of the \s-1TSA\s0 in \s-1PEM\s0 format. The same as the \fB\-inkey\fR +The private key of the TSA in PEM format. The same as the \fB\-inkey\fR command line option. (Optional) -.IP "\fBsigner_digest\fR" 4 +.IP \fBsigner_digest\fR 4 .IX Item "signer_digest" Signing digest to use. The same as the -\&\fB\-\f(BIdigest\fB\fR command line option. (Mandatory unless specified on the command +\&\fB\-\fR\f(BIdigest\fR command line option. (Mandatory unless specified on the command line) -.IP "\fBdefault_policy\fR" 4 +.IP \fBdefault_policy\fR 4 .IX Item "default_policy" The default policy to use when the request does not mandate any policy. The same as the \fB\-tspolicy\fR command line option. (Optional) -.IP "\fBother_policies\fR" 4 +.IP \fBother_policies\fR 4 .IX Item "other_policies" -Comma separated list of policies that are also acceptable by the \s-1TSA\s0 +Comma separated list of policies that are also acceptable by the TSA and used only if the request explicitly specifies one of them. (Optional) -.IP "\fBdigests\fR" 4 +.IP \fBdigests\fR 4 .IX Item "digests" -The list of message digest algorithms that the \s-1TSA\s0 accepts. At least +The list of message digest algorithms that the TSA accepts. At least one algorithm must be specified. (Mandatory) -.IP "\fBaccuracy\fR" 4 +.IP \fBaccuracy\fR 4 .IX Item "accuracy" -The accuracy of the time source of the \s-1TSA\s0 in seconds, milliseconds +The accuracy of the time source of the TSA in seconds, milliseconds and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of the components is missing zero is assumed for that field. (Optional) -.IP "\fBclock_precision_digits\fR" 4 +.IP \fBclock_precision_digits\fR 4 .IX Item "clock_precision_digits" Specifies the maximum number of digits, which represent the fraction of seconds, that need to be included in the time field. The trailing zeros must be removed from the time, so there might actually be fewer digits, -or no fraction of seconds at all. Supported only on \s-1UNIX\s0 platforms. +or no fraction of seconds at all. Supported only on UNIX platforms. The maximum value is 6, default is 0. (Optional) -.IP "\fBordering\fR" 4 +.IP \fBordering\fR 4 .IX Item "ordering" -If this option is yes the responses generated by this \s-1TSA\s0 can always +If this option is yes the responses generated by this TSA can always be ordered, even if the time difference between two responses is less than the sum of their accuracies. Default is no. (Optional) -.IP "\fBtsa_name\fR" 4 +.IP \fBtsa_name\fR 4 .IX Item "tsa_name" -Set this option to yes if the subject name of the \s-1TSA\s0 must be included in -the \s-1TSA\s0 name field of the response. Default is no. (Optional) -.IP "\fBess_cert_id_chain\fR" 4 +Set this option to yes if the subject name of the TSA must be included in +the TSA name field of the response. Default is no. (Optional) +.IP \fBess_cert_id_chain\fR 4 .IX Item "ess_cert_id_chain" -The SignedData objects created by the \s-1TSA\s0 always contain the +The SignedData objects created by the TSA always contain the certificate identifier of the signing certificate in a signed -attribute (see \s-1RFC 2634,\s0 Enhanced Security Services). +attribute (see RFC 2634, Enhanced Security Services). If this variable is set to no, only this signing certificate identifier is included in the SigningCertificate signed attribute. If this variable is set to yes and the \fBcerts\fR variable or the \fB\-chain\fR option is specified then the certificate identifiers of the chain will also be included, where the \fB\-chain\fR option overrides the \fBcerts\fR variable. Default is no. (Optional) -.IP "\fBess_cert_id_alg\fR" 4 +.IP \fBess_cert_id_alg\fR 4 .IX Item "ess_cert_id_alg" -This option specifies the hash function to be used to calculate the \s-1TSA\s0's +This option specifies the hash function to be used to calculate the TSA\*(Aqs public key certificate identifier. Default is sha1. (Optional) -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -All the examples below presume that \fB\s-1OPENSSL_CONF\s0\fR is set to a proper +All the examples below presume that \fBOPENSSL_CONF\fR is set to a proper configuration file, e.g. the example configuration file \&\fIopenssl/apps/openssl.cnf\fR will do. .SS "Timestamp Request" .IX Subsection "Timestamp Request" -To create a timestamp request for \fIdesign1.txt\fR with \s-1SHA\-256\s0 digest, +To create a timestamp request for \fIdesign1.txt\fR with SHA\-256 digest, without nonce and policy, and without requirement for a certificate in the response: .PP @@ -618,10 +543,10 @@ \& openssl ts \-query \-in design1.tsq \-text .Ve .PP -To create a timestamp request which includes the \s-1SHA\-512\s0 digest +To create a timestamp request which includes the SHA\-512 digest of \fIdesign2.txt\fR, requests the signer certificate and nonce, and specifies a policy id (assuming the tsa_policy1 name is defined in the -\&\s-1OID\s0 section of the config file): +OID section of the config file): .PP .Vb 2 \& openssl ts \-query \-data design2.txt \-sha512 \e @@ -630,7 +555,7 @@ .SS "Timestamp Response" .IX Subsection "Timestamp Response" Before generating a response a signing certificate must be created for -the \s-1TSA\s0 that contains the \fBtimeStamping\fR critical extended key usage extension +the TSA that contains the \fBtimeStamping\fR critical extended key usage extension without any other key usage extensions. You can add this line to the user certificate section of the config file to generate a proper certificate; .PP @@ -640,8 +565,8 @@ .PP See \fBopenssl\-req\fR\|(1), \fBopenssl\-ca\fR\|(1), and \fBopenssl\-x509\fR\|(1) for instructions. The examples below assume that \fIcacert.pem\fR contains the -certificate of the \s-1CA,\s0 \fItsacert.pem\fR is the signing certificate issued -by \fIcacert.pem\fR and \fItsakey.pem\fR is the private key of the \s-1TSA.\s0 +certificate of the CA, \fItsacert.pem\fR is the signing certificate issued +by \fIcacert.pem\fR and \fItsakey.pem\fR is the private key of the TSA. .PP To create a timestamp response for a request: .PP @@ -680,7 +605,7 @@ \& openssl ts \-reply \-in design1.tsr \-out design1_token.der \-token_out .Ve .PP -To add 'granted' status info to a timestamp token thereby creating a +To add \*(Aqgranted\*(Aq status info to a timestamp token thereby creating a valid response: .PP .Vb 1 @@ -703,40 +628,46 @@ .Ve .PP To verify a timestamp token against the original data file: - openssl ts \-verify \-data design2.txt \-in design2.tsr \e - \-CAfile cacert.pem +.PP +.Vb 2 +\& openssl ts \-verify \-data design2.txt \-in design2.tsr \e +\& \-CAfile cacert.pem +.Ve .PP To verify a timestamp token against a message imprint: - openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e - \-in design2.tsr \-CAfile cacert.pem .PP -You could also look at the 'test' directory for more examples. -.SH "BUGS" +.Vb 2 +\& openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e +\& \-in design2.tsr \-CAfile cacert.pem +.Ve +.PP +You could also look at the \*(Aqtest\*(Aq directory for more examples. +.SH BUGS .IX Header "BUGS" -.IP "\(bu" 2 -No support for timestamps over \s-1SMTP,\s0 though it is quite easy -to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1) -and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of -a separate apache module. \s-1HTTP\s0 client support is provided by -\&\fBtsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. -.IP "\(bu" 2 -The file containing the last serial number of the \s-1TSA\s0 is not +.IP \(bu 2 +No support for timestamps over SMTP, though it is quite easy +to implement an automatic e\-mail based TSA with \fBprocmail\fR\|(1) +and \fBperl\fR\|(1). HTTP server support is provided in the form of +a separate apache module. HTTP client support is provided by +\&\fBtsget\fR\|(1). Pure TCP/IP protocol is not supported. +.IP \(bu 2 +The file containing the last serial number of the TSA is not locked when being read or written. This is a problem if more than one instance of \fBopenssl\fR\|(1) is trying to create a timestamp response at the same time. This is not an issue when using the apache server module, it does proper locking. -.IP "\(bu" 2 -Look for the \s-1FIXME\s0 word in the source files. -.IP "\(bu" 2 +.IP \(bu 2 +Look for the FIXME word in the source files. +.IP \(bu 2 The source code should really be reviewed by somebody else, too. -.IP "\(bu" 2 +.IP \(bu 2 More testing is needed, I have done only some basic tests (see test/testtsa). -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -OpenSSL 1.1.1 introduced a new random generator (\s-1CSPRNG\s0) with an improved +OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved seeding mechanism. The new seeding mechanism makes it unnecessary to -define a \s-1RANDFILE\s0 for saving and restoring randomness. This option is +define a RANDFILE for saving and restoring randomness. This option is retained mainly for compatibility reasons. .PP The \fB\-engine\fR option was deprecated in OpenSSL 3.0. @@ -750,11 +681,11 @@ \&\fBopenssl\-genrsa\fR\|(1), \&\fBconfig\fR\|(5), \&\fBossl_store\-file\fR\|(7) -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2024 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-verification-options.1.orig +++ secure/usr.bin/openssl/man/openssl-verification-options.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,84 +53,25 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-VERIFICATION-OPTIONS 1ossl" -.TH OPENSSL-VERIFICATION-OPTIONS 1ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL-VERIFICATION-OPTIONS 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-verification\-options \- generic X.509 certificate verification options -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \&\fIcommand\fR [ \fIoptions\fR ... ] [ \fIparameters\fR ... ] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" There are many situations where X.509 certificates are verified within the OpenSSL libraries and in various OpenSSL commands. @@ -159,67 +84,68 @@ In a nutshell, a valid chain of certificates needs to be built up and verified starting from the \fItarget certificate\fR that is to be verified and ending in a certificate that due to some policy is trusted. -Verification is done relative to the given \fIpurpose\fR, which is the intended use -of the target certificate, such as \s-1SSL\s0 server, or by default for any purpose. +Certificate validation can be performed in the context of a \fIpurpose\fR, which +is a high\-level specification of the intended use of the target certificate, +such as \f(CW\*(C`sslserver\*(C'\fR for TLS servers, or (by default) for any purpose. .PP The details of how each OpenSSL command handles errors are documented on the specific command page. .PP -\&\s-1DANE\s0 support is documented in \fBopenssl\-s_client\fR\|(1), +DANE support is documented in \fBopenssl\-s_client\fR\|(1), \&\fBSSL_CTX_dane_enable\fR\|(3), \fBSSL_set1_host\fR\|(3), \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3), and \fBX509_check_host\fR\|(3). .SS "Trust Anchors" .IX Subsection "Trust Anchors" -In general, according to \s-1RFC 4158\s0 and \s-1RFC 5280,\s0 a \fItrust anchor\fR is -any public key and related subject distinguished name (\s-1DN\s0) that +In general, according to RFC 4158 and RFC 5280, a \fItrust anchor\fR is +any public key and related subject distinguished name (DN) that for some reason is considered trusted and thus is acceptable as the root of a chain of certificates. .PP In practice, trust anchors are given in the form of certificates, -where their essential fields are the public key and the subject \s-1DN.\s0 -In addition to the requirements in \s-1RFC 5280,\s0 +where their essential fields are the public key and the subject DN. +In addition to the requirements in RFC 5280, OpenSSL checks the validity period of such certificates and makes use of some further fields. In particular, the subject key identifier extension, if present, is used for matching trust anchors during chain building. .PP In the most simple and common case, trust anchors are by default -all self-signed \*(L"root\*(R" \s-1CA\s0 certificates that are placed in the \fItrust store\fR, +all self\-signed "root" CA certificates that are placed in the \fItrust store\fR, which is a collection of certificates that are trusted for certain uses. This is akin to what is used in the trust stores of Mozilla Firefox, -or Apple's and Microsoft's certificate stores, ... +or Apple\*(Aqs and Microsoft\*(Aqs certificate stores, ... .PP From the OpenSSL perspective, a trust anchor is a certificate that should be augmented with an explicit designation for which uses of a target certificate the certificate may serve as a trust anchor. -In \s-1PEM\s0 encoding, this is indicated by the \f(CW\*(C`TRUSTED CERTIFICATE\*(C'\fR string. +In PEM encoding, this is indicated by the \f(CW\*(C`TRUSTED CERTIFICATE\*(C'\fR string. Such a designation provides a set of positive trust attributes explicitly stating trust for the listed purposes and/or a set of negative trust attributes explicitly rejecting the use for the listed purposes. The purposes are encoded using the values defined for the extended key usages -(EKUs) that may be given in X.509 extensions of end-entity certificates. -See also the \*(L"Extended Key Usage\*(R" section below. +(EKUs) that may be given in X.509 extensions of end\-entity certificates. +See also the "Extended Key Usage" section below. .PP The currently recognized uses are -\&\fBclientAuth\fR (\s-1SSL\s0 client use), \fBserverAuth\fR (\s-1SSL\s0 server use), +\&\fBclientAuth\fR (SSL client use), \fBserverAuth\fR (SSL server use), \&\fBemailProtection\fR (S/MIME email use), \fBcodeSigning\fR (object signer use), -\&\fBOCSPSigning\fR (\s-1OCSP\s0 responder use), \fB\s-1OCSP\s0\fR (\s-1OCSP\s0 request use), -\&\fBtimeStamping\fR (\s-1TSA\s0 server use), and \fBanyExtendedKeyUsage\fR. +\&\fBOCSPSigning\fR (OCSP responder use), \fBOCSP\fR (OCSP request use), +\&\fBtimeStamping\fR (TSA server use), and \fBanyExtendedKeyUsage\fR. As of OpenSSL 1.1.0, the last of these blocks all uses when rejected or enables all uses when trusted. .PP -A certificate, which may be \s-1CA\s0 certificate or an end-entity certificate, +A certificate, which may be CA certificate or an end\-entity certificate, is considered a trust anchor for the given use if and only if all the following conditions hold: -.IP "\(bu" 4 +.IP \(bu 4 It is an an element of the trust store. -.IP "\(bu" 4 +.IP \(bu 4 It does not have a negative trust attribute rejecting the given use. -.IP "\(bu" 4 +.IP \(bu 4 It has a positive trust attribute accepting the given use or (by default) one of the following compatibility conditions apply: -It is self-signed or the \fB\-partial_chain\fR option is given +It is self\-signed or the \fB\-partial_chain\fR option is given (which corresponds to the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag being set). .SS "Certification Path Building" .IX Subsection "Certification Path Building" @@ -228,64 +154,71 @@ .PP The chain is built up iteratively, looking up in turn a certificate with suitable key usage that -matches as an issuer of the current \*(L"subject\*(R" certificate as described below. +matches as an issuer of the current "subject" certificate as described below. If there is such a certificate, the first one found that is currently valid is taken, otherwise the one that expired most recently of all such certificates. For efficiency, no backtracking is performed, thus any further candidate issuer certificates that would match equally are ignored. .PP -When a self-signed certificate has been added, chain construction stops. +When a self\-signed certificate has been added, chain construction stops. In this case it must fully match a trust anchor, otherwise chain building fails. .PP A candidate issuer certificate matches a subject certificate if all of the following conditions hold: -.IP "\(bu" 4 +.IP \(bu 4 Its subject name matches the issuer name of the subject certificate. -.IP "\(bu" 4 +.IP \(bu 4 If the subject certificate has an authority key identifier extension, -each of its sub-fields equals the corresponding subject key identifier, serial +each of its sub\-fields equals the corresponding subject key identifier, serial number, and issuer field of the candidate issuer certificate, as far as the respective fields are present in both certificates. -.IP "\(bu" 4 +.IP \(bu 4 The certificate signature algorithm used to sign the subject certificate is supported and equals the public key algorithm of the candidate issuer certificate. .PP The lookup first searches for issuer certificates in the trust store. If it does not find a match there it consults -the list of untrusted (\*(L"intermediate\*(R" \s-1CA\s0) certificates, if provided. +the list of untrusted ("intermediate" CA) certificates, if provided. +If one issuer certificate was found in the trust store, the list of +untrusted certificates will not be consulted anymore to find further +issuer certificates. Therefore, either only the root certificate or an +uninterrupted chain to the root certificate must be provided in the trust +store for a successful verification, if \fBX509_V_FLAG_PARTIAL_CHAIN\fR +is not enabled. .SS "Certification Path Validation" .IX Subsection "Certification Path Validation" When the certificate chain building process was successful the chain components and their links are checked thoroughly. .PP -The first step is to check that each certificate is well-formed. +The first step is to check that each certificate is well\-formed. Part of these checks are enabled only if the \fB\-x509_strict\fR option is given. .PP -The second step is to check the extensions of every untrusted certificate -for consistency with the supplied purpose. -If the \fB\-purpose\fR option is not given then no such checks are done -except for \s-1SSL/TLS\s0 connection setup, -where by default \f(CW\*(C`sslserver\*(C'\fR or \f(CW\*(C`sslclient\*(C'\fR, are checked. -The target or \*(L"leaf\*(R" certificate, as well as any other untrusted certificates, -must have extensions compatible with the specified purpose. -All certificates except the target or \*(L"leaf\*(R" must also be valid \s-1CA\s0 certificates. -The precise extensions required are described in more detail in -\&\*(L"\s-1CERTIFICATE EXTENSIONS\*(R"\s0 in \fBopenssl\-x509\fR\|(1). +The second step is to check the X.509v3 extensions of every certificate +for consistency with the intended specific purpose, if any. +If the \fB\-purpose\fR option is not given then no such checks are done except for +CMS signature checking, where by default \f(CW\*(C`smimesign\*(C'\fR is checked, and SSL/(D)TLS +connection setup, where by default \f(CW\*(C`sslserver\*(C'\fR or \f(CW\*(C`sslclient\*(C'\fR are checked. +The X.509v3 extensions of the target or "leaf" certificate +must be compatible with the specified purpose. +All other certificates down the chain are checked to be valid CA certificates, +and possibly also further non\-standard checks are performed. +The precise extensions required are described in detail +in the "Certificate Extensions" section below. .PP The third step is to check the trust settings on the last certificate -(which typically is a self-signed root \s-1CA\s0 certificate). +(which typically is a self\-signed root CA certificate). It must be trusted for the given use. -For compatibility with previous versions of OpenSSL, a self-signed certificate +For compatibility with previous versions of OpenSSL, a self\-signed certificate with no trust attributes is considered to be valid for all uses. .PP The fourth, and final, step is to check the validity of the certificate chain. -For each element in the chain, including the root \s-1CA\s0 certificate, +For each element in the chain, including the root CA certificate, the validity period as specified by the \f(CW\*(C`notBefore\*(C'\fR and \f(CW\*(C`notAfter\*(C'\fR fields is checked against the current system time. -The \fB\-attime\fR flag may be used to use a reference time other than \*(L"now.\*(R" +The \fB\-attime\fR flag may be used to use a reference time other than "now." The certificate signature is checked as well -(except for the signature of the typically self-signed root \s-1CA\s0 certificate, +(except for the signature of the typically self\-signed root CA certificate, which is verified only if the \fB\-check_ss_sig\fR option is given). When verifying a certificate signature the keyUsage extension (if present) of the candidate issuer certificate @@ -293,7 +226,7 @@ or to permit keyCertSign for signing other certificates, respectively. If all operations complete successfully then certificate is considered valid. If any operation fails then the certificate is not valid. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" .SS "Trusted Certificate Options" .IX Subsection "Trusted Certificate Options" @@ -311,9 +244,9 @@ .IP "\fB\-CAfile\fR \fIfile\fR" 4 .IX Item "-CAfile file" Load the specified file which contains a certificate -or several of them in case the input is in \s-1PEM\s0 or PKCS#12 format. -PEM-encoded certificates may also have trust attributes set. -.IP "\fB\-no\-CAfile\fR" 4 +or several of them in case the input is in PEM or PKCS#12 format. +PEM\-encoded certificates may also have trust attributes set. +.IP \fB\-no\-CAfile\fR 4 .IX Item "-no-CAfile" Do not load the default file of trusted certificates. .IP "\fB\-CApath\fR \fIdir\fR" 4 @@ -324,28 +257,28 @@ certificate. This is so that the library can extract the IssuerName, hash it, and directly lookup the file to get the issuer certificate. See \fBopenssl\-rehash\fR\|(1) for information on creating this type of directory. -.IP "\fB\-no\-CApath\fR" 4 +.IP \fB\-no\-CApath\fR 4 .IX Item "-no-CApath" Do not use the default directory of trusted certificates. .IP "\fB\-CAstore\fR \fIuri\fR" 4 .IX Item "-CAstore uri" -Use \fIuri\fR as a store of \s-1CA\s0 certificates. -The \s-1URI\s0 may indicate a single certificate, as well as a collection of them. +Use \fIuri\fR as a store of CA certificates. +The URI may indicate a single certificate, as well as a collection of them. With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-CAfile\fR or -\&\fB\-CApath\fR, depending on if the \s-1URI\s0 indicates a single file or +\&\fB\-CApath\fR, depending on if the URI indicates a single file or directory. See \fBossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme. .Sp These certificates are also used when building the server certificate chain (for example with \fBopenssl\-s_server\fR\|(1)) or client certificate chain (for example with \fBopenssl\-s_time\fR\|(1)). -.IP "\fB\-no\-CAstore\fR" 4 +.IP \fB\-no\-CAstore\fR 4 .IX Item "-no-CAstore" -Do not use the default store of trusted \s-1CA\s0 certificates. +Do not use the default store of trusted CA certificates. .SS "Verification Options" .IX Subsection "Verification Options" -The certificate verification can be fine-tuned with the following flags. -.IP "\fB\-verbose\fR" 4 +The certificate verification can be fine\-tuned with the following flags. +.IP \fB\-verbose\fR 4 .IX Item "-verbose" Print extra information about the operations being performed. .IP "\fB\-attime\fR \fItimestamp\fR" 4 @@ -353,76 +286,76 @@ Perform validation checks using time specified by \fItimestamp\fR and not current system time. \fItimestamp\fR is the number of seconds since January 1, 1970 (i.e., the Unix Epoch). -.IP "\fB\-no_check_time\fR" 4 +.IP \fB\-no_check_time\fR 4 .IX Item "-no_check_time" This option suppresses checking the validity period of certificates and CRLs against the current time. If option \fB\-attime\fR is used to specify a verification time, the check is not suppressed. -.IP "\fB\-x509_strict\fR" 4 +.IP \fB\-x509_strict\fR 4 .IX Item "-x509_strict" -This disables non-compliant workarounds for broken certificates. -Thus errors are thrown on certificates not compliant with \s-1RFC 5280.\s0 +This disables non\-compliant workarounds for broken certificates. +Thus errors are thrown on certificates not compliant with RFC 5280. .Sp When this option is set, -among others, the following certificate well-formedness conditions are checked: +among others, the following certificate well\-formedness conditions are checked: .RS 4 -.IP "\(bu" 4 -The basicConstraints of \s-1CA\s0 certificates must be marked critical. -.IP "\(bu" 4 -\&\s-1CA\s0 certificates must explicitly include the keyUsage extension. -.IP "\(bu" 4 +.IP \(bu 4 +The basicConstraints of CA certificates must be marked critical. +.IP \(bu 4 +CA certificates must explicitly include the keyUsage extension. +.IP \(bu 4 If a pathlenConstraint is given the key usage keyCertSign must be allowed. -.IP "\(bu" 4 -The pathlenConstraint must not be given for non-CA certificates. -.IP "\(bu" 4 +.IP \(bu 4 +The pathlenConstraint must not be given for non\-CA certificates. +.IP \(bu 4 The issuer name of any certificate must not be empty. -.IP "\(bu" 4 -The subject name of \s-1CA\s0 certs, certs with keyUsage crlSign, and certs +.IP \(bu 4 +The subject name of CA certs, certs with keyUsage crlSign, and certs without subjectAlternativeName must not be empty. -.IP "\(bu" 4 +.IP \(bu 4 If a subjectAlternativeName extension is given it must not be empty. -.IP "\(bu" 4 +.IP \(bu 4 The signatureAlgorithm field and the cert signature must be consistent. -.IP "\(bu" 4 +.IP \(bu 4 Any given authorityKeyIdentifier and any given subjectKeyIdentifier must not be marked critical. -.IP "\(bu" 4 +.IP \(bu 4 The authorityKeyIdentifier must be given for X.509v3 certs unless they -are self-signed. -.IP "\(bu" 4 -The subjectKeyIdentifier must be given for all X.509v3 \s-1CA\s0 certs. +are self\-signed. +.IP \(bu 4 +The subjectKeyIdentifier must be given for all X.509v3 CA certs. .RE .RS 4 .RE -.IP "\fB\-ignore_critical\fR" 4 +.IP \fB\-ignore_critical\fR 4 .IX Item "-ignore_critical" Normally if an unhandled critical extension is present that is not -supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0). +supported by OpenSSL the certificate is rejected (as required by RFC5280). If this option is set critical extensions are ignored. -.IP "\fB\-issuer_checks\fR" 4 +.IP \fB\-issuer_checks\fR 4 .IX Item "-issuer_checks" Ignored. -.IP "\fB\-crl_check\fR" 4 +.IP \fB\-crl_check\fR 4 .IX Item "-crl_check" -Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0 -If a valid \s-1CRL\s0 cannot be found an error occurs. -.IP "\fB\-crl_check_all\fR" 4 +Checks end entity certificate validity by attempting to look up a valid CRL. +If a valid CRL cannot be found an error occurs. +.IP \fB\-crl_check_all\fR 4 .IX Item "-crl_check_all" Checks the validity of \fBall\fR certificates in the chain by attempting to look up valid CRLs. -.IP "\fB\-use_deltas\fR" 4 +.IP \fB\-use_deltas\fR 4 .IX Item "-use_deltas" Enable support for delta CRLs. -.IP "\fB\-extended_crl\fR" 4 +.IP \fB\-extended_crl\fR 4 .IX Item "-extended_crl" -Enable extended \s-1CRL\s0 features such as indirect CRLs and alternate \s-1CRL\s0 +Enable extended CRL features such as indirect CRLs and alternate CRL signing keys. .IP "\fB\-suiteB_128_only\fR, \fB\-suiteB_128\fR, \fB\-suiteB_192\fR" 4 .IX Item "-suiteB_128_only, -suiteB_128, -suiteB_192" Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or 192 bit, or only 192 bit Level of Security respectively. -See \s-1RFC6460\s0 for details. In particular the supported signature algorithms are -reduced to support only \s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384\s0 and only the elliptic curves +See RFC6460 for details. In particular the supported signature algorithms are +reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves P\-256 and P\-384. .IP "\fB\-auth_level\fR \fIlevel\fR" 4 .IX Item "-auth_level level" @@ -431,39 +364,39 @@ public key strength when verifying certificate chains. For a certificate chain to validate, the public keys of all the certificates must meet the specified security \fIlevel\fR. The signature algorithm security level is -enforced for all the certificates in the chain except for the chain's +enforced for all the certificates in the chain except for the chain\*(Aqs \&\fItrust anchor\fR, which is either directly trusted or validated by means other than its signature. See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available levels. The default security level is \-1, -or \*(L"not set\*(R". At security level 0 or lower all algorithms are acceptable. +or "not set". At security level 0 or lower all algorithms are acceptable. Security level 1 requires at least 80\-bit\-equivalent security and is broadly -interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 +interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits. -.IP "\fB\-partial_chain\fR" 4 +.IP \fB\-partial_chain\fR 4 .IX Item "-partial_chain" Allow verification to succeed if an incomplete chain can be built. That is, a chain ending in a certificate that normally would not be trusted -(because it has no matching positive trust attributes and is not self-signed) +(because it has no matching positive trust attributes and is not self\-signed) but is an element of the trust store. -This certificate may be self-issued or belong to an intermediate \s-1CA.\s0 -.IP "\fB\-check_ss_sig\fR" 4 +This certificate may be self\-issued or belong to an intermediate CA. +.IP \fB\-check_ss_sig\fR 4 .IX Item "-check_ss_sig" Verify the signature of -the last certificate in a chain if the certificate is supposedly self-signed. -This is prohibited and will result in an error if it is a non-conforming \s-1CA\s0 +the last certificate in a chain if the certificate is supposedly self\-signed. +This is prohibited and will result in an error if it is a non\-conforming CA certificate with key usage restrictions not including the keyCertSign bit. -This verification is disabled by default because it doesn't add any security. -.IP "\fB\-allow_proxy_certs\fR" 4 +This verification is disabled by default because it doesn\*(Aqt add any security. +.IP \fB\-allow_proxy_certs\fR 4 .IX Item "-allow_proxy_certs" Allow the verification of proxy certificates. -.IP "\fB\-trusted_first\fR" 4 +.IP \fB\-trusted_first\fR 4 .IX Item "-trusted_first" As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. .Sp When constructing the certificate chain, the trusted certificates specified via \fB\-CAfile\fR, \fB\-CApath\fR, \fB\-CAstore\fR or \fB\-trusted\fR are always used before any certificates specified via \fB\-untrusted\fR. -.IP "\fB\-no_alt_chains\fR" 4 +.IP \fB\-no_alt_chains\fR 4 .IX Item "-no_alt_chains" As of OpenSSL 1.1.0, since \fB\-trusted_first\fR always on, this option has no effect. @@ -471,7 +404,7 @@ .IX Item "-trusted file" Parse \fIfile\fR as a set of one or more certificates. Each of them qualifies as trusted if has a suitable positive trust attribute -or it is self-signed or the \fB\-partial_chain\fR option is specified. +or it is self\-signed or the \fB\-partial_chain\fR option is specified. This option implies the \fB\-no\-CAfile\fR, \fB\-no\-CApath\fR, and \fB\-no\-CAstore\fR options and it cannot be used with the \fB\-CAfile\fR, \fB\-CApath\fR or \fB\-CAstore\fR options, so only certificates specified using the \fB\-trusted\fR option are trust anchors. @@ -485,42 +418,45 @@ This option may be used multiple times. .IP "\fB\-policy\fR \fIarg\fR" 4 .IX Item "-policy arg" -Enable policy processing and add \fIarg\fR to the user-initial-policy-set (see -\&\s-1RFC5280\s0). The policy \fIarg\fR can be an object name an \s-1OID\s0 in numeric form. +Enable policy processing and add \fIarg\fR to the user\-initial\-policy\-set (see +RFC5280). The policy \fIarg\fR can be an object name or an OID in numeric form. This argument can appear more than once. -.IP "\fB\-explicit_policy\fR" 4 +.IP \fB\-explicit_policy\fR 4 .IX Item "-explicit_policy" -Set policy variable require-explicit-policy (see \s-1RFC5280\s0). -.IP "\fB\-policy_check\fR" 4 +Set policy variable require\-explicit\-policy (see RFC5280). +.IP \fB\-policy_check\fR 4 .IX Item "-policy_check" Enables certificate policy processing. -.IP "\fB\-policy_print\fR" 4 +.IP \fB\-policy_print\fR 4 .IX Item "-policy_print" Print out diagnostics related to policy processing. -.IP "\fB\-inhibit_any\fR" 4 +.IP \fB\-inhibit_any\fR 4 .IX Item "-inhibit_any" -Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). -.IP "\fB\-inhibit_map\fR" 4 +Set policy variable inhibit\-any\-policy (see RFC5280). +.IP \fB\-inhibit_map\fR 4 .IX Item "-inhibit_map" -Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). +Set policy variable inhibit\-policy\-mapping (see RFC5280). .IP "\fB\-purpose\fR \fIpurpose\fR" 4 .IX Item "-purpose purpose" -The intended use for the certificate. -Currently defined purposes are \f(CW\*(C`sslclient\*(C'\fR, \f(CW\*(C`sslserver\*(C'\fR, \f(CW\*(C`nssslserver\*(C'\fR, +A high\-level specification of the intended use of the target certificate. +Currently predefined purposes are \f(CW\*(C`sslclient\*(C'\fR, \f(CW\*(C`sslserver\*(C'\fR, \f(CW\*(C`nssslserver\*(C'\fR, \&\f(CW\*(C`smimesign\*(C'\fR, \f(CW\*(C`smimeencrypt\*(C'\fR, \f(CW\*(C`crlsign\*(C'\fR, \f(CW\*(C`ocsphelper\*(C'\fR, \f(CW\*(C`timestampsign\*(C'\fR, and \f(CW\*(C`any\*(C'\fR. -If peer certificate verification is enabled, by default the \s-1TLS\s0 implementation -as well as the commands \fBs_client\fR and \fBs_server\fR check for consistency -with \s-1TLS\s0 server or \s-1TLS\s0 client use, respectively. +If peer certificate verification is enabled, by default the TLS implementation +and thus the commands \fBopenssl\-s_client\fR\|(1) and \fBopenssl\-s_server\fR\|(1) +check for consistency with +TLS server (\f(CW\*(C`sslserver\*(C'\fR) or TLS client use (\f(CW\*(C`sslclient\*(C'\fR), respectively. +By default, CMS signature validation, which can be done via \fBopenssl\-cms\fR\|(1), +checks for consistency with S/MIME signing use (\f(CW\*(C`smimesign\*(C'\fR). .Sp -While \s-1IETF RFC 5280\s0 says that \fBid-kp-serverAuth\fR and \fBid-kp-clientAuth\fR -are only for \s-1WWW\s0 use, in practice they are used for all kinds of \s-1TLS\s0 clients +While IETF RFC 5280 says that \fBid\-kp\-serverAuth\fR and \fBid\-kp\-clientAuth\fR +are only for WWW use, in practice they are used for all kinds of TLS clients and servers, and this is what OpenSSL assumes as well. .IP "\fB\-verify_depth\fR \fInum\fR" 4 .IX Item "-verify_depth num" -Limit the certificate chain to \fInum\fR intermediate \s-1CA\s0 certificates. +Limit the certificate chain to \fInum\fR intermediate CA certificates. A maximal depth chain can have up to \fInum\fR+2 certificates, since neither the -end-entity certificate nor the trust-anchor certificate count against the +end\-entity certificate nor the trust\-anchor certificate count against the \&\fB\-verify_depth\fR limit. .IP "\fB\-verify_email\fR \fIemail\fR" 4 .IX Item "-verify_email email" @@ -528,35 +464,36 @@ the email in the subject Distinguished Name. .IP "\fB\-verify_hostname\fR \fIhostname\fR" 4 .IX Item "-verify_hostname hostname" -Verify if \fIhostname\fR matches \s-1DNS\s0 name in Subject Alternative Name or +Verify if \fIhostname\fR matches DNS name in Subject Alternative Name or Common Name in the subject certificate. .IP "\fB\-verify_ip\fR \fIip\fR" 4 .IX Item "-verify_ip ip" -Verify if \fIip\fR matches the \s-1IP\s0 address in Subject Alternative Name of +Verify if \fIip\fR matches the IP address in Subject Alternative Name of the subject certificate. .IP "\fB\-verify_name\fR \fIname\fR" 4 .IX Item "-verify_name name" -Use default verification policies like trust model and required certificate -policies identified by \fIname\fR. +Use a set of verification parameters, also known as verification method, +identified by \fIname\fR. The currently predefined methods are named \f(CW\*(C`ssl_client\*(C'\fR, +\&\f(CW\*(C`ssl_server\*(C'\fR, \f(CW\*(C`smime_sign\*(C'\fR with alias \f(CW\*(C`pkcs7\*(C'\fR, and \f(CW\*(C`default\*(C'\fR. +These mimic the combinations of purpose and trust settings used in SSL/(D)TLS, +and CMS/PKCS7 (including S/MIME). +.Sp +The verification parameters include the trust model, various flags that can +partly be set also via other command\-line options, and the verification purpose, +which in turn implies certificate key usage and extended key usage requirements. +.Sp The trust model determines which auxiliary trust or reject OIDs are applicable to verifying the given certificate chain. They can be given using the \fB\-addtrust\fR and \fB\-addreject\fR options for \fBopenssl\-x509\fR\|(1). -Supported policy names include: \fBdefault\fR, \fBpkcs7\fR, \fBsmime_sign\fR, -\&\fBssl_client\fR, \fBssl_server\fR. -These mimics the combinations of purpose and trust settings used in \s-1SSL, CMS\s0 -and S/MIME. -As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not -specified, so the \fB\-verify_name\fR options are functionally equivalent to the -corresponding \fB\-purpose\fR settings. .SS "Extended Verification Options" .IX Subsection "Extended Verification Options" Sometimes there may be more than one certificate chain leading to an -end-entity certificate. -This usually happens when a root or intermediate \s-1CA\s0 signs a certificate -for another a \s-1CA\s0 in other organization. -Another reason is when a \s-1CA\s0 might have intermediates that use two different -signature formats, such as a \s-1SHA\-1\s0 and a \s-1SHA\-256\s0 digest. +end\-entity certificate. +This usually happens when a root or intermediate CA signs a certificate +for another a CA in other organization. +Another reason is when a CA might have intermediates that use two different +signature formats, such as a SHA\-1 and a SHA\-256 digest. .PP The following options can be used to provide data that will allow the OpenSSL command to generate an alternative chain. @@ -566,121 +503,162 @@ in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options. When specified, the callback returning the first valid chain will be in use by the client. -.IP "\fB\-xchain_build\fR" 4 +.IP \fB\-xchain_build\fR 4 .IX Item "-xchain_build" Specify whether the application should build the certificate chain to be provided to the server for the extra certificates via the \fB\-xkey\fR, \&\fB\-xcert\fR, and \fB\-xchain\fR options. -.IP "\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4 +.IP "\fB\-xcertform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4 .IX Item "-xcertform DER|PEM|P12" The input format for the extra certificate. This option has no effect and is retained for backward compatibility only. -.IP "\fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4 +.IP "\fB\-xkeyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4 .IX Item "-xkeyform DER|PEM|P12" The input format for the extra key. This option has no effect and is retained for backward compatibility only. .SS "Certificate Extensions" .IX Subsection "Certificate Extensions" -Options like \fB\-purpose\fR lead to checking the certificate extensions, -which determine what the target certificate and intermediate \s-1CA\s0 certificates -can be used for. +Options like \fB\-purpose\fR and \fB\-verify_name\fR trigger the processing of specific +certificate extensions, which determine what certificates can be used for. .PP \fIBasic Constraints\fR .IX Subsection "Basic Constraints" .PP -The basicConstraints extension \s-1CA\s0 flag is used to determine whether the -certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0 -if the \s-1CA\s0 flag is false then it is not a \s-1CA.\s0 \fBAll\fR CAs should have the -\&\s-1CA\s0 flag set to true. +The basicConstraints extension CA flag is used to determine whether the +certificate can be used as a CA. If the CA flag is true then it is a CA, +if the CA flag is false then it is not a CA. \fBAll\fR CAs should have the +CA flag set to true. .PP If the basicConstraints extension is absent, which includes the case that it is an X.509v1 certificate, -then the certificate is considered to be a \*(L"possible \s-1CA\*(R"\s0 and +then the certificate is considered to be a "possible CA" and other extensions are checked according to the intended use of the certificate. -The treatment of certificates without basicConstraints as a \s-1CA\s0 +The treatment of certificates without basicConstraints as a CA is presently supported, but this could change in the future. .PP \fIKey Usage\fR .IX Subsection "Key Usage" .PP If the keyUsage extension is present then additional restraints are -made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the +made on the uses of the certificate. A CA certificate \fBmust\fR have the keyCertSign bit set if the keyUsage extension is present. .PP \fIExtended Key Usage\fR .IX Subsection "Extended Key Usage" .PP -The extKeyUsage (\s-1EKU\s0) extension places additional restrictions on the -certificate uses. If this extension is present (whether critical or not) -the key can only be used for the purposes specified. +The extKeyUsage (EKU) extension places additional restrictions on +certificate use. If this extension is present (whether critical or not) +in an end\-entity certificate, the key is allowed only for the uses specified, +while the special EKU \fBanyExtendedKeyUsage\fR allows for all uses. +.PP +Note that according to RFC 5280 section 4.2.1.12, +the Extended Key Usage extension will appear only in end\-entity certificates, +and consequently the standard certification path validation described +in its section 6 does not include EKU checks for CA certificates. +The CA/Browser Forum requires for TLS server, S/MIME, and code signing use +the presence of respective EKUs in subordinate CA certificates (while excluding +them for root CA certificates), while taking over from RFC 5280 +the certificate validity concept and certificate path validation. +.PP +For historic reasons, OpenSSL has its own way of interpreting and checking +EKU extensions on CA certificates, which may change in the future. +It does not require the presence of EKU extensions in CA certificates, +but in case the verification purpose is +\&\f(CW\*(C`sslclient\*(C'\fR, \f(CW\*(C`nssslserver\*(C'\fR, \f(CW\*(C`sslserver\*(C'\fR, \f(CW\*(C`smimesign\*(C'\fR, or \f(CW\*(C`smimeencrypt\*(C'\fR, +it checks that any present EKU extension (that does not contain +\&\fBanyExtendedKeyUsage\fR) contains the respective EKU as detailed below. +Moreover, it does these checks even for trust anchor certificates. +.PP +\fIChecks Implied by Specific Predefined Policies\fR +.IX Subsection "Checks Implied by Specific Predefined Policies" .PP -A complete description of each check is given below. The comments about +A specific description of each check is given below. The comments about basicConstraints and keyUsage and X.509v1 certificates above apply to \fBall\fR -\&\s-1CA\s0 certificates. -.IP "\fB\s-1SSL\s0 Client\fR" 4 -.IX Item "SSL Client" -The extended key usage extension must be absent or include the \*(L"web client -authentication\*(R" \s-1OID.\s0 The keyUsage extension must be absent or it must have the -digitalSignature bit set. The Netscape certificate type must be absent -or it must have the \s-1SSL\s0 client bit set. -.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 -.IX Item "SSL Client CA" -The extended key usage extension must be absent or include the \*(L"web client -authentication\*(R" \s-1OID.\s0 -The Netscape certificate type must be absent or it must have the \s-1SSL CA\s0 bit set. -This is used as a work around if the basicConstraints extension is absent. -.IP "\fB\s-1SSL\s0 Server\fR" 4 -.IX Item "SSL Server" -The extended key usage extension must be absent or include the \*(L"web server -authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. The keyUsage extension must be -absent or it -must have the digitalSignature, the keyEncipherment set or both bits set. -The Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set. -.IP "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4 -.IX Item "SSL Server CA" -The extended key usage extension must be absent or include the \*(L"web server -authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. The Netscape certificate type must -be absent or the \s-1SSL CA\s0 bit must be set. -This is used as a work around if the basicConstraints extension is absent. -.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4 -.IX Item "Netscape SSL Server" -For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the -keyEncipherment bit set if the keyUsage extension is present. This isn't +CA certificates. +.ie n .IP "\fB(D)TLS Client\fR (""sslclient"")" 4 +.el .IP "\fB(D)TLS Client\fR (\f(CWsslclient\fR)" 4 +.IX Item "(D)TLS Client (sslclient)" +Any given extended key usage extension must allow for \f(CW\*(C`clientAuth\*(C'\fR +("TLS WWW client authentication"). +.Sp +For target certificates, +the key usage must allow for \f(CW\*(C`digitalSignature\*(C'\fR and/or \f(CW\*(C`keyAgreement\*(C'\fR. +The Netscape certificate type must be absent or have the SSL client bit set. +.Sp +For all other certificates the normal CA checks apply. In addition, +the Netscape certificate type must be absent or have the SSL CA bit set. +This is used as a workaround if the basicConstraints extension is absent. +.ie n .IP "\fB(D)TLS Server\fR (""sslserver"")" 4 +.el .IP "\fB(D)TLS Server\fR (\f(CWsslserver\fR)" 4 +.IX Item "(D)TLS Server (sslserver)" +Any given extended key usage extension must allow for \f(CW\*(C`serverAuth\*(C'\fR +("TLS WWW server authentication") and/or include one of the SGC OIDs. +.Sp +For target certificates, the key usage must +allow for \f(CW\*(C`digitalSignature\*(C'\fR, \f(CW\*(C`keyEncipherment\*(C'\fR, and/or \f(CW\*(C`keyAgreement\*(C'\fR. +The Netscape certificate type must be absent or have the SSL server bit set. +.Sp +For all other certificates the normal CA checks apply. In addition, +the Netscape certificate type must be absent or have the SSL CA bit set. +This is used as a workaround if the basicConstraints extension is absent. +.ie n .IP "\fBNetscape SSL Server\fR (""nssslserver"")" 4 +.el .IP "\fBNetscape SSL Server\fR (\f(CWnssslserver\fR)" 4 +.IX Item "Netscape SSL Server (nssslserver)" +In addition to what has been described for \fBsslserver\fR, for a Netscape +SSL client to connect to an SSL server, its EE certificate must have the +\&\fBkeyEncipherment\fR bit set if the keyUsage extension is present. This isn\*(Aqt always valid because some cipher suites use the key for digital signing. -Otherwise it is the same as a normal \s-1SSL\s0 server. -.IP "\fBCommon S/MIME Client Tests\fR" 4 -.IX Item "Common S/MIME Client Tests" -The extended key usage extension must be absent or include the \*(L"email -protection\*(R" \s-1OID.\s0 The Netscape certificate type must be absent or should have the -S/MIME bit set. If the S/MIME bit is not set in the Netscape certificate type -then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown. -This is because some Verisign certificates don't set the S/MIME bit. -.IP "\fBS/MIME Signing\fR" 4 -.IX Item "S/MIME Signing" -In addition to the common S/MIME client tests the digitalSignature bit or -the nonRepudiation bit must be set if the keyUsage extension is present. -.IP "\fBS/MIME Encryption\fR" 4 -.IX Item "S/MIME Encryption" -In addition to the common S/MIME tests the keyEncipherment bit must be set -if the keyUsage extension is present. -.IP "\fBS/MIME \s-1CA\s0\fR" 4 -.IX Item "S/MIME CA" -The extended key usage extension must be absent or include the \*(L"email -protection\*(R" \s-1OID.\s0 The Netscape certificate type must be absent or must have the -S/MIME \s-1CA\s0 bit set. -This is used as a work around if the basicConstraints extension is absent. -.IP "\fB\s-1CRL\s0 Signing\fR" 4 -.IX Item "CRL Signing" -The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit -set. -.IP "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4 -.IX Item "CRL Signing CA" -The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension -must be present. -.SH "BUGS" +Otherwise it is the same as a normal SSL server. +.IP "\fBCommon S/MIME Checks\fR" 4 +.IX Item "Common S/MIME Checks" +Any given extended key usage extension must allow for \f(CW\*(C`emailProtection\*(C'\fR. +.Sp +For target certificates, +the Netscape certificate type must be absent or should have the S/MIME bit set. +If the S/MIME bit is not set in the Netscape certificate type +then the SSL client bit is tolerated as an alternative but a warning is shown. +This is because some Verisign certificates don\*(Aqt set the S/MIME bit. +.Sp +For all other certificates the normal CA checks apply. In addition, +the Netscape certificate type must be absent or have the S/MIME CA bit set. +This is used as a workaround if the basicConstraints extension is absent. +.ie n .IP "\fBS/MIME Signing\fR (""smimesign"")" 4 +.el .IP "\fBS/MIME Signing\fR (\f(CWsmimesign\fR)" 4 +.IX Item "S/MIME Signing (smimesign)" +In addition to the common S/MIME checks, for target certificates +the key usage must allow for \f(CW\*(C`digitalSignature\*(C'\fR and/or \fBnonRepudiation\fR. +.ie n .IP "\fBS/MIME Encryption\fR (""smimeencrypt"")" 4 +.el .IP "\fBS/MIME Encryption\fR (\f(CWsmimeencrypt\fR)" 4 +.IX Item "S/MIME Encryption (smimeencrypt)" +In addition to the common S/MIME checks, for target certificates +the key usage must allow for \f(CW\*(C`keyEncipherment\*(C'\fR. +.ie n .IP "\fBCRL Signing\fR (""crlsign"")" 4 +.el .IP "\fBCRL Signing\fR (\f(CWcrlsign\fR)" 4 +.IX Item "CRL Signing (crlsign)" +For target certificates, the key usage must allow for \f(CW\*(C`cRLSign\*(C'\fR. +.Sp +For all other certificates the normal CA checks apply. +Except in this case the basicConstraints extension must be present. +.ie n .IP "\fBOCSP Helper\fR (""ocsphelper"")" 4 +.el .IP "\fBOCSP Helper\fR (\f(CWocsphelper\fR)" 4 +.IX Item "OCSP Helper (ocsphelper)" +For target certificates, no checks are performed at this stage, +but special checks apply; see \fBOCSP_basic_verify\fR\|(3). +.Sp +For all other certificates the normal CA checks apply. +.ie n .IP "\fBTimestamp Signing\fR (""timestampsign"")" 4 +.el .IP "\fBTimestamp Signing\fR (\f(CWtimestampsign\fR)" 4 +.IX Item "Timestamp Signing (timestampsign)" +For target certificates, if the key usage extension is present, it must include +\&\f(CW\*(C`digitalSignature\*(C'\fR and/or \f(CW\*(C`nonRepudiation\*(C'\fR and must not include other bits. +The EKU extension must be present and contain \f(CW\*(C`timeStamping\*(C'\fR only. +Moreover, it must be marked as critical. +.Sp +For all other certificates the normal CA checks apply. +.SH BUGS .IX Header "BUGS" The issuer checks still suffer from limitations in the underlying X509_LOOKUP -\&\s-1API.\s0 One consequence of this is that trusted certificates with matching +API. One consequence of this is that trusted certificates with matching subject name must appear in a file (as specified by the \fB\-CAfile\fR option), a directory (as specified by \fB\-CApath\fR), or a store (as specified by \fB\-CAstore\fR). @@ -689,6 +667,7 @@ .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_verify_cert\fR\|(3), +\&\fBOCSP_basic_verify\fR\|(3), \&\fBopenssl\-verify\fR\|(1), \&\fBopenssl\-ocsp\fR\|(1), \&\fBopenssl\-ts\fR\|(1), @@ -697,14 +676,14 @@ \&\fBopenssl\-smime\fR\|(1), \&\fBopenssl\-cmp\fR\|(1), \&\fBopenssl\-cms\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The checks enabled by \fB\-x509_strict\fR have been extended in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-verify.1.orig +++ secure/usr.bin/openssl/man/openssl-verify.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-VERIFY 1ossl" -.TH OPENSSL-VERIFY 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-VERIFY 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-verify \- certificate verification command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBverify\fR [\fB\-help\fR] @@ -194,54 +119,54 @@ [\fB\-propquery\fR \fIpropq\fR] [\fB\-\-\fR] [\fIcertificate\fR ...] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command verifies certificate chains. If a certificate chain has multiple problems, this program attempts to display all of them. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-CRLfile\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-CRLfile filename|uri" -The file or \s-1URI\s0 should contain one or more CRLs in \s-1PEM\s0 or \s-1DER\s0 format. +The file or URI should contain one or more CRLs in PEM or DER format. This option can be specified more than once to include CRLs from multiple sources. -.IP "\fB\-crl_download\fR" 4 +.IP \fB\-crl_download\fR 4 .IX Item "-crl_download" -Attempt to download \s-1CRL\s0 information for certificates via their \s-1CDP\s0 entries. -.IP "\fB\-show_chain\fR" 4 +Attempt to download CRL information for certificates via their CDP entries. +.IP \fB\-show_chain\fR 4 .IX Item "-show_chain" Display information about the certificate chain that has been built (if successful). Certificates in the chain that came from the untrusted list will be -flagged as \*(L"untrusted\*(R". -.IP "\fB\-verbose\fR" 4 +flagged as "untrusted". +.IP \fB\-verbose\fR 4 .IX Item "-verbose" Print extra information about the operations being performed. .IP "\fB\-trusted\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-trusted filename|uri" -A file or \s-1URI\s0 of (more or less) trusted certificates. +A file or URI of (more or less) trusted certificates. See \fBopenssl\-verification\-options\fR\|(1) for more information on trust settings. .Sp This option can be specified more than once to load certificates from multiple sources. .IP "\fB\-untrusted\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-untrusted filename|uri" -A file or \s-1URI\s0 of untrusted certificates to use for chain building. +A file or URI of untrusted certificates to use for chain building. This option can be specified more than once to load certificates from multiple sources. .IP "\fB\-vfyopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-vfyopt nm:v" Pass options to the signature algorithm during verify operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm\-specific. .IP "\fB\-nameopt\fR \fIoption\fR" 4 .IX Item "-nameopt option" This specifies how the subject or issuer names are displayed. See \fBopenssl\-namedisplay\-options\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .Sp To load certificates or CRLs that require engine support, specify the @@ -249,11 +174,11 @@ \&\fB\-trusted\fR, \fB\-untrusted\fR or \fB\-CRLfile\fR options. .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" -See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 .IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" Set various options of certificate chain verification. -See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details. +See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 @@ -262,8 +187,8 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.IP "\fB\-\-\fR" 4 +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.IP \fB\-\-\fR 4 .IX Item "--" Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins @@ -273,7 +198,12 @@ One or more target certificates to verify, one per file. If no certificates are given, this command will attempt to read a single certificate from standard input. -.SH "DIAGNOSTICS" +.PP +Note that the first parameter that does not begin with a \fB\-\fR ends the list +of options and starts the list of certificates. If you place any options +after a certificate filename, they will be interpreted not as options +but as certificates. +.SH DIAGNOSTICS .IX Header "DIAGNOSTICS" When a verify operation fails the output messages can be somewhat cryptic. The general form of the error message is: @@ -286,8 +216,8 @@ The first line contains the name of the certificate being verified followed by the subject name of the certificate. The second line contains the error number and the depth. The depth is number of the certificate being verified when a -problem was detected starting with zero for the target (\*(L"leaf\*(R") certificate -itself then 1 for the \s-1CA\s0 that signed the target certificate and so on. +problem was detected starting with zero for the target ("leaf") certificate +itself then 1 for the CA that signed the target certificate and so on. Finally a textual version of the error number is presented. .PP A list of the error codes and messages can be found in @@ -301,16 +231,16 @@ \&\fBopenssl\-verification\-options\fR\|(1), \&\fBopenssl\-x509\fR\|(1), \&\fBossl_store\-file\fR\|(7) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-show_chain\fR option was added in OpenSSL 1.1.0. .PP The \fB\-engine option\fR was deprecated in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2026 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-version.1.orig +++ secure/usr.bin/openssl/man/openssl-version.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-VERSION 1ossl" -.TH OPENSSL-VERSION 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-VERSION 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-version \- print OpenSSL version information -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl version\fR [\fB\-help\fR] @@ -155,56 +80,56 @@ [\fB\-m\fR] [\fB\-r\fR] [\fB\-c\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command is used to print out version information about OpenSSL. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-a\fR" 4 +.IP \fB\-a\fR 4 .IX Item "-a" All information, this is the same as setting all the other flags. -.IP "\fB\-v\fR" 4 +.IP \fB\-v\fR 4 .IX Item "-v" The current OpenSSL version. -.IP "\fB\-b\fR" 4 +.IP \fB\-b\fR 4 .IX Item "-b" The date the current version of OpenSSL was built. -.IP "\fB\-o\fR" 4 +.IP \fB\-o\fR 4 .IX Item "-o" Option information: various options set when the library was built. -.IP "\fB\-f\fR" 4 +.IP \fB\-f\fR 4 .IX Item "-f" Compilation flags. -.IP "\fB\-p\fR" 4 +.IP \fB\-p\fR 4 .IX Item "-p" Platform setting. -.IP "\fB\-d\fR" 4 +.IP \fB\-d\fR 4 .IX Item "-d" -\&\s-1OPENSSLDIR\s0 setting. -.IP "\fB\-e\fR" 4 +OPENSSLDIR setting. +.IP \fB\-e\fR 4 .IX Item "-e" -\&\s-1ENGINESDIR\s0 settings. -.IP "\fB\-m\fR" 4 +ENGINESDIR settings. +.IP \fB\-m\fR 4 .IX Item "-m" -\&\s-1MODULESDIR\s0 settings. -.IP "\fB\-r\fR" 4 +MODULESDIR settings. +.IP \fB\-r\fR 4 .IX Item "-r" The random number generator source settings. -.IP "\fB\-c\fR" 4 +.IP \fB\-c\fR 4 .IX Item "-c" -The OpenSSL \s-1CPU\s0 settings info. -.SH "NOTES" +The OpenSSL CPU settings info. +.SH NOTES .IX Header "NOTES" The output of \f(CW\*(C`openssl version \-a\*(C'\fR would typically be used when sending in a bug report. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl-x509.1.orig +++ secure/usr.bin/openssl/man/openssl-x509.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-X509 1ossl" -.TH OPENSSL-X509 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-X509 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-x509 \- Certificate display and signing command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBx509\fR [\fB\-help\fR] @@ -150,13 +75,13 @@ [\fB\-x509toreq\fR] [\fB\-req\fR] [\fB\-copy_extensions\fR \fIarg\fR] -[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-inform\fR \fBDER\fR|\fBPEM\fR] [\fB\-vfyopt\fR \fInm\fR:\fIv\fR] [\fB\-key\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-signkey\fR \fIfilename\fR|\fIuri\fR] [\fB\-out\fR \fIfilename\fR] -[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fBDER\fR|\fBPEM\fR] [\fB\-nocert\fR] [\fB\-noout\fR] [\fB\-dateopt\fR] @@ -198,11 +123,11 @@ [\fB\-extensions\fR \fIsection\fR] [\fB\-sigopt\fR \fInm\fR:\fIv\fR] [\fB\-badsig\fR] -[\fB\-\f(BIdigest\fB\fR] +[\fB\-\fR\f(BIdigest\fR] [\fB\-CA\fR \fIfilename\fR|\fIuri\fR] -[\fB\-CAform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR] +[\fB\-CAform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR] [\fB\-CAkey\fR \fIfilename\fR|\fIuri\fR] -[\fB\-CAkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-CAkeyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-CAserial\fR \fIfilename\fR] [\fB\-CAcreateserial\fR] [\fB\-trustout\fR] @@ -217,21 +142,21 @@ [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" -This command is a multi-purposes certificate handling command. +This command is a multi\-purposes certificate handling command. It can be used to print certificate information, convert certificates to various forms, edit certificate trust settings, generate certificates from scratch or from certificating requests -and then self-signing them or signing them like a \*(L"micro \s-1CA\*(R".\s0 +and then self\-signing them or signing them like a "micro CA". .PP Since there are a large number of options they will split up into various sections. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" .SS "Input, Output, and General Purpose Options" .IX Subsection "Input, Output, and General Purpose Options" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-in\fR \fIfilename\fR|\fIuri\fR" 4 @@ -246,27 +171,27 @@ The key and certificate file password source. For more information about the format of \fIarg\fR see \fBopenssl\-passphrase\-options\fR\|(1). -.IP "\fB\-new\fR" 4 +.IP \fB\-new\fR 4 .IX Item "-new" Generate a certificate from scratch, not using an input certificate or certificate request. So the \fB\-in\fR option must not be used in this case. Instead, the \fB\-subj\fR option needs to be given. The public key to include can be given with the \fB\-force_pubkey\fR option and defaults to the key given with the \fB\-key\fR (or \fB\-signkey\fR) option, -which implies self-signature. -.IP "\fB\-x509toreq\fR" 4 +which implies self\-signature. +.IP \fB\-x509toreq\fR 4 .IX Item "-x509toreq" Output a PKCS#10 certificate request (rather than a certificate). The \fB\-key\fR (or \fB\-signkey\fR) option must be used to provide the private key for -self-signing; the corresponding public key is placed in the subjectPKInfo field. +self\-signing; the corresponding public key is placed in the subjectPKInfo field. .Sp X.509 extensions included in a certificate input are not copied by default. X.509 extensions to be added can be specified using the \fB\-extfile\fR option. -.IP "\fB\-req\fR" 4 +.IP \fB\-req\fR 4 .IX Item "-req" By default a certificate is expected on input. With this option a PKCS#10 certificate request is expected instead, -which must be correctly self-signed. +which must be correctly self\-signed. .Sp X.509 extensions included in the request are not copied by default. X.509 extensions to be added can be specified using the \fB\-extfile\fR option. @@ -281,24 +206,24 @@ are not taken over when producing a certificate request. .Sp The \fB\-ext\fR option can be used to further restrict which extensions to copy. -.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-inform DER|PEM" The input file format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-vfyopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-vfyopt nm:v" Pass options to the signature algorithm during verify operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm\-specific. .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-key filename|uri" This option provides the private key for signing a new certificate or certificate request. Unless \fB\-force_pubkey\fR is given, the corresponding public key is placed in -the new certificate or certificate request, resulting in a self-signature. +the new certificate or certificate request, resulting in a self\-signature. .Sp This option cannot be used in conjunction with the \fB\-CA\fR option. .Sp -It sets the issuer name to the subject name (i.e., makes it self-issued) +It sets the issuer name to the subject name (i.e., makes it self\-issued) and changes the public key to the supplied value (unless overridden by \fB\-force_pubkey\fR). Unless the \fB\-preserve_dates\fR option is supplied, @@ -307,32 +232,32 @@ .IP "\fB\-signkey\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-signkey filename|uri" This option is an alias of \fB\-key\fR. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The key input format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-out\fR \fIfilename\fR" 4 .IX Item "-out filename" This specifies the output filename to write to or standard output by default. -.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IP "\fB\-outform\fR \fBDER\fR|\fBPEM\fR" 4 .IX Item "-outform DER|PEM" -The output format; the default is \fB\s-1PEM\s0\fR. +The output format; the default is \fBPEM\fR. See \fBopenssl\-format\-options\fR\|(1) for details. -.IP "\fB\-nocert\fR" 4 +.IP \fB\-nocert\fR 4 .IX Item "-nocert" Do not output a certificate (except for printing as requested by below options). -.IP "\fB\-noout\fR" 4 +.IP \fB\-noout\fR 4 .IX Item "-noout" This option prevents output except for printing as requested by below options. .SS "Certificate Printing Options" .IX Subsection "Certificate Printing Options" Note: the \fB\-alias\fR and \fB\-purpose\fR options are also printing options -but are described in the \*(L"Trust Settings\*(R" section. -.IP "\fB\-dateopt\fR" 4 +but are described in the "Trust Settings" section. +.IP \fB\-dateopt\fR 4 .IX Item "-dateopt" Specify the date output format. Values are: rfc_822 and iso_8601. Defaults to rfc_822. -.IP "\fB\-text\fR" 4 +.IP \fB\-text\fR 4 .IX Item "-text" Prints out the certificate in text form. Full details are printed including the public key, signature algorithms, issuer and subject names, serial number @@ -342,83 +267,83 @@ Customise the print format used with \fB\-text\fR. The \fIoption\fR argument can be a single option or multiple options separated by commas. The \fB\-certopt\fR switch may be also be used more than once to set multiple -options. See the \*(L"Text Printing Flags\*(R" section for more information. -.IP "\fB\-fingerprint\fR" 4 +options. See the "Text Printing Flags" section for more information. +.IP \fB\-fingerprint\fR 4 .IX Item "-fingerprint" -Calculates and prints the digest of the \s-1DER\s0 encoded version of the entire +Calculates and prints the digest of the DER encoded version of the entire certificate (see digest options). -This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message +This is commonly called a "fingerprint". Because of the nature of message digests, the fingerprint of a certificate is unique to that certificate and two certificates with the same fingerprint can be considered to be the same. -.IP "\fB\-alias\fR" 4 +.IP \fB\-alias\fR 4 .IX Item "-alias" -Prints the certificate \*(L"alias\*(R" (nickname), if any. -.IP "\fB\-serial\fR" 4 +Prints the certificate "alias" (nickname), if any. +.IP \fB\-serial\fR 4 .IX Item "-serial" Prints the certificate serial number. -.IP "\fB\-startdate\fR" 4 +.IP \fB\-startdate\fR 4 .IX Item "-startdate" Prints out the start date of the certificate, that is the notBefore date. -.IP "\fB\-enddate\fR" 4 +.IP \fB\-enddate\fR 4 .IX Item "-enddate" Prints out the expiry date of the certificate, that is the notAfter date. -.IP "\fB\-dates\fR" 4 +.IP \fB\-dates\fR 4 .IX Item "-dates" Prints out the start and expiry dates of a certificate. -.IP "\fB\-subject\fR" 4 +.IP \fB\-subject\fR 4 .IX Item "-subject" Prints the subject name. -.IP "\fB\-issuer\fR" 4 +.IP \fB\-issuer\fR 4 .IX Item "-issuer" Prints the issuer name. .IP "\fB\-nameopt\fR \fIoption\fR" 4 .IX Item "-nameopt option" This specifies how the subject or issuer names are displayed. See \fBopenssl\-namedisplay\-options\fR\|(1) for details. -.IP "\fB\-email\fR" 4 +.IP \fB\-email\fR 4 .IX Item "-email" Prints the email address(es) if any. -.IP "\fB\-hash\fR" 4 +.IP \fB\-hash\fR 4 .IX Item "-hash" -Synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. -.IP "\fB\-subject_hash\fR" 4 +Synonym for "\-subject_hash" for backward compatibility reasons. +.IP \fB\-subject_hash\fR 4 .IX Item "-subject_hash" -Prints the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to +Prints the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be looked up by subject name. -.IP "\fB\-subject_hash_old\fR" 4 +.IP \fB\-subject_hash_old\fR 4 .IX Item "-subject_hash_old" -Prints the \*(L"hash\*(R" of the certificate subject name using the older algorithm +Prints the "hash" of the certificate subject name using the older algorithm as used by OpenSSL before version 1.0.0. -.IP "\fB\-issuer_hash\fR" 4 +.IP \fB\-issuer_hash\fR 4 .IX Item "-issuer_hash" -Prints the \*(L"hash\*(R" of the certificate issuer name. -.IP "\fB\-issuer_hash_old\fR" 4 +Prints the "hash" of the certificate issuer name. +.IP \fB\-issuer_hash_old\fR 4 .IX Item "-issuer_hash_old" -Prints the \*(L"hash\*(R" of the certificate issuer name using the older algorithm +Prints the "hash" of the certificate issuer name using the older algorithm as used by OpenSSL before version 1.0.0. .IP "\fB\-ext\fR \fIextensions\fR" 4 .IX Item "-ext extensions" Prints out the certificate extensions in text form. Can also be used to restrict which extensions to copy. Extensions are specified -with a comma separated string, e.g., \*(L"subjectAltName,subjectKeyIdentifier\*(R". +with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier". See the \fBx509v3_config\fR\|(5) manual page for the extension names. -.IP "\fB\-ocspid\fR" 4 +.IP \fB\-ocspid\fR 4 .IX Item "-ocspid" -Prints the \s-1OCSP\s0 hash values for the subject name and public key. -.IP "\fB\-ocsp_uri\fR" 4 +Prints the OCSP hash values for the subject name and public key. +.IP \fB\-ocsp_uri\fR 4 .IX Item "-ocsp_uri" -Prints the \s-1OCSP\s0 responder address(es) if any. -.IP "\fB\-purpose\fR" 4 +Prints the OCSP responder address(es) if any. +.IP \fB\-purpose\fR 4 .IX Item "-purpose" This option performs tests on the certificate extensions and outputs the results. For a more complete description see -\&\*(L"Certificate Extensions\*(R" in \fBopenssl\-verification\-options\fR\|(1). -.IP "\fB\-pubkey\fR" 4 +"Certificate Extensions" in \fBopenssl\-verification\-options\fR\|(1). +.IP \fB\-pubkey\fR 4 .IX Item "-pubkey" -Prints the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format. -.IP "\fB\-modulus\fR" 4 +Prints the certificate\*(Aqs SubjectPublicKeyInfo block in PEM format. +.IP \fB\-modulus\fR 4 .IX Item "-modulus" This option prints out the value of the modulus of the public key contained in the certificate. @@ -436,7 +361,7 @@ Check that the certificate matches the specified email address. .IP "\fB\-checkip\fR \fIipaddr\fR" 4 .IX Item "-checkip ipaddr" -Check that the certificate matches the specified \s-1IP\s0 address. +Check that the certificate matches the specified IP address. .SS "Certificate Output Options" .IX Subsection "Certificate Output Options" .IP "\fB\-set_serial\fR \fIn\fR" 4 @@ -447,7 +372,7 @@ the serial number file (as specified by the \fB\-CAserial\fR option) is not used. .Sp The serial number can be decimal or hex (if preceded by \f(CW\*(C`0x\*(C'\fR). -.IP "\fB\-next_serial\fR" 4 +.IP \fB\-next_serial\fR 4 .IX Item "-next_serial" Set the serial to be one more than the number in the certificate. .IP "\fB\-days\fR \fIarg\fR" 4 @@ -455,22 +380,22 @@ Specifies the number of days until a newly generated certificate expires. The default is 30. Cannot be used together with the \fB\-preserve_dates\fR option. -.IP "\fB\-preserve_dates\fR" 4 +.IP \fB\-preserve_dates\fR 4 .IX Item "-preserve_dates" -When signing a certificate, preserve \*(L"notBefore\*(R" and \*(L"notAfter\*(R" dates of any +When signing a certificate, preserve "notBefore" and "notAfter" dates of any input certificate instead of adjusting them to current time and duration. Cannot be used together with the \fB\-days\fR option. .IP "\fB\-subj\fR \fIarg\fR" 4 .IX Item "-subj arg" When a certificate is created set its subject name to the given value. -When the certificate is self-signed the issuer name is set to the same value. +When the certificate is self\-signed the issuer name is set to the same value. .Sp The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. Special characters may be escaped by \f(CW\*(C`\e\*(C'\fR (backslash), whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the certificate. -Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL-DN). -Multi-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR +Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs (a NULL\-DN). +Multi\-valued RDNs can be formed by placing a \f(CW\*(C`+\*(C'\fR character instead of a \f(CW\*(C`/\*(C'\fR between the AttributeValueAssertions (AVAs) that specify the members of the set. Example: .Sp @@ -485,11 +410,11 @@ instead of the key contained in the input or given with the \fB\-key\fR (or \fB\-signkey\fR) option. .Sp -This option is useful for creating self-issued certificates that are not -self-signed, for instance when the key cannot be used for signing, such as \s-1DH.\s0 +This option is useful for creating self\-issued certificates that are not +self\-signed, for instance when the key cannot be used for signing, such as DH. It can also be used in conjunction with \fB\-new\fR and \fB\-subj\fR to directly generate a certificate containing any desired public key. -.IP "\fB\-clrext\fR" 4 +.IP \fB\-clrext\fR 4 .IX Item "-clrext" When transforming a certificate to a new certificate by default all certificate extensions are retained. @@ -507,55 +432,55 @@ If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called -\&\*(L"extensions\*(R" which contains the section to use. +"extensions" which contains the section to use. See the \fBx509v3_config\fR\|(5) manual page for details of the extension section format. .IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 .IX Item "-sigopt nm:v" Pass options to the signature algorithm during sign operations. This option may be given multiple times. -Names and values provided using this option are algorithm-specific. -.IP "\fB\-badsig\fR" 4 +Names and values provided using this option are algorithm\-specific. +.IP \fB\-badsig\fR 4 .IX Item "-badsig" Corrupt the signature before writing it; this can be useful for testing. -.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IP \fB\-\fR\f(BIdigest\fR 4 .IX Item "-digest" The digest to use. This affects any signing or printing option that uses a message digest, such as the \fB\-fingerprint\fR, \fB\-key\fR, and \fB\-CA\fR options. Any digest supported by the \fBopenssl\-dgst\fR\|(1) command can be used. -If not specified then \s-1SHA1\s0 is used with \fB\-fingerprint\fR or -the default digest for the signing algorithm is used, typically \s-1SHA256.\s0 -.SS "Micro-CA Options" +If not specified then SHA1 is used with \fB\-fingerprint\fR or +the default digest for the signing algorithm is used, typically SHA256. +.SS "Micro\-CA Options" .IX Subsection "Micro-CA Options" .IP "\fB\-CA\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-CA filename|uri" -Specifies the \*(L"\s-1CA\*(R"\s0 certificate to be used for signing. -When present, this behaves like a \*(L"micro \s-1CA\*(R"\s0 as follows: -The subject name of the \*(L"\s-1CA\*(R"\s0 certificate is placed as issuer name in the new -certificate, which is then signed using the \*(L"\s-1CA\*(R"\s0 key given as detailed below. +Specifies the "CA" certificate to be used for signing. +When present, this behaves like a "micro CA" as follows: +The subject name of the "CA" certificate is placed as issuer name in the new +certificate, which is then signed using the "CA" key given as detailed below. .Sp This option cannot be used in conjunction with \fB\-key\fR (or \fB\-signkey\fR). -This option is normally combined with the \fB\-req\fR option referencing a \s-1CSR.\s0 +This option is normally combined with the \fB\-req\fR option referencing a CSR. Without the \fB\-req\fR option the input must be an existing certificate unless the \fB\-new\fR option is given, which generates a certificate from scratch. -.IP "\fB\-CAform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR," 4 +.IP "\fB\-CAform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR," 4 .IX Item "-CAform DER|PEM|P12," -The format for the \s-1CA\s0 certificate; unspecified by default. +The format for the CA certificate; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-CAkey\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-CAkey filename|uri" -Sets the \s-1CA\s0 private key to sign a certificate with. +Sets the CA private key to sign a certificate with. The private key must match the public key of the certificate given with \fB\-CA\fR. If this option is not provided then the key must be present in the \fB\-CA\fR input. -.IP "\fB\-CAkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-CAkeyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-CAkeyform DER|PEM|P12|ENGINE" -The format for the \s-1CA\s0 key; unspecified by default. +The format for the CA key; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. .IP "\fB\-CAserial\fR \fIfilename\fR" 4 .IX Item "-CAserial filename" -Sets the \s-1CA\s0 serial number file to use. +Sets the CA serial number file to use. .Sp When creating a certificate with this option and with the \fB\-CA\fR option, the certificate serial number is stored in the given file. @@ -563,52 +488,52 @@ an even number of hex digits with the serial number used last time. After reading this number, it is incremented and used, and the file is updated. .Sp -The default filename consists of the \s-1CA\s0 certificate file base name with -\&\fI.srl\fR appended. For example if the \s-1CA\s0 certificate file is called +The default filename consists of the CA certificate file base name with +\&\fI.srl\fR appended. For example if the CA certificate file is called \&\fImycacert.pem\fR it expects to find a serial number file called \&\fImycacert.srl\fR. .Sp If the \fB\-CA\fR option is specified and neither <\-CAserial> or <\-CAcreateserial> is given and the default serial number file does not exist, a random number is generated; this is the recommended practice. -.IP "\fB\-CAcreateserial\fR" 4 +.IP \fB\-CAcreateserial\fR 4 .IX Item "-CAcreateserial" With this option and the \fB\-CA\fR option -the \s-1CA\s0 serial number file is created if it does not exist. +the CA serial number file is created if it does not exist. A random number is generated, used for the certificate, and saved into the serial number file determined as described above. .SS "Trust Settings" .IX Subsection "Trust Settings" A \fBtrusted certificate\fR is an ordinary certificate which has several additional pieces of information attached to it such as the permitted -and prohibited uses of the certificate and possibly an \*(L"alias\*(R" (nickname). +and prohibited uses of the certificate and possibly an "alias" (nickname). .PP Normally when a certificate is being verified at least one certificate -must be \*(L"trusted\*(R". By default a trusted certificate must be stored -locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 +must be "trusted". By default a trusted certificate must be stored +locally and must be a root CA: any certificate chain ending in this CA is then usable for any purpose. .PP -Trust settings currently are only used with a root \s-1CA.\s0 -They allow a finer control over the purposes the root \s-1CA\s0 can be used for. -For example, a \s-1CA\s0 may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. +Trust settings currently are only used with a root CA. +They allow a finer control over the purposes the root CA can be used for. +For example, a CA may be trusted for SSL client but not SSL server use. .PP See \fBopenssl\-verification\-options\fR\|(1) for more information on the meaning of trust settings. .PP Future versions of OpenSSL will recognize trust settings on any certificate: not just root CAs. -.IP "\fB\-trustout\fR" 4 +.IP \fB\-trustout\fR 4 .IX Item "-trustout" -Mark any certificate \s-1PEM\s0 output as certificate rather than ordinary. +Mark any certificate PEM output as certificate rather than ordinary. An ordinary or trusted certificate can be input but by default an ordinary certificate is output and any trust settings are discarded. With the \fB\-trustout\fR option a trusted certificate is output. A trusted certificate is automatically output if any trust settings are modified. .IP "\fB\-setalias\fR \fIarg\fR" 4 .IX Item "-setalias arg" -Sets the \*(L"alias\*(R" of the certificate. This will allow the certificate -to be referred to using a nickname for example \*(L"Steve's Certificate\*(R". -.IP "\fB\-clrtrust\fR" 4 +Sets the "alias" of the certificate. This will allow the certificate +to be referred to using a nickname for example "Steve\*(Aqs Certificate". +.IP \fB\-clrtrust\fR 4 .IX Item "-clrtrust" Clears all the permitted or trusted uses of the certificate. .IP "\fB\-addtrust\fR \fIarg\fR" 4 @@ -619,7 +544,7 @@ As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or enables all purposes when trusted. Other OpenSSL applications may define additional uses. -.IP "\fB\-clrreject\fR" 4 +.IP \fB\-clrreject\fR 4 .IX Item "-clrreject" Clears all the prohibited or rejected uses of the certificate. .IP "\fB\-addreject\fR \fIarg\fR" 4 @@ -630,10 +555,10 @@ .IX Subsection "Generic options" .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 .IX Item "-rand files, -writerand file" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for details. +See "Random State Options" in \fBopenssl\fR\|(1) for details. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" @@ -643,69 +568,69 @@ .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SS "Text Printing Flags" .IX Subsection "Text Printing Flags" As well as customising the name printing format, it is also possible to customise the actual fields printed using the \fBcertopt\fR option when the \fBtext\fR option is present. The default behaviour is to print all fields. -.IP "\fBcompatible\fR" 4 +.IP \fBcompatible\fR 4 .IX Item "compatible" Use the old format. This is equivalent to specifying no printing options at all. -.IP "\fBno_header\fR" 4 +.IP \fBno_header\fR 4 .IX Item "no_header" -Don't print header information: that is the lines saying \*(L"Certificate\*(R" -and \*(L"Data\*(R". -.IP "\fBno_version\fR" 4 +Don\*(Aqt print header information: that is the lines saying "Certificate" +and "Data". +.IP \fBno_version\fR 4 .IX Item "no_version" -Don't print out the version number. -.IP "\fBno_serial\fR" 4 +Don\*(Aqt print out the version number. +.IP \fBno_serial\fR 4 .IX Item "no_serial" -Don't print out the serial number. -.IP "\fBno_signame\fR" 4 +Don\*(Aqt print out the serial number. +.IP \fBno_signame\fR 4 .IX Item "no_signame" -Don't print out the signature algorithm used. -.IP "\fBno_validity\fR" 4 +Don\*(Aqt print out the signature algorithm used. +.IP \fBno_validity\fR 4 .IX Item "no_validity" -Don't print the validity, that is the \fBnotBefore\fR and \fBnotAfter\fR fields. -.IP "\fBno_subject\fR" 4 +Don\*(Aqt print the validity, that is the \fBnotBefore\fR and \fBnotAfter\fR fields. +.IP \fBno_subject\fR 4 .IX Item "no_subject" -Don't print out the subject name. -.IP "\fBno_issuer\fR" 4 +Don\*(Aqt print out the subject name. +.IP \fBno_issuer\fR 4 .IX Item "no_issuer" -Don't print out the issuer name. -.IP "\fBno_pubkey\fR" 4 +Don\*(Aqt print out the issuer name. +.IP \fBno_pubkey\fR 4 .IX Item "no_pubkey" -Don't print out the public key. -.IP "\fBno_sigdump\fR" 4 +Don\*(Aqt print out the public key. +.IP \fBno_sigdump\fR 4 .IX Item "no_sigdump" -Don't give a hexadecimal dump of the certificate signature. -.IP "\fBno_aux\fR" 4 +Don\*(Aqt give a hexadecimal dump of the certificate signature. +.IP \fBno_aux\fR 4 .IX Item "no_aux" -Don't print out certificate trust information. -.IP "\fBno_extensions\fR" 4 +Don\*(Aqt print out certificate trust information. +.IP \fBno_extensions\fR 4 .IX Item "no_extensions" -Don't print out any X509V3 extensions. -.IP "\fBext_default\fR" 4 +Don\*(Aqt print out any X509V3 extensions. +.IP \fBext_default\fR 4 .IX Item "ext_default" Retain default extension behaviour: attempt to print out unsupported certificate extensions. -.IP "\fBext_error\fR" 4 +.IP \fBext_error\fR 4 .IX Item "ext_error" Print an error message for unsupported certificate extensions. -.IP "\fBext_parse\fR" 4 +.IP \fBext_parse\fR 4 .IX Item "ext_parse" -\&\s-1ASN1\s0 parse unsupported extensions. -.IP "\fBext_dump\fR" 4 +ASN1 parse unsupported extensions. +.IP \fBext_dump\fR 4 .IX Item "ext_dump" Hex dump unsupported extensions. -.IP "\fBca_default\fR" 4 +.IP \fBca_default\fR 4 .IX Item "ca_default" The value used by \fBopenssl\-ca\fR\|(1), equivalent to \fBno_issuer\fR, \fBno_pubkey\fR, \&\fBno_header\fR, and \fBno_version\fR. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" -Note: in these examples the '\e' means the example should be all on one +Note: in these examples the \*(Aq\e\*(Aq means the example should be all on one line. .PP Print the contents of a certificate: @@ -714,7 +639,7 @@ \& openssl x509 \-in cert.pem \-noout \-text .Ve .PP -Print the \*(L"Subject Alternative Name\*(R" extension of a certificate: +Print the "Subject Alternative Name" extension of a certificate: .PP .Vb 1 \& openssl x509 \-in cert.pem \-noout \-ext subjectAltName @@ -738,26 +663,26 @@ \& openssl x509 \-in cert.pem \-noout \-subject .Ve .PP -Print the certificate subject name in \s-1RFC2253\s0 form: +Print the certificate subject name in RFC2253 form: .PP .Vb 1 \& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253 .Ve .PP Print the certificate subject name in oneline form on a terminal -supporting \s-1UTF8:\s0 +supporting UTF8: .PP .Vb 1 \& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb .Ve .PP -Print the certificate \s-1SHA1\s0 fingerprint: +Print the certificate SHA1 fingerprint: .PP .Vb 1 \& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint .Ve .PP -Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: +Convert a certificate from PEM to DER format: .PP .Vb 1 \& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER @@ -769,15 +694,15 @@ \& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-key key.pem .Ve .PP -Convert a certificate request into a self-signed certificate using -extensions for a \s-1CA:\s0 +Convert a certificate request into a self\-signed certificate using +extensions for a CA: .PP .Vb 2 \& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e \& \-key key.pem \-out cacert.pem .Ve .PP -Sign a certificate request using the \s-1CA\s0 certificate above and add user +Sign a certificate request using the CA certificate above and add user certificate extensions: .PP .Vb 2 @@ -785,24 +710,24 @@ \& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial .Ve .PP -Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to -\&\*(L"Steve's Class 1 \s-1CA\*(R"\s0 +Set a certificate to be trusted for SSL client use and change set its alias to +"Steve\*(Aqs Class 1 CA" .PP .Vb 2 \& openssl x509 \-in cert.pem \-addtrust clientAuth \e \& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -The conversion to \s-1UTF8\s0 format used with the name options assumes that -T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape -and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect +The conversion to UTF8 format used with the name options assumes that +T61Strings use the ISO8859\-1 character set. This is wrong but Netscape +and MSIE do this as do many certificates. So although this is incorrect it is more likely to print the majority of certificates correctly. .PP The \fB\-email\fR option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will not print the same address more than once. -.SH "BUGS" +.SH BUGS .IX Header "BUGS" It is possible to produce invalid certificates or requests by specifying the wrong private key, using unsuitable X.509 extensions, @@ -819,12 +744,12 @@ \&\fBopenssl\-gendsa\fR\|(1), \&\fBopenssl\-verify\fR\|(1), \&\fBx509v3_config\fR\|(5) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options -before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding +before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical -version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any directories using the old +version of the DN using SHA1. This means that any directories using the old form must have their links rebuilt using \fBopenssl\-rehash\fR\|(1) or similar. .PP The \fB\-signkey\fR option has been renamed to \fB\-key\fR in OpenSSL 3.0, @@ -833,11 +758,11 @@ The \fB\-engine\fR option was deprecated in OpenSSL 3.0. .PP The \fB\-C\fR option was removed in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/openssl.1.orig +++ secure/usr.bin/openssl/man/openssl.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,93 +53,34 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL 1ossl" -.TH OPENSSL 1ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH OPENSSL 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl \- OpenSSL command line program -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \&\fIcommand\fR [ \fIoptions\fR ... ] [ \fIparameters\fR ... ] .PP -\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIoptions\fR ] -.SH "DESCRIPTION" +\&\fBopenssl\fR \fBno\-\fR\fIXXX\fR [ \fIoptions\fR ] +.SH DESCRIPTION .IX Header "DESCRIPTION" -OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0 -v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related +OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL +v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. .PP The \fBopenssl\fR program is a command line program for using the various -cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. +cryptography functions of OpenSSL\*(Aqs \fBcrypto\fR library from the shell. It can be used for .PP .Vb 8 @@ -171,7 +96,7 @@ .SH "COMMAND SUMMARY" .IX Header "COMMAND SUMMARY" The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in -the \*(L"\s-1SYNOPSIS\*(R"\s0 above). +the "SYNOPSIS" above). Each command can have many options and argument parameters, shown above as \&\fIoptions\fR and \fIparameters\fR. .PP @@ -179,16 +104,16 @@ (e.g., \fBopenssl\-x509\fR\|(1)). The subcommand \fBopenssl\-list\fR\|(1) may be used to list subcommands. .PP -The command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the -specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it -returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 -and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and +The command \fBno\-\fR\fIXXX\fR tests whether a command of the +specified name is available. If no command named \fIXXX\fR exists, it +returns 0 (success) and prints \fBno\-\fR\fIXXX\fR; otherwise it returns 1 +and prints \fIXXX\fR. In both cases, the output goes to \fBstdout\fR and nothing is printed to \fBstderr\fR. Additional command line arguments are always ignored. Since for each cipher there is a command of the same name, this provides an easy way for shell scripts to test for the -availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is -not able to detect pseudo-commands such as \fBquit\fR, -\&\fBlist\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) +availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fIXXX\fR is +not able to detect pseudo\-commands such as \fBquit\fR, +\&\fBlist\fR, or \fBno\-\fR\fIXXX\fR itself.) .SS "Configuration Option" .IX Subsection "Configuration Option" Many commands use an external configuration file for some or all of their @@ -196,7 +121,7 @@ The default name of the file is \fIopenssl.cnf\fR in the default certificate storage area, which can be determined from the \fBopenssl\-version\fR\|(1) command using the \fB\-d\fR or \fB\-a\fR option. -The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be used to specify a different +The environment variable \fBOPENSSL_CONF\fR can be used to specify a different file location or to disable loading a configuration (using the empty string). .PP Among others, the configuration file can be used to load modules @@ -204,235 +129,235 @@ See \fBconfig\fR\|(5) for details. .SS "Standard Commands" .IX Subsection "Standard Commands" -.IP "\fBasn1parse\fR" 4 +.IP \fBasn1parse\fR 4 .IX Item "asn1parse" -Parse an \s-1ASN.1\s0 sequence. -.IP "\fBca\fR" 4 +Parse an ASN.1 sequence. +.IP \fBca\fR 4 .IX Item "ca" -Certificate Authority (\s-1CA\s0) Management. -.IP "\fBciphers\fR" 4 +Certificate Authority (CA) Management. +.IP \fBciphers\fR 4 .IX Item "ciphers" Cipher Suite Description Determination. -.IP "\fBcms\fR" 4 +.IP \fBcms\fR 4 .IX Item "cms" -\&\s-1CMS\s0 (Cryptographic Message Syntax) command. -.IP "\fBcrl\fR" 4 +CMS (Cryptographic Message Syntax) command. +.IP \fBcrl\fR 4 .IX Item "crl" -Certificate Revocation List (\s-1CRL\s0) Management. -.IP "\fBcrl2pkcs7\fR" 4 +Certificate Revocation List (CRL) Management. +.IP \fBcrl2pkcs7\fR 4 .IX Item "crl2pkcs7" -\&\s-1CRL\s0 to PKCS#7 Conversion. -.IP "\fBdgst\fR" 4 +CRL to PKCS#7 Conversion. +.IP \fBdgst\fR 4 .IX Item "dgst" -Message Digest calculation. \s-1MAC\s0 calculations are superseded by +Message Digest calculation. MAC calculations are superseded by \&\fBopenssl\-mac\fR\|(1). -.IP "\fBdhparam\fR" 4 +.IP \fBdhparam\fR 4 .IX Item "dhparam" -Generation and Management of Diffie-Hellman Parameters. Superseded by +Generation and Management of Diffie\-Hellman Parameters. Superseded by \&\fBopenssl\-genpkey\fR\|(1) and \fBopenssl\-pkeyparam\fR\|(1). -.IP "\fBdsa\fR" 4 +.IP \fBdsa\fR 4 .IX Item "dsa" -\&\s-1DSA\s0 Data Management. -.IP "\fBdsaparam\fR" 4 +DSA Data Management. +.IP \fBdsaparam\fR 4 .IX Item "dsaparam" -\&\s-1DSA\s0 Parameter Generation and Management. Superseded by +DSA Parameter Generation and Management. Superseded by \&\fBopenssl\-genpkey\fR\|(1) and \fBopenssl\-pkeyparam\fR\|(1). -.IP "\fBec\fR" 4 +.IP \fBec\fR 4 .IX Item "ec" -\&\s-1EC\s0 (Elliptic curve) key processing. -.IP "\fBecparam\fR" 4 +EC (Elliptic curve) key processing. +.IP \fBecparam\fR 4 .IX Item "ecparam" -\&\s-1EC\s0 parameter manipulation and generation. -.IP "\fBenc\fR" 4 +EC parameter manipulation and generation. +.IP \fBenc\fR 4 .IX Item "enc" Encryption, decryption, and encoding. -.IP "\fBengine\fR" 4 +.IP \fBengine\fR 4 .IX Item "engine" Engine (loadable module) information and manipulation. -.IP "\fBerrstr\fR" 4 +.IP \fBerrstr\fR 4 .IX Item "errstr" Error Number to Error String Conversion. -.IP "\fBfipsinstall\fR" 4 +.IP \fBfipsinstall\fR 4 .IX Item "fipsinstall" -\&\s-1FIPS\s0 configuration installation. -.IP "\fBgendsa\fR" 4 +FIPS configuration installation. +.IP \fBgendsa\fR 4 .IX Item "gendsa" -Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by +Generation of DSA Private Key from Parameters. Superseded by \&\fBopenssl\-genpkey\fR\|(1) and \fBopenssl\-pkey\fR\|(1). -.IP "\fBgenpkey\fR" 4 +.IP \fBgenpkey\fR 4 .IX Item "genpkey" Generation of Private Key or Parameters. -.IP "\fBgenrsa\fR" 4 +.IP \fBgenrsa\fR 4 .IX Item "genrsa" -Generation of \s-1RSA\s0 Private Key. Superseded by \fBopenssl\-genpkey\fR\|(1). -.IP "\fBhelp\fR" 4 +Generation of RSA Private Key. Superseded by \fBopenssl\-genpkey\fR\|(1). +.IP \fBhelp\fR 4 .IX Item "help" -Display information about a command's options. -.IP "\fBinfo\fR" 4 +Display information about a command\*(Aqs options. +.IP \fBinfo\fR 4 .IX Item "info" Display diverse information built into the OpenSSL libraries. -.IP "\fBkdf\fR" 4 +.IP \fBkdf\fR 4 .IX Item "kdf" Key Derivation Functions. -.IP "\fBlist\fR" 4 +.IP \fBlist\fR 4 .IX Item "list" List algorithms and features. -.IP "\fBmac\fR" 4 +.IP \fBmac\fR 4 .IX Item "mac" Message Authentication Code Calculation. -.IP "\fBnseq\fR" 4 +.IP \fBnseq\fR 4 .IX Item "nseq" Create or examine a Netscape certificate sequence. -.IP "\fBocsp\fR" 4 +.IP \fBocsp\fR 4 .IX Item "ocsp" Online Certificate Status Protocol command. -.IP "\fBpasswd\fR" 4 +.IP \fBpasswd\fR 4 .IX Item "passwd" Generation of hashed passwords. -.IP "\fBpkcs12\fR" 4 +.IP \fBpkcs12\fR 4 .IX Item "pkcs12" PKCS#12 Data Management. -.IP "\fBpkcs7\fR" 4 +.IP \fBpkcs7\fR 4 .IX Item "pkcs7" PKCS#7 Data Management. -.IP "\fBpkcs8\fR" 4 +.IP \fBpkcs8\fR 4 .IX Item "pkcs8" PKCS#8 format private key conversion command. -.IP "\fBpkey\fR" 4 +.IP \fBpkey\fR 4 .IX Item "pkey" Public and private key management. -.IP "\fBpkeyparam\fR" 4 +.IP \fBpkeyparam\fR 4 .IX Item "pkeyparam" Public key algorithm parameter management. -.IP "\fBpkeyutl\fR" 4 +.IP \fBpkeyutl\fR 4 .IX Item "pkeyutl" Public key algorithm cryptographic operation command. -.IP "\fBprime\fR" 4 +.IP \fBprime\fR 4 .IX Item "prime" Compute prime numbers. -.IP "\fBrand\fR" 4 +.IP \fBrand\fR 4 .IX Item "rand" -Generate pseudo-random bytes. -.IP "\fBrehash\fR" 4 +Generate pseudo\-random bytes. +.IP \fBrehash\fR 4 .IX Item "rehash" -Create symbolic links to certificate and \s-1CRL\s0 files named by the hash values. -.IP "\fBreq\fR" 4 +Create symbolic links to certificate and CRL files named by the hash values. +.IP \fBreq\fR 4 .IX Item "req" -PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management. -.IP "\fBrsa\fR" 4 +PKCS#10 X.509 Certificate Signing Request (CSR) Management. +.IP \fBrsa\fR 4 .IX Item "rsa" -\&\s-1RSA\s0 key management. -.IP "\fBrsautl\fR" 4 +RSA key management. +.IP \fBrsautl\fR 4 .IX Item "rsautl" -\&\s-1RSA\s0 command for signing, verification, encryption, and decryption. Superseded +RSA command for signing, verification, encryption, and decryption. Superseded by \fBopenssl\-pkeyutl\fR\|(1). -.IP "\fBs_client\fR" 4 +.IP \fBs_client\fR 4 .IX Item "s_client" -This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent -connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing +This implements a generic SSL/TLS client which can establish a transparent +connection to a remote server speaking SSL/TLS. It\*(Aqs intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL \fBssl\fR library. -.IP "\fBs_server\fR" 4 +.IP \fBs_server\fR 4 .IX Item "s_server" -This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote -clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides +This implements a generic SSL/TLS server which accepts connections from remote +clients speaking SSL/TLS. It\*(Aqs intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL \fBssl\fR library. It provides both an own command -line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response +line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLS\-aware webserver. -.IP "\fBs_time\fR" 4 +.IP \fBs_time\fR 4 .IX Item "s_time" -\&\s-1SSL\s0 Connection Timer. -.IP "\fBsess_id\fR" 4 +SSL Connection Timer. +.IP \fBsess_id\fR 4 .IX Item "sess_id" -\&\s-1SSL\s0 Session Data Management. -.IP "\fBsmime\fR" 4 +SSL Session Data Management. +.IP \fBsmime\fR 4 .IX Item "smime" S/MIME mail processing. -.IP "\fBspeed\fR" 4 +.IP \fBspeed\fR 4 .IX Item "speed" Algorithm Speed Measurement. -.IP "\fBspkac\fR" 4 +.IP \fBspkac\fR 4 .IX Item "spkac" -\&\s-1SPKAC\s0 printing and generating command. -.IP "\fBsrp\fR" 4 +SPKAC printing and generating command. +.IP \fBsrp\fR 4 .IX Item "srp" -Maintain \s-1SRP\s0 password file. This command is deprecated. -.IP "\fBstoreutl\fR" 4 +Maintain SRP password file. This command is deprecated. +.IP \fBstoreutl\fR 4 .IX Item "storeutl" Command to list and display certificates, keys, CRLs, etc. -.IP "\fBts\fR" 4 +.IP \fBts\fR 4 .IX Item "ts" Time Stamping Authority command. -.IP "\fBverify\fR" 4 +.IP \fBverify\fR 4 .IX Item "verify" X.509 Certificate Verification. See also the \fBopenssl\-verification\-options\fR\|(1) manual page. -.IP "\fBversion\fR" 4 +.IP \fBversion\fR 4 .IX Item "version" OpenSSL Version Information. -.IP "\fBx509\fR" 4 +.IP \fBx509\fR 4 .IX Item "x509" X.509 Certificate Data Management. .SS "Message Digest Commands" .IX Subsection "Message Digest Commands" -.IP "\fBblake2b512\fR" 4 +.IP \fBblake2b512\fR 4 .IX Item "blake2b512" BLAKE2b\-512 Digest -.IP "\fBblake2s256\fR" 4 +.IP \fBblake2s256\fR 4 .IX Item "blake2s256" BLAKE2s\-256 Digest -.IP "\fBmd2\fR" 4 +.IP \fBmd2\fR 4 .IX Item "md2" -\&\s-1MD2\s0 Digest -.IP "\fBmd4\fR" 4 +MD2 Digest +.IP \fBmd4\fR 4 .IX Item "md4" -\&\s-1MD4\s0 Digest -.IP "\fBmd5\fR" 4 +MD4 Digest +.IP \fBmd5\fR 4 .IX Item "md5" -\&\s-1MD5\s0 Digest -.IP "\fBmdc2\fR" 4 +MD5 Digest +.IP \fBmdc2\fR 4 .IX Item "mdc2" -\&\s-1MDC2\s0 Digest -.IP "\fBrmd160\fR" 4 +MDC2 Digest +.IP \fBrmd160\fR 4 .IX Item "rmd160" -\&\s-1RMD\-160\s0 Digest -.IP "\fBsha1\fR" 4 +RMD\-160 Digest +.IP \fBsha1\fR 4 .IX Item "sha1" -\&\s-1SHA\-1\s0 Digest -.IP "\fBsha224\fR" 4 +SHA\-1 Digest +.IP \fBsha224\fR 4 .IX Item "sha224" -\&\s-1SHA\-2 224\s0 Digest -.IP "\fBsha256\fR" 4 +SHA\-2 224 Digest +.IP \fBsha256\fR 4 .IX Item "sha256" -\&\s-1SHA\-2 256\s0 Digest -.IP "\fBsha384\fR" 4 +SHA\-2 256 Digest +.IP \fBsha384\fR 4 .IX Item "sha384" -\&\s-1SHA\-2 384\s0 Digest -.IP "\fBsha512\fR" 4 +SHA\-2 384 Digest +.IP \fBsha512\fR 4 .IX Item "sha512" -\&\s-1SHA\-2 512\s0 Digest -.IP "\fBsha3\-224\fR" 4 +SHA\-2 512 Digest +.IP \fBsha3\-224\fR 4 .IX Item "sha3-224" -\&\s-1SHA\-3 224\s0 Digest -.IP "\fBsha3\-256\fR" 4 +SHA\-3 224 Digest +.IP \fBsha3\-256\fR 4 .IX Item "sha3-256" -\&\s-1SHA\-3 256\s0 Digest -.IP "\fBsha3\-384\fR" 4 +SHA\-3 256 Digest +.IP \fBsha3\-384\fR 4 .IX Item "sha3-384" -\&\s-1SHA\-3 384\s0 Digest -.IP "\fBsha3\-512\fR" 4 +SHA\-3 384 Digest +.IP \fBsha3\-512\fR 4 .IX Item "sha3-512" -\&\s-1SHA\-3 512\s0 Digest -.IP "\fBshake128\fR" 4 +SHA\-3 512 Digest +.IP \fBshake128\fR 4 .IX Item "shake128" -\&\s-1SHA\-3 SHAKE128\s0 Digest -.IP "\fBshake256\fR" 4 +SHA\-3 SHAKE128 Digest +.IP \fBshake256\fR 4 .IX Item "shake256" -\&\s-1SHA\-3 SHAKE256\s0 Digest -.IP "\fBsm3\fR" 4 +SHA\-3 SHAKE256 Digest +.IP \fBsm3\fR 4 .IX Item "sm3" -\&\s-1SM3\s0 Digest +SM3 Digest .SS "Encryption, Decryption, and Encoding Commands" .IX Subsection "Encryption, Decryption, and Encoding Commands" The following aliases provide convenient access to the most used encodings @@ -442,13 +367,13 @@ here may be present. See \fBopenssl\-enc\fR\|(1) for more information. .IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4 .IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb" -\&\s-1AES\-128\s0 Cipher +AES\-128 Cipher .IP "\fBaes192\fR, \fBaes\-192\-cbc\fR, \fBaes\-192\-cfb\fR, \fBaes\-192\-ctr\fR, \fBaes\-192\-ecb\fR, \fBaes\-192\-ofb\fR" 4 .IX Item "aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb" -\&\s-1AES\-192\s0 Cipher +AES\-192 Cipher .IP "\fBaes256\fR, \fBaes\-256\-cbc\fR, \fBaes\-256\-cfb\fR, \fBaes\-256\-ctr\fR, \fBaes\-256\-ecb\fR, \fBaes\-256\-ofb\fR" 4 .IX Item "aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb" -\&\s-1AES\-256\s0 Cipher +AES\-256 Cipher .IP "\fBaria128\fR, \fBaria\-128\-cbc\fR, \fBaria\-128\-cfb\fR, \fBaria\-128\-ctr\fR, \fBaria\-128\-ecb\fR, \fBaria\-128\-ofb\fR" 4 .IX Item "aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb" Aria\-128 Cipher @@ -458,10 +383,10 @@ .IP "\fBaria256\fR, \fBaria\-256\-cbc\fR, \fBaria\-256\-cfb\fR, \fBaria\-256\-ctr\fR, \fBaria\-256\-ecb\fR, \fBaria\-256\-ofb\fR" 4 .IX Item "aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb" Aria\-256 Cipher -.IP "\fBbase64\fR" 4 +.IP \fBbase64\fR 4 .IX Item "base64" Base64 Encoding -.IP "\fBbf\fR, \fBbf-cbc\fR, \fBbf-cfb\fR, \fBbf-ecb\fR, \fBbf-ofb\fR" 4 +.IP "\fBbf\fR, \fBbf\-cbc\fR, \fBbf\-cfb\fR, \fBbf\-ecb\fR, \fBbf\-ofb\fR" 4 .IX Item "bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb" Blowfish Cipher .IP "\fBcamellia128\fR, \fBcamellia\-128\-cbc\fR, \fBcamellia\-128\-cfb\fR, \fBcamellia\-128\-ctr\fR, \fBcamellia\-128\-ecb\fR, \fBcamellia\-128\-ofb\fR" 4 @@ -473,50 +398,50 @@ .IP "\fBcamellia256\fR, \fBcamellia\-256\-cbc\fR, \fBcamellia\-256\-cfb\fR, \fBcamellia\-256\-ctr\fR, \fBcamellia\-256\-ecb\fR, \fBcamellia\-256\-ofb\fR" 4 .IX Item "camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb" Camellia\-256 Cipher -.IP "\fBcast\fR, \fBcast-cbc\fR" 4 +.IP "\fBcast\fR, \fBcast\-cbc\fR" 4 .IX Item "cast, cast-cbc" -\&\s-1CAST\s0 Cipher +CAST Cipher .IP "\fBcast5\-cbc\fR, \fBcast5\-cfb\fR, \fBcast5\-ecb\fR, \fBcast5\-ofb\fR" 4 .IX Item "cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb" -\&\s-1CAST5\s0 Cipher -.IP "\fBchacha20\fR" 4 +CAST5 Cipher +.IP \fBchacha20\fR 4 .IX Item "chacha20" Chacha20 Cipher -.IP "\fBdes\fR, \fBdes-cbc\fR, \fBdes-cfb\fR, \fBdes-ecb\fR, \fBdes-ede\fR, \fBdes-ede-cbc\fR, \fBdes-ede-cfb\fR, \fBdes-ede-ofb\fR, \fBdes-ofb\fR" 4 +.IP "\fBdes\fR, \fBdes\-cbc\fR, \fBdes\-cfb\fR, \fBdes\-ecb\fR, \fBdes\-ede\fR, \fBdes\-ede\-cbc\fR, \fBdes\-ede\-cfb\fR, \fBdes\-ede\-ofb\fR, \fBdes\-ofb\fR" 4 .IX Item "des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb" -\&\s-1DES\s0 Cipher +DES Cipher .IP "\fBdes3\fR, \fBdesx\fR, \fBdes\-ede3\fR, \fBdes\-ede3\-cbc\fR, \fBdes\-ede3\-cfb\fR, \fBdes\-ede3\-ofb\fR" 4 .IX Item "des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb" -Triple-DES Cipher -.IP "\fBidea\fR, \fBidea-cbc\fR, \fBidea-cfb\fR, \fBidea-ecb\fR, \fBidea-ofb\fR" 4 +Triple\-DES Cipher +.IP "\fBidea\fR, \fBidea\-cbc\fR, \fBidea\-cfb\fR, \fBidea\-ecb\fR, \fBidea\-ofb\fR" 4 .IX Item "idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb" -\&\s-1IDEA\s0 Cipher +IDEA Cipher .IP "\fBrc2\fR, \fBrc2\-cbc\fR, \fBrc2\-cfb\fR, \fBrc2\-ecb\fR, \fBrc2\-ofb\fR" 4 .IX Item "rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb" -\&\s-1RC2\s0 Cipher -.IP "\fBrc4\fR" 4 +RC2 Cipher +.IP \fBrc4\fR 4 .IX Item "rc4" -\&\s-1RC4\s0 Cipher +RC4 Cipher .IP "\fBrc5\fR, \fBrc5\-cbc\fR, \fBrc5\-cfb\fR, \fBrc5\-ecb\fR, \fBrc5\-ofb\fR" 4 .IX Item "rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb" -\&\s-1RC5\s0 Cipher -.IP "\fBseed\fR, \fBseed-cbc\fR, \fBseed-cfb\fR, \fBseed-ecb\fR, \fBseed-ofb\fR" 4 +RC5 Cipher +.IP "\fBseed\fR, \fBseed\-cbc\fR, \fBseed\-cfb\fR, \fBseed\-ecb\fR, \fBseed\-ofb\fR" 4 .IX Item "seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb" -\&\s-1SEED\s0 Cipher +SEED Cipher .IP "\fBsm4\fR, \fBsm4\-cbc\fR, \fBsm4\-cfb\fR, \fBsm4\-ctr\fR, \fBsm4\-ecb\fR, \fBsm4\-ofb\fR" 4 .IX Item "sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb" -\&\s-1SM4\s0 Cipher -.SH "OPTIONS" +SM4 Cipher +.SH OPTIONS .IX Header "OPTIONS" Details of which options are available depend on the specific command. This section describes some common options with common behavior. .SS "Common Options" .IX Subsection "Common Options" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Provides a terse summary of all options. -If an option takes an argument, the \*(L"type\*(R" of argument is also given. -.IP "\fB\-\-\fR" 4 +If an option takes an argument, the "type" of argument is also given. +.IP \fB\-\-\fR 4 .IX Item "--" This terminates the list of options. It is mostly useful if any filename parameters start with a minus sign: @@ -533,7 +458,7 @@ .SS "Random State Options" .IX Subsection "Random State Options" Prior to OpenSSL 1.1.1, it was common for applications to store information -about the state of the random-number generator in a file that was loaded +about the state of the random\-number generator in a file that was loaded at startup and rewritten upon exit. On modern operating systems, this is generally no longer necessary as OpenSSL will seed itself from a trusted entropy source provided by the operating system. These flags are still @@ -545,8 +470,8 @@ .IX Item "-rand files" A file or files containing random data used to seed the random number generator. -Multiple files can be specified separated by an OS-dependent character. -The separator is \f(CW\*(C`;\*(C'\fR for MS-Windows, \f(CW\*(C`,\*(C'\fR for OpenVMS, and \f(CW\*(C`:\*(C'\fR for +Multiple files can be specified separated by an OS\-dependent character. +The separator is \f(CW\*(C`;\*(C'\fR for MS\-Windows, \f(CW\*(C`,\*(C'\fR for OpenVMS, and \f(CW\*(C`:\*(C'\fR for all others. Another way to specify multiple files is to repeat this flag with different filenames. .IP "\fB\-writerand\fR \fIfile\fR" 4 @@ -559,21 +484,21 @@ .SS "Name Format Options" .IX Subsection "Name Format Options" See the \fBopenssl\-namedisplay\-options\fR\|(1) manual page. -.SS "\s-1TLS\s0 Version Options" +.SS "TLS Version Options" .IX Subsection "TLS Version Options" -Several commands use \s-1SSL, TLS,\s0 or \s-1DTLS.\s0 By default, the commands use \s-1TLS\s0 and +Several commands use SSL, TLS, or DTLS. By default, the commands use TLS and clients will offer the lowest and highest protocol version they support, and servers will pick the highest version that the client offers that is also supported by the server. .PP The options below can be used to limit which protocol versions are used, -and whether \s-1TCP\s0 (\s-1SSL\s0 and \s-1TLS\s0) or \s-1UDP\s0 (\s-1DTLS\s0) is used. +and whether TCP (SSL and TLS) or UDP (DTLS) is used. Note that not all protocols and flags may be available, depending on how OpenSSL was built. .IP "\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 .IX Item "-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" -These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. -When a specific \s-1TLS\s0 version is required, only that version will be offered or +These options require or disable the use of the specified SSL or TLS protocols. +When a specific TLS version is required, only that version will be offered or accepted. Only one specific protocol can be given and it cannot be combined with any of the \fBno_\fR options. @@ -581,9 +506,9 @@ \&\fBs_client\fR and \fBs_server\fR commands. .IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 .IX Item "-dtls, -dtls1, -dtls1_2" -These options specify to use \s-1DTLS\s0 instead of \s-1TLS.\s0 -With \fB\-dtls\fR, clients will negotiate any supported \s-1DTLS\s0 protocol version. -Use the \fB\-dtls1\fR or \fB\-dtls1_2\fR options to support only \s-1DTLS1.0\s0 or \s-1DTLS1.2,\s0 +These options specify to use DTLS instead of TLS. +With \fB\-dtls\fR, clients will negotiate any supported DTLS protocol version. +Use the \fB\-dtls1\fR or \fB\-dtls1_2\fR options to support only DTLS1.0 or DTLS1.2, respectively. .SS "Engine Options" .IX Subsection "Engine Options" @@ -591,8 +516,8 @@ .IX Item "-engine id" Load the engine identified by \fIid\fR and use all the methods it implements (algorithms, key storage, etc.), unless specified otherwise in the -command-specific documentation or it is configured to do so, as described in -\&\*(L"Engine Configuration\*(R" in \fBconfig\fR\|(5). +command\-specific documentation or it is configured to do so, as described in +"Engine Configuration" in \fBconfig\fR\|(5). .Sp The engine will be used for key ids specified with \fB\-key\fR and similar options when an option like \fB\-keyform engine\fR is given. @@ -604,8 +529,8 @@ Using the \f(CW\*(C`file:\*(C'\fR schema is optional; a plain file (path) name will do. .PP Options specifying keys, like \fB\-key\fR and similar, can use the generic -OpenSSL engine key loading \s-1URI\s0 scheme \f(CW\*(C`org.openssl.engine:\*(C'\fR to retrieve -private keys and public keys. The \s-1URI\s0 syntax is as follows, in simplified +OpenSSL engine key loading URI scheme \f(CW\*(C`org.openssl.engine:\*(C'\fR to retrieve +private keys and public keys. The URI syntax is as follows, in simplified form: .PP .Vb 1 @@ -613,19 +538,19 @@ .Ve .PP Where \f(CW\*(C`{engineid}\*(C'\fR is the identity/name of the engine, and \f(CW\*(C`{keyid}\*(C'\fR is a -key identifier that's acceptable by that engine. For example, when using an -engine that interfaces against a PKCS#11 implementation, the generic key \s-1URI\s0 +key identifier that\*(Aqs acceptable by that engine. For example, when using an +engine that interfaces against a PKCS#11 implementation, the generic key URI would be something like this (this happens to be an example for the PKCS#11 -engine that's part of OpenSC): +engine that\*(Aqs part of OpenSC): .PP .Vb 1 \& \-key org.openssl.engine:pkcs11:label_some\-private\-key .Ve .PP As a third possibility, for engines and providers that have implemented -their own \s-1\fBOSSL_STORE_LOADER\s0\fR\|(3), \f(CW\*(C`org.openssl.engine:\*(C'\fR should not be +their own \fBOSSL_STORE_LOADER\fR\|(3), \f(CW\*(C`org.openssl.engine:\*(C'\fR should not be necessary. For a PKCS#11 implementation that has implemented such a loader, -the PKCS#11 \s-1URI\s0 as defined in \s-1RFC 7512\s0 should be possible to use directly: +the PKCS#11 URI as defined in RFC 7512 should be possible to use directly: .PP .Vb 1 \& \-key pkcs11:object=some\-private\-key;pin\-value=1234 @@ -638,103 +563,36 @@ can be also a path to the provider module. In that case the provider name will be the specified path and not just the provider module name. Interpretation of relative paths is platform specific. The configured -\&\*(L"\s-1MODULESDIR\*(R"\s0 path, \fB\s-1OPENSSL_MODULES\s0\fR environment variable, or the path +"MODULESDIR" path, \fBOPENSSL_MODULES\fR environment variable, or the path specified by \fB\-provider\-path\fR is prepended to relative paths. See \fBprovider\fR\|(7) for a more detailed description. .IP "\fB\-provider\-path\fR \fIpath\fR" 4 .IX Item "-provider-path path" Specifies the search path that is to be used for looking for providers. -Equivalently, the \fB\s-1OPENSSL_MODULES\s0\fR environment variable may be set. +Equivalently, the \fBOPENSSL_MODULES\fR environment variable may be set. .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" Specifies the \fIproperty query clause\fR to be used when fetching algorithms from the loaded providers. See \fBproperty\fR\|(7) for a more detailed description. -.SH "ENVIRONMENT" +.SH ENVIRONMENT .IX Header "ENVIRONMENT" -The OpenSSL library can be take some configuration parameters from the -environment. Some of these variables are listed below. For information -about specific commands, see \fBopenssl\-engine\fR\|(1), -\&\fBopenssl\-rehash\fR\|(1), and \fBtsget\fR\|(1). +The OpenSSL libraries can take some configuration parameters from the +environment. +.PP +For information about all environment variables used by the OpenSSL libraries, +such as \fBOPENSSL_CONF\fR, \fBOPENSSL_MODULES\fR, and \fBOPENSSL_TRACE\fR, +see \fBopenssl\-env\fR\|(7). .PP For information about the use of environment variables in configuration, -see \*(L"\s-1ENVIRONMENT\*(R"\s0 in \fBconfig\fR\|(5). +see "ENVIRONMENT" in \fBconfig\fR\|(5). +.PP +For information about specific commands, see \fBopenssl\-engine\fR\|(1), +\&\fBopenssl\-rehash\fR\|(1), and \fBtsget\fR\|(1). .PP -For information about querying or specifying \s-1CPU\s0 architecture flags, see +For information about querying or specifying CPU architecture flags, see \&\fBOPENSSL_ia32cap\fR\|(3), and \fBOPENSSL_s390xcap\fR\|(3). .PP -For information about all environment variables used by the OpenSSL libraries, -see \fBopenssl\-env\fR\|(7). -.IP "\fBOPENSSL_TRACE=\fR\fIname\fR[,...]" 4 -.IX Item "OPENSSL_TRACE=name[,...]" -Enable tracing output of OpenSSL library, by name. -This output will only make sense if you know OpenSSL internals well. -Also, it might not give you any output at all, depending on how -OpenSSL was built. -.Sp -The value is a comma separated list of names, with the following -available: -.RS 4 -.IP "\fB\s-1TRACE\s0\fR" 4 -.IX Item "TRACE" -Traces the OpenSSL trace \s-1API\s0 itself. -.IP "\fB\s-1INIT\s0\fR" 4 -.IX Item "INIT" -Traces OpenSSL library initialization and cleanup. -.IP "\fB\s-1TLS\s0\fR" 4 -.IX Item "TLS" -Traces the \s-1TLS/SSL\s0 protocol. -.IP "\fB\s-1TLS_CIPHER\s0\fR" 4 -.IX Item "TLS_CIPHER" -Traces the ciphers used by the \s-1TLS/SSL\s0 protocol. -.IP "\fB\s-1CONF\s0\fR" 4 -.IX Item "CONF" -Show details about provider and engine configuration. -.IP "\fB\s-1ENGINE_TABLE\s0\fR" 4 -.IX Item "ENGINE_TABLE" -The function that is used by \s-1RSA, DSA\s0 (etc) code to select registered -ENGINEs, cache defaults and functional references (etc), will generate -debugging summaries. -.IP "\fB\s-1ENGINE_REF_COUNT\s0\fR" 4 -.IX Item "ENGINE_REF_COUNT" -Reference counts in the \s-1ENGINE\s0 structure will be monitored with a line -of generated for each change. -.IP "\fB\s-1PKCS5V2\s0\fR" 4 -.IX Item "PKCS5V2" -Traces PKCS#5 v2 key generation. -.IP "\fB\s-1PKCS12_KEYGEN\s0\fR" 4 -.IX Item "PKCS12_KEYGEN" -Traces PKCS#12 key generation. -.IP "\fB\s-1PKCS12_DECRYPT\s0\fR" 4 -.IX Item "PKCS12_DECRYPT" -Traces PKCS#12 decryption. -.IP "\fBX509V3_POLICY\fR" 4 -.IX Item "X509V3_POLICY" -Generates the complete policy tree at various points during X.509 v3 -policy evaluation. -.IP "\fB\s-1BN_CTX\s0\fR" 4 -.IX Item "BN_CTX" -Traces \s-1BIGNUM\s0 context operations. -.IP "\fB\s-1CMP\s0\fR" 4 -.IX Item "CMP" -Traces \s-1CMP\s0 client and server activity. -.IP "\fB\s-1STORE\s0\fR" 4 -.IX Item "STORE" -Traces \s-1STORE\s0 operations. -.IP "\fB\s-1DECODER\s0\fR" 4 -.IX Item "DECODER" -Traces decoder operations. -.IP "\fB\s-1ENCODER\s0\fR" 4 -.IX Item "ENCODER" -Traces encoder operations. -.IP "\fB\s-1REF_COUNT\s0\fR" 4 -.IX Item "REF_COUNT" -Traces decrementing certain \s-1ASN.1\s0 structure references. -.RE -.RS 4 -.RE -.SH "SEE ALSO" -.IX Header "SEE ALSO" \&\fBopenssl\-asn1parse\fR\|(1), \&\fBopenssl\-ca\fR\|(1), \&\fBopenssl\-ciphers\fR\|(1), @@ -789,9 +647,9 @@ \&\fBopenssl\-env\fR\|(7). \&\fBssl\fR\|(7), \&\fBx509v3_config\fR\|(5) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" -The \fBlist\fR \-\fI\s-1XXX\s0\fR\fB\-algorithms\fR options were added in OpenSSL 1.0.0; +The \fBlist\fR \-\fIXXX\fR\fB\-algorithms\fR options were added in OpenSSL 1.0.0; For notes on the availability of other commands, see their individual manual pages. .PP @@ -804,11 +662,11 @@ The interactive mode, which could be invoked by running \f(CW\*(C`openssl\*(C'\fR with no further arguments, was removed in OpenSSL 3.0, and running that program with no arguments is now equivalent to \f(CW\*(C`openssl help\*(C'\fR. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- secure/usr.bin/openssl/man/tsget.1.orig +++ secure/usr.bin/openssl/man/tsget.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -69,78 +53,19 @@ .\} .rr rF .\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "TSGET 1ossl" -.TH TSGET 1ossl "2023-09-19" "3.0.11" "OpenSSL" +.TH TSGET 1ossl 2026-04-07 3.0.20 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME tsget \- Time Stamping HTTP/HTTPS client -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBtsget\fR \&\fB\-h\fR \fIserver_url\fR @@ -156,16 +81,16 @@ [\fB\-r\fR \fIfiles\fR] [\fB\-g\fR \fIEGD_socket\fR] [\fIrequest\fR ...] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command can be used for sending a timestamp request, as specified -in \s-1RFC 3161,\s0 to a timestamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing the +in RFC 3161, to a timestamp server over HTTP or HTTPS and storing the timestamp response in a file. It cannot be used for creating the requests and verifying responses, you have to use \fBopenssl\-ts\fR\|(1) to do that. This -command can send several requests to the server without closing the \s-1TCP\s0 +command can send several requests to the server without closing the TCP connection if more than one requests are specified on the command line. .PP -This command sends the following \s-1HTTP\s0 request for each timestamp request: +This command sends the following HTTP request for each timestamp request: .PP .Vb 7 \& POST url HTTP/1.1 @@ -181,11 +106,11 @@ .PP It expects a response of type application/timestamp\-reply, which is written to a file without any interpretation. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" .IP "\fB\-h\fR \fIserver_url\fR" 4 .IX Item "-h server_url" -The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for timestamp requests. +The URL of the HTTP/HTTPS server listening for timestamp requests. .IP "\fB\-e\fR \fIextension\fR" 4 .IX Item "-e extension" If the \fB\-o\fR option is not given this argument specifies the extension of the @@ -194,77 +119,77 @@ .IP "\fB\-o\fR \fIoutput\fR" 4 .IX Item "-o output" This option can be specified only when just one request is sent to the -server. The timestamp response will be written to the given output file. '\-' +server. The timestamp response will be written to the given output file. \*(Aq\-\*(Aq means standard output. In case of multiple timestamp requests or the absence of this argument the names of the output files will be derived from the names of the input files and the default or specified extension argument. (Optional) -.IP "\fB\-v\fR" 4 +.IP \fB\-v\fR 4 .IX Item "-v" The name of the currently processed request is printed on standard error. (Optional) -.IP "\fB\-d\fR" 4 +.IP \fB\-d\fR 4 .IX Item "-d" Switches on verbose mode for the underlying perl module WWW::Curl::Easy. You can see detailed debug messages for the connection. (Optional) .IP "\fB\-k\fR \fIprivate_key.pem\fR" 4 .IX Item "-k private_key.pem" -(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 +(HTTPS) In case of certificate\-based client authentication over HTTPS \&\fIprivate_key.pem\fR must contain the private key of the user. The private key file can optionally be protected by a passphrase. The \fB\-c\fR option must also be specified. (Optional) .IP "\fB\-p\fR \fIkey_password\fR" 4 .IX Item "-p key_password" -(\s-1HTTPS\s0) Specifies the passphrase for the private key specified by the \fB\-k\fR +(HTTPS) Specifies the passphrase for the private key specified by the \fB\-k\fR argument. If this option is omitted and the key is passphrase protected, it will be prompted for. (Optional) .IP "\fB\-c\fR \fIclient_cert.pem\fR" 4 .IX Item "-c client_cert.pem" -(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 +(HTTPS) In case of certificate\-based client authentication over HTTPS \&\fIclient_cert.pem\fR must contain the X.509 certificate of the user. The \fB\-k\fR option must also be specified. If this option is not specified no -certificate-based client authentication will take place. (Optional) +certificate\-based client authentication will take place. (Optional) .IP "\fB\-C\fR \fICA_certs.pem\fR" 4 .IX Item "-C CA_certs.pem" -(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's -certificate must include one of the \s-1CA\s0 certificates specified in this file. -Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS.\s0 (Optional) +(HTTPS) The trusted CA certificate store. The certificate chain of the peer\*(Aqs +certificate must include one of the CA certificates specified in this file. +Either option \fB\-C\fR or option \fB\-P\fR must be given in case of HTTPS. (Optional) .IP "\fB\-P\fR \fICA_path\fR" 4 .IX Item "-P CA_path" -(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's +(HTTPS) The path containing the trusted CA certificates to verify the peer\*(Aqs certificate. The directory must be prepared with \fBopenssl\-rehash\fR\|(1). Either -option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS.\s0 (Optional) +option \fB\-C\fR or option \fB\-P\fR must be given in case of HTTPS. (Optional) .IP "\fB\-r\fR \fIfiles\fR" 4 .IX Item "-r files" -See \*(L"Random State Options\*(R" in \fBopenssl\fR\|(1) for more information. +See "Random State Options" in \fBopenssl\fR\|(1) for more information. .IP "\fB\-g\fR \fIEGD_socket\fR" 4 .IX Item "-g EGD_socket" -The name of an \s-1EGD\s0 socket to get random data from. (Optional) +The name of an EGD socket to get random data from. (Optional) .IP "\fIrequest\fR ..." 4 .IX Item "request ..." -List of files containing \s-1RFC 3161\s0 DER-encoded timestamp requests. If no +List of files containing RFC 3161 DER\-encoded timestamp requests. If no requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional) .SH "ENVIRONMENT VARIABLES" .IX Header "ENVIRONMENT VARIABLES" -The \fB\s-1TSGET\s0\fR environment variable can optionally contain default +The \fBTSGET\fR environment variable can optionally contain default arguments. The content of this variable is added to the list of command line arguments. -.SH "EXAMPLES" +.SH EXAMPLES .IX Header "EXAMPLES" The examples below presume that \fIfile1.tsq\fR and \fIfile2.tsq\fR contain valid -timestamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests -and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa +timestamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests +and at port 8443 for HTTPS requests, the TSA service is available at the /tsa absolute path. .PP -Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTP,\s0 output is written to +Get a timestamp response for \fIfile1.tsq\fR over HTTP, output is written to \&\fIfile1.tsr\fR: .PP .Vb 1 \& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq .Ve .PP -Get a timestamp response for \fIfile1.tsq\fR and \fIfile2.tsq\fR over \s-1HTTP\s0 showing +Get a timestamp response for \fIfile1.tsq\fR and \fIfile2.tsq\fR over HTTP showing progress, output is written to \fIfile1.reply\fR and \fIfile2.reply\fR respectively: .PP .Vb 2 @@ -281,7 +206,7 @@ \& \-o file3.tsr .Ve .PP -Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTPS\s0 without client +Get a timestamp response for \fIfile1.tsq\fR over HTTPS without client authentication: .PP .Vb 2 @@ -289,7 +214,7 @@ \& \-C cacerts.pem file1.tsq .Ve .PP -Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTPS\s0 with certificate-based +Get a timestamp response for \fIfile1.tsq\fR over HTTPS with certificate\-based client authentication (it will ask for the passphrase if \fIclient_key.pem\fR is protected): .PP @@ -298,7 +223,7 @@ \& \-k client_key.pem \-c client_cert.pem file1.tsq .Ve .PP -You can shorten the previous command line if you make use of the \fB\s-1TSGET\s0\fR +You can shorten the previous command line if you make use of the \fBTSGET\fR environment variable. The following commands do the same as the previous example: .PP @@ -314,11 +239,11 @@ \&\fBopenssl\-ts\fR\|(1), WWW::Curl::Easy, -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at . --- sys/crypto/openssl/aarch64/aesv8-armx.S.orig +++ sys/crypto/openssl/aarch64/aesv8-armx.S @@ -3116,7 +3116,7 @@ cbnz x2,.Lxts_dec_1st_done ld1 {v0.16b},[x0],#16 - // Decrypt the last secod block to get the last plain text block + // Decrypt the last second block to get the last plain text block .Lxts_dec_1st_done: eor v26.16b,v0.16b,v8.16b ldr w6,[x3,#240] --- sys/crypto/openssl/arm_arch.h.orig +++ sys/crypto/openssl/arm_arch.h @@ -8,76 +8,69 @@ */ #ifndef OSSL_CRYPTO_ARM_ARCH_H -# define OSSL_CRYPTO_ARM_ARCH_H - -# if !defined(__ARM_ARCH__) -# if defined(__CC_ARM) -# define __ARM_ARCH__ __TARGET_ARCH_ARM -# if defined(__BIG_ENDIAN) -# define __ARMEB__ -# else -# define __ARMEL__ -# endif -# elif defined(__GNUC__) -# if defined(__aarch64__) -# define __ARM_ARCH__ 8 - /* - * Why doesn't gcc define __ARM_ARCH__? Instead it defines - * bunch of below macros. See all_architectures[] table in - * gcc/config/arm/arm.c. On a side note it defines - * __ARMEL__/__ARMEB__ for little-/big-endian. - */ -# elif defined(__ARM_ARCH) -# define __ARM_ARCH__ __ARM_ARCH -# elif defined(__ARM_ARCH_8A__) -# define __ARM_ARCH__ 8 -# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ - defined(__ARM_ARCH_7EM__) -# define __ARM_ARCH__ 7 -# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ - defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ - defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ - defined(__ARM_ARCH_6T2__) -# define __ARM_ARCH__ 6 -# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ - defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ - defined(__ARM_ARCH_5TEJ__) -# define __ARM_ARCH__ 5 -# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) -# define __ARM_ARCH__ 4 -# else -# error "unsupported ARM architecture" -# endif -# endif -# endif +#define OSSL_CRYPTO_ARM_ARCH_H + +#if !defined(__ARM_ARCH__) +#if defined(__CC_ARM) +#define __ARM_ARCH__ __TARGET_ARCH_ARM +#if defined(__BIG_ENDIAN) +#define __ARMEB__ +#else +#define __ARMEL__ +#endif +#elif defined(__GNUC__) +#if defined(__aarch64__) +#define __ARM_ARCH__ 8 +/* + * Why doesn't gcc define __ARM_ARCH__? Instead it defines + * bunch of below macros. See all_architectures[] table in + * gcc/config/arm/arm.c. On a side note it defines + * __ARMEL__/__ARMEB__ for little-/big-endian. + */ +#elif defined(__ARM_ARCH) +#define __ARM_ARCH__ __ARM_ARCH +#elif defined(__ARM_ARCH_8A__) +#define __ARM_ARCH__ 8 +#elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7EM__) +#define __ARM_ARCH__ 7 +#elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6M__) || defined(__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__) +#define __ARM_ARCH__ 6 +#elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || defined(__ARM_ARCH_5E__) || defined(__ARM_ARCH_5TE__) || defined(__ARM_ARCH_5TEJ__) +#define __ARM_ARCH__ 5 +#elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) +#define __ARM_ARCH__ 4 +#else +#error "unsupported ARM architecture" +#endif +#endif +#endif -# if !defined(__ARM_MAX_ARCH__) -# define __ARM_MAX_ARCH__ __ARM_ARCH__ -# endif +#if !defined(__ARM_MAX_ARCH__) +#define __ARM_MAX_ARCH__ __ARM_ARCH__ +#endif -# if __ARM_MAX_ARCH__<__ARM_ARCH__ -# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" -# elif __ARM_MAX_ARCH__!=__ARM_ARCH__ -# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__) -# error "can't build universal big-endian binary" -# endif -# endif +#if __ARM_MAX_ARCH__ < __ARM_ARCH__ +#error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" +#elif __ARM_MAX_ARCH__ != __ARM_ARCH__ +#if __ARM_ARCH__ < 7 && __ARM_MAX_ARCH__ >= 7 && defined(__ARMEB__) +#error "can't build universal big-endian binary" +#endif +#endif -# ifndef __ASSEMBLER__ +#ifndef __ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; extern unsigned int OPENSSL_arm_midr; extern unsigned int OPENSSL_armv8_rsa_neonized; -# endif +#endif -# define ARMV7_NEON (1<<0) -# define ARMV7_TICK (1<<1) -# define ARMV8_AES (1<<2) -# define ARMV8_SHA1 (1<<3) -# define ARMV8_SHA256 (1<<4) -# define ARMV8_PMULL (1<<5) -# define ARMV8_SHA512 (1<<6) -# define ARMV8_CPUID (1<<7) +#define ARMV7_NEON (1 << 0) +#define ARMV7_TICK (1 << 1) +#define ARMV8_AES (1 << 2) +#define ARMV8_SHA1 (1 << 3) +#define ARMV8_SHA256 (1 << 4) +#define ARMV8_PMULL (1 << 5) +#define ARMV8_SHA512 (1 << 6) +#define ARMV8_CPUID (1 << 7) /* * MIDR_EL1 system register @@ -89,38 +82,34 @@ * */ -# define ARM_CPU_IMP_ARM 0x41 +#define ARM_CPU_IMP_ARM 0x41 -# define ARM_CPU_PART_CORTEX_A72 0xD08 -# define ARM_CPU_PART_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A72 0xD08 +#define ARM_CPU_PART_N1 0xD0C -# define MIDR_PARTNUM_SHIFT 4 -# define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) -# define MIDR_PARTNUM(midr) \ - (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) +#define MIDR_PARTNUM_SHIFT 4 +#define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) +#define MIDR_PARTNUM(midr) \ + (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) -# define MIDR_IMPLEMENTER_SHIFT 24 -# define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) -# define MIDR_IMPLEMENTER(midr) \ - (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) +#define MIDR_IMPLEMENTER_SHIFT 24 +#define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) +#define MIDR_IMPLEMENTER(midr) \ + (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) -# define MIDR_ARCHITECTURE_SHIFT 16 -# define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) -# define MIDR_ARCHITECTURE(midr) \ - (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) +#define MIDR_ARCHITECTURE_SHIFT 16 +#define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) +#define MIDR_ARCHITECTURE(midr) \ + (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) -# define MIDR_CPU_MODEL_MASK \ - (MIDR_IMPLEMENTER_MASK | \ - MIDR_PARTNUM_MASK | \ - MIDR_ARCHITECTURE_MASK) +#define MIDR_CPU_MODEL_MASK \ + (MIDR_IMPLEMENTER_MASK | MIDR_PARTNUM_MASK | MIDR_ARCHITECTURE_MASK) -# define MIDR_CPU_MODEL(imp, partnum) \ - (((imp) << MIDR_IMPLEMENTER_SHIFT) | \ - (0xfU << MIDR_ARCHITECTURE_SHIFT) | \ - ((partnum) << MIDR_PARTNUM_SHIFT)) +#define MIDR_CPU_MODEL(imp, partnum) \ + (((imp) << MIDR_IMPLEMENTER_SHIFT) | (0xfU << MIDR_ARCHITECTURE_SHIFT) | ((partnum) << MIDR_PARTNUM_SHIFT)) -# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ - (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum)) +#define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ + (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum)) #if defined(__ASSEMBLER__)